function VerifyPageArguments($argspec, $required)
{
global $drewheader;
if ($drewheader) {
trigger_error("PAGEHEADER called before VerifyPageArguments " . "(called by RequiredPageArguments or OptionalPageArguments). " . "Won't be able to return proper HTTP status code on Error " . "in " . $_SERVER['SCRIPT_FILENAME'] . ",", E_USER_WARNING);
}
$result = array();
while ($argspec and count($argspec) > 1) {
$name = array_shift($argspec);
$type = array_shift($argspec);
$yep = 0;
unset($object);
switch ($type) {
case PAGEARG_EXPERIMENT:
if (isset($_REQUEST[URL_EXPERIMENT])) {
$idx = $_REQUEST[URL_EXPERIMENT];
$yep = 1;
if (ValidateArgument(PAGEARG_EXPERIMENT, $idx)) {
$object = Experiment::Lookup($idx);
}
} elseif (isset($_REQUEST[URL_EXPTIDX])) {
$idx = $_REQUEST[URL_EXPTIDX];
$yep = 1;
if (ValidateArgument(PAGEARG_EXPERIMENT, $idx)) {
$object = Experiment::Lookup($idx);
}
} elseif (isset($_REQUEST[URL_PID]) && isset($_REQUEST[URL_EID])) {
$pid = $_REQUEST[URL_PID];
$eid = $_REQUEST[URL_EID];
$yep = 1;
if (ValidateArgument(PAGEARG_PID, $pid) && ValidateArgument(PAGEARG_EID, $eid)) {
$object = Experiment::LookupByPidEid($pid, $eid);
}
}
break;
case PAGEARG_TEMPLATE:
if (isset($_REQUEST[URL_GUID]) && isset($_REQUEST[URL_VERS])) {
$guid = $_REQUEST[URL_GUID];
$vers = $_REQUEST[URL_VERS];
$yep = 1;
if (ValidateArgument(PAGEARG_GUID, $guid) && ValidateArgument(PAGEARG_VERS, $vers)) {
$object = Template::Lookup($guid, $vers);
}
} elseif (isset($_REQUEST[URL_TEMPLATE])) {
$guidvers = $_REQUEST[URL_TEMPLATE];
$yep = 1;
if (preg_match("/^([\\d]+)\\/([\\d]+)\$/", $guidvers, $matches)) {
$guid = $matches[1];
$vers = $matches[2];
$object = Template::Lookup($guid, $vers);
} else {
PAGEARGERROR("Invalid argument for '{$type}': {$guidvers}");
}
}
break;
case PAGEARG_INSTANCE:
if (isset($_REQUEST[URL_INSTANCE])) {
$idx = $_REQUEST[URL_INSTANCE];
$yep = 1;
if (ValidateArgument(PAGEARG_INSTANCE, $idx)) {
$object = TemplateInstance::LookupByExptidx($idx);
}
}
break;
case PAGEARG_METADATA:
if (isset($_REQUEST[URL_METADATA])) {
$guidvers = $_REQUEST[URL_METADATA];
$yep = 1;
if (preg_match("/^([\\d]+)\\/([\\d]+)\$/", $guidvers, $matches)) {
$guid = $matches[1];
$vers = $matches[2];
$object = TemplateMetadata::Lookup($guid, $vers);
} else {
PAGEARGERROR("Invalid argument for '{$type}': {$guidvers}");
}
}
break;
case PAGEARG_PROJECT:
if (isset($_REQUEST[URL_PROJECT])) {
$idx = $_REQUEST[URL_PROJECT];
$yep = 1;
if (ValidateArgument(PAGEARG_PROJECT, $idx)) {
$object = Project::Lookup($idx);
}
} elseif (isset($_REQUEST[URL_PID])) {
$pid = $_REQUEST[URL_PID];
$yep = 1;
if (ValidateArgument(PAGEARG_PID, $pid)) {
$object = Project::Lookup($pid);
}
}
break;
case PAGEARG_GROUP:
if (isset($_REQUEST[URL_GROUP])) {
$idx = $_REQUEST[URL_GROUP];
$yep = 1;
if (ValidateArgument(PAGEARG_GROUP, $idx)) {
$object = Group::Lookup($idx);
}
} elseif (isset($_REQUEST[URL_PID]) && isset($_REQUEST[URL_GID])) {
$pid = $_REQUEST[URL_PID];
$gid = $_REQUEST[URL_GID];
$yep = 1;
if (ValidateArgument(PAGEARG_PID, $pid) && ValidateArgument(PAGEARG_GID, $gid)) {
$object = Group::LookupByPidGid($pid, $gid);
}
}
break;
case PAGEARG_NODE:
if (isset($_REQUEST[URL_NODE])) {
$idx = $_REQUEST[URL_NODE];
$yep = 1;
if (ValidateArgument(PAGEARG_NODE, $idx)) {
$object = Node::Lookup($idx);
}
} elseif (isset($_REQUEST[URL_NODEID])) {
$nodeid = $_REQUEST[URL_NODEID];
$yep = 1;
if (ValidateArgument(PAGEARG_NODEID, $nodeid)) {
$object = Node::Lookup($nodeid);
}
} elseif (isset($_REQUEST[URL_NODEID_ALT])) {
$nodeid = $_REQUEST[URL_NODEID_ALT];
$yep = 1;
if (ValidateArgument(PAGEARG_NODEID, $nodeid)) {
$object = Node::Lookup($nodeid);
}
}
break;
case PAGEARG_USER:
if (isset($_REQUEST[URL_USER])) {
$idx = $_REQUEST[URL_USER];
$yep = 1;
if (ValidateArgument(PAGEARG_USER, $idx)) {
$object = User::Lookup($idx);
}
} elseif (isset($_REQUEST[URL_UID])) {
$uid = $_REQUEST[URL_UID];
$yep = 1;
if (ValidateArgument(PAGEARG_UID, $uid)) {
$object = User::Lookup($uid);
}
}
break;
case PAGEARG_IMAGE:
if (isset($_REQUEST[URL_IMAGEID])) {
$imageid = $_REQUEST[URL_IMAGEID];
$yep = 1;
if (ValidateArgument(PAGEARG_IMAGE, $imageid)) {
$object = Image::Lookup($imageid);
}
} elseif (isset($_REQUEST[$name]) && $_REQUEST[$name] != "") {
$imageid = $_REQUEST[$name];
$yep = 1;
if (ValidateArgument(PAGEARG_IMAGE, $imageid)) {
$object = Image::Lookup($imageid);
}
}
break;
case PAGEARG_OSINFO:
if (isset($_REQUEST[URL_OSID])) {
$osid = $_REQUEST[URL_OSID];
$yep = 1;
if (ValidateArgument(PAGEARG_OSINFO, $osid)) {
$object = OSinfo::Lookup($osid);
}
}
break;
case PAGEARG_BOOLEAN:
if (isset($_REQUEST[$name]) && $_REQUEST[$name] != "") {
$object = $_REQUEST[$name];
$yep = 1;
if (strcasecmp("{$object}", "yes") == 0 || strcasecmp("{$object}", "1") == 0 || strcasecmp("{$object}", "true") == 0 || strcasecmp("{$object}", "on") == 0) {
$object = True;
} elseif (strcasecmp("{$object}", "no") == 0 || strcasecmp("{$object}", "0") == 0 || strcasecmp("{$object}", "false") == 0 || strcasecmp("{$object}", "off") == 0) {
$object = False;
}
}
break;
case PAGEARG_INTEGER:
case PAGEARG_NUMERIC:
case PAGEARG_ARRAY:
if (isset($_REQUEST[$name]) && $_REQUEST[$name] != "") {
$object = $_REQUEST[$name];
$yep = 1;
if (!ValidateArgument($type, $object)) {
unset($object);
}
}
break;
case PAGEARG_ANYTHING:
if (isset($_REQUEST[$name])) {
$object = $_REQUEST[$name];
$yep = 1;
# Anything allowed, caller BETTER check it.
}
break;
case PAGEARG_ALPHALIST:
if (isset($_REQUEST[$name])) {
$object = $_REQUEST[$name];
if (!preg_match("/^[\\d\\w\\-\\ \\,]+\$/", $object)) {
unset($object);
} else {
$object = preg_split("/[\\,\\;]+\\s*/", $_REQUEST[$name]);
}
}
break;
case PAGEARG_STRING:
default:
if (isset($_REQUEST[$name])) {
$object = $_REQUEST[$name];
$yep = 1;
# Pages never get arguments with special chars. Check.
if (preg_match("/[\\'\"]/", $object)) {
$object = htmlspecialchars($object);
PAGEARGERROR("Invalid characters in '{$name}': {$object}");
}
}
break;
case PAGEARG_PASSWORD:
default:
if (isset($_REQUEST[$name])) {
$object = $_REQUEST[$name];
$yep = 1;
# Only printable chars.
if (!preg_match("/^[ -~]+\$/", $object)) {
PAGEARGERROR("Invalid characters in '{$name}'");
}
}
break;
case PAGEARG_LOGFILE:
if (isset($_REQUEST[URL_LOGFILE])) {
$logid = $_REQUEST[URL_LOGFILE];
$yep = 1;
if (ValidateArgument(PAGEARG_LOGFILE, $logid)) {
$object = Logfile::Lookup($logid);
}
}
break;
}
if (isset($object)) {
$result[$name] = $object;
$GLOBALS[$name] = $object;
} elseif ($yep) {
#
# Value supplied but could not be mapped to object.
# Lets make that clear in the error message.
#
USERERROR("Could not map page arguments to '{$name}'", 1);
} elseif ($required) {
PAGEARGERROR("Must provide '{$name}' page argument");
} else {
unset($GLOBALS[$name]);
}
}
return $result;
}
<?php
// get environment
require '../php/core.php';
require '../php/connection.php';
// get the link check
$linkcheck = ValidateArgument("q", $connection);
// must be perfect length
if (strlen($linkcheck) === 2 * 32 + 1) {
// check for duplicate emails
$sql = "SELECT idUsers from Users WHERE Confirmed = '0' AND VerifyLink = '" . $linkcheck . "' AND VerifyTimeout > '" . time() . "' AND idUsers > 0;";
// parallel assignment short cut
list($result, $valid) = DoQuery($sql, $connection);
// must be valid query, but returned 0 rows
if ($result && $valid) {
$sqlUpdate = "UPDATE Users SET Confirmed = '1', VerifyTimeout = '0', VerifyLink = '0' WHERE VerifyLink = '" . $linkcheck . "';";
// parallel assignment short cut
list($resultUpdate, $validUpdate) = DoQuery($sqlUpdate, $connection);
// forego processing of error here...
header("Location: ../index.html?verified=1");
} else {
header("Location: ../index.html?error=");
}
} else {
header("Location: ../index.html");
}
// output and close
mysqli_close($connection);
