HumanVerification.php 4.73 KB
Newer Older
Dominik Hebeler's avatar
Dominik Hebeler committed
1
2
3
4
<?php

namespace App\Http\Controllers;

5
6
7
8
use Captcha;
use Carbon;
use DB;
use Illuminate\Hashing\BcryptHasher as Hasher;
Dominik Hebeler's avatar
Dominik Hebeler committed
9
10
11
12
13
use Illuminate\Http\Request;
use Input;

class HumanVerification extends Controller
{
14
15
16
17
18
19
20
    public static function captcha(Request $request, Hasher $hasher, $id, $url = null)
    {
        if ($url != null) {
            $url = base64_decode(str_replace("<<SLASH>>", "/", $url));
        } else {
            $url = $request->input('url');
        }
Dominik Hebeler's avatar
Dominik Hebeler committed
21

22
        if ($request->getMethod() == 'POST') {
23
            $user = DB::table('humanverification')->where('uid', $id)->first();
24
25
26
27

            $lockedKey = $user->lockedKey;
            $key = $request->input('captcha');
            $key = strtolower($key);
28

29
30
            if (!$hasher->check($key, $lockedKey)) {
                $captcha = Captcha::create("default", true);
31
32
                DB::table('humanverification')->where('uid', $id)->update(['lockedKey' => $captcha["key"]]);
                return view('humanverification.captcha')->with('title', 'Bestätigung notwendig')
33
34
35
36
37
                    ->with('id', $id)
                    ->with('url', $url)
                    ->with('image', $captcha["img"])
                    ->with('errorMessage', 'Bitte Captcha eingeben:');
            } else {
38
39
40
41

                # The Captcha was correct. We can remove the key from the user
                DB::table('humanverification')->where('uid', $id)->update(['lockedKey' => "", 'whitelistCounter' => 0]);

42
43
                # If we can unlock the Account of this user we will redirect him to the result page
                if ($user !== null && $user->locked === 1) {
44
                    DB::table('humanverification')->where('uid', $id)->update(['locked' => false]);
Dominik Hebeler's avatar
Dominik Hebeler committed
45
                    return redirect($url);
46
                } else {
Dominik Hebeler's avatar
Dominik Hebeler committed
47
48
49
50
                    return redirect('/');
                }
            }
        }
51
        $captcha = Captcha::create("default", true);
52
53
        DB::table('humanverification')->where('uid', $id)->update(['lockedKey' => $captcha["key"]]);
        return view('humanverification.captcha')->with('title', 'Bestätigung notwendig')
54
55
56
            ->with('id', $id)
            ->with('url', $url)
            ->with('image', $captcha["img"]);
Dominik Hebeler's avatar
Dominik Hebeler committed
57
58
    }

59
60
61
    public static function remove(Request $request)
    {
        if (!$request->has('mm')) {
Dominik Hebeler's avatar
Dominik Hebeler committed
62
63
            abort(404, "Keine Katze gefunden.");
        }
64

65
        if (HumanVerification::checkId($request, $request->input('mm'))) {
66
            HumanVerification::removeUser($request, $request->input('mm'));
Dominik Hebeler's avatar
Dominik Hebeler committed
67
68
69
70
71
        }
        return response(hex2bin('89504e470d0a1a0a0000000d494844520000000100000001010300000025db56ca00000003504c5445000000a77a3dda0000000174524e530040e6d8660000000a4944415408d76360000000020001e221bc330000000049454e44ae426082'), 200)
            ->header('Content-Type', 'image/png');
    }

72
73
74
    public static function removeGet(Request $request, $mm, $password, $url)
    {
        $url = base64_decode(str_replace("<<SLASH>>", "/", $url));
Dominik Hebeler's avatar
Dominik Hebeler committed
75
76
77

        # If the user is correct and the password is we will delete any entry in the database
        $requiredPass = md5($mm . Carbon::NOW()->day . $url . env("PROXY_PASSWORD"));
78
        if (HumanVerification::checkId($request, $mm) && $requiredPass === $password) {
79
            HumanVerification::removeUser($request, $mm);
Dominik Hebeler's avatar
Dominik Hebeler committed
80
81
82
83
        }
        return redirect($url);
    }

84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
    private static function removeUser($request, $uid)
    {
        $id = hash("sha512", $request->ip());

        $sum = DB::table('humanverification')->where('id', $id)->where('whitelist', false)->sum('unusedResultPages');
        $user = DB::table('humanverification')->where('uid', $uid)->first();

        if ($user === null) {
            return;
        }

        # Check if we have to whitelist the user or if we can simply delete the data
        if ($user->unusedResultPages < $sum && $user->whitelist === 0) {
            # Whitelist
            DB::table('humanverification')->where('uid', $uid)->update(['whitelist' => true, 'whitelistCounter' => 0]);
            $user->whitelist = 1;
            $user->whitelistCounter = 0;
        }

        if ($user->whitelist === 1) {
            if (
                DB::table('humanverification')->where('uid', $uid)->where('updated_at', '<', Carbon::NOW()->subSeconds(2))->update(['unusedResultPages' => 0])
                === 1
            ) {
                DB::table('usedurls')->where('uid', $uid)->delete();
            }
        } else {
            DB::table('humanverification')->where('uid', $uid)->where('updated_at', '<', Carbon::NOW()->subSeconds(2))->delete();

        }

    }

117
118
    private static function checkId($request, $id)
    {
119
        if (hash("sha512", $request->ip() . $_SERVER["AGENT"]) === $id) {
Dominik Hebeler's avatar
Dominik Hebeler committed
120
            return true;
121
        } else {
Dominik Hebeler's avatar
Dominik Hebeler committed
122
123
124
125
            return false;
        }
    }
}