tags:

views:

182

answers:

2
Q: 

CakePHP: email validate action doesn't work when clicking on the email link

Hi, We've created the email validation part of our site. We built the site using CakePHP BTW.

The problem is that it doesn't work when we click on the link in the email. The email is sent as plain text.

A weird thing is that when we paste the link on the address bar, it works. Also when clicking on the link using Gmail and desktop email clients, it works as well. Other email providers doesn't work.

EDIT:

Additional info:

Example link for the validation: http://localhost/users/validate/validatecodeblah12c023

When it's working it should login the user and redirect to the user dashboard.

It goes to the front page when it's not working (see description above).

Additional info 2:

I did compare the results using Live HTTP headers and I found out that the only time it doesn't push through (goes to the login page for some reason) is when there's a 'Referrer: h ttp://mail.yahooblahblah...' Gmail for some reason doesn't have a 'Referer' line in it's headers.

A: 

Still a very vague question, but here goes:

  • the link is okay, you have verified that it works by copy and pasting
  • it works when you click on it in some email clients
  • ergo, again, the link is okay

This leaves the case that you can't click on it in some email clients. Since you're not linking the text yourself but are sending in plain-text, it's the email client doing the linking automatically. There may be characters in the URL that throw the email client off:

http://example.com/users/validate/1j423-k1j234-nc183&$+-123894
-----------------------------------------------------

All the weird characters may be part of the URL, but the email clients gets confused and thinks the part after the $ character doesn't belong to the URL anymore and only links up to that part. Hence when clicked the link will be different and possibly invalid. Solution: use simpler characters or urlencode them.

Maybe it's also just that the link gets line-wrapped, which breaks the automatic linking. In that case, re-layout the email or use a shorter URL.

deceze  2010-01-20 08:55:06
the validation code is an md5/sha1 + salt hash. will it still make the link invalid using the characters in the hash?
bakerjr  2010-01-20 09:14:55
The link is not necessarily *invalid*, it might just trip email clients up for one reason or another. Without any more details it's hard to give any better answers.
deceze  2010-01-20 09:39:49
AFAIK, the browser doesn't care about the origination of the link (click or pasting) when it sends the request. Are you sure that you have a valid link that's not getting truncated by the email client (as described by deceze)? It you feed an invalid URL in to your app, you may have it redirect to the home page, which is why you're seeing that behavior. Try using FF plugin Live HTTP headers to see what the actual original request is that you're issuing, to see if deceze is correct about the email clients not including "invalid" characters.
Travis Leleu  2010-01-20 16:44:32
Or simply, instead of clicking on the link in the email client, **right-click** on it and select **Copy link** (most email clients/browsers have that option), then compare it to the plain text link.
deceze  2010-01-21 03:28:23
I did compare the results using Live HTTP headers and I found out that the only time it doesn't push through (goes to the login page for some reason) is when there's a 'Referrer: http://mail.yahooblahblah...' Gmail for some reason doesn't have a 'Referer' line in it's headers.
bakerjr  2010-01-21 04:11:57
@bakerjr In this case your app is filtering out external referrers? Do you have any aggressive security filters in place? (I don't think the built-in SecurityComponent would act like this, it'd just 404 the request.)
deceze  2010-01-21 04:52:27
@deceze it seems to be that way. Nope I don't have additional security filters.
bakerjr  2010-01-22 03:45:38
A: 

This might sound silly but are you using Auth component and have added validate action on your allowed action?

You should have $this->Auth->allow(array('validate')); on your beforeFilter on UsersController

A friend of mine had the same problem. He's testing it on browser where he's authenticated in and of course it would work. But testing on different browser, it redirected him to the login page.

jpdelatorre  2010-01-23 11:55:43

related questions

I ALMOST understand how email works, but I'm missing something.
Sending Email in .NET Through Gmail
MS hotfix delayed delivery.
How to send email from a program _without_ using a preexisting account?
Email SMTP validator
Maximum length of a MIME Content-Type header field?
If email is not the answer then what is?
Accessing an Exchange Server without Outlook
Recommendations for a .NET component to access an email inbox
Email queueing in php
How do I open the default mail program with a Subject and Body in a cross-platform way?
How do I send a file as an email attachment using Linux command line?
Read from .msg files
What was your biggest mistake involving programmatically sending email?
Good email service for bulk emailing
parsing raw email in php
Is there any wiki engine that supports page creation by email?
Sending emails without looking like spam
What's in your .procmailrc
Why won't Entourage work with Exchange 2007?
Can I use JavaScript to create a client side email?
E-mail Notifications
Is a "Confirm Email" input good practice when user changes email address?
MAPI and managed code experiences?
How do you make sure email you send programmatically is not automatically marked as spam?