Navigation

← Previous Changeset
Next Changeset →

Changeset 336

Timestamp:

02/28/06 18:21:41 (2 years ago)

Author:

Rickard

Message:

Added an IP flood check to the registering process to prevent DoS attacks.

Files:

trunk/upload/register.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

trunk/upload/register.php

r236	r336
80	80	else if (isset($_POST['form_sent']))
81	81	{
	82	// Check that someone from this IP didn't register a user within the last hour (DoS prevention)
	83	$result = $db->query('SELECT 1 FROM '.$db->prefix.'users WHERE registration_ip=\''.get_remote_address().'\' AND registered>'.(time() - 3600)) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
	84
	85	if ($db->num_rows($result))
	86	message('A new user was registered with the same IP address as you within the last hour. To prevent registration flooding, at least an hour has to pass between registrations from the same IP. Sorry for the inconvenience.');
	87
	88
82	89	$username = pun_trim($_POST['req_username']);
83	90	$email1 = strtolower(trim($_POST['req_email1']));

Download in other formats: