Compare commits

...

27 Commits

Author SHA1 Message Date
slawkens
598cec2fe4 Release v1.8.3 2025-10-21 17:18:07 +02:00
slawkens
89fae38caa Ignore set last visit for AJAX pages - Fixes template change redirect 2025-10-21 12:18:56 +02:00
slawkens
16849e7578 account/change-password refactor a bit
Add "The old password is same as the new password!"
Better post variables names
2025-10-16 21:36:14 +02:00
slawkens
470555f268 New hooks for account/change-password
HOOK_ACCOUNT_CHANGE_PASSWORD_AFTER_OLD_PASSWORD + HOOK_ACCOUNT_CHANGE_PASSWORD_AFTER_NEW_PASSWORD
2025-10-16 21:22:49 +02:00
slawkens
7f60b3d31d Add same code in Models\Account + Optimize code 2025-10-15 15:59:49 +02:00
slawkens
12e40b2592 Update functions.php 2025-10-15 15:50:25 +02:00
slawkens
38902c30d1 Comment code to update lastday 2025-10-15 15:50:22 +02:00
slawkens
3e61692780 Fix premDays count in canary 2025-10-15 15:49:58 +02:00
André Morais
c88b08eb1e feature: show vip days in account management (#334)
* feature: show vip days in account management

This feature causes VIP days to be shown in account management when vipSystemEnabled is true in the canary config.lua

* Some fixes & adjustments

* If freePremium = true and vipEnabled = show gratis VIP

* Revert to previous version

---------

Co-authored-by: slawkens <slawkens@gmail.com>
2025-10-15 11:46:52 +02:00
slawkens
82d417b590 Change spaces to tabs 2025-10-13 18:01:19 +02:00
slawkens
b797908e49 Update create.php 2025-10-13 17:53:26 +02:00
slawkens
90c8463797 Update create.php 2025-10-13 17:52:39 +02:00
slawkens
c91bb5d409 Fix guild create with freePremium 2025-10-12 21:53:01 +02:00
Slawomir Boczek
fe821c5808 Feature/resend email verify (#333)
* feat: Resend Email Verify

+ rework the whole concept, based on new table for email hashes
This make it possible that every email will work, not matter if first or last

* Nothing important: change variable name

* Change message
2025-10-12 11:19:30 +02:00
slawkens
9acad15451 Allow links in error_box 2025-10-12 00:15:04 +02:00
slawkens
8c3cb0e06f New configurable: hooks_debug
To view where hooks are located in .twig files
2025-10-11 18:34:15 +02:00
slawkens
2eae44e075 Add missing compat config: email_lai_sec_interval 2025-10-08 14:39:23 +02:00
slawkens
8272f1373c Fix database column info cache 2025-10-03 16:24:02 +02:00
slawkens
901df48d13 Add promotion into getTopPlayers 2025-10-03 00:31:03 +02:00
slawkens
2da0024c68 Add lookmount into getTopPlayers 2025-10-03 00:25:41 +02:00
slawkens
0d8f68a48e Fix menus for ?subtopic= 2025-10-02 22:31:16 +02:00
slawkens
0cb9d3a208 Fix routes_final cache 2025-10-02 22:31:02 +02:00
slawkens
d8b73f55a3 Fix routes_final for prod env 2025-10-02 22:16:29 +02:00
slawkens
3bb272ebbb Allow for img in online_datacenter 2025-10-02 22:13:33 +02:00
slawkens
64acf70d38 Cache::remember -1 = infinite 2025-10-02 22:13:15 +02:00
slawkens
97f9d3d6f6 Add option to use ?subtopic=x for plugins pages 2025-10-02 15:06:57 +02:00
Slawomir Boczek
f54b1bdd2a First attempt (#331) 2025-09-28 19:00:51 +02:00
40 changed files with 846 additions and 497 deletions

View File

@@ -1,5 +1,30 @@
# Changelog # Changelog
## [1.8.3 - 21.10.2025]
### Added
* Feature: resend email verify (https://github.com/slawkens/myaac/commit/fe821c58085483e70491dcf76376ad5b96de3fdd)
* New config: hooks_debug (To view where hooks are located in .twig files) (https://github.com/slawkens/myaac/commit/8c3cb0e06f9709c1de3398b48221241e7cbdd310)
* Functions: Add db->getColumnInfo(table, column) (https://github.com/slawkens/myaac/commit/c898fe25efff6793a01d11c26fc153cb23fcb858)
* Plugins: Add option to use ?subtopic=x for plugins pages (https://github.com/slawkens/myaac/commit/97f9d3d6f6c28aef6d824973058d7133f56e09c4)
* getTopPlayers() Function - Add lookmount & promotion (https://github.com/slawkens/myaac/commit/2da0024c68f1cedc38a16ebbc6f52ffa55e65f7a, https://github.com/slawkens/myaac/commit/901df48d134079d648a18f9d82b60182e818ac02)
* New hooks for account/change-password (https://github.com/slawkens/myaac/commit/470555f2687809a0c12491bbb27597e64b8929c1)
### Changed
* Feature: show vip days in account management (https://github.com/slawkens/myaac/commit/c88b08eb1ec1f560cbfdaaa16b24e3a0f26da7b3, by @andreoam)
* Allow links in error_box.html.twig (https://github.com/slawkens/myaac/commit/9acad15451071639acf7a7d4e81619b0a9742b12)
* Canary - Comment code to update lastday in login.php (https://github.com/slawkens/myaac/commit/38902c30d114fdbce259467f5820f97037b393e9)
* Cache::remember $ttl = -1 = infinite (https://github.com/slawkens/myaac/commit/64acf70d3854182d88aaf0b67f77cea2a254f179)
### Fixed
* Online - Allow for html code (example - img) in online_datacenter (https://github.com/slawkens/myaac/commit/3bb272ebbbd2eb7769d174b7082061d14a17bd44)
* Guilds - Fix guild create with freePremium enabled (https://github.com/slawkens/myaac/commit/c91bb5d4097647dca2196d3dea87bc90c89181d2)
* Canary - Fix premDays count (https://github.com/slawkens/myaac/commit/3e61692780d4add93b7b0e9f12f7a283bd8f4b7a)
* Template Change: Ignore set last visit for AJAX pages - Fixes template change redirect (https://github.com/slawkens/myaac/commit/89fae38caa7e4f645957fcf1a9330a36358ac04f)
* Admin Panel - Accounts: Fix lastip v6 (TFS master) (https://github.com/slawkens/myaac/commit/f54b1bdd2af4c16c64ddff0e87a6c96bc4cf9eeb)
* Functions - Prevent injection in $db->hasColumn (https://github.com/slawkens/myaac/commit/56bd7ec5ed904666074492f2e4f13e4fce226bee)
* Compat Config: Add missing config: email_lai_sec_interval (https://github.com/slawkens/myaac/commit/2eae44e0755e624a91be68b4d1ec26d01eb4d9a1)
## [1.8.2 - 26.09.2025] ## [1.8.2 - 26.09.2025]
### Added ### Added

View File

@@ -669,11 +669,17 @@ else if (isset($_REQUEST['search'])) {
<div class="col-12 col-sm-12 col-lg-6"> <div class="col-12 col-sm-12 col-lg-6">
<label for="lastip" class="control-label">Last IP:</label> <label for="lastip" class="control-label">Last IP:</label>
<input type="text" class="form-control" id="lastip" name="lastip" autocomplete="off" maxlength="10" value="<?php <input type="text" class="form-control" id="lastip" name="lastip" autocomplete="off" maxlength="10" value="<?php
if (strlen($player->getLastIP()) > 11) { $lastIPColumnInfo = $db->getColumnInfo('players', 'lastip');
echo inet_ntop($player->getLastIP()); if ($lastIPColumnInfo && is_array($lastIPColumnInfo)) {
if (str_contains($lastIPColumnInfo['type'], 'varbinary')) {
echo inet_ntop($player->getLastIP());
}
else {
echo longToIp($player->getLastIP());
}
} }
else { else {
echo longToIp($player->getLastIP()); echo 'Error';
} }
?>" readonly/> ?>" readonly/>
</div> </div>

View File

@@ -1,5 +1,6 @@
<?php <?php
define('MYAAC_ADMIN', true); const MYAAC_ADMIN = true;
const IGNORE_SET_LAST_VISIT = true;
require '../../common.php'; require '../../common.php';
require SYSTEM . 'functions.php'; require SYSTEM . 'functions.php';

View File

@@ -26,6 +26,7 @@
use MyAAC\DataLoader; use MyAAC\DataLoader;
const MYAAC_ADMIN = true; const MYAAC_ADMIN = true;
const IGNORE_SET_LAST_VISIT = true;
require '../../common.php'; require '../../common.php';
require SYSTEM . 'functions.php'; require SYSTEM . 'functions.php';

View File

@@ -3,6 +3,7 @@
use MyAAC\Settings; use MyAAC\Settings;
const MYAAC_ADMIN = true; const MYAAC_ADMIN = true;
const IGNORE_SET_LAST_VISIT = true;
require '../../common.php'; require '../../common.php';
require SYSTEM . 'functions.php'; require SYSTEM . 'functions.php';

View File

@@ -1,5 +1,6 @@
<?php <?php
define('MYAAC_ADMIN', true); const MYAAC_ADMIN = true;
const IGNORE_SET_LAST_VISIT = true;
require '../../common.php'; require '../../common.php';
require SYSTEM . 'init.php'; require SYSTEM . 'init.php';

View File

@@ -1,5 +1,6 @@
<?php <?php
define('MYAAC_ADMIN', true); const MYAAC_ADMIN = true;
const IGNORE_SET_LAST_VISIT = true;
require '../../common.php'; require '../../common.php';
require SYSTEM . 'functions.php'; require SYSTEM . 'functions.php';

View File

@@ -26,8 +26,8 @@
if (version_compare(phpversion(), '8.1', '<')) die('PHP version 8.1 or higher is required.'); if (version_compare(phpversion(), '8.1', '<')) die('PHP version 8.1 or higher is required.');
const MYAAC = true; const MYAAC = true;
const MYAAC_VERSION = '1.8.3-dev'; const MYAAC_VERSION = '1.8.3';
const DATABASE_VERSION = 45; const DATABASE_VERSION = 46;
const TABLE_PREFIX = 'myaac_'; const TABLE_PREFIX = 'myaac_';
define('START_TIME', microtime(true)); define('START_TIME', microtime(true));
define('MYAAC_OS', stripos(PHP_OS, 'WIN') === 0 ? 'WINDOWS' : (strtoupper(PHP_OS) === 'DARWIN' ? 'MAC' : 'LINUX')); define('MYAAC_OS', stripos(PHP_OS, 'WIN') === 0 ? 'WINDOWS' : (strtoupper(PHP_OS) === 'DARWIN' ? 'MAC' : 'LINUX'));

View File

@@ -1,4 +1,4 @@
SET @myaac_database_version = 45; SET @myaac_database_version = 46;
CREATE TABLE `myaac_account_actions` CREATE TABLE `myaac_account_actions`
( (
@@ -10,6 +10,15 @@ CREATE TABLE `myaac_account_actions`
KEY (`account_id`) KEY (`account_id`)
) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4; ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
CREATE TABLE `myaac_account_emails_verify`
(
`id` int NOT NULL AUTO_INCREMENT,
`account_id` int NOT NULL,
`hash` varchar(32) NOT NULL,
`sent_at` int NOT NULL DEFAULT 0,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
CREATE TABLE `myaac_admin_menu` CREATE TABLE `myaac_admin_menu`
( (
`id` int NOT NULL AUTO_INCREMENT, `id` int NOT NULL AUTO_INCREMENT,

View File

@@ -102,18 +102,13 @@ if(!$db->hasColumn('accounts', 'web_flags')) {
success($locale['step_database_adding_field'] . ' accounts.web_flags...'); success($locale['step_database_adding_field'] . ' accounts.web_flags...');
} }
if(!$db->hasColumn('accounts', 'email_hash')) {
if(query("ALTER TABLE `accounts` ADD `email_hash` VARCHAR(32) NOT NULL DEFAULT '' AFTER `web_flags`;"))
success($locale['step_database_adding_field'] . ' accounts.email_hash...');
}
if(!$db->hasColumn('accounts', 'email_verified')) { if(!$db->hasColumn('accounts', 'email_verified')) {
if(query("ALTER TABLE `accounts` ADD `email_verified` TINYINT(1) NOT NULL DEFAULT 0 AFTER `email_hash`;")) if(query("ALTER TABLE `accounts` ADD `email_verified` TINYINT(1) NOT NULL DEFAULT 0 AFTER `web_flags`;"))
success($locale['step_database_adding_field'] . ' accounts.email_verified...'); success($locale['step_database_adding_field'] . ' accounts.email_verified...');
} }
if(!$db->hasColumn('accounts', 'email_new')) { if(!$db->hasColumn('accounts', 'email_new')) {
if(query("ALTER TABLE `accounts` ADD `email_new` VARCHAR(255) NOT NULL DEFAULT '' AFTER `email_hash`;")) if(query("ALTER TABLE `accounts` ADD `email_new` VARCHAR(255) NOT NULL DEFAULT '' AFTER `email_verified`;"))
success($locale['step_database_adding_field'] . ' accounts.email_new...'); success($locale['step_database_adding_field'] . ' accounts.email_new...');
} }

View File

@@ -220,6 +220,8 @@ switch ($action) {
} }
} }
/*
* not needed anymore?
if (fieldExist('premdays', 'accounts') && fieldExist('lastday', 'accounts')) { if (fieldExist('premdays', 'accounts') && fieldExist('lastday', 'accounts')) {
$save = false; $save = false;
$timeNow = time(); $timeNow = time();
@@ -256,6 +258,7 @@ switch ($action) {
$account->save(); $account->save();
} }
} }
*/
$worlds = [$world]; $worlds = [$world];
$playdata = compact('worlds', 'characters'); $playdata = compact('worlds', 'characters');

View File

@@ -81,6 +81,7 @@ $deprecatedConfig = [
'account_change_character_name_points' => 'account_change_character_name_price', 'account_change_character_name_points' => 'account_change_character_name_price',
'account_change_character_sex', 'account_change_character_sex',
'account_change_character_sex_points' => 'account_change_character_name_price', 'account_change_character_sex_points' => 'account_change_character_name_price',
'email_lai_sec_interval' => 'mail_lost_account_interval',
]; ];
foreach ($deprecatedConfig as $key => $value) { foreach ($deprecatedConfig as $key => $value) {

View File

@@ -1142,10 +1142,18 @@ function getTopPlayers($limit = 5, $skill = 'level') {
'looktype', 'lookhead', 'lookbody', 'looklegs', 'lookfeet' 'looktype', 'lookhead', 'lookbody', 'looklegs', 'lookfeet'
]; ];
if ($db->hasColumn('players', 'promotion')) {
$columns[] = 'promotion';
}
if ($db->hasColumn('players', 'lookaddons')) { if ($db->hasColumn('players', 'lookaddons')) {
$columns[] = 'lookaddons'; $columns[] = 'lookaddons';
} }
if ($db->hasColumn('players', 'lookmount')) {
$columns[] = 'lookmount';
}
return Player::query() return Player::query()
->select($columns) ->select($columns)
->withOnlineStatus() ->withOnlineStatus()
@@ -1632,13 +1640,14 @@ function camelCaseToUnderscore($input)
return ltrim(strtolower(preg_replace('/[A-Z]([A-Z](?![a-z]))*/', '_$0', $input)), '_'); return ltrim(strtolower(preg_replace('/[A-Z]([A-Z](?![a-z]))*/', '_$0', $input)), '_');
} }
function removeIfFirstSlash(&$text) { function removeIfFirstSlash(&$text): void
{
if(strpos($text, '/') === 0) { if(strpos($text, '/') === 0) {
$text = str_replace_first('/', '', $text); $text = str_replace_first('/', '', $text);
} }
}; };
function escapeHtml($html) { function escapeHtml($html): string {
return htmlspecialchars($html); return htmlspecialchars($html);
} }
@@ -1652,7 +1661,7 @@ function getGuildNameById($id)
return false; return false;
} }
function getGuildLogoById($id) function getGuildLogoById($id): string
{ {
$logo = 'default.gif'; $logo = 'default.gif';
@@ -1668,7 +1677,8 @@ function getGuildLogoById($id)
return BASE_URL . GUILD_IMAGES_DIR . $logo; return BASE_URL . GUILD_IMAGES_DIR . $logo;
} }
function displayErrorBoxWithBackButton($errors, $action = null) { function displayErrorBoxWithBackButton($errors, $action = null): void
{
global $twig; global $twig;
$twig->display('error_box.html.twig', ['errors' => $errors]); $twig->display('error_box.html.twig', ['errors' => $errors]);
$twig->display('account.back_button.html.twig', [ $twig->display('account.back_button.html.twig', [
@@ -1696,6 +1706,12 @@ function getAccountIdentityColumn(): string
return 'id'; return 'id';
} }
function isCanary(): bool
{
$vipSystemEnabled = configLua('vipSystemEnabled');
return isset($vipSystemEnabled);
}
// validator functions // validator functions
require_once SYSTEM . 'compat/base.php'; require_once SYSTEM . 'compat/base.php';

File diff suppressed because it is too large Load Diff

View File

@@ -120,6 +120,11 @@ class OTS_DB_MySQL extends OTS_Base_DB
if($cache->fetch('database_columns', $tmp) && $tmp) { if($cache->fetch('database_columns', $tmp) && $tmp) {
$this->has_column_cache = unserialize($tmp); $this->has_column_cache = unserialize($tmp);
} }
$tmp = null;
if($cache->fetch('database_columns_info', $tmp) && $tmp) {
$this->get_column_info_cache = unserialize($tmp);
}
} }
} }
@@ -156,11 +161,13 @@ class OTS_DB_MySQL extends OTS_Base_DB
if ($this->clearCacheAfter) { if ($this->clearCacheAfter) {
$cache->delete('database_tables'); $cache->delete('database_tables');
$cache->delete('database_columns'); $cache->delete('database_columns');
$cache->delete('database_columns_info');
$cache->delete('database_checksum'); $cache->delete('database_checksum');
} }
else { else {
$cache->set('database_tables', serialize($this->has_table_cache), 3600); $cache->set('database_tables', serialize($this->has_table_cache), 3600);
$cache->set('database_columns', serialize($this->has_column_cache), 3600); $cache->set('database_columns', serialize($this->has_column_cache), 3600);
$cache->set('database_columns_info', serialize($this->get_column_info_cache), 3600);
$cache->set('database_checksum', serialize(sha1($config['database_host'] . '.' . $config['database_name'])), 3600); $cache->set('database_checksum', serialize(sha1($config['database_host'] . '.' . $config['database_name'])), 3600);
} }
} }
@@ -295,7 +302,8 @@ class OTS_DB_MySQL extends OTS_Base_DB
return []; return [];
} }
public function revalidateCache() { public function revalidateCache(): void
{
foreach($this->has_table_cache as $key => $value) { foreach($this->has_table_cache as $key => $value) {
$this->hasTableInternal($key); $this->hasTableInternal($key);
} }
@@ -310,6 +318,21 @@ class OTS_DB_MySQL extends OTS_Base_DB
$this->hasColumnInternal($explode[0], $explode[1]); $this->hasColumnInternal($explode[0], $explode[1]);
} }
} }
foreach($this->get_column_info_cache as $key => $value) {
$explode = explode('.', $key);
if(!isset($this->has_table_cache[$explode[0]])) { // first check if table exist
$this->hasTableInternal($explode[0]);
}
if($this->has_table_cache[$explode[0]]) {
$this->hasColumnInternal($explode[0], $explode[1]);
}
if($this->has_table_cache[$explode[0]]) {
$this->getColumnInfoInternal($explode[0], $explode[1]);
}
}
} }
public function setClearCacheAfter($clearCache) public function setClearCacheAfter($clearCache)

View File

@@ -34,8 +34,10 @@ if($logged) {
$twig->addGlobal('account_logged', $account_logged); $twig->addGlobal('account_logged', $account_logged);
} }
setSession('last_visit', time()); if (!defined('IGNORE_SET_LAST_VISIT') || !IGNORE_SET_LAST_VISIT) {
if(defined('PAGE')) { setSession('last_visit', time());
setSession('last_page', PAGE); if(defined('PAGE')) {
setSession('last_page', PAGE);
}
setSession('last_uri', $_SERVER['REQUEST_URI']);
} }
setSession('last_uri', $_SERVER['REQUEST_URI']);

View File

@@ -0,0 +1,8 @@
CREATE TABLE `myaac_account_emails_verify`
(
`id` int NOT NULL AUTO_INCREMENT,
`account_id` int NOT NULL,
`hash` varchar(32) NOT NULL,
`sent_at` int NOT NULL DEFAULT 0,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;

24
system/migrations/46.php Normal file
View File

@@ -0,0 +1,24 @@
<?php
/**
* @var OTS_DB_MySQL $db
*/
$up = function () use ($db) {
if ($db->hasColumn('accounts', 'email_hash')) {
$db->dropColumn('accounts', 'email_hash');
}
if (!$db->hasTable(TABLE_PREFIX . 'account_emails_verify')) {
$db->query(file_get_contents(__DIR__ . '/46-account_emails_verify.sql'));
}
};
$down = function () use ($db) {
if (!$db->hasColumn('accounts', 'email_hash')) {
$db->addColumn('accounts', 'email_hash', "varchar(32) NOT NULL DEFAULT ''");
}
if ($db->hasTable(TABLE_PREFIX . 'account_emails_verify')) {
$db->dropTable(TABLE_PREFIX . 'account_emails_verify');
}
};

View File

@@ -19,18 +19,17 @@ if(!$logged) {
csrfProtect(); csrfProtect();
$new_password = $_POST['newpassword'] ?? NULL; $new_password = $_POST['new_password'] ?? null;
$new_password_confirm = $_POST['newpassword_confirm'] ?? NULL; $new_password_confirm = $_POST['new_password_confirm'] ?? null;
$old_password = $_POST['oldpassword'] ?? NULL; $old_password = $_POST['old_password'] ?? null;
if(empty($new_password) && empty($new_password_confirm) && empty($old_password)) { if(empty($new_password) && empty($new_password_confirm) && empty($old_password)) {
$twig->display('account.change-password.html.twig'); $twig->display('account.change-password.html.twig');
} }
else else {
{
if(empty($new_password) || empty($new_password_confirm) || empty($old_password)){ if(empty($new_password) || empty($new_password_confirm) || empty($old_password)){
$errors[] = 'Please fill in form.'; $errors[] = 'Please fill in form.';
} }
$password_strlen = strlen($new_password);
if($new_password != $new_password_confirm) { if($new_password != $new_password_confirm) {
$errors[] = 'The new passwords do not match!'; $errors[] = 'The new passwords do not match!';
} }
@@ -41,10 +40,13 @@ else
} }
/** @var OTS_Account $account_logged */ /** @var OTS_Account $account_logged */
$old_password = encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $old_password); $old_password_hashed = encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $old_password);
if($old_password != $account_logged->getPassword()) { if($old_password_hashed != $account_logged->getPassword()) {
$errors[] = 'Current password is incorrect!'; $errors[] = 'Current password is incorrect!';
} }
else if ($old_password == $new_password) {
$errors[] = 'The old password is same as the new password!';
}
$hooks->trigger(HOOK_ACCOUNT_CHANGE_PASSWORD_POST); $hooks->trigger(HOOK_ACCOUNT_CHANGE_PASSWORD_POST);
} }

View File

@@ -9,6 +9,7 @@
*/ */
use MyAAC\Models\Account; use MyAAC\Models\Account;
use MyAAC\Models\AccountEmailVerify;
defined('MYAAC') or die('Direct access not allowed!'); defined('MYAAC') or die('Direct access not allowed!');
@@ -20,16 +21,20 @@ if(empty($hash)) {
return; return;
} }
if(!Account::where('email_hash', $hash)->exists()) { // by default link is valid for 30 days
note("Your email couldn't be verified. Please contact staff to do it manually."); $accountEmailVerify = AccountEmailVerify::where('hash', $hash)->where('sent_at', '>', time() - 30 * 24 * 60 * 60)->first();
if(!$accountEmailVerify) {
note("Wrong link or link has expired.");
} }
else else
{ {
$accountModel = Account::where('email_hash', $hash)->where('email_verified', 0)->first(); $accountModel = Account::where('id', $accountEmailVerify->account_id)->where('email_verified', 0)->first();
if ($accountModel) { if ($accountModel) {
$accountModel->email_verified = 1; $accountModel->email_verified = 1;
$accountModel->save(); $accountModel->save();
AccountEmailVerify::where('account_id', $accountModel->id)->delete();
success('You have now verified your e-mail, this will increase the security of your account. Thank you for doing this. You can now <a href=' . getLink('account/manage') . '>log in</a>.'); success('You have now verified your e-mail, this will increase the security of your account. Thank you for doing this. You can now <a href=' . getLink('account/manage') . '>log in</a>.');
$account = new OTS_Account(); $account = new OTS_Account();
@@ -39,6 +44,6 @@ else
} }
} }
else { else {
error('Link has expired.'); error('Your account is already verified.');
} }
} }

View File

@@ -10,6 +10,7 @@
*/ */
use MyAAC\CreateCharacter; use MyAAC\CreateCharacter;
use MyAAC\Models\AccountEmailVerify;
defined('MYAAC') or die('Direct access not allowed!'); defined('MYAAC') or die('Direct access not allowed!');
$title = 'Create Account'; $title = 'Create Account';
@@ -244,7 +245,12 @@ if($save)
if(setting('core.mail_enabled') && setting('core.account_mail_verify')) if(setting('core.mail_enabled') && setting('core.account_mail_verify'))
{ {
$hash = md5(generateRandomString(16, true, true) . $email); $hash = md5(generateRandomString(16, true, true) . $email);
$new_account->setCustomField('email_hash', $hash);
AccountEmailVerify::create([
'account_id' => $new_account->getId(),
'hash' => $hash,
'sent_at' => time(),
]);
$verify_url = getLink('account/confirm-email/' . $hash); $verify_url = getLink('account/confirm-email/' . $hash);
$body_html = $twig->render('mail.account.verify.html.twig', array( $body_html = $twig->render('mail.account.verify.html.twig', array(

View File

@@ -48,7 +48,9 @@ if(!empty($login_account) && !empty($login_password))
) )
{ {
if (setting('core.account_mail_verify') && (int)$account_logged->getCustomField('email_verified') !== 1) { if (setting('core.account_mail_verify') && (int)$account_logged->getCustomField('email_verified') !== 1) {
$errors[] = 'Your account is not verified. Please verify your email address. If the message is not coming check the SPAM folder in your E-Mail client.'; $link = getLink('account/resend-email-verify');
$errors[] = 'Your account is not verified. Please verify your email address. If the message is not coming check the SPAM folder in your E-Mail client.<br/>' .
'You can resend the Email here: <a href="' . $link . '">' . $link . '</a>';
} else { } else {
session_regenerate_id(); session_regenerate_id();
setSession('account', $account_logged->getId()); setSession('account', $account_logged->getId());

View File

@@ -38,15 +38,24 @@ csrfProtect();
$groups = new OTS_Groups_List(); $groups = new OTS_Groups_List();
$freePremium = isset($config['lua']['freePremium']) && getBoolean($config['lua']['freePremium']) || $account_logged->getPremDays() == OTS_Account::GRATIS_PREMIUM_DAYS;
$dayOrDays = $account_logged->getPremDays() == 1 ? 'day' : 'days';
/** /**
* @var OTS_Account $account_logged * @var OTS_Account $account_logged
*/ */
if(!$account_logged->isPremium()) $premDays = $account_logged->getPremDays();
$freePremium = isset($config['lua']['freePremium']) && getBoolean($config['lua']['freePremium']) || $premDays == OTS_Account::GRATIS_PREMIUM_DAYS;
$dayOrDays = ($premDays == 1 ? 'day' : 'days');
$vipSystemEnabled = isset($config['lua']['vipSystemEnabled']) && getBoolean($config['lua']['vipSystemEnabled']);
$premiumLabel = $vipSystemEnabled ? 'VIP' : 'Premium Account';
if ($freePremium && !$vipSystemEnabled) {
$account_status = '<b><span style="color: green">Gratis Premium Account</span></b>';
} else if(!$account_logged->isPremium()) {
$account_status = '<b><span style="color: red">Free Account</span></b>'; $account_status = '<b><span style="color: red">Free Account</span></b>';
else } else {
$account_status = '<b><span style="color: green">' . ($freePremium ? 'Gratis Premium Account' : 'Premium Account, ' . $account_logged->getPremDays() . ' '.$dayOrDays.' left') . '</span></b>'; $account_status = '<b><span style="color: green">' . $premiumLabel . ', ' . $premDays . ' '.$dayOrDays.' left</span></b>';
}
$recovery_key = $account_logged->getCustomField('key'); $recovery_key = $account_logged->getCustomField('key');
if(empty($recovery_key)) if(empty($recovery_key))

View File

@@ -0,0 +1,94 @@
<?php
use MyAAC\Models\AccountEmailVerify;
defined('MYAAC') or die('Direct access not allowed!');
$title = 'Resend Email';
$errorWithBackButton = function ($msg) use ($twig) {
$errors = [$msg];
$twig->display('error_box.html.twig', ['errors' => $errors]);
$twig->display('account.back_button.html.twig', [
'action' => getLink('account/resend-email-verify'),
]);
};
if (!setting('core.mail_enabled') || !setting('core.account_mail_verify')) {
$errorWithBackButton('Resending email is not possible on this server.');
return;
}
$showForm = true;
if (isset($_POST['submit']) && $_POST['submit'] == '1') {
$email = $_REQUEST['email'];
if (empty($email) || !filter_var($email, FILTER_VALIDATE_EMAIL)) {
$errorWithBackButton('Please enter valid Email.');
return;
}
$account = new OTS_Account();
$account->findByEMail($email);
if ($account->isLoaded()) {
if ($account->getCustomField('email_verified') == '1') {
$errorWithBackButton('This account is already verified! You can <a href=' . getLink('account/manage') . '>log in</a> on the website.');
return;
}
$accountEmailVerify = AccountEmailVerify::where('account_id', $account->getId())->orderBy('sent_at', 'DESC')->first();
if ($accountEmailVerify && time() - $accountEmailVerify->sent_at < 60) {
$errorWithBackButton('Only one Email per minute is allowed. Please try again later.');
return;
}
$tmp_account = $email;
if (!config('account_login_by_email')) {
$tmp_account = (USE_ACCOUNT_NAME ? $account->getName() : $account->getId());
}
$hash = md5(generateRandomString(16, true, true) . $email);
AccountEmailVerify::create([
'account_id' => $account->getId(),
'hash' => $hash,
'sent_at' => time(),
]);
$verify_url = getLink('account/confirm-email/' . $hash);
$body_html = $twig->render('mail.account.resend-email-verify.html.twig', array(
'account' => $tmp_account,
'verify_url' => generateLink($verify_url, $verify_url, true)
));
if (_mail($account->getEMail(), configLua('serverName') . ' - Verify Account', $body_html)) {
$message = "If account with this email exists - you will become an email with verification link.";
$showForm = false;
} else {
$message = "<p class='error'>An error occurred while sending email (<b>{$email}</b> )! Try again later. For Admin: More info can be found in system/logs/mailer-error.log</p>";
}
}
else {
$message = "<br />If account with this email exists - you will become an email with verification link.";
$showForm = false;
}
$twig->display('success.html.twig', array(
'title' => 'Verify Email Sent',
'description' => $message,
));
}
//show errors if not empty
if (!empty($errors)) {
$twig->display('error_box.html.twig', ['errors' => $errors]);
$twig->display('account.back_button.html.twig', [
'action' => getLink('account/resend-email-verify'),
]);
}
if ($showForm) {
$twig->display('account.resend-email-verify.html.twig');
}

View File

@@ -21,6 +21,9 @@ if(!$logged) {
$errors[] = 'You are not logged in. You can\'t create guild.'; $errors[] = 'You are not logged in. You can\'t create guild.';
} }
$configLuaFreePremium = configLua('freePremium');
$freePremium = (isset($configLuaFreePremium) && getBoolean($configLuaFreePremium)) || ($logged && $account_logged->getPremDays() == OTS_Account::GRATIS_PREMIUM_DAYS);
$array_of_player_nig = array(); $array_of_player_nig = array();
if(empty($errors)) if(empty($errors))
{ {
@@ -31,7 +34,7 @@ if(empty($errors))
if(!$player_rank->isLoaded()) if(!$player_rank->isLoaded())
{ {
if($player->getLevel() >= setting('core.guild_need_level')) { if($player->getLevel() >= setting('core.guild_need_level')) {
if(!setting('core.guild_need_premium') || $account_logged->isPremium()) { if(!setting('core.guild_need_premium') || $account_logged->isPremium() || $freePremium) {
$array_of_player_nig[] = $player->getName(); $array_of_player_nig[] = $player->getName();
} }
} }
@@ -95,7 +98,7 @@ if($todo == 'save')
if($player->getLevel() < setting('core.guild_need_level')) { if($player->getLevel() < setting('core.guild_need_level')) {
$errors[] = 'Character <b>'.$name.'</b> has too low level. To create guild you need character with level <b>' . setting('core.guild_need_level') . '</b>.'; $errors[] = 'Character <b>'.$name.'</b> has too low level. To create guild you need character with level <b>' . setting('core.guild_need_level') . '</b>.';
} }
if(setting('core.guild_need_premium') && !$account_logged->isPremium()) { if(setting('core.guild_need_premium') && !$account_logged->isPremium() && !$freePremium) {
$errors[] = 'Character <b>'.$name.'</b> is on FREE account. To create guild you need PREMIUM account.'; $errors[] = 'Character <b>'.$name.'</b> is on FREE account. To create guild you need PREMIUM account.';
} }
} }

View File

@@ -88,8 +88,10 @@ if($logged && $account_logged && $account_logged->isLoaded()) {
/** /**
* Routes loading * Routes loading
*/ */
$routesFinal = [];
$dispatcher = FastRoute\cachedDispatcher(function (FastRoute\RouteCollector $r) { $dispatcher = FastRoute\cachedDispatcher(function (FastRoute\RouteCollector $r) {
$routesFinal = []; global $cache, $routesFinal;
foreach(getDatabasePages() as $page) { foreach(getDatabasePages() as $page) {
$routesFinal[] = ['*', $page, '__database__/' . $page, 100]; $routesFinal[] = ['*', $page, '__database__/' . $page, 100];
} }
@@ -165,7 +167,7 @@ $dispatcher = FastRoute\cachedDispatcher(function (FastRoute\RouteCollector $r)
echo '</pre>'; echo '</pre>';
die; die;
*/ */
foreach ($routesFinal as $route) { foreach ($routesFinal as &$route) {
if ($route[0] === '*') { if ($route[0] === '*') {
$route[0] = ['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'HEAD']; $route[0] = ['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'HEAD'];
} }
@@ -198,6 +200,10 @@ $dispatcher = FastRoute\cachedDispatcher(function (FastRoute\RouteCollector $r)
log_append('router.log', $warning); log_append('router.log', $warning);
} }
} }
if ($cache->enabled()) {
$cache->set('routes_final', serialize($routesFinal), 10 * 365 * 24 * 60 * 60); // 10 years / infinite
}
}, },
[ [
'cacheFile' => CACHE . 'route.cache', 'cacheFile' => CACHE . 'route.cache',
@@ -212,7 +218,7 @@ $found = true;
// old support for pages like /?subtopic=accountmanagement // old support for pages like /?subtopic=accountmanagement
$page = $_REQUEST['p'] ?? ($_REQUEST['subtopic'] ?? ''); $page = $_REQUEST['p'] ?? ($_REQUEST['subtopic'] ?? '');
if(!empty($page) && preg_match('/^[A-z0-9\-]+$/', $page)) { if(!empty($page) && preg_match('/^[A-z0-9\/\-]+$/', $page)) {
if (isset($_REQUEST['p'])) { // some plugins may require this if (isset($_REQUEST['p'])) { // some plugins may require this
$_REQUEST['subtopic'] = $_REQUEST['p']; $_REQUEST['subtopic'] = $_REQUEST['p'];
} }
@@ -221,9 +227,26 @@ if(!empty($page) && preg_match('/^[A-z0-9\-]+$/', $page)) {
require SYSTEM . 'compat/pages.php'; require SYSTEM . 'compat/pages.php';
} }
$file = loadPageFromFileSystem($page, $found); $foundRoute = false;
if(!$found) {
$file = false; $tmp = null;
if ($cache->enabled() && $cache->fetch('routes_final', $tmp)) {
$routesFinal = unserialize($tmp);
}
foreach ($routesFinal as $route) {
if ($page === $route[1]) {
$file = $route[2];
$foundRoute = true;
break;
}
}
if (!$foundRoute) {
$file = loadPageFromFileSystem($page, $found);
if(!$found) {
$file = false;
}
} }
} }
else { else {

View File

@@ -115,6 +115,11 @@ class Cache
return unserialize($value); return unserialize($value);
} }
// -1 for infinite cache
if ($ttl == -1) {
$ttl = 10 * 365 * 24 * 60 * 60; // 10 years should be enough
}
$value = $callback(); $value = $callback();
$cache->set($key, serialize($value), $ttl); $cache->set($key, serialize($value), $ttl);
return $value; return $value;

View File

@@ -33,10 +33,11 @@ class Account extends Model {
public function getPremiumDaysAttribute() public function getPremiumDaysAttribute()
{ {
if(isset($this->premium_ends_at) || isset($this->premend)) { if(isset($this->premium_ends_at) || isset($this->premend) ||
$col = isset($this->premium_ends_at) ? 'premium_ends_at' : 'premend'; (isCanary() && isset($this->data['lastday']))) {
$ret = ceil(($this->{$col}- time()) / (24 * 60 * 60)); $col = (isset($this->premium_ends_at) ? 'premium_ends_at' : (isset($this->data['lastday']) ? 'lastday' : 'premend'));
return $ret > 0 ? $ret : 0; $ret = ceil(($this->{$col}- time()) / (24 * 60 * 60));
return max($ret, 0);
} }
if($this->premdays == 0) { if($this->premdays == 0) {

View File

@@ -0,0 +1,15 @@
<?php
namespace MyAAC\Models;
use Illuminate\Database\Eloquent\Model;
class AccountEmailVerify extends Model
{
protected $table = TABLE_PREFIX . 'account_emails_verify';
public $timestamps = false;
protected $fillable = ['account_id', 'hash', 'sent_at'];
}

View File

@@ -28,6 +28,8 @@ define('HOOK_CHARACTERS_AFTER_CHARACTERS', ++$i);
define('HOOK_LOGIN', ++$i); define('HOOK_LOGIN', ++$i);
define('HOOK_LOGIN_ATTEMPT', ++$i); define('HOOK_LOGIN_ATTEMPT', ++$i);
define('HOOK_LOGOUT', ++$i); define('HOOK_LOGOUT', ++$i);
define('HOOK_ACCOUNT_CHANGE_PASSWORD_AFTER_OLD_PASSWORD', ++$i);
define('HOOK_ACCOUNT_CHANGE_PASSWORD_AFTER_NEW_PASSWORD', ++$i);
define('HOOK_ACCOUNT_CHANGE_PASSWORD_POST', ++$i); define('HOOK_ACCOUNT_CHANGE_PASSWORD_POST', ++$i);
define('HOOK_ACCOUNT_CREATE_BEFORE_FORM', ++$i); define('HOOK_ACCOUNT_CREATE_BEFORE_FORM', ++$i);
define('HOOK_ACCOUNT_CREATE_BEFORE_BOXES', ++$i); define('HOOK_ACCOUNT_CREATE_BEFORE_BOXES', ++$i);

View File

@@ -9,23 +9,29 @@ Please enter your current password and a new password. For your security, please
<span>Current Password:</span> <span>Current Password:</span>
</td> </td>
<td> <td>
<input form="form" type="password" name="oldpassword" size="30" maxlength="29"> <input form="form" type="password" id="old_password" name="old_password" size="30" maxlength="29">
</td> </td>
</tr> </tr>
{{ hook('HOOK_ACCOUNT_CHANGE_PASSWORD_AFTER_OLD_PASSWORD') }}
<tr> <tr>
<td class="LabelV"> <td class="LabelV">
<span>New Password:</span> <span>New Password:</span>
</td> </td>
<td style="width:90%;"> <td style="width:90%;">
<input form="form" type="password" name="newpassword" size="30" maxlength="29"> <input form="form" type="password" id="new_password" name="new_password" size="30" maxlength="29">
</td> </td>
</tr> </tr>
{{ hook('HOOK_ACCOUNT_CHANGE_PASSWORD_AFTER_NEW_PASSWORD') }}
<tr> <tr>
<td class="LabelV"> <td class="LabelV">
<span>New Password Again:</span> <span>New Password Again:</span>
</td> </td>
<td> <td>
<input form="form" type="password" name="newpassword_confirm" size="30" maxlength="29"> <input form="form" type="password" id="new_password_confirm" name="new_password_confirm" size="30" maxlength="29">
</td> </td>
</tr> </tr>
</table> </table>

View File

@@ -0,0 +1,45 @@
Please enter your account Email address.<br/><br/>
{% set title = 'Resend Email' %}
{% set background = config('darkborder') %}
{% set content %}
<table style="width:100%;">
<tr>
<td class="LabelV" >
<span><label for="email">Email Address:</label></span>
</td>
<td style="width:90%;">
<input type="email" form="form" id="email" name="email" size="30" maxlength="50" autofocus/>
</td>
</tr>
</table>
{% endset %}
{% include 'tables.headline.html.twig' %}
<br/>
<table style="width:100%;">
<tr align="center">
<td>
<table border="0" cellspacing="0" cellpadding="0">
<tr>
<td style="border:0;">
<form id="form" action="{{ getLink('account/resend-email-verify') }}" method="post">
{{ csrf() }}
<input type="hidden" name="submit" value="1"/>
{{ include('buttons.submit.html.twig') }}
</form>
</td>
<tr>
</table>
</td>
<td>
<table border="0" cellspacing="0" cellpadding="0">
<tr>
<td style="border:0;">
<form action="{{ getLink('news') }}" method="post">
{{ include('buttons.back.html.twig') }}
</form>
</td>
</tr>
</table>
</td>
</tr>
</table>

View File

@@ -9,7 +9,7 @@
<div class="AttentionSign" style="background-image:url({{ template_path }}/images/content/attentionsign.gif);"></div> <div class="AttentionSign" style="background-image:url({{ template_path }}/images/content/attentionsign.gif);"></div>
<b>The Following Errors Have Occurred:</b><br/> <b>The Following Errors Have Occurred:</b><br/>
{% for error in errors %} {% for error in errors %}
<li>{{ error|striptags('<b>')|raw }}</li> <li>{{ error|striptags('<b><a>')|raw }}</li>
{% endfor %} {% endfor %}
</div> </div>
<div class="BoxFrameHorizontal" style="background-image:url({{ template_path }}/images/content/box-frame-horizontal.gif);"></div> <div class="BoxFrameHorizontal" style="background-image:url({{ template_path }}/images/content/box-frame-horizontal.gif);"></div>
@@ -17,4 +17,4 @@
<div class="BoxFrameEdgeLeftBottom" style="background-image:url({{ template_path }}/images/content/box-frame-edge.gif);"></div> <div class="BoxFrameEdgeLeftBottom" style="background-image:url({{ template_path }}/images/content/box-frame-edge.gif);"></div>
</div> </div>
</div> </div>
<br/> <br/>

View File

@@ -0,0 +1,7 @@
Hello {{ account }}!<br/>
<br/>
You requested to resend the verify Email on {{ config.lua.serverName }}!<br/>
<br/>
To verify your email address please click the link below:<br/>
{{ verify_url|raw }}

View File

@@ -101,7 +101,7 @@
<tr> <tr>
<td class="LabelV150"><b>Location Datacenter:</b></td> <td class="LabelV150"><b>Location Datacenter:</b></td>
<td>{{ setting('core.online_datacenter') }} <small>(Server date & time: - {{ "now"|date("d/m/Y H:i:s") }})</small></td> <td>{{ setting('core.online_datacenter')|raw }} <small>(Server date & time: - {{ "now"|date("d/m/Y H:i:s") }})</small></td>
</tr> </tr>
<tr> <tr>
<td class="LabelV150"><b>PvP Type:</b></td> <td class="LabelV150"><b>PvP Type:</b></td>

View File

@@ -101,7 +101,9 @@ $twig->addFunction($function);
$function = new TwigFunction('hook', function ($context, $hook, array $params = []) { $function = new TwigFunction('hook', function ($context, $hook, array $params = []) {
global $hooks; global $hooks;
//note($hook); if (config('hooks_debug')) {
note($hook);
}
if(is_string($hook)) { if(is_string($hook)) {
if (defined($hook)) { if (defined($hook)) {

View File

@@ -27,26 +27,18 @@ if(isset($config['boxes']))
var loginStatus="<?php echo ($logged ? 'true' : 'false'); ?>"; var loginStatus="<?php echo ($logged ? 'true' : 'false'); ?>";
<?php <?php
if(PAGE !== 'news') { if(PAGE !== 'news') {
if(isset($_REQUEST['subtopic'])) { $tmp = str_replace('/', '_', isset($_REQUEST['subtopic']) ? escapeHtml($_REQUEST['subtopic']) : PAGE);
$tmp = escapeHtml($_REQUEST['subtopic']); $exp = explode('/', PAGE);
if($tmp === 'accountmanagement') { if(PAGE !== 'account/create' && PAGE !== 'account/lost' && isset($exp[1])) {
$tmp = 'accountmanage'; if ($exp[0] === 'account' && $exp[1] === 'lost') {
$tmp = 'account_lost';
} elseif ($exp[0] === 'account') {
$tmp = 'account_manage';
} else if ($exp[0] === 'news' && $exp[1] === 'archive') {
$tmp = 'news_archive';
} }
} else if (in_array($exp[0], ['characters', 'highscores', 'guilds', 'forum'])) {
else { $tmp = $exp[0];
$tmp = str_replace('/', '_', PAGE);
$exp = explode('/', PAGE);
if(PAGE !== 'account/create' && PAGE !== 'account/lost' && isset($exp[1])) {
if ($exp[0] === 'account' && $exp[1] === 'lost') {
$tmp = 'account_lost';
} elseif ($exp[0] === 'account') {
$tmp = 'account_manage';
} else if ($exp[0] === 'news' && $exp[1] === 'archive') {
$tmp = 'news_archive';
}
else if (in_array($exp[0], ['characters', 'highscores', 'guilds', 'forum'])) {
$tmp = $exp[0];
}
} }
} }
} }

View File

@@ -9,6 +9,8 @@
* @link https://my-aac.org * @link https://my-aac.org
*/ */
const IGNORE_SET_LAST_VISIT = true;
// we need some functions // we need some functions
require '../common.php'; require '../common.php';
require SYSTEM . 'functions.php'; require SYSTEM . 'functions.php';

View File

@@ -1,4 +1,7 @@
<?php <?php
const IGNORE_SET_LAST_VISIT = true;
require '../common.php'; require '../common.php';
require SYSTEM . 'init.php'; require SYSTEM . 'init.php';
require SYSTEM . 'functions.php'; require SYSTEM . 'functions.php';

View File

@@ -12,6 +12,8 @@
use MyAAC\CreateCharacter; use MyAAC\CreateCharacter;
use MyAAC\Models\Account; use MyAAC\Models\Account;
const IGNORE_SET_LAST_VISIT = true;
// we need some functions // we need some functions
require '../common.php'; require '../common.php';
require SYSTEM . 'functions.php'; require SYSTEM . 'functions.php';