Make WordPress Core


Ignore:
Timestamp:
02/17/2023 08:08:19 AM (14 months ago)
Author:
adamsilverstein
Message:

Login and Registration: prevent registering with username that matches previous user email.

When registering a new user, check that no existing user has an email matching the username.

Prevents a login name collision when one user registers with the email address user@… and a second user tries to register with the username user@….

Props buutqn, dunhakdis, roytanck, ajayver.
Fixes #57394.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/user.php

    r55301 r55358  
    21242124    }
    21252125
     2126    // Username must be unique.
    21262127    if ( ! $update && username_exists( $user_login ) ) {
    21272128        return new WP_Error( 'existing_user_login', __( 'Sorry, that username already exists!' ) );
     2129    }
     2130
     2131    // Username must not match an existing user email.
     2132    if ( email_exists( $user_login ) ) {
     2133        return new WP_Error( 'existing_user_login_as_email', __( 'Sorry, that username is not available.' ) );
    21282134    }
    21292135
     
    33413347    } elseif ( username_exists( $sanitized_user_login ) ) {
    33423348        $errors->add( 'username_exists', __( '<strong>Error:</strong> This username is already registered. Please choose another one.' ) );
    3343 
     3349    } elseif ( email_exists( $sanitized_user_login ) ) {
     3350        $errors->add( 'username_exists_as_email', __( '<strong>Error:</strong> This username is not available. Please choose another one.' ) );
    33443351    } else {
    33453352        /** This filter is documented in wp-includes/user.php */
Note: See TracChangeset for help on using the changeset viewer.