Changeset 3620 for trunk/bp-core/bp-core-settings.php

Timestamp:

12/30/2010 08:30:39 PM (14 years ago)

Author:

boonebgorges

Message:

Allows super admins to edit user settings. Fixes #965. Props johnjamesjacoby and sorich87 for initial patches.

File:

• trunk/bp-core/bp-core-settings.php (modified) (15 diffs)

trunk/bp-core/bp-core-settings.php

@@ -15 +15 @@
 
     /* Add the settings navigation item */
-    bp_core_new_nav_item( array( 'name' => __('Settings', 'buddypress'), 'slug' => $bp->settings->slug, 'position' => 100, 'show_for_displayed_user' => false, 'screen_function' => 'bp_core_screen_general_settings', 'default_subnav_slug' => 'general' ) );
-
-    $settings_link = $bp->loggedin_user->domain . $bp->settings->slug . '/';
-
-    bp_core_new_subnav_item( array( 'name' => __( 'General', 'buddypress' ), 'slug' => 'general', 'parent_url' => $settings_link, 'parent_slug' => $bp->settings->slug, 'screen_function' => 'bp_core_screen_general_settings', 'position' => 10, 'user_has_access' => bp_is_my_profile() ) );
-    bp_core_new_subnav_item( array( 'name' => __( 'Notifications', 'buddypress' ), 'slug' => 'notifications', 'parent_url' => $settings_link, 'parent_slug' => $bp->settings->slug, 'screen_function' => 'bp_core_screen_notification_settings', 'position' => 20, 'user_has_access' => bp_is_my_profile() ) );
+    bp_core_new_nav_item( array( 'name' => __('Settings', 'buddypress'), 'slug' => $bp->settings->slug, 'position' => 100, 'show_for_displayed_user' => bp_core_can_edit_settings(), 'screen_function' => 'bp_core_screen_general_settings', 'default_subnav_slug' => 'general' ) );
+
+    $settings_link = $bp->displayed_user->domain . $bp->settings->slug . '/';
+
+    bp_core_new_subnav_item( array( 'name' => __( 'General', 'buddypress' ), 'slug' => 'general', 'parent_url' => $settings_link, 'parent_slug' => $bp->settings->slug, 'screen_function' => 'bp_core_screen_general_settings', 'position' => 10, 'user_has_access' => bp_core_can_edit_settings() ) );
+    bp_core_new_subnav_item( array( 'name' => __( 'Notifications', 'buddypress' ), 'slug' => 'notifications', 'parent_url' => $settings_link, 'parent_slug' => $bp->settings->slug, 'screen_function' => 'bp_core_screen_notification_settings', 'position' => 20, 'user_has_access' => bp_core_can_edit_settings() ) );
 
     if ( !is_super_admin() && empty( $bp->site_options['bp-disable-account-deletion'] ) )
@@ -29 +29 @@
 add_action( 'bp_setup_nav', 'bp_core_add_settings_nav' );
 
+function bp_core_can_edit_settings() {
+    if ( bp_is_my_profile() )
+        return true;
+    
+    if ( is_super_admin() )
+        return true;
+    
+    return false;
+}
+
 /**** GENERAL SETTINGS ****/
 
 function bp_core_screen_general_settings() {
-    global $current_user, $bp_settings_updated, $pass_error, $email_error, $pwd_error;
+    global $bp, $current_user, $bp_settings_updated, $pass_error, $email_error, $pwd_error;
 
     $bp_settings_updated = false;
@@ -47 +57 @@
 
         // Validate the user again for the current password when making a big change
-        if ( !empty( $_POST['pwd'] ) && $_POST['pwd'] != '' && wp_check_password($_POST['pwd'], $current_user->user_pass, $current_user->ID) ) {
+        if ( is_super_admin() || ( !empty( $_POST['pwd'] ) && $_POST['pwd'] != '' && wp_check_password($_POST['pwd'], $current_user->user_pass, $current_user->ID ) ) ) {
+        
+            $update_user = get_userdata( $bp->displayed_user->id );
 
             // Make sure changing an email address does not already exist
@@ -53 +65 @@
 
                 // What is missing from the profile page vs signup - lets double check the goodies
-                $user_email = sanitize_email( wp_specialchars( trim( $_POST['email'] ) ) );
+                $user_email = sanitize_email( esc_html( trim( $_POST['email'] ) ) );
 
                 if ( !is_email( $user_email ) )
@@ -65 +77 @@
                     if ( in_array( $emaildomain, (array)$limited_email_domains ) == false ) {
                         $email_error = true;
-
                     }
                 }
 
-                if ( !$email_error && $current_user->user_email != $user_email  ) {
+                if ( !$email_error && $bp->displayed_user->userdata->user_email != $user_email  ) {
 
                     //we don't want email dups in the system
@@ -75 +86 @@
                         $email_error = true;
 
-                    if (!$email_error)
-                        $current_user->user_email = $user_email;
+                    if ( !$email_error )
+                        $update_user->user_email = $user_email;
                 }
             }
@@ -82 +93 @@
             if ( $_POST['pass1'] != '' && $_POST['pass2'] != '' ) {
 
-                if ( $_POST['pass1'] == $_POST['pass2'] && !strpos( " " . $_POST['pass1'], "\\" ) )
-                    $current_user->user_pass = $_POST['pass1'];
-                else
+                if ( $_POST['pass1'] == $_POST['pass2'] && !strpos( " " . $_POST['pass1'], "\\" ) ) {
+                    $update_user->user_pass = $_POST['pass1'];
+                } else {
                     $pass_error = true;
+                }
 
             } else if ( empty( $_POST['pass1'] ) && !empty( $_POST['pass2'] ) || !empty( $_POST['pass1'] ) && empty( $_POST['pass2'] ) ) {
                 $pass_error = true;
             } else {
-                unset( $current_user->user_pass );
+                unset( $update_user->user_pass );
             }
 
-            if ( !$email_error && !$pass_error && wp_update_user( get_object_vars( $current_user ) ) )
+            if ( !$email_error && !$pass_error && wp_update_user( get_object_vars( $update_user ) ) ) {
+                // Make sure these changes are in $bp for the current page load
+                $bp->displayed_user->userdata = bp_core_get_core_userdata( $bp->displayed_user->id );
                 $bp_settings_updated = true;
+            }
 
         } else {
@@ -114 +129 @@
 
 function bp_core_screen_general_settings_content() {
-    global $bp, $current_user, $bp_settings_updated, $pass_error, $pwd_error, $email_error; ?>
+    global $bp, $bp_settings_updated, $pass_error, $pwd_error, $email_error; ?>
 
     <?php if ( $bp_settings_updated && !$pass_error ) { ?>
@@ -142 +157 @@
 
 
-    <form action="<?php echo $bp->loggedin_user->domain . BP_SETTINGS_SLUG . '/general' ?>" method="post" class="standard-form" id="settings-form">
-
-        <label for="pwd"><?php _e( 'Current Password <span>(required to update email or change current password)</span>', 'buddypress' ) ?></label>
-        <input type="password" name="pwd" id="pwd" size="16" value="" class="settings-input small" /> &nbsp;<a href="<?php echo site_url('wp-login.php?action=lostpassword', 'login') ?>" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a>
+    <form action="<?php echo $bp->displayed_user->domain . BP_SETTINGS_SLUG . '/general' ?>" method="post" class="standard-form" id="settings-form">
+
+        <?php if ( empty( $bp->loggedin_user->is_super_admin ) ) : ?>
+            <label for="pwd"><?php _e( 'Current Password <span>(required to update email or change current password)</span>', 'buddypress' ) ?></label>
+            <input type="password" name="pwd" id="pwd" size="16" value="" class="settings-input small" /> &nbsp;<a href="<?php echo site_url('wp-login.php?action=lostpassword', 'login') ?>" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a>
+        <?php endif ?>
 
         <label for="email"><?php _e( 'Account Email', 'buddypress' ) ?></label>
-        <input type="text" name="email" id="email" value="<?php echo esc_attr( $current_user->user_email ); ?>" class="settings-input" />
+        <input type="text" name="email" id="email" value="<?php echo esc_attr( $bp->displayed_user->userdata->user_email ); ?>" class="settings-input" />
 
         <label for="pass1"><?php _e( 'Change Password <span>(leave blank for no change)</span>', 'buddypress' ) ?></label>
@@ -170 +187 @@
 
 function bp_core_screen_notification_settings() {
-    global $current_user, $bp_settings_updated;
+    global $bp, $bp_settings_updated;
 
     $bp_settings_updated = false;
@@ -179 +196 @@
         if ( isset( $_POST['notifications'] ) ) {
             foreach ( (array)$_POST['notifications'] as $key => $value ) {
-                update_user_meta( (int)$current_user->id, $key, $value );
+                update_user_meta( (int)$bp->displayed_user->id, $key, $value );
             }
         }
@@ -199 +216 @@
 
 function bp_core_screen_notification_settings_content() {
-    global $bp, $current_user, $bp_settings_updated; ?>
+    global $bp, $bp_settings_updated; ?>
 
     <?php if ( $bp_settings_updated ) { ?>
@@ -207 +224 @@
     <?php } ?>
 
-    <form action="<?php echo $bp->loggedin_user->domain . BP_SETTINGS_SLUG . '/notifications' ?>" method="post" id="settings-form">
+    <form action="<?php echo $bp->displayed_user->domain . BP_SETTINGS_SLUG . '/notifications' ?>" method="post" id="settings-form">
         <p><?php _e( 'Send a notification by email when:', 'buddypress' ) ?></p>
 
@@ -227 +244 @@
 
 function bp_core_screen_delete_account() {
+    global $bp;
+    
     if ( isset( $_POST['delete-account-understand'] ) ) {
         check_admin_referer( 'delete-account' );
 
         // delete the users account
-        if ( bp_core_delete_account() )
+        if ( bp_core_delete_account( $bp->displayed_user->id ) )
             bp_core_redirect( site_url() );
     }
@@ -246 +265 @@
 
 function bp_core_screen_delete_account_content() {
-    global $bp, $current_user, $bp_settings_updated, $pass_error;   ?>
-
-    <form action="<?php echo $bp->loggedin_user->domain .  BP_SETTINGS_SLUG . '/delete-account'; ?>" name="account-delete-form" id="account-delete-form" class="standard-form" method="post">
+    global $bp, $bp_settings_updated, $pass_error;  ?>
+
+    <form action="<?php echo $bp->displayed_user->domain .  BP_SETTINGS_SLUG . '/delete-account'; ?>" name="account-delete-form" id="account-delete-form" class="standard-form" method="post">
 
         <div id="message" class="info">