X-Git-Url: http://git.plutz.net/?a=blobdiff_plain;f=users.sh;h=4c730ee3753367567f6e08e527df6bd9da4f85a0;hb=7459611c967440c8a73573b50f6d802764293a86;hp=b5ebcefaefc912b59a37f374f7bacb10f6481ffb;hpb=5a714a2ec25ff2499cb8077bcdbe55d3612200c8;p=cgilite

diff --git a/users.sh b/users.sh
index b5ebcef..4c730ee 100755
--- a/users.sh
+++ b/users.sh
@@ -105,14 +105,14 @@ user_register(){
       RELEASE "$user_db"
       sendmail -t -f "$MAILFROM" <<-EOF
 	From: ${MAILFROM}
-	To: "${email}"
+	To: ${email}
 	Subject: Your account registration at ${HTTP_HOST%:*}
 
 	Someone tried to sign up for a user account using this email address.
 
 	You can activate your account using this link:
 
-	    https://${HTTP_HOST%:*}/${_BASE}/?user_confirm=${uid}+$(session_mac "$uid")
+	    https://${HTTP_HOST%:*}/${_BASE}${PATH_INFO}?user_confirm=${uid}+$(session_mac "$uid")
 
 	This registration link will expire after 24 hours.
 
@@ -226,8 +226,8 @@ user_logout(){
   # destroy cookie, destroy session
   # keep device cookie
   new_session
-  SET_COOKIE 0 session=""
-  SET_COOKIE 0 user_id=""
+  SESSION_COOKIE new
+  SET_COOKIE 0 user_id="" Path="/${_BASE#/}" SameSite=Strict HttpOnly
   REDIRECT "${_BASE}${PATH_INFO}#USER_LOGGED_OUT"
 }
 
@@ -259,7 +259,9 @@ user_init
 esac
 
 w_user_register(){
-  if [ "$USER_REGISTRATION" != true ]; then
+  if [ "$(GET user_confirm)" ]; then
+    w_user_confirm
+  elif [ "$USER_REGISTRATION" != true ]; then
     cat <<-EOF
 	[div #user_register .disabled
 	User Registration is disabled.
@@ -336,7 +338,7 @@ w_user_login(){
   elif [ "$USER_ID" ]; then
     cat <<-EOF
 	[form #user_login .logout method=POST
-	  [p You are currently logged in as "${USER_NAME}"]
+	  [p Logged in as [span . $(HTML ${USER_NAME})]]
 	  [submit "action" "user_logout" Logout]
 	]
 	EOF