From 9f5fc151b4cca344ca7c8f458c19c7768c995bc2 Mon Sep 17 00:00:00 2001 From: stoletniy Date: Thu, 28 Sep 2017 16:26:22 +0300 Subject: [PATCH] Move throttling out of the Subscriber model to the API 'subscribe' method [MAILPOET-1115] --- lib/API/JSON/v1/Subscribers.php | 16 ++++++++++++++++ lib/Models/Subscriber.php | 18 +----------------- lib/Subscription/Pages.php | 2 +- lib/Util/Helpers.php | 5 +++++ 4 files changed, 23 insertions(+), 18 deletions(-) diff --git a/lib/API/JSON/v1/Subscribers.php b/lib/API/JSON/v1/Subscribers.php index 87aa2e34d6..5095f131a5 100644 --- a/lib/API/JSON/v1/Subscribers.php +++ b/lib/API/JSON/v1/Subscribers.php @@ -10,10 +10,13 @@ use MailPoet\Form\Util\FieldNameObfuscator; use MailPoet\Models\Form; use MailPoet\Models\StatisticsForms; use MailPoet\Models\Subscriber; +use MailPoet\Util\Helpers; if(!defined('ABSPATH')) exit; class Subscribers extends APIEndpoint { + const SUBSCRIPTION_LIMIT_COOLDOWN = 60; + public $permissions = array( 'global' => AccessControl::PERMISSION_MANAGE_SUBSCRIBERS, 'methods' => array('subscribe' => AccessControl::NO_ACCESS_RESTRICTION) @@ -94,6 +97,19 @@ class Subscribers extends APIEndpoint { $form_fields = $form->getFieldList(); $data = array_intersect_key($data, array_flip($form_fields)); + // make sure we don't allow too many subscriptions with the same ip address + $subscription_count = Subscriber::where( + 'subscribed_ip', + Helpers::getIP() + )->whereRaw( + '(TIME_TO_SEC(TIMEDIFF(NOW(), created_at)) < ? OR TIME_TO_SEC(TIMEDIFF(NOW(), updated_at)) < ?)', + array(self::SUBSCRIPTION_LIMIT_COOLDOWN, self::SUBSCRIPTION_LIMIT_COOLDOWN) + )->count(); + + if($subscription_count > 0) { + throw new \Exception(__('You need to wait before subscribing again.', 'mailpoet')); + } + $subscriber = Subscriber::subscribe($data, $segment_ids); $errors = $subscriber->getErrors(); diff --git a/lib/Models/Subscriber.php b/lib/Models/Subscriber.php index e33762d466..ab17809919 100644 --- a/lib/Models/Subscriber.php +++ b/lib/Models/Subscriber.php @@ -14,7 +14,6 @@ class Subscriber extends Model { const STATUS_UNSUBSCRIBED = 'unsubscribed'; const STATUS_UNCONFIRMED = 'unconfirmed'; const STATUS_BOUNCED = 'bounced'; - const SUBSCRIPTION_LIMIT_COOLDOWN = 60; const SUBSCRIBER_TOKEN_LENGTH = 6; function __construct() { @@ -175,22 +174,7 @@ class Subscriber extends Model { 'signup_confirmation.enabled' ); - $subscriber_data['subscribed_ip'] = (isset($_SERVER['REMOTE_ADDR'])) - ? $_SERVER['REMOTE_ADDR'] - : null; - - // make sure we don't allow too many subscriptions with the same ip address - $subscription_count = Subscriber::where( - 'subscribed_ip', - $subscriber_data['subscribed_ip'] - )->whereRaw( - '(TIME_TO_SEC(TIMEDIFF(NOW(), created_at)) < ? OR TIME_TO_SEC(TIMEDIFF(NOW(), updated_at)) < ?)', - array(self::SUBSCRIPTION_LIMIT_COOLDOWN, self::SUBSCRIPTION_LIMIT_COOLDOWN) - )->count(); - - if($subscription_count > 0) { - throw new \Exception(__('You need to wait before subscribing again.', 'mailpoet')); - } + $subscriber_data['subscribed_ip'] = Helpers::getIP(); $subscriber = self::findOne($subscriber_data['email']); diff --git a/lib/Subscription/Pages.php b/lib/Subscription/Pages.php index eb293ac7a1..1046283698 100644 --- a/lib/Subscription/Pages.php +++ b/lib/Subscription/Pages.php @@ -64,7 +64,7 @@ class Pages { $subscriber_data = $this->subscriber->getUnconfirmedData(); $this->subscriber->status = Subscriber::STATUS_SUBSCRIBED; - $this->subscriber->confirmed_ip = (!empty($_SERVER['REMOTE_ADDR'])) ? $_SERVER['REMOTE_ADDR'] : null; + $this->subscriber->confirmed_ip = Helpers::getIP(); $this->subscriber->setExpr('confirmed_at', 'NOW()'); $this->subscriber->unconfirmed_data = null; $this->subscriber->save(); diff --git a/lib/Util/Helpers.php b/lib/Util/Helpers.php index c9e6e64925..218f34472a 100644 --- a/lib/Util/Helpers.php +++ b/lib/Util/Helpers.php @@ -146,4 +146,9 @@ class Helpers { return explode(self::DIVIDER, $object); } + static function getIP() { + return (isset($_SERVER['REMOTE_ADDR'])) + ? $_SERVER['REMOTE_ADDR'] + : null; + } }