From b5bfe2bd82354e7b98c7fa7831ddd8ede5ceaa83 Mon Sep 17 00:00:00 2001 From: Peter Wilson Date: Thu, 13 Dec 2018 00:22:03 +0000 Subject: [PATCH] Multisite: Improve messaging for previously activated users. Ensure activation of a site is not attempted multiple times and users are shown the correct message if they follow the link a second time. git-svn-id: https://develop.svn.wordpress.org/trunk@44021 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-activate.php | 126 +++++++++++++++++---------- src/wp-includes/general-template.php | 18 ++++ src/wp-login.php | 2 +- 3 files changed, 101 insertions(+), 45 deletions(-) diff --git a/src/wp-activate.php b/src/wp-activate.php index ecdfddd09b..be8a35a41c 100644 --- a/src/wp-activate.php +++ b/src/wp-activate.php @@ -18,6 +18,48 @@ if ( ! is_multisite() ) { die(); } +$valid_error_codes = array( 'already_active', 'blog_taken' ); + +list( $activate_path ) = explode( '?', wp_unslash( $_SERVER['REQUEST_URI'] ) ); +$activate_cookie = 'wp-activate-' . COOKIEHASH; + +$key = ''; +$result = null; + +if ( ! empty( $_GET['key'] ) ) { + $key = $_GET['key']; +} elseif ( ! empty( $_POST['key'] ) ) { + $key = $_POST['key']; +} + +if ( $key ) { + $redirect_url = remove_query_arg( 'key' ); + + if ( $redirect_url !== remove_query_arg( false ) ) { + setcookie( $activate_cookie, $key, 0, $activate_path, COOKIE_DOMAIN, is_ssl(), true ); + wp_safe_redirect( $redirect_url ); + exit; + } else { + $result = wpmu_activate_signup( $key ); + } +} + +if ( $result === null && isset( $_COOKIE[ $activate_cookie ] ) ) { + $key = $_COOKIE[ $activate_cookie ]; + $result = wpmu_activate_signup( $key ); + setcookie( $activate_cookie, ' ', time() - YEAR_IN_SECONDS, $activate_path, COOKIE_DOMAIN, is_ssl(), true ); +} + +if ( $result === null || ( is_wp_error( $result ) && 'invalid_key' === $result->get_error_code() ) ) { + status_header( 404 ); +} elseif ( is_wp_error( $result ) ) { + $error_code = $result->get_error_code(); + + if ( ! in_array( $error_code, $valid_error_codes ) ) { + status_header( 400 ); + } +} + nocache_headers(); if ( is_object( $wp_object_cache ) ) { @@ -70,15 +112,14 @@ function wpmu_activate_stylesheet() {
- +

@@ -92,47 +133,44 @@ get_header( 'wp-activate' );
get_error_code() || 'blog_taken' == $result->get_error_code() ) { - $signup = $result->get_error_data(); - ?> -

- '; - if ( $signup->domain . $signup->path == '' ) { - printf( - /* translators: 1: login URL, 2: username, 3: user email, 4: lost password URL */ - __( 'Your account has been activated. You may now log in to the site using your chosen username of “%2$s”. Please check your email inbox at %3$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can reset your password.' ), - network_site_url( 'wp-login.php', 'login' ), - $signup->user_login, - $signup->user_email, - wp_lostpassword_url() - ); - } else { - printf( - /* translators: 1: site URL, 2: username, 3: user email, 4: lost password URL */ - __( 'Your site at %1$s is active. You may now log in to your site using your chosen username of “%2$s”. Please check your email inbox at %3$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can reset your password.' ), - sprintf( '%1$s', $signup->domain ), - $signup->user_login, - $signup->user_email, - wp_lostpassword_url() - ); - } - echo '

'; +} else { + if ( is_wp_error( $result ) && in_array( $result->get_error_code(), $valid_error_codes ) ) { + $signup = $result->get_error_data(); + ?> +

+ '; + if ( $signup->domain . $signup->path == '' ) { + printf( + /* translators: 1: login URL, 2: username, 3: user email, 4: lost password URL */ + __( 'Your account has been activated. You may now log in to the site using your chosen username of “%2$s”. Please check your email inbox at %3$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can reset your password.' ), + network_site_url( 'wp-login.php', 'login' ), + $signup->user_login, + $signup->user_email, + wp_lostpassword_url() + ); } else { - ?> -

-

get_error_message(); ?>

- reset your password.' ), + sprintf( '%1$s', $signup->domain ), + $signup->user_login, + $signup->user_email, + wp_lostpassword_url() + ); } - } else { - $url = isset( $result['blog_id'] ) ? get_home_url( (int) $result['blog_id'] ) : ''; - $user = get_userdata( (int) $result['user_id'] ); - ?> + echo '

'; + } elseif ( $result === null || is_wp_error( $result ) ) { + ?> +

+ +

get_error_message(); ?>

+ +

@@ -161,9 +199,9 @@ get_header( 'wp-activate' );

+} +?>