summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorINOPIAE <inopiae@cacert.org>2014-02-28 18:07:55 +0100
committerINOPIAE <inopiae@cacert.org>2014-02-28 18:07:55 +0100
commitb3259b8d3fb310ce833545ba2329ad221b92809c (patch)
treeff50811f614d38bcaf4e0a0103489d47835f0124
parent38e62d200f790a72d6d5b097917132f6e5e36f5b (diff)
downloadcacert-devel-b3259b8d3fb310ce833545ba2329ad221b92809c.tar.gz
cacert-devel-b3259b8d3fb310ce833545ba2329ad221b92809c.tar.xz
cacert-devel-b3259b8d3fb310ce833545ba2329ad221b92809c.zip
bug 649: added check for numbers of assurer status request per hour
-rw-r--r--includes/notary.inc.php4
-rw-r--r--www/wot.php9
2 files changed, 9 insertions, 4 deletions
diff --git a/includes/notary.inc.php b/includes/notary.inc.php
index dbdbf80..da1b8c8 100644
--- a/includes/notary.inc.php
+++ b/includes/notary.inc.php
@@ -1140,10 +1140,10 @@
$typeid = intval($typeid);
$hours = intval($hours);
$res = query_init ("SELECT count(*) AS `no` FROM `adminlog`
- WHERE `adminid` = " . $uid . " AND `admintypeid`=" . $typeid . " and `when` > NOW() - INTERVAL " . $hours . " HOUR " );
+ WHERE `adminid` = " . $uid . " AND `actiontypeid`=" . $typeid . " and `when` > NOW() - INTERVAL " . $hours . " HOUR " );
$row = query_getnextrow($res);
- return intval($row['id']);
+ return intval($row['no']);
}
/**
diff --git a/www/wot.php b/www/wot.php
index 949c18d..bd04f4f 100644
--- a/www/wot.php
+++ b/www/wot.php
@@ -574,15 +574,20 @@ $iecho= "c";
{
$oldid=0;
$id = 0;
+ $number=5;
$email = mysql_real_escape_string(trim($_REQUEST['email']));
$reason = mysql_real_escape_string(trim($_REQUEST['reason']));
$uid = get_user_id_from_email($email);
if ($uid == 0) {
- show_page("AssurerCheck","",_("I'm sorry, there was no email matching what you entered in the system. Please double check your information."));
+ show_page("AssurerCheck", "", _("I'm sorry, there was no email matching what you entered in the system. Please double check your information."));
exit;
}
if ($reason == "--") {
- show_page("AssurerCheck","",_("I'm sorry, there was no reason given why you need to check the assurer status."));
+ show_page("AssurerCheck", "" ,_("I'm sorry, there was no reason given why you need to check the assurer status."));
+ exit;
+ }
+ if (get_number_of_adminlog_entries($_SESSION['profile']['id'],1000,1) > $number) {
+ show_page("AssurerCheck", "", sprintf(_("I'm sorry, you reached the maximum requests of %s per hour. Please wait until you try it again."),$number));
exit;
}
if (is_assurer($uid)) {