1<?php
2/**
3 * Edit user administration panel.
4 *
5 * @package WordPress
6 * @subpackage Administration
7 */
8
9/** WordPress Administration Bootstrap */
10require_once __DIR__ . '/admin.php';
11
12wp_reset_vars( array( 'action', 'user_id', 'wp_http_referer' ) );
13
14$user_id      = (int) $user_id;
15$current_user = wp_get_current_user();
16if ( ! defined( 'IS_PROFILE_PAGE' ) ) {
17	define( 'IS_PROFILE_PAGE', ( $user_id == $current_user->ID ) );
18}
19
20if ( ! $user_id && IS_PROFILE_PAGE ) {
21	$user_id = $current_user->ID;
22} elseif ( ! $user_id && ! IS_PROFILE_PAGE ) {
23	wp_die( __( 'Invalid user ID.' ) );
24} elseif ( ! get_userdata( $user_id ) ) {
25	wp_die( __( 'Invalid user ID.' ) );
26}
27
28wp_enqueue_script( 'user-profile' );
29
30if ( wp_is_application_passwords_available_for_user( $user_id ) ) {
31	wp_enqueue_script( 'application-passwords' );
32}
33
34if ( IS_PROFILE_PAGE ) {
35	$title = __( 'Profile' );
36} else {
37	/* translators: %s: User's display name. */
38	$title = __( 'Edit User %s' );
39}
40
41if ( current_user_can( 'edit_users' ) && ! IS_PROFILE_PAGE ) {
42	$submenu_file = 'users.php';
43} else {
44	$submenu_file = 'profile.php';
45}
46
47if ( current_user_can( 'edit_users' ) && ! is_user_admin() ) {
48	$parent_file = 'users.php';
49} else {
50	$parent_file = 'profile.php';
51}
52
53$profile_help = '<p>' . __( 'Your profile contains information about you (your &#8220;account&#8221;) as well as some personal options related to using WordPress.' ) . '</p>' .
54	'<p>' . __( 'You can change your password, turn on keyboard shortcuts, change the color scheme of your WordPress administration screens, and turn off the WYSIWYG (Visual) editor, among other things. You can hide the Toolbar (formerly called the Admin Bar) from the front end of your site, however it cannot be disabled on the admin screens.' ) . '</p>' .
55	'<p>' . __( 'You can select the language you wish to use while using the WordPress administration screen without affecting the language site visitors see.' ) . '</p>' .
56	'<p>' . __( 'Your username cannot be changed, but you can use other fields to enter your real name or a nickname, and change which name to display on your posts.' ) . '</p>' .
57	'<p>' . __( 'You can log out of other devices, such as your phone or a public computer, by clicking the Log Out Everywhere Else button.' ) . '</p>' .
58	'<p>' . __( 'Required fields are indicated; the rest are optional. Profile information will only be displayed if your theme is set up to do so.' ) . '</p>' .
59	'<p>' . __( 'Remember to click the Update Profile button when you are finished.' ) . '</p>';
60
61get_current_screen()->add_help_tab(
62	array(
63		'id'      => 'overview',
64		'title'   => __( 'Overview' ),
65		'content' => $profile_help,
66	)
67);
68
69get_current_screen()->set_help_sidebar(
70	'<p><strong>' . __( 'For more information:' ) . '</strong></p>' .
71	'<p>' . __( '<a href="https://wordpress.org/support/article/users-your-profile-screen/">Documentation on User Profiles</a>' ) . '</p>' .
72	'<p>' . __( '<a href="https://wordpress.org/support/">Support</a>' ) . '</p>'
73);
74
75$wp_http_referer = remove_query_arg( array( 'update', 'delete_count', 'user_id' ), $wp_http_referer );
76
77$user_can_edit = current_user_can( 'edit_posts' ) || current_user_can( 'edit_pages' );
78
79/**
80 * Filters whether to allow administrators on Multisite to edit every user.
81 *
82 * Enabling the user editing form via this filter also hinges on the user holding
83 * the 'manage_network_users' cap, and the logged-in user not matching the user
84 * profile open for editing.
85 *
86 * The filter was introduced to replace the EDIT_ANY_USER constant.
87 *
88 * @since 3.0.0
89 *
90 * @param bool $allow Whether to allow editing of any user. Default true.
91 */
92if ( is_multisite()
93	&& ! current_user_can( 'manage_network_users' )
94	&& $user_id != $current_user->ID
95	&& ! apply_filters( 'enable_edit_any_user_configuration', true )
96) {
97	wp_die( __( 'Sorry, you are not allowed to edit this user.' ) );
98}
99
100// Execute confirmed email change. See send_confirmation_on_profile_email().
101if ( IS_PROFILE_PAGE && isset( $_GET['newuseremail'] ) && $current_user->ID ) {
102	$new_email = get_user_meta( $current_user->ID, '_new_email', true );
103	if ( $new_email && hash_equals( $new_email['hash'], $_GET['newuseremail'] ) ) {
104		$user             = new stdClass;
105		$user->ID         = $current_user->ID;
106		$user->user_email = esc_html( trim( $new_email['newemail'] ) );
107		if ( is_multisite() && $wpdb->get_var( $wpdb->prepare( "SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", $current_user->user_login ) ) ) {
108			$wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->signups} SET user_email = %s WHERE user_login = %s", $user->user_email, $current_user->user_login ) );
109		}
110		wp_update_user( $user );
111		delete_user_meta( $current_user->ID, '_new_email' );
112		wp_redirect( add_query_arg( array( 'updated' => 'true' ), self_admin_url( 'profile.php' ) ) );
113		die();
114	} else {
115		wp_redirect( add_query_arg( array( 'error' => 'new-email' ), self_admin_url( 'profile.php' ) ) );
116	}
117} elseif ( IS_PROFILE_PAGE && ! empty( $_GET['dismiss'] ) && $current_user->ID . '_new_email' === $_GET['dismiss'] ) {
118	check_admin_referer( 'dismiss-' . $current_user->ID . '_new_email' );
119	delete_user_meta( $current_user->ID, '_new_email' );
120	wp_redirect( add_query_arg( array( 'updated' => 'true' ), self_admin_url( 'profile.php' ) ) );
121	die();
122}
123
124switch ( $action ) {
125	case 'update':
126		check_admin_referer( 'update-user_' . $user_id );
127
128		if ( ! current_user_can( 'edit_user', $user_id ) ) {
129			wp_die( __( 'Sorry, you are not allowed to edit this user.' ) );
130		}
131
132		if ( IS_PROFILE_PAGE ) {
133			/**
134			 * Fires before the page loads on the 'Profile' editing screen.
135			 *
136			 * The action only fires if the current user is editing their own profile.
137			 *
138			 * @since 2.0.0
139			 *
140			 * @param int $user_id The user ID.
141			 */
142			do_action( 'personal_options_update', $user_id );
143		} else {
144			/**
145			 * Fires before the page loads on the 'Edit User' screen.
146			 *
147			 * @since 2.7.0
148			 *
149			 * @param int $user_id The user ID.
150			 */
151			do_action( 'edit_user_profile_update', $user_id );
152		}
153
154		// Update the email address in signups, if present.
155		if ( is_multisite() ) {
156			$user = get_userdata( $user_id );
157
158			if ( $user->user_login && isset( $_POST['email'] ) && is_email( $_POST['email'] ) && $wpdb->get_var( $wpdb->prepare( "SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", $user->user_login ) ) ) {
159				$wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->signups} SET user_email = %s WHERE user_login = %s", $_POST['email'], $user_login ) );
160			}
161		}
162
163		// Update the user.
164		$errors = edit_user( $user_id );
165
166		// Grant or revoke super admin status if requested.
167		if ( is_multisite() && is_network_admin() && ! IS_PROFILE_PAGE && current_user_can( 'manage_network_options' ) && ! isset( $super_admins ) && empty( $_POST['super_admin'] ) == is_super_admin( $user_id ) ) {
168			empty( $_POST['super_admin'] ) ? revoke_super_admin( $user_id ) : grant_super_admin( $user_id );
169		}
170
171		if ( ! is_wp_error( $errors ) ) {
172			$redirect = add_query_arg( 'updated', true, get_edit_user_link( $user_id ) );
173			if ( $wp_http_referer ) {
174				$redirect = add_query_arg( 'wp_http_referer', urlencode( $wp_http_referer ), $redirect );
175			}
176			wp_redirect( $redirect );
177			exit;
178		}
179
180		// Intentional fall-through to display $errors.
181	default:
182		$profileuser = get_user_to_edit( $user_id );
183
184		if ( ! current_user_can( 'edit_user', $user_id ) ) {
185			wp_die( __( 'Sorry, you are not allowed to edit this user.' ) );
186		}
187
188		$title    = sprintf( $title, $profileuser->display_name );
189		$sessions = WP_Session_Tokens::get_instance( $profileuser->ID );
190
191		require_once ABSPATH . 'wp-admin/admin-header.php';
192		?>
193
194		<?php if ( ! IS_PROFILE_PAGE && is_super_admin( $profileuser->ID ) && current_user_can( 'manage_network_options' ) ) { ?>
195	<div class="notice notice-info"><p><strong><?php _e( 'Important:' ); ?></strong> <?php _e( 'This user has super admin privileges.' ); ?></p></div>
196<?php } ?>
197		<?php if ( isset( $_GET['updated'] ) ) : ?>
198<div id="message" class="updated notice is-dismissible">
199			<?php if ( IS_PROFILE_PAGE ) : ?>
200	<p><strong><?php _e( 'Profile updated.' ); ?></strong></p>
201	<?php else : ?>
202	<p><strong><?php _e( 'User updated.' ); ?></strong></p>
203	<?php endif; ?>
204			<?php if ( $wp_http_referer && false === strpos( $wp_http_referer, 'user-new.php' ) && ! IS_PROFILE_PAGE ) : ?>
205	<p><a href="<?php echo esc_url( wp_validate_redirect( esc_url_raw( $wp_http_referer ), self_admin_url( 'users.php' ) ) ); ?>"><?php _e( '&larr; Go to Users' ); ?></a></p>
206	<?php endif; ?>
207</div>
208		<?php endif; ?>
209		<?php if ( isset( $_GET['error'] ) ) : ?>
210<div class="notice notice-error">
211			<?php if ( 'new-email' === $_GET['error'] ) : ?>
212	<p><?php _e( 'Error while saving the new email address. Please try again.' ); ?></p>
213	<?php endif; ?>
214</div>
215		<?php endif; ?>
216		<?php if ( isset( $errors ) && is_wp_error( $errors ) ) : ?>
217<div class="error"><p><?php echo implode( "</p>\n<p>", $errors->get_error_messages() ); ?></p></div>
218		<?php endif; ?>
219
220<div class="wrap" id="profile-page">
221<h1 class="wp-heading-inline">
222		<?php
223		echo esc_html( $title );
224		?>
225</h1>
226
227		<?php
228		if ( ! IS_PROFILE_PAGE ) {
229			if ( current_user_can( 'create_users' ) ) {
230				?>
231		<a href="user-new.php" class="page-title-action"><?php echo esc_html_x( 'Add New', 'user' ); ?></a>
232	<?php } elseif ( is_multisite() && current_user_can( 'promote_users' ) ) { ?>
233		<a href="user-new.php" class="page-title-action"><?php echo esc_html_x( 'Add Existing', 'user' ); ?></a>
234				<?php
235	}
236		}
237		?>
238
239<hr class="wp-header-end">
240
241<form id="your-profile" action="<?php echo esc_url( self_admin_url( IS_PROFILE_PAGE ? 'profile.php' : 'user-edit.php' ) ); ?>" method="post" novalidate="novalidate"
242		<?php
243		/**
244		 * Fires inside the your-profile form tag on the user editing screen.
245		 *
246		 * @since 3.0.0
247		 */
248		do_action( 'user_edit_form_tag' );
249		?>
250	>
251		<?php wp_nonce_field( 'update-user_' . $user_id ); ?>
252		<?php if ( $wp_http_referer ) : ?>
253	<input type="hidden" name="wp_http_referer" value="<?php echo esc_url( $wp_http_referer ); ?>" />
254		<?php endif; ?>
255<p>
256<input type="hidden" name="from" value="profile" />
257<input type="hidden" name="checkuser_id" value="<?php echo get_current_user_id(); ?>" />
258</p>
259
260<h2><?php _e( 'Personal Options' ); ?></h2>
261
262<table class="form-table" role="presentation">
263		<?php if ( ! ( IS_PROFILE_PAGE && ! $user_can_edit ) ) : ?>
264	<tr class="user-rich-editing-wrap">
265		<th scope="row"><?php _e( 'Visual Editor' ); ?></th>
266		<td>
267			<label for="rich_editing"><input name="rich_editing" type="checkbox" id="rich_editing" value="false" <?php checked( 'false', $profileuser->rich_editing ); ?> />
268				<?php _e( 'Disable the visual editor when writing' ); ?>
269			</label>
270		</td>
271	</tr>
272		<?php endif; ?>
273		<?php
274		$show_syntax_highlighting_preference = (
275		// For Custom HTML widget and Additional CSS in Customizer.
276		user_can( $profileuser, 'edit_theme_options' )
277		||
278		// Edit plugins.
279		user_can( $profileuser, 'edit_plugins' )
280		||
281		// Edit themes.
282		user_can( $profileuser, 'edit_themes' )
283		);
284		?>
285
286		<?php if ( $show_syntax_highlighting_preference ) : ?>
287	<tr class="user-syntax-highlighting-wrap">
288		<th scope="row"><?php _e( 'Syntax Highlighting' ); ?></th>
289		<td>
290			<label for="syntax_highlighting"><input name="syntax_highlighting" type="checkbox" id="syntax_highlighting" value="false" <?php checked( 'false', $profileuser->syntax_highlighting ); ?> />
291				<?php _e( 'Disable syntax highlighting when editing code' ); ?>
292			</label>
293		</td>
294	</tr>
295		<?php endif; ?>
296
297		<?php if ( count( $_wp_admin_css_colors ) > 1 && has_action( 'admin_color_scheme_picker' ) ) : ?>
298	<tr class="user-admin-color-wrap">
299		<th scope="row"><?php _e( 'Admin Color Scheme' ); ?></th>
300		<td>
301			<?php
302			/**
303			 * Fires in the 'Admin Color Scheme' section of the user editing screen.
304			 *
305			 * The section is only enabled if a callback is hooked to the action,
306			 * and if there is more than one defined color scheme for the admin.
307			 *
308			 * @since 3.0.0
309			 * @since 3.8.1 Added `$user_id` parameter.
310			 *
311			 * @param int $user_id The user ID.
312			 */
313			do_action( 'admin_color_scheme_picker', $user_id );
314			?>
315		</td>
316	</tr>
317		<?php endif; // End if count ( $_wp_admin_css_colors ) > 1 ?>
318
319		<?php if ( ! ( IS_PROFILE_PAGE && ! $user_can_edit ) ) : ?>
320	<tr class="user-comment-shortcuts-wrap">
321		<th scope="row"><?php _e( 'Keyboard Shortcuts' ); ?></th>
322		<td>
323			<label for="comment_shortcuts">
324				<input type="checkbox" name="comment_shortcuts" id="comment_shortcuts" value="true" <?php checked( 'true', $profileuser->comment_shortcuts ); ?> />
325				<?php _e( 'Enable keyboard shortcuts for comment moderation.' ); ?>
326			</label>
327			<?php _e( '<a href="https://wordpress.org/support/article/keyboard-shortcuts/" target="_blank">More information</a>' ); ?>
328		</td>
329	</tr>
330		<?php endif; ?>
331
332	<tr class="show-admin-bar user-admin-bar-front-wrap">
333		<th scope="row"><?php _e( 'Toolbar' ); ?></th>
334		<td>
335			<label for="admin_bar_front">
336				<input name="admin_bar_front" type="checkbox" id="admin_bar_front" value="1"<?php checked( _get_admin_bar_pref( 'front', $profileuser->ID ) ); ?> />
337				<?php _e( 'Show Toolbar when viewing site' ); ?>
338			</label><br />
339		</td>
340	</tr>
341
342		<?php
343		$languages = get_available_languages();
344		if ( $languages ) :
345			?>
346	<tr class="user-language-wrap">
347		<th scope="row">
348			<?php /* translators: The user language selection field label. */ ?>
349			<label for="locale"><?php _e( 'Language' ); ?><span class="dashicons dashicons-translation" aria-hidden="true"></span></label>
350		</th>
351		<td>
352			<?php
353				$user_locale = $profileuser->locale;
354
355			if ( 'en_US' === $user_locale ) {
356				$user_locale = '';
357			} elseif ( '' === $user_locale || ! in_array( $user_locale, $languages, true ) ) {
358				$user_locale = 'site-default';
359			}
360
361			wp_dropdown_languages(
362				array(
363					'name'                        => 'locale',
364					'id'                          => 'locale',
365					'selected'                    => $user_locale,
366					'languages'                   => $languages,
367					'show_available_translations' => false,
368					'show_option_site_default'    => true,
369				)
370			);
371			?>
372		</td>
373	</tr>
374			<?php
375endif;
376		?>
377
378		<?php
379		/**
380		 * Fires at the end of the 'Personal Options' settings table on the user editing screen.
381		 *
382		 * @since 2.7.0
383		 *
384		 * @param WP_User $profileuser The current WP_User object.
385		 */
386		do_action( 'personal_options', $profileuser );
387		?>
388
389</table>
390		<?php
391		if ( IS_PROFILE_PAGE ) {
392			/**
393			 * Fires after the 'Personal Options' settings table on the 'Profile' editing screen.
394			 *
395			 * The action only fires if the current user is editing their own profile.
396			 *
397			 * @since 2.0.0
398			 *
399			 * @param WP_User $profileuser The current WP_User object.
400			 */
401			do_action( 'profile_personal_options', $profileuser );
402		}
403		?>
404
405<h2><?php _e( 'Name' ); ?></h2>
406
407<table class="form-table" role="presentation">
408	<tr class="user-user-login-wrap">
409		<th><label for="user_login"><?php _e( 'Username' ); ?></label></th>
410		<td><input type="text" name="user_login" id="user_login" value="<?php echo esc_attr( $profileuser->user_login ); ?>" disabled="disabled" class="regular-text" /> <span class="description"><?php _e( 'Usernames cannot be changed.' ); ?></span></td>
411	</tr>
412
413		<?php if ( ! IS_PROFILE_PAGE && ! is_network_admin() && current_user_can( 'promote_user', $profileuser->ID ) ) : ?>
414<tr class="user-role-wrap"><th><label for="role"><?php _e( 'Role' ); ?></label></th>
415<td><select name="role" id="role">
416			<?php
417			// Compare user role against currently editable roles.
418			$user_roles = array_intersect( array_values( $profileuser->roles ), array_keys( get_editable_roles() ) );
419			$user_role  = reset( $user_roles );
420
421			// Print the full list of roles with the primary one selected.
422			wp_dropdown_roles( $user_role );
423
424			// Print the 'no role' option. Make it selected if the user has no role yet.
425			if ( $user_role ) {
426				echo '<option value="">' . __( '&mdash; No role for this site &mdash;' ) . '</option>';
427			} else {
428				echo '<option value="" selected="selected">' . __( '&mdash; No role for this site &mdash;' ) . '</option>';
429			}
430			?>
431</select></td></tr>
432			<?php
433		endif; // End if ! IS_PROFILE_PAGE.
434
435		if ( is_multisite() && is_network_admin() && ! IS_PROFILE_PAGE && current_user_can( 'manage_network_options' ) && ! isset( $super_admins ) ) {
436			?>
437<tr class="user-super-admin-wrap"><th><?php _e( 'Super Admin' ); ?></th>
438<td>
439			<?php if ( 0 !== strcasecmp( $profileuser->user_email, get_site_option( 'admin_email' ) ) || ! is_super_admin( $profileuser->ID ) ) : ?>
440<p><label><input type="checkbox" id="super_admin" name="super_admin"<?php checked( is_super_admin( $profileuser->ID ) ); ?> /> <?php _e( 'Grant this user super admin privileges for the Network.' ); ?></label></p>
441<?php else : ?>
442<p><?php _e( 'Super admin privileges cannot be removed because this user has the network admin email.' ); ?></p>
443<?php endif; ?>
444</td></tr>
445		<?php } ?>
446
447<tr class="user-first-name-wrap">
448	<th><label for="first_name"><?php _e( 'First Name' ); ?></label></th>
449	<td><input type="text" name="first_name" id="first_name" value="<?php echo esc_attr( $profileuser->first_name ); ?>" class="regular-text" /></td>
450</tr>
451
452<tr class="user-last-name-wrap">
453	<th><label for="last_name"><?php _e( 'Last Name' ); ?></label></th>
454	<td><input type="text" name="last_name" id="last_name" value="<?php echo esc_attr( $profileuser->last_name ); ?>" class="regular-text" /></td>
455</tr>
456
457<tr class="user-nickname-wrap">
458	<th><label for="nickname"><?php _e( 'Nickname' ); ?> <span class="description"><?php _e( '(required)' ); ?></span></label></th>
459	<td><input type="text" name="nickname" id="nickname" value="<?php echo esc_attr( $profileuser->nickname ); ?>" class="regular-text" /></td>
460</tr>
461
462<tr class="user-display-name-wrap">
463	<th><label for="display_name"><?php _e( 'Display name publicly as' ); ?></label></th>
464	<td>
465		<select name="display_name" id="display_name">
466		<?php
467			$public_display                     = array();
468			$public_display['display_nickname'] = $profileuser->nickname;
469			$public_display['display_username'] = $profileuser->user_login;
470
471		if ( ! empty( $profileuser->first_name ) ) {
472			$public_display['display_firstname'] = $profileuser->first_name;
473		}
474
475		if ( ! empty( $profileuser->last_name ) ) {
476			$public_display['display_lastname'] = $profileuser->last_name;
477		}
478
479		if ( ! empty( $profileuser->first_name ) && ! empty( $profileuser->last_name ) ) {
480			$public_display['display_firstlast'] = $profileuser->first_name . ' ' . $profileuser->last_name;
481			$public_display['display_lastfirst'] = $profileuser->last_name . ' ' . $profileuser->first_name;
482		}
483
484		if ( ! in_array( $profileuser->display_name, $public_display, true ) ) { // Only add this if it isn't duplicated elsewhere.
485			$public_display = array( 'display_displayname' => $profileuser->display_name ) + $public_display;
486		}
487
488			$public_display = array_map( 'trim', $public_display );
489			$public_display = array_unique( $public_display );
490
491		foreach ( $public_display as $id => $item ) {
492			?>
493		<option <?php selected( $profileuser->display_name, $item ); ?>><?php echo $item; ?></option>
494			<?php
495		}
496		?>
497		</select>
498		</td>
499	</tr>
500	</table>
501
502	<h2><?php _e( 'Contact Info' ); ?></h2>
503
504	<table class="form-table" role="presentation">
505	<tr class="user-email-wrap">
506		<th><label for="email"><?php _e( 'Email' ); ?> <span class="description"><?php _e( '(required)' ); ?></span></label></th>
507		<td><input type="email" name="email" id="email" aria-describedby="email-description" value="<?php echo esc_attr( $profileuser->user_email ); ?>" class="regular-text ltr" />
508		<?php
509		if ( $profileuser->ID == $current_user->ID ) :
510			?>
511		<p class="description" id="email-description">
512			<?php _e( 'If you change this, we will send you an email at your new address to confirm it. <strong>The new address will not become active until confirmed.</strong>' ); ?>
513		</p>
514			<?php
515		endif;
516
517		$new_email = get_user_meta( $current_user->ID, '_new_email', true );
518		if ( $new_email && $new_email['newemail'] != $current_user->user_email && $profileuser->ID == $current_user->ID ) :
519			?>
520		<div class="updated inline">
521		<p>
522			<?php
523			printf(
524				/* translators: %s: New email. */
525				__( 'There is a pending change of your email to %s.' ),
526				'<code>' . esc_html( $new_email['newemail'] ) . '</code>'
527			);
528			printf(
529				' <a href="%1$s">%2$s</a>',
530				esc_url( wp_nonce_url( self_admin_url( 'profile.php?dismiss=' . $current_user->ID . '_new_email' ), 'dismiss-' . $current_user->ID . '_new_email' ) ),
531				__( 'Cancel' )
532			);
533			?>
534		</p>
535		</div>
536		<?php endif; ?>
537	</td>
538	</tr>
539
540	<tr class="user-url-wrap">
541	<th><label for="url"><?php _e( 'Website' ); ?></label></th>
542	<td><input type="url" name="url" id="url" value="<?php echo esc_attr( $profileuser->user_url ); ?>" class="regular-text code" /></td>
543	</tr>
544
545		<?php
546		foreach ( wp_get_user_contact_methods( $profileuser ) as $name => $desc ) {
547			?>
548	<tr class="user-<?php echo $name; ?>-wrap">
549<th><label for="<?php echo $name; ?>">
550			<?php
551			/**
552			 * Filters a user contactmethod label.
553			 *
554			 * The dynamic portion of the filter hook, `$name`, refers to
555			 * each of the keys in the contactmethods array.
556			 *
557			 * @since 2.9.0
558			 *
559			 * @param string $desc The translatable label for the contactmethod.
560			 */
561			echo apply_filters( "user_{$name}_label", $desc );
562			?>
563	</label></th>
564	<td><input type="text" name="<?php echo $name; ?>" id="<?php echo $name; ?>" value="<?php echo esc_attr( $profileuser->$name ); ?>" class="regular-text" /></td>
565	</tr>
566			<?php
567		}
568		?>
569	</table>
570
571	<h2><?php IS_PROFILE_PAGE ? _e( 'About Yourself' ) : _e( 'About the user' ); ?></h2>
572
573<table class="form-table" role="presentation">
574<tr class="user-description-wrap">
575	<th><label for="description"><?php _e( 'Biographical Info' ); ?></label></th>
576	<td><textarea name="description" id="description" rows="5" cols="30"><?php echo $profileuser->description; // textarea_escaped ?></textarea>
577	<p class="description"><?php _e( 'Share a little biographical information to fill out your profile. This may be shown publicly.' ); ?></p></td>
578</tr>
579
580		<?php if ( get_option( 'show_avatars' ) ) : ?>
581<tr class="user-profile-picture">
582	<th><?php _e( 'Profile Picture' ); ?></th>
583	<td>
584			<?php echo get_avatar( $user_id ); ?>
585		<p class="description">
586			<?php
587			if ( IS_PROFILE_PAGE ) {
588				$description = sprintf(
589					/* translators: %s: Gravatar URL. */
590					__( '<a href="%s">You can change your profile picture on Gravatar</a>.' ),
591					__( 'https://en.gravatar.com/' )
592				);
593			} else {
594				$description = '';
595			}
596
597			/**
598			 * Filters the user profile picture description displayed under the Gravatar.
599			 *
600			 * @since 4.4.0
601			 * @since 4.7.0 Added the `$profileuser` parameter.
602			 *
603			 * @param string  $description The description that will be printed.
604			 * @param WP_User $profileuser The current WP_User object.
605			 */
606			echo apply_filters( 'user_profile_picture_description', $description, $profileuser );
607			?>
608		</p>
609	</td>
610</tr>
611<?php endif; ?>
612		<?php
613		/**
614		 * Filters the display of the password fields.
615		 *
616		 * @since 1.5.1
617		 * @since 2.8.0 Added the `$profileuser` parameter.
618		 * @since 4.4.0 Now evaluated only in user-edit.php.
619		 *
620		 * @param bool    $show        Whether to show the password fields. Default true.
621		 * @param WP_User $profileuser User object for the current user to edit.
622		 */
623		$show_password_fields = apply_filters( 'show_password_fields', true, $profileuser );
624		if ( $show_password_fields ) :
625			?>
626	</table>
627
628	<h2><?php _e( 'Account Management' ); ?></h2>
629<table class="form-table" role="presentation">
630<tr id="password" class="user-pass1-wrap">
631	<th><label for="pass1"><?php _e( 'New Password' ); ?></label></th>
632	<td>
633		<input class="hidden" value=" " /><!-- #24364 workaround -->
634		<button type="button" class="button wp-generate-pw hide-if-no-js" aria-expanded="false"><?php _e( 'Set New Password' ); ?></button>
635		<div class="wp-pwd hide-if-js">
636			<span class="password-input-wrapper">
637				<input type="password" name="pass1" id="pass1" class="regular-text" value="" autocomplete="off" data-pw="<?php echo esc_attr( wp_generate_password( 24 ) ); ?>" aria-describedby="pass-strength-result" />
638			</span>
639			<button type="button" class="button wp-hide-pw hide-if-no-js" data-toggle="0" aria-label="<?php esc_attr_e( 'Hide password' ); ?>">
640				<span class="dashicons dashicons-hidden" aria-hidden="true"></span>
641				<span class="text"><?php _e( 'Hide' ); ?></span>
642			</button>
643			<button type="button" class="button wp-cancel-pw hide-if-no-js" data-toggle="0" aria-label="<?php esc_attr_e( 'Cancel password change' ); ?>">
644				<span class="dashicons dashicons-no" aria-hidden="true"></span>
645				<span class="text"><?php _e( 'Cancel' ); ?></span>
646			</button>
647			<div style="display:none" id="pass-strength-result" aria-live="polite"></div>
648		</div>
649	</td>
650</tr>
651<tr class="user-pass2-wrap hide-if-js">
652	<th scope="row"><label for="pass2"><?php _e( 'Repeat New Password' ); ?></label></th>
653	<td>
654	<input name="pass2" type="password" id="pass2" class="regular-text" value="" autocomplete="off" aria-describedby="pass2-desc" />
655			<?php if ( IS_PROFILE_PAGE ) : ?>
656				<p class="description" id="pass2-desc"><?php _e( 'Type your new password again.' ); ?></p>
657			<?php else : ?>
658				<p class="description" id="pass2-desc"><?php _e( 'Type the new password again.' ); ?></p>
659			<?php endif; ?>
660	</td>
661</tr>
662<tr class="pw-weak">
663	<th><?php _e( 'Confirm Password' ); ?></th>
664	<td>
665		<label>
666			<input type="checkbox" name="pw_weak" class="pw-checkbox" />
667			<span id="pw-weak-text-label"><?php _e( 'Confirm use of weak password' ); ?></span>
668		</label>
669	</td>
670</tr>
671	<?php endif; ?>
672
673		<?php
674		// Allow admins to send reset password link.
675		if ( ! IS_PROFILE_PAGE ) :
676			?>
677	<tr class="user-generate-reset-link-wrap hide-if-no-js">
678		<th><?php _e( 'Password Reset' ); ?></th>
679		<td>
680			<div class="generate-reset-link">
681				<button type="button" class="button button-secondary" id="generate-reset-link">
682					<?php _e( 'Send Reset Link' ); ?>
683				</button>
684			</div>
685			<p class="description">
686				<?php
687				/* translators: %s: User's display name. */
688				printf( __( 'Send %s a link to reset their password. This will not change their password, nor will it force a change.' ), esc_html( $profileuser->display_name ) );
689				?>
690			</p>
691		</td>
692	</tr>
693		<?php endif; ?>
694
695		<?php
696		if ( IS_PROFILE_PAGE && count( $sessions->get_all() ) === 1 ) :
697			?>
698	<tr class="user-sessions-wrap hide-if-no-js">
699		<th><?php _e( 'Sessions' ); ?></th>
700		<td aria-live="assertive">
701			<div class="destroy-sessions"><button type="button" disabled class="button"><?php _e( 'Log Out Everywhere Else' ); ?></button></div>
702			<p class="description">
703				<?php _e( 'You are only logged in at this location.' ); ?>
704			</p>
705		</td>
706	</tr>
707<?php elseif ( IS_PROFILE_PAGE && count( $sessions->get_all() ) > 1 ) : ?>
708	<tr class="user-sessions-wrap hide-if-no-js">
709		<th><?php _e( 'Sessions' ); ?></th>
710		<td aria-live="assertive">
711			<div class="destroy-sessions"><button type="button" class="button" id="destroy-sessions"><?php _e( 'Log Out Everywhere Else' ); ?></button></div>
712			<p class="description">
713				<?php _e( 'Did you lose your phone or leave your account logged in at a public computer? You can log out everywhere else, and stay logged in here.' ); ?>
714			</p>
715		</td>
716	</tr>
717<?php elseif ( ! IS_PROFILE_PAGE && $sessions->get_all() ) : ?>
718	<tr class="user-sessions-wrap hide-if-no-js">
719		<th><?php _e( 'Sessions' ); ?></th>
720		<td>
721			<p><button type="button" class="button" id="destroy-sessions"><?php _e( 'Log Out Everywhere' ); ?></button></p>
722			<p class="description">
723				<?php
724				/* translators: %s: User's display name. */
725				printf( __( 'Log %s out of all locations.' ), $profileuser->display_name );
726				?>
727			</p>
728		</td>
729	</tr>
730<?php endif; ?>
731
732	</table>
733
734
735		<?php if ( wp_is_application_passwords_available_for_user( $user_id ) ) : ?>
736	<div class="application-passwords hide-if-no-js" id="application-passwords-section">
737		<h2><?php _e( 'Application Passwords' ); ?></h2>
738		<p><?php _e( 'Application passwords allow authentication via non-interactive systems, such as XML-RPC or the REST API, without providing your actual password. Application passwords can be easily revoked. They cannot be used for traditional logins to your website.' ); ?></p>
739			<?php
740			if ( is_multisite() ) {
741				$blogs       = get_blogs_of_user( $user_id, true );
742				$blogs_count = count( $blogs );
743				if ( $blogs_count > 1 ) {
744					?>
745					<p>
746						<?php
747						printf(
748							/* translators: 1: URL to my-sites.php, 2: Number of sites the user has. */
749							_n(
750								'Application passwords grant access to <a href="%1$s">the %2$s site in this installation that you have permissions on</a>.',
751								'Application passwords grant access to <a href="%1$s">all %2$s sites in this installation that you have permissions on</a>.',
752								$blogs_count
753							),
754							admin_url( 'my-sites.php' ),
755							number_format_i18n( $blogs_count )
756						);
757						?>
758					</p>
759					<?php
760				}
761			}
762
763			if ( ! wp_is_site_protected_by_basic_auth( 'front' ) ) {
764				?>
765			<div class="create-application-password form-wrap">
766				<div class="form-field">
767					<label for="new_application_password_name"><?php _e( 'New Application Password Name' ); ?></label>
768					<input type="text" size="30" id="new_application_password_name" name="new_application_password_name" placeholder="<?php esc_attr_e( 'WordPress App on My Phone' ); ?>" class="input" aria-required="true" aria-describedby="new_application_password_name_desc" />
769					<p class="description" id="new_application_password_name_desc"><?php _e( 'Required to create an Application Password, but not to update the user.' ); ?></p>
770				</div>
771
772				<?php
773				/**
774				 * Fires in the create Application Passwords form.
775				 *
776				 * @since 5.6.0
777				 *
778				 * @param WP_User $profileuser The current WP_User object.
779				 */
780				do_action( 'wp_create_application_password_form', $profileuser );
781				?>
782
783				<button type="button" name="do_new_application_password" id="do_new_application_password" class="button button-secondary"><?php _e( 'Add New Application Password' ); ?></button>
784			</div>
785		<?php } else { ?>
786			<div class="notice notice-error inline">
787				<p><?php _e( 'Your website appears to use Basic Authentication, which is not currently compatible with Application Passwords.' ); ?></p>
788			</div>
789		<?php } ?>
790
791		<div class="application-passwords-list-table-wrapper">
792			<?php
793			$application_passwords_list_table = _get_list_table( 'WP_Application_Passwords_List_Table', array( 'screen' => 'application-passwords-user' ) );
794			$application_passwords_list_table->prepare_items();
795			$application_passwords_list_table->display();
796			?>
797		</div>
798	</div>
799<?php endif; ?>
800
801		<?php
802		if ( IS_PROFILE_PAGE ) {
803			/**
804			 * Fires after the 'About Yourself' settings table on the 'Profile' editing screen.
805			 *
806			 * The action only fires if the current user is editing their own profile.
807			 *
808			 * @since 2.0.0
809			 *
810			 * @param WP_User $profileuser The current WP_User object.
811			 */
812			do_action( 'show_user_profile', $profileuser );
813		} else {
814			/**
815			 * Fires after the 'About the User' settings table on the 'Edit User' screen.
816			 *
817			 * @since 2.0.0
818			 *
819			 * @param WP_User $profileuser The current WP_User object.
820			 */
821			do_action( 'edit_user_profile', $profileuser );
822		}
823		?>
824
825		<?php
826		/**
827		 * Filters whether to display additional capabilities for the user.
828		 *
829		 * The 'Additional Capabilities' section will only be enabled if
830		 * the number of the user's capabilities exceeds their number of
831		 * roles.
832		 *
833		 * @since 2.8.0
834		 *
835		 * @param bool    $enable      Whether to display the capabilities. Default true.
836		 * @param WP_User $profileuser The current WP_User object.
837		 */
838		if ( count( $profileuser->caps ) > count( $profileuser->roles )
839		&& apply_filters( 'additional_capabilities_display', true, $profileuser )
840		) :
841			?>
842	<h2><?php _e( 'Additional Capabilities' ); ?></h2>
843<table class="form-table" role="presentation">
844<tr class="user-capabilities-wrap">
845	<th scope="row"><?php _e( 'Capabilities' ); ?></th>
846	<td>
847			<?php
848			$output = '';
849			foreach ( $profileuser->caps as $cap => $value ) {
850				if ( ! $wp_roles->is_role( $cap ) ) {
851					if ( '' != $output ) {
852						$output .= ', ';
853					}
854
855					if ( $value ) {
856						$output .= $cap;
857					} else {
858						/* translators: %s: Capability name. */
859						$output .= sprintf( __( 'Denied: %s' ), $cap );
860					}
861				}
862			}
863			echo $output;
864			?>
865	</td>
866</tr>
867</table>
868	<?php endif; ?>
869
870<input type="hidden" name="action" value="update" />
871<input type="hidden" name="user_id" id="user_id" value="<?php echo esc_attr( $user_id ); ?>" />
872
873		<?php submit_button( IS_PROFILE_PAGE ? __( 'Update Profile' ) : __( 'Update User' ) ); ?>
874
875</form>
876</div>
877		<?php
878		break;
879}
880?>
881<script type="text/javascript">
882	if (window.location.hash == '#password') {
883		document.getElementById('pass1').focus();
884	}
885</script>
886
887<?php if ( isset( $application_passwords_list_table ) ) : ?>
888	<script type="text/html" id="tmpl-new-application-password">
889		<div class="notice notice-success is-dismissible new-application-password-notice" role="alert" tabindex="-1">
890			<p class="application-password-display">
891				<label for="new-application-password-value">
892					<?php
893					printf(
894						/* translators: %s: Application name. */
895						__( 'Your new password for %s is:' ),
896						'<strong>{{ data.name }}</strong>'
897					);
898					?>
899				</label>
900				<input id="new-application-password-value" type="text" class="code" readonly="readonly" value="{{ data.password }}" />
901			</p>
902			<p><?php _e( 'Be sure to save this in a safe location. You will not be able to retrieve it.' ); ?></p>
903			<button type="button" class="notice-dismiss">
904				<span class="screen-reader-text"><?php _e( 'Dismiss this notice.' ); ?></span>
905			</button>
906		</div>
907	</script>
908
909	<script type="text/html" id="tmpl-application-password-row">
910		<?php $application_passwords_list_table->print_js_template_row(); ?>
911	</script>
912<?php endif; ?>
913<?php
914require_once ABSPATH . 'wp-admin/admin-footer.php';
915