function requestRecommendation($user_id, $author, $email, $message)
{
if (!checkLock("peer")) {
return 6;
}
$config = $GLOBALS['config'];
$user_id = escape($user_id);
$author = escape($author);
$email = escape($email);
if (!validEmail($email)) {
return 1;
}
if (strlen($author) <= 3) {
return 2;
}
//make sure there aren't too many recommendations already
$result = mysql_query("SELECT COUNT(*) FROM recommendations WHERE user_id = '{$user_id}'");
$row = mysql_fetch_row($result);
if ($row[0] >= $config['max_recommend']) {
return 4;
//too many recommendations
}
//ensure this email hasn't been asked with this user already
$result = mysql_query("SELECT COUNT(*) FROM recommendations WHERE user_id = '{$user_id}' AND email = '{$email}'");
$row = mysql_fetch_row($result);
if ($row[0] > 0) {
return 5;
//email address already asked
}
lockAction("peer");
//first create an instance
$instance_id = customCreate(customGetCategory('recommend', true), $user_id);
//insert into recommendations table
$auth = escape(uid(64));
mysql_query("INSERT INTO recommendations (user_id, instance_id, author, email, auth, status, filename) VALUES ('{$user_id}', '{$instance_id}', '{$author}', '{$email}', '{$auth}', '0', '')");
$recommend_id = mysql_insert_id();
$userinfo = getUserInformation($user_id);
//array (username, email address, name)
//send email now
$content = page_db("request_recommendation");
$content = str_replace('$USERNAME$', $userinfo[0], $content);
$content = str_replace('$USEREMAIL$', $userinfo[1], $content);
$content = str_replace('$NAME$', $userinfo[2], $content);
$content = str_replace('$AUTHOR$', $author, $content);
$content = str_replace('$EMAIL$', $email, $content);
$content = str_replace('$MESSAGE$', page_convert($message), $content);
$content = str_replace('$AUTH$', $auth, $content);
$content = str_replace('$SUBMIT_ADDRESS$', $config['site_address'] . "/recommend.php?id={$recommend_id}&user_id={$user_id}&auth={$auth}", $content);
$result = one_mail("Recommendation request", $content, $email);
if ($result) {
return 0;
} else {
return 3;
}
}
function confirmPGP($email, $confirm)
{
require_once includePath() . "/lock.php";
if (!lockAction('confirmpgp')) {
return false;
}
$result = databaseQuery("SELECT id FROM gpgmw_keys WHERE confirm = ? AND email = ?", array($confirm, $email));
if ($row = $result->fetch()) {
databaseQuery("UPDATE gpgmw_keys SET confirm = '' WHERE id = ?", array($row[0]));
return true;
}
return false;
}
function resetCheck($username, $email, $user_id, $auth)
{
if (!lockAction('reset_check')) {
return 3;
}
if ($auth == '') {
//requesting username will result in blank auth, make sure they aren't abusing that
return false;
}
$config = $GLOBALS['config'];
$username = escape($username);
$email = escape($email);
$user_id = escape($user_id);
//find user id
$result = mysql_query("SELECT id FROM users WHERE username='******' AND email='{$email}'");
if ($row = mysql_fetch_array($result)) {
if ($user_id != $row[0]) {
//make sure found user id matches with parameter
return false;
}
} else {
return false;
}
//confirm auth match; make sure it hasn't expired too
$minTime = time() - $config['reset_time'];
$result = mysql_query("SELECT auth FROM reset WHERE user_id='{$user_id}' AND time > '{$minTime}' AND auth != ''");
if ($row = mysql_fetch_array($result)) {
if ($row[0] == $auth) {
return true;
} else {
return false;
}
} else {
return false;
}
}
function authChangePassword($user_id, $old_password, $new_password)
{
global $config, $db;
if (!checkLock("checkuser")) {
return "Too many failed attempts. Please try again later.";
}
if (strlen($new_password) < 6) {
return "The new password is too short. Please use at least six characters.";
}
if ($old_password == $new_password) {
return "The old and new passwords are identical.";
}
if (!authCheckPassword($user_id, $old_password, "id")) {
lockAction("checkuser");
return "The password you entered is not correct.";
}
$user_id = escape($user_id);
require_once includePath() . "/pbkdf2.php";
$new_password = escape("*pbkdf2*" . pbkdf2_create_hash($new_password));
$db->query("UPDATE accounts SET password = '******' WHERE id = '{$user_id}'");
return true;
}
function verifyLogin($user_id, $password)
{
if (!checkLock("checkuser")) {
return -2;
}
$user_id = escape($user_id);
//decrypt the password if needed
require_once includePath() . "/crypto.php";
$password = decryptPassword($password);
$result = mysql_query("SELECT password, salt FROM users WHERE id='" . $user_id . "'");
if ($row = mysql_fetch_array($result)) {
if (chash2($password, hex2bin($row['salt'])) == $row['password']) {
return true;
} else {
lockAction("checkuser");
return -1;
}
} else {
lockAction("checkuser");
return -1;
}
}
