2003-12-07 20:28:41 -05:00
< ? php
2008-08-16 03:27:34 -04:00
/**
* Users administration panel .
*
* @ package WordPress
* @ subpackage Administration
*/
/** WordPress Administration Bootstrap */
2010-08-11 17:54:51 -04:00
require_once ( './admin.php' );
2008-08-16 03:27:34 -04:00
2010-10-24 22:58:25 -04:00
$wp_list_table = get_list_table ( 'WP_Users_Table' );
2010-08-22 07:22:46 -04:00
$wp_list_table -> check_permissions ();
2006-11-30 13:38:06 -05:00
2006-11-18 02:31:29 -05:00
$title = __ ( 'Users' );
2006-11-30 13:38:06 -05:00
$parent_file = 'users.php' ;
2006-11-18 02:31:29 -05:00
2010-10-07 15:34:18 -04:00
add_screen_option ( 'per_page' , array ( 'label' => _x ( 'Users' , 'users per page (screen options)' )) );
2010-05-27 19:10:26 -04:00
// contextual help - choose Help on the top right of admin panel to preview this.
add_contextual_help ( $current_screen ,
'<p>' . __ ( 'This screen lists all the existing users for your site. Each user has one of five defined roles as set by the site admin: Site Administrator, Editor, Author, Contributor, or Subscriber. Users with roles other than Administrator will see fewer options when they are logged in, based on their role.' ) . '</p>' .
2010-06-02 16:04:07 -04:00
'<p>' . __ ( 'You can customize the display of information on this screen as you can on other screens, by using the Screen Options tab and the on-screen filters.' ) . '</p>' .
'<p>' . __ ( 'To add a new user for your site, click the Add New button at the top of the screen or Add New in the Users menu section.' ) . '</p>' .
2010-05-27 19:10:26 -04:00
'<p><strong>' . __ ( 'For more information:' ) . '</strong></p>' .
2010-06-03 23:42:43 -04:00
'<p>' . __ ( '<a href="http://codex.wordpress.org/Users_Authors_and_Users_SubPanel" target="_blank">Documentation on Authors and Users</a>' ) . '</p>' .
'<p>' . __ ( '<a href="http://codex.wordpress.org/Roles_and_Capabilities" target="_blank">Roles and Capabilities Descriptions</a>' ) . '</p>' .
'<p>' . __ ( '<a href="http://wordpress.org/support/" target="_blank">Support Forums</a>' ) . '</p>'
2010-05-27 19:10:26 -04:00
);
2008-02-16 16:44:50 -05:00
if ( empty ( $_REQUEST ) ) {
2009-05-05 15:43:53 -04:00
$referer = '<input type="hidden" name="wp_http_referer" value="' . esc_attr ( stripslashes ( $_SERVER [ 'REQUEST_URI' ])) . '" />' ;
2008-02-16 16:44:50 -05:00
} elseif ( isset ( $_REQUEST [ 'wp_http_referer' ]) ) {
$redirect = remove_query_arg ( array ( 'wp_http_referer' , 'updated' , 'delete_count' ), stripslashes ( $_REQUEST [ 'wp_http_referer' ]));
2009-05-05 15:43:53 -04:00
$referer = '<input type="hidden" name="wp_http_referer" value="' . esc_attr ( $redirect ) . '" />' ;
2006-06-08 14:36:05 -04:00
} else {
$redirect = 'users.php' ;
2008-08-14 13:00:37 -04:00
$referer = '' ;
2006-06-08 14:36:05 -04:00
}
2010-09-21 20:10:39 -04:00
$update = '' ;
switch ( $wp_list_table -> current_action () ) {
2005-07-12 11:53:13 -04:00
2009-01-06 17:00:05 -05:00
/* Bulk Dropdown menu Role changes */
2005-07-12 11:53:13 -04:00
case 'promote' :
2006-05-02 18:36:06 -04:00
check_admin_referer ( 'bulk-users' );
2004-05-17 16:34:05 -04:00
2010-01-18 17:21:36 -05:00
if ( empty ( $_REQUEST [ 'users' ]) ) {
2006-06-27 01:38:56 -04:00
wp_redirect ( $redirect );
2006-11-14 18:44:25 -05:00
exit ();
2005-07-12 11:53:13 -04:00
}
2003-12-23 15:21:29 -05:00
2009-01-06 17:00:05 -05:00
$editable_roles = get_editable_roles ();
2010-04-03 04:08:12 -04:00
if ( empty ( $editable_roles [ $_REQUEST [ 'new_role' ]] ) )
2009-01-06 17:00:05 -05:00
wp_die ( __ ( 'You can’t give users that role.' ));
2003-12-23 15:21:29 -05:00
2008-02-16 16:44:50 -05:00
$userids = $_REQUEST [ 'users' ];
2005-11-12 23:40:18 -05:00
$update = 'promote' ;
2010-01-18 17:21:36 -05:00
foreach ( $userids as $id ) {
2010-06-06 11:12:47 -04:00
$id = ( int ) $id ;
2010-04-21 13:58:10 -04:00
if ( ! current_user_can ( 'promote_user' , $id ) )
2006-07-05 18:00:03 -04:00
wp_die ( __ ( 'You can’t edit that user.' ));
2010-04-21 13:58:10 -04:00
// The new role of the current user must also have promote_users caps
2010-04-21 13:43:53 -04:00
if ( $id == $current_user -> ID && ! $wp_roles -> role_objects [ $_REQUEST [ 'new_role' ]] -> has_cap ( 'promote_users' ) ) {
2005-11-12 23:40:18 -05:00
$update = 'err_admin_role' ;
continue ;
}
2010-06-06 11:05:18 -04:00
// If the user doesn't already belong to the blog, bail.
2010-06-06 11:25:27 -04:00
if ( is_multisite () && ! is_user_member_of_blog ( $id ) )
2010-06-06 11:05:18 -04:00
wp_die ( __ ( 'Cheatin’ uh?' ));
2006-06-08 14:36:05 -04:00
$user = new WP_User ( $id );
2008-02-16 16:44:50 -05:00
$user -> set_role ( $_REQUEST [ 'new_role' ]);
2006-06-08 14:36:05 -04:00
}
2006-02-12 02:53:23 -05:00
2006-06-27 01:38:56 -04:00
wp_redirect ( add_query_arg ( 'update' , $update , $redirect ));
2006-11-14 19:02:28 -05:00
exit ();
2005-03-09 17:49:42 -05:00
2005-07-12 11:53:13 -04:00
break ;
2003-12-23 15:21:29 -05:00
2005-07-12 11:53:13 -04:00
case 'dodelete' :
2010-04-21 13:43:53 -04:00
if ( is_multisite () )
wp_die ( __ ( 'User deletion is not allowed from this screen.' ) );
2003-12-23 15:21:29 -05:00
2006-05-02 18:36:06 -04:00
check_admin_referer ( 'delete-users' );
2005-07-12 11:53:13 -04:00
2008-02-16 16:44:50 -05:00
if ( empty ( $_REQUEST [ 'users' ]) ) {
2006-06-27 01:38:56 -04:00
wp_redirect ( $redirect );
2006-11-14 19:02:28 -05:00
exit ();
2004-05-17 08:38:19 -04:00
}
2003-12-23 15:21:29 -05:00
2010-04-21 13:43:53 -04:00
if ( ! current_user_can ( 'delete_users' ) )
wp_die ( __ ( 'You can’t delete users.' ));
2003-12-23 15:21:29 -05:00
2008-02-16 16:44:50 -05:00
$userids = $_REQUEST [ 'users' ];
2005-11-12 23:40:18 -05:00
$update = 'del' ;
2006-06-08 14:36:05 -04:00
$delete_count = 0 ;
foreach ( ( array ) $userids as $id ) {
2010-06-06 11:12:47 -04:00
$id = ( int ) $id ;
2010-04-21 13:43:53 -04:00
if ( ! current_user_can ( 'delete_user' , $id ) )
wp_die ( __ ( 'You can’t delete that user.' ) );
2006-06-08 14:36:05 -04:00
2010-01-18 17:21:36 -05:00
if ( $id == $current_user -> ID ) {
2005-11-12 23:40:18 -05:00
$update = 'err_admin_del' ;
continue ;
}
2010-01-18 17:21:36 -05:00
switch ( $_REQUEST [ 'delete_option' ] ) {
2005-07-12 11:53:13 -04:00
case 'delete' :
2010-04-21 13:43:53 -04:00
if ( current_user_can ( 'delete_user' , $id ) )
2010-01-13 21:02:19 -05:00
wp_delete_user ( $id );
2010-05-03 19:04:42 -04:00
break ;
2005-07-12 11:53:13 -04:00
case 'reassign' :
2010-04-21 13:43:53 -04:00
if ( current_user_can ( 'delete_user' , $id ) )
2010-01-13 21:02:19 -05:00
wp_delete_user ( $id , $_REQUEST [ 'reassign_user' ]);
2005-07-12 11:53:13 -04:00
break ;
}
2006-06-08 14:36:05 -04:00
++ $delete_count ;
2005-07-12 11:53:13 -04:00
}
2003-12-23 15:21:29 -05:00
2006-11-08 16:14:53 -05:00
$redirect = add_query_arg ( array ( 'delete_count' => $delete_count , 'update' => $update ), $redirect );
wp_redirect ( $redirect );
2006-11-14 19:02:28 -05:00
exit ();
2003-12-23 15:21:29 -05:00
break ;
2005-07-12 11:53:13 -04:00
case 'delete' :
2010-04-21 13:58:10 -04:00
if ( is_multisite () )
wp_die ( __ ( 'User deletion is not allowed from this screen.' ) );
2006-05-02 18:36:06 -04:00
check_admin_referer ( 'bulk-users' );
2004-05-17 16:34:05 -04:00
2008-09-17 00:39:08 -04:00
if ( empty ( $_REQUEST [ 'users' ]) && empty ( $_REQUEST [ 'user' ]) ) {
2006-06-27 01:38:56 -04:00
wp_redirect ( $redirect );
2006-11-14 19:02:28 -05:00
exit ();
}
2003-12-07 20:28:41 -05:00
2010-04-21 13:43:53 -04:00
if ( ! current_user_can ( 'delete_users' ) )
2010-04-03 01:14:34 -04:00
$errors = new WP_Error ( 'edit_users' , __ ( 'You can’t delete users.' ) );
2003-12-07 20:28:41 -05:00
2008-09-17 00:39:08 -04:00
if ( empty ( $_REQUEST [ 'users' ]) )
$userids = array ( intval ( $_REQUEST [ 'user' ]));
else
$userids = $_REQUEST [ 'users' ];
2005-07-08 21:27:46 -04:00
2005-07-12 11:53:13 -04:00
include ( 'admin-header.php' );
?>
< form action = " " method = " post " name = " updateusers " id = " updateusers " >
2006-05-02 18:36:06 -04:00
< ? php wp_nonce_field ( 'delete-users' ) ?>
2006-06-08 14:36:05 -04:00
< ? php echo $referer ; ?>
2008-01-07 15:38:49 -05:00
2005-07-12 11:53:13 -04:00
< div class = " wrap " >
2008-11-26 18:35:23 -05:00
< ? php screen_icon (); ?>
2005-11-12 23:40:18 -05:00
< h2 >< ? php _e ( 'Delete Users' ); ?> </h2>
< p >< ? php _e ( 'You have specified these users for deletion:' ); ?> </p>
< ul >
< ? php
$go_delete = false ;
2006-06-08 14:36:05 -04:00
foreach ( ( array ) $userids as $id ) {
2008-11-20 12:26:52 -05:00
$id = ( int ) $id ;
2006-06-08 14:36:05 -04:00
$user = new WP_User ( $id );
2006-11-19 23:29:06 -05:00
if ( $id == $current_user -> ID ) {
2005-12-12 17:48:30 -05:00
echo " <li> " . sprintf ( __ ( 'ID #%1s: %2s <strong>The current user will not be deleted.</strong>' ), $id , $user -> user_login ) . " </li> \n " ;
2005-11-12 23:40:18 -05:00
} else {
2009-05-05 15:43:53 -04:00
echo " <li><input type= \" hidden \" name= \" users[] \" value= \" " . esc_attr ( $id ) . " \" /> " . sprintf ( __ ( 'ID #%1s: %2s' ), $id , $user -> user_login ) . " </li> \n " ;
2005-11-12 23:40:18 -05:00
$go_delete = true ;
2005-07-12 11:53:13 -04:00
}
2006-06-08 14:36:05 -04:00
}
2010-09-05 15:00:51 -04:00
$all_logins = get_users ();
2006-06-08 14:36:05 -04:00
$user_dropdown = '<select name="reassign_user">' ;
foreach ( ( array ) $all_logins as $login )
2006-11-19 23:29:06 -05:00
if ( $login -> ID == $current_user -> ID || ! in_array ( $login -> ID , $userids ) )
2009-05-05 15:43:53 -04:00
$user_dropdown .= " <option value= \" " . esc_attr ( $login -> ID ) . " \" > { $login -> user_login } </option> " ;
2006-06-08 14:36:05 -04:00
$user_dropdown .= '</select>' ;
?>
</ ul >
< ? php if ( $go_delete ) : ?>
2008-05-04 06:37:06 -04:00
< fieldset >< p >< legend >< ? php _e ( 'What should be done with posts and links owned by this user?' ); ?> </legend></p>
2005-07-12 11:53:13 -04:00
< ul style = " list-style:none; " >
< li >< label >< input type = " radio " id = " delete_option0 " name = " delete_option " value = " delete " checked = " checked " />
< ? php _e ( 'Delete all posts and links.' ); ?> </label></li>
< li >< input type = " radio " id = " delete_option1 " name = " delete_option " value = " reassign " />
2005-12-02 17:37:02 -05:00
< ? php echo '<label for="delete_option1">' . __ ( 'Attribute all posts and links to:' ) . " </label> $user_dropdown " ; ?> </li>
2008-05-04 06:37:06 -04:00
</ ul ></ fieldset >
2005-07-12 11:53:13 -04:00
< input type = " hidden " name = " action " value = " dodelete " />
2010-10-17 14:24:34 -04:00
< ? php submit_button ( __ ( 'Confirm Deletion' ), 'secondary' ); ?>
2005-11-12 23:40:18 -05:00
< ? php else : ?>
< p >< ? php _e ( 'There are no valid users selected for deletion.' ); ?> </p>
< ? php endif ; ?>
2005-07-12 11:53:13 -04:00
</ div >
</ form >
< ? php
2003-12-07 20:28:41 -05:00
break ;
2010-04-21 13:43:53 -04:00
case 'doremove' :
check_admin_referer ( 'remove-users' );
if ( empty ( $_REQUEST [ 'users' ]) ) {
wp_redirect ( $redirect );
exit ;
}
if ( ! current_user_can ( 'remove_users' ) )
die ( __ ( 'You can’t remove users.' ));
$userids = $_REQUEST [ 'users' ];
$update = 'remove' ;
foreach ( $userids as $id ) {
$id = ( int ) $id ;
if ( $id == $current_user -> id && ! is_super_admin () ) {
$update = 'err_admin_remove' ;
continue ;
}
2010-05-15 10:43:13 -04:00
if ( ! current_user_can ( 'remove_user' , $id ) ) {
2010-04-21 13:43:53 -04:00
$update = 'err_admin_remove' ;
continue ;
}
remove_user_from_blog ( $id , $blog_id );
}
$redirect = add_query_arg ( array ( 'update' => $update ), $redirect );
wp_redirect ( $redirect );
exit ;
break ;
case 'remove' :
check_admin_referer ( 'bulk-users' );
if ( empty ( $_REQUEST [ 'users' ]) && empty ( $_REQUEST [ 'user' ]) ) {
wp_redirect ( $redirect );
exit ();
}
if ( ! current_user_can ( 'remove_users' ) )
$error = new WP_Error ( 'edit_users' , __ ( 'You can’t remove users.' ));
if ( empty ( $_REQUEST [ 'users' ]) )
$userids = array ( intval ( $_REQUEST [ 'user' ]));
else
$userids = $_REQUEST [ 'users' ];
include ( 'admin-header.php' );
?>
< form action = " " method = " post " name = " updateusers " id = " updateusers " >
< ? php wp_nonce_field ( 'remove-users' ) ?>
< ? php echo $referer ; ?>
< div class = " wrap " >
< ? php screen_icon (); ?>
2010-04-29 23:17:49 -04:00
< h2 >< ? php _e ( 'Remove Users from Site' ); ?> </h2>
2010-04-21 13:43:53 -04:00
< p >< ? php _e ( 'You have specified these users for removal:' ); ?> </p>
< ul >
< ? php
$go_remove = false ;
foreach ( $userids as $id ) {
$id = ( int ) $id ;
$user = new WP_User ( $id );
if ( $id == $current_user -> id && ! is_super_admin () ) {
echo " <li> " . sprintf ( __ ( 'ID #%1s: %2s <strong>The current user will not be removed.</strong>' ), $id , $user -> user_login ) . " </li> \n " ;
} elseif ( ! current_user_can ( 'remove_user' , $id ) ) {
echo " <li> " . sprintf ( __ ( 'ID #%1s: %2s <strong>You don\'t have permission to remove this user.</strong>' ), $id , $user -> user_login ) . " </li> \n " ;
} else {
echo " <li><input type= \" hidden \" name= \" users[] \" value= \" { $id } \" /> " . sprintf ( __ ( 'ID #%1s: %2s' ), $id , $user -> user_login ) . " </li> \n " ;
$go_remove = true ;
}
}
?>
< ? php if ( $go_remove ) : ?>
< input type = " hidden " name = " action " value = " doremove " />
2010-10-17 14:24:34 -04:00
< ? php submit_button ( __ ( 'Confirm Removal' ), 'secondary' ); ?>
2010-04-21 13:43:53 -04:00
< ? php else : ?>
< p >< ? php _e ( 'There are no valid users selected for removal.' ); ?> </p>
< ? php endif ; ?>
</ div >
</ form >
< ? php
break ;
2003-12-07 20:28:41 -05:00
default :
2008-02-20 00:45:16 -05:00
if ( ! empty ( $_GET [ '_wp_http_referer' ]) ) {
wp_redirect ( remove_query_arg ( array ( '_wp_http_referer' , '_wpnonce' ), stripslashes ( $_SERVER [ 'REQUEST_URI' ])));
2008-03-02 15:17:30 -05:00
exit ;
2008-02-20 00:45:16 -05:00
}
2010-08-22 07:22:46 -04:00
$wp_list_table -> prepare_items ();
2008-09-29 05:26:21 -04:00
2010-08-11 17:54:51 -04:00
include ( './admin-header.php' );
2010-03-03 14:08:30 -05:00
2008-09-11 14:54:05 -04:00
$messages = array ();
2006-06-08 14:36:05 -04:00
if ( isset ( $_GET [ 'update' ]) ) :
2005-07-12 11:53:13 -04:00
switch ( $_GET [ 'update' ]) {
case 'del' :
2006-06-08 14:36:05 -04:00
case 'del_many' :
2008-09-11 14:54:05 -04:00
$delete_count = isset ( $_GET [ 'delete_count' ]) ? ( int ) $_GET [ 'delete_count' ] : 0 ;
2009-12-26 04:00:58 -05:00
$messages [] = '<div id="message" class="updated"><p>' . sprintf ( _n ( '%s user deleted' , '%s users deleted' , $delete_count ), $delete_count ) . '</p></div>' ;
2005-07-12 11:53:13 -04:00
break ;
case 'add' :
2009-12-26 04:00:58 -05:00
$messages [] = '<div id="message" class="updated"><p>' . __ ( 'New user created.' ) . '</p></div>' ;
2005-07-12 11:53:13 -04:00
break ;
case 'promote' :
2009-12-26 04:00:58 -05:00
$messages [] = '<div id="message" class="updated"><p>' . __ ( 'Changed roles.' ) . '</p></div>' ;
2005-07-12 11:53:13 -04:00
break ;
2005-11-12 23:40:18 -05:00
case 'err_admin_role' :
2009-05-05 00:28:05 -04:00
$messages [] = '<div id="message" class="error"><p>' . __ ( 'The current user’s role must have user editing capabilities.' ) . '</p></div>' ;
2009-12-26 04:00:58 -05:00
$messages [] = '<div id="message" class="updated"><p>' . __ ( 'Other user roles have been changed.' ) . '</p></div>' ;
2005-11-12 23:40:18 -05:00
break ;
case 'err_admin_del' :
2009-05-05 00:28:05 -04:00
$messages [] = '<div id="message" class="error"><p>' . __ ( 'You can’t delete the current user.' ) . '</p></div>' ;
2009-12-26 04:00:58 -05:00
$messages [] = '<div id="message" class="updated"><p>' . __ ( 'Other users have been deleted.' ) . '</p></div>' ;
2005-11-12 23:40:18 -05:00
break ;
2010-04-21 13:43:53 -04:00
case 'remove' :
2010-04-29 23:17:49 -04:00
$messages [] = '<div id="message" class="updated fade"><p>' . __ ( 'User removed from this site.' ) . '</p></div>' ;
2010-04-21 13:43:53 -04:00
break ;
case 'err_admin_remove' :
$messages [] = '<div id="message" class="error"><p>' . __ ( " You can't remove the current user. " ) . '</p></div>' ;
$messages [] = '<div id="message" class="updated fade"><p>' . __ ( 'Other users have been removed.' ) . '</p></div>' ;
break ;
2005-07-12 11:53:13 -04:00
}
2006-06-08 14:36:05 -04:00
endif ; ?>
2008-08-14 13:00:37 -04:00
< ? php if ( isset ( $errors ) && is_wp_error ( $errors ) ) : ?>
2005-07-12 11:53:13 -04:00
< div class = " error " >
< ul >
< ? php
2008-09-11 14:54:05 -04:00
foreach ( $errors -> get_error_messages () as $err )
echo " <li> $err </li> \n " ;
2005-07-12 11:53:13 -04:00
?>
</ ul >
</ div >
2008-09-29 05:26:21 -04:00
< ? php endif ;
2008-09-11 14:54:05 -04:00
if ( ! empty ( $messages ) ) {
foreach ( $messages as $msg )
echo $msg ;
} ?>
2006-06-08 14:36:05 -04:00
< div class = " wrap " >
2008-11-26 08:51:25 -05:00
< ? php screen_icon (); ?>
2010-02-01 03:12:56 -05:00
< h2 >< ? php echo esc_html ( $title ); if ( current_user_can ( 'create_users' ) ) { ?> <a href="user-new.php" class="button add-new-h2"><?php echo esc_html_x('Add New', 'user'); ?></a><?php }
2010-08-11 17:54:51 -04:00
if ( $usersearch )
printf ( '<span class="subtitle">' . __ ( 'Search results for “%s”' ) . '</span>' , esc_html ( $usersearch ) ); ?>
2008-12-04 20:18:19 -05:00
</ h2 >
2008-09-19 01:31:00 -04:00
2010-09-05 17:26:27 -04:00
< ? php $wp_list_table -> views (); ?>
2008-08-20 17:42:31 -04:00
2008-10-24 15:21:19 -04:00
< form class = " search-form " action = " " method = " get " >
< p class = " search-box " >
2009-05-12 18:40:56 -04:00
< label class = " screen-reader-text " for = " user-search-input " >< ? php _e ( 'Search Users' ); ?> :</label>
2010-08-11 17:54:51 -04:00
< input type = " text " id = " user-search-input " name = " usersearch " value = " <?php echo esc_attr( $usersearch ); ?> " />
2010-10-30 20:28:02 -04:00
< ? php submit_button ( __ ( 'Search Users' ), 'button' , 'submit' , false ); ?>
2008-10-24 15:21:19 -04:00
</ p >
</ form >
2010-08-11 17:54:51 -04:00
< form id = " posts-filter " action = " " method = " post " >
2010-08-22 07:22:46 -04:00
< ? php $wp_list_table -> display (); ?>
2008-03-30 12:48:31 -04:00
</ form >
2006-06-08 14:36:05 -04:00
2010-01-13 21:02:19 -05:00
< ? php
if ( is_multisite () ) {
foreach ( array ( 'user_login' => 'user_login' , 'first_name' => 'user_firstname' , 'last_name' => 'user_lastname' , 'email' => 'user_email' , 'url' => 'user_uri' , 'role' => 'user_role' ) as $formpost => $var ) {
$var = 'new_' . $var ;
$$var = isset ( $_REQUEST [ $formpost ]) ? esc_attr ( stripslashes ( $_REQUEST [ $formpost ])) : '' ;
}
unset ( $name );
}
?>
2008-03-14 19:58:31 -04:00
< br class = " clear " />
2007-09-03 19:32:58 -04:00
< ? php
2003-12-07 20:28:41 -05:00
break ;
2006-06-08 14:36:05 -04:00
2008-09-29 05:26:21 -04:00
} // end of the $doaction switch
2004-08-22 19:24:50 -04:00
2010-04-18 02:14:45 -04:00
include ( './admin-footer.php' );