| [ Index ] |
PHP Cross Reference of BuddyPress |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * BuddyPress Settings Actions 4 * 5 * @todo split actions into separate screen functions 6 * @package BuddyPress 7 * @subpackage SettingsActions 8 * @since 1.5.0 9 */ 10 11 // Exit if accessed directly. 12 defined( 'ABSPATH' ) || exit; 13 14 /** 15 * Handles the changing and saving of user email addresses and passwords. 16 * 17 * We do quite a bit of logic and error handling here to make sure that users 18 * do not accidentally lock themselves out of their accounts. We also try to 19 * provide as accurate of feedback as possible without exposing anyone else's 20 * information to them. 21 * 22 * Special considerations are made for super admins that are able to edit any 23 * users accounts already, without knowing their existing password. 24 * 25 * @since 1.6.0 26 * 27 * @global BuddyPress $bp 28 */ 29 function bp_settings_action_general() { 30 if ( ! bp_is_post_request() ) { 31 return; 32 } 33 34 // Bail if no submit action. 35 if ( ! isset( $_POST['submit'] ) ) { 36 return; 37 } 38 39 // Bail if not in settings. 40 if ( ! bp_is_settings_component() || ! bp_is_current_action( 'general' ) ) { 41 return; 42 } 43 44 // 404 if there are any additional action variables attached 45 if ( bp_action_variables() ) { 46 bp_do_404(); 47 return; 48 } 49 50 // Define local defaults 51 $bp = buddypress(); // The instance 52 $email_error = false; // invalid|blocked|taken|empty|nochange 53 $pass_error = false; // invalid|mismatch|empty|nochange 54 $pass_changed = false; // true if the user changes their password 55 $email_changed = false; // true if the user changes their email 56 $feedback_type = 'error'; // success|error 57 $feedback = array(); // array of strings for feedback. 58 59 // Nonce check. 60 check_admin_referer('bp_settings_general'); 61 62 // Validate the user again for the current password when making a big change. 63 if ( ( is_super_admin() ) || ( !empty( $_POST['pwd'] ) && wp_check_password( $_POST['pwd'], $bp->displayed_user->userdata->user_pass, bp_displayed_user_id() ) ) ) { 64 65 $update_user = get_userdata( bp_displayed_user_id() ); 66 67 /* Email Change Attempt ******************************************/ 68 69 if ( !empty( $_POST['email'] ) ) { 70 71 // What is missing from the profile page vs signup - 72 // let's double check the goodies. 73 $user_email = sanitize_email( esc_html( trim( $_POST['email'] ) ) ); 74 $old_user_email = $bp->displayed_user->userdata->user_email; 75 76 // User is changing email address. 77 if ( $old_user_email != $user_email ) { 78 79 // Run some tests on the email address. 80 $email_checks = bp_core_validate_email_address( $user_email ); 81 82 if ( true !== $email_checks ) { 83 if ( isset( $email_checks['invalid'] ) ) { 84 $email_error = 'invalid'; 85 } 86 87 if ( isset( $email_checks['domain_banned'] ) || isset( $email_checks['domain_not_allowed'] ) ) { 88 $email_error = 'blocked'; 89 } 90 91 if ( isset( $email_checks['in_use'] ) ) { 92 $email_error = 'taken'; 93 } 94 } 95 96 // Store a hash to enable email validation. 97 if ( false === $email_error ) { 98 $hash = wp_generate_password( 32, false ); 99 100 $pending_email = array( 101 'hash' => $hash, 102 'newemail' => $user_email, 103 ); 104 105 bp_update_user_meta( bp_displayed_user_id(), 'pending_email_change', $pending_email ); 106 $verify_link = bp_displayed_user_domain() . bp_get_settings_slug() . '/?verify_email_change=' . $hash; 107 108 // Send the verification email. 109 $args = array( 110 'tokens' => array( 111 'displayname' => bp_core_get_user_displayname( bp_displayed_user_id() ), 112 'old-user.email' => $old_user_email, 113 'user.email' => $user_email, 114 'verify.url' => esc_url( $verify_link ), 115 ), 116 ); 117 bp_send_email( 'settings-verify-email-change', bp_displayed_user_id(), $args ); 118 119 // We mark that the change has taken place so as to ensure a 120 // success message, even though verification is still required. 121 $_POST['email'] = $update_user->user_email; 122 $email_changed = true; 123 } 124 125 // No change. 126 } else { 127 $email_error = false; 128 } 129 130 // Email address cannot be empty. 131 } else { 132 $email_error = 'empty'; 133 } 134 135 /* Password Change Attempt ***************************************/ 136 137 if ( !empty( $_POST['pass1'] ) && !empty( $_POST['pass2'] ) ) { 138 139 if ( ( $_POST['pass1'] == $_POST['pass2'] ) && !strpos( " " . wp_unslash( $_POST['pass1'] ), "\\" ) ) { 140 141 // Password change attempt is successful. 142 if ( ( ! empty( $_POST['pwd'] ) && $_POST['pwd'] != $_POST['pass1'] ) || is_super_admin() ) { 143 $update_user->user_pass = $_POST['pass1']; 144 $pass_changed = true; 145 146 // The new password is the same as the current password. 147 } else { 148 $pass_error = 'same'; 149 } 150 151 // Password change attempt was unsuccessful. 152 } else { 153 $pass_error = 'mismatch'; 154 } 155 156 // Both password fields were empty. 157 } elseif ( empty( $_POST['pass1'] ) && empty( $_POST['pass2'] ) ) { 158 $pass_error = false; 159 160 // One of the password boxes was left empty. 161 } elseif ( ( empty( $_POST['pass1'] ) && !empty( $_POST['pass2'] ) ) || ( !empty( $_POST['pass1'] ) && empty( $_POST['pass2'] ) ) ) { 162 $pass_error = 'empty'; 163 } 164 165 // The structure of the $update_user object changed in WP 3.3, but 166 // wp_update_user() still expects the old format. 167 if ( isset( $update_user->data ) && is_object( $update_user->data ) ) { 168 $update_user = $update_user->data; 169 $update_user = get_object_vars( $update_user ); 170 171 // Unset the password field to prevent it from emptying out the 172 // user's user_pass field in the database. 173 // @see wp_update_user(). 174 if ( false === $pass_changed ) { 175 unset( $update_user['user_pass'] ); 176 } 177 } 178 179 // Clear cached data, so that the changed settings take effect 180 // on the current page load. 181 if ( ( false === $email_error ) && ( false === $pass_error ) && ( wp_update_user( $update_user ) ) ) { 182 $bp->displayed_user->userdata = bp_core_get_core_userdata( bp_displayed_user_id() ); 183 } 184 185 // Password Error. 186 } else { 187 $pass_error = 'invalid'; 188 } 189 190 // Email feedback. 191 switch ( $email_error ) { 192 case 'invalid' : 193 $feedback['email_invalid'] = __( 'That email address is invalid. Check the formatting and try again.', 'buddypress' ); 194 break; 195 case 'blocked' : 196 $feedback['email_blocked'] = __( 'That email address is currently unavailable for use.', 'buddypress' ); 197 break; 198 case 'taken' : 199 $feedback['email_taken'] = __( 'That email address is already taken.', 'buddypress' ); 200 break; 201 case 'empty' : 202 $feedback['email_empty'] = __( 'Email address cannot be empty.', 'buddypress' ); 203 break; 204 case false : 205 // No change. 206 break; 207 } 208 209 // Password feedback. 210 switch ( $pass_error ) { 211 case 'invalid' : 212 $feedback['pass_error'] = __( 'Your current password is invalid.', 'buddypress' ); 213 break; 214 case 'mismatch' : 215 $feedback['pass_mismatch'] = __( 'The new password fields did not match.', 'buddypress' ); 216 break; 217 case 'empty' : 218 $feedback['pass_empty'] = __( 'One of the password fields was empty.', 'buddypress' ); 219 break; 220 case 'same' : 221 $feedback['pass_same'] = __( 'The new password must be different from the current password.', 'buddypress' ); 222 break; 223 case false : 224 // No change. 225 break; 226 } 227 228 // No errors so show a simple success message. 229 if ( ( ( false === $email_error ) || ( false == $pass_error ) ) && ( ( true === $pass_changed ) || ( true === $email_changed ) ) ) { 230 $feedback[] = __( 'Your settings have been saved.', 'buddypress' ); 231 $feedback_type = 'success'; 232 233 // Some kind of errors occurred. 234 } elseif ( ( ( false === $email_error ) || ( false === $pass_error ) ) && ( ( false === $pass_changed ) || ( false === $email_changed ) ) ) { 235 if ( bp_is_my_profile() ) { 236 $feedback['nochange'] = __( 'No changes were made to your account.', 'buddypress' ); 237 } else { 238 $feedback['nochange'] = __( 'No changes were made to this account.', 'buddypress' ); 239 } 240 } 241 242 // Set the feedback. 243 bp_core_add_message( implode( "\n", $feedback ), $feedback_type ); 244 245 /** 246 * Fires after the general settings have been saved, and before redirect. 247 * 248 * @since 1.5.0 249 */ 250 do_action( 'bp_core_general_settings_after_save' ); 251 252 // Redirect to prevent issues with browser back button. 253 bp_core_redirect( trailingslashit( bp_displayed_user_domain() . bp_get_settings_slug() . '/general' ) ); 254 } 255 add_action( 'bp_actions', 'bp_settings_action_general' ); 256 257 /** 258 * Handles the changing and saving of user notification settings. 259 * 260 * @since 1.6.0 261 */ 262 function bp_settings_action_notifications() { 263 if ( ! bp_is_post_request() ) { 264 return; 265 } 266 267 // Bail if no submit action. 268 if ( ! isset( $_POST['submit'] ) ) { 269 return; 270 } 271 272 // Bail if not in settings. 273 if ( ! bp_is_settings_component() || ! bp_is_current_action( 'notifications' ) ) { 274 return false; 275 } 276 277 // 404 if there are any additional action variables attached 278 if ( bp_action_variables() ) { 279 bp_do_404(); 280 return; 281 } 282 283 check_admin_referer( 'bp_settings_notifications' ); 284 285 bp_settings_update_notification_settings( bp_displayed_user_id(), (array) $_POST['notifications'] ); 286 287 // Switch feedback for super admins. 288 if ( bp_is_my_profile() ) { 289 bp_core_add_message( __( 'Your notification settings have been saved.', 'buddypress' ), 'success' ); 290 } else { 291 bp_core_add_message( __( "This user's notification settings have been saved.", 'buddypress' ), 'success' ); 292 } 293 294 /** 295 * Fires after the notification settings have been saved, and before redirect. 296 * 297 * @since 1.5.0 298 */ 299 do_action( 'bp_core_notification_settings_after_save' ); 300 301 bp_core_redirect( bp_displayed_user_domain() . bp_get_settings_slug() . '/notifications/' ); 302 } 303 add_action( 'bp_actions', 'bp_settings_action_notifications' ); 304 305 /** 306 * Handles the setting of user capabilities, spamming, hamming, role, etc... 307 * 308 * @since 1.6.0 309 */ 310 function bp_settings_action_capabilities() { 311 if ( ! bp_is_post_request() ) { 312 return; 313 } 314 315 // Bail if no submit action. 316 if ( ! isset( $_POST['capabilities-submit'] ) ) { 317 return; 318 } 319 320 // Bail if not in settings. 321 if ( ! bp_is_settings_component() || ! bp_is_current_action( 'capabilities' ) ) { 322 return false; 323 } 324 325 // 404 if there are any additional action variables attached 326 if ( bp_action_variables() ) { 327 bp_do_404(); 328 return; 329 } 330 331 // Only super admins can currently spam users (but they can't spam 332 // themselves). 333 if ( ! is_super_admin() || bp_is_my_profile() ) { 334 return; 335 } 336 337 // Nonce check. 338 check_admin_referer( 'capabilities' ); 339 340 /** 341 * Fires before the capabilities settings have been saved. 342 * 343 * @since 1.6.0 344 */ 345 do_action( 'bp_settings_capabilities_before_save' ); 346 347 /* Spam **************************************************************/ 348 349 $is_spammer = !empty( $_POST['user-spammer'] ) ? true : false; 350 351 if ( bp_is_user_spammer( bp_displayed_user_id() ) != $is_spammer ) { 352 $status = ( true == $is_spammer ) ? 'spam' : 'ham'; 353 bp_core_process_spammer_status( bp_displayed_user_id(), $status ); 354 355 /** 356 * Fires after processing a user as a spammer. 357 * 358 * @since 1.1.0 359 * 360 * @param int $value ID of the currently displayed user. 361 * @param string $status Determined status of "spam" or "ham" for the displayed user. 362 */ 363 do_action( 'bp_core_action_set_spammer_status', bp_displayed_user_id(), $status ); 364 } 365 366 /* Other *************************************************************/ 367 368 /** 369 * Fires after the capabilities settings have been saved and before redirect. 370 * 371 * @since 1.6.0 372 */ 373 do_action( 'bp_settings_capabilities_after_save' ); 374 375 // Redirect to the root domain. 376 bp_core_redirect( bp_displayed_user_domain() . bp_get_settings_slug() . '/capabilities/' ); 377 } 378 add_action( 'bp_actions', 'bp_settings_action_capabilities' ); 379 380 /** 381 * Handles the deleting of a user. 382 * 383 * @since 1.6.0 384 */ 385 function bp_settings_action_delete_account() { 386 if ( ! bp_is_post_request() ) { 387 return; 388 } 389 390 // Bail if no submit action. 391 if ( ! isset( $_POST['delete-account-understand'] ) ) { 392 return; 393 } 394 395 // Bail if not in settings. 396 if ( ! bp_is_settings_component() || ! bp_is_current_action( 'delete-account' ) ) { 397 return false; 398 } 399 400 // 404 if there are any additional action variables attached 401 if ( bp_action_variables() ) { 402 bp_do_404(); 403 return; 404 } 405 406 // Bail if account deletion is disabled. 407 if ( bp_disable_account_deletion() && ! bp_current_user_can( 'delete_users' ) ) { 408 return false; 409 } 410 411 // Nonce check. 412 check_admin_referer( 'delete-account' ); 413 414 // Get username now because it might be gone soon! 415 $username = bp_get_displayed_user_fullname(); 416 417 // Delete the users account. 418 if ( bp_core_delete_account( bp_displayed_user_id() ) ) { 419 420 // Add feedback after deleting a user. 421 bp_core_add_message( sprintf( __( '%s was successfully deleted.', 'buddypress' ), $username ), 'success' ); 422 423 // Redirect to the root domain. 424 bp_core_redirect( bp_get_root_domain() ); 425 } 426 } 427 add_action( 'bp_actions', 'bp_settings_action_delete_account' ); 428 429 /** 430 * Process email change verification or cancel requests. 431 * 432 * @since 2.1.0 433 */ 434 function bp_settings_verify_email_change() { 435 if ( ! bp_is_settings_component() ) { 436 return; 437 } 438 439 if ( ! bp_is_my_profile() ) { 440 return; 441 } 442 443 $redirect_to = trailingslashit( bp_displayed_user_domain() . bp_get_settings_slug() ); 444 445 // Email change is being verified. 446 if ( isset( $_GET['verify_email_change'] ) ) { 447 $pending_email = bp_get_user_meta( bp_displayed_user_id(), 'pending_email_change', true ); 448 449 // Bail if the hash provided doesn't match the one saved in the database. 450 if ( ! hash_equals( urldecode( $_GET['verify_email_change'] ), $pending_email['hash'] ) ) { 451 return; 452 } 453 454 $email_changed = wp_update_user( array( 455 'ID' => bp_displayed_user_id(), 456 'user_email' => trim( $pending_email['newemail'] ), 457 ) ); 458 459 if ( $email_changed ) { 460 461 // Delete the pending email change key. 462 bp_delete_user_meta( bp_displayed_user_id(), 'pending_email_change' ); 463 464 // Post a success message and redirect. 465 bp_core_add_message( __( 'You have successfully verified your new email address.', 'buddypress' ) ); 466 } else { 467 // Unknown error. 468 bp_core_add_message( __( 'There was a problem verifying your new email address. Please try again.', 'buddypress' ), 'error' ); 469 } 470 471 bp_core_redirect( $redirect_to ); 472 die(); 473 474 // Email change is being dismissed. 475 } elseif ( ! empty( $_GET['dismiss_email_change'] ) ) { 476 $nonce_check = isset( $_GET['_wpnonce'] ) && wp_verify_nonce( wp_unslash( $_GET['_wpnonce'] ), 'bp_dismiss_email_change' ); 477 478 if ( $nonce_check ) { 479 bp_delete_user_meta( bp_displayed_user_id(), 'pending_email_change' ); 480 bp_core_add_message( __( 'You have successfully dismissed your pending email change.', 'buddypress' ) ); 481 } 482 483 bp_core_redirect( $redirect_to ); 484 die(); 485 } 486 } 487 add_action( 'bp_actions', 'bp_settings_verify_email_change' ); 488 489 /** 490 * Removes 'Email' sub nav, if no component has registered options there. 491 * 492 * @since 2.2.0 493 */ 494 function bp_settings_remove_email_subnav() { 495 if ( ! has_action( 'bp_notification_settings' ) ) { 496 bp_core_remove_subnav_item( BP_SETTINGS_SLUG, 'notifications' ); 497 } 498 } 499 add_action( 'bp_actions', 'bp_settings_remove_email_subnav' );
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Mon Apr 2 01:00:57 2018 | Cross-referenced by PHPXref 0.7.1 |