<?php
require_once __DIR__ . '/config/db.php';

$token = trim($_GET['token'] ?? '');

if ($token === '') {
    header('Location: ' . BASE_URL . '/login');
    exit;
}

$pdo  = get_pdo();
$stmt = $pdo->prepare('SELECT id FROM users WHERE confirm_token = ? AND email_confirmed = 0');
$stmt->execute([$token]);
$user = $stmt->fetch();

if ($user) {
    $pdo->prepare('UPDATE users SET email_confirmed = 1, confirm_token = NULL WHERE id = ?')
        ->execute([$user['id']]);
    header('Location: ' . BASE_URL . '/login?confirmed=1');
} else {
    // Token not found or already used
    header('Location: ' . BASE_URL . '/login?confirm_error=1');
}
exit;