Version Description
Fixed the issue with backslashes in usernames.
Download this release
Release Info
| Developer | wpchefgadget |
| Plugin |  Limit Login Attempts Reloaded |
| Version | 2.6.2 |
| Comparing to | |
| See all releases | |
Code changes from version 2.6.1 to 2.6.2
- core/LimitLoginAttempts.php +59 -59
- limit-login-attempts-reloaded.php +1 -1
- readme.txt +5 -2
core/LimitLoginAttempts.php
CHANGED
|
@@ -66,7 +66,7 @@ class Limit_Login_Attempts
|
|
| 66 |
add_filter( 'limit_login_blacklist_ip', array( $this, 'check_blacklist_ips' ), 10, 2 );
|
| 67 |
add_filter( 'limit_login_blacklist_usernames', array( $this, 'check_blacklist_usernames' ), 10, 2 );
|
| 68 |
}
|
| 69 |
-
|
| 70 |
/**
|
| 71 |
* Hook 'plugins_loaded'
|
| 72 |
*/
|
|
@@ -77,13 +77,13 @@ class Limit_Login_Attempts
|
|
| 77 |
|
| 78 |
// Check if installed old plugin
|
| 79 |
$this->check_original_installed();
|
| 80 |
-
|
| 81 |
if ( is_multisite() )
|
| 82 |
require_once ABSPATH.'wp-admin/includes/plugin.php';
|
| 83 |
-
|
| 84 |
$this->network_mode = is_multisite() && is_plugin_active_for_network('limit-login-attempts-reloaded/limit-login-attempts-reloaded.php');
|
| 85 |
-
|
| 86 |
-
|
| 87 |
if ( $this->network_mode )
|
| 88 |
{
|
| 89 |
$this->allow_local_options = get_site_option( 'limit_login_allow_local_options', false );
|
|
@@ -94,7 +94,7 @@ class Limit_Login_Attempts
|
|
| 94 |
$this->allow_local_options = true;
|
| 95 |
$this->use_local_options = true;
|
| 96 |
}
|
| 97 |
-
|
| 98 |
|
| 99 |
// Setup default plugin options
|
| 100 |
//$this->sanitize_options();
|
|
@@ -105,10 +105,10 @@ class Limit_Login_Attempts
|
|
| 105 |
add_filter( 'shake_error_codes', array( $this, 'failure_shake' ) );
|
| 106 |
add_action( 'login_head', array( $this, 'add_error_message' ) );
|
| 107 |
add_action( 'login_errors', array( $this, 'fixup_error_messages' ) );
|
| 108 |
-
|
| 109 |
if ( $this->network_mode )
|
| 110 |
add_action( 'network_admin_menu', array( $this, 'network_admin_menu' ) );
|
| 111 |
-
|
| 112 |
if ( $this->allow_local_options )
|
| 113 |
add_action( 'admin_menu', array( $this, 'admin_menu' ) );
|
| 114 |
|
|
@@ -125,18 +125,18 @@ class Limit_Login_Attempts
|
|
| 125 |
*/
|
| 126 |
add_action( 'wp_authenticate', array( $this, 'track_credentials' ), 10, 2 );
|
| 127 |
add_action( 'authenticate', array( $this, 'authenticate_filter' ), 5, 3 );
|
| 128 |
-
|
| 129 |
if ( defined('XMLRPC_REQUEST') && XMLRPC_REQUEST )
|
| 130 |
add_action( 'init', array( $this, 'check_xmlrpc_lock' ) );
|
| 131 |
-
|
| 132 |
add_action('wp_ajax_limit-login-unlock', array( $this, 'ajax_unlock' ) );
|
| 133 |
}
|
| 134 |
-
|
| 135 |
public function check_xmlrpc_lock()
|
| 136 |
{
|
| 137 |
if ( is_user_logged_in() || $this->is_ip_whitelisted() )
|
| 138 |
return;
|
| 139 |
-
|
| 140 |
if ( $this->is_ip_blacklisted() || !$this->is_limit_login_ok() )
|
| 141 |
{
|
| 142 |
header('HTTP/1.0 403 Forbidden');
|
|
@@ -159,7 +159,7 @@ class Limit_Login_Attempts
|
|
| 159 |
public function check_blacklist_usernames( $allow, $username ) {
|
| 160 |
return in_array( $username, (array) $this->get_option( 'blacklist_usernames' ) );
|
| 161 |
}
|
| 162 |
-
|
| 163 |
public function ip_in_range( $ip, $list )
|
| 164 |
{
|
| 165 |
foreach ( $list as $range )
|
|
@@ -175,19 +175,19 @@ class Limit_Login_Attempts
|
|
| 175 |
$low = ip2long( $range[0] );
|
| 176 |
$high = ip2long( $range[1] );
|
| 177 |
$ip = ip2long( $ip );
|
| 178 |
-
|
| 179 |
if ( $low === false || $high === false || $ip === false )
|
| 180 |
continue;
|
| 181 |
-
|
| 182 |
$low = (float)sprintf("%u",$low);
|
| 183 |
$high = (float)sprintf("%u",$high);
|
| 184 |
$ip = (float)sprintf("%u",$ip);
|
| 185 |
-
|
| 186 |
if ( $ip >= $low && $ip <= $high )
|
| 187 |
return true;
|
| 188 |
}
|
| 189 |
}
|
| 190 |
-
|
| 191 |
return false;
|
| 192 |
}
|
| 193 |
|
|
@@ -326,7 +326,7 @@ class Limit_Login_Attempts
|
|
| 326 |
{
|
| 327 |
add_submenu_page( 'settings.php', 'Limit Login Attempts', 'Limit Login Attempts', 'manage_options', $this->_options_page_slug, array( $this, 'options_page' ) );
|
| 328 |
}
|
| 329 |
-
|
| 330 |
public function admin_menu()
|
| 331 |
{
|
| 332 |
add_options_page( 'Limit Login Attempts', 'Limit Login Attempts', 'manage_options', $this->_options_page_slug, array( $this, 'options_page' ) );
|
|
@@ -341,7 +341,7 @@ class Limit_Login_Attempts
|
|
| 341 |
{
|
| 342 |
if ( is_network_admin() )
|
| 343 |
return network_admin_url( 'settings.php?page=limit-login-attempts' );
|
| 344 |
-
|
| 345 |
return menu_page_url( $this->_options_page_slug, false );
|
| 346 |
}
|
| 347 |
|
|
@@ -352,43 +352,43 @@ class Limit_Login_Attempts
|
|
| 352 |
*
|
| 353 |
* @return null
|
| 354 |
*/
|
| 355 |
-
public function get_option( $option_name, $local = null )
|
| 356 |
{
|
| 357 |
if ( is_null( $local ) )
|
| 358 |
$local = $this->use_local_options;
|
| 359 |
-
|
| 360 |
$option = 'limit_login_'.$option_name;
|
| 361 |
-
|
| 362 |
$func = $local ? 'get_option' : 'get_site_option';
|
| 363 |
$value = $func( $option, null );
|
| 364 |
-
|
| 365 |
if ( is_null( $value ) && isset( $this->default_options[ $option_name ] ) )
|
| 366 |
$value = $this->default_options[ $option_name ];
|
| 367 |
-
|
| 368 |
return $value;
|
| 369 |
}
|
| 370 |
-
|
| 371 |
public function update_option( $option_name, $value, $local = null )
|
| 372 |
{
|
| 373 |
if ( is_null( $local ) )
|
| 374 |
$local = $this->use_local_options;
|
| 375 |
-
|
| 376 |
$option = 'limit_login_'.$option_name;
|
| 377 |
-
|
| 378 |
$func = $local ? 'update_option' : 'update_site_option';
|
| 379 |
-
|
| 380 |
return $func( $option, $value );
|
| 381 |
}
|
| 382 |
-
|
| 383 |
public function add_option( $option_name, $value, $local=null )
|
| 384 |
{
|
| 385 |
if ( is_null( $local ) )
|
| 386 |
$local = $this->use_local_options;
|
| 387 |
-
|
| 388 |
$option = 'limit_login_'.$option_name;
|
| 389 |
-
|
| 390 |
$func = $local ? 'add_option' : 'add_site_option';
|
| 391 |
-
|
| 392 |
return $func( $option, $value, '', 'no' );
|
| 393 |
}
|
| 394 |
|
|
@@ -406,11 +406,11 @@ class Limit_Login_Attempts
|
|
| 406 |
}
|
| 407 |
if ( $this->get_option('notify_email_after') > $this->get_option( 'allowed_lockouts' ) )
|
| 408 |
$this->update_option( 'notify_email_after', $this->get_option( 'allowed_lockouts' ) );
|
| 409 |
-
|
| 410 |
$args = explode( ',', $this->get_option( 'lockout_notify' ) );
|
| 411 |
$args_allowed = explode( ',', LLA_LOCKOUT_NOTIFY_ALLOWED );
|
| 412 |
$new_args = array_intersect( $args, $args_allowed );
|
| 413 |
-
|
| 414 |
$this->update_option( 'lockout_notify', implode( ',', $new_args ) );
|
| 415 |
|
| 416 |
$ctype = $this->get_option( 'client_type' );
|
|
@@ -633,7 +633,7 @@ class Limit_Login_Attempts
|
|
| 633 |
//var_dump( $blogname, $subject ); exit;
|
| 634 |
@wp_mail( $admin_email, $subject, $message );
|
| 635 |
}
|
| 636 |
-
|
| 637 |
/**
|
| 638 |
* Logging of lockout (if configured)
|
| 639 |
*
|
|
@@ -656,15 +656,15 @@ class Limit_Login_Attempts
|
|
| 656 |
/* can be written much simpler, if you do not mind php warnings */
|
| 657 |
if ( !isset( $log[ $ip ] ) )
|
| 658 |
$log[ $ip ] = array();
|
| 659 |
-
|
| 660 |
if ( !isset( $log[ $ip ][ $user_login ] ) )
|
| 661 |
$log[ $ip ][ $user_login ] = array( 'counter' => 0 );
|
| 662 |
-
|
| 663 |
elseif ( !is_array( $log[ $ip ][ $user_login ] ) )
|
| 664 |
-
$log[ $ip ][ $user_login ] = array(
|
| 665 |
'counter' => $log[ $ip ][ $user_login ],
|
| 666 |
);
|
| 667 |
-
|
| 668 |
$log[ $ip ][ $user_login ]['counter']++;
|
| 669 |
$log[ $ip ][ $user_login ]['date'] = time();
|
| 670 |
|
|
@@ -1062,14 +1062,14 @@ class Limit_Login_Attempts
|
|
| 1062 |
public function options_page() {
|
| 1063 |
$this->use_local_options = !is_network_admin();
|
| 1064 |
$this->cleanup();
|
| 1065 |
-
|
| 1066 |
if( !empty( $_POST ) )
|
| 1067 |
{
|
| 1068 |
check_admin_referer( 'limit-login-attempts-options' );
|
| 1069 |
-
|
| 1070 |
if ( is_network_admin() )
|
| 1071 |
$this->update_option( 'allow_local_options', !empty($_POST['allow_local_options']) );
|
| 1072 |
-
|
| 1073 |
elseif ( $this->network_mode )
|
| 1074 |
$this->update_option( 'use_local_options', empty($_POST['use_global_options']) );
|
| 1075 |
|
|
@@ -1104,7 +1104,7 @@ class Limit_Login_Attempts
|
|
| 1104 |
$this->update_option('long_duration', (int)$_POST['long_duration'] * 3600 );
|
| 1105 |
$this->update_option('notify_email_after', (int)$_POST['email_after'] );
|
| 1106 |
|
| 1107 |
-
$white_list_ips = ( !empty( $_POST['lla_whitelist_ips'] ) ) ? explode("\n", str_replace("\r", "", $_POST['lla_whitelist_ips'] ) ) : array();
|
| 1108 |
|
| 1109 |
if( !empty( $white_list_ips ) ) {
|
| 1110 |
foreach( $white_list_ips as $key => $ip ) {
|
|
@@ -1115,7 +1115,7 @@ class Limit_Login_Attempts
|
|
| 1115 |
}
|
| 1116 |
$this->update_option('whitelist', $white_list_ips );
|
| 1117 |
|
| 1118 |
-
$white_list_usernames = ( !empty( $_POST['lla_whitelist_usernames'] ) ) ? explode("\n", str_replace("\r", "", $_POST['lla_whitelist_usernames'] ) ) : array();
|
| 1119 |
|
| 1120 |
if( !empty( $white_list_usernames ) ) {
|
| 1121 |
foreach( $white_list_usernames as $key => $ip ) {
|
|
@@ -1126,7 +1126,7 @@ class Limit_Login_Attempts
|
|
| 1126 |
}
|
| 1127 |
$this->update_option('whitelist_usernames', $white_list_usernames );
|
| 1128 |
|
| 1129 |
-
$black_list_ips = ( !empty( $_POST['lla_blacklist_ips'] ) ) ? explode("\n", str_replace("\r", "", $_POST['lla_blacklist_ips'] ) ) : array();
|
| 1130 |
|
| 1131 |
if( !empty( $black_list_ips ) ) {
|
| 1132 |
foreach( $black_list_ips as $key => $ip ) {
|
|
@@ -1136,8 +1136,8 @@ class Limit_Login_Attempts
|
|
| 1136 |
}
|
| 1137 |
}
|
| 1138 |
$this->update_option('blacklist', $black_list_ips );
|
| 1139 |
-
|
| 1140 |
-
$black_list_usernames = ( !empty( $_POST['lla_blacklist_usernames'] ) ) ? explode("\n", str_replace("\r", "", $_POST['lla_blacklist_usernames'] ) ) : array();
|
| 1141 |
|
| 1142 |
if( !empty( $black_list_usernames ) ) {
|
| 1143 |
foreach( $black_list_usernames as $key => $ip ) {
|
|
@@ -1147,7 +1147,7 @@ class Limit_Login_Attempts
|
|
| 1147 |
}
|
| 1148 |
}
|
| 1149 |
$this->update_option('blacklist_usernames', $black_list_usernames );
|
| 1150 |
-
|
| 1151 |
$notify_methods = array();
|
| 1152 |
if( isset( $_POST[ 'lockout_notify_log' ] ) ) {
|
| 1153 |
$notify_methods[] = 'log';
|
|
@@ -1156,44 +1156,44 @@ class Limit_Login_Attempts
|
|
| 1156 |
$notify_methods[] = 'email';
|
| 1157 |
}
|
| 1158 |
$this->update_option('lockout_notify', implode( ',', $notify_methods ) );
|
| 1159 |
-
|
| 1160 |
$this->sanitize_options();
|
| 1161 |
-
|
| 1162 |
$this->show_error( __( 'Options saved.', 'limit-login-attempts-reloaded' ) );
|
| 1163 |
}
|
| 1164 |
}
|
| 1165 |
-
|
| 1166 |
include_once( LLA_PLUGIN_DIR . '/views/options-page.php' );
|
| 1167 |
}
|
| 1168 |
-
|
| 1169 |
public function ajax_unlock()
|
| 1170 |
{
|
| 1171 |
check_ajax_referer('limit-login-unlock', 'sec');
|
| 1172 |
$ip = (string)@$_POST['ip'];
|
| 1173 |
-
|
| 1174 |
$lockouts = (array)$this->get_option('lockouts');
|
| 1175 |
-
|
| 1176 |
if ( isset( $lockouts[ $ip ] ) )
|
| 1177 |
{
|
| 1178 |
unset( $lockouts[ $ip ] );
|
| 1179 |
$this->update_option( 'lockouts', $lockouts );
|
| 1180 |
}
|
| 1181 |
-
|
| 1182 |
//save to log
|
| 1183 |
$user_login = @(string)$_POST['username'];
|
| 1184 |
$log = $this->get_option( 'logged' );
|
| 1185 |
-
|
| 1186 |
if ( @$log[ $ip ][ $user_login ] )
|
| 1187 |
{
|
| 1188 |
if ( !is_array( $log[ $ip ][ $user_login ] ) )
|
| 1189 |
-
$log[ $ip ][ $user_login ] = array(
|
| 1190 |
'counter' => $log[ $ip ][ $user_login ],
|
| 1191 |
);
|
| 1192 |
$log[ $ip ][ $user_login ]['unlocked'] = true;
|
| 1193 |
-
|
| 1194 |
$this->update_option( 'logged', $log );
|
| 1195 |
}
|
| 1196 |
-
|
| 1197 |
header('Content-Type: application/json');
|
| 1198 |
echo 'true';
|
| 1199 |
exit;
|
| 66 |
add_filter( 'limit_login_blacklist_ip', array( $this, 'check_blacklist_ips' ), 10, 2 );
|
| 67 |
add_filter( 'limit_login_blacklist_usernames', array( $this, 'check_blacklist_usernames' ), 10, 2 );
|
| 68 |
}
|
| 69 |
+
|
| 70 |
/**
|
| 71 |
* Hook 'plugins_loaded'
|
| 72 |
*/
|
| 77 |
|
| 78 |
// Check if installed old plugin
|
| 79 |
$this->check_original_installed();
|
| 80 |
+
|
| 81 |
if ( is_multisite() )
|
| 82 |
require_once ABSPATH.'wp-admin/includes/plugin.php';
|
| 83 |
+
|
| 84 |
$this->network_mode = is_multisite() && is_plugin_active_for_network('limit-login-attempts-reloaded/limit-login-attempts-reloaded.php');
|
| 85 |
+
|
| 86 |
+
|
| 87 |
if ( $this->network_mode )
|
| 88 |
{
|
| 89 |
$this->allow_local_options = get_site_option( 'limit_login_allow_local_options', false );
|
| 94 |
$this->allow_local_options = true;
|
| 95 |
$this->use_local_options = true;
|
| 96 |
}
|
| 97 |
+
|
| 98 |
|
| 99 |
// Setup default plugin options
|
| 100 |
//$this->sanitize_options();
|
| 105 |
add_filter( 'shake_error_codes', array( $this, 'failure_shake' ) );
|
| 106 |
add_action( 'login_head', array( $this, 'add_error_message' ) );
|
| 107 |
add_action( 'login_errors', array( $this, 'fixup_error_messages' ) );
|
| 108 |
+
|
| 109 |
if ( $this->network_mode )
|
| 110 |
add_action( 'network_admin_menu', array( $this, 'network_admin_menu' ) );
|
| 111 |
+
|
| 112 |
if ( $this->allow_local_options )
|
| 113 |
add_action( 'admin_menu', array( $this, 'admin_menu' ) );
|
| 114 |
|
| 125 |
*/
|
| 126 |
add_action( 'wp_authenticate', array( $this, 'track_credentials' ), 10, 2 );
|
| 127 |
add_action( 'authenticate', array( $this, 'authenticate_filter' ), 5, 3 );
|
| 128 |
+
|
| 129 |
if ( defined('XMLRPC_REQUEST') && XMLRPC_REQUEST )
|
| 130 |
add_action( 'init', array( $this, 'check_xmlrpc_lock' ) );
|
| 131 |
+
|
| 132 |
add_action('wp_ajax_limit-login-unlock', array( $this, 'ajax_unlock' ) );
|
| 133 |
}
|
| 134 |
+
|
| 135 |
public function check_xmlrpc_lock()
|
| 136 |
{
|
| 137 |
if ( is_user_logged_in() || $this->is_ip_whitelisted() )
|
| 138 |
return;
|
| 139 |
+
|
| 140 |
if ( $this->is_ip_blacklisted() || !$this->is_limit_login_ok() )
|
| 141 |
{
|
| 142 |
header('HTTP/1.0 403 Forbidden');
|
| 159 |
public function check_blacklist_usernames( $allow, $username ) {
|
| 160 |
return in_array( $username, (array) $this->get_option( 'blacklist_usernames' ) );
|
| 161 |
}
|
| 162 |
+
|
| 163 |
public function ip_in_range( $ip, $list )
|
| 164 |
{
|
| 165 |
foreach ( $list as $range )
|
| 175 |
$low = ip2long( $range[0] );
|
| 176 |
$high = ip2long( $range[1] );
|
| 177 |
$ip = ip2long( $ip );
|
| 178 |
+
|
| 179 |
if ( $low === false || $high === false || $ip === false )
|
| 180 |
continue;
|
| 181 |
+
|
| 182 |
$low = (float)sprintf("%u",$low);
|
| 183 |
$high = (float)sprintf("%u",$high);
|
| 184 |
$ip = (float)sprintf("%u",$ip);
|
| 185 |
+
|
| 186 |
if ( $ip >= $low && $ip <= $high )
|
| 187 |
return true;
|
| 188 |
}
|
| 189 |
}
|
| 190 |
+
|
| 191 |
return false;
|
| 192 |
}
|
| 193 |
|
| 326 |
{
|
| 327 |
add_submenu_page( 'settings.php', 'Limit Login Attempts', 'Limit Login Attempts', 'manage_options', $this->_options_page_slug, array( $this, 'options_page' ) );
|
| 328 |
}
|
| 329 |
+
|
| 330 |
public function admin_menu()
|
| 331 |
{
|
| 332 |
add_options_page( 'Limit Login Attempts', 'Limit Login Attempts', 'manage_options', $this->_options_page_slug, array( $this, 'options_page' ) );
|
| 341 |
{
|
| 342 |
if ( is_network_admin() )
|
| 343 |
return network_admin_url( 'settings.php?page=limit-login-attempts' );
|
| 344 |
+
|
| 345 |
return menu_page_url( $this->_options_page_slug, false );
|
| 346 |
}
|
| 347 |
|
| 352 |
*
|
| 353 |
* @return null
|
| 354 |
*/
|
| 355 |
+
public function get_option( $option_name, $local = null )
|
| 356 |
{
|
| 357 |
if ( is_null( $local ) )
|
| 358 |
$local = $this->use_local_options;
|
| 359 |
+
|
| 360 |
$option = 'limit_login_'.$option_name;
|
| 361 |
+
|
| 362 |
$func = $local ? 'get_option' : 'get_site_option';
|
| 363 |
$value = $func( $option, null );
|
| 364 |
+
|
| 365 |
if ( is_null( $value ) && isset( $this->default_options[ $option_name ] ) )
|
| 366 |
$value = $this->default_options[ $option_name ];
|
| 367 |
+
|
| 368 |
return $value;
|
| 369 |
}
|
| 370 |
+
|
| 371 |
public function update_option( $option_name, $value, $local = null )
|
| 372 |
{
|
| 373 |
if ( is_null( $local ) )
|
| 374 |
$local = $this->use_local_options;
|
| 375 |
+
|
| 376 |
$option = 'limit_login_'.$option_name;
|
| 377 |
+
|
| 378 |
$func = $local ? 'update_option' : 'update_site_option';
|
| 379 |
+
|
| 380 |
return $func( $option, $value );
|
| 381 |
}
|
| 382 |
+
|
| 383 |
public function add_option( $option_name, $value, $local=null )
|
| 384 |
{
|
| 385 |
if ( is_null( $local ) )
|
| 386 |
$local = $this->use_local_options;
|
| 387 |
+
|
| 388 |
$option = 'limit_login_'.$option_name;
|
| 389 |
+
|
| 390 |
$func = $local ? 'add_option' : 'add_site_option';
|
| 391 |
+
|
| 392 |
return $func( $option, $value, '', 'no' );
|
| 393 |
}
|
| 394 |
|
| 406 |
}
|
| 407 |
if ( $this->get_option('notify_email_after') > $this->get_option( 'allowed_lockouts' ) )
|
| 408 |
$this->update_option( 'notify_email_after', $this->get_option( 'allowed_lockouts' ) );
|
| 409 |
+
|
| 410 |
$args = explode( ',', $this->get_option( 'lockout_notify' ) );
|
| 411 |
$args_allowed = explode( ',', LLA_LOCKOUT_NOTIFY_ALLOWED );
|
| 412 |
$new_args = array_intersect( $args, $args_allowed );
|
| 413 |
+
|
| 414 |
$this->update_option( 'lockout_notify', implode( ',', $new_args ) );
|
| 415 |
|
| 416 |
$ctype = $this->get_option( 'client_type' );
|
| 633 |
//var_dump( $blogname, $subject ); exit;
|
| 634 |
@wp_mail( $admin_email, $subject, $message );
|
| 635 |
}
|
| 636 |
+
|
| 637 |
/**
|
| 638 |
* Logging of lockout (if configured)
|
| 639 |
*
|
| 656 |
/* can be written much simpler, if you do not mind php warnings */
|
| 657 |
if ( !isset( $log[ $ip ] ) )
|
| 658 |
$log[ $ip ] = array();
|
| 659 |
+
|
| 660 |
if ( !isset( $log[ $ip ][ $user_login ] ) )
|
| 661 |
$log[ $ip ][ $user_login ] = array( 'counter' => 0 );
|
| 662 |
+
|
| 663 |
elseif ( !is_array( $log[ $ip ][ $user_login ] ) )
|
| 664 |
+
$log[ $ip ][ $user_login ] = array(
|
| 665 |
'counter' => $log[ $ip ][ $user_login ],
|
| 666 |
);
|
| 667 |
+
|
| 668 |
$log[ $ip ][ $user_login ]['counter']++;
|
| 669 |
$log[ $ip ][ $user_login ]['date'] = time();
|
| 670 |
|
| 1062 |
public function options_page() {
|
| 1063 |
$this->use_local_options = !is_network_admin();
|
| 1064 |
$this->cleanup();
|
| 1065 |
+
|
| 1066 |
if( !empty( $_POST ) )
|
| 1067 |
{
|
| 1068 |
check_admin_referer( 'limit-login-attempts-options' );
|
| 1069 |
+
|
| 1070 |
if ( is_network_admin() )
|
| 1071 |
$this->update_option( 'allow_local_options', !empty($_POST['allow_local_options']) );
|
| 1072 |
+
|
| 1073 |
elseif ( $this->network_mode )
|
| 1074 |
$this->update_option( 'use_local_options', empty($_POST['use_global_options']) );
|
| 1075 |
|
| 1104 |
$this->update_option('long_duration', (int)$_POST['long_duration'] * 3600 );
|
| 1105 |
$this->update_option('notify_email_after', (int)$_POST['email_after'] );
|
| 1106 |
|
| 1107 |
+
$white_list_ips = ( !empty( $_POST['lla_whitelist_ips'] ) ) ? explode("\n", str_replace("\r", "", stripslashes($_POST['lla_whitelist_ips']) ) ) : array();
|
| 1108 |
|
| 1109 |
if( !empty( $white_list_ips ) ) {
|
| 1110 |
foreach( $white_list_ips as $key => $ip ) {
|
| 1115 |
}
|
| 1116 |
$this->update_option('whitelist', $white_list_ips );
|
| 1117 |
|
| 1118 |
+
$white_list_usernames = ( !empty( $_POST['lla_whitelist_usernames'] ) ) ? explode("\n", str_replace("\r", "", stripslashes($_POST['lla_whitelist_usernames']) ) ) : array();
|
| 1119 |
|
| 1120 |
if( !empty( $white_list_usernames ) ) {
|
| 1121 |
foreach( $white_list_usernames as $key => $ip ) {
|
| 1126 |
}
|
| 1127 |
$this->update_option('whitelist_usernames', $white_list_usernames );
|
| 1128 |
|
| 1129 |
+
$black_list_ips = ( !empty( $_POST['lla_blacklist_ips'] ) ) ? explode("\n", str_replace("\r", "", stripslashes($_POST['lla_blacklist_ips']) ) ) : array();
|
| 1130 |
|
| 1131 |
if( !empty( $black_list_ips ) ) {
|
| 1132 |
foreach( $black_list_ips as $key => $ip ) {
|
| 1136 |
}
|
| 1137 |
}
|
| 1138 |
$this->update_option('blacklist', $black_list_ips );
|
| 1139 |
+
|
| 1140 |
+
$black_list_usernames = ( !empty( $_POST['lla_blacklist_usernames'] ) ) ? explode("\n", str_replace("\r", "", stripslashes($_POST['lla_blacklist_usernames']) ) ) : array();
|
| 1141 |
|
| 1142 |
if( !empty( $black_list_usernames ) ) {
|
| 1143 |
foreach( $black_list_usernames as $key => $ip ) {
|
| 1147 |
}
|
| 1148 |
}
|
| 1149 |
$this->update_option('blacklist_usernames', $black_list_usernames );
|
| 1150 |
+
|
| 1151 |
$notify_methods = array();
|
| 1152 |
if( isset( $_POST[ 'lockout_notify_log' ] ) ) {
|
| 1153 |
$notify_methods[] = 'log';
|
| 1156 |
$notify_methods[] = 'email';
|
| 1157 |
}
|
| 1158 |
$this->update_option('lockout_notify', implode( ',', $notify_methods ) );
|
| 1159 |
+
|
| 1160 |
$this->sanitize_options();
|
| 1161 |
+
|
| 1162 |
$this->show_error( __( 'Options saved.', 'limit-login-attempts-reloaded' ) );
|
| 1163 |
}
|
| 1164 |
}
|
| 1165 |
+
|
| 1166 |
include_once( LLA_PLUGIN_DIR . '/views/options-page.php' );
|
| 1167 |
}
|
| 1168 |
+
|
| 1169 |
public function ajax_unlock()
|
| 1170 |
{
|
| 1171 |
check_ajax_referer('limit-login-unlock', 'sec');
|
| 1172 |
$ip = (string)@$_POST['ip'];
|
| 1173 |
+
|
| 1174 |
$lockouts = (array)$this->get_option('lockouts');
|
| 1175 |
+
|
| 1176 |
if ( isset( $lockouts[ $ip ] ) )
|
| 1177 |
{
|
| 1178 |
unset( $lockouts[ $ip ] );
|
| 1179 |
$this->update_option( 'lockouts', $lockouts );
|
| 1180 |
}
|
| 1181 |
+
|
| 1182 |
//save to log
|
| 1183 |
$user_login = @(string)$_POST['username'];
|
| 1184 |
$log = $this->get_option( 'logged' );
|
| 1185 |
+
|
| 1186 |
if ( @$log[ $ip ][ $user_login ] )
|
| 1187 |
{
|
| 1188 |
if ( !is_array( $log[ $ip ][ $user_login ] ) )
|
| 1189 |
+
$log[ $ip ][ $user_login ] = array(
|
| 1190 |
'counter' => $log[ $ip ][ $user_login ],
|
| 1191 |
);
|
| 1192 |
$log[ $ip ][ $user_login ]['unlocked'] = true;
|
| 1193 |
+
|
| 1194 |
$this->update_option( 'logged', $log );
|
| 1195 |
}
|
| 1196 |
+
|
| 1197 |
header('Content-Type: application/json');
|
| 1198 |
echo 'true';
|
| 1199 |
exit;
|
limit-login-attempts-reloaded.php
CHANGED
|
@@ -4,7 +4,7 @@
|
|
| 4 |
Description: Limit the rate of login attempts, including by way of cookies and for each IP address.
|
| 5 |
Author: wpchefgadget
|
| 6 |
Text Domain: limit-login-attempts-reloaded
|
| 7 |
-
Version: 2.6.
|
| 8 |
|
| 9 |
Copyright 2008 - 2012 Johan Eenfeldt, 2016 - 2017 WPChef
|
| 10 |
|
| 4 |
Description: Limit the rate of login attempts, including by way of cookies and for each IP address.
|
| 5 |
Author: wpchefgadget
|
| 6 |
Text Domain: limit-login-attempts-reloaded
|
| 7 |
+
Version: 2.6.2
|
| 8 |
|
| 9 |
Copyright 2008 - 2012 Johan Eenfeldt, 2016 - 2017 WPChef
|
| 10 |
|
readme.txt
CHANGED
|
@@ -2,8 +2,8 @@
|
|
| 2 |
Contributors: wpchefgadget
|
| 3 |
Tags: login, security, authentication, Limit Login Attempts, Limit Login Attempts Reloaded, Limit Login Attempts Revamped, Limit Login Attempts Renovated, Limit Login Attempts Updated, Better Limit Login Attempts, Limit Login Attempts Renewed, Limit Login Attempts Upgraded
|
| 4 |
Requires at least: 3.0
|
| 5 |
-
Tested up to: 4.
|
| 6 |
-
Stable tag: 2.6.
|
| 7 |
|
| 8 |
Reloaded version of the original Limit Login Attempts plugin for Login Protection by a team of WordPress developers.
|
| 9 |
|
|
@@ -49,6 +49,9 @@ Based on the original code from Limit Login Attemps plugin by Johan Eenfeldt.
|
|
| 49 |
|
| 50 |
== Changelog ==
|
| 51 |
|
|
|
|
|
|
|
|
|
|
| 52 |
= 2.6.1 =
|
| 53 |
Plugin returns the 403 Forbidden header after the limit of login attempts via XMLRPC is reached.
|
| 54 |
|
| 2 |
Contributors: wpchefgadget
|
| 3 |
Tags: login, security, authentication, Limit Login Attempts, Limit Login Attempts Reloaded, Limit Login Attempts Revamped, Limit Login Attempts Renovated, Limit Login Attempts Updated, Better Limit Login Attempts, Limit Login Attempts Renewed, Limit Login Attempts Upgraded
|
| 4 |
Requires at least: 3.0
|
| 5 |
+
Tested up to: 4.9
|
| 6 |
+
Stable tag: 2.6.2
|
| 7 |
|
| 8 |
Reloaded version of the original Limit Login Attempts plugin for Login Protection by a team of WordPress developers.
|
| 9 |
|
| 49 |
|
| 50 |
== Changelog ==
|
| 51 |
|
| 52 |
+
= 2.6.2 =
|
| 53 |
+
Fixed the issue with backslashes in usernames.
|
| 54 |
+
|
| 55 |
= 2.6.1 =
|
| 56 |
Plugin returns the 403 Forbidden header after the limit of login attempts via XMLRPC is reached.
|
| 57 |
|
