Verification mail - not clickable

Question

After successful registration, a verification link is sent to the registered user by email, however, it is not possible to click on the text that arrives, It just says the classic text, click here to verify your account.

Send verification mail page:

<?php
    require_once 'utils.php';
    session_start();

    function sendValidationEmail($email) {
        $db = connect();
        if($db) {
            $oneDayAgo = time() - 60 * 60 * 24;
            $res = sqlSelect($db, 'SELECT users.id,name,verified,COUNT(requests.id) FROM users LEFT JOIN requests ON users.id = requests.user AND type=0 AND timestamp>? WHERE email=? GROUP BY users.id ', 'is', $oneDayAgo, $email);
            if($res && $res->num_rows === 1) {
                $user = $res->fetch_assoc();
                if($user['verified'] === 0) {
                    if($user['COUNT(requests.id)'] <= MAX_EMAIL_VERIFICATION_REQUESTS_PER_DAY) {
                        //Send validation request
                        $verifyCode = random_bytes(32);
                        $hash = password_hash($verifyCode, PASSWORD_DEFAULT);
                        $requestID = sqlInsert($db, 'INSERT INTO requests VALUES (NULL, ?, ?, ?, 0)', 'isi', $user['id'], $hash, time());
                        if($requestID !== -1) {
                            if(sendEmail($email, $user['name'], "Email Verification", "<a href='https://example.com/validate/" . $requestID . "/" . urlSafeEncode($verifyCode) . "' />Click this link to verify your email</a>")) {
                                return 0;
                            }
                            else {
                                // return 'failed to send email';
                                return 1;
                            }
                        }
                        else {
                            // return 'failed to insert request';
                            return 2;
                        }
                    }
                    else {
                        return 3;
                    }
                }
                else {
                    return 4;
                }
                $res->free_result();
            }
            else {
                return 5;
            }
            $db->close();
        }
        else {
            return 6;
        }
        return -1;
    }
    

    if(isset($_POST['validateEmail']) && isset($_POST['csrf_token']) && validateToken($_POST['csrf_token'])) {
        echo sendValidationEmail($_POST['validateEmail']);
    }

.htaccess file:

RewriteEngine On 
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d

RewriteRule ^login/?$ login.php [NC,L]
RewriteRule ^register/?$ register.php [NC,L]

RewriteRule ^validate/?([\d]+)?/?([^/]+)?/?$ validate-email.php?id=$1&hash=$2 [NC,QSA,L]
RewriteRule ^reset-password/?([\d]+)?/?([^/]+)?/?$ reset-password.php?id=$1&hash=$2 [NC,QSA,L]

#Disable Caching for dev
<IfModule mod_headers.c>
    Header set Cache-Control "no-cache, no-store, must-revalidate"
    Header set Pragma "no-cache"
    Header set Expires 0
</IfModule>
<FilesMatch "\.(css|flv|gif|htm|html|ico|jpe|jpeg|jpg|js|mp3|mp4|png|pdf|swf|txt)$">
    <IfModule mod_expires.c>
        ExpiresActive Off
    </IfModule>
    <IfModule mod_headers.c>
        FileETag None
        Header unset ETag
        Header unset Pragma
        Header unset Cache-Control
        Header unset Last-Modified
        Header set Pragma "no-cache"
        Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
        Header set Expires "Thu, 1 Jan 1970 00:00:00 GMT"
    </IfModule>
</FilesMatch>

It does not create any error_logs for me, everything works without errors, except that the user cannot click on the link.

Answer 1

Try: "<a href='https://example.com/validate/" . $requestID . "/" . urlSafeEncode($verifyCode) . "'>Click this link to verify your email</a>" You have /> before Click this link.