markow
/
ckpool
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

php - enforce email address rules in php - retrospectively

master
kanoi 9 years ago
parent
332574564b
commit
baabcdfee9
4 changed files with 83 additions and 26 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 36
      pool/base.php
  2. 15
      pool/page_2fa.php
  3. 5
      pool/page_reg.php
  4. 53
      pool/page_settings.php

36
pool/base.php
Unescape View File

@ -272,6 +272,31 @@ function safepass($pass)
return true;
}
#
function bademail($email, $isold = false)
{
if ($email == null || $email == '')
{
if ($isold === false)
return 'Invalid email address';
else
return 'Invalid email address - you must setup one first';
}
$ok = (stripos($email, '@hotmail.') === false &&
stripos($email, '@live.') === false &&
stripos($email, '@outlook.') === false);
if ($ok)
return null;
else
{
if ($isold === false)
return "Email from hotmail/live/outlook can't be used";
else
return 'Email from hotmail/live/outlook no longer works<br>You must change it first';
}
}
#
function loginStr($str)
{
// Anything but . _ / Tab
@ -540,4 +565,15 @@ function loggedIn()
return $who;
}
#
function emailcheck($user)
{
$ans = userSettings($user);
if ($ans['STATUS'] != 'ok')
dbdown(); // Should be no other reason?
if (!isset($ans['email']))
return 'You need to setup an email address first';
else
return bademail($ans['email'], true);
}
#
?>

15
pool/page_2fa.php
Unescape View File

@ -174,8 +174,16 @@ function set_2fa($data, $user, $tfa, $ans, $err, $msg)
function do2fa($data, $user)
{
$mailmode = '';
$tfa = null;
$err = '';
$msg = '';
$res = emailcheck($user);
if ($res != null)
{
$msg = $res;
$ans = get2fa($user, '', 0, 0);
goto skipo;
}
$setup = getparam('Setup', false);
if ($setup === 'Setup')
{
@ -222,6 +230,7 @@ function do2fa($data, $user)
}
}
}
skipo:
if ($ans['STATUS'] != 'ok')
$err = 'DBERR';
else
@ -258,11 +267,9 @@ function do2fa($data, $user)
}
}
}
if (!isset($ans['2fa_status']))
$tfa = null;
else
if (isset($ans['2fa_status']))
$tfa = $ans['2fa_status'];
if (isset($ans['2fa_msg']))
if ($msg == '' && isset($ans['2fa_msg']))
$msg = $ans['2fa_msg'];
$pg = set_2fa($data, $user, $tfa, $ans, $err, $msg);

5
pool/page_reg.php
Unescape View File

@ -141,10 +141,11 @@ function try_reg($info, $page, $menu, $name, $u)
$ok = false;
else
{
if (stripos($mail, 'hotmail') !== false)
$res = bademail($mail);
if ($res != null)
{
$ok = false;
$data['error'] = "hotmail not allowed";
$data['error'] = $res;
}
if (safepass($pass) !== true)

53
pool/page_settings.php
Unescape View File

@ -127,8 +127,9 @@ function dosettings($data, $user)
{
case 'EMail':
$email = getparam('email', false);
if (stripos($email, 'hotmail') !== false)
$err = 'hotmail not allowed';
$res = bademail($email);
if ($res != null)
$err = $res;
else
{
$pass = getparam('pass', false);
@ -141,29 +142,41 @@ function dosettings($data, $user)
case 'Address':
if (!isset($data['info']['u_multiaddr']))
{
$addr = getparam('baddr', false);
$addrarr = array(array('addr' => $addr));
$pass = getparam('pass', false);
$twofa = getparam('2fa', false);
$ans = userSettings($user, null, $addrarr, $pass, $twofa);
$err = 'Payout address changed';
$check = true;
$res = emailcheck($user);
if ($res != null)
$err = $res;
else
{
$addr = getparam('baddr', false);
$addrarr = array(array('addr' => $addr));
$pass = getparam('pass', false);
$twofa = getparam('2fa', false);
$ans = userSettings($user, null, $addrarr, $pass, $twofa);
$err = 'Payout address changed';
$check = true;
}
}
break;
case 'Password':
$oldpass = getparam('oldpass', false);
$pass1 = getparam('pass1', false);
$pass2 = getparam('pass2', false);
$twofa = getparam('2fa', false);
if (!safepass($pass1))
$err = 'Unsafe password. ' . passrequires();
elseif ($pass1 != $pass2)
$err = "Passwords don't match";
$res = emailcheck($user);
if ($res != null)
$err = $res;
else
{
$ans = setPass($user, $oldpass, $pass1, $twofa);
$err = 'Password changed';
$check = true;
$oldpass = getparam('oldpass', false);
$pass1 = getparam('pass1', false);
$pass2 = getparam('pass2', false);
$twofa = getparam('2fa', false);
if (!safepass($pass1))
$err = 'Unsafe password. ' . passrequires();
elseif ($pass1 != $pass2)
$err = "Passwords don't match";
else
{
$ans = setPass($user, $oldpass, $pass1, $twofa);
$err = 'Password changed';
$check = true;
}
}
break;
}

Write Preview
Loading…
Cancel
Save