if (is_multisite()) {

[500] Fix | Delete

add_filter('manage_users-network_columns', array($this, '_manage_users_columns'));

[501] Fix | Delete

add_filter('manage_users-network_custom_column', array($this, '_manage_users_custom_column'), 10, 3);

[502] Fix | Delete

add_filter('manage_users-network_sortable_columns', array($this, '_manage_users_sortable_columns'), 10, 1);

[503] Fix | Delete

add_filter('ms_user_row_actions', array($this, '_user_row_actions'), 10, 2);

[504] Fix | Delete

add_filter('views_users-network', array($this, '_views_users'));

[505] Fix | Delete

}

[506] Fix | Delete

}

[507] Fix | Delete

[508] Fix | Delete

public function _deleted_user($id) {

[509] Fix | Delete

$user = new \WP_User($id);

[510] Fix | Delete

if ($user instanceof \WP_User && !$user->exists()) {

[511] Fix | Delete

global $wpdb;

[512] Fix | Delete

$table = Controller_DB::shared()->secrets;

[513] Fix | Delete

$wpdb->query($wpdb->prepare("DELETE FROM `{$table}` WHERE `user_id` = %d", $id));

[514] Fix | Delete

}

[515] Fix | Delete

}

[516] Fix | Delete

[517] Fix | Delete

public function _manage_users_columns($columns = array()) {

[518] Fix | Delete

if (user_can(wp_get_current_user(), Controller_Permissions::CAP_ACTIVATE_2FA_OTHERS)) {

[519] Fix | Delete

$columns['wfls_2fa_status'] = esc_html__('2FA Status', 'wordfence');

[520] Fix | Delete

}

[521] Fix | Delete

[522] Fix | Delete

if (Controller_Settings::shared()->are_login_history_columns_enabled() && Controller_Permissions::shared()->can_manage_settings(wp_get_current_user())) {

[523] Fix | Delete

$columns['wfls_last_login'] = esc_html__('Last Login', 'wordfence');

[524] Fix | Delete

if (Controller_CAPTCHA::shared()->enabled()) {

[525] Fix | Delete

$columns['wfls_last_captcha'] = esc_html__('Last CAPTCHA', 'wordfence');

[526] Fix | Delete

}

[527] Fix | Delete

}

[528] Fix | Delete

return $columns;

[529] Fix | Delete

}

[530] Fix | Delete

[531] Fix | Delete

public function _manage_users_custom_column($value = '', $column_name = '', $user_id = 0) {

[532] Fix | Delete

switch($column_name) {

[533] Fix | Delete

case 'wfls_2fa_status':

[534] Fix | Delete

$user = new \WP_User($user_id);

[535] Fix | Delete

$value = __('Not Allowed', 'wordfence');

[536] Fix | Delete

if (Controller_Users::shared()->can_activate_2fa($user)) {

[537] Fix | Delete

$has2fa = Controller_Users::shared()->has_2fa_active($user);

[538] Fix | Delete

$requires2fa = $this->requires_2fa($user, $inGracePeriod);

[539] Fix | Delete

if ($has2fa) {

[540] Fix | Delete

$value = esc_html__('Active', 'wordfence');

[541] Fix | Delete

}

[542] Fix | Delete

elseif ($inGracePeriod) {

[543] Fix | Delete

$value = wp_kses(__('Inactive<small class="wfls-sub-status">(Grace Period)</small>', 'wordfence'), array('small'=>array('class'=>array())));

[544] Fix | Delete

}

[545] Fix | Delete

elseif (($requires2fa && !$has2fa)) {

[546] Fix | Delete

$value = wp_kses($inGracePeriod === null ? __('Locked Out<small class="wfls-sub-status">(Grace Period Disabled)</small>', 'wordfence') : __('Locked Out<small class="wfls-sub-status">(Grace Period Exceeded)</small>', 'wordfence'), array('small'=>array('class'=>array())));

[547] Fix | Delete

}

[548] Fix | Delete

else {

[549] Fix | Delete

$value = esc_html__('Inactive', 'wordfence');

[550] Fix | Delete

}

[551] Fix | Delete

}

[552] Fix | Delete

break;

[553] Fix | Delete

case 'wfls_last_login':

[554] Fix | Delete

$value = '-';

[555] Fix | Delete

if (($last = get_user_meta($user_id, 'wfls-last-login', true)) && Utility_Number::isUnixTimestamp($last)) {

[556] Fix | Delete

$value = Controller_Time::format_local_time(get_option('date_format') . ' ' . get_option('time_format'), $last);

[557] Fix | Delete

}

[558] Fix | Delete

break;

[559] Fix | Delete

case 'wfls_last_captcha':

[560] Fix | Delete

$user = new \WP_User($user_id);

[561] Fix | Delete

$value = '-';

[562] Fix | Delete

if (($last = get_user_meta($user_id, 'wfls-last-captcha-score', true))) {

[563] Fix | Delete

$value = number_format($last, 1);

[564] Fix | Delete

}

[565] Fix | Delete

break;

[566] Fix | Delete

}

[567] Fix | Delete

[568] Fix | Delete

return $value;

[569] Fix | Delete

}

[570] Fix | Delete

[571] Fix | Delete

public function _manage_users_sortable_columns($sortable_columns) {

[572] Fix | Delete

return array_merge($sortable_columns, array(

[573] Fix | Delete

'wfls_last_login' => 'wfls-lastlogin',

[574] Fix | Delete

'wfls_last_captcha' => 'wfls-lastcaptcha',

[575] Fix | Delete

));

[576] Fix | Delete

}

[577] Fix | Delete

[578] Fix | Delete

protected function _user_ids_with_2fa_active() {

[579] Fix | Delete

global $wpdb;

[580] Fix | Delete

$table = Controller_DB::shared()->secrets;

[581] Fix | Delete

return $wpdb->get_col("SELECT DISTINCT `user_id` FROM {$table}");

[582] Fix | Delete

}

[583] Fix | Delete

[584] Fix | Delete

public function _users_list_table_query_args($args) {

[585] Fix | Delete

if (isset($_REQUEST['wf2fa']) && preg_match('/^(?:in)?active$/i', $_REQUEST['wf2fa'])) {

[586] Fix | Delete

$mode = strtolower($_REQUEST['wf2fa']);

[587] Fix | Delete

if ($mode == 'active') {

[588] Fix | Delete

$args['include'] = $this->_user_ids_with_2fa_active();

[589] Fix | Delete

}

[590] Fix | Delete

else if ($mode == 'inactive') {

[591] Fix | Delete

unset($args['include']);

[592] Fix | Delete

$args['exclude'] = $this->_user_ids_with_2fa_active();

[593] Fix | Delete

}

[594] Fix | Delete

}

[595] Fix | Delete

[596] Fix | Delete

if (isset($args['orderby'])) {

[597] Fix | Delete

if (is_string($args['orderby'])) {

[598] Fix | Delete

if ($args['orderby'] == 'wfls-lastlogin') {

[599] Fix | Delete

$args['meta_key'] = 'wfls-last-login';

[600] Fix | Delete

$args['orderby'] = 'meta_value';

[601] Fix | Delete

}

[602] Fix | Delete

else if ($args['orderby'] == 'wfls-lastcaptcha') {

[603] Fix | Delete

$args['meta_key'] = 'wfls-last-captcha-score';

[604] Fix | Delete

$args['orderby'] = 'meta_value';

[605] Fix | Delete

}

[606] Fix | Delete

}

[607] Fix | Delete

else {

[608] Fix | Delete

$has_one = false;

[609] Fix | Delete

if (array_key_exists('wfls-lastlogin', $args['orderby'])) {

[610] Fix | Delete

$args['meta_key'] = 'wfls-last-login';

[611] Fix | Delete

$args['orderby']['meta_value'] = $args['orderby']['wfls-lastlogin'];

[612] Fix | Delete

unset($args['orderby']['wfls-lastlogin']);

[613] Fix | Delete

$has_one = true;

[614] Fix | Delete

}

[615] Fix | Delete

[616] Fix | Delete

if (array_key_exists('wfls-lastcaptcha', $args['orderby'])) {

[617] Fix | Delete

if (!$has_one) { //We have to discard one if both are set to sort by because $meta_key can only be a single value rather than an array

[618] Fix | Delete

$args['meta_key'] = 'wfls-last-captcha-score';

[619] Fix | Delete

$args['orderby']['meta_value'] = $args['orderby']['wfls-lastcaptcha'];

[620] Fix | Delete

}

[621] Fix | Delete

unset($args['orderby']['wfls-lastcaptcha']);

[622] Fix | Delete

$has_one = true;

[623] Fix | Delete

}

[624] Fix | Delete

[625] Fix | Delete

if (in_array('wfls-lastlogin', $args['orderby'])) {

[626] Fix | Delete

if (!$has_one) { //We have to discard one if both are set to sort by because $meta_key can only be a single value rather than an array

[627] Fix | Delete

$args['meta_key'] = 'wfls-last-login';

[628] Fix | Delete

$args['orderby'][] = 'meta_value';

[629] Fix | Delete

}

[630] Fix | Delete

unset($args['orderby'][array_search('wfls-lastlogin', $args['orderby'])]);

[631] Fix | Delete

$has_one = true;

[632] Fix | Delete

}

[633] Fix | Delete

[634] Fix | Delete

if (in_array('wfls-lastcaptcha', $args['orderby'])) {

[635] Fix | Delete

if (!$has_one) { //We have to discard one if both are set to sort by because $meta_key can only be a single value rather than an array

[636] Fix | Delete

$args['meta_key'] = 'wfls-last-captcha-score';

[637] Fix | Delete

$args['orderby'][] = 'meta_value';

[638] Fix | Delete

}

[639] Fix | Delete

unset($args['orderby'][array_search('wfls-lastcaptcha', $args['orderby'])]);

[640] Fix | Delete

$has_one = true;

[641] Fix | Delete

}

[642] Fix | Delete

}

[643] Fix | Delete

}

[644] Fix | Delete

return $args;

[645] Fix | Delete

}

[646] Fix | Delete

[647] Fix | Delete

public function _user_row_actions($actions, $user) {

[648] Fix | Delete

//Format is 'view' => '<a href="https://wfpremium.dev1.ryanbritton.com/author/ryan/" aria-label="View posts by ryan">View</a>'

[649] Fix | Delete

if (user_can(wp_get_current_user(), Controller_Permissions::CAP_ACTIVATE_2FA_OTHERS) && (Controller_Users::shared()->can_activate_2fa($user) || Controller_Users::shared()->has_2fa_active($user))) {

[650] Fix | Delete

$url = (is_multisite() ? network_admin_url('admin.php?page=WFLS&user=' . $user->ID) : admin_url('admin.php?page=WFLS&user=' . $user->ID));

[651] Fix | Delete

$actions['wf2fa'] = '<a href="' . esc_url($url) . '" aria-label="' . esc_attr(sprintf(__('Edit two-factor authentication for %s', 'wordfence'), $user->user_login)) . '">' . esc_html__('2FA', 'wordfence') . '</a>';

[652] Fix | Delete

}

[653] Fix | Delete

return $actions;

[654] Fix | Delete

}

[655] Fix | Delete

[656] Fix | Delete

public function _views_users($views) {

[657] Fix | Delete

//Format is 'subscriber' => '<a href=\\'users.php?role=subscriber\\'>Subscriber <span class="count">(40,002)</span></a>',

[658] Fix | Delete

include(ABSPATH . WPINC . '/version.php'); /** @var string $wp_version */

[659] Fix | Delete

if (user_can(wp_get_current_user(), Controller_Permissions::CAP_ACTIVATE_2FA_OTHERS) && version_compare($wp_version, '4.4.0', '>=')) {

[660] Fix | Delete

$counts = $this->user_counts();

[661] Fix | Delete

$views['all'] = str_replace(' class="current" aria-current="page"', '', $views['all']);

[662] Fix | Delete

$views['wfls-active'] = '<a href="' . esc_url(add_query_arg('wf2fa', 'active', 'users.php')) . '"' . (isset($_GET['wf2fa']) && $_GET['wf2fa'] == 'active' ? ' class="current" aria-current="page"' : '') . '>' . esc_html__('2FA Active', 'wordfence') . ' <span class="count">(' . number_format($counts['active_users']) . ')</span></a>';

[663] Fix | Delete

$views['wfls-inactive'] = '<a href="' . esc_url(add_query_arg('wf2fa', 'inactive', 'users.php')) . '"' . (isset($_GET['wf2fa']) && $_GET['wf2fa'] == 'inactive' ? ' class="current" aria-current="page"' : '') . '>' . esc_html__('2FA Inactive', 'wordfence') . ' <span class="count">(' . number_format($counts['inactive_users']) . ')</span></a>';

[664] Fix | Delete

}

[665] Fix | Delete

return $views;

[666] Fix | Delete

}

[667] Fix | Delete

[668] Fix | Delete

private function get_grace_period_reset_time($user) {

[669] Fix | Delete

$time = get_user_option(self::META_KEY_GRACE_PERIOD_RESET, $user->ID);

[670] Fix | Delete

if (empty($time))

[671] Fix | Delete

return null;

[672] Fix | Delete

return (int) $time;

[673] Fix | Delete

}

[674] Fix | Delete

[675] Fix | Delete

public function get_grace_period_override($user) {

[676] Fix | Delete

$override = get_user_option(self::META_KEY_GRACE_PERIOD_OVERRIDE, $user->ID);

[677] Fix | Delete

if ($override === false)

[678] Fix | Delete

return null;

[679] Fix | Delete

return (int) $override;

[680] Fix | Delete

}

[681] Fix | Delete

[682] Fix | Delete

private function does_user_role_require_2fa($user, &$inGracePeriod = null, &$requiredAt = null) {

[683] Fix | Delete

$is2faAdmin = Controller_Permissions::shared()->can_manage_settings($user);

[684] Fix | Delete

$userDate = self::get_grace_period_reset_time($user);

[685] Fix | Delete

if ($userDate === null)

[686] Fix | Delete

$userDate = self::get_registration_date($user);

[687] Fix | Delete

if ($is2faAdmin && !$this->get_grace_period_allowed_flag($user->ID)) {

[688] Fix | Delete

$gracePeriod = 0;

[689] Fix | Delete

$inGracePeriod = null;

[690] Fix | Delete

}

[691] Fix | Delete

else {

[692] Fix | Delete

$gracePeriod = self::get_grace_period_override($user);

[693] Fix | Delete

if ($gracePeriod === null)

[694] Fix | Delete

$gracePeriod = Controller_Settings::shared()->get_user_2fa_grace_period();

[695] Fix | Delete

$gracePeriod *= self::SECONDS_PER_DAY;

[696] Fix | Delete

$inGracePeriod = false;

[697] Fix | Delete

}

[698] Fix | Delete

$now = time();

[699] Fix | Delete

foreach (Controller_Permissions::shared()->get_all_roles($user) as $role) {

[700] Fix | Delete

$roleDate = Controller_Settings::shared()->get_required_2fa_role_activation_time($role);

[701] Fix | Delete

if ($roleDate === false)

[702] Fix | Delete

continue;

[703] Fix | Delete

$effectiveDate = max($userDate, $roleDate) + $gracePeriod;

[704] Fix | Delete

if ($requiredAt === null || $effectiveDate < $requiredAt)

[705] Fix | Delete

$requiredAt = $effectiveDate;

[706] Fix | Delete

if ($effectiveDate <= $now && (!$is2faAdmin || $this->has_admin_with_2fa_active())) {

[707] Fix | Delete

if ($inGracePeriod)

[708] Fix | Delete

$inGracePeriod = false;

[709] Fix | Delete

return true;

[710] Fix | Delete

}

[711] Fix | Delete

else if ($inGracePeriod !== null) {

[712] Fix | Delete

$inGracePeriod = true;

[713] Fix | Delete

}

[714] Fix | Delete

}

[715] Fix | Delete

return false;

[716] Fix | Delete

}

[717] Fix | Delete

[718] Fix | Delete

private static function get_registration_date($user) {

[719] Fix | Delete

return strtotime($user->user_registered);

[720] Fix | Delete

}

[721] Fix | Delete

[722] Fix | Delete

public function reset_2fa_grace_period($user, $override = null) {

[723] Fix | Delete

if (!$this->can_activate_2fa($user) || $this->has_2fa_active($user))

[724] Fix | Delete

return false;

[725] Fix | Delete

update_user_option($user->ID, self::META_KEY_GRACE_PERIOD_RESET, time(), true);

[726] Fix | Delete

if ($override !== null)

[727] Fix | Delete

update_user_option($user->ID, self::META_KEY_GRACE_PERIOD_OVERRIDE, (int) $override, true);

[728] Fix | Delete

return true;

[729] Fix | Delete

}

[730] Fix | Delete

[731] Fix | Delete

public function revoke_grace_period($user) {

[732] Fix | Delete

foreach(array(

[733] Fix | Delete

self::META_KEY_GRACE_PERIOD_RESET,

[734] Fix | Delete

self::META_KEY_GRACE_PERIOD_OVERRIDE,

[735] Fix | Delete

self::META_KEY_ALLOW_GRACE_PERIOD

[736] Fix | Delete

) as $option) {

[737] Fix | Delete

delete_user_option($user->ID, $option, true);

[738] Fix | Delete

}

[739] Fix | Delete

}

[740] Fix | Delete

[741] Fix | Delete

public function allow_grace_period($userId) {

[742] Fix | Delete

update_user_option($userId, self::META_KEY_ALLOW_GRACE_PERIOD, true, true);

[743] Fix | Delete

}

[744] Fix | Delete

[745] Fix | Delete

public function get_grace_period_allowed_flag($userId) {

[746] Fix | Delete

return (bool) get_user_option(self::META_KEY_ALLOW_GRACE_PERIOD, $userId);

[747] Fix | Delete

}

[748] Fix | Delete

[749] Fix | Delete

public function has_revokable_grace_period($user) {

[750] Fix | Delete

return $this->get_grace_period_allowed_flag($user->ID) || $this->get_grace_period_reset_time($user) !== null;

[751] Fix | Delete

}

[752] Fix | Delete

[753] Fix | Delete

private function get_inactive_2fa_super_admins($gracePeriod = false) {

[754] Fix | Delete

$inactive = array();

[755] Fix | Delete

foreach(get_super_admins() as $username) {

[756] Fix | Delete

$user = new \WP_User($username);

[757] Fix | Delete

if (!$this->has_2fa_active($user)) {

[758] Fix | Delete

$this->requires_2fa($user, $inGracePeriod, $requiredAt);

[759] Fix | Delete

if ($gracePeriod === null || $gracePeriod == $inGracePeriod) {

[760] Fix | Delete

$current = new \StdClass();

[761] Fix | Delete

$current->user_id = $user->ID;

[762] Fix | Delete

$current->user_login = $username;

[763] Fix | Delete

$current->required_at = $requiredAt;

[764] Fix | Delete

$inactive[] = $current;

[765] Fix | Delete

}

[766] Fix | Delete

}

[767] Fix | Delete

}

[768] Fix | Delete

return $inactive;

[769] Fix | Delete

}

[770] Fix | Delete

[771] Fix | Delete

private function generate_inactive_2fa_user_query($roleKey, $gracePeriod = null, $page = null, $perPage = null) {

[772] Fix | Delete

global $wpdb;

[773] Fix | Delete

$secondsPerDay = (int) self::SECONDS_PER_DAY;

[774] Fix | Delete

$gracePeriodSeconds = (int) (Controller_Settings::shared()->get_user_2fa_grace_period() * self::SECONDS_PER_DAY);

[775] Fix | Delete

$roleTime = (int) (Controller_Settings::shared()->get_required_2fa_role_activation_time($roleKey));

[776] Fix | Delete

$siteId = get_current_blog_id();

[777] Fix | Delete

$blogPrefix = $wpdb->get_blog_prefix($siteId);

[778] Fix | Delete

$usermeta = $wpdb->usermeta;

[779] Fix | Delete

$users = $wpdb->users;

[780] Fix | Delete

$secrets = Controller_DB::shared()->secrets;

[781] Fix | Delete

$admin = Controller_Permissions::shared()->can_role_manage_settings($roleKey);

[782] Fix | Delete

$parameters = array(

[783] Fix | Delete

self::META_KEY_GRACE_PERIOD_RESET,

[784] Fix | Delete

self::META_KEY_GRACE_PERIOD_OVERRIDE

[785] Fix | Delete

);

[786] Fix | Delete

$gracePeriodClause = "IF(overrides.days IS NULL, $gracePeriodSeconds, overrides.days * $secondsPerDay)";

[787] Fix | Delete

$registeredTimestampClause = "UNIX_TIMESTAMP(CONVERT_TZ($users.user_registered, '+00:00', @@time_zone))";

[788] Fix | Delete

$now = time();

[789] Fix | Delete

if ($admin) {

[790] Fix | Delete

$allowancesJoin = <<<SQL

[791] Fix | Delete

LEFT JOIN (

[792] Fix | Delete

SELECT

[793] Fix | Delete

user_id,

[794] Fix | Delete

meta_value AS allowed

[795] Fix | Delete

FROM

[796] Fix | Delete

$usermeta

[797] Fix | Delete

WHERE

[798] Fix | Delete

meta_key = %s

[799] Fix | Delete

) allowances ON allowances.user_id = $usermeta.user_id

[800] Fix | Delete

SQL;

[801] Fix | Delete

$parameters[] = self::META_KEY_ALLOW_GRACE_PERIOD;

[802] Fix | Delete

$allowedClause = 'IFNULL(allowances.allowed, 0)';

[803] Fix | Delete

$gracePeriodClause = "IF($allowedClause = 0, 0, $gracePeriodClause)";

[804] Fix | Delete

}

[805] Fix | Delete

else {

[806] Fix | Delete

$allowancesJoin = null;

[807] Fix | Delete

$allowedClause = null;

[808] Fix | Delete

}

[809] Fix | Delete

$timeClause = "GREATEST($roleTime, $registeredTimestampClause, IFNULL(resets.time, 0)) + $gracePeriodClause";

[810] Fix | Delete

$query = <<<SQL

[811] Fix | Delete

SELECT

[812] Fix | Delete

$usermeta.user_id,

[813] Fix | Delete

$users.user_login,

[814] Fix | Delete

$timeClause AS required_at

[815] Fix | Delete

FROM

[816] Fix | Delete

$usermeta

[817] Fix | Delete

JOIN $users ON $users.ID = $usermeta.user_id

[818] Fix | Delete

LEFT JOIN (

[819] Fix | Delete

SELECT

[820] Fix | Delete

user_id,

[821] Fix | Delete

meta_value AS time

[822] Fix | Delete

FROM

[823] Fix | Delete

$usermeta

[824] Fix | Delete

WHERE

[825] Fix | Delete

meta_key = %s

[826] Fix | Delete

) resets ON resets.user_id = $usermeta.user_id

[827] Fix | Delete

LEFT JOIN (

[828] Fix | Delete

SELECT

[829] Fix | Delete

user_id,

[830] Fix | Delete

meta_value AS days

[831] Fix | Delete

FROM

[832] Fix | Delete

$usermeta

[833] Fix | Delete

WHERE

[834] Fix | Delete

meta_key = %s

[835] Fix | Delete

) overrides ON overrides.user_id = $usermeta.user_id

[836] Fix | Delete

$allowancesJoin

[837] Fix | Delete

WHERE

[838] Fix | Delete

meta_key = '{$blogPrefix}capabilities'

[839] Fix | Delete

AND meta_value LIKE %s

[840] Fix | Delete

AND NOT $usermeta.user_id IN(SELECT user_id FROM {$secrets})

[841] Fix | Delete

SQL;

[842] Fix | Delete

$conditions = array();

[843] Fix | Delete

$operator = 'AND';

[844] Fix | Delete

if ($gracePeriod !== null) {

[845] Fix | Delete

if ($gracePeriod) {

[846] Fix | Delete

$conditions[] = "$timeClause > $now";

[847] Fix | Delete

}

[848] Fix | Delete

else {

[849] Fix | Delete

$conditions[] = "$timeClause <= $now";

[850] Fix | Delete

$operator = 'OR';

[851] Fix | Delete

}

[852] Fix | Delete

}

[853] Fix | Delete

if ($admin) {

[854] Fix | Delete

$conditions[] = $allowedClause . ' = ' . ($gracePeriod ? 1 : 0);

[855] Fix | Delete

}

[856] Fix | Delete

if (!empty($conditions))

[857] Fix | Delete

$query .= ' AND (' . implode(" $operator ", $conditions). ')';

[858] Fix | Delete

if ($page !== null && $perPage !== null) {

[859] Fix | Delete

$offset = (int) (($page - 1) * $perPage);

[860] Fix | Delete

$limit = (int) ($perPage + 1);

[861] Fix | Delete

if ($offset >= 0 && $perPage > 0)

[862] Fix | Delete

$query .= " LIMIT $offset, $limit";

[863] Fix | Delete

}

[864] Fix | Delete

$serializedRoleKey = serialize($roleKey);

[865] Fix | Delete

$roleMatch = '%' . (method_exists($wpdb, 'esc_like') ? $wpdb->esc_like($serializedRoleKey) : addcslashes($serializedRoleKey, '_%\\')). '%';

[866] Fix | Delete

$parameters[] = $roleMatch;

[867] Fix | Delete

return $wpdb->prepare(

[868] Fix | Delete

$query.';',

[869] Fix | Delete

$parameters

[870] Fix | Delete

);

[871] Fix | Delete

}

[872] Fix | Delete

[873] Fix | Delete

public function get_inactive_2fa_users($roleKey, $gracePeriod = null, $page = null, $perPage = null, &$lastPage = null) {

[874] Fix | Delete

global $wpdb;

[875] Fix | Delete

if (is_multisite() && $roleKey === 'super-admin') {

[876] Fix | Delete

$superAdmins = $this->get_inactive_2fa_super_admins($gracePeriod);

[877] Fix | Delete

if ($page !== null && $perPage !== null) {

[878] Fix | Delete

$start = ($page - 1) * $perPage;

[879] Fix | Delete

$end = $start + $perPage;

[880] Fix | Delete

$lastPage = $end >= count($superAdmins);

[881] Fix | Delete

$superAdmins = array_slice($superAdmins, $start, $perPage);

[882] Fix | Delete

}

[883] Fix | Delete

return $superAdmins;

[884] Fix | Delete

}

[885] Fix | Delete

else {

[886] Fix | Delete

$query = $this->generate_inactive_2fa_user_query($roleKey, $gracePeriod, $page, $perPage);

[887] Fix | Delete

$results = $wpdb->get_results($query);

[888] Fix | Delete

if (count($results) > $perPage) {

[889] Fix | Delete

$lastPage = false;

[890] Fix | Delete

array_pop($results);

[891] Fix | Delete

}

[892] Fix | Delete

else {

[893] Fix | Delete

$lastPage = true;

[894] Fix | Delete

}

[895] Fix | Delete

return $results;

[896] Fix | Delete

}

[897] Fix | Delete

}

[898] Fix | Delete

[899] Fix | Delete

private function get_verification_token_transient_key($hash) {

[900] Fix | Delete

return self::VERIFICATION_TOKEN_TRANSIENT_PREFIX . $hash;

[901] Fix | Delete

}

[902] Fix | Delete

[903] Fix | Delete

private function load_verification_token($hash) {

[904] Fix | Delete

$key = $this->get_verification_token_transient_key($hash);

[905] Fix | Delete

$userId = get_transient($key);

[906] Fix | Delete

if ($userId === false)

[907] Fix | Delete

return null;

[908] Fix | Delete

return intval($userId);

[909] Fix | Delete

}

[910] Fix | Delete

[911] Fix | Delete

private function load_verification_tokens($user) {

[912] Fix | Delete

$storedHashes = get_user_meta($user->ID, self::META_KEY_VERIFICATION_TOKENS, true);

[913] Fix | Delete

$validHashes = array();

[914] Fix | Delete

if (is_array($storedHashes)) {

[915] Fix | Delete

foreach ($storedHashes as $hash) {

[916] Fix | Delete

$userId = $this->load_verification_token($hash);

[917] Fix | Delete

if ($userId === $user->ID)

[918] Fix | Delete

$validHashes[] = $hash;

[919] Fix | Delete

}

[920] Fix | Delete

}

[921] Fix | Delete

return $validHashes;

[922] Fix | Delete

}

[923] Fix | Delete

[924] Fix | Delete

private function hash_verification_token($token) {

[925] Fix | Delete

return wp_hash($token);

[926] Fix | Delete

}

[927] Fix | Delete

[928] Fix | Delete

public function generate_verification_token($user) {

[929] Fix | Delete

$token = Model_Crypto::random_bytes(self::VERIFICATION_TOKEN_BYTES);

[930] Fix | Delete

$hash = $this->hash_verification_token($token);

[931] Fix | Delete

$tokens = $this->load_verification_tokens($user);

[932] Fix | Delete

array_unshift($tokens, $hash);

[933] Fix | Delete

while (count($tokens) > self::VERIFICATION_TOKEN_LIMIT) {

[934] Fix | Delete

$excessHash = array_pop($tokens);

[935] Fix | Delete

delete_transient($this->get_verification_token_transient_key($excessHash));

[936] Fix | Delete

}

[937] Fix | Delete

$key = $this->get_verification_token_transient_key($hash);

[938] Fix | Delete

set_transient($key, $user->ID, WORDFENCE_LS_EMAIL_VALIDITY_DURATION_MINUTES * 60);

[939] Fix | Delete

update_user_meta($user->ID, self::META_KEY_VERIFICATION_TOKENS, $tokens);

[940] Fix | Delete

return base64_encode($token);

[941] Fix | Delete

}

[942] Fix | Delete

[943] Fix | Delete

public function validate_verification_token($token, $user = null) {

[944] Fix | Delete

$hash = $this->hash_verification_token(base64_decode($token));

[945] Fix | Delete

$userId = $this->load_verification_token($hash);

[946] Fix | Delete

return $userId !== null && ($user === null || $userId === $user->ID);

[947] Fix | Delete

}

[948] Fix | Delete

[949] Fix | Delete

/**

[950] Fix | Delete

* Returns the key used to store a captcha score transient.

[951] Fix | Delete

*

[952] Fix | Delete

* @param string $hash

[953] Fix | Delete

* @return string

[954] Fix | Delete

*/

[955] Fix | Delete

private function get_captcha_score_transient_key($hash) {

[956] Fix | Delete

return self::CAPTCHA_SCORE_TRANSIENT_PREFIX . $hash;

[957] Fix | Delete

}

[958] Fix | Delete

[959] Fix | Delete

/**

[960] Fix | Delete

* Attempts to look up a stored captcha score for the given hash and user. If found, returns the score. If not,

[961] Fix | Delete

* returns null.

[962] Fix | Delete

*

[963] Fix | Delete

* @param string $hash

[964] Fix | Delete

* @param \WP_User $user

[965] Fix | Delete

* @return float|false

[966] Fix | Delete

*/

[967] Fix | Delete

private function load_captcha_score($hash, $user) {

[968] Fix | Delete

$key = $this->get_captcha_score_transient_key($hash);

[969] Fix | Delete

$data = get_transient($key);

[970] Fix | Delete

if ($data === false) {

[971] Fix | Delete

return false;

[972] Fix | Delete

}

[973] Fix | Delete

[974] Fix | Delete

if (!$user->exists() || $data['user'] !== $user->ID) {

[975] Fix | Delete

return false;

[976] Fix | Delete

}

[977] Fix | Delete

[978] Fix | Delete

return floatval($data['score']);

[979] Fix | Delete

}

[980] Fix | Delete

[981] Fix | Delete

/**

[982] Fix | Delete

* Deletes the stored captcha score if present for the given hash.

[983] Fix | Delete

*

[984] Fix | Delete

* @param string $hash

[985] Fix | Delete

*/

[986] Fix | Delete

private function clear_captcha_score($token, $user) {

[987] Fix | Delete

$hash = $this->hash_captcha_token($token);

[988] Fix | Delete

$key = $this->get_captcha_score_transient_key($hash);

[989] Fix | Delete

delete_transient($key);

[990] Fix | Delete

[991] Fix | Delete

$storedHashes = get_user_meta($user->ID, self::META_KEY_CAPTCHA_SCORES, true);

[992] Fix | Delete

$validHashes = array();

[993] Fix | Delete

if (is_array($storedHashes)) {

[994] Fix | Delete

foreach ($storedHashes as $hash) {

[995] Fix | Delete

$storedScore = $this->load_captcha_score($hash, $user);

[996] Fix | Delete

if ($storedScore !== false) {

[997] Fix | Delete

$validHashes[] = $hash;

[998] Fix | Delete

}

[999] Fix | Delete