From 44f7141fe8f37f85a13533b48f2cf753c10abf4d Mon Sep 17 00:00:00 2001 From: kanoi Date: Wed, 29 Jul 2015 20:16:52 +1000 Subject: [PATCH] php - 2fa password input (but not yet available) --- pool/base.php | 12 +++++++----- pool/db.php | 31 ++++++++++++++++--------------- pool/page.php | 15 ++++----------- pool/page_reg.php | 40 +++++++++++++++++++++++++++++++--------- pool/page_reset.php | 7 +++++-- pool/page_settings.php | 16 +++++++++++----- pool/prime.php | 2 +- 7 files changed, 75 insertions(+), 48 deletions(-) diff --git a/pool/base.php b/pool/base.php index 496ded31..e388a538 100644 --- a/pool/base.php +++ b/pool/base.php @@ -323,12 +323,12 @@ session_start(); # include_once('db.php'); # -function validUserPass($user, $pass) +function validUserPass($user, $pass, $twofa) { - $rep = checkPass($user, $pass); + $rep = checkPass($user, $pass, $twofa); if ($rep != null) $ans = repDecode($rep); - usleep(100000); // Max 10x per second + usleep(500000); // Max twice per second if ($rep != null && $ans['STATUS'] == 'ok') { $key = 'ckp'.rand(1000000,9999999); @@ -352,7 +352,7 @@ function logout() } } # -function requestRegister() +function requestLoginRegReset() { $reg = getparam('Register', true); $reg2 = getparam('Reset', false); @@ -397,7 +397,9 @@ function tryLogInOut() return; } - $valid = validUserPass($user, $pass); + $twofa = getparam('2fa', false); + + $valid = validUserPass($user, $pass, $twofa); if (!$valid) $loginfailed = true; } diff --git a/pool/db.php b/pool/db.php index 39e9f577..7d87beee 100644 --- a/pool/db.php +++ b/pool/db.php @@ -166,23 +166,18 @@ function homeInfo($user) if ($rep === false) $ans = false; else - { $ans = repDecode($rep); -// if ($ans['lastblock'] == '?') -// { -// $ans['lastblock'] = 1401237522; -// $ans['lastblock'] = 1403819191; -// $ans['lastblock'] = 1407113822; -// } - } return $ans; } # -function checkPass($user, $pass) +function checkPass($user, $pass, $twofa) { $passhash = myhash($pass); - $flds = array('username' => $user, 'passwordhash' => $passhash); + if ($twofa === null) + $twofa = ''; + $flds = array('username' => $user, 'passwordhash' => $passhash, + '2fa' => $twofa); $msg = msgEncode('chkpass', 'chkpass', $flds, $user); $rep = sendsockreply('checkPass', $msg); if (!$rep) @@ -190,11 +185,14 @@ function checkPass($user, $pass) return $rep; } # -function setPass($user, $oldpass, $newpass) +function setPass($user, $oldpass, $newpass, $twofa) { $oldhash = myhash($oldpass); $newhash = myhash($newpass); - $flds = array('username' => $user, 'oldhash' => $oldhash, 'newhash' => $newhash); + if ($twofa === null) + $twofa = ''; + $flds = array('username' => $user, 'oldhash' => $oldhash, + 'newhash' => $newhash, '2fa' => $twofa); $msg = msgEncode('newpass', 'newpass', $flds, $user); $rep = sendsockreply('setPass', $msg); if (!$rep) @@ -202,10 +200,12 @@ function setPass($user, $oldpass, $newpass) return repDecode($rep); } # -function resetPass($user, $newpass) +function resetPass($user, $newpass, $twofa) { $newhash = myhash($newpass); - $flds = array('username' => $user, 'newhash' => $newhash); + if ($twofa === null) + $twofa = ''; + $flds = array('username' => $user, 'newhash' => $newhash, '2fa' => $twofa); $msg = msgEncode('newpass', 'newpass', $flds, $user); $rep = sendsockreply('resetPass', $msg); if (!$rep) @@ -216,7 +216,8 @@ function resetPass($user, $newpass) function userReg($user, $email, $pass) { $passhash = myhash($pass); - $flds = array('username' => $user, 'emailaddress' => $email, 'passwordhash' => $passhash); + $flds = array('username' => $user, 'emailaddress' => $email, + 'passwordhash' => $passhash); $msg = msgEncode('adduser', 'reg', $flds, $user); $rep = sendsockreply('userReg', $msg); if (!$rep) diff --git a/pool/page.php b/pool/page.php index 58edbc07..3b9780ad 100644 --- a/pool/page.php +++ b/pool/page.php @@ -409,17 +409,10 @@ function pgtop($info, $dotop, $user, $douser) list($who, $whoid) = validate(); if ($who == false) { - $top .= makeForm('')." -
- - - - -
User:
Pass:
 - - -
 
  
-
"; + $top .= ' - + - + - +If you enter the details correctly,
+an Email will be sent to you to let you reset your password
'; + $top .= '

"; + $pg .= makeForm(''); + $pg .= " + + + + + + + + + + +
Username:
Password:
*2nd Authentication:
* + Leave blank if you haven't enabled it
 
+"; + + $pg.= '
'; $pg .= '

Register

'; if (isset($data['data']['error'])) @@ -28,9 +51,9 @@ function doregres($data, $u)
Email:
Password:
Retype Password:
 

* @@ -51,10 +74,9 @@ function doregres($data, $u)
 

* - All fields are required

-An Email will be sent to you, to let you reset your password
"; @@ -184,9 +206,6 @@ function try_reset($info, $page, $menu, $name, $u) $user = getparam('user', false); $mail = trim(getparam('mail', false)); - // Slow this right down - usleep(500000); - $data = array(); if (!nuem($user)) @@ -208,6 +227,9 @@ function try_reset($info, $page, $menu, $name, $u) # function show_reg($info, $page, $menu, $name, $u) { + // Slow this right down + usleep(1000000); + $reg = getparam('Register', false); if ($reg !== NULL) try_reg($info, $page, $menu, $name, $u); diff --git a/pool/page_reset.php b/pool/page_reset.php index 57be33fc..1b636194 100644 --- a/pool/page_reset.php +++ b/pool/page_reset.php @@ -20,10 +20,12 @@ function allow_reset($error) Retype Password: +*2nd Authentication: + +
* + Leave blank if you haven't enabled it   -
* - All fields are required "; @@ -61,6 +63,7 @@ function dbreset() $pass = getparam('pass', true); $pass2 = getparam('pass2', true); + $twofa = getparam('2fa', true); if (nuem($pass) || nuem($pass2)) return allow_reset('Enter both passwords'); diff --git a/pool/page_settings.php b/pool/page_settings.php index aa06ebcf..91818c18 100644 --- a/pool/page_settings.php +++ b/pool/page_settings.php @@ -83,6 +83,14 @@ function settings($data, $user, $email, $addr, $err) $pg .= ''; $pg .= ''; $pg .= ''; + $pg .= ''; + $pg .= '*2nd Authentication:'; + $pg .= ''; + $pg .= ''; + $pg .= ''; + $pg .= ''; + $pg .= "*Leave blank if you haven't enabled it"; + $pg .= '' $pg .= ''; $pg .= 'Change: '; $pg .= ''; @@ -123,16 +131,14 @@ function dosettings($data, $user) $oldpass = getparam('oldpass', false); $pass1 = getparam('pass1', false); $pass2 = getparam('pass2', false); + $twofa = getparam('2fa', false); if (!safepass($pass1)) - { - $err = "Password is unsafe - requires 6 or more characters, including
" . - "at least one of each uppercase, lowercase and digits, but not Tab"; - } + $err = 'Unsafe password. ' . passrequires(); elseif ($pass1 != $pass2) $err = "Passwords don't match"; else { - $ans = setPass($user, $oldpass, $pass1); + $ans = setPass($user, $oldpass, $pass1, $twofa); $err = 'Password changed'; $check = true; } diff --git a/pool/prime.php b/pool/prime.php index 0aafe808..3db83a6f 100644 --- a/pool/prime.php +++ b/pool/prime.php @@ -105,7 +105,7 @@ function check() showPage(NULL, 'reset', $dmenu, '', $who); else { - if (requestRegister() == true) + if (requestLoginRegReset() == true) showPage(NULL, 'reg', $dmenu, '', $who); else {