Limit Login Attempts - Version 1.1

Version Description

Release Info

Developer	johanee
Plugin	Limit Login Attempts
Version	1.1
Comparing to
See all releases

Code changes from version 1.0 to 1.1

Files changed (5) hide show

limit-login-attempts-sv_SE.mo +0 -0
limit-login-attempts-sv_SE.po +257 -0
limit-login-attempts.php +135 -67
limit-login-attempts.pot +251 -0
readme.txt +19 -2

limit-login-attempts-sv_SE.mo ADDED Viewed

Binary file

limit-login-attempts-sv_SE.po ADDED Viewed

	@@ -0,0 +1,257 @@


1	+ # Limit Login Attempts Swedish Translation
2	+ # Copyright (C) 2009 Johan Eenfeldt
3	+ # This file is distributed under the same license as the PACKAGE package.
4	+ # Johan Eenfeldt <johan.eenfeldt@kostdoktorn.se>, 2009.
5	+ #
6	+ #, fuzzy
7	+ msgid ""
8	+ msgstr ""
9	+ "Project-Id-Version: limit-login-attempts 1.1\n"
10	+ "Report-Msgid-Bugs-To: http://wordpress.org/tag/limit-login-attempts\n"
11	+ "POT-Creation-Date: 2009-01-15 20:21+0000\n"
12	+ "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
13	+ "Last-Translator: Johan Eenfeldt <johan.eenfeldt@kostdoktorn.se>\n"
14	+ "Language-Team: Swedish\n"
15	+ "MIME-Version: 1.0\n"
16	+ "Content-Type: text/plain; charset=UTF-8\n"
17	+ "Content-Transfer-Encoding: 8bit\n"
18	+ "Plural-Forms: nplurals=INTEGER; plural=EXPRESSION;\n"
19	+
20	+ #: limit-login-attempts.php:315
21	+ #, php-format
22	+ msgid "%d hour"
23	+ msgid_plural "%d hours"
24	+ msgstr[0] "%d timme"
25	+ msgstr[1] "%d timmar"
26	+
27	+ #: limit-login-attempts.php:320
28	+ #, php-format
29	+ msgid "%d minute"
30	+ msgid_plural "%d minutes"
31	+ msgstr[0] "%d minut"
32	+ msgstr[1] "%d minuter"
33	+
34	+ #: limit-login-attempts.php:323
35	+ #, php-format
36	+ msgid "[%s] Too many failed login attempts"
37	+ msgstr "[%s] För många misslyckade inloggningar"
38	+
39	+ #: limit-login-attempts.php:325
40	+ #, php-format
41	+ msgid ""
42	+ "%d failed login attempts (%d lockout(s)) from IP: %s\r\n"
43	+ "\r\n"
44	+ msgstr ""
45	+ "%d misslyckade inloggningar (blockad %d gång(er)) från IP: %s\r\n"
46	+ "\r\n"
47	+
48	+ #: limit-login-attempts.php:329
49	+ #, php-format
50	+ msgid ""
51	+ "Last user attempted: %s\r\n"
52	+ "\r\n"
53	+ msgstr ""
54	+ "Senast misslyckades med användare : %s\r\n"
55	+ "\r\n"
56	+
57	+ #: limit-login-attempts.php:332
58	+ #, php-format
59	+ msgid "IP was blocked for %s"
60	+ msgstr "IP har blockerats i %s"
61	+
62	+ #: limit-login-attempts.php:389
63	+ msgid "<strong>ERROR</strong>: Too many failed login attempts."
64	+ msgstr "<strong>Fel</strong>: För många misslyckade försök."
65	+
66	+ #: limit-login-attempts.php:393
67	+ msgid "Please try again later."
68	+ msgstr "Försök igen senare."
69	+
70	+ #: limit-login-attempts.php:400
71	+ #, php-format
72	+ msgid "Please try again in %d hour."
73	+ msgid_plural "Please try again in %d hours."
74	+ msgstr[0] "Försök igen om %d timme."
75	+ msgstr[1] "Försök igen om %d timmar."
76	+
77	+ #: limit-login-attempts.php:402
78	+ #, php-format
79	+ msgid "Please try again in %d minute."
80	+ msgid_plural "Please try again in %d minutes."
81	+ msgstr[0] "Försök igen om %d minut."
82	+ msgstr[1] "Försök igen om %d minuter."
83	+
84	+ #: limit-login-attempts.php:440
85	+ #, php-format
86	+ msgid "<strong>%d</strong> attempt remaining."
87	+ msgid_plural "<strong>%d</strong> attempts remaining."
88	+ msgstr[0] "<strong>%d</strong> försök återstår."
89	+ msgstr[1] "<strong>%d</strong> försök återstår."
90	+
91	+ #: limit-login-attempts.php:527
92	+ #, php-format
93	+ msgid ""
94	+ "%s is unable to replace function wp_get_current_user(). Disable plugin "
95	+ "cookie login handling, or competing plugin."
96	+ msgstr ""
97	+ "%s kan inte ersätta funktionen wp_get_current_user(). Stäng av "
98	+ "inloggningshantering för kakor, eller eller inkompatibelt tillägg."
99	+
100	+ #: limit-login-attempts.php:546
101	+ msgid "IP\|Internet address"
102	+ msgstr "IP"
103	+
104	+ #: limit-login-attempts.php:546
105	+ msgid "Tried to log in as"
106	+ msgstr "Försökte logga in som"
107	+
108	+ #: limit-login-attempts.php:551
109	+ #, php-format
110	+ msgid "%d lockout"
111	+ msgid_plural "%d lockouts"
112	+ msgstr[0] "%d blockering"
113	+ msgstr[1] "%d blockeringar"
114	+
115	+ #: limit-login-attempts.php:577
116	+ msgid "Cleared IP log"
117	+ msgstr "Rensade IP loggen"
118	+
119	+ #: limit-login-attempts.php:585
120	+ msgid "Reset lockout count"
121	+ msgstr "Nollställde räknaren för blockeringar"
122	+
123	+ #: limit-login-attempts.php:593
124	+ msgid "Cleared current lockouts"
125	+ msgstr "Tog bort aktuella blockeringar"
126	+
127	+ #: limit-login-attempts.php:620
128	+ msgid "Options changed"
129	+ msgstr "Inställningar ändrade"
130	+
131	+ #: limit-login-attempts.php:631
132	+ msgid "<strong>NOTE:</strong> Only works on Wordpress 2.7 or later"
133	+ msgstr "<strong>OBS:</strong> Fungerar endast med WordPress 2.7 eller senare"
134	+
135	+ #: limit-login-attempts.php:644
136	+ msgid "Limit Login Attempts Settings"
137	+ msgstr "Limit Login Attempts Inställningar"
138	+
139	+ #: limit-login-attempts.php:645
140	+ msgid "Statistics"
141	+ msgstr "Statistik"
142	+
143	+ #: limit-login-attempts.php:649
144	+ msgid "Total lockouts"
145	+ msgstr "Antal blockeringar"
146	+
147	+ #: limit-login-attempts.php:652
148	+ msgid "Reset Counter"
149	+ msgstr "Nollställ räknare"
150	+
151	+ #: limit-login-attempts.php:653
152	+ #, php-format
153	+ msgid "%d lockout since last reset"
154	+ msgid_plural "%d lockouts since last reset"
155	+ msgstr[0] "%d blockering sedan räknaren nollställdes"
156	+ msgstr[1] "%d blockeringar sedan räknaren nollställdes"
157	+
158	+ #: limit-login-attempts.php:654
159	+ msgid "No lockouts yet"
160	+ msgstr "Inga blockeringar har skett ännu"
161	+
162	+ #: limit-login-attempts.php:659
163	+ msgid "Active lockouts"
164	+ msgstr "Aktiva blockeringar"
165	+
166	+ #: limit-login-attempts.php:661
167	+ msgid "Restore Lockouts"
168	+ msgstr "Ta bort blockeringar"
169	+
170	+ #: limit-login-attempts.php:662
171	+ #, php-format
172	+ msgid "%d IP is currently blocked from trying to log in"
173	+ msgstr "%d IP är för närvarande blockerade från att logga in"
174	+
175	+ #: limit-login-attempts.php:672
176	+ msgid "Lockout"
177	+ msgstr "Blockering"
178	+
179	+ #: limit-login-attempts.php:674
180	+ msgid "allowed retries"
181	+ msgstr "tillåtna misslyckanden"
182	+
183	+ #: limit-login-attempts.php:675
184	+ msgid "minutes lockout"
185	+ msgstr "minuters blockering"
186	+
187	+ #: limit-login-attempts.php:676
188	+ msgid "lockouts increase lockout time to"
189	+ msgstr "blockeringar ökar tiden till"
190	+
191	+ #: limit-login-attempts.php:676
192	+ msgid "hours"
193	+ msgstr "timmar"
194	+
195	+ #: limit-login-attempts.php:677
196	+ msgid "hours until retries are reset"
197	+ msgstr "timmar tills misslyckanden nollställs"
198	+
199	+ #: limit-login-attempts.php:681
200	+ msgid "Handle cookie login"
201	+ msgstr "Hantera inloggning med kakor"
202	+
203	+ #: limit-login-attempts.php:683
204	+ msgid "Yes"
205	+ msgstr "Ja"
206	+
207	+ #: limit-login-attempts.php:683
208	+ msgid "No"
209	+ msgstr "Nej"
210	+
211	+ #: limit-login-attempts.php:688
212	+ msgid "Notify on lockout"
213	+ msgstr "Notifiera om blockering"
214	+
215	+ #: limit-login-attempts.php:690
216	+ msgid "Log IP"
217	+ msgstr "Logga IP"
218	+
219	+ #: limit-login-attempts.php:691
220	+ msgid "Email to admin after"
221	+ msgstr "E-post till administratör efter"
222	+
223	+ #: limit-login-attempts.php:691
224	+ msgid "lockouts"
225	+ msgstr "blockeringar"
226	+
227	+ #: limit-login-attempts.php:696
228	+ msgid "Change Options"
229	+ msgstr "Ändra Inställningar"
230	+
231	+ #: limit-login-attempts.php:704
232	+ msgid "Lockout log"
233	+ msgstr "Log över blockeringar"
234	+
235	+ #: limit-login-attempts.php:708
236	+ msgid "Clear Log"
237	+ msgstr "Rensa Log"
238	+
239	+ #. Plugin Name of an extension
240	+ msgid "Limit Login Attempts"
241	+ msgstr "Limit Login Attempts"
242	+
243	+ #. Plugin URI of an extension
244	+ msgid "http://devel.kostdoktorn.se/limit-login-attempts"
245	+ msgstr "http://devel.kostdoktorn.se/limit-login-attempts"
246	+
247	+ #. Description of an extension
248	+ msgid "Limit rate of login attempts, including by way of cookies, for each IP."
249	+ msgstr "Limit rate of login attempts, including by way of cookies, for each IP."
250	+
251	+ #. Author of an extension
252	+ msgid "Johan Eenfeldt"
253	+ msgstr "Johan Eenfeldt"
254	+
255	+ #. Author URI of an extension
256	+ msgid "http://devel.kostdoktorn.se"
257	+ msgstr "http://devel.kostdoktorn.se"

limit-login-attempts.php CHANGED Viewed

	@@ -5,7 +5,7 @@
5	Description: Limit rate of login attempts, including by way of cookies, for each IP.
6	Author: Johan Eenfeldt
7	Author URI: http://devel.kostdoktorn.se
8	- Version: 1.0
9
10	Copyright 2008 Johan Eenfeldt
11
	@@ -68,6 +68,7 @@ $limit_login_notify_email_after = 4;
68
69	$limit_login_my_error_shown = false; /* have we shown our stuff? */
70	$limit_login_error_fn_exist = false; /* error replacing function */

71
72
73	/*
	@@ -108,6 +109,9 @@ if ($limit_login_cookies && !function_exists('wp_get_current_user') ) {
108	function limit_login_setup() {
109	global $limit_login_cookies;
110



111	limit_login_setup_options();
112
113	if ($limit_login_cookies && function_exists('wp_get_current_user') ) {
	@@ -125,6 +129,7 @@ function limit_login_setup() {
125	}
126	add_filter('wp_authenticate_user', 'limit_login_wp_authenticate_user', 99999, 2);
127	add_action('login_head', 'limit_login_add_error_message');

128	add_action('admin_menu', 'limit_login_admin_menu');
129	}
130
	@@ -201,7 +206,9 @@ function limit_login_failed($arg) {
201
202	/* lockout? */
203	if($retries[$index] % $limit_login_allowed_retries == 0) {
204	- global $limit_login_lockout_duration;


205
206	/* setup lockout, reset retries as needed */
207	if ($retries[$index] >= $limit_login_allowed_retries * $limit_login_allowed_lockouts) {
	@@ -298,6 +305,7 @@ function limit_login_notify_email($user) {
298	$retries = array();
299	}
300

301	if ( isset($retries[$index])
302	&& ( ($retries[$index] / $limit_login_allowed_retries)
303	% $limit_login_notify_email_after ) != 0 ) {
	@@ -307,20 +315,25 @@ function limit_login_notify_email($user) {
307	if (!isset($retries[$index])) {
308	$count = $limit_login_allowed_retries * $limit_login_allowed_lockouts;
309	$lockouts = $limit_login_allowed_lockouts;
310	- $time = round($limit_login_long_duration / 3600) ~~. ' hours'~~;

311	} else {
312	$count = $retries[$index];
313	$lockouts = floor($count / $limit_login_allowed_retries);
314	- $time = round($limit_login_lockout_duration / 60) ~~. ' minutes'~~;

315	}
316
317	- $subject = '[~~' . get_option('blogname') . '~~] Too many failed login attempts';
318	- ~~$message~~ ~~= $count . ' failed login attempts~~ (' ~~. $lockouts .~~ ' ~~lockout(s~~))'
319	- . ' ~~from~~ ~~IP:~~ ' . ~~$index~~ . "\r\n\r\n";


320	if ($user != '') {
321	- $message .= 'Last user attempted: ~~' . $user . "~~\r\n\r\n";

322	}
323	- $message .= 'IP was blocked for ' . $~~time~~;
324
325	@wp_mail(get_option('admin_email'), $subject, $message);
326	}
	@@ -334,7 +347,11 @@ function limit_login_notify_log($user) {
334	add_option('limit_login_logged', $log, '', 'no'); /* no autoload */
335	} else {
336	if (isset($log[$_SERVER['REMOTE_ADDR']])) {
337	- $log[$_SERVER['REMOTE_ADDR']][$user]~~++;~~




338	} else {
339	$log[$_SERVER['REMOTE_ADDR']] = array($user => 1);
340	}
	@@ -372,27 +389,67 @@ function limit_login_error_msg() {
372
373	$lockouts = get_option('limit_login_lockouts');
374
375	- ~~$msg = '<strong>ERROR</strong>: Too many failed login attempts. Please try again ';~~

376
377	if (!is_array($lockouts) \|\| !isset($lockouts[$index]) \|\| time() >= $lockouts[$index]) {
378	/* Huh? No timeout active? */
379	- $msg .= 'later.';
380	- } ~~else {~~
381	- ~~$when = ceil(($lockouts[$index] - time()) / 60);~~
382	- if ($when > 60) {
383	- $when = ceil($when / 60);
384	- $measure = ' hour';
385	- } else {
386	- $measure = ' minute';
387	- }
388
389	- $~~msg .= 'in ' . $~~when . $~~measure~~ . (~~$when~~ > ~~1 ? 's' : ''~~);





390	}
391
392	return $msg;
393	}
394
395








































396	/* Add a message to login page when necessary */
397	function limit_login_add_error_message() {
398	global $error, $limit_login_my_error_shown, $limit_login_allowed_retries;
	@@ -424,8 +481,7 @@ function limit_login_add_error_message() {
424	}
425
426	$remaining = max(($limit_login_allowed_retries - ($retries[$index] % $limit_login_allowed_retries)), 0);
427	- $error .= "<strong>" . $remaining
428	- . "</strong> attempts remaining.";
429	}
430
431
	@@ -511,10 +567,11 @@ function limit_login_sanitize_variables() {
511
512	/* Warning msg if unable to replace pluggable function (used by another plugin?) */
513	function limit_login_pluggable_warning() {
514	- ~~echo("~~<div id='message' class='error fade'><p>"
515	- . "<a href=\"options-general.php?page=limit-login-attempts\">"
516	- . ~~__(~~'~~Limit Login Attempts~~</a> ~~is unable to replace function wp_get_current_user(). Disable plugin cookie login handling, or competing plugin.~~'~~,'limit-login')~~
517	- ~~. "</p></div>");~~

518	}
519
520
	@@ -530,15 +587,16 @@ function limit_login_show_log($log) {
530	return;
531	}
532
533	- echo('<tr><th scope="col">IP</th><th scope="col">Tried to log in as</th></tr>');
534	foreach ($log as $ip => $arr) {
535	echo('<tr><td class="limit-login-ip">' . $ip . '</td><td class="limit-login-max">');
536	$first = true;
537	foreach($arr as $user => $count) {

538	if (!$first) {
539	- echo(', ' . $user . ' (' . $~~count~~ . ' ~~lockouts~~)');
540	} else {
541	- echo($user . ' (' . $~~count~~ . ' ~~lockouts~~)');
542	}
543	$first = false;
544	}
	@@ -557,43 +615,54 @@ function limit_login_option_page() {
557	}
558
559	/* Should we clear log? */
560	- if ($_POST['clear_log']) {
561	update_option('limit_login_logged', '');
562	- echo "<div id='message' class='updated fade'><p>~~Log cleared</p></div>";~~


563	}
564
565	/* Should we reset counter? */
566	- if ($_POST['reset_total']) {
567	update_option('limit_login_lockouts_total', 0);
568	- echo "<div id='message' class='updated fade'><p>~~Counter reset</p></div>";~~


569	}
570
571	/* Should we restore current lockouts? */
572	- if ($_POST['reset_current']) {
573	update_option('limit_login_lockouts', array());
574	- echo "<div id='message' class='updated fade'><p>~~Current lockouts restored</p></div>";~~


575	}
576
577	/* Should we update options */
578	- if (($_POST['update_options'])) {
579	$limit_login_allowed_retries = $_POST['allowed_retries'];
580	$limit_login_lockout_duration = $_POST['lockout_duration'] * 60;
581	$limit_login_valid_duration = $_POST['valid_duration'] * 3600;
582	- $limit_login_cookies = $_POST['cookies'] == '1' ? true : false;
583	$limit_login_allowed_lockouts = $_POST['allowed_lockouts'];
584	$limit_login_long_duration = $_POST['long_duration'] * 3600;
585	$limit_login_notify_email_after = $_POST['email_after'];
586


587	$v = array();
588	- if ($_POST['lockout_notify_log'])
589	$v[] = 'log';
590	- ~~if ($_POST['lockout_notify_email'])~~

591	$v[] = 'email';

592	$limit_login_lockout_notify = implode(',', $v);
593
594	limit_login_sanitize_variables();
595	limit_login_update_options();
596	- echo "<div id='message' class='updated fade'><p>~~Options changed</p></div>";~~


597	}
598
599	$lockouts_total = get_option('limit_login_lockouts_total', 0);
	@@ -602,7 +671,8 @@ function limit_login_option_page() {
602
603	if (!limit_login_support_cookie_option()) {
604	$cookies_disabled = ' DISABLED ';
605	- $cookies_note = ' <br /> ~~<strong>NOTE:</strong> Only works on Wordpress 2.7 or later~~ ';

606	} else {
607	$cookies_disabled = '';
608	$cookies_note = '';
	@@ -615,27 +685,25 @@ function limit_login_option_page() {
615	$email_checked = in_array('email', $v) ? ' checked ' : '';
616	?>
617	<div class="wrap">
618	- <h2>Limit Login Attempts Settings</h2>
619	- <h3>Statistics</h3>
620	<form action="options-general.php?page=limit-login-attempts" method="post">
621	<table class="form-table">
622	<tr>
623	- <th scope="row" valign="top">Total lockouts</th>
624	<td>
625	<?php if ($lockouts_total > 0) { ?>
626	- <input name="reset_total" value="Reset Counter" type="submit" />
627	- <?php echo(~~$lockouts_total);~~ ?> lockouts since last reset
628	- <?php } else { ?>
629	- No lockouts yet
630	- <?php } ?>
631	</td>
632	</tr>
633	<?php if ($lockouts_now > 0) { ?>
634	<tr>
635	- <th scope="row" valign="top">Active lockouts</th>
636	<td>
637	- <input name="reset_current" value="Restore Lockouts" type="submit" />
638	- <?php echo(~~$lockouts_now);~~ ?> IP is currently blocked from trying to log in
639	</td>
640	</tr>
641	<?php } ?>
	@@ -645,31 +713,31 @@ function limit_login_option_page() {
645	<form action="options-general.php?page=limit-login-attempts" method="post">
646	<table class="form-table">
647	<tr>
648	- <th scope="row" valign="top">Lockout</th>
649	<td>
650	- <input type="text" size="3" maxlength="4" value="<?php echo($limit_login_allowed_retries); ?>" name="allowed_retries" /> allowed retries <br />
651	- <input type="text" size="3" maxlength="4" value="<?php echo($limit_login_lockout_duration/60); ?>" name="lockout_duration" /> minutes lockout <br />
652	- <input type="text" size="3" maxlength="4" value="<?php echo($limit_login_allowed_lockouts); ?>" name="allowed_lockouts" /> lockouts increase lockout time to <input type="text" size="3" maxlength="4" value="<?php echo($limit_login_long_duration/3600); ?>" name="long_duration" /> hours <br />
653	- <input type="text" size="3" maxlength="4" value="<?php echo($limit_login_valid_duration/3600); ?>" name="valid_duration" /> hours until retries are reset
654	</td>
655	</tr>
656	<tr>
657	- <th scope="row" valign="top">Handle cookie login</th>
658	<td>
659	- <input type="radio" name="cookies" <?php echo $cookies_disabled . $cookies_yes; ?> value="1" /> Yes <input type="radio" name="cookies" <?php echo $cookies_disabled . $cookies_no; ?> value="0" /> No
660	<?php echo $cookies_note ?>
661	</td>
662	</tr>
663	<tr>
664	- <th scope="row" valign="top">Notify on lockout</th>
665	<td>
666	- <input type="checkbox" name="lockout_notify_log" <?php echo $log_checked; ?> value="log" /> Log IP<br />
667	- <input type="checkbox" name="lockout_notify_email" <?php echo $email_checked; ?> value="email" /> Email to admin after <input type="text" size="3" maxlength="4" value="<?php echo($limit_login_notify_email_after); ?>" name="email_after" /> lockouts
668	</td>
669	</tr>
670	</table>
671	<p class="submit">
672	- <input name="update_options" value="Change Options" type="submit" />
673	</p>
674	</form>
675	<?php
	@@ -677,11 +745,11 @@ function limit_login_option_page() {
677
678	if (is_array($log) && count($log) > 0) {
679	?>
680	- <h3>Lockout log</h3>
681	<form action="options-general.php?page=limit-login-attempts" method="post">
682	<input type="hidden" value="true" name="clear_log" />
683	<p class="submit">
684	- <input name="submit" value="Clear Log" type="submit" />
685	</p>
686	</form>
687	<style type="text/css" media="screen">
	@@ -705,7 +773,7 @@ function limit_login_option_page() {
705	</table>
706	</div>
707	<?php
708	- }
709	?>
710
711	</div>


5	Description: Limit rate of login attempts, including by way of cookies, for each IP.
6	Author: Johan Eenfeldt
7	Author URI: http://devel.kostdoktorn.se
8	+ Version: 1.1
9
10	Copyright 2008 Johan Eenfeldt
11

68
69	$limit_login_my_error_shown = false; /* have we shown our stuff? */
70	$limit_login_error_fn_exist = false; /* error replacing function */
71	+ $limit_login_just_lockedout = false; /* started this pageload??? */
72
73
74	/*

109	function limit_login_setup() {
110	global $limit_login_cookies;
111
112	+ load_plugin_textdomain('limit-login-attempts'
113	+ , PLUGINDIR.'/'.dirname(plugin_basename(__FILE__)));
114	+
115	limit_login_setup_options();
116
117	if ($limit_login_cookies && function_exists('wp_get_current_user') ) {

129	}
130	add_filter('wp_authenticate_user', 'limit_login_wp_authenticate_user', 99999, 2);
131	add_action('login_head', 'limit_login_add_error_message');
132	+ add_action('login_errors', 'limit_login_fixup_error_messages');
133	add_action('admin_menu', 'limit_login_admin_menu');
134	}
135

206
207	/* lockout? */
208	if($retries[$index] % $limit_login_allowed_retries == 0) {
209	+ global $limit_login_lockout_duration, $limit_login_just_lockedout;
210	+
211	+ $limit_login_just_lockedout = true;
212
213	/* setup lockout, reset retries as needed */
214	if ($retries[$index] >= $limit_login_allowed_retries * $limit_login_allowed_lockouts) {

305	$retries = array();
306	}
307
308	+ /* check if we are at the right nr to do notification */
309	if ( isset($retries[$index])
310	&& ( ($retries[$index] / $limit_login_allowed_retries)
311	% $limit_login_notify_email_after ) != 0 ) {

315	if (!isset($retries[$index])) {
316	$count = $limit_login_allowed_retries * $limit_login_allowed_lockouts;
317	$lockouts = $limit_login_allowed_lockouts;
318	+ $time = round($limit_login_long_duration / 3600);
319	+ $when = sprintf(__ngettext('%d hour', '%d hours', $time, 'limit-login-attempts'), $time);
320	} else {
321	$count = $retries[$index];
322	$lockouts = floor($count / $limit_login_allowed_retries);
323	+ $time = round($limit_login_lockout_duration / 60);
324	+ $when = sprintf(__ngettext('%d minute', '%d minutes', $time, 'limit-login-attempts'), $time);
325	}
326
327	+ $subject = sprintf(__("[%s] Too many failed login attempts", 'limit-login-attempts')
328	+ , get_option('blogname'));
329	+ $message = sprintf(__("%d failed login attempts (%d lockout(s)) from IP: %s\r\n\r\n"
330	+ , 'limit-login-attempts')
331	+ , $count, $lockouts, $index);
332	if ($user != '') {
333	+ $message .= sprintf(__("Last user attempted: %s\r\n\r\n", 'limit-login-attempts')
334	+ , $user);
335	}
336	+ $message .= sprintf(__("IP was blocked for %s", 'limit-login-attempts'), $when);
337
338	@wp_mail(get_option('admin_email'), $subject, $message);
339	}

347	add_option('limit_login_logged', $log, '', 'no'); /* no autoload */
348	} else {
349	if (isset($log[$_SERVER['REMOTE_ADDR']])) {
350	+ if (isset($log[$_SERVER['REMOTE_ADDR']][$user])) {
351	+ $log[$_SERVER['REMOTE_ADDR']][$user]++;
352	+ } else {
353	+ $log[$_SERVER['REMOTE_ADDR']][$user] = 1;
354	+ }
355	} else {
356	$log[$_SERVER['REMOTE_ADDR']] = array($user => 1);
357	}

389
390	$lockouts = get_option('limit_login_lockouts');
391
392	+
393	+ $msg = __('<strong>ERROR</strong>: Too many failed login attempts.', 'limit-login-attempts') . ' ';
394
395	if (!is_array($lockouts) \|\| !isset($lockouts[$index]) \|\| time() >= $lockouts[$index]) {
396	/* Huh? No timeout active? */
397	+ $msg .= __('Please try again later.', 'limit-login-attempts');
398	+ return $msg;
399	+ }






400
401	+ $when = ceil(($lockouts[$index] - time()) / 60);
402	+ if ($when > 60) {
403	+ $when = ceil($when / 60);
404	+ $msg .= sprintf(__ngettext('Please try again in %d hour.', 'Please try again in %d hours.', $when, 'limit-login-attempts'), $when);
405	+ } else {
406	+ $msg .= sprintf(__ngettext('Please try again in %d minute.', 'Please try again in %d minutes.', $when, 'limit-login-attempts'), $when);
407	}
408
409	return $msg;
410	}
411
412
413	+ /* Fix up the error message before showing it */
414	+ function limit_login_fixup_error_messages($content) {
415	+ global $limit_login_just_lockedout;
416	+
417	+ /*
418	+ * During lockout we do not want to show any other error messages (like
419	+ * unknown user or empty password).
420	+ */
421	+ if (!is_limit_login_ok() && !$limit_login_just_lockedout) {
422	+ return limit_login_error_msg();
423	+ }
424	+
425	+ /*
426	+ * If more than one error message, put an extra <br /> tag between them.
427	+ */
428	+ $msgs = explode("<br />\n", $content);
429	+
430	+ if (strlen(end($msgs)) == 0) {
431	+ /* remove last entry empty string */
432	+ array_pop($msgs);
433	+ }
434	+
435	+ $count = count($msgs);
436	+
437	+ if ($count == 1) {
438	+ return $content;
439	+ }
440	+
441	+ $new = '';
442	+ while ($count-- > 0) {
443	+ $new .= array_shift($msgs) . "<br />\n";
444	+ if ($count > 0) {
445	+ $new .= "<br />\n";
446	+ }
447	+ }
448	+
449	+ return $new;
450	+ }
451	+
452	+
453	/* Add a message to login page when necessary */
454	function limit_login_add_error_message() {
455	global $error, $limit_login_my_error_shown, $limit_login_allowed_retries;

481	}
482
483	$remaining = max(($limit_login_allowed_retries - ($retries[$index] % $limit_login_allowed_retries)), 0);
484	+ $error .= sprintf(__ngettext("<strong>%d</strong> attempt remaining.", "<strong>%d</strong> attempts remaining.", $remaining, 'limit-login-attempts'), $remaining);

485	}
486
487

567
568	/* Warning msg if unable to replace pluggable function (used by another plugin?) */
569	function limit_login_pluggable_warning() {
570	+ $msg = '<div id="message" class="error fade"><p>';
571	+ $msg .= sprintf(__('%s is unable to replace function wp_get_current_user(). Disable plugin cookie login handling, or competing plugin.','limit-login-attempts'), '<a href=\"options-general.php?page=limit-login-attempts\">Limit Login Attempts</a> ');
572	+ $msg .= '</p></div>';
573	+
574	+ echo($msg);
575	}
576
577

587	return;
588	}
589
590	+ echo('<tr><th scope="col">' . _c("IP\|Internet address", 'limit-login-attempts') . '</th><th scope="col">' . __('Tried to log in as', 'limit-login-attempts') . '</th></tr>');
591	foreach ($log as $ip => $arr) {
592	echo('<tr><td class="limit-login-ip">' . $ip . '</td><td class="limit-login-max">');
593	$first = true;
594	foreach($arr as $user => $count) {
595	+ $count_desc = sprintf(__ngettext('%d lockout', '%d lockouts', $count, 'limit-login-attempts'), $count);
596	if (!$first) {
597	+ echo(', ' . $user . ' (' . $count_desc . ')');
598	} else {
599	+ echo($user . ' (' . $count_desc . ')');
600	}
601	$first = false;
602	}

615	}
616
617	/* Should we clear log? */
618	+ if (isset($_POST['clear_log'])) {
619	update_option('limit_login_logged', '');
620	+ echo '<div id="message" class="updated fade"><p>'
621	+ . __('Cleared IP log', 'limit-login-attempts')
622	+ . '</p></div>';
623	}
624
625	/* Should we reset counter? */
626	+ if (isset($_POST['reset_total'])) {
627	update_option('limit_login_lockouts_total', 0);
628	+ echo '<div id="message" class="updated fade"><p>'
629	+ . __('Reset lockout count', 'limit-login-attempts')
630	+ . '</p></div>';
631	}
632
633	/* Should we restore current lockouts? */
634	+ if (isset($_POST['reset_current'])) {
635	update_option('limit_login_lockouts', array());
636	+ echo '<div id="message" class="updated fade"><p>'
637	+ . __('Cleared current lockouts', 'limit-login-attempts')
638	+ . '</p></div>';
639	}
640
641	/* Should we update options */
642	+ if (isset($_POST['update_options'])) {
643	$limit_login_allowed_retries = $_POST['allowed_retries'];
644	$limit_login_lockout_duration = $_POST['lockout_duration'] * 60;
645	$limit_login_valid_duration = $_POST['valid_duration'] * 3600;

646	$limit_login_allowed_lockouts = $_POST['allowed_lockouts'];
647	$limit_login_long_duration = $_POST['long_duration'] * 3600;
648	$limit_login_notify_email_after = $_POST['email_after'];
649
650	+ $limit_login_cookies = (isset($_POST['cookies']) && $_POST['cookies'] == '1');
651	+
652	$v = array();
653	+ if (isset($_POST['lockout_notify_log'])) {
654	$v[] = 'log';
655	+ }
656	+ if (isset($_POST['lockout_notify_email'])) {
657	$v[] = 'email';
658	+ }
659	$limit_login_lockout_notify = implode(',', $v);
660
661	limit_login_sanitize_variables();
662	limit_login_update_options();
663	+ echo '<div id="message" class="updated fade"><p>'
664	+ . __('Options changed', 'limit-login-attempts')
665	+ . '</p></div>';
666	}
667
668	$lockouts_total = get_option('limit_login_lockouts_total', 0);

671
672	if (!limit_login_support_cookie_option()) {
673	$cookies_disabled = ' DISABLED ';
674	+ $cookies_note = ' <br /> '
675	+ . __('<strong>NOTE:</strong> Only works on Wordpress 2.7 or later', 'limit-login-attempts');
676	} else {
677	$cookies_disabled = '';
678	$cookies_note = '';

685	$email_checked = in_array('email', $v) ? ' checked ' : '';
686	?>
687	<div class="wrap">
688	+ <h2><?php echo __('Limit Login Attempts Settings','limit-login-attempts'); ?></h2>
689	+ <h3><?php echo __('Statistics','limit-login-attempts'); ?></h3>
690	<form action="options-general.php?page=limit-login-attempts" method="post">
691	<table class="form-table">
692	<tr>
693	+ <th scope="row" valign="top"><?php echo __('Total lockouts','limit-login-attempts'); ?></th>
694	<td>
695	<?php if ($lockouts_total > 0) { ?>
696	+ <input name="reset_total" value="<?php echo __('Reset Counter','limit-login-attempts'); ?>" type="submit" />
697	+ <?php echo sprintf(__ngettext('%d lockout since last reset', '%d lockouts since last reset', $lockouts_total, 'limit-login-attempts'), $lockouts_total); ?>
698	+ <?php } else { echo __('No lockouts yet','limit-login-attempts'); } ?>


699	</td>
700	</tr>
701	<?php if ($lockouts_now > 0) { ?>
702	<tr>
703	+ <th scope="row" valign="top"><?php echo __('Active lockouts','limit-login-attempts'); ?></th>
704	<td>
705	+ <input name="reset_current" value="<?php echo __('Restore Lockouts','limit-login-attempts'); ?>" type="submit" />
706	+ <?php echo sprintf(__('%d IP is currently blocked from trying to log in','limit-login-attempts'), $lockouts_now); ?>
707	</td>
708	</tr>
709	<?php } ?>

713	<form action="options-general.php?page=limit-login-attempts" method="post">
714	<table class="form-table">
715	<tr>
716	+ <th scope="row" valign="top"><?php echo __('Lockout','limit-login-attempts'); ?></th>
717	<td>
718	+ <input type="text" size="3" maxlength="4" value="<?php echo($limit_login_allowed_retries); ?>" name="allowed_retries" /> <?php echo __('allowed retries','limit-login-attempts'); ?> <br />
719	+ <input type="text" size="3" maxlength="4" value="<?php echo($limit_login_lockout_duration/60); ?>" name="lockout_duration" /> <?php echo __('minutes lockout','limit-login-attempts'); ?> <br />
720	+ <input type="text" size="3" maxlength="4" value="<?php echo($limit_login_allowed_lockouts); ?>" name="allowed_lockouts" /> <?php echo __('lockouts increase lockout time to','limit-login-attempts'); ?> <input type="text" size="3" maxlength="4" value="<?php echo($limit_login_long_duration/3600); ?>" name="long_duration" /> <?php echo __('hours','limit-login-attempts'); ?> <br />
721	+ <input type="text" size="3" maxlength="4" value="<?php echo($limit_login_valid_duration/3600); ?>" name="valid_duration" /> <?php echo __('hours until retries are reset','limit-login-attempts'); ?>
722	</td>
723	</tr>
724	<tr>
725	+ <th scope="row" valign="top"><?php echo __('Handle cookie login','limit-login-attempts'); ?></th>
726	<td>
727	+ <input type="radio" name="cookies" <?php echo $cookies_disabled . $cookies_yes; ?> value="1" /> <?php echo __('Yes','limit-login-attempts'); ?> <input type="radio" name="cookies" <?php echo $cookies_disabled . $cookies_no; ?> value="0" /> <?php echo __('No','limit-login-attempts'); ?>
728	<?php echo $cookies_note ?>
729	</td>
730	</tr>
731	<tr>
732	+ <th scope="row" valign="top"><?php echo __('Notify on lockout','limit-login-attempts'); ?></th>
733	<td>
734	+ <input type="checkbox" name="lockout_notify_log" <?php echo $log_checked; ?> value="log" /> <?php echo __('Log IP','limit-login-attempts'); ?><br />
735	+ <input type="checkbox" name="lockout_notify_email" <?php echo $email_checked; ?> value="email" /> <?php echo __('Email to admin after','limit-login-attempts'); ?> <input type="text" size="3" maxlength="4" value="<?php echo($limit_login_notify_email_after); ?>" name="email_after" /> <?php echo __('lockouts','limit-login-attempts'); ?>
736	</td>
737	</tr>
738	</table>
739	<p class="submit">
740	+ <input name="update_options" value="<?php echo __('Change Options','limit-login-attempts'); ?>" type="submit" />
741	</p>
742	</form>
743	<?php

745
746	if (is_array($log) && count($log) > 0) {
747	?>
748	+ <h3><?php echo __('Lockout log','limit-login-attempts'); ?></h3>
749	<form action="options-general.php?page=limit-login-attempts" method="post">
750	<input type="hidden" value="true" name="clear_log" />
751	<p class="submit">
752	+ <input name="submit" value="<?php echo __('Clear Log','limit-login-attempts'); ?>" type="submit" />
753	</p>
754	</form>
755	<style type="text/css" media="screen">

773	</table>
774	</div>
775	<?php
776	+ } /* if showing $log */
777	?>
778
779	</div>

limit-login-attempts.pot ADDED Viewed

	@@ -0,0 +1,251 @@


1	+ # SOME DESCRIPTIVE TITLE.
2	+ # Copyright (C) YEAR Johan Eenfeldt
3	+ # This file is distributed under the same license as the PACKAGE package.
4	+ # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
5	+ #
6	+ #, fuzzy
7	+ msgid ""
8	+ msgstr ""
9	+ "Project-Id-Version: PACKAGE VERSION\n"
10	+ "Report-Msgid-Bugs-To: http://wordpress.org/tag/limit-login-attempts\n"
11	+ "POT-Creation-Date: 2009-01-16 00:37+0000\n"
12	+ "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
13	+ "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
14	+ "Language-Team: LANGUAGE <LL@li.org>\n"
15	+ "MIME-Version: 1.0\n"
16	+ "Content-Type: text/plain; charset=CHARSET\n"
17	+ "Content-Transfer-Encoding: 8bit\n"
18	+ "Plural-Forms: nplurals=INTEGER; plural=EXPRESSION;\n"
19	+
20	+ #: limit-login-attempts.php:315
21	+ #, php-format
22	+ msgid "%d hour"
23	+ msgid_plural "%d hours"
24	+ msgstr[0] ""
25	+ msgstr[1] ""
26	+
27	+ #: limit-login-attempts.php:320
28	+ #, php-format
29	+ msgid "%d minute"
30	+ msgid_plural "%d minutes"
31	+ msgstr[0] ""
32	+ msgstr[1] ""
33	+
34	+ #: limit-login-attempts.php:323
35	+ #, php-format
36	+ msgid "[%s] Too many failed login attempts"
37	+ msgstr ""
38	+
39	+ #: limit-login-attempts.php:325
40	+ #, php-format
41	+ msgid ""
42	+ "%d failed login attempts (%d lockout(s)) from IP: %s\r\n"
43	+ "\r\n"
44	+ msgstr ""
45	+
46	+ #: limit-login-attempts.php:329
47	+ #, php-format
48	+ msgid ""
49	+ "Last user attempted: %s\r\n"
50	+ "\r\n"
51	+ msgstr ""
52	+
53	+ #: limit-login-attempts.php:332
54	+ #, php-format
55	+ msgid "IP was blocked for %s"
56	+ msgstr ""
57	+
58	+ #: limit-login-attempts.php:389
59	+ msgid "<strong>ERROR</strong>: Too many failed login attempts."
60	+ msgstr ""
61	+
62	+ #: limit-login-attempts.php:393
63	+ msgid "Please try again later."
64	+ msgstr ""
65	+
66	+ #: limit-login-attempts.php:400
67	+ #, php-format
68	+ msgid "Please try again in %d hour."
69	+ msgid_plural "Please try again in %d hours."
70	+ msgstr[0] ""
71	+ msgstr[1] ""
72	+
73	+ #: limit-login-attempts.php:402
74	+ #, php-format
75	+ msgid "Please try again in %d minute."
76	+ msgid_plural "Please try again in %d minutes."
77	+ msgstr[0] ""
78	+ msgstr[1] ""
79	+
80	+ #: limit-login-attempts.php:440
81	+ #, php-format
82	+ msgid "<strong>%d</strong> attempt remaining."
83	+ msgid_plural "<strong>%d</strong> attempts remaining."
84	+ msgstr[0] ""
85	+ msgstr[1] ""
86	+
87	+ #: limit-login-attempts.php:527
88	+ #, php-format
89	+ msgid ""
90	+ "%s is unable to replace function wp_get_current_user(). Disable plugin "
91	+ "cookie login handling, or competing plugin."
92	+ msgstr ""
93	+
94	+ #: limit-login-attempts.php:546
95	+ msgid "IP\|Internet address"
96	+ msgstr ""
97	+
98	+ #: limit-login-attempts.php:546
99	+ msgid "Tried to log in as"
100	+ msgstr ""
101	+
102	+ #: limit-login-attempts.php:551
103	+ #, php-format
104	+ msgid "%d lockout"
105	+ msgid_plural "%d lockouts"
106	+ msgstr[0] ""
107	+ msgstr[1] ""
108	+
109	+ #: limit-login-attempts.php:577
110	+ msgid "Cleared IP log"
111	+ msgstr ""
112	+
113	+ #: limit-login-attempts.php:585
114	+ msgid "Reset lockout count"
115	+ msgstr ""
116	+
117	+ #: limit-login-attempts.php:593
118	+ msgid "Cleared current lockouts"
119	+ msgstr ""
120	+
121	+ #: limit-login-attempts.php:620
122	+ msgid "Options changed"
123	+ msgstr ""
124	+
125	+ #: limit-login-attempts.php:631
126	+ msgid "<strong>NOTE:</strong> Only works on Wordpress 2.7 or later"
127	+ msgstr ""
128	+
129	+ #: limit-login-attempts.php:644
130	+ msgid "Limit Login Attempts Settings"
131	+ msgstr ""
132	+
133	+ #: limit-login-attempts.php:645
134	+ msgid "Statistics"
135	+ msgstr ""
136	+
137	+ #: limit-login-attempts.php:649
138	+ msgid "Total lockouts"
139	+ msgstr ""
140	+
141	+ #: limit-login-attempts.php:652
142	+ msgid "Reset Counter"
143	+ msgstr ""
144	+
145	+ #: limit-login-attempts.php:653
146	+ #, php-format
147	+ msgid "%d lockout since last reset"
148	+ msgid_plural "%d lockouts since last reset"
149	+ msgstr[0] ""
150	+ msgstr[1] ""
151	+
152	+ #: limit-login-attempts.php:654
153	+ msgid "No lockouts yet"
154	+ msgstr ""
155	+
156	+ #: limit-login-attempts.php:659
157	+ msgid "Active lockouts"
158	+ msgstr ""
159	+
160	+ #: limit-login-attempts.php:661
161	+ msgid "Restore Lockouts"
162	+ msgstr ""
163	+
164	+ #: limit-login-attempts.php:662
165	+ #, php-format
166	+ msgid "%d IP is currently blocked from trying to log in"
167	+ msgstr ""
168	+
169	+ #: limit-login-attempts.php:672
170	+ msgid "Lockout"
171	+ msgstr ""
172	+
173	+ #: limit-login-attempts.php:674
174	+ msgid "allowed retries"
175	+ msgstr ""
176	+
177	+ #: limit-login-attempts.php:675
178	+ msgid "minutes lockout"
179	+ msgstr ""
180	+
181	+ #: limit-login-attempts.php:676
182	+ msgid "lockouts increase lockout time to"
183	+ msgstr ""
184	+
185	+ #: limit-login-attempts.php:676
186	+ msgid "hours"
187	+ msgstr ""
188	+
189	+ #: limit-login-attempts.php:677
190	+ msgid "hours until retries are reset"
191	+ msgstr ""
192	+
193	+ #: limit-login-attempts.php:681
194	+ msgid "Handle cookie login"
195	+ msgstr ""
196	+
197	+ #: limit-login-attempts.php:683
198	+ msgid "Yes"
199	+ msgstr ""
200	+
201	+ #: limit-login-attempts.php:683
202	+ msgid "No"
203	+ msgstr ""
204	+
205	+ #: limit-login-attempts.php:688
206	+ msgid "Notify on lockout"
207	+ msgstr ""
208	+
209	+ #: limit-login-attempts.php:690
210	+ msgid "Log IP"
211	+ msgstr ""
212	+
213	+ #: limit-login-attempts.php:691
214	+ msgid "Email to admin after"
215	+ msgstr ""
216	+
217	+ #: limit-login-attempts.php:691
218	+ msgid "lockouts"
219	+ msgstr ""
220	+
221	+ #: limit-login-attempts.php:696
222	+ msgid "Change Options"
223	+ msgstr ""
224	+
225	+ #: limit-login-attempts.php:704
226	+ msgid "Lockout log"
227	+ msgstr ""
228	+
229	+ #: limit-login-attempts.php:708
230	+ msgid "Clear Log"
231	+ msgstr ""
232	+
233	+ #. Plugin Name of an extension
234	+ msgid "Limit Login Attempts"
235	+ msgstr ""
236	+
237	+ #. Plugin URI of an extension
238	+ msgid "http://devel.kostdoktorn.se/limit-login-attempts"
239	+ msgstr ""
240	+
241	+ #. Description of an extension
242	+ msgid "Limit rate of login attempts, including by way of cookies, for each IP."
243	+ msgstr ""
244	+
245	+ #. Author of an extension
246	+ msgid "Johan Eenfeldt"
247	+ msgstr ""
248	+
249	+ #. Author URI of an extension
250	+ msgid "http://devel.kostdoktorn.se"
251	+ msgstr ""

readme.txt CHANGED Viewed

	@@ -1,9 +1,9 @@
1	=== Limit Login Attempts ===
2	Contributors: johanee
3	- Tags: login, security
4	Requires at least: 2.5
5	Tested up to: 2.7
6	- Stable tag: 1.0
7
8	Limit rate of login attempts, including by way of cookies, for each IP.
9
	@@ -30,9 +30,26 @@ Of possible note: when cookie login handling is activated plugin overrides the p
30	2. Activate the plugin through the WordPress admin interface.
31	3. Customize the settings from the options page, if desired.
32






33	== Screenshots ==
34
35	1. Loginscreen after failed login with retries remaining
36	2. Loginscreen after failed login during lockout
37	3. Administration interface in WordPress 2.7
38	4. Administration interface in WordPress 2.5


1	=== Limit Login Attempts ===
2	Contributors: johanee
3	+ Tags: login, security, authentication
4	Requires at least: 2.5
5	Tested up to: 2.7
6	+ Stable tag: 1.1
7
8	Limit rate of login attempts, including by way of cookies, for each IP.
9

30	2. Activate the plugin through the WordPress admin interface.
31	3. Customize the settings from the options page, if desired.
32
33	+ == Frequently Asked Questions ==
34	+
35	+ = What do I do if I get a notice that it was unable to replace wp_get_current_user()? =
36	+
37	+ This means another plugin or modification is already replacing this pluggable function (I do not yet know of any that do). Mail me with details about your plugins and we'll sort it out.
38	+
39	== Screenshots ==
40
41	1. Loginscreen after failed login with retries remaining
42	2. Loginscreen after failed login during lockout
43	3. Administration interface in WordPress 2.7
44	4. Administration interface in WordPress 2.5
45	+
46	+
47	+ == Version History ==
48	+
49	+ * Version 1.1
50	+ * Added translation support
51	+ * Added Swedish translation
52	+ * During lockout, filter out all other login errors.
53	+ * Minor cleanups
54	+ * Version 1.0
55	+ * Initial version