_e('Capabilities', 'buddypress'); ?> </h3> <form action="<?php echo bp_displayed_user_domain() . bp_get_settings_slug() . '/capabilities/'; ?> " name="account-capabilities-form" id="account-capabilities-form" class="standard-form" method="post"> <?php do_action('bp_members_capabilities_account_before_submit'); ?> <label> <input type="checkbox" name="user-spammer" id="user-spammer" value="1" <?php checked(bp_is_user_spammer(bp_displayed_user_id())); ?> /> <?php _e('This user is a spammer.', 'buddypress'); ?> </label> <div class="submit"> <input type="submit" value="<?php _e('Save', 'buddypress'); ?> " id="capabilities-submit" name="capabilities-submit" /> </div> <?php
/** * As BuddyPress brings a "spam user" feature to regular configs, * let's use it! * * @since 2.3.0 * * @param bool $is_spammer whether the user is a spammer or not * @param WP_User $user the WordPress User Object * @return bool Whether the user is a spammer or not */ function wp_idea_stream_buddypress_is_spammy($is_spammer, $user = null) { if (empty($user->ID)) { return $is_spammer; } return bp_is_user_spammer($user->ID); }
/** * Checks if user is active * * @since BuddyPress (1.6) * * @uses is_user_logged_in() To check if user is logged in * @uses bp_loggedin_user_id() To get current user ID * @uses bp_is_user_spammer() To check if user is spammer * @uses bp_is_user_deleted() To check if user is deleted * * @param int $user_id The user ID to check * @return bool True if public, false if not */ function bp_is_user_active($user_id = 0) { // Default to current user if (empty($user_id) && is_user_logged_in()) { $user_id = bp_loggedin_user_id(); } // No user to check if (empty($user_id)) { return false; } // Check spam if (bp_is_user_spammer($user_id)) { return false; } // Check deleted if (bp_is_user_deleted($user_id)) { return false; } // Assume true if not spam or deleted return true; }
/** * Render the Status metabox for user's profile screen. * * Actions are: * - Update profile fields if xProfile component is active * - Spam/Unspam user * * @since 2.0.0 * * @param WP_User|null $user The WP_User object to be edited. */ public function user_admin_status_metabox($user = null) { // Bail if no user id or if the user has not activated their account yet. if (empty($user->ID)) { return; } // Bail if user has not been activated yet (how did you get here?). if (isset($user->user_status) && 2 == $user->user_status) { ?> <p class="not-activated"><?php esc_html_e('User account has not yet been activated', 'buddypress'); ?> </p><br/> <?php return; } ?> <div class="submitbox" id="submitcomment"> <div id="minor-publishing"> <div id="misc-publishing-actions"> <?php // Get the spam status once here to compare against below. $is_spammer = bp_is_user_spammer($user->ID); /** * In configs where BuddyPress is not network activated, * regular admins cannot mark a user as a spammer on front * end. This prevent them to do it in backend. * * Also prevent admins from marking themselves or other * admins as spammers. */ if (empty($this->is_self_profile) && !in_array($user->user_login, get_super_admins()) && empty($this->subsite_activated) || !empty($this->subsite_activated) && current_user_can('manage_network_users')) { ?> <div class="misc-pub-section" id="comment-status-radio"> <label class="approved"><input type="radio" name="user_status" value="ham" <?php checked($is_spammer, false); ?> ><?php esc_html_e('Active', 'buddypress'); ?> </label><br /> <label class="spam"><input type="radio" name="user_status" value="spam" <?php checked($is_spammer, true); ?> ><?php esc_html_e('Spammer', 'buddypress'); ?> </label> </div> <?php } ?> <div class="misc-pub-section curtime misc-pub-section-last"> <?php // Translators: Publish box date format, see http://php.net/date. $datef = __('M j, Y @ G:i', 'buddypress'); $date = date_i18n($datef, strtotime($user->user_registered)); ?> <span id="timestamp"><?php printf(__('Registered on: %s', 'buddypress'), '<strong>' . $date . '</strong>'); ?> </span> </div> </div> <!-- #misc-publishing-actions --> <div class="clear"></div> </div><!-- #minor-publishing --> <div id="major-publishing-actions"> <div id="publishing-action"> <a class="button bp-view-profile" href="<?php echo esc_url(bp_core_get_user_domain($user->ID)); ?> " target="_blank"><?php esc_html_e('View Profile', 'buddypress'); ?> </a> <?php submit_button(esc_html__('Update Profile', 'buddypress'), 'primary', 'save', false); ?> </div> <div class="clear"></div> </div><!-- #major-publishing-actions --> </div><!-- #submitcomment --> <?php }
/** * Setup globals * * The BP_MEMBERS_SLUG constant is deprecated, and only used here for * backwards compatibility. * * @since BuddyPress (1.5) */ public function setup_globals($args = array()) { $bp = buddypress(); // Define a slug, if necessary if (!defined('BP_MEMBERS_SLUG')) { define('BP_MEMBERS_SLUG', $this->id); } $members_globals = array('slug' => BP_MEMBERS_SLUG, 'root_slug' => isset($bp->pages->members->slug) ? $bp->pages->members->slug : BP_MEMBERS_SLUG, 'has_directory' => true, 'directory_title' => _x('Members', 'component directory title', 'buddypress'), 'global_tables' => array('table_name_last_activity' => bp_core_get_table_prefix() . 'bp_activity', 'table_name_signups' => bp_core_get_table_prefix() . 'signups'), 'search_string' => __('Search Members...', 'buddypress')); parent::setup_globals($members_globals); /** Logged in user ****************************************************/ // Fetch the full name for the logged in user $bp->loggedin_user->fullname = bp_core_get_user_displayname(bp_loggedin_user_id()); // Hits the DB on single WP installs so get this separately $bp->loggedin_user->is_super_admin = $bp->loggedin_user->is_site_admin = is_super_admin(bp_loggedin_user_id()); // The domain for the user currently logged in. eg: http://domain.com/members/andy $bp->loggedin_user->domain = bp_core_get_user_domain(bp_loggedin_user_id()); // The core userdata of the user who is currently logged in. $bp->loggedin_user->userdata = bp_core_get_core_userdata(bp_loggedin_user_id()); /** Displayed user ****************************************************/ // The domain for the user currently being displayed $bp->displayed_user->domain = bp_core_get_user_domain(bp_displayed_user_id()); // The core userdata of the user who is currently being displayed $bp->displayed_user->userdata = bp_core_get_core_userdata(bp_displayed_user_id()); // Fetch the full name displayed user $bp->displayed_user->fullname = bp_core_get_user_displayname(bp_displayed_user_id()); /** Signup ***************************************************/ $bp->signup = new stdClass(); /** Profiles Fallback *************************************************/ if (!bp_is_active('xprofile')) { $bp->profile = new stdClass(); $bp->profile->slug = 'profile'; $bp->profile->id = 'profile'; } /** Default Profile Component *****************************************/ if (!defined('BP_DEFAULT_COMPONENT')) { if (bp_is_active('activity') && isset($bp->pages->activity)) { $bp->default_component = bp_get_activity_slug(); } else { $bp->default_component = 'xprofile' === $bp->profile->id ? 'profile' : $bp->profile->id; } } else { $bp->default_component = BP_DEFAULT_COMPONENT; } if (bp_displayed_user_id()) { $bp->canonical_stack['base_url'] = bp_displayed_user_domain(); if (bp_current_component()) { $bp->canonical_stack['component'] = bp_current_component(); } if (bp_current_action()) { $bp->canonical_stack['action'] = bp_current_action(); } if (!empty($bp->action_variables)) { $bp->canonical_stack['action_variables'] = bp_action_variables(); } if (!bp_current_component()) { $bp->current_component = $bp->default_component; } else { if (bp_is_current_component($bp->default_component) && !bp_current_action()) { // The canonical URL will not contain the default component unset($bp->canonical_stack['component']); } } // if we're on a spammer's profile page, only users with the 'bp_moderate' cap // can view subpages on the spammer's profile // // users without the cap trying to access a spammer's subnav page will get // redirected to the root of the spammer's profile page. this occurs by // by removing the component in the canonical stack. if (bp_is_user_spammer(bp_displayed_user_id()) && !bp_current_user_can('bp_moderate')) { unset($bp->canonical_stack['component']); } } }
/** * @deprecated 1.6.0 */ function bp_core_is_user_spammer($user_id = 0) { _deprecated_function(__FUNCTION__, '1.6'); bp_is_user_spammer($user_id); }
/** * Add "Mark as Spam/Ham" button to user row actions. * * @since 2.0.0 * * @param array $actions User row action links. * @param object $user_object Current user information. * @return array $actions User row action links. */ function bp_core_admin_user_row_actions($actions, $user_object) { // Setup the $user_id variable from the current user object. $user_id = 0; if (!empty($user_object->ID)) { $user_id = absint($user_object->ID); } // Bail early if user cannot perform this action, or is looking at themselves. if (current_user_can('edit_user', $user_id) && bp_loggedin_user_id() !== $user_id) { // Admin URL could be single site or network. $url = bp_get_admin_url('users.php'); // If spammed, create unspam link. if (bp_is_user_spammer($user_id)) { $url = add_query_arg(array('action' => 'ham', 'user' => $user_id), $url); $unspam_link = wp_nonce_url($url, 'bp-spam-user'); $actions['ham'] = sprintf('<a href="%1$s">%2$s</a>', esc_url($unspam_link), esc_html__('Not Spam', 'buddypress')); // If not already spammed, create spam link. } else { $url = add_query_arg(array('action' => 'spam', 'user' => $user_id), $url); $spam_link = wp_nonce_url($url, 'bp-spam-user'); $actions['spam'] = sprintf('<a class="submitdelete" href="%1$s">%2$s</a>', esc_url($spam_link), esc_html__('Spam', 'buddypress')); } } // Create a "View" link. $url = bp_core_get_user_domain($user_id); $actions['view'] = sprintf('<a href="%1$s">%2$s</a>', esc_url($url), esc_html__('View', 'buddypress')); // Return new actions. return $actions; }
/** * Analyzes the URI structure and breaks it down into parts for use in code. * BuddyPress can use complete custom friendly URI's without the user having to * add new re-write rules. Custom components are able to use their own custom * URI structures with very little work. * * @package BuddyPress Core * @since BuddyPress (r100) * * The URI's are broken down as follows: * - http:// domain.com / members / andy / [current_component] / [current_action] / [action_variables] / [action_variables] / ... * - OUTSIDE ROOT: http:// domain.com / sites / buddypress / members / andy / [current_component] / [current_action] / [action_variables] / [action_variables] / ... * * Example: * - http://domain.com/members/andy/profile/edit/group/5/ * - $bp->current_component: string 'xprofile' * - $bp->current_action: string 'edit' * - $bp->action_variables: array ['group', 5] * */ function bp_core_set_uri_globals() { global $bp, $current_blog, $wpdb; // Don't catch URIs on non-root blogs unless multiblog mode is on if (!bp_is_root_blog() && !bp_is_multiblog_mode()) { return false; } // Define local variables $root_profile = $match = false; $key_slugs = $matches = $uri_chunks = array(); // Fetch all the WP page names for each component if (empty($bp->pages)) { $bp->pages = bp_core_get_directory_pages(); } // Ajax or not? if (strpos($_SERVER['REQUEST_URI'], 'wp-load.php')) { $path = bp_core_referrer(); } else { $path = esc_url($_SERVER['REQUEST_URI']); } // Filter the path $path = apply_filters('bp_uri', $path); // Take GET variables off the URL to avoid problems $path = strtok($path, '?'); // Fetch current URI and explode each part separated by '/' into an array $bp_uri = explode('/', $path); // Loop and remove empties foreach ((array) $bp_uri as $key => $uri_chunk) { if (empty($bp_uri[$key])) { unset($bp_uri[$key]); } } // If running off blog other than root, any subdirectory names must be // removed from $bp_uri. This includes two cases: // // 1. when WP is installed in a subdirectory, // 2. when BP is running on secondary blog of a subdirectory // multisite installation. Phew! if (is_multisite() && !is_subdomain_install() && (bp_is_multiblog_mode() || 1 != bp_get_root_blog_id())) { // Blow chunks $chunks = explode('/', $current_blog->path); // If chunks exist... if (!empty($chunks)) { // ...loop through them... foreach ($chunks as $key => $chunk) { $bkey = array_search($chunk, $bp_uri); // ...and unset offending keys if (false !== $bkey) { unset($bp_uri[$bkey]); } $bp_uri = array_values($bp_uri); } } } // Get site path items $paths = explode('/', bp_core_get_site_path()); // Take empties off the end of path if (empty($paths[count($paths) - 1])) { array_pop($paths); } // Take empties off the start of path if (empty($paths[0])) { array_shift($paths); } // Unset URI indices if they intersect with the paths foreach ((array) $bp_uri as $key => $uri_chunk) { if (in_array($uri_chunk, $paths)) { unset($bp_uri[$key]); } } // Reset the keys by merging with an empty array $bp_uri = array_merge(array(), $bp_uri); // If a component is set to the front page, force its name into $bp_uri // so that $current_component is populated if ('page' == get_option('show_on_front') && get_option('page_on_front') && empty($bp_uri)) { $post = get_post(get_option('page_on_front')); if (!empty($post)) { $bp_uri[0] = $post->post_name; } } // Keep the unfiltered URI safe $bp->unfiltered_uri = $bp_uri; // Get slugs of pages into array foreach ((array) $bp->pages as $page_key => $bp_page) { $key_slugs[$page_key] = trailingslashit('/' . $bp_page->slug); } // Bail if keyslugs are empty, as BP is not setup correct if (empty($key_slugs)) { return; } // Loop through page slugs and look for exact match to path foreach ($key_slugs as $key => $slug) { if ($slug == $path) { $match = $bp->pages->{$key}; $match->key = $key; $matches[] = 1; break; } } // No exact match, so look for partials if (empty($match)) { // Loop through each page in the $bp->pages global foreach ((array) $bp->pages as $page_key => $bp_page) { // Look for a match (check members first) if (in_array($bp_page->name, (array) $bp_uri)) { // Match found, now match the slug to make sure. $uri_chunks = explode('/', $bp_page->slug); // Loop through uri_chunks foreach ((array) $uri_chunks as $key => $uri_chunk) { // Make sure chunk is in the correct position if (!empty($bp_uri[$key]) && $bp_uri[$key] == $uri_chunk) { $matches[] = 1; // No match } else { $matches[] = 0; } } // Have a match if (!in_array(0, (array) $matches)) { $match = $bp_page; $match->key = $page_key; break; } // Unset matches unset($matches); } // Unset uri chunks unset($uri_chunks); } } // URLs with BP_ENABLE_ROOT_PROFILES enabled won't be caught above if (empty($matches) && bp_core_enable_root_profiles()) { // Make sure there's a user corresponding to $bp_uri[0] if (!empty($bp->pages->members) && !empty($bp_uri[0]) && ($root_profile = get_user_by('login', $bp_uri[0]))) { // Force BP to recognize that this is a members page $matches[] = 1; $match = $bp->pages->members; $match->key = 'members'; // Without the 'members' URL chunk, WordPress won't know which page to load // This filter intercepts the WP query and tells it to load the members page add_filter('request', create_function('$query_args', '$query_args["pagename"] = "' . $match->name . '"; return $query_args;')); } } // Search doesn't have an associated page, so we check for it separately if (!empty($bp_uri[0]) && bp_get_search_slug() == $bp_uri[0]) { $matches[] = 1; $match = new stdClass(); $match->key = 'search'; $match->slug = bp_get_search_slug(); } // This is not a BuddyPress page, so just return. if (!isset($matches)) { return false; } // Find the offset. With $root_profile set, we fudge the offset down so later parsing works $slug = !empty($match) ? explode('/', $match->slug) : ''; $uri_offset = empty($root_profile) ? 0 : -1; // Rejig the offset if (!empty($slug) && 1 < count($slug)) { array_pop($slug); $uri_offset = count($slug); } // Global the unfiltered offset to use in bp_core_load_template(). // To avoid PHP warnings in bp_core_load_template(), it must always be >= 0 $bp->unfiltered_uri_offset = $uri_offset >= 0 ? $uri_offset : 0; // We have an exact match if (isset($match->key)) { // Set current component to matched key $bp->current_component = $match->key; // If members component, do more work to find the actual component if ('members' == $match->key) { // Viewing a specific user if (!empty($bp_uri[$uri_offset + 1])) { // Switch the displayed_user based on compatbility mode if (bp_is_username_compatibility_mode()) { $bp->displayed_user->id = (int) bp_core_get_userid(urldecode($bp_uri[$uri_offset + 1])); } else { $bp->displayed_user->id = (int) bp_core_get_userid_from_nicename(urldecode($bp_uri[$uri_offset + 1])); } if (!bp_displayed_user_id()) { // Prevent components from loading their templates $bp->current_component = ''; bp_do_404(); return; } // If the displayed user is marked as a spammer, 404 (unless logged- // in user is a super admin) if (bp_displayed_user_id() && bp_is_user_spammer(bp_displayed_user_id())) { if (bp_current_user_can('bp_moderate')) { bp_core_add_message(__('This user has been marked as a spammer. Only site admins can view this profile.', 'buddypress'), 'warning'); } else { bp_do_404(); return; } } // Bump the offset if (isset($bp_uri[$uri_offset + 2])) { $bp_uri = array_merge(array(), array_slice($bp_uri, $uri_offset + 2)); $bp->current_component = $bp_uri[0]; // No component, so default will be picked later } else { $bp_uri = array_merge(array(), array_slice($bp_uri, $uri_offset + 2)); $bp->current_component = ''; } // Reset the offset $uri_offset = 0; } } } // Set the current action $bp->current_action = isset($bp_uri[$uri_offset + 1]) ? $bp_uri[$uri_offset + 1] : ''; // Slice the rest of the $bp_uri array and reset offset $bp_uri = array_slice($bp_uri, $uri_offset + 2); $uri_offset = 0; // Set the entire URI as the action variables, we will unset the current_component and action in a second $bp->action_variables = $bp_uri; // Remove the username from action variables if this is not a VHOST install // @todo - move or remove this all together if (defined('VHOST') && 'no' == VHOST && empty($bp->current_component)) { array_shift($bp_uri); } // Reset the keys by merging with an empty array $bp->action_variables = array_merge(array(), $bp->action_variables); }
/** * Render the Status metabox for user's profile screen. * * Actions are: * - Update profile fields if xProfile component is active * - Spam/Unspam user * * @access public * @since BuddyPress (2.0.0) * * @param WP_User $user The WP_User object to be edited. */ public function user_admin_status_metabox($user = null) { // Bail if no user id or if the user has not activated their account yet if (empty($user->ID)) { return; } if (isset($user->user_status) && 2 == $user->user_status) { echo '<p class="not-activated">' . esc_html__('User account has not yet been activated', 'buddypress') . '</p><br/>'; return; } ?> <div class="submitbox" id="submitcomment"> <div id="minor-publishing"> <div id="misc-publishing-actions"> <?php /** * In configs where BuddyPress is not network activated, regular admins * cannot mark a user as a spammer on front end. This prevent them to do * it in backend. */ ?> <?php if (empty($this->subsite_activated) || !empty($this->subsite_activated) && current_user_can('manage_network_users')) { ?> <div class="misc-pub-section" id="comment-status-radio"> <label class="approved"><input type="radio" name="user_status" value="ham" <?php checked(bp_is_user_spammer($user->ID), false); ?> ><?php esc_html_e('Active', 'buddypress'); ?> </label><br /> <label class="spam"><input type="radio" name="user_status" value="spam" <?php checked(bp_is_user_spammer($user->ID), true); ?> ><?php esc_html_e('Spammer', 'buddypress'); ?> </label> </div> <?php } ?> <div class="misc-pub-section curtime misc-pub-section-last"> <?php // translators: Publish box date format, see http://php.net/date $datef = __('M j, Y @ G:i', 'buddypress'); $date = date_i18n($datef, strtotime($user->user_registered)); ?> <span id="timestamp"><?php printf(__('Registered on: <strong>%1$s</strong>', 'buddypress'), $date); ?> </span> </div> </div> <!-- #misc-publishing-actions --> <div class="clear"></div> </div><!-- #minor-publishing --> <div id="major-publishing-actions"> <div id="publishing-action"> <a class="button bp-view-profile" href="<?php echo esc_url(bp_core_get_user_domain($user->ID)); ?> " target="_blank"><?php esc_html_e('View Profile', 'buddypress'); ?> </a> <?php submit_button(esc_html__('Update Profile', 'buddypress'), 'primary', 'save', false, array('tabindex' => '4')); ?> </div> <div class="clear"></div> </div><!-- #major-publishing-actions --> </div><!-- #submitcomment --> <?php }
/** * Adds an admin bar menu to any profile page providing site moderator actions * that allow capable users to clean up a users account. * * @package BuddyPress XProfile * @global $bp BuddyPress */ function bp_members_adminbar_admin_menu() { global $bp; // Only show if viewing a user if (!bp_displayed_user_id()) { return false; } // Don't show this menu to non site admins or if you're viewing your own profile if (!current_user_can('edit_users') || bp_is_my_profile()) { return false; } ?> <li id="bp-adminbar-adminoptions-menu"> <a href=""><?php _e('Admin Options', 'buddypress'); ?> </a> <ul> <?php if (bp_is_active('xprofile')) { ?> <li><a href="<?php bp_members_component_link('profile', 'edit'); ?> "><?php printf(__("Edit %s's Profile", 'buddypress'), esc_attr($bp->displayed_user->fullname)); ?> </a></li> <?php } ?> <li><a href="<?php bp_members_component_link('profile', 'change-avatar'); ?> "><?php printf(__("Edit %s's Avatar", 'buddypress'), esc_attr($bp->displayed_user->fullname)); ?> </a></li> <?php if (!bp_is_user_spammer(bp_displayed_user_id())) { ?> <li><a href="<?php echo wp_nonce_url($bp->displayed_user->domain . 'admin/mark-spammer/', 'mark-unmark-spammer'); ?> " class="confirm"><?php printf(__("Mark as Spammer", 'buddypress'), esc_attr($bp->displayed_user->fullname)); ?> </a></li> <?php } else { ?> <li><a href="<?php echo wp_nonce_url($bp->displayed_user->domain . 'admin/unmark-spammer/', 'mark-unmark-spammer'); ?> " class="confirm"><?php _e("Not a Spammer", 'buddypress'); ?> </a></li> <?php } ?> <li><a href="<?php echo wp_nonce_url($bp->displayed_user->domain . 'admin/delete-user/', 'delete-user'); ?> " class="confirm"><?php printf(__("Delete %s's Account", 'buddypress'), esc_attr($bp->displayed_user->fullname)); ?> </a></li> <?php do_action('bp_members_adminbar_admin_menu'); ?> </ul> </li> <?php }
/** * Add "Mark as Spam/Ham" button to user row actions. * * @since BuddyPress (2.0.0) * * @param array $actions User row action links. * @param object $user_object Current user information. * @return array $actions User row action links. */ function bp_core_admin_user_row_actions($actions, $user_object) { if (current_user_can('edit_user', $user_object->ID) && bp_loggedin_user_id() != $user_object->ID) { $url = bp_get_admin_url('users.php'); if (bp_is_user_spammer($user_object->ID)) { $actions['ham'] = "<a href='" . wp_nonce_url($url . "?action=ham&user={$user_object->ID}", 'bp-spam-user') . "'>" . __('Not Spam', 'buddypress') . "</a>"; } else { $actions['spam'] = "<a class='submitdelete' href='" . wp_nonce_url($url . "?action=spam&user={$user_object->ID}", 'bp-spam-user') . "'>" . __('Mark as Spam', 'buddypress') . "</a>"; } } return $actions; }
/** * Adds the User Admin top-level menu to user pages * * @package BuddyPress * @since 1.5 */ function bp_members_admin_bar_user_admin_menu() { global $bp, $wp_admin_bar; // Only show if viewing a user if (!bp_is_user()) { return false; } // Don't show this menu to non site admins or if you're viewing your own profile if (!current_user_can('edit_users') || bp_is_my_profile()) { return false; } // User avatar $avatar = bp_core_fetch_avatar(array('item_id' => bp_displayed_user_id(), 'email' => $bp->displayed_user->userdata->user_email, 'width' => 16, 'height' => 16)); // Unique ID for the 'My Account' menu $bp->user_admin_menu_id = !empty($avatar) ? 'user-admin-with-avatar' : 'user-admin'; // Add the top-level User Admin button $wp_admin_bar->add_menu(array('id' => $bp->user_admin_menu_id, 'title' => $avatar . bp_get_displayed_user_fullname(), 'href' => bp_displayed_user_domain())); // User Admin > Edit this user's profile $wp_admin_bar->add_menu(array('parent' => $bp->user_admin_menu_id, 'id' => 'edit-profile', 'title' => __("Edit Profile", 'buddypress'), 'href' => bp_get_members_component_link('profile', 'edit'))); // User Admin > Edit this user's avatar $wp_admin_bar->add_menu(array('parent' => $bp->user_admin_menu_id, 'id' => 'change-avatar', 'title' => __("Edit Avatar", 'buddypress'), 'href' => bp_get_members_component_link('profile', 'change-avatar'))); // User Admin > Spam/unspam if (!bp_is_user_spammer(bp_displayed_user_id())) { $wp_admin_bar->add_menu(array('parent' => $bp->user_admin_menu_id, 'id' => 'spam-user', 'title' => __('Mark as Spammer', 'buddypress'), 'href' => wp_nonce_url(bp_displayed_user_domain() . 'admin/mark-spammer/', 'mark-unmark-spammer'), 'meta' => array('onclick' => 'confirm(" ' . __('Are you sure you want to mark this user as a spammer?', 'buddypress') . '");'))); } else { $wp_admin_bar->add_menu(array('parent' => $bp->user_admin_menu_id, 'id' => 'unspam-user', 'title' => __('Not a Spammer', 'buddypress'), 'href' => wp_nonce_url(bp_displayed_user_domain() . 'admin/unmark-spammer/', 'mark-unmark-spammer'), 'meta' => array('onclick' => 'confirm(" ' . __('Are you sure you want to mark this user as not a spammer?', 'buddypress') . '");'))); } // User Admin > Delete Account $wp_admin_bar->add_menu(array('parent' => $bp->user_admin_menu_id, 'id' => 'delete-user', 'title' => __('Delete Account', 'buddypress'), 'href' => wp_nonce_url(bp_displayed_user_domain() . 'admin/delete-user/', 'delete-user'), 'meta' => array('onclick' => 'confirm(" ' . __("Are you sure you want to delete this user's account?", 'buddypress') . '");'))); }
/** * print users view (custom query + contents table) */ function view_users() { global $bp; $chk = ' checked="checked"'; $sel = ' selected="selected"'; ?> <form id="bpmod-users-query" class="bpmod-form-query" action="admin.php" method="get"> <input type="hidden" name="page" value="bp-moderation"/> <input type="hidden" name="view" value="users"/> <fieldset> <legend><?php _e('Custom Query', 'bp-moderation'); ?> </legend> <div class="column"> <h4><?php _e('Filters', 'bp-moderation'); ?> </h4> <dt> <input id='filter-user' <?php echo isset($_GET['active_filters']['user']) ? $chk : ''; ?> name='active_filters[user]' type='checkbox'/> <label for='filter-user'><?php _e('Specific users', 'bp-moderation'); ?> </label> </dt> <dd> <input id='user' class='line' size='40' type='text' name='filters[user]' value='<?php echo empty($_GET['filters']['user']) ? '' : $_GET['filters']['user']; ?> '/> <label for='user'><?php _e('User ids (comma separeted)', 'bp-moderation'); ?> </label> </dd> <?php $filters = array(array('own_flags', __('Total flags on own contents', 'bp-moderation'), __('Own contents have been flagged for a total of at least %s flags', 'bp-moderation')), array('own_contents', __('Total own contents reported', 'bp-moderation'), __('Own contents have been reported at least %s times', 'bp-moderation')), array('own_ignored', __('Ignored own contents', 'bp-moderation'), __('Own contents have been ignored at least %s times', 'bp-moderation')), array('own_moderated', __('Moderated own contents', 'bp-moderation'), __('Own contents have been moderated at least %s times', 'bp-moderation')), array('others_contents', __('Total contents reported by user', 'bp-moderation'), __('User has been reported at least %s contents', 'bp-moderation')), array('others_ignored', __('Ignored contents reported by user', 'bp-moderation'), __('Contents reported by user have been ignored at least %s times', 'bp-moderation')), array('others_moderated', __('Moderated contents reported by user', 'bp-moderation'), __('Contents reported by user have been moderated at least %s times', 'bp-moderation'))); foreach ($filters as $filter) { list($slug, $title, $desc) = $filter; ?> <dt> <input id='filter-<?php echo $slug; ?> ' <?php echo checked('on', @$_GET['active_filters'][$slug]); ?> name='active_filters[<?php echo $slug; ?> ]' type='checkbox'/> <label for='filter-<?php echo $slug; ?> '><?php echo $title; ?> </label> </dt> <dd> <label for='<?php echo $slug; ?> '><?php echo sprintf($desc, "<input id='{$slug}' size='4' type='text' name='filters[{$slug}]' value='" . (int) @$_GET['filters'][$slug] . "' />"); ?> </label> </dd> <?php } ?> </div> <div class="column"> <h4 class="order-by"><?php _e('Order', 'bp-moderation'); ?> </h4> <ol class="order-by"> <?php $i = 0; while (0 == $i || !empty($_GET['order'][$i])) { ?> <li><?php _e('Order by', 'bp-moderation'); $orby = empty($_GET['order'][$i]['by']) ? 'none' : $_GET['order'][$i]['by']; $asc = 'DESC' == @$_GET['order'][$i]['dir'] ? 'DESC' : 'ASC'; ?> <!-- XTEC ************ MODIFICAT - Fixed translation of strings --> <!-- 2014.11.06 @aginard --> <select name="order[<?php echo $i; ?> ][by]"> <option<?php selected('none', $orby); ?> value="none"><?php _e('none', 'bp-moderation'); ?> </option> <option<?php selected('own_contents', $orby); ?> value="own_contents"><?php _e('total own contents reported', 'bp-moderation'); ?> </option> <option<?php selected('own_new', $orby); ?> value="own_new"><?php _e('pending own contents', 'bp-moderation'); ?> </option> <option<?php selected('own_ignored', $orby); ?> value="own_ignored"><?php _e('ignored own contents', 'bp-moderation'); ?> </option> <option<?php selected('own_moderated', $orby); ?> value="own_moderated"><?php _e('moderated own contents', 'bp-moderation'); ?> </option> <option<?php selected('own_flags', $orby); ?> value="own_flags"><?php _e('total flags on own contents', 'bp-moderation'); ?> </option> <option<?php selected('others_contents', $orby); ?> value="others_contents"><?php _e('total contents reported by user', 'bp-moderation'); ?> </option> <option<?php selected('others_new', $orby); ?> value="others_new"><?php _e('pending contents reported by user', 'bp-moderation'); ?> </option> <option<?php selected('others_ignored', $orby); ?> value="others_ignored"><?php _e('ignored contents reported by user', 'bp-moderation'); ?> </option> <option<?php selected('others_moderated', $orby); ?> value="others_moderated"><?php _e('moderated contents reported by user', 'bp-moderation'); ?> </option> </select> <!-- ************ ORIGINAL <select name="order[<?php echo $i; ?> ][by]"> <option<?php selected('none', $orby); ?> value="none"><?php _e('none', 'bp-moderation'); ?> </option> <option<?php selected('own_contents', $orby); ?> value="own_contents"><?php _e('total own contents reported', 'bp-moderation'); ?> </option> <option<?php selected('own_new', $orby); ?> value="own_new"><?php _e('pending own contents'); ?> </option> <option<?php selected('own_ignored', $orby); ?> value="own_ignored"><?php _e('ignored own contents'); ?> </option> <option<?php selected('own_moderated', $orby); ?> value="own_moderated"><?php _e('moderated own contents'); ?> </option> <option<?php selected('own_flags', $orby); ?> value="own_flags"><?php _e('total flags on own contents'); ?> </option> <option<?php selected('others_contents', $orby); ?> value="others_contents"><?php _e('total contents reported by user', 'bp-moderation'); ?> </option> <option<?php selected('others_new', $orby); ?> value="others_new"><?php _e('pending contents reported by user', 'bp-moderation'); ?> </option> <option<?php selected('others_ignored', $orby); ?> value="others_ignored"><?php _e('ignored contents reported by user', 'bp-moderation'); ?> </option> <option<?php selected('others_moderated', $orby); ?> value="others_moderated"><?php _e('moderated contents reported by user', 'bp-moderation'); ?> </option> </select> --> <select name="order[<?php echo $i; ?> ][dir]"> <option<?php selected('ASC', $asc); ?> value="ASC">ASC </option> <option<?php selected('DESC', $asc); ?> value="DESC">DESC </option> </select> </li> <?php $i++; } ?> </ol> <h4><?php _e('Limit', 'bp-moderation'); ?> </h4> <p><label for='limit'><?php $input = "<input id='limit' size='4' type='text' name='per_page' value='" . (empty($_GET['per_page']) ? '20' : $_GET['per_page']) . "' />"; echo sprintf(__('Display at most %s users', 'bp-moderation'), $input); ?> </label> </p> <input name="submit" type="submit" class="button-primary" value="<?php _e('Query Users', 'bp-moderation'); ?> "/> </div> </fieldset> </form> <div class="clear"></div> <?php extract($this->query_users()); if ($total) { $page_links = paginate_links(array('base' => add_query_arg('page', '%#%'), 'format' => '', 'prev_text' => __('«'), 'next_text' => __('»'), 'total' => ceil($total / $per_page), 'current' => $page_index + 1)); ?> <form id="bpmod-users-form" class="bpmod-bulk-form" action="admin.php" method="post"> <div class="tablenav"> <div class="alignleft actions"> <select name="bulk-action"> <option value="-1" selected="selected"><?php _e('Bulk Actions', 'bp-moderation'); ?> </option> <option value="mark_spammer"><?php _e('Mark users as spammers', 'bp-moderation'); ?> </option> <option value="unmark_spammer"><?php _e('Mark users as not spammers', 'bp-moderation'); ?> </option> </select> <input type="hidden" name="bpmod-action" value="bulk_users"/> <?php wp_nonce_field('bulk_users'); ?> <input type="submit" name="doaction" id="doaction" value="<?php esc_attr_e('Apply', 'bp-moderation'); ?> " class="button-secondary apply"/> </div> <div class="tablenav-pages"><?php if ($page_links) { echo '<span class="displaying-num">' . sprintf(__('Displaying %s–%s of %s', 'bp-moderation'), number_format_i18n($page_index * $per_page + 1), number_format_i18n(min(($page_index + 1) * $per_page, $total)), '<span class="total-type-count">' . number_format_i18n($total) . '</span>') . "</span>{$page_links}"; } ?> </div> </div> <div class="clear"></div> <table id="bpmod-users-table" class="widefat bpmod-table fixed" cellspacing="0"> <thead> <tr> <th class="manage-column column-cb check-column" scope="col"><input type="checkbox"></th> <th class="manage-column column-author" scope="col"><?php _e('User', 'bp-moderation'); ?> </th> <th class="manage-column column-own-contents" scope="col"><?php _e('Own contents reported by others', 'bp-moderation'); ?> </th> <th class="manage-column column-other-contents" scope="col"><?php _e('Contents reported by user', 'bp-moderation'); ?> </th> </tr> </thead> <tfoot> <tr> <th class="manage-column column-cb check-column" scope="col"><input type="checkbox"></th> <th class="manage-column column-author" scope="col"><?php _e('User', 'bp-moderation'); ?> </th> <th class="manage-column column-own-contents" scope="col"><?php _e('Own contents reported by others', 'bp-moderation'); ?> </th> <th class="manage-column column-other-contents" scope="col"><?php _e('Contents reported by user', 'bp-moderation'); ?> </th> </tr> </tfoot> <tbody> <?php foreach ($results as $user) { $author = $this->author_details($user->user_id); ?> <tr class=""> <th class="check-column" scope="row"><input type="checkbox" value="<?php echo $user->user_id; ?> " name="bulk_items[]"></th> <td class="column-author"> <strong><?php echo $author['avatar_img'] . $author['user_link']; ?> </strong> <br><?php echo $author['contact_link']; ?> <div class="row-actions"> <?php if (!get_userdata($user->user_id)) { ?> <span class="not-a-member"><?php _e('Unregistered', 'bp-moderation'); ?> </span> <?php } elseif (bp_is_user_spammer($user->user_id)) { ?> <a class="unmark-spammer vim-u" href="<?php echo wp_nonce_url("admin.php?bpmod-action=mark_unmark_spammer&user_id={$user->user_id}&set_spam=0", 'mark_unmark_spammer'); ?> " title="<?php _e('Mark the author of this content as not spammer', 'bp-moderation'); ?> "><?php _e('Mark as not spammer', 'bp-moderation'); ?> </a> <?php } else { ?> <a class="mark-spammer vim-s" href="<?php echo wp_nonce_url("admin.php?bpmod-action=mark_unmark_spammer&user_id={$user->user_id}&set_spam=1", 'mark_unmark_spammer'); ?> " title="<?php _e('Mark the author of this content as spammer', 'bp-moderation'); ?> "><?php _e('Mark as spammer', 'bp-moderation'); ?> </a> <?php } ?> </div> </td> <td class="column-own-contents"> <?php echo sprintf(_n('%d content from this user has been reported', '%d contents from this user have been reported', $user->own_contents, 'bp-moderation'), $user->own_contents); if ($user->own_contents) { ?> <br/> <strong><?php _e('New:', 'bp-moderation'); ?> </strong> <?php echo $user->own_new; ?> <strong><?php _e('Ignored:', 'bp-moderation'); ?> </strong> <?php echo $user->own_ignored; ?> <strong><?php _e('Moderated:', 'bp-moderation'); ?> </strong> <?php echo $user->own_moderated; ?> <strong><?php _e('Total flags:', 'bp-moderation'); ?> </strong> <?php echo $user->own_flags; } ?> <div class="row-actions"> <a class="vim-b" href="admin.php?page=bp-moderation&view=contents&filters[active_filters][item_author]=on&filters[item_author]=<?php echo $user->user_id; ?> " title="<?php _e('Show the contents from this user that have been reported in the contents view', 'bp-moderation'); ?> "><?php _e('Show in contents view', 'bp-moderation'); ?> </a> </div> </td> <td class="column-other-contents"> <?php echo sprintf(_n('this user reported %d content', 'this user reported %d contents', $user->others_contents, 'bp-moderation'), $user->others_contents); if ($user->others_contents) { ?> <br/> <strong><?php _e('New:', 'bp-moderation'); ?> </strong> <?php echo $user->others_new; ?> <strong><?php _e('Ignored:', 'bp-moderation'); ?> </strong> <?php echo $user->others_ignored; ?> <strong><?php _e('Moderated:', 'bp-moderation'); ?> </strong> <?php echo $user->others_moderated; } ?> <div class="row-actions"> <a class="vim-g" href="admin.php?page=bp-moderation&view=contents&filters[active_filters][reporters]=on&filters[reporters]=<?php echo $user->user_id; ?> " title="<?php _e('Show the contents from this user that have been reported in the contents view', 'bp-moderation'); ?> "><?php _e('Show in contents view', 'bp-moderation'); ?> </a> </div> </td> </tr> <?php } ?> </tbody> </table> </form> <?php $this->print_hotkeys_toggle(); ?> <?php } else { _e('No users to display, try a different search', 'bp-moderation'); } }
/** * Register the xProfile metabox on Community Profile admin page. * * @access public * @since BuddyPress (2.0.0) * * @param int $user_id ID of the user being edited. * @param string $screen_id Screen ID to load the metabox in. * @param object $stats_metabox Context and priority for the stats metabox. */ public function register_metaboxes($user_id = 0, $screen_id = '', $stats_metabox = null) { if (empty($screen_id)) { $screen_id = buddypress()->members->admin->user_page; } if (empty($stats_metabox)) { $stats_metabox = new StdClass(); } // Moving the Stats Metabox $stats_metabox->context = 'side'; $stats_metabox->priority = 'low'; // Each Group of fields will have his own metabox if (false == bp_is_user_spammer($user_id) && bp_has_profile(array('fetch_fields' => false))) { while (bp_profile_groups()) { bp_the_profile_group(); add_meta_box('bp_xprofile_user_admin_fields_' . sanitize_key(bp_get_the_profile_group_slug()), esc_html(bp_get_the_profile_group_name()), array(&$this, 'user_admin_profile_metaboxes'), $screen_id, 'normal', 'core', array('profile_group_id' => absint(bp_get_the_profile_group_id()))); } // if a user has been mark as a spammer, remove BP data } else { add_meta_box('bp_xprofile_user_admin_empty_profile', _x('User marked as a spammer', 'xprofile user-admin edit screen', 'buddypress'), array(&$this, 'user_admin_spammer_metabox'), $screen_id, 'normal', 'core'); } // Avatar Metabox add_meta_box('bp_xprofile_user_admin_avatar', _x('Avatar', 'xprofile user-admin edit screen', 'buddypress'), array(&$this, 'user_admin_avatar_metabox'), $screen_id, 'side', 'low'); }
/** * Analyze the URI and break it down into BuddyPress-usable chunks. * * BuddyPress can use complete custom friendly URIs without the user having to * add new rewrite rules. Custom components are able to use their own custom * URI structures with very little work. * * The URIs are broken down as follows: * - http:// example.com / members / andy / [current_component] / [current_action] / [action_variables] / [action_variables] / ... * - OUTSIDE ROOT: http:// example.com / sites / buddypress / members / andy / [current_component] / [current_action] / [action_variables] / [action_variables] / ... * * Example: * - http://example.com/members/andy/profile/edit/group/5/ * - $bp->current_component: string 'xprofile' * - $bp->current_action: string 'edit' * - $bp->action_variables: array ['group', 5] * * @since 1.0.0 */ function bp_core_set_uri_globals() { global $current_blog, $wp_rewrite; // Don't catch URIs on non-root blogs unless multiblog mode is on. if (!bp_is_root_blog() && !bp_is_multiblog_mode()) { return false; } $bp = buddypress(); // Define local variables. $root_profile = $match = false; $key_slugs = $matches = $uri_chunks = array(); // Fetch all the WP page names for each component. if (empty($bp->pages)) { $bp->pages = bp_core_get_directory_pages(); } // Ajax or not? if (defined('DOING_AJAX') && DOING_AJAX || strpos($_SERVER['REQUEST_URI'], 'wp-load.php')) { $path = bp_get_referer_path(); } else { $path = esc_url($_SERVER['REQUEST_URI']); } /** * Filters the BuddyPress global URI path. * * @since 1.0.0 * * @param string $path Path to set. */ $path = apply_filters('bp_uri', $path); // Take GET variables off the URL to avoid problems. $path = strtok($path, '?'); // Fetch current URI and explode each part separated by '/' into an array. $bp_uri = explode('/', $path); // Loop and remove empties. foreach ((array) $bp_uri as $key => $uri_chunk) { if (empty($bp_uri[$key])) { unset($bp_uri[$key]); } } // If running off blog other than root, any subdirectory names must be // removed from $bp_uri. This includes two cases: // // 1. when WP is installed in a subdirectory, // 2. when BP is running on secondary blog of a subdirectory // multisite installation. Phew! if (is_multisite() && !is_subdomain_install() && (bp_is_multiblog_mode() || 1 != bp_get_root_blog_id())) { // Blow chunks. $chunks = explode('/', $current_blog->path); // If chunks exist... if (!empty($chunks)) { // ...loop through them... foreach ($chunks as $key => $chunk) { $bkey = array_search($chunk, $bp_uri); // ...and unset offending keys if (false !== $bkey) { unset($bp_uri[$bkey]); } $bp_uri = array_values($bp_uri); } } } // Get site path items. $paths = explode('/', bp_core_get_site_path()); // Take empties off the end of path. if (empty($paths[count($paths) - 1])) { array_pop($paths); } // Take empties off the start of path. if (empty($paths[0])) { array_shift($paths); } // Reset indexes. $bp_uri = array_values($bp_uri); $paths = array_values($paths); // Unset URI indices if they intersect with the paths. foreach ((array) $bp_uri as $key => $uri_chunk) { if (isset($paths[$key]) && $uri_chunk == $paths[$key]) { unset($bp_uri[$key]); } } // Reset the keys by merging with an empty array. $bp_uri = array_merge(array(), $bp_uri); // If a component is set to the front page, force its name into $bp_uri // so that $current_component is populated (unless a specific WP post is being requested // via a URL parameter, usually signifying Preview mode). if ('page' == get_option('show_on_front') && get_option('page_on_front') && empty($bp_uri) && empty($_GET['p']) && empty($_GET['page_id'])) { $post = get_post(get_option('page_on_front')); if (!empty($post)) { $bp_uri[0] = $post->post_name; } } // Keep the unfiltered URI safe. $bp->unfiltered_uri = $bp_uri; // Don't use $bp_unfiltered_uri, this is only for backpat with old plugins. Use $bp->unfiltered_uri. $GLOBALS['bp_unfiltered_uri'] =& $bp->unfiltered_uri; // Get slugs of pages into array. foreach ((array) $bp->pages as $page_key => $bp_page) { $key_slugs[$page_key] = trailingslashit('/' . $bp_page->slug); } // Bail if keyslugs are empty, as BP is not setup correct. if (empty($key_slugs)) { return; } // Loop through page slugs and look for exact match to path. foreach ($key_slugs as $key => $slug) { if ($slug == $path) { $match = $bp->pages->{$key}; $match->key = $key; $matches[] = 1; break; } } // No exact match, so look for partials. if (empty($match)) { // Loop through each page in the $bp->pages global. foreach ((array) $bp->pages as $page_key => $bp_page) { // Look for a match (check members first). if (in_array($bp_page->name, (array) $bp_uri)) { // Match found, now match the slug to make sure. $uri_chunks = explode('/', $bp_page->slug); // Loop through uri_chunks. foreach ((array) $uri_chunks as $key => $uri_chunk) { // Make sure chunk is in the correct position. if (!empty($bp_uri[$key]) && $bp_uri[$key] == $uri_chunk) { $matches[] = 1; // No match. } else { $matches[] = 0; } } // Have a match. if (!in_array(0, (array) $matches)) { $match = $bp_page; $match->key = $page_key; break; } // Unset matches. unset($matches); } // Unset uri chunks. unset($uri_chunks); } } // URLs with BP_ENABLE_ROOT_PROFILES enabled won't be caught above. if (empty($matches) && bp_core_enable_root_profiles()) { // Switch field based on compat. $field = bp_is_username_compatibility_mode() ? 'login' : 'slug'; // Make sure there's a user corresponding to $bp_uri[0]. if (!empty($bp->pages->members) && !empty($bp_uri[0]) && ($root_profile = get_user_by($field, $bp_uri[0]))) { // Force BP to recognize that this is a members page. $matches[] = 1; $match = $bp->pages->members; $match->key = 'members'; } } // Search doesn't have an associated page, so we check for it separately. if (!empty($bp_uri[0]) && bp_get_search_slug() == $bp_uri[0]) { $matches[] = 1; $match = new stdClass(); $match->key = 'search'; $match->slug = bp_get_search_slug(); } // This is not a BuddyPress page, so just return. if (empty($matches)) { return false; } $wp_rewrite->use_verbose_page_rules = false; // Find the offset. With $root_profile set, we fudge the offset down so later parsing works. $slug = !empty($match) ? explode('/', $match->slug) : ''; $uri_offset = empty($root_profile) ? 0 : -1; // Rejig the offset. if (!empty($slug) && 1 < count($slug)) { // Only offset if not on a root profile. Fixes issue when Members page is nested. if (false === $root_profile) { array_pop($slug); $uri_offset = count($slug); } } // Global the unfiltered offset to use in bp_core_load_template(). // To avoid PHP warnings in bp_core_load_template(), it must always be >= 0. $bp->unfiltered_uri_offset = $uri_offset >= 0 ? $uri_offset : 0; // We have an exact match. if (isset($match->key)) { // Set current component to matched key. $bp->current_component = $match->key; // If members component, do more work to find the actual component. if ('members' == $match->key) { $after_member_slug = false; if (!empty($bp_uri[$uri_offset + 1])) { $after_member_slug = $bp_uri[$uri_offset + 1]; } // Are we viewing a specific user? if ($after_member_slug) { // If root profile, we've already queried for the user. if ($root_profile instanceof WP_User) { $bp->displayed_user->id = $root_profile->ID; // Switch the displayed_user based on compatibility mode. } elseif (bp_is_username_compatibility_mode()) { $bp->displayed_user->id = (int) bp_core_get_userid(urldecode($after_member_slug)); } else { $bp->displayed_user->id = (int) bp_core_get_userid_from_nicename($after_member_slug); } } // Is this a member type directory? if (!bp_displayed_user_id() && $after_member_slug === apply_filters('bp_members_member_type_base', _x('type', 'member type URL base', 'buddypress')) && !empty($bp_uri[$uri_offset + 2])) { $matched_types = bp_get_member_types(array('has_directory' => true, 'directory_slug' => $bp_uri[$uri_offset + 2])); if (!empty($matched_types)) { $bp->current_member_type = reset($matched_types); unset($bp_uri[$uri_offset + 1]); } } // If the slug matches neither a member type nor a specific member, 404. if (!bp_displayed_user_id() && !bp_get_current_member_type() && $after_member_slug) { // Prevent components from loading their templates. $bp->current_component = ''; bp_do_404(); return; } // If the displayed user is marked as a spammer, 404 (unless logged-in user is a super admin). if (bp_displayed_user_id() && bp_is_user_spammer(bp_displayed_user_id())) { if (bp_current_user_can('bp_moderate')) { bp_core_add_message(__('This user has been marked as a spammer. Only site admins can view this profile.', 'buddypress'), 'warning'); } else { bp_do_404(); return; } } // Bump the offset. if (bp_displayed_user_id()) { if (isset($bp_uri[$uri_offset + 2])) { $bp_uri = array_merge(array(), array_slice($bp_uri, $uri_offset + 2)); $bp->current_component = $bp_uri[0]; // No component, so default will be picked later. } else { $bp_uri = array_merge(array(), array_slice($bp_uri, $uri_offset + 2)); $bp->current_component = ''; } // Reset the offset. $uri_offset = 0; } } } // Determine the current action. $current_action = isset($bp_uri[$uri_offset + 1]) ? $bp_uri[$uri_offset + 1] : ''; /* * If a BuddyPress directory is set to the WP front page, URLs like example.com/members/?s=foo * shouldn't interfere with blog searches. */ if (empty($current_action) && !empty($_GET['s']) && 'page' == get_option('show_on_front') && !empty($match->id)) { $page_on_front = (int) get_option('page_on_front'); if ((int) $match->id === $page_on_front) { $bp->current_component = ''; return false; } } $bp->current_action = $current_action; // Slice the rest of the $bp_uri array and reset offset. $bp_uri = array_slice($bp_uri, $uri_offset + 2); $uri_offset = 0; // Set the entire URI as the action variables, we will unset the current_component and action in a second. $bp->action_variables = $bp_uri; // Reset the keys by merging with an empty array. $bp->action_variables = array_merge(array(), $bp->action_variables); }
/** * Handles the setting of user capabilities, spamming, hamming, role, etc... * * @since 1.6.0 */ function bp_settings_action_capabilities() { // Bail if not a POST action. if ('POST' !== strtoupper($_SERVER['REQUEST_METHOD'])) { return; } // Bail if no submit action. if (!isset($_POST['capabilities-submit'])) { return; } // Bail if not in settings. if (!bp_is_settings_component() || !bp_is_current_action('capabilities')) { return false; } // 404 if there are any additional action variables attached if (bp_action_variables()) { bp_do_404(); return; } // Only super admins can currently spam users (but they can't spam // themselves). if (!is_super_admin() || bp_is_my_profile()) { return; } // Nonce check. check_admin_referer('capabilities'); /** * Fires before the capabilities settings have been saved. * * @since 1.6.0 */ do_action('bp_settings_capabilities_before_save'); /* Spam **************************************************************/ $is_spammer = !empty($_POST['user-spammer']) ? true : false; if (bp_is_user_spammer(bp_displayed_user_id()) != $is_spammer) { $status = true == $is_spammer ? 'spam' : 'ham'; bp_core_process_spammer_status(bp_displayed_user_id(), $status); /** * Fires after processing a user as a spammer. * * @since 1.1.0 * * @param int $value ID of the currently displayed user. * @param string $status Determined status of "spam" or "ham" for the displayed user. */ do_action('bp_core_action_set_spammer_status', bp_displayed_user_id(), $status); } /* Other *************************************************************/ /** * Fires after the capabilities settings have been saved and before redirect. * * @since 1.6.0 */ do_action('bp_settings_capabilities_after_save'); // Redirect to the root domain. bp_core_redirect(bp_displayed_user_domain() . bp_get_settings_slug() . '/capabilities/'); }
/** * Register the xProfile metabox on Community Profile admin page. * * @since 2.0.0 * * @param int $user_id ID of the user being edited. * @param string $screen_id Screen ID to load the metabox in. * @param object|null $stats_metabox Context and priority for the stats metabox. */ public function register_metaboxes($user_id = 0, $screen_id = '', $stats_metabox = null) { // Set the screen ID if none was passed. if (empty($screen_id)) { $screen_id = buddypress()->members->admin->user_page; } // Setup a new metabox class if none was passed. if (empty($stats_metabox)) { $stats_metabox = new StdClass(); } // Moving the Stats Metabox. $stats_metabox->context = 'side'; $stats_metabox->priority = 'low'; // Each Group of fields will have his own metabox. $profile_args = array('fetch_fields' => false, 'user_id' => $user_id); if (!bp_is_user_spammer($user_id) && bp_has_profile($profile_args)) { // Loop through field groups and add a metabox for each one. while (bp_profile_groups()) { bp_the_profile_group(); add_meta_box('bp_xprofile_user_admin_fields_' . sanitize_key(bp_get_the_profile_group_slug()), esc_html(bp_get_the_profile_group_name()), array($this, 'user_admin_profile_metaboxes'), $screen_id, 'normal', 'core', array('profile_group_id' => absint(bp_get_the_profile_group_id()))); } // If member is already a spammer, show a generic metabox. } else { add_meta_box('bp_xprofile_user_admin_empty_profile', _x('User marked as a spammer', 'xprofile user-admin edit screen', 'buddypress'), array($this, 'user_admin_spammer_metabox'), $screen_id, 'normal', 'core'); } if (buddypress()->avatar->show_avatars) { // Avatar Metabox. add_meta_box('bp_xprofile_user_admin_avatar', _x('Profile Photo', 'xprofile user-admin edit screen', 'buddypress'), array($this, 'user_admin_avatar_metabox'), $screen_id, 'side', 'low'); } }
/** * @group bp_core_process_spammer_status */ public function test_bp_core_process_spammer_status_ms_bulk_ham() { if (!is_multisite()) { return; } $bp = buddypress(); $displayed_user = $bp->displayed_user; $u1 = $this->factory->user->create(); $bp->displayed_user->id = $u1; // Spam the user bp_core_process_spammer_status($u1, 'spam'); $this->assertTrue(bp_is_user_spammer($u1)); // Bulk unspam in network admin uses update_user_status update_user_status($u1, 'spam', '0'); $this->assertFalse(bp_is_user_spammer($u1)); // Reset displayed user $bp->displayed_user = $displayed_user; }
/** * Stop a logged-in user who is marked as a spammer. * * When an admin marks a live user as a spammer, that user can still surf * around and cause havoc on the site until that person is logged out. * * This code checks to see if a logged-in user is marked as a spammer. If so, * we redirect the user back to wp-login.php with the 'reauth' parameter. * * This clears the logged-in spammer's cookies and will ask the spammer to * reauthenticate. * * Note: A spammer cannot log back in - {@see bp_core_boot_spammer()}. * * Runs on 'bp_init' at priority 5 so the members component globals are setup * before we do our spammer checks. * * This is important as the $bp->loggedin_user object is setup at priority 4. * * @since 1.8.0 */ function bp_stop_live_spammer() { // If we're on the login page, stop now to prevent redirect loop. $is_login = false; if (isset($GLOBALS['pagenow']) && false !== strpos($GLOBALS['pagenow'], 'wp-login.php')) { $is_login = true; } elseif (isset($_SERVER['SCRIPT_NAME']) && false !== strpos($_SERVER['SCRIPT_NAME'], 'wp-login.php')) { $is_login = true; } if ($is_login) { return; } // User isn't logged in, so stop! if (!is_user_logged_in()) { return; } // If spammer, redirect to wp-login.php and reauthorize. if (bp_is_user_spammer(bp_loggedin_user_id())) { // Setup login args. $args = array('action' => 'bp-spam', 'reauth' => 1); /** * Filters the url used for redirection for a logged in user marked as spam. * * @since 1.8.0 * * @param string $value URL to redirect user to. */ $login_url = apply_filters('bp_live_spammer_redirect', add_query_arg($args, wp_login_url())); // Redirect user to login page. wp_redirect($login_url); die; } }
function bp_checkins_post_update($args = '') { global $bp; $defaults = array('content' => false, 'user_id' => $bp->loggedin_user->id, 'type' => 'checkin', 'place_id' => false, 'place_name' => false, 'comment_id' => false, 'recorded_time' => bp_core_current_time()); $r = wp_parse_args($args, $defaults); extract($r, EXTR_SKIP); if ($type == "checkin" && (empty($content) || !strlen(trim($content)))) { return false; } if (bp_is_user_spammer($user_id) || bp_is_user_deleted($user_id)) { return false; } // Record this on the user's profile $from_user_link = bp_core_get_userlink($user_id); $component = 'checkins'; if ($type == 'checkin') { $activity_action = sprintf(__('%s added a checkin', 'bp-checkins'), $from_user_link); $activity_content = $content; $primary_link = bp_core_get_userlink($user_id, false, true); $checkin_type = 'activity_checkin'; $item_id = false; $secondary_item_id = false; } else { if ($type == 'new_place' && !empty($place_id)) { $component = 'places'; $place_permalink = '<a href="' . bp_get_checkins_places_the_permalink($place_id) . '" title="' . $place_name . '">' . $place_name . '</a>'; $activity_action = sprintf(__('%s added a new place %s', 'bp-checkins'), $from_user_link, $place_permalink); $primary_link = bp_core_get_userlink($user_id, false, true); $checkin_type = 'new_place'; $item_id = $place_id; $activity_content = $content; $secondary_item_id = false; } else { if ($type == 'place_checkin' && !empty($place_id)) { $place_permalink = '<a href="' . bp_get_checkins_places_the_permalink($place_id) . '" title="' . $place_name . '">' . $place_name . '</a>'; $activity_action = sprintf(__('%s checked-in %s', 'bp-checkins'), $from_user_link, $place_permalink); $primary_link = bp_core_get_userlink($user_id, false, true); $checkin_type = 'place_checkin'; $item_id = $place_id; $activity_content = false; $secondary_item_id = false; } else { if ($type == 'place_comment' && !empty($place_id) && !empty($comment_id)) { $component = 'places'; $place_permalink = '<a href="' . bp_get_checkins_places_the_permalink($place_id) . '" title="' . $place_name . '">' . $place_name . '</a>'; $activity_action = sprintf(__('%s added a comment on %s', 'bp-checkins'), $from_user_link, $place_permalink); $primary_link = bp_core_get_userlink($user_id, false, true); $checkin_type = 'place_comment'; $activity_content = $content; $item_id = $place_id; $secondary_item_id = $comment_id; } else { if ($type == 'place_checkin_comment' && !empty($place_id) && !empty($comment_id)) { $component = 'places'; $place_permalink = '<a href="' . bp_get_checkins_places_the_permalink($place_id) . '" title="' . $place_name . '">' . $place_name . '</a>'; $activity_action = sprintf(__('%s checked-in and added a comment on %s', 'bp-checkins'), $from_user_link, $place_permalink); $primary_link = bp_core_get_userlink($user_id, false, true); $checkin_type = 'place_comment'; $activity_content = $content; $item_id = $place_id; $secondary_item_id = $comment_id; } } } } } // Now write the values $activity_id = bp_activity_add(array('user_id' => $user_id, 'action' => apply_filters('bp_activity_new_update_action', $activity_action), 'content' => apply_filters('bp_activity_new_update_content', $activity_content), 'primary_link' => apply_filters('bp_activity_new_update_primary_link', $primary_link), 'component' => $component, 'type' => $checkin_type, 'item_id' => $item_id, 'secondary_item_id' => $secondary_item_id, 'recorded_time' => $recorded_time)); if ($type == 'checkin') { bp_update_user_meta($bp->loggedin_user->id, 'bp_latest_update', array('id' => $activity_id, 'content' => wp_filter_kses($content))); } if ($checkin_type == 'place_comment') { update_comment_meta($comment_id, 'group_place_activity_id', $activity_id); } do_action('bp_activity_posted_checkin', $content, $user_id, $activity_id); return $activity_id; }
/** * Set up canonical stack for this component. * * @since BuddyPress (2.1.0) */ public function setup_canonical_stack() { $bp = buddypress(); /** Default Profile Component *****************************************/ if (defined('BP_DEFAULT_COMPONENT') && BP_DEFAULT_COMPONENT) { $bp->default_component = BP_DEFAULT_COMPONENT; } else { if (bp_is_active('activity') && isset($bp->pages->activity)) { $bp->default_component = bp_get_activity_slug(); } else { $bp->default_component = 'xprofile' === $bp->profile->id ? 'profile' : $bp->profile->id; } } /** Canonical Component Stack *****************************************/ if (bp_displayed_user_id()) { $bp->canonical_stack['base_url'] = bp_displayed_user_domain(); if (bp_current_component()) { $bp->canonical_stack['component'] = bp_current_component(); } if (bp_current_action()) { $bp->canonical_stack['action'] = bp_current_action(); } if (!empty($bp->action_variables)) { $bp->canonical_stack['action_variables'] = bp_action_variables(); } // Looking at the single member root/home, so assume the default if (!bp_current_component()) { $bp->current_component = $bp->default_component; // The canonical URL will not contain the default component } elseif (bp_is_current_component($bp->default_component) && !bp_current_action()) { unset($bp->canonical_stack['component']); } // if we're on a spammer's profile page, only users with the 'bp_moderate' cap // can view subpages on the spammer's profile // // users without the cap trying to access a spammer's subnav page will get // redirected to the root of the spammer's profile page. this occurs by // by removing the component in the canonical stack. if (bp_is_user_spammer(bp_displayed_user_id()) && !bp_current_user_can('bp_moderate')) { unset($bp->canonical_stack['component']); } } }
/** * Stop a logged-in user who is marked as a spammer. * * When an admin marks a live user as a spammer, that user can still surf * around and cause havoc on the site until that person is logged out. * * This code checks to see if a logged-in user is marked as a spammer. If so, * we redirect the user back to wp-login.php with the 'reauth' parameter. * * This clears the logged-in spammer's cookies and will ask the spammer to * reauthenticate. * * Note: A spammer cannot log back in - {@see bp_core_boot_spammer()}. * * Runs on 'bp_init' at priority 5 so the members component globals are setup * before we do our spammer checks. * * This is important as the $bp->loggedin_user object is setup at priority 4. * * @since BuddyPress (v1.8) */ function bp_stop_live_spammer() { // if we're on the login page, stop now to prevent redirect loop if (strpos($GLOBALS['pagenow'], 'wp-login.php') !== false) { return; } // user isn't logged in, so stop! if (!is_user_logged_in()) { return; } // if spammer, redirect to wp-login.php and reauthorize if (bp_is_user_spammer(bp_loggedin_user_id())) { // setup login args $args = array('action' => 'bp-spam', 'reauth' => 1); // setup login URL $login_url = apply_filters('bp_live_spammer_redirect', add_query_arg($args, wp_login_url())); // redirect user to login page wp_redirect($login_url); die; } }
/** * Handles the setting of user capabilities, spamming, hamming, role, etc... */ function bp_settings_action_capabilities() { // Bail if not a POST action if ('POST' !== strtoupper($_SERVER['REQUEST_METHOD'])) { return; } // Bail if no submit action if (!isset($_POST['capabilities-submit'])) { return; } // Bail if not in settings if (!bp_is_settings_component() || !bp_is_current_action('capabilities')) { return false; } // 404 if there are any additional action variables attached if (bp_action_variables()) { bp_do_404(); return; } // Only super admins can currently spam users (but they can't spam // themselves) if (!is_super_admin() || bp_is_my_profile()) { return; } // Nonce check check_admin_referer('capabilities'); do_action('bp_settings_capabilities_before_save'); /** Spam **************************************************************/ $is_spammer = !empty($_POST['user-spammer']) ? true : false; if (bp_is_user_spammer(bp_displayed_user_id()) != $is_spammer) { $status = true == $is_spammer ? 'spam' : 'ham'; bp_core_process_spammer_status(bp_displayed_user_id(), $status); do_action('bp_core_action_set_spammer_status', bp_displayed_user_id(), $status); } /** Other *************************************************************/ do_action('bp_settings_capabilities_after_save'); // Redirect to the root domain bp_core_redirect(bp_displayed_user_domain() . bp_get_settings_slug() . '/capabilities/'); }
/** * Stop a logged-in user who is marked as a spammer. * * When an admin marks a live user as a spammer, that user can still surf * around and cause havoc on the site until that person is logged out. * * This code checks to see if a logged-in user is marked as a spammer. If so, * we redirect the user back to wp-login.php with the 'reauth' parameter. * * This clears the logged-in spammer's cookies and will ask the spammer to * reauthenticate. * * Note: A spammer cannot log back in - {@see bp_core_boot_spammer()}. * * Runs on 'bp_init' at priority 5 so the members component globals are setup * before we do our spammer checks. * * This is important as the $bp->loggedin_user object is setup at priority 4. * * @since BuddyPress (1.8.0) */ function bp_stop_live_spammer() { // if we're on the login page, stop now to prevent redirect loop $is_login = false; if ( isset( $GLOBALS['pagenow'] ) && ( false !== strpos( $GLOBALS['pagenow'], 'wp-login.php' ) ) ) { $is_login = true; } elseif ( isset( $_SERVER['SCRIPT_NAME'] ) && false !== strpos( $_SERVER['SCRIPT_NAME'], 'wp-login.php' ) ) { $is_login = true; } if ( $is_login ) { return; } // user isn't logged in, so stop! if ( ! is_user_logged_in() ) { return; } // if spammer, redirect to wp-login.php and reauthorize if ( bp_is_user_spammer( bp_loggedin_user_id() ) ) { // setup login args $args = array( // custom action used to throw an error message 'action' => 'bp-spam', // reauthorize user to login 'reauth' => 1 ); /** * Filters the url used for redirection for a logged in user marked as spam. * * @since BuddyPress (1.8.0) * * @param string $value URL to redirect user to. */ $login_url = apply_filters( 'bp_live_spammer_redirect', add_query_arg( $args, wp_login_url() ) ); // redirect user to login page wp_redirect( $login_url ); die(); } }