summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorDaniel Friesel <derf@finalrewind.org>2021-04-20 21:59:17 +0200
committerDaniel Friesel <derf@finalrewind.org>2021-04-20 21:59:17 +0200
commitaad2a53459860539dde463e7952636c7ddd3a629 (patch)
tree376d036fc07285989af79c32e9d0c969f2b4c254 /lib
parentaabf3104b12b0182a25c70d0807b9d525a548551 (diff)
attempt to prevent registration spam1.19.11
Diffstat (limited to 'lib')
-rw-r--r--lib/Travelynx/Controller/Account.pm14
1 files changed, 14 insertions, 0 deletions
diff --git a/lib/Travelynx/Controller/Account.pm b/lib/Travelynx/Controller/Account.pm
index ba6b3cd..b6e97e3 100644
--- a/lib/Travelynx/Controller/Account.pm
+++ b/lib/Travelynx/Controller/Account.pm
@@ -1,4 +1,5 @@
package Travelynx::Controller::Account;
+
# Copyright (C) 2020 Daniel Friesel
#
# SPDX-License-Identifier: AGPL-3.0-or-later
@@ -62,6 +63,7 @@ sub registration_form {
sub register {
my ($self) = @_;
+ my $dt = $self->req->param('dt');
my $user = $self->req->param('user');
my $email = $self->req->param('email');
my $password = $self->req->param('password');
@@ -118,6 +120,18 @@ sub register {
return;
}
+ if ( not $dt
+ or DateTime->now( time_zone => 'Europe/Berlin' )->epoch - $dt < 6 )
+ {
+ # a human user should take at least five seconds to fill out the form.
+ # Throw a CSRF error at presumed spammers.
+ $self->render(
+ 'register',
+ invalid => 'csrf',
+ );
+ return;
+ }
+
my $token = make_token();
my $pw_hash = hash_password($password);
my $db = $self->pg->db;