Updated authentication.

2023-05-21 16:47:37 +00:00 · 2023-05-21 16:47:37 +00:00 · 70a63db6d5
commit 70a63db6d5
parent 1536f3048d
1 changed files with 29 additions and 34 deletions
--- a/src/SockChatAuth.php
+++ b/src/SockChatAuth.php
@ -2,17 +2,9 @@
 final class SockChatAuth {
    public static function attempt(string $endPoint, string $secret, string $cookie): object {
        if(!empty($cookie)) {
-            $decoded = str_pad(base64_decode(str_pad(strtr($cookie, '-_', '+/'), strlen($cookie) % 4, '=', STR_PAD_RIGHT)), 37, "\0");
-            $unpacked = unpack('Cversion/Nuser/H*token', $decoded);
-
-            if(isset($unpacked['version']) && $unpacked['version'] === 1
-                && isset($unpacked['user']) && $unpacked['user'] > 0) {
-                $loginRequest = [
-                    'user_id' => $unpacked['user'],
-                    'token' => 'SESS:' . $cookie,
-                    'ip' => $_SERVER['REMOTE_ADDR'],
-                ];
-                $loginSignature = hash_hmac('sha256', implode('#', $loginRequest), $secret);
+            $method = 'Misuzu';
+            $signature = sprintf('verify#%s#%s#%s', $method, $cookie, $_SERVER['REMOTE_ADDR']);
+            $signature = hash_hmac('sha256', $signature, $secret);

            $login = curl_init($endPoint);
            curl_setopt_array($login, [
@ -21,7 +13,11 @@ final class SockChatAuth {
                CURLOPT_FOLLOWLOCATION => true,
                CURLOPT_HEADER => false,
                CURLOPT_POST => true,
-                    CURLOPT_POSTFIELDS => json_encode($loginRequest),
+                CURLOPT_POSTFIELDS => http_build_query([
+                    'method' => $method,
+                    'token' => $cookie,
+                    'ipaddr' => $_SERVER['REMOTE_ADDR'],
+                ], '', '&', PHP_QUERY_RFC3986),
                CURLOPT_RETURNTRANSFER => true,
                CURLOPT_TCP_FASTOPEN => true,
                CURLOPT_CONNECTTIMEOUT => 2,
@ -30,14 +26,13 @@ final class SockChatAuth {
                CURLOPT_TIMEOUT => 5,
                CURLOPT_USERAGENT => 'AJAX Chat',
                CURLOPT_HTTPHEADER => [
-                        'Content-Type: application/json',
-                        'X-SharpChat-Signature: ' . $loginSignature,
+                    'Content-Type: application/x-www-form-urlencoded',
+                    'X-SharpChat-Signature: ' . $signature,
                ],
            ]);
            $userInfo = json_decode(curl_exec($login));
            curl_close($login);
        }
-        }

        if(empty($userInfo->success)) {
            $userInfo = new stdClass;