diff --git a/www/verify.php b/www/verify.php
index 8f99884..cf5a220 100644
--- a/www/verify.php
+++ b/www/verify.php
@@ -18,8 +18,8 @@
 	if($type == "email")
 	{
 		$id = 1;
-		$emailid = intval($emailid);
-		$hash = mysql_escape_string(stripslashes($hash));
+		$emailid = intval($_REQUEST['emailid']);
+		$hash = mysql_escape_string(stripslashes($_REQUEST['hash']));
 
 		$query = "select * from `email` where `id`='$emailid' and hash!='' and deleted=0";
 		$res = mysql_query($query);
@@ -48,12 +48,19 @@
 			exit;
 		}
 		$row = mysql_fetch_assoc($res);
-		$query = "update `email` set `hash`='',`modified`=NOW() where `id`='$emailid'";
-		mysql_query($query);
-		$query = "update `users` set `verified`='1' where `id`='$row[memid]' and `email`='$row[email]' and `verified`='0'";
-		mysql_query($query);
-		showheader(_("Updated"), _("Updated"));
-		echo _("Your account and/or email address has been verified. You can now start issuing certificates for this address.");
+		if($_REQUEST['reallyverify'] == 1)
+		{
+			$query = "update `email` set `hash`='',`modified`=NOW() where `id`='$emailid'";
+			mysql_query($query);
+			$query = "update `users` set `verified`='1' where `id`='$row[memid]' and `email`='$row[email]' and `verified`='0'";
+			mysql_query($query);
+			showheader(_("Updated"), _("Updated"));
+			echo _("Your account and/or email address has been verified. You can now start issuing certificates for this address.");
+		} else {
+			printf(_("Are you sure you want to verify the email %s?"), $row['email']);
+			echo "<br>\n";
+			printf(_("%sYes%s %sNo%s"), "<a href='/verify.php?emailid=$emailid&hash=$hash&reallyverify=1'>", "</a>", "<a href='/index.php'>", "</a>");
+		}
 		showfooter();
 		exit;
 	}
@@ -61,8 +68,8 @@
 	if($type == "domain")
 	{
 		$id = 7;
-		$domainid = intval($domainid);
-		$hash = mysql_escape_string(stripslashes($hash));
+		$domainid = intval($_REQUEST['domainid']);
+		$hash = mysql_escape_string(stripslashes($_REQUEST['hash']));
 
 		$query = "select * from `domains` where `id`='$domainid' and hash!='' and deleted=0";
 		$res = mysql_query($query);
@@ -92,10 +99,17 @@
 			exit;
 		}
 		$row = mysql_fetch_assoc($res);
-		$query = "update `domains` set `hash`='',`modified`=NOW() where `id`='$domainid'";
-		mysql_query($query);
-		showheader(_("Updated"), _("Updated"));
-		echo _("Your domain has been verified. You can now start issuing certificates for this domain.");
+		if($_REQUEST['reallyverify'] == 1)
+		{
+			$query = "update `domains` set `hash`='',`modified`=NOW() where `id`='$domainid'";
+			mysql_query($query);
+			showheader(_("Updated"), _("Updated"));
+			echo _("Your domain has been verified. You can now start issuing certificates for this domain.");
+		} else {
+			printf(_("Are you sure you want to verify the domain %s?"), $row['name']);
+			echo "<br>\n";
+			printf(_("%sYes%s %sNo%s"), "<a href='/verify.php?domainid=$domainid&hash=$hash&reallyverify=1'>", "</a>", "<a href='/index.php'>", "</a>");
+		}
 		showfooter();
 		exit;
 	}