public function getResults($search) { global $wpdb, $bp; $results = array(); if (!$this->isEnabled()) { return $results; } $results = $wpdb->get_results($wpdb->prepare("\n\t\t\tSELECT *\n\t\t\tFROM {$bp->profile->table_name_data}\n\t\t\tWHERE value LIKE %s AND\n\t\t\t\t(SELECT COUNT(id) from {$bp->profile->table_name_fields}\n\t\t\t\tWHERE id=field_id) > 0", '%' . $wpdb->esc_like($search) . '%')); return array_map(function ($result) use($search) { return new Expert_Finder_Profile_Field_Result($result, $this->options['A'], $search); }, array_filter($results, function ($result) { $level = xprofile_get_field_visibility_level($result->field_id, $result->user_id); return $level == "public" || $level == "adminsonly" && (current_user_can("manage_options") || $result->user_id == get_current_user_id()) || $level == "loggedin" && is_user_logged_in(); })); }
/** * @group xprofile_get_field_visibility_level */ public function test_bp_xprofile_get_field_visibility_level_admin_override() { $u = $this->factory->user->create(); $g = $this->factory->xprofile_group->create(); $f = $this->factory->xprofile_field->create(array('field_group_id' => $g)); bp_xprofile_update_meta($f, 'field', 'default_visibility', 'adminsonly'); bp_xprofile_update_meta($f, 'field', 'allow_custom_visibility', 'disabled'); xprofile_set_field_visibility_level($f, $u, 'loggedin'); $this->assertSame('adminsonly', xprofile_get_field_visibility_level($f, $u)); }
/** * Handles the display of the profile edit page by loading the correct template file. * Also checks to make sure this can only be accessed for the logged in users profile. * * @package BuddyPress XProfile * @uses bp_is_my_profile() Checks to make sure the current user being viewed equals the logged in user * @uses bp_core_load_template() Looks for and loads a template file within the current member theme (folder/filename) */ function xprofile_screen_edit_profile() { if (!bp_is_my_profile() && !bp_current_user_can('bp_moderate')) { return false; } $bp = buddypress(); // Make sure a group is set. if (!bp_action_variable(1)) { bp_core_redirect(trailingslashit(bp_displayed_user_domain() . $bp->profile->slug . '/edit/group/1')); } // Check the field group exists if (!bp_is_action_variable('group') || !xprofile_get_field_group(bp_action_variable(1))) { bp_do_404(); return; } // No errors $errors = false; // Check to see if any new information has been submitted if (isset($_POST['field_ids'])) { // Check the nonce check_admin_referer('bp_xprofile_edit'); // Check we have field ID's if (empty($_POST['field_ids'])) { bp_core_redirect(trailingslashit(bp_displayed_user_domain() . $bp->profile->slug . '/edit/group/' . bp_action_variable(1))); } // Explode the posted field IDs into an array so we know which // fields have been submitted $posted_field_ids = wp_parse_id_list($_POST['field_ids']); $is_required = array(); // Loop through the posted fields formatting any datebox values // then validate the field foreach ((array) $posted_field_ids as $field_id) { if (!isset($_POST['field_' . $field_id])) { if (!empty($_POST['field_' . $field_id . '_day']) && !empty($_POST['field_' . $field_id . '_month']) && !empty($_POST['field_' . $field_id . '_year'])) { // Concatenate the values $date_value = $_POST['field_' . $field_id . '_day'] . ' ' . $_POST['field_' . $field_id . '_month'] . ' ' . $_POST['field_' . $field_id . '_year']; // Turn the concatenated value into a timestamp $_POST['field_' . $field_id] = date('Y-m-d H:i:s', strtotime($date_value)); } } $is_required[$field_id] = xprofile_check_is_required_field($field_id); if ($is_required[$field_id] && empty($_POST['field_' . $field_id])) { $errors = true; } } // There are errors if (!empty($errors)) { bp_core_add_message(__('Please make sure you fill in all required fields in this profile field group before saving.', 'buddypress'), 'error'); // No errors } else { // Reset the errors var $errors = false; // Now we've checked for required fields, lets save the values. $old_values = $new_values = array(); foreach ((array) $posted_field_ids as $field_id) { // Certain types of fields (checkboxes, multiselects) may come through empty. Save them as an empty array so that they don't get overwritten by the default on the next edit. $value = isset($_POST['field_' . $field_id]) ? $_POST['field_' . $field_id] : ''; $visibility_level = !empty($_POST['field_' . $field_id . '_visibility']) ? $_POST['field_' . $field_id . '_visibility'] : 'public'; // Save the old and new values. They will be // passed to the filter and used to determine // whether an activity item should be posted $old_values[$field_id] = array('value' => xprofile_get_field_data($field_id, bp_displayed_user_id()), 'visibility' => xprofile_get_field_visibility_level($field_id, bp_displayed_user_id())); // Update the field data and visibility level xprofile_set_field_visibility_level($field_id, bp_displayed_user_id(), $visibility_level); $field_updated = xprofile_set_field_data($field_id, bp_displayed_user_id(), $value, $is_required[$field_id]); $value = xprofile_get_field_data($field_id, bp_displayed_user_id()); $new_values[$field_id] = array('value' => $value, 'visibility' => xprofile_get_field_visibility_level($field_id, bp_displayed_user_id())); if (!$field_updated) { $errors = true; } else { /** * Fires on each iteration of an XProfile field being saved with no error. * * @since BuddyPress (1.1.0) * * @param int $field_id ID of the field that was saved. * @param string $value Value that was saved to the field. */ do_action('xprofile_profile_field_data_updated', $field_id, $value); } } /** * Fires after all XProfile fields have been saved for the current profile. * * @since BuddyPress (1.0.0) * * @param int $value Displayed user ID. * @param array $posted_field_ids Array of field IDs that were edited. * @param bool $errors Whether or not any errors occurred. * @param array $old_values Array of original values before updated. * @param array $new_values Array of newly saved values after update. */ do_action('xprofile_updated_profile', bp_displayed_user_id(), $posted_field_ids, $errors, $old_values, $new_values); // Set the feedback messages if (!empty($errors)) { bp_core_add_message(__('There was a problem updating some of your profile information. Please try again.', 'buddypress'), 'error'); } else { bp_core_add_message(__('Changes saved.', 'buddypress')); } // Redirect back to the edit screen to display the updates and message bp_core_redirect(trailingslashit(bp_displayed_user_domain() . $bp->profile->slug . '/edit/group/' . bp_action_variable(1))); } } /** * Fires right before the loading of the XProfile edit screen template file. * * @since BuddyPress (1.0.0) */ do_action('xprofile_screen_edit_profile'); /** * Filters the template to load for the XProfile edit screen. * * @since BuddyPress (1.0.0) * * @param string $template Path to the XProfile edit template to load. */ bp_core_load_template(apply_filters('xprofile_template_edit_profile', 'members/single/home')); }
/** * Save the profile fields in Members community profile page. * * Loaded before the page is rendered, this function is processing form * requests. * * @since 2.0.0 * * @param string $doaction Action being run. * @param int $user_id ID for the user whose profile is being saved. * @param array $request Request being made. * @param string $redirect_to Where to redirect user to. */ public function user_admin_load($doaction = '', $user_id = 0, $request = array(), $redirect_to = '') { // Eventually delete avatar. if ('delete_avatar' === $doaction) { check_admin_referer('delete_avatar'); $redirect_to = remove_query_arg('_wpnonce', $redirect_to); if (bp_core_delete_existing_avatar(array('item_id' => $user_id))) { $redirect_to = add_query_arg('updated', 'avatar', $redirect_to); } else { $redirect_to = add_query_arg('error', 'avatar', $redirect_to); } bp_core_redirect($redirect_to); } elseif (isset($_POST['field_ids'])) { // Update profile fields. // Check the nonce. check_admin_referer('edit-bp-profile_' . $user_id); // Check we have field ID's. if (empty($_POST['field_ids'])) { $redirect_to = add_query_arg('error', '1', $redirect_to); bp_core_redirect($redirect_to); } /** * Unlike front-end edit-fields screens, the wp-admin/profile * displays all groups of fields on a single page, so the list of * field ids is an array gathering for each group of fields a * distinct comma separated list of ids. * * As a result, before using the wp_parse_id_list() function, we * must ensure that these ids are "merged" into a single comma * separated list. */ $merge_ids = join(',', $_POST['field_ids']); // Explode the posted field IDs into an array so we know which fields have been submitted. $posted_field_ids = wp_parse_id_list($merge_ids); $is_required = array(); // Loop through the posted fields formatting any datebox values then validate the field. foreach ((array) $posted_field_ids as $field_id) { bp_xprofile_maybe_format_datebox_post_data($field_id); $is_required[$field_id] = xprofile_check_is_required_field($field_id) && !bp_current_user_can('bp_moderate'); if ($is_required[$field_id] && empty($_POST['field_' . $field_id])) { $redirect_to = add_query_arg('error', '2', $redirect_to); bp_core_redirect($redirect_to); } } // Set the errors var. $errors = false; // Now we've checked for required fields, let's save the values. $old_values = $new_values = array(); foreach ((array) $posted_field_ids as $field_id) { /* * Certain types of fields (checkboxes, multiselects) may come * through empty. Save them as an empty array so that they don't * get overwritten by the default on the next edit. */ $value = isset($_POST['field_' . $field_id]) ? $_POST['field_' . $field_id] : ''; $visibility_level = !empty($_POST['field_' . $field_id . '_visibility']) ? $_POST['field_' . $field_id . '_visibility'] : 'public'; /* * Save the old and new values. They will be * passed to the filter and used to determine * whether an activity item should be posted. */ $old_values[$field_id] = array('value' => xprofile_get_field_data($field_id, $user_id), 'visibility' => xprofile_get_field_visibility_level($field_id, $user_id)); // Update the field data and visibility level. xprofile_set_field_visibility_level($field_id, $user_id, $visibility_level); $field_updated = xprofile_set_field_data($field_id, $user_id, $value, $is_required[$field_id]); $value = xprofile_get_field_data($field_id, $user_id); $new_values[$field_id] = array('value' => $value, 'visibility' => xprofile_get_field_visibility_level($field_id, $user_id)); if (!$field_updated) { $errors = true; } else { /** * Fires after the saving of each profile field, if successful. * * @since 1.1.0 * * @param int $field_id ID of the field being updated. * @param string $value Value that was saved to the field. */ do_action('xprofile_profile_field_data_updated', $field_id, $value); } } /** * Fires after all XProfile fields have been saved for the current profile. * * @since 1.0.0 * @since 2.6.0 Added $old_values and $new_values parameters. * * @param int $user_id ID for the user whose profile is being saved. * @param array $posted_field_ids Array of field IDs that were edited. * @param bool $errors Whether or not any errors occurred. * @param array $old_values Array of original values before update. * @param array $new_values Array of newly saved values after update. */ do_action('xprofile_updated_profile', $user_id, $posted_field_ids, $errors, $old_values, $new_values); // Set the feedback messages. if (!empty($errors)) { $redirect_to = add_query_arg('error', '3', $redirect_to); } else { $redirect_to = add_query_arg('updated', '1', $redirect_to); } bp_core_redirect($redirect_to); } }