2003-12-08 02:28:41 +01:00
< ? php
2008-08-16 09:27:34 +02:00
/**
* Users administration panel .
*
* @ package WordPress
* @ subpackage Administration
*/
/** WordPress Administration Bootstrap */
2010-08-11 23:54:51 +02:00
require_once ( './admin.php' );
2008-08-16 09:27:34 +02:00
2010-11-04 09:07:03 +01:00
$wp_list_table = get_list_table ( 'WP_Users_List_Table' );
2010-08-22 13:22:46 +02:00
$wp_list_table -> check_permissions ();
2006-11-30 19:38:06 +01:00
2006-11-18 08:31:29 +01:00
$title = __ ( 'Users' );
2006-11-30 19:38:06 +01:00
$parent_file = 'users.php' ;
2006-11-18 08:31:29 +01:00
2010-10-07 21:34:18 +02:00
add_screen_option ( 'per_page' , array ( 'label' => _x ( 'Users' , 'users per page (screen options)' )) );
2010-05-28 01:10:26 +02:00
// contextual help - choose Help on the top right of admin panel to preview this.
add_contextual_help ( $current_screen ,
'<p>' . __ ( 'This screen lists all the existing users for your site. Each user has one of five defined roles as set by the site admin: Site Administrator, Editor, Author, Contributor, or Subscriber. Users with roles other than Administrator will see fewer options when they are logged in, based on their role.' ) . '</p>' .
2010-06-02 22:04:07 +02:00
'<p>' . __ ( 'You can customize the display of information on this screen as you can on other screens, by using the Screen Options tab and the on-screen filters.' ) . '</p>' .
'<p>' . __ ( 'To add a new user for your site, click the Add New button at the top of the screen or Add New in the Users menu section.' ) . '</p>' .
2010-05-28 01:10:26 +02:00
'<p><strong>' . __ ( 'For more information:' ) . '</strong></p>' .
2010-06-04 05:42:43 +02:00
'<p>' . __ ( '<a href="http://codex.wordpress.org/Users_Authors_and_Users_SubPanel" target="_blank">Documentation on Authors and Users</a>' ) . '</p>' .
'<p>' . __ ( '<a href="http://codex.wordpress.org/Roles_and_Capabilities" target="_blank">Roles and Capabilities Descriptions</a>' ) . '</p>' .
'<p>' . __ ( '<a href="http://wordpress.org/support/" target="_blank">Support Forums</a>' ) . '</p>'
2010-05-28 01:10:26 +02:00
);
2008-02-16 22:44:50 +01:00
if ( empty ( $_REQUEST ) ) {
2009-05-05 21:43:53 +02:00
$referer = '<input type="hidden" name="wp_http_referer" value="' . esc_attr ( stripslashes ( $_SERVER [ 'REQUEST_URI' ])) . '" />' ;
2008-02-16 22:44:50 +01:00
} elseif ( isset ( $_REQUEST [ 'wp_http_referer' ]) ) {
$redirect = remove_query_arg ( array ( 'wp_http_referer' , 'updated' , 'delete_count' ), stripslashes ( $_REQUEST [ 'wp_http_referer' ]));
2009-05-05 21:43:53 +02:00
$referer = '<input type="hidden" name="wp_http_referer" value="' . esc_attr ( $redirect ) . '" />' ;
2006-06-08 20:36:05 +02:00
} else {
$redirect = 'users.php' ;
2008-08-14 19:00:37 +02:00
$referer = '' ;
2006-06-08 20:36:05 +02:00
}
2010-09-22 02:10:39 +02:00
$update = '' ;
switch ( $wp_list_table -> current_action () ) {
2005-07-12 17:53:13 +02:00
2009-01-06 23:00:05 +01:00
/* Bulk Dropdown menu Role changes */
2005-07-12 17:53:13 +02:00
case 'promote' :
2006-05-03 00:36:06 +02:00
check_admin_referer ( 'bulk-users' );
2004-05-17 22:34:05 +02:00
2010-01-18 23:21:36 +01:00
if ( empty ( $_REQUEST [ 'users' ]) ) {
2006-06-27 07:38:56 +02:00
wp_redirect ( $redirect );
2006-11-15 00:44:25 +01:00
exit ();
2005-07-12 17:53:13 +02:00
}
2003-12-23 21:21:29 +01:00
2009-01-06 23:00:05 +01:00
$editable_roles = get_editable_roles ();
2010-04-03 10:08:12 +02:00
if ( empty ( $editable_roles [ $_REQUEST [ 'new_role' ]] ) )
2009-01-06 23:00:05 +01:00
wp_die ( __ ( 'You can’t give users that role.' ));
2003-12-23 21:21:29 +01:00
2008-02-16 22:44:50 +01:00
$userids = $_REQUEST [ 'users' ];
2005-11-13 05:40:18 +01:00
$update = 'promote' ;
2010-01-18 23:21:36 +01:00
foreach ( $userids as $id ) {
2010-06-06 17:12:47 +02:00
$id = ( int ) $id ;
2010-04-21 19:58:10 +02:00
if ( ! current_user_can ( 'promote_user' , $id ) )
2006-07-06 00:00:03 +02:00
wp_die ( __ ( 'You can’t edit that user.' ));
2010-04-21 19:58:10 +02:00
// The new role of the current user must also have promote_users caps
2010-04-21 19:43:53 +02:00
if ( $id == $current_user -> ID && ! $wp_roles -> role_objects [ $_REQUEST [ 'new_role' ]] -> has_cap ( 'promote_users' ) ) {
2005-11-13 05:40:18 +01:00
$update = 'err_admin_role' ;
continue ;
}
2010-06-06 17:05:18 +02:00
// If the user doesn't already belong to the blog, bail.
2010-06-06 17:25:27 +02:00
if ( is_multisite () && ! is_user_member_of_blog ( $id ) )
2010-06-06 17:05:18 +02:00
wp_die ( __ ( 'Cheatin’ uh?' ));
2006-06-08 20:36:05 +02:00
$user = new WP_User ( $id );
2008-02-16 22:44:50 +01:00
$user -> set_role ( $_REQUEST [ 'new_role' ]);
2006-06-08 20:36:05 +02:00
}
2006-02-12 08:53:23 +01:00
2006-06-27 07:38:56 +02:00
wp_redirect ( add_query_arg ( 'update' , $update , $redirect ));
2006-11-15 01:02:28 +01:00
exit ();
2005-03-09 23:49:42 +01:00
2005-07-12 17:53:13 +02:00
break ;
2003-12-23 21:21:29 +01:00
2005-07-12 17:53:13 +02:00
case 'dodelete' :
2010-04-21 19:43:53 +02:00
if ( is_multisite () )
wp_die ( __ ( 'User deletion is not allowed from this screen.' ) );
2003-12-23 21:21:29 +01:00
2006-05-03 00:36:06 +02:00
check_admin_referer ( 'delete-users' );
2005-07-12 17:53:13 +02:00
2008-02-16 22:44:50 +01:00
if ( empty ( $_REQUEST [ 'users' ]) ) {
2006-06-27 07:38:56 +02:00
wp_redirect ( $redirect );
2006-11-15 01:02:28 +01:00
exit ();
2004-05-17 14:38:19 +02:00
}
2003-12-23 21:21:29 +01:00
2010-04-21 19:43:53 +02:00
if ( ! current_user_can ( 'delete_users' ) )
wp_die ( __ ( 'You can’t delete users.' ));
2003-12-23 21:21:29 +01:00
2008-02-16 22:44:50 +01:00
$userids = $_REQUEST [ 'users' ];
2005-11-13 05:40:18 +01:00
$update = 'del' ;
2006-06-08 20:36:05 +02:00
$delete_count = 0 ;
foreach ( ( array ) $userids as $id ) {
2010-06-06 17:12:47 +02:00
$id = ( int ) $id ;
2010-04-21 19:43:53 +02:00
if ( ! current_user_can ( 'delete_user' , $id ) )
wp_die ( __ ( 'You can’t delete that user.' ) );
2006-06-08 20:36:05 +02:00
2010-01-18 23:21:36 +01:00
if ( $id == $current_user -> ID ) {
2005-11-13 05:40:18 +01:00
$update = 'err_admin_del' ;
continue ;
}
2010-01-18 23:21:36 +01:00
switch ( $_REQUEST [ 'delete_option' ] ) {
2005-07-12 17:53:13 +02:00
case 'delete' :
2010-04-21 19:43:53 +02:00
if ( current_user_can ( 'delete_user' , $id ) )
2010-01-14 03:02:19 +01:00
wp_delete_user ( $id );
2010-05-04 01:04:42 +02:00
break ;
2005-07-12 17:53:13 +02:00
case 'reassign' :
2010-04-21 19:43:53 +02:00
if ( current_user_can ( 'delete_user' , $id ) )
2010-01-14 03:02:19 +01:00
wp_delete_user ( $id , $_REQUEST [ 'reassign_user' ]);
2005-07-12 17:53:13 +02:00
break ;
}
2006-06-08 20:36:05 +02:00
++ $delete_count ;
2005-07-12 17:53:13 +02:00
}
2003-12-23 21:21:29 +01:00
2006-11-08 22:14:53 +01:00
$redirect = add_query_arg ( array ( 'delete_count' => $delete_count , 'update' => $update ), $redirect );
wp_redirect ( $redirect );
2006-11-15 01:02:28 +01:00
exit ();
2003-12-23 21:21:29 +01:00
break ;
2005-07-12 17:53:13 +02:00
case 'delete' :
2010-04-21 19:58:10 +02:00
if ( is_multisite () )
wp_die ( __ ( 'User deletion is not allowed from this screen.' ) );
2006-05-03 00:36:06 +02:00
check_admin_referer ( 'bulk-users' );
2004-05-17 22:34:05 +02:00
2008-09-17 06:39:08 +02:00
if ( empty ( $_REQUEST [ 'users' ]) && empty ( $_REQUEST [ 'user' ]) ) {
2006-06-27 07:38:56 +02:00
wp_redirect ( $redirect );
2006-11-15 01:02:28 +01:00
exit ();
}
2003-12-08 02:28:41 +01:00
2010-04-21 19:43:53 +02:00
if ( ! current_user_can ( 'delete_users' ) )
2010-04-03 07:14:34 +02:00
$errors = new WP_Error ( 'edit_users' , __ ( 'You can’t delete users.' ) );
2003-12-08 02:28:41 +01:00
2008-09-17 06:39:08 +02:00
if ( empty ( $_REQUEST [ 'users' ]) )
$userids = array ( intval ( $_REQUEST [ 'user' ]));
else
$userids = $_REQUEST [ 'users' ];
2005-07-09 03:27:46 +02:00
2005-07-12 17:53:13 +02:00
include ( 'admin-header.php' );
?>
< form action = " " method = " post " name = " updateusers " id = " updateusers " >
2006-05-03 00:36:06 +02:00
< ? php wp_nonce_field ( 'delete-users' ) ?>
2006-06-08 20:36:05 +02:00
< ? php echo $referer ; ?>
2008-01-07 21:38:49 +01:00
2005-07-12 17:53:13 +02:00
< div class = " wrap " >
2008-11-27 00:35:23 +01:00
< ? php screen_icon (); ?>
2005-11-13 05:40:18 +01:00
< h2 >< ? php _e ( 'Delete Users' ); ?> </h2>
< p >< ? php _e ( 'You have specified these users for deletion:' ); ?> </p>
< ul >
< ? php
$go_delete = false ;
2006-06-08 20:36:05 +02:00
foreach ( ( array ) $userids as $id ) {
2008-11-20 18:26:52 +01:00
$id = ( int ) $id ;
2006-06-08 20:36:05 +02:00
$user = new WP_User ( $id );
2006-11-20 05:29:06 +01:00
if ( $id == $current_user -> ID ) {
2005-12-12 23:48:30 +01:00
echo " <li> " . sprintf ( __ ( 'ID #%1s: %2s <strong>The current user will not be deleted.</strong>' ), $id , $user -> user_login ) . " </li> \n " ;
2005-11-13 05:40:18 +01:00
} else {
2009-05-05 21:43:53 +02:00
echo " <li><input type= \" hidden \" name= \" users[] \" value= \" " . esc_attr ( $id ) . " \" /> " . sprintf ( __ ( 'ID #%1s: %2s' ), $id , $user -> user_login ) . " </li> \n " ;
2005-11-13 05:40:18 +01:00
$go_delete = true ;
2005-07-12 17:53:13 +02:00
}
2006-06-08 20:36:05 +02:00
}
2010-09-05 21:00:51 +02:00
$all_logins = get_users ();
2006-06-08 20:36:05 +02:00
$user_dropdown = '<select name="reassign_user">' ;
foreach ( ( array ) $all_logins as $login )
2006-11-20 05:29:06 +01:00
if ( $login -> ID == $current_user -> ID || ! in_array ( $login -> ID , $userids ) )
2009-05-05 21:43:53 +02:00
$user_dropdown .= " <option value= \" " . esc_attr ( $login -> ID ) . " \" > { $login -> user_login } </option> " ;
2006-06-08 20:36:05 +02:00
$user_dropdown .= '</select>' ;
?>
</ ul >
< ? php if ( $go_delete ) : ?>
2008-05-04 12:37:06 +02:00
< fieldset >< p >< legend >< ? php _e ( 'What should be done with posts and links owned by this user?' ); ?> </legend></p>
2005-07-12 17:53:13 +02:00
< ul style = " list-style:none; " >
< li >< label >< input type = " radio " id = " delete_option0 " name = " delete_option " value = " delete " checked = " checked " />
< ? php _e ( 'Delete all posts and links.' ); ?> </label></li>
< li >< input type = " radio " id = " delete_option1 " name = " delete_option " value = " reassign " />
2005-12-02 23:37:02 +01:00
< ? php echo '<label for="delete_option1">' . __ ( 'Attribute all posts and links to:' ) . " </label> $user_dropdown " ; ?> </li>
2008-05-04 12:37:06 +02:00
</ ul ></ fieldset >
2005-07-12 17:53:13 +02:00
< input type = " hidden " name = " action " value = " dodelete " />
2010-10-17 20:24:34 +02:00
< ? php submit_button ( __ ( 'Confirm Deletion' ), 'secondary' ); ?>
2005-11-13 05:40:18 +01:00
< ? php else : ?>
< p >< ? php _e ( 'There are no valid users selected for deletion.' ); ?> </p>
< ? php endif ; ?>
2005-07-12 17:53:13 +02:00
</ div >
</ form >
< ? php
2003-12-08 02:28:41 +01:00
break ;
2010-04-21 19:43:53 +02:00
case 'doremove' :
check_admin_referer ( 'remove-users' );
if ( empty ( $_REQUEST [ 'users' ]) ) {
wp_redirect ( $redirect );
exit ;
}
if ( ! current_user_can ( 'remove_users' ) )
die ( __ ( 'You can’t remove users.' ));
$userids = $_REQUEST [ 'users' ];
$update = 'remove' ;
foreach ( $userids as $id ) {
$id = ( int ) $id ;
if ( $id == $current_user -> id && ! is_super_admin () ) {
$update = 'err_admin_remove' ;
continue ;
}
2010-05-15 16:43:13 +02:00
if ( ! current_user_can ( 'remove_user' , $id ) ) {
2010-04-21 19:43:53 +02:00
$update = 'err_admin_remove' ;
continue ;
}
remove_user_from_blog ( $id , $blog_id );
}
$redirect = add_query_arg ( array ( 'update' => $update ), $redirect );
wp_redirect ( $redirect );
exit ;
break ;
case 'remove' :
check_admin_referer ( 'bulk-users' );
if ( empty ( $_REQUEST [ 'users' ]) && empty ( $_REQUEST [ 'user' ]) ) {
wp_redirect ( $redirect );
exit ();
}
if ( ! current_user_can ( 'remove_users' ) )
$error = new WP_Error ( 'edit_users' , __ ( 'You can’t remove users.' ));
if ( empty ( $_REQUEST [ 'users' ]) )
$userids = array ( intval ( $_REQUEST [ 'user' ]));
else
$userids = $_REQUEST [ 'users' ];
include ( 'admin-header.php' );
?>
< form action = " " method = " post " name = " updateusers " id = " updateusers " >
< ? php wp_nonce_field ( 'remove-users' ) ?>
< ? php echo $referer ; ?>
< div class = " wrap " >
< ? php screen_icon (); ?>
2010-04-30 05:17:49 +02:00
< h2 >< ? php _e ( 'Remove Users from Site' ); ?> </h2>
2010-04-21 19:43:53 +02:00
< p >< ? php _e ( 'You have specified these users for removal:' ); ?> </p>
< ul >
< ? php
$go_remove = false ;
foreach ( $userids as $id ) {
$id = ( int ) $id ;
$user = new WP_User ( $id );
if ( $id == $current_user -> id && ! is_super_admin () ) {
echo " <li> " . sprintf ( __ ( 'ID #%1s: %2s <strong>The current user will not be removed.</strong>' ), $id , $user -> user_login ) . " </li> \n " ;
} elseif ( ! current_user_can ( 'remove_user' , $id ) ) {
echo " <li> " . sprintf ( __ ( 'ID #%1s: %2s <strong>You don\'t have permission to remove this user.</strong>' ), $id , $user -> user_login ) . " </li> \n " ;
} else {
echo " <li><input type= \" hidden \" name= \" users[] \" value= \" { $id } \" /> " . sprintf ( __ ( 'ID #%1s: %2s' ), $id , $user -> user_login ) . " </li> \n " ;
$go_remove = true ;
}
}
?>
< ? php if ( $go_remove ) : ?>
< input type = " hidden " name = " action " value = " doremove " />
2010-10-17 20:24:34 +02:00
< ? php submit_button ( __ ( 'Confirm Removal' ), 'secondary' ); ?>
2010-04-21 19:43:53 +02:00
< ? php else : ?>
< p >< ? php _e ( 'There are no valid users selected for removal.' ); ?> </p>
< ? php endif ; ?>
</ div >
</ form >
< ? php
break ;
2003-12-08 02:28:41 +01:00
default :
2008-02-20 06:45:16 +01:00
if ( ! empty ( $_GET [ '_wp_http_referer' ]) ) {
wp_redirect ( remove_query_arg ( array ( '_wp_http_referer' , '_wpnonce' ), stripslashes ( $_SERVER [ 'REQUEST_URI' ])));
2008-03-02 21:17:30 +01:00
exit ;
2008-02-20 06:45:16 +01:00
}
2010-08-22 13:22:46 +02:00
$wp_list_table -> prepare_items ();
2008-09-29 11:26:21 +02:00
2010-08-11 23:54:51 +02:00
include ( './admin-header.php' );
2010-03-03 20:08:30 +01:00
2008-09-11 20:54:05 +02:00
$messages = array ();
2006-06-08 20:36:05 +02:00
if ( isset ( $_GET [ 'update' ]) ) :
2005-07-12 17:53:13 +02:00
switch ( $_GET [ 'update' ]) {
case 'del' :
2006-06-08 20:36:05 +02:00
case 'del_many' :
2008-09-11 20:54:05 +02:00
$delete_count = isset ( $_GET [ 'delete_count' ]) ? ( int ) $_GET [ 'delete_count' ] : 0 ;
2009-12-26 10:00:58 +01:00
$messages [] = '<div id="message" class="updated"><p>' . sprintf ( _n ( '%s user deleted' , '%s users deleted' , $delete_count ), $delete_count ) . '</p></div>' ;
2005-07-12 17:53:13 +02:00
break ;
case 'add' :
2009-12-26 10:00:58 +01:00
$messages [] = '<div id="message" class="updated"><p>' . __ ( 'New user created.' ) . '</p></div>' ;
2005-07-12 17:53:13 +02:00
break ;
case 'promote' :
2009-12-26 10:00:58 +01:00
$messages [] = '<div id="message" class="updated"><p>' . __ ( 'Changed roles.' ) . '</p></div>' ;
2005-07-12 17:53:13 +02:00
break ;
2005-11-13 05:40:18 +01:00
case 'err_admin_role' :
2009-05-05 06:28:05 +02:00
$messages [] = '<div id="message" class="error"><p>' . __ ( 'The current user’s role must have user editing capabilities.' ) . '</p></div>' ;
2009-12-26 10:00:58 +01:00
$messages [] = '<div id="message" class="updated"><p>' . __ ( 'Other user roles have been changed.' ) . '</p></div>' ;
2005-11-13 05:40:18 +01:00
break ;
case 'err_admin_del' :
2009-05-05 06:28:05 +02:00
$messages [] = '<div id="message" class="error"><p>' . __ ( 'You can’t delete the current user.' ) . '</p></div>' ;
2009-12-26 10:00:58 +01:00
$messages [] = '<div id="message" class="updated"><p>' . __ ( 'Other users have been deleted.' ) . '</p></div>' ;
2005-11-13 05:40:18 +01:00
break ;
2010-04-21 19:43:53 +02:00
case 'remove' :
2010-04-30 05:17:49 +02:00
$messages [] = '<div id="message" class="updated fade"><p>' . __ ( 'User removed from this site.' ) . '</p></div>' ;
2010-04-21 19:43:53 +02:00
break ;
case 'err_admin_remove' :
$messages [] = '<div id="message" class="error"><p>' . __ ( " You can't remove the current user. " ) . '</p></div>' ;
$messages [] = '<div id="message" class="updated fade"><p>' . __ ( 'Other users have been removed.' ) . '</p></div>' ;
break ;
2005-07-12 17:53:13 +02:00
}
2006-06-08 20:36:05 +02:00
endif ; ?>
2008-08-14 19:00:37 +02:00
< ? php if ( isset ( $errors ) && is_wp_error ( $errors ) ) : ?>
2005-07-12 17:53:13 +02:00
< div class = " error " >
< ul >
< ? php
2008-09-11 20:54:05 +02:00
foreach ( $errors -> get_error_messages () as $err )
echo " <li> $err </li> \n " ;
2005-07-12 17:53:13 +02:00
?>
</ ul >
</ div >
2008-09-29 11:26:21 +02:00
< ? php endif ;
2008-09-11 20:54:05 +02:00
if ( ! empty ( $messages ) ) {
foreach ( $messages as $msg )
echo $msg ;
} ?>
2006-06-08 20:36:05 +02:00
< div class = " wrap " >
2008-11-26 14:51:25 +01:00
< ? php screen_icon (); ?>
2010-02-01 09:12:56 +01:00
< h2 >< ? php echo esc_html ( $title ); if ( current_user_can ( 'create_users' ) ) { ?> <a href="user-new.php" class="button add-new-h2"><?php echo esc_html_x('Add New', 'user'); ?></a><?php }
2010-08-11 23:54:51 +02:00
if ( $usersearch )
printf ( '<span class="subtitle">' . __ ( 'Search results for “%s”' ) . '</span>' , esc_html ( $usersearch ) ); ?>
2008-12-05 02:18:19 +01:00
</ h2 >
2008-09-19 07:31:00 +02:00
2010-09-05 23:26:27 +02:00
< ? php $wp_list_table -> views (); ?>
2008-08-20 23:42:31 +02:00
2008-10-24 21:21:19 +02:00
< form class = " search-form " action = " " method = " get " >
< p class = " search-box " >
2009-05-13 00:40:56 +02:00
< label class = " screen-reader-text " for = " user-search-input " >< ? php _e ( 'Search Users' ); ?> :</label>
2010-08-11 23:54:51 +02:00
< input type = " text " id = " user-search-input " name = " usersearch " value = " <?php echo esc_attr( $usersearch ); ?> " />
2010-10-31 02:28:02 +02:00
< ? php submit_button ( __ ( 'Search Users' ), 'button' , 'submit' , false ); ?>
2008-10-24 21:21:19 +02:00
</ p >
</ form >
2010-08-11 23:54:51 +02:00
< form id = " posts-filter " action = " " method = " post " >
2010-08-22 13:22:46 +02:00
< ? php $wp_list_table -> display (); ?>
2008-03-30 18:48:31 +02:00
</ form >
2006-06-08 20:36:05 +02:00
2010-01-14 03:02:19 +01:00
< ? php
if ( is_multisite () ) {
foreach ( array ( 'user_login' => 'user_login' , 'first_name' => 'user_firstname' , 'last_name' => 'user_lastname' , 'email' => 'user_email' , 'url' => 'user_uri' , 'role' => 'user_role' ) as $formpost => $var ) {
$var = 'new_' . $var ;
$$var = isset ( $_REQUEST [ $formpost ]) ? esc_attr ( stripslashes ( $_REQUEST [ $formpost ])) : '' ;
}
unset ( $name );
}
?>
2008-03-15 00:58:31 +01:00
< br class = " clear " />
2007-09-04 01:32:58 +02:00
< ? php
2003-12-08 02:28:41 +01:00
break ;
2006-06-08 20:36:05 +02:00
2008-09-29 11:26:21 +02:00
} // end of the $doaction switch
2004-08-23 01:24:50 +02:00
2010-04-18 08:14:45 +02:00
include ( './admin-footer.php' );
