userValidation.php

<?php

# en222_adminsistema

# admin/userValidation.php?email=diana@mail.pt&token=XZbttLCHkud7mmk4X9kEx39rPs7GRxJQQaZa*mr_

# vai validar o email do utilizador

require_once("connection.php"); # $con, variável de conexão

$username = $_GET['email'];

$token = $_GET['token'];

$sql="SELECT idUsername, TIMESTAMPDIFF(minute, dateReg, now()) AS minutos FROM token WHERE TIMESTAMPDIFF(minute, dateReg, now()) > 60";

$queryToken=mysqli_query($con, $sql) or die ($sql);

$totalToken=mysqli_num_rows($queryToken);

if($totalToken>0) {

    while($fetchToken=mysqli_fetch_assoc($queryToken)) {

        $idUsername=$fetchToken['idUsername'];

        $sql="CALL delete_token ($idUsername)";

        mysqli_query($con, $sql);

    }

}

$sql="SELECT idUsername FROM token JOIN username USING(idUsername) WHERE username = '$username' AND token = '$token'";

$query=mysqli_query($con, $sql) or die($sql);

$total=mysqli_num_rows($query);

if($total==1){

    $fetch=mysqli_fetch_assoc($query); # para aceder ao idUsername

    $idUsername=$fetch['idUsername'];

    # sucesso: Vou alterar o estado do username e apagar o token

    $path="login.html?msg=usernameValidado";

    $sql="CALL p_validate_username ('$token', $idUsername)";

    mysqli_query($con, $sql) or die($sql);

} else {

    # fracasso: vou passar um parametro de token

    $path="register.html?msg=semToken";

}

header("Location:$path");

?>