Skip to main content

Email Verification

Email verification confirms your email address is valid and that you control it. All new accounts must verify their email address before accessing certain features. The verification process uses a 6-digit code sent to your email.

Why Email Verification is Required

Account Security

Prevents Fake Accounts:

  • Ensures email addresses are real
  • Reduces spam and fraudulent accounts
  • Verifies you control the email address
  • Protects platform integrity

Account Recovery:

  • Required for password reset
  • Verified email needed to recover locked accounts
  • Ensures you can regain access if you forget password

Platform Features

Some features require verified email:

  • Full marketplace access (buying and selling)
  • Sending messages to other users
  • Collection sharing
  • Friend requests
  • Receiving email notifications
  • Account deletion and data export

Without Verification:

  • Limited read-only access
  • Cannot list items for sale
  • Cannot send offers
  • Cannot message sellers
  • Cannot add friends

Verification Process

During Registration

Automatic Verification Flow:

  1. Complete registration form (name, email, password)
  2. Click Create Account
  3. System generates 6-digit verification code
  4. Verification code encrypted and stored in database
  5. Code expiry set to 15 minutes from now
  6. Verification email sent to your email address
  7. Redirected to verification page
  8. Enter 6-digit code
  9. Email verified, account activated

Email Sent: Subject: "Verify Your Email Address" Contains:

  • 6-digit verification code
  • Code expiry time (15 minutes)
  • Instructions to enter code
  • Link to resend code if needed
  • Company branding

Verification Code:

  • Format: 6 digits (e.g., 123456)
  • Validity: 15 minutes from generation
  • Encryption: Stored encrypted in database (AES-256-GCM)
  • One-time use: Cannot be reused after verification

Verification Page

Page Layout:

  • Email address displayed (the one you're verifying)
  • 6 input fields (one digit per field)
  • Countdown timer showing time remaining
  • "Verify Email" button
  • "Resend code" button
  • Back to Register button

Entering the Code:

  1. Check your email inbox for verification email
  2. Find the 6-digit code in the email
  3. Enter each digit in the 6 input fields
  4. Fields auto-advance as you type
  5. Code auto-submits when all 6 digits entered
  6. Or click "Verify Email" button to submit manually

Field Behavior:

  • Auto-focus on first field
  • Auto-advance to next field on input
  • Backspace returns to previous field
  • Arrow keys navigate between fields
  • Paste support: paste full 6-digit code at once

Timer Display:

Code expires in 14:32

Minutes and seconds countdown. When timer reaches 0:00, code expires.

Auto-Submit: When you type the 6th digit, the code submits automatically. No need to click "Verify Email" button.

Successful Verification

What Happens:

  1. Code validated against database (decrypted and compared)
  2. Expiry checked (must not be expired)
  3. If valid:
    • emailVerified field set to true
    • Verification code and expiry cleared from database
    • Success message displayed
    • Redirected to next step (2FA setup or plan selection)
  4. Account fully activated

Success Message: "Email verified! Your account has been activated"

Redirect:

  • If 2FA required: Redirected to 2FA setup page
  • Otherwise: Redirected to plan selection page

Delay: 1.5 second delay before redirect (shows success message)

Verification Failure

Invalid Code:

  • Code doesn't match stored code
  • Error message: "Verification failed - Invalid code"
  • Input fields cleared
  • Focus returns to first field
  • Try entering code again or resend

Expired Code:

  • 15 minutes passed since code generation
  • Error message: "Code has expired. Please request a new one."
  • Must click "Resend code" to get new code
  • New code valid for another 15 minutes

Already Verified:

  • Email already verified previously
  • Cannot verify again
  • Redirected to login or dashboard

Resending Verification Code

When to Resend

Resend if:

  • Code expired (15 minutes passed)
  • Email not received
  • Email deleted or lost
  • Entered wrong code multiple times
  • Need a new code for any reason

Resend Process

Steps:

  1. Click Resend code button on verification page
  2. New 6-digit code generated
  3. New code encrypted and stored
  4. Expiry reset to 15 minutes from now
  5. New verification email sent
  6. 60-second cooldown before can resend again
  7. Existing code invalidated (old code no longer works)

Cooldown:

  • Cannot resend for 60 seconds after each resend
  • Button shows: "Resend code in 59s" (counts down)
  • Prevents email spam
  • Resets after each successful resend

Success Message: "Code sent! A new verification code has been sent to your email"

Timer Reset: 15-minute countdown resets to full 15 minutes.

Input Fields: Existing digits cleared, focus returns to first field.

Resend Limitations

Rate Limiting:

  • General authentication rate limit applies
  • Maximum requests per timeframe
  • If exceeded: "Too many requests, please try again later"

No Resend Limit:

  • Can resend as many times as needed
  • Each resend generates new code
  • Each resend resets 15-minute timer
  • No maximum resend count

Email Verification Code Details

Code Generation

Format:

  • 6 digits only (0-9)
  • Random generation
  • No letters or special characters
  • Example: 493827

Generation Process:

  1. Generate random 6-digit number
  2. Encrypt code with AES-256-GCM
  3. Store encrypted code in database
  4. Set expiry to 15 minutes from now
  5. Send plain code to user's email

Why Encryption:

  • Protects code if database compromised
  • Staff cannot see verification codes
  • Codes cannot be intercepted from database
  • Security best practice

Code Validity

Duration: 15 minutes from generation

Countdown:

  • Real-time countdown displayed on verification page
  • Format: MM:SS (e.g., 14:32 = 14 minutes, 32 seconds)
  • Updates every second
  • Shows "Code has expired" when reaches 0:00

Expiry Check:

  • Server checks expiry before validation
  • If expired: Rejects code immediately
  • Must resend to get new code

One-Time Use:

  • Code invalidated after successful verification
  • Cannot use same code twice
  • Even if not expired, code cleared after use

Code Storage

Database Fields:

  • emailVerificationCode: Encrypted code (TEXT field)
  • emailVerificationExpiry: Expiry timestamp (DateTime)
  • emailVerified: Verification status (Boolean)

After Verification:

  • emailVerificationCode: Set to NULL
  • emailVerificationExpiry: Set to NULL
  • emailVerified: Set to TRUE

Security:

  • Encryption key stored in environment variable
  • 32-character encryption key
  • AES-256-GCM encryption algorithm
  • Cannot decrypt without encryption key

Email Delivery

Verification Email

Subject: "Verify Your Email Address"

Sender: RTC Collector <[email protected]>

Contents:

  • Welcome message
  • Your name (first name from registration)
  • 6-digit verification code (large, bold)
  • Expiry time (15 minutes)
  • Instructions to enter code
  • Link to verification page
  • Link to resend code
  • Company branding and footer

Email Template Variables:

  • {{firstName}}: Your first name
  • {{verificationCode}}: The 6-digit code
  • {{verificationUrl}}: Link to verification page

HTML Format:

  • Responsive HTML email
  • Plain text fallback
  • Mobile-friendly layout
  • Clear call-to-action button

Email Not Received

If you don't receive the verification email, check the Troubleshooting section below for common causes and solutions. The most common issue is the email being filtered to your spam/junk folder.

Email Provider Issues

Gmail:

  • Usually reliable
  • Check "Promotions" or "Social" tabs
  • May delay up to 5 minutes

Outlook/Hotmail:

  • Often filters to Junk
  • Check Junk folder first
  • May reject if account security settings strict

Yahoo:

  • Frequently filters to Spam
  • Check Spam folder
  • May delay delivery

Corporate Email:

  • Often blocks automated emails
  • IT department may need to whitelist sender
  • Use personal email instead for registration

Temporary/Disposable Email:

  • May not work with verification system
  • Use permanent email address
  • Disposable emails often blacklisted

Verification Status

Checking Verification Status

After Login:

  • System checks emailVerified field
  • If false: Limited access to features
  • If true: Full access granted

Verification Badge:

  • Profile may show "Email Verified" badge
  • Green checkmark next to email address
  • Visible to you in settings

Verified Status Benefits

Full Platform Access:

  • ✅ Create marketplace listings
  • ✅ Make offers on items
  • ✅ Send messages to users
  • ✅ Add friends
  • ✅ Share collection publicly
  • ✅ Receive email notifications
  • ✅ Request account deletion
  • ✅ Export your data

Unverified Status Limitations

Limited Access:

  • ❌ Cannot create marketplace listings
  • ❌ Cannot make offers
  • ❌ Cannot send messages
  • ❌ Cannot add friends
  • ❌ Cannot share collection
  • ❌ Email notifications disabled
  • ❌ Cannot delete account
  • ✅ Can browse marketplace (read-only)
  • ✅ Can view your collection
  • ✅ Can add items to collection

Verification Prompt: Unverified users see banners/prompts encouraging email verification throughout the platform.

Re-verification

Not Usually Required: Once verified, status persists. No need to re-verify.

Re-verification Scenarios:

  • Email address changed (new verification required)
  • Account compromise suspected (admin may require re-verification)
  • Long account inactivity (may require re-verification)

Troubleshooting

Code Not Working

Invalid Code Error:

Causes:

  • Typo in code entry
  • Wrong code (old code after resend)
  • Code already used
  • Code doesn't match stored code

Fix:

  1. Double-check code in email
  2. Ensure using most recent email (if resent)
  3. Enter code carefully digit-by-digit
  4. Click "Resend code" to get fresh code
  5. Try pasting code instead of typing

Code Expired

Expired Code Error:

Causes:

  • 15 minutes passed since code generation
  • Timer reached 0:00
  • Delay in checking email

Fix:

  1. Click "Resend code" button
  2. Check email for new code immediately
  3. Enter new code within 15 minutes
  4. Set timer reminder if needed

Email Not Received

No Email After 5 Minutes:

Causes:

  • Spam filter blocked email
  • Email delay (server queue)
  • Incorrect email address
  • Email server rejecting sender
  • Full email inbox

Fix:

  1. Check spam/junk folder
  2. Wait 5 more minutes
  3. Click "Resend code"
  4. Verify email address is correct
  5. Try different email if possible
  6. Contact support with details

Verification Page Not Loading

Page Error or Blank:

Causes:

  • Network issue
  • JavaScript error
  • Browser compatibility
  • Cache issue

Fix:

  1. Refresh page (F5)
  2. Hard refresh (Ctrl+F5)
  3. Clear browser cache
  4. Try different browser
  5. Check browser console for errors
  6. Disable browser extensions

Resend Button Disabled

Cannot Click Resend:

Causes:

  • 60-second cooldown active
  • Email verification already complete
  • Network request in progress

Fix:

  1. Wait for cooldown timer to reach 0
  2. Check if already verified (redirect may be pending)
  3. Refresh page if button stuck
  4. Wait for any loading spinners to finish

Redirected to Wrong Page

Verification Succeeds But Wrong Redirect:

Causes:

  • Expected redirect based on account state
  • 2FA setup required before plan selection
  • Registration flow incomplete

Fix:

  • Normal behavior if 2FA required
  • Complete 2FA setup if prompted
  • Then redirected to plan selection
  • If issue persists, log out and log back in

Already Verified Error

"Email already verified" Message:

Causes:

  • Email was verified previously
  • Trying to verify again
  • Multiple verification attempts

Fix:

  • No fix needed (already verified)
  • Log in normally with email and password
  • No need to verify again
  • Status persists across logins

Best Practices

During Registration

Use Valid Email:

  • Use email address you control
  • Prefer personal email over corporate email
  • Avoid temporary/disposable email addresses
  • Double-check email for typos before submitting

Check Email Immediately:

  • Open email immediately after registration
  • Don't wait (code expires in 15 minutes)
  • Complete verification before leaving page
  • Avoid switching devices mid-process

Save Verification Email:

  • Keep email until verification complete
  • Don't delete before verifying
  • Email contains important account info
  • May need for support requests

During Verification

Enter Code Carefully:

  • Double-check each digit
  • Use paste function if available
  • Verify code from most recent email
  • Don't rush (have 15 minutes)

Watch Timer:

  • Complete verification before expiry
  • If running low on time, resend code
  • Set timer reminder if stepping away

One Device at a Time:

  • Complete verification on same device
  • Don't switch browsers mid-process
  • Avoid multiple verification attempts simultaneously

Email Management

Whitelist Sender:

  • Add [email protected] to contacts
  • Prevents future emails going to spam
  • Helps with password reset emails too

Check Spam Settings:

  • Configure email to not aggressively filter
  • Check spam folder if email delayed
  • Mark verification email as "Not Spam"

Use Reliable Email Provider:

  • Gmail, Outlook, Yahoo generally reliable
  • Avoid obscure email providers
  • Corporate email may block automated emails

FAQ

How long is the verification code valid?

15 minutes from generation. After expiry, you must request a new code.

Can I use the same code twice?

No. Once you successfully verify your email, the code is invalidated and cannot be reused.

What if I close the verification page?

The code remains valid until expiry (15 minutes). You can return to the verification page and enter the code before it expires.

Can I change my email after verifying?

Yes, in Settings → Profile. Changing your email requires re-verification of the new email address.

What happens if I never verify my email?

Your account exists but with limited functionality. You cannot use marketplace features, send messages, or share your collection. Email verification is required for all tiers, including Hobbyist, to access the marketplace.

Can I resend the code unlimited times?

Yes, but with a 60-second cooldown between resends. Each resend generates a new code and resets the 15-minute timer.

Why is my email going to spam?

Email spam filters vary. Add [email protected] to your contacts and mark the email as "Not Spam" to prevent future emails being filtered.

No. The platform uses a 6-digit code system for security. Email links may be added in future updates.

What if I registered with the wrong email?

You can register a new account with the correct email address. The incorrect email account can be deleted later.

Can admins verify my email for me?

In exceptional circumstances, support may manually verify your email. Contact support with details.

Does verification expire after a certain time?

No. Once verified, your status is permanent. You don't need to re-verify unless you change your email address.

Why do I need to verify my email?

Email verification ensures account security, enables password recovery, and unlocks full platform features.