From b2cfecf43c4ca9b6397207501eb445a47e9e2c6a Mon Sep 17 00:00:00 2001
From: Kirk Burleson <kirk.burleson@yahoo.com>
Date: Tue, 23 Nov 2021 11:22:33 -0600
Subject: [PATCH 1/2] challenge files

---
 acompany.php | 174 +++++++++++++++++++++++++++++++++++++++++++++++++++
 acompany.png | Bin 0 -> 239 bytes
 backend.rb   | 142 +++++++++++++++++++++++++++++++++++++++++
 3 files changed, 316 insertions(+)
 create mode 100644 acompany.php
 create mode 100644 acompany.png
 create mode 100644 backend.rb

diff --git a/acompany.php b/acompany.php
new file mode 100644
index 000000000..848a22797
--- /dev/null
+++ b/acompany.php
@@ -0,0 +1,174 @@
+<?php
+	const secret_key = '6LeWFkIdAAAAAH3RwwjiDTdMR3ArbS3w-JA7i6_d';
+	$data_flag = false;
+	$console_data = false;
+
+	if($_POST) {
+		global $data_flag;
+
+		function recaptcha_data() {
+			$token = $_POST['token'];
+			$url = "https://www.google.com/recaptcha/api/siteverify?secret=".secret_key."&response={$token}";
+			
+			return file_get_contents($url);
+		}
+
+		$data = json_decode(recaptcha_data());
+
+		if ($data->success) {
+			$data_flag = true;
+			$console_data = [
+				"name" => $_POST['name'],
+				"email" => $_POST['email'],
+				"message" => $_POST['message']
+				];
+		}
+	}
+?>
+
+
+<!doctype html>
+<html>
+<head>
+	<title>ACompany</title>
+	<link rel="icon" href="acompany.png" type="image/png" />
+	<style>
+		span {display:block; padding:10px;}
+		label {display:block;}
+		div {background-color:skyblue;}
+		i {color:red;}
+	</style>
+
+	<script>
+		var field_states = new Map();
+		var field_names = ['name', 'email', 'message'];
+		var site_key = '6LeWFkIdAAAAAKklQkoq0myAtdCIRsmxKYxoKQwx';
+
+		function setup() {
+			for (var i=0; i < field_names.length; i++) {
+				var name = document.getElementById(field_names[i]);
+				if (name) {
+					field_states.set(name, 0);
+					name.addEventListener('keyup', empty_check);
+					name.addEventListener('blur', empty_check);
+				}
+			}
+
+			var flag = <?php echo json_encode($data_flag); ?>;
+			if (flag) {
+				console.log('Name: ' + <?php echo json_encode($console_data['name']); ?>);
+				console.log('Email: ' + <?php echo json_encode($console_data['email']); ?>);
+				console.log('Message: ' + <?php echo json_encode($console_data['message']); ?>);
+			}
+		}
+
+		function process_data(form) {
+			var interval;
+
+			// we use 2 passes through this function.
+			// first pass gets the recaptcha token and returns false to stop submition
+			//   when the 'execute' promise fires, the returned token is put into
+			//   the hidden 'token' field so the server can get it in POST values.
+			//	 Also, we set a time interval. We need this because the hidden field takes
+			//   time to fill and it won't get sent in POST.
+			if (document.contact_form.token.value == false) {
+				// all input fields must be equal to 1
+				for (var i = 0; i < field_names.length; i++) {
+					if (field_states.get(field_names[i]) !== 1) {
+						return -1;
+					}
+				}
+
+				// get recaptcha token and store it in hidden field
+				grecaptcha.execute(site_key, {action: 'contact_form'}).then(
+					function(token) {
+						interval = setInterval(function() {
+							if (document.contact_form.token.value) {
+								clearInterval(interval);
+								document.contact_form.submit();
+							}
+						}, 500);
+						
+						document.contact_form.token.value = token;
+					});
+
+				return false;
+			}
+
+			// second time through, just submit form.
+			return true;
+		}
+
+		function field_is_empty(text) {
+			// scan characters in text
+			// looking for all spaces
+			for (var i = 0; i < text.length; i++) {
+				if (text[i] != ' ') {
+					return false;
+				}
+			}
+
+			return true;
+		}
+
+		function empty_check(obj) {
+			var text = obj.target.value;
+			var asterisk = document.getElementById('ast' + obj.target.name);
+
+			if (!asterisk) {
+				return -1;
+			}
+
+			if (!text || field_is_empty(text)) {
+				asterisk.style.color = 'red';
+				field_states.set(obj.target.name, 0);
+				return -1;
+			}
+			else {
+				asterisk.style.color = 'skyblue';
+				field_states.set(obj.target.name, 1);
+				return 1;
+			}
+
+			
+		}
+	</script>
+
+	<script src="https://www.google.com/recaptcha/api.js?render=6LeWFkIdAAAAAKklQkoq0myAtdCIRsmxKYxoKQwx"></script>
+</head>
+
+<body onload="setup()">
+	<h1>ACompany</h1>
+	<hr>
+	<center>
+		<div>
+			<h3>Contact us</h3>
+			<form name="contact_form" method="POST" action="acompany.php" onsubmit="return process_data()">
+				<input type="hidden" name="token"></input>
+				<span>
+					<label for="name" id="lblname">Name</label>
+					<input type="text" name="name" id="name" required></input> <i id='astname'>*</i>
+				</span>
+
+				<span>
+					<label for="email" id="lblemail">Email</label>
+					<input type="email" name="email" id="email" required></input> <i id='astemail'>*</i>
+				</span>
+
+				<span>
+					<label for="message" id="lblmessage">Message</label>
+					<textarea name="message" id="message" required></textarea> <i id='astmessage'>*</i>
+				</span>
+
+				<span>
+					<input type="submit" value="Send it"></input>
+				</span>
+			</form>
+
+			<p>
+				<i>*</i> means this field's input is required.
+			</p>
+		</div>
+	</center>
+</body>
+</html>
\ No newline at end of file
diff --git a/acompany.png b/acompany.png
new file mode 100644
index 0000000000000000000000000000000000000000..24a6e27372b10064ee442ccd073c92e5abf87045
GIT binary patch
literal 239
zcmeAS@N?(olHy`uVBq!ia0vp^0wB!61|;P_|4#%`jKx9jP7LeL$-D$|SkfJR9T^xl
z_H+M9WCij$3p^r=85sDEfH31!Z9ZwBV2h`VV~B<S+{rry8w_|@QmYoQN-a<idez93
z(Ky9SL8V3MfV!KpO`VF_2iM(;kG%UZVR?L6&#YxymE1OAk{yqCRX*lk!}IpkY4Hd_
z$r;S$k~5g{C08&jO0HlsluTjPlvH81lyqU1l4N0ylB{78leA$9lN9;1`rnDm5%J<4
eN0?HS776PJ>V_@|%=Q4fhr!d;&t;ucLK6V{07ZQO

literal 0
HcmV?d00001

diff --git a/backend.rb b/backend.rb
new file mode 100644
index 000000000..c97b3e366
--- /dev/null
+++ b/backend.rb
@@ -0,0 +1,142 @@
+require 'sinatra'
+require 'json'
+
+$data = {}
+$values = ['0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z']
+
+before do
+	content_type 'application/json'
+end
+
+get '/numbers/:token' do |token|
+		if $data.key?(token)
+			$data[token].to_json
+		else
+			halt 400, {:error => "unkown id token"}.to_json
+		end
+end
+
+post '/numbers' do
+	# we accept json data only
+	halt 415 unless request.env['CONTENT_TYPE'] == 'application/json'
+
+	# parse POST vars, put them in tmp array, catch json errors
+	begin
+		post_vars = JSON.parse(request.body.read)
+	rescue JSON::ParserError => e
+		halt 400, { error: e.to_s }.to_json
+	end
+
+	# Numbers should be sent in a hash form with a key of 'numbers'
+	if post_vars.key?('numbers') == false
+		halt 400, { error: "Use hash with the key of 'numbers' to send the 500 numbers ({'numbers': [10,3,55,...]})"}.to_json
+	end
+
+	tmp = []
+	
+	for num in post_vars["numbers"] do
+		tmp.push(num)
+	end
+
+	# must be exactly 500 numbers
+	if tmp.length != 500
+		halt 400, {error: "Must be exactly 500 numbers, you sent #{tmp.length}, #{tmp}"}.to_json
+	end
+
+	tmp = tmp.sort
+
+	# create the unique token to identify this list in the future
+	shuffle_values
+	token = uid
+
+	while $data.key?(token)
+		token = uid
+	end
+
+	# store numbers under this token
+	$data[token] = tmp
+
+	# tell them where to find the newly created list
+	url = "http://localhost:4567/numbers/#{token}"
+	response.headers['Location'] = url
+
+	status 201
+end
+
+patch '/numbers/:token' do |token|
+	# we accept json data only
+	halt 415 unless request.env['CONTENT_TYPE'] == 'application/json'
+
+	# check existence of token
+	if $data.key?(token) == false
+		halt 400, {:error => "unkown id token"}.to_json
+	end
+
+	# must have 'number' and 'replacement' data
+	begin
+		post_vars = JSON.parse(request.body.read)
+	rescue JSON::ParserError => e
+		halt 400, { error: e.to_s }.to_json
+	end
+
+	if post_vars.key?('number') == false or post_vars.key?('replacement') == false
+		halt 400, {error: "You must send a 'number' and it's 'replacement' value"}.to_json
+	end
+
+	# replace number
+	index = binary_search post_vars['number'], $data[token]
+	if index > -1
+		$data[token][index] = post_vars['replacement']
+		$data[token] = $data[token].sort
+		{replaced: "#{post_vars['number']}", with: "#{post_vars['replacement']}"}.to_json
+	else
+		halt 500, {error: "#{post_vars['number']} not found"}.to_json
+	end
+end
+
+#------------------------------------ functions ----------------------------------
+def binary_search target, data
+	left = 0
+	right = data.length - 1
+	target = target.to_i
+
+	while left <= right do
+		mid = (right + left) / 2
+
+		if target < data[mid].to_i
+			right = mid-1
+		
+		elsif target > data[mid].to_i
+			left = mid+1
+		
+		else
+			return mid
+
+		end
+
+	end
+
+	-1
+end
+
+def shuffle_values
+	last = $values.length
+	while last > 1
+		pick = rand(last)
+		tmp = $values[last-1]
+		$values[last-1] = $values[pick]
+		$values[pick] = tmp
+		last = last - 1
+	end
+end
+
+def uid
+	last = $values.length
+	token = []
+	while token.length < 15
+		pick = rand(last)
+		token.push($values[pick])
+	end
+
+	token.join("")
+end

From 760397b9f5b6757344ee07d6a864f8fc2165dd6b Mon Sep 17 00:00:00 2001
From: Kirk Burleson <kirk.burleson@yahoo.com>
Date: Wed, 24 Nov 2021 03:38:54 -0600
Subject: [PATCH 2/2] add check for recaptcha score

---
 acompany.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/acompany.php b/acompany.php
index 848a22797..50d475398 100644
--- a/acompany.php
+++ b/acompany.php
@@ -15,7 +15,7 @@ function recaptcha_data() {
 
 		$data = json_decode(recaptcha_data());
 
-		if ($data->success) {
+		if ($data->success == true && $data->score > 0.5) {
 			$data_flag = true;
 			$console_data = [
 				"name" => $_POST['name'],