/**
* Allows a site admin to delete a user from the adminbar menu.
*
* @package BuddyPress Core
* @global object $bp Global BuddyPress settings object
*/
function bp_core_action_delete_user()
{
global $bp;
if (!is_super_admin() || bp_is_my_profile() || !$bp->displayed_user->id) {
return false;
}
if ('admin' == $bp->current_component && 'delete-user' == $bp->current_action) {
// Check the nonce
check_admin_referer('delete-user');
$errors = false;
do_action('bp_core_before_action_delete_user', $errors);
if (bp_core_delete_account($bp->displayed_user->id)) {
bp_core_add_message(sprintf(__('%s has been deleted from the system.', 'buddypress'), $bp->displayed_user->fullname));
} else {
bp_core_add_message(sprintf(__('There was an error deleting %s from the system. Please try again.', 'buddypress'), $bp->displayed_user->fullname), 'error');
$errors = true;
}
do_action('bp_core_action_delete_user', $errors);
if ($errors) {
bp_core_redirect($bp->displayed_user->domain);
} else {
bp_core_redirect($bp->loggedin_user->domain);
}
}
}
/**
* @ticket BP4915
* @group bp_core_delete_account
*/
public function test_bp_core_delete_account()
{
// Stash
$current_user = get_current_user_id();
$deletion_disabled = bp_disable_account_deletion();
// Create an admin for testing
$admin_user = $this->factory->user->create(array('role' => 'administrator'));
$this->grant_super_admin($admin_user);
// 1. Admin can delete user account
$this->set_current_user($admin_user);
$user1 = $this->factory->user->create(array('role' => 'subscriber'));
bp_core_delete_account($user1);
$maybe_user = new WP_User($user1);
$this->assertEquals(0, $maybe_user->ID);
unset($maybe_user);
$this->restore_admins();
// 2. Admin cannot delete superadmin account
$user2 = $this->factory->user->create(array('role' => 'administrator'));
$this->grant_super_admin($user2);
bp_core_delete_account($user2);
$maybe_user = new WP_User($user2);
$this->assertNotEquals(0, $maybe_user->ID);
unset($maybe_user);
// User cannot delete other's account
$user3 = $this->factory->user->create(array('role' => 'subscriber'));
$user4 = $this->factory->user->create(array('role' => 'subscriber'));
$this->set_current_user($user3);
bp_core_delete_account($user4);
$maybe_user = new WP_User($user4);
$this->assertNotEquals(0, $maybe_user->ID);
unset($maybe_user);
// Cleanup
$this->set_current_user($current_user);
bp_update_option('bp-disable-account-deletion', $deletion_disabled);
}
/**
* Process user deletion requests.
*
* Note: No longer called here. See the Settings component.
*/
function bp_core_action_delete_user()
{
if (!bp_current_user_can('bp_moderate') || bp_is_my_profile() || !bp_displayed_user_id()) {
return false;
}
if (bp_is_current_component('admin') && bp_is_current_action('delete-user')) {
// Check the nonce
check_admin_referer('delete-user');
$errors = false;
do_action('bp_core_before_action_delete_user', $errors);
if (bp_core_delete_account(bp_displayed_user_id())) {
bp_core_add_message(sprintf(__('%s has been deleted from the system.', 'buddypress'), bp_get_displayed_user_fullname()));
} else {
bp_core_add_message(sprintf(__('There was an error deleting %s from the system. Please try again.', 'buddypress'), bp_get_displayed_user_fullname()), 'error');
$errors = true;
}
do_action('bp_core_action_delete_user', $errors);
if ($errors) {
bp_core_redirect(bp_displayed_user_domain());
} else {
bp_core_redirect(bp_loggedin_user_domain());
}
}
}
/**
* Handles the deleting of a user
*/
function bp_settings_action_delete_account()
{
// Bail if not a POST action
if ('POST' !== strtoupper($_SERVER['REQUEST_METHOD'])) {
return;
}
// Bail if no submit action
if (!isset($_POST['delete-account-understand'])) {
return;
}
// Bail if not in settings
if (!bp_is_settings_component() || !bp_is_current_action('delete-account')) {
return false;
}
// 404 if there are any additional action variables attached
if (bp_action_variables()) {
bp_do_404();
return;
}
// Bail if account deletion is disabled
if (bp_disable_account_deletion() && !bp_current_user_can('delete_users')) {
return false;
}
// Nonce check
check_admin_referer('delete-account');
// Get username now because it might be gone soon!
$username = bp_get_displayed_user_fullname();
// delete the users account
if (bp_core_delete_account(bp_displayed_user_id())) {
// Add feedback ater deleting a user
bp_core_add_message(sprintf(__('%s was successfully deleted.', 'buddypress'), $username), 'success');
// Redirect to the root domain
bp_core_redirect(bp_get_root_domain());
}
}
/** Delete Account ************************************************************/
function bp_core_screen_delete_account()
{
global $bp;
if (bp_action_variables()) {
bp_do_404();
return;
}
if (isset($_POST['delete-account-understand'])) {
// Nonce check
check_admin_referer('delete-account');
// delete the users account
if (bp_core_delete_account($bp->displayed_user->id)) {
bp_core_redirect(home_url());
}
}
// Load the template
bp_core_load_template(apply_filters('bp_core_screen_delete_account', 'members/single/settings/delete-account'));
}
/**
* Delete a pending account.
*
* @since 2.0.0
*
* @param array $signup_ids Single ID or list of IDs to delete.
* @return array
*/
public static function delete($signup_ids = array())
{
global $wpdb;
if (empty($signup_ids) || !is_array($signup_ids)) {
return false;
}
$to_delete = self::get(array('include' => $signup_ids));
if (!($signups = $to_delete['signups'])) {
return false;
}
$result = array();
/**
* Fires before deletion of pending accounts.
*
* @since 2.0.0
*
* @param array $signup_ids Array of pending IDs to delete.
*/
do_action('bp_core_signup_before_delete', $signup_ids);
foreach ($signups as $signup) {
$user_id = username_exists($signup->user_login);
if (!empty($user_id) && $signup->activation_key === bp_get_user_meta($user_id, 'activation_key', true)) {
if (2 != self::check_user_status($user_id)) {
// Status is not 2, so user's account has been activated.
$result['errors'][$signup->signup_id] = array($signup->user_login, esc_html__('the sign-up has already been activated.', 'buddypress'));
// Repair signups table.
self::validate($signup->activation_key);
// We have a user id, account is not active, let's delete it.
} else {
bp_core_delete_account($user_id);
}
}
if (empty($result['errors'][$signup->signup_id])) {
$wpdb->delete(buddypress()->members->table_name_signups, array('signup_id' => $signup->signup_id), array('%d'));
$result['deleted'][] = $signup->signup_id;
}
}
/**
* Fires after deletion of pending accounts.
*
* @since 2.0.0
*
* @param array $signup_ids Array of pending IDs to delete.
* @param array $result Array of data for deleted accounts.
*/
do_action('bp_core_signup_after_delete', $signup_ids, $result);
/**
* Filters the result of the metadata for deleted pending accounts.
*
* @since 2.0.0
*
* @param array $result Updated metadata related to deleted pending accounts.
*/
return apply_filters('bp_core_signup_delete', $result);
}
function member_delete($id, $id2)
{
if (!($user = get_userdata($id))) {
return true;
}
if (is_super_admin($id) || bp_loggedin_user_id() == $id) {
return false;
}
//let admins delete members also if account deletion disabled
$disable_deletion = get_site_option('bp-disable-account-deletion');
if ($disable_deletion) {
delete_site_option('bp-disable-account-deletion');
}
$r = bp_core_delete_account($id);
if ($disable_deletion) {
add_site_option('bp-disable-account-deletion', $disable_deletion);
}
return $r;
}
function bp_core_screen_delete_account() {
if ( isset( $_POST['delete-account-understand'] ) ) {
check_admin_referer( 'delete-account' );
// delete the users account
if ( bp_core_delete_account() )
bp_core_redirect( site_url() );
}
add_action( 'bp_template_title', 'bp_core_screen_delete_account_title' );
add_action( 'bp_template_content', 'bp_core_screen_delete_account_content' );
bp_core_load_template( apply_filters( 'bp_core_template_plugin', 'members/single/plugins' ) );
}
/**
* Delete a pending account.
*
* @since BuddyPress (2.0.0)
*
* @param array $signup_ids Single ID or list of IDs to delete.
* @return array
*/
public static function delete($signup_ids = array())
{
global $wpdb;
if (empty($signup_ids) || !is_array($signup_ids)) {
return false;
}
$to_delete = self::get(array('include' => $signup_ids));
if (!($signups = $to_delete['signups'])) {
return false;
}
$result = array();
do_action('bp_core_signup_before_delete', $signup_ids);
foreach ($signups as $signup) {
$user_id = username_exists($signup->user_login);
if (!empty($user_id) && $signup->activation_key == wp_hash($user_id)) {
if (2 != self::check_user_status($user_id)) {
// Status is not 2, so user's account has been activated
$result['errors'][$signup->signup_id] = array($signup->user_login, esc_html__('the sign-up has already been activated.', 'buddypress'));
// repare signups table
self::validate($signup->activation_key);
// we have a user id, account is not active, let's delete it
} else {
bp_core_delete_account($user_id);
}
}
if (empty($result['errors'][$signup->signup_id])) {
$wpdb->delete(buddypress()->members->table_name_signups, array('signup_id' => $signup->signup_id), array('%d'));
$result['deleted'][] = $signup->signup_id;
}
}
do_action('bp_core_signup_after_delete', $signup_ids, $result);
return apply_filters('bp_core_signup_delete', $result);
}
/**
* Process user deletion requests.
*
* Note: No longer called here. See the Settings component.
*/
function bp_core_action_delete_user()
{
$userID = bp_displayed_user_id();
echo "Buddypress:";
echo $userID;
$now = current_time('mysql');
$args = array('date_query' => array('after' => '5 minute ago', 'before' => $now, 'inclusive' => true), 'post_id' => $postID, 'user_id' => $userID, 'count' => true);
$userActivityCount = get_comments($args);
if (!bp_current_user_can('bp_moderate') || bp_is_my_profile() || !bp_displayed_user_id() || $userActivityCount != 0) {
return false;
}
if (bp_is_current_component('admin') && bp_is_current_action('delete-user') && $userActivityCount == 0) {
// Check the nonce.
check_admin_referer('delete-user');
$errors = false;
$style = "<style> #account-delete-form .submit{ display:none !important;} </style>";
if ($userActivityCount != 0) {
$errors = true;
return $style;
}
do_action('bp_core_before_action_delete_user', $errors);
if (bp_core_delete_account(bp_displayed_user_id()) || $userActivityCount == 0) {
bp_core_add_message(sprintf(__('%s has been deleted from the system.', 'buddypress'), bp_get_displayed_user_fullname()));
} else {
bp_core_add_message(sprintf(__('There was an error deleting %s from the system. Please try again.', 'buddypress'), bp_get_displayed_user_fullname()), 'error');
$errors = true;
}
do_action('bp_core_action_delete_user', $errors);
if ($errors) {
bp_core_redirect(bp_displayed_user_domain());
} else {
bp_core_redirect(bp_loggedin_user_domain());
}
}
}
function bp_core_screen_delete_account()
{
global $current_user, $bp_settings_updated, $pass_error;
if (isset($_POST['delete-account-button']) && check_admin_referer('delete-account')) {
// delete the users account
if (bp_core_delete_account()) {
bp_core_redirect(site_url());
}
}
$bp_settings_updated = false;
$pass_error = false;
if (isset($_POST['submit']) && check_admin_referer('bp_settings_general')) {
require_once WPINC . '/registration.php';
// Form has been submitted and nonce checks out, lets do it.
if ($_POST['email'] != '') {
$current_user->user_email = wp_specialchars(trim($_POST['email']));
}
if ($_POST['pass1'] != '' && $_POST['pass2'] != '') {
if ($_POST['pass1'] == $_POST['pass2'] && !strpos(" " . $_POST['pass1'], "\\")) {
$current_user->user_pass = $_POST['pass1'];
} else {
$pass_error = true;
}
} else {
if (empty($_POST['pass1']) && !empty($_POST['pass2']) || !empty($_POST['pass1']) && empty($_POST['pass2'])) {
$pass_error = true;
} else {
unset($current_user->user_pass);
}
}
if (!$pass_error && wp_update_user(get_object_vars($current_user))) {
$bp_settings_updated = true;
}
}
add_action('bp_template_title', 'bp_core_screen_delete_account_title');
add_action('bp_template_content', 'bp_core_screen_delete_account_content');
bp_core_load_template(apply_filters('bp_core_template_plugin', 'plugin-template'));
}
/**
* generated random data
*/
function test_data()
{
set_time_limit(0);
global $wpdb;
$users = $wpdb->get_col("SELECT ID FROM {$wpdb->users} WHERE ID != 1");
if (is_multisite()) {
$wpdb->query("DELETE FROM {$wpdb->signups}");
}
foreach ($users as $id) {
bp_core_delete_account($id);
}
$ngu = 2;
#how much only good users
$ngbu = 2;
#how much not only good or only bad users
$nbu = 2;
#how much only bad users
$content_types = array('A', 'B', 'C', 'D');
$bpmod =& bpModeration::get_istance();
$statuses = array_keys($bpmod->content_stati);
$n_contents = 20;
$flags_per_cont = 20;
# +/- 30%
$goodusers = array();
$badusers = array();
for ($i = 1; $i <= $ngu + $ngbu + $nbu; $i++) {
$uid = bp_core_signup_user('user' . $i, 'pass', $i . '@foo.bar', array());
if (is_multisite()) {
global $wpdb;
$key_sql = "SELECT activation_key FROM {$wpdb->signups} WHERE user_email = '" . $i . "@foo.bar'";
$key = $wpdb->get_var($key_sql);
} else {
$key = get_user_meta($uid, 'activation_key');
}
$uid = bp_core_activate_signup($key);
is_multisite() and wp_set_password('pass', $uid);
if ($i <= $ngu + $ngbu) {
$goodusers[] = $uid;
}
if ($i > $ngu) {
$badusers[] = $uid;
}
}
bpModLoader::load_class('bpModObjContent');
bpModLoader::load_class('bpModObjFlag');
for ($i = 1; $i <= $n_contents; $i++) {
$badu = $badusers[mt_rand(0, count($badusers) - 1)];
$cont = new bpModObjContent();
$cont->item_type = $content_types[mt_rand(0, count($content_types) - 1)];
$cont->item_id = mt_rand(1, 1000000);
$cont->item_author = $badu;
$cont->item_date = gmdate("Y-m-d H:i:s", time() - mt_rand(1000000, 2000000));
$cont->status = $statuses[mt_rand(0, count($statuses) - 1)];
$cont->save();
$flags = mt_rand($flags_per_cont * 0.7, $flags_per_cont * 1.3);
for ($j = 1; $j <= $flags; $j++) {
while ($badu == ($goodu = $goodusers[mt_rand(0, count($goodusers) - 1)])) {
}
$f = new bpModObjFlag();
$f->content_id = $cont->content_id;
$f->reporter_id = $goodu;
$f->date = gmdate("Y-m-d H:i:s", time() - mt_rand(0, 1000000));
$f->save();
}
}
update_site_option('bp_moderation_test_data_check', 'success');
}
