X-Git-Url: https://scripts.mit.edu/gitweb/autoinstallsdev/wordpress.git/blobdiff_plain/177fd6fefd2e3d5a0ea6591c71d660cabdb3c1a4..99a64b9fd0d5ebb21c33c3a0b5865e9c412b430c:/wp-admin/user-edit.php
diff --git a/wp-admin/user-edit.php b/wp-admin/user-edit.php
index 9c298dda..6334ed81 100644
--- a/wp-admin/user-edit.php
+++ b/wp-admin/user-edit.php
@@ -1,95 +1,99 @@
-
-ID;
+elseif ( ! $user_id && ! IS_PROFILE_PAGE )
+ wp_die(__( 'Invalid user ID.' ) );
+elseif ( ! get_userdata( $user_id ) )
+ wp_die( __('Invalid user ID.') );
-if ( $is_profile_page ) {
- add_action('admin_head', 'profile_js');
- wp_enqueue_script('jquery');
- wp_enqueue_script('password-strength-meter');
-}
+wp_enqueue_script('user-profile');
-$title = $is_profile_page? __('Profile') : __('Edit User');
-if ( current_user_can('edit_users') && !$is_profile_page )
+$title = IS_PROFILE_PAGE ? __('Profile') : __('Edit User');
+if ( current_user_can('edit_users') && !IS_PROFILE_PAGE )
$submenu_file = 'users.php';
else
$submenu_file = 'profile.php';
-$parent_file = 'users.php';
-wp_reset_vars(array('action', 'redirect', 'profile', 'user_id', 'wp_http_referer'));
+if ( current_user_can('edit_users') && !is_user_admin() )
+ $parent_file = 'users.php';
+else
+ $parent_file = 'profile.php';
-$wp_http_referer = remove_query_arg(array('update', 'delete_count'), stripslashes($wp_http_referer));
+// contextual help - choose Help on the top right of admin panel to preview this.
+add_contextual_help($current_screen,
+ '
' . __('Your profile contains information about you (your “account”) as well as some personal options related to using WordPress.') . '
' .
+ '' . __('You can change your password, turn on keyboard shortcuts, change the color scheme of your WordPress administration screens, and turn off the WYSIWYG (Visual) editor, among other things.') . '
' .
+ '' . __('Your username cannot be changed, but you can use other fields to enter your real name or a nickname, and change which name to display on your posts.') . '
' .
+ '' . __('Required fields are indicated; the rest are optional. Profile information will only be displayed if your theme is set up to do so.') . '
' .
+ '' . __('Remember to click the Update Profile button when you are finished.') . '
' .
+ '' . __('For more information:') . '
' .
+ '' . __('Documentation on User Profiles ') . '
' .
+ '' . __('Support Forums ') . '
'
+);
-$user_id = (int) $user_id;
-if ( !$user_id )
- if ( $is_profile_page ) {
- $current_user = wp_get_current_user();
- $user_id = $current_user->ID;
- } else {
- wp_die(__('Invalid user ID.'));
- }
+$wp_http_referer = remove_query_arg(array('update', 'delete_count'), stripslashes($wp_http_referer));
-switch ($action) {
-case 'switchposts':
+$user_can_edit = current_user_can( 'edit_posts' ) || current_user_can( 'edit_pages' );
-check_admin_referer();
+/**
+ * Optional SSL preference that can be turned on by hooking to the 'personal_options' action.
+ *
+ * @since 2.7.0
+ *
+ * @param object $user User data object
+ */
+function use_ssl_preference($user) {
+?>
+
+
+ use_ssl); ?> />
+
+ID && ! apply_filters( 'enable_edit_any_user_configuration', true ) )
+ wp_die( __( 'You do not have permission to edit this user.' ) );
+
+// Execute confirmed email change. See send_confirmation_on_profile_email().
+if ( is_multisite() && IS_PROFILE_PAGE && isset( $_GET[ 'newuseremail' ] ) && $current_user->ID ) {
+ $new_email = get_option( $current_user->ID . '_new_email' );
+ if ( $new_email[ 'hash' ] == $_GET[ 'newuseremail' ] ) {
+ $user->ID = $current_user->ID;
+ $user->user_email = esc_html( trim( $new_email[ 'newemail' ] ) );
+ if ( $wpdb->get_var( $wpdb->prepare( "SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", $current_user->user_login ) ) )
+ $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->signups} SET user_email = %s WHERE user_login = %s", $user->user_email, $current_user->user_login ) );
+ wp_update_user( get_object_vars( $user ) );
+ delete_option( $current_user->ID . '_new_email' );
+ wp_redirect( add_query_arg( array('updated' => 'true'), self_admin_url( 'profile.php' ) ) );
+ die();
+ }
+} elseif ( is_multisite() && IS_PROFILE_PAGE && !empty( $_GET['dismiss'] ) && $current_user->ID . '_new_email' == $_GET['dismiss'] ) {
+ delete_option( $current_user->ID . '_new_email' );
+ wp_redirect( add_query_arg( array('updated' => 'true'), self_admin_url( 'profile.php' ) ) );
+ die();
+}
+switch ($action) {
case 'update':
check_admin_referer('update-user_' . $user_id);
@@ -97,15 +101,43 @@ check_admin_referer('update-user_' . $user_id);
if ( !current_user_can('edit_user', $user_id) )
wp_die(__('You do not have permission to edit this user.'));
-if ( $is_profile_page ) {
- do_action('personal_options_update');
-}
+if ( IS_PROFILE_PAGE )
+ do_action('personal_options_update', $user_id);
+else
+ do_action('edit_user_profile_update', $user_id);
+
+if ( !is_multisite() ) {
+ $errors = edit_user($user_id);
+} else {
+ $user = get_userdata( $user_id );
+
+ // Update the email address in signups, if present.
+ if ( $user->user_login && isset( $_POST[ 'email' ] ) && is_email( $_POST[ 'email' ] ) && $wpdb->get_var( $wpdb->prepare( "SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", $user->user_login ) ) )
+ $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->signups} SET user_email = %s WHERE user_login = %s", $_POST[ 'email' ], $user_login ) );
+
+ // WPMU must delete the user from the current blog if WP added him after editing.
+ $delete_role = false;
+ $blog_prefix = $wpdb->get_blog_prefix();
+ if ( $user_id != $current_user->ID ) {
+ $cap = $wpdb->get_var( "SELECT meta_value FROM {$wpdb->usermeta} WHERE user_id = '{$user_id}' AND meta_key = '{$blog_prefix}capabilities' AND meta_value = 'a:0:{}'" );
+ if ( !is_network_admin() && null == $cap && $_POST[ 'role' ] == '' ) {
+ $_POST[ 'role' ] = 'contributor';
+ $delete_role = true;
+ }
+ }
+ if ( !isset( $errors ) || ( isset( $errors ) && is_object( $errors ) && false == $errors->get_error_codes() ) )
+ $errors = edit_user($user_id);
+ if ( $delete_role ) // stops users being added to current blog when they are edited
+ delete_user_meta( $user_id, $blog_prefix . 'capabilities' );
-$errors = edit_user($user_id);
+ if ( is_multisite() && is_network_admin() && !IS_PROFILE_PAGE && current_user_can( 'manage_network_options' ) && !isset($super_admins) && empty( $_POST['super_admin'] ) == is_super_admin( $user_id ) )
+ empty( $_POST['super_admin'] ) ? revoke_super_admin( $user_id ) : grant_super_admin( $user_id );
+}
-if( !is_wp_error( $errors ) ) {
- $redirect = ($is_profile_page? "profile.php?" : "user-edit.php?user_id=$user_id&"). "updated=true";
- $redirect = add_query_arg('wp_http_referer', urlencode($wp_http_referer), $redirect);
+if ( !is_wp_error( $errors ) ) {
+ $redirect = (IS_PROFILE_PAGE ? "profile.php?" : "user-edit.php?user_id=$user_id&"). "updated=true";
+ if ( $wp_http_referer )
+ $redirect = add_query_arg('wp_http_referer', urlencode($wp_http_referer), $redirect);
wp_redirect($redirect);
exit;
}
@@ -114,37 +146,44 @@ default:
$profileuser = get_user_to_edit($user_id);
if ( !current_user_can('edit_user', $user_id) )
- wp_die(__('You do not have permission to edit this user.'));
+ wp_die(__('You do not have permission to edit this user.'));
-include ('admin-header.php');
+include (ABSPATH . 'wp-admin/admin-header.php');
?>
+ID ) && current_user_can( 'manage_network_options' ) ) { ?>
+
+
-
+
-
-
-
- get_error_messages() as $message )
- echo "$message ";
- ?>
-
-
+
+
\n
", $errors->get_error_messages() ); ?>