+ check_admin_referer( 'add-user', '_wpnonce_add-user' );
+
+ $user_details = null;
+ $user_email = wp_unslash( $_REQUEST['email'] );
+ if ( false !== strpos( $user_email, '@' ) ) {
+ $user_details = get_user_by( 'email', $user_email );
+ } else {
+ if ( is_super_admin() ) {
+ $user_details = get_user_by( 'login', $user_email );
+ } else {
+ wp_redirect( add_query_arg( array('update' => 'enter_email'), 'user-new.php' ) );
+ die();
+ }
+ }
+
+ if ( !$user_details ) {
+ wp_redirect( add_query_arg( array('update' => 'does_not_exist'), 'user-new.php' ) );
+ die();
+ }
+
+ if ( ! current_user_can('promote_user', $user_details->ID) )
+ wp_die( __( 'Cheatin’ uh?' ), 403 );
+
+ // Adding an existing user to this blog
+ $new_user_email = $user_details->user_email;
+ $redirect = 'user-new.php';
+ $username = $user_details->user_login;
+ $user_id = $user_details->ID;
+ if ( ( $username != null && !is_super_admin( $user_id ) ) && ( array_key_exists($blog_id, get_blogs_of_user($user_id)) ) ) {
+ $redirect = add_query_arg( array('update' => 'addexisting'), 'user-new.php' );
+ } else {
+ if ( isset( $_POST[ 'noconfirmation' ] ) && is_super_admin() ) {
+ add_existing_user_to_blog( array( 'user_id' => $user_id, 'role' => $_REQUEST[ 'role' ] ) );
+ $redirect = add_query_arg( array('update' => 'addnoconfirmation'), 'user-new.php' );
+ } else {
+ $newuser_key = substr( md5( $user_id ), 0, 5 );
+ add_option( 'new_user_' . $newuser_key, array( 'user_id' => $user_id, 'email' => $user_details->user_email, 'role' => $_REQUEST[ 'role' ] ) );
+
+ $roles = get_editable_roles();
+ $role = $roles[ $_REQUEST['role'] ];
+ /* translators: 1: Site name, 2: site URL, 3: role, 4: activation URL */
+ $message = __( 'Hi,
+
+You\'ve been invited to join \'%1$s\' at
+%2$s with the role of %3$s.
+
+Please click the following link to confirm the invite:
+%4$s' );
+ wp_mail( $new_user_email, sprintf( __( '[%s] Joining confirmation' ), wp_specialchars_decode( get_option( 'blogname' ) ) ), sprintf( $message, get_option( 'blogname' ), home_url(), wp_specialchars_decode( translate_user_role( $role['name'] ) ), home_url( "/newbloguser/$newuser_key/" ) ) );
+ $redirect = add_query_arg( array('update' => 'add'), 'user-new.php' );
+ }
+ }
+ wp_redirect( $redirect );
+ die();
+} elseif ( isset($_REQUEST['action']) && 'createuser' == $_REQUEST['action'] ) {
+ check_admin_referer( 'create-user', '_wpnonce_create-user' );
+
+ if ( ! current_user_can('create_users') )
+ wp_die( __( 'Cheatin’ uh?' ), 403 );