[BUG 4.6.x & 4.7] Flood control is not working for Guests?

SeNioR- · August 1, 2022

Hey guys. I noticed a bug where flood protection is not working for Guests. Could someone check if I am right?

Edited August 1, 2022 by SeNioR-

SeNioR- · August 1, 2022

ok, I know that the last post date is not stored for Guests

	public static function floodCheck()
	{
		if ( \IPS\Settings::i()->flood_control and !\IPS\Member::loggedIn()->group['g_avoid_flood'] )
		{
			if ( time() - \IPS\Member::loggedIn()->member_last_post < \IPS\Settings::i()->flood_control )
			{
				throw new \DomainException( \IPS\Member::loggedIn()->language()->addToStack('error_flood_control', FALSE, array( 'sprintf' => array( \IPS\Settings::i()->flood_control - ( time() - \IPS\Member::loggedIn()->member_last_post ) ) ) ) );
			}
		}
	}

but maybe this could be based on the last post date from the core_posts table? or not? 😛

Edited August 1, 2022 by SeNioR-

teraßyte · August 1, 2022

Hmm, on big posts tables the query could cause a big delay retrieving the last guest post from the table. Not to mention that there could be multiple guests posting at the same time and they would block each other from posting. You could try checking also the IP, but if all or most of the guests are are using the same VPN/proxy that would be a problem too for example.

Maybe some kind of local cookie that stores the last post date? It can be manually deleted and bypassed, but it would still work better. 🤔

Edited August 1, 2022 by teraßyte

SeNioR- · August 1, 2022

15 minutes ago, teraßyte said:

Not to mention that there could be multiple guests posting at the same time and they would block each other from posting.

Yes, but it's better than no security 🤔 I already had a case (unfortunately I had no security then) that within a few minutes an automated bot added 500 answers in several topics.

For now, I'm testing:

	public static function floodCheck()
	{
		if ( \IPS\Settings::i()->flood_control and !\IPS\Member::loggedIn()->group['g_avoid_flood'] )
		{
		    if ( \IPS\Member::loggedIn()->member_id === NULL ) {
			
			$topic = \IPS\forums\Topic::load( \IPS\Request::i()->id );
			
			if ( time() - $topic->last_post < \IPS\Settings::i()->flood_control )
			{
				throw new \DomainException( \IPS\Member::loggedIn()->language()->addToStack('error_flood_control', FALSE, array( 'sprintf' => array( \IPS\Settings::i()->flood_control - ( time() - $topic->last_post ) ) ) ) );
			}
			
			}
			else {
			
			if ( time() - \IPS\Member::loggedIn()->member_last_post < \IPS\Settings::i()->flood_control )
			{
				throw new \DomainException( \IPS\Member::loggedIn()->language()->addToStack('error_flood_control', FALSE, array( 'sprintf' => array( \IPS\Settings::i()->flood_control - ( time() - \IPS\Member::loggedIn()->member_last_post ) ) ) ) );
			}
			
		  }
		}
	}

It's not the best solution, but it works somehow. Meanwhile, I'm trying to figure out a better way.

18 minutes ago, teraßyte said:

Maybe some kind of local cookie that stores the last post date?

hmm, why not cookie seems like a good idea 😉

Invision Community 4: SEO, prepare for v5 and dormant account notifications

Invision Community 5: Beta testing and latest updates

Invision Community 4: A more professional report center

Invision Community 5: A video walkthrough creating a custom theme and homepage

[BUG 4.6.x & 4.7] Flood control is not working for Guests?

Recommended Posts

SeNioR-

SeNioR-

teraßyte

SeNioR-

Recently Browsing 0 members

More