The below is the basics of my activation code, the user is sent a link when registering to activate. when they click the link it activates and functions as it should, if the token in the link does not match any in the database it should redirect with error message, this is the hangup it don’t redirect or even show the error message it just stays on a blank page.
I am really not sure what I missed I even tried a else if what am i missing
if (($_SERVER['REQUEST_METHOD'] === "GET") && isset($_GET['hash_token'])) {
$db = DB_CONNECT();
$stmt = $db->prepare("SELECT id, email, confirm_code FROM users WHERE confirm_code = ?");
$stmt->bind_param('s', $_GET['hash_token']);
$stmt->execute();
$result = $stmt->get_result();
$stmt->close();
while ($row = mysqli_fetch_assoc($result)) {
$email = $row['email'];
$confirm_code = $row['confirm_code'];
if ($confirm_code !== null && $confirm_code === $_GET['hash_token']) {
$is_activated = 1;
$set_confirm_code = null;
$stmt2 = $db->prepare("UPDATE users SET is_activated = ?, confirm_code = ? WHERE confirm_code = ?");
$stmt2->bind_param('sss', $is_activated, $set_confirm_code, $confirm_code);
$stmt2->execute();
$stmt2->close();
set_message("Your account has been activated please login.", SUCCESS);
redirect_to_url("/");
} else {
set_message("Unable to activate with provided data.", WARNING);
redirect_to_url("/");
}
}
}
Advertisement
Answer
When $stmt return null results while block won’t be executed.
Try this
<?php
if (($_SERVER['REQUEST_METHOD'] === "GET") && isset($_GET['hash_token'])) {
$db = DB_CONNECT();
$stmt = $db->prepare("SELECT id, email, confirm_code FROM users WHERE confirm_code = ?");
$stmt->bind_param('s', $_GET['hash_token']);
$stmt->execute();
$result = $stmt->get_result();
$stmt->close();
if (mysqli_num_rows($result) > 0 ) {
while ($row = mysqli_fetch_assoc($result)) {
$email = $row['email'];
$confirm_code = $row['confirm_code'];
if ($confirm_code !== null && $confirm_code === $_GET['hash_token']) {
$is_activated = 1;
$set_confirm_code = null;
$stmt2 = $db->prepare("UPDATE users SET is_activated = ?, confirm_code = ? WHERE confirm_code = ?");
$stmt2->bind_param('sss', $is_activated, $set_confirm_code, $confirm_code);
$stmt2->execute();
$stmt2->close();
set_message("Your account has been activated please login.", SUCCESS);
redirect_to_url("/");
} else {
set_message("Unable to activate with provided data.", WARNING);
redirect_to_url("/");
}
}
} else {
set_message("Unable to activate with provided data.", WARNING);
redirect_to_url("/");
}
}