/bp-forums/bbpress/profile-edit.php

  1. <?php 
  2. require_once( './bb-load.php' ); 
  3.  
  4. // Redirect if we require SSL and it isn't 
  5. bb_ssl_redirect(); 
  6.  
  7. // Authenticate against the "logged_in" cookie 
  8. bb_auth( 'logged_in' ); 
  9.  
  10. // Check that the current user can do this, if not kick them to the front page 
  11. if ( !bb_current_user_can( 'edit_user', $user_id ) ) { 
  12. $sendto = bb_get_uri( null, null, BB_URI_CONTEXT_HEADER ); 
  13. wp_redirect( $sendto ); 
  14. exit; 
  15.  
  16. // Store the current user id 
  17. $bb_current_id = bb_get_current_user_info( 'id' ); 
  18.  
  19. // I don't know how this would ever get triggered 
  20. if ( !bb_is_profile() ) { 
  21. $sendto = get_profile_tab_link( $bb_current_id, 'edit' ); 
  22. wp_redirect( $sendto ); 
  23. exit; 
  24.  
  25. // Set some low capabilities if the current user has none 
  26. if ( !isset( $user->capabilities ) ) { 
  27. $user->capabilities = array( 'inactive' => true ); 
  28.  
  29. // Store the profile info keys 
  30. $profile_info_keys = bb_get_profile_info_keys( 'profile-edit' ); 
  31.  
  32. // Store additional keys if the current user has access to them 
  33. if ( bb_current_user_can('edit_users') ) { 
  34. $profile_admin_keys = bb_get_profile_admin_keys( 'profile-edit' ); 
  35. $assignable_caps = bb_get_assignable_caps(); 
  36.  
  37. // Instantiate the error object 
  38. $errors = new WP_Error; 
  39.  
  40. if ( 'post' == strtolower($_SERVER['REQUEST_METHOD']) ) { 
  41. $_POST = stripslashes_deep( $_POST ); 
  42. bb_check_admin_referer( 'edit-profile_' . $user_id ); 
  43.  
  44. // Fix the URL before sanitizing it 
  45. $user_url = bb_fix_link( $_POST['user_url'] ); 
  46.  
  47. // Sanitize the profile info keys and check for missing required data 
  48. foreach ( $profile_info_keys as $key => $label ) { 
  49. $$key = apply_filters( 'sanitize_profile_info', $_POST[$key], $key, $_POST[$key] ); 
  50. if ( !$$key && $label[0] == 1 ) { 
  51. $errors->add( $key, sprintf( __( '%s is required.' ), esc_html( $label[1] ) ) ); 
  52. $$key = false; 
  53.  
  54. // Find out if we have a valid email address 
  55. if ( isset( $user_email ) && !$user_email = is_email( $user_email ) ) { 
  56. $errors->add( 'user_email', __( 'Invalid email address' ), array( 'data' => $_POST['user_email'] ) ); 
  57.  
  58. // Deal with errors for users who can edit others data 
  59. if ( bb_current_user_can('edit_users') ) { 
  60. // Get the user object 
  61. $user_obj = new BP_User( $user->ID ); 
  62.  
  63. // If we are deleting just do it and redirect 
  64. if ( isset( $_POST['delete-user'] ) && $_POST['delete-user'] && $bb_current_id != $user->ID ) { 
  65. if ( !bb_current_user_can( 'keep_gate' ) && 'keymaster' == $user_obj->roles[0] ) { /** Only a keymaster can delete another keymaster */ 
  66. $errors->add( 'delete', __( 'You can not delete this user!' ) ); 
  67. } else { 
  68. bb_delete_user( $user->ID ); 
  69. wp_redirect( bb_get_uri(null, null, BB_URI_CONTEXT_HEADER) ); 
  70. exit; 
  71.  
  72. // Store the new role 
  73. $role = $_POST['role']; 
  74.  
  75. // Deal with errors with the role 
  76. if ( !isset($wp_roles->role_objects[$role]) ) { 
  77. $errors->add( 'role', __( 'Invalid Role' ) ); 
  78. } elseif ( !bb_current_user_can( 'keep_gate' ) && ( 'keymaster' == $role || 'keymaster' == $user_obj->roles[0] ) ) { 
  79. $errors->add( 'role', __( 'You are not the Gate Keeper.' ) ); 
  80. } elseif ( 'keymaster' == $user_obj->roles[0] && 'keymaster' != $role && $bb_current_id == $user->ID ) { 
  81. $errors->add( 'role', __( 'You are Keymaster, so you may not demote yourself.' ) ); 
  82.  
  83. // Sanitize the profile admin keys and check for missing required data 
  84. foreach ( $profile_admin_keys as $key => $label ) { 
  85. if ( isset( $$key ) ) 
  86. continue; 
  87.  
  88. $$key = apply_filters( 'sanitize_profile_admin', $_POST[$key], $key, $_POST[$key] ); 
  89. if ( !$$key && $label[0] == 1 ) { 
  90. $errors->add( $key, sprintf( __( '%s is required.' ), esc_html( $label[1] ) ) ); 
  91. $$key = false; 
  92.  
  93. // Create variable for the requested roles 
  94. foreach ( $assignable_caps as $cap => $label ) { 
  95. if ( isset($$cap) ) 
  96. continue; 
  97.  
  98. $$cap = ( isset($_POST[$cap]) && $_POST[$cap] ) ? 1 : 0; 
  99.  
  100. // Deal with errors generated from the password form 
  101. if ( bb_current_user_can( 'change_user_password', $user->ID ) ) { 
  102. if ( ( !empty($_POST['pass1']) || !empty($_POST['pass2']) ) && $_POST['pass1'] !== $_POST['pass2'] ) { 
  103. $errors->add( 'pass', __( 'You must enter the same password twice.' ) ); 
  104. } elseif( !empty($_POST['pass1']) && !bb_current_user_can( 'change_user_password', $user->ID ) ) { 
  105. $errors->add( 'pass', __( "You are not allowed to change this user's password." ) ); 
  106.  
  107. // If there are no errors then update the records 
  108. if ( !$errors->get_error_codes() ) { 
  109. do_action('before_profile_edited', $user->ID); 
  110.  
  111. if ( bb_current_user_can( 'edit_user', $user->ID ) ) { 
  112. // All these are always set at this point 
  113. bb_update_user( $user->ID, $user_email, $user_url, $display_name ); 
  114.  
  115. // Add user meta data 
  116. foreach( $profile_info_keys as $key => $label ) { 
  117. if ( 'display_name' == $key || 'ID' == $key || strpos($key, 'user_') === 0 ) 
  118. continue; 
  119. if ( $$key != '' || isset($user->$key) ) 
  120. bb_update_usermeta( $user->ID, $key, $$key ); 
  121.  
  122. if ( bb_current_user_can( 'edit_users' ) ) { 
  123. if ( !array_key_exists($role, $user->capabilities) ) { 
  124. $user_obj->set_role($role); // Only support one role for now 
  125. if ( 'blocked' == $role && 'blocked' != $old_role ) 
  126. bb_break_password( $user->ID ); 
  127. elseif ( 'blocked' != $role && array_key_exists( 'blocked', $user->capabilities ) ) 
  128. bb_fix_password( $user->ID ); 
  129. foreach( $profile_admin_keys as $key => $label ) 
  130. if ( $$key != '' || isset($user->$key) ) 
  131. bb_update_usermeta( $user->ID, $key, $$key ); 
  132. foreach( $assignable_caps as $cap => $label ) { 
  133. if ( ( !$already = array_key_exists($cap, $user->capabilities) ) && $$cap) { 
  134. $user_obj->add_cap($cap); 
  135. } elseif ( !$$cap && $already ) { 
  136. $user_obj->remove_cap($cap); 
  137.  
  138. if ( bb_current_user_can( 'change_user_password', $user->ID ) && !empty($_POST['pass1']) ) { 
  139. $_POST['pass1'] = addslashes($_POST['pass1']); 
  140. bb_update_user_password( $user->ID, $_POST['pass1'] ); 
  141.  
  142. if ( bb_get_current_user_info( 'ID' ) == $user->ID ) { 
  143. bb_clear_auth_cookie(); 
  144. bb_set_auth_cookie( $user->ID ); 
  145.  
  146. do_action('profile_edited', $user->ID); 
  147.  
  148. wp_redirect( add_query_arg( 'updated', 'true', get_user_profile_link( $user->ID ) ) ); 
  149. exit; 
  150.  
  151. bb_load_template( 'profile-edit.php', array('profile_info_keys', 'profile_admin_keys', 'assignable_caps', 'user_email', 'bb_roles', 'errors', 'self') ); 
  152.  
  153. ?> 
.