2020-12-26 01:42:23 +08:00
|
|
|
<?php
|
2021-01-13 19:32:26 +08:00
|
|
|
require_once("../include/bittorrent.php");
|
2020-12-26 01:42:23 +08:00
|
|
|
|
|
|
|
|
if (!preg_match(':^/(\d{1,10})/([\w]{32})/(.+)$:', $_SERVER["PATH_INFO"], $matches))
|
|
|
|
|
httperr();
|
|
|
|
|
|
2021-01-06 00:56:13 +08:00
|
|
|
$id = intval($matches[1] ?? 0);
|
2020-12-26 01:42:23 +08:00
|
|
|
$md5 = $matches[2];
|
|
|
|
|
$email = urldecode($matches[3]);
|
|
|
|
|
//print($email);
|
|
|
|
|
//die();
|
|
|
|
|
|
|
|
|
|
if (!$id)
|
|
|
|
|
httperr();
|
|
|
|
|
dbconn();
|
|
|
|
|
|
|
|
|
|
$res = sql_query("SELECT editsecret FROM users WHERE id = $id");
|
|
|
|
|
$row = mysql_fetch_array($res);
|
|
|
|
|
|
|
|
|
|
if (!$row)
|
|
|
|
|
httperr();
|
|
|
|
|
|
|
|
|
|
$sec = hash_pad($row["editsecret"]);
|
|
|
|
|
if (preg_match('/^ *$/s', $sec))
|
|
|
|
|
httperr();
|
|
|
|
|
if ($md5 != md5($sec . $email . $sec))
|
|
|
|
|
httperr();
|
|
|
|
|
|
|
|
|
|
sql_query("UPDATE users SET editsecret='', email=" . sqlesc($email) . " WHERE id=$id AND editsecret=" . sqlesc($row["editsecret"]));
|
|
|
|
|
|
|
|
|
|
if (!mysql_affected_rows())
|
|
|
|
|
httperr();
|
|
|
|
|
|
2025-02-19 19:46:51 +08:00
|
|
|
header("Location: " . get_protocol_prefix() . "$BASEURL/usercp.php?action=security&type=saved");
|
|
|
|
|
?>
|
