diff --git a/app/Http/Controllers/HumanVerification.php b/app/Http/Controllers/HumanVerification.php
index e3de31f753a9d312ecce18aa469c07801426aa56..147c9f13c2530b2e194a047d428570379057fdcb 100644
--- a/app/Http/Controllers/HumanVerification.php
+++ b/app/Http/Controllers/HumanVerification.php
@@ -20,23 +20,28 @@ class HumanVerification extends Controller
}
if ($request->getMethod() == 'POST') {
- $user = DB::table('humanverification')->where('id', $id)->first();
+ $user = DB::table('humanverification')->where('uid', $id)->first();
$lockedKey = $user->lockedKey;
$key = $request->input('captcha');
$key = strtolower($key);
+
if (!$hasher->check($key, $lockedKey)) {
$captcha = Captcha::create("default", true);
- DB::table('humanverification')->where('id', $id)->update(['lockedKey' => $captcha["key"]]);
- return view('captcha')->with('title', 'Bestätigung notwendig')
+ DB::table('humanverification')->where('uid', $id)->update(['lockedKey' => $captcha["key"]]);
+ return view('humanverification.captcha')->with('title', 'Bestätigung notwendig')
->with('id', $id)
->with('url', $url)
->with('image', $captcha["img"])
->with('errorMessage', 'Bitte Captcha eingeben:');
} else {
+
+ # The Captcha was correct. We can remove the key from the user
+ DB::table('humanverification')->where('uid', $id)->update(['lockedKey' => "", 'whitelistCounter' => 0]);
+
# If we can unlock the Account of this user we will redirect him to the result page
if ($user !== null && $user->locked === 1) {
- DB::table('humanverification')->where('id', $id)->update(['locked' => false]);
+ DB::table('humanverification')->where('uid', $id)->update(['locked' => false]);
return redirect($url);
} else {
return redirect('/');
@@ -44,8 +49,8 @@ class HumanVerification extends Controller
}
}
$captcha = Captcha::create("default", true);
- DB::table('humanverification')->where('id', $id)->update(['lockedKey' => $captcha["key"]]);
- return view('captcha')->with('title', 'Bestätigung notwendig')
+ DB::table('humanverification')->where('uid', $id)->update(['lockedKey' => $captcha["key"]]);
+ return view('humanverification.captcha')->with('title', 'Bestätigung notwendig')
->with('id', $id)
->with('url', $url)
->with('image', $captcha["img"]);
@@ -56,10 +61,9 @@ class HumanVerification extends Controller
if (!$request->has('mm')) {
abort(404, "Keine Katze gefunden.");
}
- $id = md5($request->ip());
+
if (HumanVerification::checkId($request, $request->input('mm'))) {
- # Remove the entry from the database
- DB::table('humanverification')->where('id', $id)->where('updated_at', '<', Carbon::NOW()->subSeconds(2))->delete();
+ HumanVerification::removeUser($request, $request->input('mm'));
}
return response(hex2bin('89504e470d0a1a0a0000000d494844520000000100000001010300000025db56ca00000003504c5445000000a77a3dda0000000174524e530040e6d8660000000a4944415408d76360000000020001e221bc330000000049454e44ae426082'), 200)
->header('Content-Type', 'image/png');
@@ -72,15 +76,47 @@ class HumanVerification extends Controller
# If the user is correct and the password is we will delete any entry in the database
$requiredPass = md5($mm . Carbon::NOW()->day . $url . env("PROXY_PASSWORD"));
if (HumanVerification::checkId($request, $mm) && $requiredPass === $password) {
- # Remove the entry from the database
- DB::table('humanverification')->where('id', $mm)->where('updated_at', '<', Carbon::NOW()->subSeconds(2))->delete();
+ HumanVerification::removeUser($request, $mm);
}
return redirect($url);
}
+ private static function removeUser($request, $uid)
+ {
+ $id = hash("sha512", $request->ip());
+
+ $sum = DB::table('humanverification')->where('id', $id)->where('whitelist', false)->sum('unusedResultPages');
+ $user = DB::table('humanverification')->where('uid', $uid)->first();
+
+ if ($user === null) {
+ return;
+ }
+
+ # Check if we have to whitelist the user or if we can simply delete the data
+ if ($user->unusedResultPages < $sum && $user->whitelist === 0) {
+ # Whitelist
+ DB::table('humanverification')->where('uid', $uid)->update(['whitelist' => true, 'whitelistCounter' => 0]);
+ $user->whitelist = 1;
+ $user->whitelistCounter = 0;
+ }
+
+ if ($user->whitelist === 1) {
+ if (
+ DB::table('humanverification')->where('uid', $uid)->where('updated_at', '<', Carbon::NOW()->subSeconds(2))->update(['unusedResultPages' => 0])
+ === 1
+ ) {
+ DB::table('usedurls')->where('uid', $uid)->delete();
+ }
+ } else {
+ DB::table('humanverification')->where('uid', $uid)->where('updated_at', '<', Carbon::NOW()->subSeconds(2))->delete();
+
+ }
+
+ }
+
private static function checkId($request, $id)
{
- if (md5($request->ip()) === $id) {
+ if (hash("sha512", $request->ip() . $_SERVER["AGENT"]) === $id) {
return true;
} else {
return false;
diff --git a/app/Http/Middleware/HumanVerification.php b/app/Http/Middleware/HumanVerification.php
index 5a37786be0a1b206f4d624053260c30e5a6a3156..d171390d31f3153b7492f7cb4e6a601e8a881b16 100644
--- a/app/Http/Middleware/HumanVerification.php
+++ b/app/Http/Middleware/HumanVerification.php
@@ -19,66 +19,116 @@ class HumanVerification
*/
public function handle($request, Closure $next)
{
- try {
- $id = md5($request->ip());
-
- /**
- * If the user sends a Password or a key
- * We will not verificate the user.
- * If someone that uses a bot finds this out we
- * might have to change it at some point.
- */
- if ($request->has('password') || $request->filled('key') || $request->filled('appversion') || !env('BOT_PROTECTION', false)) {
- return $next($request);
- }
+ //try {
+ $id = hash("sha512", $request->ip());
+ $uid = hash("sha512", $request->ip() . $_SERVER["AGENT"]);
+ unset($_SERVER["AGENT"]);
+
+ /**
+ * If the user sends a Password or a key
+ * We will not verificate the user.
+ * If someone that uses a bot finds this out we
+ * might have to change it at some point.
+ */
+ if ($request->filled('password') || $request->filled('key') || $request->filled('appversion') || !env('BOT_PROTECTION', false)) {
+ return $next($request);
+ }
+
+ // The specific user
+ $user = DB::table('humanverification')->where('uid', $uid)->first();
+
+ $createdAt = Carbon::now();
+ $unusedResultPages = 1;
+ $locked = false;
+ # If this user doesn't have an entry we will create one
+
+ if ($user === null) {
+ DB::table('humanverification')->insert(
+ [
+ 'uid' => $uid,
+ 'id' => $id,
+ 'unusedResultPages' => 0,
+ 'whitelist' => false,
+ 'whitelistCounter' => 0,
+ 'locked' => false,
+ "lockedKey" => "",
+ 'updated_at' => Carbon::now(),
+ ]
+ );
+ # Insert the URL the user tries to reach
+ $url = url()->full();
+ DB::table('usedurls')->insert(['uid' => $uid, 'id' => $id, 'eingabe' => $request->input('eingabe', '')]);
+ $user = DB::table('humanverification')->where('uid', $uid)->first();
+ }
+
+ # If the user is locked we will force a Captcha validation
+ if ($user->locked === 1) {
+ $captcha = Captcha::create("default", true);
+ DB::table('humanverification')->where('uid', $uid)->update(['lockedKey' => $captcha["key"]]);
+ return
+ new Response(
+ view('humanverification.captcha')
+ ->with('title', "Bestätigung erforderlich")
+ ->with('id', $uid)
+ ->with('url', url()->full())
+ ->with('image', $captcha["img"])
+ );
+ }
+
+ # Find out how many requests this IP has made
+ $sum = DB::table('humanverification')->where('id', $id)->where('whitelist', false)->sum('unusedResultPages');
- $user = DB::table('humanverification')->where('id', $id)->first();
- $createdAt = Carbon::now();
- $unusedResultPages = 1;
+ // Defines if this is the only user using that IP Adress
+ $alone = DB::table('humanverification')->where('id', $id)->count() === 1;
+
+ $unusedResultPages = intval($user->unusedResultPages);
+ $unusedResultPages++;
+
+ if ($sum < 50 || $alone || $user->whitelist === 1) {
+ # This IP doesn't need verification yet
+ # The user currently isn't locked
+
+ # We have different security gates:
+ # 50, 75, 85, >=90 => Captcha validated Result Pages
+ # If the user shows activity on our result page the counter will be deleted
+ # Maybe I'll add a ban if the user reaches 100
$locked = false;
- # If this user doesn't have an entry we will create one
- if ($user === null) {
- DB::table('humanverification')->insert(
- ['id' => $id, 'unusedResultPages' => 1, 'locked' => false, "lockedKey" => "", 'updated_at' => Carbon::now()]
- );
- # Insert the URL the user tries to reach
- $url = url()->full();
- DB::table('usedurls')->insert(['user_id' => $id, 'url' => $url]);
- $user = DB::table('humanverification')->where('id', $id)->first();
- } else if ($user->locked !== 1) {
- $unusedResultPages = intval($user->unusedResultPages);
- $unusedResultPages++;
- # We have different security gates:
- # 50, 75, 85, >=90 => Captcha validated Result Pages
- # If the user shows activity on our result page the counter will be deleted
- # Maybe I'll add a ban if the user reaches 100
- if ($unusedResultPages === 50 || $unusedResultPages === 75 || $unusedResultPages === 85 || $unusedResultPages >= 90) {
- $locked = true;
- }
- DB::table('humanverification')->where('id', $id)->update(['unusedResultPages' => $unusedResultPages, 'locked' => $locked, 'updated_at' => $createdAt]);
- # Insert the URL the user tries to reach
- DB::table('usedurls')->insert(['user_id' => $id, 'url' => url()->full()]);
+ if ($unusedResultPages === 50 || $unusedResultPages === 75 || $unusedResultPages === 85 || $unusedResultPages >= 90) {
+ $locked = true;
}
- $request->request->add(['verification_id' => $id, 'verification_count' => $unusedResultPages]);
+ DB::table('humanverification')->where('uid', $uid)->update(['unusedResultPages' => $unusedResultPages, 'locked' => $locked]);
+ # Insert the URL the user tries to reach
+ DB::table('usedurls')->insert(['uid' => $uid, 'id' => $id, 'eingabe' => $request->input('eingabe', '')]);
+ } else {
+ $tmpId = md5($uid . date("d"));
- # If the user is locked we will force a Captcha validation
- if ($user->locked === 1) {
- $captcha = Captcha::create("default", true);
- DB::table('humanverification')->where('id', $id)->update(['lockedKey' => $captcha["key"]]);
+ # If the parameter uid is correctly set we will allow access to the result page
+ if ($request->input('uid', '') !== $tmpId) {
+ DB::table('humanverification')->where('uid', $uid)->increment('whitelistCounter');
+ if ($user->whitelistCounter >= 4) {
+ DB::table('humanverification')->where('uid', $uid)->update(['locked' => true]);
+ }
+
+ # This IP will need verification
return
new Response(
- view('captcha')
- ->with('title', "Bestätigung erforderlich")
- ->with('id', $id)
- ->with('url', url()->full())
- ->with('image', $captcha["img"])
+ view('humanverification.whitelistVerification')
+ ->with('title', $request->input('eingabe', '') . " - MetaGer")
+ ->with('method', $request->method())
+ ->with('uid', md5($uid . date("d")))
);
+ } else {
+ DB::table('humanverification')->where('uid', $uid)->update(['unusedResultPages' => $unusedResultPages]);
+ # Insert the URL the user tries to reach
+ DB::table('usedurls')->insert(['uid' => $uid, 'id' => $id, 'eingabe' => $request->input('eingabe', '')]);
}
- } catch (\Illuminate\Database\QueryException $e) {
- // Failure in contacting metager3.de
}
+ /* } catch (\Illuminate\Database\QueryException $e) {
+ // Failure in contacting metager3.de
+ }*/
+ $request->request->add(['verification_id' => $uid, 'verification_count' => $unusedResultPages]);
return $next($request);
}
}
diff --git a/app/MetaGer.php b/app/MetaGer.php
index 0a03f4e4ffc395ee9b063177ccd81d5b7f99722f..57d89a841fd1ba1608578ce416f69c13ec96ba1e 100644
--- a/app/MetaGer.php
+++ b/app/MetaGer.php
@@ -934,7 +934,7 @@ class MetaGer
public function parseFormData(Request $request)
{
- $this->request = $request;
+
# Sichert, dass der request in UTF-8 formatiert ist
if ($request->input('encoding', 'utf8') !== "utf8") {
# In früheren Versionen, als es den Encoding Parameter noch nicht gab, wurden die Daten in ISO-8859-1 übertragen
@@ -1051,6 +1051,8 @@ class MetaGer
$this->verificationId = $request->input('verification_id', null);
$this->verificationCount = intval($request->input('verification_count', '0'));
$this->apiKey = $request->input('key', '');
+ // Remove Inputs that are not used
+ $this->request = $request->replace($request->except(['verification_id', 'uid', 'verification_count']));
$this->validated = false;
if (isset($this->password)) {
@@ -1492,6 +1494,14 @@ class MetaGer
# Einfache Getter
+ public function getVerificationId() {
+ return $this->verificationId;
+ }
+
+ public function getVerificationCount() {
+ return $this->verificationCount;
+ }
+
public function getSite()
{
return $this->site;
diff --git a/database/migrations/2018_04_26_114745_create_humanverification_table.php b/database/migrations/2018_04_26_114745_create_humanverification_table.php
index 95c94233c98e95c00a0a6381c478362e80bd9ff4..081612b3be8e193afa413d869ba037879e06311b 100644
--- a/database/migrations/2018_04_26_114745_create_humanverification_table.php
+++ b/database/migrations/2018_04_26_114745_create_humanverification_table.php
@@ -1,8 +1,8 @@
<?php
-use Illuminate\Support\Facades\Schema;
-use Illuminate\Database\Schema\Blueprint;
use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
class CreateHumanverificationTable extends Migration
{
@@ -14,9 +14,13 @@ class CreateHumanverificationTable extends Migration
public function up()
{
Schema::create('humanverification', function (Blueprint $table) {
- $table->string('id')->unique();
+ $table->string('uid')->unique();
+ $table->string('id');
$table->integer('unusedResultPages');
+ $table->boolean('whitelist');
+ $table->integer('whitelistCounter');
$table->boolean('locked');
+ $table->string('lockedKey');
$table->timestamp('updated_at');
});
}
diff --git a/database/migrations/2018_05_03_101301_usedurls.php b/database/migrations/2018_05_03_101301_usedurls.php
index 341d0b664072a7095838b0adb61e769a084b8c91..a7cc0f956d785f8aec45f91641c7fd8ac26c0ccf 100644
--- a/database/migrations/2018_05_03_101301_usedurls.php
+++ b/database/migrations/2018_05_03_101301_usedurls.php
@@ -1,8 +1,8 @@
<?php
-use Illuminate\Support\Facades\Schema;
-use Illuminate\Database\Schema\Blueprint;
use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
class Usedurls extends Migration
{
@@ -14,11 +14,12 @@ class Usedurls extends Migration
public function up()
{
Schema::create('usedurls', function (Blueprint $table) {
- $table->increments('id')->unique();
- $table->string('user_id');
- $table->text('url');
+ $table->increments('number')->unique();
+ $table->string('uid');
+ $table->string('id');
+ $table->text('eingabe');
$table->timestamp('created_at');
- $table->foreign('user_id')->references('id')->on('humanverification')->onDelete('cascade');
+ $table->foreign('uid')->references('uid')->on('humanverification')->onDelete('cascade');
});
}
diff --git a/public/index.php b/public/index.php
index b67e0a6e9b0ce993d445cd7ffb898622f8f8d4c3..4334ce537cd2b6c2d2428f9ca992cb4ac220db04 100644
--- a/public/index.php
+++ b/public/index.php
@@ -13,6 +13,8 @@ if (isset($_SERVER["HTTP_FORWARDED"]) && isset($_SERVER["HTTP_X_FORWARDED_FOR"])
unset($_SERVER["HTTP_FORWARDED"]);
}
+$_SERVER["AGENT"] = $_SERVER["HTTP_USER_AGENT"];
+
if (isset($_SERVER['HTTP_USER_AGENT'])) {
$agentPieces = explode(" ", $_SERVER['HTTP_USER_AGENT']);
diff --git a/resources/views/captcha.blade.php b/resources/views/humanverification/captcha.blade.php
similarity index 75%
rename from resources/views/captcha.blade.php
rename to resources/views/humanverification/captcha.blade.php
index 250332fb52b521588324fca4068b1a206abd5898..6423a8816e7ded7f18f8dc66bb4e298963d8f7b7 100644
--- a/resources/views/captcha.blade.php
+++ b/resources/views/humanverification/captcha.blade.php
@@ -9,6 +9,7 @@
<p>Sollten Sie diese Nachricht häufiger sehen oder handelt es sich dabei um einen Irrtum, schicken Sie uns gerne eine Nachricht über unser <a href="/kontakt">Kontaktformular</a>.</p>
<p>Nennen Sie uns in diesem Fall bitte unbedingt folgende Vorgangsnummer: {{ $id }}
<p>Wir schauen uns den Vorgang dann gerne im Detail an.</p>
+ <p>Bitte geben SIe die Buchstaben aus dem Bild in die Eingabebox ein und bestätigen Sie mit OK um zur Ergebnisseite zu gelangen.</p>
<form method="post" action="{{ route('verification', ['id' => $id]) }}">
<input type="hidden" name="url" value="{!! $url !!}">
<input type="hidden" name="id" value="{{ $id }}">
@@ -16,7 +17,7 @@
@if(isset($errorMessage))
<p><font color="red">{{$errorMessage}}</font></p>
@endif
- <p><input type="text" name="captcha"></p>
- <p><button type="submit" name="check">OK</button></p>
+ <p><input type="text" class="form-control" name="captcha" placeholder="Captcha eingeben" autofocus></p>
+ <p><button type="submit" class="btn btn-success" name="check">OK</button></p>
</form>
@endsection
diff --git a/resources/views/humanverification/whitelistVerification.blade.php b/resources/views/humanverification/whitelistVerification.blade.php
new file mode 100644
index 0000000000000000000000000000000000000000..23a7e4aa05703094d4794ef63454ffafc12998ed
--- /dev/null
+++ b/resources/views/humanverification/whitelistVerification.blade.php
@@ -0,0 +1,25 @@
+@extends('layouts.subPages')
+
+@section('title', $title )
+
+@section('content')
+ <h1 class="page-title">Einen kurzen Augenblick bitte</h1>
+ <div class="card-heavy">
+ <p>Sie befinden sich im selben Netzwerk, aus dem wir sehr viele automatisierte Anfragen erhalten. Das bedeutet nicht, dass die Anfragen von Ihrem PC kommen. Wir müssen nun aber verifizieren, dass es sich bei Ihnen um einen realen Nutzer handelt.</p>
+ <p>Der erste Schritt ist diese Vorschaltseite. Sie brauchen nichts weiter tun, als unten auf den Knopf "Weiter zur Ergebnisseite" zu klicken.</p>
+ <p>Zukünftig sollten Sie diese Seite nicht mehr sehen.</p>
+ <form id="goOn" method="{{ $method }}">
+ @foreach(Request::all() as $key => $value)
+ <input type="hidden" name="{{ $key }}" value="{{ $value }}" />
+ @endforeach
+ <input type="hidden" name="uid" value="{{ $uid }}" />
+ <p><button type="submit" class="btn btn-success">Weiter zur Ergebnisseite</button></p>
+ </form>
+ </div>
+ <script>
+ $(document).ready(function() {
+ $(".mg-panel").css("display", "none");
+ $("#goOn").submit();
+ });
+ </script>
+@endsection
diff --git a/resources/views/layouts/resultPage.blade.php b/resources/views/layouts/resultPage.blade.php
index 6d3b6ab12eff9b843047fc6639fdca0af799e9b8..a8c3853481d645c18412363f11b57d2efb0ea8d1 100644
--- a/resources/views/layouts/resultPage.blade.php
+++ b/resources/views/layouts/resultPage.blade.php
@@ -9,8 +9,8 @@
<meta name="p" content="{{ getmypid() }}" />
<meta name="q" content="{{ $eingabe }}" />
<meta name="l" content="{{ LaravelLocalization::getCurrentLocale() }}" />
- <meta name="mm" content="{{ Request::input('verification_id') }}" />
- <meta name="mn" content="{{ Request::input('verification_count') }}" />
+ <meta name="mm" content="{{ $metager->getVerificationId() }}" />
+ <meta name="mn" content="{{ $metager->getVerificationCount() }}" />
<link rel="search" type="application/opensearchdescription+xml" title="{!! trans('resultPage.opensearch') !!}" href="{{ LaravelLocalization::getLocalizedURL(LaravelLocalization::getCurrentLocale(), action('StartpageController@loadPlugin', ['params' => base64_encode(serialize(Request::all()))])) }}">
<link type="text/css" rel="stylesheet" href="{{ mix('css/themes/default.css') }}" />
<link type="text/css" rel="stylesheet" href="/font-awesome/css/font-awesome.min.css" />
diff --git a/routes/web.php b/routes/web.php
index 7e3b997720a33862391f5bb4ea04abfd65cb3a80..f1ebb289a2c7cfd5ed37465d92e57eb96ac12300 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -164,6 +164,7 @@ Route::group(
Route::match(['get', 'post'], 'meta/meta.ger3', 'MetaGerSearch@search')->middleware('humanverification');
Route::post('img/cat.jpg', 'HumanVerification@remove');
Route::get('r/metager/{mm}/{pw}/{url}', ['as' => 'humanverification', 'uses' => 'HumanVerification@removeGet']);
+ Route::post('img/dog.jpg', 'HumanVerification@whitelist');
Route::get('meta/picture', 'Pictureproxy@get');
Route::get('clickstats', 'LogController@clicklog');