Upgraded, now have User Validation problem.


Since starting with Elgg I've had continuous problems with some members not receiving confirmation emails, or when they do and click the link they get an error telling them they have to be logged in!

Because no info was found on this, I've been getting around it by manually activating users in Additional User Management.

However, since upgrading to Elgg 1.7.2 I now get "Form is missing __token or __ts fields" when trying to do this. What does this even mean?

I have also now tried to deactivate the "User validation by email" plug in and cannot do so. I get a message stating it has been deactivated, but its status doesn't change. In fact, changing the status of anything in Tools gives mixed results, with most changes giving an error and taking me to the main page (Grrrr!) or simply stating it has done it but actually hasn't.

This was an upgrade on an active site with very few plug ins added and none changed at all. I disabled the only plug in I had modified (which was the black pod theme) as it was causing massive CPU usage.

If anyone can help, great. If not, I'm thinking of closing down my group anyway and hoping my users will migrate to something more stable like a forum.

  • Missing emails is usually a server configuration issue to get past spam filters: http://docs.elgg.org/wiki/Email_and_spam_filters

    Users getting a "you must be logged in" message on the validation confirmation has never been reported. Are you sure that's happening.

    For the enabling plugins, look at the enable link and it should look something like this: http://mysite.com/action/admin/plugins/disable?plugin=eager_widgets&__elgg_token=52147397ac0dbd69696bf3ecc5254730&__elgg_ts=1283425721

  • Well, I've told members to check spam filters and they assure me the email is not there. I don't know what's going on with that.

    I had a similar problem on a test account. I signed up, confirmed email, went to log in and it simply wouldn't. The page just refreshed to the log in screen.

    Having done this again today, I'm clicking the link in the email and when arriving at the site it states "Email addres could not be verified". So this explains why I have a list of new members backing up and no way for either them or me to validate their account!

    As for the plugins, yes, the link is showing as that. Clicking Disable or Enable on anything in the list either states "Plugin was disabled successfully" with no change at all to the status of the plugin (or to the link stating disable?plugin), or it states "Form is missing __token or __ts fields" while sending me back to the main page. Trying to move a plgin in the list also results in that error and redirect to the main page.

    I've tried to use the method of adding an empty folder labelled "disabled" in the mod directory and that sends my site into meltdown visually, with what looks like several versions of the site graphics opening in each widget.

    I've also tried adding another plugin today (just to see if a possible repair was possible by removing and adding plugins again) and this will not enable and gives the same error and redirect.

    This tells me that a fresh install of all vital files and folders will probably not work either.

    In addition, I cannot delete messages. Again, same error.

    As always, any help appreciated.

  • Also, new problem. I can't modify External pages. About, Terms and Provacy tabs do not work.

  • First email - doesn't matter checking junk mail. Some mail providers will outright reject the email.

    Have you tried copying the code over again? Since we are not seeing people report this, it means there is a bad file, an odd server configuration issue, or a bad plugin.

    The fact that the "disabled" file technique is not working makes me think you have some bad code.

    One more thing (and most important!), did you update your .htaccess when you upgraded as the instructions tell you?


  • If some people get the activation emails and others don't it surely is not a problem of your server as such. Maybe your server's IP is on a blacklist and some providers block them. You can check for example on http://www.spamhaus.org/ and http://www.senderbase.org/ if that's the case.

    If emails get rejected you should get a Delivery Failure notice. Most likely it will be sent to the server's defailt email address (root@domain.name or something like that). Check for example via webmail in CPanel. It also helps to enable SPF, DomainKey to allow the email providers verification of the server. Also a valid PTR record for reverse DNS checks is needed for some providers.

    If people tell you they don't see any emails in their spam folders it might not be true. They might only check the folders in their local email client. But the activation emails might already be filtered online and moved to a spam folder on their webmail account.

  • @cash

    I was having problems with excessive CPU usage on my original install, and when Arvixe upgraded my hosting to VPS in an effort to resolve it the connection to the original SQL wasn't possible. I had to start all over again and invite 1500 users back.

    So that was done using Softaculous, Elgg version 1.7.1. I the only altered plugin was the Black Pod theme, everything else was standard and without reported bugs. Indeed the site worked fine (apart from the email validation issue).

    Then I had another CPU warning and so disabled the Black Pod theme. No more warnings were received after this about CPU usage. So I figure it was the theme all along.

    Then, the other day I upgraded Elgg to 1.7.2 again using Softaculous. Foolishly I had assumed that a system telling you it easily installs Elgg would do whatever was needed. Obviously not.

    I then went in and copied htaccess.dist to htaccess

    And that's (part of) the story so far. lol

    I was considering just disabling all plugins, and then FTP'ing all the core Elgg elements to overwrite whats there. Then go in and delete the "disabled" from the mods. Would this do it?

    Any ideas what I need to replace that might resolve this?

    I really need to get to the bottom of this, I now have 15 new members beating at the door to get in. :-)

  • For the user activation issue you could install the simpleusermanagement plugin:


    It shows accounts not yet activated. You can activate them manually, re-send activation emails or delete these accounts if necessary. I'm using it, too, as a certain number of users just doesn't react on activation emails and I want to get rid of the unactivated accounts. You might also be able to solve issues with typos in the email addresses given that prevents the activating of accounts.

    Regarding the issue with the plugins I would suggest to to not use any offered install tools. Via ftp you can easily upload whatever you want to install - non core plugins, new releases... - and you might know better what's running on your Elgg install.

    You could prepare a complete Elgg installation (1.7.3) locally. Add non-core plugins to the mod folder, add the correct .htaccess file and the settings.php file to the engine folder. Then disable all non-core plugins via the admin section, disable simple cache and filepath cache. Do a full backup of your current Elgg folder, data folder and database.

    Next step: delete all Elgg files from your server. Upload the the Elgg installation you prepared locally, best way to zip it first (or you might upload it already before the deletion to a tmp folder and then move it). Then run upgrade.php, log in again and enable all non core plugins and caching again. Then you should have an Elgg installation which (hopefully) works. :-)

    I did it this morning, upgrading from Elgg 1.6.2 to Elgg 1.7.3. The time between disabling the non core plugins at the beginning of the upgrade and finishing the upgrade was about 15 mins and it seems it worked fine (I must admit I was quite nervous...).

  • All I can do is repeat me previous advice. The top suspect is the htaccess not being updated during the upgrade. The second is a bad file. It certainly won't hurt to copy the core Elgg code over what you currently have.

    If you look at http://trac.elgg.org/browser/elgg/branches/1.7/htaccess_dist

    the key part of the upgrade is &%{QUERY_STRING} sections

  • Thanks for the help guys.

    @iionly - yep, that's the plugin I was using to manually activate accounts. But throughout this process after the upgrade it wasn't working. I was getting the token error every time.

    @cash - I have resolved all of this by simply disabling all plugins, removing non core plugins completely, FTPing all core Elgg components, then adding plugins one by one and testing them. There was one that failed (a basic link plugin).

    I think I had a combination of issues. Using Softaculous (and probably other "simple installers" through a cPanel) is not the way to go. Doh!

    I think their functionality in installing properly and following all little "quirks" is very poor. I'm guessing when they suggest upgrading installed software they don't complete all tasks and just overwrite existing files with new.

    I'm wondering if this is a comon issue to many other users experiencing problems after the upgrade? If they used an installer like I did to upgrade as suggested (are they hosted with Arvixe and using Softaculous?) something goes wrong.

    But, I resolved it by manually installing and following instructions. I think I'll start a discussion about using installers over FTP and see if others have had the same problem, maybe it's something the Elgg community can state as a clear problem and save a lot of users some anxious hours if there's a clear issue with not manually installing :-)

    Thanks for the help guys.

  • We have seen very few issues from those upgrading from 1.6.x to 1.7.x. The most common issues have been sites that had hacked the core code, sites with plugins that did not have action tokens, and sites that had permission problems in the data directory.