diff --git a/app/Http/Controllers/HumanVerification.php b/app/Http/Controllers/HumanVerification.php
index 741e55fef5a42d6e28090e6660d2f9e1488b560d..0ff75e435ab6dd57adb1c3abbe60e926b109f429 100644
--- a/app/Http/Controllers/HumanVerification.php
+++ b/app/Http/Controllers/HumanVerification.php
@@ -21,7 +21,17 @@ class HumanVerification extends Controller
if ($url != null) {
$url = base64_decode(str_replace("<<SLASH>>", "/", $url));
} else {
- $url = $request->input('url');
+ $url = $request->input('url', url("/"));
+ }
+
+ $protocol = "http://";
+
+ if ($request->secure()) {
+ $protocol = "https://";
+ }
+
+ if (stripos($url, $protocol . $request->getHttpHost()) !== 0) {
+ $url = url("/");
}
$userlist = Cache::get(HumanVerification::PREFIX . "." . $id, []);
@@ -40,7 +50,6 @@ class HumanVerification extends Controller
$key = strtolower($key);
if (!$hasher->check($key, $lockedKey)) {
- sleep(\random_int(1, 8));
$captcha = Captcha::create("default", true);
$user["lockedKey"] = $captcha["key"];
HumanVerification::saveUser($user);
@@ -67,7 +76,7 @@ class HumanVerification extends Controller
}
}
}
- sleep(\random_int(1, 8));
+
$captcha = Captcha::create("default", true);
$user["lockedKey"] = $captcha["key"];
HumanVerification::saveUser($user);
@@ -146,9 +155,9 @@ class HumanVerification extends Controller
$ip = $request->ip();
$id = "";
if (HumanVerification::couldBeSpammer($ip)) {
- $id = hash("sha512", "999.999.999.999");
+ $id = hash("sha1", "999.999.999.999");
} else {
- $id = hash("sha512", $ip);
+ $id = hash("sha1", $ip);
}
$userlist = Cache::get(HumanVerification::PREFIX . "." . $id, []);
@@ -185,9 +194,9 @@ class HumanVerification extends Controller
$uid = "";
$ip = $request->ip();
if (HumanVerification::couldBeSpammer($ip)) {
- $uid = hash("sha512", "999.999.999.999" . $ip . $_SERVER["AGENT"] . "uid");
+ $uid = hash("sha1", "999.999.999.999" . $ip . $_SERVER["AGENT"] . "uid");
} else {
- $uid = hash("sha512", $ip . $_SERVER["AGENT"] . "uid");
+ $uid = hash("sha1", $ip . $_SERVER["AGENT"] . "uid");
}
if ($uid === $id) {
@@ -217,11 +226,11 @@ class HumanVerification extends Controller
$uid = "";
$ip = $request->ip();
if (\App\Http\Controllers\HumanVerification::couldBeSpammer($ip)) {
- $id = hash("sha512", "999.999.999.999");
- $uid = hash("sha512", "999.999.999.999" . $ip . $_SERVER["AGENT"] . "uid");
+ $id = hash("sha1", "999.999.999.999");
+ $uid = hash("sha1", "999.999.999.999" . $ip . $_SERVER["AGENT"] . "uid");
} else {
- $id = hash("sha512", $ip);
- $uid = hash("sha512", $ip . $_SERVER["AGENT"] . "uid");
+ $id = hash("sha1", $ip);
+ $uid = hash("sha1", $ip . $_SERVER["AGENT"] . "uid");
}
$userList = Cache::get(HumanVerification::PREFIX . "." . $id);
@@ -240,11 +249,11 @@ class HumanVerification extends Controller
$uid = "";
$ip = $request->ip();
if (\App\Http\Controllers\HumanVerification::couldBeSpammer($ip)) {
- $id = hash("sha512", "999.999.999.999");
- $uid = hash("sha512", "999.999.999.999" . $ip . $_SERVER["AGENT"] . "uid");
+ $id = hash("sha1", "999.999.999.999");
+ $uid = hash("sha1", "999.999.999.999" . $ip . $_SERVER["AGENT"] . "uid");
} else {
- $id = hash("sha512", $ip);
- $uid = hash("sha512", $ip . $_SERVER["AGENT"] . "uid");
+ $id = hash("sha1", $ip);
+ $uid = hash("sha1", $ip . $_SERVER["AGENT"] . "uid");
}
$userList = Cache::get(HumanVerification::PREFIX . "." . $id);
diff --git a/app/Http/Middleware/HumanVerification.php b/app/Http/Middleware/HumanVerification.php
index 5599671c6102f335ee32d1c2e3b9f8b8eefa2453..34abf5f20bf9fbc7e221c75121dc11fa73d954cc 100644
--- a/app/Http/Middleware/HumanVerification.php
+++ b/app/Http/Middleware/HumanVerification.php
@@ -3,10 +3,8 @@
namespace App\Http\Middleware;
use Cache;
-use Captcha;
use Closure;
use Cookie;
-use Illuminate\Http\Response;
use Log;
use URL;
@@ -30,11 +28,11 @@ class HumanVerification
$id = "";
$uid = "";
if (\App\Http\Controllers\HumanVerification::couldBeSpammer($ip)) {
- $id = hash("sha512", "999.999.999.999");
- $uid = hash("sha512", "999.999.999.999" . $ip . $_SERVER["AGENT"] . "uid");
+ $id = hash("sha1", "999.999.999.999");
+ $uid = hash("sha1", "999.999.999.999" . $ip . $_SERVER["AGENT"] . "uid");
} else {
- $id = hash("sha512", $ip);
- $uid = hash("sha512", $ip . $_SERVER["AGENT"] . "uid");
+ $id = hash("sha1", $ip);
+ $uid = hash("sha1", $ip . $_SERVER["AGENT"] . "uid");
}
unset($_SERVER["AGENT"]);
@@ -101,19 +99,7 @@ class HumanVerification
# If the user is locked we will force a Captcha validation
if ($user["locked"]) {
- sleep(\random_int(1, 8));
- $captcha = Captcha::create("default", true);
- $user["lockedKey"] = $captcha["key"];
- \App\PrometheusExporter::CaptchaShown();
- return
- new Response(
- view('humanverification.captcha')
- ->with('title', "Bestätigung erforderlich")
- ->with('uid', $uid)
- ->with('id', $id)
- ->with('url', url()->full())
- ->with('image', $captcha["img"])
- );
+ return redirect()->route('captcha', ["id" => $id, "uid" => $uid, "url" => url()->full()]);
}
$user["unusedResultPages"]++;
diff --git a/routes/web.php b/routes/web.php
index caf716a5e8aad65efd1db41fcf78f767980d6a89..ce435e61790ff2b67a50b7e74afbb6b17abd8603 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -199,6 +199,7 @@ Route::group(
Route::get('meta/loadMore', 'MetaGerSearch@loadMore');
Route::post('img/cat.jpg', 'HumanVerification@remove');
+ Route::get('verify/metager/{id}/{uid}', ['as' => 'captcha', 'uses' => 'HumanVerification@captcha', 'middleware' => 'throttle:12,1']);
Route::get('r/metager/{mm}/{pw}/{url}', ['as' => 'humanverification', 'uses' => 'HumanVerification@removeGet']);
Route::post('img/dog.jpg', 'HumanVerification@whitelist');