WordPress.org

Plugin Directory

Changeset 435863


Ignore:
Timestamp:
09/09/11 19:37:52 (3 years ago)
Author:
MrWiblog
Message:

Version 1.4 (2011/09/09)

Most of the development work for this version was done by Adam Dunson of http://www.cloudspace.com

  • Tightened security
  • Made the plugin run from the Network Users admin area
  • Made the search boxes more consistent across every page
  • Shows all users and blogs by default (pagination will be done for a future release)
  • Now shows custom roles, not just the standard roles
Location:
simple-user-admin/trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • simple-user-admin/trunk/readme.txt

    r312704 r435863  
    44Tags: wordpress mu, buddypress, user, blog, administration, management, simple, easy 
    55Requires at least: 3.0 
    6 Tested up to: 3.1 
    7 Stable tag: 1.3 
     6Tested up to: 3.3 
     7Stable tag: 1.4 
    88 
    99Simple user admin is a WordPress MultiSite plugin that gives site administrators a simpler interface to manage blogs and users. 
     
    1515The plugin also makes use of the __() function to allow for easy translation. 
    1616 
    17 Many thanks to Joost from http://yoast.com/ for fixing the plugin to work with MultiSite. 
     17Many thanks to Joost from http://yoast.com/ for fixing the plugin to work with MultiSite. Also thanks to Adam Dunson of http://www.cloudspace.com for lots of development work. 
    1818 
    1919== Installation == 
     
    3434== Changelog == 
    3535 
     36=== 1.4 (2011/09/09) === 
     37 
     38Most of the development work for this version was done by Adam Dunson of http://www.cloudspace.com 
     39 
     40- Tightened security 
     41- Made the plugin run from the Network Users admin area 
     42- Made the search boxes more consistent across every page 
     43- Shows all users and blogs by default (pagination will be done for a future release) 
     44- Now shows custom roles, not just the standard roles 
     45 
    3646=== 1.3 (2010/11/17) === 
    3747 
    38 Implemented fix for WordPress MultiSite 
     48- Implemented fix for WordPress MultiSite (thanks to Joost from http://yoast.com/) 
    3949 
    4050=== 1.2 === 
    4151 
    42 Fixed bug in blog search 
     52- Fixed bug in blog search 
    4353 
    4454=== 1.1 === 
    4555 
    46 Updated plugin URI 
     56- Updated plugin URI 
    4757 
    4858=== 1.0 === 
  • simple-user-admin/trunk/simple_user_management.php

    r312699 r435863  
    33Plugin Name: Simple User Management 
    44Description: Allows site administrators to eaily manage which blogs belong to which users, and which users to which blogs. 
    5 Version: 1.3 
     5Version: 1.4 
    66Author: Chris Taylor 
    77Author URI: http://www.stillbreathing.co.uk 
    88Plugin URI: http://www.stillbreathing.co.uk/wordpress/simple-user-admin/ 
    9 Date: 2010-11-17 
     9Date: 2011-09-09 
    1010*/ 
    1111 
    1212// when the admin menu is built 
    13 add_action('admin_menu', 'simple_user_management_add_admin'); 
    14 add_action('admin_head', 'simple_user_management_show_css'); 
    15  
    16 // add the admin menu button 
     13add_action('network_admin_menu', 'simple_user_management_add_admin'); 
     14add_action('network_admin_head', 'simple_user_management_show_css'); 
     15 
     16// security check 
     17add_action('init', 'simple_user_management_security_check'); 
     18 
     19define('SIMPLE_USER_MANAGEMENT_PARENT_SLUG', 'users.php'); 
     20 
     21// add the admin menu button (based on the SIMPLE_USER_MANAGEMENT_PARENT_SLUG constant, currently underneath the Users menu) 
    1722function simple_user_management_add_admin() { 
    18     add_submenu_page('ms-admin.php', 'Simple User Admin', 'Simple User Admin', 10, 'simple_user_management', 'simple_user_management'); 
     23    add_submenu_page(SIMPLE_USER_MANAGEMENT_PARENT_SLUG, 'Simple User Management', 'Simple User Management', 10, 'simple_user_management', 'simple_user_management'); 
     24} 
     25 
     26// security check 
     27function simple_user_management_security_check() { 
     28    // only do security check for this plugin 
     29    if ( isset( $_GET["page"] ) && $_GET["page"] == "simple_user_management" ) { 
     30     
     31        // check when posting a form 
     32        if ( isset( $_POST ) && count( $_POST ) > 0 ) { 
     33            if (! wp_verify_nonce( $_POST["_wpnonce"], 'simple_user_management') ) wp_die('Your request failed the security check'); 
     34        } 
     35         
     36        // check when loading a blog or user         
     37        if ( ( !isset( $_POST ) || count( $_POST ) == 0 ) && ( isset( $_GET["user"] ) || isset( $_GET["blog"] ) ) ) { 
     38            if (! wp_verify_nonce( $_GET["_wpnonce"] ) ) wp_die('Your request failed the security check'); 
     39        } 
     40    } 
    1941} 
    2042 
     
    3658function simple_user_management() 
    3759{ 
    38  
    3960    echo '<div class="wrap"> 
    40     <h2>' . __("Simple user management") . '</h2>'; 
     61    <h2>' . __("Simple User Management") . '</h2>'; 
     62 
     63    simple_user_management_show_search_forms(); 
     64    echo '<br style="clear:both;" />'; 
     65     
    4166    // if no action is being performed 
    4267    if (@$_POST["userquery"] != "" && @$_GET["user"] == "" && @$_GET["blog"] == "") 
     
    5176            // show the table of users 
    5277            simple_user_management_show_user_table($results); 
    53              
    5478        } else { 
    5579            echo ' 
    5680            <p>' . __("No results found. Please search again.") . '</p> 
    5781            '; 
    58              
    59             // show the search forms 
    60             simple_user_management_show_search_forms(); 
    61         } 
    62     } 
     82        } 
     83    } 
     84 
    6385    // if searching blogs 
    6486    if (@$_POST["blogquery"] != "" && @$_GET["user"] == "" && @$_GET["blog"] == "") 
     
    7395            // show the table of blogs 
    7496            simple_user_management_show_blog_table($results); 
    75              
    7697        } else { 
    77          
    7898            echo ' 
    7999            <p>' . __("No blogs found for your search. Please search again.") . '</p> 
    80100            '; 
    81              
    82             // show the search forms 
    83             simple_user_management_show_search_forms(); 
    84         } 
    85     } 
     101        } 
     102    } 
     103 
    86104    // if managing a user 
    87105    if (@$_GET["user"] != "") 
     
    164182             
    165183    } 
     184 
    166185    // if managing a blog 
    167186    if (@$_GET["blog"] != "") 
     
    207226        if ($users = get_users_of_blog((int)$_GET["blog"])) 
    208227        { 
    209             // echo '<pre>'.print_r($users,1).'</pre>'; 
    210228            // show the table of blog users 
    211229            simple_user_management_show_blog_users_table($_GET["blog"], $users); 
     
    247265    } 
    248266 
     267    // if nuffin (the default) 
    249268    if (@$_POST["userquery"] == "" && @$_POST["blogquery"] == "" && @$_GET["user"] == "" && @$_GET["blog"] == "") 
    250269    { 
    251         // 
    252     } else { 
    253         // if searching users    
    254         echo '<h3>'.__('Edit another user or blog').'</h3>'; 
    255     } 
    256      
    257     simple_user_management_show_search_forms(); 
     270        // display a table with all users 
     271        echo '<h3>' . __("All Users") . '</h3>'; 
     272        $results = simple_user_management_search_users($_POST["userquery"]); 
     273        simple_user_management_show_user_table($results); 
     274 
     275        // display a table with all blogs 
     276        echo '<h3>' . __("All Blogs") . '</h3>'; 
     277        $results = simple_user_management_search_blogs($_POST["blogquery"]); 
     278        simple_user_management_show_blog_table($results); 
     279    } 
    258280     
    259281    echo '</div>'; 
     
    287309{ 
    288310    global $wpdb; 
    289     $capabilities = $user->{$wpdb->base_prefix . $blogid . '_capabilities'}; 
    290     if (!$capabilities || !is_array($capabilities)) $capabilities = array(); 
    291      
     311 
     312    // try the main blog for blog id 1 
     313    if ($blogid == 1) { 
     314        $capabilities = $user->{$wpdb->base_prefix . 'capabilities'}; 
     315    } else { 
     316        $capabilities = $user->{$wpdb->base_prefix . $blogid . '_capabilities'}; 
     317    } 
     318 
     319    if (!$capabilities || !is_array($capabilities)) { 
     320        $capabilities = $user->{$wpdb->base_prefix . $blogid . '_capabilities'}; 
     321    } 
     322 
     323    // if it still isn't, just make it an array to avoid errors 
     324    if (!$capabilities || !is_array($capabilities)) { 
     325        $capabilities = array(); 
     326    } 
     327 
    292328    if ( !isset( $wp_roles ) ) 
    293329        $wp_roles = new WP_Roles(); 
     
    343379{ 
    344380    echo ' 
    345     <form action="ms-admin.php?page=simple_user_management&amp;user=' . $_GET["user"] . '" method="post"> 
     381    <form action="' . wp_nonce_url( SIMPLE_USER_MANAGEMENT_PARENT_SLUG . '?page=simple_user_management&amp;user=' . $_GET["user"] ) . '" method="post"> 
    346382    <fieldset> 
    347383    <p><label for="blog">Choose blog:</label> 
     
    361397    </select> 
    362398    </p> 
    363     <p><button type="submit" name="saveuserroles" class="button">' . __("Add user to blog") . '</button></p> 
     399    <p><button type="submit" name="saveuserroles" class="button">' . __("Add user to blog") . '</button> 
     400    ' . wp_nonce_field( 'simple_user_management' ) . '</p> 
    364401    </fieldset> 
    365402    </form> 
     
    371408{ 
    372409    echo ' 
    373     <form action="ms-admin.php?page=simple_user_management&amp;blog=' . $_GET["blog"] . '" method="post"> 
     410    <form action="' . wp_nonce_url( SIMPLE_USER_MANAGEMENT_PARENT_SLUG . '?page=simple_user_management&amp;blog=' . $_GET["blog"] ) . '" method="post"> 
    374411    <fieldset> 
    375412    <p><label for="user">Choose user:</label> 
     
    389426    </select> 
    390427    </p> 
    391     <p><button type="submit" name="saveuserroles" class="button">' . __("Add user to blog") . '</button></p> 
     428    <p><button type="submit" name="saveuserroles" class="button">' . __("Add user to blog") . '</button> 
     429    ' . wp_nonce_field( 'simple_user_management' ) . '</p> 
    392430    </fieldset> 
    393431    </form> 
     
    399437{ 
    400438    echo ' 
    401     <form action="ms-admin.php?page=simple_user_management&amp;user=' . $_GET["user"] . '" method="post"> 
     439    <form action="' . wp_nonce_url( SIMPLE_USER_MANAGEMENT_PARENT_SLUG . '?page=simple_user_management&amp;user=' . $_GET["user"] ) . '" method="post"> 
    402440    <table class="widefat" cellspacing="0"> 
    403441    <thead> 
     
    418456        echo ' 
    419457        <tr> 
    420             <td><a href="ms-admin.php?page=simple_user_management&amp;blog=' . $blog->userblog_id . '">' . $blog->userblog_id . '</a></td> 
    421             <td><a href="ms-admin.php?page=simple_user_management&amp;blog=' . $blog->userblog_id . '">' . stripslashes($blog->blogname ) . '</a></td> 
    422             <td><a href="ms-admin.php?page=simple_user_management&amp;blog=' . $blog->userblog_id . '">' . $blog->domain . '</a></td> 
    423             <td><a href="ms-admin.php?page=simple_user_management&amp;blog=' . $blog->userblog_id . '">' . $blog->path . '</a></td> 
     458            <td><a href="' . wp_nonce_url( SIMPLE_USER_MANAGEMENT_PARENT_SLUG . '?page=simple_user_management&amp;blog=' . $blog->userblog_id ) . '">' . $blog->userblog_id . '</a></td> 
     459            <td><a href="' . wp_nonce_url( SIMPLE_USER_MANAGEMENT_PARENT_SLUG . '?page=simple_user_management&amp;blog=' . $blog->userblog_id ) . '">' . stripslashes($blog->blogname ) . '</a></td> 
     460            <td><a href="' . wp_nonce_url( SIMPLE_USER_MANAGEMENT_PARENT_SLUG . '?page=simple_user_management&amp;blog=' . $blog->userblog_id ) . '">' . $blog->domain . '</a></td> 
     461            <td><a href="' . wp_nonce_url( SIMPLE_USER_MANAGEMENT_PARENT_SLUG . '?page=simple_user_management&amp;blog=' . $blog->userblog_id ) . '">' . $blog->path . '</a></td> 
    424462            <td> 
    425463            <select name="role_' . $blog->userblog_id . '">' . simple_user_management_get_user_role($user, $blog->userblog_id, $blog->userblog_id) . '</select> 
     
    432470    </table> 
    433471    <p><button type="submit" name="saveuserroles" class="button">' . __("Save user roles") . '</button> 
    434     <input type="hidden" name="blogids" value="' . trim($blogids, ",") . '" /></p> 
     472    <input type="hidden" name="blogids" value="' . trim($blogids, ",") . '" /> 
     473    ' . wp_nonce_field( 'simple_user_management' ) . '</p> 
    435474    </form> 
    436475    '; 
     
    441480{ 
    442481    echo ' 
    443     <form action="ms-admin.php?page=simple_user_management&amp;blog=' . $_GET["blog"] . '" method="post"> 
     482    <form action="' . wp_nonce_url( SIMPLE_USER_MANAGEMENT_PARENT_SLUG . '?page=simple_user_management&amp;blog=' . $_GET["blog"] ) . '" method="post"> 
    444483    <table class="widefat" cellspacing="0"> 
    445484    <thead> 
     
    461500        echo ' 
    462501        <tr> 
    463             <td><a href="ms-admin.php?page=simple_user_management&amp;user=' . $user->ID . '">' . $user->ID . '</a></td> 
    464             <td><a href="ms-admin.php?page=simple_user_management&amp;user=' . $user->ID . '">' . stripslashes($user->user_login ) . '</a></td> 
    465             <td><a href="ms-admin.php?page=simple_user_management&amp;user=' . $user->ID . '">' . stripslashes( $user->display_name ) . '</a></td> 
    466             <td><a href="ms-admin.php?page=simple_user_management&amp;user=' . $user->ID . '">' . $user->user_email . '</a></td> 
     502            <td><a href="' . wp_nonce_url( SIMPLE_USER_MANAGEMENT_PARENT_SLUG . '?page=simple_user_management&amp;user=' . $user->ID ) . '">' . $user->ID . '</a></td> 
     503            <td><a href="' . wp_nonce_url( SIMPLE_USER_MANAGEMENT_PARENT_SLUG.'?page=simple_user_management&amp;user=' . $user->ID ) . '">' . stripslashes($user->user_login ) . '</a></td> 
     504            <td><a href="' . wp_nonce_url( SIMPLE_USER_MANAGEMENT_PARENT_SLUG . '?page=simple_user_management&amp;user=' . $user->ID ) . '">' . stripslashes( $user->display_name ) . '</a></td> 
     505            <td><a href="' . wp_nonce_url( SIMPLE_USER_MANAGEMENT_PARENT_SLUG.'?page=simple_user_management&amp;user=' . $user->ID ) . '">' . $user->user_email . '</a></td> 
    467506            <td> 
    468507            <select name="role_' . $user->ID . '">' . simple_user_management_get_user_role($user, (int)$_GET["blog"], $user->ID) . '</select> 
     
    475514    </table> 
    476515    <p><button type="submit" name="saveuserroles" class="button">' . __("Save user roles") . '</button> 
    477     <input type="hidden" name="userids" value="' . trim($userids, ",") . '" /></p> 
     516    <input type="hidden" name="userids" value="' . trim($userids, ",") . '" /> 
     517    ' . wp_nonce_field( 'simple_user_management' ) . '</p> 
    478518    </form> 
    479519    '; 
     
    499539        echo ' 
    500540        <tr> 
    501             <td><a href="ms-admin.php?page=simple_user_management&amp;user=' . $user->id . '">' . $user->id . '</a></td> 
    502             <td><a href="ms-admin.php?page=simple_user_management&amp;user=' . $user->id . '">' . stripslashes($user->display_name) . '</a></td> 
    503             <td><a href="ms-admin.php?page=simple_user_management&amp;user=' . $user->id . '">' . $user->user_login . '</a></td> 
    504             <td><a href="ms-admin.php?page=simple_user_management&amp;user=' . $user->id . '">' . $user->user_email . '</a></td> 
     541            <td><a href="' . wp_nonce_url( SIMPLE_USER_MANAGEMENT_PARENT_SLUG . '?page=simple_user_management&amp;user=' . $user->id ) . '">' . $user->id . '</a></td> 
     542            <td><a href="' . wp_nonce_url( SIMPLE_USER_MANAGEMENT_PARENT_SLUG . '?page=simple_user_management&amp;user=' . $user->id ) . '">' . stripslashes($user->display_name) . '</a></td> 
     543            <td><a href="' . wp_nonce_url( SIMPLE_USER_MANAGEMENT_PARENT_SLUG . '?page=simple_user_management&amp;user=' . $user->id ) . '">' . $user->user_login . '</a></td> 
     544            <td><a href="' . wp_nonce_url( SIMPLE_USER_MANAGEMENT_PARENT_SLUG . '?page=simple_user_management&amp;user=' . $user->id ) . '">' . $user->user_email . '</a></td> 
    505545        </tr> 
    506546        '; 
     
    516556{ 
    517557    global $wpdb; 
    518     $sql = "select blog_id, domain, path 
    519             from " . $wpdb->blogs . " 
    520             where blog_id = " . $wpdb->escape((int)$query) . " 
    521             or domain like '%" . $wpdb->escape($query) . "%' 
    522             or path like '%" . $wpdb->escape($query) . "%';"; 
     558    if (!empty($query)) { 
     559        $sql = "select blog_id, domain, path 
     560                from " . $wpdb->blogs . " 
     561                where blog_id = " . $wpdb->escape((int)$query) . " 
     562                or domain like '%" . $wpdb->escape($query) . "%' 
     563                or path like '%" . $wpdb->escape($query) . "%';"; 
     564    } else { 
     565        // select them all! 
     566        $sql = "select blog_id, domain, path 
     567                from " . $wpdb->blogs . ";"; 
     568    } 
    523569    return $wpdb->get_results($sql); 
    524570} 
     
    543589        echo ' 
    544590        <tr> 
    545             <td><a href="ms-admin.php?page=simple_user_management&amp;blog=' . $blog->blog_id . '">' . $blog->blog_id . '</a></td> 
    546             <td><a href="ms-admin.php?page=simple_user_management&amp;blog=' . $blog->blog_id . '">' . $blog->domain . '</a></td> 
    547             <td><a href="ms-admin.php?page=simple_user_management&amp;blog=' . $blog->blog_id . '">' . $blog->path . '</a></td> 
     591            <td><a href="' . wp_nonce_url( SIMPLE_USER_MANAGEMENT_PARENT_SLUG . '?page=simple_user_management&amp;blog=' . $blog->blog_id ) . '">' . $blog->blog_id . '</a></td> 
     592            <td><a href="' . wp_nonce_url( SIMPLE_USER_MANAGEMENT_PARENT_SLUG . '?page=simple_user_management&amp;blog=' . $blog->blog_id ) . '">' . $blog->domain . '</a></td> 
     593            <td><a href="' . wp_nonce_url( SIMPLE_USER_MANAGEMENT_PARENT_SLUG . '?page=simple_user_management&amp;blog=' . $blog->blog_id ) . '">' . $blog->path . '</a></td> 
    548594            <td><a href="http://' . $blog->domain . $blog->path . '">http://' . $blog->domain . $blog->path . '</a></td> 
    549595        </tr> 
     
    560606{ 
    561607    global $wpdb; 
    562     $sql = "select id, display_name, user_login, user_email 
    563             from " . $wpdb->users . " 
    564             where id = " . $wpdb->escape((int)$query) . " 
    565             or display_name like '%" . $wpdb->escape($query) . "%' 
    566             or user_login like '%" . $wpdb->escape($query) . "%' 
    567             or user_email like '%" . $wpdb->escape($query) . "%';"; 
     608    if (!empty($query)) { 
     609        $sql = "select id, display_name, user_login, user_email 
     610                from " . $wpdb->users . " 
     611                where id = " . $wpdb->escape((int)$query) . " 
     612                or display_name like '%" . $wpdb->escape($query) . "%' 
     613                or user_login like '%" . $wpdb->escape($query) . "%' 
     614                or user_email like '%" . $wpdb->escape($query) . "%';"; 
     615    } else { 
     616        // select them all! 
     617        $sql = "select id, display_name, user_login, user_email 
     618                from " . $wpdb->users . ";"; 
     619    } 
    568620    return $wpdb->get_results($sql); 
    569621} 
     
    588640{ 
    589641    return ' 
    590         <form action="ms-admin.php?page=simple_user_management' . $qs . '#results" method="post"> 
     642        <form action="'.SIMPLE_USER_MANAGEMENT_PARENT_SLUG.'?page=simple_user_management' . $qs . '#results" method="post"> 
    591643            <fieldset> 
    592644            <p><label for="blogquery">' . __("Search for:") . '</label> 
    593645            <input type="text" name="blogquery" id="blogquery" /></p> 
    594646            <p>' . __("You can search on blog IDs, domains and paths.") . '</p> 
    595             <p class="submit"><input type="submit" name="submit" value="' . ("Search &raquo;") . '" /></p> 
     647            <p class="submit"><input type="submit" name="submit" value="' . ("Search &raquo;") . '" /> 
     648            ' . wp_nonce_field( 'simple_user_management' ) . '</p> 
    596649            </fieldset> 
    597650        </form> 
     
    603656{ 
    604657    return ' 
    605         <form action="ms-admin.php?page=simple_user_management' . $qs . '#results" method="post"> 
     658        <form action="'.SIMPLE_USER_MANAGEMENT_PARENT_SLUG.'?page=simple_user_management' . $qs . '#results" method="post"> 
    606659            <fieldset> 
    607660            <p><label for="userquery">' . __("Search for:") . '</label> 
    608661            <input type="text" name="userquery" id="userquery" /></p> 
    609662            <p>' . __("You can search on user IDs, user logins, display names and email addresses.") . '</p> 
    610             <p class="submit"><input type="submit" name="submit" value="' . ("Search &raquo;") . '" /></p> 
     663            <p class="submit"><input type="submit" name="submit" value="' . ("Search &raquo;") . '" /> 
     664            ' . wp_nonce_field( 'simple_user_management' ) . '</p> 
    611665            </fieldset> 
    612666        </form> 
Note: See TracChangeset for help on using the changeset viewer.