From 09ec100c2113812f2d6ac63bee266cbd96bbb407 Mon Sep 17 00:00:00 2001
From: Justin <me@justa.us>
Date: Wed, 20 Jul 2022 09:29:19 -0400
Subject: [PATCH] Add files via upload

---
 forgot/forgot.php |  73 +++++++++++++++++++++++++++++++++
 forgot/index.php  |  88 ++++++++++++++++++++++++++++++++++++++-
 forgot/r.php      |  63 ++++++++++++++++++++++++++++
 forgot/reset.php  | 102 ++++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 325 insertions(+), 1 deletion(-)
 create mode 100644 forgot/forgot.php
 create mode 100644 forgot/r.php
 create mode 100644 forgot/reset.php

diff --git a/forgot/forgot.php b/forgot/forgot.php
new file mode 100644
index 0000000..ad061e0
--- /dev/null
+++ b/forgot/forgot.php
@@ -0,0 +1,73 @@
+<?php
+session_start();
+require_once("../inc/conx.php");
+if($logged_in == true) {
+  header("location: /");
+  exit();
+}
+# POST DATA
+$email_p = safe($_POST['email']);
+$username_p = safe($_POST['username']);
+
+// hash the email
+$email_hasher = "make ur own random shit here like ...asfkjfj&*Y$#@JK.asfdHf... i know this shit prob aint too secure maybe but i tried";
+$email_hashed = hash("sha256",$email_hasher.$email_p);
+
+if($email_p) {
+  $cs = mysqli_query($conx, "SELECT username,email_secure FROM accounts WHERE email_secure='$email_hashed' && username='$username_p'");
+  $ccnt = mysqli_num_rows($cs);
+  if(filter_var($email_p, FILTER_VALIDATE_EMAIL) === false) {
+    $_SESSION['m2'] = "e_inv";
+    header("location: /forgot");
+    exit();
+  }
+  if($ccnt == '0') {
+    $_SESSION['m'] = "generr";
+    header("location: /forgot");
+    exit();
+  }
+  $cr = @mysqli_fetch_assoc($cs);
+  $c_username = $cr['username'];
+  $c_email = $cr['email_secure'];
+  # GENERATE KEY TO RESET
+  function genR($length = 10) {
+    return substr(str_shuffle("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, $length);
+  }
+  $resetid = genR();
+  $ipaddr_r = $_SERVER['REMOTE_ADDR'];
+  $useragent_r = $_SERVER['HTTP_USER_AGENT'];
+  # CHECK TO SEE IF A RESET EMAIL HAS ALREADY BEEN SENT
+  $qqq = mysqli_query($conx, "SELECT email_secure FROM forgot_password WHERE email_secure='$c_email'");
+  $qqqnt = mysqli_num_rows($qqq);
+  if($qqqnt > 0) {
+    mysqli_query($conx, "UPDATE forgot_password SET uqid='$resetid' WHERE email_secure='$c_email'");
+    mysqli_query($conx, "UPDATE forgot_password SET tstamp='$tstamp' WHERE email_secure='$c_email'");
+    mysqli_query($conx, "UPDATE forgot_password SET ua='$useragent_r' WHERE email_secure='$c_email'");
+    mysqli_query($conx, "UPDATE forgot_password SET ip='$ipaddr_r' WHERE email_secure='$c_email'");
+  }
+  else {
+  # INSERT RESET DETAILS
+  $innss = mysqli_query($conx, "INSERT INTO forgot_password (ip,ua,tstamp,uqid,email_secure,username) VALUES ('$ipaddr_r','$useragent_r','$tstamp','$resetid','$c_email','$c_username')");
+  }
+  # PUSH OUT EMAIL
+  $to = $email_p;
+  $subject = "misdew.com password reset";
+  $txt = "$c_username, <br>
+        A password reset was requested for your account. <br>
+        Follow the link below to continue. <br><br>
+        <a href=\"http://misdew.com/forgot/reset.php?k=$resetid\">http://misdew.com/forgot/reset.php?k=$resetid</a> <br><br>
+      </span>
+    </center>";
+  $headers = "Content-Type: text/html; charset=utf-8";
+  mail($to,$subject,$txt,$headers);
+  $_SESSION['m4'] = "em_ss";
+  header("location: /forgot");
+  exit();
+}
+else {
+  $_SESSION['m3'] = "all_req";
+  header("location: /forgot");
+  exit();
+}
+session_destroy();
+?>
diff --git a/forgot/index.php b/forgot/index.php
index 8b13789..d700889 100644
--- a/forgot/index.php
+++ b/forgot/index.php
@@ -1 +1,87 @@
-
+<?php
+require_once("../inc/conx.php");
+if($logged_in == true) {
+  header("location: /");
+  exit();
+}
+?>
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Misdew</title>
+  <meta charset="utf-8">
+  <meta name="description" content="We are a fairly cool social network.">
+  <meta name="keywords" content="Misdew, MD, Social, Network, Communication, 3DS, DSi, Nintendo">
+  <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
+  <meta name="google" value="notranslate">
+  <meta name="theme-color" content="#a64ca6">
+  <link rel="stylesheet" type="text/css" href="/css/consistent.css">
+  <link rel="icon" type="image/png" href="/img/favicon.png">
+  <link rel="apple-touch-icon" href="/img/logo.png">
+</head>
+<body>
+  <center>
+    <?php
+    session_start();
+    $back_button = true;
+    $linebreak = true;
+    require_once("../inc/header.php");
+    // possible session messages
+    if (isset($_SESSION['m3']) == 'all_req') {
+      echo "<div class=\"error_msg\">You must enter an email.</div> <br>";
+      unset($_SESSION['m3']);
+    }
+    elseif (isset($_SESSION['m']) == 'generr') {
+      echo "<div class=\"error_msg\">There was an error.</div> <br>";
+      unset($_SESSION['m']);
+    }
+    elseif (isset($_SESSION['m2']) == 'e_inv') {
+      echo "<div class=\"error_msg\">The email you entered is not in a valid format.</div> <br>";
+      unset($_SESSION['m2']);
+    }
+    elseif (isset($_SESSION['m4']) == 'em_ss') {
+      echo "<div class=\"error_msg\">We sent you an email.</div> <br>";
+      unset($_SESSION['m4']);
+    }
+    elseif (isset($_SESSION['m5']) == 'ef_hef') {
+      echo "<div class=\"error_msg\">That reset link is invalid. Request a new one.</div> <br>";
+      unset($_SESSION['m5']);
+    }
+    else {
+      echo "<div class=\"error_msg\">Enter the credentials associated with your account.
+      <br> We will send you an email.</div> <br>";
+    }
+    ?>
+    <form action="forgot.php" method="post" autocomplete="off">
+      <table class="form_tble">
+        <tr>
+          <td>
+            <input id="access" name="username" type="text" placeholder="username" class="form_input">
+          </td>
+        </tr>
+        <tr>
+          <td>
+            <input id="access" name="email" type="text" placeholder="email" class="form_input">
+          </td>
+        </tr>
+        <tr>
+          <td class="form_tdpad">
+            <input type="submit" value="reset" class="form_submit">
+          </td>
+        </tr>
+      </table>
+    </form>
+    <table class="form_btap" onclick="window.location='/';">
+      <tr>
+        <td>
+          tap to login
+        </td>
+      </tr>
+    </table> <br>
+    <span style="font-family: 'Dosis', sans-serif; color: #808080; font-size: 12px;">Still need help? Send an email to <b>me@justa.us</b></span> <br>
+    <?php
+    require_once("../inc/footer.php");
+    ?>
+  </center>
+</body>
+</html>
diff --git a/forgot/r.php b/forgot/r.php
new file mode 100644
index 0000000..b2db405
--- /dev/null
+++ b/forgot/r.php
@@ -0,0 +1,63 @@
+<?php
+session_start();
+require_once("../inc/conx.php");
+if($logged_in == true) {
+  header("location: /");
+  exit();
+}
+# POST DATA
+$resetid_p = safe($_GET['k']);
+$newpass_p = safe($_POST['newpass']);
+$cnewpass_p = safe($_POST['confnewpass']);
+if($resetid_p && $newpass_p && $cnewpass_p) {
+  $cs = mysqli_query($conx, "SELECT tstamp,uqid,username,email_secure FROM forgot_password WHERE uqid='$resetid_p'");
+  $ccnt = mysqli_num_rows($cs);
+  if($ccnt == '0') {
+    $_SESSION['m5'] = "ef_hef";
+    header("location: /forgot");
+    exit();
+  }
+  $crs = mysqli_fetch_assoc($cs);
+  $rs_tstamp = $crs['tstamp'];
+  $rs_uqid = $crs['uqid'];
+  $rs_username = $crs['username'];
+  $rs_email = $crs['email_secure'];
+  # MAKE SURE LINK HASN'T REACHED ONE HOUR EXPIRE LIMIT
+  $tttstamp = $rs_tstamp + 3600;
+  if($tstamp >= $tttstamp) {
+    mysqli_query($conx, "DELETE FROM forgot_password WHERE email_secure='$rs_email'");
+    $_SESSION['m5'] = "ef_hef";
+    header("location: /forgot");
+    exit();
+  }
+  if($newpass_p != $cnewpass_p) {
+    $_SESSION['m'] = "p_dnm";
+    header("location: /forgot/reset.php?k=$resetid_p");
+    exit();
+  }
+  function geddit($length = 50) {
+    return substr(str_shuffle("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, $length);
+  }
+  $newstr = geddit();
+  $newhashpass = hash("sha256",$rs_username.$newpass_p);
+  mysqli_query($conx, "UPDATE accounts SET password='$newhashpass' WHERE username='$rs_username'");
+  mysqli_query($conx, "UPDATE accounts SET rstringc='$newstr' WHERE username='$rs_username'");
+  mysqli_query($conx, "DELETE FROM forgot_password WHERE email_secure='$rs_email'");
+  # LOG USER IN TO ACCOUNT
+  $cs = mysqli_query($conx, "SELECT rstringa,rstringb,rstringc FROM accounts WHERE username='$rs_username'");
+  $cr = @mysqli_fetch_assoc($cs);
+  $c_rstringa = $cr['rstringa'];
+  $c_rstringb = $cr['rstringb'];
+  $c_rstringc = $cr['rstringc'];
+  setcookie("akgnxoPwqlIs", $c_rstringa, time()+3600*24*30, '/', '.misdew.com');
+  setcookie("LoILilzcnmwe", $c_rstringb, time()+3600*24*30, '/', '.misdew.com');
+  setcookie("puTtxXvbEkOo", $c_rstringc, time()+3600*24*30, '/', '.misdew.com');
+  header("location: /");
+  exit("");
+}
+else {
+  $_SESSION['m3'] = "all_req";
+  header("location: /forgot/reset.php?k=$resetid_p");
+  exit();
+}
+?>
diff --git a/forgot/reset.php b/forgot/reset.php
new file mode 100644
index 0000000..3ffb17e
--- /dev/null
+++ b/forgot/reset.php
@@ -0,0 +1,102 @@
+<?php
+session_start();
+require_once("../inc/conx.php");
+if($logged_in == true) {
+  header("location: /");
+  exit();
+}
+# POST DATA
+$resetid_p = safe($_GET['k']);
+if($resetid_p) {
+  $cs = mysqli_query($conx, "SELECT tstamp,uqid,username,email_secure FROM forgot_password WHERE uqid='$resetid_p'");
+  $ccnt = mysqli_num_rows($cs);
+  if($ccnt == '0') {
+    $_SESSION['m5'] = "ef_hef";
+    header("location: /forgot");
+    exit();
+  }
+  $crs = mysqli_fetch_assoc($cs);
+  $rs_tstamp = $crs['tstamp'];
+  $rs_uqid = $crs['uqid'];
+  $rs_username = $crs['username'];
+  $rs_email = $crs['email_secure'];
+  # MAKE SURE LINK HASN'T REACHED ONE HOUR EXPIRE LIMIT
+  $tttstamp = $rs_tstamp + 3600;
+  if($tstamp >= $tttstamp) {
+    $dp = mysqli_query($conx, "DELETE FROM forgot_password WHERE email_secure='$rs_email'");
+    $_SESSION['m5'] = "ef_hef";
+    header("location: /forgot");
+    exit();
+  }
+}
+else {
+  header("location: /forgot");
+  exit();
+}
+?>
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Misdew</title>
+  <meta charset="utf-8">
+  <meta name="description" content="We are a fairly cool social network.">
+  <meta name="keywords" content="Misdew, MD, Social, Network, Communication, 3DS, DSi, Nintendo">
+  <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
+  <meta name="google" value="notranslate">
+  <meta name="theme-color" content="#a64ca6">
+  <link rel="stylesheet" type="text/css" href="/css/consistent.css">
+  <link rel="icon" type="image/png" href="/img/favicon.png">
+  <link rel="apple-touch-icon" href="/img/logo.png">
+</head>
+<body>
+  <center>
+    <?php
+    $back_button = true;
+    $linebreak = true;
+    require_once("../inc/header.php");
+    // possible session messages
+    if (isset($_SESSION['m3']) == 'all_req') {
+      echo "<div class=\"error_msg\">All fields are required.</div> <br>";
+      unset($_SESSION['m3']);
+    }
+    elseif (isset($_SESSION['m']) == 'p_dnm') {
+      echo "<div class=\"error_msg\">The passwords you entered did not match.</div> <br>";
+      unset($_SESSION['m']);
+    }
+    else {
+      echo "<div class=\"error_msg\">Enter a new password for your account.</div> <br>";
+    }
+    session_destroy();
+    ?>
+    <form action="r.php?k=<?php echo $resetid_p; ?>" method="post" autocomplete="off">
+      <table class="form_tble">
+        <tr>
+          <td>
+            <input name="newpass" type="password" placeholder="password" class="form_input">
+          </td>
+        </tr>
+        <tr>
+          <td>
+            <input name="confnewpass" type="password" placeholder="confirm password" class="form_input">
+          </td>
+        </tr>
+        <tr>
+          <td class="form_tdpad">
+            <input type="submit" value="reset" class="form_submit">
+          </td>
+        </tr>
+      </table>
+    </form>
+    <table class="form_btap" onclick="window.location='/';">
+      <tr>
+        <td>
+          tap to login
+        </td>
+      </tr>
+    </table> <br>
+    <?php
+    require_once("../inc/footer.php");
+    ?>
+  </center>
+</body>
+</html>