<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[BuddyPress][5831] branches/1.5: Backport general settings screen code from trunk to 1.5 branch:</title>
</head>
<body>

<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }
#msg dl a { font-weight: bold}
#msg dl a:link    { color:#fc3; }
#msg dl a:active  { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg > ul, #logmsg > ol { margin-left: 0; margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://buddypress.trac.wordpress.org/changeset/5831">5831</a></dd>
<dt>Author</dt> <dd>johnjamesjacoby</dd>
<dt>Date</dt> <dd>2012-02-23 07:19:16 +0000 (Thu, 23 Feb 2012)</dd>
</dl>

<h3>Log Message</h3>
<pre>Backport general settings screen code from trunk to 1.5 branch:

* Fixes all possible ways settings can be saved or not saved
* Skips current password check UI for super admins
* Fixes <a href="http://buddypress.trac.wordpress.org/ticket/4010">#4010</a> again</pre>

<h3>Modified Paths</h3>
<ul>
<li><a href="#branches15bpsettingsbpsettingsactionsphp">branches/1.5/bp-settings/bp-settings-actions.php</a></li>
<li><a href="#branches15bpthemesbpdefaultmemberssinglesettingsgeneralphp">branches/1.5/bp-themes/bp-default/members/single/settings/general.php</a></li>
</ul>

</div>
<div id="patch">
<h3>Diff</h3>
<a id="branches15bpsettingsbpsettingsactionsphp"></a>
<div class="modfile"><h4>Modified: branches/1.5/bp-settings/bp-settings-actions.php (5830 => 5831)</h4>
<pre class="diff"><span>
<span class="info">--- branches/1.5/bp-settings/bp-settings-actions.php        2012-02-23 06:36:11 UTC (rev 5830)
+++ branches/1.5/bp-settings/bp-settings-actions.php        2012-02-23 07:19:16 UTC (rev 5831)
</span><span class="lines">@@ -4,120 +4,209 @@
</span><span class="cx"> 
</span><span class="cx"> /** General *******************************************************************/
</span><span class="cx"> 
</span><ins>+/**
+ * Handles the changing and saving of user email addressos and passwords
+ * 
+ * We do quite a bit of logic and error handling here to make sure that users
+ * do not accidentally lock themselves out of their accounts. We also try to
+ * provide as accurate of feedback as possible without exposing anyone else's
+ * inforation to them.
+ * 
+ * Special considerations are made for super admins that are able to edit any
+ * users accounts already, without knowing their existing password.
+ *
+ * @global BuddyPress $bp
+ * @return If no reason to proceed
+ */
</ins><span class="cx"> function bp_core_screen_general_settings() {
</span><span class="cx">         global $bp;
</span><span class="cx"> 
</span><ins>+        // 404 if there are any additional action variables attached
</ins><span class="cx">         if ( bp_action_variables() ) {
</span><span class="cx">                 bp_do_404();
</span><span class="cx">                 return;
</span><span class="cx">         }
</span><span class="cx"> 
</span><del>-        // Setup private variables
-        $bp_settings_updated = $pass_error = $email_error = $pwd_error = false;
</del><ins>+        /** Handle Form ***********************************************************/
</ins><span class="cx"> 
</span><del>-        if ( isset( $_POST['submit'] ) ) {
</del><ins>+        if ( 'POST' === strtoupper( $_SERVER['REQUEST_METHOD'] ) ) {
</ins><span class="cx"> 
</span><ins>+                // Bail if not in settings
+                if ( ! bp_is_settings_component() || ! bp_is_current_action( 'general' ) )
+                        return;
+
+                // Define local defaults
+                $email_error   = false;   // invalid|blocked|taken|empty|false
+                $pass_error    = false;   // invalid|mismatch|empty|false
+                $pass_changed  = false;   // true if the user changes their password
+                $email_changed = false;   // true if the user changes their email
+                $feedback_type = 'error'; // success|error
+                $feedback      = array(); // array of strings for feedback
+
</ins><span class="cx">                 // Nonce check
</span><span class="cx">                 check_admin_referer('bp_settings_general');
</span><span class="cx"> 
</span><span class="cx">                 // Validate the user again for the current password when making a big change
</span><del>-                if ( is_super_admin() || ( !empty( $_POST['pwd'] ) &amp;&amp; $_POST['pwd'] != '' &amp;&amp; wp_check_password( $_POST['pwd'], $bp-&gt;displayed_user-&gt;userdata-&gt;user_pass, $bp-&gt;displayed_user-&gt;id ) ) ) {
</del><ins>+                if ( ( is_super_admin() ) || ( !empty( $_POST['pwd'] ) &amp;&amp; wp_check_password( $_POST['pwd'], $bp-&gt;displayed_user-&gt;userdata-&gt;user_pass, bp_displayed_user_id() ) ) ) {
</ins><span class="cx"> 
</span><del>-                        $update_user = get_userdata( $bp-&gt;displayed_user-&gt;id );
-                        
-                        // The structure of the $update_user object changed in WP 3.3, but
-                        // wp_update_user() still expects the old format
-                        if ( isset( $update_user-&gt;data ) &amp;&amp; is_object( $update_user-&gt;data ) ) {
-                                $update_user = $update_user-&gt;data;
-                        }
</del><ins>+                        $update_user = get_userdata( bp_displayed_user_id() );
</ins><span class="cx"> 
</span><del>-                        // Make sure changing an email address does not already exist
-                        if ( $_POST['email'] != '' ) {
</del><ins>+                        /** Email Change Attempt ******************************************/
</ins><span class="cx"> 
</span><ins>+                        if ( !empty( $_POST['email'] ) ) {
+
</ins><span class="cx">                                 // What is missing from the profile page vs signup - lets double check the goodies
</span><span class="cx">                                 $user_email = sanitize_email( esc_html( trim( $_POST['email'] ) ) );
</span><span class="cx"> 
</span><del>-                                // Is email valid
-                                if ( !is_email( $user_email ) )
-                                        $email_error = true;
</del><ins>+                                // User is changing email address
+                                if ( $bp-&gt;displayed_user-&gt;userdata-&gt;user_email != $user_email ) {
</ins><span class="cx"> 
</span><del>-                                // Get blocked email domains
-                                $limited_email_domains = get_site_option( 'limited_email_domains', 'buddypress' );
</del><ins>+                                        // Is email valid
+                                        if ( !is_email( $user_email ) )
+                                                $email_error = 'invalid';
</ins><span class="cx"> 
</span><del>-                                // If blocked email domains exist, see if this is one of them
-                                if ( is_array( $limited_email_domains ) &amp;&amp; empty( $limited_email_domains ) == false ) {
-                                        $emaildomain = substr( $user_email, 1 + strpos( $user_email, '@' ) );
</del><ins>+                                        // Get blocked email domains
+                                        $limited_email_domains = get_site_option( 'limited_email_domains', 'buddypress' );
</ins><span class="cx"> 
</span><del>-                                        if ( in_array( $emaildomain, (array)$limited_email_domains ) == false ) {
-                                                $email_error = true;
</del><ins>+                                        // If blocked email domains exist, see if this is one of them
+                                        if ( is_array( $limited_email_domains ) &amp;&amp; empty( $limited_email_domains ) == false ) {
+                                                $emaildomain = substr( $user_email, 1 + strpos( $user_email, '@' ) );
+
+                                                if ( in_array( $emaildomain, (array) $limited_email_domains ) == false ) {
+                                                        $email_error = 'blocked';
+                                                }
</ins><span class="cx">                                         }
</span><del>-                                }
</del><span class="cx"> 
</span><del>-                                // No errors, and email address doesn't match
-                                if ( ( false === $email_error ) &amp;&amp; ( $bp-&gt;displayed_user-&gt;userdata-&gt;user_email != $user_email ) ) {
</del><ins>+                                        // No errors, and email address doesn't match
+                                        if ( ( false === $email_error ) &amp;&amp; email_exists( $user_email ) ) {
+                                                $email_error = 'taken';
+                                        }
</ins><span class="cx"> 
</span><del>-                                        // We don't want email dupes in the system
-                                        if ( email_exists( $user_email ) )
-                                                $email_error = true;
</del><ins>+                                        // Yay we made it!
+                                        if ( false === $email_error ) {
+                                                $update_user-&gt;user_email = $user_email;
+                                                $email_changed = true;
+                                        }
</ins><span class="cx"> 
</span><del>-                                        // Set updated user email to this email address
-                                        $update_user-&gt;user_email = $user_email;
</del><ins>+                                // No change
+                                } else {
+                                        $email_error = false;
</ins><span class="cx">                                 }
</span><ins>+
+                        // Email address cannot be empty
+                        } else {
+                                $email_error = 'empty';
</ins><span class="cx">                         }
</span><span class="cx"> 
</span><del>-                        // Password change
</del><ins>+                        /** Password Change Attempt ***************************************/
+
</ins><span class="cx">                         if ( !empty( $_POST['pass1'] ) &amp;&amp; !empty( $_POST['pass2'] ) ) {
</span><span class="cx"> 
</span><span class="cx">                                 // Password change attempt is successful
</span><del>-                                if ( $_POST['pass1'] == $_POST['pass2'] &amp;&amp; !strpos( &quot; &quot; . $_POST['pass1'], &quot;\\&quot; ) ) {
</del><ins>+                                if ( ( $_POST['pass1'] == $_POST['pass2'] ) &amp;&amp; !strpos( &quot; &quot; . $_POST['pass1'], &quot;\\&quot; ) ) {
</ins><span class="cx">                                         $update_user-&gt;user_pass = $_POST['pass1'];
</span><ins>+                                        $pass_changed = true;
</ins><span class="cx"> 
</span><span class="cx">                                 // Password change attempt was unsuccessful
</span><span class="cx">                                 } else {
</span><del>-                                        $pass_error = true;
</del><ins>+                                        $pass_error = 'mismatch';
</ins><span class="cx">                                 }
</span><span class="cx"> 
</span><ins>+                        // Both password fields were empty
+                        } elseif ( empty( $_POST['pass1'] ) &amp;&amp; empty( $_POST['pass2'] ) ) {
+                                $pass_error = false;
+
</ins><span class="cx">                         // One of the password boxes was left empty
</span><del>-                        } else if ( ( empty( $_POST['pass1'] ) &amp;&amp; !empty( $_POST['pass2'] ) ) || ( !empty( $_POST['pass1'] ) &amp;&amp; empty( $_POST['pass2'] ) ) ) {
-                                $pass_error = true;
</del><ins>+                        } elseif ( ( empty( $_POST['pass1'] ) &amp;&amp; !empty( $_POST['pass2'] ) ) || ( !empty( $_POST['pass1'] ) &amp;&amp; empty( $_POST['pass2'] ) ) ) {
+                                $pass_error = 'empty';
+                        }
</ins><span class="cx"> 
</span><del>-                        // Not a password change attempt so empty the user_pass
-                        } else {
-                                // unset( $update_user-&gt;user_pass ); // WP_User has no __unset()
-                                $update_user-&gt;user_pass = null;
</del><ins>+                        // The structure of the $update_user object changed in WP 3.3, but
+                        // wp_update_user() still expects the old format
+                        if ( isset( $update_user-&gt;data ) &amp;&amp; is_object( $update_user-&gt;data ) ) {
+                                $update_user = $update_user-&gt;data;
+                                $update_user = get_object_vars( $update_user );
+
+                                // Unset the password field to prevent it from emptying out the
+                                // user's user_pass field in the database.
+                                // @see wp_update_user()
+                                if ( false === $pass_changed ) {
+                                        unset( $update_user['user_pass'] );
+                                }
</ins><span class="cx">                         }
</span><span class="cx"> 
</span><span class="cx">                         // Make sure these changes are in $bp for the current page load
</span><del>-                        if ( ( false === $email_error ) &amp;&amp; ( false === $pass_error ) &amp;&amp; ( wp_update_user( get_object_vars( $update_user ) ) ) ) {
-                                $bp_settings_updated = true;
</del><ins>+                        if ( ( false === $email_error ) &amp;&amp; ( false === $pass_error ) &amp;&amp; ( wp_update_user( $update_user ) ) ) {
+                                $bp-&gt;displayed_user-&gt;userdata = bp_core_get_core_userdata( bp_displayed_user_id() );
</ins><span class="cx">                         }
</span><span class="cx"> 
</span><span class="cx">                 // Password Error
</span><span class="cx">                 } else {
</span><del>-                        $pwd_error = true;
</del><ins>+                        $pass_error = 'invalid';
</ins><span class="cx">                 }
</span><span class="cx"> 
</span><del>-                // Add user feedback messages
-                if ( empty( $pass_error ) &amp;&amp; empty( $pwd_error ) &amp;&amp; ( empty( $email_error ) ) )
-                        bp_core_add_message( __( 'Changes saved.', 'buddypress' ), 'success' );
</del><ins>+                // Email feedback
+                switch ( $email_error ) {
+                        case 'invalid' :
+                                $feedback['email_invalid']  = __( 'That email address is invalid. Check the formatting and try again.', 'buddypress' );
+                                break;
+                        case 'blocked' :
+                                $feedback['email_blocked']  = __( 'That email address is currently unavailable for use.', 'buddypress' );
+                                break;
+                        case 'taken' :
+                                $feedback['email_taken']    = __( 'That email address is already taken.', 'buddypress' );
+                                break;
+                        case 'empty' :
+                                $feedback['email_empty']    = __( 'Email address cannot be empty.', 'buddypress' );
+                                break;
+                        case false :
+                                // No change
+                                break;
+                }
</ins><span class="cx"> 
</span><del>-                elseif ( !empty( $pass_error ) )
-                        bp_core_add_message( __( 'Your new passwords did not match.', 'buddypress' ), 'error' );
</del><ins>+                // Password feedback
+                switch ( $pass_error ) {
+                        case 'invalid' :
+                                $feedback['pass_error']    = __( 'Your current password is invalid.', 'buddypress' );
+                                break;
+                        case 'mismatch' :
+                                $feedback['pass_mismatch'] = __( 'The new password fields did not match.', 'buddypress' );
+                                break;
+                        case 'empty' :
+                                $feedback['pass_empty']    = __( 'One of the password fields was empty.', 'buddypress' );
+                                break;
+                        case false :
+                                // No change
+                                break;
+                }
</ins><span class="cx"> 
</span><del>-                elseif ( !empty( $pwd_error ) )
-                        bp_core_add_message( __( 'Your existing password is incorrect.', 'buddypress' ), 'error' );
</del><ins>+                // No errors so show a simple success message
+                if ( ( ( false === $email_error ) || ( false == $pass_error ) ) &amp;&amp; ( ( true === $pass_changed ) || ( true === $email_changed ) ) ) {
+                        $feedback[]    = __( 'Your settings have been saved.', 'buddypress' );
+                        $feedback_type = 'success';
</ins><span class="cx"> 
</span><del>-                elseif ( !empty( $email_error ) )
-                        bp_core_add_message( __( 'Sorry, that email address is already used or is invalid.', 'buddypress' ), 'error' );
</del><ins>+                // Some kind of errors occurred
+                } elseif ( ( ( false === $email_error ) || ( false === $pass_error ) ) &amp;&amp; ( ( false === $pass_changed ) || ( false === $email_changed ) ) ) {
+                        if ( bp_is_my_profile() ) {
+                                $feedback['nochange'] = __( 'No changes were made to your account.', 'buddypress' );
+                        } else {
+                                $feedback['nochange'] = __( 'No changes were made to this account.', 'buddypress' );
+                        }
+                }
</ins><span class="cx"> 
</span><ins>+                // Set the feedback
+                bp_core_add_message( implode( '&lt;/p&gt;&lt;p&gt;', $feedback ), $feedback_type );
+
</ins><span class="cx">                 // Execute additional code
</span><span class="cx">                 do_action( 'bp_core_general_settings_after_save' );
</span><ins>+
+                // Redirect to prevent issues with browser back button
+                bp_core_redirect( trailingslashit( bp_displayed_user_domain() . bp_get_settings_slug() . '/general' ) );
</ins><span class="cx">                 
</span><del>-                bp_core_redirect( trailingslashit( bp_displayed_user_domain() . bp_get_settings_slug() . '/general' ) );
</del><ins>+        // Load the template
+        } else {
+                bp_core_load_template( apply_filters( 'bp_core_screen_general_settings', 'members/single/settings/general' ) );
</ins><span class="cx">         }
</span><del>-
-        // Load the template
-        bp_core_load_template( apply_filters( 'bp_core_screen_general_settings', 'members/single/settings/general' ) );
</del><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> /** Notifications *************************************************************/
</span></span></pre></div>
<a id="branches15bpthemesbpdefaultmemberssinglesettingsgeneralphp"></a>
<div class="modfile"><h4>Modified: branches/1.5/bp-themes/bp-default/members/single/settings/general.php (5830 => 5831)</h4>
<pre class="diff"><span>
<span class="info">--- branches/1.5/bp-themes/bp-default/members/single/settings/general.php        2012-02-23 06:36:11 UTC (rev 5830)
+++ branches/1.5/bp-themes/bp-default/members/single/settings/general.php        2012-02-23 07:19:16 UTC (rev 5831)
</span><span class="lines">@@ -53,9 +53,13 @@
</span><span class="cx"> 
</span><span class="cx">                                 &lt;form action=&quot;&lt;?php echo bp_displayed_user_domain() . bp_get_settings_slug() . '/general'; ?&gt;&quot; method=&quot;post&quot; class=&quot;standard-form&quot; id=&quot;settings-form&quot;&gt;
</span><span class="cx"> 
</span><del>-                                        &lt;label for=&quot;pwd&quot;&gt;&lt;?php _e( 'Current Password &lt;span&gt;(required to update email or change current password)&lt;/span&gt;', 'buddypress' ); ?&gt;&lt;/label&gt;
-                                        &lt;input type=&quot;password&quot; name=&quot;pwd&quot; id=&quot;pwd&quot; size=&quot;16&quot; value=&quot;&quot; class=&quot;settings-input small&quot; /&gt; &amp;nbsp;&lt;a href=&quot;&lt;?php echo site_url( add_query_arg( array( 'action' =&gt; 'lostpassword' ), 'wp-login.php' ), 'login' ); ?&gt;&quot; title=&quot;&lt;?php _e( 'Password Lost and Found', 'buddypress' ); ?&gt;&quot;&gt;&lt;?php _e( 'Lost your password?', 'buddypress' ); ?&gt;&lt;/a&gt;
</del><ins>+                                        &lt;?php if ( !is_super_admin() ) : ?&gt;
</ins><span class="cx"> 
</span><ins>+                                                &lt;label for=&quot;pwd&quot;&gt;&lt;?php _e( 'Current Password &lt;span&gt;(required to update email or change current password)&lt;/span&gt;', 'buddypress' ); ?&gt;&lt;/label&gt;
+                                                &lt;input type=&quot;password&quot; name=&quot;pwd&quot; id=&quot;pwd&quot; size=&quot;16&quot; value=&quot;&quot; class=&quot;settings-input small&quot; /&gt; &amp;nbsp;&lt;a href=&quot;&lt;?php echo site_url( add_query_arg( array( 'action' =&gt; 'lostpassword' ), 'wp-login.php' ), 'login' ); ?&gt;&quot; title=&quot;&lt;?php _e( 'Password Lost and Found', 'buddypress' ); ?&gt;&quot;&gt;&lt;?php _e( 'Lost your password?', 'buddypress' ); ?&gt;&lt;/a&gt;
+
+                                        &lt;?php endif; ?&gt;
+
</ins><span class="cx">                                         &lt;label for=&quot;email&quot;&gt;&lt;?php _e( 'Account Email', 'buddypress' ); ?&gt;&lt;/label&gt;
</span><span class="cx">                                         &lt;input type=&quot;text&quot; name=&quot;email&quot; id=&quot;email&quot; value=&quot;&lt;?php echo bp_get_displayed_user_email(); ?&gt;&quot; class=&quot;settings-input&quot; /&gt;
</span><span class="cx"> 
</span></span></pre>
</div>
</div>

</body>
</html>