Created
April 14, 2021 20:20
-
-
Save kodie/3dc3c8936c1c4f9af0398aaa75d126a4 to your computer and use it in GitHub Desktop.
Require email verification for custom Wordpress registration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
// Generate an email verification code and send it to their email | |
add_action('user_register', 'send_new_user_email_verification', 10, 1); | |
function send_new_user_email_verification($user_id) { | |
$user = get_userdata($user_id); | |
$email = $user->user_email; | |
$site_name = get_bloginfo('name'); | |
$code = wp_generate_password(32, false, false); | |
$hash = md5($code); | |
$link = add_query_arg(array( | |
'email-verification' => $code, | |
'user' => $user_id | |
), network_home_url()); | |
$message = "Please verify your email address by visiting the following link:\n\n$link\n\nThank you."; | |
$subject = "$site_name Email Verification"; | |
add_user_meta($user_id, 'email_verification_hash', $hash); | |
wp_mail($email, $subject, $message); | |
} | |
// Verify the email verification code when the user visits the link in their email | |
add_action('init', 'verify_new_user_email_verification', 10, 0); | |
function verify_new_user_email_verification() { | |
if (isset($_GET['email-verification']) && isset($_GET['user'])) { | |
$code = $_GET['email-verification']; | |
$user_id = $_GET['user']; | |
$hash = get_user_meta($user_id, 'email_verification_hash', true); | |
if (md5($code) === $hash) { | |
delete_user_meta($user_id, 'email_verification_hash'); | |
wp_safe_redirect(add_query_arg('email-verified', '1', wp_login_url())); | |
} | |
} | |
} | |
// If the user hasn't verified their email, don't allow them to login, generate and send them a new code instead | |
add_filter('authenticate', 'require_new_user_email_verification', 99, 1); | |
function require_new_user_email_verification($user) { | |
if (is_a($user, 'WP_User')) { | |
$user_id = $user->ID; | |
$email_unverified = get_user_meta($user_id, 'email_verification_hash', true); | |
if ($email_unverified) { | |
delete_user_meta($user_id, 'email_verification_hash'); | |
send_new_user_email_verification($user_id); | |
wp_safe_redirect(add_query_arg('email-verification-sent', '1', wp_login_url())); | |
exit; | |
} | |
} | |
return $user; | |
} | |
// Displays a message on the login screen confirming that the users email address has been verified | |
// or letting them know that an email has been sent for them to verify their email address | |
add_filter('login_message', 'email_verification_messages', 10, 1); | |
function email_verification_messages($message) { | |
if (isset($_GET['email-verified'])) { | |
$message = 'Your email address has been verified. You may now log in.'; | |
} elseif (isset($_GET['email-verification-sent'])) { | |
$message = 'Please check your inbox for an email containing a link to verify your email address.'; | |
} | |
return $message; | |
} | |
?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment