2003-12-07 20:28:41 -05:00
< ? php
2004-04-25 00:24:06 -04:00
require_once ( '../wp-includes/wp-l10n.php' );
$title = __ ( 'Users' );
2004-08-22 19:24:50 -04:00
$parent_file = 'users.php' ;
2003-12-07 20:28:41 -05:00
2003-12-18 04:36:13 -05:00
$wpvarstoreset = array ( 'action' , 'standalone' , 'redirect' , 'profile' );
for ( $i = 0 ; $i < count ( $wpvarstoreset ); $i += 1 ) {
$wpvar = $wpvarstoreset [ $i ];
if ( ! isset ( $$wpvar )) {
2004-04-20 18:56:47 -04:00
if ( empty ( $_POST [ " $wpvar " ])) {
if ( empty ( $_GET [ " $wpvar " ])) {
2003-12-18 04:36:13 -05:00
$$wpvar = '' ;
2003-12-07 20:28:41 -05:00
} else {
2004-04-20 18:56:47 -04:00
$$wpvar = $_GET [ " $wpvar " ];
2003-12-07 20:28:41 -05:00
}
} else {
2004-04-20 18:56:47 -04:00
$$wpvar = $_POST [ " $wpvar " ];
2003-12-07 20:28:41 -05:00
}
}
}
switch ( $action ) {
2003-12-23 15:21:29 -05:00
case 'adduser' :
$standalone = 1 ;
require_once ( 'admin-header.php' );
2004-05-17 16:34:05 -04:00
2004-05-17 23:58:05 -04:00
check_admin_referer ();
2004-05-17 16:34:05 -04:00
2003-12-23 15:21:29 -05:00
function filter ( $value ) {
return ereg ( '^[a-zA-Z0-9\_-\|]+$' , $value );
}
2004-04-20 18:56:47 -04:00
$user_login = $_POST [ 'user_login' ];
$pass1 = $_POST [ 'pass1' ];
$pass2 = $_POST [ 'pass2' ];
$user_email = $_POST [ 'email' ];
$user_firstname = $_POST [ 'firstname' ];
$user_lastname = $_POST [ 'lastname' ];
2004-06-14 10:58:10 -04:00
$user_uri = $_POST [ 'uri' ];
2003-12-23 15:21:29 -05:00
/* checking login has been typed */
if ( $user_login == '' ) {
2004-04-25 00:24:06 -04:00
die ( __ ( '<strong>ERROR</strong>: Please enter a login.' ));
2003-12-23 15:21:29 -05:00
}
/* checking the password has been typed twice */
if ( $pass1 == '' || $pass2 == '' ) {
2004-04-25 00:24:06 -04:00
die ( __ ( '<strong>ERROR</strong>: Please enter your password twice.' ));
2003-12-23 15:21:29 -05:00
}
/* checking the password has been typed twice the same */
if ( $pass1 != $pass2 ) {
2004-04-25 00:24:06 -04:00
die ( __ ( '<strong>ERROR</strong>: Please type the same password in the two password fields.' ));
2003-12-23 15:21:29 -05:00
}
$user_nickname = $user_login ;
/* checking the login isn't already used by another user */
2004-05-24 04:22:18 -04:00
$loginthere = $wpdb -> get_var ( " SELECT user_login FROM $wpdb->users WHERE user_login = ' $user_login ' " );
2003-12-23 15:21:29 -05:00
if ( $loginthere ) {
2004-04-25 00:24:06 -04:00
die ( __ ( '<strong>ERROR</strong>: This login is already registered, please choose another one.' ));
2003-12-23 15:21:29 -05:00
}
2004-05-17 08:38:19 -04:00
/* checking e-mail address */
if ( empty ( $_POST [ " email " ])) {
die ( __ ( " <strong>ERROR</strong>: please type an e-mail address " ));
return false ;
} else if ( ! is_email ( $_POST [ " email " ])) {
die ( __ ( " <strong>ERROR</strong>: the email address isn't correct " ));
return false ;
}
2003-12-23 15:21:29 -05:00
2004-08-08 16:38:19 -04:00
$user_ID = $wpdb -> get_var ( " SELECT ID FROM $wpdb->users ORDER BY ID DESC LIMIT 1 " ) + 1 ;
$user_nicename = sanitize_title ( $user_nickname , $user_ID );
2004-06-14 10:58:10 -04:00
$user_uri = preg_match ( '/^(https?|ftps?|mailto|news|gopher):/is' , $user_uri ) ? $user_uri : 'http://' . $user_uri ;
2004-02-23 09:29:55 -05:00
$now = gmdate ( 'Y-m-d H:i:s' );
2004-02-29 03:43:36 -05:00
$new_users_can_blog = get_settings ( 'new_users_can_blog' );
2003-12-23 15:21:29 -05:00
2004-05-24 04:22:18 -04:00
$result = $wpdb -> query ( " INSERT INTO $wpdb->users
2004-06-14 10:58:10 -04:00
( user_login , user_pass , user_nickname , user_email , user_ip , user_domain , user_browser , dateYMDhour , user_level , user_idmode , user_firstname , user_lastname , user_nicename , user_url )
2003-12-23 15:21:29 -05:00
VALUES
2004-06-14 10:58:10 -04:00
( '$user_login' , MD5 ( '$pass1' ), '$user_nickname' , '$user_email' , '$user_ip' , '$user_domain' , '$user_browser' , '$now' , '$new_users_can_blog' , 'nickname' , '$user_firstname' , '$user_lastname' , '$user_nicename' , '$user_uri' ) " );
2003-12-07 20:28:41 -05:00
2003-12-23 15:21:29 -05:00
if ( $result == false ) {
2004-04-25 00:24:06 -04:00
die ( __ ( '<strong>ERROR</strong>: Couldn’t register you!' ));
2003-12-23 15:21:29 -05:00
}
$stars = '' ;
for ( $i = 0 ; $i < strlen ( $pass1 ); $i = $i + 1 ) {
$stars .= '*' ;
}
2004-06-17 20:22:09 -04:00
$user_login = stripslashes ( $user_login );
2004-03-01 01:13:32 -05:00
$message = 'New user registration on your blog ' . get_settings ( 'blogname' ) . " : \r \n \r \n " ;
2003-12-23 15:21:29 -05:00
$message .= " Login: $user_login\r\n\r\nE -mail: $user_email " ;
2004-03-01 14:55:45 -05:00
@ mail ( get_settings ( 'admin_email' ), '[' . get_settings ( 'blogname' ) . '] New User Registration' , $message );
2003-12-23 15:21:29 -05:00
header ( 'Location: users.php' );
break ;
2003-12-07 20:28:41 -05:00
case 'promote' :
$standalone = 1 ;
2003-12-10 19:22:36 -05:00
require_once ( 'admin-header.php' );
2003-12-07 20:28:41 -05:00
2004-05-17 23:58:05 -04:00
check_admin_referer ();
2004-05-17 16:34:05 -04:00
2004-04-20 18:56:47 -04:00
if ( empty ( $_GET [ 'prom' ])) {
2003-12-07 20:28:41 -05:00
header ( 'Location: users.php' );
}
2004-04-20 18:56:47 -04:00
$id = $_GET [ 'id' ];
$prom = $_GET [ 'prom' ];
2003-12-07 20:28:41 -05:00
$user_data = get_userdata ( $id );
$usertopromote_level = $user_data -> user_level ;
if ( $user_level <= $usertopromote_level ) {
2004-04-25 00:24:06 -04:00
die ( __ ( 'Can’t change the level of a user whose level is higher than yours.' ));
2003-12-07 20:28:41 -05:00
}
if ( 'up' == $prom ) {
2003-12-30 11:02:27 -05:00
$new_level = $usertopromote_level + 1 ;
2004-05-24 04:22:18 -04:00
$sql = " UPDATE $wpdb->users SET user_level= $new_level WHERE ID = $id AND $new_level < $user_level " ;
2003-12-07 20:28:41 -05:00
} elseif ( 'down' == $prom ) {
2003-12-30 11:02:27 -05:00
$new_level = $usertopromote_level - 1 ;
2004-05-24 04:22:18 -04:00
$sql = " UPDATE $wpdb->users SET user_level= $new_level WHERE ID = $id AND $new_level < $user_level " ;
2003-12-07 20:28:41 -05:00
}
$result = $wpdb -> query ( $sql );
header ( 'Location: users.php' );
break ;
case 'delete' :
$standalone = 1 ;
2003-12-10 19:22:36 -05:00
require_once ( 'admin-header.php' );
2003-12-07 20:28:41 -05:00
2004-05-17 23:58:05 -04:00
check_admin_referer ();
2004-05-17 16:34:05 -04:00
2004-04-20 18:56:47 -04:00
$id = intval ( $_GET [ 'id' ]);
2003-12-07 20:28:41 -05:00
if ( ! $id ) {
header ( 'Location: users.php' );
}
$user_data = get_userdata ( $id );
$usertodelete_level = $user_data -> user_level ;
if ( $user_level <= $usertodelete_level )
2004-04-25 00:24:06 -04:00
die ( __ ( 'Can’t delete a user whose level is higher than yours.' ));
2003-12-07 20:28:41 -05:00
2004-05-24 04:22:18 -04:00
$post_ids = $wpdb -> get_col ( " SELECT ID FROM $wpdb->posts WHERE post_author = $id " );
2004-04-28 16:36:31 -04:00
if ( $post_ids ) {
$post_ids = implode ( ',' , $post_ids );
// Delete comments, *backs
2004-05-24 04:22:18 -04:00
$wpdb -> query ( " DELETE FROM $wpdb->comments WHERE comment_post_ID IN ( $post_ids ) " );
2004-04-28 16:36:31 -04:00
// Clean cats
2004-05-24 04:22:18 -04:00
$wpdb -> query ( " DELETE FROM $wpdb->post2cat WHERE post_id IN ( $post_ids ) " );
2004-04-28 16:36:31 -04:00
// Clean post_meta
2004-05-24 04:22:18 -04:00
$wpdb -> query ( " DELETE FROM $wpdb->postmeta WHERE post_id IN ( $post_ids ) " );
2004-04-28 16:36:31 -04:00
// Clean links
2004-05-24 04:22:18 -04:00
$wpdb -> query ( " DELETE FROM $wpdb->links WHERE link_owner = $id " );
2004-04-28 16:36:31 -04:00
// Delete posts
2004-05-24 04:22:18 -04:00
$wpdb -> query ( " DELETE FROM $wpdb->posts WHERE post_author = $id " );
2004-04-28 16:36:31 -04:00
}
2004-04-30 00:41:47 -04:00
// FINALLY, delete user
2004-05-24 04:22:18 -04:00
$wpdb -> query ( " DELETE FROM $wpdb->users WHERE ID = $id " );
2004-04-14 14:00:16 -04:00
header ( 'Location: users.php?deleted=true' );
2003-12-07 20:28:41 -05:00
break ;
default :
$standalone = 0 ;
2003-12-10 19:22:36 -05:00
include ( 'admin-header.php' );
2003-12-07 20:28:41 -05:00
?>
2004-07-21 03:23:45 -04:00
2004-05-07 19:56:33 -04:00
< ? php if ( isset ( $_GET [ 'deleted' ])) : ?>
2004-04-25 00:24:06 -04:00
< div class = " updated " >< p >< ? php _e ( 'User deleted.' ) ?> </p></div>
2004-04-14 14:00:16 -04:00
< ? php endif ; ?>
2003-12-07 20:28:41 -05:00
< div class = " wrap " >
2004-04-25 00:24:06 -04:00
< h2 >< ? php _e ( 'Authors' ) ?> </h2>
2003-12-08 03:12:09 -05:00
< table cellpadding = " 3 " cellspacing = " 3 " width = " 100% " >
2003-12-07 20:28:41 -05:00
< tr >
2004-04-25 00:24:06 -04:00
< th >< ? php _e ( 'ID' ) ?> </th>
< th >< ? php _e ( 'Nickname' ) ?> </th>
< th >< ? php _e ( 'Name' ) ?> </th>
< th >< ? php _e ( 'E-mail' ) ?> </th>
2004-05-05 04:27:43 -04:00
< th >< ? php _e ( 'Website' ) ?> </th>
2004-04-25 00:24:06 -04:00
< th >< ? php _e ( 'Level' ) ?> </th>
< th >< ? php _e ( 'Posts' ) ?> </th>
2004-08-01 05:13:50 -04:00
< th >& nbsp ; </ th >
2003-12-07 20:28:41 -05:00
</ tr >
< ? php
2004-05-24 04:22:18 -04:00
$users = $wpdb -> get_results ( " SELECT ID FROM $wpdb->users WHERE user_level > 0 ORDER BY ID " );
2004-05-07 19:56:33 -04:00
$style = '' ;
2003-12-07 20:28:41 -05:00
foreach ( $users as $user ) {
$user_data = get_userdata ( $user -> ID );
$email = $user_data -> user_email ;
$url = $user_data -> user_url ;
2004-06-17 20:22:09 -04:00
$short_url = str_replace ( 'http://' , '' , $url );
2003-12-07 20:28:41 -05:00
$short_url = str_replace ( 'www.' , '' , $short_url );
if ( '/' == substr ( $short_url , - 1 ))
$short_url = substr ( $short_url , 0 , - 1 );
if ( strlen ( $short_url ) > 35 )
$short_url = substr ( $short_url , 0 , 32 ) . '...' ;
2003-12-08 03:12:09 -05:00
$style = ( 'class="alternate"' == $style ) ? '' : 'class="alternate"' ;
2004-05-24 04:22:18 -04:00
$numposts = $wpdb -> get_var ( " SELECT COUNT(*) FROM $wpdb->posts WHERE post_author = $user->ID and post_status = 'publish' " );
2004-04-25 00:24:06 -04:00
if ( 0 < $numposts ) $numposts = " <a href='edit.php?author= $user_data->ID ' title=' " . __ ( 'View posts' ) . " '> $numposts </a> " ;
2003-12-07 20:28:41 -05:00
echo "
2003-12-08 03:12:09 -05:00
< tr $style >
< td align = 'center' > $user_data -> ID </ td >
2003-12-07 20:28:41 -05:00
< td >< strong > $user_data -> user_nickname </ strong ></ td >
< td > $user_data -> user_firstname $user_data -> user_lastname </ td >
2004-04-25 00:24:06 -04:00
< td >< a href = 'mailto:$email' title = '" . sprintf(__(' e - mail : % s '), $email) . "' > $email </ a ></ td >
2003-12-07 20:28:41 -05:00
< td >< a href = '$url' title = 'website: $url' > $short_url </ a ></ td >
< td align = 'center' > " ;
if (( $user_level >= 2 ) and ( $user_level > $user_data -> user_level ) and ( $user_data -> user_level > 0 ))
2004-06-11 14:23:12 -04:00
echo " <a href= \" users.php?action=promote&id= " . $user_data -> ID . " &prom=down \" >-</a> " ;
2003-12-07 20:28:41 -05:00
echo $user_data -> user_level ;
if (( $user_level >= 2 ) and ( $user_level > ( $user_data -> user_level + 1 )))
2004-06-11 14:23:12 -04:00
echo " <a href= \" users.php?action=promote&id= " . $user_data -> ID . " &prom=up \" >+</a> " ;
echo " </td><td align='right'> $numposts </td> " ;
2004-08-01 05:13:50 -04:00
echo '<td>' ;
if (( $user_level >= 2 ) and ( $user_level > $user_data -> user_level ))
echo " <a href='user-edit.php?user_id= $user_data->ID ' class='edit'>Edit</a> " ;
echo '</td>' ;
2003-12-07 20:28:41 -05:00
echo '</tr>' ;
}
?>
</ table >
</ div >
< ? php
2004-05-24 04:22:18 -04:00
$users = $wpdb -> get_results ( " SELECT * FROM $wpdb->users WHERE user_level = 0 ORDER BY ID " );
2003-12-07 20:28:41 -05:00
if ( $users ) {
?>
< div class = " wrap " >
2004-04-25 00:24:06 -04:00
< h2 >< ? php _e ( 'Users' ) ?> </h2>
2003-12-08 03:12:09 -05:00
< table cellpadding = " 3 " cellspacing = " 3 " width = " 100% " >
2003-12-07 20:28:41 -05:00
< tr >
2004-04-25 00:24:06 -04:00
< th >< ? php _e ( 'ID' ) ?> </th>
< th >< ? php _e ( 'Nickname' ) ?> </th>
< th >< ? php _e ( 'Name' ) ?> </th>
< th >< ? php _e ( 'E-mail' ) ?> </th>
2004-05-05 04:27:43 -04:00
< th >< ? php _e ( 'Website' ) ?> </th>
2004-04-25 00:24:06 -04:00
< th >< ? php _e ( 'Level' ) ?> </th>
2004-08-01 05:13:50 -04:00
< th ></ th >
2003-12-07 20:28:41 -05:00
</ tr >
2004-07-21 03:44:55 -04:00
< ? php
$style = '' ;
foreach ( $users as $user ) {
$user_data = get_userdata ( $user -> ID );
$email = $user_data -> user_email ;
$url = $user_data -> user_url ;
$short_url = str_replace ( 'http://' , '' , $url );
$short_url = str_replace ( 'www.' , '' , $short_url );
if ( '/' == substr ( $short_url , - 1 ))
$short_url = substr ( $short_url , 0 , - 1 );
if ( strlen ( $short_url ) > 35 )
$short_url = substr ( $short_url , 0 , 32 ) . '...' ;
$style = ( 'class="alternate"' == $style ) ? '' : 'class="alternate"' ;
2003-12-08 03:12:09 -05:00
echo " \n <tr $style >
< td align = 'center' > $user_data -> ID </ td >
2004-06-11 14:23:12 -04:00
< td >< strong > $user_data -> user_nickname </ strong ></ td >
2003-12-08 03:12:09 -05:00
< td > $user_data -> user_firstname $user_data -> user_lastname </ td >
2004-04-25 00:24:06 -04:00
< td >< a href = 'mailto:$email' title = '" . sprintf(__(' e - mail : % s '), $email) . "' > $email </ a ></ td >
2003-12-08 03:12:09 -05:00
< td >< a href = '$url' title = 'website: $url' > $short_url </ a ></ td >
< td align = 'center' > " ;
2004-07-21 03:44:55 -04:00
if ( $user_level >= 3 )
echo " <a href= \" users.php?action=delete&id= " . $user_data -> ID . " \" style= \" color:red;font-weight:bold; \" >X</a> " ;
echo $user_data -> user_level ;
if ( $user_level >= 2 )
echo " <a href= \" users.php?action=promote&id= " . $user_data -> ID . " &prom=up \" >+</a> " ;
2004-08-01 05:13:50 -04:00
echo " </td> \n " ;
2004-07-21 03:44:55 -04:00
}
2004-08-01 05:13:50 -04:00
echo '<td>' ;
if (( $user_level >= 2 ) and ( $user_level > $user_data -> user_level ))
echo " <a href='user-edit.php?user_id= $user_data->ID ' class='edit'>Edit</a> " ;
echo '</td>' ;
echo '</tr>' ;
2004-07-21 03:44:55 -04:00
?>
2003-12-07 20:28:41 -05:00
</ table >
2004-07-21 03:44:55 -04:00
< p >< ? php _e ( 'To delete an author or user, bring his level to zero, then click on the red X. <strong>Warning:</strong> Deleting a user also deletes all posts made by this user.' ) ?> </p>
2003-12-07 20:28:41 -05:00
</ div >
< ? php
} ?>
< div class = " wrap " >
2004-07-21 03:44:55 -04:00
< h2 >< ? php _e ( 'Add New User' ) ?> </h2>
2004-04-25 00:24:06 -04:00
< ? php printf ( __ ( '<p>Users can <a href="%s/wp-register.php">register themselves</a> or you can manually create users here.</p>' ), get_settings ( 'siteurl' )); ?>
2003-12-23 15:21:29 -05:00
< form action = " " method = " post " name = " adduser " id = " adduser " >
2004-05-05 04:27:43 -04:00
< table class = " editform " width = " 100% " cellspacing = " 2 " cellpadding = " 5 " >
2003-12-23 15:21:29 -05:00
< tr >
2004-05-05 04:27:43 -04:00
< th scope = " row " width = " 33% " >< ? php _e ( 'Nickname' ) ?>
2003-12-23 15:21:29 -05:00
< input name = " action " type = " hidden " id = " action " value = " adduser " /></ th >
2004-05-05 04:27:43 -04:00
< td width = " 66% " >< input name = " user_login " type = " text " id = " user_login " /></ td >
2003-12-23 15:21:29 -05:00
</ tr >
< tr >
2004-04-25 00:24:06 -04:00
< th scope = " row " >< ? php _e ( 'First Name' ) ?> </th>
2003-12-23 15:21:29 -05:00
< td >< input name = " firstname " type = " text " id = " firstname " /></ td >
</ tr >
< tr >
2004-04-25 00:24:06 -04:00
< th scope = " row " >< ? php _e ( 'Last Name' ) ?> </th>
2003-12-23 15:21:29 -05:00
< td >< input name = " lastname " type = " text " id = " lastname " /></ td >
</ tr >
< tr >
2004-05-05 04:27:43 -04:00
< th scope = " row " >< ? php _e ( 'E-mail' ) ?> </th>
2003-12-23 15:21:29 -05:00
< td >< input name = " email " type = " text " id = " email " /></ td >
</ tr >
< tr >
2004-05-05 04:27:43 -04:00
< th scope = " row " >< ? php _e ( 'Website' ) ?> </th>
2003-12-23 15:21:29 -05:00
< td >< input name = " uri " type = " text " id = " uri " /></ td >
</ tr >
< tr >
2004-04-25 00:24:06 -04:00
< th scope = " row " >< ? php _e ( 'Password (twice)' ) ?> </th>
2004-01-21 17:44:28 -05:00
< td >< input name = " pass1 " type = " password " id = " pass1 " />
2003-12-23 15:21:29 -05:00
< br />
2004-01-21 17:44:28 -05:00
< input name = " pass2 " type = " password " id = " pass2 " /></ td >
2003-12-23 15:21:29 -05:00
</ tr >
</ table >
2004-04-28 00:59:54 -04:00
< p class = " submit " >
2004-06-11 14:23:12 -04:00
< input name = " adduser " type = " submit " id = " adduser " value = " <?php _e('Add User') ?> » " />
2003-12-23 15:21:29 -05:00
</ p >
</ form >
2003-12-07 20:28:41 -05:00
</ div >
< ? php
break ;
}
2004-08-22 19:24:50 -04:00
2003-12-10 19:22:36 -05:00
include ( 'admin-footer.php' );
2004-08-22 19:24:50 -04:00
?>