2023-10-16 08:30:43 +02:00
< ? php
2024-02-18 05:22:19 +01:00
class bot_protection {
2023-10-16 08:30:43 +02:00
public function __construct ( $frontend , $get , $filters , $page , $output ){
2023-11-07 14:04:56 +01:00
// check if we want captcha
if ( config :: BOT_PROTECTION !== 1 ){
2023-11-27 07:01:56 +01:00
apcu_inc ( " real_requests " );
2023-11-07 14:04:56 +01:00
if ( $output === true ){
$frontend -> loadheader (
$get ,
$filters ,
$page
);
}
return ;
}
2023-10-16 08:30:43 +02:00
/*
Validate cookie , if it exists
*/
if ( isset ( $_COOKIE [ " pass " ])){
if (
// check if key is not malformed
preg_match (
2024-02-18 05:22:19 +01:00
'/^k[0-9]+\.[A-Za-z0-9_]{20}$/' ,
2023-10-16 08:30:43 +02:00
$_COOKIE [ " pass " ]
) &&
// does key exist
apcu_exists ( $_COOKIE [ " pass " ])
){
// exists, increment counter
$inc = apcu_inc ( $_COOKIE [ " pass " ]);
// we start counting from 1
// when it has been incremented to 102, it has reached
// 100 reqs
2024-02-18 05:22:19 +01:00
if ( $inc >= config :: MAX_SEARCHES + 2 ){
2023-10-16 08:30:43 +02:00
// reached limit, delete and give captcha
apcu_delete ( $_COOKIE [ " pass " ]);
} else {
// the cookie is OK! dont die() and give results
2023-11-27 07:01:56 +01:00
apcu_inc ( " real_requests " );
2023-10-16 08:30:43 +02:00
if ( $output === true ){
$frontend -> loadheader (
$get ,
$filters ,
$page
);
}
return ;
}
}
}
if ( $output === false ){
2024-02-18 05:22:19 +01:00
http_response_code ( 401 ); // forbidden
2023-10-16 08:30:43 +02:00
echo json_encode ([
" status " => " The \" pass \" token in your cookies is missing or has expired!! "
]);
die ();
}
/*
Validate form data
*/
$lines =
explode (
" \r \n " ,
file_get_contents ( " php://input " )
);
$invalid = false ;
$answers = [];
$key = false ;
$error = " " ;
foreach ( $lines as $line ){
$line = explode ( " = " , $line , 2 );
if ( count ( $line ) !== 2 ){
$invalid = true ;
break ;
}
preg_match (
'/^c\[([0-9]+)\]$/' ,
$line [ 0 ],
$regex
);
if (
$line [ 1 ] != " on " ||
! isset ( $regex [ 0 ][ 1 ])
){
2024-02-18 05:22:19 +01:00
// check if its the v key
2023-10-16 08:30:43 +02:00
if (
2024-02-18 05:22:19 +01:00
$line [ 0 ] == " v " &&
preg_match (
'/^c[0-9]+\.[A-Za-z0-9_]{20}$/' ,
$line [ 1 ]
)
2023-10-16 08:30:43 +02:00
){
$key = apcu_fetch ( $line [ 1 ]);
apcu_delete ( $line [ 1 ]);
}
break ;
}
$regex = ( int ) $regex [ 1 ];
if (
$regex >= 16 ||
$regex <= - 1
){
$invalid = true ;
break ;
}
$answers [] = $regex ;
}
2024-02-18 05:22:19 +01:00
2023-10-16 08:30:43 +02:00
if (
! $invalid &&
2024-02-18 05:22:19 +01:00
$key !== false // has captcha been gen'd?
2023-10-16 08:30:43 +02:00
){
2024-02-18 05:22:19 +01:00
$check = count ( $key );
2023-10-16 08:30:43 +02:00
// validate answer
2024-02-18 05:22:19 +01:00
for ( $i = 0 ; $i < count ( $answers ); $i ++ ){
2023-10-16 08:30:43 +02:00
2024-02-18 05:22:19 +01:00
if ( in_array ( $answers [ $i ], $key )){
2023-10-16 08:30:43 +02:00
$check -- ;
} else {
$check = - 1 ;
break ;
}
}
if ( $check === 0 ){
// we passed the captcha
// set cookie
$inc = apcu_inc ( " cookie " );
2024-02-18 05:22:19 +01:00
$key = " k " . $inc . " . " . $this -> randomchars ();
2023-10-16 08:30:43 +02:00
apcu_inc ( $key , 1 , $stupid , 86400 );
2023-11-27 07:01:56 +01:00
apcu_inc ( " real_requests " );
2023-10-16 08:30:43 +02:00
setcookie (
" pass " ,
$key ,
[
" expires " => time () + 86400 , // expires in 24 hours
2023-10-17 23:58:08 +02:00
" samesite " => " Lax " ,
2023-10-16 08:30:43 +02:00
" path " => " / "
]
);
$frontend -> loadheader (
$get ,
$filters ,
$page
);
return ;
} else {
$error = " <div class= \" quote \" >You were <a href= \" https://www.youtube.com/watch?v=e1d7fkQx2rk \" target= \" _BLANK \" rel= \" noreferrer nofollow \" >kicked out of Mensa.</a> Please try again.</div> " ;
}
}
2023-11-27 07:01:56 +01:00
2024-02-18 05:22:19 +01:00
$key = " c " . apcu_inc ( " captcha_gen " , 1 ) . " . " . $this -> randomchars ();
2023-10-16 08:30:43 +02:00
$payload = [
2024-02-18 05:22:19 +01:00
" timetaken " => microtime ( true ),
2023-10-16 08:30:43 +02:00
" class " => " " ,
" right-left " => " " ,
" right-right " => " " ,
" left " =>
'<div class="infobox">' .
'<h1>IQ test</h1>' .
2024-02-18 05:22:19 +01:00
'IQ test has been enabled due to bot abuse on the network.<br>' .
'Solving this IQ test will let you make 100 searches today. I will add an invite system to bypass this soon...' .
2023-10-16 08:30:43 +02:00
$error .
'<form method="POST" enctype="text/plain" autocomplete="off">' .
'<div class="captcha-wrapper">' .
'<div class="captcha">' .
2024-02-18 05:22:19 +01:00
'<img src="captcha.php?v=' . $key . '" alt="Captcha image">' .
2023-10-16 08:30:43 +02:00
'<div class="captcha-controls">' .
'<input type="checkbox" name="c[0]" id="c0">' .
'<label for="c0"></label>' .
'<input type="checkbox" name="c[1]" id="c1">' .
'<label for="c1"></label>' .
'<input type="checkbox" name="c[2]" id="c2">' .
'<label for="c2"></label>' .
'<input type="checkbox" name="c[3]" id="c3">' .
'<label for="c3"></label>' .
'<input type="checkbox" name="c[4]" id="c4">' .
'<label for="c4"></label>' .
'<input type="checkbox" name="c[5]" id="c5">' .
'<label for="c5"></label>' .
'<input type="checkbox" name="c[6]" id="c6">' .
'<label for="c6"></label>' .
'<input type="checkbox" name="c[7]" id="c7">' .
'<label for="c7"></label>' .
'<input type="checkbox" name="c[8]" id="c8">' .
'<label for="c8"></label>' .
'<input type="checkbox" name="c[9]" id="c9">' .
'<label for="c9"></label>' .
'<input type="checkbox" name="c[10]" id="c10">' .
'<label for="c10"></label>' .
'<input type="checkbox" name="c[11]" id="c11">' .
'<label for="c11"></label>' .
'<input type="checkbox" name="c[12]" id="c12">' .
'<label for="c12"></label>' .
'<input type="checkbox" name="c[13]" id="c13">' .
'<label for="c13"></label>' .
'<input type="checkbox" name="c[14]" id="c14">' .
'<label for="c14"></label>' .
'<input type="checkbox" name="c[15]" id="c15">' .
'<label for="c15"></label>' .
'</div>' .
'</div>' .
'</div>' .
2024-02-18 05:22:19 +01:00
'<input type="hidden" name="v" value="' . $key . '">' .
2023-10-16 08:30:43 +02:00
'<input type="submit" value="Check IQ" class="captcha-submit">' .
'</form>' .
'</div>'
];
$frontend -> loadheader (
$get ,
$filters ,
2023-10-16 17:14:39 +02:00
$page
2023-10-16 08:30:43 +02:00
);
echo $frontend -> load ( " search.html " , $payload );
die ();
}
2024-02-18 05:22:19 +01:00
private function randomchars (){
$chars =
array_merge (
range ( " A " , " Z " ),
range ( " a " , " z " ),
range ( 0 , 9 )
);
$chars [] = " _ " ;
$c = count ( $chars ) - 1 ;
$key = " " ;
for ( $i = 0 ; $i < 20 ; $i ++ ){
$key .= $chars [ random_int ( 0 , $c )];
}
return $key ;
}
2023-10-16 08:30:43 +02:00
}