X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/8a06f4f9392d1ac373442f82ee40428a3cb81395..2376fb745f4ae8c6bd2353127524e0b28005143d:/wp-admin/user-edit.php
diff --git a/wp-admin/user-edit.php b/wp-admin/user-edit.php
index e7a30cd5..414dfb3f 100644
--- a/wp-admin/user-edit.php
+++ b/wp-admin/user-edit.php
@@ -1,98 +1,97 @@
-
-ID ) );
+
+if ( ! $user_id && IS_PROFILE_PAGE )
+ $user_id = $current_user->ID;
+elseif ( ! $user_id && ! IS_PROFILE_PAGE )
+ wp_die(__( 'Invalid user ID.' ) );
+elseif ( ! get_userdata( $user_id ) )
+ wp_die( __('Invalid user ID.') );
+
+wp_enqueue_script('user-profile');
+wp_enqueue_script('password-strength-meter');
+
+$title = IS_PROFILE_PAGE ? __('Profile') : __('Edit User');
+if ( current_user_can('edit_users') && !IS_PROFILE_PAGE )
$submenu_file = 'users.php';
else
$submenu_file = 'profile.php';
$parent_file = 'users.php';
-wp_reset_vars(array('action', 'redirect', 'profile', 'user_id', 'wp_http_referer'));
+// contextual help - choose Help on the top right of admin panel to preview this.
+add_contextual_help($current_screen,
+ '
' . __('Your profile contains information about you (your “account”) as well as some personal options related to using WordPress.') . '
' .
+ '' . __('You can change your password, turn on keyboard shortcuts, change the color scheme of your WordPress administration screens, and turn off the WYSIWYG (Visual) editor, among other things.') . '
' .
+ '' . __('Your username cannot be changed, but you can use other fields to enter your real name or a nickname, and change which name to display on your posts.') . '
' .
+ '' . __('Required fields are indicated; the rest are optional. Profile information will only be displayed if your theme is set up to do so.') . '
' .
+ '' . __('Remember to click the Update Profile button when you are finished.') . '
' .
+ '' . __('For more information:') . '
' .
+ '' . __('Documentation on User Profiles ') . '
' .
+ '' . __('Support Forums ') . '
'
+);
+
$wp_http_referer = remove_query_arg(array('update', 'delete_count'), stripslashes($wp_http_referer));
-$user_id = (int) $user_id;
+$all_post_caps = array('posts', 'pages');
+$user_can_edit = false;
+foreach ( $all_post_caps as $post_cap )
+ $user_can_edit |= current_user_can("edit_$post_cap");
+
+/**
+ * Optional SSL preference that can be turned on by hooking to the 'personal_options' action.
+ *
+ * @since 2.7.0
+ *
+ * @param object $user User data object
+ */
+function use_ssl_preference($user) {
+?>
+
+
+ use_ssl); ?> />
+
+ID;
- } else {
- wp_die(__('Invalid user ID.'));
+// Only allow super admins on multisite to edit every user.
+if ( is_multisite() && ! current_user_can( 'manage_network_users' ) && $user_id != $current_user->ID && ! apply_filters( 'enable_edit_any_user_configuration', true ) )
+ wp_die( __( 'You do not have permission to edit this user.' ) );
+
+// Execute confirmed email change. See send_confirmation_on_profile_email().
+if ( is_multisite() && IS_PROFILE_PAGE && isset( $_GET[ 'newuseremail' ] ) && $current_user->ID ) {
+ $new_email = get_option( $current_user->ID . '_new_email' );
+ if ( $new_email[ 'hash' ] == $_GET[ 'newuseremail' ] ) {
+ $user->ID = $current_user->ID;
+ $user->user_email = esc_html( trim( $new_email[ 'newemail' ] ) );
+ if ( $wpdb->get_var( $wpdb->prepare( "SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", $current_user->user_login ) ) )
+ $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->signups} SET user_email = %s WHERE user_login = %s", $user->user_email, $current_user->user_login ) );
+ wp_update_user( get_object_vars( $user ) );
+ delete_option( $current_user->ID . '_new_email' );
+ wp_redirect( add_query_arg( array('updated' => 'true'), admin_url( 'profile.php' ) ) );
+ die();
}
+} elseif ( is_multisite() && IS_PROFILE_PAGE && !empty( $_GET['dismiss'] ) && $current_user->ID . '_new_email' == $_GET['dismiss'] ) {
+ delete_option( $current_user->ID . '_new_email' );
+ wp_redirect( add_query_arg( array('updated' => 'true'), admin_url( 'profile.php' ) ) );
+ die();
+}
switch ($action) {
case 'switchposts':
@@ -110,14 +109,41 @@ check_admin_referer('update-user_' . $user_id);
if ( !current_user_can('edit_user', $user_id) )
wp_die(__('You do not have permission to edit this user.'));
-if ( $is_profile_page ) {
- do_action('personal_options_update');
-}
+if ( IS_PROFILE_PAGE )
+ do_action('personal_options_update', $user_id);
+else
+ do_action('edit_user_profile_update', $user_id);
+
+if ( !is_multisite() ) {
+ $errors = edit_user($user_id);
+} else {
+ $user = get_userdata( $user_id );
+
+ // Update the email address in signups, if present.
+ if ( $user->user_login && isset( $_POST[ 'email' ] ) && is_email( $_POST[ 'email' ] ) && $wpdb->get_var( $wpdb->prepare( "SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", $user->user_login ) ) )
+ $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->signups} SET user_email = %s WHERE user_login = %s", $_POST[ 'email' ], $user_login ) );
+
+ // WPMU must delete the user from the current blog if WP added him after editing.
+ $delete_role = false;
+ $blog_prefix = $wpdb->get_blog_prefix();
+ if ( $user_id != $current_user->ID ) {
+ $cap = $wpdb->get_var( "SELECT meta_value FROM {$wpdb->usermeta} WHERE user_id = '{$user_id}' AND meta_key = '{$blog_prefix}capabilities' AND meta_value = 'a:0:{}'" );
+ if ( null == $cap && $_POST[ 'role' ] == '' ) {
+ $_POST[ 'role' ] = 'contributor';
+ $delete_role = true;
+ }
+ }
+ if ( !isset( $errors ) || ( isset( $errors ) && is_object( $errors ) && false == $errors->get_error_codes() ) )
+ $errors = edit_user($user_id);
+ if ( $delete_role ) // stops users being added to current blog when they are edited
+ delete_user_meta( $user_id, $blog_prefix . 'capabilities' );
-$errors = edit_user($user_id);
+ if ( is_multisite() && !IS_PROFILE_PAGE && current_user_can( 'manage_network_options' ) && !isset($super_admins) && empty( $_POST['super_admin'] ) == is_super_admin( $user_id ) )
+ empty( $_POST['super_admin'] ) ? revoke_super_admin( $user_id ) : grant_super_admin( $user_id );
+}
-if( !is_wp_error( $errors ) ) {
- $redirect = ($is_profile_page? "profile.php?" : "user-edit.php?user_id=$user_id&"). "updated=true";
+if ( !is_wp_error( $errors ) ) {
+ $redirect = (IS_PROFILE_PAGE ? "profile.php?" : "user-edit.php?user_id=$user_id&"). "updated=true";
$redirect = add_query_arg('wp_http_referer', urlencode($wp_http_referer), $redirect);
wp_redirect($redirect);
exit;
@@ -127,37 +153,34 @@ default:
$profileuser = get_user_to_edit($user_id);
if ( !current_user_can('edit_user', $user_id) )
- wp_die(__('You do not have permission to edit this user.'));
+ wp_die(__('You do not have permission to edit this user.'));
include ('admin-header.php');
?>
+ID ) && current_user_can( 'manage_network_options' ) ) { ?>
+
+
-
+
-
-
-
- get_error_messages() as $message )
- echo "$message ";
- ?>
-
-
+
+
\n
", $errors->get_error_messages() ); ?>