From 28165d76d3478a797e9aaf36e0c5f0f820a9b7ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bal=C3=A1zs=20Vigh?= Date: Fri, 28 May 2021 08:07:02 +0200 Subject: [PATCH] MAPG-235 refactored challenge token generation and check --- src/Controller/GameController.php | 9 ++++----- src/Repository/UserInChallengeRepository.php | 6 ++---- 2 files changed, 6 insertions(+), 9 deletions(-) diff --git a/src/Controller/GameController.php b/src/Controller/GameController.php index 56aa673..9a9de40 100644 --- a/src/Controller/GameController.php +++ b/src/Controller/GameController.php @@ -112,11 +112,10 @@ class GameController implements ISecured public function createNewChallenge(): IContent { // create Challenge - $challengeToken = rand(); - while ($this->challengeRepository->getByToken($challengeToken)) { - // if a challenge with the same token already exists - $challengeToken = rand(); - } + do { + // initiliaze or if a challenge with the same token already exists + $challengeToken = mt_rand(); + } while ($this->challengeRepository->getByToken($challengeToken)); $challenge = new Challenge(); $challenge->setToken($challengeToken); diff --git a/src/Repository/UserInChallengeRepository.php b/src/Repository/UserInChallengeRepository.php index 80e55e7..f50c7f8 100644 --- a/src/Repository/UserInChallengeRepository.php +++ b/src/Repository/UserInChallengeRepository.php @@ -57,10 +57,8 @@ class UserInChallengeRepository } // validate token string - foreach (str_split($token_str) as $char) { - if (!(('0' <= $char && $char <= '9') || ('a' <= $char && $char <= 'f'))) { - return null; - } + if (!ctype_xdigit($token_str)) { + return null; } // convert token to int $token = hexdec($token_str);