siteid; else $site_id = $wpdb->get_var( $wpdb->prepare( "SELECT id FROM $wpdb->site WHERE domain = %s AND path = %s", $sitedomain, $path ) ); if ( $site_id ) return $wpdb->get_results( $wpdb->prepare( "SELECT u.ID, u.user_login, u.user_pass FROM $wpdb->users AS u, $wpdb->sitemeta AS sm WHERE sm.meta_key = 'admin_user_id' AND u.ID = sm.meta_value AND sm.site_id = %d", $site_id ), ARRAY_A ); return false; } /** * Get one of a user's active blogs * * Returns the user's primary blog, if she has one and * it is active. If it's inactive, function returns another * active blog of the user. If none are found, the user * is added as a Subscriber to the Dashboard Blog and that blog * is returned. * * @since MU 1.0 * @uses get_blogs_of_user() * @uses add_user_to_blog() * @uses get_blog_details() * * @param int $user_id The unique ID of the user * @return object The blog object */ function get_active_blog_for_user( $user_id ) { global $wpdb; $blogs = get_blogs_of_user( $user_id ); if ( empty( $blogs ) ) return null; if ( !is_multisite() ) return $blogs[$wpdb->blogid]; $primary_blog = get_user_meta( $user_id, 'primary_blog', true ); $first_blog = current($blogs); if ( false !== $primary_blog ) { if ( ! isset( $blogs[ $primary_blog ] ) ) { update_user_meta( $user_id, 'primary_blog', $first_blog->userblog_id ); $primary = $first_blog; } else { $primary = get_blog_details( $primary_blog ); } } else { //TODO Review this call to add_user_to_blog too - to get here the user must have a role on this blog? add_user_to_blog( $first_blog->userblog_id, $user_id, 'subscriber' ); update_user_meta( $user_id, 'primary_blog', $first_blog->userblog_id ); $primary = $first_blog; } if ( ( ! is_object( $primary ) ) || ( is_object( $primary ) && $primary->archived == 1 || $primary->spam == 1 || $primary->deleted == 1 ) ) { $blogs = get_blogs_of_user( $user_id, true ); // if a user's primary blog is shut down, check their other blogs. $ret = false; if ( is_array( $blogs ) && count( $blogs ) > 0 ) { foreach ( (array) $blogs as $blog_id => $blog ) { if ( $blog->site_id != $wpdb->siteid ) continue; $details = get_blog_details( $blog_id ); if ( is_object( $details ) && $details->archived == 0 && $details->spam == 0 && $details->deleted == 0 ) { $ret = $blog; if ( get_user_meta( $user_id , 'primary_blog', true ) != $blog_id ) update_user_meta( $user_id, 'primary_blog', $blog_id ); if ( !get_user_meta($user_id , 'source_domain', true) ) update_user_meta( $user_id, 'source_domain', $blog->domain ); break; } } } else { return null; } return $ret; } else { return $primary; } } /** * Find out whether a user is a member of a given blog. * * @since MU 1.1 * @uses get_blogs_of_user() * * @param int $user_id The unique ID of the user * @param int $blog Optional. If no blog_id is provided, current site is used * @return bool */ function is_user_member_of_blog( $user_id, $blog_id = 0 ) { $user_id = (int) $user_id; $blog_id = (int) $blog_id; if ( $blog_id == 0 ) { global $wpdb; $blog_id = $wpdb->blogid; } $blogs = get_blogs_of_user( $user_id ); if ( is_array( $blogs ) ) return array_key_exists( $blog_id, $blogs ); else return false; } /** * The number of active users in your installation. * * The count is cached and updated twice daily. This is not a live count. * * @since MU 2.7 * * @return int */ function get_user_count() { return get_site_option( 'user_count' ); } /** * The number of active sites on your installation. * * The count is cached and updated twice daily. This is not a live count. * * @since MU 1.0 * * @param int $id Optional. A site_id. * @return int */ function get_blog_count( $id = 0 ) { return get_site_option( 'blog_count' ); } /** * Get a blog post from any site on the network. * * @since MU 1.0 * * @param int $blog_id ID of the blog. * @param int $post_id ID of the post you're looking for. * @return object The post. */ function get_blog_post( $blog_id, $post_id ) { global $wpdb; $key = $blog_id . '-' . $post_id; $post = wp_cache_get( $key, 'global-posts' ); if ( $post == false ) { $post = $wpdb->get_row( $wpdb->prepare( 'SELECT * FROM ' . $wpdb->get_blog_prefix( $blog_id ) . 'posts WHERE ID = %d', $post_id ) ); wp_cache_add( $key, $post, 'global-posts' ); } return $post; } /** * Add a user to a blog. * * Use the 'add_user_to_blog' action to fire an event when * users are added to a blog. * * @since MU 1.0 * * @param int $blog_id ID of the blog you're adding the user to. * @param int $user_id ID of the user you're adding. * @param string $role The role you want the user to have * @return bool */ function add_user_to_blog( $blog_id, $user_id, $role ) { switch_to_blog($blog_id); $user = new WP_User($user_id); if ( empty( $user->ID ) ) { restore_current_blog(); return new WP_Error('user_does_not_exist', __('That user does not exist.')); } if ( !get_user_meta($user_id, 'primary_blog', true) ) { update_user_meta($user_id, 'primary_blog', $blog_id); $details = get_blog_details($blog_id); update_user_meta($user_id, 'source_domain', $details->domain); } $user->set_role($role); do_action('add_user_to_blog', $user_id, $role, $blog_id); wp_cache_delete( $user_id, 'users' ); restore_current_blog(); return true; } /** * Remove a user from a blog. * * Use the 'remove_user_from_blog' action to fire an event when * users are removed from a blog. * * Accepts an optional $reassign parameter, if you want to * reassign the user's blog posts to another user upon removal. * * @since MU 1.0 * * @param int $user_id ID of the user you're removing. * @param int $blog_id ID of the blog you're removing the user from. * @param string $reassign Optional. A user to whom to reassign posts. * @return bool */ function remove_user_from_blog($user_id, $blog_id = '', $reassign = '') { global $wpdb; switch_to_blog($blog_id); $user_id = (int) $user_id; do_action('remove_user_from_blog', $user_id, $blog_id); // If being removed from the primary blog, set a new primary if the user is assigned // to multiple blogs. $primary_blog = get_user_meta($user_id, 'primary_blog', true); if ( $primary_blog == $blog_id ) { $new_id = ''; $new_domain = ''; $blogs = get_blogs_of_user($user_id); foreach ( (array) $blogs as $blog ) { if ( $blog->userblog_id == $blog_id ) continue; $new_id = $blog->userblog_id; $new_domain = $blog->domain; break; } update_user_meta($user_id, 'primary_blog', $new_id); update_user_meta($user_id, 'source_domain', $new_domain); } // wp_revoke_user($user_id); $user = new WP_User($user_id); if ( empty( $user->ID ) ) { restore_current_blog(); return new WP_Error('user_does_not_exist', __('That user does not exist.')); } $user->remove_all_caps(); $blogs = get_blogs_of_user($user_id); if ( count($blogs) == 0 ) { update_user_meta($user_id, 'primary_blog', ''); update_user_meta($user_id, 'source_domain', ''); } if ( $reassign != '' ) { $reassign = (int) $reassign; $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_author = %d WHERE post_author = %d", $reassign, $user_id) ); $wpdb->query( $wpdb->prepare("UPDATE $wpdb->links SET link_owner = %d WHERE link_owner = %d", $reassign, $user_id) ); } restore_current_blog(); return true; } /** * Create an empty blog. * * @since MU 1.0 * @uses install_blog() * * @param string $domain The new blog's domain. * @param string $path The new blog's path. * @param string $string The new blog's title. * @param int $site Optional. Defaults to 1. * @return int The ID of the newly created blog */ function create_empty_blog( $domain, $path, $weblog_title, $site_id = 1 ) { $domain = addslashes( $domain ); $weblog_title = addslashes( $weblog_title ); if ( empty($path) ) $path = '/'; // Check if the domain has been used already. We should return an error message. if ( domain_exists($domain, $path, $site_id) ) return __( 'Error: Site URL already taken.' ); // Need to back up wpdb table names, and create a new wp_blogs entry for new blog. // Need to get blog_id from wp_blogs, and create new table names. // Must restore table names at the end of function. if ( ! $blog_id = insert_blog($domain, $path, $site_id) ) return __( 'Error: problem creating site entry.' ); switch_to_blog($blog_id); install_blog($blog_id); restore_current_blog(); return $blog_id; } /** * Get the permalink for a post on another blog. * * @since MU 1.0 * * @param int $_blog_id ID of the source blog. * @param int $post_id ID of the desired post. * @return string The post's permalink */ function get_blog_permalink( $_blog_id, $post_id ) { $key = "{$_blog_id}-{$post_id}-blog_permalink"; $link = wp_cache_get( $key, 'site-options' ); if ( $link == false ) { switch_to_blog( $_blog_id ); $link = get_permalink( $post_id ); restore_current_blog(); wp_cache_add( $key, $link, 'site-options', 360 ); } return $link; } /** * Get a blog's numeric ID from its URL. * * On a subdirectory installation like example.com/blog1/, * $domain will be the root 'example.com' and $path the * subdirectory '/blog1/'. With subdomains like blog1.example.com, * $domain is 'blog1.example.com' and $path is '/'. * * @since MU 2.6.5 * * @param string $domain * @param string $path Optional. Not required for subdomain installations. * @return int */ function get_blog_id_from_url( $domain, $path = '/' ) { global $wpdb; $domain = strtolower( $wpdb->escape( $domain ) ); $path = strtolower( $wpdb->escape( $path ) ); $id = wp_cache_get( md5( $domain . $path ), 'blog-id-cache' ); if ( $id == -1 ) { // blog does not exist return 0; } elseif ( $id ) { return (int)$id; } $id = $wpdb->get_var( "SELECT blog_id FROM $wpdb->blogs WHERE domain = '$domain' and path = '$path' /* get_blog_id_from_url */" ); if ( !$id ) { wp_cache_set( md5( $domain . $path ), -1, 'blog-id-cache' ); return false; } wp_cache_set( md5( $domain . $path ), $id, 'blog-id-cache' ); return $id; } // Admin functions /** * Redirect a user based on $_GET or $_POST arguments. * * The function looks for redirect arguments in the following order: * 1) $_GET['ref'] * 2) $_POST['ref'] * 3) $_SERVER['HTTP_REFERER'] * 4) $_GET['redirect'] * 5) $_POST['redirect'] * 6) $url * * @since MU * @uses wpmu_admin_redirect_add_updated_param() * * @param string $url */ function wpmu_admin_do_redirect( $url = '' ) { $ref = ''; if ( isset( $_GET['ref'] ) ) $ref = $_GET['ref']; if ( isset( $_POST['ref'] ) ) $ref = $_POST['ref']; if ( $ref ) { $ref = wpmu_admin_redirect_add_updated_param( $ref ); wp_redirect( $ref ); exit(); } if ( empty( $_SERVER['HTTP_REFERER'] ) == false ) { wp_redirect( $_SERVER['HTTP_REFERER'] ); exit(); } $url = wpmu_admin_redirect_add_updated_param( $url ); if ( isset( $_GET['redirect'] ) ) { if ( substr( $_GET['redirect'], 0, 2 ) == 's_' ) $url .= '&action=blogs&s='. esc_html( substr( $_GET['redirect'], 2 ) ); } elseif ( isset( $_POST['redirect'] ) ) { $url = wpmu_admin_redirect_add_updated_param( $_POST['redirect'] ); } wp_redirect( $url ); exit(); } /** * Adds an 'updated=true' argument to a URL. * * @since MU * * @param string $url * @return string */ function wpmu_admin_redirect_add_updated_param( $url = '' ) { if ( strpos( $url, 'updated=true' ) === false ) { if ( strpos( $url, '?' ) === false ) return $url . '?updated=true'; else return $url . '&updated=true'; } return $url; } /** * Checks an email address against a list of banned domains. * * This function checks against the Banned Email Domains list * at wp-admin/network/settings.php. The check is only run on * self-registrations; user creation at wp-admin/network/users.php * bypasses this check. * * @since MU * * @param string $user_email The email provided by the user at registration. * @return bool Returns true when the email address is banned. */ function is_email_address_unsafe( $user_email ) { $banned_names = get_site_option( 'banned_email_domains' ); if ($banned_names && !is_array( $banned_names )) $banned_names = explode( "\n", $banned_names); if ( is_array( $banned_names ) && empty( $banned_names ) == false ) { $email_domain = strtolower( substr( $user_email, 1 + strpos( $user_email, '@' ) ) ); foreach ( (array) $banned_names as $banned_domain ) { if ( $banned_domain == '' ) continue; if ( strstr( $email_domain, $banned_domain ) || ( strstr( $banned_domain, '/' ) && preg_match( $banned_domain, $email_domain ) ) ) return true; } } return false; } /** * Processes new user registrations. * * Checks the data provided by the user during signup. Verifies * the validity and uniqueness of user names and user email addresses, * and checks email addresses against admin-provided domain * whitelists and blacklists. * * The hook 'wpmu_validate_user_signup' provides an easy way * to modify the signup process. The value $result, which is passed * to the hook, contains both the user-provided info and the error * messages created by the function. 'wpmu_validate_user_signup' allows * you to process the data in any way you'd like, and unset the * relevant errors if necessary. * * @since MU * @uses is_email_address_unsafe() * @uses username_exists() * @uses email_exists() * * @param string $user_name The login name provided by the user. * @param string $user_email The email provided by the user. * @return array Contains username, email, and error messages. */ function wpmu_validate_user_signup($user_name, $user_email) { global $wpdb; $errors = new WP_Error(); $orig_username = $user_name; $user_name = preg_replace( '/\s+/', '', sanitize_user( $user_name, true ) ); $maybe = array(); preg_match( '/[a-z0-9]+/', $user_name, $maybe ); if ( $user_name != $orig_username || $user_name != $maybe[0] ) { $errors->add( 'user_name', __( 'Only lowercase letters (a-z) and numbers are allowed.' ) ); $user_name = $orig_username; } $user_email = sanitize_email( $user_email ); if ( empty( $user_name ) ) $errors->add('user_name', __('Please enter a username')); $illegal_names = get_site_option( 'illegal_names' ); if ( is_array( $illegal_names ) == false ) { $illegal_names = array( 'www', 'web', 'root', 'admin', 'main', 'invite', 'administrator' ); add_site_option( 'illegal_names', $illegal_names ); } if ( in_array( $user_name, $illegal_names ) == true ) $errors->add('user_name', __('That username is not allowed')); if ( is_email_address_unsafe( $user_email ) ) $errors->add('user_email', __('You cannot use that email address to signup. We are having problems with them blocking some of our email. Please use another email provider.')); if ( strlen( $user_name ) < 4 ) $errors->add('user_name', __('Username must be at least 4 characters')); if ( strpos( ' ' . $user_name, '_' ) != false ) $errors->add( 'user_name', __( 'Sorry, usernames may not contain the character “_”!' ) ); // all numeric? $match = array(); preg_match( '/[0-9]*/', $user_name, $match ); if ( $match[0] == $user_name ) $errors->add('user_name', __('Sorry, usernames must have letters too!')); if ( !is_email( $user_email ) ) $errors->add('user_email', __('Please enter a correct email address')); $limited_email_domains = get_site_option( 'limited_email_domains' ); if ( is_array( $limited_email_domains ) && empty( $limited_email_domains ) == false ) { $emaildomain = substr( $user_email, 1 + strpos( $user_email, '@' ) ); if ( in_array( $emaildomain, $limited_email_domains ) == false ) $errors->add('user_email', __('Sorry, that email address is not allowed!')); } // Check if the username has been used already. if ( username_exists($user_name) ) $errors->add('user_name', __('Sorry, that username already exists!')); // Check if the email address has been used already. if ( email_exists($user_email) ) $errors->add('user_email', __('Sorry, that email address is already used!')); // Has someone already signed up for this username? $signup = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->signups WHERE user_login = %s", $user_name) ); if ( $signup != null ) { $registered_at = mysql2date('U', $signup->registered); $now = current_time( 'timestamp', true ); $diff = $now - $registered_at; // If registered more than two days ago, cancel registration and let this signup go through. if ( $diff > 172800 ) $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->signups WHERE user_login = %s", $user_name) ); else $errors->add('user_name', __('That username is currently reserved but may be available in a couple of days.')); if ( $signup->active == 0 && $signup->user_email == $user_email ) $errors->add('user_email_used', __('username and email used')); } $signup = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->signups WHERE user_email = %s", $user_email) ); if ( $signup != null ) { $diff = current_time( 'timestamp', true ) - mysql2date('U', $signup->registered); // If registered more than two days ago, cancel registration and let this signup go through. if ( $diff > 172800 ) $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->signups WHERE user_email = %s", $user_email) ); else $errors->add('user_email', __('That email address has already been used. Please check your inbox for an activation email. It will become available in a couple of days if you do nothing.')); } $result = array('user_name' => $user_name, 'orig_username' => $orig_username, 'user_email' => $user_email, 'errors' => $errors); return apply_filters('wpmu_validate_user_signup', $result); } /** * Processes new site registrations. * * Checks the data provided by the user during blog signup. Verifies * the validity and uniqueness of blog paths and domains. * * This function prevents the current user from registering a new site * with a blogname equivalent to another user's login name. Passing the * $user parameter to the function, where $user is the other user, is * effectively an override of this limitation. * * Filter 'wpmu_validate_blog_signup' if you want to modify * the way that WordPress validates new site signups. * * @since MU * @uses domain_exists() * @uses username_exists() * * @param string $blogname The blog name provided by the user. Must be unique. * @param string $blog_title The blog title provided by the user. * @return array Contains the new site data and error messages. */ function wpmu_validate_blog_signup($blogname, $blog_title, $user = '') { global $wpdb, $domain, $base, $current_site; $blog_title = strip_tags( $blog_title ); $blog_title = substr( $blog_title, 0, 50 ); $errors = new WP_Error(); $illegal_names = get_site_option( 'illegal_names' ); if ( $illegal_names == false ) { $illegal_names = array( 'www', 'web', 'root', 'admin', 'main', 'invite', 'administrator' ); add_site_option( 'illegal_names', $illegal_names ); } // On sub dir installs, Some names are so illegal, only a filter can spring them from jail if (! is_subdomain_install() ) $illegal_names = array_merge($illegal_names, apply_filters( 'subdirectory_reserved_names', array( 'page', 'comments', 'blog', 'files', 'feed' ) ) ); if ( empty( $blogname ) ) $errors->add('blogname', __('Please enter a site name')); if ( preg_match( '/[^a-z0-9]+/', $blogname ) ) $errors->add('blogname', __('Only lowercase letters and numbers allowed')); if ( in_array( $blogname, $illegal_names ) == true ) $errors->add('blogname', __('That name is not allowed')); if ( strlen( $blogname ) < 4 && !is_super_admin() ) $errors->add('blogname', __('Site name must be at least 4 characters')); if ( strpos( ' ' . $blogname, '_' ) != false ) $errors->add( 'blogname', __( 'Sorry, site names may not contain the character “_”!' ) ); // do not allow users to create a blog that conflicts with a page on the main blog. if ( !is_subdomain_install() && $wpdb->get_var( $wpdb->prepare( "SELECT post_name FROM " . $wpdb->get_blog_prefix( $current_site->blog_id ) . "posts WHERE post_type = 'page' AND post_name = %s", $blogname ) ) ) $errors->add( 'blogname', __( 'Sorry, you may not use that site name.' ) ); // all numeric? $match = array(); preg_match( '/[0-9]*/', $blogname, $match ); if ( $match[0] == $blogname ) $errors->add('blogname', __('Sorry, site names must have letters too!')); $blogname = apply_filters( 'newblogname', $blogname ); $blog_title = stripslashes( $blog_title ); if ( empty( $blog_title ) ) $errors->add('blog_title', __('Please enter a site title')); // Check if the domain/path has been used already. if ( is_subdomain_install() ) { $mydomain = $blogname . '.' . preg_replace( '|^www\.|', '', $domain ); $path = $base; } else { $mydomain = "$domain"; $path = $base.$blogname.'/'; } if ( domain_exists($mydomain, $path) ) $errors->add('blogname', __('Sorry, that site already exists!')); if ( username_exists( $blogname ) ) { if ( is_object( $user ) == false || ( is_object($user) && ( $user->user_login != $blogname ) ) ) $errors->add( 'blogname', __( 'Sorry, that site is reserved!' ) ); } // Has someone already signed up for this domain? $signup = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->signups WHERE domain = %s AND path = %s", $mydomain, $path) ); // TODO: Check email too? if ( ! empty($signup) ) { $diff = current_time( 'timestamp', true ) - mysql2date('U', $signup->registered); // If registered more than two days ago, cancel registration and let this signup go through. if ( $diff > 172800 ) $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->signups WHERE domain = %s AND path = %s", $mydomain, $path) ); else $errors->add('blogname', __('That site is currently reserved but may be available in a couple days.')); } $result = array('domain' => $mydomain, 'path' => $path, 'blogname' => $blogname, 'blog_title' => $blog_title, 'errors' => $errors); return apply_filters('wpmu_validate_blog_signup', $result); } /** * Record site signup information for future activation. * * @since MU * @uses wpmu_signup_blog_notification() * * @param string $domain The requested domain. * @param string $path The requested path. * @param string $title The requested site title. * @param string $user The user's requested login name. * @param string $user_email The user's email address. * @param array $meta By default, contains the requested privacy setting and lang_id. */ function wpmu_signup_blog($domain, $path, $title, $user, $user_email, $meta = '') { global $wpdb; $key = substr( md5( time() . rand() . $domain ), 0, 16 ); $meta = serialize($meta); $domain = $wpdb->escape($domain); $path = $wpdb->escape($path); $title = $wpdb->escape($title); $wpdb->insert( $wpdb->signups, array( 'domain' => $domain, 'path' => $path, 'title' => $title, 'user_login' => $user, 'user_email' => $user_email, 'registered' => current_time('mysql', true), 'activation_key' => $key, 'meta' => $meta ) ); wpmu_signup_blog_notification($domain, $path, $title, $user, $user_email, $key, $meta); } /** * Record user signup information for future activation. * * This function is used when user registration is open but * new site registration is not. * * @since MU * @uses wpmu_signup_user_notification() * * @param string $user The user's requested login name. * @param string $user_email The user's email address. * @param array $meta By default, this is an empty array. */ function wpmu_signup_user($user, $user_email, $meta = '') { global $wpdb; // Format data $user = preg_replace( '/\s+/', '', sanitize_user( $user, true ) ); $user_email = sanitize_email( $user_email ); $key = substr( md5( time() . rand() . $user_email ), 0, 16 ); $meta = serialize($meta); $wpdb->insert( $wpdb->signups, array( 'domain' => '', 'path' => '', 'title' => '', 'user_login' => $user, 'user_email' => $user_email, 'registered' => current_time('mysql', true), 'activation_key' => $key, 'meta' => $meta ) ); wpmu_signup_user_notification($user, $user_email, $key, $meta); } /** * Notify user of signup success. * * This is the notification function used when site registration * is enabled. * * Filter 'wpmu_signup_blog_notification' to bypass this function or * replace it with your own notification behavior. * * Filter 'wpmu_signup_blog_notification_email' and * 'wpmu_signup_blog_notification_email' to change the content * and subject line of the email sent to newly registered users. * * @since MU * * @param string $domain The new blog domain. * @param string $path The new blog path. * @param string $title The site title. * @param string $user The user's login name. * @param string $user_email The user's email address. * @param array $meta By default, contains the requested privacy setting and lang_id. * @param string $key The activation key created in wpmu_signup_blog() * @return bool */ function wpmu_signup_blog_notification($domain, $path, $title, $user, $user_email, $key, $meta = '') { global $current_site; if ( !apply_filters('wpmu_signup_blog_notification', $domain, $path, $title, $user, $user_email, $key, $meta) ) return false; // Send email with activation link. if ( !is_subdomain_install() || $current_site->id != 1 ) $activate_url = network_site_url("wp-activate.php?key=$key"); else $activate_url = "http://{$domain}{$path}wp-activate.php?key=$key"; // @todo use *_url() API $activate_url = esc_url($activate_url); $admin_email = get_site_option( 'admin_email' ); if ( $admin_email == '' ) $admin_email = 'support@' . $_SERVER['SERVER_NAME']; $from_name = get_site_option( 'site_name' ) == '' ? 'WordPress' : esc_html( get_site_option( 'site_name' ) ); $message_headers = "From: \"{$from_name}\" <{$admin_email}>\n" . "Content-Type: text/plain; charset=\"" . get_option('blog_charset') . "\"\n"; $message = sprintf( apply_filters( 'wpmu_signup_blog_notification_email', __( "To activate your blog, please click the following link:\n\n%s\n\nAfter you activate, you will receive *another email* with your login.\n\nAfter you activate, you can visit your site here:\n\n%s" ), $domain, $path, $title, $user, $user_email, $key, $meta ), $activate_url, esc_url( "http://{$domain}{$path}" ), $key ); // TODO: Don't hard code activation link. $subject = sprintf( apply_filters( 'wpmu_signup_blog_notification_subject', __( '[%1$s] Activate %2$s' ), $domain, $path, $title, $user, $user_email, $key, $meta ), $from_name, esc_url( 'http://' . $domain . $path ) ); wp_mail($user_email, $subject, $message, $message_headers); return true; } /** * Notify user of signup success. * * This is the notification function used when no new site has * been requested. * * Filter 'wpmu_signup_user_notification' to bypass this function or * replace it with your own notification behavior. * * Filter 'wpmu_signup_user_notification_email' and * 'wpmu_signup_user_notification_subject' to change the content * and subject line of the email sent to newly registered users. * * @since MU * * @param string $user The user's login name. * @param string $user_email The user's email address. * @param array $meta By default, an empty array. * @param string $key The activation key created in wpmu_signup_user() * @return bool */ function wpmu_signup_user_notification($user, $user_email, $key, $meta = '') { if ( !apply_filters('wpmu_signup_user_notification', $user, $user_email, $key, $meta) ) return false; // Send email with activation link. $admin_email = get_site_option( 'admin_email' ); if ( $admin_email == '' ) $admin_email = 'support@' . $_SERVER['SERVER_NAME']; $from_name = get_site_option( 'site_name' ) == '' ? 'WordPress' : esc_html( get_site_option( 'site_name' ) ); $message_headers = "From: \"{$from_name}\" <{$admin_email}>\n" . "Content-Type: text/plain; charset=\"" . get_option('blog_charset') . "\"\n"; $message = sprintf( apply_filters( 'wpmu_signup_user_notification_email', __( "To activate your user, please click the following link:\n\n%s\n\nAfter you activate, you will receive *another email* with your login.\n\n" ), $user, $user_email, $key, $meta ), site_url( "wp-activate.php?key=$key" ) ); // TODO: Don't hard code activation link. $subject = sprintf( apply_filters( 'wpmu_signup_user_notification_subject', __( '[%1$s] Activate %2$s' ), $user, $user_email, $key, $meta ), $from_name, $user ); wp_mail($user_email, $subject, $message, $message_headers); return true; } /** * Activate a signup. * * Hook to 'wpmu_activate_user' or 'wpmu_activate_blog' for events * that should happen only when users or sites are self-created (since * those actions are not called when users and sites are created * by a Super Admin). * * @since MU * @uses wp_generate_password() * @uses wpmu_welcome_user_notification() * @uses add_user_to_blog() * @uses add_new_user_to_blog() * @uses wpmu_create_user() * @uses wpmu_create_blog() * @uses wpmu_welcome_notification() * * @param string $key The activation key provided to the user. * @return array An array containing information about the activated user and/or blog */ function wpmu_activate_signup($key) { global $wpdb, $current_site; $signup = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->signups WHERE activation_key = %s", $key) ); if ( empty( $signup ) ) return new WP_Error( 'invalid_key', __( 'Invalid activation key.' ) ); if ( $signup->active ) { if ( empty( $signup->domain ) ) return new WP_Error( 'already_active', __( 'The user is already active.' ), $signup ); else return new WP_Error( 'already_active', __( 'The site is already active.' ), $signup ); } $meta = unserialize($signup->meta); $user_login = $wpdb->escape($signup->user_login); $user_email = $wpdb->escape($signup->user_email); $password = wp_generate_password( 12, false ); $user_id = username_exists($user_login); if ( ! $user_id ) $user_id = wpmu_create_user($user_login, $password, $user_email); else $user_already_exists = true; if ( ! $user_id ) return new WP_Error('create_user', __('Could not create user'), $signup); $now = current_time('mysql', true); if ( empty($signup->domain) ) { $wpdb->update( $wpdb->signups, array('active' => 1, 'activated' => $now), array('activation_key' => $key) ); if ( isset( $user_already_exists ) ) return new WP_Error( 'user_already_exists', __( 'That username is already activated.' ), $signup); wpmu_welcome_user_notification($user_id, $password, $meta); add_new_user_to_blog( $user_id, $user_email, $meta ); do_action('wpmu_activate_user', $user_id, $password, $meta); return array('user_id' => $user_id, 'password' => $password, 'meta' => $meta); } $blog_id = wpmu_create_blog( $signup->domain, $signup->path, $signup->title, $user_id, $meta, $wpdb->siteid ); // TODO: What to do if we create a user but cannot create a blog? if ( is_wp_error($blog_id) ) { // If blog is taken, that means a previous attempt to activate this blog failed in between creating the blog and // setting the activation flag. Let's just set the active flag and instruct the user to reset their password. if ( 'blog_taken' == $blog_id->get_error_code() ) { $blog_id->add_data( $signup ); $wpdb->update( $wpdb->signups, array( 'active' => 1, 'activated' => $now ), array( 'activation_key' => $key ) ); } return $blog_id; } $wpdb->update( $wpdb->signups, array('active' => 1, 'activated' => $now), array('activation_key' => $key) ); wpmu_welcome_notification($blog_id, $user_id, $password, $signup->title, $meta); do_action('wpmu_activate_blog', $blog_id, $user_id, $password, $signup->title, $meta); return array('blog_id' => $blog_id, 'user_id' => $user_id, 'password' => $password, 'title' => $signup->title, 'meta' => $meta); } /** * Create a user. * * This function runs when a user self-registers as well as when * a Super Admin creates a new user. Hook to 'wpmu_new_user' for events * that should affect all new users, but only on Multisite (otherwise * use 'user_register'). * * @since MU * @uses wp_create_user() * * @param string $user_name The new user's login name. * @param string $password The new user's password. * @param string $email The new user's email address. * @return mixed Returns false on failure, or int $user_id on success */ function wpmu_create_user( $user_name, $password, $email) { $user_name = preg_replace( '/\s+/', '', sanitize_user( $user_name, true ) ); $user_id = wp_create_user( $user_name, $password, $email ); if ( is_wp_error($user_id) ) return false; // Newly created users have no roles or caps until they are added to a blog. delete_user_option( $user_id, 'capabilities' ); delete_user_option( $user_id, 'user_level' ); do_action( 'wpmu_new_user', $user_id ); return $user_id; } /** * Create a site. * * This function runs when a user self-registers a new site as well * as when a Super Admin creates a new site. Hook to 'wpmu_new_blog' * for events that should affect all new sites. * * On subdirectory installs, $domain is the same as the main site's * domain, and the path is the subdirectory name (eg 'example.com' * and '/blog1/'). On subdomain installs, $domain is the new subdomain + * root domain (eg 'blog1.example.com'), and $path is '/'. * * @since MU * @uses domain_exists() * @uses insert_blog() * @uses wp_install_defaults() * @uses add_user_to_blog() * * @param string $domain The new site's domain. * @param string $path The new site's path. * @param string $title The new site's title. * @param int $user_id The user ID of the new site's admin. * @param array $meta Optional. Used to set initial site options. * @param int $site_id Optional. Only relevant on multi-network installs. * @return mixed Returns WP_Error object on failure, int $blog_id on success */ function wpmu_create_blog($domain, $path, $title, $user_id, $meta = '', $site_id = 1) { $domain = preg_replace( '/\s+/', '', sanitize_user( $domain, true ) ); if ( is_subdomain_install() ) $domain = str_replace( '@', '', $domain ); $title = strip_tags( $title ); $user_id = (int) $user_id; if ( empty($path) ) $path = '/'; // Check if the domain has been used already. We should return an error message. if ( domain_exists($domain, $path, $site_id) ) return new WP_Error('blog_taken', __('Site already exists.')); if ( !defined('WP_INSTALLING') ) define( 'WP_INSTALLING', true ); if ( ! $blog_id = insert_blog($domain, $path, $site_id) ) return new WP_Error('insert_blog', __('Could not create site.')); switch_to_blog($blog_id); install_blog($blog_id, $title); wp_install_defaults($user_id); add_user_to_blog($blog_id, $user_id, 'administrator'); if ( is_array($meta) ) foreach ($meta as $key => $value) { if ( $key == 'public' || $key == 'archived' || $key == 'mature' || $key == 'spam' || $key == 'deleted' || $key == 'lang_id' ) update_blog_status( $blog_id, $key, $value ); else update_option( $key, $value ); } add_option( 'WPLANG', get_site_option( 'WPLANG' ) ); update_option( 'blog_public', (int)$meta['public'] ); if ( !is_super_admin() && ! get_user_meta( $user_id, 'primary_blog', true ) ) update_user_meta( $user_id, 'primary_blog', $blog_id ); restore_current_blog(); do_action( 'wpmu_new_blog', $blog_id, $user_id, $domain, $path, $site_id, $meta ); return $blog_id; } /** * Notifies the network admin that a new site has been activated. * * Filter 'newblog_notify_siteadmin' to change the content of * the notification email. * * @since MU * * @param int $blog_id The new site's ID. * @return bool */ function newblog_notify_siteadmin( $blog_id, $deprecated = '' ) { if ( get_site_option( 'registrationnotification' ) != 'yes' ) return false; $email = get_site_option( 'admin_email' ); if ( is_email($email) == false ) return false; $options_site_url = esc_url(network_admin_url('settings.php')); switch_to_blog( $blog_id ); $blogname = get_option( 'blogname' ); $siteurl = site_url(); restore_current_blog(); $msg = sprintf( __( 'New Site: %1s URL: %2s Remote IP: %3s Disable these notifications: %4s' ), $blogname, $siteurl, $_SERVER['REMOTE_ADDR'], $options_site_url); $msg = apply_filters( 'newblog_notify_siteadmin', $msg ); wp_mail( $email, sprintf( __( 'New Site Registration: %s' ), $siteurl ), $msg ); return true; } /** * Notifies the network admin that a new user has been activated. * * Filter 'newuser_notify_siteadmin' to change the content of * the notification email. * * @since MU * * @param int $user_id The new user's ID. * @return bool */ function newuser_notify_siteadmin( $user_id ) { if ( get_site_option( 'registrationnotification' ) != 'yes' ) return false; $email = get_site_option( 'admin_email' ); if ( is_email($email) == false ) return false; $user = new WP_User($user_id); $options_site_url = esc_url(network_admin_url('settings.php')); $msg = sprintf(__('New User: %1s Remote IP: %2s Disable these notifications: %3s'), $user->user_login, $_SERVER['REMOTE_ADDR'], $options_site_url); $msg = apply_filters( 'newuser_notify_siteadmin', $msg ); wp_mail( $email, sprintf(__('New User Registration: %s'), $user->user_login), $msg ); return true; } /** * Check whether a blogname is already taken. * * Used during the new site registration process to ensure * that each blogname is unique. * * @since MU * * @param string $domain The domain to be checked. * @param string $path The path to be checked. * @param int $site_id Optional. Relevant only on multi-network installs. * @return int */ function domain_exists($domain, $path, $site_id = 1) { global $wpdb; return $wpdb->get_var( $wpdb->prepare("SELECT blog_id FROM $wpdb->blogs WHERE domain = %s AND path = %s AND site_id = %d", $domain, $path, $site_id) ); } /** * Store basic site info in the blogs table. * * This function creates a row in the wp_blogs table and returns * the new blog's ID. It is the first step in creating a new blog. * * @since MU * * @param string $domain The domain of the new site. * @param string $path The path of the new site. * @param int $site_id Unless you're running a multi-network install, be sure to set this value to 1. * @return int The ID of the new row */ function insert_blog($domain, $path, $site_id) { global $wpdb; $path = trailingslashit($path); $site_id = (int) $site_id; $result = $wpdb->insert( $wpdb->blogs, array('site_id' => $site_id, 'domain' => $domain, 'path' => $path, 'registered' => current_time('mysql')) ); if ( ! $result ) return false; refresh_blog_details($wpdb->insert_id); return $wpdb->insert_id; } /** * Install an empty blog. * * Creates the new blog tables and options. If calling this function * directly, be sure to use switch_to_blog() first, so that $wpdb * points to the new blog. * * @since MU * @uses make_db_current_silent() * @uses populate_roles() * * @param int $blog_id The value returned by insert_blog(). * @param string $blog_title The title of the new site. */ function install_blog($blog_id, $blog_title = '') { global $wpdb, $table_prefix, $wp_roles; $wpdb->suppress_errors(); // Cast for security $blog_id = (int) $blog_id; require_once( ABSPATH . 'wp-admin/includes/upgrade.php' ); if ( $wpdb->get_results("SELECT ID FROM $wpdb->posts") ) die(__('
You appear to have already installed WordPress. To reinstall please clear your old database tables first.
') . '