From 5c3747ecb64b4c09057f6bd41f473ca844f65240 Mon Sep 17 00:00:00 2001 From: flashwave Date: Sat, 14 Dec 2019 20:01:06 +0100 Subject: [PATCH] Fixed session authentication. --- src/Http/Handlers/SockChatHandler.php | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/src/Http/Handlers/SockChatHandler.php b/src/Http/Handlers/SockChatHandler.php index 71cc730b..ec5e11f2 100644 --- a/src/Http/Handlers/SockChatHandler.php +++ b/src/Http/Handlers/SockChatHandler.php @@ -2,6 +2,7 @@ namespace Misuzu\Http\Handlers; use Exception; +use Misuzu\Base64; use Misuzu\Config; use Misuzu\DB; use Misuzu\Emoticon; @@ -202,15 +203,23 @@ final class SockChatHandler extends Handler { $authMethod = mb_substr($authInfo->token, 0, 5); - if($authMethod === 'PASS:') { // DEPRECATE THIS + if($authMethod === 'PASS:') { if(time() > 1577750400) return ['success' => false, 'reason' => 'unsupported']; if(user_password_verify_db($authInfo->user_id, mb_substr($authInfo->token, 5))) $userId = $authInfo->user_id; - } elseif($authMethod === 'SESS:') { // IMPROVE THIS - $tokenData = user_session_cookie_unpack(mb_substr($authInfo->token, 5), true); - user_session_start($authInfo->user_id, $tokenData['token']); + } elseif($authMethod === 'SESS:') { + $sessionToken = mb_substr($authInfo->token, 5); + $tokenData = user_session_cookie_unpack( + Base64::decode($sessionToken, true), + true + ); + + if(isset($tokenData['session_token'])) + $sessionToken = $tokenData['session_token']; + + user_session_start($authInfo->user_id, $sessionToken); if(user_session_active()) $userId = user_session_current('user_id');