More user updates

git-svn-id: http://svn.automattic.com/wordpress/trunk@2632 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-admin/install.php

@@ -164,11 +164,11 @@
 $wpdb->query( "INSERT INTO $wpdb->post2cat (`rel_id`, `post_id`, `category_id`) VALUES (1, 1, 1)" );
 
 // Default comment
-$wpdb->query("INSERT INTO $wpdb->comments (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_author_IP, comment_date, comment_date_gmt, comment_content) VALUES ('1', '".addslashes(__('Mr WordPress'))."', '', 'http://wordpress.org', '127.0.0.1', '$now', '$now_gmt', '".addslashes(__('Hi, this is a comment.<br />To delete a comment, just log in, and view the posts\' comments, there you will have the option to edit or delete them.'))."')");
+$wpdb->query("INSERT INTO $wpdb->comments (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_date, comment_date_gmt, comment_content) VALUES ('1', '".addslashes(__('Mr WordPress'))."', '', 'http://wordpress.org', '$now', '$now_gmt', '".addslashes(__('Hi, this is a comment.<br />To delete a comment, just log in, and view the posts\' comments, there you will have the option to edit or delete them.'))."')");
 
 // Set up admin user
 $random_password = substr(md5(uniqid(microtime())), 0, 6);
-$wpdb->query("INSERT INTO $wpdb->users (ID, user_login, user_pass, user_nickname, user_email, user_level, user_idmode, user_registered) VALUES ( '1', 'admin', MD5('$random_password'), '".addslashes(__('Administrator'))."', '$admin_email', '10', 'nickname', NOW() )");
+$wpdb->query("INSERT INTO $wpdb->users (ID, user_login, user_pass, user_email, user_level, user_registered) VALUES ( '1', 'admin', MD5('$random_password'), '$admin_email', '10', NOW() )");
 
 $message_headers = 'From: ' . stripslashes($_POST['weblog_title']) . ' <wordpress@' . $_SERVER['SERVER_NAME'] . '>';
 $message = sprintf(__("Your new WordPress blog has been successfully set up at:

wp-admin/profile.php

@@ -84,7 +84,16 @@
 	$newuser_idmode = wp_specialchars($_POST['newuser_idmode']);
 	$user_description = $_POST['user_description'];
 
-	$result = $wpdb->query("UPDATE $wpdb->users SET user_firstname='$newuser_firstname', $updatepassword user_lastname='$newuser_lastname', user_nickname='$newuser_nickname', user_icq='$newuser_icq', user_email='$newuser_email', user_url='$newuser_url', user_aim='$newuser_aim', user_msn='$newuser_msn', user_yim='$newuser_yim', user_idmode='$newuser_idmode', user_description = '$user_description', user_nicename = '$newuser_nicename' WHERE ID = $user_ID");
+	$result = $wpdb->query("UPDATE $wpdb->users SET $updatepassword user_email='$newuser_email', user_url='$newuser_url', user_nicename = '$newuser_nicename' WHERE ID = $user_ID");
+
+	update_user_meta( $user_ID, 'first_name', $newuser_firstname );
+	update_user_meta( $user_ID, 'last_name', $newuser_lastname );
+	update_user_meta( $user_ID, 'nickname', $newuser_nickname );
+	update_user_meta( $user_ID, 'description', $user_description );
+	update_user_meta( $user_ID, 'icq', $newuser_icq );
+	update_user_meta( $user_ID, 'aim', $newuser_aim );
+	update_user_meta( $user_ID, 'msn', $newuser_msn );
+	update_user_meta( $user_ID, 'yim', $newuser_yim );
 
 	do_action('profile_update', $user_ID);
 

wp-admin/user-edit.php

@@ -66,7 +66,16 @@
 $new_idmode      = wp_specialchars($_POST['new_idmode']);
 $new_description = $_POST['new_description'];
 
-$result = $wpdb->query("UPDATE $wpdb->users SET user_login = '$new_user_login', user_firstname = '$new_firstname', $updatepassword user_lastname='$new_lastname', user_nickname='$new_nickname', user_icq='$new_icq', user_email='$new_email', user_url='$new_url', user_aim='$new_aim', user_msn='$new_msn', user_yim='$new_yim', user_idmode='$new_idmode', user_description = '$new_description', user_nicename = '$new_nicename' WHERE ID = $user_id");
+$result = $wpdb->query("UPDATE $wpdb->users SET user_login = '$new_user_login', $updatepassword user_email='$new_email', user_url='$new_url', user_nicename = '$new_nicename' WHERE ID = '$user_id'");
+
+update_user_meta( $user_ID, 'first_name', $new_firstname );
+update_user_meta( $user_ID, 'last_name', $new_lastname );
+update_user_meta( $user_ID, 'nickname', $new_nickname );
+update_user_meta( $user_ID, 'description', $new_description );
+update_user_meta( $user_ID, 'icq', $new_icq );
+update_user_meta( $user_ID, 'aim', $new_aim );
+update_user_meta( $user_ID, 'msn', $new_msn );
+update_user_meta( $user_ID, 'yim', $new_yim );
 
 header("Location: user-edit.php?user_id=$user_id&updated=true");
 

wp-admin/users.php

@@ -69,9 +69,9 @@
 	$new_users_can_blog = get_settings('new_users_can_blog');
 
 	$result = $wpdb->query("INSERT INTO $wpdb->users 
-		(user_login, user_pass, user_nickname, user_email, user_ip, user_domain, user_browser, user_registered, user_level, user_idmode, user_firstname, user_lastname, user_nicename, user_url)
+		(user_login, user_pass, user_email, user_registered, user_level, user_nicename, user_url)
 	VALUES 
-		('$user_login', MD5('$pass1'), '$user_nickname', '$user_email', '$user_ip', '$user_domain', '$user_browser', '$now', '$new_users_can_blog', 'nickname', '$user_firstname', '$user_lastname', '$user_nicename', '$user_uri')");
+		('$user_login', MD5('$pass1'), '$user_email', '$now', '$new_users_can_blog', '$user_nicename', '$user_uri')");
 
 	if ($result == false)
 		die (__('<strong>ERROR</strong>: Couldn&#8217;t register you!'));

wp-includes/functions-formatting.php

@@ -265,6 +265,10 @@ function remove_accents($string) {
 	return $string;
 }
 
+function sanitize_user( $username ) {
+	return preg_replace('|a-z0-9 _.-|i', '', $username);
+}
+
 function sanitize_title($title, $fallback_title = '') {
 	$title = strip_tags($title);
 	$title = apply_filters('sanitize_title', $title);

wp-includes/pluggable-functions.php

@@ -58,7 +58,7 @@ function get_userdata( $user_id ) {
 if ( !function_exists('get_userdatabylogin') ) :
 function get_userdatabylogin($user_login) {
 	global $cache_userdata, $wpdb;
-	$user_login = addslashes( $user_login );
+	$user_login = sanitize_user( $user_login );
 	if ( empty( $user_login ) )
 		return false;
 	if ( isset( $cache_userdata[$user_login] ) )

wp-includes/template-functions-author.php

@@ -156,10 +156,11 @@ function wp_list_authors($args = '') {
 function list_authors($optioncount = false, $exclude_admin = true, $show_fullname = false, $hide_empty = true, $feed = '', $feed_image = '') {
     global $wpdb;
 
-    $query = "SELECT ID, user_nickname, user_firstname, user_lastname, user_nicename from $wpdb->users " . ($exclude_admin ? "WHERE user_login <> 'admin' " : '') . "ORDER BY user_nickname";
+    $query = "SELECT ID, user_nicename from $wpdb->users " . ($exclude_admin ? "WHERE user_login <> 'admin' " : '') . "ORDER BY display_name";
     $authors = $wpdb->get_results($query);
 
     foreach($authors as $author) {
+		$author = get_userdata( $author->ID );
         $posts = get_usernumposts($author->ID);
         $name = $author->user_nickname;
 

wp-login.php

@@ -121,7 +121,7 @@ function focusit() {
 case 'resetpass' :
 
 	// Generate something random for a password... md5'ing current time with a rand salt
-	$key = $_GET['key'];
+	$key = preg_replace('/a-z0-9/i', '', $_GET['key']);
 	if ( empty($key) )
 		die( __('Sorry, that key does not appear to be valid.') );
 	$user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE user_activation_key = '$key'");

wp-register.php

@@ -26,13 +26,11 @@
 
 case 'register':
 
-	$user_login = $_POST['user_login'];
+	$user_login = sanitize_user( $_POST['user_login'] );
 	$user_email = $_POST['user_email'];
 
-	/* checking that username has been typed */
-	if ($user_login == '') {
+	if ( $user_login == '' )
 		die (__('<strong>ERROR</strong>: Please enter a username.'));
-	}
 
 	/* checking e-mail address */
 	if ($user_email == '') {
@@ -41,19 +39,16 @@
 		die (__('<strong>ERROR</strong>: The email address isn&#8217;t correct.'));
 	}
 
-	/* checking the username isn't already used by another user */
-	$result = $wpdb->get_results("SELECT user_login FROM $wpdb->users WHERE user_login = '$user_login'");
-    if (count($result) >= 1) {
+    if ( $result = $wpdb->get_row("SELECT user_login FROM $wpdb->users WHERE user_login = '$user_login'") )
 		die (__('<strong>ERROR</strong>: This username is already registered, please choose another one.'));
-	}
 
 	$user_ip = $_SERVER['REMOTE_ADDR'] ;
 
 	$user_browser = $wpdb->escape($_SERVER['HTTP_USER_AGENT']);
 
-	$user_login = $wpdb->escape( preg_replace('|a-z0-9 _.-|i', '', $user_login) );
+	$user_login = $wpdb->escape( sanitize_user($user_login) ) );
 	$user_nickname = $user_login;
-   $user_nicename = sanitize_title($user_nickname);
+	$user_nicename = sanitize_title($user_nickname);
 	$now = gmdate('Y-m-d H:i:s');
 	$user_level = get_settings('new_users_can_blog');
 	$password = substr( md5( uniqid( microtime() ) ), 0, 7);

wp-settings.php

@@ -52,6 +52,8 @@ function timer_start() {
 
 if ( defined('CUSTOM_USER_TABLE') )
 	$wpdb->users = CUSTOM_USER_TABLE;
+if ( defined('CUSTOM_USER_META_TABLE') )
+	$wpdb->usermeta = CUSTOM_USER_META_TABLE;
 
 // We're going to need to keep this around for a few months even though we're not using it internally