Some users are still having issues getting their "alternative email" to validate, checking at least one report:
- The email is not validated yet (status in db still 1)
- The user tried 2 different email links, both contained a key= component that did not match the one in the database, so nothing was validated
- Reviewing the current logic: every time the account details form is submitted, or the "resend" button is clicked (and the email is not yet validated), we generate and save a new key value, then send an email with that key in it. This can end up with the user having multiple emails to click, only one of which (the most recent) will work.
- There is no error reporting (aka "that link is too old" or similar)
Suggestion:
- Setup an expiry time for the key, within that time any form submissions or buttons will not generate a new key, they will just create a new email with the existing key.
Some users are still having issues getting their "alternative email" to validate, checking at least one report:
Suggestion: