' . __('Add User will set up a new user account on the network and send that person an email with username and password.') . '
' . + '' . __('Users who are signed up to the network without a site are added as subscribers to the main or primary dashboard site, giving them profile pages to manage their accounts. These users will only see Dashboard and My Sites in the main navigation until a site is created for them.') . '
' +) ); -add_contextual_help($current_screen, - '' . __('Add User will set up a new user account on the network and send them an email with their username and password.') . '
' . - '' . __('Users who are signed up to the network without a site are added as subscribers to the main or primary dashboard site, giving them profile pages to manage their accounts. These users will only see Dashboard and My Sites in the main navigation until a site is created for them.') . '
' . +get_current_screen()->set_help_sidebar( '' . __('For more information:') . '
' . - '' . __('Documentation on Network Users') . '
' . - '' . __('Support Forums') . '
' + '' . __('Documentation on Network Users') . '
' . + '' . __('Support Forums') . '
' ); if ( isset($_REQUEST['action']) && 'add-user' == $_REQUEST['action'] ) { check_admin_referer( 'add-user', '_wpnonce_add-user' ); + if ( ! current_user_can( 'manage_network_users' ) ) - wp_die( __( 'You do not have permission to access this page.' ) ); + wp_die( __( 'You do not have permission to access this page.' ), 403 ); - if ( is_array( $_POST['user'] ) == false ) + if ( ! is_array( $_POST['user'] ) ) wp_die( __( 'Cannot create an empty user.' ) ); - $user = $_POST['user']; - if ( empty($user['username']) && empty($user['email']) ) - wp_die( __( 'Missing username and email.' ) ); - elseif ( empty($user['username']) ) - wp_die( __( 'Missing username.' ) ); - elseif ( empty($user['email']) ) - wp_die( __( 'Missing email.' ) ); - - $password = wp_generate_password( 12, false); - $user_id = wpmu_create_user( esc_html( strtolower( $user['username'] ) ), $password, esc_html( $user['email'] ) ); - - if ( false == $user_id ) - wp_die( __( 'Duplicated username or email address.' ) ); - else - wp_new_user_notification( $user_id, $password ); - - wp_redirect( add_query_arg( array('update' => 'added'), 'user-new.php' ) ); - exit; + + $user = wp_unslash( $_POST['user'] ); + + $user_details = wpmu_validate_user_signup( $user['username'], $user['email'] ); + if ( is_wp_error( $user_details[ 'errors' ] ) && ! empty( $user_details[ 'errors' ]->errors ) ) { + $add_user_errors = $user_details[ 'errors' ]; + } else { + $password = wp_generate_password( 12, false); + $user_id = wpmu_create_user( esc_html( strtolower( $user['username'] ) ), $password, sanitize_email( $user['email'] ) ); + + if ( ! $user_id ) { + $add_user_errors = new WP_Error( 'add_user_fail', __( 'Cannot add user.' ) ); + } else { + wp_new_user_notification( $user_id, 'both' ); + wp_redirect( add_query_arg( array('update' => 'added'), 'user-new.php' ) ); + exit; + } + } } if ( isset($_GET['update']) ) { @@ -61,34 +67,41 @@ if ( isset($_GET['update']) ) { $title = __('Add New User'); $parent_file = 'users.php'; -require('../admin-header.php'); ?> +require( ABSPATH . 'wp-admin/admin-header.php' ); ?>' . $msg . '