From 83b3dc803a7181a2753099004abc97c92293dfe3 Mon Sep 17 00:00:00 2001 From: slawkens Date: Mon, 8 Jul 2024 19:50:05 +0200 Subject: [PATCH 1/7] Fix 5th step of installer --- install/steps/5-database.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/install/steps/5-database.php b/install/steps/5-database.php index 6ee7d031..d0db8cfc 100644 --- a/install/steps/5-database.php +++ b/install/steps/5-database.php @@ -72,16 +72,16 @@ if(!$error) { } if(!$error) { - $twig->display('install.installer.html.twig', array( - 'url' => 'tools/5-database.php', - 'message' => $locale['loading_spinner'] - )); - $content = ''; $saved = Settings::saveConfig($configToSave, BASE . 'config.local.php', $content); if($saved) { success($locale['step_database_config_saved']); $_SESSION['saved'] = true; + + $twig->display('install.installer.html.twig', array( + 'url' => 'tools/5-database.php', + 'message' => $locale['loading_spinner'] + )); } else { $_SESSION['config_content'] = $content; From 10a739773c4f2911876bc802a0ee0537c3e00a92 Mon Sep 17 00:00:00 2001 From: slawkens Date: Tue, 9 Jul 2024 21:29:42 +0200 Subject: [PATCH 2/7] Detect tools/ext exists on install to prevent broken installs --- install/steps/3-requirements.php | 17 ++++++++++++++--- system/locale/de/install.php | 4 ++++ system/locale/en/install.php | 4 ++++ system/locale/pl/install.php | 4 ++++ 4 files changed, 26 insertions(+), 3 deletions(-) diff --git a/install/steps/3-requirements.php b/install/steps/3-requirements.php index 659e3036..65281248 100644 --- a/install/steps/3-requirements.php +++ b/install/steps/3-requirements.php @@ -2,10 +2,15 @@ defined('MYAAC') or die('Direct access not allowed!'); // configuration -$dirs_required = [ +$dirs_required_writable = [ 'system/logs', 'system/cache', ]; + +$dirs_required = [ + 'tools/ext' => $locale['step_requirements_folder_not_exists_tools_ext'], +]; + $dirs_optional = [ GUILD_IMAGES_DIR => $locale['step_requirements_warning_images_guilds'], GALLERY_DIR => $locale['step_requirements_warning_images_gallery'], @@ -18,6 +23,7 @@ $extensions_optional = [ 'gd' => $locale['step_requirements_warning_player_signatures'], 'zip' => $locale['step_requirements_warning_install_plugins'], ]; + /* * * @param string $name @@ -41,7 +47,7 @@ $failed = false; // start validating version_check($locale['step_requirements_php_version'], (PHP_VERSION_ID >= 50500), PHP_VERSION); -foreach ($dirs_required as $value) +foreach ($dirs_required_writable as $value) { $is_writable = is_writable(BASE . $value) && (MYAAC_OS != 'WINDOWS' || win_is_writable(BASE . $value)); version_check($locale['step_requirements_write_perms'] . ': ' . $value, $is_writable); @@ -52,6 +58,12 @@ foreach ($dirs_optional as $dir => $errorMsg) { version_check($locale['step_requirements_write_perms'] . ': ' . $dir, $is_writable, $is_writable ? '' : $errorMsg, true); } +foreach ($dirs_required as $dir => $errorMsg) +{ + $exists = is_dir(BASE . $dir); + version_check($locale['step_requirements_folder_exists'] . ': ' . $dir, $exists, $exists ? '' : $errorMsg); +} + $ini_register_globals = ini_get_bool('register_globals'); version_check('register_long_arrays', !$ini_register_globals, $ini_register_globals ? $locale['on'] : $locale['off']); @@ -78,4 +90,3 @@ if($failed) { } echo ''; -?> diff --git a/system/locale/de/install.php b/system/locale/de/install.php index 85be3b16..ad354609 100644 --- a/system/locale/de/install.php +++ b/system/locale/de/install.php @@ -36,6 +36,10 @@ $locale['step_requirements'] = 'Anforderungen'; $locale['step_requirements_title'] = 'Anforderungen überprüfen'; $locale['step_requirements_php_version'] = 'PHP Version'; $locale['step_requirements_write_perms'] = 'Schreibberechtigungen'; +$locale['step_requirements_folder_exists'] = 'Ordner ist vorhanden'; +$locale['step_requirements_folder_not_exists_tools_ext'] = 'NPM Package Manager wird verwendet für externe JavaScript/CSS Bibliotheken.' + . ' Es sollte via Command Line installiert werden: https://docs.npmjs.com/downloading-and-installing-node-js-and-npm' + . ' Nachdem das Tool installiert wurde, folgende Befehl sollte ausgeführt in dem Hauptordner des MyAACs: "npm install".'; $locale['step_requirements_failed'] = 'Die Installation wird deaktiviert, bis diese Anforderungen erfüllt sind.
Für weitere Informationen siehe README Datei.'; $locale['step_requirements_extension'] = '$EXTENSION$ PHP Erweiterung'; diff --git a/system/locale/en/install.php b/system/locale/en/install.php index 3de85896..e25537c9 100644 --- a/system/locale/en/install.php +++ b/system/locale/en/install.php @@ -36,6 +36,10 @@ $locale['step_requirements'] = 'Requirements'; $locale['step_requirements_title'] = 'Requirements check'; $locale['step_requirements_php_version'] = 'PHP Version'; $locale['step_requirements_write_perms'] = 'Write permissions'; +$locale['step_requirements_folder_exists'] = 'Directory exists'; +$locale['step_requirements_folder_not_exists_tools_ext'] = 'NPM Package Manager is used for external JavaScript/CSS libraries.' + . ' You need to install it through Command Line: https://docs.npmjs.com/downloading-and-installing-node-js-and-npm' + . ' When you done with installing that tool, execute: "npm install" in the main MyAAC folder.'; $locale['step_requirements_failed'] = 'Installation will be disabled until these requirements will be passed.
For more informations see README file.'; $locale['step_requirements_extension'] = '$EXTENSION$ PHP extension'; $locale['step_requirements_warning_images_guilds'] = 'Guild logo upload will not work'; diff --git a/system/locale/pl/install.php b/system/locale/pl/install.php index 1afb2ddd..22204adf 100644 --- a/system/locale/pl/install.php +++ b/system/locale/pl/install.php @@ -36,6 +36,10 @@ $locale['step_requirements'] = 'Wymagania'; $locale['step_requirements_title'] = 'Sprawdzanie wymagań'; $locale['step_requirements_php_version'] = 'Wersja PHP'; $locale['step_requirements_write_perms'] = 'Uprawnienia do zapisu'; +$locale['step_requirements_folder_exists'] = 'Folder istnieje'; +$locale['step_requirements_folder_not_exists_tools_ext'] = 'Manadżer Pakietów NPM jest używany do zewnętrznych bibliotek JavaScript/CSS.' + . ' Trzeba go zainstalować poprzez wiersz poleceń: https://docs.npmjs.com/downloading-and-installing-node-js-and-npm' + . ' Po instalacji narzędzia, wywołaj następujące polecenie w głownym katalogu MyAAC: "npm install".'; $locale['step_requirements_failed'] = 'Instalacja zostanie zablokowana dopóki te wymagania nie zostaną spełnione.
Po więcej informacji zasięgnij do pliku README.'; $locale['step_requirements_extension'] = 'Rozszerzenie PHP - $EXTENSION$'; $locale['step_requirements_warning_images_guilds'] = 'Nie będzie możliwości uploadu obrazków gildii'; From d94828772c3bebd845ede6aa1d8c3bb9452fadda Mon Sep 17 00:00:00 2001 From: slawkens Date: Tue, 9 Jul 2024 22:04:47 +0200 Subject: [PATCH 3/7] Rework 5th step of installation, to fix some pointless message about Cache --- install/steps/5-database.php | 83 ++++++++++++++++++------------------ install/tools/5-database.php | 3 ++ system/database.php | 1 + 3 files changed, 45 insertions(+), 42 deletions(-) diff --git a/install/steps/5-database.php b/install/steps/5-database.php index d0db8cfc..ed8f82a1 100644 --- a/install/steps/5-database.php +++ b/install/steps/5-database.php @@ -41,57 +41,56 @@ if(!$error) { $configToSave['cache_engine'] = 'auto'; $configToSave['cache_prefix'] = 'myaac_' . generateRandomString(8, true, false, true); - require BASE . 'install/includes/config.php'; - if(!$error) { - require BASE . 'install/includes/database.php'; + $content = ''; + $saved = Settings::saveConfig($configToSave, BASE . 'config.local.php', $content); + if ($saved) { + success($locale['step_database_config_saved']); + $_SESSION['saved'] = true; - $locale['step_database_importing'] = str_replace('$DATABASE_NAME$', config('database_name'), $locale['step_database_importing']); - success($locale['step_database_importing']); + require BASE . 'config.local.php'; + require BASE . 'install/includes/config.php'; - if(isset($database_error)) { // we failed connect to the database - error($database_error); - } - else { - if(!$db->hasTable('accounts')) { - $tmp = str_replace('$TABLE$', 'accounts', $locale['step_database_error_table']); - error($tmp); - $error = true; - } + if (!$error) { + require BASE . 'install/includes/database.php'; - if(!$db->hasTable('players')) { - $tmp = str_replace('$TABLE$', 'players', $locale['step_database_error_table']); - error($tmp); - $error = true; - } - - if(!$db->hasTable('guilds')) { - $tmp = str_replace('$TABLE$', 'guilds', $locale['step_database_error_table']); - error($tmp); - $error = true; - } - - if(!$error) { - $content = ''; - $saved = Settings::saveConfig($configToSave, BASE . 'config.local.php', $content); - if($saved) { - success($locale['step_database_config_saved']); - $_SESSION['saved'] = true; - - $twig->display('install.installer.html.twig', array( - 'url' => 'tools/5-database.php', - 'message' => $locale['loading_spinner'] - )); + if (isset($database_error)) { // we failed connect to the database + error($database_error); } else { - $_SESSION['config_content'] = $content; - unset($_SESSION['saved']); + if (!$db->hasTable('accounts')) { + $tmp = str_replace('$TABLE$', 'accounts', $locale['step_database_error_table']); + error($tmp); + $error = true; + } - $locale['step_database_error_file'] = str_replace('$FILE$', '' . BASE . 'config.php', $locale['step_database_error_file']); - error($locale['step_database_error_file'] . '
- '); + if (!$db->hasTable('players')) { + $tmp = str_replace('$TABLE$', 'players', $locale['step_database_error_table']); + error($tmp); + $error = true; + } + + if (!$db->hasTable('guilds')) { + $tmp = str_replace('$TABLE$', 'guilds', $locale['step_database_error_table']); + error($tmp); + $error = true; + } + + if (!$error) { + $twig->display('install.installer.html.twig', array( + 'url' => 'tools/5-database.php', + 'message' => $locale['loading_spinner'] + )); + } } } + } else { + $_SESSION['config_content'] = $content; + unset($_SESSION['saved']); + + $locale['step_database_error_file'] = str_replace('$FILE$', '' . BASE . 'config.php', $locale['step_database_error_file']); + error($locale['step_database_error_file'] . '
+ '); } } } diff --git a/install/tools/5-database.php b/install/tools/5-database.php index 3ad4348a..ff0bcbbb 100644 --- a/install/tools/5-database.php +++ b/install/tools/5-database.php @@ -32,6 +32,9 @@ if($db->hasTable(TABLE_PREFIX . 'account_actions')) { else { // import schema try { + $locale['step_database_importing'] = str_replace('$DATABASE_NAME$', config('database_name'), $locale['step_database_importing']); + success($locale['step_database_importing']); + $db->query(file_get_contents(BASE . 'install/includes/schema.sql')); $locale['step_database_success_schema'] = str_replace('$PREFIX$', TABLE_PREFIX, $locale['step_database_success_schema']); diff --git a/system/database.php b/system/database.php index f20ca720..34b4574a 100644 --- a/system/database.php +++ b/system/database.php @@ -127,6 +127,7 @@ try { } if(defined('MYAAC_INSTALL')) { + $error = $e->getMessage(); return; // installer will take care of this } From fcb13f3c0fb8ceafda0bd614a229a26a269432bd Mon Sep 17 00:00:00 2001 From: slawkens Date: Tue, 9 Jul 2024 23:05:36 +0200 Subject: [PATCH 4/7] Fixes to account verify - do not allow login without verified email (Thanks @anyeor) --- plugins/email-confirmed-reward/reward.php | 2 -- system/pages/account/confirm-email.php | 18 ++++++---- system/pages/account/create.php | 3 ++ system/pages/account/login.php | 43 +++++++++++++---------- 4 files changed, 38 insertions(+), 28 deletions(-) diff --git a/plugins/email-confirmed-reward/reward.php b/plugins/email-confirmed-reward/reward.php index 11af5b34..e485dcf0 100644 --- a/plugins/email-confirmed-reward/reward.php +++ b/plugins/email-confirmed-reward/reward.php @@ -1,8 +1,6 @@ hasColumn('accounts', 'coins'); $rewardCoins = setting('core.account_mail_confirmed_reward_coins'); if ($rewardCoins > 0 && !$hasCoinsColumn) { diff --git a/system/pages/account/confirm-email.php b/system/pages/account/confirm-email.php index 925aef5e..615dd942 100644 --- a/system/pages/account/confirm-email.php +++ b/system/pages/account/confirm-email.php @@ -25,16 +25,20 @@ if(!Account::where('email_hash', $hash)->exists()) { } else { - if (Account::where('email_hash', $hash)->where('email_verified', 0)->exists()) { - $query = $query->fetch(PDO::FETCH_ASSOC); + $accountModel = Account::where('email_hash', $hash)->where('email_verified', 0)->first(); + if ($accountModel) { + $accountModel->email_verified = 1; + $accountModel->save(); + + success('You have now verified your e-mail, this will increase the security of your account. Thank you for doing this. You can now log in.'); + $account = new OTS_Account(); - $account->load($query['id']); + $account->load($accountModel->id); if ($account->isLoaded()) { $hooks->trigger(HOOK_EMAIL_CONFIRMED, ['account' => $account]); } } - - Account::where('email_hash', $hash)->update('email_verified', 1); - success('You have now verified your e-mail, this will increase the security of your account. Thank you for doing this.'); + else { + error('Link has expired.'); + } } -?> diff --git a/system/pages/account/create.php b/system/pages/account/create.php index 34e4689d..6895bba9 100644 --- a/system/pages/account/create.php +++ b/system/pages/account/create.php @@ -236,6 +236,9 @@ if($save) if(_mail($email, 'New account on ' . $config['lua']['serverName'], $body_html)) { echo 'Your account has been created.

'; + + warning("Before you can login - you need to verify your E-Mail. The verification link has been sent to $email. If the message is not coming - remember to check the SPAM folder."); + $twig->display('success.html.twig', array( 'title' => 'Account Created', 'description' => 'Your account ' . $account_type . ' is ' . $tmp_account . '
You will need the account ' . $account_type . ' and your password to play on ' . configLua('serverName') . '. diff --git a/system/pages/account/login.php b/system/pages/account/login.php index e68bfd2e..0fce795d 100644 --- a/system/pages/account/login.php +++ b/system/pages/account/login.php @@ -60,28 +60,33 @@ if(!empty($login_account) && !empty($login_password)) && (!isset($t) || $t['attempts'] < 5) ) { - session_regenerate_id(); - setSession('account', $account_logged->getId()); - setSession('password', encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $login_password)); - if($remember_me) { - setSession('remember_me', true); - } - - $logged = true; - $logged_flags = $account_logged->getWebFlags(); - - if(isset($_POST['admin']) && !admin()) { - $errors[] = 'This account has no admin privileges.'; - unsetSession('account'); - unsetSession('password'); - unsetSession('remember_me'); - $logged = false; + if (setting('core.account_mail_verify') && (int)$account_logged->getCustomField('email_verified') !== 1) { + $errors[] = 'Your account is not verified. Please verify your email address. If the message is not coming check the SPAM folder in your E-Mail client.'; } else { - $account_logged->setCustomField('web_lastlogin', time()); - } + session_regenerate_id(); + setSession('account', $account_logged->getId()); + setSession('password', encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $login_password)); + if($remember_me) { + setSession('remember_me', true); + } - $hooks->trigger(HOOK_LOGIN, array('account' => $account_logged, 'password' => $login_password, 'remember_me' => $remember_me)); + $logged = true; + $logged_flags = $account_logged->getWebFlags(); + + if(isset($_POST['admin']) && !admin()) { + $errors[] = 'This account has no admin privileges.'; + unsetSession('account'); + unsetSession('password'); + unsetSession('remember_me'); + $logged = false; + } + else { + $account_logged->setCustomField('web_lastlogin', time()); + } + + $hooks->trigger(HOOK_LOGIN, array('account' => $account_logged, 'password' => $login_password, 'remember_me' => $remember_me)); + } } else { From 203e411b626fe62401a4b74a48420769e512aa39 Mon Sep 17 00:00:00 2001 From: slawkens Date: Tue, 9 Jul 2024 23:06:12 +0200 Subject: [PATCH 5/7] Allow account_create_character_create even if account_mail_verify is activated --- system/init.php | 7 ------- system/pages/account/create.php | 18 +++++++++--------- system/templates/account.create.html.twig | 2 +- 3 files changed, 10 insertions(+), 17 deletions(-) diff --git a/system/init.php b/system/init.php index ec61b459..8e087139 100644 --- a/system/init.php +++ b/system/init.php @@ -157,13 +157,6 @@ require_once SYSTEM . 'compat/config.php'; date_default_timezone_set(setting('core.date_timezone')); -setting( - [ - 'core.account_create_character_create', - setting('core.account_create_character_create') && (!setting('core.mail_enabled') || !setting('core.account_mail_verify')) - ] -); - $settingsItemImagesURL = setting('core.item_images_url'); if($settingsItemImagesURL[strlen($settingsItemImagesURL) - 1] !== '/') { setting(['core.item_images_url', $settingsItemImagesURL . '/']); diff --git a/system/pages/account/create.php b/system/pages/account/create.php index 6895bba9..0074f9e3 100644 --- a/system/pages/account/create.php +++ b/system/pages/account/create.php @@ -255,15 +255,6 @@ if($save) } else { - if(setting('core.account_create_character_create')) { - // character creation - $character_created = $createCharacter->doCreate($character_name, $character_sex, $character_vocation, $character_town, $new_account, $errors); - if (!$character_created) { - error('There was an error creating your character. Please create your character later in account management page.'); - error(implode(' ', $errors)); - } - } - if(setting('core.account_create_auto_login')) { if ($hasBeenCreatedByEMail) { $_POST['account_login'] = $email; @@ -314,6 +305,15 @@ if($save) } } + if(setting('core.account_create_character_create')) { + // character creation + $character_created = $createCharacter->doCreate($character_name, $character_sex, $character_vocation, $character_town, $new_account, $errors); + if (!$character_created) { + error('There was an error creating your character. Please create your character later in account management page.'); + error(implode(' ', $errors)); + } + } + return; } } diff --git a/system/templates/account.create.html.twig b/system/templates/account.create.html.twig index 300b700a..2e5267e2 100644 --- a/system/templates/account.create.html.twig +++ b/system/templates/account.create.html.twig @@ -110,7 +110,7 @@ {{ hook('HOOK_ACCOUNT_CREATE_BETWEEN_BOXES_1') }} - {% if (not setting('core.mail_enabled') or not setting('core.account_mail_verify')) and setting('core.account_create_character_create') %} + {% if setting('core.account_create_character_create') %}
From 5f63c3b227d1d39aea58afcf82dc299cde31a492 Mon Sep 17 00:00:00 2001 From: slawkens Date: Tue, 9 Jul 2024 23:33:00 +0200 Subject: [PATCH 6/7] Invalidate cached setting --- system/src/Settings.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/system/src/Settings.php b/system/src/Settings.php index 6c122237..0749396a 100644 --- a/system/src/Settings.php +++ b/system/src/Settings.php @@ -382,6 +382,8 @@ class Settings implements \ArrayAccess } $this->settingsDatabase[$pluginKeyName][$key] = $value; + // invalidate cache + unset($this->cache[$offset]); } #[\ReturnTypeWillChange] From 9a27403e7dc610fcb82649d1b673084db35ff60d Mon Sep 17 00:00:00 2001 From: slawkens Date: Tue, 9 Jul 2024 23:35:39 +0200 Subject: [PATCH 7/7] Fixes to account_mail_verify --- system/init.php | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/system/init.php b/system/init.php index 8e087139..9bc14514 100644 --- a/system/init.php +++ b/system/init.php @@ -157,6 +157,13 @@ require_once SYSTEM . 'compat/config.php'; date_default_timezone_set(setting('core.date_timezone')); +setting( + [ + 'core.account_mail_verify', + setting('core.account_mail_verify') && setting('core.mail_enabled') + ] +); + $settingsItemImagesURL = setting('core.item_images_url'); if($settingsItemImagesURL[strlen($settingsItemImagesURL) - 1] !== '/') { setting(['core.item_images_url', $settingsItemImagesURL . '/']);