function validate_change_username_form() { global $wpdb; global $aio_wp_security; $errors = ''; $nonce = $_REQUEST['_wpnonce']; if (!wp_verify_nonce($nonce, 'aiowpsec-change-admin-nonce')) { $aio_wp_security->debug_logger->log_debug("Nonce check failed on admin username change operation!", 4); die(__('Nonce check failed on admin username change operation!', 'aiowpsecurity')); } if (!empty($_POST['aiowps_new_user_name'])) { $new_username = sanitize_text_field($_POST['aiowps_new_user_name']); if (validate_username($new_username)) { if (AIOWPSecurity_Utility::check_user_exists($new_username)) { $errors .= __('Username ', 'aiowpsecurity') . $new_username . __(' already exists. Please enter another value. ', 'aiowpsecurity'); } else { //let's check if currently logged in username is 'admin' global $user_login; get_currentuserinfo(); if (strtolower($user_login) == 'admin') { $username_is_admin = TRUE; } else { $username_is_admin = FALSE; } //Now let's change the username $result = $wpdb->query("UPDATE `" . $wpdb->users . "` SET user_login = '******' WHERE user_login='******';"); if (!$result) { //There was an error updating the users table $user_update_error = __('The database update operation of the user account failed!', 'aiowpsecurity'); //TODO## - add error logging here $return_msg = '<div id="message" class="updated fade"><p>' . $user_update_error . '</p></div>'; return $return_msg; } //multisite considerations if (AIOWPSecurity_Utility::is_multisite_install()) { //process sitemeta if we're in a multi-site situation $oldAdmins = $wpdb->get_var("SELECT meta_value FROM `" . $wpdb->sitemeta . "` WHERE meta_key = 'site_admins'"); $newAdmins = str_replace('5:"admin"', strlen($new_username) . ':"' . esc_sql($new_username) . '"', $oldAdmins); $wpdb->query("UPDATE `" . $wpdb->sitemeta . "` SET meta_value = '" . esc_sql($newAdmins) . "' WHERE meta_key = 'site_admins'"); } //If user is logged in with username "admin" then log user out and send to login page so they can login again if ($username_is_admin) { //Lets logout the user $aio_wp_security->debug_logger->log_debug("Logging User Out with login " . $user_login . " because they changed their username."); $after_logout_url = AIOWPSecurity_Utility::get_current_page_url(); $after_logout_payload = 'redirect_to=' . $after_logout_url . '&msg=' . $aio_wp_security->user_login_obj->key_login_msg . '=admin_user_changed'; //Place the handle for the login screen message in the URL $encrypted_payload = base64_encode($after_logout_payload); $logout_url = AIOWPSEC_WP_URL . '?aiowpsec_do_log_out=1'; $logout_url = AIOWPSecurity_Utility::add_query_data_to_url($logout_url, 'al_additional_data', $encrypted_payload); AIOWPSecurity_Utility::redirect_to_url($logout_url); } } } else { //An invalid username was entered $errors .= __('You entered an invalid username. Please enter another value. ', 'aiowpsecurity'); } } else { //No username value was entered $errors .= __('Please enter a value for your username. ', 'aiowpsecurity'); } if (strlen($errors) > 0) { //We have some validation or other error $return_msg = '<div id="message" class="error"><p>' . $errors . '</p></div>'; } else { $return_msg = '<div id="message" class="updated fade"><p>' . __('Username Successfully Changed!', 'aiowpsecurity') . '</p></div>'; } return $return_msg; }
function aiowps_force_logout_action_handler() { global $aio_wp_security; //$aio_wp_security->debug_logger->log_debug("Force Logout - Checking if any user need to be logged out..."); if ($aio_wp_security->configs->get_value('aiowps_enable_forced_logout') == '1') { if (is_user_logged_in()) { $current_user = wp_get_current_user(); $user_id = $current_user->ID; $current_time = current_time('mysql'); $login_time = $this->get_wp_user_last_login_time($user_id); $diff = strtotime($current_time) - strtotime($login_time); $logout_time_interval_value = $aio_wp_security->configs->get_value('aiowps_logout_time_period'); $logout_time_interval_val_seconds = $logout_time_interval_value * 60; if ($diff > $logout_time_interval_val_seconds) { $aio_wp_security->debug_logger->log_debug("Force Logout - This user logged in more than (" . $logout_time_interval_value . ") minutes ago. Doing a force log out for the user with username: " . $current_user->user_login); $this->wp_logout_action_handler(); //this will register the logout time/date in the logout_date column $curr_page_url = AIOWPSecurity_Utility::get_current_page_url(); $after_logout_payload = array('redirect_to' => $curr_page_url, 'msg' => $this->key_login_msg . '=session_expired'); //Save some of the logout redirect data to a transient AIOWPSecurity_Utility::is_multisite_install() ? set_site_transient('aiowps_logout_payload', $after_logout_payload, 30 * 60) : set_transient('aiowps_logout_payload', $after_logout_payload, 30 * 60); $logout_url = AIOWPSEC_WP_URL . '?aiowpsec_do_log_out=1'; $logout_url = AIOWPSecurity_Utility::add_query_data_to_url($logout_url, 'al_additional_data', '1'); AIOWPSecurity_Utility::redirect_to_url($logout_url); } } } }