1<?php 2/** 3 * Multisite users administration panel. 4 * 5 * @package WordPress 6 * @subpackage Multisite 7 * @since 3.0.0 8 */ 9 10/** Load WordPress Administration Bootstrap */ 11require_once __DIR__ . '/admin.php'; 12 13if ( ! current_user_can( 'manage_network_users' ) ) { 14 wp_die( __( 'Sorry, you are not allowed to access this page.' ), 403 ); 15} 16 17if ( isset( $_GET['action'] ) ) { 18 /** This action is documented in wp-admin/network/edit.php */ 19 do_action( 'wpmuadminedit' ); 20 21 switch ( $_GET['action'] ) { 22 case 'deleteuser': 23 if ( ! current_user_can( 'manage_network_users' ) ) { 24 wp_die( __( 'Sorry, you are not allowed to access this page.' ), 403 ); 25 } 26 27 check_admin_referer( 'deleteuser' ); 28 29 $id = (int) $_GET['id']; 30 if ( $id > 1 ) { 31 $_POST['allusers'] = array( $id ); // confirm_delete_users() can only handle arrays. 32 $title = __( 'Users' ); 33 $parent_file = 'users.php'; 34 require_once ABSPATH . 'wp-admin/admin-header.php'; 35 echo '<div class="wrap">'; 36 confirm_delete_users( $_POST['allusers'] ); 37 echo '</div>'; 38 require_once ABSPATH . 'wp-admin/admin-footer.php'; 39 } else { 40 wp_redirect( network_admin_url( 'users.php' ) ); 41 } 42 exit; 43 44 case 'allusers': 45 if ( ! current_user_can( 'manage_network_users' ) ) { 46 wp_die( __( 'Sorry, you are not allowed to access this page.' ), 403 ); 47 } 48 49 if ( isset( $_POST['action'] ) && isset( $_POST['allusers'] ) ) { 50 check_admin_referer( 'bulk-users-network' ); 51 52 $doaction = $_POST['action']; 53 $userfunction = ''; 54 55 foreach ( (array) $_POST['allusers'] as $user_id ) { 56 if ( ! empty( $user_id ) ) { 57 switch ( $doaction ) { 58 case 'delete': 59 if ( ! current_user_can( 'delete_users' ) ) { 60 wp_die( __( 'Sorry, you are not allowed to access this page.' ), 403 ); 61 } 62 $title = __( 'Users' ); 63 $parent_file = 'users.php'; 64 require_once ABSPATH . 'wp-admin/admin-header.php'; 65 echo '<div class="wrap">'; 66 confirm_delete_users( $_POST['allusers'] ); 67 echo '</div>'; 68 require_once ABSPATH . 'wp-admin/admin-footer.php'; 69 exit; 70 71 case 'spam': 72 $user = get_userdata( $user_id ); 73 if ( is_super_admin( $user->ID ) ) { 74 wp_die( 75 sprintf( 76 /* translators: %s: User login. */ 77 __( 'Warning! User cannot be modified. The user %s is a network administrator.' ), 78 esc_html( $user->user_login ) 79 ) 80 ); 81 } 82 83 $userfunction = 'all_spam'; 84 $blogs = get_blogs_of_user( $user_id, true ); 85 86 foreach ( (array) $blogs as $details ) { 87 if ( get_network()->site_id != $details->userblog_id ) { // Main blog is not a spam! 88 update_blog_status( $details->userblog_id, 'spam', '1' ); 89 } 90 } 91 92 $user_data = $user->to_array(); 93 $user_data['spam'] = '1'; 94 95 wp_update_user( $user_data ); 96 break; 97 98 case 'notspam': 99 $user = get_userdata( $user_id ); 100 101 $userfunction = 'all_notspam'; 102 $blogs = get_blogs_of_user( $user_id, true ); 103 104 foreach ( (array) $blogs as $details ) { 105 update_blog_status( $details->userblog_id, 'spam', '0' ); 106 } 107 108 $user_data = $user->to_array(); 109 $user_data['spam'] = '0'; 110 111 wp_update_user( $user_data ); 112 break; 113 } 114 } 115 } 116 117 if ( ! in_array( $doaction, array( 'delete', 'spam', 'notspam' ), true ) ) { 118 $sendback = wp_get_referer(); 119 $user_ids = (array) $_POST['allusers']; 120 121 /** This action is documented in wp-admin/network/site-themes.php */ 122 $sendback = apply_filters( 'handle_network_bulk_actions-' . get_current_screen()->id, $sendback, $doaction, $user_ids ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores 123 124 wp_safe_redirect( $sendback ); 125 exit; 126 } 127 128 wp_safe_redirect( 129 add_query_arg( 130 array( 131 'updated' => 'true', 132 'action' => $userfunction, 133 ), 134 wp_get_referer() 135 ) 136 ); 137 } else { 138 $location = network_admin_url( 'users.php' ); 139 140 if ( ! empty( $_REQUEST['paged'] ) ) { 141 $location = add_query_arg( 'paged', (int) $_REQUEST['paged'], $location ); 142 } 143 wp_redirect( $location ); 144 } 145 exit; 146 147 case 'dodelete': 148 check_admin_referer( 'ms-users-delete' ); 149 if ( ! ( current_user_can( 'manage_network_users' ) && current_user_can( 'delete_users' ) ) ) { 150 wp_die( __( 'Sorry, you are not allowed to access this page.' ), 403 ); 151 } 152 153 if ( ! empty( $_POST['blog'] ) && is_array( $_POST['blog'] ) ) { 154 foreach ( $_POST['blog'] as $id => $users ) { 155 foreach ( $users as $blogid => $user_id ) { 156 if ( ! current_user_can( 'delete_user', $id ) ) { 157 continue; 158 } 159 160 if ( ! empty( $_POST['delete'] ) && 'reassign' === $_POST['delete'][ $blogid ][ $id ] ) { 161 remove_user_from_blog( $id, $blogid, (int) $user_id ); 162 } else { 163 remove_user_from_blog( $id, $blogid ); 164 } 165 } 166 } 167 } 168 169 $i = 0; 170 171 if ( is_array( $_POST['user'] ) && ! empty( $_POST['user'] ) ) { 172 foreach ( $_POST['user'] as $id ) { 173 if ( ! current_user_can( 'delete_user', $id ) ) { 174 continue; 175 } 176 wpmu_delete_user( $id ); 177 $i++; 178 } 179 } 180 181 if ( 1 === $i ) { 182 $deletefunction = 'delete'; 183 } else { 184 $deletefunction = 'all_delete'; 185 } 186 187 wp_redirect( 188 add_query_arg( 189 array( 190 'updated' => 'true', 191 'action' => $deletefunction, 192 ), 193 network_admin_url( 'users.php' ) 194 ) 195 ); 196 exit; 197 } 198} 199 200$wp_list_table = _get_list_table( 'WP_MS_Users_List_Table' ); 201$pagenum = $wp_list_table->get_pagenum(); 202$wp_list_table->prepare_items(); 203$total_pages = $wp_list_table->get_pagination_arg( 'total_pages' ); 204 205if ( $pagenum > $total_pages && $total_pages > 0 ) { 206 wp_redirect( add_query_arg( 'paged', $total_pages ) ); 207 exit; 208} 209$title = __( 'Users' ); 210$parent_file = 'users.php'; 211 212add_screen_option( 'per_page' ); 213 214get_current_screen()->add_help_tab( 215 array( 216 'id' => 'overview', 217 'title' => __( 'Overview' ), 218 'content' => 219 '<p>' . __( 'This table shows all users across the network and the sites to which they are assigned.' ) . '</p>' . 220 '<p>' . __( 'Hover over any user on the list to make the edit links appear. The Edit link on the left will take you to their Edit User profile page; the Edit link on the right by any site name goes to an Edit Site screen for that site.' ) . '</p>' . 221 '<p>' . __( 'You can also go to the user’s profile page by clicking on the individual username.' ) . '</p>' . 222 '<p>' . __( 'You can sort the table by clicking on any of the table headings and switch between list and excerpt views by using the icons above the users list.' ) . '</p>' . 223 '<p>' . __( 'The bulk action will permanently delete selected users, or mark/unmark those selected as spam. Spam users will have posts removed and will be unable to sign up again with the same email addresses.' ) . '</p>' . 224 '<p>' . __( 'You can make an existing user an additional super admin by going to the Edit User profile page and checking the box to grant that privilege.' ) . '</p>', 225 ) 226); 227 228get_current_screen()->set_help_sidebar( 229 '<p><strong>' . __( 'For more information:' ) . '</strong></p>' . 230 '<p>' . __( '<a href="https://codex.wordpress.org/Network_Admin_Users_Screen">Documentation on Network Users</a>' ) . '</p>' . 231 '<p>' . __( '<a href="https://wordpress.org/support/forum/multisite/">Support Forums</a>' ) . '</p>' 232); 233 234get_current_screen()->set_screen_reader_content( 235 array( 236 'heading_views' => __( 'Filter users list' ), 237 'heading_pagination' => __( 'Users list navigation' ), 238 'heading_list' => __( 'Users list' ), 239 ) 240); 241 242require_once ABSPATH . 'wp-admin/admin-header.php'; 243 244if ( isset( $_REQUEST['updated'] ) && 'true' == $_REQUEST['updated'] && ! empty( $_REQUEST['action'] ) ) { 245 ?> 246 <div id="message" class="updated notice is-dismissible"><p> 247 <?php 248 switch ( $_REQUEST['action'] ) { 249 case 'delete': 250 _e( 'User deleted.' ); 251 break; 252 case 'all_spam': 253 _e( 'Users marked as spam.' ); 254 break; 255 case 'all_notspam': 256 _e( 'Users removed from spam.' ); 257 break; 258 case 'all_delete': 259 _e( 'Users deleted.' ); 260 break; 261 case 'add': 262 _e( 'User added.' ); 263 break; 264 } 265 ?> 266 </p></div> 267 <?php 268} 269?> 270<div class="wrap"> 271 <h1 class="wp-heading-inline"><?php esc_html_e( 'Users' ); ?></h1> 272 273 <?php 274 if ( current_user_can( 'create_users' ) ) : 275 ?> 276 <a href="<?php echo esc_url( network_admin_url( 'user-new.php' ) ); ?>" class="page-title-action"><?php echo esc_html_x( 'Add New', 'user' ); ?></a> 277 <?php 278 endif; 279 280 if ( strlen( $usersearch ) ) { 281 echo '<span class="subtitle">'; 282 printf( 283 /* translators: %s: Search query. */ 284 __( 'Search results for: %s' ), 285 '<strong>' . esc_html( $usersearch ) . '</strong>' 286 ); 287 echo '</span>'; 288 } 289 ?> 290 291 <hr class="wp-header-end"> 292 293 <?php $wp_list_table->views(); ?> 294 295 <form method="get" class="search-form"> 296 <?php $wp_list_table->search_box( __( 'Search Users' ), 'all-user' ); ?> 297 </form> 298 299 <form id="form-user-list" action="users.php?action=allusers" method="post"> 300 <?php $wp_list_table->display(); ?> 301 </form> 302</div> 303 304<?php require_once ABSPATH . 'wp-admin/admin-footer.php'; ?> 305