flashii/ajax-chat
flashii/ajax-chat
1
0
Fork 0
Code Pull requests Releases Activity

Forgot the authentication URLs...

Browse source
This commit is contained in:
flash 2022-07-03 21:15:44 +00:00
parent 34dfe10156
commit f70c741807
2 changed files with 8 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
src/CustomAJAXChat.php
View file

@ -13,11 +13,15 @@ class CustomAJAXChat extends AJAXChat {
// Returns null if login is invalid // Returns null if login is invalid
function getValidLoginUserData() { function getValidLoginUserData() {
if(empty($_COOKIE['msz_auth'])) { if(empty($_COOKIE['msz_auth'])) {
header('Location: https://flashii.net/auth/login.php'); header('Location: ' . $this->getConfig('flashiiAuth', 'login'));
exit; exit;
} }
$userInfo = SockChatAuth::attempt($this->getConfig('flashiiSecret'), (string)filter_input(INPUT_COOKIE, 'msz_auth')); $userInfo = SockChatAuth::attempt(
$this->getConfig('flashiiAuth', 'verify'),
$this->getConfig('flashiiSecret'),
(string)filter_input(INPUT_COOKIE, 'msz_auth')
);
if($userInfo->success) { if($userInfo->success) {
// Check if we have a valid registered user: // Check if we have a valid registered user:

6
src/SockChatAuth.php
View file

@ -1,8 +1,6 @@
<?php <?php
final class SockChatAuth { final class SockChatAuth {
private const ENDPOINT = 'https://flashii.net/_sockchat/verify'; public static function attempt(string $endPoint, string $secret, string $cookie): object {
public static function attempt(string $secret, string $cookie): object {
if(!empty($cookie)) { if(!empty($cookie)) {
$decoded = str_pad(base64_decode(str_pad(strtr($cookie, '-_', '+/'), strlen($cookie) % 4, '=', STR_PAD_RIGHT)), 37, "\0"); $decoded = str_pad(base64_decode(str_pad(strtr($cookie, '-_', '+/'), strlen($cookie) % 4, '=', STR_PAD_RIGHT)), 37, "\0");
$unpacked = unpack('Cversion/Nuser/H*token', $decoded); $unpacked = unpack('Cversion/Nuser/H*token', $decoded);
@ -16,7 +14,7 @@ final class SockChatAuth {
]; ];
$loginSignature = hash_hmac('sha256', implode('#', $loginRequest), $secret); $loginSignature = hash_hmac('sha256', implode('#', $loginRequest), $secret);
$login = curl_init(self::ENDPOINT); $login = curl_init($endPoint);
curl_setopt_array($login, [ curl_setopt_array($login, [
CURLOPT_AUTOREFERER => false, CURLOPT_AUTOREFERER => false,
CURLOPT_FAILONERROR => false, CURLOPT_FAILONERROR => false,