diff --git a/system/pages/account/lost/base.php b/system/pages/account/lost/base.php index 6a4cda32..2a0efe9e 100644 --- a/system/pages/account/lost/base.php +++ b/system/pages/account/lost/base.php @@ -1,8 +1,10 @@ " . escapeHtml($nick) . ") received e-mail in last $timeRounded minutes. You must wait $timeLeft before you can use Lost Account Interface again."; + $twig->display('error_box.html.twig', [ + 'errors' => ["Account of selected character (" . escapeHtml($nick) . ") received e-mail in last $timeRounded minutes. You must wait $timeLeft before you can use Lost Account Interface again."] + ]); } diff --git a/system/pages/account/lost/email/send-code.php b/system/pages/account/lost/email/send-code.php index a190e23c..a9f68fdf 100644 --- a/system/pages/account/lost/email/send-code.php +++ b/system/pages/account/lost/email/send-code.php @@ -32,7 +32,11 @@ if($account->isLoaded()) { $account->setCustomField('email_code', $newCode); $account->setCustomField('email_next', (time() + setting('core.mail_lost_account_interval'))); - echo '
Details about steps required to recover your account has been sent to ' . $accountEMail . '. You should receive this email within 15 minutes. Please check your inbox/spam directory.'; + $twig->display('success.html.twig', [ + 'title' => 'Email has been sent', + 'description' => 'Details about steps required to recover your account has been sent to ' . $accountEMail . '. You should receive this email within 15 minutes. Please check your inbox/spam directory.', + 'custom_buttons' => '', + ]); } else { $account->setCustomField('email_next', (time() + 60)); @@ -40,19 +44,25 @@ if($account->isLoaded()) { } } else { - echo 'Invalid e-mail to account of character ' . htmlspecialchars($nick) . '. Try again.'; + $errors[] = 'Invalid e-mail to account of character ' . escapeHtml($nick) . '. Try again.'; } } else { - echo lostAccountCooldown($nick, (int)$account->getCustomField('email_next')); + lostAccountWriteCooldown($nick, (int)$account->getCustomField('email_next')); } } else { - echo "Player or account of player " . htmlspecialchars($nick) . " doesn't exist."; + $errors[] = "Player or account of player " . escapeHtml($nick) . " doesn't exist."; +} + +if (!empty($errors)) { + $twig->display('error_box.html.twig', [ + 'errors' => $errors, + ]); } $twig->display('account.back_button.html.twig', [ 'new_line' => true, 'center' => true, - 'action' => getLink('account/lost') . '?action=step1&action_type=email&nick=' . urlencode($nick), + 'action' => getLink('account/lost/step-1') . '?action=email&nick=' . urlencode($nick), ]); diff --git a/system/pages/account/lost/email/set-new-password.php b/system/pages/account/lost/email/set-new-password.php index 11fb3807..e475c6db 100644 --- a/system/pages/account/lost/email/set-new-password.php +++ b/system/pages/account/lost/email/set-new-password.php @@ -10,67 +10,71 @@ $code = $_REQUEST['code']; $character = stripslashes($_REQUEST['character']); if(empty($code) || empty($character) || empty($newPassword)) { - echo 'Error. Try again.
Please enter code from e-mail and name of one character from account. Then press Submit.
'; + $errors[] = 'Please enter code from e-mail and name of one character from account. Then press Submit.'; + + $twig->display('error_box.html.twig', [ + 'errors' => $errors, + ]); $twig->display('account.back_button.html.twig', [ 'new_line' => true, 'center' => true, 'action' => getLink('account/lost/check-code') ]); + + return; } -else -{ - $player = new OTS_Player(); - $account = new OTS_Account(); - $player->find($character); - if($player->isLoaded()) { - $account = $player->getAccount(); - } - if($account->isLoaded()) { - if($account->getCustomField('email_code') == $code) { - if(Validator::password($newPassword)) { - $tmp_new_pass = $newPassword; - if(USE_ACCOUNT_SALT) { - $salt = generateRandomString(10, false, true, true); - $tmp_new_pass = $salt . $newPassword; - $account->setCustomField('salt', $salt); - } +$player = new OTS_Player(); +$account = new OTS_Account(); +$player->find($character); +if($player->isLoaded()) { + $account = $player->getAccount(); +} - $account->setPassword(encrypt($tmp_new_pass)); - $account->save(); - $account->setCustomField('email_code', ''); +if($account->isLoaded()) { + if($account->getCustomField('email_code') == $code) { + if(Validator::password($newPassword)) { + $tmp_new_pass = $newPassword; + if(USE_ACCOUNT_SALT) { + $salt = generateRandomString(10, false, true, true); + $tmp_new_pass = $salt . $newPassword; + $account->setCustomField('salt', $salt); + } - $mailBody = $twig->render('mail.account.lost.new-password.html.twig', [ - 'account' => $account, - 'newPassword' => $newPassword, - ]); + $account->setPassword(encrypt($tmp_new_pass)); + $account->save(); + $account->setCustomField('email_code', ''); - $statusMsg = ''; - if(_mail($account->getCustomField('email'), configLua('serverName') . ' - Your new password', $mailBody)) { - $statusMsg = '
New password work! Sent e-mail with your password and account name. You should receive this e-mail in 15 minutes. You can login now with new password!'; - } - else { - $statusMsg = '

New password work! An error occurred while sending email! You will not receive e-mail with new password. For Admin: More info can be found in system/logs/mailer-error.log'; - } + $mailBody = $twig->render('mail.account.lost.new-password.html.twig', [ + 'account' => $account, + 'newPassword' => $newPassword, + ]); - $twig->display('account/lost/finish.new-password.html.twig', [ - 'statusMsg' => $statusMsg, - 'newPassword' => $newPassword, - ]); + $statusMsg = ''; + if(_mail($account->getCustomField('email'), configLua('serverName') . ' - Your new password', $mailBody)) { + $statusMsg = '
New password work! Sent e-mail with your password and account name. You should receive this e-mail in 15 minutes. You can login now with new password!'; } else { - $error = Validator::getLastError(); + $statusMsg = '

New password work! An error occurred while sending email! You will not receive e-mail with new password. For Admin: More info can be found in system/logs/mailer-error.log'; } + + $twig->display('account/lost/finish.new-password.html.twig', [ + 'statusMsg' => $statusMsg, + 'newPassword' => $newPassword, + ]); } else { - $error = 'Wrong code to change password.'; + $error = Validator::getLastError(); } } else { - $error = "Account of this character or this character doesn't exist."; + $error = 'Wrong code to change password.'; } } +else { + $error = "Account of this character or this character doesn't exist."; +} if(!empty($error)) { $twig->display('error_box.html.twig', [ diff --git a/system/pages/account/lost/email/step-1.php b/system/pages/account/lost/email/step-1.php index bed98a90..d7d82830 100644 --- a/system/pages/account/lost/email/step-1.php +++ b/system/pages/account/lost/email/step-1.php @@ -14,11 +14,17 @@ if($account->isLoaded()) { ]); } else { - echo lostAccountCooldown($nick, (int)$account->getCustomField('email_next')); + lostAccountWriteCooldown($nick, (int)$account->getCustomField('email_next')); } } else { - echo "Player or account of player " . escapeHtml($nick) . " doesn't exist."; + $errors[] = "Player or account of player " . escapeHtml($nick) . " doesn't exist."; +} + +if (!empty($errors)) { + $twig->display('error_box.html.twig', [ + 'errors' => $errors, + ]); } $twig->display('account.back_button.html.twig', [ diff --git a/system/pages/account/lost/recovery-key/step-1.php b/system/pages/account/lost/recovery-key/step-1.php index e29a1004..015a455d 100644 --- a/system/pages/account/lost/recovery-key/step-1.php +++ b/system/pages/account/lost/recovery-key/step-1.php @@ -14,11 +14,17 @@ if($account->isLoaded()) { ]); } else { - echo 'Account of this character has no recovery key!'; + $errors[] = 'Account of this character has no recovery key!'; } } else { - echo "Player or account of player " . escapeHtml($nick) . " doesn't exist."; + $errors[] = "Player or account of player " . escapeHtml($nick) . " doesn't exist."; +} + +if (!empty($errors)) { + $twig->display('error_box.html.twig', [ + 'errors' => $errors, + ]); } $twig->display('account.back_button.html.twig', [ diff --git a/system/pages/account/lost/recovery-key/step-2.php b/system/pages/account/lost/recovery-key/step-2.php index 375040b7..5fe7f1ef 100644 --- a/system/pages/account/lost/recovery-key/step-2.php +++ b/system/pages/account/lost/recovery-key/step-2.php @@ -5,7 +5,7 @@ csrfProtect(); $title = 'Lost Account'; -$recKey = trim($_REQUEST['key']); +$key = trim($_REQUEST['key']); $nick = stripslashes($_REQUEST['nick']); $player = new OTS_Player(); @@ -18,25 +18,31 @@ if($player->isLoaded()) { if($account->isLoaded()) { $accountKey = $account->getCustomField('key'); if(!empty($accountKey)) { - if($accountKey == $recKey) { - $twig->display('account/lost/step2.html.twig', [ + if($accountKey == $key) { + $twig->display('account/lost/recovery-key.step-2.html.twig', [ 'nick' => $nick, - 'recKey' => $recKey, + 'key' => $key, ]); } else { - echo 'Wrong recovery key!'; + $errors[] = 'Wrong recovery key!'; } } else { - echo 'Account of this character has no recovery key!'; + $errors[] = 'Account of this character has no recovery key!'; } } else - echo "Player or account of player " . escapeHtml($nick) . " doesn't exist."; + $errors[] = "Player or account of player " . escapeHtml($nick) . " doesn't exist."; + +if (!empty($errors)) { + $twig->display('error_box.html.twig', [ + 'errors' => $errors, + ]); +} $twig->display('account.back_button.html.twig', [ 'new_line' => true, 'center' => true, - 'action' => getLink('account/lost') . '?action=step1&action_type=reckey&nick=' . urlencode($nick), + 'action' => getLink('account/lost/step-1') . '?action=recovery-key&nick=' . urlencode($nick), ]); diff --git a/system/pages/account/lost/recovery-key/step-3.php b/system/pages/account/lost/recovery-key/step-3.php index ed3f7435..f066b8bd 100644 --- a/system/pages/account/lost/recovery-key/step-3.php +++ b/system/pages/account/lost/recovery-key/step-3.php @@ -5,7 +5,7 @@ csrfProtect(); $title = 'Lost Account'; -$recKey = trim($_REQUEST['key']); +$key = trim($_REQUEST['key']); $nick = stripslashes($_REQUEST['nick']); $newPassword = trim($_REQUEST['passor']); $newEmail = trim($_REQUEST['email']); @@ -21,7 +21,7 @@ if($account->isLoaded()) { $accountKey = $account->getCustomField('key'); if(!empty($accountKey)) { - if($accountKey == $recKey) { + if($accountKey == $key) { if(Validator::password($newPassword)) { if(Validator::email($newEmail)) { $account->setEMail($newEmail); @@ -48,7 +48,7 @@ if($account->isLoaded()) { 'newEmail' => $newEmail, ]); - if(_mail($account->getCustomField('email'), $config['lua']['serverName']." - New password to your account", $mailBody)) { + if(_mail($account->getCustomField('email'), configLua('serverName') . ' - New password to your account', $mailBody)) { $statusMsg = '
Sent e-mail with your account name and password to new e-mail. You should receive this e-mail in 15 minutes. You can login now with new password!'; } else { @@ -67,27 +67,33 @@ if($account->isLoaded()) { ]); } else { - echo Validator::getLastError(); + $errors[] = Validator::getLastError(); } } else { - echo Validator::getLastError(); + $errors[] = Validator::getLastError(); } } else { - echo 'Wrong recovery key!'; + $errors[] = 'Wrong recovery key!'; } } else { - echo 'Account of this character has no recovery key!'; + $errors[] = 'Account of this character has no recovery key!'; } } else { - echo "Player or account of player " . escapeHtml($nick) . " doesn't exist."; + $errors[] = "Player or account of player " . escapeHtml($nick) . " doesn't exist."; +} + +if (!empty($errors)) { + $twig->display('error_box.html.twig', [ + 'errors' => $errors, + ]); } $twig->display('account.back_button.html.twig', [ 'new_line' => true, 'center' => true, - 'action' => getLink('account/lost') . '?action=step1&action_type=reckey&nick=' . urlencode($nick), + 'action' => getLink('account/lost/step-1') . '?action=recovery-key&nick=' . urlencode($nick), ]); diff --git a/system/templates/account/lost/recovery-key.step-2.html.twig b/system/templates/account/lost/recovery-key.step-2.html.twig new file mode 100644 index 00000000..0853a62c --- /dev/null +++ b/system/templates/account/lost/recovery-key.step-2.html.twig @@ -0,0 +1,71 @@ +Set new password and e-mail to your account.
+

+ + {{ csrf() }} + + + + + + + + + + + + + + + + + +
+ Please enter new password and e-mail +
+ + + + + + + + + + + + + + + + + + +
+ + + +
+ + + +
+ + + +
+ + + +
+ +
+
+ + + + +
+ {% set button_name = 'Submit' %} + {% include('buttons.base.html.twig') %} +
+ diff --git a/system/templates/account/lost/step2.html.twig b/system/templates/account/lost/step2.html.twig deleted file mode 100644 index c1a229c2..00000000 --- a/system/templates/account/lost/step2.html.twig +++ /dev/null @@ -1,35 +0,0 @@ -Set new password and e-mail to your account.
-
- - - - - - - - - - - - - - -
- Please enter new password and e-mail -
- Account of character:  
- New password:            
- Repeat new password:  
- New e-mail address:     
- -
-
- - - - -
- {% set button_name = 'Submit' %} - {% include('buttons.base.html.twig') %} -
-