ckdb/php - add users settings plus various changes in the php

11 years ago · 9b72c30dbc
16 changed files with 708 additions and 103 deletions
--- a/pool/base.php
+++ b/pool/base.php
@ -65,9 +65,38 @@ function emailStr($str)
 return preg_replace(array($all,$beg,$fin), '', $str);
 }
 #
 function safepass($pass)
 {
 if (strlen($pass) < 6)
 	return false;
 # Invalid characters
 $p2 = preg_replace('/[\011]/', '', $pass);
 if ($p2 != $pass)
 	return false;
 # At least one lowercase
 $p2 = preg_replace('/[a-z]/', '', $pass);
 if ($p2 == $pass)
 	return false;
 # At least one uppercase
 $p2 = preg_replace('/[A-Z]/', '', $pass);
 if ($p2 == $pass)
 	return false;
 # At least one digit
 $p2 = preg_replace('/[0-9]/', '', $pass);
 if ($p2 == $pass)
 	return false;
 return true;
 }
 #
 function loginStr($str)
 {
- $all = '/[^!-~]/'; // no spaces
+ // Anything but . _ / Tab
 $all = '/[\._\/\011]/';
 return preg_replace($all, '', $str);
 }
 #
@ -137,34 +166,34 @@ function safetext($txt, $len = 1024)
 #
 function dbd($data, $user)
 {
- return "<font color=red size=+10><br>Web site is currently down</font>";
+ return "<span class=alert><br>Web site is currently down</span>";
 }
 #
 function dbdown()
 {
- gopage(NULL, 'dbd', NULL, '', false, true, false);
+ gopage(NULL, 'dbd', 'dbd', NULL, '', '', true, false, false);
 }
 #
 function f404($data)
 {
- return "<font color=red size=+10><br>404</font>";
+ return "<span class=alert><br>404</span>";
 }
 #
 function do404()
 {
- gopage(NULL, 'f404', NULL, '', false, true, false);
+ gopage(NULL, 'f404', 'f404', NULL, '', '', true, false, false);
 }
 #
 function showPage($page, $menu, $name, $user)
 {
 # If you are doing development, use without '@'
 # Then switch to '@' when finished
-# @include_once("page_$page.php");
+# include_once("page_$page.php");
- include_once("page_$page.php");
+ @include_once("page_$page.php");
 $fun = 'show_' . $page;
 if (function_exists($fun))
-	$fun($menu, $name, $user);
+	$fun($page, $menu, $name, $user);
 else
 	do404();
 }
@ -179,8 +208,9 @@ function offline()
 if (file_exists('./maintenance.txt'))
 {
 	$ip = $_SERVER['REMOTE_ADDR'];
-	if ($ip != '192.168.7.74')
+	if ($ip != '192.168.1.666')
-		gopage(NULL, file_get_contents('./maintenance.txt'), NULL, '', false, false, false, false);
+		gopage(NULL, file_get_contents('./maintenance.txt'),
 			'offline', NULL, '', '', false, false, false);
 }
 }
 #
--- a/pool/db.php
+++ b/pool/db.php
@ -59,7 +59,7 @@ function repDecode($rep)
 	if (isset($major[3]))
 		$ans['ERROR'] = $major[3];
 	else
-		$ans['ERROR'] = 'unknown';
+		$ans['ERROR'] = 'system error';
 }
 return $ans;
@ -121,18 +121,46 @@ function checkPass($user, $pass)
 $passhash = myhash($pass);
 $flds = array('username' => $user, 'passwordhash' => $passhash);
 $msg = msgEncode('chkpass', 'log', $flds);
- $rep = sendsockreply('checkpass', $msg);
+ $rep = sendsockreply('checkPass', $msg);
 if (!$rep)
 	dbdown();
 return $rep;
 }
 #
 function setPass($user, $oldpass, $newpass)
 {
 $oldhash = myhash($oldpass);
 $newhash = myhash($newpass);
 $flds = array('username' => $user, 'oldhash' => $oldhash, 'newhash' => $newhash);
 $msg = msgEncode('newpass', 'log', $flds);
 $rep = sendsockreply('setPass', $msg);
 if (!$rep)
 	dbdown();
 return repDecode($rep);
 }
 #
 function userReg($user, $email, $pass)
 {
 $passhash = myhash($pass);
 $flds = array('username' => $user, 'emailaddress' => $email, 'passwordhash' => $passhash);
 $msg = msgEncode('adduser', 'reg', $flds);
- $rep = sendsockreply('adduser', $msg);
+ $rep = sendsockreply('userReg', $msg);
 if (!$rep)
 	dbdown();
 return repDecode($rep);
 }
 #
 function userSettings($user, $email = null, $addr = null, $pass = null)
 {
 $flds = array('username' => $user);
 if ($email != null)
 	$flds['email'] = $email;
 if ($addr != null)
 	$flds['address'] = $addr;
 if ($pass != null)
 	$flds['passwordhash'] = myhash($pass);
 $msg = msgEncode('usersettings', 'userset', $flds);
 $rep = sendsockreply('userSettings', $msg);
 if (!$rep)
 	dbdown();
 return repDecode($rep);
--- a/pool/page.php
+++ b/pool/page.php
@ -52,6 +52,14 @@ function makeLink($page, $rest = '')
 return $href;
 }
 #
 function makeForm($page)
 {
 $form = '<form action=index.php method=POST>';
 if (strlen($page) > 0)
 	$form .= "<input type=hidden name=k value=$page>";
 return $form;
 }
 #
 function dotrm($html, $dontdoit)
 {
 if ($dontdoit === true)
@ -82,7 +90,7 @@ function pghead($script_marker, $name)
 $head .= "<style type='text/css'>
 form {display: inline-block;}
-html, body {height: 100%; font-family:Arial, Verdana, sans-serif; font-size:12pt; background-color:#eff; text-align: center;}
+html, body {height: 100%; font-family:Arial, Verdana, sans-serif; font-size:12pt; background-color:#eff; text-align: center; background-repeat: no-repeat; background-position: center; }
 .page {min-height: 100%; height: auto !important; height: 100%; margin: 0 auto -50px; position: relative;}
 div.jst {color:red; background-color: #ffa; font-weight: font-size: 8; bold; border-style: solid; border-width: 2px; vertical-align: top;}
 div.topd {background-color:#cff; border-color: #cff; border-style: solid; border-width: 9px;}
@ -93,6 +101,9 @@ span.login {float: right; margin-left: 8px; margin-right: 24px;}
 span.hil {color:blue;}
 span.warn {color:orange; font-weight:bold;}
 span.urg {color:red; font-weight:bold;}
 span.err {color:red; font-weight:bold; font-size:120%;}
 span.alert {color:red; font-weight:bold; font-size:250%;}
 input.tiny {width: 0px; height: 0px; margin: 0px; padding: 0px; outline: none; border: 0px;}
 #n42 {margin:0; position: relative; color:#fff; background:#07e;}
 #n42 a {color:#fff; text-decoration:none; margin: 4px;}
 #n42 td {min-width: 100px; float: left; vertical-align: top; padding: 2px;}
@ -291,33 +302,38 @@ function pgtop($dotop, $user, $douser)
 		list($who, $whoid) = validate();
 		if ($who == false)
 		{
-			$top .= "
+			$top .= makeForm('')."
-<form action=index.php method=POST>
+<table cellpadding=0 cellspacing=0 border=0><tr><td>
 <table cellpadding=0 cellspacing=0 border=0><tr>
 <td>User:</td><td><input type=text name=User size=10 value=''></td>
-<td>&nbsp;<input type=submit name=Login value=Login></td></tr><tr>
+</tr><tr>
 <td>Pass:</td><td><input type=password name=Pass size=10 value=''></td>
-<td>&nbsp;&nbsp;<input type=submit name=Register value=Register></td></tr></table>
+</tr></table></td><td>
-</form>";
+<table cellpadding=0 cellspacing=0 border=0><tr>
 <td>&nbsp;<input type=submit name=Login value=Login></td></tr><tr>
 <td>&nbsp;&nbsp;
 <input type=submit name=Register value=Register></td></tr></table>
 </td></tr></table></form>";
 		}
 		else
 		{
 			$top .= "
 <span class=topwho>$who&nbsp;</span>
 <span class=topdes>Hash Rate:</span>
-<span class=topdat>$uhr$u1hr</span>
+<span class=topdat>$uhr$u1hr</span>";
-<form action=index.php method=POST>
+			$top .= makeForm('')."
 &nbsp;<input type=submit name=Logout value=Logout>
 </form>";
 		}
 		$top .= '</span>';
 	}
 	$top .= '</td></tr></table>';
 }
 else
 	$top .= '&nbsp;';
- $top .= '</td></tr></table></div>';
+ $top .= '</div>';
 return $top;
 }
 #
@ -357,16 +373,18 @@ function pgmenu($menus)
 	}
 	$ret .= "<tr><td class=ts>".makeLink($item,'class=as')."$submenu</a></td></tr>";
  }
-  $ret .= '</table></div></td></tr></table></td>';
+  if ($first == false)
 	$ret .= '</table></div></td></tr></table>';
  $ret .= '</td>';
 }
 $ret .= "</tr></table></td></tr></table>\n";
 return $ret;
 }
 #
-function pgbody($menu, $dotop, $user, $douser)
+function pgbody($page, $menu, $dotop, $user, $douser)
 {
- $body = '<body onload="jst()">';
+ $body = '<body onload="jst()"';
- $body .= '<div class=page>';
+ $body .= '><div class=page>';
 $body .=  '<table border=0 cellpadding=0 cellspacing=0 width=100%>';
 $body .=   '<tr><td><center>';
@ -402,7 +420,7 @@ function pgfoot()
 return $foot;
 }
 #
-function gopage($data, $page, $menu, $name, $user, $ispage = true, $dotop = true, $douser = true)
+function gopage($data, $pagefun, $page, $menu, $name, $user, $ispage = true, $dotop = true, $douser = true)
 {
 global $dbg;
 global $page_scripts;
@ -416,15 +434,15 @@ function gopage($data, $page, $menu, $name, $user, $ispage = true, $dotop = true
 	$pg = '';
 if ($ispage == true)
-	$pg .= $page($data, $user);
+	$pg .= $pagefun($data, $user);
 else
-	$pg .= $page;
+	$pg .= $pagefun;
 // if (isset($_SESSION['logkey']))
 //	unset($_SESSION['logkey']);
 $head = pghead($script_marker, $name);
- $body = pgbody($menu, $dotop, $user, $douser);
+ $body = pgbody($page, $menu, $dotop, $user, $douser);
 $foot = pgfoot();
 if ($dbg === true)
--- a/pool/page_blocks.php
+++ b/pool/page_blocks.php
@ -50,9 +50,9 @@ function doblocks($data, $user)
 return $pg;
 }
 #
-function show_blocks($menu, $name, $user)
+function show_blocks($page, $menu, $name, $user)
 {
- gopage(NULL, 'doblocks', $menu, $name, $user);
+ gopage(NULL, 'doblocks', $page, $menu, $name, $user);
 }
 #
 ?>
--- a/pool/page_ckp.php
+++ b/pool/page_ckp.php
@ -63,9 +63,9 @@ function dockp($data, $user)
 return $pg;
 }
 #
-function show_ckp($menu, $name, $user)
+function show_ckp($page, $menu, $name, $user)
 {
- gopage(NULL, 'dockp', $menu, $name, $user);
+ gopage(NULL, 'dockp', $page, $menu, $name, $user);
 }
 #
 ?>
--- a/pool/page_help.php
+++ b/pool/page_help.php
@ -5,9 +5,9 @@ function dohelp($data, $user)
 return '<h1>Helpless</h1>Helpless';
 }
 #
-function show_help($menu, $name, $user)
+function show_help($page, $menu, $name, $user)
 {
- gopage(NULL, 'dohelp', $menu, $name, $user);
+ gopage(NULL, 'dohelp', $page, $menu, $name, $user);
 }
 #
 ?>
--- a/pool/page_index.php
+++ b/pool/page_index.php
@ -9,9 +9,9 @@ Welcome to CKPool
 return $pg;
 }
 #
-function show_index($menu, $name, $user)
+function show_index($page, $menu, $name, $user)
 {
- gopage(NULL, 'doindex', $menu, $name, $user);
+ gopage(NULL, 'doindex', $page, $menu, $name, $user);
 }
 #
 ?>
--- a/pool/page_payments.php
+++ b/pool/page_payments.php
@ -34,9 +34,9 @@ function dopayments($data, $user)
 return $pg;
 }
 #
-function show_payments($menu, $name, $user)
+function show_payments($page, $menu, $name, $user)
 {
- gopage(NULL, 'dopayments', $menu, $name, $user);
+ gopage(NULL, 'dopayments', $page, $menu, $name, $user);
 }
 #
 ?>
--- a/pool/page_payout.php
+++ b/pool/page_payout.php
@ -22,9 +22,9 @@ A flat rate of 0.5% is reserved for further development, with an initial focus o
 return $pg;
 }
 #
-function show_payout($menu, $name, $user)
+function show_payout($page, $menu, $name, $user)
 {
- gopage(NULL, 'dopayout', $menu, $name, $user);
+ gopage(NULL, 'dopayout', $page, $menu, $name, $user);
 }
 #
 ?>
--- a/pool/page_pplns.php
+++ b/pool/page_pplns.php
@ -23,9 +23,7 @@ function dopplns($data, $user)
 $blk = getparam('blk', true);
 if (nuem($blk))
 {
-	$pg = "<br>
+	$pg = '<br>'.makeForm('pplns')."
 <form action=index.php method=POST>
 <input type=hidden name=k value=pplns>
 Block: <input type=text name=blk size=10 value=''>
 &nbsp;<input type=submit name=Calc value=Calc>
 </form>";
@ -126,9 +124,9 @@ Block: <input type=text name=blk size=10 value=''>
 return $pg;
 }
 #
-function show_pplns($menu, $name, $user)
+function show_pplns($page, $menu, $name, $user)
 {
- gopage(NULL, 'dopplns', $menu, $name, $user);
+ gopage(NULL, 'dopplns', $page, $menu, $name, $user);
 }
 #
 ?>
--- a/pool/page_reg.php
+++ b/pool/page_reg.php
@ -17,8 +17,8 @@ function doreg($data, $u)
 $pg = '<h1>Register</h1>';
 if (isset($data['error']))
 	$pg .= "<br><b>".$data['error']." - please try again</b><br><br>";
 $pg .= makeForm('');
 $pg .= "
 <form action=index.php method=POST>
 <table>
 <tr><td class=dr>Username:</td>
 <td class=dl><input name=user value=\"$user\"></td></tr>
@ -53,35 +53,7 @@ function doreg2($data)
 return $pg;
 }
 #
-function safepass($pass)
+function show_reg($page, $menu, $name, $u)
 {
 if (strlen($pass) < 6)
 	return false;
 # Invalid characters
 $p2 = preg_replace('/[\011]/', '', $pass);
 if ($p2 != $pass)
 	return false;
 # At least one lowercase
 $p2 = preg_replace('/[a-z]/', '', $pass);
 if ($p2 == $pass)
 	return false;
 # At least one uppercase
 $p2 = preg_replace('/[A-Z]/', '', $pass);
 if ($p2 == $pass)
 	return false;
 # At least one digit
 $p2 = preg_replace('/[0-9]/', '', $pass);
 if ($p2 == $pass)
 	return false;
 return true;
 }
 #
 function show_reg($menu, $name, $u)
 {
 $user = getparam('user', false);
 $mail = trim(getparam('mail', false));
@ -118,7 +90,7 @@ function show_reg($menu, $name, $u)
 	}
 	$orig = $user;
-	$user = preg_replace('/[\._\/\011]/', '', $orig);
+	$user = loginStr($orig);
 	if ($user != $orig)
 	{
 		$ok = false;
@ -131,12 +103,12 @@ function show_reg($menu, $name, $u)
 {
 	$ans = userReg($user, $mail, $pass);
 	if ($ans['STATUS'] == 'ok')
-		gopage($data, 'doreg2', $menu, $name, $u, true, true, false);
+		gopage($data, 'doreg2', $page, $menu, $name, $u, true, true, false);
 	else
 		$data['error'] = "Invalid username, password or email address";
 }
- gopage($data, 'doreg', $menu, $name, $u, true, true, false);
+ gopage($data, 'doreg', $page, $menu, $name, $u, true, true, false);
 }
 #
 ?>
--- a/pool/page_settings.php
+++ b/pool/page_settings.php
@ -0,0 +1,155 @@
 <?php
 #
 function settings($data, $user, $email, $addr, $err)
 {
 $pg = '<h1>Account Settings</h1>';
 if ($err != '')
 	$pg .= "<span class=err>$err<br><br></span>";
 $pg .= '<table cellpadding=20 cellspacing=0 border=1>';
 $pg .= '<tr class=dc><td><center>';
 $pg .= makeForm('settings');
 $pg .= '<table cellpadding=5 cellspacing=0 border=0>';
 $pg .= '<tr class=dc><td class=dr colspan=2>';
 $pg .= 'To change your email, enter a new email address and your password';
 $pg .= '</td></tr>';
 $pg .= '<tr class=dc><td class=dr>';
 $pg .= 'EMail:';
 $pg .= '</td><td class=dl>';
 $pg .= "<input type=text name=email value='$email' size=20>";
 $pg .= '</td></tr>';
 $pg .= '<tr class=dc><td class=dr>';
 $pg .= 'Password:';
 $pg .= '</td><td class=dl>';
 $pg .= '<input type=password name=pass size=20>';
 $pg .= '</td></tr>';
 $pg .= '<tr class=dc><td class=dr colspan=2>';
 $pg .= 'Change: <input type=submit name=Change value=EMail>';
 $pg .= '</td></tr>';
 $pg .= '</table></form>';
 $pg .= '</center></td></tr>';
 $pg .= '<tr class=dc><td><center>';
 $pg .= makeForm('settings');
 $pg .= '<table cellpadding=5 cellspacing=0 border=0>';
 $pg .= '<tr class=dc><td class=dr colspan=2>';
 $pg .= 'To change your payout address, enter a new address and your password';
 $pg .= '</td></tr>';
 $pg .= '<tr class=dc><td class=dr>';
 $pg .= 'Address:';
 $pg .= '</td><td class=dl>';
 $pg .= "<input type=text name=addr value='$addr' size=42>";
 $pg .= '</td></tr>';
 $pg .= '<tr class=dc><td class=dr>';
 $pg .= 'Password:';
 $pg .= '</td><td class=dl>';
 $pg .= '<input type=password name=pass size=20>';
 $pg .= '</td></tr>';
 $pg .= '<tr class=dc><td class=dr colspan=2>';
 $pg .= 'Change: <input type=submit name=Change value=Address>';
 $pg .= '</td></tr>';
 $pg .= '</table></form>';
 $pg .= '</center></td></tr>';
 $pg .= '<tr class=dc><td><center>';
 $pg .= makeForm('settings');
 $pg .= '<table cellpadding=5 cellspacing=0 border=0>';
 $pg .= '<tr class=dc><td class=dr colspan=2>';
 $pg .= 'To change your password, enter your old password and new password twice';
 $pg .= '</td></tr>';
 $pg .= '<tr class=dc><td class=dr nowrap>';
 $pg .= 'Old Password:';
 $pg .= '</td><td class=dl>';
 $pg .= "<input type=password name=oldpass size=20>";
 $pg .= '</td></tr>';
 $pg .= '<tr class=dc><td class=dr nowrap>';
 $pg .= 'New Password:';
 $pg .= '</td><td class=dl>';
 $pg .= '<input type=password name=pass1 size=20>';
 $pg .= '</td></tr>';
 $pg .= '<tr class=dc><td class=dr nowrap>';
 $pg .= 'New Password again:';
 $pg .= '</td><td class=dl>';
 $pg .= '<input type=password name=pass2 size=20>';
 $pg .= '</td></tr>';
 $pg .= '<tr class=dc><td class=dr colspan=2>';
 $pg .= 'Change: <input type=submit name=Change value=Password>';
 $pg .= '</td></tr>';
 $pg .= '</table></form>';
 $pg .= '</center></td></tr>';
 $pg .= '</table>';
 return $pg;
 }
 #
 function dosettings($data, $user)
 {
 $err = '';
 $chg = getparam('Change', false);
 $check = false;
 switch ($chg)
 {
  case 'EMail':
 	$email = getparam('email', false);
 	$pass = getparam('pass', false);
 	$ans = userSettings($user, $email, null, $pass);
 	$check = true;
 	break;
  case 'Address':
 	$addr = getparam('addr', false);
 	$pass = getparam('pass', false);
 	$ans = userSettings($user, null, $addr, $pass);
 	$check = true;
 	break;
  case 'Password':
 	$oldpass = getparam('oldpass', false);
 	$pass1 = getparam('pass1', false);
 	$pass2 = getparam('pass2', false);
 	if (!safepass($pass1))
 	{
 		$err = "Password is unsafe - requires 6 or more characters, including<br>" .
 			"at least one of each uppercase, lowercase and digits, but not Tab";
 	}
 	elseif ($pass1 != $pass2)
 		$err = "Passwords don't match";
 	else
 	{
 		$ans = setPass($user, $oldpass, $pass1);
 		$err = 'Password changed';
 		$check = true;
 	}
 	break;
 }
 if ($check === true)
 	if ($ans['STATUS'] != 'ok')
 	{
 		$err = $ans['STATUS'];
 		if ($ans['ERROR'] != '')
 			$err .= ': '.$ans['ERROR'];
 	}
 $ans = userSettings($user);
 if ($ans['STATUS'] != 'ok')
 	dbdown(); // Should be no other reason?
 if (isset($ans['email']))
 	$email = $ans['email'];
 else
 	$email = '';
 if (isset($ans['addr']))
 	$addr = $ans['addr'];
 else
 	$addr = '';
 $pg = settings($data, $user, $email, $addr, $err);
 return $pg;
 }
 #
 function show_settings($page, $menu, $name, $user)
 {
 gopage(NULL, 'dosettings', $page, $menu, $name, $user);
 }
 #
 ?>
--- a/pool/page_stats.php
+++ b/pool/page_stats.php
@ -65,9 +65,9 @@ function dostats($data, $user)
 return $pg;
 }
 #
-function show_stats($menu, $name, $user)
+function show_stats($page, $menu, $name, $user)
 {
- gopage(NULL, 'dostats', $menu, $name, $user);
+ gopage(NULL, 'dostats', $page, $menu, $name, $user);
 }
 #
 ?>
--- a/pool/page_workers.php
+++ b/pool/page_workers.php
@ -131,9 +131,9 @@ function doworkers($data, $user)
 return $pg;
 }
 #
-function show_workers($menu, $name, $user)
+function show_workers($page, $menu, $name, $user)
 {
- gopage(NULL, 'doworkers', $menu, $name, $user);
+ gopage(NULL, 'doworkers', $page, $menu, $name, $user);
 }
 #
 ?>
--- a/sql/initid.sh
+++ b/sql/initid.sh
@ -34,3 +34,4 @@ addid paymentid ${now}200000
 addid authid ${now}300000
 addid userid ${now}400000
 addid markerid ${now}500000
 addid paymentaddressid ${now}600000
--- a/src/ckdb.c
+++ b/src/ckdb.c
@ -47,7 +47,7 @@
 #define DB_VLOCK "1"
 #define DB_VERSION "0.8"
-#define CKDB_VERSION DB_VERSION"-0.211"
+#define CKDB_VERSION DB_VERSION"-0.213"
 #define WHERE_FFL " - from %s %s() line %d"
 #define WHERE_FFL_HERE __FILE__, __func__, __LINE__
@ -783,6 +783,7 @@ enum cmd_values {
 	CMD_ADDUSER,
 	CMD_NEWPASS,
 	CMD_CHKPASS,
 	CMD_USERSET,
 	CMD_POOLSTAT,
 	CMD_USERSTAT,
 	CMD_BLOCK,
@ -1009,7 +1010,6 @@ static K_STORE *workers_store;
 #define IDLENOTIFICATIONTIME_DEF IDLENOTIFICATIONTIME_MIN
 #define IDLENOTIFICATIONTIME_DEF_STR STRINT(IDLENOTIFICATIONTIME_DEF)
 /* unused yet
 // PAYMENTADDRESSES
 typedef struct paymentaddresses {
 	int64_t paymentaddressid;
@ -1027,7 +1027,6 @@ typedef struct paymentaddresses {
 static K_TREE *paymentaddresses_root;
 static K_LIST *paymentaddresses_free;
 static K_STORE *paymentaddresses_store;
 */
 // PAYMENTS
 typedef struct payments {
@ -2491,9 +2490,9 @@ static K_ITEM *find_userid(int64_t userid)
 	return find_in_ktree(userid_root, &look, cmp_userid, ctx);
 }
-static bool users_pass(PGconn *conn, K_ITEM *u_item, char *oldhash,
+static bool users_pass_email(PGconn *conn, K_ITEM *u_item, char *oldhash,
-			char *newhash, char *by, char *code, char *inet,
+			     char *newhash, char *email, char *by, char *code,
-			tv_t *cd, K_TREE *trf_root)
+			     char *inet, tv_t *cd, K_TREE *trf_root)
 {
 	ExecStatusType rescode;
 	bool conned = false;
@ -2505,12 +2504,18 @@ static bool users_pass(PGconn *conn, K_ITEM *u_item, char *oldhash,
 	char *upd, *ins;
 	bool ok = false;
 	char *params[4 + HISTORYDATECOUNT];
 	bool hash;
 	int par;
 	LOGDEBUG("%s(): change", __func__);
 	if (oldhash != NULL)
 		hash = true;
 	else
 		hash = false;
 	DATA_USERS(users, u_item);
-	if (strcasecmp(oldhash, users->passwordhash))
+	if (hash && strcasecmp(oldhash, users->passwordhash))
 		return false;
 	K_WLOCK(users_free);
@ -2519,17 +2524,20 @@ static bool users_pass(PGconn *conn, K_ITEM *u_item, char *oldhash,
 	DATA_USERS(row, item);
 	memcpy(row, users, sizeof(*row));
 	// Update one, leave the other
 	if (hash)
 		STRNCPY(row->passwordhash, newhash);
 	else
 		STRNCPY(row->emailaddress, email);
 	HISTORYDATEINIT(row, cd, by, code, inet);
 	HISTORYDATETRANSFER(trf_root, row);
-	upd = "update users set expirydate=$1 where userid=$2 and passwordhash=$3 and expirydate=$4";
+	upd = "update users set expirydate=$1 where userid=$2 and expirydate=$3";
 	par = 0;
 	params[par++] = tv_to_buf(cd, NULL, 0);
 	params[par++] = bigint_to_buf(row->userid, NULL, 0);
 	params[par++] = str_to_buf(oldhash, NULL, 0);
 	params[par++] = tv_to_buf((tv_t *)&default_expiry, NULL, 0);
-	PARCHKVAL(par, 4, params);
+	PARCHKVAL(par, 3, params);
 	if (conn == NULL) {
 		conn = dbconnect();
@ -2558,17 +2566,18 @@ static bool users_pass(PGconn *conn, K_ITEM *u_item, char *oldhash,
 	par = 0;
 	params[par++] = bigint_to_buf(row->userid, NULL, 0);
 	params[par++] = tv_to_buf(cd, NULL, 0);
 	// Copy them both in - one will be new and one will be old
 	params[par++] = str_to_buf(row->emailaddress, NULL, 0);
 	params[par++] = str_to_buf(row->passwordhash, NULL, 0);
 	HISTORYDATEPARAMS(params, par, row);
-	PARCHKVAL(par, 3 + HISTORYDATECOUNT, params); // 8 as per ins
+	PARCHKVAL(par, 4 + HISTORYDATECOUNT, params); // 9 as per ins
 	ins = "insert into users "
 		"(userid,username,emailaddress,joineddate,passwordhash,"
 		"secondaryuserid"
 		HISTORYDATECONTROL ") select "
-		"userid,username,emailaddress,joineddate,$3,"
+		"userid,username,$3,joineddate,$4,secondaryuserid,"
-		"secondaryuserid,"
+		"$5,$6,$7,$8,$9 from users where "
 		"$4,$5,$6,$7,$8 from users where "
 		"userid=$1 and expirydate=$2";
 	res = PQexecParams(conn, ins, par, NULL, (const char **)params, NULL, NULL, 0, CKPQ_WRITE);
@ -3260,6 +3269,264 @@ void workers_reload()
 	PQfinish(conn);
 }
 // order by userid asc,expirydate desc,payaddress asc
 static cmp_t cmp_paymentaddresses(K_ITEM *a, K_ITEM *b)
 {
 	PAYMENTADDRESSES *pa, *pb;
 	DATA_PAYMENTADDRESSES(pa, a);
 	DATA_PAYMENTADDRESSES(pb, b);
 	cmp_t c = CMP_BIGINT(pa->userid, pb->userid);
 	if (c == 0) {
 		c = CMP_TV(pb->expirydate, pa->expirydate);
 		if (c == 0)
 			c = CMP_STR(pa->payaddress, pb->payaddress);
 	}
 	return c;
 }
 static K_ITEM *find_paymentaddresses(int64_t userid)
 {
 	PAYMENTADDRESSES paymentaddresses, *pa;
 	K_TREE_CTX ctx[1];
 	K_ITEM look, *item;
 	paymentaddresses.userid = userid;
 	paymentaddresses.payaddress[0] = '\0';
 	paymentaddresses.expirydate.tv_sec = DATE_S_EOT;
 	INIT_PAYMENTADDRESSES(&look);
 	look.data = (void *)(&paymentaddresses);
 	item = find_after_in_ktree(paymentaddresses_root, &look, cmp_paymentaddresses, ctx);
 	if (item) {
 		DATA_PAYMENTADDRESSES(pa, item);
 		if (pa->userid == userid && CURRENT(&(pa->expirydate)))
 			return item;
 		else
 			return NULL;
 	} else
 		return NULL;
 }
 // Whatever the current paymentaddresses are, replace them with this one
 static K_ITEM *paymentaddresses_set(PGconn *conn, int64_t userid, char *payaddress,
 					char *by, char *code, char *inet, tv_t *cd,
 					K_TREE *trf_root)
 {
 	ExecStatusType rescode;
 	bool conned = false;
 	PGresult *res;
 	K_TREE_CTX ctx[1], ctx2[1];
 	K_ITEM *item, *old, *this, look;
 	PAYMENTADDRESSES *row, pa, *thispa;
 	char *upd, *ins;
 	bool ok = false;
 	char *params[4 + HISTORYDATECOUNT];
 	int par;
 	int n;
 	LOGDEBUG("%s(): add", __func__);
 	K_WLOCK(paymentaddresses_free);
 	item = k_unlink_head(paymentaddresses_free);
 	K_WUNLOCK(paymentaddresses_free);
 	DATA_PAYMENTADDRESSES(row, item);
 	row->paymentaddressid = nextid(conn, "paymentaddressid", 1,
 					cd, by, code, inet);
 	if (row->paymentaddressid == 0)
 		goto unitem;
 	row->userid = userid;
 	STRNCPY(row->payaddress, payaddress);
 	row->payratio = 1000000;
 	HISTORYDATEINIT(row, cd, by, code, inet);
 	HISTORYDATETRANSFER(trf_root, row);
 	upd = "update paymentaddresses set expirydate=$1 where userid=$2 and expirydate=$3";
 	par = 0;
 	params[par++] = tv_to_buf(cd, NULL, 0);
 	params[par++] = bigint_to_buf(row->userid, NULL, 0);
 	params[par++] = tv_to_buf((tv_t *)&default_expiry, NULL, 0);
 	PARCHKVAL(par, 3, params);
 	if (conn == NULL) {
 		conn = dbconnect();
 		conned = true;
 	}
 	res = PQexec(conn, "Begin", CKPQ_WRITE);
 	rescode = PQresultStatus(res);
 	if (!PGOK(rescode)) {
 		PGLOGERR("Begin", rescode, conn);
 		goto unparam;
 	}
 	PQclear(res);
 	res = PQexecParams(conn, upd, par, NULL, (const char **)params, NULL, NULL, 0, CKPQ_WRITE);
 	rescode = PQresultStatus(res);
 	PQclear(res);
 	if (!PGOK(rescode)) {
 		PGLOGERR("Update", rescode, conn);
 		res = PQexec(conn, "Rollback", CKPQ_WRITE);
 		goto unparam;
 	}
 	for (n = 0; n < par; n++)
 		free(params[n]);
 	ins = "insert into paymentaddresses "
 		"(paymentaddressid,userid,payaddress,payratio"
 		HISTORYDATECONTROL ") values (" PQPARAM9 ")";
 	par = 0;
 	params[par++] = bigint_to_buf(row->paymentaddressid, NULL, 0);
 	params[par++] = bigint_to_buf(row->userid, NULL, 0);
 	params[par++] = str_to_buf(row->payaddress, NULL, 0);
 	params[par++] = int_to_buf(row->payratio, NULL, 0);
 	HISTORYDATEPARAMS(params, par, row);
 	PARCHK(par, params);
 	res = PQexecParams(conn, ins, par, NULL, (const char **)params, NULL, NULL, 0, CKPQ_WRITE);
 	rescode = PQresultStatus(res);
 	if (!PGOK(rescode)) {
 		PGLOGERR("Insert", rescode, conn);
 		goto unparam;
 	}
 	res = PQexec(conn, "Commit", CKPQ_WRITE);
 	ok = true;
 unparam:
 	PQclear(res);
 	if (conned)
 		PQfinish(conn);
 	for (n = 0; n < par; n++)
 		free(params[n]);
 unitem:
 	K_WLOCK(paymentaddresses_free);
 	if (!ok)
 		k_add_head(paymentaddresses_free, item);
 	else {
 		// Remove old (unneeded) records
 		pa.userid = userid;
 		pa.expirydate.tv_sec = 0L;
 		pa.payaddress[0] = '\0';
 		INIT_PAYMENTADDRESSES(&look);
 		look.data = (void *)(&pa);
 		old = find_after_in_ktree(paymentaddresses_root, &look,
 					  cmp_paymentaddresses, ctx);
 		while (old) {
 			this = old;
 			DATA_PAYMENTADDRESSES(thispa, this);
 			if (thispa->userid != userid)
 				break;
 			old = next_in_ktree(ctx);
 			paymentaddresses_root = remove_from_ktree(paymentaddresses_root, this,
 								  cmp_paymentaddresses, ctx2);
 			k_add_head(paymentaddresses_free, this);
 		}
 		paymentaddresses_root = add_to_ktree(paymentaddresses_root, item,
 						     cmp_paymentaddresses);
 		k_add_head(paymentaddresses_store, item);
 	}
 	K_WUNLOCK(paymentaddresses_free);
 	if (ok)
 		return item;
 	else
 		return NULL;
 }
 static bool paymentaddresses_fill(PGconn *conn)
 {
 	ExecStatusType rescode;
 	PGresult *res;
 	K_ITEM *item;
 	int n, i;
 	PAYMENTADDRESSES *row;
 	char *params[1];
 	int par;
 	char *field;
 	char *sel;
 	int fields = 4;
 	bool ok;
 	LOGDEBUG("%s(): select", __func__);
 	sel = "select "
 		"paymentaddressid,userid,payaddress,payratio"
 		HISTORYDATECONTROL
 		" from paymentaddresses where expirydate=$1";
 	par = 0;
 	params[par++] = tv_to_buf((tv_t *)(&default_expiry), NULL, 0);
 	PARCHK(par, params);
 	res = PQexecParams(conn, sel, par, NULL, (const char **)params, NULL, NULL, 0, CKPQ_READ);
 	rescode = PQresultStatus(res);
 	if (!PGOK(rescode)) {
 		PGLOGERR("Select", rescode, conn);
 		PQclear(res);
 		return false;
 	}
 	n = PQnfields(res);
 	if (n != (fields + HISTORYDATECOUNT)) {
 		LOGERR("%s(): Invalid field count - should be %d, but is %d",
 			__func__, fields + HISTORYDATECOUNT, n);
 		PQclear(res);
 		return false;
 	}
 	n = PQntuples(res);
 	LOGDEBUG("%s(): tree build count %d", __func__, n);
 	ok = true;
 	K_WLOCK(paymentaddresses_free);
 	for (i = 0; i < n; i++) {
 		item = k_unlink_head(paymentaddresses_free);
 		DATA_PAYMENTADDRESSES(row, item);
 		PQ_GET_FLD(res, i, "paymentaddressid", field, ok);
 		if (!ok)
 			break;
 		TXT_TO_BIGINT("paymentaddressid", field, row->paymentaddressid);
 		PQ_GET_FLD(res, i, "userid", field, ok);
 		if (!ok)
 			break;
 		TXT_TO_BIGINT("userid", field, row->userid);
 		PQ_GET_FLD(res, i, "payaddress", field, ok);
 		if (!ok)
 			break;
 		TXT_TO_STR("payaddress", field, row->payaddress);
 		PQ_GET_FLD(res, i, "payratio", field, ok);
 		if (!ok)
 			break;
 		TXT_TO_INT("payratio", field, row->payratio);
 		HISTORYDATEFLDS(res, i, row, ok);
 		if (!ok)
 			break;
 		paymentaddresses_root = add_to_ktree(paymentaddresses_root, item, cmp_paymentaddresses);
 		k_add_head(paymentaddresses_store, item);
 	}
 	if (!ok)
 		k_add_head(paymentaddresses_free, item);
 	K_WUNLOCK(paymentaddresses_free);
 	PQclear(res);
 	if (ok) {
 		LOGDEBUG("%s(): built", __func__);
 		LOGWARNING("%s(): loaded %d paymentaddresses records", __func__, n);
 	}
 	return ok;
 }
 // order by userid asc,paydate asc,payaddress asc,expirydate desc
 static cmp_t cmp_payments(K_ITEM *a, K_ITEM *b)
 {
@ -6811,6 +7078,8 @@ static bool getdata2()
 	if (!(ok = blocks_fill(conn)) || everyone_die)
 		goto sukamudai;
 	if (!confirm_sharesummary) {
 		if (!(ok = paymentaddresses_fill(conn)) || everyone_die)
 			goto sukamudai;
 		if (!(ok = payments_fill(conn)) || everyone_die)
 			goto sukamudai;
 	}
@ -7019,6 +7288,13 @@ static void alloc_storage()
 	workers_store = k_new_store(workers_free);
 	workers_root = new_ktree();
 	paymentaddresses_free = k_new_list("PaymentAddresses",
 					   sizeof(PAYMENTADDRESSES),
 					   ALLOC_PAYMENTADDRESSES,
 					   LIMIT_PAYMENTADDRESSES, true);
 	paymentaddresses_store = k_new_store(paymentaddresses_free);
 	paymentaddresses_root = new_ktree();
 	payments_free = k_new_list("Payments", sizeof(PAYMENTS),
 					ALLOC_PAYMENTS, LIMIT_PAYMENTS, true);
 	payments_store = k_new_store(payments_free);
@ -7205,9 +7481,10 @@ static char *cmd_newpass(__maybe_unused PGconn *conn, char *cmd, char *id,
 	K_RUNLOCK(users_free);
 	if (u_item) {
-		ok = users_pass(NULL, u_item,
+		ok = users_pass_email(NULL, u_item,
 					    transfer_data(i_oldhash),
 					    transfer_data(i_newhash),
 					    NULL,
 					    by, code, inet, now, trf_root);
 	}
@ -7262,6 +7539,124 @@ static char *cmd_chkpass(__maybe_unused PGconn *conn, char *cmd, char *id,
 	return strdup("ok.");
 }
 static char *cmd_userset(PGconn *conn, char *cmd, char *id,
 			 __maybe_unused tv_t *now, __maybe_unused char *by,
 			 __maybe_unused char *code, __maybe_unused char *inet,
 			 __maybe_unused tv_t *notcd, K_TREE *trf_root)
 {
 	K_ITEM *i_username, *i_passwordhash, *i_address, *i_email, *u_item, *pa_item;
 	char *email, *address;
 	char reply[1024] = "";
 	size_t siz = sizeof(reply);
 	char tmp[1024];
 	PAYMENTADDRESSES *paymentaddresses;
 	USERS *users;
 	char *reason = NULL;
 	char *answer = NULL;
 	size_t len, off;
 	bool ok;
 	LOGDEBUG("%s(): cmd '%s'", __func__, cmd);
 	i_username = require_name(trf_root, "username", 3, (char *)userpatt, reply, siz);
 	if (!i_username) {
 		// For web this message is detailed enough
 		reason = "System error";
 		goto struckout;
 	}
 	K_RLOCK(users_free);
 	u_item = find_users(transfer_data(i_username));
 	K_RUNLOCK(users_free);
 	if (!u_item) {
 		reason = "Unknown user";
 		goto struckout;
 	} else {
 		DATA_USERS(users, u_item);
 		i_passwordhash = optional_name(trf_root, "passwordhash",
 						64, (char *)hashpatt);
 		if (!i_passwordhash) {
 			APPEND_REALLOC_INIT(answer, off, len);
 			snprintf(tmp, sizeof(tmp), "email=%s%c",
 				 users->emailaddress, FLDSEP);
 			APPEND_REALLOC(answer, off, len, tmp);
 			K_RLOCK(paymentaddresses_free);
 			pa_item = find_paymentaddresses(users->userid);
 			K_RUNLOCK(paymentaddresses_free);
 			if (pa_item) {
 				DATA_PAYMENTADDRESSES(paymentaddresses, pa_item);
 				snprintf(tmp, sizeof(tmp), "addr=%s",
 					 paymentaddresses->payaddress);
 				APPEND_REALLOC(answer, off, len, tmp);
 			} else {
 				snprintf(tmp, sizeof(tmp), "addr=");
 				APPEND_REALLOC(answer, off, len, tmp);
 			}
 		} else {
 			if (strcasecmp(transfer_data(i_passwordhash),
 					users->passwordhash) == 0) {
 				reason = "Incorrect password";
 				goto struckout;
 			}
 			i_email = optional_name(trf_root, "email", 1, (char *)mailpatt);
 			if (i_email)
 				email = transfer_data(i_email);
 			else
 				email = NULL;
 			i_address = optional_name(trf_root, "address", 1, NULL);
 			if (i_address)
 				address = transfer_data(i_address);
 			else
 				address = NULL;
 			if ((email == NULL || *email == '\0') &&
 			    (address == NULL || *address == '\0')) {
 				reason = "Missing/Invalid value";
 				goto struckout;
 			}
 //			if (address && *address)
 //				TODO: validate it
 			if (email && *email) {
 				ok = users_pass_email(conn, u_item, NULL,
 							    NULL, email,
 							    by, code, inet,
 							    now, trf_root);
 				if (!ok) {
 					reason = "email error";
 					goto struckout;
 				}
 			}
 			if (address && *address) {
 				ok = paymentaddresses_set(conn, users->userid,
 								address, by,
 								code, inet,
 								now, trf_root);
 				if (!ok) {
 					reason = "address error";
 					goto struckout;
 				}
 			}
 			answer = strdup("updated");
 		}
 	}
 struckout:
 	if (reason) {
 		snprintf(reply, siz, "ERR.%s", reason);
 		LOGERR("%s.%s", id, reply);
 		return strdup(reply);
 	}
 	snprintf(reply, siz, "ok.%s", answer);
 	LOGDEBUG("%s.%s", id, answer);
 	free(answer);
 	return strdup(reply);
 }
 static char *cmd_poolstats_do(PGconn *conn, char *cmd, char *id, char *by,
 			      char *code, char *inet, tv_t *cd, bool igndup,
 			      K_TREE *trf_root)
@ -9248,6 +9643,7 @@ static char *cmd_stats(__maybe_unused PGconn *conn, char *cmd, char *id,
 	USEINFO(users, 1, 2);
 	USEINFO(workers, 1, 1);
 	USEINFO(paymentaddresses, 1, 1);
 	USEINFO(payments, 1, 1);
 	USEINFO(idcontrol, 1, 0);
 	USEINFO(workinfo, 1, 1);
@ -9349,6 +9745,7 @@ static struct CMDS {
 	{ CMD_ADDUSER,	"adduser",	false,	false,	cmd_adduser,	ACCESS_WEB },
 	{ CMD_NEWPASS,	"newpass",	false,	false,	cmd_newpass,	ACCESS_WEB },
 	{ CMD_CHKPASS,	"chkpass",	false,	false,	cmd_chkpass,	ACCESS_WEB },
 	{ CMD_USERSET,	"usersettings",	false,	false,	cmd_userset,	ACCESS_WEB },
 	{ CMD_POOLSTAT,	"poolstats",	false,	true,	cmd_poolstats,	ACCESS_POOL },
 	{ CMD_USERSTAT,	"userstats",	false,	true,	cmd_userstats,	ACCESS_POOL },
 	{ CMD_BLOCK,	"block",	false,	true,	cmd_blocks,	ACCESS_POOL },
@ -9886,6 +10283,7 @@ static void *socketer(__maybe_unused void *arg)
 	char *last_chkpass = NULL, *reply_chkpass = NULL;
 	char *last_adduser = NULL, *reply_adduser = NULL;
 	char *last_newpass = NULL, *reply_newpass = NULL;
 	char *last_userset = NULL, *reply_userset = NULL;
 	char *last_newid = NULL, *reply_newid = NULL;
 	char *last_web = NULL, *reply_web = NULL;
 	char *reply_last, duptype[CMD_SIZ+1];
@ -10058,6 +10456,7 @@ static void *socketer(__maybe_unused void *arg)
 					case CMD_CHKPASS:
 					case CMD_ADDUSER:
 					case CMD_NEWPASS:
 					case CMD_USERSET:
 					case CMD_BLOCKLIST:
 					case CMD_NEWID:
 					case CMD_STATS:
@ -10088,6 +10487,9 @@ static void *socketer(__maybe_unused void *arg)
 							case CMD_NEWPASS:
 								STORELASTREPLY(newpass);
 								break;
 							case CMD_USERSET:
 								STORELASTREPLY(userset);
 								break;
 							case CMD_NEWID:
 								STORELASTREPLY(newid);
 								break;
@ -10277,6 +10679,7 @@ static bool reload_line(PGconn *conn, char *filename, uint64_t count, char *buf)
 			case CMD_ADDUSER:
 			case CMD_NEWPASS:
 			case CMD_CHKPASS:
 			case CMD_USERSET:
 			case CMD_BLOCKLIST:
 			case CMD_BLOCKSTATUS:
 			case CMD_NEWID: