From c2521b492cae7c19ea91af0f0aad487fa45800dd Mon Sep 17 00:00:00 2001
From: "Kyle J. McKay" <mackyle@gmail.com>
Date: Mon, 15 Feb 2021 03:23:53 -0700
Subject: [PATCH] regproj.cgi: implement project registration time limit

If project registration has not been completed within a set time
limit, specifically $Girocco::Config::project_edit_timeout, display
an error rather than registering the project.

The behavior of an expired registration timeout significantly
resembles a failure of the "Anti-captcha" check, just with a slightly
different message.

With this change, a project registration page that has been sitting
unsubmitted for some time can no longer just be submitted without
an extra step that will require re-entry of the "Anti-captcha" as
well as the project password (twice).

Signed-off-by: Kyle J. McKay <mackyle@gmail.com>
---
 cgi/regproj.cgi | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/cgi/regproj.cgi b/cgi/regproj.cgi
index bfafb39..17042a4 100755
--- a/cgi/regproj.cgi
+++ b/cgi/regproj.cgi
@@ -56,7 +56,12 @@ if (@{[$name =~ m#/#g]} > 5) {
 	exit;
 }
 my $y0 = $cgi->param('y0') || '';
+my $tok = $cgi->param('token') || '';
 if ($cgi->param('mode') && $y0 eq 'Register' && $cgi->request_method eq 'POST') {
+	# Check for token validity
+	if (!check_timed_token($tok, "projedit", "", $Girocco::Config::project_edit_timeout)) {
+		$gcgi->err("Session has timed out or is invalid, please try again.");
+	}
 	# submitted, let's see
 	# FIXME: racy, do a lock
 	my $validname = 1;
-- 
2.11.4.GIT