0

After a user has registered, I send an email verification link to the email used for verification. When the user clicks on the link, I have a php api that validates the code and updates the DB. Upto this its working fine. Once that is done successfully, I want to display a message saying email is verified and provide the link for login. I am stuck here.

My echo display as it is with the html tag. I am new to PHP and unable to proceed. Please help.

<?php
    header("Access-Control-Allow-Origin: *");
    header("Content-Type: application/json; charset=UTF-8");
    header("Access-Control-Allow-Methods: POST");
    header("Access-Control-Max-Age: 3600");
    header("Access-Control-Allow-Headers: Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With");

    include_once '../config/database.php';
    include_once '../class/users.php';
    require_once('../config/constants.php');
    
    $database = new Database();
    $db = $database->getConnection();

    $item = new User($db);

    $item->hash = isset($_GET['ticket']) ? $_GET['ticket'] : die();
    
    $encryptedMessage = isset($_GET['code']) ? $_GET['code'] : die();
    $decryptedMessage = openssl_decrypt($encryptedMessage, ENCRYPT_ALGO, SALT);

    $item->email = $decryptedMessage; 
    
    $item->verifyEmail();

    if($item->user_id != null){
        $item->updateEmailVerified($item->user_id);
        echo "<p style='color:red;'>" . "Hello Word" . "</p>"; // --- Displays as it is ---
    }
      
?>

enter image description here

Improve this question
3
  • 1
    You're explicitly setting the header to tell the browser to expect JSON data: header("Content-Type: application/json; charset=UTF-8"); Why? Commented Aug 11, 2021 at 14:38
  • 1
    You have Content-Type: application/json;, so this page cannot be HTML. Commented Aug 11, 2021 at 14:38
  • 1
    Also if this is intended to be a link clicked on from an email, why have you set all those CORS-related headers (the "Access-Control" ones) at the top? They just open up a security hole for no reason, if you don't actually want the page to be accessed via a CORS request. I smell some programming-by-guesswork going on here. If you don't understand what a line of code does either a) go and do some research so you can understand its purpose, or b) don't use it. Commented Aug 11, 2021 at 14:39

1 Answer 1

Reset to default
0

Your content type is set to "application/json" here:

header("Content-Type: application/json; charset=UTF-8");

Try changing it to:

header("Content-Type: text/html; charset=UTF-8");
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.