Commit d95e28e1 authored by Dominik Hebeler's avatar Dominik Hebeler

added throttle to captcha

parent a00cfaff
......@@ -21,7 +21,17 @@ class HumanVerification extends Controller
if ($url != null) {
$url = base64_decode(str_replace("<<SLASH>>", "/", $url));
} else {
$url = $request->input('url');
$url = $request->input('url', url("/"));
}
$protocol = "http://";
if ($request->secure()) {
$protocol = "https://";
}
if (stripos($url, $protocol . $request->getHttpHost()) !== 0) {
$url = url("/");
}
$userlist = Cache::get(HumanVerification::PREFIX . "." . $id, []);
......@@ -40,7 +50,6 @@ class HumanVerification extends Controller
$key = strtolower($key);
if (!$hasher->check($key, $lockedKey)) {
sleep(\random_int(1, 8));
$captcha = Captcha::create("default", true);
$user["lockedKey"] = $captcha["key"];
HumanVerification::saveUser($user);
......@@ -67,7 +76,7 @@ class HumanVerification extends Controller
}
}
}
sleep(\random_int(1, 8));
$captcha = Captcha::create("default", true);
$user["lockedKey"] = $captcha["key"];
HumanVerification::saveUser($user);
......@@ -146,9 +155,9 @@ class HumanVerification extends Controller
$ip = $request->ip();
$id = "";
if (HumanVerification::couldBeSpammer($ip)) {
$id = hash("sha512", "999.999.999.999");
$id = hash("sha1", "999.999.999.999");
} else {
$id = hash("sha512", $ip);
$id = hash("sha1", $ip);
}
$userlist = Cache::get(HumanVerification::PREFIX . "." . $id, []);
......@@ -185,9 +194,9 @@ class HumanVerification extends Controller
$uid = "";
$ip = $request->ip();
if (HumanVerification::couldBeSpammer($ip)) {
$uid = hash("sha512", "999.999.999.999" . $ip . $_SERVER["AGENT"] . "uid");
$uid = hash("sha1", "999.999.999.999" . $ip . $_SERVER["AGENT"] . "uid");
} else {
$uid = hash("sha512", $ip . $_SERVER["AGENT"] . "uid");
$uid = hash("sha1", $ip . $_SERVER["AGENT"] . "uid");
}
if ($uid === $id) {
......@@ -217,11 +226,11 @@ class HumanVerification extends Controller
$uid = "";
$ip = $request->ip();
if (\App\Http\Controllers\HumanVerification::couldBeSpammer($ip)) {
$id = hash("sha512", "999.999.999.999");
$uid = hash("sha512", "999.999.999.999" . $ip . $_SERVER["AGENT"] . "uid");
$id = hash("sha1", "999.999.999.999");
$uid = hash("sha1", "999.999.999.999" . $ip . $_SERVER["AGENT"] . "uid");
} else {
$id = hash("sha512", $ip);
$uid = hash("sha512", $ip . $_SERVER["AGENT"] . "uid");
$id = hash("sha1", $ip);
$uid = hash("sha1", $ip . $_SERVER["AGENT"] . "uid");
}
$userList = Cache::get(HumanVerification::PREFIX . "." . $id);
......@@ -240,11 +249,11 @@ class HumanVerification extends Controller
$uid = "";
$ip = $request->ip();
if (\App\Http\Controllers\HumanVerification::couldBeSpammer($ip)) {
$id = hash("sha512", "999.999.999.999");
$uid = hash("sha512", "999.999.999.999" . $ip . $_SERVER["AGENT"] . "uid");
$id = hash("sha1", "999.999.999.999");
$uid = hash("sha1", "999.999.999.999" . $ip . $_SERVER["AGENT"] . "uid");
} else {
$id = hash("sha512", $ip);
$uid = hash("sha512", $ip . $_SERVER["AGENT"] . "uid");
$id = hash("sha1", $ip);
$uid = hash("sha1", $ip . $_SERVER["AGENT"] . "uid");
}
$userList = Cache::get(HumanVerification::PREFIX . "." . $id);
......
......@@ -3,10 +3,8 @@
namespace App\Http\Middleware;
use Cache;
use Captcha;
use Closure;
use Cookie;
use Illuminate\Http\Response;
use Log;
use URL;
......@@ -30,11 +28,11 @@ class HumanVerification
$id = "";
$uid = "";
if (\App\Http\Controllers\HumanVerification::couldBeSpammer($ip)) {
$id = hash("sha512", "999.999.999.999");
$uid = hash("sha512", "999.999.999.999" . $ip . $_SERVER["AGENT"] . "uid");
$id = hash("sha1", "999.999.999.999");
$uid = hash("sha1", "999.999.999.999" . $ip . $_SERVER["AGENT"] . "uid");
} else {
$id = hash("sha512", $ip);
$uid = hash("sha512", $ip . $_SERVER["AGENT"] . "uid");
$id = hash("sha1", $ip);
$uid = hash("sha1", $ip . $_SERVER["AGENT"] . "uid");
}
unset($_SERVER["AGENT"]);
......@@ -101,19 +99,7 @@ class HumanVerification
# If the user is locked we will force a Captcha validation
if ($user["locked"]) {
sleep(\random_int(1, 8));
$captcha = Captcha::create("default", true);
$user["lockedKey"] = $captcha["key"];
\App\PrometheusExporter::CaptchaShown();
return
new Response(
view('humanverification.captcha')
->with('title', "Bestätigung erforderlich")
->with('uid', $uid)
->with('id', $id)
->with('url', url()->full())
->with('image', $captcha["img"])
);
return redirect()->route('captcha', ["id" => $id, "uid" => $uid, "url" => url()->full()]);
}
$user["unusedResultPages"]++;
......
......@@ -199,6 +199,7 @@ Route::group(
Route::get('meta/loadMore', 'MetaGerSearch@loadMore');
Route::post('img/cat.jpg', 'HumanVerification@remove');
Route::get('verify/metager/{id}/{uid}', ['as' => 'captcha', 'uses' => 'HumanVerification@captcha', 'middleware' => 'throttle:12,1']);
Route::get('r/metager/{mm}/{pw}/{url}', ['as' => 'humanverification', 'uses' => 'HumanVerification@removeGet']);
Route::post('img/dog.jpg', 'HumanVerification@whitelist');
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment