function doRecover($username, $resetcode) { $certid = getCertId(); if ($certid == NULL) { die('You must be using a certificate to reset your account. Get one at <a href="getacert">getacert</a>'); } if (getUser($certid) != NULL) { die('You do not need a reset, you are already logged in!'); } global $authdb; $shacode = sha1($resetcode); $stmt = $authdb->prepare("SELECT username FROM users WHERE username = ? AND resetcode = ?"); if ($stmt == false) { die("Could not prepare query users for reset code statement: " . $authdb->error); } $stmt->bind_param("ss", $username, $shacode); if (!$stmt->execute()) { die("Could not query users for reset code: " . $authdb->error); } $stmt->bind_result($username); $stmt->store_result(); if (!$stmt->fetch()) { die('Invalid reset code or username.'); } //Check if it's multi-factor $currentMF = getMinFactors($username); if ($currentMF > 1) { $votes = countKeyVotes($username, '', $certid); if ($votes < $currentMF - 1) { return "ERROR: This account has {$currentMF}-factor authentication enabled. In order to reset it and activate this key, you must approve the reset from " . ($currentMF - 1 - $votes) . ' of your devices.'; } //OK, do it! setMFA($user, $factors); } //Save the new key associateKey($username, $certid); //Now generate a new recovery code return newReset($username); }
//Username must be alphanumeric die("Must provide an alphanumeric username!"); } if (userExists($_POST['username'])) { //User already created die("This user already exists!"); } $certid = getCertId(); if ($certid === NULL) { //No client cert die("You must use a client certificate when signing up!"); } if (!(isset($_POST['username']) and isset($_POST['address']) and isset($_POST['city']) and isset($_POST['state']) and isset($_POST['postcode']) and isset($_POST['country']))) { die("Must fill out all fields!"); } //OK, let's do this! $resetcode = addUser($_POST['username'], $_POST['address'], $_POST['city'], $_POST['state'], $_POST['postcode'], $_POST['country']); associateKey($_POST['username'], $certid); ?> <h1>Congratulations!</h1> <p class="text">You have been signed up.</p> <p class="text">Print and save the following recovery code:</p> <h2><?php echo $resetcode; ?> </h2> <p class="text">If you lose access to the keys associated with your account, this recovery code is the only way to regain access to your account without costing you money!</p> <p class="text"><a href="index">I printed it. Now take me to the home page!</a></p> <?php } include 'footer.php';