confirm email address

You basically need to add a wp_mail() call to whatever page the form submits to. The form data would also need to be put into some sort of hold status until the email is validated. The link in the email also needs to go to a page that accepts the validation and changes the status of the initial form data. A scheduled task should be added to delete the form data if validation is not received in a reasonable period of time.

Doing so cleanly so your hacks are not lost in the next upgrade can make the modifications quite tricky. Note there are plugins available that do this sort of thing, I believe there is one even specifically for Contact Form 7.

thanks bcworkz. Do you happen to know the plugin for Contact Form 7 that does this? I’ve been searching for one but haven’t found one yet.

I’m afraid I may have imagined seeing such a plugin, I’m not able to find it now. Sorry to get your hopes up.

Now worries. At least I know if I code solution I’m not duplicating work already done.

I might well develop it and then share it out.

Hi again,

I’ve looked a bit more and haven’t found anything.

So I’m coding it up.

https://github.com/magician11/wpcf7-email-verification

If you have any feedback or tips that would be great. I’m essentially going to implement your logic from the your first post in this thread.

It appears CF7 does not work quite as I imagined. I assumed the form submits were saved somewhere in the DB. It appears now that this data is not saved anywhere, it is merely forwarded to you via email. Correct?

If so, it changes the logic a bit. You will need to store the data from the CF7 object temporarily, awaiting email verification response. Transients work well for this, as they can be configured to self-delete after a certain time period.

When the email link is clicked, the transient data is composed back into a CF7 object and the mail to you is sent as would have been if not interrupted for verification.

Ok, thanks. I’ve updated the code to reflect that. A nice succinct solution too as it handles serialization of the CF7 object too.

For the link to be clicked, how would I do this? I can construct a URL no problem, but where should it point to and how does the plugin catch that a link was clicked?

The URL would point to a code page that reconstructs the CF7 object and executes the mail send. If this plugin is for your own use only, it can be another plugin page which includes the wp-load.php file in order to initiate the WP environment.

Including wp-load.php is considered poor practice when distributing plugins. Another approach is to make the code page a page post type template, then the URL would point to a page based on this template. The template can reside in the plugin folder, it just will not show up in the page template dropdown. Set it’s URL in _wp_page_template in postmeta.

Clicking the URL in an email generates a GET request. The URL would need a parameter referencing which transient to retrieve to complete the process. It’s probably a good idea to also include a nonce for security purposes, though I’m unsure how anyone could leverage the lack of one for nefarious purposes. If nothing else it could stop someone from hammering your mailbox with the same message. Note the WP nonce is not a true nonce, it can be used many times in a 24 hour period.

What I figured out to do was to add a hook.

add_action( ‘template_redirect’, ‘check_for_verifier’ );

(code here)

The last core part of the task is to send out the retrieved transient CF7 object as per usual. There has to be a function in the original CF7 plugin code to process and send the CF7 object, but I’m not sure what it is. I’ve been posting about it, but zero responses. Do you have any suggestions on this?

I appreciate your input, thanks it’s been super helpful.

The code immediately after the hook ‘wpcf7_before_send_mail’ is:
$result = $this->compose_mail( $this->setup_mail_template( $this->mail, 'mail' ) );
which actually sends the email using wp_mail().

Thus, if your retrieved CF7 object is $cf7, try something along the lines of:
$cf7->compose_mail( $cf7->setup_mail_template( $cf7->mail, 'mail' ) );

Awesome, thank you.

I have it working now. I had to also copy some of the code after that line too to make sure Mail2 is sent out if it is active. I’m open to ideas on re-using code, but it seems simpler to copy it in this case.

I agree. For the sake of discussion, I suppose you could call the $cf7->mail() method again. You would need to add logic to your ‘wpcf7_before_send_mail’ callback to prevent it from continuously trying to validate the the user’s email address.

Conceptually cleaner, but copying code still seems simpler ??

Actually your way seems cleaner. It didn’t take much code to handle reuse..

remove_action( 'wpcf7_before_send_mail', 'wpcf7ev_verify_email_address' );
$cf7 = $storedValue[0]; // get the saved CF7 object
$cf7->skip_mail = false; // allow mail to be sent as per usual
$cf7->mail(); // send mail using the CF7 core code

Thanks for your help. Now that I’ve got the core functionality down, I’ll get in touch with a user or two who wanted this functionality to test it out for me.

Glad to help. I think this is indeed a useful extension of CF7 though I would not implement this myself unless I was getting seriously spammed. Sort of presents the image that I’m too important to allow easy communication with me and require anyone that wishes to do so to be subjected to a security check.

I exaggerate to make a point, it’s not that big a deal, just felt like throwing in my 2 cents worth ??

Yes, I agree it probably wouldn’t normally be used.

The reason it came up for me was I had a form on my “terms and conditions” page. I wanted to ensure that the user filling it out really was that user. So the email verification leans more towards legalese than regular communication.

I can see this plugin being further developed so that you can choose which form in CF7 gets verified and which does not.

Thanks for your 2 cents ??