Changeset 12734 for trunk/src/bp-blogs/bp-blogs-template.php

Timestamp:

09/25/2020 03:13:24 AM (5 years ago)

Author:

imath

Message:

Blogs: renovate the create a blog form

This blog form let logged in users create sites. It aged badly since version 1.0 and we were unnecessarily resetting the blog domain for subdomain installs though wpmu_validate_blog_signup() is already generating this domain.

Fixes #8365

File:

• trunk/src/bp-blogs/bp-blogs-template.php (modified) (13 diffs)

trunk/src/bp-blogs/bp-blogs-template.php

@@ -1003 +1003 @@
 
 /**
- * Checks whether blog creation is enabled.
- *
- * Returns true when blog creation is enabled for logged-in users only, or
- * when it's enabled for new registrations.
- *
- * @return bool True if blog registration is enabled.
- */
-function bp_blog_signup_enabled() {
-    $bp = buddypress();
-
-    $active_signup = isset( $bp->site_options['registration'] )
-        ? $bp->site_options['registration']
-        : 'all';
-
-    /**
-     * Filters whether or not blog creation is enabled.
-     *
-     * Return "all", "none", "blog" or "user".
-     *
-     * @since 1.0.0
-     *
-     * @param string $active_signup Value of the registration site option creation status.
-     */
-    $active_signup = apply_filters( 'wpmu_active_signup', $active_signup );
-
-    if ( 'none' == $active_signup || 'user' == $active_signup )
-        return false;
-
-    return true;
-}
-
-/**
  * Output the wrapper markup for the blog signup form.
+ *
+ * @since 1.0.0
  *
  * @param string          $blogname   Optional. The default blog name (path or domain).
@@ -1042 +1012 @@
  *                                    submission attempt.
  */
-function bp_show_blog_signup_form($blogname = '', $blog_title = '', $errors = '') {
-    global $current_user;
-
-    if ( isset($_POST['submit']) ) {
-        bp_blogs_validate_blog_signup();
-    } else {
-        if ( ! is_wp_error($errors) ) {
+function bp_show_blog_signup_form( $blogname = '', $blog_title = '', $errors = '' ) {
+    $blog_id = bp_blogs_validate_blog_signup();
+
+    // Display the signup form.
+    if ( false === $blog_id || is_wp_error( $blog_id ) ) {
+        if ( is_wp_error( $blog_id ) ) {
+            $errors = $blog_id;
+        } else {
             $errors = new WP_Error();
         }
@@ -1064 +1035 @@
          */
         $filtered_results = apply_filters('signup_another_blog_init', array('blogname' => $blogname, 'blog_title' => $blog_title, 'errors' => $errors ));
-        $blogname = $filtered_results['blogname'];
-        $blog_title = $filtered_results['blog_title'];
-        $errors = $filtered_results['errors'];
+        $blogname         = $filtered_results['blogname'];
+        $blog_title       = $filtered_results['blog_title'];
+        $errors           = $filtered_results['errors'];
 
         if ( $errors->get_error_code() ) {
-            echo "<p>" . __('There was a problem; please correct the form below and try again.', 'buddypress') . "</p>";
-        }
+            if ( in_array( $errors->get_error_code(), array( 'blogname', 'blog_title' ), true ) ) {
+                printf(
+                    '<p class="error">%s</p>',
+                    esc_html__( 'There was a problem; please correct the form below and try again.', 'buddypress' )
+                );
+            } else {
+                printf(
+                    '<p class="error">%s</p>',
+                    $errors->get_error_message()
+                );
+            }
+        }
+
+        printf(
+            '<p>%1$s <strong>%2$s</strong>. %3$s</p>',
+            esc_html__( 'By filling out the form below, you can', 'buddypress' ),
+            esc_html__( 'add a site to your account', 'buddypress' ),
+            esc_html__( 'There is no limit to the number of sites that you can have, so create to your heart’s content, but blog responsibly!', 'buddypress' )
+        );
         ?>
-        <p><?php printf(__("By filling out the form below, you can <strong>add a site to your account</strong>. There is no limit to the number of sites that you can have, so create to your heart's content, but blog responsibly!", 'buddypress'), $current_user->display_name) ?></p>
-
-        <p><?php _e("If you&#8217;re not going to use a great domain, leave it for a new user. Now have at it!", 'buddypress') ?></p>
+
+        <p>
+            <?php esc_html_e( 'If you’re not going to use a great domain, leave it for a new user. Now have at it!', 'buddypress' ); ?>
+        </p>
 
         <form class="standard-form" id="setupform" method="post" action="">
@@ -1088 +1077 @@
             do_action( 'signup_hidden_fields' ); ?>
 
-            <?php bp_blogs_signup_blog($blogname, $blog_title, $errors); ?>
+            <?php bp_blogs_signup_blog( $blogname, $blog_title, $errors ); ?>
             <p>
-                <input id="submit" type="submit" name="submit" class="submit" value="<?php esc_attr_e('Create Site', 'buddypress') ?>" />
+                <input id="submit" type="submit" name="submit" class="submit" value="<?php esc_attr_e( 'Create Site', 'buddypress' ); ?>" />
             </p>
 
@@ -1096 +1085 @@
         </form>
         <?php
+
+        // Display the confirmation form.
+    } elseif ( is_numeric( $blog_id ) ) {
+        // Validate the site.
+        $site = get_site( $blog_id );
+
+        if ( isset( $site->id ) && $site->id ) {
+            $current_user = wp_get_current_user();
+
+            bp_blogs_confirm_blog_signup(
+                $site->domain,
+                $site->path,
+                $site->blogname,
+                $current_user->user_login,
+                $current_user->user_email,
+                '',
+                $site->id
+            );
+        }
     }
 }
@@ -1101 +1109 @@
 /**
  * Output the input fields for the blog creation form.
+ *
+ * @since 1.0.0
  *
  * @param string          $blogname   Optional. The default blog name (path or domain).
@@ -1108 +1118 @@
  */
 function bp_blogs_signup_blog( $blogname = '', $blog_title = '', $errors = '' ) {
-    global $current_site;
-
-    // Blog name.
-    if( !is_subdomain_install() )
-        echo '<label for="blogname">' . __('Site Name:', 'buddypress') . '</label>';
-    else
-        echo '<label for="blogname">' . __('Site Domain:', 'buddypress') . '</label>';
-
-    if ( $errmsg = $errors->get_error_message('blogname') ) { ?>
-
-        <p class="error"><?php echo $errmsg ?></p>
-
-    <?php }
-
-    if ( !is_subdomain_install() )
-        echo '<span class="prefix_address">' . $current_site->domain . $current_site->path . '</span> <input name="blogname" type="text" id="blogname" value="'.$blogname.'" maxlength="63" /><br />';
-    else
-        echo '<input name="blogname" type="text" id="blogname" value="'.$blogname.'" maxlength="63" ' . bp_get_form_field_attributes( 'blogname' ) . '/> <span class="suffix_address">.' . bp_signup_get_subdomain_base() . '</span><br />';
-
-    if ( !is_user_logged_in() ) {
-        print '(<strong>' . __( 'Your address will be ' , 'buddypress');
-
-        if ( !is_subdomain_install() ) {
-            print $current_site->domain . $current_site->path . __( 'blogname' , 'buddypress');
+    $current_site = get_current_site();
+
+    if ( ! $blogname && ! $blog_title ) {
+        $submitted_vars = bp_blogs_get_signup_form_submitted_vars();
+
+        if ( array_filter( $submitted_vars ) ) {
+            $blogname   = $submitted_vars['blogname'];
+            $blog_title = $submitted_vars['blog_title'];
+        }
+    }
+    ?>
+
+    <p>
+        <?php
+        // Blog name.
+        if ( ! is_subdomain_install() ) {
+            printf( '<label for="blogname">%s</label>', esc_html__( 'Site Name:', 'buddypress' ) );
         } else {
-            print __( 'domain.' , 'buddypress') . $current_site->domain . $current_site->path;
-        }
-
-        echo '.</strong> ' . __( 'Must be at least 4 characters, letters and numbers only. It cannot be changed so choose carefully!)' , 'buddypress') . '</p>';
+            printf( '<label for="blogname">%s</label>', esc_html__( 'Site Domain:', 'buddypress' ) );
+        }
+
+        if ( ! is_subdomain_install() ) {
+            printf(
+                '<span class="prefix_address">%1$s</span> <input name="blogname" type="text" id="blogname" value="%2$s" maxlength="63" style="width: auto!important" /><br />',
+                esc_html( $current_site->domain . $current_site->path ),
+                esc_attr( $blogname )
+            );
+        } else {
+            printf(
+                '<input name="blogname" type="text" id="blogname" value="%1$s" maxlength="63" style="width: auto!important" %2$s/> <span class="suffix_address">.%3$s</span><br />',
+                esc_attr( $blogname ),
+                bp_get_form_field_attributes( 'blogname' ),
+                bp_signup_get_subdomain_base()
+            );
+        }
+        if ( is_wp_error( $errors ) && $errors->get_error_message( 'blogname' ) ) {
+            printf( '<div class="error">%s</div>', $errors->get_error_message( 'blogname' ) );
+        }
+        ?>
+    </p>
+
+    <?php
+    if ( ! is_user_logged_in() ) {
+        $url = sprintf(
+            /* translators: %s is the site domain and path. */
+            __( 'domain.%s' , 'buddypress' ),
+            $current_site->domain . $current_site->path
+        );
+
+        if ( ! is_subdomain_install() ) {
+            $url = sprintf(
+                /* translators: %s is the site domain and path. */
+                __( '%sblogname' , 'buddypress'),
+                $current_site->domain . $current_site->path
+            );
+        }
+
+        printf(
+            '<p>(<strong>%1$s.</strong> %2$s)</p>',
+            sprintf( esc_html__( 'Your address will be %s' , 'buddypress' ), $url ),
+            esc_html__( 'Must be at least 4 characters, letters and numbers only. It cannot be changed so choose carefully!' , 'buddypress' )
+        );
     }
 
     // Blog Title.
     ?>
-
-    <label for="blog_title"><?php _e('Site Title:', 'buddypress') ?></label>
-
-    <?php if ( $errmsg = $errors->get_error_message('blog_title') ) { ?>
-
-        <p class="error"><?php echo $errmsg ?></p>
-
-    <?php }
-    echo '<input name="blog_title" type="text" id="blog_title" value="'.esc_html($blog_title, 1).'" /></p>';
-    ?>
+    <p>
+        <label for="blog_title"><?php esc_html_e('Site Title:', 'buddypress') ?></label>
+        <input name="blog_title" type="text" id="blog_title" value="<?php echo esc_html( $blog_title ); ?>" />
+
+        <?php
+        if ( is_wp_error( $errors ) && $errors->get_error_message( 'blog_title' ) ) {
+            printf( '<div class="error">%s</div>', $errors->get_error_message( 'blog_title' ) );
+        }
+        ?>
+    </p>
 
     <fieldset class="create-site">
-        <legend class="label"><?php _e('Privacy: I would like my site to appear in search engines, and in public listings around this network', 'buddypress') ?></legend>
-
-        <label class="checkbox" for="blog_public_on">
-            <input type="radio" id="blog_public_on" name="blog_public" value="1" <?php if( !isset( $_POST['blog_public'] ) || '1' == $_POST['blog_public'] ) { ?>checked="checked"<?php } ?> />
-            <strong><?php _e( 'Yes' , 'buddypress'); ?></strong>
-        </label>
-        <label class="checkbox" for="blog_public_off">
-            <input type="radio" id="blog_public_off" name="blog_public" value="0" <?php if( isset( $_POST['blog_public'] ) && '0' == $_POST['blog_public'] ) { ?>checked="checked"<?php } ?> />
-            <strong><?php _e( 'No' , 'buddypress'); ?></strong>
-        </label>
+
+        <legend class="label"><?php esc_html_e( 'Privacy: I would like my site to appear in search engines, and in public listings around this network', 'buddypress' ) ?></legend>
+
+        <p>
+            <label class="checkbox" for="blog_public_on">
+                <input type="radio" id="blog_public_on" name="blog_public" value="1" <?php checked( ! isset( $_POST['blog_public'] ) || 1 === (int) $_POST['blog_public'] ); ?> />
+                <strong><?php esc_html_e( 'Yes' , 'buddypress'); ?></strong>
+            </label>
+        </p>
+
+        <p>
+            <label class="checkbox" for="blog_public_off">
+                <input type="radio" id="blog_public_off" name="blog_public" value="0" <?php checked( isset( $_POST['blog_public'] ) && 0 === (int) $_POST['blog_public'] ); ?> />
+                <strong><?php esc_html_e( 'No' , 'buddypress'); ?></strong>
+            </label>
+        </p>
+
     </fieldset>
 
@@ -1174 +1224 @@
      * @param WP_Error $errors WP_Error object if any present.
      */
-    do_action('signup_blogform', $errors);
+    do_action( 'signup_blogform', $errors );
 }
 
@@ -1182 +1232 @@
  * Passes submitted values to {@link wpmu_create_blog()}.
  *
- * @return bool True on success, false on failure.
+ * @since 1.0.0
+ *
+ * @return bool|int|WP_Error False if not a form submission, the Blog ID on success, a WP_Error object on failure.
  */
 function bp_blogs_validate_blog_signup() {
-    global $wpdb, $current_user, $blogname, $blog_title, $errors, $domain, $path, $current_site;
-
-    if ( !check_admin_referer( 'bp_blog_signup_form' ) )
+    if ( ! isset( $_POST['submit'] ) ) {
         return false;
-
+    }
+
+    $current_site = get_current_site();
     $current_user = wp_get_current_user();
-
-    if( !is_user_logged_in() )
-        die();
-
-    $result = bp_blogs_validate_blog_form();
-    extract($result);
-
-    if ( $errors->get_error_code() ) {
-        unset($_POST['submit']);
-        bp_show_blog_signup_form( $blogname, $blog_title, $errors );
-        return false;
-    }
-
-    $public = (int) $_POST['blog_public'];
-
-    // Depreciated.
-    $meta = apply_filters( 'signup_create_blog_meta', array( 'lang_id' => 1, 'public' => $public ) );
+    $blog_name    = '';
+    $blog_title   = '';
+    $public       = 1;
+
+    if ( ! isset( $_POST['_wpnonce'] ) || ! wp_verify_nonce( wp_unslash( $_POST['_wpnonce'] ), 'bp_blog_signup_form' ) || ! $current_user->ID ) {
+        return new WP_Error( 'bp_blogs_doing_it_wrong', __( 'Sorry, we cannot create the site. Please try again later.', 'buddypress' ) );
+    }
+
+    $submitted_vars = bp_blogs_get_signup_form_submitted_vars();
+
+    if ( array_filter( $submitted_vars ) ) {
+        $blog_name  = $submitted_vars['blogname'];
+        $blog_title = $submitted_vars['blog_title'];
+        $public     = (int) $submitted_vars['blog_public'];
+    }
+
+    $blog = bp_blogs_validate_blog_form( $blog_name, $blog_title );
+
+    if ( is_wp_error( $blog['errors'] ) && $blog['errors']->get_error_code() ) {
+        return $blog['errors'];
+    }
 
     /**
@@ -1219 +1275 @@
      * }
      */
-    $meta = apply_filters( 'add_signup_meta', $meta );
-
-    // If this is a subdomain install, set up the site inside the root domain.
-    if ( is_subdomain_install() )
-        $domain = $blogname . '.' . preg_replace( '|^www\.|', '', $current_site->domain );
-
-    $blog_id = wpmu_create_blog( $domain, $path, $blog_title, $current_user->ID, $meta, $wpdb->siteid );
-    bp_blogs_confirm_blog_signup( $domain, $path, $blog_title, $current_user->user_login, $current_user->user_email, $meta, $blog_id );
-    return true;
-}
-
-/**
- * Validate a blog creation submission.
- *
- * Essentially, a wrapper for {@link wpmu_validate_blog_signup()}.
- *
- * @return array Contains the new site data and error messages.
- */
-function bp_blogs_validate_blog_form() {
-    $user = '';
-    if ( is_user_logged_in() )
-        $user = wp_get_current_user();
-
-    return wpmu_validate_blog_signup($_POST['blogname'], $_POST['blog_title'], $user);
+    $meta = apply_filters( 'add_signup_meta', array( 'lang_id' => 1, 'public' => $public ) );
+
+    return wpmu_create_blog(
+        $blog['domain'],
+        $blog['path'],
+        $blog['blog_title'],
+        $current_user->ID, $meta,
+        $current_site->id
+    );
 }
 
@@ -1248 +1289 @@
  * Display a message after successful blog registration.
  *
+ * @since 1.0.0
  * @since 2.6.0 Introduced `$blog_id` parameter.
  *
@@ -1265 +1307 @@
 
     ?>
-    <p><?php _e( 'Congratulations! You have successfully registered a new site.', 'buddypress' ) ?></p>
+    <p class="success"><?php esc_html_e( 'Congratulations! You have successfully registered a new site.', 'buddypress' ) ?></p>
     <p>
         <?php printf(
@@ -1290 +1332 @@
      * @since 1.0.0
      */
-    do_action('signup_finished');
+    do_action( 'signup_finished' );
 }