makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-29 06:38:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

More fixes, addresses double activation attempt

Browse source 
git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@2571 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen 2002-05-12 17:57:34 +00:00
parent 801891caea
commit 6ca24b8a9f
5 changed files with 86 additions and 74 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
phpBB/common.php
View file

@ -153,7 +153,7 @@ if( getenv('HTTP_X_FORWARDED_FOR') != '' )
if ( preg_match("/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/", getenv('HTTP_X_FORWARDED_FOR'), $ip_list) )
{
$private_ip = array('/^127\.0\.0\.1/', '/^192\.168\..*/', '/^172\.16\..*/', '/^10..*/', '/^224..*/', '/^240..*/');
$private_ip = array('/^0\./', '/^127\.0\.0\.1/', '/^192\.168\..*/', '/^172\.16\..*/', '/^10..*/', '/^224..*/', '/^240..*/');
$client_ip = preg_replace($private_ip, $client_ip, $ip_list[1]);
}
}

135
phpBB/includes/usercp_activate.php
View file

@ -27,70 +27,81 @@ if ( !defined('IN_PHPBB') )
exit;
}
$sql = "SELECT user_id, user_email, user_newpasswd, user_lang
$sql = "SELECT user_active, user_id, user_email, user_newpasswd, user_lang, user_actkey
FROM " . USERS_TABLE . "
WHERE user_actkey = '" . str_replace("\'", "''", $HTTP_GET_VARS['act_key']) . "'";
if ( $result = $db->sql_query($sql) )
{
if ( $row = $db->sql_fetchrow($result) )
{
$sql_update_pass = ( $row['user_newpasswd'] != '' ) ? ", user_password = '" . str_replace("\'", "''", $row['user_newpasswd']) . "', user_newpasswd = ''" : "";
$sql = "UPDATE " . USERS_TABLE . "
SET user_active = 1, user_actkey = ''" . $sql_update_pass . "
WHERE user_id = " . $row['user_id'];
if ( $result = $db->sql_query($sql) )
{
if ( $board_config['require_activation'] == USER_ACTIVATION_ADMIN && $sql_update_pass == '' )
{
include($phpbb_root_path . 'includes/emailer.'.$phpEx);
$emailer = new emailer($board_config['smtp_delivery']);
$email_headers = 'From: ' . $board_config['board_email'] . "\r\nReturn-Path: " . $board_config['board_email'] . "\r\n";
$emailer->use_template('admin_welcome_activated', $row['user_lang']);
$emailer->email_address($row['user_email']);
$emailer->set_subject();//$lang['Account_activated_subject']
$emailer->extra_headers($email_headers);
$emailer->assign_vars(array(
'SITENAME' => $board_config['sitename'],
'USERNAME' => $username,
'PASSWORD' => $password_confirm,
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']))
);
$emailer->send();
$emailer->reset();
$template->assign_vars(array(
'META' => '<meta http-equiv="refresh" content="10;url=' . append_sid("index.$phpEx") . '">')
);
message_die(GENERAL_MESSAGE, $lang['Account_active_admin']);
}
else
{
$template->assign_vars(array(
'META' => '<meta http-equiv="refresh" content="10;url=' . append_sid("index.$phpEx") . '">')
);
$message = ( $sql_update_pass == '' ) ? $lang['Account_active'] : $lang['Password_activated'];
message_die(GENERAL_MESSAGE, $message);
}
}
else
{
message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql_update);
}
}
else
{
message_die(GENERAL_MESSAGE, $lang['Wrong_activation']); //wrongactiv
}
}
else
WHERE user_id = " . intval($HTTP_GET_VARS[POST_USERS_URL]);
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain user information', '', __LINE__, __FILE__, $sql);
}
?>
if ( $row = $db->sql_fetchrow($result) )
{
if ( $row['user_active'] && $row['user_actkey'] == '' )
{
$template->assign_vars(array(
'META' => '<meta http-equiv="refresh" content="10;url=' . append_sid("index.$phpEx") . '">')
);
message_die(GENERAL_MESSAGE, $lang['Already_activated']);
}
else if ( $row['user_actkey'] == $HTTP_GET_VARS['act_key'] )
{
$sql_update_pass = ( $row['user_newpasswd'] != '' ) ? ", user_password = '" . str_replace("\'", "''", $row['user_newpasswd']) . "', user_newpasswd = ''" : '';
$sql = "UPDATE " . USERS_TABLE . "
SET user_active = 1, user_actkey = ''" . $sql_update_pass . "
WHERE user_id = " . $row['user_id'];
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql_update);
}
if ( $board_config['require_activation'] == USER_ACTIVATION_ADMIN && $sql_update_pass == '' )
{
include($phpbb_root_path . 'includes/emailer.'.$phpEx);
$emailer = new emailer($board_config['smtp_delivery']);
$email_headers = 'From: ' . $board_config['board_email'] . "\r\nReturn-Path: " . $board_config['board_email'] . "\r\n";
$emailer->use_template('admin_welcome_activated', $row['user_lang']);
$emailer->email_address($row['user_email']);
$emailer->set_subject();//$lang['Account_activated_subject']
$emailer->extra_headers($email_headers);
$emailer->assign_vars(array(
'SITENAME' => $board_config['sitename'],
'USERNAME' => $username,
'PASSWORD' => $password_confirm,
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']))
);
$emailer->send();
$emailer->reset();
$template->assign_vars(array(
'META' => '<meta http-equiv="refresh" content="10;url=' . append_sid("index.$phpEx") . '">')
);
message_die(GENERAL_MESSAGE, $lang['Account_active_admin']);
}
else
{
$template->assign_vars(array(
'META' => '<meta http-equiv="refresh" content="10;url=' . append_sid("index.$phpEx") . '">')
);
$message = ( $sql_update_pass == '' ) ? $lang['Account_active'] : $lang['Password_activated'];
message_die(GENERAL_MESSAGE, $message);
}
}
else
{
message_die(GENERAL_MESSAGE, $lang['Wrong_activation']);
}
}
else
{
message_die(GENERAL_MESSAGE, $lang['No_such_user']);
}
?>

15
phpBB/includes/usercp_register.php
View file

@ -388,12 +388,13 @@ if ( isset($HTTP_POST_VARS['submit']) )
if ( $mode == 'editprofile' )
{
if ( $email != $current_email && ( $board_config['require_activation'] == USER_ACTIVATION_SELF || $board_config['require_activation'] == USER_ACTIVATION_ADMIN ) && $userdata['user_level'] != ADMIN )
if ( $email != $userdata['user_email'] && $board_config['require_activation'] != USER_ACTIVATION_NONE && $userdata['user_level'] != ADMIN )
{
$user_active = 0;
$user_actkey = gen_rand_string(true);
$key_len = 54 - (strlen($server_url));
$key_len = ($key_len > 6) ? $key_len : 6;
$key_len = 54 - ( strlen($server_url) );
$key_len = ( $key_len > 6 ) ? $key_len : 6;
$user_actkey = substr($user_actkey, 0, $key_len);
if ( $userdata['session_logged_in'] )
@ -435,7 +436,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
'USERNAME' => $username,
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']),
'U_ACTIVATE' => $server_url . '?mode=activate&act_key=' . $user_actkey)
'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey)
);
$emailer->send();
$emailer->reset();
@ -558,8 +559,6 @@ if ( isset($HTTP_POST_VARS['submit']) )
'PASSWORD' => $password_confirm,
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']),
'U_ACTIVATE' => $server_url . '?mode=activate&act_key=' . $user_actkey,
'FAX_INFO' => $board_config['coppa_fax'],
'MAIL_INFO' => $board_config['coppa_mail'],
'EMAIL_ADDRESS' => $email,
@ -582,7 +581,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
'PASSWORD' => $password_confirm,
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']),
'U_ACTIVATE' => $server_url . '?mode=activate&act_key=' . $user_actkey)
'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey)
);
}
@ -600,7 +599,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
'USERNAME' => $username,
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']),
'U_ACTIVATE' => $server_url . '?mode=activate&act_key=' . $user_actkey)
'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey)
);
$emailer->send();
$emailer->reset();

7
phpBB/includes/usercp_sendpasswd.php
View file

@ -46,6 +46,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
}
$username = $row['username'];
$user_id = $row['user_id'];
$user_actkey = gen_rand_string(true);
$key_len = 54 - strlen($server_url);
@ -54,7 +55,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
$user_password = gen_rand_string(false);
$sql = "UPDATE " . USERS_TABLE . "
SET user_newpasswd = '" .md5($user_password) . "', user_actkey = '$user_actkey'
SET user_newpasswd = '" . md5($user_password) . "', user_actkey = '$user_actkey'
WHERE user_id = " . $row['user_id'];
if ( !$db->sql_query($sql) )
{
@ -77,7 +78,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
'PASSWORD' => $user_password,
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']),
'U_ACTIVATE' => $server_url . "?mode=activate&act_key=$user_actkey")
'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey)
);
$emailer->send();
$emailer->reset();
@ -131,4 +132,4 @@ $template->pparse('body');
include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
?>
?>

1
phpBB/language/lang_english/lang_main.php
View file

@ -623,6 +623,7 @@ $lang['Account_inactive_admin'] = 'Your account has been created. However, this
$lang['Account_active'] = 'Your account has now been activated. Thank you for registering';
$lang['Account_active_admin'] = 'The account has now been activated';
$lang['Reactivate'] = 'Reactivate your account!';
$lang['Already_activated'] = 'You have already activated your account';
$lang['COPPA'] = 'Your account has been created but has to be approved, please check your email for details.';
$lang['Registration'] = 'Registration Agreement Terms';