Advanced Access Manager - Version 5.1.1

Version Description

  • Fixed the issue with Multisite Network notification
  • Fixed the minor bug with login message for "Redirect to login form"
  • Deleted redundant AAM_Core_Log class
  • Improved and refactored AAM Core Login functionality for upcoming REST API control extension
Download this release

Release Info

Developer vasyl_m
Plugin Icon 128x128 Advanced Access Manager
Version 5.1.1
Comparing to
See all releases

Code changes from version 5.1 to 5.1.1

Files changed (6) hide show
  1. Application/Backend/phtml/index.phtml +1 -2
  2. Application/Core/API.php +1 -1
  3. Application/Core/Log.php +0 -47
  4. Application/Core/Login.php +163 -105
  5. aam.php +1 -1
  6. readme.txt +7 -1
Application/Backend/phtml/index.phtml CHANGED
@@ -98,8 +98,7 @@
98
  <i class='icon-attention-circled'></i> <span><?php echo __('AAM Multisite', AAM_KEY); ?></span>
99
  </h3>
100
  <div class="inside">
101
- <p class="aam-info"><?php echo AAM_Backend_View_Helper::preparePhrase('Install free [AAM Multisite extension] in order to manage all your sites from Network Admin', 'b'); ?></p>
102
- <p class="text-center"><a href="#" class="btn btn-sm btn-primary aam-download-extension" data-license="AAMMULTISITE"><i class="icon-download-cloud"></i> <?php echo __('Install AAM Multisite', AAM_KEY); ?></a></p>
103
  </div>
104
  </div>
105
  </div>
98
  <i class='icon-attention-circled'></i> <span><?php echo __('AAM Multisite', AAM_KEY); ?></span>
99
  </h3>
100
  <div class="inside">
101
+ <p class="aam-info"><?php echo AAM_Backend_View_Helper::preparePhrase('Install free [AAM Multisite extension] in order to manage all your sites from the Network Admin.', 'b'); ?></p>
 
102
  </div>
103
  </div>
104
  </div>
Application/Core/API.php CHANGED
@@ -237,7 +237,7 @@ final class AAM_Core_API {
237
 
238
  if (!empty($type) && ($type == 'login')) {
239
  $redirect = add_query_arg(
240
- array('aam-redirect' => 'login'),
241
  wp_login_url(AAM_Core_Request::server('REQUEST_URI'))
242
  );
243
  } elseif (!empty($type) && ($type != 'default')) {
237
 
238
  if (!empty($type) && ($type == 'login')) {
239
  $redirect = add_query_arg(
240
+ array('reason' => 'restricted'),
241
  wp_login_url(AAM_Core_Request::server('REQUEST_URI'))
242
  );
243
  } elseif (!empty($type) && ($type != 'default')) {
Application/Core/Log.php DELETED
@@ -1,47 +0,0 @@
1
- <?php
2
-
3
- /**
4
- * ======================================================================
5
- * LICENSE: This file is subject to the terms and conditions defined in *
6
- * file 'license.txt', which is part of this source code package. *
7
- * ======================================================================
8
- */
9
-
10
- /**
11
- * AAM Core Log
12
- *
13
- * @package AAM
14
- * @author Vasyl Martyniuk <vasyl@vasyltech.com>
15
- */
16
- class AAM_Core_Log {
17
-
18
- /**
19
- * Add new warning
20
- *
21
- * @param string $message
22
- *
23
- * @return void
24
- *
25
- * @access public
26
- * @static
27
- */
28
- public static function add($message) {
29
- $basedir = WP_CONTENT_DIR . '/aam/logs';
30
- $ok = file_exists($basedir);
31
-
32
- if (!$ok) {
33
- $ok = @mkdir($basedir, fileperms( ABSPATH ) & 0777 | 0755, true);
34
- }
35
-
36
- if ($ok) {
37
- $ok = error_log(
38
- '[' . date('Y-m-d H:i:s') . '] ' . $message . "\n",
39
- 3,
40
- $basedir . '/aam.log'
41
- );
42
- }
43
-
44
- return $ok;
45
- }
46
-
47
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Application/Core/Login.php CHANGED
@@ -16,44 +16,68 @@
16
  class AAM_Core_Login {
17
 
18
  /**
19
- *
20
- * @var type
 
 
 
 
 
 
21
  */
22
  protected $aamLogin = false;
23
 
24
  /**
25
- *
26
- * @var type
 
 
 
 
27
  */
28
  protected static $instance = null;
29
 
30
  /**
 
 
 
31
  *
 
32
  */
33
  protected function __construct() {
34
- //login hook
35
  add_action('wp_login', array($this, 'login'), 10, 2);
 
 
36
  add_action('wp_logout', array($this, 'logout'));
37
 
38
  //user login control
39
- add_filter('wp_authenticate_user', array($this, 'authenticate'), 1, 2);
40
 
41
  //login process
42
  add_filter('login_message', array($this, 'loginMessage'));
43
 
44
  //security controls
45
- add_action('login_form_login', array($this, 'watch'), 1);
46
  }
47
 
48
  /**
 
 
 
 
49
  *
50
- * @param type $username
51
- * @param type $user
 
52
  */
53
  public function login($username, $user = null) {
54
  if (is_a($user, 'WP_User')) {
55
- $this->updateLoginCounter(-1);
 
 
56
 
 
57
  AAM_Core_API::deleteOption('aam-user-switch-' . $user->ID);
58
 
59
  if ($this->aamLogin === false) {
@@ -67,27 +91,11 @@ class AAM_Core_Login {
67
  }
68
 
69
  /**
 
70
  *
71
- * @param type $user
72
- * @return type
73
- */
74
- protected function getLoginRedirect($user) {
75
- $redirect = null;
76
- $subject = new AAM_Core_Subject_User($user->ID);
77
- $object = $subject->getObject('loginRedirect');
78
-
79
- //if Login redirect is defined
80
- $type = $object->get('login.redirect.type');
81
-
82
- if (!empty($type) && $type !== 'default') {
83
- $redirect = $object->get("login.redirect.{$type}");
84
- }
85
-
86
- return $redirect;
87
- }
88
-
89
- /**
90
  *
 
91
  */
92
  public function logout() {
93
  $object = AAM::getUser()->getObject('logoutRedirect');
@@ -100,88 +108,159 @@ class AAM_Core_Login {
100
  }
101
 
102
  /**
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
103
  *
104
- * @param type $message
105
- * @return type
 
106
  */
107
  public function loginMessage($message) {
108
  $reason = AAM_Core_Request::get('reason');
109
 
110
- if (empty($message) && ($reason == 'access-denied')) {
111
- $message = AAM_Core_Config::get(
112
- 'login.redirect.message',
113
- '<p class="message">' . __('Access denied. Please login to get access.', AAM_KEY) . '</p>'
114
- );
 
 
 
 
 
 
115
  }
116
 
117
  return $message;
118
  }
119
-
120
  /**
 
121
  *
 
122
  */
123
- public function watch() {
124
- //Login Timeout
125
  if (AAM_Core_Config::get('login-timeout', false)) {
126
  @sleep(intval(AAM_Core_Config::get('security.login.timeout', 1)));
127
  }
128
 
129
- //Brute Force Lockout
130
  if (AAM_Core_Config::get('brute-force-lockout', false)) {
131
  $this->updateLoginCounter(1);
132
  }
 
 
133
  }
134
 
135
  /**
136
- * Control User Block flag
137
- *
138
- * @param WP_Error $user
139
- *
140
- * @return WP_Error|WP_User
141
- *
142
- * @access public
143
  */
144
- public function authenticate($user) {
145
- if (is_a($user, 'WP_User') && $user->user_status == 1) {
146
- $user = new WP_Error();
 
147
 
148
- $message = 'ERROR]: User is locked. Please contact your website ';
149
- $message .= 'administrator.';
150
 
151
- $user->add(
152
- 'authentication_failed',
153
- AAM_Backend_View_Helper::preparePhrase($message, 'strong')
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
154
  );
 
155
  }
156
 
157
- return $user;
 
 
 
 
 
158
  }
159
 
160
  /**
 
 
 
161
  *
162
- * @return type
163
- * @throws Exception
164
  */
165
- public function execute() {
166
  $this->aamLogin = true;
167
 
168
  $response = array(
169
- 'status' => 'failure',
170
  'redirect' => AAM_Core_Request::post('redirect')
171
  );
172
 
173
  $log = sanitize_user(AAM_Core_Request::post('log'));
174
 
175
  try {
176
- $user = wp_signon(array(), $this->checkUserSSL($log));
177
 
178
  if (is_wp_error($user)) {
179
  Throw new Exception($user->get_error_message());
180
  }
181
- $redirect = $this->getLoginRedirect($user);
182
 
183
  if (empty($response['redirect'])) {
184
- $response['redirect'] = ($redirect ? $this->normalizeRedirect($redirect) : admin_url());
 
185
  }
186
 
187
  $response['status'] = 'success';
@@ -193,11 +272,15 @@ class AAM_Core_Login {
193
  }
194
 
195
  /**
 
 
 
196
  *
197
- * @param type $redirect
198
- * @return type
 
199
  */
200
- protected function normalizeRedirect($redirect) {
201
  $normalized = null;
202
 
203
  if (filter_var($redirect, FILTER_VALIDATE_URL)) {
@@ -212,46 +295,13 @@ class AAM_Core_Login {
212
  }
213
 
214
  /**
 
215
  *
216
- * @param type $increment
217
- */
218
- protected function updateLoginCounter($increment) {
219
- $attempts = get_transient('aam_login_attemtps');
220
-
221
- if ($attempts !== false) {
222
- $timeout = get_option('_transient_timeout_aam_login_attemtps') - time();
223
- $attempts = intval($attempts) + $increment;
224
- } else {
225
- $attempts = 1;
226
- $timeout = strtotime(
227
- '+' . AAM_Core_Config::get('security.login.period', '20 minutes')
228
- ) - time();
229
- }
230
-
231
- if ($attempts >= AAM_Core_Config::get('security.login.attempts', 20)) {
232
- wp_safe_redirect(site_url('index.php'));
233
- exit;
234
- } else {
235
- set_transient('aam_login_attemtps', $attempts, $timeout);
236
- }
237
- }
238
-
239
- /**
240
- *
241
- * @param type $log
242
- * @param type $pwd
243
- * @throws Exception
244
- */
245
- protected function validate($log, $pwd) {
246
- if (empty($log) || empty($pwd)) {
247
- Throw new Exception(__('Username and password are required', AAM_KEY));
248
- }
249
- }
250
-
251
- /**
252
  *
253
- * @param type $log
254
  * @return boolean
 
 
255
  */
256
  protected function checkUserSSL($log) {
257
  $secure = false;
@@ -268,8 +318,12 @@ class AAM_Core_Login {
268
  }
269
 
270
  /**
 
271
  *
272
- * @return type
 
 
 
273
  */
274
  public static function getInstance() {
275
  if (is_null(self::$instance)) {
@@ -280,8 +334,12 @@ class AAM_Core_Login {
280
  }
281
 
282
  /**
 
283
  *
284
- * @return type
 
 
 
285
  */
286
  public static function bootstrap() {
287
  return self::getInstance();
16
  class AAM_Core_Login {
17
 
18
  /**
19
+ * AAM Login flag
20
+ *
21
+ * Is used to indicate that the user authentication process is handled by
22
+ * AAM plugin. Important to differentiate to avoid redirects
23
+ *
24
+ * @var boolean
25
+ *
26
+ * @access protected
27
  */
28
  protected $aamLogin = false;
29
 
30
  /**
31
+ * Single instance of itself
32
+ *
33
+ * @var AAM_Core_Login
34
+ *
35
+ * @access protected
36
+ * @static
37
  */
38
  protected static $instance = null;
39
 
40
  /**
41
+ * Constructor
42
+ *
43
+ * @return void
44
  *
45
+ * @access protected
46
  */
47
  protected function __construct() {
48
+ // Fires after the user has successfully logged in
49
  add_action('wp_login', array($this, 'login'), 10, 2);
50
+
51
+ // Fired after the user has been logged out successfully
52
  add_action('wp_logout', array($this, 'logout'));
53
 
54
  //user login control
55
+ add_filter('wp_authenticate_user', array($this, 'checkLockedUser'), 1, 2);
56
 
57
  //login process
58
  add_filter('login_message', array($this, 'loginMessage'));
59
 
60
  //security controls
61
+ add_filter('authenticate', array($this, 'authenticate'), -1);
62
  }
63
 
64
  /**
65
+ * Fires after the user has successfully logged in
66
+ *
67
+ * @param string $username Username
68
+ * @param WP_User $user Current user
69
  *
70
+ * @return void
71
+ *
72
+ * @access public
73
  */
74
  public function login($username, $user = null) {
75
  if (is_a($user, 'WP_User')) {
76
+ if (AAM_Core_Config::get('brute-force-lockout', false)) {
77
+ $this->updateLoginCounter(-1);
78
+ }
79
 
80
+ // Delete User Switch flag in case admin is inpersonating user
81
  AAM_Core_API::deleteOption('aam-user-switch-' . $user->ID);
82
 
83
  if ($this->aamLogin === false) {
91
  }
92
 
93
  /**
94
+ * Logout redirect
95
  *
96
+ * @return void
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
97
  *
98
+ * @access public
99
  */
100
  public function logout() {
101
  $object = AAM::getUser()->getObject('logoutRedirect');
108
  }
109
 
110
  /**
111
+ * Control User Block flag
112
+ *
113
+ * @param WP_Error $user
114
+ *
115
+ * @return WP_Error|WP_User
116
+ *
117
+ * @access public
118
+ */
119
+ public function checkLockedUser($user) {
120
+ if (is_a($user, 'WP_User') && $user->user_status == 1) {
121
+ $user = new WP_Error();
122
+
123
+ $message = '[ERROR]: User is locked. Please contact your website ';
124
+ $message .= 'administrator.';
125
+
126
+ $user->add(
127
+ 'authentication_failed',
128
+ AAM_Backend_View_Helper::preparePhrase($message, 'strong')
129
+ );
130
+ }
131
+
132
+ return $user;
133
+ }
134
+
135
+ /**
136
+ * Customize login message
137
+ *
138
+ * @param string $message
139
  *
140
+ * @return string
141
+ *
142
+ * @access public
143
  */
144
  public function loginMessage($message) {
145
  $reason = AAM_Core_Request::get('reason');
146
 
147
+ if (empty($message)) {
148
+ if ($reason == 'restricted') {
149
+ $message = AAM_Core_Config::get(
150
+ 'login.redirect.message',
151
+ '<p class="message">' .
152
+ __('Access denied. Please login to get access.', AAM_KEY) .
153
+ '</p>'
154
+ );
155
+ } else {
156
+ $message = apply_filters('aam-login-message-filter', $message);
157
+ }
158
  }
159
 
160
  return $message;
161
  }
162
+
163
  /**
164
+ * Authentication hooks
165
  *
166
+ * @param mixed $response
167
  */
168
+ public function authenticate($response) {
169
+ // Login Timeout
170
  if (AAM_Core_Config::get('login-timeout', false)) {
171
  @sleep(intval(AAM_Core_Config::get('security.login.timeout', 1)));
172
  }
173
 
174
+ // Brute Force Lockout
175
  if (AAM_Core_Config::get('brute-force-lockout', false)) {
176
  $this->updateLoginCounter(1);
177
  }
178
+
179
+ return $response;
180
  }
181
 
182
  /**
183
+ * Get AAM Login Redirect rule
184
+ *
185
+ * @param WP_User $user
186
+ *
187
+ * @return null|string
188
+ *
189
+ * @access protected
190
  */
191
+ protected function getLoginRedirect($user) {
192
+ $redirect = null;
193
+ $subject = new AAM_Core_Subject_User($user->ID);
194
+ $object = $subject->getObject('loginRedirect');
195
 
196
+ //if Login redirect is defined
197
+ $type = $object->get('login.redirect.type');
198
 
199
+ if (!empty($type) && $type !== 'default') {
200
+ $redirect = $object->get("login.redirect.{$type}");
201
+ }
202
+
203
+ return $redirect;
204
+ }
205
+
206
+ /**
207
+ * Update login counter
208
+ *
209
+ * @param int $increment
210
+ *
211
+ * @return void
212
+ *
213
+ * @access protected
214
+ */
215
+ protected function updateLoginCounter($increment) {
216
+ $attempts = get_transient('aam_login_attemtps');
217
+
218
+ if ($attempts !== false) {
219
+ $timeout = get_option('_transient_timeout_aam_login_attemtps') - time();
220
+ $attempts = intval($attempts) + $increment;
221
+ } else {
222
+ $attempts = 1;
223
+ $period = strtotime(
224
+ AAM_Core_Config::get('security.login.period', '20 minutes')
225
  );
226
+ $timeout = $period - time();
227
  }
228
 
229
+ if ($attempts >= AAM_Core_Config::get('security.login.attempts', 20)) {
230
+ wp_safe_redirect(site_url('index.php'));
231
+ exit;
232
+ } else {
233
+ set_transient('aam_login_attemtps', $attempts, $timeout);
234
+ }
235
  }
236
 
237
  /**
238
+ * Handle WP core login
239
+ *
240
+ * @return array
241
  *
242
+ * @access public
 
243
  */
244
+ public function execute($credentials = array()) {
245
  $this->aamLogin = true;
246
 
247
  $response = array(
248
+ 'status' => 'failure',
249
  'redirect' => AAM_Core_Request::post('redirect')
250
  );
251
 
252
  $log = sanitize_user(AAM_Core_Request::post('log'));
253
 
254
  try {
255
+ $user = wp_signon($credentials, $this->checkUserSSL($log));
256
 
257
  if (is_wp_error($user)) {
258
  Throw new Exception($user->get_error_message());
259
  }
 
260
 
261
  if (empty($response['redirect'])) {
262
+ $goto = $this->getLoginRedirect($user);
263
+ $response['redirect'] = ($goto ? $this->normalizeRule($goto) : admin_url());
264
  }
265
 
266
  $response['status'] = 'success';
272
  }
273
 
274
  /**
275
+ * Normalize redirect rule
276
+ *
277
+ * @param mixed $redirect
278
  *
279
+ * @return string
280
+ *
281
+ * @access protected
282
  */
283
+ protected function normalizeRule($redirect) {
284
  $normalized = null;
285
 
286
  if (filter_var($redirect, FILTER_VALIDATE_URL)) {
295
  }
296
 
297
  /**
298
+ * Check user SSL status
299
  *
300
+ * @param string $log
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
301
  *
 
302
  * @return boolean
303
+ *
304
+ * @access protected
305
  */
306
  protected function checkUserSSL($log) {
307
  $secure = false;
318
  }
319
 
320
  /**
321
+ * Get single instance of itself
322
  *
323
+ * @return AAM_Core_Login
324
+ *
325
+ * @access public
326
+ * @static
327
  */
328
  public static function getInstance() {
329
  if (is_null(self::$instance)) {
334
  }
335
 
336
  /**
337
+ * Bootstrap AAM Login feature
338
  *
339
+ * @return AAM_Core_Login
340
+ *
341
+ * @access public
342
+ * @static
343
  */
344
  public static function bootstrap() {
345
  return self::getInstance();
aam.php CHANGED
@@ -3,7 +3,7 @@
3
  /**
4
  Plugin Name: Advanced Access Manager
5
  Description: All you need to manage access to your WordPress website
6
- Version: 5.1
7
  Author: Vasyl Martyniuk <vasyl@vasyltech.com>
8
  Author URI: https://vasyltech.com
9
 
3
  /**
4
  Plugin Name: Advanced Access Manager
5
  Description: All you need to manage access to your WordPress website
6
+ Version: 5.1.1
7
  Author: Vasyl Martyniuk <vasyl@vasyltech.com>
8
  Author URI: https://vasyltech.com
9
 
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: vasyltech
3
  Tags: access, role, user, capability, page access, post access, comments, security, login redirect, brute force attack, double authentication, membership, backend lockdown, wp-admin, 404, activity tracking
4
  Requires at least: 3.8
5
  Tested up to: 4.9.4
6
- Stable tag: 5.1
7
 
8
  The most powerful access management plugin for WordPress websites.
9
 
@@ -61,6 +61,12 @@ https://www.youtube.com/watch?v=yiOhjaacNJc
61
 
62
  == Changelog ==
63
 
 
 
 
 
 
 
64
  = 5.1 =
65
  * Fixed sever minor bugs reported by users
66
  * Added free social login extension (alpha version undocumented)
3
  Tags: access, role, user, capability, page access, post access, comments, security, login redirect, brute force attack, double authentication, membership, backend lockdown, wp-admin, 404, activity tracking
4
  Requires at least: 3.8
5
  Tested up to: 4.9.4
6
+ Stable tag: 5.1.1
7
 
8
  The most powerful access management plugin for WordPress websites.
9
 
61
 
62
  == Changelog ==
63
 
64
+ = 5.1.1 =
65
+ * Fixed the issue with Multisite Network notification
66
+ * Fixed the minor bug with login message for "Redirect to login form"
67
+ * Deleted redundant AAM_Core_Log class
68
+ * Improved and refactored AAM Core Login functionality for upcoming REST API control extension
69
+
70
  = 5.1 =
71
  * Fixed sever minor bugs reported by users
72
  * Added free social login extension (alpha version undocumented)