No code delivered. nothing to do here.');
}
$userid = $_GET['userid']; //storing the userid & code provided in variables
$code = $_GET['code'];
$statement = $pdo->prepare("SELECT * FROM users WHERE id = :userid");
$result = $statement->execute(array('userid' => $userid));
$user = $statement->fetch();
//check if theres a code for the user delivered
if($user === null || $user['activationcode'] === null) {
die('
No User matching your request.
');
}
//check if the 24h window is still open for this code
if($user['activationcode_time'] === null || strtotime($user['activationcode_time']) < (time()-24*3600) ) {
die('
Ooops. This code isnt valid anymore.
');
}
//check if the codes match
if(sha1($code) != $user['activationcode']) {
die('
Not the valid activationcode!
');
}
//activate user:
if(isset($_GET['send'])) {
$statement = $pdo->prepare("UPDATE users SET activated = 1, activationcode = NULL, activationcode_time = NULL WHERE id = :userid");
$result = $statement->execute(array('userid'=> $userid ));
if($result) { //if successfull: die & go to start.php via update.php
die('Activated. Going to start now.');
}
}
?>
Activate your user