PageRenderTime 30ms CodeModel.GetById 18ms RepoModel.GetById 0ms app.codeStats 0ms

/confirm.php

https://github.com/harriswong/ATutor
PHP | 170 lines | 127 code | 30 blank | 13 comment | 31 complexity | 754839fb43c2d3173f2c062982a59fac MD5 | raw file
  1. <?php
  2. /************************************************************************/
  3. /* ATutor */
  4. /************************************************************************/
  5. /* Copyright (c) 2002-2010 */
  6. /* Inclusive Design Institute */
  7. /* http://atutor.ca */
  8. /* This program is free software. You can redistribute it and/or */
  9. /* modify it under the terms of the GNU General Public License */
  10. /* as published by the Free Software Foundation. */
  11. /************************************************************************/
  12. // $Id$
  13. $_user_location = 'public';
  14. define('AT_INCLUDE_PATH', 'include/');
  15. require(AT_INCLUDE_PATH.'vitals.inc.php');
  16. if (isset($_POST['cancel'])) {
  17. $msg->addFeedback('CANCELLED');
  18. header('Location: '.$_base_href.'login.php');
  19. exit;
  20. }
  21. if (isset($_GET['e'], $_GET['id'], $_GET['m'])) {
  22. $id = intval($_GET['id']);
  23. $m = $_GET['m'];
  24. $e = $addslashes($_GET['e']);
  25. $sql = "SELECT creation_date FROM ".TABLE_PREFIX."members WHERE member_id=$id";
  26. $result = mysql_query($sql, $db);
  27. if ($row = mysql_fetch_assoc($result)) {
  28. $code = substr(md5($e . $row['creation_date'] . $id), 0, 10);
  29. if ($code == $m) {
  30. $sql = "UPDATE ".TABLE_PREFIX."members SET email='$e', last_login=NOW(), creation_date=creation_date WHERE member_id=$id";
  31. $result = mysql_query($sql, $db);
  32. $msg->addFeedback('CONFIRM_GOOD');
  33. header('Location: '.$_base_href.'users/index.php');
  34. exit;
  35. } else {
  36. $msg->addError('CONFIRM_BAD');
  37. }
  38. } else {
  39. $msg->addError('CONFIRM_BAD');
  40. }
  41. } else if (isset($_GET['id'], $_GET['m'])) {
  42. $id = intval($_GET['id']);
  43. $m = $_GET['m'];
  44. $sql = "SELECT email, creation_date FROM ".TABLE_PREFIX."members WHERE member_id=$id AND status=".AT_STATUS_UNCONFIRMED;
  45. $result = mysql_query($sql, $db);
  46. if ($row = mysql_fetch_assoc($result)) {
  47. $code = substr(md5($row['email'] . $row['creation_date'] . $id), 0, 10);
  48. if ($code == $m) {
  49. if (defined('AUTO_APPROVE_INSTRUCTORS') && AUTO_APPROVE_INSTRUCTORS) {
  50. $sql = "UPDATE ".TABLE_PREFIX."members SET status=".AT_STATUS_INSTRUCTOR.", creation_date=creation_date, last_login=NOW() WHERE member_id=$id";
  51. } else {
  52. $sql = "UPDATE ".TABLE_PREFIX."members SET status=".AT_STATUS_STUDENT.", creation_date=creation_date, last_login=NOW() WHERE member_id=$id";
  53. }
  54. $result = mysql_query($sql, $db);
  55. if (isset($_REQUEST["en_id"]) && $_REQUEST["en_id"] <> "")
  56. {
  57. $msg->addFeedback('CONFIRM_GOOD');
  58. $member_id = $id;
  59. require (AT_INCLUDE_PATH.'html/auto_enroll_courses.inc.php');
  60. unset($_SESSION['valid_user']);
  61. unset($_SESSION['member_id']);
  62. $table_title="
  63. <div class=\"row\">
  64. <h3>" . _AT('auto_enrolled_msg'). "<br /></h3>
  65. </div>";
  66. require(AT_INCLUDE_PATH.'header.inc.php');
  67. echo "<div class=\"input-form\">";
  68. require(AT_INCLUDE_PATH.'html/auto_enroll_list_courses.inc.php');
  69. echo '<p style="text-align:center"><a href="'. $_SERVER['PHP_SELF'] . '?auto_login=1&member_id='. $id .'">' . _AT("go_to_my_start_page") . '</a></p>';
  70. echo "</div>";
  71. require(AT_INCLUDE_PATH.'footer.inc.php');
  72. exit;
  73. }
  74. else
  75. {
  76. $msg->addFeedback('CONFIRM_GOOD');
  77. // enable auto login student into "my start page"
  78. $_REQUEST["auto_login"] = 1;
  79. $_REQUEST["member_id"] = $id;
  80. }
  81. } else {
  82. $msg->addError('CONFIRM_BAD');
  83. }
  84. } else {
  85. $msg->addError('CONFIRM_BAD');
  86. }
  87. } else if (isset($_POST['submit'])) {
  88. $_POST['email'] = $addslashes($_POST['email']);
  89. $sql = "SELECT member_id, email, creation_date, status FROM ".TABLE_PREFIX."members WHERE email='$_POST[email]'";
  90. $result = mysql_query($sql, $db);
  91. if ($row = mysql_fetch_assoc($result)) {
  92. if ($row['status'] == AT_STATUS_UNCONFIRMED) {
  93. $code = substr(md5($row['email'] . $row['creation_date']. $row['member_id']), 0, 10);
  94. if ($_POST["en_id"] <> "")
  95. $confirmation_link = $_base_href . 'confirm.php?id='.$row['member_id'].SEP.'m='.$code.'&en_id='.$_POST["en_id"];
  96. else
  97. $confirmation_link = $_base_href . 'confirm.php?id='.$row['member_id'].SEP.'m='.$code;
  98. /* send the email confirmation message: */
  99. require(AT_INCLUDE_PATH . 'classes/phpmailer/atutormailer.class.php');
  100. $mail = new ATutorMailer();
  101. $mail->From = $_config['contact_email'];
  102. $mail->AddAddress($row['email']);
  103. $mail->Subject = SITE_NAME . ': ' . _AT('email_confirmation_subject');
  104. $mail->Body = _AT('email_confirmation_message', $_base_href, $confirmation_link)."\n\n";
  105. $mail->Send();
  106. $msg->addFeedback('CONFIRMATION_SENT');
  107. } else {
  108. $msg->addFeedback('ACCOUNT_CONFIRMED');
  109. }
  110. header('Location: '.$_base_href.'login.php');
  111. exit;
  112. } else {
  113. $msg->addError('EMAIL_NOT_FOUND');
  114. }
  115. }
  116. if (isset($_REQUEST['auto_login']))
  117. {
  118. $sql = "SELECT M.member_id, M.login, M.preferences, M.language FROM ".TABLE_PREFIX."members M WHERE M.member_id=".$_REQUEST["member_id"];
  119. $result = mysql_query($sql, $db);
  120. if ($row = mysql_fetch_assoc($result))
  121. {
  122. $_SESSION['valid_user'] = true;
  123. $_SESSION['member_id'] = $_REQUEST["member_id"];
  124. $_SESSION['course_id'] = 0;
  125. $_SESSION['login'] = $row[login];
  126. if ($row['preferences'] == "")
  127. assign_session_prefs(unserialize(stripslashes($_config["pref_defaults"])), 1);
  128. else
  129. assign_session_prefs(unserialize(stripslashes($row['preferences'])), 1);
  130. $_SESSION['is_guest'] = 0;
  131. $_SESSION['lang'] = $row[lang];
  132. session_write_close();
  133. header('Location: '.AT_BASE_HREF.'bounce.php?course='.$_POST['course']);
  134. exit;
  135. }
  136. }
  137. require(AT_INCLUDE_PATH.'header.inc.php');
  138. $savant->display('confirm.tmpl.php');
  139. require(AT_INCLUDE_PATH.'footer.inc.php');
  140. ?>