Support » Plugin: WP User Manager - User Profile Builder & Membership » Bug duplicate “display-name” of users

Bug duplicate “display-name” of users

  • Resolved Andrew Pisarevsky

    (@renak)


    4 years ago

    Hi. I find bug in the plugin wp-user-manager. Users can specify same display name.
    It’s happened the following way. Suppose we have user with display-name = “Mike Tyson”.
    Then another user is logged, he logged Personal cabinet, Then specify first_name = “Mike” and second_name = “Tyson” will be choose display-name as “Mike Tyson” and he successfully update a profile of his personal cabinet.

    But if you will want update any field these users in wp-admin-panel, you will get “This display name is already in use by someone else. Display names must be unique. ”

    This arises because wp-user-manager/includes/wpum-forms/class-wpum-form-profile.php:125

    Array value $values['account']['user_displayname'] will be equal to “display_nickname || display_firstname || display_lastname || display_firstlast || display_lastfirst” (Depending on the chosen) should be equal to “Display name”.

    and correct it please

    public/wp-content/plugins/wp-user-manager/includes/wpum-forms/class-wpum-form-profile.php:128
public/wp-content/plugins/wp-user-manager/includes/wpum-forms/class-wpum-form-profile.php:132

    On this

    if ( $displayname >= '1' ) {
...
}

if ( $nickname >= '1' ) {
....
}

    wp core version: 4.9.9
    plugin verion: 2.0.8

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Contributor Alessandro Tesoro

    (@alessandrotesoro)

    4 years ago

    Hi @renak

    Thanks for reporting the issue, I’ll have a better look shortly and release a fix as soon as possible.

    Thread Starter Andrew Pisarevsky

    (@renak)

    4 years ago

    I fix this bug next way (Changes labeled // plugin-hack begin, // plugin-hack end)
    bugfix for personal cabinet

    wp-user-manager/includes/wpum-forms/class-wpum-form-profile.php:119

public function validate_nickname( $pass, $fields, $values, $form ) {

        if ( $form == $this->form_name && isset( $values['account']['user_nickname'] ) ) {

            // plugin-hack begin
            global $wpdb;

            $form_display_name = $fields['account']['user_displayname']['options'][$values['account']['user_displayname']];

            // If the user_displayname has changed
            if( $this->user->data->display_name !== $form_display_name ) {
                $displayname = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(ID) FROM $wpdb->users WHERE display_name = %s AND ID <> %d", $form_display_name, $this->user->ID ) );

                if ( $displayname >= '1' ) {
                    return new WP_Error( 'displayname-unique-validation-error', esc_html__( 'This display name is already in use by someone else. Display names must be unique.', 'wp-user-manager' ) );
                }
            }
            // plugin-hack end

            $nickname = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(ID) FROM $wpdb->users as users, $wpdb->usermeta as meta WHERE users.ID = meta.user_id AND meta.meta_key = 'nickname' AND meta.meta_value = %s AND users.ID <> %d", $values['account']['user_nickname'], $this->user->ID ) );

            // plugin-hack begin
            if ( $nickname >= '1' ) {
            // plugin-hack end
                return new WP_Error( 'displayname-unique-validation-error', esc_html__( 'This nickname is already in use by someone else. Nicknames must be unique.', 'wp-user-manager' ) );
            }
        }

        return $pass;
    }

    And bugfix for admin-panel

    wp-user-manager/includes/actions.php:236

function wpum_check_display_name( $user_id ) {

	global $wpdb;

    // plugin-hack begin
    // Getting user data and user meta data.
    $user_data = get_userdata($_POST['user_id']);

    // If the user_displayname has changed
    if( $user_data->data->display_name !== $_POST['display_name'] ) {
        $err['display'] = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(ID) FROM $wpdb->users WHERE display_name = %s AND ID <> %d", $_POST['display_name'], $_POST['user_id'] ) );
    }
    // plugin-hack end

	$err['nick']    = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(ID) FROM $wpdb->users as users, $wpdb->usermeta as meta WHERE users.ID = meta.user_id AND meta.meta_key = 'nickname' AND meta.meta_value = %s AND users.ID <> %d", $_POST['nickname'], $_POST['user_id'] ) );

	foreach ( $err as $key => $e ) {
		if ( $e >= 1 ) {
			add_action( 'user_profile_update_errors', "wpum_check_{$key}_field", 10, 3 );
		}
	}
}

    I have on my site more 60 Not unique “display_name” users. Respectively on other sites too will have not unique “display_name” users which will can’t update
    profile, until change their “display-name” (it’s not logical for users), I suggest you add next condition

    wp-user-manager/includes/wpum-forms/class-wpum-form-profile.php
 
public function validate_nickname( $pass, $fields, $values, $form ) {
    ...
    if( $this->user->data->display_name !== $form_display_name ) {

    wp-user-manager/includes/actions.php

function wpum_check_display_name( $user_id ) {
...
   if( $user_data->data->display_name !== $_POST['display_name'] ) {

    It checks whether user “display name” has changed, if “Yes” then you need to check whether there is the same in the database already, if not changed, we allow the user to update other fields, even if it does not have a unique display name.

    Can you add these conditions or tell us about your alternative solution to this problem?

    And also I found a bug – if we want create user from admin-panel, we can make user with not unique “display name”, when we fill name and second_name, Display_name will fill automatically from the name, second_name without check on unique “display_name”

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Bug duplicate “display-name” of users’ is closed to new replies.

Views