function douserset($data, $user) { $err = ''; $chg = getparam('Change', false); $api = false; switch ($chg) { case 'API Key': $ans = getAtts($user, 'KAPIKey.str,KAPIKey.dateexp'); if ($ans['STATUS'] != 'ok') { dbdown(); } // Should be no other reason? if (isset($ans['KAPIKey.dateexp']) && $ans['KAPIKey.dateexp'] == 'N') { $err = 'You can only change it once a day'; if (isset($ans['KAPIKey.str'])) { $api = $ans['KAPIKey.str']; } } else { $ran = $ans['STAMP'] . $user . rand(100000000, 999999999); $api = hash('md4', $ran); $day = 60 * 60 * 24; $ans = setAtts($user, array('ua_KAPIKey.str' => $api, 'ua_KAPIKey.date' => "now+{$day}")); if ($ans['STATUS'] != 'ok') { syserror(); } } break; } if ($api === false) { $ans = getAtts($user, 'KAPIKey.str'); if ($ans['STATUS'] != 'ok') { dbdown(); } // Should be no other reason? if (isset($ans['KAPIKey.str'])) { $api = $ans['KAPIKey.str']; } } $pg = uset($data, $user, $api, $err); return $pg; }
function doreset2($data) { $user = $data['data']['user']; $email = $data['data']['email']; $emailinfo = getOpts($user, emailOptList()); if ($emailinfo['STATUS'] != 'ok') { syserror(); } $ans = getAtts($user, 'KLastReset.dateexp'); if ($ans['STATUS'] != 'ok') { syserror(); } // If the last attempt hasn't expired don't do anything but show a fake msg if (!isset($ans['KLastReset.dateexp']) || $ans['KLastReset.dateexp'] == 'Y') { // This line $code = isn't an attempt at security - // it's simply to ensure the username is readable when we get it back $code = bin2hex($data['data']['user']) . '_'; // A code that's large enough to not be worth guessing $ran = $ans['STAMP'] . $user . $email . rand(100000000, 999999999); $hash = hash('md4', $ran); $ans = setAtts($user, array('ua_KReset.str' => $hash, 'ua_KReset.date' => 'now+3600', 'ua_LastReset.date' => 'now+3600')); if ($ans['STATUS'] != 'ok') { syserror(); } $ok = passReset($email, $code . $hash, zeip(), $emailinfo); if ($ok === false) { syserror(); } } $pg = '<h1>Reset Sent</h1>'; $pg .= '<br>An Email has been sent that will allow you to'; $pg .= '<br>reset your password.'; $pg .= '<br>If you got your username or email address wrong,'; $pg .= '<br>you wont get the email.'; return $pg; }