更改电子邮件时需要确认

我只是想知道为什么每次用户更改电子邮件地址时wordpress都不会发送确认邮件。

我们如何知道电子邮件地址不是伪造的或错误的输入？

那么有人可以给我一些代码来实现此功能吗？

更新：

这是主意。

1. 用户更改他/她的邮件
2. 我们发送确认电子邮件。
3. 如果用户通过单击确认链接在X天内确认该电子邮件，则应更改该电子邮件。否则，我们应该使用现有的电子邮件。

就像SickHippie所说的那样，此功能是WordPress固有的，但仅适用于多站点设置，因此，这是使它在单个站点设置上起作用所需的两个功能，它们大多是一对一的代码 /wp-admin/user-edit.php file

function custom_send_confirmation_on_profile_email() {
    global $errors, $wpdb;
    $current_user = wp_get_current_user();
    if ( ! is_object($errors) )
        $errors = new WP_Error();

    if ( $current_user->ID != $_POST['user_id'] )
        return false;

    if ( $current_user->user_email != $_POST['email'] ) {
        if ( !is_email( $_POST['email'] ) ) {
            $errors->add( 'user_email', __( "<strong>ERROR</strong>: The e-mail address isn't correct." ), array( 'form-field' => 'email' ) );
            return;
        }

        if ( email_exists( $_POST['email'] ) ) {
            $errors->add( 'user_email', __( "<strong>ERROR</strong>: The e-mail address is already used." ), array( 'form-field' => 'email' ) );
            delete_user_meta( $current_user->ID . '_new_email' );
            return;
        }

        $hash = md5( $_POST['email'] . time() . mt_rand() );
        $new_user_email = array(
            'hash' => $hash,
            'newemail' => $_POST['email']
        );
        update_user_meta( $current_user->ID . '_new_email', $new_user_email );

        $content = apply_filters( 'new_user_email_content', __( "Dear user,

    You recently requested to have the email address on your account changed.
    If this is correct, please click on the following link to change it:
    ###ADMIN_URL###

    You can safely ignore and delete this email if you do not want to
    take this action.

    This email has been sent to ###EMAIL###

    Regards,
    All at ###SITENAME###
    ###SITEURL###" ), $new_user_email );

        $content = str_replace( '###ADMIN_URL###', esc_url( admin_url( 'profile.php?newuseremail='.$hash ) ), $content );
        $content = str_replace( '###EMAIL###', $_POST['email'], $content);
        $content = str_replace( '###SITENAME###', get_site_option( 'site_name' ), $content );
        $content = str_replace( '###SITEURL###', home_url(), $content );

        wp_mail( $_POST['email'], sprintf( __( '[%s] New Email Address' ), get_option( 'blogname' ) ), $content );
        $_POST['email'] = $current_user->user_email;
    }
}
add_action( 'personal_options_update', 'custom_send_confirmation_on_profile_email' );

// Execute confirmed email change. See send_confirmation_on_profile_email().
function verify_email_change(){
    global $errors, $wpdb;
    $current_user = wp_get_current_user();
    if (in_array($GLOBALS['pagenow'], array('profile.php')) && $current_user->ID > 0) {
        if (isset( $_GET[ 'newuseremail' ] ) && $current_user->ID ) {
            $new_email = get_user_meta( $current_user->ID . '_new_email' );
            if ( $new_email[ 'hash' ] == $_GET[ 'newuseremail' ] ) {
                $user->ID = $current_user->ID;
                $user->user_email = esc_html( trim( $new_email[ 'newemail' ] ) );
                if ( $wpdb->get_var( $wpdb->prepare( "SELECT user_login FROM {$wpdb->users} WHERE user_login = %s", $current_user->user_login ) ) )
                    $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->users} SET user_email = %s WHERE user_login = %s", $user->user_email, $current_user->user_login ) );
                wp_update_user( get_object_vars( $user ) );
                delete_user_meta( $current_user->ID . '_new_email' );
                wp_redirect( add_query_arg( array('updated' => 'true'), self_admin_url( 'profile.php' ) ) );
                die();
            }
        } elseif ( !empty( $_GET['dismiss'] ) && $current_user->ID . '_new_email' == $_GET['dismiss'] ) {
            delete_user_meta( $current_user->ID . '_new_email' );
            wp_redirect( add_query_arg( array('updated' => 'true'), self_admin_url( 'profile.php' ) ) );
            die();
        }
    }
}
add_action('plugins_loaded','verify_email_change');

这是一个奇怪的“特征”。该功能实际上在WordPress内部可用（WordPress.com已为其托管博客服务启用了此功能），但仅限于多站点。如果您看一下，/wp-admin/includes/ms.php就会发现处理此行239的函数send_confirmation_on_profile_email()。

据推测，您可以将此函数移至functions.php或插件中以获取此功能，可能需要进行一些调整才能使其正常工作。它没有回答“为什么”，但是这里的主题跟踪记录也没有。

ETA：进一步研究它，您可能还需要复制一些其他功能- new_user_email_admin_notice()并update_option_new_admin_email()在可能需要时跳出。

吉里的回应对我没有用。我必须进行调整才能使其正常工作（Wordpress 3.5）

function cleanup_verify_email_change()
{
    global $errors, $wpdb;
    $current_user = wp_get_current_user();

    // don't execute this if they're trying to dismiss a pending email change
    if (in_array($GLOBALS['pagenow'], array('profile.php')) && $current_user->ID > 0 & !isset($_GET["dismiss"])) 
    {
        if (isset( $_POST[ 'email' ] ) && ($current_user->user_email != $_POST['email']) ) 
        {
            $user->ID = $current_user->ID;
            $user->user_email = esc_html( trim( $_POST[ 'email' ] ) );

            if ( $wpdb->get_var( $wpdb->prepare( "SELECT user_login FROM {$wpdb->users} WHERE user_login = %s", $current_user->user_login ) ) ) {
                $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->users} SET user_email = %s WHERE user_login = %s", $user->user_email, $current_user->user_login ) );
            }

            wp_update_user( get_object_vars( $user ) );

            wp_redirect( add_query_arg( array('updated' => 'true', 'multisite_cleanup' => 'true'), self_admin_url( 'profile.php' ) ) );
            die();
        } 
        elseif ( !empty( $_GET['dismiss'] ) && $current_user->ID . '_new_email' == $_GET['dismiss'] ) 
        {
            delete_user_meta( $current_user->ID . '_new_email' );
            wp_redirect( add_query_arg( array('updated' => 'true', 'multisite_cleanup' => 'true'), self_admin_url( 'profile.php' ) ) );
            die();
        }
    }
}
add_action('plugins_loaded','cleanup_verify_email_change');

我已经调整了Giri代码，使其可以在我的wordpress上使用（版本4.8.1+）

之前：

 update_user_meta( $current_user->ID . '_new_email', $new_user_email );

后：

 update_user_meta( $current_user->ID, '_new_email', $new_user_email );

逗号需要替换句点。

也：

$new_email['hash'];
$new_email['newemail'];

成为

$new_email[0]['hash'];
$new_email[0]['newemail'];

因此：

function custom_send_confirmation_on_profile_email() {
    global $errors, $wpdb;
    $current_user = wp_get_current_user();
    if ( ! is_object($errors) )
        $errors = new WP_Error();

    if ( $current_user->ID != $_POST['user_id'] )
        return false;

    if ( $current_user->user_email != $_POST['email'] ) {
        if ( !is_email( $_POST['email'] ) ) {
            $errors->add( 'user_email', __( "<strong>ERROR</strong>: The e-mail address isn't correct." ), array( 'form-field' => 'email' ) );
            return;
        }

        if ( email_exists( $_POST['email'] ) ) {
            $errors->add( 'user_email', __( "<strong>ERROR</strong>: The e-mail address is already used." ), array( 'form-field' => 'email' ) );
            delete_user_meta( $current_user->ID, '_new_email' );
            return;
        }

        $hash = md5( $_POST['email'] . time() . mt_rand() );
        $new_user_email = array(
            'hash' => $hash,
            'newemail' => $_POST['email']
        );
        update_user_meta( $current_user->ID, '_new_email', $new_user_email );

        $content = apply_filters( 'new_user_email_content', __( "Dear user,

        You recently requested to have the email address on your account changed.
        If this is correct, please click on the following link to change it:
        ###ADMIN_URL###

        You can safely ignore and delete this email if you do not want to
        take this action.

        This email has been sent to ###EMAIL###

        Regards,
        All at ###SITENAME###
        ###SITEURL###" ), $new_user_email );

        $content = str_replace( '###ADMIN_URL###', esc_url( admin_url( 'profile.php?newuseremail='.$hash ) ), $content );
        $content = str_replace( '###EMAIL###', $_POST['email'], $content);
        $content = str_replace( '###SITENAME###', get_site_option( 'site_name' ), $content );
        $content = str_replace( '###SITEURL###', home_url(), $content );

        wp_mail( $_POST['email'], sprintf( __( '[%s] New Email Address' ), get_option( 'blogname' ) ), $content );
        $_POST['email'] = $current_user->user_email;
    }
}
add_action( 'personal_options_update', 'custom_send_confirmation_on_profile_email' );

// Execute confirmed email change. See send_confirmation_on_profile_email().
function verify_email_change(){
    global $errors, $wpdb;
    $current_user = wp_get_current_user();
    if (in_array($GLOBALS['pagenow'], array('profile.php')) && $current_user->ID > 0) {
        if (isset( $_GET[ 'newuseremail' ] ) && $current_user->ID ) {
            $new_email = get_user_meta( $current_user->ID, '_new_email' );
            if ( $new_email[0]['hash'] == $_GET[ 'newuseremail' ] ) {
                $user->ID = $current_user->ID;
                $user->user_email = esc_html( trim( $new_email[0][ 'newemail' ] ) );
                if ( $wpdb->get_var( $wpdb->prepare( "SELECT user_login FROM {$wpdb->users} WHERE user_login = %s", $current_user->user_login ) ) )
                    $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->users} SET user_email = %s WHERE user_login = %s", $user->user_email, $current_user->user_login ) );
                wp_update_user( get_object_vars( $user ) );
                delete_user_meta( $current_user->ID, '_new_email' );
                wp_redirect( add_query_arg( array('updated' => 'true'), self_admin_url( 'profile.php' ) ) );
                die();
            }
        } elseif ( !empty( $_GET['dismiss'] ) && $current_user->ID . '_new_email' == $_GET['dismiss'] ) {
            delete_user_meta( $current_user->ID, '_new_email' );
            wp_redirect( add_query_arg( array('updated' => 'true'), self_admin_url( 'profile.php' ) ) );
            die();
        }
    }
}
add_action('after_setup_theme','verify_email_change');

干杯。