WordPress.org

Make WordPress Core


Ignore:
Timestamp:
11/11/2010 02:29:15 PM (11 years ago)
Author:
ryan
Message:

user-new.php revamp. Separate caps for adding users vs. creating users. Allow supes to add via email or username. Split adding existing users and creating new users into separate forms. see #15357

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/user-new.php

    r16164 r16294  
    1010require_once('./admin.php');
    1111
    12 if ( !current_user_can('create_users') )
     12if ( ! current_user_can('create_users') || ! current_user_can('promote_users') )
    1313    wp_die(__('Cheatin’ uh?'));
    14 
    15 if ( is_multisite() && !get_site_option( 'add_new_users' ) )
    16     wp_die( __('Page disabled by the administrator') );
    1714
    1815if ( is_multisite() ) {
     
    3734if ( isset($_REQUEST['action']) && 'adduser' == $_REQUEST['action'] ) {
    3835    check_admin_referer('add-user');
     36
     37    $user_details = null;
     38    if ( false !== strpos($_REQUEST[ 'email' ], '@') ) {
     39        $user_details = get_user_by('email', $_REQUEST[ 'email' ]);
     40    } else {
     41        if ( is_super_admin() ) {
     42            $user_details = get_user_by('login', $_REQUEST[ 'email' ]);
     43        } else {
     44            wp_redirect( add_query_arg( array('update' => 'enter_email'), 'user-new.php' ) );
     45            die();
     46        }
     47    }
     48
     49    if ( !$user_details ) {
     50        wp_redirect( add_query_arg( array('update' => 'does_not_exist'), 'user-new.php' ) );
     51        die();
     52    }
     53
     54    if ( ! current_user_can('promote_user', $user_details->ID) )
     55        wp_die(__('Cheatin’ uh?'));
     56
     57    // Adding an existing user to this blog
     58    $new_user_email = esc_html(trim($_REQUEST['email']));
     59    $redirect = 'user-new.php';
     60    $username = $user_details->user_login;
     61    $user_id = $user_details->ID;
     62    if ( ( $username != null && !is_super_admin( $user_id ) ) && ( array_key_exists($blog_id, get_blogs_of_user($user_id)) ) ) {
     63        $redirect = add_query_arg( array('update' => 'addexisting'), 'user-new.php' );
     64    } else {
     65        if ( isset( $_POST[ 'noconfirmation' ] ) && is_super_admin() ) {
     66            add_existing_user_to_blog( array( 'user_id' => $user_id, 'role' => $_REQUEST[ 'role' ] ) );
     67            $redirect = add_query_arg( array('update' => 'addnoconfirmation'), 'user-new.php' );
     68        } else {
     69            $newuser_key = substr( md5( $user_id ), 0, 5 );
     70            add_option( 'new_user_' . $newuser_key, array( 'user_id' => $user_id, 'email' => $user_details->user_email, 'role' => $_REQUEST[ 'role' ] ) );
     71            $message = __("Hi,\n\nYou have been invited to join '%s' at\n%s as a %s.\nPlease click the following link to confirm the invite:\n%s\n");
     72            wp_mail( $new_user_email, sprintf( __( '[%s] Joining confirmation' ), get_option( 'blogname' ) ),  sprintf($message, get_option('blogname'), site_url(), $_REQUEST[ 'role' ], site_url("/newbloguser/$newuser_key/")));
     73            $redirect = add_query_arg( array('update' => 'add'), 'user-new.php' );
     74        }
     75    }
     76    wp_redirect( $redirect );
     77    die();
     78} elseif ( isset($_REQUEST['action']) && 'createuser' == $_REQUEST['action'] ) {
     79    check_admin_referer('create-user');
     80
     81    if ( ! current_user_can('create_users') )
     82        wp_die(__('Cheatin’ uh?'));
    3983
    4084    if ( !is_multisite() ) {
     
    5498        }
    5599    } else {
    56         $user_login = preg_replace( "/\s+/", '', sanitize_user( $_REQUEST[ 'user_login' ], true ) );
    57         $user_details = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM {$wpdb->users} WHERE user_login = %s AND user_email = %s", $user_login, $_REQUEST[ 'email' ] ) );
    58         if ( $user_details ) {
    59             // Adding an existing user to this blog
    60             $new_user_email = esc_html(trim($_REQUEST['email']));
    61             $redirect = 'user-new.php';
    62             $username = $user_details->user_login;
    63             $user_id = $user_details->ID;
    64             if ( ( $username != null && !is_super_admin( $user_id ) ) && ( array_key_exists($blog_id, get_blogs_of_user($user_id)) ) ) {
    65                 $redirect = add_query_arg( array('update' => 'addexisting'), 'user-new.php' );
     100        // Adding a new user to this blog
     101        $user_details = wpmu_validate_user_signup( $_REQUEST[ 'user_login' ], $_REQUEST[ 'email' ] );
     102        unset( $user_details[ 'errors' ]->errors[ 'user_email_used' ] );
     103        if ( is_wp_error( $user_details[ 'errors' ] ) && !empty( $user_details[ 'errors' ]->errors ) ) {
     104            $add_user_errors = $user_details[ 'errors' ];
     105        } else {
     106            $new_user_login = apply_filters('pre_user_login', sanitize_user(stripslashes($_REQUEST['user_login']), true));
     107            if ( isset( $_POST[ 'noconfirmation' ] ) && is_super_admin() ) {
     108                add_filter( 'wpmu_signup_user_notification', '__return_false' ); // Disable confirmation email
     109            }
     110            wpmu_signup_user( $new_user_login, $_REQUEST[ 'email' ], array( 'add_to_blog' => $wpdb->blogid, 'new_role' => $_REQUEST[ 'role' ] ) );
     111            if ( isset( $_POST[ 'noconfirmation' ] ) && is_super_admin() ) {
     112                $key = $wpdb->get_var( $wpdb->prepare( "SELECT activation_key FROM {$wpdb->signups} WHERE user_login = %s AND user_email = %s", $new_user_login, $_REQUEST[ 'email' ] ) );
     113                wpmu_activate_signup( $key );
     114                $redirect = add_query_arg( array('update' => 'addnoconfirmation'), 'user-new.php' );
    66115            } else {
    67                 if ( isset( $_POST[ 'noconfirmation' ] ) && is_super_admin() ) {
    68                     add_existing_user_to_blog( array( 'user_id' => $user_id, 'role' => $_REQUEST[ 'role' ] ) );
    69                     $redirect = add_query_arg( array('update' => 'addnoconfirmation'), 'user-new.php' );
    70                 } else {
    71                     $newuser_key = substr( md5( $user_id ), 0, 5 );
    72                     add_option( 'new_user_' . $newuser_key, array( 'user_id' => $user_id, 'email' => $user_details->user_email, 'role' => $_REQUEST[ 'role' ] ) );
    73                     $message = __("Hi,\n\nYou have been invited to join '%s' at\n%s as a %s.\nPlease click the following link to confirm the invite:\n%s\n");
    74                     wp_mail( $new_user_email, sprintf( __( '[%s] Joining confirmation' ), get_option( 'blogname' ) ),  sprintf($message, get_option('blogname'), site_url(), $_REQUEST[ 'role' ], site_url("/newbloguser/$newuser_key/")));
    75                     $redirect = add_query_arg( array('update' => 'add'), 'user-new.php' );
    76                 }
     116                $redirect = add_query_arg( array('update' => 'newuserconfimation'), 'user-new.php' );
    77117            }
    78118            wp_redirect( $redirect );
    79119            die();
    80         } else {
    81             // Adding a new user to this blog
    82             $user_details = wpmu_validate_user_signup( $_REQUEST[ 'user_login' ], $_REQUEST[ 'email' ] );
    83             unset( $user_details[ 'errors' ]->errors[ 'user_email_used' ] );
    84             if ( is_wp_error( $user_details[ 'errors' ] ) && !empty( $user_details[ 'errors' ]->errors ) ) {
    85                 $add_user_errors = $user_details[ 'errors' ];
    86             } else {
    87                 $new_user_login = apply_filters('pre_user_login', sanitize_user(stripslashes($_REQUEST['user_login']), true));
    88                 if ( isset( $_POST[ 'noconfirmation' ] ) && is_super_admin() ) {
    89                     add_filter( 'wpmu_signup_user_notification', '__return_false' ); // Disable confirmation email
    90                 }
    91                 wpmu_signup_user( $new_user_login, $_REQUEST[ 'email' ], array( 'add_to_blog' => $wpdb->blogid, 'new_role' => $_REQUEST[ 'role' ] ) );
    92                 if ( isset( $_POST[ 'noconfirmation' ] ) && is_super_admin() ) {
    93                     $key = $wpdb->get_var( $wpdb->prepare( "SELECT activation_key FROM {$wpdb->signups} WHERE user_login = %s AND user_email = %s", $new_user_login, $_REQUEST[ 'email' ] ) );
    94                     wpmu_activate_signup( $key );
    95                     $redirect = add_query_arg( array('update' => 'addnoconfirmation'), 'user-new.php' );
    96                 } else {
    97                     $redirect = add_query_arg( array('update' => 'newuserconfimation'), 'user-new.php' );
    98                 }
    99                 wp_redirect( $redirect );
    100                 die();
    101             }
    102120        }
    103121    }
    104122}
     123
    105124
    106125$title = __('Add New User');
    107126$parent_file = 'users.php';
     127
     128$do_both = false;
     129if ( is_multisite() && current_user_can('promote_users') && current_user_can('create_users') )
     130    $do_both = true;
    108131
    109132add_contextual_help($current_screen,
     
    145168                $messages[] = __('That user is already a member of this site.');
    146169                break;
     170            case "does_not_exist":
     171                $messages[] = __('The requested user does not exist.');
     172                break;
     173            case "does_not_exist":
     174                $messages[] = __('Please enter a valid email address.');
     175                break;
    147176        }
    148177    } else {
     
    183212
    184213<?php
    185 if ( !is_multisite() ) {
    186     if ( get_option('users_can_register') )
    187         echo '<p>' . sprintf(__('Users can <a href="%1$s">register themselves</a> or you can manually create users here.'), site_url('wp-register.php')) . '</p>';
    188     else
    189         echo '<p>' . sprintf(__('Users cannot currently <a href="%1$s">register themselves</a>, but you can manually create users here.'), admin_url('options-general.php#users_can_register')) . '</p>';
    190 } else {
    191     echo '<p>' . __( 'You can add new users to your site in two ways:' ) . '<ol><li> ' . __( 'Enter the username and email address of an existing user on this network.' ) . '</li><li> ' . __( 'Enter the username and the email address of a person who is not already a member of this network. Choose the username carefully, it cannot be changed.' ) . '</li></ol></p>';
    192     echo '<p>' . __( 'That person will be sent an email asking them to click a link confirming the invite. New users will then be sent an email with a randomly generated password and a login link.' ) . '</p>';
    193 }
    194 ?>
    195 <form action="#add-new-user" method="post" name="adduser" id="adduser" class="add:users: validate"<?php do_action('user_new_form_tag');?>>
     214if ( is_multisite() ) {
     215    if ( $do_both )
     216        echo '<h3 id="add-existing-user">' . __('Add Existing User') . '</h3>';
     217    if ( !is_super_admin() ) {
     218        _e( 'Enter the email address of an existing user on this network to invite them to this site.  That person will be sent an email asking them to confirm the invite.' );
     219        $label = __('E-mail');
     220    } else {
     221        _e( 'Enter the email address or username of an existing user on this network to invite them to this site.  That person will be sent an email asking them to confirm the invite.' );
     222        $label = __('E-mail or Username');
     223    }
     224?>
     225<form action="#add-existing-user" method="post" name="adduser" id="adduser" class="add:users: validate"<?php do_action('user_new_form_tag');?>>
     226<input name="action" type="hidden" id="action" value="adduser" />
    196227<?php wp_nonce_field('add-user') ?>
    197 <?php
    198 //Load up the passed data, else set to a default.
     228<table class="form-table">
     229    <tr class="form-field form-required">
     230        <th scope="row"><label for="email"><?php echo $label; ?></label></th>
     231        <td><input name="email" type="text" id="email" value="<?php echo esc_attr($new_user_email); ?>" /></td>
     232    </tr>
     233    <tr class="form-field">
     234        <th scope="row"><label for="role"><?php _e('Role'); ?></label></th>
     235        <td><select name="role" id="role">
     236            <?php
     237            if ( !$new_user_role )
     238                $new_user_role = !empty($current_role) ? $current_role : get_option('default_role');
     239            wp_dropdown_roles($new_user_role);
     240            ?>
     241            </select>
     242        </td>
     243    </tr>
     244<?php if ( is_super_admin() ) { ?>
     245    <tr>
     246        <th scope="row"><label for="noconfirmation"><?php _e('Skip Confirmation Email') ?></label></th>
     247        <td><label for="noconfirmation"><input type="checkbox" name="noconfirmation" id="noconfirmation" value="1" /> <?php _e( 'Add the user without sending them a confirmation email.' ); ?></label></td>
     248    </tr>
     249<?php } ?>
     250</table>
     251<?php submit_button( __( 'Add User '), 'primary', 'adduser', true, array( 'id' => 'addusersub' ) ); ?>
     252</form>
     253<?php
     254} // is_multisite()
     255
     256if ( current_user_can( 'create_users') ) {
     257    if ( $do_both )
     258        echo '<h3 id="create-new-user">' . __('Create New User') . '</h3>';
     259?>
     260<p><?php _e('Create a brand new user and add it to this site.'); ?></p>
     261<form action="#create-new-user" method="post" name="createuser" id="adduser" class="add:users: validate"<?php do_action('user_new_form_tag');?>>
     262<input name="action" type="hidden" id="action" value="createuser" />
     263<?php wp_nonce_field('create-user') ?>
     264<?php
     265// Load up the passed data, else set to a default.
    199266foreach ( array('user_login' => 'login', 'first_name' => 'firstname', 'last_name' => 'lastname',
    200267                'email' => 'email', 'url' => 'uri', 'role' => 'role') as $post_field => $var ) {
     
    207274<table class="form-table">
    208275    <tr class="form-field form-required">
    209         <th scope="row"><label for="user_login"><?php _e('Username'); ?> <span class="description"><?php _e('(required)'); ?></span></label>
    210         <input name="action" type="hidden" id="action" value="adduser" /></th>
     276        <th scope="row"><label for="user_login"><?php _e('Username'); ?> <span class="description"><?php _e('(required)'); ?></span></label></th>
    211277        <td><input name="user_login" type="text" id="user_login" value="<?php echo esc_attr($new_user_login); ?>" aria-required="true" /></td>
    212278    </tr>
     
    264330</table>
    265331
    266 <?php submit_button( __( 'Add User '), 'primary', 'adduser', true, array( 'id' => 'addusersub' ) ); ?>
     332<?php submit_button( __( 'Add User '), 'primary', 'createuser', true, array( 'id' => 'createusersub' ) ); ?>
    267333
    268334</form>
    269 
     335<?php } // current_user_can('create_users') ?>
    270336</div>
    271337<?php
Note: See TracChangeset for help on using the changeset viewer.