X-Git-Url: http://mop.ddnsfree.com/gitweb/?a=blobdiff_plain;ds=sidebyside;f=web%2Fusermgmt.php;h=3aa9fed3300376a45709f59c4914de11d4f08767;hb=d9138fdcbe87ae699ba97079812ff489b3566b2e;hp=95a9c76cfe1f3b3c7cf09f58197eb2e7357d8d4a;hpb=328de26963e512cc34c999baf67f449020a62bfd;p=brisk.git
diff --git a/web/usermgmt.php b/web/usermgmt.php
index 95a9c76..3aa9fed 100644
--- a/web/usermgmt.php
+++ b/web/usermgmt.php
@@ -22,6 +22,30 @@
*
*/
+foreach (array("HTTP_HOST", "DOCUMENT_ROOT") as $i) {
+ if (isset($_SERVER[$i])) {
+ $$i = $_SERVER[$i];
+ }
+ }
+
+foreach (array("pazz") as $i) {
+ if (isset($_POST[$i])) {
+ $$i = $_POST[$i];
+ }
+ }
+
+foreach (array("sess") as $i) {
+ if (isset($_COOKIE[$i])) {
+ $$i = $_COOKIE[$i];
+ }
+ }
+
+foreach (array("sess") as $i) {
+ if (isset($_COOKIE[$i])) {
+ $$i = $_COOKIE[$i];
+ }
+ }
+
$G_base = "";
$mlang_umgmt = array( 'nu_psubj' => array( 'it' => 'Brisk: credenziali di accesso.',
@@ -35,7 +59,7 @@ d\'ora in poi potrai utilizzare l\' utente \'%s\' e la password \'%s\'.
Benvenuto e buone partite, mop.',
'en' => 'EN ptext [%s] [%s]'),
'nu_phtml' => array( 'it' => 'Ciao, sono l\' amministratore del sito di Brisk.
-La verifica del tuo indirizzo di posta elettronica e del tuo nickname è andata a buon fine, per accedere al sito d\'ora in poi potrai usare l\' utente \'%s\' e la password \'%s\'.
+La verifica del tuo indirizzo di posta elettronica e del tuo nickname è andata a buon fine.
Per accedere al sito d\'ora in poi potrai usare l\' utente \'%s\' e la password \'%s\'.
Benvenuto e buone partite, mop.
',
'en' => 'EN phtml [%s] [%s]')
);
@@ -60,7 +84,12 @@ function check_auth()
$socket = FALSE;
$ret = FALSE;
- $ip = $_SERVER["REMOTE_ADDR"];
+ if (array_key_exists("HTTP_X_REAL_IP", $_SERVER)) {
+ $ip = $_SERVER["HTTP_X_REAL_IP"];
+ }
+ else {
+ $ip = $_SERVER["REMOTE_ADDR"];
+ }
$stp = 0;
$private = md5($G_alarm_passwd.$ip.$sess);
$cmd = array ("cmd" => "userauth", "sess" => $sess, "private" => $private, "the_end" => "true");
@@ -94,10 +123,24 @@ function check_auth()
return ($ret);
}
+$s_style = "
+";
+
function main() {
- GLOBAL $G_dbpfx, $G_lang, $G_alarm_passwd, $G_domain, $G_webbase;
+ GLOBAL $s_style, $G_dbpfx, $G_lang, $G_alarm_passwd, $G_proto, $G_domain, $G_webbase;
GLOBAL $mlang_umgmt, $mlang_indwr, $f_mailusers, $sess, $_POST, $_SERVER;
+
$curtime = time();
$status = "";
@@ -143,7 +186,7 @@ function main() {
SELECT usr.*, guar.login AS guar_login
FROM %susers AS usr
JOIN %susers AS guar ON guar.code = usr.guar_code
- WHERE ( (usr.type & (CAST (X'%x' as integer))) = (CAST (X'%x' as integer)) )
+ WHERE usr.type & (CAST (X'%x' as integer)) = (CAST (X'%x' as integer))
AND usr.disa_reas = %d AND usr.code = %d;",
$G_dbpfx, $G_dbpfx,
USER_FLAG_TY_DISABLE, USER_FLAG_TY_DISABLE,
@@ -165,9 +208,9 @@ SELECT usr.*, guar.login AS guar_login
$is_trans = TRUE;
- if (($bdb->user_update_flag_ty($usr_obj->code,
- USER_FLAG_TY_DISABLE, USER_DIS_REA_NU_ADDED,
- USER_FLAG_TY_DISABLE, USER_DIS_REA_NU_MAILED)) == FALSE) {
+ if (($bdb->user_update_flag_ty($usr_obj->code, USER_FLAG_TY_DISABLE,
+ TRUE, USER_DIS_REA_NU_ADDED,
+ TRUE, USER_DIS_REA_NU_MAILED)) == FALSE) {
echo "fail 2
";
break;
}
@@ -178,13 +221,21 @@ SELECT usr.*, guar.login AS guar_login
}
$hash = md5($curtime . $G_alarm_passwd . $usr_obj->login . $usr_obj->email);
- $confirm_page = sprintf("http://%s/%s/mailmgr.php?f_act=checkmail&f_code=%d&f_hash=%s",
- $G_domain, $G_webbase, $mail_code, $hash);
+ $confirm_page = sprintf("%s://%s/%s/mailmgr.php?f_act=checkmail&f_code=%d&f_hash=%s",
+ $G_proto, $G_domain, $G_webbase, $mail_code, $hash);
$subj = $mlang_indwr['nu_msubj'][$G_lang];
- $body_txt = sprintf($mlang_indwr['nu_mtext'][$G_lang],
- $usr_obj->guar_login, $usr_obj->login, $confirm_page);
- $body_htm = sprintf($mlang_indwr['nu_mhtml'][$G_lang],
- $usr_obj->guar_login, $usr_obj->login, $confirm_page);
+ if (($usr_obj->type & USER_FLAG_TY_APPR) == USER_FLAG_TY_APPR) {
+ $body_txt = sprintf($mlang_indwr['ap_mtext'][$G_lang],
+ $cli_name, $confirm_page);
+ $body_htm = sprintf($mlang_indwr['ap_mhtml'][$G_lang],
+ $cli_name, $confirm_page);
+ }
+ else {
+ $body_txt = sprintf($mlang_indwr['nu_mtext'][$G_lang],
+ $usr_obj->guar_login, $usr_obj->login, $confirm_page);
+ $body_htm = sprintf($mlang_indwr['nu_mhtml'][$G_lang],
+ $usr_obj->guar_login, $usr_obj->login, $confirm_page);
+ }
$mail_item = new MailDBItem($mail_code, $usr_obj->code, MAIL_TYP_CHECK,
$curtime, $subj, $body_txt, $body_htm, $hash);
@@ -211,7 +262,8 @@ SELECT usr.*, guar.login AS guar_login
break;
}
}
- }
+ } // else if ($action == "accept") {
+
do {
if (($bdb = BriskDB::create()) == FALSE) {
@@ -224,9 +276,8 @@ SELECT usr.*, guar.login AS guar_login
SELECT usr.*, guar.login AS guar_login
FROM %susers AS usr
JOIN %susers AS guar ON guar.code = usr.guar_code
- WHERE ( (usr.type & (CAST (X'%x' as integer))) = (CAST (X'%x' as integer)) )
- AND usr.disa_reas = %d
- ORDER BY usr.lintm;",
+ WHERE usr.type & (CAST (X'%x' as integer)) = (CAST (X'%x' as integer))
+ AND usr.disa_reas = %d ORDER BY usr.lintm;",
$G_dbpfx, $G_dbpfx,
USER_FLAG_TY_DISABLE, USER_FLAG_TY_DISABLE,
USER_DIS_REA_NU_ADDED);
@@ -243,17 +294,20 @@ SELECT usr.*, guar.login AS guar_login
$usr_obj->code, ($nocheck ? "" : "CHECKED"),
eschtml($usr_obj->login), eschtml($usr_obj->guar_login), $usr_obj->lintm);
}
+
+
?>