CUNY Academic Commons

Has someone provided you with an email that didn't contain the activation key (or an invalid key)?

I haven't looked through the BP code, but the WP activation only gives that message when the key is not a valid key (ie. does not match any of the activation keys stored in the wp_signup table).

"If you'd like, I can forward the email message itself to you . . . ."

Please do :)

Sent! I guess we're now tackling two issues in this ticket -- the specific error that this prospective member encountered, and the more general issue of providing more descriptive error messages. Perhaps we should separate them, but in the near-term, I'd like to find a solution for this member.

My guess: the account was already activated, so the member just needs to login and/or request a new password.

Matt's right that the account was already activated. This looks like a shortcoming in BP and should be addressed there: http://trac.buddypress.org/ticket/2784

Sure thing! I'll start working on it now. Is the way to try and produce it to create an account, get the activation message and click on it, then click on it again?

When I try to click the activation link for an already active user from an email generated by the "Add User" page for admins, I get this error - "The user is already active." So things seem okay there, but it might be nice to add more info - like the username that was created (if that isn't poor security practice) and/or a link to the forgot password page.

However, when I try to register myself with a non-CUNY email address and a manually created activation code, I get the email but when I click the activation link I get an ambiguous "Could not create user" message, and the user doesn't show up in the "Users" page in the dashboard. Still need to investigate what the error is though.

Daniel Jones wrote:

Sure thing! I'll start working on it now. Is the way to try and produce it to create an account, get the activation message and click on it, then click on it again?

I think that there are lots of possibilities. Here are a few I can think of:

• activation link is out of date
• user cuts and pastes incorrectly (or email program adds extraneous code to the link), so that the wrong activation code is entered
• user has already activated the account

So this is weird - I've run into an issue with signing up a non-CUNY email address using a code from the Non-CUNY Activation Code plugin: the line in the cac_check_signup_validation_code function that unsets the non-CUNY email error just doesn't unset the variable. I do a var_dump of it before and after the call to unset and it returns the same thing both times. In Wordpress 4.1 they're adding a remove() method to the WP_Error class that'll make it easier to do this kind of thing, but for now I'm not 100% sure what to do. Do you think this is popping up on the live Commons as well or just a weird quirk of my local setup? I guess I could continue to test this through manually adding users in the dashboard for now.

Yargh, this is a frustrating issue that I ran into somewhere else too. Try this: https://github.com/cuny-academic-commons/cac/commit/c22c2d

Thanks Boone that worked. Excited for 4.1 to come out so we can just switch to the remove() method.

Now I've found a separate issue here - do we want people to be able to register 2 accounts with the same email? When I use a non-CUNY activation code and register with an email address that already has account, it activates the account just fine, as long as I use a different user name. Is that intentional?

After playing around with this some more, I can't reproduce the ambiguous error above. Actually, when I grep for it it only shows up in a translation file, and nowhere in the actual code.

I do think that it could be confusing for people to get the strange "Activate your Account, Please provide a valid activation key." form below the errors that do come up. I don't think we can count on people thinking of the alpha-numeric string in the link in the email as a "key" so I don't know how useful that form is. Also right now it doesn't look like there's a particular error for keys expiring - is that because they just become invalid after a while, and so get caught by the "Invalid activation key" error?

We could change the activate.php file in the bp-nelo theme to provide more useful information for users about what next steps they can take given the error that they're getting, and some more explanation about what the problem might be. Would that be a good direction to go in? I did a proof-of-concept for that by stealing some code from the function that generates the error messages.

Let me know what you think.

We could change the activate.php file in the bp-nelo theme to provide more useful information for users about what next steps they can take given the error that they're getting, and some more explanation about what the problem might be. Would that be a good direction to go in? I did a proof-of-concept for that by stealing some code from the function that generates the error messages.

A huge +1 to this. I encourage you to dig into the various ways that this could fail, and to try to come up with some text for the activation page that would actually be helpful. If it's decent (which is not a tall order, given the current state of things), we can put it into BuddyPress, and maybe WordPress.

Awesome.

Okay sorry for the delay - here's the changeset: https://github.com/cuny-academic-commons/cac/commit/eb0a2595be99aa033b70c92a668ec197d6bc87e8

I did my best on the copy for the error messages - it'd be good for someone more familiar with the site to review for accuracy and clarity though, and to make sure that it's based on what the actual use cases are. I also left in the changes to the non-CUNY sign-up plugin that worked around the trouble with unset(). Let me know if I should change that back. And with the next Wordpress release we can change it to a new method they're adding to the WP_Error class.

Thanks, Dan - this is a good start.

My initial thought is that the first case ("user is already active") is missing what I think is the most important suggestion: try logging in. In fact, I think that the very first thing a user sees if he tries to reuse an activation code is a message that says "It looks like your registration is already active. Try logging in with the username and password you created when registering." plus the login form itself. The other possibilities - that someone has sent you an incorrect code, etc - seem secondary. What do others think?

Dan - it may be worth putting the login form on the activation page even on successful activation. Logging in is, of course, the first thing an activated user will want to do.

Can you have a look into putting the form into the workflow?

What do others think?

As long as the login form has a "forgot password" link, that sounds good to me. We may want to amend the message to direct people to the "forgot password" link if they can't remember their password. We may also want to share the commons@gc.cuny.edu email address so that people can write to it with any problems

Great ideas! Here's the changeset - https://github.com/cuny-academic-commons/cac/commit/6efd54345fc8eaa9a7a54237beac643c948500f6

Doesn't include one small typo fix on one of the calls to wp_login_form. I set the forms to redirect to my-commons - is that right? Also right now I'm including both the link to contact form and the commons@gc.cuny.edu email, do we want to keep both or do y'all prefer one over the other?

Let me know what you think!

Thanks, Dan! This is looking like it'll be a pretty big improvement.

I read over your messages in some detail, and looked back through the code to match up your messages with the actual failure points in the activation process. I think your wording is strictly correct, but it puts a bit too much focus on error conditions that are very edge-case, or are nearly impossible to debug without reinitiating the registration process. So I streamlined the language a bit in https://github.com/cuny-academic-commons/cac/commit/a10f507a1ccde4d613cf7ab9f536ff4ea49e2f7d.

I think that this is getting close, but I'd like to ask you to do some styling work before we get UX feedback. In particular, the login form looks a bit sketchy. It would ideally be styled like the login form on wp-login.php. I tried wp_enqueue_style( 'login' ), but this caused lots of other styles on the page to be messed up, so I rolled it back. Can you apply a little elbow grease to see if we can get the page looking a bit nicer - at a minimum, good spacing and alignment for the input fields? Thanks!

One more thing - we should probably remove the email references and replace them with contact form stuff when #3660 is resolved.

I think this could be ready for UX feedback - https://github.com/cuny-academic-commons/cac/commit/c4f21d71fd908d0dd0efd85640df418530833b78

The forms aren't exactly like the are on wp-login.php but they're pretty close. Thanks and let me know what y'all think!

I agree that this looks great. On the invalid key, I think we should aim for a bit more brevity here:

"This error message could also mean that your activation link is malformed. If you got here by clicking a link that wasn't from a CUNY Academic Commons 'Activate Your Account' email message, you can try asking whoever sent you the link to make sure they sent you the correct one."

Samantha, can you please propose a rewrite of that text?

These are great! Very excited to see more specific error messages here.

In both cases, is it possible to include all of the added text in the red box or to copy that styling for the error text we've added? I worry that users may read the text in the red box but fail to read the rest because it isn't clearly linked to the error.

1. Invalid activation key
Proposed text:

If you registered more than two days ago, your registration has probably expired. Please register again.
If you accessed this page through a link from an individual, rather than an auto-generated 'Activate Your Account' email, please ask them to ensure they sent you the correct link.

2. Already activated key
A 'Forgot Password?' link would be helpful on this page to help anyone that doesn't recall the username and password they created when they originally registered.

I like the changes to the text, too.

I don't think it'll actually be too easy to put all the text in the error box, since it's generated by bp_core_render_message, and I think it'd be best to leave that alone. Would it be okay to just remove the red error box altogether and just have the whole error message in the main content section of the page? Or I could take out the error box that's on the page right now, and put in a new one that looks the same but doesn't use the bp_core_render_message function, just the same styling. Let me know what y'all think is best!

Or I could take out the error box that's on the page right now, and put in a new one that looks the same but doesn't use the bp_core_render_message function, just the same styling.

I think this is the better option of the two. We may need to change the styling to make it more readable, as Boone suggested, but let's start with this and see how it looks. Thanks!

Okay I made the changes to the text and moved it up into the red error message box - http://commons.gc.cuny.edu/activate/?key=d5e4b060ff5ea9c2

I got rid of the background color gradient in the error box because it looked pretty rough with the bigger box, and made the red just a little less bright. I think it looks okay - the main issue I see is that the link color is now pretty jarring and hard to read against the red.

Also - on the "The user is already active" message, do we want to take out the first line since it's information that's repeated in the next sentence? We might also want to modify some of the text for the "Invalid activation key." error now too. Let me know what y'all think!

Hi All --

Re the Invalid Activation Key message, I have two questions:

1.

If you registered more than two days ago, your registration has probably expired. Please register again.

Is that really true? Ie., if someone went through registration and never confirmed, their email address, userid, etc is completely wiped from the user table and they can just register again with the same email address and id? Does the Unconfirmed plugin, which we have activated on the site, interfere with that in any way?

2.

This error message could also mean that your activation link is malformed. If you got here by clicking a link that wasn't from a CUNY Academic Commons 'Activate Your Account' email message, you can try asking whoever sent you the link to make sure they sent you the correct one.

Is this the most likely scenario, that someone clicked on a link that someone else sent to them? Having monitored the Commons support email address for a long time, I'd say that a far more likely and frequent scenario is that people click on a link from inside a proprietary email system that adds some junk to the URL when clicked and that causes the failure. In such cases, we usually ask people to cut and paste the link from the email directly into the browser. I think we should guide people towards that problem/solution here.

Re the already active registration key:

This looks good to me generally. But the text at the bottom reads:

If you can't log in and continue to have problems activating your account, please contact us at commons@gc.cuny.edu

A minor point is that if the user tries to log in from this page and that login fails, the user is taken to a failed login screen that doesn't include the above line, and it's really at that point that the user needs to see that line to know whom to contact. So perhaps we should consider adding that line to our template for a failed login, as well (though that should be on a separate ticket)

Is that really true? Ie., if someone went through registration and never confirmed, their email address, userid, etc is completely wiped from the user table and they can just register again with the same email address and id?

No, it's not deleted automatically. But after two days, the user_login is no longer reserved. So if someone attempts to sign up with the same user name, yours will be deleted. https://core.trac.wordpress.org/browser/tags/4.1/src/wp-includes/ms-functions.php#L514

In such cases, we usually ask people to cut and paste the link from the email directly into the browser. I think we should guide people towards that problem/solution here.

Agreed. I'd kinda forgotten that this happened. Dan, could you make the corresponding change in the language here?

So perhaps we should consider adding that line to our template for a failed login, as well (though that should be on a separate ticket)

Yes, and yes.

Boone Gorges wrote:

No, it's not deleted automatically. But after two days, the user_login is no longer reserved. So if someone attempts to sign up with the same user name, yours will be deleted. https://core.trac.wordpress.org/browser/tags/4.1/src/wp-includes/ms-functions.php#L514

Thanks, Boone. New ticket created. As far as the above goes, does the system care whether someone tries to sign up with an email address used for an unconfirmed account after two days have passed?

does the system care whether someone tries to sign up with an email address used for an unconfirmed account after two days have passed?

It does the same check for email address. That is, an unactivated signup will be deleted if you register more than two days later with the same email address.

Great - thanks for confirming.

Great I've updated the language to:
"If you accessed this page by clicking on a link in an auto-generated 'Activate Your Account' email, try copying and pasting the link directly from the email into your browser. Sometimes email clients add extra characters to links, which could be causing this error."

Here's the changeset: https://github.com/cuny-academic-commons/cac/commit/1b0b5351172c15c0be141422db363f1ad9fb316d

The second sentence might be TMI so I can take that out if y'all think it's best. I also removed the other error (with the wrong link being sent to the user) completely, because I think that's what you were suggesting, Matt. Let me know if I should put it back in. I'll get the contact line onto the failed log-in page today or tomorrow.

Thanks, Daniel -- that revised message sounds perfect to me. Appreciate your work on this.

Hey Daniel,

The changes you've made sound great, but I don't seem to be able to view the most recent changes (old cdev links still show the old look, github link leads to a dead end for me).
Could you post idiot-proof links for me to take a look at when you have a chance? Thanks!

Hi Samantha,

I've just updated cdev so Daniel's latest code should be up and running.

Sorry to be late here - thanks for updating the code, Ray! Samantha - just a heads up I don't think I have access to update the cdev...I actually haven't even ever viewed it. I generally just make changes on my local maching and post them up here for Boone or Ray to add into the cdev. Sorry!

Sorry I was so slow on this - was responsible for getting a new website launched this past week and that took up more time than I had expected. Here's the link to the changeset: https://github.com/cuny-academic-commons/cac/commit/a615859f8c12898c2b408238845c44b8bcfb1e53

Good catch on the broken link! Should be working now. I like the new link color better too - updated the stylesheet.

Thanks, Daniel

Just want to make sure this is good to go - are there more changes to be made on my end?

Looks good to me, but let's get signoff from Samantha before closing.

Is this live on CDEV? How best to check this out?

Yes, it's on cdev.

Looks good to me! Thanks for all your work on this, Daniel.