/**
* Builds and sends notification email
*
* Sends the notication email too all applicable administrative users notifying them
* that file changes have been detected
*
* @since 4.0.0
*
* @access private
*
* @param array $email_details array of details for the email messge
*
* @return void
*/
private function send_notification_email($email_details)
{
global $itsec_globals;
$itsec_notify = ITSEC_Core::get_itsec_notify();
if (!ITSEC_Modules::get_setting('global', 'digest_email')) {
$headers = 'From: ' . get_bloginfo('name') . ' <' . get_option('admin_email') . '>' . "\r\n";
$subject = '[' . get_option('siteurl') . '] ' . __('WordPress File Change Warning', 'better-wp-security') . ' ' . date('l, F jS, Y \\a\\t g:i a e', $itsec_globals['current_time']);
$body = '<p>' . __('A file (or files) on your site at ', 'better-wp-security') . ' ' . get_option('siteurl') . __(' have been changed. Please review the report below to verify changes are not the result of a compromise.', 'better-wp-security') . '</p>';
$body .= $this->get_email_report($email_details);
//get report
$args = array('headers' => $headers, 'message' => $body, 'subject' => $subject);
$itsec_notify->notify($args);
} else {
$changed = $email_details[0] + $email_details[1] + $email_details[2];
if ($changed > 0) {
$itsec_notify->register_file_change();
}
}
}
/**
* Sends an email to notify site admins of lockouts
*
* @since 4.0
*
* @param string $host the host to lockout
* @param int $user the user id to lockout
* @param string $username the username to lockout
* @param string $host_expiration when the host login expires
* @param string $user_expiration when the user lockout expires
* @param string $reason the reason for the lockout to show to the user
*
* @return void
*/
private function send_lockout_email($host, $user, $username, $host_expiration, $user_expiration, $reason)
{
global $itsec_globals;
$itsec_notify = ITSEC_Core::get_itsec_notify();
if (!ITSEC_Modules::get_setting('global', 'digest_email')) {
$plural_text = __('has', 'better-wp-security');
//Tell which host was locked out
if ($host !== false) {
$host_text = sprintf('%s, <a href="http://www.traceip.net/?query=%s"><strong>%s</strong></a>, ', __('host', 'better-wp-security'), urlencode($host), sanitize_text_field($host));
$host_expiration_text = __('The host has been locked out ', 'better-wp-security');
if ($host_expiration === false) {
$host_expiration_text .= '<strong>' . __('permanently', 'better-wp-security') . '</strong>';
$release_text = sprintf(__('To release the host lockout you can remove the host from the <a href="%1$s">host list</a>.', 'better-wp-security'), wp_login_url(ITSEC_Core::get_settings_page_url()));
} else {
$host_expiration_text .= sprintf('<strong>%s %s</strong>', __('until', 'better-wp-security'), sanitize_text_field($host_expiration));
$release_text = sprintf(__('To release the lockout please visit <a href="%1$s">the admin area</a>.', 'better-wp-security'), wp_login_url(ITSEC_Core::get_settings_page_url()));
}
} else {
$host_expiration_text = '';
$host_text = '';
$release_text = '';
}
$user_object = get_userdata($user);
//try to get and actual user object
//Tell them which user was locked out and setup the expiration copy
if ($user_object !== false || $username !== false) {
if ($user_object !== false) {
$login = $user_object->user_login;
} else {
$login = sanitize_text_field($username);
}
if ($host_text === '') {
$user_expiration_text = sprintf('%s <strong>%s %s</strong>.', __('The user has been locked out', 'better-wp-security'), __('until', 'better-wp-security'), sanitize_text_field($user_expiration));
$user_text = sprintf('%s, <strong>%s</strong>, ', __('user', 'better-wp-security'), $login);
$release_text = sprintf(__('To release the lockout please visit <a href="%1$s">the lockouts page</a>.', 'better-wp-security'), wp_login_url(ITSEC_Core::get_settings_page_url()));
} else {
$user_expiration_text = sprintf('%s <strong>%s %s</strong>.', __('and the user has been locked out', 'better-wp-security'), __('until', 'better-wp-security'), sanitize_text_field($user_expiration));
$plural_text = __('have', 'better-wp-security');
$user_text = sprintf('%s, <strong>%s</strong>, ', __('and a user', 'better-wp-security'), $login);
if ($host_expiration === false) {
$release_text = sprintf(__('To release the user lockout please visit <a href="%1$s">the lockouts page</a>.', 'better-wp-security'), wp_login_url(ITSEC_Core::get_settings_page_url()));
} else {
$release_text = sprintf(__('To release the lockouts please visit <a href="%1$s">the lockouts page</a>.', 'better-wp-security'), wp_login_url(ITSEC_Core::get_settings_page_url()));
}
}
} else {
$user_expiration_text = '.';
$user_text = '';
$release_text = '';
}
//Put the copy all together
$body = sprintf('<p>%s,</p><p>%s %s %s %s %s <a href="%s">%s</a> %s <strong>%s</strong>.</p><p>%s %s</p><p>%s</p><p><em>*%s %s. %s <a href="%s">%s</a>.</em></p>', __('Dear Site Admin', 'better-wp-security'), __('A', 'better-wp-security'), $host_text, $user_text, $plural_text, __(' been locked out of the WordPress site at', 'better-wp-security'), get_option('siteurl'), get_option('siteurl'), __('due to', 'better-wp-security'), sanitize_text_field($reason), $host_expiration_text, $user_expiration_text, $release_text, __('This email was generated automatically by'), $itsec_globals['plugin_name'], __('To change your email preferences please visit', 'better-wp-security'), wp_login_url(ITSEC_Core::get_settings_page_url()), __('the plugin settings', 'better-wp-security'));
//Setup the remainder of the email
$subject = '[' . get_option('siteurl') . '] ' . __('Site Lockout Notification', 'better-wp-security');
$subject = apply_filters('itsec_lockout_email_subject', $subject);
$headers = 'From: ' . get_bloginfo('name') . ' <' . get_option('admin_email') . '>' . "\r\n";
$args = array('headers' => $headers, 'message' => $body, 'subject' => $subject);
$itsec_notify->notify($args);
}
}
