Auto actions usecase question

we are using an auto action to set a cookie after user registration that holds the username as value.

hese is the cookie setting...

Triggers: OnAfterUserConfirmation
Type: Code
User Automatic
Acccess: Everybody
Action: (the following)

PHP method...

if (!isset($_COOKIE)) {
    $user = '[cookiename]';
    setcookie(
        'cookiename',
        $user,
        time() + (86400 * 120), // Expiration time: 120 days
        '/', // Path
        '.domain.com', // Domain
        true, // Secure (HTTPS)
        true  // HTTPOnly
    );
}

The cookie is created correctly (at least on some testing accounts i created).



Now...

with a second auto action we check to see if the coolie exists on user gegistration and if it exists we get a mail notification that someone that is already registered created a new account.

here is the cookie checking...

Triggers: OnAfterUserConfirmation
Type: Code
User Automatic
Acccess: Everybody
Action: (the following)

PHP method...

if (isset($_COOKIE)) {
    $cookieValue = $_COOKIE;
    $user = "[username]";
    $to = "myname@domain.com";
    $subject = "User $cookieValue registered again as $user";
    $txt = "Text to be sent in the body of the email";

    $headers = "MIME-Version: 1.0" . "\r\n";
    $headers .= "Content-type: text/plain; charset=UTF-8" . "\r\n";
    $headers .= "From: info@xstream.gr";

    if ($user !== $cookieValue) {
        mail($to, '=?UTF-8?B?'.base64_encode($subject).'?=', $txt, $headers);
    }
}

And here begins the problem...

Most of the e-mails we get are not true!
We might get an e-mail that User10 (last login was 2 months ago, auto actions were created 2 days ago) registered again as User2.

Where might the problem be?
Is it that the username substitution is not accurrate for this kind of auto action?
Is it that we have to populate the username some other way?
Is it that we have to use [user_id] instead of [username]?

Can you please advise?

Thank you

You're creating the cookie and emailing about the cookie on the same triggers. So probably just an ordering issue. Ensure the email auto action is ordered before the cookie auto action. You're also doing this on confirmation not on registration. I recommend using onAfterUserRegistration trigger if you want this to explicitly apply to successful frontend registration.

Thank you for your reply Krileon.
The auto actions are ordered correctly and i use the confirmation trigger so that i get e-mail only for users with a valid email.

I am afraid that the problem is located somewhere in the code, variable setting or variable comparison. My head is melting! A few minutes ago i received a notification that a new user registered from a device that has my id in the cookie!

Can you please take a look at the code?

We do not provide custom coding assistance. I cannot help you analyze and fix your code. At a quick glance I don't think your code is functional.

I've added a feature ticket for CB Auto Actions to add a Cookie method to the Code action to assist in cookie creation. As for validating a cookie and accessing their values you can already do that in CB Auto Actions using [cookie_COOKIENAME]. Example as follows.

Condition
Field: Custom > Value
Custom Value: [cookie_registered]
Operator: Not Empty

Retrieval
[cookie_registered]

Additionally I do not recommend storing sensitive data in the cookie. A encrypted user_id would probably be ideal. Especially don't store username or email address.

If you want to prevent duplicate registrations I recommend using that functionality built into CB AntiSpam as it'll stop the duplicate registrations entirely. I can review adding an option to just notify on duplicate registration instead of blocking or denying it as that seams like that's all you're needing.

Ok, latest CB AntiSpam build release now has a Notify option for duplicate registrations. This might be able to fill your needs so you don't need to custom code anything.

 

You can customize the recipient, email subject, and email message. All 3 support substitutions. The duplicates can be cross referenced with built in logging features in CB AntiSpam to pinpoint exactly what accounts are linked together and when. Currently this only works for duplicate registrations, but have added a feature ticket to expand Notify options for all block types.

Thank you for your kind help Krileon but the IP is not the solution.
Static IP owners are 0.01 % of the total users (at least Greece). Each time users connect with a different IP address.

I have already created a new auto action using your previous suggestion using [cookie_COOKIENAME] to see if it is more accurate.

Thank you again.