php - enforce email address rules in php - retrospectively

9 years ago · baabcdfee9
4 changed files with 83 additions and 26 deletions
--- a/pool/base.php
+++ b/pool/base.php
@ -272,6 +272,31 @@ function safepass($pass)
 return true;
 }
 #
+function bademail($email, $isold = false)
+{
+ if ($email == null || $email == '')
+ {
+	if ($isold === false)
+		return 'Invalid email address';
+	else
+		return 'Invalid email address - you must setup one first';
+ }
+
+ $ok = (stripos($email, '@hotmail.') === false &&
+	stripos($email, '@live.') === false &&
+	stripos($email, '@outlook.') === false);
+
+ if ($ok)
+	return null;
+ else
+ {
+	if ($isold === false)
+		return "Email from hotmail/live/outlook can't be used";
+	else
+		return 'Email from hotmail/live/outlook no longer works<br>You must change it first';
+ }
+}
+#
 function loginStr($str)
 {
 // Anything but . _ / Tab
@ -540,4 +565,15 @@ function loggedIn()
 return $who;
 }
 #
+function emailcheck($user)
+{
+ $ans = userSettings($user);
+ if ($ans['STATUS'] != 'ok')
+	dbdown(); // Should be no other reason?
+ if (!isset($ans['email']))
+	return 'You need to setup an email address first';
+ else
+	return bademail($ans['email'], true);
+}
+#
 ?>
--- a/pool/page_2fa.php
+++ b/pool/page_2fa.php
@ -174,8 +174,16 @@ function set_2fa($data, $user, $tfa, $ans, $err, $msg)
 function do2fa($data, $user)
 {
 $mailmode = '';
+ $tfa = null;
 $err = '';
 $msg = '';
+ $res = emailcheck($user);
+ if ($res != null)
+ {
+	$msg = $res;
+	$ans = get2fa($user, '', 0, 0);
+	goto skipo;
+ }
 $setup = getparam('Setup', false);
 if ($setup === 'Setup')
 {
@ -222,6 +230,7 @@ function do2fa($data, $user)
 		}
 	}
 }
+skipo:
 if ($ans['STATUS'] != 'ok')
 	$err = 'DBERR';
 else
@ -258,11 +267,9 @@ function do2fa($data, $user)
 		}
 	}
 }
- if (!isset($ans['2fa_status']))
-	$tfa = null;
- else
+ if (isset($ans['2fa_status']))
 	$tfa = $ans['2fa_status'];
- if (isset($ans['2fa_msg']))
+ if ($msg == '' && isset($ans['2fa_msg']))
 	$msg = $ans['2fa_msg'];

 $pg = set_2fa($data, $user, $tfa, $ans, $err, $msg);
--- a/pool/page_reg.php
+++ b/pool/page_reg.php
@ -141,10 +141,11 @@ function try_reg($info, $page, $menu, $name, $u)
 	$ok = false;
 else
 {
-	if (stripos($mail, 'hotmail') !== false)
+	$res = bademail($mail);
+	if ($res != null)
 	{
 		$ok = false;
-		$data['error'] = "hotmail not allowed";
+		$data['error'] = $res;
 	}

 	if (safepass($pass) !== true)
--- a/pool/page_settings.php
+++ b/pool/page_settings.php
@ -127,8 +127,9 @@ function dosettings($data, $user)
 {
  case 'EMail':
 	$email = getparam('email', false);
-	if (stripos($email, 'hotmail') !== false)
-		$err = 'hotmail not allowed';
+	$res = bademail($email);
+	if ($res != null)
+		$err = $res;
 	else
 	{
 		$pass = getparam('pass', false);
@ -140,6 +141,11 @@ function dosettings($data, $user)
 	break;
  case 'Address':
 	if (!isset($data['info']['u_multiaddr']))
+	{
+		$res = emailcheck($user);
+		if ($res != null)
+			$err = $res;
+		else
 		{
 			$addr = getparam('baddr', false);
 			$addrarr = array(array('addr' => $addr));
@ -149,8 +155,14 @@ function dosettings($data, $user)
 			$err = 'Payout address changed';
 			$check = true;
 		}
+	}
 	break;
  case 'Password':
+	$res = emailcheck($user);
+	if ($res != null)
+		$err = $res;
+	else
+	{
 		$oldpass = getparam('oldpass', false);
 		$pass1 = getparam('pass1', false);
 		$pass2 = getparam('pass2', false);
@ -165,6 +177,7 @@ function dosettings($data, $user)
 			$err = 'Password changed';
 			$check = true;
 		}
+	}
 	break;
 }
 $doemail = false;