(I always search and found answers here for many years. This is my first post, hoping I'm doing it right...)
In my user_class.php is all the code to register, verify forgot pw, send mail, etc. But also this function:
USER_CLASS.php
public function lastID()
{
$stmt = $this->conn->lastInsertId();
return $stmt;
}
In my signup.php everything works as expected; the row is inserted correctly into the database tbl_users, with the code from:
SIGNUP.php
$code = md5(uniqid(rand()));
Also, the email is send correctly with the activation link as in the code below.
SIGNUP.php
else
{
if($reg_user->register($uname,$email,$upass,$code,$iagree,$userip))
{
$id = $reg_user->lastID();
$key = base64_encode($id);
$id = $key;
$message = "
Hello $uname,
<br /><br />
Welcome to XXXXX.<br/>
To complete your registration please , follow the link below:<br/>
<br /><br />
<a href='http://example.com/verify.php?id=$id&code=$code'>Click here to Activate your account.</a>
When I compare the the code ($code) with the code stored in the table, it is correct (the same) as it should be.
The PROBLEM is that when I follow the activation link, my verify.php page cannot find that record in the table:
VERIFY.php
if(empty($_GET['id']) && empty($_GET['code']))
{
$user->redirect('index.php');
}
if(isset($_GET['id']) && isset($_GET['code']))
{
$id = base64_decode($_GET['id']);
$code = $_GET['code'];
$statusY = "Y";
$statusN = "N";
$stmt = $user->runQuery("SELECT userID,userStatus FROM tbl_users WHERE userID=:uID AND tokenCode=:code LIMIT 1");
$stmt->execute(array(":uID"=>$id,":code"=>$code));
$row=$stmt->fetch(PDO::FETCH_ASSOC);
if($stmt->rowCount() > 0)
{
if($row['userStatus']==$statusN)
{
$stmt = $user->runQuery("UPDATE tbl_users SET userStatus=:status WHERE userID=:uID");
$stmt->bindparam(":status",$statusY);
$stmt->bindparam(":uID",$id);
$stmt->execute();
$msg = "
<div class='alert alert-success'>
<button class='close' data-dismiss='alert'>×</button>
<strong>Thank you.</strong> Your Account is now activated : <a href='index.php'>Login here</a>
</div>
";
}
else
{
$msg = "
<div class='alert alert-error'>
<button class='close' data-dismiss='alert'>×</button>
Your Account is already Activated : <a href='index.php'>Login here</a>
</div>
";
}
}
else
{
$msg = "
<div class='alert alert-error'>
<button class='close' data-dismiss='alert'>×</button>
No Account Found : <a href='signup.php'>Signup here</a>
</div>
";
}
}
Following the verify link from the email takes me to verify.php and then the error:
$msg = "
<div class='alert alert-error'>
<button class='close' data-dismiss='alert'>×</button>
No Account Found : <a href='signup.php'>Signup here</a>
</div>
";
The PROBLEM, I think, is in signup.php, specifically with $key :
$id = $reg_user->lastID();
$key = base64_encode($id);
$id = $key;
The reason i think it's $key, is because the email's verify-account link looks like this:
http://www.example.com/verify.php?id=MTUz&code=c74f01c3ea3edf807b21fc4ea28a41cb
Now, I clearly don't know much, and I admit at being a beginner, but the MTUz bit is what seems the be the issue. The only thing I could come up with is that the MTU is something to do woth exceeding the size of something.
I admit that I haven't tried anything else because I don't know where to start.
Please point me in the right direction.
Thank you.
CREDIT to the original author of the script: codingcage(dot)com/2015/09/login-registration-email-verification-forgot-password-php.html