/**
* @group xprofile_set_field_data
* @ticket BP5836
*/
public function test_xprofile_sync_bp_profile_new_user()
{
$post_vars = $_POST;
$_POST = array('user_login' => 'foobar', 'pass1' => 'password', 'pass2' => 'password', 'role' => 'subscriber', 'email' => '*****@*****.**', 'first_name' => 'Foo', 'last_name' => 'Bar');
$id = add_user();
$display_name = 'Bar Foo';
$_POST = array('display_name' => $display_name, 'email' => '*****@*****.**', 'nickname' => 'foobar');
$id = edit_user($id);
// clean up post vars
$_POST = $post_vars;
$this->assertEquals($display_name, xprofile_get_field_data(bp_xprofile_fullname_field_id(), $id));
}
/**
* Creates a new user from the "Users" form using $_POST information.
*
* It seems that the first half is for backwards compatibility, but only
* has the ability to alter the user's role. WordPress core seems to
* use this function only in the second way, running edit_user() with
* no id so as to create a new user.
*
* @since 2.0
*
* @param int $user_id Optional. User ID.
* @return null|WP_Error|int Null when adding user, WP_Error or User ID integer when no parameters.
*/
function add_user()
{
if (func_num_args()) {
// The hackiest hack that ever did hack
global $current_user, $wp_roles;
$user_id = (int) func_get_arg(0);
if (isset($_POST['role'])) {
$new_role = sanitize_text_field($_POST['role']);
// Don't let anyone with 'edit_users' (admins) edit their own role to something without it.
if ($user_id != $current_user->id || $wp_roles->role_objects[$new_role]->has_cap('edit_users')) {
// If the new role isn't editable by the logged-in user die with error
$editable_roles = get_editable_roles();
if (empty($editable_roles[$new_role])) {
wp_die(__('You can’t give users that role.'));
}
$user = new WP_User($user_id);
$user->set_role($new_role);
}
}
} else {
add_action('user_register', 'add_user');
// See above
return edit_user();
}
}
function rcl_edit_profile()
{
global $user_ID;
if (!wp_verify_nonce($_POST['_wpnonce'], 'update-profile_' . $user_ID)) {
return false;
}
//if(isset($_POST['pass1'])) $_POST['pass1'] = str_replace('\\\\','\\',$_POST['pass1']);
if (defined('ABSPATH')) {
require_once ABSPATH . 'wp-admin/includes/user.php';
} else {
require_once '../wp-admin/includes/user.php';
}
//require_once( ABSPATH . WPINC . '/registration.php' );
//echo $_POST['pass1'];exit;
$redirect_url = rcl_format_url(get_author_posts_url($user_ID), 'profile') . '&updated=true';
$args = array('hide_empty' => false);
$allterms = get_terms('category', $args);
rcl_update_profile_fields($user_ID);
check_admin_referer('update-profile_' . $user_ID);
$errors = edit_user($user_ID);
if (is_wp_error($errors)) {
foreach ($errors->get_error_messages() as $message) {
$errmsg = "{$message}";
}
}
if (isset($errmsg)) {
wp_die($errmsg);
}
do_action('personal_options_update', $user_ID);
wp_redirect($redirect_url);
}
function wpu_check_for_action()
{
global $user_ID, $wp_version;
if (isset($_GET['wpu_action'])) {
if ('activate' == $_GET['wpu_action']) {
check_admin_referer('wp-united-switch-theme_' . $_GET['template']);
if (isset($_GET['template'])) {
update_usermeta($user_ID, 'WPU_MyTemplate', $_GET['template']);
}
if (isset($_GET['stylesheet'])) {
update_usermeta($user_ID, 'WPU_MyStylesheet', $_GET['stylesheet']);
}
$wpuConnSettings = get_settings('wputd_connection');
wp_redirect('admin.php?page=' . $wpuConnSettings['full_path_to_plugin'] . '&activated=true&wputab=themes');
exit;
} elseif ('update-blog-profile' == $_GET['wpu_action']) {
check_admin_referer('update-blog-profile_' . $user_ID);
$errors = edit_user($user_ID);
//$errors behaves differently post-WP 2.1
if ((double) $wp_version >= 2.1) {
//WordPress >= 2.1
if (is_wp_error($errors)) {
foreach ($errors->get_error_messages() as $message) {
echo "<li>{$message}</li>";
}
}
} else {
//WP 2.0x
if (is_array($errors)) {
if (count($errors) != 0) {
foreach ($errors as $id => $error) {
echo $error . '<br/>';
}
exit;
}
}
}
if (!isset($_POST['rich_editing'])) {
$_POST['rich_editing'] = 'false';
}
update_user_option($current_user->id, 'rich_editing', $_POST['rich_editing'], true);
//
// UPDATE BLOG DETAILS
//
$blog_title = __('My Blog');
$blog_tagline = __('My description will go here');
if (isset($_POST['blog_title'])) {
$blog_title = wp_specialchars(trim($_POST['blog_title']));
}
if (isset($_POST['blog_tagline'])) {
$blog_tagline = wp_specialchars(trim($_POST['blog_tagline']));
}
update_usermeta($user_ID, 'blog_title', $blog_title);
update_usermeta($user_ID, 'blog_tagline', $blog_tagline);
$wpuConnSettings = get_settings('wputd_connection');
wp_redirect('admin.php?page=' . $wpuConnSettings['full_path_to_plugin'] . '&updated=true&wputab=bset');
exit;
}
}
}
function update()
{
if (!isset($_POST['action']) || 'app-edit-profile' != $_POST['action']) {
return;
}
check_admin_referer('app-edit-profile');
require ABSPATH . '/wp-admin/includes/user.php';
$r = edit_user($_POST['user_id']);
if (is_wp_error($r)) {
$this->error = $r->get_error_message();
} else {
wp_redirect('./?updated=true');
exit;
}
}
function add_user() {
if ( func_num_args() ) { // The hackiest hack that ever did hack
global $current_user, $wp_roles;
$user_id = (int) func_get_arg( 0 );
if ( isset( $_POST['role'] ) ) {
if( $user_id != $current_user->id || $wp_roles->role_objects[$_POST['role']]->has_cap( 'edit_users' ) ) {
$user = new WP_User( $user_id );
$user->set_role( $_POST['role'] );
}
}
} else {
add_action( 'user_register', 'add_user' ); // See above
return edit_user();
}
}
function update()
{
if (!isset($_POST['action']) || 'app-edit-profile' != $_POST['action']) {
return;
}
check_admin_referer('app-edit-profile');
require ABSPATH . '/wp-admin/includes/user.php';
$r = edit_user($_POST['user_id']);
if (is_wp_error($r)) {
$this->errors = $r;
} else {
do_action('personal_options_update', $_POST['user_id']);
appthemes_add_notice('updated-profile', __('Your profile has been updated.', APP_TD), 'success');
$redirect_url = add_query_arg(array('updated' => 'true'));
wp_redirect($redirect_url);
exit;
}
}
/**
* Edits the user
*
* @wp-hook uf_profile
* @return void
*/
function uf_perform_profile_edit()
{
// get user id
$user_id = get_current_user_id();
// perform profile actions for plugins
do_action('personal_options_update', $user_id);
// edit user
if (!function_exists('edit_user')) {
require_once ABSPATH . '/wp-admin/includes/user.php';
}
$errors = edit_user($user_id);
// check for errors (mainly password)
if (!is_wp_error($errors)) {
$message = 'updated';
} else {
$message = $errors->get_error_code();
}
// set the filter
$url = home_url('/user-profile/?message=' . $message);
$url = apply_filters('uf_perform_profile_edit_redirect_url', $url, $message);
wp_safe_redirect($url);
exit;
}
/**
* Ajax handler for adding a user.
*
* @since 3.1.0
*
* @global WP_List_Table $wp_list_table
*
* @param string $action Action to perform.
*/
function wp_ajax_add_user($action)
{
global $wp_list_table;
if (empty($action)) {
$action = 'add-user';
}
check_ajax_referer($action);
if (!current_user_can('create_users')) {
wp_die(-1);
}
if (!($user_id = edit_user())) {
wp_die(0);
} elseif (is_wp_error($user_id)) {
$x = new WP_Ajax_Response(array('what' => 'user', 'id' => $user_id));
$x->send();
}
$user_object = get_userdata($user_id);
$wp_list_table = _get_list_table('WP_Users_List_Table');
$role = current($user_object->roles);
$x = new WP_Ajax_Response(array('what' => 'user', 'id' => $user_id, 'data' => $wp_list_table->single_row($user_object, '', $role), 'supplemental' => array('show-link' => sprintf(__('User %s added'), '<a href="#user-' . $user_id . '">' . $user_object->user_login . '</a>'), 'role' => $role)));
$x->send();
}
<?php
include 'config.php';
/** Switch Case to Get Action from controller **/
switch ($_GET['action']) {
case 'add_user':
add_user();
break;
case 'get_users':
get_users();
break;
case 'edit_user':
edit_user();
break;
case 'delete_user':
delete_user();
break;
case 'update_user':
update_user();
break;
}
/** Function to Add User **/
function add_user()
{
$data = json_decode(file_get_contents("php://input"));
// print_r($data);
$full_name = $data->full_name;
$addr_first = $data->addr_first;
$addr_second = $data->addr_second;
$addr_third = $data->addr_third;
$postcode = $data->postcode;
<?php
global $profileuser, $user_id, $user;
if (isset($_POST['action']) && $_POST['action'] == 'update') {
if (wp_verify_nonce($_REQUEST['_wpnonce'], 'update-user_' . $user_id)) {
$msg = '<div class="alert alert-success">' . __('Your details have been updated.', 'membership') . '</div>';
$user = array('ID' => $_POST['user_id'], 'first_name' => $_POST['first_name'], 'last_name' => $_POST['last_name'], 'nickname' => $_POST['nickname'], 'display_name' => $_POST['display_name'], 'user_email' => $_POST['email'], 'user_url' => $_POST['url']);
if (!empty($_POST['pass1'])) {
if ($_POST['pass1'] == $_POST['pass2']) {
$user['user_pass'] = $_POST['pass1'];
} else {
$msg = "<div class='alert alert-error'>" . __('Your password settings do not match', 'membership') . "</div>";
}
}
$errors = edit_user($user['ID']);
$profileuser = get_user_to_edit($user_id);
if (isset($errors) && is_wp_error($errors)) {
$msg = "<div class='alert alert-error'>" . implode("<br/>\n", $errors->get_error_messages()) . "</div>";
}
} else {
$msg = "<div class='alert alert-error'>" . __('Your details could not be updated.', 'membership') . "</div>";
}
do_action('edit_user_profile_update', $user_id);
}
?>
<div id='membership-wrapper'>
<?php
if (!empty($msg)) {
?>
function ym_user_profile_form()
{
get_currentuserinfo();
global $current_user, $wpdb;
$updated = false;
$action = ym_post('ym_action');
if ($action == 'ym_user_profile_update') {
include 'wp-admin/includes/user.php';
include 'wp-includes/registration.php';
do_action('personal_options_update', $current_user->ID);
$errors = edit_user($current_user->ID);
if (!is_wp_error($errors)) {
$html = '<p>' . __('Your Profile has been updated') . '</p>';
$html .= '<meta http-equiv="refresh" content="3" />';
return $html;
}
}
$html = '';
if (isset($errors) && is_wp_error($errors)) {
$html .= '<div class="error"><p>' . implode("</p>\n<p>", $errors->get_error_messages()) . '</p></div>';
} else {
if (ym_get('updated')) {
$html .= '<div id="message" class="updated"><p><strong>' . __('User updated.') . '</strong></p></div>';
}
}
if (!function_exists(_wp_get_user_contactmethods)) {
function _wp_get_user_contactmethods()
{
$user_contactmethods = array('aim' => __('AIM'), 'yim' => __('Yahoo IM'), 'jabber' => __('Jabber / Google Talk'));
return apply_filters('user_contactmethods', $user_contactmethods);
}
}
$html .= '
<form action="" method="post">
<input type="hidden" name="ym_action" value="ym_user_profile_update" />
<table class="form-table">
<tr><td colspan="2"><h3>' . __('Name') . '</h3></td></tr>
<tr>
<th><label for="first_name">' . __('First Name') . '</label></th>
<td><input type="text" name="first_name" id="first_name" value="' . esc_attr($current_user->user_firstname) . '" class="regular-text" /></td>
</tr>
<tr>
<th><label for="last_name">' . __('Last Name') . '</label></th>
<td><input type="text" name="last_name" id="last_name" value="' . esc_attr($current_user->user_lastname) . '" class="regular-text" /></td>
</tr>
<tr>
<th><label for="nickname">' . __('Nickname') . ' <span class="description">' . __('(required)') . '</span></label></th>
<td><input type="text" name="nickname" id="nickname" value="' . esc_attr($current_user->nickname) . '" class="regular-text" /></td>
</tr>
<tr>
<th><label for="display_name">' . __('Display name publicly as') . '</label></th>
<td>
<select name="display_name" id="display_name">
';
$public_display = array();
$public_display['display_username'] = $current_user->user_login;
$public_display['display_nickname'] = $current_user->nickname;
if (!empty($profileuser->first_name)) {
$public_display['display_firstname'] = $current_user->first_name;
}
if (!empty($profileuser->last_name)) {
$public_display['display_lastname'] = $current_user->last_name;
}
if (!empty($profileuser->first_name) && !empty($current_user->last_name)) {
$public_display['display_firstlast'] = $current_user->first_name . ' ' . $current_user->last_name;
$public_display['display_lastfirst'] = $current_user->last_name . ' ' . $current_user->first_name;
}
if (!in_array($current_user->display_name, $public_display)) {
// Only add this if it isn't duplicated elsewhere
$public_display = array('display_displayname' => $current_user->display_name) + $public_display;
}
$public_display = array_map('trim', $public_display);
$public_display = array_unique($public_display);
foreach ($public_display as $id => $item) {
$html .= '<option id="' . $id . '" value="' . esc_attr($item) . '"' . selected($current_user->display_name, $item, FALSE) . '>' . $item . '</option>';
}
$html .= '
</select>
</td>
</tr>
<tr><td colspan="2">
<h3>' . __('Contact Info') . '</h3>
</td></tr>
<tr>
<th><label for="email">' . __('E-mail') . ' <span class="description">' . __('(required)') . '</span></label></th>
<td><input type="text" name="email" id="email" value="' . esc_attr($current_user->user_email) . '" class="regular-text" />
';
$new_email = get_option($current_user->ID . '_new_email');
if ($new_email && $new_email != $current_user->user_email) {
$html .= '
<div class="updated inline">
<p>' . sprintf(__('There is a pending change of your e-mail to <code>%1$s</code>. <a href="%2$s">Cancel</a>'), $new_email['newemail'], esc_url(admin_url('profile.php?dismiss=' . $current_user->ID . '_new_email'))) . '</p>
</div>
';
}
$html .= '
</td>
</tr>
<tr>
<th><label for="url">' . __('Website') . '</label></th>
<td><input type="text" name="url" id="url" value="' . esc_attr($current_user->user_url) . '" class="regular-text code" /></td>
</tr>
';
foreach (_wp_get_user_contactmethods() as $name => $desc) {
$html .= '
<tr>
<th><label for="' . $name . '">' . apply_filters('user_' . $name . '_label', $desc) . '</label></th>
<td><input type="text" name="' . $name . '" id="' . $name . '" value="' . esc_attr($current_user->{$name}) . '" class="regular-text" /></td>
</tr>';
}
$html .= '
<tr><td colspan="2">
<h3>' . __('About Yourself') . '</h3>
</td></tr>
<tr>
<th><label for="description">' . __('Biographical Info') . '</label></th>
<td><textarea name="description" id="description" rows="5" cols="60">' . esc_html($current_user->description) . '</textarea><br />
<span class="description">' . __('Share a little biographical information to fill out your profile. This may be shown publicly.') . '</span></td>
</tr>
<tr><td></td><td style="text-align: right;"><input type="submit" class="button-primary" value="' . __('Update Profile') . '" name="submit" /></td></tr>
</table>
</form>
';
return $html;
}
function add_user()
{
return edit_user();
}
/**
* Checks that calling edit_user() with no password returns an error when adding, and doesn't when updating.
*
* @ticket 35715
*/
function test_edit_user_blank_pw()
{
$_POST = $_GET = $_REQUEST = array();
$_POST['role'] = 'subscriber';
$_POST['email'] = '*****@*****.**';
$_POST['user_login'] = '******';
$_POST['first_name'] = 'first_name1';
$_POST['last_name'] = 'last_name1';
$_POST['nickname'] = 'nickname1';
$_POST['display_name'] = 'display_name1';
// Check new user with missing password.
$response = edit_user();
$this->assertInstanceOf('WP_Error', $response);
$this->assertEquals('pass', $response->get_error_code());
// Check new user with password set.
$_POST['pass1'] = $_POST['pass2'] = 'password';
$user_id = edit_user();
$user = get_user_by('ID', $user_id);
$this->assertInternalType('int', $user_id);
$this->assertInstanceOf('WP_User', $user);
$this->assertEquals('nickname1', $user->nickname);
// Check updating user with empty password.
$_POST['nickname'] = 'nickname_updated';
$_POST['pass1'] = $_POST['pass2'] = '';
$user_id = edit_user($user_id);
$this->assertInternalType('int', $user_id);
$this->assertEquals('nickname_updated', $user->nickname);
// Check updating user with missing second password.
$_POST['nickname'] = 'nickname_updated2';
$_POST['pass1'] = 'blank_pass2';
$_POST['pass2'] = '';
$response = edit_user($user_id);
$this->assertInstanceOf('WP_Error', $response);
$this->assertEquals('pass', $response->get_error_code());
$this->assertEquals('nickname_updated', $user->nickname);
// Check updating user with empty password via `check_passwords` action.
add_action('check_passwords', array($this, 'action_check_passwords_blank_pw'), 10, 2);
$user_id = edit_user($user_id);
remove_action('check_passwords', array($this, 'action_check_passwords_blank_pw'));
$this->assertInternalType('int', $user_id);
$this->assertEquals('nickname_updated2', $user->nickname);
}
/**
* Handles the front end user editing
*
* @uses is_multisite() To check if it's a multisite
* @uses bbp_is_user_home() To check if the user is at home (the display page
* is the one of the logged in user)
* @uses get_option() To get the displayed user's new email id option
* @uses wpdb::prepare() To sanitize our sql query
* @uses wpdb::get_var() To execute our query and get back the variable
* @uses wpdb::query() To execute our query
* @uses wp_update_user() To update the user
* @uses delete_option() To delete the displayed user's email id option
* @uses bbp_get_user_profile_edit_url() To get the edit profile url
* @uses wp_safe_redirect() To redirect to the url
* @uses bbp_verify_nonce_request() To verify the nonce and check the request
* @uses current_user_can() To check if the current user can edit the user
* @uses do_action() Calls 'personal_options_update' or
* 'edit_user_options_update' (based on if it's the user home)
* with the displayed user id
* @uses edit_user() To edit the user based on the post data
* @uses get_userdata() To get the user data
* @uses is_email() To check if the string is an email id or not
* @uses wpdb::get_blog_prefix() To get the blog prefix
* @uses is_network_admin() To check if the user is the network admin
* @uses is_super_admin() To check if the user is super admin
* @uses revoke_super_admin() To revoke super admin priviledges
* @uses grant_super_admin() To grant super admin priviledges
* @uses is_wp_error() To check if the value retrieved is a {@link WP_Error}
*/
function bbp_edit_user_handler()
{
// Bail if not a POST action
if ('POST' !== strtoupper($_SERVER['REQUEST_METHOD'])) {
return;
}
// Bail if action is not 'bbp-update-user'
if (empty($_POST['action']) || 'bbp-update-user' !== $_POST['action']) {
return;
}
// Get the displayed user ID
$user_id = bbp_get_displayed_user_id();
global $wpdb, $user_login, $super_admins;
// Execute confirmed email change. See send_confirmation_on_profile_email().
if (is_multisite() && bbp_is_user_home_edit() && isset($_GET['newuseremail'])) {
$new_email = get_option($user_id . '_new_email');
if ($new_email['hash'] == $_GET['newuseremail']) {
$user = new stdClass();
$user->ID = $user_id;
$user->user_email = esc_html(trim($new_email['newemail']));
if ($wpdb->get_var($wpdb->prepare("SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", bbp_get_displayed_user_field('user_login')))) {
$wpdb->query($wpdb->prepare("UPDATE {$wpdb->signups} SET user_email = %s WHERE user_login = %s", $user->user_email, bbp_get_displayed_user_field('user_login')));
}
wp_update_user(get_object_vars($user));
delete_option($user_id . '_new_email');
wp_safe_redirect(add_query_arg(array('updated' => 'true'), bbp_get_user_profile_edit_url($user_id)));
exit;
}
} elseif (is_multisite() && bbp_is_user_home_edit() && !empty($_GET['dismiss']) && $user_id . '_new_email' == $_GET['dismiss']) {
delete_option($user_id . '_new_email');
wp_safe_redirect(add_query_arg(array('updated' => 'true'), bbp_get_user_profile_edit_url($user_id)));
exit;
}
// Nonce check
if (!bbp_verify_nonce_request('update-user_' . $user_id)) {
bbp_add_error('bbp_update_user_nonce', __('<strong>ERROR</strong>: Are you sure you wanted to do that?', 'bbpress'));
return;
}
// Cap check
if (!current_user_can('edit_user', $user_id)) {
bbp_add_error('bbp_update_user_capability', __('<strong>ERROR</strong>: Are you sure you wanted to do that?', 'bbpress'));
return;
}
// Do action based on who's profile you're editing
$edit_action = bbp_is_user_home_edit() ? 'personal_options_update' : 'edit_user_profile_update';
do_action($edit_action, $user_id);
// Multisite handles the trouble for us ;)
if (!is_multisite()) {
$edit_user = edit_user($user_id);
// Single site means we need to do some manual labor
} else {
$user = get_userdata($user_id);
// Update the email address in signups, if present.
if ($user->user_login && isset($_POST['email']) && is_email($_POST['email']) && $wpdb->get_var($wpdb->prepare("SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", $user->user_login))) {
$wpdb->query($wpdb->prepare("UPDATE {$wpdb->signups} SET user_email = %s WHERE user_login = %s", $_POST['email'], $user_login));
}
// WPMU must delete the user from the current blog if WP added him after editing.
$delete_role = false;
$blog_prefix = $wpdb->get_blog_prefix();
if ($user_id != $user_id) {
$cap = $wpdb->get_var("SELECT meta_value FROM {$wpdb->usermeta} WHERE user_id = '{$user_id}' AND meta_key = '{$blog_prefix}capabilities' AND meta_value = 'a:0:{}'");
if (!is_network_admin() && null == $cap && $_POST['role'] == '') {
$_POST['role'] = 'contributor';
$delete_role = true;
}
}
$edit_user = edit_user($user_id);
// stops users being added to current blog when they are edited
if (true === $delete_role) {
delete_user_meta($user_id, $blog_prefix . 'capabilities');
}
if (is_multisite() && is_network_admin() & !bbp_is_user_home_edit() && current_user_can('manage_network_options') && !isset($super_admins) && empty($_POST['super_admin']) == is_super_admin($user_id)) {
empty($_POST['super_admin']) ? revoke_super_admin($user_id) : grant_super_admin($user_id);
}
}
// Error(s) editng the user, so copy them into the global
if (is_wp_error($edit_user)) {
bbpress()->errors = $edit_user;
// Successful edit to redirect
} elseif (is_integer($edit_user)) {
$redirect = add_query_arg(array('updated' => 'true'), bbp_get_user_profile_edit_url($edit_user));
wp_safe_redirect($redirect);
exit;
}
}
<?php
/*
Template Name: User Profile
*/
nocache_headers();
appthemes_auth_redirect_login();
global $userdata;
get_currentuserinfo();
// grabs the user info and puts into vars
// check to see if the form has been posted. If so, validate the fields
if (!empty($_POST['submit'])) {
require_once ABSPATH . 'wp-admin/includes/user.php';
require_once ABSPATH . WPINC . '/registration.php';
check_admin_referer('update-profile_' . $user_ID);
$errors = edit_user($user_ID);
if (is_wp_error($errors)) {
foreach ($errors->get_error_messages() as $message) {
$errmsg = $message;
}
}
// if there are no errors, then process the ad updates
if ($errmsg == '') {
// update the user fields
do_action('personal_options_update', $user_ID);
// update the custom user fields
foreach (array('twitter_id', 'facebook_id', 'linkedin_profile') as $field) {
update_user_meta($user_ID, $field, strip_tags(stripslashes($_POST[$field])));
}
$d_url = $_POST['dashboard_url'];
wp_redirect('./?updated=true&d=' . $d_url);
/**
* {@inheritdoc}
*/
public function save_fields($item_id = null, $object_name = null)
{
/**
* @var $wpdb wpdb
*/
global $wpdb;
if (defined('IS_PROFILE_PAGE') && IS_PROFILE_PAGE) {
/**
* Fires before the page loads on the 'Your Profile' editing form.
*
* The action only fires if the current user is editing their own profile.
*
* @since 2.0.0
*
* @param int $user_id The user ID.
*/
do_action('personal_options_update', $item_id);
} else {
/**
* Fires before the page loads on the 'Edit User' form.
*
* @since 2.7.0
*
* @param int $user_id The user ID.
*/
do_action('edit_user_profile_update', $item_id);
}
// Update the email address in signups, if present.
if (is_multisite()) {
$user = get_userdata($item_id);
if ($user && $user->user_login && isset($_POST['email']) && is_email($_POST['email'])) {
$signup_id = (int) $wpdb->get_var($wpdb->prepare("SELECT signup_id FROM {$wpdb->signups} WHERE user_login = %s", $user->user_login));
if (0 < $signup_id) {
$wpdb->query($wpdb->prepare("UPDATE {$wpdb->signups} SET user_email = %s WHERE signup_id = %d", $_POST['email'], $signup_id));
}
}
}
// Update the user.
$errors = edit_user($item_id);
global $super_admins;
// Grant or revoke super admin status if requested.
if (!defined('IS_PROFILE_PAGE') || !IS_PROFILE_PAGE) {
if (is_multisite() && is_network_admin() && current_user_can('manage_network_options') && !isset($super_admins) && empty($_POST['super_admin']) == is_super_admin($item_id)) {
if (empty($_POST['super_admin'])) {
revoke_super_admin($item_id);
} else {
grant_super_admin($item_id);
}
}
}
// Return if not successful
if (is_wp_error($errors)) {
return $errors;
}
// Save additional fields
return parent::save_fields($item_id, $object_name);
}
/**
* Handles profile action
*
* Callback for "tml_request_profile" in method Theme_My_Login::the_request()
*
* @see Theme_My_Login::the_request()
* @since 6.0
* @access public
*/
function profile_action()
{
global $theme_my_login;
require_once ABSPATH . 'wp-admin/includes/user.php';
require_once ABSPATH . 'wp-admin/includes/misc.php';
define('IS_PROFILE_PAGE', true);
register_admin_color_schemes();
wp_enqueue_style('password-strength', plugins_url('theme-my-login/modules/themed-profiles/themed-profiles.css'));
$suffix = defined('SCRIPT_DEBUG') && SCRIPT_DEBUG ? '.dev' : '';
wp_enqueue_script('user-profile', admin_url("js/user-profile{$suffix}.js"), array('jquery'), '', true);
wp_enqueue_script('password-strength-meter', admin_url("js/password-strength-meter{$suffix}.js"), array('jquery'), '', true);
wp_localize_script('password-strength-meter', 'pwsL10n', array('empty' => __('Strength indicator', 'theme-my-login'), 'short' => __('Very weak', 'theme-my-login'), 'bad' => __('Weak', 'theme-my-login'), 'good' => _x('Medium', 'password strength', 'theme-my-login'), 'strong' => __('Strong', 'theme-my-login'), 'l10n_print_after' => 'try{convertEntities(pwsL10n);}catch(e){};'));
$current_user = wp_get_current_user();
if ('POST' == $_SERVER['REQUEST_METHOD']) {
check_admin_referer('update-user_' . $current_user->ID);
if (!current_user_can('edit_user', $current_user->ID)) {
wp_die(__('You do not have permission to edit this user.', 'theme-my-login'));
}
do_action('personal_options_update', $current_user->ID);
$errors = edit_user($current_user->ID);
if (!is_wp_error($errors)) {
$redirect = add_query_arg(array('updated' => 'true'));
wp_redirect($redirect);
exit;
}
$theme_my_login->errors = $errors;
}
// NEIGHBORHOW MOD - COPY CHANGE
if (isset($_GET['updated']) && 'true' == $_GET['updated']) {
$theme_my_login->errors->add('profile_updated', __('Settings updated.', 'theme-my-login'), 'message');
}
}
/**
* Handles profile action
*
* Callback for "tml_request_profile" in method Theme_My_Login::the_request()
*
* @see Theme_My_Login::the_request()
* @since 6.0
* @access public
*/
public function tml_request_profile()
{
require_once ABSPATH . 'wp-admin/includes/user.php';
require_once ABSPATH . 'wp-admin/includes/misc.php';
define('IS_PROFILE_PAGE', true);
load_textdomain('default', WP_LANG_DIR . '/admin-' . get_locale() . '.mo');
register_admin_color_schemes();
wp_enqueue_style('password-strength', plugins_url('theme-my-login/modules/themed-profiles/themed-profiles.css'));
wp_enqueue_script('user-profile');
$current_user = wp_get_current_user();
if ('POST' == $_SERVER['REQUEST_METHOD']) {
check_admin_referer('update-user_' . $current_user->ID);
if (!current_user_can('edit_user', $current_user->ID)) {
wp_die(__('You do not have permission to edit this user.'));
}
do_action('personal_options_update', $current_user->ID);
$errors = edit_user($current_user->ID);
if (!is_wp_error($errors)) {
$args = array('updated' => 'true');
if (!empty($_REQUEST['instance'])) {
$args['instance'] = $_REQUEST['instance'];
}
$redirect = add_query_arg($args);
wp_redirect($redirect);
exit;
} else {
Theme_My_Login::get_object()->errors = $errors;
}
}
}
function ask_process_edit_profile_form()
{
global $posted;
require_once ABSPATH . 'wp-admin/includes/user.php';
require_once ABSPATH . 'wp-admin/includes/image.php';
require_once ABSPATH . 'wp-admin/includes/file.php';
$errors = new WP_Error();
$posted = array('email' => esc_html($_POST['email']), 'pass1' => esc_html($_POST['pass1']), 'pass2' => esc_html($_POST['pass2']), 'display_name' => esc_html($_POST['display_name']));
if (empty($posted['email'])) {
$errors->add('required-field', '<strong>' . __("Error", "vbegy") . ' : </strong> ' . __("There are required fields.", "vbegy"));
}
if ($posted['pass1'] !== $posted['pass2']) {
$errors->add('required-field', '<strong>' . __("Error", "vbegy") . ' : </strong> ' . __("Password does not match.", "vbegy"));
}
$current_user = wp_get_current_user();
isset($_POST['admin_bar_front']) ? 'true' : 'false';
$get_you_avatar = get_user_meta(get_current_user_id(), "you_avatar", true);
$errors_user = edit_user(get_current_user_id());
if (is_wp_error($errors_user)) {
return $errors;
}
do_action('personal_options_update', get_current_user_id());
if (isset($_FILES['you_avatar']) && !empty($_FILES['you_avatar']['name'])) {
$mime = $_FILES["you_avatar"]["type"];
if ($mime != 'image/jpeg' && $mime != 'image/jpg' && $mime != 'image/png') {
$errors->add('upload-error', __('Error type , please upload: jpg, jpeg, png', 'vbegy'));
} else {
$you_avatar = wp_handle_upload($_FILES['you_avatar'], array('test_form' => false), current_time('mysql'));
if ($you_avatar && isset($you_avatar["url"])) {
update_user_meta(get_current_user_id(), "you_avatar", $you_avatar["url"]);
}
if (isset($you_avatar['error']) && $you_avatar) {
if (isset($errors->add)) {
$errors->add('upload-error', __('Error in upload the image : ', 'vbegy') . $you_avatar['error']);
}
return $errors;
}
}
} else {
die;
update_user_meta(get_current_user_id(), "you_avatar", $get_you_avatar);
}
if (sizeof($errors->errors) > 0) {
return $errors;
}
return;
}
} elseif ($op == "edit") {
if (isset($_POST['id'])) {
$username = $_POST['id'];
$new_username = $_POST['username'];
$password = $_POST['password'];
$password2 = $_POST['password2'];
$groups = $_POST['user_groups'];
$permissions = $_POST['permissions'];
$err = "";
if (strlen(trim($password)) > 0) {
if (trim($password) != trim($password2)) {
$err = "The passwords are not equal.";
}
}
if ($err == "") {
$err = edit_user($username, $new_username, $password, $groups, $permissions);
}
if (strlen($err) > 0) {
header('Location: error.php?msg=' . urlencode($err));
} else {
header('Location: user_list.php');
}
} else {
header('Location: error.php?msg=No id');
}
} else {
header('Location: error.php?msg=Incorrect op: ' . $op);
}
} else {
header('Location: error.php?msg=No op');
}
if (add_user()) {
redirect("?view=users");
} else {
redirect();
}
//вернемся на страницу добавления пользователя
}
break;
case 'edit_user':
$user_id = (int) $_GET['user_id'];
$get_user = get_user($user_id);
//получаем данные этого пользователя
$roles = get_roles();
if ($_POST) {
//когда будет нажата кнопка сохранить
if (edit_user($user_id, $get_user['login'], $get_user['email'])) {
redirect("?view=users");
} else {
redirect();
}
}
break;
case 'del_user':
$user_id = (int) $_GET['user_id'];
del_user($user_id);
redirect();
break;
default:
// если в адресной строке ввели имя не существующего вида
$view = 'pages';
$pages = pages();
}
}
// change password
if (isset($_POST['user_password']) && is_array($_POST['user_password'])) {
reset($_POST['user_password']);
$newroles = $_POST['role'];
foreach ((array) $_POST['user_password'] as $userid => $pass) {
unset($_POST['role']);
$_POST['role'] = $newroles[$userid];
if ($pass != '') {
$cap = $wpdb->get_var("SELECT meta_value FROM {$wpdb->usermeta} WHERE user_id = '{$userid}' AND meta_key = '{$blog_prefix}capabilities' AND meta_value = 'a:0:{}'");
$userdata = get_userdata($userid);
$_POST['pass1'] = $_POST['pass2'] = $pass;
$_POST['email'] = $userdata->user_email;
$_POST['rich_editing'] = $userdata->rich_editing;
edit_user($userid);
if ($cap == null) {
$wpdb->query("DELETE FROM {$wpdb->usermeta} WHERE user_id = '{$userid}' AND meta_key = '{$blog_prefix}capabilities' AND meta_value = 'a:0:{}'");
}
}
}
unset($_POST['role']);
$_POST['role'] = $newroles;
}
// add user
if (!empty($_POST['newuser'])) {
$newuser = $_POST['newuser'];
$userid = $wpdb->get_var($wpdb->prepare("SELECT ID FROM " . $wpdb->users . " WHERE user_login = %s", $newuser));
if ($userid) {
$user = $wpdb->get_var("SELECT user_id FROM " . $wpdb->usermeta . " WHERE user_id='{$userid}' AND meta_key='{$blog_prefix}capabilities'");
if ($user == false) {
/**
* Tests the controller function that expects slashed data
*
*/
function test_edit_user()
{
$id = $this->factory->user->create();
$_POST = $_GET = $_REQUEST = array();
$_POST['role'] = 'subscriber';
$_POST['email'] = '*****@*****.**';
$_POST['first_name'] = $this->slash_1;
$_POST['last_name'] = $this->slash_3;
$_POST['nickname'] = $this->slash_5;
$_POST['display_name'] = $this->slash_7;
$_POST['description'] = $this->slash_3;
$_POST = add_magic_quotes($_POST);
// the edit_post() function will strip slashes
$id = edit_user($id);
$user = get_user_to_edit($id);
$this->assertEquals($this->slash_1, $user->first_name);
$this->assertEquals($this->slash_3, $user->last_name);
$this->assertEquals($this->slash_5, $user->nickname);
$this->assertEquals($this->slash_7, $user->display_name);
$this->assertEquals($this->slash_3, $user->description);
$_POST = $_GET = $_REQUEST = array();
$_POST['role'] = 'subscriber';
$_POST['email'] = '*****@*****.**';
$_POST['first_name'] = $this->slash_2;
$_POST['last_name'] = $this->slash_4;
$_POST['nickname'] = $this->slash_6;
$_POST['display_name'] = $this->slash_2;
$_POST['description'] = $this->slash_4;
$_POST = add_magic_quotes($_POST);
// the edit_post() function will strip slashes
$id = edit_user($id);
$user = get_user_to_edit($id);
$this->assertEquals($this->slash_2, $user->first_name);
$this->assertEquals($this->slash_4, $user->last_name);
$this->assertEquals($this->slash_6, $user->nickname);
$this->assertEquals($this->slash_2, $user->display_name);
$this->assertEquals($this->slash_4, $user->description);
}
Please click the following link to confirm the invite:
%4$s');
wp_mail($new_user_email, sprintf(__('[%s] Joining confirmation'), get_option('blogname')), sprintf($message, get_option('blogname'), home_url(), wp_specialchars_decode(translate_user_role($role['name'])), home_url("/newbloguser/{$newuser_key}/")));
$redirect = add_query_arg(array('update' => 'add'), 'user-new.php');
}
}
wp_redirect($redirect);
die;
} elseif (isset($_REQUEST['action']) && 'createuser' == $_REQUEST['action']) {
check_admin_referer('create-user', '_wpnonce_create-user');
if (!current_user_can('create_users')) {
wp_die(__('Cheatin’ uh?'));
}
if (!is_multisite()) {
$user_id = edit_user();
if (is_wp_error($user_id)) {
$add_user_errors = $user_id;
} else {
if (current_user_can('list_users')) {
$redirect = 'users.php?update=add&id=' . $user_id;
} else {
$redirect = add_query_arg('update', 'add', 'user-new.php');
}
wp_redirect($redirect);
die;
}
} else {
// Adding a new user to this site
$user_details = wpmu_validate_user_signup($_REQUEST['user_login'], $_REQUEST['email']);
if (is_wp_error($user_details['errors']) && !empty($user_details['errors']->errors)) {
$old_mail = isset($_POST['old_mail']) ? $_POST['old_mail'] : $user['User_Mail'];
$old_rid = isset($_POST['old_rid']) ? $_POST['old_rid'] : $user['Role_ID'];
$rid = isset($_POST['rid']) ? $_POST['rid'] : $old_rid;
$name = isset($_POST['name']) ? $_POST['name'] : '';
$fullname = isset($_POST['fullname']) ? $_POST['fullname'] : '';
$current_pass = isset($_POST['current_pass']) ? $_POST['current_pass'] : '';
$pass = isset($_POST['pass']) ? $_POST['pass'] : '';
$pass1 = isset($_POST['pass1']) ? $_POST['pass1'] : '';
$mail = isset($_POST['mail']) ? $_POST['mail'] : '';
$err = $current_pass == '' && $pass == '' ? null : pass_error_array($uid, $current_pass, $pass, $pass1);
if (isset($_POST['submit'])) {
if (!count($err)) {
if (!isset($pass) || $pass == '' && $current_pass == '') {
edit_user_without_pass($_POST['uid'], $rid, $fullname);
} elseif (isset($pass) && $pass != '') {
edit_user($_POST['uid'], $rid, $fullname, $pass);
}
if ($pass != '') {
send_mail($mail, 'Online KMS Registration System - Your Account get changed', '
<table style="border: 1px solid black;">
<tr style="border: 1px solid black;">
<td>
<img src="' . currentURL() . 'images/banner_email.png" width="480" height="80" />
</td>
</tr>
<tr style="border: 1px solid black;">
<td>
<p>Hi <b>' . $fullname . '</b></p>
<p>Your new password is: ' . substr($pass, 0, 3) . '***</p>
</td>
</tr>
pageheader($lang_usermgr_php['title']);
edit_user($user_id);
pagefooter();
break;
case 'update':
$user_id = $superCage->get->keyExists('user_id') ? $superCage->get->getInt('user_id') : -1;
$cpg_udb->edit_users($user_id);
update_user($user_id);
cpg_db_query("DELETE FROM {$CONFIG['TABLE_USERS']} WHERE user_name = '' LIMIT 1");
pageheader($lang_usermgr_php['title']);
list_users();
pagefooter();
break;
case 'new_user':
pageheader($lang_usermgr_php['title']);
edit_user('new_user');
pagefooter();
break;
case 'groups_alb_access':
//show what albums user groups can see
pageheader($lang_usermgr_php['groups_alb_access']);
list_groups_alb_access();
pagefooter();
break;
case 'group_alb_access':
//show what albums specific group can see
$group_id = $superCage->get->getInt('gid');
$sql = "\r\n SELECT group_name\r\n FROM {$CONFIG['TABLE_USERGROUPS']} AS groups, {$CONFIG['TABLE_ALBUMS']} AS albums\r\n WHERE group_id = {$group_id} AND albums.visibility = groups.group_id\r\n ";
$result = cpg_db_query($sql);
$group = mysql_fetch_array($result);
if (!mysql_num_rows($result)) {
/**
* Creates user without email confirmation.
*
* @access public
*/
public function custom_createuser()
{
global $wpdb;
check_admin_referer('create-user', '_wpnonce_create-user');
if (!current_user_can('create_users')) {
wp_die(__('Cheatin’ uh?'));
}
if (!is_multisite()) {
$user_id = edit_user();
if (is_wp_error($user_id)) {
$add_user_errors = $user_id;
} else {
if (current_user_can('list_users')) {
$redirect = 'users.php?update=add&id=' . $user_id;
} else {
$redirect = add_query_arg('update', 'add', 'user-new.php');
}
wp_redirect($redirect);
die;
}
} else {
/* Check if user already exists in the network */
$user_details = get_user_by('login', $_REQUEST['user_login']);
if (!$user_details) {
// Adding a new user to this site
$user_details = wpmu_validate_user_signup($_REQUEST['user_login'], $_REQUEST['email']);
if (is_wp_error($user_details['errors']) && !empty($user_details['errors']->errors)) {
$add_user_errors = $user_details['errors'];
} else {
$new_user_login = apply_filters('pre_user_login', sanitize_user(wp_unslash($_REQUEST['user_login']), true));
add_filter('wpmu_signup_user_notification', '__return_false');
// Disable confirmation email
wpmu_signup_user($new_user_login, $_REQUEST['email'], array('add_to_blog' => $wpdb->blogid, 'new_role' => $_REQUEST['role']));
$key = $wpdb->get_var($wpdb->prepare("SELECT activation_key FROM {$wpdb->signups} WHERE user_login = %s AND user_email = %s", $new_user_login, $_REQUEST['email']));
wpmu_activate_signup($key);
$redirect = add_query_arg(array('update' => 'addnoconfirmation'), 'user-new.php');
wp_redirect($redirect);
die;
}
} else {
//Add existing user to the blog.
$new_user_email = $user_details->user_email;
$redirect = 'user-new.php';
$username = $user_details->user_login;
$user_id = $user_details->ID;
add_existing_user_to_blog(array('user_id' => $user_id, 'role' => $_REQUEST['role']));
$redirect = add_query_arg(array('update' => 'addnoconfirmation'), 'user-new.php');
wp_redirect($redirect);
die;
}
}
}
*
* @since 2.7.0
*
* @param int $user_id The user ID.
*/
do_action('edit_user_profile_update', $user_id);
}
// Update the email address in signups, if present.
if (is_multisite()) {
$user = get_userdata($user_id);
if ($user->user_login && isset($_POST['email']) && is_email($_POST['email']) && $wpdb->get_var($wpdb->prepare("SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", $user->user_login))) {
$wpdb->query($wpdb->prepare("UPDATE {$wpdb->signups} SET user_email = %s WHERE user_login = %s", $_POST['email'], $user_login));
}
}
// Update the user.
$errors = edit_user($user_id);
// Grant or revoke super admin status if requested.
if (is_multisite() && is_network_admin() && !IS_PROFILE_PAGE && current_user_can('manage_network_options') && !isset($super_admins) && empty($_POST['super_admin']) == is_super_admin($user_id)) {
empty($_POST['super_admin']) ? revoke_super_admin($user_id) : grant_super_admin($user_id);
}
if (!is_wp_error($errors)) {
$redirect = add_query_arg('updated', true, get_edit_user_link($user_id));
if ($wp_http_referer) {
$redirect = add_query_arg('wp_http_referer', urlencode($wp_http_referer), $redirect);
}
wp_redirect($redirect);
exit;
}
default:
$profileuser = get_user_to_edit($user_id);
if (!current_user_can('edit_user', $user_id)) {
/**
* Handles the front end user editing
*
* @uses is_multisite() To check if it's a multisite
* @uses bbp_is_user_home() To check if the user is at home (the display page
* is the one of the logged in user)
* @uses get_option() To get the displayed user's new email id option
* @uses wpdb::prepare() To sanitize our sql query
* @uses wpdb::get_var() To execute our query and get back the variable
* @uses wpdb::query() To execute our query
* @uses wp_update_user() To update the user
* @uses delete_option() To delete the displayed user's email id option
* @uses bbp_get_user_profile_edit_url() To get the edit profile url
* @uses wp_safe_redirect() To redirect to the url
* @uses bbp_verify_nonce_request() To verify the nonce and check the request
* @uses current_user_can() To check if the current user can edit the user
* @uses do_action() Calls 'personal_options_update' or
* 'edit_user_options_update' (based on if it's the user home)
* with the displayed user id
* @uses edit_user() To edit the user based on the post data
* @uses get_userdata() To get the user data
* @uses is_email() To check if the string is an email id or not
* @uses wpdb::get_blog_prefix() To get the blog prefix
* @uses is_network_admin() To check if the user is the network admin
* @uses is_super_admin() To check if the user is super admin
* @uses revoke_super_admin() To revoke super admin priviledges
* @uses grant_super_admin() To grant super admin priviledges
* @uses is_wp_error() To check if the value retrieved is a {@link WP_Error}
*/
function bbp_edit_user_handler()
{
// Bail if not a POST action
if ('POST' !== strtoupper($_SERVER['REQUEST_METHOD'])) {
return;
}
// Bail if action is not 'bbp-update-user'
if (empty($_POST['action']) || 'bbp-update-user' !== $_POST['action']) {
return;
}
// Get the displayed user ID
$user_id = bbp_get_displayed_user_id();
// Execute confirmed email change. See send_confirmation_on_profile_email().
if (is_multisite() && bbp_is_user_home_edit() && isset($_GET['newuseremail'])) {
$new_email = get_option($user_id . '_new_email');
if ($new_email['hash'] == $_GET['newuseremail']) {
$user = new stdClass();
$user->ID = $user_id;
$user->user_email = esc_html(trim($new_email['newemail']));
global $wpdb;
if ($wpdb->get_var($wpdb->prepare("SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", bbp_get_displayed_user_field('user_login')))) {
$wpdb->query($wpdb->prepare("UPDATE {$wpdb->signups} SET user_email = %s WHERE user_login = %s", $user->user_email, bbp_get_displayed_user_field('user_login')));
}
wp_update_user(get_object_vars($user));
delete_option($user_id . '_new_email');
wp_safe_redirect(add_query_arg(array('updated' => 'true'), bbp_get_user_profile_edit_url($user_id)));
exit;
}
// Delete new email address from user options
} elseif (is_multisite() && bbp_is_user_home_edit() && !empty($_GET['dismiss']) && $user_id . '_new_email' == $_GET['dismiss']) {
delete_option($user_id . '_new_email');
wp_safe_redirect(add_query_arg(array('updated' => 'true'), bbp_get_user_profile_edit_url($user_id)));
exit;
}
// Nonce check
if (!bbp_verify_nonce_request('update-user_' . $user_id)) {
bbp_add_error('bbp_update_user_nonce', __('<strong>ERROR</strong>: Are you sure you wanted to do that?', 'bbpress'));
return;
}
// Cap check
if (!current_user_can('edit_user', $user_id)) {
bbp_add_error('bbp_update_user_capability', __('<strong>ERROR</strong>: Are you sure you wanted to do that?', 'bbpress'));
return;
}
// Do action based on who's profile you're editing
$edit_action = bbp_is_user_home_edit() ? 'personal_options_update' : 'edit_user_profile_update';
do_action($edit_action, $user_id);
// Handle user edit
$edit_user = edit_user($user_id);
// Error(s) editng the user, so copy them into the global
if (is_wp_error($edit_user)) {
bbpress()->errors = $edit_user;
// Successful edit to redirect
} elseif (is_integer($edit_user)) {
// Maybe update super admin ability
if (is_multisite() && !bbp_is_user_home_edit()) {
empty($_POST['super_admin']) ? revoke_super_admin($edit_user) : grant_super_admin($edit_user);
}
$redirect = add_query_arg(array('updated' => 'true'), bbp_get_user_profile_edit_url($edit_user));
wp_safe_redirect($redirect);
exit;
}
}
