2018-04-05

app/Models/Pages/Auth.php

@@ -129,8 +129,8 @@ class Auth extends Page
                     $user->registration_ip = $this->user->ip;
                 }
                 // сбросить запрос на смену кодовой фразы
-                if (! empty($user->activate_string) && 'p' === $user->activate_string{0}) {
-                    $user->activate_string = null;
+                if (32 === \strlen($user->activate_string)) {
+                    $user->activate_string = '';
                 }
                 // изменения юзера в базе
                 $this->c->users->update($user);
@@ -139,6 +139,7 @@ class Auth extends Page
                 $this->c->Cookie->setUser($user, (bool) $v->save);
             }
         }
+
         return $password;
     }
 
@@ -155,6 +156,7 @@ class Auth extends Page
         $this->c->Lang->load('auth');
 
         $v = null;
+
         if ('POST' === $method) {
             $v = $this->c->Validator->reset()
                 ->addValidators([
@@ -168,7 +170,7 @@ class Auth extends Page
                 ]);
 
             if ($v->validation($_POST)) {
-                $key = 'p' . $this->c->Secury->randomPass(79);
+                $key  = $this->c->Secury->randomPass(32);
                 $hash = $this->c->Secury->hash($v->email . $key);
                 $link = $this->c->Router->link('ChangePassword', ['email' => $v->email, 'key' => $key, 'hash' => $hash]);
                 $tplData = [
@@ -200,6 +202,7 @@ class Auth extends Page
                     return $this->c->Message->message(\ForkBB\__('Error mail', $this->c->config->o_admin_email), true, 200);
                 }
             }
+
             $this->fIswev = $v->getErrors();
         }
 
@@ -254,8 +257,6 @@ class Auth extends Page
         // что-то пошло не так
         if (! \hash_equals($args['hash'], $this->c->Secury->hash($args['email'] . $args['key']))
             || ! ($user = $this->c->users->load($args['email'], 'email')) instanceof User
-            || empty($user->activate_string)
-            || 'p' !== $user->activate_string{0}
             || ! \hash_equals($user->activate_string, $args['key'])
         ) {
             return $this->c->Message->message('Bad request', false);
@@ -282,7 +283,8 @@ class Auth extends Page
             if ($v->validation($_POST)) {
                 $user->password        = \password_hash($v->password, PASSWORD_DEFAULT);
                 $user->email_confirmed = 1;
-                $user->activate_string = null;
+                $user->activate_string = '';
+
                 $this->c->users->update($user);
 
                 $this->fIswev = ['s', \ForkBB\__('Pass updated')];

app/Models/Pages/Install.php

@@ -907,8 +907,7 @@ class Install extends Page
                 'registration_ip'  => ['VARCHAR(45)', false, ''],
                 'last_visit'       => ['INT(10) UNSIGNED', false, 0],
                 'admin_note'       => ['VARCHAR(30)', false, ''],
-                'activate_string'  => ['VARCHAR(80)', true],
-                'activate_key'     => ['VARCHAR(8)', true],    //????
+                'activate_string'  => ['VARCHAR(80)', false, ''],
                 'messages_enable'  => ['TINYINT(1)', false, 1],
                 'messages_email'   => ['TINYINT(1)', false, 0],
                 'messages_flag'    => ['TINYINT(1)', false, 0],

app/Models/Pages/Profile.php

@@ -153,7 +153,7 @@ class Profile extends Page
 
                 $this->c->DB->commit();
 
-                return $this->c->Redirect->page('EditUserProfile',  ['id' => $this->curUser->id])->message('Profile redirect');
+                return $this->c->Redirect->page('EditUserProfile', ['id' => $this->curUser->id])->message('Profile redirect');
             } else {
                 $this->fIswev = $v->getErrors();
 
@@ -165,7 +165,7 @@ class Profile extends Page
 
         if ($isEdit) {
             $this->robots = 'noindex';
-            $crumbs[]     = [$this->c->Router->link('EditUserProfile',  ['id' => $this->curUser->id]), \ForkBB\__('Editing profile')];
+            $crumbs[]     = [$this->c->Router->link('EditUserProfile', ['id' => $this->curUser->id]), \ForkBB\__('Editing profile')];
         } else {
             $this->canonical = $this->curUser->link;
         }
@@ -211,19 +211,32 @@ class Profile extends Page
                     'check_password' => [$this, 'vCheckPassword'],
                     'check_email'    => [$this->c->Validators, 'vCheckEmail'],
                 ])->addRules([
-                    'token'         => 'token:ChangeUserEmail',
-                    'password'      => 'required|string:trim|check_password',
-                    'new_email'     => 'required|string:trim,lower|email|check_email',
+                    'token'     => 'token:ChangeUserEmail',
+                    'password'  => 'required|string:trim|check_password',
+                    'new_email' => 'required|string:trim,lower|email|check_email',
                 ])->addAliases([
-                    'new_email'     => 'New email',
-                    'password'      => 'Your password',
+                    'new_email' => 'New email',
+                    'password'  => 'Your password',
                 ])->addArguments([
-                    'token'                   => ['id' => $this->curUser->id],
+                    'token'                 => ['id' => $this->curUser->id],
                     'new_email.check_email' => $this->curUser,
                 ])->addMessages([
                 ]);
 
             if ($v->validation($_POST)) {
+                if ($v->new_email === $this->curUser->email) {
+                    return $this->c->Redirect->page('EditUserProfile', ['id' => $this->curUser->id])->message('Email is old redirect');
+                }
+
+                if ($this->user->isAdmin || '1' != $this->c->config->o_regs_verify) {
+                    $this->curUser->email           = $v->new_email;
+                    $this->curUser->email_confirmed = 0;
+
+                    $this->c->users->update($this->curUser);
+
+                    return $this->c->Redirect->page('EditUserProfile', ['id' => $this->curUser->id])->message('Email changed redirect');
+                }
+
 
             }
 
@@ -266,8 +279,6 @@ class Profile extends Page
             ],
         ];
 
-
-
         $this->robots     = 'noindex';
         $this->crumbs     = $this->extCrumbs(
             [$this->c->Router->link('ChangeUserEmail', ['id' => $this->curUser->id]), \ForkBB\__('Change email')]

app/Models/Pages/Register.php

@@ -78,16 +78,16 @@ class Register extends Page
     {
         if ('1' == $this->c->config->o_regs_verify) {
             $groupId = 0;
-            $key = 'w' . $this->c->Secury->randomPass(79);
+            $key     = $this->c->Secury->randomPass(31);
         } else {
             $groupId = $this->c->config->o_default_user_group;
-            $key = null;
+            $key     = null;
         }
 
         $user = $this->c->users->create();
 
         $user->username        = $v->username;
-        $user->password        = password_hash($v->password, PASSWORD_DEFAULT);
+        $user->password        = \password_hash($v->password, PASSWORD_DEFAULT);
         $user->group_id        = $groupId;
         $user->email           = $v->email;
         $user->email_confirmed = 0;
@@ -187,8 +187,6 @@ class Register extends Page
     {
         if (! \hash_equals($args['hash'], $this->c->Secury->hash($args['id'] . $args['key']))
             || ! ($user = $this->c->users->load($args['id'])) instanceof User
-            || empty($user->activate_string)
-            || 'w' !== $user->activate_string{0}
             || ! \hash_equals($user->activate_string, $args['key'])
         ) {
             return $this->c->Message->message('Bad request', false);
@@ -196,7 +194,8 @@ class Register extends Page
 
         $user->group_id        = $this->c->config->o_default_user_group;
         $user->email_confirmed = 1;
-        $user->activate_string = null;
+        $user->activate_string = '';
+
         $this->c->users->update($user);
 
         $this->c->Cache->delete('stats');

app/lang/English/profile.po

@@ -443,3 +443,9 @@ msgstr "Your password"
 
 msgid "Invalid password"
 msgstr "Invalid password"
+
+msgid "Email is old redirect"
+msgstr "Email address is not changed. Redirecting …"
+
+msgid "Email changed redirect"
+msgstr "Email address changed. Redirecting …"

app/lang/Russian/profile.po

@@ -443,3 +443,9 @@ msgstr "Ваш пароль"
 
 msgid "Invalid password"
 msgstr "Неверный пароль"
+
+msgid "Email is old redirect"
+msgstr "Адрес электронной почты оставлен без изменений. Переадресация …"
+
+msgid "Email changed redirect"
+msgstr "Адрес электронной почты изменен. Переадресация …"