Skip to:

Invalid activation key

  • jakdaniel5


    So I’ve been plagued by this from users who either try and use their activation email again, or some that double click on the link. They all end up on the classic ‘Invalid activation key’ page.

    Looking at the buddypress code I think there is a bug (feature?) that means that once an activation code is used once, it will never be able to be used again. This is despite there being code further on in this process to check this scenario and return an error of ‘The user is already active’. This code NEVER RUNS, because of the way the key is looked up in the database.

    The SQL that is generated to find the key looks something like this:

    SELECT * FROM wp_signups WHERE active = 0 AND activation_key = 'aIR3Zc1z7h2YAtAxcEND65EUL3UV8Vw5' ORDER BY signup_id DESC LIMIT 0, 1

    so once an account is activated (active=1), the key can never be looked up again. Hence the error my users were getting.

    It’s quite easy to reinstate the old behaviour, so that the code will detect an already activated account:

    //filter the query that checks for activation keys to fix an annoying bug
    //that activation keys cannot be used more than once
    //so that we actually get a 'already_active' error message 
    if(! function_exists('my_filter_get_signups')) {
        function my_filter_get_signups($sql_text,$sql_array,$caller_args,$args) {
            if(!empty($caller_args['activation_key'])) {
                $sql_array['where']=str_replace('active = 0','1 = 1',$sql_array['where']);
                $sql_text = implode(' ', $sql_array);
            return $sql_text;

    You could then catch that error and take the user say to the login screen or wherever you want:

    //redirect to my login screen with error message if account already activated
    if(! function_exists('my_core_activate_account')) {
        function my_core_activate_account($user) {
            if(! empty($user->errors)) {
                if(isset($user->errors['already_active'])) {
                    bp_core_add_message( $user->get_error_message(), 'error' );
                    bp_core_redirect( ... );
            return $user;

    Hope this helps someone.

Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.
Skip to toolbar