Can I use the header function after doing an echo statement? I noticed that if I added the header function after the echo statement, it won’t show the echo statement… I have tried the following and it will straight away go into my header:
if($resultCheck > 0) {
while ($row = mysqli_fetch_assoc($result)) {
$token1 = $row['token1'];
$token2 = $row['token2'];
if ($token1 == $token2) {
$sql = "UPDATE users
SET user_activate = '1', token1='', token2=''";
mysqli_query($conn, $sql);
echo 'You have successfully activated your account';
header('Location: login.php');
} else {
echo 'Please make sure that you received the correct token';
}
Thanks… It is now working but I am having another problem… I am trying to check to see if the username that they are supplying is matching the username in their database and have added the following codes:
?php
include_once 'dbh.php';
$token2 = $_POST['token2'];
$sql = "UPDATE users
SET token2='$token2'";
mysqli_query($conn, $sql);
$sql = "SELECT * FROM users WHERE user_uid='".$_POST['userid']."'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if($resultCheck > 0) {
while ($row = mysqli_fetch_assoc($result)) {
$token1 = $row['token1'];
$token2 = $row['token2'];
$userid = $row['user_uid'];
if ($token1 == $token2 && $_POST['userid'] == $userid) {
$sql = "UPDATE users
SET user_activate = '1', token1='', token2=''";
mysqli_query($conn, $sql);
header("refresh:5;url=login.php");
echo 'You have successfully activated your account and will be directed to the login screen in 5 seconds... <a href="login.php">here</a>.';
} else {
echo 'Credentials do not match';
}
}
}
I am not getting any errors but I think this line of code is not working
if ($token1 == $token2 && $_POST[‘userid’] == $userid)
For the initial activation there’s no need to mess with a user ID, I am assuming that is a username and not the actual ID number. The token should be a unique ID in the database. You just need to match that.
Edit* You need to kill the script after your redirect or the script will keep running.
There’s some redundant code there. Look at your query:
$sql = "SELECT * FROM users WHERE user_uid='".$_POST['userid']."'";
which will only return rows where the user_uid column matches the $_POST variable. Your comparison line, though:
if ($token1 == $token2 && $_POST['userid'] == $userid) {
checks again whether the user id matches. It will, always, because of the condition in your query.
I think you should really be checking for user id matching, and user_activate not already being set to 1. I also think your method of checking whether the tokens match is a bit clunky, though you might have a reason for doing it that way. As, on a successful activation, you just clear those tokens, why not just run the query and check if $token1 is the same as the $_POST variable?