From a81c75e4c067b55c77a547f9b2781db860c7b3c5 Mon Sep 17 00:00:00 2001
From: Kieran <kieran@harkin.me>
Date: Wed, 4 Apr 2018 16:29:09 +0800
Subject: [PATCH] fix some bugs

---
 src/php/api.php           | 27 ++++++++++-----------------
 src/php/config.php.sample |  7 +++++++
 src/php/download.php      | 23 +++++++++--------------
 src/php/ga.php            |  4 ++--
 4 files changed, 28 insertions(+), 33 deletions(-)

diff --git a/src/php/api.php b/src/php/api.php
index 79fcf39..7fcb579 100644
--- a/src/php/api.php
+++ b/src/php/api.php
@@ -1,6 +1,4 @@
-<?php
-	session_start();
-	
+<?php	
 	include_once('config.php');
 	include_once('ga.php');
 	
@@ -9,7 +7,12 @@
 	$rsp = array(
 		"input" => $c
 	);
+	
+	$redis = new Redis();
+	$redis->pconnect(_REDIS_SERVER);
 
+	GAPageView($redis);
+	
 	switch($c->cmd){
 		case "config":
 		{
@@ -36,18 +39,13 @@
 				$fi->url = _SITEURL . $fi->hash160;
 				$rsp["file"] = $fi;
 				
-				$hashKey = $_SERVER['REMOTE_ADDR'] . ':' . $fi->hash160;
-				
-				$redis = new Redis();
-				$redis->connect(_REDIS_SERVER);
+				$hashKey = _UIP . ':' . $fi->hash160;
 				
 				$dlCounter = $redis->get($hashKey);
 				if($dlCounter != False && $dlCounter >= _DL_CAPTCHA) {
 					GAEvent("Captcha", "Hit");
 					$rsp["captcha"] = True;
 				}
-				
-				$redis->close();
 			}else { 
 				$rsp["file"] = NULL;
 			}
@@ -60,11 +58,8 @@
 			break;
 		}
 		case "captcha_verify":
-		{
-			$redis = new Redis();
-			$redis->connect(_REDIS_SERVER);
-			
-			$hashKey = $_SERVER['REMOTE_ADDR'] . ':' . $c->hash;
+		{			
+			$hashKey = _UIP . ':' . $c->hash;
 			
 			$dlCounter = $redis->get($hashKey);
 			if($dlCounter != FALSE) {
@@ -72,7 +67,7 @@
 
 				curl_setopt($ch, CURLOPT_URL, 'https://www.google.com/recaptcha/api/siteverify');
 				curl_setopt($ch, CURLOPT_POST, 1);
-				curl_setopt($ch, CURLOPT_POSTFIELDS, 'secret=' . _CAPTCHA_SECRET . '&response=' . $c->token . '&remoteip=' . $_SERVER['REMOTE_ADDR']);
+				curl_setopt($ch, CURLOPT_POSTFIELDS, 'secret=' . _CAPTCHA_SECRET . '&response=' . $c->token . '&remoteip=' . _UIP);
 			
 				curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
 				$crsp = json_decode(curl_exec($ch));
@@ -91,8 +86,6 @@
 				$rsp["ok"] = True;
 				GAEvent("Captcha", "Miss");
 			}
-			
-			$redis->close();
 			break;
 		}
 	}
diff --git a/src/php/config.php.sample b/src/php/config.php.sample
index 896b636..70b96b5 100644
--- a/src/php/config.php.sample
+++ b/src/php/config.php.sample
@@ -1,4 +1,11 @@
 <?php
+
+	if(!isset($_COOKIE["VC:UID"])) {
+		setcookie("VC:UID", uniqid());
+	}
+	
+	define('_UIP', isset($_SERVER['HTTP_CF_CONNECTING_IP']) ? $_SERVER['HTTP_CF_CONNECTING_IP'] : $_SERVER['REMOTE_ADDR']);
+	
 	/* DB SETTINGS */
 	define('_DB_HOST', '127.0.0.1');
 	define('_DB_DATABASE', 'void');
diff --git a/src/php/download.php b/src/php/download.php
index e2d217b..a9ff025 100644
--- a/src/php/download.php
+++ b/src/php/download.php
@@ -7,9 +7,8 @@
 	
 	GAPageView($redis);
 
-	$ip = isset($_SERVER['HTTP_CF_CONNECTING_IP']) ? $_SERVER['HTTP_CF_CONNECTING_IP'] : $_SERVER['REMOTE_ADDR'];
 	$hash = substr($_SERVER["REQUEST_URI"], 1);
-	$hashKey = $ip . ':' . $hash;
+	$hashKey = _UIP . ':' . $hash;
 
 	$refr = isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : False;
 	if($refr != False){
@@ -21,16 +20,12 @@
 	}
 	
 	//check is range request
-	$range_start = 0;
-	$range_end = 999;
+	$is_non_range = True;
 	if(isset($_SERVER['HTTP_RANGE'])){
 		$rby = explode('=', $_SERVER['HTTP_RANGE']);
 		$rbv = explode('-', $rby[1]);
-		if($rbv[0] != ''){
-			$range_start = $rbv[0];
-		}
-		if($rbv[1] != ''){
-			$range_end = $rbv[1];
+		if($rbv[0] != '0'){
+			$is_non_range = False;
 		}
 	}
 	
@@ -58,10 +53,10 @@
 	if($dlCounter != FALSE) {
 		if($dlCounter >= _DL_CAPTCHA * 2){
 			$cfbk = 'VC:CF:BLOCK';
-			if(_CLOUDFLARE_API_KEY != 'API_KEY' && $redis->sIsMember($cfbk, $ip) == False){
-				$redis->sadd($cfbk, $ip);
+			if(_CLOUDFLARE_API_KEY != 'API_KEY' && $redis->sIsMember($cfbk, _UIP) == False){
+				$redis->sadd($cfbk, _UIP);
 				include_once('cloudflare.php');
-				AddFirewallRule($ip);
+				AddFirewallRule(_UIP);
 			}
 			exit();
 		}else if($dlCounter >= _DL_CAPTCHA){
@@ -95,10 +90,10 @@
 			header("Content-type: $mimeType");
 			header('Content-Disposition: inline; filename="' . $filename . '"');
 			
-			if(!$isCrawlBot && $range_start == 0){
+			if(!$isCrawlBot && $is_non_range){
 				$db->AddView($f->hash160);
+				$redis->incr($hashKey);
 			}
-			$redis->incr($hashKey);
 		}
 	}else{
 		http_response_code(404);
diff --git a/src/php/ga.php b/src/php/ga.php
index 67e95dc..e78ff10 100644
--- a/src/php/ga.php
+++ b/src/php/ga.php
@@ -22,11 +22,11 @@
 		$msg = http_build_query(array(
 			"v" => "1",
 			"tid" => _GA_SITE_CODE,
-			"cid" => session_id(),
+			"cid" => $_COOKIE["VC:UID"],
 			"t" => "pageview",
 			"dh" => $_SERVER['HTTP_HOST'],
 			"dp" => $_SERVER['REQUEST_URI'],
-			"uip" => isset($_SERVER['HTTP_CF_CONNECTING_IP']) ? $_SERVER['HTTP_CF_CONNECTING_IP'] : $_SERVER['REMOTE_ADDR'],
+			"uip" => _UIP,
 			"ua" => isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : "",
 			"dr" => isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : ""
 		));