array( 'title' => __('User accounts', 'all-in-one-wp-security-and-firewall'), 'render_callback' => array($this, 'render_wp_user_account'), ), 'login-lockout' => array( 'title' => __('Login lockout', 'all-in-one-wp-security-and-firewall'), 'render_callback' => array($this, 'render_login_lockout'), ), 'force-logout' => array( 'title' => __('Force logout', 'all-in-one-wp-security-and-firewall'), 'render_callback' => array($this, 'render_force_logout'), ), 'logged-in-users' => array( 'title' => __('Logged in users', 'all-in-one-wp-security-and-firewall'), 'render_callback' => array($this, 'render_logged_in_users'), ), 'manual-approval' => array( 'title' => __('Manual approval', 'all-in-one-wp-security-and-firewall'), 'render_callback' => array($this, 'render_manual_approval'), ), 'salt' => array( 'title' => __('Salt', 'all-in-one-wp-security-and-firewall'), 'render_callback' => array($this, 'render_salt_tab'), 'display_condition_callback' => array('AIOWPSecurity_Utility_Permissions', 'is_main_site_and_super_admin'), ), 'additional' => array( 'title' => __('Additional settings', 'all-in-one-wp-security-and-firewall'), 'render_callback' => array($this, 'render_additional'), ), ); $this->menu_tabs = array_filter($menu_tabs, array($this, 'should_display_tab')); } /** * Renders the submenu's WP User Account tab * * @return Void */ protected function render_wp_user_account() { global $aio_wp_security, $aiowps_feature_mgr; if (isset($_POST['aiowps_change_admin_username'])) { // Do form submission tasks echo $this->validate_change_username_form(); } $user_accounts = ''; if (is_multisite()) { // Multi-site: get admin accounts for current site $blog_id = get_current_blog_id(); $user_accounts = $this->get_all_admin_accounts($blog_id); } else { $user_accounts = $this->get_all_admin_accounts(); } if (isset($_POST['aiowpsec_save_users_enumeration'])) { $result = AIOWPSecurity_Utility_Permissions::check_nonce_and_user_cap($_REQUEST['_wpnonce'], 'aiowpsec-users-enumeration'); if (is_wp_error($result)) { $aio_wp_security->debug_logger->log_debug($result->get_error_message(), 4); die("Nonce check failed on prevent user enumeration feature settings save."); } // Save settings $aio_wp_security->configs->set_value('aiowps_prevent_users_enumeration', isset($_POST["aiowps_prevent_users_enumeration"]) ? '1' : '', true); $this->show_msg_updated(__('User Enumeration Prevention feature settings saved!', 'all-in-one-wp-security-and-firewall')); //Recalculate points after the feature status/options have been altered $aiowps_feature_mgr->check_feature_status_and_recalculate_points(); } $aio_wp_security->include_template('wp-admin/user-security/wp-username.php', false, array('aiowps_feature_mgr' => $aiowps_feature_mgr, 'user_accounts' => $user_accounts, 'AIOWPSecurity_User_Security_Menu' => $this)); $aio_wp_security->include_template('wp-admin/user-security/display-name.php', false, array('aiowps_feature_mgr' => $aiowps_feature_mgr)); $aio_wp_security->include_template('wp-admin/user-security/user-enumeration.php', false, array()); } /** * This function will validate the new username before changing it * * @return string - the html result */ private function validate_change_username_form() { global $wpdb; global $aio_wp_security; $errors = ''; $nonce=$_REQUEST['_wpnonce']; if (!wp_verify_nonce($nonce, 'aiowpsec-change-admin-nonce')) { $aio_wp_security->debug_logger->log_debug("Nonce check failed on admin username change operation.", 4); die('Nonce check failed on admin username change operation.'); } if (!empty($_POST['aiowps_new_user_name'])) { $new_username = sanitize_text_field($_POST['aiowps_new_user_name']); if (validate_username($new_username)) { if (AIOWPSecurity_Utility::check_user_exists($new_username)) { $errors .= sprintf(__('Username: %s already exists, please enter another value.', 'all-in-one-wp-security-and-firewall'), $new_username); } else { // let's check if currently logged in username is 'admin' $user = wp_get_current_user(); $user_login = $user->user_login; if (strtolower($user_login) == 'admin') { $username_is_admin = true; } else { $username_is_admin = false; } // Now let's change the username $sql = $wpdb->prepare("UPDATE `" . $wpdb->users . "` SET user_login = '" . esc_sql($new_username) . "' WHERE user_login=%s", "admin"); $result = $wpdb->query($sql); if (!$result) { // There was an error updating the users table $user_update_error = __('The database update operation of the user account failed.', 'all-in-one-wp-security-and-firewall'); // TODO## - add error logging here $return_msg = '

'.$user_update_error.'

'; return $return_msg; } // multisite considerations if (is_multisite()) { // process sitemeta if we're in a multi-site situation $oldAdmins = $wpdb->get_var("SELECT meta_value FROM `" . $wpdb->sitemeta . "` WHERE meta_key = 'site_admins'"); $newAdmins = str_replace('5:"admin"', strlen($new_username) . ':"' . esc_sql($new_username) . '"', $oldAdmins); $wpdb->query("UPDATE `" . $wpdb->sitemeta . "` SET meta_value = '" . esc_sql($newAdmins) . "' WHERE meta_key = 'site_admins'"); } // If user is logged in with username "admin" then log user out and send to login page so they can login again if ($username_is_admin) { // Lets logout the user $aio_wp_security->debug_logger->log_debug("Logging user out with login ".$user_login. " because they changed their username."); $after_logout_url = AIOWPSecurity_Utility::get_current_page_url(); $after_logout_payload = array('redirect_to' => $after_logout_url, 'msg' => $aio_wp_security->user_login_obj->key_login_msg.'=admin_user_changed'); //Save some of the logout redirect data to a transient is_multisite() ? set_site_transient('aiowps_logout_payload', $after_logout_payload, 30 * 60) : set_transient('aiowps_logout_payload', $after_logout_payload, 30 * 60); $logout_url = AIOWPSEC_WP_URL.'?aiowpsec_do_log_out=1'; $logout_url = AIOWPSecurity_Utility::add_query_data_to_url($logout_url, 'al_additional_data', '1'); AIOWPSecurity_Utility::redirect_to_url($logout_url); } } } else { // An invalid username was entered $errors .= __('You entered an invalid username, please enter another value.', 'all-in-one-wp-security-and-firewall'); } } else { // No username value was entered $errors .= __('Please enter a value for your username. ', 'all-in-one-wp-security-and-firewall'); } if (strlen($errors) > 0) { // We have some validation or other error $return_msg = '

' . $errors . '

'; } else { $return_msg = '

'.__('The username has been successfully changed.', 'all-in-one-wp-security-and-firewall').'

'; } return $return_msg; } /** * This function will retrieve all user accounts which have 'administrator' role and will return html code with results in a table * * @param string $blog_id - the blog we want to get the user account information from * * @return string - the html from the result */ private function get_all_admin_accounts($blog_id = '') { // TODO: Have included the "blog_id" variable for future use for cases where people want to search particular blog (eg, multi-site) if ($blog_id) { $admin_users = get_users('blog_id='.$blog_id.'&orderby=login&role=administrator'); } else { $admin_users = get_users('orderby=login&role=administrator'); } // now let's put the results in an HTML table $account_output = ""; if (!empty($admin_users)) { $account_output .= ''; $account_output .= ''; foreach ($admin_users as $entry) { $account_output .= ''; if (strtolower($entry->user_login) == 'admin') { $account_output .= ''; } else { $account_output .= ''; } $user_acct_edit_link = admin_url('user-edit.php?user_id=' . $entry->ID); $account_output .= ''; $account_output .= ''; } $account_output .= '
'.esc_html(__('Account login name', 'all-in-one-wp-security-and-firewall')).'
'.esc_html($entry->user_login).''.esc_html($entry->user_login).''.esc_html(__('Edit user', 'all-in-one-wp-security-and-firewall')).'
'; } return $account_output; } /** * Login Lockout configuration to set. * * @global AIO_WP_Security $aio_wp_security * @global AIOWPSecurity_Feature_Item_Manager $aiowps_feature_mgr * * @return Void */ protected function render_login_lockout() { global $aio_wp_security, $aiowps_feature_mgr; include_once 'wp-security-list-locked-ip.php'; // For rendering the AIOWPSecurity_List_Table in tab1 $locked_ip_list = new AIOWPSecurity_List_Locked_IP(); // For rendering the AIOWPSecurity_List_Table in tab1 if (isset($_POST['aiowps_login_lockdown'])) { // Do form submission tasks $error = ''; if (!isset($_POST['_wpnonce']) || !wp_verify_nonce($_POST['_wpnonce'], 'aiowpsec-login-lockdown-nonce')) { $aio_wp_security->debug_logger->log_debug("Nonce check failed on login lockout options save.", 4); die("Nonce check failed on login lockout options save."); } $max_login_attempt_val = sanitize_text_field($_POST['aiowps_max_login_attempts']); if (!is_numeric($max_login_attempt_val)) { $error .= '
' . __('You entered a non-numeric value for the max login attempts field.', 'all-in-one-wp-security-and-firewall') . ' ' . __('It has been set to the default value.', 'all-in-one-wp-security-and-firewall'); $max_login_attempt_val = '3'; // Set it to the default value for this field } $login_retry_time_period = sanitize_text_field($_POST['aiowps_retry_time_period']); if (!is_numeric($login_retry_time_period)) { $error .= '
' . __('You entered a non numeric value for the login retry time period field.', 'all-in-one-wp-security-and-firewall') . ' ' . __('It has been set to the default value.', 'all-in-one-wp-security-and-firewall'); $login_retry_time_period = '5'; // Set it to the default value for this field } $lockout_time_length = sanitize_text_field($_POST['aiowps_lockout_time_length']); if (!is_numeric($lockout_time_length)) { $error .= '
'.__('You entered a non numeric value for the lockout time length field.', 'all-in-one-wp-security-and-firewall') . ' ' . __('It has been set to the default value.', 'all-in-one-wp-security-and-firewall'); $lockout_time_length = '5'; // Set it to the default value for this field } $max_lockout_time_length = sanitize_text_field($_POST['aiowps_max_lockout_time_length']); if (!is_numeric($max_lockout_time_length)) { $error .= '
'.__('You entered a non numeric value for the maximum lockout time length field.', 'all-in-one-wp-security-and-firewall') . ' ' . __('It has been set to the default value.', 'all-in-one-wp-security-and-firewall'); $max_lockout_time_length = '60'; // Set it to the default value for this field } if ($lockout_time_length >= $max_lockout_time_length) { $error .= '
'.__('You entered an invalid minimum lockout time length, it must be less than the maximum lockout time length value.', 'all-in-one-wp-security-and-firewall') . ' ' . __('Both have been set to the default values.', 'all-in-one-wp-security-and-firewall'); $lockout_time_length = '5'; // Set it to the default value for this field $max_lockout_time_length = '60'; // Set it to the default value for this field } $email_addresses = isset($_POST['aiowps_email_address']) ? stripslashes($_POST['aiowps_email_address']) : get_bloginfo('admin_email'); $email_addresses_trimmed = AIOWPSecurity_Utility::explode_trim_filter_empty($email_addresses, "\n"); // Read into array, sanitize, filter empty and keep only unique usernames. $email_address_list = array_unique( array_filter( array_map( 'sanitize_email', $email_addresses_trimmed ), 'is_email' ) ); if (isset($_POST['aiowps_enable_email_notify']) && 1 == $_POST['aiowps_enable_email_notify'] && 0 == count($email_addresses_trimmed)) { $error .= '
' . __('Please fill in one or more email addresses to notify.', 'all-in-one-wp-security-and-firewall'); } elseif (isset($_POST['aiowps_enable_email_notify']) && 1 == $_POST['aiowps_enable_email_notify'] && (0 == count($email_address_list) || count($email_address_list) != count($email_addresses_trimmed))) { $error .= '
' . __('You have entered one or more invalid email addresses.', 'all-in-one-wp-security-and-firewall'); } if (0 == count($email_address_list)) { $error .= ' ' . __('It has been set to your WordPress admin email as default.', 'all-in-one-wp-security-and-firewall'); $email_address_list[] = get_bloginfo('admin_email'); } // Instantly lockout specific usernames $instantly_lockout_specific_usernames = isset($_POST['aiowps_instantly_lockout_specific_usernames']) ? $_POST['aiowps_instantly_lockout_specific_usernames'] : ''; // Read into array, sanitize, filter empty and keep only unique usernames. $instantly_lockout_specific_usernames = array_unique( array_filter( array_map( 'sanitize_user', AIOWPSecurity_Utility::explode_trim_filter_empty($instantly_lockout_specific_usernames) ), 'strlen' ) ); if ($error) { $this->show_msg_error(__('Attention:', 'all-in-one-wp-security-and-firewall') . ' ' . $error); } // Save all the form values to the options $random_20_digit_string = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(20); // Generate random 20 char string for use during CAPTCHA encode/decode $aio_wp_security->configs->set_value('aiowps_unlock_request_secret_key', $random_20_digit_string); $aio_wp_security->configs->set_value('aiowps_enable_login_lockdown', isset($_POST["aiowps_enable_login_lockdown"]) ? '1' : ''); $aio_wp_security->configs->set_value('aiowps_allow_unlock_requests', isset($_POST["aiowps_allow_unlock_requests"]) ? '1' : ''); $aio_wp_security->configs->set_value('aiowps_max_login_attempts', absint($max_login_attempt_val)); $aio_wp_security->configs->set_value('aiowps_retry_time_period', absint($login_retry_time_period)); $aio_wp_security->configs->set_value('aiowps_lockout_time_length', absint($lockout_time_length)); $aio_wp_security->configs->set_value('aiowps_max_lockout_time_length', absint($max_lockout_time_length)); $aio_wp_security->configs->set_value('aiowps_set_generic_login_msg', isset($_POST["aiowps_set_generic_login_msg"]) ? '1' : ''); $aio_wp_security->configs->set_value('aiowps_enable_invalid_username_lockdown', isset($_POST["aiowps_enable_invalid_username_lockdown"]) ? '1' : ''); $aio_wp_security->configs->set_value('aiowps_instantly_lockout_specific_usernames', $instantly_lockout_specific_usernames); $aio_wp_security->configs->set_value('aiowps_enable_email_notify', isset($_POST["aiowps_enable_email_notify"]) ? '1' : ''); $aio_wp_security->configs->set_value('aiowps_enable_php_backtrace_in_email', isset($_POST['aiowps_enable_php_backtrace_in_email']) ? '1' : ''); $aio_wp_security->configs->set_value('aiowps_email_address', $email_address_list); $aio_wp_security->configs->save_config(); // Recalculate points after the feature status/options have been altered $aiowps_feature_mgr->check_feature_status_and_recalculate_points(); $this->show_msg_settings_updated(); } // login lockdown whitelist settings $result = 1; if (isset($_POST['aiowps_save_lockdown_whitelist_settings'])) { if (!isset($_POST['_wpnonce']) || !wp_verify_nonce($_POST['_wpnonce'], 'aiowpsec-lockdown-whitelist-settings-nonce')) { $aio_wp_security->debug_logger->log_debug("Nonce check failed for save lockout whitelist settings.", 4); die('Nonce check failed for save lockout whitelist settings.'); } if (!empty($_POST['aiowps_lockdown_allowed_ip_addresses'])) { $ip_addresses = stripslashes($_POST['aiowps_lockdown_allowed_ip_addresses']); $ip_list_array = AIOWPSecurity_Utility_IP::create_ip_list_array_from_string_with_newline($ip_addresses); $validated_ip_list_array = AIOWPSecurity_Utility_IP::validate_ip_list($ip_list_array, 'whitelist'); if (is_wp_error($validated_ip_list_array)) { $result = -1; $this->show_msg_error(nl2br($validated_ip_list_array->get_error_message())); } else { $allowed_ip_data = implode("\n", $validated_ip_list_array); $aio_wp_security->configs->set_value('aiowps_lockdown_allowed_ip_addresses', $allowed_ip_data); $_POST['aiowps_lockdown_allowed_ip_addresses'] = ''; // Clear the post variable for the allowed address list. } } else { $aio_wp_security->configs->set_value('aiowps_lockdown_allowed_ip_addresses', ''); //Clear the IP address config value } if (1 == $result) { $aio_wp_security->configs->set_value('aiowps_lockdown_enable_whitelisting', isset($_POST["aiowps_lockdown_enable_whitelisting"]) ? '1' : '', true); $this->show_msg_settings_updated(); //Recalculate points after the feature status/options have been altered $aiowps_feature_mgr->check_feature_status_and_recalculate_points(); } } $aiowps_lockdown_allowed_ip_addresses = isset($_POST['aiowps_lockdown_allowed_ip_addresses']) ? wp_unslash($_POST['aiowps_lockdown_allowed_ip_addresses']) : ''; $aiowps_lockdown_allowed_ip_addresses = -1 == $result ? stripslashes($aiowps_lockdown_allowed_ip_addresses) : $aio_wp_security->configs->get_value('aiowps_lockdown_allowed_ip_addresses'); $aio_wp_security->include_template('wp-admin/user-security/login-lockout.php', false, array('aiowps_feature_mgr' => $aiowps_feature_mgr, 'locked_ip_list' => $locked_ip_list, "aiowps_lockdown_allowed_ip_addresses" => $aiowps_lockdown_allowed_ip_addresses)); } /** * Force logged user to logout afte x mins. * * @global AIO_WP_Security $aio_wp_security * @global AIOWPSecurity_Feature_Item_Manager $aiowps_feature_mgr * @return void */ protected function render_force_logout() { global $aio_wp_security, $aiowps_feature_mgr; if (isset($_POST['aiowpsec_save_force_logout_settings'])) { //Do form submission tasks $error = ''; if (!isset($_POST['_wpnonce']) || !wp_verify_nonce($_POST['_wpnonce'], 'aiowpsec-force-logout-settings-nonce')) { $aio_wp_security->debug_logger->log_debug("Nonce check failed on force logout options save.", 4); die("Nonce check failed on force logout options save."); } $logout_time_period = sanitize_text_field($_POST['aiowps_logout_time_period']); if (!is_numeric($logout_time_period)) { $error .= '
'.__('You entered a non numeric value for the logout time period field, it has been set to the default value.', 'all-in-one-wp-security-and-firewall'); $logout_time_period = '1'; // Set it to the default value for this field } else { if ($logout_time_period < 1) { $logout_time_period = '1'; } } if ($error) { $this->show_msg_error(__('Attention:', 'all-in-one-wp-security-and-firewall') . ' ' . $error); } // Save all the form values to the options $aio_wp_security->configs->set_value('aiowps_logout_time_period', absint($logout_time_period)); $aio_wp_security->configs->set_value('aiowps_enable_forced_logout', isset($_POST["aiowps_enable_forced_logout"]) ? '1' : ''); $aio_wp_security->configs->save_config(); // Recalculate points after the feature status/options have been altered $aiowps_feature_mgr->check_feature_status_and_recalculate_points(); $this->show_msg_settings_updated(); } $aio_wp_security->include_template('wp-admin/user-security/force-logout.php', false, array('aiowps_feature_mgr' => $aiowps_feature_mgr)); } /** * Logged in users list. * * @global AIO_WP_Security $aio_wp_security * @return void */ protected function render_logged_in_users() { global $aio_wp_security; include_once 'wp-security-list-logged-in-users.php'; // For rendering the AIOWPSecurity_List_Table $user_list = new AIOWPSecurity_List_Logged_In_Users(); if (isset($_REQUEST['action'])) { // Do row action tasks for list table form for login activity display if ('force_user_logout' == $_REQUEST['action']) { // Force Logout link was clicked for a row in list table $nonce = isset($_REQUEST['aiowps_nonce']) ? $_REQUEST['aiowps_nonce'] : ''; $result = AIOWPSecurity_Utility_Permissions::check_nonce_and_user_cap($nonce, 'force_user_logout'); if (is_wp_error($result)) { $aio_wp_security->debug_logger->log_debug($result->get_error_message(), 4); die($result->get_error_message()); } $user_list->force_user_logout(strip_tags($_REQUEST['logged_in_id'])); } } if (isset($_POST['aiowps_refresh_logged_in_user_list'])) { if (!isset($_POST['_wpnonce']) || !wp_verify_nonce($_POST['_wpnonce'], 'aiowpsec-logged-in-users-nonce')) { $aio_wp_security->debug_logger->log_debug("Nonce check failed for users logged in list.", 4); die('Nonce check failed for users logged in list.'); } $user_list->prepare_items(); } $page = $_REQUEST['page']; $tab = $_REQUEST["tab"]; $aio_wp_security->include_template('wp-admin/user-security/logged-in-users.php', false, array('user_list' => $user_list, 'page' => $page, 'tab' => $tab)); } /** * Renders the submenu's manual approval tab * * @return Void */ protected function render_manual_approval() { global $aio_wp_security, $aiowps_feature_mgr; include_once 'wp-security-list-registered-users.php'; // For rendering the AIOWPSecurity_List_Table $user_list = new AIOWPSecurity_List_Registered_Users(); if (isset($_POST['aiowps_save_user_registration_settings'])) { // Do form submission tasks $nonce = $_REQUEST['_wpnonce']; if (!wp_verify_nonce($nonce, 'aiowpsec-user-registration-settings-nonce')) { $aio_wp_security->debug_logger->log_debug("Nonce check failed on save user registration settings.", 4); die("Nonce check failed on save user registration settings."); } // Save settings $aio_wp_security->configs->set_value('aiowps_enable_manual_registration_approval', isset($_POST["aiowps_enable_manual_registration_approval"]) ? '1' : '', true); // Recalculate points after the feature status/options have been altered $aiowps_feature_mgr->check_feature_status_and_recalculate_points(); $this->show_msg_updated(__('Settings were successfully saved', 'all-in-one-wp-security-and-firewall')); } if (isset($_GET['action'])) { // Do list table form row action tasks $nonce = isset($_GET['aiowps_nonce']) ? $_GET['aiowps_nonce'] : ''; $nonce_user_cap_result = AIOWPSecurity_Utility_Permissions::check_nonce_and_user_cap($nonce, 'registered_user_item_action'); if (is_wp_error($nonce_user_cap_result)) { $aio_wp_security->debug_logger->log_debug($nonce_user_cap_result->get_error_message(), 4); die($nonce_user_cap_result->get_error_message()); } if ('approve_acct' == $_GET['action']) { // Approve link was clicked for a row in list table $user_list->approve_selected_accounts(strip_tags($_GET['user_id'])); } if ('delete_acct' == $_GET['action']) { // Delete link was clicked for a row in list table $user_list->delete_selected_accounts(strip_tags($_GET['user_id'])); } if ('block_ip' == $_GET['action']) { // Block IP link was clicked for a row in list table $user_list->block_selected_ips(strip_tags($_GET['ip_address'])); } } $page = $_REQUEST['page']; $tab = isset($_REQUEST["tab"]) ? $_REQUEST["tab"] : ''; $aio_wp_security->include_template('wp-admin/user-security/manual-approval.php', false, array('user_list' => $user_list, 'aiowps_feature_mgr' => $aiowps_feature_mgr, 'page' => $page, 'tab' => $tab)); } /** * Renders the submenu's salt tab * * @return Void */ protected function render_salt_tab() { global $aio_wp_security, $aiowps_feature_mgr; if (isset($_POST['aios_save_salt_postfix_settings'])) { $nonce_user_cap_result = AIOWPSecurity_Utility_Permissions::check_nonce_and_user_cap($_POST['_wpnonce'], 'aios-salt-postfix-settings'); if (is_wp_error($nonce_user_cap_result)) { $aio_wp_security->debug_logger->log_debug($nonce_user_cap_result->get_error_message(), 4); die($nonce_user_cap_result->get_error_message()); } //Save settings $aiowps_enable_salt_postfix = isset($_POST['aiowps_enable_salt_postfix']) ? '1' : ''; if ($aiowps_enable_salt_postfix == $aio_wp_security->configs->get_value('aiowps_enable_salt_postfix')) { $is_setting_changed = true; } else { $is_setting_changed = false; } $aio_wp_security->configs->set_value('aiowps_enable_salt_postfix', $aiowps_enable_salt_postfix, true); $ret_schedule = $this->schedule_change_auth_keys_and_salt(); if (is_wp_error($ret_schedule)) { $aio_wp_security->debug_logger->log_debug($ret_schedule->get_error_message(), 4); } if ('1' == $aiowps_enable_salt_postfix && $is_setting_changed) { AIOWPSecurity_Utility::change_salt_postfixes(); } $this->show_msg_updated(__('Salt postfix feature settings saved.', 'all-in-one-wp-security-and-firewall')); //Recalculate points after the feature status/options have been altered $aiowps_feature_mgr->check_feature_status_and_recalculate_points(); } $aio_wp_security->include_template('wp-admin/miscellaneous/salt.php'); } /** * Schedule weekly aios_change_auth_keys_and_salt cron event. * * @return Boolean|WP_Error True if event successfully scheduled. False or WP_Error on failure. */ private function schedule_change_auth_keys_and_salt() { $previous_time = wp_next_scheduled('aios_change_auth_keys_and_salt'); if (false !== $previous_time) { // Clear schedule so that we don't stack up scheduled backups wp_clear_scheduled_hook('aios_change_auth_keys_and_salt'); } $gmt_offset_in_seconds = floatval(get_option('gmt_offset')) * 3600; $first_time = strtotime('next Sunday '.apply_filters('aios_salt_change_schedule_time', '3:00 am')) + $gmt_offset_in_seconds; return wp_schedule_event($first_time, 'weekly', 'aios_change_auth_keys_and_salt'); } /** * Shows additional tab and field for the disable application password and saves on submit. * * @global AIO_WP_Security $aio_wp_security * @global AIOWPSecurity_Feature_Item_Manager $aiowps_feature_mgr * @return void */ protected function render_additional() { global $aio_wp_security, $aiowps_feature_mgr; if (isset($_POST['aiowpsec_save_additonal_settings'])) { if (!isset($_POST['_wpnonce']) || !wp_verify_nonce($_POST['_wpnonce'], 'aiowpsec-additonal-settings-nonce')) { $aio_wp_security->debug_logger->log_debug("Nonce check failed on additional settings save.", 4); die("Nonce check failed on additional settings save."); } // Save all the form values to the options $aio_wp_security->configs->set_value('aiowps_disable_application_password', isset($_POST['aiowps_disable_application_password']) ? '1' : '', true); // Recalculate points after the feature status/options have been altered $aiowps_feature_mgr->check_feature_status_and_recalculate_points(); $this->show_msg_settings_updated(); } $aio_wp_security->include_template('wp-admin/user-security/additional.php', false, array('aiowps_feature_mgr' => $aiowps_feature_mgr)); } }