Summery Summery
Edit user settings based on contents of $_POST
Syntax Syntax
Description Description
Used on user-edit.php and profile.php to manage and process user options, passwords etc.
Parameters Parameters
- $user_id
-
(Optional) User ID.
Return Return
(int|WP_Error) User ID of the updated user.
Source Source
File: wp-admin/includes/user.php
function edit_user( $user_id = 0 ) { $wp_roles = wp_roles(); $user = new stdClass; $user_id = (int) $user_id; if ( $user_id ) { $update = true; $user->ID = $user_id; $userdata = get_userdata( $user_id ); $user->user_login = wp_slash( $userdata->user_login ); } else { $update = false; } if ( ! $update && isset( $_POST['user_login'] ) ) { $user->user_login = sanitize_user( wp_unslash( $_POST['user_login'] ), true ); } $pass1 = ''; $pass2 = ''; if ( isset( $_POST['pass1'] ) ) { $pass1 = $_POST['pass1']; } if ( isset( $_POST['pass2'] ) ) { $pass2 = $_POST['pass2']; } if ( isset( $_POST['role'] ) && current_user_can( 'promote_users' ) && ( ! $user_id || current_user_can( 'promote_user', $user_id ) ) ) { $new_role = sanitize_text_field( $_POST['role'] ); // If the new role isn't editable by the logged-in user die with error. $editable_roles = get_editable_roles(); if ( ! empty( $new_role ) && empty( $editable_roles[ $new_role ] ) ) { wp_die( __( 'Sorry, you are not allowed to give users that role.' ), 403 ); } $potential_role = isset( $wp_roles->role_objects[ $new_role ] ) ? $wp_roles->role_objects[ $new_role ] : false; /* * Don't let anyone with 'promote_users' edit their own role to something without it. * Multisite super admins can freely edit their roles, they possess all caps. */ if ( ( is_multisite() && current_user_can( 'manage_network_users' ) ) || get_current_user_id() !== $user_id || ( $potential_role && $potential_role->has_cap( 'promote_users' ) ) ) { $user->role = $new_role; } } if ( isset( $_POST['email'] ) ) { $user->user_email = sanitize_text_field( wp_unslash( $_POST['email'] ) ); } if ( isset( $_POST['url'] ) ) { if ( empty( $_POST['url'] ) || 'http://' === $_POST['url'] ) { $user->user_url = ''; } else { $user->user_url = esc_url_raw( $_POST['url'] ); $protocols = implode( '|', array_map( 'preg_quote', wp_allowed_protocols() ) ); $user->user_url = preg_match( '/^(' . $protocols . '):/is', $user->user_url ) ? $user->user_url : 'http://' . $user->user_url; } } if ( isset( $_POST['first_name'] ) ) { $user->first_name = sanitize_text_field( $_POST['first_name'] ); } if ( isset( $_POST['last_name'] ) ) { $user->last_name = sanitize_text_field( $_POST['last_name'] ); } if ( isset( $_POST['nickname'] ) ) { $user->nickname = sanitize_text_field( $_POST['nickname'] ); } if ( isset( $_POST['display_name'] ) ) { $user->display_name = sanitize_text_field( $_POST['display_name'] ); } if ( isset( $_POST['description'] ) ) { $user->description = trim( $_POST['description'] ); } foreach ( wp_get_user_contact_methods( $user ) as $method => $name ) { if ( isset( $_POST[ $method ] ) ) { $user->$method = sanitize_text_field( $_POST[ $method ] ); } } if ( isset( $_POST['locale'] ) ) { $locale = sanitize_text_field( $_POST['locale'] ); if ( 'site-default' === $locale ) { $locale = ''; } elseif ( '' === $locale ) { $locale = 'en_US'; } elseif ( ! in_array( $locale, get_available_languages(), true ) ) { $locale = ''; } $user->locale = $locale; } if ( $update ) { $user->rich_editing = isset( $_POST['rich_editing'] ) && 'false' === $_POST['rich_editing'] ? 'false' : 'true'; $user->syntax_highlighting = isset( $_POST['syntax_highlighting'] ) && 'false' === $_POST['syntax_highlighting'] ? 'false' : 'true'; $user->admin_color = isset( $_POST['admin_color'] ) ? sanitize_text_field( $_POST['admin_color'] ) : 'fresh'; $user->show_admin_bar_front = isset( $_POST['admin_bar_front'] ) ? 'true' : 'false'; } $user->comment_shortcuts = isset( $_POST['comment_shortcuts'] ) && 'true' === $_POST['comment_shortcuts'] ? 'true' : ''; $user->use_ssl = 0; if ( ! empty( $_POST['use_ssl'] ) ) { $user->use_ssl = 1; } $errors = new WP_Error(); /* checking that username has been typed */ if ( '' === $user->user_login ) { $errors->add( 'user_login', __( '<strong>Error</strong>: Please enter a username.' ) ); } /* checking that nickname has been typed */ if ( $update && empty( $user->nickname ) ) { $errors->add( 'nickname', __( '<strong>Error</strong>: Please enter a nickname.' ) ); } /** * Fires before the password and confirm password fields are checked for congruity. * * @since 1.5.1 * * @param string $user_login The username. * @param string $pass1 The password (passed by reference). * @param string $pass2 The confirmed password (passed by reference). */ do_action_ref_array( 'check_passwords', array( $user->user_login, &$pass1, &$pass2 ) ); // Check for blank password when adding a user. if ( ! $update && empty( $pass1 ) ) { $errors->add( 'pass', __( '<strong>Error</strong>: Please enter a password.' ), array( 'form-field' => 'pass1' ) ); } // Check for "\" in password. if ( false !== strpos( wp_unslash( $pass1 ), '\\' ) ) { $errors->add( 'pass', __( '<strong>Error</strong>: Passwords may not contain the character "\\".' ), array( 'form-field' => 'pass1' ) ); } // Checking the password has been typed twice the same. if ( ( $update || ! empty( $pass1 ) ) && $pass1 != $pass2 ) { $errors->add( 'pass', __( '<strong>Error</strong>: Passwords don’t match. Please enter the same password in both password fields.' ), array( 'form-field' => 'pass1' ) ); } if ( ! empty( $pass1 ) ) { $user->user_pass = $pass1; } if ( ! $update && isset( $_POST['user_login'] ) && ! validate_username( $_POST['user_login'] ) ) { $errors->add( 'user_login', __( '<strong>Error</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.' ) ); } if ( ! $update && username_exists( $user->user_login ) ) { $errors->add( 'user_login', __( '<strong>Error</strong>: This username is already registered. Please choose another one.' ) ); } /** This filter is documented in wp-includes/user.php */ $illegal_logins = (array) apply_filters( 'illegal_user_logins', array() ); if ( in_array( strtolower( $user->user_login ), array_map( 'strtolower', $illegal_logins ), true ) ) { $errors->add( 'invalid_username', __( '<strong>Error</strong>: Sorry, that username is not allowed.' ) ); } /* checking email address */ if ( empty( $user->user_email ) ) { $errors->add( 'empty_email', __( '<strong>Error</strong>: Please enter an email address.' ), array( 'form-field' => 'email' ) ); } elseif ( ! is_email( $user->user_email ) ) { $errors->add( 'invalid_email', __( '<strong>Error</strong>: The email address isn’t correct.' ), array( 'form-field' => 'email' ) ); } else { $owner_id = email_exists( $user->user_email ); if ( $owner_id && ( ! $update || ( $owner_id != $user->ID ) ) ) { $errors->add( 'email_exists', __( '<strong>Error</strong>: This email is already registered. Please choose another one.' ), array( 'form-field' => 'email' ) ); } } /** * Fires before user profile update errors are returned. * * @since 2.8.0 * * @param WP_Error $errors WP_Error object (passed by reference). * @param bool $update Whether this is a user update. * @param stdClass $user User object (passed by reference). */ do_action_ref_array( 'user_profile_update_errors', array( &$errors, $update, &$user ) ); if ( $errors->has_errors() ) { return $errors; } if ( $update ) { $user_id = wp_update_user( $user ); } else { $user_id = wp_insert_user( $user ); $notify = isset( $_POST['send_user_notification'] ) ? 'both' : 'admin'; /** * Fires after a new user has been created. * * @since 4.4.0 * * @param int $user_id ID of the newly created user. * @param string $notify Type of notification that should happen. See wp_send_new_user_notifications() * for more information on possible values. */ do_action( 'edit_user_created_user', $user_id, $notify ); } return $user_id; }
Advertisement
Changelog Changelog
Version | Description |
---|---|
2.0.0 | Introduced. |