Digitalstack/myaac
2
0
Fork 0
mirror of https://github.com/slawkens/myaac.git synced 2025-04-26 09:19:22 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixes to account verify - do not allow login without verified email (Thanks @anyeor)

Browse Source
This commit is contained in:
slawkens 2024-07-09 23:05:36 +02:00
parent d94828772c
commit fcb13f3c0f
4 changed files with 38 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
plugins/email-confirmed-reward/reward.php
View File

@ -1,8 +1,6 @@
<?php
defined('MYAAC') or die('Direct access not allowed!');
$reward = setting('core.account_mail_confirmed_reward');
$hasCoinsColumn = $db->hasColumn('accounts', 'coins');
$rewardCoins = setting('core.account_mail_confirmed_reward_coins');
if ($rewardCoins > 0 && !$hasCoinsColumn) {

18
system/pages/account/confirm-email.php
View File

@ -25,16 +25,20 @@ if(!Account::where('email_hash', $hash)->exists()) {
}
else
{
if (Account::where('email_hash', $hash)->where('email_verified', 0)->exists()) {
$query = $query->fetch(PDO::FETCH_ASSOC);
$accountModel = Account::where('email_hash', $hash)->where('email_verified', 0)->first();
if ($accountModel) {
$accountModel->email_verified = 1;
$accountModel->save();
success('You have now verified your e-mail, this will increase the security of your account. Thank you for doing this. You can now <a href=' . getLink('account/manage') . '>log in</a>.');
$account = new OTS_Account();
$account->load($query['id']);
$account->load($accountModel->id);
if ($account->isLoaded()) {
$hooks->trigger(HOOK_EMAIL_CONFIRMED, ['account' => $account]);
}
}
Account::where('email_hash', $hash)->update('email_verified', 1);
success('You have now verified your e-mail, this will increase the security of your account. Thank you for doing this.');
else {
error('Link has expired.');
}
}
?>

3
system/pages/account/create.php
View File

@ -236,6 +236,9 @@ if($save)
if(_mail($email, 'New account on ' . $config['lua']['serverName'], $body_html))
{
echo 'Your account has been created.<br/><br/>';
warning("Before you can login - you need to verify your E-Mail. The verification link has been sent to $email. If the message is not coming - remember to check the SPAM folder.");
$twig->display('success.html.twig', array(
'title' => 'Account Created',
'description' => 'Your account ' . $account_type . ' is <b>' . $tmp_account . '</b><br/>You will need the account ' . $account_type . ' and your password to play on ' . configLua('serverName') . '.

5
system/pages/account/login.php
View File

@ -60,6 +60,10 @@ if(!empty($login_account) && !empty($login_password))
&& (!isset($t) || $t['attempts'] < 5)
)
{
if (setting('core.account_mail_verify') && (int)$account_logged->getCustomField('email_verified') !== 1) {
$errors[] = 'Your account is not verified. Please verify your email address. If the message is not coming check the SPAM folder in your E-Mail client.';
}
else {
session_regenerate_id();
setSession('account', $account_logged->getId());
setSession('password', encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $login_password));
@ -83,6 +87,7 @@ if(!empty($login_account) && !empty($login_password))
$hooks->trigger(HOOK_LOGIN, array('account' => $account_logged, 'password' => $login_password, 'remember_me' => $remember_me));
}
}
else
{
$hooks->trigger(HOOK_LOGIN_ATTEMPT, array('account' => $login_account, 'password' => $login_password, 'remember_me' => $remember_me));