yolinlin/aowow
1
0
Fork 0
mirror of https://github.com/Sarjuuk/aowow.git synced 2025-11-29 15:58:16 +08:00
Code Issues Packages Projects Releases Wiki Activity

- Account:

Browse Source 
* updated forgotten $_SERVER['REMOTE_ADDR'] uses in pages
  * do not update lastLogin on User::Auth() (restores reset of daily limitations)
  * only update ip if it changed
- updated dead help-link in petCalc
This commit is contained in:
Sarjuuk
2014-09-24 16:45:06 +02:00
parent 75093f6d8f
commit 713df0d7f2
2 changed files with 16 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
pages/account.php
View File

@@ -122,7 +122,7 @@ class AccountPage extends GenericPage
{ {
$nStep = 2; $nStep = 2;
DB::Aowow()->query('UPDATE ?_account SET status = ?d WHERE token = ?', ACC_STATUS_OK, $_GET['token']); DB::Aowow()->query('UPDATE ?_account SET status = ?d WHERE token = ?', ACC_STATUS_OK, $_GET['token']);
DB::Aowow()->query('REPLACE INTO ?_account_bannedips (ip, type, count, unbanDate) VALUES (?, 1, ?d + 1, UNIX_TIMESTAMP() + ?d)', $_SERVER['REMOTE_ADDR'], CFG_FAILED_AUTH_COUNT, CFG_FAILED_AUTH_EXCLUSION); DB::Aowow()->query('REPLACE INTO ?_account_bannedips (ip, type, count, unbanDate) VALUES (?, 1, ?d + 1, UNIX_TIMESTAMP() + ?d)', User::$ip, CFG_FAILED_AUTH_COUNT, CFG_FAILED_AUTH_EXCLUSION);
Util::gainSiteReputation($newId, SITEREP_ACTION_REGISTER); Util::gainSiteReputation($newId, SITEREP_ACTION_REGISTER);
@@ -322,9 +322,12 @@ Markup.printHtml("description text here", "description-generic", { allow: Markup
switch (User::Auth($username, $password)) switch (User::Auth($username, $password))
{ {
case AUTH_OK: case AUTH_OK:
if (!User::$ip)
return Lang::$account['intError'];
// reset account status, update expiration // reset account status, update expiration
DB::Aowow()->query('UPDATE ?_account SET prevLogin = curLogin, curLogin = UNIX_TIMESTAMP(), prevIP = curIP, curIP = ?, allowExpire = ?d, status = 0, statusTimer = 0, token = "" WHERE user = ?', DB::Aowow()->query('UPDATE ?_account SET prevIP = IF(curIp = ?, prevIP, curIP), curIP = IF(curIp = ?, curIP, ?), allowExpire = ?d, status = 0, statusTimer = 0, token = "" WHERE user = ?',
$_SERVER['REMOTE_ADDR'], User::$ip, User::$ip, User::$ip,
$doExpire, $doExpire,
$username $username
); );
@@ -386,11 +389,15 @@ Markup.printHtml("description text here", "description-generic", { allow: Markup
if (!Util::isValidEmail($email)) if (!Util::isValidEmail($email))
return Lang::$account['emailInvalid']; return Lang::$account['emailInvalid'];
// check ip
if (!User::$ip)
return Lang::$account['intError'];
// limit account creation // limit account creation
$ip = DB::Aowow()->selectRow('SELECT ip, count, unbanDate FROM ?_account_bannedips WHERE type = 1 AND ip = ?', $_SERVER['REMOTE_ADDR']); $ip = DB::Aowow()->selectRow('SELECT ip, count, unbanDate FROM ?_account_bannedips WHERE type = 1 AND ip = ?', User::$ip);
if ($ip && $ip['count'] >= CFG_FAILED_AUTH_COUNT && $ip['unbanDate'] >= time()) if ($ip && $ip['count'] >= CFG_FAILED_AUTH_COUNT && $ip['unbanDate'] >= time())
{ {
DB::Aowow()->query('UPDATE ?_account_bannedips SET count = count + 1, unbanDate = UNIX_TIMESTAMP() + ?d WHERE ip = ? AND type = 1', CFG_FAILED_AUTH_EXCLUSION, $_SERVER['REMOTE_ADDR']); DB::Aowow()->query('UPDATE ?_account_bannedips SET count = count + 1, unbanDate = UNIX_TIMESTAMP() + ?d WHERE ip = ? AND type = 1', CFG_FAILED_AUTH_EXCLUSION, User::$ip);
return sprintf(Lang::$account['signupExceeded'], Util::formatTime(CFG_FAILED_AUTH_EXCLUSION * 1000)); return sprintf(Lang::$account['signupExceeded'], Util::formatTime(CFG_FAILED_AUTH_EXCLUSION * 1000));
} }
@@ -405,7 +412,7 @@ Markup.printHtml("description text here", "description-generic", { allow: Markup
User::hashCrypt($_POST['password']), User::hashCrypt($_POST['password']),
Util::ucFirst($username), Util::ucFirst($username),
$email, $email,
isset($_SERVER["REMOTE_ADDR"]) ? $_SERVER["REMOTE_ADDR"] : '', User::$ip,
$doExpire, $doExpire,
User::$localeId, User::$localeId,
ACC_STATUS_NEW, ACC_STATUS_NEW,
@@ -418,9 +425,9 @@ Markup.printHtml("description text here", "description-generic", { allow: Markup
{ {
// success:: update ip-bans // success:: update ip-bans
if (!$ip || $ip['unbanDate'] < time()) if (!$ip || $ip['unbanDate'] < time())
DB::Aowow()->query('REPLACE INTO ?_account_bannedips (ip, type, count, unbanDate) VALUES (?, 1, 1, UNIX_TIMESTAMP() + ?d)', $_SERVER['REMOTE_ADDR'], CFG_FAILED_AUTH_EXCLUSION); DB::Aowow()->query('REPLACE INTO ?_account_bannedips (ip, type, count, unbanDate) VALUES (?, 1, 1, UNIX_TIMESTAMP() + ?d)', User::$ip, CFG_FAILED_AUTH_EXCLUSION);
else else
DB::Aowow()->query('UPDATE ?_account_bannedips SET count = count + 1, unbanDate = UNIX_TIMESTAMP() + ?d WHERE ip = ? AND type = 1', CFG_FAILED_AUTH_EXCLUSION, $_SERVER['REMOTE_ADDR']); DB::Aowow()->query('UPDATE ?_account_bannedips SET count = count + 1, unbanDate = UNIX_TIMESTAMP() + ?d WHERE ip = ? AND type = 1', CFG_FAILED_AUTH_EXCLUSION, User::$ip);
return $_; return $_;
} }

2
static/js/TalentCalc.js
View File

@@ -960,7 +960,7 @@ function TalentCalc() {
_ = $WH.ce('a'); _ = $WH.ce('a');
_.className = 'talentcalc-button-help'; _.className = 'talentcalc-button-help';
_.href = (_mode == MODE_PET ? 'http://petopia.brashendeavors.net/html/patch30/patch30faq_talents.php' : '?help=talent-calculator'); _.href = (_mode == MODE_PET ? 'http://www.wow-petopia.com/talents/talents.html' : '?help=talent-calculator');
_.target = '_blank'; _.target = '_blank';
$WH.ae(_, $WH.ct(LANG.tc_help)); $WH.ae(_, $WH.ct(LANG.tc_help));
$WH.ae(sidebarDivInner, _); $WH.ae(sidebarDivInner, _);