function content() { $errors = array(); if (!array_key_exists('token', $_GET) || !$_GET['token']) { $errors[] = 'Invalid activation token'; } $token = $_GET['token']; $user = fetch_one_or_none('users', 'activation_token', $_GET['token']); if (!$user) { $errors[] = 'Invalid activation token'; } if (count($errors)) { page_header('Activation failed'); show_error_list($errors); return; } $admins = fetch_wol('*', 'users', 'date_verified IS NOT NULL AND date_approved IS NOT NULL', 'id ASC'); $sets = array('activation_token' => null, 'date_verified' => date('Y-m-d H:i:s')); # Auto-approve user 1. if (count($admins) == 0) { $sets['date_approved'] = $sets['date_verified']; $sets['approved_by'] = 1; } update_all('users', $sets, 'id', $user->id); page_header('Account activated'); if (count($admins)) { send_approval_request($user, $admins); ?> <p>Thank you for activating your account. Your request for an account has been forwarded to a site administrator for approval. You will be notified by email when it is approved.</p> <?php } else { register_user_rdf($user); # Don't set login cookie now. This is to prevent someone hijacking # a login token, using it, and benefiting from a pre-logged-in session. # This way, they still need a password. global $config; ?> <p>Thank you for activating your account. You shouldn't need to do that again. You may now want to <a href="<?php esc($config['http_path']); ?> account/login">log in</a>.</p> <?php } }
function content() { global $config; if (!user_logged_in()) { return must_log_in(); } $errors = array(); if (!array_key_exists('id', $_GET)) { $errors[] = 'No user ID'; } if (count($errors) == 0) { $user = fetch_one_or_none('users', 'id', $_GET['id']); if (!$user) { $errors[] = 'No such user'; } if (!$user->date_verified) { $errors[] = 'User has not yet been verified'; } if ($user->date_approved) { $errors[] = 'User has already been approved'; } } if (count($errors)) { page_header("Error approving account"); show_error_list($errors); return; } if (!$user->date_approved) { update_all('users', array('date_approved' => date('Y-m-d H:i:s'), 'approved_by' => user_logged_in()), 'id', $user->id); } $root = 'http://' . $config['domain'] . $config['http_path']; $msg = "Your " . $config['title'] . " account has been approved. " . "To log in, please follow \n" . "the following link:\n" . "\n" . " {$root}account/login\n" . "\n"; mail(sprintf('"%s" <%s>', $user->name, $user->email_address), $config['title'] . " account approved", $msg) or die('Unable to send email'); register_user_rdf($user); page_header("Account approved"); ?> <p>Thank you for approving <?php esc($user->name); ?> 's account.</p> <?php }