get_blog_count(), 'users' => get_user_count(), ); return $stats; } /** * Get one of a user's active blogs * * Returns the user's primary blog, if they have one and * it is active. If it's inactive, function returns another * active blog of the user. If none are found, the user * is added as a Subscriber to the Dashboard Blog and that blog * is returned. * * @since MU (3.0.0) * * @param int $user_id The unique ID of the user * @return WP_Site|void The blog object */ function get_active_blog_for_user( $user_id ) { $blogs = get_blogs_of_user( $user_id ); if ( empty( $blogs ) ) { return; } if ( ! is_multisite() ) { return $blogs[ get_current_blog_id() ]; } $primary_blog = get_user_meta( $user_id, 'primary_blog', true ); $first_blog = current( $blogs ); if ( false !== $primary_blog ) { if ( ! isset( $blogs[ $primary_blog ] ) ) { update_user_meta( $user_id, 'primary_blog', $first_blog->userblog_id ); $primary = get_site( $first_blog->userblog_id ); } else { $primary = get_site( $primary_blog ); } } else { //TODO Review this call to add_user_to_blog too - to get here the user must have a role on this blog? $result = add_user_to_blog( $first_blog->userblog_id, $user_id, 'subscriber' ); if ( ! is_wp_error( $result ) ) { update_user_meta( $user_id, 'primary_blog', $first_blog->userblog_id ); $primary = $first_blog; } } if ( ( ! is_object( $primary ) ) || ( $primary->archived == 1 || $primary->spam == 1 || $primary->deleted == 1 ) ) { $blogs = get_blogs_of_user( $user_id, true ); // if a user's primary blog is shut down, check their other blogs. $ret = false; if ( is_array( $blogs ) && count( $blogs ) > 0 ) { foreach ( (array) $blogs as $blog_id => $blog ) { if ( $blog->site_id != get_current_network_id() ) { continue; } $details = get_site( $blog_id ); if ( is_object( $details ) && $details->archived == 0 && $details->spam == 0 && $details->deleted == 0 ) { $ret = $details; if ( get_user_meta( $user_id, 'primary_blog', true ) != $blog_id ) { update_user_meta( $user_id, 'primary_blog', $blog_id ); } if ( ! get_user_meta( $user_id, 'source_domain', true ) ) { update_user_meta( $user_id, 'source_domain', $details->domain ); } break; } } } else { return; } return $ret; } else { return $primary; } } /** * The number of active users in your installation. * * The count is cached and updated twice daily. This is not a live count. * * @since MU (3.0.0) * @since 4.8.0 The `$network_id` parameter has been added. * * @param int|null $network_id ID of the network. Default is the current network. * @return int Number of active users on the network. */ function get_user_count( $network_id = null ) { return get_network_option( $network_id, 'user_count' ); } /** * The number of active sites on your installation. * * The count is cached and updated twice daily. This is not a live count. * * @since MU (3.0.0) * @since 3.7.0 The `$network_id` parameter has been deprecated. * @since 4.8.0 The `$network_id` parameter is now being used. * * @param int|null $network_id ID of the network. Default is the current network. * @return int Number of active sites on the network. */ function get_blog_count( $network_id = null ) { return get_network_option( $network_id, 'blog_count' ); } /** * Get a blog post from any site on the network. * * @since MU (3.0.0) * * @param int $blog_id ID of the blog. * @param int $post_id ID of the post you're looking for. * @return WP_Post|null WP_Post on success or null on failure */ function get_blog_post( $blog_id, $post_id ) { switch_to_blog( $blog_id ); $post = get_post( $post_id ); restore_current_blog(); return $post; } /** * Adds a user to a blog. * * Use the {@see 'add_user_to_blog'} action to fire an event when users are added to a blog. * * @since MU (3.0.0) * * @param int $blog_id ID of the blog you're adding the user to. * @param int $user_id ID of the user you're adding. * @param string $role The role you want the user to have * @return true|WP_Error */ function add_user_to_blog( $blog_id, $user_id, $role ) { switch_to_blog( $blog_id ); $user = get_userdata( $user_id ); if ( ! $user ) { restore_current_blog(); return new WP_Error( 'user_does_not_exist', __( 'The requested user does not exist.' ) ); } /** * Filters whether a user should be added to a site. * * @since 4.9.0 * * @param bool|WP_Error $retval True if the user should be added to the site, false * or error object otherwise. * @param int $user_id User ID. * @param string $role User role. * @param int $blog_id Site ID. */ $can_add_user = apply_filters( 'can_add_user_to_blog', true, $user_id, $role, $blog_id ); if ( true !== $can_add_user ) { restore_current_blog(); if ( is_wp_error( $can_add_user ) ) { return $can_add_user; } return new WP_Error( 'user_cannot_be_added', __( 'User cannot be added to this site.' ) ); } if ( ! get_user_meta( $user_id, 'primary_blog', true ) ) { update_user_meta( $user_id, 'primary_blog', $blog_id ); $site = get_site( $blog_id ); update_user_meta( $user_id, 'source_domain', $site->domain ); } $user->set_role( $role ); /** * Fires immediately after a user is added to a site. * * @since MU (3.0.0) * * @param int $user_id User ID. * @param string $role User role. * @param int $blog_id Blog ID. */ do_action( 'add_user_to_blog', $user_id, $role, $blog_id ); wp_cache_delete( $user_id, 'users' ); wp_cache_delete( $blog_id . '_user_count', 'blog-details' ); restore_current_blog(); return true; } /** * Remove a user from a blog. * * Use the {@see 'remove_user_from_blog'} action to fire an event when * users are removed from a blog. * * Accepts an optional `$reassign` parameter, if you want to * reassign the user's blog posts to another user upon removal. * * @since MU (3.0.0) * * @global wpdb $wpdb WordPress database abstraction object. * * @param int $user_id ID of the user you're removing. * @param int $blog_id ID of the blog you're removing the user from. * @param string $reassign Optional. A user to whom to reassign posts. * @return true|WP_Error */ function remove_user_from_blog( $user_id, $blog_id = '', $reassign = '' ) { global $wpdb; switch_to_blog( $blog_id ); $user_id = (int) $user_id; /** * Fires before a user is removed from a site. * * @since MU (3.0.0) * * @param int $user_id User ID. * @param int $blog_id Blog ID. */ do_action( 'remove_user_from_blog', $user_id, $blog_id ); // If being removed from the primary blog, set a new primary if the user is assigned // to multiple blogs. $primary_blog = get_user_meta( $user_id, 'primary_blog', true ); if ( $primary_blog == $blog_id ) { $new_id = ''; $new_domain = ''; $blogs = get_blogs_of_user( $user_id ); foreach ( (array) $blogs as $blog ) { if ( $blog->userblog_id == $blog_id ) { continue; } $new_id = $blog->userblog_id; $new_domain = $blog->domain; break; } update_user_meta( $user_id, 'primary_blog', $new_id ); update_user_meta( $user_id, 'source_domain', $new_domain ); } // wp_revoke_user($user_id); $user = get_userdata( $user_id ); if ( ! $user ) { restore_current_blog(); return new WP_Error( 'user_does_not_exist', __( 'That user does not exist.' ) ); } $user->remove_all_caps(); $blogs = get_blogs_of_user( $user_id ); if ( count( $blogs ) == 0 ) { update_user_meta( $user_id, 'primary_blog', '' ); update_user_meta( $user_id, 'source_domain', '' ); } if ( $reassign != '' ) { $reassign = (int) $reassign; $post_ids = $wpdb->get_col( $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE post_author = %d", $user_id ) ); $link_ids = $wpdb->get_col( $wpdb->prepare( "SELECT link_id FROM $wpdb->links WHERE link_owner = %d", $user_id ) ); if ( ! empty( $post_ids ) ) { $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->posts SET post_author = %d WHERE post_author = %d", $reassign, $user_id ) ); array_walk( $post_ids, 'clean_post_cache' ); } if ( ! empty( $link_ids ) ) { $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->links SET link_owner = %d WHERE link_owner = %d", $reassign, $user_id ) ); array_walk( $link_ids, 'clean_bookmark_cache' ); } } restore_current_blog(); return true; } /** * Get the permalink for a post on another blog. * * @since MU (3.0.0) 1.0 * * @param int $blog_id ID of the source blog. * @param int $post_id ID of the desired post. * @return string The post's permalink */ function get_blog_permalink( $blog_id, $post_id ) { switch_to_blog( $blog_id ); $link = get_permalink( $post_id ); restore_current_blog(); return $link; } /** * Get a blog's numeric ID from its URL. * * On a subdirectory installation like example.com/blog1/, * $domain will be the root 'example.com' and $path the * subdirectory '/blog1/'. With subdomains like blog1.example.com, * $domain is 'blog1.example.com' and $path is '/'. * * @since MU (3.0.0) * * @global wpdb $wpdb WordPress database abstraction object. * * @param string $domain * @param string $path Optional. Not required for subdomain installations. * @return int 0 if no blog found, otherwise the ID of the matching blog */ function get_blog_id_from_url( $domain, $path = '/' ) { $domain = strtolower( $domain ); $path = strtolower( $path ); $id = wp_cache_get( md5( $domain . $path ), 'blog-id-cache' ); if ( $id == -1 ) { // blog does not exist return 0; } elseif ( $id ) { return (int) $id; } $args = array( 'domain' => $domain, 'path' => $path, 'fields' => 'ids', 'number' => 1, ); $result = get_sites( $args ); $id = array_shift( $result ); if ( ! $id ) { wp_cache_set( md5( $domain . $path ), -1, 'blog-id-cache' ); return 0; } wp_cache_set( md5( $domain . $path ), $id, 'blog-id-cache' ); return $id; } // Admin functions /** * Checks an email address against a list of banned domains. * * This function checks against the Banned Email Domains list * at wp-admin/network/settings.php. The check is only run on * self-registrations; user creation at wp-admin/network/users.php * bypasses this check. * * @since MU (3.0.0) * * @param string $user_email The email provided by the user at registration. * @return bool Returns true when the email address is banned. */ function is_email_address_unsafe( $user_email ) { $banned_names = get_site_option( 'banned_email_domains' ); if ( $banned_names && ! is_array( $banned_names ) ) { $banned_names = explode( "\n", $banned_names ); } $is_email_address_unsafe = false; if ( $banned_names && is_array( $banned_names ) && false !== strpos( $user_email, '@', 1 ) ) { $banned_names = array_map( 'strtolower', $banned_names ); $normalized_email = strtolower( $user_email ); list( $email_local_part, $email_domain ) = explode( '@', $normalized_email ); foreach ( $banned_names as $banned_domain ) { if ( ! $banned_domain ) { continue; } if ( $email_domain == $banned_domain ) { $is_email_address_unsafe = true; break; } $dotted_domain = ".$banned_domain"; if ( $dotted_domain === substr( $normalized_email, -strlen( $dotted_domain ) ) ) { $is_email_address_unsafe = true; break; } } } /** * Filters whether an email address is unsafe. * * @since 3.5.0 * * @param bool $is_email_address_unsafe Whether the email address is "unsafe". Default false. * @param string $user_email User email address. */ return apply_filters( 'is_email_address_unsafe', $is_email_address_unsafe, $user_email ); } /** * Sanitize and validate data required for a user sign-up. * * Verifies the validity and uniqueness of user names and user email addresses, * and checks email addresses against admin-provided domain whitelists and blacklists. * * The {@see 'wpmu_validate_user_signup'} hook provides an easy way to modify the sign-up * process. The value $result, which is passed to the hook, contains both the user-provided * info and the error messages created by the function. {@see 'wpmu_validate_user_signup'} * allows you to process the data in any way you'd like, and unset the relevant errors if * necessary. * * @since MU (3.0.0) * * @global wpdb $wpdb WordPress database abstraction object. * * @param string $user_name The login name provided by the user. * @param string $user_email The email provided by the user. * @return array Contains username, email, and error messages. */ function wpmu_validate_user_signup( $user_name, $user_email ) { global $wpdb; $errors = new WP_Error(); $orig_username = $user_name; $user_name = preg_replace( '/\s+/', '', sanitize_user( $user_name, true ) ); if ( $user_name != $orig_username || preg_match( '/[^a-z0-9]/', $user_name ) ) { $errors->add( 'user_name', __( 'Usernames can only contain lowercase letters (a-z) and numbers.' ) ); $user_name = $orig_username; } $user_email = sanitize_email( $user_email ); if ( empty( $user_name ) ) { $errors->add( 'user_name', __( 'Please enter a username.' ) ); } $illegal_names = get_site_option( 'illegal_names' ); if ( ! is_array( $illegal_names ) ) { $illegal_names = array( 'www', 'web', 'root', 'admin', 'main', 'invite', 'administrator' ); add_site_option( 'illegal_names', $illegal_names ); } if ( in_array( $user_name, $illegal_names ) ) { $errors->add( 'user_name', __( 'Sorry, that username is not allowed.' ) ); } /** This filter is documented in wp-includes/user.php */ $illegal_logins = (array) apply_filters( 'illegal_user_logins', array() ); if ( in_array( strtolower( $user_name ), array_map( 'strtolower', $illegal_logins ) ) ) { $errors->add( 'user_name', __( 'Sorry, that username is not allowed.' ) ); } if ( ! is_email( $user_email ) ) { $errors->add( 'user_email', __( 'Please enter a valid email address.' ) ); } elseif ( is_email_address_unsafe( $user_email ) ) { $errors->add( 'user_email', __( 'You cannot use that email address to signup. We are having problems with them blocking some of our email. Please use another email provider.' ) ); } if ( strlen( $user_name ) < 4 ) { $errors->add( 'user_name', __( 'Username must be at least 4 characters.' ) ); } if ( strlen( $user_name ) > 60 ) { $errors->add( 'user_name', __( 'Username may not be longer than 60 characters.' ) ); } // all numeric? if ( preg_match( '/^[0-9]*$/', $user_name ) ) { $errors->add( 'user_name', __( 'Sorry, usernames must have letters too!' ) ); } $limited_email_domains = get_site_option( 'limited_email_domains' ); if ( is_array( $limited_email_domains ) && ! empty( $limited_email_domains ) ) { $limited_email_domains = array_map( 'strtolower', $limited_email_domains ); $emaildomain = strtolower( substr( $user_email, 1 + strpos( $user_email, '@' ) ) ); if ( ! in_array( $emaildomain, $limited_email_domains, true ) ) { $errors->add( 'user_email', __( 'Sorry, that email address is not allowed!' ) ); } } // Check if the username has been used already. if ( username_exists( $user_name ) ) { $errors->add( 'user_name', __( 'Sorry, that username already exists!' ) ); } // Check if the email address has been used already. if ( email_exists( $user_email ) ) { $errors->add( 'user_email', __( 'Sorry, that email address is already used!' ) ); } // Has someone already signed up for this username? $signup = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->signups WHERE user_login = %s", $user_name ) ); if ( $signup != null ) { $registered_at = mysql2date( 'U', $signup->registered ); $now = current_time( 'timestamp', true ); $diff = $now - $registered_at; // If registered more than two days ago, cancel registration and let this signup go through. if ( $diff > 2 * DAY_IN_SECONDS ) { $wpdb->delete( $wpdb->signups, array( 'user_login' => $user_name ) ); } else { $errors->add( 'user_name', __( 'That username is currently reserved but may be available in a couple of days.' ) ); } } $signup = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->signups WHERE user_email = %s", $user_email ) ); if ( $signup != null ) { $diff = current_time( 'timestamp', true ) - mysql2date( 'U', $signup->registered ); // If registered more than two days ago, cancel registration and let this signup go through. if ( $diff > 2 * DAY_IN_SECONDS ) { $wpdb->delete( $wpdb->signups, array( 'user_email' => $user_email ) ); } else { $errors->add( 'user_email', __( 'That email address has already been used. Please check your inbox for an activation email. It will become available in a couple of days if you do nothing.' ) ); } } $result = array( 'user_name' => $user_name, 'orig_username' => $orig_username, 'user_email' => $user_email, 'errors' => $errors, ); /** * Filters the validated user registration details. * * This does not allow you to override the username or email of the user during * registration. The values are solely used for validation and error handling. * * @since MU (3.0.0) * * @param array $result { * The array of user name, email and the error messages. * * @type string $user_name Sanitized and unique username. * @type string $orig_username Original username. * @type string $user_email User email address. * @type WP_Error $errors WP_Error object containing any errors found. * } */ return apply_filters( 'wpmu_validate_user_signup', $result ); } /** * Processes new site registrations. * * Checks the data provided by the user during blog signup. Verifies * the validity and uniqueness of blog paths and domains. * * This function prevents the current user from registering a new site * with a blogname equivalent to another user's login name. Passing the * $user parameter to the function, where $user is the other user, is * effectively an override of this limitation. * * Filter {@see 'wpmu_validate_blog_signup'} if you want to modify * the way that WordPress validates new site signups. * * @since MU (3.0.0) * * @global wpdb $wpdb * @global string $domain * * @param string $blogname The blog name provided by the user. Must be unique. * @param string $blog_title The blog title provided by the user. * @param WP_User|string $user Optional. The user object to check against the new site name. * @return array Contains the new site data and error messages. */ function wpmu_validate_blog_signup( $blogname, $blog_title, $user = '' ) { global $wpdb, $domain; $current_network = get_network(); $base = $current_network->path; $blog_title = strip_tags( $blog_title ); $errors = new WP_Error(); $illegal_names = get_site_option( 'illegal_names' ); if ( $illegal_names == false ) { $illegal_names = array( 'www', 'web', 'root', 'admin', 'main', 'invite', 'administrator' ); add_site_option( 'illegal_names', $illegal_names ); } /* * On sub dir installations, some names are so illegal, only a filter can * spring them from jail. */ if ( ! is_subdomain_install() ) { $illegal_names = array_merge( $illegal_names, get_subdirectory_reserved_names() ); } if ( empty( $blogname ) ) { $errors->add( 'blogname', __( 'Please enter a site name.' ) ); } if ( preg_match( '/[^a-z0-9]+/', $blogname ) ) { $errors->add( 'blogname', __( 'Site names can only contain lowercase letters (a-z) and numbers.' ) ); } if ( in_array( $blogname, $illegal_names ) ) { $errors->add( 'blogname', __( 'That name is not allowed.' ) ); } /** * Filters the minimum site name length required when validating a site signup. * * @since 4.8.0 * * @param int $length The minimum site name length. Default 4. */ $minimum_site_name_length = apply_filters( 'minimum_site_name_length', 4 ); if ( strlen( $blogname ) < $minimum_site_name_length ) { /* translators: %s: minimum site name length */ $errors->add( 'blogname', sprintf( _n( 'Site name must be at least %s character.', 'Site name must be at least %s characters.', $minimum_site_name_length ), number_format_i18n( $minimum_site_name_length ) ) ); } // do not allow users to create a blog that conflicts with a page on the main blog. if ( ! is_subdomain_install() && $wpdb->get_var( $wpdb->prepare( 'SELECT post_name FROM ' . $wpdb->get_blog_prefix( $current_network->site_id ) . "posts WHERE post_type = 'page' AND post_name = %s", $blogname ) ) ) { $errors->add( 'blogname', __( 'Sorry, you may not use that site name.' ) ); } // all numeric? if ( preg_match( '/^[0-9]*$/', $blogname ) ) { $errors->add( 'blogname', __( 'Sorry, site names must have letters too!' ) ); } /** * Filters the new site name during registration. * * The name is the site's subdomain or the site's subdirectory * path depending on the network settings. * * @since MU (3.0.0) * * @param string $blogname Site name. */ $blogname = apply_filters( 'newblogname', $blogname ); $blog_title = wp_unslash( $blog_title ); if ( empty( $blog_title ) ) { $errors->add( 'blog_title', __( 'Please enter a site title.' ) ); } // Check if the domain/path has been used already. if ( is_subdomain_install() ) { $mydomain = $blogname . '.' . preg_replace( '|^www\.|', '', $domain ); $path = $base; } else { $mydomain = "$domain"; $path = $base . $blogname . '/'; } if ( domain_exists( $mydomain, $path, $current_network->id ) ) { $errors->add( 'blogname', __( 'Sorry, that site already exists!' ) ); } if ( username_exists( $blogname ) ) { if ( ! is_object( $user ) || ( is_object( $user ) && ( $user->user_login != $blogname ) ) ) { $errors->add( 'blogname', __( 'Sorry, that site is reserved!' ) ); } } // Has someone already signed up for this domain? $signup = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->signups WHERE domain = %s AND path = %s", $mydomain, $path ) ); // TODO: Check email too? if ( ! empty( $signup ) ) { $diff = current_time( 'timestamp', true ) - mysql2date( 'U', $signup->registered ); // If registered more than two days ago, cancel registration and let this signup go through. if ( $diff > 2 * DAY_IN_SECONDS ) { $wpdb->delete( $wpdb->signups, array( 'domain' => $mydomain, 'path' => $path, ) ); } else { $errors->add( 'blogname', __( 'That site is currently reserved but may be available in a couple days.' ) ); } } $result = array( 'domain' => $mydomain, 'path' => $path, 'blogname' => $blogname, 'blog_title' => $blog_title, 'user' => $user, 'errors' => $errors, ); /** * Filters site details and error messages following registration. * * @since MU (3.0.0) * * @param array $result { * Array of domain, path, blog name, blog title, user and error messages. * * @type string $domain Domain for the site. * @type string $path Path for the site. Used in subdirectory installations. * @type string $blogname The unique site name (slug). * @type string $blog_title Blog title. * @type string|WP_User $user By default, an empty string. A user object if provided. * @type WP_Error $errors WP_Error containing any errors found. * } */ return apply_filters( 'wpmu_validate_blog_signup', $result ); } /** * Record site signup information for future activation. * * @since MU (3.0.0) * * @global wpdb $wpdb WordPress database abstraction object. * * @param string $domain The requested domain. * @param string $path The requested path. * @param string $title The requested site title. * @param string $user The user's requested login name. * @param string $user_email The user's email address. * @param array $meta Optional. Signup meta data. By default, contains the requested privacy setting and lang_id. */ function wpmu_signup_blog( $domain, $path, $title, $user, $user_email, $meta = array() ) { global $wpdb; $key = substr( md5( time() . wp_rand() . $domain ), 0, 16 ); /** * Filters the metadata for a site signup. * * The metadata will be serialized prior to storing it in the database. * * @since 4.8.0 * * @param array $meta Signup meta data. Default empty array. * @param string $domain The requested domain. * @param string $path The requested path. * @param string $title The requested site title. * @param string $user The user's requested login name. * @param string $user_email The user's email address. * @param string $key The user's activation key. */ $meta = apply_filters( 'signup_site_meta', $meta, $domain, $path, $title, $user, $user_email, $key ); $wpdb->insert( $wpdb->signups, array( 'domain' => $domain, 'path' => $path, 'title' => $title, 'user_login' => $user, 'user_email' => $user_email, 'registered' => current_time( 'mysql', true ), 'activation_key' => $key, 'meta' => serialize( $meta ), ) ); /** * Fires after site signup information has been written to the database. * * @since 4.4.0 * * @param string $domain The requested domain. * @param string $path The requested path. * @param string $title The requested site title. * @param string $user The user's requested login name. * @param string $user_email The user's email address. * @param string $key The user's activation key. * @param array $meta Signup meta data. By default, contains the requested privacy setting and lang_id. */ do_action( 'after_signup_site', $domain, $path, $title, $user, $user_email, $key, $meta ); } /** * Record user signup information for future activation. * * This function is used when user registration is open but * new site registration is not. * * @since MU (3.0.0) * * @global wpdb $wpdb WordPress database abstraction object. * * @param string $user The user's requested login name. * @param string $user_email The user's email address. * @param array $meta Optional. Signup meta data. Default empty array. */ function wpmu_signup_user( $user, $user_email, $meta = array() ) { global $wpdb; // Format data $user = preg_replace( '/\s+/', '', sanitize_user( $user, true ) ); $user_email = sanitize_email( $user_email ); $key = substr( md5( time() . wp_rand() . $user_email ), 0, 16 ); /** * Filters the metadata for a user signup. * * The metadata will be serialized prior to storing it in the database. * * @since 4.8.0 * * @param array $meta Signup meta data. Default empty array. * @param string $user The user's requested login name. * @param string $user_email The user's email address. * @param string $key The user's activation key. */ $meta = apply_filters( 'signup_user_meta', $meta, $user, $user_email, $key ); $wpdb->insert( $wpdb->signups, array( 'domain' => '', 'path' => '', 'title' => '', 'user_login' => $user, 'user_email' => $user_email, 'registered' => current_time( 'mysql', true ), 'activation_key' => $key, 'meta' => serialize( $meta ), ) ); /** * Fires after a user's signup information has been written to the database. * * @since 4.4.0 * * @param string $user The user's requested login name. * @param string $user_email The user's email address. * @param string $key The user's activation key. * @param array $meta Signup meta data. Default empty array. */ do_action( 'after_signup_user', $user, $user_email, $key, $meta ); } /** * Send a confirmation request email to a user when they sign up for a new site. The new site will not become active * until the confirmation link is clicked. * * This is the notification function used when site registration * is enabled. * * Filter {@see 'wpmu_signup_blog_notification'} to bypass this function or * replace it with your own notification behavior. * * Filter {@see 'wpmu_signup_blog_notification_email'} and * {@see 'wpmu_signup_blog_notification_subject'} to change the content * and subject line of the email sent to newly registered users. * * @since MU (3.0.0) * * @param string $domain The new blog domain. * @param string $path The new blog path. * @param string $title The site title. * @param string $user_login The user's login name. * @param string $user_email The user's email address. * @param string $key The activation key created in wpmu_signup_blog() * @param array $meta Optional. Signup meta data. By default, contains the requested privacy setting and lang_id. * @return bool */ function wpmu_signup_blog_notification( $domain, $path, $title, $user_login, $user_email, $key, $meta = array() ) { /** * Filters whether to bypass the new site email notification. * * @since MU (3.0.0) * * @param string|bool $domain Site domain. * @param string $path Site path. * @param string $title Site title. * @param string $user_login User login name. * @param string $user_email User email address. * @param string $key Activation key created in wpmu_signup_blog(). * @param array $meta Signup meta data. By default, contains the requested privacy setting and lang_id. */ if ( ! apply_filters( 'wpmu_signup_blog_notification', $domain, $path, $title, $user_login, $user_email, $key, $meta ) ) { return false; } // Send email with activation link. if ( ! is_subdomain_install() || get_current_network_id() != 1 ) { $activate_url = network_site_url( "wp-activate.php?key=$key" ); } else { $activate_url = "http://{$domain}{$path}wp-activate.php?key=$key"; // @todo use *_url() API } $activate_url = esc_url( $activate_url ); $admin_email = get_site_option( 'admin_email' ); if ( $admin_email == '' ) { $admin_email = 'support@' . $_SERVER['SERVER_NAME']; } $from_name = get_site_option( 'site_name' ) == '' ? 'WordPress' : esc_html( get_site_option( 'site_name' ) ); $message_headers = "From: \"{$from_name}\" <{$admin_email}>\n" . 'Content-Type: text/plain; charset="' . get_option( 'blog_charset' ) . "\"\n"; $user = get_user_by( 'login', $user_login ); $switched_locale = switch_to_locale( get_user_locale( $user ) ); $message = sprintf( /** * Filters the message content of the new blog notification email. * * Content should be formatted for transmission via wp_mail(). * * @since MU (3.0.0) * * @param string $content Content of the notification email. * @param string $domain Site domain. * @param string $path Site path. * @param string $title Site title. * @param string $user_login User login name. * @param string $user_email User email address. * @param string $key Activation key created in wpmu_signup_blog(). * @param array $meta Signup meta data. By default, contains the requested privacy setting and lang_id. */ apply_filters( 'wpmu_signup_blog_notification_email', __( "To activate your blog, please click the following link:\n\n%1\$s\n\nAfter you activate, you will receive *another email* with your login.\n\nAfter you activate, you can visit your site here:\n\n%2\$s" ), $domain, $path, $title, $user_login, $user_email, $key, $meta ), $activate_url, esc_url( "http://{$domain}{$path}" ), $key ); // TODO: Don't hard code activation link. $subject = sprintf( /** * Filters the subject of the new blog notification email. * * @since MU (3.0.0) * * @param string $subject Subject of the notification email. * @param string $domain Site domain. * @param string $path Site path. * @param string $title Site title. * @param string $user_login User login name. * @param string $user_email User email address. * @param string $key Activation key created in wpmu_signup_blog(). * @param array $meta Signup meta data. By default, contains the requested privacy setting and lang_id. */ apply_filters( 'wpmu_signup_blog_notification_subject', /* translators: New site notification email subject. 1: Network name, 2: New site URL */ _x( '[%1$s] Activate %2$s', 'New site notification email subject' ), $domain, $path, $title, $user_login, $user_email, $key, $meta ), $from_name, esc_url( 'http://' . $domain . $path ) ); wp_mail( $user_email, wp_specialchars_decode( $subject ), $message, $message_headers ); if ( $switched_locale ) { restore_previous_locale(); } return true; } /** * Send a confirmation request email to a user when they sign up for a new user account (without signing up for a site * at the same time). The user account will not become active until the confirmation link is clicked. * * This is the notification function used when no new site has * been requested. * * Filter {@see 'wpmu_signup_user_notification'} to bypass this function or * replace it with your own notification behavior. * * Filter {@see 'wpmu_signup_user_notification_email'} and * {@see 'wpmu_signup_user_notification_subject'} to change the content * and subject line of the email sent to newly registered users. * * @since MU (3.0.0) * * @param string $user_login The user's login name. * @param string $user_email The user's email address. * @param string $key The activation key created in wpmu_signup_user() * @param array $meta Optional. Signup meta data. Default empty array. * @return bool */ function wpmu_signup_user_notification( $user_login, $user_email, $key, $meta = array() ) { /** * Filters whether to bypass the email notification for new user sign-up. * * @since MU (3.0.0) * * @param string $user_login User login name. * @param string $user_email User email address. * @param string $key Activation key created in wpmu_signup_user(). * @param array $meta Signup meta data. Default empty array. */ if ( ! apply_filters( 'wpmu_signup_user_notification', $user_login, $user_email, $key, $meta ) ) { return false; } $user = get_user_by( 'login', $user_login ); $switched_locale = switch_to_locale( get_user_locale( $user ) ); // Send email with activation link. $admin_email = get_site_option( 'admin_email' ); if ( $admin_email == '' ) { $admin_email = 'support@' . $_SERVER['SERVER_NAME']; } $from_name = get_site_option( 'site_name' ) == '' ? 'WordPress' : esc_html( get_site_option( 'site_name' ) ); $message_headers = "From: \"{$from_name}\" <{$admin_email}>\n" . 'Content-Type: text/plain; charset="' . get_option( 'blog_charset' ) . "\"\n"; $message = sprintf( /** * Filters the content of the notification email for new user sign-up. * * Content should be formatted for transmission via wp_mail(). * * @since MU (3.0.0) * * @param string $content Content of the notification email. * @param string $user_login User login name. * @param string $user_email User email address. * @param string $key Activation key created in wpmu_signup_user(). * @param array $meta Signup meta data. Default empty array. */ apply_filters( 'wpmu_signup_user_notification_email', __( "To activate your user, please click the following link:\n\n%s\n\nAfter you activate, you will receive *another email* with your login." ), $user_login, $user_email, $key, $meta ), site_url( "wp-activate.php?key=$key" ) ); // TODO: Don't hard code activation link. $subject = sprintf( /** * Filters the subject of the notification email of new user signup. * * @since MU (3.0.0) * * @param string $subject Subject of the notification email. * @param string $user_login User login name. * @param string $user_email User email address. * @param string $key Activation key created in wpmu_signup_user(). * @param array $meta Signup meta data. Default empty array. */ apply_filters( 'wpmu_signup_user_notification_subject', /* translators: New user notification email subject. 1: Network name, 2: New user login */ _x( '[%1$s] Activate %2$s', 'New user notification email subject' ), $user_login, $user_email, $key, $meta ), $from_name, $user_login ); wp_mail( $user_email, wp_specialchars_decode( $subject ), $message, $message_headers ); if ( $switched_locale ) { restore_previous_locale(); } return true; } /** * Activate a signup. * * Hook to {@see 'wpmu_activate_user'} or {@see 'wpmu_activate_blog'} for events * that should happen only when users or sites are self-created (since * those actions are not called when users and sites are created * by a Super Admin). * * @since MU (3.0.0) * * @global wpdb $wpdb WordPress database abstraction object. * * @param string $key The activation key provided to the user. * @return array|WP_Error An array containing information about the activated user and/or blog */ function wpmu_activate_signup( $key ) { global $wpdb; $signup = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->signups WHERE activation_key = %s", $key ) ); if ( empty( $signup ) ) { return new WP_Error( 'invalid_key', __( 'Invalid activation key.' ) ); } if ( $signup->active ) { if ( empty( $signup->domain ) ) { return new WP_Error( 'already_active', __( 'The user is already active.' ), $signup ); } else { return new WP_Error( 'already_active', __( 'The site is already active.' ), $signup ); } } $meta = maybe_unserialize( $signup->meta ); $password = wp_generate_password( 12, false ); $user_id = username_exists( $signup->user_login ); if ( ! $user_id ) { $user_id = wpmu_create_user( $signup->user_login, $password, $signup->user_email ); } else { $user_already_exists = true; } if ( ! $user_id ) { return new WP_Error( 'create_user', __( 'Could not create user' ), $signup ); } $now = current_time( 'mysql', true ); if ( empty( $signup->domain ) ) { $wpdb->update( $wpdb->signups, array( 'active' => 1, 'activated' => $now, ), array( 'activation_key' => $key ) ); if ( isset( $user_already_exists ) ) { return new WP_Error( 'user_already_exists', __( 'That username is already activated.' ), $signup ); } /** * Fires immediately after a new user is activated. * * @since MU (3.0.0) * * @param int $user_id User ID. * @param int $password User password. * @param array $meta Signup meta data. */ do_action( 'wpmu_activate_user', $user_id, $password, $meta ); return array( 'user_id' => $user_id, 'password' => $password, 'meta' => $meta, ); } $blog_id = wpmu_create_blog( $signup->domain, $signup->path, $signup->title, $user_id, $meta, get_current_network_id() ); // TODO: What to do if we create a user but cannot create a blog? if ( is_wp_error( $blog_id ) ) { // If blog is taken, that means a previous attempt to activate this blog failed in between creating the blog and // setting the activation flag. Let's just set the active flag and instruct the user to reset their password. if ( 'blog_taken' == $blog_id->get_error_code() ) { $blog_id->add_data( $signup ); $wpdb->update( $wpdb->signups, array( 'active' => 1, 'activated' => $now, ), array( 'activation_key' => $key ) ); } return $blog_id; } $wpdb->update( $wpdb->signups, array( 'active' => 1, 'activated' => $now, ), array( 'activation_key' => $key ) ); /** * Fires immediately after a site is activated. * * @since MU (3.0.0) * * @param int $blog_id Blog ID. * @param int $user_id User ID. * @param int $password User password. * @param string $signup_title Site title. * @param array $meta Signup meta data. By default, contains the requested privacy setting and lang_id. */ do_action( 'wpmu_activate_blog', $blog_id, $user_id, $password, $signup->title, $meta ); return array( 'blog_id' => $blog_id, 'user_id' => $user_id, 'password' => $password, 'title' => $signup->title, 'meta' => $meta, ); } /** * Create a user. * * This function runs when a user self-registers as well as when * a Super Admin creates a new user. Hook to {@see 'wpmu_new_user'} for events * that should affect all new users, but only on Multisite (otherwise * use {@see'user_register'}). * * @since MU (3.0.0) * * @param string $user_name The new user's login name. * @param string $password The new user's password. * @param string $email The new user's email address. * @return int|false Returns false on failure, or int $user_id on success */ function wpmu_create_user( $user_name, $password, $email ) { $user_name = preg_replace( '/\s+/', '', sanitize_user( $user_name, true ) ); $user_id = wp_create_user( $user_name, $password, $email ); if ( is_wp_error( $user_id ) ) { return false; } // Newly created users have no roles or caps until they are added to a blog. delete_user_option( $user_id, 'capabilities' ); delete_user_option( $user_id, 'user_level' ); /** * Fires immediately after a new user is created. * * @since MU (3.0.0) * * @param int $user_id User ID. */ do_action( 'wpmu_new_user', $user_id ); return $user_id; } /** * Create a site. * * This function runs when a user self-registers a new site as well * as when a Super Admin creates a new site. Hook to {@see 'wpmu_new_blog'} * for events that should affect all new sites. * * On subdirectory installations, $domain is the same as the main site's * domain, and the path is the subdirectory name (eg 'example.com' * and '/blog1/'). On subdomain installations, $domain is the new subdomain + * root domain (eg 'blog1.example.com'), and $path is '/'. * * @since MU (3.0.0) * * @param string $domain The new site's domain. * @param string $path The new site's path. * @param string $title The new site's title. * @param int $user_id The user ID of the new site's admin. * @param array $meta Optional. Array of key=>value pairs used to set initial site options. * If valid status keys are included ('public', 'archived', 'mature', * 'spam', 'deleted', or 'lang_id') the given site status(es) will be * updated. Otherwise, keys and values will be used to set options for * the new site. Default empty array. * @param int $network_id Optional. Network ID. Only relevant on multi-network installations. * @return int|WP_Error Returns WP_Error object on failure, the new site ID on success. */ function wpmu_create_blog( $domain, $path, $title, $user_id, $meta = array(), $network_id = 1 ) { $defaults = array( 'public' => 0, 'WPLANG' => get_network_option( $network_id, 'WPLANG' ), ); $meta = wp_parse_args( $meta, $defaults ); $title = strip_tags( $title ); $user_id = (int) $user_id; // Check if the domain has been used already. We should return an error message. if ( domain_exists( $domain, $path, $network_id ) ) { return new WP_Error( 'blog_taken', __( 'Sorry, that site already exists!' ) ); } if ( ! wp_installing() ) { wp_installing( true ); } $site_data_whitelist = array( 'public', 'archived', 'mature', 'spam', 'deleted', 'lang_id' ); $site_data = array_merge( array( 'domain' => $domain, 'path' => $path, 'network_id' => $network_id, ), array_intersect_key( $meta, array_flip( $site_data_whitelist ) ) ); $meta = array_diff_key( $meta, array_flip( $site_data_whitelist ) ); remove_action( 'update_blog_public', 'wp_update_blog_public_option_on_site_update', 1 ); $blog_id = wp_insert_site( $site_data ); add_action( 'update_blog_public', 'wp_update_blog_public_option_on_site_update', 1, 2 ); if ( is_wp_error( $blog_id ) ) { return $blog_id; } switch_to_blog( $blog_id ); install_blog( $blog_id, $title ); wp_install_defaults( $user_id ); add_user_to_blog( $blog_id, $user_id, 'administrator' ); foreach ( $meta as $key => $value ) { update_option( $key, $value ); } update_option( 'blog_public', (int) $site_data['public'] ); if ( ! is_super_admin( $user_id ) && ! get_user_meta( $user_id, 'primary_blog', true ) ) { update_user_meta( $user_id, 'primary_blog', $blog_id ); } restore_current_blog(); $site = get_site( $blog_id ); /** * Fires immediately after a new site is created. * * @since MU (3.0.0) * * @param int $blog_id Site ID. * @param int $user_id User ID. * @param string $domain Site domain. * @param string $path Site path. * @param int $network_id Network ID. Only relevant on multi-network installations. * @param array $meta Meta data. Used to set initial site options. */ do_action( 'wpmu_new_blog', $blog_id, $user_id, $site->domain, $site->path, $site->network_id, $meta ); wp_cache_set( 'last_changed', microtime(), 'sites' ); return $blog_id; } /** * Notifies the network admin that a new site has been activated. * * Filter {@see 'newblog_notify_siteadmin'} to change the content of * the notification email. * * @since MU (3.0.0) * * @param int $blog_id The new site's ID. * @param string $deprecated Not used. * @return bool */ function newblog_notify_siteadmin( $blog_id, $deprecated = '' ) { if ( get_site_option( 'registrationnotification' ) != 'yes' ) { return false; } $email = get_site_option( 'admin_email' ); if ( is_email( $email ) == false ) { return false; } $options_site_url = esc_url( network_admin_url( 'settings.php' ) ); switch_to_blog( $blog_id ); $blogname = get_option( 'blogname' ); $siteurl = site_url(); restore_current_blog(); /* translators: New site notification email. 1: Site URL, 2: User IP address, 3: Settings screen URL */ $msg = sprintf( __( 'New Site: %1$s URL: %2$s Remote IP address: %3$s Disable these notifications: %4$s' ), $blogname, $siteurl, wp_unslash( $_SERVER['REMOTE_ADDR'] ), $options_site_url ); /** * Filters the message body of the new site activation email sent * to the network administrator. * * @since MU (3.0.0) * * @param string $msg Email body. */ $msg = apply_filters( 'newblog_notify_siteadmin', $msg ); wp_mail( $email, sprintf( __( 'New Site Registration: %s' ), $siteurl ), $msg ); return true; } /** * Notifies the network admin that a new user has been activated. * * Filter {@see 'newuser_notify_siteadmin'} to change the content of * the notification email. * * @since MU (3.0.0) * * @param int $user_id The new user's ID. * @return bool */ function newuser_notify_siteadmin( $user_id ) { if ( get_site_option( 'registrationnotification' ) != 'yes' ) { return false; } $email = get_site_option( 'admin_email' ); if ( is_email( $email ) == false ) { return false; } $user = get_userdata( $user_id ); $options_site_url = esc_url( network_admin_url( 'settings.php' ) ); /* translators: New user notification email. 1: User login, 2: User IP address, 3: Settings screen URL */ $msg = sprintf( __( 'New User: %1$s Remote IP address: %2$s Disable these notifications: %3$s' ), $user->user_login, wp_unslash( $_SERVER['REMOTE_ADDR'] ), $options_site_url ); /** * Filters the message body of the new user activation email sent * to the network administrator. * * @since MU (3.0.0) * * @param string $msg Email body. * @param WP_User $user WP_User instance of the new user. */ $msg = apply_filters( 'newuser_notify_siteadmin', $msg, $user ); wp_mail( $email, sprintf( __( 'New User Registration: %s' ), $user->user_login ), $msg ); return true; } /** * Checks whether a site name is already taken. * * The name is the site's subdomain or the site's subdirectory * path depending on the network settings. * * Used during the new site registration process to ensure * that each site name is unique. * * @since MU (3.0.0) * * @param string $domain The domain to be checked. * @param string $path The path to be checked. * @param int $network_id Optional. Network ID. Relevant only on multi-network installations. * @return int|null The site ID if the site name exists, null otherwise. */ function domain_exists( $domain, $path, $network_id = 1 ) { $path = trailingslashit( $path ); $args = array( 'network_id' => $network_id, 'domain' => $domain, 'path' => $path, 'fields' => 'ids', 'number' => 1, ); $result = get_sites( $args ); $result = array_shift( $result ); /** * Filters whether a site name is taken. * * The name is the site's subdomain or the site's subdirectory * path depending on the network settings. * * @since 3.5.0 * * @param int|null $result The site ID if the site name exists, null otherwise. * @param string $domain Domain to be checked. * @param string $path Path to be checked. * @param int $network_id Network ID. Relevant only on multi-network installations. */ return apply_filters( 'domain_exists', $result, $domain, $path, $network_id ); } /** * Install an empty blog. * * Creates the new blog tables and options. If calling this function * directly, be sure to use switch_to_blog() first, so that $wpdb * points to the new blog. * * @since MU (3.0.0) * * @global wpdb $wpdb * @global WP_Roles $wp_roles * * @param int $blog_id The value returned by wp_insert_site(). * @param string $blog_title The title of the new site. */ function install_blog( $blog_id, $blog_title = '' ) { global $wpdb, $wp_roles; // Cast for security $blog_id = (int) $blog_id; require_once( ABSPATH . 'wp-admin/includes/upgrade.php' ); $suppress = $wpdb->suppress_errors(); if ( $wpdb->get_results( "DESCRIBE {$wpdb->posts}" ) ) { die( '
' . __( 'You appear to have already installed WordPress. To reinstall please clear your old database tables first.' ) . '