Give a different error message for an expired registration key than for an invalid registration key

Bug #1246547 reported by Aaron Wells on 2013-10-31
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Valerii Kuznetsov

Bug Description

In the optional self-registration process, users can fill in their email address to register an account, and then Mahara sends them an email with a registration link in it that contains a unique key. They click on that in order to complete the registration process.

The problem is that the code for this checks on two conditions at once, and prints out only one error message for both of them.

    if (!$registration = get_record_select('usr_registration', '"key" = ? AND expiry >= ? AND pending != 1', array($key, db_format_timestamp(time())))) {
        die_info(get_string('registrationnosuchkey', 'auth.internal'));

... and ...

 $string['registrationnosuchkey'] = 'Sorry, there does not seem to be a registration with this key. Perhaps you waited longer than 24 hours to complete your registration? Otherwise, it might be our fault.';

In there seems to be a case where the registration key is bad, but the error message confuses matters by making it seem as if it's a time-related issue. It would be a simple and useful step to change this into two checks instead.

1. Attempt to retrieve the usr_registration record with the matching key.

2. If no record is found, print an error message saying we don't have a key that matches your link, perhaps your email program mangled it?

3. If a usr_registration record is found, compare the value of its "expiry" field with current server time, and if it has expired show the user the message that says "sorry, this key has expired."

Aaron Wells (u-aaronw) on 2013-10-31
summary: - Give a separate error message for an expired registration key or an
- invalid registration key
+ Give a different error message for an expired registration key than for
+ an invalid registration key

Is there maybe the possibility to shorten that link? We've had issues in the past where some email clients put a line break in the link and thus simply clicking it didn't give the proper result. A link that spans two lines is problematic.

Changed in mahara:
assignee: nobody → Valerii Kuznetsov (valerii-kuznetsov)
status: Confirmed → Fix Committed

Valerii: Did you mean to set the status to "In Progress"?

Changed in mahara:
status: Fix Committed → In Progress

Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 4d7f2bcb071dd7fa997fb9cb9ddfbf33cac43552
Author: Valerii Kuznetsov <email address hidden>
Date: Tue Feb 4 15:52:59 2014 +1300

Different error message for an expired registration key (Bug #1246547)

Expiry check moved from DB clause to PHP code with different message display.

Change-Id: I9e949ccc08066b659c17f4b9c901d2c98a54ee2d
Signed-off-by: Valerii Kuznetsov <email address hidden>

Robert Lyon (robertl-9) on 2014-02-09
Changed in mahara:
status: In Progress → Fix Committed
milestone: none → 1.9.0
Robert Lyon (robertl-9) on 2014-04-22
Changed in mahara:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers