0
<?php
require_once($_SERVER['DOCUMENT_ROOT']."/_includes/init.php");

$po_page_title="Verifying your email address";

$code=$_GET["code"];

$message="<p>Information</p>";
if(!$code) {
    $message="<p>Unable to verify your email address.</p>";
} else {

    $o=new DBUsers();
    $o->ValidateCode($num,$code);

   if($num>0){

        $message="<p>Thank you, your email address has been validated.</p>";

        //This line of code runs
        $o->UpdateVerified($code);

   } else {

     //But this is the message that appears????
     $message.="<p>It looks like your email may already have been verified.  If you haven't yet made a payment, please just login and you should be prompted to do so.</p><p>Many thanks</p>";
   }

}

echo $message;
unset($o);

On my local host I get the Thank you message and it fires the UpdatedVerified code as expected.

Here is the ValidateCode

function ValidateCode(&$num=0,$code="") {
    if(empty($code)) return;
    $sql="SELECT id FROM {$this->viewName} WHERE code='$code' AND verified=0 AND active=0";
    DataObject::GetRecords($sql,$num);

}

Update code

function UpdateVerified($code=""){
    if(empty($code))return;
    $sql="UPDATE $this->tableName SET verified=1,active=1 WHERE code='$code'";
    DataObject::ExecuteSql($sql);
}

However when I try the same code on my remote host (Hostgator), the UpdatedVerified code is executed as I can see the data being updated in the database, which is what I would expect to happen, but the weird part is that I get the 'It looks like your email...' message instead.

The page is not being run twice, there is no refresh anywhere in the code. I have even tried running this code on friends host and it works perfectly.

This has had me stumped for a few days now and from my point of view the code is running fine because I've seen it working, but not on the actual host and it's not like the code is doing anything complicated.

Martin
  • 240
  • 4
  • 13
  • What are the software differences a between your dev machine, prod machine and your friends machine? PHP, MySQL versions? What does `GetRecords()` do? Did you try printing out any error the DB might have had executing the query? You are vulnerable to SQL injection with that code. Use [Prepared Statements!](https://stackoverflow.com/q/1457131/8469069) – ishegg Aug 21 '17 at 12:38
  • My friend also uses HostGator and the only difference that there was between the two was that he didn't have cookies of sessions enabled, but even after we enabled them everything worked. There are no database errors I've output and tested each sql statement and when not on this particular host everything works. I've even deleted the entire website and uploaded a fresh version. – Martin Aug 21 '17 at 13:09

0 Answers0