RanchiMall/php-mpos
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[SECURITY] Fixed 2FA on the account edit page

Browse Source 
* Fixes 2FA Tokens on the account page
* 2FA was skipped until now :-/

No open ticket for this, reported by dev.
This commit is contained in:
Sebastian Grewe 2014-04-16 19:32:49 +02:00
parent a5fe6236e1
commit 554742c139
1 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
public/include/pages/account/edit.inc.php
View File

@ -100,6 +100,8 @@ if ($user->isAuthenticated()) {
$dBalance = $aBalance['confirmed']; $dBalance = $aBalance['confirmed'];
if ($setting->getValue('disable_payouts') == 1 || $setting->getValue('disable_manual_payouts') == 1) { if ($setting->getValue('disable_payouts') == 1 || $setting->getValue('disable_manual_payouts') == 1) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Manual payouts are disabled.', 'TYPE' => 'alert alert-warning'); $_SESSION['POPUP'][] = array('CONTENT' => 'Manual payouts are disabled.', 'TYPE' => 'alert alert-warning');
} else if ($config['twofactor']['enabled'] && $config['twofactor']['options']['withdraw'] && !$wf_editable) {
$_SESSION['POPUP'][] = array('CONTENT' => 'You have not yet unlocked account withdrawls.', 'TYPE' => 'alert alert-danger');
} else if ($aBalance['confirmed'] < $config['mp_threshold']) { } else if ($aBalance['confirmed'] < $config['mp_threshold']) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Payout must be greater or equal than ' . $config['mp_threshold'] . '.', 'TYPE' => 'info'); $_SESSION['POPUP'][] = array('CONTENT' => 'Payout must be greater or equal than ' . $config['mp_threshold'] . '.', 'TYPE' => 'info');
} else if (!$user->getCoinAddress($_SESSION['USERDATA']['id'])) { } else if (!$user->getCoinAddress($_SESSION['USERDATA']['id'])) {
@ -127,7 +129,9 @@ if ($user->isAuthenticated()) {
break; break;
case 'updateAccount': case 'updateAccount':
if (!$config['csrf']['enabled'] || $config['csrf']['enabled'] && $csrftoken->valid) { if ($config['twofactor']['enabled'] && $config['twofactor']['options']['details'] && !$ea_editable) {
$_SESSION['POPUP'][] = array('CONTENT' => 'You have not yet unlocked account updates.', 'TYPE' => 'alert alert-danger');
} else if (!$config['csrf']['enabled'] || $config['csrf']['enabled'] && $csrftoken->valid) {
if ($user->updateAccount($_SESSION['USERDATA']['id'], $_POST['paymentAddress'], $_POST['payoutThreshold'], $_POST['donatePercent'], $_POST['email'], $_POST['is_anonymous'], $oldtoken_ea)) { if ($user->updateAccount($_SESSION['USERDATA']['id'], $_POST['paymentAddress'], $_POST['payoutThreshold'], $_POST['donatePercent'], $_POST['email'], $_POST['is_anonymous'], $oldtoken_ea)) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Account details updated', 'TYPE' => 'alert alert-success'); $_SESSION['POPUP'][] = array('CONTENT' => 'Account details updated', 'TYPE' => 'alert alert-success');
} else { } else {
@ -139,7 +143,9 @@ if ($user->isAuthenticated()) {
break; break;
case 'updatePassword': case 'updatePassword':
if (!$config['csrf']['enabled'] || $config['csrf']['enabled'] && $csrftoken->valid) { if ($config['twofactor']['enabled'] && $config['twofactor']['options']['changepw'] && !$cp_editable) {
$_SESSION['POPUP'][] = array('CONTENT' => 'You have not yet unlocked password updates.', 'TYPE' => 'alert alert-danger');
} else if (!$config['csrf']['enabled'] || $config['csrf']['enabled'] && $csrftoken->valid) {
if ($user->updatePassword($_SESSION['USERDATA']['id'], $_POST['currentPassword'], $_POST['newPassword'], $_POST['newPassword2'], $oldtoken_cp)) { if ($user->updatePassword($_SESSION['USERDATA']['id'], $_POST['currentPassword'], $_POST['newPassword'], $_POST['newPassword2'], $oldtoken_cp)) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Password updated', 'TYPE' => 'alert alert-success'); $_SESSION['POPUP'][] = array('CONTENT' => 'Password updated', 'TYPE' => 'alert alert-success');
} else { } else {