WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Massive user_level fix. We were still using the user_level field in wp_users in some places, where we should just use the table prefixed usermeta value. 

git-svn-id: http://svn.automattic.com/wordpress/trunk@2702 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
matt 2005-07-09 01:27:46 +00:00
parent 233afca132
commit 13f492ab75
14 changed files with 167 additions and 106 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
wp-admin/admin-db.php
View File

@ -13,12 +13,13 @@ function get_others_drafts( $user_id ) {
$user = get_userdata( $user_id );
$level_key = $wpdb->prefix . 'user_level';
if ( 1 < $user->user_level ) {
$editable = $wpdb->get_col("SELECT user_id FROM $wpdb->usermeta WHERE meta_key = '$level_key' AND meta_value <= '$user->user_level' AND user_id != $user_id");
if( is_array( $editable ) == false )
$editable = get_editable_user_ids( $user_id );
if( !$editable ) {
$other_drafts = '';
else {
} else {
$editable = join(',', $editable);
$other_drafts = $wpdb->get_results("SELECT ID, post_title FROM $wpdb->posts WHERE post_status = 'draft' AND post_author IN ($editable) ");
$other_drafts = $wpdb->get_results("SELECT ID, post_title FROM $wpdb->posts WHERE post_status = 'draft' AND post_author IN ($editable) AND post_author != '$user_id' ");
}
} else {
$other_drafts = false;
@ -26,4 +27,64 @@ function get_others_drafts( $user_id ) {
return apply_filters('get_others_drafts', $other_drafts);
}
function get_editable_authors( $user_id ) {
global $wpdb;
$user = get_userdata( $user_id );
$level_key = $wpdb->prefix . 'user_level';
if ( 7 > $user->user_level ) // TODO: ROLE SYSTEM
return false;
$editable = get_editable_user_ids( $user_id );
if( !$editable )
return false;
else {
$editable = join(',', $editable);
$authors = $wpdb->get_results( "SELECT * FROM $wpdb->users WHERE ID IN ($editable)" );
}
return apply_filters('get_editable_authors', $authors);
}
function get_editable_user_ids( $user_id, $exclude_zeros = true ) {
global $wpdb;
$user = get_userdata( $user_id );
$level_key = $wpdb->prefix . 'user_level';
$query = "SELECT * FROM $wpdb->usermeta WHERE meta_key = '$level_key'";
if ( $exclude_zeros )
$query .= " AND meta_value != '0'";
$possible = $wpdb->get_results( $query );
if ( !$possible )
return false;
$user_ids = array();
foreach ( $possible as $mark )
if ( intval($mark->meta_value) <= $user->user_level )
$user_ids[] = $mark->user_id;
if ( empty( $user_ids ) )
return false;
return $user_ids;
}
function get_author_user_ids() {
global $wpdb;
$level_key = $wpdb->prefix . 'user_level';
$query = "SELECT user_id FROM $wpdb->usermeta WHERE meta_key = '$level_key' AND meta_value != '0'";
return $wpdb->get_col( $query );
}
function get_nonauthor_user_ids() {
global $wpdb;
$level_key = $wpdb->prefix . 'user_level';
$query = "SELECT user_id FROM $wpdb->usermeta WHERE meta_key = '$level_key' AND meta_value = '0'";
return $wpdb->get_col( $query );
}
?>

7
wp-admin/admin-functions.php
View File

@ -437,8 +437,11 @@ function dropdown_categories($default = 0) {
// Dandy new recursive multiple category stuff.
function cat_rows($parent = 0, $level = 0, $categories = 0) {
global $wpdb, $class, $user_level;
if (!$categories)
global $wpdb, $class, $current_user;
$user_level = $current_user->user_level;
if ( !$categories )
$categories = $wpdb->get_results("SELECT * FROM $wpdb->categories ORDER BY cat_name");
if ($categories) {

4
wp-admin/edit-form-advanced.php
View File

@ -104,13 +104,13 @@ window.onload = focusit;
</fieldset>
<?php endif; ?>
<?php if ($user_level > 7 && $users = $wpdb->get_results("SELECT ID, user_login FROM $wpdb->users WHERE user_level <= $user_level AND user_level > 0") ) : ?>
<?php if ( $authors = get_editable_authors( $current_user->ID ) ) : // TODO: ROLE SYSTEM ?>
<fieldset id="authordiv" class="dbx-box">
<h3 class="dbx-handle"><?php _e('Post author'); ?>:</h3>
<div class="dbx-content">
<select name="post_author_override" id="post_author_override">
<?php
foreach ($users as $o) :
foreach ($authors as $o) :
$o = get_userdata( $o->ID );
if ( $post->post_author == $o->ID || ( empty($post_ID) && $user_ID == $o->ID ) ) $selected = 'selected="selected"';
else $selected = '';

4
wp-admin/edit-page-form.php
View File

@ -108,13 +108,13 @@ edCanvas = document.getElementById('content');
<th scope="row" width="30%"><?php _e('Page slug') ?>:</th>
<td><input name="post_name" type="text" size="25" id="post_name" value="<?php echo $post->post_name ?>" /></td>
</tr>
<?php if ($user_level > 7 && $users = $wpdb->get_results("SELECT ID, user_login FROM $wpdb->users WHERE user_level <= $user_level AND user_level > 0") ) : ?>
<?php if ( $authors = get_editable_authors( $current_user->ID ) ) : // TODO: ROLE SYSTEM ?>
<tr>
<th scope="row" width="30%"><?php _e('Page owner'); ?>:</th>
<td>
<select name="post_author" id="post_author">
<?php
foreach ($users as $o) :
foreach ($authors as $o) :
$o = get_userdata( $o->ID );
if ( $post->post_author == $o->ID || ( empty($post_ID) && $user_ID == $o->ID ) ) $selected = 'selected="selected"';
else $selected = '';

5
wp-admin/edit-pages.php
View File

@ -11,6 +11,7 @@ get_currentuserinfo();
<h2><?php _e('Page Management'); ?></h2>
<?php
/*
if (isset($user_ID) && ('' != intval($user_ID))) {
$posts = $wpdb->get_results("
SELECT $wpdb->posts.*, $wpdb->users.user_level FROM $wpdb->posts
@ -18,9 +19,9 @@ if (isset($user_ID) && ('' != intval($user_ID))) {
WHERE $wpdb->posts.post_status = 'static'
AND ($wpdb->users.user_level < $user_level OR $wpdb->posts.post_author = $user_ID)
");
} else {
} else { */
$posts = $wpdb->get_results("SELECT * FROM $wpdb->posts WHERE post_status = 'static'");
}
// } FIXME
if ($posts) {
?>

2
wp-admin/post.php
View File

@ -354,7 +354,7 @@ default:
?>
<div class="wrap">
<?php _e('<h3>WordPress bookmarklet</h3>
<p>You can drag the following link to your links bar or add it to your bookmarks and when you "Press it" it will open up a popup window with information and a link to the site you&#8217;re currently browsing so you can make a quick post about it. Try it out:</p>') ?>
<p>Right click on the following link and choose "Add to favorites" to create a posting shortcut.</p>') ?>
<p>
<?php

2
wp-admin/upgrade-functions.php
View File

@ -252,7 +252,7 @@ function upgrade_160() {
$wpdb->query("UPDATE $wpdb->users SET display_name = '$id' WHERE ID = '$user->ID'");
endif;
endforeach;
$old_user_fields = array( 'user_firstname', 'user_lastname', 'user_icq', 'user_aim', 'user_msn', 'user_yim', 'user_idmode', 'user_ip', 'user_domain', 'user_browser', 'user_description', 'user_nickname' );
$old_user_fields = array( 'user_firstname', 'user_lastname', 'user_icq', 'user_aim', 'user_msn', 'user_yim', 'user_idmode', 'user_ip', 'user_domain', 'user_browser', 'user_description', 'user_nickname', 'user_level' );
$wpdb->hide_errors();
foreach ( $old_user_fields as $old )
$wpdb->query("ALTER TABLE $wpdb->users DROP $old");

1
wp-admin/upgrade-schema.php
View File

@ -130,7 +130,6 @@ CREATE TABLE $wpdb->users (
user_email varchar(100) NOT NULL default '',
user_url varchar(100) NOT NULL default '',
user_registered datetime NOT NULL default '0000-00-00 00:00:00',
user_level int(2) unsigned NOT NULL default '0',
user_activation_key varchar(60) NOT NULL default '',
user_status int(11) NOT NULL default '0',
display_name varchar(250) NOT NULL default '',

20
wp-admin/user-edit.php
View File

@ -172,18 +172,18 @@ if ($edituser->user_level >= $user_level) die( __('You do not have permission to
<th scope="row"><?php _e('Identity on blog:') ?>
</th>
<td> <select name="display_name">
<option value="<?php echo $profiledata->display_name; ?>"><?php echo $profiledata->display_name; ?></option>
<option value="<?php echo $profiledata->nickname ?>"><?php echo $profiledata->nickname ?></option>
<option value="<?php echo $profiledata->user_login ?>"><?php echo $profiledata->user_login ?></option>
<?php if ( !empty( $profiledata->first_name ) ) : ?>
<option value="<?php echo $profiledata->first_name ?>"><?php echo $profiledata->first_name ?></option>
<option value="<?php echo $edituser->display_name; ?>"><?php echo $edituser->display_name; ?></option>
<option value="<?php echo $edituser->nickname ?>"><?php echo $edituser->nickname ?></option>
<option value="<?php echo $edituser->user_login ?>"><?php echo $edituser->user_login ?></option>
<?php if ( !empty( $edituser->first_name ) ) : ?>
<option value="<?php echo $edituser->first_name ?>"><?php echo $edituser->first_name ?></option>
<?php endif; ?>
<?php if ( !empty( $profiledata->last_name ) ) : ?>
<option value="<?php echo $profiledata->last_name ?>"><?php echo $profiledata->last_name ?></option>
<?php if ( !empty( $edituser->last_name ) ) : ?>
<option value="<?php echo $edituser->last_name ?>"><?php echo $edituser->last_name ?></option>
<?php endif; ?>
<?php if ( !empty( $profiledata->first_name ) && !empty( $profiledata->last_name ) ) : ?>
<option value="<?php echo $profiledata->first_name." ".$profiledata->last_name ?>"><?php echo $profiledata->first_name." ".$profiledata->last_name ?></option>
<option value="<?php echo $profiledata->last_name." ".$profiledata->first_name ?>"><?php echo $profiledata->last_name." ".$profiledata->first_name ?></option>
<?php if ( !empty( $edituser->first_name ) && !empty( $edituser->last_name ) ) : ?>
<option value="<?php echo $edituser->first_name." ".$edituser->last_name ?>"><?php echo $edituser->first_name." ".$edituser->last_name ?></option>
<option value="<?php echo $edituser->last_name." ".$edituser->first_name ?>"><?php echo $edituser->last_name." ".$edituser->first_name ?></option>
<?php endif; ?>
</select>
</td>

63
wp-admin/users.php
View File

@ -1,24 +1,11 @@
<?php
require_once('admin.php');
require_once( ABSPATH . WPINC . '/registration-functions.php');
$title = __('Users');
$parent_file = 'profile.php';
$wpvarstoreset = array('action');
for ($i=0; $i<count($wpvarstoreset); $i += 1) {
$wpvar = $wpvarstoreset[$i];
if (!isset($$wpvar)) {
if (empty($_POST["$wpvar"])) {
if (empty($_GET["$wpvar"])) {
$$wpvar = '';
} else {
$$wpvar = $_GET["$wpvar"];
}
} else {
$$wpvar = $_POST["$wpvar"];
}
}
}
$action = $_REQUEST['action'];
switch ($action) {
case 'adduser':
@ -47,34 +34,23 @@ case 'adduser':
$user_nickname = $user_login;
/* checking that the username isn't already used by another user */
$loginthere = $wpdb->get_var("SELECT user_login FROM $wpdb->users WHERE user_login = '$user_login'");
if ($loginthere)
if ( username_exists( $user_login ) )
die (__('<strong>ERROR</strong>: This username is already registered, please choose another one.'));
/* checking e-mail address */
if (empty($_POST["email"])) {
if (empty($user_email)) {
die (__("<strong>ERROR</strong>: please type an e-mail address"));
return false;
} else if (!is_email($_POST["email"])) {
} else if (!is_email($user_email)) {
die (__("<strong>ERROR</strong>: the email address isn't correct"));
return false;
}
$user_ID = $wpdb->get_var("SELECT ID FROM $wpdb->users ORDER BY ID DESC LIMIT 1") + 1;
$user_ID = create_user( $user_login, $pass1, $user_email, 0 );
$user_nicename = sanitize_title($user_nickname, $user_ID);
$user_uri = preg_match('/^(https?|ftps?|mailto|news|gopher):/is', $user_uri) ? $user_uri : 'http://' . $user_uri;
$now = gmdate('Y-m-d H:i:s');
$new_users_can_blog = get_settings('new_users_can_blog');
$result = $wpdb->query("INSERT INTO $wpdb->users
(user_login, user_pass, user_email, user_registered, user_level, user_nicename, user_url)
VALUES
('$user_login', MD5('$pass1'), '$user_email', '$now', '$new_users_can_blog', '$user_nicename', '$user_uri')");
if ($result == false)
die (__('<strong>ERROR</strong>: Couldn&#8217;t register you!'));
update_usermeta( $user_ID, 'first_name', $user_firstname);
update_usermeta( $user_ID, 'last_name', $user_lastname);
update_usermeta( $user_ID, 'first_name', $user_firstname);
$stars = '';
for ($i = 0; $i < strlen($pass1); $i = $i + 1)
@ -96,24 +72,22 @@ case 'promote':
header('Location: users.php');
}
$id = $_GET['id'];
$id = (int) $_GET['id'];
$prom = $_GET['prom'];
$user_data = get_userdata($id);
$usertopromote_level = $user_data->user_level;
if ($user_level <= $usertopromote_level) {
if ( $user_level <= $usertopromote_level )
die(__('Can&#8217;t change the level of a user whose level is higher than yours.'));
}
if ('up' == $prom) {
$new_level = $usertopromote_level + 1;
$sql="UPDATE $wpdb->users SET user_level=$new_level WHERE ID = $id AND $new_level < $user_level";
} elseif ('down' == $prom) {
$new_level = $usertopromote_level - 1;
$sql="UPDATE $wpdb->users SET user_level=$new_level WHERE ID = $id AND $new_level < $user_level";
}
$result = $wpdb->query($sql);
update_usermeta( $id, $wpdb->prefix . 'user_level', $new_level);
header('Location: users.php');
@ -163,10 +137,11 @@ default:
<th>&nbsp;</th>
</tr>
<?php
$users = $wpdb->get_results("SELECT ID FROM $wpdb->users WHERE user_level > 0 ORDER BY ID");
$authors =
$users = get_author_user_ids();
$style = '';
foreach ($users as $user) {
$user_data = get_userdata($user->ID);
$user_data = get_userdata($user);
$email = $user_data->user_email;
$url = $user_data->user_url;
$short_url = str_replace('http://', '', $url);
@ -176,7 +151,7 @@ default:
if (strlen($short_url) > 35)
$short_url = substr($short_url, 0, 32).'...';
$style = ('class="alternate"' == $style) ? '' : 'class="alternate"';
$numposts = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->posts WHERE post_author = $user->ID and post_status = 'publish'");
$numposts = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->posts WHERE post_author = '$user' and post_status = 'publish'");
if (0 < $numposts) $numposts = "<a href='edit.php?author=$user_data->ID' title='" . __('View posts') . "'>$numposts</a>";
echo "
<tr $style>
@ -205,7 +180,7 @@ default:
</div>
<?php
$users = $wpdb->get_results("SELECT * FROM $wpdb->users WHERE user_level = 0 ORDER BY ID");
$users = get_nonauthor_user_ids();
if ($users) {
?>
<div class="wrap">
@ -224,7 +199,7 @@ if ($users) {
<?php
$style = '';
foreach ($users as $user) {
$user_data = get_userdata($user->ID);
$user_data = get_userdata($user);
$email = $user_data->user_email;
$url = $user_data->user_url;
$short_url = str_replace('http://', '', $url);

17
wp-includes/functions.php
View File

@ -1225,13 +1225,19 @@ function update_category_cache() {
function update_user_cache() {
global $cache_userdata, $wpdb;
$query = apply_filters('user_cache_query', "SELECT * FROM $wpdb->users WHERE user_level > 0");
$level_key = $wpdb->prefix . 'user_level';
$user_ids = $wpdb->get_col("SELECT user_id FROM $wpdb->usermeta WHERE meta_key = '$level_key'");
$user_ids = join(',', $user_ids);
$query = apply_filters('user_cache_query', "SELECT * FROM $wpdb->users WHERE ID IN ($user_ids)");
if ( $users = $wpdb->get_results( $query ) ) :
foreach ($users as $user) :
$metavalues = $wpdb->get_results("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = '$user->ID'");
if ( is_array($metavalues) )
foreach ( $metavalues as $meta )
$user->{$meta->meta_key} = $meta->meta_value;
foreach ( $metavalues as $meta ) {
$user->{$meta->meta_key} = $meta->meta_value;
// We need to set user_level from meta, not row
if ( $wpdb->prefix . 'user_level' == $meta->meta_key )
$user->user_level = $meta->meta_value;
}
$cache_userdata[$user->ID] = $user;
$cache_userdata[$user->user_login] =& $cache_userdata[$user->ID];
@ -1955,7 +1961,8 @@ function nocache_headers() {
function update_usermeta( $user_id, $meta_key, $meta_value ) {
global $wpdb;
$user_id = (int) $user_id;
if ( !is_numeric( $user_id ) )
return false;
$meta_key = preg_replace('|a-z0-9_|i', '', $meta_key);
$cur = $wpdb->get_row("SELECT * FROM $wpdb->usermeta WHERE user_id = '$user_id' AND meta_key = '$meta_key'");
if ( !$cur ) {

11
wp-includes/pluggable-functions.php
View File

@ -6,7 +6,7 @@
if ( !function_exists('get_currentuserinfo') ) :
function get_currentuserinfo() {
global $user_login, $userdata, $user_level, $user_ID, $user_email, $user_url, $user_pass_md5, $user_identity;
global $user_login, $userdata, $user_level, $user_ID, $user_email, $user_url, $user_pass_md5, $user_identity, $current_user;
if ( !isset($_COOKIE['wordpressuser_' . COOKIEHASH]))
return false;
@ -17,10 +17,9 @@ function get_currentuserinfo() {
$user_ID = $userdata->ID;
$user_email = $userdata->user_email;
$user_url = $userdata->user_url;
$user_pass_md5 = md5($userdata->user_pass);
$user_identity = $userdata->display_name;
$current_user = $userdata;
}
endif;
@ -39,8 +38,12 @@ function get_userdata( $user_id ) {
$metavalues = $wpdb->get_results("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = '$user_id'");
foreach ( $metavalues as $meta )
foreach ( $metavalues as $meta ) {
$user->{$meta->meta_key} = $meta->meta_value;
// We need to set user_level from meta, not row
if ( $wpdb->prefix . 'user_level' == $meta->meta_key )
$user->user_level = $meta->meta_value;
}
$cache_userdata[$user_id] = $user;

32
wp-includes/registration-functions.php Normal file
View File

@ -0,0 +1,32 @@
<?php
function username_exists( $username ) {
global $wpdb;
$username = sanitize_user( $username );
$query = "SELECT user_login FROM $wpdb->users WHERE user_login = '$username'";
$query = apply_filters('username_exists', $query);
return $wpdb->get_var( $query );
}
function create_user( $username, $password, $email, $user_level ) {
global $wpdb;
$username = $wpdb->escape( $username );
$email = $wpdb->escape( $email );
$password = md5( $password );
$user_nicename = sanitize_title( $username );
$now = gmdate('Y-m-d H:i:s');
$query = "INSERT INTO $wpdb->users
(user_login, user_pass, user_email, user_registered, user_nicename, display_name)
VALUES
('$username', '$password', '$email', '$now', '$user_nicename', '$username')";
$query = apply_filters('create_user_query', $query);
$wpdb->query( $query );
$user_id = $wpdb->insert_id;
$user_level = (int) $user_level;
update_usermeta( $user_id, $wpdb->prefix . 'user_level', $user_level);
return $user_id;
}
?>

34
wp-register.php
View File

@ -1,28 +1,14 @@
<?php
require('./wp-config.php');
require_once( ABSPATH . WPINC . '/registration-functions.php');
$wpvarstoreset = array('action');
for ($i=0; $i<count($wpvarstoreset); $i += 1) {
$wpvar = $wpvarstoreset[$i];
if (!isset($$wpvar)) {
if (empty($_POST["$wpvar"])) {
if (empty($_GET["$wpvar"])) {
$$wpvar = '';
} else {
$$wpvar = $_GET["$wpvar"];
}
} else {
$$wpvar = $_POST["$wpvar"];
}
}
}
$action = $_REQUEST['action'];
if ( !get_settings('users_can_register') )
$action = 'disabled';
header( 'Content-Type: ' . get_bloginfo('html_type') . '; charset=' . get_bloginfo('charset') );
switch($action) {
switch( $action ) {
case 'register':
@ -39,23 +25,17 @@ case 'register':
die (__('<strong>ERROR</strong>: The email address isn&#8217;t correct.'));
}
if ( $result = $wpdb->get_row("SELECT user_login FROM $wpdb->users WHERE user_login = '$user_login'") )
if ( username_exists( $user_login ) )
die (__('<strong>ERROR</strong>: This username is already registered, please choose another one.'));
$user_login = $wpdb->escape( sanitize_user($user_login) ) );
$user_nicename = sanitize_title($user_nickname);
$now = gmdate('Y-m-d H:i:s');
$user_level = get_settings('new_users_can_blog');
$password = substr( md5( uniqid( microtime() ) ), 0, 7);
$result = $wpdb->query("INSERT INTO $wpdb->users
(user_login, user_pass, user_email, user_registered, user_level, user_nicename)
VALUES
('$user_login', MD5('$password'), '$user_email', '$now', '$user_level', '$user_nicename')");
$user_id = create_user( $user_login, $password, $user_email, $user_level );
do_action('user_register', $wpdb->insert_id);
do_action('user_register', $user_id);
if ($result == false) {
if ( !$user_id ) {
die (sprintf(__('<strong>ERROR</strong>: Couldn&#8217;t register you... please contact the <a href="mailto:%s">webmaster</a> !'), get_settings('admin_email')));
}