From 979eaa121922ed36e6235dd3bc9a7e44189f5103 Mon Sep 17 00:00:00 2001 From: Sarjuuk Date: Tue, 23 Sep 2014 20:42:13 +0200 Subject: [PATCH] - Account: * fixed creating accounts with existing usernames/emails that where never confirmed * moved some hardcoded timers to config --- pages/account.php | 17 +++++++---------- setup/updates/11_config.sql | 3 +++ 2 files changed, 10 insertions(+), 10 deletions(-) create mode 100644 setup/updates/11_config.sql diff --git a/pages/account.php b/pages/account.php index b9b0de13..7d1bfe18 100644 --- a/pages/account.php +++ b/pages/account.php @@ -400,8 +400,7 @@ Markup.printHtml("description text here", "description-generic", { allow: Markup // create.. $token = Util::createHash(); - $delay = 7 * DAY; - $id = DB::Aowow()->query('INSERT INTO ?_account (user, passHash, displayName, email, joindate, curIP, allowExpire, locale, status, statusTimer, token) VALUES (?, ?, ?, ?, UNIX_TIMESTAMP(), ?, ?d, ?d, ?d, UNIX_TIMESTAMP() + ?d, ?)', + $id = DB::Aowow()->query('REPLACE INTO ?_account (user, passHash, displayName, email, joindate, curIP, allowExpire, locale, status, statusTimer, token) VALUES (?, ?, ?, ?, UNIX_TIMESTAMP(), ?, ?d, ?d, ?d, UNIX_TIMESTAMP() + ?d, ?)', $username, User::hashCrypt($_POST['password']), Util::ucFirst($username), @@ -410,12 +409,12 @@ Markup.printHtml("description text here", "description-generic", { allow: Markup $doExpire, User::$localeId, ACC_STATUS_NEW, - $delay, + CFG_ACCOUNT_CREATE_SAVE_DECAY, $token ); if (!$id) // something went wrong return Lang::$account['intError']; - else if ($_ = $this->sendMail($email, Lang::$mail['accConfirm'][0], sprintf(Lang::$mail['accConfirm'][1], $token), $delay)) + else if ($_ = $this->sendMail($email, Lang::$mail['accConfirm'][0], sprintf(Lang::$mail['accConfirm'][1], $token), CFG_ACCOUNT_CREATE_SAVE_DECAY)) { // success:: update ip-bans if (!$ip || $ip['unbanDate'] < time()) @@ -429,12 +428,11 @@ Markup.printHtml("description text here", "description-generic", { allow: Markup private function doRecoverPass($target) { - $delay = 5 * MINUTE; - if ($_ = $this->initRecovery(ACC_STATUS_RECOVER_PASS, $target, $delay, $token)) + if ($_ = $this->initRecovery(ACC_STATUS_RECOVER_PASS, $target, CFG_ACCOUNT_RECOVERY_DECAY, $token)) return $_; // send recovery mail - return $this->sendMail($target, Lang::$mail['resetPass'][0], sprintf(Lang::$mail['resetPass'][1], $token), $delay); + return $this->sendMail($target, Lang::$mail['resetPass'][0], sprintf(Lang::$mail['resetPass'][1], $token), CFG_ACCOUNT_RECOVERY_DECAY); } private function doResetPass() @@ -460,12 +458,11 @@ Markup.printHtml("description text here", "description-generic", { allow: Markup private function doRecoverUser($target) { - $delay = 5 * MINUTE; - if ($_ = $this->initRecovery(ACC_STATUS_RECOVER_USER, $target, $delay, $token)) + if ($_ = $this->initRecovery(ACC_STATUS_RECOVER_USER, $target, CFG_ACCOUNT_RECOVERY_DECAY, $token)) return $_; // send recovery mail - return $this->sendMail($target, Lang::$mail['recoverUser'][0], sprintf(Lang::$mail['recoverUser'][1], $token), $delay); + return $this->sendMail($target, Lang::$mail['recoverUser'][0], sprintf(Lang::$mail['recoverUser'][1], $token), CFG_ACCOUNT_RECOVERY_DECAY); } private function initRecovery($type, $target, $delay, &$token) diff --git a/setup/updates/11_config.sql b/setup/updates/11_config.sql new file mode 100644 index 00000000..e3863716 --- /dev/null +++ b/setup/updates/11_config.sql @@ -0,0 +1,3 @@ +INSERT INTO aowow_config (`key`, `intValue`, `comment`) VALUES + ('account_create_save_decay', 604800, 'default: 604800 - [1 week] time in wich an unconfirmed account cannot be overwritten by new registrations'), + ('account_recovery_decay', 300, 'default: 300 - [5 min] time to recover your account and new recovery requets are blocked'); \ No newline at end of file