Commit Graph

397 Commits

Author SHA1 Message Date
Mark Jaquith 814865ea9e Send emails when a user's email address or password is changed.
* In case of email change, email goes to the OLD address
* Prevents against issues where an account is compromised (say via cookie interception) and then the attacker silently takes over ownership via pw/email changes — now there will at least be a record that something is up

fixes #32430
props RMarks, MikeHansenMe, tharsheblows, obenland
Built from https://develop.svn.wordpress.org/trunk@32820


git-svn-id: http://core.svn.wordpress.org/trunk@32791 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-17 19:31:27 +00:00
Boone Gorges 5dfd6a02a7 Avoid returning duplicate matches when using a meta query in `WP_User_Query`.
A meta_query containing an `OR` relation can result in the same record matching
multiple clauses, leading to duplicate results. The previous prevention against
duplicates [18178] #17582 became unreliable in 4.1 when `WP_Meta_Query`
introduced support for nested clauses. The current changeset adds a new method
`WP_Meta_Query::has_or_relation()` for checking whether an `OR` relation
appears anywhere in the query, and uses the new method in `WP_User_Query` to
enforce distinct results as necessary.

Props maxxsnake.
Fixes #32592.
Built from https://develop.svn.wordpress.org/trunk@32713


git-svn-id: http://core.svn.wordpress.org/trunk@32683 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-09 17:42:28 +00:00
Sergey Biryukov 50369e1c98 Add `@since` for `check_password_reset_key()`, `reset_password()`, and `register_new_user()`.
see #20279.
Built from https://develop.svn.wordpress.org/trunk@32696


git-svn-id: http://core.svn.wordpress.org/trunk@32666 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-05 20:39:26 +00:00
Boone Gorges 2c9a2850b4 Add `@since` entry for 'has_published_post' argument of `WP_User_Query`.
Mega-props DrewAPicture.
Fixes #32250.
Built from https://develop.svn.wordpress.org/trunk@32685


git-svn-id: http://core.svn.wordpress.org/trunk@32655 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-02 18:21:26 +00:00
Boone Gorges 0471408596 Normalize whitespace in docblock for `WP_User_Query::prepare_query()`.
Built from https://develop.svn.wordpress.org/trunk@32684


git-svn-id: http://core.svn.wordpress.org/trunk@32654 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-02 13:35:26 +00:00
Boone Gorges 6db02371ec Introduce `'has_published_posts'` parameter for `WP_User_Query`.
This allows user query results to be limited to those users who have published
posts in at least one of the specified post types.

Props joehoyle, boonebgorges.
Fixes #32250.
Built from https://develop.svn.wordpress.org/trunk@32683


git-svn-id: http://core.svn.wordpress.org/trunk@32653 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-02 13:30:26 +00:00
Scott Taylor d38fed6449 Add missing doc blocks to `user.php`.
`username_exists()` should return `false` instead of `null`, just like `email_exists()` does, which is right under it.

See #32444.

Built from https://develop.svn.wordpress.org/trunk@32637


git-svn-id: http://core.svn.wordpress.org/trunk@32607 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-28 15:51:25 +00:00
Jeremy Felt a5c688e817 Use site objects rather than get_blog_status() in MS list tables.
Removes several repetitive calls to `get_blog_status()` that are not needed, as the data is already available as part of each site's object.

Fixes #32512.

Built from https://develop.svn.wordpress.org/trunk@32630


git-svn-id: http://core.svn.wordpress.org/trunk@32600 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-27 23:14:29 +00:00
Jeremy Felt 45ad4808d9 Provide all site flag data in objects returned by `get_blogs_of_user()`
Previously, `archived`, `spam`, and `deleted` properties were forced to `0` when returned by `get_blogs_of_user()`. This was originally introduced in [21794] as a way to prevent notices when properties were expected.

Instead, we can properly fill these properties with those retrieved from `get_blog_details()`.

Props realloc.
Fixes #32281.

Built from https://develop.svn.wordpress.org/trunk@32626


git-svn-id: http://core.svn.wordpress.org/trunk@32596 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-27 21:23:26 +00:00
Scott Taylor 1b52916239 Create a function, `wp_roles()`, to DRY the inline instantiation of the `$wp_roles` global.
Add missing doc blocks for `capabilities.php`.

See #32444.

Built from https://develop.svn.wordpress.org/trunk@32541


git-svn-id: http://core.svn.wordpress.org/trunk@32511 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-22 04:47:24 +00:00
Boone Gorges 9d54232e39 Streamline support for multiple post types in `get_posts_by_author_sql()`.
* Don't accept a comma-separated list, only a single post type or an array of post types. This is easier to document.
* Add changelog entries to all calling functions.

Props DrewAPicture.
Fixes #32243.
Built from https://develop.svn.wordpress.org/trunk@32524


git-svn-id: http://core.svn.wordpress.org/trunk@32494 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-21 19:49:29 +00:00
Boone Gorges 67c935ad9c Support multiple post types in `count_user_posts()` and other functions that use `get_posts_by_author_sql()`.
Props nikonratm.
Fixes #32243.
Built from https://develop.svn.wordpress.org/trunk@32523


git-svn-id: http://core.svn.wordpress.org/trunk@32493 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-21 18:43:27 +00:00
Boone Gorges bbc5a2de2f Ensure that 'who' param is respected when generating meta_query in `WP_User_Query`.
Since [31669], the 'who' param had been parsed after meta_query was generated,
so that 'who' was effectively ignored.

Props imath.
Fixes #32019.
Built from https://develop.svn.wordpress.org/trunk@32207


git-svn-id: http://core.svn.wordpress.org/trunk@32180 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-20 15:16:27 +00:00
Dominik Schilling 64fc7294b6 Use HTTPS URLs for codex.wordpress.org.
see #27115.
Built from https://develop.svn.wordpress.org/trunk@32116


git-svn-id: http://core.svn.wordpress.org/trunk@32095 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-12 21:29:32 +00:00
Drew Jaynes ba1e7a7243 Correct grammar when referring to "a user" vs "an user" in several places.
Props ocean90.
Fixes #31894.

Built from https://develop.svn.wordpress.org/trunk@32025


git-svn-id: http://core.svn.wordpress.org/trunk@32004 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-05 14:44:27 +00:00
Boone Gorges 820b895cf6 `WP_User_Query`: When querying users with 'fields=all', ensure that caps and roles are filled for the current site.
See [15566] for a parallel fix for 'fields=all_with_meta'.

Fixes #31878.
Built from https://develop.svn.wordpress.org/trunk@32001


git-svn-id: http://core.svn.wordpress.org/trunk@31980 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-03 14:14:57 +00:00
Scott Taylor 0fccadaa35 When updating the email address for an existing user, make sure the email address is not already in use.
Adds unit tests.

Props rittesh.patel, DrewAPicture.
Fixes #30647.

Built from https://develop.svn.wordpress.org/trunk@31963


git-svn-id: http://core.svn.wordpress.org/trunk@31942 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-01 18:23:28 +00:00
Drew Jaynes bfdc2f3ac6 Ensure the `$wp_hasher` global has an entry in the `check_password_reset_key()` DocBlock.
Props lamosty.
Fixes #31756.

Built from https://develop.svn.wordpress.org/trunk@31883


git-svn-id: http://core.svn.wordpress.org/trunk@31862 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-25 16:24:27 +00:00
John Blackbourn 7c5fc2debb Implement an `aria-describedby` attribute for login screen errors, and improve the "Forgot password?" anchor text.
Props aferica, rianrietveld
Fixes #31143

Built from https://develop.svn.wordpress.org/trunk@31871


git-svn-id: http://core.svn.wordpress.org/trunk@31850 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-24 16:29:26 +00:00
Boone Gorges f5513227db Improved 'orderby' meta syntax in `WP_User_Query`.
Recent commits have added the ability to order query results by specific
clauses of the 'meta_query' parameter (comments [31467], posts [31312] and
[31340]). The current changeset ports the same functionality to `WP_User_Query`.

Also introduced is the ability to pass the value of `$meta_key` to 'orderby'.

The internals of `WP_User_Query::prepare_users()` had to be reordered
somewhat to support these changes, primarily to ensure that the `meta_query`
object generates its SQL clauses before the 'orderby' parameter is parsed.

See #31265.
Built from https://develop.svn.wordpress.org/trunk@31669


git-svn-id: http://core.svn.wordpress.org/trunk@31650 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-07 18:38:27 +00:00
Boone Gorges f07ebeff91 In `WP_User_Query`, `$meta_query` should be a class property rather than a local variable.
This provides better parity with other query classes, and makes it possible to
write more direct unit tests.

See #31265.
Built from https://develop.svn.wordpress.org/trunk@31665


git-svn-id: http://core.svn.wordpress.org/trunk@31646 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-07 16:35:27 +00:00
Boone Gorges 503b36dd23 Fix documentation whitespace after [31663].
See #31265.
Built from https://develop.svn.wordpress.org/trunk@31664


git-svn-id: http://core.svn.wordpress.org/trunk@31645 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-07 16:08:27 +00:00
Boone Gorges 1101444648 Improve 'orderby' syntax for `WP_User_Query`.
This changeset ports a number of 'orderby' features from `WP_Query` and
`WP_Comment_Query`:

* Allow multiple 'orderby' values to be passed as a space-separated list.
* Allow multiple 'orderby' values to be passed as a flat array.
* Allow multi-dimensional 'orderby', with orderby fields as array keys and ASC/DESC as the corresponding values.

See #31265.
Built from https://develop.svn.wordpress.org/trunk@31663


git-svn-id: http://core.svn.wordpress.org/trunk@31644 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-07 16:06:27 +00:00
Drew Jaynes 3b267afbf4 Correct a typo in the hash notation for `wp_insert_user()`: The argument name should be `$user_registered` not `$date_registered`.
Props floriansimeth.
Fixes #31513.

Built from https://develop.svn.wordpress.org/trunk@31608


git-svn-id: http://core.svn.wordpress.org/trunk@31589 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-04 09:51:26 +00:00
Boone Gorges 17330354bc Add `orderby=meta_value_num` support to `WP_User_Query`.
Props tyxla, genkisan.
Fixes #27887.
Built from https://develop.svn.wordpress.org/trunk@31369


git-svn-id: http://core.svn.wordpress.org/trunk@31350 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-02-08 16:59:22 +00:00
Sergey Biryukov a47a5a1779 In wp_update_user(), make sure $userdata['ID'] is set before using it.
props tyxla.
fixes #31097.
Built from https://develop.svn.wordpress.org/trunk@31269


git-svn-id: http://core.svn.wordpress.org/trunk@31250 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-22 14:46:23 +00:00
Scott Taylor fe6b5983df In PHP 5.0.0, `is_a()` became deprecated in favour of the `instanceof` operator. Calling `is_a()` would result in an `E_STRICT` warning.
In PHP 5.3.0, `is_a()` is no longer deprecated, and will therefore no longer throw `E_STRICT` warnings.

To avoid warnings in PHP < 5.3.0, convert all `is_a()` calls to `$var instanceof WP_Class` calls.

`instanceof` does not throw any error if the variable being tested is not an object, it simply returns `false`.

Props markoheijnen, wonderboymusic.
Fixes #25672.

Built from https://develop.svn.wordpress.org/trunk@31188


git-svn-id: http://core.svn.wordpress.org/trunk@31169 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-16 01:06:24 +00:00
Scott Taylor a79c242038 In `WP_User_Query`, only call magic method internals against a whitelist of properties, `$compat_fields`.
See #30891.

Built from https://develop.svn.wordpress.org/trunk@31144


git-svn-id: http://core.svn.wordpress.org/trunk@31125 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-11 22:00:23 +00:00
Scott Taylor 0a511680f4 Adding a `@return` annotation to constructors is generally not recommended as a constructor does not have a meaningful return value. Constructors do not have meaningful return values, anything that is returned from here is discarded.
See #30799.

Built from https://develop.svn.wordpress.org/trunk@31126


git-svn-id: http://core.svn.wordpress.org/trunk@31107 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-10 06:54:23 +00:00
Scott Taylor 60b0cd7943 The keyword `elseif` should be used instead of `else if` so that all control keywords look like single words.
This was a mess, is now standardized across the codebase, except for a few 3rd-party libs. 

See #30799.

Built from https://develop.svn.wordpress.org/trunk@31090


git-svn-id: http://core.svn.wordpress.org/trunk@31071 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-08 07:05:25 +00:00
Andrew Nacin 741e0ec6de No need for wp_get_password_hint() to be prefixed as if it is private.
see #21243.

Built from https://develop.svn.wordpress.org/trunk@30855


git-svn-id: http://core.svn.wordpress.org/trunk@30845 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-12-15 08:34:23 +00:00
Drew Jaynes 23707b1ada Convert various uses of `(optional)` in core parameter descriptions to use the style prescribed in the inline documentation standards for PHP.
The style for marking parameters optional in inline PHP docs is: `@param type $var Optional. Description. Accepts. Default.`, where Accepts can be omitted on a case-by-case basis.

Props coffee2code.
Fixes #30591.

Built from https://develop.svn.wordpress.org/trunk@30753


git-svn-id: http://core.svn.wordpress.org/trunk@30743 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-12-06 21:24:45 +00:00
Scott Taylor 04a4cf6156 Improve the `@param` docs for `src/wp-includes/user.php`.
See #30224.

Built from https://develop.svn.wordpress.org/trunk@30666


git-svn-id: http://core.svn.wordpress.org/trunk@30656 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-30 22:11:23 +00:00
Drew Jaynes bffe95d34c Docs Formatting: Backtick-escape inline code for all remaining dynamic hook docs in wp-includes/*.
Affects DocBlocks for the following hooks:
* `auth_post_meta_{$meta_key}`
* `term_links-$taxonomy`
* `customize_render_control_ . $this->id`
* `customize_render_panel_{$this->id}`
* `customize_render_section_{$this->id}`
* `customize_preview_{$this->id}`
* `customize_save_ . $this->id_data[ 'base' ]`
* `customize_update_ . $this->type`
* `customize_value_ . $this->id_data[ 'base' ]`
* `customize_sanitize_js_{$this->id}`
* `comment_form_field_{$name}`
* `comment_{$old_status}_to_{$new_status}`
* `comment_{$new_status}_{$comment->comment_type}`
* `extra_{$context}_headers`
* `get_template_part_{$slug}`
* `get_the_generator_{$type}`
* `get_{$adjacent}_post_join`
* `get_{$adjacent}_post_where`
* `get_{$adjacent}_post_sort`
* `{$adjacent}_post_rel_link`
* `{$adjacent}_post_link`
* `{$adjacent}_image_link`
* `blog_option_{$option}`
* `$permastructname . _rewrite_rules`
* `{$type}_template`
* `theme_mod_{$name}`
* `pre_set_theme_mod_$name`
* `current_theme_supports-{$feature}`
* `get_user_option_{$option}`
* `edit_user_{$field}`
* `pre_user_{$field}`
* `user_{$field}`

See #30552.

Built from https://develop.svn.wordpress.org/trunk@30656


git-svn-id: http://core.svn.wordpress.org/trunk@30646 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-30 12:10:23 +00:00
Drew Jaynes e11c0a9d3e 4.1 Docs Audit: Fix formatting for changelog entries in `count_user_posts()` and the `get_usernumposts` hook.
See #30469.

Built from https://develop.svn.wordpress.org/trunk@30623


git-svn-id: http://core.svn.wordpress.org/trunk@30613 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-28 12:29:23 +00:00
Andrew Nacin fce07e17eb Invalidate password keys when a user's email changes.
Built from https://develop.svn.wordpress.org/trunk@30430


git-svn-id: http://core.svn.wordpress.org/trunk@30425 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-20 13:40:23 +00:00
Boone Gorges 92e3890daa Correct `@since` tag in `count_user_posts()` docs.
Props pavelevap, DrewAPicture.
See #21364.
Built from https://develop.svn.wordpress.org/trunk@30328


git-svn-id: http://core.svn.wordpress.org/trunk@30327 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-13 12:15:23 +00:00
Boone Gorges a0b8caa29b Introduce `$post_type` param for `count_user_posts()`.
Props Caspie, engelen, DrewAPicture.
Fixes #21364.
Built from https://develop.svn.wordpress.org/trunk@30322


git-svn-id: http://core.svn.wordpress.org/trunk@30321 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-13 02:19:22 +00:00
Drew Jaynes 66c47f29bb Correct references of `@uses $wpdb` in core documentation to use `@global`.
See #30191, [30105].
Fixes #30217.

Built from https://develop.svn.wordpress.org/trunk@30122


git-svn-id: http://core.svn.wordpress.org/trunk@30122 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-31 17:56:22 +00:00
Drew Jaynes f8657d5890 Remove redundant and erroneous `@uses` tag from most core inline documentation.
Per our inline documentation standards, no further use of the `@uses` tag is recommended as used and used-by relationships can be derived through other means. This removes most uses of the tag in core documentation, with remaining tags to be converted to `@global` or `@see` as they apply.

Fixes #30191.

Built from https://develop.svn.wordpress.org/trunk@30105


git-svn-id: http://core.svn.wordpress.org/trunk@30105 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-30 01:05:24 +00:00
Konstantin Kovshenin 73f6a574b7 Use a nested meta query when querying by role in `WP_User_Query`.
If a user query includes a meta query together with a role argument,
nest the original meta query and append the role meta query with an
AND relationship.

fixes #23849, #27026.

Built from https://develop.svn.wordpress.org/trunk@30094


git-svn-id: http://core.svn.wordpress.org/trunk@30094 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-29 21:41:22 +00:00
John Blackbourn b1ba80de87 Rename `_wp_password_hint()` to `_wp_get_password_hint()` to bring it inline with core terminology. Fixes #21243.
Built from https://develop.svn.wordpress.org/trunk@30033


git-svn-id: http://core.svn.wordpress.org/trunk@30033 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-26 23:30:18 +00:00
Boone Gorges be4bc9a7e1 Accept 'orderby=include' in `WP_User_Query`.
This lets the results of a user query be sorted manually by the value of the
'include' param.

Props jipmoors.
Fixes #30064.
Built from https://develop.svn.wordpress.org/trunk@30016


git-svn-id: http://core.svn.wordpress.org/trunk@30016 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-24 19:51:21 +00:00
Sergey Biryukov 0eb758720a Move password hint text to a function. Add 'password_hint' filter.
props convissor.
fixes #21243.
Built from https://develop.svn.wordpress.org/trunk@29962


git-svn-id: http://core.svn.wordpress.org/trunk@29709 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-18 20:21:18 +00:00
Boone Gorges bde2c97aee Support date_query by user_registered in WP_User_Query.
Props ChriCo, nacin.
Fixes #27283.
Built from https://develop.svn.wordpress.org/trunk@29934


git-svn-id: http://core.svn.wordpress.org/trunk@29686 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-17 01:37:18 +00:00
Drew Jaynes 8ec2d2a151 Add inline documentation for `WP_User_Query` default arguments in the form of a hash notation.
Adds documentation pointers from the class-level doc for `WP_User_Query`, as well as the `get_users()` doc.

Props tschutter.
Fixes #29846.

Built from https://develop.svn.wordpress.org/trunk@29843


git-svn-id: http://core.svn.wordpress.org/trunk@29607 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-06 15:36:17 +00:00
Boone Gorges 2dad79f6c5 Always sanitize user_nicename in wp_insert_user().
Previously, a 'user_nicename' parameter passed into the function was
unsanitized. This could result in a mismatch between the sanitized nicename
generated automatically at user creation, resulting in broken author archive
permalinks.

Props joemcgill.

Fixes #29696.
Built from https://develop.svn.wordpress.org/trunk@29819


git-svn-id: http://core.svn.wordpress.org/trunk@29585 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-02 18:54:17 +00:00
Sergey Biryukov 5727b51538 Correct @return value for WP_User_Query::get_total().
props jesin.
fixes #29656.
Built from https://develop.svn.wordpress.org/trunk@29744


git-svn-id: http://core.svn.wordpress.org/trunk@29518 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-09-13 22:24:17 +00:00
Andrew Nacin 768136c6da Rename the public methods in the session tokens API.
Introduces a new get( $token ) method. get_token() would not have made sense and spurred the overall renaming. Public methods are now get, get_all, verify, create, update, destroy, destroy_others, and destroy_all.

The protected abstract methods designed for alternative implementations remain the same.

props mdawaffe.
see #20276.

Built from https://develop.svn.wordpress.org/trunk@29635


git-svn-id: http://core.svn.wordpress.org/trunk@29409 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-27 02:07:16 +00:00
Drew Jaynes a8583d5f19 Fix some words that aren't words.
See #28885.

Built from https://develop.svn.wordpress.org/trunk@29454


git-svn-id: http://core.svn.wordpress.org/trunk@29232 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-09 19:30:17 +00:00
Scott Taylor 91764118fb Add an action, `pre_get_users`, in `WP_User_Query::prepare_query()`.
Props rmccue.
Fixes #29084.

Built from https://develop.svn.wordpress.org/trunk@29363


git-svn-id: http://core.svn.wordpress.org/trunk@29139 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-02 20:46:16 +00:00
Andrew Nacin 654e46f03d Tie cookies and nonces to user sessions so they may be invalidated upon logout.
Sessions are stored in usermeta via WP_User_Meta_Session_Tokens, which extends the abstract WP_Session_Tokens class. Extending WP_Session_Tokens can allow for alternative storage, such as a separate table or Redis.

Introduces some simple APIs for session listing and destruction, such as wp_get_active_sessions() and wp_destroy_all_sessions().

This invalidates all existing authentication cookies, as a new segment (the session token) has been added to them.

props duck_, nacin, mdawaffe.
see #20276.

Built from https://develop.svn.wordpress.org/trunk@29221


git-svn-id: http://core.svn.wordpress.org/trunk@29005 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-18 09:13:15 +00:00
Drew Jaynes 3665b5a1a1 Add periods to short descriptions for magic methods added in [28501], [28521], and [28524].
See #22234 and #28885.

Built from https://develop.svn.wordpress.org/trunk@29165


git-svn-id: http://core.svn.wordpress.org/trunk@28949 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-14 01:12:14 +00:00
Drew Jaynes f287dbbbde Fill out inline documentation for magic methods added to the `WP_User_Query` class in [28528].
See #27881, #22234 and #28885.

Built from https://develop.svn.wordpress.org/trunk@29140


git-svn-id: http://core.svn.wordpress.org/trunk@28924 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-13 23:34:15 +00:00
Drew Jaynes c0052b6af2 Convert default arguments documentation for `wp_insert_user()` into a hash notation.
See #28841.

Built from https://develop.svn.wordpress.org/trunk@29116


git-svn-id: http://core.svn.wordpress.org/trunk@28902 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-12 00:21:15 +00:00
Drew Jaynes 933ab734f9 Convert default arguments documentation for `wp_dropdown_users()` into a hash notation.
See #28841.

Built from https://develop.svn.wordpress.org/trunk@29115


git-svn-id: http://core.svn.wordpress.org/trunk@28901 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-12 00:08:15 +00:00
Dominik Schilling a20d6ebec6 Add missing filter doc, see [29043].
see #27627.
Built from https://develop.svn.wordpress.org/trunk@29102


git-svn-id: http://core.svn.wordpress.org/trunk@28888 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-11 19:24:28 +00:00
John Blackbourn 2ce53ede8e Persist the "Remember Me" state of the auth cookie when changing your own password. Props jesin. Fixes #27627.
Built from https://develop.svn.wordpress.org/trunk@29043


git-svn-id: http://core.svn.wordpress.org/trunk@28831 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-09 18:05:15 +00:00
Scott Taylor c8852cc909 Use the `WPINC` constant when loading `class-phpass.php`
Props wojtek.szkutnik
See #14157.

Built from https://develop.svn.wordpress.org/trunk@28903


git-svn-id: http://core.svn.wordpress.org/trunk@28702 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-29 22:12:16 +00:00
Scott Taylor 71090a7f12 Remove title attributes in `wp_authenticate_username_password()`.
Props joedolson.
Fixes #26547.

Built from https://develop.svn.wordpress.org/trunk@28870


git-svn-id: http://core.svn.wordpress.org/trunk@28670 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-27 20:05:15 +00:00
Scott Taylor 994ca59abd Don't use variable variables in `wp_insert_user()`.
Add a local array, `$meta`, to provide substantial disambiguation among variables. 

See #27881.

Built from https://develop.svn.wordpress.org/trunk@28740


git-svn-id: http://core.svn.wordpress.org/trunk@28554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-11 18:21:14 +00:00
Scott Taylor 6a61826660 Set a variable for like-escaped string before looping in `WP_User_Query::get_search_sql()`.
Props miqrogroove.
Fixes #10041.

Built from https://develop.svn.wordpress.org/trunk@28722


git-svn-id: http://core.svn.wordpress.org/trunk@28536 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-10 02:45:16 +00:00
Scott Taylor 05eeb16e30 Replace all uses of `like_escape()` with `$wpdb->esc_like()`.
Props miqrogroove.
See #10041.

Built from https://develop.svn.wordpress.org/trunk@28712


git-svn-id: http://core.svn.wordpress.org/trunk@28528 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-10 00:44:15 +00:00
Drew Jaynes 3e0521c2cf Add inline documentation for the `option_none_value` argument added to `wp_dropdown_users|categories()` in [28564].
Fixes #16625.

Built from https://develop.svn.wordpress.org/trunk@28570


git-svn-id: http://core.svn.wordpress.org/trunk@28395 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-24 05:39:15 +00:00
Scott Taylor 53ea68e838 `wp_dropdown_pages()` allows `option_none_value` to be passed. Add that arg to the `$defaults` for `wp_dropdown_users()` and `wp_dropdown_categories()` as well.
Props solarissmoke. 
Fixes #16625.

Built from https://develop.svn.wordpress.org/trunk@28564


git-svn-id: http://core.svn.wordpress.org/trunk@28390 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-23 20:47:15 +00:00
Scott Taylor ab6d069f59 Add access modifiers to `WP_User_Query`.
Add magic methods for BC: __get(), __set(), __isset(), __unset(), and
__call().

See #27881, #22234.

Built from https://develop.svn.wordpress.org/trunk@28528


git-svn-id: http://core.svn.wordpress.org/trunk@28354 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-19 15:48:15 +00:00
Scott Taylor 877fad9f38 Eliminate use of `extract()` in `wp_insert_user()`.
See #22400.

Built from https://develop.svn.wordpress.org/trunk@28454


git-svn-id: http://core.svn.wordpress.org/trunk@28281 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-16 18:15:15 +00:00
Scott Taylor ee90a8c17c Eliminate the use of `extract()` in `wp_dropdown_users()`.
See #22400.

Built from https://develop.svn.wordpress.org/trunk@28420


git-svn-id: http://core.svn.wordpress.org/trunk@28247 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-15 05:18:15 +00:00
Andrew Nacin 91971b28a7 User Query: Don't blindly re-append new meta queries for capabilities.
fixes #21119.

Built from https://develop.svn.wordpress.org/trunk@28087


git-svn-id: http://core.svn.wordpress.org/trunk@27918 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-12 19:04:15 +00:00
Drew Jaynes 5c3c97ead6 PHPDoc fixes for `wp_validate_logged_in_cookie()`, introduced in 3.9.
See #27700.

Built from https://develop.svn.wordpress.org/trunk@28015


git-svn-id: http://core.svn.wordpress.org/trunk@27845 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-07 21:43:15 +00:00
Andrew Nacin acba3131d7 Allow for custom authentication handlers for all requests.
Turn the logic used by wp_get_current_user() into a determine_current_user filter.

props rmccue.
fixes #26706.

Built from https://develop.svn.wordpress.org/trunk@27484


git-svn-id: http://core.svn.wordpress.org/trunk@27328 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-09 15:23:15 +00:00
Sergey Biryukov 4da1691fd5 Additional clarification for wp_authenticate_cookie() parameters.
fixes #26148.
Built from https://develop.svn.wordpress.org/trunk@27354


git-svn-id: http://core.svn.wordpress.org/trunk@27205 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-02 19:51:14 +00:00
Drew Jaynes 266aa6d9d2 Inline documentation improvements for wp-includes/user.php.
Props morganestes, SergeyBiryukov.
Fixes #26148.

Built from https://develop.svn.wordpress.org/trunk@27353


git-svn-id: http://core.svn.wordpress.org/trunk@27204 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-02 19:40:14 +00:00
Sergey Biryukov 2e288a108c Remove redundant add_filter() call. see [24848]. fixes #27255.
Built from https://develop.svn.wordpress.org/trunk@27351


git-svn-id: http://core.svn.wordpress.org/trunk@27202 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-02 18:21:14 +00:00
Sergey Biryukov 45ac85f67f Default value for $credentials parameter in wp_signon() should be an array, not a string.
props tivnet.
fixes #27130.
Built from https://develop.svn.wordpress.org/trunk@27350


git-svn-id: http://core.svn.wordpress.org/trunk@27201 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-02 18:05:14 +00:00
Sergey Biryukov ab8847316c Correct return values for update_metadata() and related functions.
fixes #21864.
Built from https://develop.svn.wordpress.org/trunk@27191


git-svn-id: http://core.svn.wordpress.org/trunk@27050 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-02-18 21:36:14 +00:00
Scott Taylor 55b4eee4c2 Make `WP_User_Query::prepare_query()` public by allowing it to be passed an array of args. Previously, if the `WP_User_Query` constructor was not passed args, the object was basically unusable. Adds unit tests, all other tests pass.
Props scribu, for the initial patch.
Fixes #21119.


Built from https://develop.svn.wordpress.org/trunk@27185


git-svn-id: http://core.svn.wordpress.org/trunk@27045 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-02-17 21:41:12 +00:00
Sergey Biryukov 9145c85fc7 Correct 'found_users_query' filter description. see #25533.
Built from https://develop.svn.wordpress.org/trunk@26904


git-svn-id: http://core.svn.wordpress.org/trunk@26787 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-01-04 18:50:11 +00:00
Drew Jaynes e73caae160 Inline documentation for hooks in wp-includes/user.php.
Props stephenharris, kpdesign.
Fixes #25533.

Built from https://develop.svn.wordpress.org/trunk@26901


git-svn-id: http://core.svn.wordpress.org/trunk@26784 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-01-04 06:18:10 +00:00
Drew Jaynes ee8aa9ee4c Inline documentation for hooks in wp-admin/user-new.php & wp-admin/user-edit.php.
Also fixes one parameter type in wp-includes/user.php.

Fixes #25726.

Built from https://develop.svn.wordpress.org/trunk@26493


git-svn-id: http://core.svn.wordpress.org/trunk@26387 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-12-01 01:35:10 +00:00
Sergey Biryukov 8d659b278c Fix docblock formatting. fixes #25893.
Built from https://develop.svn.wordpress.org/trunk@26081


git-svn-id: http://core.svn.wordpress.org/trunk@26001 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-11 13:32:10 +00:00
Sergey Biryukov 0888c85811 Correct $user_id parameter description. props mauryaratan, Corphi. fixes #25774.
Built from https://develop.svn.wordpress.org/trunk@25997


git-svn-id: http://core.svn.wordpress.org/trunk@25930 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-30 20:18:10 +00:00
Andrew Nacin d0cfa40983 Add jshintrc to qunit.
props jorbin.
see #25187.

Built from https://develop.svn.wordpress.org/trunk@25992


git-svn-id: http://core.svn.wordpress.org/trunk@25925 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-30 14:39:10 +00:00
Andrew Nacin 823ad1ae6e Have get_current_user_id() return 0 when pluggable.php is not yet included (which brings the ability to set or get the current user).
fixes #25690 for trunk.

Built from https://develop.svn.wordpress.org/trunk@25929


git-svn-id: http://core.svn.wordpress.org/trunk@25888 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-26 03:20:09 +00:00
Andrew Nacin 6113669e22 Hash password reset keys in the database.
All existing, unused password reset keys are now considered "expired" and the user will be told they should try again.

Introduces a password_reset_key_expired filter to allow plugins to introduce a grace period.

fixes #24783.

Built from https://develop.svn.wordpress.org/trunk@25696


git-svn-id: http://core.svn.wordpress.org/trunk@25611 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-06 11:29:11 +00:00
Andrew Nacin 0e620877fd Use the wpdb method instead of $wpdb->prefix.
props hakre.
fixes #16756.

Built from https://develop.svn.wordpress.org/trunk@25615


git-svn-id: http://core.svn.wordpress.org/trunk@25532 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-24 23:41:10 +00:00
Andrew Nacin 00c545606e Introduce wp_get_user_contact_methods() as a public version of _wp_get_user_contactmethods.
props johnnyb.
fixes #24273.

Built from https://develop.svn.wordpress.org/trunk@25606


git-svn-id: http://core.svn.wordpress.org/trunk@25523 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-24 18:14:09 +00:00
Scott Taylor 6744355f70 * Add `isset()` checks all over `WP_User_Query::prepare_query()` and `WP_User_Query::query()`. When a `WP_User_Query` instance is constructed without passing args, no query vars are filled in, thus `$qv` doesn't contain most of the expected indices.
* Suppress an undefined index notice in `tests/user/query.php`

Fixes #25292.
See #25282.


Built from https://develop.svn.wordpress.org/trunk@25392


git-svn-id: http://core.svn.wordpress.org/trunk@25326 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-12 06:25:09 +00:00
Scott Taylor dbec80b469 Support `orderby => meta_value` in `WP_User_Query`. Adds unit test.
Props wpsmith.
Fixes #21581.


Built from https://develop.svn.wordpress.org/trunk@25331


git-svn-id: http://core.svn.wordpress.org/trunk@25293 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-10 23:10:09 +00:00
Sergey Biryukov 1d79b0bdf3 Move check_password_reset_key(), reset_password(), and register_new_user() from wp-login.php to wp-includes/user.php, to make them reusable. props beaulebens for initial patch. fixes #20279.
Built from https://develop.svn.wordpress.org/trunk@25231


git-svn-id: http://core.svn.wordpress.org/trunk@25201 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-04 08:59:09 +00:00
Andrew Nacin 34ce599935 Don't override an existing WP_Error object in wp_authenticate_username_password().
props willnorris.
fixes #19714.



git-svn-id: http://core.svn.wordpress.org/trunk@24850 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-29 03:43:22 +00:00
Andrew Nacin 5c20d1eca1 Remove "special" multisite spam check in the authentication API.
The spamming of a site no longer directly affects a user of said site.

Moves the spam check to the wp_authenticate filter. Networks in need
of enhanced spam-fighting should leverage this same technique.

Allow is_user_spammy() to accept a WP_User object.

props willnorris, brianhogg.
fixes #24771. see #19714.



git-svn-id: http://core.svn.wordpress.org/trunk@24848 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-29 03:23:51 +00:00
Andrew Nacin de7375b5d1 Avoid a sanitize_key() call on ID, as this causes it to be lowercased. wp_dropdown_users() requires user_login as a fallback; specify it for get_users(). see #21767.
git-svn-id: http://core.svn.wordpress.org/trunk@24719 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-17 04:46:09 +00:00
Andrew Nacin 4fd4d4452f Use sanitize_key() instead of esc_sql() when 'escaping' variable DB field names. see #21767.
git-svn-id: http://core.svn.wordpress.org/trunk@24714 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-16 14:21:05 +00:00
Sergey Biryukov 58c364947f PHPDoc fixes and additions. fixes #24616.
git-svn-id: http://core.svn.wordpress.org/trunk@24490 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-06-21 12:45:11 +00:00
Andrew Nacin 97ce5922db Remove docs suggesting that wp_update_user() creates a user if no ID is provided. See #16731, that is incorrect at this time.
git-svn-id: http://core.svn.wordpress.org/trunk@24345 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-05-24 16:22:22 +00:00
Mark Jaquith 082e067a2d Screen option for Post Format UI.
props nacin. see #23930.

git-svn-id: http://core.svn.wordpress.org/trunk@24092 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-04-25 07:28:33 +00:00
Andrew Nacin 8131644bf6 Add user_search_columns filter to WP_User_Query::prepare_query().
props aaroncampbell.
fixes #16366.



git-svn-id: http://core.svn.wordpress.org/trunk@24056 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-04-22 20:37:50 +00:00
Sergey Biryukov f86b1502a0 Fix fatal error in WP_User_Query when searching users by URL. Move wp_is_large_network() to wp-includes. fixes #23683 for trunk.
git-svn-id: http://core.svn.wordpress.org/trunk@23664 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-12 09:19:55 +00:00
Ryan Boren 315bfb019a Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes().
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23594 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-03 21:11:40 +00:00