} elseif ('blocked' != $role && array_key_exists('blocked', $user->capabilities)) {
bb_fix_password($user->ID);
}
}
foreach ($profile_admin_keys as $key => $label) {
if (${$key} != '' || isset($user->{$key})) {
bb_update_usermeta($user->ID, $key, ${$key});
}
}
foreach ($assignable_caps as $cap => $label) {
if (!($already = array_key_exists($cap, $user->capabilities)) && ${$cap}) {
$user_obj->add_cap($cap);
} elseif (!${$cap} && $already) {
$user_obj->remove_cap($cap);
}
}
}
if (bb_current_user_can('change_user_password', $user->ID) && !empty($_POST['pass1'])) {
$_POST['pass1'] = addslashes($_POST['pass1']);
bb_update_user_password($user->ID, $_POST['pass1']);
if (bb_get_current_user_info('ID') == $user->ID) {
bb_clear_auth_cookie();
bb_set_auth_cookie($user->ID);
}
}
do_action('profile_edited', $user->ID);
nxt_redirect(add_query_arg('updated', 'true', get_user_profile_link($user->ID)));
exit;
}
}
bb_load_template('profile-edit.php', array('profile_info_keys', 'profile_admin_keys', 'assignable_caps', 'user_email', 'bb_roles', 'errors', 'self'));
function bb_manage_user_fields($edit_user = '')
{
global $nxt_roles, $nxt_users_object, $bbdb;
// Cap checks
$user_roles = $nxt_roles->role_names;
$can_keep_gate = bb_current_user_can('keep_gate');
if ('post' == strtolower($_SERVER['REQUEST_METHOD'])) {
bb_check_admin_referer('user-manage');
// Instantiate required vars
$_POST = stripslashes_deep($_POST);
$create_user_errors = new nxt_Error();
// User login
$trimmed_user_login = str_replace(' ', '', $_POST['user_login']);
$user_login = sanitize_user($_POST['user_login'], true);
$user_meta['first_name'] = $_POST['first_name'];
$user_meta['last_name'] = $_POST['last_name'];
$user_display_name = $_POST['display_name'];
$user_email = $_POST['user_email'];
$user_url = $_POST['user_url'];
$user_meta['from'] = $_POST['from'];
$user_meta['occ'] = $_POST['occ'];
$user_meta['interest'] = $_POST['interest'];
$user_role = $_POST['userrole'];
$user_meta['throttle'] = $_POST['throttle'];
$user_pass1 = $_POST['pass1'];
$user_pass2 = $_POST['pass2'];
$user_status = 0;
$user_pass = false;
$user_url = $user_url ? bb_fix_link($user_url) : '';
// Check user_login
if (!isset($_GET['action']) && empty($user_login)) {
$create_user_errors->add('user_login', __('Username is a required field.'));
} else {
if ($user_login !== $trimmed_user_login) {
$create_user_errors->add('user_login', sprintf(__('%s is an invalid username. How\'s this one?'), esc_html($_POST['user_login'])));
$user_login = $trimmed_user_login;
}
}
// Check email
if (isset($user_email) && empty($user_email)) {
$create_user_errors->add('user_email', __('Email address is a required field.'));
}
// Password Sanity Check
if ((!empty($user_pass1) || !empty($user_pass2)) && $user_pass1 !== $user_pass2) {
$create_user_errors->add('pass', __('You must enter the same password twice.'));
} elseif (!isset($_GET['action']) && (empty($user_pass1) && empty($user_pass2))) {
$create_user_errors->add('pass', __('You must enter a password.'));
} elseif (isset($_GET['action']) && (empty($user_pass1) && empty($user_pass2))) {
$user_pass = '';
} else {
$user_pass = $user_pass1;
}
// No errors
if (!$create_user_errors->get_error_messages()) {
// Create or udpate
switch ($_POST['action']) {
case 'create':
$goback = bb_get_uri('bb-admin/users.php', array('created' => 'true'), BB_URI_CONTEXT_FORM_ACTION + BB_URI_CONTEXT_BB_ADMIN);
$user = $nxt_users_object->new_user(compact('user_login', 'user_email', 'user_url', 'user_nicename', 'user_status', 'user_pass'));
// Error handler
if (is_nxt_error($user)) {
bb_admin_notice($user);
unset($goback);
// Update additional user data
} else {
// Update caps
bb_update_usermeta($user['ID'], $bbdb->prefix . 'capabilities', array($user_role => true));
// Update all user meta
foreach ($user_meta as $key => $value) {
bb_update_usermeta($user['ID'], $key, $value);
}
// Don't send email if empty
if (!empty($user_pass)) {
bb_send_pass($user['ID'], $user_pass);
}
do_action('bb_new_user', $user['ID'], $user_pass);
}
break;
case 'update':
$goback = bb_get_uri('bb-admin/users.php', array('updated' => 'true'), BB_URI_CONTEXT_FORM_ACTION + BB_URI_CONTEXT_BB_ADMIN);
$user = $nxt_users_object->get_user($_GET['user_id'], array('output' => ARRAY_A));
bb_update_user($user['ID'], $user_email, $user_url, $user_display_name);
// Don't change PW if empty
if (!empty($user_pass)) {
bb_update_user_password($user['ID'], $user_pass);
}
// Error handler
if (is_nxt_error($user)) {
bb_admin_notice($user);
unset($goback);
// Update additional user data
} else {
// Update caps
bb_update_usermeta($user['ID'], $bbdb->prefix . 'capabilities', array($user_role => true));
// Update all user meta
foreach ($user_meta as $key => $value) {
bb_update_usermeta($user['ID'], $key, $value);
}
// Don't send email if empty
if (!empty($user_pass)) {
bb_send_pass($user['ID'], $user_pass);
}
do_action('bb_update_user', $user['ID'], $user_pass);
}
break;
}
// Redirect
if (isset($goback) && !empty($goback)) {
bb_safe_redirect($goback);
}
// Error handler
} else {
bb_admin_notice($create_user_errors);
}
} elseif (isset($_GET['action']) && $_GET['action'] == 'edit') {
if (isset($_GET['user_id']) && is_numeric($_GET['user_id'])) {
$disabled = true;
// Get the user
if (empty($edit_user)) {
$edit_user = bb_get_user(bb_get_user_id($_GET['user_id']));
}
// Instantiate required vars
$user_login = $edit_user->user_login;
$user_meta['first_name'] = $edit_user->first_name;
$user_meta['last_name'] = $edit_user->last_name;
$user_display_name = $edit_user->display_name;
$user_email = $edit_user->user_email;
$user_url = $edit_user->user_url;
$user_meta['from'] = $edit_user->from;
$user_meta['occ'] = $edit_user->occ;
$user_meta['interest'] = $edit_user->interest;
$user_role = array_search('true', $edit_user->capabilities);
$user_meta['throttle'] = $edit_user->throttle;
// Keymasters can't demote themselves
if ($edit_user->ID == bb_get_current_user_info('id') && $can_keep_gate || isset($edit_user->capabilities) && is_array($edit_user->capabilities) && array_key_exists('keymaster', $edit_user->capabilities) && !$can_keep_gate) {
$user_roles = array('keymaster' => $user_roles['keymaster']);
} elseif (!$can_keep_gate) {
unset($user_roles['keymaster']);
}
}
}
// Load password strength checker
nxt_enqueue_script('password-strength-meter');
nxt_enqueue_script('profile-edit');
// Generate a few PW hints
$some_pass_hints = '';
for ($l = 3; $l != 0; $l--) {
$some_pass_hints .= '<p>' . bb_generate_password() . '</p>';
}
// Create the user fields
$user_fields = array('user_login' => array('title' => __('Username'), 'note' => __('Required! Unique identifier for new user.'), 'value' => $user_login, 'disabled' => $disabled), 'first_name' => array('title' => __('First Name'), 'value' => $user_meta['first_name']), 'last_name' => array('title' => __('Last Name'), 'value' => $user_meta['last_name']), 'display_name' => array('title' => __('Display Name'), 'value' => $user_display_name), 'user_email' => array('title' => __('Email'), 'note' => __('Required! Will be used for notifications and profile settings changes.'), 'value' => $user_email), 'user_url' => array('title' => __('Website'), 'class' => array('long', 'code'), 'note' => __('The full URL of user\'s homepage or blog.'), 'value' => $user_url), 'from' => array('title' => __('Location'), 'class' => array('long'), 'value' => $user_meta['from']), 'occ' => array('title' => __('Occupation'), 'class' => array('long'), 'value' => $user_meta['occ']), 'interest' => array('title' => __('Interests'), 'class' => array('long'), 'value' => $user_meta['interest']), 'userrole' => array('title' => __('User Role'), 'type' => 'select', 'options' => $user_roles, 'note' => __('Allow user the above privileges.'), 'value' => $user_role), 'pass1' => array('title' => __('New Password'), 'type' => 'password', 'class' => array('short', 'text', 'code'), 'note' => __('Hints: ') . $some_pass_hints, 'value' => $user_pass1), 'pass2' => array('title' => __('Repeat New Password'), 'type' => 'password', 'class' => array('short', 'text', 'code'), 'note' => __('If you ignore hints, remember: the password should be at least seven characters long. To make it stronger, use upper and lower case letters, numbers and symbols like ! " ? $ % ^ & ).'), 'value' => $user_pass2), 'email_pass' => array('title' => '', 'type' => 'checkbox', 'options' => array('1' => array('label' => __('Email the new password.'), 'attributes' => array('checked' => true)))), 'pass-strength-fake-input' => array('title' => __('Password Strength'), 'type' => 'hidden'));
return apply_filters('bb_manage_user_fields', $user_fields);
}
/**
* Handles the resetting of users' passwords
*
* Handles resetting a user's password, prompted by an email sent by
* {@see bb_reset_email()}
*
* @since 0.7.2
* @global bbdb $bbdb
*
* @param string $key
* @return unknown
*/
function bb_reset_password($key)
{
global $bbdb;
$key = sanitize_user($key, true);
if (empty($key) || !is_string($key)) {
return new WP_Error('invalid_key', __('Invalid key'));
}
if (!($user_id = $bbdb->get_var($bbdb->prepare("SELECT user_id FROM {$bbdb->usermeta} WHERE meta_key = 'newpwdkey' AND meta_value = %s", $key)))) {
return new WP_Error('invalid_key', __('Invalid key'));
}
$user = new BP_User($user_id);
if (!$user || is_wp_error($user)) {
return new WP_Error('invalid_key', __('Invalid key'));
}
if (bb_has_broken_pass($user->ID)) {
bb_block_current_user();
}
if (!$user->has_cap('change_user_password', $user->ID)) {
return new WP_Error('permission_denied', __('You are not allowed to change your password.'));
}
$newpass = bb_generate_password();
bb_update_user_password($user->ID, $newpass);
if (!bb_send_pass($user->ID, $newpass)) {
return new WP_Error('sending_mail_failed', __('The email containing the new password could not be sent.'));
}
bb_update_usermeta($user->ID, 'newpwdkey', '');
return true;
}
