When a user registers, there is a random value md5(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM)) into verified column until he verifies his account. When this happen (by email), verified goes empty.
When a user wants to receive again his email verification, types his email in a textbox and there are 4 possible situations :
My question is if my logic and construction are correct and also if I forgot something. It works correctly though.
if ($_POST["email"]) {
require_once('config.php');
$errflag = false;
$send2email = mysql_real_escape_string($_POST["email"]);
if (!filter_var($send2email, FILTER_VALIDATE_EMAIL)) {
$errflag = true;
}
if($errflag) {
header("location: please-correct-your-email.php");
exit();
}
$qry = "SELECT verified FROM members WHERE email='$send2email'";
$result = mysql_query($qry);
$member = mysql_fetch_assoc($result);
if($result) {
if (mysql_num_rows($result) == 0) {
header("location: this-email-is-not-found.php");
exit();
}
elseif ( (mysql_num_rows($result) > 0) && ($member['verified']) ) {
header("location: still-not-verified.php");
exit();
}
else {
header("location: is-already-verified.php");
exit();
}
}
} //this is for if post email
I'd change verified to a boolean field. It means
verified BOOLEAN
------------------
1
0
instead of "when he's not verified, field is filled, when he's verified, field is blank". It's little bit confusing.
I'd move
$member = mysql_fetch_assoc($result);
after
if ($result){
I'd add confirm code, because it makes no sense to do email verification without secured code (verification code)