From 9eca611f81de5248f9420336aad5dc2237dc75d8 Mon Sep 17 00:00:00 2001 From: Retro_Guy Date: Sun, 13 Jun 2021 06:57:23 +0000 Subject: [PATCH] Consolidate registration into one script and pass change into one script --- Rocksolid_Light/common/change.php | 114 ------------ Rocksolid_Light/common/changepw.php | 165 ++++++++++++++---- Rocksolid_Light/common/newuser.php | 51 ------ .../common/{rsusers.php => register.php} | 129 +++++++++++--- Rocksolid_Light/rslight/links.conf | 3 +- 5 files changed, 239 insertions(+), 223 deletions(-) delete mode 100644 Rocksolid_Light/common/change.php delete mode 100644 Rocksolid_Light/common/newuser.php rename Rocksolid_Light/common/{rsusers.php => register.php} (58%) diff --git a/Rocksolid_Light/common/change.php b/Rocksolid_Light/common/change.php deleted file mode 100644 index 56d294b..0000000 --- a/Rocksolid_Light/common/change.php +++ /dev/null @@ -1,114 +0,0 @@ - - - - -'; -} else { - echo ''; -} -?> - - -'; - -$thisusername = $username; -$username = strtolower($username); -$userFilename = $workpath.$username; -$keyFilename = $keypath.$username; - -# Check all input -if (empty($_POST['username'])) { - echo "Please enter a Username\r\n"; - echo '
Back'; - exit(2); -} - -if (!check_bbs_auth($username, $current)) { - echo "Failed to authenticate\r\n"; - echo '
Back'; - exit(2); -} - -if ($_POST['password'] !== $_POST['password2']) { - echo "Your passwords entered do not match\r\n"; - echo '
Back'; - exit(2); -} - -$ok=true; -# User is authenticated or to be created. Either way, create the file -if ($ok || ($command == "Change") ) -{ - if ($userFileHandle = @fopen($userFilename, 'w+')) - { - fwrite($userFileHandle, password_hash($password, PASSWORD_DEFAULT)); - fclose($userFileHandle); - chmod($userFilename, 0666); - } - - echo "User:".$thisusername." Password changed\r\n"; - echo '
Back'; - exit(0); -} else { - echo "Authentication Failed\r\n"; - exit(1); -} - -function make_key($username) { - $key = openssl_random_pseudo_bytes(44); - return base64_encode($key); -} - -function check_bbs_auth($username, $password) { - global $config_dir; - $workpath = $config_dir."users/"; - $username = strtolower($username); - $userFilename = $workpath.$username; - - if ($userFileHandle = @fopen($userFilename, 'r')) - { - $userFileInfo = fread($userFileHandle, filesize($userFilename)); - fclose($userFileHandle); - if (password_verify ( $password , $userFileInfo)) - { - touch($userFilename); - $ok = TRUE; - } else { - $ok = FALSE; - } - } else { - $ok = FALSE; - } - if ($ok) - { - return TRUE; - } else { - return FALSE; - } -} -?> - - diff --git a/Rocksolid_Light/common/changepw.php b/Rocksolid_Light/common/changepw.php index f0ab3a9..cfc157b 100644 --- a/Rocksolid_Light/common/changepw.php +++ b/Rocksolid_Light/common/changepw.php @@ -1,38 +1,129 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
Change Password
Username:
Current Password:
New Password:
Re-enter Password:
 
+'; + echo ''; + echo '
'; + echo ''; + echo 'Change Password '; + echo ''; + echo 'Username:'; + echo ''; + echo ''; + echo 'Current Password:'; + echo ''; + echo ''; + echo 'New Password:'; + echo ''; + echo ''; + echo 'Re-enter Password:'; + echo ''; + echo ''; + echo ''; + echo ''; + echo ' '; + echo ''; + echo '
'; + exit(0); +} + +# $hostname: '{POPaddress:port/pop3}INBOX' +$hostname = '{rocksolidbbs:110/pop3}INBOX'; +# $external: Using external POP auth? +$external = 0; +# $workpath: Where to cache users (must be writable by calling program) +$workpath = $config_dir."users/"; +$keypath = $config_dir."userconfig/"; + +$ok = FALSE; +$command = "Login"; + +$current = $_POST['current']; +$username = $_POST['username']; +$password = $_POST['password']; +$command = $_POST['command']; + +echo '
'; + +$thisusername = $username; +$username = strtolower($username); +$userFilename = $workpath.$username; +$keyFilename = $keypath.$username; + +# Check all input +if (empty($_POST['username'])) { + echo "Please enter a Username\r\n"; + echo '
Back'; + exit(2); +} + +if (!check_bbs_auth($username, $current)) { + echo "Failed to authenticate\r\n"; + echo '
Back'; + exit(2); +} + +if ($_POST['password'] !== $_POST['password2']) { + echo "Your passwords entered do not match\r\n"; + echo '
Back'; + exit(2); +} + +$ok=true; +# User is authenticated or to be created. Either way, create the file +if ($ok || ($command == "Change") ) +{ + if ($userFileHandle = @fopen($userFilename, 'w+')) + { + fwrite($userFileHandle, password_hash($password, PASSWORD_DEFAULT)); + fclose($userFileHandle); + chmod($userFilename, 0666); + } + + echo "User:".$thisusername." Password changed\r\n"; + echo '
Back'; + exit(0); +} else { + echo "Authentication Failed\r\n"; + exit(1); +} + +function make_key($username) { + $key = openssl_random_pseudo_bytes(44); + return base64_encode($key); +} + +function check_bbs_auth($username, $password) { + global $config_dir; + $workpath = $config_dir."users/"; + $username = strtolower($username); + $userFilename = $workpath.$username; + + if ($userFileHandle = @fopen($userFilename, 'r')) + { + $userFileInfo = fread($userFileHandle, filesize($userFilename)); + fclose($userFileHandle); + if (password_verify ( $password , $userFileInfo)) + { + touch($userFilename); + $ok = TRUE; + } else { + $ok = FALSE; + } + } else { + $ok = FALSE; + } + if ($ok) + { + return TRUE; + } else { + return FALSE; + } +} +?> - + diff --git a/Rocksolid_Light/common/newuser.php b/Rocksolid_Light/common/newuser.php deleted file mode 100644 index c3542a9..0000000 --- a/Rocksolid_Light/common/newuser.php +++ /dev/null @@ -1,51 +0,0 @@ -"; - echo "More than one account may not be created in 30 days
"; - echo '
Return to Home Page'; -} else { -?> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
Register Username
Username:
Email:
Password:
Re-enter Password:
 
Change current password
-
- - - diff --git a/Rocksolid_Light/common/rsusers.php b/Rocksolid_Light/common/register.php similarity index 58% rename from Rocksolid_Light/common/rsusers.php rename to Rocksolid_Light/common/register.php index 3007534..0beb23f 100644 --- a/Rocksolid_Light/common/rsusers.php +++ b/Rocksolid_Light/common/register.php @@ -1,19 +1,113 @@ - - - - -'; -} else { - echo ''; -} -?> - - "; + echo "More than one account may not be created in 30 days
"; + echo '
Return to Home Page'; +} else { + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo '
Register Username
Username:
Email:
Password:
Re-enter Password:
 
Change current password
'; + echo '
'; +} + echo ''; + echo ''; + exit(0); +} + +if(isset($_POST['command']) && $_POST['command'] == 'CreateNew') { + $workpath = $config_dir."users/"; + $keypath = $config_dir."userconfig/"; + $username = $_POST['username']; + $password = $_POST['password']; + $user_email = $_POST['user_email']; + $code = $_POST['code']; + $userFilename = $workpath.$username; + $keyFilename = $keypath.$username; + @mkdir($workpath.'new/'); + $verified = 0; + + $no_verify=explode(' ', $CONFIG['no_verify']); + foreach($no_verify as $no) { + if (strlen($_SERVER['HTTP_HOST']) - strlen($no) === strrpos($_SERVER['HTTP_HOST'],$no)) { + $CONFIG['verify_email'] = false; + } + } + if($CONFIG['verify_email'] == true) { + $saved_code = file_get_contents(sys_get_temp_dir()."/".$username); + if((strcmp(trim($code), trim($saved_code))) !== 0) { + echo "Code does not match. Try again.
"; + echo '
'; + echo ' '; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo '

Cancel and return to home page'; + exit(2); + } + $verified = 1; + } + if ($userFileHandle = @fopen($userFilename, 'w+')) + { + fwrite($userFileHandle, password_hash($password, PASSWORD_DEFAULT)); + fclose($userFileHandle); + chmod($userFilename, 0666); + } +// Create synchronet account + if(isset($synch_create) && $synch_create == true) { + putenv("SBBSCTRL=$synch_path/ctrl"); + $result = shell_exec("$synch_path/exec/makeuser $username -P $password"); + } + $newkey = make_key($username); + if ($userFileHandle = @fopen($keyFilename, 'w+')) + { + fwrite($userFileHandle, 'encryptionkey:'.$newkey."\r\n"); + fwrite($userFileHandle, 'email:'.$user_email."\r\n"); + if($verified == 1) { + fwrite($userFileHandle, "email_verified:true\r\n"); + } + fclose($userFileHandle); + chmod($userFilename, 0666); + } + unlink(sys_get_temp_dir()."/".$username); + echo "User:".$username." Created\r\n"; + echo '
Back'; + + exit(0); +} if($CONFIG['verify_email'] == true) { include($config_dir.'/phpmailer.inc.php'); @@ -24,9 +118,6 @@ if($CONFIG['verify_email'] == true) { } } -include "head.inc"; -$CONFIG = include($config_file); - # $hostname: '{POPaddress:port/pop3}INBOX' $hostname = '{mail.example.com:110/pop3}INBOX'; # $external: Using external POP auth? @@ -35,7 +126,6 @@ $external = 0; $workpath = $config_dir."users/"; $keypath = $config_dir."userconfig/"; -# DO NOT EDIT ANYTHING BELOW THIS LINE $ok = FALSE; $command = "Login"; @@ -180,12 +270,13 @@ $mail->send(); echo 'An email has been sent to '.$user_email.'
'; echo 'Please enter the code from the email below:
'; } - echo ''; + echo ''; if($CONFIG['verify_email'] == true) { echo ' '; } echo ''; echo ''; + echo ''; echo ''; echo ''; echo '

Cancel and return to home page'; @@ -229,5 +320,3 @@ function get_config_value($configfile,$request) { } } ?> - - diff --git a/Rocksolid_Light/rslight/links.conf b/Rocksolid_Light/rslight/links.conf index 3ab31a4..b393d40 100644 --- a/Rocksolid_Light/rslight/links.conf +++ b/Rocksolid_Light/rslight/links.conf @@ -1,6 +1,7 @@ # These are the links at the top right of the site # display name:url -register:/common/newuser.php +mail:/rocksolid/mail.php files:/rocksolid/files.php +register:/common/register.php nodelist:/common/nodelist.php faq:/common/faq.txt