diff --git a/app/Http/Controllers/HumanVerification.php b/app/Http/Controllers/HumanVerification.php
index 147c9f13c2530b2e194a047d428570379057fdcb..def5420560a44971a1a5d12db0a0ab9f58ff465a 100644
--- a/app/Http/Controllers/HumanVerification.php
+++ b/app/Http/Controllers/HumanVerification.php
@@ -33,15 +33,12 @@ class HumanVerification extends Controller
->with('id', $id)
->with('url', $url)
->with('image', $captcha["img"])
- ->with('errorMessage', 'Bitte Captcha eingeben:');
+ ->with('errorMessage', 'Fehler: Falsches Captcha eingegeben!');
} else {
-
- # The Captcha was correct. We can remove the key from the user
- DB::table('humanverification')->where('uid', $id)->update(['lockedKey' => "", 'whitelistCounter' => 0]);
-
# If we can unlock the Account of this user we will redirect him to the result page
if ($user !== null && $user->locked === 1) {
- DB::table('humanverification')->where('uid', $id)->update(['locked' => false]);
+ # The Captcha was correct. We can remove the key from the user
+ DB::table('humanverification')->where('uid', $id)->update(['locked' => false, 'lockedKey' => "", 'whitelist' => 1]);
return redirect($url);
} else {
return redirect('/');
@@ -102,7 +99,7 @@ class HumanVerification extends Controller
if ($user->whitelist === 1) {
if (
- DB::table('humanverification')->where('uid', $uid)->where('updated_at', '<', Carbon::NOW()->subSeconds(2))->update(['unusedResultPages' => 0])
+ DB::table('humanverification')->where('uid', $uid)->update(['unusedResultPages' => 0])
=== 1
) {
DB::table('usedurls')->where('uid', $uid)->delete();
diff --git a/app/Http/Middleware/HumanVerification.php b/app/Http/Middleware/HumanVerification.php
index d171390d31f3153b7492f7cb4e6a601e8a881b16..0be2058000507fb79acf245d34a706eeb057117e 100644
--- a/app/Http/Middleware/HumanVerification.php
+++ b/app/Http/Middleware/HumanVerification.php
@@ -7,6 +7,7 @@ use Carbon;
use Closure;
use DB;
use Illuminate\Http\Response;
+use URL;
class HumanVerification
{
@@ -19,115 +20,112 @@ class HumanVerification
*/
public function handle($request, Closure $next)
{
- //try {
- $id = hash("sha512", $request->ip());
- $uid = hash("sha512", $request->ip() . $_SERVER["AGENT"]);
- unset($_SERVER["AGENT"]);
-
- /**
- * If the user sends a Password or a key
- * We will not verificate the user.
- * If someone that uses a bot finds this out we
- * might have to change it at some point.
- */
- if ($request->filled('password') || $request->filled('key') || $request->filled('appversion') || !env('BOT_PROTECTION', false)) {
- return $next($request);
- }
+ try {
+ $id = hash("sha512", $request->ip());
+ $uid = hash("sha512", $request->ip() . $_SERVER["AGENT"]);
+ unset($_SERVER["AGENT"]);
+
+ /**
+ * If the user sends a Password or a key
+ * We will not verificate the user.
+ * If someone that uses a bot finds this out we
+ * might have to change it at some point.
+ */
+ if ($request->filled('password') || $request->filled('key') || $request->filled('appversion') || !env('BOT_PROTECTION', false)) {
+ return $next($request);
+ }
- // The specific user
- $user = DB::table('humanverification')->where('uid', $uid)->first();
-
- $createdAt = Carbon::now();
- $unusedResultPages = 1;
- $locked = false;
- # If this user doesn't have an entry we will create one
-
- if ($user === null) {
- DB::table('humanverification')->insert(
- [
- 'uid' => $uid,
- 'id' => $id,
- 'unusedResultPages' => 0,
- 'whitelist' => false,
- 'whitelistCounter' => 0,
- 'locked' => false,
- "lockedKey" => "",
- 'updated_at' => Carbon::now(),
- ]
- );
- # Insert the URL the user tries to reach
- $url = url()->full();
- DB::table('usedurls')->insert(['uid' => $uid, 'id' => $id, 'eingabe' => $request->input('eingabe', '')]);
+ // The specific user
$user = DB::table('humanverification')->where('uid', $uid)->first();
- }
- # If the user is locked we will force a Captcha validation
- if ($user->locked === 1) {
- $captcha = Captcha::create("default", true);
- DB::table('humanverification')->where('uid', $uid)->update(['lockedKey' => $captcha["key"]]);
- return
- new Response(
- view('humanverification.captcha')
- ->with('title', "Bestätigung erforderlich")
- ->with('id', $uid)
- ->with('url', url()->full())
- ->with('image', $captcha["img"])
- );
- }
+ $createdAt = Carbon::now();
+ $unusedResultPages = 1;
+ $locked = false;
+ # If this user doesn't have an entry we will create one
+
+ if ($user === null) {
+ DB::table('humanverification')->insert(
+ [
+ 'uid' => $uid,
+ 'id' => $id,
+ 'unusedResultPages' => 0,
+ 'whitelist' => false,
+ 'whitelistCounter' => 0,
+ 'locked' => false,
+ "lockedKey" => "",
+ 'updated_at' => Carbon::now(),
+ ]
+ );
+ # Insert the URL the user tries to reach
+ $url = url()->full();
+ DB::table('usedurls')->insert(['uid' => $uid, 'id' => $id, 'eingabe' => $request->input('eingabe', '')]);
+ $user = DB::table('humanverification')->where('uid', $uid)->first();
+ }
- # Find out how many requests this IP has made
- $sum = DB::table('humanverification')->where('id', $id)->where('whitelist', false)->sum('unusedResultPages');
+ # Lock out everyone in a Bot network
+ # Find out how many requests this IP has made
+ $sum = DB::table('humanverification')->where('id', $id)->where('whitelist', false)->sum('unusedResultPages');
+
+ # A lot of automated requests are from websites that redirect users to our result page.
+ # We will detect those requests and put a captcha
+ $referer = URL::previous();
+ # Just the URL-Parameter
+ $refererLock = false;
+ if (stripos($referer, "?") !== false) {
+ $referer = substr($referer, stripos($referer, "?") + 1);
+ $referer = urldecode($referer);
+ if (preg_match("/http[s]{0,1}:\/\/metager\.de\/meta\/meta.ger3\?.*?eingabe=([\w\d]+\.){1,2}[\w\d]+/si", $referer) === 1) {
+ $refererLock = true;
+ }
- // Defines if this is the only user using that IP Adress
- $alone = DB::table('humanverification')->where('id', $id)->count() === 1;
+ }
- $unusedResultPages = intval($user->unusedResultPages);
- $unusedResultPages++;
+ // Defines if this is the only user using that IP Adress
+ $alone = DB::table('humanverification')->where('id', $id)->count() === 1;
+ if ((!$alone && $sum >= 50 && $user->whitelist !== 1) || $refererLock) {
+ DB::table('humanverification')->where('uid', $uid)->update(['locked' => true]);
+ $user->locked = 1;
+ }
- if ($sum < 50 || $alone || $user->whitelist === 1) {
- # This IP doesn't need verification yet
- # The user currently isn't locked
+ # If the user is locked we will force a Captcha validation
+ if ($user->locked === 1) {
+ $captcha = Captcha::create("default", true);
+ DB::table('humanverification')->where('uid', $uid)->update(['lockedKey' => $captcha["key"]]);
+ return
+ new Response(
+ view('humanverification.captcha')
+ ->with('title', "Bestätigung erforderlich")
+ ->with('id', $uid)
+ ->with('url', url()->full())
+ ->with('image', $captcha["img"])
+ );
+ }
- # We have different security gates:
- # 50, 75, 85, >=90 => Captcha validated Result Pages
- # If the user shows activity on our result page the counter will be deleted
- # Maybe I'll add a ban if the user reaches 100
+ $unusedResultPages = intval($user->unusedResultPages);
+ $unusedResultPages++;
$locked = false;
- if ($unusedResultPages === 50 || $unusedResultPages === 75 || $unusedResultPages === 85 || $unusedResultPages >= 90) {
- $locked = true;
- }
+ if ($alone || $user->whitelist === 1) {
+ # This IP doesn't need verification yet
+ # The user currently isn't locked
+
+ # We have different security gates:
+ # 50, 75, 85, >=90 => Captcha validated Result Pages
+ # If the user shows activity on our result page the counter will be deleted
+ # Maybe I'll add a ban if the user reaches 100
+
+ if ($unusedResultPages === 50 || $unusedResultPages === 75 || $unusedResultPages === 85 || $unusedResultPages >= 90) {
+ $locked = true;
+ }
+
+ }
DB::table('humanverification')->where('uid', $uid)->update(['unusedResultPages' => $unusedResultPages, 'locked' => $locked]);
# Insert the URL the user tries to reach
DB::table('usedurls')->insert(['uid' => $uid, 'id' => $id, 'eingabe' => $request->input('eingabe', '')]);
- } else {
- $tmpId = md5($uid . date("d"));
-
- # If the parameter uid is correctly set we will allow access to the result page
- if ($request->input('uid', '') !== $tmpId) {
- DB::table('humanverification')->where('uid', $uid)->increment('whitelistCounter');
- if ($user->whitelistCounter >= 4) {
- DB::table('humanverification')->where('uid', $uid)->update(['locked' => true]);
- }
- # This IP will need verification
- return
- new Response(
- view('humanverification.whitelistVerification')
- ->with('title', $request->input('eingabe', '') . " - MetaGer")
- ->with('method', $request->method())
- ->with('uid', md5($uid . date("d")))
- );
- } else {
- DB::table('humanverification')->where('uid', $uid)->update(['unusedResultPages' => $unusedResultPages]);
- # Insert the URL the user tries to reach
- DB::table('usedurls')->insert(['uid' => $uid, 'id' => $id, 'eingabe' => $request->input('eingabe', '')]);
- }
+ } catch (\Illuminate\Database\QueryException $e) {
+ // Failure in contacting metager3.de
}
-
- /* } catch (\Illuminate\Database\QueryException $e) {
- // Failure in contacting metager3.de
- }*/
$request->request->add(['verification_id' => $uid, 'verification_count' => $unusedResultPages]);
return $next($request);
}
diff --git a/resources/views/humanverification/captcha.blade.php b/resources/views/humanverification/captcha.blade.php
index 6423a8816e7ded7f18f8dc66bb4e298963d8f7b7..9f58d36e3122ab75bda226e399157b23fc58f110 100644
--- a/resources/views/humanverification/captcha.blade.php
+++ b/resources/views/humanverification/captcha.blade.php
@@ -4,12 +4,10 @@
@section('content')
<h1>Entschuldigen Sie die Störung</h1>
- <p>Wir haben Grund zur Annahme, dass von Ihrem Anschluss verstärkt automatisierte Abfragen abgeschickt wurden.
- Deshalb bitten wir Sie, die nachfolgende Captcha Abfrage zu beantworten.</p>
- <p>Sollten Sie diese Nachricht häufiger sehen oder handelt es sich dabei um einen Irrtum, schicken Sie uns gerne eine Nachricht über unser <a href="/kontakt">Kontaktformular</a>.</p>
- <p>Nennen Sie uns in diesem Fall bitte unbedingt folgende Vorgangsnummer: {{ $id }}
- <p>Wir schauen uns den Vorgang dann gerne im Detail an.</p>
- <p>Bitte geben SIe die Buchstaben aus dem Bild in die Eingabebox ein und bestätigen Sie mit OK um zur Ergebnisseite zu gelangen.</p>
+ <p>Sie befinden sich in einem Netzwerk aus dem wir verstärkt automatisierte Anfragen erhalten. Keine Sorge: Das bedeutet nicht unbedingt, dass diese Anfragen von Ihrem PC kommen.</p>
+ <p>Allerdings können wir Ihre Anfragen nicht von denen des "Robots" unterscheiden. Zum Schutz der von uns abgefragten Suchmaschinen müssen wir aber sicherstellen, dass diese nicht mit (automatisierten) Abfragen überflutet werden.</p>
+
+ <p>Bitte geben Sie deshalb die Zeichen aus dem Bild in die Eingabebox ein und bestätigen Sie mit "OK" um zur Ergebnisseite zu gelangen.</p>
<form method="post" action="{{ route('verification', ['id' => $id]) }}">
<input type="hidden" name="url" value="{!! $url !!}">
<input type="hidden" name="id" value="{{ $id }}">
@@ -20,4 +18,6 @@
<p><input type="text" class="form-control" name="captcha" placeholder="Captcha eingeben" autofocus></p>
<p><button type="submit" class="btn btn-success" name="check">OK</button></p>
</form>
+ <p>Sollten Sie diese Nachricht häufiger sehen oder handelt es sich dabei um einen Irrtum, schicken Sie uns gerne eine Nachricht über unser <a href="/kontakt">Kontaktformular</a>.</p>
+ <p>Nennen Sie uns in diesem Fall bitte unbedingt folgende Vorgangsnummer: {{ $id }}
@endsection
diff --git a/resources/views/humanverification/whitelistVerification.blade.php b/resources/views/humanverification/whitelistVerification.blade.php
deleted file mode 100644
index 23a7e4aa05703094d4794ef63454ffafc12998ed..0000000000000000000000000000000000000000
--- a/resources/views/humanverification/whitelistVerification.blade.php
+++ /dev/null
@@ -1,25 +0,0 @@
-@extends('layouts.subPages')
-
-@section('title', $title )
-
-@section('content')
- <h1 class="page-title">Einen kurzen Augenblick bitte</h1>
- <div class="card-heavy">
- <p>Sie befinden sich im selben Netzwerk, aus dem wir sehr viele automatisierte Anfragen erhalten. Das bedeutet nicht, dass die Anfragen von Ihrem PC kommen. Wir müssen nun aber verifizieren, dass es sich bei Ihnen um einen realen Nutzer handelt.</p>
- <p>Der erste Schritt ist diese Vorschaltseite. Sie brauchen nichts weiter tun, als unten auf den Knopf "Weiter zur Ergebnisseite" zu klicken.</p>
- <p>Zukünftig sollten Sie diese Seite nicht mehr sehen.</p>
- <form id="goOn" method="{{ $method }}">
- @foreach(Request::all() as $key => $value)
- <input type="hidden" name="{{ $key }}" value="{{ $value }}" />
- @endforeach
- <input type="hidden" name="uid" value="{{ $uid }}" />
- <p><button type="submit" class="btn btn-success">Weiter zur Ergebnisseite</button></p>
- </form>
- </div>
- <script>
- $(document).ready(function() {
- $(".mg-panel").css("display", "none");
- $("#goOn").submit();
- });
- </script>
-@endsection