/**
* Return a list of meta keys that nxt_insert_user() is supposed to set.
*
* @access private
* @since 3.3.0
*
* @param object $user nxt_User instance
* @return array
*/
function _get_additional_user_keys($user)
{
$keys = array('first_name', 'last_name', 'nickname', 'description', 'rich_editing', 'comment_shortcuts', 'admin_color', 'use_ssl', 'show_admin_bar_front');
return array_merge($keys, array_keys(_nxt_get_user_contactmethods($user)));
}
/**
* Edit user settings based on contents of $_POST
*
* Used on user-edit.php and profile.php to manage and process user options, passwords etc.
*
* @since 2.0
*
* @param int $user_id Optional. User ID.
* @return int user id of the updated user
*/
function edit_user($user_id = 0)
{
global $nxt_roles, $nxtdb;
$user = new stdClass();
if ($user_id) {
$update = true;
$user->ID = (int) $user_id;
$userdata = get_userdata($user_id);
$user->user_login = $nxtdb->escape($userdata->user_login);
} else {
$update = false;
}
if (!$update && isset($_POST['user_login'])) {
$user->user_login = sanitize_user($_POST['user_login'], true);
}
$pass1 = $pass2 = '';
if (isset($_POST['pass1'])) {
$pass1 = $_POST['pass1'];
}
if (isset($_POST['pass2'])) {
$pass2 = $_POST['pass2'];
}
if (isset($_POST['role']) && current_user_can('edit_users')) {
$new_role = sanitize_text_field($_POST['role']);
$potential_role = isset($nxt_roles->role_objects[$new_role]) ? $nxt_roles->role_objects[$new_role] : false;
// Don't let anyone with 'edit_users' (admins) edit their own role to something without it.
// Multisite super admins can freely edit their blog roles -- they possess all caps.
if (is_multisite() && current_user_can('manage_sites') || $user_id != get_current_user_id() || $potential_role && $potential_role->has_cap('edit_users')) {
$user->role = $new_role;
}
// If the new role isn't editable by the logged-in user die with error
$editable_roles = get_editable_roles();
if (!empty($new_role) && empty($editable_roles[$new_role])) {
nxt_die(__('You can’t give users that role.'));
}
}
if (isset($_POST['email'])) {
$user->user_email = sanitize_text_field($_POST['email']);
}
if (isset($_POST['url'])) {
if (empty($_POST['url']) || $_POST['url'] == 'http://') {
$user->user_url = '';
} else {
$user->user_url = esc_url_raw($_POST['url']);
$user->user_url = preg_match('/^(https?|ftps?|mailto|news|irc|gopher|nntp|feed|telnet):/is', $user->user_url) ? $user->user_url : 'http://' . $user->user_url;
}
}
if (isset($_POST['first_name'])) {
$user->first_name = sanitize_text_field($_POST['first_name']);
}
if (isset($_POST['last_name'])) {
$user->last_name = sanitize_text_field($_POST['last_name']);
}
if (isset($_POST['nickname'])) {
$user->nickname = sanitize_text_field($_POST['nickname']);
}
if (isset($_POST['display_name'])) {
$user->display_name = sanitize_text_field($_POST['display_name']);
}
if (isset($_POST['description'])) {
$user->description = trim($_POST['description']);
}
foreach (_nxt_get_user_contactmethods($user) as $method => $name) {
if (isset($_POST[$method])) {
$user->{$method} = sanitize_text_field($_POST[$method]);
}
}
if ($update) {
$user->rich_editing = isset($_POST['rich_editing']) && 'false' == $_POST['rich_editing'] ? 'false' : 'true';
$user->admin_color = isset($_POST['admin_color']) ? sanitize_text_field($_POST['admin_color']) : 'fresh';
$user->show_admin_bar_front = isset($_POST['admin_bar_front']) ? 'true' : 'false';
}
$user->comment_shortcuts = isset($_POST['comment_shortcuts']) && 'true' == $_POST['comment_shortcuts'] ? 'true' : '';
$user->use_ssl = 0;
if (!empty($_POST['use_ssl'])) {
$user->use_ssl = 1;
}
$errors = new nxt_Error();
/* checking that username has been typed */
if ($user->user_login == '') {
$errors->add('user_login', __('<strong>ERROR</strong>: Please enter a username.'));
}
/* checking the password has been typed twice */
do_action_ref_array('check_passwords', array($user->user_login, &$pass1, &$pass2));
if ($update) {
if (empty($pass1) && !empty($pass2)) {
$errors->add('pass', __('<strong>ERROR</strong>: You entered your new password only once.'), array('form-field' => 'pass1'));
} elseif (!empty($pass1) && empty($pass2)) {
$errors->add('pass', __('<strong>ERROR</strong>: You entered your new password only once.'), array('form-field' => 'pass2'));
}
} else {
if (empty($pass1)) {
$errors->add('pass', __('<strong>ERROR</strong>: Please enter your password.'), array('form-field' => 'pass1'));
} elseif (empty($pass2)) {
$errors->add('pass', __('<strong>ERROR</strong>: Please enter your password twice.'), array('form-field' => 'pass2'));
}
}
/* Check for "\" in password */
if (false !== strpos(stripslashes($pass1), "\\")) {
$errors->add('pass', __('<strong>ERROR</strong>: Passwords may not contain the character "\\".'), array('form-field' => 'pass1'));
}
/* checking the password has been typed twice the same */
if ($pass1 != $pass2) {
$errors->add('pass', __('<strong>ERROR</strong>: Please enter the same password in the two password fields.'), array('form-field' => 'pass1'));
}
if (!empty($pass1)) {
$user->user_pass = $pass1;
}
if (!$update && isset($_POST['user_login']) && !validate_username($_POST['user_login'])) {
$errors->add('user_login', __('<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.'));
}
if (!$update && username_exists($user->user_login)) {
$errors->add('user_login', __('<strong>ERROR</strong>: This username is already registered. Please choose another one.'));
}
/* checking e-mail address */
if (empty($user->user_email)) {
$errors->add('empty_email', __('<strong>ERROR</strong>: Please enter an e-mail address.'), array('form-field' => 'email'));
} elseif (!is_email($user->user_email)) {
$errors->add('invalid_email', __('<strong>ERROR</strong>: The e-mail address isn’t correct.'), array('form-field' => 'email'));
} elseif (($owner_id = email_exists($user->user_email)) && (!$update || $owner_id != $user->ID)) {
$errors->add('email_exists', __('<strong>ERROR</strong>: This email is already registered, please choose another one.'), array('form-field' => 'email'));
}
// Allow plugins to return their own errors.
do_action_ref_array('user_profile_update_errors', array(&$errors, $update, &$user));
if ($errors->get_error_codes()) {
return $errors;
}
if ($update) {
$user_id = nxt_update_user(get_object_vars($user));
} else {
$user_id = nxt_insert_user(get_object_vars($user));
nxt_new_user_notification($user_id, isset($_POST['send_password']) ? $pass1 : '');
}
return $user_id;
}
</td>
</tr>
<tr>
<th><label for="url"><?php
_e('Website');
?>
</label></th>
<td><input type="text" name="url" id="url" value="<?php
echo esc_attr($profileuser->user_url);
?>
" class="regular-text code" /></td>
</tr>
<?php
foreach (_nxt_get_user_contactmethods($profileuser) as $name => $desc) {
?>
<tr>
<th><label for="<?php
echo $name;
?>
"><?php
echo apply_filters('user_' . $name . '_label', $desc);
?>
</label></th>
<td><input type="text" name="<?php
echo $name;
?>
" id="<?php
echo $name;
?>