All In One WP Security & Firewall

Version Description

Added new feature which automatically sets the status of newly registered wordpress user accounts to "pending" and allows manual approval by an administrator.
Improved robustness of file change detection iteration code.
WordPress 3.7 compatibility

Release Info

Developer	mra13
Plugin	All In One WP Security & Firewall
Version	2.9
Comparing to
See all releases

Code changes from version 2.8.1 to 2.9

Files changed (11) hide show

admin/wp-security-admin-init.php +8 -0
admin/wp-security-filescan-menu.php +1 -1
admin/wp-security-list-registered-users.php +211 -0
admin/wp-security-user-registration-menu.php +157 -0
classes/grade-system/wp-security-feature-item-manager.php +23 -1
classes/wp-security-file-scan.php +1 -1
classes/wp-security-user-login.php +12 -2
classes/wp-security-user-registration.php +43 -0
readme.txt +10 -2
wp-security-core.php +5 -1
wp-security.php +1 -1

admin/wp-security-admin-init.php CHANGED Viewed

	@@ -10,6 +10,7 @@ class AIOWPSecurity_Admin_Init
10	var $settings_menu;
11	var $user_accounts_menu;
12	var $user_login_menu;

13	var $db_security_menu;
14	var $filesystem_menu;
15	var $whois_menu;
	@@ -157,6 +158,7 @@ class AIOWPSecurity_Admin_Init
157	add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Settings', 'aiowpsecurity'), __('Settings', 'aiowpsecurity') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_SETTINGS_MENU_SLUG, array(&$this, 'handle_settings_menu_rendering'));
158	add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('User Accounts', 'aiowpsecurity'), __('User Accounts', 'aiowpsecurity') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_USER_ACCOUNTS_MENU_SLUG, array(&$this, 'handle_user_accounts_menu_rendering'));
159	add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('User Login', 'aiowpsecurity'), __('User Login', 'aiowpsecurity') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_USER_LOGIN_MENU_SLUG, array(&$this, 'handle_user_login_menu_rendering'));

160	add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Database Security', 'aiowpsecurity'), __('Database Security', 'aiowpsecurity') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_DB_SEC_MENU_SLUG, array(&$this, 'handle_database_menu_rendering'));
161	if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1){
162	//Suppress the firewall menu if site is a multi site AND not the main site
	@@ -209,6 +211,12 @@ class AIOWPSecurity_Admin_Init
209	$this->user_login_menu = new AIOWPSecurity_User_Login_Menu();
210	}
211






212	function handle_database_menu_rendering()
213	{
214	include_once('wp-security-database-menu.php');


10	var $settings_menu;
11	var $user_accounts_menu;
12	var $user_login_menu;
13	+ var $user_registration_menu;
14	var $db_security_menu;
15	var $filesystem_menu;
16	var $whois_menu;

158	add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Settings', 'aiowpsecurity'), __('Settings', 'aiowpsecurity') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_SETTINGS_MENU_SLUG, array(&$this, 'handle_settings_menu_rendering'));
159	add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('User Accounts', 'aiowpsecurity'), __('User Accounts', 'aiowpsecurity') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_USER_ACCOUNTS_MENU_SLUG, array(&$this, 'handle_user_accounts_menu_rendering'));
160	add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('User Login', 'aiowpsecurity'), __('User Login', 'aiowpsecurity') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_USER_LOGIN_MENU_SLUG, array(&$this, 'handle_user_login_menu_rendering'));
161	+ add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('User Registration', 'aiowpsecurity'), __('User Registration', 'aiowpsecurity') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_USER_REGISTRATION_MENU_SLUG, array(&$this, 'handle_user_registration_menu_rendering'));
162	add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Database Security', 'aiowpsecurity'), __('Database Security', 'aiowpsecurity') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_DB_SEC_MENU_SLUG, array(&$this, 'handle_database_menu_rendering'));
163	if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1){
164	//Suppress the firewall menu if site is a multi site AND not the main site

211	$this->user_login_menu = new AIOWPSecurity_User_Login_Menu();
212	}
213
214	+ function handle_user_registration_menu_rendering()
215	+ {
216	+ include_once('wp-security-user-registration-menu.php');
217	+ $this->user_registration_menu = new AIOWPSecurity_User_Registration_Menu();
218	+ }
219	+
220	function handle_database_menu_rendering()
221	{
222	include_once('wp-security-database-menu.php');

admin/wp-security-filescan-menu.php CHANGED Viewed

	@@ -228,7 +228,7 @@ class AIOWPSecurity_Filescan_Menu extends AIOWPSecurity_Admin_Menu
228	</form>
229	</div></div>
230	<div class="postbox">
231	- <h3><label for="title"><?php _e('~~Automated~~ File Change Detection', 'aiowpsecurity'); ?></label></h3>
232	<div class="inside">
233	<?php
234	//Display security info badge


228	</form>
229	</div></div>
230	<div class="postbox">
231	+ <h3><label for="title"><?php _e('File Change Detection Settings', 'aiowpsecurity'); ?></label></h3>
232	<div class="inside">
233	<?php
234	//Display security info badge

admin/wp-security-list-registered-users.php ADDED Viewed

	@@ -0,0 +1,211 @@


1	+ <?php
2	+
3	+ class AIOWPSecurity_List_Registered_Users extends AIOWPSecurity_List_Table {
4	+
5	+ function __construct(){
6	+ global $status, $page;
7	+
8	+ //Set parent defaults
9	+ parent::__construct( array(
10	+ 'singular' => 'item', //singular name of the listed records
11	+ 'plural' => 'items', //plural name of the listed records
12	+ 'ajax' => false //does this table support ajax?
13	+ ) );
14	+
15	+ }
16	+
17	+ function column_default($item, $column_name){
18	+ return $item[$column_name];
19	+ }
20	+
21	+ function column_ID($item){
22	+ //$tab = strip_tags($_REQUEST['tab']);
23	+ //Build row actions
24	+ $actions = array(
25	+ 'approve_acct' => sprintf('<a href="admin.php?page=%s&action=%s&user_id=%s" onclick="return confirm(\'Are you sure you want to approve this account?\')">Approve</a>',AIOWPSEC_USER_REGISTRATION_MENU_SLUG,'approve_acct',$item['ID']),
26	+ 'delete_acct' => sprintf('<a href="admin.php?page=%s&action=%s&user_id=%s" onclick="return confirm(\'Are you sure you want to delete this account?\')">Delete</a>',AIOWPSEC_USER_REGISTRATION_MENU_SLUG,'delete_acct',$item['ID']),
27	+ );
28	+
29	+ //Return the user_login contents
30	+ return sprintf('%1$s <span style="color:silver"></span>%2$s',
31	+ /$1%s/ $item['ID'],
32	+ /$2%s/ $this->row_actions($actions)
33	+ );
34	+ }
35	+
36	+
37	+ function column_cb($item){
38	+ return sprintf(
39	+ '<input type="checkbox" name="%1$s[]" value="%2$s" />',
40	+ /$1%s/ $this->_args['singular'], //Let's simply repurpose the table's singular label
41	+ /$2%s/ $item['ID'] //The value of the checkbox should be the record's id
42	+ );
43	+ }
44	+
45	+
46	+ function get_columns(){
47	+ $columns = array(
48	+ 'cb' => '<input type="checkbox" />', //Render a checkbox
49	+ 'ID' => 'User ID',
50	+ 'user_login' => 'Login Name',
51	+ 'user_email' => 'Email',
52	+ 'user_registered' => 'Register Date',
53	+ 'account_status' => 'Account Status'
54	+ );
55	+ return $columns;
56	+ }
57	+
58	+ function get_sortable_columns() {
59	+ $sortable_columns = array(
60	+ // 'ID' => array('ID',false),
61	+ // 'user_login' => array('user_login',false),
62	+ // 'user_email' => array('user_email',false),
63	+ // 'user_registered' => array('user_registered',false),
64	+ // 'account_status' => array('account_status',false),
65	+ );
66	+ return $sortable_columns;
67	+ }
68	+
69	+ function get_bulk_actions() {
70	+ $actions = array(
71	+ 'approve' => 'Approve',
72	+ 'delete' => 'Delete'
73	+ );
74	+ return $actions;
75	+ }
76	+
77	+ function process_bulk_action() {
78	+ if('approve'===$this->current_action())
79	+ {//Process approve bulk actions
80	+ if(!isset($_REQUEST['item']))
81	+ {
82	+ AIOWPSecurity_Admin_Menu::show_msg_error_st(__('Please select some records using the checkboxes','aiowpsecurity'));
83	+ }else
84	+ {
85	+ $this->approve_selected_accounts(($_REQUEST['item']));
86	+ }
87	+ }
88	+
89	+ if('delete'===$this->current_action())
90	+ {//Process delete bulk actions
91	+ if(!isset($_REQUEST['item']))
92	+ {
93	+ AIOWPSecurity_Admin_Menu::show_msg_error_st(__('Please select some records using the checkboxes','aiowpsecurity'));
94	+ }else
95	+ {
96	+ $this->delete_selected_accounts(($_REQUEST['item']));
97	+ }
98	+ }
99	+
100	+ }
101	+
102	+ function approve_selected_accounts($entries)
103	+ {
104	+ global $wpdb, $aio_wp_security;
105	+ $meta_key = 'aiowps_account_status';
106	+ $meta_value = 'approved'; //set account status
107	+ if (is_array($entries))
108	+ {
109	+ //Let's go through each entry and approve
110	+ foreach($entries as $user_id)
111	+ {
112	+ $result = update_user_meta($user_id, $meta_key, $meta_value);
113	+ if($result === false)
114	+ {
115	+ $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_List_Registered_Users::approve_selected_accounts() - could not approve account ID: $user_id",4);
116	+ }
117	+ }
118	+ AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The selected accounts were approved successfully!','aiowpsecurity'));
119	+ } elseif ($entries != NULL)
120	+ {
121	+ //Approve single account
122	+ $result = update_user_meta($entries, $meta_key, $meta_value);
123	+ if($result)
124	+ {
125	+ AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The selected account was approved successfully!','aiowpsecurity'));
126	+ }else if($result === false){
127	+ $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_List_Registered_Users::approve_selected_accounts() - could not approve account ID: $user_id",4);
128	+ }
129	+ }
130	+ }
131	+
132	+ function delete_selected_accounts($entries)
133	+ {
134	+ global $wpdb, $aio_wp_security;
135	+ if (is_array($entries))
136	+ {
137	+ //Let's go through each entry and delete account
138	+ foreach($entries as $user_id)
139	+ {
140	+ $result = wp_delete_user($user_id);
141	+ if($result !== true)
142	+ {
143	+ $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_List_Registered_Users::delete_selected_accounts() - could not delete account ID: $user_id",4);
144	+ }
145	+ }
146	+ AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The selected accounts were deleted successfully!','aiowpsecurity'));
147	+ } elseif ($entries != NULL)
148	+ {
149	+ //Delete single account
150	+
151	+ $result = wp_delete_user($entries);
152	+ if($result === true)
153	+ {
154	+ AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The selected account was deleted successfully!','aiowpsecurity'));
155	+ }
156	+ else
157	+ {
158	+ $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_List_Registered_Users::delete_selected_accounts() - could not delete account ID: $entries",4);
159	+ }
160	+ }
161	+ }
162	+
163	+ function prepare_items() {
164	+ //First, lets decide how many records per page to show
165	+ $per_page = 20;
166	+ $columns = $this->get_columns();
167	+ $hidden = array();
168	+ $sortable = $this->get_sortable_columns();
169	+
170	+ $this->_column_headers = array($columns, $hidden, $sortable);
171	+
172	+ $this->process_bulk_action();
173	+
174	+ global $wpdb;
175	+ global $aio_wp_security;
176	+ /* -- Ordering parameters -- */
177	+ //Parameters that are going to be used to order the result
178	+ // $orderby = !empty($_GET["orderby"]) ? mysql_real_escape_string($_GET["orderby"]) : 'user_id';
179	+ // $order = !empty($_GET["order"]) ? mysql_real_escape_string($_GET["order"]) : 'DESC';
180	+
181	+ //Get registered users which have the special 'aiowps_account_status' meta key set to 'pending'
182	+ $data = $this->get_registered_user_data('pending');
183	+
184	+ $current_page = $this->get_pagenum();
185	+ $total_items = count($data);
186	+ $data = array_slice($data,(($current_page-1)*$per_page),$per_page);
187	+ $this->items = $data;
188	+ $this->set_pagination_args( array(
189	+ 'total_items' => $total_items, //WE have to calculate the total number of items
190	+ 'per_page' => $per_page, //WE have to determine how many items to show on a page
191	+ 'total_pages' => ceil($total_items/$per_page) //WE have to calculate the total number of pages
192	+ ));
193	+ }
194	+
195	+ //Returns all users who have the special 'aiowps_account_status' meta key
196	+ function get_registered_user_data($status='')
197	+ {
198	+ $user_fields = array( 'ID', 'user_login', 'user_email', 'user_registered');
199	+ $user_query = new WP_User_Query(array('meta_key' => 'aiowps_account_status', 'meta_value' => $status, 'fields' => $user_fields));
200	+ $user_results = $user_query->results;
201	+
202	+ $final_data = array();
203	+ foreach ($user_results as $user)
204	+ {
205	+ $temp_array = get_object_vars($user); //Turn the object into array
206	+ $temp_array['account_status'] = get_user_meta($temp_array['ID'], 'aiowps_account_status', true);
207	+ $final_data[] = $temp_array;
208	+ }
209	+ return $final_data;
210	+ }
211	+ }

admin/wp-security-user-registration-menu.php ADDED Viewed

	@@ -0,0 +1,157 @@


1	+ <?php
2	+
3	+ class AIOWPSecurity_User_Registration_Menu extends AIOWPSecurity_Admin_Menu
4	+ {
5	+ var $menu_page_slug = AIOWPSEC_USER_REGISTRATION_MENU_SLUG;
6	+
7	+ /* Specify all the tabs of this menu in the following array */
8	+ var $menu_tabs = array(
9	+ 'tab1' => 'Manual Approval',
10	+ );
11	+
12	+ var $menu_tabs_handler = array(
13	+ 'tab1' => 'render_tab1',
14	+ );
15	+
16	+ function __construct()
17	+ {
18	+ $this->render_menu_page();
19	+ }
20	+
21	+ function get_current_tab()
22	+ {
23	+ $tab_keys = array_keys($this->menu_tabs);
24	+ $tab = isset( $_GET['tab'] ) ? $_GET['tab'] : $tab_keys[0];
25	+ return $tab;
26	+ }
27	+
28	+ /*
29	+ * Renders our tabs of this menu as nav items
30	+ */
31	+ function render_menu_tabs()
32	+ {
33	+ $current_tab = $this->get_current_tab();
34	+
35	+ echo '<h2 class="nav-tab-wrapper">';
36	+ foreach ( $this->menu_tabs as $tab_key => $tab_caption )
37	+ {
38	+ $active = $current_tab == $tab_key ? 'nav-tab-active' : '';
39	+ echo '<a class="nav-tab ' . $active . '" href="?page=' . $this->menu_page_slug . '&tab=' . $tab_key . '">' . $tab_caption . '</a>';
40	+ }
41	+ echo '</h2>';
42	+ }
43	+
44	+ /*
45	+ * The menu rendering goes here
46	+ */
47	+ function render_menu_page()
48	+ {
49	+ $tab = $this->get_current_tab();
50	+ ?>
51	+ <div class="wrap">
52	+ <div id="poststuff"><div id="post-body">
53	+ <?php
54	+ $this->render_menu_tabs();
55	+ //$tab_keys = array_keys($this->menu_tabs);
56	+ call_user_func(array(&$this, $this->menu_tabs_handler[$tab]));
57	+ ?>
58	+ </div></div>
59	+ </div><!-- end of wrap -->
60	+ <?php
61	+ }
62	+
63	+ function render_tab1()
64	+ {
65	+ global $aiowps_feature_mgr;
66	+ global $aio_wp_security;
67	+ include_once 'wp-security-list-registered-users.php'; //For rendering the AIOWPSecurity_List_Table
68	+ $user_list = new AIOWPSecurity_List_Registered_Users();
69	+
70	+ if(isset($_POST['aiowps_save_user_registration_settings']))//Do form submission tasks
71	+ {
72	+ $nonce=$_REQUEST['_wpnonce'];
73	+ if (!wp_verify_nonce($nonce, 'aiowpsec-user-registration-settings-nonce'))
74	+ {
75	+ $aio_wp_security->debug_logger->log_debug("Nonce check failed on save user registration settings!",4);
76	+ die("Nonce check failed on save user registration settings!");
77	+ }
78	+
79	+ //Save settings
80	+ $aio_wp_security->configs->set_value('aiowps_enable_manual_registration_approval',isset($_POST["aiowps_enable_manual_registration_approval"])?'1':'');
81	+
82	+ //Commit the config settings
83	+ $aio_wp_security->configs->save_config();
84	+
85	+ //Recalculate points after the feature status/options have been altered
86	+ $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
87	+
88	+ $this->show_msg_updated(__('Settings were successfully saved', 'aiowpsecurity'));
89	+ }
90	+
91	+ if(isset($_REQUEST['action'])) //Do list table form row action tasks
92	+ {
93	+ if($_REQUEST['action'] == 'approve_acct'){ //Delete link was clicked for a row in list table
94	+ $user_list->approve_selected_accounts(strip_tags($_REQUEST['user_id']));
95	+ }
96	+
97	+ if($_REQUEST['action'] == 'delete_acct'){ //Unlock link was clicked for a row in list table
98	+ $user_list->delete_selected_accounts(strip_tags($_REQUEST['user_id']));
99	+ }
100	+ }
101	+
102	+
103	+ ?>
104	+ <h2><?php _e('User Registration Settings', 'aiowpsecurity')?></h2>
105	+ <form action="" method="POST">
106	+ <?php wp_nonce_field('aiowpsec-user-registration-settings-nonce'); ?>
107	+ <div class="postbox">
108	+ <h3><label for="title"><?php _e('Manually Approve New Registrations', 'aiowpsecurity'); ?></label></h3>
109	+ <div class="inside">
110	+ <div class="aio_blue_box">
111	+ <?php
112	+ echo '<p>'.__('If your site allows people to create their own accounts via the WordPress registration form, then you can minimize SPAM or bogus registrations by manually approving each registration.', 'aiowpsecurity').
113	+ '<br />'.__('This feature will automatically set a newly registered account to "pending" until the administrator activates it. Therefore undesirable registrants will be unable to log in without your express approval.', 'aiowpsecurity').
114	+ '<br />'.__('You can view all accounts which have been newly registered via the handy table below and you can also perform bulk activation/deactivation/deletion tasks on each account.', 'aiowpsecurity').'</p>';
115	+ ?>
116	+ </div>
117	+ <?php
118	+ //Display security info badge
119	+ $aiowps_feature_mgr->output_feature_details_badge("manually-approve-registrations");
120	+ if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1)
121	+ {
122	+ //Hide config settings if MS and not main site
123	+ AIOWPSecurity_Utility::display_multisite_message();
124	+ }
125	+ else
126	+ {
127	+ ?>
128	+ <table class="form-table">
129	+ <tr valign="top">
130	+ <th scope="row"><?php _e('Enable manual approval of new registrations', 'aiowpsecurity')?>:</th>
131	+ <td>
132	+ <input name="aiowps_enable_manual_registration_approval" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_manual_registration_approval')=='1') echo ' checked="checked"'; ?> value="1"/>
133	+ <span class="description"><?php _e('Check this if you want to automatically disable all newly registered accounts so that you can approve them manually.', 'aiowpsecurity'); ?></span>
134	+ </td>
135	+ </tr>
136	+ </table>
137	+ <?php } //End if statement ?>
138	+ <input type="submit" name="aiowps_save_user_registration_settings" value="<?php _e('Save Settings', 'aiowpsecurity')?>" class="button-primary" />
139	+ </div></div>
140	+ </form>
141	+ <div class="postbox">
142	+ <h3><label for="title"><?php _e('Approve Registered Users', 'aiowpsecurity'); ?></label></h3>
143	+ <div class="inside">
144	+ <?php
145	+ //Fetch, prepare, sort, and filter our data...
146	+ $user_list->prepare_items();
147	+ ?>
148	+ <form id="tables-filter" method="get" onSubmit="return confirm('Are you sure you want to perform this bulk operation on the selected entries?');">
149	+ <!-- For plugins, we also need to ensure that the form posts back to our current page -->
150	+ <input type="hidden" name="page" value="<?php echo $_REQUEST['page']; ?>" />
151	+ <!-- Now we can render the completed list table -->
152	+ <?php $user_list->display(); ?>
153	+ </div></div>
154	+ <?php
155	+ }
156	+
157	+ } //end class

classes/grade-system/wp-security-feature-item-manager.php CHANGED Viewed

	@@ -44,6 +44,10 @@ class AIOWPSecurity_Feature_Item_Manager
44	//Force Logout
45	$this->feature_items[] = new AIOWPSecurity_Feature_Item("user-login-force-logout", "Force Logout", $this->feature_point_1, $this->sec_level_basic);
46




47	//Database Security Menu Features
48	//DB Prefix
49	$this->feature_items[] = new AIOWPSecurity_Feature_Item("db-security-db-prefix", "DB Prefix", $this->feature_point_2, $this->sec_level_inter);
	@@ -175,6 +179,12 @@ class AIOWPSecurity_Feature_Item_Manager
175	$this->check_force_logout_feature($item);
176	}
177






178	if($item->feature_id == "filesystem-file-permissions")
179	{
180	$this->check_filesystem_permissions_feature($item);
	@@ -364,7 +374,19 @@ class AIOWPSecurity_Feature_Item_Manager
364	$item->set_feature_status($this->feature_inactive);
365	}
366	}
367	-












368	function check_db_security_db_prefix_feature($item)
369	{
370	global $wpdb;


44	//Force Logout
45	$this->feature_items[] = new AIOWPSecurity_Feature_Item("user-login-force-logout", "Force Logout", $this->feature_point_1, $this->sec_level_basic);
46
47	+ //User Registration
48	+ //Manually approve registrations
49	+ $this->feature_items[] = new AIOWPSecurity_Feature_Item("manually-approve-registrations", "Registration Approval", $this->feature_point_4, $this->sec_level_basic);
50	+
51	//Database Security Menu Features
52	//DB Prefix
53	$this->feature_items[] = new AIOWPSecurity_Feature_Item("db-security-db-prefix", "DB Prefix", $this->feature_point_2, $this->sec_level_inter);

179	$this->check_force_logout_feature($item);
180	}
181
182	+ if($item->feature_id == "manually-approve-registrations")
183	+ {
184	+ $this->check_registration_approval_feature($item);
185	+ }
186	+
187	+
188	if($item->feature_id == "filesystem-file-permissions")
189	{
190	$this->check_filesystem_permissions_feature($item);

374	$item->set_feature_status($this->feature_inactive);
375	}
376	}
377	+
378	+ function check_registration_approval_feature($item)
379	+ {
380	+ global $aio_wp_security;
381	+ if ($aio_wp_security->configs->get_value('aiowps_enable_manual_registration_approval') == '1') {
382	+ $item->set_feature_status($this->feature_active);
383	+ }
384	+ else
385	+ {
386	+ $item->set_feature_status($this->feature_inactive);
387	+ }
388	+ }
389	+
390	function check_db_security_db_prefix_feature($item)
391	{
392	global $wpdb;

classes/wp-security-file-scan.php CHANGED Viewed

	@@ -176,7 +176,7 @@ class AIOWPSecurity_Filescan
176	$filescan_data = array();
177	$dit = new RecursiveDirectoryIterator($start_dir);
178	$rit = new RecursiveIteratorIterator(
179	- $dit, RecursiveIteratorIterator::SELF_FIRST);
180
181	$file_types_to_skip = $aio_wp_security->configs->get_value('aiowps_fcd_exclude_filetypes');
182


176	$filescan_data = array();
177	$dit = new RecursiveDirectoryIterator($start_dir);
178	$rit = new RecursiveIteratorIterator(
179	+ $dit, RecursiveIteratorIterator::SELF_FIRST, RecursiveIteratorIterator::CATCH_GET_CHILD);
180
181	$file_types_to_skip = $aio_wp_security->configs->get_value('aiowps_fcd_exclude_filetypes');
182

classes/wp-security-user-login.php CHANGED Viewed

	@@ -30,7 +30,7 @@ class AIOWPSecurity_User_Login
30	*/
31	function aiowp_auth_login($user, $username, $password)
32	{
33	- global $aio_wp_security;
34	$login_attempts_permitted = $aio_wp_security->configs->get_value('aiowps_max_login_attempts');
35
36	$user_locked = $this->check_locked_user();
	@@ -129,7 +129,17 @@ class AIOWPSecurity_User_Login
129	return new WP_Error('incorrect_password', sprintf(__('<strong>ERROR</strong>: Incorrect password. <a href="%s" title="Password Lost and Found">Lost your password</a>?', 'aiowpsecurity'), site_url('wp-login.php?action=lostpassword', 'login')));
130	}
131	}
132	-










133	$user = new WP_User($userdata->ID);
134	return $user;
135	}


30	*/
31	function aiowp_auth_login($user, $username, $password)
32	{
33	+ global $wpdb, $aio_wp_security;
34	$login_attempts_permitted = $aio_wp_security->configs->get_value('aiowps_max_login_attempts');
35
36	$user_locked = $this->check_locked_user();

129	return new WP_Error('incorrect_password', sprintf(__('<strong>ERROR</strong>: Incorrect password. <a href="%s" title="Password Lost and Found">Lost your password</a>?', 'aiowpsecurity'), site_url('wp-login.php?action=lostpassword', 'login')));
130	}
131	}
132	+
133	+ //Check if auto pending new account status feature is enabled
134	+ if ($aio_wp_security->configs->get_value('aiowps_enable_manual_registration_approval') == '1')
135	+ {
136	+ $cap_key_name = $wpdb->prefix.'capabilities';
137	+ $user_meta_info = get_user_meta($userdata->ID, 'aiowps_account_status', TRUE);
138	+ if ($user_meta_info == 'pending'){
139	+ //Return generic error message if configured
140	+ return new WP_Error('authentication_failed', __('<strong>ACCOUNT PENDING</strong>: Your account is currently not active. An administrator needs to activate your account before you can login.', 'aiowpsecurity'));
141	+ }
142	+ }
143	$user = new WP_User($userdata->ID);
144	return $user;
145	}

classes/wp-security-user-registration.php ADDED Viewed

	@@ -0,0 +1,43 @@


1	+ <?php
2	+ class AIOWPSecurity_User_Registration
3	+ {
4	+
5	+ function __construct()
6	+ {
7	+ add_action('user_register', array(&$this, 'aiowps_user_registration_action_handler'));
8	+ }
9	+
10	+
11	+ /*
12	+ * This function will add a special meta string in the users table
13	+ * Meta field name: 'aiowps_account_status'
14	+ * Meta field value: 'pending'
15	+ */
16	+ function aiowps_user_registration_action_handler($user_id)
17	+ {
18	+ global $wpdb, $aio_wp_security;
19	+ //Check if auto pending new account status feature is enabled
20	+ if ($aio_wp_security->configs->get_value('aiowps_enable_manual_registration_approval') == '1')
21	+ {
22	+ $res = add_user_meta($user_id, 'aiowps_account_status', 'pending');
23	+ if (!$res){
24	+ $aio_wp_security->debug_logger->log_debug("aiowps_user_registration_action_handler: Error adding user meta data: aiowps_account_status",4);
25	+ }
26	+ }
27	+ }
28	+
29	+ /*
30	+ * This function will set the special meta string in the usermeta table so that the account becomes active
31	+ * Meta field name: 'aiowps_account_status'
32	+ * Meta field values: 'active', 'pending', etc
33	+ */
34	+ function aiowps_set_user_account_status($user_id, $status)
35	+ {
36	+ global $wpdb, $aio_wp_security;
37	+ $res = update_user_meta($user_id, 'aiowps_account_status', $status);
38	+ if (!$res){
39	+ $aio_wp_security->debug_logger->log_debug("aiowps_set_user_account_status: Error updating user meta data: aiowps_account_status",4);
40	+ }
41	+ }
42	+
43	+ }

readme.txt CHANGED Viewed

	@@ -3,8 +3,8 @@ Contributors: Tips and Tricks HQ, wpsolutions, Peter Petreski, Ruhul Amin
3	Donate link: http://www.tipsandtricks-hq.com
4	Tags: security, secure, Anti Virus, antivirus, ban, ban hacker, virus, firewall, firewall security, login, lockdown, htaccess, hack, malware, vulnerability, protect, protection, phishing, database, backup, plugin, sql injection, ssl, restrict, login captcha
5	Requires at least: 3.5
6	- Tested up to: 3.~~6.1~~
7	- Stable tag: 2.8
8	License: GPLv3
9
10	A comprehensive, user-friendly, all in one WordPress security and firewall plugin for your site.
	@@ -50,6 +50,9 @@ via email whenever somebody gets locked out due to too many login attempts.
50	* Allows you to specify one or more IP addresses in a special whitelist. The whitelisted IP addresses will have access to your WP login page.
51	* Add captcha to WordPress Login form
52



53	= Database Security =
54	* Easily the default WP prefix to a value of your choice with the click of a button.
55	* Schedule automatic backups and email notifications or make an instant DB backup whenever you want with one click.
	@@ -142,6 +145,11 @@ None
142
143	== Changelog ==
144





145	= 2.8.1 =
146	- Improved the login captcha implementation
147	- Changed the management permission to manage_options


3	Donate link: http://www.tipsandtricks-hq.com
4	Tags: security, secure, Anti Virus, antivirus, ban, ban hacker, virus, firewall, firewall security, login, lockdown, htaccess, hack, malware, vulnerability, protect, protection, phishing, database, backup, plugin, sql injection, ssl, restrict, login captcha
5	Requires at least: 3.5
6	+ Tested up to: 3.7
7	+ Stable tag: 2.9
8	License: GPLv3
9
10	A comprehensive, user-friendly, all in one WordPress security and firewall plugin for your site.

50	* Allows you to specify one or more IP addresses in a special whitelist. The whitelisted IP addresses will have access to your WP login page.
51	* Add captcha to WordPress Login form
52
53	+ = User Registration Security =
54	+ * Enable manual approval of WordPress user accounts. If your site allows people to create their own accounts via the WordPress registration form, then you can minimize SPAM or bogus registrations by manually approving each registration.
55	+
56	= Database Security =
57	* Easily the default WP prefix to a value of your choice with the click of a button.
58	* Schedule automatic backups and email notifications or make an instant DB backup whenever you want with one click.

145
146	== Changelog ==
147
148	+ = 2.9 =
149	+ - Added new feature which automatically sets the status of newly registered wordpress user accounts to "pending" and allows manual approval by an administrator.
150	+ - Improved robustness of file change detection iteration code.
151	+ - WordPress 3.7 compatibility
152	+
153	= 2.8.1 =
154	- Improved the login captcha implementation
155	- Changed the management permission to manage_options

wp-security-core.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	if (!class_exists('AIO_WP_Security')){
4
5	class AIO_WP_Security{
6	- var $version = '2.~~8.1~~';
7	var $db_version = '1.3';
8	var $plugin_url;
9	var $plugin_path;
	@@ -12,6 +12,7 @@ class AIO_WP_Security{
12	var $debug_logger;
13	var $cron_handler;
14	var $user_login_obj;

15	var $backup_obj;
16	var $filescan_obj;
17	var $captcha_obj;
	@@ -61,6 +62,7 @@ class AIO_WP_Security{
61	define('AIOWPSEC_SETTINGS_MENU_SLUG', 'aiowpsec_settings');
62	define('AIOWPSEC_USER_ACCOUNTS_MENU_SLUG', 'aiowpsec_useracc');
63	define('AIOWPSEC_USER_LOGIN_MENU_SLUG', 'aiowpsec_userlogin');

64	define('AIOWPSEC_DB_SEC_MENU_SLUG', 'aiowpsec_database');
65	define('AIOWPSEC_FILESYSTEM_MENU_SLUG', 'aiowpsec_filesystem');
66	define('AIOWPSEC_WHOIS_MENU_SLUG', 'aiowpsec_whois');
	@@ -89,6 +91,7 @@ class AIO_WP_Security{
89	include_once('classes/wp-security-general-init-tasks.php');
90
91	include_once('classes/wp-security-user-login.php');

92	include_once('classes/wp-security-captcha.php');
93	include_once('classes/wp-security-backup.php');
94	include_once('classes/wp-security-file-scan.php');
	@@ -168,6 +171,7 @@ class AIO_WP_Security{
168
169	//Actions, filters, shortcodes goes here
170	$this->user_login_obj = new AIOWPSecurity_User_Login();//Do the user login operation tasks

171	$this->captcha_obj = new AIOWPSecurity_Captcha();//Do the captcha tasks
172	$this->backup_obj = new AIOWPSecurity_Backup();//Object to handle backup tasks
173	$this->filescan_obj = new AIOWPSecurity_Filescan();//Object to handle backup tasks


3	if (!class_exists('AIO_WP_Security')){
4
5	class AIO_WP_Security{
6	+ var $version = '2.9';
7	var $db_version = '1.3';
8	var $plugin_url;
9	var $plugin_path;

12	var $debug_logger;
13	var $cron_handler;
14	var $user_login_obj;
15	+ var $user_registration_obj;
16	var $backup_obj;
17	var $filescan_obj;
18	var $captcha_obj;

62	define('AIOWPSEC_SETTINGS_MENU_SLUG', 'aiowpsec_settings');
63	define('AIOWPSEC_USER_ACCOUNTS_MENU_SLUG', 'aiowpsec_useracc');
64	define('AIOWPSEC_USER_LOGIN_MENU_SLUG', 'aiowpsec_userlogin');
65	+ define('AIOWPSEC_USER_REGISTRATION_MENU_SLUG', 'aiowpsec_user_registration');
66	define('AIOWPSEC_DB_SEC_MENU_SLUG', 'aiowpsec_database');
67	define('AIOWPSEC_FILESYSTEM_MENU_SLUG', 'aiowpsec_filesystem');
68	define('AIOWPSEC_WHOIS_MENU_SLUG', 'aiowpsec_whois');

91	include_once('classes/wp-security-general-init-tasks.php');
92
93	include_once('classes/wp-security-user-login.php');
94	+ include_once('classes/wp-security-user-registration.php');
95	include_once('classes/wp-security-captcha.php');
96	include_once('classes/wp-security-backup.php');
97	include_once('classes/wp-security-file-scan.php');

171
172	//Actions, filters, shortcodes goes here
173	$this->user_login_obj = new AIOWPSecurity_User_Login();//Do the user login operation tasks
174	+ $this->user_registration_obj = new AIOWPSecurity_User_Registration();//Do the user login operation tasks
175	$this->captcha_obj = new AIOWPSecurity_Captcha();//Do the captcha tasks
176	$this->backup_obj = new AIOWPSecurity_Backup();//Object to handle backup tasks
177	$this->filescan_obj = new AIOWPSecurity_Filescan();//Object to handle backup tasks

wp-security.php CHANGED Viewed

	@@ -1,7 +1,7 @@
1	<?php
2	/*
3	Plugin Name: All In One WP Security
4	- Version: v2.~~8.1~~
5	Plugin URI: http://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin
6	Author: Tips and Tricks HQ, Peter, Ruhul Amin
7	Author URI: http://www.tipsandtricks-hq.com/


1	<?php
2	/*
3	Plugin Name: All In One WP Security
4	+ Version: v2.9
5	Plugin URI: http://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin
6	Author: Tips and Tricks HQ, Peter, Ruhul Amin
7	Author URI: http://www.tipsandtricks-hq.com/

All In One WP Security & Firewall - Version 2.9

Version Description

Release Info

Code changes from version 2.8.1 to 2.9