358 lines
11 KiB
PHP
358 lines
11 KiB
PHP
<?php
|
|
// This file is part of GNU social - https://www.gnu.org/software/social
|
|
//
|
|
// GNU social is free software: you can redistribute it and/or modify
|
|
// it under the terms of the GNU Affero General Public License as published by
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
// (at your option) any later version.
|
|
//
|
|
// GNU social is distributed in the hope that it will be useful,
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
// GNU Affero General Public License for more details.
|
|
//
|
|
// You should have received a copy of the GNU Affero General Public License
|
|
// along with GNU social. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
/**
|
|
* Throttle registration by IP address
|
|
*
|
|
* @category Spam
|
|
* @package GNUsocial
|
|
* @author Evan Prodromou <evan@status.net>
|
|
* @copyright 2010 StatusNet, Inc.
|
|
* @license https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later
|
|
*/
|
|
|
|
defined('GNUSOCIAL') || die();
|
|
|
|
/**
|
|
* Throttle registration by IP address
|
|
*
|
|
* We a) record IP address of registrants and b) throttle registrations.
|
|
*
|
|
* @category Spam
|
|
* @package GNUsocial
|
|
* @author Evan Prodromou <evan@status.net>
|
|
* @copyright 2010 StatusNet, Inc.
|
|
* @license https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later
|
|
*/
|
|
|
|
class RegisterThrottlePlugin extends Plugin
|
|
{
|
|
const PLUGIN_VERSION = '2.0.0';
|
|
|
|
/**
|
|
* Array of time spans in seconds to limits.
|
|
*
|
|
* Default is 3 registrations per hour, 5 per day, 10 per week.
|
|
*/
|
|
public $regLimits = array(604800 => 10, // per week
|
|
86400 => 5, // per day
|
|
3600 => 3); // per hour
|
|
|
|
/**
|
|
* Disallow registration if a silenced user has registered from
|
|
* this IP address.
|
|
*/
|
|
public $silenced = true;
|
|
|
|
/**
|
|
* Auto-silence all other users from the same registration_ip
|
|
* as the one being silenced. Caution: Many users may come from
|
|
* the same IP (even entire countries) without having any sort
|
|
* of relevant connection for moderation.
|
|
*/
|
|
public $auto_silence_by_ip = false;
|
|
|
|
/**
|
|
* Whether we're enabled; prevents recursion.
|
|
*/
|
|
private static $enabled = true;
|
|
|
|
/**
|
|
* Database schema setup
|
|
*
|
|
* We store user registrations in a table registration_ip.
|
|
*
|
|
* @return boolean hook value; true means continue processing, false means stop.
|
|
*/
|
|
public function onCheckSchema()
|
|
{
|
|
$schema = Schema::get();
|
|
|
|
// For storing user-submitted flags on profiles
|
|
$schema->ensureTable('registration_ip', Registration_ip::schemaDef());
|
|
return true;
|
|
}
|
|
|
|
public function onRouterInitialized(URLMapper $m)
|
|
{
|
|
$m->connect(
|
|
'main/ipregistrations/:ipaddress',
|
|
['action' => 'ipregistrations'],
|
|
['ipaddress' => '[0-9a-f\.\:]+']
|
|
);
|
|
}
|
|
|
|
/**
|
|
* Called when someone tries to register.
|
|
*
|
|
* We check the IP here to determine if it goes over any of our
|
|
* configured limits.
|
|
*
|
|
* @param Action $action Action that is being executed
|
|
*
|
|
* @return boolean hook value
|
|
*/
|
|
public function onStartRegistrationTry($action)
|
|
{
|
|
$ipaddress = $this->_getIpAddress();
|
|
|
|
if (empty($ipaddress)) {
|
|
// TRANS: Server exception thrown when no IP address can be found for a registation attempt.
|
|
throw new ServerException(_m('Cannot find IP address.'));
|
|
}
|
|
|
|
foreach ($this->regLimits as $seconds => $limit) {
|
|
$this->debug("Checking $seconds ($limit)");
|
|
|
|
$reg = $this->_getNthReg($ipaddress, $limit);
|
|
|
|
if (!empty($reg)) {
|
|
$this->debug("Got a {$limit}th registration.");
|
|
$regtime = strtotime($reg->created);
|
|
$now = time();
|
|
$this->debug("Comparing {$regtime} to {$now}");
|
|
if ($now - $regtime < $seconds) {
|
|
// TRANS: Exception thrown when too many user have registered from one IP address within a given time frame.
|
|
throw new Exception(_m('Too many registrations. Take a break and try again later.'));
|
|
}
|
|
}
|
|
}
|
|
|
|
// Check for silenced users
|
|
|
|
if ($this->silenced) {
|
|
$ids = Registration_ip::usersByIP($ipaddress);
|
|
foreach ($ids as $id) {
|
|
$profile = Profile::getKV('id', $id);
|
|
if ($profile && $profile->isSilenced()) {
|
|
// TRANS: Exception thrown when attempting to register from an IP address from which silenced users have registered.
|
|
throw new Exception(_m('A banned user has registered from this address.'));
|
|
}
|
|
}
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
public function onEndShowSections(Action $action)
|
|
{
|
|
if (!$action instanceof ShowstreamAction) {
|
|
// early return for actions we're not interested in
|
|
return true;
|
|
}
|
|
|
|
$target = $action->getTarget();
|
|
if (!$target->isSilenced()) {
|
|
// Only show the IP of users who are not silenced.
|
|
return true;
|
|
}
|
|
|
|
$scoped = $action->getScoped();
|
|
if (!$scoped->hasRight(Right::SILENCEUSER)) {
|
|
// only show registration IP if we have the right to silence users
|
|
return true;
|
|
}
|
|
|
|
$ri = Registration_ip::getKV('user_id', $target->getID());
|
|
$ipaddress = null;
|
|
if ($ri instanceof Registration_ip) {
|
|
$ipaddress = $ri->ipaddress;
|
|
unset($ri);
|
|
}
|
|
|
|
$action->elementStart('div', array('id' => 'entity_mod_log',
|
|
'class' => 'section'));
|
|
|
|
$action->element('h2', null, _('Registration IP'));
|
|
|
|
// TRANS: Label for the information about which IP a users registered from.
|
|
$action->element('strong', null, _('Registered from:'));
|
|
$el = 'span';
|
|
$attrs = ['class'=>'ipaddress'];
|
|
if (!is_null($ipaddress)) {
|
|
$el = 'a';
|
|
$attrs['href'] = common_local_url(
|
|
'ipregistrations',
|
|
['ipaddress' => $ipaddress]
|
|
);
|
|
}
|
|
$action->element(
|
|
$el,
|
|
$attrs,
|
|
// TRANS: Unknown IP address.
|
|
$ipaddress ?? _('unknown')
|
|
);
|
|
|
|
$action->elementEnd('div');
|
|
}
|
|
|
|
/**
|
|
* Called after someone registers, by any means.
|
|
*
|
|
* We record the successful registration and IP address.
|
|
*
|
|
* @param Profile $profile new user's profile
|
|
*
|
|
* @return boolean hook value
|
|
*/
|
|
public function onEndUserRegister(Profile $profile)
|
|
{
|
|
$ipaddress = $this->_getIpAddress();
|
|
|
|
if (empty($ipaddress)) {
|
|
// User registration can happen from command-line scripts etc.
|
|
return true;
|
|
}
|
|
|
|
$reg = new Registration_ip();
|
|
|
|
$reg->user_id = $profile->getID();
|
|
$reg->ipaddress = mb_strtolower($ipaddress);
|
|
$reg->created = common_sql_now();
|
|
|
|
$result = $reg->insert();
|
|
|
|
if ($result === false) {
|
|
common_log_db_error($reg, 'INSERT', __FILE__);
|
|
// @todo throw an exception?
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* Check the version of the plugin.
|
|
*
|
|
* @param array &$versions Version array.
|
|
*
|
|
* @return boolean hook value
|
|
*/
|
|
public function onPluginVersion(array &$versions): bool
|
|
{
|
|
$versions[] = array('name' => 'RegisterThrottle',
|
|
'version' => self::PLUGIN_VERSION,
|
|
'author' => 'Evan Prodromou',
|
|
'homepage' => GNUSOCIAL_ENGINE_REPO_URL . 'tree/master/plugins/RegisterThrottle',
|
|
'description' =>
|
|
// TRANS: Plugin description.
|
|
_m('Throttles excessive registration from a single IP address.'));
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* Gets the current IP address.
|
|
*
|
|
* @return string IP address or null if not found.
|
|
*/
|
|
private function _getIpAddress()
|
|
{
|
|
$keys = array('HTTP_X_FORWARDED_FOR',
|
|
'HTTP_X_CLIENT',
|
|
'CLIENT-IP',
|
|
'REMOTE_ADDR');
|
|
|
|
foreach ($keys as $k) {
|
|
if (!empty($_SERVER[$k])) {
|
|
return $_SERVER[$k];
|
|
}
|
|
}
|
|
|
|
return null;
|
|
}
|
|
|
|
/**
|
|
* Gets the Nth registration with the given IP address.
|
|
*
|
|
* @param string $ipaddress Address to key on
|
|
* @param integer $n Nth address
|
|
*
|
|
* @return Registration_ip nth registration or null if not found.
|
|
*/
|
|
private function _getNthReg($ipaddress, $n)
|
|
{
|
|
$reg = new Registration_ip();
|
|
|
|
$reg->ipaddress = $ipaddress;
|
|
|
|
$reg->orderBy('created DESC, user_id DESC');
|
|
$reg->limit($n - 1, 1);
|
|
|
|
if ($reg->find(true)) {
|
|
return $reg;
|
|
} else {
|
|
return null;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* When silencing a user, silence all other users registered from that IP
|
|
* address.
|
|
*
|
|
* @param Profile $profile Person getting a new role
|
|
* @param string $role Role being assigned like 'moderator' or 'silenced'
|
|
*
|
|
* @return boolean hook value
|
|
*/
|
|
public function onEndGrantRole($profile, $role)
|
|
{
|
|
if (!self::$enabled) {
|
|
return true;
|
|
}
|
|
|
|
if ($role !== Profile_role::SILENCED) {
|
|
return true;
|
|
}
|
|
|
|
if (!$this->auto_silence_by_ip) {
|
|
return true;
|
|
}
|
|
|
|
$ri = Registration_ip::getKV('user_id', $profile->getID());
|
|
|
|
if (empty($ri)) {
|
|
return true;
|
|
}
|
|
|
|
$ids = Registration_ip::usersByIP($ri->ipaddress);
|
|
|
|
foreach ($ids as $id) {
|
|
if ($id == $profile->getID()) {
|
|
continue;
|
|
}
|
|
|
|
try {
|
|
$other = Profile::getByID($id);
|
|
} catch (NoResultException $e) {
|
|
continue;
|
|
}
|
|
|
|
if ($other->isSilenced()) {
|
|
continue;
|
|
}
|
|
|
|
// 'enabled' here is used to prevent recursion, since
|
|
// we'll end up in this function again on ->silence()
|
|
// though I actually think it doesn't matter since we
|
|
// do this in onEndGrantRole and that means the above
|
|
// $other->isSilenced() test should've 'continue'd...
|
|
$old = self::$enabled;
|
|
self::$enabled = false;
|
|
$other->silence();
|
|
self::$enabled = $old;
|
|
}
|
|
}
|
|
}
|