Nukemods Forum - View Single Post - Error confirming email in Registration Hack

mikem · 01-24-2003, 10:42 AM

Oh heck..here it is...I'll try to get this setup as a download for others.

In modules/Your_Account/index.php

find

Code:

function login($uname, $pass) {
    global $setinfo, $user_prefix, $dbi, $module_name;
    $result = sql_query("select pass, uid, storynum, umode, uorder, thold, noscore, ublockon, theme, commentmax from ".$user_prefix."_users where uname='$uname'", $dbi);
    $setinfo = sql_fetch_array($result, $dbi);
    if ((sql_num_rows($result, $dbi)==1) AND ($setinfo[uid] != 1) AND ($setinfo[pass] != "")) {
	$dbpass=$setinfo[pass];
	$non_crypt_pass = $pass;
  	$old_crypt_pass = crypt($pass,substr($dbpass,0,2));
	$new_pass = md5($pass);
	if (($dbpass == $non_crypt_pass) OR ($dbpass == $old_crypt_pass)) {
	    sql_query("update ".$user_prefix."_users set pass='$new_pass' WHERE uname='$uname'", $dbi);
	    $result = sql_query("select pass from ".$user_prefix."_users where uname='$uname'", $dbi);
	    list($dbpass) = sql_fetch_row($result, $dbi);
	}
	if ($dbpass != $new_pass) {
            Header("Location: modules.php?name=$module_name&stop=1");
    	    return;
	}
	docookie($setinfo[uid], $uname, $new_pass, $setinfo[storynum], $setinfo[umode], $setinfo[uorder], $setinfo[thold], $setinfo[noscore], $setinfo[ublockon], $setinfo[theme], $setinfo[commentmax]);
	Header("Location: modules.php?name=$module_name&op=userinfo&bypass=1&uname=$uname");
    } else {
	Header("Location: modules.php?name=$module_name&stop=1");
    }
}

replace ALL with

Code:

function login($uname, $pass, $redirect, $mode, $f, $t) {
    global $setinfo, $user_prefix, $dbi, $module_name, $pm_login;
    $result = sql_query("select pass, uid, storynum, umode, uorder, thold, noscore, ublockon, theme, commentmax, user_active from ".$user_prefix."_users where uname='$uname'", $dbi);
    $setinfo = sql_fetch_array($result, $dbi);
    $forward = ereg_replace("redirect=", "", "$redirect");
    if (ereg("privmsg", $forward)) {
        $pm_login = "active";
    }
    if ((sql_num_rows($result, $dbi)==1) AND ($setinfo[uid] != 1) AND ($setinfo[pass] != "") AND ($setinfo[user_active] == 1 )) {
	$dbpass=$setinfo[pass];
	$non_crypt_pass = $pass;
  	$old_crypt_pass = crypt($pass,substr($dbpass,0,2));
	$new_pass = md5($pass);
	if (($dbpass == $non_crypt_pass) OR ($dbpass == $old_crypt_pass)) {
	    sql_query("update ".$user_prefix."_users set pass='$new_pass' WHERE uname='$uname'", $dbi);
	    $result = sql_query("select pass from ".$user_prefix."_users where uname='$uname'", $dbi);
	    list($dbpass) = sql_fetch_row($result, $dbi);
	}
	if ($dbpass != $new_pass) {
            Header("Location: modules.php?name=$module_name&stop=1");
    	    return;
	}
	docookie($setinfo[uid], $uname, $new_pass, $setinfo[storynum], $setinfo[umode], $setinfo[uorder], $setinfo[thold], $setinfo[noscore], $setinfo[ublockon], $setinfo[theme], $setinfo[commentmax]);
	if ($pm_login != "") {
            Header("Location: modules.php?name=Private_Messages&file=index&folder=inbox");
	    exit;
	}
        if ($redirect == "" ) {
            Header("Location: modules.php?name=Your_Account&op=userinfo&bypass=1&uname=$uname");
        } else if ($mode == "") {
            Header("Location: modules.php?name=Forums&file=$forward");
        } else if ($t !="")  {
            Header("Location: modules.php?name=Forums&file=$forward&mode=$mode&t=$t");
        } else {
            Header("Location: modules.php?name=Forums&file=$forward&mode=$mode&f=$f");
	}
    } else {
	Header("Location: modules.php?name=$module_name&stop=1");
    }
}

Also..apply the above fixxes in my previous post to fix the User Activation links it sends in the emails.

Now once that is done. You can TURN on User Activation in the Forum Admin configuration.

Your users will sign up and receive an onscreen message that either they will receive an Email with an activation link that they must clikc to activate their account or they will receive a confirmation email that their account has been activated by the Admin.(depends on the type of activation you choose, user or admin)

Now, if a user DOES not get Activate his/her account by following the link in the email or the Admin does not activate him/her, when they try to loggin to the site, it will reject them back to the loggin screen with "Loggin Incorrect"
You can change that text at the top of the Loggin Incorrect screen in your language file to read something like:
"Loggin Incorrect or your account is not yet activated, check your email"
Thats' what we did here at nukemods.

I hope this helps, cause now I have a hand cramp :?

mikem