From 13f492ab756532f72764b301eb92c1c12e40de76 Mon Sep 17 00:00:00 2001 From: matt Date: Sat, 9 Jul 2005 01:27:46 +0000 Subject: [PATCH] Massive user_level fix. We were still using the user_level field in wp_users in some places, where we should just use the table prefixed usermeta value. git-svn-id: http://svn.automattic.com/wordpress/trunk@2702 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/admin-db.php | 69 ++++++++++++++++++++++++-- wp-admin/admin-functions.php | 7 ++- wp-admin/edit-form-advanced.php | 4 +- wp-admin/edit-page-form.php | 4 +- wp-admin/edit-pages.php | 5 +- wp-admin/post.php | 2 +- wp-admin/upgrade-functions.php | 2 +- wp-admin/upgrade-schema.php | 1 - wp-admin/user-edit.php | 20 ++++---- wp-admin/users.php | 63 +++++++---------------- wp-includes/functions.php | 17 +++++-- wp-includes/pluggable-functions.php | 11 ++-- wp-includes/registration-functions.php | 32 ++++++++++++ wp-register.php | 36 +++----------- 14 files changed, 167 insertions(+), 106 deletions(-) create mode 100644 wp-includes/registration-functions.php diff --git a/wp-admin/admin-db.php b/wp-admin/admin-db.php index 78e803c86..b657edd70 100644 --- a/wp-admin/admin-db.php +++ b/wp-admin/admin-db.php @@ -13,12 +13,13 @@ function get_others_drafts( $user_id ) { $user = get_userdata( $user_id ); $level_key = $wpdb->prefix . 'user_level'; if ( 1 < $user->user_level ) { - $editable = $wpdb->get_col("SELECT user_id FROM $wpdb->usermeta WHERE meta_key = '$level_key' AND meta_value <= '$user->user_level' AND user_id != $user_id"); - if( is_array( $editable ) == false ) + $editable = get_editable_user_ids( $user_id ); + + if( !$editable ) { $other_drafts = ''; - else { + } else { $editable = join(',', $editable); - $other_drafts = $wpdb->get_results("SELECT ID, post_title FROM $wpdb->posts WHERE post_status = 'draft' AND post_author IN ($editable) "); + $other_drafts = $wpdb->get_results("SELECT ID, post_title FROM $wpdb->posts WHERE post_status = 'draft' AND post_author IN ($editable) AND post_author != '$user_id' "); } } else { $other_drafts = false; @@ -26,4 +27,64 @@ function get_others_drafts( $user_id ) { return apply_filters('get_others_drafts', $other_drafts); } +function get_editable_authors( $user_id ) { + global $wpdb; + $user = get_userdata( $user_id ); + $level_key = $wpdb->prefix . 'user_level'; + + if ( 7 > $user->user_level ) // TODO: ROLE SYSTEM + return false; + + $editable = get_editable_user_ids( $user_id ); + + if( !$editable ) + return false; + else { + $editable = join(',', $editable); + $authors = $wpdb->get_results( "SELECT * FROM $wpdb->users WHERE ID IN ($editable)" ); + } + + return apply_filters('get_editable_authors', $authors); +} + +function get_editable_user_ids( $user_id, $exclude_zeros = true ) { + global $wpdb; + $user = get_userdata( $user_id ); + $level_key = $wpdb->prefix . 'user_level'; + + $query = "SELECT * FROM $wpdb->usermeta WHERE meta_key = '$level_key'"; + if ( $exclude_zeros ) + $query .= " AND meta_value != '0'"; + $possible = $wpdb->get_results( $query ); + + if ( !$possible ) + return false; + + $user_ids = array(); + foreach ( $possible as $mark ) + if ( intval($mark->meta_value) <= $user->user_level ) + $user_ids[] = $mark->user_id; + if ( empty( $user_ids ) ) + return false; + return $user_ids; +} + +function get_author_user_ids() { + global $wpdb; + $level_key = $wpdb->prefix . 'user_level'; + + $query = "SELECT user_id FROM $wpdb->usermeta WHERE meta_key = '$level_key' AND meta_value != '0'"; + + return $wpdb->get_col( $query ); +} + +function get_nonauthor_user_ids() { + global $wpdb; + $level_key = $wpdb->prefix . 'user_level'; + + $query = "SELECT user_id FROM $wpdb->usermeta WHERE meta_key = '$level_key' AND meta_value = '0'"; + + return $wpdb->get_col( $query ); +} + ?> \ No newline at end of file diff --git a/wp-admin/admin-functions.php b/wp-admin/admin-functions.php index 47c49b2fb..cb3fcff3e 100644 --- a/wp-admin/admin-functions.php +++ b/wp-admin/admin-functions.php @@ -437,8 +437,11 @@ function dropdown_categories($default = 0) { // Dandy new recursive multiple category stuff. function cat_rows($parent = 0, $level = 0, $categories = 0) { - global $wpdb, $class, $user_level; - if (!$categories) + global $wpdb, $class, $current_user; + + $user_level = $current_user->user_level; + + if ( !$categories ) $categories = $wpdb->get_results("SELECT * FROM $wpdb->categories ORDER BY cat_name"); if ($categories) { diff --git a/wp-admin/edit-form-advanced.php b/wp-admin/edit-form-advanced.php index a7970a635..577cf776e 100644 --- a/wp-admin/edit-form-advanced.php +++ b/wp-admin/edit-form-advanced.php @@ -104,13 +104,13 @@ window.onload = focusit; - 7 && $users = $wpdb->get_results("SELECT ID, user_login FROM $wpdb->users WHERE user_level <= $user_level AND user_level > 0") ) : ?> +ID ) ) : // TODO: ROLE SYSTEM ?>

:

- 7 && $users = $wpdb->get_results("SELECT ID, user_login FROM $wpdb->users WHERE user_level <= $user_level AND user_level > 0") ) : ?> +ID ) ) : // TODO: ROLE SYSTEM ?> : - - - - first_name ) ) : ?> - + + + + first_name ) ) : ?> + - last_name ) ) : ?> - + last_name ) ) : ?> + - first_name ) && !empty( $profiledata->last_name ) ) : ?> - - + first_name ) && !empty( $edituser->last_name ) ) : ?> + + diff --git a/wp-admin/users.php b/wp-admin/users.php index f745086a8..296c6a82b 100644 --- a/wp-admin/users.php +++ b/wp-admin/users.php @@ -1,24 +1,11 @@ get_var("SELECT user_login FROM $wpdb->users WHERE user_login = '$user_login'"); - if ($loginthere) + if ( username_exists( $user_login ) ) die (__('ERROR: This username is already registered, please choose another one.')); /* checking e-mail address */ - if (empty($_POST["email"])) { + if (empty($user_email)) { die (__("ERROR: please type an e-mail address")); return false; - } else if (!is_email($_POST["email"])) { + } else if (!is_email($user_email)) { die (__("ERROR: the email address isn't correct")); return false; } - $user_ID = $wpdb->get_var("SELECT ID FROM $wpdb->users ORDER BY ID DESC LIMIT 1") + 1; + $user_ID = create_user( $user_login, $pass1, $user_email, 0 ); - $user_nicename = sanitize_title($user_nickname, $user_ID); - $user_uri = preg_match('/^(https?|ftps?|mailto|news|gopher):/is', $user_uri) ? $user_uri : 'http://' . $user_uri; - $now = gmdate('Y-m-d H:i:s'); - $new_users_can_blog = get_settings('new_users_can_blog'); - - $result = $wpdb->query("INSERT INTO $wpdb->users - (user_login, user_pass, user_email, user_registered, user_level, user_nicename, user_url) - VALUES - ('$user_login', MD5('$pass1'), '$user_email', '$now', '$new_users_can_blog', '$user_nicename', '$user_uri')"); + update_usermeta( $user_ID, 'first_name', $user_firstname); + update_usermeta( $user_ID, 'last_name', $user_lastname); + update_usermeta( $user_ID, 'first_name', $user_firstname); - if ($result == false) - die (__('ERROR: Couldn’t register you!')); - $stars = ''; for ($i = 0; $i < strlen($pass1); $i = $i + 1) $stars .= '*'; @@ -96,24 +72,22 @@ case 'promote': header('Location: users.php'); } - $id = $_GET['id']; + $id = (int) $_GET['id']; $prom = $_GET['prom']; $user_data = get_userdata($id); + $usertopromote_level = $user_data->user_level; - if ($user_level <= $usertopromote_level) { + if ( $user_level <= $usertopromote_level ) die(__('Can’t change the level of a user whose level is higher than yours.')); - } if ('up' == $prom) { $new_level = $usertopromote_level + 1; - $sql="UPDATE $wpdb->users SET user_level=$new_level WHERE ID = $id AND $new_level < $user_level"; } elseif ('down' == $prom) { $new_level = $usertopromote_level - 1; - $sql="UPDATE $wpdb->users SET user_level=$new_level WHERE ID = $id AND $new_level < $user_level"; } - $result = $wpdb->query($sql); + update_usermeta( $id, $wpdb->prefix . 'user_level', $new_level); header('Location: users.php'); @@ -163,10 +137,11 @@ default:   get_results("SELECT ID FROM $wpdb->users WHERE user_level > 0 ORDER BY ID"); + $authors = + $users = get_author_user_ids(); $style = ''; foreach ($users as $user) { - $user_data = get_userdata($user->ID); + $user_data = get_userdata($user); $email = $user_data->user_email; $url = $user_data->user_url; $short_url = str_replace('http://', '', $url); @@ -176,7 +151,7 @@ default: if (strlen($short_url) > 35) $short_url = substr($short_url, 0, 32).'...'; $style = ('class="alternate"' == $style) ? '' : 'class="alternate"'; - $numposts = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->posts WHERE post_author = $user->ID and post_status = 'publish'"); + $numposts = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->posts WHERE post_author = '$user' and post_status = 'publish'"); if (0 < $numposts) $numposts = "$numposts"; echo " @@ -205,7 +180,7 @@ default:
get_results("SELECT * FROM $wpdb->users WHERE user_level = 0 ORDER BY ID"); +$users = get_nonauthor_user_ids(); if ($users) { ?>
@@ -224,7 +199,7 @@ if ($users) { ID); + $user_data = get_userdata($user); $email = $user_data->user_email; $url = $user_data->user_url; $short_url = str_replace('http://', '', $url); diff --git a/wp-includes/functions.php b/wp-includes/functions.php index 207b6b896..f4641019a 100644 --- a/wp-includes/functions.php +++ b/wp-includes/functions.php @@ -1225,13 +1225,19 @@ function update_category_cache() { function update_user_cache() { global $cache_userdata, $wpdb; - $query = apply_filters('user_cache_query', "SELECT * FROM $wpdb->users WHERE user_level > 0"); + $level_key = $wpdb->prefix . 'user_level'; + $user_ids = $wpdb->get_col("SELECT user_id FROM $wpdb->usermeta WHERE meta_key = '$level_key'"); + $user_ids = join(',', $user_ids); + $query = apply_filters('user_cache_query', "SELECT * FROM $wpdb->users WHERE ID IN ($user_ids)"); if ( $users = $wpdb->get_results( $query ) ) : foreach ($users as $user) : $metavalues = $wpdb->get_results("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = '$user->ID'"); - if ( is_array($metavalues) ) - foreach ( $metavalues as $meta ) - $user->{$meta->meta_key} = $meta->meta_value; + foreach ( $metavalues as $meta ) { + $user->{$meta->meta_key} = $meta->meta_value; + // We need to set user_level from meta, not row + if ( $wpdb->prefix . 'user_level' == $meta->meta_key ) + $user->user_level = $meta->meta_value; + } $cache_userdata[$user->ID] = $user; $cache_userdata[$user->user_login] =& $cache_userdata[$user->ID]; @@ -1955,7 +1961,8 @@ function nocache_headers() { function update_usermeta( $user_id, $meta_key, $meta_value ) { global $wpdb; - $user_id = (int) $user_id; + if ( !is_numeric( $user_id ) ) + return false; $meta_key = preg_replace('|a-z0-9_|i', '', $meta_key); $cur = $wpdb->get_row("SELECT * FROM $wpdb->usermeta WHERE user_id = '$user_id' AND meta_key = '$meta_key'"); if ( !$cur ) { diff --git a/wp-includes/pluggable-functions.php b/wp-includes/pluggable-functions.php index 8a76ff380..de2851c7e 100644 --- a/wp-includes/pluggable-functions.php +++ b/wp-includes/pluggable-functions.php @@ -6,7 +6,7 @@ if ( !function_exists('get_currentuserinfo') ) : function get_currentuserinfo() { - global $user_login, $userdata, $user_level, $user_ID, $user_email, $user_url, $user_pass_md5, $user_identity; + global $user_login, $userdata, $user_level, $user_ID, $user_email, $user_url, $user_pass_md5, $user_identity, $current_user; if ( !isset($_COOKIE['wordpressuser_' . COOKIEHASH])) return false; @@ -17,10 +17,9 @@ function get_currentuserinfo() { $user_ID = $userdata->ID; $user_email = $userdata->user_email; $user_url = $userdata->user_url; - $user_pass_md5 = md5($userdata->user_pass); - $user_identity = $userdata->display_name; + $current_user = $userdata; } endif; @@ -39,8 +38,12 @@ function get_userdata( $user_id ) { $metavalues = $wpdb->get_results("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = '$user_id'"); - foreach ( $metavalues as $meta ) + foreach ( $metavalues as $meta ) { $user->{$meta->meta_key} = $meta->meta_value; + // We need to set user_level from meta, not row + if ( $wpdb->prefix . 'user_level' == $meta->meta_key ) + $user->user_level = $meta->meta_value; + } $cache_userdata[$user_id] = $user; diff --git a/wp-includes/registration-functions.php b/wp-includes/registration-functions.php new file mode 100644 index 000000000..9299d0175 --- /dev/null +++ b/wp-includes/registration-functions.php @@ -0,0 +1,32 @@ +users WHERE user_login = '$username'"; + $query = apply_filters('username_exists', $query); + return $wpdb->get_var( $query ); +} + +function create_user( $username, $password, $email, $user_level ) { + global $wpdb; + $username = $wpdb->escape( $username ); + $email = $wpdb->escape( $email ); + $password = md5( $password ); + $user_nicename = sanitize_title( $username ); + $now = gmdate('Y-m-d H:i:s'); + + $query = "INSERT INTO $wpdb->users + (user_login, user_pass, user_email, user_registered, user_nicename, display_name) + VALUES + ('$username', '$password', '$email', '$now', '$user_nicename', '$username')"; + $query = apply_filters('create_user_query', $query); + $wpdb->query( $query ); + $user_id = $wpdb->insert_id; + + $user_level = (int) $user_level; + update_usermeta( $user_id, $wpdb->prefix . 'user_level', $user_level); + return $user_id; +} + +?> \ No newline at end of file diff --git a/wp-register.php b/wp-register.php index 3a2d69e5f..4a3e0d3ca 100644 --- a/wp-register.php +++ b/wp-register.php @@ -1,28 +1,14 @@ ERROR: The email address isn’t correct.')); } - if ( $result = $wpdb->get_row("SELECT user_login FROM $wpdb->users WHERE user_login = '$user_login'") ) + if ( username_exists( $user_login ) ) die (__('ERROR: This username is already registered, please choose another one.')); - $user_login = $wpdb->escape( sanitize_user($user_login) ) ); - $user_nicename = sanitize_title($user_nickname); - $now = gmdate('Y-m-d H:i:s'); $user_level = get_settings('new_users_can_blog'); $password = substr( md5( uniqid( microtime() ) ), 0, 7); - $result = $wpdb->query("INSERT INTO $wpdb->users - (user_login, user_pass, user_email, user_registered, user_level, user_nicename) - VALUES - ('$user_login', MD5('$password'), '$user_email', '$now', '$user_level', '$user_nicename')"); + $user_id = create_user( $user_login, $password, $user_email, $user_level ); - do_action('user_register', $wpdb->insert_id); + do_action('user_register', $user_id); - if ($result == false) { + if ( !$user_id ) { die (sprintf(__('ERROR: Couldn’t register you... please contact the webmaster !'), get_settings('admin_email'))); } @@ -171,4 +151,4 @@ default: break; } -?> +?> \ No newline at end of file