Updated authentication.

seria.php

@@ -52,48 +52,41 @@ if(!$sInAnnounce) {
     // replace this with id.flashii.net shit
     $mszAuth = (string)filter_input(INPUT_COOKIE, 'msz_auth');
     if(!empty($mszAuth)) {
-        $mszAuthDecoded = str_pad(base64_decode(str_pad(strtr($mszAuth, '-_', '+/'), strlen($mszAuth) % 4, '=', STR_PAD_RIGHT)), 37, "\0");
+        $loginMethod = 'Misuzu';
-        $mszAuthUnpacked = unpack('Cversion/Nuser/H*token', $mszAuthDecoded);
+        $loginSignature = sprintf('verify#%s#%s#%s', $loginMethod, $mszAuth, $_SERVER['REMOTE_ADDR']);
+        $loginSignature = hash_hmac('sha256', $loginSignature, SERIA_MSZ_SECRET);
 
-        if(isset($mszAuthUnpacked['version'])
+        $login = curl_init(SERIA_CAUTH_ENDPOINT);
-            && $mszAuthUnpacked['version'] >= 1
+        curl_setopt_array($login, [
-            && isset($mszAuthUnpacked['user'])
+            CURLOPT_AUTOREFERER => false,
-            && $mszAuthUnpacked['user'] > 0) {
+            CURLOPT_FAILONERROR => false,
-            $loginRequest = [
+            CURLOPT_FOLLOWLOCATION => true,
-                'user_id' => $mszAuthUnpacked['user'],
+            CURLOPT_HEADER => false,
-                'token' => 'SESS:' . $mszAuth,
+            CURLOPT_POST => true,
-                'ip' => $_SERVER['REMOTE_ADDR'],
+            CURLOPT_POSTFIELDS => http_build_query([
-            ];
+                'method' => $loginMethod,
-            $loginSignature = hash_hmac('sha256', implode('#', $loginRequest), SERIA_MSZ_SECRET);
+                'token' => $mszAuth,
+                'ipaddr' => $_SERVER['REMOTE_ADDR'],
+            ], '', '&', PHP_QUERY_RFC3986),
+            CURLOPT_RETURNTRANSFER => true,
+            CURLOPT_TCP_FASTOPEN => true,
+            CURLOPT_CONNECTTIMEOUT => 2,
+            CURLOPT_MAXREDIRS => 2,
+            CURLOPT_PROTOCOLS => CURLPROTO_HTTPS,
+            CURLOPT_TIMEOUT => 5,
+            CURLOPT_USERAGENT => 'Seria/' . SERIA_VERSION,
+            CURLOPT_HTTPHEADER => [
+                'Content-Type: application/x-www-form-urlencoded',
+                'X-SharpChat-Signature: ' . $loginSignature,
+            ],
+        ]);
+        $loginResponse = json_decode(curl_exec($login));
+        curl_close($login);
 
-            $login = curl_init(SERIA_CAUTH_ENDPOINT);
+        if(!empty($loginResponse->success))
-            curl_setopt_array($login, [
+            $sUserInfo = SeriaUser::fromMisuzu($pdo, $loginResponse);
-                CURLOPT_AUTOREFERER => false,
-                CURLOPT_FAILONERROR => false,
-                CURLOPT_FOLLOWLOCATION => true,
-                CURLOPT_HEADER => false,
-                CURLOPT_POST => true,
-                CURLOPT_POSTFIELDS => json_encode($loginRequest),
-                CURLOPT_RETURNTRANSFER => true,
-                CURLOPT_TCP_FASTOPEN => true,
-                CURLOPT_CONNECTTIMEOUT => 2,
-                CURLOPT_MAXREDIRS => 2,
-                CURLOPT_PROTOCOLS => CURLPROTO_HTTPS,
-                CURLOPT_TIMEOUT => 5,
-                CURLOPT_USERAGENT => 'Seria/' . SERIA_VERSION,
-                CURLOPT_HTTPHEADER => [
-                    'Content-Type: application/json',
-                    'X-SharpChat-Signature: ' . $loginSignature,
-                ],
-            ]);
-            $loginResponse = json_decode(curl_exec($login));
-            curl_close($login);
 
-            if(!empty($loginResponse->success))
+        unset($mszAuth, $loginMethod, $loginSignature, $loginMethod, $login, $loginResponse);
-                $sUserInfo = SeriaUser::fromMisuzu($pdo, $loginResponse);
-
-            unset($mszAuth, $mszAuthDecoded, $mszAuthUnpacked, $loginRequest, $loginSignature, $login, $loginResponse);
-        }
     }
 
     if(empty($_COOKIE['seria_random'])) {