public function process_livesearch() { $controlOrigin = Config::getConfig('accessControlAllowOrigin'); header("Access-Control-Allow-Origin: {$controlOrigin}"); header('Access-Control-Allow-Methods: *'); header('Content-Type: application/json'); $errors = Handler::validateInput($_POST); if (!empty($errors)) { // Required inputs are not provided $this->handler->formResponse('failed', 'Error: Required or invalid inputs: ' . implode(',', $errors)); } // 2. A layer of security against those Bots that submit a form quickly if (!$this->handler->verifyBotSearched($_POST['ls_page_loaded_at'])) { // Searching is started sooner than the search start time offset $this->handler->formResponse('failed', 'Error: You are too fast, or this is a Bot. Please search now.'); } // 3. Verify the token - CSRF protection if (!$this->handler->verifySessionValue('token', $_POST['ls_token']) || !$this->handler->verifySessionValue('anti_bot', $_POST['ls_anti_bot'])) { // Tokens are not matched $this->handler->formResponse('failed', 'Error: Please refresh the page. It seems that your session is expired.'); } try { // 4. Start looking for the query $result = json_encode($this->handler->getResult($_POST['ls_query_id'], $_POST['ls_query'], (int) $_POST['ls_current_page'], (int) $_POST['ls_items_per_page'])); } catch (\Exception $e) { $catchedError = $e->getMessage(); } if (empty($catchedError)) { // 5. Return the result $this->handler->formResponse('success', 'Successful request', $result); } else { $this->handler->formResponse('failed', $catchedError); } }
/** * Calculate the timestamp difference between the time page is loaded * and the time searching is started for the first time in seconds * * @param $page_loaded_at * @return bool */ public function verifyBotSearched($page_loaded_at) { // if searching starts less than start time offset it seems it's a Bot return time() - $page_loaded_at < Config::getConfig('searchStartTimeOffset') ? false : true; }