signup improvements, user firewall block check.

2025-09-29 20:08:34 +00:00 · 2025-09-29 20:08:34 +00:00 · 7ba6e46df1
parent e3b2d04d0f
commit 7ba6e46df1
6 changed files with 304 additions and 167 deletions
--- a/.gitignore
+++ b/.gitignore
@ -13,3 +13,8 @@ icons/
 stats/
 cache/
 polls/polls.db
+robots.txt
+share/
+polls/
+botanygarden/
+robots.txt
--- a/polls/db.php
+++ b/polls/db.php
@ -65,17 +65,17 @@ try {
        // Create a default admin user with a hashed password
        // NOTE: In production, you should not hardcode these credentials.
        //       Instead, store them outside of your code or set them up once.
-        $adminUsername = 'admin';
-        $adminPlainPassword = 'password'; // Change this in production
-        $adminHashedPassword = password_hash($adminPlainPassword, PASSWORD_DEFAULT);
+//        $adminUsername = 'admin';
+//        $adminPlainPassword = 'password'; // Change this in production
+//        $adminHashedPassword = password_hash($adminPlainPassword, PASSWORD_DEFAULT);

-        $insertUser = $db->prepare("
-            INSERT INTO users (username, password)
-            VALUES (:username, :password)
-        ");
-        $insertUser->bindValue(':username', $adminUsername, PDO::PARAM_STR);
-        $insertUser->bindValue(':password', $adminHashedPassword, PDO::PARAM_STR);
-        $insertUser->execute();
+//        $insertUser = $db->prepare("
+//            INSERT INTO users (username, password)
+//            VALUES (:username, :password)
+//        ");
+//        $insertUser->bindValue(':username', $adminUsername, PDO::PARAM_STR);
+//        $insertUser->bindValue(':password', $adminHashedPassword, PDO::PARAM_STR);
+//        $insertUser->execute();
    }

    // Optionally, you can return $db or leave it globally accessible
--- a/robots.txt
+++ b/robots.txt
@ -1,91 +1,264 @@
-User-Agent: MojeekBot
-Allow:    /~xwindows/
+user-agent:AwarioRssBot
+disallow:/~bayang/

-User-Agent: Qwantify
-Allow:    /~xwindows/
+user-agent:YouBot
+disallow:/~bayang/
+disallow:/~jbd/

-User-Agent: Wibybot
-Allow:    /~xwindows/
+user-agent:PerplexityBot
+disallow:/~bayang/
+disallow:/~jbd/

-User-Agent: search.marginalia.nu
-Allow:    /~xwindows/
+user-agent:ImagesiftBot
+disallow:/~bayang/
+disallow:/~jbd/

-User-Agent: SearchMySiteBot
-Allow:    /~xwindows/
+user-agent:search.marginalia.nu
+allow:/~xwindows/

-User-Agent: Duckduckbot
-Allow:    /~xwindows/
+user-agent:Dataprovider
+disallow:/~xwindows/

-User-Agent: ia_archiver
-Allow:    /~xwindows/
+user-agent:ChatGPT-User
+disallow:/~bayang/
+disallow:/~jbd/

-User-Agent: Googlebot
-Allow:    /~xwindows/$
-Allow:    /~xwindows/index.html$
-Disallow: /~xwindows/
+user-agent:Barkrowler
+disallow:/~xwindows/

-User-Agent: bingbot
-Allow:    /~xwindows/$
-Allow:    /~xwindows/index.html$
-Disallow: /~xwindows/
+user-agent:peer39_crawler
+disallow:/~bayang/

-User-Agent: YandexBot
-Allow:    /~xwindows/$
-Allow:    /~xwindows/index.html$
-Disallow: /~xwindows/
+user-agent:ia_archiver
+allow:/~xwindows/

-User-Agent: YandexFavicons
-Disallow: /~xwindows/
+user-agent:GTPBot
+disallow:/~miccaman/

-User-Agent: MegaIndex.ru
-Disallow: /~xwindows/
+user-agent:magpie-crawler
+disallow:/~bayang/

-User-Agent: Amazonbot
-Disallow: /~xwindows/
+user-agent:Qwantify
+allow:/~xwindows/

-User-Agent: Linespider
-Disallow: /~xwindows/
+user-agent:GPTBot
+disallow:/~bayang/
+disallow:/~jbd/

-User-Agent: Bytespider
-Disallow: /~xwindows/
+user-agent:ClaudeBot
+disallow:/~bayang/
+disallow:/~jbd/

-User-Agent: CCBot
-Disallow: /~xwindows/
+user-agent:YandexFavicons
+disallow:/~xwindows/

-User-Agent: Neevabot
-Disallow: /~xwindows/
+user-agent:peer39_crawler/1.0
+disallow:/~bayang/

-User-Agent: PetalBot
-Disallow: /~xwindows/
+user-agent:Linespider
+disallow:/~xwindows/

-User-Agent: SemrushBot
-Disallow: /~xwindows/
+user-agent:Applebot
+disallow:/~bayang/
+disallow:/~jbd/

-User-Agent: AhrefsBot
-Disallow: /~xwindows/
+user-agent:SearchMySiteBot
+allow:/~xwindows/

-User-Agent: DataForSeoBot
-Disallow: /~xwindows/
+user-agent:Duckduckbot
+allow:/~xwindows/

-User-Agent: dotbot
-Disallow: /~xwindows/
+user-agent:AwarioSmartBot
+disallow:/~bayang/

-User-Agent: Barkrowler
-Disallow: /~xwindows/
+user-agent:PetalBot
+disallow:/~xwindows/

-User-Agent: MJ12bot
-Disallow: /~xwindows/
+user-agent:Yandex
+disallow:/~gareppa/

-User-Agent: BuiltWith
-Disallow: /~xwindows/
+user-agent:Twitterbot
+disallow:/~bayang/

-User-Agent: webprosbot
-Disallow: /~xwindows/
+user-agent:bingbot
+allow:/~xwindows/$
+allow:/~xwindows/index.html$
+disallow:/~xwindows/

-User-Agent: Dataprovider
-Disallow: /~xwindows/
+user-agent:FacebookBot
+disallow:/~bayang/
+disallow:/~jbd/
+
+user-agent:SemrushBot
+disallow:/~xwindows/
+
+user-agent:MJ12bot
+disallow:/~xwindows/
+
+user-agent:Amazonbot
+disallow:/~bayang/
+disallow:/~jbd/
+disallow:/~xwindows/
+
+user-agent:Neevabot
+disallow:/~xwindows/
+
+user-agent:Googlebot-image
+disallow:/~harvettfox96/
+
+user-agent:Wibybot
+allow:/~xwindows/
+
+user-agent:DataForSeoBot
+disallow:/~bayang/
+disallow:/~xwindows/
+
+user-agent:Omgili
+disallow:/~jbd/
+
+user-agent:Googlebot
+disallow:/~gareppa/
+allow:/~xwindows/$
+allow:/~xwindows/index.html$
+disallow:/~xwindows/
+
+user-agent:MegaIndex.ru
+disallow:/~xwindows/
+
+user-agent:Bingbot
+disallow:/~gareppa/
+
+user-agent:omgili
+disallow:/~bayang/
+
+user-agent:AdsBot-Google
+disallow:/~bayang/
+
+user-agent:Bytespider
+disallow:/~bayang/
+disallow:/~jbd/
+disallow:/~xwindows/
+
+user-agent:webprosbot
+disallow:/~xwindows/
+
+user-agent:Diffbot
+disallow:/~jbd/
+
+user-agent:dotbot
+disallow:/~xwindows/
+
+user-agent:cohere-ai
+disallow:/~bayang/
+
+user-agent:Google-Extended
+disallow:/~bayang/
+disallow:/~jbd/
+
+user-agent:Omgilibot
+disallow:/~jbd/
+disallow:/~jbd/
+
+user-agent:Claude-Web
+disallow:/~bayang/
+disallow:/~jbd/
+
+user-agent:anthropic-ai
+disallow:/~bayang/
+disallow:/~jbd/
+
+user-agent:MojeekBot
+allow:/~xwindows/
+
+user-agent:BuiltWith
+disallow:/~xwindows/
+
+user-agent:YandexBot
+allow:/~xwindows/$
+allow:/~xwindows/index.html$
+disallow:/~xwindows/
+
+user-agent:CCBot
+disallow:/~bayang/
+disallow:/~xwindows/
+
+user-agent:AhrefsBot
+disallow:/~xwindows/
+
+user-agent:omgilibot
+disallow:/~bayang/
+
+user-agent:*
+disallow:/~alf/
+disallow:/~almaren/log/
+disallow:/~almaren/md/
+disallow:/~andre4ik3/
+disallow:/~ant/
+allow:/~atamblingpoder/
+allow:/~bayang/
+disallow:/~bazz/.github/
+disallow:/~bazz/.phan/
+disallow:/~bazz/assets/
+disallow:/~bazz/backup/
+disallow:/~bazz/bin/
+disallow:/~bazz/cache/
+disallow:/~bazz/logs/
+disallow:/~bazz/system/
+disallow:/~bazz/tests/
+disallow:/~bazz/tmp/
+disallow:/~bazz/user/
+disallow:/~bazz/vendor/
+disallow:/~bazz/webserver-configs/
+allow:/~bazz/user/pages/
+allow:/~bazz/user/themes/
+allow:/~bazz/user/images/
+allow:/~bazz/
+allow:/~bazz*.css$
+allow:/~bazz*.js$
+allow:/~bazz/system/*.js$
+allow:/~cfw/
+allow:/~claytron/
+disallow:/~cosmiceye/
+disallow:/~dbcohn/
+disallow:/~dikiaap/
+disallow:/~dmi3/
+disallow:/~endling/
+disallow:/~fenris/
+disallow:/~fiveoverfour/
+allow:/~fran/
+disallow:/~freespeech/
+disallow:/~gareppa/
+disallow:/~harvettfox96/c/
+disallow:/~hj/
+allow:/~hnp/# from a pending header
+disallow:/~indoneziva/
+allow:/~jamiemichelle/
+disallow:/~jbgoldberg/
+disallow:/~jozi/
+allow:/~jpurnell/
+allow:/~levin/
+allow:/~levin/
+disallow:/~meskin/
+allow:/~mjk/
+disallow:/~mlot/
+allow:/~mrkumar/
+allow:/~mydeardiary/
+allow:/~numbermumbler/
+disallow:/~pb/
+disallow:/~silver/wp-admin/
+allow:/~skk/
+disallow:/~somecarbon/
+allow:/~speleo/
+allow:/~srw/
+disallow:/~surfingreg/
+allow:/~talhah/
+disallow:/~tivrusky/
+disallow:/~turbo/test
+disallow:/~uslesshumans.txt
+allow:/~ve3zsh/
+disallow:/~ve3zsh/api
+allow:/~xwindows/$
+allow:/~xwindows/index.html$
+disallow:/~xwindows/
+disallow:/~zihtt/

-User-Agent: *
-Allow:    /~xwindows/$
-Allow:    /~xwindows/index.html$
-Disallow: /~xwindows/
--- a/signup/email/smtp.php
+++ b/signup/email/smtp.php
@ -424,8 +424,11 @@
 		public static function GetDNSRecord($domain, $types = array("MX", "A"), $nameservers = array("8.8.8.8", "8.8.4.4"), $cache = true)
 		{
 			// Check for a mail server based on a DNS lookup.
-			if (!class_exists("Net_DNS2_Resolver"))  require_once str_replace("\\", "/", dirname(__FILE__)) . "/Net/DNS2.php";
-
+                if (!class_exists('Net_DNS2_Resolver')) {
+                        // Composer autoloader should already be loaded above; this is a last-ditch attempt.
+                        $autoload = dirname(__DIR__, 2) . '/vendor/autoload.php';
+                                 if (is_file($autoload)) { require $autoload; }
+                }
 			$resolver = new Net_DNS2_Resolver(array("nameservers" => $nameservers));
 			try
 			{
--- a/signup/index.php
+++ b/signup/index.php
@ -1,4 +1,8 @@
 <?php
+
+declare(strict_types=1);
+require __DIR__ . '/vendor/autoload.php';
+
 $title = "sign up for the tilde.club!";
 include __DIR__."/../header.php";

--- a/signup/signup-handler.php
+++ b/signup/signup-handler.php
@ -1,6 +1,5 @@
 <?php
 $filepath = __FILE__;
-# require __DIR__.'/../vendor/autoload.php';
 require_once "email/smtp.php";

 function getUserIpAddr() {
@ -43,71 +42,22 @@ function is_ssh_pubkey($string): bool
    return false;
 }

-function forbidden_name($name): bool
+function forbidden_name(string $name): bool
 {
-    $badnames = [
-        '0x0',
-        'abuse',
-        'admin',
-        'administrator',
-        'auth',
-        'autoconfig',
-        'bbj',
-        'broadcasthost',
-        'cloud',
-        'forum',
-        'ftp',
-        'git',
-        'gopher',
-        'hostmaster',
-        'imap',
-        'info',
-        'irc',
-        'is',
-        'isatap',
-        'it',
-        'localdomain',
-        'localhost',
-        'lounge',
-        'mail',
-        'mailer-daemon',
-        'marketing',
-        'marketting',
-        'mis',
-        'news',
-        'nobody',
-        'noc',
-        'noreply',
-        'pop',
-        'pop3',
-        'postmaster',
-        'retro',
-        'root',
-        'sales',
-        'security',
-        'smtp',
-        'ssladmin',
-        'ssladministrator',
-        'sslwebmaster',
-        'support',
-        'sysadmin',
-        'team',
-        'usenet',
-        'uucp',
-        'webmaster',
-        'wpad',
-        'www',
-        'znc',
+    $bad = [
+        '0x0','abuse','admin','administrator','auth','autoconfig','bbj','broadcasthost','cloud','forum','ftp',
+        'git','gopher','hostmaster','imap','info','irc','is','isatap','it','localdomain','localhost','lounge',
+        'mail','mailer-daemon','marketing','marketting','mis','news','nobody','noc','noreply','pop','pop3',
+        'postmaster','retro','root','sales','security','smtp','ssladmin','ssladministrator','sslwebmaster',
+        'support','sysadmin','team','usenet','uucp','webmaster','wpad','www','znc',
    ];

-    return in_array(
-        $name,
-        array_merge(
-            $badnames,
-            file("/var/signups_current", FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES),
-            file("/var/banned_names.txt", FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES)
-        )
-    );
+    $lists = [$bad];
+    foreach (['/var/signups_current','/var/banned_names.txt'] as $p) {
+        $t = @file($p, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
+        if (is_array($t)) { $lists[] = $t; }   // ignore missing/unreadable files
+    }
+    return in_array($name, array_merge(...$lists), true);
 }

 function forbidden_email($email): bool
@ -198,7 +148,9 @@ reason: {$_REQUEST["interest"]}
 $makeuser
 ";

-        if (mail('root', 'new tilde.club signup', $msgbody)) {
+            $to = 'root@tilde.club';
+            $headers = "To: {$to}\r\nFrom: signup <signup@tilde.club>\r\n";
+            if (mail($to, 'new tilde.club signup', $msgbody, $headers)) {
            echo '<div class="alert alert-success" role="alert">
                email sent! we\'ll get back to you soon with login instructions! (timeframe for processing signups varies greatly) <a href="/">back to tilde.club home</a>
                </div>';