增加 用户积分信息安全

upload/config/config_global_default.php

@@ -160,6 +160,9 @@ $_config['security']['querysafe']['dnote']	= array('/*','*/','#','--','"');
 $_config['security']['querysafe']['dlikehex']	= 1;
 $_config['security']['querysafe']['afullnote']	= 0;
 
+$_config['security']['creditsafe']['second'] 	= 1;		// 开启用户积分信息安全，可防止并发刷分，满足 times(次数)/second(秒) 的操作无法提交
+$_config['security']['creditsafe']['times'] 	= 10;
+
 $_config['admincp']['founder']			= '1';		// 站点创始人：拥有站点管理后台的最高权限，每个站点可以设置 1名或多名创始人
 								// 可以使用uid，也可以使用用户名；多个创始人之间请使用逗号“,”分开;
 $_config['admincp']['forcesecques']		= 0;		// 管理人员必须设置安全提问才能进入系统设置 0=否, 1=是[安全]

upload/source/class/class_credit.php

@@ -234,12 +234,30 @@ class credit {
 			$this->updatemembercount($creditarr, $uids, is_array($uids) ? false : true, $this->coef > 0 ? urldecode($rule['rulenameuni']) : '');
 		}
 	}
+	
+	function fequencycheck($uids) {
+		global $_G;
+		if(empty($_G['config']['security']['creditsafe']['second']) || empty($_G['config']['security']['creditsafe']['times'])) {
+			return true;
+		}		
+		foreach($uids as $uid) {
+			$key = 'credit_fc'.$uid;
+			$v = intval(memory('get', $key));
+			memory('set', $key, ++$v, $_G['config']['security']['creditsafe']['second']);
+			if($v > $_G['config']['security']['creditsafe']['times']) {
+				system_error('credit fequency limit', true);
+				return false;
+			}
+		}
+		return true;
+	}
 
 	function updatemembercount($creditarr, $uids = 0, $checkgroup = true, $ruletxt = '') {
 		global $_G;
 
 		if(!$uids) $uids = intval($_G['uid']);
 		$uids = is_array($uids) ? $uids : array($uids);
+		$this->fequencycheck($uids);
 		if($uids && ($creditarr || $this->extrasql)) {
 			if($this->extrasql) $creditarr = array_merge($creditarr, $this->extrasql);
 			$sql = array();
@@ -274,7 +292,7 @@ class credit {
 			}
 			if($sql) {
 				C::t('common_member_count')->increase($uids, $sql);
-			}
+			}			
 			if($checkgroup && count($uids) == 1) $this->checkusergroup($uids[0]);
 			$this->extrasql = array();
 		}