$text = str_replace("{X_UACTLINK}", XOOPS_URL . "/register.php?op=actv&id=" . $user->getVar("uid") . "&actkey=" . $user->getVar('actkey'), $text);
No it won't. The email activation makes a request of a different file to activate the account.
// always cancel the pending email if we get to here
$edituser->setVar('pending_email', '');
$edituser->setVar('pending_key', '');
if (! $member_handler->insertUser($edituser)) {
include $GLOBALS['xoops']->path('header.php');
echo $edituser->getHtmlErrors();
include $GLOBALS['xoops']->path('footer.php');
} else {
redirect_header('userinfo.php?uid=' . $uid, 1, _US_PROFUPDATED);
}
Warning: Database updates are not allowed during processing of a GET request in file /class/database/mysqldatabase.php line 400
Warning: Insert failed in method 'cleanVars' of object 'XoopsUser' in file /class/model/write.php line 265
// confirmed email change - Rob Stockley -----------------------------
if ($op == 'processpending'){
// get to here after form is submitted
if (!$GLOBALS['xoopsSecurity']->check()) {
redirect_header('index.php', 3, _US_NOEDITRIGHT . "
" . implode('
', $GLOBALS['xoopsSecurity']->getErrors()));
exit();
}
$uid = (!empty($_POST['uid'])) ? intval($_POST['uid']) : 0;
$pemail = (!empty($_POST['pending_email'])) ? $myts->stripSlashesGPC(trim($_POST['pending_email'])) : '';
$pwd_txt = (!empty($_POST['pwd_txt'])) ? $myts->stripSlashesGPC(trim($_POST['pwd_txt'])) : '';
// check sanity of user
if (empty($uid) || $xoopsUser->getVar('uid') != $uid) {
redirect_header('index.php', 3, _US_NOEDITRIGHT);
exit();
}
// check format of proposed email
if ($pemail == '' || ! checkEmail($pemail)) {
$errors[] = _US_INVALIDMAIL;
}
// check user password
if ($pwd_txt == '') {
$errors[] = _US_ENTERPWD;
} elseif (strcmp($xoopsUser->getVar('pass'), md5($pwd_txt)) != 0) {
$errors[] = _US_INVALIDPWD;
}
// if there were form errors display these and rerun the form.
if (count($errors) > 0) {
include $GLOBALS['xoops']->path('header.php');
echo '';
foreach ($errors as $er) {
echo '' . $er . '
';
}
echo '
';
$op = 'changeemail';
} else {
// no errors so update the user record
$pkey = substr(md5(uniqid(mt_rand(), 1)), 0, 8);
$member_handler =& xoops_gethandler('member');
$edituser =& $member_handler->getUser($uid);
$edituser->setVar('pending_email', $pemail);
$edituser->setVar('pending_key', $pkey);
if (! $member_handler->insertUser($edituser)) {
include $GLOBALS['xoops']->path('header.php');
echo $edituser->getHtmlErrors();
include $GLOBALS['xoops']->path('footer.php');
} else {
//invoke the mailer
$xoopsMailer =& xoops_getMailer();
$xoopsMailer->useMail();
$xoopsMailer->setTemplate('changeemail.tpl');
$xoopsMailer->assign('SITENAME', $xoopsConfig['sitename']);
$xoopsMailer->assign('ADMINMAIL', $xoopsConfig['adminmail']);
$xoopsMailer->assign('SITEURL', XOOPS_URL . "/");
$xoopsMailer->setToEmails(array($pemail));
$xoopsMailer->setFromEmail($xoopsConfig['adminmail']);
$xoopsMailer->setFromName($xoopsConfig['sitename']);
$xoopsMailer->setSubject(sprintf(_US_USERKEYFOR, $uname));
# if (! $xoopsMailer->send()) {
# echo _US_PMAILFAIL;
# } else {
# echo _US_PMAILSUCCESS;
# }
redirect_header('userinfo.php?uid=' . $uid, 1, _US_PROFUPDATED);
}
exit();
}
}
if ($op == 'changeemail'){
// get to here when change email button is clicked
include_once $GLOBALS['xoops']->path('header.php');
include_once $GLOBALS['xoops']->path('include/comment_constants.php');
include_once $GLOBALS['xoops']->path('include/xoopscodes.php');
$uid = $xoopsUser->getVar('uid');
echo '. $uid . '">' . _US_PROFILE . ' »» ' . _US_CHANGEEMAIL . '
';
$form = new XoopsThemeForm(_US_CHANGEEMAIL, 'userinfo', 'edituser.php', 'post', true);
$email = new XoopsFormLabel(_US_EMAIL, $xoopsUser->getVar('email'));
$form->addElement($email);
$pending_email = new XoopsFormText(_US_NEWEMAIL, 'pending_email', 30, 60, $xoopsUser->getVar('pending_email', 'E'));
$form->addElement($pending_email);
// inlcude password to avoid account hijacking
$pwd_text = new XoopsFormPassword(_US_PASSWORD, 'pwd_txt', 10, 32);
$form->addElement($pwd_text);
$form->addElement(new XoopsFormHidden('op', 'processpending'));
$form->addElement(new XoopsFormHidden('uid', $uid));
$form->addElement(new XoopsFormButton('', 'submit', _SUBMIT, 'submit'));
$form->display();
include $GLOBALS['xoops']->path('footer.php');
}
if ($op == 'actvemail' || $op == 'cancelpending'){
// get to here if cancel button clicked or through email link
$uid = (!empty($_GET['uid'])) ? intval($_GET['uid']) : 0;
$pkey = (!empty($_GET['pending_key'])) ? trim($_GET['pending_key']) : '';
$pemail = $xoopsUser->getVar('pending_email', 'E');
// user sanity check
if (empty($uid) || $xoopsUser->getVar('uid') != $uid) {
redirect_header('index.php', 3, _US_NOEDITRIGHT);
exit();
}
// get ready to update the user record
$member_handler =& xoops_gethandler('member');
$edituser =& $member_handler->getUser($uid);
if ($op == 'actvemail') {
// if we're being activated then check the key
if ($pkey == '' || strcmp($pkey, $xoopsUser->getVar('pending_key')) != 0) {
redirect_header('index.php', 3, _US_NOEDITRIGHT . "
" . implode('
', $GLOBALS['xoopsSecurity']->getErrors()));
exit();
}
// key was good copy pending email into primary email field
$edituser->setVar('email', $pemail);
}
// always cancel the pending email if we get to here
$edituser->setVar('pending_email', '');
$edituser->setVar('pending_key', '');
if (! $member_handler->insertUser($edituser)) {
include $GLOBALS['xoops']->path('header.php');
echo $edituser->getHtmlErrors();
include $GLOBALS['xoops']->path('footer.php');
} else {
redirect_header('userinfo.php?uid=' . $uid, 1, _US_PROFUPDATED);
}
exit();
}
// confirmed email change - Rob Stockley -----------------------------
// pk block access without referer