LoginRegister icon indicating copy to clipboard operation
LoginRegister copied to clipboard

Published 20 hours ago verified publisher icon ryancramerdesign

Doesn't seem to work on 3.0.177

Open TomS- opened this issue 7 years ago • 4 comments

No matter what I do I always get "Unable to complete confirmation, please re-register and try again" both with copying and pasting or clicking the link.

I'm using email to login.

TomS- avatar Nov 15 '18 13:11 TomS-

It seems that sessions are not being set. However, I can not figure out why. They seem to be set correctly in normal template files.

Between: $this->renderConfirmationForm($confirmationForm) and $this->processConfirmation() the $session data is being forgot. Returning $session in the renderConfirmationForm returns correctly. Returning it in processConfirmation returns nothing.

Edit: Settings this in renderConfirmationForm:

$this->sessionData = $this->wire('session')->getFor($this, '');
$this->wire('log')->error( $this->sessionData );

Returns the session array correctly.

In processConfirmation:

$this->wire('log')->error( $this->sessionData );

returns nothing. $this ≠ $this in processConfirmation?

Edit: Submitting buildConfirmationForm is causing issues with data?

TomS- avatar Nov 15 '18 15:11 TomS-

I just ended up bypassing the session stuff all together. I couldn't figure out why is was resetting. If anyone else wants to completely avoid the verify email stuff, here is a file that does that: LoginRegister.module.txt

TomS- avatar Nov 15 '18 16:11 TomS-

I just came across this, although it is working for me, my client keeps getting that error message when trying to register so I don't really understand why because I can't really debug what they are seeing. The only clue I have is this logged message:

This request was aborted because it appears to be forged. (in /wire/core/SessionCSRF.php line 191)

Maybe this is happening because the client was logged into their admin account at the time they followed the confirm link from the email?

I am running 3.0123 on this site. @TomS- what version of PW are you running? 3.0.177 doesn't exist yet :)

adrianbj avatar Jan 24 '19 17:01 adrianbj

Actually, I think this might be a case of different browsers - user registers with one, but their email clients spawns a different one. I think this security measure is good in principle, but is too aggressive and will cause problems for quite a few users.

adrianbj avatar Jan 24 '19 18:01 adrianbj