Feature/refactor account lost (#326)

* [WIP] Account Lost refactor

* [WIP] Refactor account/lost

* Update form.html.twig

* Use myaac-table class for tables

* Set $title to 'Lost Account'

* Remove duplicated code - extract lostAccountCooldown function

* [WIP] Add csrfProtect()

* Refactor code, better $error messages

* Formatting

* Refactor

Add missing password check
Formatting

* [WIP] Refactor

* [WIP] Refactor account lost

* [WIP] Refactor account lost - fixes

* [WIP] Account lost refactor

* Fixes
* Add account lost hooks for password strength plugin

system/pages/account/lost/email/send-code.php

@@ -0,0 +1,75 @@
+<?php
+defined('MYAAC') or die('Direct access not allowed!');
+
+csrfProtect();
+
+require __DIR__ . '/../base.php';
+
+$title = 'Lost Account';
+
+$email = $_POST['email'] ?? '';
+$nick = $_POST['nick'] ?? '';
+
+$player = new OTS_Player();
+$account = new OTS_Account();
+$player->find($nick);
+if($player->isLoaded()) {
+	$account = $player->getAccount();
+}
+
+if($account->isLoaded()) {
+	if($account->getCustomField('email_next') < time()) {
+		if($account->getEMail() == $email) {
+			$newCode = generateRandomString(30, true, false, true);
+			$mailBody = $twig->render('mail.account.lost.code.html.twig', [
+				'newCode' => $newCode,
+				'account' => $account,
+				'nick' => $nick,
+			]);
+
+			$accountEMail = $account->getCustomField('email');
+			if(_mail($accountEMail, configLua('serverName') . ' - Recover your account', $mailBody)) {
+				$account->setCustomField('email_code', $newCode);
+				$account->setCustomField('email_next', (time() + setting('core.mail_lost_account_interval')));
+
+				$twig->display('success.html.twig', [
+					'title' => 'Email has been sent',
+					'description' => 'Details about steps required to recover your account has been sent to <b>' . $accountEMail . '</b>. You should receive this email within 15 minutes. Please check your inbox/spam directory.',
+					'custom_buttons' => '',
+				]);
+
+				$twig->display('account.back_button.html.twig', [
+					'new_line' => true,
+					'center' => true,
+					'action' => getLink('news'),
+				]);
+
+				return;
+			}
+
+			$account->setCustomField('email_next', (time() + 60));
+			error('An error occurred while sending email! Try again later or contact with admin. For Admin: More info can be found in system/logs/mailer-error.log</p>');
+		}
+		else {
+			$errors[] = 'Invalid e-mail to account of character <b>' . escapeHtml($nick) . '</b>. Try again.';
+		}
+	}
+	else {
+		lostAccountWriteCooldown($nick, (int)$account->getCustomField('email_next'));
+	}
+}
+else {
+	$errors[] =  "Player or account of player <b>" . escapeHtml($nick) . "</b> doesn't exist.";
+}
+
+if (!empty($errors)) {
+	$twig->display('error_box.html.twig', [
+		'errors' => $errors,
+	]);
+}
+
+$twig->display('account.back_button.html.twig', [
+	'new_line' => true,
+	'center' => true,
+	'action' => getLink('account/lost/step-1') . '?action=email&nick=' . urlencode($nick),
+]);

system/pages/account/lost/email/set-new-password.php

@@ -0,0 +1,128 @@
+<?php
+defined('MYAAC') or die('Direct access not allowed!');
+
+csrfProtect();
+
+$title = 'Lost Account';
+
+$newPassword = $_POST['password'] ?? '';
+$passwordRepeat = $_POST['password_repeat'] ?? '';
+$code = $_POST['code'] ?? '';
+$character = $_POST['character'] ?? '';
+
+if(empty($code) || empty($character)) {
+	$errors[] = 'Please enter code from e-mail and name of one character from account.';
+
+	$twig->display('error_box.html.twig', [
+		'errors' => $errors,
+	]);
+
+	$twig->display('account/lost/check-code.html.twig', [
+		'code' => $code,
+		'character' => $character,
+	]);
+
+	$twig->display('account.back_button.html.twig', [
+		'new_line' => true,
+		'center' => true,
+		'action' => getLink('account/lost/check-code')
+	]);
+
+	return;
+}
+
+if (empty($newPassword) || empty($passwordRepeat)) {
+	$errors[] = 'Please enter both passwords.';
+
+	$twig->display('error_box.html.twig', [
+		'errors' => $errors,
+	]);
+
+	$twig->display('account/lost/check-code.finish.html.twig', [
+		'character' => $character,
+		'code' => $code,
+	]);
+
+	return;
+}
+
+$player = new OTS_Player();
+$account = new OTS_Account();
+$player->find($character);
+if($player->isLoaded()) {
+	$account = $player->getAccount();
+}
+
+$passwordFailed = false;
+
+if($account->isLoaded()) {
+	if($account->getCustomField('email_code') == $code) {
+		if ($newPassword == $passwordRepeat) {
+			if (Validator::password($newPassword)) {
+
+				$hooks->trigger(HOOK_ACCOUNT_LOST_EMAIL_SET_NEW_PASSWORD_POST);
+
+				if (empty($errors)) {
+					$tmp_new_pass = $newPassword;
+					if (USE_ACCOUNT_SALT) {
+						$salt = generateRandomString(10, false, true, true);
+						$tmp_new_pass = $salt . $newPassword;
+						$account->setCustomField('salt', $salt);
+					}
+
+					$account->setPassword(encrypt($tmp_new_pass));
+					$account->save();
+					$account->setCustomField('email_code', '');
+
+					$mailBody = $twig->render('mail.account.lost.new-password.html.twig', [
+						'account' => $account,
+						'newPassword' => $newPassword,
+					]);
+
+					$statusMsg = '';
+					if (_mail($account->getCustomField('email'), configLua('serverName') . ' - Your new password', $mailBody)) {
+						$statusMsg = '<br /><small>New password work! Sent e-mail with your password and account name. You should receive this e-mail in 15 minutes. You can login now with new password!';
+					} else {
+						$statusMsg = '<br /><p class="error">New password work! An error occurred while sending email! You will not receive e-mail with new password. For Admin: More info can be found in system/logs/mailer-error.log';
+					}
+
+					$twig->display('account/lost/finish.new-password.html.twig', [
+						'statusMsg' => $statusMsg,
+						'newPassword' => $newPassword,
+					]);
+				}
+			} else {
+				$passwordFailed = true;
+				$errors[] = Validator::getLastError();
+			}
+		}
+		else {
+			$passwordFailed = true;
+			$errors[] = 'Passwords are not the same!';
+		}
+	}
+	else {
+		$errors[] = 'Wrong code to change password.';
+	}
+}
+else {
+	$errors[] = "Account of this character or this character doesn't exist.";
+}
+
+if(!empty($errors)) {
+	$twig->display('error_box.html.twig', [
+		'errors' => $errors,
+	]);
+
+	echo '<br/>';
+
+	$template = 'account/lost/check-code.html.twig';
+	if($passwordFailed) {
+		$template = 'account/lost/check-code.finish.html.twig';
+	}
+
+	$twig->display($template, [
+		'code' => $code,
+		'character' => $character,
+	]);
+}

system/pages/account/lost/email/step-1.php

@@ -0,0 +1,36 @@
+<?php
+defined('MYAAC') or die('Direct access not allowed!');
+
+require __DIR__ . '/../base.php';
+
+csrfProtect();
+
+$title = 'Lost Account';
+
+$nick = $_REQUEST['nick'] ?? '';
+
+if($account->isLoaded()) {
+	if($account->getCustomField('email_next') < time()) {
+		$twig->display('account/lost/email.html.twig', [
+			'nick' => $nick,
+		]);
+	}
+	else {
+		lostAccountWriteCooldown($nick, (int)$account->getCustomField('email_next'));
+	}
+}
+else {
+	$errors[] = "Player or account of player <b>" . escapeHtml($nick) . "</b> doesn't exist.";
+}
+
+if (!empty($errors)) {
+	$twig->display('error_box.html.twig', [
+		'errors' => $errors,
+	]);
+}
+
+$twig->display('account.back_button.html.twig', [
+	'new_line' => true,
+	'center' => true,
+	'action' => getLink('account/lost'),
+]);