bug #56

www/verify.php

@@ -15,6 +15,14 @@
 <?
 	loadem("account");
 
+	if($_REQUEST['Notify'] != "")
+	{
+		echo "do something here";
+		exit;
+	}
+
+	$type = $_REQUEST['type'];
+
 	if($type == "email")
 	{
 		$id = 1;
@@ -27,7 +35,7 @@
 		{
 			$row = mysql_fetch_assoc($res);
 			$row['attempts']++;
-			if($row['attempts'] == 4)
+			if($row['attempts'] >= 6)
 			{
 				mysql_query("update `email` set `hash`='', `attempts`='$row[attempts]', `deleted`=NOW() where `id`='$emailid'");
 				showheader(_("Error!"), _("Error!"));
@@ -38,7 +46,7 @@
 			mysql_query("update `email` set `attempts`='$row[attempts]' where `id`='$emailid'");
 		}
 
-		$query = "select * from `email` where `id`='$emailid' and `hash`='$hash' and hash!='' and deleted=0 and `attempts` <= 2";
+		$query = "select * from `email` where `id`='$emailid' and `hash`='$hash' and hash!='' and deleted=0 and `attempts` <= 6";
 		$res = mysql_query($query);
 		if(mysql_num_rows($res) <= 0)
 		{
@@ -48,7 +56,7 @@
 			exit;
 		}
 		$row = mysql_fetch_assoc($res);
-		if($_REQUEST['reallyverify'] == 1)
+		if($_REQUEST['Yes'] != "")
 		{
 			$query = "update `email` set `hash`='',`modified`=NOW() where `id`='$emailid'";
 			mysql_query($query);
@@ -56,10 +64,19 @@
 			mysql_query($query);
 			showheader(_("Updated"), _("Updated"));
 			echo _("Your account and/or email address has been verified. You can now start issuing certificates for this address.");
+		} else if($_REQUEST['No'] != "") {
+			header("location: /index.php");
+			exit;
 		} else {
+			showheader(_("Updated"), _("Updated"));
 			printf(_("Are you sure you want to verify the email %s?"), $row['email']);
-			echo "<br>\n";
-			printf(_("%sYes%s %sNo%s"), "<a href='/verify.php?emailid=$emailid&hash=$hash&reallyverify=1'>", "</a>", "<a href='/index.php'>", "</a>");
+			echo "<br>\n<form method='post' action='/verify.php'>";
+			echo "<input type='hidden' name='emailid' value='$emailid'>";
+			echo "<input type='hidden' name='hash' value='$hash'>";
+			echo "<input type='hidden' name='type' value='email'>";
+			echo "<input type='submit' name='Yes' value='"._("Yes verify this email")."'><br>\n";
+			echo "<input type='submit' name='Notify' value='"._("Notify support about this")."'><br>\n";
+			echo "<input type='submit' name='No' value='"._("Do not verify this email")."'></form>\n";
 		}
 		showfooter();
 		exit;
@@ -99,16 +116,25 @@
 			exit;
 		}
 		$row = mysql_fetch_assoc($res);
-		if($_REQUEST['reallyverify'] == 1)
+		if($_REQUEST['Yes'] != "")
 		{
 			$query = "update `domains` set `hash`='',`modified`=NOW() where `id`='$domainid'";
 			mysql_query($query);
 			showheader(_("Updated"), _("Updated"));
 			echo _("Your domain has been verified. You can now start issuing certificates for this domain.");
+		} else if($_REQUEST['No'] != "") {
+			header("location: /index.php");
+			exit;
 		} else {
+			showheader(_("Updated"), _("Updated"));
 			printf(_("Are you sure you want to verify the domain %s?"), $row['name']);
-			echo "<br>\n";
-			printf(_("%sYes%s %sNo%s"), "<a href='/verify.php?domainid=$domainid&hash=$hash&reallyverify=1'>", "</a>", "<a href='/index.php'>", "</a>");
+			echo "<br>\n<form method='post' action='/verify.php'>";
+			echo "<input type='hidden' name='domainid' value='$domainid'>";
+			echo "<input type='hidden' name='hash' value='$hash'>";
+			echo "<input type='hidden' name='type' value='domain'>";
+			echo "<input type='submit' name='Yes' value='"._("Yes verify this email")."'><br>\n";
+			echo "<input type='submit' name='Notify' value='"._("Notify support about this")."'><br>\n";
+			echo "<input type='submit' name='No' value='"._("Do not verify this email")."'></form>\n";
 		}
 		showfooter();
 		exit;