Skip to:
Content

Opened 9 years ago

Closed 9 years ago

Last modified 9 years ago

#1078 closed defect (bug) (no action required)

Incorrect activation link in activate e-mail

Reported by: jdaviescoates Owned by:
Milestone: 1.1 Priority: critical
Severity: Version:
Component: Keywords:
Cc:

Description

eg.

To activate your user, please click the following link:

http://studentsofsustainability.net/activate?key=1874e6c88a8c0839

After you activate, you will receive *another email* with your login.

Rather than

To activate your user, please click the following link:

http://studentsofsustainability.net/wp-activate.php?key=1874e6c88a8c0839

After you activate, you will receive *another email* with your login.

Attachments (1)

activation.png (82.5 KB) - added by jdaviescoates 9 years ago.
Screenshot of my failed activation

Download all attachments as: .zip

Change History (11)

#1 @jdaviescoates
9 years ago

  • Priority changed from major to critical

#2 @jdaviescoates
9 years ago

I've just had a look in bp-core-activation.php and notice it says:

/***
 * bp_core_disable_welcome_email()
 *
 * Since the user now chooses their password, sending it over clear-text to an
 * email address is no longer necessary. It's also a terrible idea security wise.
 */
function bp_core_disable_welcome_email() {
        return false;
}
add_filter( 'wpmu_welcome_user_notification', 'bp_core_disable_welcome_email' );

?>

Hmz, maybe this is half done in 1.1rc and is part of the problem I've reported above? If one manaully changed the activation link to include wp- and .php then it works, but it sets new password (not the one chosen at registration) and e-mails it out.

/me is confused.

#3 @johnjamesjacoby
9 years ago

Does the first activation link not actually activate the account for you? If not then there's a problem on your end of the installation.

Since the user sets their own password, the welcome notification shouldn't send out an email with another new password.

From my tests on a correctly installed setup, this *should* be working just fine as it is?

#4 @apeatling
9 years ago

  • Resolution set to invalid
  • Status changed from new to closed

If you have the bp-default theme activated on your root blog, this is the correct link.

The password will not be resent out since sending a password over clear text is not a good idea, and you are setting your own password anyway.

#5 @apeatling
9 years ago

The above function posted by jjj runs *after* the user has activated, not before.

#6 @jdaviescoates
9 years ago

No, the first activation link does not actually activate the account.

I'd test again but right now it appears no e-mail is getting sent at all....

@jdaviescoates
9 years ago

Screenshot of my failed activation

#7 @jdaviescoates
9 years ago

OK, just tested again.

E-mail arrived, but activation didn't work (see http://trac.buddypress.org/attachment/ticket/1078/activation.png )

#8 @jdaviescoates
9 years ago

The activation e-mail was as follows:

To activate your user, please click the following link:

http://studentsofsustainability.net/activate?key=4c69324ae127bc7a

After you activate, you will receive *another email* with your login.

Even if the link is supposed to work, the last line is wrong, isn't it? i.e. *another email* witht login is not supposed to be sent, right?

#9 follow-up: @jdaviescoates
9 years ago

I wonder, could my problem have something to do with the fact I'm on lighttpd rather than apache? Something to do with rewrite rules?

#10 in reply to: ↑ 9 @jdaviescoates
9 years ago

Replying to jdaviescoates:

I wonder, could my problem have something to do with the fact I'm on lighttpd rather than apache? Something to do with rewrite rules?

Yes, this was it.

I had followed the instructions here:
http://blog.nix.is/lighttpd-rewrite-rules-for-wordpress

This mean that my rewrite rules we contain in /etc/lighttpd/wpmu-rewrite.conf

I did have:

server.error-handler-404 = "/index.php"
url.rewrite-once = (
    "^/(.*/)?files/$" => "/index.php",
    "^/(.*/)?files/(.*)" => "/wp-content/blogs.php?file=$2",
    "^(/wp-admin/.*)" => "$1",
    "^/([_0-9a-zA-Z-]+/)?(wp-.*)" => "/$2",
    "^/([_0-9a-zA-Z-]+/)?(.*\.php)$" => "/$2",
)

Then, going back to the original instructions I followed the link to their source:
http://mu.wordpress.org/forums/topic/3901

Where I found:

url.rewrite-once = (
"^/(.*)?/?files/$" => "index.php",
"^/(.*)?/?files/(.*)" => "wp-content/blogs.php?file=$2",
"^/(wp-.*)$" => "$1",
"^/([_0-9a-zA-Z-]+/)?(wp-.*)" => "$2",
"^/([_0-9a-zA-Z-]+/)?(.*\.php)$" => "$2",
"(\?.*)$" => "index.php$1",
"." => "index.php"
) 

I edited my wpmu-rewrite.conf file with two lines I didn't have and now THIS IS MY WORKING CODE:

server.error-handler-404 = "/index.php"
url.rewrite-once = (
    "^/(.*/)?files/$" => "/index.php",
    "^/(.*/)?files/(.*)" => "/wp-content/blogs.php?file=$2",
    "^(/wp-admin/.*)" => "$1",
    "^/(wp-.*)$" => "$1",
    "^/([_0-9a-zA-Z-]+/)?(wp-.*)" => "/$2",
    "^/([_0-9a-zA-Z-]+/)?(.*\.php)$" => "/$2",
    "(\?.*)$" => "index.php$1",
    "." => "index.php"
)

Note: See TracTickets for help on using tickets.