3006cb544f
The way this now works is, if csrf is enabled: * Any new or existing template can have csrf protection by adding the hidden input ctoken that's in this batch to its form, removes any logic in templates * Page controllers that already exist have been updated, new ones only require checking if csrf is enabled and valid
25 lines
1.1 KiB
PHP
25 lines
1.1 KiB
PHP
<?php
|
|
|
|
// Make sure we are called from index.php
|
|
if (!defined('SECURITY')) die('Hacking attempt');
|
|
|
|
// Confirm an account by token
|
|
if (!isset($_GET['token']) || empty($_GET['token'])) {
|
|
$_SESSION['POPUP'][] = array('CONTENT' => 'Missing token', 'TYPE' => 'errormsg');
|
|
} else if (!$aToken = $oToken->getToken($_GET['token'], 'account_unlock')) {
|
|
$_SESSION['POPUP'][] = array('CONTENT' => 'Unable to re-activate your account. Invalid token.', 'TYPE' => 'errormsg');
|
|
} else {
|
|
if (!$config['csrf']['enabled'] || $config['csrf']['enabled'] && $csrftoken->valid) {
|
|
if ($user->setUserFailed($aToken['account_id'], 0) && $user->setUserPinFailed($aToken['account_id'], 0) && $user->changeLocked($aToken['account_id'])) {
|
|
$oToken->deleteToken($aToken['token']);
|
|
$_SESSION['POPUP'][] = array('CONTENT' => 'Account re-activated. Please login.');
|
|
} else {
|
|
$_SESSION['POPUP'][] = array('CONTENT' => 'Failed to re-activate account. Contact site support.', 'TYPE' => 'errormsg');
|
|
}
|
|
} else {
|
|
$_SESSION['POPUP'][] = array('CONTENT' => $csrftoken->getErrorWithDescriptionHTML(), 'TYPE' => 'info');
|
|
}
|
|
}
|
|
$smarty->assign('CONTENT', 'default.tpl');
|
|
|
|
?>
|