some sanity checks for whitepaper form submission

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
author: Arthur Schiwon <blizzz@arthur-schiwon.de> 2021-01-07 18:09:15 +0300
committer: Arthur Schiwon <blizzz@arthur-schiwon.de> 2021-01-07 18:09:15 +0300
commit: d1fdf47eee8139cd8b3187defdfd471f20262ec2 (patch)
tree: 2a4dbe7118be9a33bd84e9a237917662809cb5c9 /page-whitepaper-submit.php
parent: 9d85917d0eb3f0ad791f2229a3509ce19b19ed69 (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/page-whitepaper-submit.php b/page-whitepaper-submit.php
index 69d60e0d..c89d46b0 100644
--- a/page-whitepaper-submit.php
+++ b/page-whitepaper-submit.php
@@ -41,6 +41,19 @@ try {
     if(!isset($_POST['email'])) {
         throw new HintException('The submitted form was invalid and missed the email address.');
     }
+    if(!isset($_POST['firstname']) || $_POST['firstname'] !== '') {
+        throw new HintException('The request is invalid. Please try again.');
+    }
+    $twoDaysInSeconds = 2 * 24 * 60 * 60;
+    if(!isset($_POST['requesttime'])
+        || (int)$_POST['requesttime'] < $twoDaysInSeconds
+        || (int)$_POST['requesttime'] > (time() - 8))
+    {
+        // denies action when the time rendering the previous page and the
+        // sending the request took more than 2 days, less then 8s or is
+        // unknown
+        throw new HintException('The request is invalid. Please try again.');
+    }
     if(!isset($_POST['segmentId']) && !is_numeric($_POST['segmentId'])) {
             throw new HintException('The submitted form was invalid.');
     }
author	Arthur Schiwon <blizzz@arthur-schiwon.de>	2021-01-07 18:09:15 +0300
committer	Arthur Schiwon <blizzz@arthur-schiwon.de>	2021-01-07 18:09:15 +0300
commit	d1fdf47eee8139cd8b3187defdfd471f20262ec2 (patch)
tree	2a4dbe7118be9a33bd84e9a237917662809cb5c9 /page-whitepaper-submit.php
parent	9d85917d0eb3f0ad791f2229a3509ce19b19ed69 (diff)