Skip to content

Commit

Permalink
New add spam protection to bookcal public page
Browse files Browse the repository at this point in the history
  • Loading branch information
Hystepik committed Sep 27, 2024
1 parent 73c2c2b commit e557542
Showing 1 changed file with 21 additions and 7 deletions.
28 changes: 21 additions & 7 deletions htdocs/public/bookcal/index.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@
require_once DOL_DOCUMENT_ROOT.'/bookcal/class/availabilities.class.php';
require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php';
require_once DOL_DOCUMENT_ROOT.'/comm/action/class/actioncomm.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/public.lib.php';

// Security check
if (!isModEnabled('bookcal')) {
Expand Down Expand Up @@ -191,6 +192,7 @@ function llxHeaderVierge($title, $head = "", $disablejs = 0, $disablehead = 0, $
$calendar = $object;
$contact = new Contact($db);
$actioncomm = new ActionComm($db);
$nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 200);

if (!is_object($user)) {
$user = new User($db);
Expand Down Expand Up @@ -229,10 +231,17 @@ function llxHeaderVierge($title, $head = "", $disablejs = 0, $disablehead = 0, $
$contact->lastname = GETPOST("lastname");
$contact->firstname = GETPOST("firstname");
$contact->email = GETPOST("email");
$result = $contact->create($user);
if ($result < 0) {
$contact->ip = getUserRemoteIP();

if (checkNbPostsForASpeceificIp($contact, $nb_post_max) <= 0) {
$error++;
$errmsg .= $contact->error." ".implode(',', $contact->errors);
$errmsg .= implode('<br>', $contact->errors);
} else {
$result = $contact->create($user);
if ($result < 0) {
$error++;
$errmsg .= $contact->error." ".implode(',', $contact->errors);
}
}
}
} else {
Expand Down Expand Up @@ -262,11 +271,16 @@ function llxHeaderVierge($title, $head = "", $disablejs = 0, $disablehead = 0, $
'transparency' =>0,
]
];

$result = $actioncomm->create($user);
if ($result < 0) {
$actioncomm->ip = getUserRemoteIP();
if (checkNbPostsForASpeceificIp($actioncomm, $nb_post_max) <= 0) {
$error++;
$errmsg .= $actioncomm->error." ".implode(',', $actioncomm->errors);
$errmsg .= implode('<br>', $actioncomm->errors);
} else {
$result = $actioncomm->create($user);
if ($result < 0) {
$error++;
$errmsg .= $actioncomm->error." ".implode(',', $actioncomm->errors);
}
}

if (!$error) {
Expand Down

0 comments on commit e557542

Please sign in to comment.