HumanVerification.php 3.49 KB
Newer Older
Dominik Hebeler's avatar
Dominik Hebeler committed
1
2
3
4
<?php

namespace App\Http\Controllers;

5
6
7
8
use Captcha;
use Carbon;
use DB;
use Illuminate\Hashing\BcryptHasher as Hasher;
Dominik Hebeler's avatar
Dominik Hebeler committed
9
10
11
12
13
use Illuminate\Http\Request;
use Input;

class HumanVerification extends Controller
{
14
15
16
17
18
19
20
    public static function captcha(Request $request, Hasher $hasher, $id, $url = null)
    {
        if ($url != null) {
            $url = base64_decode(str_replace("<<SLASH>>", "/", $url));
        } else {
            $url = $request->input('url');
        }
Dominik Hebeler's avatar
Dominik Hebeler committed
21

22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
        if ($request->getMethod() == 'POST') {
            $user = DB::table('humanverification')->where('id', $id)->first();

            $lockedKey = $user->lockedKey;
            $key = $request->input('captcha');
            $key = strtolower($key);
            if (!$hasher->check($key, $lockedKey)) {
                $captcha = Captcha::create("default", true);
                DB::table('humanverification')->where('id', $id)->update(['lockedKey' => $captcha["key"]]);
                return view('captcha')->with('title', 'Bestätigung notwendig')
                    ->with('id', $id)
                    ->with('url', $url)
                    ->with('image', $captcha["img"])
                    ->with('errorMessage', 'Bitte Captcha eingeben:');
            } else {
                # If we can unlock the Account of this user we will redirect him to the result page
                if ($user !== null && $user->locked === 1) {
Dominik Hebeler's avatar
Dominik Hebeler committed
39
40
                    DB::table('humanverification')->where('id', $id)->update(['locked' => false]);
                    return redirect($url);
41
                } else {
Dominik Hebeler's avatar
Dominik Hebeler committed
42
43
44
45
                    return redirect('/');
                }
            }
        }
46
47
48
49
50
51
        $captcha = Captcha::create("default", true);
        DB::table('humanverification')->where('id', $id)->update(['lockedKey' => $captcha["key"]]);
        return view('captcha')->with('title', 'Bestätigung notwendig')
            ->with('id', $id)
            ->with('url', $url)
            ->with('image', $captcha["img"]);
Dominik Hebeler's avatar
Dominik Hebeler committed
52
53
    }

54
55
56
    public static function remove(Request $request)
    {
        if (!$request->has('mm')) {
Dominik Hebeler's avatar
Dominik Hebeler committed
57
58
59
            abort(404, "Keine Katze gefunden.");
        }
        $id = md5($request->ip());
60
        if (HumanVerification::checkId($request, $request->input('mm'))) {
Dominik Hebeler's avatar
Dominik Hebeler committed
61
            # Remove the entry from the database
62
            DB::table('humanverification')->where('id', $id)->where('updated_at', '<', Carbon::NOW()->subSeconds(2))->delete();
Dominik Hebeler's avatar
Dominik Hebeler committed
63
64
65
66
67
        }
        return response(hex2bin('89504e470d0a1a0a0000000d494844520000000100000001010300000025db56ca00000003504c5445000000a77a3dda0000000174524e530040e6d8660000000a4944415408d76360000000020001e221bc330000000049454e44ae426082'), 200)
            ->header('Content-Type', 'image/png');
    }

68
69
70
    public static function removeGet(Request $request, $mm, $password, $url)
    {
        $url = base64_decode(str_replace("<<SLASH>>", "/", $url));
Dominik Hebeler's avatar
Dominik Hebeler committed
71
72
73

        # If the user is correct and the password is we will delete any entry in the database
        $requiredPass = md5($mm . Carbon::NOW()->day . $url . env("PROXY_PASSWORD"));
74
        if (HumanVerification::checkId($request, $mm) && $requiredPass === $password) {
Dominik Hebeler's avatar
Dominik Hebeler committed
75
            # Remove the entry from the database
76
            DB::table('humanverification')->where('id', $mm)->where('updated_at', '<', Carbon::NOW()->subSeconds(2))->delete();
Dominik Hebeler's avatar
Dominik Hebeler committed
77
78
79
80
        }
        return redirect($url);
    }

81
82
83
    private static function checkId($request, $id)
    {
        if (md5($request->ip()) === $id) {
Dominik Hebeler's avatar
Dominik Hebeler committed
84
            return true;
85
        } else {
Dominik Hebeler's avatar
Dominik Hebeler committed
86
87
88
89
            return false;
        }
    }
}