Browse Source

bug fix: wrong request limit check key

master
filesite 6 months ago
parent
commit
0903226772
  1. 39
      themes/tajian/controller/FrontapiController.php

39
themes/tajian/controller/FrontapiController.php

@ -51,10 +51,11 @@ Class FrontApiController extends SiteController {
*/ */
public function actionAddfav() { public function actionAddfav() {
$ip = $this->getUserIp(); $ip = $this->getUserIp();
$check_key = "addfav_{$ip}";
$check_time = 60; //1 分钟内 $check_time = 60; //1 分钟内
$max_time_in_minutes = 10; //最多 10 次 $max_time_in_minutes = 10; //最多 10 次
$isUserGotRequestLimit = $this->requestLimit($ip, $max_time_in_minutes, $check_time); $isUserGotRequestLimit = $this->requestLimit($check_key, $max_time_in_minutes, $check_time);
if ($isUserGotRequestLimit) { if ($isUserGotRequestLimit) {
$this->logError("Request limit got, ip: {$ip}"); $this->logError("Request limit got, ip: {$ip}");
throw new Exception('Oops,操作太快了,请喝杯咖啡休息会吧...'); throw new Exception('Oops,操作太快了,请喝杯咖啡休息会吧...');
@ -564,10 +565,11 @@ eof;
//获取短信验证码 //获取短信验证码
public function actionSendsmscode() { public function actionSendsmscode() {
$ip = $this->getUserIp(); $ip = $this->getUserIp();
$check_key = "sendsmscode_{$ip}";
$check_time = 300; //5 分钟内 $check_time = 300; //5 分钟内
$max_time_in_minutes = 3; //最多 3 次 $max_time_in_minutes = 3; //最多 3 次
$isUserGotRequestLimit = $this->requestLimit($ip, $max_time_in_minutes, $check_time); $isUserGotRequestLimit = $this->requestLimit($check_key, $max_time_in_minutes, $check_time);
if ($isUserGotRequestLimit) { if ($isUserGotRequestLimit) {
$this->logError("Request limit got, ip: {$ip}"); $this->logError("Request limit got, ip: {$ip}");
throw new Exception('Oops,操作太快了,请喝杯咖啡休息会吧...'); throw new Exception('Oops,操作太快了,请喝杯咖啡休息会吧...');
@ -632,10 +634,11 @@ eof;
//新用户注册 //新用户注册
public function actionCreateuser() { public function actionCreateuser() {
$ip = $this->getUserIp(); $ip = $this->getUserIp();
$check_key = "createuser_{$ip}";
$check_time = 120; //2 分钟内 $check_time = 120; //2 分钟内
$max_time_in_minutes = 5; //最多 5 次 $max_time_in_minutes = 5; //最多 5 次
$isUserGotRequestLimit = $this->requestLimit($ip, $max_time_in_minutes, $check_time); $isUserGotRequestLimit = $this->requestLimit($check_key, $max_time_in_minutes, $check_time);
if ($isUserGotRequestLimit) { if ($isUserGotRequestLimit) {
$this->logError("Request limit got, ip: {$ip}"); $this->logError("Request limit got, ip: {$ip}");
throw new Exception('Oops,操作太快了,请喝杯咖啡休息会吧...'); throw new Exception('Oops,操作太快了,请喝杯咖啡休息会吧...');
@ -704,10 +707,11 @@ eof;
//用户登录 //用户登录
public function actionLoginuser() { public function actionLoginuser() {
$ip = $this->getUserIp(); $ip = $this->getUserIp();
$check_key = "login_{$ip}";
$check_time = 120; //2 分钟内 $check_time = 120; //2 分钟内
$max_time_in_minutes = 5; //最多 5 次 $max_time_in_minutes = 5; //最多 5 次
$isUserGotRequestLimit = $this->requestLimit($ip, $max_time_in_minutes, $check_time); $isUserGotRequestLimit = $this->requestLimit($check_key, $max_time_in_minutes, $check_time);
if ($isUserGotRequestLimit) { if ($isUserGotRequestLimit) {
$this->logError("Request limit got, ip: {$ip}"); $this->logError("Request limit got, ip: {$ip}");
throw new Exception('Oops,操作太快了,请喝杯咖啡休息会吧...'); throw new Exception('Oops,操作太快了,请喝杯咖啡休息会吧...');
@ -758,10 +762,11 @@ eof;
//昵称设置 //昵称设置
public function actionSetnickname() { public function actionSetnickname() {
$ip = $this->getUserIp(); $ip = $this->getUserIp();
$check_key = "setnickname_{$ip}";
$check_time = 120; //2 分钟内 $check_time = 120; //2 分钟内
$max_time_in_minutes = 5; //最多 5 次 $max_time_in_minutes = 5; //最多 5 次
$isUserGotRequestLimit = $this->requestLimit($ip, $max_time_in_minutes, $check_time); $isUserGotRequestLimit = $this->requestLimit($check_key, $max_time_in_minutes, $check_time);
if ($isUserGotRequestLimit) { if ($isUserGotRequestLimit) {
$this->logError("Request limit got, ip: {$ip}"); $this->logError("Request limit got, ip: {$ip}");
throw new Exception('Oops,操作太快了,请喝杯咖啡休息会吧...'); throw new Exception('Oops,操作太快了,请喝杯咖啡休息会吧...');
@ -816,10 +821,11 @@ eof;
//分类管理 //分类管理
public function actionSavetags() { public function actionSavetags() {
$ip = $this->getUserIp(); $ip = $this->getUserIp();
$check_key = "savetags_{$ip}";
$check_time = 120; //2 分钟内 $check_time = 120; //2 分钟内
$max_time_in_minutes = 10; //最多 10 次 $max_time_in_minutes = 10; //最多 10 次
$isUserGotRequestLimit = $this->requestLimit($ip, $max_time_in_minutes, $check_time); $isUserGotRequestLimit = $this->requestLimit($check_key, $max_time_in_minutes, $check_time);
if ($isUserGotRequestLimit) { if ($isUserGotRequestLimit) {
$this->logError("Request limit got, ip: {$ip}"); $this->logError("Request limit got, ip: {$ip}");
throw new Exception('Oops,操作太快了,请喝杯咖啡休息会吧...'); throw new Exception('Oops,操作太快了,请喝杯咖啡休息会吧...');
@ -905,10 +911,11 @@ eof;
//删除分类 //删除分类
public function actionDeletetag() { public function actionDeletetag() {
$ip = $this->getUserIp(); $ip = $this->getUserIp();
$check_key = "deltag_{$ip}";
$check_time = 120; //2 分钟内 $check_time = 120; //2 分钟内
$max_time_in_minutes = 10; //最多 10 次 $max_time_in_minutes = 10; //最多 10 次
$isUserGotRequestLimit = $this->requestLimit($ip, $max_time_in_minutes, $check_time); $isUserGotRequestLimit = $this->requestLimit($check_key, $max_time_in_minutes, $check_time);
if ($isUserGotRequestLimit) { if ($isUserGotRequestLimit) {
$this->logError("Request limit got, ip: {$ip}"); $this->logError("Request limit got, ip: {$ip}");
throw new Exception('Oops,操作太快了,请喝杯咖啡休息会吧...'); throw new Exception('Oops,操作太快了,请喝杯咖啡休息会吧...');
@ -965,10 +972,11 @@ eof;
//添加分类 //添加分类
public function actionAddtag() { public function actionAddtag() {
$ip = $this->getUserIp(); $ip = $this->getUserIp();
$check_key = "addtag_{$ip}";
$check_time = 120; //2 分钟内 $check_time = 120; //2 分钟内
$max_time_in_minutes = 15; //最多 15 次 $max_time_in_minutes = 15; //最多 15 次
$isUserGotRequestLimit = $this->requestLimit($ip, $max_time_in_minutes, $check_time); $isUserGotRequestLimit = $this->requestLimit($check_key, $max_time_in_minutes, $check_time);
if ($isUserGotRequestLimit) { if ($isUserGotRequestLimit) {
$this->logError("Request limit got, ip: {$ip}"); $this->logError("Request limit got, ip: {$ip}");
throw new Exception('Oops,操作太快了,请喝杯咖啡休息会吧...'); throw new Exception('Oops,操作太快了,请喝杯咖啡休息会吧...');
@ -1045,10 +1053,11 @@ eof;
//视频管理:把视频从分类中删除、添加视频到某个分类、删除视频 //视频管理:把视频从分类中删除、添加视频到某个分类、删除视频
public function actionDeletefav() { public function actionDeletefav() {
$ip = $this->getUserIp(); $ip = $this->getUserIp();
$check_key = "delfav_{$ip}";
$check_time = 120; //2 分钟内 $check_time = 120; //2 分钟内
$max_time_in_minutes = 60; //最多 60 次 $max_time_in_minutes = 60; //最多 60 次
$isUserGotRequestLimit = $this->requestLimit($ip, $max_time_in_minutes, $check_time); $isUserGotRequestLimit = $this->requestLimit($check_key, $max_time_in_minutes, $check_time);
if ($isUserGotRequestLimit) { if ($isUserGotRequestLimit) {
$this->logError("Request limit got, ip: {$ip}"); $this->logError("Request limit got, ip: {$ip}");
throw new Exception('Oops,操作太快了,请喝杯咖啡休息会吧...'); throw new Exception('Oops,操作太快了,请喝杯咖啡休息会吧...');
@ -1121,10 +1130,11 @@ eof;
public function actionUpdatefavstag() { public function actionUpdatefavstag() {
$ip = $this->getUserIp(); $ip = $this->getUserIp();
$check_key = "updatefavtag_{$ip}";
$check_time = 120; //2 分钟内 $check_time = 120; //2 分钟内
$max_time_in_minutes = 60; //最多 60 次 $max_time_in_minutes = 60; //最多 60 次
$isUserGotRequestLimit = $this->requestLimit($ip, $max_time_in_minutes, $check_time); $isUserGotRequestLimit = $this->requestLimit($check_key, $max_time_in_minutes, $check_time);
if ($isUserGotRequestLimit) { if ($isUserGotRequestLimit) {
$this->logError("Request limit got, ip: {$ip}"); $this->logError("Request limit got, ip: {$ip}");
throw new Exception('Oops,操作太快了,请喝杯咖啡休息会吧...'); throw new Exception('Oops,操作太快了,请喝杯咖啡休息会吧...');
@ -1187,10 +1197,11 @@ eof;
//创建收藏夹 //创建收藏夹
public function actionCreatedir() { public function actionCreatedir() {
$ip = $this->getUserIp(); $ip = $this->getUserIp();
$check_key = "createdir_{$ip}";
$check_time = 120; //2 分钟内 $check_time = 120; //2 分钟内
$max_time_in_minutes = 30; //最多 30 次 $max_time_in_minutes = 30; //最多 30 次
$isUserGotRequestLimit = $this->requestLimit($ip, $max_time_in_minutes, $check_time); $isUserGotRequestLimit = $this->requestLimit($check_key, $max_time_in_minutes, $check_time);
if ($isUserGotRequestLimit) { if ($isUserGotRequestLimit) {
$this->logError("Request limit got, ip: {$ip}"); $this->logError("Request limit got, ip: {$ip}");
throw new Exception('Oops,操作太快了,请喝杯咖啡休息会吧...'); throw new Exception('Oops,操作太快了,请喝杯咖啡休息会吧...');
@ -1259,10 +1270,11 @@ eof;
//账号共享接口 //账号共享接口
public function actionSharedir() { public function actionSharedir() {
$ip = $this->getUserIp(); $ip = $this->getUserIp();
$check_key = "sharedir_{$ip}";
$check_time = 120; //2 分钟内 $check_time = 120; //2 分钟内
$max_time_in_minutes = 10; //最多 10 次 $max_time_in_minutes = 10; //最多 10 次
$isUserGotRequestLimit = $this->requestLimit($ip, $max_time_in_minutes, $check_time); $isUserGotRequestLimit = $this->requestLimit($check_key, $max_time_in_minutes, $check_time);
if ($isUserGotRequestLimit) { if ($isUserGotRequestLimit) {
$this->logError("Request limit got, ip: {$ip}"); $this->logError("Request limit got, ip: {$ip}");
throw new Exception('Oops,操作太快了,请喝杯咖啡休息会吧...'); throw new Exception('Oops,操作太快了,请喝杯咖啡休息会吧...');
@ -1334,10 +1346,11 @@ eof;
//删除一个账号共享 //删除一个账号共享
public function actionDelsharedir() { public function actionDelsharedir() {
$ip = $this->getUserIp(); $ip = $this->getUserIp();
$check_key = "delsharedir_{$ip}";
$check_time = 120; //2 分钟内 $check_time = 120; //2 分钟内
$max_time_in_minutes = 10; //最多 10 次 $max_time_in_minutes = 10; //最多 10 次
$isUserGotRequestLimit = $this->requestLimit($ip, $max_time_in_minutes, $check_time); $isUserGotRequestLimit = $this->requestLimit($check_key, $max_time_in_minutes, $check_time);
if ($isUserGotRequestLimit) { if ($isUserGotRequestLimit) {
$this->logError("Request limit got, ip: {$ip}"); $this->logError("Request limit got, ip: {$ip}");
throw new Exception('Oops,操作太快了,请喝杯咖啡休息会吧...'); throw new Exception('Oops,操作太快了,请喝杯咖啡休息会吧...');

Loading…
Cancel
Save