When a user registers, there is a random value md5(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM)) into verified column until he verifies his account. When this happen (by email), verified goes empty.
When a user wants to receive again his email verification, types his email in a textbox and there are 4 possible situations :
- Non valid email -> please-correct-your-email.php
- Valid email -> this-email-is-not-found.php
- Valid email + found in DB + verified -> is-already-verified.php
- Valid email + found in DB + not verified yet -> still-not-verified.php
My question is if my logic and construction are correct and also if I forgot something. It works correctly though.
if ($_POST["email"]) {
require_once('config.php');
$errflag = false;
$send2email = mysql_real_escape_string($_POST["email"]);
if (!filter_var($send2email, FILTER_VALIDATE_EMAIL)) {
$errflag = true;
}
if($errflag) {
header("location: please-correct-your-email.php");
exit();
}
$qry = "SELECT verified FROM members WHERE email='$send2email'";
$result = mysql_query($qry);
$member = mysql_fetch_assoc($result);
if($result) {
if (mysql_num_rows($result) == 0) {
header("location: this-email-is-not-found.php");
exit();
}
elseif ( (mysql_num_rows($result) > 0) && ($member['verified']) ) {
header("location: still-not-verified.php");
exit();
}
else {
header("location: is-already-verified.php");
exit();
}
}
} //this is for if post email
I’d change verified to a boolean field. It means
instead of “when he’s not verified, field is filled, when he’s verified, field is blank”. It’s little bit confusing.
I’d move
after
I’d add confirm code, because it makes no sense to do email verification without secured code (verification code)