diff options
| author | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2006-06-07 14:28:14 +0000 |
|---|---|---|
| committer | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2006-06-07 14:28:14 +0000 |
| commit | 9d42ec4ee5db0437e9ad14b793f044fa0f5de8fe (patch) | |
| tree | a0bb93e81f1856204377f936a97a8a285f77f2b7 /wp-inst/wp-admin/users.php | |
| parent | 16cdc878fce216364bd57f498baeeb1b94ca8662 (diff) | |
WP Merge and new features
git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@550 7be80a69-a1ef-0310-a953-fb0f7c49ff36
Diffstat (limited to 'wp-inst/wp-admin/users.php')
| -rw-r--r-- | wp-inst/wp-admin/users.php | 297 |
1 files changed, 170 insertions, 127 deletions
diff --git a/wp-inst/wp-admin/users.php b/wp-inst/wp-admin/users.php index 64b7662..6dfc57a 100644 --- a/wp-inst/wp-admin/users.php +++ b/wp-inst/wp-admin/users.php @@ -11,7 +11,7 @@ $update = ''; switch ($action) { case 'promote': - check_admin_referer(); + check_admin_referer('bulk-users'); if (empty($_POST['users'])) { header('Location: users.php'); @@ -23,6 +23,8 @@ case 'promote': $userids = $_POST['users']; $update = 'promote'; foreach($userids as $id) { + if ( ! current_user_can('edit_user', $id) ) + die(__('You can’t edit that user.')); // The new role of the current user must also have edit_users caps if($id == $current_user->id && !$wp_roles->role_objects[$_POST['new_role']]->has_cap('edit_users')) { $update = 'err_admin_role'; @@ -38,20 +40,23 @@ case 'promote': break; case 'dodelete': - - check_admin_referer(); + die( "This function is disabled." ); + check_admin_referer('delete-users'); if ( empty($_POST['users']) ) { header('Location: users.php'); } - if ( !current_user_can('edit_users') ) + if ( !current_user_can('delete_users') ) die(__('You can’t delete users.')); $userids = $_POST['users']; $update = 'del'; foreach ($userids as $id) { + if ( ! current_user_can('delete_user', $id) ) + die(__('You can’t delete that user.')); + if($id == $current_user->id) { $update = 'err_admin_del'; continue; @@ -71,21 +76,22 @@ case 'dodelete': break; case 'delete': - - check_admin_referer(); + die( "This function is disabled." ); + check_admin_referer('bulk-users'); if (empty($_POST['users'])) { header('Location: users.php'); } - if ( !current_user_can('edit_users') ) - $error['edit_users'] = __('You can’t delete users.'); + if ( !current_user_can('delete_users') ) + $error = new WP_Error('edit_users', __('You can’t delete users.')); $userids = $_POST['users']; include ('admin-header.php'); ?> <form action="" method="post" name="updateusers" id="updateusers"> +<?php wp_nonce_field('delete-users') ?> <div class="wrap"> <h2><?php _e('Delete Users'); ?></h2> <p><?php _e('You have specified these users for deletion:'); ?></p> @@ -130,13 +136,86 @@ case 'delete': break; +case 'doremove': + check_admin_referer(); + + if ( empty($_POST['users']) ) { + header('Location: users.php'); + } + + if ( !current_user_can('edit_users') ) + die(__('You can’t remove users.')); + + $userids = $_POST['users']; + + $update = 'remove'; + foreach ($userids as $id) { + if ($id == $current_user->id) { + $update = 'err_admin_remove'; + continue; + } + remove_user_from_blog($id); + } + + header('Location: users.php?update=' . $update); + +break; + +case 'removeuser': + + check_admin_referer(); + + if (empty($_POST['users'])) { + header('Location: users.php'); + } + + if ( !current_user_can('edit_users') ) + $error = new WP_Error('edit_users', __('You can’t remove users.')); + + $userids = $_POST['users']; + + include ('admin-header.php'); +?> +<form action="" method="post" name="updateusers" id="updateusers"> +<div class="wrap"> +<h2><?php _e('Remove Users from Blog'); ?></h2> +<p><?php _e('You have specified these users for removal:'); ?></p> +<ul> +<?php + $go_remove = false; + foreach ($userids as $id) { + $user = new WP_User($id); + if ($id == $current_user->id) { + echo "<li>" . sprintf(__('ID #%1s: %2s <strong>The current user will not be removed.</strong>'), $id, $user->user_login) . "</li>\n"; + } else { + echo "<li><input type=\"hidden\" name=\"users[]\" value=\"{$id}\" />" . sprintf(__('ID #%1s: %2s'), $id, $user->user_login) . "</li>\n"; + $go_remove = true; + } + } + ?> +<?php if($go_remove) : ?> + <input type="hidden" name="action" value="doremove" /> + <p class="submit"><input type="submit" name="submit" value="<?php _e('Confirm Removal'); ?>" /></p> +<?php else : ?> + <p><?php _e('There are no valid users selected for removal.'); ?></p> +<?php endif; ?> +</div> +</form> +<?php + +break; + case 'adduser': die( "This function is disabled. Add a user from your community." ); - check_admin_referer(); + check_admin_referer('add-user'); - $errors = add_user(); + if ( ! current_user_can('create_users') ) + die(__('You can’t create users.')); - if(count($errors) == 0) { + $user_id = add_user(); + if ( is_wp_error( $user_id ) ) + $errors = $user_id; + else { header('Location: users.php?update=add'); die(); } @@ -146,56 +225,36 @@ case 'addexistinguser': if ( !current_user_can('edit_users') ) die(__('You can’t edit users.')); - $new_user_login = wp_specialchars(trim($_POST['newuser'])); + $new_user_email = wp_specialchars(trim($_POST['newuser'])); /* checking that username has been typed */ - if ($new_user_login != '' && $new_user_login != 'admin' ) { - if ( username_exists( $new_user_login ) ) { - $user_ID = $wpdb->get_var( "SELECT ID FROM $wpdb->users WHERE user_login = '$new_user_login'" ); - $primary_blog = get_usermeta( $user_ID, "primary_blog" ); - if( $primary_blog ) { - $details = get_blog_details( $primary_blog ); - if( is_object( $details ) ) { - if( $details->archived == 1 || $details->spam == 1 || $details->deleted == 1 ) { - header( "Location: users.php?update=notactive" ); - die(); - } - } - } - if( $wpdb->get_var( "SELECT user_id FROM {$wpdb->usermeta} WHERE user_id = '{$user_ID}' AND meta_key = '{$wpdb->prefix}capabilities'" ) == false ) { - $user = new WP_User($user_ID); - $user->set_role( $_POST[ 'new_role' ] ); - do_action( "added_existing_user", $user_ID ); - header('Location: users.php?update=add'); - die(); + if ( !empty($new_user_email) ) { + if ( $user_id = email_exists( $new_user_email ) ) { + if ( array_key_exists($blog_id, get_blogs_of_user($user_id)) ) { + $location = 'users.php?update=add_existing'; + } else { + add_user_to_blog('', $user_id, $_POST[ 'new_role' ]); + do_action( "added_existing_user", $user_id ); + $location = 'users.php?update=add'; } + header("Location: $location"); + die(); } } header('Location: users.php'); die(); break; default: - if( is_array( $_POST[ 'new_roles' ] ) ) { - check_admin_referer(); - - if ( !current_user_can('edit_users') ) - die(__('You can’t edit users.')); + wp_enqueue_script( 'admin-users' ); - while( list( $key, $val ) = each( $_POST[ 'new_roles' ] ) ) { - if( $val == 'inactive' ) { - $wpdb->query( "DELETE FROM " . $wpdb->usermeta . " WHERE meta_key = '" . $wpmuBaseTablePrefix . $wpdb->blogid . "_capabilities' AND user_id = '" . $key . "'" ); - } else { - $user = new WP_User($key); - $user->set_role( $val ); - } - } - header('Location: users.php?update=promote'); - die(); - } - include ('admin-header.php'); - - $userids = $wpdb->get_col("SELECT ID FROM $wpdb->users, $wpdb->usermeta WHERE $wpdb->users.ID = $wpdb->usermeta.user_id AND meta_key = '".$wpdb->prefix."capabilities'"); - + + if ( !current_user_can('edit_users') ) + die(__('You can’t edit users.')); + $userids = array(); + $users = get_users_of_blog(); + foreach ( $users as $user ) + $userids[] = $user->user_id; + foreach($userids as $userid) { $tmp_user = new WP_User($userid); $roles = $tmp_user->roles; @@ -213,6 +272,11 @@ default: <div id="message" class="updated fade"><p><?php _e('User deleted.'); ?></p></div> <?php break; + case 'remove': + ?> + <div id="message" class="updated fade"><p><?php _e('User removed from this blog.'); ?></p></div> + <?php + break; case 'add': ?> <div id="message" class="updated fade"><p><?php _e('New user created.'); ?></p></div> @@ -235,18 +299,30 @@ default: <div id="message" class="updated fade"><p><?php _e('Other users have been deleted.'); ?></p></div> <?php break; + case 'err_admin_remove': + ?> + <div id="message" class="error"><p><?php _e("You can't remove the current user."); ?></p></div> + <div id="message" class="updated fade"><p><?php _e('Other users have been removed.'); ?></p></div> + <?php + break; case 'notactive': ?> <div id="message" class="updated fade"><p><?php _e('User not added. User is deleted or not active.'); ?></p></div> <?php break; + case 'add_existing': + ?> + <div id="message" class="updated fade"><p><?php _e('User not added. User is already registered.'); ?></p></div> + <?php + break; } endif; - if ( isset($errors) ) : ?> + if ( is_wp_error( $errors ) ) : ?> <div class="error"> <ul> <?php - foreach($errors as $error) echo "<li>$error</li>"; + foreach ( $errors->get_error_messages() as $message ) + echo "<li>$message</li>"; ?> </ul> </div> @@ -255,87 +331,52 @@ default: ?> <form action="" method="post" name="updateusers" id="updateusers"> +<?php wp_nonce_field('bulk-users') ?> <div class="wrap"> <h2><?php _e('User List by Role'); ?></h2> - <table cellpadding="3" cellspacing="3" width="100%"> - <?php - foreach($roleclasses as $role => $roleclass) { - ksort($roleclass); - ?> - - <tr> - <th colspan="8" align="left"> - <h3><?php echo $wp_roles->role_names[$role]; ?></h3> - </th></tr> +<table class="widefat"> +<?php +foreach($roleclasses as $role => $roleclass) { + ksort($roleclass); +?> - <tr> - <th><?php _e('ID') ?></th> - <th><?php _e('Username') ?></th> - <th><?php _e('Name') ?></th> - <th><?php _e('E-mail') ?></th> - <th><?php _e('Role') ?></th> +<tr> + <th colspan="8" align="left"><h3><?php echo $wp_roles->role_names[$role]; ?></h3></th> +</tr> +<thead> +<tr> + <th style="text-align: left"><?php _e('ID') ?></th> + <th style="text-align: left"><?php _e('Username') ?></th> + <th style="text-align: left"><?php _e('Name') ?></th> + <th style="text-align: left"><?php _e('E-mail') ?></th> + <th style="text-align: left"><?php _e('Website') ?></th> <th><?php _e('Posts') ?></th> <th> </th> - </tr> - <?php - $style = ''; - foreach ($roleclass as $user_object) { - if( $user_object->ID != get_site_option( "admin_user_id" ) ) { - $email = $user_object->user_email; - $url = $user_object->user_url; - $short_url = str_replace('http://', '', $url); - $short_url = str_replace('www.', '', $short_url); - if ('/' == substr($short_url, -1)) - $short_url = substr($short_url, 0, -1); - if (strlen($short_url) > 35) - $short_url = substr($short_url, 0, 32).'...'; - $style = ('class="alternate"' == $style) ? '' : 'class="alternate"'; - $numposts = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->posts WHERE post_author = '$user_object->ID' and post_status = 'publish'"); - if (0 < $numposts) $numposts = "<a href='edit.php?author=$user_object->ID' title='" . __('View posts') . "'>$numposts</a>"; - $do_not_edit = ( !is_site_admin() && $user_object->ID == $current_user->ID ); - $disabled = $do_not_edit ? "disabled='disabled' " : ''; - echo " - <tr $style> - <td><input type='checkbox' name='users[]' id='user_{$user_object->ID}' value='{$user_object->ID}' {$disabled}/> <label for='user_{$user_object->ID}'>{$user_object->ID}</label></td> - <td><label for='user_{$user_object->ID}'><strong>$user_object->user_login</strong></label></td> - <td><label for='user_{$user_object->ID}'>$user_object->first_name $user_object->last_name</label></td> - <td><a href='mailto:$email' title='" . sprintf(__('e-mail: %s'), $email) . "'>$email</a></td>"; - if ( $do_not_edit ) { - echo "<td><b>{$wp_roles->role_names[$role]}</b></td>"; - } else { - echo "<td><select name='new_roles[{$user_object->ID}]' id='new_role'>"; - foreach($wp_roles->role_names as $roleid => $name) { - $selected = ''; - if( $role == $roleid) - $selected = 'selected="selected"'; - echo "<option {$selected} value=\"{$roleid}\">{$name}</option>"; - } - echo "</select></td>"; - } - echo "<td align='right'>$numposts</td><td>"; - if (is_site_admin()) - echo "<a href='user-edit.php?user_id=$user_object->ID' class='edit'>".__('Edit')."</a>"; - echo '</td></tr>'; - } else { - echo "<tr class='alternate'><td><label for='user_{$user_object->ID}'>{$user_object->ID}</label></td><td><label for='user_{$user_object->ID}'><strong>$user_object->user_login</strong></label></td><td><label for='user_{$user_object->ID}'>$user_object->first_name $user_object->last_name</label></td><td colspan='4'><strong>Cannot Edit Site Administrator</strong></td></tr>"; - } - } - } -?> - </table> +</tr> +</thead> +<tbody id="role-<?php echo $role; ?>"><?php +$style = ''; +foreach ($roleclass as $user_object) { + $style = (' class="alternate"' == $style) ? '' : ' class="alternate"'; + echo "\n\t" . user_row( $user_object, $style ); +} +?> - <h2><?php _e('Update Users'); ?></h2> +</tbody> <?php -$role_select = '<select name="new_role">'; -foreach($wp_roles->role_names as $role => $name) { - $role_select .= "<option value=\"{$role}\">{$name}</option>"; } -$role_select .= '</select>'; -?> +?> +</table> + + + <h2><?php _e('Update Users'); ?></h2> <ul style="list-style:none;"> - <li><input type="radio" name="action" id="action0" value="delete" /> <label for="action0"><?php _e('Delete checked users.'); ?></label></li> - <li><input type="radio" name="action" id="action1" value="promote" /> <?php echo '<label for="action1">'.__('Set the Role of checked users to:')."</label> $role_select"; ?></li> + <li><input type="radio" name="action" id="action0" value="removeuser" /> <label for="action0"><?php _e('Remove checked users from blog.'); ?></label></li> + <li> + <input type="radio" name="action" id="action1" value="promote" /> <label for="action1"><?php _e('Set the Role of checked users to:'); ?></label> + <select name="new_role"><?php wp_dropdown_roles(); ?></select> + </li> </ul> <p class="submit"><input type="submit" value="<?php _e('Update »'); ?>" /></p> </div> @@ -344,10 +385,11 @@ $role_select .= '</select>'; <div class="wrap"> <h2><?php _e('Add User From Community') ?></h2> <form action="" method="post" name="adduser" id="adduser"> + <?php wp_nonce_field('add-user') ?> <input type='hidden' name='action' value='addexistinguser'> -<p>Type the username of another user to add them to your blog.</p> +<p>Type the e-mail address of another user to add them to your blog.</p> <table> -<tr><th scope="row">User Login: </th><td><input type="text" name="newuser" id="newuser"></td></tr> +<tr><th scope="row">User E-Mail: </th><td><input type="text" name="newuser" id="newuser"></td></tr> <tr> <th scope="row"><?php _e('Role:') ?></th> <td><select name="new_role" id="new_role"><?php @@ -365,9 +407,10 @@ $role_select .= '</select>'; </td> </table> <p class="submit"> - <input name="adduser" type="submit" id="adduser" value="<?php _e('Add User »') ?>" /> + <input name="adduser" type="submit" id="addusersub" value="<?php _e('Add User »') ?>" /> </p> </form> +<div id="ajax-response"></div> </div> <?php |