User validation/authentication for phplist signup/registration -confirmation URL

tsmith · November 6, 2018, 2:41am

Hi.

Hope this helps someone.

Over the weekend (few days ago) tried to signup/register to the phplist.org site.

The confirmation email provides a confirmation URL.

Selecting the confirmation URL generates the confirmation page, which expects a “confirmation/validation” key. This key is not listed in the email, but the key is in the URL!!! if a user does a copy/paste of the long string of alpha-numeric chars in the URL

https://www.phplist.org/activate/C4Q4HHZuSULMQJJbBN6VpGHUKWiuUleo/

like >>>>> C4Q4HHZuSULMQJJbBN6VpGHUKWiuUleo

and inserts this in the activation key dialog, the app validates the user and all is good.

Appears to be an err in the logic somewhere!

samtuke · November 12, 2018, 7:48pm

Thanks @tsmith Yes we’ve been chasing this upstream at Buddypress (the wordpress plugin that handles this) in this thread: https://buddypress.org/support/topic/users-are-asked-for-activation/#post-279396

It looks like the Buddypress system changed so we’ll have to adapt our template for the email. Work in progress; stay tuned.