From bc1cc65ff20c97db0323d02ab652b239b4c60eb6 Mon Sep 17 00:00:00 2001
From: Mario <mario@mariovavti.com>
Date: Thu, 25 Mar 2021 14:00:25 +0100
Subject: air: currently it is allowed to register with non-unique did2 (should
 this be allowed?) - anyway, for now sort them by reg_created to make sure we
 always match the latest attempt

---
 Zotlabs/Module/Regate.php | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/Zotlabs/Module/Regate.php b/Zotlabs/Module/Regate.php
index 0d430d68c..4cd902f7b 100644
--- a/Zotlabs/Module/Regate.php
+++ b/Zotlabs/Module/Regate.php
@@ -60,11 +60,12 @@ class Regate extends \Zotlabs\Web\Controller {
 			}
 
 			// do we have a valid dId2 ?
-			if ( ($didx == 'a' && substr( $did2 , -2) == substr( base_convert( md5( substr( $did2, 1, -2) ),16 ,10), -2))
-			|| ($didx == 'e') || ($didx == 'i')) {
+			if (($didx == 'a' && substr( $did2 , -2) == substr( base_convert( md5( substr( $did2, 1, -2) ),16 ,10), -2)) || ($didx == 'e') || ($didx == 'i')) {
 				// check startup and expiration via [=[register
-				$r = q("SELECT * FROM register WHERE reg_vital = 1 AND reg_did2 = '%s' ", dbesc($did2) );
-				if ( $r && count($r) == 1 ) {
+				$r = q("SELECT * FROM register WHERE reg_vital = 1 AND reg_did2 = '%s' ORDER BY reg_created DESC ",
+					dbesc($did2)
+				);
+				if ($r && count($r)) {
 					$r = $r[0];
 					// check timeframe
 					if ( $r['reg_startup'] <= $now && $r['reg_expires'] >= $now ) {
@@ -244,15 +245,14 @@ class Regate extends \Zotlabs\Web\Controller {
 		$title = t('Register Verification');
 
 		// do we have a valid dId2 ?
-		if ( ($didx == 'a' && substr( $did2 , -2) == substr( base_convert( md5( substr( $did2, 1, -2) ),16 ,10), -2))
-		||   ($didx == 'e') ) {
+		if (($didx == 'a' && substr( $did2 , -2) == substr( base_convert( md5( substr( $did2, 1, -2) ),16 ,10), -2)) || ($didx == 'e')) {
 
-			$r = q("SELECT * FROM register WHERE reg_vital = 1 AND reg_didx = '%s' AND reg_did2 = '%s'",
-					dbesc($didx),
-					dbesc($did2)
+			$r = q("SELECT * FROM register WHERE reg_vital = 1 AND reg_didx = '%s' AND reg_did2 = '%s' ORDER BY reg_created DESC",
+				dbesc($didx),
+				dbesc($did2)
 			);
 
-			if ( $r && count($r) == 1 && $r[0]['reg_flags'] &= (ACCOUNT_UNVERIFIED | ACCOUNT_PENDING)) {
+			if ($r && count($r) && $r[0]['reg_flags'] &= (ACCOUNT_UNVERIFIED | ACCOUNT_PENDING)) {
 				$r = $r[0];
 
 				// provide a button in case
-- 
cgit v1.2.3