Exemplo n.º 1
0
/**
 * AJAX callback for setting media ID as user avatar
 *
 * @since 0.1.0
 */
function wp_user_avatars_ajax_assign_media()
{
    // check required information and permissions
    if (empty($_POST['user_id']) || empty($_POST['media_id']) || empty($_POST['_wpnonce'])) {
        die;
    }
    // Cast values
    $media_id = (int) $_POST['media_id'];
    $user_id = (int) $_POST['user_id'];
    // Bail if current user cannot proceed
    if (!current_user_can('edit_avatar', $user_id)) {
        die;
    }
    // Bail if nonce verification fails
    if (!wp_verify_nonce($_POST['_wpnonce'], 'assign_wp_user_avatars_nonce')) {
        die;
    }
    // ensure the media is real is an image
    if (wp_attachment_is_image($media_id)) {
        wp_user_avatars_update_avatar($user_id, $media_id);
    }
    // Output the new avatar
    if (defined('DOING_AJAX') && DOING_AJAX) {
        echo get_avatar($user_id, 90);
        die;
    }
}
Exemplo n.º 2
0
/**
 * Save any changes to the user profile
 *
 * @param int $user_id ID of user being updated
 */
function wp_user_avatars_edit_user_profile_update($user_id = 0)
{
    // Bail if nonce fails
    if (empty($_POST['_wp_user_avatars_nonce']) || !wp_verify_nonce($_POST['_wp_user_avatars_nonce'], 'wp_user_avatars_nonce')) {
        return;
    }
    // Check for upload
    if (!empty($_FILES['wp-user-avatars']['name'])) {
        // need to be more secure since low privelege users can upload
        if (false !== strpos($_FILES['wp-user-avatars']['name'], '.php')) {
            add_action('user_profile_update_errors', 'wp_user_avatars_file_extension_error');
            return;
        }
        // front end (theme my profile etc) support
        if (!function_exists('wp_handle_upload')) {
            require_once ABSPATH . 'wp-admin/includes/file.php';
        }
        // Override avatar file-size
        add_filter('upload_size_limit', 'wp_user_avatars_upload_size_limit');
        // Handle upload
        $avatar = wp_handle_upload($_FILES['wp-user-avatars'], array('mimes' => array('jpg|jpeg|jpe' => 'image/jpeg', 'gif' => 'image/gif', 'png' => 'image/png'), 'test_form' => false, 'unique_filename_callback' => 'wp_user_avatars_unique_filename_callback'));
        remove_filter('upload_size_limit', 'wp_user_avatars_upload_size_limit');
        // Failures
        if (empty($avatar['file'])) {
            // Error feedback
            switch ($avatar['error']) {
                case 'File type does not meet security guidelines. Try another.':
                    add_action('user_profile_update_errors', 'wp_user_avatars_file_extension_error');
                    return;
                default:
                    add_action('user_profile_update_errors', 'wp_user_avatars_generic_error');
                    return;
            }
        }
        // Update
        wp_user_avatars_update_avatar($user_id, $avatar['url']);
    }
    // Rating
    if (isset($avatar['url']) || ($avatar = get_user_meta($user_id, 'wp_user_avatars', true))) {
        if (empty($_POST['wp_user_avatars_rating']) || !array_key_exists($_POST['wp_user_avatars_rating'], wp_user_avatars_get_ratings())) {
            $_POST['wp_user_avatars_rating'] = key(wp_user_avatars_get_ratings());
        }
        update_user_meta($user_id, 'wp_user_avatars_rating', $_POST['wp_user_avatars_rating']);
    }
}