4e5882cb4b89bb084ba3a63d6060323a2b371f98
The validation record doesn't have an email address in it. When we change the user's email address we create a validation record. So, with the re-use, the following would work: 1) Set your email address to real.address@site.com, a validation email is sent. 2) Don't click it! Instead, go back and change your email address to fake.address@fakeyfake.com, another validation email is sent (but bounces). 3) Click on the link in the first email. Ta-dah! You've "validated" fake.address@fakeyfake.com!! So: generate a new validation code every time we're asked to create one for the user. Right? Right?
Description
User library for games
Languages
Java
100%