Exemple #1
0
 public static function loginAction($username)
 {
     if (sizeof($_POST) < 1) {
         return;
     }
     //only execute if login form is posted
     if (!$username) {
         return;
     }
     wfConfig::inc('totalLogins');
     $user = get_user_by('login', $username);
     $userID = $user ? $user->ID : 0;
     self::getLog()->logLogin('loginOK', 0, $username);
     if (wfUtils::isAdmin($user)) {
         wfConfig::set_ser('lastAdminLogin', array('userID' => $userID, 'username' => $username, 'firstName' => $user->first_name, 'lastName' => $user->last_name, 'time' => wfUtils::localHumanDateShort(), 'IP' => wfUtils::getIP()));
     }
     if (user_can($userID, 'update_core')) {
         if (wfConfig::get('alertOn_adminLogin')) {
             wordfence::alert("Admin Login", "A user with username \"{$username}\" who has administrator access signed in to your WordPress site.", wfUtils::getIP());
         }
     } else {
         if (wfConfig::get('alertOn_nonAdminLogin')) {
             wordfence::alert("User login", "A non-admin user with username \"{$username}\" signed in to your WordPress site.", wfUtils::getIP());
         }
     }
 }
 public static function loginAction($username)
 {
     if (sizeof($_POST) < 1) {
         return;
     }
     //only execute if login form is posted
     if (!$username) {
         return;
     }
     wfConfig::inc('totalLogins');
     $user = get_user_by('login', $username);
     $userID = $user ? $user->ID : 0;
     self::getLog()->logLogin('loginOK', 0, $username);
     if (wfUtils::isAdmin($user)) {
         wfConfig::set_ser('lastAdminLogin', array('userID' => $userID, 'username' => $username, 'firstName' => $user->first_name, 'lastName' => $user->last_name, 'time' => wfUtils::localHumanDateShort(), 'IP' => wfUtils::getIP()));
     }
     $salt = wp_salt('logged_in');
     $cookiename = 'wf_loginalerted_' . hash_hmac('sha256', wfUtils::getIP() . '|' . $user->ID, $salt);
     $cookievalue = hash_hmac('sha256', $user->user_login, $salt);
     if (user_can($userID, 'update_core')) {
         if (wfConfig::get('alertOn_adminLogin')) {
             $shouldAlert = true;
             if (wfConfig::get('alertOn_firstAdminLoginOnly') && isset($_COOKIE[$cookiename])) {
                 $shouldAlert = !hash_equals($cookievalue, $_COOKIE[$cookiename]);
             }
             if ($shouldAlert) {
                 wordfence::alert("Admin Login", "A user with username \"{$username}\" who has administrator access signed in to your WordPress site.", wfUtils::getIP());
             }
         }
     } else {
         if (wfConfig::get('alertOn_nonAdminLogin')) {
             $shouldAlert = true;
             if (wfConfig::get('alertOn_firstNonAdminLoginOnly') && isset($_COOKIE[$cookiename])) {
                 $shouldAlert = !hash_equals($cookievalue, $_COOKIE[$cookiename]);
             }
             if ($shouldAlert) {
                 wordfence::alert("User login", "A non-admin user with username \"{$username}\" signed in to your WordPress site.", wfUtils::getIP());
             }
         }
     }
     if (wfConfig::get('alertOn_firstAdminLoginOnly') || wfConfig::get('alertOn_firstNonAdminLoginOnly')) {
         wfUtils::setcookie($cookiename, $cookievalue, time() + 86400 * 365, '/', null, null, true);
     }
 }