markow
/
ckpool
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

php - 2fa password input (but not yet available)

master
kanoi 10 years ago
parent
73cab3e577
commit
44f7141fe8
7 changed files with 75 additions and 48 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 12
      pool/base.php
  2. 31
      pool/db.php
  3. 15
      pool/page.php
  4. 40
      pool/page_reg.php
  5. 7
      pool/page_reset.php
  6. 16
      pool/page_settings.php
  7. 2
      pool/prime.php

12
pool/base.php
Unescape View File

@ -323,12 +323,12 @@ session_start();
#
include_once('db.php');
#
function validUserPass($user, $pass)
function validUserPass($user, $pass, $twofa)
{
$rep = checkPass($user, $pass);
$rep = checkPass($user, $pass, $twofa);
if ($rep != null)
$ans = repDecode($rep);
usleep(100000); // Max 10x per second
usleep(500000); // Max twice per second
if ($rep != null && $ans['STATUS'] == 'ok')
{
$key = 'ckp'.rand(1000000,9999999);
@ -352,7 +352,7 @@ function logout()
}
}
#
function requestRegister()
function requestLoginRegReset()
{
$reg = getparam('Register', true);
$reg2 = getparam('Reset', false);
@ -397,7 +397,9 @@ function tryLogInOut()
return;
}
$valid = validUserPass($user, $pass);
$twofa = getparam('2fa', false);
$valid = validUserPass($user, $pass, $twofa);
if (!$valid)
$loginfailed = true;
}

31
pool/db.php
Unescape View File

@ -166,23 +166,18 @@ function homeInfo($user)
if ($rep === false)
$ans = false;
else
{
$ans = repDecode($rep);
// if ($ans['lastblock'] == '?')
// {
// $ans['lastblock'] = 1401237522;
// $ans['lastblock'] = 1403819191;
// $ans['lastblock'] = 1407113822;
// }
}
return $ans;
}
#
function checkPass($user, $pass)
function checkPass($user, $pass, $twofa)
{
$passhash = myhash($pass);
$flds = array('username' => $user, 'passwordhash' => $passhash);
if ($twofa === null)
$twofa = '';
$flds = array('username' => $user, 'passwordhash' => $passhash,
'2fa' => $twofa);
$msg = msgEncode('chkpass', 'chkpass', $flds, $user);
$rep = sendsockreply('checkPass', $msg);
if (!$rep)
@ -190,11 +185,14 @@ function checkPass($user, $pass)
return $rep;
}
#
function setPass($user, $oldpass, $newpass)
function setPass($user, $oldpass, $newpass, $twofa)
{
$oldhash = myhash($oldpass);
$newhash = myhash($newpass);
$flds = array('username' => $user, 'oldhash' => $oldhash, 'newhash' => $newhash);
if ($twofa === null)
$twofa = '';
$flds = array('username' => $user, 'oldhash' => $oldhash,
'newhash' => $newhash, '2fa' => $twofa);
$msg = msgEncode('newpass', 'newpass', $flds, $user);
$rep = sendsockreply('setPass', $msg);
if (!$rep)
@ -202,10 +200,12 @@ function setPass($user, $oldpass, $newpass)
return repDecode($rep);
}
#
function resetPass($user, $newpass)
function resetPass($user, $newpass, $twofa)
{
$newhash = myhash($newpass);
$flds = array('username' => $user, 'newhash' => $newhash);
if ($twofa === null)
$twofa = '';
$flds = array('username' => $user, 'newhash' => $newhash, '2fa' => $twofa);
$msg = msgEncode('newpass', 'newpass', $flds, $user);
$rep = sendsockreply('resetPass', $msg);
if (!$rep)
@ -216,7 +216,8 @@ function resetPass($user, $newpass)
function userReg($user, $email, $pass)
{
$passhash = myhash($pass);
$flds = array('username' => $user, 'emailaddress' => $email, 'passwordhash' => $passhash);
$flds = array('username' => $user, 'emailaddress' => $email,
'passwordhash' => $passhash);
$msg = msgEncode('adduser', 'reg', $flds, $user);
$rep = sendsockreply('userReg', $msg);
if (!$rep)

15
pool/page.php
Unescape View File

@ -409,17 +409,10 @@ function pgtop($info, $dotop, $user, $douser)
list($who, $whoid) = validate();
if ($who == false)
{
$top .= makeForm('')."
<table cellpadding=0 cellspacing=0 border=0><tr><td>
<table cellpadding=0 cellspacing=0 border=0><tr>
<td>User:</td><td><input type=text name=User size=10 value=''></td>
</tr><tr>
<td>Pass:</td><td><input type=password name=Pass size=10 value=''></td>
</tr></table></td><td>
<table cellpadding=0 cellspacing=0 border=0><tr>
<td>&nbsp;<input type=submit name=Login value=Login></td></tr><tr>
<td>&nbsp;&nbsp;<input type=submit name=Register value='Register/Reset'></td></tr></table>
</td></tr></table></form>";
$top .= '<table cellpadding=0 cellspacing=0 border=0><tr><td>';
$top .= '<a href=https://' . $_SERVER['SERVER_NAME'];
$top .= '/index.php?Register=1>Login<br>Register</a>';
$top .= '</td></tr></table>';
}
else
{

40
pool/page_reg.php
Unescape View File

@ -15,7 +15,30 @@ function doregres($data, $u)
else
$mail = '';
$pg = '<br><br><table cellpadding=5 cellspacing=0 border=1><tr><td class=dc>';
$pg = '<br><br><h1>Choose one:</h1>';
$pg .= '<table cellpadding=5 cellspacing=0 border=1><tr><td class=dc>';
$pg .= '<h1>Login</h1>';
if (isset($data['data']['error']))
$pg .= "<br><b>".$data['data']['error']." - please try again</b><br><br>";
$pg .= makeForm('');
$pg .= "
<table>
<tr><td class=dr>Username:</td>
<td class=dl><input name=User value=''></td></tr>
<tr><td class=dr>Password:</td>
<td class=dl><input type=password name=Pass value=''></td></tr>
<tr><td class=dr><span class=st1>*</span>2nd Authentication:</td>
<td class=dl><input type=password name=2fa></td></tr>
<tr><td colspan=2 class=dc><font size=-1><span class=st1>*</span>
Leave blank if you haven't enabled it</font></td></tr>
<tr><td>&nbsp;</td>
<td class=dl><input type=submit name=Login value=Login></td></tr>
</table>
</form>";
$pg.= '</td></tr><tr><td class=dc>';
$pg .= '<h1>Register</h1>';
if (isset($data['data']['error']))
@ -28,9 +51,9 @@ function doregres($data, $u)
<tr><td class=dr>Email:</td>
<td class=dl><input name=mail value=\"$mail\"></td></tr>
<tr><td class=dr>Password:</td>
<td class=dl><input type=password name=pass></td></tr>
<td class=dl><input type=password name=pass value=''></td></tr>
<tr><td class=dr>Retype Password:</td>
<td class=dl><input type=password name=pass2></td></tr>
<td class=dl><input type=password name=pass2 value=''></td></tr>
<tr><td>&nbsp;</td>
<td class=dl><input type=submit name=Register value=Register></td></tr>
<tr><td colspan=2 class=dc><br><font size=-1><span class=st1>*</span>
@ -51,10 +74,9 @@ function doregres($data, $u)
<td class=dl><input name=mail value=''></td></tr>
<tr><td>&nbsp;</td>
<td class=dl><input type=submit name=Reset value=Reset></td></tr>
<tr><td colspan=2 class=dc><br><font size=-1><span class=st1>*</span>
All fields are required</font></td></tr>
<tr><td colspan=2 class=dc><br><font size=-1>
An Email will be sent to you, to let you reset your password</font></td></tr>
If you enter the details correctly,<br>
an Email will be sent to you to let you reset your password</font></td></tr>
</table>
</form>";
@ -184,9 +206,6 @@ function try_reset($info, $page, $menu, $name, $u)
$user = getparam('user', false);
$mail = trim(getparam('mail', false));
// Slow this right down
usleep(500000);
$data = array();
if (!nuem($user))
@ -208,6 +227,9 @@ function try_reset($info, $page, $menu, $name, $u)
#
function show_reg($info, $page, $menu, $name, $u)
{
// Slow this right down
usleep(1000000);
$reg = getparam('Register', false);
if ($reg !== NULL)
try_reg($info, $page, $menu, $name, $u);

7
pool/page_reset.php
Unescape View File

@ -20,10 +20,12 @@ function allow_reset($error)
<td class=dl><input type=password name=pass></td></tr>
<tr><td class=dr>Retype Password:</td>
<td class=dl><input type=password name=pass2></td></tr>
<tr><td class=dr><span class=st1>*</span>2nd Authentication:</td>
<td class=dl><input type=password name=2fa></td></tr>
<tr><td colspan=2 class=dc><br><font size=-1><span class=st1>*</span>
Leave blank if you haven't enabled it</font></td></tr>
<tr><td>&nbsp;</td>
<td class=dl><input type=submit name=Update value=Update></td></tr>
<tr><td colspan=2 class=dc><br><font size=-1><span class=st1>*</span>
All fields are required</font></td></tr>
</table>
</form>";
@ -61,6 +63,7 @@ function dbreset()
$pass = getparam('pass', true);
$pass2 = getparam('pass2', true);
$twofa = getparam('2fa', true);
if (nuem($pass) || nuem($pass2))
return allow_reset('Enter both passwords');

16
pool/page_settings.php
Unescape View File

@ -83,6 +83,14 @@ function settings($data, $user, $email, $addr, $err)
$pg .= '</td><td class=dl>';
$pg .= '<input type=password name=pass2 size=20>';
$pg .= '</td></tr>';
$pg .= '<tr class=dc><td class=dr nowrap>';
$pg .= '<span class=st1>*</span>2nd Authentication:';
$pg .= '</td><td class=dl>';
$pg .= '<input type=password name=2fa size=20>';
$pg .= '</td></tr>';
$pg .= '<tr class=dc><td colspan=2 class=dc><font size=-1>';
$pg .= "<span class=st1>*</span>Leave blank if you haven't enabled it</font>";
$pg .= '</td></tr>'
$pg .= '<tr class=dc><td class=dr colspan=2>';
$pg .= 'Change: <input type=submit name=Change value=Password>';
$pg .= '</td></tr>';
@ -123,16 +131,14 @@ function dosettings($data, $user)
$oldpass = getparam('oldpass', false);
$pass1 = getparam('pass1', false);
$pass2 = getparam('pass2', false);
$twofa = getparam('2fa', false);
if (!safepass($pass1))
{
$err = "Password is unsafe - requires 6 or more characters, including<br>" .
"at least one of each uppercase, lowercase and digits, but not Tab";
}
$err = 'Unsafe password. ' . passrequires();
elseif ($pass1 != $pass2)
$err = "Passwords don't match";
else
{
$ans = setPass($user, $oldpass, $pass1);
$ans = setPass($user, $oldpass, $pass1, $twofa);
$err = 'Password changed';
$check = true;
}

2
pool/prime.php
Unescape View File

@ -105,7 +105,7 @@ function check()
showPage(NULL, 'reset', $dmenu, '', $who);
else
{
if (requestRegister() == true)
if (requestLoginRegReset() == true)
showPage(NULL, 'reg', $dmenu, '', $who);
else
{

Write Preview
Loading…
Cancel
Save