Ticket #1484491 (closed Patches: fixed)

Opened 15 months ago

Last modified 4 weeks ago

Patch to restrict how quickly a user can send email.

Reported by: phallstrom Owned by:
Priority: 5 Milestone: 0.2-beta
Component: PHP backend Version: 0.1-rc1
Severity: normal Keywords:
Cc:

Description

This patch adds a configuration option to limit how frequently a user can send email. If not supplied no limit is applied. 

Index: config/main.inc.php
===================================================================
--- config/main.inc.php (revision 14)
+++ config/main.inc.php (working copy)
@@ -100,6 +100,9 @@
 // session lifetime in minutes
 $rcmail_config['session_lifetime'] = 1440; #1 day

+// how many seconds must pass between emails sent by a user
+$rcmail_config['sendmail_delay'] = 15;
+
 // session domain
 $rcmail_config['session_domain'] = ".cardplayer.com";


Index: program/localization/en_US/messages.inc
===================================================================
--- program/localization/en_US/messages.inc     (revision 11)
+++ program/localization/en_US/messages.inc     (working copy)
@@ -41,6 +41,7 @@
 $messages['contactnotfound'] = 'The requested contact was not found';

 $messages['sendingfailed'] = 'Failed to send message';
+$messages['senttooquickly'] = 'You have sent too many messaages too quickly. Please wait a moment before sending this one.';
 $messages['errorsaving'] = 'An error occured while saving';
 $messages['errormoving'] = 'Could not move the message';
 $messages['errordeleting'] = 'Could not delete the message';

Index: program/steps/mail/sendmail.inc
===================================================================
--- program/steps/mail/sendmail.inc     (revision 8)
+++ program/steps/mail/sendmail.inc     (working copy)
@@ -136,7 +136,18 @@

 /****** check submission and compose message ********/

+if(isset($CONFIG['sendmail_delay']))
+  {
+  if(intval($_SESSION['last_message_sent_at']) > time() - intval($CONFIG['sendmail_delay']))
+    {
+    $OUTPUT->show_message("senttooquickly", 'error');
+    $OUTPUT->send('iframe');
+    return;
+    }
+  $_SESSION['last_message_sent_at'] = time();
+  }
 
+
 if (!$savedraft && empty($_POST['_to']) && empty($_POST['_subject']) && $_POST['_message'])
   {
   $OUTPUT->show_message("sendingfailed", 'error');

Change History

Changed 15 months ago by thomasb

  • component changed from Client to PHP backend
  • milestone set to 0.1.1

Good point!

Changed 7 months ago by thomasb

  • milestone changed from 0.1.1 to 0.1.5

0.1.1 is feature frozen

Changed 5 months ago by anonymous

  • milestone deleted

Milestone 0.1.5 deleted

Changed 5 weeks ago by alec

  • milestone set to 0.2-beta

Changed 4 weeks ago by alec

  • status changed from new to closed
  • resolution set to fixed

Added in r1793.

Changed 4 weeks ago by tensor

Hmm, as the restriction is stored in session, so it is possible to relogin an clear the timeout. Am I wrong?

Note: See TracTickets for help on using tickets.