* @example * */ $this->banned_admin_capabilities = apply_filters( 'um_secure_register_form_banned_capabilities', array( 'create_sites', 'delete_sites', 'manage_network', 'manage_sites', 'manage_network_users', 'manage_network_plugins', 'manage_network_themes', 'manage_network_options', 'upgrade_network', 'setup_network', 'activate_plugins', 'edit_dashboard', 'edit_theme_options', 'export', 'import', 'list_users', 'manage_options', 'promote_users', 'remove_users', 'switch_themes', 'customize', 'delete_site', 'update_core', 'update_plugins', 'update_themes', 'install_plugins', 'install_themes', 'delete_themes', 'delete_plugins', 'edit_plugins', 'edit_themes', 'edit_files', 'edit_users', 'add_users', 'create_users', 'delete_users', ) ); add_action( 'um_after_save_registration_details', array( $this, 'secure_user_capabilities' ), 10, 3 ); } /** * Admin Init * * @since 2.6.8 */ public function admin_init() { if ( isset( $_REQUEST['um_secure_expire_all_sessions'] ) ) { if ( ! wp_verify_nonce( $_REQUEST['_wpnonce'], 'um-secure-expire-session-nonce' ) ) { // This nonce is not valid. wp_die( esc_html_e( 'Security check', 'ultimate-member' ) ); } // Get an instance of WP_User_Meta_Session_Tokens $sessions_manager = \WP_Session_Tokens::get_instance( null ); // Remove all the session data for all users. $sessions_manager->drop_sessions(); wp_safe_redirect( admin_url() ); exit; } } /** * Add Login notice for Reset Password * * @param array $args * @since 2.6.8 */ public function reset_password_notice( $args ) { if ( ! UM()->options()->get( 'display_login_form_notice' ) ) { return; } // phpcs:disable WordPress.Security.NonceVerification if ( ! isset( $_REQUEST['notice'] ) || 'expired_password' !== $_REQUEST['notice'] ) { return; } // phpcs:enable WordPress.Security.NonceVerification echo "
"; echo wp_kses( sprintf( // translators: One-time change requires you to reset your password __( 'Important: Your password has expired. This (one-time) change requires you to reset your password. Please click here to reset your password via Email.', 'ultimate-member' ), um_get_core_page( 'password-reset' ) ), array( 'strong' => array(), 'a' => array( 'href' => array(), ), ) ); echo '
'; } /** * Add Login notice for Under Maintance * * @param array $args * @since 2.6.8 */ public function under_maintanance_notice( $args ) { if ( ! UM()->options()->get( 'lock_register_forms' ) ) { return; } // phpcs:disable WordPress.Security.NonceVerification if ( ! isset( $_REQUEST['notice'] ) || 'maintanance' !== $_REQUEST['notice'] ) { return; } // phpcs:enable WordPress.Security.NonceVerification echo ""; echo wp_kses( sprintf( // translators: One-time change requires you to reset your password __( 'Important: This site is currently under maintenance. Please check back soon.', 'ultimate-member' ), um_get_core_page( 'password-reset' ) ), array( 'strong' => array(), 'a' => array( 'href' => array(), ), ) ); echo '
'; } /** * Register Secure Settings * * @param array $settings * @since 2.6.8 */ public function add_settings( $settings ) { $nonce = wp_create_nonce( 'um-secure-expire-session-nonce' ); $count_users = count_users(); $settings['secure']['title'] = __( 'Secure', 'ultimate-member' ); $settings['secure']['sections'] = array( '' => array( 'title' => __( 'Secure Ultimate Member', 'ultimate-member' ), 'fields' => array( array( 'id' => 'lock_register_forms', 'type' => 'checkbox', 'label' => __( 'Lock All Register Forms', 'ultimate-member' ), 'description' => __( 'This prevents all users from registering with Ultimate Member on your site.', 'ultimate-member' ), ), array( 'id' => 'display_login_form_notice', 'type' => 'checkbox', 'label' => __( 'Display Login form notice to reset passwords', 'ultimate-member' ), 'description' => __( 'Enforces users to reset their passwords( one-time ) and prevent from entering old password.', 'ultimate-member' ), ), array( 'id' => 'force_reset_passwords', 'type' => 'info_text', 'label' => __( 'Expire All Users Sessions', 'ultimate-member' ), 'value' => 'Logout Users(' . esc_attr( $count_users['total_users'] ) . ') ', 'description' => __( 'This will logout all users on your site and forces them to reset passwords