hbbs

bbs.hlirc.net
Log | Files | Refs | README | LICENSE
commit 06e74a5afa8523b7449ae4aa5ceb7f0c9d80f753
parent 637842333364948dcdff6f09cc1de276bf8c5a5c
Author: hhvn <hayden@haydenvh.com>
Date:   Wed,  3 Feb 2021 00:05:07 +0000

bin/login.sh config.sh: add email-based account recovery

Diffstat:

Mbin/login.sh | 45+++++++++++++++++++++++++++++++++++++--------


Mconfig.sh | 1+


2 files changed, 38 insertions(+), 8 deletions(-)

diff --git a/bin/login.sh b/bin/login.sh
@@ -14,7 +14,6 @@ login(){
 	[ "$user" = "new" ] && {
 		[ "$(get_log "create_account" | grep -v "localhost" | grep "${REMOTE_HOST:-localhost}")" != "" ] && {
 			error "you have already created an account today"
-			anykey
 			return 1
 		}
 		clear
@@ -30,7 +29,6 @@ login(){
 		user=$(echo "$user" | cut -c-10)
 		[ "$origuser" != "$user" ] && info "username truncated to: $user"
 		checknuser "$user" 2>/dev/null || {
-			anykey
 			return 1
 		}
 		info "Password must be atleast 8 characters long"
@@ -38,12 +36,10 @@ login(){
 		prompt "passwd" passwd
 		echo "$passwd" | grep '........' >/dev/null || {
 			error "password too short"
-			anykey
 			return 1
 		}
 		prompt "email" email
 		checknmail "$email" || {
-			anykey
 			return 1
 		}
 		[ "$verify_email" = "yes" ] && {
@@ -69,10 +65,43 @@ login(){
 		[ "$verify_email" = "yes" ] && info "Your account expires in 2 days unless verified"
 		echo "Login to your account"
 		echo
-		anykey
 		return 1
-	} || {
-		prompt "passwd" passwd
-		check "$user" "$(echo "$passwd" | sha512sum)"
 	}
+
+	[ "$user" = "recover" ] && {
+		[ "$recover_email" != "yes" ] && {
+			error "email-based account recovery disabled"
+			return 1
+		}
+		[ "$(get_log "recover_account" | grep "^$user$")" != "" ] && {
+			error "you have already attempted to recover an account today"
+			info "if you haven't received your recovery email yet, the mail server is still attmepting to resend it"
+			return 1
+		}
+		clear
+		echo "Recovery"
+		echo
+		prompt "user" user
+		user=$(echo "$user" | tr -dc 'a-z0-9' | cut -c-10)
+		[ ! -f $datadir/users/$user ] && {
+			error "no such user"
+			return 1
+		}
+		passwd=$(head -n 5 /dev/urandom | base64 | tr -d '\n' | cut -c-30)
+		(
+			echo "This is the bbs auto-mailer"
+			echo
+			echo "Your new passwd is:"
+			echo "$passwd"
+			echo
+			echo "If this message is not intended for you, please ignore it"
+		) | mail -s "$bbs_addr password recovery" -r "$email_addr" -- "$(userget "$user" email)"
+		userset "$user" "passwd" "$(echo "$passwd" | sha512sum)"
+		add_log "recover_account" "$user"
+		ok "sent recovery email to $(userget "$user" email)"
+		return 1
+	}
+
+	prompt "passwd" passwd
+	check "$user" "$(echo "$passwd" | sha512sum)"
 }
diff --git a/config.sh b/config.sh
@@ -35,6 +35,7 @@ num___colour=23
 key___colour=12
 date__colour=9
 verify_email=no
+recover_email=yes # send emails with recovery passwords
 
 # If you used the makefile, you should 
 # be able to include /etc/xinet.d/hbbs