Skip to:
Content

BuddyPress.org

Opened 4 years ago

Last modified 10 months ago

#6895 new defect (bug)

bp_core_validate_email_address doesn’t check signups table

Reported by: baldgoat Owned by:
Milestone: Awaiting Contributions Priority: normal
Severity: normal Version: 2.0
Component: Registration Keywords: needs-patch needs-unit-tests
Cc:

Description

Not sure if this falls under WP Core or it's a BuddyPress issue.

It's more accurate to say that email_exists doesn't check the signups table to see if an signup with a duplicate email already exists. But, it may be a BuddyPress issue because it only becomes an issue if BP_SIGNUPS_SKIP_USER_CREATION is set to true in the wp-config.

Oddly enough, username_exists appears to check the signups table for a duplicate user_login. I, honestly, did not dig enough to confirm that for certain or if another filter/action is doing the check.

Change History (7)

#1 @baldgoat
4 years ago

At the request of shanebp on the BuddyPress.org forums, here is a link to our discussion...

https://buddypress.org/support/topic/bp_core_validate_email_address-doesnt-check-signups-table/

And the filter I wrote to resolve the issue...

add_filter('bp_core_validate_user_signup', 'check_signups_for_dup');

function check_signups_for_dup($arrResult)
{
    //If errors already exist just send it back
    if (!empty($arrResult['errors']->errors['user_name']) || !empty($arrResult['errors']->errors['user_email'])) {
        return $arrResult;
    }

    global $wpdb;

    $strUsernameQry = "SELECT COUNT(*) FROM {$wpdb->prefix}signups WHERE active='0' AND user_login = %s";
    $strEmailQry = "SELECT COUNT(*) FROM {$wpdb->prefix}signups WHERE active='0' AND user_email = %s";

    $intUsernames = $wpdb->get_var($wpdb->prepare($strUsernameQry, $arrResult['user_name']));
    $intEmails = $wpdb->get_var($wpdb->prepare($strEmailQry, $arrResult['user_email']));

    if (!empty($intUsernames)) {
        $arrResult['errors']->add('user_name', 'Sorry, a signup with that username already exists');
    }

    if (!empty($intEmails)) {
        $arrResult['errors']->add('user_email', 'Sorry, a signup with that email already exists');
    }

    return $arrResult;
}
Last edited 4 years ago by baldgoat (previous) (diff)

#2 @r-a-y
4 years ago

  • Component changed from API to API - Sign ups & Activation
  • Keywords needs-patch needs-unit-tests added
  • Milestone changed from Awaiting Review to Under Consideration
  • Version set to 2.0

@baldgoat - Your problem sounds about right to me, but we'll need to verify to be sure.

Moving to "Under Consideration" for now. Once we have a patch, it'll move to an appropriate milestone (most likely 2.6.0).

#3 @DJPaul
3 years ago

  • Milestone changed from Under Consideration to Awaiting Review

#4 @DJPaul
3 years ago

  • Milestone changed from Awaiting Review to Future Release

We need to look at bp-signup->resend and bp_core_validate_email_address and maybe bp_core_validate_user_signup. We should duplicate almost all the logic from wpmu_validate_user_signup, which includes checking the signups table.

#5 @r-a-y
15 months ago

  • Milestone changed from Awaiting Contributions to Up Next

Just marked #7498 as a duplicate.

This will be important to fix if we decide to ditch the user entry created during signup, which was added for backward compatibility reasons. See:
https://buddypress.trac.wordpress.org/browser/tags/3.1.0/src/bp-members/bp-members-functions.php?marks=1699-1720#L1669

Moving to Up Next.

Last edited 15 months ago by r-a-y (previous) (diff)

This ticket was mentioned in Slack in #buddypress by r-a-y. View the logs.


15 months ago

#7 @DJPaul
10 months ago

  • Milestone changed from Up Next to Awaiting Contributions
Note: See TracTickets for help on using tickets.