BuddyPress Hack: Add signup email checks (valid, duplicate and domains) on profile settings page

When a member creates a new account on BuddyPress, several email checks take place:  is_email, limited_email_domains, email_exists). One small problem is after the account has been created/validated a user may change their email address without these checks.  On My Profile > Settings > General

The code below will add the same signup checks plus force the user to enter their current password before updating.

*warning*

1) less than favorable hack as i was unable to create a proper plugin (something with removing the nav item and re-adding as the screen_function would not call the new template)

2) this should be a core thing and also email re-validation is needed (or maybe reset the pw on email change) – submitted a trac ticket email check

*warning #2 this requires modifying core files – built on BP v1.2.3*

Replace following 2 functions in buddypress/bp-core/bp-core-settings.php


function bp_core_screen_general_settings() {
 global $current_user, $bp_settings_updated, $pass_error, $email_error, $pwd_error;

 $bp_settings_updated = false;
 $pass_error = false;
 $email_error = false;
 $pwd_error = false;

 if ( isset($_POST['submit']) ) {
 check_admin_referer('bp_settings_general');

 require_once( WPINC . '/registration.php' );

 // Form has been submitted and nonce checks out, lets do it.

 //we want to validate the user again for the current password when making a big change
 if ( !empty( $_POST['pwd'] ) && $_POST['pwd'] != '' && wp_check_password($_POST['pwd'], $current_user->user_pass, $current_user->ID) ) {

 //need to make sure changing an email address does not already exists
 if ( $_POST['email'] != '' ) {

 //what is missing from the profile page vs signup - lets double check the goodies
 $user_email = sanitize_email( wp_specialchars( trim( $_POST['email'] ) ) );

 if ( !is_email( $user_email ) )
 $email_error = true;

 $limited_email_domains = get_site_option( 'limited_email_domains', 'buddypress' );

 if ( is_array( $limited_email_domains ) && empty( $limited_email_domains ) == false ) {
 $emaildomain = substr( $user_email, 1 + strpos( $user_email, '@' ) );

 if ( in_array( $emaildomain, (array)$limited_email_domains ) == false )
 $email_error = true;
 }

 if ( !$email_error && $current_user->user_email != $user_email  ) {

 //we don't want email dups in the system
 if ( email_exists( $user_email ) )
 $email_error = true;

 if (!$email_error)
 $current_user->user_email = $user_email;
 }
 }

 if ( $_POST['pass1'] != '' && $_POST['pass2'] != '' ) {

 if ( $_POST['pass1'] == $_POST['pass2'] && !strpos( " " . $_POST['pass1'], "\\" ) )
 $current_user->user_pass = $_POST['pass1'];
 else
 $pass_error = true;

 } else if ( empty( $_POST['pass1'] ) && !empty( $_POST['pass2'] ) || !empty( $_POST['pass1'] ) && empty( $_POST['pass2'] ) ) {
 $pass_error = true;
 } else {
 unset( $current_user->user_pass );
 }

 if ( !$email_error && !$pass_error && wp_update_user( get_object_vars( $current_user ) ) )
 $bp_settings_updated = true;

 } else {
 $pwd_error = true;
 }

 }

 add_action( 'bp_template_title', 'bp_core_screen_general_settings_title' );
 add_action( 'bp_template_content', 'bp_core_screen_general_settings_content' );

 bp_core_load_template( apply_filters( 'bp_core_template_plugin', 'members/single/plugins' ) );
}

2nd function to replace as we should display some feedback to the user:

function bp_core_screen_general_settings_content() {
 global $bp, $current_user, $bp_settings_updated, $pass_error, $pwd_error, $email_error; ?>

 <?php if ( $bp_settings_updated && !$pass_error ) { ?>
 <div id="message">
 <p><?php _e( 'Changes Saved.', 'buddypress' ) ?></p>
 </div>
 <?php } ?>

 <?php if ( $pass_error && !$bp_settings_updated ) { ?>
 <div id="message">
 <p><?php _e( 'Your passwords did not match', 'buddypress' ) ?></p>
 </div>
 <?php } ?>

 <?php if ( $pwd_error && !$bp_settings_updated ) { ?>
 <div id="message">
 <p><?php _e( 'Your password is incorrect', 'buddypress' ) ?></p>
 </div>
 <?php } ?>

 <?php
 if ( $email_error && !$bp_settings_updated ) { ?>
 <div id="message">
 <p><?php _e( 'Sorry, that email address is already used or is invalid', 'buddypress' ) ?></p>
 </div>
 <?php } ?>

 <form action="<?php echo $bp->loggedin_user->domain . BP_SETTINGS_SLUG . '/general' ?>" method="post" id="settings-form">

 <label for="pwd"><?php _e( 'Current Password <span>(required to update email or change current password)</span>', 'buddypress' ) ?></label>
 <input type="password" name="pwd" id="pwd" size="16" value="" /> &nbsp;<?php _e( 'Current Password', 'buddypress' ) ?><br />
 <a href="<?php echo site_url('wp-login.php?action=lostpassword', 'login') ?>" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a><br/>

 <label for="email"><?php _e( 'Account Email', 'buddypress' ) ?></label>
 <input type="text" name="email" id="email" value="<?php echo attribute_escape( $current_user->user_email ); ?>" />

 <label for="pass1"><?php _e( 'Change Password <span>(leave blank for no change)</span>', 'buddypress' ) ?></label>

 <input type="password" name="pass1" id="pass1" size="16" value="" /> &nbsp;<?php _e( 'New Password', 'buddypress' ) ?><br />
 <input type="password" name="pass2" id="pass2" size="16" value="" /> &nbsp;<?php _e( 'Repeat New Password', 'buddypress' ) ?>

 <div>
 <input type="submit" name="submit" value="<?php _e( 'Save Changes', 'buddypress' ) ?>" id="submit"/></p>
 </div>

 <?php wp_nonce_field('bp_settings_general') ?>
 </form>
<?php

}
This entry was posted in Tech and tagged , . Bookmark the permalink.

Leave a Reply