Version Description
- Fix logging user out a second time after WordPress expires cookies.
- It turns out this plugin requires WordPress 3.3, not 3.0.
- Tested under WordPress 3.3.2 regular and 3.4beta2 multisite.
- Unit tests pass using PHP 5.4.0RC8-dev, 5.3.11-dev, and 5.2.18-dev.
Download this release
Release Info
Developer | convissor |
Plugin | Login Security Solution |
Version | 0.8.0 |
Comparing to | |
See all releases |
Code changes from version 0.7.0 to 0.8.0
- login-security-solution.php +28 -2
- readme.txt +8 -2
- tests/IdleTest.php +63 -1
login-security-solution.php
CHANGED
@@ -6,7 +6,7 @@
|
|
6 |
* Description: Requires very strong passwords, repels brute force login attacks, prevents login information disclosures, expires idle sessions, notifies admins of attacks and breaches, permits administrators to disable logins for maintenance or emergency reasons and reset all passwords.
|
7 |
*
|
8 |
* Plugin URI: http://wordpress.org/extend/plugins/login-security-solution/
|
9 |
-
* Version: 0.
|
10 |
* Author: Daniel Convissor
|
11 |
* Author URI: http://www.analysisandsolutions.com/
|
12 |
* License: GPLv2
|
@@ -190,6 +190,7 @@ class login_security_solution {
|
|
190 |
if ($this->options['idle_timeout']) {
|
191 |
add_action('wp_login', array(&$this, 'delete_last_active'));
|
192 |
add_action('wp_logout', array(&$this, 'delete_last_active'));
|
|
|
193 |
}
|
194 |
|
195 |
if ($this->options['login_fail_breach_notify']
|
@@ -286,6 +287,28 @@ class login_security_solution {
|
|
286 |
* ===== ACTION & FILTER CALLBACK METHODS =====
|
287 |
*/
|
288 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
289 |
/**
|
290 |
* Redirects the current user to the login screen if their password
|
291 |
* is expired or needs to be reset
|
@@ -373,7 +396,7 @@ class login_security_solution {
|
|
373 |
* NOTE: This method is automatically called by WordPress when users
|
374 |
* log in or out.
|
375 |
*
|
376 |
-
* @return
|
377 |
*/
|
378 |
public function delete_last_active() {
|
379 |
global $user_ID, $user_name;
|
@@ -383,6 +406,9 @@ class login_security_solution {
|
|
383 |
return;
|
384 |
}
|
385 |
$user = get_user_by('login', $user_name);
|
|
|
|
|
|
|
386 |
$user_ID = $user->ID;
|
387 |
}
|
388 |
|
6 |
* Description: Requires very strong passwords, repels brute force login attacks, prevents login information disclosures, expires idle sessions, notifies admins of attacks and breaches, permits administrators to disable logins for maintenance or emergency reasons and reset all passwords.
|
7 |
*
|
8 |
* Plugin URI: http://wordpress.org/extend/plugins/login-security-solution/
|
9 |
+
* Version: 0.8.0
|
10 |
* Author: Daniel Convissor
|
11 |
* Author URI: http://www.analysisandsolutions.com/
|
12 |
* License: GPLv2
|
190 |
if ($this->options['idle_timeout']) {
|
191 |
add_action('wp_login', array(&$this, 'delete_last_active'));
|
192 |
add_action('wp_logout', array(&$this, 'delete_last_active'));
|
193 |
+
add_action('auth_cookie_expired', array(&$this, 'auth_cookie_expired'));
|
194 |
}
|
195 |
|
196 |
if ($this->options['login_fail_breach_notify']
|
287 |
* ===== ACTION & FILTER CALLBACK METHODS =====
|
288 |
*/
|
289 |
|
290 |
+
/**
|
291 |
+
* Removes the current user's last active time metadata
|
292 |
+
*
|
293 |
+
* NOTE: This method is automatically called by WordPress when a user's
|
294 |
+
* cookie has expired.
|
295 |
+
*
|
296 |
+
* @param array $cookie_elements the auth cookie data
|
297 |
+
* @return mixed return values provided for unit testing
|
298 |
+
*/
|
299 |
+
public function auth_cookie_expired($cookie_elements) {
|
300 |
+
if (empty($cookie_elements['username'])) {
|
301 |
+
return;
|
302 |
+
}
|
303 |
+
|
304 |
+
$user = get_user_by('login', $cookie_elements['username']);
|
305 |
+
if (! $user instanceof WP_User) {
|
306 |
+
return -1;
|
307 |
+
}
|
308 |
+
|
309 |
+
return delete_user_meta($user->ID, $this->umk_last_active);
|
310 |
+
}
|
311 |
+
|
312 |
/**
|
313 |
* Redirects the current user to the login screen if their password
|
314 |
* is expired or needs to be reset
|
396 |
* NOTE: This method is automatically called by WordPress when users
|
397 |
* log in or out.
|
398 |
*
|
399 |
+
* @return mixed return values provided for unit testing
|
400 |
*/
|
401 |
public function delete_last_active() {
|
402 |
global $user_ID, $user_name;
|
406 |
return;
|
407 |
}
|
408 |
$user = get_user_by('login', $user_name);
|
409 |
+
if (! $user instanceof WP_User) {
|
410 |
+
return -1;
|
411 |
+
}
|
412 |
$user_ID = $user->ID;
|
413 |
}
|
414 |
|
readme.txt
CHANGED
@@ -2,9 +2,9 @@
|
|
2 |
Contributors: convissor
|
3 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=danielc%40analysisandsolutions%2ecom&lc=US&item_name=Donate%3a%20Login%20Security%20Solution¤cy_code=USD&bn=PP%2dDonationsBF%3abtn_donateCC_LG%2egif%3aNonHosted
|
4 |
Tags: login, password, idle, timeout, maintenance, security, attack, hack, lock, ban
|
5 |
-
Requires at least: 3.
|
6 |
Tested up to: 3.4beta2
|
7 |
-
Stable tag: 0.
|
8 |
|
9 |
Security against brute force attacks by tracking IP, name, password;
|
10 |
requiring very strong passwords. Idle timeout. Maintenance mode. Multisite
|
@@ -255,6 +255,12 @@ then `cd` into that directory and run:
|
|
255 |
|
256 |
== Changelog ==
|
257 |
|
|
|
|
|
|
|
|
|
|
|
|
|
258 |
= 0.7.0 =
|
259 |
* The "lost your password" process now validates passwords.
|
260 |
* Tested under WordPress 3.3.1 regular and 3.4beta2 multisite.
|
2 |
Contributors: convissor
|
3 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=danielc%40analysisandsolutions%2ecom&lc=US&item_name=Donate%3a%20Login%20Security%20Solution¤cy_code=USD&bn=PP%2dDonationsBF%3abtn_donateCC_LG%2egif%3aNonHosted
|
4 |
Tags: login, password, idle, timeout, maintenance, security, attack, hack, lock, ban
|
5 |
+
Requires at least: 3.3
|
6 |
Tested up to: 3.4beta2
|
7 |
+
Stable tag: 0.8.0
|
8 |
|
9 |
Security against brute force attacks by tracking IP, name, password;
|
10 |
requiring very strong passwords. Idle timeout. Maintenance mode. Multisite
|
255 |
|
256 |
== Changelog ==
|
257 |
|
258 |
+
= 0.8.0 =
|
259 |
+
* Fix logging user out a second time after WordPress expires cookies.
|
260 |
+
* It turns out this plugin requires WordPress 3.3, not 3.0.
|
261 |
+
* Tested under WordPress 3.3.2 regular and 3.4beta2 multisite.
|
262 |
+
* Unit tests pass using PHP 5.4.0RC8-dev, 5.3.11-dev, and 5.2.18-dev.
|
263 |
+
|
264 |
= 0.7.0 =
|
265 |
* The "lost your password" process now validates passwords.
|
266 |
* Tested under WordPress 3.3.1 regular and 3.4beta2 multisite.
|
tests/IdleTest.php
CHANGED
@@ -23,6 +23,9 @@ require_once dirname(__FILE__) . '/TestCase.php';
|
|
23 |
* @license http://www.gnu.org/licenses/gpl-2.0.html GPLv2
|
24 |
*/
|
25 |
class IdleTest extends TestCase {
|
|
|
|
|
|
|
26 |
public static function setUpBeforeClass() {
|
27 |
parent::$db_needed = true;
|
28 |
parent::set_up_before_class();
|
@@ -95,7 +98,10 @@ class IdleTest extends TestCase {
|
|
95 |
);
|
96 |
$this->assertSame(1, $actual, 'Could not insert sample record.');
|
97 |
|
98 |
-
|
|
|
|
|
|
|
99 |
$this->assertInternalType('integer', $actual, 'Set last active...');
|
100 |
|
101 |
$user_ID = null;
|
@@ -104,6 +110,62 @@ class IdleTest extends TestCase {
|
|
104 |
$this->assertTrue($actual, 'Delete last active...');
|
105 |
}
|
106 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
107 |
/*
|
108 |
* IS IDLE
|
109 |
*/
|
23 |
* @license http://www.gnu.org/licenses/gpl-2.0.html GPLv2
|
24 |
*/
|
25 |
class IdleTest extends TestCase {
|
26 |
+
protected static $user_ID;
|
27 |
+
|
28 |
+
|
29 |
public static function setUpBeforeClass() {
|
30 |
parent::$db_needed = true;
|
31 |
parent::set_up_before_class();
|
98 |
);
|
99 |
$this->assertSame(1, $actual, 'Could not insert sample record.');
|
100 |
|
101 |
+
// Save this for later use.
|
102 |
+
self::$user_ID = $wpdb->insert_id;
|
103 |
+
|
104 |
+
$actual = self::$lss->set_last_active(self::$user_ID);
|
105 |
$this->assertInternalType('integer', $actual, 'Set last active...');
|
106 |
|
107 |
$user_ID = null;
|
110 |
$this->assertTrue($actual, 'Delete last active...');
|
111 |
}
|
112 |
|
113 |
+
/**
|
114 |
+
* @depends test_delete_last_active__user_name
|
115 |
+
*/
|
116 |
+
public function test_delete_last_active__user_name_unknown() {
|
117 |
+
global $user_ID, $user_name;
|
118 |
+
|
119 |
+
$actual = self::$lss->set_last_active(self::$user_ID);
|
120 |
+
$this->assertInternalType('integer', $actual, 'Set last active...');
|
121 |
+
|
122 |
+
$user_ID = null;
|
123 |
+
$user_name = 'nowaycanthisnameexistokayprettyplease';
|
124 |
+
$actual = self::$lss->delete_last_active();
|
125 |
+
$this->assertEquals(-1, $actual, 'Delete last active...');
|
126 |
+
}
|
127 |
+
|
128 |
+
/*
|
129 |
+
* AUTH COOKIE EXPIRED
|
130 |
+
*/
|
131 |
+
|
132 |
+
/**
|
133 |
+
* @depends test_delete_last_active__user_name
|
134 |
+
*/
|
135 |
+
public function test_auth_cooke_expired__user_name_unknown() {
|
136 |
+
$cookie_elements = array(
|
137 |
+
'username' => 'nowaycanthisnameexistokayprettyplease',
|
138 |
+
);
|
139 |
+
$actual = self::$lss->auth_cookie_expired($cookie_elements);
|
140 |
+
$this->assertEquals(-1, $actual, 'auth_cookie_expired');
|
141 |
+
}
|
142 |
+
|
143 |
+
/**
|
144 |
+
* @depends test_delete_last_active__user_name_unknown
|
145 |
+
*/
|
146 |
+
public function test_auth_cookie_expired__normal() {
|
147 |
+
global $user_ID, $user_name, $wpdb;
|
148 |
+
|
149 |
+
$actual = self::$lss->get_last_active(self::$user_ID);
|
150 |
+
$this->assertInternalType('integer', $actual, 'get_last_active');
|
151 |
+
$this->assertGreaterThan(0, $actual, 'get_last_active');
|
152 |
+
|
153 |
+
$cookie_elements = array(
|
154 |
+
'username' => $this->user->user_login,
|
155 |
+
);
|
156 |
+
$actual = self::$lss->auth_cookie_expired($cookie_elements);
|
157 |
+
$this->assertTrue($actual, 'auth_cookie_expired');
|
158 |
+
|
159 |
+
$actual = self::$lss->get_last_active(self::$user_ID);
|
160 |
+
$this->assertSame(0, $actual, 'get_last_active');
|
161 |
+
}
|
162 |
+
|
163 |
+
public function test_auth_cooke_expired__user_name_empty() {
|
164 |
+
$cookie_elements = array();
|
165 |
+
$actual = self::$lss->auth_cookie_expired($cookie_elements);
|
166 |
+
$this->assertNull($actual, 'auth_cookie_expired');
|
167 |
+
}
|
168 |
+
|
169 |
/*
|
170 |
* IS IDLE
|
171 |
*/
|