flashii/misuzu
flashii/misuzu
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Some security (through obscurity, sorta) measures.

Browse source
This commit is contained in:
flash 2018-01-23 20:10:16 +01:00
parent 7d74ebea27
commit 64f30b0cbb
2 changed files with 57 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
src/Controllers/AuthController.php
View file

@ -48,19 +48,42 @@ class AuthController extends Controller
return ['error' => 'You are now logged in!', 'next' => '/']; return ['error' => 'You are now logged in!', 'next' => '/'];
} }
public function register() private function hasRegistrations(?string $ipAddr = null): bool
{ {
if (!flashii_is_ready()) { $ipAddr = IP::unpack($ipAddr ?? IP::remote());
return "not yet!";
if (User::where('register_ip', $ipAddr)->orWhere('last_ip', $ipAddr)->count()) {
return true;
} }
return false;
}
public function register()
{
if ($_SERVER['REQUEST_METHOD'] === 'GET') { if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$app = Application::getInstance(); $app = Application::getInstance();
$twig = $app->templating; $twig = $app->templating;
$twig->vars([
'has_registrations' => $this->hasRegistrations(),
]);
return $twig->render('auth.register'); return $twig->render('auth.register');
} }
if (!flashii_is_ready()) {
return [
'error' => "Nice try, but you'll have to wait a little longer. I appreciate your excitement though!"
];
}
if ($this->hasRegistrations()) {
return [
'error' => "Someone already used an account from this IP address!\r\n"
. "But don't worry, this is a temporary measure and you'll be able to register sometime soon."
];
}
if (!isset($_POST['username'], $_POST['password'], $_POST['email'])) { if (!isset($_POST['username'], $_POST['password'], $_POST['email'])) {
return ['error' => "You didn't fill all the forms!"]; return ['error' => "You didn't fill all the forms!"];
} }

44
views/nova/auth/register.twig
View file

@ -3,23 +3,41 @@
{% set banner_classes = 'banner--large landing__banner' %} {% set banner_classes = 'banner--large landing__banner' %}
{% block banner_content %} {% block banner_content %}
<h1 style="align-self: center; text-align: left; flex-grow: 1; padding-left: 2em">Welcome, thanks for dropping by!</h1> <h1 style="align-self: center; text-align: left; flex-grow: 1; padding-left: 2em">
{% if has_registrations %}
Your IP address already has an account!
{% elseif not flashii_is_ready() %}
You'll have to wait a little longer!
{% else %}
Welcome, thanks for dropping by!
{% endif %}
</h1>
{% endblock %} {% endblock %}
{% block content %} {% block content %}
<div class="platform form" id="auth-form"> {% if has_registrations %}
<div> <div class="platform" style="text-align: left;">
<input class="form__text" type="text" name="username" placeholder="Username"> <p>As a temporary security measure we only allow one account per IP address, this will definitely be changed in the future but for now; sorry for the possible inconvenience!</p>
</div> </div>
<div> {% elseif not flashii_is_ready() %}
<input class="form__text" type="password" name="password" placeholder="Password"> <div class="platform" style="text-align: left;">
<p>You'll be able to register once the countdown on the landing page runs out!</p>
</div> </div>
<div> {% else %}
<input class="form__text" type="text" name="email" placeholder="E-mail"> <div class="platform form" id="auth-form">
<div>
<input class="form__text" type="text" name="username" placeholder="Username">
</div>
<div>
<input class="form__text" type="password" name="password" placeholder="Password">
</div>
<div>
<input class="form__text" type="text" name="email" placeholder="E-mail">
</div>
<div>
<button class="button">Create your account!</button>
</div>
</div> </div>
<div> {{ parent() }}
<button class="button">Create your account!</button> {% endif %}
</div>
</div>
{{ parent() }}
{% endblock %} {% endblock %}