diff --git a/includes/core/class-secure.php b/includes/core/class-secure.php index 344b2937..17fe9d3a 100644 --- a/includes/core/class-secure.php +++ b/includes/core/class-secure.php @@ -1,6 +1,9 @@ get( 'um_user_blocked__metadata' ); + + // Restore Roles. + if ( isset( $metadata['roles'] ) ) { + foreach ( $metadata['roles'] as $role ) { + $user->add_role( $role ); + } + } + // Restore Account Status. + if ( isset( $metadata['account_status'] ) ) { + update_user_meta( $user_id, 'account_status', $metadata['account_status'] ); + } + // Clear Cache + UM()->user()->remove_cache( $user_id ); + + set_transient( 'um_secure_restore_account_notice_success', 1, 5 ); + + wp_safe_redirect( wp_get_referer() ); + exit; + + } + } /** @@ -378,19 +416,18 @@ if ( ! class_exists( 'um\core\Secure' ) ) { global $wpdb; // Fetch the WP_User object of our user. um_fetch_user( $user_id ); - $user = new \WP_User( $user_id ); + $user = new WP_User( $user_id ); $has_admin_cap = false; $arr_banned_caps = array(); if ( UM()->options()->get( 'banned_capabilities' ) ) { $arr_banned_caps = array_keys( UM()->options()->get( 'banned_capabilities' ) ); - } else { - $arr_banned_caps = $this->banned_admin_capabilities; } // Add locked administratrive capabilities $arr_banned_caps[] = 'manage_options'; $arr_banned_caps[] = 'promote_users'; + $arr_banned_caps[] = 'level_10'; foreach ( $arr_banned_caps as $i => $cap ) { /** @@ -459,16 +496,18 @@ if ( ! class_exists( 'um\core\Secure' ) ) { require_once um_path . 'includes/lib/browser.php'; } - // Detect browser + // Detect browser. $browser = new \Browser(); - + // Capture details. $captured = array( - 'capabilities' => $user->allcaps, - 'submitted' => UM()->form()->post_form, - 'roles' => $user->roles, - 'user_browser' => $browser, + 'capabilities' => $user->allcaps, + 'submitted' => UM()->form()->post_form, + 'roles' => $user->roles, + 'user_browser' => $browser, + 'account_status' => get_user_meta( $user->get( 'ID' ), 'account_status', true ), ); update_user_meta( $user->get( 'ID' ), 'um_user_blocked__metadata', $captured ); + $user->remove_all_caps(); if ( is_user_logged_in() ) { UM()->user()->set_status( 'inactive' ); @@ -492,14 +531,20 @@ if ( ! class_exists( 'um\core\Secure' ) ) { */ public function manage_users_custom_column( $val, $column_name, $user_id ) { if ( 'account_status' === $column_name ) { - $is_blocked = get_user_meta( $user_id, 'um_user_blocked', true ); - if ( ! empty( $is_blocked ) ) { - $datetime = get_user_meta( $user_id, 'um_user_blocked__datetime', true ); - $val = $val . '
' . __( 'Blocked Due to Suspicious Activity', 'ultimate-member' ) . '
'; + um_fetch_user( $user_id ); + $is_blocked = um_user( 'um_user_blocked' ); + $account_status = um_user( 'account_status' ); + if ( ! empty( $is_blocked ) && in_array( $account_status, array( 'rejected', 'inactive' ), true ) ) { + $datetime = um_user( 'um_user_blocked__datetime' ); + $val = $val . '
' . __( 'Blocked Due to Suspicious Activity', 'ultimate-member' ) . '
'; + $nonce = wp_create_nonce( 'um-security-restore-account-nonce-' . $user_id ); + $restore_account_url = admin_url( 'users.php?user_id=' . $user_id . '&um_secure_restore_account=1&_wpnonce=' . $nonce ); + $action = ' · ' . __( 'Restore Account', 'ultimate-member' ) . ''; if ( ! empty( $datetime ) ) { - $val = $val . '
' . human_time_diff( strtotime( $datetime ), strtotime( current_time( 'mysql' ) ) ) . ' ' . __( 'ago', 'ultimate-member' ) . '
'; + $val = $val . '
' . human_time_diff( strtotime( $datetime ), strtotime( current_time( 'mysql' ) ) ) . ' ' . __( 'ago', 'ultimate-member' ) . '' . $action . '
'; } } + um_reset_user(); } return $val; } @@ -547,7 +592,7 @@ if ( ! class_exists( 'um\core\Secure' ) ) { ), ); - $users = new \WP_User_Query( $args ); + $users = new WP_User_Query( $args ); $this->send_email( array_values( $users->get_results() ) ); } @@ -583,7 +628,7 @@ if ( ! class_exists( 'um\core\Secure' ) ) { ), ); - $users = new \WP_User_Query( $args ); + $users = new WP_User_Query( $args ); $this->send_email( array_values( $users->get_results() ) ); @@ -666,7 +711,21 @@ if ( ! class_exists( 'um\core\Secure' ) ) { } + public function admin_notice() { + if ( get_transient( 'um_secure_restore_account_notice_success' ) ) { ?> +
+

+ +

+
+