Skip to:
Content

BuddyPress.org

Ticket #6163: 6163.01.patch

File 6163.01.patch, 11.7 KB (added by johnjamesjacoby, 9 years ago)
  • src/bp-settings/bp-settings-actions.php

     
    6767
    6868                        // What is missing from the profile page vs signup -
    6969                        // let's double check the goodies
    70                         $user_email     = sanitize_email( esc_html( trim( $_POST['email'] ) ) );
     70                        $user_email     = sanitize_email( trim( $_POST['email'] ) );
    7171                        $old_user_email = $bp->displayed_user->userdata->user_email;
    7272
    7373                        // User is changing email address
    74                         if ( $old_user_email != $user_email ) {
     74                        if ( $old_user_email !== $user_email ) {
    7575
    7676                                // Run some tests on the email address
    7777                                $email_checks = bp_core_validate_email_address( $user_email );
     
    9292
    9393                                // Store a hash to enable email validation
    9494                                if ( false === $email_error ) {
    95                                         $hash = wp_hash( $_POST['email'] );
     95                                       
     96                                        // Send the email change verification email
     97                                        bp_settings_send_email_change_verification_email( $user_email, $old_user_email );
    9698
    97                                         $pending_email = array(
    98                                                 'hash'     => $hash,
    99                                                 'newemail' => $user_email,
    100                                         );
    101 
    102                                         bp_update_user_meta( bp_displayed_user_id(), 'pending_email_change', $pending_email );
    103 
    104                                         $email_text = sprintf(
    105                                                 __( 'Dear %1$s,
    106 
    107 You recently changed the email address associated with your account on %2$s.
    108 If this is correct, please click on the following link to complete the change:
    109 %3$s
    110 
    111 You can safely ignore and delete this email if you do not want to take this action or if you have received this email in error.
    112 
    113 This email has been sent to %4$s.
    114 
    115 Regards,
    116 %5$s
    117 %6$s', 'buddypress' ),
    118                                                 bp_core_get_user_displayname( bp_displayed_user_id() ),
    119                                                 bp_get_site_name(),
    120                                                 esc_url( bp_displayed_user_domain() . bp_get_settings_slug() . '/?verify_email_change=' . $hash ),
    121                                                 $user_email,
    122                                                 bp_get_site_name(),
    123                                                 bp_get_root_domain()
    124                                         );
    125 
    126                                         /**
    127                                          * Filter the email text sent when a user changes emails.
    128                                          *
    129                                          * @since BuddyPress (2.1.0)
    130                                          *
    131                                          * @param string  $email_text     Text of the email.
    132                                          * @param string  $new_user_email New user email that the
    133                                          *                                current user has changed to.
    134                                          * @param string  $old_user_email Existing email address
    135                                          *                                for the current user.
    136                                          * @param WP_User $update_user    Userdata object for the current user.
    137                                          */
    138                                         $content = apply_filters( 'bp_new_user_email_content', $email_text, $user_email, $old_user_email, $update_user );
    139 
    140                                         // Send the verification email
    141                                         wp_mail( $user_email, sprintf( __( '[%s] Verify your new email address', 'buddypress' ), wp_specialchars_decode( bp_get_site_name() ) ), $content );
    142 
    14399                                        // We mark that the change has taken place so as to ensure a
    144100                                        // success message, even though verification is still required
    145101                                        $_POST['email'] = $update_user->user_email;
     
    495451add_action( 'bp_actions', 'bp_settings_verify_email_change' );
    496452
    497453/**
     454 * Resend email change verification email
     455 *
     456 * @since BuddyPress (2.3.0)
     457 */
     458function bp_settings_resend_email_change() {
     459
     460        // Bail if not settings
     461        if ( ! bp_is_settings_component() ) {
     462                return;
     463        }
     464
     465        // Bail if not viewing own profile
     466        if ( ! bp_is_my_profile() ) {
     467                return;
     468        }
     469
     470        // Bail if not resending verification email
     471        if ( ! isset( $_GET['resend_verification'] ) ) {
     472                return;
     473        }
     474
     475        // Get redirect address and pending email change meta
     476        $pending_email = bp_get_user_meta( bp_displayed_user_id(), 'pending_email_change', true );
     477
     478        // Bail if the hash provided doesn't match the one saved in the database
     479        if ( urldecode( $_GET['resend_verification'] ) !== $pending_email['hash'] ) {
     480                return;
     481        }
     482
     483        // Attempt to resend email change verification
     484        if ( bp_settings_send_email_change_verification_email( $pending_email['newemail'] ) ) {
     485                $message = sprintf( __( 'An email has been sent to %1$s with a new verification link.', 'buddypress' ), $pending_email['newemail'] );
     486                bp_core_add_message( $message );
     487        }
     488
     489        // Redirect
     490        $redirect_to   = trailingslashit( bp_displayed_user_domain() . bp_get_settings_slug() );
     491        bp_core_redirect( $redirect_to );
     492}
     493add_action( 'bp_actions', 'bp_settings_verify_email_change' );
     494
     495/**
    498496 * Removes 'Email' sub nav, if no component has registered options there.
    499497 *
    500498 * @since BuddyPress (2.2.0)
  • src/bp-settings/bp-settings-functions.php

     
    99
    1010// Exit if accessed directly
    1111defined( 'ABSPATH' ) || exit;
     12
     13/**
     14 * Send an email to the displayed user for them to verify that they want to
     15 * change the main email address associated with their account.
     16 *
     17 * In the case of a resend, a new hash is saved and provided. This invalidates
     18 * old links in previous emails, increasing security by validating the most
     19 * recent user intent.
     20 *
     21 * @since BuddyPress (2.3.0)
     22 *
     23 * @param  string $new_email_address Email address to use going forward
     24 * @param  string $old_email_address Email address previously being used
     25 *
     26 * @return type
     27 */
     28function bp_settings_send_email_change_verification_email( $new_email_address = '', $old_email_address = '' ) {
     29
     30        // This is for the displayed user ID, which is typically the logged in user
     31        $user_id = bp_displayed_user_id();
     32
     33        // If no email address passed, attempt to use new address from pending meta
     34        if ( empty( $new_email_address ) ) {
     35                $pending_email = bp_get_user_meta( $user_id, 'pending_email_change', true );
     36
     37                // Bail if pending email is missing newemail key, or if no pending email
     38                // change could be found in user meta for this user.
     39                if ( empty( $pending_email['newemail'] ) ) {
     40                        return false;
     41                }
     42
     43                $user_email = $pending_email['newemail'];
     44        }
     45
     46        // If no email address passed, use currently displayed user email address
     47        if ( empty( $old_email_address ) ) {
     48                $old_email_address = bp_displayed_user_email();
     49        }
     50
     51        // Rehash based on the user email, to invalidate previous emails
     52        $hash = wp_hash( $user_email );
     53
     54        // Update displayed user meta with new hash
     55        bp_update_user_meta( $user_id, 'pending_email_change', array(
     56                'hash'     => $hash,
     57                'newemail' => $user_email,
     58        ) );
     59
     60        // Setup a few string variables for concatenation later
     61        $user_settings = trailingslashit( bp_displayed_user_domain() . bp_get_settings_slug() );
     62        $user_name     = bp_core_get_user_displayname( $user_id );
     63        $site_name     = wp_specialchars_decode( bp_get_site_name() );
     64        $site_address  = bp_get_root_domain();
     65        $email_link    = esc_url( add_query_arg( array( 'resend_verification' => $hash ), $user_settings ) );
     66        $email_text    = __( 'Dear %1$s,
     67
     68You recently changed the email address associated with your account on %2$s.
     69If this is correct, please click on the following link to complete the change:
     70%3$s
     71
     72You can safely ignore and delete this email if you do not want to take this action or if you have received this email in error.
     73
     74This email has been sent to %4$s.
     75
     76Regards,
     77%5$s
     78%6$s', 'buddypress' );
     79
     80        // Format string
     81        $email_content = sprintf(
     82                $email_text,
     83                $user_name,
     84                $site_name,
     85                $email_link,
     86                $user_email,
     87                $site_name,
     88                $site_address
     89        );
     90
     91        /**
     92         * Filter the email text sent when a user changes emails.
     93         *
     94         * @since BuddyPress (2.1.0)
     95         *
     96         * @param string  $email_text     Text of the email.
     97         * @param string  $new_user_email New email address that the user changed to.
     98         * @param string  $old_user_email Existing email address for the user.
     99         * @param WP_User $update_user    Userdata object for the user.
     100         */
     101        $content = apply_filters( 'bp_new_user_email_content', $email_content, $user_email, $old_email_address, get_userdata( $user_id ) );
     102
     103        // Bail if destination or content were wiped out
     104        if ( empty( $content ) || empty( $user_email ) ) {
     105                return false;
     106        }
     107
     108        // Send the verification email
     109        wp_mail( $user_email, sprintf( __( '[%s] Verify your new email address', 'buddypress' ), $site_name ), $content );
     110
     111        // Email was successfully sent
     112        return true;
     113}
  • src/bp-settings/bp-settings-template.php

     
    7777 *
    7878 * @since BuddyPress (2.1.0)
    7979 */
    80 function bp_settings_pending_email_notice() {
    81         $pending_email = bp_get_user_meta( bp_displayed_user_id(), 'pending_email_change', true );
     80function bp_settings_pending_email_notice( $args = array() ) {
     81        echo bp_get_settings_pending_email_notice( $args );
     82}
     83add_action( 'bp_before_member_settings_template', 'bp_settings_pending_email_notice' );
    8284
     85/**
     86 * Get a pending email change notice, usually for a member's settings page.
     87 *
     88 * @since BuddyPress (2.3.0)
     89 *
     90 * @param  array $args
     91 * @return array
     92 */
     93function bp_get_settings_pending_email_notice( $args = array() ) {
     94
     95        // Look for pending email change
     96        $user_id       = bp_displayed_user_id();
     97        $current_email = bp_get_displayed_user_email();
     98        $pending_email = bp_get_user_meta( $user_id, 'pending_email_change', true );
     99
     100        // Bail if no pending email address change
    83101        if ( empty( $pending_email['newemail'] ) ) {
    84102                return;
    85103        }
    86104
    87         if ( bp_get_displayed_user_email() == $pending_email['newemail'] ) {
     105        // If pending change equals current address, delete the meta and bail
     106        if ( $current_email === $pending_email['newemail'] ) {
     107                bp_delete_user_meta( $user_id, 'pending_email_change' );
    88108                return;
    89109        }
    90110
    91         ?>
     111        // Notice
     112        $defaults['notice'] = array(
     113                'before'      => '<div id="message" class="bp-template-notice error"><p>',
     114                'after'       => '</p></div>',
     115                'text'        => __( 'An email address change from %1$s to %2$s is still pending verification.', 'buddypress' ),
     116                'old_address' => '<code>' . $current_email             . '</code>',
     117                'new_address' => '<code>' . $pending_email['newemail'] . '</code>'
     118        );
    92119
    93         <div id="message" class="bp-template-notice error">
    94                 <p><?php printf( __( 'There is a pending change of your email address to <code>%1$s</code>.<br />Check your email (<code>%2$s</code>) for the verification link. <a href="%3$s">Cancel</a>', 'buddypress' ), $pending_email['newemail'], bp_get_displayed_user_email(), esc_url( bp_displayed_user_domain() . bp_get_settings_slug() . '/?dismiss_email_change=1' ) ) ?></p>
    95         </div>
     120        // Get te base URL for links
     121        $base_url = trailingslashit( bp_displayed_user_domain() . bp_get_settings_slug() );
    96122
    97         <?php
     123        // Setup cancel link
     124        $defaults['links']['cancel'] = array(
     125                'before' => '<a href="%1$s" class="%2$s">',
     126                'after'  => '</a>',
     127                'text'   => __( 'Cancel', 'buddypress' ),
     128                'url'    => add_query_arg( array( 'resend_verification' => $pending_email['hash'] ), $base_url ),
     129                'class'  => 'cancel'
     130        );
     131
     132        // Setup resend link
     133        $defaults['links']['resend'] = array(
     134                'before' => '<a href="%1$s" class="%2$s">',
     135                'after'  => '</a>',
     136                'text'   => __( 'Resend', 'buddypress' ),
     137                'url'    => add_query_arg( array( 'dismiss_email_change' => '1' ), $base_url ),
     138                'class'  => 'resend primary'
     139        );
     140
     141        // Parse all the args
     142        $r = bp_parse_args( $args, $defaults, 'settings_pending_email_notice' );
     143
     144        // Setup notice text
     145        $notice_text = ! empty( $r['notice'] )
     146                ? sprintf( $r['notice']['text'], $r['notice']['old_address'], $r['notice']['new_address'] )
     147                : '';
     148
     149        // Setup links, if any exist
     150        if ( ! empty( $r['links'] ) ) {
     151
     152                // Setup links array
     153                $links = array();
     154
     155                // Combine link text
     156                foreach( $r['links'] as $link ) {
     157                        $links[] = sprintf( $link['before'] . $link['text'] . $link['after'], esc_url( $link['url'] ), $link['class'] );
     158                }
     159
     160                // Join links together and concatenate with notice text
     161                $notice_text .= join( '', $links );
     162        }
     163
     164        return apply_filters( 'bp_get_settings_pending_email_notice', $notice_text, $r, $args );
    98165}
    99 add_action( 'bp_before_member_settings_template', 'bp_settings_pending_email_notice' );