Refactor

Add missing password check
Formatting

system/pages/account/lost/email/set-new-password.php

@@ -5,11 +5,12 @@ csrfProtect();
 
 $title = 'Lost Account';
 
-$newPassword = $_REQUEST['passor'];
+$newPassword = $_REQUEST['password'];
+$passwordRepeat = $_REQUEST['password_repeat'];
 $code = $_REQUEST['code'];
 $character = stripslashes($_REQUEST['character']);
 
-if(empty($code) || empty($character) || empty($newPassword)) {
+if(empty($code) || empty($character) || empty($newPassword) || empty($passwordRepeat)) {
 	$errors[] = 'Please enter code from e-mail and name of one character from account. Then press Submit.';
 
 	$twig->display('error_box.html.twig', [
@@ -34,38 +35,41 @@ if($player->isLoaded()) {
 
 if($account->isLoaded()) {
 	if($account->getCustomField('email_code') == $code) {
-		if(Validator::password($newPassword)) {
+		if ($newPassword == $passwordRepeat) {
-			$tmp_new_pass = $newPassword;
+			if (Validator::password($newPassword)) {
-			if(USE_ACCOUNT_SALT) {
+				$tmp_new_pass = $newPassword;
-				$salt = generateRandomString(10, false, true, true);
+				if (USE_ACCOUNT_SALT) {
-				$tmp_new_pass  = $salt . $newPassword;
+					$salt = generateRandomString(10, false, true, true);
-				$account->setCustomField('salt', $salt);
+					$tmp_new_pass = $salt . $newPassword;
+					$account->setCustomField('salt', $salt);
+				}
+
+				$account->setPassword(encrypt($tmp_new_pass));
+				$account->save();
+				$account->setCustomField('email_code', '');
+
+				$mailBody = $twig->render('mail.account.lost.new-password.html.twig', [
+					'account' => $account,
+					'newPassword' => $newPassword,
+				]);
+
+				$statusMsg = '';
+				if (_mail($account->getCustomField('email'), configLua('serverName') . ' - Your new password', $mailBody)) {
+					$statusMsg = '<br /><small>New password work! Sent e-mail with your password and account name. You should receive this e-mail in 15 minutes. You can login now with new password!';
+				} else {
+					$statusMsg = '<br /><p class="error">New password work! An error occurred while sending email! You will not receive e-mail with new password. For Admin: More info can be found in system/logs/mailer-error.log';
+				}
+
+				$twig->display('account/lost/finish.new-password.html.twig', [
+					'statusMsg' => $statusMsg,
+					'newPassword' => $newPassword,
+				]);
+			} else {
+				$error = Validator::getLastError();
 			}
-
-			$account->setPassword(encrypt($tmp_new_pass));
-			$account->save();
-			$account->setCustomField('email_code', '');
-
-			$mailBody = $twig->render('mail.account.lost.new-password.html.twig', [
-				'account' => $account,
-				'newPassword' => $newPassword,
-			]);
-
-			$statusMsg = '';
-			if(_mail($account->getCustomField('email'), configLua('serverName') . ' - Your new password', $mailBody)) {
-				$statusMsg = '<br /><small>New password work! Sent e-mail with your password and account name. You should receive this e-mail in 15 minutes. You can login now with new password!';
-			}
-			else {
-				$statusMsg = '<br /><p class="error">New password work! An error occurred while sending email! You will not receive e-mail with new password. For Admin: More info can be found in system/logs/mailer-error.log';
-			}
-
-			$twig->display('account/lost/finish.new-password.html.twig', [
-				'statusMsg' => $statusMsg,
-				'newPassword' => $newPassword,
-			]);
 		}
 		else {
-			$error = Validator::getLastError();
+			$error = 'Passwords are not the same!';
 		}
 	}
 	else {

system/pages/account/lost/recovery-key/step-1.php

@@ -9,7 +9,7 @@ if($account->isLoaded()) {
 	$account_key = $account->getCustomField('key');
 
 	if(!empty($account_key)) {
-		$twig->display('account/lost/recovery-key.html.twig', [
+		$twig->display('account/lost/recovery-key.step-1.html.twig', [
 			'nick' => $nick,
 		]);
 	}

system/pages/account/lost/recovery-key/step-3.php

@@ -7,7 +7,8 @@ $title = 'Lost Account';
 
 $key = trim($_REQUEST['key']);
 $nick = stripslashes($_REQUEST['nick']);
-$newPassword = trim($_REQUEST['passor']);
+$newPassword = trim($_REQUEST['password']);
+$passwordRepeat = trim($_REQUEST['password_repeat']);
 $newEmail = trim($_REQUEST['email']);
 
 $player = new OTS_Player();
@@ -23,51 +24,52 @@ if($account->isLoaded()) {
 	if(!empty($accountKey)) {
 		if($accountKey == $key) {
 			if(Validator::password($newPassword)) {
-				if(Validator::email($newEmail)) {
+				if ($newPassword == $passwordRepeat) {
-					$account->setEMail($newEmail);
+					if (Validator::email($newEmail)) {
+						$account->setEMail($newEmail);
 
-					$tmp_new_pass = $newPassword;
+						$tmp_new_pass = $newPassword;
-					if(USE_ACCOUNT_SALT)
+						if (USE_ACCOUNT_SALT) {
-					{
+							$salt = generateRandomString(10, false, true, true);
-						$salt = generateRandomString(10, false, true, true);
+							$tmp_new_pass = $salt . $newPassword;
-						$tmp_new_pass = $salt . $newPassword;
+						}
-					}
 
-					$account->setPassword(encrypt($tmp_new_pass));
+						$account->setPassword(encrypt($tmp_new_pass));
-					$account->save();
+						$account->save();
 
-					if(USE_ACCOUNT_SALT) {
+						if (USE_ACCOUNT_SALT) {
-						$account->setCustomField('salt', $salt);
+							$account->setCustomField('salt', $salt);
-					}
+						}
 
-					$statusMsg = '';
+						$statusMsg = '';
-					if($account->getCustomField('email_next') < time()) {
+						if ($account->getCustomField('email_next') < time()) {
-						$mailBody = $twig->render('mail.account.lost.new-email.html.twig', [
+							$mailBody = $twig->render('mail.account.lost.new-email.html.twig', [
+								'account' => $account,
+								'newPassword' => $newPassword,
+								'newEmail' => $newEmail,
+							]);
+
+							if (_mail($account->getCustomField('email'), configLua('serverName') . ' - New password to your account', $mailBody)) {
+								$statusMsg = '<br /><small>Sent e-mail with your account name and password to new e-mail. You should receive this e-mail in 15 minutes. You can login now with new password!</small>';
+							} else {
+								$statusMsg = '<br /><p class="error">An error occurred while sending email! You will not receive e-mail with this informations. For Admin: More info can be found in system/logs/mailer-error.log</p>';
+							}
+						} else {
+							$statusMsg = '<br /><small>You will not receive e-mail with this informations.</small>';
+						}
+
+						$twig->display('account/lost/finish.new-email.html.twig', [
+							'statusMsg' => $statusMsg,
 							'account' => $account,
 							'newPassword' => $newPassword,
 							'newEmail' => $newEmail,
 						]);
-
+					} else {
-						if(_mail($account->getCustomField('email'), configLua('serverName') . ' - New password to your account', $mailBody)) {
+						$errors[] = Validator::getLastError();
-							$statusMsg = '<br /><small>Sent e-mail with your account name and password to new e-mail. You should receive this e-mail in 15 minutes. You can login now with new password!</small>';
-						}
-						else {
-							$statusMsg = '<br /><p class="error">An error occurred while sending email! You will not receive e-mail with this informations. For Admin: More info can be found in system/logs/mailer-error.log</p>';
-						}
 					}
-					else {
-						$statusMsg = '<br /><small>You will not receive e-mail with this informations.</small>';
-					}
-
-					$twig->display('account/lost/finish.new-email.html.twig', [
-						'statusMsg' => $statusMsg,
-						'account' => $account,
-						'newPassword' => $newPassword,
-						'newEmail' => $newEmail,
-					]);
 				}
 				else {
-					$errors[] = Validator::getLastError();
+					$errors[] = 'Passwords are not the same!';
 				}
 			}
 			else {

system/templates/account/lost/check-code.finish.html.twig

@@ -5,22 +5,40 @@ Please enter new password to your account and repeat to make sure you remember p
 
 	<input type="hidden" name="character" value="{{ character }}">
 	<input type="hidden" name="code" value="{{ code }}">
+
 	<table class="myaac-table" style="width: 100%;">
 
 		<thead>
 		<tr>
-			<th class="white"><B>Passwords</B></th>
+			<th class="white"><b>Passwords</b></th>
 		</tr>
 		</thead>
 
 		<tbody>
 		<tr>
 			<td>
-				New password:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type="password" ID="passor" name="passor" value="" size="40"><br/>
+				<table>
-				Repeat new password:&nbsp;<input TYPE="password" ID="passor2" name="passor2" value="" size="40"><br/>
+					<tr>
+						<td>
+							<label for="password">New password:</label>
+						</td>
+						<td>
+							<input type="password" id="password" name="password" value="" size="40">
+						</td>
+					</tr>
+					<tr>
+						<td>
+							<label for="password_repeat">Repeat new password:</label>
+						</td>
+						<td>
+							<input type="password" id="password_repeat" name="password_repeat" value="" size="40">
+						</td>
+					</tr>
+				</table>
 			</td>
 		</tr>
 		</tbody>
+
 	</table>
 	<br/>
 	<table style="width: 100%">

system/templates/account/lost/finish.new-email.html.twig

@@ -12,9 +12,34 @@ Your account name, new password and new e-mail.<br/>
 	<tbody>
 	<tr>
 		<td>
-			Account name:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<b>{{ account.getName() }}</b><br/>
+
-			New password:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<b>{{ newPassword }}</b><br/>
+			<table>
-			New e-mail address:&nbsp;<b>{{ newEmail }}</b><br/>
+				<tr>
+					<td>
+						Account name:
+					</td>
+					<td>
+						<b>{{ account.getName() }}</b>
+					</td>
+				</tr>
+				<tr>
+					<td>
+						New password:
+					</td>
+					<td>
+						<b>{{ newPassword }}</b>
+					</td>
+				</tr>
+				<tr>
+					<td>
+						New e-mail address:
+					</td>
+					<td>
+						<b>{{ newEmail }}</b>
+					</td>
+				</tr>
+			</table>
+
 			{{ statusMsg|raw }}
 		</td>
 	</tr>

system/templates/account/lost/recovery-key.step-1.html.twig

@@ -16,8 +16,24 @@ If you enter right recovery key you will see form to set new e-mail and password
 		<tbody>
 		<tr>
 			<td>
-				Character name:&nbsp;<input type=text name="nick" value="{{ nick }}" size="40" readonly="readonly"><br/>
+				<table>
-				Recovery key:&nbsp;&nbsp;&nbsp;&nbsp;<input type="text" name="key" value="" size="40"><br/>
+					<tr>
+						<td>
+							<label for="nick">Character name:</label>
+						</td>
+						<td>
+							<input type=text id="nick" name="nick" value="{{ nick }}" size="40" readonly="readonly">
+						</td>
+					</tr>
+					<tr>
+						<td>
+							<label for="key">Recovery key:</label>
+						</td>
+						<td>
+							<input type="text" id="key" name="key" value="" size="40">
+						</td>
+					</tr>
+				</table>
 			</td>
 		</tr>
 		</tbody>

system/templates/account/lost/recovery-key.step-2.html.twig

@@ -31,26 +31,26 @@ Set new password and e-mail to your account.<br>
 					</tr>
 					<tr>
 						<td>
-							<label for="nick">New password:</label>
+							<label for="password">New password:</label>
 						</td>
 						<td>
-							<input id="passor" type="password" name="passor" value="" size="40">
+							<input type="password" id="password" name="password" value="" size="40">
 						</td>
 					</tr>
 					<tr>
 						<td>
-							<label for="nick">Repeat new password:</label>
+							<label for="password_repeat">Repeat new password:</label>
 						</td>
 						<td>
-							<input id="passor2" type="password" name="passor" value="" size="40">
+							<input type="password" id="password_repeat" name="password_repeat" value="" size="40">
 						</td>
 					</tr>
 					<tr>
 						<td>
-							<label for="nick">New e-mail address:</label>
+							<label for="email">New e-mail address:</label>
 						</td>
 						<td>
-							<input id="email" type="text" name="email" value="" size="40">
+							<input type="text" id="email" name="email" value="" size="40">
 						</td>
 					</tr>
 				</table>

system/templates/mail.account.lost.new-email.html.twig

@@ -2,6 +2,6 @@
 <p>Changed password and e-mail to your account in Lost Account Interface on server <a href="{{ constant('BASE_URL') }}"><b>{{ config('lua')['serverName'] }}</b></a></p>
 <p>Account name: <b>{{ account.getName() }}</b></p>
 <p>New password: <b>{{ newPassword }}</b></p>
-<p>E-mail: <b>{{ $newEmail }}</b> (this e-mail)</p>
+<p>E-mail: <b>{{ newEmail }}</b> (this e-mail)</p>
 <br/>
 <p><u>It's automatic e-mail from OTS Lost Account System. Do not reply!</u></p>