forked from sicalpath/tjupt
-
Notifications
You must be signed in to change notification settings - Fork 2
/
confirm.php
46 lines (35 loc) · 1.22 KB
/
confirm.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
<?php
require_once("include/bittorrent.php");
global $securelogin;
header("Content-Type: text/html; charset=utf-8");
$id = (int)$_GET["id"];
$confirm_md5 = $_GET["secret"];
if (!$id)
httperr();
dbconn();
$res = sql_query("SELECT id, passhash, secret, editsecret, status FROM users WHERE id = " . sqlesc($id)) or sqlerr(__FILE__, __LINE__);
$row = mysql_fetch_assoc($res);
if (!$row)
httperr();
if ($row["status"] != "pending") {
header("Refresh: 0; url=ok.php?type=confirmed");
exit();
}
$confirm_sec = hash_pad($row["secret"]);
if ($confirm_md5 != md5($confirm_sec))
httperr();
sql_query("UPDATE users SET status='confirmed', editsecret='' WHERE id=" . sqlesc($id) . " AND status='pending'") or sqlerr(__FILE__, __LINE__);
if (!mysql_affected_rows())
httperr();
if ($securelogin == "yes") {
$securelogin_indentity_cookie = true;
$passh = md5($row["passhash"] . $_SERVER["REMOTE_ADDR"]);
} else // when it's op, default is not use secure login
{
$securelogin_indentity_cookie = false;
$passh = md5($row["passhash"]);
}
logincookie($row["id"], $passh, 1, 0x7fffffff, $securelogin_indentity_cookie);
//sessioncookie($row["id"], $passh,false);
header("Refresh: 0; url=ok.php?type=confirm");
?>