diff --git a/wp-includes/capabilities.php b/wp-includes/capabilities.php index 6bcb0c6e81..b4e8df0cc6 100644 --- a/wp-includes/capabilities.php +++ b/wp-includes/capabilities.php @@ -102,16 +102,25 @@ class WP_Role { class WP_User { var $data; - var $id; - var $caps; + var $id = 0; + var $caps = array(); var $cap_key; - var $roles; - var $allcaps; + var $roles = array(); + var $allcaps = array(); function WP_User($id) { global $wp_roles, $table_prefix; - $this->id = $id; - $this->data = get_userdata($id); + + if ( is_numeric($id) ) { + $this->data = get_userdata($id); + } else { + $this->data = get_userdatabylogin($id); + } + + if ( empty($this->data->ID) ) + return; + + $this->id = $this->data->ID; $this->cap_key = $table_prefix . 'capabilities'; $this->caps = &$this->data->{$this->cap_key}; $this->get_role_caps(); @@ -140,8 +149,9 @@ class WP_User { } function remove_role($role) { - if(!empty($this->roles[$role]) && (count($this->roles) > 1)) - unset($this->caps[$cap]); + if ( empty($this->roles[$role]) || (count($this->roles) <= 1) ) + return; + unset($this->caps[$role]); update_usermeta($this->id, $this->cap_key, $this->caps); $this->get_role_caps(); } @@ -177,7 +187,7 @@ class WP_User { } function remove_cap($cap) { - if(!empty($this->roles[$role])) return; + if ( empty($this->roles[$cap]) ) return; unset($this->caps[$cap]); update_usermeta($this->id, $this->cap_key, $this->caps); } diff --git a/wp-includes/functions-post.php b/wp-includes/functions-post.php index c078ffd3dd..2ed81e4b83 100644 --- a/wp-includes/functions-post.php +++ b/wp-includes/functions-post.php @@ -532,6 +532,7 @@ function wp_new_comment( $commentdata, $spam = false ) { if ( $user_id ) { $userdata = get_userdata($user_id); + $user = new WP_User($user_id); $post_author = $wpdb->get_var("SELECT post_author FROM $wpdb->posts WHERE ID = '$comment_post_ID' LIMIT 1"); } @@ -552,7 +553,7 @@ function wp_new_comment( $commentdata, $spam = false ) { } } - if ( $userdata && ( $user_id == $post_author || $userdata->user_level >= 9 ) ) { + if ( $userdata && ( $user_id == $post_author || $user->has_cap('level_9') ) ) { $approved = 1; } else { if ( check_comment($author, $email, $url, $comment, $user_ip, $user_agent, $comment_type) ) diff --git a/wp-includes/registration-functions.php b/wp-includes/registration-functions.php index 9299d01757..b9b8ce808d 100644 --- a/wp-includes/registration-functions.php +++ b/wp-includes/registration-functions.php @@ -26,6 +26,9 @@ function create_user( $username, $password, $email, $user_level ) { $user_level = (int) $user_level; update_usermeta( $user_id, $wpdb->prefix . 'user_level', $user_level); + $user = new WP_User($user_id); + $user->set_role(get_settings('default_role')); + return $user_id; } diff --git a/wp-login.php b/wp-login.php index 31b2b6e672..f85452116d 100644 --- a/wp-login.php +++ b/wp-login.php @@ -176,8 +176,9 @@ default: do_action('wp_authenticate', array(&$user_login, &$user_pass)); if ($user_login && $user_pass) { - $user = get_userdatabylogin($user_login); - if ( 0 == $user->user_level ) + $user = new WP_User($user_login); + // If the user can't edit posts, send them to their profile. + if ( ! $user->has_cap('edit_posts') ) $redirect_to = get_settings('siteurl') . '/wp-admin/profile.php'; if ( wp_login($user_login, $user_pass, $using_cookie) ) { diff --git a/xmlrpc.php b/xmlrpc.php index a00abc0199..b17a8de858 100644 --- a/xmlrpc.php +++ b/xmlrpc.php @@ -157,8 +157,8 @@ class wp_xmlrpc_server extends IXR_Server { return $this->error; } - $user_data = get_userdatabylogin($user_login); - $is_admin = $user_data->user_level > 3; + $user = new WP_User($user_login); + $is_admin = $user->has_cap('level_8'); $struct = array( 'isAdmin' => $is_admin, @@ -295,10 +295,9 @@ class wp_xmlrpc_server extends IXR_Server { return $this->error; } - $user_data = get_userdatabylogin($user_login); - - if ($user_data->user_level < 3) { - return new IXR_Error(401, 'Sorry, users whose level is less than 3, can not edit the template.'); + $user = new WP_User($user_login); + if ( !$user->has_cap('edit_themes') ) { + return new IXR_Error(401, 'Sorry, this user can not edit the template.'); } /* warning: here we make the assumption that the weblog's URI is on the same server */ @@ -331,10 +330,9 @@ class wp_xmlrpc_server extends IXR_Server { return $this->error; } - $user_data = get_userdatabylogin($user_login); - - if ($user_data->user_level < 3) { - return new IXR_Error(401, 'Sorry, users whose level is less than 3, can not edit the template.'); + $user = new WP_User($user_login); + if ( !$user->has_cap('edit_themes') ) { + return new IXR_Error(401, 'Sorry, this user can not edit the template.'); } /* warning: here we make the assumption that the weblog's URI is on the same server */ @@ -849,9 +847,9 @@ class wp_xmlrpc_server extends IXR_Server { return $this->error; } - if(get_settings('fileupload_minlevel') > $user_data->user_level) { - // User has not enough privileges - logIO('O', '(MW) Not enough privilege: user level too low'); + $user = new WP_User($user_login); + if ( !$user->has_cap('upload_files') ) { + logIO('O', '(MW) User does not have upload_files capability'); $this->error = new IXR_Error(401, 'You are not allowed to upload files to this site.'); return $this->error; }