feat: Switched time based bot protection from JS to PHP sessions.

This commit is contained in:
muli 2022-08-03 18:04:03 +02:00
parent 487f2268b6
commit 88276c2e2e
2 changed files with 41 additions and 10 deletions

View File

@ -8,13 +8,27 @@ const captcha = document.getElementsByClassName('contact_form__captcha')[0];
const now = (new Date().getTime()/1000).toFixed(); const now = (new Date().getTime()/1000).toFixed();
const feedback = document.getElementsByClassName('contact_form__feedback')[0]; const feedback = document.getElementsByClassName('contact_form__feedback')[0];
window.addEventListener('DOMContentLoaded', function(event) {
let formData = new FormData();
formData.append('action', 'start_session');
fetch(ajaxUrl, {
method: 'POST',
mode: 'same-origin',
body: formData,
})
.then(response => response.json())
.then(json => {
console.log(json);
})
});
contact_form.addEventListener('submit', function(event) { contact_form.addEventListener('submit', function(event) {
event.preventDefault(); event.preventDefault();
let formData = new FormData(); let formData = new FormData();
formData.append('action', 'handle_form');
formData.append('message', message.value); formData.append('message', message.value);
formData.append('name', name.value); formData.append('name', name.value);
formData.append('email', email.value); formData.append('email', email.value);
formData.append('time_sent', now);
// If some bot entered some value, return. // If some bot entered some value, return.
if (typeof captcha.value == 'undefined') { if (typeof captcha.value == 'undefined') {
@ -26,12 +40,12 @@ contact_form.addEventListener('submit', function(event) {
fetch(ajaxUrl, { fetch(ajaxUrl, {
method: 'POST', method: 'POST',
mode:'same-origin', mode: 'same-origin',
body: formData, body: formData,
}) })
.then(response => response.json()) .then(response => response.json())
.then(json => { .then(json => {
console.log(json) console.log(json);
if (json.errors) { if (json.errors) {
feedback.classList.add('--error'); feedback.classList.add('--error');
// Über errors iterieren und diese ausgeben (evtl. nur ersten Fehler ausgeben?) // Über errors iterieren und diese ausgeben (evtl. nur ersten Fehler ausgeben?)

View File

@ -1,7 +1,5 @@
<?php <?php
$message = ''; session_start();
$name = '';
$email = '';
function sanitize_text(string $name) { function sanitize_text(string $name) {
$text = filter_var($_POST[$name], FILTER_SANITIZE_FULL_SPECIAL_CHARS); $text = filter_var($_POST[$name], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
@ -39,7 +37,7 @@ function send_response($response_data) {
echo $json; echo $json;
} }
if ($_SERVER["REQUEST_METHOD"] == "POST") { function prepare_response() {
$response = array(); $response = array();
if (empty($_POST['message'])) { if (empty($_POST['message'])) {
@ -59,9 +57,8 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
*/ */
if ( if (
$_POST['captcha'] != 'Nudelsuppe' or $_POST['captcha'] != 'Nudelsuppe' or
preg_match('/\d{10}/', $_POST['time_sent']) != 1 or time() - $_SESSION['start_time'] < 5 or
time() - intval($_POST['time_sent']) < 5 or time() - $_SESSION['start_time'] > 3600
time() - intval($_POST['time_sent']) > 3600
) { ) {
$response['errors'][] = 'Wir glauben du bist ein Bot.'; $response['errors'][] = 'Wir glauben du bist ein Bot.';
} }
@ -76,6 +73,26 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
$response['status'] = 'ok'; $response['status'] = 'ok';
} }
} }
return $response;
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$response = array();
if (empty($_POST['action'])){
$response['errors'][] = 'Kann eigentlich nicht passieren :/';
} else {
if ($_POST['action'] == 'start_session') {
$_SESSION['start_time'] = time();
// $response['session_start_time'] = $_SESSION['start_time'];
// $response['session_id_before'] = session_id();
} elseif ($_POST['action'] == 'handle_form') {
$response = prepare_response();
session_destroy();
} else {
$response['errors'][] = 'Kann eigentlich auch nicht passieren :/';
}
}
send_response($response); send_response($response);
} else { } else {
http_response_code(404); http_response_code(404);