<?php

    include($_SERVER['DOCUMENT_ROOT'] . "/_ps2020/config/connect.php");

    session_start();

    if(isset($_GET['id']) && isset($_GET['vCode'])){
        $user_id = $_GET['id'];
        $vCode = $_GET['vCode'];
    }else{
        header('location: resetPassword_email.php');
    }

    $result = $conn->query("SELECT * FROM user_account WHERE user_id = '$user_id'");

        if($result){
            
            while($row = $result->fetch_assoc()){
                $verifyCode = $row['verifyCode'];
                
                if($row['active'] == -1){
                    header('location: account-disabled.php');
                }
                else if($verifyCode == $vCode){
                    //So the verify code matches and user can go ahead
                    $_SESSION['user_id'] = $user_id;
                    header('location: resetPassword.php');
                }else if($verifyCode == 0){
                    //that would mean that user has not reset his password
                    //We will send him back
                    header('location: sign-in.php');
                }else{
                    header('location: resetPassword_email.php');
                }

            }
        }else{
            echo "There is a error";
            header("location: index.php");
        }

?>