prepare("SELECT * FROM users WHERE magic_token = ? AND magic_token_expires_at > NOW()"); $stmt->execute([$token]); $user = $stmt->fetch(); if ($user) { // Token is valid, log the user in session_start(); $_SESSION['user_id'] = $user['id']; $_SESSION['role_id'] = $user['role_id']; // Store role for future use // Invalidate the token so it can't be reused $stmt = $pdo->prepare("UPDATE users SET magic_token = NULL, magic_token_expires_at = NULL WHERE id = ?"); $stmt->execute([$user['id']]); } else { // Token is invalid or expired $error_message = "This link is invalid or has expired. Please request a new one from HR."; } } else if (!isset($_SESSION['user_id'])){ // Only show an error if no token and not already logged in. $error_message = "No authentication token provided. This page is only accessible via a special link."; } // If there's an error, display it and stop rendering the page. if ($error_message) { echo "

" . htmlspecialchars($error_message) . "

"; exit; } // The magic link token would be validated here in a real scenario. // For now, we just display the page. ?> Welcome to <?php echo htmlspecialchars($companyName); ?>
<?php echo htmlspecialchars($companyName); ?> Logo

Welcome Aboard!

We are thrilled to have you join the team. We've prepared a few things to get you started.

Start Your Onboarding

Need to review some documents before you start?

Read the Employee Handbook