-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathresend_activation.php
56 lines (51 loc) · 1.34 KB
/
resend_activation.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
<?php
require_once("inc/secure.php");
if (empty($_POST['email']) || empty($_POST['password']) )
login_error();
else
{
$email = $_POST['email'];
$password = $_POST['password'];
// First verify user credentials.
try
{
$authentic = do_authentication($email, $password);
}
catch (InvalidLoginException $ex)
{
// TODO: Redirect to login page with email field filled out.
echo $ex->getMessage();
}
if ($authentic)
{
// Now get the activation token.
$con = udundi_sql_connect();
$sql_command = "SELECT token FROM activations WHERE email=\"$email\"";
try
{
$sth = execute_query($con, $sql_command);
}
catch (PDOException $ex)
{
log_warn("Unable to SELECT token from activations for `$email$`. ".
$ex->getMessage());
}
if ($row = $sth->fetch(PDO::FETCH_ASSOC))
{
// Get activation token and resend message.
if ($row['token'])
{
// TODO: Might consider authenticating the user before sending him an e-mail...
send_activation_email($email, $token);
echo "Activation e-mail sent again!";
}
}
}
else
{
// TODO: This is a bad error, it means the form was submitted wrong or we have a hacker.
log_warn("resend_activation.php reached without proper credentials. Possible security breach.");
login_error();
}
}
?>