Skip to content

Instantly share code, notes, and snippets.

@jameshilliard

jameshilliard/settings.php Secret

Last active September 6, 2015 20:12
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Embed
What would you like to do?
Learn more about clone URLs
Download ZIP
Raw
settings.php
<?php
if (empty($_SESSION['username'])) {
header('Location: index.php?p=login');
exit();
}
$userSettings = userSettings($_SESSION['username']);
$user2fa = get2fa($_SESSION['username'], '', 0, 0);
$userSettings['2fa_status'] = $user2fa['2fa_status'];
//unset($user2fa);
if (!empty($_POST)) {
$errors = array();
if (!empty($_POST['EmailForm'])) {
$params = $_POST['EmailForm'];
if (empty($params['email'])) {
$errors['EmailForm']['email'] = 'Email Address cannot be empty!';
} else if (empty($params['pass'])) {
$errors['EmailForm']['pass'] = 'Password cannot be empty!';
} else {
$ans = checkPass($_SESSION['username'], $params['pass'], $params['2fa']);
if (strpos($ans,'failed') !== false) {
$errors['EmailForm']['pass'] = 'Password incorrect!';
} else {
$ans = userSettings($_SESSION['username'], $params['email'], null, $params['pass'], $params['2fa']);
if (!empty($ans['ERROR'])) {
$errors['EmailForm']['email'] = 'Email Update failed: ' . $ans['ERROR'];
}
}
}
} else if (!empty($_POST['PaymentaddressForm'])) {
$params = $_POST['PaymentaddressForm'];
if (empty($params['address'])) {
$errors['PaymentaddressForm']['address'] = 'BTC Address cannot be empty!';
} else if (empty($params['pass'])) {
$errors['PaymentaddressForm']['pass'] = 'Password cannot be empty!';
} else {
$ans = checkPass($_SESSION['username'], $params['pass'], $params['2fa']);
if (strpos($ans,'failed') !== false) {
$errors['PaymentaddressForm']['pass'] = 'Password incorrect!';
} else {
$ans = userSettings($_SESSION['username'], null, array(array('addr' => $params['address'])), $params['pass'], $params['2fa']);
if (!empty($ans['ERROR'])) {
$errors['PaymentaddressForm']['address'] = 'Payment Address Update failed: ' . $ans['ERROR'];
}
}
}
} else if (!empty($_POST['PasswordChangeForm'])) {
$params = $_POST['PasswordChangeForm'];
if (empty($params['password_old'])) {
$errors['PasswordChangeForm']['password_old'] = 'Password cannot be empty!';
} else if (empty($params['password'])) {
$errors['PasswordChangeForm']['password'] = 'Password cannot be empty!';
} else if (empty($params['password_re'])) {
$errors['PasswordChangeForm']['password_re'] = 'Password cannot be empty!';
} else if (safepass($params['password'])) {
$errors['PasswordChangeForm']['password'] = 'Password is unsafe - requires 6 or more characters, including<br>at least one of each uppercase, lowercase, and numbers.';
} else if ($params['password'] != $params['password_re']) {
$errors['PasswordChangeForm']['password_re'] = 'Passwords do not match';
} else {
$ans = checkPass($_SESSION['username'], $params['password_old'], $params['2fa']);
if (strpos($ans,'failed') !== false) {
$errors['PasswordChangeForm']['password_old'] = 'Password incorrect!';
} else {
$ans = setPass($_SESSION['username'], $params['password_old'], $params['password'], $params['2fa']);
if (!empty($ans['ERROR'])) {
$errors['PasswordChangeForm']['password'] = 'Password Update failed: ' . $ans['ERROR'];
}
}
}
} else if (!empty($_POST['2fa'])) {
if (!empty($_POST['2fa']['enable2fa'])) {
$ans = get2fa($_SESSION['username'], 'setup', rand(1073741824,2147483647), 0);
if ($ans['2fa_error']) {
$errors['2fa']['enable2fa'] = $ans['2fa_error']; // Is the time on your phone synced?
} else {
$user2fa = get2fa($_SESSION['username'], '', 0, 0);
$userSettings['2fa_status'] = $user2fa['2fa_status'];
}
} else if (!empty($_POST['2fa']['test2fa'])) {
$ans = get2fa($_SESSION['username'], 'test', 0, $_POST['2fa']['test2fa']);
if ($ans['2fa_error'] === "Invalid code") {
$errors['2fa']['test2fa'] = 'Invalid Code'; // Is the time on your phone synced?
} else {
$user2fa = get2fa($_SESSION['username'], '', 0, 0);
$userSettings['2fa_status'] = $user2fa['2fa_status'];
}
} else if (!empty($_POST['2fa']['reset2fa'])) {
$ans = get2fa($_SESSION['username'], 'new', rand(1073741824,2147483647), $_POST['2fa']['reset2fa']);
if ($ans['2fa_error'] === "Invalid code") {
$errors['2fa']['reset2fa'] = 'Invalid Code'; // Is the time on your phone synced?
} else {
$user2fa = get2fa($_SESSION['username'], '', 0, 0);
$userSettings['2fa_status'] = $user2fa['2fa_status'];
}
} else if (!empty($_POST['2fa']['cancel2fa'])) {
$ans = get2fa($_SESSION['username'], 'untest', 0, 0);
print_r($ans);
if ($ans['2fa_error']) {
$errors['2fa']['cancel2fa'] = $ans['2fa_error']; // Is the time on your phone synced?
} else {
$user2fa = get2fa($_SESSION['username'], '', 0, 0);
$userSettings['2fa_status'] = $user2fa['2fa_status'];
}
}
print_r($_POST);
}
}
?>
<div class="page-title">
<div class="container">
<h2>Settings</h2>
<ul id="w1" class="user-menu nav">
<li class="active"><a href="/index.php?p=dashboard"><img src="assets/images/dashboard-icon.png" alt="">Dashboard</a></li>
<li><a href="/index.php?p=workers"><img src="assets/images/users-icon.png" alt="">Workers</a></li>
<li><a href="/index.php?p=payouts"><img src="assets/images/bitcoin-icon.png" alt="">Payout History</a></li>
<li><a href="/index.php?p=settings"><img src="assets/images/setting-icon.png" alt="">Settings</a></li>
</ul>
</div>
</div>
<div class="container page-content">
<?php if (!empty($_POST) && empty($errors)) { ?>
<div class="alert alert-success">
<p>Your changes have been saved!</p>
</div>
<?php } ?>
<div class="row margin-top-20">
<!-- Account Edit Form -->
<div class="col-xs-6">
<div id="w0" class="portlet box">
<div class="portlet-title">
<div class="caption">Email</div>
</div>
<div class="portlet-body">
<form id="EmailForm" action="/index.php?p=settings" method="post" role="form">
<div class="form-group">
<label>Username</label>
<input type="text" class="form-control" name="" value="<?=$_SESSION['username']?>" disabled>
</div>
<div class="form-group field-emailform-email required">
<label class="control-label" for="emailform-email">Email</label>
<input type="text" id="emailform-email" class="form-control" name="EmailForm[email]" value="<?=(!empty($_POST['EmailForm']['email']) ? $_POST['EmailForm']['email'] : $userSettings['email'])?>">
<?php if (!empty($errors['EmailForm']['email'])) { ?><p class="help-block help-block-error"><?=$errors['EmailForm']['email']?></p><?php } ?>
</div>
<div class="form-group field-emailform-pass required">
<label class="control-label" for="emailform-pass">Password</label>
<input type="password" id="emailform-pass" class="form-control" name="EmailForm[pass]">
<?php if (!empty($errors['EmailForm']['pass'])) { ?><p class="help-block help-block-error"><?=$errors['EmailForm']['pass']?></p><?php } ?>
</div>
<?php if ($user2fa['2fa_status'] == 'ok') { ?>
<div class="form-group field-emailform-2fa">
<label class="control-label" for="emailform-2fa">Two-Factor Authentication</label>
<input type="text" id="emailform-2fa" class="form-control" name="EmailForm[2fa]">
<?php if (!empty($errors['EmailForm']['2fa'])) { ?><p class="help-block help-block-error"><?=$errors['EmailForm']['2fa']?></p><?php } ?>
</div>
<?php } ?>
<div class="form-actions">
<button type="submit" id="ea_submit_button" class="btn btn-primary">Update</button>
</div>
</form>
</div>
</div>
<div class="margin-top-20"></div>
<div id="w1" class="portlet box">
<div class="portlet-title">
<div class="caption">Payment Address</div>
</div>
<div class="portlet-body">
<form id="PaymentaddressForm" action="/index.php?p=settings" method="post" role="form">
<div class="form-group field-paymentaddressform-address required">
<label class="control-label" for="paymentaddressform-address">BTC Address</label>
<input type="text" id="paymentaddressform-address" class="form-control" name="PaymentaddressForm[address]" value="<?=(!empty($_POST['PaymentaddressForm']['address']) ? $_POST['PaymentaddressForm']['address'] : $userSettings['addr:0'])?>">
<?php if (!empty($errors['PaymentaddressForm']['address'])) { ?><p class="help-block help-block-error"><?=$errors['PaymentaddressForm']['address']?></p><?php } ?>
</div>
<div class="form-group field-paymentaddressform-pass required">
<label class="control-label" for="paymentaddressform-pass">Password</label>
<input type="password" id="paymentaddressform-pass" class="form-control" name="PaymentaddressForm[pass]">
<?php if (!empty($errors['PaymentaddressForm']['pass'])) { ?><p class="help-block help-block-error"><?=$errors['PaymentaddressForm']['pass']?></p><?php } ?>
</div>
<?php if ($user2fa['2fa_status'] == 'ok') { ?>
<div class="form-group field-paymentaddressform-2fa">
<label class="control-label" for="paymentaddressform-2fa">Two-Factor Authentication</label>
<input type="text" id="paymentaddressform-2fa" class="form-control" name="PaymentaddressForm[2fa]">
<?php if (!empty($errors['PaymentaddressForm']['2fa'])) { ?><p class="help-block help-block-error"><?=$errors['PaymentaddressForm']['2fa']?></p><?php } ?>
</div>
<?php } ?>
<div class="form-actions">
<button type="submit" id="ea_submit_button" class="btn btn-primary">Update</button>
</div>
</form>
</div>
</div>
</div>
<!-- / Account Edit Form -->
<!-- Change Password Form -->
<div class="col-xs-6">
<div id="w2" class="portlet box">
<div class="portlet-title">
<div class="caption">Change Password</div>
</div>
<div class="portlet-body">
<form id="PasswordChangeForm" action="/index.php?p=settings" method="post" role="form">
<div class="form-group field-passwordchangeform-password_old required">
<label class="control-label" for="passwordchangeform-password_old">Old Password</label>
<input type="password" id="passwordchangeform-password_old" class="form-control" name="PasswordChangeForm[password_old]">
<?php if (!empty($errors['PasswordChangeForm']['password_old'])) { ?><p class="help-block help-block-error"><?=$errors['PasswordChangeForm']['password_old']?></p><?php } ?>
</div>
<div class="form-group field-passwordchangeform-password required">
<label class="control-label" for="passwordchangeform-password">New Password</label>
<input type="password" id="passwordchangeform-password" class="form-control" name="PasswordChangeForm[password]">
<?php if (!empty($errors['PasswordChangeForm']['password'])) { ?><p class="help-block help-block-error"><?=$errors['PasswordChangeForm']['password']?></p><?php } ?>
</div>
<div class="form-group field-passwordchangeform-password_re">
<label class="control-label" for="passwordchangeform-password_re">Repeat New Password</label>
<input type="password" id="passwordchangeform-password_re" class="form-control" name="PasswordChangeForm[password_re]">
<?php if (!empty($errors['PasswordChangeForm']['password_re'])) { ?><p class="help-block help-block-error"><?=$errors['PasswordChangeForm']['password_re']?></p><?php } ?>
</div>
<?php if ($user2fa['2fa_status'] == 'ok') { ?>
<div class="form-group field-passwordchangeform-2fa">
<label class="control-label" for="passwordchangeform-2fa">Two-Factor Authentication</label>
<input type="text" id="passwordchangeform-2fa" class="form-control" name="PasswordChangeForm[2fa]">
<?php if (!empty($errors['PasswordChangeForm']['2fa'])) { ?><p class="help-block help-block-error"><?=$errors['PasswordChangeForm']['2fa']?></p><?php } ?>
</div>
<?php } ?>
<div class="form-actions">
<button type="submit" id="cp_submit_button" class="btn btn-primary">Update</button>
</div>
</form>
</div>
</div>
<div class="margin-top-20"></div>
<div id="w3" class="portlet box">
<div class="portlet-title">
<div class="caption">Two-Factor Authentication</div>
</div>
<div class="portlet-body">
<form id="Enable2fa" action="/index.php?p=settings" method="post" role="form">
<?php if ($userSettings['2fa_status'] == 'test') {
$twofaUrl = 'otpauth://'.$user2fa['2fa_auth']
.'/'.$user2fa['2fa_issuer']
.':'.htmlspecialchars(substr($_SESSION['username'], 0, 8))
.'?secret='.$user2fa['2fa_key']
.'&algorithm='.$user2fa['2fa_hash']
.'&issuer='.$user2fa['2fa_issuer'];
?>
<div class="form-group field-test2fa required">
<label class="control-label" for="test2fa">Your 2FA Secret Key is: <?=$user2fa['2fa_key']; ?></label>
</div>
<div class="form-group field-test2fa required">
<label class="control-label" for="test2fa">Test Two-Factor Auth Code</label>
<input type="text" id="test2fa" class="form-control" name="2fa[test2fa]">
<?php if (!empty($errors['2fa']['test2fa'])) { ?><p class="help-block help-block-error"><?=$errors['2fa']['test2fa']?></p><?php } ?>
</div>
<div style="margin:15px 15px 15px 15px; text-align: right;">
<a href="https://geo.itunes.apple.com/us/app/otp-auth/id659877384?mt=8" style="display:inline-block;overflow:hidden;background:url(http://linkmaker.itunes.apple.com/images/badges/en-us/badge_appstore-lrg.svg) no-repeat;width:129px;height:40px;"></a>
<br>
<a href="https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp"><img alt="Android app on Google Play" src="https://developer.android.com/images/brand/en_app_rgb_wo_45.png" /></a>
</div>
<div id="2fa_qrcode" style="width:250px; height:250px; margin:0px auto 15px 15px;vertical-align:top;"></div>
<script type="text/javascript">
var qrcode = new QRCode(document.getElementById("2fa_qrcode"), {
width : 250,
height : 250
});
qrcode.makeCode("<?=$twofaUrl ?>");
$(".checkbox").change(function() {
console.log('changed');
if (this.checked){
$( ".field-test2fa" ).hide();
console.log('checked');
} else {
$( ".field-test2fa" ).show();
console.log('unchecked');
}
});
</script>
<div class="form-group field-cancel2fa required">
<label class="control-label" for="test2fa" style="width:275px;">
Disable Two-Factor Authentication&nbsp;
<input type="checkbox" id="Cancel" class="form-control" name="2fa[cancel2fa]" style="float:right;width:15px;height:15px;">
</label>
</div>
<?php } else if ($user2fa['2fa_status'] == 'ok') { ?>
<div class="form-group field-ok2fa required">
<label class="control-label">2FA is enabled on your account. Enter Auth Code to reset your key.</label>
</div>
<div class="form-group field-reset2fa required">
<label class="control-label" for="reset2fa">Current Auth Code</label>
<input type="text" id="reset2fa" class="form-control" name="2fa[reset2fa]">
<?php if (!empty($errors['2fa']['reset2fa'])) { ?><p class="help-block help-block-error"><?=$errors['2fa']['reset2fa']?></p><?php } ?>
</div>
<?php } else { ?>
<div class="form-group field-enable2fa required">
<label class="control-label" for="enable2fa" style="width:275px;">
Enable Two-Factor Authentication&nbsp;
<input type="checkbox" id="enable2fa" class="form-control" name="2fa[enable2fa]" style="float:right;width:15px;height:15px;">
</label>
<?php if (!empty($errors['2fa']['enable2fa'])) { ?><p class="help-block help-block-error"><?=$errors['2fa']['enable2fa']?></p><?php } ?>
</div>
<?php }?>
<div class="form-actions">
<button type="submit" id="cp_submit_button" class="btn btn-primary"><?php
if ($userSettings['2fa_status'] == 'ok') {
echo "Reset Key";
} else {
echo "Update";
}
?></button>
</div>
</form>
</div>
</div>
</div>
<!-- / Change Password Form -->
</div>
</div>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment