diff --git a/scripts/cgi-bin/eressea-confirm.py b/scripts/cgi-bin/eressea-confirm.py index 75c12781e..0a972f920 100755 --- a/scripts/cgi-bin/eressea-confirm.py +++ b/scripts/cgi-bin/eressea-confirm.py @@ -70,20 +70,25 @@ if (password==None) or (custid==None): else: db=MySQLdb.connect(db=dbname) cursor=db.cursor() - exist=cursor.execute("select u.status, s.id, s.game from users u, subscriptions s where u.id="+custid+" and s.status in ('WAITING', 'CONFIRMED') and s.password='"+password+"'") + try: + custid=int(custid) + except: + custid=0 + query = "select u.status, s.id, s.game from users u, subscriptions s where u.id="+str(custid)+" and s.status in ('WAITING', 'CONFIRMED') and u.status not in ('INVALID', 'BANNED') and s.password='"+password+"'" + exist=cursor.execute(query) if exist==0: Display('

Kundennummer oder Schlüssel falsch. Bitte beachte, dass Du beim Schlüssel auf Groß- und Kleinschreibung achten mußt.') else: status, sid, gid = cursor.fetchone() if os.environ.has_key('REMOTE_ADDR'): ip=os.environ['REMOTE_ADDR'] - cursor.execute("REPLACE userips (ip, user) VALUES ('"+ip+"', "+str(int(custid))+")") + cursor.execute("REPLACE userips (ip, user) VALUES ('"+ip+"', "+str(custid)+")") if status=='NEW' or status=='TUTORIAL': if tutorial_id!=None and gid==tutorial_id: # user confirms his tutorial participation - cursor.execute("update users set status='TUTORIAL' where id="+custid) + cursor.execute("update users set status='TUTORIAL' where id="+str(custid)) else: - cursor.execute("update users set status='ACTIVE' where id="+custid) + cursor.execute("update users set status='ACTIVE' where id="+str(custid)) cursor.execute("update subscriptions set status='CONFIRMED' where id="+str(sid)) Display("

Deine Anmeldung wurde bestätigt."); diff --git a/scripts/cgi-bin/eressea-register.py b/scripts/cgi-bin/eressea-register.py index 88eee61d2..1d6c37a67 100755 --- a/scripts/cgi-bin/eressea-register.py +++ b/scripts/cgi-bin/eressea-register.py @@ -183,22 +183,26 @@ else: if ip!=None: cursor.execute("REPLACE userips (ip, user) VALUES ('"+ip+"', "+str(int(custid))+")") - # add a subscription record - password = genpasswd() - values="'WAITING', '"+password+"'" - fields="status, password" game = game_id if tutorial_id!=None and status!='ACTIVE': game=tutorial_id - if bonus!=None: - fields=fields+", bonus" - if bonus=='yes': - values=values+", 1" - else: - values=values+", 0" - cursor.execute("insert into subscriptions (user, race, game, "+fields+") VALUES ("+str(int(custid))+", '"+race+"', "+str(game)+", "+values+")") - cursor.execute("SELECT LAST_INSERT_ID() from dual") - sid = cursor.fetchone()[0] + exist = cursor.execute("select id, password from subscriptions where status='WAITING' AND user="+str(custid)+" and game="+str(game)) + if exist: + sid, password = cursor.fetchone() + else: + # add a subscription record + password = genpasswd() + values="'WAITING', '"+password+"'" + fields="status, password" + if bonus!=None: + fields=fields+", bonus" + if bonus=='yes': + values=values+", 1" + else: + values=values+", 0" + cursor.execute("insert into subscriptions (user, race, game, "+fields+") VALUES ("+str(int(custid))+", '"+race+"', "+str(game)+", "+values+")") + cursor.execute("SELECT LAST_INSERT_ID() from dual") + sid = cursor.fetchone()[0] Send(email, custid, sid, firstname, password, game) text={"de":"Deine Anmeldung wurde bearbeitet. Eine EMail mit Hinweisen ist unterwegs zu Dir", "en":"Your application was processed. An email containing further instructions is being sent to you"} Display("

"+text[locale]+".") diff --git a/scripts/register/getfactions.py b/scripts/register/getfactions.py index 026d1df80..ffd6e005f 100755 --- a/scripts/register/getfactions.py +++ b/scripts/register/getfactions.py @@ -16,7 +16,7 @@ def genpasswd(): newpasswd = newpasswd + choice(chars) return newpasswd -query = "select distinct u.email, s.id, s.password, r.name, u.locale, s.bonus from users u, races r, subscriptions s left join userips i on u.id=i.user left join bannedips b on i.ip=b.ip where s.user=u.id and b.ip is NULL and s.status='CONFIRMED' and r.race=s.race and s.game="+str(game_id)+" and r.locale='de' order by u.id" +query = "select distinct u.email, s.id, s.password, r.name, u.locale, s.bonus from users u, races r, subscriptions s left join userips i on u.id=i.user left join bannedips b on i.ip=b.ip where s.user=u.id and b.ip is NULL and s.status='CONFIRMED' and r.race=s.race and s.game="+str(game_id)+" and r.locale='de' order by s.id" db=MySQLdb.connect(db=dbname) cursor = db.cursor() c = db.cursor() diff --git a/scripts/register/wait-reset.py b/scripts/register/wait-reset.py index 05297b445..ebef9a734 100755 --- a/scripts/register/wait-reset.py +++ b/scripts/register/wait-reset.py @@ -47,6 +47,7 @@ def Send(email, custid, firstname, password, position, locale): TemplateHandle.close() # close the file SubResult = re.subn("", firstname, TemplateInput) + SubResult = re.subn("", game, SubResult[0]) SubResult = re.subn("", password, SubResult[0]) SubResult = re.subn("", str(int(position)), SubResult[0]) SubResult = re.subn("", str(int(custid)), SubResult[0]) @@ -70,7 +71,7 @@ cursor.execute("update subscriptions set status='EXPIRED' where TO_DAYS(updated) cursor.execute("update subscriptions set status='WAITING' where TO_DAYS(updated)