From 1edf8833c844b25372017e4affaf12aa02cdce7a Mon Sep 17 00:00:00 2001 From: slawkens Date: Tue, 9 Jul 2024 23:51:12 +0200 Subject: [PATCH] Patching from develop * Allow account_create_character_create even if account_mail_verify is activated * Fixes to account verify - do not allow login without verified email (Thanks @anyeor) --- system/init.php | 2 +- system/login.php | 40 +++++++++++++---------- system/pages/account/confirm_email.php | 10 +++--- system/pages/createaccount.php | 21 +++++++----- system/templates/account.create.html.twig | 2 +- 5 files changed, 42 insertions(+), 33 deletions(-) diff --git a/system/init.php b/system/init.php index 058c713719..f903f69209 100644 --- a/system/init.php +++ b/system/init.php @@ -116,7 +116,7 @@ $config['highscores_ids_hidden'] = array(0); } -$config['account_create_character_create'] = config('account_create_character_create') && (!config('mail_enabled') || !config('account_mail_verify')); +$config['account_mail_verify'] = config('account_mail_verify') && config('mail_enabled'); // POT require_once SYSTEM . 'libs/pot/OTS.php'; diff --git a/system/login.php b/system/login.php index 9f6d7454d6..1037c3bfa4 100644 --- a/system/login.php +++ b/system/login.php @@ -88,28 +88,32 @@ && (!isset($t) || $t['attempts'] < 5) ) { - session_regenerate_id(); - setSession('account', $account_logged->getId()); - setSession('password', encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $login_password)); - if($remember_me) { - setSession('remember_me', true); + if (config('mail_enabled') && config('account_mail_verify') && (int)$account_logged->getCustomField('email_verified') !== 1) { + $errors[] = 'Your account is not verified. Please verify your email address. If the message is not coming check the SPAM folder in your E-Mail client.'; } + else { + session_regenerate_id(); + setSession('account', $account_logged->getId()); + setSession('password', encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $login_password)); + if ($remember_me) { + setSession('remember_me', true); + } - $logged = true; - $logged_flags = $account_logged->getWebFlags(); + $logged = true; + $logged_flags = $account_logged->getWebFlags(); + + if (isset($_POST['admin']) && !admin()) { + $errors[] = 'This account has no admin privileges.'; + unsetSession('account'); + unsetSession('password'); + unsetSession('remember_me'); + $logged = false; + } else { + $account_logged->setCustomField('web_lastlogin', time()); + } - if(isset($_POST['admin']) && !admin()) { - $errors[] = 'This account has no admin privileges.'; - unsetSession('account'); - unsetSession('password'); - unsetSession('remember_me'); - $logged = false; + $hooks->trigger(HOOK_LOGIN, array('account' => $account_logged, 'password' => $login_password, 'remember_me' => $remember_me)); } - else { - $account_logged->setCustomField('web_lastlogin', time()); - } - - $hooks->trigger(HOOK_LOGIN, array('account' => $account_logged, 'password' => $login_password, 'remember_me' => $remember_me)); } else { diff --git a/system/pages/account/confirm_email.php b/system/pages/account/confirm_email.php index 7de7fb4aed..277540e6e8 100644 --- a/system/pages/account/confirm_email.php +++ b/system/pages/account/confirm_email.php @@ -29,11 +29,13 @@ $account = new OTS_Account(); $account->load($query['id']); if ($account->isLoaded()) { + $db->update('accounts', ['email_verified' => '1'], ['email_hash' => $hash]); + success('You have now verified your e-mail, this will increase the security of your account. Thank you for doing this. You can now log in.'); + $hooks->trigger(HOOK_EMAIL_CONFIRMED, ['account' => $account]); } } - - $db->update('accounts', array('email_verified' => '1'), array('email_hash' => $hash)); - success('You have now verified your e-mail, this will increase the security of your account. Thank you for doing this.'); + else { + error('Link has expired.'); + } } -?> diff --git a/system/pages/createaccount.php b/system/pages/createaccount.php index 12d9723b98..23ee403966 100644 --- a/system/pages/createaccount.php +++ b/system/pages/createaccount.php @@ -211,6 +211,9 @@ if(_mail($email, 'New account on ' . $config['lua']['serverName'], $body_html)) { echo 'Your account has been created.

'; + + warning("Before you can login - you need to verify your E-Mail. The verification link has been sent to $email. If the message is not coming - remember to check the SPAM folder."); + $twig->display('success.html.twig', array( 'title' => 'Account Created', 'description' => 'Your account ' . $account_type . ' is ' . $tmp_account . '
You will need the account ' . $account_type . ' and your password to play on ' . configLua('serverName') . '. @@ -227,15 +230,6 @@ } else { - if(config('account_create_character_create')) { - // character creation - $character_created = $createCharacter->doCreate($character_name, $character_sex, $character_vocation, $character_town, $new_account, $errors); - if (!$character_created) { - error('There was an error creating your character. Please create your character later in account management page.'); - error(implode(' ', $errors)); - } - } - if($config['account_create_auto_login']) { $_POST['account_login'] = USE_ACCOUNT_NAME ? $account_name : $account_id; $_POST['password_login'] = $password2; @@ -280,6 +274,15 @@ } } + if(config('account_create_character_create')) { + // character creation + $character_created = $createCharacter->doCreate($character_name, $character_sex, $character_vocation, $character_town, $new_account, $errors); + if (!$character_created) { + error('There was an error creating your character. Please create your character later in account management page.'); + error(implode(' ', $errors)); + } + } + return; } } diff --git a/system/templates/account.create.html.twig b/system/templates/account.create.html.twig index 8d9d57f9da..9be318d173 100644 --- a/system/templates/account.create.html.twig +++ b/system/templates/account.create.html.twig @@ -130,7 +130,7 @@ {{ hook('HOOK_ACCOUNT_CREATE_BETWEEN_BOXES_1') }} - {% if (not config.mail_enabled or not config.account_mail_verify) and config.account_create_character_create %} + {% if config.account_create_character_create %}