-
Notifications
You must be signed in to change notification settings - Fork 1
/
verify.php
41 lines (34 loc) · 1.43 KB
/
verify.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
<?php
/* Verifies registered user email, the link to this page
is included in the register.php email message
*/
require 'db.php';
session_start();
// Make sure email and hash variables aren't empty
if(isset($_GET['email']) && !empty($_GET['email']) and isset($_GET['hash']) && !empty($_GET['hash']))
{
$email = $mysqli->escape_string($_GET['email']);
//$email = $mysqli->escape_string(filter_var($_POST['email'], FILTER_VALIDATE_EMAIL));
$hash = $mysqli->escape_string($_GET['hash']);
// Select user with matching email and hash, who hasn't verified their account yet (active = 0)
$result = $mysqli->query("SELECT * FROM users WHERE email='$email' AND hash='$hash' AND active='0'");
if ( $result->num_rows == 0 )
{
$_SESSION['message'] = 'Account has already been activated or the URL is invalid!';
header('location: error.php');
}
else {
$_SESSION['message'] = 'Your account has been activated!';
// Set the user status to active (active = 1)
$mysqli->query("UPDATE users SET active='1' WHERE email='$email'"); // or die($mysqli->error);
if(!$mysqli){
trigger_error('The user is active yet', E_USER_NOTICE);
}
$_SESSION['active'] = 1;
header('location: success.php');
}
}
else {
$_SESSION['message'] = 'Invalid parameters provided for account verification!';
header('location: error.php');
}