More user updates

git-svn-id: http://svn.automattic.com/wordpress/trunk@2632 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
matt 2005-06-12 23:14:52 +00:00
parent 0c17753031
commit de9cc8b12c
10 changed files with 39 additions and 19 deletions

View File

@ -164,11 +164,11 @@ $wpdb->query("INSERT INTO $wpdb->posts (post_author, post_date, post_date_gmt, p
$wpdb->query( "INSERT INTO $wpdb->post2cat (`rel_id`, `post_id`, `category_id`) VALUES (1, 1, 1)" ); $wpdb->query( "INSERT INTO $wpdb->post2cat (`rel_id`, `post_id`, `category_id`) VALUES (1, 1, 1)" );
// Default comment // Default comment
$wpdb->query("INSERT INTO $wpdb->comments (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_author_IP, comment_date, comment_date_gmt, comment_content) VALUES ('1', '".addslashes(__('Mr WordPress'))."', '', 'http://wordpress.org', '127.0.0.1', '$now', '$now_gmt', '".addslashes(__('Hi, this is a comment.<br />To delete a comment, just log in, and view the posts\' comments, there you will have the option to edit or delete them.'))."')"); $wpdb->query("INSERT INTO $wpdb->comments (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_date, comment_date_gmt, comment_content) VALUES ('1', '".addslashes(__('Mr WordPress'))."', '', 'http://wordpress.org', '$now', '$now_gmt', '".addslashes(__('Hi, this is a comment.<br />To delete a comment, just log in, and view the posts\' comments, there you will have the option to edit or delete them.'))."')");
// Set up admin user // Set up admin user
$random_password = substr(md5(uniqid(microtime())), 0, 6); $random_password = substr(md5(uniqid(microtime())), 0, 6);
$wpdb->query("INSERT INTO $wpdb->users (ID, user_login, user_pass, user_nickname, user_email, user_level, user_idmode, user_registered) VALUES ( '1', 'admin', MD5('$random_password'), '".addslashes(__('Administrator'))."', '$admin_email', '10', 'nickname', NOW() )"); $wpdb->query("INSERT INTO $wpdb->users (ID, user_login, user_pass, user_email, user_level, user_registered) VALUES ( '1', 'admin', MD5('$random_password'), '$admin_email', '10', NOW() )");
$message_headers = 'From: ' . stripslashes($_POST['weblog_title']) . ' <wordpress@' . $_SERVER['SERVER_NAME'] . '>'; $message_headers = 'From: ' . stripslashes($_POST['weblog_title']) . ' <wordpress@' . $_SERVER['SERVER_NAME'] . '>';
$message = sprintf(__("Your new WordPress blog has been successfully set up at: $message = sprintf(__("Your new WordPress blog has been successfully set up at:

View File

@ -84,7 +84,16 @@ case 'update':
$newuser_idmode = wp_specialchars($_POST['newuser_idmode']); $newuser_idmode = wp_specialchars($_POST['newuser_idmode']);
$user_description = $_POST['user_description']; $user_description = $_POST['user_description'];
$result = $wpdb->query("UPDATE $wpdb->users SET user_firstname='$newuser_firstname', $updatepassword user_lastname='$newuser_lastname', user_nickname='$newuser_nickname', user_icq='$newuser_icq', user_email='$newuser_email', user_url='$newuser_url', user_aim='$newuser_aim', user_msn='$newuser_msn', user_yim='$newuser_yim', user_idmode='$newuser_idmode', user_description = '$user_description', user_nicename = '$newuser_nicename' WHERE ID = $user_ID"); $result = $wpdb->query("UPDATE $wpdb->users SET $updatepassword user_email='$newuser_email', user_url='$newuser_url', user_nicename = '$newuser_nicename' WHERE ID = $user_ID");
update_user_meta( $user_ID, 'first_name', $newuser_firstname );
update_user_meta( $user_ID, 'last_name', $newuser_lastname );
update_user_meta( $user_ID, 'nickname', $newuser_nickname );
update_user_meta( $user_ID, 'description', $user_description );
update_user_meta( $user_ID, 'icq', $newuser_icq );
update_user_meta( $user_ID, 'aim', $newuser_aim );
update_user_meta( $user_ID, 'msn', $newuser_msn );
update_user_meta( $user_ID, 'yim', $newuser_yim );
do_action('profile_update', $user_ID); do_action('profile_update', $user_ID);

View File

@ -66,7 +66,16 @@ $new_url = preg_match('/^(https?|ftps?|mailto|news|gopher):/is', $new_ur
$new_idmode = wp_specialchars($_POST['new_idmode']); $new_idmode = wp_specialchars($_POST['new_idmode']);
$new_description = $_POST['new_description']; $new_description = $_POST['new_description'];
$result = $wpdb->query("UPDATE $wpdb->users SET user_login = '$new_user_login', user_firstname = '$new_firstname', $updatepassword user_lastname='$new_lastname', user_nickname='$new_nickname', user_icq='$new_icq', user_email='$new_email', user_url='$new_url', user_aim='$new_aim', user_msn='$new_msn', user_yim='$new_yim', user_idmode='$new_idmode', user_description = '$new_description', user_nicename = '$new_nicename' WHERE ID = $user_id"); $result = $wpdb->query("UPDATE $wpdb->users SET user_login = '$new_user_login', $updatepassword user_email='$new_email', user_url='$new_url', user_nicename = '$new_nicename' WHERE ID = '$user_id'");
update_user_meta( $user_ID, 'first_name', $new_firstname );
update_user_meta( $user_ID, 'last_name', $new_lastname );
update_user_meta( $user_ID, 'nickname', $new_nickname );
update_user_meta( $user_ID, 'description', $new_description );
update_user_meta( $user_ID, 'icq', $new_icq );
update_user_meta( $user_ID, 'aim', $new_aim );
update_user_meta( $user_ID, 'msn', $new_msn );
update_user_meta( $user_ID, 'yim', $new_yim );
header("Location: user-edit.php?user_id=$user_id&updated=true"); header("Location: user-edit.php?user_id=$user_id&updated=true");

View File

@ -69,9 +69,9 @@ case 'adduser':
$new_users_can_blog = get_settings('new_users_can_blog'); $new_users_can_blog = get_settings('new_users_can_blog');
$result = $wpdb->query("INSERT INTO $wpdb->users $result = $wpdb->query("INSERT INTO $wpdb->users
(user_login, user_pass, user_nickname, user_email, user_ip, user_domain, user_browser, user_registered, user_level, user_idmode, user_firstname, user_lastname, user_nicename, user_url) (user_login, user_pass, user_email, user_registered, user_level, user_nicename, user_url)
VALUES VALUES
('$user_login', MD5('$pass1'), '$user_nickname', '$user_email', '$user_ip', '$user_domain', '$user_browser', '$now', '$new_users_can_blog', 'nickname', '$user_firstname', '$user_lastname', '$user_nicename', '$user_uri')"); ('$user_login', MD5('$pass1'), '$user_email', '$now', '$new_users_can_blog', '$user_nicename', '$user_uri')");
if ($result == false) if ($result == false)
die (__('<strong>ERROR</strong>: Couldn&#8217;t register you!')); die (__('<strong>ERROR</strong>: Couldn&#8217;t register you!'));

View File

@ -265,6 +265,10 @@ function remove_accents($string) {
return $string; return $string;
} }
function sanitize_user( $username ) {
return preg_replace('|a-z0-9 _.-|i', '', $username);
}
function sanitize_title($title, $fallback_title = '') { function sanitize_title($title, $fallback_title = '') {
$title = strip_tags($title); $title = strip_tags($title);
$title = apply_filters('sanitize_title', $title); $title = apply_filters('sanitize_title', $title);

View File

@ -58,7 +58,7 @@ endif;
if ( !function_exists('get_userdatabylogin') ) : if ( !function_exists('get_userdatabylogin') ) :
function get_userdatabylogin($user_login) { function get_userdatabylogin($user_login) {
global $cache_userdata, $wpdb; global $cache_userdata, $wpdb;
$user_login = addslashes( $user_login ); $user_login = sanitize_user( $user_login );
if ( empty( $user_login ) ) if ( empty( $user_login ) )
return false; return false;
if ( isset( $cache_userdata[$user_login] ) ) if ( isset( $cache_userdata[$user_login] ) )

View File

@ -156,10 +156,11 @@ function wp_list_authors($args = '') {
function list_authors($optioncount = false, $exclude_admin = true, $show_fullname = false, $hide_empty = true, $feed = '', $feed_image = '') { function list_authors($optioncount = false, $exclude_admin = true, $show_fullname = false, $hide_empty = true, $feed = '', $feed_image = '') {
global $wpdb; global $wpdb;
$query = "SELECT ID, user_nickname, user_firstname, user_lastname, user_nicename from $wpdb->users " . ($exclude_admin ? "WHERE user_login <> 'admin' " : '') . "ORDER BY user_nickname"; $query = "SELECT ID, user_nicename from $wpdb->users " . ($exclude_admin ? "WHERE user_login <> 'admin' " : '') . "ORDER BY display_name";
$authors = $wpdb->get_results($query); $authors = $wpdb->get_results($query);
foreach($authors as $author) { foreach($authors as $author) {
$author = get_userdata( $author->ID );
$posts = get_usernumposts($author->ID); $posts = get_usernumposts($author->ID);
$name = $author->user_nickname; $name = $author->user_nickname;

View File

@ -121,7 +121,7 @@ break;
case 'resetpass' : case 'resetpass' :
// Generate something random for a password... md5'ing current time with a rand salt // Generate something random for a password... md5'ing current time with a rand salt
$key = $_GET['key']; $key = preg_replace('/a-z0-9/i', '', $_GET['key']);
if ( empty($key) ) if ( empty($key) )
die( __('Sorry, that key does not appear to be valid.') ); die( __('Sorry, that key does not appear to be valid.') );
$user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE user_activation_key = '$key'"); $user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE user_activation_key = '$key'");

View File

@ -26,13 +26,11 @@ switch($action) {
case 'register': case 'register':
$user_login = $_POST['user_login']; $user_login = sanitize_user( $_POST['user_login'] );
$user_email = $_POST['user_email']; $user_email = $_POST['user_email'];
/* checking that username has been typed */ if ( $user_login == '' )
if ($user_login == '') {
die (__('<strong>ERROR</strong>: Please enter a username.')); die (__('<strong>ERROR</strong>: Please enter a username.'));
}
/* checking e-mail address */ /* checking e-mail address */
if ($user_email == '') { if ($user_email == '') {
@ -41,19 +39,16 @@ case 'register':
die (__('<strong>ERROR</strong>: The email address isn&#8217;t correct.')); die (__('<strong>ERROR</strong>: The email address isn&#8217;t correct.'));
} }
/* checking the username isn't already used by another user */ if ( $result = $wpdb->get_row("SELECT user_login FROM $wpdb->users WHERE user_login = '$user_login'") )
$result = $wpdb->get_results("SELECT user_login FROM $wpdb->users WHERE user_login = '$user_login'");
if (count($result) >= 1) {
die (__('<strong>ERROR</strong>: This username is already registered, please choose another one.')); die (__('<strong>ERROR</strong>: This username is already registered, please choose another one.'));
}
$user_ip = $_SERVER['REMOTE_ADDR'] ; $user_ip = $_SERVER['REMOTE_ADDR'] ;
$user_browser = $wpdb->escape($_SERVER['HTTP_USER_AGENT']); $user_browser = $wpdb->escape($_SERVER['HTTP_USER_AGENT']);
$user_login = $wpdb->escape( preg_replace('|a-z0-9 _.-|i', '', $user_login) ); $user_login = $wpdb->escape( sanitize_user($user_login) ) );
$user_nickname = $user_login; $user_nickname = $user_login;
$user_nicename = sanitize_title($user_nickname); $user_nicename = sanitize_title($user_nickname);
$now = gmdate('Y-m-d H:i:s'); $now = gmdate('Y-m-d H:i:s');
$user_level = get_settings('new_users_can_blog'); $user_level = get_settings('new_users_can_blog');
$password = substr( md5( uniqid( microtime() ) ), 0, 7); $password = substr( md5( uniqid( microtime() ) ), 0, 7);

View File

@ -52,6 +52,8 @@ $wpdb->usermeta = $table_prefix . 'usermeta';
if ( defined('CUSTOM_USER_TABLE') ) if ( defined('CUSTOM_USER_TABLE') )
$wpdb->users = CUSTOM_USER_TABLE; $wpdb->users = CUSTOM_USER_TABLE;
if ( defined('CUSTOM_USER_META_TABLE') )
$wpdb->usermeta = CUSTOM_USER_META_TABLE;
// We're going to need to keep this around for a few months even though we're not using it internally // We're going to need to keep this around for a few months even though we're not using it internally