diff --git a/index.php b/index.php
index a91234a5..8443c651 100644
--- a/index.php
+++ b/index.php
@@ -89,6 +89,7 @@ else {
'/^account\/character\/delete\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'delete_character'),
'/^account\/character\/comment\/[A-Za-z]+\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_comment', 'name' => '$3'),
'/^account\/character\/comment\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_comment'),
+ '/^account\/confirm_email\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'confirm_email', 'v' => '$2'),
'/^characters\/[A-Za-z0-9-_%+\']+$/' => array('subtopic' => 'characters', 'name' => '$1'),
'/^commands\/add\/?$/' => array('subtopic' => 'commands', 'action' => 'add'),
'/^commands\/edit\/?$/' => array('subtopic' => 'commands', 'action' => 'edit'),
@@ -135,14 +136,11 @@ else {
break;
}
}
-
- if(!$found)
- $_REQUEST['p'] = $uri;
}
// define page visited, so it can be used within events system
$page = isset($_REQUEST['subtopic']) ? $_REQUEST['subtopic'] : (isset($_REQUEST['p']) ? $_REQUEST['p'] : '');
-if(empty($page) || preg_match('/[^A-z0-9\/_\-]/', $page)) {
+if(empty($page) || !preg_match('/^[A-z0-9\_\-]+$/', $page)) {
if(!$found)
$page = '404';
else
diff --git a/system/functions.php b/system/functions.php
index 336eb598..7a5dcbb3 100644
--- a/system/functions.php
+++ b/system/functions.php
@@ -9,23 +9,25 @@
*/
defined('MYAAC') or die('Direct access not allowed!');
-function success($message, $return = false) {
+function message($message, $type, $return)
+{
if($return)
- return '' . $message . '
';
+ return '' . $message . '
';
- echo '' . $message . '
';
+ echo '' . $message . '
';
+ return true;
+}
+function success($message, $return = false) {
+ return message($message, 'success', $return);
}
function warning($message, $return = false) {
- if($return)
- return '' . $message . '
';
-
- echo '' . $message . '
';
+ return message($message, 'warning', $return);
+}
+function note($message, $return = false) {
+ return message($message, 'note', $return);
}
function error($message, $return = false) {
- if($return)
- return '' . $message . '
';
-
- echo '' . $message . '
';
+ return message($message, 'error', $return);
}
function longToIp($ip)
diff --git a/system/init.php b/system/init.php
index 3c748cf7..0644a58c 100644
--- a/system/init.php
+++ b/system/init.php
@@ -47,11 +47,7 @@ $function = new Twig_SimpleFunction('getStyle', function ($i) {
$twig->addFunction($function);
$function = new Twig_SimpleFunction('getLink', function ($s) {
- global $config;
- if($config['friendly_urls'])
- return $s;
-
- return '?' . $s;
+ return getLink($s);
});
$twig->addFunction($function);
diff --git a/system/pages/account.php b/system/pages/account.php
index fbb6fb66..f7d5c135 100644
--- a/system/pages/account.php
+++ b/system/pages/account.php
@@ -1,6 +1,7 @@
@@ -8,17 +9,8 @@
* @link http://my-aac.org
*/
defined('MYAAC') or die('Direct access not allowed!');
-$title = 'Account';
-if($action == 'confirm_email')
-{
- $res = $db->query('SELECT email_hash FROM accounts WHERE email_hash = ' . $db->quote($_GET['v']));
- if(!$res->rowCount())
- echo 'Your email couldn\'t be verified. Please contact staff to do it manually.
';
- else
- {
- $db->update('accounts', array('email_verified' => '1'), array('email_hash' => $_GET['v']));
- echo 'You have now verified your e-mail, this will increase the security of your account. Thank you for doing this.
';
- }
+if($action == 'confirm_email') {
+ require_once(PAGES . 'account/confirm_email.php');
}
?>
diff --git a/system/pages/account/confirm_email.php b/system/pages/account/confirm_email.php
new file mode 100644
index 00000000..679b4448
--- /dev/null
+++ b/system/pages/account/confirm_email.php
@@ -0,0 +1,27 @@
+
+ * @copyright 2017 MyAAC
+ * @link http://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+
+$title = 'Confirm Email';
+
+$hash = isset($_GET['v']) ? $_GET['v'] : '';
+if(empty($hash)) {
+ warning('Please enter email hash code.
If you copied the link, please try again with full link.');
+ return;
+}
+
+if(!$res->rowCount()) {
+ note("Your email couldn't be verified. Please contact staff to do it manually.");
+}
+else
+{
+ success('You have now verified your e-mail, this will increase the security of your account. Thank you for doing this.');
+}
+?>
diff --git a/system/pages/accountmanagement.php b/system/pages/accountmanagement.php
index f65f3f96..2870caf4 100644
--- a/system/pages/accountmanagement.php
+++ b/system/pages/accountmanagement.php
@@ -25,6 +25,11 @@ if(!$logged)
}
else
{
+ if($action == 'confirm_email') {
+ require(PAGES . 'account/' . $action . '.php');
+ return;
+ }
+
if(!empty($errors))
echo $twig->render('error_box.html.twig', array('errors' => $errors));
@@ -33,8 +38,9 @@ if(!$logged)
'account' => USE_ACCOUNT_NAME ? 'Name' : 'Number',
'error' => isset($errors[0]) ? $errors[0] : null
));
- return;
}
+
+ return;
}
$errors = array();
@@ -123,7 +129,15 @@ $errors = array();
'players' => $account_players
));
}
- else if(file_exists(PAGES . 'account/' . $action . '.php')) {
- require(PAGES . 'account/' . $action . '.php');
+ else {
+ if(!ctype_alnum(str_replace(array('-', '_'), '', $action))) {
+ error('Error: Action contains illegal characters.');
+ }
+ else if(file_exists(PAGES . 'account/' . $action . '.php')) {
+ require(PAGES . 'account/' . $action . '.php');
+ }
+ else {
+ error('This page does not exists.');
+ }
}
?>
diff --git a/system/pages/changelog.php b/system/pages/changelog.php
index 74ca38ab..362cc6fe 100644
--- a/system/pages/changelog.php
+++ b/system/pages/changelog.php
@@ -14,6 +14,7 @@ $_page = isset($_GET['page']) ? $_GET['page'] : 0;
$id = isset($_GET['id']) ? $_GET['id'] : 0;
$limit = 30;
$offset = $_page * $limit;
+$next_page = false;
?>
diff --git a/system/pages/createaccount.php b/system/pages/createaccount.php
index 2b43b9d8..6796b924 100644
--- a/system/pages/createaccount.php
+++ b/system/pages/createaccount.php
@@ -160,7 +160,6 @@ if($save)
$hash = md5(generateRandomString(16, true, true) . $email);
$new_account->setCustomField('email_hash', $hash);
- $verify_url = BASE_URL . '?p=account&action=confirm_email&v=' . $hash;
$server_name = $config['lua']['serverName'];
$body_plain = $twig->render('mail.account.verify.plain.html.twig', array(
@@ -181,7 +180,8 @@ if($save)
}
else
{
- echo '
An error occorred while sending email! Account not created. Try again. Error:
' . $mailer->ErrorInfo . '
';
+ error('An error occorred while sending email! Account not created. Try again. Error:
' . $mailer->ErrorInfo . '
More info in system/logs/error.log');
+ log_append('error.log', '[createaccount.php] An error occorred while sending email: ' . $mailer->ErrorInfo . '. Error: ' . print_r(error_get_last(), true));
$new_account->delete();
}
}
@@ -200,7 +200,8 @@ if($save)
if(_mail($email, 'Your account on ' . $config['lua']['serverName'], $mailBody))
echo '
These informations were send on email address ' . $email . '.';
else
- echo '
An error occorred while sending email (' . $email . ')! Error:
' . $mailer->ErrorInfo . '
';
+ error('An error occorred while sending email (' . $email . ')! Error:
' . $mailer->ErrorInfo . '
More info in system/logs/error.log');
+ log_append('error.log', '[createaccount.php] An error occorred while sending email: ' . $mailer->ErrorInfo . '. Error: ' . print_r(error_get_last(), true));
}
}
diff --git a/system/pages/forum.php b/system/pages/forum.php
index e472a335..68407dd2 100644
--- a/system/pages/forum.php
+++ b/system/pages/forum.php
@@ -185,8 +185,13 @@ if(!$logged)
return;
}
-if(file_exists(PAGES . 'forum/' . $action . '.php')) {
+if(!ctype_alnum(str_replace(array('-', '_'), '', $action))) {
+ error('Error: Action contains illegal characters.');
+}
+else if(file_exists(PAGES . 'forum/' . $action . '.php')) {
require(PAGES . 'forum/' . $action . '.php');
}
-
+else {
+ error('This page does not exists.');
+}
?>