diff options
| -rw-r--r-- | phpBB/includes/acp/acp_board.php | 4 | ||||
| -rw-r--r-- | phpBB/includes/functions.php | 14 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_register.php | 26 | ||||
| -rw-r--r-- | phpBB/install/database_update.php | 3 | ||||
| -rw-r--r-- | phpBB/install/schemas/schema_data.sql | 3 | ||||
| -rw-r--r-- | phpBB/language/en/acp/board.php | 6 | ||||
| -rw-r--r-- | phpBB/styles/prosilver/template/ucp_agreement.html | 16 | ||||
| -rw-r--r-- | phpBB/styles/prosilver/template/ucp_register.html | 13 | ||||
| -rw-r--r-- | phpBB/styles/prosilver/template/viewtopic_print.html | 1 | ||||
| -rw-r--r-- | phpBB/styles/subsilver2/template/ucp_agreement.html | 28 | ||||
| -rw-r--r-- | phpBB/styles/subsilver2/template/ucp_register.html | 23 |
11 files changed, 121 insertions, 16 deletions
diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index 95b792593f..4d467b6895 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -223,6 +223,8 @@ class acp_board 'enable_confirm' => array('lang' => 'VISUAL_CONFIRM_REG', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'max_login_attempts' => array('lang' => 'MAX_LOGIN_ATTEMPTS', 'validate' => 'int', 'type' => 'text:3:3', 'explain' => true), 'max_reg_attempts' => array('lang' => 'REG_LIMIT', 'validate' => 'int', 'type' => 'text:4:4', 'explain' => true), + 'min_time_reg' => array('lang' => 'MIN_TIME_REG', 'validate' => 'int', 'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']), + 'min_time_terms' => array('lang' => 'MIN_TIME_TERMS', 'validate' => 'int', 'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']), 'legend3' => 'COPPA', 'coppa_enable' => array('lang' => 'ENABLE_COPPA', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), @@ -327,6 +329,8 @@ class acp_board 'tpl_allow_php' => array('lang' => 'TPL_ALLOW_PHP', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'form_token_lifetime' => array('lang' => 'FORM_TIME_MAX', 'validate' => 'int', 'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']), 'form_token_mintime' => array('lang' => 'FORM_TIME_MIN', 'validate' => 'int', 'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']), + 'form_token_sid_guests' => array('lang' => 'FORM_SID_GUESTS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), + ) ); break; diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index b88d1d9e30..aa7729d406 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2006,9 +2006,10 @@ function meta_refresh($time, $url) */ function add_form_key($form_name) { - global $template, $user; + global $config, $template, $user; $now = time(); - $token = sha1($now . $user->data['user_form_salt'] . $form_name); + $token_sid = ($user->data['user_id'] == ANONYMOUS && !empty($config['form_token_sid_guests'])) ? $user->session_id : ''; + $token = sha1($now . $user->data['user_form_salt'] . $form_name . $token_sid); $s_fields = build_hidden_fields(array( 'creation_time' => $now, @@ -2029,7 +2030,7 @@ function add_form_key($form_name) */ function check_form_key($form_name, $timespan = false, $return_page = '', $trigger = false, $miniumum_time = false) { - global $user, $config; + global $config, $user; if ($timespan === false) { @@ -2039,6 +2040,7 @@ function check_form_key($form_name, $timespan = false, $return_page = '', $trigg { $miniumum_time = $config['form_token_mintime']; } + if (isset($_POST['creation_time']) && isset($_POST['form_token'])) { $creation_time = abs(request_var('creation_time', 0)); @@ -2046,9 +2048,11 @@ function check_form_key($form_name, $timespan = false, $return_page = '', $trigg $diff = (time() - $creation_time); - if (($diff > $miniumum_time) && (($diff < $timespan) || $timespan == -1)) + if (($diff >= $miniumum_time) && (($diff <= $timespan) || $timespan == -1)) { - $key = sha1($creation_time . $user->data['user_form_salt'] . $form_name); + $token_sid = ($user->data['user_id'] == ANONYMOUS && !empty($config['form_token_sid_guests'])) ? $user->session_id : ''; + + $key = sha1($creation_time . $user->data['user_form_salt'] . $form_name . $token_sid); if ($key === $token) { return true; diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php index 4b409daed5..f75a6c5a51 100644 --- a/phpBB/includes/ucp/ucp_register.php +++ b/phpBB/includes/ucp/ucp_register.php @@ -44,14 +44,22 @@ class ucp_register $change_lang = request_var('change_lang', ''); $user_lang = request_var('lang', $user->lang_name); - add_form_key('ucp_register'); // not so fast, buddy - if (($submit && !check_form_key('ucp_register', false, '', false, 5)) - || (!$submit && !check_form_key('ucp_register', false, '', false, 1))) + if (($submit && !check_form_key('ucp_register', false, '', false, $config['min_time_reg'])) + || (!$submit && !check_form_key('ucp_register_terms', false, '', false, $config['min_time_terms']))) { $agreed = false; } + + if ($agreed) + { + add_form_key('ucp_register'); + } + else + { + add_form_key('ucp_register_terms'); + } if ($change_lang || $user_lang != $config['default_lang']) @@ -121,8 +129,8 @@ class ucp_register 'S_SHOW_COPPA' => true, 'S_HIDDEN_FIELDS' => build_hidden_fields($s_hidden_fields), - 'S_UCP_ACTION' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register' . $add_lang)) - ); + 'S_UCP_ACTION' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register' . $add_lang), + )); } else { @@ -132,7 +140,9 @@ class ucp_register 'S_SHOW_COPPA' => false, 'S_REGISTRATION' => true, 'S_HIDDEN_FIELDS' => build_hidden_fields($s_hidden_fields), - 'S_UCP_ACTION' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register' . $add_lang . $add_coppa)) + 'S_UCP_ACTION' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register' . $add_lang . $add_coppa), + 'S_TIME' => 1000 * (int)$config['min_time_terms'], + ) ); } @@ -518,7 +528,9 @@ class ucp_register 'S_CONFIRM_CODE' => ($config['enable_confirm']) ? true : false, 'S_COPPA' => $coppa, 'S_HIDDEN_FIELDS' => $s_hidden_fields, - 'S_UCP_ACTION' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register')) + 'S_UCP_ACTION' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register'), + 'S_TIME' => 1000 * (int)$config['min_time_reg'], + ) ); // diff --git a/phpBB/install/database_update.php b/phpBB/install/database_update.php index dafd001bff..9ffd8cae12 100644 --- a/phpBB/install/database_update.php +++ b/phpBB/install/database_update.php @@ -1493,6 +1493,9 @@ if (version_compare($current_version, '3.0.RC5', '<=')) set_config('form_token_lifetime', '7200'); set_config('form_token_mintime', '0'); + set_config('min_time_reg', '5'); + set_config('min_time_terms', '2'); + set_config('form_token_sid_guests', '1'); $db->sql_transaction('begin'); diff --git a/phpBB/install/schemas/schema_data.sql b/phpBB/install/schemas/schema_data.sql index b155cd5d95..d51ed81b3b 100644 --- a/phpBB/install/schemas/schema_data.sql +++ b/phpBB/install/schemas/schema_data.sql @@ -90,6 +90,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('flood_interval', ' INSERT INTO phpbb_config (config_name, config_value) VALUES ('force_server_vars', '0'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('form_token_lifetime', '7200'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('form_token_mintime', '0'); +INSERT INTO phpbb_config (config_name, config_value) VALUES ('form_token_sid_guests', '1'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('forward_pm', '1'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('forwarded_for_check', '0'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('full_folder_action', '2'); @@ -171,6 +172,8 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('max_sig_urls', '5' INSERT INTO phpbb_config (config_name, config_value) VALUES ('min_name_chars', '3'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('min_pass_chars', '6'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('min_search_author_chars', '3'); +INSERT INTO phpbb_config (config_name, config_value) VALUES ('min_time_reg', '5'); +INSERT INTO phpbb_config (config_name, config_value) VALUES ('min_time_terms', '2'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('override_user_style', '0'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('pass_complex', 'PASS_TYPE_ANY'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('pm_edit_time', '0'); diff --git a/phpBB/language/en/acp/board.php b/phpBB/language/en/acp/board.php index b205d635c8..c7584ea8c2 100644 --- a/phpBB/language/en/acp/board.php +++ b/phpBB/language/en/acp/board.php @@ -206,6 +206,10 @@ $lang = array_merge($lang, array( 'ENABLE_COPPA_EXPLAIN' => 'This requires users to declare whether they are 13 or over for compliance with the U.S. COPPA. If this is disabled the COPPA specific groups will no longer be displayed.', 'MAX_CHARS' => 'Max', 'MIN_CHARS' => 'Min', + 'MIN_TIME_REG' => 'Minimum time for registration', + 'MIN_TIME_REG_EXPLAIN' => 'The registration form cannot be submitted before this time has passed.', + 'MIN_TIME_TERMS' => 'Minimum time for registration', + 'MIN_TIME_TERMS_EXPLAIN' => 'The terms page cannot be skipped before this time has passed.', 'NO_AUTH_PLUGIN' => 'No suitable auth plugin found.', 'PASSWORD_LENGTH' => 'Password length', 'PASSWORD_LENGTH_EXPLAIN' => 'Minimum and maximum number of characters in passwords.', @@ -373,6 +377,8 @@ $lang = array_merge($lang, array( 'FORM_TIME_MAX_EXPLAIN' => 'The time a user has to submit a form. Use -1 to disable. Note that a form might become invalid if the session expires, regardless of this setting.', 'FORM_TIME_MIN' => 'Minimum time to submit forms', 'FORM_TIME_MIN_EXPLAIN' => 'Submissions faster than this time are ignored by the board. Use 0 to disable.', + 'FORM_SID_GUESTS' => 'Tie forms to guest sessions', + 'FORM_SID_GUESTS_EXPLAIN' => 'If enabled, the form token issued to guests will be session-exclusive. This can cause problems with some ISPs.', 'FORWARDED_FOR_VALID' => 'Validated <var>X_FORWARDED_FOR</var> header', 'FORWARDED_FOR_VALID_EXPLAIN' => 'Sessions will only be continued if the sent <var>X_FORWARDED_FOR</var> header equals the one sent with the previous request. Bans will be checked against IPs in <var>X_FORWARDED_FOR</var> too.', 'IP_VALID' => 'Session IP validation', diff --git a/phpBB/styles/prosilver/template/ucp_agreement.html b/phpBB/styles/prosilver/template/ucp_agreement.html index 99ca73ec2f..05cb281873 100644 --- a/phpBB/styles/prosilver/template/ucp_agreement.html +++ b/phpBB/styles/prosilver/template/ucp_agreement.html @@ -1,5 +1,19 @@ <!-- INCLUDE overall_header.html --> +<script type="text/javascript" defer="defer" > +// <![CDATA[ + function disable(disabl) + { + document.getElementById("agreed").disabled = disabl; + } + + <!-- IF S_TIME --> + onload_functions.push('disable(true)'); + setTimeout("disable(false)", {S_TIME}); + <!-- ENDIF --> +// ]]> +</script> + <!-- IF S_SHOW_COPPA or S_REGISTRATION --> <form method="post" action="{S_UCP_ACTION}" id="agreement"> @@ -19,7 +33,7 @@ <!-- IF S_SHOW_COPPA --> <strong><a href="{U_COPPA_NO}" class="button1">{L_COPPA_NO}</a></strong> <a href="{U_COPPA_YES}" class="button2">{L_COPPA_YES}</a> <!-- ELSE --> - <input type="submit" name="agreed" value="{L_AGREE}" class="button1" /> + <input type="submit" name="agreed" id="agreed" value="{L_AGREE}" class="button1" /> <input type="submit" name="not_agreed" value="{L_NOT_AGREE}" class="button2" /> <!-- ENDIF --> </fieldset> diff --git a/phpBB/styles/prosilver/template/ucp_register.html b/phpBB/styles/prosilver/template/ucp_register.html index dad72c5aa6..de043aa081 100644 --- a/phpBB/styles/prosilver/template/ucp_register.html +++ b/phpBB/styles/prosilver/template/ucp_register.html @@ -10,6 +10,17 @@ document.forms['register'].change_lang.value = lang_iso; document.forms['register'].submit.click(); } + + function disable(disabl) + { + document.getElementById("submit").disabled = disabl; + } + + <!-- IF S_TIME --> + onload_functions.push('disable(true)'); + setTimeout("disable(false)", {S_TIME}); + <!-- ENDIF --> + // ]]> </script> @@ -112,7 +123,7 @@ <fieldset class="submit-buttons"> {S_HIDDEN_FIELDS} <input type="reset" value="{L_RESET}" name="reset" class="button2" /> - <input type="submit" name="submit" value="{L_SUBMIT}" class="button1" /> + <input type="submit" name="submit" id ="submit" value="{L_SUBMIT}" class="button1" /> </fieldset> <span class="corners-bottom"><span></span></span></div> diff --git a/phpBB/styles/prosilver/template/viewtopic_print.html b/phpBB/styles/prosilver/template/viewtopic_print.html index a7d9731ab2..669c58d547 100644 --- a/phpBB/styles/prosilver/template/viewtopic_print.html +++ b/phpBB/styles/prosilver/template/viewtopic_print.html @@ -11,6 +11,7 @@ <meta name="copyright" content="2002-2006 phpBB Group" /> <meta name="keywords" content="" /> <meta name="description" content="" /> +<meta name="robots" CONTENT="noindex" /> {META} <title>{SITENAME} • {PAGE_TITLE}</title> diff --git a/phpBB/styles/subsilver2/template/ucp_agreement.html b/phpBB/styles/subsilver2/template/ucp_agreement.html index f695228d00..04d978c70e 100644 --- a/phpBB/styles/subsilver2/template/ucp_agreement.html +++ b/phpBB/styles/subsilver2/template/ucp_agreement.html @@ -1,5 +1,31 @@ <!-- INCLUDE overall_header.html --> +<script type="text/javascript" defer="defer" > +// <![CDATA[ + + var old_func = window.onload; + + function disable(disabl) + { + document.getElementById("agreed").disabled = disabl; + } + + function disable_and_handle() + { + if (old_func) + { + old_func(); + } + disable(true); + } + + <!-- IF S_TIME --> + window.onload = disable_and_handle; + setTimeout("disable(false)", {S_TIME}); + <!-- ENDIF --> +// ]]> +</script> + <!-- IF S_SHOW_COPPA or S_REGISTRATION --> <form method="post" action="{S_UCP_ACTION}"> @@ -18,7 +44,7 @@ <td> <span class="genmed"><br />{L_TERMS_OF_USE}<br /><br /></span> <div align="center"> - <input class="btnlite" type="submit" name="agreed" value="{L_AGREE}" /><br /><br /> + <input class="btnlite" type="submit" id="agreed" name="agreed" value="{L_AGREE}" /><br /><br /> <input class="btnlite" type="submit" name="not_agreed" value="{L_NOT_AGREE}" /> </div> </td> diff --git a/phpBB/styles/subsilver2/template/ucp_register.html b/phpBB/styles/subsilver2/template/ucp_register.html index cea48f17fa..159c663915 100644 --- a/phpBB/styles/subsilver2/template/ucp_register.html +++ b/phpBB/styles/subsilver2/template/ucp_register.html @@ -10,6 +10,27 @@ document.forms['register'].change_lang.value = lang_iso; document.forms['register'].submit.click(); } + + var old_func = window.onload; + + function disable(disabl) + { + document.getElementById("submit").disabled = disabl; + } + + function disable_and_handle() + { + if (old_func) + { + old_func(); + } + disable(true); + } + + <!-- IF S_TIME --> + window.onload = disable_and_handle; + setTimeout("disable(false)", {S_TIME}); + <!-- ENDIF --> // ]]> </script> @@ -102,7 +123,7 @@ <!-- ENDIF --> <tr> - <td class="cat" colspan="2" align="center">{S_HIDDEN_FIELDS}<input class="btnmain" type="submit" name="submit" value="{L_SUBMIT}" /> <input class="btnlite" type="reset" value="{L_RESET}" name="reset" /></td> + <td class="cat" colspan="2" align="center">{S_HIDDEN_FIELDS}<input class="btnmain" type="submit" name="submit" id="submit" value="{L_SUBMIT}" /> <input class="btnlite" type="reset" value="{L_RESET}" name="reset" /></td> </tr> </table> {S_FORM_TOKEN} |