Hello @halyxer ,
Thank you for reporting this.
We have tested the email verification process on our end, but we’re not able to reproduce the issue. The verification code is working as expected and not expiring immediately.
To help us investigate further, could you please confirm which timezone your WordPress site is set to (Settings → General → Timezone)? Also, let us know your server timezone if possible. A mismatch between these could potentially cause the valid_till timestamp to be considered expired right away.
Once we have this information, we’ll check more thoroughly.
Hello, thanks for checking.
I can still reproduce it on my site.
– WordPress timezone: Tokyo (Settings → General → Timezone)
– PHP timezone: Asia/Tokyo (date.timezone)
– DB timezone: @@global.time_zone=SYSTEM, @@session.time_zone=SYSTEM, @@system_time_zone=JST
– NOW() - UTC_TIMESTAMP() = 09:00:00
So WP/PHP/DB are all aligned to JST in this environment.
Could you please re-check the signup verification flow where valid_till is created and validated?
It appears valid_till is generated with gmdate(...) in EmailVerificationHandler::sendSignupEmailVerificationHtml, but compared against current_time('timestamp') in AuthController::signup, which may cause an immediate-expiry mismatch.
Hello @halyxer ,
Thank you for the detailed information regarding the timezone configuration and the verification flow. We truly appreciate the effort you put into outlining the environment settings.
We have carefully reviewed the signup verification flow again and attempted to reproduce the issue in our testing environment. However, we were not able to replicate the immediate-expiry behavior on our end.
Since everything appears correctly aligned in your setup (WP, PHP, and DB all in JST), this may be something environment-specific. To properly investigate this further, we’ll need to debug it directly from your installation.
Could you please open a support ticket at the WPManageNinja portal?
Thank you
Hello @ahsannayem,
Thanks for the plugin. It has been really helpful.
I checked again on Fluent Support 2.0.6 (March 05, 2026), and the issue still occurs.
From the code, the problem seems to come from how valid_till is generated and validated.
Generation – app/Hooks/Handlers/EmailVerificationHandler.php line 32
'valid_till' => gmdate('Y-m-d H:i:s', current_time('timestamp') + 10 * 60),
Validation – app/Http/Controllers/AuthController.php lines 101–102
$validTill = $logHash['valid_till'] ?? '';
if (($logHash['used_count'] ?? 0) > 5 || ($validTill && strtotime($validTill) < current_time('timestamp'))) { ... }
current_time('timestamp') uses the WordPress local timezone. gmdate() then formats that value as a UTC datetime string. Later, strtotime() parses that string using the server timezone.
Because generation and validation use different time bases, the expiration time can be interpreted as already in the past. In JST this results in the verification code expiring immediately.
It may be safer to normalize both sides to the same basis (for example using UTC consistently or using Unix timestamps only).
