SeNioR- Posted August 1, 2022 Posted August 1, 2022 (edited) Hey guys. I noticed a bug where flood protection is not working for Guests. Could someone check if I am right? flood-for-guests.mp4 Edited August 1, 2022 by SeNioR-
SeNioR- Posted August 1, 2022 Author Posted August 1, 2022 (edited) ok, I know that the last post date is not stored for Guests public static function floodCheck() { if ( \IPS\Settings::i()->flood_control and !\IPS\Member::loggedIn()->group['g_avoid_flood'] ) { if ( time() - \IPS\Member::loggedIn()->member_last_post < \IPS\Settings::i()->flood_control ) { throw new \DomainException( \IPS\Member::loggedIn()->language()->addToStack('error_flood_control', FALSE, array( 'sprintf' => array( \IPS\Settings::i()->flood_control - ( time() - \IPS\Member::loggedIn()->member_last_post ) ) ) ) ); } } } but maybe this could be based on the last post date from the core_posts table? or not? 😛 Edited August 1, 2022 by SeNioR-
teraßyte Posted August 1, 2022 Posted August 1, 2022 (edited) Hmm, on big posts tables the query could cause a big delay retrieving the last guest post from the table. Not to mention that there could be multiple guests posting at the same time and they would block each other from posting. You could try checking also the IP, but if all or most of the guests are are using the same VPN/proxy that would be a problem too for example. Maybe some kind of local cookie that stores the last post date? It can be manually deleted and bypassed, but it would still work better. 🤔 Edited August 1, 2022 by teraßyte SeNioR- 1
SeNioR- Posted August 1, 2022 Author Posted August 1, 2022 15 minutes ago, teraßyte said: Not to mention that there could be multiple guests posting at the same time and they would block each other from posting. Yes, but it's better than no security 🤔 I already had a case (unfortunately I had no security then) that within a few minutes an automated bot added 500 answers in several topics. For now, I'm testing: public static function floodCheck() { if ( \IPS\Settings::i()->flood_control and !\IPS\Member::loggedIn()->group['g_avoid_flood'] ) { if ( \IPS\Member::loggedIn()->member_id === NULL ) { $topic = \IPS\forums\Topic::load( \IPS\Request::i()->id ); if ( time() - $topic->last_post < \IPS\Settings::i()->flood_control ) { throw new \DomainException( \IPS\Member::loggedIn()->language()->addToStack('error_flood_control', FALSE, array( 'sprintf' => array( \IPS\Settings::i()->flood_control - ( time() - $topic->last_post ) ) ) ) ); } } else { if ( time() - \IPS\Member::loggedIn()->member_last_post < \IPS\Settings::i()->flood_control ) { throw new \DomainException( \IPS\Member::loggedIn()->language()->addToStack('error_flood_control', FALSE, array( 'sprintf' => array( \IPS\Settings::i()->flood_control - ( time() - \IPS\Member::loggedIn()->member_last_post ) ) ) ) ); } } } } It's not the best solution, but it works somehow. Meanwhile, I'm trying to figure out a better way. 18 minutes ago, teraßyte said: Maybe some kind of local cookie that stores the last post date? hmm, why not cookie seems like a good idea 😉
Recommended Posts