diff --git a/htdocs/adherents/class/adherent.class.php b/htdocs/adherents/class/adherent.class.php
index 491899a3370..d3eae385ee0 100644
--- a/htdocs/adherents/class/adherent.class.php
+++ b/htdocs/adherents/class/adherent.class.php
@@ -605,7 +605,7 @@ class Adherent extends CommonObject
// Insert member
$sql = "INSERT INTO ".MAIN_DB_PREFIX."adherent";
- $sql .= " (ref, datec,login,fk_user_author,fk_user_mod,fk_user_valid,morphy,fk_adherent_type,entity,import_key)";
+ $sql .= " (ref, datec,login,fk_user_author,fk_user_mod,fk_user_valid,morphy,fk_adherent_type,entity,import_key, ip)";
$sql .= " VALUES (";
$sql .= " '(PROV)'";
$sql .= ", '".$this->db->idate($this->datec)."'";
@@ -615,6 +615,7 @@ class Adherent extends CommonObject
$sql .= ", ".((int) $this->typeid);
$sql .= ", ".$conf->entity;
$sql .= ", ".(!empty($this->import_key) ? "'".$this->db->escape($this->import_key)."'" : "null");
+ $sql .= ", ".(!empty($this->ip) ? "'".$this->db->escape($this->ip)."'" : "null");
$sql .= ")";
dol_syslog(get_class($this)."::create", LOG_DEBUG);
diff --git a/htdocs/comm/action/class/actioncomm.class.php b/htdocs/comm/action/class/actioncomm.class.php
index 3b4af2c3c8e..d3d90067bf3 100644
--- a/htdocs/comm/action/class/actioncomm.class.php
+++ b/htdocs/comm/action/class/actioncomm.class.php
@@ -555,7 +555,8 @@ class ActionComm extends CommonObject
$sql .= "recurdateend,";
$sql .= "num_vote,";
$sql .= "event_paid,";
- $sql .= "status";
+ $sql .= "status,";
+ $sql .= "ip";
$sql .= ") VALUES (";
$sql .= "'(PROV)', ";
$sql .= "'".$this->db->idate($now)."', ";
@@ -596,7 +597,8 @@ class ActionComm extends CommonObject
$sql .= (!empty($this->recurdateend) ? "'".$this->db->idate($this->recurdateend)."'" : "null").", ";
$sql .= (!empty($this->num_vote) ? (int) $this->num_vote : "null").", ";
$sql .= (!empty($this->event_paid) ? (int) $this->event_paid : 0).", ";
- $sql .= (!empty($this->status) ? (int) $this->status : "0");
+ $sql .= (!empty($this->status) ? (int) $this->status : "0").", ";
+ $sql .= (!empty($this->ip) ? "'".$this->db->escape($this->ip)."'" : "null");
$sql .= ")";
dol_syslog(get_class($this)."::add", LOG_DEBUG);
diff --git a/htdocs/eventorganization/class/conferenceorboothattendee.class.php b/htdocs/eventorganization/class/conferenceorboothattendee.class.php
index 909758ca3f2..595eaf67eeb 100644
--- a/htdocs/eventorganization/class/conferenceorboothattendee.class.php
+++ b/htdocs/eventorganization/class/conferenceorboothattendee.class.php
@@ -123,6 +123,7 @@ class ConferenceOrBoothAttendee extends CommonObject
'import_key' => array('type'=>'varchar(14)', 'label'=>'ImportId', 'enabled'=>'1', 'position'=>1000, 'notnull'=>-1, 'visible'=>-2,),
'model_pdf' => array('type'=>'varchar(255)', 'label'=>'Model pdf', 'enabled'=>'1', 'position'=>1010, 'notnull'=>-1, 'visible'=>0,),
'status' => array('type'=>'smallint', 'label'=>'Status', 'enabled'=>'1', 'position'=>1000, 'default'=>0, 'notnull'=>1, 'visible'=>1, 'index'=>1, 'arrayofkeyval'=>array('0'=>'Draft', '1'=>'Validated', '9'=>'Canceled'),),
+ 'ip' => array('type'=>'varchar(250)', 'label'=>'Ip', 'enabled'=>'1', 'position'=>1000, 'notnull'=>-1, 'visible'=>-2,),
);
public $rowid;
public $ref;
diff --git a/htdocs/install/mysql/migration/16.0.0-17.0.0.sql b/htdocs/install/mysql/migration/16.0.0-17.0.0.sql
index 8432bf252c3..e9de9336a1c 100644
--- a/htdocs/install/mysql/migration/16.0.0-17.0.0.sql
+++ b/htdocs/install/mysql/migration/16.0.0-17.0.0.sql
@@ -66,6 +66,11 @@ UPDATE llx_c_paiement SET code = 'BANCON' WHERE code = 'BAN' AND libelle = 'Banc
ALTER TABLE llx_partnership ADD COLUMN ip varchar(250);
ALTER TABLE llx_adherent ADD COLUMN ip varchar(250);
+ALTER TABLE llx_projet ADD COLUMN ip varchar(250);
+ALTER TABLE llx_actioncomm ADD COLUMN ip varchar(250);
+ALTER TABLE llx_eventorganization_conferenceorboothattendee ADD COLUMN ip varchar(250);
+ALTER TABLE llx_opensurvey_user_studs ADD COLUMN ip varchar(250);
+ALTER TABLE llx_opensurvey_comments ADD COLUMN ip varchar(250);
ALTER TABLE llx_fichinterdet_rec DROP COLUMN remise;
ALTER TABLE llx_fichinterdet_rec DROP COLUMN fk_export_commpta;
diff --git a/htdocs/langs/en_US/errors.lang b/htdocs/langs/en_US/errors.lang
index 1625f580305..7bcecfa4999 100644
--- a/htdocs/langs/en_US/errors.lang
+++ b/htdocs/langs/en_US/errors.lang
@@ -97,7 +97,7 @@ ErrorWrongValueForField=Field %s: '%s' does not match regex rule <
ErrorHtmlInjectionForField=Field %s: The value '%s' contains a malicious data not allowed
ErrorFieldValueNotIn=Field %s: '%s' is not a value found in field %s of %s
ErrorFieldRefNotIn=Field %s: '%s' is not a %s existing ref
-ErrorMultipleRecordFoundFromRef=Several record found when searching from ref %s. No way to know which ID to use.
+ErrorMultipleRecordFoundFromRef=Several record found when searching from ref %s. No way to know which ID to use.
ErrorsOnXLines=%s errors found
ErrorFileIsInfectedWithAVirus=The antivirus program was not able to validate the file (file might be infected by a virus)
ErrorNumRefModel=A reference exists into database (%s) and is not compatible with this numbering rule. Remove record or renamed reference to activate this module.
@@ -244,11 +244,12 @@ ErrorObjectMustHaveStatusActiveToBeDisabled=Objects must have status 'Active' to
ErrorObjectMustHaveStatusDraftOrDisabledToBeActivated=Objects must have status 'Draft' or 'Disabled' to be enabled
ErrorNoFieldWithAttributeShowoncombobox=No fields has property 'showoncombobox' into definition of object '%s'. No way to show the combolist.
ErrorFieldRequiredForProduct=Field '%s' is required for product %s
+AlreadyTooMuchPostOnThisIPAdress=You have already posted too much on this IP address.
ProblemIsInSetupOfTerminal=Problem is in setup of terminal %s.
ErrorAddAtLeastOneLineFirst=Add at least one line first
ErrorRecordAlreadyInAccountingDeletionNotPossible=Error, record is already transferred in accounting, deletion is not possible.
ErrorLanguageMandatoryIfPageSetAsTranslationOfAnother=Error, language is mandatory if you set the page as a translation of another one.
-ErrorLanguageOfTranslatedPageIsSameThanThisPage=Error, language of translated page is same than this one.
+ErrorLanguageOfTranslatedPageIsSameThanThisPage=Error, language of translated page is same than this one.
ErrorBatchNoFoundForProductInWarehouse=No lot/serial found for product "%s" in warehouse "%s".
ErrorBatchNoFoundEnoughQuantityForProductInWarehouse=No enough quantity for this lot/serial for product "%s" in warehouse "%s".
ErrorOnlyOneFieldForGroupByIsPossible=Only 1 field for the 'Group by' is possible (others are discarded)
@@ -281,11 +282,11 @@ ErrorIsNotADraft=%s is not a draft
ErrorExecIdFailed=Can't execute command "id"
ErrorBadCharIntoLoginName=Unauthorized character in the login name
ErrorRequestTooLarge=Error, request too large
-ErrorNotApproverForHoliday=You are not the approver for leave %s
+ErrorNotApproverForHoliday=You are not the approver for leave %s
ErrorAttributeIsUsedIntoProduct=This attribute is used in one or more product variants
ErrorAttributeValueIsUsedIntoProduct=This attribute value is used in one or more product variants
ErrorPaymentInBothCurrency=Error, all amounts must be entered in the same column
-ErrorYouTryToPayInvoicesInACurrencyFromBankWithAnotherCurrency=You try to pay invoices in the currency %s from an account with the currency %s
+ErrorYouTryToPayInvoicesInACurrencyFromBankWithAnotherCurrency=You try to pay invoices in the currency %s from an account with the currency %s
ErrorInvoiceLoadThirdParty=Can't load third-party object for invoice "%s"
ErrorInvoiceLoadThirdPartyKey=Third-party key "%s" no set for invoice "%s"
ErrorDeleteLineNotAllowedByObjectStatus=Delete line is not allowed by current object status
@@ -294,9 +295,9 @@ ErrorThirpdartyOrMemberidIsMandatory=Third party or Member of partnership is man
ErrorFailedToWriteInTempDirectory=Failed to write in temp directory
ErrorQuantityIsLimitedTo=Quantity is limited to %s
ErrorFailedToLoadThirdParty=Failed to find/load thirdparty from id=%s, email=%s, name=%s
-ErrorThisPaymentModeIsNotSepa=This payment mode is not a bank account
+ErrorThisPaymentModeIsNotSepa=This payment mode is not a bank account
ErrorStripeCustomerNotFoundCreateFirst=Stripe customer is not set for this thirdparty (or set to a value deleted on Stripe side). Create (or re-attach) it first.
-ErrorCharPlusNotSupportedByImapForSearch=IMAP search is not able to search into sender or recipient for a string containing the character +
+ErrorCharPlusNotSupportedByImapForSearch=IMAP search is not able to search into sender or recipient for a string containing the character +
ErrorTableNotFound=Table %s not found
ErrorValueForTooLow=Value for %s is too low
ErrorValueCantBeNull=Value for %s can't be null
diff --git a/htdocs/langs/fr_FR/main.lang b/htdocs/langs/fr_FR/main.lang
index eb787cb279d..37bd9224798 100644
--- a/htdocs/langs/fr_FR/main.lang
+++ b/htdocs/langs/fr_FR/main.lang
@@ -45,6 +45,7 @@ NoError=Aucune erreur
Error=Erreur
Errors=Erreurs
ErrorFieldRequired=Le champ '%s' est obligatoire
+AlreadyTooMuchPostOnThisIPAdress=Vous avez déjà posté trop de messages depuis cette adresse IP.
ErrorFieldFormat=Le champ '%s' a une valeur incorrecte
ErrorFileDoesNotExists=Le fichier %s n'existe pas
ErrorFailedToOpenFile=Impossible d'ouvrir le fichier %s
diff --git a/htdocs/opensurvey/class/opensurveysondage.class.php b/htdocs/opensurvey/class/opensurveysondage.class.php
index cae73d0c2b2..b7fadbdb60d 100644
--- a/htdocs/opensurvey/class/opensurveysondage.class.php
+++ b/htdocs/opensurvey/class/opensurveysondage.class.php
@@ -571,12 +571,13 @@ class Opensurveysondage extends CommonObject
*
* @param string $comment Comment content
* @param string $comment_user Comment author
+ * @param string $user_ip Comment author IP
* @return boolean False in case of the query fails, true if it was successful
*/
- public function addComment($comment, $comment_user)
+ public function addComment($comment, $comment_user, $user_ip = '')
{
- $sql = "INSERT INTO ".MAIN_DB_PREFIX."opensurvey_comments (id_sondage, comment, usercomment)";
- $sql .= " VALUES ('".$this->db->escape($this->id_sondage)."','".$this->db->escape($comment)."','".$this->db->escape($comment_user)."')";
+ $sql = "INSERT INTO ".MAIN_DB_PREFIX."opensurvey_comments (id_sondage, comment, usercomment, ip)";
+ $sql .= " VALUES ('".$this->db->escape($this->id_sondage)."','".$this->db->escape($comment)."','".$this->db->escape($comment_user)."'".($user_ip ? ",'".$this->db->escape($user_ip)."'" : '').")";
$resql = $this->db->query($sql);
if (!$resql) {
diff --git a/htdocs/partnership/class/partnership.class.php b/htdocs/partnership/class/partnership.class.php
index 4838c80f92d..93897771019 100644
--- a/htdocs/partnership/class/partnership.class.php
+++ b/htdocs/partnership/class/partnership.class.php
@@ -22,6 +22,8 @@
* \brief This file is a CRUD class file for Partnership (Create/Read/Update/Delete)
*/
+use Illuminate\Support\Arr;
+
// Put here all includes required by your class file
require_once DOL_DOCUMENT_ROOT.'/core/class/commonobject.class.php';
//require_once DOL_DOCUMENT_ROOT . '/societe/class/societe.class.php';
@@ -124,6 +126,7 @@ class Partnership extends CommonObject
'last_check_backlink' => array('type'=>'datetime', 'label'=>'LastCheckBacklink', 'enabled'=>'1', 'position'=>72, 'notnull'=>0, 'visible'=>-2,),
'reason_decline_or_cancel' => array('type'=>'text', 'label'=>'ReasonDeclineOrCancel', 'enabled'=>'1', 'position'=>73, 'notnull'=>0, 'visible'=>-2,),
'fk_soc' => array('type'=>'integer:Societe:societe/class/societe.class.php:1:status=1 AND entity IN (__SHARED_ENTITIES__)', 'label'=>'ThirdParty', 'picto'=>'company', 'enabled'=>'1', 'position'=>50, 'notnull'=>-1, 'visible'=>1, 'index'=>1, 'css'=>'maxwidth500', 'csslist'=>'tdoverflowmax150',),
+ 'ip' => array('type'=>'varchar(250)', 'label'=>'Ip', 'enabled'=>'1', 'position'=>74, 'notnull'=>0, 'visible'=>-2,),
);
public $rowid;
public $ref;
diff --git a/htdocs/projet/class/project.class.php b/htdocs/projet/class/project.class.php
index e3865663bf7..0e15b26b114 100644
--- a/htdocs/projet/class/project.class.php
+++ b/htdocs/projet/class/project.class.php
@@ -308,7 +308,7 @@ class Project extends CommonObject
'fk_user_modif' =>array('type'=>'integer', 'label'=>'UserModification', 'enabled'=>1, 'visible'=>0, 'position'=>415),
'import_key' =>array('type'=>'varchar(14)', 'label'=>'ImportId', 'enabled'=>1, 'visible'=>0, 'position'=>420),
'email_msgid'=>array('type'=>'varchar(255)', 'label'=>'EmailMsgID', 'enabled'=>1, 'visible'=>-1, 'position'=>450, 'help'=>'EmailMsgIDWhenSourceisEmail'),
- 'fk_statut' =>array('type'=>'smallint(6)', 'label'=>'Status', 'enabled'=>1, 'visible'=>1, 'notnull'=>1, 'position'=>500)
+ 'fk_statut' =>array('type'=>'smallint(6)', 'label'=>'Status', 'enabled'=>1, 'visible'=>1, 'notnull'=>1, 'position'=>500),
);
// END MODULEBUILDER PROPERTIES
@@ -435,6 +435,7 @@ class Project extends CommonObject
$sql .= ", note_private";
$sql .= ", note_public";
$sql .= ", entity";
+ $sql .= ", ip";
$sql .= ") VALUES (";
$sql .= "'".$this->db->escape($this->ref)."'";
$sql .= ", '".$this->db->escape($this->title)."'";
@@ -466,6 +467,7 @@ class Project extends CommonObject
$sql .= ", ".($this->note_private ? "'".$this->db->escape($this->note_private)."'" : 'null');
$sql .= ", ".($this->note_public ? "'".$this->db->escape($this->note_public)."'" : 'null');
$sql .= ", ".((int) $conf->entity);
+ $sql .= ", ".(!isset($this->ip) ? 'NULL' : "'".$this->db->escape($this->ip)."'");
$sql .= ")";
dol_syslog(get_class($this)."::create", LOG_DEBUG);
diff --git a/htdocs/public/eventorganization/attendee_new.php b/htdocs/public/eventorganization/attendee_new.php
index b4f6ee14217..21901753692 100644
--- a/htdocs/public/eventorganization/attendee_new.php
+++ b/htdocs/public/eventorganization/attendee_new.php
@@ -229,7 +229,7 @@ if ($reshook < 0) {
}
// Action called when page is submitted
-if (empty($reshook) && $action == 'add' && (!empty($conference->id) && $conference->status!=2 || !empty($project->id) && $project->status == Project::STATUS_VALIDATED)) {
+if (empty($reshook) && $action == 'add' && (!empty($conference->id) && $conference->status==2 || !empty($project->id) && $project->status == Project::STATUS_VALIDATED)) {
$error = 0;
$urlback = '';
@@ -259,10 +259,12 @@ if (empty($reshook) && $action == 'add' && (!empty($conference->id) && $conferen
// Check if attendee already exists (by email and for this event)
$confattendee = new ConferenceOrBoothAttendee($db);
+ $filter = array();
+
if ($type == 'global') {
$filter = array('t.fk_project'=>((int) $id), 'customsql'=>'t.email="'.$db->escape($email).'"');
}
- if ($action == 'conf') {
+ if ($type == 'conf') {
$filter = array('t.fk_actioncomm'=>((int) $id), 'customsql'=>'t.email="'.$db->escape($email).'"');
}
@@ -281,7 +283,37 @@ if (empty($reshook) && $action == 'add' && (!empty($conference->id) && $conferen
$confattendee->fk_actioncomm = $id;
$confattendee->note_public = $note_public;
- $resultconfattendee = $confattendee->create($user);
+ $confattendee->ip = getUserRemoteIP();
+ $nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000);
+
+ // Calculate nb of post for IP
+ $nb_post_ip = 0;
+ if ($nb_post_max > 0) { // Calculate only if there is a limit to check
+ $sql = "SELECT COUNT(ref) as nb_attendee";
+ $sql .= " FROM ".MAIN_DB_PREFIX."eventorganization_conferenceorboothattendee";
+ $sql .= " WHERE ip = '".$db->escape($confattendee->ip)."'";
+ $resql = $db->query($sql);
+ if ($resql) {
+ $num = $db->num_rows($resql);
+ $i = 0;
+ while ($i < $num) {
+ $i++;
+ $obj = $db->fetch_object($resql);
+ $nb_post_ip = $obj->nb_attendee;
+ }
+ }
+ }
+
+ $resultconforbooth = -1;
+
+ if ($nb_post_max > 0 && $nb_post_ip >= $nb_post_max) {
+ $error++;
+ $errmsg .= $langs->trans("AlreadyTooMuchPostOnThisIPAdress");
+ array_push($confattendee->errors, $langs->trans("AlreadyTooMuchPostOnThisIPAdress"));
+ setEventMessage($errmsg, 'errors');
+ } else {
+ $resultconfattendee = $confattendee->create($user);
+ }
if ($resultconfattendee < 0) {
$error++;
$errmsg .= $confattendee->error;
diff --git a/htdocs/public/members/new.php b/htdocs/public/members/new.php
index 9346988274a..2e38de0251e 100644
--- a/htdocs/public/members/new.php
+++ b/htdocs/public/members/new.php
@@ -284,12 +284,41 @@ if (empty($reshook) && $action == 'add') {
$adh->morphy = getDolGlobalString("MEMBER_NEWFORM_FORCEMORPHY", GETPOST('morphy'));
$adh->birth = $birthday;
+ $adh->ip = getUserRemoteIP();
+
+ $nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000);
+
+ // Calculate nb of post for IP
+ $nb_post_ip = 0;
+ if ($nb_post_max > 0) { // Calculate only if there is a limit to check
+ $sql = "SELECT COUNT(ref) as nb_adh";
+ $sql .= " FROM ".MAIN_DB_PREFIX."adherent";
+ $sql .= " WHERE ip = '".$db->escape($adh->ip)."'";
+ $resql = $db->query($sql);
+ if ($resql) {
+ $num = $db->num_rows($resql);
+ $i = 0;
+ while ($i < $num) {
+ $i++;
+ $obj = $db->fetch_object($resql);
+ $nb_post_ip = $obj->nb_adh;
+ }
+ }
+ }
+
// Fill array 'array_options' with data from add form
$extrafields->fetch_name_optionals_label($adh->table_element);
$ret = $extrafields->setOptionalsFromPost(null, $adh);
if ($ret < 0) {
$error++;
+ $errmsg .= $adh->error;
+ }
+
+ if ($nb_post_max > 0 && $nb_post_ip >= $nb_post_max) {
+ $error++;
+ $errmsg .= $langs->trans("AlreadyTooMuchPostOnThisIPAdress");
+ array_push($adh->errors, $langs->trans("AlreadyTooMuchPostOnThisIPAdress"));
}
if (!$error) {
diff --git a/htdocs/public/opensurvey/studs.php b/htdocs/public/opensurvey/studs.php
index f11f8aea918..900483bbbfa 100644
--- a/htdocs/public/opensurvey/studs.php
+++ b/htdocs/public/opensurvey/studs.php
@@ -97,8 +97,34 @@ if (GETPOST('ajoutcomment', 'alpha')) {
$error++;
}
+ $user_ip = getUserRemoteIP();
+ $nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000);
+
+ // Calculate nb of post for IP
+ $nb_post_ip = 0;
+ if ($nb_post_max > 0) { // Calculate only if there is a limit to check
+ $sql = "SELECT COUNT(id_comment) as nb_comments";
+ $sql .= " FROM ".MAIN_DB_PREFIX."opensurvey_comments";
+ $sql .= " WHERE ip = '".$db->escape($user_ip)."'";
+ $resql = $db->query($sql);
+ if ($resql) {
+ $num = $db->num_rows($resql);
+ $i = 0;
+ while ($i < $num) {
+ $i++;
+ $obj = $db->fetch_object($resql);
+ $nb_post_ip = $obj->nb_comments;
+ }
+ }
+ }
+
+ if ($nb_post_max > 0 && $nb_post_ip >= $nb_post_max) {
+ setEventMessages($langs->trans("AlreadyTooMuchPostOnThisIPAdress"), null, 'errors');
+ $error++;
+ }
+
if (!$error) {
- $resql = $object->addComment($comment, $comment_user);
+ $resql = $object->addComment($comment, $comment_user, $user_ip);
if (!$resql) {
dol_print_error($db);
@@ -125,6 +151,28 @@ if (GETPOST("boutonp") || GETPOST("boutonp.x") || GETPOST("boutonp_x")) { // bo
}
}
+ $user_ip = getUserRemoteIP();
+ $nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000);
+
+ // Calculate nb of post for IP
+ $nb_post_ip = 0;
+ if ($nb_post_max > 0) { // Calculate only if there is a limit to check
+ $sql = "SELECT COUNT(id_users) as nb_records";
+ $sql .= " FROM ".MAIN_DB_PREFIX."opensurvey_user_studs";
+ $sql .= " WHERE ip = '".$db->escape($user_ip)."'";
+ $resql = $db->query($sql);
+ if ($resql) {
+ $num = $db->num_rows($resql);
+ $i = 0;
+ while ($i < $num) {
+ $i++;
+ $obj = $db->fetch_object($resql);
+ $nb_post_ip = $obj->nb_records;
+ }
+ }
+ }
+
+
$nom = substr(GETPOST("nom", 'alphanohtml'), 0, 64);
// Check if vote already exists
@@ -137,12 +185,16 @@ if (GETPOST("boutonp") || GETPOST("boutonp.x") || GETPOST("boutonp_x")) { // bo
}
$num_rows = $db->num_rows($resql);
+
if ($num_rows > 0) {
setEventMessages($langs->trans("VoteNameAlreadyExists"), null, 'errors');
$error++;
+ } elseif ($nb_post_max > 0 && $nb_post_ip >= $nb_post_max) {
+ setEventMessages($langs->trans("AlreadyTooMuchPostOnThisIPAdress"), null, 'errors');
+ $error++;
} else {
- $sql = 'INSERT INTO '.MAIN_DB_PREFIX.'opensurvey_user_studs (nom, id_sondage, reponses)';
- $sql .= " VALUES ('".$db->escape($nom)."', '".$db->escape($numsondage)."','".$db->escape($nouveauchoix)."')";
+ $sql = 'INSERT INTO '.MAIN_DB_PREFIX.'opensurvey_user_studs (nom, id_sondage, reponses, ip)';
+ $sql .= " VALUES ('".$db->escape($nom)."', '".$db->escape($numsondage)."','".$db->escape($nouveauchoix)."', '".$db->escape($user_ip)."')";
$resql = $db->query($sql);
if ($resql) {
diff --git a/htdocs/public/partnership/new.php b/htdocs/public/partnership/new.php
index 5064ec68695..3420806608a 100644
--- a/htdocs/public/partnership/new.php
+++ b/htdocs/public/partnership/new.php
@@ -223,7 +223,27 @@ if (empty($reshook) && $action == 'add') {
$partnership->fk_user_creat = 0;
$partnership->fk_type = GETPOST('partnershiptype', 'int');
//$partnership->typeid = $conf->global->PARTNERSHIP_NEWFORM_FORCETYPE ? $conf->global->PARTNERSHIP_NEWFORM_FORCETYPE : GETPOST('typeid', 'int');
+ $partnership->ip = getUserRemoteIP();
+ $nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000);
+
+ // Calculate nb of post for IP
+ $nb_post_ip = 0;
+ if ($nb_post_max > 0) { // Calculate only if there is a limit to check
+ $sql = "SELECT COUNT(ref) as nb_partnerships";
+ $sql .= " FROM ".MAIN_DB_PREFIX."partnership";
+ $sql .= " WHERE ip = '".$db->escape($partnership->ip)."'";
+ $resql = $db->query($sql);
+ if ($resql) {
+ $num = $db->num_rows($resql);
+ $i = 0;
+ while ($i < $num) {
+ $i++;
+ $obj = $db->fetch_object($resql);
+ $nb_post_ip = $obj->nb_partnerships;
+ }
+ }
+ }
// test if societe already exist
$company = new Societe($db);
$result = $company->fetch(0, GETPOST('societe'));
@@ -290,6 +310,11 @@ if (empty($reshook) && $action == 'add') {
$error++;
}
+ if ($nb_post_max > 0 && $nb_post_ip >= $nb_post_max) {
+ $error++;
+ $errmsg = $langs->trans("AlreadyTooMuchPostOnThisIPAdress");
+ array_push($partnership->errors, $langs->trans("AlreadyTooMuchPostOnThisIPAdress"));
+ }
if (!$error) {
$result = $partnership->create($user);
if ($result > 0) {
@@ -464,6 +489,8 @@ if (empty($reshook) && $action == 'add') {
$error++;
$errmsg .= join('
', $partnership->errors);
}
+ } else {
+ setEventMessage($errmsg, 'errors');
}
}
diff --git a/htdocs/public/project/new.php b/htdocs/public/project/new.php
index 61bbd23ea61..46209d76a24 100644
--- a/htdocs/public/project/new.php
+++ b/htdocs/public/project/new.php
@@ -296,6 +296,26 @@ if (empty($reshook) && $action == 'add') {
$proj->opp_status = $defaultoppstatus;
$proj->fk_opp_status = $defaultoppstatus;
+ $proj->ip = getUserRemoteIP();
+ $nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000);
+ // Calculate nb of post for IP
+ $nb_post_ip = 0;
+ if ($nb_post_max > 0) { // Calculate only if there is a limit to check
+ $sql = "SELECT COUNT(rowid) as nb_projets";
+ $sql .= " FROM ".MAIN_DB_PREFIX."projet";
+ $sql .= " WHERE ip = '".$db->escape($proj->ip)."'";
+ $resql = $db->query($sql);
+ if ($resql) {
+ $num = $db->num_rows($resql);
+ $i = 0;
+ while ($i < $num) {
+ $i++;
+ $obj = $db->fetch_object($resql);
+ $nb_post_ip = $obj->nb_projets;
+ }
+ }
+ }
+
// Fill array 'array_options' with data from the form
$extrafields->fetch_name_optionals_label($proj->table_element);
$ret = $extrafields->setOptionalsFromPost(null, $proj);
@@ -303,74 +323,83 @@ if (empty($reshook) && $action == 'add') {
$error++;
}
- // Create the project
- $result = $proj->create($user);
- if ($result > 0) {
- require_once DOL_DOCUMENT_ROOT.'/core/class/CMailFile.class.php';
- $object = $proj;
-
- if ($object->email) {
- $subject = '';
- $msg = '';
-
- // Send subscription email
- include_once DOL_DOCUMENT_ROOT.'/core/class/html.formmail.class.php';
- $formmail = new FormMail($db);
- // Set output language
- $outputlangs = new Translate('', $conf);
- $outputlangs->setDefaultLang(empty($object->thirdparty->default_lang) ? $mysoc->default_lang : $object->thirdparty->default_lang);
- // Load traductions files required by page
- $outputlangs->loadLangs(array("main", "members", "projects"));
- // Get email content from template
- $arraydefaultmessage = null;
- $labeltouse = $conf->global->PROJECT_EMAIL_TEMPLATE_AUTOLEAD;
-
- if (!empty($labeltouse)) {
- $arraydefaultmessage = $formmail->getEMailTemplate($db, 'project', $user, $outputlangs, 0, 1, $labeltouse);
- }
-
- if (!empty($labeltouse) && is_object($arraydefaultmessage) && $arraydefaultmessage->id > 0) {
- $subject = $arraydefaultmessage->topic;
- $msg = $arraydefaultmessage->content;
- }
- if (empty($labeltosue)) {
- $labeltouse = '['.$mysoc->name.'] '.$langs->trans("YourMessage");
- $msg = $langs->trans("YourMessageHasBeenReceived");
- }
-
- $substitutionarray = getCommonSubstitutionArray($outputlangs, 0, null, $object);
- complete_substitutions_array($substitutionarray, $outputlangs, $object);
- $subjecttosend = make_substitutions($subject, $substitutionarray, $outputlangs);
- $texttosend = make_substitutions($msg, $substitutionarray, $outputlangs);
-
- if ($subjecttosend && $texttosend) {
- $moreinheader = 'X-Dolibarr-Info: send_an_email by public/lead/new.php'."\r\n";
-
- $result = $object->send_an_email($texttosend, $subjecttosend, array(), array(), array(), "", "", 0, -1, '', $moreinheader);
- }
- /*if ($result < 0) {
- $error++;
- setEventMessages($object->error, $object->errors, 'errors');
- }*/
- }
-
- if (!empty($backtopage)) {
- $urlback = $backtopage;
- } elseif (!empty($conf->global->PROJECT_URL_REDIRECT_LEAD)) {
- $urlback = $conf->global->PROJECT_URL_REDIRECT_LEAD;
- // TODO Make replacement of __AMOUNT__, etc...
- } else {
- $urlback = $_SERVER["PHP_SELF"]."?action=added&token=".newToken();
- }
-
- if (!empty($entity)) {
- $urlback .= '&entity='.$entity;
- }
-
- dol_syslog("project lead ".$proj->ref." has been created, we redirect to ".$urlback);
- } else {
+ if ($nb_post_max > 0 && $nb_post_ip >= $nb_post_max) {
$error++;
- $errmsg .= $proj->error.'
'.join('
', $proj->errors);
+ $errmsg = $langs->trans("AlreadyTooMuchPostOnThisIPAdress");
+ array_push($proj->errors, $langs->trans("AlreadyTooMuchPostOnThisIPAdress"));
+ }
+ // Create the project
+ if (!$error) {
+ $result = $proj->create($user);
+ if ($result > 0) {
+ require_once DOL_DOCUMENT_ROOT.'/core/class/CMailFile.class.php';
+ $object = $proj;
+
+ if ($object->email) {
+ $subject = '';
+ $msg = '';
+
+ // Send subscription email
+ include_once DOL_DOCUMENT_ROOT.'/core/class/html.formmail.class.php';
+ $formmail = new FormMail($db);
+ // Set output language
+ $outputlangs = new Translate('', $conf);
+ $outputlangs->setDefaultLang(empty($object->thirdparty->default_lang) ? $mysoc->default_lang : $object->thirdparty->default_lang);
+ // Load traductions files required by page
+ $outputlangs->loadLangs(array("main", "members", "projects"));
+ // Get email content from template
+ $arraydefaultmessage = null;
+ $labeltouse = $conf->global->PROJECT_EMAIL_TEMPLATE_AUTOLEAD;
+
+ if (!empty($labeltouse)) {
+ $arraydefaultmessage = $formmail->getEMailTemplate($db, 'project', $user, $outputlangs, 0, 1, $labeltouse);
+ }
+
+ if (!empty($labeltouse) && is_object($arraydefaultmessage) && $arraydefaultmessage->id > 0) {
+ $subject = $arraydefaultmessage->topic;
+ $msg = $arraydefaultmessage->content;
+ }
+ if (empty($labeltosue)) {
+ $labeltouse = '['.$mysoc->name.'] '.$langs->trans("YourMessage");
+ $msg = $langs->trans("YourMessageHasBeenReceived");
+ }
+
+ $substitutionarray = getCommonSubstitutionArray($outputlangs, 0, null, $object);
+ complete_substitutions_array($substitutionarray, $outputlangs, $object);
+ $subjecttosend = make_substitutions($subject, $substitutionarray, $outputlangs);
+ $texttosend = make_substitutions($msg, $substitutionarray, $outputlangs);
+
+ if ($subjecttosend && $texttosend) {
+ $moreinheader = 'X-Dolibarr-Info: send_an_email by public/lead/new.php'."\r\n";
+
+ $result = $object->send_an_email($texttosend, $subjecttosend, array(), array(), array(), "", "", 0, -1, '', $moreinheader);
+ }
+ /*if ($result < 0) {
+ $error++;
+ setEventMessages($object->error, $object->errors, 'errors');
+ }*/
+ }
+
+ if (!empty($backtopage)) {
+ $urlback = $backtopage;
+ } elseif (!empty($conf->global->PROJECT_URL_REDIRECT_LEAD)) {
+ $urlback = $conf->global->PROJECT_URL_REDIRECT_LEAD;
+ // TODO Make replacement of __AMOUNT__, etc...
+ } else {
+ $urlback = $_SERVER["PHP_SELF"]."?action=added&token=".newToken();
+ }
+
+ if (!empty($entity)) {
+ $urlback .= '&entity='.$entity;
+ }
+
+ dol_syslog("project lead ".$proj->ref." has been created, we redirect to ".$urlback);
+ } else {
+ $error++;
+ $errmsg .= $proj->error.'
'.join('
', $proj->errors);
+ }
+ } else {
+ setEventMessage($errmsg, 'errors');
}
}
diff --git a/htdocs/public/project/suggestbooth.php b/htdocs/public/project/suggestbooth.php
index f42e75b21b1..7c97a1da346 100644
--- a/htdocs/public/project/suggestbooth.php
+++ b/htdocs/public/project/suggestbooth.php
@@ -361,7 +361,37 @@ if (empty($reshook) && $action == 'add') {
$conforbooth->datep2 = $dateend;
$conforbooth->datec = dol_now();
$conforbooth->tms = dol_now();
- $resultconforbooth = $conforbooth->create($user);
+ $conforbooth->ip = getUserRemoteIP();
+ $nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000);
+
+ // Calculate nb of post for IP
+ $nb_post_ip = 0;
+ if ($nb_post_max > 0) { // Calculate only if there is a limit to check
+ $sql = "SELECT COUNT(ref) as nb_confs";
+ $sql .= " FROM ".MAIN_DB_PREFIX."actioncomm";
+ $sql .= " WHERE ip = '".$db->escape($conforbooth->ip)."'";
+ $resql = $db->query($sql);
+ if ($resql) {
+ $num = $db->num_rows($resql);
+ $i = 0;
+ while ($i < $num) {
+ $i++;
+ $obj = $db->fetch_object($resql);
+ $nb_post_ip = $obj->nb_confs;
+ }
+ }
+ }
+
+ $resultconforbooth = 0;
+
+ if ($nb_post_max > 0 && $nb_post_ip >= $nb_post_max) {
+ $error++;
+ $errmsg .= $langs->trans("AlreadyTooMuchPostOnThisIPAdress");
+ array_push($conforbooth->errors, $langs->trans("AlreadyTooMuchPostOnThisIPAdress"));
+ setEventMessage($errmsg, 'errors');
+ } else {
+ $resultconforbooth = $conforbooth->create($user);
+ }
if ($resultconforbooth<=0) {
$error++;
$errmsg .= $conforbooth->error;
diff --git a/htdocs/public/project/suggestconference.php b/htdocs/public/project/suggestconference.php
index f0b9299f980..bcff02859a0 100644
--- a/htdocs/public/project/suggestconference.php
+++ b/htdocs/public/project/suggestconference.php
@@ -359,7 +359,37 @@ if (empty($reshook) && $action == 'add') {
$conforbooth->tms = dol_now();
$conforbooth->firstname = $contact->firstname;
$conforbooth->lastname = $contact->lastname;
- $resultconforbooth = $conforbooth->create($user);
+ $conforbooth->ip = getUserRemoteIP();
+ $nb_post_max = getDolGlobalInt("MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS", 1000);
+
+ // Calculate nb of post for IP
+ $nb_post_ip = 0;
+ if ($nb_post_max > 0) { // Calculate only if there is a limit to check
+ $sql = "SELECT COUNT(ref) as nb_confs";
+ $sql .= " FROM ".MAIN_DB_PREFIX."actioncomm";
+ $sql .= " WHERE ip = '".$db->escape($conforbooth->ip)."'";
+ $resql = $db->query($sql);
+ if ($resql) {
+ $num = $db->num_rows($resql);
+ $i = 0;
+ while ($i < $num) {
+ $i++;
+ $obj = $db->fetch_object($resql);
+ $nb_post_ip = $obj->nb_confs;
+ }
+ }
+ }
+
+ $resultconforbooth = 0;
+
+ if ($nb_post_max > 0 && $nb_post_ip >= $nb_post_max) {
+ $error++;
+ $errmsg .= $langs->trans("AlreadyTooMuchPostOnThisIPAdress");
+ array_push($conforbooth->errors, $langs->trans("AlreadyTooMuchPostOnThisIPAdress"));
+ setEventMessage($errmsg, 'errors');
+ } else {
+ $resultconforbooth = $conforbooth->create($user);
+ }
if ($resultconforbooth<=0) {
$error++;
$errmsg .= $conforbooth->error;