Making WordPress.org


Ignore:
Timestamp:
05/17/2021 04:58:00 AM (9 months ago)
Author:
dd32
Message:

Registration: Allow changing of email address during the registration flow.

This is only available once per account, and only prior to confirming the email address.

Fixes #5181.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/functions-registration.php

    r10964 r10981  
    326326 * Save the user profile fields, potentially prior to user creation and prior to email confirmation.
    327327 */
    328 function wporg_login_save_profile_fields( $pending_user = false ) {
     328function wporg_login_save_profile_fields( $pending_user = false, $state = '' ) {
    329329    if ( ! $_POST || empty( $_POST['user_fields'] ) ) {
    330330        return false;
     
    358358    }
    359359
     360    $updated_email = false;
     361    if (
     362        'pending' === $state &&
     363        empty( $pending_user['meta']['changed_email'] ) && // Only if they've not changed it before.
     364        ! empty( $_POST['user_email'] ) &&
     365        wp_unslash( $_POST['user_email'] ) !== $pending_user['user_email']
     366    ) {
     367        // Validate the email
     368        $error_user_email = rest_do_request( new WP_REST_Request( 'GET', '/wporg/v1/email-in-use/' . wp_unslash( $_POST['user_email'] ) ) );
     369        if ( $error_user_email->get_data()['available'] ) {
     370            // Change their email, resend confirmation.
     371            $pending_user['meta']['changed_email'] = $pending_user['user_email'];
     372            $pending_user['user_email']            = wp_unslash( $_POST['user_email'] );
     373            $pending_user['user_activation_key']   = ''; // Clear any existing email hash.
     374            $updated_email                         = true;
     375
     376            // Validate heuristics.
     377            if ( function_exists( 'wporg_registration_check_private_heuristics' ) ) {
     378                // Returns block, review, allow.
     379                $pending_user['meta']['heuristics'] = wporg_registration_check_private_heuristics( [
     380                    'user_login' => $pending_user['user_login'],
     381                    'user_email' => $pending_user['user_email']
     382                ] );
     383            }
     384
     385            // If the new email fails our checks, and the user hasn't manually been approved..
     386            if ( 'allow' !== $pending_user['meta']['heuristics'] && $pending_user['cleared'] < 2 ) {
     387                $pending_user['cleared'] = 0;
     388            }
     389        }
     390    }
     391
    360392    if ( $pending_user ) {
    361393        wporg_update_pending_user( $pending_user );
     394        if ( $updated_email ) {
     395            wporg_login_send_confirmation_email( $pending_user );
     396        }
    362397    }
    363398
Note: See TracChangeset for help on using the changeset viewer.