Confirmation link not working correctly
beat
17 years 11 months ago #11390
by beat
Beat - Community Builder Team Member
Before posting on forums: Read FAQ thoroughly -- Help us spend more time coding by helping others in this forum, many thanks
CB links: Our membership - CBSubs - Templates - Hosting - Forge - Send me a Private Message (PM) only for private/confidential info
Beat - Community Builder Team Member
Before posting on forums: Read FAQ thoroughly -- Help us spend more time coding by helping others in this forum, many thanks
CB links: Our membership - CBSubs - Templates - Hosting - Forge - Send me a Private Message (PM) only for private/confidential info
Please Log in to join the conversation.
17 years 11 months ago #12009
by beat
Beat - Community Builder Team Member
Before posting on forums: Read FAQ thoroughly -- Help us spend more time coding by helping others in this forum, many thanks
CB links: Our membership - CBSubs - Templates - Hosting - Forge - Send me a Private Message (PM) only for private/confidential info
Replied by beat on topic Re:Confirmation link not working correctly
ccreding wrote:
Yes, it helps in Entourage for mac for instance
I had added the space after for that. Now I also added the space before, so we are on the safe side for 1.0 stable.
Thanks!
I had this same issue, the problem was fixed by adding spaces in the ue_config.php file just before and after the hyperlink, seems that the link was accquiring some of the text from the lines after the link and that was contaminating the user registration confirmation.
the code should look like this:
<?php
...
$ueConfig='Greetings [NAME],
Thank you for applying for registration with us. We have
received your request and we will process it as soon as you
confirm your email address by clicking on the following
hyperlink:
[CONFIRM]
Once your email address is confirmed our moderators will be
notified to continue the activation process.
You will be notified by email of the progress of the process.
[DETAILS]
Kind Regards,
Website Administration Team';
$ueConfig='New User Details';
...
?>
the red parts represent the areas that need to be changed
hope this is helpful, it worked for me.
Yes, it helps in Entourage for mac for instance
I had added the space after for that. Now I also added the space before, so we are on the safe side for 1.0 stable.
Thanks!
Beat - Community Builder Team Member
Before posting on forums: Read FAQ thoroughly -- Help us spend more time coding by helping others in this forum, many thanks
CB links: Our membership - CBSubs - Templates - Hosting - Forge - Send me a Private Message (PM) only for private/confidential info
Please Log in to join the conversation.
17 years 9 months ago #17133
by fwd
Replied by fwd on topic Re:Confirmation link not working correctly
Hi Joomlapolis,
Im running Mambo 4.5.4, and CB 1.0RC2.
I had the same problem mentioned in this thread. Users register sucessfully and the registration email is sent to them.
However, upon clicking the Confirm Email link, They receive this message: "Your account is not yet active. Please check your email and follow the instructions to complete the registration process.".
I did a bit of debugging and it seems that in Mambo 4.5.2, mosGetParam( $_REQUEST, 'confirmcode', 1 ) will return 0, even though $_REQUEST contains the md5 hash of the user's id.
That is, when the user clicks the confirm link, eg: fijiwebdesign.com/index.php?option=com_comprofiler&task=confirm&confirmcode=e2ad76f2326fbc6b56a45a56c59fafdb
Comprofiler runs the following bit of code:
[code:1]
case "confirm":
confirm( mosGetParam( $_REQUEST, 'confirmcode', 1 ) );
break;
[/code:1]
Since Mambo 4.5.2's mosGetParam( $_REQUEST, 'confirmcode', 1 ) returns 0 and thus passes 0 to the confirm() function then the mysql query fails as there is no userid that md5 hashes to 0.
The temporary work around is to use:
confirm( mosGetParam( $_REQUEST, 'confirmcode', false ) );
So that is:
go to: yoursite/components/com_comprofiler/comprofiler.php and change line 94 from:
[code:1]confirm( mosGetParam( $_REQUEST, 'confirmcode', 1) );[/code:1]
to
[code:1]confirm( mosGetParam( $_REQUEST, 'confirmcode', false ) );[/code:1]
That should make it work.
After you've fixed the code above, you can use this bit of code to send out an email to all your unconfirmed members.
[code:1]case "confirm_notify":
// temporary, delete after use
$query = "select c.user_id as userid, u.name, u.email from #__users as u".
"\n left join #__comprofiler as c on (u.id = c.user_id)".
"\n where c.confirmed = 0";
$database->setQuery($query);
$rows = $database->loadObjectList();
if (count($rows) < 1) {
echo 'All users are confirmed, you are all set :«»)';
} else {
if ( mosGetParam( $_REQUEST, 'msg', false ) ) {
$message = mosGetParam( $_REQUEST, 'msg');
$subject = mosGetParam( $_REQUEST, 'subject', 'Notification');
foreach($rows as $row) {
$umsg = str_replace('{confirm_link}', sefRelToAbs('index.php?option=com_comprofiler&task=confirm&confirmcode='.md5($row->userid)), $message);
echo 'Email sent to: '.$row->name.' with email address: '.$row->email.'<br />';
mail("{$row->name} <{$row->email}>", $subject, $umsg);
}
echo 'All '.count($rows).' emails sent!<br />';
echo '<hr /><b>Summary</b><br />';
echo 'Subject:'.$subject.'<br />';
echo 'Message:'.$message.'<hr />';
} else {
global $mosConfig_live_site, $mosConfig_site_name;
$GLOBALS = $GLOBALS ? $GLOBALS : $mosConfig_sitename;
$GLOBALS = $GLOBALS ? $GLOBALS : $mosConfig_live_site;
?>
<form name="confirm_notify" method="post">
<fieldset>
<legend>Send an Email to all unconfirmed members of your site</legend>
<div>Subject: <input type="text" name="subject" value="Please Confirm your Registration" class="inputbox" /></div>
<div>Message: <textarea name="msg" rows="15" cols="50" class="inputbox">Dear Sir/Madam,
Recently you have tried to register at <?php echo $GLOBALS; ?>, <?php echo $GLOBALS; ?>.
We have noticed that your account registration has yet to be confirmed. This may be due to some technical problems that occured in the update of our website.
Please click on this link to confirm your registration:
{confirm_link}
Sorry for the inconvenience.
Regards,
<?php echo $GLOBALS; ?> Team.
</textarea></div>
</fieldset>
<fieldset>
Send message to (<?php echo count($rows); ?>«») users.
<input type="submit" name="send" value="Send" />
<input type="hidden" name="option" value="com_comprofiler" />
<input type="hidden" name="task" value="confirm_notify" />
<input type="hidden" name="act" value="Send" />
</fieldset>
</form>
<?php
}
}
break;[/code:1]
Add this on line 96 of comprofiler.php
Then go to www.example.com/index.php?option=com_comprofiler&task=confirm_notify
Where example.com is your website url.
That should save you quite a bit of time if you have alot of users who have registered and could not confirm their account. (Also useful for sending out a periodic reminder).
Note that {confirm_url} is converted to the confirmation link for the individual users getting the email. So dont change it.
The page is accessible by everyone however, so I'd recommend deleting the bit of code after use.
This does not pertain to the topic, but since the discussion is on the confirmation link I think I'd say it here.
The "confirmation code" is simply the md5 hash of the users id. This makes the hashing of the users id useless and the the challenge sent to the users email is useless also.
Its like sending the user a url such as:
example.com?index.php?option=com_comprofiler&task=confirm&confirmcode=[userid]
It makes the whole purpose of sending a chanllenge to the user email meaningless as a simple php script can be written to confirm every single userid on a comprofiler based website...
Simply something like:
[code:1]<?php
for($i = 63; $i < 100; $i++) {
$f = fopen("http://example.com?index.php?option=com_comprofiler&task=confirm&confirmcode=$i", 'r');
fclose($f);
}
?>[/code:1]
This will effectively confirm every email address from userid of 63-100.
Hopefully this could get fixed in the next release as it may be one of the reasons I get so many spammers registering on my site... I know other CB users have the same problem.
The whole purpose of a challenge is that it is randomly generated, and complex enough (low probability of being repeated) not to be "guessed" out. Not created out of the userid.
Post edited by: fwd, at: 2006/07/16 02:20
Im running Mambo 4.5.4, and CB 1.0RC2.
I had the same problem mentioned in this thread. Users register sucessfully and the registration email is sent to them.
However, upon clicking the Confirm Email link, They receive this message: "Your account is not yet active. Please check your email and follow the instructions to complete the registration process.".
I did a bit of debugging and it seems that in Mambo 4.5.2, mosGetParam( $_REQUEST, 'confirmcode', 1 ) will return 0, even though $_REQUEST contains the md5 hash of the user's id.
That is, when the user clicks the confirm link, eg: fijiwebdesign.com/index.php?option=com_comprofiler&task=confirm&confirmcode=e2ad76f2326fbc6b56a45a56c59fafdb
Comprofiler runs the following bit of code:
[code:1]
case "confirm":
confirm( mosGetParam( $_REQUEST, 'confirmcode', 1 ) );
break;
[/code:1]
Since Mambo 4.5.2's mosGetParam( $_REQUEST, 'confirmcode', 1 ) returns 0 and thus passes 0 to the confirm() function then the mysql query fails as there is no userid that md5 hashes to 0.
The temporary work around is to use:
confirm( mosGetParam( $_REQUEST, 'confirmcode', false ) );
So that is:
go to: yoursite/components/com_comprofiler/comprofiler.php and change line 94 from:
[code:1]confirm( mosGetParam( $_REQUEST, 'confirmcode', 1) );[/code:1]
to
[code:1]confirm( mosGetParam( $_REQUEST, 'confirmcode', false ) );[/code:1]
That should make it work.
After you've fixed the code above, you can use this bit of code to send out an email to all your unconfirmed members.
[code:1]case "confirm_notify":
// temporary, delete after use
$query = "select c.user_id as userid, u.name, u.email from #__users as u".
"\n left join #__comprofiler as c on (u.id = c.user_id)".
"\n where c.confirmed = 0";
$database->setQuery($query);
$rows = $database->loadObjectList();
if (count($rows) < 1) {
echo 'All users are confirmed, you are all set :«»)';
} else {
if ( mosGetParam( $_REQUEST, 'msg', false ) ) {
$message = mosGetParam( $_REQUEST, 'msg');
$subject = mosGetParam( $_REQUEST, 'subject', 'Notification');
foreach($rows as $row) {
$umsg = str_replace('{confirm_link}', sefRelToAbs('index.php?option=com_comprofiler&task=confirm&confirmcode='.md5($row->userid)), $message);
echo 'Email sent to: '.$row->name.' with email address: '.$row->email.'<br />';
mail("{$row->name} <{$row->email}>", $subject, $umsg);
}
echo 'All '.count($rows).' emails sent!<br />';
echo '<hr /><b>Summary</b><br />';
echo 'Subject:'.$subject.'<br />';
echo 'Message:'.$message.'<hr />';
} else {
global $mosConfig_live_site, $mosConfig_site_name;
$GLOBALS = $GLOBALS ? $GLOBALS : $mosConfig_sitename;
$GLOBALS = $GLOBALS ? $GLOBALS : $mosConfig_live_site;
?>
<form name="confirm_notify" method="post">
<fieldset>
<legend>Send an Email to all unconfirmed members of your site</legend>
<div>Subject: <input type="text" name="subject" value="Please Confirm your Registration" class="inputbox" /></div>
<div>Message: <textarea name="msg" rows="15" cols="50" class="inputbox">Dear Sir/Madam,
Recently you have tried to register at <?php echo $GLOBALS; ?>, <?php echo $GLOBALS; ?>.
We have noticed that your account registration has yet to be confirmed. This may be due to some technical problems that occured in the update of our website.
Please click on this link to confirm your registration:
{confirm_link}
Sorry for the inconvenience.
Regards,
<?php echo $GLOBALS; ?> Team.
</textarea></div>
</fieldset>
<fieldset>
Send message to (<?php echo count($rows); ?>«») users.
<input type="submit" name="send" value="Send" />
<input type="hidden" name="option" value="com_comprofiler" />
<input type="hidden" name="task" value="confirm_notify" />
<input type="hidden" name="act" value="Send" />
</fieldset>
</form>
<?php
}
}
break;[/code:1]
Add this on line 96 of comprofiler.php
Then go to www.example.com/index.php?option=com_comprofiler&task=confirm_notify
Where example.com is your website url.
That should save you quite a bit of time if you have alot of users who have registered and could not confirm their account. (Also useful for sending out a periodic reminder).
Note that {confirm_url} is converted to the confirmation link for the individual users getting the email. So dont change it.
The page is accessible by everyone however, so I'd recommend deleting the bit of code after use.
This does not pertain to the topic, but since the discussion is on the confirmation link I think I'd say it here.
The "confirmation code" is simply the md5 hash of the users id. This makes the hashing of the users id useless and the the challenge sent to the users email is useless also.
Its like sending the user a url such as:
example.com?index.php?option=com_comprofiler&task=confirm&confirmcode=[userid]
It makes the whole purpose of sending a chanllenge to the user email meaningless as a simple php script can be written to confirm every single userid on a comprofiler based website...
Simply something like:
[code:1]<?php
for($i = 63; $i < 100; $i++) {
$f = fopen("http://example.com?index.php?option=com_comprofiler&task=confirm&confirmcode=$i", 'r');
fclose($f);
}
?>[/code:1]
This will effectively confirm every email address from userid of 63-100.
Hopefully this could get fixed in the next release as it may be one of the reasons I get so many spammers registering on my site... I know other CB users have the same problem.
The whole purpose of a challenge is that it is randomly generated, and complex enough (low probability of being repeated) not to be "guessed" out. Not created out of the userid.
Post edited by: fwd, at: 2006/07/16 02:20
Please Log in to join the conversation.
Moderators: beat, nant, krileon
Time to create page: 0.259 seconds
