You need a function that hook into post status transitions and send and email containing a link with some verification variables and a function that takes that variables, check them and if all ok update posts status.
Following code I think is self-explanatory, and comments give additional help:
add_action('new_to_pending', 'send_approve_link');
add_action('draft_to_pending', 'send_approve_link');
add_action('auto-draft_to_pending', 'send_approve_link');
add_action('init', 'approve_post');
function set_html_content_type() { return 'text/html'; }
function send_approve_link( $post ) {
// get author of post
$author = new WP_User($post->post_author);
// create a key for security check and save as meta
$check = md5( $author->user_email . $post->ID );
update_post_meta( $post->ID, '_approve_key', $check);
// set the content for the email
$content="<p>Please click following link to allow the publishing of your post: "";
$content .= esc_html( get_the_title($post->ID) ) . '"</p>';
// create an url vor verify link with some variables: key, post id, and email
$url = add_query_arg( array('email'=>$author->user_email,'approve'=>$post->ID), site_url() );
$content .= '<p><a href="' . $url . '">Click to Confirm</a></p>';
$from = get_bloginfo('name');
$from_email = get_option('admin_email');
$headers="From: " . $from . ' <' . $from_email . '>' . "\r\n";
// sending email in html format
add_filter( 'wp_mail_content_type', 'set_html_content_type' );
wp_mail( $author->user_email, 'Confirm your Post', $content, $headers);
remove_filter( 'wp_mail_content_type', 'set_html_content_type' );
}
function approve_post( ) {
if ( isset($_GET['approve']) && isset($_GET['email']) ) {
// have we all variable needed?
if ( empty($_GET['approve']) || ! filter_var($_GET['email'], FILTER_VALIDATE_EMAIL) ) return;
// get post
$post = get_post($_GET['approve']);
// this post has an author?
if ( ! isset($post->post_author) ) return;
// is the post already published?
if ( $post->post_status == 'publish' ) {
wp_redirect( get_permalink($post->ID) );
exit();
} elseif ( $post->post_status != 'pending' ) { // was the post deleted by admin?
return;
}
// get the author
$author = new WP_User($post->post_author);
// check author variable
if ( ! isset($author->user_email) ) return;
// verify email
if ( $_GET['email'] != $author->user_email ) return;
// verify key
$key = get_post_meta( $post->ID, '_approve_key', true);
if ( $key != md5( $author->user_email . $post->ID ) ) return;
// ok, update status
$post_data = array('ID' => $post->ID, 'post_status' => 'publish');
$update = wp_update_post($post_data);
// update failed...
if ( ! $update ) return;
// delete verify key
delete_post_meta($post->ID, '_approve_key');
// work finished, view the post
wp_redirect( get_permalink($post->ID) );
exit();
}
}
Thats, all. Please note code is untested.