No Valid User in Session. Please Login Again!';
} else { //if theres a valid session do this:
$statement = $pdo->prepare("SELECT * FROM users WHERE username = :username"); //sql statement username = $sessionuser
$result = $statement->execute(array('username' => $sessionuser));
$user = $statement->fetch();
if($user === false) { //in some cases users have a valid session, but the account was deleted in the background, this has that case covered:
$error = 'no user found';
}
if($user['username'] == ""){ //if you've managed to create a user without username, print an error.
$error = 'no user found';
}
if($user['activated'] == "1"){ //if your account is already activated:
$error = 'user already activated!';
} else {
$activationcode = random_string(); //store a random string in this variable
$statement = $pdo->prepare("UPDATE users SET activationcode = :activationcode, activationcode_time = NOW() WHERE id = :userid"); //prepare the statement
$result = $statement->execute(array('activationcode' => sha1($activationcode), 'userid' => $user['id'])); //activationcode in db is sha1 of real activationcode
//now lets compose a mail:
$mailrcpt = $user['email']; //mail goes to user that should be validated.
$mailsubject = "Activate the Account of ".$user['username']; //the subject
$from = "From: Account Activation Service "; //send mail from "activatemyaccount@%urlyourusingtoaccessthisscript%"
$url_activationcode = 'https://'.$_SERVER['HTTP_HOST'].'/activate.php?userid='.$user['id'].'&code='.$activationcode; //url for activation is https://%urlyourusingtoaccessthisscript%/activate.php?userid=$userid&code=$activationcode
//thats the content of the mail:
$text = 'Hallo '.$user['username'].',
please use the following URL to activate your account in the next 24h:
'.$url_activationcode.'
If this mail comes unsolicited, please just ignore the mail.
cheers
loginpagefoo script';
mail($mailrcpt, $mailsubject, $text, $from); //sending the mail with the build-in mail function.
echo 'Link send. Going back to profile page. ';
//afterwards going back to profile, and dont render the form again.
$showForm = false;
}
}
}
if($showForm): //you guessed it: html & the form:
?>
Activate user