(Revised answer)
The problem with your code is that the password reset link/URL is missing the proper password reset key and user login slug — the $key (password reset key) and $user_login (user login slug) as you can see below, are both missing (i.e. not defined anywhere in your code):
network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login')
So to fix the problem:
-
Replace this:
if ( $post->post_status == 'publish' ) { wp_redirect("" . network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login') . ""); exit(); }with this:
if ( $post->post_status == 'publish' ) { if ( ! $user = get_user_by( 'email', $_GET['email'] ) ) return; $key = get_password_reset_key( $user ); wp_redirect("" . network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user->user_login), 'login') . ""); exit(); } -
Replace this:
// work finished, view the post wp_redirect("" . network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login') . "");with this:
// work finished, view the post $key = get_password_reset_key( $author ); wp_redirect("" . network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($author->user_login), 'login') . "");
And note that the init hook doesn’t pass any parameters to the callback function (which in your case is approve_post()), so your code should be just:
add_action( 'init', 'approve_post' );
So the approve_post() function should be defined without any parameters:
function approve_post() // like this
function approve_post($user, $notify) // not this
And hooking to the init action only is enough; so this is not necessary:
add_action('edit_user_created_user', 'approve_post', 10, 2 );
This is also not necessary — at the end of the function (before the closing }), you don’t need to return anything:
return $notify; // just remove this