/** * Retrieve the list of all the user logins from the datastore file. * * The results of this operation can be filtered by specific user identifiers, * or limiting the quantity of entries. * * @param integer $limit How many entries will be returned from the operation. * @param integer $offset Initial point where the logs will be start counting. * @param integer $user_id Optional user identifier to filter the results. * @return array The list of all the user logins, and total of entries registered. */ function sucuriscan_get_logins($limit = 10, $offset = 0, $user_id = 0) { $datastore_filepath = sucuriscan_lastlogins_datastore_is_readable(); $last_logins = array('total' => 0, 'entries' => array()); if ($datastore_filepath) { $parsed_lines = 0; $data_lines = SucuriScanFileInfo::file_lines($datastore_filepath); if ($data_lines) { /** * This count will not be 100% accurate considering that we are checking the * syntax of each line in the loop bellow, there may be some lines without the * right syntax which will differ from the total entries returned, but there's * not other EASY way to do this without affect the performance of the code. * * @var integer */ $total_lines = count($data_lines); $last_logins['total'] = $total_lines; // Get a list with the latest entries in the first positions. $reversed_lines = array_reverse($data_lines); /** * Only the user accounts with administrative privileges can see the logs of all * the users, for the rest of the accounts they will only see their own logins. * * @var object */ $current_user = wp_get_current_user(); $is_admin_user = (bool) current_user_can('manage_options'); for ($i = $offset; $i < $total_lines; $i++) { $line = $reversed_lines[$i] ? trim($reversed_lines[$i]) : ''; // Check if the data is serialized (which we will consider as insecure). if (SucuriScan::is_serialized($line)) { $last_login = @unserialize($line); // TODO: Remove after version 1.7.5 } else { $last_login = @json_decode($line, true); } if ($last_login) { $last_login['user_lastlogin_timestamp'] = strtotime($last_login['user_lastlogin']); $last_login['user_registered_timestamp'] = 0; // Only administrators can see all login stats. if (!$is_admin_user && $current_user->user_login != $last_login['user_login']) { continue; } // Filter the user identifiers using the value passed tot his function. if ($user_id > 0 && $last_login['user_id'] != $user_id) { continue; } // Get the WP_User object and add extra information from the last-login data. $last_login['user_exists'] = false; $user_account = get_userdata($last_login['user_id']); if ($user_account) { $last_login['user_exists'] = true; foreach ($user_account->data as $var_name => $var_value) { $last_login[$var_name] = $var_value; if ($var_name == 'user_registered') { $last_login['user_registered_timestamp'] = strtotime($var_value); } } } $last_login['line_num'] = $i + 1; $last_logins['entries'][] = (object) $last_login; $parsed_lines += 1; } else { $last_logins['total'] -= 1; } if (preg_match('/^[0-9]+$/', $limit) && $limit > 0) { if ($parsed_lines >= $limit) { break; } } } } } return $last_logins; }