From 4b302836976d2fe1be97a44f0957306a44564672 Mon Sep 17 00:00:00 2001
From: GitProtogen <aa@bb.cc>
Date: Fri, 6 Mar 2026 08:24:04 +0100
Subject: [PATCH] idk

---
 .idea/php.xml                 |  2 +-
 src/Http/LoginController.php  |  7 ++++++-
 src/Security/TokenHandler.php | 31 ++++++++++++++++++++++---------
 3 files changed, 29 insertions(+), 11 deletions(-)

diff --git a/.idea/php.xml b/.idea/php.xml
index 7e8212c..5c1dc9c 100644
--- a/.idea/php.xml
+++ b/.idea/php.xml
@@ -33,7 +33,7 @@
       <path value="$PROJECT_DIR$/vendor/ralouphie/getallheaders" />
     </include_path>
   </component>
-  <component name="PhpProjectSharedConfiguration" php_language_level="7.4">
+  <component name="PhpProjectSharedConfiguration" php_language_level="8.5">
     <option name="suggestChangeDefaultLanguageLevel" value="false" />
   </component>
   <component name="PhpStanOptionsConfiguration">
diff --git a/src/Http/LoginController.php b/src/Http/LoginController.php
index 79fe5cc..3c9a2a2 100644
--- a/src/Http/LoginController.php
+++ b/src/Http/LoginController.php
@@ -26,7 +26,12 @@ class LoginController implements HttpServerInterface
             $responseHead = "400";
             $json = json_encode(["error" => "Not enough params"]);
         }
-        else if (password_verify($password, Handler::class->getPasswordHash($username)))
+        else if (!Handler::class->userExists($username) == !password_verify($password, Handler::class->getPasswordHash($username)))
+        {
+            $login = false;
+            $responseHead = "400";
+            $json = json_encode(["error" => "Bad"]);
+        }
 
         if (!$login)
         {
diff --git a/src/Security/TokenHandler.php b/src/Security/TokenHandler.php
index fcfe09d..8e21366 100644
--- a/src/Security/TokenHandler.php
+++ b/src/Security/TokenHandler.php
@@ -14,24 +14,37 @@ class TokenHandler
         $data[8] = chr(ord($data[8]) & 0x3f | 0x80);
         return bin2hex($data);
     }
-
     public static function doesUserHaveToken(string $username): bool
     {
-        foreach (self::$tokens as $token) {
-            if ($token['username'] === $username) {
-                return true;
-            }
-        }
-        return false;
+        return array_any(self::$tokens, fn($token) => $token['username'] === $username);
     }
     public static function getNewTokenForUser(string $username): string
     {
-        $tokenBody = self::random32Characters() . str_pad(self::$iterations, 5, '0', STR_PAD_RIGHT);
+        $tokenBody = self::random32Characters() . str_pad(self::$iterations, 5, '0');
         if (self::$iterations >= 99999) {
             self::$iterations = 0;
         }
         self::$tokens[] = [$username, (microtime(true) * 1000), $tokenBody];
         return self::$tokens[][0] . $tokenBody;
     }
-
+    public static function getTokenOwnership(string $controlledToken): string | null
+    {
+        for ($i = 0; $i < count(self::$tokens); ++$i) {
+            $token = self::$tokens[$i];
+            if ($token[0] === $controlledToken[1] . $controlledToken[2]) {
+                return $token[0];
+            }
+        }
+        return null;
+    }
+    public static function deleteOldTokens(): void
+    {
+        for ($i = 0; $i < count(self::$tokens); ++$i) {
+            $token = self::$tokens[$i];
+            //                                1 hour
+            if (time() - ($token[0] / 1000) > 3600) {
+                array_splice(self::$tokens, $i, 1);
+            }
+        }
+    }
 }
\ No newline at end of file