diff --git a/src/Commands/RegisterCommand.php b/src/Commands/RegisterCommand.php index 075451b..4352df3 100644 --- a/src/Commands/RegisterCommand.php +++ b/src/Commands/RegisterCommand.php @@ -47,6 +47,14 @@ public function execute() : ServerResponse 'text' => "*error:* server '$uid' not found", 'parse_mode' => 'Markdown' ]); + } + else if ($id_server == -1) + { + return Request::sendMessage([ + 'chat_id' => $chat_id, + 'text' => "*error:* '$uid' is not in a valid format.", + 'parse_mode' => 'Markdown' + ]); } echo "here now\n"; diff --git a/src/bot.php b/src/bot.php index ba02d04..612e44b 100644 --- a/src/bot.php +++ b/src/bot.php @@ -38,6 +38,12 @@ class PimOnlineBot */ private $base_url; + /** + * Minimum interval in seconds before updating the database for an online host. + * @var int + */ + const MIN_UPDATE_INTERVAL = 30; + /** * Init a PimOnlineBot */ @@ -71,6 +77,12 @@ public function pdo() return $this->pdo; } + private function is_valid_uuid($uuid) + { + $pattern = '/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i'; + return preg_match($pattern, $uuid) === 1; + } + private function init_db($mysql_credentials) { $dsn = 'mysql:host=' . $mysql_credentials['host'] . ';dbname=' . $mysql_credentials['database']; @@ -127,6 +139,11 @@ public function online($uid) $id = $row['id']; $past = $row['now']; $alarm = $row['alarm']; + $currentTime = time(); + + if (!$alarm && ($currentTime - $past) < self::MIN_UPDATE_INTERVAL) { + return; + } $sql = "UPDATE `ob_online` SET `now` = :now, `past` = :past, `alarm` = :alarm WHERE `id` = :id"; $statement = $pdo->prepare($sql); @@ -194,6 +211,11 @@ public function udpate_db() public function id_server($uid) { + if (!$this->is_valid_uuid($uid)) + { + echo "Invalid UUID format rejected: " . $uid; + return -1; + } $pdo = $this->pdo(); $sql = "SELECT * FROM `ob_online` where uid=:uid order by id DESC limit 1"; $statement = $pdo->prepare($sql);