Simple Login Log - Version 0.9.4

Version Description

Download this release

Release Info

Developer maxchirkov
Plugin Icon wp plugin Simple Login Log
Version 0.9.4
Comparing to
See all releases

Code changes from version 0.9.3 to 0.9.4

Files changed (2) hide show
  1. readme.txt +6 -2
  2. simple-login-log.php +66 -19
readme.txt CHANGED
@@ -3,8 +3,8 @@ Contributors: Max Chirkov
3
  Donate link: http://www.ibsteam.net/donate
4
  Tags: login, log, users
5
  Requires at least: 3.0
6
- Tested up to: 3.3.2
7
- Stable tag: 0.9.3
8
 
9
  This plugin keeps a log of WordPress user logins. Offers user and date filtering, and export features.
10
 
@@ -40,6 +40,10 @@ Screen Options are available at the top of the Login Log page. Click on the *Sec
40
 
41
  == Changelog ==
42
 
 
 
 
 
43
  **Version 0.9.3**
44
 
45
  - Improvement: search by partial user name as well as partial IP address per [Commeuneimage's recommendation](http://wordpress.org/support/topic/plugin-simple-login-log-small-enhancement-suggested-on-search-feature).
3
  Donate link: http://www.ibsteam.net/donate
4
  Tags: login, log, users
5
  Requires at least: 3.0
6
+ Tested up to: 3.5
7
+ Stable tag: 0.9.4
8
 
9
  This plugin keeps a log of WordPress user logins. Offers user and date filtering, and export features.
10
 
40
 
41
  == Changelog ==
42
 
43
+ **Version 0.9.4 - Highly Advised!**
44
+
45
+ - Numerous vulnerability fixes!
46
+
47
  **Version 0.9.3**
48
 
49
  - Improvement: search by partial user name as well as partial IP address per [Commeuneimage's recommendation](http://wordpress.org/support/topic/plugin-simple-login-log-small-enhancement-suggested-on-search-feature).
simple-login-log.php CHANGED
@@ -4,7 +4,7 @@
4
  Plugin URI: http://simplerealtytheme.com
5
  Description: This plugin keeps a log of WordPress user logins. Offers user filtering and export features.
6
  Author: Max Chirkov
7
- Version: 0.9.3
8
  Author URI: http://SimpleRealtyTheme.com
9
  */
10
 
@@ -25,19 +25,24 @@ if( !class_exists( 'SimpleLoginLog' ) )
25
  function __construct()
26
  {
27
  global $wpdb;
28
- $this->table = $wpdb->prefix . $this->table;
 
 
 
 
 
 
 
 
 
 
 
29
  $this->opt = get_option($this->opt_name);
30
 
31
  //Get plugin's DB version
32
  $this->installed_ver = get_option( "sll_db_ver" );
33
 
34
- //Check if download was initiated
35
- $download = @esc_attr( $_GET['download-login-log'] );
36
- if($download)
37
- {
38
- $where = ( isset($_GET['where']) ) ? $_GET['where'] : false;
39
- $this->export_to_CSV($where);
40
- }
41
 
42
 
43
  add_action( 'admin_menu', array(&$this, 'sll_admin_menu') );
@@ -50,6 +55,9 @@ if( !class_exists( 'SimpleLoginLog' ) )
50
  //Init login actions
51
  add_action( 'init', array(&$this, 'init_login_actions') );
52
 
 
 
 
53
  //Style the log table
54
  add_action( 'admin_head', array(&$this, 'admin_header') );
55
 
@@ -401,8 +409,8 @@ if( !class_exists( 'SimpleLoginLog' ) )
401
  $uid = ($userdata && $userdata->ID) ? $userdata->ID : 0;
402
 
403
  $data[$this->data_labels['Login']] = ( 1 == $this->login_success ) ? $this->data_labels['Successful'] : $this->data_labels['Failed'];
404
- if ( isset( $_REQUEST['redirect_to'] ) ) { $data[$this->data_labels['Login Redirect']] = $_REQUEST['redirect_to']; }
405
- $data[$this->data_labels['User Agent']] = $_SERVER['HTTP_USER_AGENT'];
406
 
407
  $serialized_data = serialize($data);
408
 
@@ -445,20 +453,24 @@ if( !class_exists( 'SimpleLoginLog' ) )
445
  $where = false;
446
  if( isset($_GET['filter']) && '' != $_GET['filter'] )
447
  {
448
- $where['filter'] = "(user_login LIKE '%{$_GET['filter']}%' OR ip LIKE '%{$_GET['filter']}%')";
 
449
  }
450
  if( isset($_GET['user_role']) && '' != $_GET['user_role'] )
451
  {
452
- $where['user_role'] = "user_role = '{$_GET['user_role']}'";
 
453
  }
454
  if( isset($_GET['result']) && '' != $_GET['result'] )
455
  {
456
- $where['result'] = "login_result = '{$_GET['result']}'";
 
457
  }
458
  if( isset($_GET['datefilter']) && '' != $_GET['datefilter'] )
459
  {
460
- $year = substr($_GET['datefilter'], 0, 4);
461
- $month = substr($_GET['datefilter'], -2);
 
462
  $where['datefilter'] = "YEAR(time) = {$year} AND MONTH(time) = {$month}";
463
  }
464
 
@@ -526,14 +538,26 @@ if( !class_exists( 'SimpleLoginLog' ) )
526
  $log_table->display();
527
 
528
  echo '<form method="get" id="export-login-log">';
 
 
 
529
  echo '<input type="hidden" name="page" value="login_log" />';
530
  echo '<input type="hidden" name="download-login-log" value="true" />';
531
  submit_button( __('Export Log to CSV', 'sll'), 'secondary' );
532
  echo '</form>';
533
  //if filtered results - add export filtered results button
534
- if( $where = $this->make_where_query() ){
535
-
 
 
 
 
 
 
536
  echo '<form method="get" id="export-login-log">';
 
 
 
537
  echo '<input type="hidden" name="page" value="login_log" />';
538
  echo '<input type="hidden" name="download-login-log" value="true" />';
539
  echo '<input type="hidden" name="where" value="' . esc_attr(serialize($where)) . '" />';
@@ -575,12 +599,35 @@ if( !class_exists( 'SimpleLoginLog' ) )
575
  }
576
 
577
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
578
  function export_to_CSV($where = false){
579
  global $wpdb;
580
 
581
  //if $where is set, then contemplate WHERE sql query
582
  if( $where ){
583
- $where = unserialize($where);
584
 
585
  if( is_array($where) && !empty($where) )
586
  $where = ' WHERE ' . implode(' AND ', $where);
4
  Plugin URI: http://simplerealtytheme.com
5
  Description: This plugin keeps a log of WordPress user logins. Offers user filtering and export features.
6
  Author: Max Chirkov
7
+ Version: 0.9.4
8
  Author URI: http://SimpleRealtyTheme.com
9
  */
10
 
25
  function __construct()
26
  {
27
  global $wpdb;
28
+
29
+ if ( is_multisite() )
30
+ {
31
+ // get main site's table prefix
32
+ $main_prefix = $wpdb->get_blog_prefix(1);
33
+ $this->table = $main_prefix . $this->table;
34
+ }
35
+ else
36
+ {
37
+ // non-multisite - regular table name
38
+ $this->table = $wpdb->prefix . $this->table;
39
+ }
40
  $this->opt = get_option($this->opt_name);
41
 
42
  //Get plugin's DB version
43
  $this->installed_ver = get_option( "sll_db_ver" );
44
 
45
+
 
 
 
 
 
 
46
 
47
 
48
  add_action( 'admin_menu', array(&$this, 'sll_admin_menu') );
55
  //Init login actions
56
  add_action( 'init', array(&$this, 'init_login_actions') );
57
 
58
+ //Init CSV Export
59
+ add_action('admin_init', array(&$this, 'init_csv_export') );
60
+
61
  //Style the log table
62
  add_action( 'admin_head', array(&$this, 'admin_header') );
63
 
409
  $uid = ($userdata && $userdata->ID) ? $userdata->ID : 0;
410
 
411
  $data[$this->data_labels['Login']] = ( 1 == $this->login_success ) ? $this->data_labels['Successful'] : $this->data_labels['Failed'];
412
+ if ( isset( $_REQUEST['redirect_to'] ) ) { $data[$this->data_labels['Login Redirect']] = esc_attr( $_REQUEST['redirect_to'] ); }
413
+ $data[$this->data_labels['User Agent']] = esc_attr( $_SERVER['HTTP_USER_AGENT'] );
414
 
415
  $serialized_data = serialize($data);
416
 
453
  $where = false;
454
  if( isset($_GET['filter']) && '' != $_GET['filter'] )
455
  {
456
+ $filter = esc_attr( $_GET['filter'] );
457
+ $where['filter'] = "(user_login LIKE '%{$filter}%' OR ip LIKE '%{$filter}%')";
458
  }
459
  if( isset($_GET['user_role']) && '' != $_GET['user_role'] )
460
  {
461
+ $user_role = esc_attr( $_GET['user_role'] );
462
+ $where['user_role'] = "user_role = '{$user_role}'";
463
  }
464
  if( isset($_GET['result']) && '' != $_GET['result'] )
465
  {
466
+ $result = esc_attr( $_GET['result'] );
467
+ $where['result'] = "login_result = '{$result}'";
468
  }
469
  if( isset($_GET['datefilter']) && '' != $_GET['datefilter'] )
470
  {
471
+ $datefilter = esc_attr( $_GET['datefilter'] );
472
+ $year = substr($datefilter, 0, 4);
473
+ $month = substr($datefilter, -2);
474
  $where['datefilter'] = "YEAR(time) = {$year} AND MONTH(time) = {$month}";
475
  }
476
 
538
  $log_table->display();
539
 
540
  echo '<form method="get" id="export-login-log">';
541
+ if ( function_exists('wp_nonce_field') )
542
+ wp_nonce_field('ssl_export_log');
543
+
544
  echo '<input type="hidden" name="page" value="login_log" />';
545
  echo '<input type="hidden" name="download-login-log" value="true" />';
546
  submit_button( __('Export Log to CSV', 'sll'), 'secondary' );
547
  echo '</form>';
548
  //if filtered results - add export filtered results button
549
+ $where = false;
550
+ if( isset( $_GET['filter'] ) || isset( $_GET['user_role'] ) || isset( $_GET['datefilter'] ) || isset( $_GET['result'] ) )
551
+ {
552
+ $where = array();
553
+ foreach($_GET as $k => $v)
554
+ {
555
+ $where[$k] = @esc_attr($v);
556
+ }
557
  echo '<form method="get" id="export-login-log">';
558
+ if ( function_exists('wp_nonce_field') )
559
+ wp_nonce_field('ssl_export_log');
560
+
561
  echo '<input type="hidden" name="page" value="login_log" />';
562
  echo '<input type="hidden" name="download-login-log" value="true" />';
563
  echo '<input type="hidden" name="where" value="' . esc_attr(serialize($where)) . '" />';
599
  }
600
 
601
 
602
+ function init_csv_export()
603
+ {
604
+ //Check if download was initiated
605
+ $download = @esc_attr( $_GET['download-login-log'] );
606
+ if($download)
607
+ {
608
+
609
+ $where = ( isset($_GET['where']) && '' != $_GET['where'] ) ? $_GET['where'] : false;
610
+ $where = maybe_unserialize( $where );
611
+
612
+ if( is_array($where) && !empty($where) )
613
+ {
614
+ foreach($where as $k => $v)
615
+ {
616
+ $_GET[$k] = esc_attr($v);
617
+ }
618
+ }
619
+
620
+ check_admin_referer( 'ssl_export_log' );
621
+ $this->export_to_CSV( $this->make_where_query() );
622
+ }
623
+ }
624
+
625
+
626
  function export_to_CSV($where = false){
627
  global $wpdb;
628
 
629
  //if $where is set, then contemplate WHERE sql query
630
  if( $where ){
 
631
 
632
  if( is_array($where) && !empty($where) )
633
  $where = ' WHERE ' . implode(' AND ', $where);