function try_reg($info, $page, $menu, $name, $u) { $disallow = array('/kano/i', '/pool/i', '/kolivas/i'); $user = getparam('user', false); $mail = trim(getparam('mail', false)); $pass = getparam('pass', false); $pass2 = getparam('pass2', false); $data = array(); if (nuem($user)) { $data['user'] = ''; } else { $data['user'] = $user; } if (nuem($mail)) { $data['mail'] = ''; } else { $data['mail'] = $mail; } $ok = true; if (nuem($user) || nuem($mail) || nuem($pass) || nuem($pass2)) { $ok = false; } else { if (stripos($mail, 'hotmail') !== false) { $ok = false; $data['error'] = "hotmail not allowed"; } if (safepass($pass) !== true) { $ok = false; $data['error'] = "Password is unsafe"; } elseif ($pass2 != $pass) { $ok = false; $data['error'] = "Passwords don't match"; } $orig = $user; $user = loginStr($orig); if ($user != $orig) { $ok = false; $data['error'] = "Username cannot include '.', '_', '/' or Tab"; $data['user'] = $user; } } if ($ok === true) { foreach ($disallow as $patt) { if (preg_match($patt, $user) === 1) { $ok = false; $data['error'] = 'Disallowed username'; break; } } } if ($ok === true) { $ans = userReg($user, $mail, $pass); if ($ans['STATUS'] == 'ok') { gopage($info, $data, 'doreg2', $page, $menu, $name, $u, true, true, false); } else { $data['error'] = "Invalid username, password or email address"; } } gopage($info, $data, 'doregres', $page, $menu, $name, $u, true, true, false); }
function dbreset() { $user = $_SESSION['reset_user']; $hash = $_SESSION['reset_hash']; $email = $_SESSION['reset_email']; $pass = getparam('pass', true); $pass2 = getparam('pass2', true); $twofa = getparam('2fa', true); if (nuem($pass) || nuem($pass2)) { return allow_reset('Enter both passwords'); } if ($pass2 != $pass) { return allow_reset("Passwords don't match"); } if (safepass($pass) !== true) { return allow_reset('Password is unsafe'); } $ans = getAtts($user, 'KReset.str,KReset.dateexp'); if ($ans['STATUS'] != 'ok') { return resetfail(); } if (!isset($ans['KReset.dateexp']) || $ans['KReset.dateexp'] == 'Y') { return resetfail(); } if (!isset($ans['KReset.str']) || $ans['KReset.str'] != $hash) { return resetfail(); } $emailinfo = getOpts($user, emailOptList()); if ($emailinfo['STATUS'] != 'ok') { syserror(); } $ans = resetPass($user, $pass, $twofa); if ($ans['STATUS'] != 'ok') { return resetfail(); } unset($_SESSION['reset_user']); unset($_SESSION['reset_hash']); unset($_SESSION['reset_email']); $ans = expAtts($user, 'KReset'); $ok = passWasReset($email, zeip(), $emailinfo); return yok(); }
function dosettings($data, $user) { $err = ''; $chg = getparam('Change', false); $check = false; switch ($chg) { case 'EMail': $email = getparam('email', false); if (stripos($email, 'hotmail') !== false) { $err = 'hotmail not allowed'; } else { $pass = getparam('pass', false); $twofa = getparam('2fa', false); $ans = userSettings($user, $email, null, $pass, $twofa); $err = 'EMail changed'; $check = true; } break; case 'Address': if (!isset($data['info']['u_multiaddr'])) { $addr = getparam('baddr', false); $addrarr = array(array('addr' => $addr)); $pass = getparam('pass', false); $twofa = getparam('2fa', false); $ans = userSettings($user, null, $addrarr, $pass, $twofa); $err = 'Payout address changed'; $check = true; } break; case 'Password': $oldpass = getparam('oldpass', false); $pass1 = getparam('pass1', false); $pass2 = getparam('pass2', false); $twofa = getparam('2fa', false); if (!safepass($pass1)) { $err = 'Unsafe password. ' . passrequires(); } elseif ($pass1 != $pass2) { $err = "Passwords don't match"; } else { $ans = setPass($user, $oldpass, $pass1, $twofa); $err = 'Password changed'; $check = true; } break; } $doemail = false; if ($check === true) { if ($ans['STATUS'] != 'ok') { $err = $ans['STATUS']; if ($ans['ERROR'] != '') { $err .= ': ' . $ans['ERROR']; } } else { $doemail = true; } } $ans = userSettings($user); if ($ans['STATUS'] != 'ok') { dbdown(); } // Should be no other reason? if (isset($ans['email'])) { $email = $ans['email']; } else { $email = ''; } // Use the first one - updating will expire all others if (isset($ans['rows']) and $ans['rows'] > 0) { $addr = $ans['addr:0']; } else { $addr = ''; } if ($doemail) { if ($email == '') { if ($err != '') { $err .= '<br>'; } $err .= 'An error occurred, check your details below'; goto iroiroattanoyo; } $emailinfo = getOpts($user, emailOptList()); if ($emailinfo['STATUS'] != 'ok') { if ($err != '') { $err .= '<br>'; } $err .= 'An error occurred, check your details below'; goto iroiroattanoyo; } switch ($chg) { case 'EMail': if (isset($_SESSION['old_set_email'])) { $old = $_SESSION['old_set_email']; } else { $old = null; } emailAddressChanged($email, zeip(), $emailinfo, $old); break; case 'Address': payoutAddressChanged($email, zeip(), $emailinfo); break; case 'Password': passChanged($email, zeip(), $emailinfo); break; } } iroiroattanoyo: $pg = settings($data, $user, $email, $addr, $err); return $pg; }