diff --git a/phpBB/common.php b/phpBB/common.php
index 82c6b56f4a..fb2de73b9f 100644
--- a/phpBB/common.php
+++ b/phpBB/common.php
@@ -153,7 +153,7 @@ if( getenv('HTTP_X_FORWARDED_FOR') != '' )
if ( preg_match("/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/", getenv('HTTP_X_FORWARDED_FOR'), $ip_list) )
{
- $private_ip = array('/^127\.0\.0\.1/', '/^192\.168\..*/', '/^172\.16\..*/', '/^10..*/', '/^224..*/', '/^240..*/');
+ $private_ip = array('/^0\./', '/^127\.0\.0\.1/', '/^192\.168\..*/', '/^172\.16\..*/', '/^10..*/', '/^224..*/', '/^240..*/');
$client_ip = preg_replace($private_ip, $client_ip, $ip_list[1]);
}
}
diff --git a/phpBB/includes/usercp_activate.php b/phpBB/includes/usercp_activate.php
index e1e52e8615..eaed7ec719 100644
--- a/phpBB/includes/usercp_activate.php
+++ b/phpBB/includes/usercp_activate.php
@@ -27,70 +27,81 @@ if ( !defined('IN_PHPBB') )
exit;
}
-$sql = "SELECT user_id, user_email, user_newpasswd, user_lang
+$sql = "SELECT user_active, user_id, user_email, user_newpasswd, user_lang, user_actkey
FROM " . USERS_TABLE . "
- WHERE user_actkey = '" . str_replace("\'", "''", $HTTP_GET_VARS['act_key']) . "'";
-if ( $result = $db->sql_query($sql) )
-{
- if ( $row = $db->sql_fetchrow($result) )
- {
- $sql_update_pass = ( $row['user_newpasswd'] != '' ) ? ", user_password = '" . str_replace("\'", "''", $row['user_newpasswd']) . "', user_newpasswd = ''" : "";
-
- $sql = "UPDATE " . USERS_TABLE . "
- SET user_active = 1, user_actkey = ''" . $sql_update_pass . "
- WHERE user_id = " . $row['user_id'];
- if ( $result = $db->sql_query($sql) )
- {
- if ( $board_config['require_activation'] == USER_ACTIVATION_ADMIN && $sql_update_pass == '' )
- {
- include($phpbb_root_path . 'includes/emailer.'.$phpEx);
- $emailer = new emailer($board_config['smtp_delivery']);
-
- $email_headers = 'From: ' . $board_config['board_email'] . "\r\nReturn-Path: " . $board_config['board_email'] . "\r\n";
-
- $emailer->use_template('admin_welcome_activated', $row['user_lang']);
- $emailer->email_address($row['user_email']);
- $emailer->set_subject();//$lang['Account_activated_subject']
- $emailer->extra_headers($email_headers);
-
- $emailer->assign_vars(array(
- 'SITENAME' => $board_config['sitename'],
- 'USERNAME' => $username,
- 'PASSWORD' => $password_confirm,
- 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']))
- );
- $emailer->send();
- $emailer->reset();
-
- $template->assign_vars(array(
- 'META' => '')
- );
-
- message_die(GENERAL_MESSAGE, $lang['Account_active_admin']);
- }
- else
- {
- $template->assign_vars(array(
- 'META' => '')
- );
-
- $message = ( $sql_update_pass == '' ) ? $lang['Account_active'] : $lang['Password_activated'];
- message_die(GENERAL_MESSAGE, $message);
- }
- }
- else
- {
- message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql_update);
- }
- }
- else
- {
- message_die(GENERAL_MESSAGE, $lang['Wrong_activation']); //wrongactiv
- }
-}
-else
+ WHERE user_id = " . intval($HTTP_GET_VARS[POST_USERS_URL]);
+if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain user information', '', __LINE__, __FILE__, $sql);
}
-?>
+if ( $row = $db->sql_fetchrow($result) )
+{
+ if ( $row['user_active'] && $row['user_actkey'] == '' )
+ {
+ $template->assign_vars(array(
+ 'META' => '')
+ );
+
+ message_die(GENERAL_MESSAGE, $lang['Already_activated']);
+ }
+ else if ( $row['user_actkey'] == $HTTP_GET_VARS['act_key'] )
+ {
+ $sql_update_pass = ( $row['user_newpasswd'] != '' ) ? ", user_password = '" . str_replace("\'", "''", $row['user_newpasswd']) . "', user_newpasswd = ''" : '';
+
+ $sql = "UPDATE " . USERS_TABLE . "
+ SET user_active = 1, user_actkey = ''" . $sql_update_pass . "
+ WHERE user_id = " . $row['user_id'];
+ if ( !($result = $db->sql_query($sql)) )
+ {
+ message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql_update);
+ }
+
+ if ( $board_config['require_activation'] == USER_ACTIVATION_ADMIN && $sql_update_pass == '' )
+ {
+ include($phpbb_root_path . 'includes/emailer.'.$phpEx);
+ $emailer = new emailer($board_config['smtp_delivery']);
+
+ $email_headers = 'From: ' . $board_config['board_email'] . "\r\nReturn-Path: " . $board_config['board_email'] . "\r\n";
+
+ $emailer->use_template('admin_welcome_activated', $row['user_lang']);
+ $emailer->email_address($row['user_email']);
+ $emailer->set_subject();//$lang['Account_activated_subject']
+ $emailer->extra_headers($email_headers);
+
+ $emailer->assign_vars(array(
+ 'SITENAME' => $board_config['sitename'],
+ 'USERNAME' => $username,
+ 'PASSWORD' => $password_confirm,
+ 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']))
+ );
+ $emailer->send();
+ $emailer->reset();
+
+ $template->assign_vars(array(
+ 'META' => '')
+ );
+
+ message_die(GENERAL_MESSAGE, $lang['Account_active_admin']);
+ }
+ else
+ {
+ $template->assign_vars(array(
+ 'META' => '')
+ );
+
+ $message = ( $sql_update_pass == '' ) ? $lang['Account_active'] : $lang['Password_activated'];
+ message_die(GENERAL_MESSAGE, $message);
+ }
+ }
+ else
+ {
+ message_die(GENERAL_MESSAGE, $lang['Wrong_activation']);
+ }
+}
+else
+{
+ message_die(GENERAL_MESSAGE, $lang['No_such_user']);
+}
+
+?>
\ No newline at end of file
diff --git a/phpBB/includes/usercp_register.php b/phpBB/includes/usercp_register.php
index 062fec633c..c2e8ebb077 100644
--- a/phpBB/includes/usercp_register.php
+++ b/phpBB/includes/usercp_register.php
@@ -388,12 +388,13 @@ if ( isset($HTTP_POST_VARS['submit']) )
if ( $mode == 'editprofile' )
{
- if ( $email != $current_email && ( $board_config['require_activation'] == USER_ACTIVATION_SELF || $board_config['require_activation'] == USER_ACTIVATION_ADMIN ) && $userdata['user_level'] != ADMIN )
+ if ( $email != $userdata['user_email'] && $board_config['require_activation'] != USER_ACTIVATION_NONE && $userdata['user_level'] != ADMIN )
{
$user_active = 0;
+
$user_actkey = gen_rand_string(true);
- $key_len = 54 - (strlen($server_url));
- $key_len = ($key_len > 6) ? $key_len : 6;
+ $key_len = 54 - ( strlen($server_url) );
+ $key_len = ( $key_len > 6 ) ? $key_len : 6;
$user_actkey = substr($user_actkey, 0, $key_len);
if ( $userdata['session_logged_in'] )
@@ -435,7 +436,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
'USERNAME' => $username,
'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']),
- 'U_ACTIVATE' => $server_url . '?mode=activate&act_key=' . $user_actkey)
+ 'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey)
);
$emailer->send();
$emailer->reset();
@@ -558,8 +559,6 @@ if ( isset($HTTP_POST_VARS['submit']) )
'PASSWORD' => $password_confirm,
'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']),
- 'U_ACTIVATE' => $server_url . '?mode=activate&act_key=' . $user_actkey,
-
'FAX_INFO' => $board_config['coppa_fax'],
'MAIL_INFO' => $board_config['coppa_mail'],
'EMAIL_ADDRESS' => $email,
@@ -582,7 +581,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
'PASSWORD' => $password_confirm,
'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']),
- 'U_ACTIVATE' => $server_url . '?mode=activate&act_key=' . $user_actkey)
+ 'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey)
);
}
@@ -600,7 +599,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
'USERNAME' => $username,
'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']),
- 'U_ACTIVATE' => $server_url . '?mode=activate&act_key=' . $user_actkey)
+ 'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey)
);
$emailer->send();
$emailer->reset();
diff --git a/phpBB/includes/usercp_sendpasswd.php b/phpBB/includes/usercp_sendpasswd.php
index b060f75fcf..9d36344eba 100644
--- a/phpBB/includes/usercp_sendpasswd.php
+++ b/phpBB/includes/usercp_sendpasswd.php
@@ -46,6 +46,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
}
$username = $row['username'];
+ $user_id = $row['user_id'];
$user_actkey = gen_rand_string(true);
$key_len = 54 - strlen($server_url);
@@ -54,7 +55,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
$user_password = gen_rand_string(false);
$sql = "UPDATE " . USERS_TABLE . "
- SET user_newpasswd = '" .md5($user_password) . "', user_actkey = '$user_actkey'
+ SET user_newpasswd = '" . md5($user_password) . "', user_actkey = '$user_actkey'
WHERE user_id = " . $row['user_id'];
if ( !$db->sql_query($sql) )
{
@@ -77,7 +78,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
'PASSWORD' => $user_password,
'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']),
- 'U_ACTIVATE' => $server_url . "?mode=activate&act_key=$user_actkey")
+ 'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey)
);
$emailer->send();
$emailer->reset();
@@ -131,4 +132,4 @@ $template->pparse('body');
include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
-?>
+?>
\ No newline at end of file
diff --git a/phpBB/language/lang_english/lang_main.php b/phpBB/language/lang_english/lang_main.php
index a2058cdcd8..0c4999a632 100644
--- a/phpBB/language/lang_english/lang_main.php
+++ b/phpBB/language/lang_english/lang_main.php
@@ -623,6 +623,7 @@ $lang['Account_inactive_admin'] = 'Your account has been created. However, this
$lang['Account_active'] = 'Your account has now been activated. Thank you for registering';
$lang['Account_active_admin'] = 'The account has now been activated';
$lang['Reactivate'] = 'Reactivate your account!';
+$lang['Already_activated'] = 'You have already activated your account';
$lang['COPPA'] = 'Your account has been created but has to be approved, please check your email for details.';
$lang['Registration'] = 'Registration Agreement Terms';