function BotCheck($returnReason = false) { if (PHP_SAPI == 'cli' || !isset($_SERVER['REMOTE_ADDR'])) { return false; } $checked = $_SERVER['REMOTE_ADDR']; $reason = ''; $banned = IPIsBanned($checked, $reason); if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { $filterOpts = array('default' => false, 'flags' => FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE); $otherIPs = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR'], 6); if (count($otherIPs) == 6) { array_pop($otherIPs); } while (count($otherIPs) && !$banned) { if ($otherIP = filter_var(trim(array_shift($otherIPs)), FILTER_VALIDATE_IP, $filterOpts)) { $banned |= IPIsBanned($checked = $otherIP, $reason); } } } if ($returnReason) { return ['isbanned' => $banned, 'ip' => $banned ? $checked : '', 'reason' => $banned ? $reason : '']; } if ($banned) { header('HTTP/1.1 403 Forbidden'); exit; } $c = UserThrottleCount(); if ($c > THROTTLE_MAXHITS * 2) { BanIP(); } else { if ($c > THROTTLE_MAXHITS) { header('Expires: 0'); json_return(array('captcha' => CaptchaDetails())); } } }
<?php require_once '../../incl/incl.php'; require_once '../../incl/memcache.incl.php'; require_once '../../incl/api.incl.php'; if (isset($_GET['throttletest'])) { $k = 'throttle_%s_' . $_SERVER['REMOTE_ADDR']; $kTime = sprintf($k, 'time'); $kCount = sprintf($k, 'count'); $memcache->set($kTime, time(), false, THROTTLE_PERIOD); $memcache->set($kCount, THROTTLE_MAXHITS + 1, false, THROTTLE_PERIOD * 2); } if (!isset($_GET['answer'])) { json_return(false); } $cacheKey = 'captcha_' . $_SERVER['REMOTE_ADDR']; if (($details = MCGet($cacheKey)) === false) { json_return(array()); } $memcache->delete($cacheKey); if ($_GET['answer'] == $details['answer']) { UserThrottleCount(true); json_return(array()); } BotCheck(); json_return(array());