Make WordPress Core


Ignore:
Timestamp:
03/06/2018 11:46:44 PM (7 years ago)
Author:
azaozz
Message:

Add a method to confirm user requests by email. First run.

Props mikejolley.
See #43443.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-login.php

    r42761 r42791  
    428428
    429429// validate action so as to default to the login screen
    430 if ( ! in_array( $action, array( 'postpass', 'logout', 'lostpassword', 'retrievepassword', 'resetpass', 'rp', 'register', 'login' ), true ) && false === has_filter( 'login_form_' . $action ) ) {
     430if ( ! in_array( $action, array( 'postpass', 'logout', 'lostpassword', 'retrievepassword', 'resetpass', 'rp', 'register', 'login', 'emailconfirm' ), true ) && false === has_filter( 'login_form_' . $action ) ) {
    431431    $action = 'login';
    432432}
     
    858858
    859859        break;
     860
     861    case 'emailconfirm' :
     862        if ( isset( $_GET['confirm_action'], $_GET['confirm_key'], $_GET['uid'] ) ) {
     863            $action_name = sanitize_key( wp_unslash( $_GET['confirm_action'] ) );
     864            $key         = sanitize_text_field( wp_unslash( $_GET['confirm_key'] ) );
     865            $uid         = sanitize_text_field( wp_unslash( $_GET['uid'] ) );
     866            $result      = check_confirm_account_action_key( $action_name, $key, $uid );
     867        } else {
     868            $result = new WP_Error( 'invalid_key', __( 'Invalid key' ) );
     869        }
     870
     871        if ( is_wp_error( $result ) ) {
     872            /**
     873             * Fires an action hook when the account action was not confirmed.
     874             *
     875             * After running this action hook the page will die.
     876             *
     877             * @param WP_Error $result Error object.
     878             */
     879            do_action( 'account_action_failed', $result );
     880
     881            wp_die( $result );
     882        }
     883       
     884        /**
     885         * Fires an action hook when the account action has been confirmed by the user.
     886         *
     887         * Using this you can assume the user has agreed to perform the action by
     888         * clicking on the link in the confirmation email.
     889         *
     890         * After firing this action hook the page will redirect to wp-login a callback
     891         * redirects or exits first.
     892         *
     893         * @param array $result {
     894         *     Data about the action which was confirmed.
     895         *
     896         *     @type string $action Name of the action that was confirmed.
     897         *     @type string $email  Email of the user who confirmed the action.
     898         * }
     899         */
     900        do_action( 'account_action_confirmed', $result );
     901
     902        $message = '<p class="message">' . __( 'Action has been confirmed.' ) . '</p>';
     903        login_header( '', $message );
     904        login_footer();
     905        exit;
    860906
    861907    case 'login':
Note: See TracChangeset for help on using the changeset viewer.