Merge branch 'development' into 'master'

Development See merge request !1436

Merge branch 'development' into 'master'
5c2538c8 · Dominik Hebeler · c479d528 · d44392ae · 5c2538c8 · 5c2538c8
Commit 5c2538c8 authored 5 years ago by Dominik Hebeler
--- a/app/Http/Controllers/HumanVerification.php
+++ b/app/Http/Controllers/HumanVerification.php
@@ -108,7 +108,7 @@ class HumanVerification extends Controller
    private static function removeUser($request, $uid)
    {
        $redis = Redis::connection('redisCache');
-        $id = hash("sha512", $request->ip());
+        $id = hash("sha512", HumanVerification::getIP($request));

        $userList = $redis->smembers(HumanVerification::PREFIX . "." . $id);
        $pipe = $redis->pipeline();
@@ -168,10 +168,30 @@ class HumanVerification extends Controller

    private static function checkId($request, $id)
    {
-        if (hash("sha512", $request->ip() . $_SERVER["AGENT"] . "uid") === $id) {
+        if (hash("sha512", HumanVerification::getIP($request) . $_SERVER["AGENT"] . "uid") === $id) {
            return true;
        } else {
            return false;
        }
    }
+
+    private static function getIP($request)
+    {
+        $ip = $request->ip();
+        $serverAddress = empty($_SERVER['SERVER_ADDR']) ? "144.76.88.77" : $_SERVER['SERVER_ADDR'];
+        $queryUrl = "https://tor.metager.org?password=" . urlencode(env("TOR_PASSWORD")) . "&ra=" . urlencode($ip) . "&sa=" . urlencode($serverAddress) . "&sp=443";
+
+        $ch = curl_init($queryUrl);
+        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+        curl_setopt($ch, CURLOPT_TIMEOUT, 1);
+        curl_exec($ch);
+        $httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
+        curl_close($ch);
+
+        if ($httpcode === 200) {
+            return "999.999.999.999";
+        } else {
+            return $ip;
+        }
+    }
 }
--- a/app/Http/Middleware/HumanVerification.php
+++ b/app/Http/Middleware/HumanVerification.php
@@ -26,8 +26,9 @@ class HumanVerification
        $prefix = "humanverification";
        $redis = Redis::connection('redisCache');
        try {
-            $id = hash("sha512", $request->ip());
-            $uid = hash("sha512", $request->ip() . $_SERVER["AGENT"] . "uid");
+            $ip = $this->getIP();
+            $id = hash("sha512", $ip);
+            $uid = hash("sha512", $ip . $_SERVER["AGENT"] . "uid");
            unset($_SERVER["AGENT"]);

            /**
@@ -180,4 +181,24 @@ class HumanVerification
        return $next($request);

    }
+
+    private function getIP()
+    {
+        $ip = \Request::ip();
+        $serverAddress = empty($_SERVER['SERVER_ADDR']) ? "144.76.88.77" : $_SERVER['SERVER_ADDR'];
+        $queryUrl = "https://tor.metager.org?password=" . urlencode(env("TOR_PASSWORD")) . "&ra=" . urlencode($ip) . "&sa=" . urlencode($serverAddress) . "&sp=443";
+
+        $ch = curl_init($queryUrl);
+        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+        curl_setopt($ch, CURLOPT_TIMEOUT, 1);
+        curl_exec($ch);
+        $httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
+        curl_close($ch);
+
+        if ($httpcode === 200) {
+            return "999.999.999.999";
+        } else {
+            return $ip;
+        }
+    }
 }