Code: Select all
$err = $msg = $type = $hash = '';
$valid_types = array('activation', 'email');
// If a or b is not set then
if (!isset($_GET['a']) || !isset($_GET['b'])) {
// We display an error message
$err = "Invalid Link";
// Else
} else {
// $type = value of a
$type = $_GET['a'];
// $hash = value of b
$hash = $_GET['b'];
// If variable $type is not in thr array that we defined above then
if (!in_array($type, $valid_types)) {
// We display an error message
$err = "Invalid Link";
}
}
// If variable $type and $hash has a value and we have no error ($error = nothing) then
if (!empty($type) && !empty($hash) && empty($err)) {
// Your query
$sql = "SELECT user_id, data FROM confirmations WERE type = :type AND hash = :hash";
// Prepare your statement handle
$query = $conn->prepare($sql);
// Bind variables to your statement
$query->bindParam(':type', $type);
$query->bindParam(':hash', $hash);
// Execute
$query->execute();
// You must check if you have a valid type and hash for a specific user, If yes, then
// you will have a single line.
// After we execute the query we need 1 row. If we have no rows then
// maybe you do not have a record that has type and hash as you requested.
// In this case we display that the link is invalid and that is normal.
//$row = $query->fetchAll();
[b]if ($query->rowCount() > 0) {[/b] // We display an error message
$err = "Invalid Link";
// Else
} else {
// We have only one result that we fetch
$row = $query->fetchAll();
$user_id = $row['user_id'];
$data = $row['data'];
if ($type == 'activation') {
$sql = "UPDATE users SET confirmed = '1',status = 'Activated',login_ip = '".$_SERVER['REMOTE_ADDR']."' WHERE id = :user_id";
$query = $conn->prepare($sql);
$query->bindParam(':user_id', $user_id);
$query->execute();
$msg = "Your account has been verified.";
} else if ($type == 'email') {
$sql = "UPDATE users SET email = :data WHERE id = :user_id";
$query = $conn->prepare($sql);
$query->bindParam(':data', $data);
$query->bindParam(':user_id', $user_id);
$query->execute();
$msg = "Your email address has been verified.";
}
$sql = "DELETE FROM confirmations WHERE type = :type AND hash = :hash";
$query = $conn->prepare($sql);
$query->bindParam(':type', $type);
$query->bindParam(':hash', $hash);
$query->execute();
}
}Code: Select all
[b]if ($query->rowCount() > 0) {[/b]