mirror of
https://github.com/slawkens/myaac.git
synced 2025-10-17 19:23:27 +02:00
Merge branch 'main' into feature/refactor-account-lost
This commit is contained in:
slawkens
@@ -17,6 +17,8 @@ if(!$logged) {
|
||||
return;
|
||||
}
|
||||
|
||||
csrfProtect();
|
||||
|
||||
$email_new_time = $account_logged->getCustomField("email_new_time");
|
||||
|
||||
if($email_new_time > 10) {
|
||||
@@ -164,7 +166,7 @@ if(isset($_POST['emailchangecancel']) && $_POST['emailchangecancel'] == 1) {
|
||||
$account_logged->setCustomField("email_new", "");
|
||||
$account_logged->setCustomField("email_new_time", 0);
|
||||
|
||||
$custom_buttons = '<div style="text-align:center"><table border="0" cellspacing="0" cellpadding="0" ><form action="' . getLink('account/manage') . '" method="post" ><tr><td style="border:0px;" >' . $twig->render('buttons.back.html.twig') . '</td></tr></form></table></div>';
|
||||
$custom_buttons = '<div style="text-align:center"><table border="0" cellspacing="0" cellpadding="0" ><form action="' . getLink('account/manage') . '" method="post" >' . csrf(true) . '<tr><td style="border:0px;" >' . $twig->render('buttons.back.html.twig') . '</td></tr></form></table></div>';
|
||||
|
||||
$twig->display('success.html.twig', array(
|
||||
'title' => 'Email Address Change Cancelled',
|
||||
|
||||
@@ -20,6 +20,8 @@ if(!$logged) {
|
||||
return;
|
||||
}
|
||||
|
||||
csrfProtect();
|
||||
|
||||
if(setting('core.account_country'))
|
||||
require SYSTEM . 'countries.conf.php';
|
||||
|
||||
|
||||
@@ -17,6 +17,8 @@ if(!$logged) {
|
||||
return;
|
||||
}
|
||||
|
||||
csrfProtect();
|
||||
|
||||
$new_password = $_POST['newpassword'] ?? NULL;
|
||||
$new_password_confirm = $_POST['newpassword_confirm'] ?? NULL;
|
||||
$old_password = $_POST['oldpassword'] ?? NULL;
|
||||
|
||||
@@ -20,6 +20,8 @@ if(!$logged) {
|
||||
return;
|
||||
}
|
||||
|
||||
csrfProtect();
|
||||
|
||||
$player = null;
|
||||
$player_name = isset($_REQUEST['name']) ? stripslashes(urldecode($_REQUEST['name'])) : null;
|
||||
$new_comment = isset($_POST['comment']) ? htmlspecialchars(stripslashes(substr($_POST['comment'],0,2000))) : NULL;
|
||||
|
||||
@@ -17,6 +17,8 @@ if(!$logged) {
|
||||
return;
|
||||
}
|
||||
|
||||
csrfProtect();
|
||||
|
||||
$player_id = isset($_POST['player_id']) ? (int)$_POST['player_id'] : NULL;
|
||||
$name = isset($_POST['name']) ? stripslashes(ucwords(strtolower($_POST['name']))) : NULL;
|
||||
if((!setting('core.account_change_character_name')))
|
||||
@@ -40,8 +42,13 @@ else
|
||||
|
||||
if(empty($errors))
|
||||
{
|
||||
if(!admin() && !Validator::newCharacterName($name))
|
||||
if(!Validator::characterName($name)) {
|
||||
$errors[] = Validator::getLastError();
|
||||
}
|
||||
|
||||
if(!admin() && !Validator::newCharacterName($name)) {
|
||||
$errors[] = Validator::getLastError();
|
||||
}
|
||||
}
|
||||
|
||||
if(empty($errors)) {
|
||||
|
||||
@@ -17,6 +17,8 @@ if(!$logged) {
|
||||
return;
|
||||
}
|
||||
|
||||
csrfProtect();
|
||||
|
||||
$sex_changed = false;
|
||||
$player_id = isset($_POST['player_id']) ? (int)$_POST['player_id'] : NULL;
|
||||
$new_sex = isset($_POST['new_sex']) ? (int)$_POST['new_sex'] : NULL;
|
||||
@@ -66,7 +68,7 @@ else
|
||||
$new_sex_str = $config['genders'][$new_sex];
|
||||
|
||||
$player->save();
|
||||
$account_logged->setCustomField(setting('core.donate_column'), $points - setting('core.account_change_character_name_price'));
|
||||
$account_logged->setCustomField(setting('core.donate_column'), $points - setting('core.account_change_character_sex_price'));
|
||||
$account_logged->logAction('Changed sex on character <b>' . $player->getName() . '</b> from <b>' . $old_sex_str . '</b> to <b>' . $new_sex_str . '</b>.');
|
||||
$twig->display('success.html.twig', array(
|
||||
'title' => 'Character Sex Changed',
|
||||
|
||||
@@ -20,6 +20,8 @@ if(!$logged) {
|
||||
return;
|
||||
}
|
||||
|
||||
csrfProtect();
|
||||
|
||||
$character_name = isset($_POST['name']) ? stripslashes($_POST['name']) : null;
|
||||
$character_sex = isset($_POST['sex']) ? (int)$_POST['sex'] : null;
|
||||
$character_vocation = isset($_POST['vocation']) ? (int)$_POST['vocation'] : null;
|
||||
|
||||
@@ -17,6 +17,8 @@ if(!$logged) {
|
||||
return;
|
||||
}
|
||||
|
||||
csrfProtect();
|
||||
|
||||
$player_name = isset($_POST['delete_name']) ? stripslashes($_POST['delete_name']) : null;
|
||||
$password_verify = isset($_POST['delete_password']) ? $_POST['delete_password'] : null;
|
||||
$password_verify = encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $password_verify);
|
||||
|
||||
@@ -23,6 +23,8 @@ if($logged)
|
||||
return;
|
||||
}
|
||||
|
||||
csrfProtect();
|
||||
|
||||
if(setting('core.account_create_character_create')) {
|
||||
$createCharacter = new CreateCharacter();
|
||||
}
|
||||
@@ -219,8 +221,19 @@ if($save)
|
||||
}
|
||||
}
|
||||
|
||||
if(setting('core.account_premium_points') && setting('core.account_premium_points') > 0) {
|
||||
$new_account->setCustomField('premium_points', setting('core.account_premium_points'));
|
||||
$accountDefaultPremiumPoints = setting('core.account_premium_points');
|
||||
if($accountDefaultPremiumPoints > 0) {
|
||||
$new_account->setCustomField('premium_points', $accountDefaultPremiumPoints);
|
||||
}
|
||||
|
||||
$accountDefaultCoins = setting('core.account_coins');
|
||||
if(HAS_ACCOUNT_COINS && $accountDefaultCoins > 0) {
|
||||
$new_account->setCustomField('coins', $accountDefaultCoins);
|
||||
}
|
||||
|
||||
$accountDefaultCoinsTransferable = setting('core.account_coins_transferable');
|
||||
if((HAS_ACCOUNT_COINS_TRANSFERABLE || HAS_ACCOUNT_TRANSFERABLE_COINS) && $accountDefaultCoinsTransferable > 0) {
|
||||
$new_account->setCustomField(ACCOUNT_COINS_TRANSFERABLE_COLUMN, $accountDefaultCoinsTransferable);
|
||||
}
|
||||
|
||||
$tmp_account = $email;
|
||||
@@ -331,7 +344,9 @@ if(setting('core.account_country_recognize')) {
|
||||
$country_recognized = $country_session;
|
||||
}
|
||||
else {
|
||||
$info = json_decode(@file_get_contents('http://ipinfo.io/' . $_SERVER['REMOTE_ADDR'] . '/geo'), true);
|
||||
ini_set('default_socket_timeout', 5);
|
||||
|
||||
$info = json_decode(@file_get_contents('https://ipinfo.io/' . get_browser_real_ip() . '/geo'), true);
|
||||
if(isset($info['country'])) {
|
||||
$country_recognized = strtolower($info['country']);
|
||||
setSession('country', $country_recognized);
|
||||
|
||||
@@ -18,6 +18,8 @@ if($logged || !isset($_POST['account_login']) || !isset($_POST['password_login']
|
||||
return;
|
||||
}
|
||||
|
||||
csrfProtect();
|
||||
|
||||
$login_account = $_POST['account_login'];
|
||||
$login_password = $_POST['password_login'];
|
||||
$remember_me = isset($_POST['remember_me']);
|
||||
@@ -42,7 +44,7 @@ if(!empty($login_account) && !empty($login_password))
|
||||
}
|
||||
}
|
||||
|
||||
if($account_logged->isLoaded() && encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $login_password) == $account_logged->getPassword() && ($limiter->enabled && !$limiter->exceeded($ip))
|
||||
if($account_logged->isLoaded() && encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $login_password) == $account_logged->getPassword() && (!$limiter->enabled || !$limiter->exceeded($ip))
|
||||
)
|
||||
{
|
||||
if (setting('core.account_mail_verify') && (int)$account_logged->getCustomField('email_verified') !== 1) {
|
||||
@@ -82,10 +84,10 @@ if(!empty($login_account) && !empty($login_password))
|
||||
$limiter->increment($ip);
|
||||
if ($limiter->exceeded($ip)) {
|
||||
$errorMessage = 'A wrong password has been entered ' . $limiter->max_attempts . ' times in a row. You are unable to log into your account for the next ' . $limiter->ttl . ' minutes. Please wait.';
|
||||
}
|
||||
}
|
||||
|
||||
$errors[] = $errorMessage;
|
||||
|
||||
|
||||
}
|
||||
}
|
||||
else {
|
||||
@@ -95,3 +97,8 @@ else {
|
||||
}
|
||||
|
||||
$hooks->trigger(HOOK_ACCOUNT_LOGIN_POST);
|
||||
|
||||
if($logged) {
|
||||
$twig->addGlobal('logged', true);
|
||||
$twig->addGlobal('account_logged', $account_logged);
|
||||
}
|
||||
|
||||
@@ -34,6 +34,8 @@ if(isset($_REQUEST['redirect']))
|
||||
return;
|
||||
}
|
||||
|
||||
csrfProtect();
|
||||
|
||||
$groups = new OTS_Groups_List();
|
||||
|
||||
$freePremium = isset($config['lua']['freePremium']) && getBoolean($config['lua']['freePremium']) || $account_logged->getPremDays() == OTS_Account::GRATIS_PREMIUM_DAYS;
|
||||
|
||||
@@ -1,23 +0,0 @@
|
||||
<?php
|
||||
/**
|
||||
* Change comment
|
||||
*
|
||||
* @package MyAAC
|
||||
* @author Gesior <jerzyskalski@wp.pl>
|
||||
* @author Slawkens <slawkens@gmail.com>
|
||||
* @copyright 2019 MyAAC
|
||||
* @link https://my-aac.org
|
||||
*/
|
||||
defined('MYAAC') or die('Direct access not allowed!');
|
||||
|
||||
$redirect = urldecode($_REQUEST['redirect']);
|
||||
|
||||
// should never happen, unless hacker modify the URL
|
||||
if (!str_contains($redirect, BASE_URL)) {
|
||||
error('Fatal error: Cannot redirect outside the website.');
|
||||
return;
|
||||
}
|
||||
|
||||
$twig->display('account.redirect.html.twig', array(
|
||||
'redirect' => $redirect
|
||||
));
|
||||
@@ -17,6 +17,8 @@ if(!$logged) {
|
||||
return;
|
||||
}
|
||||
|
||||
csrfProtect();
|
||||
|
||||
if(isset($_POST['reg_password']))
|
||||
$reg_password = encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $_POST['reg_password']);
|
||||
|
||||
|
||||
@@ -17,6 +17,8 @@ if(!$logged) {
|
||||
return;
|
||||
}
|
||||
|
||||
csrfProtect();
|
||||
|
||||
$_POST['reg_password'] = $_POST['reg_password'] ?? '';
|
||||
$reg_password = encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $_POST['reg_password']);
|
||||
$old_key = $account_logged->getCustomField("key");
|
||||
|
||||
Reference in New Issue
Block a user