RanchiMall/php-mpos
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix how late we delete tokens for 2fa

Browse Source
This commit is contained in:
xisi 2014-01-15 10:35:24 -05:00
parent d9d678be61
commit 96b734edaa
2 changed files with 30 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
public/include/classes/payout.class.php
View File

@ -37,18 +37,18 @@ class Payout Extends Base {
* @return data mixed Inserted ID or false
**/
public function createPayout($account_id=NULL, $strToken) {
// twofactor - consume the token if it is enabled and valid
if ($this->config['twofactor']['enabled'] && $this->config['twofactor']['options']['withdraw']) {
$tValid = $this->token->isTokenValid($account_id, $strToken, 7);
if ($tValid) {
$this->token->deleteToken($strToken);
} else {
$this->setErrorMessage('Invalid token');
return false;
}
}
$stmt = $this->mysqli->prepare("INSERT INTO $this->table (account_id) VALUES (?)");
if ($stmt && $stmt->bind_param('i', $account_id) && $stmt->execute()) {
// twofactor - consume the token if it is enabled and valid
if ($this->config['twofactor']['enabled'] && $this->config['twofactor']['options']['withdraw']) {
$tValid = $this->token->isTokenValid($account_id, $strToken, 7);
if ($tValid) {
$this->token->deleteToken($strToken);
} else {
$this->setErrorMessage('Invalid token');
return false;
}
}
return $stmt->insert_id;
}
return $this->sqlError('E0049');

41
public/include/classes/user.class.php
View File

@ -311,16 +311,6 @@ class User extends Base {
$this->setErrorMessage( 'New password is too short, please use more than 8 chars' );
return false;
}
// twofactor - consume the token if it is enabled and valid
if ($this->config['twofactor']['enabled'] && $this->config['twofactor']['options']['changepw']) {
$tValid = $this->token->isTokenValid($userID, $strToken, 6);
if ($tValid) {
$this->token->deleteToken($strToken);
} else {
$this->setErrorMessage('Invalid token');
return false;
}
}
$current = $this->getHash($current);
$new = $this->getHash($new1);
$stmt = $this->mysqli->prepare("UPDATE $this->table SET pass = ? WHERE ( id = ? AND pass = ? )");
@ -328,6 +318,16 @@ class User extends Base {
$stmt->bind_param('sis', $new, $userID, $current);
$stmt->execute();
if ($stmt->errno == 0 && $stmt->affected_rows === 1) {
// twofactor - consume the token if it is enabled and valid
if ($this->config['twofactor']['enabled'] && $this->config['twofactor']['options']['changepw']) {
$tValid = $this->token->isTokenValid($userID, $strToken, 6);
if ($tValid) {
$this->token->deleteToken($strToken);
} else {
$this->setErrorMessage('Invalid token');
return false;
}
}
return true;
}
$stmt->close();
@ -395,20 +395,19 @@ class User extends Base {
$threshold = min($this->config['ap_threshold']['max'], max(0, floatval($threshold)));
$donate = min(100, max(0, floatval($donate)));
// twofactor - consume the token if it is enabled and valid
if ($this->config['twofactor']['enabled'] && $this->config['twofactor']['options']['details']) {
$tValid = $this->token->isTokenValid($userID, $strToken, 5);
if ($tValid) {
$this->token->deleteToken($strToken);
} else {
$this->setErrorMessage('Invalid token');
return false;
}
}
// We passed all validation checks so update the account
$stmt = $this->mysqli->prepare("UPDATE $this->table SET coin_address = ?, ap_threshold = ?, donate_percent = ?, email = ?, is_anonymous = ? WHERE id = ?");
if ($this->checkStmt($stmt) && $stmt->bind_param('sddsii', $address, $threshold, $donate, $email, $is_anonymous, $userID) && $stmt->execute())
// twofactor - consume the token if it is enabled and valid
if ($this->config['twofactor']['enabled'] && $this->config['twofactor']['options']['details']) {
$tValid = $this->token->isTokenValid($userID, $strToken, 5);
if ($tValid) {
$this->token->deleteToken($strToken);
} else {
$this->setErrorMessage('Invalid token');
return false;
}
}
return true;
// Catchall
$this->setErrorMessage('Failed to update your account');