diff options
author | Daniel Friesel <derf@finalrewind.org> | 2021-04-20 21:59:17 +0200 |
---|---|---|
committer | Daniel Friesel <derf@finalrewind.org> | 2021-04-20 21:59:17 +0200 |
commit | aad2a53459860539dde463e7952636c7ddd3a629 (patch) | |
tree | 376d036fc07285989af79c32e9d0c969f2b4c254 | |
parent | aabf3104b12b0182a25c70d0807b9d525a548551 (diff) |
attempt to prevent registration spam1.19.11
-rw-r--r-- | lib/Travelynx/Controller/Account.pm | 14 | ||||
-rw-r--r-- | templates/register.html.ep | 1 |
2 files changed, 15 insertions, 0 deletions
diff --git a/lib/Travelynx/Controller/Account.pm b/lib/Travelynx/Controller/Account.pm index ba6b3cd..b6e97e3 100644 --- a/lib/Travelynx/Controller/Account.pm +++ b/lib/Travelynx/Controller/Account.pm @@ -1,4 +1,5 @@ package Travelynx::Controller::Account; + # Copyright (C) 2020 Daniel Friesel # # SPDX-License-Identifier: AGPL-3.0-or-later @@ -62,6 +63,7 @@ sub registration_form { sub register { my ($self) = @_; + my $dt = $self->req->param('dt'); my $user = $self->req->param('user'); my $email = $self->req->param('email'); my $password = $self->req->param('password'); @@ -118,6 +120,18 @@ sub register { return; } + if ( not $dt + or DateTime->now( time_zone => 'Europe/Berlin' )->epoch - $dt < 6 ) + { + # a human user should take at least five seconds to fill out the form. + # Throw a CSRF error at presumed spammers. + $self->render( + 'register', + invalid => 'csrf', + ); + return; + } + my $token = make_token(); my $pw_hash = hash_password($password); my $db = $self->pg->db; diff --git a/templates/register.html.ep b/templates/register.html.ep index 1983e92..c27b591 100644 --- a/templates/register.html.ep +++ b/templates/register.html.ep @@ -3,6 +3,7 @@ % } %= form_for '/register' => (method => 'POST') => begin %= csrf_field + %= hidden_field dt => DateTime->now(time_zone => 'Europe/Berlin')->epoch <div class="row"> <div class="input-field col l6 m12 s12"> <i class="material-icons prefix">account_circle</i> |