From 2f9ab46032c7ab972aa319fbbb2fb5430b0c9ed5 Mon Sep 17 00:00:00 2001
From: Kelly Rauchenberger <fefferburbia@gmail.com>
Date: Sat, 2 Aug 2008 01:56:03 +0000
Subject: Central: Fixed [wiki:Verification] system

Also added the phpMailer class from Codeworxtech, its SMTP module and a snippet
in db.php which kills execution of the Central Server if the PHP "curl"
extension is not installed and loaded.
---
 central/trunk/instadisc.php | 35 ++++++++++++++++++++++++++++-------
 1 file changed, 28 insertions(+), 7 deletions(-)

(limited to 'central/trunk/instadisc.php')

diff --git a/central/trunk/instadisc.php b/central/trunk/instadisc.php
index 66032ec..46d8404 100644
--- a/central/trunk/instadisc.php
+++ b/central/trunk/instadisc.php
@@ -6,14 +6,35 @@ include_once('db.php');
 
 function instaDisc_checkVerification($username, $verification, $verificationID, $table, $nameField, $passField)
 {
-	$getitem = "SELECT * FROM " . $table . " WHERE " . $nameField . " = \"" . mysql_escape_string($username) . "\"";
-	$getitem2 = mysql_query($getitem);
-	$getitem3 = mysql_fetch_array($getitem2);
-	if ($getitem3[$nameField] == $username)
+	$getverid = "SELECT * FROM oldVerID WHERE name = \"" . mysql_escape_string($username) . "\" AND verID = " . $verificationID;
+	$getverid2 = mysql_query($getverid);
+	$getverid3 = mysql_fetch_array($getverid2);
+	if ($getverid3['id'] != $verificationID)
 	{
-		$test = $username . ':' . $getitem3[$passField] . ':' . $verificationID;
-
-		return (md5($test) == $verification);
+		$getitem = "SELECT * FROM " . $table . " WHERE " . $nameField . " = \"" . mysql_escape_string($username) . "\"";
+		$getitem2 = mysql_query($getitem);
+		$getitem3 = mysql_fetch_array($getitem2);
+		if ($getitem3[$nameField] == $username)
+		{
+			$test = $username . ':' . $getitem3[$passField] . ':' . $verificationID;
+
+			if (md5($test) == $verification)
+			{
+				$cntverid = "SELECT COUNT(*) FROM oldVerID WHERE username = \"" . mysql_escape_string($username) . "\"";
+				$cntverid2 = mysql_query($cntverid);
+				$cntverid3 = mysql_fetch_array($cntverid2);
+				if ($cntverid3[0] >= intval(getConfig('verIDBufferSize')))
+				{
+					$delverid = "DELETE FROM oldVerID WHERE username = \"" . mysql_escape_string($username) . "\"";
+					$delverid2 = mysql_query($delverid);
+				}
+
+				$insverid = "INSERT INTO oldVerID (name, verID) VALUES (\"" . mysql_escape_string($username) . "\", " . $verificationID . ")";
+				$insverid2 = mysql_query($insverid);
+
+				return true;
+			}
+		}
 	}
 
 	return false;
-- 
cgit 1.4.1