check for spam in registration / login post

Author: Franky5831

src/Controllers/User.php

@@ -3,23 +3,35 @@
 namespace Franky5831\CodeIgniter4UserLibrary\Controllers;
 
 use CodeIgniter\Controller;
+use Exception;
 use Franky5831\CodeIgniter4UserLibrary\Models\User as UserModel;
 
 class User extends Controller
 {
+	private $userModel;
+
 	public function __construct()
 	{
 		// Loads the user helper
 		helper('user_helper');
 		// Adds form validation user rules
 		config('Validation')->ruleSets[] = \Franky5831\CodeIgniter4UserLibrary\Validation\ValidationRules::class;
+
+		$this->userModel = new UserModel();
 	}
 
 	public function login(): \CodeIgniter\HTTP\RedirectResponse|string
 	{
+		$config = config(\Franky5831\CodeIgniter4UserLibrary\Config\App::class);
+		$userCanLogin = $config->userCanLogin;
+		if (!$userCanLogin) {
+			throw \CodeIgniter\Exceptions\PageNotFoundException::forPageNotFound();
+		}
+
 		if (isLoggedIn()) {
 			throw \CodeIgniter\Exceptions\PageNotFoundException::forPageNotFound();
 		}
+
 		$validationRules = [
 			'email' => [
 				'label' => 'Email',
@@ -34,13 +46,16 @@ public function login(): \CodeIgniter\HTTP\RedirectResponse|string
 		$captchaRules = $this->getCaptchaRules();
 		$validationRules = array_merge($validationRules, $captchaRules);
 
-		if ($this->request->getMethod() == "POST" && $this->validate($validationRules)) {
-			$userModel = new userModel();
-			$user = $userModel->where("email", $this->request->getPost("email"))->first();
+		if ($this->request->getMethod() == "POST") {
+			if ($this->userModel->getUserCanPost() && $this->validate($validationRules)) {
+				$user = $this->userModel->where("email", $this->request->getPost("email"))->first();
 
-			$this->setUserMethod($user);
+				$this->setUserMethod($user);
 
-			return redirect()->to("/");
+				return redirect()->to("/");
+			} else {
+				$this->userModel->setPostError();
+			}
 		}
 		try {
 			// Returns the view from the app's folder, if it doesn't exist, it returns the vendor's view
@@ -81,27 +96,29 @@ public function register(): \CodeIgniter\HTTP\RedirectResponse|string
 		$userExtraAttributes = $config->userExtraAttributes;
 		$validationRules = array_merge($validationRules, $captchaRules, $userExtraAttributes);
 
-		if ($this->request->getMethod() == "POST" && $this->validate($validationRules)) {
-			$userModel = new UserModel();
-
-			$userData = [
-				'email' => $this->request->getPost('email'),
-				'password' => $this->request->getPost('password'),
-			];
-			foreach ($userExtraAttributes as $attribute => $data) {
-				$attributeValue = $this->request->getPost($attribute);
-				$userData[$attribute] = $attributeValue;
-			}
+		if ($this->request->getMethod() == "POST") {
+			if ($this->userModel->getUserCanPost() && $this->validate($validationRules)) {
+				$userData = [
+					'email' => $this->request->getPost('email'),
+					'password' => $this->request->getPost('password'),
+				];
+				foreach ($userExtraAttributes as $attribute => $data) {
+					$attributeValue = $this->request->getPost($attribute);
+					$userData[$attribute] = $attributeValue;
+				}
 
-			$userModel->save($userData);
-			$session = session();
+				$this->userModel->save($userData);
+				$session = session();
 
-			$user = $userModel->where("email", $this->request->getPost("email"))->first();
-			$this->setUserMethod($user);
+				$user = $this->userModel->where("email", $this->request->getPost("email"))->first();
+				$this->setUserMethod($user);
 
-			$session->setFlashdata('success', "Registrazione avvenuta con successo");
+				$session->setFlashdata('success', "Registrazione avvenuta con successo");
 
-			return redirect()->to('/');
+				return redirect()->to('/');
+			} else {
+				$this->userModel->setPostError();
+			}
 		}
 
 		try {
@@ -135,9 +152,8 @@ private function getCaptchaRules(): array
 					throw new \Exception("The selected captcha type does not exists", 1);
 					break;
 			}
-
-			return $validationRules;
 		}
+		return $validationRules;
 	}
 
 	private function setUserMethod($user): void

src/Language/en/Validation.php

@@ -5,4 +5,5 @@
 	'validate_recaptcha_v3' => 'Captcha is not valid',
 	'validateUser' => 'Email or password are not valid',
 	'validateXss' => 'The {field} field contains invalid characters',
+	'user_cant_post' => 'You have exceeded the maximum number of errors. Please try again later.',
 ];

src/Language/it/Validation.php

@@ -5,4 +5,5 @@
 	'validate_recaptcha_v3' => 'Il captcha non è valido',
 	'validateUser' => 'Email o password non sono validi',
 	'validateXss' => 'Il campo {field} contiene caratteri non consentiti',
+	'user_cant_post' => 'Hai superato il numero massimo di errori. Per favore riprova più tardi.',
 ];

src/Models/User.php

@@ -38,4 +38,50 @@ protected function passowrdHash(array $data): array
 		}
 		return $data;
 	}
+
+	public function setPostError(): void
+	{
+		$clientIp = getClientIp();
+		$cache = service('cache');
+
+		$clientIpCacheId = "client_ip_error_" . $clientIp;
+		$clientIpCacheVal = $cache->get($clientIpCacheId);
+		if ($clientIpCacheVal) {
+			$clientIpCacheVal++;
+		} else {
+			$clientIpCacheVal = 1;
+		}
+		$config = config(\Franky5831\CodeIgniter4UserLibrary\Config\App::class);
+		$userErrorTimeout = $config->userErrorTimeout;
+		$cache->save($clientIpCacheId, $clientIpCacheVal, $userErrorTimeout);
+	}
+
+	private function getPostError(): int
+	{
+		$clientIp = getClientIp();
+		$cache = service('cache');
+
+		$clientIpCacheId = "client_ip_error_" . $clientIp;
+		$clientIpCacheVal = $cache->get($clientIpCacheId);
+		if (!$clientIpCacheVal) {
+			$clientIpCacheVal = 0;
+		}
+
+		return $clientIpCacheVal;
+	}
+
+	public function getUserCanPost(): bool
+	{
+		$config = config(\Franky5831\CodeIgniter4UserLibrary\Config\App::class);
+		$userPostErrorLogger = $config->userPostErrorLogger;
+		if ($userPostErrorLogger) {
+			$maxPostErrors = $config->maxPostErrors;
+			$userCanPost = $this->getPostError() < $maxPostErrors;
+			if (!$userCanPost) {
+				\Config\Services::validation()->setError("user_cant_post", lang('Validation.user_cant_post'));
+			}
+			return $userCanPost;
+		}
+		return true;
+	}
 }