Refactor

Add missing password check
Formatting

system/pages/account/lost/email/set-new-password.php

@@ -5,11 +5,12 @@ csrfProtect();
 
 $title = 'Lost Account';
 
-$newPassword = $_REQUEST['passor'];
+$newPassword = $_REQUEST['password'];
+$passwordRepeat = $_REQUEST['password_repeat'];
 $code = $_REQUEST['code'];
 $character = stripslashes($_REQUEST['character']);
 
-if(empty($code) || empty($character) || empty($newPassword)) {
+if(empty($code) || empty($character) || empty($newPassword) || empty($passwordRepeat)) {
 	$errors[] = 'Please enter code from e-mail and name of one character from account. Then press Submit.';
 
 	$twig->display('error_box.html.twig', [
@@ -34,38 +35,41 @@ if($player->isLoaded()) {
 
 if($account->isLoaded()) {
 	if($account->getCustomField('email_code') == $code) {
-		if(Validator::password($newPassword)) {
-			$tmp_new_pass = $newPassword;
-			if(USE_ACCOUNT_SALT) {
-				$salt = generateRandomString(10, false, true, true);
-				$tmp_new_pass  = $salt . $newPassword;
-				$account->setCustomField('salt', $salt);
+		if ($newPassword == $passwordRepeat) {
+			if (Validator::password($newPassword)) {
+				$tmp_new_pass = $newPassword;
+				if (USE_ACCOUNT_SALT) {
+					$salt = generateRandomString(10, false, true, true);
+					$tmp_new_pass = $salt . $newPassword;
+					$account->setCustomField('salt', $salt);
+				}
+
+				$account->setPassword(encrypt($tmp_new_pass));
+				$account->save();
+				$account->setCustomField('email_code', '');
+
+				$mailBody = $twig->render('mail.account.lost.new-password.html.twig', [
+					'account' => $account,
+					'newPassword' => $newPassword,
+				]);
+
+				$statusMsg = '';
+				if (_mail($account->getCustomField('email'), configLua('serverName') . ' - Your new password', $mailBody)) {
+					$statusMsg = '<br /><small>New password work! Sent e-mail with your password and account name. You should receive this e-mail in 15 minutes. You can login now with new password!';
+				} else {
+					$statusMsg = '<br /><p class="error">New password work! An error occurred while sending email! You will not receive e-mail with new password. For Admin: More info can be found in system/logs/mailer-error.log';
+				}
+
+				$twig->display('account/lost/finish.new-password.html.twig', [
+					'statusMsg' => $statusMsg,
+					'newPassword' => $newPassword,
+				]);
+			} else {
+				$error = Validator::getLastError();
 			}
-
-			$account->setPassword(encrypt($tmp_new_pass));
-			$account->save();
-			$account->setCustomField('email_code', '');
-
-			$mailBody = $twig->render('mail.account.lost.new-password.html.twig', [
-				'account' => $account,
-				'newPassword' => $newPassword,
-			]);
-
-			$statusMsg = '';
-			if(_mail($account->getCustomField('email'), configLua('serverName') . ' - Your new password', $mailBody)) {
-				$statusMsg = '<br /><small>New password work! Sent e-mail with your password and account name. You should receive this e-mail in 15 minutes. You can login now with new password!';
-			}
-			else {
-				$statusMsg = '<br /><p class="error">New password work! An error occurred while sending email! You will not receive e-mail with new password. For Admin: More info can be found in system/logs/mailer-error.log';
-			}
-
-			$twig->display('account/lost/finish.new-password.html.twig', [
-				'statusMsg' => $statusMsg,
-				'newPassword' => $newPassword,
-			]);
 		}
 		else {
-			$error = Validator::getLastError();
+			$error = 'Passwords are not the same!';
 		}
 	}
 	else {

system/pages/account/lost/recovery-key/step-1.php

@@ -9,7 +9,7 @@ if($account->isLoaded()) {
 	$account_key = $account->getCustomField('key');
 
 	if(!empty($account_key)) {
-		$twig->display('account/lost/recovery-key.html.twig', [
+		$twig->display('account/lost/recovery-key.step-1.html.twig', [
 			'nick' => $nick,
 		]);
 	}

system/pages/account/lost/recovery-key/step-3.php

@@ -7,7 +7,8 @@ $title = 'Lost Account';
 
 $key = trim($_REQUEST['key']);
 $nick = stripslashes($_REQUEST['nick']);
-$newPassword = trim($_REQUEST['passor']);
+$newPassword = trim($_REQUEST['password']);
+$passwordRepeat = trim($_REQUEST['password_repeat']);
 $newEmail = trim($_REQUEST['email']);
 
 $player = new OTS_Player();
@@ -23,51 +24,52 @@ if($account->isLoaded()) {
 	if(!empty($accountKey)) {
 		if($accountKey == $key) {
 			if(Validator::password($newPassword)) {
-				if(Validator::email($newEmail)) {
-					$account->setEMail($newEmail);
+				if ($newPassword == $passwordRepeat) {
+					if (Validator::email($newEmail)) {
+						$account->setEMail($newEmail);
 
-					$tmp_new_pass = $newPassword;
-					if(USE_ACCOUNT_SALT)
-					{
-						$salt = generateRandomString(10, false, true, true);
-						$tmp_new_pass = $salt . $newPassword;
-					}
+						$tmp_new_pass = $newPassword;
+						if (USE_ACCOUNT_SALT) {
+							$salt = generateRandomString(10, false, true, true);
+							$tmp_new_pass = $salt . $newPassword;
+						}
 
-					$account->setPassword(encrypt($tmp_new_pass));
-					$account->save();
+						$account->setPassword(encrypt($tmp_new_pass));
+						$account->save();
 
-					if(USE_ACCOUNT_SALT) {
-						$account->setCustomField('salt', $salt);
-					}
+						if (USE_ACCOUNT_SALT) {
+							$account->setCustomField('salt', $salt);
+						}
 
-					$statusMsg = '';
-					if($account->getCustomField('email_next') < time()) {
-						$mailBody = $twig->render('mail.account.lost.new-email.html.twig', [
+						$statusMsg = '';
+						if ($account->getCustomField('email_next') < time()) {
+							$mailBody = $twig->render('mail.account.lost.new-email.html.twig', [
+								'account' => $account,
+								'newPassword' => $newPassword,
+								'newEmail' => $newEmail,
+							]);
+
+							if (_mail($account->getCustomField('email'), configLua('serverName') . ' - New password to your account', $mailBody)) {
+								$statusMsg = '<br /><small>Sent e-mail with your account name and password to new e-mail. You should receive this e-mail in 15 minutes. You can login now with new password!</small>';
+							} else {
+								$statusMsg = '<br /><p class="error">An error occurred while sending email! You will not receive e-mail with this informations. For Admin: More info can be found in system/logs/mailer-error.log</p>';
+							}
+						} else {
+							$statusMsg = '<br /><small>You will not receive e-mail with this informations.</small>';
+						}
+
+						$twig->display('account/lost/finish.new-email.html.twig', [
+							'statusMsg' => $statusMsg,
 							'account' => $account,
 							'newPassword' => $newPassword,
 							'newEmail' => $newEmail,
 						]);
-
-						if(_mail($account->getCustomField('email'), configLua('serverName') . ' - New password to your account', $mailBody)) {
-							$statusMsg = '<br /><small>Sent e-mail with your account name and password to new e-mail. You should receive this e-mail in 15 minutes. You can login now with new password!</small>';
-						}
-						else {
-							$statusMsg = '<br /><p class="error">An error occurred while sending email! You will not receive e-mail with this informations. For Admin: More info can be found in system/logs/mailer-error.log</p>';
-						}
+					} else {
+						$errors[] = Validator::getLastError();
 					}
-					else {
-						$statusMsg = '<br /><small>You will not receive e-mail with this informations.</small>';
-					}
-
-					$twig->display('account/lost/finish.new-email.html.twig', [
-						'statusMsg' => $statusMsg,
-						'account' => $account,
-						'newPassword' => $newPassword,
-						'newEmail' => $newEmail,
-					]);
 				}
 				else {
-					$errors[] = Validator::getLastError();
+					$errors[] = 'Passwords are not the same!';
 				}
 			}
 			else {