Fix #1660 #1826 limit SMS auth attempts from same IP

modules/member/member.controller.php

@@ -3601,6 +3601,21 @@ class memberController extends member
 		
 		$is_special = ($config->special_phone_number && $config->special_phone_number === preg_replace('/[^0-9]/', '', $phone_number));
 		
+		// Check if SMS has already been sent
+		if (!$is_special)
+		{
+			$args = new stdClass;
+			$args->phone_number = $phone_number;
+			$args->phone_country = $phone_country;
+			$args->ipaddress = \RX_CLIENT_IP;
+			$args->regdate_since = date('YmdHis', time() - ($config->max_auth_sms_count_time ?: 600));
+			$output = executeQuery('member.chkAuthSms', $args);
+			if ($output->data->count >= ($config->max_auth_sms_count ?: 5))
+			{
+				return new BaseObject(-1, 'msg_auth_sms_rate_limited');
+			}
+		}
+		
 		// Check if phone number is duplicate
 		if (!$is_special && $config->phone_number_allow_duplicate !== 'Y')
 		{