From 825591f52c32c660edc4db729766f4aab49a275a Mon Sep 17 00:00:00 2001
From: Sebijk <git@sebijk.net>
Date: Wed, 1 Feb 2023 21:00:34 +0100
Subject: [PATCH] add dnsbl and reglock check for non logged in users

---
 src/index.php                     | 51 +++++++++++++++++++++++++++++++
 src/templates/modern/js/common.js |  2 +-
 2 files changed, 52 insertions(+), 1 deletion(-)

diff --git a/src/index.php b/src/index.php
index 195fc2a..232610e 100644
--- a/src/index.php
+++ b/src/index.php
@@ -702,6 +702,57 @@ else if($_REQUEST['action'] == 'checkAddressAvailability')
 {
 	if(!isset($_GET['address']))
 		exit();
+	if (isset($_REQUEST['sid']) && RequestPrivileges(PRIVILEGES_USER, true)) {
+		// Do nothing
+	}
+	else if($bm_prefs['regenabled'] == 'yes' && ($bm_prefs['user_count_limit'] == 0 || BMUser::GetUserCount() < $bm_prefs['user_count_limit']))
+	{
+		// dnsbl check
+		$isInDNSBL = false;
+		if($row[0] == 0 && $bm_prefs['signup_dnsbl_enable'] == 'yes' && $bm_prefs['signup_dnsbl'] != '')
+		{
+			$reverseIP = implode('.', array_reverse(explode('.', $_SERVER['REMOTE_ADDR'])));
+			$dnsblLists = explode(':', $bm_prefs['signup_dnsbl']);
+			foreach($dnsblLists as $dnsblHostname)
+			{
+				if(strpos($dnsblHostname, '.') === false)
+					continue;
+
+				$lookup = $reverseIP . '.' . strtolower($dnsblHostname);
+				if(substr($lookup, -1) != '.')
+					$lookup .= '.';
+
+				if(@gethostbyname($lookup) != $lookup)
+				{
+					$isInDNSBL = true;
+
+					PutLog(sprintf('User IP <%s> is in DNSBL <%s>',
+						$_SERVER['REMOTE_ADDR'],
+						$dnsblHostname),
+						PRIO_DEBUG,
+						__FILE__,
+						__LINE__);
+
+					break;
+				}
+			}
+		}
+
+		if($row[0] != 0)
+		{
+			http_response_code(400);
+			exit();
+		}
+		else if($isInDNSBL && $bm_prefs['signup_dnsbl_action'] == 'block')
+		{
+			http_response_code(400);
+			exit();
+		}
+	}
+	else {
+		RequestPrivileges(PRIVILEGES_USER);
+	}
+	
 
 	$address = EncodeEMail($_GET['address']);
 
diff --git a/src/templates/modern/js/common.js b/src/templates/modern/js/common.js
index 3a30a6c..71903e4 100644
--- a/src/templates/modern/js/common.js
+++ b/src/templates/modern/js/common.js
@@ -687,7 +687,7 @@ function checkAddressAvailability()
 
 	var address = EBID('email_local').value + '@' + EBID('email_domain').value;
 	EBID('addressAvailabilityIndicator').innerHTML = '<i class="fa fa-spinner fa-pulse fa-fw"></i>';
-	MakeXMLRequest('index.php?action=checkAddressAvailability&address=' + encodeURI(address), _checkAddressAvailability);
+	MakeXMLRequest('index.php?action=checkAddressAvailability&address=' + encodeURI(address) + '&sid=' + currentSID, _checkAddressAvailability);
 }
 
 function getTZOffset()