$user_page = ""; $a = explode(".", $http_host); if (count($a) == 2) { if ($http_host != $server_name) { header("Location: {$protocol}://{$server_name}{$request_uri}"); die; } } else { if (count($a) == 3) { if ($a[1] . "." . $a[2] != $server_name) { header("Location: {$protocol}://" . $a[0] . ".{$server_name}{$request_uri}"); die; } if ($a[0] == "www") { header("Location: {$protocol}://{$server_name}{$request_uri}"); die; } $user_page = strtolower($a[0]); if (!string_uses($user_page, "[a-z][0-9]")) { die("invalid user page [{$user_page}]"); } if (!is_local_user("{$user_page}@{$server_name}")) { die("user not found [{$user_page}]"); } } } if ($user_page != "") { $zid = "{$user_page}@{$server_name}"; $user_conf = db_get_conf("user_conf", $zid); } check_auth();
} $salt = crypt_sha256(rand()); $password = crypt_sha256("{$password_1}{$salt}"); $user_conf["password"] = $password; $user_conf["salt"] = $salt; db_set_conf("user_conf", $user_conf, $zid); db_del_rec("email_challenge", $verify); print_header("Password Reset"); writeln('<h1>Password Reset</h1>'); writeln('<p>Don\'t forget it this time!</p>'); print_footer(); die; } $username = http_post_string("username", array("len" => 20, "valid" => "[a-z][A-Z][0-9]")); $zid = strtolower($username) . "@{$site_name}"; if (!is_local_user($zid)) { die("no such user [{$zid}]"); } $user_conf = db_get_conf("user_conf", $zid); $hash = crypt_sha256(rand()); if (db_has_rec("email_challenge", array("username" => $username))) { db_del_rec("email_challenge", array("username" => $username)); } $email_challenge = array(); $email_challenge["challenge"] = $hash; $email_challenge["username"] = $username; $email_challenge["email"] = $user["email"]; $email_challenge["expires"] = time() + 86400 * 3; db_set_rec("email_challenge", $email_challenge); $subject = "Forgot Password"; $body = "Did you forget your password for \"{$username}\" on {$server_name}?\n";
function send_web_mail($to, $subject, $body, $in_reply_to = "", $sent = true) { global $auth_zid; global $auth_user; global $server_name; global $server_title; if ($auth_user["real_name"] == "") { $from = "<{$auth_zid}>"; } else { $from = $auth_user["real_name"] . " <{$auth_zid}>"; } if (!$sent) { $from = "{$server_title} <no-reply@{$server_name}>"; } $time = time(); $message_id = generate_message_id(); $header = "From: {$from}\r\n"; $header .= "To: {$to}\r\n"; $header .= "Date: " . date("r", $time) . "\r\n"; $header .= "Subject: {$subject}\r\n"; if ($in_reply_to != "") { $header .= "In-Reply-To: {$in_reply_to}\r\n"; } $header .= "Message-ID: <{$message_id}>\r\n"; $header .= "Reply-To: {$from}\r\n"; $body = "{$header}\r\n{$body}"; $a = parse_mail_address($to); if ($a["domain"] == $server_name) { if (is_local_user($a["email"])) { $mail = array(); $mail["mail_id"] = 0; $mail["body"] = $body; $mail["in_reply_to"] = $in_reply_to; $mail["location"] = "Inbox"; $mail["mail_from"] = $from; $mail["message_id"] = $message_id; $mail["received_time"] = $time; $mail["rcpt_to"] = $to; $mail["reply_to"] = $from; $mail["size"] = strlen($body); $mail["subject"] = $subject; $mail["zid"] = $a["email"]; db_set_rec("mail", $mail); if ($sent) { $mail["location"] = "Sent"; $mail["zid"] = $auth_zid; db_set_rec("mail", $mail); } } } }
die("username is reserved [{$username}]"); } if ($mail_1 != $mail_2) { die("email addresses do not match [{$mail_1}] [{$mail_2}]"); } $a = explode("@", $mail_1); if (count($a) != 2) { die("invalid email address [{$mail_1}]"); } if (strlen($a[0]) == 0) { die("invalid username in email address [{$mail_1}]"); } if (strlen($a[1]) < 3 || !string_has($a[1], ".")) { die("invalid domain in email address [{$mail_1}]"); } if (is_local_user("{$luser}@{$server_name}")) { die("username already exists [{$username}]"); } if (!captcha_verify($answer)) { die("captcha failed"); } print_header("Email Sent"); writeln('<h1>Email Sent</h1>'); writeln('<p>Please visit the link in the email within 3 days to activate your account.</p>'); print_footer(); $ip = $_SERVER["REMOTE_ADDR"]; $hash = crypt_sha256(rand()); $email_challenge = array(); $email_challenge["challenge"] = $hash; $email_challenge["username"] = $username; $email_challenge["email"] = $mail_1;