MAPG-235 refactored challenge token generation and check

2021-05-28 08:07:02 +02:00 · 2021-05-28 08:07:02 +02:00 · 28165d76d3
commit 28165d76d3
parent 1c1e5f051d
2 changed files with 6 additions and 9 deletions
--- a/src/Controller/GameController.php
+++ b/src/Controller/GameController.php
@ -112,11 +112,10 @@ class GameController implements ISecured
    public function createNewChallenge(): IContent
    {
        // create Challenge
-        $challengeToken = rand();
-        while ($this->challengeRepository->getByToken($challengeToken)) {
-            // if a challenge with the same token already exists
-            $challengeToken = rand();
-        }
+        do {
+            // initiliaze or if a challenge with the same token already exists
+            $challengeToken = mt_rand();
+        } while ($this->challengeRepository->getByToken($challengeToken));

        $challenge = new Challenge();
        $challenge->setToken($challengeToken);
--- a/src/Repository/UserInChallengeRepository.php
+++ b/src/Repository/UserInChallengeRepository.php
@ -57,10 +57,8 @@ class UserInChallengeRepository
        }

        // validate token string
-        foreach (str_split($token_str) as $char) {
-            if (!(('0' <= $char && $char <= '9') || ('a' <= $char && $char <= 'f'))) {
-                return null;
-            }
+        if (!ctype_xdigit($token_str)) {
+            return null;
        }
        // convert token to int
        $token = hexdec($token_str);