Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

More user updates

git-svn-id: http://svn.automattic.com/wordpress/trunk@2632 1a063a9b-81f0-0310-95a4-ce76da25c4cd
  • Loading branch information...
commit de9cc8b12caf95d233f749eaab9d7e6f18ebbef5 1 parent 0c17753
matt authored
View
4 wp-admin/install.php
@@ -164,11 +164,11 @@
$wpdb->query( "INSERT INTO $wpdb->post2cat (`rel_id`, `post_id`, `category_id`) VALUES (1, 1, 1)" );
// Default comment
-$wpdb->query("INSERT INTO $wpdb->comments (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_author_IP, comment_date, comment_date_gmt, comment_content) VALUES ('1', '".addslashes(__('Mr WordPress'))."', '', 'http://wordpress.org', '127.0.0.1', '$now', '$now_gmt', '".addslashes(__('Hi, this is a comment.<br />To delete a comment, just log in, and view the posts\' comments, there you will have the option to edit or delete them.'))."')");
+$wpdb->query("INSERT INTO $wpdb->comments (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_date, comment_date_gmt, comment_content) VALUES ('1', '".addslashes(__('Mr WordPress'))."', '', 'http://wordpress.org', '$now', '$now_gmt', '".addslashes(__('Hi, this is a comment.<br />To delete a comment, just log in, and view the posts\' comments, there you will have the option to edit or delete them.'))."')");
// Set up admin user
$random_password = substr(md5(uniqid(microtime())), 0, 6);
-$wpdb->query("INSERT INTO $wpdb->users (ID, user_login, user_pass, user_nickname, user_email, user_level, user_idmode, user_registered) VALUES ( '1', 'admin', MD5('$random_password'), '".addslashes(__('Administrator'))."', '$admin_email', '10', 'nickname', NOW() )");
+$wpdb->query("INSERT INTO $wpdb->users (ID, user_login, user_pass, user_email, user_level, user_registered) VALUES ( '1', 'admin', MD5('$random_password'), '$admin_email', '10', NOW() )");
$message_headers = 'From: ' . stripslashes($_POST['weblog_title']) . ' <wordpress@' . $_SERVER['SERVER_NAME'] . '>';
$message = sprintf(__("Your new WordPress blog has been successfully set up at:
View
11 wp-admin/profile.php
@@ -84,7 +84,16 @@
$newuser_idmode = wp_specialchars($_POST['newuser_idmode']);
$user_description = $_POST['user_description'];
- $result = $wpdb->query("UPDATE $wpdb->users SET user_firstname='$newuser_firstname', $updatepassword user_lastname='$newuser_lastname', user_nickname='$newuser_nickname', user_icq='$newuser_icq', user_email='$newuser_email', user_url='$newuser_url', user_aim='$newuser_aim', user_msn='$newuser_msn', user_yim='$newuser_yim', user_idmode='$newuser_idmode', user_description = '$user_description', user_nicename = '$newuser_nicename' WHERE ID = $user_ID");
+ $result = $wpdb->query("UPDATE $wpdb->users SET $updatepassword user_email='$newuser_email', user_url='$newuser_url', user_nicename = '$newuser_nicename' WHERE ID = $user_ID");
+
+ update_user_meta( $user_ID, 'first_name', $newuser_firstname );
+ update_user_meta( $user_ID, 'last_name', $newuser_lastname );
+ update_user_meta( $user_ID, 'nickname', $newuser_nickname );
+ update_user_meta( $user_ID, 'description', $user_description );
+ update_user_meta( $user_ID, 'icq', $newuser_icq );
+ update_user_meta( $user_ID, 'aim', $newuser_aim );
+ update_user_meta( $user_ID, 'msn', $newuser_msn );
+ update_user_meta( $user_ID, 'yim', $newuser_yim );
do_action('profile_update', $user_ID);
View
11 wp-admin/user-edit.php
@@ -66,7 +66,16 @@
$new_idmode = wp_specialchars($_POST['new_idmode']);
$new_description = $_POST['new_description'];
-$result = $wpdb->query("UPDATE $wpdb->users SET user_login = '$new_user_login', user_firstname = '$new_firstname', $updatepassword user_lastname='$new_lastname', user_nickname='$new_nickname', user_icq='$new_icq', user_email='$new_email', user_url='$new_url', user_aim='$new_aim', user_msn='$new_msn', user_yim='$new_yim', user_idmode='$new_idmode', user_description = '$new_description', user_nicename = '$new_nicename' WHERE ID = $user_id");
+$result = $wpdb->query("UPDATE $wpdb->users SET user_login = '$new_user_login', $updatepassword user_email='$new_email', user_url='$new_url', user_nicename = '$new_nicename' WHERE ID = '$user_id'");
+
+update_user_meta( $user_ID, 'first_name', $new_firstname );
+update_user_meta( $user_ID, 'last_name', $new_lastname );
+update_user_meta( $user_ID, 'nickname', $new_nickname );
+update_user_meta( $user_ID, 'description', $new_description );
+update_user_meta( $user_ID, 'icq', $new_icq );
+update_user_meta( $user_ID, 'aim', $new_aim );
+update_user_meta( $user_ID, 'msn', $new_msn );
+update_user_meta( $user_ID, 'yim', $new_yim );
header("Location: user-edit.php?user_id=$user_id&updated=true");
View
4 wp-admin/users.php
@@ -69,9 +69,9 @@
$new_users_can_blog = get_settings('new_users_can_blog');
$result = $wpdb->query("INSERT INTO $wpdb->users
- (user_login, user_pass, user_nickname, user_email, user_ip, user_domain, user_browser, user_registered, user_level, user_idmode, user_firstname, user_lastname, user_nicename, user_url)
+ (user_login, user_pass, user_email, user_registered, user_level, user_nicename, user_url)
VALUES
- ('$user_login', MD5('$pass1'), '$user_nickname', '$user_email', '$user_ip', '$user_domain', '$user_browser', '$now', '$new_users_can_blog', 'nickname', '$user_firstname', '$user_lastname', '$user_nicename', '$user_uri')");
+ ('$user_login', MD5('$pass1'), '$user_email', '$now', '$new_users_can_blog', '$user_nicename', '$user_uri')");
if ($result == false)
die (__('<strong>ERROR</strong>: Couldn&#8217;t register you!'));
View
4 wp-includes/functions-formatting.php
@@ -265,6 +265,10 @@ function remove_accents($string) {
return $string;
}
+function sanitize_user( $username ) {
+ return preg_replace('|a-z0-9 _.-|i', '', $username);
+}
+
function sanitize_title($title, $fallback_title = '') {
$title = strip_tags($title);
$title = apply_filters('sanitize_title', $title);
View
2  wp-includes/pluggable-functions.php
@@ -58,7 +58,7 @@ function get_userdata( $user_id ) {
if ( !function_exists('get_userdatabylogin') ) :
function get_userdatabylogin($user_login) {
global $cache_userdata, $wpdb;
- $user_login = addslashes( $user_login );
+ $user_login = sanitize_user( $user_login );
if ( empty( $user_login ) )
return false;
if ( isset( $cache_userdata[$user_login] ) )
View
3  wp-includes/template-functions-author.php
@@ -156,10 +156,11 @@ function wp_list_authors($args = '') {
function list_authors($optioncount = false, $exclude_admin = true, $show_fullname = false, $hide_empty = true, $feed = '', $feed_image = '') {
global $wpdb;
- $query = "SELECT ID, user_nickname, user_firstname, user_lastname, user_nicename from $wpdb->users " . ($exclude_admin ? "WHERE user_login <> 'admin' " : '') . "ORDER BY user_nickname";
+ $query = "SELECT ID, user_nicename from $wpdb->users " . ($exclude_admin ? "WHERE user_login <> 'admin' " : '') . "ORDER BY display_name";
$authors = $wpdb->get_results($query);
foreach($authors as $author) {
+ $author = get_userdata( $author->ID );
$posts = get_usernumposts($author->ID);
$name = $author->user_nickname;
View
2  wp-login.php
@@ -121,7 +121,7 @@ function focusit() {
case 'resetpass' :
// Generate something random for a password... md5'ing current time with a rand salt
- $key = $_GET['key'];
+ $key = preg_replace('/a-z0-9/i', '', $_GET['key']);
if ( empty($key) )
die( __('Sorry, that key does not appear to be valid.') );
$user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE user_activation_key = '$key'");
View
15 wp-register.php
@@ -26,13 +26,11 @@
case 'register':
- $user_login = $_POST['user_login'];
+ $user_login = sanitize_user( $_POST['user_login'] );
$user_email = $_POST['user_email'];
- /* checking that username has been typed */
- if ($user_login == '') {
+ if ( $user_login == '' )
die (__('<strong>ERROR</strong>: Please enter a username.'));
- }
/* checking e-mail address */
if ($user_email == '') {
@@ -41,19 +39,16 @@
die (__('<strong>ERROR</strong>: The email address isn&#8217;t correct.'));
}
- /* checking the username isn't already used by another user */
- $result = $wpdb->get_results("SELECT user_login FROM $wpdb->users WHERE user_login = '$user_login'");
- if (count($result) >= 1) {
+ if ( $result = $wpdb->get_row("SELECT user_login FROM $wpdb->users WHERE user_login = '$user_login'") )
die (__('<strong>ERROR</strong>: This username is already registered, please choose another one.'));
- }
$user_ip = $_SERVER['REMOTE_ADDR'] ;
$user_browser = $wpdb->escape($_SERVER['HTTP_USER_AGENT']);
- $user_login = $wpdb->escape( preg_replace('|a-z0-9 _.-|i', '', $user_login) );
+ $user_login = $wpdb->escape( sanitize_user($user_login) ) );
$user_nickname = $user_login;
- $user_nicename = sanitize_title($user_nickname);
+ $user_nicename = sanitize_title($user_nickname);
$now = gmdate('Y-m-d H:i:s');
$user_level = get_settings('new_users_can_blog');
$password = substr( md5( uniqid( microtime() ) ), 0, 7);
View
2  wp-settings.php
@@ -52,6 +52,8 @@ function timer_start() {
if ( defined('CUSTOM_USER_TABLE') )
$wpdb->users = CUSTOM_USER_TABLE;
+if ( defined('CUSTOM_USER_META_TABLE') )
+ $wpdb->usermeta = CUSTOM_USER_META_TABLE;
// We're going to need to keep this around for a few months even though we're not using it internally
Please sign in to comment.
Something went wrong with that request. Please try again.