From 00f0159ea292aacf23a3c4cfcfb854689ee5a1c0 Mon Sep 17 00:00:00 2001
From: Henry Sudhof <kellanved@phpbb.com>
Date: Wed, 2 Jan 2008 15:34:33 +0000
Subject: Some issues with change_lang and VC / form tokens Small stuff.
#18325
#17415
#17085
#16515
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8291 89ea8834-ac86-4346-8a33-228a782c2dd0
---
phpBB/includes/ucp/ucp_register.php | 37 ++++++++++++++++++++++++++-----------
1 file changed, 26 insertions(+), 11 deletions(-)
(limited to 'phpBB/includes/ucp')
diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php
index 91660020e9..4c2129ee95 100644
--- a/phpBB/includes/ucp/ucp_register.php
+++ b/phpBB/includes/ucp/ucp_register.php
@@ -46,8 +46,8 @@ class ucp_register
// not so fast, buddy
- if (($submit && !check_form_key('ucp_register', false, '', false, $config['min_time_reg']))
- || (!$submit && !check_form_key('ucp_register_terms', false, '', false, $config['min_time_terms'])))
+ if (!check_form_key('ucp_register', false, '', false, $config['min_time_reg'])
+ && !check_form_key('ucp_register_terms', false, '', false, $config['min_time_terms']))
{
$agreed = false;
}
@@ -103,12 +103,13 @@ class ucp_register
// If we change the language, we want to pass on some more possible parameter.
if ($change_lang)
{
- // We do not include the password!
+ // We do not include the password and not the captcha
$s_hidden_fields = array_merge($s_hidden_fields, array(
'username' => utf8_normalize_nfc(request_var('username', '', true)),
'email' => strtolower(request_var('email', '')),
'email_confirm' => strtolower(request_var('email_confirm', '')),
'confirm_code' => request_var('confirm_code', ''),
+ 'confirm_id' => request_var('confirm_id', ''),
'lang' => $user->lang_name,
'tz' => request_var('tz', (float) $config['board_timezone']),
));
@@ -451,13 +452,32 @@ class ucp_register
$confirm_image = '';
// Visual Confirmation - Show images
+
if ($config['enable_confirm'])
{
- $str = '';
- if (!$change_lang)
+ if ($change_lang)
+ {
+ $str = '&change_lang=' . $change_lang;
+ $sql = 'SELECT code
+ FROM ' . CONFIRM_TABLE . "
+ WHERE confirm_id = '" . $db->sql_escape($confirm_id) . "'
+ AND session_id = '" . $db->sql_escape($user->session_id) . "'
+ AND confirm_type = " . CONFIRM_REG;
+ $result = $db->sql_query($sql);
+ if (!$row = $db->sql_fetchrow($result))
+ {
+ $confirm_id = '';
+ }
+ $db->sql_freeresult($result);
+ }
+ else
+ {
+ $str = '';
+ }
+ if (!$change_lang || !$confirm_id)
{
$user->confirm_gc(CONFIRM_REG);
-
+
$sql = 'SELECT COUNT(session_id) AS attempts
FROM ' . CONFIRM_TABLE . "
WHERE session_id = '" . $db->sql_escape($user->session_id) . "'
@@ -487,11 +507,6 @@ class ucp_register
);
$db->sql_query($sql);
}
- else
- {
- $str .= '&change_lang=' . $change_lang;
- }
-
$confirm_image = '<img src="' . append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=confirm&id=' . $confirm_id . '&type=' . CONFIRM_REG . $str) . '" alt="" title="" />';
$s_hidden_fields .= '<input type="hidden" name="confirm_id" value="' . $confirm_id . '" />';
}
--
cgit v1.2.1