HumanVerification.php 4.47 KB
Newer Older
Dominik Hebeler's avatar
Dominik Hebeler committed
1
2
3
4
<?php

namespace App\Http\Controllers;

5
6
7
8
use Captcha;
use Carbon;
use DB;
use Illuminate\Hashing\BcryptHasher as Hasher;
Dominik Hebeler's avatar
Dominik Hebeler committed
9
10
11
12
13
use Illuminate\Http\Request;
use Input;

class HumanVerification extends Controller
{
14
15
16
17
18
19
20
    public static function captcha(Request $request, Hasher $hasher, $id, $url = null)
    {
        if ($url != null) {
            $url = base64_decode(str_replace("<<SLASH>>", "/", $url));
        } else {
            $url = $request->input('url');
        }
Dominik Hebeler's avatar
Dominik Hebeler committed
21

22
        if ($request->getMethod() == 'POST') {
23
            $user = DB::table('humanverification')->where('uid', $id)->first();
24
25
26
27

            $lockedKey = $user->lockedKey;
            $key = $request->input('captcha');
            $key = strtolower($key);
28

29
30
            if (!$hasher->check($key, $lockedKey)) {
                $captcha = Captcha::create("default", true);
31
32
                DB::table('humanverification')->where('uid', $id)->update(['lockedKey' => $captcha["key"]]);
                return view('humanverification.captcha')->with('title', 'Bestätigung notwendig')
33
34
35
                    ->with('id', $id)
                    ->with('url', $url)
                    ->with('image', $captcha["img"])
Dominik Hebeler's avatar
Dominik Hebeler committed
36
                    ->with('errorMessage', 'Fehler: Falsches Captcha eingegeben!');
37
38
39
            } else {
                # If we can unlock the Account of this user we will redirect him to the result page
                if ($user !== null && $user->locked === 1) {
Dominik Hebeler's avatar
Dominik Hebeler committed
40
41
                    # The Captcha was correct. We can remove the key from the user
                    DB::table('humanverification')->where('uid', $id)->update(['locked' => false, 'lockedKey' => "", 'whitelist' => 1]);
Dominik Hebeler's avatar
Dominik Hebeler committed
42
                    return redirect($url);
43
                } else {
Dominik Hebeler's avatar
Dominik Hebeler committed
44
45
46
47
                    return redirect('/');
                }
            }
        }
48
        $captcha = Captcha::create("default", true);
49
50
        DB::table('humanverification')->where('uid', $id)->update(['lockedKey' => $captcha["key"]]);
        return view('humanverification.captcha')->with('title', 'Bestätigung notwendig')
51
52
53
            ->with('id', $id)
            ->with('url', $url)
            ->with('image', $captcha["img"]);
Dominik Hebeler's avatar
Dominik Hebeler committed
54
55
    }

56
57
58
    public static function remove(Request $request)
    {
        if (!$request->has('mm')) {
Dominik Hebeler's avatar
Dominik Hebeler committed
59
60
            abort(404, "Keine Katze gefunden.");
        }
61

62
        if (HumanVerification::checkId($request, $request->input('mm'))) {
63
            HumanVerification::removeUser($request, $request->input('mm'));
Dominik Hebeler's avatar
Dominik Hebeler committed
64
65
66
67
68
        }
        return response(hex2bin('89504e470d0a1a0a0000000d494844520000000100000001010300000025db56ca00000003504c5445000000a77a3dda0000000174524e530040e6d8660000000a4944415408d76360000000020001e221bc330000000049454e44ae426082'), 200)
            ->header('Content-Type', 'image/png');
    }

69
70
71
    public static function removeGet(Request $request, $mm, $password, $url)
    {
        $url = base64_decode(str_replace("<<SLASH>>", "/", $url));
Dominik Hebeler's avatar
Dominik Hebeler committed
72
73
74

        # If the user is correct and the password is we will delete any entry in the database
        $requiredPass = md5($mm . Carbon::NOW()->day . $url . env("PROXY_PASSWORD"));
75
        if (HumanVerification::checkId($request, $mm) && $requiredPass === $password) {
76
            HumanVerification::removeUser($request, $mm);
Dominik Hebeler's avatar
Dominik Hebeler committed
77
78
79
80
        }
        return redirect($url);
    }

81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
    private static function removeUser($request, $uid)
    {
        $id = hash("sha512", $request->ip());

        $sum = DB::table('humanverification')->where('id', $id)->where('whitelist', false)->sum('unusedResultPages');
        $user = DB::table('humanverification')->where('uid', $uid)->first();

        if ($user === null) {
            return;
        }

        # Check if we have to whitelist the user or if we can simply delete the data
        if ($user->unusedResultPages < $sum && $user->whitelist === 0) {
            # Whitelist
            DB::table('humanverification')->where('uid', $uid)->update(['whitelist' => true, 'whitelistCounter' => 0]);
            $user->whitelist = 1;
            $user->whitelistCounter = 0;
        }

        if ($user->whitelist === 1) {
101
            DB::table('humanverification')->where('uid', $uid)->update(['unusedResultPages' => 0]);
102
103
104
105
106
107
108
        } else {
            DB::table('humanverification')->where('uid', $uid)->where('updated_at', '<', Carbon::NOW()->subSeconds(2))->delete();

        }

    }

109
110
    private static function checkId($request, $id)
    {
111
        if (hash("sha512", $request->ip() . $_SERVER["AGENT"]) === $id) {
Dominik Hebeler's avatar
Dominik Hebeler committed
112
            return true;
113
        } else {
Dominik Hebeler's avatar
Dominik Hebeler committed
114
115
116
117
            return false;
        }
    }
}