makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-29 06:38:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

More fixes, addresses double activation attempt

Browse source 
git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@2571 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen 2002-05-12 17:57:34 +00:00
parent 801891caea
commit 6ca24b8a9f
5 changed files with 86 additions and 74 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
phpBB/common.php
View file

@ -153,7 +153,7 @@ if( getenv('HTTP_X_FORWARDED_FOR') != '' )
if ( preg_match("/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/", getenv('HTTP_X_FORWARDED_FOR'), $ip_list) ) if ( preg_match("/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/", getenv('HTTP_X_FORWARDED_FOR'), $ip_list) )
{ {
$private_ip = array('/^127\.0\.0\.1/', '/^192\.168\..*/', '/^172\.16\..*/', '/^10..*/', '/^224..*/', '/^240..*/'); $private_ip = array('/^0\./', '/^127\.0\.0\.1/', '/^192\.168\..*/', '/^172\.16\..*/', '/^10..*/', '/^224..*/', '/^240..*/');
$client_ip = preg_replace($private_ip, $client_ip, $ip_list[1]); $client_ip = preg_replace($private_ip, $client_ip, $ip_list[1]);
} }
} }

35
phpBB/includes/usercp_activate.php
View file

@ -27,20 +27,36 @@ if ( !defined('IN_PHPBB') )
exit; exit;
} }
$sql = "SELECT user_id, user_email, user_newpasswd, user_lang $sql = "SELECT user_active, user_id, user_email, user_newpasswd, user_lang, user_actkey
FROM " . USERS_TABLE . " FROM " . USERS_TABLE . "
WHERE user_actkey = '" . str_replace("\'", "''", $HTTP_GET_VARS['act_key']) . "'"; WHERE user_id = " . intval($HTTP_GET_VARS[POST_USERS_URL]);
if ( $result = $db->sql_query($sql) ) if ( !($result = $db->sql_query($sql)) )
{ {
message_die(GENERAL_ERROR, 'Could not obtain user information', '', __LINE__, __FILE__, $sql);
}
if ( $row = $db->sql_fetchrow($result) ) if ( $row = $db->sql_fetchrow($result) )
{ {
$sql_update_pass = ( $row['user_newpasswd'] != '' ) ? ", user_password = '" . str_replace("\'", "''", $row['user_newpasswd']) . "', user_newpasswd = ''" : ""; if ( $row['user_active'] && $row['user_actkey'] == '' )
{
$template->assign_vars(array(
'META' => '<meta http-equiv="refresh" content="10;url=' . append_sid("index.$phpEx") . '">')
);
message_die(GENERAL_MESSAGE, $lang['Already_activated']);
}
else if ( $row['user_actkey'] == $HTTP_GET_VARS['act_key'] )
{
$sql_update_pass = ( $row['user_newpasswd'] != '' ) ? ", user_password = '" . str_replace("\'", "''", $row['user_newpasswd']) . "', user_newpasswd = ''" : '';
$sql = "UPDATE " . USERS_TABLE . " $sql = "UPDATE " . USERS_TABLE . "
SET user_active = 1, user_actkey = ''" . $sql_update_pass . " SET user_active = 1, user_actkey = ''" . $sql_update_pass . "
WHERE user_id = " . $row['user_id']; WHERE user_id = " . $row['user_id'];
if ( $result = $db->sql_query($sql) ) if ( !($result = $db->sql_query($sql)) )
{ {
message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql_update);
}
if ( $board_config['require_activation'] == USER_ACTIVATION_ADMIN && $sql_update_pass == '' ) if ( $board_config['require_activation'] == USER_ACTIVATION_ADMIN && $sql_update_pass == '' )
{ {
include($phpbb_root_path . 'includes/emailer.'.$phpEx); include($phpbb_root_path . 'includes/emailer.'.$phpEx);
@ -80,17 +96,12 @@ if ( $result = $db->sql_query($sql) )
} }
else else
{ {
message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql_update); message_die(GENERAL_MESSAGE, $lang['Wrong_activation']);
} }
} }
else else
{ {
message_die(GENERAL_MESSAGE, $lang['Wrong_activation']); //wrongactiv message_die(GENERAL_MESSAGE, $lang['No_such_user']);
}
}
else
{
message_die(GENERAL_ERROR, 'Could not obtain user information', '', __LINE__, __FILE__, $sql);
} }
?> ?>

11
phpBB/includes/usercp_register.php
View file

@ -388,9 +388,10 @@ if ( isset($HTTP_POST_VARS['submit']) )
if ( $mode == 'editprofile' ) if ( $mode == 'editprofile' )
{ {
if ( $email != $current_email && ( $board_config['require_activation'] == USER_ACTIVATION_SELF || $board_config['require_activation'] == USER_ACTIVATION_ADMIN ) && $userdata['user_level'] != ADMIN ) if ( $email != $userdata['user_email'] && $board_config['require_activation'] != USER_ACTIVATION_NONE && $userdata['user_level'] != ADMIN )
{ {
$user_active = 0; $user_active = 0;
$user_actkey = gen_rand_string(true); $user_actkey = gen_rand_string(true);
$key_len = 54 - ( strlen($server_url) ); $key_len = 54 - ( strlen($server_url) );
$key_len = ( $key_len > 6 ) ? $key_len : 6; $key_len = ( $key_len > 6 ) ? $key_len : 6;
@ -435,7 +436,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
'USERNAME' => $username, 'USERNAME' => $username,
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']), 'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']),
'U_ACTIVATE' => $server_url . '?mode=activate&act_key=' . $user_actkey) 'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey)
); );
$emailer->send(); $emailer->send();
$emailer->reset(); $emailer->reset();
@ -558,8 +559,6 @@ if ( isset($HTTP_POST_VARS['submit']) )
'PASSWORD' => $password_confirm, 'PASSWORD' => $password_confirm,
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']), 'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']),
'U_ACTIVATE' => $server_url . '?mode=activate&act_key=' . $user_actkey,
'FAX_INFO' => $board_config['coppa_fax'], 'FAX_INFO' => $board_config['coppa_fax'],
'MAIL_INFO' => $board_config['coppa_mail'], 'MAIL_INFO' => $board_config['coppa_mail'],
'EMAIL_ADDRESS' => $email, 'EMAIL_ADDRESS' => $email,
@ -582,7 +581,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
'PASSWORD' => $password_confirm, 'PASSWORD' => $password_confirm,
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']), 'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']),
'U_ACTIVATE' => $server_url . '?mode=activate&act_key=' . $user_actkey) 'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey)
); );
} }
@ -600,7 +599,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
'USERNAME' => $username, 'USERNAME' => $username,
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']), 'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']),
'U_ACTIVATE' => $server_url . '?mode=activate&act_key=' . $user_actkey) 'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey)
); );
$emailer->send(); $emailer->send();
$emailer->reset(); $emailer->reset();

3
phpBB/includes/usercp_sendpasswd.php
View file

@ -46,6 +46,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
} }
$username = $row['username']; $username = $row['username'];
$user_id = $row['user_id'];
$user_actkey = gen_rand_string(true); $user_actkey = gen_rand_string(true);
$key_len = 54 - strlen($server_url); $key_len = 54 - strlen($server_url);
@ -77,7 +78,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
'PASSWORD' => $user_password, 'PASSWORD' => $user_password,
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']), 'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']),
'U_ACTIVATE' => $server_url . "?mode=activate&act_key=$user_actkey") 'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey)
); );
$emailer->send(); $emailer->send();
$emailer->reset(); $emailer->reset();

1
phpBB/language/lang_english/lang_main.php
View file

@ -623,6 +623,7 @@ $lang['Account_inactive_admin'] = 'Your account has been created. However, this
$lang['Account_active'] = 'Your account has now been activated. Thank you for registering'; $lang['Account_active'] = 'Your account has now been activated. Thank you for registering';
$lang['Account_active_admin'] = 'The account has now been activated'; $lang['Account_active_admin'] = 'The account has now been activated';
$lang['Reactivate'] = 'Reactivate your account!'; $lang['Reactivate'] = 'Reactivate your account!';
$lang['Already_activated'] = 'You have already activated your account';
$lang['COPPA'] = 'Your account has been created but has to be approved, please check your email for details.'; $lang['COPPA'] = 'Your account has been created but has to be approved, please check your email for details.';
$lang['Registration'] = 'Registration Agreement Terms'; $lang['Registration'] = 'Registration Agreement Terms';