From 71dd22c3048bf98f7602c2fe89512b10bd8dcad3 Mon Sep 17 00:00:00 2001 From: Lain Iwakura Date: Mon, 16 Jun 2025 03:10:49 +0300 Subject: [PATCH] okay --- main/admin.php | 21 +++++++++++++++++++++ main/register.php | 46 ++++++++++++++++++++++++++-------------------- sql/migrate.sql | 8 +++++++- 3 files changed, 54 insertions(+), 21 deletions(-) diff --git a/main/admin.php b/main/admin.php index 31b69ac..f3c762c 100644 --- a/main/admin.php +++ b/main/admin.php @@ -33,6 +33,18 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { $stmt = $db->prepare('UPDATE users SET is_blocked = 0 WHERE username = ?'); $stmt->execute([$username]); $success = "User $username has been unbanned"; + } elseif ($_POST['action'] === 'preventive_ban') { + if (!preg_match('/^[a-zA-Z0-9_]+$/', $username)) { + $error = "Invalid username format"; + } else { + $stmt = $db->prepare('INSERT INTO banned_usernames (username) VALUES (?)'); + try { + $stmt->execute([$username]); + $success = "Username $username has been preventively banned"; + } catch (PDOException $e) { + $error = "Username already banned"; + } + } } } } @@ -100,6 +112,15 @@ $users = $stmt->fetchAll(PDO::FETCH_ASSOC);
+
+

Preventive Ban

+
+ + + +
+
+ diff --git a/main/register.php b/main/register.php index a8e79d2..a5839fc 100644 --- a/main/register.php +++ b/main/register.php @@ -31,27 +31,33 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { } else if (strlen($pgp_key) > 4096) { $error = 'PGP key is too long'; } else { - $stmt = $db->prepare('SELECT COUNT(*) FROM registrations WHERE created_at > DATE_SUB(NOW(), INTERVAL 1 HOUR)'); - $stmt->execute(); - $count = $stmt->fetchColumn(); - - if ($count >= 20) { - $error = 'Registration limit exceeded'; + $stmt = $db->prepare('SELECT COUNT(*) FROM banned_usernames WHERE username = ?'); + $stmt->execute([$username]); + if ($stmt->fetchColumn() > 0) { + $error = 'This username is not allowed'; } else { - try { - $stmt = $db->prepare('INSERT INTO users (username, password, pgp_key, login_attempts, last_attempt) VALUES (?, ?, ?, 0, NOW())'); - $stmt->execute([ - $username, - password_hash($password, PASSWORD_DEFAULT, ['cost' => 12]), - $pgp_key - ]); - - $stmt = $db->prepare('INSERT INTO registrations () VALUES ()'); - $stmt->execute(); - - $success = 'Registration successful'; - } catch (PDOException $e) { - $error = 'Username already exists'; + $stmt = $db->prepare('SELECT COUNT(*) FROM registrations WHERE created_at > DATE_SUB(NOW(), INTERVAL 1 HOUR)'); + $stmt->execute(); + $count = $stmt->fetchColumn(); + + if ($count >= 20) { + $error = 'Registration limit exceeded'; + } else { + try { + $stmt = $db->prepare('INSERT INTO users (username, password, pgp_key, login_attempts, last_attempt) VALUES (?, ?, ?, 0, NOW())'); + $stmt->execute([ + $username, + password_hash($password, PASSWORD_DEFAULT, ['cost' => 12]), + $pgp_key + ]); + + $stmt = $db->prepare('INSERT INTO registrations () VALUES ()'); + $stmt->execute(); + + $success = 'Registration successful'; + } catch (PDOException $e) { + $error = 'Username already exists'; + } } } } diff --git a/sql/migrate.sql b/sql/migrate.sql index 4892634..d79bb81 100644 --- a/sql/migrate.sql +++ b/sql/migrate.sql @@ -21,4 +21,10 @@ END // DELIMITER ; CALL migrate_if_needed(); -DROP PROCEDURE IF EXISTS migrate_if_needed; \ No newline at end of file +DROP PROCEDURE IF EXISTS migrate_if_needed; + +CREATE TABLE IF NOT EXISTS banned_usernames ( + id INT AUTO_INCREMENT PRIMARY KEY, + username VARCHAR(50) NOT NULL UNIQUE, + created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP +); \ No newline at end of file