1<?php
2/**
3 * Confirms that the activation key that is sent in an email after a user signs
4 * up for a new site matches the key for that user and then displays confirmation.
5 *
6 * @package WordPress
7 */
8
9define( 'WP_INSTALLING', true );
10
11/** Sets up the WordPress Environment. */
12require __DIR__ . '/wp-load.php';
13
14require __DIR__ . '/wp-blog-header.php';
15
16if ( ! is_multisite() ) {
17 wp_redirect( wp_registration_url() );
18 die();
19}
20
21$valid_error_codes = array( 'already_active', 'blog_taken' );
22
23list( $activate_path ) = explode( '?', wp_unslash( $_SERVER['REQUEST_URI'] ) );
24$activate_cookie = 'wp-activate-' . COOKIEHASH;
25
26$key = '';
27$result = null;
28
29if ( isset( $_GET['key'] ) && isset( $_POST['key'] ) && $_GET['key'] !== $_POST['key'] ) {
30 wp_die( __( 'A key value mismatch has been detected. Please follow the link provided in your activation email.' ), __( 'An error occurred during the activation' ), 400 );
31} elseif ( ! empty( $_GET['key'] ) ) {
32 $key = sanitize_text_field( $_GET['key'] );
33} elseif ( ! empty( $_POST['key'] ) ) {
34 $key = sanitize_text_field( $_POST['key'] );
35}
36
37if ( $key ) {
38 $redirect_url = remove_query_arg( 'key' );
39
40 if ( remove_query_arg( false ) !== $redirect_url ) {
41 setcookie( $activate_cookie, $key, 0, $activate_path, COOKIE_DOMAIN, is_ssl(), true );
42 wp_safe_redirect( $redirect_url );
43 exit;
44 } else {
45 $result = wpmu_activate_signup( $key );
46 }
47}
48
49if ( null === $result && isset( $_COOKIE[ $activate_cookie ] ) ) {
50 $key = $_COOKIE[ $activate_cookie ];
51 $result = wpmu_activate_signup( $key );
52 setcookie( $activate_cookie, ' ', time() - YEAR_IN_SECONDS, $activate_path, COOKIE_DOMAIN, is_ssl(), true );
53}
54
55if ( null === $result || ( is_wp_error( $result ) && 'invalid_key' === $result->get_error_code() ) ) {
56 status_header( 404 );
57} elseif ( is_wp_error( $result ) ) {
58 $error_code = $result->get_error_code();
59
60 if ( ! in_array( $error_code, $valid_error_codes, true ) ) {
61 status_header( 400 );
62 }
63}
64
65nocache_headers();
66
67// Fix for page title.
68$wp_query->is_404 = false;
69
70/**
71 * Fires before the Site Activation page is loaded.
72 *
73 * @since 3.0.0
74 */
75do_action( 'activate_header' );
76
77/**
78 * Adds an action hook specific to this page.
79 *
80 * Fires on {@see 'wp_head'}.
81 *
82 * @since MU (3.0.0)
83 */
84function do_activate_header() {
85 /**
86 * Fires within the `<head>` section of the Site Activation page.
87 *
88 * Fires on the {@see 'wp_head'} action.
89 *
90 * @since 3.0.0
91 */
92 do_action( 'activate_wp_head' );
93}
94add_action( 'wp_head', 'do_activate_header' );
95
96/**
97 * Loads styles specific to this page.
98 *
99 * @since MU (3.0.0)
100 */
101function wpmu_activate_stylesheet() {
102 ?>
103 <style type="text/css">
104 .wp-activate-container { width: 90%; margin: 0 auto; }
105 .wp-activate-container form { margin-top: 2em; }
106 #submit, #key { width: 100%; font-size: 24px; box-sizing: border-box; }
107 #language { margin-top: 0.5em; }
108 .wp-activate-container .error { background: #f66; color: #333; }
109 span.h3 { padding: 0 8px; font-size: 1.3em; font-weight: 600; }
110 </style>
111 <?php
112}
113add_action( 'wp_head', 'wpmu_activate_stylesheet' );
114add_action( 'wp_head', 'wp_strict_cross_origin_referrer' );
115add_filter( 'wp_robots', 'wp_robots_sensitive_page' );
116
117get_header( 'wp-activate' );
118
119$blog_details = get_site();
120?>
121
122<div id="signup-content" class="widecolumn">
123 <div class="wp-activate-container">
124 <?php if ( ! $key ) { ?>
125
126 <h2><?php _e( 'Activation Key Required' ); ?></h2>
127 <form name="activateform" id="activateform" method="post" action="<?php echo esc_url( network_site_url( $blog_details->path . 'wp-activate.php' ) ); ?>">
128 <p>
129 <label for="key"><?php _e( 'Activation Key:' ); ?></label>
130 <br /><input type="text" name="key" id="key" value="" size="50" autofocus="autofocus" />
131 </p>
132 <p class="submit">
133 <input id="submit" type="submit" name="Submit" class="submit" value="<?php esc_attr_e( 'Activate' ); ?>" />
134 </p>
135 </form>
136
137 <?php
138 } else {
139 if ( is_wp_error( $result ) && in_array( $result->get_error_code(), $valid_error_codes, true ) ) {
140 $signup = $result->get_error_data();
141 ?>
142 <h2><?php _e( 'Your account is now active!' ); ?></h2>
143 <?php
144 echo '<p class="lead-in">';
145 if ( '' === $signup->domain . $signup->path ) {
146 printf(
147 /* translators: 1: Login URL, 2: Username, 3: User email address, 4: Lost password URL. */
148 __( 'Your account has been activated. You may now <a href="%1$s">log in</a> to the site using your chosen username of “%2$s”. Please check your email inbox at %3$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can <a href="%4$s">reset your password</a>.' ),
149 esc_url( network_site_url( $blog_details->path . 'wp-login.php', 'login' ) ),
150 esc_html( $signup->user_login ),
151 esc_html( $signup->user_email ),
152 esc_url( wp_lostpassword_url() )
153 );
154 } else {
155 printf(
156 /* translators: 1: Site URL, 2: Username, 3: User email address, 4: Lost password URL. */
157 __( 'Your site at %1$s is active. You may now log in to your site using your chosen username of “%2$s”. Please check your email inbox at %3$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can <a href="%4$s">reset your password</a>.' ),
158 sprintf( '<a href="http://%1$s">%1$s</a>', esc_url( $signup->domain . $blog_details->path ) ),
159 esc_html( $signup->user_login ),
160 esc_html( $signup->user_email ),
161 esc_url( wp_lostpassword_url() )
162 );
163 }
164 echo '</p>';
165 } elseif ( null === $result || is_wp_error( $result ) ) {
166 ?>
167 <h2><?php _e( 'An error occurred during the activation' ); ?></h2>
168 <?php if ( is_wp_error( $result ) ) : ?>
169 <p><?php echo esc_html( $result->get_error_message() ); ?></p>
170 <?php endif; ?>
171 <?php
172 } else {
173 $url = isset( $result['blog_id'] ) ? esc_url( get_home_url( (int) $result['blog_id'] ) ) : '';
174 $user = get_userdata( (int) $result['user_id'] );
175 ?>
176 <h2><?php _e( 'Your account is now active!' ); ?></h2>
177
178 <div id="signup-welcome">
179 <p><span class="h3"><?php _e( 'Username:' ); ?></span> <?php echo esc_html( $user->user_login ); ?></p>
180 <p><span class="h3"><?php _e( 'Password:' ); ?></span> <?php echo esc_html( $result['password'] ); ?></p>
181 </div>
182
183 <?php
184 if ( $url && network_home_url( '', 'http' ) !== $url ) :
185 switch_to_blog( (int) $result['blog_id'] );
186 $login_url = wp_login_url();
187 restore_current_blog();
188 ?>
189 <p class="view">
190 <?php
191 /* translators: 1: Site URL, 2: Login URL. */
192 printf( __( 'Your account is now activated. <a href="%1$s">View your site</a> or <a href="%2$s">Log in</a>' ), esc_url( $url ), esc_url( $login_url ) );
193 ?>
194 </p>
195 <?php else : ?>
196 <p class="view">
197 <?php
198 printf(
199 /* translators: 1: Login URL, 2: Network home URL. */
200 __( 'Your account is now activated. <a href="%1$s">Log in</a> or go back to the <a href="%2$s">homepage</a>.' ),
201 esc_url( network_site_url( $blog_details->path . 'wp-login.php', 'login' ) ),
202 esc_url( network_home_url( $blog_details->path ) )
203 );
204 ?>
205 </p>
206 <?php
207 endif;
208 }
209 }
210 ?>
211 </div>
212</div>
213<?php
214get_footer( 'wp-activate' );
215