diff options
| author | Kelly Rauchenberger <fefferburbia@gmail.com> | 2008-08-02 01:56:03 +0000 |
|---|---|---|
| committer | Kelly Rauchenberger <fefferburbia@gmail.com> | 2008-08-02 01:56:03 +0000 |
| commit | 2f9ab46032c7ab972aa319fbbb2fb5430b0c9ed5 (patch) | |
| tree | 5091b35420b2b0a84effd64611e290b8ba8cef03 /central/trunk/instadisc.php | |
| parent | cb70c33cd4372c481eae796ec4fda2c89fe03925 (diff) | |
| download | instadisc-2f9ab46032c7ab972aa319fbbb2fb5430b0c9ed5.tar.gz instadisc-2f9ab46032c7ab972aa319fbbb2fb5430b0c9ed5.tar.bz2 instadisc-2f9ab46032c7ab972aa319fbbb2fb5430b0c9ed5.zip | |
Central: Fixed [wiki:Verification] system
Also added the phpMailer class from Codeworxtech, its SMTP module and a snippet in db.php which kills execution of the Central Server if the PHP "curl" extension is not installed and loaded.
Diffstat (limited to 'central/trunk/instadisc.php')
| -rw-r--r-- | central/trunk/instadisc.php | 35 |
1 files changed, 28 insertions, 7 deletions
| diff --git a/central/trunk/instadisc.php b/central/trunk/instadisc.php index 66032ec..46d8404 100644 --- a/central/trunk/instadisc.php +++ b/central/trunk/instadisc.php | |||
| @@ -6,14 +6,35 @@ include_once('db.php'); | |||
| 6 | 6 | ||
| 7 | function instaDisc_checkVerification($username, $verification, $verificationID, $table, $nameField, $passField) | 7 | function instaDisc_checkVerification($username, $verification, $verificationID, $table, $nameField, $passField) |
| 8 | { | 8 | { |
| 9 | $getitem = "SELECT * FROM " . $table . " WHERE " . $nameField . " = \"" . mysql_escape_string($username) . "\""; | 9 | $getverid = "SELECT * FROM oldVerID WHERE name = \"" . mysql_escape_string($username) . "\" AND verID = " . $verificationID; |
| 10 | $getitem2 = mysql_query($getitem); | 10 | $getverid2 = mysql_query($getverid); |
| 11 | $getitem3 = mysql_fetch_array($getitem2); | 11 | $getverid3 = mysql_fetch_array($getverid2); |
| 12 | if ($getitem3[$nameField] == $username) | 12 | if ($getverid3['id'] != $verificationID) |
| 13 | { | 13 | { |
| 14 | $test = $username . ':' . $getitem3[$passField] . ':' . $verificationID; | 14 | $getitem = "SELECT * FROM " . $table . " WHERE " . $nameField . " = \"" . mysql_escape_string($username) . "\""; |
| 15 | 15 | $getitem2 = mysql_query($getitem); | |
| 16 | return (md5($test) == $verification); | 16 | $getitem3 = mysql_fetch_array($getitem2); |
| 17 | if ($getitem3[$nameField] == $username) | ||
| 18 | { | ||
| 19 | $test = $username . ':' . $getitem3[$passField] . ':' . $verificationID; | ||
| 20 | |||
| 21 | if (md5($test) == $verification) | ||
| 22 | { | ||
| 23 | $cntverid = "SELECT COUNT(*) FROM oldVerID WHERE username = \"" . mysql_escape_string($username) . "\""; | ||
| 24 | $cntverid2 = mysql_query($cntverid); | ||
| 25 | $cntverid3 = mysql_fetch_array($cntverid2); | ||
| 26 | if ($cntverid3[0] >= intval(getConfig('verIDBufferSize'))) | ||
| 27 | { | ||
| 28 | $delverid = "DELETE FROM oldVerID WHERE username = \"" . mysql_escape_string($username) . "\""; | ||
| 29 | $delverid2 = mysql_query($delverid); | ||
| 30 | } | ||
| 31 | |||
| 32 | $insverid = "INSERT INTO oldVerID (name, verID) VALUES (\"" . mysql_escape_string($username) . "\", " . $verificationID . ")"; | ||
| 33 | $insverid2 = mysql_query($insverid); | ||
| 34 | |||
| 35 | return true; | ||
| 36 | } | ||
| 37 | } | ||
| 17 | } | 38 | } |
| 18 | 39 | ||
| 19 | return false; | 40 | return false; |