1 | <?php |
---|
2 | /** |
---|
3 | * WordPress User API |
---|
4 | * |
---|
5 | * @package WordPress |
---|
6 | */ |
---|
7 | |
---|
8 | /** |
---|
9 | * Authenticate user with remember capability. |
---|
10 | * |
---|
11 | * The credentials is an array that has 'user_login', 'user_password', and |
---|
12 | * 'remember' indices. If the credentials is not given, then the log in form |
---|
13 | * will be assumed and used if set. |
---|
14 | * |
---|
15 | * The various authentication cookies will be set by this function and will be |
---|
16 | * set for a longer period depending on if the 'remember' credential is set to |
---|
17 | * true. |
---|
18 | * |
---|
19 | * @since 2.5.0 |
---|
20 | * |
---|
21 | * @param array $credentials Optional. User info in order to sign on. |
---|
22 | * @param bool $secure_cookie Optional. Whether to use secure cookie. |
---|
23 | * @return object Either WP_Error on failure, or WP_User on success. |
---|
24 | */ |
---|
25 | function wp_signon( $credentials = '', $secure_cookie = '' ) { |
---|
26 | if ( empty($credentials) ) { |
---|
27 | if ( ! empty($_POST['log']) ) |
---|
28 | $credentials['user_login'] = $_POST['log']; |
---|
29 | if ( ! empty($_POST['pwd']) ) |
---|
30 | $credentials['user_password'] = $_POST['pwd']; |
---|
31 | if ( ! empty($_POST['rememberme']) ) |
---|
32 | $credentials['remember'] = $_POST['rememberme']; |
---|
33 | } |
---|
34 | |
---|
35 | if ( !empty($credentials['remember']) ) |
---|
36 | $credentials['remember'] = true; |
---|
37 | else |
---|
38 | $credentials['remember'] = false; |
---|
39 | |
---|
40 | // TODO do we deprecate the wp_authentication action? |
---|
41 | do_action_ref_array('wp_authenticate', array(&$credentials['user_login'], &$credentials['user_password'])); |
---|
42 | |
---|
43 | if ( '' === $secure_cookie ) |
---|
44 | $secure_cookie = is_ssl() ? true : false; |
---|
45 | |
---|
46 | global $auth_secure_cookie; // XXX ugly hack to pass this to wp_authenticate_cookie |
---|
47 | $auth_secure_cookie = $secure_cookie; |
---|
48 | |
---|
49 | add_filter('authenticate', 'wp_authenticate_cookie', 30, 3); |
---|
50 | |
---|
51 | $user = wp_authenticate($credentials['user_login'], $credentials['user_password']); |
---|
52 | |
---|
53 | if ( is_wp_error($user) ) { |
---|
54 | if ( $user->get_error_codes() == array('empty_username', 'empty_password') ) { |
---|
55 | $user = new WP_Error('', ''); |
---|
56 | } |
---|
57 | |
---|
58 | return $user; |
---|
59 | } |
---|
60 | |
---|
61 | wp_set_auth_cookie($user->ID, $credentials['remember'], $secure_cookie); |
---|
62 | do_action('wp_login', $credentials['user_login']); |
---|
63 | return $user; |
---|
64 | } |
---|
65 | |
---|
66 | |
---|
67 | /** |
---|
68 | * Authenticate the user using the username and password. |
---|
69 | */ |
---|
70 | add_filter('authenticate', 'wp_authenticate_username_password', 20, 3); |
---|
71 | function wp_authenticate_username_password($user, $username, $password) { |
---|
72 | if ( is_a($user, 'WP_User') ) { return $user; } |
---|
73 | |
---|
74 | if ( empty($username) || empty($password) ) { |
---|
75 | $error = new WP_Error(); |
---|
76 | |
---|
77 | if ( empty($username) ) |
---|
78 | $error->add('empty_username', __('<strong>ERROR</strong>: The username field is empty.')); |
---|
79 | |
---|
80 | if ( empty($password) ) |
---|
81 | $error->add('empty_password', __('<strong>ERROR</strong>: The password field is empty.')); |
---|
82 | |
---|
83 | return $error; |
---|
84 | } |
---|
85 | |
---|
86 | $userdata = get_userdatabylogin($username); |
---|
87 | |
---|
88 | if ( !$userdata ) { |
---|
89 | return new WP_Error('invalid_username', sprintf(__('<strong>ERROR</strong>: Invalid username. <a href="%s" title="Password Lost and Found">Lost your password</a>?'), site_url('wp-login.php?action=lostpassword', 'login'))); |
---|
90 | } |
---|
91 | |
---|
92 | $userdata = apply_filters('wp_authenticate_user', $userdata, $password); |
---|
93 | if ( is_wp_error($userdata) ) { |
---|
94 | return $userdata; |
---|
95 | } |
---|
96 | |
---|
97 | if ( !wp_check_password($password, $userdata->user_pass, $userdata->ID) ) { |
---|
98 | return new WP_Error('incorrect_password', sprintf(__('<strong>ERROR</strong>: Incorrect password. <a href="%s" title="Password Lost and Found">Lost your password</a>?'), site_url('wp-login.php?action=lostpassword', 'login'))); |
---|
99 | } |
---|
100 | |
---|
101 | $user = new WP_User($userdata->ID); |
---|
102 | return $user; |
---|
103 | } |
---|
104 | |
---|
105 | /** |
---|
106 | * Authenticate the user using the WordPress auth cookie. |
---|
107 | */ |
---|
108 | function wp_authenticate_cookie($user, $username, $password) { |
---|
109 | if ( is_a($user, 'WP_User') ) { return $user; } |
---|
110 | |
---|
111 | if ( empty($username) && empty($password) ) { |
---|
112 | $user_id = wp_validate_auth_cookie(); |
---|
113 | if ( $user_id ) |
---|
114 | return new WP_User($user_id); |
---|
115 | |
---|
116 | global $auth_secure_cookie; |
---|
117 | |
---|
118 | if ( $auth_secure_cookie ) |
---|
119 | $auth_cookie = SECURE_AUTH_COOKIE; |
---|
120 | else |
---|
121 | $auth_cookie = AUTH_COOKIE; |
---|
122 | |
---|
123 | if ( !empty($_COOKIE[$auth_cookie]) ) |
---|
124 | return new WP_Error('expired_session', __('Please log in again.')); |
---|
125 | |
---|
126 | // If the cookie is not set, be silent. |
---|
127 | } |
---|
128 | |
---|
129 | return $user; |
---|
130 | } |
---|
131 | |
---|
132 | /** |
---|
133 | * Retrieve user data based on field. |
---|
134 | * |
---|
135 | * Use get_profile() will make a database query to get the value of the table |
---|
136 | * column. The value might be cached using the query cache, but care should be |
---|
137 | * taken when using the function to not make a lot of queries for retrieving |
---|
138 | * user profile information. |
---|
139 | * |
---|
140 | * If the $user parameter is not used, then the user will be retrieved from a |
---|
141 | * cookie of the user. Therefore, if the cookie does not exist, then no value |
---|
142 | * might be returned. Sanity checking must be done to ensure that when using |
---|
143 | * get_profile() that empty/null/false values are handled and that something is |
---|
144 | * at least displayed. |
---|
145 | * |
---|
146 | * @since 1.5.0 |
---|
147 | * @uses $wpdb WordPress database object to create queries. |
---|
148 | * |
---|
149 | * @param string $field User field to retrieve. |
---|
150 | * @param string $user Optional. User username. |
---|
151 | * @return string The value in the field. |
---|
152 | */ |
---|
153 | function get_profile($field, $user = false) { |
---|
154 | global $wpdb; |
---|
155 | if ( !$user ) |
---|
156 | $user = $wpdb->escape($_COOKIE[USER_COOKIE]); |
---|
157 | return $wpdb->get_var( $wpdb->prepare("SELECT $field FROM $wpdb->users WHERE user_login = %s", $user) ); |
---|
158 | } |
---|
159 | |
---|
160 | /** |
---|
161 | * Number of posts user has written. |
---|
162 | * |
---|
163 | * @since 0.71 |
---|
164 | * @uses $wpdb WordPress database object for queries. |
---|
165 | * |
---|
166 | * @param int $userid User ID. |
---|
167 | * @return int Amount of posts user has written. |
---|
168 | */ |
---|
169 | function get_usernumposts($userid) { |
---|
170 | global $wpdb; |
---|
171 | $userid = (int) $userid; |
---|
172 | $count = $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->posts WHERE post_author = %d AND post_type = 'post' AND ", $userid) . get_private_posts_cap_sql('post')); |
---|
173 | return apply_filters('get_usernumposts', $count, $userid); |
---|
174 | } |
---|
175 | |
---|
176 | /** |
---|
177 | * Number of approved comments the user has written. |
---|
178 | * |
---|
179 | * @since 2.84 |
---|
180 | * @uses $wpdb WordPress database object for queries. |
---|
181 | * |
---|
182 | * @param int $userid User ID. |
---|
183 | * @return int Amount of approved comments user has written. |
---|
184 | */ |
---|
185 | function get_usernumcomments($userid) { |
---|
186 | global $wpdb; |
---|
187 | $userid = (int) $userid; |
---|
188 | $count = $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->comments WHERE user_id = %d AND comment_approved = '1'", $userid)); |
---|
189 | return apply_filters('get_usernumcomments', $count, $userid); |
---|
190 | } |
---|
191 | |
---|
192 | /** |
---|
193 | * Check that the user login name and password is correct. |
---|
194 | * |
---|
195 | * @since 0.71 |
---|
196 | * @todo xmlrpc only. Maybe move to xmlrpc.php. |
---|
197 | * |
---|
198 | * @param string $user_login User name. |
---|
199 | * @param string $user_pass User password. |
---|
200 | * @return bool False if does not authenticate, true if username and password authenticates. |
---|
201 | */ |
---|
202 | function user_pass_ok($user_login, $user_pass) { |
---|
203 | $user = wp_authenticate($user_login, $user_pass); |
---|
204 | if ( is_wp_error($user) ) |
---|
205 | return false; |
---|
206 | |
---|
207 | return true; |
---|
208 | } |
---|
209 | |
---|
210 | // |
---|
211 | // User option functions |
---|
212 | // |
---|
213 | |
---|
214 | /** |
---|
215 | * Retrieve user option that can be either global, user, or blog. |
---|
216 | * |
---|
217 | * If the user ID is not given, then the current user will be used instead. If |
---|
218 | * the user ID is given, then the user data will be retrieved. The filter for |
---|
219 | * the result, will also pass the original option name and finally the user data |
---|
220 | * object as the third parameter. |
---|
221 | * |
---|
222 | * The option will first check for the non-global name, then the global name, |
---|
223 | * and if it still doesn't find it, it will try the blog option. The option can |
---|
224 | * either be modified or set by a plugin. |
---|
225 | * |
---|
226 | * @since 2.0.0 |
---|
227 | * @uses $wpdb WordPress database object for queries. |
---|
228 | * @uses apply_filters() Calls 'get_user_option_$option' hook with result, |
---|
229 | * option parameter, and user data object. |
---|
230 | * |
---|
231 | * @param string $option User option name. |
---|
232 | * @param int $user Optional. User ID. |
---|
233 | * @param bool $check_blog_options Whether to check for an option in the options table if a per-user option does not exist. Default is true. |
---|
234 | * @return mixed |
---|
235 | */ |
---|
236 | function get_user_option( $option, $user = 0, $check_blog_options = true ) { |
---|
237 | global $wpdb; |
---|
238 | |
---|
239 | $option = preg_replace('|[^a-z0-9_]|i', '', $option); |
---|
240 | if ( empty($user) ) |
---|
241 | $user = wp_get_current_user(); |
---|
242 | else |
---|
243 | $user = get_userdata($user); |
---|
244 | |
---|
245 | if ( isset( $user->{$wpdb->prefix . $option} ) ) // Blog specific |
---|
246 | $result = $user->{$wpdb->prefix . $option}; |
---|
247 | elseif ( isset( $user->{$option} ) ) // User specific and cross-blog |
---|
248 | $result = $user->{$option}; |
---|
249 | elseif ( $check_blog_options ) // Blog global |
---|
250 | $result = get_option( $option ); |
---|
251 | else |
---|
252 | $result = false; |
---|
253 | |
---|
254 | return apply_filters("get_user_option_{$option}", $result, $option, $user); |
---|
255 | } |
---|
256 | |
---|
257 | /** |
---|
258 | * Update user option with global blog capability. |
---|
259 | * |
---|
260 | * User options are just like user metadata except that they have support for |
---|
261 | * global blog options. If the 'global' parameter is false, which it is by default |
---|
262 | * it will prepend the WordPress table prefix to the option name. |
---|
263 | * |
---|
264 | * @since 2.0.0 |
---|
265 | * @uses $wpdb WordPress database object for queries |
---|
266 | * |
---|
267 | * @param int $user_id User ID |
---|
268 | * @param string $option_name User option name. |
---|
269 | * @param mixed $newvalue User option value. |
---|
270 | * @param bool $global Optional. Whether option name is blog specific or not. |
---|
271 | * @return unknown |
---|
272 | */ |
---|
273 | function update_user_option( $user_id, $option_name, $newvalue, $global = false ) { |
---|
274 | global $wpdb; |
---|
275 | if ( !$global ) |
---|
276 | $option_name = $wpdb->prefix . $option_name; |
---|
277 | return update_usermeta( $user_id, $option_name, $newvalue ); |
---|
278 | } |
---|
279 | |
---|
280 | /** |
---|
281 | * Get users for the blog. |
---|
282 | * |
---|
283 | * For setups that use the multi-blog feature. Can be used outside of the |
---|
284 | * multi-blog feature. |
---|
285 | * |
---|
286 | * @since 2.2.0 |
---|
287 | * @uses $wpdb WordPress database object for queries |
---|
288 | * @uses $blog_id The Blog id of the blog for those that use more than one blog |
---|
289 | * |
---|
290 | * @param int $id Blog ID. |
---|
291 | * @return array List of users that are part of that Blog ID |
---|
292 | */ |
---|
293 | function get_users_of_blog( $id = '' ) { |
---|
294 | global $wpdb, $blog_id; |
---|
295 | if ( empty($id) ) |
---|
296 | $id = (int) $blog_id; |
---|
297 | $users = $wpdb->get_results( "SELECT user_id, user_id AS ID, user_login, display_name, user_email, meta_value FROM $wpdb->users, $wpdb->usermeta WHERE {$wpdb->users}.ID = {$wpdb->usermeta}.user_id AND meta_key = '{$wpdb->prefix}capabilities' ORDER BY {$wpdb->usermeta}.user_id" ); |
---|
298 | return $users; |
---|
299 | } |
---|
300 | |
---|
301 | // |
---|
302 | // User meta functions |
---|
303 | // |
---|
304 | |
---|
305 | /** |
---|
306 | * Remove user meta data. |
---|
307 | * |
---|
308 | * @since 2.0.0 |
---|
309 | * @uses $wpdb WordPress database object for queries. |
---|
310 | * |
---|
311 | * @param int $user_id User ID. |
---|
312 | * @param string $meta_key Metadata key. |
---|
313 | * @param mixed $meta_value Metadata value. |
---|
314 | * @return bool True deletion completed and false if user_id is not a number. |
---|
315 | */ |
---|
316 | function delete_usermeta( $user_id, $meta_key, $meta_value = '' ) { |
---|
317 | global $wpdb; |
---|
318 | if ( !is_numeric( $user_id ) ) |
---|
319 | return false; |
---|
320 | $meta_key = preg_replace('|[^a-z0-9_]|i', '', $meta_key); |
---|
321 | |
---|
322 | if ( is_array($meta_value) || is_object($meta_value) ) |
---|
323 | $meta_value = serialize($meta_value); |
---|
324 | $meta_value = trim( $meta_value ); |
---|
325 | |
---|
326 | if ( ! empty($meta_value) ) |
---|
327 | $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s AND meta_value = %s", $user_id, $meta_key, $meta_value) ); |
---|
328 | else |
---|
329 | $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s", $user_id, $meta_key) ); |
---|
330 | |
---|
331 | wp_cache_delete($user_id, 'users'); |
---|
332 | |
---|
333 | return true; |
---|
334 | } |
---|
335 | |
---|
336 | /** |
---|
337 | * Retrieve user metadata. |
---|
338 | * |
---|
339 | * If $user_id is not a number, then the function will fail over with a 'false' |
---|
340 | * boolean return value. Other returned values depend on whether there is only |
---|
341 | * one item to be returned, which be that single item type. If there is more |
---|
342 | * than one metadata value, then it will be list of metadata values. |
---|
343 | * |
---|
344 | * @since 2.0.0 |
---|
345 | * @uses $wpdb WordPress database object for queries. |
---|
346 | * |
---|
347 | * @param int $user_id User ID |
---|
348 | * @param string $meta_key Optional. Metadata key. |
---|
349 | * @return mixed |
---|
350 | */ |
---|
351 | function get_usermeta( $user_id, $meta_key = '') { |
---|
352 | global $wpdb; |
---|
353 | $user_id = (int) $user_id; |
---|
354 | |
---|
355 | if ( !$user_id ) |
---|
356 | return false; |
---|
357 | |
---|
358 | if ( !empty($meta_key) ) { |
---|
359 | $meta_key = preg_replace('|[^a-z0-9_]|i', '', $meta_key); |
---|
360 | $user = wp_cache_get($user_id, 'users'); |
---|
361 | // Check the cached user object |
---|
362 | if ( false !== $user && isset($user->$meta_key) ) |
---|
363 | $metas = array($user->$meta_key); |
---|
364 | else |
---|
365 | $metas = $wpdb->get_col( $wpdb->prepare("SELECT meta_value FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s", $user_id, $meta_key) ); |
---|
366 | } else { |
---|
367 | $metas = $wpdb->get_col( $wpdb->prepare("SELECT meta_value FROM $wpdb->usermeta WHERE user_id = %d", $user_id) ); |
---|
368 | } |
---|
369 | |
---|
370 | if ( empty($metas) ) { |
---|
371 | if ( empty($meta_key) ) |
---|
372 | return array(); |
---|
373 | else |
---|
374 | return ''; |
---|
375 | } |
---|
376 | |
---|
377 | $metas = array_map('maybe_unserialize', $metas); |
---|
378 | |
---|
379 | if ( count($metas) == 1 ) |
---|
380 | return $metas[0]; |
---|
381 | else |
---|
382 | return $metas; |
---|
383 | } |
---|
384 | |
---|
385 | /** |
---|
386 | * Update metadata of user. |
---|
387 | * |
---|
388 | * There is no need to serialize values, they will be serialized if it is |
---|
389 | * needed. The metadata key can only be a string with underscores. All else will |
---|
390 | * be removed. |
---|
391 | * |
---|
392 | * Will remove the metadata, if the meta value is empty. |
---|
393 | * |
---|
394 | * @since 2.0.0 |
---|
395 | * @uses $wpdb WordPress database object for queries |
---|
396 | * |
---|
397 | * @param int $user_id User ID |
---|
398 | * @param string $meta_key Metadata key. |
---|
399 | * @param mixed $meta_value Metadata value. |
---|
400 | * @return bool True on successful update, false on failure. |
---|
401 | */ |
---|
402 | function update_usermeta( $user_id, $meta_key, $meta_value ) { |
---|
403 | global $wpdb; |
---|
404 | if ( !is_numeric( $user_id ) ) |
---|
405 | return false; |
---|
406 | $meta_key = preg_replace('|[^a-z0-9_]|i', '', $meta_key); |
---|
407 | |
---|
408 | /** @todo Might need fix because usermeta data is assumed to be already escaped */ |
---|
409 | if ( is_string($meta_value) ) |
---|
410 | $meta_value = stripslashes($meta_value); |
---|
411 | $meta_value = maybe_serialize($meta_value); |
---|
412 | |
---|
413 | if (empty($meta_value)) { |
---|
414 | return delete_usermeta($user_id, $meta_key); |
---|
415 | } |
---|
416 | |
---|
417 | $cur = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s", $user_id, $meta_key) ); |
---|
418 | if ( !$cur ) |
---|
419 | $wpdb->insert($wpdb->usermeta, compact('user_id', 'meta_key', 'meta_value') ); |
---|
420 | else if ( $cur->meta_value != $meta_value ) |
---|
421 | $wpdb->update($wpdb->usermeta, compact('meta_value'), compact('user_id', 'meta_key') ); |
---|
422 | else |
---|
423 | return false; |
---|
424 | |
---|
425 | wp_cache_delete($user_id, 'users'); |
---|
426 | |
---|
427 | return true; |
---|
428 | } |
---|
429 | |
---|
430 | // |
---|
431 | // Private helper functions |
---|
432 | // |
---|
433 | |
---|
434 | /** |
---|
435 | * Setup global user vars. |
---|
436 | * |
---|
437 | * Used by set_current_user() for back compat. Might be deprecated in the |
---|
438 | * future. |
---|
439 | * |
---|
440 | * @since 2.0.4 |
---|
441 | * @global string $userdata User description. |
---|
442 | * @global string $user_login The user username for logging in |
---|
443 | * @global int $user_level The level of the user |
---|
444 | * @global int $user_ID The ID of the user |
---|
445 | * @global string $user_email The email address of the user |
---|
446 | * @global string $user_url The url in the user's profile |
---|
447 | * @global string $user_pass_md5 MD5 of the user's password |
---|
448 | * @global string $user_identity The display name of the user |
---|
449 | * |
---|
450 | * @param int $user_id Optional. User ID to setup global data. |
---|
451 | */ |
---|
452 | function setup_userdata($user_id = '') { |
---|
453 | global $user_login, $userdata, $user_level, $user_ID, $user_email, $user_url, $user_pass_md5, $user_identity; |
---|
454 | |
---|
455 | if ( '' == $user_id ) |
---|
456 | $user = wp_get_current_user(); |
---|
457 | else |
---|
458 | $user = new WP_User($user_id); |
---|
459 | |
---|
460 | if ( 0 == $user->ID ) |
---|
461 | return; |
---|
462 | |
---|
463 | $userdata = $user->data; |
---|
464 | $user_login = $user->user_login; |
---|
465 | $user_level = (int) isset($user->user_level) ? $user->user_level : 0; |
---|
466 | $user_ID = (int) $user->ID; |
---|
467 | $user_email = $user->user_email; |
---|
468 | $user_url = $user->user_url; |
---|
469 | $user_pass_md5 = md5($user->user_pass); |
---|
470 | $user_identity = $user->display_name; |
---|
471 | } |
---|
472 | |
---|
473 | /** |
---|
474 | * Create dropdown HTML content of users. |
---|
475 | * |
---|
476 | * The content can either be displayed, which it is by default or retrieved by |
---|
477 | * setting the 'echo' argument. The 'include' and 'exclude' arguments do not |
---|
478 | * need to be used; all users will be displayed in that case. Only one can be |
---|
479 | * used, either 'include' or 'exclude', but not both. |
---|
480 | * |
---|
481 | * The available arguments are as follows: |
---|
482 | * <ol> |
---|
483 | * <li>show_option_all - Text to show all and whether HTML option exists.</li> |
---|
484 | * <li>show_option_none - Text for show none and whether HTML option exists. |
---|
485 | * </li> |
---|
486 | * <li>orderby - SQL order by clause for what order the users appear. Default is |
---|
487 | * 'display_name'.</li> |
---|
488 | * <li>order - Default is 'ASC'. Can also be 'DESC'.</li> |
---|
489 | * <li>include - User IDs to include.</li> |
---|
490 | * <li>exclude - User IDs to exclude.</li> |
---|
491 | * <li>multi - Default is 'false'. Whether to skip the ID attribute on the 'select' element.</li> |
---|
492 | * <li>show - Default is 'display_name'. User table column to display. If the selected item is empty then the user_login will be displayed in parentesis</li> |
---|
493 | * <li>echo - Default is '1'. Whether to display or retrieve content.</li> |
---|
494 | * <li>selected - Which User ID is selected.</li> |
---|
495 | * <li>name - Default is 'user'. Name attribute of select element.</li> |
---|
496 | * <li>class - Class attribute of select element.</li> |
---|
497 | * </ol> |
---|
498 | * |
---|
499 | * @since 2.3.0 |
---|
500 | * @uses $wpdb WordPress database object for queries |
---|
501 | * |
---|
502 | * @param string|array $args Optional. Override defaults. |
---|
503 | * @return string|null Null on display. String of HTML content on retrieve. |
---|
504 | */ |
---|
505 | function wp_dropdown_users( $args = '' ) { |
---|
506 | global $wpdb; |
---|
507 | $defaults = array( |
---|
508 | 'show_option_all' => '', 'show_option_none' => '', |
---|
509 | 'orderby' => 'display_name', 'order' => 'ASC', |
---|
510 | 'include' => '', 'exclude' => '', 'multi' => 0, |
---|
511 | 'show' => 'display_name', 'echo' => 1, |
---|
512 | 'selected' => 0, 'name' => 'user', 'class' => '' |
---|
513 | ); |
---|
514 | |
---|
515 | $defaults['selected'] = is_author() ? get_query_var( 'author' ) : 0; |
---|
516 | |
---|
517 | $r = wp_parse_args( $args, $defaults ); |
---|
518 | extract( $r, EXTR_SKIP ); |
---|
519 | |
---|
520 | $query = "SELECT * FROM $wpdb->users"; |
---|
521 | |
---|
522 | $query_where = array(); |
---|
523 | |
---|
524 | if ( is_array($include) ) |
---|
525 | $include = join(',', $include); |
---|
526 | $include = preg_replace('/[^0-9,]/', '', $include); // (int) |
---|
527 | if ( $include ) |
---|
528 | $query_where[] = "ID IN ($include)"; |
---|
529 | |
---|
530 | if ( is_array($exclude) ) |
---|
531 | $exclude = join(',', $exclude); |
---|
532 | $exclude = preg_replace('/[^0-9,]/', '', $exclude); // (int) |
---|
533 | if ( $exclude ) |
---|
534 | $query_where[] = "ID NOT IN ($exclude)"; |
---|
535 | |
---|
536 | if ( $query_where ) |
---|
537 | $query .= " WHERE " . join(' AND', $query_where); |
---|
538 | |
---|
539 | $query .= " ORDER BY $orderby $order"; |
---|
540 | |
---|
541 | $users = $wpdb->get_results( $query ); |
---|
542 | |
---|
543 | $output = ''; |
---|
544 | if ( !empty($users) ) { |
---|
545 | $id = $multi ? "" : "id='$name'"; |
---|
546 | |
---|
547 | $output = "<select name='$name' $id class='$class'>\n"; |
---|
548 | |
---|
549 | if ( $show_option_all ) |
---|
550 | $output .= "\t<option value='0'>$show_option_all</option>\n"; |
---|
551 | |
---|
552 | if ( $show_option_none ) |
---|
553 | $output .= "\t<option value='-1'>$show_option_none</option>\n"; |
---|
554 | |
---|
555 | foreach ( (array) $users as $user ) { |
---|
556 | $user->ID = (int) $user->ID; |
---|
557 | $_selected = $user->ID == $selected ? " selected='selected'" : ''; |
---|
558 | $display = !empty($user->$show) ? $user->$show : '('. $user->user_login . ')'; |
---|
559 | $output .= "\t<option value='$user->ID'$_selected>" . esc_html($display) . "</option>\n"; |
---|
560 | } |
---|
561 | |
---|
562 | $output .= "</select>"; |
---|
563 | } |
---|
564 | |
---|
565 | $output = apply_filters('wp_dropdown_users', $output); |
---|
566 | |
---|
567 | if ( $echo ) |
---|
568 | echo $output; |
---|
569 | |
---|
570 | return $output; |
---|
571 | } |
---|
572 | |
---|
573 | /** |
---|
574 | * Add user meta data as properties to given user object. |
---|
575 | * |
---|
576 | * The finished user data is cached, but the cache is not used to fill in the |
---|
577 | * user data for the given object. Once the function has been used, the cache |
---|
578 | * should be used to retrieve user data. The purpose seems then to be to ensure |
---|
579 | * that the data in the object is always fresh. |
---|
580 | * |
---|
581 | * @access private |
---|
582 | * @since 2.5.0 |
---|
583 | * @uses $wpdb WordPress database object for queries |
---|
584 | * |
---|
585 | * @param object $user The user data object. |
---|
586 | */ |
---|
587 | function _fill_user( &$user ) { |
---|
588 | global $wpdb; |
---|
589 | |
---|
590 | $show = $wpdb->hide_errors(); |
---|
591 | $metavalues = $wpdb->get_results($wpdb->prepare("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = %d", $user->ID)); |
---|
592 | $wpdb->show_errors($show); |
---|
593 | |
---|
594 | if ( $metavalues ) { |
---|
595 | foreach ( (array) $metavalues as $meta ) { |
---|
596 | $value = maybe_unserialize($meta->meta_value); |
---|
597 | $user->{$meta->meta_key} = $value; |
---|
598 | } |
---|
599 | } |
---|
600 | |
---|
601 | $level = $wpdb->prefix . 'user_level'; |
---|
602 | if ( isset( $user->{$level} ) ) |
---|
603 | $user->user_level = $user->{$level}; |
---|
604 | |
---|
605 | // For backwards compat. |
---|
606 | if ( isset($user->first_name) ) |
---|
607 | $user->user_firstname = $user->first_name; |
---|
608 | if ( isset($user->last_name) ) |
---|
609 | $user->user_lastname = $user->last_name; |
---|
610 | if ( isset($user->description) ) |
---|
611 | $user->user_description = $user->description; |
---|
612 | |
---|
613 | wp_cache_add($user->ID, $user, 'users'); |
---|
614 | wp_cache_add($user->user_login, $user->ID, 'userlogins'); |
---|
615 | wp_cache_add($user->user_email, $user->ID, 'useremail'); |
---|
616 | wp_cache_add($user->user_nicename, $user->ID, 'userslugs'); |
---|
617 | } |
---|
618 | |
---|
619 | ?> |
---|