From 64f30b0cbb6cc6a6433ab02055730cdd0450eec7 Mon Sep 17 00:00:00 2001 From: flashwave Date: Tue, 23 Jan 2018 20:10:16 +0100 Subject: [PATCH] Some security (through obscurity, sorta) measures. --- src/Controllers/AuthController.php | 29 ++++++++++++++++++-- views/nova/auth/register.twig | 44 +++++++++++++++++++++--------- 2 files changed, 57 insertions(+), 16 deletions(-) diff --git a/src/Controllers/AuthController.php b/src/Controllers/AuthController.php index 9f08d1a6..1ef8337e 100644 --- a/src/Controllers/AuthController.php +++ b/src/Controllers/AuthController.php @@ -48,19 +48,42 @@ class AuthController extends Controller return ['error' => 'You are now logged in!', 'next' => '/']; } - public function register() + private function hasRegistrations(?string $ipAddr = null): bool { - if (!flashii_is_ready()) { - return "not yet!"; + $ipAddr = IP::unpack($ipAddr ?? IP::remote()); + + if (User::where('register_ip', $ipAddr)->orWhere('last_ip', $ipAddr)->count()) { + return true; } + return false; + } + + public function register() + { if ($_SERVER['REQUEST_METHOD'] === 'GET') { $app = Application::getInstance(); $twig = $app->templating; + $twig->vars([ + 'has_registrations' => $this->hasRegistrations(), + ]); return $twig->render('auth.register'); } + if (!flashii_is_ready()) { + return [ + 'error' => "Nice try, but you'll have to wait a little longer. I appreciate your excitement though!" + ]; + } + + if ($this->hasRegistrations()) { + return [ + 'error' => "Someone already used an account from this IP address!\r\n" + . "But don't worry, this is a temporary measure and you'll be able to register sometime soon." + ]; + } + if (!isset($_POST['username'], $_POST['password'], $_POST['email'])) { return ['error' => "You didn't fill all the forms!"]; } diff --git a/views/nova/auth/register.twig b/views/nova/auth/register.twig index 8daf4d17..78eafa35 100644 --- a/views/nova/auth/register.twig +++ b/views/nova/auth/register.twig @@ -3,23 +3,41 @@ {% set banner_classes = 'banner--large landing__banner' %} {% block banner_content %} -

Welcome, thanks for dropping by!

+

+ {% if has_registrations %} + Your IP address already has an account! + {% elseif not flashii_is_ready() %} + You'll have to wait a little longer! + {% else %} + Welcome, thanks for dropping by! + {% endif %} +

{% endblock %} {% block content %} -
-
- + {% if has_registrations %} +
+

As a temporary security measure we only allow one account per IP address, this will definitely be changed in the future but for now; sorry for the possible inconvenience!

-
- + {% elseif not flashii_is_ready() %} +
+

You'll be able to register once the countdown on the landing page runs out!

-
- + {% else %} +
+
+ +
+
+ +
+
+ +
+
+ +
-
- -
-
- {{ parent() }} + {{ parent() }} + {% endif %} {% endblock %}