diff --git a/main/admin.php b/main/admin.php
index 31b69ac..f3c762c 100644
--- a/main/admin.php
+++ b/main/admin.php
@@ -33,6 +33,18 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$stmt = $db->prepare('UPDATE users SET is_blocked = 0 WHERE username = ?');
$stmt->execute([$username]);
$success = "User $username has been unbanned";
+ } elseif ($_POST['action'] === 'preventive_ban') {
+ if (!preg_match('/^[a-zA-Z0-9_]+$/', $username)) {
+ $error = "Invalid username format";
+ } else {
+ $stmt = $db->prepare('INSERT INTO banned_usernames (username) VALUES (?)');
+ try {
+ $stmt->execute([$username]);
+ $success = "Username $username has been preventively banned";
+ } catch (PDOException $e) {
+ $error = "Username already banned";
+ }
+ }
}
}
}
@@ -100,6 +112,15 @@ $users = $stmt->fetchAll(PDO::FETCH_ASSOC);
+
+
Preventive Ban
+
+
+
diff --git a/main/register.php b/main/register.php
index a8e79d2..a5839fc 100644
--- a/main/register.php
+++ b/main/register.php
@@ -31,27 +31,33 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
} else if (strlen($pgp_key) > 4096) {
$error = 'PGP key is too long';
} else {
- $stmt = $db->prepare('SELECT COUNT(*) FROM registrations WHERE created_at > DATE_SUB(NOW(), INTERVAL 1 HOUR)');
- $stmt->execute();
- $count = $stmt->fetchColumn();
-
- if ($count >= 20) {
- $error = 'Registration limit exceeded';
+ $stmt = $db->prepare('SELECT COUNT(*) FROM banned_usernames WHERE username = ?');
+ $stmt->execute([$username]);
+ if ($stmt->fetchColumn() > 0) {
+ $error = 'This username is not allowed';
} else {
- try {
- $stmt = $db->prepare('INSERT INTO users (username, password, pgp_key, login_attempts, last_attempt) VALUES (?, ?, ?, 0, NOW())');
- $stmt->execute([
- $username,
- password_hash($password, PASSWORD_DEFAULT, ['cost' => 12]),
- $pgp_key
- ]);
-
- $stmt = $db->prepare('INSERT INTO registrations () VALUES ()');
- $stmt->execute();
-
- $success = 'Registration successful';
- } catch (PDOException $e) {
- $error = 'Username already exists';
+ $stmt = $db->prepare('SELECT COUNT(*) FROM registrations WHERE created_at > DATE_SUB(NOW(), INTERVAL 1 HOUR)');
+ $stmt->execute();
+ $count = $stmt->fetchColumn();
+
+ if ($count >= 20) {
+ $error = 'Registration limit exceeded';
+ } else {
+ try {
+ $stmt = $db->prepare('INSERT INTO users (username, password, pgp_key, login_attempts, last_attempt) VALUES (?, ?, ?, 0, NOW())');
+ $stmt->execute([
+ $username,
+ password_hash($password, PASSWORD_DEFAULT, ['cost' => 12]),
+ $pgp_key
+ ]);
+
+ $stmt = $db->prepare('INSERT INTO registrations () VALUES ()');
+ $stmt->execute();
+
+ $success = 'Registration successful';
+ } catch (PDOException $e) {
+ $error = 'Username already exists';
+ }
}
}
}
diff --git a/sql/migrate.sql b/sql/migrate.sql
index 4892634..d79bb81 100644
--- a/sql/migrate.sql
+++ b/sql/migrate.sql
@@ -21,4 +21,10 @@ END //
DELIMITER ;
CALL migrate_if_needed();
-DROP PROCEDURE IF EXISTS migrate_if_needed;
\ No newline at end of file
+DROP PROCEDURE IF EXISTS migrate_if_needed;
+
+CREATE TABLE IF NOT EXISTS banned_usernames (
+ id INT AUTO_INCREMENT PRIMARY KEY,
+ username VARCHAR(50) NOT NULL UNIQUE,
+ created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
+);
\ No newline at end of file