web/wp-admin/users.php
branchwordpress
changeset 109 03b0d1493584
child 132 4d4862461b8d
equal deleted inserted replaced
-1:000000000000 109:03b0d1493584
       
     1 <?php
       
     2 /**
       
     3  * Users administration panel.
       
     4  *
       
     5  * @package WordPress
       
     6  * @subpackage Administration
       
     7  */
       
     8 
       
     9 /** WordPress Administration Bootstrap */
       
    10 require_once('admin.php');
       
    11 
       
    12 /** WordPress Registration API */
       
    13 require_once( ABSPATH . WPINC . '/registration.php');
       
    14 
       
    15 if ( !current_user_can('edit_users') )
       
    16 	wp_die(__('Cheatin&#8217; uh?'));
       
    17 
       
    18 $title = __('Users');
       
    19 $parent_file = 'users.php';
       
    20 
       
    21 $update = $doaction = '';
       
    22 if ( isset($_REQUEST['action']) )
       
    23 	$doaction = $_REQUEST['action'] ? $_REQUEST['action'] : $_REQUEST['action2'];
       
    24 
       
    25 if ( empty($doaction) ) {
       
    26 	if ( isset($_GET['changeit']) && !empty($_GET['new_role']) )
       
    27 		$doaction = 'promote';
       
    28 }
       
    29 
       
    30 if ( empty($_REQUEST) ) {
       
    31 	$referer = '<input type="hidden" name="wp_http_referer" value="'. esc_attr(stripslashes($_SERVER['REQUEST_URI'])) . '" />';
       
    32 } elseif ( isset($_REQUEST['wp_http_referer']) ) {
       
    33 	$redirect = remove_query_arg(array('wp_http_referer', 'updated', 'delete_count'), stripslashes($_REQUEST['wp_http_referer']));
       
    34 	$referer = '<input type="hidden" name="wp_http_referer" value="' . esc_attr($redirect) . '" />';
       
    35 } else {
       
    36 	$redirect = 'users.php';
       
    37 	$referer = '';
       
    38 }
       
    39 
       
    40 switch ($doaction) {
       
    41 
       
    42 /* Bulk Dropdown menu Role changes */
       
    43 case 'promote':
       
    44 	check_admin_referer('bulk-users');
       
    45 
       
    46 	if (empty($_REQUEST['users'])) {
       
    47 		wp_redirect($redirect);
       
    48 		exit();
       
    49 	}
       
    50 
       
    51 	$editable_roles = get_editable_roles();
       
    52 	if (!$editable_roles[$_REQUEST['new_role']])
       
    53 		wp_die(__('You can&#8217;t give users that role.'));
       
    54 
       
    55 	$userids = $_REQUEST['users'];
       
    56 	$update = 'promote';
       
    57 	foreach($userids as $id) {
       
    58 		if ( ! current_user_can('edit_user', $id) )
       
    59 			wp_die(__('You can&#8217;t edit that user.'));
       
    60 		// The new role of the current user must also have edit_users caps
       
    61 		if($id == $current_user->ID && !$wp_roles->role_objects[$_REQUEST['new_role']]->has_cap('edit_users')) {
       
    62 			$update = 'err_admin_role';
       
    63 			continue;
       
    64 		}
       
    65 
       
    66 		$user = new WP_User($id);
       
    67 		$user->set_role($_REQUEST['new_role']);
       
    68 	}
       
    69 
       
    70 	wp_redirect(add_query_arg('update', $update, $redirect));
       
    71 	exit();
       
    72 
       
    73 break;
       
    74 
       
    75 case 'dodelete':
       
    76 
       
    77 	check_admin_referer('delete-users');
       
    78 
       
    79 	if ( empty($_REQUEST['users']) ) {
       
    80 		wp_redirect($redirect);
       
    81 		exit();
       
    82 	}
       
    83 
       
    84 	if ( !current_user_can('delete_users') )
       
    85 		wp_die(__('You can&#8217;t delete users.'));
       
    86 
       
    87 	$userids = $_REQUEST['users'];
       
    88 	$update = 'del';
       
    89 	$delete_count = 0;
       
    90 
       
    91 	foreach ( (array) $userids as $id) {
       
    92 		if ( ! current_user_can('delete_user', $id) )
       
    93 			wp_die(__('You can&#8217;t delete that user.'));
       
    94 
       
    95 		if($id == $current_user->ID) {
       
    96 			$update = 'err_admin_del';
       
    97 			continue;
       
    98 		}
       
    99 		switch($_REQUEST['delete_option']) {
       
   100 		case 'delete':
       
   101 			wp_delete_user($id);
       
   102 			break;
       
   103 		case 'reassign':
       
   104 			wp_delete_user($id, $_REQUEST['reassign_user']);
       
   105 			break;
       
   106 		}
       
   107 		++$delete_count;
       
   108 	}
       
   109 
       
   110 	$redirect = add_query_arg( array('delete_count' => $delete_count, 'update' => $update), $redirect);
       
   111 	wp_redirect($redirect);
       
   112 	exit();
       
   113 
       
   114 break;
       
   115 
       
   116 case 'delete':
       
   117 
       
   118 	check_admin_referer('bulk-users');
       
   119 
       
   120 	if ( empty($_REQUEST['users']) && empty($_REQUEST['user']) ) {
       
   121 		wp_redirect($redirect);
       
   122 		exit();
       
   123 	}
       
   124 
       
   125 	if ( !current_user_can('delete_users') )
       
   126 		$errors = new WP_Error('edit_users', __('You can&#8217;t delete users.'));
       
   127 
       
   128 	if ( empty($_REQUEST['users']) )
       
   129 		$userids = array(intval($_REQUEST['user']));
       
   130 	else
       
   131 		$userids = $_REQUEST['users'];
       
   132 
       
   133 	include ('admin-header.php');
       
   134 ?>
       
   135 <form action="" method="post" name="updateusers" id="updateusers">
       
   136 <?php wp_nonce_field('delete-users') ?>
       
   137 <?php echo $referer; ?>
       
   138 
       
   139 <div class="wrap">
       
   140 <?php screen_icon(); ?>
       
   141 <h2><?php _e('Delete Users'); ?></h2>
       
   142 <p><?php _e('You have specified these users for deletion:'); ?></p>
       
   143 <ul>
       
   144 <?php
       
   145 	$go_delete = false;
       
   146 	foreach ( (array) $userids as $id ) {
       
   147 		$id = (int) $id;
       
   148 		$user = new WP_User($id);
       
   149 		if ( $id == $current_user->ID ) {
       
   150 			echo "<li>" . sprintf(__('ID #%1s: %2s <strong>The current user will not be deleted.</strong>'), $id, $user->user_login) . "</li>\n";
       
   151 		} else {
       
   152 			echo "<li><input type=\"hidden\" name=\"users[]\" value=\"" . esc_attr($id) . "\" />" . sprintf(__('ID #%1s: %2s'), $id, $user->user_login) . "</li>\n";
       
   153 			$go_delete = true;
       
   154 		}
       
   155 	}
       
   156 	$all_logins = $wpdb->get_results("SELECT ID, user_login FROM $wpdb->users ORDER BY user_login");
       
   157 	$user_dropdown = '<select name="reassign_user">';
       
   158 	foreach ( (array) $all_logins as $login )
       
   159 		if ( $login->ID == $current_user->ID || !in_array($login->ID, $userids) )
       
   160 			$user_dropdown .= "<option value=\"" . esc_attr($login->ID) . "\">{$login->user_login}</option>";
       
   161 	$user_dropdown .= '</select>';
       
   162 	?>
       
   163 	</ul>
       
   164 <?php if ( $go_delete ) : ?>
       
   165 	<fieldset><p><legend><?php _e('What should be done with posts and links owned by this user?'); ?></legend></p>
       
   166 	<ul style="list-style:none;">
       
   167 		<li><label><input type="radio" id="delete_option0" name="delete_option" value="delete" checked="checked" />
       
   168 		<?php _e('Delete all posts and links.'); ?></label></li>
       
   169 		<li><input type="radio" id="delete_option1" name="delete_option" value="reassign" />
       
   170 		<?php echo '<label for="delete_option1">'.__('Attribute all posts and links to:')."</label> $user_dropdown"; ?></li>
       
   171 	</ul></fieldset>
       
   172 	<input type="hidden" name="action" value="dodelete" />
       
   173 	<p class="submit"><input type="submit" name="submit" value="<?php esc_attr_e('Confirm Deletion'); ?>" class="button-secondary" /></p>
       
   174 <?php else : ?>
       
   175 	<p><?php _e('There are no valid users selected for deletion.'); ?></p>
       
   176 <?php endif; ?>
       
   177 </div>
       
   178 </form>
       
   179 <?php
       
   180 
       
   181 break;
       
   182 
       
   183 default:
       
   184 
       
   185 	if ( !empty($_GET['_wp_http_referer']) ) {
       
   186 		wp_redirect(remove_query_arg(array('_wp_http_referer', '_wpnonce'), stripslashes($_SERVER['REQUEST_URI'])));
       
   187 		exit;
       
   188 	}
       
   189 
       
   190 	include('admin-header.php');
       
   191 
       
   192 	$usersearch = isset($_GET['usersearch']) ? $_GET['usersearch'] : null;
       
   193 	$userspage = isset($_GET['userspage']) ? $_GET['userspage'] : null;
       
   194 	$role = isset($_GET['role']) ? $_GET['role'] : null;
       
   195 
       
   196 	// Query the users
       
   197 	$wp_user_search = new WP_User_Search($usersearch, $userspage, $role);
       
   198 
       
   199 	$messages = array();
       
   200 	if ( isset($_GET['update']) ) :
       
   201 		switch($_GET['update']) {
       
   202 		case 'del':
       
   203 		case 'del_many':
       
   204 			$delete_count = isset($_GET['delete_count']) ? (int) $_GET['delete_count'] : 0;
       
   205 			$messages[] = '<div id="message" class="updated fade"><p>' . sprintf(_n('%s user deleted', '%s users deleted', $delete_count), $delete_count) . '</p></div>';
       
   206 			break;
       
   207 		case 'add':
       
   208 			$messages[] = '<div id="message" class="updated fade"><p>' . __('New user created.') . '</p></div>';
       
   209 			break;
       
   210 		case 'promote':
       
   211 			$messages[] = '<div id="message" class="updated fade"><p>' . __('Changed roles.') . '</p></div>';
       
   212 			break;
       
   213 		case 'err_admin_role':
       
   214 			$messages[] = '<div id="message" class="error"><p>' . __('The current user&#8217;s role must have user editing capabilities.') . '</p></div>';
       
   215 			$messages[] = '<div id="message" class="updated fade"><p>' . __('Other user roles have been changed.') . '</p></div>';
       
   216 			break;
       
   217 		case 'err_admin_del':
       
   218 			$messages[] = '<div id="message" class="error"><p>' . __('You can&#8217;t delete the current user.') . '</p></div>';
       
   219 			$messages[] = '<div id="message" class="updated fade"><p>' . __('Other users have been deleted.') . '</p></div>';
       
   220 			break;
       
   221 		}
       
   222 	endif; ?>
       
   223 
       
   224 <?php if ( isset($errors) && is_wp_error( $errors ) ) : ?>
       
   225 	<div class="error">
       
   226 		<ul>
       
   227 		<?php
       
   228 			foreach ( $errors->get_error_messages() as $err )
       
   229 				echo "<li>$err</li>\n";
       
   230 		?>
       
   231 		</ul>
       
   232 	</div>
       
   233 <?php endif;
       
   234 
       
   235 if ( ! empty($messages) ) {
       
   236 	foreach ( $messages as $msg )
       
   237 		echo $msg;
       
   238 } ?>
       
   239 
       
   240 <div class="wrap">
       
   241 <?php screen_icon(); ?>
       
   242 <h2><?php echo esc_html( $title );
       
   243 if ( isset($_GET['usersearch']) && $_GET['usersearch'] )
       
   244 	printf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;') . '</span>', esc_html( $_GET['usersearch'] ) ); ?>
       
   245 </h2>
       
   246 
       
   247 <div class="filter">
       
   248 <form id="list-filter" action="" method="get">
       
   249 <ul class="subsubsub">
       
   250 <?php
       
   251 $role_links = array();
       
   252 $avail_roles = array();
       
   253 $users_of_blog = get_users_of_blog();
       
   254 $total_users = count( $users_of_blog );
       
   255 foreach ( (array) $users_of_blog as $b_user ) {
       
   256 	$b_roles = unserialize($b_user->meta_value);
       
   257 	foreach ( (array) $b_roles as $b_role => $val ) {
       
   258 		if ( !isset($avail_roles[$b_role]) )
       
   259 			$avail_roles[$b_role] = 0;
       
   260 		$avail_roles[$b_role]++;
       
   261 	}
       
   262 }
       
   263 unset($users_of_blog);
       
   264 
       
   265 $current_role = false;
       
   266 $class = empty($role) ? ' class="current"' : '';
       
   267 $role_links[] = "<li><a href='users.php'$class>" . sprintf( _nx( 'All <span class="count">(%s)</span>', 'All <span class="count">(%s)</span>', $total_users, 'users' ), number_format_i18n( $total_users ) ) . '</a>';
       
   268 foreach ( $wp_roles->get_names() as $this_role => $name ) {
       
   269 	if ( !isset($avail_roles[$this_role]) )
       
   270 		continue;
       
   271 
       
   272 	$class = '';
       
   273 
       
   274 	if ( $this_role == $role ) {
       
   275 		$current_role = $role;
       
   276 		$class = ' class="current"';
       
   277 	}
       
   278 
       
   279 	$name = translate_user_role( $name );
       
   280 	/* translators: User role name with count */
       
   281 	$name = sprintf( __('%1$s <span class="count">(%2$s)</span>'), $name, $avail_roles[$this_role] );
       
   282 	$role_links[] = "<li><a href='users.php?role=$this_role'$class>$name</a>";
       
   283 }
       
   284 echo implode( " |</li>\n", $role_links) . '</li>';
       
   285 unset($role_links);
       
   286 ?>
       
   287 </ul>
       
   288 </form>
       
   289 </div>
       
   290 
       
   291 <form class="search-form" action="" method="get">
       
   292 <p class="search-box">
       
   293 	<label class="screen-reader-text" for="user-search-input"><?php _e( 'Search Users' ); ?>:</label>
       
   294 	<input type="text" id="user-search-input" name="usersearch" value="<?php echo esc_attr($wp_user_search->search_term); ?>" />
       
   295 	<input type="submit" value="<?php esc_attr_e( 'Search Users' ); ?>" class="button" />
       
   296 </p>
       
   297 </form>
       
   298 
       
   299 <form id="posts-filter" action="" method="get">
       
   300 <div class="tablenav">
       
   301 
       
   302 <?php if ( $wp_user_search->results_are_paged() ) : ?>
       
   303 	<div class="tablenav-pages"><?php $wp_user_search->page_links(); ?></div>
       
   304 <?php endif; ?>
       
   305 
       
   306 <div class="alignleft actions">
       
   307 <select name="action">
       
   308 <option value="" selected="selected"><?php _e('Bulk Actions'); ?></option>
       
   309 <option value="delete"><?php _e('Delete'); ?></option>
       
   310 </select>
       
   311 <input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" />
       
   312 <label class="screen-reader-text" for="new_role"><?php _e('Change role to&hellip;') ?></label><select name="new_role" id="new_role"><option value=''><?php _e('Change role to&hellip;') ?></option><?php wp_dropdown_roles(); ?></select>
       
   313 <input type="submit" value="<?php esc_attr_e('Change'); ?>" name="changeit" class="button-secondary" />
       
   314 <?php wp_nonce_field('bulk-users'); ?>
       
   315 </div>
       
   316 
       
   317 <br class="clear" />
       
   318 </div>
       
   319 
       
   320 	<?php if ( is_wp_error( $wp_user_search->search_errors ) ) : ?>
       
   321 		<div class="error">
       
   322 			<ul>
       
   323 			<?php
       
   324 				foreach ( $wp_user_search->search_errors->get_error_messages() as $message )
       
   325 					echo "<li>$message</li>";
       
   326 			?>
       
   327 			</ul>
       
   328 		</div>
       
   329 	<?php endif; ?>
       
   330 
       
   331 
       
   332 <?php if ( $wp_user_search->get_results() ) : ?>
       
   333 
       
   334 	<?php if ( $wp_user_search->is_search() ) : ?>
       
   335 		<p><a href="users.php"><?php _e('&larr; Back to All Users'); ?></a></p>
       
   336 	<?php endif; ?>
       
   337 
       
   338 <table class="widefat fixed" cellspacing="0">
       
   339 <thead>
       
   340 <tr class="thead">
       
   341 <?php print_column_headers('users') ?>
       
   342 </tr>
       
   343 </thead>
       
   344 
       
   345 <tfoot>
       
   346 <tr class="thead">
       
   347 <?php print_column_headers('users', false) ?>
       
   348 </tr>
       
   349 </tfoot>
       
   350 
       
   351 <tbody id="users" class="list:user user-list">
       
   352 <?php
       
   353 $style = '';
       
   354 foreach ( $wp_user_search->get_results() as $userid ) {
       
   355 	$user_object = new WP_User($userid);
       
   356 	$roles = $user_object->roles;
       
   357 	$role = array_shift($roles);
       
   358 
       
   359 	$style = ( ' class="alternate"' == $style ) ? '' : ' class="alternate"';
       
   360 	echo "\n\t" . user_row($user_object, $style, $role);
       
   361 }
       
   362 ?>
       
   363 </tbody>
       
   364 </table>
       
   365 
       
   366 <div class="tablenav">
       
   367 
       
   368 <?php if ( $wp_user_search->results_are_paged() ) : ?>
       
   369 	<div class="tablenav-pages"><?php $wp_user_search->page_links(); ?></div>
       
   370 <?php endif; ?>
       
   371 
       
   372 <div class="alignleft actions">
       
   373 <select name="action2">
       
   374 <option value="" selected="selected"><?php _e('Bulk Actions'); ?></option>
       
   375 <option value="delete"><?php _e('Delete'); ?></option>
       
   376 </select>
       
   377 <input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" />
       
   378 </div>
       
   379 
       
   380 <br class="clear" />
       
   381 </div>
       
   382 
       
   383 <?php endif; ?>
       
   384 
       
   385 </form>
       
   386 </div>
       
   387 
       
   388 <?php
       
   389 	foreach ( array('user_login' => 'user_login', 'first_name' => 'user_firstname', 'last_name' => 'user_lastname', 'email' => 'user_email', 'url' => 'user_uri', 'role' => 'user_role') as $formpost => $var ) {
       
   390 		$var = 'new_' . $var;
       
   391 		$$var = isset($_REQUEST[$formpost]) ? esc_attr(stripslashes($_REQUEST[$formpost])) : '';
       
   392 	}
       
   393 	unset($name);
       
   394 ?>
       
   395 
       
   396 <br class="clear" />
       
   397 <?php
       
   398 break;
       
   399 
       
   400 } // end of the $doaction switch
       
   401 
       
   402 include('admin-footer.php');
       
   403 ?>