Skip to:
Content

BuddyPress.org

Opened 15 years ago

Closed 10 years ago

#2265 closed enhancement (fixed)

Re-validate Email Address when edited.

Reported by: windhamdavid's profile windhamdavid Owned by: boonebgorges's profile boonebgorges
Milestone: 2.1 Priority: normal
Severity: normal Version:
Component: Core Keywords: has-patch
Cc: raven@…

Description

require users to revalidate an email address via an activation link when edited in the profile ~ requested in this comment

Attachments (3)

revalidation.diff (7.8 KB) - added by j.conti 10 years ago.
patch for revalidation
revalidation-2.diff (7.8 KB) - added by j.conti 10 years ago.
Revalidation with fixed bug
2265.03.patch (6.0 KB) - added by boonebgorges 10 years ago.

Download all attachments as: .zip

Change History (15)

#1 @cnorris23
15 years ago

There's code for WPMU to email super admins on an address change that you might be able to utilize/repurpose.

While I like the idea, it definitely needs to be something that remains optional. Preferably, through BP options in the dashboard, but at the very least through a hook/filter. I run a site now, where I certainly wouldn't want this feature in order to stay as unobtrusive as possible. While it's not ideal, if the user wants to change their email to a non-existent email, then that's their prerogative.

I might look into making this plugin.

@j.conti
10 years ago

patch for revalidation

#2 @j.conti
10 years ago

  • Severity set to normal

Hi,

Here there is a patch for this, this is a first patch to be commented.

At this time, there is no option for activate or deactivate the revalidation, really i don't know if it is necessary.

The email revalidation text is not the final one, it has to be modified, so its a temporal text waiting for an ideas. It is directly taked from WordPress Multisite Super Admin email revalidation.

Last edited 10 years ago by j.conti (previous) (diff)

@j.conti
10 years ago

Revalidation with fixed bug

#3 @j.conti
10 years ago

I'm sorry,

The good one is revalidation-2.diff

revalidation.diff has a bug (has a inherited code of WordPress Multisite

self_admin_url

#4 @j.conti
10 years ago

  • Keywords has-patch added

#5 @bi0xid
10 years ago

  • Cc raven@… added

#6 @boonebgorges
10 years ago

  • Milestone changed from Future Release to 2.1

Thanks, j.conti. Unlike WPMS, we don't have a GUI for writing a custom email notification, so I don't think we need all the string swapping (###ADMIN_URL### etc). There are also some coding standards issues, but it should be fairly easy to clean this up for 2.1.

#7 @j.conti
10 years ago

Hi boonebgorges, yes thats the reason that I said that the email text has to be modified, and it's a temporal text :)

Now I've see that there is some typo errors :S

I'll look your corrections about coding standards issues, I suppose that I used some WordPress code instead of BuddyPress code.

Thanks a lot

#8 @boonebgorges
10 years ago

Hi boonebgorges, yes thats the reason that I said that the email text has to be modified, and it's a temporal text :)

Ah yes, it's just temporary. Got it :)

I'll look your corrections about coding standards issues, I suppose that I used some WordPress code instead of BuddyPress code.

Mainly just indentation and whitespace. Also, instead of hooking bp_user_update_email() to 'init', it's better to use 'bp_actions' (so that we know BP is completely loaded).

Thanks again!

#9 @j.conti
10 years ago

Oh, ok.

I hooked to init becasue wp_redirect breaks the page load, but maybe hooking it to bp_actions, it fix the problem. I don't test it.

#10 @boonebgorges
10 years ago

2265.03.patch is a refresh with the following changes:

  • The "you have a pending message" notice is moved out of the template (which may be overridden or unavailable in some themes) and into a function hooked to 'bp_before_member_settings_template'
  • Cleaned up some wording
  • Code standards, etc
  • Removed direct calls to $wpdb and cleaned up some logic
  • Use bp_core_add_message() instead of URL params for success/failure messages

I think this is a solid change - it will prevent people from making mistakes, and may prevent certain kinds of account hijackings. Would like to get feedback from the core team on it before proceeding.

#11 @r-a-y
10 years ago

At a glance, looks good.

Two minor things:

1) The hash - Perhaps use wp_hash() instead of md5()?

2) Options vs. user meta. Instead of:

bp_update_option( bp_displayed_user_id() . '_new_email', $new_user_email );

Perhaps record in user meta?

#12 @boonebgorges
10 years ago

  • Owner set to boonebgorges
  • Resolution set to fixed
  • Status changed from new to closed

In 8560:

When a user changes her email address, require email verification of the new address

This feature, built into WordPress MS by default (when updating one's profile
via the Dashboard), ensures that new email addresses are valid and not
mistyped, helping to avoid unintentionally locked-out accounts.

Fixes #2265

Props j.conti for an initial patch

Note: See TracTickets for help on using tickets.