From 1cd3a504155a38e9ec17463a280dbc7af8561e98 Mon Sep 17 00:00:00 2001 From: flashwave Date: Sun, 21 May 2023 16:50:15 +0000 Subject: [PATCH] Adjusted authentication code. --- src/ChatAuth.php | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/src/ChatAuth.php b/src/ChatAuth.php index d61c6f0..afdf1cb 100644 --- a/src/ChatAuth.php +++ b/src/ChatAuth.php @@ -7,12 +7,9 @@ use Index\Data\IDbConnection; final class ChatAuth { public static function attempt(IDbConnection $db, string $endPoint, string $secret, string $cookie): object { if(!empty($cookie)) { - $params = [ - 'method' => 'Misuzu', - 'token' => $cookie, - 'ipaddr' => $_SERVER['REMOTE_ADDR'], - ]; - $loginSignature = hash_hmac('sha256', "verify#{$params['method']}#{$params['token']}#{$params['ipaddr']}", $secret); + $method = 'Misuzu'; + $signature = sprintf('verify#%s#%s#%s', $method, $cookie, $_SERVER['REMOTE_ADDR']); + $signature = hash_hmac('sha256', $signature, $secret); $login = curl_init($endPoint); curl_setopt_array($login, [ @@ -21,16 +18,21 @@ final class ChatAuth { CURLOPT_FOLLOWLOCATION => true, CURLOPT_HEADER => false, CURLOPT_POST => true, - CURLOPT_POSTFIELDS => $params, + CURLOPT_POSTFIELDS => http_build_query([ + 'method' => $method, + 'token' => $cookie, + 'ipaddr' => $_SERVER['REMOTE_ADDR'], + ], '', '&', PHP_QUERY_RFC3986), CURLOPT_RETURNTRANSFER => true, CURLOPT_TCP_FASTOPEN => true, CURLOPT_CONNECTTIMEOUT => 2, CURLOPT_MAXREDIRS => 2, CURLOPT_PROTOCOLS => CURLPROTO_HTTPS, CURLOPT_TIMEOUT => 5, - CURLOPT_USERAGENT => 'mc.flashii.net', + CURLOPT_USERAGENT => 'Mince', CURLOPT_HTTPHEADER => [ - 'X-SharpChat-Signature: ' . $loginSignature, + 'Content-Type: application/x-www-form-urlencoded', + 'X-SharpChat-Signature: ' . $signature, ], ]); $userInfo = json_decode(curl_exec($login));