http://www.vbulletin.com/forum/showthread.php?t=68652&page=8&pp=15

Please look at my 3 posts from 116 - 119 in link above. I wasn't expecting a full blown bug but since I started talking about that code over there I finished with a bug report there instead of here. I'm pretty sure this is an issue, but please verify. Thanks.

Oops, forgot to mention that the problem with this bug is that if you change your email address before clicking on the activation link, what happens is that clicking on the later activation link will tell you that you can post but in fact you cannot because you will still be usergroup 3.

Here's the bug

starting line 547

if ($verifyemail and $email!=$bbuserinfo['email'] and ($bbuserinfo['usergroupid']!=5 and $bbuserinfo['usergroupid']!=6 and $bbuserinfo['usergroupid']!=7)) {
$newemailaddress=1;
// delete old activation id
$DB_site->query("DELETE FROM useractivation WHERE userid='$bbuserinfo[userid]' AND type=0");
// make random number
mt_srand ((double) microtime() * 1000000);
$activateid=mt_rand(0,100000000);
//save to DB
$DB_site->query("
INSERT INTO useractivation
(useractivationid, userid, dateline, activationid, type, usergroupid)
VALUES
(NULL, $bbuserinfo[userid], ".time().", '$activateid', 0, $bbuserinfo[usergroupid])
");
$username=unhtmlspecialchars($bbuserinfo['username']);
$userid=$bbuserinfo['userid'];
eval("\$message = \"".gettemplate("email_activateaccount_change",1,0)."\";");
eval("\$subject = \"".gettemplate("emailsubject_activateaccount_change",1,0)."\";");
vbmail($email, $subject, $message);
$bbuserinfo['usergroupid'] = 3;
} else {
$newemailaddress=0;
}


this should fix it although it doesn't do the trick for my purposes so it isn't tested. But if you have users complaining about not being able to get email verified, this might help:

change above code to

if ($verifyemail and $email!=$bbuserinfo['email'] and ($bbuserinfo['usergroupid']!=5 and $bbuserinfo['usergroupid']!=6 and $bbuserinfo['usergroupid']!=7)) {
$newemailaddress=1;
if ($bbuserinfo[usergroupid]==3){
$checkoldactivation = $DB_site->query_first("SELECT * FROM useractivation WHERE userid=$bbuserinfo[userid] and type=0");
$newuseractivation=$checkoldactivation[usergroupid];
}else{
$newuseractivation=$bbuserinfo[usergroupid];
}
// delete old activation id
$DB_site->query("DELETE FROM useractivation WHERE userid='$bbuserinfo[userid]' AND type=0");
// make random number
mt_srand ((double) microtime() * 1000000);
$activateid=mt_rand(0,100000000);
//save to DB
$DB_site->query("
INSERT INTO useractivation
(useractivationid, userid, dateline, activationid, type, usergroupid)
VALUES
(NULL, $bbuserinfo[userid], ".time().", '$activateid', 0, $newuseractivation)
");
$username=unhtmlspecialchars($bbuserinfo['username']);
$userid=$bbuserinfo['userid'];
eval("\$message = \"".gettemplate("email_activateaccount_change",1,0)."\";");
eval("\$subject = \"".gettemplate("emailsubject_activateaccount_change",1,0)."\";");
vbmail($email, $subject, $message);
$bbuserinfo['usergroupid'] = 3;
} else {
$newemailaddress=0;
}




I put in more lines than need be so you can understand what's going on with that whole snippet. Please do backups and testing and let everyone know if the fix worked. Wouldn't like to cause more problems than I solve.

Moved to Bugs for a Dev to confirm.

You can add the code in register php as a problem too:

starting line 666 !:eek: !!!


if ($HTTP_POST_VARS['action']=="emailcode") {

$users=$DB_site->query("SELECT
user.userid,user.usergroupid,username,email,passwo rd,activationid,
dateline, useractivation.usergroupid
AS pusergroupid
FROM user
LEFT JOIN useractivation
ON (user.userid=useractivation.userid AND type=0)
WHERE email='".addslashes(htmlspecialchars($email))."'");
if ($DB_site->num_rows($users)) {
while ($user=$DB_site->fetch_array($users)) {
if ($user[usergroupid]==3) {
// only do it if the user is in the correct usergroup
// make random number
mt_srand ((double) microtime() * 1000000);
$user[activationid]=mt_rand(0,100000000);
if ($user['dateline']=="") {
$DB_site->query(" INSERT INTO useractivation (
useractivationid, userid, dateline, activationid, type, usergroupid)
VALUES
(NULL, $user[userid], ".time().", '$user[activationid]', 0, 2) ");
Although the "2" is fine for default boards, it does not apply the fix that an extra field is put into the database for. It's a shame because the SELECT has the right variable but it wasn't added...instead of "2" it should say $users[pusergroupid] (untested)

Your post is a giant mess of code. Could you please highlight exactly what you've changed? There's no need to post that much code when reporting a bug.

I've been able to confirm this is as a bug. The original poster's report was a bit difficult to understand at first, so I've made an easy how-to, step-by-step list on how to reproduce the problem. I have not tested the suggested fix above.

This bug only affects installations where verification e-mails are enabled. Register a new account but do not follow the activation link sent via e-mail As the new user, modify your e-mail address via the user cp Follow the link in the e-mail address change verification e-mail (this should be the second e-mail you receive)vBulletin will report that the account is now active, however will retain the account in the Users Awaiting E-mail Activation usergroup (3).

I'll now examine the code and see if I can post a temporary, tested workaround that's a bit easier to understand than the above.

Best wishes,
Paul

I deleted my previous replies in favor of the following. I found another small bug related to the new fix in 2.3.0 regarding previous userids and added the appropriate code to support users manually moved into the Awaiting Activation usergroup (3). Complete instructions follow:

In member.php FIND:


if ($verifyemail and $email!=$bbuserinfo['email'] and ($bbuserinfo['usergroupid']!=5 and $bbuserinfo['usergroupid']!=6 and $bbuserinfo['usergroupid']!=7)) {
$newemailaddress=1;


INSERT the following AFTER the above:


// Bug fix: Unverified users placed in incorrect usergroup : http://www.vbulletin.com/forum/showthread.php?t=75852
if ($bbuserinfo['usergroupid']==3) {
$checkoldactivation = $DB_site->query_first("SELECT usergroupid FROM useractivation WHERE userid='$bbuserinfo[userid]' and type=0");
if (!$checkoldactivation) {
$pusergroupid = 2;
} else {
$pusergroupid = $checkoldactivation['usergroupid'];
}
} else {
$pusergroupid = $bbuserinfo['usergroupid'];
}
// End bug fix: Unverified users placed in incorrect usergroup


In member.php FIND:


$DB_site->query("
INSERT INTO useractivation
(useractivationid, userid, dateline, activationid, type, usergroupid)
VALUES
(NULL, $bbuserinfo[userid], ".time().", '$activateid', 0, $bbuserinfo[usergroupid])


REPLACE it with:


// Bug fix: Unverified users placed in incorrect usergroup : http://www.vbulletin.com/forum/showthread.php?t=75852
/*
$DB_site->query("
INSERT INTO useractivation
(useractivationid, userid, dateline, activationid, type, usergroupid)
VALUES
(NULL, $bbuserinfo[userid], ".time().", '$activateid', 0, $bbuserinfo[usergroupid])
");
*/
$DB_site->query("
INSERT INTO useractivation
(useractivationid, userid, dateline, activationid, type, usergroupid)
VALUES
(NULL, $bbuserinfo[userid], ".time().", '$activateid', 0, $pusergroupid)
");
// End bug fix: Unverified users placed in incorrect usergroup


In register.php FIND:


$usergroup=$DB_site->query_first("SELECT usertitle FROM usergroup WHERE usergroupid=2");


REPLACE it with:


// Bug fix: Unverified users placed in incorrect usergroup : http://www.vbulletin.com/forum/showthread.php?t=75852
/*
$usergroup=$DB_site->query_first("SELECT usertitle FROM usergroup WHERE usergroupid=2");
*/
$usergroup=$DB_site->query_first("SELECT usertitle FROM usergroup WHERE usergroupid=$user[usergroupid]");
// End bug fix: Unverified users placed in incorrect usergroup


In register.php FIND:


$DB_site->query("
INSERT INTO useractivation
(useractivationid, userid, dateline, activationid, type, usergroupid)
VALUES
(NULL, $user[userid], ".time().", '$user[activationid]', 0, 2)
");


REPLACE it with:


// Bug fix: Unverified users placed in incorrect usergroup : http://www.vbulletin.com/forum/showthread.php?t=75852
/*
$DB_site->query("
INSERT INTO useractivation
(useractivationid, userid, dateline, activationid, type, usergroupid)
VALUES
(NULL, $user[userid], ".time().", '$user[activationid]', 0, 2)
");
*/
if ($user['pusergroupid']=="") {
$user['pusergroupid'] = 2;
}
$DB_site->query("
INSERT INTO useractivation
(useractivationid, userid, dateline, activationid, type, usergroupid)
VALUES
(NULL, $user[userid], ".time().", '$user[activationid]', 0, '$user[pusergroupid]')
");
// End bug fix: Unverified users placed in incorrect usergroup

Sorry the code was jumbled, when I'm in middle of programming I tend to forget minor details like being able to speak normal English or how to communicate. ;)

Your fixes for both look correct to me.