diff options
Diffstat (limited to 'frontend/pages/register.php')
| -rw-r--r-- | frontend/pages/register.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/frontend/pages/register.php b/frontend/pages/register.php index 441269c..9f33e8b 100644 --- a/frontend/pages/register.php +++ b/frontend/pages/register.php @@ -4,8 +4,8 @@ function init_register(&$S) { header('Location: '.url()); return 'welcome'; } - if (isset($_REQUEST['token']) && preg_match('/^[a-zA-Z0-9]{30}$/', $_REQUEST['token'])) { - $r=query('SELECT * FROM `registrationtokens` WHERE `id`=\''.$_REQUEST['token'].'\''); + if (isset($_REQUEST['token']) && strlen($_REQUEST['token']) == 30 && ctype_alnum($_REQUEST['token'])) { + $r=query('SELECT * FROM `registrationtokens` WHERE `id`="'.$_REQUEST['token'].'" AND `expire` > '.time()); if ($r->rowCount()) { $S['register.token']=new sql_registrationtoken($r->fetch(PDO::FETCH_ASSOC)); if (isset($_REQUEST['password'])) { @@ -37,7 +37,7 @@ function body_register(&$S) { if (query('SELECT COUNT(*) FROM `users` WHERE `email`='.$S['pdo']->quote($_REQUEST['email']))->fetch(PDO::FETCH_COLUMN)) echo print_warning('An account already exists with this email address.').'<a href="'.url('login').'">Login</a>'; else { - if ($token=query('SELECT * FROM `registrationtokens` WHERE `email`='.$S['pdo']->quote($_REQUEST['email']))->fetch(PDO::FETCH_ASSOC)) { + if ($token=query('SELECT * FROM `registrationtokens` WHERE `expire` > '.time().' AND `email`='.$S['pdo']->quote($_REQUEST['email']))->fetch(PDO::FETCH_ASSOC)) { echo print_warning('A confirmation email has already been sent to this email address... sending another email.'); $token=new sql_registrationtoken($token); } else { |