php - 2fa password input (but not yet available)

9 years ago · 44f7141fe8
7 changed files with 75 additions and 48 deletions
--- a/pool/base.php
+++ b/pool/base.php
@ -323,12 +323,12 @@ session_start();
 #
 include_once('db.php');
 #
-function validUserPass($user, $pass)
+function validUserPass($user, $pass, $twofa)
 {
- $rep = checkPass($user, $pass);
+ $rep = checkPass($user, $pass, $twofa);
 if ($rep != null)
 	$ans = repDecode($rep);
- usleep(100000); // Max 10x per second
+ usleep(500000); // Max twice per second
 if ($rep != null && $ans['STATUS'] == 'ok')
 {
 	$key = 'ckp'.rand(1000000,9999999);
@ -352,7 +352,7 @@ function logout()
 }
 }
 #
-function requestRegister()
+function requestLoginRegReset()
 {
 $reg = getparam('Register', true);
 $reg2 = getparam('Reset', false);
@ -397,7 +397,9 @@ function tryLogInOut()
 		return;
 	}
-	$valid = validUserPass($user, $pass);
+	$twofa = getparam('2fa', false);
 	$valid = validUserPass($user, $pass, $twofa);
 	if (!$valid)
 		$loginfailed = true;
 }
--- a/pool/db.php
+++ b/pool/db.php
@ -166,23 +166,18 @@ function homeInfo($user)
 if ($rep === false)
 	$ans = false;
 else
 {
 	$ans = repDecode($rep);
 //	if ($ans['lastblock'] == '?')
 //	{
 //		$ans['lastblock'] = 1401237522;
 //		$ans['lastblock'] = 1403819191;
 //		$ans['lastblock'] = 1407113822;
 //	}
 }
 return $ans;
 }
 #
-function checkPass($user, $pass)
+function checkPass($user, $pass, $twofa)
 {
 $passhash = myhash($pass);
- $flds = array('username' => $user, 'passwordhash' => $passhash);
+ if ($twofa === null)
 	$twofa = '';
 $flds = array('username' => $user, 'passwordhash' => $passhash,
 		'2fa' => $twofa);
 $msg = msgEncode('chkpass', 'chkpass', $flds, $user);
 $rep = sendsockreply('checkPass', $msg);
 if (!$rep)
@ -190,11 +185,14 @@ function checkPass($user, $pass)
 return $rep;
 }
 #
-function setPass($user, $oldpass, $newpass)
+function setPass($user, $oldpass, $newpass, $twofa)
 {
 $oldhash = myhash($oldpass);
 $newhash = myhash($newpass);
- $flds = array('username' => $user, 'oldhash' => $oldhash, 'newhash' => $newhash);
+ if ($twofa === null)
 	$twofa = '';
 $flds = array('username' => $user, 'oldhash' => $oldhash,
 		'newhash' => $newhash, '2fa' => $twofa);
 $msg = msgEncode('newpass', 'newpass', $flds, $user);
 $rep = sendsockreply('setPass', $msg);
 if (!$rep)
@ -202,10 +200,12 @@ function setPass($user, $oldpass, $newpass)
 return repDecode($rep);
 }
 #
-function resetPass($user, $newpass)
+function resetPass($user, $newpass, $twofa)
 {
 $newhash = myhash($newpass);
- $flds = array('username' => $user, 'newhash' => $newhash);
+ if ($twofa === null)
 	$twofa = '';
 $flds = array('username' => $user, 'newhash' => $newhash, '2fa' => $twofa);
 $msg = msgEncode('newpass', 'newpass', $flds, $user);
 $rep = sendsockreply('resetPass', $msg);
 if (!$rep)
@ -216,7 +216,8 @@ function resetPass($user, $newpass)
 function userReg($user, $email, $pass)
 {
 $passhash = myhash($pass);
- $flds = array('username' => $user, 'emailaddress' => $email, 'passwordhash' => $passhash);
+ $flds = array('username' => $user, 'emailaddress' => $email,
 		'passwordhash' => $passhash);
 $msg = msgEncode('adduser', 'reg', $flds, $user);
 $rep = sendsockreply('userReg', $msg);
 if (!$rep)
--- a/pool/page.php
+++ b/pool/page.php
@ -409,17 +409,10 @@ function pgtop($info, $dotop, $user, $douser)
 		list($who, $whoid) = validate();
 		if ($who == false)
 		{
-			$top .= makeForm('')."
+			$top .= '<table cellpadding=0 cellspacing=0 border=0><tr><td>';
-<table cellpadding=0 cellspacing=0 border=0><tr><td>
+			$top .= '<a href=https://' . $_SERVER['SERVER_NAME'];
-<table cellpadding=0 cellspacing=0 border=0><tr>
+			$top .= '/index.php?Register=1>Login<br>Register</a>';
-<td>User:</td><td><input type=text name=User size=10 value=''></td>
+			$top .= '</td></tr></table>';
 </tr><tr>
 <td>Pass:</td><td><input type=password name=Pass size=10 value=''></td>
 </tr></table></td><td>
 <table cellpadding=0 cellspacing=0 border=0><tr>
 <td>&nbsp;<input type=submit name=Login value=Login></td></tr><tr>
 <td>&nbsp;&nbsp;<input type=submit name=Register value='Register/Reset'></td></tr></table>
 </td></tr></table></form>";
 		}
 		else
 		{
--- a/pool/page_reg.php
+++ b/pool/page_reg.php
@ -15,7 +15,30 @@ function doregres($data, $u)
 else
 	$mail = '';
- $pg = '<br><br><table cellpadding=5 cellspacing=0 border=1><tr><td class=dc>';
+ $pg = '<br><br><h1>Choose one:</h1>';
 $pg .= '<table cellpadding=5 cellspacing=0 border=1><tr><td class=dc>';
 $pg .= '<h1>Login</h1>';
 if (isset($data['data']['error']))
 	$pg .= "<br><b>".$data['data']['error']." - please try again</b><br><br>";
 $pg .= makeForm('');
 $pg .= "
 <table>
 <tr><td class=dr>Username:</td>
 <td class=dl><input name=User value=''></td></tr>
 <tr><td class=dr>Password:</td>
 <td class=dl><input type=password name=Pass value=''></td></tr>
 <tr><td class=dr><span class=st1>*</span>2nd Authentication:</td>
 <td class=dl><input type=password name=2fa></td></tr>
 <tr><td colspan=2 class=dc><font size=-1><span class=st1>*</span>
 Leave blank if you haven't enabled it</font></td></tr>
 <tr><td>&nbsp;</td>
 <td class=dl><input type=submit name=Login value=Login></td></tr>
 </table>
 </form>";
 $pg.= '</td></tr><tr><td class=dc>';
 $pg .= '<h1>Register</h1>';
 if (isset($data['data']['error']))
@ -28,9 +51,9 @@ function doregres($data, $u)
 <tr><td class=dr>Email:</td>
 <td class=dl><input name=mail value=\"$mail\"></td></tr>
 <tr><td class=dr>Password:</td>
- <td class=dl><input type=password name=pass></td></tr>
+ <td class=dl><input type=password name=pass value=''></td></tr>
 <tr><td class=dr>Retype Password:</td>
- <td class=dl><input type=password name=pass2></td></tr>
+ <td class=dl><input type=password name=pass2 value=''></td></tr>
 <tr><td>&nbsp;</td>
 <td class=dl><input type=submit name=Register value=Register></td></tr>
 <tr><td colspan=2 class=dc><br><font size=-1><span class=st1>*</span>
@ -51,10 +74,9 @@ function doregres($data, $u)
 <td class=dl><input name=mail value=''></td></tr>
 <tr><td>&nbsp;</td>
 <td class=dl><input type=submit name=Reset value=Reset></td></tr>
 <tr><td colspan=2 class=dc><br><font size=-1><span class=st1>*</span>
 All fields are required</font></td></tr>
 <tr><td colspan=2 class=dc><br><font size=-1>
-An Email will be sent to you, to let you reset your password</font></td></tr>
+If you enter the details correctly,<br>
 an Email will be sent to you to let you reset your password</font></td></tr>
 </table>
 </form>";
@ -184,9 +206,6 @@ function try_reset($info, $page, $menu, $name, $u)
 $user = getparam('user', false);
 $mail = trim(getparam('mail', false));
 // Slow this right down
 usleep(500000);
 $data = array();
 if (!nuem($user))
@ -208,6 +227,9 @@ function try_reset($info, $page, $menu, $name, $u)
 #
 function show_reg($info, $page, $menu, $name, $u)
 {
 // Slow this right down
 usleep(1000000);
 $reg = getparam('Register', false);
 if ($reg !== NULL)
 	try_reg($info, $page, $menu, $name, $u);
--- a/pool/page_reset.php
+++ b/pool/page_reset.php
@ -20,10 +20,12 @@ function allow_reset($error)
 <td class=dl><input type=password name=pass></td></tr>
 <tr><td class=dr>Retype Password:</td>
 <td class=dl><input type=password name=pass2></td></tr>
 <tr><td class=dr><span class=st1>*</span>2nd Authentication:</td>
 <td class=dl><input type=password name=2fa></td></tr>
 <tr><td colspan=2 class=dc><br><font size=-1><span class=st1>*</span>
 Leave blank if you haven't enabled it</font></td></tr>
 <tr><td>&nbsp;</td>
 <td class=dl><input type=submit name=Update value=Update></td></tr>
 <tr><td colspan=2 class=dc><br><font size=-1><span class=st1>*</span>
 All fields are required</font></td></tr>
 </table>
 </form>";
@ -61,6 +63,7 @@ function dbreset()
 $pass = getparam('pass', true);
 $pass2 = getparam('pass2', true);
 $twofa = getparam('2fa', true);
 if (nuem($pass) || nuem($pass2))
 	return allow_reset('Enter both passwords');
--- a/pool/page_settings.php
+++ b/pool/page_settings.php
@ -83,6 +83,14 @@ function settings($data, $user, $email, $addr, $err)
 $pg .= '</td><td class=dl>';
 $pg .= '<input type=password name=pass2 size=20>';
 $pg .= '</td></tr>';
 $pg .= '<tr class=dc><td class=dr nowrap>';
 $pg .= '<span class=st1>*</span>2nd Authentication:';
 $pg .= '</td><td class=dl>';
 $pg .= '<input type=password name=2fa size=20>';
 $pg .= '</td></tr>';
 $pg .= '<tr class=dc><td colspan=2 class=dc><font size=-1>';
 $pg .= "<span class=st1>*</span>Leave blank if you haven't enabled it</font>";
 $pg .= '</td></tr>'
 $pg .= '<tr class=dc><td class=dr colspan=2>';
 $pg .= 'Change: <input type=submit name=Change value=Password>';
 $pg .= '</td></tr>';
@ -123,16 +131,14 @@ function dosettings($data, $user)
 	$oldpass = getparam('oldpass', false);
 	$pass1 = getparam('pass1', false);
 	$pass2 = getparam('pass2', false);
 	$twofa = getparam('2fa', false);
 	if (!safepass($pass1))
-	{
+		$err = 'Unsafe password. ' . passrequires();
 		$err = "Password is unsafe - requires 6 or more characters, including<br>" .
 			"at least one of each uppercase, lowercase and digits, but not Tab";
 	}
 	elseif ($pass1 != $pass2)
 		$err = "Passwords don't match";
 	else
 	{
-		$ans = setPass($user, $oldpass, $pass1);
+		$ans = setPass($user, $oldpass, $pass1, $twofa);
 		$err = 'Password changed';
 		$check = true;
 	}
--- a/pool/prime.php
+++ b/pool/prime.php
@ -105,7 +105,7 @@ function check()
 		showPage(NULL, 'reset', $dmenu, '', $who);
 	else
 	{
-		if (requestRegister() == true)
+		if (requestLoginRegReset() == true)
 			showPage(NULL, 'reg', $dmenu, '', $who);
 		else
 		{