<?php /** * Copyright (C) 2021 Double Bastion LLC * * This file is part of Roundpin, which is licensed under the * GNU Affero General Public License Version 3.0. The license terms * are detailed in the "LICENSE.txt" file located in the root directory. */ $retrievedToken = $_GET['token']; $retrievedEmail = $_GET['newemail']; if (($retrievedToken != '') && (strlen($retrievedToken) == 55)) { define('ACCESSCONST', TRUE); require('db-connect.php'); // Find the user who has the token identical with the one retrieved from the link that has been clicked $registered = 1; $enabled = 1; $query0 = $mysqli->prepare("SELECT id, username, registered, token, enabled FROM app_users WHERE registered=? AND token=? AND enabled=?"); $query0->bind_param("isi", $registered, $retrievedToken, $enabled); $query0->execute(); $fetcheddbdata = $query0->get_result()->fetch_assoc(); if (!$fetcheddbdata) { die("Error !"); } else { $userName = $fetcheddbdata['username']; $query0->close(); $queryupemailandtoken = $mysqli->query("UPDATE app_users SET emailaddress = '$retrievedEmail', token = '' WHERE username = '$userName'"); header("Location: email-address-changed.php"); } } ?>