<?php # activate.php
// This page activates the user's account.
require ('includes/config.inc.php');
$page_title = 'Activate Your Account';
include ('includes/header.html');
// If $x and $y don't exist or aren't of the proper format, redirect the user:
if (isset($_GET['x'], $_GET['y'])
&& filter_var($_GET['x'], FILTER_VALIDATE_EMAIL)
&& (strlen($_GET['y']) == 32)) {
// Update the database...
require (MYSQL);
$q = "SELECT person_id FROM registered_user WHERE active='" . mysqli_real_escape_string($dbc, $_GET['y']) . "'";
$r = mysqli_query($dbc, $q);
$row = mysqli_fetch_array($r);
$id1 = $row[0];
$q = "SELECT person_id FROM person WHERE email='" . mysqli_real_escape_string($dbc, $_GET['x']) . "'";
$r = $dbc->query($q);
$row = mysqli_fetch_array($r);
$id2 = $row[0];
if ($id1 == $id2){
$person_id = $id2;
$q = "UPDATE registered_user SET active=NULL WHERE person_id=$person_id LIMIT 1";
$r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n
MySQL Error: " . mysqli_error($dbc));
}
// Print a customized message:
if (mysqli_affected_rows($dbc) == 1) {
echo "<h3>Your account is now active. You may now log in.</h3>";
} else {
echo '<p class="error">Your account could not be activated.
Please re-check the link or contact the system administrator.</p>';
}
mysqli_close($dbc);
} else { // Redirect.
$url = BASE_URL . 'index.php'; // Define the URL.
ob_end_clean(); // Delete the buffer.
header("Location: $url");
exit(); // Quit the script.
} // End of main IF-ELSE.
include ('includes/footer.html');
?>