| oc |
|
|---|---|
|
(I posted before seeing Brock's post)
@Brock: Well, you are right. This is why my old method is better. I actually don't see no reason to take precautions after user/hacker is on the profile. Actually most of the systems doesn't have this method (I've never seen before for myself). And if user intends to change his/her email, after reading instructions and warnings he should be careful. Anyway, I coded two different methods, pick one. (Second one is not my favourite, but there are some features we can use even if we choose one (like no mail send if email checks on reg is off-same end) @Kilandor: You can't foresee what may happen if I go your way. I actually was not too happy with the recent hack, because I used "user session identifier" but it was a strict hack, I won't try and explain the reasons I changed user group, but this code may be better. So, forget all coded before, new code is: users.profile.inc.php Before the code:
/* ============= */
default:
/* ============= */
break;
After the code:
$rusertheme = ($ruserskin != $row['user_skin']) ? $ruserskin : $rusertheme;
After the code:
$ruserbirthdate = ($rmonth==0 || $rday ==0 || $ryear==0) ? 0 : sed_mktime(1, 0, 0, $rmonth, $rday, $ryear);
http://www.cotonti.com/pastebin/12 Of course, the update sql part part would be like this now:
user_email='".sed_sql_prep($ruseremail)."',
Replaced with: $newmail$profile_form_email and skin tags remain like my previous post, like I said these are actually notes for myself, not to forget how code was, It would be nice the new release to come out, not able to code sucks. Oh, I almost forgot, say hello to our little friend:
ALTER TABLE sed_users ADD COLUMN user_newmail varchar(64) collate utf8_unicode_ci NOT NULL default '';
|
|
Відредаговано: oc (31.01.2009 23:46, 16 років тому) |
