Facebook email address - not verified

What makes an email address from Facebook, or any other social network, come through as unverified.

I have a couple of test accounts for my website, and one of them is verified (I had my mobile linked to the account at one stage) and one created today, where your plugin states that it is not verified.

Would this link explain it?

Best Answer

  • Claude_SchlesserClaude_SchlesserAdministratorOneAll Team
    edited May 2017 Answer ✓
    Hi Brett,

    the "verified" flag is not only used to create accounts, but also to link accounts.

    Many of our plugin (including WordPress) use this flag to automatically link social networks to existing accounts.

    For Facebook it should not be possible to login when the email address has not been verified. In cases of doubt we however prefer to rely on the Facebook account verification status. What we absolutely do not want is to have somebody hijack somebody else's account by using a bogus email address.

    What you can do is open this file of the plugin:

    then look for this:
    // Email Address. $user_email = ''; if (property_exists ($identity, 'emails') AND is_array ($identity->emails)) { $user_email_is_verified = false; while ($user_email_is_verified !== true AND (list(, $email) = each ($identity->emails))) { $user_email = $email->value; $user_email_is_verified = ($email->is_verified == '1'); } }

    and add this below:

    // Mark all Facebook emails as verified if ($identity->source->key == 'facebook' && ! empty ($user_email)) { $user_email_is_verified = true; }


  • Sorry for the double post, but is there a way to either ignore the verified, or change it's value, so it will be accepted regardless? IE most of the sites ask you to create an account and verify/confirm it via a link that is sent to it.

    I'm trying to make sure that users who don't want to confirm Facebook with an mobile number, or the same with LinkedIn, that if they try to login via their social network account that has the same email address as their WordPress account they created, that it is accepted, and does not try to create a new account because the email address appears unverified, or more to the point, the account appears unverified.
  • edited May 2017
    Thanks for the suggestion there, it only appears to be an issue when the account is trying to be linked.
    I was only doing Facebook for testing, and was emailing myself the is_verified value from this account once I'd got to the
    oa_social_login_action_after_user_insert hook.

    Any chance to be able to change it on the oa_social_login_action_before_user_insert hook, so that it gets seen as verified, rather than mess around with core code?

    I was able to create an account that was freshly created off Facebook, email confirmation completed, and your plugin created an account without an issue. Try the same when linking it to an account that used the same email address, it attempted to create another account, and asked for the email address to be re-entered.

    I think it's more of an issue with linking the accounts where the is_verified is more of an issue.

    I will make the necessary changes and see if it behaves the way we would like to.


Please sign in to your OneAll account to ask a new question or to contribute to the discussions.

Please click on the link below to connect to the forum with your OneAll account.