From be7ed5f8a853665a17baef42ae64e416227b610a Mon Sep 17 00:00:00 2001 From: moodler Date: Mon, 4 Sep 2006 02:30:52 +0000 Subject: [PATCH] Merged confirmation email fix from stable --- lib/moodlelib.php | 8 ++------ login/confirm.php | 21 ++++++++++++++++----- 2 files changed, 18 insertions(+), 11 deletions(-) diff --git a/lib/moodlelib.php b/lib/moodlelib.php index 992cf453b2..a6b3b85065 100644 --- a/lib/moodlelib.php +++ b/lib/moodlelib.php @@ -3450,12 +3450,8 @@ function reset_password_and_mail($user) { $subject = get_string('emailconfirmationsubject', '', $site->fullname); - /// Make the text version a normal link for normal people - $data->link = $CFG->wwwroot .'/login/confirm.php?p='. $user->secret .'&s='. $user->username; - $message = get_string('emailconfirmation', '', $data); - - /// Make the HTML version more XHTML happy (&) - $data->link = $CFG->wwwroot .'/login/confirm.php?p='. $user->secret .'&s='. $user->username; + $data->link = $CFG->wwwroot .'/login/confirm.php?data='. $user->secret .'/'. $user->username; + $message = get_string('emailconfirmation', '', $data); $messagehtml = text_to_html(get_string('emailconfirmation', '', $data), false, false, true); $user->mailformat = 1; // Always send HTML version as well diff --git a/login/confirm.php b/login/confirm.php index 2c6108d939..f991343154 100644 --- a/login/confirm.php +++ b/login/confirm.php @@ -3,12 +3,23 @@ require_once("../config.php"); require_once("../auth/$CFG->auth/lib.php"); - $p = required_param( 'p' ); // user.secret - $s = required_param( 's' ); // user.username + $data = optional_param('data', '', PARAM_CLEAN); // Formatted as: secret/username - if (!empty($p) and !empty($s) ) { + $p = optional_param('p', '', PARAM_ALPHA); // Old parameter: secret + $s = optional_param('s', '', PARAM_CLEAN); // Old parameter: username - $user = get_complete_user_data('username', $s ); + if (!empty($data) || (!empty($p) && !empty($s))) { + + if (!empty($data)) { + $dataelements = explode('/',$data); + $usersecret = $dataelements[0]; + $username = $dataelements[1]; + } else { + $usersecret = $p; + $username = $s; + } + + $user = get_complete_user_data('username', $username ); if (!empty($user)) { @@ -21,7 +32,7 @@ exit; } - if ($user->secret == $p) { // They have provided the secret key to get in + if ($user->secret == $usersecret) { // They have provided the secret key to get in if (!set_field("user", "confirmed", 1, "id", $user->id)) { error("Could not confirm this user!"); -- 2.39.5