/**
* Catch a "Mark as Spammer/Not Spammer" click from the toolbar.
*
* When a site admin selects "Mark as Spammer/Not Spammer" from the admin menu
* this action will fire and mark or unmark the user and their blogs as spam.
* Must be a site admin for this function to run.
*
* Note: no longer used in the current state. See the Settings component.
*
* @param int $user_id Optional. User ID to mark as spam. Defaults to displayed
* user.
*/
function bp_core_action_set_spammer_status($user_id = 0)
{
// Only super admins can currently spam users (but they can't spam
// themselves)
if (!is_super_admin() || bp_is_my_profile()) {
return;
}
// Use displayed user if it's not yourself
if (empty($user_id)) {
$user_id = bp_displayed_user_id();
}
if (bp_is_current_component('admin') && in_array(bp_current_action(), array('mark-spammer', 'unmark-spammer'))) {
// Check the nonce
check_admin_referer('mark-unmark-spammer');
// To spam or not to spam
$status = bp_is_current_action('mark-spammer') ? 'spam' : 'ham';
// The heavy lifting
bp_core_process_spammer_status($user_id, $status);
// Add feedback message. @todo - Error reporting
if ('spam' == $status) {
bp_core_add_message(__('User marked as spammer. Spam users are visible only to site admins.', 'buddypress'));
} else {
bp_core_add_message(__('User removed as spammer.', 'buddypress'));
}
// Deprecated. Use bp_core_process_spammer_status.
$is_spam = 'spam' == $status;
do_action('bp_core_action_set_spammer_status', bp_displayed_user_id(), $is_spam);
// Redirect back to where we came from
bp_core_redirect(wp_get_referer());
}
}
/**
* Handles the setting of user capabilities, spamming, hamming, role, etc...
*/
function bp_settings_action_capabilities()
{
// Bail if not a POST action
if ('POST' !== strtoupper($_SERVER['REQUEST_METHOD'])) {
return;
}
// Bail if no submit action
if (!isset($_POST['capabilities-submit'])) {
return;
}
// Bail if not in settings
if (!bp_is_settings_component() || !bp_is_current_action('capabilities')) {
return false;
}
// 404 if there are any additional action variables attached
if (bp_action_variables()) {
bp_do_404();
return;
}
// Only super admins can currently spam users (but they can't spam
// themselves)
if (!is_super_admin() || bp_is_my_profile()) {
return;
}
// Nonce check
check_admin_referer('capabilities');
do_action('bp_settings_capabilities_before_save');
/** Spam **************************************************************/
$is_spammer = !empty($_POST['user-spammer']) ? true : false;
if (bp_is_user_spammer(bp_displayed_user_id()) != $is_spammer) {
$status = true == $is_spammer ? 'spam' : 'ham';
bp_core_process_spammer_status(bp_displayed_user_id(), $status);
do_action('bp_core_action_set_spammer_status', bp_displayed_user_id(), $status);
}
/** Other *************************************************************/
do_action('bp_settings_capabilities_after_save');
// Redirect to the root domain
bp_core_redirect(bp_displayed_user_domain() . bp_get_settings_slug() . '/capabilities/');
}
/**
* Set up the user's profile admin page.
*
* Loaded before the page is rendered, this function does all initial
* setup, including: processing form requests, registering contextual
* help, and setting up screen options.
*
* @since 2.0.0
*/
public function user_admin_load()
{
// Get the user ID.
$user_id = $this->get_user_id();
// Can current user edit this profile?
if (!$this->member_can_edit($user_id)) {
wp_die(__('You cannot edit the requested user.', 'buddypress'));
}
// Build redirection URL.
$redirect_to = remove_query_arg(array('action', 'error', 'updated', 'spam', 'ham', 'delete_avatar'), $_SERVER['REQUEST_URI']);
$doaction = !empty($_REQUEST['action']) ? $_REQUEST['action'] : false;
if (!empty($_REQUEST['user_status'])) {
$spam = (bool) ('spam' === $_REQUEST['user_status']);
if ($spam !== bp_is_user_spammer($user_id)) {
$doaction = $_REQUEST['user_status'];
}
}
/**
* Fires at the start of the signups admin load.
*
* @since 2.0.0
*
* @param string $doaction Current bulk action being processed.
* @param array $_REQUEST Current $_REQUEST global.
*/
do_action_ref_array('bp_members_admin_load', array($doaction, $_REQUEST));
/**
* Filters the allowed actions for use in the user admin page.
*
* @since 2.0.0
*
* @param array $value Array of allowed actions to use.
*/
$allowed_actions = apply_filters('bp_members_admin_allowed_actions', array('update', 'delete_avatar', 'spam', 'ham'));
// Prepare the display of the Community Profile screen.
if (!in_array($doaction, $allowed_actions)) {
add_screen_option('layout_columns', array('default' => 2, 'max' => 2));
get_current_screen()->add_help_tab(array('id' => 'bp-profile-edit-overview', 'title' => __('Overview', 'buddypress'), 'content' => '<p>' . __('This is the admin view of a user's profile.', 'buddypress') . '</p>' . '<p>' . __('In the main column, you can edit the fields of the user's extended profile.', 'buddypress') . '</p>' . '<p>' . __('In the right-hand column, you can update the user's status, delete the user's avatar, and view recent statistics.', 'buddypress') . '</p>'));
// Help panel - sidebar links.
get_current_screen()->set_help_sidebar('<p><strong>' . __('For more information:', 'buddypress') . '</strong></p>' . '<p>' . __('<a href="https://codex.buddypress.org/administrator-guide/extended-profiles/">Managing Profiles</a>', 'buddypress') . '</p>' . '<p>' . __('<a href="https://buddypress.org/support/">Support Forums</a>', 'buddypress') . '</p>');
// Register metaboxes for the edit screen.
add_meta_box('submitdiv', _x('Status', 'members user-admin edit screen', 'buddypress'), array($this, 'user_admin_status_metabox'), get_current_screen()->id, 'side', 'core');
// In case xprofile is not active.
$this->stats_metabox->context = 'normal';
$this->stats_metabox->priority = 'core';
/**
* Fires before loading the profile fields if component is active.
*
* Plugins should not use this hook, please use 'bp_members_admin_user_metaboxes' instead.
*
* @since 2.0.0
*
* @param int $user_id Current user ID for the screen.
* @param string $id Current screen ID.
* @param object $stats_metabox Object holding position data for use with the stats metabox.
*/
do_action_ref_array('bp_members_admin_xprofile_metabox', array($user_id, get_current_screen()->id, $this->stats_metabox));
// If xProfile is inactive, difficult to know what's profile we're on.
if ('normal' === $this->stats_metabox->context) {
$display_name = bp_core_get_user_displayname($user_id);
} else {
$display_name = __('Member', 'buddypress');
}
// User Stat metabox.
add_meta_box('bp_members_admin_user_stats', sprintf(_x("%s's Stats", 'members user-admin edit screen', 'buddypress'), $display_name), array($this, 'user_admin_stats_metabox'), get_current_screen()->id, sanitize_key($this->stats_metabox->context), sanitize_key($this->stats_metabox->priority));
// Member Type metabox. Only added if member types have been registered.
$member_types = bp_get_member_types();
if (!empty($member_types)) {
add_meta_box('bp_members_admin_member_type', _x('Member Type', 'members user-admin edit screen', 'buddypress'), array($this, 'user_admin_member_type_metabox'), get_current_screen()->id, 'side', 'core');
}
/**
* Fires at the end of the Community Profile screen.
*
* Plugins can restrict metabox to "bp_moderate" admins by checking if
* the first argument ($this->is_self_profile) is false in their callback.
* They can also restrict their metabox to self profile editing
* by setting it to true.
*
* @since 2.0.0
*
* @param bool $is_self_profile Whether or not it is the current user's profile.
* @param int $user_id Current user ID.
*/
do_action('bp_members_admin_user_metaboxes', $this->is_self_profile, $user_id);
// Enqueue JavaScript files.
wp_enqueue_script('postbox');
wp_enqueue_script('dashboard');
// Spam or Ham user.
} elseif (in_array($doaction, array('spam', 'ham')) && empty($this->is_self_profile)) {
check_admin_referer('edit-bp-profile_' . $user_id);
if (bp_core_process_spammer_status($user_id, $doaction)) {
$redirect_to = add_query_arg('updated', $doaction, $redirect_to);
} else {
$redirect_to = add_query_arg('error', $doaction, $redirect_to);
}
bp_core_redirect($redirect_to);
// Update other stuff once above ones are done.
} else {
$this->redirect = $redirect_to;
/**
* Fires at end of user profile admin load if doaction does not match any available actions.
*
* @since 2.0.0
*
* @param string $doaction Current bulk action being processed.
* @param int $user_id Current user ID.
* @param array $_REQUEST Current $_REQUEST global.
* @param string $redirect Determined redirect url to send user to.
*/
do_action_ref_array('bp_members_admin_update_user', array($doaction, $user_id, $_REQUEST, $this->redirect));
bp_core_redirect($this->redirect);
}
}
/**
* Catch requests to mark individual users as spam/ham from users.php.
*
* @since 2.0.0
*/
function bp_core_admin_user_manage_spammers()
{
// Print our inline scripts on non-Multisite.
add_action('admin_footer', 'bp_core_admin_user_spammed_js');
$action = isset($_REQUEST['action']) ? $_REQUEST['action'] : false;
$updated = isset($_REQUEST['updated']) ? $_REQUEST['updated'] : false;
$mode = isset($_POST['mode']) ? $_POST['mode'] : false;
// If this is a multisite, bulk request, stop now!
if ('list' == $mode) {
return;
}
// Process a spam/ham request.
if (!empty($action) && in_array($action, array('spam', 'ham'))) {
check_admin_referer('bp-spam-user');
$user_id = !empty($_REQUEST['user']) ? intval($_REQUEST['user']) : false;
if (empty($user_id)) {
return;
}
$redirect = wp_get_referer();
$status = $action == 'spam' ? 'spam' : 'ham';
// Process the user.
bp_core_process_spammer_status($user_id, $status);
$redirect = add_query_arg(array('updated' => 'marked-' . $status), $redirect);
wp_redirect($redirect);
}
// Display feedback.
if (!empty($updated) && in_array($updated, array('marked-spam', 'marked-ham'))) {
if ('marked-spam' === $updated) {
$notice = __('User marked as spammer. Spam users are visible only to site admins.', 'buddypress');
} else {
$notice = __('User removed from spam.', 'buddypress');
}
bp_core_add_admin_notice($notice);
}
}
/**
* Hook to WP's make_ham_user and run our custom BP spam functions.
*
* @since 1.6.0
*
* @param int $user_id The user ID passed from the make_ham_user hook.
*/
function bp_core_mark_user_ham_admin($user_id)
{
bp_core_process_spammer_status($user_id, 'ham', false);
}
/**
* @group type
* @group spam
*/
public function test_bp_user_query_type_alphabetical_spam_xprofileoff()
{
$u1 = $this->factory->user->create();
$u2 = $this->factory->user->create();
// Make sure xprofile and profile sync are off
$xprofile_toggle = isset(buddypress()->active_components['xprofile']);
buddypress()->active_components['xprofile'] = 0;
add_filter('bp_disable_profile_sync', '__return_false');
bp_core_process_spammer_status($u1, 'spam');
$q = new BP_User_Query(array('type' => 'alphabetical'));
// Restore xprofile setting
if ($xprofile_toggle) {
buddypress()->active_components['xprofile'] = 1;
} else {
unset(buddypress()->active_components['xprofile']);
}
remove_filter('bp_disable_profile_sync', '__return_false');
$found_user_ids = null;
if (!empty($q->results)) {
$found_user_ids = array_values(wp_parse_id_list(wp_list_pluck($q->results, 'ID')));
}
// Do a assertNotContains because there are weird issues with user #1 as created by WP
$this->assertNotContains($u1, $found_user_ids);
}
/**
* @group bp_blogs_restore_data
*/
public function test_bp_blogs_restore_data()
{
if (!is_multisite()) {
return;
}
// Create a regular member
$u = $this->factory->user->create();
// Create blogs
$b1 = $this->factory->blog->create(array('user_id' => $u));
$b2 = $this->factory->blog->create(array('user_id' => $u));
$expected = array($b1 => $b1, $b2 => $b2);
// Mark the user as spam
bp_core_process_spammer_status($u, 'spam');
// get all blogs for user
$blogs = bp_blogs_get_blogs_for_user($u, true);
$blog_ids = wp_list_pluck($blogs['blogs'], 'blog_id');
$this->assertNotEquals($expected, array_map('intval', $blog_ids), 'User marked as spam should not have any blog registered');
// Ham the user
bp_core_process_spammer_status($u, 'ham');
// get all blogs for user
$blogs = bp_blogs_get_blogs_for_user($u, true);
$blog_ids = wp_list_pluck($blogs['blogs'], 'blog_id');
$this->assertEquals($expected, array_map('intval', $blog_ids));
}
public function test_bp_core_process_spammer_status_bp_make_ham_user_filter()
{
add_filter('bp_make_ham_user', array($this, 'notification_filter_callback'));
$u1 = $this->factory->user->create();
$n = bp_core_process_spammer_status($u1, 'ham');
remove_filter('bp_make_ham_user', array($this, 'notification_filter_callback'));
$this->assertSame('bp_make_ham_user', $this->filter_fired);
}
/**
* Handles the setting of user capabilities, spamming, hamming, role, etc...
*
* @since 1.6.0
*/
function bp_settings_action_capabilities()
{
// Bail if not a POST action.
if ('POST' !== strtoupper($_SERVER['REQUEST_METHOD'])) {
return;
}
// Bail if no submit action.
if (!isset($_POST['capabilities-submit'])) {
return;
}
// Bail if not in settings.
if (!bp_is_settings_component() || !bp_is_current_action('capabilities')) {
return false;
}
// 404 if there are any additional action variables attached
if (bp_action_variables()) {
bp_do_404();
return;
}
// Only super admins can currently spam users (but they can't spam
// themselves).
if (!is_super_admin() || bp_is_my_profile()) {
return;
}
// Nonce check.
check_admin_referer('capabilities');
/**
* Fires before the capabilities settings have been saved.
*
* @since 1.6.0
*/
do_action('bp_settings_capabilities_before_save');
/* Spam **************************************************************/
$is_spammer = !empty($_POST['user-spammer']) ? true : false;
if (bp_is_user_spammer(bp_displayed_user_id()) != $is_spammer) {
$status = true == $is_spammer ? 'spam' : 'ham';
bp_core_process_spammer_status(bp_displayed_user_id(), $status);
/**
* Fires after processing a user as a spammer.
*
* @since 1.1.0
*
* @param int $value ID of the currently displayed user.
* @param string $status Determined status of "spam" or "ham" for the displayed user.
*/
do_action('bp_core_action_set_spammer_status', bp_displayed_user_id(), $status);
}
/* Other *************************************************************/
/**
* Fires after the capabilities settings have been saved and before redirect.
*
* @since 1.6.0
*/
do_action('bp_settings_capabilities_after_save');
// Redirect to the root domain.
bp_core_redirect(bp_displayed_user_domain() . bp_get_settings_slug() . '/capabilities/');
}
/**
* Set up the user's profile admin page.
*
* Loaded before the page is rendered, this function does all initial
* setup, including: processing form requests, registering contextual
* help, and setting up screen options.
*
* @access public
* @since BuddyPress (2.0.0)
*/
public function user_admin_load()
{
if (!($user_id = intval($_GET['user_id']))) {
wp_die(__('No users were found', 'buddypress'));
}
// only edit others profile
if (get_current_user_id() == $user_id) {
bp_core_redirect(get_edit_user_link($user_id));
}
// Build redirection URL
$redirect_to = remove_query_arg(array('action', 'error', 'updated', 'spam', 'ham', 'delete_avatar'), $_SERVER['REQUEST_URI']);
$doaction = !empty($_REQUEST['action']) ? $_REQUEST['action'] : false;
if (!empty($_REQUEST['user_status'])) {
$spam = 'spam' == $_REQUEST['user_status'] ? true : false;
if ($spam != bp_is_user_spammer($user_id)) {
$doaction = $_REQUEST['user_status'];
}
}
// Call an action for plugins to hook in early
do_action_ref_array('bp_members_admin_load', array($doaction, $_REQUEST));
// Allowed actions
$allowed_actions = apply_filters('bp_members_admin_allowed_actions', array('update', 'delete_avatar', 'spam', 'ham'));
// Prepare the display of the Community Profile screen
if (!in_array($doaction, $allowed_actions)) {
add_screen_option('layout_columns', array('default' => 2, 'max' => 2));
get_current_screen()->add_help_tab(array('id' => 'bp-profile-edit-overview', 'title' => __('Overview', 'buddypress'), 'content' => '<p>' . __('This is the admin view of a user's profile.', 'buddypress') . '</p>' . '<p>' . __('In the main column, you can edit the fields of the user's extended profile.', 'buddypress') . '</p>' . '<p>' . __('In the right-hand column, you can update the user's status, delete the user's avatar, and view recent statistics.', 'buddypress') . '</p>'));
// Help panel - sidebar links
get_current_screen()->set_help_sidebar('<p><strong>' . __('For more information:', 'buddypress') . '</strong></p>' . '<p>' . __('<a href="http://codex.buddypress.org/buddypress-site-administration/managing-user-profiles/">Managing Profiles</a>', 'buddypress') . '</p>' . '<p>' . __('<a href="http://buddypress.org/support/">Support Forums</a>', 'buddypress') . '</p>');
// Register metaboxes for the edit screen.
add_meta_box('submitdiv', _x('Status', 'members user-admin edit screen', 'buddypress'), array(&$this, 'user_admin_status_metabox'), get_current_screen()->id, 'side', 'core');
// In case xprofile is not active
$this->stats_metabox->context = 'normal';
$this->stats_metabox->priority = 'core';
/**
* xProfile Hooks to load the profile fields if component is active
* Plugins should not use this hook, please use 'bp_members_admin_user_metaboxes' instead
*/
do_action_ref_array('bp_members_admin_xprofile_metabox', array($user_id, get_current_screen()->id, $this->stats_metabox));
// If xProfile is inactive, difficult to know what's profile we're on
$display_name = false;
if ('normal' == $this->stats_metabox->context) {
$display_name = ' - ' . esc_html(bp_core_get_user_displayname($user_id));
}
// User Stat metabox
add_meta_box('bp_members_admin_user_stats', _x('Stats' . $display_name, 'members user-admin edit screen', 'buddypress'), array(&$this, 'user_admin_stats_metabox'), get_current_screen()->id, sanitize_key($this->stats_metabox->context), sanitize_key($this->stats_metabox->priority));
// Custom metabox ?
do_action('bp_members_admin_user_metaboxes');
// Enqueue javascripts
wp_enqueue_script('postbox');
wp_enqueue_script('dashboard');
// Spam or Ham user
} else {
if (in_array($doaction, array('spam', 'ham'))) {
check_admin_referer('edit-bp-profile_' . $user_id);
if (bp_core_process_spammer_status($user_id, $doaction)) {
$redirect_to = add_query_arg('updated', $doaction, $redirect_to);
} else {
$redirect_to = add_query_arg('error', $doaction, $redirect_to);
}
bp_core_redirect($redirect_to);
// Update other stuff once above ones are done
} else {
$this->redirect = $redirect_to;
do_action_ref_array('bp_members_admin_update_user', array($doaction, $user_id, $_REQUEST, $this->redirect));
bp_core_redirect($this->redirect);
}
}
}
