Version Description
- Extra lockout options are back.
Download this release
Release Info
Developer | wpchefgadget |
Plugin | Limit Login Attempts Reloaded |
Version | 2.8.1 |
Comparing to | |
See all releases |
Code changes from version 2.8.0 to 2.8.1
- core/LimitLoginAttempts.php +55 -55
- limit-login-attempts-reloaded.php +1 -1
- readme.txt +4 -1
- views/options-page.php +0 -2
core/LimitLoginAttempts.php
CHANGED
@@ -69,7 +69,7 @@ class Limit_Login_Attempts
|
|
69 |
add_filter( 'limit_login_blacklist_ip', array( $this, 'check_blacklist_ips' ), 10, 2 );
|
70 |
add_filter( 'limit_login_blacklist_usernames', array( $this, 'check_blacklist_usernames' ), 10, 2 );
|
71 |
}
|
72 |
-
|
73 |
/**
|
74 |
* Hook 'plugins_loaded'
|
75 |
*/
|
@@ -80,13 +80,13 @@ class Limit_Login_Attempts
|
|
80 |
|
81 |
// Check if installed old plugin
|
82 |
$this->check_original_installed();
|
83 |
-
|
84 |
if ( is_multisite() )
|
85 |
require_once ABSPATH.'wp-admin/includes/plugin.php';
|
86 |
-
|
87 |
$this->network_mode = is_multisite() && is_plugin_active_for_network('limit-login-attempts-reloaded/limit-login-attempts-reloaded.php');
|
88 |
-
|
89 |
-
|
90 |
if ( $this->network_mode )
|
91 |
{
|
92 |
$this->allow_local_options = get_site_option( 'limit_login_allow_local_options', false );
|
@@ -97,7 +97,7 @@ class Limit_Login_Attempts
|
|
97 |
$this->allow_local_options = true;
|
98 |
$this->use_local_options = true;
|
99 |
}
|
100 |
-
|
101 |
|
102 |
// Setup default plugin options
|
103 |
//$this->sanitize_options();
|
@@ -108,10 +108,10 @@ class Limit_Login_Attempts
|
|
108 |
add_filter( 'shake_error_codes', array( $this, 'failure_shake' ) );
|
109 |
add_action( 'login_head', array( $this, 'add_error_message' ) );
|
110 |
add_action( 'login_errors', array( $this, 'fixup_error_messages' ) );
|
111 |
-
|
112 |
if ( $this->network_mode )
|
113 |
add_action( 'network_admin_menu', array( $this, 'network_admin_menu' ) );
|
114 |
-
|
115 |
if ( $this->allow_local_options )
|
116 |
add_action( 'admin_menu', array( $this, 'admin_menu' ) );
|
117 |
|
@@ -128,10 +128,10 @@ class Limit_Login_Attempts
|
|
128 |
*/
|
129 |
add_action( 'wp_authenticate', array( $this, 'track_credentials' ), 10, 2 );
|
130 |
add_action( 'authenticate', array( $this, 'authenticate_filter' ), 5, 3 );
|
131 |
-
|
132 |
if ( defined('XMLRPC_REQUEST') && XMLRPC_REQUEST )
|
133 |
add_action( 'init', array( $this, 'check_xmlrpc_lock' ) );
|
134 |
-
|
135 |
add_action('wp_ajax_limit-login-unlock', array( $this, 'ajax_unlock' ) );
|
136 |
}
|
137 |
|
@@ -264,7 +264,7 @@ class Limit_Login_Attempts
|
|
264 |
{
|
265 |
if ( is_user_logged_in() || $this->is_ip_whitelisted() )
|
266 |
return;
|
267 |
-
|
268 |
if ( $this->is_ip_blacklisted() || !$this->is_limit_login_ok() )
|
269 |
{
|
270 |
header('HTTP/1.0 403 Forbidden');
|
@@ -287,7 +287,7 @@ class Limit_Login_Attempts
|
|
287 |
public function check_blacklist_usernames( $allow, $username ) {
|
288 |
return in_array( $username, (array) $this->get_option( 'blacklist_usernames' ) );
|
289 |
}
|
290 |
-
|
291 |
public function ip_in_range( $ip, $list )
|
292 |
{
|
293 |
foreach ( $list as $range )
|
@@ -303,10 +303,10 @@ class Limit_Login_Attempts
|
|
303 |
$low = ip2long( $range[0] );
|
304 |
$high = ip2long( $range[1] );
|
305 |
$needle = ip2long( $ip );
|
306 |
-
|
307 |
if ( $low === false || $high === false || $needle === false )
|
308 |
continue;
|
309 |
-
|
310 |
$low = (float)sprintf("%u",$low);
|
311 |
$high = (float)sprintf("%u",$high);
|
312 |
$needle = (float)sprintf("%u",$needle);
|
@@ -315,7 +315,7 @@ class Limit_Login_Attempts
|
|
315 |
return true;
|
316 |
}
|
317 |
}
|
318 |
-
|
319 |
return false;
|
320 |
}
|
321 |
|
@@ -461,7 +461,7 @@ class Limit_Login_Attempts
|
|
461 |
{
|
462 |
add_submenu_page( 'settings.php', 'Limit Login Attempts', 'Limit Login Attempts', 'manage_options', $this->_options_page_slug, array( $this, 'options_page' ) );
|
463 |
}
|
464 |
-
|
465 |
public function admin_menu()
|
466 |
{
|
467 |
add_options_page( 'Limit Login Attempts', 'Limit Login Attempts', 'manage_options', $this->_options_page_slug, array( $this, 'options_page' ) );
|
@@ -476,7 +476,7 @@ class Limit_Login_Attempts
|
|
476 |
{
|
477 |
if ( is_network_admin() )
|
478 |
return network_admin_url( 'settings.php?page=limit-login-attempts' );
|
479 |
-
|
480 |
return menu_page_url( $this->_options_page_slug, false );
|
481 |
}
|
482 |
|
@@ -487,43 +487,43 @@ class Limit_Login_Attempts
|
|
487 |
*
|
488 |
* @return null
|
489 |
*/
|
490 |
-
public function get_option( $option_name, $local = null )
|
491 |
{
|
492 |
if ( is_null( $local ) )
|
493 |
$local = $this->use_local_options;
|
494 |
-
|
495 |
$option = 'limit_login_'.$option_name;
|
496 |
-
|
497 |
$func = $local ? 'get_option' : 'get_site_option';
|
498 |
$value = $func( $option, null );
|
499 |
-
|
500 |
if ( is_null( $value ) && isset( $this->default_options[ $option_name ] ) )
|
501 |
$value = $this->default_options[ $option_name ];
|
502 |
-
|
503 |
return $value;
|
504 |
}
|
505 |
-
|
506 |
public function update_option( $option_name, $value, $local = null )
|
507 |
{
|
508 |
if ( is_null( $local ) )
|
509 |
$local = $this->use_local_options;
|
510 |
-
|
511 |
$option = 'limit_login_'.$option_name;
|
512 |
-
|
513 |
$func = $local ? 'update_option' : 'update_site_option';
|
514 |
-
|
515 |
return $func( $option, $value );
|
516 |
}
|
517 |
-
|
518 |
public function add_option( $option_name, $value, $local=null )
|
519 |
{
|
520 |
if ( is_null( $local ) )
|
521 |
$local = $this->use_local_options;
|
522 |
-
|
523 |
$option = 'limit_login_'.$option_name;
|
524 |
-
|
525 |
$func = $local ? 'add_option' : 'add_site_option';
|
526 |
-
|
527 |
return $func( $option, $value, '', 'no' );
|
528 |
}
|
529 |
|
@@ -541,11 +541,11 @@ class Limit_Login_Attempts
|
|
541 |
}
|
542 |
if ( $this->get_option('notify_email_after') > $this->get_option( 'allowed_lockouts' ) )
|
543 |
$this->update_option( 'notify_email_after', $this->get_option( 'allowed_lockouts' ) );
|
544 |
-
|
545 |
$args = explode( ',', $this->get_option( 'lockout_notify' ) );
|
546 |
$args_allowed = explode( ',', LLA_LOCKOUT_NOTIFY_ALLOWED );
|
547 |
$new_args = array_intersect( $args, $args_allowed );
|
548 |
-
|
549 |
$this->update_option( 'lockout_notify', implode( ',', $new_args ) );
|
550 |
|
551 |
$ctype = $this->get_option( 'client_type' );
|
@@ -784,7 +784,7 @@ class Limit_Login_Attempts
|
|
784 |
|
785 |
@wp_mail( $admin_email, $subject, $message );
|
786 |
}
|
787 |
-
|
788 |
/**
|
789 |
* Logging of lockout (if configured)
|
790 |
*
|
@@ -808,15 +808,15 @@ class Limit_Login_Attempts
|
|
808 |
/* can be written much simpler, if you do not mind php warnings */
|
809 |
if ( !isset( $log[ $index ] ) )
|
810 |
$log[ $index ] = array();
|
811 |
-
|
812 |
if ( !isset( $log[ $index ][ $user_login ] ) )
|
813 |
$log[ $index ][ $user_login ] = array( 'counter' => 0 );
|
814 |
-
|
815 |
elseif ( !is_array( $log[ $index ][ $user_login ] ) )
|
816 |
$log[ $index ][ $user_login ] = array(
|
817 |
'counter' => $log[ $index ][ $user_login ],
|
818 |
);
|
819 |
-
|
820 |
$log[ $index ][ $user_login ]['counter']++;
|
821 |
$log[ $index ][ $user_login ]['date'] = time();
|
822 |
|
@@ -1076,7 +1076,7 @@ class Limit_Login_Attempts
|
|
1076 |
$my_warn_count = $limit_login_my_error_shown ? 1 : 0;
|
1077 |
|
1078 |
if ( $limit_login_nonempty_credentials && $count > $my_warn_count ) {
|
1079 |
-
|
1080 |
/* Replace error message, including ours if necessary */
|
1081 |
if( !empty( $_REQUEST['log'] ) && is_email( $_REQUEST['log'] ) ) {
|
1082 |
$content = __( '<strong>ERROR</strong>: Incorrect email address or password.', 'limit-login-attempts-reloaded' ) . "<br />\n";
|
@@ -1245,14 +1245,14 @@ class Limit_Login_Attempts
|
|
1245 |
public function options_page() {
|
1246 |
$this->use_local_options = !is_network_admin();
|
1247 |
$this->cleanup();
|
1248 |
-
|
1249 |
if( !empty( $_POST ) )
|
1250 |
{
|
1251 |
check_admin_referer( 'limit-login-attempts-options' );
|
1252 |
-
|
1253 |
if ( is_network_admin() )
|
1254 |
$this->update_option( 'allow_local_options', !empty($_POST['allow_local_options']) );
|
1255 |
-
|
1256 |
elseif ( $this->network_mode )
|
1257 |
$this->update_option( 'use_local_options', empty($_POST['use_global_options']) );
|
1258 |
|
@@ -1291,9 +1291,9 @@ class Limit_Login_Attempts
|
|
1291 |
{
|
1292 |
$this->update_option('allowed_retries', (int)$_POST['allowed_retries'] );
|
1293 |
$this->update_option('lockout_duration', (int)$_POST['lockout_duration'] * 60 );
|
1294 |
-
|
1295 |
-
|
1296 |
-
|
1297 |
$this->update_option('notify_email_after', (int)$_POST['email_after'] );
|
1298 |
|
1299 |
$this->update_option('admin_notify_email', sanitize_email( $_POST['admin_notify_email'] ) );
|
@@ -1345,7 +1345,7 @@ class Limit_Login_Attempts
|
|
1345 |
}
|
1346 |
}
|
1347 |
$this->update_option('blacklist_usernames', $black_list_usernames );
|
1348 |
-
|
1349 |
$notify_methods = array();
|
1350 |
if( isset( $_POST[ 'lockout_notify_log' ] ) ) {
|
1351 |
$notify_methods[] = 'log';
|
@@ -1354,44 +1354,44 @@ class Limit_Login_Attempts
|
|
1354 |
$notify_methods[] = 'email';
|
1355 |
}
|
1356 |
$this->update_option('lockout_notify', implode( ',', $notify_methods ) );
|
1357 |
-
|
1358 |
$this->sanitize_options();
|
1359 |
-
|
1360 |
$this->show_error( __( 'Options saved.', 'limit-login-attempts-reloaded' ) );
|
1361 |
}
|
1362 |
}
|
1363 |
-
|
1364 |
include_once( LLA_PLUGIN_DIR . '/views/options-page.php' );
|
1365 |
}
|
1366 |
-
|
1367 |
public function ajax_unlock()
|
1368 |
{
|
1369 |
check_ajax_referer('limit-login-unlock', 'sec');
|
1370 |
$ip = (string)@$_POST['ip'];
|
1371 |
-
|
1372 |
$lockouts = (array)$this->get_option('lockouts');
|
1373 |
-
|
1374 |
if ( isset( $lockouts[ $ip ] ) )
|
1375 |
{
|
1376 |
unset( $lockouts[ $ip ] );
|
1377 |
$this->update_option( 'lockouts', $lockouts );
|
1378 |
}
|
1379 |
-
|
1380 |
//save to log
|
1381 |
$user_login = @(string)$_POST['username'];
|
1382 |
$log = $this->get_option( 'logged' );
|
1383 |
-
|
1384 |
if ( @$log[ $ip ][ $user_login ] )
|
1385 |
{
|
1386 |
if ( !is_array( $log[ $ip ][ $user_login ] ) )
|
1387 |
-
$log[ $ip ][ $user_login ] = array(
|
1388 |
'counter' => $log[ $ip ][ $user_login ],
|
1389 |
);
|
1390 |
$log[ $ip ][ $user_login ]['unlocked'] = true;
|
1391 |
-
|
1392 |
$this->update_option( 'logged', $log );
|
1393 |
}
|
1394 |
-
|
1395 |
header('Content-Type: application/json');
|
1396 |
echo 'true';
|
1397 |
exit;
|
69 |
add_filter( 'limit_login_blacklist_ip', array( $this, 'check_blacklist_ips' ), 10, 2 );
|
70 |
add_filter( 'limit_login_blacklist_usernames', array( $this, 'check_blacklist_usernames' ), 10, 2 );
|
71 |
}
|
72 |
+
|
73 |
/**
|
74 |
* Hook 'plugins_loaded'
|
75 |
*/
|
80 |
|
81 |
// Check if installed old plugin
|
82 |
$this->check_original_installed();
|
83 |
+
|
84 |
if ( is_multisite() )
|
85 |
require_once ABSPATH.'wp-admin/includes/plugin.php';
|
86 |
+
|
87 |
$this->network_mode = is_multisite() && is_plugin_active_for_network('limit-login-attempts-reloaded/limit-login-attempts-reloaded.php');
|
88 |
+
|
89 |
+
|
90 |
if ( $this->network_mode )
|
91 |
{
|
92 |
$this->allow_local_options = get_site_option( 'limit_login_allow_local_options', false );
|
97 |
$this->allow_local_options = true;
|
98 |
$this->use_local_options = true;
|
99 |
}
|
100 |
+
|
101 |
|
102 |
// Setup default plugin options
|
103 |
//$this->sanitize_options();
|
108 |
add_filter( 'shake_error_codes', array( $this, 'failure_shake' ) );
|
109 |
add_action( 'login_head', array( $this, 'add_error_message' ) );
|
110 |
add_action( 'login_errors', array( $this, 'fixup_error_messages' ) );
|
111 |
+
|
112 |
if ( $this->network_mode )
|
113 |
add_action( 'network_admin_menu', array( $this, 'network_admin_menu' ) );
|
114 |
+
|
115 |
if ( $this->allow_local_options )
|
116 |
add_action( 'admin_menu', array( $this, 'admin_menu' ) );
|
117 |
|
128 |
*/
|
129 |
add_action( 'wp_authenticate', array( $this, 'track_credentials' ), 10, 2 );
|
130 |
add_action( 'authenticate', array( $this, 'authenticate_filter' ), 5, 3 );
|
131 |
+
|
132 |
if ( defined('XMLRPC_REQUEST') && XMLRPC_REQUEST )
|
133 |
add_action( 'init', array( $this, 'check_xmlrpc_lock' ) );
|
134 |
+
|
135 |
add_action('wp_ajax_limit-login-unlock', array( $this, 'ajax_unlock' ) );
|
136 |
}
|
137 |
|
264 |
{
|
265 |
if ( is_user_logged_in() || $this->is_ip_whitelisted() )
|
266 |
return;
|
267 |
+
|
268 |
if ( $this->is_ip_blacklisted() || !$this->is_limit_login_ok() )
|
269 |
{
|
270 |
header('HTTP/1.0 403 Forbidden');
|
287 |
public function check_blacklist_usernames( $allow, $username ) {
|
288 |
return in_array( $username, (array) $this->get_option( 'blacklist_usernames' ) );
|
289 |
}
|
290 |
+
|
291 |
public function ip_in_range( $ip, $list )
|
292 |
{
|
293 |
foreach ( $list as $range )
|
303 |
$low = ip2long( $range[0] );
|
304 |
$high = ip2long( $range[1] );
|
305 |
$needle = ip2long( $ip );
|
306 |
+
|
307 |
if ( $low === false || $high === false || $needle === false )
|
308 |
continue;
|
309 |
+
|
310 |
$low = (float)sprintf("%u",$low);
|
311 |
$high = (float)sprintf("%u",$high);
|
312 |
$needle = (float)sprintf("%u",$needle);
|
315 |
return true;
|
316 |
}
|
317 |
}
|
318 |
+
|
319 |
return false;
|
320 |
}
|
321 |
|
461 |
{
|
462 |
add_submenu_page( 'settings.php', 'Limit Login Attempts', 'Limit Login Attempts', 'manage_options', $this->_options_page_slug, array( $this, 'options_page' ) );
|
463 |
}
|
464 |
+
|
465 |
public function admin_menu()
|
466 |
{
|
467 |
add_options_page( 'Limit Login Attempts', 'Limit Login Attempts', 'manage_options', $this->_options_page_slug, array( $this, 'options_page' ) );
|
476 |
{
|
477 |
if ( is_network_admin() )
|
478 |
return network_admin_url( 'settings.php?page=limit-login-attempts' );
|
479 |
+
|
480 |
return menu_page_url( $this->_options_page_slug, false );
|
481 |
}
|
482 |
|
487 |
*
|
488 |
* @return null
|
489 |
*/
|
490 |
+
public function get_option( $option_name, $local = null )
|
491 |
{
|
492 |
if ( is_null( $local ) )
|
493 |
$local = $this->use_local_options;
|
494 |
+
|
495 |
$option = 'limit_login_'.$option_name;
|
496 |
+
|
497 |
$func = $local ? 'get_option' : 'get_site_option';
|
498 |
$value = $func( $option, null );
|
499 |
+
|
500 |
if ( is_null( $value ) && isset( $this->default_options[ $option_name ] ) )
|
501 |
$value = $this->default_options[ $option_name ];
|
502 |
+
|
503 |
return $value;
|
504 |
}
|
505 |
+
|
506 |
public function update_option( $option_name, $value, $local = null )
|
507 |
{
|
508 |
if ( is_null( $local ) )
|
509 |
$local = $this->use_local_options;
|
510 |
+
|
511 |
$option = 'limit_login_'.$option_name;
|
512 |
+
|
513 |
$func = $local ? 'update_option' : 'update_site_option';
|
514 |
+
|
515 |
return $func( $option, $value );
|
516 |
}
|
517 |
+
|
518 |
public function add_option( $option_name, $value, $local=null )
|
519 |
{
|
520 |
if ( is_null( $local ) )
|
521 |
$local = $this->use_local_options;
|
522 |
+
|
523 |
$option = 'limit_login_'.$option_name;
|
524 |
+
|
525 |
$func = $local ? 'add_option' : 'add_site_option';
|
526 |
+
|
527 |
return $func( $option, $value, '', 'no' );
|
528 |
}
|
529 |
|
541 |
}
|
542 |
if ( $this->get_option('notify_email_after') > $this->get_option( 'allowed_lockouts' ) )
|
543 |
$this->update_option( 'notify_email_after', $this->get_option( 'allowed_lockouts' ) );
|
544 |
+
|
545 |
$args = explode( ',', $this->get_option( 'lockout_notify' ) );
|
546 |
$args_allowed = explode( ',', LLA_LOCKOUT_NOTIFY_ALLOWED );
|
547 |
$new_args = array_intersect( $args, $args_allowed );
|
548 |
+
|
549 |
$this->update_option( 'lockout_notify', implode( ',', $new_args ) );
|
550 |
|
551 |
$ctype = $this->get_option( 'client_type' );
|
784 |
|
785 |
@wp_mail( $admin_email, $subject, $message );
|
786 |
}
|
787 |
+
|
788 |
/**
|
789 |
* Logging of lockout (if configured)
|
790 |
*
|
808 |
/* can be written much simpler, if you do not mind php warnings */
|
809 |
if ( !isset( $log[ $index ] ) )
|
810 |
$log[ $index ] = array();
|
811 |
+
|
812 |
if ( !isset( $log[ $index ][ $user_login ] ) )
|
813 |
$log[ $index ][ $user_login ] = array( 'counter' => 0 );
|
814 |
+
|
815 |
elseif ( !is_array( $log[ $index ][ $user_login ] ) )
|
816 |
$log[ $index ][ $user_login ] = array(
|
817 |
'counter' => $log[ $index ][ $user_login ],
|
818 |
);
|
819 |
+
|
820 |
$log[ $index ][ $user_login ]['counter']++;
|
821 |
$log[ $index ][ $user_login ]['date'] = time();
|
822 |
|
1076 |
$my_warn_count = $limit_login_my_error_shown ? 1 : 0;
|
1077 |
|
1078 |
if ( $limit_login_nonempty_credentials && $count > $my_warn_count ) {
|
1079 |
+
|
1080 |
/* Replace error message, including ours if necessary */
|
1081 |
if( !empty( $_REQUEST['log'] ) && is_email( $_REQUEST['log'] ) ) {
|
1082 |
$content = __( '<strong>ERROR</strong>: Incorrect email address or password.', 'limit-login-attempts-reloaded' ) . "<br />\n";
|
1245 |
public function options_page() {
|
1246 |
$this->use_local_options = !is_network_admin();
|
1247 |
$this->cleanup();
|
1248 |
+
|
1249 |
if( !empty( $_POST ) )
|
1250 |
{
|
1251 |
check_admin_referer( 'limit-login-attempts-options' );
|
1252 |
+
|
1253 |
if ( is_network_admin() )
|
1254 |
$this->update_option( 'allow_local_options', !empty($_POST['allow_local_options']) );
|
1255 |
+
|
1256 |
elseif ( $this->network_mode )
|
1257 |
$this->update_option( 'use_local_options', empty($_POST['use_global_options']) );
|
1258 |
|
1291 |
{
|
1292 |
$this->update_option('allowed_retries', (int)$_POST['allowed_retries'] );
|
1293 |
$this->update_option('lockout_duration', (int)$_POST['lockout_duration'] * 60 );
|
1294 |
+
$this->update_option('valid_duration', (int)$_POST['valid_duration'] * 3600 );
|
1295 |
+
$this->update_option('allowed_lockouts', (int)$_POST['allowed_lockouts'] );
|
1296 |
+
$this->update_option('long_duration', (int)$_POST['long_duration'] * 3600 );
|
1297 |
$this->update_option('notify_email_after', (int)$_POST['email_after'] );
|
1298 |
|
1299 |
$this->update_option('admin_notify_email', sanitize_email( $_POST['admin_notify_email'] ) );
|
1345 |
}
|
1346 |
}
|
1347 |
$this->update_option('blacklist_usernames', $black_list_usernames );
|
1348 |
+
|
1349 |
$notify_methods = array();
|
1350 |
if( isset( $_POST[ 'lockout_notify_log' ] ) ) {
|
1351 |
$notify_methods[] = 'log';
|
1354 |
$notify_methods[] = 'email';
|
1355 |
}
|
1356 |
$this->update_option('lockout_notify', implode( ',', $notify_methods ) );
|
1357 |
+
|
1358 |
$this->sanitize_options();
|
1359 |
+
|
1360 |
$this->show_error( __( 'Options saved.', 'limit-login-attempts-reloaded' ) );
|
1361 |
}
|
1362 |
}
|
1363 |
+
|
1364 |
include_once( LLA_PLUGIN_DIR . '/views/options-page.php' );
|
1365 |
}
|
1366 |
+
|
1367 |
public function ajax_unlock()
|
1368 |
{
|
1369 |
check_ajax_referer('limit-login-unlock', 'sec');
|
1370 |
$ip = (string)@$_POST['ip'];
|
1371 |
+
|
1372 |
$lockouts = (array)$this->get_option('lockouts');
|
1373 |
+
|
1374 |
if ( isset( $lockouts[ $ip ] ) )
|
1375 |
{
|
1376 |
unset( $lockouts[ $ip ] );
|
1377 |
$this->update_option( 'lockouts', $lockouts );
|
1378 |
}
|
1379 |
+
|
1380 |
//save to log
|
1381 |
$user_login = @(string)$_POST['username'];
|
1382 |
$log = $this->get_option( 'logged' );
|
1383 |
+
|
1384 |
if ( @$log[ $ip ][ $user_login ] )
|
1385 |
{
|
1386 |
if ( !is_array( $log[ $ip ][ $user_login ] ) )
|
1387 |
+
$log[ $ip ][ $user_login ] = array(
|
1388 |
'counter' => $log[ $ip ][ $user_login ],
|
1389 |
);
|
1390 |
$log[ $ip ][ $user_login ]['unlocked'] = true;
|
1391 |
+
|
1392 |
$this->update_option( 'logged', $log );
|
1393 |
}
|
1394 |
+
|
1395 |
header('Content-Type: application/json');
|
1396 |
echo 'true';
|
1397 |
exit;
|
limit-login-attempts-reloaded.php
CHANGED
@@ -5,7 +5,7 @@ Description: Limit the rate of login attempts, including by way of cookies and f
|
|
5 |
Author: WPChef
|
6 |
Author URI: https://wpchef.org
|
7 |
Text Domain: limit-login-attempts-reloaded
|
8 |
-
Version: 2.8.
|
9 |
|
10 |
Copyright 2008 - 2012 Johan Eenfeldt, 2016 - 2019 WPChef
|
11 |
*/
|
5 |
Author: WPChef
|
6 |
Author URI: https://wpchef.org
|
7 |
Text Domain: limit-login-attempts-reloaded
|
8 |
+
Version: 2.8.1
|
9 |
|
10 |
Copyright 2008 - 2012 Johan Eenfeldt, 2016 - 2019 WPChef
|
11 |
*/
|
readme.txt
CHANGED
@@ -3,7 +3,7 @@ Contributors: wpchefgadget
|
|
3 |
Tags: brute force, login, security, GDPR, protection
|
4 |
Requires at least: 3.0
|
5 |
Tested up to: 5.1.1
|
6 |
-
Stable tag: 2.8.
|
7 |
|
8 |
Reloaded version of the original Limit Login Attempts plugin for Login Protection by a team of WordPress developers. GDPR compliant.
|
9 |
|
@@ -50,6 +50,9 @@ Based on the original code from Limit Login Attemps plugin by Johan Eenfeldt.
|
|
50 |
|
51 |
== Changelog ==
|
52 |
|
|
|
|
|
|
|
53 |
= 2.8.0 =
|
54 |
* The plugin doesn't trust any IP addresses other than _SERVER["REMOTE_ADDR"] anymore. Trusting other IP origins make protection useless b/c they can be easily faked. This new version provides a way of secure IP unlocking for those sites that use a reverse proxy coupled with misconfigurated servers that populate _SERVER["REMOTE_ADDR"] with wrong IPs which leads to mass blocking of users.
|
55 |
|
3 |
Tags: brute force, login, security, GDPR, protection
|
4 |
Requires at least: 3.0
|
5 |
Tested up to: 5.1.1
|
6 |
+
Stable tag: 2.8.1
|
7 |
|
8 |
Reloaded version of the original Limit Login Attempts plugin for Login Protection by a team of WordPress developers. GDPR compliant.
|
9 |
|
50 |
|
51 |
== Changelog ==
|
52 |
|
53 |
+
= 2.8.1 =
|
54 |
+
* Extra lockout options are back.
|
55 |
+
|
56 |
= 2.8.0 =
|
57 |
* The plugin doesn't trust any IP addresses other than _SERVER["REMOTE_ADDR"] anymore. Trusting other IP origins make protection useless b/c they can be easily faked. This new version provides a way of secure IP unlocking for those sites that use a reverse proxy coupled with misconfigurated servers that populate _SERVER["REMOTE_ADDR"] with wrong IPs which leads to mass blocking of users.
|
58 |
|
views/options-page.php
CHANGED
@@ -111,7 +111,6 @@ $admin_email_placeholder = (!is_multisite()) ? get_option( 'admin_email' ) : get
|
|
111 |
value="<?php echo( $this->get_option( 'lockout_duration' ) / 60 ); ?>"
|
112 |
name="lockout_duration"/> <?php echo __( 'minutes lockout', 'limit-login-attempts-reloaded' ); ?>
|
113 |
<br/>
|
114 |
-
<?php /*
|
115 |
<input type="text" size="3" maxlength="4"
|
116 |
value="<?php echo( $this->get_option( 'allowed_lockouts' ) ); ?>"
|
117 |
name="allowed_lockouts"/> <?php echo __( 'lockouts increase lockout time to', 'limit-login-attempts-reloaded' ); ?>
|
@@ -121,7 +120,6 @@ $admin_email_placeholder = (!is_multisite()) ? get_option( 'admin_email' ) : get
|
|
121 |
<input type="text" size="3" maxlength="4"
|
122 |
value="<?php echo( $this->get_option( 'valid_duration' ) / 3600 ); ?>"
|
123 |
name="valid_duration"/> <?php echo __( 'hours until retries are reset', 'limit-login-attempts-reloaded' ); ?>
|
124 |
-
*/ ?>
|
125 |
</td>
|
126 |
</tr>
|
127 |
<tr>
|
111 |
value="<?php echo( $this->get_option( 'lockout_duration' ) / 60 ); ?>"
|
112 |
name="lockout_duration"/> <?php echo __( 'minutes lockout', 'limit-login-attempts-reloaded' ); ?>
|
113 |
<br/>
|
|
|
114 |
<input type="text" size="3" maxlength="4"
|
115 |
value="<?php echo( $this->get_option( 'allowed_lockouts' ) ); ?>"
|
116 |
name="allowed_lockouts"/> <?php echo __( 'lockouts increase lockout time to', 'limit-login-attempts-reloaded' ); ?>
|
120 |
<input type="text" size="3" maxlength="4"
|
121 |
value="<?php echo( $this->get_option( 'valid_duration' ) / 3600 ); ?>"
|
122 |
name="valid_duration"/> <?php echo __( 'hours until retries are reset', 'limit-login-attempts-reloaded' ); ?>
|
|
|
123 |
</td>
|
124 |
</tr>
|
125 |
<tr>
|