novabbs
/
rocksolid-light
2
0
Fork 1
Code Issues 14 Pull Requests Releases Wiki Activity

Move passwd change from register page to config page. Also require passwd on config page.

This commit is contained in:
Retro_Guy 2024-03-10 09:50:20 -07:00
parent 50ac6b3eff
commit df0adaf253
3 changed files with 112 additions and 195 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
Rocksolid_Light/common/changepw.php
View File

@ -1,140 +0,0 @@
<?php
include "config.inc.php";
include "head.inc";
$keyfile = $spooldir.'/keys.dat';
$keys = unserialize(file_get_contents($keyfile));
if((password_verify($keys[0],$_POST['key'])) || (password_verify($keys[1],$_POST['key']))) {
$auth_ok = true;
} else {
$auth_ok = false;
unset($_POST['command']);
}
if(!isset($_POST['command']) || $_POST['command'] !== 'Change') {
echo '<table border="0" align="center" cellpadding="0" cellspacing="1">';
echo '<tr>';
echo '<form name="form1" method="post" action="changepw.php">';
echo '<td><tr>';
echo '<td colspan="3"><strong>Change Password </strong></td>';
echo '</tr><tr>';
echo '<td>Username:</td>';
echo '<td><input name="username" type="text" id="username"></td>';
echo '</tr><tr>';
echo '<td>Current Password:</td>';
echo '<td><input name="current" type="password" id="password"></td>';
echo '</tr><tr>';
echo '<td>New Password:</td>';
echo '<td><input name="password" type="password" id="password"></td>';
echo '</tr><tr>';
echo '<td>Re-enter Password:</td>';
echo '<td><input name="password2" type="password" id="password2"></td>';
echo '</tr><tr>';
echo '<td><input name="command" type="hidden" id="command" value="Change" readonly="readonly"></td>';
echo '</tr><tr>';
echo '<input name="key" type="hidden" value="'.password_hash($keys[0], PASSWORD_DEFAULT).'">';
echo '<td>&nbsp;</td>';
echo '<td><input type="submit" name="Submit" value="Change Password"></td>';
echo '</tr></td></form></tr></table>';
exit(0);
}
# $hostname: '{POPaddress:port/pop3}INBOX'
$hostname = '{rocksolidbbs:110/pop3}INBOX';
# $external: Using external POP auth?
$external = 0;
# $workpath: Where to cache users (must be writable by calling program)
$workpath = $config_dir."users/";
$keypath = $config_dir."userconfig/";
$ok = FALSE;
$command = "Login";
$current = $_POST['current'];
$username = $_POST['username'];
$password = $_POST['password'];
$command = $_POST['command'];
echo '<center>';
$thisusername = $username;
$username = strtolower($username);
$userFilename = $workpath.$username;
$keyFilename = $keypath.$username;
# Check all input
if (empty($_POST['username'])) {
echo "Please enter a Username\r\n";
echo '<br /><a href="changepw.php">Back</a>';
exit(2);
}
if (!check_bbs_auth($username, $current)) {
echo "Failed to authenticate\r\n";
echo '<br /><a href="changepw.php">Back</a>';
exit(2);
}
if ($_POST['password'] !== $_POST['password2']) {
echo "Your passwords entered do not match\r\n";
echo '<br /><a href="changepw.php">Back</a>';
exit(2);
}
$ok=true;
# User is authenticated or to be created. Either way, create the file
if ($ok || ($command == "Change") )
{
if ($userFileHandle = @fopen($userFilename, 'w+'))
{
fwrite($userFileHandle, password_hash($password, PASSWORD_DEFAULT));
fclose($userFileHandle);
chmod($userFilename, 0666);
}
echo "User:".$thisusername." Password changed\r\n";
echo '<br /><a href="../">Back</a>';
exit(0);
} else {
echo "Authentication Failed\r\n";
exit(1);
}
function make_key($username) {
$key = openssl_random_pseudo_bytes(44);
return base64_encode($key);
}
function check_bbs_auth($username, $password) {
global $config_dir;
$workpath = $config_dir."users/";
$username = strtolower($username);
$userFilename = $workpath.$username;
if ($userFileHandle = @fopen($userFilename, 'r'))
{
$userFileInfo = fread($userFileHandle, filesize($userFilename));
fclose($userFileHandle);
if (password_verify ( $password , $userFileInfo))
{
touch($userFilename);
$ok = TRUE;
} else {
$ok = FALSE;
}
} else {
$ok = FALSE;
}
if ($ok)
{
return TRUE;
} else {
return FALSE;
}
}
?>
</body>
</html>

9
Rocksolid_Light/common/register.php
View File

@ -49,16 +49,16 @@ if (! isset($_POST['command'])) {
echo '<td><tr>';
echo '<td><strong>Register Username </strong></td>';
echo '</tr><tr>';
echo '<td>Username:</td>';
echo '<td>Username: </td>';
echo '<td><input name="username" type="text" id="username"value="' . $_POST['username'] . '" maxlength="30"></td>';
echo '</tr><tr>';
echo '<td>Email:</td>';
echo '<td>Email: </td>';
echo '<td><input name="user_email" type="text" id="user_email" value="' . $_POST['user_email'] . '"></td>';
echo '</tr><tr>';
echo '<td>Password:</td>';
echo '<td>Password: </td>';
echo '<td><input name="password" type="password" id="password"></td>';
echo '</tr><tr>';
echo '<td>Re-enter Password:</td>';
echo '<td>Re-enter Password: </td>';
echo '<td><input name="password2" type="password" id="password2"></td>';
echo '</tr><tr>';
echo '<td><img src="' . $captchaImage . '" /></td>';
@ -72,7 +72,6 @@ if (! isset($_POST['command'])) {
echo '<td>&nbsp;</td>';
echo '<td><input type="submit" name="Submit" value="Create"></td>';
echo '</tr>';
echo '<tr><td><a href="changepw.php">Change current password</a></td></tr>';
echo '<tr><td>';
echo '<td></td><td></td>';
echo '</td></tr>';

158
Rocksolid_Light/spoolnews/user.php
View File

@ -12,7 +12,7 @@ if (isset($_POST['command']) && $_POST['command'] == 'Logout') {
$_SESSION = array();
session_destroy();
unset($_COOKIE['mail_name']);
setcookie('mail_name', '', -1, '/');
setcookie('mail_name', '', - 1, '/');
$logmeout = true;
} else {
$logmeout = false;
@ -204,8 +204,14 @@ if ($_POST['command'] != 'Configuration' && $_POST['command'] != 'SaveConfig') {
echo "<p>" . $golink . "</p>";
echo '</center>';
}
// Apply Config
if (isset($_POST['command']) && $_POST['command'] == 'SaveConfig') {
// Confirm password
if (! check_bbs_auth($user, $_POST['confirm_password'])) {
$message = '<b>Password Incorrect</b><br />Please try again';
retry_configuration($message);
}
if ($OVERRIDES['disable_change_name'] != true) {
if (trim($_POST['display_name']) == '') {
$_POST['display_name'] = $user;
@ -223,67 +229,59 @@ if (isset($_POST['command']) && $_POST['command'] == 'SaveConfig') {
$value = false;
}
}
if(isset($OVERRIDES['reserved_names'])) {
$reserved_names = $OVERRIDES['reserved_names'];
if (isset($OVERRIDES['reserved_names'])) {
$reserved_names = $OVERRIDES['reserved_names'];
} else {
$reserved_names = array("admin", "sysop");
$reserved_names = array(
"admin",
"sysop"
);
}
if(isset($OVERRIDES['duplicate_aliases'])) {
if (isset($OVERRIDES['duplicate_aliases'])) {
$dupe_ok = $OVERRIDES['duplicate_aliases'];
} else {
$dupe_ok = false;
}
foreach($reserved_names as $name) {
if(strtolower($_POST['display_name']) == strtolower($name)) {
}
foreach ($reserved_names as $name) {
if (strtolower($_POST['display_name']) == strtolower($name)) {
// It's a reserved alias
echo '<b>' . $_POST['display_name'] . "</b> is unavailable.<br />Please try again";
echo '<form target="' . $frame['content'] . '" method="post" action="user.php">';
echo '<input name="command" type="hidden" id="command" value="Configuration" readonly="readonly">';
echo "<input type='hidden' name='username' value='" . $_POST['username'] . "' />";
echo '<button class="np_button_link" type="submit">Return to Configuration</button>';
exit();
$message = '<b>' . $_POST['display_name'] . "</b> is unavailable.<br />Please try again";
retry_configuration($message);
}
}
if ($value && (strtolower($_POST['display_name']) != $user)) {
// It's someone else's username or alias
echo '<b>' . $_POST['display_name'] . "</b> is unavailable.<br />Please try again";
echo '<form target="' . $frame['content'] . '" method="post" action="user.php">';
echo '<input name="command" type="hidden" id="command" value="Configuration" readonly="readonly">';
echo "<input type='hidden' name='username' value='" . $_POST['username'] . "' />";
echo '<button class="np_button_link" type="submit">Return to Configuration</button>';
exit();
$message = '<b>' . $_POST['display_name'] . "</b> is unavailable.<br />Please try again";
retry_configuration($message);
}
// Validate email format
if (filter_var($_POST['display_email'], FILTER_VALIDATE_EMAIL) == false) {
// Email address format invalid. Format is important but does not need to be a real address
echo '</b> Display email format appears incorrect:<br><b>' . $_POST['display_email'] . '</b><br />Please try again';
echo '<form target="' . $frame['content'] . '" method="post" action="user.php">';
echo '<input name="command" type="hidden" id="command" value="Configuration" readonly="readonly">';
echo "<input type='hidden' name='username' value='" . $_POST['username'] . "' />";
echo '<button class="np_button_link" type="submit">Return to Configuration</button>';
exit();
$message = '</b> Display email format appears incorrect:<br><b>' . $_POST['display_email'] . '</b><br />Please try again';
retry_configuration($message);
}
// Check if email already exists in user database
if ($founduser = check_registered_email_addresses(trim($_POST['display_email']))) {
// Email exists in database
if (strtolower($user) != strtolower($founduser)) {
// It's someone else's email
echo '<b>' . $_POST['display_email'] . "</b> is unavailable.<br />Please try again";
echo '<form target="' . $frame['content'] . '" method="post" action="user.php">';
echo '<input name="command" type="hidden" id="command" value="Configuration" readonly="readonly">';
echo "<input type='hidden' name='username' value='" . $_POST['username'] . "' />";
echo '<button class="np_button_link" type="submit">Return to Configuration</button>';
exit();
$message = '<b>' . $_POST['display_email'] . "</b> is unavailable.<br />Please try again";
retry_configuration($message);
}
}
// New passwords do not match
if ($_POST['password'] !== $_POST['password2']) {
$message = '<b> New password entries do not match</b><br />Please try again';
retry_configuration($message);
}
$user_config['display_name'] = trim($_POST['display_name']);
$user_config['display_email'] = trim($_POST['display_email']);
// Apply alias into $config_dir/aliases_conf
if(strtolower($user_config['display_name'] != strtolower($_POST['username']))) {
if (strtolower($user_config['display_name'] != strtolower($_POST['username']))) {
$value_unique = true;
if($dupe_ok) {
foreach($dupe_ok as $dupe) {
if($dupe == strtolower($_POST['username'])) {
if ($dupe_ok) {
foreach ($dupe_ok as $dupe) {
if ($dupe == strtolower($_POST['username'])) {
$value_unique = false;
break;
}
@ -295,7 +293,7 @@ if (isset($_POST['command']) && $_POST['command'] == 'SaveConfig') {
$user_config['signature'] = $_POST['signature'];
$user_config['xface'] = $_POST['xface'];
$user_config['timezone'] = $_POST['timezone'];
$user_config['theme'] = $_POST['listbox'];
$user_config['theme'] = $_POST['theme'];
$user_config['hide_unsub'] = $_POST['hide_unsub'];
file_put_contents($config_dir . '/userconfig/' . $user . '.config', serialize($user_config));
$_SESSION['theme'] = $user_config['theme'];
@ -315,7 +313,13 @@ if (isset($_POST['command']) && $_POST['command'] == 'SaveConfig') {
if ($userdata) {
ksort($userdata);
}
echo 'Configuration Saved for ' . $_POST['username'];
// Save new password
if ((trim($_POST['password']) != '') && ($_POST['password'] == $_POST['password2'])) {
$userFilename = $config_dir . '/users/' . strtolower($user);
file_put_contents($userFilename, password_hash($_POST['password'], PASSWORD_DEFAULT));
}
echo '<center>Configuration Saved for ' . $_POST['username'] . '</center>';
} else {
$user_config = unserialize(file_get_contents($config_dir . '/userconfig/' . $user . '.config'));
}
@ -350,6 +354,16 @@ if ($OVERRIDES['disable_change_name'] != true) {
}
sort($themes);
if (isset($_POST['command']) && $_POST['command'] == 'Configuration') {
// Use modifications from retry configuration
if ($_POST['retry'] == "retry") {
$display_name = $_POST['display_name'];
$display_email = $_POST['display_email'];
$user_config['signature'] = $_POST['signature'];
$user_config['xface'] = urldecode($_POST['xface']);
$user_config['hide_unsub'] = $_POST['hide_unsub'];
$user_config['subscribed'] = $_POST['subscribed'];
$user_config['theme'] = $_POST['theme'];
}
// Show Config
echo '<hr><h1 class="np_thread_headline"></h1>';
echo '<table cellspacing="0" width="100%" class="np_results_table">';
@ -377,13 +391,13 @@ if (isset($_POST['command']) && $_POST['command'] == 'Configuration') {
echo '</textarea></td>';
echo '</tr>';
// Theme
if (isset($user_config['theme'])) {
if (isset($user_config['theme']) && trim($user_config['theme']) != '') {
echo '<td class="np_result_line1" style="word-wrap:break-word";><h3>Theme: (' . $user_config['theme'] . ')</h3></td>';
} else {
echo '<td class="np_result_line1" style="word-wrap:break-word";><h3>Theme:</h3></td>';
}
echo '</tr><tr><td class="np_result_line1" style="word-wrap:break-word">';
echo '<select name="listbox" class="theme_listbox" size="10">';
echo '<select name="theme" class="theme_listbox" size="10">';
foreach ($themes as $theme) {
if ($theme == $user_config['theme']) {
echo '<option value="' . $theme . '" selected="selected">' . $theme . '</option>';
@ -395,21 +409,21 @@ if (isset($_POST['command']) && $_POST['command'] == 'Configuration') {
echo '</td>';
echo '</tr>';
// Subscriptions
if(!isset($user_config['hide_unsub'])) {
if (! isset($user_config['hide_unsub'])) {
$user_config['hide_unsub'] = 'show';
}
echo '<td class="np_result_line1" style="word-wrap:break-word";><h3>Subscriptions:</h3></td>';
echo '<tr><td class="np_result_line1" style="word-wrap:break-word";>';
echo '&nbsp;While viewing section pages:<br />';
if($user_config['hide_unsub'] == 'hide') {
if ($user_config['hide_unsub'] == 'hide') {
echo '<input type="radio" name="hide_unsub" id="hide" value="hide" checked="checked">';
} else {
echo '<input type="radio" name="hide_unsub" id="hide" value="hide">';
}
echo '<label for="hide_unsub"> Hide Unsubscribed Groups</label><br />';
if($user_config['hide_unsub'] == 'show') {
if ($user_config['hide_unsub'] == 'show') {
echo '<input type="radio" name="hide_unsub" id="show" value="show" checked="checked">';
} else {
echo '<input type="radio" name="hide_unsub" id="show" value="show">';
@ -419,20 +433,45 @@ if (isset($_POST['command']) && $_POST['command'] == 'Configuration') {
echo '<td class="np_result_line1" style="word-wrap:break-word";><h3>Subscribed groups:</h3></td>';
echo '</tr><tr><td class="np_result_line1" style="word-wrap:break-word";><textarea class="configuration" id="subscribed" name="subscribed" rows="10" cols="40">';
foreach ($userdata as $key => $value) {
if($key == "DO.NOT.DELETE") {
continue;
// print_r($user_config['subscribed']);
if (isset($user_config['subscribed'])) {
$userdata = $user_config['subscribed'];
print_r($user_config['subscribed']);
} else {
foreach ($userdata as $key => $value) {
if ($key == "DO.NOT.DELETE") {
continue;
}
echo $key . "\n";
}
echo $key . "\n";
}
echo '</textarea></td>';
echo '</tr>';
// User Display Name
echo '<tr>';
echo '<td class="np_result_line1" style="word-wrap:break-word";><h3>New password: </h3>';
echo '<input name="password" type="password" id="password" maxlength="40"></td>';
echo '</tr>';
// User Display Email
echo '<tr>';
echo '<td class="np_result_line1" style="word-wrap:break-word";><h3>Re-enter new password: </h3>';
echo '<input name="password2" type="password" id="password2" maxlength="40"></td>';
echo '</tr>';
/*
* // Timezone
* echo '<td class="np_result_line1" style="word-wrap:break-word";>Timezone offset (+/- hours from UTC):</td>';
* echo '</tr><tr><td class="np_result_line1" style="word-wrap:break-word";><input type="text" name="timezone" value="'.$user_config[timezone].'"></td>';
* echo '</tr>';
*/
// Password confirmation
echo '<tr>';
echo '<td class="np_result_line2" style="word-wrap:break-word";><h3>Current password: </h3><h4>(required)</h4>';
echo '<input name="confirm_password" type="password" id="confirm_password" maxlength="40"></td>';
echo '</tr>';
echo '<td class="np_result_line2" style="word-wrap:break-word";>';
echo '<button class="np_button_link" type="submit">Save Configuration</button>';
echo '<a href="' . $_SERVER['PHP_SELF'] . '">Cancel</a>';
@ -444,4 +483,23 @@ if (isset($_POST['command']) && $_POST['command'] == 'Configuration') {
echo '<br />';
}
include "tail.inc";
?>
function retry_configuration($message)
{
echo '<center>';
echo $message;
echo '<form target="' . $frame['content'] . '" method="post" action="user.php">';
echo '<input name="command" type="hidden" id="command" value="Configuration" readonly="readonly">';
echo "<input type='hidden' name='retry' value='retry' />";
echo "<input type='hidden' name='username' value='" . $_POST['username'] . "' />";
echo "<input type='hidden' name='display_name' value='" . $_POST['display_name'] . "' />";
echo "<input type='hidden' name='display_email' value='" . $_POST['display_email'] . "' />";
echo "<input type='hidden' name='signature' value='" . $_POST['signature'] . "' />";
echo "<input type='hidden' name='xface' value='" . urlencode($_POST['xface']) . "' />";
echo "<input type='hidden' name='hide_unsub' value='" . $_POST['hide_unsub'] . "' />";
echo "<input type='hidden' name='subscribed' value='" . $_POST['subscribed'] . "' />";
echo "<input type='hidden' name='theme' value='" . $_POST['theme'] . "' />";
echo '<button class="np_button_link" type="submit">Return to Configuration</button>';
echo '</center>';
exit();
}