function requestRecommendation($user_id, $author, $email, $message) { if (!checkLock("peer")) { return 6; } $config = $GLOBALS['config']; $user_id = escape($user_id); $author = escape($author); $email = escape($email); if (!validEmail($email)) { return 1; } if (strlen($author) <= 3) { return 2; } //make sure there aren't too many recommendations already $result = mysql_query("SELECT COUNT(*) FROM recommendations WHERE user_id = '{$user_id}'"); $row = mysql_fetch_row($result); if ($row[0] >= $config['max_recommend']) { return 4; //too many recommendations } //ensure this email hasn't been asked with this user already $result = mysql_query("SELECT COUNT(*) FROM recommendations WHERE user_id = '{$user_id}' AND email = '{$email}'"); $row = mysql_fetch_row($result); if ($row[0] > 0) { return 5; //email address already asked } lockAction("peer"); //first create an instance $instance_id = customCreate(customGetCategory('recommend', true), $user_id); //insert into recommendations table $auth = escape(uid(64)); mysql_query("INSERT INTO recommendations (user_id, instance_id, author, email, auth, status, filename) VALUES ('{$user_id}', '{$instance_id}', '{$author}', '{$email}', '{$auth}', '0', '')"); $recommend_id = mysql_insert_id(); $userinfo = getUserInformation($user_id); //array (username, email address, name) //send email now $content = page_db("request_recommendation"); $content = str_replace('$USERNAME$', $userinfo[0], $content); $content = str_replace('$USEREMAIL$', $userinfo[1], $content); $content = str_replace('$NAME$', $userinfo[2], $content); $content = str_replace('$AUTHOR$', $author, $content); $content = str_replace('$EMAIL$', $email, $content); $content = str_replace('$MESSAGE$', page_convert($message), $content); $content = str_replace('$AUTH$', $auth, $content); $content = str_replace('$SUBMIT_ADDRESS$', $config['site_address'] . "/recommend.php?id={$recommend_id}&user_id={$user_id}&auth={$auth}", $content); $result = one_mail("Recommendation request", $content, $email); if ($result) { return 0; } else { return 3; } }
function confirmPGP($email, $confirm) { require_once includePath() . "/lock.php"; if (!lockAction('confirmpgp')) { return false; } $result = databaseQuery("SELECT id FROM gpgmw_keys WHERE confirm = ? AND email = ?", array($confirm, $email)); if ($row = $result->fetch()) { databaseQuery("UPDATE gpgmw_keys SET confirm = '' WHERE id = ?", array($row[0])); return true; } return false; }
function resetCheck($username, $email, $user_id, $auth) { if (!lockAction('reset_check')) { return 3; } if ($auth == '') { //requesting username will result in blank auth, make sure they aren't abusing that return false; } $config = $GLOBALS['config']; $username = escape($username); $email = escape($email); $user_id = escape($user_id); //find user id $result = mysql_query("SELECT id FROM users WHERE username='******' AND email='{$email}'"); if ($row = mysql_fetch_array($result)) { if ($user_id != $row[0]) { //make sure found user id matches with parameter return false; } } else { return false; } //confirm auth match; make sure it hasn't expired too $minTime = time() - $config['reset_time']; $result = mysql_query("SELECT auth FROM reset WHERE user_id='{$user_id}' AND time > '{$minTime}' AND auth != ''"); if ($row = mysql_fetch_array($result)) { if ($row[0] == $auth) { return true; } else { return false; } } else { return false; } }
function authChangePassword($user_id, $old_password, $new_password) { global $config, $db; if (!checkLock("checkuser")) { return "Too many failed attempts. Please try again later."; } if (strlen($new_password) < 6) { return "The new password is too short. Please use at least six characters."; } if ($old_password == $new_password) { return "The old and new passwords are identical."; } if (!authCheckPassword($user_id, $old_password, "id")) { lockAction("checkuser"); return "The password you entered is not correct."; } $user_id = escape($user_id); require_once includePath() . "/pbkdf2.php"; $new_password = escape("*pbkdf2*" . pbkdf2_create_hash($new_password)); $db->query("UPDATE accounts SET password = '******' WHERE id = '{$user_id}'"); return true; }
function verifyLogin($user_id, $password) { if (!checkLock("checkuser")) { return -2; } $user_id = escape($user_id); //decrypt the password if needed require_once includePath() . "/crypto.php"; $password = decryptPassword($password); $result = mysql_query("SELECT password, salt FROM users WHERE id='" . $user_id . "'"); if ($row = mysql_fetch_array($result)) { if (chash2($password, hex2bin($row['salt'])) == $row['password']) { return true; } else { lockAction("checkuser"); return -1; } } else { lockAction("checkuser"); return -1; } }