From 5f8d5e776da49df8a5bc40c4a5509b1b88ae9ef0 Mon Sep 17 00:00:00 2001
From: Ziver Koc <ziver@koc.se>
Date: Tue, 1 Aug 2017 23:51:00 +0200
Subject: [PATCH] robustness

---
 src/zall/Zallery.java | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/src/zall/Zallery.java b/src/zall/Zallery.java
index 1c130e7..d9416ee 100755
--- a/src/zall/Zallery.java
+++ b/src/zall/Zallery.java
@@ -92,15 +92,18 @@ public class Zallery extends HttpServlet{
 			
 			// Verify email address
 			if( action.equalsIgnoreCase("verfemail") ){
-				User verfuser = User.load(db, Long.parseLong(request.getParameter("id")));
-				if( verfuser.verifyEmail(request.getParameter("hash")) ){
-					ZalleryEmail.sendNewUserRegistrationToAdmin(verfuser, db);
-					verfuser.save(db);
-					msgs.add(MessageType.INFO, "Your email has been successfully verified.");
-					msgs.add(MessageType.WARNING, "The account is waiting account activation by an admin.");					
+				User verfUser = User.load(db, Long.parseLong(request.getParameter("id")));
+				if (verfUser != null) {
+					if( verfUser.verifyEmail(request.getParameter("hash")) ){
+						ZalleryEmail.sendNewUserRegistrationToAdmin(verfUser, db);
+						verfUser.save(db);
+						msgs.add(MessageType.INFO, "Your email has been successfully verified.");
+						msgs.add(MessageType.WARNING, "The account is waiting account activation by an admin.");
+					}
+					else
+						msgs.add(MessageType.ERROR, "Email verification failed!");
 				}
-				else
-					msgs.add(MessageType.ERROR, "Email verification failed!");
+				else msgs.add(MessageType.ERROR, "Invalid user id: "+request.getParameter("id"));
 			}
 			// auth with cookie
 			if( user == null ){