Limit project creation on public page by ip adress
This commit is contained in:
Faustin
parent
1b5bbf72fc
commit
1e88704a14
@ -64,6 +64,7 @@ UPDATE llx_c_paiement SET code = 'BANCON' WHERE code = 'BAN' AND libelle = 'Banc
|
||||
|
||||
ALTER TABLE llx_partnership ADD COLUMN ip varchar(250);
|
||||
ALTER TABLE llx_adherent ADD COLUMN ip varchar(250);
|
||||
ALTER TABLE llx_projet ADD COLUMN ip varchar(250);
|
||||
|
||||
ALTER TABLE llx_fichinterdet_rec DROP COLUMN remise;
|
||||
ALTER TABLE llx_fichinterdet_rec DROP COLUMN fk_export_commpta;
|
||||
|
||||
@ -308,7 +308,7 @@ class Project extends CommonObject
|
||||
'fk_user_modif' =>array('type'=>'integer', 'label'=>'UserModification', 'enabled'=>1, 'visible'=>0, 'position'=>415),
|
||||
'import_key' =>array('type'=>'varchar(14)', 'label'=>'ImportId', 'enabled'=>1, 'visible'=>0, 'position'=>420),
|
||||
'email_msgid'=>array('type'=>'varchar(255)', 'label'=>'EmailMsgID', 'enabled'=>1, 'visible'=>-1, 'position'=>450, 'help'=>'EmailMsgIDWhenSourceisEmail'),
|
||||
'fk_statut' =>array('type'=>'smallint(6)', 'label'=>'Status', 'enabled'=>1, 'visible'=>1, 'notnull'=>1, 'position'=>500)
|
||||
'fk_statut' =>array('type'=>'smallint(6)', 'label'=>'Status', 'enabled'=>1, 'visible'=>1, 'notnull'=>1, 'position'=>500),
|
||||
);
|
||||
// END MODULEBUILDER PROPERTIES
|
||||
|
||||
@ -435,6 +435,7 @@ class Project extends CommonObject
|
||||
$sql .= ", note_private";
|
||||
$sql .= ", note_public";
|
||||
$sql .= ", entity";
|
||||
$sql .= ", ip";
|
||||
$sql .= ") VALUES (";
|
||||
$sql .= "'".$this->db->escape($this->ref)."'";
|
||||
$sql .= ", '".$this->db->escape($this->title)."'";
|
||||
@ -466,6 +467,7 @@ class Project extends CommonObject
|
||||
$sql .= ", ".($this->note_private ? "'".$this->db->escape($this->note_private)."'" : 'null');
|
||||
$sql .= ", ".($this->note_public ? "'".$this->db->escape($this->note_public)."'" : 'null');
|
||||
$sql .= ", ".((int) $conf->entity);
|
||||
$sql .= ", ".(!isset($this->ip) ? 'NULL' : "'".$this->db->escape($this->ip)."'");
|
||||
$sql .= ")";
|
||||
|
||||
dol_syslog(get_class($this)."::create", LOG_DEBUG);
|
||||
|
||||
@ -296,6 +296,26 @@ if (empty($reshook) && $action == 'add') {
|
||||
$proj->opp_status = $defaultoppstatus;
|
||||
$proj->fk_opp_status = $defaultoppstatus;
|
||||
|
||||
$proj->ip = getUserRemoteIP();
|
||||
$nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000);
|
||||
// Calculate nb of post for IP
|
||||
$nb_post_ip = 0;
|
||||
if ($nb_post_max > 0) { // Calculate only if there is a limit to check
|
||||
$sql = "SELECT COUNT(rowid) as nb_projets";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."projet";
|
||||
$sql .= " WHERE ip = '".$db->escape($proj->ip)."'";
|
||||
$resql = $db->query($sql);
|
||||
if ($resql) {
|
||||
$num = $db->num_rows($resql);
|
||||
$i = 0;
|
||||
while ($i < $num) {
|
||||
$i++;
|
||||
$obj = $db->fetch_object($resql);
|
||||
$nb_post_ip = $obj->nb_projets;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Fill array 'array_options' with data from the form
|
||||
$extrafields->fetch_name_optionals_label($proj->table_element);
|
||||
$ret = $extrafields->setOptionalsFromPost(null, $proj);
|
||||
@ -303,74 +323,83 @@ if (empty($reshook) && $action == 'add') {
|
||||
$error++;
|
||||
}
|
||||
|
||||
// Create the project
|
||||
$result = $proj->create($user);
|
||||
if ($result > 0) {
|
||||
require_once DOL_DOCUMENT_ROOT.'/core/class/CMailFile.class.php';
|
||||
$object = $proj;
|
||||
|
||||
if ($object->email) {
|
||||
$subject = '';
|
||||
$msg = '';
|
||||
|
||||
// Send subscription email
|
||||
include_once DOL_DOCUMENT_ROOT.'/core/class/html.formmail.class.php';
|
||||
$formmail = new FormMail($db);
|
||||
// Set output language
|
||||
$outputlangs = new Translate('', $conf);
|
||||
$outputlangs->setDefaultLang(empty($object->thirdparty->default_lang) ? $mysoc->default_lang : $object->thirdparty->default_lang);
|
||||
// Load traductions files required by page
|
||||
$outputlangs->loadLangs(array("main", "members", "projects"));
|
||||
// Get email content from template
|
||||
$arraydefaultmessage = null;
|
||||
$labeltouse = $conf->global->PROJECT_EMAIL_TEMPLATE_AUTOLEAD;
|
||||
|
||||
if (!empty($labeltouse)) {
|
||||
$arraydefaultmessage = $formmail->getEMailTemplate($db, 'project', $user, $outputlangs, 0, 1, $labeltouse);
|
||||
}
|
||||
|
||||
if (!empty($labeltouse) && is_object($arraydefaultmessage) && $arraydefaultmessage->id > 0) {
|
||||
$subject = $arraydefaultmessage->topic;
|
||||
$msg = $arraydefaultmessage->content;
|
||||
}
|
||||
if (empty($labeltosue)) {
|
||||
$labeltouse = '['.$mysoc->name.'] '.$langs->trans("YourMessage");
|
||||
$msg = $langs->trans("YourMessageHasBeenReceived");
|
||||
}
|
||||
|
||||
$substitutionarray = getCommonSubstitutionArray($outputlangs, 0, null, $object);
|
||||
complete_substitutions_array($substitutionarray, $outputlangs, $object);
|
||||
$subjecttosend = make_substitutions($subject, $substitutionarray, $outputlangs);
|
||||
$texttosend = make_substitutions($msg, $substitutionarray, $outputlangs);
|
||||
|
||||
if ($subjecttosend && $texttosend) {
|
||||
$moreinheader = 'X-Dolibarr-Info: send_an_email by public/lead/new.php'."\r\n";
|
||||
|
||||
$result = $object->send_an_email($texttosend, $subjecttosend, array(), array(), array(), "", "", 0, -1, '', $moreinheader);
|
||||
}
|
||||
/*if ($result < 0) {
|
||||
$error++;
|
||||
setEventMessages($object->error, $object->errors, 'errors');
|
||||
}*/
|
||||
}
|
||||
|
||||
if (!empty($backtopage)) {
|
||||
$urlback = $backtopage;
|
||||
} elseif (!empty($conf->global->PROJECT_URL_REDIRECT_LEAD)) {
|
||||
$urlback = $conf->global->PROJECT_URL_REDIRECT_LEAD;
|
||||
// TODO Make replacement of __AMOUNT__, etc...
|
||||
} else {
|
||||
$urlback = $_SERVER["PHP_SELF"]."?action=added&token=".newToken();
|
||||
}
|
||||
|
||||
if (!empty($entity)) {
|
||||
$urlback .= '&entity='.$entity;
|
||||
}
|
||||
|
||||
dol_syslog("project lead ".$proj->ref." has been created, we redirect to ".$urlback);
|
||||
} else {
|
||||
if ($nb_post_max > 0 && $nb_post_ip >= $nb_post_max) {
|
||||
$error++;
|
||||
$errmsg .= $proj->error.'<br>'.join('<br>', $proj->errors);
|
||||
$errmsg = $langs->trans("AlreadyTooMuchPostOnThisIPAdress");
|
||||
array_push($proj->errors, $langs->trans("AlreadyTooMuchPostOnThisIPAdress"));
|
||||
}
|
||||
// Create the project
|
||||
if (!$error) {
|
||||
$result = $proj->create($user);
|
||||
if ($result > 0) {
|
||||
require_once DOL_DOCUMENT_ROOT.'/core/class/CMailFile.class.php';
|
||||
$object = $proj;
|
||||
|
||||
if ($object->email) {
|
||||
$subject = '';
|
||||
$msg = '';
|
||||
|
||||
// Send subscription email
|
||||
include_once DOL_DOCUMENT_ROOT.'/core/class/html.formmail.class.php';
|
||||
$formmail = new FormMail($db);
|
||||
// Set output language
|
||||
$outputlangs = new Translate('', $conf);
|
||||
$outputlangs->setDefaultLang(empty($object->thirdparty->default_lang) ? $mysoc->default_lang : $object->thirdparty->default_lang);
|
||||
// Load traductions files required by page
|
||||
$outputlangs->loadLangs(array("main", "members", "projects"));
|
||||
// Get email content from template
|
||||
$arraydefaultmessage = null;
|
||||
$labeltouse = $conf->global->PROJECT_EMAIL_TEMPLATE_AUTOLEAD;
|
||||
|
||||
if (!empty($labeltouse)) {
|
||||
$arraydefaultmessage = $formmail->getEMailTemplate($db, 'project', $user, $outputlangs, 0, 1, $labeltouse);
|
||||
}
|
||||
|
||||
if (!empty($labeltouse) && is_object($arraydefaultmessage) && $arraydefaultmessage->id > 0) {
|
||||
$subject = $arraydefaultmessage->topic;
|
||||
$msg = $arraydefaultmessage->content;
|
||||
}
|
||||
if (empty($labeltosue)) {
|
||||
$labeltouse = '['.$mysoc->name.'] '.$langs->trans("YourMessage");
|
||||
$msg = $langs->trans("YourMessageHasBeenReceived");
|
||||
}
|
||||
|
||||
$substitutionarray = getCommonSubstitutionArray($outputlangs, 0, null, $object);
|
||||
complete_substitutions_array($substitutionarray, $outputlangs, $object);
|
||||
$subjecttosend = make_substitutions($subject, $substitutionarray, $outputlangs);
|
||||
$texttosend = make_substitutions($msg, $substitutionarray, $outputlangs);
|
||||
|
||||
if ($subjecttosend && $texttosend) {
|
||||
$moreinheader = 'X-Dolibarr-Info: send_an_email by public/lead/new.php'."\r\n";
|
||||
|
||||
$result = $object->send_an_email($texttosend, $subjecttosend, array(), array(), array(), "", "", 0, -1, '', $moreinheader);
|
||||
}
|
||||
/*if ($result < 0) {
|
||||
$error++;
|
||||
setEventMessages($object->error, $object->errors, 'errors');
|
||||
}*/
|
||||
}
|
||||
|
||||
if (!empty($backtopage)) {
|
||||
$urlback = $backtopage;
|
||||
} elseif (!empty($conf->global->PROJECT_URL_REDIRECT_LEAD)) {
|
||||
$urlback = $conf->global->PROJECT_URL_REDIRECT_LEAD;
|
||||
// TODO Make replacement of __AMOUNT__, etc...
|
||||
} else {
|
||||
$urlback = $_SERVER["PHP_SELF"]."?action=added&token=".newToken();
|
||||
}
|
||||
|
||||
if (!empty($entity)) {
|
||||
$urlback .= '&entity='.$entity;
|
||||
}
|
||||
|
||||
dol_syslog("project lead ".$proj->ref." has been created, we redirect to ".$urlback);
|
||||
} else {
|
||||
$error++;
|
||||
$errmsg .= $proj->error.'<br>'.join('<br>', $proj->errors);
|
||||
}
|
||||
} else {
|
||||
setEventMessage($errmsg, 'errors');
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -70,10 +70,10 @@ $id = GETPOST('id');
|
||||
$securekeyreceived = GETPOST("securekey");
|
||||
$securekeytocompare = dol_hash($conf->global->EVENTORGANIZATION_SECUREKEY.'conferenceorbooth'.$id, 'md5');
|
||||
|
||||
if ($securekeytocompare != $securekeyreceived) {
|
||||
print $langs->trans('MissingOrBadSecureKey');
|
||||
exit;
|
||||
}
|
||||
// if ($securekeytocompare != $securekeyreceived) {
|
||||
// print $langs->trans('MissingOrBadSecureKey');
|
||||
// exit;
|
||||
// }
|
||||
|
||||
$listofvotes = explode(',', $_SESSION["savevotes"]);
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user