web/wp-admin/includes/user.php
changeset 194 32102edaa81b
parent 136 bde1974c263b
child 204 09a1c134465b
equal deleted inserted replaced
193:2f6f6f7551ca 194:32102edaa81b
     7  */
     7  */
     8 
     8 
     9 /**
     9 /**
    10  * Creates a new user from the "Users" form using $_POST information.
    10  * Creates a new user from the "Users" form using $_POST information.
    11  *
    11  *
    12  * It seems that the first half is for backwards compatibility, but only
       
    13  * has the ability to alter the user's role. WordPress core seems to
       
    14  * use this function only in the second way, running edit_user() with
       
    15  * no id so as to create a new user.
       
    16  *
       
    17  * @since 2.0
    12  * @since 2.0
    18  *
    13  *
    19  * @param int $user_id Optional. User ID.
       
    20  * @return null|WP_Error|int Null when adding user, WP_Error or User ID integer when no parameters.
    14  * @return null|WP_Error|int Null when adding user, WP_Error or User ID integer when no parameters.
    21  */
    15  */
    22 function add_user() {
    16 function add_user() {
    23 	if ( func_num_args() ) { // The hackiest hack that ever did hack
    17 	return edit_user();
    24 		global $current_user, $wp_roles;
       
    25 		$user_id = (int) func_get_arg( 0 );
       
    26 
       
    27 		if ( isset( $_POST['role'] ) ) {
       
    28 			$new_role = sanitize_text_field( $_POST['role'] );
       
    29 			// Don't let anyone with 'edit_users' (admins) edit their own role to something without it.
       
    30 			if ( $user_id != $current_user->id || $wp_roles->role_objects[$new_role]->has_cap( 'edit_users' ) ) {
       
    31 				// If the new role isn't editable by the logged-in user die with error
       
    32 				$editable_roles = get_editable_roles();
       
    33 				if ( !$editable_roles[$new_role] )
       
    34 					wp_die(__('You can’t give users that role.'));
       
    35 
       
    36 				$user = new WP_User( $user_id );
       
    37 				$user->set_role( $new_role );
       
    38 			}
       
    39 		}
       
    40 	} else {
       
    41 		add_action( 'user_register', 'add_user' ); // See above
       
    42 		return edit_user();
       
    43 	}
       
    44 }
    18 }
    45 
    19 
    46 /**
    20 /**
    47  * Edit user settings based on contents of $_POST
    21  * Edit user settings based on contents of $_POST
    48  *
    22  *
    52  *
    26  *
    53  * @param int $user_id Optional. User ID.
    27  * @param int $user_id Optional. User ID.
    54  * @return int user id of the updated user
    28  * @return int user id of the updated user
    55  */
    29  */
    56 function edit_user( $user_id = 0 ) {
    30 function edit_user( $user_id = 0 ) {
    57 	global $current_user, $wp_roles, $wpdb;
    31 	global $wp_roles, $wpdb;
    58 	if ( $user_id != 0 ) {
    32 	$user = new stdClass;
       
    33 	if ( $user_id ) {
    59 		$update = true;
    34 		$update = true;
    60 		$user->ID = (int) $user_id;
    35 		$user->ID = (int) $user_id;
    61 		$userdata = get_userdata( $user_id );
    36 		$userdata = get_userdata( $user_id );
    62 		$user->user_login = $wpdb->escape( $userdata->user_login );
    37 		$user->user_login = $wpdb->escape( $userdata->user_login );
    63 	} else {
    38 	} else {
    64 		$update = false;
    39 		$update = false;
    65 		$user = '';
       
    66 	}
    40 	}
    67 
    41 
    68 	if ( !$update && isset( $_POST['user_login'] ) )
    42 	if ( !$update && isset( $_POST['user_login'] ) )
    69 		$user->user_login = sanitize_user($_POST['user_login'], true);
    43 		$user->user_login = sanitize_user($_POST['user_login'], true);
    70 
    44 
    74 	if ( isset( $_POST['pass2'] ))
    48 	if ( isset( $_POST['pass2'] ))
    75 		$pass2 = $_POST['pass2'];
    49 		$pass2 = $_POST['pass2'];
    76 
    50 
    77 	if ( isset( $_POST['role'] ) && current_user_can( 'edit_users' ) ) {
    51 	if ( isset( $_POST['role'] ) && current_user_can( 'edit_users' ) ) {
    78 		$new_role = sanitize_text_field( $_POST['role'] );
    52 		$new_role = sanitize_text_field( $_POST['role'] );
       
    53 		$potential_role = isset($wp_roles->role_objects[$new_role]) ? $wp_roles->role_objects[$new_role] : false;
    79 		// Don't let anyone with 'edit_users' (admins) edit their own role to something without it.
    54 		// Don't let anyone with 'edit_users' (admins) edit their own role to something without it.
    80 		if( $user_id != $current_user->id || $wp_roles->role_objects[$new_role]->has_cap( 'edit_users' ))
    55 		// Multisite super admins can freely edit their blog roles -- they possess all caps.
       
    56 		if ( ( is_multisite() && current_user_can( 'manage_sites' ) ) || $user_id != get_current_user_id() || ($potential_role && $potential_role->has_cap( 'edit_users' ) ) )
    81 			$user->role = $new_role;
    57 			$user->role = $new_role;
    82 
    58 
    83 		// If the new role isn't editable by the logged-in user die with error
    59 		// If the new role isn't editable by the logged-in user die with error
    84 		$editable_roles = get_editable_roles();
    60 		$editable_roles = get_editable_roles();
    85 		if ( !$editable_roles[$new_role] )
    61 		if ( ! empty( $new_role ) && empty( $editable_roles[$new_role] ) )
    86 			wp_die(__('You can’t give users that role.'));
    62 			wp_die(__('You can’t give users that role.'));
    87 	}
    63 	}
    88 
    64 
    89 	if ( isset( $_POST['email'] ))
    65 	if ( isset( $_POST['email'] ))
    90 		$user->user_email = sanitize_text_field( $_POST['email'] );
    66 		$user->user_email = sanitize_text_field( $_POST['email'] );
    91 	if ( isset( $_POST['url'] ) ) {
    67 	if ( isset( $_POST['url'] ) ) {
    92 		if ( empty ( $_POST['url'] ) || $_POST['url'] == 'http://' ) {
    68 		if ( empty ( $_POST['url'] ) || $_POST['url'] == 'http://' ) {
    93 			$user->user_url = '';
    69 			$user->user_url = '';
    94 		} else {
    70 		} else {
    95 			$user->user_url = sanitize_url( $_POST['url'] );
    71 			$user->user_url = esc_url_raw( $_POST['url'] );
    96 			$user->user_url = preg_match('/^(https?|ftps?|mailto|news|irc|gopher|nntp|feed|telnet):/is', $user->user_url) ? $user->user_url : 'http://'.$user->user_url;
    72 			$user->user_url = preg_match('/^(https?|ftps?|mailto|news|irc|gopher|nntp|feed|telnet):/is', $user->user_url) ? $user->user_url : 'http://'.$user->user_url;
    97 		}
    73 		}
    98 	}
    74 	}
    99 	if ( isset( $_POST['first_name'] ) )
    75 	if ( isset( $_POST['first_name'] ) )
   100 		$user->first_name = sanitize_text_field( $_POST['first_name'] );
    76 		$user->first_name = sanitize_text_field( $_POST['first_name'] );
   106 		$user->display_name = sanitize_text_field( $_POST['display_name'] );
    82 		$user->display_name = sanitize_text_field( $_POST['display_name'] );
   107 
    83 
   108 	if ( isset( $_POST['description'] ) )
    84 	if ( isset( $_POST['description'] ) )
   109 		$user->description = trim( $_POST['description'] );
    85 		$user->description = trim( $_POST['description'] );
   110 
    86 
   111 	foreach ( _wp_get_user_contactmethods() as $method => $name ) {
    87 	foreach ( _wp_get_user_contactmethods( $user ) as $method => $name ) {
   112 		if ( isset( $_POST[$method] ))
    88 		if ( isset( $_POST[$method] ))
   113 			$user->$method = sanitize_text_field( $_POST[$method] );
    89 			$user->$method = sanitize_text_field( $_POST[$method] );
   114 	}
    90 	}
   115 
    91 
   116 	if ( $update ) {
    92 	if ( $update ) {
   117 		$user->rich_editing = isset( $_POST['rich_editing'] ) && 'false' == $_POST['rich_editing'] ? 'false' : 'true';
    93 		$user->rich_editing = isset( $_POST['rich_editing'] ) && 'false' == $_POST['rich_editing'] ? 'false' : 'true';
   118 		$user->admin_color = isset( $_POST['admin_color'] ) ? sanitize_text_field( $_POST['admin_color'] ) : 'fresh';
    94 		$user->admin_color = isset( $_POST['admin_color'] ) ? sanitize_text_field( $_POST['admin_color'] ) : 'fresh';
       
    95 		$user->show_admin_bar_front = isset( $_POST['admin_bar_front'] ) ? 'true' : 'false';
   119 	}
    96 	}
   120 
    97 
   121 	$user->comment_shortcuts = isset( $_POST['comment_shortcuts'] ) && 'true' == $_POST['comment_shortcuts'] ? 'true' : '';
    98 	$user->comment_shortcuts = isset( $_POST['comment_shortcuts'] ) && 'true' == $_POST['comment_shortcuts'] ? 'true' : '';
   122 
    99 
   123 	$user->use_ssl = 0;
   100 	$user->use_ssl = 0;
   154 		$errors->add( 'pass', __( '<strong>ERROR</strong>: Please enter the same password in the two password fields.' ), array( 'form-field' => 'pass1' ) );
   131 		$errors->add( 'pass', __( '<strong>ERROR</strong>: Please enter the same password in the two password fields.' ), array( 'form-field' => 'pass1' ) );
   155 
   132 
   156 	if ( !empty( $pass1 ) )
   133 	if ( !empty( $pass1 ) )
   157 		$user->user_pass = $pass1;
   134 		$user->user_pass = $pass1;
   158 
   135 
   159 	if ( !$update && !validate_username( $user->user_login ) )
   136 	if ( !$update && isset( $_POST['user_login'] ) && !validate_username( $_POST['user_login'] ) )
   160 		$errors->add( 'user_login', __( '<strong>ERROR</strong>: This username is invalid. Please enter a valid username.' ));
   137 		$errors->add( 'user_login', __( '<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.' ));
   161 
   138 
   162 	if ( !$update && username_exists( $user->user_login ) )
   139 	if ( !$update && username_exists( $user->user_login ) )
   163 		$errors->add( 'user_login', __( '<strong>ERROR</strong>: This username is already registered. Please choose another one.' ));
   140 		$errors->add( 'user_login', __( '<strong>ERROR</strong>: This username is already registered. Please choose another one.' ));
   164 
   141 
   165 	/* checking e-mail address */
   142 	/* checking e-mail address */
   166 	if ( empty( $user->user_email ) ) {
   143 	if ( empty( $user->user_email ) ) {
   167 		$errors->add( 'empty_email', __( '<strong>ERROR</strong>: Please enter an e-mail address.' ), array( 'form-field' => 'email' ) );
   144 		$errors->add( 'empty_email', __( '<strong>ERROR</strong>: Please enter an e-mail address.' ), array( 'form-field' => 'email' ) );
   168 	} elseif ( !is_email( $user->user_email ) ) {
   145 	} elseif ( !is_email( $user->user_email ) ) {
   169 		$errors->add( 'invalid_email', __( '<strong>ERROR</strong>: The e-mail address isn&#8217;t correct.' ), array( 'form-field' => 'email' ) );
   146 		$errors->add( 'invalid_email', __( '<strong>ERROR</strong>: The e-mail address isn&#8217;t correct.' ), array( 'form-field' => 'email' ) );
   170 	} elseif ( ( $owner_id = email_exists($user->user_email) ) && $owner_id != $user->ID ) {
   147 	} elseif ( ( $owner_id = email_exists($user->user_email) ) && ( !$update || ( $owner_id != $user->ID ) ) ) {
   171 		$errors->add( 'email_exists', __('<strong>ERROR</strong>: This email is already registered, please choose another one.'), array( 'form-field' => 'email' ) );
   148 		$errors->add( 'email_exists', __('<strong>ERROR</strong>: This email is already registered, please choose another one.'), array( 'form-field' => 'email' ) );
   172 	}
   149 	}
   173 
   150 
   174 	// Allow plugins to return their own errors.
   151 	// Allow plugins to return their own errors.
   175 	do_action_ref_array('user_profile_update_errors', array ( &$errors, $update, &$user ) );
   152 	do_action_ref_array('user_profile_update_errors', array ( &$errors, $update, &$user ) );
   185 	}
   162 	}
   186 	return $user_id;
   163 	return $user_id;
   187 }
   164 }
   188 
   165 
   189 /**
   166 /**
   190  * {@internal Missing Short Description}}
       
   191  *
       
   192  * {@internal Missing Long Description}}
       
   193  *
       
   194  * @since unknown
       
   195  *
       
   196  * @return array List of user IDs.
       
   197  */
       
   198 function get_author_user_ids() {
       
   199 	global $wpdb;
       
   200 	$level_key = $wpdb->prefix . 'user_level';
       
   201 	return $wpdb->get_col( $wpdb->prepare("SELECT user_id FROM $wpdb->usermeta WHERE meta_key = %s AND meta_value != '0'", $level_key) );
       
   202 }
       
   203 
       
   204 /**
       
   205  * {@internal Missing Short Description}}
       
   206  *
       
   207  * {@internal Missing Long Description}}
       
   208  *
       
   209  * @since unknown
       
   210  *
       
   211  * @param int $user_id User ID.
       
   212  * @return array|bool List of editable authors. False if no editable users.
       
   213  */
       
   214 function get_editable_authors( $user_id ) {
       
   215 	global $wpdb;
       
   216 
       
   217 	$editable = get_editable_user_ids( $user_id );
       
   218 
       
   219 	if( !$editable ) {
       
   220 		return false;
       
   221 	} else {
       
   222 		$editable = join(',', $editable);
       
   223 		$authors = $wpdb->get_results( "SELECT * FROM $wpdb->users WHERE ID IN ($editable) ORDER BY display_name" );
       
   224 	}
       
   225 
       
   226 	return apply_filters('get_editable_authors', $authors);
       
   227 }
       
   228 
       
   229 /**
       
   230  * {@internal Missing Short Description}}
       
   231  *
       
   232  * {@internal Missing Long Description}}
       
   233  *
       
   234  * @since unknown
       
   235  *
       
   236  * @param int $user_id User ID.
       
   237  * @param bool $exclude_zeros Optional, default is true. Whether to exclude zeros.
       
   238  * @return unknown
       
   239  */
       
   240 function get_editable_user_ids( $user_id, $exclude_zeros = true, $post_type = 'post' ) {
       
   241 	global $wpdb;
       
   242 
       
   243 	$user = new WP_User( $user_id );
       
   244 
       
   245 	if ( ! $user->has_cap("edit_others_{$post_type}s") ) {
       
   246 		if ( $user->has_cap("edit_{$post_type}s") || $exclude_zeros == false )
       
   247 			return array($user->id);
       
   248 		else
       
   249 			return array();
       
   250 	}
       
   251 
       
   252 	$level_key = $wpdb->prefix . 'user_level';
       
   253 
       
   254 	$query = $wpdb->prepare("SELECT user_id FROM $wpdb->usermeta WHERE meta_key = %s", $level_key);
       
   255 	if ( $exclude_zeros )
       
   256 		$query .= " AND meta_value != '0'";
       
   257 
       
   258 	return $wpdb->get_col( $query );
       
   259 }
       
   260 
       
   261 /**
       
   262  * Fetch a filtered list of user roles that the current user is
   167  * Fetch a filtered list of user roles that the current user is
   263  * allowed to edit.
   168  * allowed to edit.
   264  *
   169  *
   265  * Simple function who's main purpose is to allow filtering of the
   170  * Simple function who's main purpose is to allow filtering of the
   266  * list of roles in the $wp_roles object so that plugins can remove
   171  * list of roles in the $wp_roles object so that plugins can remove
   267  * innappropriate ones depending on the situation or user making edits.
   172  * inappropriate ones depending on the situation or user making edits.
   268  * Specifically because without filtering anyone with the edit_users
   173  * Specifically because without filtering anyone with the edit_users
   269  * capability can edit others to be administrators, even if they are
   174  * capability can edit others to be administrators, even if they are
   270  * only editors or authors. This filter allows admins to delegate
   175  * only editors or authors. This filter allows admins to delegate
   271  * user management.
   176  * user management.
   272  *
   177  *
   282 
   187 
   283 	return $editable_roles;
   188 	return $editable_roles;
   284 }
   189 }
   285 
   190 
   286 /**
   191 /**
   287  * {@internal Missing Short Description}}
       
   288  *
       
   289  * {@internal Missing Long Description}}
       
   290  *
       
   291  * @since unknown
       
   292  *
       
   293  * @return unknown
       
   294  */
       
   295 function get_nonauthor_user_ids() {
       
   296 	global $wpdb;
       
   297 	$level_key = $wpdb->prefix . 'user_level';
       
   298 
       
   299 	return $wpdb->get_col( $wpdb->prepare("SELECT user_id FROM $wpdb->usermeta WHERE meta_key = %s AND meta_value = '0'", $level_key) );
       
   300 }
       
   301 
       
   302 /**
       
   303  * Retrieve editable posts from other users.
       
   304  *
       
   305  * @since unknown
       
   306  *
       
   307  * @param int $user_id User ID to not retrieve posts from.
       
   308  * @param string $type Optional, defaults to 'any'. Post type to retrieve, can be 'draft' or 'pending'.
       
   309  * @return array List of posts from others.
       
   310  */
       
   311 function get_others_unpublished_posts($user_id, $type='any') {
       
   312 	global $wpdb;
       
   313 
       
   314 	$editable = get_editable_user_ids( $user_id );
       
   315 
       
   316 	if ( in_array($type, array('draft', 'pending')) )
       
   317 		$type_sql = " post_status = '$type' ";
       
   318 	else
       
   319 		$type_sql = " ( post_status = 'draft' OR post_status = 'pending' ) ";
       
   320 
       
   321 	$dir = ( 'pending' == $type ) ? 'ASC' : 'DESC';
       
   322 
       
   323 	if( !$editable ) {
       
   324 		$other_unpubs = '';
       
   325 	} else {
       
   326 		$editable = join(',', $editable);
       
   327 		$other_unpubs = $wpdb->get_results( $wpdb->prepare("SELECT ID, post_title, post_author FROM $wpdb->posts WHERE post_type = 'post' AND $type_sql AND post_author IN ($editable) AND post_author != %d ORDER BY post_modified $dir", $user_id) );
       
   328 	}
       
   329 
       
   330 	return apply_filters('get_others_drafts', $other_unpubs);
       
   331 }
       
   332 
       
   333 /**
       
   334  * Retrieve drafts from other users.
       
   335  *
       
   336  * @since unknown
       
   337  *
       
   338  * @param int $user_id User ID.
       
   339  * @return array List of drafts from other users.
       
   340  */
       
   341 function get_others_drafts($user_id) {
       
   342 	return get_others_unpublished_posts($user_id, 'draft');
       
   343 }
       
   344 
       
   345 /**
       
   346  * Retrieve pending review posts from other users.
       
   347  *
       
   348  * @since unknown
       
   349  *
       
   350  * @param int $user_id User ID.
       
   351  * @return array List of posts with pending review post type from other users.
       
   352  */
       
   353 function get_others_pending($user_id) {
       
   354 	return get_others_unpublished_posts($user_id, 'pending');
       
   355 }
       
   356 
       
   357 /**
       
   358  * Retrieve user data and filter it.
   192  * Retrieve user data and filter it.
   359  *
   193  *
   360  * @since unknown
   194  * @since 2.0.5
   361  *
   195  *
   362  * @param int $user_id User ID.
   196  * @param int $user_id User ID.
   363  * @return object WP_User object with user data.
   197  * @return object WP_User object with user data.
   364  */
   198  */
   365 function get_user_to_edit( $user_id ) {
   199 function get_user_to_edit( $user_id ) {
   366 	$user = new WP_User( $user_id );
   200 	$user = new WP_User( $user_id );
   367 
   201 
   368 	$user_contactmethods = _wp_get_user_contactmethods();
   202 	$user->filter = 'edit';
   369 	foreach ($user_contactmethods as $method => $name) {
       
   370 		if ( empty( $user->{$method} ) )
       
   371 			$user->{$method} = '';
       
   372 	}
       
   373 
       
   374 	if ( empty($user->description) )
       
   375 		$user->description = '';
       
   376 
       
   377 	$user = sanitize_user_object($user, 'edit');
       
   378 
   203 
   379 	return $user;
   204 	return $user;
   380 }
   205 }
   381 
   206 
   382 /**
   207 /**
   383  * Retrieve the user's drafts.
   208  * Retrieve the user's drafts.
   384  *
   209  *
   385  * @since unknown
   210  * @since 2.0.0
   386  *
   211  *
   387  * @param int $user_id User ID.
   212  * @param int $user_id User ID.
   388  * @return array
   213  * @return array
   389  */
   214  */
   390 function get_users_drafts( $user_id ) {
   215 function get_users_drafts( $user_id ) {
   400  * If the $reassign parameter is not assigned to an User ID, then all posts will
   225  * If the $reassign parameter is not assigned to an User ID, then all posts will
   401  * be deleted of that user. The action 'delete_user' that is passed the User ID
   226  * be deleted of that user. The action 'delete_user' that is passed the User ID
   402  * being deleted will be run after the posts are either reassigned or deleted.
   227  * being deleted will be run after the posts are either reassigned or deleted.
   403  * The user meta will also be deleted that are for that User ID.
   228  * The user meta will also be deleted that are for that User ID.
   404  *
   229  *
   405  * @since unknown
   230  * @since 2.0.0
   406  *
   231  *
   407  * @param int $id User ID.
   232  * @param int $id User ID.
   408  * @param int $reassign Optional. Reassign posts and links to new User ID.
   233  * @param int $reassign Optional. Reassign posts and links to new User ID.
   409  * @return bool True when finished.
   234  * @return bool True when finished.
   410  */
   235  */
   411 function wp_delete_user($id, $reassign = 'novalue') {
   236 function wp_delete_user( $id, $reassign = 'novalue' ) {
   412 	global $wpdb;
   237 	global $wpdb;
   413 
   238 
   414 	$id = (int) $id;
   239 	$id = (int) $id;
   415 	$user = new WP_User($id);
   240 	$user = new WP_User( $id );
   416 
   241 
   417 	// allow for transaction statement
   242 	// allow for transaction statement
   418 	do_action('delete_user', $id);
   243 	do_action('delete_user', $id);
   419 
   244 
   420 	if ($reassign == 'novalue') {
   245 	if ( 'novalue' === $reassign || null === $reassign ) {
   421 		$post_ids = $wpdb->get_col( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_author = %d", $id) );
   246 		$post_types_to_delete = array();
   422 
   247 		foreach ( get_post_types( array(), 'objects' ) as $post_type ) {
   423 		if ($post_ids) {
   248 			if ( $post_type->delete_with_user ) {
   424 			foreach ($post_ids as $post_id)
   249 				$post_types_to_delete[] = $post_type->name;
   425 				wp_delete_post($post_id);
   250 			} elseif ( null === $post_type->delete_with_user && post_type_supports( $post_type->name, 'author' ) ) {
       
   251 				$post_types_to_delete[] = $post_type->name;
       
   252 			}
       
   253 		}
       
   254 
       
   255 		$post_types_to_delete = apply_filters( 'post_types_to_delete_with_user', $post_types_to_delete, $id );
       
   256 		$post_types_to_delete = implode( "', '", $post_types_to_delete );
       
   257 		$post_ids = $wpdb->get_col( $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE post_author = %d AND post_type IN ('$post_types_to_delete')", $id ) );
       
   258 		if ( $post_ids ) {
       
   259 			foreach ( $post_ids as $post_id )
       
   260 				wp_delete_post( $post_id );
   426 		}
   261 		}
   427 
   262 
   428 		// Clean links
   263 		// Clean links
   429 		$link_ids = $wpdb->get_col( $wpdb->prepare("SELECT link_id FROM $wpdb->links WHERE link_owner = %d", $id) );
   264 		$link_ids = $wpdb->get_col( $wpdb->prepare("SELECT link_id FROM $wpdb->links WHERE link_owner = %d", $id) );
   430 
   265 
   431 		if ( $link_ids ) {
   266 		if ( $link_ids ) {
   432 			foreach ( $link_ids as $link_id )
   267 			foreach ( $link_ids as $link_id )
   433 				wp_delete_link($link_id);
   268 				wp_delete_link($link_id);
   434 		}
   269 		}
   435 
       
   436 	} else {
   270 	} else {
   437 		$reassign = (int) $reassign;
   271 		$reassign = (int) $reassign;
   438 		$wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_author = %d WHERE post_author = %d", $reassign, $id) );
   272 		$wpdb->update( $wpdb->posts, array('post_author' => $reassign), array('post_author' => $id) );
   439 		$wpdb->query( $wpdb->prepare("UPDATE $wpdb->links SET link_owner = %d WHERE link_owner = %d", $reassign, $id) );
   273 		$wpdb->update( $wpdb->links, array('link_owner' => $reassign), array('link_owner' => $id) );
   440 	}
   274 	}
   441 
   275 
   442 	// FINALLY, delete user
   276 	// FINALLY, delete user
   443 
   277 	if ( is_multisite() ) {
   444 	$wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->usermeta WHERE user_id = %d", $id) );
   278 		remove_user_from_blog( $id, get_current_blog_id() );
   445 	$wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->users WHERE ID = %d", $id) );
   279 	} else {
   446 
   280 		$meta = $wpdb->get_col( $wpdb->prepare( "SELECT umeta_id FROM $wpdb->usermeta WHERE user_id = %d", $id ) );
   447 	wp_cache_delete($id, 'users');
   281 		foreach ( $meta as $mid )
   448 	wp_cache_delete($user->user_login, 'userlogins');
   282 			delete_metadata_by_mid( 'user', $mid );
   449 	wp_cache_delete($user->user_email, 'useremail');
   283 
   450 	wp_cache_delete($user->user_nicename, 'userslugs');
   284 		$wpdb->delete( $wpdb->users, array( 'ID' => $id ) );
       
   285 	}
       
   286 
       
   287 	clean_user_cache( $user );
   451 
   288 
   452 	// allow for commit transaction
   289 	// allow for commit transaction
   453 	do_action('deleted_user', $id);
   290 	do_action('deleted_user', $id);
   454 
   291 
   455 	return true;
   292 	return true;
   456 }
   293 }
   457 
   294 
   458 /**
   295 /**
   459  * Remove all capabilities from user.
   296  * Remove all capabilities from user.
   460  *
   297  *
   461  * @since unknown
   298  * @since 2.1.0
   462  *
   299  *
   463  * @param int $id User ID.
   300  * @param int $id User ID.
   464  */
   301  */
   465 function wp_revoke_user($id) {
   302 function wp_revoke_user($id) {
   466 	$id = (int) $id;
   303 	$id = (int) $id;
   467 
   304 
   468 	$user = new WP_User($id);
   305 	$user = new WP_User($id);
   469 	$user->remove_all_caps();
   306 	$user->remove_all_caps();
   470 }
   307 }
   471 
   308 
   472 if ( !class_exists('WP_User_Search') ) :
       
   473 /**
       
   474  * WordPress User Search class.
       
   475  *
       
   476  * @since unknown
       
   477  * @author Mark Jaquith
       
   478  */
       
   479 class WP_User_Search {
       
   480 
       
   481 	/**
       
   482 	 * {@internal Missing Description}}
       
   483 	 *
       
   484 	 * @since unknown
       
   485 	 * @access private
       
   486 	 * @var unknown_type
       
   487 	 */
       
   488 	var $results;
       
   489 
       
   490 	/**
       
   491 	 * {@internal Missing Description}}
       
   492 	 *
       
   493 	 * @since unknown
       
   494 	 * @access private
       
   495 	 * @var unknown_type
       
   496 	 */
       
   497 	var $search_term;
       
   498 
       
   499 	/**
       
   500 	 * Page number.
       
   501 	 *
       
   502 	 * @since unknown
       
   503 	 * @access private
       
   504 	 * @var int
       
   505 	 */
       
   506 	var $page;
       
   507 
       
   508 	/**
       
   509 	 * Role name that users have.
       
   510 	 *
       
   511 	 * @since unknown
       
   512 	 * @access private
       
   513 	 * @var string
       
   514 	 */
       
   515 	var $role;
       
   516 
       
   517 	/**
       
   518 	 * Raw page number.
       
   519 	 *
       
   520 	 * @since unknown
       
   521 	 * @access private
       
   522 	 * @var int|bool
       
   523 	 */
       
   524 	var $raw_page;
       
   525 
       
   526 	/**
       
   527 	 * Amount of users to display per page.
       
   528 	 *
       
   529 	 * @since unknown
       
   530 	 * @access public
       
   531 	 * @var int
       
   532 	 */
       
   533 	var $users_per_page = 50;
       
   534 
       
   535 	/**
       
   536 	 * {@internal Missing Description}}
       
   537 	 *
       
   538 	 * @since unknown
       
   539 	 * @access private
       
   540 	 * @var unknown_type
       
   541 	 */
       
   542 	var $first_user;
       
   543 
       
   544 	/**
       
   545 	 * {@internal Missing Description}}
       
   546 	 *
       
   547 	 * @since unknown
       
   548 	 * @access private
       
   549 	 * @var int
       
   550 	 */
       
   551 	var $last_user;
       
   552 
       
   553 	/**
       
   554 	 * {@internal Missing Description}}
       
   555 	 *
       
   556 	 * @since unknown
       
   557 	 * @access private
       
   558 	 * @var unknown_type
       
   559 	 */
       
   560 	var $query_limit;
       
   561 
       
   562 	/**
       
   563 	 * {@internal Missing Description}}
       
   564 	 *
       
   565 	 * @since unknown
       
   566 	 * @access private
       
   567 	 * @var unknown_type
       
   568 	 */
       
   569 	var $query_sort;
       
   570 
       
   571 	/**
       
   572 	 * {@internal Missing Description}}
       
   573 	 *
       
   574 	 * @since unknown
       
   575 	 * @access private
       
   576 	 * @var unknown_type
       
   577 	 */
       
   578 	var $query_from_where;
       
   579 
       
   580 	/**
       
   581 	 * {@internal Missing Description}}
       
   582 	 *
       
   583 	 * @since unknown
       
   584 	 * @access private
       
   585 	 * @var int
       
   586 	 */
       
   587 	var $total_users_for_query = 0;
       
   588 
       
   589 	/**
       
   590 	 * {@internal Missing Description}}
       
   591 	 *
       
   592 	 * @since unknown
       
   593 	 * @access private
       
   594 	 * @var bool
       
   595 	 */
       
   596 	var $too_many_total_users = false;
       
   597 
       
   598 	/**
       
   599 	 * {@internal Missing Description}}
       
   600 	 *
       
   601 	 * @since unknown
       
   602 	 * @access private
       
   603 	 * @var unknown_type
       
   604 	 */
       
   605 	var $search_errors;
       
   606 
       
   607 	/**
       
   608 	 * {@internal Missing Description}}
       
   609 	 *
       
   610 	 * @since unknown
       
   611 	 * @access private
       
   612 	 * @var unknown_type
       
   613 	 */
       
   614 	var $paging_text;
       
   615 
       
   616 	/**
       
   617 	 * PHP4 Constructor - Sets up the object properties.
       
   618 	 *
       
   619 	 * @since unknown
       
   620 	 *
       
   621 	 * @param string $search_term Search terms string.
       
   622 	 * @param int $page Optional. Page ID.
       
   623 	 * @param string $role Role name.
       
   624 	 * @return WP_User_Search
       
   625 	 */
       
   626 	function WP_User_Search ($search_term = '', $page = '', $role = '') {
       
   627 		$this->search_term = $search_term;
       
   628 		$this->raw_page = ( '' == $page ) ? false : (int) $page;
       
   629 		$this->page = (int) ( '' == $page ) ? 1 : $page;
       
   630 		$this->role = $role;
       
   631 
       
   632 		$this->prepare_query();
       
   633 		$this->query();
       
   634 		$this->prepare_vars_for_template_usage();
       
   635 		$this->do_paging();
       
   636 	}
       
   637 
       
   638 	/**
       
   639 	 * {@internal Missing Short Description}}
       
   640 	 *
       
   641 	 * {@internal Missing Long Description}}
       
   642 	 *
       
   643 	 * @since unknown
       
   644 	 * @access public
       
   645 	 */
       
   646 	function prepare_query() {
       
   647 		global $wpdb;
       
   648 		$this->first_user = ($this->page - 1) * $this->users_per_page;
       
   649 		$this->query_limit = $wpdb->prepare(" LIMIT %d, %d", $this->first_user, $this->users_per_page);
       
   650 		$this->query_sort = ' ORDER BY user_login';
       
   651 		$search_sql = '';
       
   652 		if ( $this->search_term ) {
       
   653 			$searches = array();
       
   654 			$search_sql = 'AND (';
       
   655 			foreach ( array('user_login', 'user_nicename', 'user_email', 'user_url', 'display_name') as $col )
       
   656 				$searches[] = $col . " LIKE '%$this->search_term%'";
       
   657 			$search_sql .= implode(' OR ', $searches);
       
   658 			$search_sql .= ')';
       
   659 		}
       
   660 
       
   661 		$this->query_from_where = "FROM $wpdb->users";
       
   662 		if ( $this->role )
       
   663 			$this->query_from_where .= $wpdb->prepare(" INNER JOIN $wpdb->usermeta ON $wpdb->users.ID = $wpdb->usermeta.user_id WHERE $wpdb->usermeta.meta_key = '{$wpdb->prefix}capabilities' AND $wpdb->usermeta.meta_value LIKE %s", '%' . $this->role . '%');
       
   664 		else
       
   665 			$this->query_from_where .= " WHERE 1=1";
       
   666 		$this->query_from_where .= " $search_sql";
       
   667 
       
   668 	}
       
   669 
       
   670 	/**
       
   671 	 * {@internal Missing Short Description}}
       
   672 	 *
       
   673 	 * {@internal Missing Long Description}}
       
   674 	 *
       
   675 	 * @since unknown
       
   676 	 * @access public
       
   677 	 */
       
   678 	function query() {
       
   679 		global $wpdb;
       
   680 		$this->results = $wpdb->get_col('SELECT ID ' . $this->query_from_where . $this->query_sort . $this->query_limit);
       
   681 
       
   682 		if ( $this->results )
       
   683 			$this->total_users_for_query = $wpdb->get_var('SELECT COUNT(ID) ' . $this->query_from_where); // no limit
       
   684 		else
       
   685 			$this->search_errors = new WP_Error('no_matching_users_found', __('No matching users were found!'));
       
   686 	}
       
   687 
       
   688 	/**
       
   689 	 * {@internal Missing Short Description}}
       
   690 	 *
       
   691 	 * {@internal Missing Long Description}}
       
   692 	 *
       
   693 	 * @since unknown
       
   694 	 * @access public
       
   695 	 */
       
   696 	function prepare_vars_for_template_usage() {
       
   697 		$this->search_term = stripslashes($this->search_term); // done with DB, from now on we want slashes gone
       
   698 	}
       
   699 
       
   700 	/**
       
   701 	 * {@internal Missing Short Description}}
       
   702 	 *
       
   703 	 * {@internal Missing Long Description}}
       
   704 	 *
       
   705 	 * @since unknown
       
   706 	 * @access public
       
   707 	 */
       
   708 	function do_paging() {
       
   709 		if ( $this->total_users_for_query > $this->users_per_page ) { // have to page the results
       
   710 			$args = array();
       
   711 			if( ! empty($this->search_term) )
       
   712 				$args['usersearch'] = urlencode($this->search_term);
       
   713 			if( ! empty($this->role) )
       
   714 				$args['role'] = urlencode($this->role);
       
   715 
       
   716 			$this->paging_text = paginate_links( array(
       
   717 				'total' => ceil($this->total_users_for_query / $this->users_per_page),
       
   718 				'current' => $this->page,
       
   719 				'base' => 'users.php?%_%',
       
   720 				'format' => 'userspage=%#%',
       
   721 				'add_args' => $args
       
   722 			) );
       
   723 			if ( $this->paging_text ) {
       
   724 				$this->paging_text = sprintf( '<span class="displaying-num">' . __( 'Displaying %s&#8211;%s of %s' ) . '</span>%s',
       
   725 					number_format_i18n( ( $this->page - 1 ) * $this->users_per_page + 1 ),
       
   726 					number_format_i18n( min( $this->page * $this->users_per_page, $this->total_users_for_query ) ),
       
   727 					number_format_i18n( $this->total_users_for_query ),
       
   728 					$this->paging_text
       
   729 				);
       
   730 			}
       
   731 		}
       
   732 	}
       
   733 
       
   734 	/**
       
   735 	 * {@internal Missing Short Description}}
       
   736 	 *
       
   737 	 * {@internal Missing Long Description}}
       
   738 	 *
       
   739 	 * @since unknown
       
   740 	 * @access public
       
   741 	 *
       
   742 	 * @return unknown
       
   743 	 */
       
   744 	function get_results() {
       
   745 		return (array) $this->results;
       
   746 	}
       
   747 
       
   748 	/**
       
   749 	 * Displaying paging text.
       
   750 	 *
       
   751 	 * @see do_paging() Builds paging text.
       
   752 	 *
       
   753 	 * @since unknown
       
   754 	 * @access public
       
   755 	 */
       
   756 	function page_links() {
       
   757 		echo $this->paging_text;
       
   758 	}
       
   759 
       
   760 	/**
       
   761 	 * Whether paging is enabled.
       
   762 	 *
       
   763 	 * @see do_paging() Builds paging text.
       
   764 	 *
       
   765 	 * @since unknown
       
   766 	 * @access public
       
   767 	 *
       
   768 	 * @return bool
       
   769 	 */
       
   770 	function results_are_paged() {
       
   771 		if ( $this->paging_text )
       
   772 			return true;
       
   773 		return false;
       
   774 	}
       
   775 
       
   776 	/**
       
   777 	 * Whether there are search terms.
       
   778 	 *
       
   779 	 * @since unknown
       
   780 	 * @access public
       
   781 	 *
       
   782 	 * @return bool
       
   783 	 */
       
   784 	function is_search() {
       
   785 		if ( $this->search_term )
       
   786 			return true;
       
   787 		return false;
       
   788 	}
       
   789 }
       
   790 endif;
       
   791 
       
   792 add_action('admin_init', 'default_password_nag_handler');
   309 add_action('admin_init', 'default_password_nag_handler');
       
   310 /**
       
   311  * @since 2.8.0
       
   312  */
   793 function default_password_nag_handler($errors = false) {
   313 function default_password_nag_handler($errors = false) {
   794 	global $user_ID;
   314 	global $user_ID;
   795 	if ( ! get_usermeta($user_ID, 'default_password_nag') ) //Short circuit it.
   315 	if ( ! get_user_option('default_password_nag') ) //Short circuit it.
   796 		return;
   316 		return;
   797 
   317 
   798 	//get_user_setting = JS saved UI setting. else no-js-falback code.
   318 	//get_user_setting = JS saved UI setting. else no-js-fallback code.
   799 	if ( 'hide' == get_user_setting('default_password_nag') || isset($_GET['default_password_nag']) && '0' == $_GET['default_password_nag'] ) {
   319 	if ( 'hide' == get_user_setting('default_password_nag') || isset($_GET['default_password_nag']) && '0' == $_GET['default_password_nag'] ) {
   800 		delete_user_setting('default_password_nag');
   320 		delete_user_setting('default_password_nag');
   801 		update_usermeta($user_ID, 'default_password_nag', false);
   321 		update_user_option($user_ID, 'default_password_nag', false, true);
   802 	}
   322 	}
   803 }
   323 }
   804 
   324 
   805 add_action('profile_update', 'default_password_nag_edit_user', 10, 2);
   325 add_action('profile_update', 'default_password_nag_edit_user', 10, 2);
       
   326 /**
       
   327  * @since 2.8.0
       
   328  */
   806 function default_password_nag_edit_user($user_ID, $old_data) {
   329 function default_password_nag_edit_user($user_ID, $old_data) {
   807 	global $user_ID;
   330 	if ( ! get_user_option('default_password_nag', $user_ID) ) //Short circuit it.
   808 	if ( ! get_usermeta($user_ID, 'default_password_nag') ) //Short circuit it.
       
   809 		return;
   331 		return;
   810 
   332 
   811 	$new_data = get_userdata($user_ID);
   333 	$new_data = get_userdata($user_ID);
   812 
   334 
   813 	if ( $new_data->user_pass != $old_data->user_pass ) { //Remove the nag if the password has been changed.
   335 	if ( $new_data->user_pass != $old_data->user_pass ) { //Remove the nag if the password has been changed.
   814 		delete_user_setting('default_password_nag');
   336 		delete_user_setting('default_password_nag', $user_ID);
   815 		update_usermeta($user_ID, 'default_password_nag', false);
   337 		update_user_option($user_ID, 'default_password_nag', false, true);
   816 	}
   338 	}
   817 }
   339 }
   818 
   340 
   819 add_action('admin_notices', 'default_password_nag');
   341 add_action('admin_notices', 'default_password_nag');
       
   342 /**
       
   343  * @since 2.8.0
       
   344  */
   820 function default_password_nag() {
   345 function default_password_nag() {
   821 	global $user_ID;
   346 	global $pagenow;
   822 	if ( ! get_usermeta($user_ID, 'default_password_nag') )
   347 	if ( 'profile.php' == $pagenow || ! get_user_option('default_password_nag') ) //Short circuit it.
   823 		return;
   348 		return;
   824 
   349 
   825 	echo '<div class="error default-password-nag"><p>';
   350 	echo '<div class="error default-password-nag">';
   826 	printf(__("Notice: you're using the auto-generated password for your account. Would you like to change it to something you'll remember easier?<br />
   351 	echo '<p>';
   827 			  <a href='%s'>Yes, Take me to my profile page</a> | <a href='%s' id='default-password-nag-no'>No Thanks, Do not remind me again.</a>"), admin_url('profile.php') . '#password', '?default_password_nag=0');
   352 	echo '<strong>' . __('Notice:') . '</strong> ';
       
   353 	_e('You&rsquo;re using the auto-generated password for your account. Would you like to change it to something easier to remember?');
       
   354 	echo '</p><p>';
       
   355 	printf( '<a href="%s">' . __('Yes, take me to my profile page') . '</a> | ', admin_url('profile.php') . '#password' );
       
   356 	printf( '<a href="%s" id="default-password-nag-no">' . __('No thanks, do not remind me again') . '</a>', '?default_password_nag=0' );
   828 	echo '</p></div>';
   357 	echo '</p></div>';
   829 }
   358 }
   830 
       
   831 ?>