Single-sign-on and self-serve account management. https://netsyms.biz/apps/accounthub
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120
  1. <?php
  2. /* This Source Code Form is subject to the terms of the Mozilla Public
  3. * License, v. 2.0. If a copy of the MPL was not distributed with this
  4. * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
  5. /**
  6. * Make things happen when buttons are pressed and forms submitted.
  7. */
  8. require_once __DIR__ . "/required.php";
  9. use OTPHP\TOTP;
  10. // If the user presses Sign Out but we're not logged in anymore,
  11. // we don't want to show a nasty error.
  12. if ($VARS['action'] == 'signout' && $_SESSION['loggedin'] != true) {
  13. session_destroy();
  14. header('Location: index.php');
  15. die("Logged out (session was expired anyways).");
  16. }
  17. dieifnotloggedin();
  18. function returnToSender($msg, $arg = "") {
  19. global $VARS;
  20. $header = "Location: app.php?page=" . urlencode($VARS['source']) . "&msg=$msg";
  21. if ($arg != "") {
  22. $header .= "&arg=$arg";
  23. }
  24. header($header);
  25. die();
  26. }
  27. switch ($VARS['action']) {
  28. case "signout":
  29. Log::insert(LogType::LOGOUT, $_SESSION['uid']);
  30. session_destroy();
  31. header('Location: index.php?logout=1');
  32. die("Logged out.");
  33. case "chpasswd":
  34. engageRateLimit();
  35. $error = [];
  36. $user = new User($_SESSION['uid']);
  37. try {
  38. $result = $user->changePassword($VARS['oldpass'], $VARS['newpass'], $VARS['conpass']);
  39. if ($result === TRUE) {
  40. returnToSender("password_updated");
  41. }
  42. } catch (PasswordMatchException $e) {
  43. returnToSender("passwords_same");
  44. } catch (PasswordMismatchException $e) {
  45. returnToSender("new_password_mismatch");
  46. } catch (IncorrectPasswordException $e) {
  47. returnToSender("old_password_mismatch");
  48. } catch (WeakPasswordException $e) {
  49. returnToSender("weak_password");
  50. }
  51. break;
  52. case "chpin":
  53. engageRateLimit();
  54. $error = [];
  55. if (!($VARS['newpin'] == "" || (is_numeric($VARS['newpin']) && strlen($VARS['newpin']) >= 1 && strlen($VARS['newpin']) <= 8))) {
  56. returnToSender("invalid_pin_format");
  57. }
  58. if ($VARS['newpin'] == $VARS['conpin']) {
  59. $database->update('accounts', ['pin' => ($VARS['newpin'] == "" ? null : $VARS['newpin'])], ['uid' => $_SESSION['uid']]);
  60. returnToSender("pin_updated");
  61. }
  62. returnToSender("new_pin_mismatch");
  63. break;
  64. case "add2fa":
  65. if (empty($VARS['secret'])) {
  66. returnToSender("invalid_parameters");
  67. }
  68. $user = new User($_SESSION['uid']);
  69. $totp = new TOTP(null, $VARS['secret']);
  70. if (!$totp->verify($VARS["totpcode"])) {
  71. returnToSender("2fa_wrong_code");
  72. }
  73. $user->save2fa($VARS['secret']);
  74. Log::insert(LogType::ADDED_2FA, $user);
  75. returnToSender("2fa_enabled");
  76. case "rm2fa":
  77. engageRateLimit();
  78. (new User($_SESSION['uid']))->save2fa("");
  79. Log::insert(LogType::REMOVED_2FA, $_SESSION['uid']);
  80. returnToSender("2fa_removed");
  81. break;
  82. case "readnotification":
  83. $user = new User($_SESSION['uid']);
  84. if (empty($VARS['id'])) {
  85. returnToSender("invalid_parameters#notifications");
  86. }
  87. try {
  88. Notifications::read($user, $VARS['id']);
  89. returnToSender("#notifications");
  90. } catch (Exception $ex) {
  91. returnToSender("invalid_parameters#notifications");
  92. }
  93. break;
  94. case "deletenotification":
  95. $user = new User($_SESSION['uid']);
  96. if (empty($VARS['id'])) {
  97. returnToSender("invalid_parameters#notifications");
  98. }
  99. try {
  100. Notifications::delete($user, $VARS['id']);
  101. returnToSender("notification_deleted#notifications");
  102. } catch (Exception $ex) {
  103. returnToSender("invalid_parameters#notifications");
  104. }
  105. break;
  106. case "resetfeedkey":
  107. $database->delete('userkeys', ['AND' => ['uid' => $_SESSION['uid'], 'typeid' => 1]]);
  108. returnToSender("feed_key_reset");
  109. break;
  110. }