xaizek / rocketgit (License: AGPLv3+) (since 2018-12-09)
Light and fast Git hosting solution suitable to serve both as a hub or as a personal code storage with its tickets, pull requests, API and much more.
Clone URLs: https://code.reversed.top/user/xaizek/rocketgit ssh://rocketgit@code.reversed.top/user/xaizek/rocketgit
v0.0 v0.1 v0.10 v0.11 v0.12 v0.13 v0.14 v0.15 v0.17 v0.18 v0.19 v0.2 v0.20 v0.21 v0.22 v0.23 v0.24 v0.25 v0.27 v0.28 v0.29 v0.31 v0.32 v0.33 v0.34 v0.35 v0.36 v0.38 v0.39 v0.40 v0.41 v0.42 v0.43 v0.44 v0.45 v0.46 v0.47 v0.48 v0.49 v0.50 v0.51 v0.52 v0.53 v0.54 v0.55 v0.56 v0.57 v0.58 v0.60 v0.61 v0.62 v0.63 v0.64 v0.65 v0.66 v0.67 v0.68 v0.69 v0.70 local master
Commit 371c60a486ea989fafb66266cab71ea9f7db0269

Bot prevention should not be active for edit operation
Author: Catalin(ux) M. BOIE
Author date (UTC): 2020-08-23 15:02
Committer name: Catalin(ux) M. BOIE
Committer date (UTC): 2020-08-23 15:02
Parent(s): 32591f3b1cf054bd70411592e5a82f5898d7da2f
Signing key:
Tree: 01eb75b178178e7fcaf17a80268dde2bf1e7987d
File Lines added Lines deleted
inc/user.inc.php 14 12
tests/http_create_account.php 4 1
File inc/user.inc.php changed (mode: 100644) (index 9f33f58..c99646c)
... ... function rg_user_edit_high_level($db, &$rg)
1999 1999 } }
2000 2000
2001 2001 // We try to prevent bots to create accounts // We try to prevent bots to create accounts
2002 $gen = rg_var_str('gen');
2003 if (empty($gen)) {
2004 $diff = 0;
2005 } else {
2006 $xgen1 = substr($gen, 3);
2007 $xgen2 = substr($gen, 0, 3);
2008 $diff = ($gen1 - $xgen1) * 1000 + $gen2 - $xgen2;
2009 }
2010 if ($diff < 2000) {
2011 rg_log('Bot tried to create account in ' . $diff . 'ms');
2012 $errmsg[] = 'invalid token; try again';
2013 break;
2002 if ($rg['target_ui']['uid'] == 0) {
2003 $gen = rg_var_str('gen');
2004 if (empty($gen)) {
2005 $diff = 0;
2006 } else {
2007 $xgen1 = substr($gen, 3);
2008 $xgen2 = substr($gen, 0, 3);
2009 $diff = ($gen1 - $xgen1) * 1000 + $gen2 - $xgen2;
2010 }
2011 if ($diff < 2000) {
2012 rg_log('Bot tried to create account in ' . $diff . 'ms');
2013 $errmsg[] = 'invalid token; try again';
2014 break;
2015 }
2014 2016 } }
2015 2017
2016 2018 if ($ui['tos'] != 1) { if ($ui['tos'] != 1) {
File tests/http_create_account.php changed (mode: 100644) (index 422e31f..80e2fd1)
... ... if ($r === FALSE) {
27 27 exit(1); exit(1);
28 28 } }
29 29 $good_token = $r['tokens']['user_edit_hl']; $good_token = $r['tokens']['user_edit_hl'];
30 $gen = $r['inputs']['gen'];
30 31
31 32 $uniq = rg_id(16); $uniq = rg_id(16);
32 33
34 sleep(2); // bot protection
33 35 rg_log('Adding an account without accepting tos...'); rg_log('Adding an account without accepting tos...');
34 36 $username = "http1-$uniq<xss>"; $username = "http1-$uniq<xss>";
35 37 $data = array( $data = array(
 
... ... $data = array(
42 44 "pass" => "cucurigu<xss>", "pass" => "cucurigu<xss>",
43 45 "pass2" => "cucurigu<xss>", "pass2" => "cucurigu<xss>",
44 46 "plan_id" => 9, "plan_id" => 9,
45 "session_time" => 60
47 "session_time" => 60,
48 'gen' => $gen
46 49 ); );
47 50 $headers = array(); $headers = array();
48 51 $r = do_req($test_url . "/op/create_account?t=create_account", $data, $headers); $r = do_req($test_url . "/op/create_account?t=create_account", $data, $headers);
Hints
Before first commit, do not forget to setup your git environment:
git config --global user.name "your_name_here"
git config --global user.email "your@email_here"

Clone this repository using HTTP(S):
git clone https://code.reversed.top/user/xaizek/rocketgit

Clone this repository using ssh (do not forget to upload a key first):
git clone ssh://rocketgit@code.reversed.top/user/xaizek/rocketgit

You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a pull request:
... clone the repository ...
... make some changes and some commits ...
git push origin master