WordPress.org
Get WordPress

Making WordPress.org


Ignore:
Timestamp:
07/07/2020 08:02:03 AM (6 years ago)
Author:
dd32
Message:

Login: Allow users to resend the signup confirmation email.

To trigger this, either the user needs to click the resend link on the post-signup profile-info page, or attempt to sign up again using the same username or email.

The emails are rate limited depending on the age of the account, and also based on some WordPress.org anti-spam measures.

See #5278.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/functions-restapi.php

    r9146 r10029  
    1919        'callback' => 'wporg_login_rest_email_in_use'
    2020    ) );
     21
     22    register_rest_route( 'wporg/v1', '/resend-confirmation-email/?', array(
     23        'methods'  => WP_REST_Server::EDITABLE,
     24        'callback' => 'wporg_login_rest_resend_confirmation_email'
     25    ) );
    2126}
    2227add_action( 'rest_api_init', 'wporg_login_rest_routes' );
     
    3136        return [
    3237            'available' => false,
    33             'error' => __( 'That username is already in use.', 'wporg' ) . '<br>' . __( 'Is it yours? <a href="/lostpassword">Reset your password</a>.', 'wporg' ),
     38            'error' => __( 'That username is already in use.', 'wporg' ) . '<br>' .
     39                __( 'Is it yours? <a href="/lostpassword">Reset your password</a>.', 'wporg' ),
    3440            'avatar' => get_avatar( $user, 64 ),
    3541        ];
     
    4046        return [
    4147            'available' => false,
    42             'error' => __( 'That username is already in use.', 'wporg' ) . '<br>' . __( 'The registration is still pending, please check your email for the confirmation link.', 'wporg' ),
     48            'error' => __( 'That username is already in use.', 'wporg' ) . '<br>' .
     49                __( 'The registration is still pending, please check your email for the confirmation link.', 'wporg' ) . '<br>' .
     50                '<a href="#" class="resend">' . __( 'Resend confirmation email.', 'wporg' ) . '</a>',
    4351            'avatar' => get_avatar( $pending->user_email, 64 ),
    4452        ];
     
    6573        return [
    6674            'available' => false,
    67             'error' => __( 'That email address already has an account.', 'wporg' ) . '<br>' . __( 'Is it yours? <a href="/lostpassword">Reset your password</a>.', 'wporg' ),
     75            'error' => __( 'That email address already has an account.', 'wporg' ) . '<br>' .
     76                __( 'Is it yours? <a href="/lostpassword">Reset your password</a>.', 'wporg' ),
    6877            'avatar' => get_avatar( $user, 64 ),
    6978        ];
     
    7483        return [
    7584            'available' => false,
    76             'error' => __( 'That email address already has an account.', 'wporg' ) . '<br>' . __( 'The registration is still pending, please check your email for the confirmation link.', 'wporg' ),
     85            'error' => __( 'That email address already has an account.', 'wporg' ) . '<br>' .
     86                __( 'The registration is still pending, please check your email for the confirmation link.', 'wporg' ) . '<br>' .
     87                '<a href="#" class="resend">' . __( 'Resend confirmation email.', 'wporg' ) . '</a>',
    7788            'avatar' => get_avatar( $email, 64 ),
    7889        ];
     
    91102    return [ 'available' => true ];
    92103}
     104
     105/*
     106 * Resend a confirmation email to create an account.
     107 *
     108 * This API intentionally doesn't report if it performs the action, always returning the success message.
     109 */
     110function wporg_login_rest_resend_confirmation_email( $request ) {
     111    $account = $request['account'];
     112
     113    $success_message = sprintf(
     114        __( 'Please check your email %s for a confirmation link to set your password.', 'wporg' ),
     115        '<code>' . esc_html( $account ) . '</code>'
     116    );
     117
     118    $pending_user = wporg_get_pending_user( $request['account'] );
     119    if ( ! $pending_user || $pending_user['created'] ) {
     120        return $success_message;
     121    }
     122
     123    // Allow for w.org plugins to block the action.
     124    if ( null !== ( $pre_register_error = apply_filters( 'wporg_login_pre_registration', null, $pending_user['user_login'], $pending_user['user_email'], $pending_user['meta']['user_mailinglist'] ) ) ) {
     125        return $success_message;
     126    }
     127
     128    // Only one email per..
     129    // - 1 minute for brand new accounts (<15min)
     130    // - 5 minutes for new accounts (<1hr)
     131    // - 3 hours there after
     132    list( $requested_time, ) = explode( ':', $pending_user['user_activation_key'] );
     133    $time_limit = 3 * HOUR_IN_SECONDS;
     134
     135    if ( time() - strtotime( $pending_user['user_registered'] ) < HOUR_IN_SECONDS ) {
     136        $time_limit = 5 * MINUTE_IN_SECONDS;
     137    }
     138
     139    if ( time() - strtotime( $pending_user['user_registered'] ) < 15 * MINUTE_IN_SECONDS ) {
     140        $time_limit = MINUTE_IN_SECONDS;
     141    }
     142
     143    if ( ( time() - $requested_time ) < $time_limit ) {
     144        return $success_message;
     145    }
     146
     147    wporg_login_send_confirmation_email( $pending_user );
     148
     149    return $success_message;
     150}
Note: See TracChangeset for help on using the changeset viewer.