function bb_manage_user_fields($edit_user = '')
{
global $nxt_roles, $nxt_users_object, $bbdb;
// Cap checks
$user_roles = $nxt_roles->role_names;
$can_keep_gate = bb_current_user_can('keep_gate');
if ('post' == strtolower($_SERVER['REQUEST_METHOD'])) {
bb_check_admin_referer('user-manage');
// Instantiate required vars
$_POST = stripslashes_deep($_POST);
$create_user_errors = new nxt_Error();
// User login
$trimmed_user_login = str_replace(' ', '', $_POST['user_login']);
$user_login = sanitize_user($_POST['user_login'], true);
$user_meta['first_name'] = $_POST['first_name'];
$user_meta['last_name'] = $_POST['last_name'];
$user_display_name = $_POST['display_name'];
$user_email = $_POST['user_email'];
$user_url = $_POST['user_url'];
$user_meta['from'] = $_POST['from'];
$user_meta['occ'] = $_POST['occ'];
$user_meta['interest'] = $_POST['interest'];
$user_role = $_POST['userrole'];
$user_meta['throttle'] = $_POST['throttle'];
$user_pass1 = $_POST['pass1'];
$user_pass2 = $_POST['pass2'];
$user_status = 0;
$user_pass = false;
$user_url = $user_url ? bb_fix_link($user_url) : '';
// Check user_login
if (!isset($_GET['action']) && empty($user_login)) {
$create_user_errors->add('user_login', __('Username is a required field.'));
} else {
if ($user_login !== $trimmed_user_login) {
$create_user_errors->add('user_login', sprintf(__('%s is an invalid username. How\'s this one?'), esc_html($_POST['user_login'])));
$user_login = $trimmed_user_login;
}
}
// Check email
if (isset($user_email) && empty($user_email)) {
$create_user_errors->add('user_email', __('Email address is a required field.'));
}
// Password Sanity Check
if ((!empty($user_pass1) || !empty($user_pass2)) && $user_pass1 !== $user_pass2) {
$create_user_errors->add('pass', __('You must enter the same password twice.'));
} elseif (!isset($_GET['action']) && (empty($user_pass1) && empty($user_pass2))) {
$create_user_errors->add('pass', __('You must enter a password.'));
} elseif (isset($_GET['action']) && (empty($user_pass1) && empty($user_pass2))) {
$user_pass = '';
} else {
$user_pass = $user_pass1;
}
// No errors
if (!$create_user_errors->get_error_messages()) {
// Create or udpate
switch ($_POST['action']) {
case 'create':
$goback = bb_get_uri('bb-admin/users.php', array('created' => 'true'), BB_URI_CONTEXT_FORM_ACTION + BB_URI_CONTEXT_BB_ADMIN);
$user = $nxt_users_object->new_user(compact('user_login', 'user_email', 'user_url', 'user_nicename', 'user_status', 'user_pass'));
// Error handler
if (is_nxt_error($user)) {
bb_admin_notice($user);
unset($goback);
// Update additional user data
} else {
// Update caps
bb_update_usermeta($user['ID'], $bbdb->prefix . 'capabilities', array($user_role => true));
// Update all user meta
foreach ($user_meta as $key => $value) {
bb_update_usermeta($user['ID'], $key, $value);
}
// Don't send email if empty
if (!empty($user_pass)) {
bb_send_pass($user['ID'], $user_pass);
}
do_action('bb_new_user', $user['ID'], $user_pass);
}
break;
case 'update':
$goback = bb_get_uri('bb-admin/users.php', array('updated' => 'true'), BB_URI_CONTEXT_FORM_ACTION + BB_URI_CONTEXT_BB_ADMIN);
$user = $nxt_users_object->get_user($_GET['user_id'], array('output' => ARRAY_A));
bb_update_user($user['ID'], $user_email, $user_url, $user_display_name);
// Don't change PW if empty
if (!empty($user_pass)) {
bb_update_user_password($user['ID'], $user_pass);
}
// Error handler
if (is_nxt_error($user)) {
bb_admin_notice($user);
unset($goback);
// Update additional user data
} else {
// Update caps
bb_update_usermeta($user['ID'], $bbdb->prefix . 'capabilities', array($user_role => true));
// Update all user meta
foreach ($user_meta as $key => $value) {
bb_update_usermeta($user['ID'], $key, $value);
}
// Don't send email if empty
if (!empty($user_pass)) {
bb_send_pass($user['ID'], $user_pass);
}
do_action('bb_update_user', $user['ID'], $user_pass);
}
break;
}
// Redirect
if (isset($goback) && !empty($goback)) {
bb_safe_redirect($goback);
}
// Error handler
} else {
bb_admin_notice($create_user_errors);
}
} elseif (isset($_GET['action']) && $_GET['action'] == 'edit') {
if (isset($_GET['user_id']) && is_numeric($_GET['user_id'])) {
$disabled = true;
// Get the user
if (empty($edit_user)) {
$edit_user = bb_get_user(bb_get_user_id($_GET['user_id']));
}
// Instantiate required vars
$user_login = $edit_user->user_login;
$user_meta['first_name'] = $edit_user->first_name;
$user_meta['last_name'] = $edit_user->last_name;
$user_display_name = $edit_user->display_name;
$user_email = $edit_user->user_email;
$user_url = $edit_user->user_url;
$user_meta['from'] = $edit_user->from;
$user_meta['occ'] = $edit_user->occ;
$user_meta['interest'] = $edit_user->interest;
$user_role = array_search('true', $edit_user->capabilities);
$user_meta['throttle'] = $edit_user->throttle;
// Keymasters can't demote themselves
if ($edit_user->ID == bb_get_current_user_info('id') && $can_keep_gate || isset($edit_user->capabilities) && is_array($edit_user->capabilities) && array_key_exists('keymaster', $edit_user->capabilities) && !$can_keep_gate) {
$user_roles = array('keymaster' => $user_roles['keymaster']);
} elseif (!$can_keep_gate) {
unset($user_roles['keymaster']);
}
}
}
// Load password strength checker
nxt_enqueue_script('password-strength-meter');
nxt_enqueue_script('profile-edit');
// Generate a few PW hints
$some_pass_hints = '';
for ($l = 3; $l != 0; $l--) {
$some_pass_hints .= '<p>' . bb_generate_password() . '</p>';
}
// Create the user fields
$user_fields = array('user_login' => array('title' => __('Username'), 'note' => __('Required! Unique identifier for new user.'), 'value' => $user_login, 'disabled' => $disabled), 'first_name' => array('title' => __('First Name'), 'value' => $user_meta['first_name']), 'last_name' => array('title' => __('Last Name'), 'value' => $user_meta['last_name']), 'display_name' => array('title' => __('Display Name'), 'value' => $user_display_name), 'user_email' => array('title' => __('Email'), 'note' => __('Required! Will be used for notifications and profile settings changes.'), 'value' => $user_email), 'user_url' => array('title' => __('Website'), 'class' => array('long', 'code'), 'note' => __('The full URL of user\'s homepage or blog.'), 'value' => $user_url), 'from' => array('title' => __('Location'), 'class' => array('long'), 'value' => $user_meta['from']), 'occ' => array('title' => __('Occupation'), 'class' => array('long'), 'value' => $user_meta['occ']), 'interest' => array('title' => __('Interests'), 'class' => array('long'), 'value' => $user_meta['interest']), 'userrole' => array('title' => __('User Role'), 'type' => 'select', 'options' => $user_roles, 'note' => __('Allow user the above privileges.'), 'value' => $user_role), 'pass1' => array('title' => __('New Password'), 'type' => 'password', 'class' => array('short', 'text', 'code'), 'note' => __('Hints: ') . $some_pass_hints, 'value' => $user_pass1), 'pass2' => array('title' => __('Repeat New Password'), 'type' => 'password', 'class' => array('short', 'text', 'code'), 'note' => __('If you ignore hints, remember: the password should be at least seven characters long. To make it stronger, use upper and lower case letters, numbers and symbols like ! " ? $ % ^ & ).'), 'value' => $user_pass2), 'email_pass' => array('title' => '', 'type' => 'checkbox', 'options' => array('1' => array('label' => __('Email the new password.'), 'attributes' => array('checked' => true)))), 'pass-strength-fake-input' => array('title' => __('Password Strength'), 'type' => 'hidden'));
return apply_filters('bb_manage_user_fields', $user_fields);
}
function bb_new_user($user_login, $user_email, $user_url, $user_status = 1)
{
global $wp_users_object, $bbdb;
// is_email check + dns
if (!($user_email = is_email($user_email))) {
return new WP_Error('user_email', __('Invalid email address'), $user_email);
}
if (!($user_login = sanitize_user($user_login, true))) {
return new WP_Error('user_login', __('Invalid username'), $user_login);
}
// user_status = 1 means the user has not yet been verified
$user_status = is_numeric($user_status) ? (int) $user_status : 1;
if (defined('BB_INSTALLING')) {
$user_status = 0;
}
$user_nicename = $_user_nicename = bb_user_nicename_sanitize($user_login);
if (strlen($_user_nicename) < 1) {
return new WP_Error('user_login', __('Invalid username'), $user_login);
}
while (is_numeric($user_nicename) || ($existing_user = bb_get_user_by_nicename($user_nicename))) {
$user_nicename = bb_slug_increment($_user_nicename, $existing_user->user_nicename, 50);
}
$user_url = $user_url ? bb_fix_link($user_url) : '';
$user_pass = bb_generate_password();
$user = $wp_users_object->new_user(compact('user_login', 'user_email', 'user_url', 'user_nicename', 'user_status', 'user_pass'));
if (is_wp_error($user)) {
if ('user_nicename' == $user->get_error_code()) {
return new WP_Error('user_login', $user->get_error_message());
}
return $user;
}
if (BB_INSTALLING) {
bb_update_usermeta($user['ID'], $bbdb->prefix . 'capabilities', array('keymaster' => true));
} else {
bb_update_usermeta($user['ID'], $bbdb->prefix . 'capabilities', array('member' => true));
bb_send_pass($user['ID'], $user['plain_pass']);
}
do_action('bb_new_user', $user['ID'], $user['plain_pass']);
return $user['ID'];
}
/**
* Handles the resetting of users' passwords
*
* Handles resetting a user's password, prompted by an email sent by
* {@see bb_reset_email()}
*
* @since 0.7.2
* @global bbdb $bbdb
*
* @param string $key
* @return unknown
*/
function bb_reset_password($key)
{
global $bbdb;
$key = sanitize_user($key, true);
if (empty($key) || !is_string($key)) {
return new WP_Error('invalid_key', __('Invalid key'));
}
if (!($user_id = $bbdb->get_var($bbdb->prepare("SELECT user_id FROM {$bbdb->usermeta} WHERE meta_key = 'newpwdkey' AND meta_value = %s", $key)))) {
return new WP_Error('invalid_key', __('Invalid key'));
}
$user = new BP_User($user_id);
if (!$user || is_wp_error($user)) {
return new WP_Error('invalid_key', __('Invalid key'));
}
if (bb_has_broken_pass($user->ID)) {
bb_block_current_user();
}
if (!$user->has_cap('change_user_password', $user->ID)) {
return new WP_Error('permission_denied', __('You are not allowed to change your password.'));
}
$newpass = bb_generate_password();
bb_update_user_password($user->ID, $newpass);
if (!bb_send_pass($user->ID, $newpass)) {
return new WP_Error('sending_mail_failed', __('The email containing the new password could not be sent.'));
}
bb_update_usermeta($user->ID, 'newpwdkey', '');
return true;
}
function nxt_generate_password($length = 12, $special_chars = true)
{
bb_log_deprecated('function', __FUNCTION__, 'bb_generate_password');
return bb_generate_password($length, $special_chars);
}
function bb_li_connect()
{
global $wp_users_object, $li_attr;
//li authorization
if (!$_SESSION['oauth']['linkedin']['authorized'] === TRUE) {
try_li_connect();
}
$me = get_li_profile();
if (!$me) {
bb_die("Linkedin Connect failed");
exit;
}
$li_id = trim($me->{$li_attr}['id']);
//bb_die($li_id);
if (!$li_id) {
bb_die("LinkedIn Connect failed, no user id found.");
exit;
}
// Check if the user has already connected before
$user_id = li_get_userid_by_linkedin_id($li_id);
if (!$user_id) {
// User did not exist yet, lets create the local account
// First order of business is to find a unused usable account name
for ($i = 1;; $i++) {
$user_login = strtolower(sanitize_user(li_get_user_displayname($me), true));
$user_login = str_replace(' ', '_', $user_login);
$user_login = str_replace('__', '_', $user_login);
if (strlen($user_login) < 2) {
$user_login = "******";
}
if (strlen($user_login) > 50 - strlen($i)) {
$user_login = substr($user_login, 0, 50 - strlen($i));
}
if ($i > 1) {
$user_login .= $i;
}
// A very rare potential race condition exists here, if two users with the same name
// happen to register at the same time. One of them would fail, and have to retry.
if (bb_get_user($user_login, array('by' => 'login')) === false) {
break;
}
}
$user_nicename = $user_login;
$user_email = $user_login . "@none.local";
$user_url = trim($me->{$li_attr}['public-profile-url']);
$user_url = $user_url ? bb_fix_link($user_url) : '';
$user_status = 0;
$user_pass = bb_generate_password();
// User may have given permission to use his/her real email. Lets use it if so.
/*if (isset($me['email']) && $me['email'] != '' && is_email($me['email'])) {
$user_email = trim($me['email']);
if (bb_get_user($user_email, array ('by' => 'email')) !== false) {
// Uh oh. A user with this email already exists. This does not work out for us.
bb_die("Error: an user account with the email address '$user_email' already exists.");
}
}*/
$user = $wp_users_object->new_user(compact('user_login', 'user_email', 'user_url', 'user_nicename', 'user_status', 'user_pass'));
if (!$user || is_wp_error($user)) {
bb_die("Creating new user failed");
exit;
}
$user_id = $user['ID'];
//bb_die($user_id);
bb_update_usermeta($user_id, $bbdb->prefix . 'capabilities', array('member' => true));
bb_update_usermeta($user_id, 'linkedin_id', $li_id);
bb_update_usermeta($user_id, 'prompt_email', '1');
// will prompt user for email until set false. 1=true 0=false
bb_update_usermeta($user_id, 'li_avatar', trim($me->{$li_attr}['picture-url']));
// user avatar
bb_update_user($user_id, $user_email, $user_url, li_get_user_displayname($me));
bb_update_usermeta($user_id, 'first_name', trim($me->{$li_attr}['first-name']));
bb_update_usermeta($user_id, 'last_name', trim($me->{$li_attr}['last-name']));
bb_update_usermeta($user_id, 'occ', trim($me->{$li_attr}['headline']));
bb_update_usermeta($user_id, 'interest', trim($me->{$li_attr}['industry']));
do_action('bb_new_user', $user_id, $user_pass);
do_action('register_user', $user_id);
} else {
bb_update_usermeta($user_id, 'prompt_email', '1');
bb_update_usermeta($user_id, 'li_avatar', trim($me->{$li_attr}['picture-url']));
if (!bb_get_option('li_allow_useredit')) {
// enforce first name, last name and display name if the users are not allowed to change them
bb_update_user($user_id, bb_get_user_email($user_id), get_user_link($user_id), li_get_user_displayname($me));
bb_update_usermeta($user_id, 'first_name', trim($me->{$li_attr}['first-name']));
bb_update_usermeta($user_id, 'last_name', trim($me->{$li_attr}['last-name']));
bb_update_usermeta($user_id, 'occ', trim($me->{$li_attr}['headline']));
bb_update_usermeta($user_id, 'interest', trim($me->{$li_attr}['industry']));
}
}
bb_set_auth_cookie($user_id, true);
do_action('bb_user_login', $user_id);
$redirect_url = $_REQUEST['li_bb_connect'];
if (strpos($redirect_url, bb_get_option('uri')) !== 0) {
$redirect_url = bb_get_option('uri');
}
bb_safe_redirect($redirect_url);
exit;
}
