Changeset 2615536
- Timestamp:
- 10/18/2021 05:32:56 AM (4 years ago)
- Location:
- code9/trunk
- Files:
-
- 2 added
- 8 edited
-
assets/code9.css (modified) (5 diffs)
-
code9.php (modified) (2 diffs)
-
function/code9_anti_brute_foce.php (modified) (4 diffs)
-
function/code9_security.php (modified) (2 diffs)
-
page/dashboard.php (modified) (1 diff)
-
plugin/security/api/security_anti_brute_force_blocked_remove.php (added)
-
plugin/security/api/security_anti_brute_force_logs_get.php (added)
-
plugin/security/spa/security.js (modified) (1 diff)
-
plugin/security/spa/security.php (modified) (1 diff)
-
readme.txt (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
code9/trunk/assets/code9.css
r2612798 r2615536 90 90 } 91 91 92 .c9-margin-top { 93 margin-top: 20px; 94 } 95 96 .c9-margin-top-small { 97 margin-top: 10px; 98 } 99 100 .c9-margin-top-xsmall { 101 margin-top: 5px; 102 } 103 92 104 .c9-margin-bottom { 93 105 margin-bottom: 20px; … … 144 156 /* 1 */ 145 157 max-width: 100%; 158 } 159 160 .c9-max-width-1-1 { 161 max-width: 100% !important; 162 } 163 164 .c9-width-1-1 { 165 width: 100%; 146 166 } 147 167 … … 472 492 #c9-wrap #c9-main h1 { 473 493 color: #FEFEFE; 494 font-size: 20px; 495 } 496 #c9-wrap #c9-main h2 { 497 color: #F1F2F3; 474 498 font-size: 18px; 499 margin-bottom: 5px; 475 500 } 476 501 #c9-wrap #c9-main .button.action { … … 483 508 border-color: #2271b1; 484 509 color: #2271b1; 510 } 511 #c9-wrap #c9-main .c9-tab > div:first-child > button { 512 border: 1px solid rgba(0, 0, 0, 0); 513 cursor: pointer; 514 background: none; 515 padding: 5px 10px; 516 color: #f0f0f1; 517 text-transform: uppercase; 518 } 519 #c9-wrap #c9-main .c9-tab > div:first-child > button.c9-tab-active { 520 border: 1px solid #1d2327; 521 border-bottom: 1px solid #72aee6; 522 color: #FFFFFF; 523 } 524 #c9-wrap #c9-main .c9-tab > .c9-tab-body { 525 border: 1px solid #1d2327; 485 526 } 486 527 #c9-wrap #c9-main .CodeMirror { … … 515 556 border-width: 0; 516 557 border-radius: 0 0 2px 2px; 558 } 559 #c9-wrap #c9-main .gridjs-summary { 560 color: #F1F2F3; 517 561 } 518 562 #c9-wrap #c9-main .gridjs-pagination .gridjs-pages button.gridjs-currentPage { -
code9/trunk/code9.php
r2615398 r2615536 4 4 Plugin URI: https://wordpress.org/plugins/code9/ 5 5 Description: Utility tool for wordpress. 2-step verificatoin code user login. 6 Version: 1.0. 36 Version: 1.0.4 7 7 Author: Code9Fair 8 8 Author URI: https://paypal.me/code9fair/ … … 44 44 include($GLOBALS['CODE9_PLUGIN_DIR'] . 'plugin/security/api/security_2_step_update.php'); 45 45 include($GLOBALS['CODE9_PLUGIN_DIR'] . 'plugin/security/api/security_anti_brute_force_update.php'); 46 47 46 include($GLOBALS['CODE9_PLUGIN_DIR'] . 'plugin/security/api/security_anti_brute_force_blocked_remove.php'); 47 include($GLOBALS['CODE9_PLUGIN_DIR'] . 'plugin/security/api/security_anti_brute_force_logs_get.php'); 48 48 } 49 49 -
code9/trunk/function/code9_anti_brute_foce.php
r2615311 r2615536 3 3 if(get_option('code9_security_anti_brute_force', '0') === '1') { 4 4 5 function code9_anti_brute_force_unblock( $user_login, $user ) { 6 7 delete_option('code9_anti_brute_force_capha[]' . $user->data->user_login . '[]' . $_SERVER['REMOTE_ADDR'] . '[]capcha1'); 8 delete_option('code9_anti_brute_force_capha[]' . $user->data->user_login . '[]' . $_SERVER['REMOTE_ADDR'] . '[]capcha2'); 9 delete_option('code9_anti_brute_force[]' . $user->data->user_login . '[]' . $_SERVER['REMOTE_ADDR'] . '[]attemp'); 10 11 //Debug empty user 12 delete_option('code9_anti_brute_force[][]' . $_SERVER['REMOTE_ADDR'] . '[]attemp'); 13 } 14 15 add_action('wp_login', 'code9_anti_brute_force_unblock', 10, 2); 16 17 5 18 function code9_anti_brute_force($admin, $user, $pass) { 6 19 7 8 20 $NOW['attemp_name'] = 'code9_anti_brute_force[]' . $user . '[]' . $_SERVER['REMOTE_ADDR'] . '[]attemp'; 9 21 10 22 $NOW['attemp_amount'] = get_option($NOW['attemp_name'], 0); 11 23 12 $NOW['attemp_amount']++; 13 14 update_option($NOW['attemp_name'], $NOW['attemp_amount']); 15 16 if($NOW['attemp_amount'] > 2) { 24 if($NOW['attemp_amount'] > 1) { 17 25 $NOW['capcha1_name'] = 'code9_anti_brute_force_capha[]' . $user . '[]' . $_SERVER['REMOTE_ADDR'] . '[]capcha1'; 18 26 $NOW['capcha2_name'] = 'code9_anti_brute_force_capha[]' . $user . '[]' . $_SERVER['REMOTE_ADDR'] . '[]capcha2'; … … 32 40 delete_option($NOW['capcha2_name']); 33 41 delete_option($NOW['attemp_name']); 42 43 //Debug empty user 44 delete_option('code9_anti_brute_force[][]' . $_SERVER['REMOTE_ADDR'] . '[]attemp'); 34 45 35 46 return $admin; 36 47 } else { 48 37 49 38 50 $NOW['caphca1'] = rand ( 1 , 999 ); … … 243 255 } 244 256 257 $NOW['attemp_amount']++; 258 259 update_option($NOW['attemp_name'], $NOW['attemp_amount']); 260 245 261 unset($NOW); 246 262 … … 248 264 } 249 265 250 251 266 add_filter( 'authenticate', 'code9_anti_brute_force', 1, 3 ); 252 267 } -
code9/trunk/function/code9_security.php
r2615398 r2615536 78 78 throw new Exception('Wrong security ip'); 79 79 } else { 80 81 80 if (isset($_SESSION['code9_security_auth_' . $admin_id]) !== true || $_SESSION['code9_security_auth_' . $admin_id] !== $_COOKIE['code9_security_public']) { 82 81 throw new Exception('2step-code9'); … … 446 445 add_action('auth_redirect', 'code9_security_2_step_middleware'); 447 446 448 function code9_security_2_step_logout( $admin_id)447 function code9_security_2_step_logout() 449 448 { 450 449 session_start(); 451 450 452 if(!$admin_id) $admin_id = get_current_user_id(); 453 454 $_SESSION['code9_security_auth_' . $admin_id] = null; 455 456 return $admin_id; 457 } 458 459 add_action('wp_logout', 'code9_security_2_step_logout'); 451 $_SESSION['code9_security_auth_' . get_current_user_id()] = 'SIGNOUT'; 452 453 } 454 455 add_action('clear_auth_cookie', 'code9_security_2_step_logout'); 460 456 461 457 function code9_security_2_step_code_edit() -
code9/trunk/page/dashboard.php
r2615398 r2615536 17 17 wp_enqueue_script( 'jsonlint' ); 18 18 wp_enqueue_script( 'wp-color-picker'); 19 20 wp_enqueue_style('code9-page-editor-style-component_confirm', $GLOBALS['CODE9_PLUGIN_URL'] . 'assets/component/confirm/confirm.css', array() , '1.0.0'); 21 wp_enqueue_script('code9-page-editor-component-confirm' , $GLOBALS['CODE9_PLUGIN_URL'] . 'assets/component/confirm/confirm.js', array() , '1.0.0', true); 22 23 wp_enqueue_style('code9-page-editor-style-component_noti', $GLOBALS['CODE9_PLUGIN_URL'] . 'assets/component/noti/noti.css', array() , '1.0.0'); 24 wp_enqueue_script('code9-page-editor-component-noti' , $GLOBALS['CODE9_PLUGIN_URL'] . 'assets/component/noti/noti.js', array() , '1.0.0', true); 25 26 wp_enqueue_style('code9-page-editor-style-component_popup', $GLOBALS['CODE9_PLUGIN_URL'] . 'assets/component/popup/popup.css', array() , '1.0.0'); 27 wp_enqueue_script('code9-page-editor-component-popup' , $GLOBALS['CODE9_PLUGIN_URL'] . 'assets/component/popup/popup.js', array() , '1.0.0', true); 28 29 wp_enqueue_style('code9-page-editor-style-component_popup_drag', $GLOBALS['CODE9_PLUGIN_URL'] . 'assets/component/popup_drag/popup_drag.css', array() , '1.0.0'); 30 wp_enqueue_script('code9-page-editor-component-popup_drag' , $GLOBALS['CODE9_PLUGIN_URL'] . 'assets/component/popup_drag/popup_drag.js', array() , '1.0.0', true); 31 32 wp_enqueue_style('code9-page-editor-style-component_tab', $GLOBALS['CODE9_PLUGIN_URL'] . 'assets/component/tab/tab.css', array() , '1.0.0'); 33 wp_enqueue_script('code9-page-editor-component-tab' , $GLOBALS['CODE9_PLUGIN_URL'] . 'assets/component/tab/tab.js', array() , '1.0.0', true); 19 34 20 35 -
code9/trunk/plugin/security/spa/security.js
r2615297 r2615536 1 (async function () { 1 (async function ($) { 2 $("#c9-security-tab-container").html( 3 C9_TAB( 4 [__("setting"), __("logs")], 5 [ 6 $("<div>") 7 .attr({ 8 class: "c9-padding-small", 9 }) 10 .html([ 11 `<h2 class="c9-text-capitalize">${__( 12 "2 step verification code" 13 )}</h2>`, 14 $("<div>").html([ 15 $("<div>") 16 .attr({ 17 class: "c9-margin-bottom-small", 18 }) 19 .html( 20 $("<label>").html([ 21 $("<input>") 22 .attr({ 23 type: "checkbox", 24 }) 25 .on("change", function () { 26 C9_API("security_2_step_update", { 27 security_2_step: 28 $(this).prop("checked") === true ? "1" : "0", 29 }); 30 }) 31 .prop( 32 "checked", 33 $("#c9-security_2_step-value").val() === "1" 34 ? true 35 : false 36 ), 37 __("Active 2 step sign in verification code"), 38 ]) 39 ), 40 $("<button>") 41 .attr({ 42 class: "button c9-margin-bottom-small", 43 }) 44 .on("click", async function () { 45 var _button_html = C9_DOM_LOADING($(this)[0]); 2 46 3 4 jQuery("#c9-security_2_step-checkbox").on("change", function () { 5 C9_API("security_2_step_update", { 6 security_2_step: 7 jQuery("#c9-security_2_step-checkbox").prop("checked") === true ? "1" : "0", 8 }); 9 }); 47 var _response = await C9_API("security_2_step_key_iv_reset"); 10 48 11 jQuery('#c9-security_2_step-logout-all-user-button').unbind('click').bind('click', async function() { 12 var _button_html = C9_DOM_LOADING(jQuery(this)[0]); 49 C9_DOM_LOADING($(this)[0], _button_html); 13 50 14 var _response = await C9_API("security_2_step_key_iv_reset"); 51 if (_response.result === true) { 52 window.location.reload(); 53 } else { 54 C9_NOTI(_response.response_text); 55 } 56 }) 57 .html( 58 '<span class="dashicons dashicons-update c9-vertical-align-middle"></span> ' + 59 __("Force all user to sign out") 60 ), 61 ]), 62 `<h2 class="c9-text-capitalize ">${__( 63 "Anti brute force attack" 64 )}</h2>`, 65 $("<div>").html([ 66 $("<div>") 67 .attr({ 68 class: "c9-margin-bottom-small", 69 }) 70 .html( 71 $("<label>").html([ 72 $("<input>") 73 .attr({ 74 type: "checkbox", 75 }) 76 .on("change", function () { 77 C9_API("security_anti_brute_force_update", { 78 security_anti_brute_force: 79 $(this).prop("checked") === true ? "1" : "0", 80 }); 81 }) 82 .prop( 83 "checked", 84 $( 85 "#c9-security_security_anti_brute_force-value" 86 ).val() === "1" 87 ? true 88 : false 89 ), 90 __("Active anti brute force attack"), 91 ]) 92 ), 93 ]), 94 ]), 95 $("<div>").attr({ 96 id: "c9-brute-force-table-container", 97 }), 98 ], 99 { 100 tab_click_callback: function (tab_index) { 101 if (tab_index === 1) { 102 (async function () { 103 var _response = await C9_API("security_anti_brute_force_logs_get"); 15 104 16 C9_DOM_LOADING(jQuery(this)[0], _button_html); 17 18 if(_response.result === true) { 19 window.location.reload(); 20 } else { 21 C9_NOTI(_response.response_text); 22 } 23 }); 24 25 jQuery("#c9-security_security_anti_brute_force-checkbox").on("change", function () { 26 console.log(jQuery("#c9-security_security_anti_brute_force-checkbox").prop("checked")) 27 C9_API("security_anti_brute_force_update", { 28 security_anti_brute_force: 29 jQuery("#c9-security_security_anti_brute_force-checkbox").prop("checked") === true ? "1" : "0", 30 }); 31 }); 105 var _data = []; 32 106 33 })(); 107 if (Array.isArray(_response.data) === true) { 108 _response.data.forEach(function (data) { 109 var _attacker = data.option_name.split("[]"); 110 111 if(!_attacker[1]) return; 112 113 _data.push({ 114 username: _attacker[1], 115 ip: _attacker[2], 116 amount: data.option_value, 117 unblock: data.option_name 118 }); 119 }); 120 } 121 122 delete _response.data; 123 124 $("#c9-brute-force-table-container").html(""); 125 126 new gridjs.Grid({ 127 columns: [ 128 "username", 129 "ip", 130 "amount", 131 { 132 name: "unblock", 133 formatter: (data) => { 134 return gridjs.html( 135 `<button class="button action c9-anti-brute-force-unblock-button" data-id="${encodeURIComponent(data)}">Unblock</button>` 136 ); 137 } 138 , 139 }, 140 ], 141 data: _data, 142 fixedHeader: true, 143 autoWidth: true, 144 sort: false, 145 pagination: { 146 enabled: true, 147 limit: 30, 148 summary: true, 149 prevButton: false, 150 nextButton: false, 151 }, 152 }) 153 .render( 154 document.getElementById("c9-brute-force-table-container") 155 ) 156 .forceRender().on('ready', function() { 157 $('.c9-anti-brute-force-unblock-button').on('click', function() { 158 159 var _dom = $(this); 160 161 _anti_brute_force_blocked_remove(_dom.attr('data-id'), function() { 162 _dom.replaceWith('<span class="dashicons dashicons-yes"></span>') 163 }) 164 }) 165 }); 166 167 })(); 168 } 169 }, 170 } 171 ) 172 ); 173 174 var _anti_brute_force_blocked_remove = async function(id, callback) { 175 var _response = await C9_API('security_anti_brute_force_blocked_remove', {id: decodeURIComponent(id)}); 176 177 console.log(_response); 178 callback(); 179 }; 180 })(jQuery); -
code9/trunk/plugin/security/spa/security.php
r2615297 r2615536 3 3 <h1 class="c9-text-capitalize"><span class="dashicons dashicons-admin-network"></span> <?php echo __('security', 'c9') ?></h1> 4 4 </div> 5 <div class="c9-margin-bottom-small"> 6 <label> 7 <input type="checkbox" value="1" id="c9-security_2_step-checkbox" <?php echo get_option('code9_security_2_step', '0') === '1' ? 'checked="checked"' : '' ?> /> 8 <?php echo __('Use 2 step sign in verification code', 'c9'); ?> 9 </label> 10 </div> 11 <div class="c9-margin-bottom-small"> 12 <button class="button" id="c9-security_2_step-logout-all-user-button"><?php echo __('log out 2 step sign in for all user'); ?></button> 13 </div> 14 <div class="c9-margin-bottom-small"> 15 <label> 16 <input type="checkbox" value="1" id="c9-security_security_anti_brute_force-checkbox" <?php echo get_option('code9_security_anti_brute_force', '0') === '1' ? 'checked="checked"' : '' ?> /> 17 <?php echo __('Use anti brute force attack', 'c9'); ?> 18 </label> 19 </div> 5 <div id="c9-security-tab-container"></div> 6 <input type="hidden" value="<?php echo get_option('code9_security_2_step', '0');?>" id="c9-security_2_step-value" /> 7 <input type="hidden" value="<?php echo get_option('code9_security_anti_brute_force', '0');?>" id="c9-security_security_anti_brute_force-value" /> 20 8 </div> -
code9/trunk/readme.txt
r2615398 r2615536 5 5 Requires at least: 4.1 6 6 Tested up to: 5.8 7 Stable tag: 1.0. 37 Stable tag: 1.0.4 8 8 Requires PHP: 5.6.4 9 9 License: GPLv2 … … 59 59 * Downgrade plugin minimum requirement to PHP version 5.6.4 and Wordpress version 4.1 60 60 * Fixed bug can't force all user to sign out 2-step verification. 61 = 1.0.4 = 62 * Add Logs tabs to show who is trying to login to your site but fail.
Note: See TracChangeset
for help on using the changeset viewer.