'item', //singular name of the listed records 'plural' => 'items', //plural name of the listed records 'ajax' => false //does this table support ajax? )); } public function column_default($item, $column_name) { return $item[$column_name]; } /** * Returns user id column html to be rendered. * * @param array $item - data for the columns on the current row * * @return string - the html to be rendered */ public function column_user_id($item) { //Build row actions $actions = array( 'logout' => ''.__('Force logout', 'all-in-one-wp-security-and-firewall').'', ); //Return the user_login contents return sprintf('%1$s %2$s', /*$1%s*/ $item['user_id'], /*$2%s*/ $this->row_actions($actions) ); } /** * Sets the columns for the table * * @return array */ public function get_columns() { $columns = array( 'cb' => '', 'user_id' => __('User ID', 'all-in-one-wp-security-and-firewall'), 'username' => __('Login name', 'all-in-one-wp-security-and-firewall'), 'ip_address' => __('IP address', 'all-in-one-wp-security-and-firewall'), 'site_id' => __('Site ID', 'all-in-one-wp-security-and-firewall'), ); return $columns; } /** * Returns cb column html to be rendered. * * @param array $item - data for the columns on the current row * * @return string - the html to be rendered */ public function column_cb($item) { return sprintf( '', /* $1%s */ $this->_args['singular'], // Let's simply repurpose the table's singular label /* $2%s */ $item['user_id'] // The value of the checkbox should be the record's id and its ip address ); } /** * Sets which of the columns the table data can be sorted by * * @return array */ public function get_sortable_columns() { return array( 'user_id' => array('user_id',false), 'username' => array('username',false), 'ip_address' => array('ip_address',false), 'site_id' => array('site_id',false), ); } /** * Adds a bulk action user interface * * @return array */ public function get_bulk_actions() { return array( 'force_logout_all' => __('Logout all', 'all-in-one-wp-security-and-firewall'), 'force_logout_selected' => __('Logout selected', 'all-in-one-wp-security-and-firewall'), ); } /** * Process Bulk action from menu * * @return void */ private function process_bulk_action() { // phpcs:disable WordPress.Security.NonceVerification.Recommended, WordPress.Security.ValidatedSanitizedInput -- PCP warning. Nonce used. if (empty($_REQUEST['_wpnonce']) || !isset($_REQUEST['_wp_http_referer'])) return; $result = AIOWPSecurity_Utility_Permissions::check_nonce_and_user_cap($_REQUEST['_wpnonce'], 'bulk-items'); if (is_wp_error($result)) return; if ('force_logout_all' === $this->current_action()) { $this->force_user_logout(array(), true); } elseif ('force_logout_selected' === $this->current_action()) { if (isset($_REQUEST['item'])) { if (is_array($_REQUEST['item'])) $this->force_user_logout(wp_unslash($_REQUEST['item'])); } } // phpcs:enable WordPress.Security.NonceVerification.Recommended -- PCP warning. Nonce used. } /** * This function will force selected user(s) to be logged out. * * @param int|array $users - id of selected user or array of user ids to be logged out * @param bool $logout_all - Boolean to show if all users should be logged out * * @return void|string */ public function force_user_logout($users, $logout_all = false) { global $wpdb, $aio_wp_security; $logged_in_users_table = AIOWPSEC_TBL_LOGGED_IN_USERS; if ($logout_all) { // get all user_id(except for the admin) in the table and make it an array for users // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared, WordPress.DB.DirectDatabaseQuery -- PCP warning. Ignore. $users = $wpdb->get_col("SELECT user_id FROM $logged_in_users_table"); } if (is_array($users)) { if (empty($users)) { AIOWPSecurity_Admin_Menu::show_msg_record_not_deleted_st(); return; } $errors = 0; // Escape the user IDs for security $users = array_map('esc_sql', $users); foreach ($users as $user_id) { if (is_numeric($user_id) && !is_super_admin($user_id) && AIOWPSecurity_Utility::is_user_member_of_blog($user_id)) { if ($aio_wp_security->user_login_obj->delete_logged_in_user($user_id)) { $this->logout_user($user_id); continue; } } $errors++; } if ($errors > 0) { AIOWPSecurity_Admin_Menu::show_msg_error_st(__("Some users were not logged out due to the ID being invalid, or them being a super admin or a member of a different subsite on a multisite", 'all-in-one-wp-security-and-firewall')); return; } AIOWPSecurity_Admin_Menu::show_msg_record_deleted_st(); } } /** * This function handles logging out a user using user_id * * @param int $user_id - id of user being logged out * * @return void */ public function logout_user($user_id) { $user_id = absint($user_id); $manager = WP_Session_Tokens::get_instance($user_id); $manager->destroy_all(); } /** * Prepares the items for the logged in users table * * @param bool $ignore_pagination - this is to check if data should be paginated or not * * @return void */ public function prepare_items($ignore_pagination = false) { global $wpdb; //First, lets decide how many records per page to show $per_page = 100; $columns = $this->get_columns(); $hidden = array(); $sortable = $this->get_sortable_columns(); $logged_in_users_table = AIOWPSEC_TBL_LOGGED_IN_USERS; $current_page = $this->get_pagenum(); $offset = ($current_page - 1) * $per_page; // Parameters that are going to be used to order the result // phpcs:disable -- Rule won't be silenced any other way. No nonce. $orderby = isset($_GET["orderby"]) ? sanitize_text_field(wp_unslash($_GET["orderby"])) : ''; $order = isset($_GET["order"]) ? sanitize_text_field(wp_unslash($_GET["order"])) : ''; // phpcs:enable -- Rule won't be silenced any other way. No nonce. // By default show the most recent logged in user entries. $orderby = empty($orderby) ? 'created' : esc_sql($orderby); $order = empty($order) ? 'DESC' : esc_sql($order); $orderby = AIOWPSecurity_Utility::sanitize_value_by_array($orderby, $sortable); $order = AIOWPSecurity_Utility::sanitize_value_by_array($order, array('DESC' => '1', 'ASC' => '1')); $orderby = sanitize_sql_orderby($orderby); $order = sanitize_sql_orderby($order); $this->_column_headers = array($columns, $hidden, $sortable); $this->process_bulk_action(); // Process bulk actions $where_sql = $this->get_where_sql(); // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared, WordPress.DB.DirectDatabaseQuery -- PCP warning. Ignore. $total_items = $wpdb->get_var("SELECT COUNT(*) FROM `{$logged_in_users_table}` $where_sql"); if ($ignore_pagination) { // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared, WordPress.DB.DirectDatabaseQuery -- PCP warning. Ignore. $data = $wpdb->get_results("SELECT * FROM `{$logged_in_users_table}` $where_sql ORDER BY $orderby $order", 'ARRAY_A'); } else { // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared, WordPress.DB.DirectDatabaseQuery -- PCP warning. Ignore. $data = $wpdb->get_results("SELECT * FROM `{$logged_in_users_table}` $where_sql ORDER BY $orderby $order LIMIT $per_page OFFSET $offset", 'ARRAY_A'); } $this->items = $data; if ($ignore_pagination) return; $this->set_pagination_args(array( 'total_items' => $total_items, //WE have to calculate the total number of items 'per_page' => $per_page, //WE have to determine how many items to show on a page 'total_pages' => ceil($total_items/$per_page) //WE have to calculate the total number of pages )); } /** * This function will build and return the SQL WHERE statement * * @return string - the SQL WHERE statement */ private function get_where_sql() { if (is_main_site() && is_super_admin()) return ''; return is_multisite() ? sprintf("WHERE site_id = %d", get_current_blog_id()) : ''; } }