if (!$record) die("Invalid verification link.");
if (new DateTime() > new DateTime($record['expires_at'])) die("Link expired. Request a new one."); verify email php
// Mark user as verified $update = $pdo->prepare("UPDATE users SET email_verified = 1 WHERE id = ?"); $update->execute([$record['user_id']]); if (!$record) die("Invalid verification link.")
// Good: "Verification successful! You may now log in." // Better: "Email verified! Redirecting to login..." header("Refresh: 3; url=/login.php"); ✅ Auto-delete old expired tokens via cron or during resend DELETE FROM email_verifications WHERE expires_at < NOW() ✅ Use HTTPS exclusively if (empty($_SERVER['HTTPS'])) header("Location: https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); exit(); if (new DateTime() >