' . __( 'You need a higher level of permission.' ) . '' . '
' . __( 'Sorry, you are not allowed to list users.' ) . '
', 403 ); } $wp_list_table = _get_list_table( 'WP_Users_List_Table' ); $pagenum = $wp_list_table->get_pagenum(); $title = __( 'Users' ); $parent_file = 'users.php'; add_screen_option( 'per_page' ); // Contextual help - choose Help on the top right of admin panel to preview this. get_current_screen()->add_help_tab( array( 'id' => 'overview', 'title' => __( 'Overview' ), 'content' => '' . __( 'This screen lists all the existing users for your site. Each user has one of five defined roles as set by the site admin: Site Administrator, Editor, Author, Contributor, or Subscriber. Users with roles other than Administrator will see fewer options in the dashboard navigation when they are logged in, based on their role.' ) . '
' . '' . __( 'To add a new user for your site, click the Add New button at the top of the screen or Add New in the Users menu section.' ) . '
', ) ); get_current_screen()->add_help_tab( array( 'id' => 'screen-content', 'title' => __( 'Screen Content' ), 'content' => '' . __( 'You can customize the display of this screen in a number of ways:' ) . '
' . '' . __( 'Hovering over a row in the users list will display action links that allow you to manage users. You can perform the following actions:' ) . '
' . '' . __( 'For more information:' ) . '
' . '' . __( 'Documentation on Managing Users' ) . '
' . '' . __( 'Descriptions of Roles and Capabilities' ) . '
' . '' . __( 'Support' ) . '
' ); get_current_screen()->set_screen_reader_content( array( 'heading_views' => __( 'Filter users list' ), 'heading_pagination' => __( 'Users list navigation' ), 'heading_list' => __( 'Users list' ), ) ); if ( empty( $_REQUEST ) ) { $referer = ''; } elseif ( isset( $_REQUEST['wp_http_referer'] ) ) { $redirect = remove_query_arg( array( 'wp_http_referer', 'updated', 'delete_count' ), wp_unslash( $_REQUEST['wp_http_referer'] ) ); $referer = ''; } else { $redirect = 'users.php'; $referer = ''; } $update = ''; switch ( $wp_list_table->current_action() ) { /* Bulk Dropdown menu Role changes */ case 'promote': check_admin_referer( 'bulk-users' ); if ( ! current_user_can( 'promote_users' ) ) { wp_die( __( 'Sorry, you are not allowed to edit this user.' ), 403 ); } if ( empty( $_REQUEST['users'] ) ) { wp_redirect( $redirect ); exit(); } $editable_roles = get_editable_roles(); $role = false; if ( ! empty( $_REQUEST['new_role2'] ) ) { $role = $_REQUEST['new_role2']; } elseif ( ! empty( $_REQUEST['new_role'] ) ) { $role = $_REQUEST['new_role']; } if ( ! $role || empty( $editable_roles[ $role ] ) ) { wp_die( __( 'Sorry, you are not allowed to give users that role.' ), 403 ); } $userids = $_REQUEST['users']; $update = 'promote'; foreach ( $userids as $id ) { $id = (int) $id; if ( ! current_user_can( 'promote_user', $id ) ) { wp_die( __( 'Sorry, you are not allowed to edit this user.' ), 403 ); } // The new role of the current user must also have the promote_users cap or be a multisite super admin. if ( $id == $current_user->ID && ! $wp_roles->role_objects[ $role ]->has_cap( 'promote_users' ) && ! ( is_multisite() && current_user_can( 'manage_network_users' ) ) ) { $update = 'err_admin_role'; continue; } // If the user doesn't already belong to the blog, bail. if ( is_multisite() && ! is_user_member_of_blog( $id ) ) { wp_die( '' . __( 'One of the selected users is not a member of this site.' ) . '
', 403 ); } $user = get_userdata( $id ); $user->set_role( $role ); } wp_redirect( add_query_arg( 'update', $update, $redirect ) ); exit(); case 'dodelete': if ( is_multisite() ) { wp_die( __( 'User deletion is not allowed from this screen.' ), 400 ); } check_admin_referer( 'delete-users' ); if ( empty( $_REQUEST['users'] ) ) { wp_redirect( $redirect ); exit(); } $userids = array_map( 'intval', (array) $_REQUEST['users'] ); if ( empty( $_REQUEST['delete_option'] ) ) { $url = self_admin_url( 'users.php?action=delete&users[]=' . implode( '&users[]=', $userids ) . '&error=true' ); $url = str_replace( '&', '&', wp_nonce_url( $url, 'bulk-users' ) ); wp_redirect( $url ); exit; } if ( ! current_user_can( 'delete_users' ) ) { wp_die( __( 'Sorry, you are not allowed to delete users.' ), 403 ); } $update = 'del'; $delete_count = 0; foreach ( $userids as $id ) { if ( ! current_user_can( 'delete_user', $id ) ) { wp_die( __( 'Sorry, you are not allowed to delete that user.' ), 403 ); } if ( $id == $current_user->ID ) { $update = 'err_admin_del'; continue; } switch ( $_REQUEST['delete_option'] ) { case 'delete': wp_delete_user( $id ); break; case 'reassign': wp_delete_user( $id, $_REQUEST['reassign_user'] ); break; } ++$delete_count; } $redirect = add_query_arg( array( 'delete_count' => $delete_count, 'update' => $update, ), $redirect ); wp_redirect( $redirect ); exit(); case 'delete': if ( is_multisite() ) { wp_die( __( 'User deletion is not allowed from this screen.' ), 400 ); } check_admin_referer( 'bulk-users' ); if ( empty( $_REQUEST['users'] ) && empty( $_REQUEST['user'] ) ) { wp_redirect( $redirect ); exit(); } if ( ! current_user_can( 'delete_users' ) ) { $errors = new WP_Error( 'edit_users', __( 'Sorry, you are not allowed to delete users.' ) ); } if ( empty( $_REQUEST['users'] ) ) { $userids = array( intval( $_REQUEST['user'] ) ); } else { $userids = array_map( 'intval', (array) $_REQUEST['users'] ); } $all_userids = $userids; if ( in_array( $current_user->ID, $userids ) ) { $userids = array_diff( $userids, array( $current_user->ID ) ); } /** * Filters whether the users being deleted have additional content * associated with them outside of the `post_author` and `link_owner` relationships. * * @since 5.2.0 * * @param boolean $users_have_additional_content Whether the users have additional content. Default false. * @param int[] $userids Array of IDs for users being deleted. */ $users_have_content = (bool) apply_filters( 'users_have_additional_content', false, $userids ); if ( $userids && ! $users_have_content ) { if ( $wpdb->get_var( "SELECT ID FROM {$wpdb->posts} WHERE post_author IN( " . implode( ',', $userids ) . ' ) LIMIT 1' ) ) { $users_have_content = true; } elseif ( $wpdb->get_var( "SELECT link_id FROM {$wpdb->links} WHERE link_owner IN( " . implode( ',', $userids ) . ' ) LIMIT 1' ) ) { $users_have_content = true; } } if ( $users_have_content ) { add_action( 'admin_head', 'delete_users_add_js' ); } require_once ABSPATH . 'wp-admin/admin-header.php'; ?> $update ), $redirect ); wp_redirect( $redirect ); exit; case 'remove': check_admin_referer( 'bulk-users' ); if ( ! is_multisite() ) { wp_die( __( 'You can’t remove users.' ), 400 ); } if ( empty( $_REQUEST['users'] ) && empty( $_REQUEST['user'] ) ) { wp_redirect( $redirect ); exit(); } if ( ! current_user_can( 'remove_users' ) ) { $error = new WP_Error( 'edit_users', __( 'Sorry, you are not allowed to remove users.' ) ); } if ( empty( $_REQUEST['users'] ) ) { $userids = array( intval( $_REQUEST['user'] ) ); } else { $userids = $_REQUEST['users']; } require_once ABSPATH . 'wp-admin/admin-header.php'; ?> current_action() && ! empty( $_REQUEST['users'] ) ) { $screen = get_current_screen()->id; $sendback = wp_get_referer(); $userids = $_REQUEST['users']; /** This action is documented in wp-admin/edit.php */ $sendback = apply_filters( "handle_bulk_actions-{$screen}", $sendback, $wp_list_table->current_action(), $userids ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores wp_safe_redirect( $sendback ); exit; } $wp_list_table->prepare_items(); $total_pages = $wp_list_table->get_pagination_arg( 'total_pages' ); if ( $pagenum > $total_pages && $total_pages > 0 ) { wp_redirect( add_query_arg( 'paged', $total_pages ) ); exit; } require_once ABSPATH . 'wp-admin/admin-header.php'; $messages = array(); if ( isset( $_GET['update'] ) ) : switch ( $_GET['update'] ) { case 'del': case 'del_many': $delete_count = isset( $_GET['delete_count'] ) ? (int) $_GET['delete_count'] : 0; if ( 1 == $delete_count ) { $message = __( 'User deleted.' ); } else { /* translators: %s: Number of users. */ $message = _n( '%s user deleted.', '%s users deleted.', $delete_count ); } $messages[] = '' . sprintf( $message, number_format_i18n( $delete_count ) ) . '
' . $message . '
' . __( 'Changed roles.' ) . '
' . __( 'The current user’s role must have user editing capabilities.' ) . '
' . __( 'Other user roles have been changed.' ) . '
' . __( 'You can’t delete the current user.' ) . '
' . __( 'Other users have been deleted.' ) . '
' . __( 'User removed from this site.' ) . '
' . __( "You can't remove the current user." ) . '
' . __( 'Other users have been removed.' ) . '