Projects : mp-wp : mp-wp_genesis
1 | <?php |
2 | /** |
3 | * Users administration panel. |
4 | * |
5 | * @package WordPress |
6 | * @subpackage Administration |
7 | */ |
8 | |
9 | /** WordPress Administration Bootstrap */ |
10 | require_once('admin.php'); |
11 | |
12 | /** WordPress Registration API */ |
13 | require_once( ABSPATH . WPINC . '/registration.php'); |
14 | |
15 | if ( !current_user_can('edit_users') ) |
16 | wp_die(__('Cheatin’ uh?')); |
17 | |
18 | $title = __('Users'); |
19 | $parent_file = 'users.php'; |
20 | |
21 | $update = $doaction = ''; |
22 | if ( isset($_REQUEST['action']) ) |
23 | $doaction = $_REQUEST['action'] ? $_REQUEST['action'] : $_REQUEST['action2']; |
24 | |
25 | if ( empty($doaction) ) { |
26 | if ( isset($_GET['changeit']) && !empty($_GET['new_role']) ) |
27 | $doaction = 'promote'; |
28 | } |
29 | |
30 | if ( empty($_REQUEST) ) { |
31 | $referer = '<input type="hidden" name="wp_http_referer" value="'. attribute_escape(stripslashes($_SERVER['REQUEST_URI'])) . '" />'; |
32 | } elseif ( isset($_REQUEST['wp_http_referer']) ) { |
33 | $redirect = remove_query_arg(array('wp_http_referer', 'updated', 'delete_count'), stripslashes($_REQUEST['wp_http_referer'])); |
34 | $referer = '<input type="hidden" name="wp_http_referer" value="' . attribute_escape($redirect) . '" />'; |
35 | } else { |
36 | $redirect = 'users.php'; |
37 | $referer = ''; |
38 | } |
39 | |
40 | switch ($doaction) { |
41 | |
42 | case 'promote': |
43 | check_admin_referer('bulk-users'); |
44 | |
45 | if (empty($_REQUEST['users'])) { |
46 | wp_redirect($redirect); |
47 | exit(); |
48 | } |
49 | |
50 | if ( !current_user_can('edit_users') ) |
51 | wp_die(__('You can’t edit users.')); |
52 | |
53 | $userids = $_REQUEST['users']; |
54 | $update = 'promote'; |
55 | foreach($userids as $id) { |
56 | if ( ! current_user_can('edit_user', $id) ) |
57 | wp_die(__('You can’t edit that user.')); |
58 | // The new role of the current user must also have edit_users caps |
59 | if($id == $current_user->ID && !$wp_roles->role_objects[$_REQUEST['new_role']]->has_cap('edit_users')) { |
60 | $update = 'err_admin_role'; |
61 | continue; |
62 | } |
63 | |
64 | $user = new WP_User($id); |
65 | $user->set_role($_REQUEST['new_role']); |
66 | } |
67 | |
68 | wp_redirect(add_query_arg('update', $update, $redirect)); |
69 | exit(); |
70 | |
71 | break; |
72 | |
73 | case 'dodelete': |
74 | |
75 | check_admin_referer('delete-users'); |
76 | |
77 | if ( empty($_REQUEST['users']) ) { |
78 | wp_redirect($redirect); |
79 | exit(); |
80 | } |
81 | |
82 | if ( !current_user_can('delete_users') ) |
83 | wp_die(__('You can’t delete users.')); |
84 | |
85 | $userids = $_REQUEST['users']; |
86 | $update = 'del'; |
87 | $delete_count = 0; |
88 | |
89 | foreach ( (array) $userids as $id) { |
90 | if ( ! current_user_can('delete_user', $id) ) |
91 | wp_die(__('You can’t delete that user.')); |
92 | |
93 | if($id == $current_user->ID) { |
94 | $update = 'err_admin_del'; |
95 | continue; |
96 | } |
97 | switch($_REQUEST['delete_option']) { |
98 | case 'delete': |
99 | wp_delete_user($id); |
100 | break; |
101 | case 'reassign': |
102 | wp_delete_user($id, $_REQUEST['reassign_user']); |
103 | break; |
104 | } |
105 | ++$delete_count; |
106 | } |
107 | |
108 | $redirect = add_query_arg( array('delete_count' => $delete_count, 'update' => $update), $redirect); |
109 | wp_redirect($redirect); |
110 | exit(); |
111 | |
112 | break; |
113 | |
114 | case 'delete': |
115 | |
116 | check_admin_referer('bulk-users'); |
117 | |
118 | if ( empty($_REQUEST['users']) && empty($_REQUEST['user']) ) { |
119 | wp_redirect($redirect); |
120 | exit(); |
121 | } |
122 | |
123 | if ( !current_user_can('delete_users') ) |
124 | $errors = new WP_Error('edit_users', __('You can’t delete users.')); |
125 | |
126 | if ( empty($_REQUEST['users']) ) |
127 | $userids = array(intval($_REQUEST['user'])); |
128 | else |
129 | $userids = $_REQUEST['users']; |
130 | |
131 | include ('admin-header.php'); |
132 | ?> |
133 | <form action="" method="post" name="updateusers" id="updateusers"> |
134 | <?php wp_nonce_field('delete-users') ?> |
135 | <?php echo $referer; ?> |
136 | |
137 | <div class="wrap"> |
138 | <?php screen_icon(); ?> |
139 | <h2><?php _e('Delete Users'); ?></h2> |
140 | <p><?php _e('You have specified these users for deletion:'); ?></p> |
141 | <ul> |
142 | <?php |
143 | $go_delete = false; |
144 | foreach ( (array) $userids as $id ) { |
145 | $id = (int) $id; |
146 | $user = new WP_User($id); |
147 | if ( $id == $current_user->ID ) { |
148 | echo "<li>" . sprintf(__('ID #%1s: %2s <strong>The current user will not be deleted.</strong>'), $id, $user->user_login) . "</li>\n"; |
149 | } else { |
150 | echo "<li><input type=\"hidden\" name=\"users[]\" value=\"{$id}\" />" . sprintf(__('ID #%1s: %2s'), $id, $user->user_login) . "</li>\n"; |
151 | $go_delete = true; |
152 | } |
153 | } |
154 | $all_logins = $wpdb->get_results("SELECT ID, user_login FROM $wpdb->users ORDER BY user_login"); |
155 | $user_dropdown = '<select name="reassign_user">'; |
156 | foreach ( (array) $all_logins as $login ) |
157 | if ( $login->ID == $current_user->ID || !in_array($login->ID, $userids) ) |
158 | $user_dropdown .= "<option value=\"{$login->ID}\">{$login->user_login}</option>"; |
159 | $user_dropdown .= '</select>'; |
160 | ?> |
161 | </ul> |
162 | <?php if ( $go_delete ) : ?> |
163 | <fieldset><p><legend><?php _e('What should be done with posts and links owned by this user?'); ?></legend></p> |
164 | <ul style="list-style:none;"> |
165 | <li><label><input type="radio" id="delete_option0" name="delete_option" value="delete" checked="checked" /> |
166 | <?php _e('Delete all posts and links.'); ?></label></li> |
167 | <li><input type="radio" id="delete_option1" name="delete_option" value="reassign" /> |
168 | <?php echo '<label for="delete_option1">'.__('Attribute all posts and links to:')."</label> $user_dropdown"; ?></li> |
169 | </ul></fieldset> |
170 | <input type="hidden" name="action" value="dodelete" /> |
171 | <p class="submit"><input type="submit" name="submit" value="<?php _e('Confirm Deletion'); ?>" class="button-secondary" /></p> |
172 | <?php else : ?> |
173 | <p><?php _e('There are no valid users selected for deletion.'); ?></p> |
174 | <?php endif; ?> |
175 | </div> |
176 | </form> |
177 | <?php |
178 | |
179 | break; |
180 | |
181 | default: |
182 | |
183 | if ( !empty($_GET['_wp_http_referer']) ) { |
184 | wp_redirect(remove_query_arg(array('_wp_http_referer', '_wpnonce'), stripslashes($_SERVER['REQUEST_URI']))); |
185 | exit; |
186 | } |
187 | |
188 | wp_enqueue_script('admin-users'); |
189 | |
190 | include('admin-header.php'); |
191 | |
192 | $usersearch = isset($_GET['usersearch']) ? $_GET['usersearch'] : null; |
193 | $userspage = isset($_GET['userspage']) ? $_GET['userspage'] : null; |
194 | $role = isset($_GET['role']) ? $_GET['role'] : null; |
195 | |
196 | // Query the users |
197 | $wp_user_search = new WP_User_Search($usersearch, $userspage, $role); |
198 | |
199 | $messages = array(); |
200 | if ( isset($_GET['update']) ) : |
201 | switch($_GET['update']) { |
202 | case 'del': |
203 | case 'del_many': |
204 | $delete_count = isset($_GET['delete_count']) ? (int) $_GET['delete_count'] : 0; |
205 | $messages[] = '<div id="message" class="updated fade"><p>' . sprintf(__ngettext('%s user deleted', '%s users deleted', $delete_count), $delete_count) . '</p></div>'; |
206 | break; |
207 | case 'add': |
208 | $messages[] = '<div id="message" class="updated fade"><p>' . __('New user created.') . '</p></div>'; |
209 | break; |
210 | case 'promote': |
211 | $messages[] = '<div id="message" class="updated fade"><p>' . __('Changed roles.') . '</p></div>'; |
212 | break; |
213 | case 'err_admin_role': |
214 | $messages[] = '<div id="message" class="error"><p>' . __("The current user's role must have user editing capabilities.") . '</p></div>'; |
215 | $messages[] = '<div id="message" class="updated fade"><p>' . __('Other user roles have been changed.') . '</p></div>'; |
216 | break; |
217 | case 'err_admin_del': |
218 | $messages[] = '<div id="message" class="error"><p>' . __("You can't delete the current user.") . '</p></div>'; |
219 | $messages[] = '<div id="message" class="updated fade"><p>' . __('Other users have been deleted.') . '</p></div>'; |
220 | break; |
221 | } |
222 | endif; ?> |
223 | |
224 | <?php if ( isset($errors) && is_wp_error( $errors ) ) : ?> |
225 | <div class="error"> |
226 | <ul> |
227 | <?php |
228 | foreach ( $errors->get_error_messages() as $err ) |
229 | echo "<li>$err</li>\n"; |
230 | ?> |
231 | </ul> |
232 | </div> |
233 | <?php endif; |
234 | |
235 | if ( ! empty($messages) ) { |
236 | foreach ( $messages as $msg ) |
237 | echo $msg; |
238 | } ?> |
239 | |
240 | <div class="wrap"> |
241 | <?php screen_icon(); ?> |
242 | <h2><?php echo wp_specialchars( $title ); |
243 | if ( isset($_GET['s']) && $_GET['s'] ) |
244 | printf( '<span class="subtitle">' . __('Search results for “%s”') . '</span>', wp_specialchars( get_search_query() ) ); ?> |
245 | </h2> |
246 | |
247 | <div class="filter"> |
248 | <form id="list-filter" action="" method="get"> |
249 | <ul class="subsubsub"> |
250 | <?php |
251 | $role_links = array(); |
252 | $avail_roles = array(); |
253 | $users_of_blog = get_users_of_blog(); |
254 | $total_users = count( $users_of_blog ); |
255 | foreach ( (array) $users_of_blog as $b_user ) { |
256 | $b_roles = unserialize($b_user->meta_value); |
257 | foreach ( (array) $b_roles as $b_role => $val ) { |
258 | if ( !isset($avail_roles[$b_role]) ) |
259 | $avail_roles[$b_role] = 0; |
260 | $avail_roles[$b_role]++; |
261 | } |
262 | } |
263 | unset($users_of_blog); |
264 | |
265 | $current_role = false; |
266 | $class = empty($role) ? ' class="current"' : ''; |
267 | $role_links[] = "<li><a href='users.php'$class>" . sprintf( __ngettext( 'All <span class="count">(%s)</span>', 'All <span class="count">(%s)</span>', $total_users ), number_format_i18n( $total_users ) ) . '</a>'; |
268 | foreach ( $wp_roles->get_names() as $this_role => $name ) { |
269 | if ( !isset($avail_roles[$this_role]) ) |
270 | continue; |
271 | |
272 | $class = ''; |
273 | |
274 | if ( $this_role == $role ) { |
275 | $current_role = $role; |
276 | $class = ' class="current"'; |
277 | } |
278 | |
279 | $name = translate_with_context($name); |
280 | $name = sprintf( _c('%1$s <span class="count">(%2$s)</span>|user role with count'), $name, $avail_roles[$this_role] ); |
281 | $role_links[] = "<li><a href='users.php?role=$this_role'$class>$name</a>"; |
282 | } |
283 | echo implode( " |</li>\n", $role_links) . '</li>'; |
284 | unset($role_links); |
285 | ?> |
286 | </ul> |
287 | </form> |
288 | </div> |
289 | |
290 | <form class="search-form" action="" method="get"> |
291 | <p class="search-box"> |
292 | <label class="hidden" for="user-search-input"><?php _e( 'Search Users' ); ?>:</label> |
293 | <input type="text" class="search-input" id="user-search-input" name="usersearch" value="<?php echo attribute_escape($wp_user_search->search_term); ?>" /> |
294 | <input type="submit" value="<?php _e( 'Search Users' ); ?>" class="button" /> |
295 | </p> |
296 | </form> |
297 | |
298 | <form id="posts-filter" action="" method="get"> |
299 | <div class="tablenav"> |
300 | |
301 | <?php if ( $wp_user_search->results_are_paged() ) : ?> |
302 | <div class="tablenav-pages"><?php $wp_user_search->page_links(); ?></div> |
303 | <?php endif; ?> |
304 | |
305 | <div class="alignleft actions"> |
306 | <select name="action"> |
307 | <option value="" selected="selected"><?php _e('Bulk Actions'); ?></option> |
308 | <option value="delete"><?php _e('Delete'); ?></option> |
309 | </select> |
310 | <input type="submit" value="<?php _e('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" /> |
311 | <label class="hidden" for="new_role"><?php _e('Change role to…') ?></label><select name="new_role" id="new_role"><option value=''><?php _e('Change role to…') ?></option><?php wp_dropdown_roles(); ?></select> |
312 | <input type="submit" value="<?php _e('Change'); ?>" name="changeit" class="button-secondary" /> |
313 | <?php wp_nonce_field('bulk-users'); ?> |
314 | </div> |
315 | |
316 | <br class="clear" /> |
317 | </div> |
318 | |
319 | <?php if ( is_wp_error( $wp_user_search->search_errors ) ) : ?> |
320 | <div class="error"> |
321 | <ul> |
322 | <?php |
323 | foreach ( $wp_user_search->search_errors->get_error_messages() as $message ) |
324 | echo "<li>$message</li>"; |
325 | ?> |
326 | </ul> |
327 | </div> |
328 | <?php endif; ?> |
329 | |
330 | |
331 | <?php if ( $wp_user_search->get_results() ) : ?> |
332 | |
333 | <?php if ( $wp_user_search->is_search() ) : ?> |
334 | <p><a href="users.php"><?php _e('← Back to All Users'); ?></a></p> |
335 | <?php endif; ?> |
336 | |
337 | <table class="widefat fixed" cellspacing="0"> |
338 | <thead> |
339 | <tr class="thead"> |
340 | <?php print_column_headers('users') ?> |
341 | </tr> |
342 | </thead> |
343 | |
344 | <tfoot> |
345 | <tr class="thead"> |
346 | <?php print_column_headers('users', false) ?> |
347 | </tr> |
348 | </tfoot> |
349 | |
350 | <tbody id="users" class="list:user user-list"> |
351 | <?php |
352 | $style = ''; |
353 | foreach ( $wp_user_search->get_results() as $userid ) { |
354 | $user_object = new WP_User($userid); |
355 | $roles = $user_object->roles; |
356 | $role = array_shift($roles); |
357 | |
358 | $style = ( ' class="alternate"' == $style ) ? '' : ' class="alternate"'; |
359 | echo "\n\t" . user_row($user_object, $style, $role); |
360 | } |
361 | ?> |
362 | </tbody> |
363 | </table> |
364 | |
365 | <div class="tablenav"> |
366 | |
367 | <?php if ( $wp_user_search->results_are_paged() ) : ?> |
368 | <div class="tablenav-pages"><?php $wp_user_search->page_links(); ?></div> |
369 | <?php endif; ?> |
370 | |
371 | <div class="alignleft actions"> |
372 | <select name="action2"> |
373 | <option value="" selected="selected"><?php _e('Bulk Actions'); ?></option> |
374 | <option value="delete"><?php _e('Delete'); ?></option> |
375 | </select> |
376 | <input type="submit" value="<?php _e('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" /> |
377 | </div> |
378 | |
379 | <br class="clear" /> |
380 | </div> |
381 | |
382 | <?php endif; ?> |
383 | |
384 | </form> |
385 | </div> |
386 | |
387 | <?php |
388 | foreach ( array('user_login' => 'user_login', 'first_name' => 'user_firstname', 'last_name' => 'user_lastname', 'email' => 'user_email', 'url' => 'user_uri', 'role' => 'user_role') as $formpost => $var ) { |
389 | $var = 'new_' . $var; |
390 | $$var = isset($_REQUEST[$formpost]) ? attribute_escape(stripslashes($_REQUEST[$formpost])) : ''; |
391 | } |
392 | unset($name); |
393 | ?> |
394 | |
395 | <br class="clear" /> |
396 | <?php |
397 | break; |
398 | |
399 | } // end of the $doaction switch |
400 | |
401 | include('admin-footer.php'); |
402 | ?> |