These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /*************************************************************************** |
||
3 | * for license information see LICENSE.md |
||
4 | ***************************************************************************/ |
||
5 | |||
6 | use Doctrine\DBAL\Connection; |
||
7 | |||
8 | $disable_verifyemail = true; |
||
9 | require __DIR__ . '/lib2/web.inc.php'; |
||
10 | |||
11 | $tpl->name = 'activation'; |
||
12 | $tpl->menuitem = MNU_START_REGISTER_ACTIVATION; |
||
13 | |||
14 | // We use short param codes 'u' and 'c' to generate short-enough activation |
||
15 | // url that will not be wrapped in plain-text emails. |
||
16 | |||
17 | $code = isset($_REQUEST['code']) ? trim($_REQUEST['code']) : (isset($_REQUEST['c']) ? trim($_REQUEST['c']) : ''); |
||
18 | $email = isset($_REQUEST['email']) ? trim($_REQUEST['email']) : (isset($_REQUEST['e']) ? trim($_REQUEST['e']) : ''); |
||
19 | |||
20 | $tpl->assign('errorEMail', false); |
||
21 | $tpl->assign('errorCode', false); |
||
22 | $tpl->assign('errorAlreadyActivated', false); |
||
23 | $tpl->assign('sucess', false); |
||
24 | |||
25 | if (isset($_REQUEST['submit']) || ($code !== '' && $email !== '')) { |
||
26 | $emailNotOk = is_valid_email_address($email) ? false : true; |
||
27 | |||
28 | if ($emailNotOk === false) { |
||
29 | /** @var Connection $connection */ |
||
30 | $connection = AppKernel::Container()->get(Connection::class); |
||
31 | $activation = $connection |
||
32 | ->fetchAssoc( |
||
33 | 'SELECT `user_id` `id`, `activation_code` `code` FROM `user` WHERE `email`=:email', |
||
34 | [':email' => $email] |
||
35 | ); |
||
36 | |||
37 | if ($activation) { |
||
0 ignored issues
–
show
|
|||
38 | if ($activation['code'] === $code) { |
||
39 | $connection->update( |
||
40 | 'user', |
||
41 | [ |
||
42 | 'is_active_flag' => 1, |
||
43 | 'activation_code' => '', |
||
44 | ], |
||
45 | [ |
||
46 | 'user_id' => $activation['id'] |
||
47 | ] |
||
48 | ); |
||
49 | $tpl->assign('sucess', true); |
||
50 | } else { |
||
51 | if ($activation['code'] === '') { |
||
52 | $tpl->assign('errorAlreadyActivated', true); |
||
53 | } else { |
||
54 | $tpl->assign('errorCode', true); |
||
55 | } |
||
56 | } |
||
57 | } else { |
||
58 | $tpl->assign('errorCode', true); |
||
59 | } |
||
60 | } else { |
||
61 | $tpl->assign('errorEMail', true); |
||
62 | } |
||
63 | } |
||
64 | |||
65 | $tpl->assign('email', $email); |
||
66 | $tpl->assign('code', $code); |
||
67 | |||
68 | $tpl->display(); |
||
69 |
This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent.
Consider making the comparison explicit by using
empty(..)
or! empty(...)
instead.