| [ Index ] |
WordPress Source Cross Reference |
[Summary view] [Print] [Text view]
1 <?php 2 require_once ('admin.php'); 3 require_once( ABSPATH . WPINC . '/registration.php'); 4 5 $title = __('Users'); 6 if ( current_user_can('edit_users') ) 7 $parent_file = 'users.php'; 8 else 9 $parent_file = 'profile.php'; 10 11 $action = $_REQUEST['action']; 12 $update = ''; 13 14 if ( empty($_POST) ) { 15 $referer = '<input type="hidden" name="wp_http_referer" value="'. wp_specialchars(stripslashes($_SERVER['REQUEST_URI'])) . '" />'; 16 } elseif ( isset($_POST['wp_http_referer']) ) { 17 $redirect = remove_query_arg(array('wp_http_referer', 'updated', 'delete_count'), urlencode(stripslashes($_POST['wp_http_referer']))); 18 $referer = '<input type="hidden" name="wp_http_referer" value="' . wp_specialchars($redirect) . '" />'; 19 } else { 20 $redirect = 'users.php'; 21 } 22 23 24 // WP_User_Search class 25 // by Mark Jaquith 26 27 28 class WP_User_Search { 29 var $results; 30 var $search_term; 31 var $page; 32 var $raw_page; 33 var $users_per_page = 50; 34 var $first_user; 35 var $last_user; 36 var $query_limit; 37 var $query_from_where; 38 var $total_users_for_query = 0; 39 var $too_many_total_users = false; 40 var $search_errors; 41 42 function WP_User_Search ($search_term = '', $page = '') { // constructor 43 $this->search_term = $search_term; 44 $this->raw_page = ( '' == $page ) ? false : (int) $page; 45 $this->page = (int) ( '' == $page ) ? 1 : $page; 46 47 $this->prepare_query(); 48 $this->query(); 49 $this->prepare_vars_for_template_usage(); 50 $this->do_paging(); 51 } 52 53 function prepare_query() { 54 global $wpdb; 55 $this->first_user = ($this->page - 1) * $this->users_per_page; 56 $this->query_limit = 'LIMIT ' . $this->first_user . ',' . $this->users_per_page; 57 if ( $this->search_term ) { 58 $searches = array(); 59 $search_sql = 'AND ('; 60 foreach ( array('user_login', 'user_nicename', 'user_email', 'user_url', 'display_name') as $col ) 61 $searches[] = $col . " LIKE '%$this->search_term%'"; 62 $search_sql .= implode(' OR ', $searches); 63 $search_sql .= ')'; 64 } 65 $this->query_from_where = "FROM $wpdb->users WHERE 1=1 $search_sql"; 66 67 if ( !$_GET['update'] && !$this->search_term && !$this->raw_page && $wpdb->get_var("SELECT COUNT(ID) FROM $wpdb->users") > $this->users_per_page ) 68 $this->too_many_total_users = sprintf(__('Because this blog has more than %s users, they cannot all be shown on one page. Use the paging or search functionality in order to find the user you want to edit.'), $this->users_per_page); 69 } 70 71 function query() { 72 global $wpdb; 73 $this->results = $wpdb->get_col('SELECT ID ' . $this->query_from_where . $this->query_limit); 74 75 if ( $this->results ) 76 $this->total_users_for_query = $wpdb->get_var('SELECT COUNT(ID) ' . $this->query_from_where); // no limit 77 else 78 $this->search_errors = new WP_Error('no_matching_users_found', __('No matching users were found!')); 79 } 80 81 function prepare_vars_for_template_usage() { 82 $this->search_term = stripslashes($this->search_term); // done with DB, from now on we want slashes gone 83 } 84 85 function do_paging() { 86 if ( $this->total_users_for_query > $this->users_per_page ) { // have to page the results 87 $prev_page = ( $this->page > 1) ? true : false; 88 $next_page = ( ($this->page * $this->users_per_page) < $this->total_users_for_query ) ? true : false; 89 $this->paging_text = ''; 90 if ( $prev_page ) 91 $this->paging_text .= '<p class="alignleft"><a href="' . add_query_arg(array('usersearch' => $this->search_term, 'userspage' => $this->page - 1), 'users.php?') . '">« Previous Page</a></p>'; 92 if ( $next_page ) 93 $this->paging_text .= '<p class="alignright"><a href="' . add_query_arg(array('usersearch' => $this->search_term, 'userspage' => $this->page + 1), 'users.php?') . '">Next Page »</a></p>'; 94 if ( $prev_page || $next_page ) 95 $this->paging_text .= '<br style="clear:both" />'; 96 } 97 } 98 99 function get_results() { 100 return $this->results; 101 } 102 103 function page_links() { 104 echo $this->paging_text; 105 } 106 107 function results_are_paged() { 108 if ( $this->paging_text ) 109 return true; 110 return false; 111 } 112 113 function is_search() { 114 if ( $this->search_term ) 115 return true; 116 return false; 117 } 118 } 119 120 121 switch ($action) { 122 123 case 'promote': 124 check_admin_referer('bulk-users'); 125 126 if (empty($_POST['users'])) { 127 wp_redirect($redirect); 128 } 129 130 if ( !current_user_can('edit_users') ) 131 wp_die(__('You can’t edit users.')); 132 133 $userids = $_POST['users']; 134 $update = 'promote'; 135 foreach($userids as $id) { 136 if ( ! current_user_can('edit_user', $id) ) 137 wp_die(__('You can’t edit that user.')); 138 // The new role of the current user must also have edit_users caps 139 if($id == $current_user->id && !$wp_roles->role_objects[$_POST['new_role']]->has_cap('edit_users')) { 140 $update = 'err_admin_role'; 141 continue; 142 } 143 144 $user = new WP_User($id); 145 $user->set_role($_POST['new_role']); 146 } 147 148 wp_redirect(add_query_arg('update', $update, $redirect)); 149 150 break; 151 152 case 'dodelete': 153 154 check_admin_referer('delete-users'); 155 156 if ( empty($_POST['users']) ) { 157 wp_redirect($redirect); 158 } 159 160 if ( !current_user_can('delete_users') ) 161 wp_die(__('You can’t delete users.')); 162 163 $userids = $_POST['users']; 164 $update = 'del'; 165 $delete_count = 0; 166 167 foreach ( (array) $userids as $id) { 168 if ( ! current_user_can('delete_user', $id) ) 169 wp_die(__('You can’t delete that user.')); 170 171 if($id == $current_user->id) { 172 $update = 'err_admin_del'; 173 continue; 174 } 175 switch($_POST['delete_option']) { 176 case 'delete': 177 wp_delete_user($id); 178 break; 179 case 'reassign': 180 wp_delete_user($id, $_POST['reassign_user']); 181 break; 182 } 183 ++$delete_count; 184 } 185 186 $redirect = add_query_arg('delete_count', $delete_count, $redirect); 187 188 wp_redirect(add_query_arg('update', $update, $redirect)); 189 190 break; 191 192 case 'delete': 193 194 check_admin_referer('bulk-users'); 195 196 if ( empty($_POST['users']) ) 197 wp_redirect($redirect); 198 199 if ( !current_user_can('delete_users') ) 200 $errors = new WP_Error('edit_users', __('You can’t delete users.')); 201 202 $userids = $_POST['users']; 203 204 include ('admin-header.php'); 205 ?> 206 <form action="" method="post" name="updateusers" id="updateusers"> 207 <?php wp_nonce_field('delete-users') ?> 208 <?php echo $referer; ?> 209 <div class="wrap"> 210 <h2><?php _e('Delete Users'); ?></h2> 211 <p><?php _e('You have specified these users for deletion:'); ?></p> 212 <ul> 213 <?php 214 $go_delete = false; 215 foreach ( (array) $userids as $id ) { 216 $user = new WP_User($id); 217 if ( $id == $current_user->id ) { 218 echo "<li>" . sprintf(__('ID #%1s: %2s <strong>The current user will not be deleted.</strong>'), $id, $user->user_login) . "</li>\n"; 219 } else { 220 echo "<li><input type=\"hidden\" name=\"users[]\" value=\"{$id}\" />" . sprintf(__('ID #%1s: %2s'), $id, $user->user_login) . "</li>\n"; 221 $go_delete = true; 222 } 223 } 224 $all_logins = $wpdb->get_results("SELECT ID, user_login FROM $wpdb->users ORDER BY user_login"); 225 $user_dropdown = '<select name="reassign_user">'; 226 foreach ( (array) $all_logins as $login ) 227 if ( $login->ID == $current_user->id || !in_array($login->ID, $userids) ) 228 $user_dropdown .= "<option value=\"{$login->ID}\">{$login->user_login}</option>"; 229 $user_dropdown .= '</select>'; 230 ?> 231 </ul> 232 <?php if ( $go_delete ) : ?> 233 <p><?php _e('What should be done with posts and links owned by this user?'); ?></p> 234 <ul style="list-style:none;"> 235 <li><label><input type="radio" id="delete_option0" name="delete_option" value="delete" checked="checked" /> 236 <?php _e('Delete all posts and links.'); ?></label></li> 237 <li><input type="radio" id="delete_option1" name="delete_option" value="reassign" /> 238 <?php echo '<label for="delete_option1">'.__('Attribute all posts and links to:')."</label> $user_dropdown"; ?></li> 239 </ul> 240 <input type="hidden" name="action" value="dodelete" /> 241 <p class="submit"><input type="submit" name="submit" value="<?php _e('Confirm Deletion'); ?>" /></p> 242 <?php else : ?> 243 <p><?php _e('There are no valid users selected for deletion.'); ?></p> 244 <?php endif; ?> 245 </div> 246 </form> 247 <?php 248 249 break; 250 251 case 'adduser': 252 check_admin_referer('add-user'); 253 254 if ( ! current_user_can('create_users') ) 255 wp_die(__('You can’t create users.')); 256 257 $user_id = add_user(); 258 $update = 'add'; 259 if ( is_wp_error( $user_id ) ) 260 $add_user_errors = $user_id; 261 else { 262 $new_user_login = apply_filters('pre_user_login', sanitize_user(stripslashes($_POST['user_login']), true)); 263 $redirect = add_query_arg('usersearch', $new_user_login, $redirect); 264 wp_redirect(add_query_arg('update', $update, $redirect) . '#user-' . $user_id); 265 die(); 266 } 267 268 default: 269 wp_enqueue_script('admin-users'); 270 271 include ('admin-header.php'); 272 273 // Query the users 274 $wp_user_search = new WP_User_Search($_GET['usersearch'], $_GET['userspage']); 275 276 // Make the user objects 277 foreach ( $wp_user_search->get_results() as $userid ) { 278 $tmp_user = new WP_User($userid); 279 $roles = $tmp_user->roles; 280 $role = array_shift($roles); 281 $roleclasses[$role][$tmp_user->user_login] = $tmp_user; 282 } 283 284 if ( isset($_GET['update']) ) : 285 switch($_GET['update']) { 286 case 'del': 287 case 'del_many': 288 ?> 289 <?php $delete_count = (int) $_GET['delete_count']; ?> 290 <div id="message" class="updated fade"><p><?php printf(__('%1$s %2$s deleted.'), $delete_count, __ngettext('user', 'users', $delete_count) ); ?></p></div> 291 <?php 292 break; 293 case 'add': 294 ?> 295 <div id="message" class="updated fade"><p><?php _e('New user created.'); ?></p></div> 296 <?php 297 break; 298 case 'promote': 299 ?> 300 <div id="message" class="updated fade"><p><?php _e('Changed roles.'); ?></p></div> 301 <?php 302 break; 303 case 'err_admin_role': 304 ?> 305 <div id="message" class="error"><p><?php _e("The current user's role must have user editing capabilities."); ?></p></div> 306 <div id="message" class="updated fade"><p><?php _e('Other user roles have been changed.'); ?></p></div> 307 <?php 308 break; 309 case 'err_admin_del': 310 ?> 311 <div id="message" class="error"><p><?php _e("You can't delete the current user."); ?></p></div> 312 <div id="message" class="updated fade"><p><?php _e('Other users have been deleted.'); ?></p></div> 313 <?php 314 break; 315 } 316 endif; ?> 317 318 <?php if ( is_wp_error( $errors ) ) : ?> 319 <div class="error"> 320 <ul> 321 <?php 322 foreach ( $errors->get_error_messages() as $message ) 323 echo "<li>$message</li>"; 324 ?> 325 </ul> 326 </div> 327 <?php endif; ?> 328 329 <?php if ( $wp_user_search->too_many_total_users ) : ?> 330 <div id="message" class="updated"> 331 <p><?php echo $wp_user_search->too_many_total_users; ?></p> 332 </div> 333 <?php endif; ?> 334 335 <div class="wrap"> 336 337 <?php if ( $wp_user_search->is_search() ) : ?> 338 <h2><?php printf(__('Users Matching "%s" by Role'), $wp_user_search->search_term); ?></h2> 339 <?php else : ?> 340 <h2><?php _e('User List by Role'); ?></h2> 341 <?php endif; ?> 342 343 <form action="" method="get" name="search" id="search"> 344 <p><input type="text" name="usersearch" id="usersearch" value="<?php echo wp_specialchars($wp_user_search->search_term); ?>" /> <input type="submit" value="<?php _e('Search for users »'); ?>" /></p> 345 </form> 346 347 <?php if ( is_wp_error( $wp_user_search->search_errors ) ) : ?> 348 <div class="error"> 349 <ul> 350 <?php 351 foreach ( $wp_user_search->search_errors->get_error_messages() as $message ) 352 echo "<li>$message</li>"; 353 ?> 354 </ul> 355 </div> 356 <?php endif; ?> 357 358 359 <?php if ( $wp_user_search->get_results() ) : ?> 360 361 <?php if ( $wp_user_search->is_search() ) : ?> 362 <p><a href="users.php"><?php _e('« Back to All Users'); ?></a></p> 363 <?php endif; ?> 364 365 <h3><?php printf(__('%1$s – %2$s of %3$s shown below'), $wp_user_search->first_user + 1, min($wp_user_search->first_user + $wp_user_search->users_per_page, $wp_user_search->total_users_for_query), $wp_user_search->total_users_for_query); ?></h3> 366 367 <?php if ( $wp_user_search->results_are_paged() ) : ?> 368 <div class="user-paging-text"><?php $wp_user_search->page_links(); ?></p></div> 369 <?php endif; ?> 370 371 <form action="" method="post" name="updateusers" id="updateusers"> 372 <?php wp_nonce_field('bulk-users') ?> 373 <table class="widefat"> 374 <?php 375 foreach($roleclasses as $role => $roleclass) { 376 ksort($roleclass); 377 ?> 378 379 <tr> 380 <?php if ( !empty($role) ) : ?> 381 <th colspan="7" align="left"><h3><?php echo $wp_roles->role_names[$role]; ?></h3></th> 382 <?php else : ?> 383 <th colspan="7" align="left"><h3><em><?php _e('No role for this blog'); ?></h3></th> 384 <?php endif; ?> 385 </tr> 386 <tr class="thead"> 387 <th style="text-align: left"><?php _e('ID') ?></th> 388 <th style="text-align: left"><?php _e('Username') ?></th> 389 <th style="text-align: left"><?php _e('Name') ?></th> 390 <th style="text-align: left"><?php _e('E-mail') ?></th> 391 <th style="text-align: left"><?php _e('Website') ?></th> 392 <th colspan="2"><?php _e('Actions') ?></th> 393 </tr> 394 </thead> 395 <tbody id="role-<?php echo $role; ?>"><?php 396 $style = ''; 397 foreach ( (array) $roleclass as $user_object ) { 398 $style = ( ' class="alternate"' == $style ) ? '' : ' class="alternate"'; 399 echo "\n\t" . user_row($user_object, $style); 400 } 401 ?> 402 403 </tbody> 404 <?php } ?> 405 </table> 406 407 <?php if ( $wp_user_search->results_are_paged() ) : ?> 408 <div class="user-paging-text"><?php $wp_user_search->page_links(); ?></div> 409 <?php endif; ?> 410 411 <h2><?php _e('Update Users'); ?></h2> 412 <ul style="list-style:none;"> 413 <li><input type="radio" name="action" id="action0" value="delete" /> <label for="action0"><?php _e('Delete checked users.'); ?></label></li> 414 <li> 415 <input type="radio" name="action" id="action1" value="promote" /> <label for="action1"><?php _e('Set the Role of checked users to:'); ?></label> 416 <select name="new_role" onchange="getElementById('action1').checked = 'true'"><?php wp_dropdown_roles(); ?></select> 417 </li> 418 </ul> 419 <p class="submit" style="width: 420px"> 420 <?php echo $referer; ?> 421 <input type="submit" value="<?php _e('Bulk Update »'); ?>" /> 422 </p> 423 </form> 424 <?php endif; ?> 425 </div> 426 427 <?php 428 if ( is_wp_error($add_user_errors) ) { 429 foreach ( array('user_login' => 'user_login', 'first_name' => 'user_firstname', 'last_name' => 'user_lastname', 'email' => 'user_email', 'url' => 'user_uri', 'role' => 'user_role') as $formpost => $var ) { 430 $var = 'new_' . $var; 431 $$var = wp_specialchars(stripslashes($_POST[$formpost])); 432 } 433 unset($name); 434 } 435 ?> 436 437 <div class="wrap"> 438 <h2 id="add-new-user"><?php _e('Add New User') ?></h2> 439 <?php echo '<p>'.sprintf(__('Users can <a href="%1$s">register themselves</a> or you can manually create users here.'), get_settings('siteurl').'/wp-register.php').'</p>'; ?> 440 <form action="#add-new-user" method="post" name="adduser" id="adduser"> 441 <?php wp_nonce_field('add-user') ?> 442 <table class="editform" width="100%" cellspacing="2" cellpadding="5"> 443 <tr> 444 <th scope="row" width="33%"><?php _e('Nickname') ?><input name="action" type="hidden" id="action" value="adduser" /></th> 445 <td width="66%"><input name="user_login" type="text" id="user_login" value="<?php echo $new_user_login; ?>" /></td> 446 </tr> 447 <tr> 448 <th scope="row"><?php _e('First Name') ?> </th> 449 <td><input name="first_name" type="text" id="first_name" value="<?php echo $new_user_firstname; ?>" /></td> 450 </tr> 451 <tr> 452 <th scope="row"><?php _e('Last Name') ?> </th> 453 <td><input name="last_name" type="text" id="last_name" value="<?php echo $new_user_lastname; ?>" /></td> 454 </tr> 455 <tr> 456 <th scope="row"><?php _e('E-mail') ?></th> 457 <td><input name="email" type="text" id="email" value="<?php echo $new_user_email; ?>" /></td> 458 </tr> 459 <tr> 460 <th scope="row"><?php _e('Website') ?></th> 461 <td><input name="url" type="text" id="url" value="<?php echo $new_user_uri; ?>" /></td> 462 </tr> 463 464 <?php if ( apply_filters('show_password_fields', true) ) : ?> 465 <tr> 466 <th scope="row"><?php _e('Password (twice)') ?> </th> 467 <td><input name="pass1" type="password" id="pass1" /> 468 <br /> 469 <input name="pass2" type="password" id="pass2" /></td> 470 </tr> 471 <?php endif; ?> 472 473 <tr> 474 <th scope="row"><?php _e('Role'); ?></th> 475 <td><select name="role" id="role"> 476 <?php 477 if ( !$new_user_role ) 478 $new_user_role = get_settings('default_role'); 479 wp_dropdown_roles($new_user_role); 480 ?> 481 </select> 482 </td> 483 </tr> 484 </table> 485 <p class="submit"> 486 <?php echo $referer; ?> 487 <input name="adduser" type="submit" id="addusersub" value="<?php _e('Add User »') ?>" /> 488 </p> 489 </form> 490 491 <?php if ( is_wp_error( $add_user_errors ) ) : ?> 492 <div class="error"> 493 <ul> 494 <?php 495 foreach ( $add_user_errors->get_error_messages() as $message ) 496 echo "$message<br />"; 497 ?> 498 </ul> 499 </div> 500 <?php endif; ?> 501 <div id="ajax-response"></div> 502 </div> 503 504 <?php 505 break; 506 507 } // end of the $action switch 508 509 include ('admin-footer.php'); 510 ?>