1 | <?php |
---|
2 | /** |
---|
3 | * Core User API |
---|
4 | * |
---|
5 | * @package WordPress |
---|
6 | * @subpackage Users |
---|
7 | */ |
---|
8 | |
---|
9 | /** |
---|
10 | * Authenticates and logs a user in with 'remember' capability. |
---|
11 | * |
---|
12 | * The credentials is an array that has 'user_login', 'user_password', and |
---|
13 | * 'remember' indices. If the credentials is not given, then the log in form |
---|
14 | * will be assumed and used if set. |
---|
15 | * |
---|
16 | * The various authentication cookies will be set by this function and will be |
---|
17 | * set for a longer period depending on if the 'remember' credential is set to |
---|
18 | * true. |
---|
19 | * |
---|
20 | * Note: wp_signon() doesn't handle setting the current user. This means that if the |
---|
21 | * function is called before the {@see 'init'} hook is fired, is_user_logged_in() will |
---|
22 | * evaluate as false until that point. If is_user_logged_in() is needed in conjunction |
---|
23 | * with wp_signon(), wp_set_current_user() should be called explicitly. |
---|
24 | * |
---|
25 | * @since 2.5.0 |
---|
26 | * |
---|
27 | * @global string $auth_secure_cookie |
---|
28 | * |
---|
29 | * @param array $credentials Optional. User info in order to sign on. |
---|
30 | * @param string|bool $secure_cookie Optional. Whether to use secure cookie. |
---|
31 | * @return WP_User|WP_Error WP_User on success, WP_Error on failure. |
---|
32 | */ |
---|
33 | function wp_signon( $credentials = array(), $secure_cookie = '' ) { |
---|
34 | if ( empty( $credentials ) ) { |
---|
35 | $credentials = array(); // Back-compat for plugins passing an empty string. |
---|
36 | |
---|
37 | if ( ! empty( $_POST['log'] ) ) { |
---|
38 | $credentials['user_login'] = $_POST['log']; |
---|
39 | } |
---|
40 | if ( ! empty( $_POST['pwd'] ) ) { |
---|
41 | $credentials['user_password'] = $_POST['pwd']; |
---|
42 | } |
---|
43 | if ( ! empty( $_POST['rememberme'] ) ) { |
---|
44 | $credentials['remember'] = $_POST['rememberme']; |
---|
45 | } |
---|
46 | } |
---|
47 | |
---|
48 | if ( ! empty( $credentials['remember'] ) ) { |
---|
49 | $credentials['remember'] = true; |
---|
50 | } else { |
---|
51 | $credentials['remember'] = false; |
---|
52 | } |
---|
53 | |
---|
54 | /** |
---|
55 | * Fires before the user is authenticated. |
---|
56 | * |
---|
57 | * The variables passed to the callbacks are passed by reference, |
---|
58 | * and can be modified by callback functions. |
---|
59 | * |
---|
60 | * @since 1.5.1 |
---|
61 | * |
---|
62 | * @todo Decide whether to deprecate the wp_authenticate action. |
---|
63 | * |
---|
64 | * @param string $user_login Username (passed by reference). |
---|
65 | * @param string $user_password User password (passed by reference). |
---|
66 | */ |
---|
67 | do_action_ref_array( 'wp_authenticate', array( &$credentials['user_login'], &$credentials['user_password'] ) ); |
---|
68 | |
---|
69 | if ( '' === $secure_cookie ) { |
---|
70 | $secure_cookie = is_ssl(); |
---|
71 | } |
---|
72 | |
---|
73 | /** |
---|
74 | * Filters whether to use a secure sign-on cookie. |
---|
75 | * |
---|
76 | * @since 3.1.0 |
---|
77 | * |
---|
78 | * @param bool $secure_cookie Whether to use a secure sign-on cookie. |
---|
79 | * @param array $credentials { |
---|
80 | * Array of entered sign-on data. |
---|
81 | * |
---|
82 | * @type string $user_login Username. |
---|
83 | * @type string $user_password Password entered. |
---|
84 | * @type bool $remember Whether to 'remember' the user. Increases the time |
---|
85 | * that the cookie will be kept. Default false. |
---|
86 | * } |
---|
87 | */ |
---|
88 | $secure_cookie = apply_filters( 'secure_signon_cookie', $secure_cookie, $credentials ); |
---|
89 | |
---|
90 | global $auth_secure_cookie; // XXX ugly hack to pass this to wp_authenticate_cookie |
---|
91 | $auth_secure_cookie = $secure_cookie; |
---|
92 | |
---|
93 | add_filter( 'authenticate', 'wp_authenticate_cookie', 30, 3 ); |
---|
94 | |
---|
95 | $user = wp_authenticate( $credentials['user_login'], $credentials['user_password'] ); |
---|
96 | |
---|
97 | if ( is_wp_error( $user ) ) { |
---|
98 | if ( $user->get_error_codes() == array( 'empty_username', 'empty_password' ) ) { |
---|
99 | $user = new WP_Error( '', '' ); |
---|
100 | } |
---|
101 | |
---|
102 | return $user; |
---|
103 | } |
---|
104 | |
---|
105 | wp_set_auth_cookie( $user->ID, $credentials['remember'], $secure_cookie ); |
---|
106 | /** |
---|
107 | * Fires after the user has successfully logged in. |
---|
108 | * |
---|
109 | * @since 1.5.0 |
---|
110 | * |
---|
111 | * @param string $user_login Username. |
---|
112 | * @param WP_User $user WP_User object of the logged-in user. |
---|
113 | */ |
---|
114 | do_action( 'wp_login', $user->user_login, $user ); |
---|
115 | return $user; |
---|
116 | } |
---|
117 | |
---|
118 | /** |
---|
119 | * Authenticate a user, confirming the username and password are valid. |
---|
120 | * |
---|
121 | * @since 2.8.0 |
---|
122 | * |
---|
123 | * @param WP_User|WP_Error|null $user WP_User or WP_Error object from a previous callback. Default null. |
---|
124 | * @param string $username Username for authentication. |
---|
125 | * @param string $password Password for authentication. |
---|
126 | * @return WP_User|WP_Error WP_User on success, WP_Error on failure. |
---|
127 | */ |
---|
128 | function wp_authenticate_username_password( $user, $username, $password ) { |
---|
129 | if ( $user instanceof WP_User ) { |
---|
130 | return $user; |
---|
131 | } |
---|
132 | |
---|
133 | if ( empty( $username ) || empty( $password ) ) { |
---|
134 | if ( is_wp_error( $user ) ) { |
---|
135 | return $user; |
---|
136 | } |
---|
137 | |
---|
138 | $error = new WP_Error(); |
---|
139 | |
---|
140 | if ( empty( $username ) ) { |
---|
141 | $error->add( 'empty_username', __( '<strong>ERROR</strong>: The username field is empty.' ) ); |
---|
142 | } |
---|
143 | |
---|
144 | if ( empty( $password ) ) { |
---|
145 | $error->add( 'empty_password', __( '<strong>ERROR</strong>: The password field is empty.' ) ); |
---|
146 | } |
---|
147 | |
---|
148 | return $error; |
---|
149 | } |
---|
150 | |
---|
151 | $user = get_user_by( 'login', $username ); |
---|
152 | |
---|
153 | if ( ! $user ) { |
---|
154 | return new WP_Error( |
---|
155 | 'invalid_username', |
---|
156 | __( '<strong>ERROR</strong>: Invalid username.' ) . |
---|
157 | ' <a href="' . wp_lostpassword_url() . '">' . |
---|
158 | __( 'Recover username..' ) . |
---|
159 | '</a>' |
---|
160 | ); |
---|
161 | } |
---|
162 | |
---|
163 | /** |
---|
164 | * Filters whether the given user can be authenticated with the provided $password. |
---|
165 | * |
---|
166 | * @since 2.5.0 |
---|
167 | * |
---|
168 | * @param WP_User|WP_Error $user WP_User or WP_Error object if a previous |
---|
169 | * callback failed authentication. |
---|
170 | * @param string $password Password to check against the user. |
---|
171 | */ |
---|
172 | $user = apply_filters( 'wp_authenticate_user', $user, $password ); |
---|
173 | if ( is_wp_error( $user ) ) { |
---|
174 | return $user; |
---|
175 | } |
---|
176 | |
---|
177 | if ( ! wp_check_password( $password, $user->user_pass, $user->ID ) ) { |
---|
178 | return new WP_Error( |
---|
179 | 'incorrect_password', |
---|
180 | sprintf( |
---|
181 | /* translators: %s: user name */ |
---|
182 | __( '<strong>ERROR</strong>: The password you entered for the username %s is incorrect.' ), |
---|
183 | '<strong>' . $username . '</strong>' |
---|
184 | ) . |
---|
185 | ' <a href="' . wp_lostpassword_url() . '">' . |
---|
186 | __( 'Lost your password?' ) . |
---|
187 | '</a>' |
---|
188 | ); |
---|
189 | } |
---|
190 | |
---|
191 | return $user; |
---|
192 | } |
---|
193 | |
---|
194 | /** |
---|
195 | * Authenticates a user using the email and password. |
---|
196 | * |
---|
197 | * @since 4.5.0 |
---|
198 | * |
---|
199 | * @param WP_User|WP_Error|null $user WP_User or WP_Error object if a previous |
---|
200 | * callback failed authentication. |
---|
201 | * @param string $email Email address for authentication. |
---|
202 | * @param string $password Password for authentication. |
---|
203 | * @return WP_User|WP_Error WP_User on success, WP_Error on failure. |
---|
204 | */ |
---|
205 | function wp_authenticate_email_password( $user, $email, $password ) { |
---|
206 | if ( $user instanceof WP_User ) { |
---|
207 | return $user; |
---|
208 | } |
---|
209 | |
---|
210 | if ( empty( $email ) || empty( $password ) ) { |
---|
211 | if ( is_wp_error( $user ) ) { |
---|
212 | return $user; |
---|
213 | } |
---|
214 | |
---|
215 | $error = new WP_Error(); |
---|
216 | |
---|
217 | if ( empty( $email ) ) { |
---|
218 | $error->add( 'empty_username', __( '<strong>ERROR</strong>: The email field is empty.' ) ); // Uses 'empty_username' for back-compat with wp_signon() |
---|
219 | } |
---|
220 | |
---|
221 | if ( empty( $password ) ) { |
---|
222 | $error->add( 'empty_password', __( '<strong>ERROR</strong>: The password field is empty.' ) ); |
---|
223 | } |
---|
224 | |
---|
225 | return $error; |
---|
226 | } |
---|
227 | |
---|
228 | if ( ! is_email( $email ) ) { |
---|
229 | return $user; |
---|
230 | } |
---|
231 | |
---|
232 | $user = get_user_by( 'email', $email ); |
---|
233 | |
---|
234 | if ( ! $user ) { |
---|
235 | return new WP_Error( |
---|
236 | 'invalid_email', |
---|
237 | __( '<strong>ERROR</strong>: Invalid email address.' ) . |
---|
238 | ' <a href="' . wp_lostpassword_url() . '">' . |
---|
239 | __( 'Recover account email address..' ) . |
---|
240 | '</a>' |
---|
241 | ); |
---|
242 | } |
---|
243 | |
---|
244 | /** This filter is documented in wp-includes/user.php */ |
---|
245 | $user = apply_filters( 'wp_authenticate_user', $user, $password ); |
---|
246 | |
---|
247 | if ( is_wp_error( $user ) ) { |
---|
248 | return $user; |
---|
249 | } |
---|
250 | |
---|
251 | if ( ! wp_check_password( $password, $user->user_pass, $user->ID ) ) { |
---|
252 | return new WP_Error( |
---|
253 | 'incorrect_password', |
---|
254 | sprintf( |
---|
255 | /* translators: %s: email address */ |
---|
256 | __( '<strong>ERROR</strong>: The password you entered for the email address %s is incorrect.' ), |
---|
257 | '<strong>' . $email . '</strong>' |
---|
258 | ) . |
---|
259 | ' <a href="' . wp_lostpassword_url() . '">' . |
---|
260 | __( 'Lost your password?' ) . |
---|
261 | '</a>' |
---|
262 | ); |
---|
263 | } |
---|
264 | |
---|
265 | return $user; |
---|
266 | } |
---|
267 | |
---|
268 | /** |
---|
269 | * Authenticate the user using the WordPress auth cookie. |
---|
270 | * |
---|
271 | * @since 2.8.0 |
---|
272 | * |
---|
273 | * @global string $auth_secure_cookie |
---|
274 | * |
---|
275 | * @param WP_User|WP_Error|null $user WP_User or WP_Error object from a previous callback. Default null. |
---|
276 | * @param string $username Username. If not empty, cancels the cookie authentication. |
---|
277 | * @param string $password Password. If not empty, cancels the cookie authentication. |
---|
278 | * @return WP_User|WP_Error WP_User on success, WP_Error on failure. |
---|
279 | */ |
---|
280 | function wp_authenticate_cookie( $user, $username, $password ) { |
---|
281 | if ( $user instanceof WP_User ) { |
---|
282 | return $user; |
---|
283 | } |
---|
284 | |
---|
285 | if ( empty( $username ) && empty( $password ) ) { |
---|
286 | $user_id = wp_validate_auth_cookie(); |
---|
287 | if ( $user_id ) { |
---|
288 | return new WP_User( $user_id ); |
---|
289 | } |
---|
290 | |
---|
291 | global $auth_secure_cookie; |
---|
292 | |
---|
293 | if ( $auth_secure_cookie ) { |
---|
294 | $auth_cookie = SECURE_AUTH_COOKIE; |
---|
295 | } else { |
---|
296 | $auth_cookie = AUTH_COOKIE; |
---|
297 | } |
---|
298 | |
---|
299 | if ( ! empty( $_COOKIE[ $auth_cookie ] ) ) { |
---|
300 | return new WP_Error( 'expired_session', __( 'Please log in again.' ) ); |
---|
301 | } |
---|
302 | |
---|
303 | // If the cookie is not set, be silent. |
---|
304 | } |
---|
305 | |
---|
306 | return $user; |
---|
307 | } |
---|
308 | |
---|
309 | /** |
---|
310 | * For Multisite blogs, check if the authenticated user has been marked as a |
---|
311 | * spammer, or if the user's primary blog has been marked as spam. |
---|
312 | * |
---|
313 | * @since 3.7.0 |
---|
314 | * |
---|
315 | * @param WP_User|WP_Error|null $user WP_User or WP_Error object from a previous callback. Default null. |
---|
316 | * @return WP_User|WP_Error WP_User on success, WP_Error if the user is considered a spammer. |
---|
317 | */ |
---|
318 | function wp_authenticate_spam_check( $user ) { |
---|
319 | if ( $user instanceof WP_User && is_multisite() ) { |
---|
320 | /** |
---|
321 | * Filters whether the user has been marked as a spammer. |
---|
322 | * |
---|
323 | * @since 3.7.0 |
---|
324 | * |
---|
325 | * @param bool $spammed Whether the user is considered a spammer. |
---|
326 | * @param WP_User $user User to check against. |
---|
327 | */ |
---|
328 | $spammed = apply_filters( 'check_is_user_spammed', is_user_spammy( $user ), $user ); |
---|
329 | |
---|
330 | if ( $spammed ) { |
---|
331 | return new WP_Error( 'spammer_account', __( '<strong>ERROR</strong>: Your account has been marked as a spammer.' ) ); |
---|
332 | } |
---|
333 | } |
---|
334 | return $user; |
---|
335 | } |
---|
336 | |
---|
337 | /** |
---|
338 | * Validates the logged-in cookie. |
---|
339 | * |
---|
340 | * Checks the logged-in cookie if the previous auth cookie could not be |
---|
341 | * validated and parsed. |
---|
342 | * |
---|
343 | * This is a callback for the {@see 'determine_current_user'} filter, rather than API. |
---|
344 | * |
---|
345 | * @since 3.9.0 |
---|
346 | * |
---|
347 | * @param int|bool $user_id The user ID (or false) as received from the |
---|
348 | * determine_current_user filter. |
---|
349 | * @return int|false User ID if validated, false otherwise. If a user ID from |
---|
350 | * an earlier filter callback is received, that value is returned. |
---|
351 | */ |
---|
352 | function wp_validate_logged_in_cookie( $user_id ) { |
---|
353 | if ( $user_id ) { |
---|
354 | return $user_id; |
---|
355 | } |
---|
356 | |
---|
357 | if ( is_blog_admin() || is_network_admin() || empty( $_COOKIE[ LOGGED_IN_COOKIE ] ) ) { |
---|
358 | return false; |
---|
359 | } |
---|
360 | |
---|
361 | return wp_validate_auth_cookie( $_COOKIE[ LOGGED_IN_COOKIE ], 'logged_in' ); |
---|
362 | } |
---|
363 | |
---|
364 | /** |
---|
365 | * Number of posts user has written. |
---|
366 | * |
---|
367 | * @since 3.0.0 |
---|
368 | * @since 4.1.0 Added `$post_type` argument. |
---|
369 | * @since 4.3.0 Added `$public_only` argument. Added the ability to pass an array |
---|
370 | * of post types to `$post_type`. |
---|
371 | * |
---|
372 | * @global wpdb $wpdb WordPress database abstraction object. |
---|
373 | * |
---|
374 | * @param int $userid User ID. |
---|
375 | * @param array|string $post_type Optional. Single post type or array of post types to count the number of posts for. Default 'post'. |
---|
376 | * @param bool $public_only Optional. Whether to only return counts for public posts. Default false. |
---|
377 | * @return string Number of posts the user has written in this post type. |
---|
378 | */ |
---|
379 | function count_user_posts( $userid, $post_type = 'post', $public_only = false ) { |
---|
380 | global $wpdb; |
---|
381 | |
---|
382 | $where = get_posts_by_author_sql( $post_type, true, $userid, $public_only ); |
---|
383 | |
---|
384 | $count = $wpdb->get_var( "SELECT COUNT(*) FROM $wpdb->posts $where" ); |
---|
385 | |
---|
386 | /** |
---|
387 | * Filters the number of posts a user has written. |
---|
388 | * |
---|
389 | * @since 2.7.0 |
---|
390 | * @since 4.1.0 Added `$post_type` argument. |
---|
391 | * @since 4.3.1 Added `$public_only` argument. |
---|
392 | * |
---|
393 | * @param int $count The user's post count. |
---|
394 | * @param int $userid User ID. |
---|
395 | * @param string|array $post_type Single post type or array of post types to count the number of posts for. |
---|
396 | * @param bool $public_only Whether to limit counted posts to public posts. |
---|
397 | */ |
---|
398 | return apply_filters( 'get_usernumposts', $count, $userid, $post_type, $public_only ); |
---|
399 | } |
---|
400 | |
---|
401 | /** |
---|
402 | * Number of posts written by a list of users. |
---|
403 | * |
---|
404 | * @since 3.0.0 |
---|
405 | * |
---|
406 | * @global wpdb $wpdb WordPress database abstraction object. |
---|
407 | * |
---|
408 | * @param array $users Array of user IDs. |
---|
409 | * @param string|array $post_type Optional. Single post type or array of post types to check. Defaults to 'post'. |
---|
410 | * @param bool $public_only Optional. Only return counts for public posts. Defaults to false. |
---|
411 | * @return array Amount of posts each user has written. |
---|
412 | */ |
---|
413 | function count_many_users_posts( $users, $post_type = 'post', $public_only = false ) { |
---|
414 | global $wpdb; |
---|
415 | |
---|
416 | $count = array(); |
---|
417 | if ( empty( $users ) || ! is_array( $users ) ) { |
---|
418 | return $count; |
---|
419 | } |
---|
420 | |
---|
421 | $userlist = implode( ',', array_map( 'absint', $users ) ); |
---|
422 | $where = get_posts_by_author_sql( $post_type, true, null, $public_only ); |
---|
423 | |
---|
424 | $result = $wpdb->get_results( "SELECT post_author, COUNT(*) FROM $wpdb->posts $where AND post_author IN ($userlist) GROUP BY post_author", ARRAY_N ); |
---|
425 | foreach ( $result as $row ) { |
---|
426 | $count[ $row[0] ] = $row[1]; |
---|
427 | } |
---|
428 | |
---|
429 | foreach ( $users as $id ) { |
---|
430 | if ( ! isset( $count[ $id ] ) ) { |
---|
431 | $count[ $id ] = 0; |
---|
432 | } |
---|
433 | } |
---|
434 | |
---|
435 | return $count; |
---|
436 | } |
---|
437 | |
---|
438 | // |
---|
439 | // User option functions |
---|
440 | // |
---|
441 | |
---|
442 | /** |
---|
443 | * Get the current user's ID |
---|
444 | * |
---|
445 | * @since MU (3.0.0) |
---|
446 | * |
---|
447 | * @return int The current user's ID, or 0 if no user is logged in. |
---|
448 | */ |
---|
449 | function get_current_user_id() { |
---|
450 | if ( ! function_exists( 'wp_get_current_user' ) ) { |
---|
451 | return 0; |
---|
452 | } |
---|
453 | $user = wp_get_current_user(); |
---|
454 | return ( isset( $user->ID ) ? (int) $user->ID : 0 ); |
---|
455 | } |
---|
456 | |
---|
457 | /** |
---|
458 | * Retrieve user option that can be either per Site or per Network. |
---|
459 | * |
---|
460 | * If the user ID is not given, then the current user will be used instead. If |
---|
461 | * the user ID is given, then the user data will be retrieved. The filter for |
---|
462 | * the result, will also pass the original option name and finally the user data |
---|
463 | * object as the third parameter. |
---|
464 | * |
---|
465 | * The option will first check for the per site name and then the per Network name. |
---|
466 | * |
---|
467 | * @since 2.0.0 |
---|
468 | * |
---|
469 | * @global wpdb $wpdb WordPress database abstraction object. |
---|
470 | * |
---|
471 | * @param string $option User option name. |
---|
472 | * @param int $user Optional. User ID. |
---|
473 | * @param string $deprecated Use get_option() to check for an option in the options table. |
---|
474 | * @return mixed User option value on success, false on failure. |
---|
475 | */ |
---|
476 | function get_user_option( $option, $user = 0, $deprecated = '' ) { |
---|
477 | global $wpdb; |
---|
478 | |
---|
479 | if ( ! empty( $deprecated ) ) { |
---|
480 | _deprecated_argument( __FUNCTION__, '3.0.0' ); |
---|
481 | } |
---|
482 | |
---|
483 | if ( empty( $user ) ) { |
---|
484 | $user = get_current_user_id(); |
---|
485 | } |
---|
486 | |
---|
487 | if ( ! $user = get_userdata( $user ) ) { |
---|
488 | return false; |
---|
489 | } |
---|
490 | |
---|
491 | $prefix = $wpdb->get_blog_prefix(); |
---|
492 | if ( $user->has_prop( $prefix . $option ) ) { // Blog specific |
---|
493 | $result = $user->get( $prefix . $option ); |
---|
494 | } elseif ( $user->has_prop( $option ) ) { // User specific and cross-blog |
---|
495 | $result = $user->get( $option ); |
---|
496 | } else { |
---|
497 | $result = false; |
---|
498 | } |
---|
499 | |
---|
500 | /** |
---|
501 | * Filters a specific user option value. |
---|
502 | * |
---|
503 | * The dynamic portion of the hook name, `$option`, refers to the user option name. |
---|
504 | * |
---|
505 | * @since 2.5.0 |
---|
506 | * |
---|
507 | * @param mixed $result Value for the user's option. |
---|
508 | * @param string $option Name of the option being retrieved. |
---|
509 | * @param WP_User $user WP_User object of the user whose option is being retrieved. |
---|
510 | */ |
---|
511 | return apply_filters( "get_user_option_{$option}", $result, $option, $user ); |
---|
512 | } |
---|
513 | |
---|
514 | /** |
---|
515 | * Update user option with global blog capability. |
---|
516 | * |
---|
517 | * User options are just like user metadata except that they have support for |
---|
518 | * global blog options. If the 'global' parameter is false, which it is by default |
---|
519 | * it will prepend the WordPress table prefix to the option name. |
---|
520 | * |
---|
521 | * Deletes the user option if $newvalue is empty. |
---|
522 | * |
---|
523 | * @since 2.0.0 |
---|
524 | * |
---|
525 | * @global wpdb $wpdb WordPress database abstraction object. |
---|
526 | * |
---|
527 | * @param int $user_id User ID. |
---|
528 | * @param string $option_name User option name. |
---|
529 | * @param mixed $newvalue User option value. |
---|
530 | * @param bool $global Optional. Whether option name is global or blog specific. |
---|
531 | * Default false (blog specific). |
---|
532 | * @return int|bool User meta ID if the option didn't exist, true on successful update, |
---|
533 | * false on failure. |
---|
534 | */ |
---|
535 | function update_user_option( $user_id, $option_name, $newvalue, $global = false ) { |
---|
536 | global $wpdb; |
---|
537 | |
---|
538 | if ( ! $global ) { |
---|
539 | $option_name = $wpdb->get_blog_prefix() . $option_name; |
---|
540 | } |
---|
541 | |
---|
542 | return update_user_meta( $user_id, $option_name, $newvalue ); |
---|
543 | } |
---|
544 | |
---|
545 | /** |
---|
546 | * Delete user option with global blog capability. |
---|
547 | * |
---|
548 | * User options are just like user metadata except that they have support for |
---|
549 | * global blog options. If the 'global' parameter is false, which it is by default |
---|
550 | * it will prepend the WordPress table prefix to the option name. |
---|
551 | * |
---|
552 | * @since 3.0.0 |
---|
553 | * |
---|
554 | * @global wpdb $wpdb WordPress database abstraction object. |
---|
555 | * |
---|
556 | * @param int $user_id User ID |
---|
557 | * @param string $option_name User option name. |
---|
558 | * @param bool $global Optional. Whether option name is global or blog specific. |
---|
559 | * Default false (blog specific). |
---|
560 | * @return bool True on success, false on failure. |
---|
561 | */ |
---|
562 | function delete_user_option( $user_id, $option_name, $global = false ) { |
---|
563 | global $wpdb; |
---|
564 | |
---|
565 | if ( ! $global ) { |
---|
566 | $option_name = $wpdb->get_blog_prefix() . $option_name; |
---|
567 | } |
---|
568 | return delete_user_meta( $user_id, $option_name ); |
---|
569 | } |
---|
570 | |
---|
571 | /** |
---|
572 | * Retrieve list of users matching criteria. |
---|
573 | * |
---|
574 | * @since 3.1.0 |
---|
575 | * |
---|
576 | * @see WP_User_Query |
---|
577 | * |
---|
578 | * @param array $args Optional. Arguments to retrieve users. See WP_User_Query::prepare_query(). |
---|
579 | * for more information on accepted arguments. |
---|
580 | * @return array List of users. |
---|
581 | */ |
---|
582 | function get_users( $args = array() ) { |
---|
583 | |
---|
584 | $args = wp_parse_args( $args ); |
---|
585 | $args['count_total'] = false; |
---|
586 | |
---|
587 | $user_search = new WP_User_Query( $args ); |
---|
588 | |
---|
589 | return (array) $user_search->get_results(); |
---|
590 | } |
---|
591 | |
---|
592 | /** |
---|
593 | * Get the sites a user belongs to. |
---|
594 | * |
---|
595 | * @since 3.0.0 |
---|
596 | * @since 4.7.0 Converted to use get_sites(). |
---|
597 | * |
---|
598 | * @global wpdb $wpdb WordPress database abstraction object. |
---|
599 | * |
---|
600 | * @param int $user_id User ID |
---|
601 | * @param bool $all Whether to retrieve all sites, or only sites that are not |
---|
602 | * marked as deleted, archived, or spam. |
---|
603 | * @return array A list of the user's sites. An empty array if the user doesn't exist |
---|
604 | * or belongs to no sites. |
---|
605 | */ |
---|
606 | function get_blogs_of_user( $user_id, $all = false ) { |
---|
607 | global $wpdb; |
---|
608 | |
---|
609 | $user_id = (int) $user_id; |
---|
610 | |
---|
611 | // Logged out users can't have sites |
---|
612 | if ( empty( $user_id ) ) { |
---|
613 | return array(); |
---|
614 | } |
---|
615 | |
---|
616 | /** |
---|
617 | * Filters the list of a user's sites before it is populated. |
---|
618 | * |
---|
619 | * Passing a non-null value to the filter will effectively short circuit |
---|
620 | * get_blogs_of_user(), returning that value instead. |
---|
621 | * |
---|
622 | * @since 4.6.0 |
---|
623 | * |
---|
624 | * @param null|array $sites An array of site objects of which the user is a member. |
---|
625 | * @param int $user_id User ID. |
---|
626 | * @param bool $all Whether the returned array should contain all sites, including |
---|
627 | * those marked 'deleted', 'archived', or 'spam'. Default false. |
---|
628 | */ |
---|
629 | $sites = apply_filters( 'pre_get_blogs_of_user', null, $user_id, $all ); |
---|
630 | |
---|
631 | if ( null !== $sites ) { |
---|
632 | return $sites; |
---|
633 | } |
---|
634 | |
---|
635 | $keys = get_user_meta( $user_id ); |
---|
636 | if ( empty( $keys ) ) { |
---|
637 | return array(); |
---|
638 | } |
---|
639 | |
---|
640 | if ( ! is_multisite() ) { |
---|
641 | $site_id = get_current_blog_id(); |
---|
642 | $sites = array( $site_id => new stdClass ); |
---|
643 | $sites[ $site_id ]->userblog_id = $site_id; |
---|
644 | $sites[ $site_id ]->blogname = get_option( 'blogname' ); |
---|
645 | $sites[ $site_id ]->domain = ''; |
---|
646 | $sites[ $site_id ]->path = ''; |
---|
647 | $sites[ $site_id ]->site_id = 1; |
---|
648 | $sites[ $site_id ]->siteurl = get_option( 'siteurl' ); |
---|
649 | $sites[ $site_id ]->archived = 0; |
---|
650 | $sites[ $site_id ]->spam = 0; |
---|
651 | $sites[ $site_id ]->deleted = 0; |
---|
652 | return $sites; |
---|
653 | } |
---|
654 | |
---|
655 | $site_ids = array(); |
---|
656 | |
---|
657 | if ( isset( $keys[ $wpdb->base_prefix . 'capabilities' ] ) && defined( 'MULTISITE' ) ) { |
---|
658 | $site_ids[] = 1; |
---|
659 | unset( $keys[ $wpdb->base_prefix . 'capabilities' ] ); |
---|
660 | } |
---|
661 | |
---|
662 | $keys = array_keys( $keys ); |
---|
663 | |
---|
664 | foreach ( $keys as $key ) { |
---|
665 | if ( 'capabilities' !== substr( $key, -12 ) ) { |
---|
666 | continue; |
---|
667 | } |
---|
668 | if ( $wpdb->base_prefix && 0 !== strpos( $key, $wpdb->base_prefix ) ) { |
---|
669 | continue; |
---|
670 | } |
---|
671 | $site_id = str_replace( array( $wpdb->base_prefix, '_capabilities' ), '', $key ); |
---|
672 | if ( ! is_numeric( $site_id ) ) { |
---|
673 | continue; |
---|
674 | } |
---|
675 | |
---|
676 | $site_ids[] = (int) $site_id; |
---|
677 | } |
---|
678 | |
---|
679 | $sites = array(); |
---|
680 | |
---|
681 | if ( ! empty( $site_ids ) ) { |
---|
682 | $args = array( |
---|
683 | 'number' => '', |
---|
684 | 'site__in' => $site_ids, |
---|
685 | ); |
---|
686 | if ( ! $all ) { |
---|
687 | $args['archived'] = 0; |
---|
688 | $args['spam'] = 0; |
---|
689 | $args['deleted'] = 0; |
---|
690 | } |
---|
691 | |
---|
692 | $_sites = get_sites( $args ); |
---|
693 | |
---|
694 | foreach ( $_sites as $site ) { |
---|
695 | $sites[ $site->id ] = (object) array( |
---|
696 | 'userblog_id' => $site->id, |
---|
697 | 'blogname' => $site->blogname, |
---|
698 | 'domain' => $site->domain, |
---|
699 | 'path' => $site->path, |
---|
700 | 'site_id' => $site->network_id, |
---|
701 | 'siteurl' => $site->siteurl, |
---|
702 | 'archived' => $site->archived, |
---|
703 | 'mature' => $site->mature, |
---|
704 | 'spam' => $site->spam, |
---|
705 | 'deleted' => $site->deleted, |
---|
706 | ); |
---|
707 | } |
---|
708 | } |
---|
709 | |
---|
710 | /** |
---|
711 | * Filters the list of sites a user belongs to. |
---|
712 | * |
---|
713 | * @since MU (3.0.0) |
---|
714 | * |
---|
715 | * @param array $sites An array of site objects belonging to the user. |
---|
716 | * @param int $user_id User ID. |
---|
717 | * @param bool $all Whether the returned sites array should contain all sites, including |
---|
718 | * those marked 'deleted', 'archived', or 'spam'. Default false. |
---|
719 | */ |
---|
720 | return apply_filters( 'get_blogs_of_user', $sites, $user_id, $all ); |
---|
721 | } |
---|
722 | |
---|
723 | /** |
---|
724 | * Find out whether a user is a member of a given blog. |
---|
725 | * |
---|
726 | * @since MU (3.0.0) |
---|
727 | * |
---|
728 | * @global wpdb $wpdb WordPress database abstraction object. |
---|
729 | * |
---|
730 | * @param int $user_id Optional. The unique ID of the user. Defaults to the current user. |
---|
731 | * @param int $blog_id Optional. ID of the blog to check. Defaults to the current site. |
---|
732 | * @return bool |
---|
733 | */ |
---|
734 | function is_user_member_of_blog( $user_id = 0, $blog_id = 0 ) { |
---|
735 | global $wpdb; |
---|
736 | |
---|
737 | $user_id = (int) $user_id; |
---|
738 | $blog_id = (int) $blog_id; |
---|
739 | |
---|
740 | if ( empty( $user_id ) ) { |
---|
741 | $user_id = get_current_user_id(); |
---|
742 | } |
---|
743 | |
---|
744 | // Technically not needed, but does save calls to get_site and get_user_meta |
---|
745 | // in the event that the function is called when a user isn't logged in |
---|
746 | if ( empty( $user_id ) ) { |
---|
747 | return false; |
---|
748 | } else { |
---|
749 | $user = get_userdata( $user_id ); |
---|
750 | if ( ! $user instanceof WP_User ) { |
---|
751 | return false; |
---|
752 | } |
---|
753 | } |
---|
754 | |
---|
755 | if ( ! is_multisite() ) { |
---|
756 | return true; |
---|
757 | } |
---|
758 | |
---|
759 | if ( empty( $blog_id ) ) { |
---|
760 | $blog_id = get_current_blog_id(); |
---|
761 | } |
---|
762 | |
---|
763 | $blog = get_site( $blog_id ); |
---|
764 | |
---|
765 | if ( ! $blog || ! isset( $blog->domain ) || $blog->archived || $blog->spam || $blog->deleted ) { |
---|
766 | return false; |
---|
767 | } |
---|
768 | |
---|
769 | $keys = get_user_meta( $user_id ); |
---|
770 | if ( empty( $keys ) ) { |
---|
771 | return false; |
---|
772 | } |
---|
773 | |
---|
774 | // no underscore before capabilities in $base_capabilities_key |
---|
775 | $base_capabilities_key = $wpdb->base_prefix . 'capabilities'; |
---|
776 | $site_capabilities_key = $wpdb->base_prefix . $blog_id . '_capabilities'; |
---|
777 | |
---|
778 | if ( isset( $keys[ $base_capabilities_key ] ) && $blog_id == 1 ) { |
---|
779 | return true; |
---|
780 | } |
---|
781 | |
---|
782 | if ( isset( $keys[ $site_capabilities_key ] ) ) { |
---|
783 | return true; |
---|
784 | } |
---|
785 | |
---|
786 | return false; |
---|
787 | } |
---|
788 | |
---|
789 | /** |
---|
790 | * Adds meta data to a user. |
---|
791 | * |
---|
792 | * @since 3.0.0 |
---|
793 | * |
---|
794 | * @param int $user_id User ID. |
---|
795 | * @param string $meta_key Metadata name. |
---|
796 | * @param mixed $meta_value Metadata value. |
---|
797 | * @param bool $unique Optional. Whether the same key should not be added. Default false. |
---|
798 | * @return int|false Meta ID on success, false on failure. |
---|
799 | */ |
---|
800 | function add_user_meta( $user_id, $meta_key, $meta_value, $unique = false ) { |
---|
801 | return add_metadata( 'user', $user_id, $meta_key, $meta_value, $unique ); |
---|
802 | } |
---|
803 | |
---|
804 | /** |
---|
805 | * Remove metadata matching criteria from a user. |
---|
806 | * |
---|
807 | * You can match based on the key, or key and value. Removing based on key and |
---|
808 | * value, will keep from removing duplicate metadata with the same key. It also |
---|
809 | * allows removing all metadata matching key, if needed. |
---|
810 | * |
---|
811 | * @since 3.0.0 |
---|
812 | * @link https://codex.wordpress.org/Function_Reference/delete_user_meta |
---|
813 | * |
---|
814 | * @param int $user_id User ID |
---|
815 | * @param string $meta_key Metadata name. |
---|
816 | * @param mixed $meta_value Optional. Metadata value. |
---|
817 | * @return bool True on success, false on failure. |
---|
818 | */ |
---|
819 | function delete_user_meta( $user_id, $meta_key, $meta_value = '' ) { |
---|
820 | return delete_metadata( 'user', $user_id, $meta_key, $meta_value ); |
---|
821 | } |
---|
822 | |
---|
823 | /** |
---|
824 | * Retrieve user meta field for a user. |
---|
825 | * |
---|
826 | * @since 3.0.0 |
---|
827 | * @link https://codex.wordpress.org/Function_Reference/get_user_meta |
---|
828 | * |
---|
829 | * @param int $user_id User ID. |
---|
830 | * @param string $key Optional. The meta key to retrieve. By default, returns data for all keys. |
---|
831 | * @param bool $single Whether to return a single value. |
---|
832 | * @return mixed Will be an array if $single is false. Will be value of meta data field if $single is true. |
---|
833 | */ |
---|
834 | function get_user_meta( $user_id, $key = '', $single = false ) { |
---|
835 | return get_metadata( 'user', $user_id, $key, $single ); |
---|
836 | } |
---|
837 | |
---|
838 | /** |
---|
839 | * Update user meta field based on user ID. |
---|
840 | * |
---|
841 | * Use the $prev_value parameter to differentiate between meta fields with the |
---|
842 | * same key and user ID. |
---|
843 | * |
---|
844 | * If the meta field for the user does not exist, it will be added. |
---|
845 | * |
---|
846 | * @since 3.0.0 |
---|
847 | * @link https://codex.wordpress.org/Function_Reference/update_user_meta |
---|
848 | * |
---|
849 | * @param int $user_id User ID. |
---|
850 | * @param string $meta_key Metadata key. |
---|
851 | * @param mixed $meta_value Metadata value. |
---|
852 | * @param mixed $prev_value Optional. Previous value to check before removing. |
---|
853 | * @return int|bool Meta ID if the key didn't exist, true on successful update, false on failure. |
---|
854 | */ |
---|
855 | function update_user_meta( $user_id, $meta_key, $meta_value, $prev_value = '' ) { |
---|
856 | return update_metadata( 'user', $user_id, $meta_key, $meta_value, $prev_value ); |
---|
857 | } |
---|
858 | |
---|
859 | /** |
---|
860 | * Count number of users who have each of the user roles. |
---|
861 | * |
---|
862 | * Assumes there are neither duplicated nor orphaned capabilities meta_values. |
---|
863 | * Assumes role names are unique phrases. Same assumption made by WP_User_Query::prepare_query() |
---|
864 | * Using $strategy = 'time' this is CPU-intensive and should handle around 10^7 users. |
---|
865 | * Using $strategy = 'memory' this is memory-intensive and should handle around 10^5 users, but see WP Bug #12257. |
---|
866 | * |
---|
867 | * @since 3.0.0 |
---|
868 | * @since 4.4.0 The number of users with no role is now included in the `none` element. |
---|
869 | * @since 4.9.0 The `$site_id` parameter was added to support multisite. |
---|
870 | * |
---|
871 | * @global wpdb $wpdb WordPress database abstraction object. |
---|
872 | * |
---|
873 | * @param string $strategy Optional. The computational strategy to use when counting the users. |
---|
874 | * Accepts either 'time' or 'memory'. Default 'time'. |
---|
875 | * @param int|null $site_id Optional. The site ID to count users for. Defaults to the current site. |
---|
876 | * @return array Includes a grand total and an array of counts indexed by role strings. |
---|
877 | */ |
---|
878 | function count_users( $strategy = 'time', $site_id = null ) { |
---|
879 | global $wpdb; |
---|
880 | |
---|
881 | // Initialize |
---|
882 | if ( ! $site_id ) { |
---|
883 | $site_id = get_current_blog_id(); |
---|
884 | } |
---|
885 | $blog_prefix = $wpdb->get_blog_prefix( $site_id ); |
---|
886 | $result = array(); |
---|
887 | |
---|
888 | if ( 'time' == $strategy ) { |
---|
889 | if ( is_multisite() && $site_id != get_current_blog_id() ) { |
---|
890 | switch_to_blog( $site_id ); |
---|
891 | $avail_roles = wp_roles()->get_names(); |
---|
892 | restore_current_blog(); |
---|
893 | } else { |
---|
894 | $avail_roles = wp_roles()->get_names(); |
---|
895 | } |
---|
896 | |
---|
897 | // Build a CPU-intensive query that will return concise information. |
---|
898 | $select_count = array(); |
---|
899 | foreach ( $avail_roles as $this_role => $name ) { |
---|
900 | $select_count[] = $wpdb->prepare( 'COUNT(NULLIF(`meta_value` LIKE %s, false))', '%' . $wpdb->esc_like( '"' . $this_role . '"' ) . '%' ); |
---|
901 | } |
---|
902 | $select_count[] = "COUNT(NULLIF(`meta_value` = 'a:0:{}', false))"; |
---|
903 | $select_count = implode( ', ', $select_count ); |
---|
904 | |
---|
905 | // Add the meta_value index to the selection list, then run the query. |
---|
906 | $row = $wpdb->get_row( |
---|
907 | " |
---|
908 | SELECT {$select_count}, COUNT(*) |
---|
909 | FROM {$wpdb->usermeta} |
---|
910 | INNER JOIN {$wpdb->users} ON user_id = ID |
---|
911 | WHERE meta_key = '{$blog_prefix}capabilities' |
---|
912 | ", ARRAY_N |
---|
913 | ); |
---|
914 | |
---|
915 | // Run the previous loop again to associate results with role names. |
---|
916 | $col = 0; |
---|
917 | $role_counts = array(); |
---|
918 | foreach ( $avail_roles as $this_role => $name ) { |
---|
919 | $count = (int) $row[ $col++ ]; |
---|
920 | if ( $count > 0 ) { |
---|
921 | $role_counts[ $this_role ] = $count; |
---|
922 | } |
---|
923 | } |
---|
924 | |
---|
925 | $role_counts['none'] = (int) $row[ $col++ ]; |
---|
926 | |
---|
927 | // Get the meta_value index from the end of the result set. |
---|
928 | $total_users = (int) $row[ $col ]; |
---|
929 | |
---|
930 | $result['total_users'] = $total_users; |
---|
931 | $result['avail_roles'] =& $role_counts; |
---|
932 | } else { |
---|
933 | $avail_roles = array( |
---|
934 | 'none' => 0, |
---|
935 | ); |
---|
936 | |
---|
937 | $users_of_blog = $wpdb->get_col( |
---|
938 | " |
---|
939 | SELECT meta_value |
---|
940 | FROM {$wpdb->usermeta} |
---|
941 | INNER JOIN {$wpdb->users} ON user_id = ID |
---|
942 | WHERE meta_key = '{$blog_prefix}capabilities' |
---|
943 | " |
---|
944 | ); |
---|
945 | |
---|
946 | foreach ( $users_of_blog as $caps_meta ) { |
---|
947 | $b_roles = maybe_unserialize( $caps_meta ); |
---|
948 | if ( ! is_array( $b_roles ) ) { |
---|
949 | continue; |
---|
950 | } |
---|
951 | if ( empty( $b_roles ) ) { |
---|
952 | $avail_roles['none']++; |
---|
953 | } |
---|
954 | foreach ( $b_roles as $b_role => $val ) { |
---|
955 | if ( isset( $avail_roles[ $b_role ] ) ) { |
---|
956 | $avail_roles[ $b_role ]++; |
---|
957 | } else { |
---|
958 | $avail_roles[ $b_role ] = 1; |
---|
959 | } |
---|
960 | } |
---|
961 | } |
---|
962 | |
---|
963 | $result['total_users'] = count( $users_of_blog ); |
---|
964 | $result['avail_roles'] =& $avail_roles; |
---|
965 | } |
---|
966 | |
---|
967 | return $result; |
---|
968 | } |
---|
969 | |
---|
970 | // |
---|
971 | // Private helper functions |
---|
972 | // |
---|
973 | |
---|
974 | /** |
---|
975 | * Set up global user vars. |
---|
976 | * |
---|
977 | * Used by wp_set_current_user() for back compat. Might be deprecated in the future. |
---|
978 | * |
---|
979 | * @since 2.0.4 |
---|
980 | * |
---|
981 | * @global string $user_login The user username for logging in |
---|
982 | * @global WP_User $userdata User data. |
---|
983 | * @global int $user_level The level of the user |
---|
984 | * @global int $user_ID The ID of the user |
---|
985 | * @global string $user_email The email address of the user |
---|
986 | * @global string $user_url The url in the user's profile |
---|
987 | * @global string $user_identity The display name of the user |
---|
988 | * |
---|
989 | * @param int $for_user_id Optional. User ID to set up global data. |
---|
990 | */ |
---|
991 | function setup_userdata( $for_user_id = '' ) { |
---|
992 | global $user_login, $userdata, $user_level, $user_ID, $user_email, $user_url, $user_identity; |
---|
993 | |
---|
994 | if ( '' == $for_user_id ) { |
---|
995 | $for_user_id = get_current_user_id(); |
---|
996 | } |
---|
997 | $user = get_userdata( $for_user_id ); |
---|
998 | |
---|
999 | if ( ! $user ) { |
---|
1000 | $user_ID = 0; |
---|
1001 | $user_level = 0; |
---|
1002 | $userdata = null; |
---|
1003 | $user_login = $user_email = $user_url = $user_identity = ''; |
---|
1004 | return; |
---|
1005 | } |
---|
1006 | |
---|
1007 | $user_ID = (int) $user->ID; |
---|
1008 | $user_level = (int) $user->user_level; |
---|
1009 | $userdata = $user; |
---|
1010 | $user_login = $user->user_login; |
---|
1011 | $user_email = $user->user_email; |
---|
1012 | $user_url = $user->user_url; |
---|
1013 | $user_identity = $user->display_name; |
---|
1014 | } |
---|
1015 | |
---|
1016 | /** |
---|
1017 | * Create dropdown HTML content of users. |
---|
1018 | * |
---|
1019 | * The content can either be displayed, which it is by default or retrieved by |
---|
1020 | * setting the 'echo' argument. The 'include' and 'exclude' arguments do not |
---|
1021 | * need to be used; all users will be displayed in that case. Only one can be |
---|
1022 | * used, either 'include' or 'exclude', but not both. |
---|
1023 | * |
---|
1024 | * The available arguments are as follows: |
---|
1025 | * |
---|
1026 | * @since 2.3.0 |
---|
1027 | * @since 4.5.0 Added the 'display_name_with_login' value for 'show'. |
---|
1028 | * @since 4.7.0 Added the `$role`, `$role__in`, and `$role__not_in` parameters. |
---|
1029 | * |
---|
1030 | * @param array|string $args { |
---|
1031 | * Optional. Array or string of arguments to generate a drop-down of users. |
---|
1032 | * See WP_User_Query::prepare_query() for additional available arguments. |
---|
1033 | * |
---|
1034 | * @type string $show_option_all Text to show as the drop-down default (all). |
---|
1035 | * Default empty. |
---|
1036 | * @type string $show_option_none Text to show as the drop-down default when no |
---|
1037 | * users were found. Default empty. |
---|
1038 | * @type int|string $option_none_value Value to use for $show_option_non when no users |
---|
1039 | * were found. Default -1. |
---|
1040 | * @type string $hide_if_only_one_author Whether to skip generating the drop-down |
---|
1041 | * if only one user was found. Default empty. |
---|
1042 | * @type string $orderby Field to order found users by. Accepts user fields. |
---|
1043 | * Default 'display_name'. |
---|
1044 | * @type string $order Whether to order users in ascending or descending |
---|
1045 | * order. Accepts 'ASC' (ascending) or 'DESC' (descending). |
---|
1046 | * Default 'ASC'. |
---|
1047 | * @type array|string $include Array or comma-separated list of user IDs to include. |
---|
1048 | * Default empty. |
---|
1049 | * @type array|string $exclude Array or comma-separated list of user IDs to exclude. |
---|
1050 | * Default empty. |
---|
1051 | * @type bool|int $multi Whether to skip the ID attribute on the 'select' element. |
---|
1052 | * Accepts 1|true or 0|false. Default 0|false. |
---|
1053 | * @type string $show User data to display. If the selected item is empty |
---|
1054 | * then the 'user_login' will be displayed in parentheses. |
---|
1055 | * Accepts any user field, or 'display_name_with_login' to show |
---|
1056 | * the display name with user_login in parentheses. |
---|
1057 | * Default 'display_name'. |
---|
1058 | * @type int|bool $echo Whether to echo or return the drop-down. Accepts 1|true (echo) |
---|
1059 | * or 0|false (return). Default 1|true. |
---|
1060 | * @type int $selected Which user ID should be selected. Default 0. |
---|
1061 | * @type bool $include_selected Whether to always include the selected user ID in the drop- |
---|
1062 | * down. Default false. |
---|
1063 | * @type string $name Name attribute of select element. Default 'user'. |
---|
1064 | * @type string $id ID attribute of the select element. Default is the value of $name. |
---|
1065 | * @type string $class Class attribute of the select element. Default empty. |
---|
1066 | * @type int $blog_id ID of blog (Multisite only). Default is ID of the current blog. |
---|
1067 | * @type string $who Which type of users to query. Accepts only an empty string or |
---|
1068 | * 'authors'. Default empty. |
---|
1069 | * @type string|array $role An array or a comma-separated list of role names that users must |
---|
1070 | * match to be included in results. Note that this is an inclusive |
---|
1071 | * list: users must match *each* role. Default empty. |
---|
1072 | * @type array $role__in An array of role names. Matched users must have at least one of |
---|
1073 | * these roles. Default empty array. |
---|
1074 | * @type array $role__not_in An array of role names to exclude. Users matching one or more of |
---|
1075 | * these roles will not be included in results. Default empty array. |
---|
1076 | * } |
---|
1077 | * @return string String of HTML content. |
---|
1078 | */ |
---|
1079 | function wp_dropdown_users( $args = '' ) { |
---|
1080 | $defaults = array( |
---|
1081 | 'show_option_all' => '', |
---|
1082 | 'show_option_none' => '', |
---|
1083 | 'hide_if_only_one_author' => '', |
---|
1084 | 'orderby' => 'display_name', |
---|
1085 | 'order' => 'ASC', |
---|
1086 | 'include' => '', |
---|
1087 | 'exclude' => '', |
---|
1088 | 'multi' => 0, |
---|
1089 | 'show' => 'display_name', |
---|
1090 | 'echo' => 1, |
---|
1091 | 'selected' => 0, |
---|
1092 | 'name' => 'user', |
---|
1093 | 'class' => '', |
---|
1094 | 'id' => '', |
---|
1095 | 'blog_id' => get_current_blog_id(), |
---|
1096 | 'who' => '', |
---|
1097 | 'include_selected' => false, |
---|
1098 | 'option_none_value' => -1, |
---|
1099 | 'role' => '', |
---|
1100 | 'role__in' => array(), |
---|
1101 | 'role__not_in' => array(), |
---|
1102 | ); |
---|
1103 | |
---|
1104 | $defaults['selected'] = is_author() ? get_query_var( 'author' ) : 0; |
---|
1105 | |
---|
1106 | $r = wp_parse_args( $args, $defaults ); |
---|
1107 | |
---|
1108 | $query_args = wp_array_slice_assoc( $r, array( 'blog_id', 'include', 'exclude', 'orderby', 'order', 'who', 'role', 'role__in', 'role__not_in' ) ); |
---|
1109 | |
---|
1110 | $fields = array( 'ID', 'user_login' ); |
---|
1111 | |
---|
1112 | $show = ! empty( $r['show'] ) ? $r['show'] : 'display_name'; |
---|
1113 | if ( 'display_name_with_login' === $show ) { |
---|
1114 | $fields[] = 'display_name'; |
---|
1115 | } else { |
---|
1116 | $fields[] = $show; |
---|
1117 | } |
---|
1118 | |
---|
1119 | $query_args['fields'] = $fields; |
---|
1120 | |
---|
1121 | $show_option_all = $r['show_option_all']; |
---|
1122 | $show_option_none = $r['show_option_none']; |
---|
1123 | $option_none_value = $r['option_none_value']; |
---|
1124 | |
---|
1125 | /** |
---|
1126 | * Filters the query arguments for the list of users in the dropdown. |
---|
1127 | * |
---|
1128 | * @since 4.4.0 |
---|
1129 | * |
---|
1130 | * @param array $query_args The query arguments for get_users(). |
---|
1131 | * @param array $r The arguments passed to wp_dropdown_users() combined with the defaults. |
---|
1132 | */ |
---|
1133 | $query_args = apply_filters( 'wp_dropdown_users_args', $query_args, $r ); |
---|
1134 | |
---|
1135 | $users = get_users( $query_args ); |
---|
1136 | |
---|
1137 | $output = ''; |
---|
1138 | if ( ! empty( $users ) && ( empty( $r['hide_if_only_one_author'] ) || count( $users ) > 1 ) ) { |
---|
1139 | $name = esc_attr( $r['name'] ); |
---|
1140 | if ( $r['multi'] && ! $r['id'] ) { |
---|
1141 | $id = ''; |
---|
1142 | } else { |
---|
1143 | $id = $r['id'] ? " id='" . esc_attr( $r['id'] ) . "'" : " id='$name'"; |
---|
1144 | } |
---|
1145 | $output = "<select name='{$name}'{$id} class='" . $r['class'] . "'>\n"; |
---|
1146 | |
---|
1147 | if ( $show_option_all ) { |
---|
1148 | $output .= "\t<option value='0'>$show_option_all</option>\n"; |
---|
1149 | } |
---|
1150 | |
---|
1151 | if ( $show_option_none ) { |
---|
1152 | $_selected = selected( $option_none_value, $r['selected'], false ); |
---|
1153 | $output .= "\t<option value='" . esc_attr( $option_none_value ) . "'$_selected>$show_option_none</option>\n"; |
---|
1154 | } |
---|
1155 | |
---|
1156 | if ( $r['include_selected'] && ( $r['selected'] > 0 ) ) { |
---|
1157 | $found_selected = false; |
---|
1158 | $r['selected'] = (int) $r['selected']; |
---|
1159 | foreach ( (array) $users as $user ) { |
---|
1160 | $user->ID = (int) $user->ID; |
---|
1161 | if ( $user->ID === $r['selected'] ) { |
---|
1162 | $found_selected = true; |
---|
1163 | } |
---|
1164 | } |
---|
1165 | |
---|
1166 | if ( ! $found_selected ) { |
---|
1167 | $users[] = get_userdata( $r['selected'] ); |
---|
1168 | } |
---|
1169 | } |
---|
1170 | |
---|
1171 | foreach ( (array) $users as $user ) { |
---|
1172 | if ( 'display_name_with_login' === $show ) { |
---|
1173 | /* translators: 1: display name, 2: user_login */ |
---|
1174 | $display = sprintf( _x( '%1$s (%2$s)', 'user dropdown' ), $user->display_name, $user->user_login ); |
---|
1175 | } elseif ( ! empty( $user->$show ) ) { |
---|
1176 | $display = $user->$show; |
---|
1177 | } else { |
---|
1178 | $display = '(' . $user->user_login . ')'; |
---|
1179 | } |
---|
1180 | |
---|
1181 | $_selected = selected( $user->ID, $r['selected'], false ); |
---|
1182 | $output .= "\t<option value='$user->ID'$_selected>" . esc_html( $display ) . "</option>\n"; |
---|
1183 | } |
---|
1184 | |
---|
1185 | $output .= '</select>'; |
---|
1186 | } |
---|
1187 | |
---|
1188 | /** |
---|
1189 | * Filters the wp_dropdown_users() HTML output. |
---|
1190 | * |
---|
1191 | * @since 2.3.0 |
---|
1192 | * |
---|
1193 | * @param string $output HTML output generated by wp_dropdown_users(). |
---|
1194 | */ |
---|
1195 | $html = apply_filters( 'wp_dropdown_users', $output ); |
---|
1196 | |
---|
1197 | if ( $r['echo'] ) { |
---|
1198 | echo $html; |
---|
1199 | } |
---|
1200 | return $html; |
---|
1201 | } |
---|
1202 | |
---|
1203 | /** |
---|
1204 | * Sanitize user field based on context. |
---|
1205 | * |
---|
1206 | * Possible context values are: 'raw', 'edit', 'db', 'display', 'attribute' and 'js'. The |
---|
1207 | * 'display' context is used by default. 'attribute' and 'js' contexts are treated like 'display' |
---|
1208 | * when calling filters. |
---|
1209 | * |
---|
1210 | * @since 2.3.0 |
---|
1211 | * |
---|
1212 | * @param string $field The user Object field name. |
---|
1213 | * @param mixed $value The user Object value. |
---|
1214 | * @param int $user_id User ID. |
---|
1215 | * @param string $context How to sanitize user fields. Looks for 'raw', 'edit', 'db', 'display', |
---|
1216 | * 'attribute' and 'js'. |
---|
1217 | * @return mixed Sanitized value. |
---|
1218 | */ |
---|
1219 | function sanitize_user_field( $field, $value, $user_id, $context ) { |
---|
1220 | $int_fields = array( 'ID' ); |
---|
1221 | if ( in_array( $field, $int_fields ) ) { |
---|
1222 | $value = (int) $value; |
---|
1223 | } |
---|
1224 | |
---|
1225 | if ( 'raw' == $context ) { |
---|
1226 | return $value; |
---|
1227 | } |
---|
1228 | |
---|
1229 | if ( ! is_string( $value ) && ! is_numeric( $value ) ) { |
---|
1230 | return $value; |
---|
1231 | } |
---|
1232 | |
---|
1233 | $prefixed = false !== strpos( $field, 'user_' ); |
---|
1234 | |
---|
1235 | if ( 'edit' == $context ) { |
---|
1236 | if ( $prefixed ) { |
---|
1237 | |
---|
1238 | /** This filter is documented in wp-includes/post.php */ |
---|
1239 | $value = apply_filters( "edit_{$field}", $value, $user_id ); |
---|
1240 | } else { |
---|
1241 | |
---|
1242 | /** |
---|
1243 | * Filters a user field value in the 'edit' context. |
---|
1244 | * |
---|
1245 | * The dynamic portion of the hook name, `$field`, refers to the prefixed user |
---|
1246 | * field being filtered, such as 'user_login', 'user_email', 'first_name', etc. |
---|
1247 | * |
---|
1248 | * @since 2.9.0 |
---|
1249 | * |
---|
1250 | * @param mixed $value Value of the prefixed user field. |
---|
1251 | * @param int $user_id User ID. |
---|
1252 | */ |
---|
1253 | $value = apply_filters( "edit_user_{$field}", $value, $user_id ); |
---|
1254 | } |
---|
1255 | |
---|
1256 | if ( 'description' == $field ) { |
---|
1257 | $value = esc_html( $value ); // textarea_escaped? |
---|
1258 | } else { |
---|
1259 | $value = esc_attr( $value ); |
---|
1260 | } |
---|
1261 | } elseif ( 'db' == $context ) { |
---|
1262 | if ( $prefixed ) { |
---|
1263 | /** This filter is documented in wp-includes/post.php */ |
---|
1264 | $value = apply_filters( "pre_{$field}", $value ); |
---|
1265 | } else { |
---|
1266 | |
---|
1267 | /** |
---|
1268 | * Filters the value of a user field in the 'db' context. |
---|
1269 | * |
---|
1270 | * The dynamic portion of the hook name, `$field`, refers to the prefixed user |
---|
1271 | * field being filtered, such as 'user_login', 'user_email', 'first_name', etc. |
---|
1272 | * |
---|
1273 | * @since 2.9.0 |
---|
1274 | * |
---|
1275 | * @param mixed $value Value of the prefixed user field. |
---|
1276 | */ |
---|
1277 | $value = apply_filters( "pre_user_{$field}", $value ); |
---|
1278 | } |
---|
1279 | } else { |
---|
1280 | // Use display filters by default. |
---|
1281 | if ( $prefixed ) { |
---|
1282 | |
---|
1283 | /** This filter is documented in wp-includes/post.php */ |
---|
1284 | $value = apply_filters( "{$field}", $value, $user_id, $context ); |
---|
1285 | } else { |
---|
1286 | |
---|
1287 | /** |
---|
1288 | * Filters the value of a user field in a standard context. |
---|
1289 | * |
---|
1290 | * The dynamic portion of the hook name, `$field`, refers to the prefixed user |
---|
1291 | * field being filtered, such as 'user_login', 'user_email', 'first_name', etc. |
---|
1292 | * |
---|
1293 | * @since 2.9.0 |
---|
1294 | * |
---|
1295 | * @param mixed $value The user object value to sanitize. |
---|
1296 | * @param int $user_id User ID. |
---|
1297 | * @param string $context The context to filter within. |
---|
1298 | */ |
---|
1299 | $value = apply_filters( "user_{$field}", $value, $user_id, $context ); |
---|
1300 | } |
---|
1301 | } |
---|
1302 | |
---|
1303 | if ( 'user_url' == $field ) { |
---|
1304 | $value = esc_url( $value ); |
---|
1305 | } |
---|
1306 | |
---|
1307 | if ( 'attribute' == $context ) { |
---|
1308 | $value = esc_attr( $value ); |
---|
1309 | } elseif ( 'js' == $context ) { |
---|
1310 | $value = esc_js( $value ); |
---|
1311 | } |
---|
1312 | return $value; |
---|
1313 | } |
---|
1314 | |
---|
1315 | /** |
---|
1316 | * Update all user caches |
---|
1317 | * |
---|
1318 | * @since 3.0.0 |
---|
1319 | * |
---|
1320 | * @param WP_User $user User object to be cached |
---|
1321 | * @return bool|null Returns false on failure. |
---|
1322 | */ |
---|
1323 | function update_user_caches( $user ) { |
---|
1324 | if ( $user instanceof WP_User ) { |
---|
1325 | if ( ! $user->exists() ) { |
---|
1326 | return false; |
---|
1327 | } |
---|
1328 | |
---|
1329 | $user = $user->data; |
---|
1330 | } |
---|
1331 | |
---|
1332 | wp_cache_add( $user->ID, $user, 'users' ); |
---|
1333 | wp_cache_add( $user->user_login, $user->ID, 'userlogins' ); |
---|
1334 | wp_cache_add( $user->user_email, $user->ID, 'useremail' ); |
---|
1335 | wp_cache_add( $user->user_nicename, $user->ID, 'userslugs' ); |
---|
1336 | } |
---|
1337 | |
---|
1338 | /** |
---|
1339 | * Clean all user caches |
---|
1340 | * |
---|
1341 | * @since 3.0.0 |
---|
1342 | * @since 4.4.0 'clean_user_cache' action was added. |
---|
1343 | * |
---|
1344 | * @param WP_User|int $user User object or ID to be cleaned from the cache |
---|
1345 | */ |
---|
1346 | function clean_user_cache( $user ) { |
---|
1347 | if ( is_numeric( $user ) ) { |
---|
1348 | $user = new WP_User( $user ); |
---|
1349 | } |
---|
1350 | |
---|
1351 | if ( ! $user->exists() ) { |
---|
1352 | return; |
---|
1353 | } |
---|
1354 | |
---|
1355 | wp_cache_delete( $user->ID, 'users' ); |
---|
1356 | wp_cache_delete( $user->user_login, 'userlogins' ); |
---|
1357 | wp_cache_delete( $user->user_email, 'useremail' ); |
---|
1358 | wp_cache_delete( $user->user_nicename, 'userslugs' ); |
---|
1359 | |
---|
1360 | /** |
---|
1361 | * Fires immediately after the given user's cache is cleaned. |
---|
1362 | * |
---|
1363 | * @since 4.4.0 |
---|
1364 | * |
---|
1365 | * @param int $user_id User ID. |
---|
1366 | * @param WP_User $user User object. |
---|
1367 | */ |
---|
1368 | do_action( 'clean_user_cache', $user->ID, $user ); |
---|
1369 | } |
---|
1370 | |
---|
1371 | /** |
---|
1372 | * Checks whether the given username exists. |
---|
1373 | * |
---|
1374 | * @since 2.0.0 |
---|
1375 | * |
---|
1376 | * @param string $username Username. |
---|
1377 | * @return int|false The user's ID on success, and false on failure. |
---|
1378 | */ |
---|
1379 | function username_exists( $username ) { |
---|
1380 | if ( $user = get_user_by( 'login', $username ) ) { |
---|
1381 | $user_id = $user->ID; |
---|
1382 | } else { |
---|
1383 | $user_id = false; |
---|
1384 | } |
---|
1385 | |
---|
1386 | /** |
---|
1387 | * Filters whether the given username exists or not. |
---|
1388 | * |
---|
1389 | * @since 4.9.0 |
---|
1390 | * |
---|
1391 | * @param int|false $user_id The user's ID on success, and false on failure. |
---|
1392 | * @param string $username Username to check. |
---|
1393 | */ |
---|
1394 | return apply_filters( 'username_exists', $user_id, $username ); |
---|
1395 | } |
---|
1396 | |
---|
1397 | /** |
---|
1398 | * Checks whether the given email exists. |
---|
1399 | * |
---|
1400 | * @since 2.1.0 |
---|
1401 | * |
---|
1402 | * @param string $email Email. |
---|
1403 | * @return int|false The user's ID on success, and false on failure. |
---|
1404 | */ |
---|
1405 | function email_exists( $email ) { |
---|
1406 | if ( $user = get_user_by( 'email', $email ) ) { |
---|
1407 | return $user->ID; |
---|
1408 | } |
---|
1409 | return false; |
---|
1410 | } |
---|
1411 | |
---|
1412 | /** |
---|
1413 | * Checks whether a username is valid. |
---|
1414 | * |
---|
1415 | * @since 2.0.1 |
---|
1416 | * @since 4.4.0 Empty sanitized usernames are now considered invalid |
---|
1417 | * |
---|
1418 | * @param string $username Username. |
---|
1419 | * @return bool Whether username given is valid |
---|
1420 | */ |
---|
1421 | function validate_username( $username ) { |
---|
1422 | $sanitized = sanitize_user( $username, true ); |
---|
1423 | $valid = ( $sanitized == $username && ! empty( $sanitized ) ); |
---|
1424 | |
---|
1425 | /** |
---|
1426 | * Filters whether the provided username is valid or not. |
---|
1427 | * |
---|
1428 | * @since 2.0.1 |
---|
1429 | * |
---|
1430 | * @param bool $valid Whether given username is valid. |
---|
1431 | * @param string $username Username to check. |
---|
1432 | */ |
---|
1433 | return apply_filters( 'validate_username', $valid, $username ); |
---|
1434 | } |
---|
1435 | |
---|
1436 | /** |
---|
1437 | * Insert a user into the database. |
---|
1438 | * |
---|
1439 | * Most of the `$userdata` array fields have filters associated with the values. Exceptions are |
---|
1440 | * 'ID', 'rich_editing', 'syntax_highlighting', 'comment_shortcuts', 'admin_color', 'use_ssl', |
---|
1441 | * 'user_registered', and 'role'. The filters have the prefix 'pre_user_' followed by the field |
---|
1442 | * name. An example using 'description' would have the filter called, 'pre_user_description' that |
---|
1443 | * can be hooked into. |
---|
1444 | * |
---|
1445 | * @since 2.0.0 |
---|
1446 | * @since 3.6.0 The `aim`, `jabber`, and `yim` fields were removed as default user contact |
---|
1447 | * methods for new installations. See wp_get_user_contact_methods(). |
---|
1448 | * @since 4.7.0 The user's locale can be passed to `$userdata`. |
---|
1449 | * |
---|
1450 | * @global wpdb $wpdb WordPress database abstraction object. |
---|
1451 | * |
---|
1452 | * @param array|object|WP_User $userdata { |
---|
1453 | * An array, object, or WP_User object of user data arguments. |
---|
1454 | * |
---|
1455 | * @type int $ID User ID. If supplied, the user will be updated. |
---|
1456 | * @type string $user_pass The plain-text user password. |
---|
1457 | * @type string $user_login The user's login username. |
---|
1458 | * @type string $user_nicename The URL-friendly user name. |
---|
1459 | * @type string $user_url The user URL. |
---|
1460 | * @type string $user_email The user email address. |
---|
1461 | * @type string $display_name The user's display name. |
---|
1462 | * Default is the user's username. |
---|
1463 | * @type string $nickname The user's nickname. |
---|
1464 | * Default is the user's username. |
---|
1465 | * @type string $first_name The user's first name. For new users, will be used |
---|
1466 | * to build the first part of the user's display name |
---|
1467 | * if `$display_name` is not specified. |
---|
1468 | * @type string $last_name The user's last name. For new users, will be used |
---|
1469 | * to build the second part of the user's display name |
---|
1470 | * if `$display_name` is not specified. |
---|
1471 | * @type string $description The user's biographical description. |
---|
1472 | * @type string|bool $rich_editing Whether to enable the rich-editor for the user. |
---|
1473 | * False if not empty. |
---|
1474 | * @type string|bool $syntax_highlighting Whether to enable the rich code editor for the user. |
---|
1475 | * False if not empty. |
---|
1476 | * @type string|bool $comment_shortcuts Whether to enable comment moderation keyboard |
---|
1477 | * shortcuts for the user. Default false. |
---|
1478 | * @type string $admin_color Admin color scheme for the user. Default 'fresh'. |
---|
1479 | * @type bool $use_ssl Whether the user should always access the admin over |
---|
1480 | * https. Default false. |
---|
1481 | * @type string $user_registered Date the user registered. Format is 'Y-m-d H:i:s'. |
---|
1482 | * @type string|bool $show_admin_bar_front Whether to display the Admin Bar for the user on the |
---|
1483 | * site's front end. Default true. |
---|
1484 | * @type string $role User's role. |
---|
1485 | * @type string $locale User's locale. Default empty. |
---|
1486 | * } |
---|
1487 | * @return int|WP_Error The newly created user's ID or a WP_Error object if the user could not |
---|
1488 | * be created. |
---|
1489 | */ |
---|
1490 | function wp_insert_user( $userdata ) { |
---|
1491 | global $wpdb; |
---|
1492 | |
---|
1493 | if ( $userdata instanceof stdClass ) { |
---|
1494 | $userdata = get_object_vars( $userdata ); |
---|
1495 | } elseif ( $userdata instanceof WP_User ) { |
---|
1496 | $userdata = $userdata->to_array(); |
---|
1497 | } |
---|
1498 | |
---|
1499 | // Are we updating or creating? |
---|
1500 | if ( ! empty( $userdata['ID'] ) ) { |
---|
1501 | $ID = (int) $userdata['ID']; |
---|
1502 | $update = true; |
---|
1503 | $old_user_data = get_userdata( $ID ); |
---|
1504 | |
---|
1505 | if ( ! $old_user_data ) { |
---|
1506 | return new WP_Error( 'invalid_user_id', __( 'Invalid user ID.' ) ); |
---|
1507 | } |
---|
1508 | |
---|
1509 | // hashed in wp_update_user(), plaintext if called directly |
---|
1510 | $user_pass = ! empty( $userdata['user_pass'] ) ? $userdata['user_pass'] : $old_user_data->user_pass; |
---|
1511 | } else { |
---|
1512 | $update = false; |
---|
1513 | // Hash the password |
---|
1514 | $user_pass = wp_hash_password( $userdata['user_pass'] ); |
---|
1515 | } |
---|
1516 | |
---|
1517 | $sanitized_user_login = sanitize_user( $userdata['user_login'], true ); |
---|
1518 | |
---|
1519 | /** |
---|
1520 | * Filters a username after it has been sanitized. |
---|
1521 | * |
---|
1522 | * This filter is called before the user is created or updated. |
---|
1523 | * |
---|
1524 | * @since 2.0.3 |
---|
1525 | * |
---|
1526 | * @param string $sanitized_user_login Username after it has been sanitized. |
---|
1527 | */ |
---|
1528 | $pre_user_login = apply_filters( 'pre_user_login', $sanitized_user_login ); |
---|
1529 | |
---|
1530 | //Remove any non-printable chars from the login string to see if we have ended up with an empty username |
---|
1531 | $user_login = trim( $pre_user_login ); |
---|
1532 | |
---|
1533 | // user_login must be between 0 and 60 characters. |
---|
1534 | if ( empty( $user_login ) ) { |
---|
1535 | return new WP_Error( 'empty_user_login', __( 'Cannot create a user with an empty login name.' ) ); |
---|
1536 | } elseif ( mb_strlen( $user_login ) > 60 ) { |
---|
1537 | return new WP_Error( 'user_login_too_long', __( 'Username may not be longer than 60 characters.' ) ); |
---|
1538 | } |
---|
1539 | |
---|
1540 | if ( ! $update && username_exists( $user_login ) ) { |
---|
1541 | return new WP_Error( 'existing_user_login', __( 'Sorry, that username already exists!' ) ); |
---|
1542 | } |
---|
1543 | |
---|
1544 | /** |
---|
1545 | * Filters the list of blacklisted usernames. |
---|
1546 | * |
---|
1547 | * @since 4.4.0 |
---|
1548 | * |
---|
1549 | * @param array $usernames Array of blacklisted usernames. |
---|
1550 | */ |
---|
1551 | $illegal_logins = (array) apply_filters( 'illegal_user_logins', array() ); |
---|
1552 | |
---|
1553 | if ( in_array( strtolower( $user_login ), array_map( 'strtolower', $illegal_logins ) ) ) { |
---|
1554 | return new WP_Error( 'invalid_username', __( 'Sorry, that username is not allowed.' ) ); |
---|
1555 | } |
---|
1556 | |
---|
1557 | /* |
---|
1558 | * If a nicename is provided, remove unsafe user characters before using it. |
---|
1559 | * Otherwise build a nicename from the user_login. |
---|
1560 | */ |
---|
1561 | if ( ! empty( $userdata['user_nicename'] ) ) { |
---|
1562 | $user_nicename = sanitize_user( $userdata['user_nicename'], true ); |
---|
1563 | if ( mb_strlen( $user_nicename ) > 50 ) { |
---|
1564 | return new WP_Error( 'user_nicename_too_long', __( 'Nicename may not be longer than 50 characters.' ) ); |
---|
1565 | } |
---|
1566 | } else { |
---|
1567 | $user_nicename = mb_substr( $user_login, 0, 50 ); |
---|
1568 | } |
---|
1569 | |
---|
1570 | $user_nicename = sanitize_title( $user_nicename ); |
---|
1571 | |
---|
1572 | // Store values to save in user meta. |
---|
1573 | $meta = array(); |
---|
1574 | |
---|
1575 | /** |
---|
1576 | * Filters a user's nicename before the user is created or updated. |
---|
1577 | * |
---|
1578 | * @since 2.0.3 |
---|
1579 | * |
---|
1580 | * @param string $user_nicename The user's nicename. |
---|
1581 | */ |
---|
1582 | $user_nicename = apply_filters( 'pre_user_nicename', $user_nicename ); |
---|
1583 | |
---|
1584 | $raw_user_url = empty( $userdata['user_url'] ) ? '' : $userdata['user_url']; |
---|
1585 | |
---|
1586 | /** |
---|
1587 | * Filters a user's URL before the user is created or updated. |
---|
1588 | * |
---|
1589 | * @since 2.0.3 |
---|
1590 | * |
---|
1591 | * @param string $raw_user_url The user's URL. |
---|
1592 | */ |
---|
1593 | $user_url = apply_filters( 'pre_user_url', $raw_user_url ); |
---|
1594 | |
---|
1595 | $raw_user_email = empty( $userdata['user_email'] ) ? '' : $userdata['user_email']; |
---|
1596 | |
---|
1597 | /** |
---|
1598 | * Filters a user's email before the user is created or updated. |
---|
1599 | * |
---|
1600 | * @since 2.0.3 |
---|
1601 | * |
---|
1602 | * @param string $raw_user_email The user's email. |
---|
1603 | */ |
---|
1604 | $user_email = apply_filters( 'pre_user_email', $raw_user_email ); |
---|
1605 | |
---|
1606 | /* |
---|
1607 | * If there is no update, just check for `email_exists`. If there is an update, |
---|
1608 | * check if current email and new email are the same, or not, and check `email_exists` |
---|
1609 | * accordingly. |
---|
1610 | */ |
---|
1611 | if ( ( ! $update || ( ! empty( $old_user_data ) && 0 !== strcasecmp( $user_email, $old_user_data->user_email ) ) ) |
---|
1612 | && ! defined( 'WP_IMPORTING' ) |
---|
1613 | && email_exists( $user_email ) |
---|
1614 | ) { |
---|
1615 | return new WP_Error( 'existing_user_email', __( 'Sorry, that email address is already used!' ) ); |
---|
1616 | } |
---|
1617 | $nickname = empty( $userdata['nickname'] ) ? $user_login : $userdata['nickname']; |
---|
1618 | |
---|
1619 | /** |
---|
1620 | * Filters a user's nickname before the user is created or updated. |
---|
1621 | * |
---|
1622 | * @since 2.0.3 |
---|
1623 | * |
---|
1624 | * @param string $nickname The user's nickname. |
---|
1625 | */ |
---|
1626 | $meta['nickname'] = apply_filters( 'pre_user_nickname', $nickname ); |
---|
1627 | |
---|
1628 | $first_name = empty( $userdata['first_name'] ) ? '' : $userdata['first_name']; |
---|
1629 | |
---|
1630 | /** |
---|
1631 | * Filters a user's first name before the user is created or updated. |
---|
1632 | * |
---|
1633 | * @since 2.0.3 |
---|
1634 | * |
---|
1635 | * @param string $first_name The user's first name. |
---|
1636 | */ |
---|
1637 | $meta['first_name'] = apply_filters( 'pre_user_first_name', $first_name ); |
---|
1638 | |
---|
1639 | $last_name = empty( $userdata['last_name'] ) ? '' : $userdata['last_name']; |
---|
1640 | |
---|
1641 | /** |
---|
1642 | * Filters a user's last name before the user is created or updated. |
---|
1643 | * |
---|
1644 | * @since 2.0.3 |
---|
1645 | * |
---|
1646 | * @param string $last_name The user's last name. |
---|
1647 | */ |
---|
1648 | $meta['last_name'] = apply_filters( 'pre_user_last_name', $last_name ); |
---|
1649 | |
---|
1650 | if ( empty( $userdata['display_name'] ) ) { |
---|
1651 | if ( $update ) { |
---|
1652 | $display_name = $user_login; |
---|
1653 | } elseif ( $meta['first_name'] && $meta['last_name'] ) { |
---|
1654 | /* translators: 1: first name, 2: last name */ |
---|
1655 | $display_name = sprintf( _x( '%1$s %2$s', 'Display name based on first name and last name' ), $meta['first_name'], $meta['last_name'] ); |
---|
1656 | } elseif ( $meta['first_name'] ) { |
---|
1657 | $display_name = $meta['first_name']; |
---|
1658 | } elseif ( $meta['last_name'] ) { |
---|
1659 | $display_name = $meta['last_name']; |
---|
1660 | } else { |
---|
1661 | $display_name = $user_login; |
---|
1662 | } |
---|
1663 | } else { |
---|
1664 | $display_name = $userdata['display_name']; |
---|
1665 | } |
---|
1666 | |
---|
1667 | /** |
---|
1668 | * Filters a user's display name before the user is created or updated. |
---|
1669 | * |
---|
1670 | * @since 2.0.3 |
---|
1671 | * |
---|
1672 | * @param string $display_name The user's display name. |
---|
1673 | */ |
---|
1674 | $display_name = apply_filters( 'pre_user_display_name', $display_name ); |
---|
1675 | |
---|
1676 | $description = empty( $userdata['description'] ) ? '' : $userdata['description']; |
---|
1677 | |
---|
1678 | /** |
---|
1679 | * Filters a user's description before the user is created or updated. |
---|
1680 | * |
---|
1681 | * @since 2.0.3 |
---|
1682 | * |
---|
1683 | * @param string $description The user's description. |
---|
1684 | */ |
---|
1685 | $meta['description'] = apply_filters( 'pre_user_description', $description ); |
---|
1686 | |
---|
1687 | $meta['rich_editing'] = empty( $userdata['rich_editing'] ) ? 'true' : $userdata['rich_editing']; |
---|
1688 | |
---|
1689 | $meta['syntax_highlighting'] = empty( $userdata['syntax_highlighting'] ) ? 'true' : $userdata['syntax_highlighting']; |
---|
1690 | |
---|
1691 | $meta['comment_shortcuts'] = empty( $userdata['comment_shortcuts'] ) || 'false' === $userdata['comment_shortcuts'] ? 'false' : 'true'; |
---|
1692 | |
---|
1693 | $admin_color = empty( $userdata['admin_color'] ) ? 'fresh' : $userdata['admin_color']; |
---|
1694 | $meta['admin_color'] = preg_replace( '|[^a-z0-9 _.\-@]|i', '', $admin_color ); |
---|
1695 | |
---|
1696 | $meta['use_ssl'] = empty( $userdata['use_ssl'] ) ? 0 : $userdata['use_ssl']; |
---|
1697 | |
---|
1698 | $user_registered = empty( $userdata['user_registered'] ) ? gmdate( 'Y-m-d H:i:s' ) : $userdata['user_registered']; |
---|
1699 | |
---|
1700 | $meta['show_admin_bar_front'] = empty( $userdata['show_admin_bar_front'] ) ? 'true' : $userdata['show_admin_bar_front']; |
---|
1701 | |
---|
1702 | $meta['locale'] = isset( $userdata['locale'] ) ? $userdata['locale'] : ''; |
---|
1703 | |
---|
1704 | $user_nicename_check = $wpdb->get_var( $wpdb->prepare( "SELECT ID FROM $wpdb->users WHERE user_nicename = %s AND user_login != %s LIMIT 1", $user_nicename, $user_login ) ); |
---|
1705 | |
---|
1706 | if ( $user_nicename_check ) { |
---|
1707 | $suffix = 2; |
---|
1708 | while ( $user_nicename_check ) { |
---|
1709 | // user_nicename allows 50 chars. Subtract one for a hyphen, plus the length of the suffix. |
---|
1710 | $base_length = 49 - mb_strlen( $suffix ); |
---|
1711 | $alt_user_nicename = mb_substr( $user_nicename, 0, $base_length ) . "-$suffix"; |
---|
1712 | $user_nicename_check = $wpdb->get_var( $wpdb->prepare( "SELECT ID FROM $wpdb->users WHERE user_nicename = %s AND user_login != %s LIMIT 1", $alt_user_nicename, $user_login ) ); |
---|
1713 | $suffix++; |
---|
1714 | } |
---|
1715 | $user_nicename = $alt_user_nicename; |
---|
1716 | } |
---|
1717 | |
---|
1718 | $compacted = compact( 'user_pass', 'user_email', 'user_url', 'user_nicename', 'display_name', 'user_registered' ); |
---|
1719 | $data = wp_unslash( $compacted ); |
---|
1720 | |
---|
1721 | if ( ! $update ) { |
---|
1722 | $data = $data + compact( 'user_login' ); |
---|
1723 | } |
---|
1724 | |
---|
1725 | /** |
---|
1726 | * Filters user data before the record is created or updated. |
---|
1727 | * |
---|
1728 | * It only includes data in the wp_users table wp_user, not any user metadata. |
---|
1729 | * |
---|
1730 | * @since 4.9.0 |
---|
1731 | * |
---|
1732 | * @param array $data { |
---|
1733 | * Values and keys for the user. |
---|
1734 | * |
---|
1735 | * @type string $user_login The user's login. Only included if $update == false |
---|
1736 | * @type string $user_pass The user's password. |
---|
1737 | * @type string $user_email The user's email. |
---|
1738 | * @type string $user_url The user's url. |
---|
1739 | * @type string $user_nicename The user's nice name. Defaults to a URL-safe version of user's login |
---|
1740 | * @type string $display_name The user's display name. |
---|
1741 | * @type string $user_registered MySQL timestamp describing the moment when the user registered. Defaults to |
---|
1742 | * the current UTC timestamp. |
---|
1743 | * } |
---|
1744 | * @param bool $update Whether the user is being updated rather than created. |
---|
1745 | * @param int|null $id ID of the user to be updated, or NULL if the user is being created. |
---|
1746 | */ |
---|
1747 | $data = apply_filters( 'wp_pre_insert_user_data', $data, $update, $update ? (int) $ID : null ); |
---|
1748 | |
---|
1749 | if ( $update ) { |
---|
1750 | if ( $user_email !== $old_user_data->user_email ) { |
---|
1751 | $data['user_activation_key'] = ''; |
---|
1752 | } |
---|
1753 | $wpdb->update( $wpdb->users, $data, compact( 'ID' ) ); |
---|
1754 | $user_id = (int) $ID; |
---|
1755 | } else { |
---|
1756 | $wpdb->insert( $wpdb->users, $data ); |
---|
1757 | $user_id = (int) $wpdb->insert_id; |
---|
1758 | } |
---|
1759 | |
---|
1760 | $user = new WP_User( $user_id ); |
---|
1761 | |
---|
1762 | /** |
---|
1763 | * Filters a user's meta values and keys immediately after the user is created or updated |
---|
1764 | * and before any user meta is inserted or updated. |
---|
1765 | * |
---|
1766 | * Does not include contact methods. These are added using `wp_get_user_contact_methods( $user )`. |
---|
1767 | * |
---|
1768 | * @since 4.4.0 |
---|
1769 | * |
---|
1770 | * @param array $meta { |
---|
1771 | * Default meta values and keys for the user. |
---|
1772 | * |
---|
1773 | * @type string $nickname The user's nickname. Default is the user's username. |
---|
1774 | * @type string $first_name The user's first name. |
---|
1775 | * @type string $last_name The user's last name. |
---|
1776 | * @type string $description The user's description. |
---|
1777 | * @type bool $rich_editing Whether to enable the rich-editor for the user. False if not empty. |
---|
1778 | * @type bool $syntax_highlighting Whether to enable the rich code editor for the user. False if not empty. |
---|
1779 | * @type bool $comment_shortcuts Whether to enable keyboard shortcuts for the user. Default false. |
---|
1780 | * @type string $admin_color The color scheme for a user's admin screen. Default 'fresh'. |
---|
1781 | * @type int|bool $use_ssl Whether to force SSL on the user's admin area. 0|false if SSL is |
---|
1782 | * not forced. |
---|
1783 | * @type bool $show_admin_bar_front Whether to show the admin bar on the front end for the user. |
---|
1784 | * Default true. |
---|
1785 | * } |
---|
1786 | * @param WP_User $user User object. |
---|
1787 | * @param bool $update Whether the user is being updated rather than created. |
---|
1788 | */ |
---|
1789 | $meta = apply_filters( 'insert_user_meta', $meta, $user, $update ); |
---|
1790 | |
---|
1791 | // Update user meta. |
---|
1792 | foreach ( $meta as $key => $value ) { |
---|
1793 | update_user_meta( $user_id, $key, $value ); |
---|
1794 | } |
---|
1795 | |
---|
1796 | foreach ( wp_get_user_contact_methods( $user ) as $key => $value ) { |
---|
1797 | if ( isset( $userdata[ $key ] ) ) { |
---|
1798 | update_user_meta( $user_id, $key, $userdata[ $key ] ); |
---|
1799 | } |
---|
1800 | } |
---|
1801 | |
---|
1802 | if ( isset( $userdata['role'] ) ) { |
---|
1803 | $user->set_role( $userdata['role'] ); |
---|
1804 | } elseif ( ! $update ) { |
---|
1805 | $user->set_role( get_option( 'default_role' ) ); |
---|
1806 | } |
---|
1807 | wp_cache_delete( $user_id, 'users' ); |
---|
1808 | wp_cache_delete( $user_login, 'userlogins' ); |
---|
1809 | |
---|
1810 | if ( $update ) { |
---|
1811 | /** |
---|
1812 | * Fires immediately after an existing user is updated. |
---|
1813 | * |
---|
1814 | * @since 2.0.0 |
---|
1815 | * |
---|
1816 | * @param int $user_id User ID. |
---|
1817 | * @param WP_User $old_user_data Object containing user's data prior to update. |
---|
1818 | */ |
---|
1819 | do_action( 'profile_update', $user_id, $old_user_data ); |
---|
1820 | } else { |
---|
1821 | /** |
---|
1822 | * Fires immediately after a new user is registered. |
---|
1823 | * |
---|
1824 | * @since 1.5.0 |
---|
1825 | * |
---|
1826 | * @param int $user_id User ID. |
---|
1827 | */ |
---|
1828 | do_action( 'user_register', $user_id ); |
---|
1829 | } |
---|
1830 | |
---|
1831 | return $user_id; |
---|
1832 | } |
---|
1833 | |
---|
1834 | /** |
---|
1835 | * Update a user in the database. |
---|
1836 | * |
---|
1837 | * It is possible to update a user's password by specifying the 'user_pass' |
---|
1838 | * value in the $userdata parameter array. |
---|
1839 | * |
---|
1840 | * If current user's password is being updated, then the cookies will be |
---|
1841 | * cleared. |
---|
1842 | * |
---|
1843 | * @since 2.0.0 |
---|
1844 | * |
---|
1845 | * @see wp_insert_user() For what fields can be set in $userdata. |
---|
1846 | * |
---|
1847 | * @param object|WP_User $userdata An array of user data or a user object of type stdClass or WP_User. |
---|
1848 | * @return int|WP_Error The updated user's ID or a WP_Error object if the user could not be updated. |
---|
1849 | */ |
---|
1850 | function wp_update_user( $userdata ) { |
---|
1851 | if ( $userdata instanceof stdClass ) { |
---|
1852 | $userdata = get_object_vars( $userdata ); |
---|
1853 | } elseif ( $userdata instanceof WP_User ) { |
---|
1854 | $userdata = $userdata->to_array(); |
---|
1855 | } |
---|
1856 | |
---|
1857 | $ID = isset( $userdata['ID'] ) ? (int) $userdata['ID'] : 0; |
---|
1858 | if ( ! $ID ) { |
---|
1859 | return new WP_Error( 'invalid_user_id', __( 'Invalid user ID.' ) ); |
---|
1860 | } |
---|
1861 | |
---|
1862 | // First, get all of the original fields |
---|
1863 | $user_obj = get_userdata( $ID ); |
---|
1864 | if ( ! $user_obj ) { |
---|
1865 | return new WP_Error( 'invalid_user_id', __( 'Invalid user ID.' ) ); |
---|
1866 | } |
---|
1867 | |
---|
1868 | $user = $user_obj->to_array(); |
---|
1869 | |
---|
1870 | // Add additional custom fields |
---|
1871 | foreach ( _get_additional_user_keys( $user_obj ) as $key ) { |
---|
1872 | $user[ $key ] = get_user_meta( $ID, $key, true ); |
---|
1873 | } |
---|
1874 | |
---|
1875 | // Escape data pulled from DB. |
---|
1876 | $user = add_magic_quotes( $user ); |
---|
1877 | |
---|
1878 | if ( ! empty( $userdata['user_pass'] ) && $userdata['user_pass'] !== $user_obj->user_pass ) { |
---|
1879 | // If password is changing, hash it now |
---|
1880 | $plaintext_pass = $userdata['user_pass']; |
---|
1881 | $userdata['user_pass'] = wp_hash_password( $userdata['user_pass'] ); |
---|
1882 | |
---|
1883 | /** |
---|
1884 | * Filters whether to send the password change email. |
---|
1885 | * |
---|
1886 | * @since 4.3.0 |
---|
1887 | * |
---|
1888 | * @see wp_insert_user() For `$user` and `$userdata` fields. |
---|
1889 | * |
---|
1890 | * @param bool $send Whether to send the email. |
---|
1891 | * @param array $user The original user array. |
---|
1892 | * @param array $userdata The updated user array. |
---|
1893 | */ |
---|
1894 | $send_password_change_email = apply_filters( 'send_password_change_email', true, $user, $userdata ); |
---|
1895 | } |
---|
1896 | |
---|
1897 | if ( isset( $userdata['user_email'] ) && $user['user_email'] !== $userdata['user_email'] ) { |
---|
1898 | /** |
---|
1899 | * Filters whether to send the email change email. |
---|
1900 | * |
---|
1901 | * @since 4.3.0 |
---|
1902 | * |
---|
1903 | * @see wp_insert_user() For `$user` and `$userdata` fields. |
---|
1904 | * |
---|
1905 | * @param bool $send Whether to send the email. |
---|
1906 | * @param array $user The original user array. |
---|
1907 | * @param array $userdata The updated user array. |
---|
1908 | */ |
---|
1909 | $send_email_change_email = apply_filters( 'send_email_change_email', true, $user, $userdata ); |
---|
1910 | } |
---|
1911 | |
---|
1912 | wp_cache_delete( $user['user_email'], 'useremail' ); |
---|
1913 | wp_cache_delete( $user['user_nicename'], 'userslugs' ); |
---|
1914 | |
---|
1915 | // Merge old and new fields with new fields overwriting old ones. |
---|
1916 | $userdata = array_merge( $user, $userdata ); |
---|
1917 | $user_id = wp_insert_user( $userdata ); |
---|
1918 | |
---|
1919 | if ( ! is_wp_error( $user_id ) ) { |
---|
1920 | |
---|
1921 | $blog_name = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ); |
---|
1922 | |
---|
1923 | $switched_locale = false; |
---|
1924 | if ( ! empty( $send_password_change_email ) || ! empty( $send_email_change_email ) ) { |
---|
1925 | $switched_locale = switch_to_locale( get_user_locale( $user_id ) ); |
---|
1926 | } |
---|
1927 | |
---|
1928 | if ( ! empty( $send_password_change_email ) ) { |
---|
1929 | /* translators: Do not translate USERNAME, ADMIN_EMAIL, EMAIL, SITENAME, SITEURL: those are placeholders. */ |
---|
1930 | $pass_change_text = __( |
---|
1931 | 'Hi ###USERNAME###, |
---|
1932 | |
---|
1933 | This notice confirms that your password was changed on ###SITENAME###. |
---|
1934 | |
---|
1935 | If you did not change your password, please contact the Site Administrator at |
---|
1936 | ###ADMIN_EMAIL### |
---|
1937 | |
---|
1938 | This email has been sent to ###EMAIL### |
---|
1939 | |
---|
1940 | Regards, |
---|
1941 | All at ###SITENAME### |
---|
1942 | ###SITEURL###' |
---|
1943 | ); |
---|
1944 | |
---|
1945 | $pass_change_email = array( |
---|
1946 | 'to' => $user['user_email'], |
---|
1947 | /* translators: User password change notification email subject. 1: Site name */ |
---|
1948 | 'subject' => __( '[%s] Notice of Password Change' ), |
---|
1949 | 'message' => $pass_change_text, |
---|
1950 | 'headers' => '', |
---|
1951 | ); |
---|
1952 | |
---|
1953 | /** |
---|
1954 | * Filters the contents of the email sent when the user's password is changed. |
---|
1955 | * |
---|
1956 | * @since 4.3.0 |
---|
1957 | * |
---|
1958 | * @param array $pass_change_email { |
---|
1959 | * Used to build wp_mail(). |
---|
1960 | * @type string $to The intended recipients. Add emails in a comma separated string. |
---|
1961 | * @type string $subject The subject of the email. |
---|
1962 | * @type string $message The content of the email. |
---|
1963 | * The following strings have a special meaning and will get replaced dynamically: |
---|
1964 | * - ###USERNAME### The current user's username. |
---|
1965 | * - ###ADMIN_EMAIL### The admin email in case this was unexpected. |
---|
1966 | * - ###EMAIL### The user's email address. |
---|
1967 | * - ###SITENAME### The name of the site. |
---|
1968 | * - ###SITEURL### The URL to the site. |
---|
1969 | * @type string $headers Headers. Add headers in a newline (\r\n) separated string. |
---|
1970 | * } |
---|
1971 | * @param array $user The original user array. |
---|
1972 | * @param array $userdata The updated user array. |
---|
1973 | */ |
---|
1974 | $pass_change_email = apply_filters( 'password_change_email', $pass_change_email, $user, $userdata ); |
---|
1975 | |
---|
1976 | $pass_change_email['message'] = str_replace( '###USERNAME###', $user['user_login'], $pass_change_email['message'] ); |
---|
1977 | $pass_change_email['message'] = str_replace( '###ADMIN_EMAIL###', get_option( 'admin_email' ), $pass_change_email['message'] ); |
---|
1978 | $pass_change_email['message'] = str_replace( '###EMAIL###', $user['user_email'], $pass_change_email['message'] ); |
---|
1979 | $pass_change_email['message'] = str_replace( '###SITENAME###', $blog_name, $pass_change_email['message'] ); |
---|
1980 | $pass_change_email['message'] = str_replace( '###SITEURL###', home_url(), $pass_change_email['message'] ); |
---|
1981 | |
---|
1982 | wp_mail( $pass_change_email['to'], sprintf( $pass_change_email['subject'], $blog_name ), $pass_change_email['message'], $pass_change_email['headers'] ); |
---|
1983 | } |
---|
1984 | |
---|
1985 | if ( ! empty( $send_email_change_email ) ) { |
---|
1986 | /* translators: Do not translate USERNAME, ADMIN_EMAIL, NEW_EMAIL, EMAIL, SITENAME, SITEURL: those are placeholders. */ |
---|
1987 | $email_change_text = __( |
---|
1988 | 'Hi ###USERNAME###, |
---|
1989 | |
---|
1990 | This notice confirms that your email address on ###SITENAME### was changed to ###NEW_EMAIL###. |
---|
1991 | |
---|
1992 | If you did not change your email, please contact the Site Administrator at |
---|
1993 | ###ADMIN_EMAIL### |
---|
1994 | |
---|
1995 | This email has been sent to ###EMAIL### |
---|
1996 | |
---|
1997 | Regards, |
---|
1998 | All at ###SITENAME### |
---|
1999 | ###SITEURL###' |
---|
2000 | ); |
---|
2001 | |
---|
2002 | $email_change_email = array( |
---|
2003 | 'to' => $user['user_email'], |
---|
2004 | /* translators: User email change notification email subject. 1: Site name */ |
---|
2005 | 'subject' => __( '[%s] Notice of Email Change' ), |
---|
2006 | 'message' => $email_change_text, |
---|
2007 | 'headers' => '', |
---|
2008 | ); |
---|
2009 | |
---|
2010 | /** |
---|
2011 | * Filters the contents of the email sent when the user's email is changed. |
---|
2012 | * |
---|
2013 | * @since 4.3.0 |
---|
2014 | * |
---|
2015 | * @param array $email_change_email { |
---|
2016 | * Used to build wp_mail(). |
---|
2017 | * @type string $to The intended recipients. |
---|
2018 | * @type string $subject The subject of the email. |
---|
2019 | * @type string $message The content of the email. |
---|
2020 | * The following strings have a special meaning and will get replaced dynamically: |
---|
2021 | * - ###USERNAME### The current user's username. |
---|
2022 | * - ###ADMIN_EMAIL### The admin email in case this was unexpected. |
---|
2023 | * - ###NEW_EMAIL### The new email address. |
---|
2024 | * - ###EMAIL### The old email address. |
---|
2025 | * - ###SITENAME### The name of the site. |
---|
2026 | * - ###SITEURL### The URL to the site. |
---|
2027 | * @type string $headers Headers. |
---|
2028 | * } |
---|
2029 | * @param array $user The original user array. |
---|
2030 | * @param array $userdata The updated user array. |
---|
2031 | */ |
---|
2032 | $email_change_email = apply_filters( 'email_change_email', $email_change_email, $user, $userdata ); |
---|
2033 | |
---|
2034 | $email_change_email['message'] = str_replace( '###USERNAME###', $user['user_login'], $email_change_email['message'] ); |
---|
2035 | $email_change_email['message'] = str_replace( '###ADMIN_EMAIL###', get_option( 'admin_email' ), $email_change_email['message'] ); |
---|
2036 | $email_change_email['message'] = str_replace( '###NEW_EMAIL###', $userdata['user_email'], $email_change_email['message'] ); |
---|
2037 | $email_change_email['message'] = str_replace( '###EMAIL###', $user['user_email'], $email_change_email['message'] ); |
---|
2038 | $email_change_email['message'] = str_replace( '###SITENAME###', $blog_name, $email_change_email['message'] ); |
---|
2039 | $email_change_email['message'] = str_replace( '###SITEURL###', home_url(), $email_change_email['message'] ); |
---|
2040 | |
---|
2041 | wp_mail( $email_change_email['to'], sprintf( $email_change_email['subject'], $blog_name ), $email_change_email['message'], $email_change_email['headers'] ); |
---|
2042 | } |
---|
2043 | |
---|
2044 | if ( $switched_locale ) { |
---|
2045 | restore_previous_locale(); |
---|
2046 | } |
---|
2047 | } |
---|
2048 | |
---|
2049 | // Update the cookies if the password changed. |
---|
2050 | $current_user = wp_get_current_user(); |
---|
2051 | if ( $current_user->ID == $ID ) { |
---|
2052 | if ( isset( $plaintext_pass ) ) { |
---|
2053 | wp_clear_auth_cookie(); |
---|
2054 | |
---|
2055 | // Here we calculate the expiration length of the current auth cookie and compare it to the default expiration. |
---|
2056 | // If it's greater than this, then we know the user checked 'Remember Me' when they logged in. |
---|
2057 | $logged_in_cookie = wp_parse_auth_cookie( '', 'logged_in' ); |
---|
2058 | /** This filter is documented in wp-includes/pluggable.php */ |
---|
2059 | $default_cookie_life = apply_filters( 'auth_cookie_expiration', ( 2 * DAY_IN_SECONDS ), $ID, false ); |
---|
2060 | $remember = ( ( $logged_in_cookie['expiration'] - time() ) > $default_cookie_life ); |
---|
2061 | |
---|
2062 | wp_set_auth_cookie( $ID, $remember ); |
---|
2063 | } |
---|
2064 | } |
---|
2065 | |
---|
2066 | return $user_id; |
---|
2067 | } |
---|
2068 | |
---|
2069 | /** |
---|
2070 | * A simpler way of inserting a user into the database. |
---|
2071 | * |
---|
2072 | * Creates a new user with just the username, password, and email. For more |
---|
2073 | * complex user creation use wp_insert_user() to specify more information. |
---|
2074 | * |
---|
2075 | * @since 2.0.0 |
---|
2076 | * @see wp_insert_user() More complete way to create a new user |
---|
2077 | * |
---|
2078 | * @param string $username The user's username. |
---|
2079 | * @param string $password The user's password. |
---|
2080 | * @param string $email Optional. The user's email. Default empty. |
---|
2081 | * @return int|WP_Error The newly created user's ID or a WP_Error object if the user could not |
---|
2082 | * be created. |
---|
2083 | */ |
---|
2084 | function wp_create_user( $username, $password, $email = '' ) { |
---|
2085 | $user_login = wp_slash( $username ); |
---|
2086 | $user_email = wp_slash( $email ); |
---|
2087 | $user_pass = $password; |
---|
2088 | |
---|
2089 | $userdata = compact( 'user_login', 'user_email', 'user_pass' ); |
---|
2090 | return wp_insert_user( $userdata ); |
---|
2091 | } |
---|
2092 | |
---|
2093 | /** |
---|
2094 | * Returns a list of meta keys to be (maybe) populated in wp_update_user(). |
---|
2095 | * |
---|
2096 | * The list of keys returned via this function are dependent on the presence |
---|
2097 | * of those keys in the user meta data to be set. |
---|
2098 | * |
---|
2099 | * @since 3.3.0 |
---|
2100 | * @access private |
---|
2101 | * |
---|
2102 | * @param WP_User $user WP_User instance. |
---|
2103 | * @return array List of user keys to be populated in wp_update_user(). |
---|
2104 | */ |
---|
2105 | function _get_additional_user_keys( $user ) { |
---|
2106 | $keys = array( 'first_name', 'last_name', 'nickname', 'description', 'rich_editing', 'syntax_highlighting', 'comment_shortcuts', 'admin_color', 'use_ssl', 'show_admin_bar_front', 'locale' ); |
---|
2107 | return array_merge( $keys, array_keys( wp_get_user_contact_methods( $user ) ) ); |
---|
2108 | } |
---|
2109 | |
---|
2110 | /** |
---|
2111 | * Set up the user contact methods. |
---|
2112 | * |
---|
2113 | * Default contact methods were removed in 3.6. A filter dictates contact methods. |
---|
2114 | * |
---|
2115 | * @since 3.7.0 |
---|
2116 | * |
---|
2117 | * @param WP_User $user Optional. WP_User object. |
---|
2118 | * @return array Array of contact methods and their labels. |
---|
2119 | */ |
---|
2120 | function wp_get_user_contact_methods( $user = null ) { |
---|
2121 | $methods = array(); |
---|
2122 | if ( get_site_option( 'initial_db_version' ) < 23588 ) { |
---|
2123 | $methods = array( |
---|
2124 | 'aim' => __( 'AIM' ), |
---|
2125 | 'yim' => __( 'Yahoo IM' ), |
---|
2126 | 'jabber' => __( 'Jabber / Google Talk' ), |
---|
2127 | ); |
---|
2128 | } |
---|
2129 | |
---|
2130 | /** |
---|
2131 | * Filters the user contact methods. |
---|
2132 | * |
---|
2133 | * @since 2.9.0 |
---|
2134 | * |
---|
2135 | * @param array $methods Array of contact methods and their labels. |
---|
2136 | * @param WP_User $user WP_User object. |
---|
2137 | */ |
---|
2138 | return apply_filters( 'user_contactmethods', $methods, $user ); |
---|
2139 | } |
---|
2140 | |
---|
2141 | /** |
---|
2142 | * The old private function for setting up user contact methods. |
---|
2143 | * |
---|
2144 | * Use wp_get_user_contact_methods() instead. |
---|
2145 | * |
---|
2146 | * @since 2.9.0 |
---|
2147 | * @access private |
---|
2148 | * |
---|
2149 | * @param WP_User $user Optional. WP_User object. Default null. |
---|
2150 | * @return array Array of contact methods and their labels. |
---|
2151 | */ |
---|
2152 | function _wp_get_user_contactmethods( $user = null ) { |
---|
2153 | return wp_get_user_contact_methods( $user ); |
---|
2154 | } |
---|
2155 | |
---|
2156 | /** |
---|
2157 | * Gets the text suggesting how to create strong passwords. |
---|
2158 | * |
---|
2159 | * @since 4.1.0 |
---|
2160 | * |
---|
2161 | * @return string The password hint text. |
---|
2162 | */ |
---|
2163 | function wp_get_password_hint() { |
---|
2164 | $hint = __( 'Hint: The password should be at least twelve characters long. To make it stronger, use upper and lower case letters, numbers, and symbols like ! " ? $ % ^ & ).' ); |
---|
2165 | |
---|
2166 | /** |
---|
2167 | * Filters the text describing the site's password complexity policy. |
---|
2168 | * |
---|
2169 | * @since 4.1.0 |
---|
2170 | * |
---|
2171 | * @param string $hint The password hint text. |
---|
2172 | */ |
---|
2173 | return apply_filters( 'password_hint', $hint ); |
---|
2174 | } |
---|
2175 | |
---|
2176 | /** |
---|
2177 | * Creates, stores, then returns a password reset key for user. |
---|
2178 | * |
---|
2179 | * @since 4.4.0 |
---|
2180 | * |
---|
2181 | * @global wpdb $wpdb WordPress database abstraction object. |
---|
2182 | * @global PasswordHash $wp_hasher Portable PHP password hashing framework. |
---|
2183 | * |
---|
2184 | * @param WP_User $user User to retrieve password reset key for. |
---|
2185 | * |
---|
2186 | * @return string|WP_Error Password reset key on success. WP_Error on error. |
---|
2187 | */ |
---|
2188 | function get_password_reset_key( $user ) { |
---|
2189 | global $wpdb, $wp_hasher; |
---|
2190 | |
---|
2191 | /** |
---|
2192 | * Fires before a new password is retrieved. |
---|
2193 | * |
---|
2194 | * Use the {@see 'retrieve_password'} hook instead. |
---|
2195 | * |
---|
2196 | * @since 1.5.0 |
---|
2197 | * @deprecated 1.5.1 Misspelled. Use 'retrieve_password' hook instead. |
---|
2198 | * |
---|
2199 | * @param string $user_login The user login name. |
---|
2200 | */ |
---|
2201 | do_action( 'retreive_password', $user->user_login ); |
---|
2202 | |
---|
2203 | /** |
---|
2204 | * Fires before a new password is retrieved. |
---|
2205 | * |
---|
2206 | * @since 1.5.1 |
---|
2207 | * |
---|
2208 | * @param string $user_login The user login name. |
---|
2209 | */ |
---|
2210 | do_action( 'retrieve_password', $user->user_login ); |
---|
2211 | |
---|
2212 | $allow = true; |
---|
2213 | if ( is_multisite() && is_user_spammy( $user ) ) { |
---|
2214 | $allow = false; |
---|
2215 | } |
---|
2216 | |
---|
2217 | /** |
---|
2218 | * Filters whether to allow a password to be reset. |
---|
2219 | * |
---|
2220 | * @since 2.7.0 |
---|
2221 | * |
---|
2222 | * @param bool $allow Whether to allow the password to be reset. Default true. |
---|
2223 | * @param int $user_data->ID The ID of the user attempting to reset a password. |
---|
2224 | */ |
---|
2225 | $allow = apply_filters( 'allow_password_reset', $allow, $user->ID ); |
---|
2226 | |
---|
2227 | if ( ! $allow ) { |
---|
2228 | return new WP_Error( 'no_password_reset', __( 'Password reset is not allowed for this user' ) ); |
---|
2229 | } elseif ( is_wp_error( $allow ) ) { |
---|
2230 | return $allow; |
---|
2231 | } |
---|
2232 | |
---|
2233 | // Generate something random for a password reset key. |
---|
2234 | $key = wp_generate_password( 20, false ); |
---|
2235 | |
---|
2236 | /** |
---|
2237 | * Fires when a password reset key is generated. |
---|
2238 | * |
---|
2239 | * @since 2.5.0 |
---|
2240 | * |
---|
2241 | * @param string $user_login The username for the user. |
---|
2242 | * @param string $key The generated password reset key. |
---|
2243 | */ |
---|
2244 | do_action( 'retrieve_password_key', $user->user_login, $key ); |
---|
2245 | |
---|
2246 | // Now insert the key, hashed, into the DB. |
---|
2247 | if ( empty( $wp_hasher ) ) { |
---|
2248 | require_once ABSPATH . WPINC . '/class-phpass.php'; |
---|
2249 | $wp_hasher = new PasswordHash( 8, true ); |
---|
2250 | } |
---|
2251 | $hashed = time() . ':' . $wp_hasher->HashPassword( $key ); |
---|
2252 | $key_saved = $wpdb->update( $wpdb->users, array( 'user_activation_key' => $hashed ), array( 'user_login' => $user->user_login ) ); |
---|
2253 | if ( false === $key_saved ) { |
---|
2254 | return new WP_Error( 'no_password_key_update', __( 'Could not save password reset key to database.' ) ); |
---|
2255 | } |
---|
2256 | |
---|
2257 | return $key; |
---|
2258 | } |
---|
2259 | |
---|
2260 | /** |
---|
2261 | * Retrieves a user row based on password reset key and login |
---|
2262 | * |
---|
2263 | * A key is considered 'expired' if it exactly matches the value of the |
---|
2264 | * user_activation_key field, rather than being matched after going through the |
---|
2265 | * hashing process. This field is now hashed; old values are no longer accepted |
---|
2266 | * but have a different WP_Error code so good user feedback can be provided. |
---|
2267 | * |
---|
2268 | * @since 3.1.0 |
---|
2269 | * |
---|
2270 | * @global wpdb $wpdb WordPress database object for queries. |
---|
2271 | * @global PasswordHash $wp_hasher Portable PHP password hashing framework instance. |
---|
2272 | * |
---|
2273 | * @param string $key Hash to validate sending user's password. |
---|
2274 | * @param string $login The user login. |
---|
2275 | * @return WP_User|WP_Error WP_User object on success, WP_Error object for invalid or expired keys. |
---|
2276 | */ |
---|
2277 | function check_password_reset_key( $key, $login ) { |
---|
2278 | global $wpdb, $wp_hasher; |
---|
2279 | |
---|
2280 | $key = preg_replace( '/[^a-z0-9]/i', '', $key ); |
---|
2281 | |
---|
2282 | if ( empty( $key ) || ! is_string( $key ) ) { |
---|
2283 | return new WP_Error( 'invalid_key', __( 'Invalid key' ) ); |
---|
2284 | } |
---|
2285 | |
---|
2286 | if ( empty( $login ) || ! is_string( $login ) ) { |
---|
2287 | return new WP_Error( 'invalid_key', __( 'Invalid key' ) ); |
---|
2288 | } |
---|
2289 | |
---|
2290 | $row = $wpdb->get_row( $wpdb->prepare( "SELECT ID, user_activation_key FROM $wpdb->users WHERE user_login = %s", $login ) ); |
---|
2291 | if ( ! $row ) { |
---|
2292 | return new WP_Error( 'invalid_key', __( 'Invalid key' ) ); |
---|
2293 | } |
---|
2294 | |
---|
2295 | if ( empty( $wp_hasher ) ) { |
---|
2296 | require_once ABSPATH . WPINC . '/class-phpass.php'; |
---|
2297 | $wp_hasher = new PasswordHash( 8, true ); |
---|
2298 | } |
---|
2299 | |
---|
2300 | /** |
---|
2301 | * Filters the expiration time of password reset keys. |
---|
2302 | * |
---|
2303 | * @since 4.3.0 |
---|
2304 | * |
---|
2305 | * @param int $expiration The expiration time in seconds. |
---|
2306 | */ |
---|
2307 | $expiration_duration = apply_filters( 'password_reset_expiration', DAY_IN_SECONDS ); |
---|
2308 | |
---|
2309 | if ( false !== strpos( $row->user_activation_key, ':' ) ) { |
---|
2310 | list( $pass_request_time, $pass_key ) = explode( ':', $row->user_activation_key, 2 ); |
---|
2311 | $expiration_time = $pass_request_time + $expiration_duration; |
---|
2312 | } else { |
---|
2313 | $pass_key = $row->user_activation_key; |
---|
2314 | $expiration_time = false; |
---|
2315 | } |
---|
2316 | |
---|
2317 | if ( ! $pass_key ) { |
---|
2318 | return new WP_Error( 'invalid_key', __( 'Invalid key' ) ); |
---|
2319 | } |
---|
2320 | |
---|
2321 | $hash_is_correct = $wp_hasher->CheckPassword( $key, $pass_key ); |
---|
2322 | |
---|
2323 | if ( $hash_is_correct && $expiration_time && time() < $expiration_time ) { |
---|
2324 | return get_userdata( $row->ID ); |
---|
2325 | } elseif ( $hash_is_correct && $expiration_time ) { |
---|
2326 | // Key has an expiration time that's passed |
---|
2327 | return new WP_Error( 'expired_key', __( 'Invalid key' ) ); |
---|
2328 | } |
---|
2329 | |
---|
2330 | if ( hash_equals( $row->user_activation_key, $key ) || ( $hash_is_correct && ! $expiration_time ) ) { |
---|
2331 | $return = new WP_Error( 'expired_key', __( 'Invalid key' ) ); |
---|
2332 | $user_id = $row->ID; |
---|
2333 | |
---|
2334 | /** |
---|
2335 | * Filters the return value of check_password_reset_key() when an |
---|
2336 | * old-style key is used. |
---|
2337 | * |
---|
2338 | * @since 3.7.0 Previously plain-text keys were stored in the database. |
---|
2339 | * @since 4.3.0 Previously key hashes were stored without an expiration time. |
---|
2340 | * |
---|
2341 | * @param WP_Error $return A WP_Error object denoting an expired key. |
---|
2342 | * Return a WP_User object to validate the key. |
---|
2343 | * @param int $user_id The matched user ID. |
---|
2344 | */ |
---|
2345 | return apply_filters( 'password_reset_key_expired', $return, $user_id ); |
---|
2346 | } |
---|
2347 | |
---|
2348 | return new WP_Error( 'invalid_key', __( 'Invalid key' ) ); |
---|
2349 | } |
---|
2350 | |
---|
2351 | /** |
---|
2352 | * Handles resetting the user's password. |
---|
2353 | * |
---|
2354 | * @since 2.5.0 |
---|
2355 | * |
---|
2356 | * @param WP_User $user The user |
---|
2357 | * @param string $new_pass New password for the user in plaintext |
---|
2358 | */ |
---|
2359 | function reset_password( $user, $new_pass ) { |
---|
2360 | /** |
---|
2361 | * Fires before the user's password is reset. |
---|
2362 | * |
---|
2363 | * @since 1.5.0 |
---|
2364 | * |
---|
2365 | * @param object $user The user. |
---|
2366 | * @param string $new_pass New user password. |
---|
2367 | */ |
---|
2368 | do_action( 'password_reset', $user, $new_pass ); |
---|
2369 | |
---|
2370 | wp_set_password( $new_pass, $user->ID ); |
---|
2371 | update_user_option( $user->ID, 'default_password_nag', false, true ); |
---|
2372 | |
---|
2373 | /** |
---|
2374 | * Fires after the user's password is reset. |
---|
2375 | * |
---|
2376 | * @since 4.4.0 |
---|
2377 | * |
---|
2378 | * @param WP_User $user The user. |
---|
2379 | * @param string $new_pass New user password. |
---|
2380 | */ |
---|
2381 | do_action( 'after_password_reset', $user, $new_pass ); |
---|
2382 | } |
---|
2383 | |
---|
2384 | /** |
---|
2385 | * Handles registering a new user. |
---|
2386 | * |
---|
2387 | * @since 2.5.0 |
---|
2388 | * |
---|
2389 | * @param string $user_login User's username for logging in |
---|
2390 | * @param string $user_email User's email address to send password and add |
---|
2391 | * @return int|WP_Error Either user's ID or error on failure. |
---|
2392 | */ |
---|
2393 | function register_new_user( $user_login, $user_email ) { |
---|
2394 | $errors = new WP_Error(); |
---|
2395 | |
---|
2396 | $sanitized_user_login = sanitize_user( $user_login ); |
---|
2397 | /** |
---|
2398 | * Filters the email address of a user being registered. |
---|
2399 | * |
---|
2400 | * @since 2.1.0 |
---|
2401 | * |
---|
2402 | * @param string $user_email The email address of the new user. |
---|
2403 | */ |
---|
2404 | $user_email = apply_filters( 'user_registration_email', $user_email ); |
---|
2405 | |
---|
2406 | // Check the username |
---|
2407 | if ( $sanitized_user_login == '' ) { |
---|
2408 | $errors->add( 'empty_username', __( '<strong>ERROR</strong>: Please enter a username.' ) ); |
---|
2409 | } elseif ( ! validate_username( $user_login ) ) { |
---|
2410 | $errors->add( 'invalid_username', __( '<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.' ) ); |
---|
2411 | $sanitized_user_login = ''; |
---|
2412 | } elseif ( username_exists( $sanitized_user_login ) ) { |
---|
2413 | $errors->add( 'username_exists', __( '<strong>ERROR</strong>: This username is already registered. Please choose another one.' ) ); |
---|
2414 | |
---|
2415 | } else { |
---|
2416 | /** This filter is documented in wp-includes/user.php */ |
---|
2417 | $illegal_user_logins = array_map( 'strtolower', (array) apply_filters( 'illegal_user_logins', array() ) ); |
---|
2418 | if ( in_array( strtolower( $sanitized_user_login ), $illegal_user_logins ) ) { |
---|
2419 | $errors->add( 'invalid_username', __( '<strong>ERROR</strong>: Sorry, that username is not allowed.' ) ); |
---|
2420 | } |
---|
2421 | } |
---|
2422 | |
---|
2423 | // Check the email address |
---|
2424 | if ( $user_email == '' ) { |
---|
2425 | $errors->add( 'empty_email', __( '<strong>ERROR</strong>: Please type your email address.' ) ); |
---|
2426 | } elseif ( ! is_email( $user_email ) ) { |
---|
2427 | $errors->add( 'invalid_email', __( '<strong>ERROR</strong>: The email address isn’t correct.' ) ); |
---|
2428 | $user_email = ''; |
---|
2429 | } elseif ( email_exists( $user_email ) ) { |
---|
2430 | $errors->add( 'email_exists', __( '<strong>ERROR</strong>: This email is already registered, please choose another one.' ) ); |
---|
2431 | } |
---|
2432 | |
---|
2433 | /** |
---|
2434 | * Fires when submitting registration form data, before the user is created. |
---|
2435 | * |
---|
2436 | * @since 2.1.0 |
---|
2437 | * |
---|
2438 | * @param string $sanitized_user_login The submitted username after being sanitized. |
---|
2439 | * @param string $user_email The submitted email. |
---|
2440 | * @param WP_Error $errors Contains any errors with submitted username and email, |
---|
2441 | * e.g., an empty field, an invalid username or email, |
---|
2442 | * or an existing username or email. |
---|
2443 | */ |
---|
2444 | do_action( 'register_post', $sanitized_user_login, $user_email, $errors ); |
---|
2445 | |
---|
2446 | /** |
---|
2447 | * Filters the errors encountered when a new user is being registered. |
---|
2448 | * |
---|
2449 | * The filtered WP_Error object may, for example, contain errors for an invalid |
---|
2450 | * or existing username or email address. A WP_Error object should always returned, |
---|
2451 | * but may or may not contain errors. |
---|
2452 | * |
---|
2453 | * If any errors are present in $errors, this will abort the user's registration. |
---|
2454 | * |
---|
2455 | * @since 2.1.0 |
---|
2456 | * |
---|
2457 | * @param WP_Error $errors A WP_Error object containing any errors encountered |
---|
2458 | * during registration. |
---|
2459 | * @param string $sanitized_user_login User's username after it has been sanitized. |
---|
2460 | * @param string $user_email User's email. |
---|
2461 | */ |
---|
2462 | $errors = apply_filters( 'registration_errors', $errors, $sanitized_user_login, $user_email ); |
---|
2463 | |
---|
2464 | if ( $errors->get_error_code() ) { |
---|
2465 | return $errors; |
---|
2466 | } |
---|
2467 | |
---|
2468 | $user_pass = wp_generate_password( 12, false ); |
---|
2469 | $user_id = wp_create_user( $sanitized_user_login, $user_pass, $user_email ); |
---|
2470 | if ( ! $user_id || is_wp_error( $user_id ) ) { |
---|
2471 | $errors->add( 'registerfail', sprintf( __( '<strong>ERROR</strong>: Couldn’t register you… please contact the <a href="mailto:%s">webmaster</a> !' ), get_option( 'admin_email' ) ) ); |
---|
2472 | return $errors; |
---|
2473 | } |
---|
2474 | |
---|
2475 | update_user_option( $user_id, 'default_password_nag', true, true ); //Set up the Password change nag. |
---|
2476 | |
---|
2477 | /** |
---|
2478 | * Fires after a new user registration has been recorded. |
---|
2479 | * |
---|
2480 | * @since 4.4.0 |
---|
2481 | * |
---|
2482 | * @param int $user_id ID of the newly registered user. |
---|
2483 | */ |
---|
2484 | do_action( 'register_new_user', $user_id ); |
---|
2485 | |
---|
2486 | return $user_id; |
---|
2487 | } |
---|
2488 | |
---|
2489 | /** |
---|
2490 | * Initiates email notifications related to the creation of new users. |
---|
2491 | * |
---|
2492 | * Notifications are sent both to the site admin and to the newly created user. |
---|
2493 | * |
---|
2494 | * @since 4.4.0 |
---|
2495 | * @since 4.6.0 Converted the `$notify` parameter to accept 'user' for sending |
---|
2496 | * notifications only to the user created. |
---|
2497 | * |
---|
2498 | * @param int $user_id ID of the newly created user. |
---|
2499 | * @param string $notify Optional. Type of notification that should happen. Accepts 'admin' |
---|
2500 | * or an empty string (admin only), 'user', or 'both' (admin and user). |
---|
2501 | * Default 'both'. |
---|
2502 | */ |
---|
2503 | function wp_send_new_user_notifications( $user_id, $notify = 'both' ) { |
---|
2504 | wp_new_user_notification( $user_id, null, $notify ); |
---|
2505 | } |
---|
2506 | |
---|
2507 | /** |
---|
2508 | * Retrieve the current session token from the logged_in cookie. |
---|
2509 | * |
---|
2510 | * @since 4.0.0 |
---|
2511 | * |
---|
2512 | * @return string Token. |
---|
2513 | */ |
---|
2514 | function wp_get_session_token() { |
---|
2515 | $cookie = wp_parse_auth_cookie( '', 'logged_in' ); |
---|
2516 | return ! empty( $cookie['token'] ) ? $cookie['token'] : ''; |
---|
2517 | } |
---|
2518 | |
---|
2519 | /** |
---|
2520 | * Retrieve a list of sessions for the current user. |
---|
2521 | * |
---|
2522 | * @since 4.0.0 |
---|
2523 | * @return array Array of sessions. |
---|
2524 | */ |
---|
2525 | function wp_get_all_sessions() { |
---|
2526 | $manager = WP_Session_Tokens::get_instance( get_current_user_id() ); |
---|
2527 | return $manager->get_all(); |
---|
2528 | } |
---|
2529 | |
---|
2530 | /** |
---|
2531 | * Remove the current session token from the database. |
---|
2532 | * |
---|
2533 | * @since 4.0.0 |
---|
2534 | */ |
---|
2535 | function wp_destroy_current_session() { |
---|
2536 | $token = wp_get_session_token(); |
---|
2537 | if ( $token ) { |
---|
2538 | $manager = WP_Session_Tokens::get_instance( get_current_user_id() ); |
---|
2539 | $manager->destroy( $token ); |
---|
2540 | } |
---|
2541 | } |
---|
2542 | |
---|
2543 | /** |
---|
2544 | * Remove all but the current session token for the current user for the database. |
---|
2545 | * |
---|
2546 | * @since 4.0.0 |
---|
2547 | */ |
---|
2548 | function wp_destroy_other_sessions() { |
---|
2549 | $token = wp_get_session_token(); |
---|
2550 | if ( $token ) { |
---|
2551 | $manager = WP_Session_Tokens::get_instance( get_current_user_id() ); |
---|
2552 | $manager->destroy_others( $token ); |
---|
2553 | } |
---|
2554 | } |
---|
2555 | |
---|
2556 | /** |
---|
2557 | * Remove all session tokens for the current user from the database. |
---|
2558 | * |
---|
2559 | * @since 4.0.0 |
---|
2560 | */ |
---|
2561 | function wp_destroy_all_sessions() { |
---|
2562 | $manager = WP_Session_Tokens::get_instance( get_current_user_id() ); |
---|
2563 | $manager->destroy_all(); |
---|
2564 | } |
---|
2565 | |
---|
2566 | /** |
---|
2567 | * Get the user IDs of all users with no role on this site. |
---|
2568 | * |
---|
2569 | * @since 4.4.0 |
---|
2570 | * @since 4.9.0 The `$site_id` parameter was added to support multisite. |
---|
2571 | * |
---|
2572 | * @param int|null $site_id Optional. The site ID to get users with no role for. Defaults to the current site. |
---|
2573 | * @return array Array of user IDs. |
---|
2574 | */ |
---|
2575 | function wp_get_users_with_no_role( $site_id = null ) { |
---|
2576 | global $wpdb; |
---|
2577 | |
---|
2578 | if ( ! $site_id ) { |
---|
2579 | $site_id = get_current_blog_id(); |
---|
2580 | } |
---|
2581 | |
---|
2582 | $prefix = $wpdb->get_blog_prefix( $site_id ); |
---|
2583 | |
---|
2584 | if ( is_multisite() && $site_id != get_current_blog_id() ) { |
---|
2585 | switch_to_blog( $site_id ); |
---|
2586 | $role_names = wp_roles()->get_names(); |
---|
2587 | restore_current_blog(); |
---|
2588 | } else { |
---|
2589 | $role_names = wp_roles()->get_names(); |
---|
2590 | } |
---|
2591 | |
---|
2592 | $regex = implode( '|', array_keys( $role_names ) ); |
---|
2593 | $regex = preg_replace( '/[^a-zA-Z_\|-]/', '', $regex ); |
---|
2594 | $users = $wpdb->get_col( |
---|
2595 | $wpdb->prepare( |
---|
2596 | " |
---|
2597 | SELECT user_id |
---|
2598 | FROM $wpdb->usermeta |
---|
2599 | WHERE meta_key = '{$prefix}capabilities' |
---|
2600 | AND meta_value NOT REGEXP %s |
---|
2601 | ", $regex |
---|
2602 | ) |
---|
2603 | ); |
---|
2604 | |
---|
2605 | return $users; |
---|
2606 | } |
---|
2607 | |
---|
2608 | /** |
---|
2609 | * Retrieves the current user object. |
---|
2610 | * |
---|
2611 | * Will set the current user, if the current user is not set. The current user |
---|
2612 | * will be set to the logged-in person. If no user is logged-in, then it will |
---|
2613 | * set the current user to 0, which is invalid and won't have any permissions. |
---|
2614 | * |
---|
2615 | * This function is used by the pluggable functions wp_get_current_user() and |
---|
2616 | * get_currentuserinfo(), the latter of which is deprecated but used for backward |
---|
2617 | * compatibility. |
---|
2618 | * |
---|
2619 | * @since 4.5.0 |
---|
2620 | * @access private |
---|
2621 | * |
---|
2622 | * @see wp_get_current_user() |
---|
2623 | * @global WP_User $current_user Checks if the current user is set. |
---|
2624 | * |
---|
2625 | * @return WP_User Current WP_User instance. |
---|
2626 | */ |
---|
2627 | function _wp_get_current_user() { |
---|
2628 | global $current_user; |
---|
2629 | |
---|
2630 | if ( ! empty( $current_user ) ) { |
---|
2631 | if ( $current_user instanceof WP_User ) { |
---|
2632 | return $current_user; |
---|
2633 | } |
---|
2634 | |
---|
2635 | // Upgrade stdClass to WP_User |
---|
2636 | if ( is_object( $current_user ) && isset( $current_user->ID ) ) { |
---|
2637 | $cur_id = $current_user->ID; |
---|
2638 | $current_user = null; |
---|
2639 | wp_set_current_user( $cur_id ); |
---|
2640 | return $current_user; |
---|
2641 | } |
---|
2642 | |
---|
2643 | // $current_user has a junk value. Force to WP_User with ID 0. |
---|
2644 | $current_user = null; |
---|
2645 | wp_set_current_user( 0 ); |
---|
2646 | return $current_user; |
---|
2647 | } |
---|
2648 | |
---|
2649 | if ( defined( 'XMLRPC_REQUEST' ) && XMLRPC_REQUEST ) { |
---|
2650 | wp_set_current_user( 0 ); |
---|
2651 | return $current_user; |
---|
2652 | } |
---|
2653 | |
---|
2654 | /** |
---|
2655 | * Filters the current user. |
---|
2656 | * |
---|
2657 | * The default filters use this to determine the current user from the |
---|
2658 | * request's cookies, if available. |
---|
2659 | * |
---|
2660 | * Returning a value of false will effectively short-circuit setting |
---|
2661 | * the current user. |
---|
2662 | * |
---|
2663 | * @since 3.9.0 |
---|
2664 | * |
---|
2665 | * @param int|bool $user_id User ID if one has been determined, false otherwise. |
---|
2666 | */ |
---|
2667 | $user_id = apply_filters( 'determine_current_user', false ); |
---|
2668 | if ( ! $user_id ) { |
---|
2669 | wp_set_current_user( 0 ); |
---|
2670 | return $current_user; |
---|
2671 | } |
---|
2672 | |
---|
2673 | wp_set_current_user( $user_id ); |
---|
2674 | |
---|
2675 | return $current_user; |
---|
2676 | } |
---|
2677 | |
---|
2678 | /** |
---|
2679 | * Send a confirmation request email when a change of user email address is attempted. |
---|
2680 | * |
---|
2681 | * @since 3.0.0 |
---|
2682 | * @since 4.9.0 This function was moved from wp-admin/includes/ms.php so it's no longer Multisite specific. |
---|
2683 | * |
---|
2684 | * @global WP_Error $errors WP_Error object. |
---|
2685 | * @global wpdb $wpdb WordPress database object. |
---|
2686 | */ |
---|
2687 | function send_confirmation_on_profile_email() { |
---|
2688 | global $errors, $wpdb; |
---|
2689 | |
---|
2690 | $current_user = wp_get_current_user(); |
---|
2691 | if ( ! is_object( $errors ) ) { |
---|
2692 | $errors = new WP_Error(); |
---|
2693 | } |
---|
2694 | |
---|
2695 | if ( $current_user->ID != $_POST['user_id'] ) { |
---|
2696 | return false; |
---|
2697 | } |
---|
2698 | |
---|
2699 | if ( $current_user->user_email != $_POST['email'] ) { |
---|
2700 | if ( ! is_email( $_POST['email'] ) ) { |
---|
2701 | $errors->add( |
---|
2702 | 'user_email', __( '<strong>ERROR</strong>: The email address isn’t correct.' ), array( |
---|
2703 | 'form-field' => 'email', |
---|
2704 | ) |
---|
2705 | ); |
---|
2706 | |
---|
2707 | return; |
---|
2708 | } |
---|
2709 | |
---|
2710 | if ( $wpdb->get_var( $wpdb->prepare( "SELECT user_email FROM {$wpdb->users} WHERE user_email=%s", $_POST['email'] ) ) ) { |
---|
2711 | $errors->add( |
---|
2712 | 'user_email', __( '<strong>ERROR</strong>: The email address is already used.' ), array( |
---|
2713 | 'form-field' => 'email', |
---|
2714 | ) |
---|
2715 | ); |
---|
2716 | delete_user_meta( $current_user->ID, '_new_email' ); |
---|
2717 | |
---|
2718 | return; |
---|
2719 | } |
---|
2720 | |
---|
2721 | $hash = md5( $_POST['email'] . time() . mt_rand() ); |
---|
2722 | $new_user_email = array( |
---|
2723 | 'hash' => $hash, |
---|
2724 | 'newemail' => $_POST['email'], |
---|
2725 | ); |
---|
2726 | update_user_meta( $current_user->ID, '_new_email', $new_user_email ); |
---|
2727 | |
---|
2728 | if ( is_multisite() ) { |
---|
2729 | $sitename = get_site_option( 'site_name' ); |
---|
2730 | } else { |
---|
2731 | $sitename = get_option( 'blogname' ); |
---|
2732 | } |
---|
2733 | |
---|
2734 | /* translators: Do not translate USERNAME, ADMIN_URL, EMAIL, SITENAME, SITEURL: those are placeholders. */ |
---|
2735 | $email_text = __( |
---|
2736 | 'Howdy ###USERNAME###, |
---|
2737 | |
---|
2738 | You recently requested to have the email address on your account changed. |
---|
2739 | |
---|
2740 | If this is correct, please click on the following link to change it: |
---|
2741 | ###ADMIN_URL### |
---|
2742 | |
---|
2743 | You can safely ignore and delete this email if you do not want to |
---|
2744 | take this action. |
---|
2745 | |
---|
2746 | This email has been sent to ###EMAIL### |
---|
2747 | |
---|
2748 | Regards, |
---|
2749 | All at ###SITENAME### |
---|
2750 | ###SITEURL###' |
---|
2751 | ); |
---|
2752 | |
---|
2753 | /** |
---|
2754 | * Filters the text of the email sent when a change of user email address is attempted. |
---|
2755 | * |
---|
2756 | * The following strings have a special meaning and will get replaced dynamically: |
---|
2757 | * ###USERNAME### The current user's username. |
---|
2758 | * ###ADMIN_URL### The link to click on to confirm the email change. |
---|
2759 | * ###EMAIL### The new email. |
---|
2760 | * ###SITENAME### The name of the site. |
---|
2761 | * ###SITEURL### The URL to the site. |
---|
2762 | * |
---|
2763 | * @since MU (3.0.0) |
---|
2764 | * @since 4.9.0 This filter is no longer Multisite specific. |
---|
2765 | * |
---|
2766 | * @param string $email_text Text in the email. |
---|
2767 | * @param array $new_user_email { |
---|
2768 | * Data relating to the new user email address. |
---|
2769 | * |
---|
2770 | * @type string $hash The secure hash used in the confirmation link URL. |
---|
2771 | * @type string $newemail The proposed new email address. |
---|
2772 | * } |
---|
2773 | */ |
---|
2774 | $content = apply_filters( 'new_user_email_content', $email_text, $new_user_email ); |
---|
2775 | |
---|
2776 | $content = str_replace( '###USERNAME###', $current_user->user_login, $content ); |
---|
2777 | $content = str_replace( '###ADMIN_URL###', esc_url( admin_url( 'profile.php?newuseremail=' . $hash ) ), $content ); |
---|
2778 | $content = str_replace( '###EMAIL###', $_POST['email'], $content ); |
---|
2779 | $content = str_replace( '###SITENAME###', wp_specialchars_decode( $sitename, ENT_QUOTES ), $content ); |
---|
2780 | $content = str_replace( '###SITEURL###', network_home_url(), $content ); |
---|
2781 | |
---|
2782 | wp_mail( $_POST['email'], sprintf( __( '[%s] New Email Address' ), wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ) ), $content ); |
---|
2783 | |
---|
2784 | $_POST['email'] = $current_user->user_email; |
---|
2785 | } |
---|
2786 | } |
---|
2787 | |
---|
2788 | /** |
---|
2789 | * Adds an admin notice alerting the user to check for confirmation request email |
---|
2790 | * after email address change. |
---|
2791 | * |
---|
2792 | * @since 3.0.0 |
---|
2793 | * @since 4.9.0 This function was moved from wp-admin/includes/ms.php so it's no longer Multisite specific. |
---|
2794 | * |
---|
2795 | * @global string $pagenow |
---|
2796 | */ |
---|
2797 | function new_user_email_admin_notice() { |
---|
2798 | global $pagenow; |
---|
2799 | if ( 'profile.php' === $pagenow && isset( $_GET['updated'] ) && $email = get_user_meta( get_current_user_id(), '_new_email', true ) ) { |
---|
2800 | /* translators: %s: New email address */ |
---|
2801 | echo '<div class="notice notice-info"><p>' . sprintf( __( 'Your email address has not been updated yet. Please check your inbox at %s for a confirmation email.' ), '<code>' . esc_html( $email['newemail'] ) . '</code>' ) . '</p></div>'; |
---|
2802 | } |
---|
2803 | } |
---|