function douserset($data, $user)
{
$err = '';
$chg = getparam('Change', false);
$api = false;
switch ($chg) {
case 'API Key':
$ans = getAtts($user, 'KAPIKey.str,KAPIKey.dateexp');
if ($ans['STATUS'] != 'ok') {
dbdown();
}
// Should be no other reason?
if (isset($ans['KAPIKey.dateexp']) && $ans['KAPIKey.dateexp'] == 'N') {
$err = 'You can only change it once a day';
if (isset($ans['KAPIKey.str'])) {
$api = $ans['KAPIKey.str'];
}
} else {
$ran = $ans['STAMP'] . $user . rand(100000000, 999999999);
$api = hash('md4', $ran);
$day = 60 * 60 * 24;
$ans = setAtts($user, array('ua_KAPIKey.str' => $api, 'ua_KAPIKey.date' => "now+{$day}"));
if ($ans['STATUS'] != 'ok') {
syserror();
}
}
break;
}
if ($api === false) {
$ans = getAtts($user, 'KAPIKey.str');
if ($ans['STATUS'] != 'ok') {
dbdown();
}
// Should be no other reason?
if (isset($ans['KAPIKey.str'])) {
$api = $ans['KAPIKey.str'];
}
}
$pg = uset($data, $user, $api, $err);
return $pg;
}
function show_api($info, $page, $menu, $name, $user)
{
global $fld_sep;
$u = getparam('username', true);
if (nutem($u)) {
no_api();
}
$api = getparam('api', true);
if (nutem($api)) {
no_api();
}
$jfu = getparam('json', true);
$work = getparam('work', true);
$ans = getAtts($u, 'KAPIKey.str');
if ($ans['STATUS'] != 'ok') {
no_api($jfu);
}
if (!isset($ans['KAPIKey.str'])) {
no_api($jfu);
}
if ($ans['KAPIKey.str'] != $api) {
no_api($jfu);
}
if (nuem($work)) {
$info = homeInfo($u);
if ($info === false) {
no_api($jfu);
}
$rep = fldEncode($info, 'STAMP', true);
$rep .= fldEncode($info, 'lastbc', false);
$rep .= fldEncode($info, 'lastheight', false);
$rep .= fldEncode($info, 'currndiff', false);
$rep .= fldEncode($info, 'lastblock', false);
$rep .= fldEncode($info, 'lastblockheight', false);
$rep .= fldEncode($info, 'blockacc', false);
$rep .= fldEncode($info, 'blockerr', false);
$rep .= fldEncode($info, 'p_hashrate5m', false);
$rep .= fldEncode($info, 'p_hashrate1hr', false);
$rep .= fldEncode($info, 'u_hashrate5m', false);
$rep .= fldEncode($info, 'u_hashrate1hr', false);
} else {
$info = homeInfo($u);
if ($info === false) {
no_api($jfu);
}
$per = false;
if (is_array($info) && isset($info['u_multiaddr'])) {
$percent = getparam('percent', true);
if (!nuem($percent)) {
$per = true;
}
}
if ($per === true) {
$ans = getPercents($u);
} else {
$ans = getWorkers($u);
}
if ($ans === false) {
no_api($jfu);
}
$rep = fldEncode($ans, 'STAMP', true);
$rep .= fldEncode($ans, 'rows', false);
$rows = $ans['rows'];
$flds = explode(',', $ans['flds']);
$zeflds = '';
for ($i = 0; $i < $rows; $i++) {
foreach ($flds as $fld) {
if (substr($fld, 0, 7) != 'idlenot') {
$rep .= fldEncode($ans, $fld . ':' . $i, false);
if ($i == 0) {
$zeflds .= "{$fld},";
}
}
}
}
$rep .= fldEncode($ans, 'arn', false);
$rep .= fldEncode($ans, 'arp', false);
$rep .= fldEncode(array(), 'flds', false);
$rep .= substr($zeflds, 0, -1);
}
if (nuem($jfu)) {
echo $rep;
} else {
$j = preg_replace("/([^=]+)=([^{$fld_sep}]*){$fld_sep}/", '"$1":"$2",', $rep . $fld_sep);
echo '{' . substr($j, 0, -1) . '}';
}
exit(0);
}
function doreset($data, $u)
{
// Slow this right down
usleep(500000);
if (isset($_SESSION['reset_user']) && isset($_SESSION['reset_hash']) && isset($_SESSION['reset_email'])) {
return dbreset();
}
$code = getparam('code', true);
if (nuem($code)) {
return resetfail();
}
$codes = explode('_', $code, 2);
if (sizeof($codes) != 2) {
return resetfail();
}
$userhex = $codes[0];
if (strlen($userhex) == 0 || strlen($userhex) % 2) {
return resetfail();
}
$user = loginStr(pack("H*", $userhex));
$hash = preg_replace('/[^A-Fa-f0-9]/', '', $codes[1]);
if (!nuem($user) && !nuem($hash)) {
$ans = getAtts($user, 'KReset.str,KReset.dateexp');
if ($ans['STATUS'] != 'ok') {
return resetfail();
}
if (!isset($ans['KReset.dateexp']) || $ans['KReset.dateexp'] == 'Y') {
return resetfail();
}
if (!isset($ans['KReset.str']) || $ans['KReset.str'] != $hash) {
return resetfail();
}
$ans = userSettings($user);
if ($ans['STATUS'] != 'ok') {
return resetfail();
}
if (!isset($ans['email'])) {
return resetfail();
}
$email = $ans['email'];
$_SESSION['reset_user'] = $user;
$_SESSION['reset_hash'] = $hash;
$_SESSION['reset_email'] = $email;
return allow_reset(null);
}
return resetfail();
}
function doreset2($data)
{
$user = $data['data']['user'];
$email = $data['data']['email'];
$emailinfo = getOpts($user, emailOptList());
if ($emailinfo['STATUS'] != 'ok') {
syserror();
}
$ans = getAtts($user, 'KLastReset.dateexp');
if ($ans['STATUS'] != 'ok') {
syserror();
}
// If the last attempt hasn't expired don't do anything but show a fake msg
if (!isset($ans['KLastReset.dateexp']) || $ans['KLastReset.dateexp'] == 'Y') {
// This line $code = isn't an attempt at security -
// it's simply to ensure the username is readable when we get it back
$code = bin2hex($data['data']['user']) . '_';
// A code that's large enough to not be worth guessing
$ran = $ans['STAMP'] . $user . $email . rand(100000000, 999999999);
$hash = hash('md4', $ran);
$ans = setAtts($user, array('ua_KReset.str' => $hash, 'ua_KReset.date' => 'now+3600', 'ua_LastReset.date' => 'now+3600'));
if ($ans['STATUS'] != 'ok') {
syserror();
}
$ok = passReset($email, $code . $hash, zeip(), $emailinfo);
if ($ok === false) {
syserror();
}
}
$pg = '<h1>Reset Sent</h1>';
$pg .= '<br>An Email has been sent that will allow you to';
$pg .= '<br>reset your password.';
$pg .= '<br>If you got your username or email address wrong,';
$pg .= '<br>you wont get the email.';
return $pg;
}