42 lines
1.4 KiB
PHP
42 lines
1.4 KiB
PHP
<?php
|
|
|
|
require_once dirname(__FILE__) . '/../../classes/BotLogger.php';
|
|
require_once dirname(__FILE__) . '/../../classes/RuleManager.php';
|
|
|
|
class BotLimiterVerifyModuleFrontController extends ModuleFrontController
|
|
{
|
|
public function initContent()
|
|
{
|
|
$ip = BotLogger::getRealIp();
|
|
|
|
// If they hit the verify page itself more than 5 times in 30 seconds
|
|
if (RateLimiter::checkIsRateLimited($ip, 'verify_page_load', 5, 30)) {
|
|
BotLogger::logBan($ip, 'VERIFY_PAGE_FLOOD');
|
|
header('HTTP/1.1 429 Too Many Requests');
|
|
die('Too many verification attempts.');
|
|
}
|
|
|
|
parent::initContent(); // This initializes the Standard PS Cookie
|
|
|
|
$ip = BotLogger::getRealIp();
|
|
$return_url = urldecode(Tools::getValue('return_url'));
|
|
|
|
// Sanity check on return URL to prevent open redirect vulnerabilities
|
|
if (strpos($return_url, '/') !== 0) {
|
|
$return_url = Context::getContext()->shop->getBaseURL(true);
|
|
}
|
|
|
|
// Generate Encrypted Token
|
|
// Using IP ensures the token cannot be generated on one machine and used on another
|
|
$encryption = new PhpEncryption(_NEW_COOKIE_KEY_);
|
|
$token = $encryption->encrypt($ip);
|
|
|
|
$this->context->smarty->assign([
|
|
'return_url' => $return_url,
|
|
'bot_token' => $token,
|
|
]);
|
|
|
|
$this->setTemplate('module:botlimiter/views/templates/front/verify.tpl');
|
|
}
|
|
}
|