Please Log in to join the conversation.
function _setActivationCode( ) {
global $_CB_framework;
$randomHash = md5( cbMakeRandomString() );
$scrambleSeed = (int) hexdec(substr( md5 ( $_CB_framework->getCfg( 'secret' ) . $_CB_framework->getCfg( 'db' ) ), 0, 7));
$scrambledId = $scrambleSeed ^ ( (int) $this->id );
$this->cbactivation = 'reg' . $randomHash . sprintf( '%08x', $scrambledId );
// for CMS compatibility (and JFusion compatibility):
$this->activation = $randomHash;
}
if( $ueConfig['reg_confirmation'] == 1 ) {
if ( $row->confirmed ) {
$confirmLink = "\n" . _UE_USER_EMAIL_CONFIRMED . ".\n";
} else {
if ( $row->cbactivation ) {
$confirmCode = $row->cbactivation;
} else {
$confirmCode = '';
}
// no sef here ! space added after link for dumb emailers (Ms Entourage)
$confirmLink = " \n".$_CB_framework->getCfg( 'live_site' )."/index.php?option=com_comprofiler&task=confirm&confirmcode=" . $confirmCode . getCBprofileItemid( false, 'confirm' ) . " \n";
// not implemented in viewUrl yet: $confirmLink = " \n". $_CB_framework->viewUrl( 'confirm', array( 'confirmcode' => $confirmCode ) ) ." \n";
}
} else {
$confirmLink = ' ';
}
Please Log in to join the conversation.
Please Log in to join the conversation.
Yes, it's fine for it to remain in URL. The hash is random and not possible to fake. It's compared to the one stored for the user in database; if it doesn't match character for character then confirmation will fail. So appending just user_id for instance will fail. Not possible for someone to generate the hash from an outside source either as again is completely random and would probably take 100 years or more to duplicate just 1 users hash, which would be rather pointless.derekk wrote: Thanks Krileon
Yes I am using 1.4 should it still be displaying that url with the hash after the confirmation link has been clicked in 1.4?
I am using CB strictly for registration.
Please Log in to join the conversation.