diff --git a/public/include/pages/account/edit.inc.php b/public/include/pages/account/edit.inc.php index d775b6c0..fd819f51 100644 --- a/public/include/pages/account/edit.inc.php +++ b/public/include/pages/account/edit.inc.php @@ -4,13 +4,27 @@ if (!defined('SECURITY')) die('Hacking attempt'); -// 2fa tpl stuff $cp_editable = $wf_editable = $ea_editable = $wf_sent = $ea_sent = $cp_sent = 0; -$ea_token = (!isset($_GET['ea_token'])) ? '' : $_GET['ea_token']; -$cp_token = (!isset($_GET['cp_token'])) ? '' : $_GET['cp_token']; -$wf_token = (!isset($_GET['wf_token'])) ? '' : $_GET['wf_token']; + +// stupid hack to fix input when an error happened with a valid token +$ea_token = (!isset($_POST['ea_token'])) ? '' : $_POST['ea_token']; +$cp_token = (!isset($_POST['cp_token'])) ? '' : $_POST['cp_token']; +$wf_token = (!isset($_POST['wf_token'])) ? '' : $_POST['wf_token']; +// set old token and type so we can use it later +$old_token = ""; +$old_token_type = 0; +if ($ea_token !== "") { + $old_token = $ea_token; + $old_token_type = 5; +} else if ($wf_token !== "") { + $old_token = $wf_token; + $old_token_type = 7; +} else if ($cp_token !== "") { + $old_token_type = 6; + $old_token = $cp_token; +} + if ($user->isAuthenticated()) { - // update 2f tpl stuff if ($config['twofactor']['enabled']) { $popupmsg = 'E-mail confirmations are required for '; $popuptypes = array(); @@ -59,10 +73,6 @@ if ($user->isAuthenticated()) { if ($isvalid) { $ctype = strip_tags($_POST['utype']); $send = $user->sendChangeConf($ctype, $_SESSION['USERDATA']['id']); - // set to sent for this pageload - if ($ctype == 'account_edit') $ea_sent = 1; - if ($ctype == 'change_pw') $cp_sent = 1; - if ($ctype == 'withdraw_funds') $wf_sent = 1; if ($send) { $_SESSION['POPUP'][] = array('CONTENT' => 'A confirmation was sent to your e-mail, follow that link to continue', 'TYPE' => 'success'); } else { @@ -70,9 +80,18 @@ if ($user->isAuthenticated()) { } } } else { - $ea_token = (!isset($_POST['ea_token'])) ? '' : $_POST['ea_token']; - $cp_token = (!isset($_POST['cp_token'])) ? '' : $_POST['cp_token']; - $wf_token = (!isset($_POST['wf_token'])) ? '' : $_POST['wf_token']; + // back to get, was only post to fix for stupid hack + $ea_token = (!isset($_GET['ea_token'])) ? '' : $_GET['ea_token']; + $cp_token = (!isset($_GET['cp_token'])) ? '' : $_GET['cp_token']; + $wf_token = (!isset($_GET['wf_token'])) ? '' : $_GET['wf_token']; + if ($ea_token == '' && isset($_POST['ea_token']) && strlen($_POST['ea_token']) > 1) { + $ea_token = $_POST['ea_token']; + } else if ($ea_token == '' && isset($_POST['cp_token']) && strlen($_POST['cp_token']) > 1) { + $cp_token = $_POST['cp_token']; + } else if ($wf_token == '' && isset($_POST['wf_token']) && strlen($_POST['wf_token']) > 1) { + $wf_token = $_POST['wf_token']; + } + switch (@$_POST['do']) { case 'cashOut': if ($setting->getValue('disable_payouts') == 1 || $setting->getValue('disable_manual_payouts') == 1) { @@ -83,7 +102,6 @@ if ($user->isAuthenticated()) { if ($dBalance > $config['txfee']) { if (!$oPayout->isPayoutActive($_SESSION['USERDATA']['id'])) { if ($iPayoutId = $oPayout->createPayout($_SESSION['USERDATA']['id'], $wf_token)) { - $wf_sent = 0; $_SESSION['POPUP'][] = array('CONTENT' => 'Created new manual payout request with ID #' . $iPayoutId); } else { $_SESSION['POPUP'][] = array('CONTENT' => $iPayoutId->getError(), 'TYPE' => 'errormsg'); @@ -99,7 +117,6 @@ if ($user->isAuthenticated()) { case 'updateAccount': if ($user->updateAccount($_SESSION['USERDATA']['id'], $_POST['paymentAddress'], $_POST['payoutThreshold'], $_POST['donatePercent'], $_POST['email'], $_POST['is_anonymous'], $ea_token)) { - $ea_sent = 0; $_SESSION['POPUP'][] = array('CONTENT' => 'Account details updated', 'TYPE' => 'success'); } else { $_SESSION['POPUP'][] = array('CONTENT' => 'Failed to update your account: ' . $user->getError(), 'TYPE' => 'errormsg'); @@ -108,7 +125,6 @@ if ($user->isAuthenticated()) { case 'updatePassword': if ($user->updatePassword($_SESSION['USERDATA']['id'], $_POST['currentPassword'], $_POST['newPassword'], $_POST['newPassword2'], $cp_token)) { - $cp_sent = 0; $_SESSION['POPUP'][] = array('CONTENT' => 'Password updated', 'TYPE' => 'success'); } else { $_SESSION['POPUP'][] = array('CONTENT' => $user->getError(), 'TYPE' => 'errormsg'); @@ -119,17 +135,16 @@ if ($user->isAuthenticated()) { } } } -// one last time so we can sync with changes we made during this page +// 2fa - one last time so we can sync with changes we made during this page if ($user->isAuthenticated() && $config['twofactor']['enabled']) { - // stupid little hack because different request types - if (@$_POST['do'] !== 'genPin' || isset($_POST['unlock'])) { - $ea_token = (!isset($_GET['ea_token'])) ? '' : $_GET['ea_token']; - $cp_token = (!isset($_GET['cp_token'])) ? '' : $_GET['cp_token']; - $wf_token = (!isset($_GET['wf_token'])) ? '' : $_GET['wf_token']; - } else { - $ea_token = (!isset($_POST['ea_token'])) ? '' : $_POST['ea_token']; - $cp_token = (!isset($_POST['cp_token'])) ? '' : $_POST['cp_token']; - $wf_token = (!isset($_POST['wf_token'])) ? '' : $_POST['wf_token']; + // stupid hack part deux + // set the token to be the old token so we still have it if it errors out + if ($old_token_type == 5) { + $ea_token = $old_token; + } else if ($old_token_type == 7) { + $wf_token = $old_token; + } else if ($old_token_type == 6) { + $cp_token = $old_token; } if ($config['twofactor']['options']['details']) { $ea_editable = $user->token->isTokenValid($_SESSION['USERDATA']['id'], $ea_token, 5);