-
Notifications
You must be signed in to change notification settings - Fork 0
/
activate.php
70 lines (59 loc) · 1.8 KB
/
activate.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
<?php
require_once('inc/utilities.php');
$con = udundi_sql_connect();
$token = $_GET["token"];
$sql_command = "SELECT u.id, u.email FROM activations AS a INNER JOIN users AS u ON (a.userid=u.id) WHERE a.token=\"$token\"";
try
{
$sth = execute_query($con, $sql_command);
}
catch (PDOException $ex)
{
log_error("Could not SELECT from activations table: {$ex->getMessage()}");
}
if ($row = $sth->fetch(PDO::FETCH_ASSOC))
{
$email = $row['email'];
$userid = $row['id'];
// Enable and activate the account.
$sql_command = "UPDATE users SET active=TRUE, enabled=TRUE WHERE id=\"$userid\"";
try
{
execute_query($con, $sql_command);
}
catch (PDOException $ex)
{
// TODO: Error Handling
log_error("Unable to activate and enable user `$email` in users table. {$ex->getMessage()}");
// TODO: How many records were updated? Should be one.
$activation_fail = true;
}
// Remove the activation nonce from the database.
if (!$activation_fail)
{
$sql_command = "DELETE FROM activations WHERE token=\"$token\"";
try
{
execute_query($con, $sql_command);
}
catch (PDOException $ex)
{
// TODO: Error Handling
log_error("Unable to delete nonce from activations table. {$ex->getMessage()}");
// Technically the account has been activated so this is not the end of
// the world, but it's bad because we should never be in this state.
}
}
}
else
{
// TODO: Wrong activation token or none present, need a custom error page. Log back in to regenerate
// activation token.
activation_error();
}
echo "<html>".
" <body>".
" Account <b>$email</b> activated. Please <a href=\"login.php\">login</a>.".
" </body>".
"</html>";
?>