user_confirm.php

vpn虚拟专用网络的一个开源搭建工具

<?php
include('lib/conf.php');
include('lib/function.php');

$hash = $_GET["hash"];
$email = $_GET["email"];

$conn = mysql_connect($dbhost,$dbuser,$dbpass);
mysql_select_db($dbname,$conn);

//check if the account is expired
$now = date("YmdHis");
$query = "SELECT * FROM `USERS` WHERE status!='1' AND status!='0'";
$result=mysql_query($query)
or die("<br>Invalid query: $query\n<BR>\n" . mysql_error());
//$n = mysql_num_rows($result);
//for ($i=0; $i<$n; $i++) {
//	$row = mysql_fetch_array($result);
while ($row = mysql_fetch_array($result)) {
	$before = $row['status'];
	$id = $row['id'];
	if ($expired != 0) {
		if ($now >= $before + $expired)  {
			$query = "DELETE FROM `USERS` WHERE `id`=$id LIMIT 1";
			mysql_query($query)
			or die("<br>Invalid query: $query\n<BR>\n" . mysql_error());
			$query = "OPTIMIZE TABLE `USERS`";
			mysql_query($query)
			or die("<br>Invalid query: $query\n<BR>\n" . mysql_error());
		}
	}
}

//verify that they didn't tamper with the email address
$new_hash=md5($email.$hidden_hash_var);
if ($new_hash && ($new_hash==$hash)) {
	//find this record in the db
	$query = "SELECT * FROM `USERS` WHERE hash='$hash'";
	$result=mysql_query($query)
	or die("<br>Invalid query: $query\n<BR>\n" . mysql_error());
	if (!$result || mysql_num_rows($result) < 1) {
		echo "ERROR: - Hash Not Found or User EXPIRED, please form a new registration and check after your mail box for the confirm.";
		exit();
	}
	else {
	
		//confirm the email and set account to active
//		echo "User Account Updated - Now you can <a href=\"index.php?pag=login\">login</a><br>";
		$query="UPDATE `USERS` SET email='$email',status='1',hash=NULL WHERE hash='$hash'";
		$result=mysql_query($query)
		or die("<br>Invalid query: $query\n<BR>\n" . mysql_error());
//		mysql_close($conn);
		redirect("index.php?pag=home");
	}
}
else {
	echo "HASH INVALID - UPDATE FAILED";
}
?>