WordPress.org
Get WordPress

Plugin Directory

Changeset 1685528


Ignore:
Timestamp:
06/26/2017 02:19:59 PM (9 years ago)
Author:
Pigrecolab
Message:

Solved issues about the admin creation by code

Location:
block-new-admin/trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed

  • block-new-admin/trunk/README.txt

    r1684657 r1685528  
    55Tags: security, new, administrators, doorway blocker
    66Requires at least: 3.0.1
    7 Tested up to: 4.8.0
    8 Stable tag: 1.0.0
     7Tested up to: 4.8
     8Stable tag: 1.1.0
    99License: GPLv2 or later
    1010License URI: http://www.gnu.org/licenses/gpl-2.0.html

  • block-new-admin/trunk/admin-parts/help-bna.php

    r1684647 r1685528  
    55$dir = plugins_url(); ?>
    66<h2><?php _e('PLEASE READ CAREFULLY BEFORE ACTIVATION','block-new-admin') ?></h2>
    7 <p><?php _e('This plugin is a security block for creation of new administrators. PLUGIN DEACTIVATION OR FOLDER DELETION MANTAIN THE BLOCK ACTIVE. The only way for deactivating the block is to use the password you chose. SO PLEASE PRESERVE YOUR PASSWORD WITH CARE !','block-new-admin') ?><p>
     7<p><?php _e('This plugin is a security block for creation of new administrators EITHER BY DASHBOARD OR BY CODE. PLUGIN DEACTIVATION OR FOLDER DELETION MANTAIN THE BLOCK ACTIVE. The only way for deactivating the block is to use the password you chose. SO PLEASE PRESERVE YOUR PASSWORD WITH CARE !','block-new-admin') ?><p>
    88<h2><?php _e('HOW TO USE IT','block-new-admin') ?></h2>
    99<p><?php _e('Go to Settings / Block New Admin. Into the tab General insert a password and then click on Activate Block. Done! ','block-new-admin');
     
    1616<h2><?php _e('HOW DOES IT WORK','block-new-admin') ?></h2>
    1717<p><?php _e('When someone tries to create a new administrator, the plugin does not signal any errors.','block-new-admin');
    18         printf('<br><strong>%s</strong>', __('All new users created in this way however have a "none" role', 'block-new-admin'));
     18        printf('<br><strong>%s</strong>', __('All new users created in this way however have a "HACKER ATTEMPT" role', 'block-new-admin'));
    1919?></p>
    2020<div align="center">

  • block-new-admin/trunk/block-new-admin.php

    r1684647 r1685528  
    11<?php
    2 /**
    3  * @package Block_New_Admin
    4  * @version 1.0
    5  */
    62/*
    73Plugin Name: Block New Admin
    84Description: Block the creation of a new administrator
    95Author: Roberto Bruno
    10 Version: 1.0
     6Version: 1.1.0
    117Text Domain: block-new-admin
    128Domain Path: /languages/
     
    3329     * @var string $version Plugin version number.
    3430     */
    35     public $version = '1.0.0';
     31    public $version = '1.1.0';
    3632
    3733    /**
     
    6662                // Initialize plugin parts
    6763        $this->init();
     64        register_activation_hook( __FILE__,  array( $this,'add_role' ));
     65        register_deactivation_hook( __FILE__,  array( $this,'remove_role' ));
    6866    }
    6967
     
    102100
    103101
     102    // @since 1.1.0
     103    public function add_role() {
    104104
     105        if ($this->role_exists("HACKERATTEMPT")) return;
    105106
     107        add_role("HACKERATTEMPT","HACKER ATTEMPT",array(null));
     108    }
     109
     110    // @since 1.1.0
     111    public function remove_role() {
     112        //check if role exist before removing it
     113        $role=get_role("HACKERATTEMPT");
     114        if( $role) {
     115              remove_role( "HACKERATTEMPT" );
     116        }
     117    }
     118
     119    public function role_exists( $role ) {
     120
     121      if( ! empty( $role ) ) {
     122        return $GLOBALS['wp_roles']->is_role( $role );
     123      }
     124     
     125      return false;
     126    }
    106127
    107128}

  • block-new-admin/trunk/classes/Bna_Options.php

    r1684647 r1685528  
    151151            if (md5($input['bnapsw'])==$this->options['bnapsw']) {
    152152                //REMOVE BLOCK
    153                   $dropsql="DROP TRIGGER IF EXISTS C".substr(md5($input['bnapsw']),0,4).substr(sha1($input['bnapsw']),0,4).";";
     153                  $dropsql="DROP TRIGGER IF EXISTS C".substr(md5($input['bnapsw']),0,4).substr(sha1($input['bnapsw']),0,4).";DROP TRIGGER IF EXISTS D".substr(md5($input['bnapsw']),0,4).substr(sha1($input['bnapsw']),0,4).";";
    154154                   $result=mysqli_multi_query($mysqli,$dropsql);
    155155                   delete_option('bna_options' );
     
    167167                            BEGIN
    168168                            IF (new.meta_key = '".$prefix."capabilities' AND new.meta_value LIKE '%administrator%') then
    169                             signal sqlstate '45000';
     169                            set new.meta_value = replace(NEW.meta_value, 'administrator', 'HACKERATTEMPT');
     170                            END IF;
     171              END;
     172              CREATE TRIGGER D".substr(md5($input['bnapsw']),0,4).substr(sha1($input['bnapsw']),0,4)." BEFORE UPDATE ON ".$prefix."usermeta
     173                            FOR EACH ROW
     174                            BEGIN
     175                            IF (new.meta_key = '".$prefix."capabilities' AND new.meta_value LIKE '%administrator%') then
     176                            set new.meta_value = replace(NEW.meta_value, 'administrator', 'HACKERATTEMPT');
    170177                            END IF;
    171178              END;
Note: See TracChangeset for help on using the changeset viewer.