Digitalstack/myaac
2
0
Fork 0
mirror of https://github.com/slawkens/myaac.git synced 2025-04-26 17:29:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

* fixed account email confirm function

Browse Source 
* log some error info when mail cannot be send on account create
* fixed some weird include possibilities with forum and account actions
(verify action name)
* twig getLink function will now return with full url (BASE_URL
included)
* fixed some changelog PHP Notice warning
* (internal) shortened message functions
This commit is contained in:
slawkens1 2017-11-12 21:55:12 +01:00
parent 6aa58bddd8
commit 56a01e1e64
9 changed files with 75 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
index.php
View File

@ -89,6 +89,7 @@ else {
'/^account\/character\/delete\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'delete_character'), '/^account\/character\/delete\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'delete_character'),
'/^account\/character\/comment\/[A-Za-z]+\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_comment', 'name' => '$3'), '/^account\/character\/comment\/[A-Za-z]+\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_comment', 'name' => '$3'),
'/^account\/character\/comment\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_comment'), '/^account\/character\/comment\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_comment'),
'/^account\/confirm_email\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'confirm_email', 'v' => '$2'),
'/^characters\/[A-Za-z0-9-_%+\']+$/' => array('subtopic' => 'characters', 'name' => '$1'), '/^characters\/[A-Za-z0-9-_%+\']+$/' => array('subtopic' => 'characters', 'name' => '$1'),
'/^commands\/add\/?$/' => array('subtopic' => 'commands', 'action' => 'add'), '/^commands\/add\/?$/' => array('subtopic' => 'commands', 'action' => 'add'),
'/^commands\/edit\/?$/' => array('subtopic' => 'commands', 'action' => 'edit'), '/^commands\/edit\/?$/' => array('subtopic' => 'commands', 'action' => 'edit'),
@ -135,14 +136,11 @@ else {
break; break;
} }
} }
if(!$found)
$_REQUEST['p'] = $uri;
} }
// define page visited, so it can be used within events system // define page visited, so it can be used within events system
$page = isset($_REQUEST['subtopic']) ? $_REQUEST['subtopic'] : (isset($_REQUEST['p']) ? $_REQUEST['p'] : ''); $page = isset($_REQUEST['subtopic']) ? $_REQUEST['subtopic'] : (isset($_REQUEST['p']) ? $_REQUEST['p'] : '');
if(empty($page) || preg_match('/[^A-z0-9\/_\-]/', $page)) { if(empty($page) || !preg_match('/^[A-z0-9\_\-]+$/', $page)) {
if(!$found) if(!$found)
$page = '404'; $page = '404';
else else

24
system/functions.php
View File

@ -9,23 +9,25 @@
*/ */
defined('MYAAC') or die('Direct access not allowed!'); defined('MYAAC') or die('Direct access not allowed!');
function success($message, $return = false) { function message($message, $type, $return)
{
if($return) if($return)
return '<p class="success">' . $message . '</p>'; return '<p class="' . $type . '">' . $message . '</p>';
echo '<p class="success">' . $message . '</p>'; echo '<p class="' . $type . '">' . $message . '</p>';
return true;
}
function success($message, $return = false) {
return message($message, 'success', $return);
} }
function warning($message, $return = false) { function warning($message, $return = false) {
if($return) return message($message, 'warning', $return);
return '<p class="warning">' . $message . '</p>'; }
function note($message, $return = false) {
echo '<p class="warning">' . $message . '</p>'; return message($message, 'note', $return);
} }
function error($message, $return = false) { function error($message, $return = false) {
if($return) return message($message, 'error', $return);
return '<p class="error">' . $message . '</p>';
echo '<p class="error">' . $message . '</p>';
} }
function longToIp($ip) function longToIp($ip)

6
system/init.php
View File

@ -47,11 +47,7 @@ $function = new Twig_SimpleFunction('getStyle', function ($i) {
$twig->addFunction($function); $twig->addFunction($function);
$function = new Twig_SimpleFunction('getLink', function ($s) { $function = new Twig_SimpleFunction('getLink', function ($s) {
global $config; return getLink($s);
if($config['friendly_urls'])
return $s;
return '?' . $s;
}); });
$twig->addFunction($function); $twig->addFunction($function);

14
system/pages/account.php
View File

@ -1,6 +1,7 @@
<?php <?php
/** /**
* Account confirm mail * Account confirm mail
* Keept for compability
* *
* @package MyAAC * @package MyAAC
* @author Slawkens <slawkens@gmail.com> * @author Slawkens <slawkens@gmail.com>
@ -8,17 +9,8 @@
* @link http://my-aac.org * @link http://my-aac.org
*/ */
defined('MYAAC') or die('Direct access not allowed!'); defined('MYAAC') or die('Direct access not allowed!');
$title = 'Account';
if($action == 'confirm_email') if($action == 'confirm_email') {
{ require_once(PAGES . 'account/confirm_email.php');
$res = $db->query('SELECT email_hash FROM accounts WHERE email_hash = ' . $db->quote($_GET['v']));
if(!$res->rowCount())
echo '<div class="note">Your email couldn\'t be verified. Please contact staff to do it manually.</div>';
else
{
$db->update('accounts', array('email_verified' => '1'), array('email_hash' => $_GET['v']));
echo '<div class="success">You have now verified your e-mail, this will increase the security of your account. Thank you for doing this.</div>';
}
} }
?> ?>

27
system/pages/account/confirm_email.php Normal file
View File

@ -0,0 +1,27 @@
<?php
/**
* Account confirm mail
*
* @package MyAAC
* @author Slawkens <slawkens@gmail.com>
* @copyright 2017 MyAAC
* @link http://my-aac.org
*/
defined('MYAAC') or die('Direct access not allowed!');
$title = 'Confirm Email';
$hash = isset($_GET['v']) ? $_GET['v'] : '';
if(empty($hash)) {
warning('Please enter email hash code.<br/>If you copied the link, please try again with full link.');
return;
}
if(!$res->rowCount()) {
note("Your email couldn't be verified. Please contact staff to do it manually.");
}
else
{
success('You have now verified your e-mail, this will increase the security of your account. Thank you for doing this.');
}
?>

16
system/pages/accountmanagement.php
View File

@ -25,6 +25,11 @@ if(!$logged)
} }
else else
{ {
if($action == 'confirm_email') {
require(PAGES . 'account/' . $action . '.php');
return;
}
if(!empty($errors)) if(!empty($errors))
echo $twig->render('error_box.html.twig', array('errors' => $errors)); echo $twig->render('error_box.html.twig', array('errors' => $errors));
@ -33,8 +38,9 @@ if(!$logged)
'account' => USE_ACCOUNT_NAME ? 'Name' : 'Number', 'account' => USE_ACCOUNT_NAME ? 'Name' : 'Number',
'error' => isset($errors[0]) ? $errors[0] : null 'error' => isset($errors[0]) ? $errors[0] : null
)); ));
return;
} }
return;
} }
$errors = array(); $errors = array();
@ -123,7 +129,15 @@ $errors = array();
'players' => $account_players 'players' => $account_players
)); ));
} }
else {
if(!ctype_alnum(str_replace(array('-', '_'), '', $action))) {
error('Error: Action contains illegal characters.');
}
else if(file_exists(PAGES . 'account/' . $action . '.php')) { else if(file_exists(PAGES . 'account/' . $action . '.php')) {
require(PAGES . 'account/' . $action . '.php'); require(PAGES . 'account/' . $action . '.php');
} }
else {
error('This page does not exists.');
}
}
?> ?>

1
system/pages/changelog.php
View File

@ -14,6 +14,7 @@ $_page = isset($_GET['page']) ? $_GET['page'] : 0;
$id = isset($_GET['id']) ? $_GET['id'] : 0; $id = isset($_GET['id']) ? $_GET['id'] : 0;
$limit = 30; $limit = 30;
$offset = $_page * $limit; $offset = $_page * $limit;
$next_page = false;
?> ?>
<br/> <br/>

7
system/pages/createaccount.php
View File

@ -160,7 +160,6 @@ if($save)
$hash = md5(generateRandomString(16, true, true) . $email); $hash = md5(generateRandomString(16, true, true) . $email);
$new_account->setCustomField('email_hash', $hash); $new_account->setCustomField('email_hash', $hash);
$verify_url = BASE_URL . '?p=account&action=confirm_email&v=' . $hash;
$server_name = $config['lua']['serverName']; $server_name = $config['lua']['serverName'];
$body_plain = $twig->render('mail.account.verify.plain.html.twig', array( $body_plain = $twig->render('mail.account.verify.plain.html.twig', array(
@ -181,7 +180,8 @@ if($save)
} }
else else
{ {
echo '<br /><p class="error">An error occorred while sending email! Account not created. Try again. Error:<br/>' . $mailer->ErrorInfo . '</p>'; error('An error occorred while sending email! Account not created. Try again. Error:<br/>' . $mailer->ErrorInfo . '<br/>More info in system/logs/error.log');
log_append('error.log', '[createaccount.php] An error occorred while sending email: ' . $mailer->ErrorInfo . '. Error: ' . print_r(error_get_last(), true));
$new_account->delete(); $new_account->delete();
} }
} }
@ -200,7 +200,8 @@ if($save)
if(_mail($email, 'Your account on ' . $config['lua']['serverName'], $mailBody)) if(_mail($email, 'Your account on ' . $config['lua']['serverName'], $mailBody))
echo '<br /><small>These informations were send on email address <b>' . $email . '</b>.'; echo '<br /><small>These informations were send on email address <b>' . $email . '</b>.';
else else
echo '<br /><p class="error">An error occorred while sending email (<b>' . $email . '</b>)! Error:<br/>' . $mailer->ErrorInfo . '</p>'; error('An error occorred while sending email (<b>' . $email . '</b>)! Error:<br/>' . $mailer->ErrorInfo . '<br/>More info in system/logs/error.log');
log_append('error.log', '[createaccount.php] An error occorred while sending email: ' . $mailer->ErrorInfo . '. Error: ' . print_r(error_get_last(), true));
} }
} }

9
system/pages/forum.php
View File

@ -185,8 +185,13 @@ if(!$logged)
return; return;
} }
if(file_exists(PAGES . 'forum/' . $action . '.php')) { if(!ctype_alnum(str_replace(array('-', '_'), '', $action))) {
error('Error: Action contains illegal characters.');
}
else if(file_exists(PAGES . 'forum/' . $action . '.php')) {
require(PAGES . 'forum/' . $action . '.php'); require(PAGES . 'forum/' . $action . '.php');
} }
else {
error('This page does not exists.');
}
?> ?>