edit_user( int $user_id )

Edit user settings based on contents of $_POST

Contents

Description Description

Used on user-edit.php and profile.php to manage and process user options, passwords etc.

Parameters Parameters

$user_id

(int) (Optional) User ID.

Top ↑

Return Return

(int|WP_Error) user id of the updated user.

Top ↑

Source Source

File: wp-admin/includes/user.php

30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
function edit_user( $user_id = 0 ) {
    $wp_roles = wp_roles();
    $user     = new stdClass;
    $user_id  = (int) $user_id;
    if ( $user_id ) {
        $update           = true;
        $user->ID         = $user_id;
        $userdata         = get_userdata( $user_id );
        $user->user_login = wp_slash( $userdata->user_login );
    } else {
        $update = false;
    }
 
    if ( ! $update && isset( $_POST['user_login'] ) ) {
        $user->user_login = sanitize_user( $_POST['user_login'], true );
    }
 
    $pass1 = $pass2 = '';
    if ( isset( $_POST['pass1'] ) ) {
        $pass1 = $_POST['pass1'];
    }
    if ( isset( $_POST['pass2'] ) ) {
        $pass2 = $_POST['pass2'];
    }
 
    if ( isset( $_POST['role'] ) && current_user_can( 'promote_users' ) && ( ! $user_id || current_user_can( 'promote_user', $user_id ) ) ) {
        $new_role = sanitize_text_field( $_POST['role'] );
 
        // If the new role isn't editable by the logged-in user die with error.
        $editable_roles = get_editable_roles();
        if ( ! empty( $new_role ) && empty( $editable_roles[ $new_role ] ) ) {
            wp_die( __( 'Sorry, you are not allowed to give users that role.' ), 403 );
        }
 
        $potential_role = isset( $wp_roles->role_objects[ $new_role ] ) ? $wp_roles->role_objects[ $new_role ] : false;
 
        /*
         * Don't let anyone with 'promote_users' edit their own role to something without it.
         * Multisite super admins can freely edit their roles, they possess all caps.
         */
        if (
            ( is_multisite() && current_user_can( 'manage_network_users' ) ) ||
            $user_id !== get_current_user_id() ||
            ( $potential_role && $potential_role->has_cap( 'promote_users' ) )
        ) {
            $user->role = $new_role;
        }
    }
 
    if ( isset( $_POST['email'] ) ) {
        $user->user_email = sanitize_text_field( wp_unslash( $_POST['email'] ) );
    }
    if ( isset( $_POST['url'] ) ) {
        if ( empty( $_POST['url'] ) || $_POST['url'] == 'http://' ) {
            $user->user_url = '';
        } else {
            $user->user_url = esc_url_raw( $_POST['url'] );
            $protocols      = implode( '|', array_map( 'preg_quote', wp_allowed_protocols() ) );
            $user->user_url = preg_match( '/^(' . $protocols . '):/is', $user->user_url ) ? $user->user_url : 'http://' . $user->user_url;
        }
    }
    if ( isset( $_POST['first_name'] ) ) {
        $user->first_name = sanitize_text_field( $_POST['first_name'] );
    }
    if ( isset( $_POST['last_name'] ) ) {
        $user->last_name = sanitize_text_field( $_POST['last_name'] );
    }
    if ( isset( $_POST['nickname'] ) ) {
        $user->nickname = sanitize_text_field( $_POST['nickname'] );
    }
    if ( isset( $_POST['display_name'] ) ) {
        $user->display_name = sanitize_text_field( $_POST['display_name'] );
    }
 
    if ( isset( $_POST['description'] ) ) {
        $user->description = trim( $_POST['description'] );
    }
 
    foreach ( wp_get_user_contact_methods( $user ) as $method => $name ) {
        if ( isset( $_POST[ $method ] ) ) {
            $user->$method = sanitize_text_field( $_POST[ $method ] );
        }
    }
 
    if ( $update ) {
        $user->rich_editing         = isset( $_POST['rich_editing'] ) && 'false' === $_POST['rich_editing'] ? 'false' : 'true';
        $user->syntax_highlighting  = isset( $_POST['syntax_highlighting'] ) && 'false' === $_POST['syntax_highlighting'] ? 'false' : 'true';
        $user->admin_color          = isset( $_POST['admin_color'] ) ? sanitize_text_field( $_POST['admin_color'] ) : 'fresh';
        $user->show_admin_bar_front = isset( $_POST['admin_bar_front'] ) ? 'true' : 'false';
        $user->locale               = '';
 
        if ( isset( $_POST['locale'] ) ) {
            $locale = sanitize_text_field( $_POST['locale'] );
            if ( 'site-default' === $locale ) {
                $locale = '';
            } elseif ( '' === $locale ) {
                $locale = 'en_US';
            } elseif ( ! in_array( $locale, get_available_languages(), true ) ) {
                $locale = '';
            }
 
            $user->locale = $locale;
        }
    }
 
    $user->comment_shortcuts = isset( $_POST['comment_shortcuts'] ) && 'true' == $_POST['comment_shortcuts'] ? 'true' : '';
 
    $user->use_ssl = 0;
    if ( ! empty( $_POST['use_ssl'] ) ) {
        $user->use_ssl = 1;
    }
 
    $errors = new WP_Error();
 
    /* checking that username has been typed */
    if ( $user->user_login == '' ) {
        $errors->add( 'user_login', __( '<strong>ERROR</strong>: Please enter a username.' ) );
    }
 
    /* checking that nickname has been typed */
    if ( $update && empty( $user->nickname ) ) {
        $errors->add( 'nickname', __( '<strong>ERROR</strong>: Please enter a nickname.' ) );
    }
 
    /**
     * Fires before the password and confirm password fields are checked for congruity.
     *
     * @since 1.5.1
     *
     * @param string $user_login The username.
     * @param string $pass1     The password (passed by reference).
     * @param string $pass2     The confirmed password (passed by reference).
     */
    do_action_ref_array( 'check_passwords', array( $user->user_login, &$pass1, &$pass2 ) );
 
    // Check for blank password when adding a user.
    if ( ! $update && empty( $pass1 ) ) {
        $errors->add( 'pass', __( '<strong>ERROR</strong>: Please enter a password.' ), array( 'form-field' => 'pass1' ) );
    }
 
    // Check for "\" in password.
    if ( false !== strpos( wp_unslash( $pass1 ), '\\' ) ) {
        $errors->add( 'pass', __( '<strong>ERROR</strong>: Passwords may not contain the character "\\".' ), array( 'form-field' => 'pass1' ) );
    }
 
    // Checking the password has been typed twice the same.
    if ( ( $update || ! empty( $pass1 ) ) && $pass1 != $pass2 ) {
        $errors->add( 'pass', __( '<strong>ERROR</strong>: Please enter the same password in both password fields.' ), array( 'form-field' => 'pass1' ) );
    }
 
    if ( ! empty( $pass1 ) ) {
        $user->user_pass = $pass1;
    }
 
    if ( ! $update && isset( $_POST['user_login'] ) && ! validate_username( $_POST['user_login'] ) ) {
        $errors->add( 'user_login', __( '<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.' ) );
    }
 
    if ( ! $update && username_exists( $user->user_login ) ) {
        $errors->add( 'user_login', __( '<strong>ERROR</strong>: This username is already registered. Please choose another one.' ) );
    }
 
    /** This filter is documented in wp-includes/user.php */
    $illegal_logins = (array) apply_filters( 'illegal_user_logins', array() );
 
    if ( in_array( strtolower( $user->user_login ), array_map( 'strtolower', $illegal_logins ) ) ) {
        $errors->add( 'invalid_username', __( '<strong>ERROR</strong>: Sorry, that username is not allowed.' ) );
    }
 
    /* checking email address */
    if ( empty( $user->user_email ) ) {
        $errors->add( 'empty_email', __( '<strong>ERROR</strong>: Please enter an email address.' ), array( 'form-field' => 'email' ) );
    } elseif ( ! is_email( $user->user_email ) ) {
        $errors->add( 'invalid_email', __( '<strong>ERROR</strong>: The email address isn&#8217;t correct.' ), array( 'form-field' => 'email' ) );
    } elseif ( ( $owner_id = email_exists( $user->user_email ) ) && ( ! $update || ( $owner_id != $user->ID ) ) ) {
        $errors->add( 'email_exists', __( '<strong>ERROR</strong>: This email is already registered, please choose another one.' ), array( 'form-field' => 'email' ) );
    }
 
    /**
     * Fires before user profile update errors are returned.
     *
     * @since 2.8.0
     *
     * @param WP_Error $errors WP_Error object (passed by reference).
     * @param bool     $update  Whether this is a user update.
     * @param stdClass $user   User object (passed by reference).
     */
    do_action_ref_array( 'user_profile_update_errors', array( &$errors, $update, &$user ) );
 
    if ( $errors->has_errors() ) {
        return $errors;
    }
 
    if ( $update ) {
        $user_id = wp_update_user( $user );
    } else {
        $user_id = wp_insert_user( $user );
        $notify  = isset( $_POST['send_user_notification'] ) ? 'both' : 'admin';
 
        /**
         * Fires after a new user has been created.
         *
         * @since 4.4.0
         *
         * @param int    $user_id ID of the newly created user.
         * @param string $notify  Type of notification that should happen. See wp_send_new_user_notifications()
         *                        for more information on possible values.
         */
        do_action( 'edit_user_created_user', $user_id, $notify );
    }
    return $user_id;
}

Expand full source code Collapse full source code View on Trac

Top ↑

Changelog Changelog

Changelog
Version Description
2.0.0 Introduced.

Top ↑

Top ↑

Uses Uses

Uses
Uses Description
wp-includes/user.php: illegal_user_logins

Filters the list of blacklisted usernames.
wp-admin/includes/user.php: edit_user_created_user

Fires after a new user has been created.
wp-includes/capabilities.php: wp_roles()

Retrieves the global WP_Roles instance and instantiates it if necessary.
wp-admin/includes/user.php: get_editable_roles()

Fetch a filtered list of user roles that the current user is allowed to edit.
wp-admin/includes/user.php: check_passwords

Fires before the password and confirm password fields are checked for congruity.
wp-admin/includes/user.php: user_profile_update_errors

Fires before user profile update errors are returned.
wp-includes/capabilities.php: current_user_can()

Whether the current user has a specific capability.
wp-includes/l10n.php: get_available_languages()

Get all available languages based on the presence of *.mo files in a given directory.
wp-includes/l10n.php: __()

Retrieve the translation of $text.
wp-includes/formatting.php: wp_slash()

Add slashes to a string or array of strings.
wp-includes/formatting.php: sanitize_text_field()

Sanitizes a string from user input or from the database.
wp-includes/formatting.php: wp_unslash()

Remove slashes from a string or array of strings.
wp-includes/formatting.php: esc_url_raw()

Performs esc_url() for database usage.
wp-includes/formatting.php: is_email()

Verifies that an email is valid.
wp-includes/formatting.php: sanitize_user()

Sanitizes a username, stripping out unsafe characters.
wp-includes/pluggable.php: get_userdata()

Retrieve user info by user ID.
wp-includes/load.php: is_multisite()

If Multisite is enabled.
wp-includes/functions.php: wp_allowed_protocols()

Retrieve a list of protocols to allow in HTML attributes.
wp-includes/functions.php: wp_die()

Kill WordPress execution and display HTML message with error message.
wp-includes/plugin.php: do_action_ref_array()

Execute functions hooked on a specific action hook, specifying arguments in an array.
wp-includes/plugin.php: apply_filters()

Call the functions added to a filter hook.
wp-includes/plugin.php: do_action()

Execute functions hooked on a specific action hook.
wp-includes/user.php: wp_get_user_contact_methods()

Set up the user contact methods.
wp-includes/user.php: wp_update_user()

Update a user in the database.
wp-includes/user.php: validate_username()

Checks whether a username is valid.
wp-includes/user.php: username_exists()

Determines whether the given username exists.
wp-includes/user.php: email_exists()

Determines whether the given email exists.
wp-includes/user.php: wp_insert_user()

Insert a user into the database.
wp-includes/user.php: get_current_user_id()

Get the current user’s ID
wp-includes/class-wp-error.php: WP_Error::__construct()

Initialize the error.
Show 25 more uses Hide more uses

Top ↑

Used By Used By

Used By
Used By Description
wp-admin/includes/user.php: add_user()

Creates a new user from the “Users” form using $_POST information.
wp-admin/includes/ajax-actions.php: wp_ajax_add_user()

Ajax handler for adding a user.

Top ↑

User Contributed Notes User Contributed Notes

You must log in before being able to contribute a note or feedback.