Version Description
- Fix network IP query in get_login_fail(). (Bug #1553, deanmarktaylor)
- Rename files holding expected test results. (Bug #1552, deanmarktaylor)
Download this release
Release Info
Developer | convissor |
Plugin | Login Security Solution |
Version | 0.17.0 |
Comparing to | |
See all releases |
Code changes from version 0.16.0 to 0.17.0
- login-security-solution.php +8 -3
- readme.txt +5 -1
- tests/LoginFailTest.php +18 -2
- tests/TestCase.php +2 -1
- tests/expected/{LoginFailTest::test_process_login_fail__post_threshold → LoginFailTest--test_process_login_fail__post_threshold} +1 -1
- tests/expected/{LoginFailTest::test_wp_login__post_breach_threshold → LoginFailTest--test_wp_login__post_breach_threshold} +1 -1
login-security-solution.php
CHANGED
@@ -6,7 +6,7 @@
|
|
6 |
* Description: Requires very strong passwords, repels brute force login attacks, prevents login information disclosures, expires idle sessions, notifies admins of attacks and breaches, permits administrators to disable logins for maintenance or emergency reasons and reset all passwords.
|
7 |
*
|
8 |
* Plugin URI: http://wordpress.org/extend/plugins/login-security-solution/
|
9 |
-
* Version: 0.
|
10 |
* Author: Daniel Convissor
|
11 |
* Author URI: http://www.analysisandsolutions.com/
|
12 |
* License: GPLv2
|
@@ -808,6 +808,11 @@ class login_security_solution {
|
|
808 |
if ($network_ip) {
|
809 |
// Can't use wpdb::prepare() because it adds quote marks.
|
810 |
$wpdb->escape_by_ref($network_ip);
|
|
|
|
|
|
|
|
|
|
|
811 |
$ip_search = "ip LIKE '$network_ip%'";
|
812 |
} else {
|
813 |
$ip_search = "ip = ''";
|
@@ -818,12 +823,12 @@ class login_security_solution {
|
|
818 |
SUM(IF(user_login = '$user_name', 1, 0)) AS user_name,
|
819 |
SUM(IF(pass_md5 = '$pass_md5', 1, 0)) AS pass_md5
|
820 |
FROM `$this->table_fail`
|
821 |
-
WHERE (
|
822 |
OR user_login = '$user_name'
|
823 |
OR pass_md5 = '$pass_md5')
|
824 |
AND date_failed > DATE_SUB(NOW(), INTERVAL "
|
825 |
. (int) $this->options['login_fail_minutes'] . " MINUTE)";
|
826 |
-
|
827 |
return $wpdb->get_row($sql, ARRAY_A);
|
828 |
}
|
829 |
|
6 |
* Description: Requires very strong passwords, repels brute force login attacks, prevents login information disclosures, expires idle sessions, notifies admins of attacks and breaches, permits administrators to disable logins for maintenance or emergency reasons and reset all passwords.
|
7 |
*
|
8 |
* Plugin URI: http://wordpress.org/extend/plugins/login-security-solution/
|
9 |
+
* Version: 0.17.0
|
10 |
* Author: Daniel Convissor
|
11 |
* Author URI: http://www.analysisandsolutions.com/
|
12 |
* License: GPLv2
|
808 |
if ($network_ip) {
|
809 |
// Can't use wpdb::prepare() because it adds quote marks.
|
810 |
$wpdb->escape_by_ref($network_ip);
|
811 |
+
if (strpos($network_ip, ':') === false) {
|
812 |
+
$network_ip .= '.';
|
813 |
+
} else {
|
814 |
+
$network_ip .= ':';
|
815 |
+
}
|
816 |
$ip_search = "ip LIKE '$network_ip%'";
|
817 |
} else {
|
818 |
$ip_search = "ip = ''";
|
823 |
SUM(IF(user_login = '$user_name', 1, 0)) AS user_name,
|
824 |
SUM(IF(pass_md5 = '$pass_md5', 1, 0)) AS pass_md5
|
825 |
FROM `$this->table_fail`
|
826 |
+
WHERE ($ip_search
|
827 |
OR user_login = '$user_name'
|
828 |
OR pass_md5 = '$pass_md5')
|
829 |
AND date_failed > DATE_SUB(NOW(), INTERVAL "
|
830 |
. (int) $this->options['login_fail_minutes'] . " MINUTE)";
|
831 |
+
$this->log($sql);
|
832 |
return $wpdb->get_row($sql, ARRAY_A);
|
833 |
}
|
834 |
|
readme.txt
CHANGED
@@ -4,7 +4,7 @@ Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=danie
|
|
4 |
Tags: login, password, passwords, strength, strong, strong passwords, password strength, idle, timeout, maintenance, security, attack, hack, lock, ban, brute force, brute, force, authentication, auth, cookie, users
|
5 |
Requires at least: 3.3
|
6 |
Tested up to: 3.4.1
|
7 |
-
Stable tag: 0.
|
8 |
|
9 |
Security against brute force attacks by tracking IP, name, password; requiring very strong passwords. Idle timeout. Maintenance mode. Multisite ready!
|
10 |
|
@@ -275,6 +275,10 @@ then `cd` into that directory and run:
|
|
275 |
|
276 |
== Changelog ==
|
277 |
|
|
|
|
|
|
|
|
|
278 |
= 0.16.0 =
|
279 |
* Have shell script gracefully handle value already being the desired value.
|
280 |
|
4 |
Tags: login, password, passwords, strength, strong, strong passwords, password strength, idle, timeout, maintenance, security, attack, hack, lock, ban, brute force, brute, force, authentication, auth, cookie, users
|
5 |
Requires at least: 3.3
|
6 |
Tested up to: 3.4.1
|
7 |
+
Stable tag: 0.17.0
|
8 |
|
9 |
Security against brute force attacks by tracking IP, name, password; requiring very strong passwords. Idle timeout. Maintenance mode. Multisite ready!
|
10 |
|
275 |
|
276 |
== Changelog ==
|
277 |
|
278 |
+
= 0.17.0 =
|
279 |
+
* Fix network IP query in get_login_fail(). (Bug #1553, deanmarktaylor)
|
280 |
+
* Rename files holding expected test results. (Bug #1552, deanmarktaylor)
|
281 |
+
|
282 |
= 0.16.0 =
|
283 |
* Have shell script gracefully handle value already being the desired value.
|
284 |
|
tests/LoginFailTest.php
CHANGED
@@ -41,9 +41,9 @@ class LoginFailTest extends TestCase {
|
|
41 |
$this->markTestSkipped("The " . self::$lss->table_fail . " table doesn't exist or isn't using the InnoDB engine. Probably the plugin hasn't been activated.");
|
42 |
}
|
43 |
|
44 |
-
$this->ip = '1.2.
|
45 |
$_SERVER['REMOTE_ADDR'] = $this->ip;
|
46 |
-
$this->network_ip = '1.2.
|
47 |
|
48 |
$this->user_name = 'test';
|
49 |
$this->pass_md5 = 'ababab';
|
@@ -88,6 +88,22 @@ class LoginFailTest extends TestCase {
|
|
88 |
$this->assertEquals($expected, $actual);
|
89 |
}
|
90 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
91 |
/**
|
92 |
* @depends test_insert_fail
|
93 |
*/
|
41 |
$this->markTestSkipped("The " . self::$lss->table_fail . " table doesn't exist or isn't using the InnoDB engine. Probably the plugin hasn't been activated.");
|
42 |
}
|
43 |
|
44 |
+
$this->ip = '1.2.38.4';
|
45 |
$_SERVER['REMOTE_ADDR'] = $this->ip;
|
46 |
+
$this->network_ip = '1.2.38';
|
47 |
|
48 |
$this->user_name = 'test';
|
49 |
$this->pass_md5 = 'ababab';
|
88 |
$this->assertEquals($expected, $actual);
|
89 |
}
|
90 |
|
91 |
+
/**
|
92 |
+
* @depends test_get_login_fail
|
93 |
+
*/
|
94 |
+
public function test_get_login_fail_shorter_network() {
|
95 |
+
$expected = array(
|
96 |
+
'total' => '0',
|
97 |
+
'network_ip' => null,
|
98 |
+
'user_name' => null,
|
99 |
+
'pass_md5' => null,
|
100 |
+
);
|
101 |
+
|
102 |
+
$actual = self::$lss->get_login_fail('1.2.3', 'nunca', 'nada');
|
103 |
+
|
104 |
+
$this->assertEquals($expected, $actual);
|
105 |
+
}
|
106 |
+
|
107 |
/**
|
108 |
* @depends test_insert_fail
|
109 |
*/
|
tests/TestCase.php
CHANGED
@@ -371,8 +371,9 @@ abstract class TestCase extends PHPUnit_Framework_TestCase {
|
|
371 |
$this->fail('wp_mail() has not been called.');
|
372 |
}
|
373 |
|
|
|
374 |
$this->assertStringMatchesFormatFile(
|
375 |
-
dirname(__FILE__) . '/expected/' .
|
376 |
file_get_contents(self::$mail_file)
|
377 |
);
|
378 |
}
|
371 |
$this->fail('wp_mail() has not been called.');
|
372 |
}
|
373 |
|
374 |
+
$basename = str_replace('::', '--', self::$mail_file_basename);
|
375 |
$this->assertStringMatchesFormatFile(
|
376 |
+
dirname(__FILE__) . '/expected/' . $basename,
|
377 |
file_get_contents(self::$mail_file)
|
378 |
);
|
379 |
}
|
tests/expected/{LoginFailTest::test_process_login_fail__post_threshold → LoginFailTest--test_process_login_fail__post_threshold}
RENAMED
@@ -7,7 +7,7 @@ There have been at least 4 failed attempts to log in during the past 60 minutes
|
|
7 |
|
8 |
Component Count Value from Current Attempt
|
9 |
------------ ----- --------------------------------
|
10 |
-
Network IP 4 1.2.
|
11 |
Username 4 test
|
12 |
Password MD5 2 %s
|
13 |
|
7 |
|
8 |
Component Count Value from Current Attempt
|
9 |
------------ ----- --------------------------------
|
10 |
+
Network IP 4 1.2.38
|
11 |
Username 4 test
|
12 |
Password MD5 2 %s
|
13 |
|
tests/expected/{LoginFailTest::test_wp_login__post_breach_threshold → LoginFailTest--test_wp_login__post_breach_threshold}
RENAMED
@@ -7,7 +7,7 @@ Someone just logged in using the following components. Prior to that, some combi
|
|
7 |
|
8 |
Component Count Value from Current Attempt
|
9 |
------------ ----- --------------------------------
|
10 |
-
Network IP 4 1.2.
|
11 |
Username 4 test
|
12 |
Password MD5 %d %s
|
13 |
|
7 |
|
8 |
Component Count Value from Current Attempt
|
9 |
------------ ----- --------------------------------
|
10 |
+
Network IP 4 1.2.38
|
11 |
Username 4 test
|
12 |
Password MD5 %d %s
|
13 |
|