RELEASE "$user_db"
sendmail -t -f "$MAILFROM" <<-EOF
From: ${MAILFROM}
- To: "${email}"
+ To: ${email}
Subject: Your account registration at ${HTTP_HOST%:*}
Someone tried to sign up for a user account using this email address.
You can activate your account using this link:
- https://${HTTP_HOST%:*}/${_BASE}/?user_confirm=${uid}+$(session_mac "$uid")
+ https://${HTTP_HOST%:*}/${_BASE}${PATH_INFO}?user_confirm=${uid}+$(session_mac "$uid")
This registration link will expire after 24 hours.
# destroy cookie, destroy session
# keep device cookie
new_session
- SET_COOKIE 0 session=""
- SET_COOKIE 0 user_id=""
+ SESSION_COOKIE new
+ SET_COOKIE 0 user_id="" Path="/${_BASE#/}" SameSite=Strict HttpOnly
REDIRECT "${_BASE}${PATH_INFO}#USER_LOGGED_OUT"
}
esac
w_user_register(){
- if [ "$USER_REGISTRATION" != true ]; then
+ if [ "$(GET user_confirm)" ]; then
+ w_user_confirm
+ elif [ "$USER_REGISTRATION" != true ]; then
cat <<-EOF
[div #user_register .disabled
User Registration is disabled.
elif [ "$USER_ID" ]; then
cat <<-EOF
[form #user_login .logout method=POST
- [p You are currently logged in as "${USER_NAME}"]
+ [p Logged in as [span . $(HTML ${USER_NAME})]]
[submit "action" "user_logout" Logout]
]
EOF