From 7f341b9b1cbc5665174f29502963f646933986df Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E8=80=81=E5=91=A8=E9=83=A8=E8=90=BD?=
 <laozhoubuluo@126.com>
Date: Sun, 15 Aug 2021 21:23:26 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=20=E9=82=AE=E4=BB=B6?=
 =?UTF-8?q?=E8=AE=A4=E8=AF=81=E5=85=A5=E5=8F=A3=20CSRF=20=E4=BB=A5?=
 =?UTF-8?q?=E5=8F=8A=E6=97=B6=E9=97=B4=E9=99=90=E5=88=B6=E5=8F=AF=E7=BB=95?=
 =?UTF-8?q?=E8=BF=87=E7=9A=84=E5=AE=89=E5=85=A8=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 upload/source/admincp/admincp_setting.php     |  1 +
 upload/source/class/class_member.php          |  2 +-
 upload/source/function/function_spacecp.php   | 10 +++++++
 .../include/spacecp/spacecp_profile.php       | 27 +++++++++++--------
 upload/source/language/home/lang_template.php |  2 +-
 upload/source/language/lang_admincp.php       |  2 ++
 upload/source/language/lang_message.php       |  4 +--
 upload/source/language/lang_spacecp.php       |  2 +-
 .../module/member/member_lostpasswd.php       |  5 ++--
 .../default/home/spacecp_sendmail.htm         |  2 +-
 10 files changed, 38 insertions(+), 19 deletions(-)

diff --git a/upload/source/admincp/admincp_setting.php b/upload/source/admincp/admincp_setting.php
index 508c15afb..52008166f 100644
--- a/upload/source/admincp/admincp_setting.php
+++ b/upload/source/admincp/admincp_setting.php
@@ -1402,6 +1402,7 @@ EOF;
 			cplang('thread_debate')
 		)), $setting['alloweditpost'], 'binmcheckbox');
 		showsetting('setting_permissions_post_append', 'settingnew[postappend]', $setting['postappend'], 'radio');
+		showsetting('setting_permissions_mailinterval', 'settingnew[mailinterval]', $setting['mailinterval'], 'text');
 		showsetting('setting_permissions_maxpolloptions', 'settingnew[maxpolloptions]', $setting['maxpolloptions'], 'text');
 		showsetting('setting_permissions_editby', 'settingnew[editedby]', $setting['editedby'], 'radio');
 		showsetting('setting_permissions_nsprofiles', 'settingnew[nsprofiles]', $setting['nsprofiles'], 'radio');
diff --git a/upload/source/class/class_member.php b/upload/source/class/class_member.php
index b354a267b..1091a3e36 100644
--- a/upload/source/class/class_member.php
+++ b/upload/source/class/class_member.php
@@ -157,7 +157,7 @@ class logging_ctl {
 				if($_G['member']['adminid'] != 1) {
 					if($this->setting['accountguard']['loginoutofdate'] && $_G['member']['lastvisit'] && TIMESTAMP - $_G['member']['lastvisit'] > ($this->setting['accountguard']['loginoutofdatenum'] >= 1 ? (int)$this->setting['accountguard']['loginoutofdatenum'] : 90) * 86400 && $_G['member']['freeze'] != -1) {
 						C::t('common_member')->update($_G['uid'], array('freeze' => 2));
-						showmessage('location_login_outofdate', 'home.php?mod=spacecp&ac=profile&op=password&resend=1', array('type' => 1), array('showdialog' => true, 'striptags' => false, 'locationtime' => true));
+						showmessage('location_login_outofdate', 'home.php?mod=spacecp&ac=profile&op=password&resend=1&formhash='.FORMHASH, array('type' => 1), array('showdialog' => true, 'striptags' => false, 'locationtime' => true));
 					}
 
 					if($this->setting['accountguard']['loginpwcheck'] && $pwold && $_G['member']['freeze'] == 0) {
diff --git a/upload/source/function/function_spacecp.php b/upload/source/function/function_spacecp.php
index 569b71b60..a0f3dec0c 100644
--- a/upload/source/function/function_spacecp.php
+++ b/upload/source/function/function_spacecp.php
@@ -610,6 +610,15 @@ function emailcheck_send($uid, $email) {
 	global $_G;
 
 	if($uid && $email) {
+		// 读取用户论坛表内的时间，限制重发间隔
+		$memberauthstr = C::t('common_member_field_forum')->fetch($uid);
+		if(!empty($memberauthstr['authstr'])) {
+			list($dateline) = explode("\t", $memberauthstr['authstr']);
+			$interval = $_G['setting']['mailinterval'] > 0 ? (int)$_G['setting']['mailinterval'] : 300;
+			if($dateline && $dateline > TIMESTAMP - $interval) {
+				return false;
+			}
+		}
 		// 用户论坛字段表内authstr字段保存token和时间戳，实现邮件链接不可重复使用
 		$timestamp = $_G['timestamp'];
 		$idstring = substr(md5($email), 0, 6);
@@ -630,6 +639,7 @@ function emailcheck_send($uid, $email) {
 			runlog('sendmail', "$email sendmail failed.");
 		}
 	}
+	return true;
 }
 
 function picurl_get($picurl, $maxlenth='200') {
diff --git a/upload/source/include/spacecp/spacecp_profile.php b/upload/source/include/spacecp/spacecp_profile.php
index 7287407ab..accf6674f 100644
--- a/upload/source/include/spacecp/spacecp_profile.php
+++ b/upload/source/include/spacecp/spacecp_profile.php
@@ -396,9 +396,10 @@ if(submitcheck('profilesubmit')) {
 
 	$authstr = false;
 	if($emailnew != $_G['member']['email']) {
-		$authstr = true;
-		emailcheck_send($space['uid'], $emailnew);
-		dsetcookie('newemail', "$space[uid]\t$emailnew\t$_G[timestamp]", 31536000);
+		if(emailcheck_send($space['uid'], $emailnew)) {
+			$authstr = true;
+			dsetcookie('newemail', "{$space['uid']}\t$emailnew\t{$_G['timestamp']}", 31536000);
+		}
 	}
 	if($setarr) {
 		if($_G['member']['freeze'] == 1) {
@@ -439,8 +440,9 @@ if(submitcheck('profilesubmit')) {
 
 if($operation == 'password') {
 
+	$interval = $_G['setting']['mailinterval'] > 0 ? (int)$_G['setting']['mailinterval'] : 300;
 	$resend = getcookie('resendemail');
-	$resend = empty($resend) ? true : (TIMESTAMP - $resend) > 300;
+	$resend = empty($resend) ? true : (TIMESTAMP - $resend) > $interval;
 	$newemail = getcookie('newemail');
 	$space['newemail'] = !$space['emailstatus'] ? $space['email'] : '';
 	if(!empty($newemail)) {
@@ -455,17 +457,20 @@ if($operation == 'password') {
 		}
 	}
 
-	if($_GET['resend'] && $resend) {
+	if($_GET['resend'] && $resend && $_GET['formhash'] == FORMHASH) {
 		$toemail = $space['newemail'] ? $space['newemail'] : $space['email'];
-		emailcheck_send($space['uid'], $toemail);
-		dsetcookie('newemail', "$space[uid]\t$toemail\t$_G[timestamp]", 31536000);
-		dsetcookie('resendemail', TIMESTAMP);
-		showmessage('send_activate_mail_succeed', "home.php?mod=spacecp&ac=profile&op=password");
+		if(emailcheck_send($space['uid'], $toemail)) {
+			dsetcookie('newemail', "{$space['uid']}\t$toemail\t{$_G['timestamp']}", 31536000);
+			dsetcookie('resendemail', TIMESTAMP);
+			showmessage('send_activate_mail_succeed', "home.php?mod=spacecp&ac=profile&op=password");
+		} else {
+			showmessage('send_activate_mail_error', 'home.php?mod=spacecp&ac=profile&op=password', array('interval' => $interval));
+		}
 	} elseif ($_GET['resend']) {
-		showmessage('send_activate_mail_error', "home.php?mod=spacecp&ac=profile&op=password");
+		showmessage('send_activate_mail_error', 'home.php?mod=spacecp&ac=profile&op=password', array('interval' => $interval));
 	}
 	if(!empty($space['newemail'])) {
-		$acitvemessage = lang('spacecp', 'email_acitve_message', array('newemail' => $space['newemail'], 'imgdir' => $_G['style']['imgdir']));
+		$acitvemessage = lang('spacecp', 'email_acitve_message', array('newemail' => $space['newemail'], 'imgdir' => $_G['style']['imgdir'], 'formhash' => FORMHASH));
 	}
 	$actives = array('password' =>' class="a"');
 	$navtitle = lang('core', 'title_password_security');
diff --git a/upload/source/language/home/lang_template.php b/upload/source/language/home/lang_template.php
index 88aa8fda7..0f3afc66a 100644
--- a/upload/source/language/home/lang_template.php
+++ b/upload/source/language/home/lang_template.php
@@ -1546,7 +1546,7 @@ $lang = array (
   'save_to_album' => '保存到相册',
   'usergroup_expired' => '您当前的用户组已经到期，请选择继续续费还是要切换到其他用户组',
   'freeze_pw_tips' => '您当前的帐号已经被冻结，请修改密码解除冻结状态',
-  'freeze_email_tips' => '您当前的帐号已经被冻结，必须验证邮箱后才能解除冻结状态 <a href="home.php?mod=spacecp&ac=profile&op=password&resend=1" class="xi2">重新接收验证邮件</a>',
+  'freeze_email_tips' => '您当前的帐号已经被冻结，必须点击下方重新接收验证邮件链接验证邮箱后才能解除冻结状态',
   'freeze_admincp_tips' => '您当前的帐号已经被冻结，必须在本页面填写申诉理由，并经管理中心审核通过后才能解除冻结状态',
   'freeze_reason' => '申诉理由',
   'freeze_reason_comment' => '如果您无法通过邮箱验证，请填写申诉理由',
diff --git a/upload/source/language/lang_admincp.php b/upload/source/language/lang_admincp.php
index 7b3079df5..bc8da40b7 100644
--- a/upload/source/language/lang_admincp.php
+++ b/upload/source/language/lang_admincp.php
@@ -1910,6 +1910,8 @@ $lang = array
 	'setting_permissions_minpostsize_mobile_comment' => '是否单独为手机客户端设置发帖的最小字节数，0 为不单独设置',
 	'setting_permissions_maxpostsize' => '帖子最大字数(字节)',
 	'setting_permissions_maxpostsize_comment' => '管理组成员可通过“发帖不受限制”设置而不受影响',
+	'setting_permissions_mailinterval' => '邮件发送时间间隔',
+	'setting_permissions_mailinterval_comment' => '设定邮件发送时间间隔，默认为 300 秒',
 	'setting_permissions_maxpolloptions' => '投票最大选项数:',
 	'setting_permissions_maxpolloptions_comment' => '设定发布投票包含的最大选项数',
 	'setting_permissions_favorite_storage_comment' => '允许收藏的最大版块 / 主题数，默认为100',
diff --git a/upload/source/language/lang_message.php b/upload/source/language/lang_message.php
index cfaa11a8c..8627fe094 100644
--- a/upload/source/language/lang_message.php
+++ b/upload/source/language/lang_message.php
@@ -469,7 +469,7 @@ $lang = array (
   'lostpasswd_many_users_use_email' => '抱歉，存在多个使用此 Email 的用户，请填写您需要找回密码的用户名',
   'getpasswd_account_invalid' => '抱歉，创始人、受保护用户、拥有站点设置权限的用户不能使用取回密码功能',
   'getpasswd_send_succeed' => '取回密码的方法已通过 Email 发送到您的信箱中，<br />请在 3 天之内修改您的密码',
-  'getpasswd_has_send' => '您已经申请过取回密码邮件了，如果您没有收到，请稍等15分钟后重试',
+  'getpasswd_has_send' => '您已经发送过取回密码邮件了，如果您没有收到，请稍等 {interval} 秒后重试发送取回密码邮件',
 
   'submit_verify_succeed' => '审核请求提交成功，现在将返回个人中心',
 
@@ -840,7 +840,7 @@ $lang = array (
   'profile_email_verify' => '确认 Email 已发送，请用邮件中提供的方法激活您的帐号。如果您尚未收到我们发送的系统邮件，请点击密码安全中的“重新接收验证邮件”，或尝试更换另外一个地址',
   'profile_succeed' => '个人资料保存成功 ',
   'send_activate_mail_succeed' => '邮件已发送，可能需要几分钟后才能收到邮件',
-  'send_activate_mail_error' => '抱歉，邮件发送失败，请过5分钟后重试发送验证激活邮件',
+  'send_activate_mail_error' => '抱歉，邮件发送失败，请稍等 {interval} 秒后重试发送验证激活邮件',
 
   'no_privilege_sendmailday' => '抱歉，本站尚未开启邮件提醒功能',
   'email_input' => '抱歉，您尚未设置邮箱，请在<a href="home.php?mod=spacecp&ac=profile&op=password">联系方式</a>中准确填写您的邮箱',
diff --git a/upload/source/language/lang_spacecp.php b/upload/source/language/lang_spacecp.php
index ee0211c62..eb0f77280 100644
--- a/upload/source/language/lang_spacecp.php
+++ b/upload/source/language/lang_spacecp.php
@@ -332,7 +332,7 @@ $lang = array(
 	'card_update_doing' => ' <a class="xi2" href="###">[更新记录]</a>',
 	'email_acitve_message' => '<img src="{imgdir}/mail_inactive.png" alt="未验证" class="vm" /> <span class="xi1">新邮箱({newemail})等待验证中...</span><br />
 								系统已经向该邮箱发送了一封验证激活邮件，请查收邮件，进行验证激活。<br>
-								如果没有收到验证邮件，您可以更换一个邮箱，或者<a href="home.php?mod=spacecp&ac=profile&op=password&resend=1" class="xi2">重新接收验证邮件</a>',
+								如果没有收到验证邮件，您可以更换一个邮箱，或者<a href="home.php?mod=spacecp&ac=profile&op=password&resend=1&formhash={formhash}" class="xi2">重新接收验证邮件</a>',
 	'qq_set_status' => '设置我的QQ在线状态',
 	'qq_dialog' => '发起QQ聊天',
 
diff --git a/upload/source/module/member/member_lostpasswd.php b/upload/source/module/member/member_lostpasswd.php
index beede2bd0..0e9c65e21 100644
--- a/upload/source/module/member/member_lostpasswd.php
+++ b/upload/source/module/member/member_lostpasswd.php
@@ -50,8 +50,9 @@ if(submitcheck('lostpwsubmit')) {
 
 	$memberauthstr = C::t('common_member_field_forum'.$table_ext)->fetch($member['uid']);
 	list($dateline, $operation, $idstring) = explode("\t", $memberauthstr['authstr']);
-	if($dateline && $operation == 1 && $dateline>TIMESTAMP-900){
-		showmessage('getpasswd_has_send');
+	$interval = $_G['setting']['mailinterval'] > 0 ? (int)$_G['setting']['mailinterval'] : 300;
+	if($dateline && $operation == 1 && $dateline > TIMESTAMP - $interval) {
+		showmessage('getpasswd_has_send', '', array('interval' => $interval));
 	}
 
 	$idstring = random(6);
diff --git a/upload/template/default/home/spacecp_sendmail.htm b/upload/template/default/home/spacecp_sendmail.htm
index 9a2c75671..d123f6434 100644
--- a/upload/template/default/home/spacecp_sendmail.htm
+++ b/upload/template/default/home/spacecp_sendmail.htm
@@ -12,7 +12,7 @@
 					<div class="bm_c">
 						<p>{lang activate_mailbox_message}</p>
 						<p class="mtm">
-							<a href="home.php?mod=spacecp&ac=profile&op=password&resend=1" class="xs2 xi2">{lang click_activate_mailbox} <strong>$space[email]</strong></a>
+							<a href="home.php?mod=spacecp&ac=profile&op=password&resend=1&formhash={FORMHASH}" class="xs2 xi2">{lang click_activate_mailbox} <strong>$space[email]</strong></a>
 							(<a href="home.php?mod=spacecp&ac=profile&op=password&from=contact#contact" class="xi2">{lang modify_email}</a>)
 						</p>
 					</div>
-- 
Gitee