From aaa125d6fc966800051e249ccb8c6cd43ba9f093 Mon Sep 17 00:00:00 2001 From: donncha Date: Mon, 22 Oct 2007 17:16:22 +0000 Subject: Remove primary_blog record for user after removed from blog. Check for username and email when adding user. Rework permission denied redirect code. props momo360modena, fixes #427 git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@1120 7be80a69-a1ef-0310-a953-fb0f7c49ff36 --- wp-admin/menu.php | 27 +++++++++++++++++++++------ wp-admin/wpmu-edit.php | 13 ++++++++++--- 2 files changed, 31 insertions(+), 9 deletions(-) (limited to 'wp-admin') diff --git a/wp-admin/menu.php b/wp-admin/menu.php index f03138e..89337b8 100644 --- a/wp-admin/menu.php +++ b/wp-admin/menu.php @@ -150,15 +150,30 @@ unset($id); uksort($menu, "strnatcasecmp"); // make it all pretty -if (! user_can_access_admin_page()) { - global $wpdb; +if ( !user_can_access_admin_page() ) { // find the blog of this user first - $primary_blog = $wpdb->get_var( "SELECT meta_value FROM {$wpdb->usermeta} WHERE user_id = '$user_ID' AND meta_key = 'primary_blog'" ); - if( $primary_blog ) { + $primary_blog = (int) get_usermeta( $user_ID, 'primary_blog' ); + if( $primary_blog != 0 ) { + global $wpdb; $newblog = $wpdb->get_row( "SELECT * FROM {$wpdb->blogs} WHERE blog_id = '{$primary_blog}'" ); if( $newblog != null ) { - header( "Location: http://" . $newblog->domain . $newblog->path . "wp-admin/" ); - exit; + $blogs = get_blogs_of_user( $user_ID ); + if ( empty($blogs) || $blogs == false ) { // If user haven't any blog + update_usermeta( $user_ID, 'wp_1_capabilities', array('subscriber' => true)); // Add subscriber permission for first blog. + wp_redirect( 'http://'.$current_site->domain . $current_site->path. 'wp-admin/' ); + exit(); + } + + foreach ( (array) $blogs as $blog ) { + if ( $blog->userblog_id == $newblog->blog_id ) { + wp_redirect( 'http://'.$newblog->domain . $newblog->path . 'wp-admin/' ); + exit(); + } + } + + $blog = $blogs[0]; // Take the first blog... + wp_redirect( 'http://'.$blog->domain . $blog->path. 'wp-admin/' ); + exit(); } } wp_die( __('You do not have sufficient permissions to access this page.') ); diff --git a/wp-admin/wpmu-edit.php b/wp-admin/wpmu-edit.php index d3f30e4..903c4f1 100644 --- a/wp-admin/wpmu-edit.php +++ b/wp-admin/wpmu-edit.php @@ -186,7 +186,9 @@ switch( $_GET['action'] ) { if( is_array( $_POST['blogusers'] ) ) { reset( $_POST['blogusers'] ); foreach ( (array) $_POST['blogusers'] as $key => $val ) { - $wpdb->query( "DELETE FROM " . $wpdb->usermeta . " WHERE meta_key = '" . $wpmuBaseTablePrefix . $id . "_capabilities' AND user_id = '" . $key . "'" ); + delete_usermeta( $key, $wpmuBaseTablePrefix.$id.'_capabilities' ); + delete_usermeta( $key, $wpmuBaseTablePrefix.$id.'_user_level' ); + delete_usermeta( $key, 'primary_blog', $id ); // Delete primary blog if need. } } @@ -402,9 +404,14 @@ switch( $_GET['action'] ) { if( is_array( $_POST['user'] ) == true ) { $user = $_POST['user']; - if ( empty($user['username']) || empty($user['email']) ) { + if ( empty($user['username']) && empty($user['email']) ) { wp_die( __("

Missing username and email.

") ); - } + } elseif ( empty($user['username']) ) { + wp_die( __("

Missing username.

") ); + } elseif ( empty($user['email']) ) { + wp_die( __("

Missing email.

") ); + } + $password = generate_random_password(); $user_id = wpmu_create_user(wp_specialchars( strtolower( $user['username'] ) ), $password, wp_specialchars( $user['email'] ) ); if( false == $user_id ) { -- cgit