connect_error) { echo("An error occured, please try later"); exit(); } if ($_GET["aircraft-id"] == "all") { $stmt = $con->prepare("SELECT id FROM `aircraft-devs` WHERE user = ?"); $stmt->bind_param("s", $_GET["email"]); } else { $stmt = $con->prepare("SELECT id FROM `aircraft-devs` WHERE acid = ? AND user = ?"); $stmt->bind_param("ss", $_GET["aircraft-id"], $_GET["email"]); } $stmt->execute(); $result = $stmt->get_result(); $res = $result->fetch_assoc(); $stmt->close(); if ($res == Null) { echo("You're not signed up to receive emails for " . $_GET["aircraft-id"]); } else { $hash_unique = false; while (!$hash_unique) { $hash = bin2hex(random_bytes(16)); $sql = "SELECT id FROM `confirmation-pending` WHERE id = '" . $hash . "';"; $result = $con->query($sql); $res = $result->fetch_assoc(); if ($res == Null) { $hash_unique = true; } } $action = new stdClass; $action->action = "signoff"; $action->acid = $_GET["aircraft-id"]; $action->email = $_GET["email"]; $stmt = $con->prepare("INSERT INTO `confirmation-pending` (id, action, ts) VALUES (?, ?, NOW())"); $stmt->bind_param("ss", $hash, json_encode($action)); $stmt->execute(); $stmt->close(); $msg = "You've received this email cause someone requested to sign this email off of the Aircraft Developer Registry at " . getenv("BASE_URL") . " If you have requested this please use the following link to confirm " . getenv("BASE_URL") . "/confirm.php?id=" . $hash . " If you haven't requested to be signed up, please ignore this email."; send_mail($_GET["email"], "Sign Off " . $_GET["aircraft-id"], $msg); echo("We've sent you an email. Please confirm your sign off with the link"); } $con->close(); } else { echo("Invalid request."); } ?>