Besoin d'aide ?

Demande d'aide pour bloquer/bannir des inscriptions d'emails

  • Avatar de Jean-PhilippeMARQUE
    Membre depuis :
    17/12/2016
    Messages :
    3

    Bonjour,
    j'ai un script qui est spammé par des inscriptions d'utilisateur genre @mail.ru, @mail.su, @xxx.pl etc..
    bref je reçois environs 90 nouveaux inscripts par jour et j'aimerais pouvoir les bloquer. Je précise que j'ai demandé une verification par mail mais ça ne suffit pas... Je veut bannir ces domaines
    genre avec ce type de code :

    if (preg_match('/.(ru|su|pl)$/', $email))
    return false;

    ou un truc dans ce genre

    <?php

    $bannedDomains = array('@yopmail.com', '@yopmail.fr', '@brefmail.com');

    foreach($bannedDomains as $domain) {
    if(true === strrpos($_POST['email'], $domain) {
    echo 'Adresse email invalide';

    break;
    }
    }

    ?>

    le problème c'est que je comprend rien au code Laravel...
    On m'a dit de regarder dans ce fichier SessionController.php mais je vois pas...

    <?php

    use Lib\Services\Social\Auth;
    use Lib\Services\Validation\LoginValidator;

    class SessionController extends BaseController {

    /
    Validator instance.

    @var Lib\Services\Validation\LoginValidator
    /
    private $validator;

    /

    Hybrid authentication instance.

    @var Hybrid_Auth
    /
    private $hybrid;

    /
    Holds social newtwork user profile.

    @var Object.
    /
    private $profile;

    /

    Social authentication manager instance.

    @var Lib\Services\Social\Auth
    /
    private $social;

    /
    Social login response.

    @var mixed
    /
    private $response;

    public function __construct(LoginValidator $validator, Hybrid_Auth $hybrid, Auth $social)
    {
    $this->social = $social;
    $this->hybrid = $hybrid;
    $this->validator = $validator;
    }

    /

    Create new season (log the user in)

    @return Response
    /
    public function create()
    {
    //store the refferer so we can redirect to the
    //intended page after login
    if ( ! str_contains(URL::previous(), 'register'))
    {
    Session::put('url.intended', URL::previous());
    }

    //if user is already logged in redirect home
    if (Sentry::check()) return Redirect::to('/');

    return View::make('Users.Login');
    }

    /
    Logs the user in.

    @return Response
    /
    public function store()
    {
    $input = Input::except('_token');
    if ( ! isset($input['remember'])) $input['remember'] = false;

    if ( ! $this->validator->with($input)->passes())
    {
    return Redirect::back()->withErrors($this->validator->errors())->withInput($input);
    }

    try
    {
    $credentials = array('username' => $input['username'], 'password' => $input['password']);

    Sentry::authenticate($credentials, $input['remember']);
    }

    catch (Cartalyst\Sentry\Users\WrongPasswordException $e)
    {
    $messages = array('username' => 'Username and password do not match.');
    }
    catch (Cartalyst\Sentry\Users\UserNotFoundException $e)
    {
    $messages = array('username' => 'Username and password do not match.');
    }
    catch (Cartalyst\Sentry\Users\UserNotActivatedException $e)
    {
    $messages = array('username' => 'This user is not activated.');
    }
    catch (Cartalyst\Sentry\Throttling\UserSuspendedException $e)
    {
    $messages = array('username' => 'This user is suspended.');
    }
    catch (Cartalyst\Sentry\Throttling\UserBannedException $e)
    {
    $messages = array('username' => 'This user is banned');
    }

    if ( ! empty($messages) )
    {
    return Redirect::back()->withInput()->withErrors($messages);
    }

    return Redirect::intended();
    }

    /

    Logs the use with twitter, fb, or google.

    @param string $action [description]
    @return Redirect
    */
    public function social($action = 'facebook')
    {
    //if user is already logged in redirect home
    if (Sentry::check()) return Redirect::to('/');

    // fix for redirect loop
    if ($action == "auth") {
    try {
    Hybrid_Endpoint::process();
    }
    catch (Exception $e) {
    return Redirect::route('hybridauth');
    }
    return;
    }

    $this->response = $this->social->login($action);

    //successfully logged user in
    if ($this->response && ! is_array($this->response))
    {
    return Redirect::intended();
    }

    //if response is array and key twitter exists we're logging in
    //with twitter, we'll need to ask user for email as twitter
    //doesnt provide it.
    elseif (isset($this->response['twitter']))
    {
    return View::make('Users.TwitterEmail');
    }
    elseif (isset($this->response['error']))
    {
    return Redirect::to('login')->withFailure($this->response['error']);
    }

    return Redirect::to('login')->withFailure( trans('main.problem with social login') );
    }

    /*
    Logs the user in after he provides his email
    and authenticates with twitter.

    @return Redirect
    /
    public function twitterEmail()
    {
    $email = Input::get('email');
    //check if email already exists
    $exists = User::where('email', $email)->get();

    if ( ! $exists->isEmpty() || ! $email)
    {
    return View::make('Users.TwitterEmail')->withFailure( trans('main.email exists') );
    }

    $auth = App::make('Lib\Services\Social\Auth');

    $provider = $this->social->hybrid->authenticate('twitter');
    $this->social->profile = $provider->getUserProfile();
    $this->social->service = 'twitter';
    $user = $this->social->createProfile($email);
    $this->social->linkProfileWithIdentifier($email);
    $this->social->loginWithSentry($user);

    return Redirect::intended();
    }

    /*
    Logs the user out.

    @return redirect
    */
    public function logOut()
    {
    Sentry::logout();
    $this->social->logout();

    return Redirect::to('/');
    }

    }

    Bref si quelqu'un pouvait me dire où je dois regarder ou me donner un bout de code qui permet de bloquer les intrusions et l'endroit où le mettre ce serait sympa....

    merci d'avance

  • Avatar de Jean-PhilippeMARQUE
    Membre depuis :
    17/12/2016
    Messages :
    3

    Bon après pas mal de prise de tête...
    j'ai trouvé comment le faire...
    aller dans app/controllers/UserController.php ligne 79 rajouter :

    /** Modif **/
    $bannedDomains = array('@mail.ru', '@yandex.kz', '@yandex.ru', '@printall.com.ua');

    foreach($bannedDomains as $domain) {
    if(strrpos($_POST['email'], $domain)) {
    return Redirect::back();
    }
    }
    /** Fin Modif **/

    Dans le code complet :

    <?php

    use Carbon\Carbon;
    use Lib\Services\Validation\UserValidator;
    use Lib\Repositories\User\UserRepositoryInterface as Repo;

    class UserController extends \BaseController {

    /
    User validator instance.

    @var Lib\Services\Validation\UserValidator
    /
    private $registerValidator;

    /

    User repository instance.

    @var Lib\Repositories\User\UserRepositoryInterface
    /
    private $user;

    /
    Options instance.

    @var Lib\Services\Options\Options
    /
    private $options;

    /

    Apply filters and innstantiate dependencies.
    /
    public function __construct(UserValidator $validator, Repo $user)
    {
    $this->beforeFilter('csrf', array('on' => 'post'));
    $this->beforeFilter('is.admin', array('only' => array('ban', 'destroy', 'unban', 'assignToGroup', 'createNew', 'update')));
    $this->beforeFilter('is.user', array('only' => array('edit', 'changePassword')));

    $this->user = $user;
    $this->validator = $validator;

    $this->options = App::make('options');
    }

    /
    Return users for pagination.

    @return JSON
    /
    public function paginate()
    {
    return $this->user->paginate(Input::except('_token'));
    }

    /

    Displays registration view.

    @return View.
    /
    public function create()
    {
    return View::make('Users.Register');
    }

    /
    Stores new user in database.

    @return View.
    /
    public function store()
    {
    $input = Input::except('_method', '_token', 'submit');

    if ( ! $this->validator->with($input)->passes())
    {
    return Redirect::back()->withErrors($this->validator->errors())->withInput($input);
    }

    /****
    Modif**/
    $bannedDomains = array('@mail.ru', '@yandex.kz', '@yandex.ru', '@printall.com.ua');

    foreach($bannedDomains as $domain) {
    if(strrpos($_POST['email'], $domain)) {
    return Redirect::back();
    }
    }
    /** Fin Modif**/

    if ($this->options->requireUserActivation())
    {
    $this->user->register($input);

    return Redirect::back()->withSuccess( trans('users.registered successfully') );
    }

    $this->user->register($input, true);

    return Redirect::back()->withSuccess( trans('users.registered successfully no act') );
    }

    /
    Create a new user. Admin only.

    @return JSON
    /
    public function createNew()
    {
    $input = Input::except('_token');

    if ( ! $this->validator->with($input)->passes())
    {
    return Response::json($this->validator->errors(), 400);
    }

    $this->user->register($input, true);

    return Response::json('User created successfully', 201);
    }

    /

    Activates provided user.

    @param string $id user id
    @param string $code activation code

    @return void
    */
    public function activate($id, $code)
    {
    try
    {
    $this->user->activate( e($id), e($code) );
    }
    catch (Cartalyst\Sentry\Users\UserNotFoundException $e)
    {
    return Redirect::to('/')->withInfo( trans('users.not found or already activated') );
    }
    catch (Cartalyst\Sentry\Users\UserAlreadyActivatedException $e)
    {
    return Redirect::to('/')->withInfo( trans('users.not found or already activated') );
    }

    return Redirect::to('/')->withSuccess( trans('users.activated successfully') );
    }

    /
    Shows specified users profile.

    @param int $id
    @return View.
    */
    public function show($name)
    {
    $data = $this->user->prepareProfile($name);

    return View::make('Users.Show')->withUser($data['user'])
    ->with('favCount', $data['favCount'])
    ->with('revCount', $data['revCount'])
    ->with('watCount', $data['watCount']);
    }

    /*
    Show the form for editing user information.

    @param string $username
    @return View
    /
    public function edit($name)
    {
    $user = $this->user->byUri($name);

    return View::make('Users.Edit')->withUser($user);
    }

    /

    Uploads and associates user avatar.

    @param string $username
    @return void
    */
    public function avatar($username)
    {
    $input = array('avatar' => Input::file('avatar'));

    if ( ! $this->validator->setRules('avatar')->with($input)->passes())
    {
    return Redirect::back()->withErrors($this->validator->errors());
    }

    $this->user->uploadAvatar($input, $username);

    return Redirect::back()->withSuccess( trans('users.uploaded avatar success') );
    }

    /
    Uploads and associates user profile background.

    @param string $id
    @return void
    */
    public function background($id)
    {
    $input = array('bg' => Input::file('bg'));

    if ( ! $this->validator->setRules('background')->with($input)->passes())
    {
    return Redirect::back()->withErrors($this->validator->errors());
    }

    $this->user->uploadBg($input, $id);

    return Redirect::back()->withSuccess( trans('users.uploaded avatar success') );
    }

    /*
    Update users general information.

    @param string $username
    @return Redirect
    /
    public function update($username)
    {
    $user = $this->user->byUsername($username);

    $input = Input::except('_method', '_token', 'password', 'password_confirmation');

    if ( ! $this->validator->setRules('editInfo')->with($input)->passes())
    {
    return Redirect::back()->withErrors($this->validator->errors());
    }

    $this->user->update($user, $input);

    if (Request::ajax())
    {
    return Response::json(trans('users.update success'), 200);
    }

    return Redirect::to(Helpers::url($user->username, $user->id, 'users'))->withSuccess( trans('users.update success') );
    }

    /

    Displays a page for changing password.

    @param string $username
    @return View
    */
    public function changePassword($username)
    {
    $user = $this->user->byUri($username);

    return View::make('Users.ChangePassword')->withUser($user);
    }

    /
    Stores new user password in database.

    @param string $username
    @return void
    */
    public function storeNewPass($username)
    {
    $user = Sentry::findUserByLogin($username);

    $input = Input::except('_token');

    $this->validator->rules = array(
    'new_password' => 'required|confirmed|min:5|max:30',
    'old_password' => 'required|min:5|max:30');

    if ( ! $this->validator->with($input)->passes())
    {
    return Redirect::back()->withErrors($this->validator->errors());
    }

    if ( ! $user->checkPassword( $input['old_password']) )
    {
    return Redirect::back()->withErrors(array('old_password' => trans('users.password didnt match')));
    }

    $this->user->changePassword($input, $username);

    return Redirect::to('/')->withSuccess( trans('users.changed pass success') );
    }

    /*
    Deletes user and related records from database.

    @param int $id
    @return Redirect
    /
    public function destroy($id)
    {
    if (Sentry::getUser()->id == $id)
    {
    return Response::json(trans('users.can\'t delete account you\'re logged in with'), 400);
    }

    try
    {
    $this->user->delete($id);
    }
    catch (Cartalyst\Sentry\Users\UserNotFoundException $e)
    {
    return Response::json( trans('users.user not found'), 404);
    }

    return Response::json(trans('users.user deleted successfully'), 200);
    }

    /

    Bans the specified user.

    @param string $id
    @return Redirect
    */
    public function ban($id)
    {
    if ($this->user->ban( e($id) ))
    {
    return Redirect::back()->withSuccess( trans('users.banned successfully', array('id' => $id)) );
    }
    else
    {
    return Redirect::back()->withFailure( trans('users.ban failed', array('id' => $id)) );
    }
    }

    /
    Unbans the specified user.

    @param string $id username
    @return redirect with response
    */
    public function unban($login)
    {
    $this->user->unban( e($login) );

    return Redirect::back()->withSuccess( trans('users.unbanned successfully', array('id' => $login)) );
    }

    /*
    Assigns specified group to the specified user.

    @param string $login
    @return Redirect
    /
    public function assignToGroup($login)
    {
    $input = Input::except('_token');

    $this->user->assignGroup($input, e($login));

    return Redirect::back()->withSuccess( trans('users.group assigned') );
    }

    /

    Displays view for requesting a password reset.

    @return Redirect/View
    /
    public function requestPassReset()
    {
    if (Sentry::check())
    {
    return Redirect::to('/')->withInfo( trans('users.already logged in') );
    }

    return View::make('Users.ResetPassword');
    }

    /
    Sends passowrd reset email.

    @return Redirect
    /
    public function sendPasswordReset()
    {
    $input = Input::except('_token');

    $this->validator->rules = array('email' => 'required|email|max:40|exists:users,email');

    if ( ! $this->validator->with($input)->passes())
    {
    return Redirect::back()->withErrors($this->validator->errors())->withInput($input);
    }

    $this->user->sendPassReset($input);

    return Redirect::to('/')->withSuccess( trans('users.reset email sent') );
    }

    /

    Display user favorite titles page.

    @param string $name
    @return View
    */
    public function showFavorites($name)
    {
    $data = $this->user->prepareProfile('favorite', $name, Input::all());

    return View::make('Users.Profile')->withUser($data['user'])
    ->withWatchlist($data['watchlist'])
    ->withFavorite($data['favorite'])
    ->withReviews($data['reviews'])
    ->with('revCount', $data['revCount'])
    ->with('favCount', $data['favCount'])
    ->with('watCount', $data['watCount']);
    }

    /*
    Display user review page.

    @param string $name
    @return View
    /
    public function showReviews($name)
    {
    $data = $this->user->prepareProfile('favorite', $name, Input::all());

    return View::make('Users.Reviews')->withUser($data['user'])
    ->withWatchlist($data['watchlist'])
    ->withFavorite($data['favorite'])
    ->withReviews($data['reviews'])
    ->with('revCount', $data['revCount'])
    ->with('favCount', $data['favCount'])
    ->with('watCount', $data['watCount']);
    }

    /*
    Resets user password.

    @param string $code
    @return Redirect
    /
    public function resetPassword($code)
    {
    $new = str_random(20);

    try
    {
    $user = Sentry::findUserByResetPasswordCode( e($code) );
    }
    catch (Cartalyst\Sentry\Users\UserNotFoundException $e)
    {
    return Redirect::to('/')->withFailure( trans('users.invalid reset code') );
    }

    if ( $this->user->resetPassword($user, e($code), $new))
    {
    $data = array('username' => $user->username, 'email' => $user->email, 'password' => $new);

    $this->user->sendNewPassword($data);

    return Redirect::to('/')->withSuccess( trans('users.pass reset success') );

    Event::fire('User.PasswordReset', array($user->username, Carbon::now()));
    }

    return Redirect::to('/')->withFailure( trans('users.pass reset failure') );
    }

    }

    Voilà bonne bourre :)

  • Avatar de Jean-PhilippeMARQUE
    Membre depuis :
    17/12/2016
    Messages :
    3

    Aller juste pour aider les gens dans le besoins si jamais vous avez besoins de le faire sur votre site ;)
    J'ai finalement changé le code pour le faire avec des wildcards

    $rule= "/((.ru)|(@yandex.kz)|(.com.ua))$/i";
    if (preg_match($rule,$_POST['email'])) {
    return Redirect::back();
    }

    Ca bloque tous les mail finissant par .ru ou .com.ua ou les mails @yandex.kz

Vous ne pouvez pas répondre à ce sujet.