Home Explore Help
Register Sign In
s0me0ne
/
Gazelle
forked from Oppaitime/Gazelle
Watch 1
Star 0
Fork 0
Code Issues 1 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

added BIC Browser Integrity Check 

this feature is not security related perse, it's just a way to block
bots and web crawlers. The challenge is occurring only on public pages.
s0me0ne 7 years ago
parent
de80d91ab6
commit
884c7ec618
14 changed files with 84 additions and 2 deletions
Split View Show Diff Stats
  1. 64
    0
      classes/bic.class.php
  2. 2
    0
      classes/config.template
  3. 5
    1
      sections/error/index.php
  4. 1
    0
      sections/login/disabled.php
  5. 4
    1
      sections/login/login.php
  6. 1
    0
      sections/login/newlocation.php
  7. 1
    0
      sections/login/recover_step1.php
  8. 1
    0
      sections/login/recover_step2.php
  9. 1
    0
      sections/login/u2f.php
  10. 1
    0
      sections/register/closed.php
  11. 1
    0
      sections/register/code.php
  12. 1
    0
      sections/register/step1.php
  13. 1
    0
      sections/register/step2.php
  14. BIN
      static/common/bic_flag.gif

+ 64
- 0
classes/bic.class.php View File 

@@ -0,0 +1,64 @@
1 
+<?
2 
+/**
3 
+ * Browser Integrity Check
4 
+ */
5 
+class BIC {
6 
+    /**
7 
+     * Browser Integrity Check challenge
8 
+     */
9 
+    public static function challenge() {
10 
+        if (FEATURE_BIC) {
11 
+            session_start();
12 
+            if (!isset($_SESSION['_authorized'])) {
13 
+                if (isset($_POST['_authorized'])) {
14 
+                    if (hash("sha512", substr(time(), 0, 9) . $_SERVER['HTTP_USER_AGENT'] . BIC_KEY) != $_POST['_authorized']) {
15 
+                        error(400);
16 
+                    } else {
17 
+                        $_SESSION['_authorized'] = '';
18 
+                    }
19 
+                } else {
20 
+                    header("Cache-Control: no-store, no-cache, must-revalidate");
21 
+                    header("Expires: off"); ?><html>
22 
+<head><title>Browser Integrity Check</title>
23 
+<style type="text/css">
24 
+    html, body {
25 
+        width: 100%;
26 
+        height: 100%;
27 
+        margin: 0;
28 
+        padding: 0;
29 
+    }
30 
+
31 
+    body {
32 
+        background-color: #ffffff;
33 
+        font-family: Helvetica, Arial, sans-serif;
34 
+        font-size: 100%;
35 
+    }
36 
+</style>
37 
+</head>
38 
+<body>
39 
+<table width="100%" height="100%" cellpadding="20">
40 
+<tr>
41 
+    <td align="center" valign="middle">
42 
+        <img src="<?= STATIC_SERVER ?>common/bic_flag.gif?v=<?= filemtime(SERVER_ROOT . '/static/common/bic_flag.gif') ?>"/>
43 
+        <h1>Browser Integrity Check</h1>
44 
+        <p>Please wait 3 seconds, the page will auto refresh.</p>
45 
+        <noscript><p>JavaScript is disabled, cannot continue. Please make sure your browser is
46 
+                supporting Cookies, JavaScript and POST.</p></noscript>
47 
+    </td>
48 
+</tr>
49 
+</table>
50 
+<form method="post">
51 
+<button type="submit" name="_authorized" style="display: none" id="_authorized"
52 
+        value="<?= hash("sha512", substr(time(), 0, 9) . $_SERVER['HTTP_USER_AGENT'] . BIC_KEY) ?>"></button>
53 
+</form>
54 
+<script>setTimeout(function () {
55 
+    document.getElementById("_authorized").click()
56 
+}, 3000)</script>
57 
+</body>
58 
+</html>
59 
+                    <? die();
60 
+                }
61 
+            }
62 
+        }
63 
+    }
64 
+}

+ 2
- 0
classes/config.template View File 

@@ -33,6 +33,7 @@ define('INTEGRITY_ALGO', 'sha256');
33 33
34 34 
 // Keys
35 35 
 define('ENCKEY',       'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'); //Random key. The key for encryption
36 
+define('BIC_KEY',      'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'); //Random key. The key for BIC challenge
36 37 
 define('IMAGE_PSK',    'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'); //Pre-shared key for generating hmacs for the image proxy
37 38 
 define('SCHEDULE_KEY', 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'); // Random key. This key must be the argument to schedule.php for the schedule to work.
38 39 
 define('RSS_HASH',     'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'); //Random key. Used for generating unique RSS auth key.
 
@@ -82,6 +83,7 @@ define('FEATURE_ENFORCE_LOCATIONS',  true);  // Require users to verify login fr
82 83 
 define('FEATURE_IRC',                true);  // Attempt to send messages to IRC
83 84 
 define('FEATURE_SEND_EMAIL',         true);  // Attempt to send email from the site
84 85 
 define('FEATURE_SET_ENC_KEY_PUBLIC', false); // Allow the site encryption key to be set without an account (Should only be used for initial setup)
86 
+define('FEATURE_BIC',                true);  // Allow the site to perform BIC challenge on public page
85 87
86 88 
 // User class IDs needed for automatic promotions. Found in the 'permissions' table
87 89 
 // Name of class  Class ID (NOT level)

+ 5
- 1
sections/error/index.php View File 

@@ -14,7 +14,11 @@ if (!empty($_GET['e']) && in_array($_GET['e'],$Errors)) {
14 14 
   // Gazelle error (Comes from the error() function)
15 15 
   switch ($Error ?? NAN) {
16 16
17 
-    case '403':
17 
+    case '400':
18 
+      $Title = "Error 400";
19 
+      $Description = "Bad request.";
20 
+      notify(STATUS_CHAN,'403');
21 
+    break;case '403':
18 22 
       $Title = "Error 403";
19 23 
       $Description = "You just tried to go to a page that you don't have enough permission to view.";
20 24 
       notify(STATUS_CHAN,'403');

+ 1
- 0
sections/login/disabled.php View File 

@@ -1,4 +1,5 @@
1 1 
 <?
2 
+BIC::challenge();
2 3 
 View::show_header('Disabled');
3 4
4 5 
 if (isset($_POST['email']) && FEATURE_EMAIL_REENABLE) {

+ 4
- 1
sections/login/login.php View File 

@@ -1,4 +1,7 @@
1 
-<? View::show_header('Login'); ?>
1 
+<?
2 
+BIC::challenge();
3 
+View::show_header('Login');
4 
+?>
2 5 
   <span id="no-cookies" class="hidden warning">You appear to have cookies disabled.<br /><br /></span>
3 6 
   <noscript><span class="warning"><?=SITE_NAME?> requires JavaScript to function properly. Please enable JavaScript in your browser.</span><br /><br /></noscript>
4 7 
 <?

+ 1
- 0
sections/login/newlocation.php View File 

@@ -4,6 +4,7 @@ if (!empty($LoggedUser['ID'])) {
4 4 
   die();
5 5 
 }
6 6
7 
+BIC::challenge();
7 8 
 View::show_header('Authorize Location');
8 9
9 10 
 if (isset($_REQUEST['act'])) {

+ 1
- 0
sections/login/recover_step1.php View File 

@@ -1,4 +1,5 @@
1 1 
 <?
2 
+BIC::challenge();
2 3 
 View::show_header('Recover Password','validate');
3 4 
 echo $Validate->GenerateJS('recoverform');
4 5 
 ?>

+ 1
- 0
sections/login/recover_step2.php View File 

@@ -1,4 +1,5 @@
1 1 
 <?
2 
+BIC::challenge();
2 3 
 View::show_header('Recover Password');
3 4 
 ?>
4 5 
 <script src="<?=(STATIC_SERVER)?>functions/validate.js" type="text/javascript"></script>

+ 1
- 0
sections/login/u2f.php View File 

@@ -10,6 +10,7 @@ if (!isset($_POST['username']) || !isset($_POST['password']) || !isset($U2FRegs)
10 10
11 11 
 $U2FReq = json_encode($U2F->getAuthenticateData($U2FRegs));
12 12
13 
+BIC::challenge();
13 14 
 View::show_header('U2F Authentication'); ?>
14 15
15 16 
 <form id="u2f_sign_form" action="login.php" method="post">

+ 1
- 0
sections/register/closed.php View File 

@@ -1,4 +1,5 @@
1 1 
 <?
2 
+BIC::challenge();
2 3 
 View::show_header('Registration Closed');
3 4 
 ?>
4 5 
 <div style="width: 500px;">

+ 1
- 0
sections/register/code.php View File 

@@ -1,4 +1,5 @@
1 1 
 <?
2 
+BIC::challenge();
2 3 
 View::show_header('Register');
3 4 
 ?>
4 5 
 <div style="width: 500px;">

+ 1
- 0
sections/register/step1.php View File 

@@ -1,4 +1,5 @@
1 1 
 <?
2 
+BIC::challenge();
2 3 
 View::show_header('Register');
3 4 
 echo $Val->GenerateJS('registerform');
4 5 
 ?>

+ 1
- 0
sections/register/step2.php View File 

@@ -1,4 +1,5 @@
1 1 
 <?
2 
+BIC::challenge();
2 3 
 View::show_header('Registration Complete');
3 4 
 ?>
4 5 
 <div style="width: 500px;">

BIN
static/common/bic_flag.gif View File


Write Preview
Loading…
Cancel
Save