Anti flood system, deploy after certificate is bought

Review Request #188 - Created Jan. 30, 2012 and submitted - Latest diff uploaded

Information
Adrian Budau
infoarena
Reviewers
hackers
Added a token based system for actions on site.
Secured the login and register page
Fixed the recaptcha https server

There is a maximum amount of tokens per IP. 
Actions like register and login cost tokens.
When there are not enough tokens a captcha is requested. 
The tokens regenerate at a constant rate.

Example -> This is how the captcha is requested at this moment for register/login:

You can login/logout as manytimes as you want. If you do 3 bad login attempts a captcha will appear and will be requested until you login correctly.
You always need a captcha for registering and after that after only one bad login attempt a captcha will be requested. 
You can logout and login a different account without the need of a captcha(there is no way to use this as a brute-force entrance).

All of these are checked on the client's IP.

Token system description below:

You can communicate with the tokens system with the functions
get_tokens to get current tokens
check_captcha_for_tokens to check for captcha submits and their correctness thus adding an amount of tokens, this function also returns the error of the captcha(it can be forced to search for all errors)
pay_tokens which pays a certain amount of tokens or receives(if used with a negative value), it returns true or false weather it can pay or not(has enough)
save_tokens(which pushes the tokens to the mysql db)

Loading...