PHP Account Activation Issues

Question

I wrote a login system for my website. When the user registers, the system emails an activation link to the email address the user provided. The link contains two parameters, email and key. The email parameter has the user's email address and the key parameter has the registration code so that the registration can be verified and changed from pending to confirmed. The activation page is supposed to fetch the Status column from the row that has the email parameter set in the Email column. For some reason, the script decides that any link is valid, and attempts to update the status of the account whether it exists or not.

Here is my code:

<?php

$email = $_GET['email'];
if($email == "") {
  header("Location: http://www.zbrowntechnology.info/yard/register.php?message=Invalid Activation Link!");
  exit;
}
$key = $_GET['key'];
if($key == "") {
  header("Location: http://www.zbrowntechnology.info/yard/register.php?message=Invalid Activation Link!");
  exit;
}

$con = mysql_connect("HOST", "USER", "PASS") or die(mysql_error());
mysql_select_db("zach_yardad", $con) or die(mysql_error());
$query1 = "SELECT `Status` FROM Accounts WHERE `Email`='".mysql_real_escape_string($email)."' AND `Status`='".mysql_real_escape_string($key)."'";
$result1 = mysql_query($query1) or die(mysql_error());
if(mysql_num_rows($result1) <= 0) {
  header("Location: http://www.zbrowntechnology.info/yard/register.php?message=Invalid Activation Link!");
 exit;
} else {
  $query = "UPDATE Accounts SET `Status`='Confirmed' WHERE `Email`='$email'";
  mysql_query($query) or die(mysql_error());
  header("Location: http://www.zbrowntechnology.info/yard/login.php?message=Registration Complete!");
  exit;
}

?>

Here is a valid activation link:

http://www.zbrowntechnology.info/yard/[email protected]&key=2772190956485245

It will activate that account by following the link, but it will redirect to the login page after activation if the link is not valid.

---

EDIT:

Here is the result of the query DESCRIBE `Accounts`:

First Name  varchar(65) NO      NULL     
Last Name   varchar(65) NO      NULL     
Email   varchar(100)    NO      NULL     
Username    varchar(65) NO      NULL     
Password    varchar(65) NO      NULL     
Status  varchar(65) NO      NULL     

Answer 1

I noticed that you are selecting status, to check to see if its confirmed or not..

Your Status field is where confirmed / unconfirmed is stored correct?

Shouldn't you be checking for Key?

In other words, instead of:

$query1 = "SELECT `Status` FROM Accounts WHERE `Email`='".mysql_real_escape_string($email)."' AND `Status`='".mysql_real_escape_string($key)."'";

Use:

$query1 = "SELECT `Status` FROM Accounts WHERE `Email`='".mysql_real_escape_string($email)."' AND `Key`='".mysql_real_escape_string($key)."'";

Replacing Key with the name of the field you store the KEY in.. as this is what you are checking for with your $_GET request, email and key.. not email and status.