Implemented Spam protection via IP block

2015-03-16 16:28:20 +01:00 · 2015-03-16 16:28:20 +01:00 · 67c80893f5
commit 67c80893f5
parent f9c8b6f016
6 changed files with 103 additions and 35 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,4 @@
 /cache/
 /vendor/
 /cache/
+/blacklist/
--- a/index.php
+++ b/index.php
@ -4,16 +4,23 @@ namespace raphiz\passwordcards;
 require_once 'vendor/autoload.php';
 use \Rain\Tpl;

-if (!RequestUtils::isPost()) {
-    // Render template
-    Tpl::configure(
+Tpl::configure(
    array(
        "tpl_dir" => __DIR__ . "/resources/",
    )
-    );
+);
+
+if (!RequestUtils::isPost()) {
    $tpl = new Tpl;
    $tpl->draw('index');
 } else {
+    $spamPrevention = RequestUtils::preventSpam();
+    if ($spamPrevention !== true) {
+        $tpl = new Tpl;
+        $tpl->assign('seconds', $spamPrevention);
+        $tpl->draw('spam');
+        exit;
+    }
    // Parse request
    $pattern = RequestUtils::parsePattern();
    $keyboardLayout = RequestUtils::parseKeyboardLayout();
@ -50,4 +57,5 @@ if (!RequestUtils::isPost()) {
    // Cleanup temporary SVG images
    unlink($back);
    unlink($front);
+
 }
--- a/resources/includes/header.html
+++ b/resources/includes/header.html
@ -0,0 +1,29 @@
+<head>
+
+  <!-- Basic Page Needs
+  –––––––––––––––––––––––––––––––––––––––––––––––––– -->
+  <meta charset="utf-8">
+  <title>Password Card Generator</title>
+  <meta name="description" content="Password Card Generator">
+  <meta name="author" content="Raphael Zimmermann">
+
+  <!-- Mobile Specific Metas
+  –––––––––––––––––––––––––––––––––––––––––––––––––– -->
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+
+  <!-- FONT
+  –––––––––––––––––––––––––––––––––––––––––––––––––– -->
+  <link href="//fonts.googleapis.com/css?family=Raleway:400,300,600" rel="stylesheet" type="text/css">
+
+  <!-- CSS
+  –––––––––––––––––––––––––––––––––––––––––––––––––– -->
+  <link rel="stylesheet" href="resources/css/normalize.css">
+  <link rel="stylesheet" href="resources/css/skeleton.css">
+  <link rel="stylesheet" href="resources/css/tinycolorpicker.css">
+  <link rel="stylesheet" href="resources/css/main.css">
+
+  <!-- Favicon
+  –––––––––––––––––––––––––––––––––––––––––––––––––– -->
+  <link rel="icon" type="image/png" href="resources/favicon.png">
+
+</head>
--- a/resources/index.html
+++ b/resources/index.html
@ -1,34 +1,6 @@
 <!DOCTYPE html>
 <html lang="en">
-<head>
-
-  <!-- Basic Page Needs
-  –––––––––––––––––––––––––––––––––––––––––––––––––– -->
-  <meta charset="utf-8">
-  <title>Password Card Generator</title>
-  <meta name="description" content="Password Card Generator">
-  <meta name="author" content="Raphael Zimmermann">
-
-  <!-- Mobile Specific Metas
-  –––––––––––––––––––––––––––––––––––––––––––––––––– -->
-  <meta name="viewport" content="width=device-width, initial-scale=1">
-
-  <!-- FONT
-  –––––––––––––––––––––––––––––––––––––––––––––––––– -->
-  <link href="//fonts.googleapis.com/css?family=Raleway:400,300,600" rel="stylesheet" type="text/css">
-
-  <!-- CSS
-  –––––––––––––––––––––––––––––––––––––––––––––––––– -->
-  <link rel="stylesheet" href="resources/css/normalize.css">
-  <link rel="stylesheet" href="resources/css/skeleton.css">
-  <link rel="stylesheet" href="resources/css/tinycolorpicker.css">
-  <link rel="stylesheet" href="resources/css/main.css">
-
-  <!-- Favicon
-  –––––––––––––––––––––––––––––––––––––––––––––––––– -->
-  <link rel="icon" type="image/png" href="resources/favicon.png">
-
-</head>
+{include="includes/header"}
 <body>

  <!-- Primary Page Layout
--- a/resources/spam.html
+++ b/resources/spam.html
@ -0,0 +1,19 @@
+<!DOCTYPE html>
+<html lang="en">
+{include="includes/header"}
+<body>
+
+  <!-- Primary Page Layout
+  –––––––––––––––––––––––––––––––––––––––––––––––––– -->
+  <div class="container">
+    <div class="header">
+        <h1>Awww...</h1>
+        <p>To prevent spam you can only create 5 cards every 5 minutes...</p>
+        <p>While you wait ({$seconds} seconds are left) - you can watch this video of cute cats!</p>
+        <iframe width="560" height="315" src="https://www.youtube.com/embed/nOBX7ffZFCU" frameborder="0" allowfullscreen></iframe>
+        <br>
+        <a href="/" class="button">Go Back</a>
+    </div>
+</div>
+</body>
+</html>
--- a/src/RequestUtils.php
+++ b/src/RequestUtils.php
@ -8,6 +8,45 @@ class RequestUtils
        return $_SERVER['REQUEST_METHOD'] == "POST";
    }

+    public static function preventSpam()
+    {
+        $ip = $_SERVER['REMOTE_ADDR'];
+        $blacklistfile = __DIR__ . '/../blacklist/' . $ip;
+        $count = 0;
+        $creationDate = 0;
+        if (file_exists($blacklistfile)) {
+            $contents = (int)file_get_contents($blacklistfile);
+            // If the stored value is big, it's the unix timestamp.
+            // Otherwise it's the amount of created cards.
+            if ($contents > 5) {
+                $creationDate = $contents;
+            } else {
+                $count = $contents;
+            }
+        }
+
+
+        if ($creationDate > 0) {
+            // If blocked time is over, release lock
+            if ($creationDate - time() < 0) {
+                file_put_contents($blacklistfile, 0);
+            } else {
+                return $creationDate - time();
+            }
+        }
+
+        if ($count === 5) {
+            // Write unix timestamp into the blacklist file. The
+            // ip is blocked till then.
+            file_put_contents($blacklistfile, time() + 5*60);
+        } else {
+            // increment count...
+            file_put_contents($blacklistfile, ($count+1));
+        }
+
+        return true;
+    }
+
    public static function parseSeed()
    {
        if (