From b82c021ff746f5e20c6ac362994322fc9eaad11d Mon Sep 17 00:00:00 2001 From: slawkens Date: Tue, 7 Feb 2023 10:48:29 +0100 Subject: [PATCH] $config_account_salt -> USE_ACCOUNT_SALT --- admin/pages/accounts.php | 5 ++--- install/steps/7-finish.php | 5 ++--- login.php | 3 +-- system/init.php | 1 + system/login.php | 5 ++--- system/pages/account/base.php | 1 - system/pages/account/change_email.php | 2 +- system/pages/account/change_password.php | 4 ++-- system/pages/account/create.php | 5 ++--- system/pages/account/delete_character.php | 2 +- system/pages/account/lost.php | 7 +++---- system/pages/account/register.php | 4 ++-- system/pages/account/register_new.php | 2 +- 13 files changed, 20 insertions(+), 26 deletions(-) diff --git a/admin/pages/accounts.php b/admin/pages/accounts.php index da7894a9..e481c782 100644 --- a/admin/pages/accounts.php +++ b/admin/pages/accounts.php @@ -185,8 +185,7 @@ else if (isset($_REQUEST['search'])) { $account->setCustomField('web_lastlogin', $web_lastlogin); if (isset($password)) { - $config_salt_enabled = $db->hasColumn('accounts', 'salt'); - if ($config_salt_enabled) { + if (USE_ACCOUNT_SALT) { $salt = generateRandomString(10, false, true, true); $password = $salt . $password; $account->setCustomField('salt', $salt); @@ -195,7 +194,7 @@ else if (isset($_REQUEST['search'])) { $password = encrypt($password); $account->setPassword($password); - if ($config_salt_enabled) + if (USE_ACCOUNT_SALT) $account->setCustomField('salt', $salt); } diff --git a/install/steps/7-finish.php b/install/steps/7-finish.php index f37e1646..81ace38f 100644 --- a/install/steps/7-finish.php +++ b/install/steps/7-finish.php @@ -15,8 +15,7 @@ else { $password = $_SESSION['var_password']; - $config_salt_enabled = $db->hasColumn('accounts', 'salt'); - if($config_salt_enabled) + if(USE_ACCOUNT_SALT) { $salt = generateRandomString(10, false, true, true); $password = $salt . $password; @@ -75,7 +74,7 @@ else { $account_used = &$new_account; } - if($config_salt_enabled) + if(USE_ACCOUNT_SALT) $account_used->setCustomField('salt', $salt); $account_used->setCustomField('web_flags', FLAG_ADMIN + FLAG_SUPER_ADMIN); diff --git a/login.php b/login.php index 96acd48d..3ab0b5e9 100644 --- a/login.php +++ b/login.php @@ -127,8 +127,7 @@ switch ($action) { $account->find($inputAccountName); } - $config_salt_enabled = fieldExist('salt', 'accounts'); - $current_password = encrypt(($config_salt_enabled ? $account->getCustomField('salt') : '') . $request->password); + $current_password = encrypt((USE_ACCOUNT_SALT ? $account->getCustomField('salt') : '') . $request->password); if (!$account->isLoaded() || $account->getPassword() != $current_password) { sendError(($inputEmail != false ? 'Email' : 'Account name') . ' or password is not correct.'); diff --git a/system/init.php b/system/init.php index 46ebe5ab..f2ea9ee2 100644 --- a/system/init.php +++ b/system/init.php @@ -132,6 +132,7 @@ require_once SYSTEM . 'database.php'; define('USE_ACCOUNT_NAME', $db->hasColumn('accounts', 'name')); define('USE_ACCOUNT_NUMBER', $db->hasColumn('accounts', 'number')); +define('USE_ACCOUNT_SALT', $db->hasColumn('accounts', 'salt')); // load vocation names $tmp = ''; diff --git a/system/login.php b/system/login.php index d794970e..4e372b75 100644 --- a/system/login.php +++ b/system/login.php @@ -80,13 +80,12 @@ if(!$logged && isset($_POST['account_login'], $_POST['password_login'])) } } - $config_salt_enabled = $db->hasColumn('accounts', 'salt'); - if($account_logged->isLoaded() && encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $login_password) == $account_logged->getPassword() + if($account_logged->isLoaded() && encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $login_password) == $account_logged->getPassword() && (!isset($t) || $t['attempts'] < 5) ) { setSession('account', $account_logged->getNumber()); - setSession('password', encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $login_password)); + setSession('password', encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $login_password)); if($remember_me) { setSession('remember_me', true); } diff --git a/system/pages/account/base.php b/system/pages/account/base.php index bb0c6c5f..75b1cc77 100644 --- a/system/pages/account/base.php +++ b/system/pages/account/base.php @@ -26,5 +26,4 @@ if(!$logged) } else { $show_form = true; - $config_salt_enabled = $db->hasColumn('accounts', 'salt'); } diff --git a/system/pages/account/change_email.php b/system/pages/account/change_email.php index 750d8378..2368a284 100644 --- a/system/pages/account/change_email.php +++ b/system/pages/account/change_email.php @@ -36,7 +36,7 @@ if($email_new_time < 10) { $errors[] = 'Please enter password to your account.'; } else { - $post_password = encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $post_password); + $post_password = encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $post_password); if($post_password != $account_logged->getPassword()) { $errors[] = 'Wrong password to account.'; } diff --git a/system/pages/account/change_password.php b/system/pages/account/change_password.php index a32531f6..9b8c3e8a 100644 --- a/system/pages/account/change_password.php +++ b/system/pages/account/change_password.php @@ -39,7 +39,7 @@ else } /** @var OTS_Account $account_logged */ - $old_password = encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $old_password); + $old_password = encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $old_password); if($old_password != $account_logged->getPassword()) { $errors[] = "Current password is incorrect!"; } @@ -55,7 +55,7 @@ else { $org_pass = $new_password; - if($config_salt_enabled) + if(USE_ACCOUNT_SALT) { $salt = generateRandomString(10, false, true, true); $new_password = $salt . $new_password; diff --git a/system/pages/account/create.php b/system/pages/account/create.php index e1c18a6a..4b927eb6 100644 --- a/system/pages/account/create.php +++ b/system/pages/account/create.php @@ -173,8 +173,7 @@ if($save) $new_account->create(NULL, $account_id); } - $config_salt_enabled = $db->hasColumn('accounts', 'salt'); - if($config_salt_enabled) + if(USE_ACCOUNT_SALT) { $salt = generateRandomString(10, false, true, true); $password = $salt . $password; @@ -185,7 +184,7 @@ if($save) $new_account->unblock(); $new_account->save(); - if($config_salt_enabled) + if(USE_ACCOUNT_SALT) $new_account->setCustomField('salt', $salt); $new_account->setCustomField('created', time()); diff --git a/system/pages/account/delete_character.php b/system/pages/account/delete_character.php index 818344d8..f5894c77 100644 --- a/system/pages/account/delete_character.php +++ b/system/pages/account/delete_character.php @@ -19,7 +19,7 @@ if(!$logged) { $player_name = isset($_POST['delete_name']) ? stripslashes($_POST['delete_name']) : null; $password_verify = isset($_POST['delete_password']) ? $_POST['delete_password'] : null; -$password_verify = encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $password_verify); +$password_verify = encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $password_verify); if(isset($_POST['deletecharactersave']) && $_POST['deletecharactersave'] == 1) { if(empty($player_name) || empty($password_verify)) { $errors[] = 'Character name or/and password is empty. Please fill in form.'; diff --git a/system/pages/account/lost.php b/system/pages/account/lost.php index e27b7b5d..f09aa0fa 100644 --- a/system/pages/account/lost.php +++ b/system/pages/account/lost.php @@ -17,7 +17,6 @@ if(!$config['mail_enabled']) return; } -$config_salt_enabled = $db->hasColumn('accounts', 'salt'); $action_type = isset($_REQUEST['action_type']) ? $_REQUEST['action_type'] : ''; if($action == '') { @@ -292,7 +291,7 @@ elseif($action == 'step3') $account->setEMail($new_email); $tmp_new_pass = $new_pass; - if($config_salt_enabled) + if(USE_ACCOUNT_SALT) { $salt = generateRandomString(10, false, true, true); $tmp_new_pass = $salt . $new_pass; @@ -301,7 +300,7 @@ elseif($action == 'step3') $account->setPassword(encrypt($tmp_new_pass)); $account->save(); - if($config_salt_enabled) + if(USE_ACCOUNT_SALT) $account->setCustomField('salt', $salt); echo 'Your account name, new password and new e-mail.
@@ -481,7 +480,7 @@ elseif($action == 'setnewpassword') if(Validator::password($newpassword)) { $tmp_new_pass = $newpassword; - if($config_salt_enabled) + if(USE_ACCOUNT_SALT) { $salt = generateRandomString(10, false, true, true); $tmp_new_pass = $salt . $newpassword; diff --git a/system/pages/account/register.php b/system/pages/account/register.php index fc0c7ff9..1d16d905 100644 --- a/system/pages/account/register.php +++ b/system/pages/account/register.php @@ -17,8 +17,8 @@ if(!$logged) { return; } -$_POST['reg_password'] = isset($_POST['reg_password']) ? $_POST['reg_password'] : ''; -$reg_password = encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $_POST['reg_password']); +$_POST['reg_password'] = $_POST['reg_password'] ?? ''; +$reg_password = encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $_POST['reg_password']); $old_key = $account_logged->getCustomField("key"); if(isset($_POST['registeraccountsave']) && $_POST['registeraccountsave'] == "1") { diff --git a/system/pages/account/register_new.php b/system/pages/account/register_new.php index e273c257..fb2e8ea3 100644 --- a/system/pages/account/register_new.php +++ b/system/pages/account/register_new.php @@ -18,7 +18,7 @@ if(!$logged) { } if(isset($_POST['reg_password'])) - $reg_password = encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $_POST['reg_password']); + $reg_password = encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $_POST['reg_password']); $reckey = $account_logged->getCustomField('key'); if((!$config['generate_new_reckey'] || !$config['mail_enabled']) || empty($reckey)) {