public static function loginAction($username) { if (sizeof($_POST) < 1) { return; } //only execute if login form is posted if (!$username) { return; } wfConfig::inc('totalLogins'); $user = get_user_by('login', $username); $userID = $user ? $user->ID : 0; self::getLog()->logLogin('loginOK', 0, $username); if (wfUtils::isAdmin($user)) { wfConfig::set_ser('lastAdminLogin', array('userID' => $userID, 'username' => $username, 'firstName' => $user->first_name, 'lastName' => $user->last_name, 'time' => wfUtils::localHumanDateShort(), 'IP' => wfUtils::getIP())); } if (user_can($userID, 'update_core')) { if (wfConfig::get('alertOn_adminLogin')) { wordfence::alert("Admin Login", "A user with username \"{$username}\" who has administrator access signed in to your WordPress site.", wfUtils::getIP()); } } else { if (wfConfig::get('alertOn_nonAdminLogin')) { wordfence::alert("User login", "A non-admin user with username \"{$username}\" signed in to your WordPress site.", wfUtils::getIP()); } } }
public static function loginAction($username) { if (sizeof($_POST) < 1) { return; } //only execute if login form is posted if (!$username) { return; } wfConfig::inc('totalLogins'); $user = get_user_by('login', $username); $userID = $user ? $user->ID : 0; self::getLog()->logLogin('loginOK', 0, $username); if (wfUtils::isAdmin($user)) { wfConfig::set_ser('lastAdminLogin', array('userID' => $userID, 'username' => $username, 'firstName' => $user->first_name, 'lastName' => $user->last_name, 'time' => wfUtils::localHumanDateShort(), 'IP' => wfUtils::getIP())); } $salt = wp_salt('logged_in'); $cookiename = 'wf_loginalerted_' . hash_hmac('sha256', wfUtils::getIP() . '|' . $user->ID, $salt); $cookievalue = hash_hmac('sha256', $user->user_login, $salt); if (user_can($userID, 'update_core')) { if (wfConfig::get('alertOn_adminLogin')) { $shouldAlert = true; if (wfConfig::get('alertOn_firstAdminLoginOnly') && isset($_COOKIE[$cookiename])) { $shouldAlert = !hash_equals($cookievalue, $_COOKIE[$cookiename]); } if ($shouldAlert) { wordfence::alert("Admin Login", "A user with username \"{$username}\" who has administrator access signed in to your WordPress site.", wfUtils::getIP()); } } } else { if (wfConfig::get('alertOn_nonAdminLogin')) { $shouldAlert = true; if (wfConfig::get('alertOn_firstNonAdminLoginOnly') && isset($_COOKIE[$cookiename])) { $shouldAlert = !hash_equals($cookievalue, $_COOKIE[$cookiename]); } if ($shouldAlert) { wordfence::alert("User login", "A non-admin user with username \"{$username}\" signed in to your WordPress site.", wfUtils::getIP()); } } } if (wfConfig::get('alertOn_firstAdminLoginOnly') || wfConfig::get('alertOn_firstNonAdminLoginOnly')) { wfUtils::setcookie($cookiename, $cookievalue, time() + 86400 * 365, '/', null, null, true); } }