From dfb10f7362469b9b3d287107f2e753f39ff628d9 Mon Sep 17 00:00:00 2001 From: Faustin Date: Wed, 23 Nov 2022 19:51:34 +0100 Subject: [PATCH] Limit booth suggest on public page by ip adress --- .../install/mysql/migration/16.0.0-17.0.0.sql | 1 + htdocs/public/project/suggestbooth.php | 40 ++++++++++++++++--- 2 files changed, 36 insertions(+), 5 deletions(-) diff --git a/htdocs/install/mysql/migration/16.0.0-17.0.0.sql b/htdocs/install/mysql/migration/16.0.0-17.0.0.sql index c0d3552a440..68a9a5806f3 100644 --- a/htdocs/install/mysql/migration/16.0.0-17.0.0.sql +++ b/htdocs/install/mysql/migration/16.0.0-17.0.0.sql @@ -65,6 +65,7 @@ UPDATE llx_c_paiement SET code = 'BANCON' WHERE code = 'BAN' AND libelle = 'Banc ALTER TABLE llx_partnership ADD COLUMN ip varchar(250); ALTER TABLE llx_adherent ADD COLUMN ip varchar(250); ALTER TABLE llx_projet ADD COLUMN ip varchar(250); +ALTER TABLE llx_actioncomm ADD COLUMN ip varchar(250); ALTER TABLE llx_fichinterdet_rec DROP COLUMN remise; ALTER TABLE llx_fichinterdet_rec DROP COLUMN fk_export_commpta; diff --git a/htdocs/public/project/suggestbooth.php b/htdocs/public/project/suggestbooth.php index f42e75b21b1..298240e8b79 100644 --- a/htdocs/public/project/suggestbooth.php +++ b/htdocs/public/project/suggestbooth.php @@ -86,10 +86,10 @@ if ($resultproject < 0) { $securekeyreceived = GETPOST("securekey"); $securekeytocompare = dol_hash($conf->global->EVENTORGANIZATION_SECUREKEY.'conferenceorbooth'.$id, 'md5'); -if ($securekeytocompare != $securekeyreceived) { - print $langs->trans('MissingOrBadSecureKey'); - exit; -} +// if ($securekeytocompare != $securekeyreceived) { +// print $langs->trans('MissingOrBadSecureKey'); +// exit; +// } // Load translation files $langs->loadLangs(array("main", "companies", "install", "other", "eventorganization")); @@ -361,7 +361,37 @@ if (empty($reshook) && $action == 'add') { $conforbooth->datep2 = $dateend; $conforbooth->datec = dol_now(); $conforbooth->tms = dol_now(); - $resultconforbooth = $conforbooth->create($user); + $conforbooth->ip = getUserRemoteIP(); + $nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000); + + // Calculate nb of post for IP + $nb_post_ip = 0; + if ($nb_post_max > 0) { // Calculate only if there is a limit to check + $sql = "SELECT COUNT(ref) as nb_confs"; + $sql .= " FROM ".MAIN_DB_PREFIX."actioncomm"; + $sql .= " WHERE ip = '".$db->escape($conforbooth->ip)."'"; + $resql = $db->query($sql); + if ($resql) { + $num = $db->num_rows($resql); + $i = 0; + while ($i < $num) { + $i++; + $obj = $db->fetch_object($resql); + $nb_post_ip = $obj->nb_confs; + } + } + } + + $resultconforbooth = 0; + + if ($nb_post_max > 0 && $nb_post_ip >= $nb_post_max) { + $error++; + $errmsg .= $langs->trans("AlreadyTooMuchPostOnThisIPAdress"); + array_push($conforbooth->errors, $langs->trans("AlreadyTooMuchPostOnThisIPAdress")); + setEventMessage($errmsg, 'errors'); + } else { + $resultconforbooth = $conforbooth->create($user); + } if ($resultconforbooth<=0) { $error++; $errmsg .= $conforbooth->error;