//Check to see if this is the correct token $sql = "SELECT email_token FROM users WHERE user_id = '$user_id' AND type != 1"; $result = $mysqli->query($sql) or die ($mysqli->error); if ($result->num_rows == 1) { $token_hashed = mysqli_fetch_row($result)[0]; if (password_verify($token, $token_hashed)) { //Officiate the user $sql = "UPDATE `users` SET type = 1 WHERE user_id ='$user_id'"; $result = $mysqli->query($sql) or die ($mysqli->error); //Create a real token and handshake with user $token = User::generate_token(); $hashed_token = Database::sanitize(password_hash($token, PASSWORD_BCRYPT)); //Send the hashed token to the server $sql = "UPDATE `users` SET token = '$hashed_token'"; $result = $mysqli->query($sql) or die ($mysqli->error); //Pass to cookies $_SESSION['user_id'] = $user_id; setcookie('user_id', $user_id, time() + 3600, "/"); setcookie('token', $token, time() + 3600, "/"); $_COOKIE['user_id'] = $user_id; $_COOKIE['token'] = $token; echo 'Account verified'; }
$data = json_decode($request); $user = User::get_current_user(); $username = $data->username; $password = $data->password; $email = $data->email; $confirm_password = $data->confirm_password; /*$email = '*****@*****.**'; $username = '******'; $password = '******'; $confirm_password = '******';*/ $user = User::get_current_user(); try { if ($user instanceof User) { if (!$user->is_confirmed()) { //the user is not confirmed and is requesting confirmation, approve the request $email_token = User::generate_token(); $hashed_email_token = password_hash($token, PASSWORD_BCRYPT); //Mail the user the email $subject = 'Verify UofT Baddy account'; $message = " <html> <body> <p> Click <a href=\"http://uoftbaddy.ca/register-callback.php?id=$user_id&token=$token\">here</a> to verify your account </p> </body> </html>"; $headers = "Content-Type: text/html; charset=ISO-8859-1\r\n"; mail($email, $subject, $message, $headers); http_response_code(200);