novabbs
/
rocksolid-light
2
0
Fork 1
Code Issues 14 Pull Requests Releases Wiki Activity

Consolidate registration into one script and pass change into one script

This commit is contained in:
Retro_Guy 2021-06-13 06:57:23 +00:00
parent bba0ed7fac
commit 9eca611f81
5 changed files with 239 additions and 223 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

114
Rocksolid_Light/common/change.php
View File

@ -1,114 +0,0 @@
<html>
<head>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<META HTTP-EQUIV="Content-type" CONTENT="text/html; charset=<?=$www_charset?>">
<?php
if (file_exists('../common/mods/style.css')) {
echo '<link rel="stylesheet" type="text/css" href="../common/mods/style.css">';
} else {
echo '<link rel="stylesheet" type="text/css" href="../common/style.css">';
}
?>
</head>
<body>
<?php
include "config.inc.php";
# $hostname: '{POPaddress:port/pop3}INBOX'
$hostname = '{rocksolidbbs:110/pop3}INBOX';
# $external: Using external POP auth?
$external = 0;
# $workpath: Where to cache users (must be writable by calling program)
$workpath = $config_dir."users/";
$keypath = $config_dir."userconfig/";
# DO NOT EDIT ANYTHING BELOW THIS LINE
$ok = FALSE;
$command = "Login";
$current = $_POST['current'];
$username = $_POST['username'];
$password = $_POST['password'];
$command = $_POST['command'];
echo '<center>';
$thisusername = $username;
$username = strtolower($username);
$userFilename = $workpath.$username;
$keyFilename = $keypath.$username;
# Check all input
if (empty($_POST['username'])) {
echo "Please enter a Username\r\n";
echo '<br /><a href="changepw.php">Back</a>';
exit(2);
}
if (!check_bbs_auth($username, $current)) {
echo "Failed to authenticate\r\n";
echo '<br /><a href="changepw.php">Back</a>';
exit(2);
}
if ($_POST['password'] !== $_POST['password2']) {
echo "Your passwords entered do not match\r\n";
echo '<br /><a href="changepw.php">Back</a>';
exit(2);
}
$ok=true;
# User is authenticated or to be created. Either way, create the file
if ($ok || ($command == "Change") )
{
if ($userFileHandle = @fopen($userFilename, 'w+'))
{
fwrite($userFileHandle, password_hash($password, PASSWORD_DEFAULT));
fclose($userFileHandle);
chmod($userFilename, 0666);
}
echo "User:".$thisusername." Password changed\r\n";
echo '<br /><a href="../">Back</a>';
exit(0);
} else {
echo "Authentication Failed\r\n";
exit(1);
}
function make_key($username) {
$key = openssl_random_pseudo_bytes(44);
return base64_encode($key);
}
function check_bbs_auth($username, $password) {
global $config_dir;
$workpath = $config_dir."users/";
$username = strtolower($username);
$userFilename = $workpath.$username;
if ($userFileHandle = @fopen($userFilename, 'r'))
{
$userFileInfo = fread($userFileHandle, filesize($userFilename));
fclose($userFileHandle);
if (password_verify ( $password , $userFileInfo))
{
touch($userFilename);
$ok = TRUE;
} else {
$ok = FALSE;
}
} else {
$ok = FALSE;
}
if ($ok)
{
return TRUE;
} else {
return FALSE;
}
}
?>
</body>
</html>

165
Rocksolid_Light/common/changepw.php
View File

@ -1,38 +1,129 @@
<html>
<?php include "head.inc";?>
<table border="0" align="center" cellpadding="0" cellspacing="1">
<tr>
<form name="form1" method="post" action="change.php">
<td>
<tr>
<td colspan="3"><strong>Change Password </strong></td>
</tr>
<tr>
<td>Username:</td>
<td><input name="username" type="text" id="username"></td>
</tr>
<tr>
<td>Current Password:</td>
<td><input name="current" type="password" id="password"></td>
</tr>
<tr>
<td>New Password:</td>
<td><input name="password" type="password" id="password"></td>
</tr>
<tr>
<td>Re-enter Password:</td>
<td><input name="password2" type="password" id="password2"></td>
</tr>
<tr>
<td><input name="command" type="hidden" id="command" value="Change" readonly="readonly"></td>
</tr>
<tr>
<td>&nbsp;</td>
<td><input type="submit" name="Submit" value="Change Password"></td>
</tr>
</td>
</form>
</tr>
</table>
<?php
include "config.inc.php";
include "head.inc";
if(!isset($_POST['command']) || $_POST['command'] !== 'Change') {
echo '<table border="0" align="center" cellpadding="0" cellspacing="1">';
echo '<tr>';
echo '<form name="form1" method="post" action="changepw.php">';
echo '<td><tr>';
echo '<td colspan="3"><strong>Change Password </strong></td>';
echo '</tr><tr>';
echo '<td>Username:</td>';
echo '<td><input name="username" type="text" id="username"></td>';
echo '</tr><tr>';
echo '<td>Current Password:</td>';
echo '<td><input name="current" type="password" id="password"></td>';
echo '</tr><tr>';
echo '<td>New Password:</td>';
echo '<td><input name="password" type="password" id="password"></td>';
echo '</tr><tr>';
echo '<td>Re-enter Password:</td>';
echo '<td><input name="password2" type="password" id="password2"></td>';
echo '</tr><tr>';
echo '<td><input name="command" type="hidden" id="command" value="Change" readonly="readonly"></td>';
echo '</tr><tr>';
echo '<td>&nbsp;</td>';
echo '<td><input type="submit" name="Submit" value="Change Password"></td>';
echo '</tr></td></form></tr></table>';
exit(0);
}
# $hostname: '{POPaddress:port/pop3}INBOX'
$hostname = '{rocksolidbbs:110/pop3}INBOX';
# $external: Using external POP auth?
$external = 0;
# $workpath: Where to cache users (must be writable by calling program)
$workpath = $config_dir."users/";
$keypath = $config_dir."userconfig/";
$ok = FALSE;
$command = "Login";
$current = $_POST['current'];
$username = $_POST['username'];
$password = $_POST['password'];
$command = $_POST['command'];
echo '<center>';
$thisusername = $username;
$username = strtolower($username);
$userFilename = $workpath.$username;
$keyFilename = $keypath.$username;
# Check all input
if (empty($_POST['username'])) {
echo "Please enter a Username\r\n";
echo '<br /><a href="changepw.php">Back</a>';
exit(2);
}
if (!check_bbs_auth($username, $current)) {
echo "Failed to authenticate\r\n";
echo '<br /><a href="changepw.php">Back</a>';
exit(2);
}
if ($_POST['password'] !== $_POST['password2']) {
echo "Your passwords entered do not match\r\n";
echo '<br /><a href="changepw.php">Back</a>';
exit(2);
}
$ok=true;
# User is authenticated or to be created. Either way, create the file
if ($ok || ($command == "Change") )
{
if ($userFileHandle = @fopen($userFilename, 'w+'))
{
fwrite($userFileHandle, password_hash($password, PASSWORD_DEFAULT));
fclose($userFileHandle);
chmod($userFilename, 0666);
}
echo "User:".$thisusername." Password changed\r\n";
echo '<br /><a href="../">Back</a>';
exit(0);
} else {
echo "Authentication Failed\r\n";
exit(1);
}
function make_key($username) {
$key = openssl_random_pseudo_bytes(44);
return base64_encode($key);
}
function check_bbs_auth($username, $password) {
global $config_dir;
$workpath = $config_dir."users/";
$username = strtolower($username);
$userFilename = $workpath.$username;
if ($userFileHandle = @fopen($userFilename, 'r'))
{
$userFileInfo = fread($userFileHandle, filesize($userFilename));
fclose($userFileHandle);
if (password_verify ( $password , $userFileInfo))
{
touch($userFilename);
$ok = TRUE;
} else {
$ok = FALSE;
}
} else {
$ok = FALSE;
}
if ($ok)
{
return TRUE;
} else {
return FALSE;
}
}
?>
</body>
</html>
</html>

51
Rocksolid_Light/common/newuser.php
View File

@ -1,51 +0,0 @@
<?php
include "head.inc";
if (isset($_COOKIE["ts_limit"])) {
echo "It appears you already have an active account<br/>";
echo "More than one account may not be created in 30 days<br/>";
echo '<br/><a href="/">Return to Home Page</a>';
} else {
?>
<table border="0" align="center" cellpadding="0" cellspacing="1">
<tr>
<form name="form1" method="post" action="rsusers.php">
<td>
<tr>
<td><strong>Register Username </strong></td>
</tr>
<tr>
<td>Username:</td>
<td><input name="username" type="text" id="username"></td>
</tr>
<tr>
<td>Email:</td>
<td><input name="user_email" type="text" id="user_email"></td>
</tr>
<tr>
<td>Password:</td>
<td><input name="password" type="password" id="password"></td>
</tr>
<tr>
<td>Re-enter Password:</td>
<td><input name="password2" type="password" id="password2"></td>
</tr>
<tr>
<td><input name="command" type="hidden" id="command" value="Create" readonly="readonly"></td>
</tr>
<tr>
<td>&nbsp;</td>
<td><input type="submit" name="Submit" value="Create"></td>
</tr>
<tr><td><a href="changepw.php">Change current password</a></td></tr>
<tr><td>
<td></td><td></td>
</td></tr>
</td>
</form>
</tr>
</table>
<?php
}
?>
</body>
</html>

129
Rocksolid_Light/common/rsusers.php → Rocksolid_Light/common/register.php
View File

@ -1,19 +1,113 @@
<html>
<head>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<META HTTP-EQUIV="Content-type" CONTENT="text/html; charset=<?=$www_charset?>">
<?php
if (file_exists('../common/mods/style.css')) {
echo '<link rel="stylesheet" type="text/css" href="../common/mods/style.css">';
} else {
echo '<link rel="stylesheet" type="text/css" href="../common/style.css">';
}
?>
</head>
<body>
<?php
include "config.inc.php";
include "head.inc";
if(!isset($_POST['command'])) {
if (isset($_COOKIE["ts_limit"])) {
echo "It appears you already have an active account<br/>";
echo "More than one account may not be created in 30 days<br/>";
echo '<br/><a href="/">Return to Home Page</a>';
} else {
echo '<table border="0" align="center" cellpadding="0" cellspacing="1">';
echo '<tr>';
echo '<form name="form1" method="post" action="register.php">';
echo '<td><tr>';
echo '<td><strong>Register Username </strong></td>';
echo '</tr><tr>';
echo '<td>Username:</td>';
echo '<td><input name="username" type="text" id="username"></td>';
echo '</tr><tr>';
echo '<td>Email:</td>';
echo '<td><input name="user_email" type="text" id="user_email"></td>';
echo '</tr><tr>';
echo '<td>Password:</td>';
echo '<td><input name="password" type="password" id="password"></td>';
echo '</tr><tr>';
echo '<td>Re-enter Password:</td>';
echo '<td><input name="password2" type="password" id="password2"></td>';
echo '</tr><tr>';
echo '<td><input name="command" type="hidden" id="command" value="Create" readonly="readonly"></td>';
echo '</tr><tr>';
echo '<td>&nbsp;</td>';
echo '<td><input type="submit" name="Submit" value="Create"></td>';
echo '</tr>';
echo '<tr><td><a href="changepw.php">Change current password</a></td></tr>';
echo '<tr><td>';
echo '<td></td><td></td>';
echo '</td></tr>';
echo '</td>';
echo '</form>';
echo '</tr>';
echo '</table>';
}
echo '</body>';
echo '</html>';
exit(0);
}
if(isset($_POST['command']) && $_POST['command'] == 'CreateNew') {
$workpath = $config_dir."users/";
$keypath = $config_dir."userconfig/";
$username = $_POST['username'];
$password = $_POST['password'];
$user_email = $_POST['user_email'];
$code = $_POST['code'];
$userFilename = $workpath.$username;
$keyFilename = $keypath.$username;
@mkdir($workpath.'new/');
$verified = 0;
$no_verify=explode(' ', $CONFIG['no_verify']);
foreach($no_verify as $no) {
if (strlen($_SERVER['HTTP_HOST']) - strlen($no) === strrpos($_SERVER['HTTP_HOST'],$no)) {
$CONFIG['verify_email'] = false;
}
}
if($CONFIG['verify_email'] == true) {
$saved_code = file_get_contents(sys_get_temp_dir()."/".$username);
if((strcmp(trim($code), trim($saved_code))) !== 0) {
echo "Code does not match. Try again.<br />";
echo '<form name="create1" method="post" action="register.php">';
echo '<input name="code" type="text" id="code">&nbsp;';
echo '<input name="username" type="hidden" id="username" value="'.$username.'" readonly="readonly">';
echo '<input name="password" type="hidden" id="password" value="'.$password.'" readonly="readonly">';
echo '<input name="command" type="hidden" id="command" value="CreateNew" readonly="readonly">';
echo '<input name="user_email" type="hidden" id="user_email" value="'.$user_email.'" readonly="readonly">';
echo '<input type="submit" name="Submit" value="Click Here to Create"></td>';
echo '<br/><br/><a href="'.$CONFIG['default_content'].'">Cancel and return to home page</a>';
exit(2);
}
$verified = 1;
}
if ($userFileHandle = @fopen($userFilename, 'w+'))
{
fwrite($userFileHandle, password_hash($password, PASSWORD_DEFAULT));
fclose($userFileHandle);
chmod($userFilename, 0666);
}
// Create synchronet account
if(isset($synch_create) && $synch_create == true) {
putenv("SBBSCTRL=$synch_path/ctrl");
$result = shell_exec("$synch_path/exec/makeuser $username -P $password");
}
$newkey = make_key($username);
if ($userFileHandle = @fopen($keyFilename, 'w+'))
{
fwrite($userFileHandle, 'encryptionkey:'.$newkey."\r\n");
fwrite($userFileHandle, 'email:'.$user_email."\r\n");
if($verified == 1) {
fwrite($userFileHandle, "email_verified:true\r\n");
}
fclose($userFileHandle);
chmod($userFilename, 0666);
}
unlink(sys_get_temp_dir()."/".$username);
echo "User:".$username." Created\r\n";
echo '<br /><a href="'.$CONFIG['default_content'].'">Back</a>';
exit(0);
}
if($CONFIG['verify_email'] == true) {
include($config_dir.'/phpmailer.inc.php');
@ -24,9 +118,6 @@ if($CONFIG['verify_email'] == true) {
}
}
include "head.inc";
$CONFIG = include($config_file);
# $hostname: '{POPaddress:port/pop3}INBOX'
$hostname = '{mail.example.com:110/pop3}INBOX';
# $external: Using external POP auth?
@ -35,7 +126,6 @@ $external = 0;
$workpath = $config_dir."users/";
$keypath = $config_dir."userconfig/";
# DO NOT EDIT ANYTHING BELOW THIS LINE
$ok = FALSE;
$command = "Login";
@ -180,12 +270,13 @@ $mail->send();
echo 'An email has been sent to '.$user_email.'<br />';
echo 'Please enter the code from the email below:<br />';
}
echo '<form name="create1" method="post" action="create.php">';
echo '<form name="create1" method="post" action="register.php">';
if($CONFIG['verify_email'] == true) {
echo '<input name="code" type="text" id="code">&nbsp;';
}
echo '<input name="username" type="hidden" id="username" value="'.$username.'" readonly="readonly">';
echo '<input name="password" type="hidden" id="password" value="'.$password.'" readonly="readonly">';
echo '<input name="command" type="hidden" id="command" value="CreateNew" readonly="readonly">';
echo '<input name="user_email" type="hidden" id="user_email" value="'.$user_email.'" readonly="readonly">';
echo '<input type="submit" name="Submit" value="Click Here to Create"></td>';
echo '<br/><br/><a href="'.$CONFIG['default_content'].'">Cancel and return to home page</a>';
@ -229,5 +320,3 @@ function get_config_value($configfile,$request) {
}
}
?>
</body>
</html>

3
Rocksolid_Light/rslight/links.conf
View File

@ -1,6 +1,7 @@
# These are the links at the top right of the site
# display name:url
register:/common/newuser.php
mail:/rocksolid/mail.php
files:/rocksolid/files.php
register:/common/register.php
nodelist:/common/nodelist.php
faq:/common/faq.txt