1、修复wp_get_attachment_image_src方法返回false导致的bug

2、增加修改昵称和头像的api 3、在wordpress后台用户列表显示注册日期

1、修复wp_get_attachment_image_src方法返回false导致的bug
2、增加修改昵称和头像的api 3、在wordpress后台用户列表显示注册日期
dde14510 · xjb · 461d34d6 · dde14510 · dde14510 · dde14510
7 changed file
--- a/includes/api/ram-rest-attachments-controller.php
+++ b/includes/api/ram-rest-attachments-controller.php
+<?php
+
+use function PHPSTORM_META\elementType;
+
+if ( ! defined( 'ABSPATH' ) ) {
+    exit;
+}
+
+class RAM_REST_Attachments_Controller  extends WP_REST_Controller{
+
+    public function __construct() {
+        
+        $this->namespace     = 'watch-life-net/v1';
+        $this->resource_name = 'attachments';
+    }
+
+    public function register_routes() {
+        register_rest_route( $this->namespace, '/' . $this->resource_name, array(
+            // Here we register the readable endpoint for collections.
+            array(
+                'methods'   => 'POST',
+                'callback'  => array( $this, 'create_item' ),
+                'permission_callback' => array( $this, 'create_item_permissions_check' ),
+                'args'               => array(                   
+                    'js_code' => array(
+                        'required' => true
+                    )
+                )
+                 
+            ),
+            // Register our schema callback.
+            'schema' => array( $this, 'get_public_item_schema' ),
+        ) );
+
+        
+     
+     }
+
+     /**
+     * Creates a single attachment.
+     *
+     * @since 4.7.0
+     *
+     * @param WP_REST_Request $request Full details about the request.
+     * @return WP_Error|WP_REST_Response Response object on success, WP_Error object on failure.
+     */
+    public function create_item( $request ) {
+        // Get the file via $_FILES or raw data.
+        $files = $request->get_file_params();
+        $js_code= $request['js_code']; 
+        $api_result=jscode2session($js_code);
+        if($api_result['errcode'] !=0)
+        {
+            return new WP_Error( 'error', $api_result['errmsg'], array( 'status' => 500 ) );
+        }
+        $openId = $api_result['openid']; 
+        $user = get_user_by('login', $openId); 
+        if(empty($user)) {   
+            return new WP_Error('error', '用户参数错误', array( 'status' => 502 ) );
+        }
+        $userId=(int)$user->ID;
+        $imagestype =isset($request['imagestype'])?$request['imagestype']:"";        
+        $enableUpdateAvatarCount =getEnableUpdateAvatarCount($userId);       
+        if($enableUpdateAvatarCount <1 && $imagestype=="updateAvatar")
+        {
+            return new WP_Error('error', '本年可修改次数为0次', array( 'status' => 200 ) );
+        }
+        $headers = $request->get_headers();
+        if (!empty( $files)) {
+            $file = $this->upload_from_file( $files, $headers);
+            if (is_wp_error($file)) {
+                $message =$file->get_error_message();
+            return new WP_Error( 'error', $message, array( 'status' => 500 ) );            
+            }
+            $url     = $file['url'];
+            $info = pathinfo($file['file']);
+            $fileName =!empty($request['fileName'])?$request['fileName']:$info['filename'];
+            $fileType=$file['type'];
+            $attachment = array(
+                'guid'           => $url,                
+                'post_mime_type' => $fileType, 
+                'post_title'     => $fileName,
+                'post_name' => $info['filename'],
+                'post_content'   => '',
+                'post_status'    => 'inherit',
+                'post_author' => $userId,
+                "comment_status"=>"closed"
+              );
+
+              $attached_file=ltrim( wp_upload_dir()['subdir'],'/') .'/'.$info['filename'] ;
+              $attachmentPostId = wp_insert_attachment($attachment,$attached_file);
+
+            if(!empty($attachmentPostId))
+            {
+                 update_post_meta($attachmentPostId,'_wp_attached_file', ltrim( wp_upload_dir()['subdir'],'/') .'/'.$info['basename'] );
+                 $basename=$info['basename'];
+                 $_filename = wp_upload_dir()['path'].'/'.$basename;
+                 require_once( ABSPATH . 'wp-admin/includes/image.php' );
+                 require_once( ABSPATH . 'wp-admin/includes/media.php' );
+                
+                  //加入以下两行方法，可以在媒体库显示图片的缩略图
+                 $attach_data = wp_generate_attachment_metadata( $attachmentPostId, $_filename);
+                 wp_update_attachment_metadata( $attachmentPostId, $attach_data );
+                
+                if($imagestype=="zanimage")
+                {
+                    update_user_meta($userId,'zanimage',$url);
+                }
+
+                if($imagestype=="updateAvatar")
+                {
+                 
+                    $updateCount=getUpdateAvatarCount($userId);
+                    $updateCount +=1;
+                    setUpdateAvatarCount($userId,$updateCount);
+                    if (delete_user_meta($userId, 'avatar') ) {
+                        update_user_meta($userId,'avatar', $url);
+                    }
+            
+                }
+            }
+
+            $enableUpdateAvatarCount =getEnableUpdateAvatarCount($userId);   
+            $response = array('success' => true ,'message'=>'更新成功','avatar'=>$url,'avatarUrl'=>get_user_meta( $userId, 'avatar', true),'enableUpdateAvatarCount'=>$enableUpdateAvatarCount);
+            $response = rest_ensure_response( $response );
+            return $response; 
+            
+        }
+        else{
+            return new WP_Error( 'error', '参数错误', array( 'status' => 500 ) );
+        }
+    }
+
+
+    /**
+     * Handles an upload via multipart/form-data ($_FILES).
+     *
+     * @since 4.7.0
+     *
+     * @param array $files   Data from the `$_FILES` superglobal.
+     * @param array $headers HTTP headers from the request.
+     * @return array|WP_Error Data from wp_handle_upload().
+     */
+    protected function upload_from_file( $files, $headers ) {
+        if ( empty( $files ) ) {
+            return new WP_Error( 'rest_upload_no_data', __( 'No data supplied.' ), array( 'status' => 400 ) );
+        }
+
+        // Verify hash, if given.
+        if ( ! empty( $headers['content_md5'] ) ) {
+            $content_md5 = array_shift( $headers['content_md5'] );
+            $expected    = trim( $content_md5 );
+            $actual      = md5_file( $files['file']['tmp_name'] );
+
+            if ( $expected !== $actual ) {
+                return new WP_Error( 'rest_upload_hash_mismatch', __( 'Content hash did not match expected.' ), array( 'status' => 412 ) );
+            }
+        }
+
+        $mimes = array(
+             'txt|asc|c|cc|h'=>'text/plain',
+             'jpg|jpeg|jpe' => 'image/jpeg',
+             'gif' => 'image/gif',
+             'png' => 'image/png',
+             'bmp' => 'image/bmp',
+             'tif|tiff' => 'image/tiff',
+             'mp4|m4v' => 'video/mp4',
+             'mp3|m4a' => 'audio/mpeg',
+             'aac' => 'audio/aac',
+             'wav' => 'audio/wav',
+             'pdf' => 'application/pdf',
+             'doc' => 'application/msword',
+             'docx' => 'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
+             'xla|xls|xlt|xlw' => 'application/vnd.ms-excel',
+             'xlsx' => 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
+             'pot|pps|ppt' => 'application/vnd.ms-powerpoint',
+             'pptx' => 'application/vnd.openxmlformats-officedocument.presentationml.presentation'
+        );
+
+        // Pass off to WP to handle the actual upload.
+        $overrides = array(
+            'test_form'   => false,'mimes' => $mimes
+        );
+
+        // Bypasses is_uploaded_file() when running unit tests.
+        if ( defined( 'DIR_TESTDATA' ) && DIR_TESTDATA ) {
+            $overrides['action'] = 'wp_handle_mock_upload';
+        }
+
+        /** Include admin functions to get access to wp_handle_upload() */
+        //require_once ABSPATH . 'wp-admin/includes/admin.php';
+        //
+        if ( ! function_exists( 'wp_handle_upload' ) ) {
+            require_once( ABSPATH . 'wp-admin/includes/file.php' );
+    }
+
+        $file = wp_handle_upload( $files['file'], $overrides );
+
+        if ( isset( $file['error'] ) ) {
+            return new WP_Error( 'rest_upload_unknown_error', $file['error'], array( 'status' => 500 ) );
+        }
+
+        return $file;
+    }
+
+
+    /**
+     * Prepares a single attachment for create or update.
+     *
+     * @since 4.7.0
+     *
+     * @param WP_REST_Request $request Request object.
+     * @return WP_Error|stdClass $prepared_attachment Post object.
+     */
+    protected function prepare_item_for_database( $request ) {
+       
+        // Attachment caption (post_excerpt internally)
+        if ( isset( $request['caption'] ) &&  is_string( $request['caption']) ) {
+            $prepared_attachment->post_excerpt = $request['caption'];
+        }
+
+        // Attachment description (post_content internally)
+        if ( isset( $request['description'] ) &&  is_string( $request['description'] ) ) {
+            $prepared_attachment->post_content = $request['description'];
+        }
+
+        return $prepared_attachment;
+    }
+     /**
+     * Checks if a given request has access to create an attachment.
+     *
+     * @since 4.7.0
+     *
+     * @param WP_REST_Request $request Full details about the request.
+     * @return WP_Error|true Boolean true if the attachment may be created, or a WP_Error if not.
+     */
+    public function create_item_permissions_check( $request ) {      
+       
+        return true;
+    }
+
+    public function get_item_permissions_check( $request ) {      
+        
+        return true;
+    }
+
+
+    public function delete_item_permissions_check( $request ) {      
+        $sessionId=isset($request['sessionid'])?$request['sessionid']:'';
+        $userId =isset($request['userid'])? (int)$request['userid']:0;
+        $checkUser =RAW_Util::checkUser($sessionId,$userId);
+        
+        if(!$checkUser)
+        {
+            return  RAW_Util::errorUserMessage();
+        }
+
+        $postId =isset($request['id'])?(int)$request['id']:0;
+       
+       if( $postId== 0 || !is_int($postId)|| get_post($postId)==null)
+       {
+
+           return new WP_Error( 'error', 'postid参数错误', array( 'status' => 400 ) );
+
+       }   
+        return true;
+    }
+
+    public function create_my_item_permissions_check( $request ) {      
+        $sessionId=isset($request['sessionid'])?$request['sessionid']:'';
+        $userId =isset($request['userid'])? (int)$request['userid']:0;
+        $checkUser =RAW_Util::checkUser($sessionId,$userId);
+        
+        if(!$checkUser)
+        {
+            return  RAW_Util::errorUserMessage();
+        }
+   
+        return true;
+    }
+
+    public function get_media_permissions_check( $request ) {      
+        
+   
+        return true;
+    }
+
+    public function delete_invite_qrcodeimg_permissions_check( $request ) {      
+        
+        $invitecode=$request['invitecode'];
+        global $wpdb;		
+		$wpdb->minapper_weixin_users= $wpdb->prefix.'minapper_weixin_users';
+
+        $sql =$wpdb->prepare("select count(1) from ".$wpdb->minapper_weixin_users." where invitecode=%s",$invitecode);
+		$count =(int)$wpdb->get_var($sql);
+        if($count == 0)
+        {
+            return new WP_Error( 'error', '参数错误', array( 'status' => 400 ) );
+
+        }
+        return true;
+    }
+
+
+    
+
+   
+  
+  }
\ No newline at end of file
--- a/includes/api/ram-rest-weixin-controller.php
+++ b/includes/api/ram-rest-weixin-controller.php
@@ -168,8 +168,105 @@ class RAM_REST_Weixin_Controller  extends WP_REST_Controller{
            'schema' => array( $this, 'get_public_item_schema' ),
            ) );

+            register_rest_route( $this->namespace, '/' . $this->resource_name . '/webchatuserlogin', array(
+                array(
+                    'methods'             => 'POST',
+                    'callback'            => array( $this, 'userlogin' ),
+                    'permission_callback' => array( $this, 'get_openid_permissions_check' ),
+                    'args'                => array(
+                        'context' => $this->get_context_param( array( 'default' => 'view' ) ),                  
+                        'js_code' => array(
+                            'required' => true
+                        )
+                    )
+                ),
+                'schema' => array( $this, 'get_public_item_schema' ),
+                ) );
+
+                register_rest_route($this->namespace, '/' . $this->resource_name . '/updatenickname', array(
+                    array(
+                        'methods'             => 'POST',
+                        'callback'            => array($this, 'updateNickname'),
+                        'permission_callback' => array($this, 'get_openid_permissions_check'),
+                        'args'                => array(
+                            'context' => $this->get_context_param(array('default' => 'view')),
+                            'js_code' => array(
+                                'required' => true
+                            ),
+                            'nickname' => array(
+                                'required' => true
+                            )
+                        )
+                    ),
+                    'schema' => array($this, 'get_public_item_schema'),
+                ));
+               
+
    }

+    
+    function updateNickname($request)
+    {
+        $js_code= $request['js_code']; 
+        $api_result=jscode2session($js_code);
+        if($api_result['errcode'] !=0)
+        {
+            return new WP_Error( 'error', $api_result['errmsg'], array( 'status' => 500 ) );
+        }          
+        $openId = $api_result['openid'];            
+        $user = get_user_by('login', $openId);
+        if(empty($user)) {   
+            return new WP_Error('error', '用户参数错误', array( 'status' => 502 ) );
+        }
+        $userId=(int)$user->ID;
+        $nickname=$request['nickname'];  
+        $count = ram_strLength($nickname);
+        if($count>15)
+        {
+            return new WP_Error( 'error', '用户昵称不能超过15个字符', array( 'status' => 200 ) );
+        }
+
+
+        $data = array(
+            'content' =>$nickname,
+            'openid'   =>$openId,
+            'scene'   =>1,
+            'version'=>2
+            
+        );
+
+        $msgSecCheckResult=security_msgSecCheck($data);
+        $errcode=$msgSecCheckResult['errcode'];		
+        $errmsg=$msgSecCheckResult['errmsg'];
+        if($errcode !=0)
+        {
+            return new WP_Error( 'error', $errmsg, array( 'status' => 200 ) );
+        }
+        $nickname=filterEmoji($nickname);
+        $_nickname=base64_encode($nickname);          
+        $_nickname=strlen($_nickname)>49?substr($_nickname,49):$_nickname; 
+        $userdata =array(
+            'ID'            => $userId,
+            'first_name'	=> $nickname,
+            'nickname'      => $nickname,
+            'user_nicename' => $_nickname,
+            'display_name'  => $nickname
+        );
+        $userId =wp_update_user($userdata);
+        if(is_wp_error($userId)){
+            return new WP_Error( 'error', '设置错误' , array( 'status' => 500 ) );
+        } 
+   
+        $result["code"]="success";            
+        $result["message"]= "设置成功";
+        $result["status"]="200";
+        $result["nickname"]=$nickname;                   
+        $response = rest_ensure_response($result);
+        return $response; 
+        
+    }
+
+
    function updateUserInfo($request)
    {
        $openId =$request['openid'];
@@ -330,96 +427,104 @@ class RAM_REST_Weixin_Controller  extends WP_REST_Controller{

    function userlogin($request)
    {
-        $js_code= $request['js_code'];
-        // $encryptedData=$request['encryptedData'];
-        // $iv=$request['iv'];
-        $avatarUrl=$request['avatarUrl'];
-        $nickname=empty($request['nickname'])?'':$request['nickname'];
-
-
-        $appid = get_option('wf_appid');
-        $appsecret = get_option('wf_secret');
-        if(empty($appid) || empty($appsecret) ){
-            return new WP_Error( 'error', 'appid或appsecret为空', array( 'status' => 500 ) );
+        $js_code= $request['js_code'];       
+        $wxAvatarUrl=$request['avatarUrl'];
+        $wxNickname=$request['nickname']; 
+        $api_result=jscode2session($js_code);
+        if($api_result['errcode'] !=0)
+        {
+            return new WP_Error( 'error', $api_result['errmsg'], array( 'status' => 500 ) );
+        }           
+        $openId = $api_result['openid'];
+        $unionId = $api_result['unionid']; 
+        $userId=0;
+        $_nickname='';
+        $nickname='微信用户';
+        $avatarUrl = plugins_url() . '/' . REST_API_TO_MINIPROGRAM_PLUGIN_NAME . '/images/gravatar.png';
+        if(!empty($wxNickname) && $wxNickname !='微信用户')
+        {
+            $avatarUrl =$wxAvatarUrl;
+            $nickname=filterEmoji($wxNickname);         
+            $_nickname=base64_encode($nickname);          
+            $_nickname=strlen($_nickname)>49?substr($_nickname,49):$_nickname;
        }
        else
-        {        
-            $access_url = "https://api.weixin.qq.com/sns/jscode2session?appid=".$appid."&secret=".$appsecret."&js_code=".$js_code."&grant_type=authorization_code";
-            $access_result = https_request($access_url);
-            if($access_result=='ERROR') {
-                return new WP_Error( 'error', 'API错误：' . json_encode($access_result), array( 'status' => 501 ) );
-            } 
-            $api_result  = json_decode($access_result,true);            
-            if( empty( $api_result['openid'] ) || empty( $api_result['session_key'] )) {
-                return new WP_Error('error', 'API错误：' . json_encode( $api_result ), array( 'status' => 502 ) );
-            }            
-            $openId = $api_result['openid']; 
-            $sessionKey = $api_result['session_key'];  
-            $unionId = $api_result['unionid']; 
-            $userId=0;
-            $nickname=filterEmoji($nickname);         
-            $_nickname=base64_encode($nickname);          
-		    $_nickname=strlen($_nickname)>49?substr($_nickname,49):$_nickname;
-            // $avatarUrl= $data['avatarUrl'];             
-            if(!username_exists($openId) ) {                
-                $new_user_data = apply_filters( 'new_user_data', array(
-                    'user_login'    => $openId,
-                    'first_name'	=> $nickname ,
-                    'nickname'      => $nickname,                    
-                    'user_nicename' => $_nickname,
-                    'display_name'  => $nickname,
-                    'user_pass'     => null,
-                    'user_email'    => $openId.'@weixin.com'
-                ) );                
-                $userId = wp_insert_user( $new_user_data );			
-                if ( is_wp_error( $userId ) || empty($userId) ||  $userId==0 ) {
-                    return new WP_Error( 'error', '插入wordpress用户错误：', array( 'status' => 500 ) );				
-                }
+        {
+            $nickname='微信用户'.ram_randString();
+            $_nickname = $nickname;
+        }
+        $display_name='';              
+        if(!username_exists($openId) ) {                         
+            $new_user_data = apply_filters( 'new_user_data', array(
+                'user_login'    => $openId,
+                'first_name'	=> $nickname ,
+                'nickname'      => $nickname,                    
+                'user_nicename' => $_nickname,
+                'display_name'  => $nickname,
+                'user_pass'     => null,
+                'user_email'    => $openId.'@weixin.com'
+            ) );                
+            $userId = wp_insert_user( $new_user_data );			
+            if ( is_wp_error( $userId ) || empty($userId) ||  $userId==0 ) {
+                return new WP_Error( 'error', '插入wordpress用户错误：', array( 'status' => 500 ) );				
+            }

-                update_user_meta( $userId,'avatar',$avatarUrl);
-                update_user_meta($userId,'usertype',"weixin");
-                update_user_meta($userId,'unionId',$unionId);
+            update_user_meta($userId,'avatar',$avatarUrl);
+            update_user_meta($userId,'usertype',"weixin");
+            update_user_meta($userId,'unionId',$unionId);

-            }            
-            else{
-                $user = get_user_by( 'login', $openId);
-                $userId=   $user->ID;   
+        }            
+        else{
+            $user = get_user_by('login', $openId);
+            $userId=   $user->ID;
+            if(!empty($wxNickname) && $wxNickname !='微信用户')
+            {                     
                $userdata =array(
                    'ID'            => $user->ID,
                    'first_name'	=> $nickname,
                    'nickname'      => $nickname,
                    'user_nicename' => $_nickname,
-                    'display_name'  => $nickname,
-                    'user_email'    => $openId.'@weixin.com'
+                    'display_name'  => $nickname
                );
                $userId =wp_update_user($userdata);
                if(is_wp_error($userId)){
-                    return new WP_Error( 'error', '更新wp用户错误：' , array( 'status' => 500 ) );
+                    return new WP_Error( 'error', '更新wp用户错误' , array( 'status' => 500 ) );
                }             
+            }
+            $display_name= $user->display_name;
+            if(!empty($wxNickname) && $wxNickname !='微信用户')
+            {
                if (delete_user_meta($userId, 'avatar') ) {
                    update_user_meta($userId,'avatar',$avatarUrl);
                }
        
-                if (delete_user_meta($userId, 'usertype') ) {
-                    $flag=update_user_meta($userId,'usertype',"weixin");
-                }
-                
-                if(empty(get_user_meta( $userId, 'unionId', true )))
-                {                  
-                    update_user_meta($userId,'unionId',$unionId);
-                }
-                  
            }
-            $userLevel= getUserLevel($userId);
-            $result["code"]="success";            
-            $result["message"]= "获取用户信息成功";
-            $result["status"]="200";
-            $result["openid"]=$openId;
-            $result["userLevel"]=$userLevel; 
-            $result["userId"]=$userId;            
-            $response = rest_ensure_response($result);
-            return $response; 
-        }  
+            
+            if (delete_user_meta($userId, 'usertype') ) {
+                $flag=update_user_meta($userId,'usertype',"weixin");
+            }
+            
+            if(empty(get_user_meta( $userId, 'unionId', true )))
+            {                  
+                update_user_meta($userId,'unionId',$unionId);
+            }
+                
+        }
+        $userLevel= getUserLevel($userId);
+        $enableUpdateAvatarCount= (int)getEnableUpdateAvatarCount($userId);
+        $result["enableUpdateAvatarCount"]=$enableUpdateAvatarCount;  
+        $result["code"]="success";            
+        $result["message"]= "获取用户信息成功";
+        $result["status"]="200";
+        $result["openid"]=$openId;
+        $result["nickname"]=$display_name;
+        $result["avatarurl"]= get_user_meta( $userId, 'avatar', true );
+        $result["userLevel"]=$userLevel; 
+        $result["userId"]=$userId; 
+        $result["openid"]=$openId;        
+        $response = rest_ensure_response($result);
+        return $response; 
+         
    }

    function sendmessage($request)
@@ -887,11 +992,7 @@ class RAM_REST_Weixin_Controller  extends WP_REST_Controller{

    function get_openid_permissions_check($request)
    {
-      $js_code= $request['js_code'];
-      $encryptedData=$request['encryptedData'];
-      $iv=$request['iv'];
-      $avatarUrl=$request['avatarUrl'];
-      $nickname=empty($request['nickname'])?'':$request['nickname'];
+      $js_code= $request['js_code'];      
      if(empty($js_code))
      {
          return new WP_Error( 'error', 'js_code是空值', array( 'status' => 500 ) );

--- a/includes/filter/ram-custom-users-columns.php
+++ b/includes/filter/ram-custom-users-columns.php
 <?php 
 //禁止直接访问
 if ( ! defined( 'ABSPATH' ) ) exit;
-function users_columns( $columns ){
-    $columns[ 'avatar' ] = __( '头像' );    
+function ram_users_columns( $columns ){
+    $columns[ 'avatar' ] = __( '头像' ); 
+	$columns[ 'registered' ] = '注册时间'; 
    return $columns;
 }
-function  output_users_columns( $var, $columnName, $userId ){
+function  output_ram_users_columns( $var, $columnName, $userId ){
    switch( $columnName ) {
-		case "avatar" :
+		case "avatar":
 			return getAvatar($userId);
-			break;
+			break;	
+		case "registered":
+			return getRegisteredDate($userId);
+			break;	
 	}

 }

+function ram_users_sortable_columns($sortable_columns){
+    $sortable_columns['registered'] = 'registered';
+    return $sortable_columns;
+}
+//最后根据浏览器的 url，重新设置 wordpress 的查询函数
+function ram_users_search_order($obj){
+    if(isset($_REQUEST['orderby']) && $_REQUEST['orderby']=='registered' ){
+        if(!in_array($_REQUEST['order'],array('asc','desc')) ){
+            $_REQUEST['order'] = 'desc';
+        }
+        $obj->query_orderby = "ORDER BY user_registered ".$_REQUEST['order']."";
+    }
+}
+function getRegisteredDate($userId)
+{
+  $user=get_user_by('ID',$userId);
+  $resutlt =$user->user_registered;
+  return $resutlt;
+}
+
 function  getAvatar($userId)
 {
 	$avatar= get_user_meta( $userId, 'avatar', true );
 	if(empty($avatar))
 	{		
-		$avatarImg ='<img  src="'.plugins_url().'/'.REST_API_TO_MINIPROGRAM_PLUGIN_NAME.'/includes/images/gravatar.png"  width="20px" heigth="20px"/>';
+		$avatarImg ='<img  src="'.plugins_url().'/'.REST_API_TO_MINIPROGRAM_PLUGIN_NAME.'/includes/images/gravatar.png"  width="50px" heigth="50px"/>';
 	}
 	else{
-		$avatarImg ='<img  src="'.$avatar.'"  width="20px" heigth="20px"/>';
+		$avatarImg ='<img  src="'.$avatar.'"  width="50px" heigth="50px"/>';
 		
 	}


--- a/includes/ram-api.php
+++ b/includes/ram-api.php
@@ -45,9 +45,7 @@ class RAM_API extends WP_REST_Controller{
        include_once( 'api/ram-rest-categories-controller.php' );
        include_once( 'api/ram-rest-live-controller.php' );
        include_once( 'api/ram-wp-rest-posts-controller.php' );
-        
-        
-        
+        include_once( 'api/ram-rest-attachments-controller.php' );
    }

    /**
@@ -64,6 +62,7 @@ class RAM_API extends WP_REST_Controller{
            'RAM_REST_Categories_Controller',
            'RAM_WP_REST_Posts_Controller',
            'RAM_REST_Live_Controller',
+            'RAM_REST_Attachments_Controller'
            
            
        );

--- a/includes/ram-util.php
+++ b/includes/ram-util.php
@@ -55,24 +55,36 @@ function getPostImages($content,$postId){
    $_data =array();

    if (has_post_thumbnail($postId)) {
-        //获取缩略的ID
-        $thumbnailId = get_post_thumbnail_id($postId);
-
-        //特色图缩略图
-        $image=wp_get_attachment_image_src($thumbnailId, 'thumbnail');
-        $post_thumbnail_image=$image[0];
-        $post_thumbnail_image_150=$image[0];
-        //特色中等图
-        $image=wp_get_attachment_image_src($thumbnailId, 'medium');
-        $post_medium_image=$image[0];
-        $post_medium_image_300=$image[0];
-        //特色大图
-        $image=wp_get_attachment_image_src($thumbnailId, 'large');
-        $post_large_image=$image[0];
-        $post_thumbnail_image_624=$image[0];
-        //特色原图
-        $image=wp_get_attachment_image_src($thumbnailId, 'full');
-        $post_full_image=$image[0];
+         //获取缩略的ID
+         $thumbnailId = get_post_thumbnail_id($postId);
+         //特色图缩略图
+         $image = wp_get_attachment_image_src($thumbnailId, 'thumbnail');
+         if($image !=false)
+         {
+             $post_thumbnail_image = $image[0];
+             $post_thumbnail_image_150 = $image[0];
+         }
+         //特色中等图
+         $image = wp_get_attachment_image_src($thumbnailId, 'medium');
+         if($image !=false)
+         {
+             $post_medium_image = $image[0];
+             $post_medium_image_300 = $image[0];
+         }
+         
+         //特色大图
+         $image = wp_get_attachment_image_src($thumbnailId, 'large');
+         if($image !=false)
+         {
+             $post_large_image = $image[0];
+             $post_thumbnail_image_624 = $image[0];
+         }
+         //特色原图
+         $image = wp_get_attachment_image_src($thumbnailId, 'full');
+         if($image !=false)
+         {
+             $post_full_image = $image[0];
+         }

    }

@@ -925,4 +937,137 @@ function  getPosts($ids)
            if (($ch & 192) == 192) return (substr($str, 0, $i));
        }
        return ($str . $hex);
-    }
\ No newline at end of file
+    }
+
+    function ram_randString()
+    {
+        $code = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
+        $rand = $code[rand(0,25)]
+            .strtoupper(dechex(date('m')))
+            .date('d').substr(time(),-5)
+            .substr(microtime(),2,5)
+            .sprintf('%02d',rand(0,99));
+        for(
+            $a = md5( $rand, true ),
+            $s = '0123456789abcdefjhijklmnopqrstuv',
+            $d = '',
+            $f = 0;
+            $f < 8;
+            $g = ord( $a[ $f ] ),
+            $d .= $s[ ( $g ^ ord( $a[ $f + 8 ] ) ) - $g & 0x1F ],
+            $f++
+        );
+        return  $d;
+    }
+
+    function ram_strLength($str,$charset='utf-8'){  
+        if($charset=='utf-8') $str = iconv('utf-8','gb2312',$str);  
+        $num = strlen($str);  
+        $cnNum = 0;  
+        for($i=0;$i<$num;$i++){  
+        if(ord(substr($str,$i+1,1))>127){  
+        $cnNum++;  
+        $i++;  
+        }  
+        }  
+        $enNum = $num-($cnNum*2);  
+        $number = ($enNum/2)+$cnNum;  
+        return ceil($number);  
+    }
+
+     function security_msgSecCheck($data){
+          
+        $msgSecCheckResult = RAM()->wxapi->msgSecCheck($data);
+		$errcode=$msgSecCheckResult['errcode'];		
+		$errmsg=$msgSecCheckResult['errmsg'];
+        $result=array();
+		if($errcode!=0)
+		{
+            $result['errcode']=$errcode;
+            $result['errmsg']=$errmsg;
+			
+		}
+
+		$checkResult=$msgSecCheckResult['result'];
+		$label=$checkResult['label'];
+		if($label !='100')
+		{
+            $result['errcode']=(int)$label;
+            $result['errmsg']="昵称无法通过审核";
+			
+		}
+        else
+        {
+            $result['errcode']=0;
+            $result['errmsg']="昵称合规合法";
+        }
+
+        return  $result;
+
+
+    }
+
+    function jscode2session($js_code){
+          
+            $appid = get_option('wf_appid');
+            $appsecret = get_option('wf_secret');
+            $api_result=array();
+            if(empty($appid) || empty($appsecret) ){
+                $api_result['errcode']="3";
+                $api_result['errmsg']="appid或appsecret为空";
+                //return new WP_Error( 'error', 'appid或appsecret为空', array( 'status' => 500 ) );
+            }
+            $access_url = "https://api.weixin.qq.com/sns/jscode2session?appid=".$appid."&secret=".$appsecret."&js_code=".$js_code."&grant_type=authorization_code";
+            $access_result = https_request($access_url);
+            
+            if($access_result=='ERROR') {
+
+                $api_result['errcode']="1";
+                $api_result['errmsg']=json_encode($access_result);
+
+                return $api_result;
+                //return new WP_Error( 'error', 'API错误：' . json_encode($access_result), array( 'status' => 501 ) );
+            } 
+            $api_result  = json_decode($access_result,true);            
+            if( empty( $api_result['openid'] ) || empty( $api_result['session_key'] )) {
+                $api_result['errcode']="2";
+                $api_result['errmsg']=json_encode( $api_result );
+                return $api_result;
+               // return new WP_Error('error', 'API错误：' . json_encode( $api_result ), array( 'status' => 502 ) );
+            }            
+            $api_result['errcode']="0";
+            $api_result['errmsg']="获取成功";              
+            return $api_result;
+
+
+    }
+
+    //获取可修改头像的次数
+    function getEnableUpdateAvatarCount($userId){
+        $year=date('Y', time());
+        $updateAvatarCount=$year."-"."updateAvatarCount";
+        $updateCount =empty(get_user_meta($userId,$updateAvatarCount))?0:(int)get_user_meta($userId,$updateAvatarCount,true);
+        $configCount =(int)get_option('wf_updateAvatar_count');
+        $count=$configCount-$updateCount;
+        if($count <0)
+        {
+            $count;
+        }
+        return $count;
+    }
+
+    //获取修改头像的次数
+    function getUpdateAvatarCount($userId){
+        $year=date('Y', time());
+        $updateAvatarCount=$year."-"."updateAvatarCount";
+        $updateCount =empty(get_user_meta($userId,$updateAvatarCount))?0:(int)get_user_meta($userId,$updateAvatarCount,true);
+        return  $updateCount;
+    }
+
+    //设置修改头像的次数
+    function setUpdateAvatarCount($userId,$count){
+        $year=date('Y', time());
+        $updateAvatarCount=$year."-"."updateAvatarCount";
+        update_user_meta($userId,$updateAvatarCount,$count);
+    }
+
--- a/includes/settings/wp-wechat-config.php
+++ b/includes/settings/wp-wechat-config.php
@@ -76,36 +76,7 @@ function register_weixinappsettings() {

    register_setting('weixinapp-group', 'wf_detail_bottom_display_qrcode');
    register_setting('weixinapp-group', 'wf_minapper_qrcode_url');
-    
-    
-    
-
-    
-
-
-
-
-    
-    
-
-
-    
-    
-    
-   
-
-
-    
-
-
-
-
-    
-
-    
-    
-       
-    
+    register_setting('weixinapp-group', 'wf_updateAvatar_count');
    
 }

@@ -182,9 +153,16 @@ if (version_compare(PHP_VERSION, '5.6.0', '<=') )
            <tr valign="top">
                <th scope="row">在小程序里显示的文章分类id</th>
                <td><input type="text" name="wf_display_categories" style="width:400px; height:40px" value="<?php echo esc_attr( get_option('wf_display_categories') ); ?>" />
-                <br /><p style="color: #959595 ; display:inline">* 文章分类id,只支持一级分类,请用英文半角逗号分隔，留空则显示所有分类</p>
+                <p style="color: #959595 ; display:inline">* 文章分类id,只支持一级分类,请用英文半角逗号分隔，留空则显示所有分类</p>
                    </td>
            </tr>
+            <tr valign="top">
+                <th scope="row">用户一年内可修改头像的次数</th>
+                <td><input type="numbver" name="wf_updateAvatar_count" placeholder="3" style="width:50px; height:40px" value="<?php echo esc_attr( get_option('wf_updateAvatar_count') ); ?>" />次
+                <p style="color: #959595 ; display:inline">* 填写整数,留空则修改次数为0次</p>
+                    </td>
+            </tr>
+

            <tr valign="top">
            <th scope="row">选择"关于"页面</th>

--- a/rest-api-to-miniprogram.php
+++ b/rest-api-to-miniprogram.php
@@ -3,7 +3,7 @@
 Plugin Name: REST API TO MiniProgram 微慕小程序
 Plugin URI: https://www.minapper.com
 Description: 为微慕小程序提供定制化WordPress REST API json 输出
-Version: 4.5.2
+Version: 4.6.0
 Author: jianbo
 Author URI: https://www.minapper.com
 License: GPL v3
@@ -46,9 +46,13 @@ if ( ! class_exists( 'RestAPIMiniProgram' ) ) {
            add_filter( 'rest_prepare_comment', 'custom_comment_fields', 10, 3 );
            add_filter( 'rest_prepare_category', 'custom_fields_rest_prepare_category', 10, 3 ); //获取分类的封面图片

-            add_filter( 'manage_users_columns', 'users_columns' );
-			add_action( 'manage_users_custom_column', 'output_users_columns', 10, 3 );
-			//给TinyMCE编辑器增加A标签按钮
+            //定义用户列表
+            add_filter( 'manage_users_columns', 'ram_users_columns' );
+			add_action( 'manage_users_custom_column', 'output_ram_users_columns', 10, 3 );
+            add_filter( "manage_users_sortable_columns", 'ram_users_sortable_columns' );
+			add_action( 'pre_user_query', 'ram_users_search_order' );
+            
+            //给TinyMCE编辑器增加A标签按钮
 			add_action('after_wp_tiny_mce', 'add_tinyMCE_minapper_button');