diff --git a/www/verify.php b/www/verify.php
index 8f99884..cf5a220 100644
--- a/www/verify.php
+++ b/www/verify.php
@@ -18,8 +18,8 @@
if($type == "email")
{
$id = 1;
- $emailid = intval($emailid);
- $hash = mysql_escape_string(stripslashes($hash));
+ $emailid = intval($_REQUEST['emailid']);
+ $hash = mysql_escape_string(stripslashes($_REQUEST['hash']));
$query = "select * from `email` where `id`='$emailid' and hash!='' and deleted=0";
$res = mysql_query($query);
@@ -48,12 +48,19 @@
exit;
}
$row = mysql_fetch_assoc($res);
- $query = "update `email` set `hash`='',`modified`=NOW() where `id`='$emailid'";
- mysql_query($query);
- $query = "update `users` set `verified`='1' where `id`='$row[memid]' and `email`='$row[email]' and `verified`='0'";
- mysql_query($query);
- showheader(_("Updated"), _("Updated"));
- echo _("Your account and/or email address has been verified. You can now start issuing certificates for this address.");
+ if($_REQUEST['reallyverify'] == 1)
+ {
+ $query = "update `email` set `hash`='',`modified`=NOW() where `id`='$emailid'";
+ mysql_query($query);
+ $query = "update `users` set `verified`='1' where `id`='$row[memid]' and `email`='$row[email]' and `verified`='0'";
+ mysql_query($query);
+ showheader(_("Updated"), _("Updated"));
+ echo _("Your account and/or email address has been verified. You can now start issuing certificates for this address.");
+ } else {
+ printf(_("Are you sure you want to verify the email %s?"), $row['email']);
+ echo "
\n";
+ printf(_("%sYes%s %sNo%s"), "", "", "", "");
+ }
showfooter();
exit;
}
@@ -61,8 +68,8 @@
if($type == "domain")
{
$id = 7;
- $domainid = intval($domainid);
- $hash = mysql_escape_string(stripslashes($hash));
+ $domainid = intval($_REQUEST['domainid']);
+ $hash = mysql_escape_string(stripslashes($_REQUEST['hash']));
$query = "select * from `domains` where `id`='$domainid' and hash!='' and deleted=0";
$res = mysql_query($query);
@@ -92,10 +99,17 @@
exit;
}
$row = mysql_fetch_assoc($res);
- $query = "update `domains` set `hash`='',`modified`=NOW() where `id`='$domainid'";
- mysql_query($query);
- showheader(_("Updated"), _("Updated"));
- echo _("Your domain has been verified. You can now start issuing certificates for this domain.");
+ if($_REQUEST['reallyverify'] == 1)
+ {
+ $query = "update `domains` set `hash`='',`modified`=NOW() where `id`='$domainid'";
+ mysql_query($query);
+ showheader(_("Updated"), _("Updated"));
+ echo _("Your domain has been verified. You can now start issuing certificates for this domain.");
+ } else {
+ printf(_("Are you sure you want to verify the domain %s?"), $row['name']);
+ echo "
\n";
+ printf(_("%sYes%s %sNo%s"), "", "", "", "");
+ }
showfooter();
exit;
}