Show error message on login when account has not yet been created
This commit is contained in:
Daniel Winzen
@ -392,9 +392,10 @@ function ftp_recursive_upload($ftp, $path){
|
||||
|
||||
function ftp_recursive_delete($ftp, $file){
|
||||
if(@ftp_chdir($ftp, $file)){
|
||||
$list = ftp_nlist($ftp, '.');
|
||||
foreach($list as $tmp){
|
||||
ftp_recursive_delete($ftp, $tmp);
|
||||
if($list = ftp_nlist($ftp, '.')){
|
||||
foreach($list as $tmp){
|
||||
ftp_recursive_delete($ftp, $tmp);
|
||||
}
|
||||
}
|
||||
ftp_chdir($ftp, '..');
|
||||
ftp_rmdir($ftp, $file);
|
||||
@ -433,11 +434,14 @@ function send_edit($ftp, $dir){
|
||||
$tmpfile='/tmp/'.uniqid();
|
||||
foreach($_POST['files'] as $file){
|
||||
echo '<tr><td>'.htmlspecialchars($file).'</td><td><textarea name="files['.htmlspecialchars($file).']" rows="10" cols="30">';
|
||||
ftp_get($ftp, $tmpfile, $file, FTP_BINARY);
|
||||
echo htmlspecialchars(file_get_contents($tmpfile));
|
||||
if(ftp_get($ftp, $tmpfile, $file, FTP_BINARY)){
|
||||
echo htmlspecialchars(file_get_contents($tmpfile));
|
||||
}
|
||||
echo '</textarea></td></tr>';
|
||||
}
|
||||
unlink($tmpfile);
|
||||
if(file_exists($tmpfile)){
|
||||
unlink($tmpfile);
|
||||
}
|
||||
echo '</table>';
|
||||
echo '<input type="submit" name="edit_2" value="Save"></form>';
|
||||
echo '<p><a href="files.php?path='.htmlspecialchars($dir).'">Go back</a>.</p>';
|
||||
|
||||
@ -22,20 +22,29 @@ if($_SERVER['REQUEST_METHOD']==='POST'){
|
||||
$msg.='<p style="color:red;">Error: username may not be empty.</p>';
|
||||
$ok=false;
|
||||
}else{
|
||||
$stmt=$db->prepare('SELECT username, password FROM users WHERE username=?;');
|
||||
$stmt=$db->prepare('SELECT username, password, onion FROM users WHERE username=?;');
|
||||
$stmt->execute([$_POST['username']]);
|
||||
$tmp=[];
|
||||
if(($tmp=$stmt->fetch(PDO::FETCH_NUM))===false && preg_match('/^([2-7a-z]{16}).onion$/', $_POST['username'], $match)){
|
||||
$stmt=$db->prepare('SELECT username, password FROM users WHERE onion=?;');
|
||||
$stmt=$db->prepare('SELECT username, password, onion FROM users WHERE onion=?;');
|
||||
$stmt->execute([$match[1]]);
|
||||
$tmp=$stmt->fetch(PDO::FETCH_NUM);
|
||||
}
|
||||
if($tmp){
|
||||
if(!isset($_POST['pass']) || !password_verify($_POST['pass'], $tmp[1])){
|
||||
$username=$tmp[0];
|
||||
$password=$tmp[1];
|
||||
$stmt=$db->prepare('SELECT approved FROM new_account WHERE onion=?;');
|
||||
$stmt->execute([$tmp[2]]);
|
||||
if($tmp=$stmt->fetch(PDO::FETCH_NUM)){
|
||||
if(REQUIRE_APPROVAL && !$tmp[0]){
|
||||
$msg.='<p style="color:red;">Error: Your account is pending admin approval. Please try again later.</p>';
|
||||
}else{
|
||||
$msg.='<p style="color:red;">Error: Your account is pending creation. Please try again in a minute.</p>';
|
||||
}
|
||||
$ok=false;
|
||||
}elseif(!isset($_POST['pass']) || !password_verify($_POST['pass'], $password)){
|
||||
$msg.='<p style="color:red;">Error: wrong password.</p>';
|
||||
$ok=false;
|
||||
}else{
|
||||
$username=$tmp[0];
|
||||
}
|
||||
}else{
|
||||
$msg.='<p style="color:red;">Error: username was not found. If you forgot it, you can enter youraccount.onion instead.</p>';
|
||||
|
||||
Reference in New Issue
Block a user