Projects : mp-wp : mp-wp_svg-screenshots-and-errorreporting-r2

mp-wp/wp-admin/includes/user.php

Dir - Raw

1<?php
2/**
3 * WordPress user administration API.
4 *
5 * @package WordPress
6 * @subpackage Administration
7 */
8
9/**
10 * Creates a new user from the "Users" form using $_POST information.
11 *
12 * {@internal Missing Long Description}}
13 *
14 * @since unknown
15 *
16 * @param int $user_id Optional. User ID.
17 * @return null|WP_Error|int Null when adding user, WP_Error or User ID integer when no parameters.
18 */
19function add_user() {
20 if ( func_num_args() ) { // The hackiest hack that ever did hack
21 global $current_user, $wp_roles;
22 $user_id = (int) func_get_arg( 0 );
23
24 if ( isset( $_POST['role'] ) ) {
25 if( $user_id != $current_user->id || $wp_roles->role_objects[$_POST['role']]->has_cap( 'edit_users' ) ) {
26 $user = new WP_User( $user_id );
27 $user->set_role( $_POST['role'] );
28 }
29 }
30 } else {
31 add_action( 'user_register', 'add_user' ); // See above
32 return edit_user();
33 }
34}
35
36/**
37 * {@internal Missing Short Description}}
38 *
39 * {@internal Missing Long Description}}
40 *
41 * @since unknown
42 *
43 * @param int $user_id Optional. User ID.
44 * @return unknown
45 */
46function edit_user( $user_id = 0 ) {
47 global $current_user, $wp_roles, $wpdb;
48 if ( $user_id != 0 ) {
49 $update = true;
50 $user->ID = (int) $user_id;
51 $userdata = get_userdata( $user_id );
52 $user->user_login = $wpdb->escape( $userdata->user_login );
53 } else {
54 $update = false;
55 $user = '';
56 }
57
58 if ( isset( $_POST['user_login'] ))
59 $user->user_login = wp_specialchars( trim( $_POST['user_login'] ));
60
61 $pass1 = $pass2 = '';
62 if ( isset( $_POST['pass1'] ))
63 $pass1 = $_POST['pass1'];
64 if ( isset( $_POST['pass2'] ))
65 $pass2 = $_POST['pass2'];
66
67 if ( isset( $_POST['role'] ) && current_user_can( 'edit_users' ) ) {
68 if( $user_id != $current_user->id || $wp_roles->role_objects[$_POST['role']]->has_cap( 'edit_users' ))
69 $user->role = $_POST['role'];
70 }
71
72 if ( isset( $_POST['email'] ))
73 $user->user_email = wp_specialchars( trim( $_POST['email'] ));
74 if ( isset( $_POST['url'] ) ) {
75 $user->user_url = clean_url( trim( $_POST['url'] ));
76 $user->user_url = preg_match('/^(https?|ftps?|mailto|news|irc|gopher|nntp|feed|telnet):/is', $user->user_url) ? $user->user_url : 'http://'.$user->user_url;
77 }
78 if ( isset( $_POST['first_name'] ))
79 $user->first_name = wp_specialchars( trim( $_POST['first_name'] ));
80 if ( isset( $_POST['last_name'] ))
81 $user->last_name = wp_specialchars( trim( $_POST['last_name'] ));
82 if ( isset( $_POST['nickname'] ))
83 $user->nickname = wp_specialchars( trim( $_POST['nickname'] ));
84 if ( isset( $_POST['display_name'] ))
85 $user->display_name = wp_specialchars( trim( $_POST['display_name'] ));
86 if ( isset( $_POST['description'] ))
87 $user->description = trim( $_POST['description'] );
88 if ( isset( $_POST['jabber'] ))
89 $user->jabber = wp_specialchars( trim( $_POST['jabber'] ));
90 if ( isset( $_POST['aim'] ))
91 $user->aim = wp_specialchars( trim( $_POST['aim'] ));
92 if ( isset( $_POST['yim'] ))
93 $user->yim = wp_specialchars( trim( $_POST['yim'] ));
94
95 $user->comment_shortcuts = isset( $_POST['comment_shortcuts'] )? $_POST['comment_shortcuts'] : '';
96
97 $user->use_ssl = 0;
98 if ( !empty($_POST['use_ssl']) )
99 $user->use_ssl = 1;
100
101 if ( !$update )
102 $user->admin_color = 'fresh'; // Default to fresh for new users.
103 else if ( isset( $_POST['admin_color'] ) )
104 $user->admin_color = $_POST['admin_color'];
105 else
106 $user->admin_color = 'fresh';
107
108 $errors = new WP_Error();
109
110 /* checking that username has been typed */
111 if ( $user->user_login == '' )
112 $errors->add( 'user_login', __( '<strong>ERROR</strong>: Please enter a username.' ));
113
114 /* checking the password has been typed twice */
115 do_action_ref_array( 'check_passwords', array ( $user->user_login, & $pass1, & $pass2 ));
116
117 if ( $update ) {
118 if ( empty($pass1) && !empty($pass2) )
119 $errors->add( 'pass', __( '<strong>ERROR</strong>: You entered your new password only once.' ), array( 'form-field' => 'pass1' ) );
120 elseif ( !empty($pass1) && empty($pass2) )
121 $errors->add( 'pass', __( '<strong>ERROR</strong>: You entered your new password only once.' ), array( 'form-field' => 'pass2' ) );
122 } else {
123 if ( empty($pass1) )
124 $errors->add( 'pass', __( '<strong>ERROR</strong>: Please enter your password.' ), array( 'form-field' => 'pass1' ) );
125 elseif ( empty($pass2) )
126 $errors->add( 'pass', __( '<strong>ERROR</strong>: Please enter your password twice.' ), array( 'form-field' => 'pass2' ) );
127 }
128
129 /* Check for "\" in password */
130 if( strpos( " ".$pass1, "\\" ) )
131 $errors->add( 'pass', __( '<strong>ERROR</strong>: Passwords may not contain the character "\\".' ), array( 'form-field' => 'pass1' ) );
132
133 /* checking the password has been typed twice the same */
134 if ( $pass1 != $pass2 )
135 $errors->add( 'pass', __( '<strong>ERROR</strong>: Please enter the same password in the two password fields.' ), array( 'form-field' => 'pass1' ) );
136
137 if (!empty ( $pass1 ))
138 $user->user_pass = $pass1;
139
140 if ( !$update && !validate_username( $user->user_login ) )
141 $errors->add( 'user_login', __( '<strong>ERROR</strong>: This username is invalid. Please enter a valid username.' ));
142
143 if (!$update && username_exists( $user->user_login ))
144 $errors->add( 'user_login', __( '<strong>ERROR</strong>: This username is already registered. Please choose another one.' ));
145
146 /* checking e-mail address */
147 if ( empty ( $user->user_email ) ) {
148 $errors->add( 'user_email', __( '<strong>ERROR</strong>: Please enter an e-mail address.' ), array( 'form-field' => 'email' ) );
149 } else
150 if (!is_email( $user->user_email ) ) {
151 $errors->add( 'user_email', __( "<strong>ERROR</strong>: The e-mail address isn't correct." ), array( 'form-field' => 'email' ) );
152 }
153
154 if ( $errors->get_error_codes() )
155 return $errors;
156
157 if ( $update ) {
158 $user_id = wp_update_user( get_object_vars( $user ));
159 } else {
160 $user_id = wp_insert_user( get_object_vars( $user ));
161 wp_new_user_notification( $user_id );
162 }
163 return $user_id;
164}
165
166/**
167 * {@internal Missing Short Description}}
168 *
169 * {@internal Missing Long Description}}
170 *
171 * @since unknown
172 *
173 * @return array List of user IDs.
174 */
175function get_author_user_ids() {
176 global $wpdb;
177 $level_key = $wpdb->prefix . 'user_level';
178 return $wpdb->get_col( $wpdb->prepare("SELECT user_id FROM $wpdb->usermeta WHERE meta_key = %s AND meta_value != '0'", $level_key) );
179}
180
181/**
182 * {@internal Missing Short Description}}
183 *
184 * {@internal Missing Long Description}}
185 *
186 * @since unknown
187 *
188 * @param int $user_id User ID.
189 * @return array|bool List of editable authors. False if no editable users.
190 */
191function get_editable_authors( $user_id ) {
192 global $wpdb;
193
194 $editable = get_editable_user_ids( $user_id );
195
196 if( !$editable ) {
197 return false;
198 } else {
199 $editable = join(',', $editable);
200 $authors = $wpdb->get_results( "SELECT * FROM $wpdb->users WHERE ID IN ($editable) ORDER BY display_name" );
201 }
202
203 return apply_filters('get_editable_authors', $authors);
204}
205
206/**
207 * {@internal Missing Short Description}}
208 *
209 * {@internal Missing Long Description}}
210 *
211 * @since unknown
212 *
213 * @param int $user_id User ID.
214 * @param bool $exclude_zeros Optional, default is true. Whether to exclude zeros.
215 * @return unknown
216 */
217function get_editable_user_ids( $user_id, $exclude_zeros = true, $post_type = 'post' ) {
218 global $wpdb;
219
220 $user = new WP_User( $user_id );
221
222 if ( ! $user->has_cap("edit_others_{$post_type}s") ) {
223 if ( $user->has_cap("edit_{$post_type}s") || $exclude_zeros == false )
224 return array($user->id);
225 else
226 return false;
227 }
228
229 $level_key = $wpdb->prefix . 'user_level';
230
231 $query = $wpdb->prepare("SELECT user_id FROM $wpdb->usermeta WHERE meta_key = %s", $level_key);
232 if ( $exclude_zeros )
233 $query .= " AND meta_value != '0'";
234
235 return $wpdb->get_col( $query );
236}
237
238/**
239 * {@internal Missing Short Description}}
240 *
241 * {@internal Missing Long Description}}
242 *
243 * @since unknown
244 *
245 * @return unknown
246 */
247function get_nonauthor_user_ids() {
248 global $wpdb;
249 $level_key = $wpdb->prefix . 'user_level';
250
251 return $wpdb->get_col( $wpdb->prepare("SELECT user_id FROM $wpdb->usermeta WHERE meta_key = %s AND meta_value = '0'", $level_key) );
252}
253
254/**
255 * Retrieve editable posts from other users.
256 *
257 * @since unknown
258 *
259 * @param int $user_id User ID to not retrieve posts from.
260 * @param string $type Optional, defaults to 'any'. Post type to retrieve, can be 'draft' or 'pending'.
261 * @return array List of posts from others.
262 */
263function get_others_unpublished_posts($user_id, $type='any') {
264 global $wpdb;
265
266 $editable = get_editable_user_ids( $user_id );
267
268 if ( in_array($type, array('draft', 'pending')) )
269 $type_sql = " post_status = '$type' ";
270 else
271 $type_sql = " ( post_status = 'draft' OR post_status = 'pending' ) ";
272
273 $dir = ( 'pending' == $type ) ? 'ASC' : 'DESC';
274
275 if( !$editable ) {
276 $other_unpubs = '';
277 } else {
278 $editable = join(',', $editable);
279 $other_unpubs = $wpdb->get_results( $wpdb->prepare("SELECT ID, post_title, post_author FROM $wpdb->posts WHERE post_type = 'post' AND $type_sql AND post_author IN ($editable) AND post_author != %d ORDER BY post_modified $dir", $user_id) );
280 }
281
282 return apply_filters('get_others_drafts', $other_unpubs);
283}
284
285/**
286 * Retrieve drafts from other users.
287 *
288 * @since unknown
289 *
290 * @param int $user_id User ID.
291 * @return array List of drafts from other users.
292 */
293function get_others_drafts($user_id) {
294 return get_others_unpublished_posts($user_id, 'draft');
295}
296
297/**
298 * Retrieve pending review posts from other users.
299 *
300 * @since unknown
301 *
302 * @param int $user_id User ID.
303 * @return array List of posts with pending review post type from other users.
304 */
305function get_others_pending($user_id) {
306 return get_others_unpublished_posts($user_id, 'pending');
307}
308
309/**
310 * Retrieve user data and filter it.
311 *
312 * @since unknown
313 *
314 * @param int $user_id User ID.
315 * @return object WP_User object with user data.
316 */
317function get_user_to_edit( $user_id ) {
318 $user = new WP_User( $user_id );
319 $user->user_login = attribute_escape($user->user_login);
320 $user->user_email = attribute_escape($user->user_email);
321 $user->user_url = clean_url($user->user_url);
322 $user->first_name = attribute_escape($user->first_name);
323 $user->last_name = attribute_escape($user->last_name);
324 $user->display_name = attribute_escape($user->display_name);
325 $user->nickname = attribute_escape($user->nickname);
326 $user->aim = isset( $user->aim ) && !empty( $user->aim ) ? attribute_escape($user->aim) : '';
327 $user->yim = isset( $user->yim ) && !empty( $user->yim ) ? attribute_escape($user->yim) : '';
328 $user->jabber = isset( $user->jabber ) && !empty( $user->jabber ) ? attribute_escape($user->jabber) : '';
329 $user->description = isset( $user->description ) && !empty( $user->description ) ? wp_specialchars($user->description) : '';
330
331 return $user;
332}
333
334/**
335 * Retrieve the user's drafts.
336 *
337 * @since unknown
338 *
339 * @param int $user_id User ID.
340 * @return array
341 */
342function get_users_drafts( $user_id ) {
343 global $wpdb;
344 $query = $wpdb->prepare("SELECT ID, post_title FROM $wpdb->posts WHERE post_type = 'post' AND post_status = 'draft' AND post_author = %d ORDER BY post_modified DESC", $user_id);
345 $query = apply_filters('get_users_drafts', $query);
346 return $wpdb->get_results( $query );
347}
348
349/**
350 * Remove user and optionally reassign posts and links to another user.
351 *
352 * If the $reassign parameter is not assigned to an User ID, then all posts will
353 * be deleted of that user. The action 'delete_user' that is passed the User ID
354 * being deleted will be run after the posts are either reassigned or deleted.
355 * The user meta will also be deleted that are for that User ID.
356 *
357 * @since unknown
358 *
359 * @param int $id User ID.
360 * @param int $reassign Optional. Reassign posts and links to new User ID.
361 * @return bool True when finished.
362 */
363function wp_delete_user($id, $reassign = 'novalue') {
364 global $wpdb;
365
366 $id = (int) $id;
367
368 if ($reassign == 'novalue') {
369 $post_ids = $wpdb->get_col( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_author = %d", $id) );
370
371 if ($post_ids) {
372 foreach ($post_ids as $post_id)
373 wp_delete_post($post_id);
374 }
375
376 // Clean links
377 $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->links WHERE link_owner = %d", $id) );
378 } else {
379 $reassign = (int) $reassign;
380 $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_author = %d WHERE post_author = %d", $reassign, $id) );
381 $wpdb->query( $wpdb->prepare("UPDATE $wpdb->links SET link_owner = %d WHERE link_owner = %d", $reassign, $id) );
382 }
383
384 // FINALLY, delete user
385 do_action('delete_user', $id);
386
387 $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->users WHERE ID = %d", $id) );
388 $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->usermeta WHERE user_id = %d", $id) );
389
390 wp_cache_delete($id, 'users');
391 wp_cache_delete($user->user_login, 'userlogins');
392 wp_cache_delete($user->user_email, 'useremail');
393
394 return true;
395}
396
397/**
398 * Remove all capabilities from user.
399 *
400 * @since unknown
401 *
402 * @param int $id User ID.
403 */
404function wp_revoke_user($id) {
405 $id = (int) $id;
406
407 $user = new WP_User($id);
408 $user->remove_all_caps();
409}
410
411if ( !class_exists('WP_User_Search') ) :
412/**
413 * WordPress User Search class.
414 *
415 * @since unknown
416 * @author Mark Jaquith
417 */
418class WP_User_Search {
419
420 /**
421 * {@internal Missing Description}}
422 *
423 * @since unknown
424 * @access private
425 * @var unknown_type
426 */
427 var $results;
428
429 /**
430 * {@internal Missing Description}}
431 *
432 * @since unknown
433 * @access private
434 * @var unknown_type
435 */
436 var $search_term;
437
438 /**
439 * Page number.
440 *
441 * @since unknown
442 * @access private
443 * @var int
444 */
445 var $page;
446
447 /**
448 * Role name that users have.
449 *
450 * @since unknown
451 * @access private
452 * @var string
453 */
454 var $role;
455
456 /**
457 * Raw page number.
458 *
459 * @since unknown
460 * @access private
461 * @var int|bool
462 */
463 var $raw_page;
464
465 /**
466 * Amount of users to display per page.
467 *
468 * @since unknown
469 * @access public
470 * @var int
471 */
472 var $users_per_page = 50;
473
474 /**
475 * {@internal Missing Description}}
476 *
477 * @since unknown
478 * @access private
479 * @var unknown_type
480 */
481 var $first_user;
482
483 /**
484 * {@internal Missing Description}}
485 *
486 * @since unknown
487 * @access private
488 * @var int
489 */
490 var $last_user;
491
492 /**
493 * {@internal Missing Description}}
494 *
495 * @since unknown
496 * @access private
497 * @var unknown_type
498 */
499 var $query_limit;
500
501 /**
502 * {@internal Missing Description}}
503 *
504 * @since unknown
505 * @access private
506 * @var unknown_type
507 */
508 var $query_sort;
509
510 /**
511 * {@internal Missing Description}}
512 *
513 * @since unknown
514 * @access private
515 * @var unknown_type
516 */
517 var $query_from_where;
518
519 /**
520 * {@internal Missing Description}}
521 *
522 * @since unknown
523 * @access private
524 * @var int
525 */
526 var $total_users_for_query = 0;
527
528 /**
529 * {@internal Missing Description}}
530 *
531 * @since unknown
532 * @access private
533 * @var bool
534 */
535 var $too_many_total_users = false;
536
537 /**
538 * {@internal Missing Description}}
539 *
540 * @since unknown
541 * @access private
542 * @var unknown_type
543 */
544 var $search_errors;
545
546 /**
547 * {@internal Missing Description}}
548 *
549 * @since unknown
550 * @access private
551 * @var unknown_type
552 */
553 var $paging_text;
554
555 /**
556 * PHP4 Constructor - Sets up the object properties.
557 *
558 * @since unknown
559 *
560 * @param string $search_term Search terms string.
561 * @param int $page Optional. Page ID.
562 * @param string $role Role name.
563 * @return WP_User_Search
564 */
565 function WP_User_Search ($search_term = '', $page = '', $role = '') {
566 $this->search_term = $search_term;
567 $this->raw_page = ( '' == $page ) ? false : (int) $page;
568 $this->page = (int) ( '' == $page ) ? 1 : $page;
569 $this->role = $role;
570
571 $this->prepare_query();
572 $this->query();
573 $this->prepare_vars_for_template_usage();
574 $this->do_paging();
575 }
576
577 /**
578 * {@internal Missing Short Description}}
579 *
580 * {@internal Missing Long Description}}
581 *
582 * @since unknown
583 * @access public
584 */
585 function prepare_query() {
586 global $wpdb;
587 $this->first_user = ($this->page - 1) * $this->users_per_page;
588 $this->query_limit = $wpdb->prepare(" LIMIT %d, %d", $this->first_user, $this->users_per_page);
589 $this->query_sort = ' ORDER BY user_login';
590 $search_sql = '';
591 if ( $this->search_term ) {
592 $searches = array();
593 $search_sql = 'AND (';
594 foreach ( array('user_login', 'user_nicename', 'user_email', 'user_url', 'display_name') as $col )
595 $searches[] = $col . " LIKE '%$this->search_term%'";
596 $search_sql .= implode(' OR ', $searches);
597 $search_sql .= ')';
598 }
599
600 $this->query_from_where = "FROM $wpdb->users";
601 if ( $this->role )
602 $this->query_from_where .= $wpdb->prepare(" INNER JOIN $wpdb->usermeta ON $wpdb->users.ID = $wpdb->usermeta.user_id WHERE $wpdb->usermeta.meta_key = '{$wpdb->prefix}capabilities' AND $wpdb->usermeta.meta_value LIKE %s", '%' . $this->role . '%');
603 else
604 $this->query_from_where .= " WHERE 1=1";
605 $this->query_from_where .= " $search_sql";
606
607 }
608
609 /**
610 * {@internal Missing Short Description}}
611 *
612 * {@internal Missing Long Description}}
613 *
614 * @since unknown
615 * @access public
616 */
617 function query() {
618 global $wpdb;
619 $this->results = $wpdb->get_col('SELECT ID ' . $this->query_from_where . $this->query_sort . $this->query_limit);
620
621 if ( $this->results )
622 $this->total_users_for_query = $wpdb->get_var('SELECT COUNT(ID) ' . $this->query_from_where); // no limit
623 else
624 $this->search_errors = new WP_Error('no_matching_users_found', __('No matching users were found!'));
625 }
626
627 /**
628 * {@internal Missing Short Description}}
629 *
630 * {@internal Missing Long Description}}
631 *
632 * @since unknown
633 * @access public
634 */
635 function prepare_vars_for_template_usage() {
636 $this->search_term = stripslashes($this->search_term); // done with DB, from now on we want slashes gone
637 }
638
639 /**
640 * {@internal Missing Short Description}}
641 *
642 * {@internal Missing Long Description}}
643 *
644 * @since unknown
645 * @access public
646 */
647 function do_paging() {
648 if ( $this->total_users_for_query > $this->users_per_page ) { // have to page the results
649 $args = array();
650 if( ! empty($this->search_term) )
651 $args['usersearch'] = urlencode($this->search_term);
652 if( ! empty($this->role) )
653 $args['role'] = urlencode($this->role);
654
655 $this->paging_text = paginate_links( array(
656 'total' => ceil($this->total_users_for_query / $this->users_per_page),
657 'current' => $this->page,
658 'base' => 'users.php?%_%',
659 'format' => 'userspage=%#%',
660 'add_args' => $args
661 ) );
662 if ( $this->paging_text ) {
663 $this->paging_text = sprintf( '<span class="displaying-num">' . __( 'Displaying %s&#8211;%s of %s' ) . '</span>%s',
664 number_format_i18n( ( $this->page - 1 ) * $this->users_per_page + 1 ),
665 number_format_i18n( min( $this->page * $this->users_per_page, $this->total_users_for_query ) ),
666 number_format_i18n( $this->total_users_for_query ),
667 $this->paging_text
668 );
669 }
670 }
671 }
672
673 /**
674 * {@internal Missing Short Description}}
675 *
676 * {@internal Missing Long Description}}
677 *
678 * @since unknown
679 * @access public
680 *
681 * @return unknown
682 */
683 function get_results() {
684 return (array) $this->results;
685 }
686
687 /**
688 * Displaying paging text.
689 *
690 * @see do_paging() Builds paging text.
691 *
692 * @since unknown
693 * @access public
694 */
695 function page_links() {
696 echo $this->paging_text;
697 }
698
699 /**
700 * Whether paging is enabled.
701 *
702 * @see do_paging() Builds paging text.
703 *
704 * @since unknown
705 * @access public
706 *
707 * @return bool
708 */
709 function results_are_paged() {
710 if ( $this->paging_text )
711 return true;
712 return false;
713 }
714
715 /**
716 * Whether there are search terms.
717 *
718 * @since unknown
719 * @access public
720 *
721 * @return bool
722 */
723 function is_search() {
724 if ( $this->search_term )
725 return true;
726 return false;
727 }
728}
729endif;
730
731?>