<?php
/**
 *  Copyright (C) 2021  Double Bastion LLC
 *
 *  This file is part of Roundpin, which is licensed under the
 *  GNU Affero General Public License Version 3.0. The license terms
 *  are detailed in the "LICENSE.txt" file located in the root directory.
 */

$retrievedToken = $_GET['token'];
$retrievedEmail = $_GET['newemail'];

if (($retrievedToken != '') && (strlen($retrievedToken) == 55)) {

  define('ACCESSCONST', TRUE);

  require('db-connect.php');

    // Find the user who has the token identical with the one retrieved from the link that has been clicked
    $registered = 1;
    $enabled = 1;
    $query0 = $mysqli->prepare("SELECT id, username, registered, token, enabled FROM app_users WHERE registered=? AND token=? AND enabled=?");
    $query0->bind_param("isi", $registered, $retrievedToken, $enabled);
    $query0->execute();
    $fetcheddbdata = $query0->get_result()->fetch_assoc();

    if (!$fetcheddbdata) {
        die("Error !");
    } else {
        $userName = $fetcheddbdata['username'];
        $query0->close();

        $queryupemailandtoken = $mysqli->query("UPDATE app_users SET emailaddress = '$retrievedEmail', token = '' WHERE username = '$userName'");

        header("Location: email-address-changed.php");
    }
}

?>