1<?php
2/**
3 * Multisite users administration panel.
4 *
5 * @package WordPress
6 * @subpackage Multisite
7 * @since 3.0.0
8 */
9
10/** Load WordPress Administration Bootstrap */
11require_once __DIR__ . '/admin.php';
12
13if ( ! current_user_can( 'manage_network_users' ) ) {
14 wp_die( __( 'Sorry, you are not allowed to access this page.' ), 403 );
15}
16
17if ( isset( $_GET['action'] ) ) {
18 /** This action is documented in wp-admin/network/edit.php */
19 do_action( 'wpmuadminedit' );
20
21 switch ( $_GET['action'] ) {
22 case 'deleteuser':
23 if ( ! current_user_can( 'manage_network_users' ) ) {
24 wp_die( __( 'Sorry, you are not allowed to access this page.' ), 403 );
25 }
26
27 check_admin_referer( 'deleteuser' );
28
29 $id = (int) $_GET['id'];
30 if ( $id > 1 ) {
31 $_POST['allusers'] = array( $id ); // confirm_delete_users() can only handle arrays.
32
33 // Used in the HTML title tag.
34 $title = __( 'Users' );
35 $parent_file = 'users.php';
36
37 require_once ABSPATH . 'wp-admin/admin-header.php';
38
39 echo '<div class="wrap">';
40 confirm_delete_users( $_POST['allusers'] );
41 echo '</div>';
42
43 require_once ABSPATH . 'wp-admin/admin-footer.php';
44 } else {
45 wp_redirect( network_admin_url( 'users.php' ) );
46 }
47 exit;
48
49 case 'allusers':
50 if ( ! current_user_can( 'manage_network_users' ) ) {
51 wp_die( __( 'Sorry, you are not allowed to access this page.' ), 403 );
52 }
53
54 if ( isset( $_POST['action'] ) && isset( $_POST['allusers'] ) ) {
55 check_admin_referer( 'bulk-users-network' );
56
57 $doaction = $_POST['action'];
58 $userfunction = '';
59
60 foreach ( (array) $_POST['allusers'] as $user_id ) {
61 if ( ! empty( $user_id ) ) {
62 switch ( $doaction ) {
63 case 'delete':
64 if ( ! current_user_can( 'delete_users' ) ) {
65 wp_die( __( 'Sorry, you are not allowed to access this page.' ), 403 );
66 }
67
68 // Used in the HTML title tag.
69 $title = __( 'Users' );
70 $parent_file = 'users.php';
71
72 require_once ABSPATH . 'wp-admin/admin-header.php';
73
74 echo '<div class="wrap">';
75 confirm_delete_users( $_POST['allusers'] );
76 echo '</div>';
77
78 require_once ABSPATH . 'wp-admin/admin-footer.php';
79 exit;
80
81 case 'spam':
82 $user = get_userdata( $user_id );
83 if ( is_super_admin( $user->ID ) ) {
84 wp_die(
85 sprintf(
86 /* translators: %s: User login. */
87 __( 'Warning! User cannot be modified. The user %s is a network administrator.' ),
88 esc_html( $user->user_login )
89 )
90 );
91 }
92
93 $userfunction = 'all_spam';
94 $blogs = get_blogs_of_user( $user_id, true );
95
96 foreach ( (array) $blogs as $details ) {
97 if ( ! is_main_site( $details->userblog_id ) ) { // Main site is not a spam!
98 update_blog_status( $details->userblog_id, 'spam', '1' );
99 }
100 }
101
102 $user_data = $user->to_array();
103 $user_data['spam'] = '1';
104
105 wp_update_user( $user_data );
106 break;
107
108 case 'notspam':
109 $user = get_userdata( $user_id );
110
111 $userfunction = 'all_notspam';
112 $blogs = get_blogs_of_user( $user_id, true );
113
114 foreach ( (array) $blogs as $details ) {
115 update_blog_status( $details->userblog_id, 'spam', '0' );
116 }
117
118 $user_data = $user->to_array();
119 $user_data['spam'] = '0';
120
121 wp_update_user( $user_data );
122 break;
123 }
124 }
125 }
126
127 if ( ! in_array( $doaction, array( 'delete', 'spam', 'notspam' ), true ) ) {
128 $sendback = wp_get_referer();
129 $user_ids = (array) $_POST['allusers'];
130
131 /** This action is documented in wp-admin/network/site-themes.php */
132 $sendback = apply_filters( 'handle_network_bulk_actions-' . get_current_screen()->id, $sendback, $doaction, $user_ids ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores
133
134 wp_safe_redirect( $sendback );
135 exit;
136 }
137
138 wp_safe_redirect(
139 add_query_arg(
140 array(
141 'updated' => 'true',
142 'action' => $userfunction,
143 ),
144 wp_get_referer()
145 )
146 );
147 } else {
148 $location = network_admin_url( 'users.php' );
149
150 if ( ! empty( $_REQUEST['paged'] ) ) {
151 $location = add_query_arg( 'paged', (int) $_REQUEST['paged'], $location );
152 }
153 wp_redirect( $location );
154 }
155 exit;
156
157 case 'dodelete':
158 check_admin_referer( 'ms-users-delete' );
159 if ( ! ( current_user_can( 'manage_network_users' ) && current_user_can( 'delete_users' ) ) ) {
160 wp_die( __( 'Sorry, you are not allowed to access this page.' ), 403 );
161 }
162
163 if ( ! empty( $_POST['blog'] ) && is_array( $_POST['blog'] ) ) {
164 foreach ( $_POST['blog'] as $id => $users ) {
165 foreach ( $users as $blogid => $user_id ) {
166 if ( ! current_user_can( 'delete_user', $id ) ) {
167 continue;
168 }
169
170 if ( ! empty( $_POST['delete'] ) && 'reassign' === $_POST['delete'][ $blogid ][ $id ] ) {
171 remove_user_from_blog( $id, $blogid, (int) $user_id );
172 } else {
173 remove_user_from_blog( $id, $blogid );
174 }
175 }
176 }
177 }
178
179 $i = 0;
180
181 if ( is_array( $_POST['user'] ) && ! empty( $_POST['user'] ) ) {
182 foreach ( $_POST['user'] as $id ) {
183 if ( ! current_user_can( 'delete_user', $id ) ) {
184 continue;
185 }
186 wpmu_delete_user( $id );
187 ++$i;
188 }
189 }
190
191 if ( 1 === $i ) {
192 $deletefunction = 'delete';
193 } else {
194 $deletefunction = 'all_delete';
195 }
196
197 wp_redirect(
198 add_query_arg(
199 array(
200 'updated' => 'true',
201 'action' => $deletefunction,
202 ),
203 network_admin_url( 'users.php' )
204 )
205 );
206 exit;
207 }
208}
209
210$wp_list_table = _get_list_table( 'WP_MS_Users_List_Table' );
211$pagenum = $wp_list_table->get_pagenum();
212$wp_list_table->prepare_items();
213$total_pages = $wp_list_table->get_pagination_arg( 'total_pages' );
214
215if ( $pagenum > $total_pages && $total_pages > 0 ) {
216 wp_redirect( add_query_arg( 'paged', $total_pages ) );
217 exit;
218}
219
220// Used in the HTML title tag.
221$title = __( 'Users' );
222$parent_file = 'users.php';
223
224add_screen_option( 'per_page' );
225
226get_current_screen()->add_help_tab(
227 array(
228 'id' => 'overview',
229 'title' => __( 'Overview' ),
230 'content' =>
231 '<p>' . __( 'This table shows all users across the network and the sites to which they are assigned.' ) . '</p>' .
232 '<p>' . __( 'Hover over any user on the list to make the edit links appear. The Edit link on the left will take you to their Edit User profile page; the Edit link on the right by any site name goes to an Edit Site screen for that site.' ) . '</p>' .
233 '<p>' . __( 'You can also go to the user’s profile page by clicking on the individual username.' ) . '</p>' .
234 '<p>' . __( 'You can sort the table by clicking on any of the table headings and switch between list and excerpt views by using the icons above the users list.' ) . '</p>' .
235 '<p>' . __( 'The bulk action will permanently delete selected users, or mark/unmark those selected as spam. Spam users will have posts removed and will be unable to sign up again with the same email addresses.' ) . '</p>' .
236 '<p>' . __( 'You can make an existing user an additional super admin by going to the Edit User profile page and checking the box to grant that privilege.' ) . '</p>',
237 )
238);
239
240get_current_screen()->set_help_sidebar(
241 '<p><strong>' . __( 'For more information:' ) . '</strong></p>' .
242 '<p>' . __( '<a href="https://codex.wordpress.org/Network_Admin_Users_Screen">Documentation on Network Users</a>' ) . '</p>' .
243 '<p>' . __( '<a href="https://wordpress.org/support/forum/multisite/">Support forums</a>' ) . '</p>'
244);
245
246get_current_screen()->set_screen_reader_content(
247 array(
248 'heading_views' => __( 'Filter users list' ),
249 'heading_pagination' => __( 'Users list navigation' ),
250 'heading_list' => __( 'Users list' ),
251 )
252);
253
254require_once ABSPATH . 'wp-admin/admin-header.php';
255
256if ( isset( $_REQUEST['updated'] ) && 'true' === $_REQUEST['updated'] && ! empty( $_REQUEST['action'] ) ) {
257 $message = '';
258 switch ( $_REQUEST['action'] ) {
259 case 'delete':
260 $message = __( 'User deleted.' );
261 break;
262 case 'all_spam':
263 $message = __( 'Users marked as spam.' );
264 break;
265 case 'all_notspam':
266 $message = __( 'Users removed from spam.' );
267 break;
268 case 'all_delete':
269 $message = __( 'Users deleted.' );
270 break;
271 case 'add':
272 $message = __( 'User added.' );
273 break;
274 }
275
276 wp_admin_notice(
277 $message,
278 array(
279 'type' => 'success',
280 'dismissible' => true,
281 'id' => 'message',
282 )
283 );
284}
285?>
286<div class="wrap">
287 <h1 class="wp-heading-inline"><?php esc_html_e( 'Users' ); ?></h1>
288
289 <?php
290 if ( current_user_can( 'create_users' ) ) :
291 ?>
292 <a href="<?php echo esc_url( network_admin_url( 'user-new.php' ) ); ?>" class="page-title-action"><?php echo esc_html__( 'Add User' ); ?></a>
293 <?php
294 endif;
295
296 if ( strlen( $usersearch ) ) {
297 echo '<span class="subtitle">';
298 printf(
299 /* translators: %s: Search query. */
300 __( 'Search results for: %s' ),
301 '<strong>' . esc_html( $usersearch ) . '</strong>'
302 );
303 echo '</span>';
304 }
305 ?>
306
307 <hr class="wp-header-end">
308
309 <?php $wp_list_table->views(); ?>
310
311 <form method="get" class="search-form">
312 <?php $wp_list_table->search_box( __( 'Search Users' ), 'all-user' ); ?>
313 </form>
314
315 <form id="form-user-list" action="users.php?action=allusers" method="post">
316 <?php $wp_list_table->display(); ?>
317 </form>
318</div>
319
320<?php require_once ABSPATH . 'wp-admin/admin-footer.php'; ?>
321