public/takeconfirm.php

<?php
require_once("../include/bittorrent.php");
dbconn();
require_once(get_langfile_path());
loggedinorreturn();
$id =  isset($_POST['id']) ? intval($_POST['id']) : (isset($_GET['id']) ? intval($_GET['id']) : die());
int_check($id,true);
if (($CURUSER['id'] != $id && !user_can('viewinvite')) || !is_valid_id($id))
    stderr($lang_functions['std_sorry'],$lang_functions['std_permission_denied'], true, false);
$email = unesc(htmlspecialchars(trim($_POST["email"])));
if(!empty($_POST['conusr'])) {
//    sql_query("UPDATE users SET status = 'confirmed', editsecret = '' WHERE id IN (" . implode(", ", $_POST['conusr']) . ") AND status='pending'");
    $userList = \App\Models\User::query()->whereIn('id', $_POST['conusr'])
        ->where('status', 'pending')
        ->get(\App\Models\User::$commonFields)
    ;
    if ($userList->isNotEmpty()) {
        $uidArr = [];
        foreach ($userList as $user) {
            $uidArr[] = $user->id;
            fire_event(\App\Enums\ModelEventEnum::USER_UPDATED, $user);
        }
        \App\Models\User::query()->whereIn('id', $uidArr)->update(['status' => 'confirmed', 'editsecret' => '']);
    }
} else {
    stderr($lang_takeconfirm['std_sorry'],$lang_takeconfirm['std_no_buddy_to_confirm'].
        "<a class=altlink href=invite.php?id={$CURUSER['id']}>".$lang_takeconfirm['std_here_to_go_back'],false);
}
$title = $SITENAME.$lang_takeconfirm['mail_title'];
$baseUrl = getSchemeAndHttpHost();
$siteName = \App\Models\Setting::getSiteName();
$mailContentTwo = sprintf($lang_takeconfirm['mail_content_two'], $siteName, $REPORTMAIL, $siteName);
$body = <<<EOD
{$lang_takeconfirm['mail_content_1']}
<b><a href="javascript:void(null)" onclick="window.open('{$baseUrl}/login.php')">{$lang_takeconfirm['mail_here']}</a></b><br />
{$baseUrl}/login.php
{$mailContentTwo}
EOD;

//this mail is sent when the site is using admin(open/closed)/inviter(closed) confirmation and the admin/inviter confirmed the pending user
sent_mail($email,$SITENAME,$SITEEMAIL,$title,$body,"invite confirm",false,false,'');

header("Location: invite.php?id=".htmlspecialchars($CURUSER['id']));
?>
init 2020-12-26 01:42:23 +08:00			`<?php`
add composer 2021-01-13 19:32:26 +08:00			`require_once("../include/bittorrent.php");`
init 2020-12-26 01:42:23 +08:00			`dbconn();`
			`require_once(get_langfile_path());`
takeconfirm.php require login 2024-04-29 01:20:28 +08:00			`loggedinorreturn();`
keep some default value be integer 2 2021-01-06 02:19:03 +08:00			`$id = isset($_POST['id']) ? intval($_POST['id']) : (isset($_GET['id']) ? intval($_GET['id']) : die());`
init 2020-12-26 01:42:23 +08:00			`int_check($id,true);`
takeconfirm.php check permission 2024-04-29 01:41:55 +08:00			`if (($CURUSER['id'] != $id && !user_can('viewinvite')) \|\| !is_valid_id($id))`
			`stderr($lang_functions['std_sorry'],$lang_functions['std_permission_denied'], true, false);`
init 2020-12-26 01:42:23 +08:00			`$email = unesc(htmlspecialchars(trim($_POST["email"])));`
fix some security issues + change username min length to 3 2022-12-08 20:43:33 +08:00			`if(!empty($_POST['conusr'])) {`
			`// sql_query("UPDATE users SET status = 'confirmed', editsecret = '' WHERE id IN (" . implode(", ", $_POST['conusr']) . ") AND status='pending'");`
misc up 2025-09-14 00:47:09 +07:00			`$userList = \App\Models\User::query()->whereIn('id', $_POST['conusr'])`
fix some security issues + change username min length to 3 2022-12-08 20:43:33 +08:00			`->where('status', 'pending')`
misc up 2025-09-14 00:47:09 +07:00			`->get(\App\Models\User::$commonFields)`
fix some security issues + change username min length to 3 2022-12-08 20:43:33 +08:00			`;`
misc up 2025-09-14 00:47:09 +07:00			`if ($userList->isNotEmpty()) {`
			`$uidArr = [];`
			`foreach ($userList as $user) {`
			`$uidArr[] = $user->id;`
			`fire_event(\App\Enums\ModelEventEnum::USER_UPDATED, $user);`
			`}`
			`\App\Models\User::query()->whereIn('id', $uidArr)->update(['status' => 'confirmed', 'editsecret' => '']);`
			`}`
fix some security issues + change username min length to 3 2022-12-08 20:43:33 +08:00			`} else {`
			`stderr($lang_takeconfirm['std_sorry'],$lang_takeconfirm['std_no_buddy_to_confirm'].`
			`"<a class=altlink href=invite.php?id={$CURUSER['id']}>".$lang_takeconfirm['std_here_to_go_back'],false);`
			`}`
init 2020-12-26 01:42:23 +08:00			`$title = $SITENAME.$lang_takeconfirm['mail_title'];`
fix checkuser page + add harem addition to invite page 2022-08-05 16:13:19 +08:00			`$baseUrl = getSchemeAndHttpHost();`
add lang: ja 2025-04-19 02:06:51 +07:00			`$siteName = \App\Models\Setting::getSiteName();`
			`$mailContentTwo = sprintf($lang_takeconfirm['mail_content_two'], $siteName, $REPORTMAIL, $siteName);`
init 2020-12-26 01:42:23 +08:00			`$body = <<<EOD`
			`{$lang_takeconfirm['mail_content_1']}`
fix checkuser page + add harem addition to invite page 2022-08-05 16:13:19 +08:00			`<b><a href="javascript:void(null)" onclick="window.open('{$baseUrl}/login.php')">{$lang_takeconfirm['mail_here']}</a></b><br />`
			`{$baseUrl}/login.php`
add lang: ja 2025-04-19 02:06:51 +07:00			`{$mailContentTwo}`
init 2020-12-26 01:42:23 +08:00			`EOD;`

			`//this mail is sent when the site is using admin(open/closed)/inviter(closed) confirmation and the admin/inviter confirmed the pending user`
fix email encode and format 2021-02-02 20:27:37 +08:00			`sent_mail($email,$SITENAME,$SITEEMAIL,$title,$body,"invite confirm",false,false,'');`
init 2020-12-26 01:42:23 +08:00
fix: Change Refresh into Location If use Refresh, it will not work on some browser and some protocols (e.g. HTTP/2). So, change Refresh into Location. Signed-off-by: SPC <github@spcsky.com> 2025-02-19 19:46:51 +08:00			`header("Location: invite.php?id=".htmlspecialchars($CURUSER['id']));`
init 2020-12-26 01:42:23 +08:00			`?>`