Digitalstack/myaac
2
0
Fork 0
mirror of https://github.com/slawkens/myaac.git synced 2025-04-26 09:19:22 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixes to account verify - do not allow login without verified email (Thanks @anyeor)

Browse Source
This commit is contained in:
slawkens 2024-07-09 23:05:36 +02:00
parent d94828772c
commit fcb13f3c0f
4 changed files with 38 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
plugins/email-confirmed-reward/reward.php
View File

@ -1,8 +1,6 @@
<?php <?php
defined('MYAAC') or die('Direct access not allowed!'); defined('MYAAC') or die('Direct access not allowed!');
$reward = setting('core.account_mail_confirmed_reward');
$hasCoinsColumn = $db->hasColumn('accounts', 'coins'); $hasCoinsColumn = $db->hasColumn('accounts', 'coins');
$rewardCoins = setting('core.account_mail_confirmed_reward_coins'); $rewardCoins = setting('core.account_mail_confirmed_reward_coins');
if ($rewardCoins > 0 && !$hasCoinsColumn) { if ($rewardCoins > 0 && !$hasCoinsColumn) {

18
system/pages/account/confirm-email.php
View File

@ -25,16 +25,20 @@ if(!Account::where('email_hash', $hash)->exists()) {
} }
else else
{ {
if (Account::where('email_hash', $hash)->where('email_verified', 0)->exists()) { $accountModel = Account::where('email_hash', $hash)->where('email_verified', 0)->first();
$query = $query->fetch(PDO::FETCH_ASSOC); if ($accountModel) {
$accountModel->email_verified = 1;
$accountModel->save();
success('You have now verified your e-mail, this will increase the security of your account. Thank you for doing this. You can now <a href=' . getLink('account/manage') . '>log in</a>.');
$account = new OTS_Account(); $account = new OTS_Account();
$account->load($query['id']); $account->load($accountModel->id);
if ($account->isLoaded()) { if ($account->isLoaded()) {
$hooks->trigger(HOOK_EMAIL_CONFIRMED, ['account' => $account]); $hooks->trigger(HOOK_EMAIL_CONFIRMED, ['account' => $account]);
} }
} }
else {
Account::where('email_hash', $hash)->update('email_verified', 1); error('Link has expired.');
success('You have now verified your e-mail, this will increase the security of your account. Thank you for doing this.'); }
} }
?>

3
system/pages/account/create.php
View File

@ -236,6 +236,9 @@ if($save)
if(_mail($email, 'New account on ' . $config['lua']['serverName'], $body_html)) if(_mail($email, 'New account on ' . $config['lua']['serverName'], $body_html))
{ {
echo 'Your account has been created.<br/><br/>'; echo 'Your account has been created.<br/><br/>';
warning("Before you can login - you need to verify your E-Mail. The verification link has been sent to $email. If the message is not coming - remember to check the SPAM folder.");
$twig->display('success.html.twig', array( $twig->display('success.html.twig', array(
'title' => 'Account Created', 'title' => 'Account Created',
'description' => 'Your account ' . $account_type . ' is <b>' . $tmp_account . '</b><br/>You will need the account ' . $account_type . ' and your password to play on ' . configLua('serverName') . '. 'description' => 'Your account ' . $account_type . ' is <b>' . $tmp_account . '</b><br/>You will need the account ' . $account_type . ' and your password to play on ' . configLua('serverName') . '.

43
system/pages/account/login.php
View File

@ -60,28 +60,33 @@ if(!empty($login_account) && !empty($login_password))
&& (!isset($t) || $t['attempts'] < 5) && (!isset($t) || $t['attempts'] < 5)
) )
{ {
session_regenerate_id(); if (setting('core.account_mail_verify') && (int)$account_logged->getCustomField('email_verified') !== 1) {
setSession('account', $account_logged->getId()); $errors[] = 'Your account is not verified. Please verify your email address. If the message is not coming check the SPAM folder in your E-Mail client.';
setSession('password', encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $login_password));
if($remember_me) {
setSession('remember_me', true);
}
$logged = true;
$logged_flags = $account_logged->getWebFlags();
if(isset($_POST['admin']) && !admin()) {
$errors[] = 'This account has no admin privileges.';
unsetSession('account');
unsetSession('password');
unsetSession('remember_me');
$logged = false;
} }
else { else {
$account_logged->setCustomField('web_lastlogin', time()); session_regenerate_id();
} setSession('account', $account_logged->getId());
setSession('password', encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $login_password));
if($remember_me) {
setSession('remember_me', true);
}
$hooks->trigger(HOOK_LOGIN, array('account' => $account_logged, 'password' => $login_password, 'remember_me' => $remember_me)); $logged = true;
$logged_flags = $account_logged->getWebFlags();
if(isset($_POST['admin']) && !admin()) {
$errors[] = 'This account has no admin privileges.';
unsetSession('account');
unsetSession('password');
unsetSession('remember_me');
$logged = false;
}
else {
$account_logged->setCustomField('web_lastlogin', time());
}
$hooks->trigger(HOOK_LOGIN, array('account' => $account_logged, 'password' => $login_password, 'remember_me' => $remember_me));
}
} }
else else
{ {