Improved register_globals

Improved error handling

www/verify.php

@@ -18,13 +18,13 @@
 <?
 	loadem("account");
 
-	if($_REQUEST['Notify'] != "")
+	if(array_key_exists('Notify',$_REQUEST) && $_REQUEST['Notify'] != "")
 	{
 		echo "do something here";
 		exit;
 	}
 
-	$type = $_REQUEST['type'];
+	$type = array_key_exists('type',$_REQUEST)?$_REQUEST['type']:"";
 
 	if($type == "email")
 	{
@@ -59,7 +59,7 @@
 			exit;
 		}
 		$row = mysql_fetch_assoc($res);
-		if($_REQUEST['Yes'] != "")
+		if(array_key_exists('Yes',$_REQUEST) && $_REQUEST['Yes'] != "")
 		{
 			$query = "update `email` set `hash`='',`modified`=NOW() where `id`='$emailid'";
 			mysql_query($query);
@@ -67,7 +67,7 @@
 			mysql_query($query);
 			showheader(_("Updated"), _("Updated"));
 			echo _("Your account and/or email address has been verified. You can now start issuing certificates for this address.");
-		} else if($_REQUEST['No'] != "") {
+		} else if(array_key_exists('No',$_REQUEST) && $_REQUEST['No'] != "") {
 			header("location: /index.php");
 			exit;
 		} else {
@@ -84,8 +84,7 @@
 		showfooter();
 		exit;
 	}
-
-	if($type == "domain")
+	elseif($type == "domain")
 	{
 		$id = 7;
 		$domainid = intval($_REQUEST['domainid']);
@@ -96,8 +95,8 @@
 		if(mysql_num_rows($res) > 0)
 		{
 			$row = mysql_fetch_assoc($res);
-			$row[attempts]++;
-			if($row[attempts] >= 6)
+			$row['attempts']++;
+			if($row['attempts'] >= 6)
 			{
 				$query = "update `domains` set `hash`='', `attempts`='$row[attempts]', `deleted`=NOW() where `id`='$domainid'";
 				showheader(_("Error!"), _("Error!"));
@@ -142,4 +141,11 @@
 		showfooter();
 		exit;
 	}
+	else
+	{
+		showheader(_("Error!"), _("Error!"));
+		echo _("Parameters are missing. Please try the complete URL.");
+		showfooter();
+		exit;
+	}
 ?>