Exemplo n.º 1
0
function requestRecommendation($user_id, $author, $email, $message)
{
    if (!checkLock("peer")) {
        return 6;
    }
    $config = $GLOBALS['config'];
    $user_id = escape($user_id);
    $author = escape($author);
    $email = escape($email);
    if (!validEmail($email)) {
        return 1;
    }
    if (strlen($author) <= 3) {
        return 2;
    }
    //make sure there aren't too many recommendations already
    $result = mysql_query("SELECT COUNT(*) FROM recommendations WHERE user_id = '{$user_id}'");
    $row = mysql_fetch_row($result);
    if ($row[0] >= $config['max_recommend']) {
        return 4;
        //too many recommendations
    }
    //ensure this email hasn't been asked with this user already
    $result = mysql_query("SELECT COUNT(*) FROM recommendations WHERE user_id = '{$user_id}' AND email = '{$email}'");
    $row = mysql_fetch_row($result);
    if ($row[0] > 0) {
        return 5;
        //email address already asked
    }
    lockAction("peer");
    //first create an instance
    $instance_id = customCreate(customGetCategory('recommend', true), $user_id);
    //insert into recommendations table
    $auth = escape(uid(64));
    mysql_query("INSERT INTO recommendations (user_id, instance_id, author, email, auth, status, filename) VALUES ('{$user_id}', '{$instance_id}', '{$author}', '{$email}', '{$auth}', '0', '')");
    $recommend_id = mysql_insert_id();
    $userinfo = getUserInformation($user_id);
    //array (username, email address, name)
    //send email now
    $content = page_db("request_recommendation");
    $content = str_replace('$USERNAME$', $userinfo[0], $content);
    $content = str_replace('$USEREMAIL$', $userinfo[1], $content);
    $content = str_replace('$NAME$', $userinfo[2], $content);
    $content = str_replace('$AUTHOR$', $author, $content);
    $content = str_replace('$EMAIL$', $email, $content);
    $content = str_replace('$MESSAGE$', page_convert($message), $content);
    $content = str_replace('$AUTH$', $auth, $content);
    $content = str_replace('$SUBMIT_ADDRESS$', $config['site_address'] . "/recommend.php?id={$recommend_id}&user_id={$user_id}&auth={$auth}", $content);
    $result = one_mail("Recommendation request", $content, $email);
    if ($result) {
        return 0;
    } else {
        return 3;
    }
}
Exemplo n.º 2
0
function confirmPGP($email, $confirm)
{
    require_once includePath() . "/lock.php";
    if (!lockAction('confirmpgp')) {
        return false;
    }
    $result = databaseQuery("SELECT id FROM gpgmw_keys WHERE confirm = ? AND email = ?", array($confirm, $email));
    if ($row = $result->fetch()) {
        databaseQuery("UPDATE gpgmw_keys SET confirm = '' WHERE id = ?", array($row[0]));
        return true;
    }
    return false;
}
Exemplo n.º 3
0
function resetCheck($username, $email, $user_id, $auth)
{
    if (!lockAction('reset_check')) {
        return 3;
    }
    if ($auth == '') {
        //requesting username will result in blank auth, make sure they aren't abusing that
        return false;
    }
    $config = $GLOBALS['config'];
    $username = escape($username);
    $email = escape($email);
    $user_id = escape($user_id);
    //find user id
    $result = mysql_query("SELECT id FROM users WHERE username='******' AND email='{$email}'");
    if ($row = mysql_fetch_array($result)) {
        if ($user_id != $row[0]) {
            //make sure found user id matches with parameter
            return false;
        }
    } else {
        return false;
    }
    //confirm auth match; make sure it hasn't expired too
    $minTime = time() - $config['reset_time'];
    $result = mysql_query("SELECT auth FROM reset WHERE user_id='{$user_id}' AND time > '{$minTime}' AND auth != ''");
    if ($row = mysql_fetch_array($result)) {
        if ($row[0] == $auth) {
            return true;
        } else {
            return false;
        }
    } else {
        return false;
    }
}
Exemplo n.º 4
0
function authChangePassword($user_id, $old_password, $new_password)
{
    global $config, $db;
    if (!checkLock("checkuser")) {
        return "Too many failed attempts. Please try again later.";
    }
    if (strlen($new_password) < 6) {
        return "The new password is too short. Please use at least six characters.";
    }
    if ($old_password == $new_password) {
        return "The old and new passwords are identical.";
    }
    if (!authCheckPassword($user_id, $old_password, "id")) {
        lockAction("checkuser");
        return "The password you entered is not correct.";
    }
    $user_id = escape($user_id);
    require_once includePath() . "/pbkdf2.php";
    $new_password = escape("*pbkdf2*" . pbkdf2_create_hash($new_password));
    $db->query("UPDATE accounts SET password = '******' WHERE id = '{$user_id}'");
    return true;
}
Exemplo n.º 5
0
function verifyLogin($user_id, $password)
{
    if (!checkLock("checkuser")) {
        return -2;
    }
    $user_id = escape($user_id);
    //decrypt the password if needed
    require_once includePath() . "/crypto.php";
    $password = decryptPassword($password);
    $result = mysql_query("SELECT password, salt FROM users WHERE id='" . $user_id . "'");
    if ($row = mysql_fetch_array($result)) {
        if (chash2($password, hex2bin($row['salt'])) == $row['password']) {
            return true;
        } else {
            lockAction("checkuser");
            return -1;
        }
    } else {
        lockAction("checkuser");
        return -1;
    }
}