Login LockDown - Version 1.1

Version Description

Release Info

Developer	mvandemar
Plugin	Login LockDown
Version	1.1
Comparing to
See all releases

Code changes from version 1.2 to 1.1

Files changed (3) hide show

loginlockdown.php +32 -45
readme.txt +4 -4
version.txt +1 -1

loginlockdown.php CHANGED Viewed

	@@ -2,7 +2,7 @@
2	/*
3	Plugin Name: Login LockDown
4	Plugin URI: http://www.bad-neighborhood.com/
5	- Version: v1.2
6	Author: Michael VanDeMar
7	Description: Adds some extra security to WordPress by restricting the rate at which failed logins can be re-attempted from a given IP range. Distributed through <a href="http://www.bad-neighborhood.com/" target="_blank">Bad Neighborhood</a>.
8	*/
	@@ -15,15 +15,12 @@ Description: Adds some extra security to WordPress by restricting the rate at wh
15	*
16	* ver. 1.1 01-Sep-2007
17	* - revised time query to MySQL 4.0 compatability
18	- *
19	- * ver. 1.2 15-Jun-2008
20	- * - now compatible with WordPress 2.5 and up only
21	*/
22
23	/*
24	== Installation ==
25
26	- 1. Extract loginlockdown-1.2.zip into your wp-content/plugins directory into its own folder.
27	2. Activate the plugin in the Plugin options.
28	3. Customize the settings from the Options panel, if desired.
29
	@@ -255,67 +252,57 @@ function loginlockdown_ap() {
255	}
256	}
257
258	- function ll_credit_link(){
259	- echo "<p>Login form protected by <a href='http://www.bad-neighborhood.com/login-lockdown.html'>Login LockDown</a>.</p>";
260	- }
261	-
262	//Actions and Filters
263	if ( isset($loginlockdown_db_version) ) {
264	//Actions
265	add_action('admin_menu', 'loginlockdown_ap');
266	add_action('activate_loginlockdown/loginlockdown.php', 'loginLockdown_install');
267	- add_action('login_form', 'll_credit_link');
268	//Filters
269	//Functions
270	- if ( !function_exists('~~wp_authenticate~~') ) :
271	- function ~~wp_authenticate~~($username, $password) {
272	global $wpdb, $error;
273	global $loginlockdownOptions;
274
275	if ( 0 < isLockedDown() ) {
276	- ~~return~~ ~~new~~ ~~WP_Error~~(~~'incorrect_password',~~ "<strong>ERROR</strong>: We're sorry, but this IP range has been blocked due to too many recent " .
277	"failed login attempts.<br /><br />Please try again later.");


278	}
279
280	if ( '' == $username )
281	- return ~~new WP_Error('empty_username', __('<strong>ERROR</strong>: The username field is empty.'))~~;
282
283	if ( '' == $password ) {
284	- ~~return~~ ~~new~~ ~~WP_Error('empty_password',~~ __('<strong>ERROR</strong>: The password field is empty.'));
285	- }
286	-
287	- $user = get_userdatabylogin($username);
288	-
289	- if ( !$user \|\| ($user->user_login != $username) ) {
290	- do_action( 'wp_login_failed', $username );
291	- return new WP_Error('invalid_username', __('<strong>ERROR</strong>: Invalid username.'));
292	}
293
294	- $~~user~~ = ~~apply_filters~~(~~'wp_authenticate_user',~~ $~~user, $password~~);
295	- if ( ~~is_wp_error(~~$~~user)~~ ) {
296	- ~~incrementFails($username);~~
297	- if ( ~~$loginlockdownOptions['max_login_retries'] <= countFails($username~~) ) {
298	- ~~lockDown~~($username);
299	- return ~~new WP_Error('incorrect_password', __("<strong>ERROR</strong>: We're sorry, but this IP range has been blocked due to too many recent " .~~
300	- ~~"failed~~ ~~login~~ ~~attempts.<br /><br />Please try again later."));~~















301	}
302	- do_action( 'wp_login_failed', $username );
303	- return $user;
304	}
305	-
306	- if ( !wp_check_password($password, $user->user_pass, $user->ID) ) {
307	- incrementFails($username);
308	- if ( $loginlockdownOptions['max_login_retries'] <= countFails($username) ) {
309	- lockDown($username);
310	- return new WP_Error('incorrect_password', __("<strong>ERROR</strong>: We're sorry, but this IP range has been blocked due to too many recent " .
311	- "failed login attempts.<br /><br />Please try again later."));
312	- }
313	- do_action( 'wp_login_failed', $username );
314	- return new WP_Error('incorrect_password', __('<strong>ERROR</strong>: Incorrect password.'));
315	- }
316	-
317	- return new WP_User($user->ID);
318	-
319	}
320	endif;
321	}


2	/*
3	Plugin Name: Login LockDown
4	Plugin URI: http://www.bad-neighborhood.com/
5	+ Version: v1.1
6	Author: Michael VanDeMar
7	Description: Adds some extra security to WordPress by restricting the rate at which failed logins can be re-attempted from a given IP range. Distributed through <a href="http://www.bad-neighborhood.com/" target="_blank">Bad Neighborhood</a>.
8	*/

15	*
16	* ver. 1.1 01-Sep-2007
17	* - revised time query to MySQL 4.0 compatability



18	*/
19
20	/*
21	== Installation ==
22
23	+ 1. Extract loginlockdown-1.0.zip into your wp-content/plugins directory into its own folder.
24	2. Activate the plugin in the Plugin options.
25	3. Customize the settings from the Options panel, if desired.
26

252	}
253	}
254




255	//Actions and Filters
256	if ( isset($loginlockdown_db_version) ) {
257	//Actions
258	add_action('admin_menu', 'loginlockdown_ap');
259	add_action('activate_loginlockdown/loginlockdown.php', 'loginLockdown_install');

260	//Filters
261	//Functions
262	+ if ( !function_exists('wp_login') ) :
263	+ function wp_login($username, $password, $already_md5 = false) {
264	global $wpdb, $error;
265	global $loginlockdownOptions;
266
267	if ( 0 < isLockedDown() ) {
268	+ $error = __("<strong>ERROR</strong>: We're sorry, but this IP range has been blocked due to too many recent " .
269	"failed login attempts.<br /><br />Please try again later.");
270	+ $pwd = '';
271	+ return false;
272	}
273
274	if ( '' == $username )
275	+ return false;
276
277	if ( '' == $password ) {
278	+ $error = __('<strong>ERROR</strong>: The password field is empty.');
279	+ return false;






280	}
281
282	+ $login = get_userdatabylogin($username);
283	+ //$login = $wpdb->get_row("SELECT ID, user_login, user_pass FROM $wpdb->users WHERE user_login = '$username'");
284	+
285	+ if (!$login) {
286	+ $error = __('<strong>ERROR</strong>: Invalid username.');
287	+ return false;
288	+ } else {
289	+ // If the password is already_md5, it has been double hashed.
290	+ // Otherwise, it is plain text.
291	+ if ( ($already_md5 && md5($login->user_pass) == $password) \|\| ($login->user_login == $username && $login->user_pass == md5($password)) ) {
292	+ return true;
293	+ } else {
294	+ incrementFails($username);
295	+ $error = __('<strong>ERROR</strong>: Incorrect password.');
296	+ if ( $loginlockdownOptions['max_login_retries'] <= countFails($username) ) {
297	+ lockDown($username);
298	+ $error = __("<strong>ERROR</strong>: We're sorry, but this IP range has been blocked due to too many recent " .
299	+ "failed login attempts.<br /><br />Please try again later.");
300	+ }
301	+
302	+ $pwd = '';
303	+ return false;
304	}


305	}














306	}
307	endif;
308	}

readme.txt CHANGED Viewed

	@@ -1,9 +1,9 @@
1	=== Login LockDown ===
2	Developer: Michael VanDeMar (michael@endlesspoetry.com)
3	Tags: security, login
4	- Requires at least: 2.5
5	- Tested up to: 2.~~5.1~~
6	- Stable Tag: 1.2
7
8	Limits the number of login attempts from a given IP range within a certain time period.
9
	@@ -18,7 +18,7 @@ via the Options panel. Admisitrators can release locked out IP ranges manually f
18
19	== Installation ==
20
21	- 1. Extract loginlockdown-1.2.zip into your wp-content/plugins directory into its own folder.
22	2. Activate the plugin in the Plugin options.
23	3. Customize the settings from the Options panel, if desired.
24


1	=== Login LockDown ===
2	Developer: Michael VanDeMar (michael@endlesspoetry.com)
3	Tags: security, login
4	+ Requires at least: 2.1
5	+ Tested up to: 2.2
6	+ Stable Tag: 1.1
7
8	Limits the number of login attempts from a given IP range within a certain time period.
9

18
19	== Installation ==
20
21	+ 1. Extract loginlockdown-1.1.zip into your wp-content/plugins directory into its own folder.
22	2. Activate the plugin in the Plugin options.
23	3. Customize the settings from the Options panel, if desired.
24

version.txt CHANGED Viewed

	@@ -1 +1 @@
1	- 1.2


1	+ 1.1