Source for file confirm_account.php

Documentation is available at confirm_account.php

  1. <?php
    2. 

  2.   /**
    3. 

  3.    * Confirm Account.
    4. 

  4.    *
    5. 

  5.    * As the final step in the new user sign up process
    6. 

  6.    * the user follows a link from an autogenerated email with
    7. 

  7.    * a custom hash.  When they arrive here they log in again,
    8. 

  8.    * proving that they control the email address they entered and
    9. 

  9.    * that they know their own password.
    10. 

  10.    * 
    11. 

  11.    * This file is part of CompInaBox.
    12. 

  12.    * @copyright Copyright 2001-2005. Eric D. Nielsen, All rights reserverd.
    13. 

  13.    * @license http://opensource.org/licenses/gpl-license.php GNU Public License
    14. 

  14.    * @author Eric D. Nielsen <nielsene@alum.mit.edu>
    15. 

  15.    *
    16. 

  16.    * @package WebPages
    17. 

  17.    * @subpackage UserAccounts
    18. 

  18.    */
    19. 

  19.  
    20. 

  20.   /**
    21. 

  21.    * Include all other needed include files.
    22. 

  22.    */
    23. 

  23. include("include_others.inc");
    24. 

  24.  
    25. 

  25. if (isset($user)) localRedirect("$CIB_BASE_URL");
    26. 

  26. sleep(1);
    27. 

  27. $hash=$_GET["hash"];
    28. 

  28. $query = "SELECT * FROM user_hashes WHERE hash='$hash';";
    29. 

  29. $result = $db->query($query);
    30. 

  30. if (!$result->numrows())
    31. 

  31. {
    32. 

  32.   sleep(2);
    33. 

  33.   die ("Please double-check the url, the hash value is incorrect.");
    34. 

  34. }
    35. 

  35. session_register("hash");
    36. 

  36.  
    37. 

  37. $username_msg  = $_SESSION["username_msg"];
    38. 

  38. if ($username_msg!="")
    39. 

  39.      $username_msg = "<br /><font color=\"red\">$username_msg</font>";
    40. 

  40. $password_msg = $_SESSION["password_msg"];
    41. 

  41. if ($password_msg!="")
    42. 

  42.      $password_msg = "<br /><font color=\"red\">$password_msg</font>";
    43. 

  43.  
    44. 

  44. $challenge     = $_SESSION["challenge"];
    45. 

  45. $username      = $_SESSION["username"];
    46. 

  46. $nonce         = $_SESSION["nonce"];
    47. 

  47. if ($challenge!="" || $username!="" || $nonce!="")
    48. 

  48. {
    49. 

  49.   $testChallenge = MD5(session_id() .$username. $email . $nonce);
    50. 

  50.   if ($testChallenge!=$challenge)
    51. 

  51.     {
    52. 

  52. #      $logger->post("Intrusion","Session Hijack attempt at ".date()."IP:$clientIP user: $userID");
    53. 

  53.       sleep(2);
    54. 

  54.       unset($security_userName);
    55. 

  55.       session_unregister("security_userName");
    56. 

  56.       unset($challenge); unset($username);
    57. 

  57.       session_unregister("challenge"); session_unregister("username");
    58. 

  58.       localRedirect("Location: $CIB_BASE_URL/");
    59. 

  59.       exit;
    60. 

  60.     }
    61. 

  61. }
    62. 

  62. $display = new CIB_Display($db);
    63. 

  63. $page  = $display->beginPage("CompInaBox",
    64. 

  64.                  "Account Comfirmation");
    65. 

  65.  
    66. 

  66. $form = $display->addTextElement("username",$username,$username_msg,"Username","Please enter the username you
    67. 

  67. selected during account creation.",20);
    68. 

  68. $form .= $display->addPasswordElement("pasword",$password,$password_msg,"Password","Please enter the password you
    69. 

  69. selected during account creation.",20);
    70. 

  70. $form .=$display->addSubmitButton("Activate My Account");
    71. 

  71. $page .=$display->wrapForm($form,"SCRIPTS/activate_account.php","post","Account Activation");
    72. 

  72.  
    73. 

  73. $page .= $display->endPage();
    74. 

  74. echo $page;
    75. 

  75. ?>
    76.

Documentation generated on Tue, 25 Apr 2006 13:00:42 -0400 by phpDocumentor 1.3.0RC3