/**
* Update a user in the database.
*
* It is possible to update a user's password by specifying the 'user_pass'
* value in the $userdata parameter array.
*
* If current user's password is being updated, then the cookies will be
* cleared.
*
* @since 2.0.0
*
* @see wp_insert_user() For what fields can be set in $userdata.
*
* @param mixed $userdata An array of user data or a user object of type stdClass or WP_User.
* @return int|WP_Error The updated user's ID or a WP_Error object if the user could not be updated.
*/
function wp_update_user($userdata)
{
if ($userdata instanceof stdClass) {
$userdata = get_object_vars($userdata);
} elseif ($userdata instanceof WP_User) {
$userdata = $userdata->to_array();
}
$ID = isset($userdata['ID']) ? (int) $userdata['ID'] : 0;
if (!$ID) {
return new WP_Error('invalid_user_id', __('Invalid user ID.'));
}
// First, get all of the original fields
$user_obj = get_userdata($ID);
if (!$user_obj) {
return new WP_Error('invalid_user_id', __('Invalid user ID.'));
}
$user = $user_obj->to_array();
// Add additional custom fields
foreach (_get_additional_user_keys($user_obj) as $key) {
$user[$key] = get_user_meta($ID, $key, true);
}
// Escape data pulled from DB.
$user = add_magic_quotes($user);
if (!empty($userdata['user_pass']) && $userdata['user_pass'] !== $user_obj->user_pass) {
// If password is changing, hash it now
$plaintext_pass = $userdata['user_pass'];
$userdata['user_pass'] = wp_hash_password($userdata['user_pass']);
/**
* Filter whether to send the password change email.
*
* @since 4.3.0
*
* @see wp_insert_user() For `$user` and `$userdata` fields.
*
* @param bool $send Whether to send the email.
* @param array $user The original user array.
* @param array $userdata The updated user array.
*
*/
$send_password_change_email = apply_filters('send_password_change_email', true, $user, $userdata);
}
if (isset($userdata['user_email']) && $user['user_email'] !== $userdata['user_email']) {
/**
* Filter whether to send the email change email.
*
* @since 4.3.0
*
* @see wp_insert_user() For `$user` and `$userdata` fields.
*
* @param bool $send Whether to send the email.
* @param array $user The original user array.
* @param array $userdata The updated user array.
*
*/
$send_email_change_email = apply_filters('send_email_change_email', true, $user, $userdata);
}
wp_cache_delete($user['user_email'], 'useremail');
// Merge old and new fields with new fields overwriting old ones.
$userdata = array_merge($user, $userdata);
$user_id = wp_insert_user($userdata);
if (!is_wp_error($user_id)) {
$blog_name = wp_specialchars_decode(get_option('blogname'));
if (!empty($send_password_change_email)) {
/* translators: Do not translate USERNAME, ADMIN_EMAIL, EMAIL, SITENAME, SITEURL: those are placeholders. */
$pass_change_text = __('Hi ###USERNAME###,
This notice confirms that your password was changed on ###SITENAME###.
If you did not change your password, please contact the Site Administrator at
###ADMIN_EMAIL###
This email has been sent to ###EMAIL###
Regards,
All at ###SITENAME###
###SITEURL###');
$pass_change_email = array('to' => $user['user_email'], 'subject' => __('[%s] Notice of Password Change'), 'message' => $pass_change_text, 'headers' => '');
/**
* Filter the contents of the email sent when the user's password is changed.
*
* @since 4.3.0
*
* @param array $pass_change_email {
* Used to build wp_mail().
* @type string $to The intended recipients. Add emails in a comma separated string.
* @type string $subject The subject of the email.
* @type string $message The content of the email.
* The following strings have a special meaning and will get replaced dynamically:
* - ###USERNAME### The current user's username.
* - ###ADMIN_EMAIL### The admin email in case this was unexpected.
* - ###EMAIL### The old email.
* - ###SITENAME### The name of the site.
* - ###SITEURL### The URL to the site.
* @type string $headers Headers. Add headers in a newline (\r\n) separated string.
* }
* @param array $user The original user array.
* @param array $userdata The updated user array.
*
*/
$pass_change_email = apply_filters('password_change_email', $pass_change_email, $user, $userdata);
$pass_change_email['message'] = str_replace('###USERNAME###', $user['user_login'], $pass_change_email['message']);
$pass_change_email['message'] = str_replace('###ADMIN_EMAIL###', get_option('admin_email'), $pass_change_email['message']);
$pass_change_email['message'] = str_replace('###EMAIL###', $user['user_email'], $pass_change_email['message']);
$pass_change_email['message'] = str_replace('###SITENAME###', get_option('blogname'), $pass_change_email['message']);
$pass_change_email['message'] = str_replace('###SITEURL###', home_url(), $pass_change_email['message']);
wp_mail($pass_change_email['to'], sprintf($pass_change_email['subject'], $blog_name), $pass_change_email['message'], $pass_change_email['headers']);
}
if (!empty($send_email_change_email)) {
/* translators: Do not translate USERNAME, ADMIN_EMAIL, EMAIL, SITENAME, SITEURL: those are placeholders. */
$email_change_text = __('Hi ###USERNAME###,
This notice confirms that your email was changed on ###SITENAME###.
If you did not change your email, please contact the Site Administrator at
###ADMIN_EMAIL###
This email has been sent to ###EMAIL###
Regards,
All at ###SITENAME###
###SITEURL###');
$email_change_email = array('to' => $user['user_email'], 'subject' => __('[%s] Notice of Email Change'), 'message' => $email_change_text, 'headers' => '');
/**
* Filter the contents of the email sent when the user's email is changed.
*
* @since 4.3.0
*
* @param array $email_change_email {
* Used to build wp_mail().
* @type string $to The intended recipients.
* @type string $subject The subject of the email.
* @type string $message The content of the email.
* The following strings have a special meaning and will get replaced dynamically:
* - ###USERNAME### The current user's username.
* - ###ADMIN_EMAIL### The admin email in case this was unexpected.
* - ###EMAIL### The old email.
* - ###SITENAME### The name of the site.
* - ###SITEURL### The URL to the site.
* @type string $headers Headers.
* }
* @param array $user The original user array.
* @param array $userdata The updated user array.
*/
$email_change_email = apply_filters('email_change_email', $email_change_email, $user, $userdata);
$email_change_email['message'] = str_replace('###USERNAME###', $user['user_login'], $email_change_email['message']);
$email_change_email['message'] = str_replace('###ADMIN_EMAIL###', get_option('admin_email'), $email_change_email['message']);
$email_change_email['message'] = str_replace('###EMAIL###', $user['user_email'], $email_change_email['message']);
$email_change_email['message'] = str_replace('###SITENAME###', get_option('blogname'), $email_change_email['message']);
$email_change_email['message'] = str_replace('###SITEURL###', home_url(), $email_change_email['message']);
wp_mail($email_change_email['to'], sprintf($email_change_email['subject'], $blog_name), $email_change_email['message'], $email_change_email['headers']);
}
}
// Update the cookies if the password changed.
$current_user = wp_get_current_user();
if ($current_user->ID == $ID) {
if (isset($plaintext_pass)) {
wp_clear_auth_cookie();
// Here we calculate the expiration length of the current auth cookie and compare it to the default expiration.
// If it's greater than this, then we know the user checked 'Remember Me' when they logged in.
$logged_in_cookie = wp_parse_auth_cookie('', 'logged_in');
/** This filter is documented in wp-includes/pluggable.php */
$default_cookie_life = apply_filters('auth_cookie_expiration', 2 * DAY_IN_SECONDS, $ID, false);
$remember = $logged_in_cookie['expiration'] - time() > $default_cookie_life;
wp_set_auth_cookie($ID, $remember);
}
}
return $user_id;
}
/**
* Update an user in the database.
*
* It is possible to update a user's password by specifying the 'user_pass'
* value in the $userdata parameter array.
*
* If $userdata does not contain an 'ID' key, then a new user will be created
* and the new user's ID will be returned.
*
* If current user's password is being updated, then the cookies will be
* cleared.
*
* @since 2.0.0
* @see wp_insert_user() For what fields can be set in $userdata
* @uses wp_insert_user() Used to update existing user or add new one if user doesn't exist already
*
* @param array $userdata An array of user data.
* @return int The updated user's ID.
*/
function wp_update_user($userdata)
{
$ID = (int) $userdata['ID'];
// First, get all of the original fields
$user_obj = get_userdata($ID);
$user = get_object_vars($user_obj->data);
// Add additional custom fields
foreach (_get_additional_user_keys($user_obj) as $key) {
$user[$key] = get_user_meta($ID, $key, true);
}
// Escape data pulled from DB.
$user = add_magic_quotes($user);
// If password is changing, hash it now.
if (!empty($userdata['user_pass'])) {
$plaintext_pass = $userdata['user_pass'];
$userdata['user_pass'] = wp_hash_password($userdata['user_pass']);
}
wp_cache_delete($user['user_email'], 'useremail');
// Merge old and new fields with new fields overwriting old ones.
$userdata = array_merge($user, $userdata);
$user_id = wp_insert_user($userdata);
// Update the cookies if the password changed.
$current_user = wp_get_current_user();
if ($current_user->ID == $ID) {
if (isset($plaintext_pass)) {
wp_clear_auth_cookie();
wp_set_auth_cookie($ID);
}
}
return $user_id;
}
/**
* Update user information. This method handles both add and update
* operations.
*
* @param string $email
* @param string $first_name
* @param string $last_name
* @param string $billing_type The billing type for the user
* @return NULL|void
*/
function update_user($user_data = '', $billing_type = '', $credits = '', $transaction_details = '')
{
global $current_user;
$valid_keys = array_flip(array_merge(array('ID', 'user_email', 'user_login', 'user_pass', 'role'), _get_additional_user_keys($current_user)));
$user_update = array();
// If user logged in update it
if (is_user_logged_in()) {
if (is_array($user_data)) {
$user_update = array_intersect_key($user_data, $valid_keys);
}
//Filter data for valid fields
// Set the user role for directory
$user_update['role'] = $this->user_role;
$user_update['ID'] = get_current_user_id();
wp_update_user($user_update);
//Save it
//Record the transaction
$transactions = new DR_Transactions($user_update['ID']);
$transactions->billing_type = $billing_type;
if (!empty($billing_type) && $billing_type == 'credits') {
$transactions->credits += $credits;
}
//AUTHORIZENET
if ($_SESSION['payment_method'] == 'cc') {
$transactions->authorizenet = $transaction_details;
} elseif ($_SESSION['payment_method'] == 'paypal') {
$transactions->paypal = $transaction_details;
}
unset($transactions);
}
}
/**
* Update an user in the database.
*
* It is possible to update a user's password by specifying the 'user_pass'
* value in the $userdata parameter array.
*
* If current user's password is being updated, then the cookies will be
* cleared.
*
* @since 2.0.0
*
* @see wp_insert_user() For what fields can be set in $userdata.
*
* @param mixed $userdata An array of user data or a user object of type stdClass or WP_User.
* @return int|WP_Error The updated user's ID or a WP_Error object if the user could not be updated.
*/
function wp_update_user($userdata)
{
if (is_a($userdata, 'stdClass')) {
$userdata = get_object_vars($userdata);
} elseif (is_a($userdata, 'WP_User')) {
$userdata = $userdata->to_array();
}
$ID = (int) $userdata['ID'];
// First, get all of the original fields
$user_obj = get_userdata($ID);
if (!$user_obj) {
return new WP_Error('invalid_user_id', __('Invalid user ID.'));
}
$user = $user_obj->to_array();
// Add additional custom fields
foreach (_get_additional_user_keys($user_obj) as $key) {
$user[$key] = get_user_meta($ID, $key, true);
}
// Escape data pulled from DB.
$user = add_magic_quotes($user);
// If password is changing, hash it now.
if (!empty($userdata['user_pass'])) {
$plaintext_pass = $userdata['user_pass'];
$userdata['user_pass'] = wp_hash_password($userdata['user_pass']);
}
wp_cache_delete($user['user_email'], 'useremail');
// Merge old and new fields with new fields overwriting old ones.
$userdata = array_merge($user, $userdata);
$user_id = wp_insert_user($userdata);
// Update the cookies if the password changed.
$current_user = wp_get_current_user();
if ($current_user->ID == $ID) {
if (isset($plaintext_pass)) {
wp_clear_auth_cookie();
// Here we calculate the expiration length of the current auth cookie and compare it to the default expiration.
// If it's greater than this, then we know the user checked 'Remember Me' when they logged in.
$logged_in_cookie = wp_parse_auth_cookie('', 'logged_in');
/** This filter is documented in wp-includes/pluggable.php */
$default_cookie_life = apply_filters('auth_cookie_expiration', 2 * DAY_IN_SECONDS, $ID, false);
$remember = $logged_in_cookie['expiration'] - time() > $default_cookie_life;
wp_set_auth_cookie($ID, $remember);
}
}
return $user_id;
}
function on_insert_user_meta($meta, $user, $update)
{
// We only log updates here
if (!$update) {
return $meta;
}
// $user should be set, but check just in case
if (empty($user) || !is_object($user)) {
return $meta;
}
// Make of copy of the posted data, because we change the keys
$posted_data = $_POST;
$posted_data = stripslashes_deep($posted_data);
// Paranoid mode, just in case some other plugin fires the "insert_user_meta" filter and the user.php file is not loaded for some super wierd reason
if (!function_exists("_get_additional_user_keys")) {
return $meta;
}
// Get the default fields to include. This includes contact methods (including filter, so more could have been added)
$arr_keys_to_check = _get_additional_user_keys($user);
// Somehow some fields are not include above, so add them manually
$arr_keys_to_check = array_merge($arr_keys_to_check, array("user_email", "user_url", "display_name"));
// Skip some keys, because to much info or I don't know what they are
$arr_keys_to_check = array_diff($arr_keys_to_check, array("use_ssl"));
// Some keys have different ways of getting data from user
// so change posted object to match those
$posted_data["user_url"] = isset($posted_data["url"]) ? $posted_data["url"] : null;
$posted_data["show_admin_bar_front"] = isset($posted_data["admin_bar_front"]) ? true : null;
$posted_data["user_email"] = isset($posted_data["email"]) ? $posted_data["email"] : null;
// Display name publicly as = POST "display_name"
#var_dump($user->display_name);
// Set vals for Enable keyboard shortcuts for comment moderation
$posted_data['comment_shortcuts'] = isset($posted_data['comment_shortcuts']) ? "true" : "false";
// Set vals for Disable the visual editor when writing
// posted val = string "false" = yes, disable
$posted_data['rich_editing'] = isset($posted_data['rich_editing']) ? "false" : "true";
// Set vals for Show Toolbar when viewing site
$posted_data['show_admin_bar_front'] = isset($posted_data['admin_bar_front']) ? "true" : "false";
// if checkbox is checked in admin then this is the saved value on the user object
// @todo:
// Check if password was updated
$password_changed = false;
if (!empty($posted_data['pass1']) && !empty($posted_data['pass2']) && $posted_data['pass1'] == $posted_data['pass2']) {
$password_changed = 1;
}
// Check if role was changed
//[role] => bbp_moderator
$role_changed = false;
// if user is network admin then role dropdown does not exist and role is not posted here
$new_role = isset($posted_data["role"]) ? $posted_data["role"] : null;
if ($new_role) {
// as done in user-edit.php
// Compare user role against currently editable roles
$user_roles = array_intersect(array_values($user->roles), array_keys(get_editable_roles()));
$old_role = reset($user_roles);
$role_changed = $new_role != $old_role;
}
// Will contain the differences
$user_data_diff = array();
// Check all keys for diff values
foreach ($arr_keys_to_check as $one_key_to_check) {
$old_val = $user->{$one_key_to_check};
$new_val = isset($posted_data[$one_key_to_check]) ? $posted_data[$one_key_to_check] : null;
#echo "<hr>key: $one_key_to_check";
#echo "<br>old val: $old_val";
#echo "<br>new val: $new_val";
// new val must be set, because otherwise we are not setting anything
if (!isset($new_val)) {
continue;
}
$user_data_diff = $this->add_diff($user_data_diff, $one_key_to_check, $old_val, $new_val);
}
// Setup basic context
$context = array("edited_user_id" => $user->ID, "edited_user_email" => $user->user_email, "edited_user_login" => $user->user_login, "server_http_user_agent" => isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : null);
if ($password_changed) {
$context["edited_user_password_changed"] = "1";
}
if ($role_changed) {
$context["user_prev_role"] = $old_role;
$context["user_new_role"] = $new_role;
}
// Add diff to context
if ($user_data_diff) {
foreach ($user_data_diff as $one_diff_key => $one_diff_vals) {
/*
One diff looks like:
"nickname": {
"old": "MyOldNick",
"new": "MyNewNick"
}
*/
$context["user_prev_{$one_diff_key}"] = $one_diff_vals["old"];
$context["user_new_{$one_diff_key}"] = $one_diff_vals["new"];
}
}
$this->infoMessage("user_updated_profile", $context);
return $meta;
}
