Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
03/13/2014 12:58:28 AM (11 years ago)
Author:
imath
Message:

Introduce Sign Ups Management

In Users Administration Screen, a new view is now available to manage the pending accounts of a site or of the network of sites. The following actions are supported:

  • Resend the activation email
  • Delete the pending account
  • Activate the pending account

The corresponding bulk actions are also supported. A search box is available in order to let the administrator easily find some specific pending accounts.

The registration process have also been modified so that multisite and regular configs handles it in a similar way. A mechnanism is in place to ensure plugin backward compatibility concerning the regular configs.

See #5374

props boonebgorges, imath

Fixes #4651

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/bp-members/bp-members-functions.php

    r8027 r8119  
    13621362        }
    13631363
     1364        // Check into signups
     1365        $signups = BP_Signup::get( array(
     1366            'user_login' => $user_name,
     1367        ) );
     1368
     1369        $signup = isset( $signups['signups'] ) && ! empty( $signups['signups'][0] ) ? $signups['signups'][0] : false;
     1370
    13641371        // Check if the username has been used already.
    1365         if ( username_exists( $user_name ) ) {
     1372        if ( username_exists( $user_name ) || ! empty( $signup ) ) {
    13661373            $errors->add( 'user_name', __( 'Sorry, that username already exists!', 'buddypress' ) );
    13671374        }
     
    13941401
    13951402function bp_core_signup_user( $user_login, $user_password, $user_email, $usermeta ) {
    1396     global $bp, $wpdb;
     1403    global $bp;
     1404
     1405    // We need to cast $user_id to pass to the filters
     1406    $user_id = false;
    13971407
    13981408    // Multisite installs have their own install procedure
     
    14001410        wpmu_signup_user( $user_login, $user_email, $usermeta );
    14011411
    1402         // On multisite, the user id is not created until the user activates the account
    1403         // but we need to cast $user_id to pass to the filters
    1404         $user_id = false;
    1405 
    14061412    } else {
    1407         $errors = new WP_Error();
    1408 
    1409         $user_id = wp_insert_user( array(
    1410             'user_login' => $user_login,
    1411             'user_pass' => $user_password,
    1412             'display_name' => sanitize_title( $user_login ),
    1413             'user_email' => $user_email
    1414         ) );
    1415 
    1416         if ( is_wp_error( $user_id ) || empty( $user_id ) ) {
    1417             $errors->add( 'registerfail', sprintf( __('<strong>ERROR</strong>: Couldn&#8217;t register you... please contact the <a href="mailto:%s">webmaster</a> !', 'buddypress' ), bp_get_option( 'admin_email' ) ) );
    1418             return $errors;
    1419         }
    1420 
    1421         // Update the user status to '2' which we will use as 'not activated' (0 = active, 1 = spam, 2 = not active)
    1422         $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->users} SET user_status = 2 WHERE ID = %d", $user_id ) );
    1423 
    1424         // Set any profile data
    1425         if ( bp_is_active( 'xprofile' ) ) {
    1426             if ( !empty( $usermeta['profile_field_ids'] ) ) {
    1427                 $profile_field_ids = explode( ',', $usermeta['profile_field_ids'] );
    1428 
    1429                 foreach( (array) $profile_field_ids as $field_id ) {
    1430                     if ( empty( $usermeta["field_{$field_id}"] ) )
    1431                         continue;
    1432 
    1433                     $current_field = $usermeta["field_{$field_id}"];
    1434                     xprofile_set_field_data( $field_id, $user_id, $current_field );
    1435 
    1436                     // Save the visibility level
    1437                     $visibility_level = !empty( $usermeta['field_' . $field_id . '_visibility'] ) ? $usermeta['field_' . $field_id . '_visibility'] : 'public';
    1438                     xprofile_set_field_visibility_level( $field_id, $user_id, $visibility_level );
    1439                 }
     1413        // Format data
     1414        $user_login     = preg_replace( '/\s+/', '', sanitize_user( $user_login, true ) );
     1415        $user_email     = sanitize_email( $user_email );
     1416        $activation_key = substr( md5( time() . rand() . $user_email ), 0, 16 );
     1417
     1418        /**
     1419         * WordPress's default behavior is to create user accounts
     1420         * immediately at registration time. BuddyPress uses a system
     1421         * borrowed from WordPress Multisite, where signups are stored
     1422         * separately and accounts are only created at the time of
     1423         * activation. For backward compatibility with plugins that may
     1424         * be anticipating WP's default behavior, BP silently creates
     1425         * accounts for registrations (though it does not use them). If
     1426         * you know that you are not running any plugins dependent on
     1427         * these pending accounts, you may want to save a little DB
     1428         * clutter by defining setting the BP_SIGNUPS_SKIP_USER_CREATION
     1429         * to true in your wp-config.php file.
     1430         */
     1431        if ( ! defined( 'BP_SIGNUPS_SKIP_USER_CREATION' ) || ! BP_SIGNUPS_SKIP_USER_CREATION ) {
     1432            $user_id = BP_Signup::add_backcompat( $user_login, $user_password, $user_email, $usermeta );
     1433
     1434            if ( is_wp_error( $user_id ) ) {
     1435                return $user_id;
    14401436            }
    1441         }
    1442     }
    1443     $bp->signup->username = $user_login;
    1444 
    1445     /***
    1446      * Now generate an activation key and send an email to the user so they can activate their
    1447      * account and validate their email address. Multisite installs send their own email, so
    1448      * this is only for single blog installs.
    1449      *
    1450      * To disable sending activation emails you can user the filter
    1451      * 'bp_core_signup_send_activation_key' and return false. Note that this will only disable
    1452      * the email - a key will still be generated, and the account must still be activated
    1453      * before use.
    1454      */
    1455     if ( !is_multisite() ) {
    1456         $activation_key = wp_hash( $user_id );
    1457         update_user_meta( $user_id, 'activation_key', $activation_key );
     1437
     1438            $activation_key = wp_hash( $user_id );
     1439            update_user_meta( $user_id, 'activation_key', $activation_key );
     1440        }
     1441
     1442        $args = array(
     1443            'user_login'     => $user_login,
     1444            'user_email'     => $user_email,
     1445            'activation_key' => $activation_key,
     1446            'meta'           => $usermeta,
     1447        );
     1448
     1449        BP_Signup::add( $args );
    14581450
    14591451        if ( apply_filters( 'bp_core_signup_send_activation_key', true ) ) {
     
    14611453        }
    14621454    }
     1455
     1456    $bp->signup->username = $user_login;
    14631457
    14641458    do_action( 'bp_core_signup_user', $user_id, $user_login, $user_password, $user_email, $usermeta );
     
    14841478
    14851479        // If there were errors, add a message and redirect
    1486         if ( !empty( $user->errors ) ) {
     1480        if ( ! empty( $user->errors ) ) {
    14871481            return $user;
    14881482        }
     
    14901484        $user_id = $user['user_id'];
    14911485
    1492         // Set any profile data
    1493         if ( bp_is_active( 'xprofile' ) ) {
    1494             if ( !empty( $user['meta']['profile_field_ids'] ) ) {
    1495                 $profile_field_ids = explode( ',', $user['meta']['profile_field_ids'] );
    1496 
    1497                 foreach( (array) $profile_field_ids as $field_id ) {
    1498                     $current_field = isset( $user['meta']["field_{$field_id}"] ) ? $user['meta']["field_{$field_id}"] : false;
    1499 
    1500                     if ( !empty( $current_field ) )
    1501                         xprofile_set_field_data( $field_id, $user_id, $current_field );
    1502 
    1503                     // Save the visibility level
    1504                     $visibility_level = !empty( $user['meta']['field_' . $field_id . '_visibility'] ) ? $user['meta']['field_' . $field_id . '_visibility'] : 'public';
    1505                     xprofile_set_field_visibility_level( $field_id, $user_id, $visibility_level );
    1506                 }
     1486    } else {
     1487        $signups = BP_Signup::get( array(
     1488            'activation_key' => $key,
     1489        ) );
     1490
     1491        if ( empty( $signups['signups'] ) ) {
     1492            return new WP_Error( 'invalid_key', __( 'Invalid activation key.', 'buddypress' ) );
     1493        }
     1494
     1495        $signup = $signups['signups'][0];
     1496
     1497        if ( $signup->active ) {
     1498            if ( empty( $signup->domain ) ) {
     1499                return new WP_Error( 'already_active', __( 'The user is already active.', 'buddypress' ), $signup );
     1500            } else {
     1501                return new WP_Error( 'already_active', __( 'The site is already active.', 'buddypress' ), $signup );
    15071502            }
    15081503        }
    1509     } else {
    1510 
    1511         // Get the user_id based on the $key
    1512         $user_id = $wpdb->get_var( $wpdb->prepare( "SELECT user_id FROM {$wpdb->usermeta} WHERE meta_key = 'activation_key' AND meta_value = %s", $key ) );
    1513 
    1514         if ( empty( $user_id ) )
    1515             return new WP_Error( 'invalid_key', __( 'Invalid activation key', 'buddypress' ) );
    1516 
    1517         // Change the user's status so they become active
    1518         if ( !$wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->users} SET user_status = 0 WHERE ID = %d", $user_id ) ) )
    1519             return new WP_Error( 'invalid_key', __( 'Invalid activation key', 'buddypress' ) );
     1504
     1505        // password is hashed again in wp_insert_user
     1506        $password = wp_generate_password( 12, false );
     1507
     1508        $user_id = username_exists( $signup->user_login );
     1509
     1510        // Create the user
     1511        if ( ! $user_id ) {
     1512            $user_id = wp_create_user( $signup->user_login, $password, $signup->user_email );
     1513
     1514        // If a user ID is found, this may be a legacy signup, or one
     1515        // created locally for backward compatibility. Process it.
     1516        } else if ( $key == wp_hash( $user_id ) ) {
     1517            // Change the user's status so they become active
     1518            if ( ! $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->users} SET user_status = 0 WHERE ID = %d", $user_id ) ) ) {
     1519                return new WP_Error( 'invalid_key', __( 'Invalid activation key', 'buddypress' ) );
     1520            }
     1521
     1522            bp_delete_user_meta( $user_id, 'activation_key' );
     1523
     1524            $member = get_userdata( $user_id );
     1525            $member->set_role( get_option('default_role') );
     1526
     1527            $user_already_created = true;
     1528
     1529        } else {
     1530            $user_already_exists = true;
     1531        }
     1532
     1533        if ( ! $user_id ) {
     1534            return new WP_Error( 'create_user', __( 'Could not create user', 'buddypress' ), $signup );
     1535        }
     1536
     1537        // Fetch the signup so we have the data later on
     1538        $signups = BP_Signup::get( array(
     1539            'activation_key' => $key,
     1540        ) );
     1541
     1542        $signup = isset( $signups['signups'] ) && ! empty( $signups['signups'][0] ) ? $signups['signups'][0] : false;
     1543
     1544        // Activate the signup
     1545        BP_Signup::validate( $key );
     1546
     1547        if ( isset( $user_already_exists ) ) {
     1548            return new WP_Error( 'user_already_exists', __( 'That username is already activated.' ), $signup );
     1549        }
     1550
     1551        // Set up data to pass to the legacy filter
     1552        $user = array(
     1553            'user_id'  => $user_id,
     1554            'password' => $signup->meta['password'],
     1555            'meta'     => $signup->meta,
     1556        );
    15201557
    15211558        // Notify the site admin of a new user registration
    15221559        wp_new_user_notification( $user_id );
    15231560
    1524         // Remove the activation key meta
    1525         delete_user_meta( $user_id, 'activation_key' );
     1561        if ( isset( $user_already_created ) ) {
     1562            do_action( 'bp_core_activated_user', $user_id, $key, $user );
     1563            return $user_id;
     1564        }
     1565    }
     1566
     1567    // Set any profile data
     1568    if ( bp_is_active( 'xprofile' ) ) {
     1569        if ( ! empty( $user['meta']['profile_field_ids'] ) ) {
     1570            $profile_field_ids = explode( ',', $user['meta']['profile_field_ids'] );
     1571
     1572            foreach( (array) $profile_field_ids as $field_id ) {
     1573                $current_field = isset( $user['meta']["field_{$field_id}"] ) ? $user['meta']["field_{$field_id}"] : false;
     1574
     1575                if ( !empty( $current_field ) )
     1576                    xprofile_set_field_data( $field_id, $user_id, $current_field );
     1577
     1578                // Save the visibility level
     1579                $visibility_level = ! empty( $user['meta']['field_' . $field_id . '_visibility'] ) ? $user['meta']['field_' . $field_id . '_visibility'] : 'public';
     1580                xprofile_set_field_visibility_level( $field_id, $user_id, $visibility_level );
     1581            }
     1582        }
    15261583    }
    15271584
    15281585    // Update the display_name
    1529     wp_update_user( array( 'ID' => $user_id, 'display_name' => bp_core_get_user_displayname( $user_id ) ) );
     1586    wp_update_user( array(
     1587        'ID'           => $user_id,
     1588        'display_name' => bp_core_get_user_displayname( $user_id ),
     1589    ) );
    15301590
    15311591    // Set the password on multisite installs
    1532     if ( is_multisite() && !empty( $user['meta']['password'] ) )
     1592    if ( ! empty( $user['meta']['password'] ) ) {
    15331593        $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->users} SET user_pass = %s WHERE ID = %d", $user['meta']['password'], $user_id ) );
     1594    }
    15341595
    15351596    do_action( 'bp_core_activated_user', $user_id, $key, $user );
Note: See TracChangeset for help on using the changeset viewer.