From addc5a14a93547f630f23e5b6a79cffa2e37d71a Mon Sep 17 00:00:00 2001 From: lolcat Date: Sat, 17 Feb 2024 23:22:19 -0500 Subject: boobs --- lib/bot_protection.php | 281 +++++++++++++++++++++++++++++++++++++++++ lib/captcha_gen.php | 336 ------------------------------------------------- lib/classic.png | Bin 358 -> 0 bytes lib/frontend.php | 13 +- lib/fuckhtml.php | 25 ++-- 5 files changed, 308 insertions(+), 347 deletions(-) create mode 100644 lib/bot_protection.php delete mode 100644 lib/captcha_gen.php delete mode 100644 lib/classic.png (limited to 'lib') diff --git a/lib/bot_protection.php b/lib/bot_protection.php new file mode 100644 index 0000000..82de54c --- /dev/null +++ b/lib/bot_protection.php @@ -0,0 +1,281 @@ +loadheader( + $get, + $filters, + $page + ); + } + return; + } + + /* + Validate cookie, if it exists + */ + if(isset($_COOKIE["pass"])){ + + if( + // check if key is not malformed + preg_match( + '/^k[0-9]+\.[A-Za-z0-9_]{20}$/', + $_COOKIE["pass"] + ) && + // does key exist + apcu_exists($_COOKIE["pass"]) + ){ + + // exists, increment counter + $inc = apcu_inc($_COOKIE["pass"]); + + // we start counting from 1 + // when it has been incremented to 102, it has reached + // 100 reqs + if($inc >= config::MAX_SEARCHES + 2){ + + // reached limit, delete and give captcha + apcu_delete($_COOKIE["pass"]); + }else{ + + // the cookie is OK! dont die() and give results + apcu_inc("real_requests"); + + if($output === true){ + $frontend->loadheader( + $get, + $filters, + $page + ); + } + return; + } + } + } + + if($output === false){ + + http_response_code(401); // forbidden + echo json_encode([ + "status" => "The \"pass\" token in your cookies is missing or has expired!!" + ]); + die(); + } + + /* + Validate form data + */ + $lines = + explode( + "\r\n", + file_get_contents("php://input") + ); + + $invalid = false; + $answers = []; + $key = false; + $error = ""; + + foreach($lines as $line){ + + $line = explode("=", $line, 2); + + if(count($line) !== 2){ + + $invalid = true; + break; + } + + preg_match( + '/^c\[([0-9]+)\]$/', + $line[0], + $regex + ); + + if( + $line[1] != "on" || + !isset($regex[0][1]) + ){ + + // check if its the v key + if( + $line[0] == "v" && + preg_match( + '/^c[0-9]+\.[A-Za-z0-9_]{20}$/', + $line[1] + ) + ){ + + $key = apcu_fetch($line[1]); + apcu_delete($line[1]); + } + break; + } + + $regex = (int)$regex[1]; + + if( + $regex >= 16 || + $regex <= -1 + ){ + + $invalid = true; + break; + } + + $answers[] = $regex; + } + + if( + !$invalid && + $key !== false // has captcha been gen'd? + ){ + $check = count($key); + + // validate answer + for($i=0; $irandomchars(); + + apcu_inc($key, 1, $stupid, 86400); + + apcu_inc("real_requests"); + + setcookie( + "pass", + $key, + [ + "expires" => time() + 86400, // expires in 24 hours + "samesite" => "Lax", + "path" => "/" + ] + ); + + $frontend->loadheader( + $get, + $filters, + $page + ); + return; + + }else{ + + $error = "
You were kicked out of Mensa. Please try again.
"; + } + } + + $key = "c" . apcu_inc("captcha_gen", 1) . "." . $this->randomchars(); + + $payload = [ + "timetaken" => microtime(true), + "class" => "", + "right-left" => "", + "right-right" => "", + "left" => + '
' . + '

IQ test

' . + 'IQ test has been enabled due to bot abuse on the network.
' . + 'Solving this IQ test will let you make 100 searches today. I will add an invite system to bypass this soon...' . + $error . + '
' . + '
' . + '
' . + 'Captcha image' . + '
' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '' . + '
' . + '
' . + '
' . + '' . + '' . + '
' . + '
' + ]; + + $frontend->loadheader( + $get, + $filters, + $page + ); + + echo $frontend->load("search.html", $payload); + die(); + } + + private function randomchars(){ + + $chars = + array_merge( + range("A", "Z"), + range("a", "z"), + range(0, 9) + ); + + $chars[] = "_"; + + $c = count($chars) - 1; + + $key = ""; + + for($i=0; $i<20; $i++){ + + $key .= $chars[random_int(0, $c)]; + } + + return $key; + } +} diff --git a/lib/captcha_gen.php b/lib/captcha_gen.php deleted file mode 100644 index abcab7a..0000000 --- a/lib/captcha_gen.php +++ /dev/null @@ -1,336 +0,0 @@ -loadheader( - $get, - $filters, - $page - ); - } - return; - } - - /* - Validate cookie, if it exists - */ - if(isset($_COOKIE["pass"])){ - - if( - // check if key is not malformed - preg_match( - '/^c[0-9]+\.[A-Za-z0-9]{20}$/', - $_COOKIE["pass"] - ) && - // does key exist - apcu_exists($_COOKIE["pass"]) - ){ - - // exists, increment counter - $inc = apcu_inc($_COOKIE["pass"]); - - // we start counting from 1 - // when it has been incremented to 102, it has reached - // 100 reqs - if($inc >= 102){ - - // reached limit, delete and give captcha - apcu_delete($_COOKIE["pass"]); - }else{ - - // the cookie is OK! dont die() and give results - apcu_inc("real_requests"); - - if($output === true){ - $frontend->loadheader( - $get, - $filters, - $page - ); - } - return; - } - } - } - - if($output === false){ - - http_response_code(429); // too many reqs - echo json_encode([ - "status" => "The \"pass\" token in your cookies is missing or has expired!!" - ]); - die(); - } - - /* - Validate form data - */ - $lines = - explode( - "\r\n", - file_get_contents("php://input") - ); - - $invalid = false; - $answers = []; - $key = false; - $error = ""; - - foreach($lines as $line){ - - $line = explode("=", $line, 2); - - if(count($line) !== 2){ - - $invalid = true; - break; - } - - preg_match( - '/^c\[([0-9]+)\]$/', - $line[0], - $regex - ); - - if( - $line[1] != "on" || - !isset($regex[0][1]) - ){ - - // check if its k - if( - $line[0] == "k" && - strpos($line[1], "c.") === 0 - ){ - - $key = apcu_fetch($line[1]); - apcu_delete($line[1]); - } - break; - } - - $regex = (int)$regex[1]; - - if( - $regex >= 16 || - $regex <= -1 - ){ - - $invalid = true; - break; - } - - $answers[] = $regex; - } - - if( - !$invalid && - $key !== false - ){ - $check = $key[1]; - - // validate answer - for($i=0; $i time() + 86400, // expires in 24 hours - "samesite" => "Lax", - "path" => "/" - ] - ); - - $frontend->loadheader( - $get, - $filters, - $page - ); - return; - - }else{ - - $error = "
You were kicked out of Mensa. Please try again.
"; - } - } - - // get the positions for the answers - // will return between 3 and 6 answer positions - $range = range(0, 15); - $answer_pos = []; - - array_splice($range, 0, 1); - - for($i=0; $i "", - "right-left" => "", - "right-right" => "", - "left" => - '
' . - '

IQ test

' . - 'Due to getting hit with 20,000 bot requests per day, I had to put this up. Sorry.

' . - 'Solving this captcha will allow you to make 100 searches today. I will add a way for legit users to bypass the captcha later. Sorry /g/tards!!' . - $error . - '
' . - '
' . - '
' . - 'Captcha image' . - '
' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '' . - '
' . - '
' . - '
' . - '' . - '' . - '
' . - '
' - ]; - - http_response_code(429); // too many reqs - $frontend->loadheader( - $get, - $filters, - $page - ); - - echo $frontend->load("search.html", $payload); - die(); - } -} diff --git a/lib/classic.png b/lib/classic.png deleted file mode 100644 index d2c9609..0000000 Binary files a/lib/classic.png and /dev/null differ diff --git a/lib/frontend.php b/lib/frontend.php index b002ee9..738ad83 100644 --- a/lib/frontend.php +++ b/lib/frontend.php @@ -39,6 +39,14 @@ class frontend{ $replacements["ac"] = ''; } + if( + isset($replacements["timetaken"]) && + $replacements["timetaken"] !== null + ){ + + $replacements["timetaken"] = '
Took ' . substr(microtime(true) - $replacements["timetaken"], 0, 4) . 's
'; + } + $handle = fopen("template/{$template}", "r"); $data = fread($handle, filesize("template/{$template}")); fclose($handle); @@ -68,7 +76,7 @@ class frontend{ echo $this->load("header.html", [ - "title" => trim($get["s"] . " ({$page})"), + "title" => trim(htmlspecialchars($get["s"]) . " ({$page})"), "description" => ucfirst($page) . ' search results for "' . htmlspecialchars($get["s"]) . '"', "index" => "no", "search" => htmlspecialchars($get["s"]), @@ -88,7 +96,7 @@ class frontend{ $this->drawerror( "Tshh, blocked!", - 'You were blocked from viewing this page. If you wish to scrape data from 4get, please consider running your own 4get instance or using the API.', + 'You were blocked from viewing this page. If you wish to scrape data from 4get, please consider running your own 4get instance.', ); die(); } @@ -98,6 +106,7 @@ class frontend{ echo $this->load("search.html", [ + "timetaken" => null, "class" => "", "right-left" => "", "right-right" => "", diff --git a/lib/fuckhtml.php b/lib/fuckhtml.php index 2f9d3aa..ed1252c 100644 --- a/lib/fuckhtml.php +++ b/lib/fuckhtml.php @@ -466,19 +466,26 @@ class fuckhtml{ return preg_replace_callback( - '/\\\u[A-Fa-f0-9]{4}|\\\x[A-Fa-f0-9]{2}/', + '/\\\u[A-Fa-f0-9]{4}|\\\x[A-Fa-f0-9]{2}|\\\n|\\\r/', function($match){ - if($match[0][1] == "u"){ + switch($match[0][1]){ - return json_decode('"' . $match[0] . '"'); - }else{ + case "u": + return json_decode('"' . $match[0] . '"'); + break; - return mb_convert_encoding( - stripcslashes($match[0]), - "utf-8", - "windows-1252" - ); + case "x": + return mb_convert_encoding( + stripcslashes($match[0]), + "utf-8", + "windows-1252" + ); + break; + + default: + return " "; + break; } }, $string -- cgit v1.2.3