feat(login): not sending email if device is in history

2024-11-21 21:08:42 +00:00 · 2023-02-15 14:09:40 +08:00 · 2023-02-15 14:09:40 +08:00 · a6e0a20cf2
commit a6e0a20cf2
parent ebeed712bf
2 changed files with 39 additions and 11 deletions
--- a/web/app/controllers/login.php
+++ b/web/app/controllers/login.php
@ -41,22 +41,33 @@ function handleLoginPost() {
 		return 'account:' . $account_status;
 	}

+	// Login
 	Auth::login($user['username']);

+	// Check visit history
 	$remote_addr = UOJContext::remoteAddr();
 	$http_x_forwarded_for = UOJContext::httpXForwardedFor();
 	$user_agent = UOJContext::httpUserAgent();
-	sendEmail($user['username'], '新登录', <<<EOD
-	<p>您收到这封邮件是因为有人通过以下方式登录了您的帐户：</p>
+	$matched_history = UOJUser::getMatchedVisitHistory($user, [
+		'addr' => $remote_addr,
+		'forwarded_addr' => $http_x_forwarded_for,
+		'ua' => $user_agent,
+	]);

-	<ul>
-		<li>请求 IP: {$remote_addr}</li>
-		<li>转发源 IP: {$http_x_forwarded_for} </li>
-		<li>用户代理: {$user_agent}</li>
-	</ul>
+	// If not matched, send email
+	if ($matched_history == null) {
+		sendEmail($user['username'], '新登录', <<<EOD
+		<p>您收到这封邮件是因为有人通过以下方式登录了您的帐户：</p>

-	<p>如果这是您进行的登录操作，请忽略此邮件。如果您没有进行过登录操作，请立即重置您账号的密码。</p>
-	EOD);
+		<ul>
+			<li>请求 IP: {$remote_addr}</li>
+			<li>转发源 IP: {$http_x_forwarded_for} </li>
+			<li>用户代理: {$user_agent}</li>
+		</ul>
+
+		<p>如果这是您进行的登录操作，请忽略此邮件。如果您没有进行过登录操作，请立即重置您账号的密码。</p>
+		EOD);
+	}

 	return "ok";
 }
--- a/web/app/models/UOJUser.php
+++ b/web/app/models/UOJUser.php
@ -276,7 +276,7 @@ class UOJUser {
 		], $user['username']);
 	}

-	public static function getUpdatedExtraVisitHistory($history, $cur) {
+	public static function getUpdatedExtraVisitHistory($history, $cur = null) {
 		$new_h = [];
 		$oldest = clone UOJTime::$time_now;
 		$oldest->modify('-1 month');
@ -386,13 +386,30 @@ class UOJUser {
 		return $cur;
 	}

+	public static function getMatchedVisitHistory($user, $info) {
+		$extra = UOJUser::getExtra($user);
+		$new_h = UOJUser::getUpdatedExtraVisitHistory($extra['history']);
+
+		foreach ($new_h as $history) {
+			if (
+				$history['addr'] == $info['addr'] &&
+				$history['forwarded_addr'] == $info['forwarded_addr'] &&
+				$history['ua'] == substr($info['ua'], 0, UOJUser::MAX_UA_LEN)
+			) {
+				return $history;
+			}
+		}
+
+		return null;
+	}
+
 	public static function updateVisitHistory($user, $info) {
 		$extra = UOJUser::getExtra($user);
 		$cur = [
 			'addr' => $info['remote_addr'],
 			'forwarded_addr' => $info['http_x_forwarded_for'],
 			'ua' => substr($info['http_user_agent'], 0, UOJUser::MAX_UA_LEN),
-			'last' => UOJTime::$time_now_str
+			'last' => UOJTime::$time_now_str,
 		];

 		$extra['history'] = UOJUser::getUpdatedExtraVisitHistory($extra['history'], $cur);