' . __( 'You need a higher level of permission.' ) . '' . '
' . __( 'Sorry, you are not allowed to list users.' ) . '
', 403 ); } $wp_list_table = _get_list_table( 'WP_Users_List_Table' ); $pagenum = $wp_list_table->get_pagenum(); // Used in the HTML title tag. $title = __( 'Users' ); $parent_file = 'users.php'; add_screen_option( 'per_page' ); // Contextual help - choose Help on the top right of admin panel to preview this. get_current_screen()->add_help_tab( array( 'id' => 'overview', 'title' => __( 'Overview' ), 'content' => '' . __( 'This screen lists all the existing users for your site. Each user has one of five defined roles as set by the site admin: Site Administrator, Editor, Author, Contributor, or Subscriber. Users with roles other than Administrator will see fewer options in the dashboard navigation when they are logged in, based on their role.' ) . '
' . '' . __( 'To add a new user for your site, click the Add New User button at the top of the screen or Add New User in the Users menu section.' ) . '
', ) ); get_current_screen()->add_help_tab( array( 'id' => 'screen-content', 'title' => __( 'Screen Content' ), 'content' => '' . __( 'You can customize the display of this screen in a number of ways:' ) . '
' . '' . __( 'Hovering over a row in the users list will display action links that allow you to manage users. You can perform the following actions:' ) . '
' . '' . __( 'For more information:' ) . '
' . '' . __( 'Documentation on Managing Users' ) . '
' . '' . __( 'Descriptions of Roles and Capabilities' ) . '
' . '' . __( 'Support forums' ) . '
' ); get_current_screen()->set_screen_reader_content( array( 'heading_views' => __( 'Filter users list' ), 'heading_pagination' => __( 'Users list navigation' ), 'heading_list' => __( 'Users list' ), ) ); if ( empty( $_REQUEST ) ) { $referer = ''; } elseif ( isset( $_REQUEST['wp_http_referer'] ) ) { $redirect = remove_query_arg( array( 'wp_http_referer', 'updated', 'delete_count' ), wp_unslash( $_REQUEST['wp_http_referer'] ) ); $referer = ''; } else { $redirect = 'users.php'; $referer = ''; } $update = ''; switch ( $wp_list_table->current_action() ) { /* Bulk Dropdown menu Role changes */ case 'promote': check_admin_referer( 'bulk-users' ); if ( ! current_user_can( 'promote_users' ) ) { wp_die( __( 'Sorry, you are not allowed to edit this user.' ), 403 ); } if ( empty( $_REQUEST['users'] ) ) { wp_redirect( $redirect ); exit; } $editable_roles = get_editable_roles(); $role = $_REQUEST['new_role']; // Mocking the `none` role so we are able to save it to the database $editable_roles['none'] = array( 'name' => __( '— No role for this site —' ), ); if ( ! $role || empty( $editable_roles[ $role ] ) ) { wp_die( __( 'Sorry, you are not allowed to give users that role.' ), 403 ); } if ( 'none' === $role ) { $role = ''; } $user_ids = array_map( 'intval', (array) $_REQUEST['users'] ); $update = 'promote'; foreach ( $user_ids as $id ) { if ( ! current_user_can( 'promote_user', $id ) ) { wp_die( __( 'Sorry, you are not allowed to edit this user.' ), 403 ); } // The new role of the current user must also have the promote_users cap or be a multisite super admin. if ( $id === $current_user->ID && ! $wp_roles->role_objects[ $role ]->has_cap( 'promote_users' ) && ! ( is_multisite() && current_user_can( 'manage_network_users' ) ) ) { $update = 'err_admin_role'; continue; } // If the user doesn't already belong to the blog, bail. if ( is_multisite() && ! is_user_member_of_blog( $id ) ) { wp_die( '' . __( 'One of the selected users is not a member of this site.' ) . '
', 403 ); } $user = get_userdata( $id ); $user->set_role( $role ); } wp_redirect( add_query_arg( 'update', $update, $redirect ) ); exit; case 'dodelete': if ( is_multisite() ) { wp_die( __( 'User deletion is not allowed from this screen.' ), 400 ); } check_admin_referer( 'delete-users' ); if ( empty( $_REQUEST['users'] ) ) { wp_redirect( $redirect ); exit; } $user_ids = array_map( 'intval', (array) $_REQUEST['users'] ); if ( empty( $_REQUEST['delete_option'] ) ) { $url = self_admin_url( 'users.php?action=delete&users[]=' . implode( '&users[]=', $user_ids ) . '&error=true' ); $url = str_replace( '&', '&', wp_nonce_url( $url, 'bulk-users' ) ); wp_redirect( $url ); exit; } if ( ! current_user_can( 'delete_users' ) ) { wp_die( __( 'Sorry, you are not allowed to delete users.' ), 403 ); } $update = 'del'; $delete_count = 0; foreach ( $user_ids as $id ) { if ( ! current_user_can( 'delete_user', $id ) ) { wp_die( __( 'Sorry, you are not allowed to delete that user.' ), 403 ); } if ( $id === $current_user->ID ) { $update = 'err_admin_del'; continue; } switch ( $_REQUEST['delete_option'] ) { case 'delete': wp_delete_user( $id ); break; case 'reassign': wp_delete_user( $id, $_REQUEST['reassign_user'] ); break; } ++$delete_count; } $redirect = add_query_arg( array( 'delete_count' => $delete_count, 'update' => $update, ), $redirect ); wp_redirect( $redirect ); exit; case 'resetpassword': check_admin_referer( 'bulk-users' ); if ( ! current_user_can( 'edit_users' ) ) { $errors = new WP_Error( 'edit_users', __( 'Sorry, you are not allowed to edit users.' ) ); } if ( empty( $_REQUEST['users'] ) ) { wp_redirect( $redirect ); exit(); } $user_ids = array_map( 'intval', (array) $_REQUEST['users'] ); $reset_count = 0; foreach ( $user_ids as $id ) { if ( ! current_user_can( 'edit_user', $id ) ) { wp_die( __( 'Sorry, you are not allowed to edit this user.' ) ); } if ( $id === $current_user->ID ) { $update = 'err_admin_reset'; continue; } // Send the password reset link. $user = get_userdata( $id ); if ( true === retrieve_password( $user->user_login ) ) { ++$reset_count; } } $redirect = add_query_arg( array( 'reset_count' => $reset_count, 'update' => 'resetpassword', ), $redirect ); wp_redirect( $redirect ); exit; case 'delete': if ( is_multisite() ) { wp_die( __( 'User deletion is not allowed from this screen.' ), 400 ); } check_admin_referer( 'bulk-users' ); if ( empty( $_REQUEST['users'] ) && empty( $_REQUEST['user'] ) ) { wp_redirect( $redirect ); exit; } if ( ! current_user_can( 'delete_users' ) ) { $errors = new WP_Error( 'edit_users', __( 'Sorry, you are not allowed to delete users.' ) ); } if ( empty( $_REQUEST['users'] ) ) { $user_ids = array( (int) $_REQUEST['user'] ); } else { $user_ids = array_map( 'intval', (array) $_REQUEST['users'] ); } $all_user_ids = $user_ids; if ( in_array( $current_user->ID, $user_ids, true ) ) { $user_ids = array_diff( $user_ids, array( $current_user->ID ) ); } /** * Filters whether the users being deleted have additional content * associated with them outside of the `post_author` and `link_owner` relationships. * * @since 5.2.0 * * @param bool $users_have_additional_content Whether the users have additional content. Default false. * @param int[] $user_ids Array of IDs for users being deleted. */ $users_have_content = (bool) apply_filters( 'users_have_additional_content', false, $user_ids ); if ( $user_ids && ! $users_have_content ) { if ( $wpdb->get_var( "SELECT ID FROM {$wpdb->posts} WHERE post_author IN( " . implode( ',', $user_ids ) . ' ) LIMIT 1' ) ) { $users_have_content = true; } elseif ( $wpdb->get_var( "SELECT link_id FROM {$wpdb->links} WHERE link_owner IN( " . implode( ',', $user_ids ) . ' ) LIMIT 1' ) ) { $users_have_content = true; } } if ( $users_have_content ) { add_action( 'admin_head', 'delete_users_add_js' ); } require_once ABSPATH . 'wp-admin/admin-header.php'; ?> $update ), $redirect ); wp_redirect( $redirect ); exit; case 'remove': check_admin_referer( 'bulk-users' ); if ( ! is_multisite() ) { wp_die( __( 'You cannot remove users.' ), 400 ); } if ( empty( $_REQUEST['users'] ) && empty( $_REQUEST['user'] ) ) { wp_redirect( $redirect ); exit; } if ( ! current_user_can( 'remove_users' ) ) { $error = new WP_Error( 'edit_users', __( 'Sorry, you are not allowed to remove users.' ) ); } if ( empty( $_REQUEST['users'] ) ) { $user_ids = array( (int) $_REQUEST['user'] ); } else { $user_ids = array_map( 'intval', (array) $_REQUEST['users'] ); } require_once ABSPATH . 'wp-admin/admin-header.php'; ?> current_action() && ! empty( $_REQUEST['users'] ) ) { $screen = get_current_screen()->id; $sendback = wp_get_referer(); $user_ids = array_map( 'intval', (array) $_REQUEST['users'] ); /** This action is documented in wp-admin/edit.php */ $sendback = apply_filters( "handle_bulk_actions-{$screen}", $sendback, $wp_list_table->current_action(), $user_ids ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores wp_safe_redirect( $sendback ); exit; } $wp_list_table->prepare_items(); $total_pages = $wp_list_table->get_pagination_arg( 'total_pages' ); if ( $pagenum > $total_pages && $total_pages > 0 ) { wp_redirect( add_query_arg( 'paged', $total_pages ) ); exit; } require_once ABSPATH . 'wp-admin/admin-header.php'; $messages = array(); if ( isset( $_GET['update'] ) ) : switch ( $_GET['update'] ) { case 'del': case 'del_many': $delete_count = isset( $_GET['delete_count'] ) ? (int) $_GET['delete_count'] : 0; if ( 1 === $delete_count ) { $message = __( 'User deleted.' ); } else { /* translators: %s: Number of users. */ $message = _n( '%s user deleted.', '%s users deleted.', $delete_count ); } $message = sprintf( $message, number_format_i18n( $delete_count ) ); $messages[] = wp_get_admin_notice( $message, array( 'id' => 'message', 'additional_classes' => array( 'updated' ), 'dismissible' => true, ) ); break; case 'add': $message = __( 'New user created.' ); $user_id = isset( $_GET['id'] ) ? $_GET['id'] : false; if ( $user_id && current_user_can( 'edit_user', $user_id ) ) { $message .= sprintf( ' %2$s', esc_url( add_query_arg( 'wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), self_admin_url( 'user-edit.php?user_id=' . $user_id ) ) ), __( 'Edit user' ) ); } $messages[] = wp_get_admin_notice( $message, array( 'id' => 'message', 'additional_classes' => array( 'updated' ), 'dismissible' => true, ) ); break; case 'resetpassword': $reset_count = isset( $_GET['reset_count'] ) ? (int) $_GET['reset_count'] : 0; if ( 1 === $reset_count ) { $message = __( 'Password reset link sent.' ); } else { /* translators: %s: Number of users. */ $message = _n( 'Password reset links sent to %s user.', 'Password reset links sent to %s users.', $reset_count ); } $message = sprintf( $message, number_format_i18n( $reset_count ) ); $messages[] = wp_get_admin_notice( $message, array( 'id' => 'message', 'additional_classes' => array( 'updated' ), 'dismissible' => true, ) ); break; case 'promote': $messages[] = wp_get_admin_notice( __( 'Changed roles.' ), array( 'id' => 'message', 'additional_classes' => array( 'updated' ), 'dismissible' => true, ) ); break; case 'err_admin_role': $messages[] = wp_get_admin_notice( __( 'The current user’s role must have user editing capabilities.' ), array( 'id' => 'message', 'additional_classes' => array( 'error' ), 'dismissible' => true, ) ); $messages[] = wp_get_admin_notice( __( 'Other user roles have been changed.' ), array( 'id' => 'message', 'additional_classes' => array( 'updated' ), 'dismissible' => true, ) ); break; case 'err_admin_del': $messages[] = wp_get_admin_notice( __( 'You cannot delete the current user.' ), array( 'id' => 'message', 'additional_classes' => array( 'error' ), 'dismissible' => true, ) ); $messages[] = wp_get_admin_notice( __( 'Other users have been deleted.' ), array( 'id' => 'message', 'additional_classes' => array( 'updated' ), 'dismissible' => true, ) ); break; case 'remove': $messages[] = wp_get_admin_notice( __( 'User removed from this site.' ), array( 'id' => 'message', 'additional_classes' => array( 'updated', 'fade' ), 'dismissible' => true, ) ); break; case 'err_admin_remove': $messages[] = wp_get_admin_notice( __( 'You cannot remove the current user.' ), array( 'id' => 'message', 'additional_classes' => array( 'error' ), 'dismissible' => true, ) ); $messages[] = wp_get_admin_notice( __( 'Other users have been removed.' ), array( 'id' => 'message', 'additional_classes' => array( 'updated', 'fade' ), 'dismissible' => true, ) ); break; } endif; ?> get_error_messages() as $err ) { $error_message .= "