All In One WP Security & Firewall

Version Description

Fixed various captcha bugs: woocommerce lost password page, custom login form page, etc

Release Info

Developer	wpsolutions
Plugin	All In One WP Security & Firewall
Version	4.3.9.2
Comparing to
See all releases

Code changes from version 4.3.9.1 to 4.3.9.2

Files changed (10) hide show

admin/wp-security-brute-force-menu.php +29 -15
classes/grade-system/wp-security-feature-item-manager.php +17 -0
classes/wp-security-captcha.php +8 -7
classes/wp-security-configure-settings.php +2 -0
classes/wp-security-general-init-tasks.php +108 -30
classes/wp-security-user-login.php +1 -1
classes/wp-security-user-registration.php +2 -2
readme.txt +3 -0
wp-security-core.php +5 -1
wp-security.php +1 -1

admin/wp-security-brute-force-menu.php CHANGED Viewed

	@@ -531,6 +531,7 @@ class AIOWPSecurity_Brute_Force_Menu extends AIOWPSecurity_Admin_Menu
531	$aio_wp_security->configs->set_value('aiowps_enable_login_captcha',isset($_POST["aiowps_enable_login_captcha"])?'1':'');
532	$aio_wp_security->configs->set_value('aiowps_enable_woo_login_captcha',isset($_POST["aiowps_enable_woo_login_captcha"])?'1':'');
533	$aio_wp_security->configs->set_value('aiowps_enable_woo_register_captcha',isset($_POST["aiowps_enable_woo_register_captcha"])?'1':'');

534	$aio_wp_security->configs->set_value('aiowps_enable_custom_login_captcha',isset($_POST["aiowps_enable_custom_login_captcha"])?'1':'');
535	$aio_wp_security->configs->set_value('aiowps_enable_lost_password_captcha',isset($_POST["aiowps_enable_lost_password_captcha"])?'1':'');
536
	@@ -613,6 +614,25 @@ class AIOWPSecurity_Brute_Force_Menu extends AIOWPSecurity_Admin_Menu
613	</td>
614	</tr>
615	</table>



















616	</div></div>
617	<div class="postbox">
618	<h3 class="hndle"><label for="title"><?php _e('Custom Login Form Captcha Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
	@@ -651,33 +671,27 @@ class AIOWPSecurity_Brute_Force_Menu extends AIOWPSecurity_Admin_Menu
651	</table>
652	<hr>
653	<?php
654	- $aiowps_feature_mgr->output_feature_details_badge("woo-~~register~~-captcha");
655	?>
656	<table class="form-table">
657	<tr valign="top">
658	- <th scope="row"><?php _e('Enable Captcha On Woocommerce ~~Registration~~ Form', 'all-in-one-wp-security-and-firewall')?>:</th>
659	<td>
660	- <input name="~~aiowps_enable_woo_register_captcha~~" type="checkbox"<?php if($aio_wp_security->configs->get_value('~~aiowps_enable_woo_register_captcha~~')=='1') echo ' checked="checked"'; ?> value="1"/>
661	- <span class="description"><?php _e('Check this if you want to insert captcha on a Woocommerce ~~registration~~ form', 'all-in-one-wp-security-and-firewall'); ?></span>
662	</td>
663	</tr>
664	</table>
665	- ~~</div></div~~>
666	- <div class="postbox">
667	- <h3 class="hndle"><label for="title"><?php _e('Lost Password Form Captcha Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
668	- <div class="inside">
669	<?php
670	- ~~//Display security info badge~~
671	- global $aiowps_feature_mgr;
672	- $aiowps_feature_mgr->output_feature_details_badge("lost-password-captcha");
673	?>
674	-
675	<table class="form-table">
676	<tr valign="top">
677	- <th scope="row"><?php _e('Enable Captcha On ~~Lost~~ ~~Password~~ ~~Page~~', 'all-in-one-wp-security-and-firewall')?>:</th>
678	<td>
679	- <input name="~~aiowps_enable_lost_password_captcha~~" type="checkbox"<?php if($aio_wp_security->configs->get_value('~~aiowps_enable_lost_password_captcha~~')=='1') echo ' checked="checked"'; ?> value="1"/>
680	- <span class="description"><?php _e('Check this if you want to insert a captcha ~~form~~ on ~~the~~ ~~lost~~ ~~password~~ ~~page~~', 'all-in-one-wp-security-and-firewall'); ?></span>
681	</td>
682	</tr>
683	</table>


531	$aio_wp_security->configs->set_value('aiowps_enable_login_captcha',isset($_POST["aiowps_enable_login_captcha"])?'1':'');
532	$aio_wp_security->configs->set_value('aiowps_enable_woo_login_captcha',isset($_POST["aiowps_enable_woo_login_captcha"])?'1':'');
533	$aio_wp_security->configs->set_value('aiowps_enable_woo_register_captcha',isset($_POST["aiowps_enable_woo_register_captcha"])?'1':'');
534	+ $aio_wp_security->configs->set_value('aiowps_enable_woo_lostpassword_captcha',isset($_POST["aiowps_enable_woo_lostpassword_captcha"])?'1':'');
535	$aio_wp_security->configs->set_value('aiowps_enable_custom_login_captcha',isset($_POST["aiowps_enable_custom_login_captcha"])?'1':'');
536	$aio_wp_security->configs->set_value('aiowps_enable_lost_password_captcha',isset($_POST["aiowps_enable_lost_password_captcha"])?'1':'');
537

614	</td>
615	</tr>
616	</table>
617	+ </div></div>
618	+ <div class="postbox">
619	+ <h3 class="hndle"><label for="title"><?php _e('Lost Password Form Captcha Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
620	+ <div class="inside">
621	+ <?php
622	+ //Display security info badge
623	+ global $aiowps_feature_mgr;
624	+ $aiowps_feature_mgr->output_feature_details_badge("lost-password-captcha");
625	+ ?>
626	+
627	+ <table class="form-table">
628	+ <tr valign="top">
629	+ <th scope="row"><?php _e('Enable Captcha On Lost Password Page', 'all-in-one-wp-security-and-firewall')?>:</th>
630	+ <td>
631	+ <input name="aiowps_enable_lost_password_captcha" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_lost_password_captcha')=='1') echo ' checked="checked"'; ?> value="1"/>
632	+ <span class="description"><?php _e('Check this if you want to insert a captcha form on the lost password page', 'all-in-one-wp-security-and-firewall'); ?></span>
633	+ </td>
634	+ </tr>
635	+ </table>
636	</div></div>
637	<div class="postbox">
638	<h3 class="hndle"><label for="title"><?php _e('Custom Login Form Captcha Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>

671	</table>
672	<hr>
673	<?php
674	+ $aiowps_feature_mgr->output_feature_details_badge("woo-lostpassword-captcha");
675	?>
676	<table class="form-table">
677	<tr valign="top">
678	+ <th scope="row"><?php _e('Enable Captcha On Woocommerce Lost Password Form', 'all-in-one-wp-security-and-firewall')?>:</th>
679	<td>
680	+ <input name="aiowps_enable_woo_lostpassword_captcha" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_woo_lostpassword_captcha')=='1') echo ' checked="checked"'; ?> value="1"/>
681	+ <span class="description"><?php _e('Check this if you want to insert captcha on a Woocommerce lost password form', 'all-in-one-wp-security-and-firewall'); ?></span>
682	</td>
683	</tr>
684	</table>
685	+ <hr>



686	<?php
687	+ $aiowps_feature_mgr->output_feature_details_badge("woo-register-captcha");


688	?>

689	<table class="form-table">
690	<tr valign="top">
691	+ <th scope="row"><?php _e('Enable Captcha On Woocommerce Registration Form', 'all-in-one-wp-security-and-firewall')?>:</th>
692	<td>
693	+ <input name="aiowps_enable_woo_register_captcha" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_woo_register_captcha')=='1') echo ' checked="checked"'; ?> value="1"/>
694	+ <span class="description"><?php _e('Check this if you want to insert captcha on a Woocommerce registration form', 'all-in-one-wp-security-and-firewall'); ?></span>
695	</td>
696	</tr>
697	</table>

classes/grade-system/wp-security-feature-item-manager.php CHANGED Viewed

	@@ -44,6 +44,7 @@ class AIOWPSecurity_Feature_Item_Manager
44	$this->feature_items[] = new AIOWPSecurity_Feature_Item("user-login-captcha", __("Login Captcha", "all-in-one-wp-security-and-firewall"), $this->feature_point_4, $this->sec_level_basic);
45	$this->feature_items[] = new AIOWPSecurity_Feature_Item("custom-login-captcha", __("Custom Login Captcha", "all-in-one-wp-security-and-firewall"), $this->feature_point_4, $this->sec_level_basic);
46	$this->feature_items[] = new AIOWPSecurity_Feature_Item("woo-login-captcha", __("Woo Login Captcha", "all-in-one-wp-security-and-firewall"), $this->feature_point_2, $this->sec_level_basic);

47	$this->feature_items[] = new AIOWPSecurity_Feature_Item("woo-register-captcha", __("Woo Register Captcha", "all-in-one-wp-security-and-firewall"), $this->feature_point_2, $this->sec_level_basic);
48	//Lost Password Captcha
49	$this->feature_items[] = new AIOWPSecurity_Feature_Item("lost-password-captcha", __("Lost Password Captcha", "all-in-one-wp-security-and-firewall"), $this->feature_point_2, $this->sec_level_basic);
	@@ -203,6 +204,10 @@ class AIOWPSecurity_Feature_Item_Manager
203	{
204	$this->check_woo_login_captcha_feature($item);
205	}




206	if($item->feature_id == "woo-register-captcha")
207	{
208	$this->check_woo_register_captcha_feature($item);
	@@ -458,6 +463,18 @@ class AIOWPSecurity_Feature_Item_Manager
458	}
459	}
460












461	function check_woo_register_captcha_feature($item)
462	{
463	global $aio_wp_security;


44	$this->feature_items[] = new AIOWPSecurity_Feature_Item("user-login-captcha", __("Login Captcha", "all-in-one-wp-security-and-firewall"), $this->feature_point_4, $this->sec_level_basic);
45	$this->feature_items[] = new AIOWPSecurity_Feature_Item("custom-login-captcha", __("Custom Login Captcha", "all-in-one-wp-security-and-firewall"), $this->feature_point_4, $this->sec_level_basic);
46	$this->feature_items[] = new AIOWPSecurity_Feature_Item("woo-login-captcha", __("Woo Login Captcha", "all-in-one-wp-security-and-firewall"), $this->feature_point_2, $this->sec_level_basic);
47	+ $this->feature_items[] = new AIOWPSecurity_Feature_Item("woo-lostpassword-captcha", __("Woo Lost Password Captcha", "all-in-one-wp-security-and-firewall"), $this->feature_point_2, $this->sec_level_basic);
48	$this->feature_items[] = new AIOWPSecurity_Feature_Item("woo-register-captcha", __("Woo Register Captcha", "all-in-one-wp-security-and-firewall"), $this->feature_point_2, $this->sec_level_basic);
49	//Lost Password Captcha
50	$this->feature_items[] = new AIOWPSecurity_Feature_Item("lost-password-captcha", __("Lost Password Captcha", "all-in-one-wp-security-and-firewall"), $this->feature_point_2, $this->sec_level_basic);

204	{
205	$this->check_woo_login_captcha_feature($item);
206	}
207	+ if($item->feature_id == "woo-lostpassword-captcha")
208	+ {
209	+ $this->check_woo_lostpassword_captcha_feature($item);
210	+ }
211	if($item->feature_id == "woo-register-captcha")
212	{
213	$this->check_woo_register_captcha_feature($item);

463	}
464	}
465
466	+ function check_woo_lostpassword_captcha_feature($item)
467	+ {
468	+ global $aio_wp_security;
469	+ if ($aio_wp_security->configs->get_value('aiowps_enable_woo_lostpassword_captcha') == '1') {
470	+ $item->set_feature_status($this->feature_active);
471	+ }
472	+ else
473	+ {
474	+ $item->set_feature_status($this->feature_inactive);
475	+ }
476	+ }
477	+
478	function check_woo_register_captcha_feature($item)
479	{
480	global $aio_wp_security;

classes/wp-security-captcha.php CHANGED Viewed

	@@ -146,14 +146,15 @@ class AIOWPSecurity_Captcha
146
147
148	/**
149	- * ~~Will~~ ~~return~~ ~~TRUE~~ ~~if there is correct answer~~ or if ~~there~~ is ~~no captcha.~~
150	- * Returns ~~FALSE~~ on ~~wrong~~ ~~captcha result~~.

151	* @global type $aio_wp_security
152	* @return boolean
153	*/
154	- function ~~maybe_verify_captcha~~ () {
155	global $aio_wp_security;
156	- if($aio_wp_security->configs->get_value('~~aiowps_enable_login_captcha') && $aio_wp_security->configs->get_value('~~aiowps_default_recaptcha')){
157	//Google reCaptcha enabled
158	if (array_key_exists('g-recaptcha-response', $_POST)) {
159	$g_recaptcha_response = isset($_POST['g-recaptcha-response'])?sanitize_text_field($_POST['g-recaptcha-response']):'';
	@@ -162,11 +163,11 @@ class AIOWPSecurity_Captcha
162	return false; // wrong answer was entered
163	}
164	}else {
165	- //no captcha ~~form~~ ~~data~~ ~~submitted~~
166	return false;
167	}
168	}else if($aio_wp_security->configs->get_value('aiowps_enable_login_captcha')) {
169	- // ~~this means basic~~ math captcha is enabled
170	if (array_key_exists('aiowps-captcha-answer', $_POST)) {
171	$captcha_answer = isset($_POST['aiowps-captcha-answer'])?sanitize_text_field($_POST['aiowps-captcha-answer']):'';
172
	@@ -175,7 +176,7 @@ class AIOWPSecurity_Captcha
175	return false; // wrong answer was entered
176	}
177	} else {
178	- //no captcha ~~form~~ ~~data~~ ~~submitted~~
179	return false;
180	}
181	}


146
147
148	/**
149	+ * Verifies the math or Google recaptcha v2 forms
150	+ * Returns TRUE if correct answer.
151	+ * Returns FALSE on wrong captcha result or missing data.
152	* @global type $aio_wp_security
153	* @return boolean
154	*/
155	+ function verify_captcha_submit () {
156	global $aio_wp_security;
157	+ if($aio_wp_security->configs->get_value('aiowps_default_recaptcha')){
158	//Google reCaptcha enabled
159	if (array_key_exists('g-recaptcha-response', $_POST)) {
160	$g_recaptcha_response = isset($_POST['g-recaptcha-response'])?sanitize_text_field($_POST['g-recaptcha-response']):'';

163	return false; // wrong answer was entered
164	}
165	}else {
166	+ // Expected captcha field in $_POST but got none!
167	return false;
168	}
169	}else if($aio_wp_security->configs->get_value('aiowps_enable_login_captcha')) {
170	+ // math captcha is enabled
171	if (array_key_exists('aiowps-captcha-answer', $_POST)) {
172	$captcha_answer = isset($_POST['aiowps-captcha-answer'])?sanitize_text_field($_POST['aiowps-captcha-answer']):'';
173

176	return false; // wrong answer was entered
177	}
178	} else {
179	+ // Expected captcha field in $_POST but got none!
180	return false;
181	}
182	}

classes/wp-security-configure-settings.php CHANGED Viewed

	@@ -47,6 +47,7 @@ class AIOWPSecurity_Configure_Settings
47	$aio_wp_security->configs->set_value('aiowps_enable_login_captcha','');//Checkbox
48	$aio_wp_security->configs->set_value('aiowps_enable_custom_login_captcha','');//Checkbox
49	$aio_wp_security->configs->set_value('aiowps_enable_woo_login_captcha','');//Checkbox

50	$aio_wp_security->configs->set_value('aiowps_enable_woo_register_captcha','');//Checkbox
51	$aio_wp_security->configs->set_value('aiowps_enable_lost_password_captcha','');//Checkbox
52	$aio_wp_security->configs->set_value('aiowps_captcha_secret_key',AIOWPSecurity_Utility::generate_alpha_numeric_random_string(20));//Hidden secret value which will be used to do some captcha processing. This will be assigned a random string generated when captcha settings saved
	@@ -203,6 +204,7 @@ class AIOWPSecurity_Configure_Settings
203	$aio_wp_security->configs->add_value('aiowps_enable_custom_login_captcha','');//Checkbox
204	$aio_wp_security->configs->add_value('aiowps_enable_woo_login_captcha','');//Checkbox
205	$aio_wp_security->configs->add_value('aiowps_enable_woo_register_captcha','');//Checkbox

206	$aio_wp_security->configs->add_value('aiowps_captcha_secret_key',AIOWPSecurity_Utility::generate_alpha_numeric_random_string(20));//Hidden secret value which will be used to do some captcha processing. This will be assigned a random string generated when captcha settings saved
207
208	//User registration


47	$aio_wp_security->configs->set_value('aiowps_enable_login_captcha','');//Checkbox
48	$aio_wp_security->configs->set_value('aiowps_enable_custom_login_captcha','');//Checkbox
49	$aio_wp_security->configs->set_value('aiowps_enable_woo_login_captcha','');//Checkbox
50	+ $aio_wp_security->configs->set_value('aiowps_enable_woo_lostpassword_captcha','');//Checkbox
51	$aio_wp_security->configs->set_value('aiowps_enable_woo_register_captcha','');//Checkbox
52	$aio_wp_security->configs->set_value('aiowps_enable_lost_password_captcha','');//Checkbox
53	$aio_wp_security->configs->set_value('aiowps_captcha_secret_key',AIOWPSecurity_Utility::generate_alpha_numeric_random_string(20));//Hidden secret value which will be used to do some captcha processing. This will be assigned a random string generated when captcha settings saved

204	$aio_wp_security->configs->add_value('aiowps_enable_custom_login_captcha','');//Checkbox
205	$aio_wp_security->configs->add_value('aiowps_enable_woo_login_captcha','');//Checkbox
206	$aio_wp_security->configs->add_value('aiowps_enable_woo_register_captcha','');//Checkbox
207	+ $aio_wp_security->configs->add_value('aiowps_enable_woo_lostpassword_captcha','');//Checkbox
208	$aio_wp_security->configs->add_value('aiowps_captcha_secret_key',AIOWPSecurity_Utility::generate_alpha_numeric_random_string(20));//Hidden secret value which will be used to do some captcha processing. This will be assigned a random string generated when captcha settings saved
209
210	//User registration

classes/wp-security-general-init-tasks.php CHANGED Viewed

	@@ -120,21 +120,44 @@ class AIOWPSecurity_General_Init_Tasks
120	}
121
122	//For woo form captcha features
123	- $~~woo_captcha_enabled~~ = false;
124	if($aio_wp_security->configs->get_value('aiowps_enable_woo_login_captcha') == '1' &&
125	!is_user_logged_in()) {
126	- $~~woo_captcha_enabled~~ = true;
127	add_action('woocommerce_login_form', array(&$this, 'insert_captcha_question_form'));
128	}
129

130	if($aio_wp_security->configs->get_value('aiowps_enable_woo_register_captcha') == '1' &&
131	!is_user_logged_in()) {
132	- $~~woo_captcha_enabled~~ = true;
133	add_action('woocommerce_register_form', array(&$this, 'insert_captcha_question_form'));
134	}
135
136	- ~~if(~~$~~woo_captcha_enabled){~~
137	- ~~add_filter~~('~~woocommerce_process_login_errors~~', ~~array(&$this,~~ '~~aiowps_validate_woo_login_with_captcha~~'), ~~10, 3);~~






















138	}
139
140	//For bbpress new topic form captcha
	@@ -187,7 +210,6 @@ class AIOWPSecurity_General_Init_Tasks
187	add_action('signup_extra_fields', array(&$this, 'insert_captcha_question_form_multi'));
188	//add_action('preprocess_signup_form', array(&$this, 'process_signup_form_multi'));
189	add_filter( 'wpmu_validate_user_signup', array(&$this, 'process_signup_form_multi') );
190	-
191	}
192	}
193	restore_current_blog();
	@@ -199,11 +221,12 @@ class AIOWPSecurity_General_Init_Tasks
199	}
200	}
201
202	- //For comment captcha feature
203	if (AIOWPSecurity_Utility::is_multisite_install()){
204	$blog_id = get_current_blog_id();
205	switch_to_blog($blog_id);
206	- if($aio_wp_security->configs->get_value('aiowps_enable_comment_captcha') == '1'){

207	if (!is_user_logged_in()) {
208	if($aio_wp_security->configs->get_value('aiowps_default_recaptcha')) {
209	add_action('wp_head', array(&$this, 'add_recaptcha_script'));
	@@ -215,7 +238,8 @@ class AIOWPSecurity_General_Init_Tasks
215	}
216	restore_current_blog();
217	}else{
218	- if($aio_wp_security->configs->get_value('aiowps_enable_comment_captcha') == '1'){

219	if (!is_user_logged_in()) {
220	if($aio_wp_security->configs->get_value('aiowps_default_recaptcha')) {
221	add_action('wp_head', array(&$this, 'add_recaptcha_script'));
	@@ -415,16 +439,30 @@ class AIOWPSecurity_General_Init_Tasks
415	}
416	}
417







418	function insert_captcha_custom_login($cust_html_code, $args)
419	{
420	global $aio_wp_security;
421	- $~~cap_form = '<p class="aiowps-captcha"><label>'.__~~('~~Please enter an answer in digits:~~'~~,'all-in-one-wp-security-and-firewall'~~)~~.'</label>';~~
422	- $~~cap_form~~ .= '~~<div~~ ~~class="aiowps-captcha-equation"><strong>'~~;
423	- $~~maths_question_output~~ = ~~$aio_wp_security->captcha_obj->generate_maths_question()~~;
424	- $~~cap_form~~ .= $~~maths_question_output . '</strong></div></p>'~~;
425	-
426	- ~~$cust_html_code~~ .= ~~$cap_form;~~
427	- ~~return~~ ~~$cust_html_code~~;







428	}
429
430	function insert_captcha_question_form_multi($error)
	@@ -437,7 +475,7 @@ class AIOWPSecurity_General_Init_Tasks
437	{
438	global $aio_wp_security;
439	//Check if captcha enabled
440	- $verify_captcha = $aio_wp_security->captcha_obj->~~maybe_verify_captcha~~();
441	if ( $verify_captcha === false ) {
442	// wrong answer was entered
443	$result['errors']->add('generic', __('<strong>ERROR</strong>: Your answer was incorrect - please try again.', 'all-in-one-wp-security-and-firewall'));
	@@ -455,7 +493,7 @@ class AIOWPSecurity_General_Init_Tasks
455	// For this case we use the "explicit" recaptcha display
456	$calling_hook = current_filter();
457	$site_key = esc_html( $aio_wp_security->configs->get_value('aiowps_recaptcha_site_key') );
458	- if ( $calling_hook == 'woocommerce_login_form' ) {
459	echo '<div class="g-recaptcha-wrap" style="padding:10px 0 10px 0"><div id="woo_recaptcha_1" class="g-recaptcha" data-sitekey="'.$site_key.'"></div></div>';
460	return;
461	}
	@@ -498,7 +536,7 @@ class AIOWPSecurity_General_Init_Tasks
498	return $comment;
499	}
500
501	- $verify_captcha = $aio_wp_security->captcha_obj->~~maybe_verify_captcha~~();
502	if($verify_captcha === false) {
503	//Wrong answer
504	wp_die( __('Error: You entered an incorrect CAPTCHA answer. Please go back and try again.', 'all-in-one-wp-security-and-firewall'));
	@@ -507,13 +545,21 @@ class AIOWPSecurity_General_Init_Tasks
507	}
508	}
509




510	function process_lost_password_form_post()
511	{
512	global $aio_wp_security;
513
514	- ~~$verify_captcha~~ = ~~$aio_wp_security->captcha_obj->maybe_verify_captcha();~~
515	- if ( ~~$verify_captcha~~ ~~===~~ ~~false~~ ) {
516	- ~~add_filter~~('~~allow_password_reset~~', ~~array(&$this, 'add_lostpassword_captcha_error_msg'~~));




517	}
518	}
519
	@@ -536,7 +582,7 @@ class AIOWPSecurity_General_Init_Tasks
536	{
537	global $bp, $aio_wp_security;
538	//Check captcha if required
539	- $verify_captcha = $aio_wp_security->captcha_obj->~~maybe_verify_captcha~~();
540	if($verify_captcha === false) {
541	// wrong answer was entered
542	$bp->signup->errors['aiowps-captcha-answer'] = __('Your CAPTCHA answer was incorrect - please try again.', 'all-in-one-wp-security-and-firewall');
	@@ -546,16 +592,13 @@ class AIOWPSecurity_General_Init_Tasks
546
547	function aiowps_validate_woo_login_with_captcha( $errors, $username, $password ) {
548	global $aio_wp_security;
549	-
550	$locked = $aio_wp_security->user_login_obj->check_locked_user();
551	- if($locked ~~== null~~){
552	- ~~//user~~ is ~~not~~ locked ~~continue~~
553	- } else {
554	- $errors->add('authentication_failed', __('<strong>ERROR</strong>: You are not allowed to register because your IP address is currently locked!', 'all-in-one-wp-security-and-firewall'));
555	return $errors;
556	}
557	- $verify_captcha = $aio_wp_security->captcha_obj->maybe_verify_captcha();
558

559	if($verify_captcha === false) {
560	// wrong answer was entered
561	$errors->add('authentication_failed', __('<strong>ERROR</strong>: Your answer was incorrect - please try again.', 'all-in-one-wp-security-and-firewall'));
	@@ -564,6 +607,23 @@ class AIOWPSecurity_General_Init_Tasks
564
565	}
566

















567	/**
568	* Displays a notice message if the plugin was reactivated after being initially deactivated
569	* Gives users option of re-applying the aiowps rules which were deleted from the .htaccess after deactivation.
	@@ -610,8 +670,26 @@ class AIOWPSecurity_General_Init_Tasks
610	}
611	}
612





613	function add_recaptcha_script()
614	{
615	- ~~wp_enqueue_script(~~ ~~'google-~~recaptcha', ~~'https://www.google.com/recaptcha/~~api~~.js',~~ ~~false~~ );













616	}
617	}


120	}
121
122	//For woo form captcha features
123	+ $woo_login_captcha_enabled = false;
124	if($aio_wp_security->configs->get_value('aiowps_enable_woo_login_captcha') == '1' &&
125	!is_user_logged_in()) {
126	+ $woo_login_captcha_enabled = true;
127	add_action('woocommerce_login_form', array(&$this, 'insert_captcha_question_form'));
128	}
129
130	+ $woo_register_captcha_enabled = false;
131	if($aio_wp_security->configs->get_value('aiowps_enable_woo_register_captcha') == '1' &&
132	!is_user_logged_in()) {
133	+ $woo_register_captcha_enabled = true;
134	add_action('woocommerce_register_form', array(&$this, 'insert_captcha_question_form'));
135	}
136
137	+ $woo_lostpassword_captcha_enabled = false;
138	+ if($aio_wp_security->configs->get_value('aiowps_enable_woo_lostpassword_captcha') == '1' &&
139	+ !is_user_logged_in()) {
140	+ $woo_lostpassword_captcha_enabled = true;
141	+ add_action('woocommerce_lostpassword_form', array(&$this, 'insert_captcha_question_form'));
142	+ }
143	+
144	+
145	+ if($woo_login_captcha_enabled){
146	+ if(isset($_POST['woocommerce-login-nonce'])) {
147	+ add_filter('woocommerce_process_login_errors', array(&$this, 'aiowps_validate_woo_login_with_captcha'), 10, 3);
148	+ }
149	+ }
150	+
151	+ if($woo_register_captcha_enabled){
152	+ if(isset($_POST['woocommerce-register-nonce'])) {
153	+ add_filter('woocommerce_process_registration_errors', array(&$this, 'aiowps_validate_woo_login_with_captcha'), 10, 3);
154	+ }
155	+ }
156	+
157	+ if($woo_lostpassword_captcha_enabled){
158	+ if(isset($_POST['woocommerce-lost-password-nonce'])) {
159	+ add_action('lostpassword_post', array(&$this, 'process_woo_lost_password_form_post'));
160	+ }
161	}
162
163	//For bbpress new topic form captcha

210	add_action('signup_extra_fields', array(&$this, 'insert_captcha_question_form_multi'));
211	//add_action('preprocess_signup_form', array(&$this, 'process_signup_form_multi'));
212	add_filter( 'wpmu_validate_user_signup', array(&$this, 'process_signup_form_multi') );

213	}
214	}
215	restore_current_blog();

221	}
222	}
223
224	+ //For comment captcha feature or custom login form captcha
225	if (AIOWPSecurity_Utility::is_multisite_install()){
226	$blog_id = get_current_blog_id();
227	switch_to_blog($blog_id);
228	+ if($aio_wp_security->configs->get_value('aiowps_enable_comment_captcha') == '1' \|\|
229	+ $aio_wp_security->configs->get_value('aiowps_enable_custom_login_captcha') == '1'){
230	if (!is_user_logged_in()) {
231	if($aio_wp_security->configs->get_value('aiowps_default_recaptcha')) {
232	add_action('wp_head', array(&$this, 'add_recaptcha_script'));

238	}
239	restore_current_blog();
240	}else{
241	+ if($aio_wp_security->configs->get_value('aiowps_enable_comment_captcha') == '1' \|\|
242	+ $aio_wp_security->configs->get_value('aiowps_enable_custom_login_captcha') == '1'){
243	if (!is_user_logged_in()) {
244	if($aio_wp_security->configs->get_value('aiowps_default_recaptcha')) {
245	add_action('wp_head', array(&$this, 'add_recaptcha_script'));

439	}
440	}
441
442	+ /**
443	+ * Renders captcha on form produced by the wp_login_form() function, ie, custom wp login form
444	+ * @global type $aio_wp_security
445	+ * @param type $cust_html_code
446	+ * @param type $args
447	+ * @return string
448	+ */
449	function insert_captcha_custom_login($cust_html_code, $args)
450	{
451	global $aio_wp_security;
452	+ if($aio_wp_security->configs->get_value('aiowps_default_recaptcha')) {
453	+ $site_key = esc_html( $aio_wp_security->configs->get_value('aiowps_recaptcha_site_key') );
454	+ $cap_form = '<div class="g-recaptcha-wrap" style="padding:10px 0 10px 0"><div class="g-recaptcha" data-sitekey="'.$site_key.'"></div></div>';
455	+ $cust_html_code .= $cap_form;
456	+ return $cust_html_code;
457	+ } else {
458	+ $cap_form = '<p class="aiowps-captcha"><label>'.__('Please enter an answer in digits:','all-in-one-wp-security-and-firewall').'</label>';
459	+ $cap_form .= '<div class="aiowps-captcha-equation"><strong>';
460	+ $maths_question_output = $aio_wp_security->captcha_obj->generate_maths_question();
461	+ $cap_form .= $maths_question_output . '</strong></div></p>';
462	+
463	+ $cust_html_code .= $cap_form;
464	+ return $cust_html_code;
465	+ }
466	}
467
468	function insert_captcha_question_form_multi($error)

475	{
476	global $aio_wp_security;
477	//Check if captcha enabled
478	+ $verify_captcha = $aio_wp_security->captcha_obj->verify_captcha_submit();
479	if ( $verify_captcha === false ) {
480	// wrong answer was entered
481	$result['errors']->add('generic', __('<strong>ERROR</strong>: Your answer was incorrect - please try again.', 'all-in-one-wp-security-and-firewall'));

493	// For this case we use the "explicit" recaptcha display
494	$calling_hook = current_filter();
495	$site_key = esc_html( $aio_wp_security->configs->get_value('aiowps_recaptcha_site_key') );
496	+ if ( $calling_hook == 'woocommerce_login_form' \|\| $calling_hook == 'woocommerce_lostpassword_form') {
497	echo '<div class="g-recaptcha-wrap" style="padding:10px 0 10px 0"><div id="woo_recaptcha_1" class="g-recaptcha" data-sitekey="'.$site_key.'"></div></div>';
498	return;
499	}

536	return $comment;
537	}
538
539	+ $verify_captcha = $aio_wp_security->captcha_obj->verify_captcha_submit();
540	if($verify_captcha === false) {
541	//Wrong answer
542	wp_die( __('Error: You entered an incorrect CAPTCHA answer. Please go back and try again.', 'all-in-one-wp-security-and-firewall'));

545	}
546	}
547
548	+ /**
549	+ * Process the main Wordpress account lost password login form post
550	+ * Called by wp hook "lostpassword_post"
551	+ */
552	function process_lost_password_form_post()
553	{
554	global $aio_wp_security;
555
556	+ // Workaround - the woocommerce lost password form also uses the same "lostpassword_post" hook.
557	+ // We don't want to process woo forms here so ignore if this is a woo lost password $_POST
558	+ if (!array_key_exists('woocommerce-lost-password-nonce', $_POST)) {
559	+ $verify_captcha = $aio_wp_security->captcha_obj->verify_captcha_submit();
560	+ if ( $verify_captcha === false ) {
561	+ add_filter('allow_password_reset', array(&$this, 'add_lostpassword_captcha_error_msg'));
562	+ }
563	}
564	}
565

582	{
583	global $bp, $aio_wp_security;
584	//Check captcha if required
585	+ $verify_captcha = $aio_wp_security->captcha_obj->verify_captcha_submit();
586	if($verify_captcha === false) {
587	// wrong answer was entered
588	$bp->signup->errors['aiowps-captcha-answer'] = __('Your CAPTCHA answer was incorrect - please try again.', 'all-in-one-wp-security-and-firewall');

592
593	function aiowps_validate_woo_login_with_captcha( $errors, $username, $password ) {
594	global $aio_wp_security;

595	$locked = $aio_wp_security->user_login_obj->check_locked_user();
596	+ if(!empty($locked)){
597	+ $errors->add('authentication_failed', __('<strong>ERROR</strong>: Your IP address is currently locked please contact the administrator!', 'all-in-one-wp-security-and-firewall'));


598	return $errors;
599	}

600
601	+ $verify_captcha = $aio_wp_security->captcha_obj->verify_captcha_submit();
602	if($verify_captcha === false) {
603	// wrong answer was entered
604	$errors->add('authentication_failed', __('<strong>ERROR</strong>: Your answer was incorrect - please try again.', 'all-in-one-wp-security-and-firewall'));

607
608	}
609
610	+ /**
611	+ * Process the woocommerce lost password login form post
612	+ * Called by wp hook "lostpassword_post"
613	+ */
614	+ function process_woo_lost_password_form_post()
615	+ {
616	+ global $aio_wp_security;
617	+
618	+ if(isset($_POST['woocommerce-lost-password-nonce'])) {
619	+ $verify_captcha = $aio_wp_security->captcha_obj->verify_captcha_submit();
620	+ if ( $verify_captcha === false ) {
621	+ add_filter('allow_password_reset', array(&$this, 'add_lostpassword_captcha_error_msg'));
622	+ }
623	+ }
624	+ }
625	+
626	+
627	/**
628	* Displays a notice message if the plugin was reactivated after being initially deactivated
629	* Gives users option of re-applying the aiowps rules which were deleted from the .htaccess after deactivation.

670	}
671	}
672
673	+ /**
674	+ * Enqueues the Google recaptcha api URL in the wp_head for general pages
675	+ * Caters for scenarios when recaptcha used on wp comments or custom wp login form
676	+ *
677	+ */
678	function add_recaptcha_script()
679	{
680	+ // Enqueue the recaptcha api url
681	+
682	+ // Do NOT enqueue if this is the main woocommerce account login page because for woocommerce page we "explicitly" render the recaptcha widget
683	+ $is_woo = false;
684	+
685	+ if ( function_exists('is_account_page') ) {
686	+ // Check if this a woocommerce account page
687	+ $is_woo = is_account_page();
688	+ }
689	+
690	+ if ( empty( $is_woo ) ) {
691	+ //only enqueue when not a woocommerce page
692	+ wp_enqueue_script( 'google-recaptcha', 'https://www.google.com/recaptcha/api.js', false );
693	+ }
694	}
695	}

classes/wp-security-user-login.php CHANGED Viewed

	@@ -79,7 +79,7 @@ class AIOWPSecurity_User_Login
79	return $user;
80	}
81	$captcha_error = new WP_Error('authentication_failed', __('<strong>ERROR</strong>: Your answer was incorrect - please try again.', 'all-in-one-wp-security-and-firewall'));
82	- $verify_captcha = $aio_wp_security->captcha_obj->~~maybe_verify_captcha~~();
83	if ( $verify_captcha === false ) {
84	return $captcha_error;
85	}


79	return $user;
80	}
81	$captcha_error = new WP_Error('authentication_failed', __('<strong>ERROR</strong>: Your answer was incorrect - please try again.', 'all-in-one-wp-security-and-firewall'));
82	+ $verify_captcha = $aio_wp_security->captcha_obj->verify_captcha_submit();
83	if ( $verify_captcha === false ) {
84	return $captcha_error;
85	}

classes/wp-security-user-registration.php CHANGED Viewed

	@@ -69,7 +69,7 @@ class AIOWPSecurity_User_Registration
69	$errors->add('authentication_failed', __('<strong>ERROR</strong>: You are not allowed to register because your IP address is currently locked!', 'all-in-one-wp-security-and-firewall'));
70	return $errors;
71	}
72	- $verify_captcha = $aio_wp_security->captcha_obj->~~maybe_verify_captcha~~();
73	if($verify_captcha === false)
74	{
75	// wrong answer was entered
	@@ -89,7 +89,7 @@ class AIOWPSecurity_User_Registration
89	}else{
90	$errors->add('authentication_failed', __('<strong>ERROR</strong>: You are not allowed to register because your IP address is currently locked!', 'all-in-one-wp-security-and-firewall'));
91	}
92	- $verify_captcha = $aio_wp_security->captcha_obj->~~maybe_verify_captcha~~();
93
94	if($verify_captcha === false)
95	{


69	$errors->add('authentication_failed', __('<strong>ERROR</strong>: You are not allowed to register because your IP address is currently locked!', 'all-in-one-wp-security-and-firewall'));
70	return $errors;
71	}
72	+ $verify_captcha = $aio_wp_security->captcha_obj->verify_captcha_submit();
73	if($verify_captcha === false)
74	{
75	// wrong answer was entered

89	}else{
90	$errors->add('authentication_failed', __('<strong>ERROR</strong>: You are not allowed to register because your IP address is currently locked!', 'all-in-one-wp-security-and-firewall'));
91	}
92	+ $verify_captcha = $aio_wp_security->captcha_obj->verify_captcha_submit();
93
94	if($verify_captcha === false)
95	{

readme.txt CHANGED Viewed

	@@ -186,6 +186,9 @@ https://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin
186	None
187
188	== Changelog ==



189	= 4.3.9.1 =
190	- Fixed rename login page feature bug introduced after WP core change in version 5.2.
191


186	None
187
188	== Changelog ==
189	+ = 4.3.9.2 =
190	+ - Fixed various captcha bugs: woocommerce lost password page, custom login form page, etc
191	+
192	= 4.3.9.1 =
193	- Fixed rename login page feature bug introduced after WP core change in version 5.2.
194

wp-security-core.php CHANGED Viewed

	@@ -7,7 +7,7 @@ if ( !defined('ABSPATH') ) {
7	if (!class_exists('AIO_WP_Security')){
8
9	class AIO_WP_Security{
10	- var $version = '4.3.9.1';
11	var $db_version = '1.9';
12	var $plugin_url;
13	var $plugin_path;
	@@ -219,6 +219,10 @@ class AIO_WP_Security{
219	new AIOWPSecurity_WP_Loaded_Tasks();
220	}
221




222	function aiowps_login_enqueue()
223	{
224	global $aio_wp_security;


7	if (!class_exists('AIO_WP_Security')){
8
9	class AIO_WP_Security{
10	+ var $version = '4.3.9.2';
11	var $db_version = '1.9';
12	var $plugin_url;
13	var $plugin_path;

219	new AIOWPSecurity_WP_Loaded_Tasks();
220	}
221
222	+ /**
223	+ * Enqueues the Google recaptcha v2 api URL for the standard WP login page
224	+ * @global type $aio_wp_security
225	+ */
226	function aiowps_login_enqueue()
227	{
228	global $aio_wp_security;

wp-security.php CHANGED Viewed

	@@ -1,7 +1,7 @@
1	<?php
2	/*
3	Plugin Name: All In One WP Security
4	- Version: 4.3.9.1
5	Plugin URI: https://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin
6	Author: Tips and Tricks HQ, Peter Petreski, Ruhul, Ivy
7	Author URI: https://www.tipsandtricks-hq.com/


1	<?php
2	/*
3	Plugin Name: All In One WP Security
4	+ Version: 4.3.9.2
5	Plugin URI: https://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin
6	Author: Tips and Tricks HQ, Peter Petreski, Ruhul, Ivy
7	Author URI: https://www.tipsandtricks-hq.com/

All In One WP Security & Firewall - Version 4.3.9.2

Version Description

Release Info

Code changes from version 4.3.9.1 to 4.3.9.2