/**
* Retrieve the list of all the user logins from the datastore file.
*
* The results of this operation can be filtered by specific user identifiers,
* or limiting the quantity of entries.
*
* @param integer $limit How many entries will be returned from the operation.
* @param integer $offset Initial point where the logs will be start counting.
* @param integer $user_id Optional user identifier to filter the results.
* @return array The list of all the user logins, and total of entries registered.
*/
function sucuriscan_get_logins($limit = 10, $offset = 0, $user_id = 0)
{
$datastore_filepath = sucuriscan_lastlogins_datastore_is_readable();
$last_logins = array('total' => 0, 'entries' => array());
if ($datastore_filepath) {
$parsed_lines = 0;
$data_lines = SucuriScanFileInfo::file_lines($datastore_filepath);
if ($data_lines) {
/**
* This count will not be 100% accurate considering that we are checking the
* syntax of each line in the loop bellow, there may be some lines without the
* right syntax which will differ from the total entries returned, but there's
* not other EASY way to do this without affect the performance of the code.
*
* @var integer
*/
$total_lines = count($data_lines);
$last_logins['total'] = $total_lines;
// Get a list with the latest entries in the first positions.
$reversed_lines = array_reverse($data_lines);
/**
* Only the user accounts with administrative privileges can see the logs of all
* the users, for the rest of the accounts they will only see their own logins.
*
* @var object
*/
$current_user = wp_get_current_user();
$is_admin_user = (bool) current_user_can('manage_options');
for ($i = $offset; $i < $total_lines; $i++) {
$line = $reversed_lines[$i] ? trim($reversed_lines[$i]) : '';
// Check if the data is serialized (which we will consider as insecure).
if (SucuriScan::is_serialized($line)) {
$last_login = @unserialize($line);
// TODO: Remove after version 1.7.5
} else {
$last_login = @json_decode($line, true);
}
if ($last_login) {
$last_login['user_lastlogin_timestamp'] = strtotime($last_login['user_lastlogin']);
$last_login['user_registered_timestamp'] = 0;
// Only administrators can see all login stats.
if (!$is_admin_user && $current_user->user_login != $last_login['user_login']) {
continue;
}
// Filter the user identifiers using the value passed tot his function.
if ($user_id > 0 && $last_login['user_id'] != $user_id) {
continue;
}
// Get the WP_User object and add extra information from the last-login data.
$last_login['user_exists'] = false;
$user_account = get_userdata($last_login['user_id']);
if ($user_account) {
$last_login['user_exists'] = true;
foreach ($user_account->data as $var_name => $var_value) {
$last_login[$var_name] = $var_value;
if ($var_name == 'user_registered') {
$last_login['user_registered_timestamp'] = strtotime($var_value);
}
}
}
$last_login['line_num'] = $i + 1;
$last_logins['entries'][] = (object) $last_login;
$parsed_lines += 1;
} else {
$last_logins['total'] -= 1;
}
if (preg_match('/^[0-9]+$/', $limit) && $limit > 0) {
if ($parsed_lines >= $limit) {
break;
}
}
}
}
}
return $last_logins;
}
