Re-validate Email Address when edited.

[windhamdavid]

require users to revalidate an email address via an activation link when edited in the profile ~ requested in this comment

[cnorris23]

There's code for WPMU to email super admins on an address change that you might be able to utilize/repurpose.

While I like the idea, it definitely needs to be something that remains optional. Preferably, through BP options in the dashboard, but at the very least through a hook/filter. I run a site now, where I certainly wouldn't want this feature in order to stay as unobtrusive as possible. While it's not ideal, if the user wants to change their email to a non-existent email, then that's their prerogative.

I might look into making this plugin.

[j.conti]

patch for revalidation

[j.conti]

Hi,

Here there is a patch for this, this is a first patch to be commented.

At this time, there is no option for activate or deactivate the revalidation, really i don't know if it is necessary.

The email revalidation text is not the final one, it has to be modified, so its a temporal text waiting for an ideas. It is directly taked from WordPress Multisite Super Admin email revalidation.

[j.conti]

Revalidation with fixed bug

[j.conti]

I'm sorry,

The good one is revalidation-2.diff

revalidation.diff has a bug (has a inherited code of WordPress Multisite

self_admin_url

[boonebgorges]

Thanks, j.conti. Unlike WPMS, we don't have a GUI for writing a custom email notification, so I don't think we need all the string swapping (###ADMIN_URL### etc). There are also some coding standards issues, but it should be fairly easy to clean this up for 2.1.

[j.conti]

Hi boonebgorges, yes thats the reason that I said that the email text has to be modified, and it's a temporal text :)

Now I've see that there is some typo errors :S

I'll look your corrections about coding standards issues, I suppose that I used some WordPress code instead of BuddyPress code.

Thanks a lot

[boonebgorges]

Hi boonebgorges, yes thats the reason that I said that the email text has to be modified, and it's a temporal text :)

Ah yes, it's just temporary. Got it :)

I'll look your corrections about coding standards issues, I suppose that I used some WordPress code instead of BuddyPress code.

Mainly just indentation and whitespace. Also, instead of hooking bp_user_update_email() to 'init', it's better to use 'bp_actions' (so that we know BP is completely loaded).

Thanks again!

[j.conti]

Oh, ok.

I hooked to init becasue wp_redirect breaks the page load, but maybe hooking it to bp_actions, it fix the problem. I don't test it.

[boonebgorges]

2265.03.patch is a refresh with the following changes:

• The "you have a pending message" notice is moved out of the template (which may be overridden or unavailable in some themes) and into a function hooked to 'bp_before_member_settings_template'
• Cleaned up some wording
• Code standards, etc
• Removed direct calls to $wpdb and cleaned up some logic
• Use bp_core_add_message() instead of URL params for success/failure messages

I think this is a solid change - it will prevent people from making mistakes, and may prevent certain kinds of account hijackings. Would like to get feedback from the core team on it before proceeding.

[r-a-y]

At a glance, looks good.

Two minor things:

1) The hash - Perhaps use wp_hash() instead of md5()?

2) Options vs. user meta. Instead of:

bp_update_option( bp_displayed_user_id() . '_new_email', $new_user_email );

Perhaps record in user meta?

[boonebgorges]

In 8560:

When a user changes her email address, require email verification of the new address

This feature, built into WordPress MS by default (when updating one's profile
via the Dashboard), ensures that new email addresses are valid and not
mistyped, helping to avoid unintentionally locked-out accounts.

Fixes #2265

Props j.conti for an initial patch