[WIP] Refactor account/lost

system/pages/account/lost.php

@@ -11,37 +11,9 @@
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Lost Account Interface';
 
-if(!setting('core.mail_enabled'))
-{
-	echo '<b>Account maker is not configured to send e-mails, you can\'t use Lost Account Interface. Contact with admin to get help.</b>';
+if(!setting('core.mail_enabled')) {
+	echo "<b>Account maker is not configured to send e-mails, you can't use Lost Account Interface. Contact with admin to get help.</b>";
 	return;
 }
 
-$action_type = $_REQUEST['action_type'] ?? '';
-if($action == '') {
-	$twig->display('account.lost.form.html.twig');
-}
-else if($action == 'step1' && $action_type == '') {
-	$twig->display('account.lost.noaction.html.twig');
-}
-elseif($action == 'step1' && $action_type == 'email') {
-	require PAGES . 'account/lost/step1-email.php';
-}
-elseif($action == 'send-code') {
-	require PAGES . 'account/lost/send-code.php';
-}
-elseif($action == 'step1' && $action_type == 'reckey') {
-	require PAGES . 'account/lost/step1-reckey.php';
-}
-elseif($action == 'step2') {
-	require PAGES . 'account/lost/step2.php';
-}
-elseif($action == 'step3') {
-	require PAGES . 'account/lost/step3.php';
-}
-elseif($action == 'check-code') {
-	require PAGES . 'account/lost/check-code.php';
-}
-elseif($action == 'set-new-password') {
-	require PAGES . 'account/lost/set-new-password.php';
-}
+$twig->display('account/lost/form.html.twig');

system/pages/account/lost/check-code.php

@@ -1,9 +1,11 @@
 <?php
+defined('MYAAC') or die('Direct access not allowed!');
+
 $code = isset($_REQUEST['code']) ? trim($_REQUEST['code']) : '';
 $character = isset($_REQUEST['character']) ? stripslashes(trim($_REQUEST['character'])) : '';
 
 if(empty($code) || empty($character))
-	$twig->display('account.lost.check-code.html.twig', [
+	$twig->display('account/lost/check-code.html.twig', [
 		'code' => $code,
 		'characters' => $character,
 	]);
@@ -18,22 +20,10 @@ else
 
 	if($account->isLoaded()) {
 		if($account->getCustomField('email_code') == $code) {
-			echo '
-				Please enter new password to your account and repeat to make sure you remember password.<BR>
-				<FORM ACTION="' . getLink('account/lost') . '?action=setnewpassword" METHOD=post>
-				<INPUT TYPE=hidden NAME="character" VALUE="'.$character.'">
-				<INPUT TYPE=hidden NAME="code" VALUE="'.$code.'">
-				<TABLE CELLSPACING=1 CELLPADDING=4 BORDER=0 WIDTH=100%>
-				<TR><TD BGCOLOR="'.$config['vdarkborder'].'" class="white"><B>Passwords</B></TD></TR>
-				<TR><TD BGCOLOR="'.$config['darkborder'].'">
-				New password:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<INPUT TYPE=password ID="passor" NAME="passor" VALUE="" SIZE="40"><BR />
-				Repeat new password:&nbsp;<INPUT TYPE=password ID="passor2" NAME="passor2" VALUE="" SIZE="40"><BR />
-				</TD></TR>
-				</TABLE>
-				<BR>
-				<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
-				' . $twig->render('buttons.submit.html.twig') . '</div>
-				</TD></TR></FORM></TABLE></TABLE>';
+			$twig->display('account/lost/check-code.finish.html.twig', [
+				'character' => $character,
+				'code' => $code,
+			]);
 		}
 		else {
 			$error = 'Wrong code to change password.';
@@ -51,7 +41,7 @@ if(!empty($error)) {
 
 	echo '<br/>';
 
-	$twig->display('account.lost.check-code.html.twig', [
+	$twig->display('account/lost/check-code.html.twig', [
 
 	]);
 }

system/pages/account/lost/email/send-code.php

@@ -1,4 +1,5 @@
 <?php
+defined('MYAAC') or die('Direct access not allowed!');
 
 $email = $_REQUEST['email'];
 $nick = stripslashes($_REQUEST['nick']);
@@ -37,12 +38,14 @@ if($account->isLoaded()) {
 		}
 	}
 	else {
-		$insec = (int)$account->getCustomField('email_next') - time();
-		$minutesleft = floor($insec / 60);
-		$secondsleft = $insec - ($minutesleft * 60);
-		$timeleft = $minutesleft.' minutes '.$secondsleft.' seconds';
+		$inSec = (int)$account->getCustomField('email_next') - time();
+		$minutesLeft = floor($inSec / 60);
+		$secondsLeft = $inSec - ($minutesLeft * 60);
+		$timeLeft = $minutesLeft.' minutes '.$secondsLeft.' seconds';
 
-		echo 'Account of selected character (<b>' . htmlspecialchars($nick) . '</b>) received e-mail in last '.ceil(setting('core.mail_lost_account_interval') / 60) . ' minutes. You must wait '.$timeleft.' before you can use Lost Account Interface again.';
+		$timeRounded = ceil(setting('core.mail_lost_account_interval') / 60);
+
+		echo "Account of selected character (<b>" . escapeHtml($nick) . "</b>) received e-mail in last $timeRounded minutes. You must wait $timeLeft before you can use Lost Account Interface again.";
 	}
 }
 else {

system/pages/account/lost/email/set-new-password.php

@@ -1,4 +1,6 @@
 <?php
+defined('MYAAC') or die('Direct access not allowed!');
+
 $newPassword = $_REQUEST['passor'];
 $code = $_REQUEST['code'];
 $character = stripslashes($_REQUEST['character']);
@@ -9,7 +11,7 @@ if(empty($code) || empty($character) || empty($newPassword)) {
 	$twig->display('account.back_button.html.twig', [
 		'new_line' => true,
 		'center' => true,
-		'action' => getLink('account/lost') . '?action=check-code',
+		'action' => getLink('account/lost/check-code')
 	]);
 }
 else
@@ -21,15 +23,11 @@ else
 		$account = $player->getAccount();
 	}
 
-	if($account->isLoaded())
-	{
-		if($account->getCustomField('email_code') == $code)
-		{
-			if(Validator::password($newPassword))
-			{
+	if($account->isLoaded()) {
+		if($account->getCustomField('email_code') == $code) {
+			if(Validator::password($newPassword)) {
 				$tmp_new_pass = $newPassword;
-				if(USE_ACCOUNT_SALT)
-				{
+				if(USE_ACCOUNT_SALT) {
 					$salt = generateRandomString(10, false, true, true);
 					$tmp_new_pass  = $salt . $newPassword;
 					$account->setCustomField('salt', $salt);
@@ -52,19 +50,22 @@ else
 					$statusMsg = '<br /><p class="error">New password work! An error occurred while sending email! You will not receive e-mail with new password. For Admin: More info can be found in system/logs/mailer-error.log';
 				}
 
-				$twig->display('account.lost.finish.new-password.html.twig', [
+				$twig->display('account/lost/finish.new-password.html.twig', [
 					'statusMsg' => $statusMsg,
 					'newPassword' => $newPassword,
 				]);
 			}
-			else
-				$error= Validator::getLastError();
+			else {
+				$error = Validator::getLastError();
+			}
+		}
+		else {
+			$error = 'Wrong code to change password.';
 		}
-		else
-			$error= 'Wrong code to change password.';
 	}
-	else
-		$error = 'Account of this character or this character doesn\'t exist.';
+	else {
+		$error = "Account of this character or this character doesn't exist.";
+	}
 }
 
 if(!empty($error)) {
@@ -74,7 +75,7 @@ if(!empty($error)) {
 
 	echo '<br/>';
 
-	$twig->display('account.lost.check-code.html.twig', [
+	$twig->display('account/lost/check-code.html.twig', [
 		'code' => $code,
 		'character' => $character,
 	]);

system/pages/account/lost/email/step-1.php

@@ -0,0 +1,28 @@
+<?php
+
+if($account->isLoaded()) {
+	if($account->getCustomField('email_next') < time()) {
+		$twig->display('account/lost/email.html.twig', [
+			'nick' => $nick,
+		]);
+	}
+	else {
+		$inSec = (int)$account->getCustomField('email_next') - time();
+		$minutesLeft = floor($inSec / 60);
+		$secondsLeft = $inSec - ($minutesLeft * 60);
+		$timeLeft = $minutesLeft.' minutes '.$secondsLeft.' seconds';
+
+		$timeRounded = ceil(setting('core.mail_lost_account_interval') / 60);
+
+		echo "Account of selected character (<b>" . escapeHtml($nick) . "</b>) received e-mail in last $timeRounded minutes. You must wait $timeLeft before you can use Lost Account Interface again.";
+	}
+}
+else {
+	echo "Player or account of player <b>" . escapeHtml($nick) . "</b> doesn't exist.";
+}
+
+$twig->display('account.back_button.html.twig', [
+	'new_line' => true,
+	'center' => true,
+	'action' => getLink('account/lost'),
+]);

system/pages/account/lost/recovery-key/step-1.php

@@ -0,0 +1,24 @@
+<?php
+defined('MYAAC') or die('Direct access not allowed!');
+
+if($account->isLoaded()) {
+	$account_key = $account->getCustomField('key');
+
+	if(!empty($account_key)) {
+		$twig->display('account/lost/recovery-key.html.twig', [
+			'nick' => $nick,
+		]);
+	}
+	else {
+		echo 'Account of this character has no recovery key!';
+	}
+}
+else {
+	echo "Player or account of player <b>" . escapeHtml($nick) . "</b> doesn't exist.";
+}
+
+$twig->display('account.back_button.html.twig', [
+	'new_line' => true,
+	'center' => true,
+	'action' => getLink('account/lost'),
+]);

system/pages/account/lost/recovery-key/step-2.php

@@ -1,4 +1,5 @@
 <?php
+defined('MYAAC') or die('Direct access not allowed!');
 
 $recKey = trim($_REQUEST['key']);
 $nick = stripslashes($_REQUEST['nick']);
@@ -14,7 +15,7 @@ if($account->isLoaded()) {
 	$accountKey = $account->getCustomField('key');
 	if(!empty($accountKey)) {
 		if($accountKey == $recKey) {
-			$twig->display('account.lost.step2.html.twig', [
+			$twig->display('account/lost/step2.html.twig', [
 				'nick' => $nick,
 				'recKey' => $recKey,
 			]);
@@ -28,7 +29,7 @@ if($account->isLoaded()) {
 	}
 }
 else
-	echo "Player or account of player <b>" . htmlspecialchars($nick) . "</b> doesn't exist.";
+	echo "Player or account of player <b>" . escapeHtml($nick) . "</b> doesn't exist.";
 
 $twig->display('account.back_button.html.twig', [
 	'new_line' => true,

system/pages/account/lost/recovery-key/step-3.php

@@ -1,4 +1,6 @@
 <?php
+defined('MYAAC') or die('Direct access not allowed!');
+
 $recKey = trim($_REQUEST['key']);
 $nick = stripslashes($_REQUEST['nick']);
 $newPassword = trim($_REQUEST['passor']);
@@ -11,9 +13,9 @@ if($player->isLoaded()) {
 	$account = $player->getAccount();
 }
 
-if($account->isLoaded())
-{
+if($account->isLoaded()) {
 	$accountKey = $account->getCustomField('key');
+
 	if(!empty($accountKey)) {
 		if($accountKey == $recKey) {
 			if(Validator::password($newPassword)) {
@@ -53,7 +55,7 @@ if($account->isLoaded())
 						$statusMsg = '<br /><small>You will not receive e-mail with this informations.</small>';
 					}
 
-					$twig->display('account.lost.finish.new-email.html.twig', [
+					$twig->display('account/lost/finish.new-email.html.twig', [
 						'statusMsg' => $statusMsg,
 						'account' => $account,
 						'newPassword' => $newPassword,
@@ -77,7 +79,7 @@ if($account->isLoaded())
 	}
 }
 else {
-	echo "Player or account of player <b>" . htmlspecialchars($nick) . "</b> doesn't exist.";
+	echo "Player or account of player <b>" . escapeHtml($nick) . "</b> doesn't exist.";
 }
 
 $twig->display('account.back_button.html.twig', [

system/pages/account/lost/step-1.php

@@ -0,0 +1,22 @@
+<?php
+defined('MYAAC') or die('Direct access not allowed!');
+
+$nick = stripslashes($_REQUEST['nick']);
+
+$player = new OTS_Player();
+$account = new OTS_Account();
+$player->find($nick);
+if($player->isLoaded()) {
+	$account = $player->getAccount();
+}
+
+if (ACTION == 'email') {
+	require __DIR__ . '/email/step-1.php';
+}
+else if (ACTION == 'recovery-key') {
+	require __DIR__ . '/recovery-key/step-1.php';
+}
+else {
+	$twig->display('account/lost/no-action.html.twig');
+}
+

system/pages/account/lost/step1-email.php

@@ -1,36 +0,0 @@
-<?php
-
-$nick = stripslashes($_REQUEST['nick']);
-
-$player = new OTS_Player();
-$account = new OTS_Account();
-$player->find($nick);
-if($player->isLoaded()) {
-	$account = $player->getAccount();
-}
-
-if($account->isLoaded()) {
-	if($account->getCustomField('email_next') < time()) {
-		$twig->display('account.lost.step1-email.html.twig', [
-			'nick' => $nick,
-		]);
-	}
-	else
-	{
-		$insec = (int)$account->getCustomField('email_next') - time();
-		$minutesleft = floor($insec / 60);
-		$secondsleft = $insec - ($minutesleft * 60);
-		$timeleft = $minutesleft.' minutes '.$secondsleft.' seconds';
-
-		echo 'Account of selected character (<b>'.$nick.'</b>) received e-mail in last '.ceil(setting('core.mail_lost_account_interval') / 60).' minutes. You must wait '.$timeleft.' before you can use Lost Account Interface again.';
-	}
-}
-else {
-	echo "Player or account of player <b>" . htmlspecialchars($nick) . "</b> doesn't exist.";
-}
-
-$twig->display('account.back_button.html.twig', [
-	'new_line' => true,
-	'center' => true,
-	'action' => getLink('account/lost'),
-]);

system/pages/account/lost/step1-reckey.php

@@ -1,39 +0,0 @@
-<?php
-$nick = stripslashes($_REQUEST['nick']);
-
-$player = new OTS_Player();
-$account = new OTS_Account();
-$player->find($nick);
-if($player->isLoaded())
-	$account = $player->getAccount();
-if($account->isLoaded())
-{
-	$account_key = $account->getCustomField('key');
-	if(!empty($account_key))
-	{
-		echo 'If you enter right recovery key you will see form to set new e-mail and password to account. To this e-mail will be send your new password and account name.<BR>
-					<FORM ACTION="' . getLink('account/lost') . '?action=step2" METHOD=post>
-					<TABLE CELLSPACING=1 CELLPADDING=4 BORDER=0 WIDTH=100%>
-					<TR><TD BGCOLOR="'.$config['vdarkborder'].'" class="white"><B>Please enter your recovery key</B></TD></TR>
-					<TR><TD BGCOLOR="'.$config['darkborder'].'">
-					Character name:&nbsp;<INPUT TYPE=text NAME="nick" VALUE="'.$nick.'" SIZE="40" readonly="readonly"><BR />
-					Recovery key:&nbsp;&nbsp;&nbsp;&nbsp;<INPUT TYPE=text NAME="key" VALUE="" SIZE="40"><BR>
-					</TD></TR>
-					</TABLE>
-					<BR>
-					<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
-					' . $twig->render('buttons.submit.html.twig') . '</div>
-					</TD></TR></FORM></TABLE></TABLE>';
-	}
-	else
-		echo 'Account of this character has no recovery key!';
-}
-else {
-	echo 'Player or account of player <b>' . htmlspecialchars($nick) . '</b> doesn\'t exist.';
-}
-
-$twig->display('account.back_button.html.twig', [
-	'new_line' => true,
-	'center' => true,
-	'action' => getLink('account/lost'),
-]);