1<?php
2/**
3 * Add Site Administration Screen
4 *
5 * @package WordPress
6 * @subpackage Multisite
7 * @since 3.1.0
8 */
9
10/** Load WordPress Administration Bootstrap */
11require_once __DIR__ . '/admin.php';
12
13/** WordPress Translation Installation API */
14require_once ABSPATH . 'wp-admin/includes/translation-install.php';
15
16if ( ! current_user_can( 'create_sites' ) ) {
17 wp_die( __( 'Sorry, you are not allowed to add sites to this network.' ) );
18}
19
20get_current_screen()->add_help_tab(
21 array(
22 'id' => 'overview',
23 'title' => __( 'Overview' ),
24 'content' =>
25 '<p>' . __( 'This screen is for Super Admins to add new sites to the network. This is not affected by the registration settings.' ) . '</p>' .
26 '<p>' . __( 'If the admin email for the new site does not exist in the database, a new user will also be created.' ) . '</p>',
27 )
28);
29
30get_current_screen()->set_help_sidebar(
31 '<p><strong>' . __( 'For more information:' ) . '</strong></p>' .
32 '<p>' . __( '<a href="https://developer.wordpress.org/advanced-administration/multisite/admin/#network-admin-sites-screen">Documentation on Site Management</a>' ) . '</p>' .
33 '<p>' . __( '<a href="https://wordpress.org/support/forum/multisite/">Support forums</a>' ) . '</p>'
34);
35
36if ( isset( $_REQUEST['action'] ) && 'add-site' === $_REQUEST['action'] ) {
37 check_admin_referer( 'add-blog', '_wpnonce_add-blog' );
38
39 if ( ! is_array( $_POST['blog'] ) ) {
40 wp_die( __( 'Cannot create an empty site.' ) );
41 }
42
43 $blog = $_POST['blog'];
44 $domain = '';
45
46 $blog['domain'] = trim( $blog['domain'] );
47 if ( preg_match( '|^([a-zA-Z0-9-])+$|', $blog['domain'] ) ) {
48 $domain = strtolower( $blog['domain'] );
49 }
50
51 // If not a subdomain installation, make sure the domain isn't a reserved word.
52 if ( ! is_subdomain_install() ) {
53 $subdirectory_reserved_names = get_subdirectory_reserved_names();
54
55 if ( in_array( $domain, $subdirectory_reserved_names, true ) ) {
56 wp_die(
57 sprintf(
58 /* translators: %s: Reserved names list. */
59 __( 'The following words are reserved for use by WordPress functions and cannot be used as site names: %s' ),
60 '<code>' . implode( '</code>, <code>', $subdirectory_reserved_names ) . '</code>'
61 )
62 );
63 }
64 }
65
66 $title = $blog['title'];
67
68 $meta = array(
69 'public' => 1,
70 );
71
72 // Handle translation installation for the new site.
73 if ( isset( $_POST['WPLANG'] ) ) {
74 if ( '' === $_POST['WPLANG'] ) {
75 $meta['WPLANG'] = ''; // en_US
76 } elseif ( in_array( $_POST['WPLANG'], get_available_languages(), true ) ) {
77 $meta['WPLANG'] = $_POST['WPLANG'];
78 } elseif ( current_user_can( 'install_languages' ) && wp_can_install_language_pack() ) {
79 $language = wp_download_language_pack( wp_unslash( $_POST['WPLANG'] ) );
80 if ( $language ) {
81 $meta['WPLANG'] = $language;
82 }
83 }
84 }
85
86 if ( empty( $title ) ) {
87 wp_die( __( 'Missing site title.' ) );
88 }
89
90 if ( empty( $domain ) ) {
91 wp_die( __( 'Missing or invalid site address.' ) );
92 }
93
94 if ( isset( $blog['email'] ) && '' === trim( $blog['email'] ) ) {
95 wp_die( __( 'Missing email address.' ) );
96 }
97
98 $email = sanitize_email( $blog['email'] );
99 if ( ! is_email( $email ) ) {
100 wp_die( __( 'Invalid email address.' ) );
101 }
102
103 if ( is_subdomain_install() ) {
104 $newdomain = $domain . '.' . preg_replace( '|^www\.|', '', get_network()->domain );
105 $path = get_network()->path;
106 } else {
107 $newdomain = get_network()->domain;
108 $path = get_network()->path . $domain . '/';
109 }
110
111 $password = 'N/A';
112 $user_id = email_exists( $email );
113 if ( ! $user_id ) { // Create a new user with a random password.
114 /**
115 * Fires immediately before a new user is created via the network site-new.php page.
116 *
117 * @since 4.5.0
118 *
119 * @param string $email Email of the non-existent user.
120 */
121 do_action( 'pre_network_site_new_created_user', $email );
122
123 $user_id = username_exists( $domain );
124 if ( $user_id ) {
125 wp_die( __( 'The domain or path entered conflicts with an existing username.' ) );
126 }
127 $password = wp_generate_password( 12, false );
128 $user_id = wpmu_create_user( $domain, $password, $email );
129 if ( false === $user_id ) {
130 wp_die( __( 'There was an error creating the user.' ) );
131 }
132
133 /**
134 * Fires after a new user has been created via the network site-new.php page.
135 *
136 * @since 4.4.0
137 *
138 * @param int $user_id ID of the newly created user.
139 */
140 do_action( 'network_site_new_created_user', $user_id );
141 }
142
143 $wpdb->hide_errors();
144 $id = wpmu_create_blog( $newdomain, $path, $title, $user_id, $meta, get_current_network_id() );
145 $wpdb->show_errors();
146
147 if ( ! is_wp_error( $id ) ) {
148 if ( ! is_super_admin( $user_id ) && ! get_user_option( 'primary_blog', $user_id ) ) {
149 update_user_option( $user_id, 'primary_blog', $id, true );
150 }
151
152 wpmu_new_site_admin_notification( $id, $user_id );
153 wpmu_welcome_notification( $id, $user_id, $password, $title, array( 'public' => 1 ) );
154 wp_redirect(
155 add_query_arg(
156 array(
157 'update' => 'added',
158 'id' => $id,
159 ),
160 'site-new.php'
161 )
162 );
163 exit;
164 } else {
165 wp_die( $id->get_error_message() );
166 }
167}
168
169if ( isset( $_GET['update'] ) ) {
170 $messages = array();
171 if ( 'added' === $_GET['update'] ) {
172 $messages[] = sprintf(
173 /* translators: 1: Dashboard URL, 2: Network admin edit URL. */
174 __( 'Site added. <a href="%1$s">Visit Dashboard</a> or <a href="%2$s">Edit Site</a>' ),
175 esc_url( get_admin_url( absint( $_GET['id'] ) ) ),
176 network_admin_url( 'site-info.php?id=' . absint( $_GET['id'] ) )
177 );
178 }
179}
180
181// Used in the HTML title tag.
182$title = __( 'Add Site' );
183$parent_file = 'sites.php';
184
185wp_enqueue_script( 'user-suggest' );
186
187require_once ABSPATH . 'wp-admin/admin-header.php';
188
189?>
190
191<div class="wrap">
192<h1 id="add-new-site"><?php _e( 'Add Site' ); ?></h1>
193<?php
194if ( ! empty( $messages ) ) {
195 $notice_args = array(
196 'type' => 'success',
197 'dismissible' => true,
198 'id' => 'message',
199 );
200
201 foreach ( $messages as $msg ) {
202 wp_admin_notice( $msg, $notice_args );
203 }
204}
205?>
206<p><?php echo wp_required_field_message(); ?></p>
207<form method="post" enctype="multipart/form-data" action="<?php echo esc_url( network_admin_url( 'site-new.php?action=add-site' ) ); ?>" novalidate="novalidate">
208<?php wp_nonce_field( 'add-blog', '_wpnonce_add-blog' ); ?>
209 <table class="form-table" role="presentation">
210 <tr class="form-field form-required">
211 <th scope="row">
212 <label for="site-address">
213 <?php
214 _e( 'Site Address (URL)' );
215 echo ' ' . wp_required_field_indicator();
216 ?>
217 </label>
218 </th>
219 <td>
220 <?php if ( is_subdomain_install() ) { ?>
221 <input name="blog[domain]" type="text" class="regular-text ltr" id="site-address" aria-describedby="site-address-desc" autocapitalize="none" autocorrect="off" required /><span class="no-break">.<?php echo preg_replace( '|^www\.|', '', get_network()->domain ); ?></span>
222 <?php
223 } else {
224 echo get_network()->domain . get_network()->path
225 ?>
226 <input name="blog[domain]" type="text" class="regular-text ltr" id="site-address" aria-describedby="site-address-desc" autocapitalize="none" autocorrect="off" required />
227 <?php
228 }
229 echo '<p class="description" id="site-address-desc">' . __( 'Only lowercase letters (a-z), numbers, and hyphens are allowed.' ) . '</p>';
230 ?>
231 </td>
232 </tr>
233 <tr class="form-field form-required">
234 <th scope="row">
235 <label for="site-title">
236 <?php
237 _e( 'Site Title' );
238 echo ' ' . wp_required_field_indicator();
239 ?>
240 </label>
241 </th>
242 <td><input name="blog[title]" type="text" class="regular-text" id="site-title" required /></td>
243 </tr>
244 <?php
245 $languages = get_available_languages();
246 $translations = wp_get_available_translations();
247 if ( ! empty( $languages ) || ! empty( $translations ) ) :
248 ?>
249 <tr class="form-field form-required">
250 <th scope="row"><label for="site-language"><?php _e( 'Site Language' ); ?></label></th>
251 <td>
252 <?php
253 // Network default.
254 $lang = get_site_option( 'WPLANG' );
255
256 // Use English if the default isn't available.
257 if ( ! in_array( $lang, $languages, true ) ) {
258 $lang = '';
259 }
260
261 wp_dropdown_languages(
262 array(
263 'name' => 'WPLANG',
264 'id' => 'site-language',
265 'selected' => $lang,
266 'languages' => $languages,
267 'translations' => $translations,
268 'show_available_translations' => current_user_can( 'install_languages' ) && wp_can_install_language_pack(),
269 )
270 );
271 ?>
272 </td>
273 </tr>
274 <?php endif; // Languages. ?>
275 <tr class="form-field form-required">
276 <th scope="row">
277 <label for="admin-email">
278 <?php
279 _e( 'Admin Email' );
280 echo ' ' . wp_required_field_indicator();
281 ?>
282 </label>
283 </th>
284 <td><input name="blog[email]" type="email" class="regular-text wp-suggest-user" id="admin-email" data-autocomplete-type="search" data-autocomplete-field="user_email" aria-describedby="site-admin-email" required /></td>
285 </tr>
286 <tr class="form-field">
287 <td colspan="2" class="td-full"><p id="site-admin-email"><?php _e( 'A new user will be created if the above email address is not in the database.' ); ?><br /><?php _e( 'The username and a link to set the password will be mailed to this email address.' ); ?></p></td>
288 </tr>
289 </table>
290
291 <?php
292 /**
293 * Fires at the end of the new site form in network admin.
294 *
295 * @since 4.5.0
296 */
297 do_action( 'network_site_new_form' );
298
299 submit_button( __( 'Add Site' ), 'primary', 'add-site' );
300 ?>
301 </form>
302</div>
303<?php
304require_once ABSPATH . 'wp-admin/admin-footer.php';
305