Email confirmation functionality

[EHM-0641 Rico]

Hey Murray, I tested it out and this is what I get:

Sorry, but the confirmation code you just submitted does not match the data we have on record for you.

Unless you have already confirmed your email address, this should be impossible. Please contact Bruno Falcao directly about this matter.

I checked my Pilot Profile again to be sure, but the 'Confirm Email' Button was still there

Any suggestions??

[EHM-1617 Iain]

Same:

Sorry, but the confirmation code you just submitted does not match the data we have on record for you.

Unless you have already confirmed your email address, this should be impossible. Please contact Bruno Falcao directly about this matter.

[EHM-0654 Murray]

Yes, happened for Ben as well last night. Every time I've tested it myself, and following backed maintenance for Ben, it's worked without issue.

I've cleared away all the cruft that gets left in the database; can I ask you both to try again? If it still doesn't work, I'll have to manually set the confirmed flag for you.

Everyone else: I know that the error webpage currently says speak to Bruno, but it will make things easier if you talk to me. Use this thread or email me directly (murray@fly-euroharmony.com) and I'll do for you what I'm doing for Rico and Iain.

[EHM-1703 Philip]

Sorry Murray, I am getting the same problem.

[EHM-0641 Rico]

Allright, hold on lemme try ! [03:37]

*EDIT* : [03:39]

Still the same m8:

Sorry, but the confirmation code you just submitted does not match the data we have on record for you.

Unless you have already confirmed your email address, this should be impossible. Please contact Murray Crane directly about this matter (or post a message in the forum on this thread. Please include the following DEBUG values in any correspondence.

DEBUG: timestamp 19691231170000


DEBUG: pID


DEBUG: emailaddr


DEBUG: eID


DEBUG: ohash (çça}5]$rö‚2


DEBUG: nhash _¸Ÿ­„ß;*¼|r_éºÌk|


*Uhm, *EDIT* Again* : [03:43]

I logged in on EHM and clicked the link again, and then clicked the link in the new email again, and this time I got this:

Email address confirmed

Thank you.

Feel free to close this window whenever you feel like it.


And the link in my Pilot Profile is gone ..

[EHM-1703 Philip]

Yeah, mine worked as well on the second attempt. Pls disregard my earlier post Murray.

[EHM-0654 Murray]

Originally posted by EHM-0641
DEBUG: pID
DEBUG: emailaddr
DEBUG: eID

Email address confirmed

Glad it worked in the end Rico, but I'm very concerned about those three debug values being blank... Looks like there may be a problem after all.

EVERYONE I'll mod the post-confirmation page again in a wee while (I'm at work now, so have to do such things with great care), but if you go through the process and it doesn't work first time, follow this modified method:

• Log in on the main website home page.
• Click on the "Confirm Email" link on your pilot page.
• Once your pilot page reloads, go back to the main website home page and log out.
• Wait patiently for the new confirmation email to arrive.
• Click on the URL in the new confirmation email.
• Let me know if it still doesn't work.

[EHM-0654 Murray]

Everyone

In an effort to nail the problems in the email confirmation code for existing pilots, I've modified my code a little.

First-off, I've changed the field used to identify you to the script that sends you the confirmation email. I'm hoping this will put a stop to the blank DEBUG values Rico saw (and possibly a few more of you...)

Second, it sends me a debugging email for every email it sends y'all, which should give me some insight as to what exactly is going on. With all the extra debugging that I've now added, getting it totally fixed should be easy.

Bruno

While I've been working on the DB trying to debug the problems, I noticed you'd somehow managed to put a pair of confirmation records into the DB (thought I'd prevented it doing that, clearly not...). I've removed the oldest one; the newest one should still work...

[EHM-0654 Murray]

OK...

I still don't know the why of what's going wrong, but I'm getting a hang on the what.

It seems like the wrong timestamp is issued occassionally - the timestamp that goes into the database isn't always the same as the timestamp that is used to calculate the SSHA hash (that long string of "gibberish" at the end of the URL that is emailed out) even though it's the same variable in the same source file.

I've seen this a few times now, but there's no reason in the code why that should be the case. Only course I can suggest at this juncture is if it doesn't work for you, wait a few minutes and try again... (Bruno, that means you too

BTW: I've pulled all the additional debug information out of the page you see after clicking the URL that is emailed to you. I've built myself a special webpage elsewhere that recreates what that page you see does on-the-fly, and see everything that is going on that is otherwise hidden, so the debugging information on that page is redundant.

[EHM-1617 Iain]

The 'modified method' worked for me. Using the 'still logged in method' which I tried first didn't work.

[EHM-0654 Murray]

A fruitful lunchtime of playing around and watching what happens leads me to believe that part of the problem may have been the way I was encoding/decoding the hash for "URL transportation". I've tweaked this particular section of the code and again, it's working repeatedly for me.

I think (fingers crossed) that it is now 100% A1 fixed and working for everyone, but I'll need some more tests to be sure.

[EHM-0654 Murray]

Just a quick update. All the confirmation debugs I've received since my previous post have tested successfully in my special test page, so I am now pretty happy that I've gotten the bug(s) out of it now. I'll just need to back-port the changes into the new pilots code tonight and it'll all be good.

EDIT I've amended the code so that you'll only ever have a single record in the confirmation database, and despite my best efforts it seems as though every once in a while the confirmation code sends out a duff hash (one that will never work). Just reclick the "Confirm Email" button if it doesn't work for you first time.

[EHM-0654 Murray]

Further update: I am certain I know what the problem is (was) now, and the change I've just made definitely appears to have fixed it. I ran three tests back-to-back and all three worked fine.

For the developers out there, beware of how you encode hashes in PHP (I'd hazard a guess that's any variety of hash. I'm using SSHA (SHA1+salt), but I suspect the same holds true for plain SHA1 and MD5). If the hash contains any of the usual URL suspects (definitely "/" and "\", and probably "+" as well), if it's not encoded correctly it'll break in transit. That, basically, is what was happening some of the time with the old code. The new code takes a "standard" SSHA hash and rawurlencode()s it before adding it to the email. As I say, that seems to work unlike all my previous attempts.

And if you've never heard of SSHA before, look for the comment from "alex at milivojevic dot org 28-Apr-2005 06:45" in the function definition for SHA1 on your local PHP website mirror.

[EHM-0588 Paul]

After clicking on the Confirm Email button yesterday, not much happend in my mailbox and the pilot profile still show the message "You have an email confirmation attempt under way" today.

I am not sure if this is a bug. I haven't been here since summer 2004 so it could also be that the confirmation mail has been sent to an email adres that is no longer vallid. e.g. my old euroharmony adres from the time that i was in the management.

[EHM-0654 Murray]

Originally posted by Paul Soetens
After clicking on the Confirm Email button yesterday, not much happend in my mailbox and the pilot profile still show the message "You have an email confirmation attempt under way" today.

I am not sure if this is a bug. I haven't been here since summer 2004 so it could also be that the confirmation mail has been sent to an email adres that is no longer vallid. e.g. my old euroharmony adres from the time that i was in the management.

Paul, correct. From the email I get every time a confirmation attempt begins:-

Code: [Select]

pID 89
pilotid 0588
email paul@euroharmony.com
timestamp 20060424154020

I am going to put a "Change email address" (and a few other fields too...) function into the pilot homepage but if you email me (murray@fly-euroharmony.com) directly from your current email address, I'll go into the database and correct it manually, prior to the bigger changes going ahead.

[EHM-1671 Ben]

Yeah, I have the same problem as Paul. What can be done about this?

[EHM-0654 Murray]

Originally posted by Roger_Wilco
Yeah, I have the same problem as Paul. What can be done about this?

Wrong email address? Email or U2U me your correct email address and I'll fix the database. Your address is currently given as "roswell7 AT ihug DOT co DOT nz" in the database, but I've not seen any debug emails with your email address in yet Ben...

Just to let everyone know, I'm going to implement the "Modify personal information" code for pilots this weekend, and the Email confirmation/PIREP code next weekend.