| Author |
 Topic Search  Topic Options
|
psycotik 
Groupie
Joined: 27 November 2003
Status: Offline
Points: 73
|
 Post Options
 Thanks(0)
 Quote  Reply
 Topic: Registration bug 7.9
Posted: 16 August 2005 at 6:36am |
|
I've got a forum of 2000+ users. Quite often they are saying their activation doesnt work.
What i've traced it down to is the User_code in tblAuthor is different
in the email they get sent and in their corresponding record in the
database, so the activation is failing. Its not all of the users, maybe
5% or so that it's happening to.
I did a quick search and couldnt find anything. Is this an addressed
issue in one of the releases? Because my forum is mod'd i'd prefer to
just fix that exact issue than re-doing all the files.
|
 |
dpyers
Senior Member
Joined: 12 May 2003
Status: Offline
Points: 3937
|
Post Options
Thanks(0)
Quote Reply
Posted: 16 August 2005 at 11:12am |
|
If they request re-activation, does it work then?
I think that there was a problem when people would sign up, and then
get their activation email and click on the activation link without
closing the original sign up browser session.
|
Lead me not into temptation... I know the short cut, follow me.
|
|
psycotik
Groupie
Joined: 27 November 2003
Status: Offline
Points: 73
|
Post Options
Thanks(0)
Quote Reply
Posted: 17 August 2005 at 6:23am |
|
I dont think that many people would do that. It seems to happen to quite a large number of members.
|
|
JJLatWebWiz
Groupie
Joined: 02 March 2005
Location: United States
Status: Offline
Points: 136
|
Post Options
Thanks(0)
Quote Reply
Posted: 17 August 2005 at 12:38pm |
Have you seen any of the activation emails that have mismatched user_codes? How significant is the difference between the stored user_code and the emailed user_code? Can you provide an example or 2?
The only registration problems I've had are the result of the JMail ISO Subject bug causing registration emails to be blocked as spam.
|
|
psycotik
Groupie
Joined: 27 November 2003
Status: Offline
Points: 73
|
Post Options
Thanks(0)
Quote Reply
Posted: 19 August 2005 at 7:07am |
|
Email:
User714EFA3436
Database:
UserZ5ZD8E4B96
I have a screenshot of the URL so i'm definate about the code.
|
|
JJLatWebWiz
Groupie
Joined: 02 March 2005
Location: United States
Status: Offline
Points: 136
|
Post Options
Thanks(0)
Quote Reply
Posted: 21 August 2005 at 11:49pm |
Here's my first guess: those few users are actually double-clicking the Submit button or clicking a second time on the Submit button at just the right moment that causes the "register.asp" to think that the user name isn't yet registered and allows the user_code to be created again for the email. I haven't been able to duplicate the problem to test my guess, but there may be some special condition the server must be in to duplicate the problem. I tested it on SQL, and maybe Access is more susceptable.
After a cursory review of register.asp, during the new user registration process, the user_code is generated just one time to be written into the database and for the activation email. The user_code is rebuilt during an account update, and maybe that's why a double-clicked submit button under certain circumstances causes a second user_code generation. Though it seems like the user would get multiple emails, and at least one of them would have the correct user_code.
Perhaps there should be a javascript to disable the submit button when it is first pressed to prevent a double-click.
|
|
wistex
Mod Builder Group
Joined: 30 August 2003
Location: United States
Status: Offline
Points: 877
|
Post Options
Thanks(0)
Quote Reply
Posted: 28 August 2005 at 1:48pm |
Doesn't it get changed when you logout too? I thought the user_code was also used to force a re-login on remote machines you forgot to logout of. I may be thinking of something different, but I remember that was implemented so that you could log yourself out of someone else's machine remotely if you forgot to logoff while you were there. If someone tried to use that computer with you still logged in, it would ask them to login again since the user_code in their cookie no longer matched the one in the database.
|
|
|
|
JJLatWebWiz
Groupie
Joined: 02 March 2005
Location: United States
Status: Offline
Points: 136
|
Post Options
Thanks(0)
Quote Reply
Posted: 29 August 2005 at 10:50am |
 wistex wrote:
Doesn't it get changed when you logout too? I thought the user_code was also used to force a re-login on remote machines you forgot to logout of. I may be thinking of something different, but I remember that was implemented so that you could log yourself out of someone else's machine remotely if you forgot to logoff while you were there. If someone tried to use that computer with you still logged in, it would ask them to login again since the user_code in their cookie no longer matched the one in the database. |
That may be true. I wasn't aware of it and I have only just begun looking at anything beyond 7.01, so maybe it's a new feature. But even if that's the case, it doesn't happen during the registration process. So I'm sticking with my theory that it relies on a user either double-clicking the submit button or otherwise clicking it a second time before the screen changes AND while the server is in just the right state to allow a second submission with the same username. I think this also might only happen on a busy site with multiple registrations taking place at the same time. It may also only be an Access problem.
What do you think?
|
|
