Jump to content

[BUG 4.6.x & 4.7] Flood control is not working for Guests?

SeNioR-
SeNioR-
in Developer Connection

Featured Replies

Posted

Hey guys. I noticed a bug where flood protection is not working for Guests. Could someone check if I am right?

Edited by SeNioR-

  • Author

ok, I know that the last post date is not stored for Guests 

	public static function floodCheck()
	{
		if ( \IPS\Settings::i()->flood_control and !\IPS\Member::loggedIn()->group['g_avoid_flood'] )
		{
			if ( time() - \IPS\Member::loggedIn()->member_last_post < \IPS\Settings::i()->flood_control )
			{
				throw new \DomainException( \IPS\Member::loggedIn()->language()->addToStack('error_flood_control', FALSE, array( 'sprintf' => array( \IPS\Settings::i()->flood_control - ( time() - \IPS\Member::loggedIn()->member_last_post ) ) ) ) );
			}
		}
	}

but maybe this could be based on the last post date from the core_posts table? or not? 😛

Edited by SeNioR-

Hmm, on big posts tables the query could cause a big delay retrieving the last guest post from the table. Not to mention that there could be multiple guests posting at the same time and they would block each other from posting. You could try checking also the IP, but if all or most of the guests are are using the same VPN/proxy that would be a problem too for example.

Maybe some kind of local cookie that stores the last post date? It can be manually deleted and bypassed, but it would still work better. 🤔

Edited by teraßyte

    • Author
    15 minutes ago, teraßyte said:

    Not to mention that there could be multiple guests posting at the same time and they would block each other from posting.

     

    Yes, but it's better than no security 🤔 I already had a case (unfortunately I had no security then) that within a few minutes an automated bot added 500 answers in several topics.

    For now, I'm testing: 

    	public static function floodCheck()
	{
		if ( \IPS\Settings::i()->flood_control and !\IPS\Member::loggedIn()->group['g_avoid_flood'] )
		{
		    if ( \IPS\Member::loggedIn()->member_id === NULL ) {
			
			$topic = \IPS\forums\Topic::load( \IPS\Request::i()->id );
			
			if ( time() - $topic->last_post < \IPS\Settings::i()->flood_control )
			{
				throw new \DomainException( \IPS\Member::loggedIn()->language()->addToStack('error_flood_control', FALSE, array( 'sprintf' => array( \IPS\Settings::i()->flood_control - ( time() - $topic->last_post ) ) ) ) );
			}
			
			}
			else {
			
			if ( time() - \IPS\Member::loggedIn()->member_last_post < \IPS\Settings::i()->flood_control )
			{
				throw new \DomainException( \IPS\Member::loggedIn()->language()->addToStack('error_flood_control', FALSE, array( 'sprintf' => array( \IPS\Settings::i()->flood_control - ( time() - \IPS\Member::loggedIn()->member_last_post ) ) ) ) );
			}
			
		  }
		}
	}

    It's not the best solution, but it works somehow. Meanwhile, I'm trying to figure out a better way.

    18 minutes ago, teraßyte said:

    Maybe some kind of local cookie that stores the last post date?

    hmm, why not cookie seems like a good idea 😉

    Go to topic listing

    Recently Browsing 0

    • No registered users viewing this page.