Massive user_level fix. We were still using the user_level field in wp_users in some places, where we should just use the table prefixed usermeta value.

git-svn-id: http://svn.automattic.com/wordpress/trunk@2702 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
matt 2005-07-09 01:27:46 +00:00
parent 233afca132
commit 13f492ab75
14 changed files with 167 additions and 106 deletions

View File

@ -13,12 +13,13 @@ function get_others_drafts( $user_id ) {
$user = get_userdata( $user_id ); $user = get_userdata( $user_id );
$level_key = $wpdb->prefix . 'user_level'; $level_key = $wpdb->prefix . 'user_level';
if ( 1 < $user->user_level ) { if ( 1 < $user->user_level ) {
$editable = $wpdb->get_col("SELECT user_id FROM $wpdb->usermeta WHERE meta_key = '$level_key' AND meta_value <= '$user->user_level' AND user_id != $user_id"); $editable = get_editable_user_ids( $user_id );
if( is_array( $editable ) == false )
if( !$editable ) {
$other_drafts = ''; $other_drafts = '';
else { } else {
$editable = join(',', $editable); $editable = join(',', $editable);
$other_drafts = $wpdb->get_results("SELECT ID, post_title FROM $wpdb->posts WHERE post_status = 'draft' AND post_author IN ($editable) "); $other_drafts = $wpdb->get_results("SELECT ID, post_title FROM $wpdb->posts WHERE post_status = 'draft' AND post_author IN ($editable) AND post_author != '$user_id' ");
} }
} else { } else {
$other_drafts = false; $other_drafts = false;
@ -26,4 +27,64 @@ function get_others_drafts( $user_id ) {
return apply_filters('get_others_drafts', $other_drafts); return apply_filters('get_others_drafts', $other_drafts);
} }
function get_editable_authors( $user_id ) {
global $wpdb;
$user = get_userdata( $user_id );
$level_key = $wpdb->prefix . 'user_level';
if ( 7 > $user->user_level ) // TODO: ROLE SYSTEM
return false;
$editable = get_editable_user_ids( $user_id );
if( !$editable )
return false;
else {
$editable = join(',', $editable);
$authors = $wpdb->get_results( "SELECT * FROM $wpdb->users WHERE ID IN ($editable)" );
}
return apply_filters('get_editable_authors', $authors);
}
function get_editable_user_ids( $user_id, $exclude_zeros = true ) {
global $wpdb;
$user = get_userdata( $user_id );
$level_key = $wpdb->prefix . 'user_level';
$query = "SELECT * FROM $wpdb->usermeta WHERE meta_key = '$level_key'";
if ( $exclude_zeros )
$query .= " AND meta_value != '0'";
$possible = $wpdb->get_results( $query );
if ( !$possible )
return false;
$user_ids = array();
foreach ( $possible as $mark )
if ( intval($mark->meta_value) <= $user->user_level )
$user_ids[] = $mark->user_id;
if ( empty( $user_ids ) )
return false;
return $user_ids;
}
function get_author_user_ids() {
global $wpdb;
$level_key = $wpdb->prefix . 'user_level';
$query = "SELECT user_id FROM $wpdb->usermeta WHERE meta_key = '$level_key' AND meta_value != '0'";
return $wpdb->get_col( $query );
}
function get_nonauthor_user_ids() {
global $wpdb;
$level_key = $wpdb->prefix . 'user_level';
$query = "SELECT user_id FROM $wpdb->usermeta WHERE meta_key = '$level_key' AND meta_value = '0'";
return $wpdb->get_col( $query );
}
?> ?>

View File

@ -437,8 +437,11 @@ function dropdown_categories($default = 0) {
// Dandy new recursive multiple category stuff. // Dandy new recursive multiple category stuff.
function cat_rows($parent = 0, $level = 0, $categories = 0) { function cat_rows($parent = 0, $level = 0, $categories = 0) {
global $wpdb, $class, $user_level; global $wpdb, $class, $current_user;
if (!$categories)
$user_level = $current_user->user_level;
if ( !$categories )
$categories = $wpdb->get_results("SELECT * FROM $wpdb->categories ORDER BY cat_name"); $categories = $wpdb->get_results("SELECT * FROM $wpdb->categories ORDER BY cat_name");
if ($categories) { if ($categories) {

View File

@ -104,13 +104,13 @@ window.onload = focusit;
</fieldset> </fieldset>
<?php endif; ?> <?php endif; ?>
<?php if ($user_level > 7 && $users = $wpdb->get_results("SELECT ID, user_login FROM $wpdb->users WHERE user_level <= $user_level AND user_level > 0") ) : ?> <?php if ( $authors = get_editable_authors( $current_user->ID ) ) : // TODO: ROLE SYSTEM ?>
<fieldset id="authordiv" class="dbx-box"> <fieldset id="authordiv" class="dbx-box">
<h3 class="dbx-handle"><?php _e('Post author'); ?>:</h3> <h3 class="dbx-handle"><?php _e('Post author'); ?>:</h3>
<div class="dbx-content"> <div class="dbx-content">
<select name="post_author_override" id="post_author_override"> <select name="post_author_override" id="post_author_override">
<?php <?php
foreach ($users as $o) : foreach ($authors as $o) :
$o = get_userdata( $o->ID ); $o = get_userdata( $o->ID );
if ( $post->post_author == $o->ID || ( empty($post_ID) && $user_ID == $o->ID ) ) $selected = 'selected="selected"'; if ( $post->post_author == $o->ID || ( empty($post_ID) && $user_ID == $o->ID ) ) $selected = 'selected="selected"';
else $selected = ''; else $selected = '';

View File

@ -108,13 +108,13 @@ edCanvas = document.getElementById('content');
<th scope="row" width="30%"><?php _e('Page slug') ?>:</th> <th scope="row" width="30%"><?php _e('Page slug') ?>:</th>
<td><input name="post_name" type="text" size="25" id="post_name" value="<?php echo $post->post_name ?>" /></td> <td><input name="post_name" type="text" size="25" id="post_name" value="<?php echo $post->post_name ?>" /></td>
</tr> </tr>
<?php if ($user_level > 7 && $users = $wpdb->get_results("SELECT ID, user_login FROM $wpdb->users WHERE user_level <= $user_level AND user_level > 0") ) : ?> <?php if ( $authors = get_editable_authors( $current_user->ID ) ) : // TODO: ROLE SYSTEM ?>
<tr> <tr>
<th scope="row" width="30%"><?php _e('Page owner'); ?>:</th> <th scope="row" width="30%"><?php _e('Page owner'); ?>:</th>
<td> <td>
<select name="post_author" id="post_author"> <select name="post_author" id="post_author">
<?php <?php
foreach ($users as $o) : foreach ($authors as $o) :
$o = get_userdata( $o->ID ); $o = get_userdata( $o->ID );
if ( $post->post_author == $o->ID || ( empty($post_ID) && $user_ID == $o->ID ) ) $selected = 'selected="selected"'; if ( $post->post_author == $o->ID || ( empty($post_ID) && $user_ID == $o->ID ) ) $selected = 'selected="selected"';
else $selected = ''; else $selected = '';

View File

@ -11,6 +11,7 @@ get_currentuserinfo();
<h2><?php _e('Page Management'); ?></h2> <h2><?php _e('Page Management'); ?></h2>
<?php <?php
/*
if (isset($user_ID) && ('' != intval($user_ID))) { if (isset($user_ID) && ('' != intval($user_ID))) {
$posts = $wpdb->get_results(" $posts = $wpdb->get_results("
SELECT $wpdb->posts.*, $wpdb->users.user_level FROM $wpdb->posts SELECT $wpdb->posts.*, $wpdb->users.user_level FROM $wpdb->posts
@ -18,9 +19,9 @@ if (isset($user_ID) && ('' != intval($user_ID))) {
WHERE $wpdb->posts.post_status = 'static' WHERE $wpdb->posts.post_status = 'static'
AND ($wpdb->users.user_level < $user_level OR $wpdb->posts.post_author = $user_ID) AND ($wpdb->users.user_level < $user_level OR $wpdb->posts.post_author = $user_ID)
"); ");
} else { } else { */
$posts = $wpdb->get_results("SELECT * FROM $wpdb->posts WHERE post_status = 'static'"); $posts = $wpdb->get_results("SELECT * FROM $wpdb->posts WHERE post_status = 'static'");
} // } FIXME
if ($posts) { if ($posts) {
?> ?>

View File

@ -354,7 +354,7 @@ default:
?> ?>
<div class="wrap"> <div class="wrap">
<?php _e('<h3>WordPress bookmarklet</h3> <?php _e('<h3>WordPress bookmarklet</h3>
<p>You can drag the following link to your links bar or add it to your bookmarks and when you "Press it" it will open up a popup window with information and a link to the site you&#8217;re currently browsing so you can make a quick post about it. Try it out:</p>') ?> <p>Right click on the following link and choose "Add to favorites" to create a posting shortcut.</p>') ?>
<p> <p>
<?php <?php

View File

@ -252,7 +252,7 @@ function upgrade_160() {
$wpdb->query("UPDATE $wpdb->users SET display_name = '$id' WHERE ID = '$user->ID'"); $wpdb->query("UPDATE $wpdb->users SET display_name = '$id' WHERE ID = '$user->ID'");
endif; endif;
endforeach; endforeach;
$old_user_fields = array( 'user_firstname', 'user_lastname', 'user_icq', 'user_aim', 'user_msn', 'user_yim', 'user_idmode', 'user_ip', 'user_domain', 'user_browser', 'user_description', 'user_nickname' ); $old_user_fields = array( 'user_firstname', 'user_lastname', 'user_icq', 'user_aim', 'user_msn', 'user_yim', 'user_idmode', 'user_ip', 'user_domain', 'user_browser', 'user_description', 'user_nickname', 'user_level' );
$wpdb->hide_errors(); $wpdb->hide_errors();
foreach ( $old_user_fields as $old ) foreach ( $old_user_fields as $old )
$wpdb->query("ALTER TABLE $wpdb->users DROP $old"); $wpdb->query("ALTER TABLE $wpdb->users DROP $old");

View File

@ -130,7 +130,6 @@ CREATE TABLE $wpdb->users (
user_email varchar(100) NOT NULL default '', user_email varchar(100) NOT NULL default '',
user_url varchar(100) NOT NULL default '', user_url varchar(100) NOT NULL default '',
user_registered datetime NOT NULL default '0000-00-00 00:00:00', user_registered datetime NOT NULL default '0000-00-00 00:00:00',
user_level int(2) unsigned NOT NULL default '0',
user_activation_key varchar(60) NOT NULL default '', user_activation_key varchar(60) NOT NULL default '',
user_status int(11) NOT NULL default '0', user_status int(11) NOT NULL default '0',
display_name varchar(250) NOT NULL default '', display_name varchar(250) NOT NULL default '',

View File

@ -172,18 +172,18 @@ if ($edituser->user_level >= $user_level) die( __('You do not have permission to
<th scope="row"><?php _e('Identity on blog:') ?> <th scope="row"><?php _e('Identity on blog:') ?>
</th> </th>
<td> <select name="display_name"> <td> <select name="display_name">
<option value="<?php echo $profiledata->display_name; ?>"><?php echo $profiledata->display_name; ?></option> <option value="<?php echo $edituser->display_name; ?>"><?php echo $edituser->display_name; ?></option>
<option value="<?php echo $profiledata->nickname ?>"><?php echo $profiledata->nickname ?></option> <option value="<?php echo $edituser->nickname ?>"><?php echo $edituser->nickname ?></option>
<option value="<?php echo $profiledata->user_login ?>"><?php echo $profiledata->user_login ?></option> <option value="<?php echo $edituser->user_login ?>"><?php echo $edituser->user_login ?></option>
<?php if ( !empty( $profiledata->first_name ) ) : ?> <?php if ( !empty( $edituser->first_name ) ) : ?>
<option value="<?php echo $profiledata->first_name ?>"><?php echo $profiledata->first_name ?></option> <option value="<?php echo $edituser->first_name ?>"><?php echo $edituser->first_name ?></option>
<?php endif; ?> <?php endif; ?>
<?php if ( !empty( $profiledata->last_name ) ) : ?> <?php if ( !empty( $edituser->last_name ) ) : ?>
<option value="<?php echo $profiledata->last_name ?>"><?php echo $profiledata->last_name ?></option> <option value="<?php echo $edituser->last_name ?>"><?php echo $edituser->last_name ?></option>
<?php endif; ?> <?php endif; ?>
<?php if ( !empty( $profiledata->first_name ) && !empty( $profiledata->last_name ) ) : ?> <?php if ( !empty( $edituser->first_name ) && !empty( $edituser->last_name ) ) : ?>
<option value="<?php echo $profiledata->first_name." ".$profiledata->last_name ?>"><?php echo $profiledata->first_name." ".$profiledata->last_name ?></option> <option value="<?php echo $edituser->first_name." ".$edituser->last_name ?>"><?php echo $edituser->first_name." ".$edituser->last_name ?></option>
<option value="<?php echo $profiledata->last_name." ".$profiledata->first_name ?>"><?php echo $profiledata->last_name." ".$profiledata->first_name ?></option> <option value="<?php echo $edituser->last_name." ".$edituser->first_name ?>"><?php echo $edituser->last_name." ".$edituser->first_name ?></option>
<?php endif; ?> <?php endif; ?>
</select> </select>
</td> </td>

View File

@ -1,24 +1,11 @@
<?php <?php
require_once('admin.php'); require_once('admin.php');
require_once( ABSPATH . WPINC . '/registration-functions.php');
$title = __('Users'); $title = __('Users');
$parent_file = 'profile.php'; $parent_file = 'profile.php';
$wpvarstoreset = array('action'); $action = $_REQUEST['action'];
for ($i=0; $i<count($wpvarstoreset); $i += 1) {
$wpvar = $wpvarstoreset[$i];
if (!isset($$wpvar)) {
if (empty($_POST["$wpvar"])) {
if (empty($_GET["$wpvar"])) {
$$wpvar = '';
} else {
$$wpvar = $_GET["$wpvar"];
}
} else {
$$wpvar = $_POST["$wpvar"];
}
}
}
switch ($action) { switch ($action) {
case 'adduser': case 'adduser':
@ -47,35 +34,24 @@ case 'adduser':
$user_nickname = $user_login; $user_nickname = $user_login;
/* checking that the username isn't already used by another user */ if ( username_exists( $user_login ) )
$loginthere = $wpdb->get_var("SELECT user_login FROM $wpdb->users WHERE user_login = '$user_login'");
if ($loginthere)
die (__('<strong>ERROR</strong>: This username is already registered, please choose another one.')); die (__('<strong>ERROR</strong>: This username is already registered, please choose another one.'));
/* checking e-mail address */ /* checking e-mail address */
if (empty($_POST["email"])) { if (empty($user_email)) {
die (__("<strong>ERROR</strong>: please type an e-mail address")); die (__("<strong>ERROR</strong>: please type an e-mail address"));
return false; return false;
} else if (!is_email($_POST["email"])) { } else if (!is_email($user_email)) {
die (__("<strong>ERROR</strong>: the email address isn't correct")); die (__("<strong>ERROR</strong>: the email address isn't correct"));
return false; return false;
} }
$user_ID = $wpdb->get_var("SELECT ID FROM $wpdb->users ORDER BY ID DESC LIMIT 1") + 1; $user_ID = create_user( $user_login, $pass1, $user_email, 0 );
$user_nicename = sanitize_title($user_nickname, $user_ID); update_usermeta( $user_ID, 'first_name', $user_firstname);
$user_uri = preg_match('/^(https?|ftps?|mailto|news|gopher):/is', $user_uri) ? $user_uri : 'http://' . $user_uri; update_usermeta( $user_ID, 'last_name', $user_lastname);
$now = gmdate('Y-m-d H:i:s'); update_usermeta( $user_ID, 'first_name', $user_firstname);
$new_users_can_blog = get_settings('new_users_can_blog');
$result = $wpdb->query("INSERT INTO $wpdb->users
(user_login, user_pass, user_email, user_registered, user_level, user_nicename, user_url)
VALUES
('$user_login', MD5('$pass1'), '$user_email', '$now', '$new_users_can_blog', '$user_nicename', '$user_uri')");
if ($result == false)
die (__('<strong>ERROR</strong>: Couldn&#8217;t register you!'));
$stars = ''; $stars = '';
for ($i = 0; $i < strlen($pass1); $i = $i + 1) for ($i = 0; $i < strlen($pass1); $i = $i + 1)
$stars .= '*'; $stars .= '*';
@ -96,24 +72,22 @@ case 'promote':
header('Location: users.php'); header('Location: users.php');
} }
$id = $_GET['id']; $id = (int) $_GET['id'];
$prom = $_GET['prom']; $prom = $_GET['prom'];
$user_data = get_userdata($id); $user_data = get_userdata($id);
$usertopromote_level = $user_data->user_level; $usertopromote_level = $user_data->user_level;
if ($user_level <= $usertopromote_level) { if ( $user_level <= $usertopromote_level )
die(__('Can&#8217;t change the level of a user whose level is higher than yours.')); die(__('Can&#8217;t change the level of a user whose level is higher than yours.'));
}
if ('up' == $prom) { if ('up' == $prom) {
$new_level = $usertopromote_level + 1; $new_level = $usertopromote_level + 1;
$sql="UPDATE $wpdb->users SET user_level=$new_level WHERE ID = $id AND $new_level < $user_level";
} elseif ('down' == $prom) { } elseif ('down' == $prom) {
$new_level = $usertopromote_level - 1; $new_level = $usertopromote_level - 1;
$sql="UPDATE $wpdb->users SET user_level=$new_level WHERE ID = $id AND $new_level < $user_level";
} }
$result = $wpdb->query($sql); update_usermeta( $id, $wpdb->prefix . 'user_level', $new_level);
header('Location: users.php'); header('Location: users.php');
@ -163,10 +137,11 @@ default:
<th>&nbsp;</th> <th>&nbsp;</th>
</tr> </tr>
<?php <?php
$users = $wpdb->get_results("SELECT ID FROM $wpdb->users WHERE user_level > 0 ORDER BY ID"); $authors =
$users = get_author_user_ids();
$style = ''; $style = '';
foreach ($users as $user) { foreach ($users as $user) {
$user_data = get_userdata($user->ID); $user_data = get_userdata($user);
$email = $user_data->user_email; $email = $user_data->user_email;
$url = $user_data->user_url; $url = $user_data->user_url;
$short_url = str_replace('http://', '', $url); $short_url = str_replace('http://', '', $url);
@ -176,7 +151,7 @@ default:
if (strlen($short_url) > 35) if (strlen($short_url) > 35)
$short_url = substr($short_url, 0, 32).'...'; $short_url = substr($short_url, 0, 32).'...';
$style = ('class="alternate"' == $style) ? '' : 'class="alternate"'; $style = ('class="alternate"' == $style) ? '' : 'class="alternate"';
$numposts = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->posts WHERE post_author = $user->ID and post_status = 'publish'"); $numposts = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->posts WHERE post_author = '$user' and post_status = 'publish'");
if (0 < $numposts) $numposts = "<a href='edit.php?author=$user_data->ID' title='" . __('View posts') . "'>$numposts</a>"; if (0 < $numposts) $numposts = "<a href='edit.php?author=$user_data->ID' title='" . __('View posts') . "'>$numposts</a>";
echo " echo "
<tr $style> <tr $style>
@ -205,7 +180,7 @@ default:
</div> </div>
<?php <?php
$users = $wpdb->get_results("SELECT * FROM $wpdb->users WHERE user_level = 0 ORDER BY ID"); $users = get_nonauthor_user_ids();
if ($users) { if ($users) {
?> ?>
<div class="wrap"> <div class="wrap">
@ -224,7 +199,7 @@ if ($users) {
<?php <?php
$style = ''; $style = '';
foreach ($users as $user) { foreach ($users as $user) {
$user_data = get_userdata($user->ID); $user_data = get_userdata($user);
$email = $user_data->user_email; $email = $user_data->user_email;
$url = $user_data->user_url; $url = $user_data->user_url;
$short_url = str_replace('http://', '', $url); $short_url = str_replace('http://', '', $url);

View File

@ -1225,13 +1225,19 @@ function update_category_cache() {
function update_user_cache() { function update_user_cache() {
global $cache_userdata, $wpdb; global $cache_userdata, $wpdb;
$query = apply_filters('user_cache_query', "SELECT * FROM $wpdb->users WHERE user_level > 0"); $level_key = $wpdb->prefix . 'user_level';
$user_ids = $wpdb->get_col("SELECT user_id FROM $wpdb->usermeta WHERE meta_key = '$level_key'");
$user_ids = join(',', $user_ids);
$query = apply_filters('user_cache_query', "SELECT * FROM $wpdb->users WHERE ID IN ($user_ids)");
if ( $users = $wpdb->get_results( $query ) ) : if ( $users = $wpdb->get_results( $query ) ) :
foreach ($users as $user) : foreach ($users as $user) :
$metavalues = $wpdb->get_results("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = '$user->ID'"); $metavalues = $wpdb->get_results("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = '$user->ID'");
if ( is_array($metavalues) ) foreach ( $metavalues as $meta ) {
foreach ( $metavalues as $meta ) $user->{$meta->meta_key} = $meta->meta_value;
$user->{$meta->meta_key} = $meta->meta_value; // We need to set user_level from meta, not row
if ( $wpdb->prefix . 'user_level' == $meta->meta_key )
$user->user_level = $meta->meta_value;
}
$cache_userdata[$user->ID] = $user; $cache_userdata[$user->ID] = $user;
$cache_userdata[$user->user_login] =& $cache_userdata[$user->ID]; $cache_userdata[$user->user_login] =& $cache_userdata[$user->ID];
@ -1955,7 +1961,8 @@ function nocache_headers() {
function update_usermeta( $user_id, $meta_key, $meta_value ) { function update_usermeta( $user_id, $meta_key, $meta_value ) {
global $wpdb; global $wpdb;
$user_id = (int) $user_id; if ( !is_numeric( $user_id ) )
return false;
$meta_key = preg_replace('|a-z0-9_|i', '', $meta_key); $meta_key = preg_replace('|a-z0-9_|i', '', $meta_key);
$cur = $wpdb->get_row("SELECT * FROM $wpdb->usermeta WHERE user_id = '$user_id' AND meta_key = '$meta_key'"); $cur = $wpdb->get_row("SELECT * FROM $wpdb->usermeta WHERE user_id = '$user_id' AND meta_key = '$meta_key'");
if ( !$cur ) { if ( !$cur ) {

View File

@ -6,7 +6,7 @@
if ( !function_exists('get_currentuserinfo') ) : if ( !function_exists('get_currentuserinfo') ) :
function get_currentuserinfo() { function get_currentuserinfo() {
global $user_login, $userdata, $user_level, $user_ID, $user_email, $user_url, $user_pass_md5, $user_identity; global $user_login, $userdata, $user_level, $user_ID, $user_email, $user_url, $user_pass_md5, $user_identity, $current_user;
if ( !isset($_COOKIE['wordpressuser_' . COOKIEHASH])) if ( !isset($_COOKIE['wordpressuser_' . COOKIEHASH]))
return false; return false;
@ -17,10 +17,9 @@ function get_currentuserinfo() {
$user_ID = $userdata->ID; $user_ID = $userdata->ID;
$user_email = $userdata->user_email; $user_email = $userdata->user_email;
$user_url = $userdata->user_url; $user_url = $userdata->user_url;
$user_pass_md5 = md5($userdata->user_pass); $user_pass_md5 = md5($userdata->user_pass);
$user_identity = $userdata->display_name; $user_identity = $userdata->display_name;
$current_user = $userdata;
} }
endif; endif;
@ -39,8 +38,12 @@ function get_userdata( $user_id ) {
$metavalues = $wpdb->get_results("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = '$user_id'"); $metavalues = $wpdb->get_results("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = '$user_id'");
foreach ( $metavalues as $meta ) foreach ( $metavalues as $meta ) {
$user->{$meta->meta_key} = $meta->meta_value; $user->{$meta->meta_key} = $meta->meta_value;
// We need to set user_level from meta, not row
if ( $wpdb->prefix . 'user_level' == $meta->meta_key )
$user->user_level = $meta->meta_value;
}
$cache_userdata[$user_id] = $user; $cache_userdata[$user_id] = $user;

View File

@ -0,0 +1,32 @@
<?php
function username_exists( $username ) {
global $wpdb;
$username = sanitize_user( $username );
$query = "SELECT user_login FROM $wpdb->users WHERE user_login = '$username'";
$query = apply_filters('username_exists', $query);
return $wpdb->get_var( $query );
}
function create_user( $username, $password, $email, $user_level ) {
global $wpdb;
$username = $wpdb->escape( $username );
$email = $wpdb->escape( $email );
$password = md5( $password );
$user_nicename = sanitize_title( $username );
$now = gmdate('Y-m-d H:i:s');
$query = "INSERT INTO $wpdb->users
(user_login, user_pass, user_email, user_registered, user_nicename, display_name)
VALUES
('$username', '$password', '$email', '$now', '$user_nicename', '$username')";
$query = apply_filters('create_user_query', $query);
$wpdb->query( $query );
$user_id = $wpdb->insert_id;
$user_level = (int) $user_level;
update_usermeta( $user_id, $wpdb->prefix . 'user_level', $user_level);
return $user_id;
}
?>

View File

@ -1,28 +1,14 @@
<?php <?php
require('./wp-config.php'); require('./wp-config.php');
require_once( ABSPATH . WPINC . '/registration-functions.php');
$wpvarstoreset = array('action'); $action = $_REQUEST['action'];
for ($i=0; $i<count($wpvarstoreset); $i += 1) {
$wpvar = $wpvarstoreset[$i];
if (!isset($$wpvar)) {
if (empty($_POST["$wpvar"])) {
if (empty($_GET["$wpvar"])) {
$$wpvar = '';
} else {
$$wpvar = $_GET["$wpvar"];
}
} else {
$$wpvar = $_POST["$wpvar"];
}
}
}
if ( !get_settings('users_can_register') ) if ( !get_settings('users_can_register') )
$action = 'disabled'; $action = 'disabled';
header( 'Content-Type: ' . get_bloginfo('html_type') . '; charset=' . get_bloginfo('charset') ); header( 'Content-Type: ' . get_bloginfo('html_type') . '; charset=' . get_bloginfo('charset') );
switch($action) { switch( $action ) {
case 'register': case 'register':
@ -39,23 +25,17 @@ case 'register':
die (__('<strong>ERROR</strong>: The email address isn&#8217;t correct.')); die (__('<strong>ERROR</strong>: The email address isn&#8217;t correct.'));
} }
if ( $result = $wpdb->get_row("SELECT user_login FROM $wpdb->users WHERE user_login = '$user_login'") ) if ( username_exists( $user_login ) )
die (__('<strong>ERROR</strong>: This username is already registered, please choose another one.')); die (__('<strong>ERROR</strong>: This username is already registered, please choose another one.'));
$user_login = $wpdb->escape( sanitize_user($user_login) ) );
$user_nicename = sanitize_title($user_nickname);
$now = gmdate('Y-m-d H:i:s');
$user_level = get_settings('new_users_can_blog'); $user_level = get_settings('new_users_can_blog');
$password = substr( md5( uniqid( microtime() ) ), 0, 7); $password = substr( md5( uniqid( microtime() ) ), 0, 7);
$result = $wpdb->query("INSERT INTO $wpdb->users $user_id = create_user( $user_login, $password, $user_email, $user_level );
(user_login, user_pass, user_email, user_registered, user_level, user_nicename)
VALUES
('$user_login', MD5('$password'), '$user_email', '$now', '$user_level', '$user_nicename')");
do_action('user_register', $wpdb->insert_id); do_action('user_register', $user_id);
if ($result == false) { if ( !$user_id ) {
die (sprintf(__('<strong>ERROR</strong>: Couldn&#8217;t register you... please contact the <a href="mailto:%s">webmaster</a> !'), get_settings('admin_email'))); die (sprintf(__('<strong>ERROR</strong>: Couldn&#8217;t register you... please contact the <a href="mailto:%s">webmaster</a> !'), get_settings('admin_email')));
} }
@ -171,4 +151,4 @@ default:
break; break;
} }
?> ?>