Revision 1777
Added by Dietmar over 11 years ago
| save_confirm.php | ||
|---|---|---|
| 17 | 17 |
|
| 18 | 18 |
/* -------------------------------------------------------- */ |
| 19 | 19 |
// Must include code to stop this file being accessed directly |
| 20 |
if(defined('WB_PATH') == false)
|
|
| 21 |
{
|
|
| 22 |
die('<h2 style="color:red;margin:3em auto;text-align:center;">Cannot access this file directly</h2>');
|
|
| 20 |
if(!defined('WB_PATH')) {
|
|
| 21 |
require_once(dirname(dirname(__FILE__)).'/framework/globalExceptionHandler.php');
|
|
| 22 |
throw new IllegalFileException();
|
|
| 23 | 23 |
} |
| 24 | 24 |
/* -------------------------------------------------------- */ |
| 25 | 25 |
|
| 26 | 26 |
require_once(dirname(__FILE__).'/AccountSignup.php'); |
| 27 | 27 |
AccountSignup::deleteOutdatedConfirmations(); |
| 28 |
$sPassword = isset($_POST['new_password_1']) ? mysql_escape_string($_POST['new_password_1']) : ''; |
|
| 29 |
$sLoginName = isset($_POST['new_loginname']) ? mysql_escape_string($_POST['new_loginname']) : ''; |
|
| 30 |
$sConfirmationId = isset($_POST['confirm_code']) ? mysql_escape_string($_POST['confirm_code']) : ''; |
|
| 31 | 28 |
|
| 29 |
$sPassword = mysql_escape_string($wb->StripCodeFromText($wb->get_post('new_password_1')));
|
|
| 30 |
$sLoginName = mysql_escape_string($wb->StripCodeFromText($wb->get_post('new_loginname')));
|
|
| 31 |
$sConfirmationId = mysql_escape_string($wb->StripCodeFromText($wb->get_post('confirm_code')));
|
|
| 32 |
|
|
| 32 | 33 |
$bSendRegistrationMailtoUser = false; |
| 33 | 34 |
$bSendRegistrationMailtoAdmin = false; |
| 34 | 35 |
$aUser = array(); |
Also available in: Unified diff
+ add methode StripCodeFromText in class.wb to clean injection
! rebranding the admin/settings and security fixes
! a few new styling in backend wb_theme
! beginning aa lot of account changes like correction of $_SESSION indexe, security fixes
+ add head.load.min.js and head.min.js to /include/jquery/ to style HTML5 templates