tags:

views:

182

answers:

2

Hi, We've created the email validation part of our site. We built the site using CakePHP BTW.

The problem is that it doesn't work when we click on the link in the email. The email is sent as plain text.

A weird thing is that when we paste the link on the address bar, it works. Also when clicking on the link using Gmail and desktop email clients, it works as well. Other email providers doesn't work.

EDIT:

Additional info:

Example link for the validation: http://localhost/users/validate/validatecodeblah12c023

When it's working it should login the user and redirect to the user dashboard.

It goes to the front page when it's not working (see description above).

Additional info 2:

I did compare the results using Live HTTP headers and I found out that the only time it doesn't push through (goes to the login page for some reason) is when there's a 'Referrer: h ttp://mail.yahooblahblah...' Gmail for some reason doesn't have a 'Referer' line in it's headers.

A: 

Still a very vague question, but here goes:

  • the link is okay, you have verified that it works by copy and pasting
  • it works when you click on it in some email clients
  • ergo, again, the link is okay

This leaves the case that you can't click on it in some email clients. Since you're not linking the text yourself but are sending in plain-text, it's the email client doing the linking automatically. There may be characters in the URL that throw the email client off:

http://example.com/users/validate/1j423-k1j234-nc183&$+-123894
-----------------------------------------------------

All the weird characters may be part of the URL, but the email clients gets confused and thinks the part after the $ character doesn't belong to the URL anymore and only links up to that part. Hence when clicked the link will be different and possibly invalid. Solution: use simpler characters or urlencode them.

Maybe it's also just that the link gets line-wrapped, which breaks the automatic linking. In that case, re-layout the email or use a shorter URL.

deceze
the validation code is an md5/sha1 + salt hash. will it still make the link invalid using the characters in the hash?
bakerjr
The link is not necessarily *invalid*, it might just trip email clients up for one reason or another. Without any more details it's hard to give any better answers.
deceze
AFAIK, the browser doesn't care about the origination of the link (click or pasting) when it sends the request. Are you sure that you have a valid link that's not getting truncated by the email client (as described by deceze)? It you feed an invalid URL in to your app, you may have it redirect to the home page, which is why you're seeing that behavior. Try using FF plugin Live HTTP headers to see what the actual original request is that you're issuing, to see if deceze is correct about the email clients not including "invalid" characters.
Travis Leleu
Or simply, instead of clicking on the link in the email client, **right-click** on it and select **Copy link** (most email clients/browsers have that option), then compare it to the plain text link.
deceze
I did compare the results using Live HTTP headers and I found out that the only time it doesn't push through (goes to the login page for some reason) is when there's a 'Referrer: http://mail.yahooblahblah...' Gmail for some reason doesn't have a 'Referer' line in it's headers.
bakerjr
@bakerjr In this case your app is filtering out external referrers? Do you have any aggressive security filters in place? (I don't think the built-in SecurityComponent would act like this, it'd just 404 the request.)
deceze
@deceze it seems to be that way. Nope I don't have additional security filters.
bakerjr
A: 

This might sound silly but are you using Auth component and have added validate action on your allowed action?

You should have $this->Auth->allow(array('validate')); on your beforeFilter on UsersController

A friend of mine had the same problem. He's testing it on browser where he's authenticated in and of course it would work. But testing on different browser, it redirected him to the login page.

jpdelatorre