From 8baae0c89eb31b245f22dd7dd3874f6072ff22a6 Mon Sep 17 00:00:00 2001 From: Ryan Boren Date: Wed, 14 Sep 2005 00:03:02 +0000 Subject: [PATCH] User create/update rework. Introduce wp_insert_user(), wp_create_user(), wp_update_user(), add_user(), update_user(), wp_new_user_notification(). git-svn-id: https://develop.svn.wordpress.org/trunk@2872 602fd350-edb4-49c9-b593-d223f7449a82 --- wp-admin/admin-functions.php | 97 +++++++++ wp-admin/admin.php | 2 + wp-admin/import/mt.php | 5 +- wp-admin/profile-update.php | 52 +---- wp-admin/profile.php | 4 +- wp-admin/user-edit.php | 277 ++++++++++--------------- wp-admin/users.php | 65 +----- wp-includes/functions.php | 5 + wp-includes/pluggable-functions.php | 29 +++ wp-includes/registration-functions.php | 120 +++++++++-- wp-register.php | 37 +--- 11 files changed, 376 insertions(+), 317 deletions(-) diff --git a/wp-admin/admin-functions.php b/wp-admin/admin-functions.php index bb4ba32fd5..4939b82848 100644 --- a/wp-admin/admin-functions.php +++ b/wp-admin/admin-functions.php @@ -344,6 +344,103 @@ function category_exists($cat_name) { return $wpdb->get_var("SELECT cat_ID FROM $wpdb->categories WHERE category_nicename = '$category_nicename'"); } +// Creates a new user from the "Users" form using $_POST information. + +function add_user() { + return update_user(); +} + +function update_user($user_id = 0) { + + if ( $user_id != 0 ) { + $update = true; + $user->ID = $user_id; + $userdata = get_userdata($user_id); + $user->user_login = $userdata->user_login; + } else { + $update = false; + $user = ''; + } + + if ( isset($_POST['user_login']) ) + $user->user_login = wp_specialchars(trim($_POST['user_login'])); + + $pass1 = $pass2 = ''; + if ( isset($_POST['pass1']) ) + $pass1 = $_POST['pass1']; + if ( isset($_POST['pass2']) ) + $pass2 = $_POST['pass2']; + + if ( isset($_POST['email']) ) + $user->user_email = wp_specialchars(trim($_POST['email'])); + if ( isset($_POST['url']) ) { + $user->user_url = wp_specialchars(trim($_POST['url'])); + $user->user_url = preg_match('/^(https?|ftps?|mailto|news|gopher):/is', $user->user_url) ? $user->user_url : 'http://' . $user->user_url; + } + if ( isset($_POST['first_name']) ) + $user->first_name = wp_specialchars(trim($_POST['first_name'])); + if ( isset($_POST['last_name']) ) + $user->last_name = wp_specialchars(trim($_POST['last_name'])); + if ( isset($_POST['nickname']) ) + $user->nickname = wp_specialchars(trim($_POST['nickname'])); + if ( isset($_POST['display_name']) ) + $user->display_name = wp_specialchars(trim($_POST['display_name'])); + if ( isset($_POST['description']) ) + $user->description = wp_specialchars(trim($_POST['description'])); + if ( isset($_POST['jabber']) ) + $user->jabber = wp_specialchars(trim($_POST['jabber'])); + if ( isset($_POST['aim']) ) + $user->aim = wp_specialchars(trim($_POST['aim'])); + if ( isset($_POST['yim']) ) + $user->yim = wp_specialchars(trim($_POST['yim'])); + + $errors = array(); + + /* checking that username has been typed */ + if ($user->user_login == '') + $errors['user_login'] = __('ERROR: Please enter a username.'); + + /* checking the password has been typed twice */ + do_action('check_passwords', array($user->user_login, &$pass1, &$pass2)); + + if ( !$update ) { + if ( $pass1 == '' || $pass2 == '' ) + $errors['pass'] = __('ERROR: Please enter your password twice.'); + } else { + if ( ( empty($pass1) && !empty($pass2) ) || ( empty($pass2) && !empty($pass1) ) ) + $errors['pass'] = __("ERROR: you typed your new password only once."); + } + + /* checking the password has been typed twice the same */ + if ($pass1 != $pass2) + $errors['pass'] = __('ERROR: Please type the same password in the two password fields.'); + + if ( !empty($pass1) ) + $user->user_pass = $pass1; + + if ( !$update && username_exists( $user_login ) ) + $errors['user_login'] = __('ERROR: This username is already registered, please choose another one.'); + + /* checking e-mail address */ + if (empty($user->user_email)) { + $errors['user_email'] = __("ERROR: please type an e-mail address"); + } else if (!is_email($user->user_email)) { + $errors['user_email'] = __("ERROR: the email address isn't correct"); + } + + if ( count($errors) != 0 ) + return $errors; + + if ( $update ) { + $user_id = wp_update_user(get_object_vars($user)); + } else { + $user_id = wp_insert_user(get_object_vars($user)); + wp_new_user_notification($user_id); + } + + return $errors; +} + function wp_delete_user($id, $reassign = 'novalue') { global $wpdb; diff --git a/wp-admin/admin.php b/wp-admin/admin.php index 2a65c30cfa..c228b1d293 100644 --- a/wp-admin/admin.php +++ b/wp-admin/admin.php @@ -6,6 +6,8 @@ else require_once(ABSPATH . 'wp-admin/admin-functions.php'); require_once(ABSPATH . 'wp-admin/admin-db.php'); +require_once(ABSPATH . WPINC . '/registration-functions.php'); + auth_redirect(); nocache_headers(); diff --git a/wp-admin/import/mt.php b/wp-admin/import/mt.php index 53c7df2b42..c067e0eec7 100644 --- a/wp-admin/import/mt.php +++ b/wp-admin/import/mt.php @@ -35,13 +35,16 @@ class MT_Import { $importdata = preg_replace("/(\r\n|\n|\r)/", "\n", $importdata); $importdata = preg_replace("/\n--------\n/", "--MT-ENTRY--\n", $importdata); $this->posts = explode("--MT-ENTRY--", $importdata); + unset($importdata); + + } function import() { if ('' != MTEXPORT && !file_exists(MTEXPORT)) die("The file you specified does not seem to exist. Please check the path you've given."); if ('' == MTEXPORT) die("You must edit the MTEXPORT line as described on the previous page to continue."); - $this->get_entries(); + $this->get_entries(); } function dispatch() { diff --git a/wp-admin/profile-update.php b/wp-admin/profile-update.php index 6591c31c3c..492d26a355 100644 --- a/wp-admin/profile-update.php +++ b/wp-admin/profile-update.php @@ -4,55 +4,15 @@ require_once('admin.php'); check_admin_referer(); -if ( empty($_POST['email']) ) - die (__("ERROR: please type your e-mail address")); -elseif ( !is_email($_POST['email']) ) - die (__("ERROR: the e-mail address isn't correct")); +$errors = update_user($user_ID); -$pass1 = $_POST['pass1']; -$pass2 = $_POST['pass2']; -do_action('check_passwords', array($user_login, &$pass1, &$pass2)); - -if ( '' == $pass1 ) { - if ( '' != $pass2 ) - die (__('ERROR: you typed your new password only once. Go back to type it twice.')); - $updatepassword = ''; -} else { - if ('' == $pass2) - die (__('ERROR: you typed your new password only once. Go back to type it twice.')); - if ( $pass1 != $pass2 ) - die (__('ERROR: you typed two different passwords. Go back to correct that.')); - $newuser_pass = $pass1; - $updatepassword = "user_pass=MD5('$newuser_pass'), "; - wp_clearcookie(); - wp_setcookie($user_login, $newuser_pass); +if (count($errors) != 0) { + foreach ($errors as $id => $error) { + echo $error . '
'; + } + exit; } -$first_name = wp_specialchars($_POST['first_name']); -$last_name = wp_specialchars($_POST['last_name']); -$display_name = wp_specialchars($_POST['display_name']); -$nickname = $_POST['nickname']; -$nicename = sanitize_title($nickname); -$jabber = wp_specialchars($_POST['jabber']); -$aim = wp_specialchars($_POST['aim']); -$yim = wp_specialchars($_POST['yim']); -$email = wp_specialchars($_POST['email']); -$url = wp_specialchars($_POST['url']); -$url = preg_match('/^(https?|ftps?|mailto|news|gopher):/is', $url) ? $url : 'http://' . $url; -$user_description = $_POST['user_description']; - -$result = $wpdb->query("UPDATE $wpdb->users SET $updatepassword user_email='$email', user_url='$url', user_nicename = '$nicename', display_name = '$display_name' WHERE ID = '$user_ID'"); - -update_usermeta( $user_ID, 'first_name', $first_name ); -update_usermeta( $user_ID, 'last_name', $last_name ); -update_usermeta( $user_ID, 'nickname', $nickname ); -update_usermeta( $user_ID, 'description', $user_description ); -update_usermeta( $user_ID, 'jabber', $jabber ); -update_usermeta( $user_ID, 'aim', $aim ); -update_usermeta( $user_ID, 'yim', $yim ); - -do_action('profile_update', $user_ID); - if ( 'profile' == $_POST['from'] ) $to = 'profile.php?updated=true'; else diff --git a/wp-admin/profile.php b/wp-admin/profile.php index 27bec9f849..c65da5247f 100644 --- a/wp-admin/profile.php +++ b/wp-admin/profile.php @@ -28,7 +28,7 @@ $bookmarklet_height= 440;

@@ -83,7 +83,7 @@ $bookmarklet_height= 440;

-

+

data; -} -if (!current_user_can('edit_users')) $errors['head'] = __('You do not have permission to edit this user.'); - -/* checking the nickname has been typed */ -if (empty($_POST["new_nickname"])) { - $errors['nickname'] = __("ERROR: please enter your nickname (can be the same as your username)"); -} - -$new_user_login = wp_specialchars($_POST['new_user_login']); -$pass1 = $_POST['pass1']; -$pass2 = $_POST['pass2']; -do_action('check_passwords', array($new_user_login, &$pass1, &$pass2)); - -if ( '' == $pass1 ) { - if ( '' != $pass2 ) - $errors['pass'] = __("ERROR: you typed your new password only once."); - $updatepassword = ''; -} else { - if ( '' == $pass2) - $errors['pass'] = __("ERROR: you typed your new password only once."); - if ( $pass1 != $pass2 ) - $errors['pass'] = __("ERROR: you typed two different passwords."); - $new_pass = $pass1; - $updatepassword = "user_pass=MD5('$new_pass'), "; -} - -$edituser->user_login = wp_specialchars($_POST['new_user_login']); -$edituser->user_nicename = sanitize_title($new_nickname, $user_id); -$edituser->user_email = wp_specialchars($_POST['new_email']); -$edituser->user_url = wp_specialchars($_POST['new_url']); -$edituser->user_url = preg_match('/^(https?|ftps?|mailto|news|gopher):/is', $edituser->user_url) ? $edituser->user_url : 'http://' . $edituser->user_url; -$edituser->display_name = wp_specialchars($_POST['display_name']); - -$edituser->first_name = wp_specialchars($_POST['new_firstname']); -$edituser->last_name = wp_specialchars($_POST['new_lastname']); -$edituser->nickname = $_POST['new_nickname']; -$edituser->icq = wp_specialchars($_POST['new_icq']); -$edituser->aim = wp_specialchars($_POST['new_aim']); -$edituser->msn = wp_specialchars($_POST['new_msn']); -$edituser->yim = wp_specialchars($_POST['new_yim']); -$edituser->description = $_POST['new_description']; +if (!current_user_can('edit_users')) + $errors['head'] = __('You do not have permission to edit this user.'); +else + $errors = update_user($user_id); if(count($errors) == 0) { - $result = $wpdb->query("UPDATE $wpdb->users SET user_login = '$edituser->user_login', $updatepassword user_email='$edituser->user_email', user_url='$edituser->user_url', user_nicename = '$edituser->user_nicename', display_name = '$edituser->display_name' WHERE ID = '$user_id'"); - - update_usermeta( $user_id, 'first_name', $edituser->firstname ); - update_usermeta( $user_id, 'last_name', $edituser->lastname ); - update_usermeta( $user_id, 'nickname', $edituser->nickname ); - update_usermeta( $user_id, 'description', $edituser->description ); - update_usermeta( $user_id, 'icq', $edituser->icq ); - update_usermeta( $user_id, 'aim', $edituser->aim ); - update_usermeta( $user_id, 'msn', $edituser->msn ); - update_usermeta( $user_id, 'yim', $edituser->yim ); - - $wp_user->set_role($_POST['new_role']); - header("Location: user-edit.php?user_id=$user_id&updated=true"); -} else { - $wp_user->roles = array($_POST['new_role'] => true); + exit; } default: include ('admin-header.php'); -if(empty($wp_user)) { - $wp_user = new WP_User($user_id); - $edituser = &$wp_user->data; -} +$profileuser = new WP_User($user_id); +$profiledata = $profileuser->data; if (!current_user_can('edit_users')) $errors['head'] = __('You do not have permission to edit this user.'); ?> @@ -114,7 +58,7 @@ if (!current_user_can('edit_users')) $errors['head'] = __('You do not have permi

- +

    -
    - - - - - - - - - - - - - -user_registered) && ('0000-00-00 00:00:00' != $edituser->user_registered) ) { ?> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +

    + + +

    + +
    + +

    +

    + +

    + +

    + +

    +
    + +
    + + +

    + +

    + +

    + +

    + +

    +

    +
    +
    +
    + +

    +

    +
    + + - - - - +
    + +

    +

    +

    +
    -
    ID); ?>
    user_registered, 0, 11); ?>
    -
    - -
    - -
    Password (Leave blank to stay the same.)') ?> -
    -
    -

    + + + +
    + + caps) > count($profileuser->roles)): + ?> + + + + + +
    caps as $cap => $value) { + if(!$wp_roles->is_role($cap)) { + if($output != '') $output .= ', '; + $output .= $value ? $cap : "Denied: {$cap}"; + } + } + echo $output; + ?>
    +

    -

    +

- ERROR: Please enter a username.'); - - /* checking the password has been typed twice */ - do_action('check_passwords', array($new_user_login, &$new_pass1, &$new_pass2)); - if ($new_pass1 == '' || $new_pass2 == '') - $errors['pass'] = __('ERROR: Please enter your password twice.'); - - /* checking the password has been typed twice the same */ - if ($new_pass1 != $new_pass2) - $errors['pass'] = __('ERROR: Please type the same password in the two password fields.'); - - $new_user_nickname = $new_user_login; - - if ( username_exists( $new_user_login ) ) - $errors['pass'] = __('ERROR: This username is already registered, please choose another one.'); - - /* checking e-mail address */ - if (empty($new_user_email)) { - $errors['user_email'] = __("ERROR: please type an e-mail address"); - } else if (!is_email($new_user_email)) { - $errors['user_email'] = __("ERROR: the email address isn't correct"); - } - - if(count($errors) == 0) { - $user_ID = create_user( $new_user_login, $new_pass1, $new_user_email, 0 ); - - update_usermeta( $user_ID, 'first_name', $new_user_firstname); - update_usermeta( $user_ID, 'last_name', $new_user_lastname); - update_usermeta( $user_ID, 'first_name', $new_user_firstname); - - $user = new WP_User($user_ID); - $user->set_role(get_settings('default_role')); - - $stars = ''; - for ($i = 0; $i < strlen($pass1); $i = $i + 1) - $stars .= '*'; + $errors = add_user(); - $user_login = stripslashes($new_user_login); - $message = sprintf(__('New user registration on your blog %s:'), get_settings('blogname')) . "\r\n\r\n"; - $message .= sprintf(__('Username: %s'), $new_user_login) . "\r\n\r\n"; - $message .= sprintf(__('E-mail: %s'), $new_user_email) . "\r\n"; - - @wp_mail(get_settings('admin_email'), sprintf(__('[%s] New User Registration'), get_settings('blogname')), $message); - - do_action('user_register', $user_id); - + if(count($errors) == 0) { header('Location: users.php?update=add'); die(); } @@ -310,11 +255,11 @@ $role_select .= ''; - + - + @@ -322,7 +267,7 @@ $role_select .= ''; - + data->user_login); + $user_email = stripslashes($user->data->user_email); + + $message = sprintf(__('New user registration on your blog %s:'), get_settings('blogname')) . "\r\n\r\n"; + $message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n"; + $message .= sprintf(__('E-mail: %s'), $user_email) . "\r\n"; + + @wp_mail(get_settings('admin_email'), sprintf(__('[%s] New User Registration'), get_settings('blogname')), $message); + + if ( empty($plaintext_pass) ) + return; + + $message = sprintf(__('Username: %s'), $user_login) . "\r\n"; + $message .= sprintf(__('Password: %s'), $plaintext_pass) . "\r\n"; + $message .= get_settings('siteurl') . "/wp-login.php\r\n"; + + wp_mail($user_email, sprintf(__('[%s] Your username and password'), get_settings('blogname')), $message); + +} +endif; + ?> diff --git a/wp-includes/registration-functions.php b/wp-includes/registration-functions.php index 23e1353d55..13b14374c9 100644 --- a/wp-includes/registration-functions.php +++ b/wp-includes/registration-functions.php @@ -8,28 +8,116 @@ function username_exists( $username ) { return $wpdb->get_var( $query ); } -function create_user( $username, $password, $email, $user_level ) { +function wp_insert_user($userdata) { global $wpdb; - $username = $wpdb->escape( $username ); - $email = $wpdb->escape( $email ); - $password = md5( $password ); - $user_nicename = sanitize_title( $username ); - $now = gmdate('Y-m-d H:i:s'); - $query = "INSERT INTO $wpdb->users - (user_login, user_pass, user_email, user_registered, user_nicename, display_name) + extract($userdata); + + // Are we updating or creating? + if ( !empty($ID) ) { + $update = true; + } else { + $update = false; + // Password is not hashed when creating new user. + $user_pass = md5($user_pass); + } + + if ( empty($user_nicename) ) + $user_nicename = sanitize_title( $user_login ); + + if ( empty($display_name) ) + $display_name = $user_login; + + if ( empty($nickname) ) + $nickname = $user_login; + + if ( empty($user_registered) ) + $user_registered = gmdate('Y-m-d H:i:s'); + + if ( $update ) { + $query = "UPDATE $wpdb->users SET user_pass='$user_pass' user_email='$user_email', user_url='$user_url', user_nicename = '$user_nicename', display_name = '$display_name' WHERE ID = '$ID'"; + $query = apply_filters('update_user_query', $query); + $wpdb->query( $query ); + $user_id = $ID; + } else { + $query = "INSERT INTO $wpdb->users + (user_login, user_pass, user_email, user_url, user_registered, user_nicename, display_name) VALUES - ('$username', '$password', '$email', '$now', '$user_nicename', '$username')"; - $query = apply_filters('create_user_query', $query); - $wpdb->query( $query ); - $user_id = $wpdb->insert_id; + ('$user_login', '$user_pass', '$user_email', '$user_url', '$user_registered', '$user_nicename', '$display_name')"; + $query = apply_filters('create_user_query', $query); + $wpdb->query( $query ); + $user_id = $wpdb->insert_id; + } + + clean_user_cache($user_id); + clean_user_cache($user_login); - $user_level = (int) $user_level; - update_usermeta( $user_id, $wpdb->prefix . 'user_level', $user_level); - $user = new WP_User($user_id); - $user->set_role(get_settings('default_role')); + update_usermeta( $user_id, 'first_name', $first_name); + update_usermeta( $user_id, 'last_name', $last_name); + update_usermeta( $user_id, 'nickname', $nickname ); + update_usermeta( $user_id, 'description', $description ); + update_usermeta( $user_id, 'jabber', $jabber ); + update_usermeta( $user_id, 'aim', $aim ); + update_usermeta( $user_id, 'yim', $yim ); + + if ( !$update ) { + $user = new WP_User($user_id); + $user->set_role(get_settings('default_role')); + } + + if ( $update ) + do_action('profile_update', $user_id); + else + do_action('user_register', $user_id); + + return $user_id; +} + +function wp_update_user($userdata) { + global $wpdb; + + $ID = (int) $userdata['ID']; + + // First, get all of the original fields + $user = get_userdata($ID); + + // Escape data pulled from DB. + $user = add_magic_quotes(get_object_vars($user)); + + // If password is changing, hash it now. + if ( ! empty($userdata['user_pass']) ) { + $plaintext_pass = $userdata['user_pass']; + $userdata['user_pass'] = md5($userdata['user_pass']); + } + + // Merge old and new fields with new fields overwriting old ones. + $userdata = array_merge($user, $userdata); + $user_id = wp_insert_user($userdata); + + // Update the cookies if the password changed. + if ( isset($plaintext_pass) ) { + wp_clearcookie(); + wp_setcookie($userdata['user_login'], $plaintext_pass); + } return $user_id; } +function wp_create_user( $username, $password, $email ) { + global $wpdb; + + $user_login = $wpdb->escape( $username ); + $user_email = $wpdb->escape( $email ); + $user_pass = $password; + + $userdata = compact('user_login', 'user_email', 'user_pass'); + return wp_insert_user($userdata); +} + + +function create_user( $username, $password, $email ) { + return wp_create_user( $username, $password, $email ); +} + + ?> \ No newline at end of file diff --git a/wp-register.php b/wp-register.php index 4e7f870f15..8591de7b74 100644 --- a/wp-register.php +++ b/wp-register.php @@ -30,37 +30,18 @@ case 'register': if ( username_exists( $user_login ) ) $errors['user_login'] = __('ERROR: This username is already registered, please choose another one.'); - $password = substr( md5( uniqid( microtime() ) ), 0, 7); + if ( 0 == count($errors) ) { + $password = substr( md5( uniqid( microtime() ) ), 0, 7); - $user_id = create_user( $user_login, $password, $user_email, 0 ); - if ( !$user_id ) { - $errors['user_id'] = sprintf(__('ERROR: Couldn’t register you... please contact the webmaster !'), get_settings('admin_email')); + $user_id = wp_create_user( $user_login, $password, $user_email ); + if ( !$user_id ) + $errors['user_id'] = sprintf(__('ERROR: Couldn’t register you... please contact the webmaster !'), get_settings('admin_email')); + else + wp_new_user_notification($user_id, $password); } - - if(count($errors) == 0) { - $user = new WP_User($user_id); - $user->set_role(get_settings('default_role')); - do_action('user_register', $user_id); - - - $stars = ''; - for ($i = 0; $i < strlen($pass1); $i = $i + 1) { - $stars .= '*'; - } - - $message = sprintf(__('Username: %s'), $user_login) . "\r\n"; - $message .= sprintf(__('Password: %s'), $password) . "\r\n"; - $message .= get_settings('siteurl') . "/wp-login.php\r\n"; - - wp_mail($user_email, sprintf(__('[%s] Your username and password'), get_settings('blogname')), $message); - - $message = sprintf(__('New user registration on your blog %s:'), get_settings('blogname')) . "\r\n\r\n"; - $message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n"; - $message .= sprintf(__('E-mail: %s'), $user_email) . "\r\n"; - - @wp_mail(get_settings('admin_email'), sprintf(__('[%s] New User Registration'), get_settings('blogname')), $message); - + if ( 0 == count($errors) ) { + ?>