2010-01-05 23:02:57 -05:00
< ? php
2010-04-04 09:29:35 -04:00
/**
* Action handler for Multisite administration panels .
*
* @ package WordPress
* @ subpackage Multisite
* @ since 3.0 . 0
*/
2010-04-01 17:21:27 -04:00
require_once ( './admin.php' );
2010-01-06 15:19:35 -05:00
2010-04-16 09:35:44 -04:00
if ( ! is_multisite () )
2010-04-01 17:21:27 -04:00
wp_die ( __ ( 'Multisite support is not enabled.' ) );
2010-01-06 15:19:35 -05:00
2010-04-04 09:29:35 -04:00
if ( empty ( $_GET [ 'action' ] ) )
wp_redirect ( admin_url ( 'ms-admin.php' ) );
2010-04-01 17:21:27 -04:00
do_action ( 'wpmuadminedit' , '' );
2010-01-05 23:02:57 -05:00
2010-04-01 17:21:27 -04:00
if ( isset ( $_GET [ 'id' ]) )
$id = intval ( $_GET [ 'id' ] );
elseif ( isset ( $_POST [ 'id' ] ) )
$id = intval ( $_POST [ 'id' ] );
2010-01-05 23:02:57 -05:00
2010-01-15 18:49:09 -05:00
switch ( $_GET [ 'action' ] ) {
2010-04-01 17:21:27 -04:00
case 'siteoptions' :
check_admin_referer ( 'siteoptions' );
2010-02-22 13:41:38 -05:00
if ( ! current_user_can ( 'manage_network_options' ) )
2010-04-01 17:21:27 -04:00
wp_die ( __ ( 'You do not have permission to access this page.' ) );
2010-02-22 13:41:38 -05:00
2010-01-15 18:49:09 -05:00
if ( empty ( $_POST ) )
2010-05-03 14:16:22 -04:00
wp_die ( sprintf ( __ ( 'You probably need to go back to the <a href="%s">options page</a>.' , esc_url ( admin_url ( 'ms-options.php' ) ) ) ) );
2010-01-05 23:02:57 -05:00
2010-04-01 17:21:27 -04:00
if ( isset ( $_POST [ 'WPLANG' ]) && ( '' === $_POST [ 'WPLANG' ] || in_array ( $_POST [ 'WPLANG' ], get_available_languages () ) ) )
update_site_option ( 'WPLANG' , $_POST [ 'WPLANG' ] );
2010-01-05 23:02:57 -05:00
2010-01-15 18:49:09 -05:00
if ( is_email ( $_POST [ 'admin_email' ] ) )
2010-04-01 17:21:27 -04:00
update_site_option ( 'admin_email' , $_POST [ 'admin_email' ] );
2010-01-05 23:02:57 -05:00
$illegal_names = split ( ' ' , $_POST [ 'illegal_names' ] );
2010-01-15 18:49:09 -05:00
foreach ( ( array ) $illegal_names as $name ) {
2010-01-05 23:02:57 -05:00
$name = trim ( $name );
2010-01-15 18:49:09 -05:00
if ( $name != '' )
2010-01-05 23:02:57 -05:00
$names [] = trim ( $name );
}
2010-04-01 17:21:27 -04:00
update_site_option ( 'illegal_names' , $names );
2010-01-05 23:02:57 -05:00
2010-01-15 18:49:09 -05:00
if ( $_POST [ 'limited_email_domains' ] != '' ) {
2010-04-01 17:21:27 -04:00
$limited_email_domains = str_replace ( ' ' , " \n " , $_POST [ 'limited_email_domains' ] );
2010-01-05 23:02:57 -05:00
$limited_email_domains = split ( " \n " , stripslashes ( $limited_email_domains ) );
2010-02-26 18:36:26 -05:00
$limited_email = array ();
2010-01-15 18:49:09 -05:00
foreach ( ( array ) $limited_email_domains as $domain ) {
2010-02-26 18:36:26 -05:00
$domain = trim ( $domain );
if ( ! preg_match ( '/(--|\.\.)/' , $domain ) && preg_match ( '|^([a-zA-Z0-9-\.])+$|' , $domain ) )
$limited_email [] = trim ( $domain );
2010-01-05 23:02:57 -05:00
}
2010-04-01 17:21:27 -04:00
update_site_option ( 'limited_email_domains' , $limited_email );
2010-01-05 23:02:57 -05:00
} else {
2010-04-01 17:21:27 -04:00
update_site_option ( 'limited_email_domains' , '' );
2010-01-05 23:02:57 -05:00
}
2010-01-15 18:49:09 -05:00
if ( $_POST [ 'banned_email_domains' ] != '' ) {
2010-04-01 17:21:27 -04:00
$banned_email_domains = split ( " \n " , stripslashes ( $_POST [ 'banned_email_domains' ] ) );
2010-02-26 18:36:26 -05:00
$banned = array ();
2010-01-15 18:49:09 -05:00
foreach ( ( array ) $banned_email_domains as $domain ) {
2010-02-26 18:36:26 -05:00
$domain = trim ( $domain );
if ( ! preg_match ( '/(--|\.\.)/' , $domain ) && preg_match ( '|^([a-zA-Z0-9-\.])+$|' , $domain ) )
$banned [] = trim ( $domain );
2010-01-05 23:02:57 -05:00
}
2010-04-01 17:21:27 -04:00
update_site_option ( 'banned_email_domains' , $banned );
2010-01-05 23:02:57 -05:00
} else {
2010-04-01 17:21:27 -04:00
update_site_option ( 'banned_email_domains' , '' );
2010-01-05 23:02:57 -05:00
}
2010-04-01 17:21:27 -04:00
update_site_option ( 'default_user_role' , $_POST [ 'default_user_role' ] );
if ( trim ( $_POST [ 'dashboard_blog_orig' ] ) == '' )
$_POST [ 'dashboard_blog_orig' ] = $current_site -> blog_id ;
if ( trim ( $_POST [ 'dashboard_blog' ] ) == '' ) {
$_POST [ 'dashboard_blog' ] = $current_site -> blog_id ;
2010-01-05 23:02:57 -05:00
$dashboard_blog_id = $current_site -> blog_id ;
2010-04-04 23:12:54 -04:00
} elseif ( ! preg_match ( '/(--|\.)/' , $_POST [ 'dashboard_blog' ] ) && preg_match ( '|^([a-zA-Z0-9-\.])+$|' , $_POST [ 'dashboard_blog' ] ) ) {
$dashboard_blog = $_POST [ 'dashboard_blog' ];
2010-01-05 23:02:57 -05:00
$blog_details = get_blog_details ( $dashboard_blog );
if ( false === $blog_details ) {
if ( is_numeric ( $dashboard_blog ) )
2010-04-29 21:54:32 -04:00
wp_die ( __ ( 'A dashboard site referenced by ID must already exist' ) );
2010-01-08 16:25:01 -05:00
if ( is_subdomain_install () ) {
2010-01-05 23:02:57 -05:00
$domain = $dashboard_blog . '.' . $current_site -> domain ;
$path = $current_site -> path ;
} else {
$domain = $current_site -> domain ;
$path = trailingslashit ( $current_site -> path . $dashboard_blog );
}
$wpdb -> hide_errors ();
2010-04-01 17:21:27 -04:00
$dashboard_blog_id = wpmu_create_blog ( $domain , $path , __ ( 'My Dashboard' ), $current_user -> id , array ( 'public' => 0 ), $current_site -> id );
2010-01-05 23:02:57 -05:00
$wpdb -> show_errors ();
} else {
$dashboard_blog_id = $blog_details -> blog_id ;
}
}
2010-01-15 18:49:09 -05:00
if ( is_wp_error ( $dashboard_blog_id ) )
2010-04-29 21:54:32 -04:00
wp_die ( __ ( 'Problem creating dashboard site: ' ) . $dashboard_blog_id -> get_error_message () );
2010-04-01 17:21:27 -04:00
if ( $_POST [ 'dashboard_blog_orig' ] != $_POST [ 'dashboard_blog' ] ) {
2010-01-05 23:02:57 -05:00
$users = get_users_of_blog ( get_site_option ( 'dashboard_blog' ) );
$move_users = array ();
foreach ( ( array ) $users as $user ) {
2010-05-25 19:27:15 -04:00
$user_meta_value = unserialize ( $user -> meta_value );
if ( is_array ( $user_meta_value ) && array_pop ( array_keys ( $user_meta_value ) ) == 'subscriber' )
2010-01-05 23:02:57 -05:00
$move_users [] = $user -> user_id ;
}
if ( false == empty ( $move_users ) ) {
foreach ( ( array ) $move_users as $user_id ) {
remove_user_from_blog ( $user_id , get_site_option ( 'dashboard_blog' ) );
add_user_to_blog ( $dashboard_blog_id , $user_id , get_site_option ( 'default_user_role' , 'subscriber' ) );
2010-02-22 16:25:32 -05:00
update_user_meta ( $user_id , 'primary_blog' , $dashboard_blog_id );
2010-01-05 23:02:57 -05:00
}
}
}
2010-04-01 17:21:27 -04:00
update_site_option ( 'dashboard_blog' , $dashboard_blog_id );
2010-05-25 09:58:52 -04:00
2010-03-16 11:31:50 -04:00
$options = array ( 'registrationnotification' , 'registration' , 'add_new_users' , 'menu_items' , 'mu_media_buttons' , 'upload_space_check_disabled' , 'blog_upload_space' , 'upload_filetypes' , 'site_name' , 'first_post' , 'first_page' , 'first_comment' , 'first_comment_url' , 'first_comment_author' , 'welcome_email' , 'welcome_user_email' , 'fileupload_maxk' , 'admin_notice_feed' , 'global_terms_enabled' );
2010-04-01 17:21:27 -04:00
$checked_options = array ( 'mu_media_buttons' => array (), 'menu_items' => array (), 'registrationnotification' => 'no' , 'upload_space_check_disabled' => 1 );
2010-03-22 02:02:04 -04:00
foreach ( $checked_options as $option_name => $option_unchecked_value ) {
2010-04-01 17:21:27 -04:00
if ( ! isset ( $_POST [ $option_name ] ) )
$_POST [ $option_name ] = $option_unchecked_value ;
2010-02-13 02:09:04 -05:00
}
2010-01-15 18:49:09 -05:00
foreach ( $options as $option_name ) {
2010-04-01 17:21:27 -04:00
if ( ! isset ( $_POST [ $option_name ]) )
2010-02-04 13:19:21 -05:00
continue ;
2010-04-01 17:21:27 -04:00
$value = stripslashes_deep ( $_POST [ $option_name ] );
2010-01-05 23:02:57 -05:00
update_site_option ( $option_name , $value );
}
// Update more options here
do_action ( 'update_wpmu_options' );
2010-04-01 17:21:27 -04:00
wp_redirect ( add_query_arg ( 'updated' , 'true' , admin_url ( 'ms-options.php' ) ) );
2010-01-05 23:02:57 -05:00
exit ();
break ;
2010-04-01 17:21:27 -04:00
case 'addblog' :
2010-05-19 01:32:39 -04:00
check_admin_referer ( 'add-blog' , '_wpnonce_add-blog' );
2010-01-05 23:02:57 -05:00
2010-02-22 13:41:38 -05:00
if ( ! current_user_can ( 'manage_sites' ) )
2010-04-01 17:21:27 -04:00
wp_die ( __ ( 'You do not have permission to access this page.' ) );
2010-02-22 13:41:38 -05:00
2010-04-01 17:21:27 -04:00
if ( is_array ( $_POST [ 'blog' ] ) == false )
2010-04-11 06:41:54 -04:00
wp_die ( __ ( 'Can’t create an empty site.' ) );
2010-01-05 23:02:57 -05:00
$blog = $_POST [ 'blog' ];
2010-03-09 12:06:58 -05:00
$domain = '' ;
2010-04-01 17:21:27 -04:00
if ( ! preg_match ( '/(--)/' , $blog [ 'domain' ] ) && preg_match ( '|^([a-zA-Z0-9-])+$|' , $blog [ 'domain' ] ) )
$domain = strtolower ( $blog [ 'domain' ] );
2010-05-25 23:13:16 -04:00
// If not a subdomain install, make sure the domain isn't a reserved word
if ( ! is_subdomain_install () ) {
$subdirectory_reserved_names = apply_filters ( 'subdirectory_reserved_names' , array ( 'page' , 'comments' , 'blog' , 'files' , 'feed' ) );
if ( in_array ( $domain , $subdirectory_reserved_names ) )
wp_die ( sprintf ( __ ( 'The following words are reserved for use by WordPress functions and cannot be used as blog names: <code>%s</code>' ), implode ( '</code>, <code>' , $subdirectory_reserved_names ) ) );
}
2010-04-01 17:21:27 -04:00
$email = sanitize_email ( $blog [ 'email' ] );
$title = $blog [ 'title' ];
2010-01-05 23:02:57 -05:00
2010-03-09 12:06:58 -05:00
if ( empty ( $domain ) )
wp_die ( __ ( 'Missing or invalid site address.' ) );
if ( empty ( $email ) )
wp_die ( __ ( 'Missing email address.' ) );
2010-01-15 18:49:09 -05:00
if ( ! is_email ( $email ) )
2010-04-01 17:21:27 -04:00
wp_die ( __ ( 'Invalid email address.' ) );
2010-01-05 23:02:57 -05:00
2010-01-15 18:49:09 -05:00
if ( is_subdomain_install () ) {
2010-04-01 17:21:27 -04:00
$newdomain = $domain . '.' . $current_site -> domain ;
2010-01-05 23:02:57 -05:00
$path = $base ;
} else {
$newdomain = $current_site -> domain ;
2010-04-01 17:21:27 -04:00
$path = $base . $domain . '/' ;
2010-01-05 23:02:57 -05:00
}
$password = 'N/A' ;
$user_id = email_exists ( $email );
2010-01-15 18:49:09 -05:00
if ( ! $user_id ) { // Create a new user with a random password
2010-01-06 21:22:51 -05:00
$password = wp_generate_password ();
2010-01-05 23:02:57 -05:00
$user_id = wpmu_create_user ( $domain , $password , $email );
2010-01-15 18:49:09 -05:00
if ( false == $user_id )
2010-04-01 17:21:27 -04:00
wp_die ( __ ( 'There was an error creating the user.' ) );
2010-01-15 18:49:09 -05:00
else
2010-04-01 17:21:27 -04:00
wp_new_user_notification ( $user_id , $password );
2010-01-05 23:02:57 -05:00
}
$wpdb -> hide_errors ();
2010-04-01 17:21:27 -04:00
$id = wpmu_create_blog ( $newdomain , $path , $title , $user_id , array ( 'public' => 1 ), $current_site -> id );
2010-01-05 23:02:57 -05:00
$wpdb -> show_errors ();
2010-04-01 17:21:27 -04:00
if ( ! is_wp_error ( $id ) ) {
2010-01-05 23:02:57 -05:00
$dashboard_blog = get_dashboard_blog ();
2010-04-27 13:37:01 -04:00
if ( ! is_super_admin ( $user_id ) && get_user_option ( 'primary_blog' , $user_id ) == $dashboard_blog -> blog_id )
2010-01-05 23:02:57 -05:00
update_user_option ( $user_id , 'primary_blog' , $id , true );
2010-04-01 17:21:27 -04:00
$content_mail = sprintf ( __ ( " New site created by %1s \n \n Address: http://%2s \n Name: %3s " ), $current_user -> user_login , $newdomain . $path , stripslashes ( $title ) );
wp_mail ( get_site_option ( 'admin_email' ), sprintf ( __ ( '[%s] New Site Created' ), $current_site -> site_name ), $content_mail , 'From: "Site Admin" <' . get_site_option ( 'admin_email' ) . '>' );
wpmu_welcome_notification ( $id , $user_id , $password , $title , array ( 'public' => 1 ) );
wp_redirect ( add_query_arg ( array ( 'updated' => 'true' , 'action' => 'add-blog' ), wp_get_referer () ) );
2010-01-05 23:02:57 -05:00
exit ();
} else {
wp_die ( $id -> get_error_message () );
}
break ;
2010-04-01 17:21:27 -04:00
case 'updateblog' :
check_admin_referer ( 'editblog' );
2010-02-22 13:41:38 -05:00
if ( ! current_user_can ( 'manage_sites' ) )
2010-04-01 17:21:27 -04:00
wp_die ( __ ( 'You do not have permission to access this page.' ) );
2010-02-22 13:41:38 -05:00
2010-01-15 18:49:09 -05:00
if ( empty ( $_POST ) )
2010-05-03 14:16:22 -04:00
wp_die ( sprintf ( __ ( 'You probably need to go back to the <a href="%s">sites page</a>' , esc_url ( admin_url ( 'ms-sites.php' ) ) ) ) );
2010-04-01 17:21:27 -04:00
switch_to_blog ( $id );
2010-01-05 23:02:57 -05:00
// themes
2010-04-01 17:21:27 -04:00
$allowedthemes = array ();
if ( isset ( $_POST [ 'theme' ]) && is_array ( $_POST [ 'theme' ] ) ) {
foreach ( $_POST [ 'theme' ] as $theme => $val ) {
if ( 'on' == $val )
$allowedthemes [ $theme ] = true ;
}
}
update_option ( 'allowedthemes' , $allowedthemes );
2010-01-05 23:02:57 -05:00
2010-04-01 17:21:27 -04:00
// options
if ( is_array ( $_POST [ 'option' ] ) ) {
2010-01-05 23:02:57 -05:00
$c = 1 ;
2010-04-01 17:21:27 -04:00
$count = count ( $_POST [ 'option' ] );
2010-01-05 23:02:57 -05:00
foreach ( ( array ) $_POST [ 'option' ] as $key => $val ) {
2010-02-13 12:49:38 -05:00
if ( $key === 0 || is_array ( $val ) )
2010-01-05 23:02:57 -05:00
continue ; // Avoids "0 is a protected WP option and may not be modified" error when edit blog options
2010-01-15 18:49:09 -05:00
if ( $c == $count )
2010-02-13 12:49:38 -05:00
update_option ( $key , stripslashes ( $val ) );
2010-01-15 18:49:09 -05:00
else
2010-02-13 12:49:38 -05:00
update_option ( $key , stripslashes ( $val ), false ); // no need to refresh blog details yet
2010-01-05 23:02:57 -05:00
$c ++ ;
}
}
2010-04-01 17:21:27 -04:00
// home and siteurl
2010-02-28 13:41:45 -05:00
if ( isset ( $_POST [ 'update_home_url' ] ) && $_POST [ 'update_home_url' ] == 'update' ) {
2010-04-01 17:21:27 -04:00
$blog_address = get_blogaddress_by_domain ( $_POST [ 'blog' ][ 'domain' ], $_POST [ 'blog' ][ 'path' ] );
2010-02-05 16:49:19 -05:00
if ( get_option ( 'siteurl' ) != $blog_address )
2010-04-01 17:21:27 -04:00
update_option ( 'siteurl' , $blog_address );
2010-01-05 23:02:57 -05:00
2010-02-05 16:49:19 -05:00
if ( get_option ( 'home' ) != $blog_address )
update_option ( 'home' , $blog_address );
2010-01-05 23:02:57 -05:00
}
2010-01-06 23:27:46 -05:00
2010-02-28 14:34:57 -05:00
// rewrite rules can't be flushed during switch to blog
2010-02-28 14:49:31 -05:00
delete_option ( 'rewrite_rules' );
2010-01-05 23:02:57 -05:00
// update blogs table
2010-04-01 17:21:27 -04:00
$blog_data = stripslashes_deep ( $_POST [ 'blog' ] );
update_blog_details ( $id , $blog_data );
2010-01-05 23:02:57 -05:00
// get blog prefix
$blog_prefix = $wpdb -> get_blog_prefix ( $id );
2010-01-22 12:27:28 -05:00
2010-01-05 23:02:57 -05:00
// user roles
2010-04-01 17:21:27 -04:00
if ( isset ( $_POST [ 'role' ] ) && is_array ( $_POST [ 'role' ] ) == true ) {
$newroles = $_POST [ 'role' ];
2010-01-05 23:02:57 -05:00
reset ( $newroles );
foreach ( ( array ) $newroles as $userid => $role ) {
2010-04-01 17:21:27 -04:00
$user = new WP_User ( $userid );
2010-01-19 15:12:04 -05:00
if ( ! $user )
continue ;
2010-04-01 17:21:27 -04:00
$user -> for_blog ( $id );
$user -> set_role ( $role );
2010-01-05 23:02:57 -05:00
}
}
// remove user
2010-04-01 17:21:27 -04:00
if ( isset ( $_POST [ 'blogusers' ] ) && is_array ( $_POST [ 'blogusers' ] ) ) {
reset ( $_POST [ 'blogusers' ] );
foreach ( ( array ) $_POST [ 'blogusers' ] as $key => $val )
2010-01-05 23:02:57 -05:00
remove_user_from_blog ( $key , $id );
}
// change password
2010-04-01 17:21:27 -04:00
if ( isset ( $_POST [ 'user_password' ] ) && is_array ( $_POST [ 'user_password' ] ) ) {
reset ( $_POST [ 'user_password' ] );
$newroles = $_POST [ 'role' ];
foreach ( ( array ) $_POST [ 'user_password' ] as $userid => $pass ) {
unset ( $_POST [ 'role' ] );
$_POST [ 'role' ] = $newroles [ $userid ];
2010-01-15 18:49:09 -05:00
if ( $pass != '' ) {
2010-01-05 23:02:57 -05:00
$cap = $wpdb -> get_var ( " SELECT meta_value FROM { $wpdb -> usermeta } WHERE user_id = ' { $userid } ' AND meta_key = ' { $blog_prefix } capabilities' AND meta_value = 'a:0: { }' " );
$userdata = get_userdata ( $userid );
2010-04-01 17:21:27 -04:00
$_POST [ 'pass1' ] = $_POST [ 'pass2' ] = $pass ;
$_POST [ 'email' ] = $userdata -> user_email ;
$_POST [ 'rich_editing' ] = $userdata -> rich_editing ;
2010-01-05 23:02:57 -05:00
edit_user ( $userid );
2010-01-15 18:49:09 -05:00
if ( $cap == null )
2010-01-05 23:02:57 -05:00
$wpdb -> query ( " DELETE FROM { $wpdb -> usermeta } WHERE user_id = ' { $userid } ' AND meta_key = ' { $blog_prefix } capabilities' AND meta_value = 'a:0: { }' " );
}
}
2010-04-01 17:21:27 -04:00
unset ( $_POST [ 'role' ] );
$_POST [ 'role' ] = $newroles ;
2010-01-05 23:02:57 -05:00
}
2010-04-01 17:21:27 -04:00
// add user
if ( ! empty ( $_POST [ 'newuser' ] ) ) {
$newuser = $_POST [ 'newuser' ];
2010-01-05 23:02:57 -05:00
$userid = $wpdb -> get_var ( $wpdb -> prepare ( " SELECT ID FROM " . $wpdb -> users . " WHERE user_login = %s " , $newuser ) );
2010-01-15 18:49:09 -05:00
if ( $userid ) {
2010-04-01 17:21:27 -04:00
$user = $wpdb -> get_var ( " SELECT user_id FROM " . $wpdb -> usermeta . " WHERE user_id=' $userid ' AND meta_key=' { $blog_prefix } capabilities' " );
2010-01-15 18:49:09 -05:00
if ( $user == false )
2010-04-01 17:21:27 -04:00
add_user_to_blog ( $id , $userid , $_POST [ 'new_role' ] );
2010-01-05 23:02:57 -05:00
}
}
do_action ( 'wpmu_update_blog_options' );
restore_current_blog ();
2010-04-01 17:21:27 -04:00
wp_redirect ( add_query_arg ( array ( 'updated' => 'true' , 'action' => 'editblog' , 'id' => $id ), wp_get_referer () ) );
2010-01-05 23:02:57 -05:00
break ;
2010-04-01 17:21:27 -04:00
case 'deleteblog' :
2010-01-05 23:02:57 -05:00
check_admin_referer ( 'deleteblog' );
2010-02-22 13:41:38 -05:00
if ( ! current_user_can ( 'manage_sites' ) )
2010-04-01 17:21:27 -04:00
wp_die ( __ ( 'You do not have permission to access this page.' ) );
2010-02-22 13:41:38 -05:00
2010-01-15 18:49:09 -05:00
if ( $id != '0' && $id != $current_site -> blog_id )
2010-01-05 23:02:57 -05:00
wpmu_delete_blog ( $id , true );
2010-03-17 12:27:25 -04:00
2010-04-01 17:21:27 -04:00
wp_redirect ( add_query_arg ( array ( 'updated' => 'true' , 'action' => 'delete' ), wp_get_referer () ) );
2010-01-05 23:02:57 -05:00
exit ();
break ;
2010-04-01 17:21:27 -04:00
case 'allblogs' :
if ( isset ( $_POST [ 'doaction' ]) || isset ( $_POST [ 'doaction2' ] ) ) {
2010-05-19 01:32:39 -04:00
check_admin_referer ( 'bulk-ms-sites' , '_wpnonce_bulk-ms-sites' );
2010-03-06 13:31:10 -05:00
2010-04-01 17:21:27 -04:00
if ( ! current_user_can ( 'manage_sites' ) )
wp_die ( __ ( 'You do not have permission to access this page.' ) );
2010-05-03 16:26:11 -04:00
2010-04-01 17:21:27 -04:00
if ( $_GET [ 'action' ] != - 1 || $_POST [ 'action2' ] != - 1 )
$doaction = $_POST [ 'action' ] != - 1 ? $_POST [ 'action' ] : $_POST [ 'action2' ];
2010-03-06 13:31:10 -05:00
2010-04-01 17:21:27 -04:00
foreach ( ( array ) $_POST [ 'allblogs' ] as $key => $val ) {
if ( $val != '0' && $val != $current_site -> blog_id ) {
switch ( $doaction ) {
case 'delete' :
$blogfunction = 'all_delete' ;
wpmu_delete_blog ( $val , true );
2010-03-06 13:31:10 -05:00
break ;
2010-04-01 17:21:27 -04:00
case 'spam' :
$blogfunction = 'all_spam' ;
update_blog_status ( $val , 'spam' , '1' , 0 );
set_time_limit ( 60 );
2010-03-06 13:31:10 -05:00
break ;
2010-04-01 17:21:27 -04:00
case 'notspam' :
$blogfunction = 'all_notspam' ;
update_blog_status ( $val , 'spam' , '0' , 0 );
set_time_limit ( 60 );
2010-03-06 13:31:10 -05:00
break ;
2010-04-01 17:21:27 -04:00
}
} else {
wp_die ( __ ( 'You are not allowed to change the current site.' ) );
2010-01-05 23:02:57 -05:00
}
2010-04-01 17:21:27 -04:00
}
2010-03-06 13:31:10 -05:00
2010-04-01 17:21:27 -04:00
wp_redirect ( add_query_arg ( array ( 'updated' => 'true' , 'action' => $blogfunction ), wp_get_referer () ) );
exit ();
2010-03-06 13:31:10 -05:00
} else {
2010-04-01 17:21:27 -04:00
wp_redirect ( admin_url ( 'ms-sites.php' ) );
2010-03-06 13:31:10 -05:00
}
2010-01-05 23:02:57 -05:00
break ;
2010-04-01 17:21:27 -04:00
case 'archiveblog' :
check_admin_referer ( 'archiveblog' );
2010-02-22 13:41:38 -05:00
if ( ! current_user_can ( 'manage_sites' ) )
2010-04-01 17:21:27 -04:00
wp_die ( __ ( 'You do not have permission to access this page.' ) );
2010-02-22 13:41:38 -05:00
2010-04-01 17:21:27 -04:00
update_blog_status ( $id , 'archived' , '1' );
do_action ( 'archive_blog' , $id );
wp_redirect ( add_query_arg ( array ( 'updated' => 'true' , 'action' => 'archive' ), wp_get_referer () ) );
2010-01-05 23:02:57 -05:00
exit ();
break ;
2010-04-01 17:21:27 -04:00
case 'unarchiveblog' :
check_admin_referer ( 'unarchiveblog' );
2010-02-22 13:41:38 -05:00
if ( ! current_user_can ( 'manage_sites' ) )
2010-04-01 17:21:27 -04:00
wp_die ( __ ( 'You do not have permission to access this page.' ) );
2010-02-22 13:41:38 -05:00
2010-04-01 17:21:27 -04:00
do_action ( 'unarchive_blog' , $id );
update_blog_status ( $id , 'archived' , '0' );
wp_redirect ( add_query_arg ( array ( 'updated' => 'true' , 'action' => 'unarchive' ), wp_get_referer () ) );
2010-01-05 23:02:57 -05:00
exit ();
break ;
2010-04-01 17:21:27 -04:00
case 'activateblog' :
check_admin_referer ( 'activateblog' );
2010-02-22 13:41:38 -05:00
if ( ! current_user_can ( 'manage_sites' ) )
2010-04-01 17:21:27 -04:00
wp_die ( __ ( 'You do not have permission to access this page.' ) );
2010-02-22 13:41:38 -05:00
2010-04-01 17:21:27 -04:00
update_blog_status ( $id , 'deleted' , '0' );
do_action ( 'activate_blog' , $id );
wp_redirect ( add_query_arg ( array ( 'updated' => 'true' , 'action' => 'activate' ), wp_get_referer () ) );
2010-01-05 23:02:57 -05:00
exit ();
break ;
2010-04-01 17:21:27 -04:00
case 'deactivateblog' :
check_admin_referer ( 'deactivateblog' );
2010-02-22 13:41:38 -05:00
if ( ! current_user_can ( 'manage_sites' ) )
2010-04-01 17:21:27 -04:00
wp_die ( __ ( 'You do not have permission to access this page.' ) );
2010-02-22 13:41:38 -05:00
2010-04-01 17:21:27 -04:00
do_action ( 'deactivate_blog' , $id );
update_blog_status ( $id , 'deleted' , '1' );
wp_redirect ( add_query_arg ( array ( 'updated' => 'true' , 'action' => 'deactivate' ), wp_get_referer () ) );
2010-01-05 23:02:57 -05:00
exit ();
break ;
2010-04-01 17:21:27 -04:00
case 'unspamblog' :
check_admin_referer ( 'unspamblog' );
2010-02-22 13:41:38 -05:00
if ( ! current_user_can ( 'manage_sites' ) )
2010-04-01 17:21:27 -04:00
wp_die ( __ ( 'You do not have permission to access this page.' ) );
2010-02-22 13:41:38 -05:00
2010-04-01 17:21:27 -04:00
update_blog_status ( $id , 'spam' , '0' );
wp_redirect ( add_query_arg ( array ( 'updated' => 'true' , 'action' => 'unspam' ), wp_get_referer () ) );
2010-01-05 23:02:57 -05:00
exit ();
break ;
2010-04-01 17:21:27 -04:00
case 'spamblog' :
check_admin_referer ( 'spamblog' );
2010-02-22 13:41:38 -05:00
if ( ! current_user_can ( 'manage_sites' ) )
2010-04-01 17:21:27 -04:00
wp_die ( __ ( 'You do not have permission to access this page.' ) );
2010-02-22 13:41:38 -05:00
2010-04-01 17:21:27 -04:00
update_blog_status ( $id , 'spam' , '1' );
wp_redirect ( add_query_arg ( array ( 'updated' => 'true' , 'action' => 'spam' ), wp_get_referer () ) );
2010-01-05 23:02:57 -05:00
exit ();
break ;
// Themes
2010-04-01 17:21:27 -04:00
case 'updatethemes' :
2010-02-22 13:41:38 -05:00
if ( ! current_user_can ( 'manage_network_themes' ) )
2010-04-01 17:21:27 -04:00
wp_die ( __ ( 'You do not have permission to access this page.' ) );
2010-02-22 13:41:38 -05:00
2010-01-15 18:49:09 -05:00
if ( is_array ( $_POST [ 'theme' ] ) ) {
2010-01-05 23:02:57 -05:00
$themes = get_themes ();
reset ( $themes );
2010-01-15 18:49:09 -05:00
foreach ( ( array ) $themes as $key => $theme ) {
2010-02-13 05:35:10 -05:00
if ( $_POST [ 'theme' ][ esc_html ( $theme [ 'Stylesheet' ] ) ] == 'enabled' )
$allowed_themes [ esc_html ( $theme [ 'Stylesheet' ] ) ] = true ;
2010-01-05 23:02:57 -05:00
}
update_site_option ( 'allowedthemes' , $allowed_themes );
}
2010-04-01 17:21:27 -04:00
wp_redirect ( add_query_arg ( array ( 'updated' => 'true' , 'action' => 'themes' ), wp_get_referer () ) );
2010-01-05 23:02:57 -05:00
exit ();
break ;
// Common
2010-04-01 17:21:27 -04:00
case 'confirm' :
2010-01-15 18:49:09 -05:00
if ( ! headers_sent () ) {
2010-01-05 23:02:57 -05:00
nocache_headers ();
header ( 'Content-Type: text/html; charset=utf-8' );
}
2010-05-03 16:26:11 -04:00
if ( $current_site -> blog_id == $id )
2010-04-01 17:21:27 -04:00
wp_die ( __ ( 'You are not allowed to change the current site.' ) );
2010-01-05 23:02:57 -05:00
?>
<! DOCTYPE html PUBLIC " -//W3C//DTD XHTML 1.0 Transitional//EN " " http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd " >
2010-04-01 17:21:27 -04:00
< html xmlns = " http://www.w3.org/1999/xhtml " < ? php if ( function_exists ( 'language_attributes' ) ) language_attributes (); ?> >
2010-01-05 23:02:57 -05:00
< head >
2010-04-01 17:21:27 -04:00
< title >< ? php _e ( 'WordPress › Confirm your action' ); ?> </title>
2010-01-05 23:02:57 -05:00
< meta http - equiv = " Content-Type " content = " text/html; charset=utf-8 " />
< ? php wp_admin_css ( 'install' , true ); ?>
</ head >
< body id = " error-page " >
2010-05-03 14:16:22 -04:00
< h1 id = " logo " >< img alt = " WordPress " src = " <?php echo esc_attr( admin_url( 'images/wordpress-logo.png' ) ); ?> " /></ h1 >
2010-04-01 17:21:27 -04:00
< form action = " ms-edit.php?action=<?php echo esc_attr( $_GET['action2'] ) ?> " method = " post " >
< input type = " hidden " name = " action " value = " <?php echo esc_attr( $_GET['action2'] ) ?> " />
< input type = " hidden " name = " id " value = " <?php echo esc_attr( $id ); ?> " />
< input type = " hidden " name = " _wp_http_referer " value = " <?php echo esc_attr( wp_get_referer() ); ?> " />
< ? php wp_nonce_field ( $_GET [ 'action2' ], '_wpnonce' , false ); ?>
2010-05-18 00:58:18 -04:00
< p >< ? php echo esc_html ( stripslashes ( $_GET [ 'msg' ] ) ); ?> </p>
2010-04-01 17:21:27 -04:00
< p class = " submit " >< input class = " button " type = " submit " value = " <?php _e( 'Confirm' ); ?> " /></ p >
2010-01-05 23:02:57 -05:00
</ form >
</ body >
</ html >
< ? php
break ;
2010-04-01 17:21:27 -04:00
// Users
case 'deleteuser' :
if ( ! current_user_can ( 'manage_network_users' ) )
wp_die ( __ ( 'You do not have permission to access this page.' ) );
check_admin_referer ( 'deleteuser' );
2010-01-05 23:02:57 -05:00
2010-04-01 17:21:27 -04:00
if ( $id != '0' && $id != '1' ) {
$_POST [ 'allusers' ] = array ( $id ); // confirm_delete_users() can only handle with arrays
2010-05-03 16:26:11 -04:00
$title = __ ( 'Users' );
$parent_file = 'ms-admin.php' ;
2010-04-01 17:21:27 -04:00
require_once ( 'admin-header.php' );
echo '<div class="wrap">' ;
confirm_delete_users ( $_POST [ 'allusers' ] );
echo '</div>' ;
require_once ( 'admin-footer.php' );
exit ();
} else {
2010-05-03 16:26:11 -04:00
wp_redirect ( admin_url ( 'ms-users.php' ) );
2010-04-01 17:21:27 -04:00
}
2010-01-05 23:02:57 -05:00
break ;
2010-04-01 17:21:27 -04:00
case 'allusers' :
2010-02-22 13:41:38 -05:00
if ( ! current_user_can ( 'manage_network_users' ) )
2010-04-01 17:21:27 -04:00
wp_die ( __ ( 'You do not have permission to access this page.' ) );
2010-02-22 13:41:38 -05:00
2010-04-01 17:21:27 -04:00
if ( isset ( $_POST [ 'doaction' ]) || isset ( $_POST [ 'doaction2' ] ) ) {
2010-05-19 01:32:39 -04:00
check_admin_referer ( 'bulk-ms-users' , '_wpnonce_bulk-ms-users' );
2010-04-01 17:21:27 -04:00
if ( $_GET [ 'action' ] != - 1 || $_POST [ 'action2' ] != - 1 )
$doaction = $_POST [ 'action' ] != - 1 ? $_POST [ 'action' ] : $_POST [ 'action2' ];
2010-02-25 17:11:54 -05:00
foreach ( ( array ) $_POST [ 'allusers' ] as $key => $val ) {
2010-04-02 02:46:07 -04:00
if ( ! empty ( $val ) ) {
2010-04-01 17:21:27 -04:00
switch ( $doaction ) {
case 'delete' :
2010-05-03 16:26:11 -04:00
$title = __ ( 'Users' );
$parent_file = 'ms-admin.php' ;
2010-04-01 17:21:27 -04:00
require_once ( 'admin-header.php' );
echo '<div class="wrap">' ;
confirm_delete_users ( $_POST [ 'allusers' ] );
echo '</div>' ;
require_once ( 'admin-footer.php' );
exit ();
break ;
case 'spam' :
$user = new WP_User ( $val );
2010-04-23 16:34:03 -04:00
if ( in_array ( $user -> user_login , get_super_admins () ) )
2010-04-01 17:21:27 -04:00
wp_die ( sprintf ( __ ( 'Warning! User cannot be modified. The user %s is a network admnistrator.' ), esc_html ( $user -> user_login ) ) );
$userfunction = 'all_spam' ;
$blogs = get_blogs_of_user ( $val , true );
foreach ( ( array ) $blogs as $key => $details ) {
if ( $details -> userblog_id != $current_site -> blog_id ) // main blog not a spam !
update_blog_status ( $details -> userblog_id , 'spam' , '1' );
}
update_user_status ( $val , 'spam' , '1' , 1 );
break ;
case 'notspam' :
$userfunction = 'all_notspam' ;
$blogs = get_blogs_of_user ( $val , true );
2010-05-03 16:26:11 -04:00
foreach ( ( array ) $blogs as $key => $details )
2010-04-01 17:21:27 -04:00
update_blog_status ( $details -> userblog_id , 'spam' , '0' );
update_user_status ( $val , 'spam' , '0' , 1 );
break ;
2010-05-03 16:26:11 -04:00
}
}
2010-02-25 17:11:54 -05:00
}
2010-04-01 17:21:27 -04:00
wp_redirect ( add_query_arg ( array ( 'updated' => 'true' , 'action' => $userfunction ), wp_get_referer () ) );
exit ();
2010-01-05 23:02:57 -05:00
} else {
2010-04-01 17:21:27 -04:00
wp_redirect ( admin_url ( 'ms-users.php' ) );
}
break ;
case 'dodelete' :
check_admin_referer ( 'ms-users-delete' );
if ( ! current_user_can ( 'manage_network_users' ) )
wp_die ( __ ( 'You do not have permission to access this page.' ) );
if ( is_array ( $_POST [ 'blog' ] ) && ! empty ( $_POST [ 'blog' ] ) ) {
foreach ( $_POST [ 'blog' ] as $id => $users ) {
foreach ( $users as $blogid => $user_id ) {
if ( ! empty ( $_POST [ 'delete' ] ) && 'reassign' == $_POST [ 'delete' ][ $blogid ][ $id ] )
remove_user_from_blog ( $id , $blogid , $user_id );
else
remove_user_from_blog ( $id , $blogid );
2010-01-05 23:02:57 -05:00
}
}
}
2010-04-01 17:21:27 -04:00
$i = 0 ;
if ( is_array ( $_POST [ 'user' ] ) && ! empty ( $_POST [ 'user' ] ) )
foreach ( $_POST [ 'user' ] as $id ) {
wpmu_delete_user ( $id );
2010-05-03 16:26:11 -04:00
$i ++ ;
2010-04-01 17:21:27 -04:00
}
if ( $i == 1 )
$deletefunction = 'delete' ;
else
$deletefunction = 'all_delete' ;
wp_redirect ( add_query_arg ( array ( 'updated' => 'true' , 'action' => $deletefunction ), admin_url ( 'ms-users.php' ) ) );
2010-01-05 23:02:57 -05:00
break ;
2010-04-01 17:21:27 -04:00
case 'adduser' :
2010-05-19 01:32:39 -04:00
check_admin_referer ( 'add-user' , '_wpnonce_add-user' );
2010-02-22 13:41:38 -05:00
if ( ! current_user_can ( 'manage_network_users' ) )
2010-04-01 17:21:27 -04:00
wp_die ( __ ( 'You do not have permission to access this page.' ) );
2010-01-05 23:02:57 -05:00
2010-04-01 17:21:27 -04:00
if ( is_array ( $_POST [ 'user' ] ) == false )
wp_die ( __ ( 'Cannot create an empty user.' ) );
2010-01-05 23:02:57 -05:00
$user = $_POST [ 'user' ];
2010-01-15 18:49:09 -05:00
if ( empty ( $user [ 'username' ]) && empty ( $user [ 'email' ]) )
2010-04-01 17:21:27 -04:00
wp_die ( __ ( 'Missing username and email.' ) );
2010-01-15 18:49:09 -05:00
elseif ( empty ( $user [ 'username' ]) )
2010-04-01 17:21:27 -04:00
wp_die ( __ ( 'Missing username.' ) );
2010-01-15 18:49:09 -05:00
elseif ( empty ( $user [ 'email' ]) )
2010-04-01 17:21:27 -04:00
wp_die ( __ ( 'Missing email.' ) );
2010-01-05 23:02:57 -05:00
2010-01-27 12:55:39 -05:00
$password = wp_generate_password ();
2010-04-01 17:21:27 -04:00
$user_id = wpmu_create_user ( esc_html ( strtolower ( $user [ 'username' ] ) ), $password , esc_html ( $user [ 'email' ] ) );
2010-01-05 23:02:57 -05:00
2010-01-15 18:49:09 -05:00
if ( false == $user_id )
2010-04-01 17:21:27 -04:00
wp_die ( __ ( 'Duplicated username or email address.' ) );
2010-01-15 18:49:09 -05:00
else
2010-04-01 17:21:27 -04:00
wp_new_user_notification ( $user_id , $password );
2010-01-15 18:49:09 -05:00
if ( get_site_option ( 'dashboard_blog' ) == false )
2010-01-05 23:02:57 -05:00
add_user_to_blog ( $current_site -> blog_id , $user_id , get_site_option ( 'default_user_role' , 'subscriber' ) );
2010-01-15 18:49:09 -05:00
else
2010-01-05 23:02:57 -05:00
add_user_to_blog ( get_site_option ( 'dashboard_blog' ), $user_id , get_site_option ( 'default_user_role' , 'subscriber' ) );
2010-04-01 17:21:27 -04:00
wp_redirect ( add_query_arg ( array ( 'updated' => 'true' , 'action' => 'add' ), wp_get_referer () ) );
2010-01-05 23:02:57 -05:00
exit ();
break ;
default :
2010-04-01 17:21:27 -04:00
wp_redirect ( admin_url ( 'ms-admin.php' ) );
2010-01-05 23:02:57 -05:00
break ;
}
?>