feat(login): not sending email if device is in history

This commit is contained in:
Baoshuo Ren 2023-02-15 14:09:40 +08:00
parent ebeed712bf
commit a6e0a20cf2
Signed by: baoshuo
GPG Key ID: 00CB9680AB29F51A
2 changed files with 39 additions and 11 deletions

View File

@ -41,22 +41,33 @@ function handleLoginPost() {
return 'account:' . $account_status; return 'account:' . $account_status;
} }
// Login
Auth::login($user['username']); Auth::login($user['username']);
// Check visit history
$remote_addr = UOJContext::remoteAddr(); $remote_addr = UOJContext::remoteAddr();
$http_x_forwarded_for = UOJContext::httpXForwardedFor(); $http_x_forwarded_for = UOJContext::httpXForwardedFor();
$user_agent = UOJContext::httpUserAgent(); $user_agent = UOJContext::httpUserAgent();
sendEmail($user['username'], '新登录', <<<EOD $matched_history = UOJUser::getMatchedVisitHistory($user, [
<p>您收到这封邮件是因为有人通过以下方式登录了您的帐户:</p> 'addr' => $remote_addr,
'forwarded_addr' => $http_x_forwarded_for,
'ua' => $user_agent,
]);
<ul> // If not matched, send email
<li>请求 IP: {$remote_addr}</li> if ($matched_history == null) {
<li>转发源 IP: {$http_x_forwarded_for} </li> sendEmail($user['username'], '新登录', <<<EOD
<li>用户代理: {$user_agent}</li> <p>您收到这封邮件是因为有人通过以下方式登录了您的帐户:</p>
</ul>
<p>如果这是您进行的登录操作,请忽略此邮件。如果您没有进行过登录操作,请立即重置您账号的密码。</p> <ul>
EOD); <li>请求 IP: {$remote_addr}</li>
<li>转发源 IP: {$http_x_forwarded_for} </li>
<li>用户代理: {$user_agent}</li>
</ul>
<p>如果这是您进行的登录操作,请忽略此邮件。如果您没有进行过登录操作,请立即重置您账号的密码。</p>
EOD);
}
return "ok"; return "ok";
} }

View File

@ -276,7 +276,7 @@ class UOJUser {
], $user['username']); ], $user['username']);
} }
public static function getUpdatedExtraVisitHistory($history, $cur) { public static function getUpdatedExtraVisitHistory($history, $cur = null) {
$new_h = []; $new_h = [];
$oldest = clone UOJTime::$time_now; $oldest = clone UOJTime::$time_now;
$oldest->modify('-1 month'); $oldest->modify('-1 month');
@ -386,13 +386,30 @@ class UOJUser {
return $cur; return $cur;
} }
public static function getMatchedVisitHistory($user, $info) {
$extra = UOJUser::getExtra($user);
$new_h = UOJUser::getUpdatedExtraVisitHistory($extra['history']);
foreach ($new_h as $history) {
if (
$history['addr'] == $info['addr'] &&
$history['forwarded_addr'] == $info['forwarded_addr'] &&
$history['ua'] == substr($info['ua'], 0, UOJUser::MAX_UA_LEN)
) {
return $history;
}
}
return null;
}
public static function updateVisitHistory($user, $info) { public static function updateVisitHistory($user, $info) {
$extra = UOJUser::getExtra($user); $extra = UOJUser::getExtra($user);
$cur = [ $cur = [
'addr' => $info['remote_addr'], 'addr' => $info['remote_addr'],
'forwarded_addr' => $info['http_x_forwarded_for'], 'forwarded_addr' => $info['http_x_forwarded_for'],
'ua' => substr($info['http_user_agent'], 0, UOJUser::MAX_UA_LEN), 'ua' => substr($info['http_user_agent'], 0, UOJUser::MAX_UA_LEN),
'last' => UOJTime::$time_now_str 'last' => UOJTime::$time_now_str,
]; ];
$extra['history'] = UOJUser::getUpdatedExtraVisitHistory($extra['history'], $cur); $extra['history'] = UOJUser::getUpdatedExtraVisitHistory($extra['history'], $cur);