From 00096d3791d979984cceb849e1a18b774e30ba66 Mon Sep 17 00:00:00 2001
From: Thies Mueller <git@td00.de>
Date: Sat, 9 Jan 2021 23:22:17 +0100
Subject: [PATCH] maybe thats how to escape the activation of unknown users

---
 activation.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/activation.php b/activation.php
index c650575..d310930 100644
--- a/activation.php
+++ b/activation.php
@@ -38,7 +38,10 @@ if(isset($_GET['send']) ) {
  $user = $statement->fetch(); 
  
  if($user === false) {
- $error = '<span class="badge badge-pill badge-warning"><b>no user found</b></span>';
+    $error = '<span class="badge badge-pill badge-warning"><b>no user found</b></span>';
+ }
+ if($user['username'] !== $_POST['username']){
+    $error = '<span class="badge badge-pill badge-warning"><b>no user found/invalid user</b></span>';
  }
  if($user['activated'] == "1"){
      $error = '<span class="badge badge-pill badge-warning"><b>user already activated!</b></span>';