Can someone hack EekChat (again)?
tussiez (1675)

I finally got EekChat working again, and I added a few (hopefully) working anti-hack changes.
Could someone try to hack EekChat again? If my edits work, it should be impossible to change the name of the user on the client-side, as this gets overwritten by the Repl Auth.

https://eekchat.tussiez.repl.co

You are viewing a single comment. View All
tussiez (1675)

@Baconman321 Yeah, that would make more sense
There's probably more than one way to do this, but here's one:

let names = [];
let sessionKeys = [];
//on auth
names.push(someUsername);
sessionKeys.push(Math.random()*9999);
res.sendFile('main.html?'+sessionKey);//pass session key to user

//on connect
let nm = names[sessionKeys.indexOf(userSessionKey)];//get username from session key
if(nm != undefined){
//connected
}

TBH, the server code is kinda messed up, I might as well rewrite it