function emailcheck($user) { $ans = userSettings($user); if ($ans['STATUS'] != 'ok') { dbdown(); } // Should be no other reason? if (!isset($ans['email'])) { return 'You need to setup an email address first'; } else { return bademail($ans['email'], true); } }
function do2fa($data, $user) { $mailmode = ''; $err = ''; $msg = ''; $setup = getparam('Setup', false); if ($setup === 'Setup') { // rand() included as part of the entropy $ans = get2fa($user, 'setup', rand(1073741824, 2147483647), 0); $mailmode = 'Setup'; } else { $can = getparam('Cancel', false); if ($can === 'Cancel') { $ans = get2fa($user, 'untest', 0, 0); $mailmode = 'Cancel'; } else { $value = getparam('Value', false); $test = getparam('Test', false); if ($test === 'Test' and $value !== null) { $ans = get2fa($user, 'test', 0, $value); $mailmode = 'Test'; } else { $nw = getparam('New', false); if ($nw === 'New' and $value !== null) { $ans = get2fa($user, 'new', rand(1073741824, 2147483647), $value); $mailmode = 'New'; } else { $rem = getparam('Remove', false); if ($rem === 'Remove' and $value !== null) { $ans = get2fa($user, 'remove', 0, $value); $mailmode = 'Remove'; } else { $ans = get2fa($user, '', 0, 0); } } } } } if ($ans['STATUS'] != 'ok') { $err = 'DBERR'; } else { if (isset($ans['2fa_error'])) { $err = $ans['2fa_error']; } if ($mailmode != '' and $err == '') { $ans2 = userSettings($user); if ($ans2['STATUS'] != 'ok') { dbdown(); } // Should be no other reason? if (!isset($ans2['email'])) { $err = 'An error occurred, check your details below'; } else { $email = $ans2['email']; $emailinfo = getOpts($user, emailOptList()); if ($emailinfo['STATUS'] != 'ok') { $err = 'An error occurred, check your details below'; } else { if ($mailmode === 'Setup') { twofaSetup($email, zeip(), $emailinfo); } else { if ($mailmode === 'Test') { twofaEnabled($email, zeip(), $emailinfo); } else { if ($mailmode === 'New') { twofaSetup($email, zeip(), $emailinfo); } else { if ($mailmode === 'Cancel') { twofaCancel($email, zeip(), $emailinfo); } else { if ($mailmode === 'Remove') { twofaRemove($email, zeip(), $emailinfo); } } } } } } } } } if (!isset($ans['2fa_status'])) { $tfa = null; } else { $tfa = $ans['2fa_status']; } if (isset($ans['2fa_msg'])) { $msg = $ans['2fa_msg']; } $pg = set_2fa($data, $user, $tfa, $ans, $err, $msg); return $pg; }
function dosettings($data, $user) { $err = ''; $chg = getparam('Change', false); $check = false; switch ($chg) { case 'EMail': $email = getparam('email', false); if (stripos($email, 'hotmail') !== false) { $err = 'hotmail not allowed'; } else { $pass = getparam('pass', false); $twofa = getparam('2fa', false); $ans = userSettings($user, $email, null, $pass, $twofa); $err = 'EMail changed'; $check = true; } break; case 'Address': if (!isset($data['info']['u_multiaddr'])) { $addr = getparam('baddr', false); $addrarr = array(array('addr' => $addr)); $pass = getparam('pass', false); $twofa = getparam('2fa', false); $ans = userSettings($user, null, $addrarr, $pass, $twofa); $err = 'Payout address changed'; $check = true; } break; case 'Password': $oldpass = getparam('oldpass', false); $pass1 = getparam('pass1', false); $pass2 = getparam('pass2', false); $twofa = getparam('2fa', false); if (!safepass($pass1)) { $err = 'Unsafe password. ' . passrequires(); } elseif ($pass1 != $pass2) { $err = "Passwords don't match"; } else { $ans = setPass($user, $oldpass, $pass1, $twofa); $err = 'Password changed'; $check = true; } break; } $doemail = false; if ($check === true) { if ($ans['STATUS'] != 'ok') { $err = $ans['STATUS']; if ($ans['ERROR'] != '') { $err .= ': ' . $ans['ERROR']; } } else { $doemail = true; } } $ans = userSettings($user); if ($ans['STATUS'] != 'ok') { dbdown(); } // Should be no other reason? if (isset($ans['email'])) { $email = $ans['email']; } else { $email = ''; } // Use the first one - updating will expire all others if (isset($ans['rows']) and $ans['rows'] > 0) { $addr = $ans['addr:0']; } else { $addr = ''; } if ($doemail) { if ($email == '') { if ($err != '') { $err .= '<br>'; } $err .= 'An error occurred, check your details below'; goto iroiroattanoyo; } $emailinfo = getOpts($user, emailOptList()); if ($emailinfo['STATUS'] != 'ok') { if ($err != '') { $err .= '<br>'; } $err .= 'An error occurred, check your details below'; goto iroiroattanoyo; } switch ($chg) { case 'EMail': if (isset($_SESSION['old_set_email'])) { $old = $_SESSION['old_set_email']; } else { $old = null; } emailAddressChanged($email, zeip(), $emailinfo, $old); break; case 'Address': payoutAddressChanged($email, zeip(), $emailinfo); break; case 'Password': passChanged($email, zeip(), $emailinfo); break; } } iroiroattanoyo: $pg = settings($data, $user, $email, $addr, $err); return $pg; }
function doaddrmgt($data, $user) { $err = ''; $OK = getparam('OK', false); $count = getparam('rows', false); $pass = getparam('pass', false); $twofa = getparam('2fa', false); if ($OK == 'Save' && !nuem($count) && !nuem($pass)) { if ($count > 0 && $count < 1000) { $addrarr = array(); for ($i = 0; $i < $count; $i++) { $addr = getparam('addr:' . $i, false); $nam = getparam('payname:' . $i, false); if (nuem($nam)) { $nam = ''; } $ratio = getparam('ratio:' . $i, false); if (!nuem($addr) && !nuem($ratio)) { $addrarr[] = array('addr' => $addr, 'payname' => $nam, 'ratio' => $ratio); } } $ans = userSettings($user, null, $addrarr, $pass, $twofa); if ($ans['STATUS'] != 'ok') { $err = $ans['ERROR']; } } } $pg = addrmgtuser($data, $user, $err); return $pg; }
function doreset($data, $u) { // Slow this right down usleep(500000); if (isset($_SESSION['reset_user']) && isset($_SESSION['reset_hash']) && isset($_SESSION['reset_email'])) { return dbreset(); } $code = getparam('code', true); if (nuem($code)) { return resetfail(); } $codes = explode('_', $code, 2); if (sizeof($codes) != 2) { return resetfail(); } $userhex = $codes[0]; if (strlen($userhex) == 0 || strlen($userhex) % 2) { return resetfail(); } $user = loginStr(pack("H*", $userhex)); $hash = preg_replace('/[^A-Fa-f0-9]/', '', $codes[1]); if (!nuem($user) && !nuem($hash)) { $ans = getAtts($user, 'KReset.str,KReset.dateexp'); if ($ans['STATUS'] != 'ok') { return resetfail(); } if (!isset($ans['KReset.dateexp']) || $ans['KReset.dateexp'] == 'Y') { return resetfail(); } if (!isset($ans['KReset.str']) || $ans['KReset.str'] != $hash) { return resetfail(); } $ans = userSettings($user); if ($ans['STATUS'] != 'ok') { return resetfail(); } if (!isset($ans['email'])) { return resetfail(); } $email = $ans['email']; $_SESSION['reset_user'] = $user; $_SESSION['reset_hash'] = $hash; $_SESSION['reset_email'] = $email; return allow_reset(null); } return resetfail(); }
function try_reset($info, $page, $menu, $name, $u) { $user = getparam('user', false); $mail = trim(getparam('mail', false)); $data = array(); if (!nuem($user)) { $user = loginStr($user); } if (!nuem($user) && !nuem($mail)) { $ans = userSettings($user); if ($ans['STATUS'] == 'ok' && isset($ans['email']) && $ans['email'] == $mail) { $data = array('user' => $user, 'email' => $mail); gopage($info, $data, 'doreset2', $page, $menu, $name, $u, true, true, false); } } gopage($info, $data, 'doregres', $page, $menu, $name, $u, true, true, false); }
function doaddrmgt($data, $user) { $err = ''; $OK = getparam('OK', false); $count = getparam('rows', false); $pass = getparam('pass', false); $twofa = getparam('2fa', false); $mfail = false; if ($OK == 'Save' && !nuem($count) && !nuem($pass)) { if ($count > 0 && $count < 1000) { $mfail = true; $addrarr = array(); for ($i = 0; $i < $count; $i++) { $addr = getparam('addr:' . $i, false); $nam = getparam('payname:' . $i, false); if (nuem($nam)) { $nam = ''; } $ratio = getparam('ratio:' . $i, false); if (!nuem($addr) && !nuem($ratio)) { $addrarr[] = array('addr' => $addr, 'payname' => $nam, 'ratio' => $ratio); } } $ans = userSettings($user, null, $addrarr, $pass, $twofa); if ($ans['STATUS'] != 'ok') { $err = $ans['ERROR']; } else { $ans = userSettings($user); if ($ans['STATUS'] != 'ok') { goto meh; } if (isset($ans['email'])) { $email = $ans['email']; } else { goto meh; } $emailinfo = getOpts($user, emailOptList()); if ($emailinfo['STATUS'] != 'ok') { goto meh; } else { payoutAddressChanged($email, zeip(), $emailinfo); } } $mfail = false; } } meh: if ($mfail == true) { if ($err != '') { $err .= '<br>'; } $err .= 'An error occurred, check your details below'; } $pg = addrmgtuser($data, $user, $err); return $pg; }
function admin() { global $ADMIN_CONF; global $loginpassword; global $specialchars; if (function_exists('gzopen') and getRequestValue('get_backup', 'post') == "true") { send_backup_zip(); } if (getRequestValue('chanceadmin', 'post') == "true") { echo set_admin_para(); exit; } elseif (getRequestValue('newpw', 'post') or getRequestValue('newname', 'post') or getRequestValue('newpwrepeat', 'post') or getRequestValue('newuserpw', 'post') or getRequestValue('newusername', 'post') or getRequestValue('newuserpwrepeat', 'post')) { if (false !== ($newname = getRequestValue('newname', 'post', false)) and false !== ($newpw = getRequestValue('newpw', 'post', false)) and false !== ($newpwrepeat = getRequestValue('newpwrepeat', 'post', false)) and $newname != "" and $newpw != "" and $newpwrepeat != "") { if (ROOT) { echo setPassword($newname, $newpw, $newpwrepeat, "root"); exit; } else { ajax_return("error", true, returnMessage(false, getLanguageValue("error_no_root")), true, true); } } elseif (false !== ($newusername = getRequestValue('newusername', 'post', false)) and false !== ($newuserpw = getRequestValue('newuserpw', 'post', false)) and false !== ($newuserpwrepeat = getRequestValue('newuserpwrepeat', 'post', false)) and $newusername != "" and $newuserpw != "" and $newuserpwrepeat != "") { echo setPassword($newusername, $newuserpw, $newuserpwrepeat, "user"); exit; } else { ajax_return("error", true, returnMessage(false, getLanguageValue("pw_error_missingvalues")), true, true); } } elseif (getRequestValue('deluser', 'post') == "true") { if (ROOT) { $user = $loginpassword->get("username"); $loginpassword->set("username", ""); $loginpassword->set("userpw", ""); ajax_return("success", true, returnMessage(true, '<b>' . $user . '</b> ' . getLanguageValue("admin_messages_del_user")), true, true); } else { ajax_return("error", true, returnMessage(false, getLanguageValue("error_no_root")), true, true); } } elseif (USE_CHMOD and getRequestValue('chmodupdate', 'post') == "true" and false !== ($chmodnewfilesatts = getRequestValue('chmodnewfilesatts', 'post')) and $chmodnewfilesatts != "") { if (!preg_match("/^[0-7]{3}\$/", $chmodnewfilesatts)) { ajax_return("error", true, returnMessage(false, getLanguageValue("admin_error_chmodnewfilesatts")), true, true); } if ($ADMIN_CONF->get('chmodnewfilesatts') != $chmodnewfilesatts) { $ADMIN_CONF->set('chmodnewfilesatts', $chmodnewfilesatts); } if (true !== ($error = setUserFilesChmod())) { ajax_return("error", true, $error, true, true); } ajax_return("success", true, returnMessage(false, getLanguageValue("admin_messages_chmod")), true, true); } $pagecontent = ""; $template = array(); $error = array(); $show = $ADMIN_CONF->get("admin"); if (!is_array($show)) { $show = array(); } $titel = "admin_button"; if (ROOT or in_array("language", $show)) { $count = 0; if (isset($template[$titel])) { $count = count($template[$titel]); } // Zeile "SPRACHAUSWAHL" $language_array = getDirAsArray(BASE_DIR_ADMIN . 'sprachen', "file", "natcasesort"); if (count($language_array) <= 0) { $error[$titel][$count] = getLanguageValue("admin_error_language_empty"); } elseif (!in_array("language_" . $ADMIN_CONF->get('language') . ".txt", $language_array)) { $error[$titel][$count] = getLanguageValue("admin_error_languagefile_error") . "<br />" . ADMIN_DIR_NAME . "/sprachen/language_" . $ADMIN_CONF->get('language') . ".txt"; } else { $error[$titel][$count] = false; } $admin_inhalt = '<div class="mo-select-div"><select name="language" class="mo-select js-language">'; foreach ($language_array as $element) { if (substr($element, 0, 9) == "language_") { $selected = NULL; $tmp_array = file(BASE_DIR_ADMIN . "sprachen/" . $element); $currentlanguage = NULL; foreach ($tmp_array as $line) { if (preg_match("/^#/", $line) || preg_match("/^\\s*\$/", $line)) { continue; } if (preg_match("/^([^=]*)=(.*)/", $line, $matches)) { if (trim($matches[1]) == "_translator") { $currentlanguage = trim($matches[2]); break; } } } if (substr($element, 9, 4) == $ADMIN_CONF->get("language")) { $selected = "selected "; } $admin_inhalt .= "<option " . $selected . "value=\"" . substr($element, 9, 4) . "\">" . substr($element, 9, 4) . " (" . getLanguageValue("admin_input_translator") . " " . $currentlanguage . ")</option>"; } } $admin_inhalt .= "</select></div>"; $template[$titel][] = array(getLanguageValue("admin_input_language"), $admin_inhalt); } // Zeile "ADMIN-MAIL" if (ROOT or in_array("adminmail", $show)) { if (function_exists("isMailAvailable")) { $template[$titel][] = array(getLanguageValue("admin_text_adminmail"), '<input type="text" class="mo-input-text" name="adminmail" value="' . $specialchars->rebuildSpecialChars($ADMIN_CONF->get("adminmail"), true, true) . '" />'); } } // Zeile "BACKUP-ERINNERUNG" if (ROOT or in_array("backupmsgintervall", $show)) { $template[$titel][] = array(getLanguageValue("admin_text_backup"), '<input type="text" class="mo-input-digit js-in-digit" name="backupmsgintervall" value="' . $ADMIN_CONF->get("backupmsgintervall") . '" />'); } // Zeile "Backup" if (ROOT or in_array("getbackup", $show)) { if (function_exists('gzopen')) { $cms_size = dirsize(BASE_DIR_ADMIN) + dirsize(BASE_DIR_CMS); if (false !== ($tmp_size = dirsize(BASE_DIR . "jquery/"))) { $cms_size += $tmp_size; } $cms_input = buildCheckBox("backup_include_cms", "true", getLanguageValue("admin_button_include_cms") . " (<span class=\"js-file-size\">" . convertFileSizeUnit($cms_size) . "</span>)") . '<br />'; $catpage_input = ""; if (false !== ($tmp_size = dirsize(CONTENT_DIR_REL))) { $catpage_input = buildCheckBox("backup_include_catpage", "false", getLanguageValue("admin_button_include_catpage") . " (<span class=\"js-file-size\">" . convertFileSizeUnit($tmp_size) . "</span>)") . '<br />'; } $gallery_input = ""; if (false !== ($tmp_size = dirsize(GALLERIES_DIR_REL))) { $gallery_input = buildCheckBox("backup_include_gallery", "false", getLanguageValue("admin_button_include_gallery") . " (<span class=\"js-file-size\">" . convertFileSizeUnit($tmp_size) . "</span>)") . '<br />'; } $layouts_input = ""; if (false !== ($tmp_size = dirsize(BASE_DIR . LAYOUT_DIR_NAME))) { $layouts_input = buildCheckBox("backup_include_layouts", "false", getLanguageValue("admin_button_include_layouts") . " (<span class=\"js-file-size\">" . convertFileSizeUnit($tmp_size) . "</span>)") . '<br />'; } $plugins_input = ""; if (false !== ($tmp_size = dirsize(BASE_DIR . PLUGIN_DIR_NAME))) { $plugins_input = buildCheckBox("backup_include_plugins", "false", getLanguageValue("admin_button_include_plugins") . " (<span class=\"js-file-size\">" . convertFileSizeUnit($tmp_size) . "</span>)") . '<br />'; } $docu_input = ""; if (false !== ($tmp_size = dirsize(BASE_DIR . "docu/"))) { $docu_input = buildCheckBox("backup_include_docu", "false", getLanguageValue("admin_button_include_docu") . " (<span class=\"js-file-size\">" . convertFileSizeUnit($tmp_size) . "</span>)") . '<br />'; } $template[$titel][] = array(getLanguageValue("admin_text_get_backup"), '<form action="index.php?action=' . ACTION . '" method="post">' . '<input type="hidden" name="get_backup" value="true" />' . $cms_input . $catpage_input . $gallery_input . $layouts_input . $plugins_input . $docu_input . '<div style="font-size:.4em;"> </div>' . '<input type="submit" name="admin_button_get_backup" value="' . getLanguageValue("admin_button_get_backup") . '" />' . '<span class="js-file-size-summe mo-padding-left">' . convertFileSizeUnit($cms_size) . '</span>' . '</form>'); } } // Zeile "SETZE DATEIRECHTE FÜR NEUE DATEIEN" if (ROOT or in_array("chmodnewfilesatts", $show)) { if (USE_CHMOD) { $template[$titel][] = array(getLanguageValue("admin_text_chmodnewfiles"), '<input type="text" class="mo-input-digit js-in-chmod" size="4" maxlength="3" name="chmodnewfilesatts" value="' . $ADMIN_CONF->get("chmodnewfilesatts") . '" /><br /><br />' . '<input type="button" name="chmodupdate" value="' . getLanguageValue("admin_input_chmodupdate") . '" />'); } } // Zeile "UPLOAD-FILTER" if (ROOT or in_array("noupload", $show)) { $template[$titel][] = array(getLanguageValue("admin_text_uploadfilter"), '<input type="text" class="mo-input-text" name="noupload" value="' . $specialchars->rebuildSpecialChars($ADMIN_CONF->get("noupload"), true, true) . '" />'); } global $loginpassword; if (ROOT) { $template[$titel][] = getLanguageValue("pw_text_login") . '<br /><br />' . getLanguageValue("pw_help") . '<table width="100%" cellspacing="0" border="0" cellpadding="0" class="">' . '<tr><td> </td><td class="mo-in-li-r">' . getLanguageValue("pw_titel_newname") . '</td><td class="mo-in-li-r">' . '<input type="text" class="js-in-pwroot mo-input-text" name="newname" value="' . $loginpassword->get("name") . '" />' . '</td></tr>' . '<tr><td> </td><td>' . getLanguageValue("pw_titel_newpw") . '</td><td>' . '<input type="password" class="js-in-pwroot mo-input-text" value="' . NULL . '" name="newpw" />' . '</td></tr>' . '<tr><td> </td><td>' . getLanguageValue("pw_titel_newpwrepeat") . '</td><td>' . '<input type="password" class="js-in-pwroot mo-input-text" value="" name="newpwrepeat" />' . '</td></tr>' . "</table>"; } if (ROOT or in_array("userpassword", $show)) { $deluser = NULL; $user_allowed_settings = NULL; if (ROOT) { $deluser = '******' . '<input type="button" name="deluser" value="' . getLanguageValue("admin_button_del_user") . '" />' . '<div style="font-size:.4em;"> </div>' . '</td></tr>'; $user_allowed_settings = '<br />' . '<div class="ui-helper-clearfix">' . '<div class="mo-in-li-l">' . getLanguageValue("admin_noroot_text") . '</div>' . '<div class="mo-in-li-r">' . userSettings("tabs") . '<div style="font-size:.4em;"> </div>' . userSettings("config") . '<div style="font-size:.4em;"> </div>' . userSettings("admin") . '<div style="font-size:.4em;"> </div>' . userSettings("plugins") . '<div style="font-size:.4em;"> </div>' . userSettings("template") . '</div>' . '</div>'; } $template[$titel][] = getLanguageValue("userpw_text_login") . '<br /><br />' . getLanguageValue("pw_help") . '<table width="100%" cellspacing="0" border="0" cellpadding="0" class="">' . $deluser . '<tr><td> </td><td class="mo-in-li-r">' . getLanguageValue("userpw_titel_newname") . '</td><td class="mo-in-li-r">' . '<input type="text" class="js-in-pwuser mo-input-text" name="newusername" value="' . $loginpassword->get("username") . '" />' . '</td></tr>' . '<tr><td> </td><td>' . getLanguageValue("userpw_titel_newpw") . '</td><td>' . '<input type="password" class="js-in-pwuser mo-input-text" value="' . NULL . '" name="newuserpw" />' . '</td></tr>' . '<tr><td> </td><td>' . getLanguageValue("userpw_titel_newpwrepeat") . '</td><td>' . '<input type="password" class="js-in-pwuser mo-input-text" value="" name="newuserpwrepeat" />' . '</td></tr>' . "</table>" . $user_allowed_settings; } $pagecontent .= contend_template($template, $error); return $pagecontent; }