Sucuri Security – Auditing, Malware Scanner and Security Hardening - Version 1.4.5

Version Description

  • Fixing some issues on the last login and allowing the option to disable it.
Download this release

Release Info

Developer yorman
Plugin Icon 128x128 Sucuri Security – Auditing, Malware Scanner and Security Hardening
Version 1.4.5
Comparing to
See all releases

Code changes from version 1.4.4 to 1.4.5

inc/css/sucuriscan-default-css.css CHANGED
@@ -62,30 +62,35 @@
62
padding: 6px 0 3px 0
63
}
64
65
- .sucuriscan-maincontent a.lastlogins-showall{
66
- margin: 10px auto 0 auto;
67
- }
68
-
69
- .sucuriscan-maincontent .adminusers-lastlogin{
70
- padding: 0
71
}
72
73
- .sucuriscan-maincontent .adminusers-lastlogin>table{
74
- width: 100%
75
}
76
77
.sucuri-alert{
78
- position: relative;
79
}
80
81
.sucuri-alert-updated{
82
- background-color:#bbe8f5!important;
83
- border-color:#4393ac!important;
84
}
85
86
.sucuri-alert > a.close{
87
- position: absolute;
88
- top: 8px;
89
- right: 10px;
90
- font-size: 18px;
91
}
62
padding: 6px 0 3px 0
63
}
64
65
+ .sucuriscan-maincontent .hardening-box .primary-secondary{
66
+ margin: 0 0 0 10px
67
}
68
69
+ .sucuriscan-maincontent a.lastlogins-showall{
70
+ display: inline-block;
71
+ float: right
72
}
73
74
.sucuri-alert{
75
+ position: relative
76
}
77
78
.sucuri-alert-updated{
79
+ background-color: #bbe8f5 !important;
80
+ border-color: #4393ac !important
81
}
82
83
.sucuri-alert > a.close{
84
+ position: absolute;
85
+ top: 8px;
86
+ right: 10px;
87
+ font-size: 18px;
88
+ text-decoration: none
89
+ }
90
+
91
+ .sucuri-visible{
92
+ }
93
+
94
+ .sucuri-hidden{
95
+ display: none !important
96
}
inc/tpl/sucuri-wp-lastlogins.html.tpl CHANGED
@@ -12,30 +12,57 @@
12
</div>
13
</div>
14
15
- <div id="poststuff">
16
<div class="postbox">
17
- <h3>User logins (latest 10, newest to oldest)</h3>
18
<div class="inside">
19
- <table class="wp-list-table widefat">
20
- <thead>
21
- <tr>
22
- <th class="manage-column">Username</th>
23
- <th class="manage-column">Email</th>
24
- <th class="manage-column">IP Address</th>
25
- <th class="manage-column">Date/Time</th>
26
- </tr>
27
- </thead>
28
-
29
- <tbody>
30
- %%SUCURI.UserList%%
31
- </tbody>
32
- </table>
33
-
34
- <a href="%%SUCURI.CurrentURL%%&limit=0" class="button button-primary lastlogins-showall" style="%%SUCURI.UserList.ShowAll%%">Show all results</a>
35
</div>
36
</div>
37
</div><!-- End poststuff -->
38
39
</div><!-- End sucuriscan-maincontent -->
40
</div><!-- End postbox-container -->
41
12
</div>
13
</div>
14
15
+ <div id="poststuff" class="sucuri-%%SUCURI.LastLoginsSettings.Display%%">
16
<div class="postbox">
17
+ <h3>User logins settings</h3>
18
<div class="inside">
19
+ <form method="POST">
20
+ <input type="hidden" name="sucuri_lastlogins_nonce" value="%%SUCURI.LastLoginsNonce%%" />
21
+
22
+ <p>As part of the administrator accounts, you can choose who can see alerts of Last-Logins in the Wordpress Dashboard.</p>
23
+ <label>
24
+ <input type="radio" name="lastlogin_alerts" value="enable_everyone" %%SUCURI.LastLoginsAlerts.EnableEveryone%% />
25
+ Enable last logins warnings for everyone.
26
+ </label>
27
+ <br />
28
+ <label>
29
+ <input type="radio" name="lastlogin_alerts" value="disable_everyone" %%SUCURI.LastLoginsAlerts.DisableEveryone%% />
30
+ Disable last login flashs for everyone.
31
+ </label>
32
+ <br />
33
+ <label>
34
+ <input type="radio" name="lastlogin_alerts" value="just_admins" %%SUCURI.LastLoginsAlerts.JustAdmins%% />
35
+ Disable last logins for any non admins.
36
+ </label>
37
+ <p>
38
+ <input type="submit" value="Save values" class="button-primary" />
39
+ </p>
40
+ </form>
41
</div>
42
</div>
43
</div><!-- End poststuff -->
44
45
+ <table class="wp-list-table widefat">
46
+ <thead>
47
+ <tr>
48
+ <th colspan="4">
49
+ User logins (latest 10, newest to oldest)
50
+ <a href="%%SUCURI.CurrentURL%%&limit=0" class="button button-primary lastlogins-showall sucuri-%%SUCURI.UserList.ShowAll%%">Show all results</a>
51
+ </th>
52
+ </tr>
53
+ <tr>
54
+ <th class="manage-column">Username</th>
55
+ <th class="manage-column">Email</th>
56
+ <th class="manage-column">IP Address</th>
57
+ <th class="manage-column">Date/Time</th>
58
+ </tr>
59
+ </thead>
60
+
61
+ <tbody>
62
+ %%SUCURI.UserList%%
63
+ </tbody>
64
+ </table>
65
+
66
</div><!-- End sucuriscan-maincontent -->
67
</div><!-- End postbox-container -->
68
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: dd@sucuri.net, dremeda
3
Donate Link: http://sitecheck.sucuri.net
4
Tags: malware, security, scan, spam, virus, sucuri, WordPress,
5
Requires at least:3.2
6
- Stable tag:1.4.4
7
Tested up to: 3.6
8
9
The Sucuri Security - SiteCheck Malware Scanner plugin enables you to scan your WordPress site using Sucuri SiteCheck and verify the integrity of your core files right in your dashboard. It also includes post-hack options to help you reset passwords and secret keys in case it has been already hacked.
@@ -67,6 +67,9 @@ the compromise on your site).
67
68
== Changelog ==
69
70
= 1.4.4 =
71
* Small bug fixes + forcing a re-scan on every scan attempt (not using the cache anymore).
72
3
Donate Link: http://sitecheck.sucuri.net
4
Tags: malware, security, scan, spam, virus, sucuri, WordPress,
5
Requires at least:3.2
6
+ Stable tag:1.4.5
7
Tested up to: 3.6
8
9
The Sucuri Security - SiteCheck Malware Scanner plugin enables you to scan your WordPress site using Sucuri SiteCheck and verify the integrity of your core files right in your dashboard. It also includes post-hack options to help you reset passwords and secret keys in case it has been already hacked.
67
68
== Changelog ==
69
70
+ = 1.4.5 =
71
+ * Fixing some issues on the last login and allowing the option to disable it.
72
+
73
= 1.4.4 =
74
* Small bug fixes + forcing a re-scan on every scan attempt (not using the cache anymore).
75
sucuri.php CHANGED
@@ -7,7 +7,7 @@ Description: The <a href="http://sucuri.net">Sucuri Security</a> - SiteCheck Mal
7
You can also scan your site at <a href="http://sitecheck.sucuri.net">SiteCheck.Sucuri.net</a>.
8
9
Author: Sucuri Security
10
- Version: 1.4.4
11
Author URI: http://sucuri.net
12
*/
13
@@ -18,11 +18,15 @@ if(!function_exists('add_action'))
18
}
19
20
define('SUCURISCAN','sucuriscan');
21
- define('SUCURISCAN_VERSION','1.4.4');
22
define( 'SUCURI_URL',plugin_dir_url( __FILE__ ));
23
define('SUCURISCAN_PLUGIN_FOLDER', 'sucuri-scanner');
24
/* Sucuri Free/Paid Plugin will use the same tablename, check: sucuriscan_lastlogins_table_exists() */
25
define('SUCURISCAN_LASTLOGINS_TABLENAME', "{$table_prefix}sucuri_lastlogins");
26
27
/* Requires files. */
28
add_action( 'admin_enqueue_scripts', 'sucuriscan_admin_script_style_registration', 1 );
@@ -47,6 +51,43 @@ function sucuriscan_dir_filepath($path = '')
47
return($wp_dir_array['basedir']."/sucuri/$path");
48
}
49
50
/* Starting Sucuri Scan side bar. */
51
function sucuriscan_menu()
52
{
@@ -64,7 +105,7 @@ function sucuriscan_menu()
64
add_submenu_page('sucuriscan', 'Post-Hack', 'Post-Hack', 'manage_options',
65
'sucuriscan_posthack', 'sucuriscan_posthack_page');
66
67
- add_submenu_page('sucuriscan', 'Last Logins', 'Last Logins', 'manage_options',
68
'sucuriscan_lastlogins', 'sucuriscan_lastlogins_page');
69
}
70
@@ -75,7 +116,7 @@ function sucuri_scan_page()
75
$U_ERROR = NULL;
76
if(!current_user_can('manage_options'))
77
{
78
- wp_die(__('You do not have sufficient permissions to access this page.') );
79
}
80
81
if(isset($_POST['wpsucuri-doscan']))
@@ -256,7 +297,7 @@ function sucuriscan_pagestop($sucuri_title = 'Sucuri Plugin')
256
{
257
if(!current_user_can('manage_options'))
258
{
259
- wp_die(__('You do not have sufficient permissions to access this page.') );
260
}
261
?>
262
<h2><?php echo htmlspecialchars($sucuri_title); ?></h2>
@@ -280,7 +321,7 @@ function sucuriscan_hardening_page()
280
281
if(!current_user_can('manage_options'))
282
{
283
- wp_die(__('You do not have sufficient permissions to access this page.') );
284
}
285
286
include_once("sucuriscan_hardening.php");
@@ -315,7 +356,7 @@ function sucuriscan_core_integrity_page()
315
316
if(!current_user_can('manage_options'))
317
{
318
- wp_die(__('You do not have sufficient permissions to access this page.') );
319
}
320
321
include_once("sucuriscan_core_integrity.php");
@@ -495,7 +536,7 @@ function sucuriscan_posthack_page()
495
{
496
if( !current_user_can('manage_options') )
497
{
498
- wp_die(__('You do not have sufficient permissions to access this page.') );
499
}
500
501
// Page pseudo-variables initialization.
@@ -588,30 +629,80 @@ function sucuriscan_posthack_page()
588
echo sucuriscan_get_template('sucuri-wp-posthack.html.tpl', $template_variables);
589
}
590
591
function sucuriscan_lastlogins_page()
592
{
593
- if( !current_user_can('manage_options') )
594
{
595
- wp_die(__('You do not have sufficient permissions to access this page.') );
596
}
597
598
// Page pseudo-variables initialization.
599
$template_variables = array(
600
'SucuriURL'=>SUCURI_URL,
601
- 'PosthackNonce'=>wp_create_nonce('sucuri_posthack_nonce'),
602
'SucuriWPSidebar'=>sucuriscan_wp_sidebar_gen(),
603
'UserList'=>'',
604
- 'CurrentURL'=>site_url().'/wp-admin/admin.php?page='.$_GET['page']
605
);
606
607
$limit = isset($_GET['limit']) ? intval($_GET['limit']) : 10;
608
- $template_variables['UserList.ShowAll'] = $limit>0 ? 'display:table' : 'display:none';
609
610
$user_list = sucuriscan_get_logins($limit);
611
foreach($user_list as $user){
612
$user_snippet = sucuriscan_get_template('sucuri-wp-lastlogins.snippet.tpl', array(
613
- 'UserList.UserId'=>$user->ID,
614
- 'UserList.Username'=>$user->user_login,
615
'UserList.Email'=>$user->user_email,
616
'UserList.RemoteAddr'=>$user->user_remoteaddr,
617
'UserList.Datetime'=>$user->user_lastlogin
@@ -622,89 +713,62 @@ function sucuriscan_lastlogins_page()
622
echo sucuriscan_get_template('sucuri-wp-lastlogins.html.tpl', $template_variables);
623
}
624
625
- if( !function_exists('sucuri_login_redirect') ){
626
- function sucuri_login_redirect(){
627
- return admin_url('?sucuri_lastlogin_message=1');
628
- }
629
- add_filter('login_redirect', 'sucuri_login_redirect');
630
- }
631
632
- function sucuriscan_get_flashdata()
633
- {
634
- if( isset($_GET['sucuri_lastlogin_message']) ){
635
- $remote_addr = sucuriscan_get_remoteaddr();
636
- $lastlogin_message = 'Last user login at <strong>'.date('Y/M/d H:i:s').'</strong>';
637
- $lastlogin_message .= chr(32).'from <strong>'.$remote_addr.' - '.gethostbyaddr($remote_addr).'</strong>';
638
- if( isset($_SERVER['GEOIP_REGION']) && isset($_SERVER['GEOIP_CITY']) ){
639
- $lastlogin_message .= chr(32)."{$_SERVER['GEOIP_CITY']}/{$_SERVER['GEOIP_REGION']}";
640
}
641
- $lastlogin_message .= chr(32).'(<a href="'.site_url('wp-admin/admin.php?page=sucuriscan_lastlogins').'">View Last-Logins</a>)';
642
-
643
- sucuriscan_admin_notice('updated', $lastlogin_message);
644
}
645
}
646
- add_action('admin_notices', 'sucuriscan_get_flashdata');
647
648
- function sucuriscan_get_remoteaddr()
649
- {
650
- $alternatives = array(
651
- 'HTTP_CLIENT_IP',
652
- 'HTTP_X_FORWARDED_FOR',
653
- 'HTTP_X_FORWARDED',
654
- 'HTTP_FORWARDED_FOR',
655
- 'HTTP_FORWARDED',
656
- 'REMOTE_ADDR'
657
- );
658
- foreach($alternatives as $alternative){
659
- if( !isset($_SERVER[$alternative]) ){ continue; }
660
-
661
- $remote_addr = preg_replace('/[^0-9., ]/', '', $_SERVER[$alternative]);
662
- if($remote_addr) break;
663
- }
664
-
665
- return $remote_addr;
666
- }
667
-
668
- function sucuriscan_lastlogins_table_exists()
669
- {
670
- global $wpdb;
671
- if( defined('SUCURISCAN_LASTLOGINS_TABLENAME') ){
672
- $table_name = SUCURISCAN_LASTLOGINS_TABLENAME;
673
-
674
- if( $wpdb->get_var("SHOW TABLES LIKE '{$table_name}'")!=$table_name ){
675
- $sql = 'CREATE TABLE '.$table_name.' (
676
- id int(11) NOT NULL AUTO_INCREMENT,
677
- user_id bigint(20) NOT NULL,
678
- user_login varchar(60),
679
- user_remoteaddr varchar(255),
680
- user_lastlogin DATETIME DEFAULT "0000-00-00 00:00:00" NOT NULL,
681
- UNIQUE KEY id(id)
682
- )';
683
-
684
- require_once(ABSPATH.'wp-admin/includes/upgrade.php');
685
- dbDelta($sql);
686
}
687
}
688
}
689
- add_action('plugins_loaded', 'sucuriscan_lastlogins_table_exists');
690
-
691
- function sucuriscan_set_lastlogin($user_login='')
692
- {
693
- global $wpdb;
694
- if( defined('SUCURISCAN_LASTLOGINS_TABLENAME') ){
695
- $table_name = SUCURISCAN_LASTLOGINS_TABLENAME;
696
- $current_user = get_user_by('login', $user_login);
697
- $remote_addr = sucuriscan_get_remoteaddr();
698
-
699
- $wpdb->insert($table_name, array(
700
- 'user_id'=>$current_user->ID,
701
- 'user_login'=>$current_user->user_login,
702
- 'user_remoteaddr'=>$remote_addr,
703
- 'user_lastlogin'=>current_time('mysql')
704
- ));
705
- }
706
- }
707
- add_action('wp_login', 'sucuriscan_set_lastlogin', 50);
708
709
function sucuriscan_get_logins($limit=10, $user_id=0)
710
{
@@ -713,7 +777,7 @@ function sucuriscan_get_logins($limit=10, $user_id=0)
713
$table_name = SUCURISCAN_LASTLOGINS_TABLENAME;
714
715
$sql = "SELECT * FROM {$table_name} LEFT JOIN {$wpdb->prefix}users ON {$table_name}.user_id = {$wpdb->prefix}users.ID";
716
- if( !is_admin() ){
717
$current_user = wp_get_current_user();
718
$sql .= chr(32)."WHERE {$wpdb->prefix}users.user_login = '{$current_user->user_login}'";
719
}
@@ -725,8 +789,59 @@ function sucuriscan_get_logins($limit=10, $user_id=0)
725
if( preg_match('/^([0-9]+)#x2F;', $limit) && $limit>0 ){
726
$sql .= chr(32)."LIMIT {$limit}";
727
}
728
return $wpdb->get_results($sql);
729
}
730
731
return FALSE;
732
}
7
You can also scan your site at <a href="http://sitecheck.sucuri.net">SiteCheck.Sucuri.net</a>.
8
9
Author: Sucuri Security
10
+ Version: 1.4.5
11
Author URI: http://sucuri.net
12
*/
13
18
}
19
20
define('SUCURISCAN','sucuriscan');
21
+ define('SUCURISCAN_VERSION','1.4.5');
22
define( 'SUCURI_URL',plugin_dir_url( __FILE__ ));
23
define('SUCURISCAN_PLUGIN_FOLDER', 'sucuri-scanner');
24
/* Sucuri Free/Paid Plugin will use the same tablename, check: sucuriscan_lastlogins_table_exists() */
25
define('SUCURISCAN_LASTLOGINS_TABLENAME', "{$table_prefix}sucuri_lastlogins");
26
+ define('SUCURISCAN_LASTLOGINS_TABLEVERSION', '1.0');
27
+
28
+ register_activation_hook(__FILE__, 'sucuriscan_plugin_activation');
29
+ register_deactivation_hook(__FILE__, 'sucuriscan_plugin_deactivation');
30
31
/* Requires files. */
32
add_action( 'admin_enqueue_scripts', 'sucuriscan_admin_script_style_registration', 1 );
51
return($wp_dir_array['basedir']."/sucuri/$path");
52
}
53
54
+ /* sucuri_plugin_activation:
55
+ * Creates the internal files / directories used by the plugin.
56
+ * Returns 0 on error and 1 on success.
57
+ */
58
+ function sucuriscan_plugin_activation()
59
+ {
60
+ if( function_exists('sucuriscan_capabilities') ){
61
+ sucuriscan_capabilities('add');
62
+ }
63
+ return(1);
64
+ }
65
+
66
+ function sucuriscan_plugin_deactivation()
67
+ {
68
+ if( function_exists('sucuriscan_capabilities') ){
69
+ sucuriscan_capabilities('remove');
70
+ }
71
+ return TRUE;
72
+ }
73
+
74
+ function sucuriscan_capabilities($action=NULL){
75
+ $allowed_actions = array( 'add', 'remove' );
76
+
77
+ if( in_array($action, $allowed_actions) ){
78
+ $roles = get_editable_roles();
79
+ foreach($roles as $role_name=>$role_info){
80
+ /* $role_info = Array( name => String, capabilities => Array ) */
81
+ $role_object = get_role($role_name);
82
+ if( $action='add' ){
83
+ $role_object->add_cap('sucuriscan_cap_lastlogins');
84
+ }elseif( $action=='remove' ){
85
+ $role_object->remove_cap('sucuriscan_cap_lastlogins');
86
+ }
87
+ }
88
+ }
89
+ }
90
+
91
/* Starting Sucuri Scan side bar. */
92
function sucuriscan_menu()
93
{
105
add_submenu_page('sucuriscan', 'Post-Hack', 'Post-Hack', 'manage_options',
106
'sucuriscan_posthack', 'sucuriscan_posthack_page');
107
108
+ add_submenu_page('sucuriscan', 'Last Logins', 'Last Logins', 'sucuriscan_cap_lastlogins',
109
'sucuriscan_lastlogins', 'sucuriscan_lastlogins_page');
110
}
111
116
$U_ERROR = NULL;
117
if(!current_user_can('manage_options'))
118
{
119
+ wp_die(__('You do not have sufficient permissions to access this page: Sucuri Malware Scanner') );
120
}
121
122
if(isset($_POST['wpsucuri-doscan']))
297
{
298
if(!current_user_can('manage_options'))
299
{
300
+ wp_die(__('You do not have sufficient permissions to access this page: Sucuri Header') );
301
}
302
?>
303
<h2><?php echo htmlspecialchars($sucuri_title); ?></h2>
321
322
if(!current_user_can('manage_options'))
323
{
324
+ wp_die(__('You do not have sufficient permissions to access this page: Sucuri Hardening') );
325
}
326
327
include_once("sucuriscan_hardening.php");
356
357
if(!current_user_can('manage_options'))
358
{
359
+ wp_die(__('You do not have sufficient permissions to access this page: Sucuri Integrity Check') );
360
}
361
362
include_once("sucuriscan_core_integrity.php");
536
{
537
if( !current_user_can('manage_options') )
538
{
539
+ wp_die(__('You do not have sufficient permissions to access this page: Sucuri Post-Hack') );
540
}
541
542
// Page pseudo-variables initialization.
629
echo sucuriscan_get_template('sucuri-wp-posthack.html.tpl', $template_variables);
630
}
631
632
+ function sucuriscan_get_remoteaddr()
633
+ {
634
+ $alternatives = array(
635
+ 'HTTP_X_REAL_IP',
636
+ 'HTTP_CLIENT_IP',
637
+ 'HTTP_X_FORWARDED_FOR',
638
+ 'HTTP_X_FORWARDED',
639
+ 'HTTP_FORWARDED_FOR',
640
+ 'HTTP_FORWARDED',
641
+ 'REMOTE_ADDR',
642
+ 'SUCURI_RIP',
643
+ );
644
+ foreach($alternatives as $alternative){
645
+ if( !isset($_SERVER[$alternative]) ){ continue; }
646
+
647
+ $remote_addr = preg_replace('/[^0-9., ]/', '', $_SERVER[$alternative]);
648
+ if($remote_addr) break;
649
+ }
650
+
651
+ return $remote_addr;
652
+ }
653
+
654
function sucuriscan_lastlogins_page()
655
{
656
+ if( !current_user_can('sucuriscan_cap_lastlogins') )
657
{
658
+ wp_die(__('You do not have sufficient permissions to access this page: Sucuri Last-Logins') );
659
}
660
661
// Page pseudo-variables initialization.
662
$template_variables = array(
663
'SucuriURL'=>SUCURI_URL,
664
+ 'LastLoginsNonce'=>wp_create_nonce('sucuriscan_lastlogins_nonce'),
665
'SucuriWPSidebar'=>sucuriscan_wp_sidebar_gen(),
666
'UserList'=>'',
667
+ 'CurrentURL'=>site_url().'/wp-admin/admin.php?page='.$_GET['page'],
668
+ 'LastLoginsAlerts.EnableEveryone'=>'',
669
+ 'LastLoginsAlerts.DisableEveryone'=>'',
670
+ 'LastLoginsAlerts.JustAdmins'=>''
671
);
672
673
+ $can_edit_settings = current_user_can('manage_options') ? TRUE : FALSE;
674
+ $template_variables['LastLoginsSettings.Display'] = $can_edit_settings ? '' : 'hidden';
675
+
676
+ if( wp_verify_nonce($_POST['sucuri_lastlogins_nonce'], 'sucuriscan_lastlogins_nonce') ){
677
+ if( $can_edit_settings ){
678
+ update_option('sucuri_lastlogins_alerts', $_POST['lastlogin_alerts']);
679
+ sucuriscan_admin_notice('updated', '<strong>OK.</strong> New settings saved!');
680
+ }else{
681
+ sucuriscan_admin_notice('error', '<strong>Error.</strong> You do not have permissions to change these settings.');
682
+ }
683
+ }
684
+
685
+ switch( get_option('sucuri_lastlogins_alerts') ){
686
+ case 'disable_everyone':
687
+ $template_variables['LastLoginsAlerts.DisableEveryone'] = 'checked="checked"';
688
+ break;
689
+ case 'just_admins':
690
+ $template_variables['LastLoginsAlerts.JustAdmins'] = 'checked="checked"';
691
+ break;
692
+ case 'enable_everyone':
693
+ default:
694
+ $template_variables['LastLoginsAlerts.EnableEveryone'] = 'checked="checked"';
695
+ break;
696
+ }
697
+
698
$limit = isset($_GET['limit']) ? intval($_GET['limit']) : 10;
699
+ $template_variables['UserList.ShowAll'] = $limit>0 ? 'visible' : 'hidden';
700
701
$user_list = sucuriscan_get_logins($limit);
702
foreach($user_list as $user){
703
$user_snippet = sucuriscan_get_template('sucuri-wp-lastlogins.snippet.tpl', array(
704
+ 'UserList.UserId'=>intval($user->ID),
705
+ 'UserList.Username'=>( !is_null($user->user_login) ? $user->user_login : '<em>Unknown</em>' ),
706
'UserList.Email'=>$user->user_email,
707
'UserList.RemoteAddr'=>$user->user_remoteaddr,
708
'UserList.Datetime'=>$user->user_lastlogin
713
echo sucuriscan_get_template('sucuri-wp-lastlogins.html.tpl', $template_variables);
714
}
715
716
+ if( !function_exists('sucuri_lastlogins_table_exists') ){
717
+ function sucuriscan_lastlogins_table_exists()
718
+ {
719
+ global $wpdb;
720
+ if( defined('SUCURISCAN_LASTLOGINS_TABLENAME') ){
721
+ $table_name = SUCURISCAN_LASTLOGINS_TABLENAME;
722
+ $upgrade_table = FALSE;
723
+
724
+ if(
725
+ $wpdb->get_var("SHOW TABLES LIKE '{$table_name}'")!=$table_name
726
+ || get_option('sucuriscan_lastlogin_table_version')!=SUCURISCAN_LASTLOGINS_TABLEVERSION
727
+ ){
728
+ $upgrade_table = TRUE;
729
+ }
730
731
+ if( $upgrade_table ){
732
+ $sql = 'CREATE TABLE '.$table_name.' (
733
+ id int(11) NOT NULL AUTO_INCREMENT,
734
+ user_id bigint(20) NOT NULL,
735
+ user_login varchar(60),
736
+ user_remoteaddr varchar(255),
737
+ user_hostname varchar(255),
738
+ user_lastlogin DATETIME DEFAULT "0000-00-00 00:00:00" NOT NULL,
739
+ UNIQUE KEY id(id)
740
+ )';
741
+
742
+ require_once(ABSPATH.'wp-admin/includes/upgrade.php');
743
+ if( dbDelta($sql) ){
744
+ update_option('sucuri_lastlogin_table_version', SUCURI_LASTLOGINS_TABLEVERSION);
745
+ }
746
+ }
747
}
748
}
749
+ add_action('plugins_loaded', 'sucuriscan_lastlogins_table_exists');
750
}
751
752
+ if( !function_exists('sucuri_set_lastlogin') ){
753
+ function sucuriscan_set_lastlogin($user_login='')
754
+ {
755
+ global $wpdb;
756
+ if( defined('SUCURISCAN_LASTLOGINS_TABLENAME') ){
757
+ $table_name = SUCURISCAN_LASTLOGINS_TABLENAME;
758
+ $current_user = get_user_by('login', $user_login);
759
+ $remote_addr = sucuriscan_get_remoteaddr();
760
+
761
+ $wpdb->insert($table_name, array(
762
+ 'user_id'=>$current_user->ID,
763
+ 'user_login'=>$current_user->user_login,
764
+ 'user_remoteaddr'=>$remote_addr,
765
+ 'user_hostname'=>@gethostbyaddr($remote_addr),
766
+ 'user_lastlogin'=>current_time('mysql')
767
+ ));
768
}
769
}
770
+ add_action('wp_login', 'sucuriscan_set_lastlogin', 50);
771
}
772
773
function sucuriscan_get_logins($limit=10, $user_id=0)
774
{
777
$table_name = SUCURISCAN_LASTLOGINS_TABLENAME;
778
779
$sql = "SELECT * FROM {$table_name} LEFT JOIN {$wpdb->prefix}users ON {$table_name}.user_id = {$wpdb->prefix}users.ID";
780
+ if( !current_user_can('manage_options') ){
781
$current_user = wp_get_current_user();
782
$sql .= chr(32)."WHERE {$wpdb->prefix}users.user_login = '{$current_user->user_login}'";
783
}
789
if( preg_match('/^([0-9]+)#x2F;', $limit) && $limit>0 ){
790
$sql .= chr(32)."LIMIT {$limit}";
791
}
792
+
793
return $wpdb->get_results($sql);
794
}
795
796
return FALSE;
797
}
798
+
799
+ if( !function_exists('sucuri_login_redirect') ){
800
+ function sucuriscan_login_redirect($redirect_to='', $request=NULL, $user=FALSE){
801
+ $login_url = !empty($redirect_to) ? $redirect_to : admin_url();
802
+ if( $user instanceof WP_User && $user->ID ){
803
+ $login_url = add_query_arg( 'sucuriscan_lastlogin_message', 1, $login_url );
804
+ }
805
+ return $login_url;
806
+ }
807
+ add_filter('login_redirect', 'sucuriscan_login_redirect', 10, 3);
808
+ }
809
+
810
+ if( !function_exists('sucuri_get_user_lastlogin') ){
811
+ function sucuriscan_get_user_lastlogin()
812
+ {
813
+ global $wpdb;
814
+ if( isset($_GET['sucuriscan_lastlogin_message']) && defined('SUCURISCAN_LASTLOGINS_TABLENAME') ){
815
+ switch( get_option('sucuri_lastlogins_alerts') ){
816
+ case 'disable_everyone':
817
+ $display_alert = FALSE;
818
+ break;
819
+ case 'just_admins':
820
+ $display_alert = current_user_can('manage_options') ? TRUE : FALSE;
821
+ break;
822
+ case 'enable_everyone':
823
+ default:
824
+ $display_alert = TRUE;
825
+ break;
826
+ }
827
+
828
+ if($display_alert){
829
+ $table_name = SUCURISCAN_LASTLOGINS_TABLENAME;
830
+ $current_user = wp_get_current_user();
831
+
832
+ // Select the penultimate entry, not the last one.
833
+ $sql = "SELECT * FROM {$table_name} WHERE user_id = '{$current_user->ID}' ORDER BY user_lastlogin DESC LIMIT 1,1";
834
+ $row = $wpdb->get_row($sql);
835
+
836
+ if($row){
837
+ $message_tpl = 'The last time you logged in was: %s, from %s - %s';
838
+ $lastlogin_message = sprintf( $message_tpl, date('Y/M/d'), $row->user_remoteaddr, $row->user_hostname );
839
+ $lastlogin_message .= chr(32).'(<a href="'.site_url('wp-admin/admin.php?page='.SUCURISCAN.'_lastlogins').'">View Last-Logins</a>)';
840
+ }
841
+
842
+ sucuriscan_admin_notice('updated', $lastlogin_message);
843
+ }
844
+ }
845
+ }
846
+ add_action('admin_notices', 'sucuriscan_get_user_lastlogin');
847
+ }