[ Index ]

PHP Cross Reference of WordPress Trunk (Updated Daily)

Search

title

Body

[close]

/ -> wp-activate.php (source)

   1  <?php
   2  /**
   3   * Confirms that the activation key that is sent in an email after a user signs
   4   * up for a new site matches the key for that user and then displays confirmation.
   5   *
   6   * @package WordPress
   7   */
   8  
   9  define( 'WP_INSTALLING', true );
  10  
  11  /** Sets up the WordPress Environment. */
  12  require  __DIR__ . '/wp-load.php';
  13  
  14  require  __DIR__ . '/wp-blog-header.php';
  15  
  16  if ( ! is_multisite() ) {
  17      wp_redirect( wp_registration_url() );
  18      die();
  19  }
  20  
  21  $valid_error_codes = array( 'already_active', 'blog_taken' );
  22  
  23  list( $activate_path ) = explode( '?', wp_unslash( $_SERVER['REQUEST_URI'] ) );
  24  $activate_cookie       = 'wp-activate-' . COOKIEHASH;
  25  
  26  $key    = '';
  27  $result = null;
  28  
  29  if ( isset( $_GET['key'] ) && isset( $_POST['key'] ) && $_GET['key'] !== $_POST['key'] ) {
  30      wp_die( __( 'A key value mismatch has been detected. Please follow the link provided in your activation email.' ), __( 'An error occurred during the activation' ), 400 );
  31  } elseif ( ! empty( $_GET['key'] ) ) {
  32      $key = sanitize_text_field( $_GET['key'] );
  33  } elseif ( ! empty( $_POST['key'] ) ) {
  34      $key = sanitize_text_field( $_POST['key'] );
  35  }
  36  
  37  if ( $key ) {
  38      $redirect_url = remove_query_arg( 'key' );
  39  
  40      if ( remove_query_arg( false ) !== $redirect_url ) {
  41          setcookie( $activate_cookie, $key, 0, $activate_path, COOKIE_DOMAIN, is_ssl(), true );
  42          wp_safe_redirect( $redirect_url );
  43          exit;
  44      } else {
  45          $result = wpmu_activate_signup( $key );
  46      }
  47  }
  48  
  49  if ( null === $result && isset( $_COOKIE[ $activate_cookie ] ) ) {
  50      $key    = $_COOKIE[ $activate_cookie ];
  51      $result = wpmu_activate_signup( $key );
  52      setcookie( $activate_cookie, ' ', time() - YEAR_IN_SECONDS, $activate_path, COOKIE_DOMAIN, is_ssl(), true );
  53  }
  54  
  55  if ( null === $result || ( is_wp_error( $result ) && 'invalid_key' === $result->get_error_code() ) ) {
  56      status_header( 404 );
  57  } elseif ( is_wp_error( $result ) ) {
  58      $error_code = $result->get_error_code();
  59  
  60      if ( ! in_array( $error_code, $valid_error_codes, true ) ) {
  61          status_header( 400 );
  62      }
  63  }
  64  
  65  nocache_headers();
  66  
  67  // Fix for page title.
  68  $wp_query->is_404 = false;
  69  
  70  /**
  71   * Fires before the Site Activation page is loaded.
  72   *
  73   * @since 3.0.0
  74   */
  75  do_action( 'activate_header' );
  76  
  77  /**
  78   * Adds an action hook specific to this page.
  79   *
  80   * Fires on {@see 'wp_head'}.
  81   *
  82   * @since MU (3.0.0)
  83   */
  84  function do_activate_header() {
  85      /**
  86       * Fires within the `<head>` section of the Site Activation page.
  87       *
  88       * Fires on the {@see 'wp_head'} action.
  89       *
  90       * @since 3.0.0
  91       */
  92      do_action( 'activate_wp_head' );
  93  }
  94  add_action( 'wp_head', 'do_activate_header' );
  95  
  96  /**
  97   * Loads styles specific to this page.
  98   *
  99   * @since MU (3.0.0)
 100   */
 101  function wpmu_activate_stylesheet() {
 102      ?>
 103      <style>
 104          .wp-activate-container { width: 90%; margin: 0 auto; text-align: start; padding: 24px; box-sizing: border-box; }
 105          .wp-activate-container form { margin: 24px 0; }
 106          .wp-activate-container p { font-size: 18px; }
 107          #key, #submit { font-size: 24px; box-sizing: border-box; margin: 5px 0; }
 108          #key { width: 100%; direction: ltr; }
 109          #submit { width: auto; }
 110          span.h3 { font-weight: 600; }
 111      </style>
 112      <?php
 113  }
 114  add_action( 'wp_head', 'wpmu_activate_stylesheet' );
 115  add_action( 'wp_head', 'wp_strict_cross_origin_referrer' );
 116  add_filter( 'wp_robots', 'wp_robots_sensitive_page' );
 117  
 118  get_header( 'wp-activate' );
 119  
 120  /** @var WP_Site $blog_details */
 121  $blog_details = get_site();
 122  ?>
 123  
 124  <div id="signup-content" class="widecolumn">
 125      <div class="wp-activate-container">
 126      <?php if ( ! $key ) { ?>
 127  
 128          <h2><?php _e( 'Activation Key Required' ); ?></h2>
 129          <form name="activateform" id="activateform" method="post" action="<?php echo esc_url( network_site_url( $blog_details->path . 'wp-activate.php' ) ); ?>">
 130              <p>
 131                  <label for="key"><?php _e( 'Activation Key:' ); ?></label>
 132                  <br /><input type="text" name="key" id="key" value="" size="50" autofocus="autofocus" />
 133              </p>
 134              <p class="submit">
 135                  <input id="submit" type="submit" name="Submit" class="submit" value="<?php esc_attr_e( 'Activate' ); ?>" />
 136              </p>
 137          </form>
 138  
 139          <?php
 140      } else {
 141          if ( is_wp_error( $result ) && in_array( $result->get_error_code(), $valid_error_codes, true ) ) {
 142              /** @var object{ signup_id: string, domain: string, path: string, title: string, user_login: string, user_email: string, registered: string, activated: string, active: string, activation_key: string, meta: string|null } $signup */
 143              $signup = $result->get_error_data();
 144              ?>
 145              <h2><?php _e( 'Your account is now active!' ); ?></h2>
 146              <?php
 147              echo '<p class="lead-in">';
 148              if ( '' === $signup->domain . $signup->path ) {
 149                  printf(
 150                      /* translators: 1: Login URL, 2: Username, 3: User email address, 4: Lost password URL. */
 151                      __( 'Your account has been activated. You may now <a href="%1$s">log in</a> to the site using your chosen username of &#8220;%2$s&#8221;. Please check your email inbox at %3$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can <a href="%4$s">reset your password</a>.' ),
 152                      esc_url( network_site_url( $blog_details->path . 'wp-login.php', 'login' ) ),
 153                      esc_html( $signup->user_login ),
 154                      esc_html( $signup->user_email ),
 155                      esc_url( wp_lostpassword_url() )
 156                  );
 157              } else {
 158                  $url = ( is_ssl() ? 'https://' : 'http://' ) . $signup->domain . $blog_details->path;
 159  
 160                  printf(
 161                      /* translators: 1: Site URL, 2: Username, 3: User email address, 4: Lost password URL. */
 162                      __( 'Your site at %1$s is active. You may now log in to your site using your chosen username of &#8220;%2$s&#8221;. Please check your email inbox at %3$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can <a href="%4$s">reset your password</a>.' ),
 163                      sprintf( '<a href="%1$s">%1$s</a>', esc_url( $url ) ),
 164                      esc_html( $signup->user_login ),
 165                      esc_html( $signup->user_email ),
 166                      esc_url( wp_lostpassword_url() )
 167                  );
 168              }
 169              echo '</p>';
 170          } elseif ( null === $result || is_wp_error( $result ) ) {
 171              ?>
 172              <h2><?php _e( 'An error occurred during the activation' ); ?></h2>
 173              <?php if ( is_wp_error( $result ) ) : ?>
 174                  <p><?php echo esc_html( $result->get_error_message() ); ?></p>
 175              <?php endif; ?>
 176              <?php
 177          } else {
 178              $url = isset( $result['blog_id'] ) ? esc_url( get_home_url( (int) $result['blog_id'] ) ) : '';
 179              /** @var WP_User $user */
 180              $user = get_userdata( (int) $result['user_id'] );
 181              ?>
 182              <h2><?php _e( 'Your account is now active!' ); ?></h2>
 183  
 184              <div id="signup-welcome">
 185              <p><span class="h3"><?php _e( 'Username:' ); ?></span> <?php echo esc_html( $user->user_login ); ?></p>
 186              <p><span class="h3"><?php _e( 'Password:' ); ?></span> <?php echo esc_html( $result['password'] ); ?></p>
 187              </div>
 188  
 189              <?php
 190              if ( $url && network_home_url( '', 'http' ) !== $url ) :
 191                  switch_to_blog( (int) $result['blog_id'] );
 192                  $login_url = wp_login_url();
 193                  restore_current_blog();
 194                  ?>
 195                  <p class="view">
 196                  <?php
 197                      /* translators: 1: Site URL, 2: Login URL. */
 198                      printf( __( 'Your account is now activated. <a href="%1$s">View your site</a> or <a href="%2$s">Log in</a>' ), esc_url( $url ), esc_url( $login_url ) );
 199                  ?>
 200                  </p>
 201              <?php else : ?>
 202                  <p class="view">
 203                  <?php
 204                      printf(
 205                          /* translators: 1: Login URL, 2: Network home URL. */
 206                          __( 'Your account is now activated. <a href="%1$s">Log in</a> or go back to the <a href="%2$s">homepage</a>.' ),
 207                          esc_url( network_site_url( $blog_details->path . 'wp-login.php', 'login' ) ),
 208                          esc_url( network_home_url( $blog_details->path ) )
 209                      );
 210                  ?>
 211                  </p>
 212                  <?php
 213                  endif;
 214          }
 215      }
 216      ?>
 217      </div>
 218  </div>
 219  <?php
 220  get_footer( 'wp-activate' );


Generated : Sat Jul 11 08:20:14 2026 Cross-referenced by PHPXref