| [ Root ] [ Search ] [ Index ] |
PHP Cross Reference of WordPress 3.0.1Provided by Yoast |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * Users administration panel. 4 * 5 * @package WordPress 6 * @subpackage Administration 7 */ 8 9 /** WordPress Administration Bootstrap */ 10 require_once ('./admin.php'); 11 12 /** WordPress Registration API */ 13 require_once( ABSPATH . WPINC . '/registration.php'); 14 15 if ( !current_user_can('list_users') ) 16 wp_die(__('Cheatin’ uh?')); 17 18 $title = __('Users'); 19 $parent_file = 'users.php'; 20 21 // contextual help - choose Help on the top right of admin panel to preview this. 22 add_contextual_help($current_screen, 23 '<p>' . __('This screen lists all the existing users for your site. Each user has one of five defined roles as set by the site admin: Site Administrator, Editor, Author, Contributor, or Subscriber. Users with roles other than Administrator will see fewer options when they are logged in, based on their role.') . '</p>' . 24 '<p>' . __('You can customize the display of information on this screen as you can on other screens, by using the Screen Options tab and the on-screen filters.') . '</p>' . 25 '<p>' . __('To add a new user for your site, click the Add New button at the top of the screen or Add New in the Users menu section.') . '</p>' . 26 '<p><strong>' . __('For more information:') . '</strong></p>' . 27 '<p>' . __('<a href="http://codex.wordpress.org/Users_Authors_and_Users_SubPanel" target="_blank">Documentation on Authors and Users</a>') . '</p>' . 28 '<p>' . __('<a href="http://codex.wordpress.org/Roles_and_Capabilities" target="_blank">Roles and Capabilities Descriptions</a>') . '</p>' . 29 '<p>' . __('<a href="http://wordpress.org/support/" target="_blank">Support Forums</a>') . '</p>' 30 ); 31 32 $update = $doaction = ''; 33 if ( isset($_REQUEST['action']) ) 34 $doaction = $_REQUEST['action'] ? $_REQUEST['action'] : $_REQUEST['action2']; 35 36 if ( empty($doaction) ) { 37 if ( isset($_GET['changeit']) && !empty($_GET['new_role']) ) 38 $doaction = 'promote'; 39 } 40 41 if ( empty($_REQUEST) ) { 42 $referer = '<input type="hidden" name="wp_http_referer" value="'. esc_attr(stripslashes($_SERVER['REQUEST_URI'])) . '" />'; 43 } elseif ( isset($_REQUEST['wp_http_referer']) ) { 44 $redirect = remove_query_arg(array('wp_http_referer', 'updated', 'delete_count'), stripslashes($_REQUEST['wp_http_referer'])); 45 $referer = '<input type="hidden" name="wp_http_referer" value="' . esc_attr($redirect) . '" />'; 46 } else { 47 $redirect = 'users.php'; 48 $referer = ''; 49 } 50 51 switch ($doaction) { 52 53 /* Bulk Dropdown menu Role changes */ 54 case 'promote': 55 check_admin_referer('bulk-users'); 56 57 if ( empty($_REQUEST['users']) ) { 58 wp_redirect($redirect); 59 exit(); 60 } 61 62 $editable_roles = get_editable_roles(); 63 if ( empty( $editable_roles[$_REQUEST['new_role']] ) ) 64 wp_die(__('You can’t give users that role.')); 65 66 $userids = $_REQUEST['users']; 67 $update = 'promote'; 68 foreach ( $userids as $id ) { 69 $id = (int) $id; 70 71 if ( ! current_user_can('promote_user', $id) ) 72 wp_die(__('You can’t edit that user.')); 73 // The new role of the current user must also have promote_users caps 74 if ( $id == $current_user->ID && !$wp_roles->role_objects[$_REQUEST['new_role']]->has_cap('promote_users') ) { 75 $update = 'err_admin_role'; 76 continue; 77 } 78 79 // If the user doesn't already belong to the blog, bail. 80 if ( is_multisite() && !is_user_member_of_blog( $id ) ) 81 wp_die(__('Cheatin’ uh?')); 82 83 $user = new WP_User($id); 84 $user->set_role($_REQUEST['new_role']); 85 } 86 87 wp_redirect(add_query_arg('update', $update, $redirect)); 88 exit(); 89 90 break; 91 92 case 'dodelete': 93 if ( is_multisite() ) 94 wp_die( __('User deletion is not allowed from this screen.') ); 95 96 check_admin_referer('delete-users'); 97 98 if ( empty($_REQUEST['users']) ) { 99 wp_redirect($redirect); 100 exit(); 101 } 102 103 if ( ! current_user_can( 'delete_users' ) ) 104 wp_die(__('You can’t delete users.')); 105 106 $userids = $_REQUEST['users']; 107 $update = 'del'; 108 $delete_count = 0; 109 110 foreach ( (array) $userids as $id) { 111 $id = (int) $id; 112 113 if ( ! current_user_can( 'delete_user', $id ) ) 114 wp_die(__( 'You can’t delete that user.' ) ); 115 116 if ( $id == $current_user->ID ) { 117 $update = 'err_admin_del'; 118 continue; 119 } 120 switch ( $_REQUEST['delete_option'] ) { 121 case 'delete': 122 if ( current_user_can('delete_user', $id) ) 123 wp_delete_user($id); 124 break; 125 case 'reassign': 126 if ( current_user_can('delete_user', $id) ) 127 wp_delete_user($id, $_REQUEST['reassign_user']); 128 break; 129 } 130 ++$delete_count; 131 } 132 133 $redirect = add_query_arg( array('delete_count' => $delete_count, 'update' => $update), $redirect); 134 wp_redirect($redirect); 135 exit(); 136 137 break; 138 139 case 'delete': 140 if ( is_multisite() ) 141 wp_die( __('User deletion is not allowed from this screen.') ); 142 143 check_admin_referer('bulk-users'); 144 145 if ( empty($_REQUEST['users']) && empty($_REQUEST['user']) ) { 146 wp_redirect($redirect); 147 exit(); 148 } 149 150 if ( ! current_user_can( 'delete_users' ) ) 151 $errors = new WP_Error( 'edit_users', __( 'You can’t delete users.' ) ); 152 153 if ( empty($_REQUEST['users']) ) 154 $userids = array(intval($_REQUEST['user'])); 155 else 156 $userids = $_REQUEST['users']; 157 158 include ('admin-header.php'); 159 ?> 160 <form action="" method="post" name="updateusers" id="updateusers"> 161 <?php wp_nonce_field('delete-users') ?> 162 <?php echo $referer; ?> 163 164 <div class="wrap"> 165 <?php screen_icon(); ?> 166 <h2><?php _e('Delete Users'); ?></h2> 167 <p><?php _e('You have specified these users for deletion:'); ?></p> 168 <ul> 169 <?php 170 $go_delete = false; 171 foreach ( (array) $userids as $id ) { 172 $id = (int) $id; 173 $user = new WP_User($id); 174 if ( $id == $current_user->ID ) { 175 echo "<li>" . sprintf(__('ID #%1s: %2s <strong>The current user will not be deleted.</strong>'), $id, $user->user_login) . "</li>\n"; 176 } else { 177 echo "<li><input type=\"hidden\" name=\"users[]\" value=\"" . esc_attr($id) . "\" />" . sprintf(__('ID #%1s: %2s'), $id, $user->user_login) . "</li>\n"; 178 $go_delete = true; 179 } 180 } 181 // @todo Delete is always for !is_multisite(). Use API. 182 if ( !is_multisite() ) { 183 $all_logins = $wpdb->get_results("SELECT ID, user_login FROM $wpdb->users ORDER BY user_login"); 184 } else { 185 // WPMU only searches users of current blog 186 $all_logins = $wpdb->get_results("SELECT ID, user_login FROM $wpdb->users, $wpdb->usermeta WHERE $wpdb->users.ID = $wpdb->usermeta.user_id AND meta_key = '".$wpdb->prefix."capabilities' ORDER BY user_login"); 187 } 188 $user_dropdown = '<select name="reassign_user">'; 189 foreach ( (array) $all_logins as $login ) 190 if ( $login->ID == $current_user->ID || !in_array($login->ID, $userids) ) 191 $user_dropdown .= "<option value=\"" . esc_attr($login->ID) . "\">{$login->user_login}</option>"; 192 $user_dropdown .= '</select>'; 193 ?> 194 </ul> 195 <?php if ( $go_delete ) : ?> 196 <fieldset><p><legend><?php _e('What should be done with posts and links owned by this user?'); ?></legend></p> 197 <ul style="list-style:none;"> 198 <li><label><input type="radio" id="delete_option0" name="delete_option" value="delete" checked="checked" /> 199 <?php _e('Delete all posts and links.'); ?></label></li> 200 <li><input type="radio" id="delete_option1" name="delete_option" value="reassign" /> 201 <?php echo '<label for="delete_option1">'.__('Attribute all posts and links to:')."</label> $user_dropdown"; ?></li> 202 </ul></fieldset> 203 <input type="hidden" name="action" value="dodelete" /> 204 <p class="submit"><input type="submit" name="submit" value="<?php esc_attr_e('Confirm Deletion'); ?>" class="button-secondary" /></p> 205 <?php else : ?> 206 <p><?php _e('There are no valid users selected for deletion.'); ?></p> 207 <?php endif; ?> 208 </div> 209 </form> 210 <?php 211 212 break; 213 214 case 'doremove': 215 check_admin_referer('remove-users'); 216 217 if ( empty($_REQUEST['users']) ) { 218 wp_redirect($redirect); 219 exit; 220 } 221 222 if ( !current_user_can('remove_users') ) 223 die(__('You can’t remove users.')); 224 225 $userids = $_REQUEST['users']; 226 227 $update = 'remove'; 228 foreach ( $userids as $id ) { 229 $id = (int) $id; 230 if ( $id == $current_user->id && !is_super_admin() ) { 231 $update = 'err_admin_remove'; 232 continue; 233 } 234 if ( !current_user_can('remove_user', $id) ) { 235 $update = 'err_admin_remove'; 236 continue; 237 } 238 remove_user_from_blog($id, $blog_id); 239 } 240 241 $redirect = add_query_arg( array('update' => $update), $redirect); 242 wp_redirect($redirect); 243 exit; 244 245 break; 246 247 case 'remove': 248 249 check_admin_referer('bulk-users'); 250 251 if ( empty($_REQUEST['users']) && empty($_REQUEST['user']) ) { 252 wp_redirect($redirect); 253 exit(); 254 } 255 256 if ( !current_user_can('remove_users') ) 257 $error = new WP_Error('edit_users', __('You can’t remove users.')); 258 259 if ( empty($_REQUEST['users']) ) 260 $userids = array(intval($_REQUEST['user'])); 261 else 262 $userids = $_REQUEST['users']; 263 264 include ('admin-header.php'); 265 ?> 266 <form action="" method="post" name="updateusers" id="updateusers"> 267 <?php wp_nonce_field('remove-users') ?> 268 <?php echo $referer; ?> 269 270 <div class="wrap"> 271 <?php screen_icon(); ?> 272 <h2><?php _e('Remove Users from Site'); ?></h2> 273 <p><?php _e('You have specified these users for removal:'); ?></p> 274 <ul> 275 <?php 276 $go_remove = false; 277 foreach ( $userids as $id ) { 278 $id = (int) $id; 279 $user = new WP_User($id); 280 if ( $id == $current_user->id && !is_super_admin() ) { 281 echo "<li>" . sprintf(__('ID #%1s: %2s <strong>The current user will not be removed.</strong>'), $id, $user->user_login) . "</li>\n"; 282 } elseif ( !current_user_can('remove_user', $id) ) { 283 echo "<li>" . sprintf(__('ID #%1s: %2s <strong>You don\'t have permission to remove this user.</strong>'), $id, $user->user_login) . "</li>\n"; 284 } else { 285 echo "<li><input type=\"hidden\" name=\"users[]\" value=\"{$id}\" />" . sprintf(__('ID #%1s: %2s'), $id, $user->user_login) . "</li>\n"; 286 $go_remove = true; 287 } 288 } 289 ?> 290 <?php if ( $go_remove ) : ?> 291 <input type="hidden" name="action" value="doremove" /> 292 <p class="submit"><input type="submit" name="submit" value="<?php esc_attr_e('Confirm Removal'); ?>" class="button-secondary" /></p> 293 <?php else : ?> 294 <p><?php _e('There are no valid users selected for removal.'); ?></p> 295 <?php endif; ?> 296 </div> 297 </form> 298 <?php 299 300 break; 301 302 default: 303 304 if ( !empty($_GET['_wp_http_referer']) ) { 305 wp_redirect(remove_query_arg(array('_wp_http_referer', '_wpnonce'), stripslashes($_SERVER['REQUEST_URI']))); 306 exit; 307 } 308 309 include ('./admin-header.php'); 310 311 $usersearch = isset($_GET['usersearch']) ? $_GET['usersearch'] : null; 312 $userspage = isset($_GET['userspage']) ? $_GET['userspage'] : null; 313 $role = isset($_GET['role']) ? $_GET['role'] : null; 314 315 // Query the user IDs for this page 316 $wp_user_search = new WP_User_Search($usersearch, $userspage, $role); 317 318 // Query the post counts for this page 319 $post_counts = count_many_users_posts($wp_user_search->get_results()); 320 321 // Query the users for this page 322 cache_users($wp_user_search->get_results()); 323 324 $messages = array(); 325 if ( isset($_GET['update']) ) : 326 switch($_GET['update']) { 327 case 'del': 328 case 'del_many': 329 $delete_count = isset($_GET['delete_count']) ? (int) $_GET['delete_count'] : 0; 330 $messages[] = '<div id="message" class="updated"><p>' . sprintf(_n('%s user deleted', '%s users deleted', $delete_count), $delete_count) . '</p></div>'; 331 break; 332 case 'add': 333 $messages[] = '<div id="message" class="updated"><p>' . __('New user created.') . '</p></div>'; 334 break; 335 case 'promote': 336 $messages[] = '<div id="message" class="updated"><p>' . __('Changed roles.') . '</p></div>'; 337 break; 338 case 'err_admin_role': 339 $messages[] = '<div id="message" class="error"><p>' . __('The current user’s role must have user editing capabilities.') . '</p></div>'; 340 $messages[] = '<div id="message" class="updated"><p>' . __('Other user roles have been changed.') . '</p></div>'; 341 break; 342 case 'err_admin_del': 343 $messages[] = '<div id="message" class="error"><p>' . __('You can’t delete the current user.') . '</p></div>'; 344 $messages[] = '<div id="message" class="updated"><p>' . __('Other users have been deleted.') . '</p></div>'; 345 break; 346 case 'remove': 347 $messages[] = '<div id="message" class="updated fade"><p>' . __('User removed from this site.') . '</p></div>'; 348 break; 349 case 'err_admin_remove': 350 $messages[] = '<div id="message" class="error"><p>' . __("You can't remove the current user.") . '</p></div>'; 351 $messages[] = '<div id="message" class="updated fade"><p>' . __('Other users have been removed.') . '</p></div>'; 352 break; 353 } 354 endif; ?> 355 356 <?php if ( isset($errors) && is_wp_error( $errors ) ) : ?> 357 <div class="error"> 358 <ul> 359 <?php 360 foreach ( $errors->get_error_messages() as $err ) 361 echo "<li>$err</li>\n"; 362 ?> 363 </ul> 364 </div> 365 <?php endif; 366 367 if ( ! empty($messages) ) { 368 foreach ( $messages as $msg ) 369 echo $msg; 370 } ?> 371 372 <div class="wrap"> 373 <?php screen_icon(); ?> 374 <h2><?php echo esc_html( $title ); if ( current_user_can( 'create_users' ) ) { ?> <a href="user-new.php" class="button add-new-h2"><?php echo esc_html_x('Add New', 'user'); ?></a><?php } 375 if ( isset($_GET['usersearch']) && $_GET['usersearch'] ) 376 printf( '<span class="subtitle">' . __('Search results for “%s”') . '</span>', esc_html( $_GET['usersearch'] ) ); ?> 377 </h2> 378 379 <div class="filter"> 380 <form id="list-filter" action="" method="get"> 381 <ul class="subsubsub"> 382 <?php 383 $users_of_blog = count_users(); 384 $total_users = $users_of_blog['total_users']; 385 $avail_roles =& $users_of_blog['avail_roles']; 386 unset($users_of_blog); 387 388 $current_role = false; 389 $class = empty($role) ? ' class="current"' : ''; 390 $role_links = array(); 391 $role_links[] = "<li><a href='users.php'$class>" . sprintf( _nx( 'All <span class="count">(%s)</span>', 'All <span class="count">(%s)</span>', $total_users, 'users' ), number_format_i18n( $total_users ) ) . '</a>'; 392 foreach ( $wp_roles->get_names() as $this_role => $name ) { 393 if ( !isset($avail_roles[$this_role]) ) 394 continue; 395 396 $class = ''; 397 398 if ( $this_role == $role ) { 399 $current_role = $role; 400 $class = ' class="current"'; 401 } 402 403 $name = translate_user_role( $name ); 404 /* translators: User role name with count */ 405 $name = sprintf( __('%1$s <span class="count">(%2$s)</span>'), $name, $avail_roles[$this_role] ); 406 $role_links[] = "<li><a href='users.php?role=$this_role'$class>$name</a>"; 407 } 408 echo implode( " |</li>\n", $role_links) . '</li>'; 409 unset($role_links); 410 ?> 411 </ul> 412 </form> 413 </div> 414 415 <form class="search-form" action="" method="get"> 416 <p class="search-box"> 417 <label class="screen-reader-text" for="user-search-input"><?php _e( 'Search Users' ); ?>:</label> 418 <input type="text" id="user-search-input" name="usersearch" value="<?php echo esc_attr($wp_user_search->search_term); ?>" /> 419 <input type="submit" value="<?php esc_attr_e( 'Search Users' ); ?>" class="button" /> 420 </p> 421 </form> 422 423 <form id="posts-filter" action="" method="get"> 424 <div class="tablenav"> 425 426 <?php if ( $wp_user_search->results_are_paged() ) : ?> 427 <div class="tablenav-pages"><?php $wp_user_search->page_links(); ?></div> 428 <?php endif; ?> 429 430 <div class="alignleft actions"> 431 <select name="action"> 432 <option value="" selected="selected"><?php _e('Bulk Actions'); ?></option> 433 <?php if ( !is_multisite() && current_user_can('delete_users') ) { ?> 434 <option value="delete"><?php _e('Delete'); ?></option> 435 <?php } else { ?> 436 <option value="remove"><?php _e('Remove'); ?></option> 437 <?php } ?> 438 </select> 439 <input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" /> 440 <label class="screen-reader-text" for="new_role"><?php _e('Change role to…') ?></label><select name="new_role" id="new_role"><option value=''><?php _e('Change role to…') ?></option><?php wp_dropdown_roles(); ?></select> 441 <input type="submit" value="<?php esc_attr_e('Change'); ?>" name="changeit" class="button-secondary" /> 442 <?php wp_nonce_field('bulk-users'); ?> 443 </div> 444 445 <br class="clear" /> 446 </div> 447 448 <?php if ( is_wp_error( $wp_user_search->search_errors ) ) : ?> 449 <div class="error"> 450 <ul> 451 <?php 452 foreach ( $wp_user_search->search_errors->get_error_messages() as $message ) 453 echo "<li>$message</li>"; 454 ?> 455 </ul> 456 </div> 457 <?php endif; ?> 458 459 460 <?php if ( $wp_user_search->get_results() ) : ?> 461 462 <?php if ( $wp_user_search->is_search() ) : ?> 463 <p><a href="users.php"><?php _e('← Back to All Users'); ?></a></p> 464 <?php endif; ?> 465 466 <table class="widefat fixed" cellspacing="0"> 467 <thead> 468 <tr class="thead"> 469 <?php print_column_headers('users') ?> 470 </tr> 471 </thead> 472 473 <tfoot> 474 <tr class="thead"> 475 <?php print_column_headers('users', false) ?> 476 </tr> 477 </tfoot> 478 479 <tbody id="users" class="list:user user-list"> 480 <?php 481 $style = ''; 482 foreach ( $wp_user_search->get_results() as $userid ) { 483 $user_object = new WP_User($userid); 484 $roles = $user_object->roles; 485 $role = array_shift($roles); 486 487 if ( is_multisite() && empty( $role ) ) 488 continue; 489 490 $style = ( ' class="alternate"' == $style ) ? '' : ' class="alternate"'; 491 echo "\n\t", user_row( $user_object, $style, $role, $post_counts[ $userid ] ); 492 } 493 ?> 494 </tbody> 495 </table> 496 497 <div class="tablenav"> 498 499 <?php if ( $wp_user_search->results_are_paged() ) : ?> 500 <div class="tablenav-pages"><?php $wp_user_search->page_links(); ?></div> 501 <?php endif; ?> 502 503 <div class="alignleft actions"> 504 <select name="action2"> 505 <option value="" selected="selected"><?php _e('Bulk Actions'); ?></option> 506 <?php if ( !is_multisite() && current_user_can('delete_users') ) { ?> 507 <option value="delete"><?php _e('Delete'); ?></option> 508 <?php } else { ?> 509 <option value="remove"><?php _e('Remove'); ?></option> 510 <?php } ?></select> 511 <input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" /> 512 </div> 513 514 <br class="clear" /> 515 </div> 516 517 <?php endif; ?> 518 519 </form> 520 </div> 521 522 <?php 523 if ( is_multisite() ) { 524 foreach ( array('user_login' => 'user_login', 'first_name' => 'user_firstname', 'last_name' => 'user_lastname', 'email' => 'user_email', 'url' => 'user_uri', 'role' => 'user_role') as $formpost => $var ) { 525 $var = 'new_' . $var; 526 $$var = isset($_REQUEST[$formpost]) ? esc_attr(stripslashes($_REQUEST[$formpost])) : ''; 527 } 528 unset($name); 529 } 530 ?> 531 532 <br class="clear" /> 533 <?php 534 break; 535 536 } // end of the $doaction switch 537 538 include ('./admin-footer.php'); 539 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Thu Oct 14 05:12:05 2010 | Cross-referenced by PHPXref 0.7 |