From d6ea7c7bded49cccd6bd87327c4f83784294f361 Mon Sep 17 00:00:00 2001
From: Ryan Boren <ryan@git.wordpress.org>
Date: Wed, 20 Jan 2010 21:58:13 +0000
Subject: [PATCH] Add email and login dupe checking down into wp_insert_user().
 Tidy up user-new.php. see #11644

git-svn-id: https://develop.svn.wordpress.org/trunk@12778 602fd350-edb4-49c9-b593-d223f7449a82
---
 wp-admin/menu.php            |  5 +----
 wp-admin/user-new.php        | 31 ++++++++++---------------------
 wp-includes/capabilities.php |  6 ++++++
 wp-includes/ms-functions.php |  9 +++------
 wp-includes/registration.php |  9 +++++++--
 5 files changed, 27 insertions(+), 33 deletions(-)

diff --git a/wp-admin/menu.php b/wp-admin/menu.php
index 81bc034942..78b410e7a7 100644
--- a/wp-admin/menu.php
+++ b/wp-admin/menu.php
@@ -130,10 +130,7 @@ else
 if ( current_user_can('edit_users') ) {
 	$_wp_real_parent_file['profile.php'] = 'users.php'; // Back-compat for plugins adding submenus to profile.php.
 	$submenu['users.php'][5] = array(__('Authors &amp; Users'), 'edit_users', 'users.php');
-	if ( !is_multisite() )
-		$submenu['users.php'][10] = array(_x('Add New', 'user'), 'create_users', 'user-new.php');
-	elseif ( is_super_admin() || get_site_option( 'add_new_users' ) )
-		$submenu['users.php'][10] = array(__('Add New') . ' <strong>*</strong>', 'create_users', 'ms-options.php#addnewusers');
+	$submenu['users.php'][10] = array(_x('Add New', 'user'), 'create_users', 'user-new.php');
 
 	$submenu['users.php'][15] = array(__('Your Profile'), 'read', 'profile.php');
 } else {
diff --git a/wp-admin/user-new.php b/wp-admin/user-new.php
index 1f2db707d2..8b6d701b0e 100644
--- a/wp-admin/user-new.php
+++ b/wp-admin/user-new.php
@@ -62,10 +62,10 @@ if ( isset($_REQUEST['action']) && 'adduser' == $_REQUEST['action'] ) {
 			$redirect = 'user-new.php';
 			$username = $user_details->user_login;
 			$user_id = $user_details->ID;
-			if ( ($username != null && is_site_admin( $username ) == false ) && ( array_key_exists($blog_id, get_blogs_of_user($user_id)) ) ) {
+			if ( ( $username != null && !is_super_admin( $user_id ) ) && ( array_key_exists($blog_id, get_blogs_of_user($user_id)) ) ) {
 				$redirect = add_query_arg( array('update' => 'addexisting'), 'user-new.php' );
 			} else {
-				if ( isset( $_POST[ 'noconfirmation' ] ) && is_site_admin() ) {
+				if ( isset( $_POST[ 'noconfirmation' ] ) && is_super_admin() ) {
 					add_existing_user_to_blog( array( 'user_id' => $user_id, 'role' => $_REQUEST[ 'role' ] ) );
 					$redirect = add_query_arg( array('update' => 'addnoconfirmation'), 'user-new.php' );
 				} else {
@@ -184,12 +184,16 @@ foreach ( array('user_login' => 'login', 'first_name' => 'firstname', 'last_name
 $new_user_send_password = !$_POST || isset($_POST['send_password']);
 ?>
 <table class="form-table">
-<?php if ( !is_multisite() ) { ?>
 	<tr class="form-field form-required">
 		<th scope="row"><label for="user_login"><?php _e('Username'); ?> <span class="description"><?php _e('(required)'); ?></span></label>
 		<input name="action" type="hidden" id="action" value="adduser" /></th>
 		<td><input name="user_login" type="text" id="user_login" value="<?php echo esc_attr($new_user_login); ?>" aria-required="true" /></td>
 	</tr>
+	<tr class="form-field form-required">
+		<th scope="row"><label for="email"><?php _e('E-mail'); ?> <span class="description"><?php _e('(required)'); ?></span></label></th>
+		<td><input name="email" type="text" id="email" value="<?php echo esc_attr($new_user_email); ?>" /></td>
+	</tr>
+<?php if ( !is_multisite() ) { ?>
 	<tr class="form-field">
 		<th scope="row"><label for="first_name"><?php _e('First Name') ?> </label></th>
 		<td><input name="first_name" type="text" id="first_name" value="<?php echo esc_attr($new_user_firstname); ?>" /></td>
@@ -198,15 +202,10 @@ $new_user_send_password = !$_POST || isset($_POST['send_password']);
 		<th scope="row"><label for="last_name"><?php _e('Last Name') ?> </label></th>
 		<td><input name="last_name" type="text" id="last_name" value="<?php echo esc_attr($new_user_lastname); ?>" /></td>
 	</tr>
-	<tr class="form-field form-required">
-		<th scope="row"><label for="email"><?php _e('E-mail'); ?> <span class="description"><?php _e('(required)'); ?></span></label></th>
-		<td><input name="email" type="text" id="email" value="<?php echo esc_attr($new_user_email); ?>" /></td>
-	</tr>
 	<tr class="form-field">
 		<th scope="row"><label for="url"><?php _e('Website') ?></label></th>
 		<td><input name="url" type="text" id="url" class="code" value="<?php echo esc_attr($new_user_uri); ?>" /></td>
 	</tr>
-
 <?php if ( apply_filters('show_password_fields', true) ) : ?>
 	<tr class="form-field form-required">
 		<th scope="row"><label for="pass1"><?php _e('Password'); ?> <span class="description"><?php _e('(twice, required)'); ?></span></label></th>
@@ -223,16 +222,7 @@ $new_user_send_password = !$_POST || isset($_POST['send_password']);
 		<td><label for="send_password"><input type="checkbox" name="send_password" id="send_password" <?php checked($new_user_send_password, true); ?> /> <?php _e('Send this password to the new user by email.'); ?></label></td>
 	</tr>
 <?php endif; ?>
-<?php } else { // multisite ?>
-	<tr class="form-field form-required">
-		<th scope="row"><label for="user_login"><?php _e('Username (required)') ?></label><input name="action" type="hidden" id="action" value="adduser" /></th>
-		<td ><input name="user_login" type="text" id="user_login" value="<?php echo $new_user_login; ?>" aria-required="true" /></td>
-	</tr>
-	<tr class="form-field form-required">
-		<th scope="row"><label for="email"><?php _e('E-mail (required)') ?></label></th>
-		<td><input name="email" type="text" id="email" value="<?php echo $new_user_email; ?>" /></td>
-	</tr>
-<?php } ?>
+<?php } // !is_multisite ?>
 	<tr class="form-field">
 		<th scope="row"><label for="role"><?php _e('Role'); ?></label></th>
 		<td><select name="role" id="role">
@@ -244,11 +234,10 @@ $new_user_send_password = !$_POST || isset($_POST['send_password']);
 			</select>
 		</td>
 	</tr>
-
 	<?php if ( is_multisite() && is_super_admin() ) { ?>
-	<tr class="form-field">
+	<tr>
 		<th scope="row"><label for="noconfirmation"><?php _e('Skip Confirmation Email') ?></label></th>
-		<td><input name="noconfirmation" type="checkbox" id="noconfirmation" value="1" /> <label for="noconfirmation"><?php _e( 'Site administrators can add a user without sending the confirmation email.' ); ?></label></td>
+		<td><label for="noconfirmation"><input type="checkbox" name="noconfirmation" id="noconfirmation" value="1" /> <?php _e( 'Site administrators can add a user without sending the confirmation email.' ); ?></label></td>
 	</tr>
 	<?php } ?>
 </table>
diff --git a/wp-includes/capabilities.php b/wp-includes/capabilities.php
index ffc49da010..1509ffff05 100644
--- a/wp-includes/capabilities.php
+++ b/wp-includes/capabilities.php
@@ -980,6 +980,12 @@ function map_meta_cap( $cap, $user_id ) {
 		else
 			$caps[] = $cap;
 		break;
+	case 'create_users':
+		if ( is_multisite() && !get_site_option( 'add_new_users' ) )
+			$caps[] = 'do_not_allow';
+		else
+			$caps[] = $cap;
+		break;
 	default:
 		// If no meta caps match, return the original cap.
 		$caps[] = $cap;
diff --git a/wp-includes/ms-functions.php b/wp-includes/ms-functions.php
index b9b7b291db..1b82a8d1d0 100644
--- a/wp-includes/ms-functions.php
+++ b/wp-includes/ms-functions.php
@@ -1222,14 +1222,11 @@ function wpmu_activate_signup($key) {
 
 function wpmu_create_user( $user_name, $password, $email) {
 	$user_name = preg_replace( "/\s+/", '', sanitize_user( $user_name, true ) );
-	if ( username_exists($user_name) )
-		return false;
-
-	// Check if the email address has been used already.
-	if ( email_exists($email) )
-		return false;
 
 	$user_id = wp_create_user( $user_name, $password, $email );
+	if ( is_wp_error($user_id) )
+		return false;
+
 	$user = new WP_User($user_id);
 
 	// Newly created users have no roles or caps until they are added to a blog.
diff --git a/wp-includes/registration.php b/wp-includes/registration.php
index d010e737fa..67bcbfbaea 100644
--- a/wp-includes/registration.php
+++ b/wp-includes/registration.php
@@ -122,9 +122,11 @@ function wp_insert_user($userdata) {
 	//Remove any non-printable chars from the login string to see if we have ended up with an empty username
 	$user_login = trim($user_login);
 
-	if ( empty($user_login) ) {
+	if ( empty($user_login) )
 		return new WP_Error('empty_user_login', __('Cannot create a user with an empty login name.') );
-	}
+
+	if ( !$update && username_exists( $user_login ) )
+		return new WP_Error('existing_user_login', __('This username is already registered.') );
 
 	if ( empty($user_nicename) )
 		$user_nicename = sanitize_title( $user_login );
@@ -138,6 +140,9 @@ function wp_insert_user($userdata) {
 		$user_email = '';
 	$user_email = apply_filters('pre_user_email', $user_email);
 
+	if ( !$update && email_exists($user_email) )
+		return new WP_Error('existing_user_email', __('This email address is already registered.') );
+
 	if ( empty($display_name) )
 		$display_name = $user_login;
 	$display_name = apply_filters('pre_user_display_name', $display_name);