Make WordPress Core

Changeset 2702


Ignore:
Timestamp:
07/09/2005 01:27:46 AM (19 years ago)
Author:
matt
Message:

Massive user_level fix. We were still using the user_level field in wp_users in some places, where we should just use the table prefixed usermeta value.

Location:
trunk
Files:
1 added
13 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/admin-db.php

    r2701 r2702  
    1414    $level_key = $wpdb->prefix . 'user_level';
    1515    if ( 1 < $user->user_level ) {
    16         $editable = $wpdb->get_col("SELECT user_id FROM $wpdb->usermeta WHERE meta_key = '$level_key' AND meta_value <= '$user->user_level' AND user_id != $user_id");
    17         if( is_array( $editable ) == false )
     16        $editable = get_editable_user_ids( $user_id );
     17   
     18        if( !$editable ) {
    1819                $other_drafts = '';
    19         else {
     20        } else {
    2021            $editable = join(',', $editable);
    21             $other_drafts = $wpdb->get_results("SELECT ID, post_title FROM $wpdb->posts WHERE post_status = 'draft' AND post_author IN ($editable) ");
     22            $other_drafts = $wpdb->get_results("SELECT ID, post_title FROM $wpdb->posts WHERE post_status = 'draft' AND post_author IN ($editable) AND post_author != '$user_id' ");
    2223        }
    2324    } else {
     
    2728}
    2829
     30function get_editable_authors( $user_id ) {
     31    global $wpdb;
     32    $user = get_userdata( $user_id );
     33    $level_key = $wpdb->prefix . 'user_level';
     34
     35    if ( 7 > $user->user_level ) // TODO: ROLE SYSTEM
     36        return false;
     37
     38    $editable = get_editable_user_ids( $user_id );
     39
     40    if( !$editable )
     41            return false;
     42    else {
     43        $editable = join(',', $editable);
     44        $authors = $wpdb->get_results( "SELECT * FROM $wpdb->users WHERE ID IN ($editable)" );
     45    }
     46
     47    return apply_filters('get_editable_authors', $authors);
     48}
     49
     50function get_editable_user_ids( $user_id, $exclude_zeros = true ) {
     51    global $wpdb;
     52    $user = get_userdata( $user_id );
     53    $level_key = $wpdb->prefix . 'user_level';
     54
     55    $query = "SELECT * FROM $wpdb->usermeta WHERE meta_key = '$level_key'";
     56    if ( $exclude_zeros )
     57        $query .= " AND meta_value != '0'";
     58    $possible = $wpdb->get_results( $query );
     59
     60    if ( !$possible )
     61        return false;   
     62
     63    $user_ids = array();
     64    foreach ( $possible as $mark )
     65        if ( intval($mark->meta_value) <= $user->user_level )
     66            $user_ids[] = $mark->user_id;
     67    if ( empty( $user_ids ) )
     68        return false;
     69    return $user_ids;
     70}
     71
     72function get_author_user_ids() {
     73    global $wpdb;
     74    $level_key = $wpdb->prefix . 'user_level';
     75
     76    $query = "SELECT user_id FROM $wpdb->usermeta WHERE meta_key = '$level_key' AND meta_value != '0'";
     77
     78    return $wpdb->get_col( $query );
     79}
     80
     81function get_nonauthor_user_ids() {
     82    global $wpdb;
     83    $level_key = $wpdb->prefix . 'user_level';
     84
     85    $query = "SELECT user_id FROM $wpdb->usermeta WHERE meta_key = '$level_key' AND meta_value = '0'";
     86
     87    return $wpdb->get_col( $query );
     88}
     89
    2990?>
  • trunk/wp-admin/admin-functions.php

    r2701 r2702  
    438438// Dandy new recursive multiple category stuff.
    439439function cat_rows($parent = 0, $level = 0, $categories = 0) {
    440     global $wpdb, $class, $user_level;
    441     if (!$categories)
     440    global $wpdb, $class, $current_user;
     441
     442    $user_level = $current_user->user_level;
     443
     444    if ( !$categories )
    442445        $categories = $wpdb->get_results("SELECT * FROM $wpdb->categories ORDER BY cat_name");
    443446
  • trunk/wp-admin/edit-form-advanced.php

    r2651 r2702  
    105105<?php endif; ?>
    106106
    107 <?php if ($user_level > 7 && $users = $wpdb->get_results("SELECT ID, user_login FROM $wpdb->users WHERE user_level <= $user_level AND user_level > 0") ) : ?>
     107<?php if ( $authors = get_editable_authors( $current_user->ID ) ) : // TODO: ROLE SYSTEM ?>
    108108<fieldset id="authordiv" class="dbx-box">
    109109<h3 class="dbx-handle"><?php _e('Post author'); ?>:</h3>
     
    111111<select name="post_author_override" id="post_author_override">
    112112<?php
    113 foreach ($users as $o) :
     113foreach ($authors as $o) :
    114114$o = get_userdata( $o->ID );
    115115if ( $post->post_author == $o->ID || ( empty($post_ID) && $user_ID == $o->ID ) ) $selected = 'selected="selected"';
  • trunk/wp-admin/edit-page-form.php

    r2699 r2702  
    109109        <td><input name="post_name" type="text" size="25" id="post_name" value="<?php echo $post->post_name ?>" /></td>
    110110    </tr>
    111 <?php if ($user_level > 7 && $users = $wpdb->get_results("SELECT ID, user_login FROM $wpdb->users WHERE user_level <= $user_level AND user_level > 0") ) : ?>
     111<?php if ( $authors = get_editable_authors( $current_user->ID ) ) : // TODO: ROLE SYSTEM ?>
    112112    <tr>
    113113        <th scope="row" width="30%"><?php _e('Page owner'); ?>:</th>
     
    115115        <select name="post_author" id="post_author">
    116116        <?php
    117         foreach ($users as $o) :
     117        foreach ($authors as $o) :
    118118            $o = get_userdata( $o->ID );
    119119            if ( $post->post_author == $o->ID || ( empty($post_ID) && $user_ID == $o->ID ) ) $selected = 'selected="selected"';
  • trunk/wp-admin/edit-pages.php

    r2264 r2702  
    1212
    1313<?php
     14/*
    1415if (isset($user_ID) && ('' != intval($user_ID))) {
    1516    $posts = $wpdb->get_results("
     
    1920    AND ($wpdb->users.user_level < $user_level OR $wpdb->posts.post_author = $user_ID)
    2021    ");
    21 } else {
     22} else { */
    2223    $posts = $wpdb->get_results("SELECT * FROM $wpdb->posts WHERE post_status = 'static'");
    23 }
     24// } FIXME
    2425
    2526if ($posts) {
  • trunk/wp-admin/post.php

    r2701 r2702  
    355355<div class="wrap">
    356356<?php _e('<h3>WordPress bookmarklet</h3>
    357 <p>You can drag the following link to your links bar or add it to your bookmarks and when you "Press it" it will open up a popup window with information and a link to the site you&#8217;re currently browsing so you can make a quick post about it. Try it out:</p>') ?>
     357<p>Right click on the following link and choose "Add to favorites" to create a posting shortcut.</p>') ?>
    358358<p>
    359359
  • trunk/wp-admin/upgrade-functions.php

    r2699 r2702  
    253253        endif;
    254254    endforeach;
    255     $old_user_fields = array( 'user_firstname', 'user_lastname', 'user_icq', 'user_aim', 'user_msn', 'user_yim', 'user_idmode', 'user_ip', 'user_domain', 'user_browser', 'user_description', 'user_nickname' );
     255    $old_user_fields = array( 'user_firstname', 'user_lastname', 'user_icq', 'user_aim', 'user_msn', 'user_yim', 'user_idmode', 'user_ip', 'user_domain', 'user_browser', 'user_description', 'user_nickname', 'user_level' );
    256256    $wpdb->hide_errors();
    257257    foreach ( $old_user_fields as $old )
  • trunk/wp-admin/upgrade-schema.php

    r2701 r2702  
    131131  user_url varchar(100) NOT NULL default '',
    132132  user_registered datetime NOT NULL default '0000-00-00 00:00:00',
    133   user_level int(2) unsigned NOT NULL default '0',
    134133  user_activation_key varchar(60) NOT NULL default '',
    135134  user_status int(11) NOT NULL default '0',
  • trunk/wp-admin/user-edit.php

    r2644 r2702  
    173173        </th>
    174174        <td>    <select name="display_name">
    175         <option value="<?php echo $profiledata->display_name; ?>"><?php echo $profiledata->display_name; ?></option>
    176         <option value="<?php echo $profiledata->nickname ?>"><?php echo $profiledata->nickname ?></option>
    177         <option value="<?php echo $profiledata->user_login ?>"><?php echo $profiledata->user_login ?></option>
    178     <?php if ( !empty( $profiledata->first_name ) ) : ?>
    179         <option value="<?php echo $profiledata->first_name ?>"><?php echo $profiledata->first_name ?></option>
     175        <option value="<?php echo $edituser->display_name; ?>"><?php echo $edituser->display_name; ?></option>
     176        <option value="<?php echo $edituser->nickname ?>"><?php echo $edituser->nickname ?></option>
     177        <option value="<?php echo $edituser->user_login ?>"><?php echo $edituser->user_login ?></option>
     178    <?php if ( !empty( $edituser->first_name ) ) : ?>
     179        <option value="<?php echo $edituser->first_name ?>"><?php echo $edituser->first_name ?></option>
    180180    <?php endif; ?>
    181     <?php if ( !empty( $profiledata->last_name ) ) : ?>
    182         <option value="<?php echo $profiledata->last_name ?>"><?php echo $profiledata->last_name ?></option>
     181    <?php if ( !empty( $edituser->last_name ) ) : ?>
     182        <option value="<?php echo $edituser->last_name ?>"><?php echo $edituser->last_name ?></option>
    183183    <?php endif; ?>
    184     <?php if ( !empty( $profiledata->first_name ) && !empty( $profiledata->last_name ) ) : ?>
    185         <option value="<?php echo $profiledata->first_name." ".$profiledata->last_name ?>"><?php echo $profiledata->first_name." ".$profiledata->last_name ?></option>
    186         <option value="<?php echo $profiledata->last_name." ".$profiledata->first_name ?>"><?php echo $profiledata->last_name." ".$profiledata->first_name ?></option>
     184    <?php if ( !empty( $edituser->first_name ) && !empty( $edituser->last_name ) ) : ?>
     185        <option value="<?php echo $edituser->first_name." ".$edituser->last_name ?>"><?php echo $edituser->first_name." ".$edituser->last_name ?></option>
     186        <option value="<?php echo $edituser->last_name." ".$edituser->first_name ?>"><?php echo $edituser->last_name." ".$edituser->first_name ?></option>
    187187    <?php endif; ?>
    188188      </select>
  • trunk/wp-admin/users.php

    r2698 r2702  
    11<?php
    22require_once('admin.php');
     3require_once( ABSPATH . WPINC . '/registration-functions.php');
    34
    45$title = __('Users');
    56$parent_file = 'profile.php';
    67   
    7 $wpvarstoreset = array('action');
    8 for ($i=0; $i<count($wpvarstoreset); $i += 1) {
    9     $wpvar = $wpvarstoreset[$i];
    10     if (!isset($$wpvar)) {
    11         if (empty($_POST["$wpvar"])) {
    12             if (empty($_GET["$wpvar"])) {
    13                 $$wpvar = '';
    14             } else {
    15                 $$wpvar = $_GET["$wpvar"];
    16             }
    17         } else {
    18             $$wpvar = $_POST["$wpvar"];
    19         }
    20     }
    21 }
     8$action = $_REQUEST['action'];
    229
    2310switch ($action) {
     
    4835    $user_nickname = $user_login;
    4936
    50     /* checking that the username isn't already used by another user */
    51     $loginthere = $wpdb->get_var("SELECT user_login FROM $wpdb->users WHERE user_login = '$user_login'");
    52     if ($loginthere)
     37    if ( username_exists( $user_login ) )
    5338        die (__('<strong>ERROR</strong>: This username is already registered, please choose another one.'));
    5439
    5540    /* checking e-mail address */
    56     if (empty($_POST["email"])) {
     41    if (empty($user_email)) {
    5742        die (__("<strong>ERROR</strong>: please type an e-mail address"));
    5843        return false;
    59     } else if (!is_email($_POST["email"])) {
     44    } else if (!is_email($user_email)) {
    6045        die (__("<strong>ERROR</strong>: the email address isn't correct"));
    6146        return false;
    6247    }
    6348
    64     $user_ID = $wpdb->get_var("SELECT ID FROM $wpdb->users ORDER BY ID DESC LIMIT 1") + 1;
    65 
    66     $user_nicename = sanitize_title($user_nickname, $user_ID);
    67     $user_uri = preg_match('/^(https?|ftps?|mailto|news|gopher):/is', $user_uri) ? $user_uri : 'http://' . $user_uri;
    68     $now = gmdate('Y-m-d H:i:s');
    69     $new_users_can_blog = get_settings('new_users_can_blog');
    70 
    71     $result = $wpdb->query("INSERT INTO $wpdb->users
    72         (user_login, user_pass, user_email, user_registered, user_level, user_nicename, user_url)
    73     VALUES
    74         ('$user_login', MD5('$pass1'), '$user_email', '$now', '$new_users_can_blog', '$user_nicename', '$user_uri')");
    75    
    76     if ($result == false)
    77         die (__('<strong>ERROR</strong>: Couldn&#8217;t register you!'));
    78 
     49    $user_ID = create_user( $user_login, $pass1, $user_email, 0 );
     50
     51    update_usermeta( $user_ID, 'first_name', $user_firstname);
     52    update_usermeta( $user_ID, 'last_name', $user_lastname);
     53    update_usermeta( $user_ID, 'first_name', $user_firstname);
     54   
    7955    $stars = '';
    8056    for ($i = 0; $i < strlen($pass1); $i = $i + 1)
     
    9773    }
    9874
    99     $id = $_GET['id'];
     75    $id = (int) $_GET['id'];
    10076    $prom = $_GET['prom'];
    10177
    10278    $user_data = get_userdata($id);
     79
    10380    $usertopromote_level = $user_data->user_level;
    10481
    105     if ($user_level <= $usertopromote_level) {
     82    if ( $user_level <= $usertopromote_level )
    10683        die(__('Can&#8217;t change the level of a user whose level is higher than yours.'));
    107     }
    10884
    10985    if ('up' == $prom) {
    11086        $new_level = $usertopromote_level + 1;
    111         $sql="UPDATE $wpdb->users SET user_level=$new_level WHERE ID = $id AND $new_level < $user_level";
    11287    } elseif ('down' == $prom) {
    11388        $new_level = $usertopromote_level - 1;
    114         $sql="UPDATE $wpdb->users SET user_level=$new_level WHERE ID = $id AND $new_level < $user_level";
    115     }
    116     $result = $wpdb->query($sql);
     89    }
     90    update_usermeta( $id, $wpdb->prefix . 'user_level', $new_level);
    11791
    11892    header('Location: users.php');
     
    164138    </tr>
    165139    <?php
    166     $users = $wpdb->get_results("SELECT ID FROM $wpdb->users WHERE user_level > 0 ORDER BY ID");
     140    $authors =
     141    $users = get_author_user_ids();
    167142    $style = '';
    168143    foreach ($users as $user) {
    169         $user_data = get_userdata($user->ID);
     144        $user_data = get_userdata($user);
    170145        $email = $user_data->user_email;
    171146        $url = $user_data->user_url;
     
    177152        $short_url =  substr($short_url, 0, 32).'...';
    178153        $style = ('class="alternate"' == $style) ? '' : 'class="alternate"';
    179         $numposts = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->posts WHERE post_author = $user->ID and post_status = 'publish'");
     154        $numposts = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->posts WHERE post_author = '$user' and post_status = 'publish'");
    180155        if (0 < $numposts) $numposts = "<a href='edit.php?author=$user_data->ID' title='" . __('View posts') . "'>$numposts</a>";
    181156        echo "
     
    206181
    207182<?php
    208 $users = $wpdb->get_results("SELECT * FROM $wpdb->users WHERE user_level = 0 ORDER BY ID");
     183$users = get_nonauthor_user_ids();
    209184if ($users) {
    210185?>
     
    225200$style = '';
    226201foreach ($users as $user) {
    227     $user_data = get_userdata($user->ID);
     202    $user_data = get_userdata($user);
    228203    $email = $user_data->user_email;
    229204    $url = $user_data->user_url;
  • trunk/wp-includes/functions.php

    r2699 r2702  
    12261226function update_user_cache() {
    12271227    global $cache_userdata, $wpdb;
    1228     $query = apply_filters('user_cache_query', "SELECT * FROM $wpdb->users WHERE user_level > 0");
     1228    $level_key = $wpdb->prefix . 'user_level';
     1229    $user_ids = $wpdb->get_col("SELECT user_id FROM $wpdb->usermeta WHERE meta_key = '$level_key'");
     1230    $user_ids = join(',', $user_ids);
     1231    $query = apply_filters('user_cache_query', "SELECT * FROM $wpdb->users WHERE ID IN ($user_ids)");
    12291232    if ( $users = $wpdb->get_results( $query ) ) :
    12301233        foreach ($users as $user) :
    12311234            $metavalues = $wpdb->get_results("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = '$user->ID'");
    1232             if ( is_array($metavalues) )
    1233                 foreach ( $metavalues as $meta )
    1234                     $user->{$meta->meta_key} = $meta->meta_value;
     1235            foreach ( $metavalues as $meta ) {
     1236                $user->{$meta->meta_key} = $meta->meta_value;
     1237                // We need to set user_level from meta, not row
     1238                if ( $wpdb->prefix . 'user_level' == $meta->meta_key )
     1239                    $user->user_level = $meta->meta_value;
     1240            }
    12351241
    12361242            $cache_userdata[$user->ID] = $user;
     
    19561962function update_usermeta( $user_id, $meta_key, $meta_value ) {
    19571963    global $wpdb;
    1958     $user_id = (int) $user_id;
     1964    if ( !is_numeric( $user_id ) )
     1965        return false;
    19591966    $meta_key = preg_replace('|a-z0-9_|i', '', $meta_key);
    19601967    $cur = $wpdb->get_row("SELECT * FROM $wpdb->usermeta WHERE user_id = '$user_id' AND meta_key = '$meta_key'");
  • trunk/wp-includes/pluggable-functions.php

    r2688 r2702  
    77if ( !function_exists('get_currentuserinfo') ) :
    88function get_currentuserinfo() {
    9     global $user_login, $userdata, $user_level, $user_ID, $user_email, $user_url, $user_pass_md5, $user_identity;
     9    global $user_login, $userdata, $user_level, $user_ID, $user_email, $user_url, $user_pass_md5, $user_identity, $current_user;
    1010
    1111    if ( !isset($_COOKIE['wordpressuser_' . COOKIEHASH]))
     
    1818    $user_email  = $userdata->user_email;
    1919    $user_url    = $userdata->user_url;
    20 
    2120    $user_pass_md5 = md5($userdata->user_pass);
    22 
    2321    $user_identity = $userdata->display_name;
     22    $current_user  = $userdata;
    2423}
    2524endif;
     
    4039    $metavalues = $wpdb->get_results("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = '$user_id'");
    4140
    42     foreach ( $metavalues as $meta )
     41    foreach ( $metavalues as $meta ) {
    4342        $user->{$meta->meta_key} = $meta->meta_value;
     43        // We need to set user_level from meta, not row
     44        if ( $wpdb->prefix . 'user_level' == $meta->meta_key )
     45            $user->user_level = $meta->meta_value;
     46    }
    4447
    4548    $cache_userdata[$user_id] = $user;
  • trunk/wp-register.php

    r2636 r2702  
    11<?php
    22require('./wp-config.php');
     3require_once( ABSPATH . WPINC . '/registration-functions.php');
    34
    4 $wpvarstoreset = array('action');
    5 for ($i=0; $i<count($wpvarstoreset); $i += 1) {
    6     $wpvar = $wpvarstoreset[$i];
    7     if (!isset($$wpvar)) {
    8         if (empty($_POST["$wpvar"])) {
    9             if (empty($_GET["$wpvar"])) {
    10                 $$wpvar = '';
    11             } else {
    12                 $$wpvar = $_GET["$wpvar"];
    13             }
    14         } else {
    15             $$wpvar = $_POST["$wpvar"];
    16         }
    17     }
    18 }
    19 
     5$action = $_REQUEST['action'];
    206if ( !get_settings('users_can_register') )
    217    $action = 'disabled';
     
    239header( 'Content-Type: ' . get_bloginfo('html_type') . '; charset=' . get_bloginfo('charset') );
    2410
    25 switch($action) {
     11switch( $action ) {
    2612
    2713case 'register':
     
    4026    }
    4127
    42     if ( $result = $wpdb->get_row("SELECT user_login FROM $wpdb->users WHERE user_login = '$user_login'") )
     28    if ( username_exists( $user_login ) )
    4329        die (__('<strong>ERROR</strong>: This username is already registered, please choose another one.'));
    4430
    45     $user_login = $wpdb->escape( sanitize_user($user_login) ) );
    46     $user_nicename = sanitize_title($user_nickname);
    47     $now = gmdate('Y-m-d H:i:s');
    4831    $user_level = get_settings('new_users_can_blog');
    4932    $password = substr( md5( uniqid( microtime() ) ), 0, 7);
    5033
    51     $result = $wpdb->query("INSERT INTO $wpdb->users
    52         (user_login, user_pass, user_email, user_registered, user_level, user_nicename)
    53     VALUES
    54         ('$user_login', MD5('$password'), '$user_email', '$now', '$user_level', '$user_nicename')");
     34    $user_id = create_user( $user_login, $password, $user_email, $user_level );
    5535
    56     do_action('user_register', $wpdb->insert_id);
     36    do_action('user_register', $user_id);
    5737
    58     if ($result == false) {
     38    if ( !$user_id ) {
    5939        die (sprintf(__('<strong>ERROR</strong>: Couldn&#8217;t register you... please contact the <a href="mailto:%s">webmaster</a> !'), get_settings('admin_email')));
    6040    }
Note: See TracChangeset for help on using the changeset viewer.