<?php if (!isset($_GET['key'], $_GET['nick'])) { $tmpl->renderBadLink(); return; } $event = $db->query('SELECT user_id FROM events WHERE event_key = ' . $db->quote($_GET['key']) . ' AND event_type = ' . $db->quote(Event::EMAIL_CHANGE_NEW))->fetch(); if ($event === false) { $tmpl->renderBadLink(); return; } if (!Event::isActive($db, $_GET['key'])) { $tmpl->renderBadLink(); return; } $user_ch = $db->query('SELECT user_id, nick, email FROM users WHERE nick = ' . $db->quote($_GET['nick']))->fetch(); if ($user_ch === false) { $tmpl->renderBadLink(); return; } if ((int) $event['user_id'] !== (int) $user_ch['user_id']) { $tmpl->renderBadLink(); return; } $value = Event::getData($db, $_GET['key']); if ($value === false) { reload('?fb=change_email_failed'); } $db->beginTransaction(); try { Event::setComplete($db, $_GET['key']);