From 0252006eb1835737574fe26cc744a8778ef5aaf9 Mon Sep 17 00:00:00 2001
From: slawkens <slawkens@gmail.com>
Date: Fri, 19 Apr 2019 23:56:36 +0200
Subject: [PATCH] * Install: create admin account: ask for e-mail + character
 name

---
 TODO                                     |  1 -
 install/index.php                        | 33 +++++++++++++++++++++---
 install/steps/6-admin.php                |  7 ++++-
 install/steps/7-finish.php               | 16 +++++++-----
 system/locale/en/install.php             | 10 +++++++
 system/locale/pl/install.php             | 12 ++++++++-
 system/templates/install.admin.html.twig | 16 ++++++------
 7 files changed, 73 insertions(+), 22 deletions(-)

diff --git a/TODO b/TODO
index 51954fba..62626cec 100644
--- a/TODO
+++ b/TODO
@@ -13,7 +13,6 @@
 	* create account: create character
 	* csrf token protection
 	* guild wars support like in Gesior
-	* Install: create admin account: e-mail + Nazwa postaci
 	* move lostaccount.php to Twig
 
 1.0
diff --git a/install/index.php b/install/index.php
index 11471db7..54dc7145 100644
--- a/install/index.php
+++ b/install/index.php
@@ -120,11 +120,24 @@ else if($step == 'admin') {
 	}
 }
 else if($step == 'finish') {
-	// password
+	$email = $_SESSION['var_email'];
 	$password = $_SESSION['var_password'];
+	$player_name = $_SESSION['var_player_name'];
 
+	// email check
+	if(empty($email)) {
+		$errors[] = $locale['step_admin_email_error_empty'];
+	}
+	else if(!Validator::email($email)) {
+		$errors[] = $locale['step_admin_email_error_format'];
+	}
+
+	// account check
 	if(isset($_SESSION['var_account'])) {
-		if(!Validator::accountName($_SESSION['var_account'])) {
+		if(empty($_SESSION['var_account'])) {
+			$errors[] = $locale['step_admin_account_error_empty'];
+		}
+		else if(!Validator::accountName($_SESSION['var_account'])) {
 			$errors[] = $locale['step_admin_account_error_format'];
 		}
 		else if(strtoupper($_SESSION['var_account']) == strtoupper($password)) {
@@ -132,7 +145,10 @@ else if($step == 'finish') {
 		}
 	}
 	else if(isset($_SESSION['var_account_id'])) {
-		if(!Validator::accountId($_SESSION['var_account_id'])) {
+		if(empty($_SESSION['var_account_id'])) {
+			$errors[] = $locale['step_admin_account_id_error_empty'];
+		}
+		else if(!Validator::accountId($_SESSION['var_account_id'])) {
 			$errors[] = $locale['step_admin_account_id_error_format'];
 		}
 		else if($_SESSION['var_account_id'] == $password) {
@@ -140,6 +156,7 @@ else if($step == 'finish') {
 		}
 	}
 
+	// password check
 	if(empty($password)) {
 		$errors[] = $locale['step_admin_password_error_empty'];
 	}
@@ -147,6 +164,14 @@ else if($step == 'finish') {
 		$errors[] = $locale['step_admin_password_error_format'];
 	}
 
+	// player name check
+	if(empty($player_name)) {
+		$errors[] = $locale['step_admin_player_name_error_empty'];
+	}
+	else if(!Validator::characterName($player_name)) {
+		$errors[] = $locale['step_admin_player_name_error_format'];
+	}
+
 	if(!empty($errors)) {
 		$step = 'admin';
 	}
@@ -196,4 +221,4 @@ else {
 
 // render
 require 'template/template.php';
-//$_SESSION['laststep'] = $step;
\ No newline at end of file
+//$_SESSION['laststep'] = $step;
diff --git a/install/steps/6-admin.php b/install/steps/6-admin.php
index 290e0561..e410fc93 100644
--- a/install/steps/6-admin.php
+++ b/install/steps/6-admin.php
@@ -9,11 +9,16 @@ if(!$error) {
 		error($database_error);
 	}
 
+	$account = 'account';
+	if(!USE_ACCOUNT_NAME) {
+		$account = 'account_id';
+	}
+
 	$twig->display('install.admin.html.twig', array(
 		'locale' => $locale,
 		'session' => $_SESSION,
+		'account' => $account,
 		'errors' => isset($errors) ? $errors : null,
 		'buttons' => next_buttons(true, $error ? false : true)
 	));
 }
-?>
\ No newline at end of file
diff --git a/install/steps/7-finish.php b/install/steps/7-finish.php
index e026ff68..795a88f6 100644
--- a/install/steps/7-finish.php
+++ b/install/steps/7-finish.php
@@ -28,13 +28,14 @@ else {
 		else
 			$account_db->load($account_id);
 
+		$player_name = $_SESSION['var_player_name'];
 		$player_db = new OTS_Player();
-		$player_db->find('Admin');
-		$groups = new OTS_Groups_List();
+		$player_db->find($player_name);
+
 		if(!$player_db->isLoaded())
 		{
 			$player = new OTS_Player();
-			$player->setName('Admin');
+			$player->setName($player_name);
 
 			$player_used = &$player;
 		}
@@ -42,11 +43,13 @@ else {
 			$player_used = &$player_db;
 		}
 
+		$groups = new OTS_Groups_List();
 		$player_used->setGroupId($groups->getHighestId());
 
+		$email = $_SESSION['var_email'];
 		if($account_db->isLoaded()) {
 			$account_db->setPassword(encrypt($password));
-			$account_db->setEMail($_SESSION['var_mail_admin']);
+			$account_db->setEMail($email);
 			$account_db->save();
 
 			$account_used = &$account_db;
@@ -61,7 +64,7 @@ else {
 			}
 
 			$new_account->setPassword(encrypt($password));
-			$new_account->setEMail($_SESSION['var_mail_admin']);
+			$new_account->setEMail($email);
 
 			$new_account->unblock();
 			$new_account->save();
@@ -101,7 +104,7 @@ else {
 		}
 
 		$player_id = 0;
-		$query = $db->query("SELECT `id` FROM `players` WHERE `name` = " . $db->quote('Admin') . ";");
+		$query = $db->query("SELECT `id` FROM `players` WHERE `name` = " . $db->quote($player_name) . ";");
 		if($query->rowCount() == 1) {
 			$query = $query->fetch();
 			$player_id = $query['id'];
@@ -146,4 +149,3 @@ else {
 		}
 	}
 }
-?>
\ No newline at end of file
diff --git a/system/locale/en/install.php b/system/locale/en/install.php
index 778896b0..ac08b243 100644
--- a/system/locale/en/install.php
+++ b/system/locale/en/install.php
@@ -91,18 +91,28 @@ $locale['step_database_created_news'] = 'Newses has been created...';
 // admin account
 $locale['step_admin'] = 'Admin Account';
 $locale['step_admin_title'] = 'Create Admin Account';
+$locale['step_admin_email'] = 'Admin E-Mail address';
+$locale['step_admin_email_desc'] = 'E-Mail of your admin account, which can be used to reset the password.';
+$locale['step_admin_email_error_empty'] = 'Please enter the E-Mail address for your new account.';
+$locale['step_admin_email_error_format'] = 'Invalid E-Mail format.';
 $locale['step_admin_account'] = 'Admin account name';
 $locale['step_admin_account_desc'] = 'Name of your admin account, which will be used to login to website and server.';
+$locale['step_admin_account_error_empty'] = 'Please enter the account name.';
 $locale['step_admin_account_error_format'] = 'Invalid account name format. Use only a-Z and numbers 0-9. Minimum 3, maximum 32 characters.';
 $locale['step_admin_account_error_same'] = 'Password may not be the same as account name.';
 $locale['step_admin_account_id'] = 'Admin account number';
 $locale['step_admin_account_id_desc'] = 'Number of your admin account, which will be used to login to website and server.';
+$locale['step_admin_account_id_error_empty'] = 'Please enter the account number.';
 $locale['step_admin_account_id_error_format'] = 'Invalid account number format. Please use only numbers 0-9. Minimum 6, maximum 10 characters.';
 $locale['step_admin_account_id_error_same'] = 'Password may not be the same as account number.';
 $locale['step_admin_password'] = 'Admin account password';
 $locale['step_admin_password_desc'] = 'Password to your admin account.';
 $locale['step_admin_password_error_empty'] = 'Please enter the password for your new account.';
 $locale['step_admin_password_error_format'] = 'Invalid password format. Use only a-Z and numbers 0-9. Minimum 8, maximum 30 characters.';
+$locale['step_admin_player_name'] = 'Admin player name';
+$locale['step_admin_player_name_desc'] = 'Name of your admin character.';
+$locale['step_admin_player_name_error_empty'] = 'Please enter the name of your character.';
+$locale['step_admin_player_name_error_format'] = 'Invalid player name format. Use only A-Z, spaces and \'. Minimum 3, maximum 25 characters.';
 
 // finish
 $locale['step_finish_admin_panel'] = 'Admin Panel';
diff --git a/system/locale/pl/install.php b/system/locale/pl/install.php
index 91d49eb1..87b90d30 100644
--- a/system/locale/pl/install.php
+++ b/system/locale/pl/install.php
@@ -87,18 +87,28 @@ $locale['step_database_created_news'] = 'Utworzono newsy...';
 // admin account
 $locale['step_admin'] = 'Konto Admina';
 $locale['step_admin_title'] = 'Tworzenie Konta Admina';
+$locale['step_admin_email'] = 'Adres E-Mail Admina';
+$locale['step_admin_email_desc'] = 'E-Mail do Twojego konta admina, który może zostać użyty do przypomnienia hasła.';
+$locale['step_admin_email_error_empty'] = 'Proszę podać adres E-Mail do nowego konta.';
+$locale['step_admin_email_error_format'] = 'Niepoprawny format adresu E-Mail.';
 $locale['step_admin_account'] = 'Nazwa Konta Admina';
 $locale['step_admin_account_desc'] = 'Nazwa Twojego konta admina, która będzie używana do logowania na stronę i do serwera.';
+$locale['step_admin_account_error_empty'] = 'Proszę podać nazwę konta.';
 $locale['step_admin_account_error_format'] = 'Nieprawidłowy format nazwy konta. Używaj tylko znaków a-Z oraz liczb 0-9. Minimum 3, maksimum 32 znaków.';
 $locale['step_admin_account_error_same'] = 'Hasło nie może być takie same jak nazwa konta.';
 $locale['step_admin_account_id'] = 'Numer Konta Admina';
 $locale['step_admin_account_id_desc'] = 'Numer Twojego Konta Admina, który będzie używany do logowania do strony i na serwer.';
+$locale['step_admin_account_id_error_empty'] = 'Proszę podać numer konta.';
 $locale['step_admin_account_id_error_format'] = 'Nieprawidłowy format numeru konta. Używaj tylko liczb 0-9. Minimum 6, maksimum 10 znaków.';
 $locale['step_admin_account_id_error_same'] = 'Hasło nie może być takie same jak numer konta.';
 $locale['step_admin_password'] = 'Hasło Konta Admina';
 $locale['step_admin_password_desc'] = 'Hasło do Twojego Konta Admina.';
 $locale['step_admin_password_error_empty'] = 'Proszę podać hasło do Twojego nowego konta.';
-$locale['step_admin_password_error_format'] = 'Nieprawidłowy format hasła. Używaj tylko znaków a-Z oraz liczb 0-9. Minimum 8, maksimum 30 characters.';
+$locale['step_admin_password_error_format'] = 'Nieprawidłowy format hasła. Używaj tylko znaków a-Z oraz liczb 0-9. Minimum 8, maksimum 30 znaków.';
+$locale['step_admin_player_name'] = 'Nazwa postaci';
+$locale['step_admin_player_name_desc'] = 'Nazwa postaci Konta Admina.';
+$locale['step_admin_player_name_error_empty'] = 'Proszę podać nazwę postaci.';
+$locale['step_admin_player_name_error_format'] = 'Niepoprawny format nazwy postaci. Używaj tylko znaków A-Z, spacji oraz \'. Minimum 3, maksimum 25 znaków.';
 
 // finish
 $locale['step_finish_admin_panel'] = 'Panelu Admina';
diff --git a/system/templates/install.admin.html.twig b/system/templates/install.admin.html.twig
index 07e94dde..42b49c41 100644
--- a/system/templates/install.admin.html.twig
+++ b/system/templates/install.admin.html.twig
@@ -1,13 +1,13 @@
+<style>
+	tr, td {
+		border-bottom: 1px solid #ddd;
+		padding: 15px;
+	}
+</style>
 <form action="{{ constant('BASE_URL') }}install/" method="post" autocomplete="off">
 	<input type="hidden" name="step" id="step" value="finish" />
 	<table>
-		{% if constant('USE_ACCOUNT_NAME') %}
-		{% set type = 'account' %}
-		{% else %}
-		{% set type = 'account_id' %}
-		{% endif %}
-
-		{% for value in [type, 'password'] %}
+		{% for value in ['email', account, 'password', 'player_name'] %}
 		<tr>
 			<td>
 				<label for="vars_{{ value }}">
@@ -29,4 +29,4 @@
 		{% endfor %}
 	{% endif %}
 	{{ buttons|raw }}
-</form>
\ No newline at end of file
+</form>