2007-05-25 03:16:21 -04:00
< ? php
2008-10-01 21:03:26 -04:00
/**
* WordPress user administration API .
*
* @ package WordPress
* @ subpackage Administration
*/
/**
* Creates a new user from the " Users " form using $_POST information .
*
2009-01-06 17:00:05 -05:00
* @ since 2.0
2008-10-01 21:03:26 -04:00
*
* @ return null | WP_Error | int Null when adding user , WP_Error or User ID integer when no parameters .
*/
2007-05-25 03:16:21 -04:00
function add_user () {
2012-01-05 15:38:40 -05:00
return edit_user ();
2007-05-25 03:16:21 -04:00
}
2008-10-01 21:03:26 -04:00
/**
2009-01-06 17:00:05 -05:00
* Edit user settings based on contents of $_POST
2008-10-01 21:03:26 -04:00
*
2009-01-06 17:00:05 -05:00
* Used on user - edit . php and profile . php to manage and process user options , passwords etc .
2008-10-01 21:03:26 -04:00
*
2009-01-06 17:00:05 -05:00
* @ since 2.0
2008-10-01 21:03:26 -04:00
*
* @ param int $user_id Optional . User ID .
2009-01-06 17:00:05 -05:00
* @ return int user id of the updated user
2008-10-01 21:03:26 -04:00
*/
2007-05-25 03:16:21 -04:00
function edit_user ( $user_id = 0 ) {
2010-06-24 11:01:29 -04:00
global $wp_roles , $wpdb ;
2010-11-17 19:26:29 -05:00
$user = new stdClass ;
2010-11-15 01:38:10 -05:00
if ( $user_id ) {
2007-05-25 03:16:21 -04:00
$update = true ;
$user -> ID = ( int ) $user_id ;
$userdata = get_userdata ( $user_id );
$user -> user_login = $wpdb -> escape ( $userdata -> user_login );
} else {
$update = false ;
}
2009-09-14 09:57:48 -04:00
if ( ! $update && isset ( $_POST [ 'user_login' ] ) )
2009-09-18 16:47:24 -04:00
$user -> user_login = sanitize_user ( $_POST [ 'user_login' ], true );
2007-05-25 03:16:21 -04:00
$pass1 = $pass2 = '' ;
if ( isset ( $_POST [ 'pass1' ] ))
$pass1 = $_POST [ 'pass1' ];
if ( isset ( $_POST [ 'pass2' ] ))
$pass2 = $_POST [ 'pass2' ];
2007-09-03 19:32:58 -04:00
if ( isset ( $_POST [ 'role' ] ) && current_user_can ( 'edit_users' ) ) {
2009-09-14 09:57:48 -04:00
$new_role = sanitize_text_field ( $_POST [ 'role' ] );
2010-02-27 13:07:25 -05:00
$potential_role = isset ( $wp_roles -> role_objects [ $new_role ]) ? $wp_roles -> role_objects [ $new_role ] : false ;
2009-01-06 17:00:05 -05:00
// Don't let anyone with 'edit_users' (admins) edit their own role to something without it.
2010-04-02 00:30:00 -04:00
// Multisite super admins can freely edit their blog roles -- they possess all caps.
2010-06-24 11:01:29 -04:00
if ( ( is_multisite () && current_user_can ( 'manage_sites' ) ) || $user_id != get_current_user_id () || ( $potential_role && $potential_role -> has_cap ( 'edit_users' ) ) )
2009-09-14 09:57:48 -04:00
$user -> role = $new_role ;
2009-01-06 17:00:05 -05:00
// If the new role isn't editable by the logged-in user die with error
$editable_roles = get_editable_roles ();
2010-04-03 04:08:12 -04:00
if ( ! empty ( $new_role ) && empty ( $editable_roles [ $new_role ] ) )
2009-01-06 17:00:05 -05:00
wp_die ( __ ( 'You can’t give users that role.' ));
2007-05-25 03:16:21 -04:00
}
if ( isset ( $_POST [ 'email' ] ))
2009-09-14 09:57:48 -04:00
$user -> user_email = sanitize_text_field ( $_POST [ 'email' ] );
2007-05-25 03:16:21 -04:00
if ( isset ( $_POST [ 'url' ] ) ) {
2009-05-13 18:41:05 -04:00
if ( empty ( $_POST [ 'url' ] ) || $_POST [ 'url' ] == 'http://' ) {
$user -> user_url = '' ;
} else {
2010-02-13 05:35:10 -05:00
$user -> user_url = esc_url_raw ( $_POST [ 'url' ] );
2009-05-13 18:41:05 -04:00
$user -> user_url = preg_match ( '/^(https?|ftps?|mailto|news|irc|gopher|nntp|feed|telnet):/is' , $user -> user_url ) ? $user -> user_url : 'http://' . $user -> user_url ;
}
2007-05-25 03:16:21 -04:00
}
2009-09-14 09:57:48 -04:00
if ( isset ( $_POST [ 'first_name' ] ) )
$user -> first_name = sanitize_text_field ( $_POST [ 'first_name' ] );
if ( isset ( $_POST [ 'last_name' ] ) )
$user -> last_name = sanitize_text_field ( $_POST [ 'last_name' ] );
if ( isset ( $_POST [ 'nickname' ] ) )
$user -> nickname = sanitize_text_field ( $_POST [ 'nickname' ] );
if ( isset ( $_POST [ 'display_name' ] ) )
$user -> display_name = sanitize_text_field ( $_POST [ 'display_name' ] );
if ( isset ( $_POST [ 'description' ] ) )
2007-05-25 03:16:21 -04:00
$user -> description = trim ( $_POST [ 'description' ] );
2009-09-14 09:57:48 -04:00
2010-10-21 11:42:06 -04:00
foreach ( _wp_get_user_contactmethods ( $user ) as $method => $name ) {
2009-08-06 17:59:52 -04:00
if ( isset ( $_POST [ $method ] ))
2009-09-14 09:57:48 -04:00
$user -> $method = sanitize_text_field ( $_POST [ $method ] );
}
if ( $update ) {
$user -> rich_editing = isset ( $_POST [ 'rich_editing' ] ) && 'false' == $_POST [ 'rich_editing' ] ? 'false' : 'true' ;
$user -> admin_color = isset ( $_POST [ 'admin_color' ] ) ? sanitize_text_field ( $_POST [ 'admin_color' ] ) : 'fresh' ;
2010-12-17 16:48:30 -05:00
$user -> show_admin_bar_front = isset ( $_POST [ 'admin_bar_front' ] ) ? 'true' : 'false' ;
2009-08-06 17:59:52 -04:00
}
2007-05-25 03:16:21 -04:00
2009-09-14 09:57:48 -04:00
$user -> comment_shortcuts = isset ( $_POST [ 'comment_shortcuts' ] ) && 'true' == $_POST [ 'comment_shortcuts' ] ? 'true' : '' ;
2008-12-09 13:03:31 -05:00
2008-08-21 13:40:38 -04:00
$user -> use_ssl = 0 ;
if ( ! empty ( $_POST [ 'use_ssl' ]) )
$user -> use_ssl = 1 ;
2007-05-25 03:16:21 -04:00
$errors = new WP_Error ();
/* checking that username has been typed */
if ( $user -> user_login == '' )
$errors -> add ( 'user_login' , __ ( '<strong>ERROR</strong>: Please enter a username.' ));
/* checking the password has been typed twice */
do_action_ref_array ( 'check_passwords' , array ( $user -> user_login , & $pass1 , & $pass2 ));
2007-11-01 02:23:16 -04:00
if ( $update ) {
if ( empty ( $pass1 ) && ! empty ( $pass2 ) )
$errors -> add ( 'pass' , __ ( '<strong>ERROR</strong>: You entered your new password only once.' ), array ( 'form-field' => 'pass1' ) );
elseif ( ! empty ( $pass1 ) && empty ( $pass2 ) )
$errors -> add ( 'pass' , __ ( '<strong>ERROR</strong>: You entered your new password only once.' ), array ( 'form-field' => 'pass2' ) );
2007-05-25 03:16:21 -04:00
} else {
2007-11-01 02:23:16 -04:00
if ( empty ( $pass1 ) )
$errors -> add ( 'pass' , __ ( '<strong>ERROR</strong>: Please enter your password.' ), array ( 'form-field' => 'pass1' ) );
elseif ( empty ( $pass2 ) )
$errors -> add ( 'pass' , __ ( '<strong>ERROR</strong>: Please enter your password twice.' ), array ( 'form-field' => 'pass2' ) );
2007-05-25 03:16:21 -04:00
}
/* Check for "\" in password */
2009-05-12 01:21:32 -04:00
if ( false !== strpos ( stripslashes ( $pass1 ), " \\ " ) )
2007-11-01 02:23:16 -04:00
$errors -> add ( 'pass' , __ ( '<strong>ERROR</strong>: Passwords may not contain the character "\\".' ), array ( 'form-field' => 'pass1' ) );
2007-05-25 03:16:21 -04:00
/* checking the password has been typed twice the same */
if ( $pass1 != $pass2 )
2007-11-01 02:23:16 -04:00
$errors -> add ( 'pass' , __ ( '<strong>ERROR</strong>: Please enter the same password in the two password fields.' ), array ( 'form-field' => 'pass1' ) );
2007-05-25 03:16:21 -04:00
2009-09-14 09:57:48 -04:00
if ( ! empty ( $pass1 ) )
2007-05-25 03:16:21 -04:00
$user -> user_pass = $pass1 ;
2010-05-03 19:46:42 -04:00
if ( ! $update && isset ( $_POST [ 'user_login' ] ) && ! validate_username ( $_POST [ 'user_login' ] ) )
$errors -> add ( 'user_login' , __ ( '<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.' ));
2007-05-25 03:16:21 -04:00
2009-09-14 09:57:48 -04:00
if ( ! $update && username_exists ( $user -> user_login ) )
2007-10-04 15:38:35 -04:00
$errors -> add ( 'user_login' , __ ( '<strong>ERROR</strong>: This username is already registered. Please choose another one.' ));
2007-05-25 03:16:21 -04:00
/* checking e-mail address */
2009-09-14 09:57:48 -04:00
if ( empty ( $user -> user_email ) ) {
2009-04-17 14:43:40 -04:00
$errors -> add ( 'empty_email' , __ ( '<strong>ERROR</strong>: Please enter an e-mail address.' ), array ( 'form-field' => 'email' ) );
2009-09-14 09:57:48 -04:00
} elseif ( ! is_email ( $user -> user_email ) ) {
2009-05-05 00:28:05 -04:00
$errors -> add ( 'invalid_email' , __ ( '<strong>ERROR</strong>: The e-mail address isn’t correct.' ), array ( 'form-field' => 'email' ) );
2010-10-13 16:26:43 -04:00
} elseif ( ( $owner_id = email_exists ( $user -> user_email ) ) && ( ! $update || ( $owner_id != $user -> ID ) ) ) {
2009-04-17 14:43:40 -04:00
$errors -> add ( 'email_exists' , __ ( '<strong>ERROR</strong>: This email is already registered, please choose another one.' ), array ( 'form-field' => 'email' ) );
}
2007-05-25 03:16:21 -04:00
2009-09-14 09:57:48 -04:00
// Allow plugins to return their own errors.
2009-05-24 19:47:49 -04:00
do_action_ref_array ( 'user_profile_update_errors' , array ( & $errors , $update , & $user ) );
2007-05-25 03:16:21 -04:00
if ( $errors -> get_error_codes () )
return $errors ;
if ( $update ) {
2009-09-14 09:57:48 -04:00
$user_id = wp_update_user ( get_object_vars ( $user ) );
2007-05-25 03:16:21 -04:00
} else {
2009-09-14 09:57:48 -04:00
$user_id = wp_insert_user ( get_object_vars ( $user ) );
2009-05-13 18:35:17 -04:00
wp_new_user_notification ( $user_id , isset ( $_POST [ 'send_password' ]) ? $pass1 : '' );
2007-05-25 03:16:21 -04:00
}
return $user_id ;
}
2009-01-06 17:00:05 -05:00
/**
2009-03-17 22:43:45 -04:00
* Fetch a filtered list of user roles that the current user is
* allowed to edit .
2009-01-06 17:00:05 -05:00
*
2009-03-17 22:43:45 -04:00
* Simple function who ' s main purpose is to allow filtering of the
2009-01-06 17:00:05 -05:00
* list of roles in the $wp_roles object so that plugins can remove
2011-09-03 10:18:10 -04:00
* inappropriate ones depending on the situation or user making edits .
2009-01-06 17:00:05 -05:00
* Specifically because without filtering anyone with the edit_users
* capability can edit others to be administrators , even if they are
* only editors or authors . This filter allows admins to delegate
2009-03-17 22:43:45 -04:00
* user management .
2009-01-06 17:00:05 -05:00
*
* @ since 2.8
*
* @ return unknown
*/
function get_editable_roles () {
global $wp_roles ;
$all_roles = $wp_roles -> roles ;
2009-03-17 22:43:45 -04:00
$editable_roles = apply_filters ( 'editable_roles' , $all_roles );
2009-01-06 17:00:05 -05:00
return $editable_roles ;
}
2008-10-01 21:03:26 -04:00
/**
* Retrieve user data and filter it .
*
2010-12-01 14:24:38 -05:00
* @ since 2.0 . 5
2008-10-01 21:03:26 -04:00
*
* @ param int $user_id User ID .
* @ return object WP_User object with user data .
*/
2007-05-25 03:16:21 -04:00
function get_user_to_edit ( $user_id ) {
$user = new WP_User ( $user_id );
2009-08-06 17:59:52 -04:00
2011-08-24 15:32:59 -04:00
$user -> filter = 'edit' ;
2007-05-25 03:16:21 -04:00
return $user ;
}
2008-10-01 21:03:26 -04:00
/**
* Retrieve the user ' s drafts .
*
2010-12-01 14:24:38 -05:00
* @ since 2.0 . 0
2008-10-01 21:03:26 -04:00
*
* @ param int $user_id User ID .
* @ return array
*/
2007-05-25 03:16:21 -04:00
function get_users_drafts ( $user_id ) {
global $wpdb ;
2008-04-14 12:13:25 -04:00
$query = $wpdb -> prepare ( " SELECT ID, post_title FROM $wpdb->posts WHERE post_type = 'post' AND post_status = 'draft' AND post_author = %d ORDER BY post_modified DESC " , $user_id );
2007-05-25 03:16:21 -04:00
$query = apply_filters ( 'get_users_drafts' , $query );
return $wpdb -> get_results ( $query );
}
2008-10-01 21:03:26 -04:00
/**
* Remove user and optionally reassign posts and links to another user .
*
* If the $reassign parameter is not assigned to an User ID , then all posts will
* be deleted of that user . The action 'delete_user' that is passed the User ID
* being deleted will be run after the posts are either reassigned or deleted .
* The user meta will also be deleted that are for that User ID .
*
2010-12-01 14:24:38 -05:00
* @ since 2.0 . 0
2008-10-01 21:03:26 -04:00
*
* @ param int $id User ID .
* @ param int $reassign Optional . Reassign posts and links to new User ID .
* @ return bool True when finished .
*/
2010-01-19 14:23:11 -05:00
function wp_delete_user ( $id , $reassign = 'novalue' ) {
2007-05-25 03:16:21 -04:00
global $wpdb ;
$id = ( int ) $id ;
2012-04-18 17:07:31 -04:00
$user = new WP_User ( $id );
2009-04-16 22:13:00 -04:00
2009-04-08 15:01:10 -04:00
// allow for transaction statement
do_action ( 'delete_user' , $id );
2007-05-25 03:16:21 -04:00
2010-01-19 14:23:11 -05:00
if ( 'novalue' === $reassign || null === $reassign ) {
2008-04-14 12:13:25 -04:00
$post_ids = $wpdb -> get_col ( $wpdb -> prepare ( " SELECT ID FROM $wpdb->posts WHERE post_author = %d " , $id ) );
2007-05-25 03:16:21 -04:00
2010-01-19 14:23:11 -05:00
if ( $post_ids ) {
foreach ( $post_ids as $post_id )
2007-05-25 03:16:21 -04:00
wp_delete_post ( $post_id );
}
// Clean links
2009-04-16 22:13:00 -04:00
$link_ids = $wpdb -> get_col ( $wpdb -> prepare ( " SELECT link_id FROM $wpdb->links WHERE link_owner = %d " , $id ) );
if ( $link_ids ) {
foreach ( $link_ids as $link_id )
wp_delete_link ( $link_id );
}
2007-05-25 03:16:21 -04:00
} else {
$reassign = ( int ) $reassign ;
2010-01-07 15:13:54 -05:00
$wpdb -> update ( $wpdb -> posts , array ( 'post_author' => $reassign ), array ( 'post_author' => $id ) );
$wpdb -> update ( $wpdb -> links , array ( 'link_owner' => $reassign ), array ( 'link_owner' => $id ) );
2007-05-25 03:16:21 -04:00
}
// FINALLY, delete user
2012-04-24 18:13:47 -04:00
if ( is_multisite () ) {
remove_user_from_blog ( $id , get_current_blog_id () );
2010-01-14 19:21:13 -05:00
} else {
2012-04-24 18:13:47 -04:00
$meta = $wpdb -> get_col ( $wpdb -> prepare ( " SELECT umeta_id FROM $wpdb->usermeta WHERE user_id = %d " , $id ) );
foreach ( $meta as $mid )
delete_metadata_by_mid ( 'user' , $mid );
$wpdb -> delete ( $wpdb -> users , array ( 'ID' => $id ) );
2010-01-14 19:21:13 -05:00
}
2007-05-25 03:16:21 -04:00
2012-04-18 17:24:53 -04:00
clean_user_cache ( $user );
2009-04-08 15:01:10 -04:00
// allow for commit transaction
do_action ( 'deleted_user' , $id );
2007-05-25 03:16:21 -04:00
return true ;
}
2008-10-01 21:03:26 -04:00
/**
* Remove all capabilities from user .
*
2010-12-01 14:24:38 -05:00
* @ since 2.1 . 0
2008-10-01 21:03:26 -04:00
*
* @ param int $id User ID .
*/
2007-05-25 03:16:21 -04:00
function wp_revoke_user ( $id ) {
$id = ( int ) $id ;
$user = new WP_User ( $id );
$user -> remove_all_caps ();
}
2009-05-03 13:06:29 -04:00
add_action ( 'admin_init' , 'default_password_nag_handler' );
2010-12-01 14:24:38 -05:00
/**
* @ since 2.8 . 0
*/
2009-05-06 12:19:40 -04:00
function default_password_nag_handler ( $errors = false ) {
global $user_ID ;
2010-02-06 01:20:38 -05:00
if ( ! get_user_option ( 'default_password_nag' ) ) //Short circuit it.
2009-05-06 12:19:40 -04:00
return ;
2011-09-03 10:18:10 -04:00
//get_user_setting = JS saved UI setting. else no-js-fallback code.
2009-05-24 19:47:49 -04:00
if ( 'hide' == get_user_setting ( 'default_password_nag' ) || isset ( $_GET [ 'default_password_nag' ]) && '0' == $_GET [ 'default_password_nag' ] ) {
2009-05-03 13:06:29 -04:00
delete_user_setting ( 'default_password_nag' );
2010-02-06 01:20:38 -05:00
update_user_option ( $user_ID , 'default_password_nag' , false , true );
2009-05-03 13:06:29 -04:00
}
}
2009-05-06 12:19:40 -04:00
add_action ( 'profile_update' , 'default_password_nag_edit_user' , 10 , 2 );
2010-12-01 14:24:38 -05:00
/**
* @ since 2.8 . 0
*/
2009-05-06 12:19:40 -04:00
function default_password_nag_edit_user ( $user_ID , $old_data ) {
2010-05-13 17:08:01 -04:00
if ( ! get_user_option ( 'default_password_nag' , $user_ID ) ) //Short circuit it.
2009-05-06 12:19:40 -04:00
return ;
$new_data = get_userdata ( $user_ID );
if ( $new_data -> user_pass != $old_data -> user_pass ) { //Remove the nag if the password has been changed.
2010-05-13 17:08:01 -04:00
delete_user_setting ( 'default_password_nag' , $user_ID );
2010-02-06 01:20:38 -05:00
update_user_option ( $user_ID , 'default_password_nag' , false , true );
2009-05-06 12:19:40 -04:00
}
}
2009-05-03 13:06:29 -04:00
add_action ( 'admin_notices' , 'default_password_nag' );
2010-12-01 14:24:38 -05:00
/**
* @ since 2.8 . 0
*/
2009-05-03 13:06:29 -04:00
function default_password_nag () {
2010-09-13 12:49:04 -04:00
global $pagenow ;
if ( 'profile.php' == $pagenow || ! get_user_option ( 'default_password_nag' ) ) //Short circuit it.
2009-05-03 13:06:29 -04:00
return ;
2010-04-20 13:15:07 -04:00
echo '<div class="error default-password-nag">' ;
echo '<p>' ;
echo '<strong>' . __ ( 'Notice:' ) . '</strong> ' ;
2010-10-07 04:04:15 -04:00
_e ( 'You’re using the auto-generated password for your account. Would you like to change it to something easier to remember?' );
2010-04-27 17:57:18 -04:00
echo '</p><p>' ;
printf ( '<a href="%s">' . __ ( 'Yes, take me to my profile page' ) . '</a> | ' , admin_url ( 'profile.php' ) . '#password' );
printf ( '<a href="%s" id="default-password-nag-no">' . __ ( 'No thanks, do not remind me again' ) . '</a>' , '?default_password_nag=0' );
2009-05-03 13:06:29 -04:00
echo '</p></div>' ;
}