Opened 6 years ago

Closed 5 years ago

Last modified 5 years ago

#1484491 closed Feature Patches (fixed)

Patch to restrict how quickly a user can send email.

Reported by: phallstrom Owned by:
Priority: 5 Milestone: 0.2-beta
Component: PHP backend Version: 0.1-rc1
Severity: normal Keywords:
Cc:

Description

This patch adds a configuration option to limit how frequently a user can send email. If not supplied no limit is applied.

Index: config/main.inc.php
===================================================================
--- config/main.inc.php (revision 14)
+++ config/main.inc.php (working copy)
@@ -100,6 +100,9 @@
 // session lifetime in minutes
 $rcmail_config['session_lifetime'] = 1440; #1 day

+// how many seconds must pass between emails sent by a user
+$rcmail_config['sendmail_delay'] = 15;
+
 // session domain
 $rcmail_config['session_domain'] = ".cardplayer.com";

Index: program/localization/en_US/messages.inc
===================================================================
--- program/localization/en_US/messages.inc     (revision 11)
+++ program/localization/en_US/messages.inc     (working copy)
@@ -41,6 +41,7 @@
 $messages['contactnotfound'] = 'The requested contact was not found';

 $messages['sendingfailed'] = 'Failed to send message';
+$messages['senttooquickly'] = 'You have sent too many messaages too quickly. Please wait a moment before sending this one.';
 $messages['errorsaving'] = 'An error occured while saving';
 $messages['errormoving'] = 'Could not move the message';
 $messages['errordeleting'] = 'Could not delete the message';
Index: program/steps/mail/sendmail.inc
===================================================================
--- program/steps/mail/sendmail.inc     (revision 8)
+++ program/steps/mail/sendmail.inc     (working copy)
@@ -136,7 +136,18 @@

 /****** check submission and compose message ********/

+if(isset($CONFIG['sendmail_delay']))
+  {
+  if(intval($_SESSION['last_message_sent_at']) > time() - intval($CONFIG['sendmail_delay']))
+    {
+    $OUTPUT->show_message("senttooquickly", 'error');
+    $OUTPUT->send('iframe');
+    return;
+    }
+  $_SESSION['last_message_sent_at'] = time();
+  }
 
+
 if (!$savedraft && empty($_POST['_to']) && empty($_POST['_subject']) && $_POST['_message'])
   {
   $OUTPUT->show_message("sendingfailed", 'error');

Change History (6)

comment:1 Changed 6 years ago by thomasb

  • Component changed from Client to PHP backend
  • Milestone set to 0.1.1

Good point!

comment:2 Changed 5 years ago by thomasb

  • Milestone changed from 0.1.1 to 0.1.5

0.1.1 is feature frozen

comment:3 Changed 5 years ago by anonymous

  • Milestone 0.1.5 deleted

Milestone 0.1.5 deleted

comment:4 Changed 5 years ago by alec

  • Milestone set to 0.2-beta

comment:5 Changed 5 years ago by alec

  • Resolution set to fixed
  • Status changed from new to closed

Added in [acb08f51].

comment:6 Changed 5 years ago by tensor

Hmm, as the restriction is stored in session, so it is possible to relogin an clear the timeout. Am I wrong?

Note: See TracTickets for help on using tickets.