From 523210c5b7712afa99a9d037c931a9fd088a9942 Mon Sep 17 00:00:00 2001 From: slawkens Date: Mon, 15 Sep 2025 20:04:21 +0200 Subject: [PATCH] Refactor Add missing password check Formatting --- .../account/lost/email/set-new-password.php | 66 +++++++++-------- .../account/lost/recovery-key/step-1.php | 2 +- .../account/lost/recovery-key/step-3.php | 72 ++++++++++--------- .../account/lost/check-code.finish.html.twig | 24 ++++++- .../account/lost/finish.new-email.html.twig | 31 +++++++- ...tml.twig => recovery-key.step-1.html.twig} | 20 +++++- .../lost/recovery-key.step-2.html.twig | 12 ++-- .../mail.account.lost.new-email.html.twig | 2 +- 8 files changed, 147 insertions(+), 82 deletions(-) rename system/templates/account/lost/{recovery-key.html.twig => recovery-key.step-1.html.twig} (62%) diff --git a/system/pages/account/lost/email/set-new-password.php b/system/pages/account/lost/email/set-new-password.php index e475c6db..ea65f4f4 100644 --- a/system/pages/account/lost/email/set-new-password.php +++ b/system/pages/account/lost/email/set-new-password.php @@ -5,11 +5,12 @@ csrfProtect(); $title = 'Lost Account'; -$newPassword = $_REQUEST['passor']; +$newPassword = $_REQUEST['password']; +$passwordRepeat = $_REQUEST['password_repeat']; $code = $_REQUEST['code']; $character = stripslashes($_REQUEST['character']); -if(empty($code) || empty($character) || empty($newPassword)) { +if(empty($code) || empty($character) || empty($newPassword) || empty($passwordRepeat)) { $errors[] = 'Please enter code from e-mail and name of one character from account. Then press Submit.'; $twig->display('error_box.html.twig', [ @@ -34,38 +35,41 @@ if($player->isLoaded()) { if($account->isLoaded()) { if($account->getCustomField('email_code') == $code) { - if(Validator::password($newPassword)) { - $tmp_new_pass = $newPassword; - if(USE_ACCOUNT_SALT) { - $salt = generateRandomString(10, false, true, true); - $tmp_new_pass = $salt . $newPassword; - $account->setCustomField('salt', $salt); + if ($newPassword == $passwordRepeat) { + if (Validator::password($newPassword)) { + $tmp_new_pass = $newPassword; + if (USE_ACCOUNT_SALT) { + $salt = generateRandomString(10, false, true, true); + $tmp_new_pass = $salt . $newPassword; + $account->setCustomField('salt', $salt); + } + + $account->setPassword(encrypt($tmp_new_pass)); + $account->save(); + $account->setCustomField('email_code', ''); + + $mailBody = $twig->render('mail.account.lost.new-password.html.twig', [ + 'account' => $account, + 'newPassword' => $newPassword, + ]); + + $statusMsg = ''; + if (_mail($account->getCustomField('email'), configLua('serverName') . ' - Your new password', $mailBody)) { + $statusMsg = '
New password work! Sent e-mail with your password and account name. You should receive this e-mail in 15 minutes. You can login now with new password!'; + } else { + $statusMsg = '

New password work! An error occurred while sending email! You will not receive e-mail with new password. For Admin: More info can be found in system/logs/mailer-error.log'; + } + + $twig->display('account/lost/finish.new-password.html.twig', [ + 'statusMsg' => $statusMsg, + 'newPassword' => $newPassword, + ]); + } else { + $error = Validator::getLastError(); } - - $account->setPassword(encrypt($tmp_new_pass)); - $account->save(); - $account->setCustomField('email_code', ''); - - $mailBody = $twig->render('mail.account.lost.new-password.html.twig', [ - 'account' => $account, - 'newPassword' => $newPassword, - ]); - - $statusMsg = ''; - if(_mail($account->getCustomField('email'), configLua('serverName') . ' - Your new password', $mailBody)) { - $statusMsg = '
New password work! Sent e-mail with your password and account name. You should receive this e-mail in 15 minutes. You can login now with new password!'; - } - else { - $statusMsg = '

New password work! An error occurred while sending email! You will not receive e-mail with new password. For Admin: More info can be found in system/logs/mailer-error.log'; - } - - $twig->display('account/lost/finish.new-password.html.twig', [ - 'statusMsg' => $statusMsg, - 'newPassword' => $newPassword, - ]); } else { - $error = Validator::getLastError(); + $error = 'Passwords are not the same!'; } } else { diff --git a/system/pages/account/lost/recovery-key/step-1.php b/system/pages/account/lost/recovery-key/step-1.php index 015a455d..9c610328 100644 --- a/system/pages/account/lost/recovery-key/step-1.php +++ b/system/pages/account/lost/recovery-key/step-1.php @@ -9,7 +9,7 @@ if($account->isLoaded()) { $account_key = $account->getCustomField('key'); if(!empty($account_key)) { - $twig->display('account/lost/recovery-key.html.twig', [ + $twig->display('account/lost/recovery-key.step-1.html.twig', [ 'nick' => $nick, ]); } diff --git a/system/pages/account/lost/recovery-key/step-3.php b/system/pages/account/lost/recovery-key/step-3.php index f066b8bd..a1bc678b 100644 --- a/system/pages/account/lost/recovery-key/step-3.php +++ b/system/pages/account/lost/recovery-key/step-3.php @@ -7,7 +7,8 @@ $title = 'Lost Account'; $key = trim($_REQUEST['key']); $nick = stripslashes($_REQUEST['nick']); -$newPassword = trim($_REQUEST['passor']); +$newPassword = trim($_REQUEST['password']); +$passwordRepeat = trim($_REQUEST['password_repeat']); $newEmail = trim($_REQUEST['email']); $player = new OTS_Player(); @@ -23,51 +24,52 @@ if($account->isLoaded()) { if(!empty($accountKey)) { if($accountKey == $key) { if(Validator::password($newPassword)) { - if(Validator::email($newEmail)) { - $account->setEMail($newEmail); + if ($newPassword == $passwordRepeat) { + if (Validator::email($newEmail)) { + $account->setEMail($newEmail); - $tmp_new_pass = $newPassword; - if(USE_ACCOUNT_SALT) - { - $salt = generateRandomString(10, false, true, true); - $tmp_new_pass = $salt . $newPassword; - } + $tmp_new_pass = $newPassword; + if (USE_ACCOUNT_SALT) { + $salt = generateRandomString(10, false, true, true); + $tmp_new_pass = $salt . $newPassword; + } - $account->setPassword(encrypt($tmp_new_pass)); - $account->save(); + $account->setPassword(encrypt($tmp_new_pass)); + $account->save(); - if(USE_ACCOUNT_SALT) { - $account->setCustomField('salt', $salt); - } + if (USE_ACCOUNT_SALT) { + $account->setCustomField('salt', $salt); + } - $statusMsg = ''; - if($account->getCustomField('email_next') < time()) { - $mailBody = $twig->render('mail.account.lost.new-email.html.twig', [ + $statusMsg = ''; + if ($account->getCustomField('email_next') < time()) { + $mailBody = $twig->render('mail.account.lost.new-email.html.twig', [ + 'account' => $account, + 'newPassword' => $newPassword, + 'newEmail' => $newEmail, + ]); + + if (_mail($account->getCustomField('email'), configLua('serverName') . ' - New password to your account', $mailBody)) { + $statusMsg = '
Sent e-mail with your account name and password to new e-mail. You should receive this e-mail in 15 minutes. You can login now with new password!'; + } else { + $statusMsg = '

An error occurred while sending email! You will not receive e-mail with this informations. For Admin: More info can be found in system/logs/mailer-error.log

'; + } + } else { + $statusMsg = '
You will not receive e-mail with this informations.'; + } + + $twig->display('account/lost/finish.new-email.html.twig', [ + 'statusMsg' => $statusMsg, 'account' => $account, 'newPassword' => $newPassword, 'newEmail' => $newEmail, ]); - - if(_mail($account->getCustomField('email'), configLua('serverName') . ' - New password to your account', $mailBody)) { - $statusMsg = '
Sent e-mail with your account name and password to new e-mail. You should receive this e-mail in 15 minutes. You can login now with new password!'; - } - else { - $statusMsg = '

An error occurred while sending email! You will not receive e-mail with this informations. For Admin: More info can be found in system/logs/mailer-error.log

'; - } + } else { + $errors[] = Validator::getLastError(); } - else { - $statusMsg = '
You will not receive e-mail with this informations.'; - } - - $twig->display('account/lost/finish.new-email.html.twig', [ - 'statusMsg' => $statusMsg, - 'account' => $account, - 'newPassword' => $newPassword, - 'newEmail' => $newEmail, - ]); } else { - $errors[] = Validator::getLastError(); + $errors[] = 'Passwords are not the same!'; } } else { diff --git a/system/templates/account/lost/check-code.finish.html.twig b/system/templates/account/lost/check-code.finish.html.twig index faa0e778..194682d4 100644 --- a/system/templates/account/lost/check-code.finish.html.twig +++ b/system/templates/account/lost/check-code.finish.html.twig @@ -5,22 +5,40 @@ Please enter new password to your account and repeat to make sure you remember p + - + +
PasswordsPasswords
- New password:      
- Repeat new password: 
+ + + + + + + + + +
+ + + +
+ + + +

diff --git a/system/templates/account/lost/finish.new-email.html.twig b/system/templates/account/lost/finish.new-email.html.twig index ff05f5d8..e4a5f1ee 100644 --- a/system/templates/account/lost/finish.new-email.html.twig +++ b/system/templates/account/lost/finish.new-email.html.twig @@ -12,9 +12,34 @@ Your account name, new password and new e-mail.
diff --git a/system/templates/account/lost/recovery-key.html.twig b/system/templates/account/lost/recovery-key.step-1.html.twig similarity index 62% rename from system/templates/account/lost/recovery-key.html.twig rename to system/templates/account/lost/recovery-key.step-1.html.twig index 879bd43c..77484b56 100644 --- a/system/templates/account/lost/recovery-key.html.twig +++ b/system/templates/account/lost/recovery-key.step-1.html.twig @@ -16,8 +16,24 @@ If you enter right recovery key you will see form to set new e-mail and password diff --git a/system/templates/account/lost/recovery-key.step-2.html.twig b/system/templates/account/lost/recovery-key.step-2.html.twig index 0853a62c..753da469 100644 --- a/system/templates/account/lost/recovery-key.step-2.html.twig +++ b/system/templates/account/lost/recovery-key.step-2.html.twig @@ -31,26 +31,26 @@ Set new password and e-mail to your account.
- Account name:     {{ account.getName() }}
- New password:        {{ newPassword }}
- New e-mail address: {{ newEmail }}
+ + + + + + + + + + + + + + +
+ Account name: + + {{ account.getName() }} +
+ New password: + + {{ newPassword }} +
+ New e-mail address: + + {{ newEmail }} +
+ {{ statusMsg|raw }}
- Character name: 
- Recovery key:    
+ + + + + + + + + +
+ + + +
+ + + +
- + - +
- + - +
- + - +
diff --git a/system/templates/mail.account.lost.new-email.html.twig b/system/templates/mail.account.lost.new-email.html.twig index af22cc79..bbf901f0 100644 --- a/system/templates/mail.account.lost.new-email.html.twig +++ b/system/templates/mail.account.lost.new-email.html.twig @@ -2,6 +2,6 @@

Changed password and e-mail to your account in Lost Account Interface on server {{ config('lua')['serverName'] }}

Account name: {{ account.getName() }}

New password: {{ newPassword }}

-

E-mail: {{ $newEmail }} (this e-mail)

+

E-mail: {{ newEmail }} (this e-mail)


It's automatic e-mail from OTS Lost Account System. Do not reply!