<?phpif(isset($_GET['email']) && isset($_GET['hash'])) { include_once('ph

1. <?php
2.  
3. if(isset($_GET['email']) && isset($_GET['hash'])) {
4.  
5. include_once('php_includes/connect.php');
6. //verify
7. $email = mysqli_real_escape_string($_GET['email']); //set email variable
8. $hash = mysqli_real_escape_string($_GET['hash']); //set hash variable
9.  
10. $sql = "SELECT email, hash, activated FROM `users` WHERE email = '$email' AND hash = '$hash' AND activated = '0' LIMIT 1" or die(mysqli_error());
11.  
12. $result = mysqli_query($connection, $sql);
13.  
14. if($result) {
15. $sql = "UPDATE `users` SET activated='1' WHERE email='$email' AND hash='$hash' AND activated = '1' LIMIT 1" or die(mysqli_error());
16. header("location: message.php?msg="); //PAGE WITH LINK TO LOGIN
17. exit();
18.  
19. } else {
20. echo '<div class="statusmsg">The url is either invalid or you already have activated your account.</div>';
21. }
22. } else {
23. echo '<div class="statusmsg">Invalid approach. Please use the link that has been sent to your email.</div>';
24. }
25.  
26. <?php
27.  
28. if(isset($_GET['email']) && isset($_GET['hash'])) {
29.  
30. include_once('php_includes/connect.php');
31. //verify
32. $email = mysqli_real_escape_string($_GET['email']); //set email variable
33. $hash = mysqli_real_escape_string($_GET['hash']); //set hash variable
34. $activated = 1;
35. $not_activated = 0;
36.  
37. $sql = $connection->prepare("SELECT email, hash, activated FROM `users` WHERE email=? AND hash=? AND activated=? LIMIT 1") or die(mysqli_error());
38. $sql->bind_param("ssi", $email, $hash, $not_activated);
39. $result = $sql->execute();
40. $sql->execute();
41.  
42. if($result) {
43.  
44. $sql = $connection->prepare("UPDATE `users` SET activated=? WHERE email=? AND hash=? AND activated=? LIMIT 1") or die(mysqli_error());
45. $sql->bind_param("issi", $activated, $email, $hash, $not_activated);
46. $result = $sql->execute();
47. $sql->execute();
48. header("location: message.php?msg=");
49. exit();
50.  
51. //THE SAME ELSE STATEMENTS BELOW THIS, BUT THEY ARE NEVER REACHED
52. }
53.  
54. $username = $_POST['username'];
55. $password = $_POST['password'];
56. $email = $_POST['email'];
57. $gender = $_POST['gender'];
58. $profession = $_POST['profession'];
59. $ip = $_SERVER['REMOTE_ADDR'];
60. $password_hash = password_hash($password, PASSWORD_DEFAULT);
61. $hash = md5( rand(0, 1000) );
62. //HERE IS WHERE IT'S THE SAME
63.  
64. $stmt = $connection->prepare("INSERT INTO `users` (username, password, email, gender, profession, ip, hash) VALUES(?, ?, ?, ?, ?, ?, ?)");
65. $stmt ->bind_param("sssssss", $username, $password_hash, $email, $gender, $profession, $ip, $hash);
66. $result = $stmt->execute();
67. $stmt->execute(); //THIS EXECUTES FINE
68.  
69. if($result) {
70. $successMessage = "Now check your inbox or junk folder for verification email.";
71. //BEGIN EMAIL CODE AFTER THIS. WORKS FINE.