public/confirm.php

<?php
require_once("../include/bittorrent.php");
header("Content-Type: text/html; charset=utf-8");
$id = (int) $_GET["id"];
$confirm_md5 = $_GET["secret"];

if (!$id)
	httperr();

dbconn();

$res = sql_query("SELECT passhash, secret, editsecret, status FROM users WHERE id = ".sqlesc($id)) or sqlerr(__FILE__, __LINE__);
$row = mysql_fetch_assoc($res);

if (!$row)
	httperr();

if ($row["status"] != "pending") {
	header("Location: ok.php?type=confirmed");
	exit();
}

$confirm_sec = hash_pad($row["secret"]);
if ($confirm_md5 != md5($confirm_sec))
	httperr();

sql_query("UPDATE users SET status='confirmed', editsecret='' WHERE id=".sqlesc($id)." AND status='pending'") or sqlerr(__FILE__, __LINE__);

if (!mysql_affected_rows())
	httperr();


if ($securelogin == "yes")
{
	$securelogin_indentity_cookie = true;
	$passh = md5($row["passhash"].$_SERVER["REMOTE_ADDR"]);
}
else	// when it's op, default is not use secure login
{
	$securelogin_indentity_cookie = false;
	$passh = md5($row["passhash"]);
}
logincookie($id, $passh,1,get_setting('system.cookie_valid_days', 365) * 86400,$securelogin_indentity_cookie);
//sessioncookie($row["id"], $passh,false);

header("Location: ok.php?type=confirm");
?>
init 2020-12-26 01:42:23 +08:00			`<?php`
add composer 2021-01-13 19:32:26 +08:00			`require_once("../include/bittorrent.php");`
init 2020-12-26 01:42:23 +08:00			`header("Content-Type: text/html; charset=utf-8");`
			`$id = (int) $_GET["id"];`
			`$confirm_md5 = $_GET["secret"];`

			`if (!$id)`
			`httperr();`

			`dbconn();`

			`$res = sql_query("SELECT passhash, secret, editsecret, status FROM users WHERE id = ".sqlesc($id)) or sqlerr(__FILE__, __LINE__);`
			`$row = mysql_fetch_assoc($res);`

			`if (!$row)`
			`httperr();`

			`if ($row["status"] != "pending") {`
fix: Change Refresh into Location If use Refresh, it will not work on some browser and some protocols (e.g. HTTP/2). So, change Refresh into Location. Signed-off-by: SPC <github@spcsky.com> 2025-02-19 19:46:51 +08:00			`header("Location: ok.php?type=confirmed");`
init 2020-12-26 01:42:23 +08:00			`exit();`
			`}`

			`$confirm_sec = hash_pad($row["secret"]);`
			`if ($confirm_md5 != md5($confirm_sec))`
			`httperr();`

			`sql_query("UPDATE users SET status='confirmed', editsecret='' WHERE id=".sqlesc($id)." AND status='pending'") or sqlerr(__FILE__, __LINE__);`

			`if (!mysql_affected_rows())`
			`httperr();`

nastools approve 2023-03-04 23:28:47 +08:00
init 2020-12-26 01:42:23 +08:00			`if ($securelogin == "yes")`
			`{`
			`$securelogin_indentity_cookie = true;`
			`$passh = md5($row["passhash"].$_SERVER["REMOTE_ADDR"]);`
			`}`
			`else // when it's op, default is not use secure login`
			`{`
			`$securelogin_indentity_cookie = false;`
			`$passh = md5($row["passhash"]);`
			`}`
nastools approve 2023-03-04 23:28:47 +08:00			`logincookie($id, $passh,1,get_setting('system.cookie_valid_days', 365) * 86400,$securelogin_indentity_cookie);`
init 2020-12-26 01:42:23 +08:00			`//sessioncookie($row["id"], $passh,false);`

fix: Change Refresh into Location If use Refresh, it will not work on some browser and some protocols (e.g. HTTP/2). So, change Refresh into Location. Signed-off-by: SPC <github@spcsky.com> 2025-02-19 19:46:51 +08:00			`header("Location: ok.php?type=confirm");`
init 2020-12-26 01:42:23 +08:00			`?>`