halyxer
Forum Replies Created
-
Hello @ahsannayem,
Thanks for the plugin. It has been really helpful.I checked again on Fluent Support 2.0.6 (March 05, 2026), and the issue still occurs.
From the code, the problem seems to come from how
valid_tillis generated and validated.Generation –
app/Hooks/Handlers/EmailVerificationHandler.phpline 32'valid_till' => gmdate('Y-m-d H:i:s', current_time('timestamp') + 10 * 60),Validation –
app/Http/Controllers/AuthController.phplines 101–102$validTill = $logHash['valid_till'] ?? '';if (($logHash['used_count'] ?? 0) > 5 || ($validTill && strtotime($validTill) < current_time('timestamp'))) { ... }current_time('timestamp')uses the WordPress local timezone.gmdate()then formats that value as a UTC datetime string. Later,strtotime()parses that string using the server timezone.Because generation and validation use different time bases, the expiration time can be interpreted as already in the past. In JST this results in the verification code expiring immediately.
It may be safer to normalize both sides to the same basis (for example using UTC consistently or using Unix timestamps only).
Hello, thanks for checking.
I can still reproduce it on my site.
– WordPress timezone: Tokyo (Settings → General → Timezone)
– PHP timezone: Asia/Tokyo (date.timezone)
– DB timezone:@@global.time_zone=SYSTEM,@@session.time_zone=SYSTEM,@@system_time_zone=JST
–NOW() - UTC_TIMESTAMP() = 09:00:00
So WP/PHP/DB are all aligned to JST in this environment.
Could you please re-check the signup verification flow wherevalid_tillis created and validated?
It appearsvalid_tillis generated withgmdate(...)inEmailVerificationHandler::sendSignupEmailVerificationHtml, but compared againstcurrent_time('timestamp')inAuthController::signup, which may cause an immediate-expiry mismatch.