/** * @group xprofile_set_field_data * @ticket BP5836 */ public function test_xprofile_sync_bp_profile_new_user() { $post_vars = $_POST; $_POST = array('user_login' => 'foobar', 'pass1' => 'password', 'pass2' => 'password', 'role' => 'subscriber', 'email' => '*****@*****.**', 'first_name' => 'Foo', 'last_name' => 'Bar'); $id = add_user(); $display_name = 'Bar Foo'; $_POST = array('display_name' => $display_name, 'email' => '*****@*****.**', 'nickname' => 'foobar'); $id = edit_user($id); // clean up post vars $_POST = $post_vars; $this->assertEquals($display_name, xprofile_get_field_data(bp_xprofile_fullname_field_id(), $id)); }
/** * Creates a new user from the "Users" form using $_POST information. * * It seems that the first half is for backwards compatibility, but only * has the ability to alter the user's role. WordPress core seems to * use this function only in the second way, running edit_user() with * no id so as to create a new user. * * @since 2.0 * * @param int $user_id Optional. User ID. * @return null|WP_Error|int Null when adding user, WP_Error or User ID integer when no parameters. */ function add_user() { if (func_num_args()) { // The hackiest hack that ever did hack global $current_user, $wp_roles; $user_id = (int) func_get_arg(0); if (isset($_POST['role'])) { $new_role = sanitize_text_field($_POST['role']); // Don't let anyone with 'edit_users' (admins) edit their own role to something without it. if ($user_id != $current_user->id || $wp_roles->role_objects[$new_role]->has_cap('edit_users')) { // If the new role isn't editable by the logged-in user die with error $editable_roles = get_editable_roles(); if (empty($editable_roles[$new_role])) { wp_die(__('You can’t give users that role.')); } $user = new WP_User($user_id); $user->set_role($new_role); } } } else { add_action('user_register', 'add_user'); // See above return edit_user(); } }
function rcl_edit_profile() { global $user_ID; if (!wp_verify_nonce($_POST['_wpnonce'], 'update-profile_' . $user_ID)) { return false; } //if(isset($_POST['pass1'])) $_POST['pass1'] = str_replace('\\\\','\\',$_POST['pass1']); if (defined('ABSPATH')) { require_once ABSPATH . 'wp-admin/includes/user.php'; } else { require_once '../wp-admin/includes/user.php'; } //require_once( ABSPATH . WPINC . '/registration.php' ); //echo $_POST['pass1'];exit; $redirect_url = rcl_format_url(get_author_posts_url($user_ID), 'profile') . '&updated=true'; $args = array('hide_empty' => false); $allterms = get_terms('category', $args); rcl_update_profile_fields($user_ID); check_admin_referer('update-profile_' . $user_ID); $errors = edit_user($user_ID); if (is_wp_error($errors)) { foreach ($errors->get_error_messages() as $message) { $errmsg = "{$message}"; } } if (isset($errmsg)) { wp_die($errmsg); } do_action('personal_options_update', $user_ID); wp_redirect($redirect_url); }
function wpu_check_for_action() { global $user_ID, $wp_version; if (isset($_GET['wpu_action'])) { if ('activate' == $_GET['wpu_action']) { check_admin_referer('wp-united-switch-theme_' . $_GET['template']); if (isset($_GET['template'])) { update_usermeta($user_ID, 'WPU_MyTemplate', $_GET['template']); } if (isset($_GET['stylesheet'])) { update_usermeta($user_ID, 'WPU_MyStylesheet', $_GET['stylesheet']); } $wpuConnSettings = get_settings('wputd_connection'); wp_redirect('admin.php?page=' . $wpuConnSettings['full_path_to_plugin'] . '&activated=true&wputab=themes'); exit; } elseif ('update-blog-profile' == $_GET['wpu_action']) { check_admin_referer('update-blog-profile_' . $user_ID); $errors = edit_user($user_ID); //$errors behaves differently post-WP 2.1 if ((double) $wp_version >= 2.1) { //WordPress >= 2.1 if (is_wp_error($errors)) { foreach ($errors->get_error_messages() as $message) { echo "<li>{$message}</li>"; } } } else { //WP 2.0x if (is_array($errors)) { if (count($errors) != 0) { foreach ($errors as $id => $error) { echo $error . '<br/>'; } exit; } } } if (!isset($_POST['rich_editing'])) { $_POST['rich_editing'] = 'false'; } update_user_option($current_user->id, 'rich_editing', $_POST['rich_editing'], true); // // UPDATE BLOG DETAILS // $blog_title = __('My Blog'); $blog_tagline = __('My description will go here'); if (isset($_POST['blog_title'])) { $blog_title = wp_specialchars(trim($_POST['blog_title'])); } if (isset($_POST['blog_tagline'])) { $blog_tagline = wp_specialchars(trim($_POST['blog_tagline'])); } update_usermeta($user_ID, 'blog_title', $blog_title); update_usermeta($user_ID, 'blog_tagline', $blog_tagline); $wpuConnSettings = get_settings('wputd_connection'); wp_redirect('admin.php?page=' . $wpuConnSettings['full_path_to_plugin'] . '&updated=true&wputab=bset'); exit; } } }
function update() { if (!isset($_POST['action']) || 'app-edit-profile' != $_POST['action']) { return; } check_admin_referer('app-edit-profile'); require ABSPATH . '/wp-admin/includes/user.php'; $r = edit_user($_POST['user_id']); if (is_wp_error($r)) { $this->error = $r->get_error_message(); } else { wp_redirect('./?updated=true'); exit; } }
function add_user() { if ( func_num_args() ) { // The hackiest hack that ever did hack global $current_user, $wp_roles; $user_id = (int) func_get_arg( 0 ); if ( isset( $_POST['role'] ) ) { if( $user_id != $current_user->id || $wp_roles->role_objects[$_POST['role']]->has_cap( 'edit_users' ) ) { $user = new WP_User( $user_id ); $user->set_role( $_POST['role'] ); } } } else { add_action( 'user_register', 'add_user' ); // See above return edit_user(); } }
function update() { if (!isset($_POST['action']) || 'app-edit-profile' != $_POST['action']) { return; } check_admin_referer('app-edit-profile'); require ABSPATH . '/wp-admin/includes/user.php'; $r = edit_user($_POST['user_id']); if (is_wp_error($r)) { $this->errors = $r; } else { do_action('personal_options_update', $_POST['user_id']); appthemes_add_notice('updated-profile', __('Your profile has been updated.', APP_TD), 'success'); $redirect_url = add_query_arg(array('updated' => 'true')); wp_redirect($redirect_url); exit; } }
/** * Edits the user * * @wp-hook uf_profile * @return void */ function uf_perform_profile_edit() { // get user id $user_id = get_current_user_id(); // perform profile actions for plugins do_action('personal_options_update', $user_id); // edit user if (!function_exists('edit_user')) { require_once ABSPATH . '/wp-admin/includes/user.php'; } $errors = edit_user($user_id); // check for errors (mainly password) if (!is_wp_error($errors)) { $message = 'updated'; } else { $message = $errors->get_error_code(); } // set the filter $url = home_url('/user-profile/?message=' . $message); $url = apply_filters('uf_perform_profile_edit_redirect_url', $url, $message); wp_safe_redirect($url); exit; }
/** * Ajax handler for adding a user. * * @since 3.1.0 * * @global WP_List_Table $wp_list_table * * @param string $action Action to perform. */ function wp_ajax_add_user($action) { global $wp_list_table; if (empty($action)) { $action = 'add-user'; } check_ajax_referer($action); if (!current_user_can('create_users')) { wp_die(-1); } if (!($user_id = edit_user())) { wp_die(0); } elseif (is_wp_error($user_id)) { $x = new WP_Ajax_Response(array('what' => 'user', 'id' => $user_id)); $x->send(); } $user_object = get_userdata($user_id); $wp_list_table = _get_list_table('WP_Users_List_Table'); $role = current($user_object->roles); $x = new WP_Ajax_Response(array('what' => 'user', 'id' => $user_id, 'data' => $wp_list_table->single_row($user_object, '', $role), 'supplemental' => array('show-link' => sprintf(__('User %s added'), '<a href="#user-' . $user_id . '">' . $user_object->user_login . '</a>'), 'role' => $role))); $x->send(); }
<?php include 'config.php'; /** Switch Case to Get Action from controller **/ switch ($_GET['action']) { case 'add_user': add_user(); break; case 'get_users': get_users(); break; case 'edit_user': edit_user(); break; case 'delete_user': delete_user(); break; case 'update_user': update_user(); break; } /** Function to Add User **/ function add_user() { $data = json_decode(file_get_contents("php://input")); // print_r($data); $full_name = $data->full_name; $addr_first = $data->addr_first; $addr_second = $data->addr_second; $addr_third = $data->addr_third; $postcode = $data->postcode;
<?php global $profileuser, $user_id, $user; if (isset($_POST['action']) && $_POST['action'] == 'update') { if (wp_verify_nonce($_REQUEST['_wpnonce'], 'update-user_' . $user_id)) { $msg = '<div class="alert alert-success">' . __('Your details have been updated.', 'membership') . '</div>'; $user = array('ID' => $_POST['user_id'], 'first_name' => $_POST['first_name'], 'last_name' => $_POST['last_name'], 'nickname' => $_POST['nickname'], 'display_name' => $_POST['display_name'], 'user_email' => $_POST['email'], 'user_url' => $_POST['url']); if (!empty($_POST['pass1'])) { if ($_POST['pass1'] == $_POST['pass2']) { $user['user_pass'] = $_POST['pass1']; } else { $msg = "<div class='alert alert-error'>" . __('Your password settings do not match', 'membership') . "</div>"; } } $errors = edit_user($user['ID']); $profileuser = get_user_to_edit($user_id); if (isset($errors) && is_wp_error($errors)) { $msg = "<div class='alert alert-error'>" . implode("<br/>\n", $errors->get_error_messages()) . "</div>"; } } else { $msg = "<div class='alert alert-error'>" . __('Your details could not be updated.', 'membership') . "</div>"; } do_action('edit_user_profile_update', $user_id); } ?> <div id='membership-wrapper'> <?php if (!empty($msg)) { ?>
function ym_user_profile_form() { get_currentuserinfo(); global $current_user, $wpdb; $updated = false; $action = ym_post('ym_action'); if ($action == 'ym_user_profile_update') { include 'wp-admin/includes/user.php'; include 'wp-includes/registration.php'; do_action('personal_options_update', $current_user->ID); $errors = edit_user($current_user->ID); if (!is_wp_error($errors)) { $html = '<p>' . __('Your Profile has been updated') . '</p>'; $html .= '<meta http-equiv="refresh" content="3" />'; return $html; } } $html = ''; if (isset($errors) && is_wp_error($errors)) { $html .= '<div class="error"><p>' . implode("</p>\n<p>", $errors->get_error_messages()) . '</p></div>'; } else { if (ym_get('updated')) { $html .= '<div id="message" class="updated"><p><strong>' . __('User updated.') . '</strong></p></div>'; } } if (!function_exists(_wp_get_user_contactmethods)) { function _wp_get_user_contactmethods() { $user_contactmethods = array('aim' => __('AIM'), 'yim' => __('Yahoo IM'), 'jabber' => __('Jabber / Google Talk')); return apply_filters('user_contactmethods', $user_contactmethods); } } $html .= ' <form action="" method="post"> <input type="hidden" name="ym_action" value="ym_user_profile_update" /> <table class="form-table"> <tr><td colspan="2"><h3>' . __('Name') . '</h3></td></tr> <tr> <th><label for="first_name">' . __('First Name') . '</label></th> <td><input type="text" name="first_name" id="first_name" value="' . esc_attr($current_user->user_firstname) . '" class="regular-text" /></td> </tr> <tr> <th><label for="last_name">' . __('Last Name') . '</label></th> <td><input type="text" name="last_name" id="last_name" value="' . esc_attr($current_user->user_lastname) . '" class="regular-text" /></td> </tr> <tr> <th><label for="nickname">' . __('Nickname') . ' <span class="description">' . __('(required)') . '</span></label></th> <td><input type="text" name="nickname" id="nickname" value="' . esc_attr($current_user->nickname) . '" class="regular-text" /></td> </tr> <tr> <th><label for="display_name">' . __('Display name publicly as') . '</label></th> <td> <select name="display_name" id="display_name"> '; $public_display = array(); $public_display['display_username'] = $current_user->user_login; $public_display['display_nickname'] = $current_user->nickname; if (!empty($profileuser->first_name)) { $public_display['display_firstname'] = $current_user->first_name; } if (!empty($profileuser->last_name)) { $public_display['display_lastname'] = $current_user->last_name; } if (!empty($profileuser->first_name) && !empty($current_user->last_name)) { $public_display['display_firstlast'] = $current_user->first_name . ' ' . $current_user->last_name; $public_display['display_lastfirst'] = $current_user->last_name . ' ' . $current_user->first_name; } if (!in_array($current_user->display_name, $public_display)) { // Only add this if it isn't duplicated elsewhere $public_display = array('display_displayname' => $current_user->display_name) + $public_display; } $public_display = array_map('trim', $public_display); $public_display = array_unique($public_display); foreach ($public_display as $id => $item) { $html .= '<option id="' . $id . '" value="' . esc_attr($item) . '"' . selected($current_user->display_name, $item, FALSE) . '>' . $item . '</option>'; } $html .= ' </select> </td> </tr> <tr><td colspan="2"> <h3>' . __('Contact Info') . '</h3> </td></tr> <tr> <th><label for="email">' . __('E-mail') . ' <span class="description">' . __('(required)') . '</span></label></th> <td><input type="text" name="email" id="email" value="' . esc_attr($current_user->user_email) . '" class="regular-text" /> '; $new_email = get_option($current_user->ID . '_new_email'); if ($new_email && $new_email != $current_user->user_email) { $html .= ' <div class="updated inline"> <p>' . sprintf(__('There is a pending change of your e-mail to <code>%1$s</code>. <a href="%2$s">Cancel</a>'), $new_email['newemail'], esc_url(admin_url('profile.php?dismiss=' . $current_user->ID . '_new_email'))) . '</p> </div> '; } $html .= ' </td> </tr> <tr> <th><label for="url">' . __('Website') . '</label></th> <td><input type="text" name="url" id="url" value="' . esc_attr($current_user->user_url) . '" class="regular-text code" /></td> </tr> '; foreach (_wp_get_user_contactmethods() as $name => $desc) { $html .= ' <tr> <th><label for="' . $name . '">' . apply_filters('user_' . $name . '_label', $desc) . '</label></th> <td><input type="text" name="' . $name . '" id="' . $name . '" value="' . esc_attr($current_user->{$name}) . '" class="regular-text" /></td> </tr>'; } $html .= ' <tr><td colspan="2"> <h3>' . __('About Yourself') . '</h3> </td></tr> <tr> <th><label for="description">' . __('Biographical Info') . '</label></th> <td><textarea name="description" id="description" rows="5" cols="60">' . esc_html($current_user->description) . '</textarea><br /> <span class="description">' . __('Share a little biographical information to fill out your profile. This may be shown publicly.') . '</span></td> </tr> <tr><td></td><td style="text-align: right;"><input type="submit" class="button-primary" value="' . __('Update Profile') . '" name="submit" /></td></tr> </table> </form> '; return $html; }
function add_user() { return edit_user(); }
/** * Checks that calling edit_user() with no password returns an error when adding, and doesn't when updating. * * @ticket 35715 */ function test_edit_user_blank_pw() { $_POST = $_GET = $_REQUEST = array(); $_POST['role'] = 'subscriber'; $_POST['email'] = '*****@*****.**'; $_POST['user_login'] = '******'; $_POST['first_name'] = 'first_name1'; $_POST['last_name'] = 'last_name1'; $_POST['nickname'] = 'nickname1'; $_POST['display_name'] = 'display_name1'; // Check new user with missing password. $response = edit_user(); $this->assertInstanceOf('WP_Error', $response); $this->assertEquals('pass', $response->get_error_code()); // Check new user with password set. $_POST['pass1'] = $_POST['pass2'] = 'password'; $user_id = edit_user(); $user = get_user_by('ID', $user_id); $this->assertInternalType('int', $user_id); $this->assertInstanceOf('WP_User', $user); $this->assertEquals('nickname1', $user->nickname); // Check updating user with empty password. $_POST['nickname'] = 'nickname_updated'; $_POST['pass1'] = $_POST['pass2'] = ''; $user_id = edit_user($user_id); $this->assertInternalType('int', $user_id); $this->assertEquals('nickname_updated', $user->nickname); // Check updating user with missing second password. $_POST['nickname'] = 'nickname_updated2'; $_POST['pass1'] = 'blank_pass2'; $_POST['pass2'] = ''; $response = edit_user($user_id); $this->assertInstanceOf('WP_Error', $response); $this->assertEquals('pass', $response->get_error_code()); $this->assertEquals('nickname_updated', $user->nickname); // Check updating user with empty password via `check_passwords` action. add_action('check_passwords', array($this, 'action_check_passwords_blank_pw'), 10, 2); $user_id = edit_user($user_id); remove_action('check_passwords', array($this, 'action_check_passwords_blank_pw')); $this->assertInternalType('int', $user_id); $this->assertEquals('nickname_updated2', $user->nickname); }
/** * Handles the front end user editing * * @uses is_multisite() To check if it's a multisite * @uses bbp_is_user_home() To check if the user is at home (the display page * is the one of the logged in user) * @uses get_option() To get the displayed user's new email id option * @uses wpdb::prepare() To sanitize our sql query * @uses wpdb::get_var() To execute our query and get back the variable * @uses wpdb::query() To execute our query * @uses wp_update_user() To update the user * @uses delete_option() To delete the displayed user's email id option * @uses bbp_get_user_profile_edit_url() To get the edit profile url * @uses wp_safe_redirect() To redirect to the url * @uses bbp_verify_nonce_request() To verify the nonce and check the request * @uses current_user_can() To check if the current user can edit the user * @uses do_action() Calls 'personal_options_update' or * 'edit_user_options_update' (based on if it's the user home) * with the displayed user id * @uses edit_user() To edit the user based on the post data * @uses get_userdata() To get the user data * @uses is_email() To check if the string is an email id or not * @uses wpdb::get_blog_prefix() To get the blog prefix * @uses is_network_admin() To check if the user is the network admin * @uses is_super_admin() To check if the user is super admin * @uses revoke_super_admin() To revoke super admin priviledges * @uses grant_super_admin() To grant super admin priviledges * @uses is_wp_error() To check if the value retrieved is a {@link WP_Error} */ function bbp_edit_user_handler() { // Bail if not a POST action if ('POST' !== strtoupper($_SERVER['REQUEST_METHOD'])) { return; } // Bail if action is not 'bbp-update-user' if (empty($_POST['action']) || 'bbp-update-user' !== $_POST['action']) { return; } // Get the displayed user ID $user_id = bbp_get_displayed_user_id(); global $wpdb, $user_login, $super_admins; // Execute confirmed email change. See send_confirmation_on_profile_email(). if (is_multisite() && bbp_is_user_home_edit() && isset($_GET['newuseremail'])) { $new_email = get_option($user_id . '_new_email'); if ($new_email['hash'] == $_GET['newuseremail']) { $user = new stdClass(); $user->ID = $user_id; $user->user_email = esc_html(trim($new_email['newemail'])); if ($wpdb->get_var($wpdb->prepare("SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", bbp_get_displayed_user_field('user_login')))) { $wpdb->query($wpdb->prepare("UPDATE {$wpdb->signups} SET user_email = %s WHERE user_login = %s", $user->user_email, bbp_get_displayed_user_field('user_login'))); } wp_update_user(get_object_vars($user)); delete_option($user_id . '_new_email'); wp_safe_redirect(add_query_arg(array('updated' => 'true'), bbp_get_user_profile_edit_url($user_id))); exit; } } elseif (is_multisite() && bbp_is_user_home_edit() && !empty($_GET['dismiss']) && $user_id . '_new_email' == $_GET['dismiss']) { delete_option($user_id . '_new_email'); wp_safe_redirect(add_query_arg(array('updated' => 'true'), bbp_get_user_profile_edit_url($user_id))); exit; } // Nonce check if (!bbp_verify_nonce_request('update-user_' . $user_id)) { bbp_add_error('bbp_update_user_nonce', __('<strong>ERROR</strong>: Are you sure you wanted to do that?', 'bbpress')); return; } // Cap check if (!current_user_can('edit_user', $user_id)) { bbp_add_error('bbp_update_user_capability', __('<strong>ERROR</strong>: Are you sure you wanted to do that?', 'bbpress')); return; } // Do action based on who's profile you're editing $edit_action = bbp_is_user_home_edit() ? 'personal_options_update' : 'edit_user_profile_update'; do_action($edit_action, $user_id); // Multisite handles the trouble for us ;) if (!is_multisite()) { $edit_user = edit_user($user_id); // Single site means we need to do some manual labor } else { $user = get_userdata($user_id); // Update the email address in signups, if present. if ($user->user_login && isset($_POST['email']) && is_email($_POST['email']) && $wpdb->get_var($wpdb->prepare("SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", $user->user_login))) { $wpdb->query($wpdb->prepare("UPDATE {$wpdb->signups} SET user_email = %s WHERE user_login = %s", $_POST['email'], $user_login)); } // WPMU must delete the user from the current blog if WP added him after editing. $delete_role = false; $blog_prefix = $wpdb->get_blog_prefix(); if ($user_id != $user_id) { $cap = $wpdb->get_var("SELECT meta_value FROM {$wpdb->usermeta} WHERE user_id = '{$user_id}' AND meta_key = '{$blog_prefix}capabilities' AND meta_value = 'a:0:{}'"); if (!is_network_admin() && null == $cap && $_POST['role'] == '') { $_POST['role'] = 'contributor'; $delete_role = true; } } $edit_user = edit_user($user_id); // stops users being added to current blog when they are edited if (true === $delete_role) { delete_user_meta($user_id, $blog_prefix . 'capabilities'); } if (is_multisite() && is_network_admin() & !bbp_is_user_home_edit() && current_user_can('manage_network_options') && !isset($super_admins) && empty($_POST['super_admin']) == is_super_admin($user_id)) { empty($_POST['super_admin']) ? revoke_super_admin($user_id) : grant_super_admin($user_id); } } // Error(s) editng the user, so copy them into the global if (is_wp_error($edit_user)) { bbpress()->errors = $edit_user; // Successful edit to redirect } elseif (is_integer($edit_user)) { $redirect = add_query_arg(array('updated' => 'true'), bbp_get_user_profile_edit_url($edit_user)); wp_safe_redirect($redirect); exit; } }
<?php /* Template Name: User Profile */ nocache_headers(); appthemes_auth_redirect_login(); global $userdata; get_currentuserinfo(); // grabs the user info and puts into vars // check to see if the form has been posted. If so, validate the fields if (!empty($_POST['submit'])) { require_once ABSPATH . 'wp-admin/includes/user.php'; require_once ABSPATH . WPINC . '/registration.php'; check_admin_referer('update-profile_' . $user_ID); $errors = edit_user($user_ID); if (is_wp_error($errors)) { foreach ($errors->get_error_messages() as $message) { $errmsg = $message; } } // if there are no errors, then process the ad updates if ($errmsg == '') { // update the user fields do_action('personal_options_update', $user_ID); // update the custom user fields foreach (array('twitter_id', 'facebook_id', 'linkedin_profile') as $field) { update_user_meta($user_ID, $field, strip_tags(stripslashes($_POST[$field]))); } $d_url = $_POST['dashboard_url']; wp_redirect('./?updated=true&d=' . $d_url);
/** * {@inheritdoc} */ public function save_fields($item_id = null, $object_name = null) { /** * @var $wpdb wpdb */ global $wpdb; if (defined('IS_PROFILE_PAGE') && IS_PROFILE_PAGE) { /** * Fires before the page loads on the 'Your Profile' editing form. * * The action only fires if the current user is editing their own profile. * * @since 2.0.0 * * @param int $user_id The user ID. */ do_action('personal_options_update', $item_id); } else { /** * Fires before the page loads on the 'Edit User' form. * * @since 2.7.0 * * @param int $user_id The user ID. */ do_action('edit_user_profile_update', $item_id); } // Update the email address in signups, if present. if (is_multisite()) { $user = get_userdata($item_id); if ($user && $user->user_login && isset($_POST['email']) && is_email($_POST['email'])) { $signup_id = (int) $wpdb->get_var($wpdb->prepare("SELECT signup_id FROM {$wpdb->signups} WHERE user_login = %s", $user->user_login)); if (0 < $signup_id) { $wpdb->query($wpdb->prepare("UPDATE {$wpdb->signups} SET user_email = %s WHERE signup_id = %d", $_POST['email'], $signup_id)); } } } // Update the user. $errors = edit_user($item_id); global $super_admins; // Grant or revoke super admin status if requested. if (!defined('IS_PROFILE_PAGE') || !IS_PROFILE_PAGE) { if (is_multisite() && is_network_admin() && current_user_can('manage_network_options') && !isset($super_admins) && empty($_POST['super_admin']) == is_super_admin($item_id)) { if (empty($_POST['super_admin'])) { revoke_super_admin($item_id); } else { grant_super_admin($item_id); } } } // Return if not successful if (is_wp_error($errors)) { return $errors; } // Save additional fields return parent::save_fields($item_id, $object_name); }
/** * Handles profile action * * Callback for "tml_request_profile" in method Theme_My_Login::the_request() * * @see Theme_My_Login::the_request() * @since 6.0 * @access public */ function profile_action() { global $theme_my_login; require_once ABSPATH . 'wp-admin/includes/user.php'; require_once ABSPATH . 'wp-admin/includes/misc.php'; define('IS_PROFILE_PAGE', true); register_admin_color_schemes(); wp_enqueue_style('password-strength', plugins_url('theme-my-login/modules/themed-profiles/themed-profiles.css')); $suffix = defined('SCRIPT_DEBUG') && SCRIPT_DEBUG ? '.dev' : ''; wp_enqueue_script('user-profile', admin_url("js/user-profile{$suffix}.js"), array('jquery'), '', true); wp_enqueue_script('password-strength-meter', admin_url("js/password-strength-meter{$suffix}.js"), array('jquery'), '', true); wp_localize_script('password-strength-meter', 'pwsL10n', array('empty' => __('Strength indicator', 'theme-my-login'), 'short' => __('Very weak', 'theme-my-login'), 'bad' => __('Weak', 'theme-my-login'), 'good' => _x('Medium', 'password strength', 'theme-my-login'), 'strong' => __('Strong', 'theme-my-login'), 'l10n_print_after' => 'try{convertEntities(pwsL10n);}catch(e){};')); $current_user = wp_get_current_user(); if ('POST' == $_SERVER['REQUEST_METHOD']) { check_admin_referer('update-user_' . $current_user->ID); if (!current_user_can('edit_user', $current_user->ID)) { wp_die(__('You do not have permission to edit this user.', 'theme-my-login')); } do_action('personal_options_update', $current_user->ID); $errors = edit_user($current_user->ID); if (!is_wp_error($errors)) { $redirect = add_query_arg(array('updated' => 'true')); wp_redirect($redirect); exit; } $theme_my_login->errors = $errors; } // NEIGHBORHOW MOD - COPY CHANGE if (isset($_GET['updated']) && 'true' == $_GET['updated']) { $theme_my_login->errors->add('profile_updated', __('Settings updated.', 'theme-my-login'), 'message'); } }
/** * Handles profile action * * Callback for "tml_request_profile" in method Theme_My_Login::the_request() * * @see Theme_My_Login::the_request() * @since 6.0 * @access public */ public function tml_request_profile() { require_once ABSPATH . 'wp-admin/includes/user.php'; require_once ABSPATH . 'wp-admin/includes/misc.php'; define('IS_PROFILE_PAGE', true); load_textdomain('default', WP_LANG_DIR . '/admin-' . get_locale() . '.mo'); register_admin_color_schemes(); wp_enqueue_style('password-strength', plugins_url('theme-my-login/modules/themed-profiles/themed-profiles.css')); wp_enqueue_script('user-profile'); $current_user = wp_get_current_user(); if ('POST' == $_SERVER['REQUEST_METHOD']) { check_admin_referer('update-user_' . $current_user->ID); if (!current_user_can('edit_user', $current_user->ID)) { wp_die(__('You do not have permission to edit this user.')); } do_action('personal_options_update', $current_user->ID); $errors = edit_user($current_user->ID); if (!is_wp_error($errors)) { $args = array('updated' => 'true'); if (!empty($_REQUEST['instance'])) { $args['instance'] = $_REQUEST['instance']; } $redirect = add_query_arg($args); wp_redirect($redirect); exit; } else { Theme_My_Login::get_object()->errors = $errors; } } }
function ask_process_edit_profile_form() { global $posted; require_once ABSPATH . 'wp-admin/includes/user.php'; require_once ABSPATH . 'wp-admin/includes/image.php'; require_once ABSPATH . 'wp-admin/includes/file.php'; $errors = new WP_Error(); $posted = array('email' => esc_html($_POST['email']), 'pass1' => esc_html($_POST['pass1']), 'pass2' => esc_html($_POST['pass2']), 'display_name' => esc_html($_POST['display_name'])); if (empty($posted['email'])) { $errors->add('required-field', '<strong>' . __("Error", "vbegy") . ' : </strong> ' . __("There are required fields.", "vbegy")); } if ($posted['pass1'] !== $posted['pass2']) { $errors->add('required-field', '<strong>' . __("Error", "vbegy") . ' : </strong> ' . __("Password does not match.", "vbegy")); } $current_user = wp_get_current_user(); isset($_POST['admin_bar_front']) ? 'true' : 'false'; $get_you_avatar = get_user_meta(get_current_user_id(), "you_avatar", true); $errors_user = edit_user(get_current_user_id()); if (is_wp_error($errors_user)) { return $errors; } do_action('personal_options_update', get_current_user_id()); if (isset($_FILES['you_avatar']) && !empty($_FILES['you_avatar']['name'])) { $mime = $_FILES["you_avatar"]["type"]; if ($mime != 'image/jpeg' && $mime != 'image/jpg' && $mime != 'image/png') { $errors->add('upload-error', __('Error type , please upload: jpg, jpeg, png', 'vbegy')); } else { $you_avatar = wp_handle_upload($_FILES['you_avatar'], array('test_form' => false), current_time('mysql')); if ($you_avatar && isset($you_avatar["url"])) { update_user_meta(get_current_user_id(), "you_avatar", $you_avatar["url"]); } if (isset($you_avatar['error']) && $you_avatar) { if (isset($errors->add)) { $errors->add('upload-error', __('Error in upload the image : ', 'vbegy') . $you_avatar['error']); } return $errors; } } } else { die; update_user_meta(get_current_user_id(), "you_avatar", $get_you_avatar); } if (sizeof($errors->errors) > 0) { return $errors; } return; }
} elseif ($op == "edit") { if (isset($_POST['id'])) { $username = $_POST['id']; $new_username = $_POST['username']; $password = $_POST['password']; $password2 = $_POST['password2']; $groups = $_POST['user_groups']; $permissions = $_POST['permissions']; $err = ""; if (strlen(trim($password)) > 0) { if (trim($password) != trim($password2)) { $err = "The passwords are not equal."; } } if ($err == "") { $err = edit_user($username, $new_username, $password, $groups, $permissions); } if (strlen($err) > 0) { header('Location: error.php?msg=' . urlencode($err)); } else { header('Location: user_list.php'); } } else { header('Location: error.php?msg=No id'); } } else { header('Location: error.php?msg=Incorrect op: ' . $op); } } else { header('Location: error.php?msg=No op'); }
if (add_user()) { redirect("?view=users"); } else { redirect(); } //вернемся на страницу добавления пользователя } break; case 'edit_user': $user_id = (int) $_GET['user_id']; $get_user = get_user($user_id); //получаем данные этого пользователя $roles = get_roles(); if ($_POST) { //когда будет нажата кнопка сохранить if (edit_user($user_id, $get_user['login'], $get_user['email'])) { redirect("?view=users"); } else { redirect(); } } break; case 'del_user': $user_id = (int) $_GET['user_id']; del_user($user_id); redirect(); break; default: // если в адресной строке ввели имя не существующего вида $view = 'pages'; $pages = pages();
} } // change password if (isset($_POST['user_password']) && is_array($_POST['user_password'])) { reset($_POST['user_password']); $newroles = $_POST['role']; foreach ((array) $_POST['user_password'] as $userid => $pass) { unset($_POST['role']); $_POST['role'] = $newroles[$userid]; if ($pass != '') { $cap = $wpdb->get_var("SELECT meta_value FROM {$wpdb->usermeta} WHERE user_id = '{$userid}' AND meta_key = '{$blog_prefix}capabilities' AND meta_value = 'a:0:{}'"); $userdata = get_userdata($userid); $_POST['pass1'] = $_POST['pass2'] = $pass; $_POST['email'] = $userdata->user_email; $_POST['rich_editing'] = $userdata->rich_editing; edit_user($userid); if ($cap == null) { $wpdb->query("DELETE FROM {$wpdb->usermeta} WHERE user_id = '{$userid}' AND meta_key = '{$blog_prefix}capabilities' AND meta_value = 'a:0:{}'"); } } } unset($_POST['role']); $_POST['role'] = $newroles; } // add user if (!empty($_POST['newuser'])) { $newuser = $_POST['newuser']; $userid = $wpdb->get_var($wpdb->prepare("SELECT ID FROM " . $wpdb->users . " WHERE user_login = %s", $newuser)); if ($userid) { $user = $wpdb->get_var("SELECT user_id FROM " . $wpdb->usermeta . " WHERE user_id='{$userid}' AND meta_key='{$blog_prefix}capabilities'"); if ($user == false) {
/** * Tests the controller function that expects slashed data * */ function test_edit_user() { $id = $this->factory->user->create(); $_POST = $_GET = $_REQUEST = array(); $_POST['role'] = 'subscriber'; $_POST['email'] = '*****@*****.**'; $_POST['first_name'] = $this->slash_1; $_POST['last_name'] = $this->slash_3; $_POST['nickname'] = $this->slash_5; $_POST['display_name'] = $this->slash_7; $_POST['description'] = $this->slash_3; $_POST = add_magic_quotes($_POST); // the edit_post() function will strip slashes $id = edit_user($id); $user = get_user_to_edit($id); $this->assertEquals($this->slash_1, $user->first_name); $this->assertEquals($this->slash_3, $user->last_name); $this->assertEquals($this->slash_5, $user->nickname); $this->assertEquals($this->slash_7, $user->display_name); $this->assertEquals($this->slash_3, $user->description); $_POST = $_GET = $_REQUEST = array(); $_POST['role'] = 'subscriber'; $_POST['email'] = '*****@*****.**'; $_POST['first_name'] = $this->slash_2; $_POST['last_name'] = $this->slash_4; $_POST['nickname'] = $this->slash_6; $_POST['display_name'] = $this->slash_2; $_POST['description'] = $this->slash_4; $_POST = add_magic_quotes($_POST); // the edit_post() function will strip slashes $id = edit_user($id); $user = get_user_to_edit($id); $this->assertEquals($this->slash_2, $user->first_name); $this->assertEquals($this->slash_4, $user->last_name); $this->assertEquals($this->slash_6, $user->nickname); $this->assertEquals($this->slash_2, $user->display_name); $this->assertEquals($this->slash_4, $user->description); }
Please click the following link to confirm the invite: %4$s'); wp_mail($new_user_email, sprintf(__('[%s] Joining confirmation'), get_option('blogname')), sprintf($message, get_option('blogname'), home_url(), wp_specialchars_decode(translate_user_role($role['name'])), home_url("/newbloguser/{$newuser_key}/"))); $redirect = add_query_arg(array('update' => 'add'), 'user-new.php'); } } wp_redirect($redirect); die; } elseif (isset($_REQUEST['action']) && 'createuser' == $_REQUEST['action']) { check_admin_referer('create-user', '_wpnonce_create-user'); if (!current_user_can('create_users')) { wp_die(__('Cheatin’ uh?')); } if (!is_multisite()) { $user_id = edit_user(); if (is_wp_error($user_id)) { $add_user_errors = $user_id; } else { if (current_user_can('list_users')) { $redirect = 'users.php?update=add&id=' . $user_id; } else { $redirect = add_query_arg('update', 'add', 'user-new.php'); } wp_redirect($redirect); die; } } else { // Adding a new user to this site $user_details = wpmu_validate_user_signup($_REQUEST['user_login'], $_REQUEST['email']); if (is_wp_error($user_details['errors']) && !empty($user_details['errors']->errors)) {
$old_mail = isset($_POST['old_mail']) ? $_POST['old_mail'] : $user['User_Mail']; $old_rid = isset($_POST['old_rid']) ? $_POST['old_rid'] : $user['Role_ID']; $rid = isset($_POST['rid']) ? $_POST['rid'] : $old_rid; $name = isset($_POST['name']) ? $_POST['name'] : ''; $fullname = isset($_POST['fullname']) ? $_POST['fullname'] : ''; $current_pass = isset($_POST['current_pass']) ? $_POST['current_pass'] : ''; $pass = isset($_POST['pass']) ? $_POST['pass'] : ''; $pass1 = isset($_POST['pass1']) ? $_POST['pass1'] : ''; $mail = isset($_POST['mail']) ? $_POST['mail'] : ''; $err = $current_pass == '' && $pass == '' ? null : pass_error_array($uid, $current_pass, $pass, $pass1); if (isset($_POST['submit'])) { if (!count($err)) { if (!isset($pass) || $pass == '' && $current_pass == '') { edit_user_without_pass($_POST['uid'], $rid, $fullname); } elseif (isset($pass) && $pass != '') { edit_user($_POST['uid'], $rid, $fullname, $pass); } if ($pass != '') { send_mail($mail, 'Online KMS Registration System - Your Account get changed', ' <table style="border: 1px solid black;"> <tr style="border: 1px solid black;"> <td> <img src="' . currentURL() . 'images/banner_email.png" width="480" height="80" /> </td> </tr> <tr style="border: 1px solid black;"> <td> <p>Hi <b>' . $fullname . '</b></p> <p>Your new password is: ' . substr($pass, 0, 3) . '***</p> </td> </tr>
pageheader($lang_usermgr_php['title']); edit_user($user_id); pagefooter(); break; case 'update': $user_id = $superCage->get->keyExists('user_id') ? $superCage->get->getInt('user_id') : -1; $cpg_udb->edit_users($user_id); update_user($user_id); cpg_db_query("DELETE FROM {$CONFIG['TABLE_USERS']} WHERE user_name = '' LIMIT 1"); pageheader($lang_usermgr_php['title']); list_users(); pagefooter(); break; case 'new_user': pageheader($lang_usermgr_php['title']); edit_user('new_user'); pagefooter(); break; case 'groups_alb_access': //show what albums user groups can see pageheader($lang_usermgr_php['groups_alb_access']); list_groups_alb_access(); pagefooter(); break; case 'group_alb_access': //show what albums specific group can see $group_id = $superCage->get->getInt('gid'); $sql = "\r\n SELECT group_name\r\n FROM {$CONFIG['TABLE_USERGROUPS']} AS groups, {$CONFIG['TABLE_ALBUMS']} AS albums\r\n WHERE group_id = {$group_id} AND albums.visibility = groups.group_id\r\n "; $result = cpg_db_query($sql); $group = mysql_fetch_array($result); if (!mysql_num_rows($result)) {
/** * Creates user without email confirmation. * * @access public */ public function custom_createuser() { global $wpdb; check_admin_referer('create-user', '_wpnonce_create-user'); if (!current_user_can('create_users')) { wp_die(__('Cheatin’ uh?')); } if (!is_multisite()) { $user_id = edit_user(); if (is_wp_error($user_id)) { $add_user_errors = $user_id; } else { if (current_user_can('list_users')) { $redirect = 'users.php?update=add&id=' . $user_id; } else { $redirect = add_query_arg('update', 'add', 'user-new.php'); } wp_redirect($redirect); die; } } else { /* Check if user already exists in the network */ $user_details = get_user_by('login', $_REQUEST['user_login']); if (!$user_details) { // Adding a new user to this site $user_details = wpmu_validate_user_signup($_REQUEST['user_login'], $_REQUEST['email']); if (is_wp_error($user_details['errors']) && !empty($user_details['errors']->errors)) { $add_user_errors = $user_details['errors']; } else { $new_user_login = apply_filters('pre_user_login', sanitize_user(wp_unslash($_REQUEST['user_login']), true)); add_filter('wpmu_signup_user_notification', '__return_false'); // Disable confirmation email wpmu_signup_user($new_user_login, $_REQUEST['email'], array('add_to_blog' => $wpdb->blogid, 'new_role' => $_REQUEST['role'])); $key = $wpdb->get_var($wpdb->prepare("SELECT activation_key FROM {$wpdb->signups} WHERE user_login = %s AND user_email = %s", $new_user_login, $_REQUEST['email'])); wpmu_activate_signup($key); $redirect = add_query_arg(array('update' => 'addnoconfirmation'), 'user-new.php'); wp_redirect($redirect); die; } } else { //Add existing user to the blog. $new_user_email = $user_details->user_email; $redirect = 'user-new.php'; $username = $user_details->user_login; $user_id = $user_details->ID; add_existing_user_to_blog(array('user_id' => $user_id, 'role' => $_REQUEST['role'])); $redirect = add_query_arg(array('update' => 'addnoconfirmation'), 'user-new.php'); wp_redirect($redirect); die; } } }
* * @since 2.7.0 * * @param int $user_id The user ID. */ do_action('edit_user_profile_update', $user_id); } // Update the email address in signups, if present. if (is_multisite()) { $user = get_userdata($user_id); if ($user->user_login && isset($_POST['email']) && is_email($_POST['email']) && $wpdb->get_var($wpdb->prepare("SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", $user->user_login))) { $wpdb->query($wpdb->prepare("UPDATE {$wpdb->signups} SET user_email = %s WHERE user_login = %s", $_POST['email'], $user_login)); } } // Update the user. $errors = edit_user($user_id); // Grant or revoke super admin status if requested. if (is_multisite() && is_network_admin() && !IS_PROFILE_PAGE && current_user_can('manage_network_options') && !isset($super_admins) && empty($_POST['super_admin']) == is_super_admin($user_id)) { empty($_POST['super_admin']) ? revoke_super_admin($user_id) : grant_super_admin($user_id); } if (!is_wp_error($errors)) { $redirect = add_query_arg('updated', true, get_edit_user_link($user_id)); if ($wp_http_referer) { $redirect = add_query_arg('wp_http_referer', urlencode($wp_http_referer), $redirect); } wp_redirect($redirect); exit; } default: $profileuser = get_user_to_edit($user_id); if (!current_user_can('edit_user', $user_id)) {
/** * Handles the front end user editing * * @uses is_multisite() To check if it's a multisite * @uses bbp_is_user_home() To check if the user is at home (the display page * is the one of the logged in user) * @uses get_option() To get the displayed user's new email id option * @uses wpdb::prepare() To sanitize our sql query * @uses wpdb::get_var() To execute our query and get back the variable * @uses wpdb::query() To execute our query * @uses wp_update_user() To update the user * @uses delete_option() To delete the displayed user's email id option * @uses bbp_get_user_profile_edit_url() To get the edit profile url * @uses wp_safe_redirect() To redirect to the url * @uses bbp_verify_nonce_request() To verify the nonce and check the request * @uses current_user_can() To check if the current user can edit the user * @uses do_action() Calls 'personal_options_update' or * 'edit_user_options_update' (based on if it's the user home) * with the displayed user id * @uses edit_user() To edit the user based on the post data * @uses get_userdata() To get the user data * @uses is_email() To check if the string is an email id or not * @uses wpdb::get_blog_prefix() To get the blog prefix * @uses is_network_admin() To check if the user is the network admin * @uses is_super_admin() To check if the user is super admin * @uses revoke_super_admin() To revoke super admin priviledges * @uses grant_super_admin() To grant super admin priviledges * @uses is_wp_error() To check if the value retrieved is a {@link WP_Error} */ function bbp_edit_user_handler() { // Bail if not a POST action if ('POST' !== strtoupper($_SERVER['REQUEST_METHOD'])) { return; } // Bail if action is not 'bbp-update-user' if (empty($_POST['action']) || 'bbp-update-user' !== $_POST['action']) { return; } // Get the displayed user ID $user_id = bbp_get_displayed_user_id(); // Execute confirmed email change. See send_confirmation_on_profile_email(). if (is_multisite() && bbp_is_user_home_edit() && isset($_GET['newuseremail'])) { $new_email = get_option($user_id . '_new_email'); if ($new_email['hash'] == $_GET['newuseremail']) { $user = new stdClass(); $user->ID = $user_id; $user->user_email = esc_html(trim($new_email['newemail'])); global $wpdb; if ($wpdb->get_var($wpdb->prepare("SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", bbp_get_displayed_user_field('user_login')))) { $wpdb->query($wpdb->prepare("UPDATE {$wpdb->signups} SET user_email = %s WHERE user_login = %s", $user->user_email, bbp_get_displayed_user_field('user_login'))); } wp_update_user(get_object_vars($user)); delete_option($user_id . '_new_email'); wp_safe_redirect(add_query_arg(array('updated' => 'true'), bbp_get_user_profile_edit_url($user_id))); exit; } // Delete new email address from user options } elseif (is_multisite() && bbp_is_user_home_edit() && !empty($_GET['dismiss']) && $user_id . '_new_email' == $_GET['dismiss']) { delete_option($user_id . '_new_email'); wp_safe_redirect(add_query_arg(array('updated' => 'true'), bbp_get_user_profile_edit_url($user_id))); exit; } // Nonce check if (!bbp_verify_nonce_request('update-user_' . $user_id)) { bbp_add_error('bbp_update_user_nonce', __('<strong>ERROR</strong>: Are you sure you wanted to do that?', 'bbpress')); return; } // Cap check if (!current_user_can('edit_user', $user_id)) { bbp_add_error('bbp_update_user_capability', __('<strong>ERROR</strong>: Are you sure you wanted to do that?', 'bbpress')); return; } // Do action based on who's profile you're editing $edit_action = bbp_is_user_home_edit() ? 'personal_options_update' : 'edit_user_profile_update'; do_action($edit_action, $user_id); // Handle user edit $edit_user = edit_user($user_id); // Error(s) editng the user, so copy them into the global if (is_wp_error($edit_user)) { bbpress()->errors = $edit_user; // Successful edit to redirect } elseif (is_integer($edit_user)) { // Maybe update super admin ability if (is_multisite() && !bbp_is_user_home_edit()) { empty($_POST['super_admin']) ? revoke_super_admin($edit_user) : grant_super_admin($edit_user); } $redirect = add_query_arg(array('updated' => 'true'), bbp_get_user_profile_edit_url($edit_user)); wp_safe_redirect($redirect); exit; } }