-
Notifications
You must be signed in to change notification settings - Fork 6
/
confirm.php
66 lines (56 loc) · 2.77 KB
/
confirm.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
<?php
/*
// +--------------------------------------------------------------------------+
// | Project: NVTracker - NetVision BitTorrent Tracker |
// +--------------------------------------------------------------------------+
// | This file is part of NVTracker. NVTracker is based on BTSource, |
// | originally by RedBeard of TorrentBits, extensively modified by |
// | Gartenzwerg. |
// | |
// | NVTracker is free software; you can redistribute it and/or modify |
// | it under the terms of the GNU General Public License as published by |
// | the Free Software Foundation; either version 2 of the License, or |
// | (at your option) any later version. |
// | |
// | NVTracker is distributed in the hope that it will be useful, |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
// | GNU General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with NVTracker; if not, write to the Free Software Foundation, |
// | Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
// +--------------------------------------------------------------------------+
// | Obige Zeilen dürfen nicht entfernt werden! Do not remove above lines! |
// +--------------------------------------------------------------------------+
*/
require_once("include/bittorrent.php");
if(!isset($_GET['id']) || !isset($_GET["secret"]))
httperr();
else{
$id = 0 + $_GET["id"];
$md5 = $_GET["secret"];
}
userlogin();
$qry = $GLOBALS['DB']->prepare('SELECT passhash, editsecret, status FROM users WHERE id = :id');
$qry->bindParam(':id', $id, PDO::PARAM_INT);
$qry->execute();
if($qry->rowCount() > 0)
$row = $qry->FetchAll();
else
httperr();
if ($row["status"] != "pending") {
header("Refresh: 0; url=" . $BASEURL . "/ok.php?type=confirmed");
exit();
}
$sec = hash_pad($row["editsecret"]);
if ($md5 != md5($sec))
httperr();
$qry = $GLOBALS['DB']->prepare("UPDATE users SET status='confirmed', editsecret='' WHERE id= :id AND status='pending'");
$qry->bindParam(':id', $id, PDO::PARAM_INT);
$qry->execute();
if(!$qry->rowCount())
httperr();
logincookie($id, $row["passhash"]);
header("Refresh: 0; url=" . $BASEURL . "/ok.php?type=confirm");
?>