diff options
Diffstat (limited to 'central/trunk/instadisc.php')
-rw-r--r-- | central/trunk/instadisc.php | 35 |
1 files changed, 28 insertions, 7 deletions
diff --git a/central/trunk/instadisc.php b/central/trunk/instadisc.php index 66032ec..46d8404 100644 --- a/central/trunk/instadisc.php +++ b/central/trunk/instadisc.php | |||
@@ -6,14 +6,35 @@ include_once('db.php'); | |||
6 | 6 | ||
7 | function instaDisc_checkVerification($username, $verification, $verificationID, $table, $nameField, $passField) | 7 | function instaDisc_checkVerification($username, $verification, $verificationID, $table, $nameField, $passField) |
8 | { | 8 | { |
9 | $getitem = "SELECT * FROM " . $table . " WHERE " . $nameField . " = \"" . mysql_escape_string($username) . "\""; | 9 | $getverid = "SELECT * FROM oldVerID WHERE name = \"" . mysql_escape_string($username) . "\" AND verID = " . $verificationID; |
10 | $getitem2 = mysql_query($getitem); | 10 | $getverid2 = mysql_query($getverid); |
11 | $getitem3 = mysql_fetch_array($getitem2); | 11 | $getverid3 = mysql_fetch_array($getverid2); |
12 | if ($getitem3[$nameField] == $username) | 12 | if ($getverid3['id'] != $verificationID) |
13 | { | 13 | { |
14 | $test = $username . ':' . $getitem3[$passField] . ':' . $verificationID; | 14 | $getitem = "SELECT * FROM " . $table . " WHERE " . $nameField . " = \"" . mysql_escape_string($username) . "\""; |
15 | 15 | $getitem2 = mysql_query($getitem); | |
16 | return (md5($test) == $verification); | 16 | $getitem3 = mysql_fetch_array($getitem2); |
17 | if ($getitem3[$nameField] == $username) | ||
18 | { | ||
19 | $test = $username . ':' . $getitem3[$passField] . ':' . $verificationID; | ||
20 | |||
21 | if (md5($test) == $verification) | ||
22 | { | ||
23 | $cntverid = "SELECT COUNT(*) FROM oldVerID WHERE username = \"" . mysql_escape_string($username) . "\""; | ||
24 | $cntverid2 = mysql_query($cntverid); | ||
25 | $cntverid3 = mysql_fetch_array($cntverid2); | ||
26 | if ($cntverid3[0] >= intval(getConfig('verIDBufferSize'))) | ||
27 | { | ||
28 | $delverid = "DELETE FROM oldVerID WHERE username = \"" . mysql_escape_string($username) . "\""; | ||
29 | $delverid2 = mysql_query($delverid); | ||
30 | } | ||
31 | |||
32 | $insverid = "INSERT INTO oldVerID (name, verID) VALUES (\"" . mysql_escape_string($username) . "\", " . $verificationID . ")"; | ||
33 | $insverid2 = mysql_query($insverid); | ||
34 | |||
35 | return true; | ||
36 | } | ||
37 | } | ||
17 | } | 38 | } |
18 | 39 | ||
19 | return false; | 40 | return false; |