maybe thats how to escape the activation of unknown users

2021-01-09 23:22:17 +01:00
parent cf3031774e
commit 00096d3791
1 changed files with 4 additions and 1 deletions
--- a/activation.php
+++ b/activation.php
@@ -38,7 +38,10 @@ if(isset($_GET['send']) ) {
 $user = $statement->fetch(); 
 
 if($user === false) {
- $error = '<span class="badge badge-pill badge-warning"><b>no user found</b></span>';
+    $error = '<span class="badge badge-pill badge-warning"><b>no user found</b></span>';
+ }
+ if($user['username'] !== $_POST['username']){
+    $error = '<span class="badge badge-pill badge-warning"><b>no user found/invalid user</b></span>';
 }
 if($user['activated'] == "1"){
     $error = '<span class="badge badge-pill badge-warning"><b>user already activated!</b></span>';