anti spam measures

swiftyspiffy · Jun 4, 2018 · d3a8cac · d3a8cac
1 parent 81ce098
commit d3a8cac
Show file tree

Hide file tree

Showing 4 changed files with 185 additions and 11 deletions.
diff --git a/img/kappa.gif b/img/kappa.gif
diff --git a/index.php b/index.php
@@ -5,18 +5,30 @@
 $dao = new dao();
 
 $access_token = "";
+$id = "";
+$username = "";
 if(isset($_GET['code'])) {
 	$twitchtv = new TwitchTV;
 	$data = $twitchtv->get_access_token($_GET['code']);
 	$access_token = $data['access'];
 	$refresh_token = $data['refresh'];
+	$username = $dao->getUsername($access_token);
+	if($username == null)
+	    $username = "[Not set]";
 	if(isset($_GET['scope']))
-		$dao->logUsage($_SERVER['REMOTE_ADDR'], $_GET['scope'], $dao->getCountry($_SERVER['REMOTE_ADDR']), $dao->getUsername($access_token));
+		$dao->logUsage($_SERVER['REMOTE_ADDR'], $_GET['scope'], $dao->getCountry($_SERVER['REMOTE_ADDR']), $username, $_SERVER['HTTP_USER_AGENT']);
 	else
-		$dao->logUsage($_SERVER['REMOTE_ADDR'], "", $dao->getCountry($_SERVER['REMOTE_ADDR']), $dao->getUsername($access_token));
+		$dao->logUsage($_SERVER['REMOTE_ADDR'], "", $dao->getCountry($_SERVER['REMOTE_ADDR']), $username, $_SERVER['HTTP_USER_AGENT']);
 	if(isset($_GET['state'])) {
 		exit(header("Location: https://twitchtokengenerator.com/request/".$_GET['state']."/".$access_token."/".$refresh_token));
 	}
+	if($username != "[Not set]") {
+		$id = generateRandomString();
+		$dao->insertRecaptchaListing($id, $access_token, $refresh_token, $username);
+		$access_token = "Please complete the Captcha";
+		$refresh_token = "Please complete the Captcha";
+	}
+
 }
 
 $scopes = $dao->getScopes();
@@ -27,7 +39,14 @@
 <html lang="en">
 <script>
 	var scopes_set = <? echo isset($_GET['scope']) ? "true" : "false"; ?>;
-	var token = "<? if (strlen($access_token) > 1) echo $access_token; ?>"
+	var token = "<? if (strlen($access_token) > 1) echo $access_token; ?>";
+	<?
+	if(isset($_GET['code'])) {
+		echo 'var captchaId = "'.$id.'";';
+	} else {
+		echo 'var captchaId = "";';
+	}
+	?>
 </script>
 <head>
 	<title>Twitch Token Generator by swiftyspiffy</title>
@@ -37,10 +56,11 @@
 	<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.0/jquery.min.js"></script>
 
 	<script src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.6/js/bootstrap.min.js"></script>
-	<script src="bootstrap-checkbox.min.js"></script>
-	<script src="script.js"></script>
-	<link rel="stylesheet" href="style.css">
-	<link rel="icon" type="image/ico" sizes="48x48" href="/favicon-48x48.ico">
+	<script src="https://twitchtokengenerator.com/bootstrap-checkbox.min.js"></script>
+	<script src="https://twitchtokengenerator.com/script.js"></script>
+	<link rel="stylesheet" href="https://twitchtokengenerator.com/style.css">
+	<link rel="icon" type="image/ico" sizes="48x48" href="https://twitchtokengenerator.com/favicon-48x48.ico">
+	<script src='https://www.google.com/recaptcha/api.js'></script>
 </head>
 <div class="modal fade" id="welcomeModal">
     <div class="modal-dialog" role="document">
@@ -165,7 +185,7 @@
 								<input type="text" class="form-control" id="access" style="text-align: center; font-size: 200%; color: #009900;" value="<? echo $access_token; ?>" placeholder="Access Token will appear here..." readonly>
 								<span class="input-group-btn">
 									<button class="btn btn-success" type="button" onclick="copyInput(this, 'access');">Copy</button>
-								</div>
+								</span>
 							</div>
 
 						</td>
@@ -177,7 +197,7 @@
 								<input type="text" class="form-control" id="refresh" style="text-align: center; font-size: 200%; color: #009900;" value="<? echo $refresh_token; ?>" placeholder="Refresh Token will appear here..." readonly>
 								<span class="input-group-btn">
 									<button class="btn btn-success" type="button" onclick="copyInput(this, 'refresh');">Copy</button>
-								</div>
+								</span>
 							</div>
 						</td>
 					</tr>
@@ -204,7 +224,7 @@
 								<input type="text" class="form-control" id="refresh" style="text-align: center; font-size: 200%; color: #a31824;" value="ERROR: <? echo $_GET['error']; ?>" placeholder="Refresh Token will appear here..." readonly>
 								<span class="input-group-btn">
 									<button class="btn btn-success" type="button" onclick="copyInput(this, 'refresh');">Copy</button>
-								</div>
+								</span>
 							</div>
 						</td>
 					</tr>
@@ -330,6 +350,28 @@
     </div>
 	<br><br>
 </div>
+<div class="modal fade" id="cyborgModal" data-keyboard="false" data-backdrop="static">
+    <div class="modal-dialog" role="document">
+        <div class="modal-content">
+            <div class="modal-header">
+                <div class="row">
+                    <div class="col-md-6">
+                        <h5 class="modal-title">You're not a robot right?</h5>
+                    </div>
+                </div>
+            </div>
+            <div class="modal-body text-center">
+                <span class="text-center" style="font-size: 120%;">Prove your humanity at once!</span><br><br>
+				<form id="robot_form" action="internal.php" method="post">
+					<input type="hidden" id="robot_identifier" name="robot_identifier" value="<? echo $id; ?>"></input>
+					<div class="g-recaptcha" data-callback="recaptchaSuccess" style="padding-left: 23%" data-sitekey="6LeaCF0UAAAAAMG7-HRJ1Oq_aneLPdQQNN0r9_no"></div>
+				</form>
+				<img class="text-center" src="https://twitchtokengenerator.com/img/kappa.gif"><br>
+				<span id="waiting_text" class="text-center" style="font-size: 70%">waiting...</span>
+            </div>
+        </div>
+    </div>
+</div>
 <script>
 /* --- GA START --- */
 (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
@@ -346,3 +388,17 @@
 /* --- Runtime PHP Generated JS Vars END -- */
 </script>
 </html>
+
+<?
+
+function generateRandomString($length = 10) {
+    $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
+    $charactersLength = strlen($characters);
+    $randomString = '';
+    for ($i = 0; $i < $length; $i++) {
+        $randomString .= $characters[rand(0, $charactersLength - 1)];
+    }
+    return $randomString;
+}
+
+?>
diff --git a/internal.php b/internal.php
@@ -0,0 +1,52 @@
+<?
+include("dao.php");
+
+header('Content-Type: application/json');
+
+if(!isset($_POST['robot_identifier']))
+	exit(json_encode(array('success' => false, 'message' => "Missing robot identifier!")));
+if(!isset($_POST['g-recaptcha-response']))
+	exit(json_encode(array('success' => false, 'message' => "Missing g recaptcha response!")));
+
+$id = $_POST['robot_identifier'];
+$captcha = $_POST['g-recaptcha-response'];
+$ip = $_SERVER['REMOTE_ADDR'];
+
+if(!isValid($captcha, $ip))
+	exit(json_encode(array('success' => false, 'message' => "reCaptcha was not valid!")));
+
+$dao = new dao();
+$result = $dao->getRecaptchaListing($id);
+$dao->deleteRecaptchaListing($id);
+
+if(!$result['found'])
+	exit(json_encode(array('success' => false, 'message' => "Generation data not found on server!")));
+
+exit(json_encode(array('success' => true, 'result' => array('access' => $result['access'], 'refresh' => $result['refresh']))));
+
+function isValid($captcha, $ip) {
+	try {
+
+        $url = 'https://www.google.com/recaptcha/api/siteverify';
+        $data = ['secret'   => RECAPTCHA_SECRET,
+                 'response' => $captcha,
+                 'remoteip' => $ip];
+
+        $options = [
+            'http' => [
+                'header'  => "Content-type: application/x-www-form-urlencoded\r\n",
+                'method'  => 'POST',
+                'content' => http_build_query($data) 
+            ]
+        ];
+
+        $context  = stream_context_create($options);
+        $result = file_get_contents($url, false, $context);
+        return json_decode($result)->success;
+    }
+    catch (Exception $e) {
+        return null;
+    }
+}
+
+?>
diff --git a/script.js b/script.js
@@ -3,6 +3,7 @@ var client_id = "gp762nuuoqcoxypju8c569th9wz7q5";
 var redirect_uri = "https://twitchtokengenerator.com";
 
 var scopes = getScopes();
+var waitingRotator;
 
 $( document ).ready(function() {
     console.log( "loaded! enabling custom checkboxes!" );
@@ -17,16 +18,64 @@ $( document ).ready(function() {
 		if(vars['auth'] != null && vars['auth'] != "") {
 			if(vars['auth'] == "auth_auth") {
 				authenticate();
-				console.log("fired");
 			}
 		}
 	}
 
+	waitingRotator = setInterval(rotateWaitingText, 3000);
+
 	if(!authSuccessful && !scopes_set) {
 	    launchWelcomeModal();
     }
+
+	if(captchaId != "") {
+		showRecaptchaModal(captchaId);
+	}
+
+	$('#robot_form').on('submit', function(e) {
+		e.preventDefault();
+		$.ajax({
+			url: $(this).attr("action") || window.location.pathname,
+			type: "POST",
+			data: $(this).serialize(),
+			success: function(data) {
+				if(data.success) {
+					setAccessText(data['result']['access']);
+					setRefreshText(data['result']['refresh']);
+					setSuccessStyle();
+				} else {
+					setAccessText("ERROR: Unable to ensure you're not a robot!");
+					setRefreshText("ERROR: Unable to ensure you're not a robot!");
+					setErrorStyle();
+					alert("Error checking robot status! Details below:\n\n" + data.message);
+				}
+				$('#cyborgModal').modal("hide");
+			},
+			error: function(data) {
+				setAccessText("ERROR: Unable to ensure you're not a robot!");
+				setRefreshText("ERROR: Unable to ensure you're not a robot!");
+				setErrorStyle();
+				alert("Internal error. Please contact swiftyspiffy.");
+			}
+		});
+	});
 });
 
+function setAccessText(val) {
+	$('#access').val(val);
+}
+function setRefreshText(val) {
+	$('#refresh').val(val);
+}
+function setSuccessStyle() {
+	$('#access').attr("style", "text-align: center; font-size: 200%; color: #009900;");
+	$('#refresh').attr("style", "text-align: center; font-size: 200%; color: #009900;");
+}
+function setErrorStyle() {
+	$('#access').attr("style", "text-align: center; font-size: 200%; color: #a31824;");
+	$('#refresh').attr("style", "text-align: center; font-size: 200%; color: #a31824;");
+}
+
 var quickLinkToggleType = "auth_stay";
 function toggleQuickLinkAuth(id) {
 	if(id == "quicklink_auth_stay") {
@@ -40,6 +89,13 @@ function toggleQuickLinkAuth(id) {
 	}
 }
 
+function rotateWaitingText() {
+	var texts = ["waiting...", "hurry it up human!", "alright criminal scum...", "there are no choices. nothing but a captcha", "increaseth waiting, increaseth guiltyness", "this is it baby.. click that button", "aim towards the captcha", "finish the captcha!", "thank you programmer, but your tokens await captcha completion", "it's-a me, a-captcha!", "its dangerous to go alone, take this captcha", "the captcha is a lie", "twitchtokengenerator is the name, token generation is the game", "stay capatcha'd", "its time to kickass and generate this token, but i still have this captcha", "nothing is true, captcha is permitted", "we all make choices but in the end our choices make tokens", "tokens here!", "all your tokens are belong to us", "captchas.. captchas never change", "you know our motto, we deliver tokens", "remember, no captcha", "the captchas mason, what do they mean!", "homie lets roll on some tokens", "wake me up when you finish the captcha", "dont you recognize me? its me, captcha", "i would have been your daddy, but the captcha beat me over the fence", "in this world, its generate or be generated", "rise and shine, mr programmer", "generatacular!", "generation, its in the game", "catcha was super effective!", "anyways, moral of the story is finish the captcha!", "sir, finishing this captcha!", "this is your generation!", "CAPTCHA!", "go soak your head, programmer!", "fatality! flawless generation!", "i need a generation"];
+
+	var t = texts[Math.floor(Math.random()*texts.length)];
+	$('#waiting_text').html(t);
+}
+
 function getScopes() {
 	return JSON.parse($.ajax({
 		type: "GET",
@@ -241,6 +297,16 @@ function performRefreshRequest() {
 	});
 }
 
+var identifier
+function recaptchaSuccess() {
+	$("#robot_form").submit();
+}
+
+function showRecaptchaModal(id) {
+	$('#cyborgModal').modal("show");
+	$('#robot_identifier').val(id);
+}
+
 function copyInput(btn, el) {
 	var copyText = document.getElementById(el);
 	copyText.select();