Version Description
- Settings are moved to a separate page.
- Fixed: login error message. https://wordpress.org/support/topic/how-to-change-login-error-message/
Download this release
Release Info
Developer | wpchefgadget |
Plugin | Limit Login Attempts Reloaded |
Version | 2.7.2 |
Comparing to | |
See all releases |
Code changes from version 2.7.1 to 2.7.2
- assets/css/limit-login-attempts.css +12 -9
- assets/img/icon-menu2.svg +1 -0
- assets/js/limit-login-attempts.js +7 -7
- assets/sass/limit-login-attempts.scss +24 -16
- core/Helpers.php +62 -62
- core/LimitLoginAttempts.php +1289 -1284
- core/Logger.php +22 -22
- limit-login-attempts-reloaded.php +8 -7
- readme.txt +112 -108
- views/options-page.php +248 -248
assets/css/limit-login-attempts.css
CHANGED
@@ -1,9 +1,12 @@
|
|
1 |
-
.limit-login-page-settings .field-col {
|
2 |
-
display: inline-block;
|
3 |
-
margin-right: 20px; }
|
4 |
-
.limit-login-page-settings .limit-login-log table {
|
5 |
-
background-color: #fff; }
|
6 |
-
.limit-login-page-settings .limit-login-log table th, .limit-login-page-settings .limit-login-log table td {
|
7 |
-
padding: 10px; }
|
8 |
-
.limit-login-page-settings .limit-login-log table tr:nth-child(even) {
|
9 |
-
background-color: rgba(0, 0, 0, 0.09); }
|
|
|
|
|
|
1 |
+
.limit-login-page-settings .field-col {
|
2 |
+
display: inline-block;
|
3 |
+
margin-right: 20px; }
|
4 |
+
.limit-login-page-settings .limit-login-log table {
|
5 |
+
background-color: #fff; }
|
6 |
+
.limit-login-page-settings .limit-login-log table th, .limit-login-page-settings .limit-login-log table td {
|
7 |
+
padding: 10px; }
|
8 |
+
.limit-login-page-settings .limit-login-log table tr:nth-child(even) {
|
9 |
+
background-color: rgba(0, 0, 0, 0.09); }
|
10 |
+
|
11 |
+
#toplevel_page_limit-login-attempts .wp-menu-image img {
|
12 |
+
max-width: 22px; }
|
assets/img/icon-menu2.svg
ADDED
@@ -0,0 +1 @@
|
|
|
1 |
+
<?xml version="1.0" ?><!DOCTYPE svg PUBLIC '-//W3C//DTD SVG 1.1//EN' 'http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd'><svg enable-background="new -0.6 -1 27 31" height="31px" version="1.1" viewBox="-0.6 -1 27 31" width="27px" xml:space="preserve" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><defs/><path clip-rule="evenodd" d="M13.1,29.8L13.1,29.8c-14.8-3.2-13-25-13-25 C7.9,5.7,12.4,0.8,13,0.1V0c0,0,0,0,0,0c0,0,0,0,0,0v0.1c0.6,0.7,5.2,5.6,12.9,4.7C26,4.8,27.9,26.6,13.1,29.8z M23.3,6.5 c-6.2,0.7-9.8-3-10.2-3.6V2.8c0,0,0,0,0,0c0,0,0,0,0,0v0.1C12.5,3.5,8.9,7.2,2.8,6.5c0,0-1.4,18.2,10.3,20.7h0 C24.8,24.7,23.3,6.5,23.3,6.5z M13.1,25.3L13.1,25.3c-0.3-0.1-0.5-0.1-0.7-0.2l8.8-9.7C20.2,19.5,18.1,24.2,13.1,25.3z M8.6,22.9 l13-14.1c0,0.7,0,1.8-0.1,3.1L10.4,24.2C9.7,23.9,9.1,23.4,8.6,22.9z M4.5,8.1c5.1,0.6,8.1-2.5,8.5-3V5c0,0,0,0,0,0c0,0,0,0,0,0v0.1 c0.3,0.4,2.6,2.8,6.5,3.1L7.3,21.3C3.9,16.1,4.5,8.1,4.5,8.1z" fill="#fff" fill-rule="evenodd"/></svg>
|
assets/js/limit-login-attempts.js
CHANGED
@@ -1,8 +1,8 @@
|
|
1 |
-
;(function($){
|
2 |
-
"use strict";
|
3 |
-
|
4 |
-
$(document).ready(function(){
|
5 |
-
|
6 |
-
});
|
7 |
-
|
8 |
})(jQuery);
|
1 |
+
;(function($){
|
2 |
+
"use strict";
|
3 |
+
|
4 |
+
$(document).ready(function(){
|
5 |
+
|
6 |
+
});
|
7 |
+
|
8 |
})(jQuery);
|
assets/sass/limit-login-attempts.scss
CHANGED
@@ -1,17 +1,25 @@
|
|
1 |
-
.limit-login-page-settings {
|
2 |
-
.field-col {
|
3 |
-
display: inline-block;
|
4 |
-
margin-right: 20px;
|
5 |
-
}
|
6 |
-
.limit-login-log {
|
7 |
-
table {
|
8 |
-
background-color: #fff;
|
9 |
-
th, td {
|
10 |
-
padding: 10px;
|
11 |
-
}
|
12 |
-
tr:nth-child(even) {
|
13 |
-
background-color: rgba(#000, .09);
|
14 |
-
}
|
15 |
-
}
|
16 |
-
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
17 |
}
|
1 |
+
.limit-login-page-settings {
|
2 |
+
.field-col {
|
3 |
+
display: inline-block;
|
4 |
+
margin-right: 20px;
|
5 |
+
}
|
6 |
+
.limit-login-log {
|
7 |
+
table {
|
8 |
+
background-color: #fff;
|
9 |
+
th, td {
|
10 |
+
padding: 10px;
|
11 |
+
}
|
12 |
+
tr:nth-child(even) {
|
13 |
+
background-color: rgba(#000, .09);
|
14 |
+
}
|
15 |
+
}
|
16 |
+
}
|
17 |
+
}
|
18 |
+
|
19 |
+
#toplevel_page_limit-login-attempts {
|
20 |
+
.wp-menu-image {
|
21 |
+
img {
|
22 |
+
max-width: 22px;
|
23 |
+
}
|
24 |
+
}
|
25 |
}
|
core/Helpers.php
CHANGED
@@ -1,63 +1,63 @@
|
|
1 |
-
<?php
|
2 |
-
|
3 |
-
/**
|
4 |
-
* Class LLA_Helpers
|
5 |
-
*/
|
6 |
-
class LLA_Helpers {
|
7 |
-
|
8 |
-
/**
|
9 |
-
* @param string $msg
|
10 |
-
*/
|
11 |
-
public static function show_error( $msg = '' ) {
|
12 |
-
if( empty( $msg ) ) {
|
13 |
-
return;
|
14 |
-
}
|
15 |
-
|
16 |
-
echo '<div id="message" class="updated fade"><p>' . $msg . '</p></div>';
|
17 |
-
}
|
18 |
-
|
19 |
-
/**
|
20 |
-
* @param $log
|
21 |
-
*
|
22 |
-
* @return array
|
23 |
-
*/
|
24 |
-
public static function sorted_log_by_date( $log ) {
|
25 |
-
$new_log = array();
|
26 |
-
|
27 |
-
if ( ! is_array( $log ) || empty( $log ) ) {
|
28 |
-
return $new_log;
|
29 |
-
}
|
30 |
-
|
31 |
-
foreach ( $log as $ip => $users ) {
|
32 |
-
|
33 |
-
if ( ! empty( $users ) ) {
|
34 |
-
foreach ( $users as $user_name => $info ) {
|
35 |
-
|
36 |
-
if ( is_array( $info ) ) { // For new plugin version
|
37 |
-
$new_log[ $info['date'] ] = array(
|
38 |
-
'ip' => $ip,
|
39 |
-
'username' => $user_name,
|
40 |
-
'counter' => $info['counter'],
|
41 |
-
'gateway' => ( isset( $info['gateway'] ) ) ? $info['gateway'] : '-',
|
42 |
-
'unlocked' => !empty( $info['unlocked'] ),
|
43 |
-
);
|
44 |
-
} else { // For old plugin version
|
45 |
-
$new_log[0] = array(
|
46 |
-
'ip' => $ip,
|
47 |
-
'username' => $user_name,
|
48 |
-
'counter' => $info,
|
49 |
-
'gateway' => '-',
|
50 |
-
'unlocked' => false,
|
51 |
-
);
|
52 |
-
}
|
53 |
-
|
54 |
-
}
|
55 |
-
}
|
56 |
-
|
57 |
-
}
|
58 |
-
|
59 |
-
krsort( $new_log );
|
60 |
-
|
61 |
-
return $new_log;
|
62 |
-
}
|
63 |
}
|
1 |
+
<?php
|
2 |
+
|
3 |
+
/**
|
4 |
+
* Class LLA_Helpers
|
5 |
+
*/
|
6 |
+
class LLA_Helpers {
|
7 |
+
|
8 |
+
/**
|
9 |
+
* @param string $msg
|
10 |
+
*/
|
11 |
+
public static function show_error( $msg = '' ) {
|
12 |
+
if( empty( $msg ) ) {
|
13 |
+
return;
|
14 |
+
}
|
15 |
+
|
16 |
+
echo '<div id="message" class="updated fade"><p>' . $msg . '</p></div>';
|
17 |
+
}
|
18 |
+
|
19 |
+
/**
|
20 |
+
* @param $log
|
21 |
+
*
|
22 |
+
* @return array
|
23 |
+
*/
|
24 |
+
public static function sorted_log_by_date( $log ) {
|
25 |
+
$new_log = array();
|
26 |
+
|
27 |
+
if ( ! is_array( $log ) || empty( $log ) ) {
|
28 |
+
return $new_log;
|
29 |
+
}
|
30 |
+
|
31 |
+
foreach ( $log as $ip => $users ) {
|
32 |
+
|
33 |
+
if ( ! empty( $users ) ) {
|
34 |
+
foreach ( $users as $user_name => $info ) {
|
35 |
+
|
36 |
+
if ( is_array( $info ) ) { // For new plugin version
|
37 |
+
$new_log[ $info['date'] ] = array(
|
38 |
+
'ip' => $ip,
|
39 |
+
'username' => $user_name,
|
40 |
+
'counter' => $info['counter'],
|
41 |
+
'gateway' => ( isset( $info['gateway'] ) ) ? $info['gateway'] : '-',
|
42 |
+
'unlocked' => !empty( $info['unlocked'] ),
|
43 |
+
);
|
44 |
+
} else { // For old plugin version
|
45 |
+
$new_log[0] = array(
|
46 |
+
'ip' => $ip,
|
47 |
+
'username' => $user_name,
|
48 |
+
'counter' => $info,
|
49 |
+
'gateway' => '-',
|
50 |
+
'unlocked' => false,
|
51 |
+
);
|
52 |
+
}
|
53 |
+
|
54 |
+
}
|
55 |
+
}
|
56 |
+
|
57 |
+
}
|
58 |
+
|
59 |
+
krsort( $new_log );
|
60 |
+
|
61 |
+
return $new_log;
|
62 |
+
}
|
63 |
}
|
core/LimitLoginAttempts.php
CHANGED
@@ -1,1285 +1,1290 @@
|
|
1 |
-
<?php
|
2 |
-
|
3 |
-
/**
|
4 |
-
* Class Limit_Login_Attempts
|
5 |
-
*/
|
6 |
-
class Limit_Login_Attempts
|
7 |
-
{
|
8 |
-
public $default_options = array(
|
9 |
-
'gdpr' => 0,
|
10 |
-
|
11 |
-
/* Are we behind a proxy? */
|
12 |
-
'client_type' => LLA_DIRECT_ADDR,
|
13 |
-
|
14 |
-
/* Lock out after this many tries */
|
15 |
-
'allowed_retries' => 4,
|
16 |
-
|
17 |
-
/* Lock out for this many seconds */
|
18 |
-
'lockout_duration' => 1200, // 20 minutes
|
19 |
-
|
20 |
-
/* Long lock out after this many lockouts */
|
21 |
-
'allowed_lockouts' => 4,
|
22 |
-
|
23 |
-
/* Long lock out for this many seconds */
|
24 |
-
'long_duration' => 86400, // 24 hours,
|
25 |
-
|
26 |
-
/* Reset failed attempts after this many seconds */
|
27 |
-
'valid_duration' => 43200, // 12 hours
|
28 |
-
|
29 |
-
/* Also limit malformed/forged cookies? */
|
30 |
-
'cookies' => true,
|
31 |
-
|
32 |
-
/* Notify on lockout. Values: '', 'log', 'email', 'log,email' */
|
33 |
-
'lockout_notify' => 'log',
|
34 |
-
|
35 |
-
/* If notify by email, do so after this number of lockouts */
|
36 |
-
'notify_email_after' => 4,
|
37 |
-
|
38 |
-
'whitelist' => array(),
|
39 |
-
'whitelist_usernames' => array(),
|
40 |
-
'blacklist' => array(),
|
41 |
-
'blacklist_usernames' => array(),
|
42 |
-
);
|
43 |
-
/**
|
44 |
-
* Admin options page slug
|
45 |
-
* @var string
|
46 |
-
*/
|
47 |
-
private $_options_page_slug = 'limit-login-attempts';
|
48 |
-
|
49 |
-
/**
|
50 |
-
* Errors messages
|
51 |
-
*
|
52 |
-
* @var array
|
53 |
-
*/
|
54 |
-
public $_errors = array();
|
55 |
-
|
56 |
-
public function __construct() {
|
57 |
-
$this->hooks_init();
|
58 |
-
}
|
59 |
-
|
60 |
-
/**
|
61 |
-
* Register wp hooks and filters
|
62 |
-
*/
|
63 |
-
public function hooks_init() {
|
64 |
-
add_action( 'plugins_loaded', array( $this, 'setup' ), 9999 );
|
65 |
-
add_action( 'admin_enqueue_scripts', array( $this, 'enqueue' ) );
|
66 |
-
add_filter( 'limit_login_whitelist_ip', array( $this, 'check_whitelist_ips' ), 10, 2 );
|
67 |
-
add_filter( 'limit_login_whitelist_usernames', array( $this, 'check_whitelist_usernames' ), 10, 2 );
|
68 |
-
add_filter( 'limit_login_blacklist_ip', array( $this, 'check_blacklist_ips' ), 10, 2 );
|
69 |
-
add_filter( 'limit_login_blacklist_usernames', array( $this, 'check_blacklist_usernames' ), 10, 2 );
|
70 |
-
}
|
71 |
-
|
72 |
-
/**
|
73 |
-
* Hook 'plugins_loaded'
|
74 |
-
*/
|
75 |
-
public function setup() {
|
76 |
-
|
77 |
-
// Load languages files
|
78 |
-
load_plugin_textdomain( 'limit-login-attempts-reloaded', false, plugin_basename( dirname( __FILE__ ) ) . '/../languages' );
|
79 |
-
|
80 |
-
// Check if installed old plugin
|
81 |
-
$this->check_original_installed();
|
82 |
-
|
83 |
-
if ( is_multisite() )
|
84 |
-
require_once ABSPATH.'wp-admin/includes/plugin.php';
|
85 |
-
|
86 |
-
$this->network_mode = is_multisite() && is_plugin_active_for_network('limit-login-attempts-reloaded/limit-login-attempts-reloaded.php');
|
87 |
-
|
88 |
-
|
89 |
-
if ( $this->network_mode )
|
90 |
-
{
|
91 |
-
$this->allow_local_options = get_site_option( 'limit_login_allow_local_options', false );
|
92 |
-
$this->use_local_options = $this->allow_local_options && get_option( 'limit_login_use_local_options', false );
|
93 |
-
}
|
94 |
-
else
|
95 |
-
{
|
96 |
-
$this->allow_local_options = true;
|
97 |
-
$this->use_local_options = true;
|
98 |
-
}
|
99 |
-
|
100 |
-
|
101 |
-
// Setup default plugin options
|
102 |
-
//$this->sanitize_options();
|
103 |
-
|
104 |
-
add_action( 'wp_login_failed', array( $this, 'limit_login_failed' ) );
|
105 |
-
add_filter( 'wp_authenticate_user', array( $this, 'wp_authenticate_user' ), 99999, 2 );
|
106 |
-
|
107 |
-
add_filter( 'shake_error_codes', array( $this, 'failure_shake' ) );
|
108 |
-
add_action( 'login_head', array( $this, 'add_error_message' ) );
|
109 |
-
add_action( 'login_errors', array( $this, 'fixup_error_messages' ) );
|
110 |
-
|
111 |
-
if ( $this->network_mode )
|
112 |
-
add_action( 'network_admin_menu', array( $this, 'network_admin_menu' ) );
|
113 |
-
|
114 |
-
if ( $this->allow_local_options )
|
115 |
-
add_action( 'admin_menu', array( $this, 'admin_menu' ) );
|
116 |
-
|
117 |
-
// Add notices for XMLRPC request
|
118 |
-
add_filter( 'xmlrpc_login_error', array( $this, 'xmlrpc_error_messages' ) );
|
119 |
-
|
120 |
-
// Add notices to woocommerce login page
|
121 |
-
add_action( 'wp_head', array( $this, 'add_wc_notices' ) );
|
122 |
-
|
123 |
-
/*
|
124 |
-
* This action should really be changed to the 'authenticate' filter as
|
125 |
-
* it will probably be deprecated. That is however only available in
|
126 |
-
* later versions of WP.
|
127 |
-
*/
|
128 |
-
add_action( 'wp_authenticate', array( $this, 'track_credentials' ), 10, 2 );
|
129 |
-
add_action( 'authenticate', array( $this, 'authenticate_filter' ), 5, 3 );
|
130 |
-
|
131 |
-
if ( defined('XMLRPC_REQUEST') && XMLRPC_REQUEST )
|
132 |
-
add_action( 'init', array( $this, 'check_xmlrpc_lock' ) );
|
133 |
-
|
134 |
-
add_action('wp_ajax_limit-login-unlock', array( $this, 'ajax_unlock' ) );
|
135 |
-
}
|
136 |
-
|
137 |
-
public function check_xmlrpc_lock()
|
138 |
-
{
|
139 |
-
if ( is_user_logged_in() || $this->is_ip_whitelisted() )
|
140 |
-
return;
|
141 |
-
|
142 |
-
if ( $this->is_ip_blacklisted() || !$this->is_limit_login_ok() )
|
143 |
-
{
|
144 |
-
header('HTTP/1.0 403 Forbidden');
|
145 |
-
exit;
|
146 |
-
}
|
147 |
-
}
|
148 |
-
|
149 |
-
public function check_whitelist_ips( $allow, $ip ) {
|
150 |
-
return $this->ip_in_range( $ip, (array) $this->get_option( 'whitelist' ) );
|
151 |
-
}
|
152 |
-
|
153 |
-
public function check_whitelist_usernames( $allow, $username ) {
|
154 |
-
return in_array( $username, (array) $this->get_option( 'whitelist_usernames' ) );
|
155 |
-
}
|
156 |
-
|
157 |
-
public function check_blacklist_ips( $allow, $ip ) {
|
158 |
-
return $this->ip_in_range( $ip, (array) $this->get_option( 'blacklist' ) );
|
159 |
-
}
|
160 |
-
|
161 |
-
public function check_blacklist_usernames( $allow, $username ) {
|
162 |
-
return in_array( $username, (array) $this->get_option( 'blacklist_usernames' ) );
|
163 |
-
}
|
164 |
-
|
165 |
-
public function ip_in_range( $ip, $list )
|
166 |
-
{
|
167 |
-
foreach ( $list as $range )
|
168 |
-
{
|
169 |
-
$range = array_map('trim', explode('-', $range) );
|
170 |
-
if ( count( $range ) == 1 )
|
171 |
-
{
|
172 |
-
if ( (string)$ip === (string)$range[0] )
|
173 |
-
return true;
|
174 |
-
}
|
175 |
-
else
|
176 |
-
{
|
177 |
-
$low = ip2long( $range[0] );
|
178 |
-
$high = ip2long( $range[1] );
|
179 |
-
$needle = ip2long( $ip );
|
180 |
-
|
181 |
-
if ( $low === false || $high === false || $needle === false )
|
182 |
-
continue;
|
183 |
-
|
184 |
-
$low = (float)sprintf("%u",$low);
|
185 |
-
$high = (float)sprintf("%u",$high);
|
186 |
-
$needle = (float)sprintf("%u",$needle);
|
187 |
-
|
188 |
-
if ( $needle >= $low && $needle <= $high )
|
189 |
-
return true;
|
190 |
-
}
|
191 |
-
}
|
192 |
-
|
193 |
-
return false;
|
194 |
-
}
|
195 |
-
|
196 |
-
/**
|
197 |
-
* @param $error IXR_Error
|
198 |
-
*
|
199 |
-
* @return IXR_Error
|
200 |
-
*/
|
201 |
-
public function xmlrpc_error_messages( $error ) {
|
202 |
-
|
203 |
-
if ( ! class_exists( 'IXR_Error' ) ) {
|
204 |
-
return $error;
|
205 |
-
}
|
206 |
-
|
207 |
-
if ( ! $this->is_limit_login_ok() ) {
|
208 |
-
return new IXR_Error( 403, $this->error_msg() );
|
209 |
-
}
|
210 |
-
|
211 |
-
$ip = $this->get_address();
|
212 |
-
$retries = $this->get_option( 'retries' );
|
213 |
-
$valid = $this->get_option( 'retries_valid' );
|
214 |
-
|
215 |
-
/* Should we show retries remaining? */
|
216 |
-
|
217 |
-
if ( ! is_array( $retries ) || ! is_array( $valid ) ) {
|
218 |
-
/* no retries at all */
|
219 |
-
return $error;
|
220 |
-
}
|
221 |
-
if (
|
222 |
-
(! isset( $retries[ $ip ] ) && ! isset( $retries[ $this->getHash($ip) ] )) ||
|
223 |
-
(! isset( $valid[ $ip ] ) && ! isset( $valid[ $this->getHash($ip) ] )) ||
|
224 |
-
(time() > $valid[ $ip ] && time() > $valid[ $this->getHash($ip) ])
|
225 |
-
|
226 |
-
) {
|
227 |
-
/* no: no valid retries */
|
228 |
-
return $error;
|
229 |
-
}
|
230 |
-
if (
|
231 |
-
( ((isset($retries[ $ip ]) ? $retries[ $ip ] : 0) + (isset($retries[ $this->getHash($ip) ]) ? $retries[ $this->getHash($ip) ] : 0)) % $this->get_option( 'allowed_retries' ) ) == 0
|
232 |
-
) {
|
233 |
-
//* no: already been locked out for these retries */
|
234 |
-
return $error;
|
235 |
-
}
|
236 |
-
|
237 |
-
$remaining = max( ( $this->get_option( 'allowed_retries' ) - ( ((isset($retries[ $ip ]) ? $retries[ $ip ] : 0) + (isset($retries[ $this->getHash($ip) ]) ? $retries[ $this->getHash($ip) ] : 0)) % $this->get_option( 'allowed_retries' ) ) ), 0 );
|
238 |
-
|
239 |
-
return new IXR_Error( 403, sprintf( _n( "<strong>%d</strong> attempt remaining.", "<strong>%d</strong> attempts remaining.", $remaining, 'limit-login-attempts-reloaded' ), $remaining ) );
|
240 |
-
}
|
241 |
-
|
242 |
-
/**
|
243 |
-
* Errors on WooCommerce account page
|
244 |
-
*/
|
245 |
-
public function add_wc_notices() {
|
246 |
-
|
247 |
-
global $limit_login_just_lockedout, $limit_login_nonempty_credentials, $limit_login_my_error_shown;
|
248 |
-
|
249 |
-
if ( ! function_exists( 'is_account_page' ) || ! function_exists( 'wc_add_notice' ) ) {
|
250 |
-
return;
|
251 |
-
}
|
252 |
-
|
253 |
-
/*
|
254 |
-
* During lockout we do not want to show any other error messages (like
|
255 |
-
* unknown user or empty password).
|
256 |
-
*/
|
257 |
-
if ( empty( $_POST ) && ! $this->is_limit_login_ok() && ! $limit_login_just_lockedout ) {
|
258 |
-
if ( is_account_page() ) {
|
259 |
-
wc_add_notice( $this->error_msg(), 'error' );
|
260 |
-
}
|
261 |
-
}
|
262 |
-
|
263 |
-
}
|
264 |
-
|
265 |
-
/**
|
266 |
-
* @param $user
|
267 |
-
* @param $username
|
268 |
-
* @param $password
|
269 |
-
*
|
270 |
-
* @return WP_Error | WP_User
|
271 |
-
*/
|
272 |
-
public function authenticate_filter( $user, $username, $password ) {
|
273 |
-
|
274 |
-
if ( ! empty( $username ) && ! empty( $password ) ) {
|
275 |
-
|
276 |
-
$ip = $this->get_address();
|
277 |
-
|
278 |
-
// Check if username is blacklisted
|
279 |
-
if ( ! $this->is_username_whitelisted( $username ) && ! $this->is_ip_whitelisted( $ip ) &&
|
280 |
-
( $this->is_username_blacklisted( $username ) || $this->is_ip_blacklisted( $ip ) )
|
281 |
-
) {
|
282 |
-
|
283 |
-
remove_filter( 'login_errors', array( $this, 'fixup_error_messages' ) );
|
284 |
-
remove_filter( 'login_head', array( $this, 'add_error_message' ) );
|
285 |
-
remove_filter( 'wp_login_failed', array( $this, 'limit_login_failed' ) );
|
286 |
-
remove_filter( 'wp_authenticate_user', array( $this, 'wp_authenticate_user' ), 99999 );
|
287 |
-
remove_filter( 'login_head', array( $this, 'add_error_message' ) );
|
288 |
-
remove_filter( 'login_errors', array( $this, 'fixup_error_messages' ) );
|
289 |
-
|
290 |
-
remove_filter( 'authenticate', 'wp_authenticate_username_password', 20 );
|
291 |
-
remove_filter( 'authenticate', 'wp_authenticate_email_password', 20 );
|
292 |
-
|
293 |
-
$user = new WP_Error();
|
294 |
-
$user->add( 'username_blacklisted', "<strong>ERROR:</strong> Too many failed login attempts." );
|
295 |
-
|
296 |
-
} elseif ( $this->is_username_whitelisted( $username ) || $this->is_ip_whitelisted( $ip ) ) {
|
297 |
-
|
298 |
-
remove_filter( 'wp_login_failed', array( $this, 'limit_login_failed' ) );
|
299 |
-
remove_filter( 'wp_authenticate_user', array( $this, 'wp_authenticate_user' ), 99999 );
|
300 |
-
remove_filter( 'login_head', array( $this, 'add_error_message' ) );
|
301 |
-
remove_filter( 'login_errors', array( $this, 'fixup_error_messages' ) );
|
302 |
-
|
303 |
-
}
|
304 |
-
|
305 |
-
}
|
306 |
-
|
307 |
-
return $user;
|
308 |
-
}
|
309 |
-
|
310 |
-
/**
|
311 |
-
* Check if the original plugin is installed
|
312 |
-
*/
|
313 |
-
private function check_original_installed()
|
314 |
-
{
|
315 |
-
require_once( ABSPATH . '/wp-admin/includes/plugin.php' );
|
316 |
-
if ( is_plugin_active('limit-login-attempts/limit-login-attempts.php') )
|
317 |
-
{
|
318 |
-
deactivate_plugins( 'limit-login-attempts/limit-login-attempts.php', true );
|
319 |
-
//add_action('plugins_loaded', 'limit_login_setup', 99999);
|
320 |
-
remove_action( 'plugins_loaded', 'limit_login_setup', 99999 );
|
321 |
-
}
|
322 |
-
}
|
323 |
-
|
324 |
-
/**
|
325 |
-
* Enqueue js and css
|
326 |
-
*/
|
327 |
-
public function enqueue() {
|
328 |
-
wp_enqueue_style( 'lla-main', LLA_PLUGIN_URL . '/assets/css/limit-login-attempts.css' );
|
329 |
-
}
|
330 |
-
|
331 |
-
/**
|
332 |
-
* Add admin options page
|
333 |
-
*/
|
334 |
-
public function network_admin_menu()
|
335 |
-
{
|
336 |
-
|
337 |
-
}
|
338 |
-
|
339 |
-
public function admin_menu()
|
340 |
-
{
|
341 |
-
|
342 |
-
}
|
343 |
-
|
344 |
-
/**
|
345 |
-
* Get the correct options page URI
|
346 |
-
*
|
347 |
-
* @return mixed
|
348 |
-
*/
|
349 |
-
public function get_options_page_uri()
|
350 |
-
{
|
351 |
-
if ( is_network_admin() )
|
352 |
-
return network_admin_url( 'settings.php?page=limit-login-attempts' );
|
353 |
-
|
354 |
-
return menu_page_url( $this->_options_page_slug, false );
|
355 |
-
}
|
356 |
-
|
357 |
-
/**
|
358 |
-
* Get option by name
|
359 |
-
*
|
360 |
-
* @param $option_name
|
361 |
-
*
|
362 |
-
* @return null
|
363 |
-
*/
|
364 |
-
public function get_option( $option_name, $local = null )
|
365 |
-
{
|
366 |
-
if ( is_null( $local ) )
|
367 |
-
$local = $this->use_local_options;
|
368 |
-
|
369 |
-
$option = 'limit_login_'.$option_name;
|
370 |
-
|
371 |
-
$func = $local ? 'get_option' : 'get_site_option';
|
372 |
-
$value = $func( $option, null );
|
373 |
-
|
374 |
-
if ( is_null( $value ) && isset( $this->default_options[ $option_name ] ) )
|
375 |
-
$value = $this->default_options[ $option_name ];
|
376 |
-
|
377 |
-
return $value;
|
378 |
-
}
|
379 |
-
|
380 |
-
public function update_option( $option_name, $value, $local = null )
|
381 |
-
{
|
382 |
-
if ( is_null( $local ) )
|
383 |
-
$local = $this->use_local_options;
|
384 |
-
|
385 |
-
$option = 'limit_login_'.$option_name;
|
386 |
-
|
387 |
-
$func = $local ? 'update_option' : 'update_site_option';
|
388 |
-
|
389 |
-
return $func( $option, $value );
|
390 |
-
}
|
391 |
-
|
392 |
-
public function add_option( $option_name, $value, $local=null )
|
393 |
-
{
|
394 |
-
if ( is_null( $local ) )
|
395 |
-
$local = $this->use_local_options;
|
396 |
-
|
397 |
-
$option = 'limit_login_'.$option_name;
|
398 |
-
|
399 |
-
$func = $local ? 'add_option' : 'add_site_option';
|
400 |
-
|
401 |
-
return $func( $option, $value, '', 'no' );
|
402 |
-
}
|
403 |
-
|
404 |
-
/**
|
405 |
-
* Setup main options
|
406 |
-
*/
|
407 |
-
public function sanitize_options()
|
408 |
-
{
|
409 |
-
$simple_int_options = array( 'allowed_retries', 'lockout_duration', 'valid_duration', 'allowed_lockouts', 'long_duration', 'notify_email_after');
|
410 |
-
foreach ( $simple_int_options as $option )
|
411 |
-
{
|
412 |
-
$val = $this->get_option( $option );
|
413 |
-
if ( (int)$val != $val || (int)$val <= 0 )
|
414 |
-
$this->update_option( $option, 1 );
|
415 |
-
}
|
416 |
-
if ( $this->get_option('notify_email_after') > $this->get_option( 'allowed_lockouts' ) )
|
417 |
-
$this->update_option( 'notify_email_after', $this->get_option( 'allowed_lockouts' ) );
|
418 |
-
|
419 |
-
$args = explode( ',', $this->get_option( 'lockout_notify' ) );
|
420 |
-
$args_allowed = explode( ',', LLA_LOCKOUT_NOTIFY_ALLOWED );
|
421 |
-
$new_args = array_intersect( $args, $args_allowed );
|
422 |
-
|
423 |
-
$this->update_option( 'lockout_notify', implode( ',', $new_args ) );
|
424 |
-
|
425 |
-
$ctype = $this->get_option( 'client_type' );
|
426 |
-
if ( $ctype != LLA_DIRECT_ADDR && $ctype != LLA_PROXY_ADDR )
|
427 |
-
$this->update_option( 'client_type', LLA_DIRECT_ADDR );
|
428 |
-
}
|
429 |
-
|
430 |
-
/**
|
431 |
-
* Check if it is ok to login
|
432 |
-
*
|
433 |
-
* @return bool
|
434 |
-
*/
|
435 |
-
public function is_limit_login_ok() {
|
436 |
-
|
437 |
-
$ip = $this->get_address();
|
438 |
-
|
439 |
-
/* Check external whitelist filter */
|
440 |
-
if ( $this->is_ip_whitelisted( $ip ) ) {
|
441 |
-
return true;
|
442 |
-
}
|
443 |
-
|
444 |
-
/* lockout active? */
|
445 |
-
$lockouts = $this->get_option( 'lockouts' );
|
446 |
-
|
447 |
-
$a = $this->checkKey($lockouts, $ip);
|
448 |
-
$b = $this->checkKey($lockouts, $this->getHash($ip));
|
449 |
-
return (
|
450 |
-
! is_array( $lockouts ) ||
|
451 |
-
(! isset( $lockouts[ $ip ] ) && ! isset( $lockouts[ $this->getHash($ip) ] )) ||
|
452 |
-
(time() >= $a && time() >= $b ));
|
453 |
-
}
|
454 |
-
|
455 |
-
/**
|
456 |
-
* Action when login attempt failed
|
457 |
-
*
|
458 |
-
* Increase nr of retries (if necessary). Reset valid value. Setup
|
459 |
-
* lockout if nr of retries are above threshold. And more!
|
460 |
-
*
|
461 |
-
* A note on external whitelist: retries and statistics are still counted and
|
462 |
-
* notifications done as usual, but no lockout is done.
|
463 |
-
*
|
464 |
-
* @param $username
|
465 |
-
*/
|
466 |
-
public function limit_login_failed( $username ) {
|
467 |
-
|
468 |
-
$ip = $this->get_address();
|
469 |
-
$ipHash = $this->getHash($this->get_address());
|
470 |
-
|
471 |
-
/* if currently locked-out, do not add to retries */
|
472 |
-
$lockouts = $this->get_option( 'lockouts' );
|
473 |
-
|
474 |
-
if ( ! is_array( $lockouts ) ) {
|
475 |
-
$lockouts = array();
|
476 |
-
}
|
477 |
-
|
478 |
-
if ( (isset( $lockouts[ $ip ] ) && time() < $lockouts[ $ip ]) || (isset( $lockouts[ $ipHash ] ) && time() < $lockouts[ $ipHash ] )) {
|
479 |
-
return;
|
480 |
-
}
|
481 |
-
|
482 |
-
/* Get the arrays with retries and retries-valid information */
|
483 |
-
$retries = $this->get_option( 'retries' );
|
484 |
-
$valid = $this->get_option( 'retries_valid' );
|
485 |
-
|
486 |
-
if ( ! is_array( $retries ) ) {
|
487 |
-
$retries = array();
|
488 |
-
$this->add_option( 'retries', $retries );
|
489 |
-
}
|
490 |
-
|
491 |
-
if ( ! is_array( $valid ) ) {
|
492 |
-
$valid = array();
|
493 |
-
$this->add_option( 'retries_valid', $valid );
|
494 |
-
}
|
495 |
-
|
496 |
-
$gdpr = $this->get_option('gdpr');
|
497 |
-
$ip = ($gdpr ? $ipHash : $ip);
|
498 |
-
/* Check validity and add one to retries */
|
499 |
-
if ( isset( $retries[ $ip ] ) && isset( $valid[ $ip ] ) && time() < $valid[ $ip ]) {
|
500 |
-
$retries[ $ip ] ++;
|
501 |
-
} else {
|
502 |
-
$retries[ $ip ] = 1;
|
503 |
-
}
|
504 |
-
$valid[ $ip ] = time() + $this->get_option( 'valid_duration' );
|
505 |
-
|
506 |
-
/* lockout? */
|
507 |
-
if ( $retries[ $ip ] % $this->get_option( 'allowed_retries' ) != 0 ) {
|
508 |
-
/*
|
509 |
-
* Not lockout (yet!)
|
510 |
-
* Do housecleaning (which also saves retry/valid values).
|
511 |
-
*/
|
512 |
-
$this->cleanup( $retries, null, $valid );
|
513 |
-
|
514 |
-
return;
|
515 |
-
}
|
516 |
-
|
517 |
-
/* lockout! */
|
518 |
-
$whitelisted = $this->is_ip_whitelisted( $ip );
|
519 |
-
$retries_long = $this->get_option( 'allowed_retries' ) * $this->get_option( 'allowed_lockouts' );
|
520 |
-
|
521 |
-
/*
|
522 |
-
* Note that retries and statistics are still counted and notifications
|
523 |
-
* done as usual for whitelisted ips , but no lockout is done.
|
524 |
-
*/
|
525 |
-
if ( $whitelisted ) {
|
526 |
-
if ( $retries[ $ip ] >= $retries_long ) {
|
527 |
-
unset( $retries[ $ip ] );
|
528 |
-
unset( $valid[ $ip ] );
|
529 |
-
}
|
530 |
-
} else {
|
531 |
-
global $limit_login_just_lockedout;
|
532 |
-
$limit_login_just_lockedout = true;
|
533 |
-
$gdpr = $this->get_option('gdpr');
|
534 |
-
$index = ($gdpr ? $ipHash : $ip);
|
535 |
-
|
536 |
-
/* setup lockout, reset retries as needed */
|
537 |
-
if ( (isset($retries[ $ip ]) ? $retries[ $ip ] : 0) >= $retries_long || (isset($retries[ $ipHash ]) ? $retries[ $ipHash ] : 0) >= $retries_long ) {
|
538 |
-
/* long lockout */
|
539 |
-
$lockouts[ $index ] = time() + $this->get_option( 'long_duration' );
|
540 |
-
unset( $retries[ $index ] );
|
541 |
-
unset( $valid[ $index ] );
|
542 |
-
} else {
|
543 |
-
/* normal lockout */
|
544 |
-
$lockouts[ $index ] = time() + $this->get_option( 'lockout_duration' );
|
545 |
-
}
|
546 |
-
}
|
547 |
-
|
548 |
-
/* do housecleaning and save values */
|
549 |
-
$this->cleanup( $retries, $lockouts, $valid );
|
550 |
-
|
551 |
-
/* do any notification */
|
552 |
-
$this->notify( $username );
|
553 |
-
|
554 |
-
/* increase statistics */
|
555 |
-
$total = $this->get_option( 'lockouts_total' );
|
556 |
-
if ( $total === false || ! is_numeric( $total ) ) {
|
557 |
-
$this->add_option( 'lockouts_total', 1 );
|
558 |
-
} else {
|
559 |
-
$this->update_option( 'lockouts_total', $total + 1 );
|
560 |
-
}
|
561 |
-
}
|
562 |
-
|
563 |
-
/**
|
564 |
-
* Handle notification in event of lockout
|
565 |
-
*
|
566 |
-
* @param $user
|
567 |
-
*/
|
568 |
-
public function notify( $user ) {
|
569 |
-
$args = explode( ',', $this->get_option( 'lockout_notify' ) );
|
570 |
-
|
571 |
-
if ( empty( $args ) ) {
|
572 |
-
return;
|
573 |
-
}
|
574 |
-
|
575 |
-
foreach ( $args as $mode ) {
|
576 |
-
switch ( trim( $mode ) ) {
|
577 |
-
case 'email':
|
578 |
-
$this->notify_email( $user );
|
579 |
-
break;
|
580 |
-
case 'log':
|
581 |
-
$this->notify_log( $user );
|
582 |
-
break;
|
583 |
-
}
|
584 |
-
}
|
585 |
-
}
|
586 |
-
|
587 |
-
/**
|
588 |
-
* Email notification of lockout to admin (if configured)
|
589 |
-
*
|
590 |
-
* @param $user
|
591 |
-
*/
|
592 |
-
public function notify_email( $user ) {
|
593 |
-
$ip = $this->get_address();
|
594 |
-
$whitelisted = $this->is_ip_whitelisted( $ip );
|
595 |
-
|
596 |
-
$retries = $this->get_option( 'retries' );
|
597 |
-
if ( ! is_array( $retries ) ) {
|
598 |
-
$retries = array();
|
599 |
-
}
|
600 |
-
|
601 |
-
/* check if we are at the right nr to do notification */
|
602 |
-
if (
|
603 |
-
(isset( $retries[ $ip ] ) || isset( $retries[ $this->getHash($ip) ] ))
|
604 |
-
&&
|
605 |
-
( ( intval($retries[ $ip ] + $retries[ $this->getHash($ip) ]) / $this->get_option( 'allowed_retries' ) ) % $this->get_option( 'notify_email_after' ) ) != 0 ) {
|
606 |
-
return;
|
607 |
-
}
|
608 |
-
|
609 |
-
/* Format message. First current lockout duration */
|
610 |
-
if ( !isset( $retries[ $ip ] ) && !isset( $retries[ $this->getHash($ip) ] ) ) {
|
611 |
-
/* longer lockout */
|
612 |
-
$count = $this->get_option( 'allowed_retries' )
|
613 |
-
* $this->get_option( 'allowed_lockouts' );
|
614 |
-
$lockouts = $this->get_option( 'allowed_lockouts' );
|
615 |
-
$time = round( $this->get_option( 'long_duration' ) / 3600 );
|
616 |
-
$when = sprintf( _n( '%d hour', '%d hours', $time, 'limit-login-attempts-reloaded' ), $time );
|
617 |
-
} else {
|
618 |
-
/* normal lockout */
|
619 |
-
$count = $retries[ $ip ] + $retries[ $this->getHash($ip) ];
|
620 |
-
$lockouts = floor( ($count) / $this->get_option( 'allowed_retries' ) );
|
621 |
-
$time = round( $this->get_option( 'lockout_duration' ) / 60 );
|
622 |
-
$when = sprintf( _n( '%d minute', '%d minutes', $time, 'limit-login-attempts-reloaded' ), $time );
|
623 |
-
}
|
624 |
-
|
625 |
-
$blogname = $this->use_local_options ? get_option( 'blogname' ) : get_site_option( 'site_name' );
|
626 |
-
$blogname = htmlspecialchars_decode( $blogname, ENT_QUOTES );
|
627 |
-
|
628 |
-
if ( $whitelisted ) {
|
629 |
-
$subject = sprintf( __( "[%s] Failed login attempts from whitelisted IP"
|
630 |
-
, 'limit-login-attempts-reloaded' )
|
631 |
-
, $blogname );
|
632 |
-
} else {
|
633 |
-
$subject = sprintf( __( "[%s] Too many failed login attempts"
|
634 |
-
, 'limit-login-attempts-reloaded' )
|
635 |
-
, $blogname );
|
636 |
-
}
|
637 |
-
|
638 |
-
$message = sprintf( __( "%d failed login attempts (%d lockout(s)) from IP: %s"
|
639 |
-
, 'limit-login-attempts-reloaded' ) . "\r\n\r\n"
|
640 |
-
, $count, $lockouts, $ip );
|
641 |
-
if ( $user != '' ) {
|
642 |
-
$message .= sprintf( __( "Last user attempted: %s", 'limit-login-attempts-reloaded' )
|
643 |
-
. "\r\n\r\n", $user );
|
644 |
-
}
|
645 |
-
if ( $whitelisted ) {
|
646 |
-
$message .= __( "IP was NOT blocked because of external whitelist.", 'limit-login-attempts-reloaded' );
|
647 |
-
} else {
|
648 |
-
$message .= sprintf( __( "IP was blocked for %s", 'limit-login-attempts-reloaded' ), $when );
|
649 |
-
}
|
650 |
-
|
651 |
-
$admin_email = $this->use_local_options ? get_option( 'admin_email' ) : get_site_option( 'admin_email' );
|
652 |
-
|
653 |
-
@wp_mail( $admin_email, $subject, $message );
|
654 |
-
}
|
655 |
-
|
656 |
-
/**
|
657 |
-
* Logging of lockout (if configured)
|
658 |
-
*
|
659 |
-
* @param $user_login
|
660 |
-
*
|
661 |
-
* @internal param $user
|
662 |
-
*/
|
663 |
-
public function notify_log( $user_login ) {
|
664 |
-
|
665 |
-
if ( ! $user_login ) {
|
666 |
-
return;
|
667 |
-
}
|
668 |
-
|
669 |
-
$log = $option = $this->get_option( 'logged' );
|
670 |
-
if ( ! is_array( $log ) ) {
|
671 |
-
$log = array();
|
672 |
-
}
|
673 |
-
$ip = $this->get_address();
|
674 |
-
|
675 |
-
$index = ($this->get_option('gdpr') ? $this->getHash($ip) : $ip );
|
676 |
-
/* can be written much simpler, if you do not mind php warnings */
|
677 |
-
if ( !isset( $log[ $index ] ) )
|
678 |
-
$log[ $index ] = array();
|
679 |
-
|
680 |
-
if ( !isset( $log[ $index ][ $user_login ] ) )
|
681 |
-
$log[ $index ][ $user_login ] = array( 'counter' => 0 );
|
682 |
-
|
683 |
-
elseif ( !is_array( $log[ $index ][ $user_login ] ) )
|
684 |
-
$log[ $index ][ $user_login ] = array(
|
685 |
-
'counter' => $log[ $index ][ $user_login ],
|
686 |
-
);
|
687 |
-
|
688 |
-
$log[ $index ][ $user_login ]['counter']++;
|
689 |
-
$log[ $index ][ $user_login ]['date'] = time();
|
690 |
-
|
691 |
-
if ( isset( $_POST['woocommerce-login-nonce'] ) ) {
|
692 |
-
$gateway = 'WooCommerce';
|
693 |
-
} elseif ( isset( $GLOBALS['wp_xmlrpc_server'] ) && is_object( $GLOBALS['wp_xmlrpc_server'] ) ) {
|
694 |
-
$gateway = 'XMLRPC';
|
695 |
-
} else {
|
696 |
-
$gateway = 'WP Login';
|
697 |
-
}
|
698 |
-
|
699 |
-
$log[ $index ][ $user_login ]['gateway'] = $gateway;
|
700 |
-
|
701 |
-
if ( $option === false ) {
|
702 |
-
$this->add_option( 'logged', $log );
|
703 |
-
} else {
|
704 |
-
$this->update_option( 'logged', $log );
|
705 |
-
}
|
706 |
-
}
|
707 |
-
|
708 |
-
/**
|
709 |
-
* Check if IP is whitelisted.
|
710 |
-
*
|
711 |
-
* This function allow external ip whitelisting using a filter. Note that it can
|
712 |
-
* be called multiple times during the login process.
|
713 |
-
*
|
714 |
-
* Note that retries and statistics are still counted and notifications
|
715 |
-
* done as usual for whitelisted ips , but no lockout is done.
|
716 |
-
*
|
717 |
-
* Example:
|
718 |
-
* function my_ip_whitelist($allow, $ip) {
|
719 |
-
* return ($ip == 'my-ip') ? true : $allow;
|
720 |
-
* }
|
721 |
-
* add_filter('limit_login_whitelist_ip', 'my_ip_whitelist', 10, 2);
|
722 |
-
*
|
723 |
-
* @param null $ip
|
724 |
-
*
|
725 |
-
* @return bool
|
726 |
-
*/
|
727 |
-
public function is_ip_whitelisted( $ip = null ) {
|
728 |
-
|
729 |
-
if ( is_null( $ip ) ) {
|
730 |
-
$ip = $this->get_address();
|
731 |
-
}
|
732 |
-
|
733 |
-
$whitelisted = apply_filters( 'limit_login_whitelist_ip', false, $ip );
|
734 |
-
|
735 |
-
return ( $whitelisted === true );
|
736 |
-
}
|
737 |
-
|
738 |
-
public function is_username_whitelisted( $username ) {
|
739 |
-
|
740 |
-
if ( empty( $username ) ) {
|
741 |
-
return false;
|
742 |
-
}
|
743 |
-
|
744 |
-
$whitelisted = apply_filters( 'limit_login_whitelist_usernames', false, $username );
|
745 |
-
|
746 |
-
return ( $whitelisted === true );
|
747 |
-
}
|
748 |
-
|
749 |
-
public function is_ip_blacklisted( $ip = null ) {
|
750 |
-
|
751 |
-
if ( is_null( $ip ) ) {
|
752 |
-
$ip = $this->get_address();
|
753 |
-
}
|
754 |
-
|
755 |
-
$whitelisted = apply_filters( 'limit_login_blacklist_ip', false, $ip );
|
756 |
-
|
757 |
-
return ( $whitelisted === true );
|
758 |
-
}
|
759 |
-
|
760 |
-
public function is_username_blacklisted( $username ) {
|
761 |
-
|
762 |
-
if ( empty( $username ) ) {
|
763 |
-
return false;
|
764 |
-
}
|
765 |
-
|
766 |
-
$whitelisted = apply_filters( 'limit_login_blacklist_usernames', false, $username );
|
767 |
-
|
768 |
-
return ( $whitelisted === true );
|
769 |
-
}
|
770 |
-
|
771 |
-
/**
|
772 |
-
* Filter: allow login attempt? (called from wp_authenticate())
|
773 |
-
*
|
774 |
-
* @param $user WP_User
|
775 |
-
* @param $password
|
776 |
-
*
|
777 |
-
* @return \WP_Error
|
778 |
-
*/
|
779 |
-
public function wp_authenticate_user( $user, $password ) {
|
780 |
-
|
781 |
-
if ( is_wp_error( $user ) ||
|
782 |
-
$this->check_whitelist_ips( false, $this->get_address() ) ||
|
783 |
-
$this->check_whitelist_usernames( false, $user->user_login ) ||
|
784 |
-
$this->is_limit_login_ok()
|
785 |
-
) {
|
786 |
-
|
787 |
-
return $user;
|
788 |
-
}
|
789 |
-
|
790 |
-
$error = new WP_Error();
|
791 |
-
|
792 |
-
global $limit_login_my_error_shown;
|
793 |
-
$limit_login_my_error_shown = true;
|
794 |
-
|
795 |
-
if ( $this->is_username_blacklisted( $user->user_login ) || $this->is_ip_blacklisted( $this->get_address() ) ) {
|
796 |
-
$error->add( 'username_blacklisted', "<strong>ERROR:</strong> Too many failed login attempts." );
|
797 |
-
} else {
|
798 |
-
// This error should be the same as in "shake it" filter below
|
799 |
-
$error->add( 'too_many_retries', $this->error_msg() );
|
800 |
-
}
|
801 |
-
|
802 |
-
return $error;
|
803 |
-
}
|
804 |
-
|
805 |
-
/**
|
806 |
-
* Filter: add this failure to login page "Shake it!"
|
807 |
-
*
|
808 |
-
* @param $error_codes
|
809 |
-
*
|
810 |
-
* @return array
|
811 |
-
*/
|
812 |
-
public function failure_shake( $error_codes ) {
|
813 |
-
$error_codes[] = 'too_many_retries';
|
814 |
-
$error_codes[] = 'username_blacklisted';
|
815 |
-
|
816 |
-
return $error_codes;
|
817 |
-
}
|
818 |
-
|
819 |
-
/**
|
820 |
-
* Keep track of if user or password are empty, to filter errors correctly
|
821 |
-
*
|
822 |
-
* @param $user
|
823 |
-
* @param $password
|
824 |
-
*/
|
825 |
-
public function track_credentials( $user, $password ) {
|
826 |
-
global $limit_login_nonempty_credentials;
|
827 |
-
|
828 |
-
$limit_login_nonempty_credentials = ( ! empty( $user ) && ! empty( $password ) );
|
829 |
-
}
|
830 |
-
|
831 |
-
/**
|
832 |
-
* Should we show errors and messages on this page?
|
833 |
-
*
|
834 |
-
* @return bool
|
835 |
-
*/
|
836 |
-
public function login_show_msg() {
|
837 |
-
if ( isset( $_GET['key'] ) ) {
|
838 |
-
/* reset password */
|
839 |
-
return false;
|
840 |
-
}
|
841 |
-
|
842 |
-
$action = isset( $_REQUEST['action'] ) ? $_REQUEST['action'] : '';
|
843 |
-
|
844 |
-
return ( $action != 'lostpassword' && $action != 'retrievepassword'
|
845 |
-
&& $action != 'resetpass' && $action != 'rp'
|
846 |
-
&& $action != 'register' );
|
847 |
-
}
|
848 |
-
|
849 |
-
/**
|
850 |
-
* Construct informative error message
|
851 |
-
*
|
852 |
-
* @return string
|
853 |
-
*/
|
854 |
-
public function error_msg() {
|
855 |
-
$ip = $this->get_address();
|
856 |
-
$lockouts = $this->get_option( 'lockouts' );
|
857 |
-
$a = $this->checkKey($lockouts, $ip);
|
858 |
-
$b = $this->checkKey($lockouts, $this->getHash($ip));
|
859 |
-
|
860 |
-
$msg = __( '<strong>ERROR</strong>: Too many failed login attempts.', 'limit-login-attempts-reloaded' ) . ' ';
|
861 |
-
|
862 |
-
if (
|
863 |
-
! is_array( $lockouts ) ||
|
864 |
-
( ! isset( $lockouts[ $ip ] ) && ! isset( $lockouts[$this->getHash($ip)]) ) ||
|
865 |
-
(time() >= $a && time() >= $b)
|
866 |
-
){
|
867 |
-
/* Huh? No timeout active? */
|
868 |
-
$msg .= __( 'Please try again later.', 'limit-login-attempts-reloaded' );
|
869 |
-
|
870 |
-
return $msg;
|
871 |
-
}
|
872 |
-
|
873 |
-
$when = ceil( ( ($a > $b ? $a : $b) - time() ) / 60 );
|
874 |
-
if ( $when > 60 ) {
|
875 |
-
$when = ceil( $when / 60 );
|
876 |
-
$msg .= sprintf( _n( 'Please try again in %d hour.', 'Please try again in %d hours.', $when, 'limit-login-attempts-reloaded' ), $when );
|
877 |
-
} else {
|
878 |
-
$msg .= sprintf( _n( 'Please try again in %d minute.', 'Please try again in %d minutes.', $when, 'limit-login-attempts-reloaded' ), $when );
|
879 |
-
}
|
880 |
-
|
881 |
-
return $msg;
|
882 |
-
}
|
883 |
-
|
884 |
-
/**
|
885 |
-
* Add a message to login page when necessary
|
886 |
-
*/
|
887 |
-
public function add_error_message() {
|
888 |
-
global $error, $limit_login_my_error_shown;
|
889 |
-
|
890 |
-
if ( ! $this->login_show_msg() || $limit_login_my_error_shown ) {
|
891 |
-
return;
|
892 |
-
}
|
893 |
-
|
894 |
-
$msg = $this->get_message();
|
895 |
-
|
896 |
-
if ( $msg != '' ) {
|
897 |
-
$limit_login_my_error_shown = true;
|
898 |
-
$error .= $msg;
|
899 |
-
}
|
900 |
-
|
901 |
-
return;
|
902 |
-
}
|
903 |
-
|
904 |
-
/**
|
905 |
-
* Fix up the error message before showing it
|
906 |
-
*
|
907 |
-
* @param $content
|
908 |
-
*
|
909 |
-
* @return string
|
910 |
-
*/
|
911 |
-
public function fixup_error_messages( $content ) {
|
912 |
-
global $limit_login_just_lockedout, $limit_login_nonempty_credentials, $limit_login_my_error_shown;
|
913 |
-
|
914 |
-
if ( ! $this->login_show_msg() ) {
|
915 |
-
return $content;
|
916 |
-
}
|
917 |
-
|
918 |
-
/*
|
919 |
-
* During lockout we do not want to show any other error messages (like
|
920 |
-
* unknown user or empty password).
|
921 |
-
*/
|
922 |
-
if ( ! $this->is_limit_login_ok() && ! $limit_login_just_lockedout ) {
|
923 |
-
return $this->error_msg();
|
924 |
-
}
|
925 |
-
|
926 |
-
/*
|
927 |
-
* We want to filter the messages 'Invalid username' and
|
928 |
-
* 'Invalid password' as that is an information leak regarding user
|
929 |
-
* account names (prior to WP 2.9?).
|
930 |
-
*
|
931 |
-
* Also, if more than one error message, put an extra <br /> tag between
|
932 |
-
* them.
|
933 |
-
*/
|
934 |
-
$msgs = explode( "<br />\n", $content );
|
935 |
-
|
936 |
-
if ( strlen( end( $msgs ) ) == 0 ) {
|
937 |
-
/* remove last entry empty string */
|
938 |
-
array_pop( $msgs );
|
939 |
-
}
|
940 |
-
|
941 |
-
$count = count( $msgs );
|
942 |
-
$my_warn_count = $limit_login_my_error_shown ? 1 : 0;
|
943 |
-
|
944 |
-
if ( $limit_login_nonempty_credentials && $count > $my_warn_count ) {
|
945 |
-
|
946 |
-
|
947 |
-
|
948 |
-
|
949 |
-
|
950 |
-
|
951 |
-
|
952 |
-
|
953 |
-
|
954 |
-
|
955 |
-
|
956 |
-
|
957 |
-
|
958 |
-
|
959 |
-
|
960 |
-
|
961 |
-
|
962 |
-
|
963 |
-
|
964 |
-
|
965 |
-
|
966 |
-
|
967 |
-
|
968 |
-
|
969 |
-
|
970 |
-
|
971 |
-
|
972 |
-
|
973 |
-
|
974 |
-
|
975 |
-
|
976 |
-
|
977 |
-
|
978 |
-
|
979 |
-
|
980 |
-
|
981 |
-
|
982 |
-
|
983 |
-
/*
|
984 |
-
if (
|
985 |
-
return
|
986 |
-
}
|
987 |
-
|
988 |
-
|
989 |
-
|
990 |
-
|
991 |
-
|
992 |
-
|
993 |
-
|
994 |
-
|
995 |
-
|
996 |
-
|
997 |
-
|
998 |
-
|
999 |
-
|
1000 |
-
|
1001 |
-
|
1002 |
-
|
1003 |
-
|
1004 |
-
|
1005 |
-
|
1006 |
-
|
1007 |
-
|
1008 |
-
|
1009 |
-
|
1010 |
-
|
1011 |
-
|
1012 |
-
|
1013 |
-
|
1014 |
-
|
1015 |
-
|
1016 |
-
|
1017 |
-
|
1018 |
-
|
1019 |
-
|
1020 |
-
|
1021 |
-
|
1022 |
-
|
1023 |
-
|
1024 |
-
|
1025 |
-
|
1026 |
-
|
1027 |
-
|
1028 |
-
|
1029 |
-
|
1030 |
-
|
1031 |
-
|
1032 |
-
|
1033 |
-
|
1034 |
-
|
1035 |
-
|
1036 |
-
|
1037 |
-
|
1038 |
-
|
1039 |
-
|
1040 |
-
|
1041 |
-
|
1042 |
-
|
1043 |
-
|
1044 |
-
|
1045 |
-
|
1046 |
-
|
1047 |
-
|
1048 |
-
|
1049 |
-
|
1050 |
-
|
1051 |
-
|
1052 |
-
|
1053 |
-
|
1054 |
-
|
1055 |
-
|
1056 |
-
|
1057 |
-
|
1058 |
-
|
1059 |
-
|
1060 |
-
|
1061 |
-
|
1062 |
-
|
1063 |
-
|
1064 |
-
|
1065 |
-
|
1066 |
-
|
1067 |
-
|
1068 |
-
|
1069 |
-
|
1070 |
-
|
1071 |
-
|
1072 |
-
|
1073 |
-
|
1074 |
-
|
1075 |
-
|
1076 |
-
|
1077 |
-
|
1078 |
-
|
1079 |
-
|
1080 |
-
|
1081 |
-
|
1082 |
-
|
1083 |
-
|
1084 |
-
|
1085 |
-
|
1086 |
-
|
1087 |
-
|
1088 |
-
|
1089 |
-
|
1090 |
-
|
1091 |
-
|
1092 |
-
|
1093 |
-
|
1094 |
-
|
1095 |
-
|
1096 |
-
|
1097 |
-
|
1098 |
-
|
1099 |
-
|
1100 |
-
|
1101 |
-
|
1102 |
-
|
1103 |
-
|
1104 |
-
|
1105 |
-
|
1106 |
-
|
1107 |
-
|
1108 |
-
|
1109 |
-
|
1110 |
-
|
1111 |
-
|
1112 |
-
|
1113 |
-
|
1114 |
-
|
1115 |
-
|
1116 |
-
|
1117 |
-
|
1118 |
-
|
1119 |
-
|
1120 |
-
|
1121 |
-
|
1122 |
-
|
1123 |
-
$this->update_option( '
|
1124 |
-
|
1125 |
-
|
1126 |
-
|
1127 |
-
|
1128 |
-
|
1129 |
-
|
1130 |
-
|
1131 |
-
|
1132 |
-
|
1133 |
-
|
1134 |
-
|
1135 |
-
|
1136 |
-
|
1137 |
-
|
1138 |
-
|
1139 |
-
|
1140 |
-
|
1141 |
-
|
1142 |
-
|
1143 |
-
|
1144 |
-
|
1145 |
-
|
1146 |
-
|
1147 |
-
|
1148 |
-
|
1149 |
-
|
1150 |
-
|
1151 |
-
|
1152 |
-
|
1153 |
-
|
1154 |
-
|
1155 |
-
|
1156 |
-
|
1157 |
-
|
1158 |
-
$this->update_option('
|
1159 |
-
|
1160 |
-
$
|
1161 |
-
|
1162 |
-
|
1163 |
-
|
1164 |
-
|
1165 |
-
|
1166 |
-
|
1167 |
-
|
1168 |
-
|
1169 |
-
|
1170 |
-
|
1171 |
-
|
1172 |
-
|
1173 |
-
|
1174 |
-
|
1175 |
-
|
1176 |
-
|
1177 |
-
|
1178 |
-
|
1179 |
-
|
1180 |
-
|
1181 |
-
|
1182 |
-
|
1183 |
-
|
1184 |
-
|
1185 |
-
|
1186 |
-
|
1187 |
-
|
1188 |
-
|
1189 |
-
|
1190 |
-
|
1191 |
-
|
1192 |
-
|
1193 |
-
|
1194 |
-
|
1195 |
-
|
1196 |
-
|
1197 |
-
|
1198 |
-
|
1199 |
-
|
1200 |
-
|
1201 |
-
|
1202 |
-
|
1203 |
-
|
1204 |
-
|
1205 |
-
|
1206 |
-
|
1207 |
-
|
1208 |
-
|
1209 |
-
|
1210 |
-
|
1211 |
-
|
1212 |
-
|
1213 |
-
|
1214 |
-
|
1215 |
-
|
1216 |
-
|
1217 |
-
$
|
1218 |
-
|
1219 |
-
|
1220 |
-
|
1221 |
-
|
1222 |
-
|
1223 |
-
|
1224 |
-
|
1225 |
-
|
1226 |
-
|
1227 |
-
|
1228 |
-
|
1229 |
-
|
1230 |
-
|
1231 |
-
|
1232 |
-
|
1233 |
-
|
1234 |
-
|
1235 |
-
|
1236 |
-
|
1237 |
-
|
1238 |
-
|
1239 |
-
|
1240 |
-
|
1241 |
-
|
1242 |
-
|
1243 |
-
|
1244 |
-
|
1245 |
-
|
1246 |
-
|
1247 |
-
|
1248 |
-
|
1249 |
-
|
1250 |
-
|
1251 |
-
$
|
1252 |
-
|
1253 |
-
|
1254 |
-
|
1255 |
-
|
1256 |
-
|
1257 |
-
|
1258 |
-
|
1259 |
-
|
1260 |
-
|
1261 |
-
|
1262 |
-
|
1263 |
-
|
1264 |
-
|
1265 |
-
|
1266 |
-
|
1267 |
-
|
1268 |
-
|
1269 |
-
|
1270 |
-
|
1271 |
-
|
1272 |
-
|
1273 |
-
|
1274 |
-
|
1275 |
-
|
1276 |
-
|
1277 |
-
|
1278 |
-
|
1279 |
-
|
1280 |
-
|
1281 |
-
|
1282 |
-
|
1283 |
-
|
1284 |
-
|
|
|
|
|
|
|
|
|
|
|
1285 |
}
|
1 |
+
<?php
|
2 |
+
|
3 |
+
/**
|
4 |
+
* Class Limit_Login_Attempts
|
5 |
+
*/
|
6 |
+
class Limit_Login_Attempts
|
7 |
+
{
|
8 |
+
public $default_options = array(
|
9 |
+
'gdpr' => 0,
|
10 |
+
|
11 |
+
/* Are we behind a proxy? */
|
12 |
+
'client_type' => LLA_DIRECT_ADDR,
|
13 |
+
|
14 |
+
/* Lock out after this many tries */
|
15 |
+
'allowed_retries' => 4,
|
16 |
+
|
17 |
+
/* Lock out for this many seconds */
|
18 |
+
'lockout_duration' => 1200, // 20 minutes
|
19 |
+
|
20 |
+
/* Long lock out after this many lockouts */
|
21 |
+
'allowed_lockouts' => 4,
|
22 |
+
|
23 |
+
/* Long lock out for this many seconds */
|
24 |
+
'long_duration' => 86400, // 24 hours,
|
25 |
+
|
26 |
+
/* Reset failed attempts after this many seconds */
|
27 |
+
'valid_duration' => 43200, // 12 hours
|
28 |
+
|
29 |
+
/* Also limit malformed/forged cookies? */
|
30 |
+
'cookies' => true,
|
31 |
+
|
32 |
+
/* Notify on lockout. Values: '', 'log', 'email', 'log,email' */
|
33 |
+
'lockout_notify' => 'log',
|
34 |
+
|
35 |
+
/* If notify by email, do so after this number of lockouts */
|
36 |
+
'notify_email_after' => 4,
|
37 |
+
|
38 |
+
'whitelist' => array(),
|
39 |
+
'whitelist_usernames' => array(),
|
40 |
+
'blacklist' => array(),
|
41 |
+
'blacklist_usernames' => array(),
|
42 |
+
);
|
43 |
+
/**
|
44 |
+
* Admin options page slug
|
45 |
+
* @var string
|
46 |
+
*/
|
47 |
+
private $_options_page_slug = 'limit-login-attempts';
|
48 |
+
|
49 |
+
/**
|
50 |
+
* Errors messages
|
51 |
+
*
|
52 |
+
* @var array
|
53 |
+
*/
|
54 |
+
public $_errors = array();
|
55 |
+
|
56 |
+
public function __construct() {
|
57 |
+
$this->hooks_init();
|
58 |
+
}
|
59 |
+
|
60 |
+
/**
|
61 |
+
* Register wp hooks and filters
|
62 |
+
*/
|
63 |
+
public function hooks_init() {
|
64 |
+
add_action( 'plugins_loaded', array( $this, 'setup' ), 9999 );
|
65 |
+
add_action( 'admin_enqueue_scripts', array( $this, 'enqueue' ) );
|
66 |
+
add_filter( 'limit_login_whitelist_ip', array( $this, 'check_whitelist_ips' ), 10, 2 );
|
67 |
+
add_filter( 'limit_login_whitelist_usernames', array( $this, 'check_whitelist_usernames' ), 10, 2 );
|
68 |
+
add_filter( 'limit_login_blacklist_ip', array( $this, 'check_blacklist_ips' ), 10, 2 );
|
69 |
+
add_filter( 'limit_login_blacklist_usernames', array( $this, 'check_blacklist_usernames' ), 10, 2 );
|
70 |
+
}
|
71 |
+
|
72 |
+
/**
|
73 |
+
* Hook 'plugins_loaded'
|
74 |
+
*/
|
75 |
+
public function setup() {
|
76 |
+
|
77 |
+
// Load languages files
|
78 |
+
load_plugin_textdomain( 'limit-login-attempts-reloaded', false, plugin_basename( dirname( __FILE__ ) ) . '/../languages' );
|
79 |
+
|
80 |
+
// Check if installed old plugin
|
81 |
+
$this->check_original_installed();
|
82 |
+
|
83 |
+
if ( is_multisite() )
|
84 |
+
require_once ABSPATH.'wp-admin/includes/plugin.php';
|
85 |
+
|
86 |
+
$this->network_mode = is_multisite() && is_plugin_active_for_network('limit-login-attempts-reloaded/limit-login-attempts-reloaded.php');
|
87 |
+
|
88 |
+
|
89 |
+
if ( $this->network_mode )
|
90 |
+
{
|
91 |
+
$this->allow_local_options = get_site_option( 'limit_login_allow_local_options', false );
|
92 |
+
$this->use_local_options = $this->allow_local_options && get_option( 'limit_login_use_local_options', false );
|
93 |
+
}
|
94 |
+
else
|
95 |
+
{
|
96 |
+
$this->allow_local_options = true;
|
97 |
+
$this->use_local_options = true;
|
98 |
+
}
|
99 |
+
|
100 |
+
|
101 |
+
// Setup default plugin options
|
102 |
+
//$this->sanitize_options();
|
103 |
+
|
104 |
+
add_action( 'wp_login_failed', array( $this, 'limit_login_failed' ) );
|
105 |
+
add_filter( 'wp_authenticate_user', array( $this, 'wp_authenticate_user' ), 99999, 2 );
|
106 |
+
|
107 |
+
add_filter( 'shake_error_codes', array( $this, 'failure_shake' ) );
|
108 |
+
add_action( 'login_head', array( $this, 'add_error_message' ) );
|
109 |
+
add_action( 'login_errors', array( $this, 'fixup_error_messages' ) );
|
110 |
+
|
111 |
+
if ( $this->network_mode )
|
112 |
+
add_action( 'network_admin_menu', array( $this, 'network_admin_menu' ) );
|
113 |
+
|
114 |
+
if ( $this->allow_local_options )
|
115 |
+
add_action( 'admin_menu', array( $this, 'admin_menu' ) );
|
116 |
+
|
117 |
+
// Add notices for XMLRPC request
|
118 |
+
add_filter( 'xmlrpc_login_error', array( $this, 'xmlrpc_error_messages' ) );
|
119 |
+
|
120 |
+
// Add notices to woocommerce login page
|
121 |
+
add_action( 'wp_head', array( $this, 'add_wc_notices' ) );
|
122 |
+
|
123 |
+
/*
|
124 |
+
* This action should really be changed to the 'authenticate' filter as
|
125 |
+
* it will probably be deprecated. That is however only available in
|
126 |
+
* later versions of WP.
|
127 |
+
*/
|
128 |
+
add_action( 'wp_authenticate', array( $this, 'track_credentials' ), 10, 2 );
|
129 |
+
add_action( 'authenticate', array( $this, 'authenticate_filter' ), 5, 3 );
|
130 |
+
|
131 |
+
if ( defined('XMLRPC_REQUEST') && XMLRPC_REQUEST )
|
132 |
+
add_action( 'init', array( $this, 'check_xmlrpc_lock' ) );
|
133 |
+
|
134 |
+
add_action('wp_ajax_limit-login-unlock', array( $this, 'ajax_unlock' ) );
|
135 |
+
}
|
136 |
+
|
137 |
+
public function check_xmlrpc_lock()
|
138 |
+
{
|
139 |
+
if ( is_user_logged_in() || $this->is_ip_whitelisted() )
|
140 |
+
return;
|
141 |
+
|
142 |
+
if ( $this->is_ip_blacklisted() || !$this->is_limit_login_ok() )
|
143 |
+
{
|
144 |
+
header('HTTP/1.0 403 Forbidden');
|
145 |
+
exit;
|
146 |
+
}
|
147 |
+
}
|
148 |
+
|
149 |
+
public function check_whitelist_ips( $allow, $ip ) {
|
150 |
+
return $this->ip_in_range( $ip, (array) $this->get_option( 'whitelist' ) );
|
151 |
+
}
|
152 |
+
|
153 |
+
public function check_whitelist_usernames( $allow, $username ) {
|
154 |
+
return in_array( $username, (array) $this->get_option( 'whitelist_usernames' ) );
|
155 |
+
}
|
156 |
+
|
157 |
+
public function check_blacklist_ips( $allow, $ip ) {
|
158 |
+
return $this->ip_in_range( $ip, (array) $this->get_option( 'blacklist' ) );
|
159 |
+
}
|
160 |
+
|
161 |
+
public function check_blacklist_usernames( $allow, $username ) {
|
162 |
+
return in_array( $username, (array) $this->get_option( 'blacklist_usernames' ) );
|
163 |
+
}
|
164 |
+
|
165 |
+
public function ip_in_range( $ip, $list )
|
166 |
+
{
|
167 |
+
foreach ( $list as $range )
|
168 |
+
{
|
169 |
+
$range = array_map('trim', explode('-', $range) );
|
170 |
+
if ( count( $range ) == 1 )
|
171 |
+
{
|
172 |
+
if ( (string)$ip === (string)$range[0] )
|
173 |
+
return true;
|
174 |
+
}
|
175 |
+
else
|
176 |
+
{
|
177 |
+
$low = ip2long( $range[0] );
|
178 |
+
$high = ip2long( $range[1] );
|
179 |
+
$needle = ip2long( $ip );
|
180 |
+
|
181 |
+
if ( $low === false || $high === false || $needle === false )
|
182 |
+
continue;
|
183 |
+
|
184 |
+
$low = (float)sprintf("%u",$low);
|
185 |
+
$high = (float)sprintf("%u",$high);
|
186 |
+
$needle = (float)sprintf("%u",$needle);
|
187 |
+
|
188 |
+
if ( $needle >= $low && $needle <= $high )
|
189 |
+
return true;
|
190 |
+
}
|
191 |
+
}
|
192 |
+
|
193 |
+
return false;
|
194 |
+
}
|
195 |
+
|
196 |
+
/**
|
197 |
+
* @param $error IXR_Error
|
198 |
+
*
|
199 |
+
* @return IXR_Error
|
200 |
+
*/
|
201 |
+
public function xmlrpc_error_messages( $error ) {
|
202 |
+
|
203 |
+
if ( ! class_exists( 'IXR_Error' ) ) {
|
204 |
+
return $error;
|
205 |
+
}
|
206 |
+
|
207 |
+
if ( ! $this->is_limit_login_ok() ) {
|
208 |
+
return new IXR_Error( 403, $this->error_msg() );
|
209 |
+
}
|
210 |
+
|
211 |
+
$ip = $this->get_address();
|
212 |
+
$retries = $this->get_option( 'retries' );
|
213 |
+
$valid = $this->get_option( 'retries_valid' );
|
214 |
+
|
215 |
+
/* Should we show retries remaining? */
|
216 |
+
|
217 |
+
if ( ! is_array( $retries ) || ! is_array( $valid ) ) {
|
218 |
+
/* no retries at all */
|
219 |
+
return $error;
|
220 |
+
}
|
221 |
+
if (
|
222 |
+
(! isset( $retries[ $ip ] ) && ! isset( $retries[ $this->getHash($ip) ] )) ||
|
223 |
+
(! isset( $valid[ $ip ] ) && ! isset( $valid[ $this->getHash($ip) ] )) ||
|
224 |
+
(time() > $valid[ $ip ] && time() > $valid[ $this->getHash($ip) ])
|
225 |
+
|
226 |
+
) {
|
227 |
+
/* no: no valid retries */
|
228 |
+
return $error;
|
229 |
+
}
|
230 |
+
if (
|
231 |
+
( ((isset($retries[ $ip ]) ? $retries[ $ip ] : 0) + (isset($retries[ $this->getHash($ip) ]) ? $retries[ $this->getHash($ip) ] : 0)) % $this->get_option( 'allowed_retries' ) ) == 0
|
232 |
+
) {
|
233 |
+
//* no: already been locked out for these retries */
|
234 |
+
return $error;
|
235 |
+
}
|
236 |
+
|
237 |
+
$remaining = max( ( $this->get_option( 'allowed_retries' ) - ( ((isset($retries[ $ip ]) ? $retries[ $ip ] : 0) + (isset($retries[ $this->getHash($ip) ]) ? $retries[ $this->getHash($ip) ] : 0)) % $this->get_option( 'allowed_retries' ) ) ), 0 );
|
238 |
+
|
239 |
+
return new IXR_Error( 403, sprintf( _n( "<strong>%d</strong> attempt remaining.", "<strong>%d</strong> attempts remaining.", $remaining, 'limit-login-attempts-reloaded' ), $remaining ) );
|
240 |
+
}
|
241 |
+
|
242 |
+
/**
|
243 |
+
* Errors on WooCommerce account page
|
244 |
+
*/
|
245 |
+
public function add_wc_notices() {
|
246 |
+
|
247 |
+
global $limit_login_just_lockedout, $limit_login_nonempty_credentials, $limit_login_my_error_shown;
|
248 |
+
|
249 |
+
if ( ! function_exists( 'is_account_page' ) || ! function_exists( 'wc_add_notice' ) ) {
|
250 |
+
return;
|
251 |
+
}
|
252 |
+
|
253 |
+
/*
|
254 |
+
* During lockout we do not want to show any other error messages (like
|
255 |
+
* unknown user or empty password).
|
256 |
+
*/
|
257 |
+
if ( empty( $_POST ) && ! $this->is_limit_login_ok() && ! $limit_login_just_lockedout ) {
|
258 |
+
if ( is_account_page() ) {
|
259 |
+
wc_add_notice( $this->error_msg(), 'error' );
|
260 |
+
}
|
261 |
+
}
|
262 |
+
|
263 |
+
}
|
264 |
+
|
265 |
+
/**
|
266 |
+
* @param $user
|
267 |
+
* @param $username
|
268 |
+
* @param $password
|
269 |
+
*
|
270 |
+
* @return WP_Error | WP_User
|
271 |
+
*/
|
272 |
+
public function authenticate_filter( $user, $username, $password ) {
|
273 |
+
|
274 |
+
if ( ! empty( $username ) && ! empty( $password ) ) {
|
275 |
+
|
276 |
+
$ip = $this->get_address();
|
277 |
+
|
278 |
+
// Check if username is blacklisted
|
279 |
+
if ( ! $this->is_username_whitelisted( $username ) && ! $this->is_ip_whitelisted( $ip ) &&
|
280 |
+
( $this->is_username_blacklisted( $username ) || $this->is_ip_blacklisted( $ip ) )
|
281 |
+
) {
|
282 |
+
|
283 |
+
remove_filter( 'login_errors', array( $this, 'fixup_error_messages' ) );
|
284 |
+
remove_filter( 'login_head', array( $this, 'add_error_message' ) );
|
285 |
+
remove_filter( 'wp_login_failed', array( $this, 'limit_login_failed' ) );
|
286 |
+
remove_filter( 'wp_authenticate_user', array( $this, 'wp_authenticate_user' ), 99999 );
|
287 |
+
remove_filter( 'login_head', array( $this, 'add_error_message' ) );
|
288 |
+
remove_filter( 'login_errors', array( $this, 'fixup_error_messages' ) );
|
289 |
+
|
290 |
+
remove_filter( 'authenticate', 'wp_authenticate_username_password', 20 );
|
291 |
+
remove_filter( 'authenticate', 'wp_authenticate_email_password', 20 );
|
292 |
+
|
293 |
+
$user = new WP_Error();
|
294 |
+
$user->add( 'username_blacklisted', "<strong>ERROR:</strong> Too many failed login attempts." );
|
295 |
+
|
296 |
+
} elseif ( $this->is_username_whitelisted( $username ) || $this->is_ip_whitelisted( $ip ) ) {
|
297 |
+
|
298 |
+
remove_filter( 'wp_login_failed', array( $this, 'limit_login_failed' ) );
|
299 |
+
remove_filter( 'wp_authenticate_user', array( $this, 'wp_authenticate_user' ), 99999 );
|
300 |
+
remove_filter( 'login_head', array( $this, 'add_error_message' ) );
|
301 |
+
remove_filter( 'login_errors', array( $this, 'fixup_error_messages' ) );
|
302 |
+
|
303 |
+
}
|
304 |
+
|
305 |
+
}
|
306 |
+
|
307 |
+
return $user;
|
308 |
+
}
|
309 |
+
|
310 |
+
/**
|
311 |
+
* Check if the original plugin is installed
|
312 |
+
*/
|
313 |
+
private function check_original_installed()
|
314 |
+
{
|
315 |
+
require_once( ABSPATH . '/wp-admin/includes/plugin.php' );
|
316 |
+
if ( is_plugin_active('limit-login-attempts/limit-login-attempts.php') )
|
317 |
+
{
|
318 |
+
deactivate_plugins( 'limit-login-attempts/limit-login-attempts.php', true );
|
319 |
+
//add_action('plugins_loaded', 'limit_login_setup', 99999);
|
320 |
+
remove_action( 'plugins_loaded', 'limit_login_setup', 99999 );
|
321 |
+
}
|
322 |
+
}
|
323 |
+
|
324 |
+
/**
|
325 |
+
* Enqueue js and css
|
326 |
+
*/
|
327 |
+
public function enqueue() {
|
328 |
+
wp_enqueue_style( 'lla-main', LLA_PLUGIN_URL . '/assets/css/limit-login-attempts.css' );
|
329 |
+
}
|
330 |
+
|
331 |
+
/**
|
332 |
+
* Add admin options page
|
333 |
+
*/
|
334 |
+
public function network_admin_menu()
|
335 |
+
{
|
336 |
+
add_menu_page( 'Limit Login Attempts', 'Limit Login Attempts', 'manage_options', $this->_options_page_slug, array( $this, 'options_page' ), LLA_PLUGIN_URL . '/assets/img/icon-menu2.svg' );
|
337 |
+
}
|
338 |
+
|
339 |
+
public function admin_menu()
|
340 |
+
{
|
341 |
+
add_menu_page( 'Limit Login Attempts', 'Limit Login Attempts', 'manage_options', $this->_options_page_slug, array( $this, 'options_page' ), LLA_PLUGIN_URL . '/assets/img/icon-menu2.svg' );
|
342 |
+
}
|
343 |
+
|
344 |
+
/**
|
345 |
+
* Get the correct options page URI
|
346 |
+
*
|
347 |
+
* @return mixed
|
348 |
+
*/
|
349 |
+
public function get_options_page_uri()
|
350 |
+
{
|
351 |
+
if ( is_network_admin() )
|
352 |
+
return network_admin_url( 'settings.php?page=limit-login-attempts' );
|
353 |
+
|
354 |
+
return menu_page_url( $this->_options_page_slug, false );
|
355 |
+
}
|
356 |
+
|
357 |
+
/**
|
358 |
+
* Get option by name
|
359 |
+
*
|
360 |
+
* @param $option_name
|
361 |
+
*
|
362 |
+
* @return null
|
363 |
+
*/
|
364 |
+
public function get_option( $option_name, $local = null )
|
365 |
+
{
|
366 |
+
if ( is_null( $local ) )
|
367 |
+
$local = $this->use_local_options;
|
368 |
+
|
369 |
+
$option = 'limit_login_'.$option_name;
|
370 |
+
|
371 |
+
$func = $local ? 'get_option' : 'get_site_option';
|
372 |
+
$value = $func( $option, null );
|
373 |
+
|
374 |
+
if ( is_null( $value ) && isset( $this->default_options[ $option_name ] ) )
|
375 |
+
$value = $this->default_options[ $option_name ];
|
376 |
+
|
377 |
+
return $value;
|
378 |
+
}
|
379 |
+
|
380 |
+
public function update_option( $option_name, $value, $local = null )
|
381 |
+
{
|
382 |
+
if ( is_null( $local ) )
|
383 |
+
$local = $this->use_local_options;
|
384 |
+
|
385 |
+
$option = 'limit_login_'.$option_name;
|
386 |
+
|
387 |
+
$func = $local ? 'update_option' : 'update_site_option';
|
388 |
+
|
389 |
+
return $func( $option, $value );
|
390 |
+
}
|
391 |
+
|
392 |
+
public function add_option( $option_name, $value, $local=null )
|
393 |
+
{
|
394 |
+
if ( is_null( $local ) )
|
395 |
+
$local = $this->use_local_options;
|
396 |
+
|
397 |
+
$option = 'limit_login_'.$option_name;
|
398 |
+
|
399 |
+
$func = $local ? 'add_option' : 'add_site_option';
|
400 |
+
|
401 |
+
return $func( $option, $value, '', 'no' );
|
402 |
+
}
|
403 |
+
|
404 |
+
/**
|
405 |
+
* Setup main options
|
406 |
+
*/
|
407 |
+
public function sanitize_options()
|
408 |
+
{
|
409 |
+
$simple_int_options = array( 'allowed_retries', 'lockout_duration', 'valid_duration', 'allowed_lockouts', 'long_duration', 'notify_email_after');
|
410 |
+
foreach ( $simple_int_options as $option )
|
411 |
+
{
|
412 |
+
$val = $this->get_option( $option );
|
413 |
+
if ( (int)$val != $val || (int)$val <= 0 )
|
414 |
+
$this->update_option( $option, 1 );
|
415 |
+
}
|
416 |
+
if ( $this->get_option('notify_email_after') > $this->get_option( 'allowed_lockouts' ) )
|
417 |
+
$this->update_option( 'notify_email_after', $this->get_option( 'allowed_lockouts' ) );
|
418 |
+
|
419 |
+
$args = explode( ',', $this->get_option( 'lockout_notify' ) );
|
420 |
+
$args_allowed = explode( ',', LLA_LOCKOUT_NOTIFY_ALLOWED );
|
421 |
+
$new_args = array_intersect( $args, $args_allowed );
|
422 |
+
|
423 |
+
$this->update_option( 'lockout_notify', implode( ',', $new_args ) );
|
424 |
+
|
425 |
+
$ctype = $this->get_option( 'client_type' );
|
426 |
+
if ( $ctype != LLA_DIRECT_ADDR && $ctype != LLA_PROXY_ADDR )
|
427 |
+
$this->update_option( 'client_type', LLA_DIRECT_ADDR );
|
428 |
+
}
|
429 |
+
|
430 |
+
/**
|
431 |
+
* Check if it is ok to login
|
432 |
+
*
|
433 |
+
* @return bool
|
434 |
+
*/
|
435 |
+
public function is_limit_login_ok() {
|
436 |
+
|
437 |
+
$ip = $this->get_address();
|
438 |
+
|
439 |
+
/* Check external whitelist filter */
|
440 |
+
if ( $this->is_ip_whitelisted( $ip ) ) {
|
441 |
+
return true;
|
442 |
+
}
|
443 |
+
|
444 |
+
/* lockout active? */
|
445 |
+
$lockouts = $this->get_option( 'lockouts' );
|
446 |
+
|
447 |
+
$a = $this->checkKey($lockouts, $ip);
|
448 |
+
$b = $this->checkKey($lockouts, $this->getHash($ip));
|
449 |
+
return (
|
450 |
+
! is_array( $lockouts ) ||
|
451 |
+
(! isset( $lockouts[ $ip ] ) && ! isset( $lockouts[ $this->getHash($ip) ] )) ||
|
452 |
+
(time() >= $a && time() >= $b ));
|
453 |
+
}
|
454 |
+
|
455 |
+
/**
|
456 |
+
* Action when login attempt failed
|
457 |
+
*
|
458 |
+
* Increase nr of retries (if necessary). Reset valid value. Setup
|
459 |
+
* lockout if nr of retries are above threshold. And more!
|
460 |
+
*
|
461 |
+
* A note on external whitelist: retries and statistics are still counted and
|
462 |
+
* notifications done as usual, but no lockout is done.
|
463 |
+
*
|
464 |
+
* @param $username
|
465 |
+
*/
|
466 |
+
public function limit_login_failed( $username ) {
|
467 |
+
|
468 |
+
$ip = $this->get_address();
|
469 |
+
$ipHash = $this->getHash($this->get_address());
|
470 |
+
|
471 |
+
/* if currently locked-out, do not add to retries */
|
472 |
+
$lockouts = $this->get_option( 'lockouts' );
|
473 |
+
|
474 |
+
if ( ! is_array( $lockouts ) ) {
|
475 |
+
$lockouts = array();
|
476 |
+
}
|
477 |
+
|
478 |
+
if ( (isset( $lockouts[ $ip ] ) && time() < $lockouts[ $ip ]) || (isset( $lockouts[ $ipHash ] ) && time() < $lockouts[ $ipHash ] )) {
|
479 |
+
return;
|
480 |
+
}
|
481 |
+
|
482 |
+
/* Get the arrays with retries and retries-valid information */
|
483 |
+
$retries = $this->get_option( 'retries' );
|
484 |
+
$valid = $this->get_option( 'retries_valid' );
|
485 |
+
|
486 |
+
if ( ! is_array( $retries ) ) {
|
487 |
+
$retries = array();
|
488 |
+
$this->add_option( 'retries', $retries );
|
489 |
+
}
|
490 |
+
|
491 |
+
if ( ! is_array( $valid ) ) {
|
492 |
+
$valid = array();
|
493 |
+
$this->add_option( 'retries_valid', $valid );
|
494 |
+
}
|
495 |
+
|
496 |
+
$gdpr = $this->get_option('gdpr');
|
497 |
+
$ip = ($gdpr ? $ipHash : $ip);
|
498 |
+
/* Check validity and add one to retries */
|
499 |
+
if ( isset( $retries[ $ip ] ) && isset( $valid[ $ip ] ) && time() < $valid[ $ip ]) {
|
500 |
+
$retries[ $ip ] ++;
|
501 |
+
} else {
|
502 |
+
$retries[ $ip ] = 1;
|
503 |
+
}
|
504 |
+
$valid[ $ip ] = time() + $this->get_option( 'valid_duration' );
|
505 |
+
|
506 |
+
/* lockout? */
|
507 |
+
if ( $retries[ $ip ] % $this->get_option( 'allowed_retries' ) != 0 ) {
|
508 |
+
/*
|
509 |
+
* Not lockout (yet!)
|
510 |
+
* Do housecleaning (which also saves retry/valid values).
|
511 |
+
*/
|
512 |
+
$this->cleanup( $retries, null, $valid );
|
513 |
+
|
514 |
+
return;
|
515 |
+
}
|
516 |
+
|
517 |
+
/* lockout! */
|
518 |
+
$whitelisted = $this->is_ip_whitelisted( $ip );
|
519 |
+
$retries_long = $this->get_option( 'allowed_retries' ) * $this->get_option( 'allowed_lockouts' );
|
520 |
+
|
521 |
+
/*
|
522 |
+
* Note that retries and statistics are still counted and notifications
|
523 |
+
* done as usual for whitelisted ips , but no lockout is done.
|
524 |
+
*/
|
525 |
+
if ( $whitelisted ) {
|
526 |
+
if ( $retries[ $ip ] >= $retries_long ) {
|
527 |
+
unset( $retries[ $ip ] );
|
528 |
+
unset( $valid[ $ip ] );
|
529 |
+
}
|
530 |
+
} else {
|
531 |
+
global $limit_login_just_lockedout;
|
532 |
+
$limit_login_just_lockedout = true;
|
533 |
+
$gdpr = $this->get_option('gdpr');
|
534 |
+
$index = ($gdpr ? $ipHash : $ip);
|
535 |
+
|
536 |
+
/* setup lockout, reset retries as needed */
|
537 |
+
if ( (isset($retries[ $ip ]) ? $retries[ $ip ] : 0) >= $retries_long || (isset($retries[ $ipHash ]) ? $retries[ $ipHash ] : 0) >= $retries_long ) {
|
538 |
+
/* long lockout */
|
539 |
+
$lockouts[ $index ] = time() + $this->get_option( 'long_duration' );
|
540 |
+
unset( $retries[ $index ] );
|
541 |
+
unset( $valid[ $index ] );
|
542 |
+
} else {
|
543 |
+
/* normal lockout */
|
544 |
+
$lockouts[ $index ] = time() + $this->get_option( 'lockout_duration' );
|
545 |
+
}
|
546 |
+
}
|
547 |
+
|
548 |
+
/* do housecleaning and save values */
|
549 |
+
$this->cleanup( $retries, $lockouts, $valid );
|
550 |
+
|
551 |
+
/* do any notification */
|
552 |
+
$this->notify( $username );
|
553 |
+
|
554 |
+
/* increase statistics */
|
555 |
+
$total = $this->get_option( 'lockouts_total' );
|
556 |
+
if ( $total === false || ! is_numeric( $total ) ) {
|
557 |
+
$this->add_option( 'lockouts_total', 1 );
|
558 |
+
} else {
|
559 |
+
$this->update_option( 'lockouts_total', $total + 1 );
|
560 |
+
}
|
561 |
+
}
|
562 |
+
|
563 |
+
/**
|
564 |
+
* Handle notification in event of lockout
|
565 |
+
*
|
566 |
+
* @param $user
|
567 |
+
*/
|
568 |
+
public function notify( $user ) {
|
569 |
+
$args = explode( ',', $this->get_option( 'lockout_notify' ) );
|
570 |
+
|
571 |
+
if ( empty( $args ) ) {
|
572 |
+
return;
|
573 |
+
}
|
574 |
+
|
575 |
+
foreach ( $args as $mode ) {
|
576 |
+
switch ( trim( $mode ) ) {
|
577 |
+
case 'email':
|
578 |
+
$this->notify_email( $user );
|
579 |
+
break;
|
580 |
+
case 'log':
|
581 |
+
$this->notify_log( $user );
|
582 |
+
break;
|
583 |
+
}
|
584 |
+
}
|
585 |
+
}
|
586 |
+
|
587 |
+
/**
|
588 |
+
* Email notification of lockout to admin (if configured)
|
589 |
+
*
|
590 |
+
* @param $user
|
591 |
+
*/
|
592 |
+
public function notify_email( $user ) {
|
593 |
+
$ip = $this->get_address();
|
594 |
+
$whitelisted = $this->is_ip_whitelisted( $ip );
|
595 |
+
|
596 |
+
$retries = $this->get_option( 'retries' );
|
597 |
+
if ( ! is_array( $retries ) ) {
|
598 |
+
$retries = array();
|
599 |
+
}
|
600 |
+
|
601 |
+
/* check if we are at the right nr to do notification */
|
602 |
+
if (
|
603 |
+
(isset( $retries[ $ip ] ) || isset( $retries[ $this->getHash($ip) ] ))
|
604 |
+
&&
|
605 |
+
( ( intval($retries[ $ip ] + $retries[ $this->getHash($ip) ]) / $this->get_option( 'allowed_retries' ) ) % $this->get_option( 'notify_email_after' ) ) != 0 ) {
|
606 |
+
return;
|
607 |
+
}
|
608 |
+
|
609 |
+
/* Format message. First current lockout duration */
|
610 |
+
if ( !isset( $retries[ $ip ] ) && !isset( $retries[ $this->getHash($ip) ] ) ) {
|
611 |
+
/* longer lockout */
|
612 |
+
$count = $this->get_option( 'allowed_retries' )
|
613 |
+
* $this->get_option( 'allowed_lockouts' );
|
614 |
+
$lockouts = $this->get_option( 'allowed_lockouts' );
|
615 |
+
$time = round( $this->get_option( 'long_duration' ) / 3600 );
|
616 |
+
$when = sprintf( _n( '%d hour', '%d hours', $time, 'limit-login-attempts-reloaded' ), $time );
|
617 |
+
} else {
|
618 |
+
/* normal lockout */
|
619 |
+
$count = $retries[ $ip ] + $retries[ $this->getHash($ip) ];
|
620 |
+
$lockouts = floor( ($count) / $this->get_option( 'allowed_retries' ) );
|
621 |
+
$time = round( $this->get_option( 'lockout_duration' ) / 60 );
|
622 |
+
$when = sprintf( _n( '%d minute', '%d minutes', $time, 'limit-login-attempts-reloaded' ), $time );
|
623 |
+
}
|
624 |
+
|
625 |
+
$blogname = $this->use_local_options ? get_option( 'blogname' ) : get_site_option( 'site_name' );
|
626 |
+
$blogname = htmlspecialchars_decode( $blogname, ENT_QUOTES );
|
627 |
+
|
628 |
+
if ( $whitelisted ) {
|
629 |
+
$subject = sprintf( __( "[%s] Failed login attempts from whitelisted IP"
|
630 |
+
, 'limit-login-attempts-reloaded' )
|
631 |
+
, $blogname );
|
632 |
+
} else {
|
633 |
+
$subject = sprintf( __( "[%s] Too many failed login attempts"
|
634 |
+
, 'limit-login-attempts-reloaded' )
|
635 |
+
, $blogname );
|
636 |
+
}
|
637 |
+
|
638 |
+
$message = sprintf( __( "%d failed login attempts (%d lockout(s)) from IP: %s"
|
639 |
+
, 'limit-login-attempts-reloaded' ) . "\r\n\r\n"
|
640 |
+
, $count, $lockouts, $ip );
|
641 |
+
if ( $user != '' ) {
|
642 |
+
$message .= sprintf( __( "Last user attempted: %s", 'limit-login-attempts-reloaded' )
|
643 |
+
. "\r\n\r\n", $user );
|
644 |
+
}
|
645 |
+
if ( $whitelisted ) {
|
646 |
+
$message .= __( "IP was NOT blocked because of external whitelist.", 'limit-login-attempts-reloaded' );
|
647 |
+
} else {
|
648 |
+
$message .= sprintf( __( "IP was blocked for %s", 'limit-login-attempts-reloaded' ), $when );
|
649 |
+
}
|
650 |
+
|
651 |
+
$admin_email = $this->use_local_options ? get_option( 'admin_email' ) : get_site_option( 'admin_email' );
|
652 |
+
|
653 |
+
@wp_mail( $admin_email, $subject, $message );
|
654 |
+
}
|
655 |
+
|
656 |
+
/**
|
657 |
+
* Logging of lockout (if configured)
|
658 |
+
*
|
659 |
+
* @param $user_login
|
660 |
+
*
|
661 |
+
* @internal param $user
|
662 |
+
*/
|
663 |
+
public function notify_log( $user_login ) {
|
664 |
+
|
665 |
+
if ( ! $user_login ) {
|
666 |
+
return;
|
667 |
+
}
|
668 |
+
|
669 |
+
$log = $option = $this->get_option( 'logged' );
|
670 |
+
if ( ! is_array( $log ) ) {
|
671 |
+
$log = array();
|
672 |
+
}
|
673 |
+
$ip = $this->get_address();
|
674 |
+
|
675 |
+
$index = ($this->get_option('gdpr') ? $this->getHash($ip) : $ip );
|
676 |
+
/* can be written much simpler, if you do not mind php warnings */
|
677 |
+
if ( !isset( $log[ $index ] ) )
|
678 |
+
$log[ $index ] = array();
|
679 |
+
|
680 |
+
if ( !isset( $log[ $index ][ $user_login ] ) )
|
681 |
+
$log[ $index ][ $user_login ] = array( 'counter' => 0 );
|
682 |
+
|
683 |
+
elseif ( !is_array( $log[ $index ][ $user_login ] ) )
|
684 |
+
$log[ $index ][ $user_login ] = array(
|
685 |
+
'counter' => $log[ $index ][ $user_login ],
|
686 |
+
);
|
687 |
+
|
688 |
+
$log[ $index ][ $user_login ]['counter']++;
|
689 |
+
$log[ $index ][ $user_login ]['date'] = time();
|
690 |
+
|
691 |
+
if ( isset( $_POST['woocommerce-login-nonce'] ) ) {
|
692 |
+
$gateway = 'WooCommerce';
|
693 |
+
} elseif ( isset( $GLOBALS['wp_xmlrpc_server'] ) && is_object( $GLOBALS['wp_xmlrpc_server'] ) ) {
|
694 |
+
$gateway = 'XMLRPC';
|
695 |
+
} else {
|
696 |
+
$gateway = 'WP Login';
|
697 |
+
}
|
698 |
+
|
699 |
+
$log[ $index ][ $user_login ]['gateway'] = $gateway;
|
700 |
+
|
701 |
+
if ( $option === false ) {
|
702 |
+
$this->add_option( 'logged', $log );
|
703 |
+
} else {
|
704 |
+
$this->update_option( 'logged', $log );
|
705 |
+
}
|
706 |
+
}
|
707 |
+
|
708 |
+
/**
|
709 |
+
* Check if IP is whitelisted.
|
710 |
+
*
|
711 |
+
* This function allow external ip whitelisting using a filter. Note that it can
|
712 |
+
* be called multiple times during the login process.
|
713 |
+
*
|
714 |
+
* Note that retries and statistics are still counted and notifications
|
715 |
+
* done as usual for whitelisted ips , but no lockout is done.
|
716 |
+
*
|
717 |
+
* Example:
|
718 |
+
* function my_ip_whitelist($allow, $ip) {
|
719 |
+
* return ($ip == 'my-ip') ? true : $allow;
|
720 |
+
* }
|
721 |
+
* add_filter('limit_login_whitelist_ip', 'my_ip_whitelist', 10, 2);
|
722 |
+
*
|
723 |
+
* @param null $ip
|
724 |
+
*
|
725 |
+
* @return bool
|
726 |
+
*/
|
727 |
+
public function is_ip_whitelisted( $ip = null ) {
|
728 |
+
|
729 |
+
if ( is_null( $ip ) ) {
|
730 |
+
$ip = $this->get_address();
|
731 |
+
}
|
732 |
+
|
733 |
+
$whitelisted = apply_filters( 'limit_login_whitelist_ip', false, $ip );
|
734 |
+
|
735 |
+
return ( $whitelisted === true );
|
736 |
+
}
|
737 |
+
|
738 |
+
public function is_username_whitelisted( $username ) {
|
739 |
+
|
740 |
+
if ( empty( $username ) ) {
|
741 |
+
return false;
|
742 |
+
}
|
743 |
+
|
744 |
+
$whitelisted = apply_filters( 'limit_login_whitelist_usernames', false, $username );
|
745 |
+
|
746 |
+
return ( $whitelisted === true );
|
747 |
+
}
|
748 |
+
|
749 |
+
public function is_ip_blacklisted( $ip = null ) {
|
750 |
+
|
751 |
+
if ( is_null( $ip ) ) {
|
752 |
+
$ip = $this->get_address();
|
753 |
+
}
|
754 |
+
|
755 |
+
$whitelisted = apply_filters( 'limit_login_blacklist_ip', false, $ip );
|
756 |
+
|
757 |
+
return ( $whitelisted === true );
|
758 |
+
}
|
759 |
+
|
760 |
+
public function is_username_blacklisted( $username ) {
|
761 |
+
|
762 |
+
if ( empty( $username ) ) {
|
763 |
+
return false;
|
764 |
+
}
|
765 |
+
|
766 |
+
$whitelisted = apply_filters( 'limit_login_blacklist_usernames', false, $username );
|
767 |
+
|
768 |
+
return ( $whitelisted === true );
|
769 |
+
}
|
770 |
+
|
771 |
+
/**
|
772 |
+
* Filter: allow login attempt? (called from wp_authenticate())
|
773 |
+
*
|
774 |
+
* @param $user WP_User
|
775 |
+
* @param $password
|
776 |
+
*
|
777 |
+
* @return \WP_Error
|
778 |
+
*/
|
779 |
+
public function wp_authenticate_user( $user, $password ) {
|
780 |
+
|
781 |
+
if ( is_wp_error( $user ) ||
|
782 |
+
$this->check_whitelist_ips( false, $this->get_address() ) ||
|
783 |
+
$this->check_whitelist_usernames( false, $user->user_login ) ||
|
784 |
+
$this->is_limit_login_ok()
|
785 |
+
) {
|
786 |
+
|
787 |
+
return $user;
|
788 |
+
}
|
789 |
+
|
790 |
+
$error = new WP_Error();
|
791 |
+
|
792 |
+
global $limit_login_my_error_shown;
|
793 |
+
$limit_login_my_error_shown = true;
|
794 |
+
|
795 |
+
if ( $this->is_username_blacklisted( $user->user_login ) || $this->is_ip_blacklisted( $this->get_address() ) ) {
|
796 |
+
$error->add( 'username_blacklisted', "<strong>ERROR:</strong> Too many failed login attempts." );
|
797 |
+
} else {
|
798 |
+
// This error should be the same as in "shake it" filter below
|
799 |
+
$error->add( 'too_many_retries', $this->error_msg() );
|
800 |
+
}
|
801 |
+
|
802 |
+
return $error;
|
803 |
+
}
|
804 |
+
|
805 |
+
/**
|
806 |
+
* Filter: add this failure to login page "Shake it!"
|
807 |
+
*
|
808 |
+
* @param $error_codes
|
809 |
+
*
|
810 |
+
* @return array
|
811 |
+
*/
|
812 |
+
public function failure_shake( $error_codes ) {
|
813 |
+
$error_codes[] = 'too_many_retries';
|
814 |
+
$error_codes[] = 'username_blacklisted';
|
815 |
+
|
816 |
+
return $error_codes;
|
817 |
+
}
|
818 |
+
|
819 |
+
/**
|
820 |
+
* Keep track of if user or password are empty, to filter errors correctly
|
821 |
+
*
|
822 |
+
* @param $user
|
823 |
+
* @param $password
|
824 |
+
*/
|
825 |
+
public function track_credentials( $user, $password ) {
|
826 |
+
global $limit_login_nonempty_credentials;
|
827 |
+
|
828 |
+
$limit_login_nonempty_credentials = ( ! empty( $user ) && ! empty( $password ) );
|
829 |
+
}
|
830 |
+
|
831 |
+
/**
|
832 |
+
* Should we show errors and messages on this page?
|
833 |
+
*
|
834 |
+
* @return bool
|
835 |
+
*/
|
836 |
+
public function login_show_msg() {
|
837 |
+
if ( isset( $_GET['key'] ) ) {
|
838 |
+
/* reset password */
|
839 |
+
return false;
|
840 |
+
}
|
841 |
+
|
842 |
+
$action = isset( $_REQUEST['action'] ) ? $_REQUEST['action'] : '';
|
843 |
+
|
844 |
+
return ( $action != 'lostpassword' && $action != 'retrievepassword'
|
845 |
+
&& $action != 'resetpass' && $action != 'rp'
|
846 |
+
&& $action != 'register' );
|
847 |
+
}
|
848 |
+
|
849 |
+
/**
|
850 |
+
* Construct informative error message
|
851 |
+
*
|
852 |
+
* @return string
|
853 |
+
*/
|
854 |
+
public function error_msg() {
|
855 |
+
$ip = $this->get_address();
|
856 |
+
$lockouts = $this->get_option( 'lockouts' );
|
857 |
+
$a = $this->checkKey($lockouts, $ip);
|
858 |
+
$b = $this->checkKey($lockouts, $this->getHash($ip));
|
859 |
+
|
860 |
+
$msg = __( '<strong>ERROR</strong>: Too many failed login attempts.', 'limit-login-attempts-reloaded' ) . ' ';
|
861 |
+
|
862 |
+
if (
|
863 |
+
! is_array( $lockouts ) ||
|
864 |
+
( ! isset( $lockouts[ $ip ] ) && ! isset( $lockouts[$this->getHash($ip)]) ) ||
|
865 |
+
(time() >= $a && time() >= $b)
|
866 |
+
){
|
867 |
+
/* Huh? No timeout active? */
|
868 |
+
$msg .= __( 'Please try again later.', 'limit-login-attempts-reloaded' );
|
869 |
+
|
870 |
+
return $msg;
|
871 |
+
}
|
872 |
+
|
873 |
+
$when = ceil( ( ($a > $b ? $a : $b) - time() ) / 60 );
|
874 |
+
if ( $when > 60 ) {
|
875 |
+
$when = ceil( $when / 60 );
|
876 |
+
$msg .= sprintf( _n( 'Please try again in %d hour.', 'Please try again in %d hours.', $when, 'limit-login-attempts-reloaded' ), $when );
|
877 |
+
} else {
|
878 |
+
$msg .= sprintf( _n( 'Please try again in %d minute.', 'Please try again in %d minutes.', $when, 'limit-login-attempts-reloaded' ), $when );
|
879 |
+
}
|
880 |
+
|
881 |
+
return $msg;
|
882 |
+
}
|
883 |
+
|
884 |
+
/**
|
885 |
+
* Add a message to login page when necessary
|
886 |
+
*/
|
887 |
+
public function add_error_message() {
|
888 |
+
global $error, $limit_login_my_error_shown;
|
889 |
+
|
890 |
+
if ( ! $this->login_show_msg() || $limit_login_my_error_shown ) {
|
891 |
+
return;
|
892 |
+
}
|
893 |
+
|
894 |
+
$msg = $this->get_message();
|
895 |
+
|
896 |
+
if ( $msg != '' ) {
|
897 |
+
$limit_login_my_error_shown = true;
|
898 |
+
$error .= $msg;
|
899 |
+
}
|
900 |
+
|
901 |
+
return;
|
902 |
+
}
|
903 |
+
|
904 |
+
/**
|
905 |
+
* Fix up the error message before showing it
|
906 |
+
*
|
907 |
+
* @param $content
|
908 |
+
*
|
909 |
+
* @return string
|
910 |
+
*/
|
911 |
+
public function fixup_error_messages( $content ) {
|
912 |
+
global $limit_login_just_lockedout, $limit_login_nonempty_credentials, $limit_login_my_error_shown;
|
913 |
+
|
914 |
+
if ( ! $this->login_show_msg() ) {
|
915 |
+
return $content;
|
916 |
+
}
|
917 |
+
|
918 |
+
/*
|
919 |
+
* During lockout we do not want to show any other error messages (like
|
920 |
+
* unknown user or empty password).
|
921 |
+
*/
|
922 |
+
if ( ! $this->is_limit_login_ok() && ! $limit_login_just_lockedout ) {
|
923 |
+
return $this->error_msg();
|
924 |
+
}
|
925 |
+
|
926 |
+
/*
|
927 |
+
* We want to filter the messages 'Invalid username' and
|
928 |
+
* 'Invalid password' as that is an information leak regarding user
|
929 |
+
* account names (prior to WP 2.9?).
|
930 |
+
*
|
931 |
+
* Also, if more than one error message, put an extra <br /> tag between
|
932 |
+
* them.
|
933 |
+
*/
|
934 |
+
$msgs = explode( "<br />\n", $content );
|
935 |
+
|
936 |
+
if ( strlen( end( $msgs ) ) == 0 ) {
|
937 |
+
/* remove last entry empty string */
|
938 |
+
array_pop( $msgs );
|
939 |
+
}
|
940 |
+
|
941 |
+
$count = count( $msgs );
|
942 |
+
$my_warn_count = $limit_login_my_error_shown ? 1 : 0;
|
943 |
+
|
944 |
+
if ( $limit_login_nonempty_credentials && $count > $my_warn_count ) {
|
945 |
+
|
946 |
+
/* Replace error message, including ours if necessary */
|
947 |
+
if( !empty( $_REQUEST['log'] ) && is_email( $_REQUEST['log'] ) ) {
|
948 |
+
$content = __( '<strong>ERROR</strong>: Incorrect email address or password.', 'limit-login-attempts-reloaded' ) . "<br />\n";
|
949 |
+
} else{
|
950 |
+
$content = __( '<strong>ERROR</strong>: Incorrect username or password.', 'limit-login-attempts-reloaded' ) . "<br />\n";
|
951 |
+
}
|
952 |
+
|
953 |
+
if ( $limit_login_my_error_shown || $this->get_message() ) {
|
954 |
+
$content .= "<br />\n" . $this->get_message() . "<br />\n";
|
955 |
+
}
|
956 |
+
|
957 |
+
return $content;
|
958 |
+
} elseif ( $count <= 1 ) {
|
959 |
+
return $content;
|
960 |
+
}
|
961 |
+
|
962 |
+
$new = '';
|
963 |
+
while ( $count -- > 0 ) {
|
964 |
+
$new .= array_shift( $msgs ) . "<br />\n";
|
965 |
+
if ( $count > 0 ) {
|
966 |
+
$new .= "<br />\n";
|
967 |
+
}
|
968 |
+
}
|
969 |
+
|
970 |
+
return $new;
|
971 |
+
}
|
972 |
+
|
973 |
+
public function fixup_error_messages_wc( \WP_Error $error ) {
|
974 |
+
$error->add( 1, __( 'WC Error' ) );
|
975 |
+
}
|
976 |
+
|
977 |
+
/**
|
978 |
+
* Return current (error) message to show, if any
|
979 |
+
*
|
980 |
+
* @return string
|
981 |
+
*/
|
982 |
+
public function get_message() {
|
983 |
+
/* Check external whitelist */
|
984 |
+
if ( $this->is_ip_whitelisted() ) {
|
985 |
+
return '';
|
986 |
+
}
|
987 |
+
|
988 |
+
/* Is lockout in effect? */
|
989 |
+
if ( ! $this->is_limit_login_ok() ) {
|
990 |
+
return $this->error_msg();
|
991 |
+
}
|
992 |
+
|
993 |
+
return $this->retries_remaining_msg();
|
994 |
+
}
|
995 |
+
|
996 |
+
/**
|
997 |
+
* Construct retries remaining message
|
998 |
+
*
|
999 |
+
* @return string
|
1000 |
+
*/
|
1001 |
+
public function retries_remaining_msg() {
|
1002 |
+
$ip = $this->get_address();
|
1003 |
+
$retries = $this->get_option( 'retries' );
|
1004 |
+
$valid = $this->get_option( 'retries_valid' );
|
1005 |
+
$a = $this->checkKey($retries, $ip);
|
1006 |
+
$b = $this->checkKey($retries, $this->getHash($ip));
|
1007 |
+
$c = $this->checkKey($valid, $ip);
|
1008 |
+
$d = $this->checkKey($valid, $this->getHash($ip));
|
1009 |
+
|
1010 |
+
/* Should we show retries remaining? */
|
1011 |
+
if ( ! is_array( $retries ) || ! is_array( $valid ) ) {
|
1012 |
+
/* no retries at all */
|
1013 |
+
return '';
|
1014 |
+
}
|
1015 |
+
if (
|
1016 |
+
(! isset( $retries[ $ip ] ) && ! isset( $retries[ $this->getHash($ip) ] )) ||
|
1017 |
+
(! isset( $valid[ $ip ] ) && ! isset( $valid[ $this->getHash($ip) ] )) ||
|
1018 |
+
( time() > $c && time() > $d )
|
1019 |
+
) {
|
1020 |
+
/* no: no valid retries */
|
1021 |
+
return '';
|
1022 |
+
}
|
1023 |
+
if (
|
1024 |
+
( $a % $this->get_option( 'allowed_retries' ) ) == 0 &&
|
1025 |
+
( $b % $this->get_option( 'allowed_retries' ) ) == 0
|
1026 |
+
) {
|
1027 |
+
/* no: already been locked out for these retries */
|
1028 |
+
return '';
|
1029 |
+
}
|
1030 |
+
|
1031 |
+
$remaining = max( ( $this->get_option( 'allowed_retries' ) - ( ($a + $b) % $this->get_option( 'allowed_retries' ) ) ), 0 );
|
1032 |
+
|
1033 |
+
return sprintf( _n( "<strong>%d</strong> attempt remaining.", "<strong>%d</strong> attempts remaining.", $remaining, 'limit-login-attempts-reloaded' ), $remaining );
|
1034 |
+
}
|
1035 |
+
|
1036 |
+
/**
|
1037 |
+
* Get correct remote address
|
1038 |
+
*
|
1039 |
+
* @param string $type_name
|
1040 |
+
*
|
1041 |
+
* @return string
|
1042 |
+
*/
|
1043 |
+
public function get_address() {
|
1044 |
+
|
1045 |
+
if ( !empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) && filter_var( $_SERVER['HTTP_X_FORWARDED_FOR'], FILTER_VALIDATE_IP ) )
|
1046 |
+
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
|
1047 |
+
|
1048 |
+
elseif ( !empty( $_SERVER['HTTP_X_SUCURI_CLIENTIP'] ) && filter_var( $_SERVER['HTTP_X_SUCURI_CLIENTIP'], FILTER_VALIDATE_IP ) )
|
1049 |
+
$ip = $_SERVER['HTTP_X_SUCURI_CLIENTIP'];
|
1050 |
+
|
1051 |
+
elseif ( isset( $_SERVER['REMOTE_ADDR'] ) )
|
1052 |
+
$ip = $_SERVER['REMOTE_ADDR'];
|
1053 |
+
|
1054 |
+
else
|
1055 |
+
$ip = '';
|
1056 |
+
|
1057 |
+
$ip = preg_replace('/^(\d+\.\d+\.\d+\.\d+):\d+$/', '\1', $ip);
|
1058 |
+
|
1059 |
+
return $ip;
|
1060 |
+
}
|
1061 |
+
|
1062 |
+
/**
|
1063 |
+
* Clean up old lockouts and retries, and save supplied arrays
|
1064 |
+
*
|
1065 |
+
* @param null $retries
|
1066 |
+
* @param null $lockouts
|
1067 |
+
* @param null $valid
|
1068 |
+
*/
|
1069 |
+
public function cleanup( $retries = null, $lockouts = null, $valid = null ) {
|
1070 |
+
$now = time();
|
1071 |
+
$lockouts = ! is_null( $lockouts ) ? $lockouts : $this->get_option( 'lockouts' );
|
1072 |
+
|
1073 |
+
/* remove old lockouts */
|
1074 |
+
if ( is_array( $lockouts ) ) {
|
1075 |
+
foreach ( $lockouts as $ip => $lockout ) {
|
1076 |
+
if ( $lockout < $now ) {
|
1077 |
+
unset( $lockouts[ $ip ] );
|
1078 |
+
}
|
1079 |
+
}
|
1080 |
+
$this->update_option( 'lockouts', $lockouts );
|
1081 |
+
}
|
1082 |
+
|
1083 |
+
/* remove retries that are no longer valid */
|
1084 |
+
$valid = ! is_null( $valid ) ? $valid : $this->get_option( 'retries_valid' );
|
1085 |
+
$retries = ! is_null( $retries ) ? $retries : $this->get_option( 'retries' );
|
1086 |
+
if ( ! is_array( $valid ) || ! is_array( $retries ) ) {
|
1087 |
+
return;
|
1088 |
+
}
|
1089 |
+
|
1090 |
+
foreach ( $valid as $ip => $lockout ) {
|
1091 |
+
if ( $lockout < $now ) {
|
1092 |
+
unset( $valid[ $ip ] );
|
1093 |
+
unset( $retries[ $ip ] );
|
1094 |
+
}
|
1095 |
+
}
|
1096 |
+
|
1097 |
+
/* go through retries directly, if for some reason they've gone out of sync */
|
1098 |
+
foreach ( $retries as $ip => $retry ) {
|
1099 |
+
if ( ! isset( $valid[ $ip ] ) ) {
|
1100 |
+
unset( $retries[ $ip ] );
|
1101 |
+
}
|
1102 |
+
}
|
1103 |
+
|
1104 |
+
$this->update_option( 'retries', $retries );
|
1105 |
+
$this->update_option( 'retries_valid', $valid );
|
1106 |
+
}
|
1107 |
+
|
1108 |
+
/**
|
1109 |
+
* Render admin options page
|
1110 |
+
*/
|
1111 |
+
public function options_page() {
|
1112 |
+
$this->use_local_options = !is_network_admin();
|
1113 |
+
$this->cleanup();
|
1114 |
+
|
1115 |
+
if( !empty( $_POST ) )
|
1116 |
+
{
|
1117 |
+
check_admin_referer( 'limit-login-attempts-options' );
|
1118 |
+
|
1119 |
+
if ( is_network_admin() )
|
1120 |
+
$this->update_option( 'allow_local_options', !empty($_POST['allow_local_options']) );
|
1121 |
+
|
1122 |
+
elseif ( $this->network_mode )
|
1123 |
+
$this->update_option( 'use_local_options', empty($_POST['use_global_options']) );
|
1124 |
+
|
1125 |
+
/* Should we support GDPR */
|
1126 |
+
if( isset( $_POST[ 'gdpr' ] ) )
|
1127 |
+
{
|
1128 |
+
$this->update_option( 'gdpr', 1 );
|
1129 |
+
}
|
1130 |
+
else {
|
1131 |
+
$this->update_option( 'gdpr', 0 );
|
1132 |
+
}
|
1133 |
+
|
1134 |
+
/* Should we clear log? */
|
1135 |
+
if( isset( $_POST[ 'clear_log' ] ) )
|
1136 |
+
{
|
1137 |
+
$this->update_option( 'logged', '' );
|
1138 |
+
$this->show_error( __( 'Cleared IP log', 'limit-login-attempts-reloaded' ) );
|
1139 |
+
}
|
1140 |
+
|
1141 |
+
/* Should we reset counter? */
|
1142 |
+
if( isset( $_POST[ 'reset_total' ] ) )
|
1143 |
+
{
|
1144 |
+
$this->update_option( 'lockouts_total', 0 );
|
1145 |
+
$this->show_error( __( 'Reset lockout count', 'limit-login-attempts-reloaded' ) );
|
1146 |
+
}
|
1147 |
+
|
1148 |
+
/* Should we restore current lockouts? */
|
1149 |
+
if( isset( $_POST[ 'reset_current' ] ) )
|
1150 |
+
{
|
1151 |
+
$this->update_option( 'lockouts', array() );
|
1152 |
+
$this->show_error( __( 'Cleared current lockouts', 'limit-login-attempts-reloaded' ) );
|
1153 |
+
}
|
1154 |
+
|
1155 |
+
/* Should we update options? */
|
1156 |
+
if( isset( $_POST[ 'update_options' ] ) )
|
1157 |
+
{
|
1158 |
+
$this->update_option('allowed_retries', (int)$_POST['allowed_retries'] );
|
1159 |
+
$this->update_option('lockout_duration', (int)$_POST['lockout_duration'] * 60 );
|
1160 |
+
$this->update_option('valid_duration', (int)$_POST['valid_duration'] * 3600 );
|
1161 |
+
$this->update_option('allowed_lockouts', (int)$_POST['allowed_lockouts'] );
|
1162 |
+
$this->update_option('long_duration', (int)$_POST['long_duration'] * 3600 );
|
1163 |
+
$this->update_option('notify_email_after', (int)$_POST['email_after'] );
|
1164 |
+
|
1165 |
+
$white_list_ips = ( !empty( $_POST['lla_whitelist_ips'] ) ) ? explode("\n", str_replace("\r", "", stripslashes($_POST['lla_whitelist_ips']) ) ) : array();
|
1166 |
+
|
1167 |
+
if( !empty( $white_list_ips ) ) {
|
1168 |
+
foreach( $white_list_ips as $key => $ip ) {
|
1169 |
+
if( '' == $ip ) {
|
1170 |
+
unset( $white_list_ips[ $key ] );
|
1171 |
+
}
|
1172 |
+
}
|
1173 |
+
}
|
1174 |
+
$this->update_option('whitelist', $white_list_ips );
|
1175 |
+
|
1176 |
+
$white_list_usernames = ( !empty( $_POST['lla_whitelist_usernames'] ) ) ? explode("\n", str_replace("\r", "", stripslashes($_POST['lla_whitelist_usernames']) ) ) : array();
|
1177 |
+
|
1178 |
+
if( !empty( $white_list_usernames ) ) {
|
1179 |
+
foreach( $white_list_usernames as $key => $ip ) {
|
1180 |
+
if( '' == $ip ) {
|
1181 |
+
unset( $white_list_usernames[ $key ] );
|
1182 |
+
}
|
1183 |
+
}
|
1184 |
+
}
|
1185 |
+
$this->update_option('whitelist_usernames', $white_list_usernames );
|
1186 |
+
|
1187 |
+
$black_list_ips = ( !empty( $_POST['lla_blacklist_ips'] ) ) ? explode("\n", str_replace("\r", "", stripslashes($_POST['lla_blacklist_ips']) ) ) : array();
|
1188 |
+
|
1189 |
+
if( !empty( $black_list_ips ) ) {
|
1190 |
+
foreach( $black_list_ips as $key => $ip ) {
|
1191 |
+
$range = array_map('trim', explode('-', $ip) );
|
1192 |
+
if ( count( $range ) > 1 && (float)sprintf("%u",ip2long($range[0])) > (float)sprintf("%u",ip2long($range[1]))) {
|
1193 |
+
$this->show_error( __( 'The "'. $ip .'" IP range is invalid', 'limit-login-attempts-reloaded' ) );
|
1194 |
+
}
|
1195 |
+
if( '' == $ip ) {
|
1196 |
+
unset( $black_list_ips[ $key ] );
|
1197 |
+
}
|
1198 |
+
}
|
1199 |
+
}
|
1200 |
+
$this->update_option('blacklist', $black_list_ips );
|
1201 |
+
|
1202 |
+
$black_list_usernames = ( !empty( $_POST['lla_blacklist_usernames'] ) ) ? explode("\n", str_replace("\r", "", stripslashes($_POST['lla_blacklist_usernames']) ) ) : array();
|
1203 |
+
|
1204 |
+
if( !empty( $black_list_usernames ) ) {
|
1205 |
+
foreach( $black_list_usernames as $key => $ip ) {
|
1206 |
+
if( '' == $ip ) {
|
1207 |
+
unset( $black_list_usernames[ $key ] );
|
1208 |
+
}
|
1209 |
+
}
|
1210 |
+
}
|
1211 |
+
$this->update_option('blacklist_usernames', $black_list_usernames );
|
1212 |
+
|
1213 |
+
$notify_methods = array();
|
1214 |
+
if( isset( $_POST[ 'lockout_notify_log' ] ) ) {
|
1215 |
+
$notify_methods[] = 'log';
|
1216 |
+
}
|
1217 |
+
if( isset( $_POST[ 'lockout_notify_email' ] ) ) {
|
1218 |
+
$notify_methods[] = 'email';
|
1219 |
+
}
|
1220 |
+
$this->update_option('lockout_notify', implode( ',', $notify_methods ) );
|
1221 |
+
|
1222 |
+
$this->sanitize_options();
|
1223 |
+
|
1224 |
+
$this->show_error( __( 'Options saved.', 'limit-login-attempts-reloaded' ) );
|
1225 |
+
}
|
1226 |
+
}
|
1227 |
+
|
1228 |
+
include_once( LLA_PLUGIN_DIR . '/views/options-page.php' );
|
1229 |
+
}
|
1230 |
+
|
1231 |
+
public function ajax_unlock()
|
1232 |
+
{
|
1233 |
+
check_ajax_referer('limit-login-unlock', 'sec');
|
1234 |
+
$ip = (string)@$_POST['ip'];
|
1235 |
+
|
1236 |
+
$lockouts = (array)$this->get_option('lockouts');
|
1237 |
+
|
1238 |
+
if ( isset( $lockouts[ $ip ] ) )
|
1239 |
+
{
|
1240 |
+
unset( $lockouts[ $ip ] );
|
1241 |
+
$this->update_option( 'lockouts', $lockouts );
|
1242 |
+
}
|
1243 |
+
|
1244 |
+
//save to log
|
1245 |
+
$user_login = @(string)$_POST['username'];
|
1246 |
+
$log = $this->get_option( 'logged' );
|
1247 |
+
|
1248 |
+
if ( @$log[ $ip ][ $user_login ] )
|
1249 |
+
{
|
1250 |
+
if ( !is_array( $log[ $ip ][ $user_login ] ) )
|
1251 |
+
$log[ $ip ][ $user_login ] = array(
|
1252 |
+
'counter' => $log[ $ip ][ $user_login ],
|
1253 |
+
);
|
1254 |
+
$log[ $ip ][ $user_login ]['unlocked'] = true;
|
1255 |
+
|
1256 |
+
$this->update_option( 'logged', $log );
|
1257 |
+
}
|
1258 |
+
|
1259 |
+
header('Content-Type: application/json');
|
1260 |
+
echo 'true';
|
1261 |
+
exit;
|
1262 |
+
}
|
1263 |
+
|
1264 |
+
/**
|
1265 |
+
* Show error message
|
1266 |
+
*
|
1267 |
+
* @param $msg
|
1268 |
+
*/
|
1269 |
+
public function show_error( $msg ) {
|
1270 |
+
LLA_Helpers::show_error( $msg );
|
1271 |
+
}
|
1272 |
+
|
1273 |
+
/**
|
1274 |
+
* returns IP with its md5 value
|
1275 |
+
*/
|
1276 |
+
private function getHash($str)
|
1277 |
+
{
|
1278 |
+
return md5($str);
|
1279 |
+
}
|
1280 |
+
|
1281 |
+
/**
|
1282 |
+
* @param $arr - array
|
1283 |
+
* @param $k - key
|
1284 |
+
* @return int array value at given index or zero
|
1285 |
+
*/
|
1286 |
+
private function checkKey($arr, $k)
|
1287 |
+
{
|
1288 |
+
return isset($arr[$k]) ? $arr[$k] : 0;
|
1289 |
+
}
|
1290 |
}
|
core/Logger.php
CHANGED
@@ -1,23 +1,23 @@
|
|
1 |
-
<?php
|
2 |
-
|
3 |
-
/**
|
4 |
-
* Class LLA_Logger
|
5 |
-
*/
|
6 |
-
class LLA_Logger {
|
7 |
-
|
8 |
-
private static $_log_file_name = 'log.txt';
|
9 |
-
|
10 |
-
/**
|
11 |
-
* TODO
|
12 |
-
* @param $msg
|
13 |
-
* @return int|void
|
14 |
-
*/
|
15 |
-
public static function add_log( $msg ) {
|
16 |
-
if( ! $msg ) {
|
17 |
-
return;
|
18 |
-
}
|
19 |
-
|
20 |
-
return file_put_contents( LLA_PLUGIN_DIR . DIRECTORY_SEPARATOR . self::$_log_file_name, $msg . "\n\r", FILE_APPEND );
|
21 |
-
}
|
22 |
-
|
23 |
}
|
1 |
+
<?php
|
2 |
+
|
3 |
+
/**
|
4 |
+
* Class LLA_Logger
|
5 |
+
*/
|
6 |
+
class LLA_Logger {
|
7 |
+
|
8 |
+
private static $_log_file_name = 'log.txt';
|
9 |
+
|
10 |
+
/**
|
11 |
+
* TODO
|
12 |
+
* @param $msg
|
13 |
+
* @return int|void
|
14 |
+
*/
|
15 |
+
public static function add_log( $msg ) {
|
16 |
+
if( ! $msg ) {
|
17 |
+
return;
|
18 |
+
}
|
19 |
+
|
20 |
+
return file_put_contents( LLA_PLUGIN_DIR . DIRECTORY_SEPARATOR . self::$_log_file_name, $msg . "\n\r", FILE_APPEND );
|
21 |
+
}
|
22 |
+
|
23 |
}
|
limit-login-attempts-reloaded.php
CHANGED
@@ -1,14 +1,15 @@
|
|
1 |
<?php
|
2 |
/*
|
3 |
-
|
4 |
-
|
5 |
-
|
6 |
-
|
7 |
-
|
|
|
8 |
|
9 |
-
|
10 |
|
11 |
-
|
12 |
*/
|
13 |
|
14 |
/***************************************************************************************
|
1 |
<?php
|
2 |
/*
|
3 |
+
Plugin Name: Limit Login Attempts Reloaded
|
4 |
+
Description: Limit the rate of login attempts, including by way of cookies and for each IP address.
|
5 |
+
Author: WPChef
|
6 |
+
Author URI: https://wpchef.org
|
7 |
+
Text Domain: limit-login-attempts-reloaded
|
8 |
+
Version: 2.7.2
|
9 |
|
10 |
+
Copyright 2008 - 2012 Johan Eenfeldt, 2016 - 2019 WPChef
|
11 |
|
12 |
+
Thanks to Michael Skerwiderski for reverse proxy handling suggestions.
|
13 |
*/
|
14 |
|
15 |
/***************************************************************************************
|
readme.txt
CHANGED
@@ -1,109 +1,113 @@
|
|
1 |
-
=== Limit Login Attempts Reloaded ===
|
2 |
-
Contributors: wpchefgadget
|
3 |
-
Tags:
|
4 |
-
Requires at least: 3.0
|
5 |
-
Tested up to:
|
6 |
-
Stable tag: 2.7.
|
7 |
-
|
8 |
-
Reloaded version of the original Limit Login Attempts plugin for Login Protection by a team of WordPress developers. GDPR compliant.
|
9 |
-
|
10 |
-
== Description ==
|
11 |
-
|
12 |
-
Limit the number of login attempts that possible both through the normal login as well as using the auth cookies.
|
13 |
-
WordPress by default allows unlimited login attempts either through the login page or by sending special cookies. This allows passwords (or hashes) to be cracked via brute-force relatively easily.
|
14 |
-
Limit Login Attempts Reloaded blocks an Internet address from making further attempts after a specified limit on retries has been reached, making a brute-force attack difficult or impossible.
|
15 |
-
|
16 |
-
Features:
|
17 |
-
|
18 |
-
* Limit the number of retry attempts when logging in (per each IP). This is fully customizable.
|
19 |
-
* Limit the number of attempts to log in using authorization cookies in the same way.
|
20 |
-
* Informs the user about the remaining retries or lockout time on the login page.
|
21 |
-
* Optional logging and optional email notification.
|
22 |
-
* Handles server behind the reverse proxy.
|
23 |
-
* It is possible to whitelist/blacklist IPs and Usernames.
|
24 |
-
* Sucuri Website Firewall compatibility.
|
25 |
-
* **XMLRPC** gateway protection.
|
26 |
-
* **Woocommerce** login page protection.
|
27 |
-
* **Multi-site** compatibility with extra MU settings.
|
28 |
-
* **GDPR** compliant. With this feature turned on, all logged IPs get obfuscated (md5-hashed).
|
29 |
-
|
30 |
-
= Upgrading from the old Limit Login Attempts plugin =
|
31 |
-
1. Go to the Plugins section in your site's backend.
|
32 |
-
1. Remove the Limit Login Attempts plugin.
|
33 |
-
1. Install the Limit Login Attempts Reloaded plugin.
|
34 |
-
|
35 |
-
All your settings will be kept in tact!
|
36 |
-
|
37 |
-
Many languages are currently supported in Limit Login Attempts Reloaded plugin but we welcome any additional ones.
|
38 |
-
Help us bring Limit Login Attempts Reloaded to even more cultures.
|
39 |
-
|
40 |
-
Translations: Bulgarian, Brazilian Portuguese, Catalan, Chinese (Traditional), Czech, Dutch, Finnish, French, German, Hungarian, Norwegian, Persian, Romanian, Russian, Spanish, Swedish, Turkish
|
41 |
-
|
42 |
-
Plugin uses standard actions and filters only.
|
43 |
-
|
44 |
-
Based on the original code from Limit Login Attemps plugin by Johan Eenfeldt.
|
45 |
-
|
46 |
-
== Screenshots ==
|
47 |
-
|
48 |
-
1. Loginscreen after a failed login with remaining retries
|
49 |
-
2. Lockout loginscreen
|
50 |
-
3. Administration interface in WordPress 4.5.3
|
51 |
-
|
52 |
-
== Changelog ==
|
53 |
-
|
54 |
-
= 2.7.
|
55 |
-
*
|
56 |
-
|
57 |
-
|
58 |
-
|
59 |
-
|
60 |
-
|
61 |
-
|
62 |
-
|
63 |
-
|
64 |
-
|
65 |
-
|
66 |
-
|
67 |
-
*
|
68 |
-
|
69 |
-
|
70 |
-
|
71 |
-
|
72 |
-
|
73 |
-
|
74 |
-
|
75 |
-
|
76 |
-
|
77 |
-
*
|
78 |
-
|
79 |
-
*
|
80 |
-
|
81 |
-
|
82 |
-
|
83 |
-
|
84 |
-
|
85 |
-
|
86 |
-
*
|
87 |
-
|
88 |
-
= 2.
|
89 |
-
* IP addresses can be white-listed now. https://wordpress.org/support/topic/
|
90 |
-
*
|
91 |
-
|
92 |
-
|
93 |
-
|
94 |
-
*
|
95 |
-
*
|
96 |
-
|
97 |
-
|
98 |
-
|
99 |
-
*
|
100 |
-
*
|
101 |
-
|
102 |
-
= 2.
|
103 |
-
*
|
104 |
-
*
|
105 |
-
|
106 |
-
|
107 |
-
*
|
108 |
-
* fixed
|
|
|
|
|
|
|
|
|
109 |
* code refactoring and optimization.
|
1 |
+
=== Limit Login Attempts Reloaded ===
|
2 |
+
Contributors: wpchefgadget
|
3 |
+
Tags: brute force, login, security, GDPR, protection
|
4 |
+
Requires at least: 3.0
|
5 |
+
Tested up to: 5.0.3
|
6 |
+
Stable tag: 2.7.2
|
7 |
+
|
8 |
+
Reloaded version of the original Limit Login Attempts plugin for Login Protection by a team of WordPress developers. GDPR compliant.
|
9 |
+
|
10 |
+
== Description ==
|
11 |
+
|
12 |
+
Limit the number of login attempts that possible both through the normal login as well as using the auth cookies.
|
13 |
+
WordPress by default allows unlimited login attempts either through the login page or by sending special cookies. This allows passwords (or hashes) to be cracked via brute-force relatively easily.
|
14 |
+
Limit Login Attempts Reloaded blocks an Internet address from making further attempts after a specified limit on retries has been reached, making a brute-force attack difficult or impossible.
|
15 |
+
|
16 |
+
Features:
|
17 |
+
|
18 |
+
* Limit the number of retry attempts when logging in (per each IP). This is fully customizable.
|
19 |
+
* Limit the number of attempts to log in using authorization cookies in the same way.
|
20 |
+
* Informs the user about the remaining retries or lockout time on the login page.
|
21 |
+
* Optional logging and optional email notification.
|
22 |
+
* Handles server behind the reverse proxy.
|
23 |
+
* It is possible to whitelist/blacklist IPs and Usernames.
|
24 |
+
* Sucuri Website Firewall compatibility.
|
25 |
+
* **XMLRPC** gateway protection.
|
26 |
+
* **Woocommerce** login page protection.
|
27 |
+
* **Multi-site** compatibility with extra MU settings.
|
28 |
+
* **GDPR** compliant. With this feature turned on, all logged IPs get obfuscated (md5-hashed).
|
29 |
+
|
30 |
+
= Upgrading from the old Limit Login Attempts plugin =
|
31 |
+
1. Go to the Plugins section in your site's backend.
|
32 |
+
1. Remove the Limit Login Attempts plugin.
|
33 |
+
1. Install the Limit Login Attempts Reloaded plugin.
|
34 |
+
|
35 |
+
All your settings will be kept in tact!
|
36 |
+
|
37 |
+
Many languages are currently supported in Limit Login Attempts Reloaded plugin but we welcome any additional ones.
|
38 |
+
Help us bring Limit Login Attempts Reloaded to even more cultures.
|
39 |
+
|
40 |
+
Translations: Bulgarian, Brazilian Portuguese, Catalan, Chinese (Traditional), Czech, Dutch, Finnish, French, German, Hungarian, Norwegian, Persian, Romanian, Russian, Spanish, Swedish, Turkish
|
41 |
+
|
42 |
+
Plugin uses standard actions and filters only.
|
43 |
+
|
44 |
+
Based on the original code from Limit Login Attemps plugin by Johan Eenfeldt.
|
45 |
+
|
46 |
+
== Screenshots ==
|
47 |
+
|
48 |
+
1. Loginscreen after a failed login with remaining retries
|
49 |
+
2. Lockout loginscreen
|
50 |
+
3. Administration interface in WordPress 4.5.3
|
51 |
+
|
52 |
+
== Changelog ==
|
53 |
+
|
54 |
+
= 2.7.2 =
|
55 |
+
* Settings are moved to a separate page.
|
56 |
+
* Fixed: login error message. https://wordpress.org/support/topic/how-to-change-login-error-message/
|
57 |
+
|
58 |
+
= 2.7.1 =
|
59 |
+
* A security issue inherited from the ancestor plugin Limit Login Attempts has been fixed.
|
60 |
+
|
61 |
+
= 2.7.0 =
|
62 |
+
* GDPR compliance implemented.
|
63 |
+
|
64 |
+
* Fixed: ip_in_range() loop $ip overrides itself causing invalid results.
|
65 |
+
https://wordpress.org/support/topic/ip_in_range-loop-ip-overrides-itself-causing-invalid-results/
|
66 |
+
|
67 |
+
* Fixed: the plugin was locking out the same IP address multiple times, each with a different port.
|
68 |
+
https://wordpress.org/support/topic/same-ip-different-port/
|
69 |
+
|
70 |
+
= 2.6.3 =
|
71 |
+
* Added support of Sucuri Website Firewall.
|
72 |
+
|
73 |
+
= 2.6.2 =
|
74 |
+
* Fixed the issue with backslashes in usernames.
|
75 |
+
|
76 |
+
= 2.6.1 =
|
77 |
+
* Plugin returns the 403 Forbidden header after the limit of login attempts via XMLRPC is reached.
|
78 |
+
|
79 |
+
* Added support of IP ranges in white/black lists.
|
80 |
+
|
81 |
+
* Lockouts now can be released selectively.
|
82 |
+
|
83 |
+
* Fixed the issue with encoding of special symbols in email notifications.
|
84 |
+
|
85 |
+
= 2.5.0 =
|
86 |
+
* Added Multi-site Compatibility and additional MU settings. https://wordpress.org/support/topic/multisite-compatibility-47/
|
87 |
+
|
88 |
+
= 2.4.0 =
|
89 |
+
* Usernames and IP addresses can be white-listed and black-listed now. https://wordpress.org/support/topic/banning-specific-usernames/ https://wordpress.org/support/topic/good-831/
|
90 |
+
* The lockouts log has been inversed. https://wordpress.org/support/topic/inverse-log/
|
91 |
+
|
92 |
+
= 2.3.0 =
|
93 |
+
* IP addresses can be white-listed now. https://wordpress.org/support/topic/legal-user/
|
94 |
+
* A "Gateway" column is added to the lockouts log. It shows what endpoint an attacker was blocked from. https://wordpress.org/support/topic/xmlrpc-7/
|
95 |
+
* The "Undefined index: client_type" error is fixed. https://wordpress.org/support/topic/php-notice-when-updating-settings-page/
|
96 |
+
|
97 |
+
= 2.2.0 =
|
98 |
+
* Removed the "Handle cookie login" setting as they are now obsolete.
|
99 |
+
* Added bruteforce protection against Woocommerce login page attacks. https://wordpress.org/support/topic/how-to-integrate-with-woocommerce-2/
|
100 |
+
* Added bruteforce protection against XMLRPC attacks. https://wordpress.org/support/topic/xmlrpc-7/
|
101 |
+
|
102 |
+
= 2.1.0 =
|
103 |
+
* The site connection settings are now applied automatically and therefore have been removed from the admin interface.
|
104 |
+
* Now compatible with PHP 5.2 to support some older WP installations.
|
105 |
+
|
106 |
+
= 2.0.0 =
|
107 |
+
* fixed PHP Warning: Illegal offset type in isset or empty https://wordpress.org/support/topic/limit-login-attempts-generating-php-errors
|
108 |
+
* fixed the deprecated functions issue
|
109 |
+
https://wordpress.org/support/topic/using-deprecated-function
|
110 |
+
* Fixed error with function arguments: https://wordpress.org/support/topic/warning-missing-argument-2-5
|
111 |
+
* added time stamp to unsuccessful tries on the plugin configuration page.
|
112 |
+
* fixed .po translation files issue.
|
113 |
* code refactoring and optimization.
|
views/options-page.php
CHANGED
@@ -1,249 +1,249 @@
|
|
1 |
-
<?php
|
2 |
-
|
3 |
-
if( !defined( 'ABSPATH' ) )
|
4 |
-
exit();
|
5 |
-
|
6 |
-
/**
|
7 |
-
* @var $this Limit_Login_Attempts
|
8 |
-
*/
|
9 |
-
|
10 |
-
$gdpr = $this->get_option( 'gdpr', 0 );
|
11 |
-
|
12 |
-
$lockouts_total = $this->get_option( 'lockouts_total', 0 );
|
13 |
-
$lockouts = $this->get_option( 'login_lockouts' );
|
14 |
-
$lockouts_now = is_array( $lockouts ) ? count( $lockouts ) : 0;
|
15 |
-
|
16 |
-
$v = explode( ',', $this->get_option( 'lockout_notify' ) );
|
17 |
-
$log_checked = in_array( 'log', $v ) ? ' checked ' : '';
|
18 |
-
$email_checked = in_array( 'email', $v ) ? ' checked ' : '';
|
19 |
-
|
20 |
-
$white_list_ips = $this->get_option( 'whitelist' );
|
21 |
-
$white_list_ips = ( is_array( $white_list_ips ) && !empty( $white_list_ips ) ) ? implode( "\n", $white_list_ips ) : '';
|
22 |
-
|
23 |
-
$white_list_usernames = $this->get_option( 'whitelist_usernames' );
|
24 |
-
$white_list_usernames = ( is_array( $white_list_usernames ) && !empty( $white_list_usernames ) ) ? implode( "\n", $white_list_usernames ) : '';
|
25 |
-
|
26 |
-
$black_list_ips = $this->get_option( 'blacklist' );
|
27 |
-
$black_list_ips = ( is_array( $black_list_ips ) && !empty( $black_list_ips ) ) ? implode( "\n", $black_list_ips ) : '';
|
28 |
-
|
29 |
-
$black_list_usernames = $this->get_option( 'blacklist_usernames' );
|
30 |
-
$black_list_usernames = ( is_array( $black_list_usernames ) && !empty( $black_list_usernames ) ) ? implode( "\n", $black_list_usernames ) : '';
|
31 |
-
?>
|
32 |
-
<div class="wrap limit-login-page-settings">
|
33 |
-
<h2><?php echo __( 'Limit Login Attempts Settings', 'limit-login-attempts-reloaded' ); ?></h2>
|
34 |
-
<h3><?php echo __( 'Statistics', 'limit-login-attempts-reloaded' ); ?></h3>
|
35 |
-
<form action="<?php echo $this->get_options_page_uri(); ?>" method="post">
|
36 |
-
<?php wp_nonce_field( 'limit-login-attempts-options' ); ?>
|
37 |
-
<table class="form-table">
|
38 |
-
<tr>
|
39 |
-
<th scope="row" valign="top"><?php echo __( 'Total lockouts', 'limit-login-attempts-reloaded' ); ?></th>
|
40 |
-
<td>
|
41 |
-
<?php if( $lockouts_total > 0 ) { ?>
|
42 |
-
<input class="button" name="reset_total"
|
43 |
-
value="<?php echo __( 'Reset Counter', 'limit-login-attempts-reloaded' ); ?>"
|
44 |
-
type="submit"/>
|
45 |
-
<?php echo sprintf( _n( '%d lockout since last reset', '%d lockouts since last reset', $lockouts_total, 'limit-login-attempts-reloaded' ), $lockouts_total ); ?>
|
46 |
-
<?php } else {
|
47 |
-
echo __( 'No lockouts yet', 'limit-login-attempts-reloaded' );
|
48 |
-
} ?>
|
49 |
-
</td>
|
50 |
-
</tr>
|
51 |
-
<?php if( $lockouts_now > 0 ) { ?>
|
52 |
-
<tr>
|
53 |
-
<th scope="row"
|
54 |
-
valign="top"><?php echo __( 'Active lockouts', 'limit-login-attempts-reloaded' ); ?></th>
|
55 |
-
<td>
|
56 |
-
<input class="button" name="reset_current"
|
57 |
-
value="<?php echo __( 'Restore Lockouts', 'limit-login-attempts-reloaded' ); ?>"
|
58 |
-
type="submit"/>
|
59 |
-
<?php echo sprintf( __( '%d IP is currently blocked from trying to log in', 'limit-login-attempts-reloaded' ), $lockouts_now ); ?>
|
60 |
-
</td>
|
61 |
-
</tr>
|
62 |
-
<?php } ?>
|
63 |
-
</table>
|
64 |
-
</form>
|
65 |
-
<h3><?php echo __( 'Options', 'limit-login-attempts-reloaded' ); ?></h3>
|
66 |
-
<form action="<?php echo $this->get_options_page_uri(); ?>" method="post">
|
67 |
-
<?php wp_nonce_field( 'limit-login-attempts-options' ); ?>
|
68 |
-
<?php if ( is_network_admin() ): ?>
|
69 |
-
<input type="checkbox" name="allow_local_options" <?php echo $this->get_option( 'allow_local_options' ) ? 'checked' : '' ?> value="1"/> <?php esc_html_e( 'Let network sites use their own settings', 'limit-login-attempts-reloaded' ); ?>
|
70 |
-
<p class="description"><?php esc_html_e('If disabled, the global settings will be forcibly applied to the entire network.') ?></p>
|
71 |
-
<?php elseif ( $this->network_mode ): ?>
|
72 |
-
<input type="checkbox" name="use_global_options" <?php echo $this->get_option('use_local_options' ) ? '' : 'checked' ?> value="1" class="use_global_options"/> <?php echo __( 'Use global settings', 'limit-login-attempts-reloaded' ); ?><br/>
|
73 |
-
<script>
|
74 |
-
jQuery(function($){
|
75 |
-
var first = true;
|
76 |
-
$('.use_global_options').change( function(){
|
77 |
-
var form = $(this).siblings('table');
|
78 |
-
form.stop();
|
79 |
-
|
80 |
-
if ( this.checked )
|
81 |
-
first ? form.hide() : form.fadeOut();
|
82 |
-
else
|
83 |
-
first ? form.show() : form.fadeIn();
|
84 |
-
|
85 |
-
first = false;
|
86 |
-
}).change();
|
87 |
-
});
|
88 |
-
</script>
|
89 |
-
<?php endif ?>
|
90 |
-
<table class="form-table">
|
91 |
-
<tr>
|
92 |
-
<th scope="row"
|
93 |
-
valign="top"><?php echo __( 'GDPR compliance', 'limit-login-attempts-reloaded' ); ?></th>
|
94 |
-
<td>
|
95 |
-
<input type="checkbox" name="gdpr" value="1" <?php if($gdpr): ?> checked <?php endif; ?>/>
|
96 |
-
<?php echo __( 'this makes the plugin <a href="https://gdpr-info.eu/" target="_blank" >GDPR</a> compliant', 'limit-login-attempts-reloaded' ); ?> <br/>
|
97 |
-
</td>
|
98 |
-
</tr>
|
99 |
-
<tr>
|
100 |
-
<th scope="row" valign="top"><?php echo __( 'Lockout', 'limit-login-attempts-reloaded' ); ?></th>
|
101 |
-
<td>
|
102 |
-
|
103 |
-
<input type="text" size="3" maxlength="4"
|
104 |
-
value="<?php echo( $this->get_option( 'allowed_retries' ) ); ?>"
|
105 |
-
name="allowed_retries"/> <?php echo __( 'allowed retries', 'limit-login-attempts-reloaded' ); ?>
|
106 |
-
<br/>
|
107 |
-
<input type="text" size="3" maxlength="4"
|
108 |
-
value="<?php echo( $this->get_option( 'lockout_duration' ) / 60 ); ?>"
|
109 |
-
name="lockout_duration"/> <?php echo __( 'minutes lockout', 'limit-login-attempts-reloaded' ); ?>
|
110 |
-
<br/>
|
111 |
-
<input type="text" size="3" maxlength="4"
|
112 |
-
value="<?php echo( $this->get_option( 'allowed_lockouts' ) ); ?>"
|
113 |
-
name="allowed_lockouts"/> <?php echo __( 'lockouts increase lockout time to', 'limit-login-attempts-reloaded' ); ?>
|
114 |
-
<input type="text" size="3" maxlength="4"
|
115 |
-
value="<?php echo( $this->get_option( 'long_duration' ) / 3600 ); ?>"
|
116 |
-
name="long_duration"/> <?php echo __( 'hours', 'limit-login-attempts-reloaded' ); ?> <br/>
|
117 |
-
<input type="text" size="3" maxlength="4"
|
118 |
-
value="<?php echo( $this->get_option( 'valid_duration' ) / 3600 ); ?>"
|
119 |
-
name="valid_duration"/> <?php echo __( 'hours until retries are reset', 'limit-login-attempts-reloaded' ); ?>
|
120 |
-
</td>
|
121 |
-
</tr>
|
122 |
-
<tr>
|
123 |
-
<th scope="row"
|
124 |
-
valign="top"><?php echo __( 'Notify on lockout', 'limit-login-attempts-reloaded' ); ?></th>
|
125 |
-
<td>
|
126 |
-
<input type="checkbox" name="lockout_notify_log" <?php echo $log_checked; ?>
|
127 |
-
value="log"/> <?php echo __( 'Lockout log', 'limit-login-attempts-reloaded' ); ?><br/>
|
128 |
-
<input type="checkbox" name="lockout_notify_email" <?php echo $email_checked; ?>
|
129 |
-
value="email"/> <?php echo __( 'Email to admin after', 'limit-login-attempts-reloaded' ); ?>
|
130 |
-
<input type="text" size="3" maxlength="4"
|
131 |
-
value="<?php echo( $this->get_option( 'notify_email_after' ) ); ?>"
|
132 |
-
name="email_after"/> <?php echo __( 'lockouts', 'limit-login-attempts-reloaded' ); ?>
|
133 |
-
</td>
|
134 |
-
</tr>
|
135 |
-
<tr>
|
136 |
-
<th scope="row"
|
137 |
-
valign="top"><?php echo __( 'Whitelist', 'limit-login-attempts-reloaded' ); ?></th>
|
138 |
-
<td>
|
139 |
-
<div class="field-col">
|
140 |
-
<p class="description"><?php _e( 'One IP or IP range (1.2.3.4-5.6.7.8) per line', 'limit-login-attempts-reloaded' ); ?></p>
|
141 |
-
<textarea name="lla_whitelist_ips" rows="10" cols="50"><?php echo esc_textarea( $white_list_ips ); ?></textarea>
|
142 |
-
</div>
|
143 |
-
<div class="field-col">
|
144 |
-
<p class="description"><?php _e( 'One Username per line', 'limit-login-attempts-reloaded' ); ?></p>
|
145 |
-
<textarea name="lla_whitelist_usernames" rows="10" cols="50"><?php echo esc_textarea( $white_list_usernames ); ?></textarea>
|
146 |
-
</div>
|
147 |
-
</td>
|
148 |
-
</tr>
|
149 |
-
<tr>
|
150 |
-
<th scope="row"
|
151 |
-
valign="top"><?php echo __( 'Blacklist', 'limit-login-attempts-reloaded' ); ?></th>
|
152 |
-
<td>
|
153 |
-
<div class="field-col">
|
154 |
-
<p class="description"><?php _e( 'One IP or IP range (1.2.3.4-5.6.7.8) per line', 'limit-login-attempts-reloaded' ); ?></p>
|
155 |
-
<textarea name="lla_blacklist_ips" rows="10" cols="50"><?php echo esc_textarea( $black_list_ips ); ?></textarea>
|
156 |
-
</div>
|
157 |
-
<div class="field-col">
|
158 |
-
<p class="description"><?php _e( 'One Username per line', 'limit-login-attempts-reloaded' ); ?></p>
|
159 |
-
<textarea name="lla_blacklist_usernames" rows="10" cols="50"><?php echo esc_textarea( $black_list_usernames ); ?></textarea>
|
160 |
-
</div>
|
161 |
-
</td>
|
162 |
-
</tr>
|
163 |
-
</table>
|
164 |
-
<p class="submit">
|
165 |
-
<input class="button button-primary" name="update_options" value="<?php echo __( 'Save Options', 'limit-login-attempts-reloaded' ); ?>"
|
166 |
-
type="submit"/>
|
167 |
-
</p>
|
168 |
-
</form>
|
169 |
-
<?php
|
170 |
-
$log = $this->get_option( 'logged' );
|
171 |
-
$log = LLA_Helpers::sorted_log_by_date( $log );
|
172 |
-
|
173 |
-
$lockouts = (array)$this->get_option('lockouts');
|
174 |
-
|
175 |
-
if( is_array( $log ) && ! empty( $log ) ) { ?>
|
176 |
-
<h3><?php echo __( 'Lockout log', 'limit-login-attempts-reloaded' ); ?></h3>
|
177 |
-
<form action="<?php echo $this->get_options_page_uri(); ?>" method="post">
|
178 |
-
<?php wp_nonce_field( 'limit-login-attempts-options' ); ?>
|
179 |
-
<input type="hidden" value="true" name="clear_log"/>
|
180 |
-
<p class="submit">
|
181 |
-
<input class="button" name="submit" value="<?php echo __( 'Clear Log', 'limit-login-attempts-reloaded' ); ?>"
|
182 |
-
type="submit"/>
|
183 |
-
</p>
|
184 |
-
</form>
|
185 |
-
|
186 |
-
<div class="limit-login-log">
|
187 |
-
<table class="form-table">
|
188 |
-
<tr>
|
189 |
-
<th scope="col"><?php _e( "Date", 'limit-login-attempts-reloaded' ); ?></th>
|
190 |
-
<th scope="col"><?php echo _x( "IP", "Internet address", 'limit-login-attempts-reloaded' ); ?></th>
|
191 |
-
<th scope="col"><?php _e( 'Tried to log in as', 'limit-login-attempts-reloaded' ); ?></th>
|
192 |
-
<th scope="col"><?php _e( 'Gateway', 'limit-login-attempts-reloaded' ); ?></th>
|
193 |
-
<th>
|
194 |
-
</tr>
|
195 |
-
|
196 |
-
<?php foreach ( $log as $date => $user_info ) : ?>
|
197 |
-
<tr>
|
198 |
-
<td class="limit-login-date"><?php echo date_i18n( 'F d, Y H:i', $date ); ?></td>
|
199 |
-
<td class="limit-login-ip">
|
200 |
-
<?php echo esc_html( $user_info['ip'] ); ?>
|
201 |
-
</td>
|
202 |
-
<td class="limit-login-max"><?php echo esc_html( $user_info['username'] ) . ' (' . esc_html( $user_info['counter'] ) .' lockouts)'; ?></td>
|
203 |
-
<td class="limit-login-gateway"><?php echo esc_html( $user_info['gateway'] ); ?></td>
|
204 |
-
<td>
|
205 |
-
<?php if ( !empty( $lockouts[ $user_info['ip'] ] ) && $lockouts[ $user_info['ip'] ] > time() ) : ?>
|
206 |
-
<a href="#" class="button limit-login-unlock" data-ip="<?=esc_attr($user_info['ip'])?>" data-username="<?=esc_attr($user_info['username'])?>">Unlock</a>
|
207 |
-
<?php elseif ( $user_info['unlocked'] ): ?>
|
208 |
-
Unlocked
|
209 |
-
<?php endif ?>
|
210 |
-
</tr>
|
211 |
-
<?php endforeach; ?>
|
212 |
-
|
213 |
-
</table>
|
214 |
-
</div>
|
215 |
-
<script>jQuery( function($) {
|
216 |
-
$('.limit-login-log .limit-login-unlock').click( function()
|
217 |
-
{
|
218 |
-
var btn = $(this);
|
219 |
-
|
220 |
-
if ( btn.hasClass('disabled') )
|
221 |
-
return false;
|
222 |
-
btn.addClass( 'disabled' );
|
223 |
-
|
224 |
-
$.post( ajaxurl, {
|
225 |
-
action: 'limit-login-unlock',
|
226 |
-
sec: '<?=wp_create_nonce('limit-login-unlock') ?>',
|
227 |
-
ip: btn.data('ip'),
|
228 |
-
username: btn.data('username')
|
229 |
-
} )
|
230 |
-
.done( function(data) {
|
231 |
-
if ( data === true )
|
232 |
-
btn.fadeOut( function(){ $(this).parent().text('Unlocked') });
|
233 |
-
else
|
234 |
-
fail();
|
235 |
-
}).fail( fail );
|
236 |
-
|
237 |
-
function fail() {
|
238 |
-
alert('Connection error');
|
239 |
-
btn.removeClass('disabled');
|
240 |
-
}
|
241 |
-
|
242 |
-
return false;
|
243 |
-
} );
|
244 |
-
} )</script>
|
245 |
-
<?php
|
246 |
-
} /* if showing $log */
|
247 |
-
?>
|
248 |
-
|
249 |
</div>
|
1 |
+
<?php
|
2 |
+
|
3 |
+
if( !defined( 'ABSPATH' ) )
|
4 |
+
exit();
|
5 |
+
|
6 |
+
/**
|
7 |
+
* @var $this Limit_Login_Attempts
|
8 |
+
*/
|
9 |
+
|
10 |
+
$gdpr = $this->get_option( 'gdpr', 0 );
|
11 |
+
|
12 |
+
$lockouts_total = $this->get_option( 'lockouts_total', 0 );
|
13 |
+
$lockouts = $this->get_option( 'login_lockouts' );
|
14 |
+
$lockouts_now = is_array( $lockouts ) ? count( $lockouts ) : 0;
|
15 |
+
|
16 |
+
$v = explode( ',', $this->get_option( 'lockout_notify' ) );
|
17 |
+
$log_checked = in_array( 'log', $v ) ? ' checked ' : '';
|
18 |
+
$email_checked = in_array( 'email', $v ) ? ' checked ' : '';
|
19 |
+
|
20 |
+
$white_list_ips = $this->get_option( 'whitelist' );
|
21 |
+
$white_list_ips = ( is_array( $white_list_ips ) && !empty( $white_list_ips ) ) ? implode( "\n", $white_list_ips ) : '';
|
22 |
+
|
23 |
+
$white_list_usernames = $this->get_option( 'whitelist_usernames' );
|
24 |
+
$white_list_usernames = ( is_array( $white_list_usernames ) && !empty( $white_list_usernames ) ) ? implode( "\n", $white_list_usernames ) : '';
|
25 |
+
|
26 |
+
$black_list_ips = $this->get_option( 'blacklist' );
|
27 |
+
$black_list_ips = ( is_array( $black_list_ips ) && !empty( $black_list_ips ) ) ? implode( "\n", $black_list_ips ) : '';
|
28 |
+
|
29 |
+
$black_list_usernames = $this->get_option( 'blacklist_usernames' );
|
30 |
+
$black_list_usernames = ( is_array( $black_list_usernames ) && !empty( $black_list_usernames ) ) ? implode( "\n", $black_list_usernames ) : '';
|
31 |
+
?>
|
32 |
+
<div class="wrap limit-login-page-settings">
|
33 |
+
<h2><?php echo __( 'Limit Login Attempts Settings', 'limit-login-attempts-reloaded' ); ?></h2>
|
34 |
+
<h3><?php echo __( 'Statistics', 'limit-login-attempts-reloaded' ); ?></h3>
|
35 |
+
<form action="<?php echo $this->get_options_page_uri(); ?>" method="post">
|
36 |
+
<?php wp_nonce_field( 'limit-login-attempts-options' ); ?>
|
37 |
+
<table class="form-table">
|
38 |
+
<tr>
|
39 |
+
<th scope="row" valign="top"><?php echo __( 'Total lockouts', 'limit-login-attempts-reloaded' ); ?></th>
|
40 |
+
<td>
|
41 |
+
<?php if( $lockouts_total > 0 ) { ?>
|
42 |
+
<input class="button" name="reset_total"
|
43 |
+
value="<?php echo __( 'Reset Counter', 'limit-login-attempts-reloaded' ); ?>"
|
44 |
+
type="submit"/>
|
45 |
+
<?php echo sprintf( _n( '%d lockout since last reset', '%d lockouts since last reset', $lockouts_total, 'limit-login-attempts-reloaded' ), $lockouts_total ); ?>
|
46 |
+
<?php } else {
|
47 |
+
echo __( 'No lockouts yet', 'limit-login-attempts-reloaded' );
|
48 |
+
} ?>
|
49 |
+
</td>
|
50 |
+
</tr>
|
51 |
+
<?php if( $lockouts_now > 0 ) { ?>
|
52 |
+
<tr>
|
53 |
+
<th scope="row"
|
54 |
+
valign="top"><?php echo __( 'Active lockouts', 'limit-login-attempts-reloaded' ); ?></th>
|
55 |
+
<td>
|
56 |
+
<input class="button" name="reset_current"
|
57 |
+
value="<?php echo __( 'Restore Lockouts', 'limit-login-attempts-reloaded' ); ?>"
|
58 |
+
type="submit"/>
|
59 |
+
<?php echo sprintf( __( '%d IP is currently blocked from trying to log in', 'limit-login-attempts-reloaded' ), $lockouts_now ); ?>
|
60 |
+
</td>
|
61 |
+
</tr>
|
62 |
+
<?php } ?>
|
63 |
+
</table>
|
64 |
+
</form>
|
65 |
+
<h3><?php echo __( 'Options', 'limit-login-attempts-reloaded' ); ?></h3>
|
66 |
+
<form action="<?php echo $this->get_options_page_uri(); ?>" method="post">
|
67 |
+
<?php wp_nonce_field( 'limit-login-attempts-options' ); ?>
|
68 |
+
<?php if ( is_network_admin() ): ?>
|
69 |
+
<input type="checkbox" name="allow_local_options" <?php echo $this->get_option( 'allow_local_options' ) ? 'checked' : '' ?> value="1"/> <?php esc_html_e( 'Let network sites use their own settings', 'limit-login-attempts-reloaded' ); ?>
|
70 |
+
<p class="description"><?php esc_html_e('If disabled, the global settings will be forcibly applied to the entire network.') ?></p>
|
71 |
+
<?php elseif ( $this->network_mode ): ?>
|
72 |
+
<input type="checkbox" name="use_global_options" <?php echo $this->get_option('use_local_options' ) ? '' : 'checked' ?> value="1" class="use_global_options"/> <?php echo __( 'Use global settings', 'limit-login-attempts-reloaded' ); ?><br/>
|
73 |
+
<script>
|
74 |
+
jQuery(function($){
|
75 |
+
var first = true;
|
76 |
+
$('.use_global_options').change( function(){
|
77 |
+
var form = $(this).siblings('table');
|
78 |
+
form.stop();
|
79 |
+
|
80 |
+
if ( this.checked )
|
81 |
+
first ? form.hide() : form.fadeOut();
|
82 |
+
else
|
83 |
+
first ? form.show() : form.fadeIn();
|
84 |
+
|
85 |
+
first = false;
|
86 |
+
}).change();
|
87 |
+
});
|
88 |
+
</script>
|
89 |
+
<?php endif ?>
|
90 |
+
<table class="form-table">
|
91 |
+
<tr>
|
92 |
+
<th scope="row"
|
93 |
+
valign="top"><?php echo __( 'GDPR compliance', 'limit-login-attempts-reloaded' ); ?></th>
|
94 |
+
<td>
|
95 |
+
<input type="checkbox" name="gdpr" value="1" <?php if($gdpr): ?> checked <?php endif; ?>/>
|
96 |
+
<?php echo __( 'this makes the plugin <a href="https://gdpr-info.eu/" target="_blank" >GDPR</a> compliant', 'limit-login-attempts-reloaded' ); ?> <br/>
|
97 |
+
</td>
|
98 |
+
</tr>
|
99 |
+
<tr>
|
100 |
+
<th scope="row" valign="top"><?php echo __( 'Lockout', 'limit-login-attempts-reloaded' ); ?></th>
|
101 |
+
<td>
|
102 |
+
|
103 |
+
<input type="text" size="3" maxlength="4"
|
104 |
+
value="<?php echo( $this->get_option( 'allowed_retries' ) ); ?>"
|
105 |
+
name="allowed_retries"/> <?php echo __( 'allowed retries', 'limit-login-attempts-reloaded' ); ?>
|
106 |
+
<br/>
|
107 |
+
<input type="text" size="3" maxlength="4"
|
108 |
+
value="<?php echo( $this->get_option( 'lockout_duration' ) / 60 ); ?>"
|
109 |
+
name="lockout_duration"/> <?php echo __( 'minutes lockout', 'limit-login-attempts-reloaded' ); ?>
|
110 |
+
<br/>
|
111 |
+
<input type="text" size="3" maxlength="4"
|
112 |
+
value="<?php echo( $this->get_option( 'allowed_lockouts' ) ); ?>"
|
113 |
+
name="allowed_lockouts"/> <?php echo __( 'lockouts increase lockout time to', 'limit-login-attempts-reloaded' ); ?>
|
114 |
+
<input type="text" size="3" maxlength="4"
|
115 |
+
value="<?php echo( $this->get_option( 'long_duration' ) / 3600 ); ?>"
|
116 |
+
name="long_duration"/> <?php echo __( 'hours', 'limit-login-attempts-reloaded' ); ?> <br/>
|
117 |
+
<input type="text" size="3" maxlength="4"
|
118 |
+
value="<?php echo( $this->get_option( 'valid_duration' ) / 3600 ); ?>"
|
119 |
+
name="valid_duration"/> <?php echo __( 'hours until retries are reset', 'limit-login-attempts-reloaded' ); ?>
|
120 |
+
</td>
|
121 |
+
</tr>
|
122 |
+
<tr>
|
123 |
+
<th scope="row"
|
124 |
+
valign="top"><?php echo __( 'Notify on lockout', 'limit-login-attempts-reloaded' ); ?></th>
|
125 |
+
<td>
|
126 |
+
<input type="checkbox" name="lockout_notify_log" <?php echo $log_checked; ?>
|
127 |
+
value="log"/> <?php echo __( 'Lockout log', 'limit-login-attempts-reloaded' ); ?><br/>
|
128 |
+
<input type="checkbox" name="lockout_notify_email" <?php echo $email_checked; ?>
|
129 |
+
value="email"/> <?php echo __( 'Email to admin after', 'limit-login-attempts-reloaded' ); ?>
|
130 |
+
<input type="text" size="3" maxlength="4"
|
131 |
+
value="<?php echo( $this->get_option( 'notify_email_after' ) ); ?>"
|
132 |
+
name="email_after"/> <?php echo __( 'lockouts', 'limit-login-attempts-reloaded' ); ?>
|
133 |
+
</td>
|
134 |
+
</tr>
|
135 |
+
<tr>
|
136 |
+
<th scope="row"
|
137 |
+
valign="top"><?php echo __( 'Whitelist', 'limit-login-attempts-reloaded' ); ?></th>
|
138 |
+
<td>
|
139 |
+
<div class="field-col">
|
140 |
+
<p class="description"><?php _e( 'One IP or IP range (1.2.3.4-5.6.7.8) per line', 'limit-login-attempts-reloaded' ); ?></p>
|
141 |
+
<textarea name="lla_whitelist_ips" rows="10" cols="50"><?php echo esc_textarea( $white_list_ips ); ?></textarea>
|
142 |
+
</div>
|
143 |
+
<div class="field-col">
|
144 |
+
<p class="description"><?php _e( 'One Username per line', 'limit-login-attempts-reloaded' ); ?></p>
|
145 |
+
<textarea name="lla_whitelist_usernames" rows="10" cols="50"><?php echo esc_textarea( $white_list_usernames ); ?></textarea>
|
146 |
+
</div>
|
147 |
+
</td>
|
148 |
+
</tr>
|
149 |
+
<tr>
|
150 |
+
<th scope="row"
|
151 |
+
valign="top"><?php echo __( 'Blacklist', 'limit-login-attempts-reloaded' ); ?></th>
|
152 |
+
<td>
|
153 |
+
<div class="field-col">
|
154 |
+
<p class="description"><?php _e( 'One IP or IP range (1.2.3.4-5.6.7.8) per line', 'limit-login-attempts-reloaded' ); ?></p>
|
155 |
+
<textarea name="lla_blacklist_ips" rows="10" cols="50"><?php echo esc_textarea( $black_list_ips ); ?></textarea>
|
156 |
+
</div>
|
157 |
+
<div class="field-col">
|
158 |
+
<p class="description"><?php _e( 'One Username per line', 'limit-login-attempts-reloaded' ); ?></p>
|
159 |
+
<textarea name="lla_blacklist_usernames" rows="10" cols="50"><?php echo esc_textarea( $black_list_usernames ); ?></textarea>
|
160 |
+
</div>
|
161 |
+
</td>
|
162 |
+
</tr>
|
163 |
+
</table>
|
164 |
+
<p class="submit">
|
165 |
+
<input class="button button-primary" name="update_options" value="<?php echo __( 'Save Options', 'limit-login-attempts-reloaded' ); ?>"
|
166 |
+
type="submit"/>
|
167 |
+
</p>
|
168 |
+
</form>
|
169 |
+
<?php
|
170 |
+
$log = $this->get_option( 'logged' );
|
171 |
+
$log = LLA_Helpers::sorted_log_by_date( $log );
|
172 |
+
|
173 |
+
$lockouts = (array)$this->get_option('lockouts');
|
174 |
+
|
175 |
+
if( is_array( $log ) && ! empty( $log ) ) { ?>
|
176 |
+
<h3><?php echo __( 'Lockout log', 'limit-login-attempts-reloaded' ); ?></h3>
|
177 |
+
<form action="<?php echo $this->get_options_page_uri(); ?>" method="post">
|
178 |
+
<?php wp_nonce_field( 'limit-login-attempts-options' ); ?>
|
179 |
+
<input type="hidden" value="true" name="clear_log"/>
|
180 |
+
<p class="submit">
|
181 |
+
<input class="button" name="submit" value="<?php echo __( 'Clear Log', 'limit-login-attempts-reloaded' ); ?>"
|
182 |
+
type="submit"/>
|
183 |
+
</p>
|
184 |
+
</form>
|
185 |
+
|
186 |
+
<div class="limit-login-log">
|
187 |
+
<table class="form-table">
|
188 |
+
<tr>
|
189 |
+
<th scope="col"><?php _e( "Date", 'limit-login-attempts-reloaded' ); ?></th>
|
190 |
+
<th scope="col"><?php echo _x( "IP", "Internet address", 'limit-login-attempts-reloaded' ); ?></th>
|
191 |
+
<th scope="col"><?php _e( 'Tried to log in as', 'limit-login-attempts-reloaded' ); ?></th>
|
192 |
+
<th scope="col"><?php _e( 'Gateway', 'limit-login-attempts-reloaded' ); ?></th>
|
193 |
+
<th>
|
194 |
+
</tr>
|
195 |
+
|
196 |
+
<?php foreach ( $log as $date => $user_info ) : ?>
|
197 |
+
<tr>
|
198 |
+
<td class="limit-login-date"><?php echo date_i18n( 'F d, Y H:i', $date ); ?></td>
|
199 |
+
<td class="limit-login-ip">
|
200 |
+
<?php echo esc_html( $user_info['ip'] ); ?>
|
201 |
+
</td>
|
202 |
+
<td class="limit-login-max"><?php echo esc_html( $user_info['username'] ) . ' (' . esc_html( $user_info['counter'] ) .' lockouts)'; ?></td>
|
203 |
+
<td class="limit-login-gateway"><?php echo esc_html( $user_info['gateway'] ); ?></td>
|
204 |
+
<td>
|
205 |
+
<?php if ( !empty( $lockouts[ $user_info['ip'] ] ) && $lockouts[ $user_info['ip'] ] > time() ) : ?>
|
206 |
+
<a href="#" class="button limit-login-unlock" data-ip="<?=esc_attr($user_info['ip'])?>" data-username="<?=esc_attr($user_info['username'])?>">Unlock</a>
|
207 |
+
<?php elseif ( $user_info['unlocked'] ): ?>
|
208 |
+
Unlocked
|
209 |
+
<?php endif ?>
|
210 |
+
</tr>
|
211 |
+
<?php endforeach; ?>
|
212 |
+
|
213 |
+
</table>
|
214 |
+
</div>
|
215 |
+
<script>jQuery( function($) {
|
216 |
+
$('.limit-login-log .limit-login-unlock').click( function()
|
217 |
+
{
|
218 |
+
var btn = $(this);
|
219 |
+
|
220 |
+
if ( btn.hasClass('disabled') )
|
221 |
+
return false;
|
222 |
+
btn.addClass( 'disabled' );
|
223 |
+
|
224 |
+
$.post( ajaxurl, {
|
225 |
+
action: 'limit-login-unlock',
|
226 |
+
sec: '<?=wp_create_nonce('limit-login-unlock') ?>',
|
227 |
+
ip: btn.data('ip'),
|
228 |
+
username: btn.data('username')
|
229 |
+
} )
|
230 |
+
.done( function(data) {
|
231 |
+
if ( data === true )
|
232 |
+
btn.fadeOut( function(){ $(this).parent().text('Unlocked') });
|
233 |
+
else
|
234 |
+
fail();
|
235 |
+
}).fail( fail );
|
236 |
+
|
237 |
+
function fail() {
|
238 |
+
alert('Connection error');
|
239 |
+
btn.removeClass('disabled');
|
240 |
+
}
|
241 |
+
|
242 |
+
return false;
|
243 |
+
} );
|
244 |
+
} )</script>
|
245 |
+
<?php
|
246 |
+
} /* if showing $log */
|
247 |
+
?>
|
248 |
+
|
249 |
</div>
|