Encrypt with wordcamp_id rather than email.

public_html/wp-content/plugins/wordcamp-organizer-survey/includes/debrief-survey/email.php

@@ -58,8 +58,8 @@ function get_wordcamp_location() {
  * @return string
  */
 function get_encryption_token() {
-	$lead_organizer_email = get_lead_organizer_email();
-	return hash_hmac( 'sha1', $lead_organizer_email, ORGANIZER_SURVEY_ACCESS_TOKEN_KEY );
+	$wordcamp_id = get_current_blog_id();
+	return hash_hmac( 'sha1', $wordcamp_id, ORGANIZER_SURVEY_ACCESS_TOKEN_KEY );
 }
 
 /**
@@ -70,7 +70,7 @@ function get_encryption_token() {
 function get_email_content() {
 	$wordcamp_name   = get_wordcamp_name();
 	$survey_page_url = 'https://central.wordcamp.test/organizer-survey-event-debrief/?t=' . get_encryption_token()
-					 . '&e=' . base64_encode( get_lead_organizer_email() );
+					 . '&wid=' . base64_encode( get_current_blog_id() );
 
 	$email  = "Howdy [email],\r\n\r\n";
 	$email .= sprintf( "Congratulations on completing %s! We hope you had a great time, and that you'll soon get some well-deserved rest\r\n\r\n", esc_html( $wordcamp_name ) );

public_html/wp-content/plugins/wordcamp-organizer-survey/wordcamp-organizer-survey.php

@@ -133,10 +133,10 @@ function get_includes_path() {
  */
 function validate_token_on_debrief_survey() {
 	if ( is_page( 'organizer-survey-event-debrief' ) ) {
-		$token = $_GET['t'] ?? '';
-		$email = $_GET['e'] ?? '';
+		$token       = $_GET['t'] ?? '';
+		$wordcamp_id = $_GET['wid'] ?? '';
 
-		$expected_token = hash_hmac( 'sha1', base64_decode( $email ), ORGANIZER_SURVEY_ACCESS_TOKEN_KEY );
+		$expected_token = hash_hmac( 'sha1', base64_decode( $wordcamp_id ), ORGANIZER_SURVEY_ACCESS_TOKEN_KEY );
 
 		if ( $token !== $expected_token ) {
 			wp_die('Invalid access token.');