[aur-dev] [PATCH] Add an IP ban list

[Lukas Fleischer]

This allows for specifying a list of IP addresses that will no longer be
able to register new accounts and login. The list of banned IP addresses
can be configured in "web/lib/config.inc.php".

Signed-off-by: Lukas Fleischer <archlinux at cryptocrack.de>
---
 web/lib/acctfuncs.inc.php    | 24 +++++++++++++++++++++---
 web/lib/config.inc.php.proto |  3 +++
 2 files changed, 24 insertions(+), 3 deletions(-)

diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php
index aabb096..c202f47 100644
--- a/web/lib/acctfuncs.inc.php
+++ b/web/lib/acctfuncs.inc.php
@@ -91,7 +91,17 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
 			$P="",$C="",$R="",$L="",$I="",$K="",$UID=0) {
 
 	# error check and process request for a new/modified account
-	global $SUPPORTED_LANGS, $AUR_LOCATION;
+	global $SUPPORTED_LANGS, $AUR_LOCATION, $BANNED_IPS;
+
+	$error = "";
+
+	if (in_array($_SERVER['REMOTE_ADDR'], $BANNED_IPS)) {
+		$error = __('The login form is currently ' .
+			'disabled for your IP address, probably due ' .
+			'to sustained spam attacks. Sorry for the ' .
+			'inconvenience -- we hope to be back up ' .
+			'soon.');
+	}
 
 	$dbh = DB::connect();
 
@@ -102,7 +112,6 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
 		$editor_user = null;
 	}
 
-	$error = "";
 	if (empty($E) || empty($U)) {
 		$error = __("Missing a required field.");
 	}
@@ -393,13 +402,22 @@ function search_results_page($UTYPE,$O=0,$SB="",$U="",$T="",
  * @return array Session ID for user, error message if applicable
  */
 function try_login() {
-	global $MAX_SESSIONS_PER_USER, $PERSISTENT_COOKIE_TIMEOUT;
+	global $MAX_SESSIONS_PER_USER, $PERSISTENT_COOKIE_TIMEOUT, $BANNED_IPS;
 
 	$login_error = "";
 	$new_sid = "";
 	$userID = null;
 
 	if ( isset($_REQUEST['user']) || isset($_REQUEST['passwd']) ) {
+		if (in_array($_SERVER['REMOTE_ADDR'], $BANNED_IPS)) {
+			$login_error = __('The login form is currently ' .
+				'disabled for your IP address, probably due ' .
+				'to sustained spam attacks. Sorry for the ' .
+				'inconvenience -- we hope to be back up ' .
+				'soon.');
+			return array('SID' => '', 'error' => $login_error);
+		}
+
 		$dbh = DB::connect();
 		$userID = valid_user($_REQUEST['user']);
 
diff --git a/web/lib/config.inc.php.proto b/web/lib/config.inc.php.proto
index 1fe7dbc..0422ac5 100644
--- a/web/lib/config.inc.php.proto
+++ b/web/lib/config.inc.php.proto
@@ -59,3 +59,6 @@ $USE_VIRTUAL_URLS = true;
 # Maximum number of package results to return through an RPC connection.
 # Avoid setting this too high and having a PHP too much memory error.
 $MAX_RPC_RESULTS = 5000;
+
+# Prevent a list of remote addresses from logging in and creating new accounts.
+$BANNED_IPS = array();
-- 
1.8.2.480.g556678c