mirror of
https://github.com/slawkens/myaac.git
synced 2025-04-29 02:39:20 +02:00
f3745a2752
* Remove unneeded escape * Fix guild back buttons (change logo & motd) * small adjustment in news.php * Fix create character when admin (any case is allowed now) * Fix forum table style (boards & thread view) * Small improvement to plugins.enabled check * [WIP] nikic/fast-route implementation I will describe it more in Pull Request * Optimisations & fixes. * Fix path - should not be absolute * Add PLUGINS to Twig path * Don't hide "Install Plugin" Box by default * Update package-lock.json * nothing important, just early exit & fixes Fix creature display * fix premium_ends_at for tfs 1.3+ * Move pages * Move pages tbc * $db->select: make $where parameter optional, allows to get all records * Add some error box to error * fix parse error * Rewriting the router v2 To be more flexible * small fixes * fix & add admin icons * Move mass_* pages to correct folder * fix logout hook 2 * Delete accountmanagement.php * This code wasn't used * Add missing var * Add redirect_from && redirect_to to router options + Also add * for all methods shortcut * Remove comments Not allowed in normal json * Allow admin pages included into plugins dir * block access to some files * Fix admin logout * Fix #178 * feature: mail confirmed reward Suggested by @EPuncker # Conflicts: # system/hooks.php * remove misleading comment * adjust required version according to composer.json * fix duplicated word * Adjustments & fixed to mass actions * Add password confirm, and change text type to password * Add list of Open Source Software MyAAC is using * Fix signature * Show First, Second instead of numbers * fix base dir detection * fix double ACTION define + undefined URI in template * new function> escapeHtml + fix css in admin menus * fix changelog add * fix news adding, rename const to NEWS_* * Add verify to pages, add messages, limits, fix add * fix "Please fill all input" * add required input to admin pages * shorten some expressions with ?? * shorten code + fix conversion (int) * Move account_types to config, account.web_flags to common.php * Update example.json * feature: router aliases * shorten some code + const convert * remove wrong char * fix signature on custom basedir * fix: mass teleport position validation (#214) * fix: mass teleport position validation * fix: max position * Fix execute in CLI * fix warning in reload cache in dev mode * Configurable admin panel folder * feature: plugin require more options with comma * $config_account_salt -> USE_ACCOUNT_SALT * fix forum show_thread * Update show_thread.php --------- Co-authored-by: Gabriel Pedro <gpedro@users.noreply.github.com>
93 lines
2.6 KiB
PHP
93 lines
2.6 KiB
PHP
<?php
|
|
/**
|
|
* Change password
|
|
*
|
|
* @package MyAAC
|
|
* @author Gesior <jerzyskalski@wp.pl>
|
|
* @author Slawkens <slawkens@gmail.com>
|
|
* @copyright 2019 MyAAC
|
|
* @link https://my-aac.org
|
|
*/
|
|
defined('MYAAC') or die('Direct access not allowed!');
|
|
|
|
$title = 'Change Password';
|
|
require __DIR__ . '/base.php';
|
|
|
|
if(!$logged) {
|
|
return;
|
|
}
|
|
|
|
$new_password = $_POST['newpassword'] ?? NULL;
|
|
$new_password2 = $_POST['newpassword2'] ?? NULL;
|
|
$old_password = $_POST['oldpassword'] ?? NULL;
|
|
if(empty($new_password) && empty($new_password2) && empty($old_password)) {
|
|
$twig->display('account.change_password.html.twig');
|
|
}
|
|
else
|
|
{
|
|
if(empty($new_password) || empty($new_password2) || empty($old_password)){
|
|
$errors[] = "Please fill in form.";
|
|
}
|
|
$password_strlen = strlen($new_password);
|
|
if($new_password != $new_password2) {
|
|
$errors[] = "The new passwords do not match!";
|
|
}
|
|
|
|
if(empty($errors)) {
|
|
if(!Validator::password($new_password)) {
|
|
$errors[] = Validator::getLastError();
|
|
}
|
|
|
|
/** @var OTS_Account $account_logged */
|
|
$old_password = encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $old_password);
|
|
if($old_password != $account_logged->getPassword()) {
|
|
$errors[] = "Current password is incorrect!";
|
|
}
|
|
}
|
|
if(!empty($errors)){
|
|
//show errors
|
|
$twig->display('error_box.html.twig', array('errors' => $errors));
|
|
|
|
//show form
|
|
$twig->display('account.change_password.html.twig');
|
|
}
|
|
else
|
|
{
|
|
$org_pass = $new_password;
|
|
|
|
if(USE_ACCOUNT_SALT)
|
|
{
|
|
$salt = generateRandomString(10, false, true, true);
|
|
$new_password = $salt . $new_password;
|
|
$account_logged->setCustomField('salt', $salt);
|
|
}
|
|
|
|
$new_password = encrypt($new_password);
|
|
$account_logged->setPassword($new_password);
|
|
$account_logged->save();
|
|
$account_logged->logAction('Account password changed.');
|
|
|
|
$message = '';
|
|
if($config['mail_enabled'] && $config['send_mail_when_change_password'])
|
|
{
|
|
$mailBody = $twig->render('mail.password_changed.html.twig', array(
|
|
'new_password' => $org_pass,
|
|
'ip' => get_browser_real_ip(),
|
|
));
|
|
|
|
if(_mail($account_logged->getEMail(), $config['lua']['serverName']." - Changed password", $mailBody))
|
|
$message = '<br/><small>Your new password were send on email address <b>'.$account_logged->getEMail().'</b>.</small>';
|
|
else
|
|
$message = '<br/><p class="error">An error occurred while sending email. For Admin: More info can be found in system/logs/mailer-error.log</p>';
|
|
}
|
|
|
|
$twig->display('success.html.twig', array(
|
|
'title' => 'Password Changed',
|
|
'description' => 'Your password has been changed.' . $message
|
|
));
|
|
setSession('password', $new_password);
|
|
}
|
|
}
|
|
|
|
?>
|