mirror of
https://github.com/slawkens/myaac.git
synced 2025-11-02 08:56:24 +01:00
Merge branch 'main' into develop
This commit is contained in:
slawkens
@@ -17,6 +17,8 @@ if(!$logged) {
|
||||
return;
|
||||
}
|
||||
|
||||
csrfProtect();
|
||||
|
||||
$email_new_time = $account_logged->getCustomField("email_new_time");
|
||||
|
||||
if($email_new_time > 10) {
|
||||
@@ -164,7 +166,7 @@ if(isset($_POST['emailchangecancel']) && $_POST['emailchangecancel'] == 1) {
|
||||
$account_logged->setCustomField("email_new", "");
|
||||
$account_logged->setCustomField("email_new_time", 0);
|
||||
|
||||
$custom_buttons = '<div style="text-align:center"><table border="0" cellspacing="0" cellpadding="0" ><form action="' . getLink('account/manage') . '" method="post" ><tr><td style="border:0px;" >' . $twig->render('buttons.back.html.twig') . '</td></tr></form></table></div>';
|
||||
$custom_buttons = '<div style="text-align:center"><table border="0" cellspacing="0" cellpadding="0" ><form action="' . getLink('account/manage') . '" method="post" >' . csrf(true) . '<tr><td style="border:0px;" >' . $twig->render('buttons.back.html.twig') . '</td></tr></form></table></div>';
|
||||
|
||||
$twig->display('success.html.twig', array(
|
||||
'title' => 'Email Address Change Cancelled',
|
||||
|
||||
@@ -20,6 +20,8 @@ if(!$logged) {
|
||||
return;
|
||||
}
|
||||
|
||||
csrfProtect();
|
||||
|
||||
if(setting('core.account_country'))
|
||||
require SYSTEM . 'countries.conf.php';
|
||||
|
||||
|
||||
@@ -17,18 +17,19 @@ if(!$logged) {
|
||||
return;
|
||||
}
|
||||
|
||||
$new_password = $_POST['newpassword'] ?? NULL;
|
||||
$new_password_confirm = $_POST['newpassword_confirm'] ?? NULL;
|
||||
$old_password = $_POST['oldpassword'] ?? NULL;
|
||||
csrfProtect();
|
||||
|
||||
$new_password = $_POST['new_password'] ?? null;
|
||||
$new_password_confirm = $_POST['new_password_confirm'] ?? null;
|
||||
$old_password = $_POST['old_password'] ?? null;
|
||||
if(empty($new_password) && empty($new_password_confirm) && empty($old_password)) {
|
||||
$twig->display('account.change-password.html.twig');
|
||||
}
|
||||
else
|
||||
{
|
||||
else {
|
||||
if(empty($new_password) || empty($new_password_confirm) || empty($old_password)){
|
||||
$errors[] = 'Please fill in form.';
|
||||
}
|
||||
$password_strlen = strlen($new_password);
|
||||
|
||||
if($new_password != $new_password_confirm) {
|
||||
$errors[] = 'The new passwords do not match!';
|
||||
}
|
||||
@@ -39,10 +40,13 @@ else
|
||||
}
|
||||
|
||||
/** @var OTS_Account $account_logged */
|
||||
$old_password = encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $old_password);
|
||||
if($old_password != $account_logged->getPassword()) {
|
||||
$old_password_hashed = encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $old_password);
|
||||
if($old_password_hashed != $account_logged->getPassword()) {
|
||||
$errors[] = 'Current password is incorrect!';
|
||||
}
|
||||
else if ($old_password == $new_password) {
|
||||
$errors[] = 'The old password is same as the new password!';
|
||||
}
|
||||
|
||||
$hooks->trigger(HOOK_ACCOUNT_CHANGE_PASSWORD_POST);
|
||||
}
|
||||
|
||||
@@ -20,6 +20,8 @@ if(!$logged) {
|
||||
return;
|
||||
}
|
||||
|
||||
csrfProtect();
|
||||
|
||||
$player = null;
|
||||
$player_name = isset($_REQUEST['name']) ? stripslashes(urldecode($_REQUEST['name'])) : null;
|
||||
$new_comment = isset($_POST['comment']) ? htmlspecialchars(stripslashes(substr($_POST['comment'],0,2000))) : NULL;
|
||||
|
||||
@@ -17,6 +17,8 @@ if(!$logged) {
|
||||
return;
|
||||
}
|
||||
|
||||
csrfProtect();
|
||||
|
||||
$player_id = isset($_POST['player_id']) ? (int)$_POST['player_id'] : NULL;
|
||||
$name = isset($_POST['name']) ? stripslashes(ucwords(strtolower($_POST['name']))) : NULL;
|
||||
if((!setting('core.account_change_character_name')))
|
||||
|
||||
@@ -17,6 +17,8 @@ if(!$logged) {
|
||||
return;
|
||||
}
|
||||
|
||||
csrfProtect();
|
||||
|
||||
$sex_changed = false;
|
||||
$player_id = isset($_POST['player_id']) ? (int)$_POST['player_id'] : NULL;
|
||||
$new_sex = isset($_POST['new_sex']) ? (int)$_POST['new_sex'] : NULL;
|
||||
|
||||
@@ -20,6 +20,8 @@ if(!$logged) {
|
||||
return;
|
||||
}
|
||||
|
||||
csrfProtect();
|
||||
|
||||
$character_name = isset($_POST['name']) ? stripslashes($_POST['name']) : null;
|
||||
$character_sex = isset($_POST['sex']) ? (int)$_POST['sex'] : null;
|
||||
$character_vocation = isset($_POST['vocation']) ? (int)$_POST['vocation'] : null;
|
||||
|
||||
@@ -17,6 +17,8 @@ if(!$logged) {
|
||||
return;
|
||||
}
|
||||
|
||||
csrfProtect();
|
||||
|
||||
$player_name = isset($_POST['delete_name']) ? stripslashes($_POST['delete_name']) : null;
|
||||
$password_verify = isset($_POST['delete_password']) ? $_POST['delete_password'] : null;
|
||||
$password_verify = encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $password_verify);
|
||||
|
||||
@@ -9,6 +9,7 @@
|
||||
*/
|
||||
|
||||
use MyAAC\Models\Account;
|
||||
use MyAAC\Models\AccountEmailVerify;
|
||||
|
||||
defined('MYAAC') or die('Direct access not allowed!');
|
||||
|
||||
@@ -20,16 +21,20 @@ if(empty($hash)) {
|
||||
return;
|
||||
}
|
||||
|
||||
if(!Account::where('email_hash', $hash)->exists()) {
|
||||
note("Your email couldn't be verified. Please contact staff to do it manually.");
|
||||
// by default link is valid for 30 days
|
||||
$accountEmailVerify = AccountEmailVerify::where('hash', $hash)->where('sent_at', '>', time() - 30 * 24 * 60 * 60)->first();
|
||||
if(!$accountEmailVerify) {
|
||||
note("Wrong link or link has expired.");
|
||||
}
|
||||
else
|
||||
{
|
||||
$accountModel = Account::where('email_hash', $hash)->where('email_verified', 0)->first();
|
||||
$accountModel = Account::where('id', $accountEmailVerify->account_id)->where('email_verified', 0)->first();
|
||||
if ($accountModel) {
|
||||
$accountModel->email_verified = 1;
|
||||
$accountModel->save();
|
||||
|
||||
AccountEmailVerify::where('account_id', $accountModel->id)->delete();
|
||||
|
||||
success('You have now verified your e-mail, this will increase the security of your account. Thank you for doing this. You can now <a href=' . getLink('account/manage') . '>log in</a>.');
|
||||
|
||||
$account = new OTS_Account();
|
||||
@@ -39,6 +44,6 @@ else
|
||||
}
|
||||
}
|
||||
else {
|
||||
error('Link has expired.');
|
||||
error('Your account is already verified.');
|
||||
}
|
||||
}
|
||||
|
||||
@@ -10,6 +10,7 @@
|
||||
*/
|
||||
|
||||
use MyAAC\CreateCharacter;
|
||||
use MyAAC\Models\AccountEmailVerify;
|
||||
|
||||
defined('MYAAC') or die('Direct access not allowed!');
|
||||
$title = 'Create Account';
|
||||
@@ -23,6 +24,8 @@ if($logged)
|
||||
return;
|
||||
}
|
||||
|
||||
csrfProtect();
|
||||
|
||||
if(setting('core.account_create_character_create')) {
|
||||
$createCharacter = new CreateCharacter();
|
||||
}
|
||||
@@ -219,8 +222,19 @@ if($save)
|
||||
}
|
||||
}
|
||||
|
||||
if(setting('core.account_premium_points') && setting('core.account_premium_points') > 0) {
|
||||
$new_account->setCustomField('premium_points', setting('core.account_premium_points'));
|
||||
$accountDefaultPremiumPoints = setting('core.account_premium_points');
|
||||
if($accountDefaultPremiumPoints > 0) {
|
||||
$new_account->setCustomField('premium_points', $accountDefaultPremiumPoints);
|
||||
}
|
||||
|
||||
$accountDefaultCoins = setting('core.account_coins');
|
||||
if(HAS_ACCOUNT_COINS && $accountDefaultCoins > 0) {
|
||||
$new_account->setCustomField('coins', $accountDefaultCoins);
|
||||
}
|
||||
|
||||
$accountDefaultCoinsTransferable = setting('core.account_coins_transferable');
|
||||
if((HAS_ACCOUNT_COINS_TRANSFERABLE || HAS_ACCOUNT_TRANSFERABLE_COINS) && $accountDefaultCoinsTransferable > 0) {
|
||||
$new_account->setCustomField(ACCOUNT_COINS_TRANSFERABLE_COLUMN, $accountDefaultCoinsTransferable);
|
||||
}
|
||||
|
||||
$tmp_account = $email;
|
||||
@@ -231,7 +245,12 @@ if($save)
|
||||
if(setting('core.mail_enabled') && setting('core.account_mail_verify'))
|
||||
{
|
||||
$hash = md5(generateRandomString(16, true, true) . $email);
|
||||
$new_account->setCustomField('email_hash', $hash);
|
||||
|
||||
AccountEmailVerify::create([
|
||||
'account_id' => $new_account->getId(),
|
||||
'hash' => $hash,
|
||||
'sent_at' => time(),
|
||||
]);
|
||||
|
||||
$verify_url = getLink('account/confirm-email/' . $hash);
|
||||
$body_html = $twig->render('mail.account.verify.html.twig', array(
|
||||
@@ -255,8 +274,10 @@ if($save)
|
||||
}
|
||||
else
|
||||
{
|
||||
error('An error occorred while sending email! Account not created. Try again. For Admin: More info can be found in system/logs/mailer-error.log');
|
||||
error('An error occurred while sending email! Account not created. Try again. For Admin: More info can be found in system/logs/mailer-error.log');
|
||||
$new_account->delete();
|
||||
|
||||
return;
|
||||
}
|
||||
}
|
||||
else
|
||||
|
||||
@@ -18,6 +18,8 @@ if($logged || !isset($_POST['account_login']) || !isset($_POST['password_login']
|
||||
return;
|
||||
}
|
||||
|
||||
csrfProtect();
|
||||
|
||||
$login_account = $_POST['account_login'];
|
||||
$login_password = $_POST['password_login'];
|
||||
$remember_me = isset($_POST['remember_me']);
|
||||
@@ -46,7 +48,9 @@ if(!empty($login_account) && !empty($login_password))
|
||||
)
|
||||
{
|
||||
if (setting('core.account_mail_verify') && (int)$account_logged->getCustomField('email_verified') !== 1) {
|
||||
$errors[] = 'Your account is not verified. Please verify your email address. If the message is not coming check the SPAM folder in your E-Mail client.';
|
||||
$link = getLink('account/resend-email-verify');
|
||||
$errors[] = 'Your account is not verified. Please verify your email address. If the message is not coming check the SPAM folder in your E-Mail client.<br/>' .
|
||||
'You can resend the Email here: <a href="' . $link . '">' . $link . '</a>';
|
||||
} else {
|
||||
session_regenerate_id();
|
||||
setSession('account', $account_logged->getId());
|
||||
@@ -95,3 +99,8 @@ else {
|
||||
}
|
||||
|
||||
$hooks->trigger(HOOK_ACCOUNT_LOGIN_POST);
|
||||
|
||||
if($logged) {
|
||||
$twig->addGlobal('logged', true);
|
||||
$twig->addGlobal('account_logged', $account_logged);
|
||||
}
|
||||
|
||||
@@ -34,17 +34,28 @@ if(isset($_REQUEST['redirect']))
|
||||
return;
|
||||
}
|
||||
|
||||
csrfProtect();
|
||||
|
||||
$groups = new OTS_Groups_List();
|
||||
|
||||
$freePremium = isset($config['lua']['freePremium']) && getBoolean($config['lua']['freePremium']) || $account_logged->getPremDays() == OTS_Account::GRATIS_PREMIUM_DAYS;
|
||||
$dayOrDays = $account_logged->getPremDays() == 1 ? 'day' : 'days';
|
||||
/**
|
||||
* @var OTS_Account $account_logged
|
||||
*/
|
||||
if(!$account_logged->isPremium())
|
||||
$premDays = $account_logged->getPremDays();
|
||||
|
||||
$freePremium = isset($config['lua']['freePremium']) && getBoolean($config['lua']['freePremium']) || $premDays == OTS_Account::GRATIS_PREMIUM_DAYS;
|
||||
$dayOrDays = ($premDays == 1 ? 'day' : 'days');
|
||||
|
||||
$vipSystemEnabled = isset($config['lua']['vipSystemEnabled']) && getBoolean($config['lua']['vipSystemEnabled']);
|
||||
$premiumLabel = $vipSystemEnabled ? 'VIP' : 'Premium Account';
|
||||
|
||||
if ($freePremium && !$vipSystemEnabled) {
|
||||
$account_status = '<b><span style="color: green">Gratis Premium Account</span></b>';
|
||||
} else if(!$account_logged->isPremium()) {
|
||||
$account_status = '<b><span style="color: red">Free Account</span></b>';
|
||||
else
|
||||
$account_status = '<b><span style="color: green">' . ($freePremium ? 'Gratis Premium Account' : 'Premium Account, ' . $account_logged->getPremDays() . ' '.$dayOrDays.' left') . '</span></b>';
|
||||
} else {
|
||||
$account_status = '<b><span style="color: green">' . $premiumLabel . ', ' . $premDays . ' '.$dayOrDays.' left</span></b>';
|
||||
}
|
||||
|
||||
$recovery_key = $account_logged->getCustomField('key');
|
||||
if(empty($recovery_key))
|
||||
|
||||
@@ -1,23 +0,0 @@
|
||||
<?php
|
||||
/**
|
||||
* Change comment
|
||||
*
|
||||
* @package MyAAC
|
||||
* @author Gesior <jerzyskalski@wp.pl>
|
||||
* @author Slawkens <slawkens@gmail.com>
|
||||
* @copyright 2019 MyAAC
|
||||
* @link https://my-aac.org
|
||||
*/
|
||||
defined('MYAAC') or die('Direct access not allowed!');
|
||||
|
||||
$redirect = urldecode($_REQUEST['redirect']);
|
||||
|
||||
// should never happen, unless hacker modify the URL
|
||||
if (!str_contains($redirect, BASE_URL)) {
|
||||
error('Fatal error: Cannot redirect outside the website.');
|
||||
return;
|
||||
}
|
||||
|
||||
$twig->display('account.redirect.html.twig', array(
|
||||
'redirect' => $redirect
|
||||
));
|
||||
@@ -17,6 +17,8 @@ if(!$logged) {
|
||||
return;
|
||||
}
|
||||
|
||||
csrfProtect();
|
||||
|
||||
if(isset($_POST['reg_password']))
|
||||
$reg_password = encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $_POST['reg_password']);
|
||||
|
||||
|
||||
@@ -17,6 +17,8 @@ if(!$logged) {
|
||||
return;
|
||||
}
|
||||
|
||||
csrfProtect();
|
||||
|
||||
$_POST['reg_password'] = $_POST['reg_password'] ?? '';
|
||||
$reg_password = encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $_POST['reg_password']);
|
||||
$old_key = $account_logged->getCustomField("key");
|
||||
|
||||
94
system/pages/account/resend-email-verify.php
Normal file
94
system/pages/account/resend-email-verify.php
Normal file
@@ -0,0 +1,94 @@
|
||||
<?php
|
||||
|
||||
use MyAAC\Models\AccountEmailVerify;
|
||||
|
||||
defined('MYAAC') or die('Direct access not allowed!');
|
||||
|
||||
$title = 'Resend Email';
|
||||
|
||||
$errorWithBackButton = function ($msg) use ($twig) {
|
||||
$errors = [$msg];
|
||||
|
||||
$twig->display('error_box.html.twig', ['errors' => $errors]);
|
||||
$twig->display('account.back_button.html.twig', [
|
||||
'action' => getLink('account/resend-email-verify'),
|
||||
]);
|
||||
};
|
||||
|
||||
if (!setting('core.mail_enabled') || !setting('core.account_mail_verify')) {
|
||||
$errorWithBackButton('Resending email is not possible on this server.');
|
||||
return;
|
||||
}
|
||||
|
||||
$showForm = true;
|
||||
|
||||
if (isset($_POST['submit']) && $_POST['submit'] == '1') {
|
||||
$email = $_REQUEST['email'];
|
||||
|
||||
if (empty($email) || !filter_var($email, FILTER_VALIDATE_EMAIL)) {
|
||||
$errorWithBackButton('Please enter valid Email.');
|
||||
return;
|
||||
}
|
||||
|
||||
$account = new OTS_Account();
|
||||
$account->findByEMail($email);
|
||||
if ($account->isLoaded()) {
|
||||
if ($account->getCustomField('email_verified') == '1') {
|
||||
$errorWithBackButton('This account is already verified! You can <a href=' . getLink('account/manage') . '>log in</a> on the website.');
|
||||
return;
|
||||
}
|
||||
|
||||
$accountEmailVerify = AccountEmailVerify::where('account_id', $account->getId())->orderBy('sent_at', 'DESC')->first();
|
||||
if ($accountEmailVerify && time() - $accountEmailVerify->sent_at < 60) {
|
||||
$errorWithBackButton('Only one Email per minute is allowed. Please try again later.');
|
||||
return;
|
||||
}
|
||||
|
||||
$tmp_account = $email;
|
||||
if (!config('account_login_by_email')) {
|
||||
$tmp_account = (USE_ACCOUNT_NAME ? $account->getName() : $account->getId());
|
||||
}
|
||||
|
||||
$hash = md5(generateRandomString(16, true, true) . $email);
|
||||
|
||||
AccountEmailVerify::create([
|
||||
'account_id' => $account->getId(),
|
||||
'hash' => $hash,
|
||||
'sent_at' => time(),
|
||||
]);
|
||||
|
||||
$verify_url = getLink('account/confirm-email/' . $hash);
|
||||
$body_html = $twig->render('mail.account.resend-email-verify.html.twig', array(
|
||||
'account' => $tmp_account,
|
||||
'verify_url' => generateLink($verify_url, $verify_url, true)
|
||||
));
|
||||
|
||||
if (_mail($account->getEMail(), configLua('serverName') . ' - Verify Account', $body_html)) {
|
||||
$message = "If account with this email exists - you will become an email with verification link.";
|
||||
$showForm = false;
|
||||
} else {
|
||||
$message = "<p class='error'>An error occurred while sending email (<b>{$email}</b> )! Try again later. For Admin: More info can be found in system/logs/mailer-error.log</p>";
|
||||
}
|
||||
}
|
||||
else {
|
||||
$message = "<br />If account with this email exists - you will become an email with verification link.";
|
||||
$showForm = false;
|
||||
}
|
||||
|
||||
$twig->display('success.html.twig', array(
|
||||
'title' => 'Verify Email Sent',
|
||||
'description' => $message,
|
||||
));
|
||||
}
|
||||
|
||||
//show errors if not empty
|
||||
if (!empty($errors)) {
|
||||
$twig->display('error_box.html.twig', ['errors' => $errors]);
|
||||
$twig->display('account.back_button.html.twig', [
|
||||
'action' => getLink('account/resend-email-verify'),
|
||||
]);
|
||||
}
|
||||
|
||||
if ($showForm) {
|
||||
$twig->display('account.resend-email-verify.html.twig');
|
||||
}
|
||||
Reference in New Issue
Block a user