idk
This commit is contained in:
GitProtogen
Generated
+1
-1
@@ -33,7 +33,7 @@
|
|||||||
<path value="$PROJECT_DIR$/vendor/ralouphie/getallheaders" />
|
<path value="$PROJECT_DIR$/vendor/ralouphie/getallheaders" />
|
||||||
</include_path>
|
</include_path>
|
||||||
</component>
|
</component>
|
||||||
<component name="PhpProjectSharedConfiguration" php_language_level="7.4">
|
<component name="PhpProjectSharedConfiguration" php_language_level="8.5">
|
||||||
<option name="suggestChangeDefaultLanguageLevel" value="false" />
|
<option name="suggestChangeDefaultLanguageLevel" value="false" />
|
||||||
</component>
|
</component>
|
||||||
<component name="PhpStanOptionsConfiguration">
|
<component name="PhpStanOptionsConfiguration">
|
||||||
|
|||||||
@@ -26,7 +26,12 @@ class LoginController implements HttpServerInterface
|
|||||||
$responseHead = "400";
|
$responseHead = "400";
|
||||||
$json = json_encode(["error" => "Not enough params"]);
|
$json = json_encode(["error" => "Not enough params"]);
|
||||||
}
|
}
|
||||||
else if (password_verify($password, Handler::class->getPasswordHash($username)))
|
else if (!Handler::class->userExists($username) == !password_verify($password, Handler::class->getPasswordHash($username)))
|
||||||
|
{
|
||||||
|
$login = false;
|
||||||
|
$responseHead = "400";
|
||||||
|
$json = json_encode(["error" => "Bad"]);
|
||||||
|
}
|
||||||
|
|
||||||
if (!$login)
|
if (!$login)
|
||||||
{
|
{
|
||||||
|
|||||||
@@ -14,24 +14,37 @@ class TokenHandler
|
|||||||
$data[8] = chr(ord($data[8]) & 0x3f | 0x80);
|
$data[8] = chr(ord($data[8]) & 0x3f | 0x80);
|
||||||
return bin2hex($data);
|
return bin2hex($data);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static function doesUserHaveToken(string $username): bool
|
public static function doesUserHaveToken(string $username): bool
|
||||||
{
|
{
|
||||||
foreach (self::$tokens as $token) {
|
return array_any(self::$tokens, fn($token) => $token['username'] === $username);
|
||||||
if ($token['username'] === $username) {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return false;
|
|
||||||
}
|
}
|
||||||
public static function getNewTokenForUser(string $username): string
|
public static function getNewTokenForUser(string $username): string
|
||||||
{
|
{
|
||||||
$tokenBody = self::random32Characters() . str_pad(self::$iterations, 5, '0', STR_PAD_RIGHT);
|
$tokenBody = self::random32Characters() . str_pad(self::$iterations, 5, '0');
|
||||||
if (self::$iterations >= 99999) {
|
if (self::$iterations >= 99999) {
|
||||||
self::$iterations = 0;
|
self::$iterations = 0;
|
||||||
}
|
}
|
||||||
self::$tokens[] = [$username, (microtime(true) * 1000), $tokenBody];
|
self::$tokens[] = [$username, (microtime(true) * 1000), $tokenBody];
|
||||||
return self::$tokens[][0] . $tokenBody;
|
return self::$tokens[][0] . $tokenBody;
|
||||||
}
|
}
|
||||||
|
public static function getTokenOwnership(string $controlledToken): string | null
|
||||||
|
{
|
||||||
|
for ($i = 0; $i < count(self::$tokens); ++$i) {
|
||||||
|
$token = self::$tokens[$i];
|
||||||
|
if ($token[0] === $controlledToken[1] . $controlledToken[2]) {
|
||||||
|
return $token[0];
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
public static function deleteOldTokens(): void
|
||||||
|
{
|
||||||
|
for ($i = 0; $i < count(self::$tokens); ++$i) {
|
||||||
|
$token = self::$tokens[$i];
|
||||||
|
// 1 hour
|
||||||
|
if (time() - ($token[0] / 1000) > 3600) {
|
||||||
|
array_splice(self::$tokens, $i, 1);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
Reference in New Issue
Block a user