From 25ae13667fbf632b9eb6a76f542e3b12ec2eea2a Mon Sep 17 00:00:00 2001 From: Stanislav Khromov Date: Fri, 4 Aug 2017 13:01:51 +0200 Subject: [PATCH 01/12] Bump version --- init.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/init.php b/init.php index cafae69..d6fb4d6 100644 --- a/init.php +++ b/init.php @@ -3,8 +3,8 @@ * Plugin Name: Disable Users * Plugin URI: http://wordpress.org/extend/disable-users * Description: This plugin provides the ability to disable specific user accounts. - * Version: 1.0.5 - * Author: Jared Atchison + * Version: 1.1.0 + * Author: Jared Atchison, khromov * Author URI: http://jaredatchison.com * * This program is free software; you can redistribute it and/or modify @@ -18,7 +18,7 @@ * GNU General Public License for more details. * * @author Jared Atchison - * @version 1.0.5 + * @version 1.1.0 * @package JA_DisableUsers * @copyright Copyright (c) 2015, Jared Atchison * @link http://jaredatchison.com From 77d52cf388aade490f863e3b4d224fff11a8ecd3 Mon Sep 17 00:00:00 2001 From: Stanislav Khromov Date: Fri, 4 Aug 2017 13:02:35 +0200 Subject: [PATCH 02/12] Add quick disable button in user column --- init.php | 90 ++++++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 81 insertions(+), 9 deletions(-) diff --git a/init.php b/init.php index d6fb4d6..3ceef6c 100644 --- a/init.php +++ b/init.php @@ -43,12 +43,53 @@ function __construct() { add_action( 'wp_login', array( $this, 'user_login' ), 10, 2 ); add_action( 'manage_users_custom_column', array( $this, 'manage_users_column_content' ), 10, 3 ); add_action( 'admin_footer-users.php', array( $this, 'manage_users_css' ) ); - + add_action( 'admin_post_ja_disable_user', array( $this, 'toggle_user' ) ); + add_action( 'admin_post_ja_enable_user', array( $this, 'toggle_user' ) ); + // Filters add_filter( 'login_message', array( $this, 'user_login_message' ) ); add_filter( 'manage_users_columns', array( $this, 'manage_users_columns' ) ); + add_filter( 'wpmu_users_columns', array( $this, 'manage_users_columns' ) ); + } + + /** + * Gets the capability associated with banning a user + * @return string + */ + function get_edit_cap() { + return is_multisite() ? 'manage_network_users' : 'edit_users'; } + /** + * Toggles the users disabled status + * + * @since 1.1.0 + */ + function toggle_user() { + $nonce_name = (isset($_GET['action']) && $_GET['action'] === 'ja_disable_user') ? 'ja_disable_user_' : 'ja_enable_user_'; + if(current_user_can($this->get_edit_cap()) && isset($_GET['ja_user_id']) && isset($_GET['ja_nonce']) && wp_verify_nonce($_GET['ja_nonce'], $nonce_name . $_GET['ja_user_id'])) { + + //Don't disable super admins + if(is_multisite() && is_super_admin((int)$_GET['ja_user_id'])) { + wp_die(__('Super admins can not be disabled.', 'ja_disable_users')); + } + + update_user_meta( (int)$_GET['ja_user_id'], 'ja_disable_user', ($nonce_name === 'ja_disable_user_' ? '1' : '0' ) ); + + //Redirect back + if(isset($_GET['ja_return_url'])) { + wp_safe_redirect($_GET['ja_return_url']); + exit; + } + else { + wp_die(__('The user has been updated.', 'ja_disable_users')); + } + } + else { + wp_die(__('You are not allowed to perform this action, or your nonce expired.', 'ja_disable_users')); + } + } + /** * Load the textdomain so we can support other languages * @@ -70,7 +111,7 @@ public function load_textdomain() { public function use_profile_field( $user ) { // Only show this option to users who can delete other users - if ( !current_user_can( 'edit_users' ) ) + if ( !current_user_can( $this->get_edit_cap() ) ) return; ?> @@ -81,7 +122,7 @@ public function use_profile_field( $user ) { @@ -104,7 +145,7 @@ public function user_profile_field_save( $user_id ) { if ( !isset( $_POST['ja_disable_user'] ) ) { $disabled = 0; } else { - $disabled = $_POST['ja_disable_user']; + $disabled = (int)$_POST['ja_disable_user']; } update_user_meta( $user_id, 'ja_disable_user', $disabled ); @@ -167,7 +208,7 @@ public function user_login_message( $message ) { */ public function manage_users_columns( $defaults ) { - $defaults['ja_user_disabled'] = __( 'Disabled', 'ja_disable_users' ); + $defaults['ja_user_disabled'] = __( 'User status', 'ja_disable_users' ); return $defaults; } @@ -183,9 +224,24 @@ public function manage_users_columns( $defaults ) { public function manage_users_column_content( $empty, $column_name, $user_ID ) { if ( $column_name == 'ja_user_disabled' ) { - if ( get_the_author_meta( 'ja_disable_user', $user_ID ) == 1 ) { - return __( 'Disabled', 'ja_disable_users' ); - } + + //Super admins can't be disabled + if(is_super_admin($user_ID)) { + return ''; + } + + $user_disabled = (get_the_author_meta( 'ja_disable_user', $user_ID ) == 1); + $nonce = $user_disabled ? wp_create_nonce( 'ja_enable_user_'. $user_ID ) : wp_create_nonce( 'ja_disable_user_'. $user_ID ); + $return_url = urlencode_deep((is_ssl() ? 'https' : 'http') . '://' . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]); + + if($user_disabled) { + $link_url = admin_url("admin-post.php?action=ja_enable_user&ja_user_id={$user_ID}&ja_nonce={$nonce}&ja_return_url={$return_url}&message=1"); + return '
'. __('Enable', 'ja_disable_users') .''; + } + else { + $link_url = admin_url("admin-post.php?action=ja_disable_user&ja_user_id={$user_ID}&ja_nonce={$nonce}&ja_return_url={$return_url}&message=1"); + return '
'. __('Disable', 'ja_disable_users') .''; + } } } @@ -195,7 +251,23 @@ public function manage_users_column_content( $empty, $column_name, $user_ID ) { * @since 1.0.3 */ public function manage_users_css() { - echo ''; + ?> + + Date: Fri, 4 Aug 2017 13:56:32 +0200 Subject: [PATCH 03/12] Don't allow super admins to be blocked --- init.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/init.php b/init.php index 3ceef6c..78988cd 100644 --- a/init.php +++ b/init.php @@ -138,8 +138,12 @@ public function use_profile_field( $user ) { */ public function user_profile_field_save( $user_id ) { + //Don't disable super admins + if( is_multisite() && is_super_admin( $user_id ) ) + return; + // Only worry about saving this field if the user has access - if ( !current_user_can( 'edit_users' ) ) + if ( !current_user_can( $this->get_edit_cap() ) ) return; if ( !isset( $_POST['ja_disable_user'] ) ) { From 25bbd4f60d9586c6bfa84c698a871a2f4e9405b0 Mon Sep 17 00:00:00 2001 From: Stanislav Khromov Date: Fri, 4 Aug 2017 14:06:55 +0200 Subject: [PATCH 04/12] Can't disable super admins --- init.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/init.php b/init.php index 78988cd..51f9668 100644 --- a/init.php +++ b/init.php @@ -110,6 +110,10 @@ public function load_textdomain() { */ public function use_profile_field( $user ) { + //Super admins can not be banned + if( is_multisite() && is_super_admin( $user->ID ) ) + return; + // Only show this option to users who can delete other users if ( !current_user_can( $this->get_edit_cap() ) ) return; From f166de90d449884a55202bcc22eec7a6faa83ff7 Mon Sep 17 00:00:00 2001 From: Stanislav Khromov Date: Fri, 4 Aug 2017 18:12:38 +0200 Subject: [PATCH 05/12] Translations, clean-up, new method of blocking users. --- init.php | 79 ++++++++++------------------ languages/ja_disable_users-sv_SE.mo | Bin 0 -> 1257 bytes languages/ja_disable_users-sv_SE.po | 52 ++++++++++++++++++ languages/ja_disable_users.pot | 40 ++++++++++---- 4 files changed, 110 insertions(+), 61 deletions(-) create mode 100644 languages/ja_disable_users-sv_SE.mo create mode 100644 languages/ja_disable_users-sv_SE.po diff --git a/init.php b/init.php index 51f9668..31d9c6b 100644 --- a/init.php +++ b/init.php @@ -3,7 +3,7 @@ * Plugin Name: Disable Users * Plugin URI: http://wordpress.org/extend/disable-users * Description: This plugin provides the ability to disable specific user accounts. - * Version: 1.1.0 + * Version: 2.0 * Author: Jared Atchison, khromov * Author URI: http://jaredatchison.com * @@ -18,7 +18,7 @@ * GNU General Public License for more details. * * @author Jared Atchison - * @version 1.1.0 + * @version 2.0 * @package JA_DisableUsers * @copyright Copyright (c) 2015, Jared Atchison * @link http://jaredatchison.com @@ -40,17 +40,17 @@ function __construct() { add_action( 'edit_user_profile', array( $this, 'use_profile_field' ) ); add_action( 'personal_options_update', array( $this, 'user_profile_field_save' ) ); add_action( 'edit_user_profile_update', array( $this, 'user_profile_field_save' ) ); - add_action( 'wp_login', array( $this, 'user_login' ), 10, 2 ); add_action( 'manage_users_custom_column', array( $this, 'manage_users_column_content' ), 10, 3 ); add_action( 'admin_footer-users.php', array( $this, 'manage_users_css' ) ); add_action( 'admin_post_ja_disable_user', array( $this, 'toggle_user' ) ); add_action( 'admin_post_ja_enable_user', array( $this, 'toggle_user' ) ); // Filters - add_filter( 'login_message', array( $this, 'user_login_message' ) ); add_filter( 'manage_users_columns', array( $this, 'manage_users_columns' ) ); add_filter( 'wpmu_users_columns', array( $this, 'manage_users_columns' ) ); - } + add_filter( 'authenticate', array( $this, 'user_login' ), 1000, 3 ); + + } /** * Gets the capability associated with banning a user @@ -122,7 +122,7 @@ public function use_profile_field( $user ) {
ID ) ); ?> /> - +
- + ID ) ); ?> /> @@ -159,52 +159,27 @@ public function user_profile_field_save( $user_id ) { update_user_meta( $user_id, 'ja_disable_user', $disabled ); } - /** - * After login check to see if user account is disabled - * - * @since 1.0.0 - * @param string $user_login - * @param object $user - */ - public function user_login( $user_login, $user = null ) { - - if ( !$user ) { - $user = get_user_by('login', $user_login); - } - if ( !$user ) { - // not logged in - definitely not disabled - return; - } - // Get user meta - $disabled = get_user_meta( $user->ID, 'ja_disable_user', true ); - - // Is the use logging in disabled? - if ( $disabled == '1' ) { - // Clear cookies, a.k.a log user out - wp_clear_auth_cookie(); - - // Build login URL and then redirect - $login_url = site_url( 'wp-login.php', 'login' ); - $login_url = add_query_arg( 'disabled', '1', $login_url ); - wp_redirect( $login_url ); - exit; - } - } - - /** - * Show a notice to users who try to login and are disabled - * - * @since 1.0.0 - * @param string $message - * @return string - */ - public function user_login_message( $message ) { - - // Show the error message if it seems to be a disabled user - if ( isset( $_GET['disabled'] ) && $_GET['disabled'] == 1 ) - $message = '
' . apply_filters( 'ja_disable_users_notice', __( 'Account disabled', 'ja_disable_users' ) ) . '
'; + /** + * @param $user + * @param $username + * @param $password + * + * @return mixed + */ + public function user_login( $user, $username, $password ) { + + //If this is a valid user, check if the user is disabled before logging in + if(is_a($user,'WP_User')) { + $disabled = get_user_meta( $user->ID, 'ja_disable_user', true ); + + // Is the use logging in disabled? + if ( $disabled == '1' ) { + return new WP_Error('ja_user_disabled',__('ERROR: Account disabled.', 'ja_disable_users')); + } + } - return $message; + //Pass on any existing errors + return $user; } /** @@ -254,7 +229,7 @@ public function manage_users_column_content( $empty, $column_name, $user_ID ) { } /** - * Specifiy the width of our custom column + * Add basic styles * * @since 1.0.3 */ diff --git a/languages/ja_disable_users-sv_SE.mo b/languages/ja_disable_users-sv_SE.mo new file mode 100644 index 0000000000000000000000000000000000000000..7bef0b867143d55b6a9d84eb383b2dbecd412f6c GIT binary patch literal 1257 zcmZvbO>YxP5Qdv2yMTcUf&(9iiuMA68O8}8)|h|-aZrR&ti&KVMV*<7J@L5P>h5vK zkvms@0dU~PUiP%&k{dsQD_7tb@b*j`dnH;bJzdjPZ`DlKd_6b!R$$d&S715pEbKp+ zU*BQZU_W3dV3&^xaUT2|{0nS=%isfW9()a60^fnB!O!4B@C)dlo&7_I+wlK6Ue){t zUWES>JPDqe6QT`X0DawU(D(HQ^z}Z14e%2Px$@bcpkKZ}zaS+}!TdX+oIq%~yuP?+ zozbdyzqPTkzH#s7p%>F~lITJ?N;50Bb529CQtc+BXO_(*Oth4b5^Fn@^f?)DdV^e_ zsqis-S)P;9j<%V66gf?~?qv!mu8+9PlB~*wVzU?_MW(|{SxTguBu@M2PIUXyLXs5~ zqf|QIV%d^)(iK*`)CEbyWxmXFy~n994D}sthLfr;)9MCkL;Jcgh*b#_zZzx6%XN(2 z<-`SRY4DtlMQBWiU!i<^TkEWMgGYv?mkCzTL`(}&{caF7g6J02@5GDs>(N3KAu!nB zappCCAGcV=wWW1I*GOe^>9mQd)|RSQ$Q}n>mcto8COfV@U3=P^_Erz0+9RzTD`@PG z(2V0(?&c_$nQG!?uX=|&w#Z9)!R^JVCct=~FraY9EN7D6U3TvIbFftETaT_)! zH7Z@Zw9uq#yL462{1Vl#HK+NTEKSnyKp}{r5!R08ceT}?onAFQc&}1v2KXG9yo2|K zG9?Et8~b+>Ye)N;Ey@37iRHs^u|A}fos%SU$423{$Ccv1>{}}x4fJs6r*@K$napqv zBpuEQrKF$tp2Wk$0WaqppAEen{A-Xpz@+o;Opi7c%QJGgJB)cb=g7g~W;Nw21^J`0 en!|r~@WF9ztICDjfw)BPiu(Qw;IIe655+GFW_8Q} literal 0 HcmV?d00001 diff --git a/languages/ja_disable_users-sv_SE.po b/languages/ja_disable_users-sv_SE.po new file mode 100644 index 0000000..3d424dd --- /dev/null +++ b/languages/ja_disable_users-sv_SE.po @@ -0,0 +1,52 @@ +msgid "" +msgstr "" +"Project-Id-Version: Disable Users\n" +"POT-Creation-Date: 2017-08-04 16:31+0200\n" +"PO-Revision-Date: 2017-08-04 16:33+0200\n" +"Last-Translator: \n" +"Language-Team: \n" +"Language: sv\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Poedit 2.0.3\n" +"X-Poedit-KeywordsList: __;_e;esc_html__;esc_html_e\n" +"X-Poedit-Basepath: .\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" +"X-Poedit-SearchPath-0: ..\n" + +#: ../init.php:74 +msgid "Super admins can not be disabled." +msgstr "Superadministratörer kan ej inaktiveras." + +#: ../init.php:85 +msgid "The user has been updated." +msgstr "Användaren har uppdaterats." + +#: ../init.php:89 +msgid "You are not allowed to perform this action, or your nonce expired." +msgstr "Du har inte tillåtelse att utföra den här åtgärden." + +#: ../init.php:125 +msgid "Disable User Account" +msgstr "Inaktivera användarkonto" + +#: ../init.php:129 +msgid "If checked, the user will not be able to login with this account." +msgstr "Om detta alternativ är ikryssat kommer användaren inte att kunna logga in." + +#: ../init.php:177 +msgid "ERROR: Account disabled." +msgstr "FEL: Användarkontot är inaktiverat" + +#: ../init.php:194 +msgid "User status" +msgstr "Status" + +#: ../init.php:222 +msgid "Enable" +msgstr "Aktivera" + +#: ../init.php:226 +msgid "Disable" +msgstr "Inaktivera" diff --git a/languages/ja_disable_users.pot b/languages/ja_disable_users.pot index 9092ca9..011be13 100644 --- a/languages/ja_disable_users.pot +++ b/languages/ja_disable_users.pot @@ -1,29 +1,51 @@ +#, fuzzy msgid "" msgstr "" "Project-Id-Version: Disable Users\n" -"POT-Creation-Date: 2015-10-08 22:43+0100\n" +"POT-Creation-Date: 2017-08-04 16:25+0200\n" "PO-Revision-Date: 2015-10-08 22:44+0100\n" "Language-Team: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" -"X-Generator: Poedit 1.5.4\n" +"X-Generator: Poedit 2.0.3\n" "X-Poedit-KeywordsList: __;_e;esc_html__;esc_html_e\n" "X-Poedit-Basepath: .\n" +"Last-Translator: \n" "X-Poedit-SearchPath-0: ..\n" -#: ../init.php:76 +#: ../init.php:74 +msgid "Super admins can not be disabled." +msgstr "" + +#: ../init.php:85 +msgid "The user has been updated." +msgstr "" + +#: ../init.php:89 +msgid "You are not allowed to perform this action, or your nonce expired." +msgstr "" + +#: ../init.php:125 msgid " Disable User Account" msgstr "" -#: ../init.php:80 -msgid "If checked, the user cannot login with this account." +#: ../init.php:129 +msgid "If checked, the user will not be able to login with this account." +msgstr "" + +#: ../init.php:177 +msgid "ERROR: Account disabled." +msgstr "" + +#: ../init.php:194 +msgid "User status" msgstr "" -#: ../init.php:152 -msgid "Account disabled" +#: ../init.php:222 +msgid "Enable" msgstr "" -#: ../init.php:166 ../init.php:183 -msgid "Disabled" +#: ../init.php:226 +msgid "Disable" msgstr "" From 269f84b53f525f7035e09ee4a3d654607be13bbe Mon Sep 17 00:00:00 2001 From: Stanislav Khromov Date: Mon, 7 Aug 2017 11:09:14 +0200 Subject: [PATCH 06/12] Improve enabled/disabled resilience --- init.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/init.php b/init.php index 31d9c6b..e88988f 100644 --- a/init.php +++ b/init.php @@ -74,7 +74,7 @@ function toggle_user() { wp_die(__('Super admins can not be disabled.', 'ja_disable_users')); } - update_user_meta( (int)$_GET['ja_user_id'], 'ja_disable_user', ($nonce_name === 'ja_disable_user_' ? '1' : '0' ) ); + update_user_meta( (int)$_GET['ja_user_id'], 'ja_disable_user', ($nonce_name === 'ja_disable_user_' ? true : false) ); //Redirect back if(isset($_GET['ja_return_url'])) { @@ -151,9 +151,9 @@ public function user_profile_field_save( $user_id ) { return; if ( !isset( $_POST['ja_disable_user'] ) ) { - $disabled = 0; + $disabled = false; } else { - $disabled = (int)$_POST['ja_disable_user']; + $disabled = (int)$_POST['ja_disable_user'] ? true : false; } update_user_meta( $user_id, 'ja_disable_user', $disabled ); @@ -173,7 +173,7 @@ public function user_login( $user, $username, $password ) { $disabled = get_user_meta( $user->ID, 'ja_disable_user', true ); // Is the use logging in disabled? - if ( $disabled == '1' ) { + if ( $disabled ) { return new WP_Error('ja_user_disabled',__('ERROR: Account disabled.', 'ja_disable_users')); } } @@ -213,7 +213,7 @@ public function manage_users_column_content( $empty, $column_name, $user_ID ) { return ''; } - $user_disabled = (get_the_author_meta( 'ja_disable_user', $user_ID ) == 1); + $user_disabled = get_the_author_meta( 'ja_disable_user', $user_ID ); $nonce = $user_disabled ? wp_create_nonce( 'ja_enable_user_'. $user_ID ) : wp_create_nonce( 'ja_disable_user_'. $user_ID ); $return_url = urlencode_deep((is_ssl() ? 'https' : 'http') . '://' . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]); From 6ceefa67a42e693668a3d95fb8f537f6bd4045d7 Mon Sep 17 00:00:00 2001 From: Stanislav Khromov Date: Mon, 7 Aug 2017 11:12:58 +0200 Subject: [PATCH 07/12] Apply WordPress coding standards --- init.php | 214 +++++++++++++++++++++++++++++-------------------------- 1 file changed, 113 insertions(+), 101 deletions(-) diff --git a/init.php b/init.php index e88988f..b1ab446 100644 --- a/init.php +++ b/init.php @@ -5,13 +5,13 @@ * Description: This plugin provides the ability to disable specific user accounts. * Version: 2.0 * Author: Jared Atchison, khromov - * Author URI: http://jaredatchison.com + * Author URI: http://jaredatchison.com * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. - * + * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the @@ -35,27 +35,27 @@ final class ja_disable_users { function __construct() { // Actions - add_action( 'init', array( $this, 'load_textdomain' ) ); - add_action( 'show_user_profile', array( $this, 'use_profile_field' ) ); - add_action( 'edit_user_profile', array( $this, 'use_profile_field' ) ); - add_action( 'personal_options_update', array( $this, 'user_profile_field_save' ) ); - add_action( 'edit_user_profile_update', array( $this, 'user_profile_field_save' ) ); + add_action( 'init', array( $this, 'load_textdomain' ) ); + add_action( 'show_user_profile', array( $this, 'use_profile_field' ) ); + add_action( 'edit_user_profile', array( $this, 'use_profile_field' ) ); + add_action( 'personal_options_update', array( $this, 'user_profile_field_save' ) ); + add_action( 'edit_user_profile_update', array( $this, 'user_profile_field_save' ) ); add_action( 'manage_users_custom_column', array( $this, 'manage_users_column_content' ), 10, 3 ); - add_action( 'admin_footer-users.php', array( $this, 'manage_users_css' ) ); - add_action( 'admin_post_ja_disable_user', array( $this, 'toggle_user' ) ); - add_action( 'admin_post_ja_enable_user', array( $this, 'toggle_user' ) ); + add_action( 'admin_footer-users.php', array( $this, 'manage_users_css' ) ); + add_action( 'admin_post_ja_disable_user', array( $this, 'toggle_user' ) ); + add_action( 'admin_post_ja_enable_user', array( $this, 'toggle_user' ) ); // Filters - add_filter( 'manage_users_columns', array( $this, 'manage_users_columns' ) ); - add_filter( 'wpmu_users_columns', array( $this, 'manage_users_columns' ) ); - add_filter( 'authenticate', array( $this, 'user_login' ), 1000, 3 ); + add_filter( 'manage_users_columns', array( $this, 'manage_users_columns' ) ); + add_filter( 'wpmu_users_columns', array( $this, 'manage_users_columns' ) ); + add_filter( 'authenticate', array( $this, 'user_login' ), 1000, 3 ); - } + } - /** - * Gets the capability associated with banning a user - * @return string - */ + /** + * Gets the capability associated with banning a user + * @return string + */ function get_edit_cap() { return is_multisite() ? 'manage_network_users' : 'edit_users'; } @@ -66,29 +66,27 @@ function get_edit_cap() { * @since 1.1.0 */ function toggle_user() { - $nonce_name = (isset($_GET['action']) && $_GET['action'] === 'ja_disable_user') ? 'ja_disable_user_' : 'ja_enable_user_'; - if(current_user_can($this->get_edit_cap()) && isset($_GET['ja_user_id']) && isset($_GET['ja_nonce']) && wp_verify_nonce($_GET['ja_nonce'], $nonce_name . $_GET['ja_user_id'])) { + $nonce_name = ( isset( $_GET['action'] ) && $_GET['action'] === 'ja_disable_user' ) ? 'ja_disable_user_' : 'ja_enable_user_'; + if ( current_user_can( $this->get_edit_cap() ) && isset( $_GET['ja_user_id'] ) && isset( $_GET['ja_nonce'] ) && wp_verify_nonce( $_GET['ja_nonce'], $nonce_name . $_GET['ja_user_id'] ) ) { //Don't disable super admins - if(is_multisite() && is_super_admin((int)$_GET['ja_user_id'])) { - wp_die(__('Super admins can not be disabled.', 'ja_disable_users')); + if ( is_multisite() && is_super_admin( (int) $_GET['ja_user_id'] ) ) { + wp_die( __( 'Super admins can not be disabled.', 'ja_disable_users' ) ); } - update_user_meta( (int)$_GET['ja_user_id'], 'ja_disable_user', ($nonce_name === 'ja_disable_user_' ? true : false) ); + update_user_meta( (int) $_GET['ja_user_id'], 'ja_disable_user', ( $nonce_name === 'ja_disable_user_' ? true : false ) ); //Redirect back - if(isset($_GET['ja_return_url'])) { - wp_safe_redirect($_GET['ja_return_url']); - exit; + if ( isset( $_GET['ja_return_url'] ) ) { + wp_safe_redirect( $_GET['ja_return_url'] ); + exit; + } else { + wp_die( __( 'The user has been updated.', 'ja_disable_users' ) ); } - else { - wp_die(__('The user has been updated.', 'ja_disable_users')); - } - } - else { - wp_die(__('You are not allowed to perform this action, or your nonce expired.', 'ja_disable_users')); + } else { + wp_die( __( 'You are not allowed to perform this action, or your nonce expired.', 'ja_disable_users' ) ); } - } + } /** * Load the textdomain so we can support other languages @@ -106,31 +104,35 @@ public function load_textdomain() { * Add the field to user profiles * * @since 1.0.0 + * * @param object $user */ public function use_profile_field( $user ) { //Super admins can not be banned - if( is_multisite() && is_super_admin( $user->ID ) ) + if ( is_multisite() && is_super_admin( $user->ID ) ) { return; + } // Only show this option to users who can delete other users - if ( !current_user_can( $this->get_edit_cap() ) ) + if ( ! current_user_can( $this->get_edit_cap() ) ) { return; + } ?> - - - - - - - -
- - - ID ) ); ?> /> - -
+ + + + + + + +
+ + + ID ) ); ?> /> + +
get_edit_cap() ) ) + if ( ! current_user_can( $this->get_edit_cap() ) ) { return; + } - if ( !isset( $_POST['ja_disable_user'] ) ) { + if ( ! isset( $_POST['ja_disable_user'] ) ) { $disabled = false; } else { - $disabled = (int)$_POST['ja_disable_user'] ? true : false; + $disabled = (int) $_POST['ja_disable_user'] ? true : false; } - + update_user_meta( $user_id, 'ja_disable_user', $disabled ); } - /** - * @param $user - * @param $username - * @param $password - * - * @return mixed - */ + /** + * @param $user + * @param $username + * @param $password + * + * @return mixed + */ public function user_login( $user, $username, $password ) { //If this is a valid user, check if the user is disabled before logging in - if(is_a($user,'WP_User')) { - $disabled = get_user_meta( $user->ID, 'ja_disable_user', true ); + if ( is_a( $user, 'WP_User' ) ) { + $disabled = get_user_meta( $user->ID, 'ja_disable_user', true ); - // Is the use logging in disabled? - if ( $disabled ) { - return new WP_Error('ja_user_disabled',__('ERROR: Account disabled.', 'ja_disable_users')); - } - } + // Is the use logging in disabled? + if ( $disabled ) { + return new WP_Error( 'ja_user_disabled', __( 'ERROR: Account disabled.', 'ja_disable_users' ) ); + } + } //Pass on any existing errors - return $user; + return $user; } /** * Add custom disabled column to users list * * @since 1.0.3 + * * @param array $defaults + * * @return array */ public function manage_users_columns( $defaults ) { $defaults['ja_user_disabled'] = __( 'User status', 'ja_disable_users' ); + return $defaults; } @@ -199,32 +207,35 @@ public function manage_users_columns( $defaults ) { * Set content of disabled users column * * @since 1.0.3 + * * @param empty $empty * @param string $column_name * @param int $user_ID + * * @return string */ public function manage_users_column_content( $empty, $column_name, $user_ID ) { if ( $column_name == 'ja_user_disabled' ) { - //Super admins can't be disabled - if(is_super_admin($user_ID)) { - return ''; - } - - $user_disabled = get_the_author_meta( 'ja_disable_user', $user_ID ); - $nonce = $user_disabled ? wp_create_nonce( 'ja_enable_user_'. $user_ID ) : wp_create_nonce( 'ja_disable_user_'. $user_ID ); - $return_url = urlencode_deep((is_ssl() ? 'https' : 'http') . '://' . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]); - - if($user_disabled) { - $link_url = admin_url("admin-post.php?action=ja_enable_user&ja_user_id={$user_ID}&ja_nonce={$nonce}&ja_return_url={$return_url}&message=1"); - return '
'. __('Enable', 'ja_disable_users') .''; - } - else { - $link_url = admin_url("admin-post.php?action=ja_disable_user&ja_user_id={$user_ID}&ja_nonce={$nonce}&ja_return_url={$return_url}&message=1"); - return '
'. __('Disable', 'ja_disable_users') .''; - } + //Super admins can't be disabled + if ( is_super_admin( $user_ID ) ) { + return ''; + } + + $user_disabled = get_the_author_meta( 'ja_disable_user', $user_ID ); + $nonce = $user_disabled ? wp_create_nonce( 'ja_enable_user_' . $user_ID ) : wp_create_nonce( 'ja_disable_user_' . $user_ID ); + $return_url = urlencode_deep( ( is_ssl() ? 'https' : 'http' ) . '://' . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"] ); + + if ( $user_disabled ) { + $link_url = admin_url( "admin-post.php?action=ja_enable_user&ja_user_id={$user_ID}&ja_nonce={$nonce}&ja_return_url={$return_url}&message=1" ); + + return '
' . __( 'Enable', 'ja_disable_users' ) . ''; + } else { + $link_url = admin_url( "admin-post.php?action=ja_disable_user&ja_user_id={$user_ID}&ja_nonce={$nonce}&ja_return_url={$return_url}&message=1" ); + + return '
' . __( 'Disable', 'ja_disable_users' ) . ''; + } } } @@ -232,25 +243,26 @@ public function manage_users_column_content( $empty, $column_name, $user_ID ) { * Add basic styles * * @since 1.0.3 - */ + */ public function manage_users_css() { ?> - + Date: Mon, 7 Aug 2017 12:44:36 +0200 Subject: [PATCH 08/12] Add changelog --- readme.txt | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/readme.txt b/readme.txt index 0954a4e..047cc2a 100644 --- a/readme.txt +++ b/readme.txt @@ -40,6 +40,14 @@ Yes, there is a filter in place for that, `ja_disable_users_notice`. == Changelog == += 2.0 = + +* Add multisite compatibility +* Add enable/disable links from user lists +* Use better hook for user login checking (supports XML-RPC) +* Add Swedish translation +* Reformat code to WordPress official code style + = 1.0.5 (11/11/2015) = * Added pl_PL transnation - Props Dominik Kocuj From e6f6cd0867b938a1ba13cfb02cb73c40300a8dbd Mon Sep 17 00:00:00 2001 From: Stanislav Khromov Date: Mon, 7 Aug 2017 12:52:18 +0200 Subject: [PATCH 09/12] Add composer.json --- composer.json | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 composer.json diff --git a/composer.json b/composer.json new file mode 100644 index 0000000..ac94ab8 --- /dev/null +++ b/composer.json @@ -0,0 +1,7 @@ +{ + "name" : "jaredatch/Disable-Users", + "type" : "wordpress-plugin", + "require" : { + "composer/installers": "~1.0" + } +} \ No newline at end of file From d2b03b308826bdae442ad9d88a5b60c98933d5b2 Mon Sep 17 00:00:00 2001 From: Stanislav Khromov Date: Tue, 8 Aug 2017 12:05:49 +0200 Subject: [PATCH 10/12] Fix column filter --- init.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/init.php b/init.php index b1ab446..a503a8a 100644 --- a/init.php +++ b/init.php @@ -237,6 +237,8 @@ public function manage_users_column_content( $empty, $column_name, $user_ID ) { return '
' . __( 'Disable', 'ja_disable_users' ) . ''; } } + + return $empty; } /** From 87399b4821b3a1452ab12e7ade4ed557e4a7ebdf Mon Sep 17 00:00:00 2001 From: Stanislav Khromov Date: Wed, 9 Aug 2017 10:31:13 +0200 Subject: [PATCH 11/12] Add ability to filter error messages --- init.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/init.php b/init.php index a503a8a..b7f526b 100644 --- a/init.php +++ b/init.php @@ -179,7 +179,7 @@ public function user_login( $user, $username, $password ) { // Is the use logging in disabled? if ( $disabled ) { - return new WP_Error( 'ja_user_disabled', __( 'ERROR: Account disabled.', 'ja_disable_users' ) ); + return new WP_Error( 'ja_user_disabled', apply_filters( 'js_user_disabled_message', __( 'ERROR: Account disabled.', 'ja_disable_users' ) ) ); } } From 6a9d935d57b7f11039918f176d6d2f949f6f05be Mon Sep 17 00:00:00 2001 From: Stanislav Khromov Date: Wed, 9 Aug 2017 10:33:58 +0200 Subject: [PATCH 12/12] Invalidate user sessions on deactivation --- init.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/init.php b/init.php index b7f526b..c11b0da 100644 --- a/init.php +++ b/init.php @@ -76,6 +76,10 @@ function toggle_user() { update_user_meta( (int) $_GET['ja_user_id'], 'ja_disable_user', ( $nonce_name === 'ja_disable_user_' ? true : false ) ); + //Log out user - https://wordpress.stackexchange.com/questions/184161/destroy-user-sessions-based-on-user-id + $sessions = WP_Session_Tokens::get_instance( (int) $_GET['ja_user_id'] ); + $sessions->destroy_all(); + //Redirect back if ( isset( $_GET['ja_return_url'] ) ) { wp_safe_redirect( $_GET['ja_return_url'] );