Login Security Solution - Version 0.17.0

Version Description

Files changed (6) hide show

	@@ -6,7 +6,7 @@
6	* Description: Requires very strong passwords, repels brute force login attacks, prevents login information disclosures, expires idle sessions, notifies admins of attacks and breaches, permits administrators to disable logins for maintenance or emergency reasons and reset all passwords.
7	*
8	* Plugin URI: http://wordpress.org/extend/plugins/login-security-solution/
9	- * Version: 0.16.0
10	* Author: Daniel Convissor
11	* Author URI: http://www.analysisandsolutions.com/
12	* License: GPLv2
	@@ -808,6 +808,11 @@ class login_security_solution {
808	if ($network_ip) {
809	// Can't use wpdb::prepare() because it adds quote marks.
810	$wpdb->escape_by_ref($network_ip);





811	$ip_search = "ip LIKE '$network_ip%'";
812	} else {
813	$ip_search = "ip = ''";
	@@ -818,12 +823,12 @@ class login_security_solution {
818	SUM(IF(user_login = '$user_name', 1, 0)) AS user_name,
819	SUM(IF(pass_md5 = '$pass_md5', 1, 0)) AS pass_md5
820	FROM `$this->table_fail`
821	- WHERE (~~ip LIKE '~~$~~network_ip%'~~
822	OR user_login = '$user_name'
823	OR pass_md5 = '$pass_md5')
824	AND date_failed > DATE_SUB(NOW(), INTERVAL "
825	. (int) $this->options['login_fail_minutes'] . " MINUTE)";
826	-
827	return $wpdb->get_row($sql, ARRAY_A);
828	}
829


6	* Description: Requires very strong passwords, repels brute force login attacks, prevents login information disclosures, expires idle sessions, notifies admins of attacks and breaches, permits administrators to disable logins for maintenance or emergency reasons and reset all passwords.
7	*
8	* Plugin URI: http://wordpress.org/extend/plugins/login-security-solution/
9	+ * Version: 0.17.0
10	* Author: Daniel Convissor
11	* Author URI: http://www.analysisandsolutions.com/
12	* License: GPLv2

808	if ($network_ip) {
809	// Can't use wpdb::prepare() because it adds quote marks.
810	$wpdb->escape_by_ref($network_ip);
811	+ if (strpos($network_ip, ':') === false) {
812	+ $network_ip .= '.';
813	+ } else {
814	+ $network_ip .= ':';
815	+ }
816	$ip_search = "ip LIKE '$network_ip%'";
817	} else {
818	$ip_search = "ip = ''";

823	SUM(IF(user_login = '$user_name', 1, 0)) AS user_name,
824	SUM(IF(pass_md5 = '$pass_md5', 1, 0)) AS pass_md5
825	FROM `$this->table_fail`
826	+ WHERE ($ip_search
827	OR user_login = '$user_name'
828	OR pass_md5 = '$pass_md5')
829	AND date_failed > DATE_SUB(NOW(), INTERVAL "
830	. (int) $this->options['login_fail_minutes'] . " MINUTE)";
831	+ $this->log($sql);
832	return $wpdb->get_row($sql, ARRAY_A);
833	}
834

readme.txt CHANGED Viewed

	@@ -4,7 +4,7 @@ Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=danie
4	Tags: login, password, passwords, strength, strong, strong passwords, password strength, idle, timeout, maintenance, security, attack, hack, lock, ban, brute force, brute, force, authentication, auth, cookie, users
5	Requires at least: 3.3
6	Tested up to: 3.4.1
7	- Stable tag: 0.16.0
8
9	Security against brute force attacks by tracking IP, name, password; requiring very strong passwords. Idle timeout. Maintenance mode. Multisite ready!
10
	@@ -275,6 +275,10 @@ then `cd` into that directory and run:
275
276	== Changelog ==
277




278	= 0.16.0 =
279	* Have shell script gracefully handle value already being the desired value.
280


4	Tags: login, password, passwords, strength, strong, strong passwords, password strength, idle, timeout, maintenance, security, attack, hack, lock, ban, brute force, brute, force, authentication, auth, cookie, users
5	Requires at least: 3.3
6	Tested up to: 3.4.1
7	+ Stable tag: 0.17.0
8
9	Security against brute force attacks by tracking IP, name, password; requiring very strong passwords. Idle timeout. Maintenance mode. Multisite ready!
10

275
276	== Changelog ==
277
278	+ = 0.17.0 =
279	+ * Fix network IP query in get_login_fail(). (Bug #1553, deanmarktaylor)
280	+ * Rename files holding expected test results. (Bug #1552, deanmarktaylor)
281	+
282	= 0.16.0 =
283	* Have shell script gracefully handle value already being the desired value.
284

tests/LoginFailTest.php CHANGED Viewed

	@@ -41,9 +41,9 @@ class LoginFailTest extends TestCase {
41	$this->markTestSkipped("The " . self::$lss->table_fail . " table doesn't exist or isn't using the InnoDB engine. Probably the plugin hasn't been activated.");
42	}
43
44	- $this->ip = '1.2.3.4';
45	$_SERVER['REMOTE_ADDR'] = $this->ip;
46	- $this->network_ip = '1.2.3';
47
48	$this->user_name = 'test';
49	$this->pass_md5 = 'ababab';
	@@ -88,6 +88,22 @@ class LoginFailTest extends TestCase {
88	$this->assertEquals($expected, $actual);
89	}
90
















91	/**
92	* @depends test_insert_fail
93	*/


41	$this->markTestSkipped("The " . self::$lss->table_fail . " table doesn't exist or isn't using the InnoDB engine. Probably the plugin hasn't been activated.");
42	}
43
44	+ $this->ip = '1.2.38.4';
45	$_SERVER['REMOTE_ADDR'] = $this->ip;
46	+ $this->network_ip = '1.2.38';
47
48	$this->user_name = 'test';
49	$this->pass_md5 = 'ababab';

88	$this->assertEquals($expected, $actual);
89	}
90
91	+ /**
92	+ * @depends test_get_login_fail
93	+ */
94	+ public function test_get_login_fail_shorter_network() {
95	+ $expected = array(
96	+ 'total' => '0',
97	+ 'network_ip' => null,
98	+ 'user_name' => null,
99	+ 'pass_md5' => null,
100	+ );
101	+
102	+ $actual = self::$lss->get_login_fail('1.2.3', 'nunca', 'nada');
103	+
104	+ $this->assertEquals($expected, $actual);
105	+ }
106	+
107	/**
108	* @depends test_insert_fail
109	*/

tests/TestCase.php CHANGED Viewed

	@@ -371,8 +371,9 @@ abstract class TestCase extends PHPUnit_Framework_TestCase {
371	$this->fail('wp_mail() has not been called.');
372	}
373

374	$this->assertStringMatchesFormatFile(
375	- dirname(__FILE__) . '/expected/' . ~~self::$mail_file_basename~~,
376	file_get_contents(self::$mail_file)
377	);
378	}


371	$this->fail('wp_mail() has not been called.');
372	}
373
374	+ $basename = str_replace('::', '--', self::$mail_file_basename);
375	$this->assertStringMatchesFormatFile(
376	+ dirname(__FILE__) . '/expected/' . $basename,
377	file_get_contents(self::$mail_file)
378	);
379	}

tests/expected/{LoginFailTest::test_process_login_fail__post_threshold → LoginFailTest--test_process_login_fail__post_threshold} RENAMED Viewed

	@@ -7,7 +7,7 @@ There have been at least 4 failed attempts to log in during the past 60 minutes
7
8	Component Count Value from Current Attempt
9	------------ ----- --------------------------------
10	- Network IP 4 1.2.3
11	Username 4 test
12	Password MD5 2 %s
13


7
8	Component Count Value from Current Attempt
9	------------ ----- --------------------------------
10	+ Network IP 4 1.2.38
11	Username 4 test
12	Password MD5 2 %s
13

tests/expected/{LoginFailTest::test_wp_login__post_breach_threshold → LoginFailTest--test_wp_login__post_breach_threshold} RENAMED Viewed

	@@ -7,7 +7,7 @@ Someone just logged in using the following components. Prior to that, some combi
7
8	Component Count Value from Current Attempt
9	------------ ----- --------------------------------
10	- Network IP 4 1.2.3
11	Username 4 test
12	Password MD5 %d %s
13


7
8	Component Count Value from Current Attempt
9	------------ ----- --------------------------------
10	+ Network IP 4 1.2.38
11	Username 4 test
12	Password MD5 %d %s
13