Skip to content

MetaGer
MetaGer
Commit d39efe60 authored by Dominik Hebeler's avatar Dominik Hebeler
Browse files
Options

New Humanverification version

parent 18a85710
Hide whitespace changes
Inline Side-by-side
Showing with 205 additions and 75 deletions
app/Http/Controllers/HumanVerification.php
View file @ d39efe60
......@@ -20,23 +20,28 @@ class HumanVerification extends Controller
}
if ($request->getMethod() == 'POST') {
$user = DB::table('humanverification')->where('id', $id)->first();
$user = DB::table('humanverification')->where('uid', $id)->first();
$lockedKey = $user->lockedKey;
$key = $request->input('captcha');
$key = strtolower($key);
if (!$hasher->check($key, $lockedKey)) {
$captcha = Captcha::create("default", true);
DB::table('humanverification')->where('id', $id)->update(['lockedKey' => $captcha["key"]]);
return view('captcha')->with('title', 'Bestätigung notwendig')
DB::table('humanverification')->where('uid', $id)->update(['lockedKey' => $captcha["key"]]);
return view('humanverification.captcha')->with('title', 'Bestätigung notwendig')
->with('id', $id)
->with('url', $url)
->with('image', $captcha["img"])
->with('errorMessage', 'Bitte Captcha eingeben:');
} else {
# The Captcha was correct. We can remove the key from the user
DB::table('humanverification')->where('uid', $id)->update(['lockedKey' => "", 'whitelistCounter' => 0]);
# If we can unlock the Account of this user we will redirect him to the result page
if ($user !== null && $user->locked === 1) {
DB::table('humanverification')->where('id', $id)->update(['locked' => false]);
DB::table('humanverification')->where('uid', $id)->update(['locked' => false]);
return redirect($url);
} else {
return redirect('/');
......@@ -44,8 +49,8 @@ class HumanVerification extends Controller
}
}
$captcha = Captcha::create("default", true);
DB::table('humanverification')->where('id', $id)->update(['lockedKey' => $captcha["key"]]);
return view('captcha')->with('title', 'Bestätigung notwendig')
DB::table('humanverification')->where('uid', $id)->update(['lockedKey' => $captcha["key"]]);
return view('humanverification.captcha')->with('title', 'Bestätigung notwendig')
->with('id', $id)
->with('url', $url)
->with('image', $captcha["img"]);
......@@ -56,10 +61,9 @@ class HumanVerification extends Controller
if (!$request->has('mm')) {
abort(404, "Keine Katze gefunden.");
}
$id = md5($request->ip());
if (HumanVerification::checkId($request, $request->input('mm'))) {
# Remove the entry from the database
DB::table('humanverification')->where('id', $id)->where('updated_at', '<', Carbon::NOW()->subSeconds(2))->delete();
HumanVerification::removeUser($request, $request->input('mm'));
}
return response(hex2bin('89504e470d0a1a0a0000000d494844520000000100000001010300000025db56ca00000003504c5445000000a77a3dda0000000174524e530040e6d8660000000a4944415408d76360000000020001e221bc330000000049454e44ae426082'), 200)
->header('Content-Type', 'image/png');
......@@ -72,15 +76,47 @@ class HumanVerification extends Controller
# If the user is correct and the password is we will delete any entry in the database
$requiredPass = md5($mm . Carbon::NOW()->day . $url . env("PROXY_PASSWORD"));
if (HumanVerification::checkId($request, $mm) && $requiredPass === $password) {
# Remove the entry from the database
DB::table('humanverification')->where('id', $mm)->where('updated_at', '<', Carbon::NOW()->subSeconds(2))->delete();
HumanVerification::removeUser($request, $mm);
}
return redirect($url);
}
private static function removeUser($request, $uid)
{
$id = hash("sha512", $request->ip());
$sum = DB::table('humanverification')->where('id', $id)->where('whitelist', false)->sum('unusedResultPages');
$user = DB::table('humanverification')->where('uid', $uid)->first();
if ($user === null) {
return;
}
# Check if we have to whitelist the user or if we can simply delete the data
if ($user->unusedResultPages < $sum && $user->whitelist === 0) {
# Whitelist
DB::table('humanverification')->where('uid', $uid)->update(['whitelist' => true, 'whitelistCounter' => 0]);
$user->whitelist = 1;
$user->whitelistCounter = 0;
}
if ($user->whitelist === 1) {
if (
DB::table('humanverification')->where('uid', $uid)->where('updated_at', '<', Carbon::NOW()->subSeconds(2))->update(['unusedResultPages' => 0])
=== 1
) {
DB::table('usedurls')->where('uid', $uid)->delete();
}
} else {
DB::table('humanverification')->where('uid', $uid)->where('updated_at', '<', Carbon::NOW()->subSeconds(2))->delete();
}
}
private static function checkId($request, $id)
{
if (md5($request->ip()) === $id) {
if (hash("sha512", $request->ip() . $_SERVER["AGENT"]) === $id) {
return true;
} else {
return false;
......
app/Http/Middleware/HumanVerification.php
View file @ d39efe60
......@@ -19,66 +19,116 @@ class HumanVerification
*/
public function handle($request, Closure $next)
{
try {
$id = md5($request->ip());
/**
* If the user sends a Password or a key
* We will not verificate the user.
* If someone that uses a bot finds this out we
* might have to change it at some point.
*/
if ($request->has('password') || $request->filled('key') || $request->filled('appversion') || !env('BOT_PROTECTION', false)) {
return $next($request);
}
//try {
$id = hash("sha512", $request->ip());
$uid = hash("sha512", $request->ip() . $_SERVER["AGENT"]);
unset($_SERVER["AGENT"]);
/**
* If the user sends a Password or a key
* We will not verificate the user.
* If someone that uses a bot finds this out we
* might have to change it at some point.
*/
if ($request->filled('password') || $request->filled('key') || $request->filled('appversion') || !env('BOT_PROTECTION', false)) {
return $next($request);
}
// The specific user
$user = DB::table('humanverification')->where('uid', $uid)->first();
$createdAt = Carbon::now();
$unusedResultPages = 1;
$locked = false;
# If this user doesn't have an entry we will create one
if ($user === null) {
DB::table('humanverification')->insert(
[
'uid' => $uid,
'id' => $id,
'unusedResultPages' => 0,
'whitelist' => false,
'whitelistCounter' => 0,
'locked' => false,
"lockedKey" => "",
'updated_at' => Carbon::now(),
]
);
# Insert the URL the user tries to reach
$url = url()->full();
DB::table('usedurls')->insert(['uid' => $uid, 'id' => $id, 'eingabe' => $request->input('eingabe', '')]);
$user = DB::table('humanverification')->where('uid', $uid)->first();
}
# If the user is locked we will force a Captcha validation
if ($user->locked === 1) {
$captcha = Captcha::create("default", true);
DB::table('humanverification')->where('uid', $uid)->update(['lockedKey' => $captcha["key"]]);
return
new Response(
view('humanverification.captcha')
->with('title', "Bestätigung erforderlich")
->with('id', $uid)
->with('url', url()->full())
->with('image', $captcha["img"])
);
}
# Find out how many requests this IP has made
$sum = DB::table('humanverification')->where('id', $id)->where('whitelist', false)->sum('unusedResultPages');
$user = DB::table('humanverification')->where('id', $id)->first();
$createdAt = Carbon::now();
$unusedResultPages = 1;
// Defines if this is the only user using that IP Adress
$alone = DB::table('humanverification')->where('id', $id)->count() === 1;
$unusedResultPages = intval($user->unusedResultPages);
$unusedResultPages++;
if ($sum < 50 || $alone || $user->whitelist === 1) {
# This IP doesn't need verification yet
# The user currently isn't locked
# We have different security gates:
# 50, 75, 85, >=90 => Captcha validated Result Pages
# If the user shows activity on our result page the counter will be deleted
# Maybe I'll add a ban if the user reaches 100
$locked = false;
# If this user doesn't have an entry we will create one
if ($user === null) {
DB::table('humanverification')->insert(
['id' => $id, 'unusedResultPages' => 1, 'locked' => false, "lockedKey" => "", 'updated_at' => Carbon::now()]
);
# Insert the URL the user tries to reach
$url = url()->full();
DB::table('usedurls')->insert(['user_id' => $id, 'url' => $url]);
$user = DB::table('humanverification')->where('id', $id)->first();
} else if ($user->locked !== 1) {
$unusedResultPages = intval($user->unusedResultPages);
$unusedResultPages++;
# We have different security gates:
# 50, 75, 85, >=90 => Captcha validated Result Pages
# If the user shows activity on our result page the counter will be deleted
# Maybe I'll add a ban if the user reaches 100
if ($unusedResultPages === 50 || $unusedResultPages === 75 || $unusedResultPages === 85 || $unusedResultPages >= 90) {
$locked = true;
}
DB::table('humanverification')->where('id', $id)->update(['unusedResultPages' => $unusedResultPages, 'locked' => $locked, 'updated_at' => $createdAt]);
# Insert the URL the user tries to reach
DB::table('usedurls')->insert(['user_id' => $id, 'url' => url()->full()]);
if ($unusedResultPages === 50 || $unusedResultPages === 75 || $unusedResultPages === 85 || $unusedResultPages >= 90) {
$locked = true;
}
$request->request->add(['verification_id' => $id, 'verification_count' => $unusedResultPages]);
DB::table('humanverification')->where('uid', $uid)->update(['unusedResultPages' => $unusedResultPages, 'locked' => $locked]);
# Insert the URL the user tries to reach
DB::table('usedurls')->insert(['uid' => $uid, 'id' => $id, 'eingabe' => $request->input('eingabe', '')]);
} else {
$tmpId = md5($uid . date("d"));
# If the user is locked we will force a Captcha validation
if ($user->locked === 1) {
$captcha = Captcha::create("default", true);
DB::table('humanverification')->where('id', $id)->update(['lockedKey' => $captcha["key"]]);
# If the parameter uid is correctly set we will allow access to the result page
if ($request->input('uid', '') !== $tmpId) {
DB::table('humanverification')->where('uid', $uid)->increment('whitelistCounter');
if ($user->whitelistCounter >= 4) {
DB::table('humanverification')->where('uid', $uid)->update(['locked' => true]);
}
# This IP will need verification
return
new Response(
view('captcha')
->with('title', "Bestätigung erforderlich")
->with('id', $id)
->with('url', url()->full())
->with('image', $captcha["img"])
view('humanverification.whitelistVerification')
->with('title', $request->input('eingabe', '') . " - MetaGer")
->with('method', $request->method())
->with('uid', md5($uid . date("d")))
);
} else {
DB::table('humanverification')->where('uid', $uid)->update(['unusedResultPages' => $unusedResultPages]);
# Insert the URL the user tries to reach
DB::table('usedurls')->insert(['uid' => $uid, 'id' => $id, 'eingabe' => $request->input('eingabe', '')]);
}
} catch (\Illuminate\Database\QueryException $e) {
// Failure in contacting metager3.de
}
/* } catch (\Illuminate\Database\QueryException $e) {
// Failure in contacting metager3.de
}*/
$request->request->add(['verification_id' => $uid, 'verification_count' => $unusedResultPages]);
return $next($request);
}
}
app/MetaGer.php
View file @ d39efe60
......@@ -934,7 +934,7 @@ class MetaGer
public function parseFormData(Request $request)
{
$this->request = $request;
# Sichert, dass der request in UTF-8 formatiert ist
if ($request->input('encoding', 'utf8') !== "utf8") {
# In früheren Versionen, als es den Encoding Parameter noch nicht gab, wurden die Daten in ISO-8859-1 übertragen
......@@ -1051,6 +1051,8 @@ class MetaGer
$this->verificationId = $request->input('verification_id', null);
$this->verificationCount = intval($request->input('verification_count', '0'));
$this->apiKey = $request->input('key', '');
// Remove Inputs that are not used
$this->request = $request->replace($request->except(['verification_id', 'uid', 'verification_count']));
$this->validated = false;
if (isset($this->password)) {
......@@ -1492,6 +1494,14 @@ class MetaGer
# Einfache Getter
public function getVerificationId() {
return $this->verificationId;
}
public function getVerificationCount() {
return $this->verificationCount;
}
public function getSite()
{
return $this->site;
......
database/migrations/2018_04_26_114745_create_humanverification_table.php
View file @ d39efe60
<?php
use Illuminate\Support\Facades\Schema;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;
class CreateHumanverificationTable extends Migration
{
......@@ -14,9 +14,13 @@ class CreateHumanverificationTable extends Migration
public function up()
{
Schema::create('humanverification', function (Blueprint $table) {
$table->string('id')->unique();
$table->string('uid')->unique();
$table->string('id');
$table->integer('unusedResultPages');
$table->boolean('whitelist');
$table->integer('whitelistCounter');
$table->boolean('locked');
$table->string('lockedKey');
$table->timestamp('updated_at');
});
}
......
database/migrations/2018_05_03_101301_usedurls.php
View file @ d39efe60
<?php
use Illuminate\Support\Facades\Schema;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;
class Usedurls extends Migration
{
......@@ -14,11 +14,12 @@ class Usedurls extends Migration
public function up()
{
Schema::create('usedurls', function (Blueprint $table) {
$table->increments('id')->unique();
$table->string('user_id');
$table->text('url');
$table->increments('number')->unique();
$table->string('uid');
$table->string('id');
$table->text('eingabe');
$table->timestamp('created_at');
$table->foreign('user_id')->references('id')->on('humanverification')->onDelete('cascade');
$table->foreign('uid')->references('uid')->on('humanverification')->onDelete('cascade');
});
}
......
public/index.php
View file @ d39efe60
......@@ -13,6 +13,8 @@ if (isset($_SERVER["HTTP_FORWARDED"]) && isset($_SERVER["HTTP_X_FORWARDED_FOR"])
unset($_SERVER["HTTP_FORWARDED"]);
}
$_SERVER["AGENT"] = $_SERVER["HTTP_USER_AGENT"];
if (isset($_SERVER['HTTP_USER_AGENT'])) {
$agentPieces = explode(" ", $_SERVER['HTTP_USER_AGENT']);
......
resources/views/captcha.blade.php resources/views/humanverification/captcha.blade.php
View file @ d39efe60
......@@ -9,6 +9,7 @@
<p>Sollten Sie diese Nachricht häufiger sehen oder handelt es sich dabei um einen Irrtum, schicken Sie uns gerne eine Nachricht über unser <a href="/kontakt">Kontaktformular</a>.</p>
<p>Nennen Sie uns in diesem Fall bitte unbedingt folgende Vorgangsnummer: {{ $id }}
<p>Wir schauen uns den Vorgang dann gerne im Detail an.</p>
<p>Bitte geben SIe die Buchstaben aus dem Bild in die Eingabebox ein und bestätigen Sie mit OK um zur Ergebnisseite zu gelangen.</p>
<form method="post" action="{{ route('verification', ['id' => $id]) }}">
<input type="hidden" name="url" value="{!! $url !!}">
<input type="hidden" name="id" value="{{ $id }}">
......@@ -16,7 +17,7 @@
@if(isset($errorMessage))
<p><font color="red">{{$errorMessage}}</font></p>
@endif
<p><input type="text" name="captcha"></p>
<p><button type="submit" name="check">OK</button></p>
<p><input type="text" class="form-control" name="captcha" placeholder="Captcha eingeben" autofocus></p>
<p><button type="submit" class="btn btn-success" name="check">OK</button></p>
</form>
@endsection
resources/views/humanverification/whitelistVerification.blade.php 0 → 100644
View file @ d39efe60
@extends('layouts.subPages')
@section('title', $title )
@section('content')
<h1 class="page-title">Einen kurzen Augenblick bitte</h1>
<div class="card-heavy">
<p>Sie befinden sich im selben Netzwerk, aus dem wir sehr viele automatisierte Anfragen erhalten. Das bedeutet nicht, dass die Anfragen von Ihrem PC kommen. Wir müssen nun aber verifizieren, dass es sich bei Ihnen um einen realen Nutzer handelt.</p>
<p>Der erste Schritt ist diese Vorschaltseite. Sie brauchen nichts weiter tun, als unten auf den Knopf "Weiter zur Ergebnisseite" zu klicken.</p>
<p>Zukünftig sollten Sie diese Seite nicht mehr sehen.</p>
<form id="goOn" method="{{ $method }}">
@foreach(Request::all() as $key => $value)
<input type="hidden" name="{{ $key }}" value="{{ $value }}" />
@endforeach
<input type="hidden" name="uid" value="{{ $uid }}" />
<p><button type="submit" class="btn btn-success">Weiter zur Ergebnisseite</button></p>
</form>
</div>
<script>
$(document).ready(function() {
$(".mg-panel").css("display", "none");
$("#goOn").submit();
});
</script>
@endsection
resources/views/layouts/resultPage.blade.php
View file @ d39efe60
......@@ -9,8 +9,8 @@
<meta name="p" content="{{ getmypid() }}" />
<meta name="q" content="{{ $eingabe }}" />
<meta name="l" content="{{ LaravelLocalization::getCurrentLocale() }}" />
<meta name="mm" content="{{ Request::input('verification_id') }}" />
<meta name="mn" content="{{ Request::input('verification_count') }}" />
<meta name="mm" content="{{ $metager->getVerificationId() }}" />
<meta name="mn" content="{{ $metager->getVerificationCount() }}" />
<link rel="search" type="application/opensearchdescription+xml" title="{!! trans('resultPage.opensearch') !!}" href="{{ LaravelLocalization::getLocalizedURL(LaravelLocalization::getCurrentLocale(), action('StartpageController@loadPlugin', ['params' => base64_encode(serialize(Request::all()))])) }}">
<link type="text/css" rel="stylesheet" href="{{ mix('css/themes/default.css') }}" />
<link type="text/css" rel="stylesheet" href="/font-awesome/css/font-awesome.min.css" />
......
routes/web.php
View file @ d39efe60
......@@ -164,6 +164,7 @@ Route::group(
Route::match(['get', 'post'], 'meta/meta.ger3', 'MetaGerSearch@search')->middleware('humanverification');
Route::post('img/cat.jpg', 'HumanVerification@remove');
Route::get('r/metager/{mm}/{pw}/{url}', ['as' => 'humanverification', 'uses' => 'HumanVerification@removeGet']);
Route::post('img/dog.jpg', 'HumanVerification@whitelist');
Route::get('meta/picture', 'Pictureproxy@get');
Route::get('clickstats', 'LogController@clicklog');
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment