attempt to prevent registration spam
This commit is contained in:
parent
aabf3104b1
commit
aad2a53459
2 changed files with 15 additions and 0 deletions
|
@ -1,4 +1,5 @@
|
|||
package Travelynx::Controller::Account;
|
||||
|
||||
# Copyright (C) 2020 Daniel Friesel
|
||||
#
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
|
@ -62,6 +63,7 @@ sub registration_form {
|
|||
|
||||
sub register {
|
||||
my ($self) = @_;
|
||||
my $dt = $self->req->param('dt');
|
||||
my $user = $self->req->param('user');
|
||||
my $email = $self->req->param('email');
|
||||
my $password = $self->req->param('password');
|
||||
|
@ -118,6 +120,18 @@ sub register {
|
|||
return;
|
||||
}
|
||||
|
||||
if ( not $dt
|
||||
or DateTime->now( time_zone => 'Europe/Berlin' )->epoch - $dt < 6 )
|
||||
{
|
||||
# a human user should take at least five seconds to fill out the form.
|
||||
# Throw a CSRF error at presumed spammers.
|
||||
$self->render(
|
||||
'register',
|
||||
invalid => 'csrf',
|
||||
);
|
||||
return;
|
||||
}
|
||||
|
||||
my $token = make_token();
|
||||
my $pw_hash = hash_password($password);
|
||||
my $db = $self->pg->db;
|
||||
|
|
|
@ -3,6 +3,7 @@
|
|||
% }
|
||||
%= form_for '/register' => (method => 'POST') => begin
|
||||
%= csrf_field
|
||||
%= hidden_field dt => DateTime->now(time_zone => 'Europe/Berlin')->epoch
|
||||
<div class="row">
|
||||
<div class="input-field col l6 m12 s12">
|
||||
<i class="material-icons prefix">account_circle</i>
|
||||
|
|
Loading…
Reference in a new issue