diff --git a/includes/admin/class-secure.php b/includes/admin/class-secure.php
index d042a7e2..1062d20f 100644
--- a/includes/admin/class-secure.php
+++ b/includes/admin/class-secure.php
@@ -44,6 +44,7 @@ if ( ! class_exists( 'um\admin\Secure' ) ) {
add_action( 'admin_init', array( $this, 'admin_init' ) );
add_filter( 'um_settings_structure', array( $this, 'add_settings' ) );
add_filter( 'manage_users_custom_column', array( $this, 'add_restore_account' ), 9999, 3 );
+ add_filter( 'pre_get_users', array( $this, 'filter_users_by_date_registered' ) );
add_action( 'um_settings_before_save', array( $this, 'check_secure_changes' ) );
add_action( 'um_settings_save', array( $this, 'on_settings_save' ) );
@@ -64,6 +65,40 @@ if ( ! class_exists( 'um\admin\Secure' ) ) {
wp_enqueue_script( 'um_admin_secure' );
}
+ /**
+ * Filter users by Register Date
+ *
+ * @since 2.6.8
+ * @param object $query WP query `pre_get_users`
+ */
+ public function filter_users_by_date_registered( $query ) {
+ global $pagenow;
+ if ( is_admin() && 'users.php' === $pagenow ) {
+ // phpcs:disable WordPress.Security.NonceVerification
+ $date_from = isset( $_GET['um_secure_date_from'] ) ? $_GET['um_secure_date_from'] : null;
+ $date_to = isset( $_GET['um_secure_date_to'] ) ? $_GET['um_secure_date_to'] : null;
+ // phpcs:enable WordPress.Security.NonceVerification
+ if ( ! $date_to ) {
+ $query->set(
+ 'date_query',
+ array(
+ 'after' => human_time_diff( $date_from, strtotime( current_time( 'mysql' ) ) ) . ' ago',
+ )
+ );
+ } elseif ( $date_from && $date_to ) {
+ $query->set(
+ 'date_query',
+ array(
+ 'after' => human_time_diff( $date_from, strtotime( current_time( 'mysql' ) ) ) . ' ago',
+ 'before' => human_time_diff( $date_to, strtotime( current_time( 'mysql' ) ) ) . ' ago',
+ )
+ );
+ }
+ }
+
+ return $query;
+ }
+
/**
* Handle secure actions.
*
diff --git a/includes/ajax/class-secure.php b/includes/ajax/class-secure.php
index 9aa7bbec..8a884f22 100644
--- a/includes/ajax/class-secure.php
+++ b/includes/ajax/class-secure.php
@@ -181,18 +181,18 @@ class Secure {
$suspicious_accounts_count = $suspicious_accounts->get_total();
$susp_accounts = $suspicious_accounts->get_results();
+ $arr_dates_registered = array();
+ $arr_suspected_accounts = array();
/**
* Disable and Kickout Suspicious accounts.
*/
if ( $suspicious_accounts_count > 0 ) {
- $arr_dates_registered = array();
- $arr_suspected_accounts = array();
if ( ! empty( $susp_accounts ) ) {
foreach ( $susp_accounts as $user ) {
$arr_suspected_accounts[] = $user->ID;
- $arr_dates_registered[] = strtotime( $user->user_registered );
+ $arr_dates_registered[] = $user->user_registered;
if ( $user->__get( 'um_user_blocked' ) ) {
continue;
@@ -206,15 +206,21 @@ class Secure {
}
}
- $oldest_date = min( $arr_dates_registered );
- $newest_date = max( $arr_dates_registered );
+ $arr_dates_in_timestamp = array_map( 'strtotime', $arr_dates_registered );
+
+ $oldest_date = min( $arr_dates_in_timestamp );
+ $newest_date = max( $arr_dates_in_timestamp );
+
+ $content .= gmdate( 'F d, Y', $newest_date );
$might_affected_users = new WP_User_Query(
array(
'number' => -1,
- 'relation' => 'AND',
+ 'exclude' => $arr_suspected_accounts,
'date_query' => array(
- 'after' => human_time_diff( $oldest_date, strtotime( current_time( 'mysql' ) ) ) . ' ago',
+ 'after' => gmdate( 'F d, Y', $oldest_date ),
+ 'before' => gmdate( 'F d, Y', $newest_date ),
+ 'inclusive' => true,
),
)
);
@@ -233,7 +239,6 @@ class Secure {
if ( ! is_array( $issue_counts ) || ! $issue_counts ) {
$issue_counts = array(
- 'good' => 0,
'recommended' => 0,
'critical' => 0,
);
@@ -253,15 +258,14 @@ class Secure {
$content .= $br . __( 'We\'ve temporarily disabled the suspcious account(s) for you to take actions.', 'ultimate-member' );
if ( $might_affected_users->get_total() > 0 ) {
- $od = gmdate( 'F m, Y', $oldest_date );
- $nd = gmdate( 'F m, Y', $newest_date );
+ $od = gmdate( 'F d, Y h:iA', $oldest_date );
+ $nd = gmdate( 'F d, Y h:iA', $newest_date );
if ( $od !== $nd ) {
$date_registered = $od . ' to ' . $nd;
} else {
$date_registered = $od;
}
$content .= $br . $br . __( 'Also, We\'ve found ', 'ultimate-member' ) . '' . /* translators: %s suspcious account */ sprintf( _n( '%s account', '%s accounts', $might_affected_users->get_total(), 'ultimate-member' ), $might_affected_users->get_total() ) . ' ' . sprintf( _n( 'created on %s when the suspicious account was created.', 'created on %s when the suspicious accounts were created.', $suspicious_accounts_count, 'ultimate-member' ), $date_registered );
-
}
} else {
$content .= $br . 'Suspcious Accounts
';
@@ -277,12 +281,22 @@ class Secure {
$content .= $br . $br;
$suspicious_accounts_url = admin_url( 'users.php?um_status=inactive' );
+ if ( $might_affected_users->get_total() > 0 ) {
+ $od = gmdate( 'F d, Y', $oldest_date );
+ $nd = gmdate( 'F d, Y', $newest_date );
+ if ( $od !== $nd ) {
+ $suspicious_accounts_url = admin_url( 'users.php?um_secure_date_from=' . $oldest_date . '&um_secure_date_to=' . $newest_date );
+ } else {
+ $suspicious_accounts_url = admin_url( 'users.php?um_secure_date_from=' . $oldest_date );
+ }
+ }
+
$content .= '2. Review all suspicious accounts and delete them completely. Click here to review accounts.';
$content .= $br . $br;
$nonce = wp_create_nonce( 'um-secure-expire-session-nonce' );
$destroy_all_sessions_url = admin_url( '?um_secure_expire_all_sessions=1&_wpnonce=' . esc_attr( $nonce ) . '&except_me=1' );
- $content .= '3. If accounts are suspicious to you, please destroy all user sessions to logout active users on your site. Click here to Destroy Sessions now';
+ $content .= '4. If accounts are suspicious to you, please destroy all user sessions to logout active users on your site. Click here to Destroy Sessions now';
$content .= $br . $br;
$content .= '4. Run a complete scan on your site using third-party Security plugins such as WPScan/Jetpack Protect or WordFence Security.';