From 713df0d7f29e525f6038744e0d35a59c73715b5e Mon Sep 17 00:00:00 2001
From: Sarjuuk <junkdump@gmx.net>
Date: Wed, 24 Sep 2014 16:45:06 +0200
Subject: [PATCH] - Account:   * updated forgotten $_SERVER['REMOTE_ADDR'] uses
 in pages   * do not update lastLogin on User::Auth() (restores reset of daily
 limitations)   * only update ip if it changed - updated dead help-link in
 petCalc

---
 pages/account.php       | 23 +++++++++++++++--------
 static/js/TalentCalc.js |  2 +-
 2 files changed, 16 insertions(+), 9 deletions(-)

diff --git a/pages/account.php b/pages/account.php
index 7d1bfe18..07b2369f 100644
--- a/pages/account.php
+++ b/pages/account.php
@@ -122,7 +122,7 @@ class AccountPage extends GenericPage
                 {
                     $nStep = 2;
                     DB::Aowow()->query('UPDATE ?_account SET status = ?d WHERE token = ?', ACC_STATUS_OK, $_GET['token']);
-                    DB::Aowow()->query('REPLACE INTO ?_account_bannedips (ip, type, count, unbanDate) VALUES (?, 1, ?d + 1, UNIX_TIMESTAMP() + ?d)', $_SERVER['REMOTE_ADDR'], CFG_FAILED_AUTH_COUNT, CFG_FAILED_AUTH_EXCLUSION);
+                    DB::Aowow()->query('REPLACE INTO ?_account_bannedips (ip, type, count, unbanDate) VALUES (?, 1, ?d + 1, UNIX_TIMESTAMP() + ?d)', User::$ip, CFG_FAILED_AUTH_COUNT, CFG_FAILED_AUTH_EXCLUSION);
 
                     Util::gainSiteReputation($newId, SITEREP_ACTION_REGISTER);
 
@@ -322,9 +322,12 @@ Markup.printHtml("description text here", "description-generic", { allow: Markup
         switch (User::Auth($username, $password))
         {
             case AUTH_OK:
+                if (!User::$ip)
+                    return Lang::$account['intError'];
+
                 // reset account status, update expiration
-                DB::Aowow()->query('UPDATE ?_account SET prevLogin = curLogin, curLogin = UNIX_TIMESTAMP(), prevIP = curIP, curIP = ?, allowExpire = ?d, status = 0, statusTimer = 0, token = "" WHERE user = ?',
-                    $_SERVER['REMOTE_ADDR'],
+                DB::Aowow()->query('UPDATE ?_account SET prevIP = IF(curIp = ?, prevIP, curIP), curIP = IF(curIp = ?, curIP, ?), allowExpire = ?d, status = 0, statusTimer = 0, token = "" WHERE user = ?',
+                    User::$ip, User::$ip, User::$ip,
                     $doExpire,
                     $username
                 );
@@ -386,11 +389,15 @@ Markup.printHtml("description text here", "description-generic", { allow: Markup
         if (!Util::isValidEmail($email))
             return Lang::$account['emailInvalid'];
 
+        // check ip
+        if (!User::$ip)
+            return Lang::$account['intError'];
+
         // limit account creation
-        $ip = DB::Aowow()->selectRow('SELECT ip, count, unbanDate FROM ?_account_bannedips WHERE type = 1 AND ip = ?', $_SERVER['REMOTE_ADDR']);
+        $ip = DB::Aowow()->selectRow('SELECT ip, count, unbanDate FROM ?_account_bannedips WHERE type = 1 AND ip = ?', User::$ip);
         if ($ip && $ip['count'] >= CFG_FAILED_AUTH_COUNT && $ip['unbanDate'] >= time())
         {
-            DB::Aowow()->query('UPDATE ?_account_bannedips SET count = count + 1, unbanDate = UNIX_TIMESTAMP() + ?d WHERE ip = ? AND type = 1', CFG_FAILED_AUTH_EXCLUSION, $_SERVER['REMOTE_ADDR']);
+            DB::Aowow()->query('UPDATE ?_account_bannedips SET count = count + 1, unbanDate = UNIX_TIMESTAMP() + ?d WHERE ip = ? AND type = 1', CFG_FAILED_AUTH_EXCLUSION, User::$ip);
             return sprintf(Lang::$account['signupExceeded'], Util::formatTime(CFG_FAILED_AUTH_EXCLUSION * 1000));
         }
 
@@ -405,7 +412,7 @@ Markup.printHtml("description text here", "description-generic", { allow: Markup
             User::hashCrypt($_POST['password']),
             Util::ucFirst($username),
             $email,
-            isset($_SERVER["REMOTE_ADDR"]) ? $_SERVER["REMOTE_ADDR"] : '',
+            User::$ip,
             $doExpire,
             User::$localeId,
             ACC_STATUS_NEW,
@@ -418,9 +425,9 @@ Markup.printHtml("description text here", "description-generic", { allow: Markup
         {
             // success:: update ip-bans
             if (!$ip || $ip['unbanDate'] < time())
-                DB::Aowow()->query('REPLACE INTO ?_account_bannedips (ip, type, count, unbanDate) VALUES (?, 1, 1, UNIX_TIMESTAMP() + ?d)', $_SERVER['REMOTE_ADDR'], CFG_FAILED_AUTH_EXCLUSION);
+                DB::Aowow()->query('REPLACE INTO ?_account_bannedips (ip, type, count, unbanDate) VALUES (?, 1, 1, UNIX_TIMESTAMP() + ?d)', User::$ip, CFG_FAILED_AUTH_EXCLUSION);
             else
-                DB::Aowow()->query('UPDATE ?_account_bannedips SET count = count + 1, unbanDate = UNIX_TIMESTAMP() + ?d WHERE ip = ? AND type = 1', CFG_FAILED_AUTH_EXCLUSION, $_SERVER['REMOTE_ADDR']);
+                DB::Aowow()->query('UPDATE ?_account_bannedips SET count = count + 1, unbanDate = UNIX_TIMESTAMP() + ?d WHERE ip = ? AND type = 1', CFG_FAILED_AUTH_EXCLUSION, User::$ip);
 
             return $_;
         }
diff --git a/static/js/TalentCalc.js b/static/js/TalentCalc.js
index 0ee1987f..7d9a028e 100644
--- a/static/js/TalentCalc.js
+++ b/static/js/TalentCalc.js
@@ -960,7 +960,7 @@ function TalentCalc() {
 
         _ = $WH.ce('a');
         _.className = 'talentcalc-button-help';
-        _.href = (_mode == MODE_PET ? 'http://petopia.brashendeavors.net/html/patch30/patch30faq_talents.php' : '?help=talent-calculator');
+        _.href = (_mode == MODE_PET ? 'http://www.wow-petopia.com/talents/talents.html' : '?help=talent-calculator');
         _.target = '_blank';
         $WH.ae(_, $WH.ct(LANG.tc_help));
         $WH.ae(sidebarDivInner, _);