/** * Attaches actions/filters explicitly to "users.php" * * Callback for "load-users.php" hook * * @since 6.0 * @access public */ public function load_users_page() { $security = Theme_My_Login_Security::get_object(); wp_enqueue_script('tml-security-admin', plugins_url('theme-my-login/modules/security/admin/js/security-admin.js'), array('jquery')); add_action('admin_notices', array(&$this, 'admin_notices')); if (isset($_GET['action']) && in_array($_GET['action'], array('lock', 'unlock'))) { $redirect_to = isset($_REQUEST['wp_http_referer']) ? remove_query_arg(array('wp_http_referer', 'updated', 'delete_count'), stripslashes($_REQUEST['wp_http_referer'])) : 'users.php'; $user = isset($_GET['user']) ? $_GET['user'] : ''; if (!$user || !current_user_can('edit_user', $user)) { wp_die(__('You can’t edit that user.', 'theme-my-login')); } if (!($user = get_userdata($user))) { wp_die(__('You can’t edit that user.', 'theme-my-login')); } if ('lock' == $_GET['action']) { check_admin_referer('lock-user_' . $user->ID); $security->lock_user($user); $redirect_to = add_query_arg('update', 'lock', $redirect_to); } elseif ('unlock' == $_GET['action']) { check_admin_referer('unlock-user_' . $user->ID); $security->unlock_user($user); $redirect_to = add_query_arg('update', 'unlock', $redirect_to); } wp_redirect($redirect_to); exit; } }
$user_email = stripslashes($user->user_email); if (is_multisite()) { $blogname = $current_site->site_name; } else { // The blogname option is escaped with esc_html on the way into the database in sanitize_option // we want to reverse this for the plain text arena of emails. $blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES); } $unlock_url = add_query_arg(array('action' => 'unlock', 'key' => self::get_user_unlock_key($user->ID), 'login' => rawurlencode($user_login)), wp_login_url()); $title = sprintf(__('[%s] Account Locked', 'theme-my-login'), $blogname); $message = sprintf(__('For your security, your account has been locked because of too many failed login attempts. To unlock your account please click the following link: ', 'theme-my-login'), $blogname) . "\r\n\r\n"; $message .= $unlock_url . "\r\n"; if ($user->has_cap('administrator')) { $message .= "\r\n"; $message .= __('The following attempts resulted in the lock:', 'theme-my-login') . "\r\n\r\n"; foreach (self::get_failed_login_attempts($user->ID) as $attempt) { $time = date_i18n(__('Y/m/d g:i:s A', 'theme-my-login'), $attempt['time']); $message .= $attempt['ip'] . "\t" . $time . "\r\n"; } } $title = apply_filters('user_lock_notification_title', $title, $user_id); $message = apply_filters('user_lock_notification_message', $message, $unlock_url, $user_id); wp_mail($user_email, $title, $message); } } } Theme_My_Login_Security::get_object(); } if (is_admin()) { include_once dirname(__FILE__) . '/admin/security-admin.php'; }