Limit SMS verification attempts to 10 at a time #2480

2026-01-04 01:01:41 +09:00 · 2025-02-16 16:00:03 +09:00 · 2025-02-16 16:00:03 +09:00 · a66b036dd5
commit a66b036dd5
parent ae0e13eca9
3 changed files with 16 additions and 3 deletions
--- a/modules/member/lang/en.php
+++ b/modules/member/lang/en.php
@ -87,7 +87,8 @@ $lang->verify_by_sms_confirm = 'Confirm';
 $lang->verify_by_sms_message = 'Your verification code is %s.';
 $lang->verify_by_sms_code_sent = 'A verification code has been sent to the number you entered.';
 $lang->verify_by_sms_code_incorrect = 'The code you entered is incorrect.';
-$lang->verify_by_sms_code_expired = 'The code has expired. Please try again.';
+$lang->verify_by_sms_code_too_many_tries = 'Too many incorrect attempts. Please request a new code.';
+$lang->verify_by_sms_code_expired = 'The code has expired. Please request a new code.';
 $lang->verify_by_sms_code_confirmed = 'Your phone number has been confirmed.';
 $lang->verify_by_sms_incomplete = 'Your phone number has not been verified. Please go through the verification process first.';
 $lang->verify_by_sms_error = 'This website cannot send SMS.';
--- a/modules/member/lang/ko.php
+++ b/modules/member/lang/ko.php
@ -87,6 +87,7 @@ $lang->verify_by_sms_confirm = '인증번호 확인';
 $lang->verify_by_sms_message = '인증번호는 %s입니다.';
 $lang->verify_by_sms_code_sent = '인증번호가 SMS로 발송되었습니다.';
 $lang->verify_by_sms_code_incorrect = '인증번호가 올바르지 않습니다.';
+$lang->verify_by_sms_code_too_many_tries = '여러 번 틀려서 인증번호가 초기화됩니다. 다시 인증해 주세요.';
 $lang->verify_by_sms_code_expired = '인증번호의 유효기간이 만료되었습니다. 다시 인증해 주세요.';
 $lang->verify_by_sms_code_confirmed = '인증이 완료되었습니다.';
 $lang->verify_by_sms_incomplete = '전화번호가 인증되지 않았습니다. 인증 과정을 거쳐 주십시오.';
--- a/modules/member/member.controller.php
+++ b/modules/member/member.controller.php
@ -3801,6 +3801,7 @@ class MemberController extends Member
 			'number' => $phone_number,
 			'code' => $is_special ? intval($config->special_phone_code) : $code,
 			'time' => time(),
+			'count' => 0,
 			'status' => false,
 		);

@ -3849,15 +3850,25 @@ class MemberController extends Member
 		}

 		$code = intval($code);
-		if(!isset($_SESSION['verify_by_sms']) || $_SESSION['verify_by_sms']['code'] !== $code)
+		if(!isset($_SESSION['verify_by_sms']))
 		{
 			throw new Rhymix\Framework\Exception('verify_by_sms_code_incorrect');
 		}
-
+		if (isset($_SESSION['verify_by_sms']['count']) && $_SESSION['verify_by_sms']['count'] >= 10)
+		{
+			unset($_SESSION['verify_by_sms']);
+			throw new Rhymix\Framework\Exception('verify_by_sms_code_too_many_tries');
+		}
 		if (isset($_SESSION['verify_by_sms']['time']) && $_SESSION['verify_by_sms']['time'] < time() - 600)
 		{
+			unset($_SESSION['verify_by_sms']);
 			throw new Rhymix\Framework\Exception('verify_by_sms_code_expired');
 		}
+		if ($_SESSION['verify_by_sms']['code'] !== $code)
+		{
+			$_SESSION['verify_by_sms']['count']++;
+			throw new Rhymix\Framework\Exception('verify_by_sms_code_incorrect');
+		}

 		$_SESSION['verify_by_sms']['status'] = true;
 		return new BaseObject(0, 'verify_by_sms_code_confirmed');