function validate_change_username_form()
{
global $wpdb;
global $aio_wp_security;
$errors = '';
$nonce = $_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-change-admin-nonce')) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed on admin username change operation!", 4);
die(__('Nonce check failed on admin username change operation!', 'aiowpsecurity'));
}
if (!empty($_POST['aiowps_new_user_name'])) {
$new_username = sanitize_text_field($_POST['aiowps_new_user_name']);
if (validate_username($new_username)) {
if (AIOWPSecurity_Utility::check_user_exists($new_username)) {
$errors .= __('Username ', 'aiowpsecurity') . $new_username . __(' already exists. Please enter another value. ', 'aiowpsecurity');
} else {
//let's check if currently logged in username is 'admin'
global $user_login;
get_currentuserinfo();
if (strtolower($user_login) == 'admin') {
$username_is_admin = TRUE;
} else {
$username_is_admin = FALSE;
}
//Now let's change the username
$result = $wpdb->query("UPDATE `" . $wpdb->users . "` SET user_login = '******' WHERE user_login='******';");
if (!$result) {
//There was an error updating the users table
$user_update_error = __('The database update operation of the user account failed!', 'aiowpsecurity');
//TODO## - add error logging here
$return_msg = '<div id="message" class="updated fade"><p>' . $user_update_error . '</p></div>';
return $return_msg;
}
//multisite considerations
if (AIOWPSecurity_Utility::is_multisite_install()) {
//process sitemeta if we're in a multi-site situation
$oldAdmins = $wpdb->get_var("SELECT meta_value FROM `" . $wpdb->sitemeta . "` WHERE meta_key = 'site_admins'");
$newAdmins = str_replace('5:"admin"', strlen($new_username) . ':"' . esc_sql($new_username) . '"', $oldAdmins);
$wpdb->query("UPDATE `" . $wpdb->sitemeta . "` SET meta_value = '" . esc_sql($newAdmins) . "' WHERE meta_key = 'site_admins'");
}
//If user is logged in with username "admin" then log user out and send to login page so they can login again
if ($username_is_admin) {
//Lets logout the user
$aio_wp_security->debug_logger->log_debug("Logging User Out with login " . $user_login . " because they changed their username.");
$after_logout_url = AIOWPSecurity_Utility::get_current_page_url();
$after_logout_payload = 'redirect_to=' . $after_logout_url . '&msg=' . $aio_wp_security->user_login_obj->key_login_msg . '=admin_user_changed';
//Place the handle for the login screen message in the URL
$encrypted_payload = base64_encode($after_logout_payload);
$logout_url = AIOWPSEC_WP_URL . '?aiowpsec_do_log_out=1';
$logout_url = AIOWPSecurity_Utility::add_query_data_to_url($logout_url, 'al_additional_data', $encrypted_payload);
AIOWPSecurity_Utility::redirect_to_url($logout_url);
}
}
} else {
//An invalid username was entered
$errors .= __('You entered an invalid username. Please enter another value. ', 'aiowpsecurity');
}
} else {
//No username value was entered
$errors .= __('Please enter a value for your username. ', 'aiowpsecurity');
}
if (strlen($errors) > 0) {
//We have some validation or other error
$return_msg = '<div id="message" class="error"><p>' . $errors . '</p></div>';
} else {
$return_msg = '<div id="message" class="updated fade"><p>' . __('Username Successfully Changed!', 'aiowpsecurity') . '</p></div>';
}
return $return_msg;
}
function aiowps_force_logout_action_handler()
{
global $aio_wp_security;
//$aio_wp_security->debug_logger->log_debug("Force Logout - Checking if any user need to be logged out...");
if ($aio_wp_security->configs->get_value('aiowps_enable_forced_logout') == '1') {
if (is_user_logged_in()) {
$current_user = wp_get_current_user();
$user_id = $current_user->ID;
$current_time = current_time('mysql');
$login_time = $this->get_wp_user_last_login_time($user_id);
$diff = strtotime($current_time) - strtotime($login_time);
$logout_time_interval_value = $aio_wp_security->configs->get_value('aiowps_logout_time_period');
$logout_time_interval_val_seconds = $logout_time_interval_value * 60;
if ($diff > $logout_time_interval_val_seconds) {
$aio_wp_security->debug_logger->log_debug("Force Logout - This user logged in more than (" . $logout_time_interval_value . ") minutes ago. Doing a force log out for the user with username: " . $current_user->user_login);
$this->wp_logout_action_handler();
//this will register the logout time/date in the logout_date column
$curr_page_url = AIOWPSecurity_Utility::get_current_page_url();
$after_logout_payload = array('redirect_to' => $curr_page_url, 'msg' => $this->key_login_msg . '=session_expired');
//Save some of the logout redirect data to a transient
AIOWPSecurity_Utility::is_multisite_install() ? set_site_transient('aiowps_logout_payload', $after_logout_payload, 30 * 60) : set_transient('aiowps_logout_payload', $after_logout_payload, 30 * 60);
$logout_url = AIOWPSEC_WP_URL . '?aiowpsec_do_log_out=1';
$logout_url = AIOWPSecurity_Utility::add_query_data_to_url($logout_url, 'al_additional_data', '1');
AIOWPSecurity_Utility::redirect_to_url($logout_url);
}
}
}
}
