/** * Builds and sends notification email * * Sends the notication email too all applicable administrative users notifying them * that file changes have been detected * * @since 4.0.0 * * @access private * * @param array $email_details array of details for the email messge * * @return void */ private function send_notification_email($email_details) { global $itsec_globals; $itsec_notify = ITSEC_Core::get_itsec_notify(); if (!ITSEC_Modules::get_setting('global', 'digest_email')) { $headers = 'From: ' . get_bloginfo('name') . ' <' . get_option('admin_email') . '>' . "\r\n"; $subject = '[' . get_option('siteurl') . '] ' . __('WordPress File Change Warning', 'better-wp-security') . ' ' . date('l, F jS, Y \\a\\t g:i a e', $itsec_globals['current_time']); $body = '<p>' . __('A file (or files) on your site at ', 'better-wp-security') . ' ' . get_option('siteurl') . __(' have been changed. Please review the report below to verify changes are not the result of a compromise.', 'better-wp-security') . '</p>'; $body .= $this->get_email_report($email_details); //get report $args = array('headers' => $headers, 'message' => $body, 'subject' => $subject); $itsec_notify->notify($args); } else { $changed = $email_details[0] + $email_details[1] + $email_details[2]; if ($changed > 0) { $itsec_notify->register_file_change(); } } }
/** * Sends an email to notify site admins of lockouts * * @since 4.0 * * @param string $host the host to lockout * @param int $user the user id to lockout * @param string $username the username to lockout * @param string $host_expiration when the host login expires * @param string $user_expiration when the user lockout expires * @param string $reason the reason for the lockout to show to the user * * @return void */ private function send_lockout_email($host, $user, $username, $host_expiration, $user_expiration, $reason) { global $itsec_globals; $itsec_notify = ITSEC_Core::get_itsec_notify(); if (!ITSEC_Modules::get_setting('global', 'digest_email')) { $plural_text = __('has', 'better-wp-security'); //Tell which host was locked out if ($host !== false) { $host_text = sprintf('%s, <a href="http://www.traceip.net/?query=%s"><strong>%s</strong></a>, ', __('host', 'better-wp-security'), urlencode($host), sanitize_text_field($host)); $host_expiration_text = __('The host has been locked out ', 'better-wp-security'); if ($host_expiration === false) { $host_expiration_text .= '<strong>' . __('permanently', 'better-wp-security') . '</strong>'; $release_text = sprintf(__('To release the host lockout you can remove the host from the <a href="%1$s">host list</a>.', 'better-wp-security'), wp_login_url(ITSEC_Core::get_settings_page_url())); } else { $host_expiration_text .= sprintf('<strong>%s %s</strong>', __('until', 'better-wp-security'), sanitize_text_field($host_expiration)); $release_text = sprintf(__('To release the lockout please visit <a href="%1$s">the admin area</a>.', 'better-wp-security'), wp_login_url(ITSEC_Core::get_settings_page_url())); } } else { $host_expiration_text = ''; $host_text = ''; $release_text = ''; } $user_object = get_userdata($user); //try to get and actual user object //Tell them which user was locked out and setup the expiration copy if ($user_object !== false || $username !== false) { if ($user_object !== false) { $login = $user_object->user_login; } else { $login = sanitize_text_field($username); } if ($host_text === '') { $user_expiration_text = sprintf('%s <strong>%s %s</strong>.', __('The user has been locked out', 'better-wp-security'), __('until', 'better-wp-security'), sanitize_text_field($user_expiration)); $user_text = sprintf('%s, <strong>%s</strong>, ', __('user', 'better-wp-security'), $login); $release_text = sprintf(__('To release the lockout please visit <a href="%1$s">the lockouts page</a>.', 'better-wp-security'), wp_login_url(ITSEC_Core::get_settings_page_url())); } else { $user_expiration_text = sprintf('%s <strong>%s %s</strong>.', __('and the user has been locked out', 'better-wp-security'), __('until', 'better-wp-security'), sanitize_text_field($user_expiration)); $plural_text = __('have', 'better-wp-security'); $user_text = sprintf('%s, <strong>%s</strong>, ', __('and a user', 'better-wp-security'), $login); if ($host_expiration === false) { $release_text = sprintf(__('To release the user lockout please visit <a href="%1$s">the lockouts page</a>.', 'better-wp-security'), wp_login_url(ITSEC_Core::get_settings_page_url())); } else { $release_text = sprintf(__('To release the lockouts please visit <a href="%1$s">the lockouts page</a>.', 'better-wp-security'), wp_login_url(ITSEC_Core::get_settings_page_url())); } } } else { $user_expiration_text = '.'; $user_text = ''; $release_text = ''; } //Put the copy all together $body = sprintf('<p>%s,</p><p>%s %s %s %s %s <a href="%s">%s</a> %s <strong>%s</strong>.</p><p>%s %s</p><p>%s</p><p><em>*%s %s. %s <a href="%s">%s</a>.</em></p>', __('Dear Site Admin', 'better-wp-security'), __('A', 'better-wp-security'), $host_text, $user_text, $plural_text, __(' been locked out of the WordPress site at', 'better-wp-security'), get_option('siteurl'), get_option('siteurl'), __('due to', 'better-wp-security'), sanitize_text_field($reason), $host_expiration_text, $user_expiration_text, $release_text, __('This email was generated automatically by'), $itsec_globals['plugin_name'], __('To change your email preferences please visit', 'better-wp-security'), wp_login_url(ITSEC_Core::get_settings_page_url()), __('the plugin settings', 'better-wp-security')); //Setup the remainder of the email $subject = '[' . get_option('siteurl') . '] ' . __('Site Lockout Notification', 'better-wp-security'); $subject = apply_filters('itsec_lockout_email_subject', $subject); $headers = 'From: ' . get_bloginfo('name') . ' <' . get_option('admin_email') . '>' . "\r\n"; $args = array('headers' => $headers, 'message' => $body, 'subject' => $subject); $itsec_notify->notify($args); } }