Changeset 5829 for trunk/bp-settings/bp-settings-actions.php
- Timestamp:
- 02/23/2012 06:18:39 AM (13 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/bp-settings/bp-settings-actions.php
r5785 r5829 12 12 if ( !defined( 'ABSPATH' ) ) exit; 13 13 14 /** General *******************************************************************/ 15 16 function bp_core_screen_general_settings() { 14 /** 15 * Handles the changing and saving of user email addressos and passwords 16 * 17 * We do quite a bit of logic and error handling here to make sure that users 18 * do not accidentally lock themselves out of their accounts. We also try to 19 * provide as accurate of feedback as possible without exposing anyone else's 20 * inforation to them. 21 * 22 * Special considerations are made for super admins that are able to edit any 23 * users accounts already, without knowing their existing password. 24 * 25 * @global BuddyPress $bp 26 * @return If no reason to proceed 27 */ 28 function bp_settings_action_general() { 17 29 global $bp; 18 30 31 // Bail if not a POST action 32 if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) ) 33 return; 34 35 // Bail if not in settings 36 if ( ! bp_is_settings_component() || ! bp_is_current_action( 'general' ) ) 37 return; 38 39 // 404 if there are any additional action variables attached 19 40 if ( bp_action_variables() ) { 20 41 bp_do_404(); … … 22 43 } 23 44 24 // Setup private variables 25 $bp_settings_updated = $pass_error = $email_error = $pwd_error = false; 45 // Define local defaults 46 $email_error = false; // invalid|blocked|taken|empty|nochange 47 $pass_error = false; // invalid|mismatch|empty|nochange 48 $pass_changed = false; // true if the user changes their password 49 $feedback_type = 'error'; // success|error 50 $feedback = array(); // array of strings for feedback 51 52 /** Handle Form ***********************************************************/ 26 53 27 54 if ( isset( $_POST['submit'] ) ) { … … 31 58 32 59 // Validate the user again for the current password when making a big change 33 if ( bp_current_user_can( 'bp_moderate' ) || ( !empty( $_POST['pwd'] ) && $_POST['pwd'] != ''&& wp_check_password( $_POST['pwd'], $bp->displayed_user->userdata->user_pass, bp_displayed_user_id() ) ) ) {60 if ( ( is_super_admin() ) || ( !empty( $_POST['pwd'] ) && wp_check_password( $_POST['pwd'], $bp->displayed_user->userdata->user_pass, bp_displayed_user_id() ) ) ) { 34 61 35 62 $update_user = get_userdata( bp_displayed_user_id() ); 36 63 37 // Make sure changing an email address does not already exist 38 if ( $_POST['email'] != '' ) { 64 /** Email Change Attempt ******************************************/ 65 66 if ( !empty( $_POST['email'] ) ) { 39 67 40 68 // What is missing from the profile page vs signup - lets double check the goodies 41 69 $user_email = sanitize_email( esc_html( trim( $_POST['email'] ) ) ); 42 70 43 // Is email valid 44 if ( !is_email( $user_email ) ) 45 $email_error = true; 46 47 // Get blocked email domains 48 $limited_email_domains = get_site_option( 'limited_email_domains', 'buddypress' ); 49 50 // If blocked email domains exist, see if this is one of them 51 if ( is_array( $limited_email_domains ) && empty( $limited_email_domains ) == false ) { 52 $emaildomain = substr( $user_email, 1 + strpos( $user_email, '@' ) ); 53 54 if ( in_array( $emaildomain, (array) $limited_email_domains ) == false ) { 55 $email_error = true; 71 // Skip this if no change to email 72 if ( $bp->displayed_user->userdata->user_email != $user_email ) { 73 74 // Is email valid 75 if ( !is_email( $user_email ) ) 76 $email_error = 'invalid'; 77 78 // Get blocked email domains 79 $limited_email_domains = get_site_option( 'limited_email_domains', 'buddypress' ); 80 81 // If blocked email domains exist, see if this is one of them 82 if ( is_array( $limited_email_domains ) && empty( $limited_email_domains ) == false ) { 83 $emaildomain = substr( $user_email, 1 + strpos( $user_email, '@' ) ); 84 85 if ( in_array( $emaildomain, (array) $limited_email_domains ) == false ) { 86 $email_error = 'blocked'; 87 } 56 88 } 57 } 58 59 // No errors, and email address doesn't match 60 if ( ( false === $email_error ) && ( $bp->displayed_user->userdata->user_email != $user_email ) ) { 61 62 // We don't want email dupes in the system 63 if ( email_exists( $user_email ) ) 64 $email_error = true; 65 66 // Set updated user email to this email address 89 90 // No errors, and email address doesn't match 91 if ( ( false === $email_error ) && email_exists( $user_email ) ) { 92 $email_error = 'taken'; 93 } 94 95 // No change 96 } else { 97 $email_error = 'nochange'; 98 } 99 100 // Yay we made it! 101 if ( false === $email_error ) { 67 102 $update_user->user_email = $user_email; 68 103 } 69 } 70 71 // Password change 104 105 // Email address cannot be empty 106 } else { 107 $email_error = 'empty'; 108 } 109 110 /** Password Change Attempt ***************************************/ 111 72 112 if ( !empty( $_POST['pass1'] ) && !empty( $_POST['pass2'] ) ) { 73 113 74 114 // Password change attempt is successful 75 if ( $_POST['pass1'] == $_POST['pass2']&& !strpos( " " . $_POST['pass1'], "\\" ) ) {115 if ( ( $_POST['pass1'] == $_POST['pass2'] ) && !strpos( " " . $_POST['pass1'], "\\" ) ) { 76 116 $update_user->user_pass = $_POST['pass1']; 117 $pass_changed = true; 77 118 78 119 // Password change attempt was unsuccessful 79 120 } else { 80 $pass_error = true; 81 } 121 $pass_error = 'mismatch'; 122 } 123 124 // Both password fields were empty 125 } elseif ( empty( $_POST['pass1'] ) && empty( $_POST['pass2'] ) ) { 126 $pass_error = 'nochange'; 82 127 83 128 // One of the password boxes was left empty 84 } else if ( ( empty( $_POST['pass1'] ) && !empty( $_POST['pass2'] ) ) || ( !empty( $_POST['pass1'] ) && empty( $_POST['pass2'] ) ) ) { 85 $pass_error = true; 86 87 // Not a password change attempt so empty the user_pass 88 } else { 89 // unset( $update_user->user_pass ); // WP_User has no __unset() 90 $update_user->user_pass = null; 129 } elseif ( ( empty( $_POST['pass1'] ) && !empty( $_POST['pass2'] ) ) || ( !empty( $_POST['pass1'] ) && empty( $_POST['pass2'] ) ) ) { 130 $pass_error = 'empty'; 91 131 } 92 132 … … 95 135 if ( isset( $update_user->data ) && is_object( $update_user->data ) ) { 96 136 $update_user = $update_user->data; 137 $update_user = get_object_vars( $update_user ); 138 139 // Unset the password field to prevent it from emptying out the 140 // user's user_pass field in the database. 141 // @see wp_update_user() 142 if ( false === $pass_changed ) { 143 unset( $update_user['user_pass'] ); 144 } 97 145 } 98 146 99 147 // Make sure these changes are in $bp for the current page load 100 if ( ( false === $email_error ) && ( false === $pass_error ) && ( wp_update_user( get_object_vars( $update_user )) ) ) {148 if ( ( false === $email_error ) && ( false === $pass_error ) && ( wp_update_user( $update_user ) ) ) { 101 149 $bp->displayed_user->userdata = bp_core_get_core_userdata( bp_displayed_user_id() ); 102 $bp_settings_updated = true;103 150 } 104 151 105 152 // Password Error 106 153 } else { 107 $pwd_error = true; 108 } 109 110 // Add user feedback messages 111 if ( empty( $pass_error ) && empty( $pwd_error ) && ( empty( $email_error ) ) ) 112 bp_core_add_message( __( 'Changes saved.', 'buddypress' ), 'success' ); 113 114 elseif ( !empty( $pass_error ) ) 115 bp_core_add_message( __( 'Your new passwords did not match.', 'buddypress' ), 'error' ); 116 117 elseif ( !empty( $pwd_error ) ) 118 bp_core_add_message( __( 'Your existing password is incorrect.', 'buddypress' ), 'error' ); 119 120 elseif ( !empty( $email_error ) ) 121 bp_core_add_message( __( 'Sorry, that email address is already used or is invalid.', 'buddypress' ), 'error' ); 154 $pass_error = 'invalid'; 155 } 156 157 // Email feedback 158 switch ( $email_error ) { 159 case 'invalid' : 160 $feedback['email_invalid'] = __( 'That email address is invalid. Check the formatting and try again.', 'buddypress' ); 161 break; 162 case 'blocked' : 163 $feedback['email_blocked'] = __( 'That email address is currently unavailable for use.', 'buddypress' ); 164 break; 165 case 'taken' : 166 $feedback['email_taken'] = __( 'That email address is already taken.', 'buddypress' ); 167 break; 168 case 'empty' : 169 $feedback['email_empty'] = __( 'Email address cannot be empty.', 'buddypress' ); 170 break; 171 case 'nochange' : 172 $email_error = false; 173 break; 174 } 175 176 // Password feedback 177 switch ( $pass_error ) { 178 case 'invalid' : 179 $feedback['pass_error'] = __( 'Your current password is invalid.', 'buddypress' ); 180 break; 181 case 'mismatch' : 182 $feedback['pass_mismatch'] = __( 'The new password fields did not match.', 'buddypress' ); 183 break; 184 case 'empty' : 185 $feedback['pass_empty'] = __( 'One of the password fields was empty.', 'buddypress' ); 186 break; 187 case 'nochange' : 188 $pass_error = false; 189 break; 190 } 191 192 // No errors so show a simple success message 193 if ( ( false === $email_error ) && ( ( false == $pass_error ) && ( true === $pass_changed ) ) ) { 194 $feedback[] = __( 'Your settings have been saved.', 'buddypress' ); 195 $feedback_type = 'success'; 196 197 // Some kind of errors occurred 198 } elseif ( ( false === $email_error ) && ( ( false == $pass_error ) && ( false === $pass_changed ) ) ) { 199 if ( bp_is_my_profile() ) { 200 $feedback['nochange'] = __( 'No changes were made to your account.', 'buddypress' ); 201 } else { 202 $feedback['nochange'] = __( 'No changes were made to this account.', 'buddypress' ); 203 } 204 } 205 206 // Set the feedback 207 bp_core_add_message( implode( '</p><p>', $feedback ), $feedback_type ); 122 208 123 209 // Execute additional code 124 210 do_action( 'bp_core_general_settings_after_save' ); 125 126 bp_core_redirect( bp_displayed_user_domain() . bp_get_settings_slug() . '/general/' ); 127 } 128 129 // Load the template 130 bp_core_load_template( apply_filters( 'bp_core_screen_general_settings', 'members/single/settings/general' ) ); 211 212 // Redirect to prevent issues with browser back button 213 bp_core_redirect( trailingslashit( bp_displayed_user_domain() . bp_get_settings_slug() . '/general' ) ); 214 } 131 215 } 132 133 /** Notifications *************************************************************/ 134 135 function bp_core_screen_notification_settings() { 136 216 add_action( 'bp_actions', 'bp_settings_action_general' ); 217 218 /** 219 * Handles the changing and saving of user notification settings 220 * 221 * @return If no reason to proceed 222 */ 223 function bp_settings_action_notifications() { 224 225 // Bail if not a POST action 226 if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) ) 227 return; 228 229 // Bail if not in settings 230 if ( ! bp_is_settings_component() || ! bp_is_current_action( 'notifications' ) ) 231 return false; 232 233 // 404 if there are any additional action variables attached 137 234 if ( bp_action_variables() ) { 138 235 bp_do_404(); … … 141 238 142 239 if ( isset( $_POST['submit'] ) ) { 143 check_admin_referer( 'bp_settings_notifications');240 check_admin_referer( 'bp_settings_notifications' ); 144 241 145 242 if ( isset( $_POST['notifications'] ) ) { 146 243 foreach ( (array) $_POST['notifications'] as $key => $value ) { 147 if ( $meta_key = bp_get_user_meta_key( $key ) ) 148 bp_update_user_meta( (int)bp_displayed_user_id(), $meta_key, $value ); 149 } 150 } 151 152 bp_core_add_message( __( 'Changes saved.', 'buddypress' ), 'success' ); 244 if ( $meta_key = bp_get_user_meta_key( $key ) ) { 245 bp_update_user_meta( (int) bp_displayed_user_id(), $meta_key, $value ); 246 } 247 } 248 } 249 250 // Switch feedback for super admins 251 if ( bp_is_my_profile() ) { 252 bp_core_add_message( __( 'Your notification settings have been saved.', 'buddypress' ), 'success' ); 253 } else { 254 bp_core_add_message( __( "This user's notification settings have been saved.", 'buddypress' ), 'success' ); 255 } 153 256 154 257 do_action( 'bp_core_notification_settings_after_save' ); … … 156 259 bp_core_redirect( bp_displayed_user_domain() . bp_get_settings_slug() . '/notifications/' ); 157 260 } 158 159 bp_core_load_template( apply_filters( 'bp_core_screen_notification_settings', 'members/single/settings/notifications' ) );160 261 } 161 162 /** Delete Account ************************************************************/ 163 164 function bp_core_screen_delete_account() { 165 262 add_action( 'bp_actions', 'bp_settings_action_notifications' ); 263 264 /** 265 * Handles the setting of user capabilities, spamming, hamming, role, etc... 266 * 267 * @return If no reason to proceed 268 */ 269 function bp_settings_action_capabilities() { 270 271 // Bail if not a POST action 272 if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) ) 273 return; 274 275 // Bail if not in settings 276 if ( ! bp_is_settings_component() || ! bp_is_current_action( 'capabilities' ) ) 277 return false; 278 279 // 404 if there are any additional action variables attached 166 280 if ( bp_action_variables() ) { 167 281 bp_do_404(); … … 169 283 } 170 284 285 if ( isset( $_POST['capabilities-submit'] ) ) { 286 287 // Nonce check 288 check_admin_referer( 'capabilities' ); 289 290 do_action( 'bp_settings_capabilities_before_save' ); 291 292 /** Spam **************************************************************/ 293 294 $is_spammer = !empty( $_POST['user-spammer'] ) ? true : false; 295 296 if ( bp_is_user_spammer( bp_displayed_user_id() ) != $is_spammer ) { 297 $status = ( true == $is_spammer ) ? 'spam' : 'ham'; 298 bp_core_process_spammer_status( bp_displayed_user_id(), $status ); 299 do_action( 'bp_core_action_set_spammer_status', bp_displayed_user_id(), $status ); 300 } 301 302 /** Other *************************************************************/ 303 304 do_action( 'bp_settings_capabilities_after_save' ); 305 306 // Redirect to the root domain 307 bp_core_redirect( bp_displayed_user_domain() . bp_get_settings_slug() . '/capabilities/' ); 308 } 309 } 310 add_action( 'bp_actions', 'bp_settings_action_capabilities' ); 311 312 /** 313 * Handles the deleting of a user 314 * 315 * @return If no reason to proceed 316 */ 317 function bp_settings_action_delete_account() { 318 319 // Bail if not a POST action 320 if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) ) 321 return; 322 323 // Bail if not in settings 324 if ( ! bp_is_settings_component() || ! bp_is_current_action( 'delete-account' ) ) 325 return false; 326 327 // 404 if there are any additional action variables attached 328 if ( bp_action_variables() ) { 329 bp_do_404(); 330 return; 331 } 332 171 333 if ( isset( $_POST['delete-account-understand'] ) ) { 334 172 335 // Nonce check 173 336 check_admin_referer( 'delete-account' ); 174 337 338 // Get username now because it might be gone soon! 339 $username = bp_get_displayed_user_fullname(); 340 175 341 // delete the users account 176 342 if ( bp_core_delete_account( bp_displayed_user_id() ) ) { 177 bp_core_redirect( home_url() ); 178 } 179 } 180 181 // Load the template 182 bp_core_load_template( apply_filters( 'bp_core_screen_delete_account', 'members/single/settings/delete-account' ) ); 343 344 // Add feedback ater deleting a user 345 bp_core_add_message( sprintf( __( '%s was successfully deleted.', 'buddypress' ), $username ), 'success' ); 346 347 // Redirect to the root domain 348 bp_core_redirect( bp_get_root_domain() ); 349 } 350 } 183 351 } 352 add_action( 'bp_actions', 'bp_settings_action_delete_account' ); 184 353 185 354 ?>
Note: See TracChangeset
for help on using the changeset viewer.