Open coiby opened 4 months ago
OSFOSF
commented
4 months ago users could give a bad email address upon registration and need to change it and since only administrators and the user can change an email, it would be good too keep this as it is and allow users to change their own email address.
coiby
commented
4 months ago Personally, I think we should verify one's email address before activating the account in the first place for the following reasons,
OSFOSF
commented
4 months ago here is the code. where to put it? if (isset ($_POST['email'] ) { if ( email_exists($_POST['email'] ) ) {echo '
this code has been added to the user_update page but where to put it on the account page
coiby
commented
4 months ago There is no need to add above code because UM already prevent registered email address from being taken.
Btw, the UM has confirmed this bug is a missing feature and we can wait for them to fix.
OSFOSF
commented
2 months ago we could use never bounce to verify an email as valid but can not be automated and done in real time so it will have to be UM to fix any verifications. WP UM allows to send users an email verification but if email is bad no luck there.
where is a place where a new user can change email? hey no longer have access to user-update that willredirect to user profile and then thats up to UM
Describe the bug Users can switch to an arbitrary or even an fake email address by editing his/her account.
To Reproduce Steps to reproduce the behavior:
Expected behavior We shouldn't allow an arbitrary email address .
Screenshots