1<?php 2/** 3 * Edit Site Users Administration Screen 4 * 5 * @package WordPress 6 * @subpackage Multisite 7 * @since 3.1.0 8 */ 9 10/** Load WordPress Administration Bootstrap */ 11require_once __DIR__ . '/admin.php'; 12 13if ( ! current_user_can( 'manage_sites' ) ) { 14 wp_die( __( 'Sorry, you are not allowed to edit this site.' ), 403 ); 15} 16 17$wp_list_table = _get_list_table( 'WP_Users_List_Table' ); 18$wp_list_table->prepare_items(); 19 20get_current_screen()->add_help_tab( get_site_screen_help_tab_args() ); 21get_current_screen()->set_help_sidebar( get_site_screen_help_sidebar_content() ); 22 23get_current_screen()->set_screen_reader_content( 24 array( 25 'heading_views' => __( 'Filter site users list' ), 26 'heading_pagination' => __( 'Site users list navigation' ), 27 'heading_list' => __( 'Site users list' ), 28 ) 29); 30 31$_SERVER['REQUEST_URI'] = remove_query_arg( 'update', $_SERVER['REQUEST_URI'] ); 32$referer = remove_query_arg( 'update', wp_get_referer() ); 33 34if ( ! empty( $_REQUEST['paged'] ) ) { 35 $referer = add_query_arg( 'paged', (int) $_REQUEST['paged'], $referer ); 36} 37 38$id = isset( $_REQUEST['id'] ) ? (int) $_REQUEST['id'] : 0; 39 40if ( ! $id ) { 41 wp_die( __( 'Invalid site ID.' ) ); 42} 43 44$details = get_site( $id ); 45if ( ! $details ) { 46 wp_die( __( 'The requested site does not exist.' ) ); 47} 48 49if ( ! can_edit_network( $details->site_id ) ) { 50 wp_die( __( 'Sorry, you are not allowed to access this page.' ), 403 ); 51} 52 53$is_main_site = is_main_site( $id ); 54 55switch_to_blog( $id ); 56 57$action = $wp_list_table->current_action(); 58 59if ( $action ) { 60 61 switch ( $action ) { 62 case 'newuser': 63 check_admin_referer( 'add-user', '_wpnonce_add-new-user' ); 64 $user = $_POST['user']; 65 if ( ! is_array( $_POST['user'] ) || empty( $user['username'] ) || empty( $user['email'] ) ) { 66 $update = 'err_new'; 67 } else { 68 $password = wp_generate_password( 12, false ); 69 $user_id = wpmu_create_user( esc_html( strtolower( $user['username'] ) ), $password, esc_html( $user['email'] ) ); 70 71 if ( false === $user_id ) { 72 $update = 'err_new_dup'; 73 } else { 74 $result = add_user_to_blog( $id, $user_id, $_POST['new_role'] ); 75 76 if ( is_wp_error( $result ) ) { 77 $update = 'err_add_fail'; 78 } else { 79 $update = 'newuser'; 80 81 /** 82 * Fires after a user has been created via the network site-users.php page. 83 * 84 * @since 4.4.0 85 * 86 * @param int $user_id ID of the newly created user. 87 */ 88 do_action( 'network_site_users_created_user', $user_id ); 89 } 90 } 91 } 92 break; 93 94 case 'adduser': 95 check_admin_referer( 'add-user', '_wpnonce_add-user' ); 96 if ( ! empty( $_POST['newuser'] ) ) { 97 $update = 'adduser'; 98 $newuser = $_POST['newuser']; 99 $user = get_user_by( 'login', $newuser ); 100 if ( $user && $user->exists() ) { 101 if ( ! is_user_member_of_blog( $user->ID, $id ) ) { 102 $result = add_user_to_blog( $id, $user->ID, $_POST['new_role'] ); 103 104 if ( is_wp_error( $result ) ) { 105 $update = 'err_add_fail'; 106 } 107 } else { 108 $update = 'err_add_member'; 109 } 110 } else { 111 $update = 'err_add_notfound'; 112 } 113 } else { 114 $update = 'err_add_notfound'; 115 } 116 break; 117 118 case 'remove': 119 if ( ! current_user_can( 'remove_users' ) ) { 120 wp_die( __( 'Sorry, you are not allowed to remove users.' ), 403 ); 121 } 122 123 check_admin_referer( 'bulk-users' ); 124 125 $update = 'remove'; 126 if ( isset( $_REQUEST['users'] ) ) { 127 $userids = $_REQUEST['users']; 128 129 foreach ( $userids as $user_id ) { 130 $user_id = (int) $user_id; 131 remove_user_from_blog( $user_id, $id ); 132 } 133 } elseif ( isset( $_GET['user'] ) ) { 134 remove_user_from_blog( $_GET['user'] ); 135 } else { 136 $update = 'err_remove'; 137 } 138 break; 139 140 case 'promote': 141 check_admin_referer( 'bulk-users' ); 142 $editable_roles = get_editable_roles(); 143 $role = $_REQUEST['new_role']; 144 145 if ( empty( $editable_roles[ $role ] ) ) { 146 wp_die( __( 'Sorry, you are not allowed to give users that role.' ), 403 ); 147 } 148 149 if ( isset( $_REQUEST['users'] ) ) { 150 $userids = $_REQUEST['users']; 151 $update = 'promote'; 152 foreach ( $userids as $user_id ) { 153 $user_id = (int) $user_id; 154 155 // If the user doesn't already belong to the blog, bail. 156 if ( ! is_user_member_of_blog( $user_id ) ) { 157 wp_die( 158 '<h1>' . __( 'Something went wrong.' ) . '</h1>' . 159 '<p>' . __( 'One of the selected users is not a member of this site.' ) . '</p>', 160 403 161 ); 162 } 163 164 $user = get_userdata( $user_id ); 165 $user->set_role( $role ); 166 } 167 } else { 168 $update = 'err_promote'; 169 } 170 break; 171 default: 172 if ( ! isset( $_REQUEST['users'] ) ) { 173 break; 174 } 175 check_admin_referer( 'bulk-users' ); 176 $userids = $_REQUEST['users']; 177 178 /** This action is documented in wp-admin/network/site-themes.php */ 179 $referer = apply_filters( 'handle_network_bulk_actions-' . get_current_screen()->id, $referer, $action, $userids, $id ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores 180 181 $update = $action; 182 break; 183 } 184 185 wp_safe_redirect( add_query_arg( 'update', $update, $referer ) ); 186 exit; 187} 188 189restore_current_blog(); 190 191if ( isset( $_GET['action'] ) && 'update-site' === $_GET['action'] ) { 192 wp_safe_redirect( $referer ); 193 exit; 194} 195 196add_screen_option( 'per_page' ); 197 198/* translators: %s: Site title. */ 199$title = sprintf( __( 'Edit Site: %s' ), esc_html( $details->blogname ) ); 200 201$parent_file = 'sites.php'; 202$submenu_file = 'sites.php'; 203 204/** 205 * Filters whether to show the Add Existing User form on the Multisite Users screen. 206 * 207 * @since 3.1.0 208 * 209 * @param bool $bool Whether to show the Add Existing User form. Default true. 210 */ 211if ( ! wp_is_large_network( 'users' ) && apply_filters( 'show_network_site_users_add_existing_form', true ) ) { 212 wp_enqueue_script( 'user-suggest' ); 213} 214 215require_once ABSPATH . 'wp-admin/admin-header.php'; ?> 216 217<script type="text/javascript"> 218var current_site_id = <?php echo absint( $id ); ?>; 219</script> 220 221 222<div class="wrap"> 223<h1 id="edit-site"><?php echo $title; ?></h1> 224<p class="edit-site-actions"><a href="<?php echo esc_url( get_home_url( $id, '/' ) ); ?>"><?php _e( 'Visit' ); ?></a> | <a href="<?php echo esc_url( get_admin_url( $id ) ); ?>"><?php _e( 'Dashboard' ); ?></a></p> 225<?php 226 227network_edit_site_nav( 228 array( 229 'blog_id' => $id, 230 'selected' => 'site-users', 231 ) 232); 233 234if ( isset( $_GET['update'] ) ) : 235 switch ( $_GET['update'] ) { 236 case 'adduser': 237 echo '<div id="message" class="updated notice is-dismissible"><p>' . __( 'User added.' ) . '</p></div>'; 238 break; 239 case 'err_add_member': 240 echo '<div id="message" class="error notice is-dismissible"><p>' . __( 'User is already a member of this site.' ) . '</p></div>'; 241 break; 242 case 'err_add_fail': 243 echo '<div id="message" class="error notice is-dismissible"><p>' . __( 'User could not be added to this site.' ) . '</p></div>'; 244 break; 245 case 'err_add_notfound': 246 echo '<div id="message" class="error notice is-dismissible"><p>' . __( 'Enter the username of an existing user.' ) . '</p></div>'; 247 break; 248 case 'promote': 249 echo '<div id="message" class="updated notice is-dismissible"><p>' . __( 'Changed roles.' ) . '</p></div>'; 250 break; 251 case 'err_promote': 252 echo '<div id="message" class="error notice is-dismissible"><p>' . __( 'Select a user to change role.' ) . '</p></div>'; 253 break; 254 case 'remove': 255 echo '<div id="message" class="updated notice is-dismissible"><p>' . __( 'User removed from this site.' ) . '</p></div>'; 256 break; 257 case 'err_remove': 258 echo '<div id="message" class="error notice is-dismissible"><p>' . __( 'Select a user to remove.' ) . '</p></div>'; 259 break; 260 case 'newuser': 261 echo '<div id="message" class="updated notice is-dismissible"><p>' . __( 'User created.' ) . '</p></div>'; 262 break; 263 case 'err_new': 264 echo '<div id="message" class="error notice is-dismissible"><p>' . __( 'Enter the username and email.' ) . '</p></div>'; 265 break; 266 case 'err_new_dup': 267 echo '<div id="message" class="error notice is-dismissible"><p>' . __( 'Duplicated username or email address.' ) . '</p></div>'; 268 break; 269 } 270endif; 271?> 272 273<form class="search-form" method="get"> 274<?php $wp_list_table->search_box( __( 'Search Users' ), 'user' ); ?> 275<input type="hidden" name="id" value="<?php echo esc_attr( $id ); ?>" /> 276</form> 277 278<?php $wp_list_table->views(); ?> 279 280<form method="post" action="site-users.php?action=update-site"> 281 <input type="hidden" name="id" value="<?php echo esc_attr( $id ); ?>" /> 282 283<?php $wp_list_table->display(); ?> 284 285</form> 286 287<?php 288/** 289 * Fires after the list table on the Users screen in the Multisite Network Admin. 290 * 291 * @since 3.1.0 292 */ 293do_action( 'network_site_users_after_list_table' ); 294 295/** This filter is documented in wp-admin/network/site-users.php */ 296if ( current_user_can( 'promote_users' ) && apply_filters( 'show_network_site_users_add_existing_form', true ) ) : 297 ?> 298<h2 id="add-existing-user"><?php _e( 'Add Existing User' ); ?></h2> 299<form action="site-users.php?action=adduser" id="adduser" method="post"> 300 <input type="hidden" name="id" value="<?php echo esc_attr( $id ); ?>" /> 301 <table class="form-table" role="presentation"> 302 <tr> 303 <th scope="row"><label for="newuser"><?php _e( 'Username' ); ?></label></th> 304 <td><input type="text" class="regular-text wp-suggest-user" name="newuser" id="newuser" /></td> 305 </tr> 306 <tr> 307 <th scope="row"><label for="new_role_adduser"><?php _e( 'Role' ); ?></label></th> 308 <td><select name="new_role" id="new_role_adduser"> 309 <?php 310 switch_to_blog( $id ); 311 wp_dropdown_roles( get_option( 'default_role' ) ); 312 restore_current_blog(); 313 ?> 314 </select></td> 315 </tr> 316 </table> 317 <?php wp_nonce_field( 'add-user', '_wpnonce_add-user' ); ?> 318 <?php submit_button( __( 'Add User' ), 'primary', 'add-user', true, array( 'id' => 'submit-add-existing-user' ) ); ?> 319</form> 320<?php endif; ?> 321 322<?php 323/** 324 * Filters whether to show the Add New User form on the Multisite Users screen. 325 * 326 * @since 3.1.0 327 * 328 * @param bool $bool Whether to show the Add New User form. Default true. 329 */ 330if ( current_user_can( 'create_users' ) && apply_filters( 'show_network_site_users_add_new_form', true ) ) : 331 ?> 332<h2 id="add-new-user"><?php _e( 'Add New User' ); ?></h2> 333<form action="<?php echo esc_url( network_admin_url( 'site-users.php?action=newuser' ) ); ?>" id="newuser" method="post"> 334 <input type="hidden" name="id" value="<?php echo esc_attr( $id ); ?>" /> 335 <table class="form-table" role="presentation"> 336 <tr> 337 <th scope="row"><label for="user_username"><?php _e( 'Username' ); ?></label></th> 338 <td><input type="text" class="regular-text" name="user[username]" id="user_username" /></td> 339 </tr> 340 <tr> 341 <th scope="row"><label for="user_email"><?php _e( 'Email' ); ?></label></th> 342 <td><input type="text" class="regular-text" name="user[email]" id="user_email" /></td> 343 </tr> 344 <tr> 345 <th scope="row"><label for="new_role_newuser"><?php _e( 'Role' ); ?></label></th> 346 <td><select name="new_role" id="new_role_newuser"> 347 <?php 348 switch_to_blog( $id ); 349 wp_dropdown_roles( get_option( 'default_role' ) ); 350 restore_current_blog(); 351 ?> 352 </select></td> 353 </tr> 354 <tr class="form-field"> 355 <td colspan="2" class="td-full"><?php _e( 'A password reset link will be sent to the user via email.' ); ?></td> 356 </tr> 357 </table> 358 <?php wp_nonce_field( 'add-user', '_wpnonce_add-new-user' ); ?> 359 <?php submit_button( __( 'Add New User' ), 'primary', 'add-user', true, array( 'id' => 'submit-add-user' ) ); ?> 360</form> 361<?php endif; ?> 362</div> 363<?php 364require_once ABSPATH . 'wp-admin/admin-footer.php'; 365