function doreset($data, $u) { // Slow this right down usleep(500000); if (isset($_SESSION['reset_user']) && isset($_SESSION['reset_hash']) && isset($_SESSION['reset_email'])) { return dbreset(); } $code = getparam('code', true); if (nuem($code)) { return resetfail(); } $codes = explode('_', $code, 2); if (sizeof($codes) != 2) { return resetfail(); } $userhex = $codes[0]; if (strlen($userhex) == 0 || strlen($userhex) % 2) { return resetfail(); } $user = loginStr(pack("H*", $userhex)); $hash = preg_replace('/[^A-Fa-f0-9]/', '', $codes[1]); if (!nuem($user) && !nuem($hash)) { $ans = getAtts($user, 'KReset.str,KReset.dateexp'); if ($ans['STATUS'] != 'ok') { return resetfail(); } if (!isset($ans['KReset.dateexp']) || $ans['KReset.dateexp'] == 'Y') { return resetfail(); } if (!isset($ans['KReset.str']) || $ans['KReset.str'] != $hash) { return resetfail(); } $ans = userSettings($user); if ($ans['STATUS'] != 'ok') { return resetfail(); } if (!isset($ans['email'])) { return resetfail(); } $email = $ans['email']; $_SESSION['reset_user'] = $user; $_SESSION['reset_hash'] = $hash; $_SESSION['reset_email'] = $email; return allow_reset(null); } return resetfail(); }
function tryLogInOut() { global $loginfailed; // If already logged in, it will ignore User/Pass if (isset($_SESSION['ckpkey'])) { $logout = getparam('Logout', false); if (!nuem($logout) && $logout == 'Logout') { logout(); } } else { $login = getparam('Login', false); if (nuem($login)) { return; } $user = getparam('User', false); if ($user !== NULL) { $user = loginStr($user); } if (nuem($user)) { $loginfailed = true; return; } $pass = getparam('Pass', false); if (nuem($pass)) { $loginfailed = true; return; } $twofa = getparam('2fa', false); $valid = validUserPass($user, $pass, $twofa); if (!$valid) { $loginfailed = true; } } }
function try_reset($info, $page, $menu, $name, $u) { $user = getparam('user', false); $mail = trim(getparam('mail', false)); $data = array(); if (!nuem($user)) { $user = loginStr($user); } if (!nuem($user) && !nuem($mail)) { $ans = userSettings($user); if ($ans['STATUS'] == 'ok' && isset($ans['email']) && $ans['email'] == $mail) { $data = array('user' => $user, 'email' => $mail); gopage($info, $data, 'doreset2', $page, $menu, $name, $u, true, true, false); } } gopage($info, $data, 'doregres', $page, $menu, $name, $u, true, true, false); }