diff --git a/pool/base.php b/pool/base.php index 7993d580..e9e4a6c6 100644 --- a/pool/base.php +++ b/pool/base.php @@ -272,6 +272,31 @@ function safepass($pass) return true; } # +function bademail($email, $isold = false) +{ + if ($email == null || $email == '') + { + if ($isold === false) + return 'Invalid email address'; + else + return 'Invalid email address - you must setup one first'; + } + + $ok = (stripos($email, '@hotmail.') === false && + stripos($email, '@live.') === false && + stripos($email, '@outlook.') === false); + + if ($ok) + return null; + else + { + if ($isold === false) + return "Email from hotmail/live/outlook can't be used"; + else + return 'Email from hotmail/live/outlook no longer works
You must change it first'; + } +} +# function loginStr($str) { // Anything but . _ / Tab @@ -540,4 +565,15 @@ function loggedIn() return $who; } # +function emailcheck($user) +{ + $ans = userSettings($user); + if ($ans['STATUS'] != 'ok') + dbdown(); // Should be no other reason? + if (!isset($ans['email'])) + return 'You need to setup an email address first'; + else + return bademail($ans['email'], true); +} +# ?> diff --git a/pool/page_2fa.php b/pool/page_2fa.php index 1e86e24d..42b059a8 100644 --- a/pool/page_2fa.php +++ b/pool/page_2fa.php @@ -174,8 +174,16 @@ function set_2fa($data, $user, $tfa, $ans, $err, $msg) function do2fa($data, $user) { $mailmode = ''; + $tfa = null; $err = ''; $msg = ''; + $res = emailcheck($user); + if ($res != null) + { + $msg = $res; + $ans = get2fa($user, '', 0, 0); + goto skipo; + } $setup = getparam('Setup', false); if ($setup === 'Setup') { @@ -222,6 +230,7 @@ function do2fa($data, $user) } } } +skipo: if ($ans['STATUS'] != 'ok') $err = 'DBERR'; else @@ -258,11 +267,9 @@ function do2fa($data, $user) } } } - if (!isset($ans['2fa_status'])) - $tfa = null; - else + if (isset($ans['2fa_status'])) $tfa = $ans['2fa_status']; - if (isset($ans['2fa_msg'])) + if ($msg == '' && isset($ans['2fa_msg'])) $msg = $ans['2fa_msg']; $pg = set_2fa($data, $user, $tfa, $ans, $err, $msg); diff --git a/pool/page_reg.php b/pool/page_reg.php index bbdf2363..afab85bd 100644 --- a/pool/page_reg.php +++ b/pool/page_reg.php @@ -141,10 +141,11 @@ function try_reg($info, $page, $menu, $name, $u) $ok = false; else { - if (stripos($mail, 'hotmail') !== false) + $res = bademail($mail); + if ($res != null) { $ok = false; - $data['error'] = "hotmail not allowed"; + $data['error'] = $res; } if (safepass($pass) !== true) diff --git a/pool/page_settings.php b/pool/page_settings.php index 21ad6915..5f6901aa 100644 --- a/pool/page_settings.php +++ b/pool/page_settings.php @@ -127,8 +127,9 @@ function dosettings($data, $user) { case 'EMail': $email = getparam('email', false); - if (stripos($email, 'hotmail') !== false) - $err = 'hotmail not allowed'; + $res = bademail($email); + if ($res != null) + $err = $res; else { $pass = getparam('pass', false); @@ -141,29 +142,41 @@ function dosettings($data, $user) case 'Address': if (!isset($data['info']['u_multiaddr'])) { - $addr = getparam('baddr', false); - $addrarr = array(array('addr' => $addr)); - $pass = getparam('pass', false); - $twofa = getparam('2fa', false); - $ans = userSettings($user, null, $addrarr, $pass, $twofa); - $err = 'Payout address changed'; - $check = true; + $res = emailcheck($user); + if ($res != null) + $err = $res; + else + { + $addr = getparam('baddr', false); + $addrarr = array(array('addr' => $addr)); + $pass = getparam('pass', false); + $twofa = getparam('2fa', false); + $ans = userSettings($user, null, $addrarr, $pass, $twofa); + $err = 'Payout address changed'; + $check = true; + } } break; case 'Password': - $oldpass = getparam('oldpass', false); - $pass1 = getparam('pass1', false); - $pass2 = getparam('pass2', false); - $twofa = getparam('2fa', false); - if (!safepass($pass1)) - $err = 'Unsafe password. ' . passrequires(); - elseif ($pass1 != $pass2) - $err = "Passwords don't match"; + $res = emailcheck($user); + if ($res != null) + $err = $res; else { - $ans = setPass($user, $oldpass, $pass1, $twofa); - $err = 'Password changed'; - $check = true; + $oldpass = getparam('oldpass', false); + $pass1 = getparam('pass1', false); + $pass2 = getparam('pass2', false); + $twofa = getparam('2fa', false); + if (!safepass($pass1)) + $err = 'Unsafe password. ' . passrequires(); + elseif ($pass1 != $pass2) + $err = "Passwords don't match"; + else + { + $ans = setPass($user, $oldpass, $pass1, $twofa); + $err = 'Password changed'; + $check = true; + } } break; }