$user_email = stripslashes($user->user_email);
if (is_multisite()) {
$blogname = $current_site->site_name;
} else {
// The blogname option is escaped with esc_html on the way into the database in sanitize_option
// we want to reverse this for the plain text arena of emails.
$blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES);
}
$unlock_url = add_query_arg(array('action' => 'unlock', 'key' => self::get_user_unlock_key($user->ID), 'login' => rawurlencode($user_login)), wp_login_url());
$title = sprintf(__('[%s] Account Locked', 'theme-my-login'), $blogname);
$message = sprintf(__('For your security, your account has been locked because of too many failed login attempts. To unlock your account please click the following link: ', 'theme-my-login'), $blogname) . "\r\n\r\n";
$message .= $unlock_url . "\r\n";
if ($user->has_cap('administrator')) {
$message .= "\r\n";
$message .= __('The following attempts resulted in the lock:', 'theme-my-login') . "\r\n\r\n";
foreach (self::get_failed_login_attempts($user->ID) as $attempt) {
$time = date_i18n(__('Y/m/d g:i:s A', 'theme-my-login'), $attempt['time']);
$message .= $attempt['ip'] . "\t" . $time . "\r\n";
}
}
$title = apply_filters('user_lock_notification_title', $title, $user_id);
$message = apply_filters('user_lock_notification_message', $message, $unlock_url, $user_id);
wp_mail($user_email, $title, $message);
}
}
}
Theme_My_Login_Security::get_object();
}
if (is_admin()) {
include_once dirname(__FILE__) . '/admin/security-admin.php';
}
/**
* Attaches actions/filters explicitly to "users.php"
*
* Callback for "load-users.php" hook
*
* @since 6.0
* @access public
*/
public function load_users_page()
{
$security = Theme_My_Login_Security::get_object();
wp_enqueue_script('tml-security-admin', plugins_url('theme-my-login/modules/security/admin/js/security-admin.js'), array('jquery'));
add_action('admin_notices', array(&$this, 'admin_notices'));
if (isset($_GET['action']) && in_array($_GET['action'], array('lock', 'unlock'))) {
$redirect_to = isset($_REQUEST['wp_http_referer']) ? remove_query_arg(array('wp_http_referer', 'updated', 'delete_count'), stripslashes($_REQUEST['wp_http_referer'])) : 'users.php';
$user = isset($_GET['user']) ? $_GET['user'] : '';
if (!$user || !current_user_can('edit_user', $user)) {
wp_die(__('You can’t edit that user.', 'theme-my-login'));
}
if (!($user = get_userdata($user))) {
wp_die(__('You can’t edit that user.', 'theme-my-login'));
}
if ('lock' == $_GET['action']) {
check_admin_referer('lock-user_' . $user->ID);
$security->lock_user($user);
$redirect_to = add_query_arg('update', 'lock', $redirect_to);
} elseif ('unlock' == $_GET['action']) {
check_admin_referer('unlock-user_' . $user->ID);
$security->unlock_user($user);
$redirect_to = add_query_arg('update', 'unlock', $redirect_to);
}
wp_redirect($redirect_to);
exit;
}
}
/**
* Activates this module
*
* Callback for "tml_activate_security/security.php" hook in method Theme_My_Login_Admin::activate_module()
*
* @see Theme_My_Login_Admin::activate_module()
* @since 6.0
* @access public
*
* @param object $theme_my_login Reference to global $theme_my_login object
*/
function activate(&$theme_my_login)
{
$options = Theme_My_Login_Security::init_options();
$theme_my_login->options->set_option('security', $options['security']);
}
