You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
273 lines
7.6 KiB
273 lines
7.6 KiB
<?php |
|
# |
|
include_once('email.php'); |
|
# |
|
function doregres($data, $u) |
|
{ |
|
if (isset($data['data']['user'])) |
|
$user = htmlspecialchars($data['data']['user']); |
|
else |
|
$user = ''; |
|
|
|
if (isset($data['data']['mail'])) |
|
$mail = htmlspecialchars($data['data']['mail']); |
|
else |
|
$mail = ''; |
|
|
|
$pg = "<br><span class=urg>WARNING:</span> |
|
<b>Do not</b> give your username+password to anyone else.<br> |
|
<b>Do not</b> give your username+password to apps or web sites.<br> |
|
A monitoring app or web site will <b>ONLY</b> need your username+API key.<br> |
|
You can setup an API key from the 'Account'->'User Settings' menu page after you login.<br> |
|
Your miner password should be '<b>x</b>' and <b>must not</b> use your login password.<br>"; |
|
|
|
$pg .= makeForm('')."<br> |
|
<table cellpadding=0 cellspacing=0 border=0><tr> |
|
<td>User:</td><td><input type=text name=User size=10 value=''></td> |
|
<td> Pass:</td><td><input type=password name=Pass size=10 value=''></td> |
|
<td> <input type=submit name=Login value=Login></td> |
|
</tr></table></form>"; |
|
|
|
$pg .= '<br><h1>or choose one:</h1>'; |
|
|
|
$pg .= '<table cellpadding=5 cellspacing=0 border=1><tr><td class=dc>'; |
|
|
|
$pg .= '<h1>Login</h1>'; |
|
if (isset($data['data']['error']) && !isset($_POST['pass2'])) |
|
$pg .= "<br><span class=err>".$data['data']['error']." - please try again</span><br><br>"; |
|
$pg .= makeForm(''); |
|
$pg .= " |
|
<table> |
|
<tr><td class=dr>Username:</td> |
|
<td class=dl><input name=User value=''></td></tr> |
|
<tr><td class=dr>Password:</td> |
|
<td class=dl><input type=password name=Pass value=''></td></tr> |
|
<tr><td class=dr><span class=st1>*</span>2nd Authentication:</td> |
|
<td class=dl><input type=password name=2fa size=10></td></tr> |
|
<tr><td colspan=2 class=dc><font size=-1><span class=st1>*</span> |
|
Leave blank if you haven't enabled it</font></td></tr> |
|
<tr><td> </td> |
|
<td class=dl><input type=submit name=Login value=Login></td></tr> |
|
</table> |
|
</form>"; |
|
|
|
$pg.= '</td></tr><tr><td class=dc>'; |
|
|
|
$pg .= '<h1>Register</h1>'; |
|
if (isset($data['data']['error']) && isset($_POST['pass2'])) |
|
$pg .= "<br><span class=err>".$data['data']['error']." - please try again</span><br><br>"; |
|
$pg .= makeForm(''); |
|
$pg .= " |
|
<table> |
|
<tr><td class=dr>Username:</td> |
|
<td class=dl><input name=user value=\"$user\"></td></tr> |
|
<tr><td class=dr>Email:</td> |
|
<td class=dl><input name=mail value=\"$mail\"></td></tr> |
|
<tr><td class=dr>Password:</td> |
|
<td class=dl><input type=password name=pass value=''></td></tr> |
|
<tr><td class=dr>Retype Password:</td> |
|
<td class=dl><input type=password name=pass2 value=''></td></tr> |
|
<tr><td> </td> |
|
<td class=dl><input type=submit name=Register value=Register></td></tr> |
|
<tr><td colspan=2 class=dc><br><font size=-1><span class=st1>*</span> |
|
All fields are required<br>Your Username can't be a BTC address</font></td></tr> |
|
<tr><td colspan=2 class=dc><font size=-1><br>Note: your username is upper/lowercase sensitive,<br> |
|
and you must also have upper/lowercase correct on all your miners<br><br>" . passrequires() . "</font></td></tr> |
|
</table> |
|
</form>"; |
|
|
|
$pg.= '</td></tr><tr><td class=dc>'; |
|
|
|
$pg .= '<h1>Password Reset</h1>'; |
|
$pg .= makeForm(''); |
|
$pg .= " |
|
<table> |
|
<tr><td class=dr>Username:</td> |
|
<td class=dl><input name=user value=\"$user\"></td></tr> |
|
<tr><td class=dr>Email:</td> |
|
<td class=dl><input name=mail value=''></td></tr> |
|
<tr><td> </td> |
|
<td class=dl><input type=submit name=Reset value=Reset></td></tr> |
|
<tr><td colspan=2 class=dc><br><font size=-1> |
|
If you enter the details correctly,<br> |
|
an Email will be sent to you to let you reset your password</font></td></tr> |
|
</table> |
|
</form>"; |
|
|
|
$pg .= '</td></tr></table>'; |
|
|
|
return $pg; |
|
} |
|
# |
|
function doreg2($data) |
|
{ |
|
if (isset($data['data']['user'])) |
|
$user = htmlspecialchars($data['data']['user']); |
|
else |
|
$user = ''; |
|
|
|
$pg = '<h1>Registered</h1>'; |
|
// $pg .= '<br>You will receive an email shortly to verify your account'; |
|
$pg .= '<br>Your account is registered and ready to mine.'; |
|
$pg .= '<br>Choose your own worker names in cgminer.'; |
|
$pg .= '<br>Worker names must start with your username and a dot or an underscore'; |
|
$pg .= "<br>e.g. <span class=hil>${user}_worker1</span> or <span class=hil>${user}.worker7</span>"; |
|
return $pg; |
|
} |
|
# |
|
function try_reg($info, $page, $menu, $name, $u) |
|
{ |
|
$disallow = array('/kano/i', '/pool/i', '/kolivas/i'); |
|
|
|
$user = getparam('user', false); |
|
$mail = trim(getparam('mail', false)); |
|
$pass = getparam('pass', false); |
|
$pass2 = getparam('pass2', false); |
|
|
|
$data = array(); |
|
|
|
if (nuem($user)) |
|
$data['user'] = ''; |
|
else |
|
$data['user'] = $user; |
|
|
|
if (nuem($mail)) |
|
$data['mail'] = ''; |
|
else |
|
$data['mail'] = $mail; |
|
|
|
$ok = true; |
|
if (nuem($user) || nuem($mail) || nuem($pass) || nuem($pass2)) |
|
$ok = false; |
|
else |
|
{ |
|
if (stripos($mail, 'hotmail') !== false) |
|
{ |
|
$ok = false; |
|
$data['error'] = "hotmail not allowed"; |
|
} |
|
|
|
if (safepass($pass) !== true) |
|
{ |
|
$ok = false; |
|
$data['error'] = "Password is unsafe"; |
|
} |
|
elseif ($pass2 != $pass) |
|
{ |
|
$ok = false; |
|
$data['error'] = "Passwords don't match"; |
|
} |
|
|
|
$orig = $user; |
|
$user = loginStr($orig); |
|
if ($user != $orig) |
|
{ |
|
$ok = false; |
|
$data['error'] = "Username cannot include '.', '_', '/' or Tab"; |
|
$data['user'] = $user; |
|
} |
|
} |
|
|
|
if ($ok === true) |
|
{ |
|
foreach ($disallow as $patt) |
|
if (preg_match($patt, $user) === 1) |
|
{ |
|
$ok = false; |
|
$data['error'] = 'Disallowed username'; |
|
break; |
|
} |
|
} |
|
|
|
if ($ok === true) |
|
{ |
|
$ans = userReg($user, $mail, $pass); |
|
if ($ans['STATUS'] == 'ok') |
|
gopage($info, $data, 'doreg2', $page, $menu, $name, $u, true, true, false); |
|
else |
|
$data['error'] = "Invalid username, password or email address"; |
|
} |
|
|
|
gopage($info, $data, 'doregres', $page, $menu, $name, $u, true, true, false); |
|
} |
|
# |
|
function doreset2($data) |
|
{ |
|
$user = $data['data']['user']; |
|
$email = $data['data']['email']; |
|
|
|
$emailinfo = getOpts($user, emailOptList()); |
|
if ($emailinfo['STATUS'] != 'ok') |
|
syserror(); |
|
|
|
$ans = getAtts($user, 'KLastReset.dateexp'); |
|
if ($ans['STATUS'] != 'ok') |
|
syserror(); |
|
|
|
// If the last attempt hasn't expired don't do anything but show a fake msg |
|
if (!isset($ans['KLastReset.dateexp']) || $ans['KLastReset.dateexp'] == 'Y') |
|
{ |
|
// This line $code = isn't an attempt at security - |
|
// it's simply to ensure the username is readable when we get it back |
|
$code = bin2hex($data['data']['user']). '_'; |
|
|
|
// A code that's large enough to not be worth guessing |
|
$ran = $ans['STAMP'].$user.$email.rand(100000000,999999999); |
|
$hash = hash('md4', $ran); |
|
|
|
$ans = setAtts($user, array('ua_KReset.str' => $hash, |
|
'ua_KReset.date' => 'now+3600', |
|
'ua_LastReset.date' => 'now+3600')); |
|
if ($ans['STATUS'] != 'ok') |
|
syserror(); |
|
|
|
$ok = passReset($email, $code.$hash, zeip(), $emailinfo); |
|
if ($ok === false) |
|
syserror(); |
|
} |
|
|
|
$pg = '<h1>Reset Sent</h1>'; |
|
$pg .= '<br>An Email has been sent that will allow you to'; |
|
$pg .= '<br>reset your password.'; |
|
$pg .= '<br>If you got your username or email address wrong,'; |
|
$pg .= '<br>you wont get the email.'; |
|
return $pg; |
|
} |
|
# |
|
function try_reset($info, $page, $menu, $name, $u) |
|
{ |
|
$user = getparam('user', false); |
|
$mail = trim(getparam('mail', false)); |
|
|
|
$data = array(); |
|
|
|
if (!nuem($user)) |
|
$user = loginStr($user); |
|
|
|
if (!nuem($user) && !nuem($mail)) |
|
{ |
|
$ans = userSettings($user); |
|
if ($ans['STATUS'] == 'ok' && isset($ans['email']) && $ans['email'] == $mail) |
|
{ |
|
$data = array('user' => $user, 'email' => $mail); |
|
|
|
gopage($info, $data, 'doreset2', $page, $menu, $name, $u, true, true, false); |
|
} |
|
} |
|
|
|
gopage($info, $data, 'doregres', $page, $menu, $name, $u, true, true, false); |
|
} |
|
# |
|
function show_reg($info, $page, $menu, $name, $u) |
|
{ |
|
// Slow this right down |
|
usleep(1000000); |
|
|
|
$reg = getparam('Register', false); |
|
if ($reg !== NULL) |
|
try_reg($info, $page, $menu, $name, $u); |
|
else |
|
try_reset($info, $page, $menu, $name, $u); |
|
} |
|
# |
|
?>
|
|
|