public static function loginAction($username)
{
if (sizeof($_POST) < 1) {
return;
}
//only execute if login form is posted
if (!$username) {
return;
}
wfConfig::inc('totalLogins');
$user = get_user_by('login', $username);
$userID = $user ? $user->ID : 0;
self::getLog()->logLogin('loginOK', 0, $username);
if (wfUtils::isAdmin($user)) {
wfConfig::set_ser('lastAdminLogin', array('userID' => $userID, 'username' => $username, 'firstName' => $user->first_name, 'lastName' => $user->last_name, 'time' => wfUtils::localHumanDateShort(), 'IP' => wfUtils::getIP()));
}
if (user_can($userID, 'update_core')) {
if (wfConfig::get('alertOn_adminLogin')) {
wordfence::alert("Admin Login", "A user with username \"{$username}\" who has administrator access signed in to your WordPress site.", wfUtils::getIP());
}
} else {
if (wfConfig::get('alertOn_nonAdminLogin')) {
wordfence::alert("User login", "A non-admin user with username \"{$username}\" signed in to your WordPress site.", wfUtils::getIP());
}
}
}
public static function loginAction($username)
{
if (sizeof($_POST) < 1) {
return;
}
//only execute if login form is posted
if (!$username) {
return;
}
wfConfig::inc('totalLogins');
$user = get_user_by('login', $username);
$userID = $user ? $user->ID : 0;
self::getLog()->logLogin('loginOK', 0, $username);
if (wfUtils::isAdmin($user)) {
wfConfig::set_ser('lastAdminLogin', array('userID' => $userID, 'username' => $username, 'firstName' => $user->first_name, 'lastName' => $user->last_name, 'time' => wfUtils::localHumanDateShort(), 'IP' => wfUtils::getIP()));
}
$salt = wp_salt('logged_in');
$cookiename = 'wf_loginalerted_' . hash_hmac('sha256', wfUtils::getIP() . '|' . $user->ID, $salt);
$cookievalue = hash_hmac('sha256', $user->user_login, $salt);
if (user_can($userID, 'update_core')) {
if (wfConfig::get('alertOn_adminLogin')) {
$shouldAlert = true;
if (wfConfig::get('alertOn_firstAdminLoginOnly') && isset($_COOKIE[$cookiename])) {
$shouldAlert = !hash_equals($cookievalue, $_COOKIE[$cookiename]);
}
if ($shouldAlert) {
wordfence::alert("Admin Login", "A user with username \"{$username}\" who has administrator access signed in to your WordPress site.", wfUtils::getIP());
}
}
} else {
if (wfConfig::get('alertOn_nonAdminLogin')) {
$shouldAlert = true;
if (wfConfig::get('alertOn_firstNonAdminLoginOnly') && isset($_COOKIE[$cookiename])) {
$shouldAlert = !hash_equals($cookievalue, $_COOKIE[$cookiename]);
}
if ($shouldAlert) {
wordfence::alert("User login", "A non-admin user with username \"{$username}\" signed in to your WordPress site.", wfUtils::getIP());
}
}
}
if (wfConfig::get('alertOn_firstAdminLoginOnly') || wfConfig::get('alertOn_firstNonAdminLoginOnly')) {
wfUtils::setcookie($cookiename, $cookievalue, time() + 86400 * 365, '/', null, null, true);
}
}
