Taeluf.com

deliver-test-hacks.php

<?php
/**
 * Custom request handling & routes for specific test purposes. This is not part of User Package setup. It's just for tests.
 */


$lib = $user_package->lib;

// so i can actually test user login & skirt ip throttling
if (isset($_POST['test_spoof_ip'])){
    $_SERVER['REMOTE_ADDR'] = $_POST['test_spoof_ip'];
} else if (isset($_GET['test_spoof_ip'])){
    $_SERVER['REMOTE_ADDR'] = $_GET['test_spoof_ip'];
}

if (isset($_GET['disable_pages'])){
    $lib->disabled_pages = [
        'login',
        'register',
        'reset-password',
        'logout',
        'terms',
    ];
}
  
$lia->addRoute('@GET.@POST./csrf-test/',
    function ($route, $response) use ($lib){
        $key = $lib->enable_csrf('csrf-test', 10, '/csrf-test-post/');
        $data = $_SESSION[$key];
        $data['key'] = $key;
        $response->content = json_encode($data);
        $response->useTheme = false;
    }
);
$lia->addRoute('@POST./csrf-test-post/',
    function ($route, $response) use ($lib){

        $response->useTheme = false;
        if ($lib->csrf_is_valid('csrf-test')){
            $response->content = 'csrf post test success';
            return;
        }
        $response->content = 'csrf post test not valid';
    }
);

// force CSRF to pass
if (!isset($_SERVER['HTTP_USER_AGENT'])
    &&!isset($_GET['enable_csrf'])
    &&!isset($_POST['enable_csrf'])
    &&!isset($_POST['agreed_to_terms'])
){
    // print_r($_SERVER);
    // exit;
    // $_SERVER['HTTP_REFERER'] = 'http://localhost';
    // foreach ($prefixes as $p){
        // $post_key = $lib->get_csrf_post_key($p);
        // if ($post_key != '')$lib->valid_sessions[$post_key] = true;
    // }
    foreach ($_POST as $k=>$v){
        if (strpos($k,'-csrf-')!==false)$lib->valid_sessions[$k] = true;
    }
    $prefixes = ['csrf-test', 'request-password', 'complete-password', 'login', 'register'];
    foreach ($prefixes as $p){
        $_POST[$k=$p.'-csrf-force_pass'] = 'forced pass';
        $lib->valid_sessions[$k] = true;
    }

    $_POST['logs_consent'] = 'on';
    $_POST['agreed_to_terms'] = 'on';
}

if ( !isset($_SERVER['HTTP_USER_AGENT'])
    &&!isset($_POST['honey']) ){
    $_POST['honey'] = '1,2,3';
    $_POST['honey_answer'] = password_hash('answer', PASSWORD_DEFAULT);
    $_POST['1'] = '';
    $_POST['2'] = '';
    $_POST['3'] = 'answer';
}