[wp-trac] [WordPress Trac] #44347: WP allows creating username that is already used email address
WordPress Trac
noreply at wordpress.org
Sun Jun 10 23:20:34 UTC 2018
#44347: WP allows creating username that is already used email address
---------------------------+------------------------------
Reporter: phillipburger | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Users | Version:
Severity: normal | Resolution:
Keywords: | Focuses:
---------------------------+------------------------------
Comment (by phillipburger):
Thanks! Yeah, I guess when you allow end users to input information, they
will find the bugs.
I was using a check similar to the example on
https://developer.wordpress.org/reference/functions/wp_create_user/#user-
contributed-notes which checks:
1. does the username entered exist as a username
2. does the email entered exist as an email address
but it forgot to check the other 2 ways of:
3. does the username exist as an email address (the problem I had in this
case)
4. does the email address exist as a username (a reverse problem that
would cause the same issue)
I just over coded my side to do checks of username and email address both
in username_exists() and email_exists() and then make sure all 4 checks
brought back false before processing.
I have been using filters already but I did not think of it here.
Let me know any more info needed.
Replying to [comment:1 pbiron]:
> Welcome to trac!!!
>
> Nice catch...in all my years building WP sites I never thought to use
email addresses as usernames :-)
>
> In the support topic you reference you say,
>
> > I have since added a check in my code to stop this
>
> I'm not sure how you implemented that check, but I would suggest you do
so using the
[[https://developer.wordpress.org/reference/hooks/username_exists/|username_exists]]
filter, as follows:
>
> {{{#!php
> <?php
> add_filter( 'username_exists', 'my_username_exists_filter_func', 10, 2
);
> function my_username_exists_filter_func( $user_id, $username ) {
> if ( $user_id ) {
> return $user_id;
> }
>
> return get_user_by( 'email', $username );
> }
> }}}
>
> This will cause
[[https://developer.wordpress.org/reference/functions/wp_create_user/|wp_create_user()]]
to return a `WP_Error` and the new user will not be created.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/44347#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list