$config_account_salt -> USE_ACCOUNT_SALT

2025-04-30 11:19:21 +02:00 · 2023-02-07 10:48:29 +01:00 · 2023-02-07 10:48:29 +01:00 · b82c021ff7
commit b82c021ff7
parent d0c479d11d
13 changed files with 20 additions and 26 deletions
--- a/admin/pages/accounts.php
+++ b/admin/pages/accounts.php
@ -185,8 +185,7 @@ else if (isset($_REQUEST['search'])) {
 				$account->setCustomField('web_lastlogin', $web_lastlogin);
 				if (isset($password)) {
-					$config_salt_enabled = $db->hasColumn('accounts', 'salt');
+					if (USE_ACCOUNT_SALT) {
 					if ($config_salt_enabled) {
 						$salt = generateRandomString(10, false, true, true);
 						$password = $salt . $password;
 						$account->setCustomField('salt', $salt);
@ -195,7 +194,7 @@ else if (isset($_REQUEST['search'])) {
 					$password = encrypt($password);
 					$account->setPassword($password);
-					if ($config_salt_enabled)
+					if (USE_ACCOUNT_SALT)
 						$account->setCustomField('salt', $salt);
 				}
--- a/install/steps/7-finish.php
+++ b/install/steps/7-finish.php
@ -15,8 +15,7 @@ else {
 		$password = $_SESSION['var_password'];
-		$config_salt_enabled = $db->hasColumn('accounts', 'salt');
+		if(USE_ACCOUNT_SALT)
 		if($config_salt_enabled)
 		{
 			$salt = generateRandomString(10, false, true, true);
 			$password = $salt . $password;
@ -75,7 +74,7 @@ else {
 			$account_used = &$new_account;
 		}
-		if($config_salt_enabled)
+		if(USE_ACCOUNT_SALT)
 			$account_used->setCustomField('salt', $salt);
 		$account_used->setCustomField('web_flags', FLAG_ADMIN + FLAG_SUPER_ADMIN);
--- a/login.php
+++ b/login.php
@ -127,8 +127,7 @@ switch ($action) {
 			$account->find($inputAccountName);
 		}
-		$config_salt_enabled = fieldExist('salt', 'accounts');
+		$current_password = encrypt((USE_ACCOUNT_SALT ? $account->getCustomField('salt') : '') . $request->password);
 		$current_password = encrypt(($config_salt_enabled ? $account->getCustomField('salt') : '') . $request->password);
 		if (!$account->isLoaded() || $account->getPassword() != $current_password) {
 			sendError(($inputEmail != false ? 'Email' : 'Account name') . ' or password is not correct.');
--- a/system/init.php
+++ b/system/init.php
@ -132,6 +132,7 @@ require_once SYSTEM . 'database.php';
 define('USE_ACCOUNT_NAME', $db->hasColumn('accounts', 'name'));
 define('USE_ACCOUNT_NUMBER', $db->hasColumn('accounts', 'number'));
 define('USE_ACCOUNT_SALT', $db->hasColumn('accounts', 'salt'));
 // load vocation names
 $tmp = '';
--- a/system/login.php
+++ b/system/login.php
@ -80,13 +80,12 @@ if(!$logged && isset($_POST['account_login'], $_POST['password_login']))
 			}
 		}
-		$config_salt_enabled = $db->hasColumn('accounts', 'salt');
+		if($account_logged->isLoaded() && encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $login_password) == $account_logged->getPassword()
 		if($account_logged->isLoaded() && encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $login_password) == $account_logged->getPassword()
 			&& (!isset($t) || $t['attempts'] < 5)
 			)
 		{
 			setSession('account', $account_logged->getNumber());
-			setSession('password', encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $login_password));
+			setSession('password', encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $login_password));
 			if($remember_me) {
 				setSession('remember_me', true);
 			}
--- a/system/pages/account/base.php
+++ b/system/pages/account/base.php
@ -26,5 +26,4 @@ if(!$logged)
 }
 else {
 	$show_form = true;
 	$config_salt_enabled = $db->hasColumn('accounts', 'salt');
 }
--- a/system/pages/account/change_email.php
+++ b/system/pages/account/change_email.php
@ -36,7 +36,7 @@ if($email_new_time < 10) {
 			$errors[] = 'Please enter password to your account.';
 		}
 		else {
-			$post_password = encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $post_password);
+			$post_password = encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $post_password);
 			if($post_password != $account_logged->getPassword()) {
 				$errors[] = 'Wrong password to account.';
 			}
--- a/system/pages/account/change_password.php
+++ b/system/pages/account/change_password.php
@ -39,7 +39,7 @@ else
 		}
 		/** @var OTS_Account $account_logged */
-		$old_password = encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $old_password);
+		$old_password = encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $old_password);
 		if($old_password != $account_logged->getPassword()) {
 			$errors[] = "Current password is incorrect!";
 		}
@ -55,7 +55,7 @@ else
 	{
 		$org_pass = $new_password;
-		if($config_salt_enabled)
+		if(USE_ACCOUNT_SALT)
 		{
 			$salt = generateRandomString(10, false, true, true);
 			$new_password = $salt . $new_password;
--- a/system/pages/account/create.php
+++ b/system/pages/account/create.php
@ -173,8 +173,7 @@ if($save)
 				$new_account->create(NULL, $account_id);
 		}
-		$config_salt_enabled = $db->hasColumn('accounts', 'salt');
+		if(USE_ACCOUNT_SALT)
 		if($config_salt_enabled)
 		{
 			$salt = generateRandomString(10, false, true, true);
 			$password = $salt . $password;
@ -185,7 +184,7 @@ if($save)
 		$new_account->unblock();
 		$new_account->save();
-		if($config_salt_enabled)
+		if(USE_ACCOUNT_SALT)
 			$new_account->setCustomField('salt', $salt);
 		$new_account->setCustomField('created', time());
--- a/system/pages/account/delete_character.php
+++ b/system/pages/account/delete_character.php
@ -19,7 +19,7 @@ if(!$logged) {
 $player_name = isset($_POST['delete_name']) ? stripslashes($_POST['delete_name']) : null;
 $password_verify = isset($_POST['delete_password']) ? $_POST['delete_password'] : null;
-$password_verify = encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $password_verify);
+$password_verify = encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $password_verify);
 if(isset($_POST['deletecharactersave']) && $_POST['deletecharactersave'] == 1) {
 	if(empty($player_name) || empty($password_verify)) {
 		$errors[] = 'Character name or/and password is empty. Please fill in form.';
--- a/system/pages/account/lost.php
+++ b/system/pages/account/lost.php
@ -17,7 +17,6 @@ if(!$config['mail_enabled'])
 	return;
 }
 $config_salt_enabled = $db->hasColumn('accounts', 'salt');
 $action_type = isset($_REQUEST['action_type']) ? $_REQUEST['action_type'] : '';
 if($action == '')
 {
@ -292,7 +291,7 @@ elseif($action == 'step3')
 							$account->setEMail($new_email);
 							$tmp_new_pass = $new_pass;
-							if($config_salt_enabled)
+							if(USE_ACCOUNT_SALT)
 							{
 								$salt = generateRandomString(10, false, true, true);
 								$tmp_new_pass = $salt . $new_pass;
@ -301,7 +300,7 @@ elseif($action == 'step3')
 							$account->setPassword(encrypt($tmp_new_pass));
 							$account->save();
-							if($config_salt_enabled)
+							if(USE_ACCOUNT_SALT)
 								$account->setCustomField('salt', $salt);
 							echo 'Your account name, new password and new e-mail.<BR>
@ -481,7 +480,7 @@ elseif($action == 'setnewpassword')
 				if(Validator::password($newpassword))
 				{
 					$tmp_new_pass = $newpassword;
-					if($config_salt_enabled)
+					if(USE_ACCOUNT_SALT)
 					{
 						$salt = generateRandomString(10, false, true, true);
 						$tmp_new_pass  = $salt . $newpassword;
--- a/system/pages/account/register.php
+++ b/system/pages/account/register.php
@ -17,8 +17,8 @@ if(!$logged) {
 	return;
 }
-$_POST['reg_password'] = isset($_POST['reg_password']) ? $_POST['reg_password'] : '';
+$_POST['reg_password'] = $_POST['reg_password'] ?? '';
-$reg_password = encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $_POST['reg_password']);
+$reg_password = encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $_POST['reg_password']);
 $old_key = $account_logged->getCustomField("key");
 if(isset($_POST['registeraccountsave']) && $_POST['registeraccountsave'] == "1") {
--- a/system/pages/account/register_new.php
+++ b/system/pages/account/register_new.php
@ -18,7 +18,7 @@ if(!$logged) {
 }
 if(isset($_POST['reg_password']))
-	$reg_password = encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $_POST['reg_password']);
+	$reg_password = encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $_POST['reg_password']);
 $reckey = $account_logged->getCustomField('key');
 if((!$config['generate_new_reckey'] || !$config['mail_enabled']) || empty($reckey)) {