debug_logger->log_debug("Nonce check failed for unlock.", 4);
die("Nonce check failed for unlock.");
}
//This catches the $_POST from the "Request Unlock" button on the main WP login page
$unlock_encoded_info = isset($_POST['aiowps-unlock-string-info']) ? sanitize_text_field(wp_unslash($_POST['aiowps-unlock-string-info'])) : '';
$unlock_secret_string = $aio_wp_security->configs->get_value('aiowps_unlock_request_secret_key');
$unlock_temp_string = isset($_POST['aiowps-unlock-temp-string']) ? sanitize_text_field(wp_unslash($_POST['aiowps-unlock-temp-string'])) : '';
$submitted_encoded_string = base64_encode($unlock_temp_string.$unlock_secret_string);
if ($submitted_encoded_string !== $unlock_encoded_info) {
//Someone somehow landed on this page directly without clicking the unlock button on login form
echo '
'.esc_html__('ERROR: Unable to process your request!', 'all-in-one-wp-security-and-firewall').'
';
die();
} elseif ($display_form) {
echo display_unlock_form(); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- pcp check ingore this
}
} //End if block
if (isset($_POST['aiowps_wp_submit_unlock_request'])) {
if (!(isset($_POST['_wpnonce']) && wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['_wpnonce'])), 'aios-unlock-request-nonce'))) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed for unlock request.", 4);
die("Nonce check failed for unlock request.");
}
//This catches the $_POST when someone submits the form from our special unlock request page where visitor enters email address
$errors = '';
$email = isset($_POST['aiowps_unlock_request_email']) ? sanitize_email(wp_unslash($_POST['aiowps_unlock_request_email'])) : '';
if (empty($email) || !is_email($email)) {
$errors .= __('Please enter a valid email address', 'all-in-one-wp-security-and-firewall');
}
if ($errors) {
$display_form = true;
echo '
';
$sanitized_email = sanitize_email($email);
echo display_unlock_form($sanitized_email); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- pcp check ingore this
} else {
$locked_user = get_user_by('email', $email);
if (!$locked_user) {
//user with this email does not exist in the system
$errors = __('User account not found.', 'all-in-one-wp-security-and-firewall');
echo '
';
} else {
//Process unlock request
//Generate a special code and unlock url
$ip = AIOWPSecurity_Utility_IP::get_user_ip_address(); //Get the IP address of user
if (empty($ip)) {
$unlock_url = false;
} else {
$unlock_url = AIOWPSecurity_User_Login::generate_unlock_request_link($ip);
}
if (!$unlock_url) {
//No entry found in lockout table with this IP range
$error_msg = __('Error: No locked entry was found in the database with your IP address range.', 'all-in-one-wp-security-and-firewall');
echo '
';
} else {
//Send an email to the user
AIOWPSecurity_User_Login::send_unlock_request_email($email, $unlock_url);
echo '
' . esc_html__('An email has been sent to you with the unlock instructions.', 'all-in-one-wp-security-and-firewall') . '
';
}
}
$display_form = false;
}
}
?>