HumanVerification.php 2.17 KB
Newer Older
Dominik Hebeler's avatar
Dominik Hebeler committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
<?php

namespace App\Http\Middleware;

use Closure;
use DB;
use Carbon;

class HumanVerification
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        $id = md5($request->ip());

        /**
         * If the user sends a Password or a key
         * We will not verificate the user.
         * If someone that uses a bot finds this out we 
         * might have to change it at some point.
         */
        if($request->filled('password') || $request->filled('key')){
            return $next($request);
        }

32
        $user = DB::table('humanverification')->where('id', $id)->first();
Dominik Hebeler's avatar
Dominik Hebeler committed
33
34
35
36
37
38
39
40
        $createdAt = now();
        $unusedResultPages = 1;
        $locked = false;
        # If this user doesn't have an entry we will create one
        if($user === null){
            DB::table('humanverification')->insert(
                ['id' => $id, 'unusedResultPages' => 1, 'locked' => false, 'updated_at' => now()]
            );
41
            $user = DB::table('humanverification')->where('id', $id)->first();
Dominik Hebeler's avatar
Dominik Hebeler committed
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
        }else if($user->locked !== "1"){
            $unusedResultPages = intval($user->unusedResultPages);
            $unusedResultPages++;
            # We have different security gates:
            #   50, 75, 85, >=90 => Captcha validated Result Pages
            # If the user shows activity on our result page the counter will be deleted
            # Maybe I'll add a ban if the user reaches 100
            if($unusedResultPages === 50){
                $locked = true;
            }
            DB::table('humanverification')->where('id', $id)->update(['unusedResultPages' => $unusedResultPages, 'locked' => $locked,  'updated_at' => $createdAt]);
        }
        $request->request->add(['verification_id' => $id, 'verification_count' => $unusedResultPages]);


        # If the user is locked we will force a Captcha validation
        if($user->locked === "1"){
            return redirect('meta/verification/' . $id . '/' . urlencode(base64_encode(url()->full())));
        }

        return $next($request);
    }
}