function VerifyPageArguments($argspec, $required) { global $drewheader; if ($drewheader) { trigger_error("PAGEHEADER called before VerifyPageArguments " . "(called by RequiredPageArguments or OptionalPageArguments). " . "Won't be able to return proper HTTP status code on Error " . "in " . $_SERVER['SCRIPT_FILENAME'] . ",", E_USER_WARNING); } $result = array(); while ($argspec and count($argspec) > 1) { $name = array_shift($argspec); $type = array_shift($argspec); $yep = 0; unset($object); switch ($type) { case PAGEARG_EXPERIMENT: if (isset($_REQUEST[URL_EXPERIMENT])) { $idx = $_REQUEST[URL_EXPERIMENT]; $yep = 1; if (ValidateArgument(PAGEARG_EXPERIMENT, $idx)) { $object = Experiment::Lookup($idx); } } elseif (isset($_REQUEST[URL_EXPTIDX])) { $idx = $_REQUEST[URL_EXPTIDX]; $yep = 1; if (ValidateArgument(PAGEARG_EXPERIMENT, $idx)) { $object = Experiment::Lookup($idx); } } elseif (isset($_REQUEST[URL_PID]) && isset($_REQUEST[URL_EID])) { $pid = $_REQUEST[URL_PID]; $eid = $_REQUEST[URL_EID]; $yep = 1; if (ValidateArgument(PAGEARG_PID, $pid) && ValidateArgument(PAGEARG_EID, $eid)) { $object = Experiment::LookupByPidEid($pid, $eid); } } break; case PAGEARG_TEMPLATE: if (isset($_REQUEST[URL_GUID]) && isset($_REQUEST[URL_VERS])) { $guid = $_REQUEST[URL_GUID]; $vers = $_REQUEST[URL_VERS]; $yep = 1; if (ValidateArgument(PAGEARG_GUID, $guid) && ValidateArgument(PAGEARG_VERS, $vers)) { $object = Template::Lookup($guid, $vers); } } elseif (isset($_REQUEST[URL_TEMPLATE])) { $guidvers = $_REQUEST[URL_TEMPLATE]; $yep = 1; if (preg_match("/^([\\d]+)\\/([\\d]+)\$/", $guidvers, $matches)) { $guid = $matches[1]; $vers = $matches[2]; $object = Template::Lookup($guid, $vers); } else { PAGEARGERROR("Invalid argument for '{$type}': {$guidvers}"); } } break; case PAGEARG_INSTANCE: if (isset($_REQUEST[URL_INSTANCE])) { $idx = $_REQUEST[URL_INSTANCE]; $yep = 1; if (ValidateArgument(PAGEARG_INSTANCE, $idx)) { $object = TemplateInstance::LookupByExptidx($idx); } } break; case PAGEARG_METADATA: if (isset($_REQUEST[URL_METADATA])) { $guidvers = $_REQUEST[URL_METADATA]; $yep = 1; if (preg_match("/^([\\d]+)\\/([\\d]+)\$/", $guidvers, $matches)) { $guid = $matches[1]; $vers = $matches[2]; $object = TemplateMetadata::Lookup($guid, $vers); } else { PAGEARGERROR("Invalid argument for '{$type}': {$guidvers}"); } } break; case PAGEARG_PROJECT: if (isset($_REQUEST[URL_PROJECT])) { $idx = $_REQUEST[URL_PROJECT]; $yep = 1; if (ValidateArgument(PAGEARG_PROJECT, $idx)) { $object = Project::Lookup($idx); } } elseif (isset($_REQUEST[URL_PID])) { $pid = $_REQUEST[URL_PID]; $yep = 1; if (ValidateArgument(PAGEARG_PID, $pid)) { $object = Project::Lookup($pid); } } break; case PAGEARG_GROUP: if (isset($_REQUEST[URL_GROUP])) { $idx = $_REQUEST[URL_GROUP]; $yep = 1; if (ValidateArgument(PAGEARG_GROUP, $idx)) { $object = Group::Lookup($idx); } } elseif (isset($_REQUEST[URL_PID]) && isset($_REQUEST[URL_GID])) { $pid = $_REQUEST[URL_PID]; $gid = $_REQUEST[URL_GID]; $yep = 1; if (ValidateArgument(PAGEARG_PID, $pid) && ValidateArgument(PAGEARG_GID, $gid)) { $object = Group::LookupByPidGid($pid, $gid); } } break; case PAGEARG_NODE: if (isset($_REQUEST[URL_NODE])) { $idx = $_REQUEST[URL_NODE]; $yep = 1; if (ValidateArgument(PAGEARG_NODE, $idx)) { $object = Node::Lookup($idx); } } elseif (isset($_REQUEST[URL_NODEID])) { $nodeid = $_REQUEST[URL_NODEID]; $yep = 1; if (ValidateArgument(PAGEARG_NODEID, $nodeid)) { $object = Node::Lookup($nodeid); } } elseif (isset($_REQUEST[URL_NODEID_ALT])) { $nodeid = $_REQUEST[URL_NODEID_ALT]; $yep = 1; if (ValidateArgument(PAGEARG_NODEID, $nodeid)) { $object = Node::Lookup($nodeid); } } break; case PAGEARG_USER: if (isset($_REQUEST[URL_USER])) { $idx = $_REQUEST[URL_USER]; $yep = 1; if (ValidateArgument(PAGEARG_USER, $idx)) { $object = User::Lookup($idx); } } elseif (isset($_REQUEST[URL_UID])) { $uid = $_REQUEST[URL_UID]; $yep = 1; if (ValidateArgument(PAGEARG_UID, $uid)) { $object = User::Lookup($uid); } } break; case PAGEARG_IMAGE: if (isset($_REQUEST[URL_IMAGEID])) { $imageid = $_REQUEST[URL_IMAGEID]; $yep = 1; if (ValidateArgument(PAGEARG_IMAGE, $imageid)) { $object = Image::Lookup($imageid); } } elseif (isset($_REQUEST[$name]) && $_REQUEST[$name] != "") { $imageid = $_REQUEST[$name]; $yep = 1; if (ValidateArgument(PAGEARG_IMAGE, $imageid)) { $object = Image::Lookup($imageid); } } break; case PAGEARG_OSINFO: if (isset($_REQUEST[URL_OSID])) { $osid = $_REQUEST[URL_OSID]; $yep = 1; if (ValidateArgument(PAGEARG_OSINFO, $osid)) { $object = OSinfo::Lookup($osid); } } break; case PAGEARG_BOOLEAN: if (isset($_REQUEST[$name]) && $_REQUEST[$name] != "") { $object = $_REQUEST[$name]; $yep = 1; if (strcasecmp("{$object}", "yes") == 0 || strcasecmp("{$object}", "1") == 0 || strcasecmp("{$object}", "true") == 0 || strcasecmp("{$object}", "on") == 0) { $object = True; } elseif (strcasecmp("{$object}", "no") == 0 || strcasecmp("{$object}", "0") == 0 || strcasecmp("{$object}", "false") == 0 || strcasecmp("{$object}", "off") == 0) { $object = False; } } break; case PAGEARG_INTEGER: case PAGEARG_NUMERIC: case PAGEARG_ARRAY: if (isset($_REQUEST[$name]) && $_REQUEST[$name] != "") { $object = $_REQUEST[$name]; $yep = 1; if (!ValidateArgument($type, $object)) { unset($object); } } break; case PAGEARG_ANYTHING: if (isset($_REQUEST[$name])) { $object = $_REQUEST[$name]; $yep = 1; # Anything allowed, caller BETTER check it. } break; case PAGEARG_ALPHALIST: if (isset($_REQUEST[$name])) { $object = $_REQUEST[$name]; if (!preg_match("/^[\\d\\w\\-\\ \\,]+\$/", $object)) { unset($object); } else { $object = preg_split("/[\\,\\;]+\\s*/", $_REQUEST[$name]); } } break; case PAGEARG_STRING: default: if (isset($_REQUEST[$name])) { $object = $_REQUEST[$name]; $yep = 1; # Pages never get arguments with special chars. Check. if (preg_match("/[\\'\"]/", $object)) { $object = htmlspecialchars($object); PAGEARGERROR("Invalid characters in '{$name}': {$object}"); } } break; case PAGEARG_PASSWORD: default: if (isset($_REQUEST[$name])) { $object = $_REQUEST[$name]; $yep = 1; # Only printable chars. if (!preg_match("/^[ -~]+\$/", $object)) { PAGEARGERROR("Invalid characters in '{$name}'"); } } break; case PAGEARG_LOGFILE: if (isset($_REQUEST[URL_LOGFILE])) { $logid = $_REQUEST[URL_LOGFILE]; $yep = 1; if (ValidateArgument(PAGEARG_LOGFILE, $logid)) { $object = Logfile::Lookup($logid); } } break; } if (isset($object)) { $result[$name] = $object; $GLOBALS[$name] = $object; } elseif ($yep) { # # Value supplied but could not be mapped to object. # Lets make that clear in the error message. # USERERROR("Could not map page arguments to '{$name}'", 1); } elseif ($required) { PAGEARGERROR("Must provide '{$name}' page argument"); } else { unset($GLOBALS[$name]); } } return $result; }
<?php // get environment require '../php/core.php'; require '../php/connection.php'; // get the link check $linkcheck = ValidateArgument("q", $connection); // must be perfect length if (strlen($linkcheck) === 2 * 32 + 1) { // check for duplicate emails $sql = "SELECT idUsers from Users WHERE Confirmed = '0' AND VerifyLink = '" . $linkcheck . "' AND VerifyTimeout > '" . time() . "' AND idUsers > 0;"; // parallel assignment short cut list($result, $valid) = DoQuery($sql, $connection); // must be valid query, but returned 0 rows if ($result && $valid) { $sqlUpdate = "UPDATE Users SET Confirmed = '1', VerifyTimeout = '0', VerifyLink = '0' WHERE VerifyLink = '" . $linkcheck . "';"; // parallel assignment short cut list($resultUpdate, $validUpdate) = DoQuery($sqlUpdate, $connection); // forego processing of error here... header("Location: ../index.html?verified=1"); } else { header("Location: ../index.html?error="); } } else { header("Location: ../index.html"); } // output and close mysqli_close($connection);