Skip to:
Content

BuddyPress.org

Changeset 5831


Ignore:
Timestamp:
02/23/2012 07:19:16 AM (12 years ago)
Author:
johnjamesjacoby
Message:

Backport general settings screen code from trunk to 1.5 branch:

  • Fixes all possible ways settings can be saved or not saved
  • Skips current password check UI for super admins
  • Fixes #4010 again
Location:
branches/1.5
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/1.5/bp-settings/bp-settings-actions.php

    r5786 r5831  
    55/** General *******************************************************************/
    66
     7/**
     8 * Handles the changing and saving of user email addressos and passwords
     9 *
     10 * We do quite a bit of logic and error handling here to make sure that users
     11 * do not accidentally lock themselves out of their accounts. We also try to
     12 * provide as accurate of feedback as possible without exposing anyone else's
     13 * inforation to them.
     14 *
     15 * Special considerations are made for super admins that are able to edit any
     16 * users accounts already, without knowing their existing password.
     17 *
     18 * @global BuddyPress $bp
     19 * @return If no reason to proceed
     20 */
    721function bp_core_screen_general_settings() {
    822    global $bp;
    923
     24    // 404 if there are any additional action variables attached
    1025    if ( bp_action_variables() ) {
    1126        bp_do_404();
     
    1328    }
    1429
    15     // Setup private variables
    16     $bp_settings_updated = $pass_error = $email_error = $pwd_error = false;
    17 
    18     if ( isset( $_POST['submit'] ) ) {
     30    /** Handle Form ***********************************************************/
     31
     32    if ( 'POST' === strtoupper( $_SERVER['REQUEST_METHOD'] ) ) {
     33
     34        // Bail if not in settings
     35        if ( ! bp_is_settings_component() || ! bp_is_current_action( 'general' ) )
     36            return;
     37
     38        // Define local defaults
     39        $email_error   = false;   // invalid|blocked|taken|empty|false
     40        $pass_error    = false;   // invalid|mismatch|empty|false
     41        $pass_changed  = false;   // true if the user changes their password
     42        $email_changed = false;   // true if the user changes their email
     43        $feedback_type = 'error'; // success|error
     44        $feedback      = array(); // array of strings for feedback
    1945
    2046        // Nonce check
     
    2248
    2349        // Validate the user again for the current password when making a big change
    24         if ( is_super_admin() || ( !empty( $_POST['pwd'] ) && $_POST['pwd'] != '' && wp_check_password( $_POST['pwd'], $bp->displayed_user->userdata->user_pass, $bp->displayed_user->id ) ) ) {
    25 
    26             $update_user = get_userdata( $bp->displayed_user->id );
    27            
     50        if ( ( is_super_admin() ) || ( !empty( $_POST['pwd'] ) && wp_check_password( $_POST['pwd'], $bp->displayed_user->userdata->user_pass, bp_displayed_user_id() ) ) ) {
     51
     52            $update_user = get_userdata( bp_displayed_user_id() );
     53
     54            /** Email Change Attempt ******************************************/
     55
     56            if ( !empty( $_POST['email'] ) ) {
     57
     58                // What is missing from the profile page vs signup - lets double check the goodies
     59                $user_email = sanitize_email( esc_html( trim( $_POST['email'] ) ) );
     60
     61                // User is changing email address
     62                if ( $bp->displayed_user->userdata->user_email != $user_email ) {
     63
     64                    // Is email valid
     65                    if ( !is_email( $user_email ) )
     66                        $email_error = 'invalid';
     67
     68                    // Get blocked email domains
     69                    $limited_email_domains = get_site_option( 'limited_email_domains', 'buddypress' );
     70
     71                    // If blocked email domains exist, see if this is one of them
     72                    if ( is_array( $limited_email_domains ) && empty( $limited_email_domains ) == false ) {
     73                        $emaildomain = substr( $user_email, 1 + strpos( $user_email, '@' ) );
     74
     75                        if ( in_array( $emaildomain, (array) $limited_email_domains ) == false ) {
     76                            $email_error = 'blocked';
     77                        }
     78                    }
     79
     80                    // No errors, and email address doesn't match
     81                    if ( ( false === $email_error ) && email_exists( $user_email ) ) {
     82                        $email_error = 'taken';
     83                    }
     84
     85                    // Yay we made it!
     86                    if ( false === $email_error ) {
     87                        $update_user->user_email = $user_email;
     88                        $email_changed = true;
     89                    }
     90
     91                // No change
     92                } else {
     93                    $email_error = false;
     94                }
     95
     96            // Email address cannot be empty
     97            } else {
     98                $email_error = 'empty';
     99            }
     100
     101            /** Password Change Attempt ***************************************/
     102
     103            if ( !empty( $_POST['pass1'] ) && !empty( $_POST['pass2'] ) ) {
     104
     105                // Password change attempt is successful
     106                if ( ( $_POST['pass1'] == $_POST['pass2'] ) && !strpos( " " . $_POST['pass1'], "\\" ) ) {
     107                    $update_user->user_pass = $_POST['pass1'];
     108                    $pass_changed = true;
     109
     110                // Password change attempt was unsuccessful
     111                } else {
     112                    $pass_error = 'mismatch';
     113                }
     114
     115            // Both password fields were empty
     116            } elseif ( empty( $_POST['pass1'] ) && empty( $_POST['pass2'] ) ) {
     117                $pass_error = false;
     118
     119            // One of the password boxes was left empty
     120            } elseif ( ( empty( $_POST['pass1'] ) && !empty( $_POST['pass2'] ) ) || ( !empty( $_POST['pass1'] ) && empty( $_POST['pass2'] ) ) ) {
     121                $pass_error = 'empty';
     122            }
     123
    28124            // The structure of the $update_user object changed in WP 3.3, but
    29125            // wp_update_user() still expects the old format
    30126            if ( isset( $update_user->data ) && is_object( $update_user->data ) ) {
    31127                $update_user = $update_user->data;
    32             }
    33 
    34             // Make sure changing an email address does not already exist
    35             if ( $_POST['email'] != '' ) {
    36 
    37                 // What is missing from the profile page vs signup - lets double check the goodies
    38                 $user_email = sanitize_email( esc_html( trim( $_POST['email'] ) ) );
    39 
    40                 // Is email valid
    41                 if ( !is_email( $user_email ) )
    42                     $email_error = true;
    43 
    44                 // Get blocked email domains
    45                 $limited_email_domains = get_site_option( 'limited_email_domains', 'buddypress' );
    46 
    47                 // If blocked email domains exist, see if this is one of them
    48                 if ( is_array( $limited_email_domains ) && empty( $limited_email_domains ) == false ) {
    49                     $emaildomain = substr( $user_email, 1 + strpos( $user_email, '@' ) );
    50 
    51                     if ( in_array( $emaildomain, (array)$limited_email_domains ) == false ) {
    52                         $email_error = true;
    53                     }
     128                $update_user = get_object_vars( $update_user );
     129
     130                // Unset the password field to prevent it from emptying out the
     131                // user's user_pass field in the database.
     132                // @see wp_update_user()
     133                if ( false === $pass_changed ) {
     134                    unset( $update_user['user_pass'] );
    54135                }
    55 
    56                 // No errors, and email address doesn't match
    57                 if ( ( false === $email_error ) && ( $bp->displayed_user->userdata->user_email != $user_email ) ) {
    58 
    59                     // We don't want email dupes in the system
    60                     if ( email_exists( $user_email ) )
    61                         $email_error = true;
    62 
    63                     // Set updated user email to this email address
    64                     $update_user->user_email = $user_email;
    65                 }
    66             }
    67 
    68             // Password change
    69             if ( !empty( $_POST['pass1'] ) && !empty( $_POST['pass2'] ) ) {
    70 
    71                 // Password change attempt is successful
    72                 if ( $_POST['pass1'] == $_POST['pass2'] && !strpos( " " . $_POST['pass1'], "\\" ) ) {
    73                     $update_user->user_pass = $_POST['pass1'];
    74 
    75                 // Password change attempt was unsuccessful
    76                 } else {
    77                     $pass_error = true;
    78                 }
    79 
    80             // One of the password boxes was left empty
    81             } else if ( ( empty( $_POST['pass1'] ) && !empty( $_POST['pass2'] ) ) || ( !empty( $_POST['pass1'] ) && empty( $_POST['pass2'] ) ) ) {
    82                 $pass_error = true;
    83 
    84             // Not a password change attempt so empty the user_pass
    85             } else {
    86                 // unset( $update_user->user_pass ); // WP_User has no __unset()
    87                 $update_user->user_pass = null;
    88136            }
    89137
    90138            // Make sure these changes are in $bp for the current page load
    91             if ( ( false === $email_error ) && ( false === $pass_error ) && ( wp_update_user( get_object_vars( $update_user ) ) ) ) {
    92                 $bp_settings_updated = true;
     139            if ( ( false === $email_error ) && ( false === $pass_error ) && ( wp_update_user( $update_user ) ) ) {
     140                $bp->displayed_user->userdata = bp_core_get_core_userdata( bp_displayed_user_id() );
    93141            }
    94142
    95143        // Password Error
    96144        } else {
    97             $pwd_error = true;
    98         }
    99 
    100         // Add user feedback messages
    101         if ( empty( $pass_error ) && empty( $pwd_error ) && ( empty( $email_error ) ) )
    102             bp_core_add_message( __( 'Changes saved.', 'buddypress' ), 'success' );
    103 
    104         elseif ( !empty( $pass_error ) )
    105             bp_core_add_message( __( 'Your new passwords did not match.', 'buddypress' ), 'error' );
    106 
    107         elseif ( !empty( $pwd_error ) )
    108             bp_core_add_message( __( 'Your existing password is incorrect.', 'buddypress' ), 'error' );
    109 
    110         elseif ( !empty( $email_error ) )
    111             bp_core_add_message( __( 'Sorry, that email address is already used or is invalid.', 'buddypress' ), 'error' );
     145            $pass_error = 'invalid';
     146        }
     147
     148        // Email feedback
     149        switch ( $email_error ) {
     150            case 'invalid' :
     151                $feedback['email_invalid']  = __( 'That email address is invalid. Check the formatting and try again.', 'buddypress' );
     152                break;
     153            case 'blocked' :
     154                $feedback['email_blocked']  = __( 'That email address is currently unavailable for use.', 'buddypress' );
     155                break;
     156            case 'taken' :
     157                $feedback['email_taken']    = __( 'That email address is already taken.', 'buddypress' );
     158                break;
     159            case 'empty' :
     160                $feedback['email_empty']    = __( 'Email address cannot be empty.', 'buddypress' );
     161                break;
     162            case false :
     163                // No change
     164                break;
     165        }
     166
     167        // Password feedback
     168        switch ( $pass_error ) {
     169            case 'invalid' :
     170                $feedback['pass_error']    = __( 'Your current password is invalid.', 'buddypress' );
     171                break;
     172            case 'mismatch' :
     173                $feedback['pass_mismatch'] = __( 'The new password fields did not match.', 'buddypress' );
     174                break;
     175            case 'empty' :
     176                $feedback['pass_empty']    = __( 'One of the password fields was empty.', 'buddypress' );
     177                break;
     178            case false :
     179                // No change
     180                break;
     181        }
     182
     183        // No errors so show a simple success message
     184        if ( ( ( false === $email_error ) || ( false == $pass_error ) ) && ( ( true === $pass_changed ) || ( true === $email_changed ) ) ) {
     185            $feedback[]    = __( 'Your settings have been saved.', 'buddypress' );
     186            $feedback_type = 'success';
     187
     188        // Some kind of errors occurred
     189        } elseif ( ( ( false === $email_error ) || ( false === $pass_error ) ) && ( ( false === $pass_changed ) || ( false === $email_changed ) ) ) {
     190            if ( bp_is_my_profile() ) {
     191                $feedback['nochange'] = __( 'No changes were made to your account.', 'buddypress' );
     192            } else {
     193                $feedback['nochange'] = __( 'No changes were made to this account.', 'buddypress' );
     194            }
     195        }
     196
     197        // Set the feedback
     198        bp_core_add_message( implode( '</p><p>', $feedback ), $feedback_type );
    112199
    113200        // Execute additional code
    114201        do_action( 'bp_core_general_settings_after_save' );
     202
     203        // Redirect to prevent issues with browser back button
     204        bp_core_redirect( trailingslashit( bp_displayed_user_domain() . bp_get_settings_slug() . '/general' ) );
    115205       
    116         bp_core_redirect( trailingslashit( bp_displayed_user_domain() . bp_get_settings_slug() . '/general' ) );
    117     }
    118 
    119206    // Load the template
    120     bp_core_load_template( apply_filters( 'bp_core_screen_general_settings', 'members/single/settings/general' ) );
     207    } else {
     208        bp_core_load_template( apply_filters( 'bp_core_screen_general_settings', 'members/single/settings/general' ) );
     209    }
    121210}
    122211
  • branches/1.5/bp-themes/bp-default/members/single/settings/general.php

    r4347 r5831  
    5454                <form action="<?php echo bp_displayed_user_domain() . bp_get_settings_slug() . '/general'; ?>" method="post" class="standard-form" id="settings-form">
    5555
    56                     <label for="pwd"><?php _e( 'Current Password <span>(required to update email or change current password)</span>', 'buddypress' ); ?></label>
    57                     <input type="password" name="pwd" id="pwd" size="16" value="" class="settings-input small" /> &nbsp;<a href="<?php echo site_url( add_query_arg( array( 'action' => 'lostpassword' ), 'wp-login.php' ), 'login' ); ?>" title="<?php _e( 'Password Lost and Found', 'buddypress' ); ?>"><?php _e( 'Lost your password?', 'buddypress' ); ?></a>
     56                    <?php if ( !is_super_admin() ) : ?>
     57
     58                        <label for="pwd"><?php _e( 'Current Password <span>(required to update email or change current password)</span>', 'buddypress' ); ?></label>
     59                        <input type="password" name="pwd" id="pwd" size="16" value="" class="settings-input small" /> &nbsp;<a href="<?php echo site_url( add_query_arg( array( 'action' => 'lostpassword' ), 'wp-login.php' ), 'login' ); ?>" title="<?php _e( 'Password Lost and Found', 'buddypress' ); ?>"><?php _e( 'Lost your password?', 'buddypress' ); ?></a>
     60
     61                    <?php endif; ?>
    5862
    5963                    <label for="email"><?php _e( 'Account Email', 'buddypress' ); ?></label>
Note: See TracChangeset for help on using the changeset viewer.