markow
/
ckpool
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

php - enforce email address rules in php - retrospectively

master
kanoi 9 years ago
parent
332574564b
commit
baabcdfee9
4 changed files with 83 additions and 26 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 36
      pool/base.php
  2. 15
      pool/page_2fa.php
  3. 5
      pool/page_reg.php
  4. 53
      pool/page_settings.php

36
pool/base.php
Unescape View File

@ -272,6 +272,31 @@ function safepass($pass)
return true; return true;
} }
# #
function bademail($email, $isold = false)
{
if ($email == null || $email == '')
{
if ($isold === false)
return 'Invalid email address';
else
return 'Invalid email address - you must setup one first';
}
$ok = (stripos($email, '@hotmail.') === false &&
stripos($email, '@live.') === false &&
stripos($email, '@outlook.') === false);
if ($ok)
return null;
else
{
if ($isold === false)
return "Email from hotmail/live/outlook can't be used";
else
return 'Email from hotmail/live/outlook no longer works<br>You must change it first';
}
}
#
function loginStr($str) function loginStr($str)
{ {
// Anything but . _ / Tab // Anything but . _ / Tab
@ -540,4 +565,15 @@ function loggedIn()
return $who; return $who;
} }
# #
function emailcheck($user)
{
$ans = userSettings($user);
if ($ans['STATUS'] != 'ok')
dbdown(); // Should be no other reason?
if (!isset($ans['email']))
return 'You need to setup an email address first';
else
return bademail($ans['email'], true);
}
#
?> ?>

15
pool/page_2fa.php
Unescape View File

@ -174,8 +174,16 @@ function set_2fa($data, $user, $tfa, $ans, $err, $msg)
function do2fa($data, $user) function do2fa($data, $user)
{ {
$mailmode = ''; $mailmode = '';
$tfa = null;
$err = ''; $err = '';
$msg = ''; $msg = '';
$res = emailcheck($user);
if ($res != null)
{
$msg = $res;
$ans = get2fa($user, '', 0, 0);
goto skipo;
}
$setup = getparam('Setup', false); $setup = getparam('Setup', false);
if ($setup === 'Setup') if ($setup === 'Setup')
{ {
@ -222,6 +230,7 @@ function do2fa($data, $user)
} }
} }
} }
skipo:
if ($ans['STATUS'] != 'ok') if ($ans['STATUS'] != 'ok')
$err = 'DBERR'; $err = 'DBERR';
else else
@ -258,11 +267,9 @@ function do2fa($data, $user)
} }
} }
} }
if (!isset($ans['2fa_status'])) if (isset($ans['2fa_status']))
$tfa = null;
else
$tfa = $ans['2fa_status']; $tfa = $ans['2fa_status'];
if (isset($ans['2fa_msg'])) if ($msg == '' && isset($ans['2fa_msg']))
$msg = $ans['2fa_msg']; $msg = $ans['2fa_msg'];
$pg = set_2fa($data, $user, $tfa, $ans, $err, $msg); $pg = set_2fa($data, $user, $tfa, $ans, $err, $msg);

5
pool/page_reg.php
Unescape View File

@ -141,10 +141,11 @@ function try_reg($info, $page, $menu, $name, $u)
$ok = false; $ok = false;
else else
{ {
if (stripos($mail, 'hotmail') !== false) $res = bademail($mail);
if ($res != null)
{ {
$ok = false; $ok = false;
$data['error'] = "hotmail not allowed"; $data['error'] = $res;
} }
if (safepass($pass) !== true) if (safepass($pass) !== true)

53
pool/page_settings.php
Unescape View File

@ -127,8 +127,9 @@ function dosettings($data, $user)
{ {
case 'EMail': case 'EMail':
$email = getparam('email', false); $email = getparam('email', false);
if (stripos($email, 'hotmail') !== false) $res = bademail($email);
$err = 'hotmail not allowed'; if ($res != null)
$err = $res;
else else
{ {
$pass = getparam('pass', false); $pass = getparam('pass', false);
@ -141,29 +142,41 @@ function dosettings($data, $user)
case 'Address': case 'Address':
if (!isset($data['info']['u_multiaddr'])) if (!isset($data['info']['u_multiaddr']))
{ {
$addr = getparam('baddr', false); $res = emailcheck($user);
$addrarr = array(array('addr' => $addr)); if ($res != null)
$pass = getparam('pass', false); $err = $res;
$twofa = getparam('2fa', false); else
$ans = userSettings($user, null, $addrarr, $pass, $twofa); {
$err = 'Payout address changed'; $addr = getparam('baddr', false);
$check = true; $addrarr = array(array('addr' => $addr));
$pass = getparam('pass', false);
$twofa = getparam('2fa', false);
$ans = userSettings($user, null, $addrarr, $pass, $twofa);
$err = 'Payout address changed';
$check = true;
}
} }
break; break;
case 'Password': case 'Password':
$oldpass = getparam('oldpass', false); $res = emailcheck($user);
$pass1 = getparam('pass1', false); if ($res != null)
$pass2 = getparam('pass2', false); $err = $res;
$twofa = getparam('2fa', false);
if (!safepass($pass1))
$err = 'Unsafe password. ' . passrequires();
elseif ($pass1 != $pass2)
$err = "Passwords don't match";
else else
{ {
$ans = setPass($user, $oldpass, $pass1, $twofa); $oldpass = getparam('oldpass', false);
$err = 'Password changed'; $pass1 = getparam('pass1', false);
$check = true; $pass2 = getparam('pass2', false);
$twofa = getparam('2fa', false);
if (!safepass($pass1))
$err = 'Unsafe password. ' . passrequires();
elseif ($pass1 != $pass2)
$err = "Passwords don't match";
else
{
$ans = setPass($user, $oldpass, $pass1, $twofa);
$err = 'Password changed';
$check = true;
}
} }
break; break;
} }

Write Preview
Loading…
Cancel
Save