some kind of security implemented
This commit is contained in:
parent
0c1ca2bc0b
commit
9cfe9520b4
|
@ -1,4 +1,5 @@
|
|||
require "uri"
|
||||
require "crypto/bcrypt/password"
|
||||
|
||||
include CrystalGauntlet
|
||||
|
||||
|
@ -19,13 +20,18 @@ module CrystalGauntlet::Accounts
|
|||
end
|
||||
|
||||
def get_user_id(username : String, ext_id : String) : Int32
|
||||
return 1
|
||||
DATABASE.query("select id from users where udid = ? or account_id = ?", ext_id, ext_id) do |rs|
|
||||
if rs.column_count > 0
|
||||
if rs.move_next
|
||||
return rs.read(Int32)
|
||||
else
|
||||
raise "no user associated with account?!"
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
def verify_gjp(account_id : String, gjp : String) : Bool
|
||||
hash = DATABASE.scalar("select password from accounts where id = ?", account_id).as(String)
|
||||
bcrypt = Crypto::Bcrypt::Password.new(hash)
|
||||
bcrypt.verify(GJP.decrypt(gjp))
|
||||
end
|
||||
end
|
||||
|
|
|
@ -9,7 +9,7 @@ CrystalGauntlet.endpoints["/uploadGJLevel21.php"] = ->(body : String): String {
|
|||
puts params.inspect
|
||||
|
||||
ext_id = Accounts.get_ext_id_from_params(params)
|
||||
if ext_id == "-1"
|
||||
if ext_id == "-1" || !Accounts.verify_gjp(ext_id, params["gjp"])
|
||||
return "-1"
|
||||
end
|
||||
user_id = Accounts.get_user_id(params["userName"], ext_id)
|
||||
|
|
|
@ -9,6 +9,10 @@ CrystalGauntlet.endpoints["/updateGJUserScore22.php"] = ->(body : String): Strin
|
|||
puts params.inspect
|
||||
|
||||
account_id = Accounts.get_ext_id_from_params(params)
|
||||
if !Accounts.verify_gjp(account_id, params["gjp"])
|
||||
return "-1"
|
||||
end
|
||||
|
||||
user_id = Accounts.get_user_id(params["userName"], account_id)
|
||||
|
||||
DATABASE.exec("update users set username=?, stars=?, demons=?, coins=?, user_coins=?, diamonds=?, icon_type=?, color1=?, color2=?, cube=?, ship=?, ball=?, ufo=?, wave=?, robot=?, spider=?, explosion=?, special=?, glow=?, last_played=? where id=?", params["userName"], params["stars"], params["demons"], params["coins"], params["userCoins"], params["diamonds"], params["iconType"], params["color1"], params["color2"], params["accIcon"], params["accShip"], params["accBall"], params["accBird"], params["accDart"], params["accRobot"], params["accSpider"], params["accExplosion"], params["special"], params["accGlow"], Time.utc.to_s("%Y-%m-%d %H:%M:%S"), user_id)
|
||||
|
|
|
@ -7,7 +7,7 @@ module CrystalGauntlet::GJP
|
|||
XOR_KEY = "37526"
|
||||
|
||||
def decrypt(pass : String)
|
||||
pwd = Base64.decode_string(pass.sub('_', '/').sub('-', '+'))
|
||||
pwd = Base64.decode(pass.sub('_', '/').sub('-', '+'))
|
||||
decrypted = ""
|
||||
|
||||
pwd.each.with_index() do |chr, index|
|
||||
|
|
Loading…
Reference in New Issue