Paul
Wed 25th Jun '03, 4:26pm
Hi,
When a new user registers on a vB2.x forum and e-mail verification e-mails are enabled, a unique random number is generated called the activation id. This number is created as follows:
if ($verifyemail) {
// make random number
mt_srand ((double) microtime() * 1000000);
$activateid=mt_rand(0,100000000);
This number is then stored in the useractivation table along with the new user's userid and the dateline.
In approximately three instances thusfar over a period of two years, I have seen users complain that they were not able to activate their accounts trying both the link and filling out the activation form. Each time, I requested that the user forward me the activation e-mail they received and verified that clicking the link in the supplied e-mail would not activate the account.
The matter was resolved by resending the activation codes via the admin cp, which in fact, generates a new activation id for the user.
The same thing occured today, however I decided to examine it a bit further and look at the values in the useractivation table and compare them to the e-mail the user received. The activation ids were completely different:
The link in the e-mail: register.php?a=act&u=<userid>&i=26424750 (where <userid> was the userid of the user in question)
The value of activationid in the database: 41375
I don't see anything in the code itself that could explain such a discrepancy. The only odd thing I've noticed thusfar is that the activationid column is char(20)... certainly not an int field, but I'm not sure what affects if any that would have on any of this.
I'm verifying now with the user that they did not attempt to resend the activation e-mail prior to contacting me (the only explanation I can think of). Should that be the case, I will flog the user with a cane.
When a new user registers on a vB2.x forum and e-mail verification e-mails are enabled, a unique random number is generated called the activation id. This number is created as follows:
if ($verifyemail) {
// make random number
mt_srand ((double) microtime() * 1000000);
$activateid=mt_rand(0,100000000);
This number is then stored in the useractivation table along with the new user's userid and the dateline.
In approximately three instances thusfar over a period of two years, I have seen users complain that they were not able to activate their accounts trying both the link and filling out the activation form. Each time, I requested that the user forward me the activation e-mail they received and verified that clicking the link in the supplied e-mail would not activate the account.
The matter was resolved by resending the activation codes via the admin cp, which in fact, generates a new activation id for the user.
The same thing occured today, however I decided to examine it a bit further and look at the values in the useractivation table and compare them to the e-mail the user received. The activation ids were completely different:
The link in the e-mail: register.php?a=act&u=<userid>&i=26424750 (where <userid> was the userid of the user in question)
The value of activationid in the database: 41375
I don't see anything in the code itself that could explain such a discrepancy. The only odd thing I've noticed thusfar is that the activationid column is char(20)... certainly not an int field, but I'm not sure what affects if any that would have on any of this.
I'm verifying now with the user that they did not attempt to resend the activation e-mail prior to contacting me (the only explanation I can think of). Should that be the case, I will flog the user with a cane.