Hi Joomlapolis,
Im running Mambo 4.5.4, and CB 1.0RC2.
I had the same problem mentioned in this thread. Users register sucessfully and the registration email is sent to them.
However, upon clicking the Confirm Email link, They receive this message: "Your account is not yet active. Please check your email and follow the instructions to complete the registration process.".
I did a bit of debugging and it seems that in Mambo 4.5.2, mosGetParam( $_REQUEST, 'confirmcode', 1 ) will return 0, even though $_REQUEST contains the md5 hash of the user's id.
That is, when the user clicks the confirm link, eg:
fijiwebdesign.com/index.php?option=com_comprofiler&task=confirm&confirmcode=e2ad76f2326fbc6b56a45a56c59fafdb
Comprofiler runs the following bit of code:
[code:1]
case "confirm":
confirm( mosGetParam( $_REQUEST, 'confirmcode', 1 ) );
break;
[/code:1]
Since Mambo 4.5.2's mosGetParam( $_REQUEST, 'confirmcode', 1 ) returns 0 and thus passes 0 to the confirm() function then the mysql query fails as there is no userid that md5 hashes to 0.
The temporary work around is to use:
confirm( mosGetParam( $_REQUEST, 'confirmcode', false ) );
So that is:
go to: yoursite/components/com_comprofiler/comprofiler.php and change line 94 from:
[code:1]confirm( mosGetParam( $_REQUEST, 'confirmcode', 1) );[/code:1]
to
[code:1]confirm( mosGetParam( $_REQUEST, 'confirmcode', false ) );[/code:1]
That should make it work.
After you've fixed the code above, you can use this bit of code to send out an email to all your unconfirmed members.
[code:1]case "confirm_notify":
// temporary, delete after use
$query = "select c.user_id as userid, u.name, u.email from #__users as u".
"\n left join #__comprofiler as c on (u.id = c.user_id)".
"\n where c.confirmed = 0";
$database->setQuery($query);
$rows = $database->loadObjectList();
if (count($rows) < 1) {
echo 'All users are confirmed, you are all set :«»)';
} else {
if ( mosGetParam( $_REQUEST, 'msg', false ) ) {
$message = mosGetParam( $_REQUEST, 'msg');
$subject = mosGetParam( $_REQUEST, 'subject', 'Notification');
foreach($rows as $row) {
$umsg = str_replace('{confirm_link}', sefRelToAbs('index.php?option=com_comprofiler&task=confirm&confirmcode='.md5($row->userid)), $message);
echo 'Email sent to: '.$row->name.' with email address: '.$row->email.'<br />';
mail("{$row->name} <{$row->email}>", $subject, $umsg);
}
echo 'All '.count($rows).' emails sent!<br />';
echo '<hr /><b>Summary</b><br />';
echo 'Subject:'.$subject.'<br />';
echo 'Message:'.$message.'<hr />';
} else {
global $mosConfig_live_site, $mosConfig_site_name;
$GLOBALS = $GLOBALS ? $GLOBALS : $mosConfig_sitename;
$GLOBALS = $GLOBALS ? $GLOBALS : $mosConfig_live_site;
?>
<form name="confirm_notify" method="post">
<fieldset>
<legend>Send an Email to all unconfirmed members of your site</legend>
<div>Subject: <input type="text" name="subject" value="Please Confirm your Registration" class="inputbox" /></div>
<div>Message: <textarea name="msg" rows="15" cols="50" class="inputbox">Dear Sir/Madam,
Recently you have tried to register at <?php echo $GLOBALS; ?>, <?php echo $GLOBALS; ?>.
We have noticed that your account registration has yet to be confirmed. This may be due to some technical problems that occured in the update of our website.
Please click on this link to confirm your registration:
{confirm_link}
Sorry for the inconvenience.
Regards,
<?php echo $GLOBALS; ?> Team.
</textarea></div>
</fieldset>
<fieldset>
Send message to (<?php echo count($rows); ?>«») users.
<input type="submit" name="send" value="Send" />
<input type="hidden" name="option" value="com_comprofiler" />
<input type="hidden" name="task" value="confirm_notify" />
<input type="hidden" name="act" value="Send" />
</fieldset>
</form>
<?php
}
}
break;[/code:1]
Add this on line 96 of comprofiler.php
Then go to
www.example.com/index.php?option=com_comprofiler&task=confirm_notify
Where example.com is your website url.
That should save you quite a bit of time if you have alot of users who have registered and could not confirm their account. (Also useful for sending out a periodic reminder).
Note that {confirm_url} is converted to the confirmation link for the individual users getting the email. So dont change it.
The page is accessible by everyone however, so I'd recommend deleting the bit of code after use.
This does not pertain to the topic, but since the discussion is on the confirmation link I think I'd say it here.
The "confirmation code" is simply the md5 hash of the users id. This makes the hashing of the users id useless and the the challenge sent to the users email is useless also.
Its like sending the user a url such as:
example.com?index.php?option=com_comprofiler&task=confirm&confirmcode=[userid]
It makes the whole purpose of sending a chanllenge to the user email meaningless as a simple php script can be written to confirm every single userid on a comprofiler based website...
Simply something like:
[code:1]<?php
for($i = 63; $i < 100; $i++) {
$f = fopen("http://example.com?index.php?option=com_comprofiler&task=confirm&confirmcode=$i", 'r');
fclose($f);
}
?>[/code:1]
This will effectively confirm every email address from userid of 63-100.
Hopefully this could get fixed in the next release as it may be one of the reasons I get so many spammers registering on my site... I know other CB users have the same problem.
The whole purpose of a challenge is that it is randomly generated, and complex enough (low probability of being repeated) not to be "guessed" out. Not created out of the userid.
Post edited by: fwd, at: 2006/07/16 02:20