diff options
author | Daniel Friesel <derf@finalrewind.org> | 2021-04-20 21:59:17 +0200 |
---|---|---|
committer | Daniel Friesel <derf@finalrewind.org> | 2021-04-20 21:59:17 +0200 |
commit | aad2a53459860539dde463e7952636c7ddd3a629 (patch) | |
tree | 376d036fc07285989af79c32e9d0c969f2b4c254 /lib | |
parent | aabf3104b12b0182a25c70d0807b9d525a548551 (diff) |
attempt to prevent registration spam1.19.11
Diffstat (limited to 'lib')
-rw-r--r-- | lib/Travelynx/Controller/Account.pm | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/lib/Travelynx/Controller/Account.pm b/lib/Travelynx/Controller/Account.pm index ba6b3cd..b6e97e3 100644 --- a/lib/Travelynx/Controller/Account.pm +++ b/lib/Travelynx/Controller/Account.pm @@ -1,4 +1,5 @@ package Travelynx::Controller::Account; + # Copyright (C) 2020 Daniel Friesel # # SPDX-License-Identifier: AGPL-3.0-or-later @@ -62,6 +63,7 @@ sub registration_form { sub register { my ($self) = @_; + my $dt = $self->req->param('dt'); my $user = $self->req->param('user'); my $email = $self->req->param('email'); my $password = $self->req->param('password'); @@ -118,6 +120,18 @@ sub register { return; } + if ( not $dt + or DateTime->now( time_zone => 'Europe/Berlin' )->epoch - $dt < 6 ) + { + # a human user should take at least five seconds to fill out the form. + # Throw a CSRF error at presumed spammers. + $self->render( + 'register', + invalid => 'csrf', + ); + return; + } + my $token = make_token(); my $pw_hash = hash_password($password); my $db = $self->pg->db; |