* fixed recovering account and changing password when salt is enabled

* added 'enabled' field in myaac_hooks table, which can enable or
disable specified hook
* password change minimal/maximal length is now more precise

common.php

@@ -28,7 +28,7 @@ session_start();
 
 define('MYAAC', true);
 define('MYAAC_VERSION', '0.2.4');
-define('DATABASE_VERSION', 5);
+define('DATABASE_VERSION', 6);
 define('TABLE_PREFIX', 'myaac_');
 define('START_TIME', microtime(true));
 define('MYAAC_OS', (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') ? 'WINDOWS' : (strtoupper(PHP_OS) == 'DARWIN' ? 'MAC' : 'LINUX'));

install/includes/schema.sql

@@ -112,6 +112,7 @@ CREATE TABLE `myaac_hooks`
 	`name` VARCHAR(30) NOT NULL DEFAULT '',
 	`type` INT(2) NOT NULL DEFAULT 0,
 	`file` VARCHAR(100) NOT NULL,
+	`enabled` INT(1) NOT NULL DEFAULT 1,
 	PRIMARY KEY (`id`)
 ) ENGINE = MyISAM;
 

system/functions.php

@@ -689,7 +689,7 @@ function check_password($pass)
 	if(strspn($pass, "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") != strlen($pass))
 		return false;
 
-	return preg_match("/[A-z0-9]{7,32}/", $pass);
+	return preg_match("/[A-z0-9]/", $pass);
 }
 
 function check_mail($email)

system/hooks.php

@@ -84,7 +84,7 @@ class Hooks
 	public function load()
 	{
 		global $db;
-		$hooks = $db->query('SELECT `name`, `type`, `file` FROM `' . TABLE_PREFIX . 'hooks`;');
+		$hooks = $db->query('SELECT `name`, `type`, `file` FROM `' . TABLE_PREFIX . 'hooks` WHERE `enabled` = 1;');
 		foreach($hooks as $hook)
 			$this->register($hook['name'], $hook['type'], $hook['file']);
 	}

system/libs/pot/OTS_Account.php

@@ -470,11 +470,6 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
     {
         $this->data['password'] = (string) $password;
     }
-
-    public function setSalt($salt)
-    {
-        $this->data['salt'] = (string) $salt;
-    }
 /**
  * E-mail address.
  *
@@ -1032,10 +1027,6 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
                 $this->setPassword($value);
                 break;
 
-            case 'salt':
-                $this->setSalt($value);
-                break;
-
             case 'eMail':
                 $this->setEMail($value);
                 break;

system/migrations/6.php

@@ -0,0 +1,3 @@
+<?php
+	$db->query("ALTER TABLE `" . TABLE_PREFIX . "hooks` ADD `enabled` INT(1) NOT NULL DEFAULT 1;");
+?>

system/pages/accountmanagement.php

@@ -333,9 +333,17 @@ Please enter your account name and your password.<br/><a href="?subtopic=createa
 			if(empty($new_password) || empty($new_password2) || empty($old_password)){
 				$show_msgs[] = "Please fill in form.";
 			}
+			$password_strlen = strlen($new_password);
 			if($new_password != $new_password2) {
 				$show_msgs[] = "The new passwords do not match!";
 			}
+			else if($password_strlen < 8) {
+				$show_msgs[] = "New password minimal length is 8 characters.";
+			}
+			else if($password_strlen > 32) {
+				$show_msgs[] = "New password maximal length is 32 characters.";
+			}
+			
 			if(empty($show_msgs)) {
 				if(!check_password($new_password)) {
 					$show_msgs[] = "New password contains illegal chars (a-z, A-Z and 0-9 only!). Minimum password length is 7 characters and maximum 32.";
@@ -363,7 +371,7 @@ Please enter your account name and your password.<br/><a href="?subtopic=createa
 				{
 					$salt = generateRandomString(10, false, true, true);
 					$new_password = $salt . $new_password;
-					$account_logged->setSalt($salt);
+					$account_logged->setCustomField('salt', $salt);
 				}
 		
 				$new_password = encrypt($new_password);

system/pages/lostaccount.php

@@ -505,7 +505,7 @@ if($config['mail_enabled'])
 						{
 							$salt = generateRandomString(10, false, true, true);
 							$newpassword_with_salt = $salt . $newpassword;
-							$account->setSalt($salt);
+							$account->setCustomField('salt', $salt);
 						}
 						
 						$account->setPassword(encrypt($newpassword_with_salt));