Captcha for TOR users only

2024-05-08 17:15:48 -04:00 · 2024-05-08 17:15:48 -04:00 · 87c4f331a7
parent cb1b8d51d8
commit 87c4f331a7
5 changed files with 73 additions and 15 deletions
--- a/inc/config.php
+++ b/inc/config.php
@ -33,6 +33,8 @@

    // Enables captcha
    $config['securimage'] = false;
+    // Limits captcha to TOR users
+    $config['captcha_tor_only'] = false;

    // Global announcement -- the very simple version.
    // This used to be wrongly named $config['blotter'] (still exists as an alias).
--- a/inc/functions.php
+++ b/inc/functions.php
@ -2905,3 +2905,34 @@ function strategy_first($fun, $array) {
        return array('defer');
    }
 }
+
+function ipIsLocal($ip) {
+    // Define the local IP ranges commonly used in private networks
+    $localRanges = [
+        '10.0.0.0/8',       // Private network range 10.0.0.0 to 10.255.255.255
+        '172.16.0.0/12',    // Private network range 172.16.0.0 to 172.31.255.255
+        '192.168.0.0/16',   // Private network range 192.168.0.0 to 192.168.255.255
+        '127.0.0.0/8',      // Loopback range for localhost
+        '169.254.0.0/16'    // Link-local addresses
+    ];
+
+    foreach ($localRanges as $range) {
+        if (ipInRange($ip, $range)) {
+            return true;
+        }
+    }
+
+    return false;
+}
+
+function ipInRange($ip, $range) {
+    // Split the range to get the base IP and the netmask
+    list($baseIP, $netmask) = explode('/', $range);
+    // Convert IPs into long format for easy comparison
+    $ipLong = ip2long($ip);
+    $rangeLong = ip2long($baseIP);
+    $maskLong = ~((1 << (32 - $netmask)) - 1);
+
+    // Check if the IP is in the given range
+    return (($ipLong & $maskLong) == ($rangeLong & $maskLong));
+}
--- a/inc/instance-config.php
+++ b/inc/instance-config.php
@ -142,7 +142,8 @@ $config['spam_noticer']['website_name'] = "leftychan";
 /*
 * Basic captcha. See also: captchaconfig.php
 */
-$config['securimage'] = false;
+$config['securimage'] = true;
+$config['captcha_tor_only'] = true;

 /*
 * Permissions
--- a/post.php
+++ b/post.php
@ -511,7 +511,11 @@ function handle_post(){
            }
        }

-        if(isset($config['securimage']) && $config['securimage']){
+        if((isset($config['securimage']) && $config['securimage'])
+            && (
+                !(isset($config['captcha_tor_only']) && $config['captcha_tor_only'])
+                || ipIsLocal($_SERVER['REMOTE_ADDR'])
+                )){

            if(!isset($_POST['captcha'])){
                error($config['error']['securimage']['missing']);
--- a/templates/post_form.html
+++ b/templates/post_form.html
@ -5,13 +5,10 @@
    method="post"
    data-max-images="{{ config.max_images }}"
    >
-{{ antibot.html() }}
 {% if id %}<input type="hidden" name="thread" value="{{ id }}">{% endif %}
-{{ antibot.html() }}
 {% if board.uri not in config.overboards|keys %}
 <input type="hidden" name="board" value="{{ board.uri }}">
 {% endif %}
-{{ antibot.html() }}
 {% if current_page %}
 	<input type="hidden" name="page" value="{{ current_page }}">
 {% endif %}
@ -103,15 +100,39 @@
 		</tr>
 		{% endif %}
 		{% if config.securimage %}
-		<tr>
-			<th>
-				Captcha
-			</th>
-			<td>
-		        <img name="captcha-img" id="captcha-img" src="/captcha.php" onClick="this.src='/captcha.php?'+Date.now();document.getElementById('captcha').value = '';"><br />
-				<input type="text" name="captcha" id="captcha" size="25" maxlength="10" autocomplete="off">
-			</td>
-		</tr>
+            <tr class="post_form_captcha_row">
+                <th>
+                    Captcha
+                    {% if config.captcha_tor_only %}
+                    <br/>
+                    <small>Tor Only</small>
+                    {% endif %}
+                </th>
+                <td>
+                    <img name="captcha-img" id="captcha-img" src="/captcha.php" onClick="this.src='/captcha.php?'+Date.now();document.getElementById('captcha').value = '';"><br />
+                    <input type="text" name="captcha" id="captcha" size="25" maxlength="10" autocomplete="off">
+                </td>
+            </tr>
+            {% if config.captcha_tor_only %}
+            <script>
+                (() => {
+                    function isOnionDomain() {
+                        const hostname = window.location.hostname;
+                        return hostname.endsWith('.onion');
+                    }
+
+                    function removeCaptchaField() {
+                        document.querySelectorAll('.post_form_captcha_row')
+                            .forEach(e => e.parentNode.removeChild(e));
+                    }
+
+                    if (!isOnionDomain()) {
+                        removeCaptchaField();
+                    }
+                })();
+            </script>
+            {% else %}
+            {% endif %}
 		{% endif %}
 		{% if config.user_flag %}
 			<tr>
@ -204,7 +225,6 @@
 			</td>
 		</tr>{% endif %}
 	</table>
-{{ antibot.html(true) }}
 <input type="hidden" name="hash" value="{{ antibot.hash() }}">
 </form>