Changeset 10498
- Timestamp:
- 02/03/2016 05:33:13 AM (9 years ago)
- Location:
- trunk/src/bp-settings
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/bp-settings/bp-settings-actions.php
r10479 r10498 23 23 * users accounts already, without knowing their existing password. 24 24 * 25 * @since 1.6.0 26 * 25 27 * @global BuddyPress $bp 26 28 */ 27 29 function bp_settings_action_general() { 28 30 29 // Bail if not a POST action 31 // Bail if not a POST action. 30 32 if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) ) 31 33 return; 32 34 33 // Bail if no submit action 35 // Bail if no submit action. 34 36 if ( ! isset( $_POST['submit'] ) ) 35 37 return; 36 38 37 // Bail if not in settings 39 // Bail if not in settings. 38 40 if ( ! bp_is_settings_component() || ! bp_is_current_action( 'general' ) ) 39 41 return; … … 52 54 $email_changed = false; // true if the user changes their email 53 55 $feedback_type = 'error'; // success|error 54 $feedback = array(); // array of strings for feedback 55 56 // Nonce check 56 $feedback = array(); // array of strings for feedback. 57 58 // Nonce check. 57 59 check_admin_referer('bp_settings_general'); 58 60 59 // Validate the user again for the current password when making a big change 61 // Validate the user again for the current password when making a big change. 60 62 if ( ( is_super_admin() ) || ( !empty( $_POST['pwd'] ) && wp_check_password( $_POST['pwd'], $bp->displayed_user->userdata->user_pass, bp_displayed_user_id() ) ) ) { 61 63 62 64 $update_user = get_userdata( bp_displayed_user_id() ); 63 65 64 /* *Email Change Attempt ******************************************/66 /* Email Change Attempt ******************************************/ 65 67 66 68 if ( !empty( $_POST['email'] ) ) { 67 69 68 70 // What is missing from the profile page vs signup - 69 // let's double check the goodies 71 // let's double check the goodies. 70 72 $user_email = sanitize_email( esc_html( trim( $_POST['email'] ) ) ); 71 73 $old_user_email = $bp->displayed_user->userdata->user_email; 72 74 73 // User is changing email address 75 // User is changing email address. 74 76 if ( $old_user_email != $user_email ) { 75 77 76 // Run some tests on the email address 78 // Run some tests on the email address. 77 79 $email_checks = bp_core_validate_email_address( $user_email ); 78 80 … … 91 93 } 92 94 93 // Store a hash to enable email validation 95 // Store a hash to enable email validation. 94 96 if ( false === $email_error ) { 95 97 $hash = wp_hash( $_POST['email'] ); … … 103 105 $verify_link = bp_displayed_user_domain() . bp_get_settings_slug() . '/?verify_email_change=' . $hash; 104 106 105 // Send the verification email 107 // Send the verification email. 106 108 $args = array( 107 109 'tokens' => array( … … 115 117 116 118 // We mark that the change has taken place so as to ensure a 117 // success message, even though verification is still required 119 // success message, even though verification is still required. 118 120 $_POST['email'] = $update_user->user_email; 119 121 $email_changed = true; 120 122 } 121 123 122 // No change 124 // No change. 123 125 } else { 124 126 $email_error = false; 125 127 } 126 128 127 // Email address cannot be empty 129 // Email address cannot be empty. 128 130 } else { 129 131 $email_error = 'empty'; 130 132 } 131 133 132 /* *Password Change Attempt ***************************************/134 /* Password Change Attempt ***************************************/ 133 135 134 136 if ( !empty( $_POST['pass1'] ) && !empty( $_POST['pass2'] ) ) { … … 136 138 if ( ( $_POST['pass1'] == $_POST['pass2'] ) && !strpos( " " . $_POST['pass1'], "\\" ) ) { 137 139 138 // Password change attempt is successful 140 // Password change attempt is successful. 139 141 if ( ( ! empty( $_POST['pwd'] ) && $_POST['pwd'] != $_POST['pass1'] ) || is_super_admin() ) { 140 142 $update_user->user_pass = $_POST['pass1']; 141 143 $pass_changed = true; 142 144 143 // The new password is the same as the current password 145 // The new password is the same as the current password. 144 146 } else { 145 147 $pass_error = 'same'; 146 148 } 147 149 148 // Password change attempt was unsuccessful 150 // Password change attempt was unsuccessful. 149 151 } else { 150 152 $pass_error = 'mismatch'; 151 153 } 152 154 153 // Both password fields were empty 155 // Both password fields were empty. 154 156 } elseif ( empty( $_POST['pass1'] ) && empty( $_POST['pass2'] ) ) { 155 157 $pass_error = false; 156 158 157 // One of the password boxes was left empty 159 // One of the password boxes was left empty. 158 160 } elseif ( ( empty( $_POST['pass1'] ) && !empty( $_POST['pass2'] ) ) || ( !empty( $_POST['pass1'] ) && empty( $_POST['pass2'] ) ) ) { 159 161 $pass_error = 'empty'; … … 161 163 162 164 // The structure of the $update_user object changed in WP 3.3, but 163 // wp_update_user() still expects the old format 165 // wp_update_user() still expects the old format. 164 166 if ( isset( $update_user->data ) && is_object( $update_user->data ) ) { 165 167 $update_user = $update_user->data; … … 168 170 // Unset the password field to prevent it from emptying out the 169 171 // user's user_pass field in the database. 170 // @see wp_update_user() 172 // @see wp_update_user(). 171 173 if ( false === $pass_changed ) { 172 174 unset( $update_user['user_pass'] ); … … 175 177 176 178 // Clear cached data, so that the changed settings take effect 177 // on the current page load 179 // on the current page load. 178 180 if ( ( false === $email_error ) && ( false === $pass_error ) && ( wp_update_user( $update_user ) ) ) { 179 181 wp_cache_delete( 'bp_core_userdata_' . bp_displayed_user_id(), 'bp' ); … … 181 183 } 182 184 183 // Password Error 185 // Password Error. 184 186 } else { 185 187 $pass_error = 'invalid'; 186 188 } 187 189 188 // Email feedback 190 // Email feedback. 189 191 switch ( $email_error ) { 190 192 case 'invalid' : … … 201 203 break; 202 204 case false : 203 // No change 204 break; 205 } 206 207 // Password feedback 205 // No change. 206 break; 207 } 208 209 // Password feedback. 208 210 switch ( $pass_error ) { 209 211 case 'invalid' : … … 220 222 break; 221 223 case false : 222 // No change 223 break; 224 } 225 226 // No errors so show a simple success message 224 // No change. 225 break; 226 } 227 228 // No errors so show a simple success message. 227 229 if ( ( ( false === $email_error ) || ( false == $pass_error ) ) && ( ( true === $pass_changed ) || ( true === $email_changed ) ) ) { 228 230 $feedback[] = __( 'Your settings have been saved.', 'buddypress' ); 229 231 $feedback_type = 'success'; 230 232 231 // Some kind of errors occurred 233 // Some kind of errors occurred. 232 234 } elseif ( ( ( false === $email_error ) || ( false === $pass_error ) ) && ( ( false === $pass_changed ) || ( false === $email_changed ) ) ) { 233 235 if ( bp_is_my_profile() ) { … … 238 240 } 239 241 240 // Set the feedback 242 // Set the feedback. 241 243 bp_core_add_message( implode( "\n", $feedback ), $feedback_type ); 242 244 … … 248 250 do_action( 'bp_core_general_settings_after_save' ); 249 251 250 // Redirect to prevent issues with browser back button 252 // Redirect to prevent issues with browser back button. 251 253 bp_core_redirect( trailingslashit( bp_displayed_user_domain() . bp_get_settings_slug() . '/general' ) ); 252 254 } … … 255 257 /** 256 258 * Handles the changing and saving of user notification settings. 259 * 260 * @since 1.6.0 257 261 */ 258 262 function bp_settings_action_notifications() { 259 263 260 // Bail if not a POST action 264 // Bail if not a POST action. 261 265 if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) ) 262 266 return; 263 267 264 // Bail if no submit action 268 // Bail if no submit action. 265 269 if ( ! isset( $_POST['submit'] ) ) 266 270 return; 267 271 268 // Bail if not in settings 272 // Bail if not in settings. 269 273 if ( ! bp_is_settings_component() || ! bp_is_current_action( 'notifications' ) ) 270 274 return false; … … 280 284 bp_settings_update_notification_settings( bp_displayed_user_id(), (array) $_POST['notifications'] ); 281 285 282 // Switch feedback for super admins 286 // Switch feedback for super admins. 283 287 if ( bp_is_my_profile() ) { 284 288 bp_core_add_message( __( 'Your notification settings have been saved.', 'buddypress' ), 'success' ); … … 300 304 /** 301 305 * Handles the setting of user capabilities, spamming, hamming, role, etc... 306 * 307 * @since 1.6.0 302 308 */ 303 309 function bp_settings_action_capabilities() { 304 310 305 // Bail if not a POST action 311 // Bail if not a POST action. 306 312 if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) ) 307 313 return; 308 314 309 // Bail if no submit action 315 // Bail if no submit action. 310 316 if ( ! isset( $_POST['capabilities-submit'] ) ) 311 317 return; 312 318 313 // Bail if not in settings 319 // Bail if not in settings. 314 320 if ( ! bp_is_settings_component() || ! bp_is_current_action( 'capabilities' ) ) 315 321 return false; … … 322 328 323 329 // Only super admins can currently spam users (but they can't spam 324 // themselves) 330 // themselves). 325 331 if ( ! is_super_admin() || bp_is_my_profile() ) { 326 332 return; 327 333 } 328 334 329 // Nonce check 335 // Nonce check. 330 336 check_admin_referer( 'capabilities' ); 331 337 … … 337 343 do_action( 'bp_settings_capabilities_before_save' ); 338 344 339 /* *Spam **************************************************************/345 /* Spam **************************************************************/ 340 346 341 347 $is_spammer = !empty( $_POST['user-spammer'] ) ? true : false; … … 356 362 } 357 363 358 /* *Other *************************************************************/364 /* Other *************************************************************/ 359 365 360 366 /** … … 365 371 do_action( 'bp_settings_capabilities_after_save' ); 366 372 367 // Redirect to the root domain 373 // Redirect to the root domain. 368 374 bp_core_redirect( bp_displayed_user_domain() . bp_get_settings_slug() . '/capabilities/' ); 369 375 } … … 372 378 /** 373 379 * Handles the deleting of a user. 380 * 381 * @since 1.6.0 374 382 */ 375 383 function bp_settings_action_delete_account() { 376 384 377 // Bail if not a POST action 385 // Bail if not a POST action. 378 386 if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) ) 379 387 return; 380 388 381 // Bail if no submit action 389 // Bail if no submit action. 382 390 if ( ! isset( $_POST['delete-account-understand'] ) ) 383 391 return; 384 392 385 // Bail if not in settings 393 // Bail if not in settings. 386 394 if ( ! bp_is_settings_component() || ! bp_is_current_action( 'delete-account' ) ) 387 395 return false; … … 393 401 } 394 402 395 // Bail if account deletion is disabled 403 // Bail if account deletion is disabled. 396 404 if ( bp_disable_account_deletion() && ! bp_current_user_can( 'delete_users' ) ) { 397 405 return false; 398 406 } 399 407 400 // Nonce check 408 // Nonce check. 401 409 check_admin_referer( 'delete-account' ); 402 410 … … 404 412 $username = bp_get_displayed_user_fullname(); 405 413 406 // delete the users account414 // Delete the users account. 407 415 if ( bp_core_delete_account( bp_displayed_user_id() ) ) { 408 416 409 // Add feedback after deleting a user 417 // Add feedback after deleting a user. 410 418 bp_core_add_message( sprintf( __( '%s was successfully deleted.', 'buddypress' ), $username ), 'success' ); 411 419 412 // Redirect to the root domain 420 // Redirect to the root domain. 413 421 bp_core_redirect( bp_get_root_domain() ); 414 422 } … … 432 440 $redirect_to = trailingslashit( bp_displayed_user_domain() . bp_get_settings_slug() ); 433 441 434 // Email change is being verified 442 // Email change is being verified. 435 443 if ( isset( $_GET['verify_email_change'] ) ) { 436 444 $pending_email = bp_get_user_meta( bp_displayed_user_id(), 'pending_email_change', true ); 437 445 438 // Bail if the hash provided doesn't match the one saved in the database 446 // Bail if the hash provided doesn't match the one saved in the database. 439 447 if ( urldecode( $_GET['verify_email_change'] ) !== $pending_email['hash'] ) { 440 448 return; … … 447 455 448 456 if ( $email_changed ) { 449 // Delete object cache for displayed user 457 // Delete object cache for displayed user. 450 458 wp_cache_delete( 'bp_core_userdata_' . bp_displayed_user_id(), 'bp' ); 451 459 452 // Delete the pending email change key 460 // Delete the pending email change key. 453 461 bp_delete_user_meta( bp_displayed_user_id(), 'pending_email_change' ); 454 462 455 // Post a success message and redirect 463 // Post a success message and redirect. 456 464 bp_core_add_message( __( 'You have successfully verified your new email address.', 'buddypress' ) ); 457 465 } else { 458 // Unknown error 466 // Unknown error. 459 467 bp_core_add_message( __( 'There was a problem verifying your new email address. Please try again.', 'buddypress' ), 'error' ); 460 468 } … … 463 471 die(); 464 472 465 // Email change is being dismissed 473 // Email change is being dismissed. 466 474 } elseif ( ! empty( $_GET['dismiss_email_change'] ) ) { 467 475 bp_delete_user_meta( bp_displayed_user_id(), 'pending_email_change' ); -
trunk/src/bp-settings/bp-settings-loader.php
r10417 r10498 11 11 defined( 'ABSPATH' ) || exit; 12 12 13 /** 14 * Creates our Settings component. 15 * 16 * @since 1.5.0 17 */ 13 18 class BP_Settings_Component extends BP_Component { 14 19 … … 32 37 * Include files. 33 38 * 39 * @since 1.5.0 40 * 34 41 * @param array $includes Array of values to include. Not used. 35 42 */ … … 49 56 * backwards compatibility. 50 57 * 58 * @since 1.5.0 59 * 51 60 * @param array $args Array of arguments. 52 *53 * @since 1.5.054 61 */ 55 62 public function setup_globals( $args = array() ) { 56 63 57 // Define a slug, if necessary 64 // Define a slug, if necessary. 58 65 if ( ! defined( 'BP_SETTINGS_SLUG' ) ) { 59 66 define( 'BP_SETTINGS_SLUG', $this->id ); … … 70 77 * Set up navigation. 71 78 * 79 * @since 1.5.0 80 * 72 81 * @param array $main_nav Array of main nav items. 73 82 * @param array $sub_nav Array of sub nav items. … … 75 84 public function setup_nav( $main_nav = array(), $sub_nav = array() ) { 76 85 77 // Determine user to use 86 // Determine user to use. 78 87 if ( bp_displayed_user_domain() ) { 79 88 $user_domain = bp_displayed_user_domain(); … … 88 97 $settings_link = trailingslashit( $user_domain . $slug ); 89 98 90 // Add the settings navigation item 99 // Add the settings navigation item. 91 100 $main_nav = array( 92 101 'name' => __( 'Settings', 'buddypress' ), … … 98 107 ); 99 108 100 // Add General Settings nav item 109 // Add General Settings nav item. 101 110 $sub_nav[] = array( 102 111 'name' => __( 'General', 'buddypress' ), … … 110 119 111 120 // Add Email nav item. Formerly called 'Notifications', we 112 // retain the old slug and function names for backward compat 121 // retain the old slug and function names for backward compat. 113 122 $sub_nav[] = array( 114 123 'name' => __( 'Email', 'buddypress' ), … … 121 130 ); 122 131 123 // Add Spam Account nav item 132 // Add Spam Account nav item. 124 133 if ( bp_current_user_can( 'bp_moderate' ) ) { 125 134 $sub_nav[] = array( … … 134 143 } 135 144 136 // Add Delete Account nav item 145 // Add Delete Account nav item. 137 146 if ( ( ! bp_disable_account_deletion() && bp_is_my_profile() ) || bp_current_user_can( 'delete_users' ) ) { 138 147 $sub_nav[] = array( … … 153 162 * Set up the Toolbar. 154 163 * 164 * @since 1.5.0 165 * 155 166 * @param array $wp_admin_nav Array of Admin Bar items. 156 167 */ 157 168 public function setup_admin_bar( $wp_admin_nav = array() ) { 158 169 159 // Menus for logged in user 170 // Menus for logged in user. 160 171 if ( is_user_logged_in() ) { 161 172 162 // Setup the logged in user variables 173 // Setup the logged in user variables. 163 174 $settings_link = trailingslashit( bp_loggedin_user_domain() . bp_get_settings_slug() ); 164 175 165 // Add main Settings menu 176 // Add main Settings menu. 166 177 $wp_admin_nav[] = array( 167 178 'parent' => buddypress()->my_account_menu_id, … … 171 182 ); 172 183 173 // General Account 184 // General Account. 174 185 $wp_admin_nav[] = array( 175 186 'parent' => 'my-account-' . $this->id, … … 189 200 } 190 201 191 // Delete Account 202 // Delete Account. 192 203 if ( !bp_current_user_can( 'bp_moderate' ) && ! bp_core_get_root_option( 'bp-disable-account-deletion' ) ) { 193 204 $wp_admin_nav[] = array( … … 204 215 } 205 216 217 /** 218 * Instantiates the settings component. 219 * 220 * @since 1.6.0 221 */ 206 222 function bp_setup_settings() { 207 223 buddypress()->settings = new BP_Settings_Component();
Note: See TracChangeset
for help on using the changeset viewer.