Limit partnership creation on public page by ip adress

htdocs/langs/en_US/errors.lang

@@ -97,7 +97,7 @@ ErrorWrongValueForField=Field <b>%s</b>: '<b>%s</b>' does not match regex rule <
 ErrorHtmlInjectionForField=Field <b>%s</b>: The value '<b>%s</b>' contains a malicious data not allowed
 ErrorFieldValueNotIn=Field <b>%s</b>: '<b>%s</b>' is not a value found in field <b>%s</b> of <b>%s</b>
 ErrorFieldRefNotIn=Field <b>%s</b>: '<b>%s</b>' is not a <b>%s</b> existing ref
-ErrorMultipleRecordFoundFromRef=Several record found when searching from ref <b>%s</b>. No way to know which ID to use. 
+ErrorMultipleRecordFoundFromRef=Several record found when searching from ref <b>%s</b>. No way to know which ID to use.
 ErrorsOnXLines=%s errors found
 ErrorFileIsInfectedWithAVirus=The antivirus program was not able to validate the file (file might be infected by a virus)
 ErrorNumRefModel=A reference exists into database (%s) and is not compatible with this numbering rule. Remove record or renamed reference to activate this module.
@@ -244,11 +244,12 @@ ErrorObjectMustHaveStatusActiveToBeDisabled=Objects must have status 'Active' to
 ErrorObjectMustHaveStatusDraftOrDisabledToBeActivated=Objects must have status 'Draft' or 'Disabled' to be enabled
 ErrorNoFieldWithAttributeShowoncombobox=No fields has property 'showoncombobox' into definition of object '%s'. No way to show the combolist.
 ErrorFieldRequiredForProduct=Field '%s' is required for product %s
+AlreadyTooMuchPostOnThisIPAdress=You have already posted too much on this IP address.
 ProblemIsInSetupOfTerminal=Problem is in setup of terminal %s.
 ErrorAddAtLeastOneLineFirst=Add at least one line first
 ErrorRecordAlreadyInAccountingDeletionNotPossible=Error, record is already transferred in accounting, deletion is not possible.
 ErrorLanguageMandatoryIfPageSetAsTranslationOfAnother=Error, language is mandatory if you set the page as a translation of another one.
-ErrorLanguageOfTranslatedPageIsSameThanThisPage=Error, language of translated page is same than this one. 
+ErrorLanguageOfTranslatedPageIsSameThanThisPage=Error, language of translated page is same than this one.
 ErrorBatchNoFoundForProductInWarehouse=No lot/serial found for product "%s" in warehouse "%s".
 ErrorBatchNoFoundEnoughQuantityForProductInWarehouse=No enough quantity for this lot/serial for product "%s" in warehouse "%s".
 ErrorOnlyOneFieldForGroupByIsPossible=Only 1 field for the 'Group by' is possible (others are discarded)
@@ -281,11 +282,11 @@ ErrorIsNotADraft=%s is not a draft
 ErrorExecIdFailed=Can't execute command "id"
 ErrorBadCharIntoLoginName=Unauthorized character in the login name
 ErrorRequestTooLarge=Error, request too large
-ErrorNotApproverForHoliday=You are not the approver for leave %s 
+ErrorNotApproverForHoliday=You are not the approver for leave %s
 ErrorAttributeIsUsedIntoProduct=This attribute is used in one or more product variants
 ErrorAttributeValueIsUsedIntoProduct=This attribute value is used in one or more product variants
 ErrorPaymentInBothCurrency=Error, all amounts must be entered in the same column
-ErrorYouTryToPayInvoicesInACurrencyFromBankWithAnotherCurrency=You try to pay invoices in the currency %s from an account with the currency %s 
+ErrorYouTryToPayInvoicesInACurrencyFromBankWithAnotherCurrency=You try to pay invoices in the currency %s from an account with the currency %s
 ErrorInvoiceLoadThirdParty=Can't load third-party object for invoice "%s"
 ErrorInvoiceLoadThirdPartyKey=Third-party key "%s" no set for invoice "%s"
 ErrorDeleteLineNotAllowedByObjectStatus=Delete line is not allowed by current object status
@@ -294,9 +295,9 @@ ErrorThirpdartyOrMemberidIsMandatory=Third party or Member of partnership is man
 ErrorFailedToWriteInTempDirectory=Failed to write in temp directory
 ErrorQuantityIsLimitedTo=Quantity is limited to %s
 ErrorFailedToLoadThirdParty=Failed to find/load thirdparty from id=%s, email=%s, name=%s
-ErrorThisPaymentModeIsNotSepa=This payment mode is not a bank account 
+ErrorThisPaymentModeIsNotSepa=This payment mode is not a bank account
 ErrorStripeCustomerNotFoundCreateFirst=Stripe customer is not set for this thirdparty (or set to a value deleted on Stripe side). Create (or re-attach) it first.
-ErrorCharPlusNotSupportedByImapForSearch=IMAP search is not able to search into sender or recipient for a string containing the character + 
+ErrorCharPlusNotSupportedByImapForSearch=IMAP search is not able to search into sender or recipient for a string containing the character +
 ErrorTableNotFound=Table <b>%s</b> not found
 ErrorValueForTooLow=Value for <b>%s</b> is too low
 ErrorValueCantBeNull=Value for <b>%s</b> can't be null

htdocs/langs/fr_FR/main.lang

@@ -45,6 +45,7 @@ NoError=Aucune erreur
 Error=Erreur
 Errors=Erreurs
 ErrorFieldRequired=Le champ '%s' est obligatoire
+AlreadyTooMuchPostOnThisIPAdress=Vous avez déjà posté trop de messages depuis cette adresse IP.
 ErrorFieldFormat=Le champ '%s' a une valeur incorrecte
 ErrorFileDoesNotExists=Le fichier %s n'existe pas
 ErrorFailedToOpenFile=Impossible d'ouvrir le fichier %s

htdocs/partnership/class/partnership.class.php

@@ -22,6 +22,8 @@
  * \brief       This file is a CRUD class file for Partnership (Create/Read/Update/Delete)
  */
 
+use Illuminate\Support\Arr;
+
 // Put here all includes required by your class file
 require_once DOL_DOCUMENT_ROOT.'/core/class/commonobject.class.php';
 //require_once DOL_DOCUMENT_ROOT . '/societe/class/societe.class.php';
@@ -124,6 +126,7 @@ class Partnership extends CommonObject
 		'last_check_backlink' => array('type'=>'datetime', 'label'=>'LastCheckBacklink', 'enabled'=>'1', 'position'=>72, 'notnull'=>0, 'visible'=>-2,),
 		'reason_decline_or_cancel' => array('type'=>'text', 'label'=>'ReasonDeclineOrCancel', 'enabled'=>'1', 'position'=>73, 'notnull'=>0, 'visible'=>-2,),
 		'fk_soc' => array('type'=>'integer:Societe:societe/class/societe.class.php:1:status=1 AND entity IN (__SHARED_ENTITIES__)', 'label'=>'ThirdParty', 'picto'=>'company', 'enabled'=>'1', 'position'=>50, 'notnull'=>-1, 'visible'=>1, 'index'=>1, 'css'=>'maxwidth500', 'csslist'=>'tdoverflowmax150',),
+		'ip' => array('type'=>'varchar(250)', 'label'=>'Ip', 'enabled'=>'1', 'position'=>74, 'notnull'=>0, 'visible'=>-2,),
 	);
 	public $rowid;
 	public $ref;

htdocs/public/partnership/new.php

@@ -223,7 +223,27 @@ if (empty($reshook) && $action == 'add') {
 		$partnership->fk_user_creat          = 0;
 		$partnership->fk_type                = GETPOST('partnershiptype', 'int');
 		//$partnership->typeid               = $conf->global->PARTNERSHIP_NEWFORM_FORCETYPE ? $conf->global->PARTNERSHIP_NEWFORM_FORCETYPE : GETPOST('typeid', 'int');
+		$partnership->ip = getUserRemoteIP();
 
+		$nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000);
+
+		// Calculate nb of post for IP
+		$nb_post_ip = 0;
+		if ($nb_post_max > 0) {	// Calculate only if there is a limit to check
+			$sql = "SELECT COUNT(ref) as nb_partnerships";
+			$sql .= " FROM ".MAIN_DB_PREFIX."partnership";
+			$sql .= " WHERE ip = '".$db->escape($partnership->ip)."'";
+			$resql = $db->query($sql);
+			if ($resql) {
+				$num = $db->num_rows($resql);
+				$i = 0;
+				while ($i < $num) {
+					$i++;
+					$obj = $db->fetch_object($resql);
+					$nb_post_ip = $obj->nb_partnerships;
+				}
+			}
+		}
 		// test if societe already exist
 		$company = new Societe($db);
 		$result = $company->fetch(0, GETPOST('societe'));
@@ -290,6 +310,11 @@ if (empty($reshook) && $action == 'add') {
 			$error++;
 		}
 
+		if ($nb_post_max > 0 && $nb_post_ip >= $nb_post_max) {
+			$error++;
+			$errmsg = $langs->trans("AlreadyTooMuchPostOnThisIPAdress");
+			array_push($partnership->errors, $langs->trans("AlreadyTooMuchPostOnThisIPAdress"));
+		}
 		if (!$error) {
 			$result = $partnership->create($user);
 			if ($result > 0) {
@@ -464,6 +489,8 @@ if (empty($reshook) && $action == 'add') {
 				$error++;
 				$errmsg .= join('<br>', $partnership->errors);
 			}
+		} else {
+			setEventMessage($errmsg, 'errors');
 		}
 	}