MAPG-235 refactored challenge token generation and check

This commit is contained in:
Balázs Vigh 2021-05-28 08:07:02 +02:00
parent 1c1e5f051d
commit 28165d76d3
2 changed files with 6 additions and 9 deletions

View File

@ -112,11 +112,10 @@ class GameController implements ISecured
public function createNewChallenge(): IContent
{
// create Challenge
$challengeToken = rand();
while ($this->challengeRepository->getByToken($challengeToken)) {
// if a challenge with the same token already exists
$challengeToken = rand();
}
do {
// initiliaze or if a challenge with the same token already exists
$challengeToken = mt_rand();
} while ($this->challengeRepository->getByToken($challengeToken));
$challenge = new Challenge();
$challenge->setToken($challengeToken);

View File

@ -57,11 +57,9 @@ class UserInChallengeRepository
}
// validate token string
foreach (str_split($token_str) as $char) {
if (!(('0' <= $char && $char <= '9') || ('a' <= $char && $char <= 'f'))) {
if (!ctype_xdigit($token_str)) {
return null;
}
}
// convert token to int
$token = hexdec($token_str);