2007-05-25 09:16:21 +02:00
< ? php
2008-10-02 03:03:26 +02:00
/**
* WordPress user administration API .
*
* @ package WordPress
* @ subpackage Administration
*/
/**
* Creates a new user from the " Users " form using $_POST information .
*
2009-01-06 23:00:05 +01:00
* It seems that the first half is for backwards compatibility , but only
2009-12-08 20:59:34 +01:00
* has the ability to alter the user ' s role . WordPress core seems to
2009-01-06 23:00:05 +01:00
* use this function only in the second way , running edit_user () with
* no id so as to create a new user .
2008-10-02 03:03:26 +02:00
*
2009-01-06 23:00:05 +01:00
* @ since 2.0
2008-10-02 03:03:26 +02:00
*
* @ param int $user_id Optional . User ID .
* @ return null | WP_Error | int Null when adding user , WP_Error or User ID integer when no parameters .
*/
2007-05-25 09:16:21 +02:00
function add_user () {
if ( func_num_args () ) { // The hackiest hack that ever did hack
global $current_user , $wp_roles ;
$user_id = ( int ) func_get_arg ( 0 );
if ( isset ( $_POST [ 'role' ] ) ) {
2009-09-14 15:57:48 +02:00
$new_role = sanitize_text_field ( $_POST [ 'role' ] );
2009-01-06 23:00:05 +01:00
// Don't let anyone with 'edit_users' (admins) edit their own role to something without it.
2009-09-14 15:57:48 +02:00
if ( $user_id != $current_user -> id || $wp_roles -> role_objects [ $new_role ] -> has_cap ( 'edit_users' ) ) {
2009-01-06 23:00:05 +01:00
// If the new role isn't editable by the logged-in user die with error
$editable_roles = get_editable_roles ();
2010-04-03 10:08:12 +02:00
if ( empty ( $editable_roles [ $new_role ] ) )
2009-01-06 23:00:05 +01:00
wp_die ( __ ( 'You can’t give users that role.' ));
2009-03-18 03:43:45 +01:00
2007-05-25 09:16:21 +02:00
$user = new WP_User ( $user_id );
2009-09-14 15:57:48 +02:00
$user -> set_role ( $new_role );
2007-05-25 09:16:21 +02:00
}
}
} else {
add_action ( 'user_register' , 'add_user' ); // See above
return edit_user ();
}
}
2008-10-02 03:03:26 +02:00
/**
2009-01-06 23:00:05 +01:00
* Edit user settings based on contents of $_POST
2008-10-02 03:03:26 +02:00
*
2009-01-06 23:00:05 +01:00
* Used on user - edit . php and profile . php to manage and process user options , passwords etc .
2008-10-02 03:03:26 +02:00
*
2009-01-06 23:00:05 +01:00
* @ since 2.0
2008-10-02 03:03:26 +02:00
*
* @ param int $user_id Optional . User ID .
2009-01-06 23:00:05 +01:00
* @ return int user id of the updated user
2008-10-02 03:03:26 +02:00
*/
2007-05-25 09:16:21 +02:00
function edit_user ( $user_id = 0 ) {
global $current_user , $wp_roles , $wpdb ;
if ( $user_id != 0 ) {
$update = true ;
$user -> ID = ( int ) $user_id ;
$userdata = get_userdata ( $user_id );
$user -> user_login = $wpdb -> escape ( $userdata -> user_login );
} else {
$update = false ;
$user = '' ;
}
2009-09-14 15:57:48 +02:00
if ( ! $update && isset ( $_POST [ 'user_login' ] ) )
2009-09-18 22:47:24 +02:00
$user -> user_login = sanitize_user ( $_POST [ 'user_login' ], true );
2007-05-25 09:16:21 +02:00
$pass1 = $pass2 = '' ;
if ( isset ( $_POST [ 'pass1' ] ))
$pass1 = $_POST [ 'pass1' ];
if ( isset ( $_POST [ 'pass2' ] ))
$pass2 = $_POST [ 'pass2' ];
2007-09-04 01:32:58 +02:00
if ( isset ( $_POST [ 'role' ] ) && current_user_can ( 'edit_users' ) ) {
2009-09-14 15:57:48 +02:00
$new_role = sanitize_text_field ( $_POST [ 'role' ] );
2010-02-27 19:07:25 +01:00
$potential_role = isset ( $wp_roles -> role_objects [ $new_role ]) ? $wp_roles -> role_objects [ $new_role ] : false ;
2009-01-06 23:00:05 +01:00
// Don't let anyone with 'edit_users' (admins) edit their own role to something without it.
2010-04-02 06:30:00 +02:00
// Multisite super admins can freely edit their blog roles -- they possess all caps.
2010-04-07 23:04:42 +02:00
if ( ( is_multisite () && current_user_can ( 'manage_sites' ) ) || $user_id != $current_user -> id || ( $potential_role && $potential_role -> has_cap ( 'edit_users' ) ) )
2009-09-14 15:57:48 +02:00
$user -> role = $new_role ;
2009-01-06 23:00:05 +01:00
// If the new role isn't editable by the logged-in user die with error
$editable_roles = get_editable_roles ();
2010-04-03 10:08:12 +02:00
if ( ! empty ( $new_role ) && empty ( $editable_roles [ $new_role ] ) )
2009-01-06 23:00:05 +01:00
wp_die ( __ ( 'You can’t give users that role.' ));
2007-05-25 09:16:21 +02:00
}
if ( isset ( $_POST [ 'email' ] ))
2009-09-14 15:57:48 +02:00
$user -> user_email = sanitize_text_field ( $_POST [ 'email' ] );
2007-05-25 09:16:21 +02:00
if ( isset ( $_POST [ 'url' ] ) ) {
2009-05-14 00:41:05 +02:00
if ( empty ( $_POST [ 'url' ] ) || $_POST [ 'url' ] == 'http://' ) {
$user -> user_url = '' ;
} else {
2010-02-13 11:35:10 +01:00
$user -> user_url = esc_url_raw ( $_POST [ 'url' ] );
2009-05-14 00:41:05 +02:00
$user -> user_url = preg_match ( '/^(https?|ftps?|mailto|news|irc|gopher|nntp|feed|telnet):/is' , $user -> user_url ) ? $user -> user_url : 'http://' . $user -> user_url ;
}
2007-05-25 09:16:21 +02:00
}
2009-09-14 15:57:48 +02:00
if ( isset ( $_POST [ 'first_name' ] ) )
$user -> first_name = sanitize_text_field ( $_POST [ 'first_name' ] );
if ( isset ( $_POST [ 'last_name' ] ) )
$user -> last_name = sanitize_text_field ( $_POST [ 'last_name' ] );
if ( isset ( $_POST [ 'nickname' ] ) )
$user -> nickname = sanitize_text_field ( $_POST [ 'nickname' ] );
if ( isset ( $_POST [ 'display_name' ] ) )
$user -> display_name = sanitize_text_field ( $_POST [ 'display_name' ] );
if ( isset ( $_POST [ 'description' ] ) )
2007-05-25 09:16:21 +02:00
$user -> description = trim ( $_POST [ 'description' ] );
2009-09-14 15:57:48 +02:00
foreach ( _wp_get_user_contactmethods () as $method => $name ) {
2009-08-06 23:59:52 +02:00
if ( isset ( $_POST [ $method ] ))
2009-09-14 15:57:48 +02:00
$user -> $method = sanitize_text_field ( $_POST [ $method ] );
}
if ( $update ) {
$user -> rich_editing = isset ( $_POST [ 'rich_editing' ] ) && 'false' == $_POST [ 'rich_editing' ] ? 'false' : 'true' ;
$user -> admin_color = isset ( $_POST [ 'admin_color' ] ) ? sanitize_text_field ( $_POST [ 'admin_color' ] ) : 'fresh' ;
2009-08-06 23:59:52 +02:00
}
2007-05-25 09:16:21 +02:00
2009-09-14 15:57:48 +02:00
$user -> comment_shortcuts = isset ( $_POST [ 'comment_shortcuts' ] ) && 'true' == $_POST [ 'comment_shortcuts' ] ? 'true' : '' ;
2008-12-09 19:03:31 +01:00
2008-08-21 19:40:38 +02:00
$user -> use_ssl = 0 ;
if ( ! empty ( $_POST [ 'use_ssl' ]) )
$user -> use_ssl = 1 ;
2007-05-25 09:16:21 +02:00
$errors = new WP_Error ();
/* checking that username has been typed */
if ( $user -> user_login == '' )
$errors -> add ( 'user_login' , __ ( '<strong>ERROR</strong>: Please enter a username.' ));
/* checking the password has been typed twice */
do_action_ref_array ( 'check_passwords' , array ( $user -> user_login , & $pass1 , & $pass2 ));
2007-11-01 07:23:16 +01:00
if ( $update ) {
if ( empty ( $pass1 ) && ! empty ( $pass2 ) )
$errors -> add ( 'pass' , __ ( '<strong>ERROR</strong>: You entered your new password only once.' ), array ( 'form-field' => 'pass1' ) );
elseif ( ! empty ( $pass1 ) && empty ( $pass2 ) )
$errors -> add ( 'pass' , __ ( '<strong>ERROR</strong>: You entered your new password only once.' ), array ( 'form-field' => 'pass2' ) );
2007-05-25 09:16:21 +02:00
} else {
2007-11-01 07:23:16 +01:00
if ( empty ( $pass1 ) )
$errors -> add ( 'pass' , __ ( '<strong>ERROR</strong>: Please enter your password.' ), array ( 'form-field' => 'pass1' ) );
elseif ( empty ( $pass2 ) )
$errors -> add ( 'pass' , __ ( '<strong>ERROR</strong>: Please enter your password twice.' ), array ( 'form-field' => 'pass2' ) );
2007-05-25 09:16:21 +02:00
}
/* Check for "\" in password */
2009-05-12 07:21:32 +02:00
if ( false !== strpos ( stripslashes ( $pass1 ), " \\ " ) )
2007-11-01 07:23:16 +01:00
$errors -> add ( 'pass' , __ ( '<strong>ERROR</strong>: Passwords may not contain the character "\\".' ), array ( 'form-field' => 'pass1' ) );
2007-05-25 09:16:21 +02:00
/* checking the password has been typed twice the same */
if ( $pass1 != $pass2 )
2007-11-01 07:23:16 +01:00
$errors -> add ( 'pass' , __ ( '<strong>ERROR</strong>: Please enter the same password in the two password fields.' ), array ( 'form-field' => 'pass1' ) );
2007-05-25 09:16:21 +02:00
2009-09-14 15:57:48 +02:00
if ( ! empty ( $pass1 ) )
2007-05-25 09:16:21 +02:00
$user -> user_pass = $pass1 ;
2010-05-04 01:46:42 +02:00
if ( ! $update && isset ( $_POST [ 'user_login' ] ) && ! validate_username ( $_POST [ 'user_login' ] ) )
$errors -> add ( 'user_login' , __ ( '<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.' ));
2007-05-25 09:16:21 +02:00
2009-09-14 15:57:48 +02:00
if ( ! $update && username_exists ( $user -> user_login ) )
2007-10-04 21:38:35 +02:00
$errors -> add ( 'user_login' , __ ( '<strong>ERROR</strong>: This username is already registered. Please choose another one.' ));
2007-05-25 09:16:21 +02:00
/* checking e-mail address */
2009-09-14 15:57:48 +02:00
if ( empty ( $user -> user_email ) ) {
2009-04-17 20:43:40 +02:00
$errors -> add ( 'empty_email' , __ ( '<strong>ERROR</strong>: Please enter an e-mail address.' ), array ( 'form-field' => 'email' ) );
2009-09-14 15:57:48 +02:00
} elseif ( ! is_email ( $user -> user_email ) ) {
2009-05-05 06:28:05 +02:00
$errors -> add ( 'invalid_email' , __ ( '<strong>ERROR</strong>: The e-mail address isn’t correct.' ), array ( 'form-field' => 'email' ) );
2009-04-17 20:43:40 +02:00
} elseif ( ( $owner_id = email_exists ( $user -> user_email ) ) && $owner_id != $user -> ID ) {
$errors -> add ( 'email_exists' , __ ( '<strong>ERROR</strong>: This email is already registered, please choose another one.' ), array ( 'form-field' => 'email' ) );
}
2007-05-25 09:16:21 +02:00
2009-09-14 15:57:48 +02:00
// Allow plugins to return their own errors.
2009-05-25 01:47:49 +02:00
do_action_ref_array ( 'user_profile_update_errors' , array ( & $errors , $update , & $user ) );
2007-05-25 09:16:21 +02:00
if ( $errors -> get_error_codes () )
return $errors ;
if ( $update ) {
2009-09-14 15:57:48 +02:00
$user_id = wp_update_user ( get_object_vars ( $user ) );
2007-05-25 09:16:21 +02:00
} else {
2009-09-14 15:57:48 +02:00
$user_id = wp_insert_user ( get_object_vars ( $user ) );
2009-05-14 00:35:17 +02:00
wp_new_user_notification ( $user_id , isset ( $_POST [ 'send_password' ]) ? $pass1 : '' );
2007-05-25 09:16:21 +02:00
}
return $user_id ;
}
2008-10-02 03:03:26 +02:00
/**
* { @ internal Missing Short Description }}
*
* { @ internal Missing Long Description }}
*
* @ since unknown
*
* @ return array List of user IDs .
*/
2007-05-25 09:16:21 +02:00
function get_author_user_ids () {
global $wpdb ;
2010-01-19 00:34:36 +01:00
if ( ! is_multisite () )
2010-01-15 01:21:13 +01:00
$level_key = $wpdb -> get_blog_prefix () . 'user_level' ;
2010-01-19 00:34:36 +01:00
else
2010-01-15 01:21:13 +01:00
$level_key = $wpdb -> get_blog_prefix () . 'capabilities' ; // wpmu site admins don't have user_levels
2010-01-19 00:34:36 +01:00
2008-04-14 18:13:25 +02:00
return $wpdb -> get_col ( $wpdb -> prepare ( " SELECT user_id FROM $wpdb->usermeta WHERE meta_key = %s AND meta_value != '0' " , $level_key ) );
2007-05-25 09:16:21 +02:00
}
2008-10-02 03:03:26 +02:00
/**
* { @ internal Missing Short Description }}
*
* { @ internal Missing Long Description }}
*
* @ since unknown
*
* @ param int $user_id User ID .
* @ return array | bool List of editable authors . False if no editable users .
*/
2007-05-25 09:16:21 +02:00
function get_editable_authors ( $user_id ) {
global $wpdb ;
$editable = get_editable_user_ids ( $user_id );
2010-01-19 00:34:36 +01:00
if ( ! $editable ) {
2007-05-25 09:16:21 +02:00
return false ;
} else {
$editable = join ( ',' , $editable );
$authors = $wpdb -> get_results ( " SELECT * FROM $wpdb->users WHERE ID IN ( $editable ) ORDER BY display_name " );
}
return apply_filters ( 'get_editable_authors' , $authors );
}
2008-10-02 03:03:26 +02:00
/**
* { @ internal Missing Short Description }}
*
* { @ internal Missing Long Description }}
*
* @ since unknown
*
* @ param int $user_id User ID .
* @ param bool $exclude_zeros Optional , default is true . Whether to exclude zeros .
* @ return unknown
*/
2008-11-14 18:13:08 +01:00
function get_editable_user_ids ( $user_id , $exclude_zeros = true , $post_type = 'post' ) {
2007-05-25 09:16:21 +02:00
global $wpdb ;
$user = new WP_User ( $user_id );
2010-02-28 07:38:15 +01:00
$post_type_obj = get_post_type_object ( $post_type );
2007-05-25 09:16:21 +02:00
2010-02-28 07:38:15 +01:00
if ( ! $user -> has_cap ( $post_type_obj -> edit_others_cap ) ) {
2010-04-03 06:38:20 +02:00
if ( $user -> has_cap ( $post_type_obj -> edit_type_cap ) || ! $exclude_zeros )
2007-05-25 09:16:21 +02:00
return array ( $user -> id );
else
2009-06-15 19:48:42 +02:00
return array ();
2007-05-25 09:16:21 +02:00
}
2010-01-19 00:34:36 +01:00
if ( ! is_multisite () )
2010-01-15 01:21:13 +01:00
$level_key = $wpdb -> get_blog_prefix () . 'user_level' ;
2010-01-19 00:34:36 +01:00
else
2010-01-15 01:21:13 +01:00
$level_key = $wpdb -> get_blog_prefix () . 'capabilities' ; // wpmu site admins don't have user_levels
2007-05-25 09:16:21 +02:00
2008-04-14 18:13:25 +02:00
$query = $wpdb -> prepare ( " SELECT user_id FROM $wpdb->usermeta WHERE meta_key = %s " , $level_key );
2007-05-25 09:16:21 +02:00
if ( $exclude_zeros )
$query .= " AND meta_value != '0' " ;
return $wpdb -> get_col ( $query );
}
2009-01-06 23:00:05 +01:00
/**
2009-03-18 03:43:45 +01:00
* Fetch a filtered list of user roles that the current user is
* allowed to edit .
2009-01-06 23:00:05 +01:00
*
2009-03-18 03:43:45 +01:00
* Simple function who ' s main purpose is to allow filtering of the
2009-01-06 23:00:05 +01:00
* list of roles in the $wp_roles object so that plugins can remove
* innappropriate ones depending on the situation or user making edits .
* Specifically because without filtering anyone with the edit_users
* capability can edit others to be administrators , even if they are
* only editors or authors . This filter allows admins to delegate
2009-03-18 03:43:45 +01:00
* user management .
2009-01-06 23:00:05 +01:00
*
* @ since 2.8
*
* @ return unknown
*/
function get_editable_roles () {
global $wp_roles ;
$all_roles = $wp_roles -> roles ;
2009-03-18 03:43:45 +01:00
$editable_roles = apply_filters ( 'editable_roles' , $all_roles );
2009-01-06 23:00:05 +01:00
return $editable_roles ;
}
2008-10-02 03:03:26 +02:00
/**
* { @ internal Missing Short Description }}
*
* { @ internal Missing Long Description }}
*
* @ since unknown
*
* @ return unknown
*/
2007-05-25 09:16:21 +02:00
function get_nonauthor_user_ids () {
global $wpdb ;
2010-01-15 01:21:13 +01:00
2010-01-19 00:34:36 +01:00
if ( ! is_multisite () )
2010-01-15 01:21:13 +01:00
$level_key = $wpdb -> get_blog_prefix () . 'user_level' ;
2010-01-19 00:34:36 +01:00
else
2010-01-15 01:21:13 +01:00
$level_key = $wpdb -> get_blog_prefix () . 'capabilities' ; // wpmu site admins don't have user_levels
2007-05-25 09:16:21 +02:00
2008-04-14 18:13:25 +02:00
return $wpdb -> get_col ( $wpdb -> prepare ( " SELECT user_id FROM $wpdb->usermeta WHERE meta_key = %s AND meta_value = '0' " , $level_key ) );
2007-05-25 09:16:21 +02:00
}
2008-10-02 03:03:26 +02:00
/**
* Retrieve editable posts from other users .
*
* @ since unknown
*
* @ param int $user_id User ID to not retrieve posts from .
* @ param string $type Optional , defaults to 'any' . Post type to retrieve , can be 'draft' or 'pending' .
* @ return array List of posts from others .
*/
2007-06-14 18:24:28 +02:00
function get_others_unpublished_posts ( $user_id , $type = 'any' ) {
2007-05-25 09:16:21 +02:00
global $wpdb ;
$editable = get_editable_user_ids ( $user_id );
2007-06-14 18:24:28 +02:00
if ( in_array ( $type , array ( 'draft' , 'pending' )) )
$type_sql = " post_status = ' $type ' " ;
else
$type_sql = " ( post_status = 'draft' OR post_status = 'pending' ) " ;
2007-06-24 07:58:38 +02:00
$dir = ( 'pending' == $type ) ? 'ASC' : 'DESC' ;
2010-01-19 00:34:36 +01:00
if ( ! $editable ) {
2007-06-14 18:24:28 +02:00
$other_unpubs = '' ;
2007-05-25 09:16:21 +02:00
} else {
$editable = join ( ',' , $editable );
2008-04-14 18:13:25 +02:00
$other_unpubs = $wpdb -> get_results ( $wpdb -> prepare ( " SELECT ID, post_title, post_author FROM $wpdb->posts WHERE post_type = 'post' AND $type_sql AND post_author IN ( $editable ) AND post_author != %d ORDER BY post_modified $dir " , $user_id ) );
2007-05-25 09:16:21 +02:00
}
2007-06-14 18:24:28 +02:00
return apply_filters ( 'get_others_drafts' , $other_unpubs );
}
2008-10-02 03:03:26 +02:00
/**
* Retrieve drafts from other users .
*
* @ since unknown
*
* @ param int $user_id User ID .
* @ return array List of drafts from other users .
*/
2007-06-14 18:24:28 +02:00
function get_others_drafts ( $user_id ) {
return get_others_unpublished_posts ( $user_id , 'draft' );
}
2008-10-02 03:03:26 +02:00
/**
* Retrieve pending review posts from other users .
*
* @ since unknown
*
* @ param int $user_id User ID .
* @ return array List of posts with pending review post type from other users .
*/
2007-06-14 18:24:28 +02:00
function get_others_pending ( $user_id ) {
return get_others_unpublished_posts ( $user_id , 'pending' );
2007-05-25 09:16:21 +02:00
}
2008-10-02 03:03:26 +02:00
/**
* Retrieve user data and filter it .
*
* @ since unknown
*
* @ param int $user_id User ID .
* @ return object WP_User object with user data .
*/
2007-05-25 09:16:21 +02:00
function get_user_to_edit ( $user_id ) {
$user = new WP_User ( $user_id );
2009-08-06 23:59:52 +02:00
$user_contactmethods = _wp_get_user_contactmethods ();
foreach ( $user_contactmethods as $method => $name ) {
2009-09-14 15:57:48 +02:00
if ( empty ( $user -> { $method } ) )
$user -> { $method } = '' ;
2009-08-06 23:59:52 +02:00
}
2009-09-14 15:57:48 +02:00
if ( empty ( $user -> description ) )
$user -> description = '' ;
$user = sanitize_user_object ( $user , 'edit' );
2007-05-25 09:16:21 +02:00
return $user ;
}
2008-10-02 03:03:26 +02:00
/**
* Retrieve the user ' s drafts .
*
* @ since unknown
*
* @ param int $user_id User ID .
* @ return array
*/
2007-05-25 09:16:21 +02:00
function get_users_drafts ( $user_id ) {
global $wpdb ;
2008-04-14 18:13:25 +02:00
$query = $wpdb -> prepare ( " SELECT ID, post_title FROM $wpdb->posts WHERE post_type = 'post' AND post_status = 'draft' AND post_author = %d ORDER BY post_modified DESC " , $user_id );
2007-05-25 09:16:21 +02:00
$query = apply_filters ( 'get_users_drafts' , $query );
return $wpdb -> get_results ( $query );
}
2008-10-02 03:03:26 +02:00
/**
* Remove user and optionally reassign posts and links to another user .
*
* If the $reassign parameter is not assigned to an User ID , then all posts will
* be deleted of that user . The action 'delete_user' that is passed the User ID
* being deleted will be run after the posts are either reassigned or deleted .
* The user meta will also be deleted that are for that User ID .
*
* @ since unknown
*
* @ param int $id User ID .
* @ param int $reassign Optional . Reassign posts and links to new User ID .
* @ return bool True when finished .
*/
2010-01-19 20:23:11 +01:00
function wp_delete_user ( $id , $reassign = 'novalue' ) {
2007-05-25 09:16:21 +02:00
global $wpdb ;
$id = ( int ) $id ;
2009-04-17 04:13:00 +02:00
2009-04-08 21:01:10 +02:00
// allow for transaction statement
do_action ( 'delete_user' , $id );
2007-05-25 09:16:21 +02:00
2010-01-19 20:23:11 +01:00
if ( 'novalue' === $reassign || null === $reassign ) {
2008-04-14 18:13:25 +02:00
$post_ids = $wpdb -> get_col ( $wpdb -> prepare ( " SELECT ID FROM $wpdb->posts WHERE post_author = %d " , $id ) );
2007-05-25 09:16:21 +02:00
2010-01-19 20:23:11 +01:00
if ( $post_ids ) {
foreach ( $post_ids as $post_id )
2007-05-25 09:16:21 +02:00
wp_delete_post ( $post_id );
}
// Clean links
2009-04-17 04:13:00 +02:00
$link_ids = $wpdb -> get_col ( $wpdb -> prepare ( " SELECT link_id FROM $wpdb->links WHERE link_owner = %d " , $id ) );
if ( $link_ids ) {
foreach ( $link_ids as $link_id )
wp_delete_link ( $link_id );
}
2007-05-25 09:16:21 +02:00
} else {
$reassign = ( int ) $reassign ;
2010-01-07 21:13:54 +01:00
$wpdb -> update ( $wpdb -> posts , array ( 'post_author' => $reassign ), array ( 'post_author' => $id ) );
$wpdb -> update ( $wpdb -> links , array ( 'link_owner' => $reassign ), array ( 'link_owner' => $id ) );
2007-05-25 09:16:21 +02:00
}
2010-05-04 01:04:42 +02:00
clean_user_cache ( $id );
2007-05-25 09:16:21 +02:00
// FINALLY, delete user
2010-01-15 01:21:13 +01:00
if ( ! is_multisite () ) {
$wpdb -> query ( $wpdb -> prepare ( " DELETE FROM $wpdb->usermeta WHERE user_id = %d " , $id ) );
$wpdb -> query ( $wpdb -> prepare ( " DELETE FROM $wpdb->users WHERE ID = %d " , $id ) );
} else {
$level_key = $wpdb -> get_blog_prefix () . 'capabilities' ; // wpmu site admins don't have user_levels
$wpdb -> query ( " DELETE FROM $wpdb->usermeta WHERE user_id = $id AND meta_key = ' { $level_key } ' " );
}
2007-05-25 09:16:21 +02:00
2009-04-08 21:01:10 +02:00
// allow for commit transaction
do_action ( 'deleted_user' , $id );
2007-05-25 09:16:21 +02:00
return true ;
}
2008-10-02 03:03:26 +02:00
/**
* Remove all capabilities from user .
*
* @ since unknown
*
* @ param int $id User ID .
*/
2007-05-25 09:16:21 +02:00
function wp_revoke_user ( $id ) {
$id = ( int ) $id ;
$user = new WP_User ( $id );
$user -> remove_all_caps ();
}
2008-01-14 22:55:17 +01:00
if ( ! class_exists ( 'WP_User_Search' ) ) :
2008-10-02 03:03:26 +02:00
/**
* WordPress User Search class .
*
* @ since unknown
*/
2008-01-14 22:55:17 +01:00
class WP_User_Search {
2008-10-02 03:03:26 +02:00
/**
* { @ internal Missing Description }}
*
* @ since unknown
* @ access private
* @ var unknown_type
*/
2008-01-14 22:55:17 +01:00
var $results ;
2008-10-02 03:03:26 +02:00
/**
* { @ internal Missing Description }}
*
* @ since unknown
* @ access private
* @ var unknown_type
*/
2008-01-14 22:55:17 +01:00
var $search_term ;
2008-10-02 03:03:26 +02:00
/**
* Page number .
*
* @ since unknown
* @ access private
* @ var int
*/
2008-01-14 22:55:17 +01:00
var $page ;
2008-10-02 03:03:26 +02:00
/**
* Role name that users have .
*
* @ since unknown
* @ access private
* @ var string
*/
2008-02-16 22:44:50 +01:00
var $role ;
2008-10-02 03:03:26 +02:00
/**
* Raw page number .
*
* @ since unknown
* @ access private
* @ var int | bool
*/
2008-01-14 22:55:17 +01:00
var $raw_page ;
2008-10-02 03:03:26 +02:00
/**
* Amount of users to display per page .
*
* @ since unknown
* @ access public
* @ var int
*/
2008-02-17 21:24:43 +01:00
var $users_per_page = 50 ;
2008-10-02 03:03:26 +02:00
/**
* { @ internal Missing Description }}
*
* @ since unknown
* @ access private
* @ var unknown_type
*/
2008-01-14 22:55:17 +01:00
var $first_user ;
2008-10-02 03:03:26 +02:00
/**
* { @ internal Missing Description }}
*
* @ since unknown
* @ access private
* @ var int
*/
2008-01-14 22:55:17 +01:00
var $last_user ;
2008-10-02 03:03:26 +02:00
/**
* { @ internal Missing Description }}
*
* @ since unknown
* @ access private
2010-02-06 13:35:15 +01:00
* @ var string
2008-10-02 03:03:26 +02:00
*/
2008-01-14 22:55:17 +01:00
var $query_limit ;
2008-10-02 03:03:26 +02:00
/**
* { @ internal Missing Description }}
*
2010-03-26 20:13:36 +01:00
* @ since 3.0 . 0
2008-10-02 03:03:26 +02:00
* @ access private
2010-02-06 13:35:15 +01:00
* @ var string
2008-10-02 03:03:26 +02:00
*/
2010-02-06 13:35:15 +01:00
var $query_orderby ;
2008-10-02 03:03:26 +02:00
/**
* { @ internal Missing Description }}
*
2010-03-26 20:13:36 +01:00
* @ since 3.0 . 0
2008-10-02 03:03:26 +02:00
* @ access private
2010-02-06 13:35:15 +01:00
* @ var string
*/
var $query_from ;
/**
* { @ internal Missing Description }}
*
2010-03-26 20:13:36 +01:00
* @ since 3.0 . 0
2010-02-06 13:35:15 +01:00
* @ access private
* @ var string
2008-10-02 03:03:26 +02:00
*/
2010-02-06 13:35:15 +01:00
var $query_where ;
2008-10-02 03:03:26 +02:00
/**
* { @ internal Missing Description }}
*
* @ since unknown
* @ access private
* @ var int
*/
2008-01-14 22:55:17 +01:00
var $total_users_for_query = 0 ;
2008-10-02 03:03:26 +02:00
/**
* { @ internal Missing Description }}
*
* @ since unknown
* @ access private
* @ var bool
*/
2008-01-14 22:55:17 +01:00
var $too_many_total_users = false ;
2008-10-02 03:03:26 +02:00
/**
* { @ internal Missing Description }}
*
* @ since unknown
* @ access private
* @ var unknown_type
*/
2008-01-14 22:55:17 +01:00
var $search_errors ;
2008-10-02 03:03:26 +02:00
/**
* { @ internal Missing Description }}
*
* @ since unknown
* @ access private
* @ var unknown_type
*/
2008-08-14 19:00:37 +02:00
var $paging_text ;
2008-01-14 22:55:17 +01:00
2008-10-02 03:03:26 +02:00
/**
* PHP4 Constructor - Sets up the object properties .
*
* @ since unknown
*
* @ param string $search_term Search terms string .
* @ param int $page Optional . Page ID .
* @ param string $role Role name .
* @ return WP_User_Search
*/
function WP_User_Search ( $search_term = '' , $page = '' , $role = '' ) {
2008-01-14 22:55:17 +01:00
$this -> search_term = $search_term ;
$this -> raw_page = ( '' == $page ) ? false : ( int ) $page ;
$this -> page = ( int ) ( '' == $page ) ? 1 : $page ;
2008-02-16 22:44:50 +01:00
$this -> role = $role ;
2008-01-14 22:55:17 +01:00
$this -> prepare_query ();
$this -> query ();
$this -> prepare_vars_for_template_usage ();
$this -> do_paging ();
}
2008-10-02 03:03:26 +02:00
/**
* { @ internal Missing Short Description }}
*
* { @ internal Missing Long Description }}
*
* @ since unknown
* @ access public
*/
2008-01-14 22:55:17 +01:00
function prepare_query () {
global $wpdb ;
$this -> first_user = ( $this -> page - 1 ) * $this -> users_per_page ;
2010-02-06 13:35:15 +01:00
2008-04-14 18:13:25 +02:00
$this -> query_limit = $wpdb -> prepare ( " LIMIT %d, %d " , $this -> first_user , $this -> users_per_page );
2010-02-06 13:35:15 +01:00
$this -> query_orderby = ' ORDER BY user_login' ;
2008-02-16 22:44:50 +01:00
$search_sql = '' ;
2008-01-14 22:55:17 +01:00
if ( $this -> search_term ) {
$searches = array ();
$search_sql = 'AND (' ;
foreach ( array ( 'user_login' , 'user_nicename' , 'user_email' , 'user_url' , 'display_name' ) as $col )
$searches [] = $col . " LIKE '% $this->search_term %' " ;
$search_sql .= implode ( ' OR ' , $searches );
$search_sql .= ')' ;
}
2008-03-02 21:17:30 +01:00
2010-02-06 13:35:15 +01:00
$this -> query_from = " FROM $wpdb->users " ;
$this -> query_where = " WHERE 1=1 $search_sql " ;
2010-01-19 00:34:36 +01:00
if ( $this -> role ) {
2010-02-06 13:35:15 +01:00
$this -> query_from .= " INNER JOIN $wpdb->usermeta ON $wpdb->users .ID = $wpdb->usermeta .user_id " ;
$this -> query_where .= $wpdb -> prepare ( " AND $wpdb->usermeta .meta_key = ' { $wpdb -> prefix } capabilities' AND $wpdb->usermeta .meta_value LIKE %s " , '%' . $this -> role . '%' );
} elseif ( is_multisite () ) {
2010-04-02 19:23:36 +02:00
$level_key = $wpdb -> prefix . 'capabilities' ; // wpmu site admins don't have user_levels
2010-02-06 13:35:15 +01:00
$this -> query_from .= " , $wpdb->usermeta " ;
$this -> query_where .= " AND $wpdb->users .ID = $wpdb->usermeta .user_id AND meta_key = ' { $level_key } ' " ;
2010-01-15 01:21:13 +01:00
}
2008-01-14 22:55:17 +01:00
2010-02-06 13:35:15 +01:00
do_action_ref_array ( 'pre_user_search' , array ( & $this ) );
2008-01-14 22:55:17 +01:00
}
2008-10-02 03:03:26 +02:00
/**
* { @ internal Missing Short Description }}
*
* { @ internal Missing Long Description }}
*
* @ since unknown
* @ access public
*/
2008-01-14 22:55:17 +01:00
function query () {
global $wpdb ;
2010-02-06 13:35:15 +01:00
$this -> results = $wpdb -> get_col ( " SELECT DISTINCT( $wpdb->users .ID) " . $this -> query_from . $this -> query_where . $this -> query_orderby . $this -> query_limit );
2008-01-14 22:55:17 +01:00
if ( $this -> results )
2010-02-06 13:35:15 +01:00
$this -> total_users_for_query = $wpdb -> get_var ( " SELECT COUNT(DISTINCT( $wpdb->users .ID)) " . $this -> query_from . $this -> query_where ); // no limit
2008-01-14 22:55:17 +01:00
else
$this -> search_errors = new WP_Error ( 'no_matching_users_found' , __ ( 'No matching users were found!' ));
}
2008-10-02 03:03:26 +02:00
/**
* { @ internal Missing Short Description }}
*
* { @ internal Missing Long Description }}
*
* @ since unknown
* @ access public
*/
2008-01-14 22:55:17 +01:00
function prepare_vars_for_template_usage () {
$this -> search_term = stripslashes ( $this -> search_term ); // done with DB, from now on we want slashes gone
}
2008-10-02 03:03:26 +02:00
/**
* { @ internal Missing Short Description }}
*
* { @ internal Missing Long Description }}
*
* @ since unknown
* @ access public
*/
2008-01-14 22:55:17 +01:00
function do_paging () {
if ( $this -> total_users_for_query > $this -> users_per_page ) { // have to page the results
2008-06-25 19:02:17 +02:00
$args = array ();
if ( ! empty ( $this -> search_term ) )
$args [ 'usersearch' ] = urlencode ( $this -> search_term );
if ( ! empty ( $this -> role ) )
$args [ 'role' ] = urlencode ( $this -> role );
2008-01-14 22:55:17 +01:00
$this -> paging_text = paginate_links ( array (
'total' => ceil ( $this -> total_users_for_query / $this -> users_per_page ),
'current' => $this -> page ,
'base' => 'users.php?%_%' ,
'format' => 'userspage=%#%' ,
2008-06-25 19:02:17 +02:00
'add_args' => $args
2008-01-14 22:55:17 +01:00
) );
2008-11-06 22:56:29 +01:00
if ( $this -> paging_text ) {
2008-11-10 18:42:51 +01:00
$this -> paging_text = sprintf ( '<span class="displaying-num">' . __ ( 'Displaying %s–%s of %s' ) . '</span>%s' ,
2008-11-06 22:56:29 +01:00
number_format_i18n ( ( $this -> page - 1 ) * $this -> users_per_page + 1 ),
number_format_i18n ( min ( $this -> page * $this -> users_per_page , $this -> total_users_for_query ) ),
number_format_i18n ( $this -> total_users_for_query ),
$this -> paging_text
);
}
2008-01-14 22:55:17 +01:00
}
}
2008-10-02 03:03:26 +02:00
/**
* { @ internal Missing Short Description }}
*
* { @ internal Missing Long Description }}
*
* @ since unknown
* @ access public
*
* @ return unknown
*/
2008-01-14 22:55:17 +01:00
function get_results () {
return ( array ) $this -> results ;
}
2008-10-02 03:03:26 +02:00
/**
* Displaying paging text .
*
* @ see do_paging () Builds paging text .
*
* @ since unknown
* @ access public
*/
2008-01-14 22:55:17 +01:00
function page_links () {
echo $this -> paging_text ;
}
2008-10-02 03:03:26 +02:00
/**
* Whether paging is enabled .
*
* @ see do_paging () Builds paging text .
*
* @ since unknown
* @ access public
*
* @ return bool
*/
2008-01-14 22:55:17 +01:00
function results_are_paged () {
if ( $this -> paging_text )
return true ;
return false ;
}
2008-10-02 03:03:26 +02:00
/**
* Whether there are search terms .
*
* @ since unknown
* @ access public
*
* @ return bool
*/
2008-01-14 22:55:17 +01:00
function is_search () {
if ( $this -> search_term )
return true ;
return false ;
}
}
endif ;
2009-05-03 19:06:29 +02:00
add_action ( 'admin_init' , 'default_password_nag_handler' );
2009-05-06 18:19:40 +02:00
function default_password_nag_handler ( $errors = false ) {
global $user_ID ;
2010-02-06 07:20:38 +01:00
if ( ! get_user_option ( 'default_password_nag' ) ) //Short circuit it.
2009-05-06 18:19:40 +02:00
return ;
//get_user_setting = JS saved UI setting. else no-js-falback code.
2009-05-25 01:47:49 +02:00
if ( 'hide' == get_user_setting ( 'default_password_nag' ) || isset ( $_GET [ 'default_password_nag' ]) && '0' == $_GET [ 'default_password_nag' ] ) {
2009-05-03 19:06:29 +02:00
delete_user_setting ( 'default_password_nag' );
2010-02-06 07:20:38 +01:00
update_user_option ( $user_ID , 'default_password_nag' , false , true );
2009-05-03 19:06:29 +02:00
}
}
2009-05-06 18:19:40 +02:00
add_action ( 'profile_update' , 'default_password_nag_edit_user' , 10 , 2 );
function default_password_nag_edit_user ( $user_ID , $old_data ) {
global $user_ID ;
2010-02-06 07:20:38 +01:00
if ( ! get_user_option ( 'default_password_nag' ) ) //Short circuit it.
2009-05-06 18:19:40 +02:00
return ;
$new_data = get_userdata ( $user_ID );
if ( $new_data -> user_pass != $old_data -> user_pass ) { //Remove the nag if the password has been changed.
delete_user_setting ( 'default_password_nag' );
2010-02-06 07:20:38 +01:00
update_user_option ( $user_ID , 'default_password_nag' , false , true );
2009-05-06 18:19:40 +02:00
}
}
2009-05-03 19:06:29 +02:00
add_action ( 'admin_notices' , 'default_password_nag' );
function default_password_nag () {
2010-02-06 07:20:38 +01:00
if ( ! get_user_option ( 'default_password_nag' ) ) //Short circuit it.
2009-05-03 19:06:29 +02:00
return ;
2010-04-20 19:15:07 +02:00
echo '<div class="error default-password-nag">' ;
echo '<p>' ;
echo '<strong>' . __ ( 'Notice:' ) . '</strong> ' ;
_e ( 'You’re using the auto-generated password for your account. Would you like to change it to something you’ll remember easier?' );
2010-04-27 23:57:18 +02:00
echo '</p><p>' ;
printf ( '<a href="%s">' . __ ( 'Yes, take me to my profile page' ) . '</a> | ' , admin_url ( 'profile.php' ) . '#password' );
printf ( '<a href="%s" id="default-password-nag-no">' . __ ( 'No thanks, do not remind me again' ) . '</a>' , '?default_password_nag=0' );
2009-05-03 19:06:29 +02:00
echo '</p></div>' ;
}
2009-05-14 00:41:05 +02:00
?>