Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Verify email link not working for newly registered user #5043

Open
samhibberd opened this issue Oct 3, 2019 · 5 comments

Comments

@samhibberd
Copy link

commented Oct 3, 2019

Description

Newly registered user not verified when visiting the link provided in the activation email. Digging into the code base see

$valid = Craft::$app->getSecurity()->validatePassword($code, $userRecord->verificationCode);
is returning false as the hashes do not match when checked using the password_verify in \yii\base\Security.

Steps to reproduce

  1. Register user via front end form (setting email and password)
  2. Visit the verify email link received by email.
  3. User not activated and redirects to the homepage (path supplied in config setting activateAccountSuccessPath)

Additional info

  • Craft version: 3.3.6
  • PHP version: 7.2
  • Database driver & version: MYSQL
  • Plugins & versions:
@brandonkelly

This comment has been minimized.

Copy link
Member

commented Oct 3, 2019

Did you recently change the blowfishHashCost config setting or something?

@samhibberd

This comment has been minimized.

Copy link
Author

commented Oct 4, 2019

Not the blowfishHashCost, we did change the tokenParam a few weeks back to support the PayPal gateway. Not sure that would impact. Not sure if the hash values would be of any use? They look to partially match, well the first 30 characters do.

@angrybrad

This comment has been minimized.

Copy link
Member

commented Oct 11, 2019

Did you recently upgrade the server's PHP version or install any new PHP extensions? The tokenParam shouldn't affect this.

@samhibberd

This comment has been minimized.

Copy link
Author

commented Oct 14, 2019

Locally yes 7.1 - 7.2, not sure about extensions, whatever the default install of Valet Plus (recently upgraded to latest). Although it's also not working in the staging environment, which is hosted with cloudways and has always been running 7.2.

@angrybrad

This comment has been minimized.

Copy link
Member

commented Oct 14, 2019

Weird... if you want to send some staging credentials (CP/SSH/database) over to support@craftcms.com, we can poke around a bit, but I'm a bit stumped from the description.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.