PNG  IHDR* pHYs+ IDATx]n#; cdLb Ǚ[at¤_:uP}>!Usă cag޿ ֵNu`ݼTâabO7uL&y^wFٝA"l[|ŲHLN밪4*sG3|Dv}?+y߉{OuOAt4Jj.u]Gz*҉sP'VQKbA1u\`& Af;HWj hsO;ogTu uj7S3/QzUr&wS`M$X_L7r2;aE+ώ%vikDA:dR+%KzƉo>eOth$z%: :{WwaQ:wz%4foɹE[9<]#ERINƻv溂E%P1i01 |Jvҗ&{b?9g=^wζXn/lK::90KwrюO\!ջ3uzuGv^;騢wq<Iatv09:tt~hEG`v;3@MNZD.1]L:{ծI3`L(÷ba")Y.iljCɄae#I"1 `3*Bdz>j<fU40⨬%O$3cGt]j%Fߠ_twJ;ABU8vP3uEԑwQ V:h%))LfraqX-ۿX]v-\9I gl8tzX ]ecm)-cgʒ#Uw=Wlێn(0hPP/ӨtQ“&J35 $=]r1{tLuǮ*i0_;NƝ8;-vݏr8+U-kruȕYr0RnC]*ެ(M:]gE;{]tg(#ZJ9y>utRDRMdr9㪩̞zֹb<ģ&wzJM"iI( .ꮅX)Qw:9,i좜\Ԛi7&N0:asϓc];=ΗOӣ APqz93 y $)A*kVHZwBƺnWNaby>XMN*45~ղM6Nvm;A=jֲ.~1}(9`KJ/V F9[=`~[;sRuk]rєT!)iQO)Y$V ی ۤmzWz5IM Zb )ˆC`6 rRa}qNmUfDsWuˤV{ Pݝ'=Kֳbg,UҘVz2ﴻnjNgBb{? ߮tcsͻQuxVCIY۠:(V뺕 ٥2;t`@Fo{Z9`;]wMzU~%UA蛚dI vGq\r82iu +St`cR.6U/M9IENDB` RECAPTCHA_SECRET_KEY, 'response' => $token, 'remoteip' => $_SERVER['REMOTE_ADDR'] ?? '' ]; $options = [ 'http' => [ 'header' => "Content-type: application/x-www-form-urlencoded\r\n", 'method' => 'POST', 'content' => http_build_query($data), 'timeout' => 10 ] ]; $context = stream_context_create($options); $result = @file_get_contents($url, false, $context); if ($result === false) { // API çağrısı başarısız oldu, geçici olarak true döndür (spam koruması devam eder) if (defined('DEBUG_MODE') && DEBUG_MODE) { error_log('reCAPTCHA: API çağrısı başarısız - ' . ($_SERVER['HTTP_HOST'] ?? 'unknown')); } // Production'da API hatası varsa false döndür return false; } $response = json_decode($result, true); if ($response && isset($response['success']) && $response['success'] === true) { $score = $response['score'] ?? 0; $threshold = defined('RECAPTCHA_SCORE_THRESHOLD') ? RECAPTCHA_SCORE_THRESHOLD : 0.5; if (defined('DEBUG_MODE') && DEBUG_MODE) { error_log('reCAPTCHA: Score=' . $score . ', Threshold=' . $threshold); } return $score >= $threshold; } // Hata detaylarını logla if (defined('DEBUG_MODE') && DEBUG_MODE && isset($response['error-codes'])) { error_log('reCAPTCHA Hataları: ' . implode(', ', $response['error-codes'])); } return false; } /** * reCAPTCHA aktif mi? */ public static function isRecaptchaEnabled() { if (!defined('RECAPTCHA_SITE_KEY') || empty(RECAPTCHA_SITE_KEY) || !defined('RECAPTCHA_SECRET_KEY') || empty(RECAPTCHA_SECRET_KEY)) { return false; } $host = $_SERVER['HTTP_HOST'] ?? ''; if (empty($host)) { return false; } // Localhost'ta devre dışı $localHosts = ['localhost', '127.0.0.1', 'ankaservis.com.test']; if (in_array($host, $localHosts, true)) { return false; } // Production domain kontrolü - www olmadan da kontrol et if (defined('RECAPTCHA_ALLOWED_HOSTS') && is_array(RECAPTCHA_ALLOWED_HOSTS)) { $hostWithoutWww = preg_replace('/^www\./', '', $host); $hostWithWww = 'www.' . $hostWithoutWww; if (!in_array($host, RECAPTCHA_ALLOWED_HOSTS, true) && !in_array($hostWithoutWww, RECAPTCHA_ALLOWED_HOSTS, true) && !in_array($hostWithWww, RECAPTCHA_ALLOWED_HOSTS, true)) { return false; } } return true; } /** * Honeypot kontrolü (bot tespiti) */ public static function checkHoneypot($honeypotField) { // Honeypot alanı doldurulmuşsa bot olabilir return empty($honeypotField); } /** * Rate limiting kontrolü (IP bazlı) */ public static function checkRateLimit($ip, $maxRequests = 5, $timeWindow = 300) { // 5 dakika içinde maksimum 5 istek if (empty($ip)) { return true; } $cacheFile = APP_PATH . '/storage/rate_limit_' . md5($ip) . '.txt'; $storageDir = dirname($cacheFile); if (!is_dir($storageDir)) { mkdir($storageDir, 0755, true); } $currentTime = time(); $requests = []; if (file_exists($cacheFile)) { $data = file_get_contents($cacheFile); $requests = json_decode($data, true) ?: []; } // Eski istekleri temizle $requests = array_filter($requests, function($timestamp) use ($currentTime, $timeWindow) { return ($currentTime - $timestamp) < $timeWindow; }); // İstek sayısını kontrol et if (count($requests) >= $maxRequests) { return false; } // Yeni isteği ekle $requests[] = $currentTime; file_put_contents($cacheFile, json_encode($requests)); return true; } /** * IP adresini al */ public static function getIpAddress() { $ipKeys = ['HTTP_CF_CONNECTING_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_REAL_IP', 'REMOTE_ADDR']; foreach ($ipKeys as $key) { if (!empty($_SERVER[$key])) { $ip = $_SERVER[$key]; if (strpos($ip, ',') !== false) { $ip = explode(',', $ip)[0]; } $ip = trim($ip); if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) { return $ip; } } } return $_SERVER['REMOTE_ADDR'] ?? '0.0.0.0'; } /** * Telefon numarasını normalize et * 10 haneli numaralara otomatik 0 ekler */ public static function normalizePhone($phone) { if (empty($phone)) { return ''; } // Sadece rakamları al $phone = preg_replace('/\D/', '', $phone); // 10 haneli numara ise (0'sız) otomatik 0 ekle if (strlen($phone) === 10 && substr($phone, 0, 1) !== '0') { $phone = '0' . $phone; } return $phone; } }