This allows for specifying a list of IP addresses that will no longer be able to register new accounts and login. The list of banned IP addresses can be configured in "web/lib/config.inc.php". Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de> --- web/lib/acctfuncs.inc.php | 24 +++++++++++++++++++++--- web/lib/config.inc.php.proto | 3 +++ 2 files changed, 24 insertions(+), 3 deletions(-) diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php index aabb096..c202f47 100644 --- a/web/lib/acctfuncs.inc.php +++ b/web/lib/acctfuncs.inc.php @@ -91,7 +91,17 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", $P="",$C="",$R="",$L="",$I="",$K="",$UID=0) { # error check and process request for a new/modified account - global $SUPPORTED_LANGS, $AUR_LOCATION; + global $SUPPORTED_LANGS, $AUR_LOCATION, $BANNED_IPS; + + $error = ""; + + if (in_array($_SERVER['REMOTE_ADDR'], $BANNED_IPS)) { + $error = __('The login form is currently ' . + 'disabled for your IP address, probably due ' . + 'to sustained spam attacks. Sorry for the ' . + 'inconvenience -- we hope to be back up ' . + 'soon.'); + } $dbh = DB::connect(); @@ -102,7 +112,6 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", $editor_user = null; } - $error = ""; if (empty($E) || empty($U)) { $error = __("Missing a required field."); } @@ -393,13 +402,22 @@ function search_results_page($UTYPE,$O=0,$SB="",$U="",$T="", * @return array Session ID for user, error message if applicable */ function try_login() { - global $MAX_SESSIONS_PER_USER, $PERSISTENT_COOKIE_TIMEOUT; + global $MAX_SESSIONS_PER_USER, $PERSISTENT_COOKIE_TIMEOUT, $BANNED_IPS; $login_error = ""; $new_sid = ""; $userID = null; if ( isset($_REQUEST['user']) || isset($_REQUEST['passwd']) ) { + if (in_array($_SERVER['REMOTE_ADDR'], $BANNED_IPS)) { + $login_error = __('The login form is currently ' . + 'disabled for your IP address, probably due ' . + 'to sustained spam attacks. Sorry for the ' . + 'inconvenience -- we hope to be back up ' . + 'soon.'); + return array('SID' => '', 'error' => $login_error); + } + $dbh = DB::connect(); $userID = valid_user($_REQUEST['user']); diff --git a/web/lib/config.inc.php.proto b/web/lib/config.inc.php.proto index 1fe7dbc..0422ac5 100644 --- a/web/lib/config.inc.php.proto +++ b/web/lib/config.inc.php.proto @@ -59,3 +59,6 @@ $USE_VIRTUAL_URLS = true; # Maximum number of package results to return through an RPC connection. # Avoid setting this too high and having a PHP too much memory error. $MAX_RPC_RESULTS = 5000; + +# Prevent a list of remote addresses from logging in and creating new accounts. +$BANNED_IPS = array(); -- 1.8.2.480.g556678c