Login LockDown - Version 1.1

Version Description

Download this release

Release Info

Developer mvandemar
Plugin Icon 128x128 Login LockDown
Version 1.1
Comparing to
See all releases

Code changes from version 1.2 to 1.1

Files changed (3) hide show
  1. loginlockdown.php +32 -45
  2. readme.txt +4 -4
  3. version.txt +1 -1
loginlockdown.php CHANGED
@@ -2,7 +2,7 @@
2
/*
3
Plugin Name: Login LockDown
4
Plugin URI: http://www.bad-neighborhood.com/
5
- Version: v1.2
6
Author: Michael VanDeMar
7
Description: Adds some extra security to WordPress by restricting the rate at which failed logins can be re-attempted from a given IP range. Distributed through <a href="http://www.bad-neighborhood.com/" target="_blank">Bad Neighborhood</a>.
8
*/
@@ -15,15 +15,12 @@ Description: Adds some extra security to WordPress by restricting the rate at wh
15
*
16
* ver. 1.1 01-Sep-2007
17
* - revised time query to MySQL 4.0 compatability
18
- *
19
- * ver. 1.2 15-Jun-2008
20
- * - now compatible with WordPress 2.5 and up only
21
*/
22
23
/*
24
== Installation ==
25
26
- 1. Extract loginlockdown-1.2.zip into your wp-content/plugins directory into its own folder.
27
2. Activate the plugin in the Plugin options.
28
3. Customize the settings from the Options panel, if desired.
29
@@ -255,67 +252,57 @@ function loginlockdown_ap() {
255
}
256
}
257
258
- function ll_credit_link(){
259
- echo "<p>Login form protected by <a href='http://www.bad-neighborhood.com/login-lockdown.html'>Login LockDown</a>.</p>";
260
- }
261
-
262
//Actions and Filters
263
if ( isset($loginlockdown_db_version) ) {
264
//Actions
265
add_action('admin_menu', 'loginlockdown_ap');
266
add_action('activate_loginlockdown/loginlockdown.php', 'loginLockdown_install');
267
- add_action('login_form', 'll_credit_link');
268
//Filters
269
//Functions
270
- if ( !function_exists('wp_authenticate') ) :
271
- function wp_authenticate($username, $password) {
272
global $wpdb, $error;
273
global $loginlockdownOptions;
274
275
if ( 0 < isLockedDown() ) {
276
- return new WP_Error('incorrect_password', "<strong>ERROR</strong>: We're sorry, but this IP range has been blocked due to too many recent " .
277
"failed login attempts.<br /><br />Please try again later.");
278
}
279
280
if ( '' == $username )
281
- return new WP_Error('empty_username', __('<strong>ERROR</strong>: The username field is empty.'));
282
283
if ( '' == $password ) {
284
- return new WP_Error('empty_password', __('<strong>ERROR</strong>: The password field is empty.'));
285
- }
286
-
287
- $user = get_userdatabylogin($username);
288
-
289
- if ( !$user || ($user->user_login != $username) ) {
290
- do_action( 'wp_login_failed', $username );
291
- return new WP_Error('invalid_username', __('<strong>ERROR</strong>: Invalid username.'));
292
}
293
294
- $user = apply_filters('wp_authenticate_user', $user, $password);
295
- if ( is_wp_error($user) ) {
296
- incrementFails($username);
297
- if ( $loginlockdownOptions['max_login_retries'] <= countFails($username) ) {
298
- lockDown($username);
299
- return new WP_Error('incorrect_password', __("<strong>ERROR</strong>: We're sorry, but this IP range has been blocked due to too many recent " .
300
- "failed login attempts.<br /><br />Please try again later."));
301
}
302
- do_action( 'wp_login_failed', $username );
303
- return $user;
304
}
305
-
306
- if ( !wp_check_password($password, $user->user_pass, $user->ID) ) {
307
- incrementFails($username);
308
- if ( $loginlockdownOptions['max_login_retries'] <= countFails($username) ) {
309
- lockDown($username);
310
- return new WP_Error('incorrect_password', __("<strong>ERROR</strong>: We're sorry, but this IP range has been blocked due to too many recent " .
311
- "failed login attempts.<br /><br />Please try again later."));
312
- }
313
- do_action( 'wp_login_failed', $username );
314
- return new WP_Error('incorrect_password', __('<strong>ERROR</strong>: Incorrect password.'));
315
- }
316
-
317
- return new WP_User($user->ID);
318
-
319
}
320
endif;
321
}
2
/*
3
Plugin Name: Login LockDown
4
Plugin URI: http://www.bad-neighborhood.com/
5
+ Version: v1.1
6
Author: Michael VanDeMar
7
Description: Adds some extra security to WordPress by restricting the rate at which failed logins can be re-attempted from a given IP range. Distributed through <a href="http://www.bad-neighborhood.com/" target="_blank">Bad Neighborhood</a>.
8
*/
15
*
16
* ver. 1.1 01-Sep-2007
17
* - revised time query to MySQL 4.0 compatability
18
*/
19
20
/*
21
== Installation ==
22
23
+ 1. Extract loginlockdown-1.0.zip into your wp-content/plugins directory into its own folder.
24
2. Activate the plugin in the Plugin options.
25
3. Customize the settings from the Options panel, if desired.
26
252
}
253
}
254
255
//Actions and Filters
256
if ( isset($loginlockdown_db_version) ) {
257
//Actions
258
add_action('admin_menu', 'loginlockdown_ap');
259
add_action('activate_loginlockdown/loginlockdown.php', 'loginLockdown_install');
260
//Filters
261
//Functions
262
+ if ( !function_exists('wp_login') ) :
263
+ function wp_login($username, $password, $already_md5 = false) {
264
global $wpdb, $error;
265
global $loginlockdownOptions;
266
267
if ( 0 < isLockedDown() ) {
268
+ $error = __("<strong>ERROR</strong>: We're sorry, but this IP range has been blocked due to too many recent " .
269
"failed login attempts.<br /><br />Please try again later.");
270
+ $pwd = '';
271
+ return false;
272
}
273
274
if ( '' == $username )
275
+ return false;
276
277
if ( '' == $password ) {
278
+ $error = __('<strong>ERROR</strong>: The password field is empty.');
279
+ return false;
280
}
281
282
+ $login = get_userdatabylogin($username);
283
+ //$login = $wpdb->get_row("SELECT ID, user_login, user_pass FROM $wpdb->users WHERE user_login = '$username'");
284
+
285
+ if (!$login) {
286
+ $error = __('<strong>ERROR</strong>: Invalid username.');
287
+ return false;
288
+ } else {
289
+ // If the password is already_md5, it has been double hashed.
290
+ // Otherwise, it is plain text.
291
+ if ( ($already_md5 && md5($login->user_pass) == $password) || ($login->user_login == $username && $login->user_pass == md5($password)) ) {
292
+ return true;
293
+ } else {
294
+ incrementFails($username);
295
+ $error = __('<strong>ERROR</strong>: Incorrect password.');
296
+ if ( $loginlockdownOptions['max_login_retries'] <= countFails($username) ) {
297
+ lockDown($username);
298
+ $error = __("<strong>ERROR</strong>: We're sorry, but this IP range has been blocked due to too many recent " .
299
+ "failed login attempts.<br /><br />Please try again later.");
300
+ }
301
+
302
+ $pwd = '';
303
+ return false;
304
}
305
}
306
}
307
endif;
308
}
readme.txt CHANGED
@@ -1,9 +1,9 @@
1
=== Login LockDown ===
2
Developer: Michael VanDeMar (michael@endlesspoetry.com)
3
Tags: security, login
4
- Requires at least: 2.5
5
- Tested up to: 2.5.1
6
- Stable Tag: 1.2
7
8
Limits the number of login attempts from a given IP range within a certain time period.
9
@@ -18,7 +18,7 @@ via the Options panel. Admisitrators can release locked out IP ranges manually f
18
19
== Installation ==
20
21
- 1. Extract loginlockdown-1.2.zip into your wp-content/plugins directory into its own folder.
22
2. Activate the plugin in the Plugin options.
23
3. Customize the settings from the Options panel, if desired.
24
1
=== Login LockDown ===
2
Developer: Michael VanDeMar (michael@endlesspoetry.com)
3
Tags: security, login
4
+ Requires at least: 2.1
5
+ Tested up to: 2.2
6
+ Stable Tag: 1.1
7
8
Limits the number of login attempts from a given IP range within a certain time period.
9
18
19
== Installation ==
20
21
+ 1. Extract loginlockdown-1.1.zip into your wp-content/plugins directory into its own folder.
22
2. Activate the plugin in the Plugin options.
23
3. Customize the settings from the Options panel, if desired.
24
version.txt CHANGED
@@ -1 +1 @@
1
- 1.2
1
+ 1.1