25
25
$user_id = (int) func_get_arg( 0 );
27
27
if ( isset( $_POST['role'] ) ) {
28
$new_role = sanitize_text_field( $_POST['role'] );
28
29
// Don't let anyone with 'edit_users' (admins) edit their own role to something without it.
29
if( $user_id != $current_user->id || $wp_roles->role_objects[$_POST['role']]->has_cap( 'edit_users' ) ) {
30
if ( $user_id != $current_user->id || $wp_roles->role_objects[$new_role]->has_cap( 'edit_users' ) ) {
30
31
// If the new role isn't editable by the logged-in user die with error
31
32
$editable_roles = get_editable_roles();
32
if (!$editable_roles[$_POST['role']])
33
if ( !$editable_roles[$new_role] )
33
34
wp_die(__('You can’t give users that role.'));
35
36
$user = new WP_User( $user_id );
36
$user->set_role( $_POST['role'] );
37
$user->set_role( $new_role );
74
75
$pass2 = $_POST['pass2'];
76
77
if ( isset( $_POST['role'] ) && current_user_can( 'edit_users' ) ) {
78
$new_role = sanitize_text_field( $_POST['role'] );
78
79
// Don't let anyone with 'edit_users' (admins) edit their own role to something without it.
79
if( $user_id != $current_user->id || $wp_roles->role_objects[$_POST['role']]->has_cap( 'edit_users' ))
80
$user->role = $_POST['role'];
80
if( $user_id != $current_user->id || $wp_roles->role_objects[$new_role]->has_cap( 'edit_users' ))
81
$user->role = $new_role;
82
83
// If the new role isn't editable by the logged-in user die with error
83
84
$editable_roles = get_editable_roles();
84
if (!$editable_roles[$_POST['role']])
85
if ( !$editable_roles[$new_role] )
85
86
wp_die(__('You can’t give users that role.'));
88
89
if ( isset( $_POST['email'] ))
89
$user->user_email = esc_html( trim( $_POST['email'] ));
90
$user->user_email = sanitize_text_field( $_POST['email'] );
90
91
if ( isset( $_POST['url'] ) ) {
91
92
if ( empty ( $_POST['url'] ) || $_POST['url'] == 'http://' ) {
92
93
$user->user_url = '';
94
$user->user_url = esc_url( trim( $_POST['url'] ));
95
$user->user_url = sanitize_url( $_POST['url'] );
95
96
$user->user_url = preg_match('/^(https?|ftps?|mailto|news|irc|gopher|nntp|feed|telnet):/is', $user->user_url) ? $user->user_url : 'http://'.$user->user_url;
98
if ( isset( $_POST['first_name'] ))
99
$user->first_name = esc_html( trim( $_POST['first_name'] ));
100
if ( isset( $_POST['last_name'] ))
101
$user->last_name = esc_html( trim( $_POST['last_name'] ));
102
if ( isset( $_POST['nickname'] ))
103
$user->nickname = esc_html( trim( $_POST['nickname'] ));
104
if ( isset( $_POST['display_name'] ))
105
$user->display_name = esc_html( trim( $_POST['display_name'] ));
106
if ( isset( $_POST['description'] ))
99
if ( isset( $_POST['first_name'] ) )
100
$user->first_name = sanitize_text_field( $_POST['first_name'] );
101
if ( isset( $_POST['last_name'] ) )
102
$user->last_name = sanitize_text_field( $_POST['last_name'] );
103
if ( isset( $_POST['nickname'] ) )
104
$user->nickname = sanitize_text_field( $_POST['nickname'] );
105
if ( isset( $_POST['display_name'] ) )
106
$user->display_name = sanitize_text_field( $_POST['display_name'] );
108
if ( isset( $_POST['description'] ) )
107
109
$user->description = trim( $_POST['description'] );
108
if ( isset( $_POST['jabber'] ))
109
$user->jabber = esc_html( trim( $_POST['jabber'] ));
110
if ( isset( $_POST['aim'] ))
111
$user->aim = esc_html( trim( $_POST['aim'] ));
112
if ( isset( $_POST['yim'] ))
113
$user->yim = esc_html( trim( $_POST['yim'] ));
115
$user->rich_editing = 'true'; // Default to true for new users.
116
else if ( isset( $_POST['rich_editing'] ) )
117
$user->rich_editing = $_POST['rich_editing'];
119
$user->rich_editing = 'true';
121
$user->comment_shortcuts = isset( $_POST['comment_shortcuts'] )? $_POST['comment_shortcuts'] : '';
111
foreach ( _wp_get_user_contactmethods() as $method => $name ) {
112
if ( isset( $_POST[$method] ))
113
$user->$method = sanitize_text_field( $_POST[$method] );
117
$user->rich_editing = isset( $_POST['rich_editing'] ) && 'false' == $_POST['rich_editing'] ? 'false' : 'true';
118
$user->admin_color = isset( $_POST['admin_color'] ) ? sanitize_text_field( $_POST['admin_color'] ) : 'fresh';
121
$user->comment_shortcuts = isset( $_POST['comment_shortcuts'] ) && 'true' == $_POST['comment_shortcuts'] ? 'true' : '';
123
123
$user->use_ssl = 0;
124
124
if ( !empty($_POST['use_ssl']) )
125
125
$user->use_ssl = 1;
128
$user->admin_color = 'fresh'; // Default to fresh for new users.
129
else if ( isset( $_POST['admin_color'] ) )
130
$user->admin_color = $_POST['admin_color'];
132
$user->admin_color = 'fresh';
134
127
$errors = new WP_Error();
136
129
/* checking that username has been typed */
160
153
if ( $pass1 != $pass2 )
161
154
$errors->add( 'pass', __( '<strong>ERROR</strong>: Please enter the same password in the two password fields.' ), array( 'form-field' => 'pass1' ) );
163
if (!empty ( $pass1 ))
156
if ( !empty( $pass1 ) )
164
157
$user->user_pass = $pass1;
166
159
if ( !$update && !validate_username( $user->user_login ) )
167
160
$errors->add( 'user_login', __( '<strong>ERROR</strong>: This username is invalid. Please enter a valid username.' ));
169
if (!$update && username_exists( $user->user_login ))
162
if ( !$update && username_exists( $user->user_login ) )
170
163
$errors->add( 'user_login', __( '<strong>ERROR</strong>: This username is already registered. Please choose another one.' ));
172
165
/* checking e-mail address */
173
if ( empty ( $user->user_email ) ) {
166
if ( empty( $user->user_email ) ) {
174
167
$errors->add( 'empty_email', __( '<strong>ERROR</strong>: Please enter an e-mail address.' ), array( 'form-field' => 'email' ) );
175
} elseif (!is_email( $user->user_email ) ) {
168
} elseif ( !is_email( $user->user_email ) ) {
176
169
$errors->add( 'invalid_email', __( '<strong>ERROR</strong>: The e-mail address isn’t correct.' ), array( 'form-field' => 'email' ) );
177
170
} elseif ( ( $owner_id = email_exists($user->user_email) ) && $owner_id != $user->ID ) {
178
171
$errors->add( 'email_exists', __('<strong>ERROR</strong>: This email is already registered, please choose another one.'), array( 'form-field' => 'email' ) );
181
// Allow plugins to return there own errors.
174
// Allow plugins to return their own errors.
182
175
do_action_ref_array('user_profile_update_errors', array ( &$errors, $update, &$user ) );
184
177
if ( $errors->get_error_codes() )
188
$user_id = wp_update_user( get_object_vars( $user ));
181
$user_id = wp_update_user( get_object_vars( $user ) );
190
$user_id = wp_insert_user( get_object_vars( $user ));
183
$user_id = wp_insert_user( get_object_vars( $user ) );
191
184
wp_new_user_notification( $user_id, isset($_POST['send_password']) ? $pass1 : '' );
372
365
function get_user_to_edit( $user_id ) {
373
366
$user = new WP_User( $user_id );
374
$user->user_login = esc_attr($user->user_login);
375
$user->user_email = esc_attr($user->user_email);
376
$user->user_url = esc_url($user->user_url);
377
$user->first_name = esc_attr($user->first_name);
378
$user->last_name = esc_attr($user->last_name);
379
$user->display_name = esc_attr($user->display_name);
380
$user->nickname = esc_attr($user->nickname);
381
$user->aim = isset( $user->aim ) && !empty( $user->aim ) ? esc_attr($user->aim) : '';
382
$user->yim = isset( $user->yim ) && !empty( $user->yim ) ? esc_attr($user->yim) : '';
383
$user->jabber = isset( $user->jabber ) && !empty( $user->jabber ) ? esc_attr($user->jabber) : '';
384
$user->description = isset( $user->description ) && !empty( $user->description ) ? esc_html($user->description) : '';
368
$user_contactmethods = _wp_get_user_contactmethods();
369
foreach ($user_contactmethods as $method => $name) {
370
if ( empty( $user->{$method} ) )
371
$user->{$method} = '';
374
if ( empty($user->description) )
375
$user->description = '';
377
$user = sanitize_user_object($user, 'edit');