WordPress Version: 9.7
/**
* Send a confirmation request email when a change of user email address is attempted.
*
* @since 3.0.0
* @since 4.9.0 This function was moved from wp-admin/includes/ms.php so it's no longer Multisite specific.
*
* @global WP_Error $errors WP_Error object.
* @global wpdb $wpdb WordPress database object.
*/
function send_confirmation_on_profile_email()
{
global $errors, $wpdb;
$current_user = wp_get_current_user();
if (!is_object($errors)) {
$errors = new WP_Error();
}
if ($current_user->ID != $_POST['user_id']) {
return false;
}
if ($current_user->user_email != $_POST['email']) {
if (!is_email($_POST['email'])) {
$errors->add('user_email', __("<strong>ERROR</strong>: The email address isn’t correct."), array('form-field' => 'email'));
return;
}
if ($wpdb->get_var($wpdb->prepare("SELECT user_email FROM {$wpdb->users} WHERE user_email=%s", $_POST['email']))) {
$errors->add('user_email', __("<strong>ERROR</strong>: The email address is already used."), array('form-field' => 'email'));
delete_user_meta($current_user->ID, '_new_email');
return;
}
$hash = md5($_POST['email'] . time() . wp_rand());
$new_user_email = array('hash' => $hash, 'newemail' => $_POST['email']);
update_user_meta($current_user->ID, '_new_email', $new_user_email);
if (is_multisite()) {
$sitename = get_site_option('site_name');
} else {
$sitename = get_option('blogname');
}
/* translators: Do not translate USERNAME, ADMIN_URL, EMAIL, SITENAME, SITEURL: those are placeholders. */
$email_text = __('Howdy ###USERNAME###,
You recently requested to have the email address on your account changed.
If this is correct, please click on the following link to change it:
###ADMIN_URL###
You can safely ignore and delete this email if you do not want to
take this action.
This email has been sent to ###EMAIL###
Regards,
All at ###SITENAME###
###SITEURL###');
/**
* Filters the text of the email sent when a change of user email address is attempted.
*
* The following strings have a special meaning and will get replaced dynamically:
* ###USERNAME### The current user's username.
* ###ADMIN_URL### The link to click on to confirm the email change.
* ###EMAIL### The new email.
* ###SITENAME### The name of the site.
* ###SITEURL### The URL to the site.
*
* @since MU (3.0.0)
* @since 4.9.0 This filter is no longer Multisite specific.
*
* @param string $email_text Text in the email.
* @param array $new_user_email {
* Data relating to the new user email address.
*
* @type string $hash The secure hash used in the confirmation link URL.
* @type string $newemail The proposed new email address.
* }
*/
$content = apply_filters('new_user_email_content', $email_text, $new_user_email);
$content = str_replace('###USERNAME###', $current_user->user_login, $content);
$content = str_replace('###ADMIN_URL###', esc_url(admin_url('profile.php?newuseremail=' . $hash)), $content);
$content = str_replace('###EMAIL###', $_POST['email'], $content);
$content = str_replace('###SITENAME###', wp_specialchars_decode($sitename, ENT_QUOTES), $content);
$content = str_replace('###SITEURL###', network_home_url(), $content);
wp_mail($_POST['email'], sprintf(__('[%s] New Email Address'), wp_specialchars_decode(get_option('blogname'), ENT_QUOTES)), $content);
$_POST['email'] = $current_user->user_email;
}
}