Subject | Hash | Author | Date (UTC) |
---|---|---|---|
Bot prevention should not be active for edit operation | 371c60a486ea989fafb66266cab71ea9f7db0269 | Catalin(ux) M. BOIE | 2020-08-23 15:02:13 |
TODO update | 32591f3b1cf054bd70411592e5a82f5898d7da2f | Catalin(ux) M. BOIE | 2020-08-23 15:01:51 |
Show also by which protocol a user is connecting | d35b5b12103f9a72a3e8788e7c48532b9c1e5b89 | Catalin(ux) M. BOIE | 2020-08-23 15:01:30 |
Fixed a small locking issue (unlock without lock) | 0d1e7915545de251eea7f3bce468647fc2df1bf9 | Catalin(ux) M. BOIE | 2020-08-23 15:00:58 |
Give up the cache if we cannot connect in 150ms | dad6cf20f9f4bdbfe2026809a404e852e7cd8e53 | Catalin(ux) M. BOIE | 2020-08-23 15:00:20 |
Limit the number of repositories in the discover page | a0de6d683b59934168ef8415c9ec716aef68b195 | Catalin(ux) M. BOIE | 2020-08-23 14:58:37 |
Added support for other branch then master (main prefered) | 1108f43c3639ffcc06f1314d901640564fae7483 | Catalin(ux) M. BOIE | 2020-08-23 14:55:51 |
Added possibility for admin to mail users | 05068314021bbdf6f26bc92bee47177b170b2a1c | Catalin(ux) M. BOIE | 2020-08-23 14:43:10 |
CSS: small fixes | e4a39879513e000b5d9be588201916950fa629fc | Catalin(ux) M. BOIE | 2020-08-23 14:03:23 |
Cosmetic | cbe42130692ed9b876746e6c97f4fb32439c6190 | Catalin(ux) M. BOIE | 2020-08-23 13:59:00 |
Default statistics are now per month | c312ad532190fe566f2243881a883568b4f77c23 | Catalin(ux) M. BOIE | 2020-08-23 12:35:36 |
events: when splitting an event we need a transaction | e685c800814365661b348c0d04aa8c0b3605ed7e | Catalin(ux) M. BOIE | 2020-08-21 04:35:17 |
Fix for a bug preventing partition table to be created in advance | 51049495934efa8c7bca710c6f2538f34bc4de9a | Catalin(ux) M. BOIE | 2020-08-20 04:03:49 |
cron fixes | 910c74f83740da015d654193025cd6433324a1da | Catalin(ux) M. BOIE | 2020-08-20 03:41:07 |
replaced 'slave' with 'part' | 348a2afcaedd77c7513b5e7dd05364f5e9ae7a87 | Catalin(ux) M. BOIE | 2020-08-20 03:40:43 |
Make cron tasks more resilient in case the machine is stopped | afbe8607b4608862787bf696f71027beb345701f | Catalin(ux) M. BOIE | 2020-08-19 06:08:34 |
Cosmetic | 21956573027d83eb45913b6bf30eeb57e602aea4 | Catalin(ux) M. BOIE | 2020-08-19 06:07:45 |
Added time of upload for artifacts | fd33fe0aeef09f66d74f3ec1554312a2fa5e2642 | Catalin(ux) M. BOIE | 2020-08-19 06:06:54 |
css fixes for table scroll | 77e486f3c9e3c9356985d3c21bc713d8a8d0e223 | Catalin(ux) M. BOIE | 2020-08-19 06:02:09 |
Added git repo size | 9828b1fe96e2217ead8863f7a7c0ee3599d16633 | Catalin(ux) M. BOIE | 2020-08-19 06:01:27 |
File | Lines added | Lines deleted |
---|---|---|
inc/user.inc.php | 14 | 12 |
tests/http_create_account.php | 4 | 1 |
File inc/user.inc.php changed (mode: 100644) (index 9f33f58..c99646c) | |||
... | ... | function rg_user_edit_high_level($db, &$rg) | |
1999 | 1999 | } | } |
2000 | 2000 | ||
2001 | 2001 | // We try to prevent bots to create accounts | // We try to prevent bots to create accounts |
2002 | $gen = rg_var_str('gen'); | ||
2003 | if (empty($gen)) { | ||
2004 | $diff = 0; | ||
2005 | } else { | ||
2006 | $xgen1 = substr($gen, 3); | ||
2007 | $xgen2 = substr($gen, 0, 3); | ||
2008 | $diff = ($gen1 - $xgen1) * 1000 + $gen2 - $xgen2; | ||
2009 | } | ||
2010 | if ($diff < 2000) { | ||
2011 | rg_log('Bot tried to create account in ' . $diff . 'ms'); | ||
2012 | $errmsg[] = 'invalid token; try again'; | ||
2013 | break; | ||
2002 | if ($rg['target_ui']['uid'] == 0) { | ||
2003 | $gen = rg_var_str('gen'); | ||
2004 | if (empty($gen)) { | ||
2005 | $diff = 0; | ||
2006 | } else { | ||
2007 | $xgen1 = substr($gen, 3); | ||
2008 | $xgen2 = substr($gen, 0, 3); | ||
2009 | $diff = ($gen1 - $xgen1) * 1000 + $gen2 - $xgen2; | ||
2010 | } | ||
2011 | if ($diff < 2000) { | ||
2012 | rg_log('Bot tried to create account in ' . $diff . 'ms'); | ||
2013 | $errmsg[] = 'invalid token; try again'; | ||
2014 | break; | ||
2015 | } | ||
2014 | 2016 | } | } |
2015 | 2017 | ||
2016 | 2018 | if ($ui['tos'] != 1) { | if ($ui['tos'] != 1) { |
File tests/http_create_account.php changed (mode: 100644) (index 422e31f..80e2fd1) | |||
... | ... | if ($r === FALSE) { | |
27 | 27 | exit(1); | exit(1); |
28 | 28 | } | } |
29 | 29 | $good_token = $r['tokens']['user_edit_hl']; | $good_token = $r['tokens']['user_edit_hl']; |
30 | $gen = $r['inputs']['gen']; | ||
30 | 31 | ||
31 | 32 | $uniq = rg_id(16); | $uniq = rg_id(16); |
32 | 33 | ||
34 | sleep(2); // bot protection | ||
33 | 35 | rg_log('Adding an account without accepting tos...'); | rg_log('Adding an account without accepting tos...'); |
34 | 36 | $username = "http1-$uniq<xss>"; | $username = "http1-$uniq<xss>"; |
35 | 37 | $data = array( | $data = array( |
... | ... | $data = array( | |
42 | 44 | "pass" => "cucurigu<xss>", | "pass" => "cucurigu<xss>", |
43 | 45 | "pass2" => "cucurigu<xss>", | "pass2" => "cucurigu<xss>", |
44 | 46 | "plan_id" => 9, | "plan_id" => 9, |
45 | "session_time" => 60 | ||
47 | "session_time" => 60, | ||
48 | 'gen' => $gen | ||
46 | 49 | ); | ); |
47 | 50 | $headers = array(); | $headers = array(); |
48 | 51 | $r = do_req($test_url . "/op/create_account?t=create_account", $data, $headers); | $r = do_req($test_url . "/op/create_account?t=create_account", $data, $headers); |