1<?php
2/**
3 * Multisite sites administration panel.
4 *
5 * @package WordPress
6 * @subpackage Multisite
7 * @since 3.0.0
8 */
9
10/** Load WordPress Administration Bootstrap */
11require_once __DIR__ . '/admin.php';
12
13if ( ! current_user_can( 'manage_sites' ) ) {
14	wp_die( __( 'Sorry, you are not allowed to access this page.' ), 403 );
15}
16
17$wp_list_table = _get_list_table( 'WP_MS_Sites_List_Table' );
18$pagenum       = $wp_list_table->get_pagenum();
19
20$title       = __( 'Sites' );
21$parent_file = 'sites.php';
22
23add_screen_option( 'per_page' );
24
25get_current_screen()->add_help_tab(
26	array(
27		'id'      => 'overview',
28		'title'   => __( 'Overview' ),
29		'content' =>
30			'<p>' . __( 'Add New takes you to the Add New Site screen. You can search for a site by Name, ID number, or IP address. Screen Options allows you to choose how many sites to display on one page.' ) . '</p>' .
31			'<p>' . __( 'This is the main table of all sites on this network. Switch between list and excerpt views by using the icons above the right side of the table.' ) . '</p>' .
32			'<p>' . __( 'Hovering over each site reveals seven options (three for the primary site):' ) . '</p>' .
33			'<ul><li>' . __( 'An Edit link to a separate Edit Site screen.' ) . '</li>' .
34			'<li>' . __( 'Dashboard leads to the Dashboard for that site.' ) . '</li>' .
35			'<li>' . __( 'Deactivate, Archive, and Spam which lead to confirmation screens. These actions can be reversed later.' ) . '</li>' .
36			'<li>' . __( 'Delete which is a permanent action after the confirmation screens.' ) . '</li>' .
37			'<li>' . __( 'Visit to go to the front-end site live.' ) . '</li></ul>' .
38			'<p>' . __( 'The site ID is used internally, and is not shown on the front end of the site or to users/viewers.' ) . '</p>' .
39			'<p>' . __( 'Clicking on bold headings can re-sort this table.' ) . '</p>',
40	)
41);
42
43get_current_screen()->set_help_sidebar(
44	'<p><strong>' . __( 'For more information:' ) . '</strong></p>' .
45	'<p>' . __( '<a href="https://wordpress.org/support/article/network-admin-sites-screen/">Documentation on Site Management</a>' ) . '</p>' .
46	'<p>' . __( '<a href="https://wordpress.org/support/forum/multisite/">Support Forums</a>' ) . '</p>'
47);
48
49get_current_screen()->set_screen_reader_content(
50	array(
51		'heading_pagination' => __( 'Sites list navigation' ),
52		'heading_list'       => __( 'Sites list' ),
53	)
54);
55
56$id = isset( $_REQUEST['id'] ) ? (int) $_REQUEST['id'] : 0;
57
58if ( isset( $_GET['action'] ) ) {
59	/** This action is documented in wp-admin/network/edit.php */
60	do_action( 'wpmuadminedit' );
61
62	// A list of valid actions and their associated messaging for confirmation output.
63	$manage_actions = array(
64		/* translators: %s: Site URL. */
65		'activateblog'   => __( 'You are about to activate the site %s.' ),
66		/* translators: %s: Site URL. */
67		'deactivateblog' => __( 'You are about to deactivate the site %s.' ),
68		/* translators: %s: Site URL. */
69		'unarchiveblog'  => __( 'You are about to unarchive the site %s.' ),
70		/* translators: %s: Site URL. */
71		'archiveblog'    => __( 'You are about to archive the site %s.' ),
72		/* translators: %s: Site URL. */
73		'unspamblog'     => __( 'You are about to unspam the site %s.' ),
74		/* translators: %s: Site URL. */
75		'spamblog'       => __( 'You are about to mark the site %s as spam.' ),
76		/* translators: %s: Site URL. */
77		'deleteblog'     => __( 'You are about to delete the site %s.' ),
78		/* translators: %s: Site URL. */
79		'unmatureblog'   => __( 'You are about to mark the site %s as mature.' ),
80		/* translators: %s: Site URL. */
81		'matureblog'     => __( 'You are about to mark the site %s as not mature.' ),
82	);
83
84	if ( 'confirm' === $_GET['action'] ) {
85		// The action2 parameter contains the action being taken on the site.
86		$site_action = $_GET['action2'];
87
88		if ( ! array_key_exists( $site_action, $manage_actions ) ) {
89			wp_die( __( 'The requested action is not valid.' ) );
90		}
91
92		// The mature/unmature UI exists only as external code. Check the "confirm" nonce for backward compatibility.
93		if ( 'matureblog' === $site_action || 'unmatureblog' === $site_action ) {
94			check_admin_referer( 'confirm' );
95		} else {
96			check_admin_referer( $site_action . '_' . $id );
97		}
98
99		if ( ! headers_sent() ) {
100			nocache_headers();
101			header( 'Content-Type: text/html; charset=utf-8' );
102		}
103
104		if ( get_network()->site_id == $id ) {
105			wp_die( __( 'Sorry, you are not allowed to change the current site.' ) );
106		}
107
108		$site_details = get_site( $id );
109		$site_address = untrailingslashit( $site_details->domain . $site_details->path );
110
111		require_once ABSPATH . 'wp-admin/admin-header.php';
112		?>
113			<div class="wrap">
114				<h1><?php _e( 'Confirm your action' ); ?></h1>
115				<form action="sites.php?action=<?php echo esc_attr( $site_action ); ?>" method="post">
116					<input type="hidden" name="action" value="<?php echo esc_attr( $site_action ); ?>" />
117					<input type="hidden" name="id" value="<?php echo esc_attr( $id ); ?>" />
118					<input type="hidden" name="_wp_http_referer" value="<?php echo esc_attr( wp_get_referer() ); ?>" />
119					<?php wp_nonce_field( $site_action . '_' . $id, '_wpnonce', false ); ?>
120					<p><?php printf( $manage_actions[ $site_action ], $site_address ); ?></p>
121					<?php submit_button( __( 'Confirm' ), 'primary' ); ?>
122				</form>
123			</div>
124		<?php
125		require_once ABSPATH . 'wp-admin/admin-footer.php';
126		exit;
127	} elseif ( array_key_exists( $_GET['action'], $manage_actions ) ) {
128		$action = $_GET['action'];
129		check_admin_referer( $action . '_' . $id );
130	} elseif ( 'allblogs' === $_GET['action'] ) {
131		check_admin_referer( 'bulk-sites' );
132	}
133
134	$updated_action = '';
135
136	switch ( $_GET['action'] ) {
137
138		case 'deleteblog':
139			if ( ! current_user_can( 'delete_sites' ) ) {
140				wp_die( __( 'Sorry, you are not allowed to access this page.' ), '', array( 'response' => 403 ) );
141			}
142
143			$updated_action = 'not_deleted';
144			if ( '0' != $id && get_network()->site_id != $id && current_user_can( 'delete_site', $id ) ) {
145				wpmu_delete_blog( $id, true );
146				$updated_action = 'delete';
147			}
148			break;
149
150		case 'delete_sites':
151			check_admin_referer( 'ms-delete-sites' );
152
153			foreach ( (array) $_POST['site_ids'] as $site_id ) {
154				$site_id = (int) $site_id;
155
156				if ( get_network()->site_id == $site_id ) {
157					continue;
158				}
159
160				if ( ! current_user_can( 'delete_site', $site_id ) ) {
161					$site         = get_site( $site_id );
162					$site_address = untrailingslashit( $site->domain . $site->path );
163
164					wp_die(
165						sprintf(
166							/* translators: %s: Site URL. */
167							__( 'Sorry, you are not allowed to delete the site %s.' ),
168							$site_address
169						),
170						403
171					);
172				}
173
174				$updated_action = 'all_delete';
175				wpmu_delete_blog( $site_id, true );
176			}
177			break;
178
179		case 'allblogs':
180			if ( isset( $_POST['action'] ) && isset( $_POST['allblogs'] ) ) {
181				$doaction = $_POST['action'];
182
183				foreach ( (array) $_POST['allblogs'] as $key => $val ) {
184					if ( '0' != $val && get_network()->site_id != $val ) {
185						switch ( $doaction ) {
186							case 'delete':
187								require_once ABSPATH . 'wp-admin/admin-header.php';
188								?>
189								<div class="wrap">
190									<h1><?php _e( 'Confirm your action' ); ?></h1>
191									<form action="sites.php?action=delete_sites" method="post">
192										<input type="hidden" name="action" value="delete_sites" />
193										<input type="hidden" name="_wp_http_referer" value="<?php echo esc_attr( wp_get_referer() ); ?>" />
194										<?php wp_nonce_field( 'ms-delete-sites', '_wpnonce', false ); ?>
195										<p><?php _e( 'You are about to delete the following sites:' ); ?></p>
196										<ul class="ul-disc">
197											<?php
198											foreach ( $_POST['allblogs'] as $site_id ) :
199												$site         = get_site( $site_id );
200												$site_address = untrailingslashit( $site->domain . $site->path );
201												?>
202												<li>
203													<?php echo $site_address; ?>
204													<input type="hidden" name="site_ids[]" value="<?php echo (int) $site_id; ?>" />
205												</li>
206											<?php endforeach; ?>
207										</ul>
208										<?php submit_button( __( 'Confirm' ), 'primary' ); ?>
209									</form>
210								</div>
211								<?php
212								require_once ABSPATH . 'wp-admin/admin-footer.php';
213								exit;
214							break;
215
216							case 'spam':
217							case 'notspam':
218								$updated_action = ( 'spam' === $doaction ) ? 'all_spam' : 'all_notspam';
219								update_blog_status( $val, 'spam', ( 'spam' === $doaction ) ? '1' : '0' );
220								break;
221						}
222					} else {
223						wp_die( __( 'Sorry, you are not allowed to change the current site.' ) );
224					}
225				}
226
227				if ( ! in_array( $doaction, array( 'delete', 'spam', 'notspam' ), true ) ) {
228					$redirect_to = wp_get_referer();
229					$blogs       = (array) $_POST['allblogs'];
230
231					/** This action is documented in wp-admin/network/site-themes.php */
232					$redirect_to = apply_filters( 'handle_network_bulk_actions-' . get_current_screen()->id, $redirect_to, $doaction, $blogs, $id ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores
233
234					wp_safe_redirect( $redirect_to );
235					exit;
236				}
237			} else {
238				// Process query defined by WP_MS_Site_List_Table::extra_table_nav().
239				$location = remove_query_arg(
240					array( '_wp_http_referer', '_wpnonce' ),
241					add_query_arg( $_POST, network_admin_url( 'sites.php' ) )
242				);
243
244				wp_redirect( $location );
245				exit;
246			}
247
248			break;
249
250		case 'archiveblog':
251		case 'unarchiveblog':
252			update_blog_status( $id, 'archived', ( 'archiveblog' === $_GET['action'] ) ? '1' : '0' );
253			break;
254
255		case 'activateblog':
256			update_blog_status( $id, 'deleted', '0' );
257
258			/**
259			 * Fires after a network site is activated.
260			 *
261			 * @since MU (3.0.0)
262			 *
263			 * @param string $id The ID of the activated site.
264			 */
265			do_action( 'activate_blog', $id );
266			break;
267
268		case 'deactivateblog':
269			/**
270			 * Fires before a network site is deactivated.
271			 *
272			 * @since MU (3.0.0)
273			 *
274			 * @param string $id The ID of the site being deactivated.
275			 */
276			do_action( 'deactivate_blog', $id );
277
278			update_blog_status( $id, 'deleted', '1' );
279			break;
280
281		case 'unspamblog':
282		case 'spamblog':
283			update_blog_status( $id, 'spam', ( 'spamblog' === $_GET['action'] ) ? '1' : '0' );
284			break;
285
286		case 'unmatureblog':
287		case 'matureblog':
288			update_blog_status( $id, 'mature', ( 'matureblog' === $_GET['action'] ) ? '1' : '0' );
289			break;
290	}
291
292	if ( empty( $updated_action ) && array_key_exists( $_GET['action'], $manage_actions ) ) {
293		$updated_action = $_GET['action'];
294	}
295
296	if ( ! empty( $updated_action ) ) {
297		wp_safe_redirect( add_query_arg( array( 'updated' => $updated_action ), wp_get_referer() ) );
298		exit;
299	}
300}
301
302$msg = '';
303if ( isset( $_GET['updated'] ) ) {
304	$action = $_GET['updated'];
305
306	switch ( $action ) {
307		case 'all_notspam':
308			$msg = __( 'Sites removed from spam.' );
309			break;
310		case 'all_spam':
311			$msg = __( 'Sites marked as spam.' );
312			break;
313		case 'all_delete':
314			$msg = __( 'Sites deleted.' );
315			break;
316		case 'delete':
317			$msg = __( 'Site deleted.' );
318			break;
319		case 'not_deleted':
320			$msg = __( 'Sorry, you are not allowed to delete that site.' );
321			break;
322		case 'archiveblog':
323			$msg = __( 'Site archived.' );
324			break;
325		case 'unarchiveblog':
326			$msg = __( 'Site unarchived.' );
327			break;
328		case 'activateblog':
329			$msg = __( 'Site activated.' );
330			break;
331		case 'deactivateblog':
332			$msg = __( 'Site deactivated.' );
333			break;
334		case 'unspamblog':
335			$msg = __( 'Site removed from spam.' );
336			break;
337		case 'spamblog':
338			$msg = __( 'Site marked as spam.' );
339			break;
340		default:
341			/**
342			 * Filters a specific, non-default, site-updated message in the Network admin.
343			 *
344			 * The dynamic portion of the hook name, `$action`, refers to the non-default
345			 * site update action.
346			 *
347			 * @since 3.1.0
348			 *
349			 * @param string $msg The update message. Default 'Settings saved'.
350			 */
351			$msg = apply_filters( "network_sites_updated_message_{$action}", __( 'Settings saved.' ) );
352			break;
353	}
354
355	if ( ! empty( $msg ) ) {
356		$msg = '<div id="message" class="updated notice is-dismissible"><p>' . $msg . '</p></div>';
357	}
358}
359
360$wp_list_table->prepare_items();
361
362require_once ABSPATH . 'wp-admin/admin-header.php';
363?>
364
365<div class="wrap">
366<h1 class="wp-heading-inline"><?php _e( 'Sites' ); ?></h1>
367
368<?php if ( current_user_can( 'create_sites' ) ) : ?>
369	<a href="<?php echo esc_url( network_admin_url( 'site-new.php' ) ); ?>" class="page-title-action"><?php echo esc_html_x( 'Add New', 'site' ); ?></a>
370<?php endif; ?>
371
372<?php
373if ( isset( $_REQUEST['s'] ) && strlen( $_REQUEST['s'] ) ) {
374	echo '<span class="subtitle">';
375	printf(
376		/* translators: %s: Search query. */
377		__( 'Search results for: %s' ),
378		'<strong>' . esc_html( $s ) . '</strong>'
379	);
380	echo '</span>';
381}
382?>
383
384<hr class="wp-header-end">
385
386<?php $wp_list_table->views(); ?>
387
388<?php echo $msg; ?>
389
390<form method="get" id="ms-search" class="wp-clearfix">
391<?php $wp_list_table->search_box( __( 'Search Sites' ), 'site' ); ?>
392<input type="hidden" name="action" value="blogs" />
393</form>
394
395<form id="form-site-list" action="sites.php?action=allblogs" method="post">
396	<?php $wp_list_table->display(); ?>
397</form>
398</div>
399<?php
400
401require_once ABSPATH . 'wp-admin/admin-footer.php'; ?>
402