Changeset 10941 for sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/functions-registration.php

Timestamp:

04/30/2021 08:44:23 AM (4 years ago)

Author:

dd32

Message:

Login: Only allow one signup at a time by "inbox", that is, ignoring plus addressing.

This is mostly to combat spammers using myemail+sldkjasldf@… to create multiple accounts.
This does not prevent plus addressing being used.
This does not prevent multiple accounts using plus addressing from existing, only that only a single account via plus addressing can be created per 2 weeks.

File:

• sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/functions-registration.php (modified) (1 diff)

sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/functions-registration.php

@@ -213 +213 @@
 
     return $pending_user;
+}
+
+/**
+ * Fetches a pending user record from the database by "inbox", ignoring plus addressing.
+ */
+function wporg_get_pending_user_by_email_wildcard( $email ) {
+    global $wpdb;
+
+    $email_wildcard = preg_replace( '/[+][^@]+@/i', '+%@', $wpdb->esc_like( $email ) );  // abc+def@ghi => abc+%@ghi
+    $email_base     = preg_replace( '/[+][^@]+@/i', '@', $email ); // abc+def@ghi => abc@ghi
+
+    $matching_email = $wpdb->get_var( $sql = $wpdb->prepare(
+        "SELECT `user_email` FROM `{$wpdb->base_prefix}user_pending_registrations` WHERE ( `user_email` = %s OR `user_email` LIKE %s ) LIMIT 1",
+        $email_base,
+        $email_wildcard
+    ) );
+
+    if ( $matching_email ) {
+        return wporg_get_pending_user( $matching_email );
+    }
+
+    return false;
 }