Added OTP Handling

www/index.php

@@ -179,6 +179,36 @@
 		$query = "select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or
 						`password`=password('$pword')) and `verified`=1 and `deleted`=0 and `locked`=0";
 		$res = mysql_query($query);
+		if(mysql_num_rows($res) <= 0)
+		{
+			$otpquery = "select * from `users` where `email`='$email' and `otphash`!='' and `otppin`!='' and
+										`verified`=1 and `deleted`=0 and `locked`=0";
+			$otpres = mysql_query($otpquery);
+			if(mysql_num_rows($otpres) > 0)
+			{
+				$otp = mysql_fetch_assoc($otpres);
+				$otphash = $otp['otphash'];
+				$otppin = $otp['otppin'];
+				$matchperiod = 3 * 6;
+				$time = round(gmdate("U") / 10);
+
+				$query = "delete from `otphashes` where UNIX_TIMESTAMP(`when`) <= UNIX_TIMESTAMP(NOW()) - 1800";
+				mysql_query($query);
+
+				$query = "select * from `otphashes` where `username`='$email' and `otp`='$pword'";
+				if(mysql_num_rows(mysql_query($query)) <= 0)
+				{
+					$query = "insert into `otphashes` set `when`=NOW(), `username`='$email', `otp`='$pword'";
+					mysql_query($query);
+					for($i = $time - $matchperiod; $i <= $time + $matchperiod * 2; $i++)
+					{
+						$md5 = substr(md5("$i$otphash$otppin"), 0, 6);
+						if($pword == $md5)
+							$res = mysql_query("select * from `users` where `email`='$email'");
+					}
+				}
+			}
+		}
 		if(mysql_num_rows($res) > 0)
 		{
 			$_SESSION['profile'] = "";
@@ -396,7 +426,7 @@
 							`A3`='".$_SESSION['signup']['A3']."',
 							`A4`='".$_SESSION['signup']['A4']."',
 							`A5`='".$_SESSION['signup']['A5']."',
-							`created`=NOW()";
+							`created`=NOW(), `uniqueID`=SHA1(CONCAT(NOW(),'$hash'))";
 			mysql_query($query);
 			$memid = mysql_insert_id();
 			$query = "insert into `email` set `email`='".$_SESSION['signup']['email']."',