/**
* Private constructor
*
* @param \array $settings Settings
* @param \array $fields Object field values
* @throws \Tollwerk\TwAntibot\Validation\Exception If TYPO3 mode is not FE
*/
protected function __construct(array $settings, array $fields = null)
{
// Ensure that we're in FE mode
if (TYPO3_MODE != 'FE') {
throw new Exception('Antibot validation works for FE only');
}
$this->_settings = $settings;
$this->_fields = $fields;
$this->_objectManager = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Extbase\\Object\\ObjectManager');
$this->_logging = trim($this->_settings['logging']);
$this->_logger = $this->_logging == self::LOG_LOGGER ? \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Log\\LogManager')->getLogger(__CLASS__) : null;
$this->_token = self::_token($this->_settings);
$this->_ip = $_SERVER['REMOTE_ADDR'];
$this->_whitelist = \TYPO3\CMS\Core\Utility\GeneralUtility::trimExplode(',', $this->_settings['whitelist'], true);
// If the current client is whitelisted: No further steps will be taken ...
if (in_array($this->_ip, $this->_whitelist)) {
$this->_info(sprintf('Client %s is whitelisted', $this->_ip));
$this->_valid = true;
// Else: Prepare validation
} else {
// Check IP ban
if ($this->_ipBanningEnabled()) {
$this->_ipRepository = $this->_objectManager->get('Tollwerk\\TwAntibot\\Domain\\Repository\\IpRepository');
if ($this->_ipRepository->findOneByIp($this->_ip) instanceof \Tollwerk\TwAntibot\Domain\Model\Ip) {
$this->_banned = self::BANNED_IP;
}
}
// If antibot data has been submitted
$this->_data = \TYPO3\CMS\Core\Utility\GeneralUtility::_GP($this->_token);
if ($this->_data) {
$this->_fields = (array) $this->_fields;
// Check email ban
if ($this->_emailBanningEnabled()) {
$emailField = trim($this->_settings['email']);
$emailAddress = array_key_exists($emailField, $this->_fields) ? trim($this->_fields[$emailField]) : null;
if (strlen($emailAddress)) {
$this->_emailRepository = $this->_objectManager->get('Tollwerk\\TwAntibot\\Domain\\Repository\\EmailRepository');
if ($this->_emailRepository->findOneByEmail($emailAddress) instanceof \Tollwerk\TwAntibot\Domain\Model\Email) {
$this->_banned |= self::BANNED_EMAIL;
return;
}
}
}
// If a HMAC has been submitted
if (is_array($this->_data) && !empty($this->_data['hmac'])) {
$this->_info('Decrypting HMAC', $this->_data['hmac']);
// Check if a timestamp hint has been sent
if (!empty($this->_data['ts'])) {
$this->_timestamp = intval($this->_data['ts']);
}
$this->_valid = $this->_decryptHmac($this->_data['hmac']);
$this->_info('HMAC valid:', $this->_valid);
$this->_debug('Submission delay:', $this->_delay);
// Else: Error
} else {
throw new Exception\MissingTokenException();
}
// Else: Reset data
} else {
$this->_data = false;
}
}
}
