mirror of
https://github.com/10h30/ultimatemember.git
synced 2026-07-14 04:06:36 +09:00
- review for secure functionality;
This commit is contained in:
@@ -2068,5 +2068,17 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
|
||||
}
|
||||
return UM()->classes['admin_notices'];
|
||||
}
|
||||
|
||||
/**
|
||||
* @since 2.6.8
|
||||
*
|
||||
* @return core\Secure
|
||||
*/
|
||||
public function secure() {
|
||||
if ( empty( UM()->classes['admin_secure'] ) ) {
|
||||
UM()->classes['admin_secure'] = new core\Secure();
|
||||
}
|
||||
return UM()->classes['admin_secure'];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -117,13 +117,14 @@ if ( ! class_exists( 'um\admin\core\Admin_Forms' ) ) {
|
||||
$data['value'] = esc_attr( $data['value'] );
|
||||
}
|
||||
|
||||
if( in_array( $data['type'], array('info_text') ) ){
|
||||
if ( 'info_text' === $data['type'] ) {
|
||||
$arr_kses = array(
|
||||
'a' => array(
|
||||
'href' => array(),
|
||||
'title' => array(),
|
||||
'target' => array(),
|
||||
'class' => array(),
|
||||
'href' => array(),
|
||||
'title' => array(),
|
||||
'target' => array(),
|
||||
'class' => array(),
|
||||
'onclick' => array(),
|
||||
),
|
||||
'button' => array(
|
||||
'class' => array(),
|
||||
@@ -1185,15 +1186,14 @@ if ( ! class_exists( 'um\admin\core\Admin_Forms' ) ) {
|
||||
* @return bool|string
|
||||
*/
|
||||
function render_multi_checkbox( $field_data ) {
|
||||
|
||||
if ( empty( $field_data['id'] ) ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$id = ( ! empty( $this->form_data['prefix_id'] ) ? $this->form_data['prefix_id'] : '' ) . '_' . $field_data['id'];
|
||||
|
||||
$class = ! empty( $field_data['class'] ) ? $field_data['class'] : '';
|
||||
$class .= ! empty( $field_data['size'] ) ? $field_data['size'] : 'um-long-field';
|
||||
$class = ! empty( $field_data['class'] ) ? $field_data['class'] : '';
|
||||
$class .= ! empty( $field_data['size'] ) ? $field_data['size'] : 'um-long-field';
|
||||
$class_attr = ' class="um-forms-field ' . esc_attr( $class ) . '" ';
|
||||
|
||||
$name = $field_data['id'];
|
||||
@@ -1229,7 +1229,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Forms' ) ) {
|
||||
|
||||
$data_attr = '';
|
||||
foreach ( $data as $key => $value ) {
|
||||
if ( $value == 'checkbox_key' ) {
|
||||
if ( 'checkbox_key' === $value ) {
|
||||
$value = $k;
|
||||
}
|
||||
$data_attr .= ' data-' . $key . '="' . esc_attr( $value ) . '" ';
|
||||
@@ -1237,7 +1237,6 @@ if ( ! class_exists( 'um\admin\core\Admin_Forms' ) ) {
|
||||
|
||||
if ( isset( $field_data['options_disabled'] ) && in_array( $k, $field_data['options_disabled'], true ) ) {
|
||||
$disabed_attr = 'disabled="disabled"';
|
||||
$values = array_merge( $values, $field_data['options_disabled'] );
|
||||
}
|
||||
|
||||
$html .= "<label $for_attr>
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
<?php
|
||||
namespace um\admin\core;
|
||||
|
||||
|
||||
if ( ! defined( 'ABSPATH' ) ) exit;
|
||||
|
||||
if ( ! defined( 'ABSPATH' ) ) {
|
||||
exit;
|
||||
}
|
||||
|
||||
if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
|
||||
|
||||
@@ -33,6 +33,8 @@ if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
|
||||
|
||||
add_action( 'wp_ajax_um_dismiss_notice', array( &$this, 'dismiss_notice' ) );
|
||||
add_action( 'admin_init', array( &$this, 'force_dismiss_notice' ) );
|
||||
|
||||
add_action( 'current_screen', array( &$this, 'create_list_for_screen' ) );
|
||||
}
|
||||
|
||||
|
||||
@@ -79,6 +81,12 @@ if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
|
||||
do_action( 'um_admin_create_notices' );
|
||||
}
|
||||
|
||||
public function create_list_for_screen() {
|
||||
if ( UM()->admin()->is_um_screen() ) {
|
||||
$this->secure_settings();
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* @return array
|
||||
@@ -511,8 +519,14 @@ if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
|
||||
|
||||
case 'err_users_updated':
|
||||
$messages[0]['err_content'] = __( 'Super administrators cannot be modified.', 'ultimate-member' );
|
||||
$messages[1]['content'] = __( 'Other users have been updated.', 'ultimate-member' );
|
||||
|
||||
$messages[1]['content'] = __( 'Other users have been updated.', 'ultimate-member' );
|
||||
break;
|
||||
case 'um_secure_expire_sessions':
|
||||
$messages[0]['content'] = __( 'All users sessions have been expired.', 'ultimate-member' );
|
||||
break;
|
||||
case 'um_secure_restore':
|
||||
$messages[0]['content'] = __( 'Account has been successfully restored.', 'ultimate-member' );
|
||||
break;
|
||||
}
|
||||
|
||||
if ( ! empty( $messages ) ) {
|
||||
@@ -715,7 +729,6 @@ if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
|
||||
), 2 );
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Check Templates Versions notice
|
||||
*/
|
||||
@@ -746,26 +759,60 @@ if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* First time installed Secure settings.
|
||||
*/
|
||||
public function secure_settings() {
|
||||
ob_start();
|
||||
?>
|
||||
<p>
|
||||
<strong><?php esc_html_e( 'Important Update', 'ultimate-member' ); ?></strong><br/>
|
||||
<?php esc_html_e( 'Ultimate Member has a new additional feature to secure your Ultimate Member forms to prevent attacks from injecting accounts with administrative roles & capabilities.', 'ultimate-member' ); ?>
|
||||
</p>
|
||||
<p>
|
||||
<a class="button button-primary" href="<?php echo esc_attr( admin_url( 'admin.php?page=um_options&tab=secure&um_dismiss_notice=secure_settings&um_admin_nonce=' . wp_create_nonce( 'um-admin-nonce' ) ) ); ?>"><?php esc_html_e( 'Manage Security Settings', 'ultimate-member' ); ?></a>
|
||||
<a class="button" target="_blank" href="https://docs.ultimatemember.com/article/1869-security-feature"><?php esc_html_e( 'Read the documentation', 'ultimate-member' ); ?></a>
|
||||
</p>
|
||||
<?php
|
||||
$message = ob_get_clean();
|
||||
$this->add_notice(
|
||||
'secure_settings',
|
||||
array(
|
||||
'class' => 'warning',
|
||||
'message' => $message,
|
||||
'dismissible' => true,
|
||||
),
|
||||
1
|
||||
);
|
||||
}
|
||||
|
||||
function dismiss_notice() {
|
||||
public function dismiss_notice() {
|
||||
UM()->admin()->check_ajax_nonce();
|
||||
|
||||
if ( empty( $_POST['key'] ) ) {
|
||||
wp_send_json_error( __( 'Wrong Data', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
$hidden_notices = get_option( 'um_hidden_admin_notices', array() );
|
||||
if ( ! is_array( $hidden_notices ) ) {
|
||||
$hidden_notices = array();
|
||||
}
|
||||
|
||||
$hidden_notices[] = sanitize_key( $_POST['key'] );
|
||||
|
||||
update_option( 'um_hidden_admin_notices', $hidden_notices );
|
||||
$this->dismiss( sanitize_key( $_POST['key'] ) );
|
||||
|
||||
wp_send_json_success();
|
||||
}
|
||||
|
||||
/**
|
||||
* Dismiss notice by key.
|
||||
*
|
||||
* @param string $key
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function dismiss( $key ) {
|
||||
$hidden_notices = get_option( 'um_hidden_admin_notices', array() );
|
||||
if ( ! is_array( $hidden_notices ) ) {
|
||||
$hidden_notices = array();
|
||||
}
|
||||
$hidden_notices[] = $key;
|
||||
update_option( 'um_hidden_admin_notices', $hidden_notices );
|
||||
}
|
||||
|
||||
function force_dismiss_notice() {
|
||||
if ( ! empty( $_REQUEST['um_dismiss_notice'] ) && ! empty( $_REQUEST['um_admin_nonce'] ) ) {
|
||||
|
||||
@@ -947,6 +947,21 @@ if ( ! class_exists( 'um\admin\core\Admin_Settings' ) ) {
|
||||
'uninstall_on_delete' => array(
|
||||
'sanitize' => 'bool',
|
||||
),
|
||||
'lock_register_forms' => array(
|
||||
'sanitize' => 'bool',
|
||||
),
|
||||
'display_login_form_notice' => array(
|
||||
'sanitize' => 'bool',
|
||||
),
|
||||
'banned_capabilities' => array(
|
||||
'sanitize' => array( UM()->admin(), 'sanitize_wp_capabilities' ),
|
||||
),
|
||||
'secure_notify_admins_banned_accounts' => array(
|
||||
'sanitize' => 'bool',
|
||||
),
|
||||
'secure_notify_admins_banned_accounts__interval' => array(
|
||||
'sanitize' => 'key',
|
||||
),
|
||||
)
|
||||
);
|
||||
|
||||
|
||||
@@ -0,0 +1,348 @@
|
||||
<?php
|
||||
namespace um\admin\core;
|
||||
|
||||
use WP_User;
|
||||
|
||||
if ( ! defined( 'ABSPATH' ) ) {
|
||||
exit;
|
||||
}
|
||||
|
||||
if ( ! class_exists( 'um\admin\core\Secure' ) ) {
|
||||
|
||||
/**
|
||||
* Class Secure
|
||||
*
|
||||
* @package um\admin\core
|
||||
*
|
||||
* @since 2.6.8
|
||||
*/
|
||||
class Secure {
|
||||
|
||||
/**
|
||||
* Used for flushing user metas.
|
||||
*
|
||||
* @var bool
|
||||
*/
|
||||
private $need_flush_meta = false;
|
||||
|
||||
/**
|
||||
* Secure constructor.
|
||||
*
|
||||
* @since 2.6.8
|
||||
*/
|
||||
public function __construct() {
|
||||
add_action( 'admin_init', array( $this, 'admin_init' ) );
|
||||
add_filter( 'um_settings_structure', array( $this, 'add_settings' ) );
|
||||
add_filter( 'manage_users_custom_column', array( $this, 'add_restore_account' ), 10, 3 );
|
||||
|
||||
add_action( 'um_settings_before_save', array( $this, 'check_secure_changes' ) );
|
||||
add_action( 'um_settings_save', array( $this, 'on_settings_save' ) );
|
||||
}
|
||||
|
||||
/**
|
||||
* Handle secure actions.
|
||||
*
|
||||
* @since 2.6.8
|
||||
*/
|
||||
public function admin_init() {
|
||||
// Dismiss admin notice after the first visit to Secure settings page.
|
||||
if ( isset( $_REQUEST['page'] ) && isset( $_REQUEST['tab'] ) &&
|
||||
'um_options' === sanitize_key( $_REQUEST['page'] ) && 'secure' === sanitize_key( $_REQUEST['tab'] ) ) {
|
||||
UM()->admin()->notices()->dismiss( 'secure_settings' );
|
||||
}
|
||||
|
||||
if ( isset( $_REQUEST['um_secure_expire_all_sessions'] ) && ! wp_doing_ajax() ) {
|
||||
if ( ! wp_verify_nonce( $_REQUEST['_wpnonce'], 'um-secure-expire-session-nonce' ) || ! current_user_can( 'manage_options' ) ) {
|
||||
// This nonce is not valid or current logged-in user has no administrative rights.
|
||||
wp_die( esc_html__( 'Security check', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
$users = get_users(
|
||||
array(
|
||||
'fields' => 'ids',
|
||||
)
|
||||
);
|
||||
|
||||
$users = array_values( array_diff( $users, array( get_current_user_id() ) ) );
|
||||
|
||||
if ( ! empty( $users ) ) {
|
||||
foreach ( $users as $user_id ) {
|
||||
// Get an instance of WP_User_Meta_Session_Tokens
|
||||
$sessions_manager = \WP_Session_Tokens::get_instance( $user_id );
|
||||
// Remove all the session for instance user.
|
||||
$sessions_manager->destroy_all();
|
||||
|
||||
// Remove all the session data for all users.
|
||||
//$sessions_manager::drop_sessions();
|
||||
}
|
||||
|
||||
if ( UM()->options()->get( 'display_login_form_notice' ) ) {
|
||||
global $wpdb;
|
||||
$wpdb->query(
|
||||
$wpdb->prepare(
|
||||
"DELETE FROM {$wpdb->usermeta} WHERE user_id != %d AND ( meta_key = 'um_secure_has_reset_password' OR meta_key = 'um_secure_has_reset_password__timestamp' )",
|
||||
get_current_user_id()
|
||||
)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
wp_safe_redirect( add_query_arg( 'update', 'um_secure_expire_sessions', wp_get_referer() ) );
|
||||
exit;
|
||||
}
|
||||
|
||||
if ( isset( $_REQUEST['um_secure_restore_account'], $_REQUEST['user_id'] ) && ! wp_doing_ajax() ) {
|
||||
$user_id = absint( $_REQUEST['user_id'] );
|
||||
if ( ! wp_verify_nonce( $_REQUEST['_wpnonce'], 'um-security-restore-account-nonce-' . $user_id ) || ! current_user_can( 'manage_options' ) ) {
|
||||
// This nonce is not valid or current logged-in user has no administrative rights.
|
||||
wp_die( esc_html__( 'Security check', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
$user = get_userdata( $user_id );
|
||||
if ( ! $user ) {
|
||||
wp_die( esc_html__( 'Invalid user.', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
$metadata = get_user_meta( $user_id, 'um_user_blocked__metadata', true );
|
||||
|
||||
// Restore Roles.
|
||||
if ( isset( $metadata['roles'] ) ) {
|
||||
foreach ( $metadata['roles'] as $role ) {
|
||||
$user->add_role( $role );
|
||||
}
|
||||
}
|
||||
// Restore Account Status.
|
||||
if ( isset( $metadata['account_status'] ) ) {
|
||||
UM()->user()->set_status( $metadata['account_status'] );
|
||||
}
|
||||
|
||||
// Delete blocked meta.
|
||||
delete_user_meta( $user_id, 'um_user_blocked__metadata' );
|
||||
delete_user_meta( $user_id, 'um_user_blocked' );
|
||||
delete_user_meta( $user_id, 'um_user_blocked__datetime' );
|
||||
|
||||
// Don't need to reset a password.
|
||||
update_user_meta( $user_id, 'um_secure_has_reset_password', true );
|
||||
update_user_meta( $user_id, 'um_secure_has_reset_password__timestamp', current_time( 'mysql' ) );
|
||||
|
||||
// Clear Cache.
|
||||
UM()->user()->remove_cache( $user_id );
|
||||
wp_safe_redirect( add_query_arg( 'update', 'um_secure_restore', wp_get_referer() ) );
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Register Secure Settings
|
||||
*
|
||||
* @since 2.6.8
|
||||
*
|
||||
* @param array $settings
|
||||
* @return array
|
||||
*/
|
||||
public function add_settings( $settings ) {
|
||||
$nonce = wp_create_nonce( 'um-secure-expire-session-nonce' );
|
||||
$count_users = count_users();
|
||||
|
||||
/**
|
||||
* UM hook
|
||||
*
|
||||
* @type filter
|
||||
* @title um_secure_register_form_banned_capabilities
|
||||
* @description Modify banned capabilities for Register forms
|
||||
* @input_vars
|
||||
* [{"var":"$capabilities","type":"array","desc":"WordPress Administratrive Capabilities"}]
|
||||
* @change_log
|
||||
* ["Since: 2.6.8"]
|
||||
* @usage
|
||||
* <?php add_filter( 'um_secure_register_form_banned_capabilities', 'function_name', 10, 1 ); ?>
|
||||
* @example
|
||||
* <?php
|
||||
* add_filter( 'um_secure_register_form_banned_capabilities', 'my_banned_capabilities', 10, 1 );
|
||||
* function my_banned_capabilities( $capabiities ) {
|
||||
* // your code here
|
||||
* $capabiities[ ] = 'read'; // rejects all users with `read` capabilitiy.
|
||||
* return $capabiities;
|
||||
* }
|
||||
* ?>
|
||||
*/
|
||||
$banned_admin_capabilities = apply_filters(
|
||||
'um_secure_register_form_banned_capabilities',
|
||||
array(
|
||||
'create_sites',
|
||||
'delete_sites',
|
||||
'manage_network',
|
||||
'manage_sites',
|
||||
'manage_network_users',
|
||||
'manage_network_plugins',
|
||||
'manage_network_themes',
|
||||
'manage_network_options',
|
||||
'upgrade_network',
|
||||
'setup_network',
|
||||
'activate_plugins',
|
||||
'edit_dashboard',
|
||||
'edit_theme_options',
|
||||
'export',
|
||||
'import',
|
||||
'list_users',
|
||||
'remove_users',
|
||||
'switch_themes',
|
||||
'customize',
|
||||
'delete_site',
|
||||
'update_core',
|
||||
'update_plugins',
|
||||
'update_themes',
|
||||
'install_plugins',
|
||||
'install_themes',
|
||||
'delete_themes',
|
||||
'delete_plugins',
|
||||
'edit_plugins',
|
||||
'edit_themes',
|
||||
'edit_files',
|
||||
'edit_users',
|
||||
'add_users',
|
||||
'create_users',
|
||||
'delete_users',
|
||||
'level_10',
|
||||
'manage_options',
|
||||
'promote_users',
|
||||
)
|
||||
);
|
||||
|
||||
$banned_capabilities = array();
|
||||
foreach ( $banned_admin_capabilities as $cap ) {
|
||||
$banned_capabilities[ $cap ] = $cap;
|
||||
}
|
||||
|
||||
$secure_fields = array(
|
||||
array(
|
||||
'id' => 'lock_register_forms',
|
||||
'type' => 'checkbox',
|
||||
'label' => __( 'Lock All Register Forms', 'ultimate-member' ),
|
||||
'description' => __( 'This prevents all users from registering with Ultimate Member on your site.', 'ultimate-member' ),
|
||||
),
|
||||
array(
|
||||
'id' => 'display_login_form_notice',
|
||||
'type' => 'checkbox',
|
||||
'label' => __( 'Display Login form notice to reset passwords', 'ultimate-member' ),
|
||||
'description' => __( 'Enforces users to reset their passwords( one-time ) and prevent from entering old password.', 'ultimate-member' ),
|
||||
),
|
||||
);
|
||||
|
||||
$count_users_exclude_me = $count_users['total_users'] - 1;
|
||||
if ( $count_users_exclude_me > 0 ) {
|
||||
$secure_fields[] = array(
|
||||
'id' => 'force_reset_passwords',
|
||||
'type' => 'info_text',
|
||||
'label' => __( 'Expire All Users Sessions', 'ultimate-member' ),
|
||||
// translators: %d is the users count.
|
||||
'value' => '<a class="button um_secure_force_reset_passwords" href="' . admin_url( '?um_secure_expire_all_sessions=1&_wpnonce=' . esc_attr( $nonce ) ) . '" onclick=\'return confirm("' . esc_js( __( 'Are you sure that you want to make all users sessions expired?', 'ultimate-member' ) ) . '");\'>' . esc_html( sprintf( __( 'Logout Users (%d)', 'ultimate-member' ), $count_users_exclude_me ) ) . '</a>',
|
||||
'description' => __( 'This will log out all users on your site and forces them to reset passwords <br/>when <strong>"Display Login form notice to reset passwords" is enabled/checked.</strong>', 'ultimate-member' ),
|
||||
);
|
||||
}
|
||||
|
||||
$disabled_capabilities = UM()->options()->get_default( 'banned_capabilities' );
|
||||
$disabled_capabilities_text = '<strong>' . implode( '</strong>, <strong>', $disabled_capabilities ) . '</strong>';
|
||||
|
||||
$secure_fields = array_merge(
|
||||
$secure_fields,
|
||||
array(
|
||||
array(
|
||||
'id' => 'banned_capabilities',
|
||||
'type' => 'multi_checkbox',
|
||||
'multi' => true,
|
||||
'columns' => 2,
|
||||
'options_disabled' => UM()->options()->get_default( 'banned_capabilities' ),
|
||||
'options' => $banned_capabilities,
|
||||
'label' => __( 'Banned Administrative Capabilities', 'ultimate-member' ),
|
||||
// translators: %s are disabled default capabilities that are enabled by default.
|
||||
'description' => sprintf( __( 'All the above are default Administrator & Super Admin capabilities. When someone tries to inject capabilities to the Account, Profile & Register forms submission, it will be flagged with this option. The %s capabilities are locked to ensure no users will be created with these capabilities.', 'ultimate-member' ), $disabled_capabilities_text ),
|
||||
),
|
||||
array(
|
||||
'id' => 'secure_notify_admins_banned_accounts',
|
||||
'type' => 'checkbox',
|
||||
'label' => __( 'Notify Administrators', 'ultimate-member' ),
|
||||
'description' => __( 'When enabled, All administrators will be notified when someone has suspicious activities in Profile & Register forms.', 'ultimate-member' ),
|
||||
),
|
||||
array(
|
||||
'id' => 'secure_notify_admins_banned_accounts__interval',
|
||||
'type' => 'select',
|
||||
'options' => array(
|
||||
'instant' => __( 'Send Immediately', 'ultimate-member' ),
|
||||
'hourly' => __( 'Hourly', 'ultimate-member' ),
|
||||
'daily' => __( 'Daily', 'ultimate-member' ),
|
||||
),
|
||||
'label' => __( 'Notification Schedule', 'ultimate-member' ),
|
||||
'conditional' => array( 'secure_notify_admins_banned_accounts', '=', 1 ),
|
||||
),
|
||||
)
|
||||
);
|
||||
|
||||
$settings['secure'] = array(
|
||||
'title' => __( 'Secure', 'ultimate-member' ),
|
||||
'fields' => $secure_fields,
|
||||
);
|
||||
|
||||
return $settings;
|
||||
}
|
||||
|
||||
/**
|
||||
* Append blocked status to the `account_status` column rows.
|
||||
*
|
||||
* @param string $val Default column row value.
|
||||
* @param string $column_name Current column name.
|
||||
* @param int $user_id User ID in loop.
|
||||
*
|
||||
* @since 2.6.8
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
public function add_restore_account( $val, $column_name, $user_id ) {
|
||||
if ( 'account_status' === $column_name ) {
|
||||
um_fetch_user( $user_id );
|
||||
$is_blocked = um_user( 'um_user_blocked' );
|
||||
$account_status = um_user( 'account_status' );
|
||||
if ( ! empty( $is_blocked ) && in_array( $account_status, array( 'rejected', 'inactive' ), true ) ) {
|
||||
$datetime = um_user( 'um_user_blocked__datetime' );
|
||||
$val .= '<div><small>' . esc_html__( 'Blocked Due to Suspicious Activity', 'ultimate-member' ) . '</small></div>';
|
||||
$nonce = wp_create_nonce( 'um-security-restore-account-nonce-' . $user_id );
|
||||
$restore_account_url = admin_url( 'users.php?user_id=' . $user_id . '&um_secure_restore_account=1&_wpnonce=' . $nonce );
|
||||
$action = ' · <a href=" ' . esc_attr( $restore_account_url ) . ' " onclick=\'return confirm("' . esc_js( __( 'Are you sure that you want to restore this account after getting flagged for suspicious activity?', 'ultimate-member' ) ) . '");\'><small>' . esc_html__( 'Restore Account', 'ultimate-member' ) . '</small></a>';
|
||||
if ( ! empty( $datetime ) ) {
|
||||
$val .= '<div><small>' . human_time_diff( strtotime( $datetime ), strtotime( current_time( 'mysql' ) ) ) . ' ' . __( 'ago', 'ultimate-member' ) . '</small>' . $action . '</div>';
|
||||
}
|
||||
}
|
||||
um_reset_user();
|
||||
}
|
||||
return $val;
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public function check_secure_changes() {
|
||||
if ( isset( $_POST['um_options']['display_login_form_notice'] ) ) {
|
||||
$current_option_value = UM()->options()->get( 'display_login_form_notice' );
|
||||
if ( empty( $current_option_value ) ) {
|
||||
return;
|
||||
}
|
||||
|
||||
if ( empty( $_POST['um_options']['display_login_form_notice'] ) ) {
|
||||
$this->need_flush_meta = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public function on_settings_save() {
|
||||
if ( isset( $_POST['um_options']['display_login_form_notice'] ) && ! empty( $this->need_flush_meta ) ) {
|
||||
global $wpdb;
|
||||
$wpdb->query(
|
||||
"DELETE FROM {$wpdb->usermeta} WHERE meta_key = 'um_secure_has_reset_password' OR meta_key = 'um_secure_has_reset_password__timestamp'"
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user