Revision 1777
Added by Dietmar about 12 years ago
save_confirm.php | ||
---|---|---|
17 | 17 |
|
18 | 18 |
/* -------------------------------------------------------- */ |
19 | 19 |
// Must include code to stop this file being accessed directly |
20 |
if(defined('WB_PATH') == false)
|
|
21 |
{
|
|
22 |
die('<h2 style="color:red;margin:3em auto;text-align:center;">Cannot access this file directly</h2>');
|
|
20 |
if(!defined('WB_PATH')) {
|
|
21 |
require_once(dirname(dirname(__FILE__)).'/framework/globalExceptionHandler.php');
|
|
22 |
throw new IllegalFileException();
|
|
23 | 23 |
} |
24 | 24 |
/* -------------------------------------------------------- */ |
25 | 25 |
|
26 | 26 |
require_once(dirname(__FILE__).'/AccountSignup.php'); |
27 | 27 |
AccountSignup::deleteOutdatedConfirmations(); |
28 |
$sPassword = isset($_POST['new_password_1']) ? mysql_escape_string($_POST['new_password_1']) : ''; |
|
29 |
$sLoginName = isset($_POST['new_loginname']) ? mysql_escape_string($_POST['new_loginname']) : ''; |
|
30 |
$sConfirmationId = isset($_POST['confirm_code']) ? mysql_escape_string($_POST['confirm_code']) : ''; |
|
31 | 28 |
|
29 |
$sPassword = mysql_escape_string($wb->StripCodeFromText($wb->get_post('new_password_1'))); |
|
30 |
$sLoginName = mysql_escape_string($wb->StripCodeFromText($wb->get_post('new_loginname'))); |
|
31 |
$sConfirmationId = mysql_escape_string($wb->StripCodeFromText($wb->get_post('confirm_code'))); |
|
32 |
|
|
32 | 33 |
$bSendRegistrationMailtoUser = false; |
33 | 34 |
$bSendRegistrationMailtoAdmin = false; |
34 | 35 |
$aUser = array(); |
Also available in: Unified diff
+ add methode StripCodeFromText in class.wb to clean injection
! rebranding the admin/settings and security fixes
! a few new styling in backend wb_theme
! beginning aa lot of account changes like correction of $_SESSION indexe, security fixes
+ add head.load.min.js and head.min.js to /include/jquery/ to style HTML5 templates