From 172fe106f63cb4993c8877d9b3a682d276737191 Mon Sep 17 00:00:00 2001 From: Beats Date: Sat, 13 Apr 2024 19:06:07 -0300 Subject: [PATCH] fix --- app/Controller/Admin/Compendium.php | 22 +++++++------------ app/Controller/Admin/Login.php | 2 +- app/Controller/Api/Login.php | 8 +++---- app/Controller/Pages/Account/ChangeEmail.php | 2 +- .../Pages/Account/ChangePassword.php | 4 ++-- .../Pages/Account/CharacterDelete.php | 2 +- app/Controller/Pages/Account/Login.php | 14 ++++++------ app/Controller/Pages/Account/Registration.php | 2 +- app/Controller/Pages/Guilds/Found.php | 2 +- app/Utils/Argon.php | 10 ++++----- compendium_client.json | 10 ++++----- .../admin/modules/compendium/new.html.twig | 8 +++---- .../admin/modules/compendium/view.html.twig | 8 +++---- routes/api/v1/login.php | 3 +++ 14 files changed, 46 insertions(+), 51 deletions(-) diff --git a/app/Controller/Admin/Compendium.php b/app/Controller/Admin/Compendium.php index e88f7742..ec753c16 100644 --- a/app/Controller/Admin/Compendium.php +++ b/app/Controller/Admin/Compendium.php @@ -16,20 +16,14 @@ class Compendium extends Base { public static function convertNewsCategory($category_id) { - switch ($category_id) { - case 4: - return 'USEFUL INFO'; - case 5: - return 'SUPPORT'; - case 13: - return 'CLIENT FEATURES'; - case 17: - return 'GAME CONTENTS'; - case 21: - return 'MAJOR UPDATES'; - default: - return null; - } + return match ($category_id) { + 4 => 'USEFUL INFO', + 5 => 'SUPPORT', + 13 => 'CLIENT FEATURES', + 17 => 'GAME CONTENTS', + 21 => 'MAJOR UPDATES', + default => null, + }; } public static function updateCompendium($request, $id) diff --git a/app/Controller/Admin/Login.php b/app/Controller/Admin/Login.php index 33ecdffe..6714afc1 100644 --- a/app/Controller/Admin/Login.php +++ b/app/Controller/Admin/Login.php @@ -58,7 +58,7 @@ public static function setLogin($request) } // Password verify by sha1 - if(!Argon::beats($pass, $obAccount->password)){ + if(!Argon::checkPassword($pass, $obAccount->password, $obAccount->id)){ return self::getLogin($request, 'Password inválidos.'); } diff --git a/app/Controller/Api/Login.php b/app/Controller/Api/Login.php index 8cb802c3..f9b93e73 100644 --- a/app/Controller/Api/Login.php +++ b/app/Controller/Api/Login.php @@ -24,7 +24,7 @@ class Login extends Api { - public static function sendError($message, $code = 3) + public static function sendError($message, $code = 3): array { $returnMsg = []; $returnMsg["errorCode"] = $code; @@ -76,13 +76,13 @@ public static function selectAccount($request) if(empty($account)) { return self::sendError('Email or password is not correct.', 3); } - if (!Argon::beats($password, $account->password, $account->id)) { + if (!Argon::checkPassword($password, $account->password, $account->id)) { return self::sendError('Password is not correct.', 3); } $authentication = EntityAccount::getAuthentication([ 'account_id' => $account->id])->fetchObject(); if (!empty($authentication) and $authentication->status == 1) { - if (Argon::beats($password, $account->password)) { + if (Argon::checkPassword($password, $account->password)) { if (empty($postVars['token'])) { return self::sendError('Two-factor token required for authentication.', 6); } @@ -197,7 +197,7 @@ public static function selectAccount($request) } } - public static function getLogin($request) + public static function getLogin($request): array|string|null { return self::selectAccount($request); } diff --git a/app/Controller/Pages/Account/ChangeEmail.php b/app/Controller/Pages/Account/ChangeEmail.php index b124d1f0..bce4a132 100644 --- a/app/Controller/Pages/Account/ChangeEmail.php +++ b/app/Controller/Pages/Account/ChangeEmail.php @@ -43,7 +43,7 @@ public static function updateEmail($request) if($duplicateEmail == true){ return self::viewChangeEmail($request); } - if(Argon::beats($filter_password, $account->password)){ + if(Argon::checkPassword($filter_password, $account->password, $account->id)){ EntityAccount::updateAccount([ 'id' => $account->id], [ 'email' => $filter_newemail, ]); diff --git a/app/Controller/Pages/Account/ChangePassword.php b/app/Controller/Pages/Account/ChangePassword.php index 72afbc60..cc1b5dab 100644 --- a/app/Controller/Pages/Account/ChangePassword.php +++ b/app/Controller/Pages/Account/ChangePassword.php @@ -41,10 +41,10 @@ public static function updatePassword($request) } $AccountId = SessionAdminLogin::idLogged(); $account = EntityPlayer::getAccount([ 'id' => $AccountId])->fetchObject(); - if (!Argon::beats($convert_oldpassword, $account->password)) { + if (!Argon::checkPassword($convert_oldpassword, $account->password, $account->id)) { return self::viewChangePassword($request, 'Invalid password.'); } - if(Argon::beats($convert_oldpassword, $account->password)){ + if(Argon::checkPassword($convert_oldpassword, $account->password, $account->id)){ EntityAccount::updateAccount([ 'id' => $AccountId], [ 'password' => $convert_newpassword, ]); diff --git a/app/Controller/Pages/Account/CharacterDelete.php b/app/Controller/Pages/Account/CharacterDelete.php index 2ed88b19..20228e18 100644 --- a/app/Controller/Pages/Account/CharacterDelete.php +++ b/app/Controller/Pages/Account/CharacterDelete.php @@ -34,7 +34,7 @@ public static function deleteCharacter($request, $name) } if($selectPlayer->account_id == $AccountId){ $selectAccount = EntityPlayer::getAccount([ 'id' => $selectPlayer->account_id])->fetchObject(); - if(Argon::beats($password, $selectAccount->password)){ + if(Argon::checkPassword($password, $selectAccount->password, $selectAccount->id)){ EntityPlayer::updatePlayer([ 'id' => $selectPlayer->id], [ 'deletion' => 1 ]); diff --git a/app/Controller/Pages/Account/Login.php b/app/Controller/Pages/Account/Login.php index 197c9d6d..39e1f673 100644 --- a/app/Controller/Pages/Account/Login.php +++ b/app/Controller/Pages/Account/Login.php @@ -25,10 +25,10 @@ class Login extends Base{ * Method responsible for returning the login page rendering * * @param Request $request - * @param string $errorMessage + * @param string|null $errorMessage * @return string */ - public static function getLogin($request, $errorMessage = null) + public static function getLogin(Request $request, string $errorMessage = null): string { // Login status $status = !is_null($errorMessage) ? Alert::getError($errorMessage) : ''; @@ -46,14 +46,14 @@ public static function getLogin($request, $errorMessage = null) * * @param Request $request */ - public static function setLogin($request) + public static function setLogin(Request $request) { $postVars = $request->getPostVars(); $email = $postVars['loginemail'] ?? ''; $pass = $postVars['loginpassword'] ?? ''; $filter_email = filter_var($email, FILTER_VALIDATE_EMAIL); - if($filter_email == false){ + if(!$filter_email){ return self::getLogin($request, 'true'); } @@ -64,7 +64,7 @@ public static function setLogin($request) } // Password verify by sha1 - if(!Argon::beats($pass, $obAccount->password)){ + if(!Argon::checkPassword($pass, $obAccount->password, $obAccount->id)){ return self::getLogin($request, 'true'); } @@ -83,10 +83,10 @@ public static function setLogin($request) } SessionAdminLogin::login($obAccount); - $request->getRouter()->redirect('/account'); + return $request->getRouter()->redirect('/account'); } - public static function setLogout($request) + public static function setLogout($request): string { SessionAdminLogin::logout(); $content = View::render('pages/account/logout', []); diff --git a/app/Controller/Pages/Account/Registration.php b/app/Controller/Pages/Account/Registration.php index 557857aa..cbd3eea3 100644 --- a/app/Controller/Pages/Account/Registration.php +++ b/app/Controller/Pages/Account/Registration.php @@ -99,7 +99,7 @@ public static function insertRegister($request) $accountLogged = EntityAccount::getAccount([ 'id' => $LoggedId])->fetchObject(); - if(Argon::beats($filterPassword, $accountLogged->password)){ + if(Argon::checkPassword($filterPassword, $accountLogged->password, $accountLogged->id)){ return self::getRegistration($request, 'Error'); } diff --git a/app/Controller/Pages/Guilds/Found.php b/app/Controller/Pages/Guilds/Found.php index 3aadb45e..ebad0632 100644 --- a/app/Controller/Pages/Guilds/Found.php +++ b/app/Controller/Pages/Guilds/Found.php @@ -34,7 +34,7 @@ public static function insertFoundGuild($request) } $filter_pass = filter_var($postVars['password'], FILTER_SANITIZE_SPECIAL_CHARS); $dbAccountLogged = EntityPlayer::getAccount([ 'id' => $idLogged])->fetchObject(); - if(Argon::beats($filter_pass, $dbAccountLogged->password)){ + if(Argon::checkPassword($filter_pass, $dbAccountLogged->password, $dbAccountLogged->id)){ $status = 'Something went wrong with the password.'; return self::viewFoundGuild($request, $status); } diff --git a/app/Utils/Argon.php b/app/Utils/Argon.php index 95d15125..5b4937db 100644 --- a/app/Utils/Argon.php +++ b/app/Utils/Argon.php @@ -17,12 +17,13 @@ class Argon private static $m_cost; private static $parallelism; - public static function configArgon($m_cost, $t_cost, $parallelism) + public static function configArgon($m_cost, $t_cost, $parallelism): void { self::$m_cost = $m_cost; self::$t_cost = $t_cost; self::$parallelism = $parallelism; } + /** * Hashes a password using the Argon2Id algorithm. * @@ -33,7 +34,6 @@ public static function configArgon($m_cost, $t_cost, $parallelism) public static function generateArgonPassword(string $password): string { eval('$m_cost = ' . self::$m_cost . ';'); - // Gera a senha com as configurações personalizadas $hashedPassword = password_hash($password, PASSWORD_ARGON2ID, [ 'memory_cost' => $m_cost, 'time_cost' => self::$t_cost, @@ -44,9 +44,7 @@ public static function generateArgonPassword(string $password): string $salt = $components[4]; $hash = $components[5]; - $saltAndHash = '$' . $salt . '$' . $hash; - - return $saltAndHash; + return '$' . $salt . '$' . $hash; } /** @@ -85,7 +83,7 @@ public static function compareArgonPassword(string $password, string $hashed_pas } - public static function beats(string $password, string $hashed_password, int $account_id = -1): bool + public static function checkPassword(string $password, string $hashed_password, int $account_id = -1): bool { if (!self::compareArgonPassword($password, $hashed_password)) { if(!self::compareSha1Password($password, $hashed_password)) { diff --git a/compendium_client.json b/compendium_client.json index 25c6244d..025bceff 100644 --- a/compendium_client.json +++ b/compendium_client.json @@ -398,9 +398,9 @@ "type": "REGULAR" } ], - "idOfNewestReadEntry": 85, - "isreturner": false, - "lastupdatetimestamp": 1688441305, - "maxeditdate": 1681298136, - "showrewardnews": false + "idOfNewestReadEntry": 0, + "isreturner": true, + "lastupdatetimestamp": 1713037506, + "maxeditdate": 0, + "showrewardnews": true } diff --git a/resources/view/admin/modules/compendium/new.html.twig b/resources/view/admin/modules/compendium/new.html.twig index 0b31c2ae..b686ed8b 100644 --- a/resources/view/admin/modules/compendium/new.html.twig +++ b/resources/view/admin/modules/compendium/new.html.twig @@ -39,11 +39,11 @@
diff --git a/resources/view/admin/modules/compendium/view.html.twig b/resources/view/admin/modules/compendium/view.html.twig index 174c20d8..aad15c28 100644 --- a/resources/view/admin/modules/compendium/view.html.twig +++ b/resources/view/admin/modules/compendium/view.html.twig @@ -39,11 +39,11 @@
diff --git a/routes/api/v1/login.php b/routes/api/v1/login.php index aa6459b9..3e88ba10 100644 --- a/routes/api/v1/login.php +++ b/routes/api/v1/login.php @@ -1,5 +1,7 @@ post('/api/v1/login', [ 'middlewares' => [ 'api'