From: moodler Date: Tue, 7 Jan 2003 14:46:12 +0000 (+0000) Subject: Cleaned up, and improved the logic to avoid very rare case X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=af4542c29eff1d1297bff0868fbf0bd98e322a50;p=moodle.git Cleaned up, and improved the logic to avoid very rare case when secret keys matched on two users --- diff --git a/login/confirm.php b/login/confirm.php index 7862e7cf6e..77346f7948 100644 --- a/login/confirm.php +++ b/login/confirm.php @@ -1,64 +1,66 @@ username == $s) { + if (!empty($user)) { - if ($user->confirmed) { - print_header(get_string("alreadyconfirmed"), get_string("alreadyconfirmed"), "", ""); - echo "

".get_string("thanks").", ". $USER->firstname ." ". $USER->lastname . "

\n"; - echo "

".get_string("alreadyconfirmed")."

\n"; - echo "

-> wwwroot/course/\">".get_string("courses")."

\n"; - print_footer(); - exit; - } + if ($user->confirmed) { + print_header(get_string("alreadyconfirmed"), get_string("alreadyconfirmed"), "", ""); + echo "

".get_string("thanks").", ". $user->firstname ." ". $user->lastname . "

\n"; + echo "

".get_string("alreadyconfirmed")."

\n"; + echo "

-> wwwroot/course/\">".get_string("courses")."

\n"; + print_footer(); + exit; + } - $USER = $user; + if ($user->secret == $p) { // They have provided the secret key to get in - if (!set_field("user", "confirmed", 1, "id", $USER->id)) { + if (!set_field("user", "confirmed", 1, "id", $user->id)) { error("Could not confirm this user!"); } - if (!set_field("user", "firstaccess", time(), "id", $USER->id)) { + if (!set_field("user", "firstaccess", time(), "id", $user->id)) { error("Could not set this user's first access date!"); } - if (!update_user_in_db($USER->id)) { + if (!update_user_in_db($user->id)) { error("Could not update this user's information"); } - set_moodle_cookie($USER->username); - // The user has confirmed successfully, let's log them in - $USER->loggedin = true; - $USER->confirmed = 1; - $USER->site = $CFG->wwwroot; + if (!$USER = get_user_info_from_db("username", $user->id)) { + error("Something serious is wrong with the database"); + } + + set_moodle_cookie($USER->username); + + $USER->loggedin = true; + $USER->site = $CFG->wwwroot; save_session("USER"); - if ( ! empty($SESSION->wantsurl) ) { // Send them where they were going - $goto = $SESSION->wantsurl; + if ( ! empty($SESSION->wantsurl) ) { // Send them where they were going + $goto = $SESSION->wantsurl; unset($SESSION->wantsurl); save_session("SESSION"); - redirect("$goto"); - } + redirect("$goto"); + } - print_header(get_string("confirmed"), get_string("confirmed"), "", ""); - echo "

".get_string("thanks").", ". $USER->firstname ." ". $USER->lastname . "

\n"; - echo "

".get_string("confirmed")."

\n"; - echo "

-> wwwroot/course/\">".get_string("courses")."

\n"; - print_footer(); + print_header(get_string("confirmed"), get_string("confirmed"), "", ""); + echo "

".get_string("thanks").", ". $USER->firstname ." ". $USER->lastname . "

\n"; + echo "

".get_string("confirmed")."

\n"; + echo "

-> wwwroot/course/\">".get_string("courses")."

\n"; + print_footer(); + exit; - } else { - error("Invalid confirmation data"); - } - } + } else { + error("Invalid confirmation data"); + } + } + } - } else { - redirect("$CFG->wwwroot"); - } + redirect($CFG->wwwroot); ?>