1<?php
2/**
3 * Edit Site Users Administration Screen
4 *
5 * @package WordPress
6 * @subpackage Multisite
7 * @since 3.1.0
8 */
9
10/** Load WordPress Administration Bootstrap */
11require_once __DIR__ . '/admin.php';
12
13if ( ! current_user_can( 'manage_sites' ) ) {
14 wp_die( __( 'Sorry, you are not allowed to edit this site.' ), 403 );
15}
16
17$wp_list_table = _get_list_table( 'WP_Users_List_Table' );
18$wp_list_table->prepare_items();
19
20get_current_screen()->add_help_tab( get_site_screen_help_tab_args() );
21get_current_screen()->set_help_sidebar( get_site_screen_help_sidebar_content() );
22
23get_current_screen()->set_screen_reader_content(
24 array(
25 'heading_views' => __( 'Filter site users list' ),
26 'heading_pagination' => __( 'Site users list navigation' ),
27 'heading_list' => __( 'Site users list' ),
28 )
29);
30
31$_SERVER['REQUEST_URI'] = remove_query_arg( 'update', $_SERVER['REQUEST_URI'] );
32$referer = remove_query_arg( 'update', wp_get_referer() );
33
34if ( ! empty( $_REQUEST['paged'] ) ) {
35 $referer = add_query_arg( 'paged', (int) $_REQUEST['paged'], $referer );
36}
37
38$id = isset( $_REQUEST['id'] ) ? (int) $_REQUEST['id'] : 0;
39
40if ( ! $id ) {
41 wp_die( __( 'Invalid site ID.' ) );
42}
43
44$details = get_site( $id );
45if ( ! $details ) {
46 wp_die( __( 'The requested site does not exist.' ) );
47}
48
49if ( ! can_edit_network( $details->site_id ) ) {
50 wp_die( __( 'Sorry, you are not allowed to access this page.' ), 403 );
51}
52
53$is_main_site = is_main_site( $id );
54
55switch_to_blog( $id );
56
57$action = $wp_list_table->current_action();
58
59if ( $action ) {
60
61 switch ( $action ) {
62 case 'newuser':
63 check_admin_referer( 'add-user', '_wpnonce_add-new-user' );
64 $user = $_POST['user'];
65 if ( ! is_array( $_POST['user'] ) || empty( $user['username'] ) || empty( $user['email'] ) ) {
66 $update = 'err_new';
67 } else {
68 $password = wp_generate_password( 12, false );
69 $user_id = wpmu_create_user( esc_html( strtolower( $user['username'] ) ), $password, esc_html( $user['email'] ) );
70
71 if ( false === $user_id ) {
72 $update = 'err_new_dup';
73 } else {
74 $result = add_user_to_blog( $id, $user_id, $_POST['new_role'] );
75
76 if ( is_wp_error( $result ) ) {
77 $update = 'err_add_fail';
78 } else {
79 $update = 'newuser';
80
81 /**
82 * Fires after a user has been created via the network site-users.php page.
83 *
84 * @since 4.4.0
85 *
86 * @param int $user_id ID of the newly created user.
87 */
88 do_action( 'network_site_users_created_user', $user_id );
89 }
90 }
91 }
92 break;
93
94 case 'adduser':
95 check_admin_referer( 'add-user', '_wpnonce_add-user' );
96 if ( ! empty( $_POST['newuser'] ) ) {
97 $update = 'adduser';
98 $newuser = $_POST['newuser'];
99 $user = get_user_by( 'login', $newuser );
100 if ( $user && $user->exists() ) {
101 if ( ! is_user_member_of_blog( $user->ID, $id ) ) {
102 $result = add_user_to_blog( $id, $user->ID, $_POST['new_role'] );
103
104 if ( is_wp_error( $result ) ) {
105 $update = 'err_add_fail';
106 }
107 } else {
108 $update = 'err_add_member';
109 }
110 } else {
111 $update = 'err_add_notfound';
112 }
113 } else {
114 $update = 'err_add_notfound';
115 }
116 break;
117
118 case 'remove':
119 if ( ! current_user_can( 'remove_users' ) ) {
120 wp_die( __( 'Sorry, you are not allowed to remove users.' ), 403 );
121 }
122
123 check_admin_referer( 'bulk-users' );
124
125 $update = 'remove';
126 if ( isset( $_REQUEST['users'] ) ) {
127 $userids = $_REQUEST['users'];
128
129 foreach ( $userids as $user_id ) {
130 $user_id = (int) $user_id;
131 remove_user_from_blog( $user_id, $id );
132 }
133 } elseif ( isset( $_GET['user'] ) ) {
134 remove_user_from_blog( $_GET['user'] );
135 } else {
136 $update = 'err_remove';
137 }
138 break;
139
140 case 'promote':
141 check_admin_referer( 'bulk-users' );
142
143 if ( ! current_user_can( 'promote_users' ) ) {
144 wp_die( __( 'Sorry, you are not allowed to edit this user.' ), 403 );
145 }
146
147 $editable_roles = get_editable_roles();
148 $role = $_REQUEST['new_role'];
149
150 // Mock `none` as editable role.
151 $editable_roles['none'] = array(
152 'name' => __( '— No role for this site —' ),
153 );
154
155 if ( empty( $editable_roles[ $role ] ) ) {
156 wp_die( __( 'Sorry, you are not allowed to give users that role.' ), 403 );
157 }
158
159 if ( 'none' === $role ) {
160 $role = '';
161 }
162
163 if ( isset( $_REQUEST['users'] ) ) {
164 $userids = $_REQUEST['users'];
165 $update = 'promote';
166 foreach ( $userids as $user_id ) {
167 $user_id = (int) $user_id;
168
169 if ( ! current_user_can( 'promote_user', $user_id ) ) {
170 wp_die( __( 'Sorry, you are not allowed to edit this user.' ), 403 );
171 }
172
173 // If the user doesn't already belong to the blog, bail.
174 if ( ! is_user_member_of_blog( $user_id ) ) {
175 wp_die(
176 '<h1>' . __( 'An error occurred.' ) . '</h1>' .
177 '<p>' . __( 'One of the selected users is not a member of this site.' ) . '</p>',
178 403
179 );
180 }
181
182 $user = get_userdata( $user_id );
183
184 // If $role is empty, none will be set.
185 $user->set_role( $role );
186 }
187 } else {
188 $update = 'err_promote';
189 }
190 break;
191 default:
192 if ( ! isset( $_REQUEST['users'] ) ) {
193 break;
194 }
195 check_admin_referer( 'bulk-users' );
196 $userids = $_REQUEST['users'];
197
198 /** This action is documented in wp-admin/network/site-themes.php */
199 $referer = apply_filters( 'handle_network_bulk_actions-' . get_current_screen()->id, $referer, $action, $userids, $id ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores
200
201 $update = $action;
202 break;
203 }
204
205 wp_safe_redirect( add_query_arg( 'update', $update, $referer ) );
206 exit;
207}
208
209restore_current_blog();
210
211if ( isset( $_GET['action'] ) && 'update-site' === $_GET['action'] ) {
212 wp_safe_redirect( $referer );
213 exit;
214}
215
216add_screen_option( 'per_page' );
217
218// Used in the HTML title tag.
219/* translators: %s: Site title. */
220$title = sprintf( __( 'Edit Site: %s' ), esc_html( $details->blogname ) );
221
222$parent_file = 'sites.php';
223$submenu_file = 'sites.php';
224
225/**
226 * Filters whether to show the Add Existing User form on the Multisite Users screen.
227 *
228 * @since 3.1.0
229 *
230 * @param bool $bool Whether to show the Add Existing User form. Default true.
231 */
232if ( ! wp_is_large_network( 'users' ) && apply_filters( 'show_network_site_users_add_existing_form', true ) ) {
233 wp_enqueue_script( 'user-suggest' );
234}
235
236require_once ABSPATH . 'wp-admin/admin-header.php';
237?>
238
239<script type="text/javascript">
240var current_site_id = <?php echo absint( $id ); ?>;
241</script>
242
243
244<div class="wrap">
245<h1 id="edit-site"><?php echo $title; ?></h1>
246<p class="edit-site-actions"><a href="<?php echo esc_url( get_home_url( $id, '/' ) ); ?>"><?php _e( 'Visit' ); ?></a> | <a href="<?php echo esc_url( get_admin_url( $id ) ); ?>"><?php _e( 'Dashboard' ); ?></a></p>
247<?php
248
249network_edit_site_nav(
250 array(
251 'blog_id' => $id,
252 'selected' => 'site-users',
253 )
254);
255
256if ( isset( $_GET['update'] ) ) :
257 $message = '';
258 $type = 'error';
259
260 switch ( $_GET['update'] ) {
261 case 'adduser':
262 $type = 'success';
263 $message = __( 'User added.' );
264 break;
265 case 'err_add_member':
266 $message = __( 'User is already a member of this site.' );
267 break;
268 case 'err_add_fail':
269 $message = __( 'User could not be added to this site.' );
270 break;
271 case 'err_add_notfound':
272 $message = __( 'Enter the username of an existing user.' );
273 break;
274 case 'promote':
275 $type = 'success';
276 $message = __( 'Changed roles.' );
277 break;
278 case 'err_promote':
279 $message = __( 'Select a user to change role.' );
280 break;
281 case 'remove':
282 $type = 'success';
283 $message = __( 'User removed from this site.' );
284 break;
285 case 'err_remove':
286 $message = __( 'Select a user to remove.' );
287 break;
288 case 'newuser':
289 $type = 'success';
290 $message = __( 'User created.' );
291 break;
292 case 'err_new':
293 $message = __( 'Enter the username and email.' );
294 break;
295 case 'err_new_dup':
296 $message = __( 'Duplicated username or email address.' );
297 break;
298 }
299
300 wp_admin_notice(
301 $message,
302 array(
303 'type' => $type,
304 'dismissible' => true,
305 'id' => 'message',
306 )
307 );
308endif;
309?>
310
311<form class="search-form" method="get">
312<?php $wp_list_table->search_box( __( 'Search Users' ), 'user' ); ?>
313<input type="hidden" name="id" value="<?php echo esc_attr( $id ); ?>" />
314</form>
315
316<?php $wp_list_table->views(); ?>
317
318<form method="post" action="site-users.php?action=update-site">
319 <input type="hidden" name="id" value="<?php echo esc_attr( $id ); ?>" />
320
321<?php $wp_list_table->display(); ?>
322
323</form>
324
325<?php
326/**
327 * Fires after the list table on the Users screen in the Multisite Network Admin.
328 *
329 * @since 3.1.0
330 */
331do_action( 'network_site_users_after_list_table' );
332
333/** This filter is documented in wp-admin/network/site-users.php */
334if ( current_user_can( 'promote_users' ) && apply_filters( 'show_network_site_users_add_existing_form', true ) ) :
335 ?>
336<h2 id="add-existing-user"><?php _e( 'Add Existing User' ); ?></h2>
337<form action="site-users.php?action=adduser" id="adduser" method="post">
338 <input type="hidden" name="id" value="<?php echo esc_attr( $id ); ?>" />
339 <table class="form-table" role="presentation">
340 <tr>
341 <th scope="row"><label for="newuser"><?php _e( 'Username' ); ?></label></th>
342 <td><input type="text" class="regular-text wp-suggest-user" name="newuser" id="newuser" /></td>
343 </tr>
344 <tr>
345 <th scope="row"><label for="new_role_adduser"><?php _e( 'Role' ); ?></label></th>
346 <td><select name="new_role" id="new_role_adduser">
347 <?php
348 switch_to_blog( $id );
349 wp_dropdown_roles( get_option( 'default_role' ) );
350 restore_current_blog();
351 ?>
352 </select></td>
353 </tr>
354 </table>
355 <?php wp_nonce_field( 'add-user', '_wpnonce_add-user' ); ?>
356 <?php submit_button( __( 'Add User' ), 'primary', 'add-user', true, array( 'id' => 'submit-add-existing-user' ) ); ?>
357</form>
358<?php endif; ?>
359
360<?php
361/**
362 * Filters whether to show the Add New User form on the Multisite Users screen.
363 *
364 * Note: While WordPress is moving towards simplifying labels by removing "New" from "Add New X" labels,
365 * we keep "Add New User" here to maintain a clear distinction from the "Add Existing User" section above.
366 *
367 * @since 3.1.0
368 *
369 * @param bool $bool Whether to show the Add New User form. Default true.
370 */
371if ( current_user_can( 'create_users' ) && apply_filters( 'show_network_site_users_add_new_form', true ) ) :
372 ?>
373<h2 id="add-new-user"><?php _e( 'Add New User' ); ?></h2>
374<form action="<?php echo esc_url( network_admin_url( 'site-users.php?action=newuser' ) ); ?>" id="newuser" method="post">
375 <input type="hidden" name="id" value="<?php echo esc_attr( $id ); ?>" />
376 <table class="form-table" role="presentation">
377 <tr>
378 <th scope="row"><label for="user_username"><?php _e( 'Username' ); ?></label></th>
379 <td><input type="text" class="regular-text" name="user[username]" id="user_username" /></td>
380 </tr>
381 <tr>
382 <th scope="row"><label for="user_email"><?php _e( 'Email' ); ?></label></th>
383 <td><input type="text" class="regular-text" name="user[email]" id="user_email" /></td>
384 </tr>
385 <tr>
386 <th scope="row"><label for="new_role_newuser"><?php _e( 'Role' ); ?></label></th>
387 <td><select name="new_role" id="new_role_newuser">
388 <?php
389 switch_to_blog( $id );
390 wp_dropdown_roles( get_option( 'default_role' ) );
391 restore_current_blog();
392 ?>
393 </select></td>
394 </tr>
395 <tr class="form-field">
396 <td colspan="2" class="td-full"><?php _e( 'A password reset link will be sent to the user via email.' ); ?></td>
397 </tr>
398 </table>
399 <?php wp_nonce_field( 'add-user', '_wpnonce_add-new-user' ); ?>
400 <?php submit_button( __( 'Add User' ), 'primary', 'add-user', true, array( 'id' => 'submit-add-user' ) ); ?>
401</form>
402<?php endif; ?>
403</div>
404<?php
405require_once ABSPATH . 'wp-admin/admin-footer.php';
406