[ Index ]

PHP Cross Reference of BBPress

title

Body

[close]

/src/includes/users/ -> functions.php (source)

   1  <?php
   2  
   3  /**
   4   * bbPress User Functions
   5   *
   6   * @package bbPress
   7   * @subpackage Functions
   8   */
   9  
  10  // Exit if accessed directly
  11  defined( 'ABSPATH' ) || exit;
  12  
  13  /**
  14   * Redirect back to $url when attempting to use the login page
  15   *
  16   * @since 2.0.0 bbPress (r2815)
  17   *
  18   * @param string $url The url
  19   * @param string $raw_url Raw url
  20   * @param object $user User object
  21   */
  22  function bbp_redirect_login( $url = '', $raw_url = '', $user = '' ) {
  23  
  24      // Raw redirect_to was passed, so use it
  25      if ( ! empty( $raw_url ) ) {
  26          $url = $raw_url;
  27  
  28      // $url was manually set in wp-login.php to redirect to admin
  29      } elseif ( admin_url() === $url ) {
  30          $url = home_url();
  31  
  32      // $url is empty
  33      } elseif ( empty( $url ) ) {
  34          $url = home_url();
  35      }
  36  
  37      // Filter & return
  38      return apply_filters( 'bbp_redirect_login', $url, $raw_url, $user );
  39  }
  40  
  41  /**
  42   * Is an anonymous topic/reply being made?
  43   *
  44   * @since 2.0.0 bbPress (r2688)
  45   *
  46   * @return bool True if anonymous is allowed and user is not logged in, false if
  47   *               anonymous is not allowed or user is logged in
  48   */
  49  function bbp_is_anonymous() {
  50      $is_anonymous = ( ! is_user_logged_in() && bbp_allow_anonymous() );
  51  
  52      // Filter & return
  53      return (bool) apply_filters( 'bbp_is_anonymous', $is_anonymous );
  54  }
  55  
  56  /**
  57   * Echoes the values for current poster (uses WP comment cookies)
  58   *
  59   * @since 2.0.0 bbPress (r2734)
  60   *
  61   * @param string $key Which value to echo?
  62   */
  63  function bbp_current_anonymous_user_data( $key = '' ) {
  64      echo esc_attr( bbp_get_current_anonymous_user_data( $key ) );
  65  }
  66  
  67      /**
  68       * Get the cookies for current poster (uses WP comment cookies).
  69       *
  70       * @since 2.0.0 bbPress (r2734)
  71       *
  72       * @param string $key Optional. Which value to get? If not given, then
  73       *                     an array is returned.
  74       * @return string|array Cookie(s) for current poster
  75       */
  76  	function bbp_get_current_anonymous_user_data( $key = '' ) {
  77  
  78          // Array of allowed cookie names
  79          $cookie_names = array(
  80              'name'  => 'comment_author',
  81              'email' => 'comment_author_email',
  82              'url'   => 'comment_author_url',
  83  
  84              // Here just for the sake of them, use the above ones
  85              'comment_author'       => 'comment_author',
  86              'comment_author_email' => 'comment_author_email',
  87              'comment_author_url'   => 'comment_author_url',
  88          );
  89  
  90          // Get the current poster's info from the cookies
  91          $bbp_current_poster = wp_get_current_commenter();
  92  
  93          // Sanitize the cookie key being retrieved
  94          $key = sanitize_key( $key );
  95  
  96          // Maybe return a specific key
  97          if ( ! empty( $key ) && in_array( $key, array_keys( $cookie_names ), true ) ) {
  98              return $bbp_current_poster[ $cookie_names[ $key ] ];
  99          }
 100  
 101          // Return all keys
 102          return $bbp_current_poster;
 103      }
 104  
 105  /**
 106   * Set the cookies for current poster (uses WP comment cookies)
 107   *
 108   * @since 2.0.0 bbPress (r2734)
 109   *
 110   * @param array $anonymous_data Optional - if it's an anonymous post. Do not
 111   *                              supply if supplying $author_id. Should be
 112   *                              sanitized (see {@link bbp_filter_anonymous_post_data()}
 113   */
 114  function bbp_set_current_anonymous_user_data( $anonymous_data = array() ) {
 115  
 116      // Bail if empty or not an array
 117      if ( empty( $anonymous_data ) || ! is_array( $anonymous_data ) ) {
 118          return;
 119      }
 120  
 121      // Setup cookie expiration
 122      $lifetime = (int) apply_filters( 'comment_cookie_lifetime', 30000000 );
 123      $expiry   = time() + $lifetime;
 124      $secure   = ( 'https' === parse_url( home_url(), PHP_URL_SCHEME ) );
 125  
 126      // Set the cookies
 127      setcookie( 'comment_author_'       . COOKIEHASH, $anonymous_data['bbp_anonymous_name'],    $expiry, COOKIEPATH, COOKIE_DOMAIN, $secure );
 128      setcookie( 'comment_author_email_' . COOKIEHASH, $anonymous_data['bbp_anonymous_email'],   $expiry, COOKIEPATH, COOKIE_DOMAIN, $secure );
 129      setcookie( 'comment_author_url_'   . COOKIEHASH, $anonymous_data['bbp_anonymous_website'], $expiry, COOKIEPATH, COOKIE_DOMAIN, $secure );
 130  }
 131  
 132  /**
 133   * Get the poster IP address
 134   *
 135   * @since 2.0.0 bbPress (r3120)
 136   * @since 2.6.0 bbPress (r5609) Added `empty()` check for unit tests
 137   *
 138   * @return string
 139   */
 140  function bbp_current_author_ip() {
 141  
 142      // Check for remote address
 143      $remote_address = ! empty( $_SERVER['REMOTE_ADDR'] )
 144          ? wp_unslash( $_SERVER['REMOTE_ADDR'] )
 145          : '127.0.0.1';
 146  
 147      // Remove any unsavory bits
 148      $retval = preg_replace( '/[^0-9a-fA-F:., ]/', '', $remote_address );
 149  
 150      // Filter & return
 151      return apply_filters( 'bbp_current_author_ip', $retval, $remote_address );
 152  }
 153  
 154  /**
 155   * Get the poster user agent
 156   *
 157   * @since 2.0.0 bbPress (r3446)
 158   *
 159   * @return string
 160   */
 161  function bbp_current_author_ua() {
 162      $retval = ! empty( $_SERVER['HTTP_USER_AGENT'] )
 163          ? mb_substr( wp_unslash( $_SERVER['HTTP_USER_AGENT'] ), 0, 254 )
 164          : '';
 165  
 166      // Filter & return
 167      return apply_filters( 'bbp_current_author_ua', $retval );
 168  }
 169  
 170  /** Edit **********************************************************************/
 171  
 172  /**
 173   * Handles the front end user editing from POST requests
 174   *
 175   * @since 2.0.0 bbPress (r2790)
 176   *
 177   * @param string $action The requested action to compare this function to
 178   */
 179  function bbp_edit_user_handler( $action = '' ) {
 180  
 181      // Bail if action is not `bbp-update-user`
 182      if ( 'bbp-update-user' !== $action ) {
 183          return;
 184      }
 185  
 186      // Bail if in wp-admin
 187      if ( is_admin() ) {
 188          return;
 189      }
 190  
 191      // Get the displayed user ID
 192      $user_id = bbp_get_displayed_user_id();
 193  
 194      // Nonce check
 195      if ( ! bbp_verify_nonce_request( 'update-user_' . $user_id ) ) {
 196          bbp_add_error( 'bbp_update_user_nonce', __( '<strong>ERROR</strong>: Are you sure you wanted to do that?', 'bbpress' ) );
 197          return;
 198      }
 199  
 200      // Cap check
 201      if ( ! current_user_can( 'edit_user', $user_id ) ) {
 202          bbp_add_error( 'bbp_update_user_capability', __( '<strong>ERROR</strong>: Are you sure you wanted to do that?', 'bbpress' ) );
 203          return;
 204      }
 205  
 206      // Empty email check
 207      if ( empty( $_POST['email'] ) ) {
 208          bbp_add_error( 'bbp_user_email_empty', __( '<strong>ERROR</strong>: That is not a valid email address.', 'bbpress' ), array( 'form-field' => 'email' ) );
 209          return;
 210      }
 211  
 212      // Get the users current email address to use for comparisons
 213      $user_email = bbp_get_displayed_user_field( 'user_email', 'raw' );
 214  
 215      // Bail if no email change
 216      if ( $user_email !== $_POST['email'] ) {
 217  
 218          // Check that new email address is valid
 219          if ( ! is_email( $_POST['email'] ) ) {
 220              bbp_add_error( 'bbp_user_email_invalid', __( '<strong>ERROR</strong>: That is not a valid email address.', 'bbpress' ), array( 'form-field' => 'email' ) );
 221              return;
 222          }
 223  
 224          // Check if email address is already in use
 225          if ( email_exists( $_POST['email'] ) ) {
 226              bbp_add_error( 'bbp_user_email_taken', __( '<strong>ERROR</strong>: That email address is already in use.', 'bbpress' ), array( 'form-field' => 'email' ) );
 227              return;
 228          }
 229  
 230          // Update the option
 231          $key    = $user_id . '_new_email';
 232          $hash   = md5( $_POST['email'] . time() . mt_rand() );
 233          $option = array(
 234              'hash'     => $hash,
 235              'newemail' => $_POST['email']
 236          );
 237          update_option( $key, $option );
 238  
 239          // Attempt to notify the user of email address change
 240          bbp_edit_user_email_send_notification( $user_id, $option );
 241  
 242          // Set the POST email variable back to the user's email address
 243          // so `edit_user()` does not attempt to update it. This is not ideal,
 244          // but it's also what send_confirmation_on_profile_email() does.
 245          $_POST['email'] = $user_email;
 246      }
 247  
 248      // Do action based on who's profile you're editing
 249      $edit_action = bbp_is_user_home_edit()
 250          ? 'personal_options_update'
 251          : 'edit_user_profile_update';
 252  
 253      do_action( $edit_action, $user_id );
 254  
 255      // Prevent edit_user() from wiping out the user's Toolbar on front setting
 256      if ( ! isset( $_POST['admin_bar_front'] ) && _get_admin_bar_pref( 'front', $user_id ) ) {
 257          $_POST['admin_bar_front'] = 1;
 258      }
 259  
 260      // Bail if errors already exist
 261      if ( bbp_has_errors() ) {
 262          return;
 263      }
 264  
 265      // Handle user edit
 266      $edit_user = edit_user( $user_id );
 267  
 268      // Error(s) editng the user, so copy them into the global
 269      if ( is_wp_error( $edit_user ) ) {
 270          bbpress()->errors = $edit_user;
 271  
 272      // Successful edit to redirect
 273      } elseif ( is_integer( $edit_user ) ) {
 274  
 275          // Maybe update super admin ability
 276          if ( is_multisite() && ! bbp_is_user_home_edit() && current_user_can( 'manage_network_options' ) && is_super_admin() ) {
 277              empty( $_POST['super_admin'] )
 278                  ? revoke_super_admin( $edit_user )
 279                  : grant_super_admin( $edit_user );
 280          }
 281  
 282          // Redirect
 283          $args     = array( 'updated' => 'true' );
 284          $user_url = bbp_get_user_profile_edit_url( $edit_user );
 285          $redirect = add_query_arg( $args, $user_url );
 286  
 287          bbp_redirect( $redirect );
 288      }
 289  }
 290  
 291  /**
 292   * Handles user email address updating from GET requests
 293   *
 294   * @since 2.6.0 bbPress (r5660)
 295   *
 296   * @param string $action
 297   */
 298  function bbp_user_email_change_handler( $action = '' ) {
 299  
 300      // Bail if action is not `bbp-update-user-email`
 301      if ( 'bbp-update-user-email' !== $action ) {
 302          return;
 303      }
 304  
 305      // Bail if not on users own profile
 306      if ( ! bbp_is_user_home_edit() ) {
 307          return;
 308      }
 309  
 310      // Bail if not attempting to modify user email address
 311      if ( empty( $_GET['newuseremail'] ) && empty( $_GET['dismiss'] ) ) {
 312          return;
 313      }
 314  
 315      // Get the displayed user ID & option key
 316      $user_id     = bbp_get_displayed_user_id();
 317      $key         = $user_id . '_new_email';
 318      $redirect_to = bbp_get_user_profile_edit_url( $user_id );
 319  
 320      // Execute confirmed email change.
 321      if ( ! empty( $_GET['newuseremail'] ) ) {
 322  
 323          // Check for email address change option
 324          $new_email = get_option( $key );
 325  
 326          // Redirect if *no* email address change exists
 327          if ( false === $new_email ) {
 328              bbp_redirect( $redirect_to );
 329          }
 330  
 331          // Cleanup & redirect if *invalid* email address change exists
 332          if ( empty( $new_email['hash'] ) || empty( $new_email['newemail'] ) ) {
 333              delete_option( $key );
 334  
 335              bbp_redirect( $redirect_to );
 336          }
 337  
 338          // Compare hashes, and update user if hashes match
 339          if ( hash_equals( $new_email['hash'], $_GET['newuseremail'] ) ) {
 340  
 341              // Does another user have this email address already?
 342              if ( email_exists( $new_email['newemail'] ) ) {
 343                  delete_option( $key );
 344  
 345                  bbp_add_error( 'bbp_user_email_taken', __( '<strong>ERROR</strong>: That email address is already in use.', 'bbpress' ), array( 'form-field' => 'email' ) );
 346  
 347              // Email address is good to change to
 348              } else {
 349  
 350                  // Create a stdClass (for easy call to wp_update_user())
 351                  $user             = new stdClass();
 352                  $user->ID         = $user_id;
 353                  $user->user_email = esc_html( trim( $new_email['newemail'] ) );
 354  
 355                  // Attempt to update user email
 356                  $update_user = wp_update_user( $user );
 357  
 358                  // Error(s) editing the user, so copy them into the global
 359                  if ( is_wp_error( $update_user ) ) {
 360                      bbpress()->errors = $update_user;
 361  
 362                  // All done, so redirect and show the updated message
 363                  } else {
 364  
 365                      // Update signups table, if signups table & entry exists
 366                      // For Multisite & BuddyPress compatibility
 367                      $bbp_db = bbp_db();
 368                      if ( ! empty( $bbp_db->signups ) && $bbp_db->get_var( $bbp_db->prepare( "SELECT user_login FROM {$bbp_db->signups} WHERE user_login = %s", bbp_get_displayed_user_field( 'user_login', 'raw' ) ) ) ) {
 369                          $bbp_db->query( $bbp_db->prepare( "UPDATE {$bbp_db->signups} SET user_email = %s WHERE user_login = %s", $user->user_email, bbp_get_displayed_user_field( 'user_login', 'raw' ) ) );
 370                      }
 371  
 372                      delete_option( $key );
 373  
 374                      bbp_redirect( add_query_arg( array( 'updated' => 'true' ), $redirect_to ) );
 375                  }
 376              }
 377          }
 378  
 379      // Delete new email address from user options
 380      } elseif ( ! empty( $_GET['dismiss'] ) && ( $key === $_GET['dismiss'] ) ) {
 381          if ( ! bbp_verify_nonce_request( "dismiss-{$key}" ) ) {
 382              bbp_add_error( 'bbp_dismiss_new_email_nonce', __( '<strong>ERROR</strong>: Are you sure you wanted to do that?', 'bbpress' ) );
 383              return;
 384          }
 385  
 386          delete_option( $key );
 387          bbp_redirect( $redirect_to );
 388      }
 389  }
 390  
 391  /**
 392   * Sends an email when an email address change occurs on POST requests
 393   *
 394   * @since 2.6.0 bbPress (r5660)
 395   *
 396   * @see send_confirmation_on_profile_email()
 397   */
 398  function bbp_edit_user_email_send_notification( $user_id = 0, $args = array() ) {
 399  
 400      // Parse args
 401      $r = bbp_parse_args( $args, array(
 402          'hash'     => '',
 403          'newemail' => '',
 404      ) );
 405  
 406      // Bail if any relevant parameters are empty
 407      if ( empty( $user_id ) || empty( $r['hash'] ) || empty( $r['newemail'] ) ) {
 408          bbp_add_error( 'bbp_user_email_invalid_hash', __( '<strong>ERROR</strong>: An error occurred while updating your email address.', 'bbpress' ), array( 'form-field' => 'email' ) );
 409          return;
 410      }
 411  
 412      // Build the nonced URL to dismiss the pending change
 413      $user_login  = bbp_get_displayed_user_field( 'user_login', 'raw' );
 414      $user_url    = bbp_get_user_profile_edit_url( $user_id );
 415      $confirm_url = add_query_arg( array(
 416          'action'       => 'bbp-update-user-email',
 417          'newuseremail' => $r['hash']
 418      ), $user_url );
 419  
 420      $email_text = __( '%1$s
 421  
 422  Someone requested a change to the email address on your account.
 423  
 424  Please click the following link to confirm this change:
 425  %2$s
 426  
 427  If you did not request this, you can safely ignore and delete this notification.
 428  
 429  This email was sent to: %3$s
 430  
 431  Regards,
 432  The %4$s Team
 433  %5$s', 'bbpress' );
 434  
 435      /**
 436       * Filter the email text sent when a user changes emails.
 437       *
 438       * The following strings have a special meaning and will get replaced dynamically:
 439       *
 440       * %1$s - The current user's username
 441       * %2$s - The link to click on to confirm the email change
 442       * %3$s - The new email
 443       * %4$s - The name of the site
 444       * %5$s - The URL to the site
 445       *
 446       * @param string $email_text Text in the email.
 447       * @param string $r          New user email that the current user has changed to.
 448       */
 449      $content = apply_filters( 'bbp_user_email_update_content', $email_text, $r );
 450  
 451      // Build the email message
 452      $message = sprintf( $content, $user_login, $confirm_url, $r['newemail'], get_site_option( 'site_name' ), network_home_url() );
 453  
 454      // Build the email subject
 455      $subject = sprintf( __( '[%s] New Email Address', 'bbpress' ), wp_specialchars_decode( get_option( 'blogname' ) ) );
 456  
 457      // Send the email
 458      wp_mail( $r['newemail'], $subject, $message );
 459  }
 460  
 461  /**
 462   * Conditionally hook the core WordPress output actions to the end of the
 463   * default user's edit profile template
 464   *
 465   * This allows clever plugin authors to conditionally unhook the WordPress core
 466   * output actions if they don't want any unexpected junk to appear there, and
 467   * also avoids needing to pollute the templates with additional logic and actions.
 468   *
 469   * @since 2.2.0 bbPress (r4273)
 470   */
 471  function bbp_user_edit_after() {
 472      $action = bbp_is_user_home_edit() ? 'show_user_profile' : 'edit_user_profile';
 473  
 474      do_action( $action, get_userdata( bbp_get_displayed_user_id() ) );
 475  }
 476  
 477  /** User Queries **************************************************************/
 478  
 479  /**
 480   * Get the topics that a user created
 481   *
 482   * @since 2.0.0 bbPress (r2660)
 483   * @since 2.6.0 bbPress (r6618) Signature changed to accept an array of arguments
 484   *
 485   * @param array $args    Optional. Arguments to pass into bbp_has_topics()
 486   *
 487   * @return bool True if user has started topics, otherwise false
 488   */
 489  function bbp_get_user_topics_started( $args = array() ) {
 490  
 491      // Backwards compat for pre-2.6.0
 492      if ( is_numeric( $args ) ) {
 493          $args = array(
 494              'author' => bbp_get_user_id( $args, false, false )
 495          );
 496      }
 497  
 498      // Default arguments
 499      $defaults = array(
 500          'author' => bbp_get_displayed_user_id()
 501      );
 502  
 503      // Parse arguments
 504      $r = bbp_parse_args( $args, $defaults, 'get_user_topics_started' );
 505  
 506      // Get the topics
 507      $query   = bbp_has_topics( $r );
 508      $user_id = $r['author'];
 509  
 510      // Filter & return
 511      return apply_filters( 'bbp_get_user_topics_started', $query, $user_id, $r, $args );
 512  }
 513  
 514  /**
 515   * Get the replies that a user created
 516   *
 517   * @since 2.2.0 bbPress (r4225)
 518   * @since 2.6.0 bbPress (r6618) Signature changed to accept an array of arguments
 519   *
 520   * @param array $args Optional. Arguments to pass into bbp_has_replies()
 521   *
 522   * @return bool True if user has created replies, otherwise false
 523   */
 524  function bbp_get_user_replies_created( $args = array() ) {
 525  
 526      // Backwards compat for pre-2.6.0
 527      if ( is_numeric( $args ) ) {
 528          $args = array(
 529              'author' => bbp_get_user_id( $args, false, false ),
 530              'post_type' => bbp_get_reply_post_type(),
 531              'order'     => 'DESC'
 532          );
 533      }
 534  
 535      // Default arguments
 536      $defaults = array(
 537          'author'    => bbp_get_displayed_user_id(),
 538          'post_type' => bbp_get_reply_post_type(),
 539          'order'     => 'DESC'
 540      );
 541  
 542      // Parse arguments
 543      $r = bbp_parse_args( $args, $defaults, 'get_user_replies_created' );
 544  
 545      // Get the replies
 546      $query   = bbp_has_replies( $r );
 547      $user_id = $r['author'];
 548  
 549      // Filter & return
 550      return apply_filters( 'bbp_get_user_replies_created', $query, $user_id, $r, $args );
 551  }
 552  
 553  /**
 554   * Get user IDs from nicenames
 555   *
 556   * This function is primarily used when saving object moderators
 557   *
 558   * @since 2.6.0 bbPress
 559   *
 560   * @param mixed $user_nicenames
 561   * @return array
 562   */
 563  function bbp_get_user_ids_from_nicenames( $user_nicenames = array() ) {
 564  
 565      // Default value
 566      $retval = array();
 567  
 568      // Only query if nicenames
 569      if ( ! empty( $user_nicenames ) ) {
 570  
 571          // Maybe explode by comma
 572          $user_nicenames = ( is_string( $user_nicenames ) && strstr( $user_nicenames, ',' ) )
 573              ? explode( ',', $user_nicenames )
 574              : (array) $user_nicenames;
 575  
 576          // Sanitize each nicename in the array
 577          $user_nicenames = array_map( 'sanitize_title', $user_nicenames );
 578  
 579          // Get users
 580          $users = get_users( array(
 581              'nicename__in' => $user_nicenames
 582          ) );
 583  
 584          // Pluck or empty
 585          if ( ! empty( $users ) ) {
 586              $retval = wp_list_pluck( $users, 'ID' );
 587          }
 588      }
 589  
 590      // Filter & return
 591      return (array) apply_filters( 'bbp_get_user_ids_from_nicenames', $retval, $user_nicenames );
 592  }
 593  
 594  /**
 595   * Get user nicenames from IDs
 596   *
 597   * This function is primarily used when saving object moderators
 598   *
 599   * @since 2.6.0 bbPress
 600   *
 601   * @param mixed $user_ids
 602   * @return array
 603   */
 604  function bbp_get_user_nicenames_from_ids( $user_ids = array() ) {
 605  
 606      // Default value
 607      $retval = array();
 608  
 609      // Only query if nicenames
 610      if ( ! empty( $user_ids ) ) {
 611  
 612          // Get users
 613          $users = get_users( array(
 614              'include' => $user_ids
 615          ) );
 616  
 617          // Pluck or empty
 618          if ( ! empty( $users ) ) {
 619              $retval = wp_list_pluck( $users, 'user_nicename' );
 620          }
 621      }
 622  
 623      // Filter & return
 624      return (array) apply_filters( 'bbp_get_user_nicenames_from_ids', $retval, $user_ids );
 625  }
 626  
 627  /** Post Counts ***************************************************************/
 628  
 629  /**
 630   * Return the raw database count of topics by a user
 631   *
 632   * @since 2.1.0 bbPress (r3633)
 633   *
 634   * @param int $user_id User ID to get count for
 635   *
 636   * @return int Raw DB count of topics
 637   */
 638  function bbp_get_user_topic_count_raw( $user_id = 0 ) {
 639      $user_id = bbp_get_user_id( $user_id );
 640      $bbp_db  = bbp_db();
 641      $statii  = "'" . implode( "', '", bbp_get_public_topic_statuses() ) . "'";
 642      $sql     = "SELECT COUNT(*)
 643              FROM {$bbp_db->posts}
 644              WHERE post_author = %d
 645                  AND post_type = %s
 646                  AND post_status IN ({$statii})";
 647  
 648      $query   = $bbp_db->prepare( $sql, $user_id, bbp_get_topic_post_type() );
 649      $count   = (int) $bbp_db->get_var( $query );
 650  
 651      // Filter & return
 652      return (int) apply_filters( 'bbp_get_user_topic_count_raw', $count, $user_id );
 653  }
 654  
 655  /**
 656   * Return the raw database count of replies by a user
 657   *
 658   * @since 2.1.0 bbPress (r3633)
 659   *
 660   * @param int $user_id User ID to get count for
 661   *
 662   * @return int Raw DB count of replies
 663   */
 664  function bbp_get_user_reply_count_raw( $user_id = 0 ) {
 665      $user_id = bbp_get_user_id( $user_id );
 666      $bbp_db  = bbp_db();
 667      $statii  = "'" . implode( "', '", bbp_get_public_reply_statuses() ) . "'";
 668      $sql     = "SELECT COUNT(*)
 669              FROM {$bbp_db->posts}
 670              WHERE post_author = %d
 671                  AND post_type = %s
 672                  AND post_status IN ({$statii})";
 673  
 674      $query   = $bbp_db->prepare( $sql, $user_id, bbp_get_reply_post_type() );
 675      $count   = (int) $bbp_db->get_var( $query );
 676  
 677      // Filter & return
 678      return (int) apply_filters( 'bbp_get_user_reply_count_raw', $count, $user_id );
 679  }
 680  
 681  /**
 682   * Bump the topic count for a user by a certain amount.
 683   *
 684   * @since 2.6.0 bbPress (r5309)
 685   *
 686   * @param int $user_id
 687   * @param int $difference
 688   */
 689  function bbp_bump_user_topic_count( $user_id = 0, $difference = 1 ) {
 690  
 691      // Bail if no bump
 692      if ( empty( $difference ) ) {
 693          return false;
 694      }
 695  
 696      // Validate user ID
 697      $user_id = bbp_get_user_id( $user_id );
 698      if ( empty( $user_id ) ) {
 699          return false;
 700      }
 701  
 702      // Check meta for count, or query directly if not found
 703      $count = bbp_get_user_topic_count( $user_id, true );
 704      if ( empty( $count ) ) {
 705          $count = bbp_get_user_topic_count_raw( $user_id );
 706      }
 707  
 708      $difference       = (int) $difference;
 709      $user_topic_count = (int) ( $count + $difference );
 710  
 711      // Add them up and filter them
 712      $new_count = (int) apply_filters( 'bbp_bump_user_topic_count', $user_topic_count, $user_id, $difference, $count );
 713  
 714      return bbp_update_user_topic_count( $user_id, $new_count );
 715  }
 716  
 717  /**
 718   * Bump the reply count for a user by a certain amount.
 719   *
 720   * @since 2.6.0 bbPress (r5309)
 721   *
 722   * @param int $user_id
 723   * @param int $difference
 724   */
 725  function bbp_bump_user_reply_count( $user_id = 0, $difference = 1 ) {
 726  
 727      // Bail if no bump
 728      if ( empty( $difference ) ) {
 729          return false;
 730      }
 731  
 732      // Validate user ID
 733      $user_id = bbp_get_user_id( $user_id );
 734      if ( empty( $user_id ) ) {
 735          return false;
 736      }
 737  
 738      // Check meta for count, or query directly if not found
 739      $count = bbp_get_user_reply_count( $user_id, true );
 740      if ( empty( $count ) ) {
 741          $count = bbp_get_user_reply_count_raw( $user_id );
 742      }
 743  
 744      $difference       = (int) $difference;
 745      $user_reply_count = (int) ( $count + $difference );
 746  
 747      // Add them up and filter them
 748      $new_count = (int) apply_filters( 'bbp_bump_user_reply_count', $user_reply_count, $user_id, $difference, $count );
 749  
 750      return bbp_update_user_reply_count( $user_id, $new_count );
 751  }
 752  
 753  /**
 754   * Helper function used to increase (by one) the count of topics for a user when
 755   * a topic is published.
 756   *
 757   * @since 2.6.0 bbPress (r5309)
 758   *
 759   * @access
 760   * @param $topic_id
 761   * @param $forum_id
 762   * @param $anonymous_data
 763   * @param $topic_author
 764   */
 765  function bbp_increase_user_topic_count( $topic_id = 0 ) {
 766      $user_id = bbp_get_topic_author_id( $topic_id );
 767      return bbp_bump_user_topic_count( $user_id, 1 );
 768  }
 769  
 770  /**
 771   * Helper function used to increase (by one) the count of replies for a user when
 772   * a reply is published.
 773   *
 774   * This is a helper function, hooked to `bbp_new_reply`
 775   *
 776   * @since 2.6.0 bbPress (r5309)
 777   *
 778   * @param $topic_id
 779   * @param $forum_id
 780   * @param $anonymous_data
 781   * @param $topic_author
 782   */
 783  function bbp_increase_user_reply_count( $reply_id = 0 ) {
 784      $user_id = bbp_get_reply_author_id( $reply_id );
 785      return bbp_bump_user_reply_count( $user_id, 1 );
 786  }
 787  
 788  /**
 789   * Helper function used to decrease (by one) the count of topics for a user when
 790   * a topic is unpublished.
 791   *
 792   * @since 2.6.0 bbPress (r5309)
 793   *
 794   * @param $topic_id
 795   */
 796  function bbp_decrease_user_topic_count( $topic_id = 0 ) {
 797      $user_id = bbp_get_topic_author_id( $topic_id );
 798      return bbp_bump_user_topic_count( $user_id, -1 );
 799  }
 800  
 801  /**
 802   * Helper function used to increase (by one) the count of replies for a user when
 803   * a topic is unpublished.
 804   *
 805   * @since 2.6.0 bbPress (r5309)
 806   *
 807   * @param $reply_id
 808   */
 809  function bbp_decrease_user_reply_count( $reply_id = 0 ) {
 810      $user_id = bbp_get_reply_author_id( $reply_id );
 811      return bbp_bump_user_reply_count( $user_id, -1 );
 812  }
 813  
 814  /** Permissions ***************************************************************/
 815  
 816  /**
 817   * Redirect if unauthorized user is attempting to edit another user
 818   *
 819   * This is hooked to 'bbp_template_redirect' and controls the conditions under
 820   * which a user can edit another user (or themselves.) If these conditions are
 821   * met, we assume a user cannot perform this task, and look for ways they can
 822   * earn the ability to access this template.
 823   *
 824   * @since 2.1.0 bbPress (r3605)
 825   */
 826  function bbp_check_user_edit() {
 827  
 828      // Bail if not editing a user
 829      if ( ! bbp_is_single_user_edit() ) {
 830          return;
 831      }
 832  
 833      // Default to false
 834      $redirect = true;
 835      $user_id  = bbp_get_displayed_user_id();
 836  
 837      // Allow user to edit their own profile
 838      if ( bbp_is_user_home_edit() ) {
 839          $redirect = false;
 840  
 841      // Allow if current user can edit the displayed user
 842      } elseif ( current_user_can( 'edit_user', $user_id ) ) {
 843          $redirect = false;
 844  
 845      // Allow if user can manage network users, or edit-any is enabled
 846      } elseif ( current_user_can( 'manage_network_users' ) || apply_filters( 'enable_edit_any_user_configuration', false ) ) {
 847          $redirect = false;
 848      }
 849  
 850      // Allow conclusion to be overridden
 851      $redirect = (bool) apply_filters( 'bbp_check_user_edit', $redirect, $user_id );
 852  
 853      // Bail if not redirecting
 854      if ( false === $redirect ) {
 855          return;
 856      }
 857  
 858      // Filter redirect URL
 859      $profile_url = bbp_get_user_profile_url( $user_id );
 860      $redirect_to = apply_filters( 'bbp_check_user_edit_redirect_to', $profile_url, $user_id );
 861  
 862      // Redirect
 863      bbp_redirect( $redirect_to );
 864  }
 865  
 866  /**
 867   * Check if a user is blocked, or cannot spectate the forums.
 868   *
 869   * @since 2.0.0 bbPress (r2996)
 870   */
 871  function bbp_forum_enforce_blocked() {
 872  
 873      // Bail if not logged in or keymaster
 874      if ( ! is_user_logged_in() || bbp_is_user_keymaster() ) {
 875          return;
 876      }
 877  
 878      // Set 404 if in bbPress and user cannot spectate
 879      if ( is_bbpress() && ! current_user_can( 'spectate' ) ) {
 880          bbp_set_404();
 881      }
 882  }
 883  
 884  /** Sanitization **************************************************************/
 885  
 886  /**
 887   * Sanitize displayed user data, when viewing and editing any user.
 888   *
 889   * This somewhat monolithic function handles the escaping and sanitization of
 890   * user data for a bbPress profile. There are two reasons this all happens here:
 891   *
 892   * 1. bbPress took a similar approach to WordPress, and funnels all user profile
 893   *    data through a central helper. This eventually calls sanitize_user_field()
 894   *    which applies a few context based filters, which some third party plugins
 895   *    might be relying on bbPress to play nicely with.
 896   *
 897   * 2. Early versions of bbPress 2.x templates did not escape this data meaning
 898   *    a backwards compatible approach like this one was necessary to protect
 899   *    existing installations that may have custom template parts.
 900   *
 901   * @since 2.6.0 bbPress (r5368)
 902   *
 903   * @param string $value
 904   * @param string $field
 905   * @param string $context
 906   * @return string
 907   */
 908  function bbp_sanitize_displayed_user_field( $value = '', $field = '', $context = 'display' ) {
 909  
 910      // Bail if not editing or displaying (maybe we'll do more here later)
 911      if ( ! in_array( $context, array( 'edit', 'display' ), true ) ) {
 912          return $value;
 913      }
 914  
 915      // By default, no filter set (consider making this an array later)
 916      $filter = false;
 917  
 918      // Big switch statement to decide which user field we're sanitizing and how
 919      switch ( $field ) {
 920  
 921          // Description is a paragraph
 922          case 'description' :
 923              $filter = ( 'edit' === $context ) ? '' : 'wp_kses_data';
 924              break;
 925  
 926          // Email addresses are sanitized with a specific function
 927          case 'user_email'  :
 928              $filter = 'sanitize_email';
 929              break;
 930  
 931          // Name & login fields
 932          case 'user_login'   :
 933          case 'display_name' :
 934          case 'first_name'   :
 935          case 'last_name'    :
 936          case 'nick_name'    :
 937              $filter = ( 'edit' === $context ) ? 'esc_attr' : 'esc_html';
 938              break;
 939  
 940          // wp-includes/default-filters.php escapes this for us via esc_url()
 941          case 'user_url' :
 942              break;
 943      }
 944  
 945      // Run any applicable filters on the value
 946      if ( ! empty( $filter ) ) {
 947          $value = call_user_func( $filter, $value );
 948      }
 949  
 950      return $value;
 951  }
 952  
 953  /** Converter *****************************************************************/
 954  
 955  /**
 956   * Convert passwords from previous platform encryption to WordPress encryption.
 957   *
 958   * @since 2.1.0 bbPress (r3813)
 959   */
 960  function bbp_user_maybe_convert_pass() {
 961  
 962      // Sanitize username
 963      $username = ! empty( $_POST['log'] )
 964          ? sanitize_user( $_POST['log'] )
 965          : '';
 966  
 967      // Bail if no username
 968      if ( empty( $username ) ) {
 969          return;
 970      }
 971  
 972      // Bail if no user password to convert
 973      $bbp_db = bbp_db();
 974      $query  = $bbp_db->prepare( "SELECT * FROM {$bbp_db->users} INNER JOIN {$bbp_db->usermeta} ON user_id = ID WHERE meta_key = %s AND user_login = %s LIMIT 1", '_bbp_class', $username );
 975      $row    = $bbp_db->get_row( $query );
 976      if ( empty( $row ) || is_wp_error( $row ) ) {
 977          return;
 978      }
 979  
 980      // Setup the converter
 981      bbp_setup_converter();
 982  
 983      // Try to convert the old password for this user
 984      $converter = bbp_new_converter( $row->meta_value );
 985  
 986      // Try to call the conversion method
 987      if ( ( $converter instanceof BBP_Converter_Base ) && method_exists( $converter, 'callback_pass' ) ) {
 988          $converter->callback_pass( $username, $_POST['pwd'] );
 989      }
 990  }


Generated: Thu Sep 19 01:01:28 2019 Cross-referenced by PHPXref 0.7.1