forked from lolcat/4get
1
0
Fork 0
4get/lib/bot_protection.php

298 lines
6.4 KiB
PHP
Raw Normal View History

<?php
2024-10-11 21:09:21 +00:00
include "lib/asn.php";
2024-02-18 04:22:19 +00:00
class bot_protection{
public function __construct($frontend, $get, $filters, $page, $output){
2024-10-11 21:09:21 +00:00
// check if we're operating on an ASN whitelist
if (config::ASN_WHITELIST == 1){
$response = check_asn($_SERVER["REMOTE_ADDR"], config::ASN_WHITELIST_LIST, config::WHOIS_SERVER, config::WHOIS_PORT);
if (!$response){
http_response_code(401);
echo json_encode([
"status" => "the ASN whitelist is enabled, and you ain't on it."
]);
die();
}
else{
apcu_inc("real_requests");
if($output === true){
$frontend->loadheader(
$get,
$filters,
$page
);
}
}
return;
}
2023-11-07 13:04:56 +00:00
// check if we want captcha
if(config::BOT_PROTECTION !== 1){
2024-10-11 21:09:21 +00:00
2023-11-07 13:04:56 +00:00
return;
}
/*
Validate cookie, if it exists
*/
if(isset($_COOKIE["pass"])){
if(
// check if key is not malformed
preg_match(
2024-02-18 04:22:19 +00:00
'/^k[0-9]+\.[A-Za-z0-9_]{20}$/',
$_COOKIE["pass"]
) &&
// does key exist
apcu_exists($_COOKIE["pass"])
){
// exists, increment counter
$inc = apcu_inc($_COOKIE["pass"]);
// we start counting from 1
// when it has been incremented to 102, it has reached
// 100 reqs
2024-02-18 04:22:19 +00:00
if($inc >= config::MAX_SEARCHES + 2){
// reached limit, delete and give captcha
apcu_delete($_COOKIE["pass"]);
}else{
// the cookie is OK! dont die() and give results
apcu_inc("real_requests");
if($output === true){
$frontend->loadheader(
$get,
$filters,
$page
);
}
return;
}
}
}
if($output === false){
2024-02-18 04:22:19 +00:00
http_response_code(401); // forbidden
echo json_encode([
"status" => "The \"pass\" token in your cookies is missing or has expired!!"
]);
die();
}
/*
Validate form data
*/
$lines =
explode(
"\r\n",
file_get_contents("php://input")
);
$invalid = false;
$answers = [];
$key = false;
$error = "";
foreach($lines as $line){
$line = explode("=", $line, 2);
if(count($line) !== 2){
$invalid = true;
break;
}
preg_match(
'/^c\[([0-9]+)\]$/',
$line[0],
$regex
);
if(
$line[1] != "on" ||
!isset($regex[0][1])
){
2024-02-18 04:22:19 +00:00
// check if its the v key
if(
2024-02-18 04:22:19 +00:00
$line[0] == "v" &&
preg_match(
'/^c[0-9]+\.[A-Za-z0-9_]{20}$/',
$line[1]
)
){
$key = apcu_fetch($line[1]);
apcu_delete($line[1]);
}
break;
}
$regex = (int)$regex[1];
if(
$regex >= 16 ||
$regex <= -1
){
$invalid = true;
break;
}
$answers[] = $regex;
}
2024-02-18 04:22:19 +00:00
if(
!$invalid &&
2024-02-18 04:22:19 +00:00
$key !== false // has captcha been gen'd?
){
2024-02-18 04:22:19 +00:00
$check = count($key);
// validate answer
2024-02-18 04:22:19 +00:00
for($i=0; $i<count($answers); $i++){
2024-02-18 04:22:19 +00:00
if(in_array($answers[$i], $key)){
$check--;
}else{
$check = -1;
break;
}
}
if($check === 0){
// we passed the captcha
// set cookie
$inc = apcu_inc("cookie");
2024-02-18 04:22:19 +00:00
$key = "k" . $inc . "." . $this->randomchars();
apcu_inc($key, 1, $stupid, 86400);
apcu_inc("real_requests");
setcookie(
"pass",
$key,
[
"expires" => time() + 86400, // expires in 24 hours
2023-10-17 21:58:08 +00:00
"samesite" => "Lax",
"path" => "/"
]
);
$frontend->loadheader(
$get,
$filters,
$page
);
return;
}else{
$error = "<div class=\"quote\">You were <a href=\"https://www.youtube.com/watch?v=e1d7fkQx2rk\" target=\"_BLANK\" rel=\"noreferrer nofollow\">kicked out of Mensa.</a> Please try again.</div>";
}
}
2024-02-18 04:22:19 +00:00
$key = "c" . apcu_inc("captcha_gen", 1) . "." . $this->randomchars();
$payload = [
2024-02-18 04:22:19 +00:00
"timetaken" => microtime(true),
"class" => "",
"right-left" => "",
"right-right" => "",
"left" =>
'<div class="infobox">' .
'<h1>IQ test</h1>' .
2024-02-18 04:22:19 +00:00
'IQ test has been enabled due to bot abuse on the network.<br>' .
'Solving this IQ test will let you make 100 searches today. I will add an invite system to bypass this soon...' .
$error .
'<form method="POST" enctype="text/plain" autocomplete="off">' .
'<div class="captcha-wrapper">' .
'<div class="captcha">' .
2024-02-19 00:08:22 +00:00
'<img src="captcha?v=' . $key . '" alt="Captcha image">' .
'<div class="captcha-controls">' .
'<input type="checkbox" name="c[0]" id="c0">' .
'<label for="c0"></label>' .
'<input type="checkbox" name="c[1]" id="c1">' .
'<label for="c1"></label>' .
'<input type="checkbox" name="c[2]" id="c2">' .
'<label for="c2"></label>' .
'<input type="checkbox" name="c[3]" id="c3">' .
'<label for="c3"></label>' .
'<input type="checkbox" name="c[4]" id="c4">' .
'<label for="c4"></label>' .
'<input type="checkbox" name="c[5]" id="c5">' .
'<label for="c5"></label>' .
'<input type="checkbox" name="c[6]" id="c6">' .
'<label for="c6"></label>' .
'<input type="checkbox" name="c[7]" id="c7">' .
'<label for="c7"></label>' .
'<input type="checkbox" name="c[8]" id="c8">' .
'<label for="c8"></label>' .
'<input type="checkbox" name="c[9]" id="c9">' .
'<label for="c9"></label>' .
'<input type="checkbox" name="c[10]" id="c10">' .
'<label for="c10"></label>' .
'<input type="checkbox" name="c[11]" id="c11">' .
'<label for="c11"></label>' .
'<input type="checkbox" name="c[12]" id="c12">' .
'<label for="c12"></label>' .
'<input type="checkbox" name="c[13]" id="c13">' .
'<label for="c13"></label>' .
'<input type="checkbox" name="c[14]" id="c14">' .
'<label for="c14"></label>' .
'<input type="checkbox" name="c[15]" id="c15">' .
'<label for="c15"></label>' .
'</div>' .
'</div>' .
'</div>' .
2024-02-18 04:22:19 +00:00
'<input type="hidden" name="v" value="' . $key . '">' .
'<input type="submit" value="Check IQ" class="captcha-submit">' .
'</form>' .
'</div>'
];
$frontend->loadheader(
$get,
$filters,
2023-10-16 15:14:39 +00:00
$page
);
echo $frontend->load("search.html", $payload);
die();
}
2024-02-18 04:22:19 +00:00
private function randomchars(){
$chars =
array_merge(
range("A", "Z"),
range("a", "z"),
range(0, 9)
);
$chars[] = "_";
$c = count($chars) - 1;
$key = "";
for($i=0; $i<20; $i++){
$key .= $chars[random_int(0, $c)];
}
return $key;
}
}