Хороним $_COOKIE['pass'], отказываемся от md5('pass'). Это не регистрация, а чёрная дыра!

2023-01-06 16:57:25 +02:00
parent e9ec7eb2f2
commit 9e45f170c7
50 changed files with 1470 additions and 2242 deletions
@@ -1,42 +1,35 @@
-<?
-require_once('_incl_data/__config.php');
-?>
-<HTML><HEAD>
-<link rel=stylesheet type="text/css" href="https://img.new-combats.com/css/main.css">
-<meta content="text/html; charset=windows-1251" http-equiv=Content-type>
-<META Http-Equiv=Cache-Control Content=no-cache>
-<meta http-equiv=PRAGMA content=NO-CACHE>
-<META Http-Equiv=Expires Content=0>
-<TITLE>Áîéöîâñêèé Ìèð. Ïîäòâåðæäåíèå îïåðàöèè ÷åðåç e-mail.</TITLE>
-</HEAD>
-<body leftmargin=10 topmargin=20 marginwidth=0 bgcolor=e2e0e0>
-<?
-			if ($_GET['id']!='' && $_GET['code']!='') {
-				define('GAME',true);
-				include ("_incl_data/class/__db_connect.php");
-				$confirm = mysql_query("SELECT * FROM `emailconfirmation` WHERE `id` = '".mysql_real_escape_string($_GET['id'])."' AND `code` = '".mysql_real_escape_string($_GET['code'])."' AND (`active` = '1' OR `pass` = '1' OR `email` = '1' OR `qu_an` = '1')");
-				if (mysql_num_rows($confirm) == 0 or mysql_num_rows($confirm) == '') die("<br><br><br><h3>Ññûëêà óñòàðåëà!</h3>");
-				$confirm = mysql_fetch_array($confirm,MYSQL_ASSOC) or die("Îøèáêà îáðàáîòêè çàïðîñà!!");
-				if($confirm['active'] == 1) {
-				mysql_query("UPDATE `users` SET `emailconfirmation` = '1', `securetime` = '".(time()+259200)."' WHERE `id` = '".mysql_real_escape_string($confirm['id'])."'");
-				echo "<br><br><br><h3>Ïîäòâåðæäåíèå ñìåíû ïàðîëÿ/email ÷åðåç ïî÷òó âêëþ÷åíî</h3>";
-				}elseif($confirm['pass'] == 1) {
-				mysql_query("UPDATE `users` SET `pass` = '".mysql_real_escape_string($confirm['pa_em'])."', `securetime` = '".(time()+259200)."' WHERE `id` = '".mysql_real_escape_string($confirm['id'])."'");
-				echo "<br><br><br><h3>Óäà÷íî ñìåíèëè ïàðîëü</h3>";
-				}elseif($confirm['email'] == 1) {
-				mysql_query("UPDATE `users` SET `email` = '".mysql_real_escape_string($confirm['pa_em'])."', `securetime` = '".(time()+259200)."' WHERE `id` = '".mysql_real_escape_string($confirm['id'])."'");
-				echo "<br><br><br><h3>Óäà÷íî ñìåíèëè email</h3>";				
-				}elseif($confirm['qu_an'] == 1) {
-				mysql_query("UPDATE `users` SET `a1` = '".mysql_real_escape_string($confirm['question'])."',`q1` = '".mysql_real_escape_string($confirm['answer'])."', `securetime` = '".(time()+259200)."' WHERE `id` = '".mysql_real_escape_string($confirm['id'])."'");
-				echo "<br><br><br><h3>Óäà÷íî ñìåíèëè ñåêðåòíûé âîïðîñ / îòâåò</h3>";				
-				}
-				mysql_query("DELETE FROM `emailconfirmation` WHERE `id` = '".mysql_real_escape_string($_GET['id'])."' AND `code` = '".mysql_real_escape_string($_GET['code'])."'");
-			}else{?>
-<FORM>
-<h4>Ïîäòâåðæäåíèå îïåðàöèè ÷åðåç e-mail</h4>
-Ââåäèòå êîä: <INPUT type=text name='entcode' value='' size=40><INPUT type=submit value="Ãîòîâî">
-</FORM>		
-<?}?>
+<?php

-</BODY>
-</HTML>
+use Core\Config;
+use User\Confirmation;
+
+require_once __DIR__ . DIRECTORY_SEPARATOR . '_incl_data/autoload.php';
+
+Config::init();
+
+if (!empty($_GET['id']) && !empty($_GET['code'])) {
+    $status = Confirmation::byCode((int)$_GET['id'], (int)$_GET['code']);
+}
+?>
+
+<!DOCTYPE html>
+<html lang="ru">
+<head>
+    <meta content="text/html; charset=windows-1251" http-equiv=Content-type>
+    <TITLE><?= Config::get('https') ?> Ïîäòâåðæäåíèå îïåðàöèè ÷åðåç e-mail.</TITLE>
+    <style>
+        body {
+            margin-left: 10px;
+            margin-top: 20px;
+            background-color: #e2e0e0;
+        }
+
+        h3 {
+            margin-top: 50px;
+        }
+    </style>
+</head>
+<body>
+<?= $status ?? '' ?>
+</body>
+</html>