/** * Allows a site admin to delete a user from the adminbar menu. * * @package BuddyPress Core * @global object $bp Global BuddyPress settings object */ function bp_core_action_delete_user() { global $bp; if (!is_super_admin() || bp_is_my_profile() || !$bp->displayed_user->id) { return false; } if ('admin' == $bp->current_component && 'delete-user' == $bp->current_action) { // Check the nonce check_admin_referer('delete-user'); $errors = false; do_action('bp_core_before_action_delete_user', $errors); if (bp_core_delete_account($bp->displayed_user->id)) { bp_core_add_message(sprintf(__('%s has been deleted from the system.', 'buddypress'), $bp->displayed_user->fullname)); } else { bp_core_add_message(sprintf(__('There was an error deleting %s from the system. Please try again.', 'buddypress'), $bp->displayed_user->fullname), 'error'); $errors = true; } do_action('bp_core_action_delete_user', $errors); if ($errors) { bp_core_redirect($bp->displayed_user->domain); } else { bp_core_redirect($bp->loggedin_user->domain); } } }
/** * @ticket BP4915 * @group bp_core_delete_account */ public function test_bp_core_delete_account() { // Stash $current_user = get_current_user_id(); $deletion_disabled = bp_disable_account_deletion(); // Create an admin for testing $admin_user = $this->factory->user->create(array('role' => 'administrator')); $this->grant_super_admin($admin_user); // 1. Admin can delete user account $this->set_current_user($admin_user); $user1 = $this->factory->user->create(array('role' => 'subscriber')); bp_core_delete_account($user1); $maybe_user = new WP_User($user1); $this->assertEquals(0, $maybe_user->ID); unset($maybe_user); $this->restore_admins(); // 2. Admin cannot delete superadmin account $user2 = $this->factory->user->create(array('role' => 'administrator')); $this->grant_super_admin($user2); bp_core_delete_account($user2); $maybe_user = new WP_User($user2); $this->assertNotEquals(0, $maybe_user->ID); unset($maybe_user); // User cannot delete other's account $user3 = $this->factory->user->create(array('role' => 'subscriber')); $user4 = $this->factory->user->create(array('role' => 'subscriber')); $this->set_current_user($user3); bp_core_delete_account($user4); $maybe_user = new WP_User($user4); $this->assertNotEquals(0, $maybe_user->ID); unset($maybe_user); // Cleanup $this->set_current_user($current_user); bp_update_option('bp-disable-account-deletion', $deletion_disabled); }
/** * Process user deletion requests. * * Note: No longer called here. See the Settings component. */ function bp_core_action_delete_user() { if (!bp_current_user_can('bp_moderate') || bp_is_my_profile() || !bp_displayed_user_id()) { return false; } if (bp_is_current_component('admin') && bp_is_current_action('delete-user')) { // Check the nonce check_admin_referer('delete-user'); $errors = false; do_action('bp_core_before_action_delete_user', $errors); if (bp_core_delete_account(bp_displayed_user_id())) { bp_core_add_message(sprintf(__('%s has been deleted from the system.', 'buddypress'), bp_get_displayed_user_fullname())); } else { bp_core_add_message(sprintf(__('There was an error deleting %s from the system. Please try again.', 'buddypress'), bp_get_displayed_user_fullname()), 'error'); $errors = true; } do_action('bp_core_action_delete_user', $errors); if ($errors) { bp_core_redirect(bp_displayed_user_domain()); } else { bp_core_redirect(bp_loggedin_user_domain()); } } }
/** * Handles the deleting of a user */ function bp_settings_action_delete_account() { // Bail if not a POST action if ('POST' !== strtoupper($_SERVER['REQUEST_METHOD'])) { return; } // Bail if no submit action if (!isset($_POST['delete-account-understand'])) { return; } // Bail if not in settings if (!bp_is_settings_component() || !bp_is_current_action('delete-account')) { return false; } // 404 if there are any additional action variables attached if (bp_action_variables()) { bp_do_404(); return; } // Bail if account deletion is disabled if (bp_disable_account_deletion() && !bp_current_user_can('delete_users')) { return false; } // Nonce check check_admin_referer('delete-account'); // Get username now because it might be gone soon! $username = bp_get_displayed_user_fullname(); // delete the users account if (bp_core_delete_account(bp_displayed_user_id())) { // Add feedback ater deleting a user bp_core_add_message(sprintf(__('%s was successfully deleted.', 'buddypress'), $username), 'success'); // Redirect to the root domain bp_core_redirect(bp_get_root_domain()); } }
/** Delete Account ************************************************************/ function bp_core_screen_delete_account() { global $bp; if (bp_action_variables()) { bp_do_404(); return; } if (isset($_POST['delete-account-understand'])) { // Nonce check check_admin_referer('delete-account'); // delete the users account if (bp_core_delete_account($bp->displayed_user->id)) { bp_core_redirect(home_url()); } } // Load the template bp_core_load_template(apply_filters('bp_core_screen_delete_account', 'members/single/settings/delete-account')); }
/** * Delete a pending account. * * @since 2.0.0 * * @param array $signup_ids Single ID or list of IDs to delete. * @return array */ public static function delete($signup_ids = array()) { global $wpdb; if (empty($signup_ids) || !is_array($signup_ids)) { return false; } $to_delete = self::get(array('include' => $signup_ids)); if (!($signups = $to_delete['signups'])) { return false; } $result = array(); /** * Fires before deletion of pending accounts. * * @since 2.0.0 * * @param array $signup_ids Array of pending IDs to delete. */ do_action('bp_core_signup_before_delete', $signup_ids); foreach ($signups as $signup) { $user_id = username_exists($signup->user_login); if (!empty($user_id) && $signup->activation_key === bp_get_user_meta($user_id, 'activation_key', true)) { if (2 != self::check_user_status($user_id)) { // Status is not 2, so user's account has been activated. $result['errors'][$signup->signup_id] = array($signup->user_login, esc_html__('the sign-up has already been activated.', 'buddypress')); // Repair signups table. self::validate($signup->activation_key); // We have a user id, account is not active, let's delete it. } else { bp_core_delete_account($user_id); } } if (empty($result['errors'][$signup->signup_id])) { $wpdb->delete(buddypress()->members->table_name_signups, array('signup_id' => $signup->signup_id), array('%d')); $result['deleted'][] = $signup->signup_id; } } /** * Fires after deletion of pending accounts. * * @since 2.0.0 * * @param array $signup_ids Array of pending IDs to delete. * @param array $result Array of data for deleted accounts. */ do_action('bp_core_signup_after_delete', $signup_ids, $result); /** * Filters the result of the metadata for deleted pending accounts. * * @since 2.0.0 * * @param array $result Updated metadata related to deleted pending accounts. */ return apply_filters('bp_core_signup_delete', $result); }
function member_delete($id, $id2) { if (!($user = get_userdata($id))) { return true; } if (is_super_admin($id) || bp_loggedin_user_id() == $id) { return false; } //let admins delete members also if account deletion disabled $disable_deletion = get_site_option('bp-disable-account-deletion'); if ($disable_deletion) { delete_site_option('bp-disable-account-deletion'); } $r = bp_core_delete_account($id); if ($disable_deletion) { add_site_option('bp-disable-account-deletion', $disable_deletion); } return $r; }
function bp_core_screen_delete_account() { if ( isset( $_POST['delete-account-understand'] ) ) { check_admin_referer( 'delete-account' ); // delete the users account if ( bp_core_delete_account() ) bp_core_redirect( site_url() ); } add_action( 'bp_template_title', 'bp_core_screen_delete_account_title' ); add_action( 'bp_template_content', 'bp_core_screen_delete_account_content' ); bp_core_load_template( apply_filters( 'bp_core_template_plugin', 'members/single/plugins' ) ); }
/** * Delete a pending account. * * @since BuddyPress (2.0.0) * * @param array $signup_ids Single ID or list of IDs to delete. * @return array */ public static function delete($signup_ids = array()) { global $wpdb; if (empty($signup_ids) || !is_array($signup_ids)) { return false; } $to_delete = self::get(array('include' => $signup_ids)); if (!($signups = $to_delete['signups'])) { return false; } $result = array(); do_action('bp_core_signup_before_delete', $signup_ids); foreach ($signups as $signup) { $user_id = username_exists($signup->user_login); if (!empty($user_id) && $signup->activation_key == wp_hash($user_id)) { if (2 != self::check_user_status($user_id)) { // Status is not 2, so user's account has been activated $result['errors'][$signup->signup_id] = array($signup->user_login, esc_html__('the sign-up has already been activated.', 'buddypress')); // repare signups table self::validate($signup->activation_key); // we have a user id, account is not active, let's delete it } else { bp_core_delete_account($user_id); } } if (empty($result['errors'][$signup->signup_id])) { $wpdb->delete(buddypress()->members->table_name_signups, array('signup_id' => $signup->signup_id), array('%d')); $result['deleted'][] = $signup->signup_id; } } do_action('bp_core_signup_after_delete', $signup_ids, $result); return apply_filters('bp_core_signup_delete', $result); }
/** * Process user deletion requests. * * Note: No longer called here. See the Settings component. */ function bp_core_action_delete_user() { $userID = bp_displayed_user_id(); echo "Buddypress:"; echo $userID; $now = current_time('mysql'); $args = array('date_query' => array('after' => '5 minute ago', 'before' => $now, 'inclusive' => true), 'post_id' => $postID, 'user_id' => $userID, 'count' => true); $userActivityCount = get_comments($args); if (!bp_current_user_can('bp_moderate') || bp_is_my_profile() || !bp_displayed_user_id() || $userActivityCount != 0) { return false; } if (bp_is_current_component('admin') && bp_is_current_action('delete-user') && $userActivityCount == 0) { // Check the nonce. check_admin_referer('delete-user'); $errors = false; $style = "<style> #account-delete-form .submit{ display:none !important;} </style>"; if ($userActivityCount != 0) { $errors = true; return $style; } do_action('bp_core_before_action_delete_user', $errors); if (bp_core_delete_account(bp_displayed_user_id()) || $userActivityCount == 0) { bp_core_add_message(sprintf(__('%s has been deleted from the system.', 'buddypress'), bp_get_displayed_user_fullname())); } else { bp_core_add_message(sprintf(__('There was an error deleting %s from the system. Please try again.', 'buddypress'), bp_get_displayed_user_fullname()), 'error'); $errors = true; } do_action('bp_core_action_delete_user', $errors); if ($errors) { bp_core_redirect(bp_displayed_user_domain()); } else { bp_core_redirect(bp_loggedin_user_domain()); } } }
function bp_core_screen_delete_account() { global $current_user, $bp_settings_updated, $pass_error; if (isset($_POST['delete-account-button']) && check_admin_referer('delete-account')) { // delete the users account if (bp_core_delete_account()) { bp_core_redirect(site_url()); } } $bp_settings_updated = false; $pass_error = false; if (isset($_POST['submit']) && check_admin_referer('bp_settings_general')) { require_once WPINC . '/registration.php'; // Form has been submitted and nonce checks out, lets do it. if ($_POST['email'] != '') { $current_user->user_email = wp_specialchars(trim($_POST['email'])); } if ($_POST['pass1'] != '' && $_POST['pass2'] != '') { if ($_POST['pass1'] == $_POST['pass2'] && !strpos(" " . $_POST['pass1'], "\\")) { $current_user->user_pass = $_POST['pass1']; } else { $pass_error = true; } } else { if (empty($_POST['pass1']) && !empty($_POST['pass2']) || !empty($_POST['pass1']) && empty($_POST['pass2'])) { $pass_error = true; } else { unset($current_user->user_pass); } } if (!$pass_error && wp_update_user(get_object_vars($current_user))) { $bp_settings_updated = true; } } add_action('bp_template_title', 'bp_core_screen_delete_account_title'); add_action('bp_template_content', 'bp_core_screen_delete_account_content'); bp_core_load_template(apply_filters('bp_core_template_plugin', 'plugin-template')); }
/** * generated random data */ function test_data() { set_time_limit(0); global $wpdb; $users = $wpdb->get_col("SELECT ID FROM {$wpdb->users} WHERE ID != 1"); if (is_multisite()) { $wpdb->query("DELETE FROM {$wpdb->signups}"); } foreach ($users as $id) { bp_core_delete_account($id); } $ngu = 2; #how much only good users $ngbu = 2; #how much not only good or only bad users $nbu = 2; #how much only bad users $content_types = array('A', 'B', 'C', 'D'); $bpmod =& bpModeration::get_istance(); $statuses = array_keys($bpmod->content_stati); $n_contents = 20; $flags_per_cont = 20; # +/- 30% $goodusers = array(); $badusers = array(); for ($i = 1; $i <= $ngu + $ngbu + $nbu; $i++) { $uid = bp_core_signup_user('user' . $i, 'pass', $i . '@foo.bar', array()); if (is_multisite()) { global $wpdb; $key_sql = "SELECT activation_key FROM {$wpdb->signups} WHERE user_email = '" . $i . "@foo.bar'"; $key = $wpdb->get_var($key_sql); } else { $key = get_user_meta($uid, 'activation_key'); } $uid = bp_core_activate_signup($key); is_multisite() and wp_set_password('pass', $uid); if ($i <= $ngu + $ngbu) { $goodusers[] = $uid; } if ($i > $ngu) { $badusers[] = $uid; } } bpModLoader::load_class('bpModObjContent'); bpModLoader::load_class('bpModObjFlag'); for ($i = 1; $i <= $n_contents; $i++) { $badu = $badusers[mt_rand(0, count($badusers) - 1)]; $cont = new bpModObjContent(); $cont->item_type = $content_types[mt_rand(0, count($content_types) - 1)]; $cont->item_id = mt_rand(1, 1000000); $cont->item_author = $badu; $cont->item_date = gmdate("Y-m-d H:i:s", time() - mt_rand(1000000, 2000000)); $cont->status = $statuses[mt_rand(0, count($statuses) - 1)]; $cont->save(); $flags = mt_rand($flags_per_cont * 0.7, $flags_per_cont * 1.3); for ($j = 1; $j <= $flags; $j++) { while ($badu == ($goodu = $goodusers[mt_rand(0, count($goodusers) - 1)])) { } $f = new bpModObjFlag(); $f->content_id = $cont->content_id; $f->reporter_id = $goodu; $f->date = gmdate("Y-m-d H:i:s", time() - mt_rand(0, 1000000)); $f->save(); } } update_site_option('bp_moderation_test_data_check', 'success'); }