diff -r d44492e34ab3 -r e5302cb1945c plugins/admin/UserManager.php --- a/plugins/admin/UserManager.php Mon Oct 29 23:54:48 2007 -0400 +++ b/plugins/admin/UserManager.php Fri Nov 02 20:37:26 2007 -0400 @@ -402,18 +402,18 @@ { $row = $db->fetchrow(); $db->free_result(); - if($session->activate_account($_GET['user'], $row['activation_key'])) { echo '

The user account "'.$_GET['user'].'" has been activated.

'; $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE time_id=' . $db->escape($_GET['logid'])); } - else echo '

The user account "'.$_GET['user'].'" has NOT been activated, possibly because the account is already active.

'; + if($session->activate_account($_GET['user'], $row['activation_key'])) { echo '

The user account "' . htmlspecialchars($_GET['user']) . '" has been activated.

'; $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE time_id=' . $db->escape($_GET['logid'])); } + else echo '

The user account "' . htmlspecialchars($_GET['user']) . '" has NOT been activated, possibly because the account is already active.

'; } else echo '

Error activating account: '.mysql_error().'

'; break; case "sendemail": - if($session->send_activation_mail($_GET['user'])) { echo '

The user "'.$_GET['user'].'" has been sent an e-mail with an activation link.

'; $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE time_id=' . $db->escape($_GET['logid'])); } - else echo '

The user account "'.$_GET['user'].'" has not been activated, probably because of a bad SMTP configuration.

'; + if($session->send_activation_mail($_GET['user'])) { echo '

The user "' . htmlspecialchars($_GET['user']) . '" has been sent an e-mail with an activation link.

'; $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE time_id=' . $db->escape($_GET['logid'])); } + else echo '

The user account "' . htmlspecialchars($_GET['user']) . '" has not been activated, probably because of a bad SMTP configuration.

'; break; case "deny": - $e = $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE log_type=\'admin\' AND action=\'activ_req\' AND edit_summary=\'' . $db->escape($_GET['user']) . '\';'); + $e = $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE log_type=\'admin\' AND action=\'activ_req\' AND time_id=\'' . $db->escape($_GET['logid']) . '\';'); if(!$e) echo '

Error during row deletion: '.mysql_error().'

'; - else echo '

All activation requests for the user "'.$_GET['user'].'" have been deleted.

'; + else echo '

All activation requests for the user "' . htmlspecialchars($_GET['user']) . '" have been deleted.

'; break; } }