HumanVerification.php 2.59 KB
Newer Older
Dominik Hebeler's avatar
Dominik Hebeler committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
<?php

namespace App\Http\Middleware;

use Closure;
use DB;
use Carbon;

class HumanVerification
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        $id = md5($request->ip());

        /**
         * If the user sends a Password or a key
         * We will not verificate the user.
         * If someone that uses a bot finds this out we 
         * might have to change it at some point.
         */
28
        if($request->filled('password') || $request->filled('key') || $request->filled('appversion') || !env('BOT_PROTECTION', false)){
Dominik Hebeler's avatar
Dominik Hebeler committed
29
30
31
            return $next($request);
        }

32
        $user = DB::table('humanverification')->where('id', $id)->first();
Dominik Hebeler's avatar
Dominik Hebeler committed
33
34
35
36
37
38
39
40
        $createdAt = now();
        $unusedResultPages = 1;
        $locked = false;
        # If this user doesn't have an entry we will create one
        if($user === null){
            DB::table('humanverification')->insert(
                ['id' => $id, 'unusedResultPages' => 1, 'locked' => false, 'updated_at' => now()]
            );
41
            # Insert the URL the user tries to reach
42
            DB::table('usedurls')->insert(['user_id' => $id, 'url' => url()->full()]);
43
            $user = DB::table('humanverification')->where('id', $id)->first();
44
        }else if($user->locked !== 1){
Dominik Hebeler's avatar
Dominik Hebeler committed
45
46
47
48
49
50
            $unusedResultPages = intval($user->unusedResultPages);
            $unusedResultPages++;
            # We have different security gates:
            #   50, 75, 85, >=90 => Captcha validated Result Pages
            # If the user shows activity on our result page the counter will be deleted
            # Maybe I'll add a ban if the user reaches 100
51
            if($unusedResultPages === 50 || $unusedResultPages === 75 || $unusedResultPages === 85 || $unusedResultPages >= 90){
Dominik Hebeler's avatar
Dominik Hebeler committed
52
53
54
                $locked = true;
            }
            DB::table('humanverification')->where('id', $id)->update(['unusedResultPages' => $unusedResultPages, 'locked' => $locked,  'updated_at' => $createdAt]);
55
            # Insert the URL the user tries to reach
56
            DB::table('usedurls')->insert(['user_id' => $id, 'url' => url()->full()]);
Dominik Hebeler's avatar
Dominik Hebeler committed
57
58
59
60
61
        }
        $request->request->add(['verification_id' => $id, 'verification_count' => $unusedResultPages]);


        # If the user is locked we will force a Captcha validation
62
        if($user->locked === 1){
Dominik Hebeler's avatar
Dominik Hebeler committed
63
64
65
66
67
68
            return redirect('meta/verification/' . $id . '/' . urlencode(base64_encode(url()->full())));
        }

        return $next($request);
    }
}