pastebin.ch - eggblog email validation hack *improved*

Subject

eggblog email validation hack *improved*

Author

cimnine

Description

This is the patch for implementing email validation in eggblog.
Don't forget to execute the sql: http://pastebin.ch/508
For more info see http://blog.f00.ch/news.php?id=6 .
New in this version is a fix for the no-"-in-a-article bug.

Posted on

Tue, 14 Oct 2008 03:56:57 +0200

Content

diff -Naur eggblog_orig/langs/en_gb.php eggblog_changed/langs/en_gb.php
--- eggblog_orig/langs/en_gb.php	2008-10-13 18:55:45.000000000 +0200
+++ eggblog_changed/langs/en_gb.php	2008-10-13 23:53:26.000000000 +0200
@@ -11,7 +11,8 @@
 $lang['album']		="album";
 $lang['articles']		="articles";
 $lang['captcha']		="Captcha";
-$lang['captcha_enter']	="Type the above text into the box below";
+//change for text-captcha, ~cimnine
+$lang['captcha_enter']	="Type the result of the above calculation into the box below";
 $lang['comment_post']	="Submit Your Comment";
 $lang['comments']		="comments";
 $lang['config']		="configuration";
@@ -100,4 +101,12 @@
 $lang['username']		="username";
 $lang['yes']			="yes";	
 $lang['your_account']	="your account";
-?>
\ No newline at end of file
+//validation mod ~cimnine
+$lang['validation_ok']	="Your user is now activated.";
+$lang['validation_nok']	="There was an error during activation. Please try again";
+$lang['validation_code']	="validation code";
+$lang['validation_title']	="User Activation";
+$lang['validation_email']	="You will recieve an email with instructions to activate your account.";
+$lang['validation_email_text']	="You registered on {$config['uri']}. Please use the following link to activate your account:\r\n\r\n";
+$lang['validation_email_text2']	="\r\n\r\n or goto {$config['uri']}validation.php and enter the following code:\r\n\r\n";
+?>
diff -Naur eggblog_orig/_lib/admin.php eggblog_changed/_lib/admin.php
--- eggblog_orig/_lib/admin.php	2008-10-13 18:55:45.000000000 +0200
+++ eggblog_changed/_lib/admin.php	2008-10-14 03:33:51.000000000 +0200
@@ -254,11 +254,12 @@
 		"article_id int NOT NULL,".
 		"PRIMARY KEY (tag_id,article_id)".
 		");";
+	//I think it is important to save passwords a bit more secure.
 	$sql.="INSERT INTO eb_users ".
 		"(user_id,user_flag,user_name,user_email,user_password) ".
 		"VALUES (NULL,'2','".str_replace("'","\'",$config["title"])."',".
 		"'".str_replace("'","\'",$config["email"])."','".
-		str_replace("'","\'",$config["email"])."');";
+		md5(str_replace("'","\'",$config["email"]))."');";
 	$sql=explode(";",$sql);
 	unset($sql[count($sql)-1]);
 	$i=0;
@@ -873,7 +874,7 @@
 function eb_admin_editcomment($comment,$article) {
 	global $lang;
 	if(!empty($_POST['text'])) {
-		$sql="UPDATE eb_comments SET comment_body=\"".str_replace("Â","",htmlentities($_POST['text'],ENT_QUOTES))."\" WHERE comment_id=".$comment;
+		$sql="UPDATE eb_comments SET comment_body=\"".htmlentities($_POST['text'],ENT_QUOTES)."\" WHERE comment_id=".$comment;
 		@mysql_query($sql);
 		header("Location: news.php?id=".$article."#");
 	}
@@ -897,7 +898,7 @@
 function eb_admin_edittopic($topic) {
 	global $lang;
 	if(!empty($_POST['text'])) {
-		$sql="UPDATE eb_topics SET topic_title=\"".str_replace("Â","",htmlentities($_POST['text'],ENT_QUOTES))."\" WHERE topic_id=".$topic;
+		$sql="UPDATE eb_topics SET topic_title=\"".htmlentities($_POST['text'],ENT_QUOTES)."\" WHERE topic_id=".$topic;
 		@mysql_query($sql);
 		header("Location: forum.php?topic=".$topic);
 	}
@@ -922,7 +923,7 @@
 function eb_admin_editpost($post,$topic) {
 	global $lang;
 	if(!empty($_POST['text'])) {
-		$sql="UPDATE eb_posts SET post_body=\"".str_replace("Â","",htmlentities($_POST['text'],ENT_QUOTES))."\" WHERE post_id=".$post;
+		$sql="UPDATE eb_posts SET post_body=\"".htmlentities($_POST['text'],ENT_QUOTES)."\" WHERE post_id=".$post;
 		@mysql_query($sql);
 		header("Location: forum.php?topic=".$topic);
 	}
@@ -1001,13 +1002,18 @@
  */
 function eb_admin_editmember($id) {
 	global $lang;
-	if(!empty($_POST['email'])) {
+	if(isset($_POST['submit'])) {
 		foreach($_POST as $key=>$value) $_POST[$key]=str_replace("Â","",htmlentities($value,ENT_QUOTES));
-		$sql="UPDATE eb_users SET user_name=\"".$_POST['username']."\",user_email=\"".$_POST['email']."\",user_password=\"".$_POST['password']."\",user_flag=".$_POST['flag']." WHERE user_id=".$id;
+		//differ between pw change or no pw change
+		if(!empty($_POST['password'])) {
+			$pw=",user_password=\"".md5($_POST['password'])."\"";
+		} else {
+			$pw="";
+		}
+		$sql="UPDATE eb_users SET user_name=\"".$_POST['username']."\",user_email=\"".$_POST['email']."\"".$pw.",user_flag=".$_POST['flag']." WHERE user_id=".$id;
 		@mysql_query($sql);
 		header('Location: admin.php?id=members');
-	}
-	else {
+	} else {
 		$sql="SELECT * FROM eb_users WHERE user_id=".$id;
 		$query=mysql_query($sql);
 		$row=mysql_fetch_row($query);
@@ -1016,12 +1022,12 @@
 		$output.="\t\t\t<table width=\"100%\">\r\n";
 		$output.="\t\t\t\t<tr><th>".ucwords($lang['username'])."</th><td><input type=\"text\" class=\"inputtext\" name=\"username\" value=\"".htmlentities($row[2],ENT_QUOTES)."\" /></td></tr>\r\n";
 		$output.="\t\t\t\t<tr><th>".ucwords($lang['email'])."</th><td><input type=\"text\" class=\"inputtext\" name=\"email\" value=\"".htmlentities($row[3],ENT_QUOTES)."\" /></td></tr>\r\n";
-		$output.="\t\t\t\t<tr><th>".ucwords($lang['password'])."</th><td><input type=\"password\" class=\"inputtext\" name=\"password\" value=\"".htmlentities($row[4],ENT_QUOTES)."\" /></td></tr>\r\n";
+		$output.="\t\t\t\t<tr><th>".ucwords($lang['password'])."</th><td><input type=\"password\" class=\"inputtext\" name=\"password\" value=\"\" /></td></tr>\r\n";
 		$output.="\t\t\t\t<tr><th>".ucwords($lang['admin'])."</th><td><input type=\"radio\" name=\"flag\" value=\"1\" ";
-		 if($row[1]!=2) $output.=" checked=\"checked\"";
-		 $output.="/> ".ucwords($lang['no'])."<br /><input type=\"radio\" name=\"flag\" value=\"2\" ";
-		 if($row[1]==2) $output.=" checked=\"checked\"";
-		 $output.="/> ".ucwords($lang['yes'])."</td></tr>\r\n";
+		if($row[1]!=2) $output.=" checked=\"checked\"";
+		$output.="/> ".ucwords($lang['no'])."<br /><input type=\"radio\" name=\"flag\" value=\"2\" ";
+		if($row[1]==2) $output.=" checked=\"checked\"";
+		$output.="/> ".ucwords($lang['yes'])."</td></tr>\r\n";
 		$output.="\t\t\t\t<tr><th></th><td><input type=\"submit\" name=\"submit\" value=\"".ucwords($lang['save'])."\" /></td></tr>\r\n";
 		$output.="\t\t\t</table>\r\n";
 		$output.="\t\t</form>\r\n";
@@ -1040,7 +1046,7 @@
 	global $lang;
 	$output="\t\t<h3>".ucwords($lang['admin'])."</h3>\r\n";;
 	if(!empty($_POST['text'])) {
-		foreach($_POST as $key=>$value) $_POST[$key]=str_replace("&Acirc;","",$value);
+		foreach($_POST as $key=>$value) $_POST[$key]=htmlentities($value,ENT_QUOTES);
 		if(strlen($_POST['tags'])>1) {
 			@mysql_query("DELETE FROM eb_tags_links WHERE article_id=".$id);
 			$tags=explode(",",$_POST['tags']);
@@ -1052,7 +1058,7 @@
 			}
 			foreach($tag_ids as $tag_id) @mysql_query("INSERT INTO eb_tags_links SET tag_id=".$tag_id.",article_id=".$id);
 		}
-		$sql="UPDATE eb_articles SET article_flag=".$_POST['sticky'].", article_title=\"".str_replace("\"","&quot;",$_POST['title'])."\",article_body=\"".$_POST['text']."\",article_comments=".$_POST['comments']." WHERE article_id=".$id;
+		$sql="UPDATE eb_articles SET article_flag=".$_POST['sticky'].", article_title=\"".$_POST['title']."\",article_body=\"".$_POST['text']."\",article_comments=".$_POST['comments']." WHERE article_id=".$id;
 		@mysql_query($sql);
 		header('Location: news.php?id='.$id);
 	}
@@ -1103,8 +1109,8 @@
 	global $lang;
 	$output="\t\t<h3>".ucwords($lang['new_article'])."</h3>\r\n";;
 	if(!empty($_POST['text'])) {
-		foreach($_POST as $key=>$value) $_POST[$key]=str_replace("&Acirc;","",$value);
-		$sql="INSERT INTO eb_articles SET article_flag=".$_POST['sticky'].",article_date=\"".time()."\",author_id=\"".$_SESSION['user_id-'.$_SERVER['SERVER_NAME']]."\", article_title=\"".str_replace("\"","&quot;",$_POST['title'])."\",article_body=\"".$_POST['text']."\",article_comments=".$_POST['comments'];
+		foreach($_POST as $key=>$value) $_POST[$key]=htmlentities($value,ENT_QUOTES);
+		$sql="INSERT INTO eb_articles SET article_flag=".$_POST['sticky'].",article_date=\"".time()."\",author_id=\"".$_SESSION['user_id-'.$_SERVER['SERVER_NAME']]."\", article_title=\"".$_POST['title']."\",article_body=\"".$_POST['text']."\",article_comments=".$_POST['comments'];
 		@mysql_query($sql);
 		$article_id=mysql_insert_id();
 
@@ -1180,7 +1186,7 @@
 	global $lang;
 	if(!empty($_POST['text'])) {
 		$_POST['text']=htmlentities($_POST['text'],ENT_QUOTES);
-		$sql="UPDATE eb_photos SET photo_description=\"".str_replace("&Acirc;","",$_POST['text'])."\" WHERE photo_id=".$photo;
+		$sql="UPDATE eb_photos SET photo_description=\"".$_POST['text']."\" WHERE photo_id=".$photo;
 		@mysql_query($sql);
 		header("Location: photos.php?photo=".$photo."&album=".$album);
 	}
@@ -1206,7 +1212,7 @@
 	global $lang;
 	if(!empty($_POST['text'])) {
 		$_POST['text']=htmlentities($_POST['text'],ENT_QUOTES);
-		$sql="UPDATE eb_albums SET album_title=\"".str_replace("&Acirc;","",$_POST['text'])."\" WHERE album_id=".$id;
+		$sql="UPDATE eb_albums SET album_title=\"".$_POST['text']."\" WHERE album_id=".$id;
 		@mysql_query($sql);
 		header("Location: photos.php?album=".$id);
 	}
@@ -1266,7 +1272,7 @@
 	global $lang;
 	if(!empty($_FILES['file']['tmp_name'])) {
 		$_POST['text']=htmlentities($_POST['text'],ENT_QUOTES);
-		$sql="INSERT INTO eb_albums SET album_title=\"".str_replace("&Acirc;","",$_POST['text'])."\"";
+		$sql="INSERT INTO eb_albums SET album_title=\"".$_POST['text']."\"";
 		@mysql_query($sql);
 		$album=mysql_insert_id();
 
@@ -1323,4 +1329,4 @@
 	else return false;
 }
 
-?>
\ No newline at end of file
+?>
diff -Naur eggblog_orig/_lib/global.php eggblog_changed/_lib/global.php
--- eggblog_orig/_lib/global.php	2008-10-13 18:55:45.000000000 +0200
+++ eggblog_changed/_lib/global.php	2008-10-14 03:50:31.000000000 +0200
@@ -15,7 +15,8 @@
 require_once 'config.php';
 require_once 'langs/'.$config['lang'].'.php';
 
-if(!empty($config['tz'])) putenv("TZ=".$config['tz']);
+//if php runs in savemode, this is not allowed. So I omit it. ~cimnine  
+//if(!empty($config['tz'])) putenv("TZ=".$config['tz']);
 
 
 /**
@@ -347,6 +348,30 @@
 	return $output;
 }
 
+/**
+ * Written and (c) by cimnine, LGPL
+ * @param
+ */
+
+function cim_captcha() {
+	srand(microtime()*1000000);
+	$rand1 = rand(1,9);
+	srand(microtime()*1000000);
+	$rand2 = rand(1,9);
+	srand(microtime()*1000000);
+	$sign = rand(1,2);
+	switch($sign) {
+		case 1:
+			$_SESSION['captcha'] = $rand1 * $rand2;
+			$sign2 = '*';
+			break;
+		case 2:
+			$_SESSION['captcha'] = $rand1 + $rand2;
+			$sign2 = '+';
+			break;
+	}
+	return "$rand1 $sign2 $rand2";
+}
 
 /**
  * @param 
@@ -376,4 +401,4 @@
 	imagedestroy($image);
 }
 
-?>
\ No newline at end of file
+?>
diff -Naur eggblog_orig/_lib/news.php eggblog_changed/_lib/news.php
--- eggblog_orig/_lib/news.php	2008-10-13 18:55:45.000000000 +0200
+++ eggblog_changed/_lib/news.php	2008-10-14 03:41:39.000000000 +0200
@@ -113,8 +113,7 @@
 			if (eb_checkadmin($_SESSION['user_id-'.$_SERVER['SERVER_NAME']])) $output.=" <a href=\"admin.php?editarticle=".$row[0]."\">".$lang['edit']."</a> | <a href=\"admin.php?deletearticle=".$row[0]."\">".$lang['delete']."</a>";
 		}
 		$output.="</p>\r\n";
-		if(substr($row[4],0,1)=="&") $output.="\t\t\t".html_entity_decode($row[4])."\r\n";
-		else $output.="\t\t\t<p>".str_replace("\n\n","<br />",str_replace("\n\n","</p>\r\n\t\t\t<p>",str_replace("\r","",$row[4])))."</p>\r\n";
+		$output.="\t\t\t".html_entity_decode($row[4])."\r\n";
 
 		if($comments==1) {
 			$output.="\t\t<ul id=\"bmarks\">\r\n";
@@ -179,7 +178,7 @@
 	settype($id,"integer");
 	$sql="SELECT article_title FROM eb_articles WHERE article_id=".$id;
 	$query=mysql_query($sql);
-	return mysql_result($query,0);
+	return mysql_num_rows($query) > 0 ? mysql_result($query,0) : "true";
 }
 
 
@@ -254,4 +253,4 @@
 	echo "\t\t</ul>\r\n";
 }
 
-?>
\ No newline at end of file
+?>
diff -Naur eggblog_orig/_lib/user.php eggblog_changed/_lib/user.php
--- eggblog_orig/_lib/user.php	2008-10-13 18:55:45.000000000 +0200
+++ eggblog_changed/_lib/user.php	2008-10-14 00:05:00.000000000 +0200
@@ -19,10 +19,11 @@
 function eb_login($email,$password,$key) {
 	settype($key,"integer");
 	if(session_id()=="") eb_pre();
-	if($key==0) $password=md5($password);
-       else $password=htmlentities($password,ENT_QUOTES);
-       $email=htmlentities($email,ENT_QUOTES);
-	$sql="SELECT user_id FROM eb_users WHERE user_email=\"".$email."\" AND md5(user_password)=\"".$password."\"";
+	//I think it is important to save passwords a bit more secure.
+	if($key!=0) $password=htmlentities($password,ENT_QUOTES);
+        $email=htmlentities($email,ENT_QUOTES);
+	//prevent deleted and unactivated users from login
+	$sql="SELECT user_id FROM eb_users WHERE user_flag>0 AND user_email=\"".$email."\" AND user_password=\"".md5($password)."\"";
 	$query=mysql_query($sql);
 	if(mysql_num_rows($query)==0) return false;
  	else {
@@ -74,8 +75,14 @@
 	global $lang;
 	if(!isset($_SESSION["user_id-".$_SERVER['SERVER_NAME']])) header("Location: index.php");
 	$output="<h3>".ucwords($lang['my_details'])."</h3>\r\n";
-	if(!empty($_POST['password']) && !empty($_POST['name']) && !empty($_POST['password'])) {
-		$sql="UPDATE eb_users SET user_name=\"".htmlentities($_POST["name"],ENT_QUOTES)."\",user_email=\"".htmlentities($_POST["email"],ENT_QUOTES)."\",user_password=\"".htmlentities($_POST["password"],ENT_QUOTES)."\" WHERE user_id=".$_SESSION["user_id-".$_SERVER['SERVER_NAME']];
+	if(!empty($_POST['name']) && !empty($_POST['password'])) {
+		//pw hack ~cimnine
+		if(!empty($_POST['password'])) {
+			$pw=",user_password=\"".md5($_POST['password'])."\"";
+		} else {
+			$pw="";
+		}
+		$sql="UPDATE eb_users SET user_name=\"".htmlentities($_POST["name"],ENT_QUOTES)."\",user_email=\"".htmlentities($_POST["email"],ENT_QUOTES)."\", WHERE user_id=".$_SESSION["user_id-".$_SERVER['SERVER_NAME']];
 		@mysql_query($sql);
 		$output.="\t<table>\r\n";
 		$output.="\t\t<tr><th>".ucwords($lang['username'])."</th><td>".htmlentities($_POST['name'],ENT_QUOTES)."</td></tr>\r\n";
@@ -91,7 +98,7 @@
 		$output.="\t<table>\r\n";
 		$output.="\t\t<tr><th>".ucwords($lang['username'])."</th><td><input class=\"inputtext\" type=\"text\" name=\"name\" value=\"".$row[0]."\" /></td></tr>\r\n";
 		$output.="\t\t<tr><th>".ucwords($lang['email'])."</th><td><input class=\"inputtext\" type=\"text\" name=\"email\" value=\"".$row[1]."\" /></td></tr>\r\n";
-		$output.="\t\t<tr><th>".ucwords($lang['password'])."</th><td><input class=\"inputtext\" type=\"password\" name=\"password\" value=\"".$row[2]."\" /></td></tr>\r\n";
+		$output.="\t\t<tr><th>".ucwords($lang['password'])."</th><td><input class=\"inputtext\" type=\"password\" name=\"password\" value=\"\" /></td></tr>\r\n";
 		$output.="\t\t<tr><th></th><td><input type=\"submit\" name=\"submit\" value=\"".ucwords($lang['save'])."\" /></td></tr>\r\n";
 		$output.="\t</table>\r\n";
 		$output.="</form>\r\n";
@@ -99,6 +106,36 @@
 	echo $output;
 }
 
+// from http://www.webtoolkit.info/php-random-password-generator.html
+function wtk_generate_password($length=9, $strength=0) {
+	$vowels = 'aeuy';
+	$consonants = 'bdghjmnpqrstvz';
+	if ($strength & 1) {
+		$consonants .= 'BDGHJLMNPQRSTVWXZ';
+	}
+	if ($strength & 2) {
+		$vowels .= "AEUY";
+	}
+	if ($strength & 4) {
+		$consonants .= '23456789';
+	}
+	if ($strength & 8) {
+		$consonants .= '@#$%';
+	}
+
+	$password = '';
+	$alt = time() % 2;
+	for ($i = 0; $i < $length; $i++) {
+		if ($alt == 1) {
+			$password .= $consonants[(rand() % strlen($consonants))];
+			$alt = 0;
+		} else {
+			$password .= $vowels[(rand() % strlen($vowels))];
+			$alt = 1;
+		}
+	}
+	return $password;
+}
 
 /**
  * forgotton password mailer
@@ -116,11 +153,13 @@
 			$output.="\t\t<p>".$lang['forgot_ok'].".</p>\r\n";
 		}
 		else {
-			$output.="\t\t<p>".$lang['forgot_not_found'].".</p>\r\n";
+			//This allows spying of my users. So I replaced it with the same message as if a result was found. ~cimnine 
+			$output.="\t\t<p>".$lang['forgot_ok'].".</p>\r\n";
+			/*$output.="\t\t<p>".$lang['forgot_not_found'].".</p>\r\n";
 			$output.="\t\t<form action=\"forgot.php\" method=\"post\">\r\n";
 			$output.="\t\t\t<p><b>".ucwords($lang['email'])."</b>: <input class=\"inputtext\" type=\"text\" name=\"email\" value=\"".$_POST['email']."\" /></p>\r\n";
 			$output.="\t\t\t<input type=\"submit\" name=\"submit\" value=\"".$lang['search']."\" />\r\n";
-			$output.="\t\t</form>\r\n";
+			$output.="\t\t</form>\r\n";*/
 		}
 	}
 	else {
@@ -139,10 +178,11 @@
  * @return string
  */
 function eb_register() {
-	global $lang;
+	global $lang,$config;
 	foreach($_POST as $key=>$value) $_POST[$key]=htmlentities($value,ENT_QUOTES);
 	$output="\t\t<h3>".ucwords($lang['register'])."</h3>\r\n";
-	if(!empty($_POST['captcha'])) {
+	//thanks very much to Carl C. Sweden for this improvment
+	if(!empty($_POST['captcha']) && !empty($_POST['name']) && !empty($_POST['email']) && !empty($_POST['password'])) {
 		if($_SESSION['captcha']==$_POST['captcha']) {
 			$sql="SELECT user_flag FROM eb_users WHERE user_email=\"".$_POST['email']."\"";
 			$query=mysql_query($sql);
@@ -161,12 +201,19 @@
 				}
 			}
 			else {
-				$sql="INSERT INTO eb_users SET user_flag=1,user_name=\"".htmlentities($_POST['name'],ENT_QUOTES)."\",user_email=\"".htmlentities($_POST['email'],ENT_QUOTES)."\",user_password=\"".htmlentities($_POST['password'],ENT_QUOTES)."\"";
+				//I think it is important to save passwords a bit more secure.
+				//User isn't activated right form the start
+				$key=md5(wtk_generate_password());
+				$sql="INSERT INTO eb_users SET user_flag=0,user_name=\"".htmlentities($_POST['name'],ENT_QUOTES)."\",user_email=\"".htmlentities($_POST['email'],ENT_QUOTES)."\",user_password=\"".md5(htmlentities($_POST['password'],ENT_QUOTES))."\",user_key=\"$key\"";
 				@mysql_query($sql);
+				$uid=mysql_insert_id();
+				@mail(htmlentities($_POST['email'],ENT_QUOTES),$lang['validation_title'],$lang['validation_email_text'].$config['uri']."validation.php?uid=$uid&code=$key".$lang['validation_email_text2']."\t$key\r\n","From: ".$config['title']."<".$config['email'].">\r\n");
+				$output.="\t\t".$lang['validation_email']."<br />\r\n";
 				$output.="\t\t<table>\r\n";
 				$output.="\t\t\t<tr><th>".ucwords($lang['username'])."</th><td>".$_POST['name']."</td></tr>\r\n";
 				$output.="\t\t\t<tr><th>".ucwords($lang['email'])."</th><td>".$_POST['email']."</td></tr>\r\n";
-				$output.="\t\t\t<tr><th>".ucwords($lang['password'])."</th><td>".$_POST['password']."</td></tr>\r\n";
+				//You never know if the connection is save - so don't transmit cleartext password ~cimnine
+				$output.="\t\t\t<tr><th>".ucwords($lang['password'])."</th><td>*****</td></tr>\r\n";
 				$output.="\t\t</table>\r\n";
 			}
 		}
@@ -181,7 +228,42 @@
 		$output.="\t\t\t\t<tr><th>".ucwords($lang['username'])."</th><td><input class=\"inputtext\" type=\"text\" name=\"name\" /></td></tr>\r\n";
 		$output.="\t\t\t\t<tr><th>".ucwords($lang['email'])."</th><td><input class=\"inputtext\" type=\"text\" name=\"email\" /></td></tr>\r\n";
 		$output.="\t\t\t\t<tr><th>".ucwords($lang['password'])."</th><td><input class=\"inputtext\" type=\"password\" name=\"password\" /></td></tr>\r\n";
-		$output.="\t\t\t\t<tr><th>".ucwords($lang['captcha'])."</th><td><img src=\"captcha.php\" width=\"150\" height=\"55\" /><br /><br />".$lang['captcha_enter'].":<br /><input type=\"text\" name=\"captcha\" class=\"inputtext\" /></td></tr>\r\n";
+		//textbrowser-readable captcha, ~cimnine
+		$output.="\t\t\t\t<tr><th>".ucwords($lang['captcha'])."</th><td>".cim_captcha()."<br />".$lang['captcha_enter'].":<br /><input type=\"text\" name=\"captcha\" class=\"inputtext\" /></td></tr>\r\n";
+		$output.="\t\t\t\t<tr><th></th><td><input type=\"submit\" name=\"submit\" value=\"".ucwords($lang['save'])."\" /></td></tr>\r\n";
+		$output.="\t\t\t</table>\r\n";
+		$output.="\t\t</form>\r\n";
+	}
+	return $output;
+}
+
+//validation page
+function cim_valid() {
+	global $lang;
+	$output="\t\t<h3>".ucwords($lang['validation_title'])."</h3>\r\n";
+	if ((!empty($_GET['code']) && !empty($_GET['uid']) ) || (!empty($_POST['code']) && !empty($_POST['user_email']))) {
+		if(!empty($_POST['user_email']) && !empty($_POST['code'])) {
+			$where = "user_email=\"".htmlentities($_POST['user_email'],ENT_QUOTES)."\"";
+			$key = htmlentities($_POST['code'],ENT_QUOTES);
+		} else {
+			$where = "user_id=\"".htmlentities($_GET['uid'],ENT_QUOTES)."\"";
+			$key = htmlentities($_GET['code'],ENT_QUOTES);
+		}
+		$sql="select user_id from eb_users where $where AND user_key=\"".$key."\"";
+		$result=@mysql_query($sql);
+		if(mysql_num_rows($result) == 1) {
+			$row=mysql_fetch_assoc($result);
+			$sql="UPDATE eb_users SET user_flag=1,user_key=NULL WHERE user_id=\"".$row['user_id']."\"";
+			@mysql_query($sql);
+			$output.="\t\t".$lang['validation_ok']."\r\n";
+		} else {
+			$output.="\t\t".$lang['validation_nok']."\r\n";
+		}
+	} else {
+		$output.="\t\t<form action=\"validation.php\" method=\"post\">\r\n";
+		$output.="\t\t\t<table>\r\n";
+		$output.="\t\t\t\t<tr><th>".ucwords($lang['email'])."</th><td><input class=\"inputtext\" type=\"text\" name=\"user_email\" /></td></tr>\r\n";
+		$output.="\t\t\t\t<tr><th>".ucwords($lang['validation_code'])."</th><td><input class=\"inputtext\" type=\"text\" name=\"code\" /></td></tr>\r\n";
 		$output.="\t\t\t\t<tr><th></th><td><input type=\"submit\" name=\"submit\" value=\"".ucwords($lang['save'])."\" /></td></tr>\r\n";
 		$output.="\t\t\t</table>\r\n";
 		$output.="\t\t</form>\r\n";
@@ -189,4 +271,4 @@
 	return $output;
 }
 
-?>
\ No newline at end of file
+?>
diff -Naur eggblog_orig/validation.php eggblog_changed/validation.php
--- eggblog_orig/validation.php	1970-01-01 01:00:00.000000000 +0100
+++ eggblog_changed/validation.php	2008-10-13 23:53:26.000000000 +0200
@@ -0,0 +1,23 @@
+<?php
+
+/**
+ * @package eggblog
+ * @author cimnine.ch, cimnine@users.sourceforge.net
+ * @version $Id: v4.1.0 2008/10/13 14:02 tenfourzero Exp $
+ * @copyright Copyright (c) since 2008, http://cimnine.ch
+ * @license http://www.gnu.org/licenses/gpl.html GNU Lesser General Public License
+ */
+
+/**
+ * require lib files
+ */
+require_once "_lib/global.php";
+
+eb_pre();
+if(!empty($_SESSION['user_id-'.$_SERVER['SERVER_NAME']])) header("Location: index.php");
+else {
+	eb_head('');
+	echo cim_valid();
+	eb_foot();
+}
+?>
 

Do you use IPv6? Try v6.pastebin.ch.
pastebin.ch is based on PasteBox developed by Drakas Tralas.
pastebin.ch is maintained and extended by cimnine.