| [ Index ] |
PHP Cross Reference of BuddyPress |
[Summary view] [Print] [Text view]
1 <?php 2 require_once ( './bb-load.php' ); 3 4 // Redirect if we require SSL and it isn't 5 bb_ssl_redirect(); 6 7 // Authenticate against the "logged_in" cookie 8 bb_auth( 'logged_in' ); 9 10 // Check that the current user can do this, if not kick them to the front page 11 if ( !bb_current_user_can( 'edit_user', $user_id ) ) { 12 $sendto = bb_get_uri( null, null, BB_URI_CONTEXT_HEADER ); 13 wp_redirect( $sendto ); 14 exit; 15 } 16 17 // Store the current user id 18 $bb_current_id = bb_get_current_user_info( 'id' ); 19 20 // I don't know how this would ever get triggered 21 if ( !bb_is_profile() ) { 22 $sendto = get_profile_tab_link( $bb_current_id, 'edit' ); 23 wp_redirect( $sendto ); 24 exit; 25 } 26 27 // Set some low capabilities if the current user has none 28 if ( !isset( $user->capabilities ) ) { 29 $user->capabilities = array( 'inactive' => true ); 30 } 31 32 // Store the profile info keys 33 $profile_info_keys = bb_get_profile_info_keys( 'profile-edit' ); 34 35 // Store additional keys if the current user has access to them 36 if ( bb_current_user_can('edit_users') ) { 37 $profile_admin_keys = bb_get_profile_admin_keys( 'profile-edit' ); 38 $assignable_caps = bb_get_assignable_caps(); 39 } 40 41 // Instantiate the error object 42 $errors = new WP_Error; 43 44 if ( 'post' == strtolower($_SERVER['REQUEST_METHOD']) ) { 45 $_POST = stripslashes_deep( $_POST ); 46 bb_check_admin_referer( 'edit-profile_' . $user_id ); 47 48 // Fix the URL before sanitizing it 49 $user_url = bb_fix_link( $_POST['user_url'] ); 50 51 // Sanitize the profile info keys and check for missing required data 52 foreach ( $profile_info_keys as $key => $label ) { 53 $$key = apply_filters( 'sanitize_profile_info', $_POST[$key], $key, $_POST[$key] ); 54 if ( !$$key && $label[0] == 1 ) { 55 $errors->add( $key, sprintf( __( '%s is required.' ), esc_html( $label[1] ) ) ); 56 $$key = false; 57 } 58 } 59 60 // Find out if we have a valid email address 61 if ( isset( $user_email ) && !$user_email = is_email( $user_email ) ) { 62 $errors->add( 'user_email', __( 'Invalid email address' ), array( 'data' => $_POST['user_email'] ) ); 63 } 64 65 // Deal with errors for users who can edit others data 66 if ( bb_current_user_can('edit_users') ) { 67 // Get the user object 68 $user_obj = new BP_User( $user->ID ); 69 70 // If we are deleting just do it and redirect 71 if ( isset( $_POST['delete-user'] ) && $_POST['delete-user'] && $bb_current_id != $user->ID ) { 72 if ( !bb_current_user_can( 'keep_gate' ) && 'keymaster' == $user_obj->roles[0] ) { /* Only a keymaster can delete another keymaster */ 73 $errors->add( 'delete', __( 'You can not delete this user!' ) ); 74 } else { 75 bb_delete_user( $user->ID ); 76 wp_redirect( bb_get_uri(null, null, BB_URI_CONTEXT_HEADER) ); 77 exit; 78 } 79 } 80 81 // Store the new role 82 $role = $_POST['role']; 83 84 // Deal with errors with the role 85 if ( !isset($wp_roles->role_objects[$role]) ) { 86 $errors->add( 'role', __( 'Invalid Role' ) ); 87 } elseif ( !bb_current_user_can( 'keep_gate' ) && ( 'keymaster' == $role || 'keymaster' == $user_obj->roles[0] ) ) { 88 $errors->add( 'role', __( 'You are not the Gate Keeper.' ) ); 89 } elseif ( 'keymaster' == $user_obj->roles[0] && 'keymaster' != $role && $bb_current_id == $user->ID ) { 90 $errors->add( 'role', __( 'You are Keymaster, so you may not demote yourself.' ) ); 91 } 92 93 // Sanitize the profile admin keys and check for missing required data 94 foreach ( $profile_admin_keys as $key => $label ) { 95 if ( isset( $$key ) ) 96 continue; 97 98 $$key = apply_filters( 'sanitize_profile_admin', $_POST[$key], $key, $_POST[$key] ); 99 if ( !$$key && $label[0] == 1 ) { 100 $errors->add( $key, sprintf( __( '%s is required.' ), esc_html( $label[1] ) ) ); 101 $$key = false; 102 } 103 } 104 105 // Create variable for the requested roles 106 foreach ( $assignable_caps as $cap => $label ) { 107 if ( isset($$cap) ) 108 continue; 109 110 $$cap = ( isset($_POST[$cap]) && $_POST[$cap] ) ? 1 : 0; 111 } 112 } 113 114 // Deal with errors generated from the password form 115 if ( bb_current_user_can( 'change_user_password', $user->ID ) ) { 116 if ( ( !empty($_POST['pass1']) || !empty($_POST['pass2']) ) && $_POST['pass1'] !== $_POST['pass2'] ) { 117 $errors->add( 'pass', __( 'You must enter the same password twice.' ) ); 118 } elseif( !empty($_POST['pass1']) && !bb_current_user_can( 'change_user_password', $user->ID ) ) { 119 $errors->add( 'pass', __( "You are not allowed to change this user's password." ) ); 120 } 121 } 122 123 // If there are no errors then update the records 124 if ( !$errors->get_error_codes() ) { 125 do_action('before_profile_edited', $user->ID); 126 127 if ( bb_current_user_can( 'edit_user', $user->ID ) ) { 128 // All these are always set at this point 129 bb_update_user( $user->ID, $user_email, $user_url, $display_name ); 130 131 // Add user meta data 132 foreach( $profile_info_keys as $key => $label ) { 133 if ( 'display_name' == $key || 'ID' == $key || strpos($key, 'user_') === 0 ) 134 continue; 135 if ( $$key != '' || isset($user->$key) ) 136 bb_update_usermeta( $user->ID, $key, $$key ); 137 } 138 } 139 140 if ( bb_current_user_can( 'edit_users' ) ) { 141 if ( !array_key_exists($role, $user->capabilities) ) { 142 $user_obj->set_role($role); // Only support one role for now 143 if ( 'blocked' == $role && 'blocked' != $old_role ) 144 bb_break_password( $user->ID ); 145 elseif ( 'blocked' != $role && array_key_exists( 'blocked', $user->capabilities ) ) 146 bb_fix_password( $user->ID ); 147 } 148 foreach( $profile_admin_keys as $key => $label ) 149 if ( $$key != '' || isset($user->$key) ) 150 bb_update_usermeta( $user->ID, $key, $$key ); 151 foreach( $assignable_caps as $cap => $label ) { 152 if ( ( !$already = array_key_exists($cap, $user->capabilities) ) && $$cap) { 153 $user_obj->add_cap($cap); 154 } elseif ( !$$cap && $already ) { 155 $user_obj->remove_cap($cap); 156 } 157 } 158 } 159 160 if ( bb_current_user_can( 'change_user_password', $user->ID ) && !empty($_POST['pass1']) ) { 161 $_POST['pass1'] = addslashes($_POST['pass1']); 162 bb_update_user_password( $user->ID, $_POST['pass1'] ); 163 164 if ( bb_get_current_user_info( 'ID' ) == $user->ID ) { 165 bb_clear_auth_cookie(); 166 bb_set_auth_cookie( $user->ID ); 167 } 168 } 169 170 do_action('profile_edited', $user->ID); 171 172 wp_redirect( add_query_arg( 'updated', 'true', get_user_profile_link( $user->ID ) ) ); 173 exit; 174 } 175 } 176 177 bb_load_template( 'profile-edit.php', array('profile_info_keys', 'profile_admin_keys', 'assignable_caps', 'user_email', 'bb_roles', 'errors', 'self') ); 178 179 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Thu Dec 7 01:01:35 2017 | Cross-referenced by PHPXref 0.7.1 |