+ if ( isset( $_POST[ 'noconfirmation' ] ) && current_user_can( 'manage_network_users' ) ) {
+ add_existing_user_to_blog( array( 'user_id' => $user_id, 'role' => $_REQUEST[ 'role' ] ) );
+ $redirect = add_query_arg( array( 'update' => 'addnoconfirmation' , 'user_id' => $user_id ), 'user-new.php' );
+ } else {
+ $newuser_key = substr( md5( $user_id ), 0, 5 );
+ add_option( 'new_user_' . $newuser_key, array( 'user_id' => $user_id, 'email' => $user_details->user_email, 'role' => $_REQUEST[ 'role' ] ) );
+
+ $roles = get_editable_roles();
+ $role = $roles[ $_REQUEST['role'] ];
+
+ /**
+ * Fires immediately after a user is invited to join a site, but before the notification is sent.
+ *
+ * @since 4.4.0
+ *
+ * @param int $user_id The invited user's ID.
+ * @param array $role The role of invited user.
+ * @param string $newuser_key The key of the invitation.
+ */
+ do_action( 'invite_user', $user_id, $role, $newuser_key );
+
+ /* translators: 1: Site name, 2: site URL, 3: role, 4: activation URL */
+ $message = __( 'Hi,
+
+You\'ve been invited to join \'%1$s\' at
+%2$s with the role of %3$s.
+
+Please click the following link to confirm the invite:
+%4$s' );
+ wp_mail( $new_user_email, sprintf( __( '[%s] Joining confirmation' ), wp_specialchars_decode( get_option( 'blogname' ) ) ), sprintf( $message, get_option( 'blogname' ), home_url(), wp_specialchars_decode( translate_user_role( $role['name'] ) ), home_url( "/newbloguser/$newuser_key/" ) ) );
+ $redirect = add_query_arg( array('update' => 'add'), 'user-new.php' );
+ }
+ }
+ wp_redirect( $redirect );
+ die();
+} elseif ( isset($_REQUEST['action']) && 'createuser' == $_REQUEST['action'] ) {
+ check_admin_referer( 'create-user', '_wpnonce_create-user' );
+
+ if ( ! current_user_can( 'create_users' ) ) {
+ wp_die(
+ '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' .
+ '<p>' . __( 'Sorry, you are not allowed to create users.' ) . '</p>',
+ 403
+ );
+ }
+
+ if ( ! is_multisite() ) {
+ $user_id = edit_user();
+
+ if ( is_wp_error( $user_id ) ) {
+ $add_user_errors = $user_id;
+ } else {
+ if ( current_user_can( 'list_users' ) )
+ $redirect = 'users.php?update=add&id=' . $user_id;
+ else
+ $redirect = add_query_arg( 'update', 'add', 'user-new.php' );
+ wp_redirect( $redirect );
+ die();
+ }
+ } else {
+ // Adding a new user to this site
+ $new_user_email = wp_unslash( $_REQUEST['email'] );
+ $user_details = wpmu_validate_user_signup( $_REQUEST['user_login'], $new_user_email );
+ if ( is_wp_error( $user_details[ 'errors' ] ) && !empty( $user_details[ 'errors' ]->errors ) ) {
+ $add_user_errors = $user_details[ 'errors' ];
+ } else {
+ /**
+ * Filters the user_login, also known as the username, before it is added to the site.
+ *
+ * @since 2.0.3
+ *
+ * @param string $user_login The sanitized username.
+ */
+ $new_user_login = apply_filters( 'pre_user_login', sanitize_user( wp_unslash( $_REQUEST['user_login'] ), true ) );
+ if ( isset( $_POST[ 'noconfirmation' ] ) && current_user_can( 'manage_network_users' ) ) {
+ add_filter( 'wpmu_signup_user_notification', '__return_false' ); // Disable confirmation email
+ add_filter( 'wpmu_welcome_user_notification', '__return_false' ); // Disable welcome email
+ }
+ wpmu_signup_user( $new_user_login, $new_user_email, array( 'add_to_blog' => $wpdb->blogid, 'new_role' => $_REQUEST['role'] ) );
+ if ( isset( $_POST[ 'noconfirmation' ] ) && current_user_can( 'manage_network_users' ) ) {
+ $key = $wpdb->get_var( $wpdb->prepare( "SELECT activation_key FROM {$wpdb->signups} WHERE user_login = %s AND user_email = %s", $new_user_login, $new_user_email ) );
+ $new_user = wpmu_activate_signup( $key );
+ if ( is_wp_error( $new_user ) ) {
+ $redirect = add_query_arg( array( 'update' => 'addnoconfirmation' ), 'user-new.php' );
+ } else {
+ $redirect = add_query_arg( array( 'update' => 'addnoconfirmation', 'user_id' => $new_user['user_id'] ), 'user-new.php' );
+ }
+ } else {
+ $redirect = add_query_arg( array('update' => 'newuserconfirmation'), 'user-new.php' );
+ }
+ wp_redirect( $redirect );
+ die();
+ }