Patching from develop

* Allow account_create_character_create even if account_mail_verify is activated * Fixes to account verify - do not allow login without verified email (Thanks @anyeor)
2025-04-27 17:59:22 +02:00 · 2024-07-09 23:51:12 +02:00 · 2024-07-09 23:51:12 +02:00 · 1edf8833c8
commit 1edf8833c8
parent 0ffc5f68b4
5 changed files with 43 additions and 34 deletions
--- a/system/init.php
+++ b/system/init.php
@ -116,7 +116,7 @@ if(!isset($config['highscores_ids_hidden']) || count($config['highscores_ids_hid
 	$config['highscores_ids_hidden'] = array(0);
 }
-$config['account_create_character_create'] = config('account_create_character_create') && (!config('mail_enabled') || !config('account_mail_verify'));
+$config['account_mail_verify'] = config('account_mail_verify') && config('mail_enabled');
 // POT
 require_once SYSTEM . 'libs/pot/OTS.php';
--- a/system/login.php
+++ b/system/login.php
@ -88,28 +88,32 @@ else
 				&& (!isset($t) || $t['attempts'] < 5)
 				)
 			{
-				session_regenerate_id();
+				if (config('mail_enabled') && config('account_mail_verify') && (int)$account_logged->getCustomField('email_verified') !== 1) {
-				setSession('account', $account_logged->getId());
+					$errors[] = 'Your account is not verified. Please verify your email address. If the message is not coming check the SPAM folder in your E-Mail client.';
 				setSession('password', encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $login_password));
 				if($remember_me) {
 					setSession('remember_me', true);
 				}
 				$logged = true;
 				$logged_flags = $account_logged->getWebFlags();
 				if(isset($_POST['admin']) && !admin()) {
 					$errors[] = 'This account has no admin privileges.';
 					unsetSession('account');
 					unsetSession('password');
 					unsetSession('remember_me');
 					$logged = false;
 				}
 				else {
-					$account_logged->setCustomField('web_lastlogin', time());
+					session_regenerate_id();
-				}
+					setSession('account', $account_logged->getId());
 					setSession('password', encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $login_password));
 					if ($remember_me) {
 						setSession('remember_me', true);
 					}
-				$hooks->trigger(HOOK_LOGIN, array('account' => $account_logged, 'password' => $login_password, 'remember_me' => $remember_me));
+					$logged = true;
 					$logged_flags = $account_logged->getWebFlags();
 					if (isset($_POST['admin']) && !admin()) {
 						$errors[] = 'This account has no admin privileges.';
 						unsetSession('account');
 						unsetSession('password');
 						unsetSession('remember_me');
 						$logged = false;
 					} else {
 						$account_logged->setCustomField('web_lastlogin', time());
 					}
 					$hooks->trigger(HOOK_LOGIN, array('account' => $account_logged, 'password' => $login_password, 'remember_me' => $remember_me));
 				}
 			}
 			else
 			{
--- a/system/pages/account/confirm_email.php
+++ b/system/pages/account/confirm_email.php
@ -29,11 +29,13 @@ else
 		$account = new OTS_Account();
 		$account->load($query['id']);
 		if ($account->isLoaded()) {
 			$db->update('accounts', ['email_verified' => '1'], ['email_hash' => $hash]);
 			success('You have now verified your e-mail, this will increase the security of your account. Thank you for doing this. You can now <a href=' . getLink('account/manage') . '>log in</a>.');
 			$hooks->trigger(HOOK_EMAIL_CONFIRMED, ['account' => $account]);
 		}
 	}
-
+	else {
-	$db->update('accounts', array('email_verified' => '1'), array('email_hash' => $hash));
+		error('Link has expired.');
-	success('You have now verified your e-mail, this will increase the security of your account. Thank you for doing this.');
+	}
 }
 ?>
--- a/system/pages/createaccount.php
+++ b/system/pages/createaccount.php
@ -211,6 +211,9 @@ if($save)
 			if(_mail($email, 'New account on ' . $config['lua']['serverName'], $body_html))
 			{
 				echo 'Your account has been created.<br/><br/>';
 				warning("Before you can login - you need to verify your E-Mail. The verification link has been sent to $email. If the message is not coming - remember to check the SPAM folder.");
 				$twig->display('success.html.twig', array(
 					'title' => 'Account Created',
 					'description' => 'Your account ' . $account_type . ' is <b>' . $tmp_account . '</b><br/>You will need the account ' . $account_type . ' and your password to play on ' . configLua('serverName') . '.
@ -227,15 +230,6 @@ if($save)
 		}
 		else
 		{
 			if(config('account_create_character_create')) {
 				// character creation
 				$character_created = $createCharacter->doCreate($character_name, $character_sex, $character_vocation, $character_town, $new_account, $errors);
 				if (!$character_created) {
 					error('There was an error creating your character. Please create your character later in account management page.');
 					error(implode(' ', $errors));
 				}
 			}
 			if($config['account_create_auto_login']) {
 				$_POST['account_login'] = USE_ACCOUNT_NAME ? $account_name : $account_id;
 				$_POST['password_login'] = $password2;
@ -280,6 +274,15 @@ if($save)
 			}
 		}
 		if(config('account_create_character_create')) {
 			// character creation
 			$character_created = $createCharacter->doCreate($character_name, $character_sex, $character_vocation, $character_town, $new_account, $errors);
 			if (!$character_created) {
 				error('There was an error creating your character. Please create your character later in account management page.');
 				error(implode(' ', $errors));
 			}
 		}
 		return;
 	}
 }
--- a/system/templates/account.create.html.twig
+++ b/system/templates/account.create.html.twig
@ -130,7 +130,7 @@
 							{{ hook('HOOK_ACCOUNT_CREATE_BETWEEN_BOXES_1') }}
-							{% if (not config.mail_enabled or not config.account_mail_verify) and config.account_create_character_create %}
+							{% if config.account_create_character_create %}
 							<tr>
 								<td>
 									<div class="TableShadowContainerRightTop">