From a1f73d008d69a4bf9f2a4187dff19baee85b7423 Mon Sep 17 00:00:00 2001
From: Marcin Kurczewski <mkurczew@gmail.com>
Date: Sat, 5 Oct 2013 17:10:18 +0200
Subject: [PATCH] Fixed (very unlikely) activation links collisions

---
 src/Controllers/AuthController.php | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/Controllers/AuthController.php b/src/Controllers/AuthController.php
index c970e9b9..d99db8d3 100644
--- a/src/Controllers/AuthController.php
+++ b/src/Controllers/AuthController.php
@@ -130,12 +130,20 @@ class AuthController extends AbstractController
 			$dbUser->email = $suppliedEmail;
 			$dbUser->admin_confirmed = $adminActivation ? false : true;
 			$dbUser->email_confirmed = $emailActivation ? false : true;
-			$dbUser->email_token = md5(mt_rand() . uniqid());
 			$dbUser->access_rank = R::findOne('user') === null ? AccessRank::Admin : AccessRank::Registered;
 
+			//prepare unique registration token
+			do
+			{
+				$emailToken =  md5(mt_rand() . uniqid());
+			}
+			while (R::findOne('user', 'email_token = ?', [$emailToken]) !== null);
+			$dbUser->email_token = $emailToken;
+
 			//send the e-mail
 			if ($emailActivation)
 			{
+
 				$tokens = [];
 				$tokens['host'] = $_SERVER['HTTP_HOST'];
 				$tokens['link'] = \Chibi\UrlHelper::route('auth', 'activation', ['token' => $dbUser->email_token]);