array( 'title' => __('Dashboard', 'all-in-one-wp-security-and-firewall'), 'render_callback' => array($this, 'render_dashboard'), ), 'locked-ip' => array( 'title' => __('Locked IP addresses', 'all-in-one-wp-security-and-firewall'), 'render_callback' => array($this, 'render_locked_ip'), ), 'permanent-block' => array( 'title' => __('Permanent block list', 'all-in-one-wp-security-and-firewall'), 'render_callback' => array($this, 'render_permanent_block'), ), 'audit-logs' => array( 'title' => __('Audit logs', 'all-in-one-wp-security-and-firewall'), 'render_callback' => array($this, 'render_audit_logs'), ), 'debug-logs' => array( 'title' => __('Debugging', 'all-in-one-wp-security-and-firewall'), 'render_callback' => array($this, 'render_debug_logs'), ), 'premium-upgrade' => array( 'title' => __('Premium upgrade', 'all-in-one-wp-security-and-firewall'), 'render_callback' => array($this, 'render_premium_upgrade_tab'), 'display_condition_callback' => function() { return !AIOWPSecurity_Utility_Permissions::is_premium_installed(); } ), ); $this->menu_tabs = array_filter($menu_tabs, array($this, 'should_display_tab')); } /** * Renders the submenu's dashboard tab * * @return Void */ protected function render_dashboard() { /** * Load WordPress dashboard API */ require_once(ABSPATH . 'wp-admin/includes/dashboard.php'); $this->wp_dashboard_setup(); wp_enqueue_script('dashboard'); if (wp_is_mobile()) wp_enqueue_script('jquery-touch-punch'); ?>

wp_dashboard(); ?>

include_template('wp-admin/dashboard/locked-ip.php', false, array('locked_ip_list' => $locked_ip_list, 'page' => $page, 'tab' => $tab)); } /** * Renders the submenu's permanent block tab * * @return Void */ protected function render_permanent_block() { global $aio_wp_security; include_once 'wp-security-list-permanent-blocked-ip.php'; // For rendering the AIOWPSecurity_List_Table $blocked_ip_list = new AIOWPSecurity_List_Blocked_IP(); // For rendering the AIOWPSecurity_List_Table $tab = isset($_REQUEST["tab"]) ? sanitize_text_field(wp_unslash($_REQUEST["tab"])) : ''; // phpcs:ignore WordPress.Security.NonceVerification.Recommended -- PCP warning. No nonce for tab. $page = isset($_REQUEST['page']) ? sanitize_text_field(wp_unslash($_REQUEST['page'])) : ''; // phpcs:ignore WordPress.Security.NonceVerification.Recommended -- PCP warning. No nonce for page. $aio_wp_security->include_template('wp-admin/dashboard/permanent-block.php', false, array('blocked_ip_list' => $blocked_ip_list, 'page' => $page, 'tab' => $tab)); } /** * Renders the submenu's audit logs tab * * @return void */ protected function render_audit_logs() { global $aio_wp_security; // Needed for rendering the audit log table include_once 'wp-security-list-audit.php'; $data = array(); // phpcs:disable WordPress.Security.NonceVerification.Recommended -- PCP warning. Processing form data without nonce verification. No nonce. if (isset($_GET['event-filter'])) $data['event-filter'] = sanitize_text_field(wp_unslash($_GET['event-filter'])); // Failed logins and logins only to show as audit log $audit_log_list = new AIOWPSecurity_List_Audit_Log($data); $tab = isset($_REQUEST["tab"]) ? sanitize_text_field(wp_unslash($_REQUEST["tab"])) : ''; $page = isset($_REQUEST['page']) ? sanitize_text_field(wp_unslash($_REQUEST['page'])) : ''; // phpcs:enable WordPress.Security.NonceVerification.Recommended -- PCP warning. Processing form data without nonce verification. No nonce. $aio_wp_security->include_template('wp-admin/dashboard/audit-logs.php', false, array('audit_log_list' => $audit_log_list, 'page' => $page, 'tab' => $tab)); } /** * Renders the submenu's debug logs tab * * @return void */ protected function render_debug_logs() { // Needed for rendering the debug log table include_once 'wp-security-list-debug.php'; $debug_log_list = new AIOWPSecurity_List_Debug_Log(); global $aio_wp_security; $aio_wp_security->include_template('wp-admin/dashboard/debug-logs.php', false, array('debug_log_list' => $debug_log_list)); } /** * Renders the submenu's premium-upgrade tab body. * * @return Void */ protected function render_premium_upgrade_tab() { global $aio_wp_security; $enqueue_version = (defined('WP_DEBUG') && WP_DEBUG) ? AIO_WP_SECURITY_VERSION.'.'.time() : AIO_WP_SECURITY_VERSION; wp_enqueue_style('aiowpsec-admin-premium-upgrade-css', AIO_WP_SECURITY_URL.'/css/wp-security-premium-upgrade.css', array(), $enqueue_version); echo '

'; $aio_wp_security->include_template('wp-admin/dashboard/may-also-like.php'); echo '

'; } /** * Function to customize the layout of the WordPress dashboard. * Organizes meta-boxes into different containers based on screen columns. */ private function wp_dashboard() { $screen = get_current_screen(); $columns = absint($screen->get_columns()); $columns_css = ''; if ($columns) { $columns_css = " columns-$columns"; } ?>

id, 'normal', ''); ?>

id, 'side', ''); ?>

id, 'column3', ''); ?>

id, 'column4', ''); ?>

configs->get_value('aiowps_enable_brute_force_attack_prevention') || '1' == $aio_wp_security->configs->get_value('aiowps_enable_rename_login_page') ) { wp_add_dashboard_widget('brute_force', __('Brute force prevention login page', 'all-in-one-wp-security-and-firewall'), array($this, 'widget_brute_force')); } wp_add_dashboard_widget('logged_in_users', __('Logged in users', 'all-in-one-wp-security-and-firewall'), array($this, 'widget_logged_in_users')); wp_add_dashboard_widget('locked_ip_addresses', __('Locked IP addresses', 'all-in-one-wp-security-and-firewall'), array($this, 'widget_locked_ip_addresses')); do_action('aiowps_dashboard_setup'); $dashboard_widgets = apply_filters('aiowps_dashboard_widgets', array()); foreach ($dashboard_widgets as $widget_id) { $name = empty($wp_registered_widgets[$widget_id]['all_link']) ? $wp_registered_widgets[$widget_id]['name'] : $wp_registered_widgets[$widget_id]['name'] . " " . __('View all', 'all-in-one-wp-security-and-firewall') . ''; wp_add_dashboard_widget($widget_id, $name, $wp_registered_widgets[$widget_id]['callback'], $wp_registered_widget_controls[$widget_id]['callback']); } } public function widget_security_strength_meter() { global $aiowps_feature_mgr; $total_site_security_points = $aiowps_feature_mgr->get_total_site_points(); $total_security_points_achievable = $aiowps_feature_mgr->get_total_achievable_points(); ?>

' . esc_html($total_site_security_points) . ''; ?>

' . esc_html($total_security_points_achievable) . '
'; echo esc_html__('Current Score of Your Site:', 'all-in-one-wp-security-and-firewall') . ' ' . '' . esc_html($total_site_security_points) . ''; ?>

feature_items; $pt_src_chart_data = ""; $pt_src_chart_data .= "['Feature Name', 'Points'],"; foreach ($feature_items as $item) { if ($item->is_active()) { $pt_src_chart_data .= "['" . esc_html($item->feature_name) . "', " . esc_html($item->item_points) . "],"; } } ?>

Team UpdraftPlus

'; foreach ($critical_features as $key => $feature) { $feature_item = $aiowps_feature_mgr->get_feature_item_by_id($key); if (!$feature_item) continue; echo ''; echo '

'; echo '

' . esc_html($feature['name']) . '

'; echo '

'; if ($feature_item->is_active()) { echo '

'; } else { echo '

'; } echo '

'; echo '

'; echo ''; } echo ""; } /** * This outputs the latest logins dashboard widget * * @return void */ public function widget_last_5_logins() { global $wpdb; $audit_log_table = AIOWPSEC_TBL_AUDIT_LOG; $where_sql = (is_super_admin()) ? '' : ' and site_id = '.get_current_blog_id().' '; $last_days = 7; $days_before_time = strtotime('-'.$last_days.' days', time()); // phpcs:ignore WordPress.DB.DirectDatabaseQuery -- PCP warning. Direct query necessary. $login_data_lastx_days = $wpdb->get_results( // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared -- pcp Warning. Ignore. $wpdb->prepare("SELECT id,created FROM $audit_log_table WHERE event_type = %s $where_sql and created > %s", 'successful_login', $days_before_time), ARRAY_A ); // Get the last x days records if (!empty($login_data_lastx_days)) { $chart_data = array(); $chart_data['columns'] = array(__('Date', 'all-in-one-wp-security-and-firewall'), __('Logins', 'all-in-one-wp-security-and-firewall')); $chart_data['data'] = $login_data_lastx_days; $chart_data['last_days'] = $last_days; $chart_data['id'] = 'logins_last_'.$last_days.'days'; $this->dashboard_widget_chart($chart_data, 'bar'); } // phpcs:ignore WordPress.DB.DirectDatabaseQuery -- PCP Error. Ignore. $data = $wpdb->get_results( // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared -- PCP error. Ignore. $wpdb->prepare("SELECT * FROM $audit_log_table WHERE event_type = %s ORDER BY created DESC LIMIT %d", 'successful_login', 5), ARRAY_A ); //Get the last 5 records if (null == $data) { echo '

' . esc_html__('No data found.', 'all-in-one-wp-security-and-firewall') . '

'; } else { $login_summary_table_data = array(); //$login_summary_table_data['title'] = __('Last 5 login summary:', 'all-in-one-wp-security-and-firewall'); $login_summary_table_data['columns'] = array(__('User', 'all-in-one-wp-security-and-firewall'), __('Date', 'all-in-one-wp-security-and-firewall'), 'IP'); foreach ($data as $entry) { $login_summary_table_data['data'][] = array($entry['username'], gmdate('Y-m-d H:i:s', $entry['created']), $entry['ip']); } $login_summary_table_data = apply_filters('aios_last5_logins_summary', $login_summary_table_data, $data); $this->dashboard_widget($login_summary_table_data); // View all login logs echo '

' . esc_html__('View all', 'all-in-one-wp-security-and-firewall') . '

'; } echo '

'; } public function widget_maintenance_mode_status() { global $aio_wp_security; ?>

configs->get_value('aiowps_site_lockout')) { echo esc_html__('Maintenance mode is currently enabled.', 'all-in-one-wp-security-and-firewall') . ' ' . esc_html__('Remember to disable it when you are done.', 'all-in-one-wp-security-and-firewall'); } else { echo esc_html__('Maintenance mode is currently disabled.', 'all-in-one-wp-security-and-firewall'); } ?>

:	configs->get_value('aiowps_site_lockout')); ?>

' . esc_html__('Configure', 'all-in-one-wp-security-and-firewall') . ''; } public function widget_brute_force() { global $aio_wp_security; if ($aio_wp_security->configs->get_value('aiowps_enable_brute_force_attack_prevention') == '1') { $brute_force_login_feature_link = '' . __('Cookie-based brute force', 'all-in-one-wp-security-and-firewall') . ''; $brute_force_feature_secret_word = $aio_wp_security->configs->get_value('aiowps_brute_force_secret_word'); echo '

'; /* translators: %s: Brute Force Login URL */ echo '

' . sprintf(esc_html__('The %s feature is currently active.', 'all-in-one-wp-security-and-firewall'), $brute_force_login_feature_link) . '

'; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Output escaped above. echo '

' . esc_html__('Your new WordPress login URL is now:', 'all-in-one-wp-security-and-firewall') . '

'; echo '

' . esc_url(AIOWPSEC_WP_URL) . '/?' . esc_html($brute_force_feature_secret_word) . '=1

'; echo '

'; //yellow box div echo '

'; }// End if statement for Cookie Based Brute Prevention box // Insert Rename Login Page feature box if this feature is active if ($aio_wp_security->configs->get_value('aiowps_enable_rename_login_page') == '1') { if (get_option('permalink_structure')) { $home_url = trailingslashit(home_url()); } else { $home_url = trailingslashit(home_url()) . '?'; } $rename_login_feature_link = '' . esc_html__('Rename login page', 'all-in-one-wp-security-and-firewall') . ''; echo '

'; /* translators: %s: Rename Login URL */ echo '

' . sprintf(esc_html__('The %s feature is currently active.', 'all-in-one-wp-security-and-firewall'), $rename_login_feature_link) . '

'; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Output escaped above. echo '

' . esc_html__('Your new WordPress login URL is now:', 'all-in-one-wp-security-and-firewall') . '

'; echo '

' . esc_url($home_url) . esc_html($aio_wp_security->configs->get_value('aiowps_login_page_slug')) . '

'; echo '

'; //yellow box div echo '

'; } // End if statement for Rename Login box } /** * This outputs the logged in users dashboard widget * * @return void */ public function widget_logged_in_users() { $users_online_link = ''.esc_html__('Logged in users', 'all-in-one-wp-security-and-firewall').''; // default display messages $multiple_users_info_msg = esc_html__('Number of users currently logged into your site (including you) is:', 'all-in-one-wp-security-and-firewall'); $single_user_info_msg = esc_html__('There are no other users currently logged in.', 'all-in-one-wp-security-and-firewall'); if (is_multisite()) { $current_blog_id = get_current_blog_id(); $is_main = is_main_site($current_blog_id); if (empty($is_main)) { // Subsite - only get logged in users for this blog_id $logged_in_users = AIOWPSecurity_User_Login::get_logged_in_users(false); } else { // Main site - get sitewide users $logged_in_users = AIOWPSecurity_User_Login::get_logged_in_users(); // If viewing AIOS from multisite main network dashboard, then display a different message $multiple_users_info_msg = __('Number of users currently logged in site-wide (including you) is:', 'all-in-one-wp-security-and-firewall'); $single_user_info_msg = __('There are no other site-wide users currently logged in.', 'all-in-one-wp-security-and-firewall'); } } else { $logged_in_users = AIOWPSecurity_User_Login::get_logged_in_users(); } if (empty($logged_in_users)) { $num_users = 0; } else { $num_users = count($logged_in_users); } if ($num_users > 1) { echo '

' . esc_html($multiple_users_info_msg) . ' ' . esc_html($num_users) . '

'; /* translators: %s: Users Online URL */ $info_msg = '

' . sprintf(esc_html__('Go to the %s menu to see more details', 'all-in-one-wp-security-and-firewall'), $users_online_link) . '

'; echo $info_msg . '

'; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Output escaped above. } else { echo '

' . esc_html($single_user_info_msg) . '

'; } } public function widget_locked_ip_addresses() { $locked_ips_link = ''. esc_html__('Locked IP addresses', 'all-in-one-wp-security-and-firewall').''; $locked_ips = AIOWPSecurity_Utility::get_locked_ips(); if (false === $locked_ips) { echo '

' . esc_html__('There are no IP addresses currently locked out.', 'all-in-one-wp-security-and-firewall') . '

'; } else { $num_ips = count($locked_ips); echo '

' . esc_html__('Number of temporarily locked out IP addresses:', 'all-in-one-wp-security-and-firewall') . ' ' . ' ' . esc_html($num_ips) . '

'; /* translators: %s: Number of locked out IPs */ $info_msg = '

' . sprintf(esc_html__('Go to the %s menu to see more details', 'all-in-one-wp-security-and-firewall'), $locked_ips_link) . '

'; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Output escaped above. echo $info_msg . '

'; } } /** * This function creates summary for dashboard widget in table format * * @param array $widget_data title, column names and row data * * @return void */ private function dashboard_widget($widget_data) { global $aio_wp_security; $aio_wp_security->include_template('wp-admin/dashboard/widget-summary.php', false, array('widget_data' => $widget_data)); } /** * This function creates chart for dashboard widget * * @param array $chart_data column names, chart data, last_days and id * @param string $type bar chart * * @return void */ private function dashboard_widget_chart($chart_data, $type = 'bar') { global $aio_wp_security; $aio_wp_security->include_template('wp-admin/dashboard/widget-'.$type.'-chart.php', false, array('chart_data' => $chart_data)); } }