From ecd99235cc16c52fb6364e67848a1a761c655ef2 Mon Sep 17 00:00:00 2001
From: emkael <emkael@tlen.pl>
Date: Thu, 11 Oct 2018 17:27:18 +0200
Subject: PIN safety improvements:  * initializing BWS settings with randomized
 PIN  * checking PIN against predictable PINs (with explicit warning on
 settings save)  * generating randomized PIN easily

---
 Aktywator/Aktywator.csproj        |  1 +
 Aktywator/Bws.cs                  | 14 +++++++++++++-
 Aktywator/MainForm.Designer.cs    | 30 +++++++++++++++++++++++++++++-
 Aktywator/MainForm.cs             | 37 +++++++++++++++++++++++++++++++++++++
 Aktywator/MainForm.resx           | 37 +++++++++++++++++++++++++++++++++++--
 Aktywator/Resources/BuildDate.txt |  2 +-
 6 files changed, 116 insertions(+), 5 deletions(-)

(limited to 'Aktywator')

diff --git a/Aktywator/Aktywator.csproj b/Aktywator/Aktywator.csproj
index bdcdba6..acfc8c6 100644
--- a/Aktywator/Aktywator.csproj
+++ b/Aktywator/Aktywator.csproj
@@ -132,6 +132,7 @@
     </EmbeddedResource>
     <EmbeddedResource Include="MainForm.resx">
       <DependentUpon>MainForm.cs</DependentUpon>
+      <SubType>Designer</SubType>
     </EmbeddedResource>
     <EmbeddedResource Include="MysqlSettings.resx">
       <DependentUpon>MysqlSettings.cs</DependentUpon>
diff --git a/Aktywator/Bws.cs b/Aktywator/Bws.cs
index 9121eb1..7ae27b3 100644
--- a/Aktywator/Bws.cs
+++ b/Aktywator/Bws.cs
@@ -352,7 +352,7 @@ namespace Aktywator
             }
 
             List<Setting> defaultSettings = new List<Setting>();
-            defaultSettings.Add(new Setting("BM2PINcode", "text(4)", "'5431'"));
+            defaultSettings.Add(new Setting("BM2PINcode", "text(4)", "'" + this._getRandomPIN() + "'"));
             defaultSettings.Add(new Setting("BM2Ranking", "integer", "0"));
             defaultSettings.Add(new Setting("BM2GameSummary", "bit", "false"));
             defaultSettings.Add(new Setting("BM2SummaryPoints", "integer", "0"));
@@ -416,6 +416,16 @@ namespace Aktywator
             }
         }
 
+        internal int[] _unsafePINs = { 0, 0x0457, 0x08AE, 0x0D05, 0x115C, 0x15B3, 0x1A0A, 0x1E61, 0x22B8, 0x270F, 0x04D2, 0x1537, 0x582, 0x1159 };
+        internal string _getRandomPIN(int oldPIN = 0)
+        {
+            while (Array.IndexOf(this._unsafePINs, oldPIN) > -1)
+            {
+                oldPIN = (new Random()).Next(10000);
+            }
+            return String.Format("{0,4:D4}", oldPIN);
+        }
+
         private void _ensureHandRecordStructure()
         {
             try
@@ -508,6 +518,7 @@ namespace Aktywator
             string playerNames = Setting.load("BM2ShowPlayerNames", this, errors, section);
             main.xShowPlayerNames.Checked = !("".Equals(playerNames) || "0".Equals(playerNames));
             main.xPINcode.Text = Setting.load("BM2PINcode", this, errors, section);
+            main.checkPINsafety(main.xPINcode.Text, this._unsafePINs);
             int resultsOverview = 0;
             int.TryParse(Setting.load("BM2ResultsOverview", this, errors, section), out resultsOverview);
             main.xResultsOverview.SelectedIndex = resultsOverview;
@@ -550,6 +561,7 @@ namespace Aktywator
         public void saveSettings()
         {
             string section = "*".Equals(main.cbSettingsSection.Text.Trim()) ? null : this.sectorLetterToNumber(main.cbSettingsSection.Text.Trim()).ToString();
+            main.checkPINsafety(main.xPINcode.Text, this._unsafePINs, true);
             StringBuilder errors = new StringBuilder();
             foreach (Setting s in settings)
             {
diff --git a/Aktywator/MainForm.Designer.cs b/Aktywator/MainForm.Designer.cs
index f8b03b9..9eaa7d6 100644
--- a/Aktywator/MainForm.Designer.cs
+++ b/Aktywator/MainForm.Designer.cs
@@ -54,6 +54,7 @@
             this.cbSettingsSection = new System.Windows.Forms.ComboBox();
             this.label1 = new System.Windows.Forms.Label();
             this.groupBox7 = new System.Windows.Forms.GroupBox();
+            this.lPINWarning = new System.Windows.Forms.Label();
             this.xResetFunctionKey = new System.Windows.Forms.CheckBox();
             this.label2 = new System.Windows.Forms.Label();
             this.xPINcode = new System.Windows.Forms.TextBox();
@@ -147,6 +148,7 @@
             this.bLaunch = new System.Windows.Forms.ToolStripButton();
             this.bUpdateSession = new System.Windows.Forms.ToolStripButton();
             this.namesTimer = new System.Windows.Forms.Timer(this.components);
+            this.bRandomPIN = new System.Windows.Forms.Button();
             this.statusStrip1.SuspendLayout();
             this.groupBox1.SuspendLayout();
             this.tabControl1.SuspendLayout();
@@ -393,6 +395,8 @@
             // 
             // groupBox7
             // 
+            this.groupBox7.Controls.Add(this.bRandomPIN);
+            this.groupBox7.Controls.Add(this.lPINWarning);
             this.groupBox7.Controls.Add(this.xResetFunctionKey);
             this.groupBox7.Controls.Add(this.label2);
             this.groupBox7.Controls.Add(this.xPINcode);
@@ -405,6 +409,17 @@
             this.groupBox7.TabStop = false;
             this.groupBox7.Text = "Opcje sędziowskie";
             // 
+            // lPINWarning
+            // 
+            this.lPINWarning.Cursor = System.Windows.Forms.Cursors.Help;
+            this.lPINWarning.Image = ((System.Drawing.Image)(resources.GetObject("lPINWarning.Image")));
+            this.lPINWarning.Location = new System.Drawing.Point(41, 22);
+            this.lPINWarning.Name = "lPINWarning";
+            this.lPINWarning.Size = new System.Drawing.Size(22, 18);
+            this.lPINWarning.TabIndex = 30;
+            this.lPINWarning.Visible = false;
+            this.lPINWarning.Click += new System.EventHandler(this.lPINWarning_Click);
+            // 
             // xResetFunctionKey
             // 
             this.xResetFunctionKey.AutoSize = true;
@@ -426,12 +441,13 @@
             // 
             // xPINcode
             // 
-            this.xPINcode.Location = new System.Drawing.Point(41, 21);
+            this.xPINcode.Location = new System.Drawing.Point(69, 22);
             this.xPINcode.MaxLength = 4;
             this.xPINcode.Name = "xPINcode";
             this.xPINcode.Size = new System.Drawing.Size(37, 20);
             this.xPINcode.TabIndex = 14;
             this.xPINcode.Text = "0000";
+            this.xPINcode.TextChanged += new System.EventHandler(this.xPINcode_TextChanged);
             // 
             // xConfirmNP
             // 
@@ -1439,6 +1455,16 @@
             this.namesTimer.Interval = 3000;
             this.namesTimer.Tick += new System.EventHandler(this.namesTimer_Tick);
             // 
+            // bRandomPIN
+            // 
+            this.bRandomPIN.Image = ((System.Drawing.Image)(resources.GetObject("bRandomPIN.Image")));
+            this.bRandomPIN.Location = new System.Drawing.Point(112, 19);
+            this.bRandomPIN.Name = "bRandomPIN";
+            this.bRandomPIN.Size = new System.Drawing.Size(24, 23);
+            this.bRandomPIN.TabIndex = 31;
+            this.bRandomPIN.UseVisualStyleBackColor = true;
+            this.bRandomPIN.Click += new System.EventHandler(this.bRandomPIN_Click);
+            // 
             // MainForm
             // 
             this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 13F);
@@ -1622,6 +1648,8 @@
         private System.Windows.Forms.ToolStrip sectionToolStrip;
         private System.Windows.Forms.ToolStripLabel toolStripLabel1;
         private System.Windows.Forms.ToolStripComboBox cbNamesSection;
+        public System.Windows.Forms.Label lPINWarning;
+        private System.Windows.Forms.Button bRandomPIN;
     }
 }
 
diff --git a/Aktywator/MainForm.cs b/Aktywator/MainForm.cs
index 6284419..3a5b69b 100644
--- a/Aktywator/MainForm.cs
+++ b/Aktywator/MainForm.cs
@@ -678,5 +678,42 @@ namespace Aktywator
             }
         }
 
+
+        internal void checkPINsafety(string pin, int[] unsafePINs, bool explicitWarning = false)
+        {
+            try
+            {
+                if (Array.IndexOf(unsafePINs, Int32.Parse(pin)) > -1)
+                {
+                    this.lPINWarning.Visible = true;
+                    if (explicitWarning)
+                    {
+                        MessageBox.Show("Próbujesz ustawić PIN, który jest łatwy do przewidzenia przez zawodników.\n\nMam nadzieję, że wiesz, co robisz!", "Przewidywalny PIN!", MessageBoxButtons.OK, MessageBoxIcon.Warning);
+                    }
+                }
+                else
+                {
+                    this.lPINWarning.Visible = false;
+                }
+            }
+            catch (FormatException e)
+            {
+            }
+        }
+
+        private void xPINcode_TextChanged(object sender, EventArgs e)
+        {
+            this.checkPINsafety(this.xPINcode.Text, this.bws._unsafePINs);
+        }
+
+        private void lPINWarning_Click(object sender, EventArgs e)
+        {
+            this.checkPINsafety(this.xPINcode.Text, this.bws._unsafePINs, true);
+        }
+
+        private void bRandomPIN_Click(object sender, EventArgs e)
+        {
+            this.xPINcode.Text = this.bws._getRandomPIN();
+        }
     }
 }
diff --git a/Aktywator/MainForm.resx b/Aktywator/MainForm.resx
index 11af55c..0a1a205 100644
--- a/Aktywator/MainForm.resx
+++ b/Aktywator/MainForm.resx
@@ -158,6 +158,39 @@
   <metadata name="statusStrip2.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
     <value>343, 56</value>
   </metadata>
+  <data name="bRandomPIN.Image" type="System.Drawing.Bitmap, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+    <value>
+        iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAAB6
+        JQAAgIMAAPn/AACA6QAAdTAAAOpgAAA6mAAAF2+SX8VGAAAACXBIWXMAAAsSAAALEgHS3X78AAACHElE
+        QVQ4T2P4//8/RRirICkYqyAynr7zz38Q7t/07X/z8rf/y2Y9/p/VfwsoBZFHUVy38k9w+YKPq32brkrB
+        xECaOzb8/1+26Nf/xL5n/z3Kzk1F1gNnVCz+rdOy+u+p1P4n/61St9yBifes//K/YN63/zF9H/+7Vdz+
+        b5t7/Ih56iFNmDzcgMql3yZULP723zn/9H+doAXvYOK1C1/8D2u999+59OYni+wL/42T9v3Xi97cA5OH
+        G1Cz9POFnOnv/5sm7/+vG7l+Lkw8d9Kd/w4Fp3NcSi9Ps807918vZtt/3bCl52HycAMal3/6nD717X/j
+        hL3/9eN2WIHE8vJusyZ1XAEy/zOEtd6xDm66BzZAK2D2Z5g+uAH1Sz99Tpv67r9Z6n64Acg4Z9Z7m7Qp
+        b/4bxu3CbkDFwo8XUqe8/W+fe/q/debRmTBxGK5d/mdexrQP//VjdvzXCV1yASYOV5A99WVffO/T/15V
+        N/4H1t98mzbxxZz8me9syhd8s2lY/Xd+/Yrf74Ob7//XDV/1XydsxUQMA8KabmsH1l8/6lF25b9v7Z3/
+        cb3P/2dOe/c/b+bH/zmzPv0HaQaGPsj209pha3UwDABh1+LzvnY5x44ax+/+rxuzFYxBgaYXswUY8suB
+        mhed1gtdFoysB8UAEDaM36upG7GmTyd4wUUtvylfQFg7cO4l3bAlk7RCV+qiq0fhkIOxChKP/zMAAKH7
+        vWcksHU/AAAAAElFTkSuQmCC
+</value>
+  </data>
+  <data name="lPINWarning.Image" type="System.Drawing.Bitmap, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+    <value>
+        iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAAB6
+        JQAAgIMAAPn/AACA6QAAdTAAAOpgAAA6mAAAF2+SX8VGAAAACXBIWXMAAAsMAAALDAE/QCLIAAACaklE
+        QVQ4T6WRX0hTYRjGdxMkikcqmeWURbeamAg60pVK82KgppIzCh3WNvwzRtjCuahhCYabyzRrFcQyVEbQ
+        hSj+YaKrkCBnDpuSTsu55lEXG1mG29PZuRiunau6+MH3PTzPw/u9HwvAf8EoBlmcKOa+GTi7p68ndrsV
+        xGEmTxBGMcjbgfz5JfvN3/MzSn9HLTHI5AnCKFr68oTzU5f9vp9PsbnWCNsID50NxEkmb4QQ5P3rQvLz
+        chdUzTUQiYpgGZOht4XjYvJGCGYjX2mflvibVFdgMpmg0WiQyEmAdTADulpC8rc/7EItLurjkHA3OLqo
+        shw6nQ5SqRRsNgFyqRovNfG/qIUe2J8JKxh/ntO3sqCm3v4MzepqKBQK5PLPQFGfg+2vcixbTge0MsK4
+        PxM6WPrzkuyTInpxvh0DzGY1Ss+XIj0tBeahKnhWrmJroQyjj7gB6mu5EQVmY67V/U27Rxd49XA7WyAQ
+        nIKoPBO2dxXY/FRCUYTVMY5fX0fYwgqGDDy+Y0YWoMO+Tni3W7G6qIThQTG62gVYmy3DxgceNqx8uKa4
+        GNTGBNqlscJQgaU/3+3beUKN/pgOf3erqLEluFhZguzsLOg1KSDnCkDOFsA1mYQvw1HoUhBeuuBVR4bS
+        6bgN7w9DKOxZk2PVVgVhYTrSUo9hcSIL7ulUuCzHsT7BhnM0GuaH0YG74thelrYhOeDx9mCLbAuFtx1i
+        emHk3Dlq9Oyw8Po4AefIQQzrY3BPGk+yeho5U93XT8BwIxnd1xJp7suPQleXQNNaE09zR3wEty4domm6
+        EAdVRRzaJOwXoV/4N8D6AwpMvVRjyTFwAAAAAElFTkSuQmCC
+</value>
+  </data>
   <data name="lGroupSectionsWarning.Image" type="System.Drawing.Bitmap, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
     <value>
         iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAAB6
@@ -340,7 +373,7 @@
         S5vmPfe+JjvtcklE6MUrYYEbmdtDfF9ayn2gKP5L/6d/QueutWjblIOunWvQezgfd/74BmoPvHwuwN7e
         mZGPOdVz5pg0Lc/JVm/IvXF77xZ0bl6BusRpOOPujCXm7LNiXd1EkhkPir9vUQU/VBS2aV7bhaaceWhe
         ngT1moVo35yDzh2r0bV7Le6/9hLUeXn/3D5j+ubBTmOEMjqaV580N7/zxRd77r1zEANv5KNx8XycdZUj
-        1dj4Y1MWawbJBENqImHqVP/DeXnfd+Q9T8bPQevqDKjXZ6Ej7wV07d0Izf48dB/Yju7929D/yhbg8E7c
+        1dj4Y1MWawbJBENqImHqVP8DeXnfd+Q9T8bPQevqDKjXZ6Ej7wV07d0Izf48dB/Yju7929D/yhbg8E7c
         WLpIESgSeTNDjBoNqQs2t6xf33/33SN4+OGb6MjfiOuTw5FnafmVLUtnIUlsh5Q/4ui2LTvxwZtQ06q3
         r8uEekM22retJONfRDftSPeRPeg5mo/eQ7vQSxPppUn8q2AD7mxcgY2hwauZYf4vVFlZz6lXvaDsO7QH
         D/6wHwPv7MetFYtwQiodiNLTe5kkHtQMB8U/hc1m895cmHK1acsaaDYvg2bHKmho5btf24meY/vQe+wV
@@ -383,7 +416,7 @@
         imXm5oeYS8Mz0czM8UFGIno2ZKI9Zy5aUmKhSgjBLcpE9REUyMFy7OXzS0k6bMU5Ghx1dy47zuXWMF8f
         jZppE2sGctPRuTKFiYNwNMb44FaUC65RdggzNP7ff22OIZZ6eh5xpqbaU/nRM95kC4v49vgo9K5JG3yF
         rp4/Gc0JwSgNdUe+wLqKJE5Dyl+Nx3/9uJTDKWicEoKOhXF0HkSjMsoPb/D5fVa6uvGM5OknwdB42wlb
-        287TlJO3WnNvWOrozKXLVKL8htBnsdwoD2tLBq3bjMnJ+zu/fVisfwP1S8tTgtT67QAAAABJRU5ErkJg
+        287TlJO3WnNvWOrozKXLVKL8htBnsdwoD2tLBq3bjMnJ+zu/fVisfwNzs8tPbIn1ogAAAABJRU5ErkJg
         gg==
 </value>
   </data>
diff --git a/Aktywator/Resources/BuildDate.txt b/Aktywator/Resources/BuildDate.txt
index 6e1bd6e..1cc075b 100644
--- a/Aktywator/Resources/BuildDate.txt
+++ b/Aktywator/Resources/BuildDate.txt
@@ -1 +1 @@
-2018-10-05 
+2018-10-11 
-- 
cgit v1.2.3