lain/text0Nly
1
0
Fork 0
mirror of https://git.sr.ht/~iwakuralain/text0Nly synced 2025-07-27 15:36:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

okay

Browse Source
This commit is contained in:
Lain Iwakura 2025-06-16 03:10:49 +03:00
parent bf0536ac9c
commit 71dd22c304
No known key found for this signature in database
GPG Key ID: C7C18257F2ADC6F8
3 changed files with 54 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
main/admin.php
View File

@ -33,6 +33,18 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$stmt = $db->prepare('UPDATE users SET is_blocked = 0 WHERE username = ?'); $stmt = $db->prepare('UPDATE users SET is_blocked = 0 WHERE username = ?');
$stmt->execute([$username]); $stmt->execute([$username]);
$success = "User $username has been unbanned"; $success = "User $username has been unbanned";
} elseif ($_POST['action'] === 'preventive_ban') {
if (!preg_match('/^[a-zA-Z0-9_]+$/', $username)) {
$error = "Invalid username format";
} else {
$stmt = $db->prepare('INSERT INTO banned_usernames (username) VALUES (?)');
try {
$stmt->execute([$username]);
$success = "Username $username has been preventively banned";
} catch (PDOException $e) {
$error = "Username already banned";
}
}
} }
} }
} }
@ -100,6 +112,15 @@ $users = $stmt->fetchAll(PDO::FETCH_ASSOC);
<div class="success"><?= htmlspecialchars($success) ?></div> <div class="success"><?= htmlspecialchars($success) ?></div>
<?php endif; ?> <?php endif; ?>
<div class="preventive-ban">
<h2>Preventive Ban</h2>
<form method="post" class="ban-form">
<input type="text" name="username" placeholder="Username to ban" required pattern="[a-zA-Z0-9_]+" maxlength="50">
<input type="hidden" name="action" value="preventive_ban">
<button type="submit" class="ban-btn">Ban Username</button>
</form>
</div>
<table class="admin-table"> <table class="admin-table">
<thead> <thead>
<tr> <tr>

42
main/register.php
View File

@ -31,27 +31,33 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
} else if (strlen($pgp_key) > 4096) { } else if (strlen($pgp_key) > 4096) {
$error = 'PGP key is too long'; $error = 'PGP key is too long';
} else { } else {
$stmt = $db->prepare('SELECT COUNT(*) FROM registrations WHERE created_at > DATE_SUB(NOW(), INTERVAL 1 HOUR)'); $stmt = $db->prepare('SELECT COUNT(*) FROM banned_usernames WHERE username = ?');
$stmt->execute(); $stmt->execute([$username]);
$count = $stmt->fetchColumn(); if ($stmt->fetchColumn() > 0) {
$error = 'This username is not allowed';
if ($count >= 20) {
$error = 'Registration limit exceeded';
} else { } else {
try { $stmt = $db->prepare('SELECT COUNT(*) FROM registrations WHERE created_at > DATE_SUB(NOW(), INTERVAL 1 HOUR)');
$stmt = $db->prepare('INSERT INTO users (username, password, pgp_key, login_attempts, last_attempt) VALUES (?, ?, ?, 0, NOW())'); $stmt->execute();
$stmt->execute([ $count = $stmt->fetchColumn();
$username,
password_hash($password, PASSWORD_DEFAULT, ['cost' => 12]),
$pgp_key
]);
$stmt = $db->prepare('INSERT INTO registrations () VALUES ()'); if ($count >= 20) {
$stmt->execute(); $error = 'Registration limit exceeded';
} else {
try {
$stmt = $db->prepare('INSERT INTO users (username, password, pgp_key, login_attempts, last_attempt) VALUES (?, ?, ?, 0, NOW())');
$stmt->execute([
$username,
password_hash($password, PASSWORD_DEFAULT, ['cost' => 12]),
$pgp_key
]);
$success = 'Registration successful'; $stmt = $db->prepare('INSERT INTO registrations () VALUES ()');
} catch (PDOException $e) { $stmt->execute();
$error = 'Username already exists';
$success = 'Registration successful';
} catch (PDOException $e) {
$error = 'Username already exists';
}
} }
} }
} }

6
sql/migrate.sql
View File

@ -22,3 +22,9 @@ DELIMITER ;
CALL migrate_if_needed(); CALL migrate_if_needed();
DROP PROCEDURE IF EXISTS migrate_if_needed; DROP PROCEDURE IF EXISTS migrate_if_needed;
CREATE TABLE IF NOT EXISTS banned_usernames (
id INT AUTO_INCREMENT PRIMARY KEY,
username VARCHAR(50) NOT NULL UNIQUE,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);