diff options
author | Mario <mario@mariovavti.com> | 2021-03-25 14:00:25 +0100 |
---|---|---|
committer | Mario <mario@mariovavti.com> | 2021-03-25 14:00:25 +0100 |
commit | bc1cc65ff20c97db0323d02ab652b239b4c60eb6 (patch) | |
tree | 68c177504b2175adf99594080fe062ecea18b287 | |
parent | 872ac8846ef40cd91d8ebb8a9cf7279a64e87942 (diff) | |
download | volse-hubzilla-bc1cc65ff20c97db0323d02ab652b239b4c60eb6.tar.gz volse-hubzilla-bc1cc65ff20c97db0323d02ab652b239b4c60eb6.tar.bz2 volse-hubzilla-bc1cc65ff20c97db0323d02ab652b239b4c60eb6.zip |
air: currently it is allowed to register with non-unique did2 (should this be allowed?) - anyway, for now sort them by reg_created to make sure we always match the latest attempt
-rw-r--r-- | Zotlabs/Module/Regate.php | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/Zotlabs/Module/Regate.php b/Zotlabs/Module/Regate.php index 0d430d68c..4cd902f7b 100644 --- a/Zotlabs/Module/Regate.php +++ b/Zotlabs/Module/Regate.php @@ -60,11 +60,12 @@ class Regate extends \Zotlabs\Web\Controller { } // do we have a valid dId2 ? - if ( ($didx == 'a' && substr( $did2 , -2) == substr( base_convert( md5( substr( $did2, 1, -2) ),16 ,10), -2)) - || ($didx == 'e') || ($didx == 'i')) { + if (($didx == 'a' && substr( $did2 , -2) == substr( base_convert( md5( substr( $did2, 1, -2) ),16 ,10), -2)) || ($didx == 'e') || ($didx == 'i')) { // check startup and expiration via [=[register - $r = q("SELECT * FROM register WHERE reg_vital = 1 AND reg_did2 = '%s' ", dbesc($did2) ); - if ( $r && count($r) == 1 ) { + $r = q("SELECT * FROM register WHERE reg_vital = 1 AND reg_did2 = '%s' ORDER BY reg_created DESC ", + dbesc($did2) + ); + if ($r && count($r)) { $r = $r[0]; // check timeframe if ( $r['reg_startup'] <= $now && $r['reg_expires'] >= $now ) { @@ -244,15 +245,14 @@ class Regate extends \Zotlabs\Web\Controller { $title = t('Register Verification'); // do we have a valid dId2 ? - if ( ($didx == 'a' && substr( $did2 , -2) == substr( base_convert( md5( substr( $did2, 1, -2) ),16 ,10), -2)) - || ($didx == 'e') ) { + if (($didx == 'a' && substr( $did2 , -2) == substr( base_convert( md5( substr( $did2, 1, -2) ),16 ,10), -2)) || ($didx == 'e')) { - $r = q("SELECT * FROM register WHERE reg_vital = 1 AND reg_didx = '%s' AND reg_did2 = '%s'", - dbesc($didx), - dbesc($did2) + $r = q("SELECT * FROM register WHERE reg_vital = 1 AND reg_didx = '%s' AND reg_did2 = '%s' ORDER BY reg_created DESC", + dbesc($didx), + dbesc($did2) ); - if ( $r && count($r) == 1 && $r[0]['reg_flags'] &= (ACCOUNT_UNVERIFIED | ACCOUNT_PENDING)) { + if ($r && count($r) && $r[0]['reg_flags'] &= (ACCOUNT_UNVERIFIED | ACCOUNT_PENDING)) { $r = $r[0]; // provide a button in case |