Changeset 2977661
- Timestamp:
- 10/11/2023 02:13:12 PM (2 years ago)
- Location:
- senpai-software-2fa
- Files:
-
- 19 added
- 4 edited
-
tags/2.0.1 (added)
-
tags/2.0.1/admin (added)
-
tags/2.0.1/admin/index.php (added)
-
tags/2.0.1/admin/senpai-software-2fa-admin.php (added)
-
tags/2.0.1/css (added)
-
tags/2.0.1/css/index.html (added)
-
tags/2.0.1/css/senpai-software-2fa.css (added)
-
tags/2.0.1/index.php (added)
-
tags/2.0.1/js (added)
-
tags/2.0.1/js/index.html (added)
-
tags/2.0.1/js/senpai-software-2fa.js (added)
-
tags/2.0.1/languages (added)
-
tags/2.0.1/languages/index.html (added)
-
tags/2.0.1/languages/senpai-software-2fa-uk.mo (added)
-
tags/2.0.1/languages/senpai-software-2fa-uk.po (added)
-
tags/2.0.1/license.txt (added)
-
tags/2.0.1/readme.txt (added)
-
tags/2.0.1/senpai-software-2fa-core.php (added)
-
tags/2.0.1/senpai-software-2fa.php (added)
-
trunk/admin/senpai-software-2fa-admin.php (modified) (10 diffs)
-
trunk/readme.txt (modified) (2 diffs)
-
trunk/senpai-software-2fa-core.php (modified) (7 diffs)
-
trunk/senpai-software-2fa.php (modified) (7 diffs)
Legend:
- Unmodified
- Added
- Removed
-
senpai-software-2fa/trunk/admin/senpai-software-2fa-admin.php
r2938444 r2977661 1 1 <?php 2 3 namespace SenpaiSoftware2FA; 4 2 5 /** 3 6 * Enqueue CSS and JS for admin area. 4 7 */ 5 function senpai_software_2fa_css_js(){8 function css_js(){ 6 9 // loading css 7 10 wp_register_style( 'senpai-software-2fa-admin', plugin_dir_url( __DIR__ ) . 'css/senpai-software-2fa.css', false); … … 12 15 wp_enqueue_script( 'senpai-software-2fa-admin' ); 13 16 } 14 add_action( 'admin_enqueue_scripts', 'senpai_software_2fa_css_js' );17 add_action( 'admin_enqueue_scripts', __NAMESPACE__.'\css_js' ); 15 18 16 19 /** 17 20 * Display user profile fields. 18 21 */ 19 function senpai_software_2fa_profile_fields($user){22 function profile_fields($user){ 20 23 21 24 $user_id = $user->ID; … … 59 62 <div id="senpai_software_2fa_block"> 60 63 <p> 61 <label>62 <span class="dashicons dashicons-admin-network"></span> <?php echo esc_html(__( 'Select key file (max file size 1 GB)','senpai-software-2fa' )); ?>63 <input type="file" id="senpai_software_2fa_file" onchange="senpai_software_2fa_upload();">64 </label>65 <input type="hidden" id="senpai_software_2fa_hash" name="senpai_software_2fa_hash">64 <label> 65 <span class="dashicons dashicons-admin-network"></span> <?php echo esc_html(__( 'Select key file (max file size 1 GB)','senpai-software-2fa' )); ?> 66 <input type="file" id="senpai_software_2fa_file" onchange="senpai_software_2fa_upload();"> 67 </label> 68 <input type="hidden" id="senpai_software_2fa_hash" name="senpai_software_2fa_hash"> 66 69 </p> 67 70 <p id="senpai_software_2fa_name"></p> … … 77 80 <?php 78 81 } 79 add_action('show_user_profile', 'senpai_software_2fa_profile_fields');80 add_action('edit_user_profile', 'senpai_software_2fa_profile_fields');82 add_action('show_user_profile', __NAMESPACE__.'\profile_fields'); 83 add_action('edit_user_profile', __NAMESPACE__.'\profile_fields'); 81 84 82 85 /** 83 86 * Update user profile fields. 84 87 */ 85 function senpai_software_2fa_profile_fields_save($user_id){88 function profile_fields_save($user_id){ 86 89 87 90 if (!current_user_can('edit_user', $user_id)) { … … 108 111 } 109 112 } 110 add_action('personal_options_update', 'senpai_software_2fa_profile_fields_save');111 add_action('edit_user_profile_update', 'senpai_software_2fa_profile_fields_save');113 add_action('personal_options_update', __NAMESPACE__.'\profile_fields_save'); 114 add_action('edit_user_profile_update', __NAMESPACE__.'\profile_fields_save'); 112 115 113 116 /** 114 117 * Add plugin page 115 118 */ 116 function senpai_software_2fa_menu() {117 118 119 120 121 122 123 'senpai_software_2fa_set',124 125 126 } 127 128 add_action('admin_menu', 'senpai_software_2fa_menu');129 130 function se npai_software_2fa_set() {131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 119 function menu() { 120 121 add_options_page( 122 esc_html(__( '2FA Settings','senpai-software-2fa' )), 123 esc_html(__( '2FA Settings','senpai-software-2fa' )), 124 'manage_options', 125 'snp_2fa', 126 __NAMESPACE__.'\set', 127 99 128 ); 129 } 130 131 add_action('admin_menu', __NAMESPACE__.'\menu'); 132 133 function set() { 134 135 if ($_SERVER['REQUEST_METHOD'] === 'POST') { 136 137 $xmlrpc = sanitize_text_field( $_POST['snp_2fa_xmlrpc'] ); 138 $hints = sanitize_text_field( $_POST['snp_2fa_hint'] ); 139 $attempts = sanitize_text_field( $_POST['snp_2fa_attempts'] ); 140 $block_period = sanitize_text_field( $_POST['snp_2fa_block_period'] ); 141 142 update_option( 'snp_2fa_xmlrpc', $xmlrpc ); 143 update_option( 'snp_2fa_hint', $hints ); 144 update_option( 'snp_2fa_attempts', $attempts ); 145 update_option( 'snp_2fa_block_period', $block_period ); 146 147 if ( get_option( 'snp_2fa_attempts' ) !== null ) { 148 149 global $wpdb; 150 $table_name = $wpdb->prefix . 'snp_2fa_ip'; 151 152 if ( $wpdb->get_var("show tables like '".$table_name."'") != $table_name ) { 153 154 $charset_collate = $wpdb->get_charset_collate(); 155 156 $sql = "CREATE TABLE $table_name ( 154 157 id int(10) NOT NULL AUTO_INCREMENT, 155 158 ip varchar(40) NOT NULL, … … 159 162 ) $charset_collate;"; 160 163 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 164 require_once( ABSPATH . 'wp-admin/includes/upgrade.php' ); 165 dbDelta( $sql ); 166 167 } 168 } 169 170 add_settings_error( 171 'snp-2fa-settings', 172 'settings-saved', 173 __('Settings saved.', 'default'), 174 'updated' 175 ); 176 settings_errors('snp-2fa-settings'); 177 178 } 179 180 $xmlrpc_disable=null; 181 $xmlrpc_enable=null; 182 183 $xmlrpc=get_option( 'snp_2fa_xmlrpc' ); 184 185 if($xmlrpc==1){ 186 $xmlrpc_disable="checked"; 187 } else { 188 $xmlrpc_enable="checked"; 189 } 190 191 $hint=null; 192 $hint=get_option( 'snp_2fa_hint' ); 193 194 $attempts=null; 195 $attempts=get_option( 'snp_2fa_attempts' ); 196 197 $block_period=null; 198 $block_period=get_option( 'snp_2fa_block_period' ); 199 ?> 197 200 198 201 <div class="wrap"> … … 210 213 <label for="snp_2fa_xmlrpc_enable"><?php echo esc_html(__( 'Enable','senpai-software-2fa' )); ?></label> 211 214 <p class="description"> 212 215 <?php echo esc_html(__( 'XML-RPC creates serious vulnerabilities for the site. For full protection, it must be disabled.','senpai-software-2fa' )); ?> 213 216 </p> 214 217 </td> … … 218 221 <td><textarea class="regular-text" name="snp_2fa_hint"><?php echo sanitize_text_field($hint); ?></textarea> 219 222 <p class="description"> 220 223 <?php echo esc_html(__( ' Default hints help hackers crack your credentials. Replace hints with neutral text, such as "Invalid data".','senpai-software-2fa' )); ?> 221 224 </p> 222 225 </td> … … 227 230 <input type="number" min="1" placeholder="For example: 3" name="snp_2fa_attempts" value="<?php echo sanitize_text_field($attempts); ?>"> 228 231 <p class="description"> 229 232 <?php echo esc_html(__( 'The number of failed login attempts after which the IP will be blocked. To remove restrictions, leave the field blank.','senpai-software-2fa' )); ?> 230 233 </p> 231 234 <br/> 232 235 <input type="number" min="1" placeholder="For example: 15" name="snp_2fa_block_period" value="<?php echo sanitize_text_field($block_period); ?>"> 233 236 <p class="description"> 234 237 <?php echo esc_html(__( 'The period for which the IP will be blocked (in minutes).','senpai-software-2fa' )); ?> 235 238 </p> 236 239 </td> … … 242 245 </div> 243 246 244 245 } 247 <?php 248 } -
senpai-software-2fa/trunk/readme.txt
r2955650 r2977661 6 6 Requires PHP: 5.6 7 7 Tested up to: 6.3 8 Stable tag: 2.0. 08 Stable tag: 2.0.1 9 9 License: GPLv2 or later 10 10 License URI: http://www.gnu.org/licenses/gpl-2.0.html … … 61 61 == Changelog == 62 62 63 = 2.0.1 = 64 * Added namespace 65 63 66 = 2.0.0 = 64 67 * Added ability to disable XML-RPC. -
senpai-software-2fa/trunk/senpai-software-2fa-core.php
r2938444 r2977661 1 1 <?php 2 3 namespace SenpaiSoftware2FA; 4 2 5 /** 3 6 * Load CSS and JS files for login page 4 7 */ 5 function senpai_software_2fa_login_css_js() {8 function login_css_js() { 6 9 // Load CSS 7 10 wp_register_style( 'senpai-software-2fa', plugin_dir_url( __FILE__ ) . 'css/senpai-software-2fa.css', false ); … … 12 15 wp_enqueue_script( 'senpai-software-2fa' ); 13 16 } 14 add_action( 'login_enqueue_scripts', 'senpai_software_2fa_login_css_js' );17 add_action( 'login_enqueue_scripts', __NAMESPACE__.'\login_css_js' ); 15 18 16 19 /** 17 20 * Add form field for uploading key file 18 21 */ 19 function senpai_software_2fa_form_field() {22 function form_field() { 20 23 ?> 21 24 <div id="senpai_software_2fa_block"> … … 33 36 <?php 34 37 } 35 add_action( 'login_form', 'senpai_software_2fa_form_field' );38 add_action( 'login_form', __NAMESPACE__.'\form_field' ); 36 39 37 40 /** 38 41 * Validate key file 39 42 */ 40 function senpai_software_2fa_validation( $user, $password ) {43 function validation( $user, $password ) { 41 44 $status = get_user_meta( $user->ID, 'senpai_software_2fa_status', true ); 42 45 $db_hash = get_user_meta( $user->ID, 'senpai_software_2fa_hash', true ); … … 51 54 52 55 if ($db_hash !== $file_hash) { 53 return new WP_Error('access denied', __('Wrong key file','senpai-software-2fa'));56 return new \WP_Error('access denied', __('Wrong key file','senpai-software-2fa')); 54 57 } 55 58 } else { 56 return new WP_Error('access denied', __('File error','senpai-software-2fa'));59 return new \WP_Error('access denied', __('File error','senpai-software-2fa')); 57 60 } 58 61 } else { 59 return new WP_Error( 'access denied', __( 'Upload your key file','senpai-software-2fa' ) ); 62 if(!empty($db_hash)) { 63 return new \WP_Error( 'access denied', __( 'Upload your key file', 'senpai-software-2fa' ) ); 64 } 60 65 } 61 66 } 62 67 return $user; 63 68 } 64 add_action( 'wp_authenticate_user', 'senpai_software_2fa_validation', 10, 3 );69 add_action( 'wp_authenticate_user', __NAMESPACE__.'\validation', 10, 3 ); 65 70 66 71 /** … … 68 73 */ 69 74 if(get_option( 'snp_2fa_xmlrpc' )==1){ 70 75 add_filter('xmlrpc_enabled', '__return_false'); 71 76 } 72 77 … … 76 81 if(!empty(get_option( 'snp_2fa_hint' ))) { 77 82 78 function senpai_software_2fa_hints(){79 80 81 add_filter( 'login_errors', 'senpai_software_2fa_hints' );83 function hints(){ 84 return __( sanitize_text_field(get_option( 'snp_2fa_hint' )),'default' ); 85 } 86 add_filter( 'login_errors', __NAMESPACE__.'\hints' ); 82 87 } 83 88 … … 87 92 if ( $GLOBALS['pagenow'] === 'wp-login.php' ) { 88 93 89 function senpai_software_2fa_check() {94 function check() { 90 95 91 92 96 $attempts=get_option('snp_2fa_attempts'); 97 $ip=sanitize_text_field($_SERVER['REMOTE_ADDR']); 93 98 94 95 99 global $wpdb; 100 $table = $wpdb->prefix . 'snp_2fa_ip'; 96 101 97 102 $results = $wpdb->get_results( "SELECT `counter`,`blockdate` FROM `{$table}` WHERE `ip`='{$ip}' LIMIT 1" ); 98 103 99 104 if($results && (!empty($attempts))) { 100 105 101 102 106 $counter = $results[0]->counter; 107 $block_time = $results[0]->blockdate; 103 108 104 109 if ( $counter >= $attempts ) { 105 110 106 107 108 111 $duration=sanitize_text_field(get_option('snp_2fa_block_period')); 112 if(empty($duration)){ $duration=15; } 113 $duration='PT'.$duration.'M'; 109 114 110 $currentDateTime = newDateTime();111 $specifiedDateTime = newDateTime( $block_time );112 $specifiedDateTime->add( newDateInterval( $duration ) );115 $currentDateTime = new \DateTime(); 116 $specifiedDateTime = new \DateTime( $block_time ); 117 $specifiedDateTime->add( new \DateInterval( $duration ) ); 113 118 114 115 116 117 118 119 120 121 122 add_filter( 'init', 'senpai_software_2fa_check' );119 if ( $currentDateTime > $specifiedDateTime ) { 120 $wpdb->get_results( "DELETE FROM `{$table}` WHERE `ip`='{$ip}' LIMIT 1" ); 121 } else { 122 wp_die( 'Access temporarily restricted', 'Blocked', array( 'response' => 403 ) ); 123 } 124 } 125 } 126 } 127 add_filter( 'init', __NAMESPACE__.'\check' ); 123 128 } 124 129 125 function senpai_software_2fa_login_failed(){130 function login_failed(){ 126 131 127 128 132 $attempts=get_option('snp_2fa_attempts'); 133 $ip=sanitize_text_field($_SERVER['REMOTE_ADDR']); 129 134 130 131 135 global $wpdb; 136 $table = $wpdb->prefix . 'snp_2fa_ip'; 132 137 133 138 $results = $wpdb->get_results( "SELECT `counter`,`blockdate` FROM `{$table}` WHERE `ip`='{$ip}' LIMIT 1" ); 134 139 135 $currentDateTime = newDateTime();136 140 $currentDateTime = new \DateTime(); 141 $date=$currentDateTime->format('Y-m-d H:i:s'); 137 142 138 143 if(!empty($attempts)) { 139 144 140 145 if ( $results ) { 141 146 142 143 147 $counter = $results[0]->counter; 148 $counter ++; 144 149 145 $block_date = newDateTime( $results[0]->blockdate );146 $block_date->add( newDateInterval( 'PT5M' ) );150 $block_date = new \DateTime( $results[0]->blockdate ); 151 $block_date->add( new \DateInterval( 'PT5M' ) ); 147 152 148 149 150 153 if ( $currentDateTime > $block_date ) { 154 $counter = 1; 155 } 151 156 152 153 154 155 156 157 158 159 157 $data = array( 158 'counter' => $counter, 159 'blockdate' => $date 160 ); 161 $where = array( 162 'ip' => $ip 163 ); 164 $wpdb->update( $table, $data, $where ); 160 165 161 162 163 164 165 166 167 168 169 166 } else { 167 $data = array( 168 'ip' => $ip, 169 'counter' => 1, 170 'blockdate' => $date 171 ); 172 $wpdb->insert( $table, $data ); 173 } 174 } 170 175 } 171 add_action('wp_login_failed', 'senpai_software_2fa_login_failed');176 add_action('wp_login_failed', __NAMESPACE__.'\login_failed'); -
senpai-software-2fa/trunk/senpai-software-2fa.php
r2938444 r2977661 4 4 * Plugin URI: https://senpai.software/wp-plugins/2fa/ 5 5 * Description: Unique method two-factor auth (2FA). Limit Login Attempts. Disable XML-RPC. Protection against brute force attacks. 6 * Version: 2.0. 06 * Version: 2.0.1 7 7 * Author: Senpai Software 8 8 * Author URI: https://senpai.software … … 13 13 * Requires at least: 5.0 14 14 * Requires PHP: 5.6 15 */15 */ 16 16 17 17 /* … … 31 31 */ 32 32 33 namespace SenpaiSoftware2FA; 34 33 35 if (!defined('ABSPATH')) { 34 36 exit; // Exit if accessed directly … … 38 40 * The code that runs during plugin activation. 39 41 */ 40 function senpai_software_2fa_activation(){42 function activation(){ 41 43 global $wpdb; 42 44 $users = get_users(); … … 50 52 * The code that runs during plugin deactivation. 51 53 */ 52 function senpai_software_2fa_deactivation(){54 function deactivation(){ 53 55 global $wpdb; 54 56 $users = get_users(); … … 62 64 * The code that runs during plugin uninstall. 63 65 */ 64 function senpai_software_2fa_uninstall(){66 function uninstall(){ 65 67 global $wpdb; 66 68 $users = get_users(); … … 70 72 } 71 73 72 73 74 75 74 delete_option( 'snp_2fa_xmlrpc'); 75 delete_option( 'snp_2fa_hint'); 76 delete_option( 'snp_2fa_attempts'); 77 delete_option( 'snp_2fa_block_period'); 76 78 77 78 79 79 $table_name = $wpdb->prefix . 'snp_2fa_ip'; 80 $query = "DROP TABLE IF EXISTS $table_name"; 81 $wpdb->query($query); 80 82 } 81 83 82 register_activation_hook(__FILE__, 'senpai_software_2fa_activation');83 register_deactivation_hook(__FILE__, 'senpai_software_2fa_deactivation');84 register_uninstall_hook(__FILE__, 'senpai_software_2fa_uninstall');84 register_activation_hook(__FILE__, __NAMESPACE__.'\activation'); 85 register_deactivation_hook(__FILE__, __NAMESPACE__.'\deactivation'); 86 register_uninstall_hook(__FILE__, __NAMESPACE__.'\uninstall'); 85 87 86 88 /** 87 89 * Languages 88 90 */ 89 function senpai_software_2fa_load_textdomain() {91 function load_textdomain() { 90 92 load_plugin_textdomain( 'senpai-software-2fa', false, dirname( plugin_basename( __FILE__ ) ) . '/languages/' ); 91 93 } 92 add_action( 'plugins_loaded', 'senpai_software_2fa_load_textdomain' );94 add_action( 'plugins_loaded', __NAMESPACE__.'\load_textdomain' ); 93 95 94 96 /**
Note: See TracChangeset
for help on using the changeset viewer.