feat: Switched time based bot protection from JS to PHP sessions.

This commit is contained in:
muli 2022-08-03 18:04:03 +02:00
parent a3fd3f8ac4
commit b92e4c28c6
2 changed files with 41 additions and 10 deletions

View File

@ -8,13 +8,27 @@ const captcha = document.getElementsByClassName('contact_form__captcha')[0];
const now = (new Date().getTime()/1000).toFixed();
const feedback = document.getElementsByClassName('contact_form__feedback')[0];
window.addEventListener('DOMContentLoaded', function(event) {
let formData = new FormData();
formData.append('action', 'start_session');
fetch(ajaxUrl, {
method: 'POST',
mode: 'same-origin',
body: formData,
})
.then(response => response.json())
.then(json => {
console.log(json);
})
});
contact_form.addEventListener('submit', function(event) {
event.preventDefault();
let formData = new FormData();
formData.append('action', 'handle_form');
formData.append('message', message.value);
formData.append('name', name.value);
formData.append('email', email.value);
formData.append('time_sent', now);
// If some bot entered some value, return.
if (typeof captcha.value == 'undefined') {
@ -26,12 +40,12 @@ contact_form.addEventListener('submit', function(event) {
fetch(ajaxUrl, {
method: 'POST',
mode:'same-origin',
mode: 'same-origin',
body: formData,
})
.then(response => response.json())
.then(json => {
console.log(json)
console.log(json);
if (json.errors) {
feedback.classList.add('--error');
// Über errors iterieren und diese ausgeben (evtl. nur ersten Fehler ausgeben?)

View File

@ -1,7 +1,5 @@
<?php
$message = '';
$name = '';
$email = '';
session_start();
function sanitize_text(string $name) {
$text = filter_var($_POST[$name], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
@ -39,7 +37,7 @@ function send_response($response_data) {
echo $json;
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
function prepare_response() {
$response = array();
if (empty($_POST['message'])) {
@ -59,9 +57,8 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
*/
if (
$_POST['captcha'] != 'Nudelsuppe' or
preg_match('/\d{10}/', $_POST['time_sent']) != 1 or
time() - intval($_POST['time_sent']) < 5 or
time() - intval($_POST['time_sent']) > 3600
time() - $_SESSION['start_time'] < 5 or
time() - $_SESSION['start_time'] > 3600
) {
$response['errors'][] = 'Wir glauben du bist ein Bot.';
}
@ -76,6 +73,26 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
$response['status'] = 'ok';
}
}
return $response;
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$response = array();
if (empty($_POST['action'])){
$response['errors'][] = 'Kann eigentlich nicht passieren :/';
} else {
if ($_POST['action'] == 'start_session') {
$_SESSION['start_time'] = time();
// $response['session_start_time'] = $_SESSION['start_time'];
// $response['session_id_before'] = session_id();
} elseif ($_POST['action'] == 'handle_form') {
$response = prepare_response();
session_destroy();
} else {
$response['errors'][] = 'Kann eigentlich auch nicht passieren :/';
}
}
send_response($response);
} else {
http_response_code(404);