idk

src/Http/LoginController.php

@@ -26,7 +26,12 @@ class LoginController implements HttpServerInterface
             $responseHead = "400";
             $json = json_encode(["error" => "Not enough params"]);
         }
-        else if (password_verify($password, Handler::class->getPasswordHash($username)))
+        else if (!Handler::class->userExists($username) == !password_verify($password, Handler::class->getPasswordHash($username)))
+        {
+            $login = false;
+            $responseHead = "400";
+            $json = json_encode(["error" => "Bad"]);
+        }
 
         if (!$login)
         {

src/Security/TokenHandler.php

@@ -14,24 +14,37 @@ class TokenHandler
         $data[8] = chr(ord($data[8]) & 0x3f | 0x80);
         return bin2hex($data);
     }
-
     public static function doesUserHaveToken(string $username): bool
     {
-        foreach (self::$tokens as $token) {
-            if ($token['username'] === $username) {
-                return true;
-            }
-        }
-        return false;
+        return array_any(self::$tokens, fn($token) => $token['username'] === $username);
     }
     public static function getNewTokenForUser(string $username): string
     {
-        $tokenBody = self::random32Characters() . str_pad(self::$iterations, 5, '0', STR_PAD_RIGHT);
+        $tokenBody = self::random32Characters() . str_pad(self::$iterations, 5, '0');
         if (self::$iterations >= 99999) {
             self::$iterations = 0;
         }
         self::$tokens[] = [$username, (microtime(true) * 1000), $tokenBody];
         return self::$tokens[][0] . $tokenBody;
     }
-
+    public static function getTokenOwnership(string $controlledToken): string | null
+    {
+        for ($i = 0; $i < count(self::$tokens); ++$i) {
+            $token = self::$tokens[$i];
+            if ($token[0] === $controlledToken[1] . $controlledToken[2]) {
+                return $token[0];
+            }
+        }
+        return null;
+    }
+    public static function deleteOldTokens(): void
+    {
+        for ($i = 0; $i < count(self::$tokens); ++$i) {
+            $token = self::$tokens[$i];
+            //                                1 hour
+            if (time() - ($token[0] / 1000) > 3600) {
+                array_splice(self::$tokens, $i, 1);
+            }
+        }
+    }
 }