$token = $_GET['token'] ?? null;
if ($token) {
require('../private/autoload.php');
$sql = "UPDATE users
SET email_status='active'
WHERE email_status='inactive'
AND email_token=? LIMIT 1";
$stmt = $conn->prepare($sql);
$stmt->bind_param("s", $token);
$stmt->execute();
if ($stmt->affected_rows) {
$_SESSION['msg'] = "Email verified successfully, Thank you.";
$_SESSION['token'] = $token; // why store this in the session?
header('Location: mobile_verify.php');
exit();
}
}
// missing or invalid submission
header('Location: index.php');
exit();