/** * Edit user settings based on contents of $_POST * * Largely based on the edit_user() function, this function only throws errors * when the user has posted invalid data, vs. when the mock user object does not * contain it. * * @since 0.1.0 * * @param int $user_id Optional. User ID. * @return int|WP_Error user id of the updated user */ function wp_user_profiles_edit_user($user_id = 0) { // Bail if no user ID if (empty($user_id)) { return; } // Setup the user being saved $user = new stdClass(); $user->ID = (int) $user_id; $userdata = get_userdata($user_id); // Setup the user login if (isset($_POST['user_login'])) { $user->user_login = sanitize_user($_POST['user_login'], true); } else { $user->user_login = wp_slash($userdata->user_login); } // Password changes $pass1 = isset($_POST['pass1']) ? $_POST['pass1'] : ''; $pass2 = isset($_POST['pass2']) ? $_POST['pass2'] : ''; // Role changes if (isset($_POST['role']) && current_user_can('edit_users')) { // New roles $new_roles = $_POST['role']; // Loop through new roles foreach ($new_roles as $blog_id => $new_role) { // Switch to the blog switch_to_blog($blog_id); // If the new role isn't editable by the logged-in user die with error $editable_roles = get_editable_roles(); if (!empty($new_role) && !empty($editable_roles[$new_role])) { $update_role = get_userdata($user_id); $update_role->set_role($new_role); } // Switch back restore_current_blog(); } } // Email if (isset($_POST['email'])) { $user->user_email = sanitize_text_field(wp_unslash($_POST['email'])); } // Website if (isset($_POST['url'])) { if (empty($_POST['url']) || $_POST['url'] == 'http://') { $user->user_url = ''; } else { $user->user_url = esc_url_raw($_POST['url']); $protocols = implode('|', array_map('preg_quote', wp_allowed_protocols())); $user->user_url = preg_match('/^(' . $protocols . '):/is', $user->user_url) ? $user->user_url : 'http://' . $user->user_url; } } // First if (isset($_POST['first_name'])) { $user->first_name = sanitize_text_field($_POST['first_name']); } // Last if (isset($_POST['last_name'])) { $user->last_name = sanitize_text_field($_POST['last_name']); } // Nick if (isset($_POST['nickname'])) { $user->nickname = sanitize_text_field($_POST['nickname']); } // Display if (isset($_POST['display_name'])) { $user->display_name = sanitize_text_field($_POST['display_name']); } // Description if (isset($_POST['description'])) { $user->description = trim($_POST['description']); } // Contact methods foreach (wp_get_user_contact_methods($user) as $method => $name) { if (isset($_POST[$method])) { $user->{$method} = sanitize_text_field($_POST[$method]); } } // Options $user->rich_editing = isset($_POST['rich_editing']) && 'false' === $_POST['rich_editing'] ? 'false' : 'true'; $user->admin_color = isset($_POST['admin_color']) ? sanitize_text_field($_POST['admin_color']) : 'fresh'; $user->show_admin_bar_front = isset($_POST['admin_bar_front']) ? 'true' : 'false'; $user->comment_shortcuts = isset($_POST['comment_shortcuts']) && 'true' === $_POST['comment_shortcuts'] ? 'true' : ''; $user->use_ssl = 0; if (!empty($_POST['use_ssl'])) { $user->use_ssl = 1; } // Error checking $errors = new WP_Error(); // Checking that username has been typed if (isset($_POST['user_login']) && empty($user->user_login)) { $errors->add('user_login', __('<strong>ERROR</strong>: Please enter a username.')); } // Checking that nickname has been typed if (isset($_POST['nickname']) && empty($user->nickname)) { $errors->add('nickname', __('<strong>ERROR</strong>: Please enter a nickname.')); } /** * Fires before the password and confirm password fields are checked for congruity. * * @since 1.5.1 * * @param string $user_login The username. * @param string &$pass1 The password, passed by reference. * @param string &$pass2 The confirmed password, passed by reference. */ do_action_ref_array('check_passwords', array($user->user_login, &$pass1, &$pass2)); // Check for "\" in password if (false !== strpos(wp_unslash($pass1), "\\")) { $errors->add('pass', __('<strong>ERROR</strong>: Passwords may not contain the character "\\".'), array('form-field' => 'pass1')); } // Checking the password has been typed twice the same if ($pass1 !== $pass2) { $errors->add('pass', __('<strong>ERROR</strong>: Please enter the same password in both password fields.'), array('form-field' => 'pass1')); } if (!empty($pass1)) { $user->user_pass = $pass1; } if (isset($_POST['user_login'])) { if (!validate_username($_POST['user_login'])) { $errors->add('user_login', __('<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.')); } if (isset($_POST['user_login']) && username_exists($user->user_login)) { $errors->add('user_login', __('<strong>ERROR</strong>: This username is already registered. Please choose another one.')); } } // Checking email address if (isset($_POST['email'])) { if (empty($user->user_email)) { $errors->add('empty_email', __('<strong>ERROR</strong>: Please enter an email address.'), array('form-field' => 'email')); } elseif (!is_email($user->user_email)) { $errors->add('invalid_email', __('<strong>ERROR</strong>: The email address is not correct.'), array('form-field' => 'email')); } elseif (($owner_id = email_exists($user->user_email)) && $owner_id !== $user->ID) { $errors->add('email_exists', __('<strong>ERROR</strong>: This email is already in use.'), array('form-field' => 'email')); } } /** * Fires before user profile update errors are returned. * * @since 2.8.0 * * @param WP_Error &$errors WP_Error object, passed by reference. * @param bool $update Whether this is a user update. * @param WP_User &$user WP_User object, passed by reference. */ do_action_ref_array('user_profile_update_errors', array(&$errors, true, &$user)); // Return errors if there are any if ($errors->get_error_codes()) { return $errors; } // Maybe save user status if (!empty($_POST['user_status'])) { wp_user_profiles_update_user_status($user, sanitize_key($_POST['user_status'])); } return wp_update_user($user); }
/** * Parent method for extended classes to call * * @since 0.2.0 * * @param WP_User $user */ public function save($user = null) { // Allow third party plugins to hook into this sections saving process $user = apply_filters("wp_user_profiles_save_{$this->id}_section", $user); // Return errors if there are any if (is_wp_error($user) && $user->get_error_codes()) { return $user; } // Maybe save user status if (!empty($_POST['user_status'])) { wp_user_profiles_update_user_status($user, sanitize_key($_POST['user_status'])); } // Update the user in the database return wp_update_user($user); }