How do you update user_email on the front end in WP 3.3?

I am using the following code and everything in the user profile is updating except the user’s email.

In the template:

Read More
global $current_user, $wp_roles;
get_currentuserinfo();

/* Load the registration file. */
require_once( ABSPATH . WPINC . '/registration.php' );

/* If profile was saved, update profile. */
if ( 'POST' == $_SERVER['REQUEST_METHOD'] && !empty( $_POST['action'] ) && $_POST['action'] == 'update-user' ) {

        /* Update user password. */
        if ( !empty($_POST['pass1'] ) && !empty( $_POST['pass2'] ) ) {
                if ( $_POST['pass1'] == $_POST['pass2'] )
                        wp_update_user( array( 'ID' => $current_user->id, 'user_pass' => esc_attr( $_POST['pass1'] ) ) );
                else
                        wp_redirect( get_permalink() . '?error' );
                exit;
        }

        /* Update user information. */
        if ( !empty( $_POST['first_name'] ) )
                update_user_meta( $current_user->id, 'first_name', esc_attr( $_POST['first_name'] ) );
        if ( !empty( $_POST['last_name'] ) )
                update_user_meta($current_user->id, 'last_name', esc_attr( $_POST['last_name'] ) );
        if ( !empty( $_POST['user_email'] ) )
                update_user_meta($current_user->id, 'user_email', esc_attr( $_POST['user_email'] ) );
        if ( !empty( $_POST['cell_phone'] ) )
                update_user_meta( $current_user->id, 'cell_phone', esc_attr( $_POST['cell_phone'] ) );
        if ( !empty( $_POST['mailing_address'] ) )
                update_user_meta( $current_user->id, 'mailing_address', esc_attr( $_POST['mailing_address'] ) );
        if ( !empty( $_POST['description'] ) )
                update_user_meta( $current_user->id, 'description', esc_attr( $_POST['description'] ) );


             /* Redirect so the page will show updated info. */
    if ( !$error ) {
        wp_redirect( get_permalink() . '?success' );
    }
        else {
            wp_redirect( get_permalink() . '?error' );
        }
        exit;
    }


get_header(); ?>

And in the page:

<?php if (stripos($_SERVER['REQUEST_URI'],'?success') !== false) { // THIS IS THE BEGINNING ?>
    <div class="alert alert-success" align="center">Your profile was updated successfully.</div>
<?php } ?>
<?php if (stripos($_SERVER['REQUEST_URI'],'?error') !== false) { // THIS IS THE BEGINNING ?>
    <div class="alert alert-danger" align="center">Hmm, something went wrong and your profile was not updated.</div>
<?php } ?>

<form method="post" id="adduser" action="<?php the_permalink(); ?>">
    <table class="profile">
        <tr>
            <td class="left">
                First Name
            </td>
            <td class="right">
                <input type="text" name="first_name" id="first_name" value="<?php global $current_user; get_currentuserinfo(); echo $current_user->first_name; ?>" />
            </td>
        </tr>

         <tr>
            <td class="left">
                Last Name   
            </td>
            <td class="right">
                <input type="text" name="last_name" id="last_name" value="<?php global $current_user; get_currentuserinfo(); echo $current_user->last_name; ?>" />
            </td>
        </tr>

        <tr>
            <td class="left">
                Email Address
            </td>
            <td class="right">
                <input type="text" name="user_email" id="user_email" value="<?php global $current_user; get_currentuserinfo(); echo $current_user->user_email; ?>" />
            </td>
        </tr>

        <tr>
            <td class="left">
                Phone Number
            </td>
            <td class="right">
                <input type="text" name="cell_phone" id="cell_phone" value="<?php global $current_user; get_currentuserinfo(); echo $current_user->cell_phone; ?>" />
            </td>
        </tr>

         <tr>
            <td class="left">
                Mailing Address
            </td>
            <td class="right">
                <textarea name="mailing_address" id="mailing_address" rows="4" cols="30" class="regular-text"><?php global $current_user; get_currentuserinfo(); echo $current_user->mailing_address; ?></textarea>
            </td>
        </tr>

        <tr>
            <td class="left">
                Business Description
            </td>
            <td class="right">
                <textarea name="description" id="description" rows="4" cols="30" class="regular-text"><?php global $current_user; get_currentuserinfo(); echo $current_user->description; ?></textarea>
            </td>
        </tr>

    </table>

    <p class="form-submit">

        <?php echo $referer; ?>
        <input name="updateuser" type="submit" id="updateuser" class="submit button" value="update-user" />
        <?php wp_nonce_field( 'update-user' ) ?>
        <input name="action" type="hidden" id="action" value="Update" />
    </p>
</form>

Related posts

Leave a Reply

2 comments

  1. You need to use wp_update_user() for the email, as it is not user-meta but core user data. The code should look something like this:

    $args = array(
        'ID'         => $current_user->id,
        'user_email' => esc_attr( $_POST['user_email'] )
    );
    wp_update_user( $args );
    

    Note: that’s untested, but it should work out of the box.

  2. If you plan to use this code on frontend, I would check if email is free to use. Otherwise, you are creating a security hole.

    if (isset( $_POST['email'])) {
        // check if user is really updating the value
        if ($user_email != $_POST['email']) {       
            // check if email is free to use
            if (email_exists( $_POST['email'] )){
                // Email exists, do not update value.
                // Maybe output a warning.
            } else {
                $args = array(
                    'ID'         => $current_user->id,
                    'user_email' => esc_attr( $_POST['email'] )
                );            
            wp_update_user( $args );
           }   
       }
    }