All In One WP Security & Firewall

Version Description

Improved the login captcha implementation
Changed the management permission to manage_options

Release Info

Developer	mra13
Plugin	All In One WP Security & Firewall
Version	2.8.1
Comparing to
See all releases

Code changes from version 2.8 to 2.8.1

Files changed (9) hide show

admin/wp-security-spam-menu.php +3 -0
admin/wp-security-user-login-menu.php +2 -0
classes/wp-security-captcha.php +11 -6
classes/wp-security-configure-settings.php +2 -3
classes/wp-security-general-init-tasks.php +6 -3
classes/wp-security-user-login.php +3 -1
readme.txt +4 -0
wp-security-core.php +2 -2
wp-security.php +2 -2

admin/wp-security-spam-menu.php CHANGED Viewed

	@@ -76,6 +76,9 @@ class AIOWPSecurity_Spam_Menu extends AIOWPSecurity_Admin_Menu
76	}
77
78	//Save settings



79	$aio_wp_security->configs->set_value('aiowps_enable_comment_captcha',isset($_POST["aiowps_enable_comment_captcha"])?'1':'');
80	$aio_wp_security->configs->set_value('aiowps_enable_spambot_blocking',isset($_POST["aiowps_enable_spambot_blocking"])?'1':'');
81


76	}
77
78	//Save settings
79	+ $random_20_digit_string = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(20); //Generate random 20 char string for use during captcha encode/decode
80	+ $aio_wp_security->configs->set_value('aiowps_captcha_secret_key', $random_20_digit_string);
81	+
82	$aio_wp_security->configs->set_value('aiowps_enable_comment_captcha',isset($_POST["aiowps_enable_comment_captcha"])?'1':'');
83	$aio_wp_security->configs->set_value('aiowps_enable_spambot_blocking',isset($_POST["aiowps_enable_spambot_blocking"])?'1':'');
84

admin/wp-security-user-login-menu.php CHANGED Viewed

	@@ -268,6 +268,8 @@ class AIOWPSecurity_User_Login_Menu extends AIOWPSecurity_Admin_Menu
268
269
270	//Save all the form values to the options


271	$aio_wp_security->configs->set_value('aiowps_enable_login_captcha',isset($_POST["aiowps_enable_login_captcha"])?'1':'');
272	$aio_wp_security->configs->save_config();
273


268
269
270	//Save all the form values to the options
271	+ $random_20_digit_string = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(20); //Generate random 20 char string for use during captcha encode/decode
272	+ $aio_wp_security->configs->set_value('aiowps_captcha_secret_key', $random_20_digit_string);
273	$aio_wp_security->configs->set_value('aiowps_enable_login_captcha',isset($_POST["aiowps_enable_login_captcha"])?'1':'');
274	$aio_wp_security->configs->save_config();
275

classes/wp-security-captcha.php CHANGED Viewed

	@@ -18,6 +18,7 @@ class AIOWPSecurity_Captcha
18
19	function generate_maths_question()
20	{

21	//For now we will only do plus, minus, multiplication
22	$equation_string = '';
23	$operator_type = array('+', '−', '×');
	@@ -53,30 +54,34 @@ class AIOWPSecurity_Captcha
53	{
54	//Addition
55	$result = $first_digit+$second_digit;
56	- $equation_string = $first_operand . ' ' . $operator . ' ' . $second_operand . ' = ';
57	}
58	else if($operator === '−')
59	{
60	//Subtraction
61	//If we are going to be negative let's swap operands around
62	if($first_digit < $second_digit){
63	- $equation_string = $second_operand . ' ' . $operator . ' ' . $first_operand . ' = ';
64	$result = $second_digit-$first_digit;
65	}else{
66	- $equation_string = $first_operand . ' ' . $operator . ' ' . $second_operand . ' = ';
67	$result = $first_digit-$second_digit;
68	}
69	}
70	elseif($operator === '×')
71	{
72	//Multiplication
73	- $equation_string = $first_operand . ' ' . $operator . ' ' . $second_operand . ' = ';
74	$result = $first_digit*$second_digit;
75	}
76






77	$equation_string .= '<input type="text" size="2" length="2" id="aiowps-captcha-answer" name="aiowps-captcha-answer" value="" />';
78	- //Save the result in a transient
79	- AIOWPSecurity_Utility::is_multisite_install() ? set_site_transient('aiowps_captcha', $result, 120) : set_transient('aiowps_captcha', $result, 120);
80	return $equation_string;
81	}
82


18
19	function generate_maths_question()
20	{
21	+ global $aio_wp_security;
22	//For now we will only do plus, minus, multiplication
23	$equation_string = '';
24	$operator_type = array('+', '−', '×');

54	{
55	//Addition
56	$result = $first_digit+$second_digit;
57	+ $equation_string .= $first_operand . ' ' . $operator . ' ' . $second_operand . ' = ';
58	}
59	else if($operator === '−')
60	{
61	//Subtraction
62	//If we are going to be negative let's swap operands around
63	if($first_digit < $second_digit){
64	+ $equation_string .= $second_operand . ' ' . $operator . ' ' . $first_operand . ' = ';
65	$result = $second_digit-$first_digit;
66	}else{
67	+ $equation_string .= $first_operand . ' ' . $operator . ' ' . $second_operand . ' = ';
68	$result = $first_digit-$second_digit;
69	}
70	}
71	elseif($operator === '×')
72	{
73	//Multiplication
74	+ $equation_string .= $first_operand . ' ' . $operator . ' ' . $second_operand . ' = ';
75	$result = $first_digit*$second_digit;
76	}
77
78	+ //Let's encode correct answer
79	+ $captcha_secret_string = $aio_wp_security->configs->get_value('aiowps_captcha_secret_key');
80	+ $current_time = time();
81	+ $enc_result = base64_encode($current_time.$captcha_secret_string.$result);
82	+ $equation_string .= '<input type="hidden" name="aiowps-captcha-string-info" id="aiowps-captcha-string-info" value="'.$enc_result.'" />';
83	+ $equation_string .= '<input type="hidden" name="aiowps-captcha-temp-string" id="aiowps-captcha-temp-string" value="'.$current_time.'" />';
84	$equation_string .= '<input type="text" size="2" length="2" id="aiowps-captcha-answer" name="aiowps-captcha-answer" value="" />';


85	return $equation_string;
86	}
87

classes/wp-security-configure-settings.php CHANGED Viewed

	@@ -32,6 +32,7 @@ class AIOWPSecurity_Configure_Settings
32
33	//Captcha feature
34	$aio_wp_security->configs->set_value('aiowps_enable_login_captcha','');//Checkbox

35
36	//Login Whitelist feature
37	$aio_wp_security->configs->set_value('aiowps_enable_whitelisting','');//Checkbox
	@@ -122,6 +123,7 @@ class AIOWPSecurity_Configure_Settings
122
123	//Captcha feature
124	$aio_wp_security->configs->add_value('aiowps_enable_login_captcha','');//Checkbox

125
126	//Login Whitelist feature
127	$aio_wp_security->configs->add_value('aiowps_enable_whitelisting','');//Checkbox
	@@ -210,9 +212,6 @@ class AIOWPSecurity_Configure_Settings
210	$aio_wp_security->configs->set_value('aiowps_prevent_default_wp_file_access','');//Checkbox
211
212	$aio_wp_security->configs->set_value('aiowps_enable_spambot_blocking','');//Checkbox
213	- $aio_wp_security->configs->set_value('aiowps_enable_login_captcha','');//Checkbox
214	- $aio_wp_security->configs->set_value('aiowps_enable_comment_captcha','');//Checkbox
215	-
216
217	$aio_wp_security->configs->save_config();
218	}


32
33	//Captcha feature
34	$aio_wp_security->configs->set_value('aiowps_enable_login_captcha','');//Checkbox
35	+ $aio_wp_security->configs->set_value('aiowps_captcha_secret_key',AIOWPSecurity_Utility::generate_alpha_numeric_random_string(20));//Hidden secret value which will be used to do some captcha processing. This will be assigned a random string generated when captcha settings saved
36
37	//Login Whitelist feature
38	$aio_wp_security->configs->set_value('aiowps_enable_whitelisting','');//Checkbox

123
124	//Captcha feature
125	$aio_wp_security->configs->add_value('aiowps_enable_login_captcha','');//Checkbox
126	+ $aio_wp_security->configs->add_value('aiowps_captcha_secret_key',AIOWPSecurity_Utility::generate_alpha_numeric_random_string(20));//Hidden secret value which will be used to do some captcha processing. This will be assigned a random string generated when captcha settings saved
127
128	//Login Whitelist feature
129	$aio_wp_security->configs->add_value('aiowps_enable_whitelisting','');//Checkbox

212	$aio_wp_security->configs->set_value('aiowps_prevent_default_wp_file_access','');//Checkbox
213
214	$aio_wp_security->configs->set_value('aiowps_enable_spambot_blocking','');//Checkbox



215
216	$aio_wp_security->configs->save_config();
217	}

classes/wp-security-general-init-tasks.php CHANGED Viewed

	@@ -119,7 +119,8 @@ class AIOWPSecurity_General_Init_Tasks
119	}
120
121	function process_comment_post( $comment )
122	- {

123	if (is_user_logged_in()) {
124	return $comment;
125	}
	@@ -141,8 +142,10 @@ class AIOWPSecurity_General_Init_Tasks
141	if ($_REQUEST['aiowps-captcha-answer'] == ''){
142	wp_die( __('Please enter an answer in the CAPTCHA field.', 'aiowpsecurity' ) );
143	}
144	-
145	- ~~if (~~$~~_REQUEST['aiowps-captcha-answer']~~ ~~===~~ ~~get_transient~~('~~aiowps_captcha~~')){


146	//Correct answer given
147	return($comment);
148	}else{


119	}
120
121	function process_comment_post( $comment )
122	+ {
123	+ global $aio_wp_security;
124	if (is_user_logged_in()) {
125	return $comment;
126	}

142	if ($_REQUEST['aiowps-captcha-answer'] == ''){
143	wp_die( __('Please enter an answer in the CAPTCHA field.', 'aiowpsecurity' ) );
144	}
145	+ $captcha_answer = trim($_REQUEST['aiowps-captcha-answer']);
146	+ $captcha_secret_string = $aio_wp_security->configs->get_value('aiowps_captcha_secret_key');
147	+ $submitted_encoded_string = base64_encode($_POST['aiowps-captcha-temp-string'].$captcha_secret_string.$captcha_answer);
148	+ if ($_REQUEST['aiowps-captcha-string-info'] === $submitted_encoded_string){
149	//Correct answer given
150	return($comment);
151	}else{

classes/wp-security-user-login.php CHANGED Viewed

	@@ -46,7 +46,9 @@ class AIOWPSecurity_User_Login
46	if (array_key_exists('aiowps-captcha-answer', $_POST)) //If the login form with captcha was submitted then do some processing
47	{
48	isset($_POST['aiowps-captcha-answer'])?$captcha_answer = strip_tags(trim($_POST['aiowps-captcha-answer'])): $captcha_answer = '';
49	- ~~if(~~$~~captcha_answer~~ ~~!==~~ ~~get_transient~~('~~aiowps_captcha~~'))


50	{
51	//This means a wrong answer was entered
52	$this->increment_failed_logins($username);


46	if (array_key_exists('aiowps-captcha-answer', $_POST)) //If the login form with captcha was submitted then do some processing
47	{
48	isset($_POST['aiowps-captcha-answer'])?$captcha_answer = strip_tags(trim($_POST['aiowps-captcha-answer'])): $captcha_answer = '';
49	+ $captcha_secret_string = $aio_wp_security->configs->get_value('aiowps_captcha_secret_key');
50	+ $submitted_encoded_string = base64_encode($_POST['aiowps-captcha-temp-string'].$captcha_secret_string.$captcha_answer);
51	+ if($submitted_encoded_string !== $_POST['aiowps-captcha-string-info'])
52	{
53	//This means a wrong answer was entered
54	$this->increment_failed_logins($username);

readme.txt CHANGED Viewed

	@@ -142,6 +142,10 @@ None
142
143	== Changelog ==
144




145	= 2.8 =
146	- Added a feature to insert a simple math captcha to the WordPress comment form (to reduce comment spam). Check the spam prevention menu for this new feature.
147	- Fixed a minor bug with bulk unlock/delete in user login menu


142
143	== Changelog ==
144
145	+ = 2.8.1 =
146	+ - Improved the login captcha implementation
147	+ - Changed the management permission to manage_options
148	+
149	= 2.8 =
150	- Added a feature to insert a simple math captcha to the WordPress comment form (to reduce comment spam). Check the spam prevention menu for this new feature.
151	- Fixed a minor bug with bulk unlock/delete in user login menu

wp-security-core.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	if (!class_exists('AIO_WP_Security')){
4
5	class AIO_WP_Security{
6	- var $version = '2.8';
7	var $db_version = '1.3';
8	var $plugin_url;
9	var $plugin_path;
	@@ -55,7 +55,7 @@ class AIO_WP_Security{
55	define('AIO_WP_SECURITY_BACKUPS_DIR_NAME', 'aiowps_backups');
56	define('AIO_WP_SECURITY_BACKUPS_PATH', AIO_WP_SECURITY_PATH.'/backups');
57	define('AIO_WP_SECURITY_LIB_PATH', AIO_WP_SECURITY_PATH.'/lib');
58	- define('AIOWPSEC_MANAGEMENT_PERMISSION', '~~add_users~~');
59	define('AIOWPSEC_MENU_SLUG_PREFIX', 'aiowpsec');
60	define('AIOWPSEC_MAIN_MENU_SLUG', 'aiowpsec');
61	define('AIOWPSEC_SETTINGS_MENU_SLUG', 'aiowpsec_settings');


3	if (!class_exists('AIO_WP_Security')){
4
5	class AIO_WP_Security{
6	+ var $version = '2.8.1';
7	var $db_version = '1.3';
8	var $plugin_url;
9	var $plugin_path;

55	define('AIO_WP_SECURITY_BACKUPS_DIR_NAME', 'aiowps_backups');
56	define('AIO_WP_SECURITY_BACKUPS_PATH', AIO_WP_SECURITY_PATH.'/backups');
57	define('AIO_WP_SECURITY_LIB_PATH', AIO_WP_SECURITY_PATH.'/lib');
58	+ define('AIOWPSEC_MANAGEMENT_PERMISSION', 'manage_options');
59	define('AIOWPSEC_MENU_SLUG_PREFIX', 'aiowpsec');
60	define('AIOWPSEC_MAIN_MENU_SLUG', 'aiowpsec');
61	define('AIOWPSEC_SETTINGS_MENU_SLUG', 'aiowpsec_settings');

wp-security.php CHANGED Viewed

	@@ -1,8 +1,8 @@
1	<?php
2	/*
3	Plugin Name: All In One WP Security
4	- Version: v2.8
5	- Plugin URI: http://www.tipsandtricks-hq.com/
6	Author: Tips and Tricks HQ, Peter, Ruhul Amin
7	Author URI: http://www.tipsandtricks-hq.com/
8	Description: All round best WordPress security plugin!


1	<?php
2	/*
3	Plugin Name: All In One WP Security
4	+ Version: v2.8.1
5	+ Plugin URI: http://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin
6	Author: Tips and Tricks HQ, Peter, Ruhul Amin
7	Author URI: http://www.tipsandtricks-hq.com/
8	Description: All round best WordPress security plugin!

All In One WP Security & Firewall - Version 2.8.1

Version Description

Release Info

Code changes from version 2.8 to 2.8.1