diff --git a/src/wp-includes/user.php b/src/wp-includes/user.php index 4dad406c7b..def16fa272 100644 --- a/src/wp-includes/user.php +++ b/src/wp-includes/user.php @@ -1370,9 +1370,9 @@ function clean_user_cache( $user ) { /** * Determines whether the given username exists. - * + * * For more information on this and similar theme functions, check out - * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ + * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 2.0.0 @@ -1400,9 +1400,9 @@ function username_exists( $username ) { /** * Determines whether the given email exists. - * + * * For more information on this and similar theme functions, check out - * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ + * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 2.1.0 @@ -2809,3 +2809,258 @@ function new_user_email_admin_notice() { echo '

' . sprintf( __( 'Your email address has not been updated yet. Please check your inbox at %s for a confirmation email.' ), '' . esc_html( $email['newemail'] ) . '' ) . '

'; } } + +/** + * Send a confirmation request email to confirm an action. + * + * @since 5.0.0 + * + * @param string $action_name Name of the action that is being confirmed. + * @param string $action_description User facing description of the action they will be confirming. + * @param string $email User email address. This can be the address of a registered or non-registered user. Defaults to logged in user email address. + * + * @return WP_ERROR|bool Will return true/false based on the success of sending the email, or a WP_Error object. + */ +function send_confirm_account_action_email( $action_name, $action_description = '', $email = '' ) { + $action_name = sanitize_key( $action_name ); + $action_description = wp_kses_post( $action_description ); + + if ( empty( $action_name ) ) { + return new WP_Error( 'invalid_action', __( 'Invalid action' ) ); + } + + if ( empty( $email ) ) { + $user = wp_get_current_user(); + $email = $user->ID ? $user->user_email : ''; + } else { + $user = false; + } + + $email = sanitize_email( $email ); + + if ( ! is_email( $email ) ) { + return new WP_Error( 'invalid_email', __( 'Invalid email address' ) ); + } + + if ( ! $user ) { + $user = get_user_by( 'email', $email ); + } + + // We could be dealing with a registered user account, or a visitor. + $is_registered_user = $user && ! is_wp_error( $user ); + $uid = $is_registered_user ? $user->ID : hash( 'sha256', $email ); + $confirm_key = get_confirm_account_action_key( $action_name, $email ); + + if ( is_wp_error( $confirm_key ) ) { + return $confirm_key; + } + + // Prepare the email content. + if ( ! $action_description ) { + $action_description = $action_name; + } + + /* translators: Do not translate DESCRIPTION, CONFIRM_URL, EMAIL, SITENAME, SITEURL: those are placeholders. */ + $email_text = __( + 'Howdy, + +An account linked to your email address has requested to perform +the following action: + + ###DESCRIPTION### + +To confirm this action, please click on the following link: +###CONFIRM_URL### + +You can safely ignore and delete this email if you do not want to +take this action. + +This email has been sent to ###EMAIL###. + +Regards, +All at ###SITENAME### +###SITEURL###' + ); + + $email_data = array( + 'action_name' => $action_name, + 'email' => $email, + 'description' => $action_description, + 'confirm_url' => add_query_arg( array( + 'action' => 'emailconfirm', + 'confirm_action' => $action_name, + 'uid' => $uid, + 'confirm_key' => $confirm_key, + ), site_url( 'wp-login.php' ) ), + 'sitename' => is_multisite() ? get_site_option( 'site_name' ) : get_option( 'blogname' ), + 'siteurl' => network_home_url(), + ); + + /** + * Filters the text of the email sent when an account action is attempted. + * + * The following strings have a special meaning and will get replaced dynamically: + * ###USERNAME### The user's username, if the user has an account. Prefixed with single space. Otherwise left blank. + * ###DESCRIPTION### Description of the action being performed so the user knows what the email is for. + * ###CONFIRM_URL### The link to click on to confirm the account action. + * ###EMAIL### The email we are sending to. + * ###SITENAME### The name of the site. + * ###SITEURL### The URL to the site. + * + * @param string $email_text Text in the email. + * @param array $email_data { + * Data relating to the account action email. + * + * @type string $action_name Name of the action being performed. + * @type string $email The email address this is being sent to. + * @type string $description Description of the action being performed so the user knows what the email is for. + * @type string $confirm_url The link to click on to confirm the account action. + * @type string $sitename The site name sending the mail. + * @type string $siteurl The site URL sending the mail. + * } + */ + $content = apply_filters( 'confirm_account_action_email_content', $email_text, $email_data ); + + $content = str_replace( '###DESCRIPTION###', $email_data['description'], $content ); + $content = str_replace( '###CONFIRM_URL###', esc_url_raw( $email_data['confirm_url'] ), $content ); + $content = str_replace( '###EMAIL###', $email_data['email'], $content ); + $content = str_replace( '###SITENAME###', wp_specialchars_decode( $email_data['sitename'], ENT_QUOTES ), $content ); + $content = str_replace( '###SITEURL###', esc_url_raw( $email_data['siteurl'] ), $content ); + + /* translators: %s Site name. */ + return wp_mail( $email_data['email'], sprintf( __( '[%s] Confirm Account Action' ), wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ) ), $content ); +} + +/** + * Creates, stores, then returns a confirmation key for an account action. + * + * @since 5.0.0 + * + * @param string $action_name Name of the action this key is being generated for. + * @param string $email User email address. This can be the address of a registered or non-registered user. + * + * @return string|WP_Error Confirmation key on success. WP_Error on error. + */ +function get_confirm_account_action_key( $action_name, $email ) { + global $wp_hasher; + + if ( ! is_email( $email ) ) { + return new WP_Error( 'invalid_email', __( 'Invalid email address' ) ); + } + + if ( empty( $action_name ) ) { + return new WP_Error( 'invalid_action', __( 'Invalid action' ) ); + } + + $user = get_user_by( 'email', $email ); + + // We could be dealing with a registered user account, or a visitor. + $is_registered_user = $user && ! is_wp_error( $user ); + + // Generate something random for a confirmation key. + $key = wp_generate_password( 20, false ); + + // Now insert the key, hashed, into the DB. + if ( empty( $wp_hasher ) ) { + require_once ABSPATH . WPINC . '/class-phpass.php'; + $wp_hasher = new PasswordHash( 8, true ); + } + + $hashed_key = $wp_hasher->HashPassword( $key ); + + if ( $is_registered_user ) { + $key_saved = (bool) update_user_meta( $user->ID, '_account_action_' . $action_name, implode( ':', array( time(), $hashed_key ) ) ); + } else { + $key_saved = (bool) update_site_option( '_account_action_' . hash( 'sha256', $email ) . '_' . $action_name, implode( ':', array( time(), $hashed_key, $email ) ) ); + } + + if ( false === $key_saved ) { + return new WP_Error( 'no_confirm_account_action_key_update', __( 'Could not save confirm account action key to database.' ) ); + } + + return $key; +} + +/** + * Checks if a key is valid and handles the action based on this. + * + * @since 5.0.0 + * + * @param string $action_name Name of the action this key is being generated for. + * @param string $key Key to confirm. + * @param string $uid Email hash or user ID. + * + * @return array|WP_Error WP_Error on failure, action name and user email address on success. + */ +function check_confirm_account_action_key( $action_name, $key, $uid ) { + global $wp_hasher; + + if ( ! empty( $action_name ) && ! empty( $key ) && ! empty( $uid ) ) { + $user = false; + + if ( is_numeric( $uid ) ) { + $user = get_user_by( 'id', absint( $uid ) ); + } + + // We could be dealing with a registered user account, or a visitor. + $is_registered_user = $user && ! is_wp_error( $user ); + $key_request_time = ''; + $saved_key = ''; + $email = ''; + + if ( empty( $wp_hasher ) ) { + require_once ABSPATH . WPINC . '/class-phpass.php'; + $wp_hasher = new PasswordHash( 8, true ); + } + + // Get the saved key from the database. + if ( $is_registered_user ) { + $confirm_action_data = get_user_meta( $user->ID, '_account_action_' . $action_name, true ); + $email = $user->user_email; + + if ( false !== strpos( $confirm_action_data, ':' ) ) { + list( $key_request_time, $saved_key ) = explode( ':', $confirm_action_data, 2 ); + } + } else { + $confirm_action_data = get_site_option( '_account_action_' . $uid . '_' . $action_name, '' ); + + if ( false !== strpos( $confirm_action_data, ':' ) ) { + list( $key_request_time, $saved_key, $email ) = explode( ':', $confirm_action_data, 3 ); + } + } + + if ( ! $saved_key ) { + return new WP_Error( 'invalid_key', __( 'Invalid key' ) ); + } + + /** + * Filters the expiration time of confirm keys. + * + * @param int $expiration The expiration time in seconds. + */ + $expiration_duration = apply_filters( 'account_action_expiration', DAY_IN_SECONDS ); + $expiration_time = $key_request_time + $expiration_duration; + + if ( $wp_hasher->CheckPassword( $key, $saved_key ) ) { + if ( $expiration_time && time() < $expiration_time ) { + $return = array( + 'action' => $action_name, + 'email' => $email, + ); + } else { + $return = new WP_Error( 'expired_key', __( 'The confirmation email has expired.' ) ); + } + + // Clean up stored keys. + if ( $is_registered_user ) { + delete_user_meta( $user->ID, '_account_action_' . $action_name ); + } else { + delete_site_option( '_account_action_' . $uid . '_' . $action_name ); + } + + return $return; + } + } + + return new WP_Error( 'invalid_key', __( 'Invalid key' ) ); +} diff --git a/src/wp-login.php b/src/wp-login.php index f82661d2ca..349f232443 100644 --- a/src/wp-login.php +++ b/src/wp-login.php @@ -427,7 +427,7 @@ if ( isset( $_GET['key'] ) ) { } // validate action so as to default to the login screen -if ( ! in_array( $action, array( 'postpass', 'logout', 'lostpassword', 'retrievepassword', 'resetpass', 'rp', 'register', 'login' ), true ) && false === has_filter( 'login_form_' . $action ) ) { +if ( ! in_array( $action, array( 'postpass', 'logout', 'lostpassword', 'retrievepassword', 'resetpass', 'rp', 'register', 'login', 'emailconfirm' ), true ) && false === has_filter( 'login_form_' . $action ) ) { $action = 'login'; } @@ -858,6 +858,52 @@ switch ( $action ) { break; + case 'emailconfirm' : + if ( isset( $_GET['confirm_action'], $_GET['confirm_key'], $_GET['uid'] ) ) { + $action_name = sanitize_key( wp_unslash( $_GET['confirm_action'] ) ); + $key = sanitize_text_field( wp_unslash( $_GET['confirm_key'] ) ); + $uid = sanitize_text_field( wp_unslash( $_GET['uid'] ) ); + $result = check_confirm_account_action_key( $action_name, $key, $uid ); + } else { + $result = new WP_Error( 'invalid_key', __( 'Invalid key' ) ); + } + + if ( is_wp_error( $result ) ) { + /** + * Fires an action hook when the account action was not confirmed. + * + * After running this action hook the page will die. + * + * @param WP_Error $result Error object. + */ + do_action( 'account_action_failed', $result ); + + wp_die( $result ); + } + + /** + * Fires an action hook when the account action has been confirmed by the user. + * + * Using this you can assume the user has agreed to perform the action by + * clicking on the link in the confirmation email. + * + * After firing this action hook the page will redirect to wp-login a callback + * redirects or exits first. + * + * @param array $result { + * Data about the action which was confirmed. + * + * @type string $action Name of the action that was confirmed. + * @type string $email Email of the user who confirmed the action. + * } + */ + do_action( 'account_action_confirmed', $result ); + + $message = '

' . __( 'Action has been confirmed.' ) . '

'; + login_header( '', $message ); + login_footer(); + exit; + case 'login': default: $secure_cookie = '';