flashii/misuzu
flashii/misuzu
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Imported Base* classes from Hanyuu project.

Browse source
This commit is contained in:
flash 2019-12-03 03:00:58 +01:00
parent 078dcd542e
commit a5481d68a2
10 changed files with 78 additions and 55 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
misuzu.php
View file

@ -36,7 +36,6 @@ $errorHandler->register();
require_once 'src/array.php';
require_once 'src/audit_log.php';
require_once 'src/base32.php';
require_once 'src/changelog.php';
require_once 'src/colour.php';
require_once 'src/comments.php';
@ -431,14 +430,14 @@ MIG;
if(!empty($_COOKIE['msz_uid']) && !empty($_COOKIE['msz_sid'])
&& ctype_digit($_COOKIE['msz_uid']) && ctype_xdigit($_COOKIE['msz_sid'])
&& strlen($_COOKIE['msz_sid']) === 64) {
$_COOKIE['msz_auth'] = base64url_encode(user_session_cookie_pack($_COOKIE['msz_uid'], $_COOKIE['msz_sid']));
$_COOKIE['msz_auth'] = Base64::decode(user_session_cookie_pack($_COOKIE['msz_uid'], $_COOKIE['msz_sid']), true);
setcookie('msz_auth', $_COOKIE['msz_auth'], strtotime('1 year'), '/', '', !empty($_SERVER['HTTPS']), true);
setcookie('msz_uid', '', -3600, '/', '', !empty($_SERVER['HTTPS']), true);
setcookie('msz_sid', '', -3600, '/', '', !empty($_SERVER['HTTPS']), true);
}
if(!empty($_COOKIE['msz_auth']) && is_string($_COOKIE['msz_auth'])) {
$cookieData = user_session_cookie_unpack(base64url_decode($_COOKIE['msz_auth']));
$cookieData = user_session_cookie_unpack(Base64::decode($_COOKIE['msz_auth'], true));
if(!empty($cookieData) && user_session_start($cookieData['user_id'], $cookieData['session_token'])) {
$userDisplayInfo = DB::prepare('

2
public/auth/login.php
View file

@ -96,7 +96,7 @@ while(!empty($_POST['login']) && is_array($_POST['login'])) {
user_session_start($userData->user_id, $sessionKey);
$cookieLife = strtotime(user_session_current('session_expires'));
$cookieValue = base64url_encode(user_session_cookie_pack($userData->user_id, $sessionKey));
$cookieValue = Base64::encode(user_session_cookie_pack($userData->user_id, $sessionKey), true);
setcookie('msz_auth', $cookieValue, $cookieLife, '/', '', !empty($_SERVER['HTTPS']), true);
if(!is_local_url($loginRedirect)) {

2
public/auth/twofactor.php
View file

@ -69,7 +69,7 @@ while(!empty($twofactor)) {
user_session_start($tokenInfo['user_id'], $sessionKey);
$cookieLife = strtotime(user_session_current('session_expires'));
$cookieValue = base64url_encode(user_session_cookie_pack($tokenInfo['user_id'], $sessionKey));
$cookieValue = Base64::encode(user_session_cookie_pack($tokenInfo['user_id'], $sessionKey), true);
setcookie('msz_auth', $cookieValue, $cookieLife, '/', '', !empty($_SERVER['HTTPS']), true);
if(!is_local_url($redirect)) {

2
public/proxy.php
View file

@ -24,7 +24,7 @@ if(empty($proxyHash) || empty($proxyUrl)) {
return;
}
$proxyUrlDecoded = base64url_decode($proxyUrl);
$proxyUrlDecoded = Base64::decode($proxyUrl, true);
$parsedUrl = parse_url($proxyUrlDecoded);
if(empty($parsedUrl['scheme'])

41
src/Base32.php Normal file
View file

@ -0,0 +1,41 @@
<?php
namespace Misuzu;
class Base32 {
public const CHARS = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567';
public static function decode(string $str): string {
$out = '';
$length = strlen($str);
$char = $shift = 0;
for($i = 0; $i < $length; $i++) {
$char <<= 5;
$char += stripos(self::CHARS, $str[$i]);
$shift = ($shift + 5) % 8;
$out .= $shift < 5 ? chr(($char & (0xFF << $shift)) >> $shift) : '';
}
return $out;
}
public static function encode(string $data): string {
$bin = '';
$encoded = '';
$length = strlen($data);
for($i = 0; $i < $length; $i++) {
$bin .= sprintf('%08b', ord($data[$i]));
}
$bin = str_split($bin, 5);
$last = array_pop($bin);
$bin[] = str_pad($last, 5, '0', STR_PAD_RIGHT);
foreach($bin as $part) {
$encoded .= self::CHARS[bindec($part)];
}
return $encoded;
}
}

28
src/Base64.php Normal file
View file

@ -0,0 +1,28 @@
<?php
namespace Misuzu;
class Base64 {
public static function encode(string $data, bool $url = false): string {
$data = base64_encode($data);
if($url)
$data = rtrim(strtr($data, '+/', '-_'), '=');
return $data;
}
public static function decode(string $data, bool $url = false): string {
if($url)
$data = str_pad(strtr($data, '-_', '+/'), strlen($data) % 4, '=', STR_PAD_RIGHT);
return base64_decode($data);
}
public static function jsonEncode($data): string {
return self::encode(json_encode($data), true);
}
public static function jsonDecode(string $data) {
return json_decode(self::decode($data, true));
}
}

37
src/base32.php
View file

@ -1,37 +0,0 @@
<?php
define('MSZ_BASE32_CHARS', 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567');
function base32_decode(string $string): string {
$out = '';
$length = strlen($string);
$char = $shift = 0;
for($i = 0; $i < $length; $i++) {
$char <<= 5;
$char += stripos(MSZ_BASE32_CHARS, $string[$i]);
$shift = ($shift + 5) % 8;
$out .= $shift < 5 ? chr(($char & (0xFF << $shift)) >> $shift) : '';
}
return $out;
}
function base32_encode(string $data): string {
$bin = '';
$encoded = '';
$length = strlen($data);
for($i = 0; $i < $length; $i++) {
$bin .= sprintf('%08b', ord($data[$i]));
}
$bin = str_split($bin, 5);
$last = array_pop($bin);
$bin[] = str_pad($last, 5, '0', STR_PAD_RIGHT);
foreach($bin as $part) {
$encoded .= MSZ_BASE32_CHARS[bindec($part)];
}
return $encoded;
}

5
src/otp.php
View file

@ -1,4 +1,5 @@
<?php
use Misuzu\Base32;
use chillerlan\QRCode\QRCode;
use chillerlan\QRCode\QROptions;
@ -12,7 +13,7 @@ function otp_generate(
int $digits = MSZ_TOTP_DEFAULT_DIGITS,
string $algo = MSZ_TOTP_DEFAULT_ALGO
): ?string {
$hash = hash_hmac($algo, pack('J', $data), base32_decode($secret), true);
$hash = hash_hmac($algo, pack('J', $data), Base32::decode($secret), true);
$offset = ord($hash[strlen($hash) - 1]) & 0x0F;
$bin = 0;
@ -64,5 +65,5 @@ function totp_qrcode(string $uri): string {
// will generate a 26 character code
function totp_generate_key(): string {
return base32_encode(random_bytes(16));
return Base32::encode(random_bytes(16));
}

9
src/string.php
View file

@ -41,15 +41,6 @@ function unique_chars(string $input, bool $multibyte = true): int {
return count($chars);
}
// https://secure.php.net/manual/en/function.base64-encode.php#103849
function base64url_encode(string $data): string {
return rtrim(strtr(base64_encode($data), '+/', '-_'), '=');
}
function base64url_decode(string $data): string {
return base64_decode(str_pad(strtr($data, '-_', '+/'), strlen($data) % 4, '=', STR_PAD_RIGHT));
}
function byte_symbol(int $bytes, bool $decimal = false, array $symbols = ['', 'K', 'M', 'G', 'T', 'P', 'E', 'Z', 'Y']): string {
if($bytes < 1) {
return '0 B';

2
src/url.php
View file

@ -253,7 +253,7 @@ function url_proxy_media(?string $url): ?string {
}
$secret = config_get('media_proxy.secret', MSZ_CFG_STR, 'insecure');
$url = base64url_encode($url);
$url = Base64::encode($url, true);
$hash = hash_hmac('sha256', $url, $secret);
return url('media-proxy', compact('hash', 'url'));