Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
02/23/2012 06:18:39 AM (12 years ago)
Author:
johnjamesjacoby
Message:

First pass at adding user capabilities screen and action to settings component:

  • Add capabilities template
  • Unhook core spammer and deleted user actions and move to settings
  • Route admin bar links appropriately to new locations
  • Allow delete-account to be accessed by super admins in place of broken alerts
  • Improve general settings feedback
  • @todo - backpat post mortem
  • See #4038
File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/bp-settings/bp-settings-actions.php

    r5785 r5829  
    1212if ( !defined( 'ABSPATH' ) ) exit;
    1313
    14 /** General *******************************************************************/
    15 
    16 function bp_core_screen_general_settings() {
     14/**
     15 * Handles the changing and saving of user email addressos and passwords
     16 *
     17 * We do quite a bit of logic and error handling here to make sure that users
     18 * do not accidentally lock themselves out of their accounts. We also try to
     19 * provide as accurate of feedback as possible without exposing anyone else's
     20 * inforation to them.
     21 *
     22 * Special considerations are made for super admins that are able to edit any
     23 * users accounts already, without knowing their existing password.
     24 *
     25 * @global BuddyPress $bp
     26 * @return If no reason to proceed
     27 */
     28function bp_settings_action_general() {
    1729    global $bp;
    1830
     31    // Bail if not a POST action
     32    if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
     33        return;
     34
     35    // Bail if not in settings
     36    if ( ! bp_is_settings_component() || ! bp_is_current_action( 'general' ) )
     37        return;
     38
     39    // 404 if there are any additional action variables attached
    1940    if ( bp_action_variables() ) {
    2041        bp_do_404();
     
    2243    }
    2344
    24     // Setup private variables
    25     $bp_settings_updated = $pass_error = $email_error = $pwd_error = false;
     45    // Define local defaults
     46    $email_error   = false;   // invalid|blocked|taken|empty|nochange
     47    $pass_error    = false;   // invalid|mismatch|empty|nochange
     48    $pass_changed  = false;   // true if the user changes their password
     49    $feedback_type = 'error'; // success|error
     50    $feedback      = array(); // array of strings for feedback
     51
     52    /** Handle Form ***********************************************************/
    2653
    2754    if ( isset( $_POST['submit'] ) ) {
     
    3158
    3259        // Validate the user again for the current password when making a big change
    33         if ( bp_current_user_can( 'bp_moderate' ) || ( !empty( $_POST['pwd'] ) && $_POST['pwd'] != '' && wp_check_password( $_POST['pwd'], $bp->displayed_user->userdata->user_pass, bp_displayed_user_id() ) ) ) {
     60        if ( ( is_super_admin() ) || ( !empty( $_POST['pwd'] ) && wp_check_password( $_POST['pwd'], $bp->displayed_user->userdata->user_pass, bp_displayed_user_id() ) ) ) {
    3461
    3562            $update_user = get_userdata( bp_displayed_user_id() );
    3663
    37             // Make sure changing an email address does not already exist
    38             if ( $_POST['email'] != '' ) {
     64            /** Email Change Attempt ******************************************/
     65
     66            if ( !empty( $_POST['email'] ) ) {
    3967
    4068                // What is missing from the profile page vs signup - lets double check the goodies
    4169                $user_email = sanitize_email( esc_html( trim( $_POST['email'] ) ) );
    4270
    43                 // Is email valid
    44                 if ( !is_email( $user_email ) )
    45                     $email_error = true;
    46 
    47                 // Get blocked email domains
    48                 $limited_email_domains = get_site_option( 'limited_email_domains', 'buddypress' );
    49 
    50                 // If blocked email domains exist, see if this is one of them
    51                 if ( is_array( $limited_email_domains ) && empty( $limited_email_domains ) == false ) {
    52                     $emaildomain = substr( $user_email, 1 + strpos( $user_email, '@' ) );
    53 
    54                     if ( in_array( $emaildomain, (array) $limited_email_domains ) == false ) {
    55                         $email_error = true;
     71                // Skip this if no change to email
     72                if ( $bp->displayed_user->userdata->user_email != $user_email ) {
     73
     74                    // Is email valid
     75                    if ( !is_email( $user_email ) )
     76                        $email_error = 'invalid';
     77
     78                    // Get blocked email domains
     79                    $limited_email_domains = get_site_option( 'limited_email_domains', 'buddypress' );
     80
     81                    // If blocked email domains exist, see if this is one of them
     82                    if ( is_array( $limited_email_domains ) && empty( $limited_email_domains ) == false ) {
     83                        $emaildomain = substr( $user_email, 1 + strpos( $user_email, '@' ) );
     84
     85                        if ( in_array( $emaildomain, (array) $limited_email_domains ) == false ) {
     86                            $email_error = 'blocked';
     87                        }
    5688                    }
    57                 }
    58 
    59                 // No errors, and email address doesn't match
    60                 if ( ( false === $email_error ) && ( $bp->displayed_user->userdata->user_email != $user_email ) ) {
    61 
    62                     // We don't want email dupes in the system
    63                     if ( email_exists( $user_email ) )
    64                         $email_error = true;
    65 
    66                     // Set updated user email to this email address
     89
     90                    // No errors, and email address doesn't match
     91                    if ( ( false === $email_error ) && email_exists( $user_email ) ) {
     92                        $email_error = 'taken';
     93                    }
     94
     95                // No change
     96                } else {
     97                    $email_error = 'nochange';
     98                }
     99
     100                // Yay we made it!
     101                if ( false === $email_error ) {
    67102                    $update_user->user_email = $user_email;
    68103                }
    69             }
    70 
    71             // Password change
     104
     105            // Email address cannot be empty
     106            } else {
     107                $email_error = 'empty';
     108            }
     109
     110            /** Password Change Attempt ***************************************/
     111
    72112            if ( !empty( $_POST['pass1'] ) && !empty( $_POST['pass2'] ) ) {
    73113
    74114                // Password change attempt is successful
    75                 if ( $_POST['pass1'] == $_POST['pass2'] && !strpos( " " . $_POST['pass1'], "\\" ) ) {
     115                if ( ( $_POST['pass1'] == $_POST['pass2'] ) && !strpos( " " . $_POST['pass1'], "\\" ) ) {
    76116                    $update_user->user_pass = $_POST['pass1'];
     117                    $pass_changed = true;
    77118
    78119                // Password change attempt was unsuccessful
    79120                } else {
    80                     $pass_error = true;
    81                 }
     121                    $pass_error = 'mismatch';
     122                }
     123
     124            // Both password fields were empty
     125            } elseif ( empty( $_POST['pass1'] ) && empty( $_POST['pass2'] ) ) {
     126                $pass_error = 'nochange';
    82127
    83128            // One of the password boxes was left empty
    84             } else if ( ( empty( $_POST['pass1'] ) && !empty( $_POST['pass2'] ) ) || ( !empty( $_POST['pass1'] ) && empty( $_POST['pass2'] ) ) ) {
    85                 $pass_error = true;
    86 
    87             // Not a password change attempt so empty the user_pass
    88             } else {
    89                 // unset( $update_user->user_pass ); // WP_User has no __unset()
    90                 $update_user->user_pass = null;
     129            } elseif ( ( empty( $_POST['pass1'] ) && !empty( $_POST['pass2'] ) ) || ( !empty( $_POST['pass1'] ) && empty( $_POST['pass2'] ) ) ) {
     130                $pass_error = 'empty';
    91131            }
    92132
     
    95135            if ( isset( $update_user->data ) && is_object( $update_user->data ) ) {
    96136                $update_user = $update_user->data;
     137                $update_user = get_object_vars( $update_user );
     138
     139                // Unset the password field to prevent it from emptying out the
     140                // user's user_pass field in the database.
     141                // @see wp_update_user()
     142                if ( false === $pass_changed ) {
     143                    unset( $update_user['user_pass'] );
     144                }
    97145            }
    98146
    99147            // Make sure these changes are in $bp for the current page load
    100             if ( ( false === $email_error ) && ( false === $pass_error ) && ( wp_update_user( get_object_vars( $update_user ) ) ) ) {
     148            if ( ( false === $email_error ) && ( false === $pass_error ) && ( wp_update_user( $update_user ) ) ) {
    101149                $bp->displayed_user->userdata = bp_core_get_core_userdata( bp_displayed_user_id() );
    102                 $bp_settings_updated = true;
    103150            }
    104151
    105152        // Password Error
    106153        } else {
    107             $pwd_error = true;
    108         }
    109 
    110         // Add user feedback messages
    111         if ( empty( $pass_error ) && empty( $pwd_error ) && ( empty( $email_error ) ) )
    112             bp_core_add_message( __( 'Changes saved.', 'buddypress' ), 'success' );
    113 
    114         elseif ( !empty( $pass_error ) )
    115             bp_core_add_message( __( 'Your new passwords did not match.', 'buddypress' ), 'error' );
    116 
    117         elseif ( !empty( $pwd_error ) )
    118             bp_core_add_message( __( 'Your existing password is incorrect.', 'buddypress' ), 'error' );
    119 
    120         elseif ( !empty( $email_error ) )
    121             bp_core_add_message( __( 'Sorry, that email address is already used or is invalid.', 'buddypress' ), 'error' );
     154            $pass_error = 'invalid';
     155        }
     156
     157        // Email feedback
     158        switch ( $email_error ) {
     159            case 'invalid' :
     160                $feedback['email_invalid']  = __( 'That email address is invalid. Check the formatting and try again.', 'buddypress' );
     161                break;
     162            case 'blocked' :
     163                $feedback['email_blocked']  = __( 'That email address is currently unavailable for use.', 'buddypress' );
     164                break;
     165            case 'taken' :
     166                $feedback['email_taken']    = __( 'That email address is already taken.', 'buddypress' );
     167                break;
     168            case 'empty' :
     169                $feedback['email_empty']    = __( 'Email address cannot be empty.', 'buddypress' );
     170                break;
     171            case 'nochange' :
     172                $email_error = false;
     173                break;
     174        }
     175
     176        // Password feedback
     177        switch ( $pass_error ) {
     178            case 'invalid' :
     179                $feedback['pass_error']    = __( 'Your current password is invalid.', 'buddypress' );
     180                break;
     181            case 'mismatch' :
     182                $feedback['pass_mismatch'] = __( 'The new password fields did not match.', 'buddypress' );
     183                break;
     184            case 'empty' :
     185                $feedback['pass_empty']    = __( 'One of the password fields was empty.', 'buddypress' );
     186                break;
     187            case 'nochange' :
     188                $pass_error = false;
     189                break;
     190        }
     191
     192        // No errors so show a simple success message
     193        if ( ( false === $email_error ) && ( ( false == $pass_error ) && ( true === $pass_changed ) ) ) {
     194            $feedback[]    = __( 'Your settings have been saved.', 'buddypress' );
     195            $feedback_type = 'success';
     196
     197        // Some kind of errors occurred
     198        } elseif ( ( false === $email_error ) && ( ( false == $pass_error ) && ( false === $pass_changed ) ) ) {
     199            if ( bp_is_my_profile() ) {
     200                $feedback['nochange'] = __( 'No changes were made to your account.', 'buddypress' );
     201            } else {
     202                $feedback['nochange'] = __( 'No changes were made to this account.', 'buddypress' );
     203            }
     204        }
     205
     206        // Set the feedback
     207        bp_core_add_message( implode( '</p><p>', $feedback ), $feedback_type );
    122208
    123209        // Execute additional code
    124210        do_action( 'bp_core_general_settings_after_save' );
    125        
    126         bp_core_redirect( bp_displayed_user_domain() . bp_get_settings_slug() . '/general/' );
    127     }
    128 
    129     // Load the template
    130     bp_core_load_template( apply_filters( 'bp_core_screen_general_settings', 'members/single/settings/general' ) );
     211
     212        // Redirect to prevent issues with browser back button
     213        bp_core_redirect( trailingslashit( bp_displayed_user_domain() . bp_get_settings_slug() . '/general' ) );
     214    }
    131215}
    132 
    133 /** Notifications *************************************************************/
    134 
    135 function bp_core_screen_notification_settings() {
    136 
     216add_action( 'bp_actions', 'bp_settings_action_general' );
     217
     218/**
     219 * Handles the changing and saving of user notification settings
     220 *
     221 * @return If no reason to proceed
     222 */
     223function bp_settings_action_notifications() {
     224
     225    // Bail if not a POST action
     226    if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
     227        return;
     228
     229    // Bail if not in settings
     230    if ( ! bp_is_settings_component() || ! bp_is_current_action( 'notifications' ) )
     231        return false;
     232
     233    // 404 if there are any additional action variables attached
    137234    if ( bp_action_variables() ) {
    138235        bp_do_404();
     
    141238
    142239    if ( isset( $_POST['submit'] ) ) {
    143         check_admin_referer('bp_settings_notifications');
     240        check_admin_referer( 'bp_settings_notifications' );
    144241
    145242        if ( isset( $_POST['notifications'] ) ) {
    146243            foreach ( (array) $_POST['notifications'] as $key => $value ) {
    147                 if ( $meta_key = bp_get_user_meta_key( $key ) )
    148                     bp_update_user_meta( (int)bp_displayed_user_id(), $meta_key, $value );
    149             }
    150         }
    151 
    152         bp_core_add_message( __( 'Changes saved.', 'buddypress' ), 'success' );
     244                if ( $meta_key = bp_get_user_meta_key( $key ) ) {
     245                    bp_update_user_meta( (int) bp_displayed_user_id(), $meta_key, $value );
     246                }
     247            }
     248        }
     249
     250        // Switch feedback for super admins
     251        if ( bp_is_my_profile() ) {
     252            bp_core_add_message( __( 'Your notification settings have been saved.',        'buddypress' ), 'success' );
     253        } else {
     254            bp_core_add_message( __( "This user's notification settings have been saved.", 'buddypress' ), 'success' );
     255        }
    153256
    154257        do_action( 'bp_core_notification_settings_after_save' );
     
    156259        bp_core_redirect( bp_displayed_user_domain() . bp_get_settings_slug() . '/notifications/' );
    157260    }
    158 
    159     bp_core_load_template( apply_filters( 'bp_core_screen_notification_settings', 'members/single/settings/notifications' ) );
    160261}
    161 
    162 /** Delete Account ************************************************************/
    163 
    164 function bp_core_screen_delete_account() {
    165 
     262add_action( 'bp_actions', 'bp_settings_action_notifications' );
     263
     264/**
     265 * Handles the setting of user capabilities, spamming, hamming, role, etc...
     266 *
     267 * @return If no reason to proceed
     268 */
     269function bp_settings_action_capabilities() {
     270
     271    // Bail if not a POST action
     272    if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
     273        return;
     274
     275    // Bail if not in settings
     276    if ( ! bp_is_settings_component() || ! bp_is_current_action( 'capabilities' ) )
     277        return false;
     278
     279    // 404 if there are any additional action variables attached
    166280    if ( bp_action_variables() ) {
    167281        bp_do_404();
     
    169283    }
    170284
     285    if ( isset( $_POST['capabilities-submit'] ) ) {
     286
     287        // Nonce check
     288        check_admin_referer( 'capabilities' );
     289
     290        do_action( 'bp_settings_capabilities_before_save' );
     291
     292        /** Spam **************************************************************/
     293
     294        $is_spammer = !empty( $_POST['user-spammer'] ) ? true : false;
     295
     296        if ( bp_is_user_spammer( bp_displayed_user_id() ) != $is_spammer ) {
     297            $status = ( true == $is_spammer ) ? 'spam' : 'ham';
     298            bp_core_process_spammer_status( bp_displayed_user_id(), $status );
     299            do_action( 'bp_core_action_set_spammer_status', bp_displayed_user_id(), $status );
     300        }
     301
     302        /** Other *************************************************************/
     303
     304        do_action( 'bp_settings_capabilities_after_save' );
     305
     306        // Redirect to the root domain
     307        bp_core_redirect( bp_displayed_user_domain() . bp_get_settings_slug() . '/capabilities/' );
     308    }
     309}
     310add_action( 'bp_actions', 'bp_settings_action_capabilities' );
     311
     312/**
     313 * Handles the deleting of a user
     314 *
     315 * @return If no reason to proceed
     316 */
     317function bp_settings_action_delete_account() {
     318
     319    // Bail if not a POST action
     320    if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
     321        return;
     322
     323    // Bail if not in settings
     324    if ( ! bp_is_settings_component() || ! bp_is_current_action( 'delete-account' ) )
     325        return false;
     326
     327    // 404 if there are any additional action variables attached
     328    if ( bp_action_variables() ) {
     329        bp_do_404();
     330        return;
     331    }
     332
    171333    if ( isset( $_POST['delete-account-understand'] ) ) {
     334
    172335        // Nonce check
    173336        check_admin_referer( 'delete-account' );
    174337
     338        // Get username now because it might be gone soon!
     339        $username = bp_get_displayed_user_fullname();
     340
    175341        // delete the users account
    176342        if ( bp_core_delete_account( bp_displayed_user_id() ) ) {
    177             bp_core_redirect( home_url() );
    178         }
    179     }
    180 
    181     // Load the template
    182     bp_core_load_template( apply_filters( 'bp_core_screen_delete_account', 'members/single/settings/delete-account' ) );
     343
     344            // Add feedback ater deleting a user
     345            bp_core_add_message( sprintf( __( '%s was successfully deleted.', 'buddypress' ), $username ), 'success' );
     346
     347            // Redirect to the root domain
     348            bp_core_redirect( bp_get_root_domain() );
     349        }
     350    }
    183351}
     352add_action( 'bp_actions', 'bp_settings_action_delete_account' );
    184353
    185354?>
Note: See TracChangeset for help on using the changeset viewer.