email-user-cleaner.php

<?php
/**
 * E-mail User Cleaner
 *
 * @package           Email_User_Cleaner
 * @author            Gioxx
 * @copyright         2024 Gioxx
 * @license           GPL-2.0-or-later
 *
 * @wordpress-plugin
 * Plugin Name:       E-mail User Cleaner
 * Plugin URI:        https://go.gioxx.org/emailusercleaner
 * Description:       Delete users corresponding to the specified email addresses, but also search for duplicate users.
 * Version:           1.7.2
 * Requires at least: 6.0
 * Requires PHP:      7.4
 * Author:            Gioxx
 * Author URI:        https://gioxx.org
 * Text Domain:       email-user-cleaner
 * License:           GPL v2 or later
 * License URI:       http://www.gnu.org/licenses/gpl-2.0.txt
 */

/**
 * Add the plugin to the WordPress admin menu.
 *
 * This function adds an item in the WordPress admin menu, which
 * will lead to the plugin's main page, containing navigation tabs.
 *
 * @since 1.5
 */
function euc_admin_menu(): void {
	add_menu_page(
		'E-mail User Cleaner',
		'E-mail User Cleaner',
		'manage_options',
		'email-user-cleaner',
		'euc_admin_page', // Show the main page with navigation tabs.
		'dashicons-superhero'
	);
}
add_action( 'admin_menu', 'euc_admin_menu' );

/**
 * Enqueue the plugin's CSS file.
 *
 * This function is triggered by the 'admin_enqueue_scripts' action hook.
 *
 * @since 1.5
 */
function euc_enqueue_styles(): void {
	wp_enqueue_style(
		'euc-styles',
		plugins_url( 'email-user-cleaner.css', __FILE__ ),
		array(),
		'1.7.2'
	);
}
add_action( 'admin_enqueue_scripts', 'euc_enqueue_styles' );

/**
 * Renders the footer section for the E-mail User Cleaner plugin admin page.
 *
 * This footer includes styled dashicons, the current year, and links to Gioxx.org
 * and the plugin's GitHub repository.
 */
function euc_render_footer(): void {
	?>
	<div class="footer" style="padding-top: 35px;">
		<hr>
		<span class="dashicons dashicons-hammer"></span> Gioxx, <?php echo esc_html( gmdate( 'Y' ) ); ?> &#x2022; 
		<span class="dashicons dashicons-admin-home"></span> 
		<a href="<?php echo esc_url( 'https://go.gioxx.org/emailusercleaner' ); ?>">Gioxx.org</a> &#x2022; 
		<span class="dashicons dashicons-media-code"></span> 
		<a href="<?php echo esc_url( 'https://github.com/gioxx/email-user-cleaner' ); ?>">GitHub</a>
	</div>
	<?php
}

/**
 * Verify current user's permissions.
 *
 * This function checks if the current user has the 'manage_options' capability.
 * If the user does not have this capability, the function terminates execution
 * and displays an error message, indicating insufficient permissions.
 *
 * @since 1.5
 */
function euc_verify_permissions(): void {
	if ( ! current_user_can( 'manage_options' ) ) {
		wp_die( esc_html__( 'You do not have sufficient permissions to access this page.', 'email-user-cleaner' ), 403 );
	}
}

/**
 * Shows the plugin page.
 *
 * This function renders the plugin's main page, including navigation tabs and
 * page content based on the active tab.
 *
 * @since 1.5
 */
function euc_admin_page(): void {
	euc_verify_permissions();

	// Determines which tab is active.
	// phpcs:ignore WordPress.Security.NonceVerification.Recommended -- Only reading 'tab' parameter for UI navigation, safe.
	$active_tab = isset( $_GET['tab'] ) ? sanitize_key( $_GET['tab'] ) : 'delete_users';

	?>
	<div class="wrap">
		<h2 class="nav-tab-wrapper">
			<!-- Tab for "Delete Users". -->
			<a href="?page=email-user-cleaner&tab=delete_users" class="nav-tab <?php echo 'delete_users' === $active_tab ? 'nav-tab-active' : ''; ?>">
				<?php esc_html_e( 'Delete Users', 'email-user-cleaner' ); ?>
			</a>
			
			<!-- Tab for "Find Duplicates". -->
			<a href="?page=email-user-cleaner&tab=find_duplicates" class="nav-tab <?php echo 'find_duplicates' === $active_tab ? 'nav-tab-active' : ''; ?>">
				<?php esc_html_e( 'Find Duplicated Users', 'email-user-cleaner' ); ?>
			</a>
		</h2>

		<?php
		// Page content based on the active tab.
		if ( 'delete_users' === $active_tab ) {
			euc_delete_users_page(); // Show user deletion page.
		} elseif ( 'find_duplicates' === $active_tab ) {
			euc_show_duplicates_page(); // Show page to find duplicate users.
		}

		euc_render_footer();

		?>
	</div>
	<?php
}

/**
 * Shows the page to delete users by specifying their email addresses.
 *
 * This page is accessible by the administrator only.
 *
 * @since 1.0
 */
function euc_delete_users_page(): void {
	euc_verify_permissions();

	$plugin_data    = get_plugin_data( __FILE__ );
	$plugin_name    = esc_html( $plugin_data['Name'] );
	$plugin_version = esc_html( $plugin_data['Version'] );

	?>
	<div class="wrap">
		<h2><span class="dashicons dashicons-email-alt"></span> <?php echo esc_html( $plugin_name ); ?></h2>

		<?php
			// Check plugin Import and export users and customers.
		if ( is_plugin_active( 'import-users-from-csv-with-meta/import-users-from-csv-with-meta.php' ) ) {
			?>
				<div class="euc_info-box">
					<div class="euc_info-icon">ℹ️</div>
					<div class="euc_info-message">
						<?php
						echo wp_kses(
							sprintf(
								// Translators: %1$s is the URL to the export page, %2$s is the URL to directly export users.
								__( 'Import and export users and customers detected: <a href="%1$s">Go to export page</a> or <strong>directly export all users from WordPress (in a CSV file) <a href="%2$s">from here</a></strong>.', 'email-user-cleaner' ),
								esc_url( admin_url( 'tools.php?page=acui&tab=export' ) ),
								esc_url( admin_url( 'admin.php?action=euc_export_users_csv' ) )
							),
							array(
								'a'      => array( 'href' => array() ),
								'strong' => array(),
							)
						);
						?>
						<div id="suggested_columns" style="padding-top: 7px;">
						<?php esc_html_e( 'Suggested columns to export:', 'email-user-cleaner' ); ?>
							<br><span style="padding-left: 5px;"><code>user_login,user_email,display_name,role,first_name,last_name</code></span>
						</div>
					</div>
				</div>
			<?php } else { ?>
				<div class="euc_info-box">
					<div class="euc_info-icon">ℹ️</div>
					<div class="euc_info-message">
						<?php
						echo wp_kses(
							sprintf(
								// Translators: %s is the URL to export users.
								__( 'If you want to export all users from WordPress (in a CSV file) <a href="%s">you can click here</a>.', 'email-user-cleaner' ),
								esc_url( admin_url( 'admin.php?action=euc_export_users_csv' ) )
							),
							array( 'a' => array( 'href' => array() ) )
						);
						?>
					</div>
				</div>
			<?php
			}
			?>

		<div class="euc_warning-box">
			<div class="euc_warning-icon">!</div>
			<div class="euc_warning-message">
				<?php esc_html_e( 'This operation cannot be undone.', 'email-user-cleaner' ); ?>
				<br /><strong><?php esc_html_e( 'Backup your database and proceed with caution', 'email-user-cleaner' ); ?></strong>.
			</div>
		</div>

		<form method="post" action="">
			<?php wp_nonce_field( 'euc_delete_users_nonce', '_wpnonce' ); ?>
			<p><?php esc_html_e( 'Specify email addresses (one per line), click the button to start the deletion:', 'email-user-cleaner' ); ?></p>
			<textarea name="emails" class="euc_textarea" rows="10"></textarea>
			<input type="submit" name="submit" value="<?php esc_attr_e( 'Delete Users', 'email-user-cleaner' ); ?>" class="button-primary takespace" />

			<p class="euc_results">
				<?php
					// Messages output.
					euc_delete_users();
				?>
			</p>
		</form>
	</div>

	<script type="text/javascript">
		document.addEventListener('DOMContentLoaded', function() {
			const deleteButton = document.querySelector('input[name="submit"]');
			if (deleteButton) {
				deleteButton.addEventListener('click', function(event) {
					if (!confirm('Are you sure you want to delete these users? This operation cannot be undone.')) {
						event.preventDefault();
					}
				});
			}
		});
	</script>

	<?php
}

/**
 * Export all WordPress users to a CSV file.
 *
 * This function verifies the current user's permissions and compiles
 * a list of all registered WordPress users with their details, including
 * user login, email, display name, role, first name, and last name. The
 * data is then formatted as a CSV file and sent to the browser for download.
 *
 * It sets the appropriate HTTP headers to prompt the browser to download
 * the generated CSV file. The CSV file includes a header row followed by
 * user data rows.
 *
 * @since 1.0
 */
function euc_export_users_csv(): void {
	euc_verify_permissions();

	// Sets the header of the CSV file.
	$csv_header = array(
		__( 'User Login', 'email-user-cleaner' ),
		__( 'Email', 'email-user-cleaner' ),
		__( 'Display Name', 'email-user-cleaner' ),
		__( 'Role', 'email-user-cleaner' ),
		__( 'First Name', 'email-user-cleaner' ),
		__( 'Last Name', 'email-user-cleaner' ),
	);

	// Get all WordPress users.
	$users = get_users();

	$csv_content  = '';
	$csv_content .= '"' . implode( '","', array_map( 'esc_html', $csv_header ) ) . '"' . "\n";

	// Cycle over all users and add their information to the contents of the CSV file.
	foreach ( $users as $user ) {
		$user_info    = array(
			sanitize_user( $user->user_login ), // user_login.
			sanitize_email( $user->user_email ), // user_email.
			sanitize_text_field( $user->display_name ), // display_name.
			sanitize_text_field( implode( ', ', $user->roles ) ), // roles.
			sanitize_text_field( get_user_meta( $user->ID, 'first_name', true ) ), // first_name.
			sanitize_text_field( get_user_meta( $user->ID, 'last_name', true ) ), // last_name.
		);
		$csv_content .= '"' . implode( '","', array_map( 'esc_html', $user_info ) ) . '"' . "\n";
	}

	// Send HTTP header to indicate that you are sending a CSV file.
	header( 'Content-Type: text/csv' );
	header( 'Content-Disposition: attachment; filename=wp_users_export.csv' );

	// Output the CSV content.
	echo wp_kses_post( $csv_content );
	exit;
}

/**
 * Deletes users by specifying their email addresses.
 *
 * This function verifies the current user's permissions, processes the specified
 * email addresses, and deletes the corresponding users. It also outputs success
 * and error messages based on the outcome of the deletion operation.
 *
 * @since 1.0
 */
function euc_delete_users(): void {
	if ( isset( $_POST['submit'] ) ) {
		// Verify nonce.
		if ( ! check_admin_referer( 'euc_delete_users_nonce' ) ) {
			wp_die( esc_html__( 'Security check failed. Please try again.', 'email-user-cleaner' ) );
		}

		// Verify that the user has the necessary permissions.
		euc_verify_permissions();

		// Get email addresses specified.
		$emails = isset( $_POST['emails'] ) ? sanitize_textarea_field( $_POST['emails'] ) : '';

		// Split email addresses into an array.
		$emails_array = array_map( 'trim', explode( "\n", $emails ) );
		$emails_array = array_filter(
			$emails_array,
			function ( $email ) {
				$sanitized_email = sanitize_email( $email );
				return is_email( $sanitized_email ) ? $sanitized_email : false;
			}
		);

		// Avoid duplicates.
		$emails_array = array_unique( $emails_array );

		// Get current user's email.
		$current_user       = wp_get_current_user();
		$current_user_email = $current_user->user_email;

		// Output messages.
		$success_messages = array();
		$error_messages   = array();

		// Cycles over email addresses and deletes matching users.
		foreach ( $emails_array as $email ) {
			// Skip if the email matches the current user's email.
			if ( $email === $current_user_email ) {
				// Translators: %s is the email address of the current user.
				$error_messages[] = sprintf( esc_html__( 'Skipped deleting your own account (%s) for safety.', 'email-user-cleaner' ), $email );
				continue;
			}

			// Checks that the email is valid and belongs to a user.
			$user = get_user_by( 'email', $email );
			if ( $user ) {
				$deleted = wp_delete_user( $user->ID );
				if ( $deleted ) {
					// Translators: %s is the email address of the user that was successfully deleted.
					$success_messages[] = sprintf( esc_html__( 'User with email %s successfully deleted!', 'email-user-cleaner' ), $email );
				} else {
					// Translators: %s is the email address of the user that could not be deleted.
					$error_messages[] = sprintf( esc_html__( 'Error while deleting user with email %s!', 'email-user-cleaner' ), $email );
				}
			} else {
				// Translators: %s is the email address that was not found.
				$error_messages[] = sprintf( esc_html__( 'There are no users with email %s!', 'email-user-cleaner' ), $email );
			}
		}

		// Messages output.
		if ( ! empty( $success_messages ) ) {
			echo '<div class="notice notice-success is-dismissible">';
			foreach ( $success_messages as $message ) {
				echo '<p>' . esc_html( $message ) . '</p>';
			}
			echo '</div>';
		}

		if ( ! empty( $error_messages ) ) {
			echo '<div class="notice notice-error is-dismissible">';
			foreach ( $error_messages as $message ) {
				echo '<p>' . esc_html( $message ) . '</p>';
			}
			echo '</div>';
		}
	}
}

/**
 * Hook to capture user login and save the time to user meta.
 *
 * Capture the WordPress hook "wp_login" to save the last login time to user meta.
 *
 * @param string  $user_login The user login.
 * @param WP_User $user WP_User object.
 */
function euc_save_last_login( $user_login, $user ): void {
	update_user_meta( $user->ID, 'last_login', current_time( 'mysql' ) );
}
add_action( 'wp_login', 'euc_save_last_login', 10, 2 );

/**
 * Shows the page to find duplicate users.
 *
 * This function renders the page to find duplicate users, including a table
 * with the duplicated users and a button to delete selected users.
 *
 * @since 1.5
 */
function euc_show_duplicates_page(): void {
	// Verify if the current user has permission to view this page.
	euc_verify_permissions();

	// Retrieve duplicate users.
	$duplicates = euc_find_duplicate_users(); // This function should be defined elsewhere to find duplicates.

	?>
	<div class="wrap">
		<h2><span class="dashicons dashicons-groups"></span> <?php esc_html_e( 'Show users (probably) duplicated', 'email-user-cleaner' ); ?></h2>
		
		<form method="post" action="">
			<?php wp_nonce_field( 'euc_delete_duplicates_nonce', '_wpnonce' ); ?>

			<?php if ( ! empty( $duplicates ) ) : ?>
				<div class="euc_warning-box">
					<div class="euc_warning-icon">!</div>
					<div class="euc_warning-message">
						<?php esc_html_e( 'Remember that the deletion operation, if requested, cannot be undone.', 'email-user-cleaner' ); ?>
						<br /><strong><?php esc_html_e( 'Backup your database and proceed with caution', 'email-user-cleaner' ); ?></strong>.
					</div>
				</div>

				<table class="widefat fixed" cellspacing="0">
					<thead>
						<tr>
							<th scope="col" class="manage-column column-cb" style="width: 2%;"><input type="checkbox" id="cb-select-all"></th>
							<th scope="col" class="manage-column column-username"><?php esc_html_e( 'Username', 'email-user-cleaner' ); ?></th>
							<th scope="col" class="manage-column column-email"><?php esc_html_e( 'Email', 'email-user-cleaner' ); ?></th>
							<th scope="col" class="manage-column column-name"><?php esc_html_e( 'Full Name', 'email-user-cleaner' ); ?></th>
							<th scope="col" class="manage-column column-reason"><?php esc_html_e( 'Duplicate Criteria', 'email-user-cleaner' ); ?></th>
							<th scope="col" class="manage-column column-last-login"><?php esc_html_e( 'Last Login', 'email-user-cleaner' ); ?></th> <!-- New column for Last Login. -->
						</tr>
					</thead>
					<tbody>
						<?php foreach ( $duplicates as $duplicate_group ) : ?>
							<?php foreach ( $duplicate_group['users'] as $user ) : ?>
								<?php
								// Retrieve the last login time from user meta.
								$last_login = get_user_meta( $user->ID, 'last_login', true );

								// Format the last login date if available.
								$last_login_display = ! empty( $last_login ) ? gmdate( 'Y-m-d H:i:s', strtotime( $last_login ) ) : __( 'Never logged in', 'email-user-cleaner' );
								?>
								<tr>
									<th scope="row" class="check-column">
										<input type="checkbox" name="users_to_delete[]" value="<?php echo esc_attr( $user->ID ); ?>">
									</th>
									<td><?php echo esc_html( $user->user_login ); ?></td>
									<td><?php echo esc_html( $user->user_email ); ?></td>
									<td><?php echo esc_html( $user->first_name . ' ' . $user->last_name ); ?></td>
									<td><?php echo esc_html( $duplicate_group['criteria'] ); ?></td>
									<td><?php echo esc_html( $last_login_display ); ?></td> <!-- Display last login. -->
								</tr>
							<?php endforeach; ?>
							<tr><td colspan="6"><hr></td></tr>
						<?php endforeach; ?>
					</tbody>
				</table>
				<div style="margin-top: 20px;">
					<input type="submit" name="delete_selected" value="<?php esc_attr_e( 'Delete Selected Users', 'email-user-cleaner' ); ?>" class="button-primary" />
				</div>
			<?php else : ?>
				<p><?php esc_html_e( 'No duplicated users found.', 'email-user-cleaner' ); ?></p>
			<?php endif; ?>
		</form>
	</div>

	<script type="text/javascript">
		document.addEventListener('DOMContentLoaded', function() {
			const selectAllCheckbox = document.getElementById('cb-select-all');
			const checkboxes = document.querySelectorAll('input[name="users_to_delete[]"]');

			if (selectAllCheckbox) {
				selectAllCheckbox.addEventListener('change', function() {
					checkboxes.forEach(function(checkbox) {
						checkbox.checked = selectAllCheckbox.checked;
					});
				});
			}
		});
	</script>

	<?php
	// Handle the deletion of selected users.
	if ( isset( $_POST['delete_selected'] ) ) {
		// Verify nonce.
		if ( ! check_admin_referer( 'euc_delete_duplicates_nonce' ) ) {
			wp_die( esc_html__( 'Security check failed. Please try again.', 'email-user-cleaner' ) );
		}

		// Verify that the user has the necessary permissions.
		euc_verify_permissions();

		// Get the IDs of the users to delete.
		$users_to_delete = isset( $_POST['users_to_delete'] ) ? array_map( 'intval', $_POST['users_to_delete'] ) : array();

		// Delete selected users.
		foreach ( $users_to_delete as $user_id ) {
			$deleted = wp_delete_user( $user_id );
			if ( $deleted ) {
				// Translators: %d is the ID of the user that was successfully deleted.
				echo '<div class="notice notice-success is-dismissible">' . esc_html( sprintf( __( 'User with ID %d successfully deleted.', 'email-user-cleaner' ), $user_id ) ) . '</div>';
			} else {
				// Translators: %d is the ID of the user that could not be deleted.
				echo '<div class="notice notice-error is-dismissible">' . esc_html( sprintf( __( 'Error deleting user with ID %d.', 'email-user-cleaner' ), $user_id ) ) . '</div>';
			}
		}
	}
}

/**
 * Helper function to add duplicate users to the duplicates list.
 *
 * @param array  $map Map of duplicates based on a specific criteria (e.g., email or full name).
 * @param string $criteria Criteria by which duplicates are determined.
 * @param array  $duplicates Reference to the array where duplicates are collected.
 */
function add_duplicates_to_list( array $map, string $criteria, array &$duplicates ): void {
	foreach ( $map as $key => $users_with_same_key ) {
		// Check if there are multiple users with the same key (e.g., email or full name).
		if ( count( $users_with_same_key ) > 1 ) {
			// Add these users to the duplicates list with the appropriate criteria.
			$duplicates[] = array(
				'criteria' => $criteria,
				'users'    => $users_with_same_key,
			);
		}
	}
}

/**
 * Finds duplicate users based on email and full names.
 *
 * This function finds duplicates among all WordPress users based on their email and full names.
 * It returns an array of arrays, with each sub-array containing users with the same criteria.
 * The criteria is described in the 'criteria' key of each sub-array.
 *
 * @return array Array of arrays, with each sub-array containing users with the same criteria.
 */
function euc_find_duplicate_users(): array {
	$users      = get_users();
	$duplicates = array();
	$email_map  = array();
	$name_map   = array();

	// Find duplicates based on email and full names in a single loop.
	foreach ( $users as $user ) {
		// Check for duplicates by email.
		$user_email = $user->user_email;
		if ( isset( $email_map[ $user_email ] ) ) {
			// If email already exists in the map, add this user to the existing array.
			$email_map[ $user_email ][] = $user;
		} else {
			// Otherwise, create a new array with this user.
			$email_map[ $user_email ] = array( $user );
		}

		// Check for duplicates by full name.
		$full_name = strtolower( trim( $user->first_name . ' ' . $user->last_name ) );
		if ( isset( $name_map[ $full_name ] ) ) {
			// If full name already exists in the map, add this user to the existing array.
			$name_map[ $full_name ][] = $user;
		} else {
			// Otherwise, create a new array with this user.
			$name_map[ $full_name ] = array( $user );
		}
	}

	// Use the helper function to add duplicate users to the final duplicates list.
	add_duplicates_to_list( $email_map, 'Email', $duplicates );
	add_duplicates_to_list( $name_map, 'Full Name', $duplicates );

	return $duplicates;
}

// Add user deletion function to admin_init hook.
add_action( 'admin_action_euc_export_users_csv', 'euc_export_users_csv' );