Login via E-Mail works now.

1 files changed, 10 insertions, 7 deletions

diff --git a/action.php b/action.php
index d291fe1..22b4cc4 100644
--- a/action.php
+++ b/action.php
@@ -27,7 +27,7 @@ switch($_GET["task"]){
 		} else 	if ( $user->login($_POST["name"], $_POST["password"]) ){
 			$goto = preg_replace("/;/", "&", $_GET["goto"]);
 			header($_SERVER["SERVER_PROTOCOL"] . " 302 Moved");
-			header("Location: ".DOMAIN."?page=" . $goto);
+			header("Location: ".DOMAIN."?page=" . $goto . "&_new=1");
 			ob_clean();
 			exit;
 		} else {
@@ -385,17 +385,20 @@ JG Adlershof";
 		}
 		break;
 	case("genHash"):
+		/*
 		if ( $_SERVER['REQUEST_METHOD'] != 'POST' ){
 			header($_SERVER["SERVER_PROTOCOL"] . " 405 Method Not Allowed");
 			ob_clean();
 			echo "Method not allowed";
 			exit;
 		}
+		 */
 		if ( ! $user->setHash($_REQUEST["name"], $c) ) {
-			print_login("password");
+			print_login("hash");
 		} else {
-			print_verify_by_email();
+			print_verify_by_email(htmlentities($_REQUEST["name"]));
 		}
+		break;
 
 
 	case("verify"):
@@ -406,16 +409,16 @@ JG Adlershof";
 			exit;
 		}
 		//lredirect( "login");
-		if ( ! isset($_REQUEST["name"]) || $_REQUEST["name"] == "" || ! isset($_REQUEST["hash"]) || $_REQUEST["hash"] == "" ){
+		if ( ! isset($_REQUEST["email"]) || $_REQUEST["email"] == "" || ! isset($_REQUEST["hash"]) || $_REQUEST["hash"] == "" ){
 			print_login("missing");
-		} else 	if ( $user->loginByEmail($_REQUEST["name"], $_REQUEST["hash"], $c) ){
+		} else 	if ( $user->loginByEmail($_REQUEST["email"], $_REQUEST["hash"], $c) ){
 			$goto = preg_replace("/;/", "&", $_GET["goto"]);
 			header($_SERVER["SERVER_PROTOCOL"] . " 302 Moved");
-			header("Location: ".DOMAIN."?page=" . $goto);
+			header("Location: ".DOMAIN."?page=" . $goto . "&_new=1");
 			ob_clean();
 			exit;
 		} else {
-			print_login("password");
+			print_login("hash");
 		}
 		break;