public function run() { $msg = ""; $to = 1; $user = new User(); if (isset($_REQUEST['str'])) { $email = mysql_real_escape_string(base64_decode($_REQUEST['str'])); $confirm_string = substr($_REQUEST['cs'], 0, 10); // verify the email belongs to a user if ($user->findUserByUsername($email) && substr($user->getConfirm_string(), 0, 10) == $confirm_string) { $sql = "\n UPDATE " . USERS . "\n SET\n confirm_string = '',\n confirm = 1,\n is_active = 1\n WHERE username = '******'"; mysql_query($sql); // send welcome email Utils::sendTemplateEmail($user->getUsername(), 'welcome', array('nickname' => $user->getNickname()), 'Worklist <*****@*****.**>'); User::login($user, false); //Optionally can login with confirm URL $jumbotron = "\n <h2>Welcome to Worklist!</h2>\n <p>\n Click on a job and add your bid, or come join us in our \n <a href='https://gitter.im/highfidelity/worklist' target='_blank'>public chat room</a>.\n Questions? Check out the <a href='./help'>help tab</a>.\n </p>"; } else { Utils::redirect('./'); } } elseif (isset($_REQUEST['ppstr'])) { // paypal address confirmation $paypal_email = mysql_real_escape_string(base64_decode($_REQUEST['ppstr'])); $hash = mysql_real_escape_string($_REQUEST['pp']); // verify the email belongs to a user if (!$user->findUserByPPUsername($paypal_email, $hash)) { // hacking attempt, or some other error Utils::redirect('./'); } else { $user->setPaypal_verified(true); $user->setPaypal_hash(''); $user->save(); $jumbotron = "\n <h2>Thank you for confirming your Paypal address.</h2>\n <p>You can now bid on items in the Worklist!</p>"; } } elseif (isset($_REQUEST['emstr'])) { // new email address confirmation $new_email = mysql_real_escape_string(base64_decode($_REQUEST['emstr'])); if (!$user->findUserByUsername($_SESSION['username'])) { Utils::redirect('login'); //we are not logged in } //save new email $user->setUsername($new_email); $user->save(); $_SESSION['username'] = $new_email; $jumbotron = "<h2>Thank you for confirming your changed email address.</h2>"; } $jobs = new JobController(); $jobs->view->jumbotron = $jumbotron; $jobs->listView(); }