Changeset 546512
- Timestamp:
- 05/20/2012 10:41:52 AM (14 years ago)
- Location:
- limit-login-attempts
- Files:
-
- 3 edited
- 1 copied
-
tags/1.6.3 (copied) (copied from limit-login-attempts/tags/1.6.2)
-
tags/1.6.3/limit-login-attempts.php (modified) (10 diffs)
-
tags/1.6.3/readme.txt (modified) (4 diffs)
-
trunk/readme.txt (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
limit-login-attempts/tags/1.6.3/limit-login-attempts.php
r428626 r546512 7 7 Author URI: http://devel.kostdoktorn.se 8 8 Text Domain: limit-login-attempts 9 Version: 1. 6.210 11 Copyright 2008 - 201 1Johan Eenfeldt9 Version: 1.7.0 10 11 Copyright 2008 - 2012 Johan Eenfeldt 12 12 13 13 Thanks to Michael Skerwiderski for reverse proxy handling suggestions. … … 44 44 * Variables 45 45 * 46 * Assignments are for default value -- change in admin page.46 * Assignments are for default value -- change on admin page. 47 47 */ 48 48 … … 176 176 177 177 178 /* 179 * Check if IP is whitelisted. 180 * 181 * This function allow external ip whitelisting using a filter. Note that it can 182 * be called multiple times during the login process. 183 * 184 * Note that retries and statistics are still counted and notifications 185 * done as usual for whitelisted ips , but no lockout is done. 186 * 187 * Example: 188 * function my_ip_whitelist($allow, $ip) { 189 * return ($ip == 'my-ip') ? true : $allow; 190 * } 191 * add_filter('limit_login_whitelist_ip', 'my_ip_whitelist', 10, 2); 192 */ 193 function is_limit_login_ip_whitelisted($ip = null) { 194 if (is_null($ip)) { 195 $ip = limit_login_get_address(); 196 } 197 $whitelisted = apply_filters('limit_login_whitelist_ip', false, $ip); 198 199 return ($whitelisted === true); 200 } 201 202 178 203 /* Check if it is ok to login */ 179 204 function is_limit_login_ok() { 180 205 $ip = limit_login_get_address(); 206 207 /* Check external whitelist filter */ 208 if (is_limit_login_ip_whitelisted($ip)) { 209 return true; 210 } 181 211 182 212 /* lockout active? */ … … 325 355 * Increase nr of retries (if necessary). Reset valid value. Setup 326 356 * lockout if nr of retries are above threshold. And more! 357 * 358 * A note on external whitelist: retries and statistics are still counted and 359 * notifications done as usual, but no lockout is done. 327 360 */ 328 361 function limit_login_failed($username) { … … 370 403 /* lockout! */ 371 404 372 global $limit_login_just_lockedout; 373 $limit_login_just_lockedout = true; 374 375 /* setup lockout, reset retries as needed */ 405 $whitelisted = is_limit_login_ip_whitelisted($ip); 406 376 407 $retries_long = limit_login_option('allowed_retries') 377 * limit_login_option('allowed_lockouts'); 378 if ($retries[$ip] >= $retries_long) { 379 /* long lockout */ 380 $lockouts[$ip] = time() + limit_login_option('long_duration'); 381 unset($retries[$ip]); 382 unset($valid[$ip]); 408 * limit_login_option('allowed_lockouts'); 409 410 /* 411 * Note that retries and statistics are still counted and notifications 412 * done as usual for whitelisted ips , but no lockout is done. 413 */ 414 if ($whitelisted) { 415 if ($retries[$ip] >= $retries_long) { 416 unset($retries[$ip]); 417 unset($valid[$ip]); 418 } 383 419 } else { 384 /* normal lockout */ 385 $lockouts[$ip] = time() + limit_login_option('lockout_duration'); 420 global $limit_login_just_lockedout; 421 $limit_login_just_lockedout = true; 422 423 /* setup lockout, reset retries as needed */ 424 if ($retries[$ip] >= $retries_long) { 425 /* long lockout */ 426 $lockouts[$ip] = time() + limit_login_option('long_duration'); 427 unset($retries[$ip]); 428 unset($valid[$ip]); 429 } else { 430 /* normal lockout */ 431 $lockouts[$ip] = time() + limit_login_option('lockout_duration'); 432 } 386 433 } 387 434 … … 395 442 $total = get_option('limit_login_lockouts_total'); 396 443 if ($total === false || !is_numeric($total)) { 397 444 add_option('limit_login_lockouts_total', 1, '', 'no'); 398 445 } else { 399 446 update_option('limit_login_lockouts_total', $total + 1); 400 447 } 401 448 } … … 452 499 function limit_login_notify_email($user) { 453 500 $ip = limit_login_get_address(); 501 $whitelisted = is_limit_login_ip_whitelisted($ip); 454 502 455 503 $retries = get_option('limit_login_retries'); … … 483 531 $blogname = is_limit_login_multisite() ? get_site_option('site_name') : get_option('blogname'); 484 532 485 $subject = sprintf(__("[%s] Too many failed login attempts", 'limit-login-attempts') 486 , $blogname); 533 if ($whitelisted) { 534 $subject = sprintf(__("[%s] Failed login attempts from whitelisted IP" 535 , 'limit-login-attempts') 536 , $blogname); 537 } else { 538 $subject = sprintf(__("[%s] Too many failed login attempts" 539 , 'limit-login-attempts') 540 , $blogname); 541 } 542 487 543 $message = sprintf(__("%d failed login attempts (%d lockout(s)) from IP: %s" 488 544 , 'limit-login-attempts') . "\r\n\r\n" … … 492 548 . "\r\n\r\n" , $user); 493 549 } 494 $message .= sprintf(__("IP was blocked for %s", 'limit-login-attempts'), $when); 550 if ($whitelisted) { 551 $message .= __("IP was NOT blocked because of external whitelist.", 'limit-login-attempts'); 552 } else { 553 $message .= sprintf(__("IP was blocked for %s", 'limit-login-attempts'), $when); 554 } 495 555 496 556 $admin_email = is_limit_login_multisite() ? get_site_option('admin_email') : get_option('admin_email'); … … 601 661 /* Return current (error) message to show, if any */ 602 662 function limit_login_get_message() { 663 /* Check external whitelist */ 664 if (is_limit_login_ip_whitelisted()) { 665 return ''; 666 } 667 668 /* Is lockout in effect? */ 603 669 if (!is_limit_login_ok()) { 604 670 return limit_login_error_msg(); -
limit-login-attempts/tags/1.6.3/readme.txt
r428626 r546512 3 3 Tags: login, security, authentication 4 4 Requires at least: 2.8 5 Tested up to: 3. 2.15 Tested up to: 3.3.2 6 6 Stable tag: 1.6.2 7 7 … … 23 23 * Optional logging, optional email notification 24 24 * Handles server behind reverse proxy 25 * It is possible to whitelist IPs using a filter. But you probably shouldn't. :-) 25 26 26 27 Translations: Bulgarian, Brazilian Portuguese, Catalan, Chinese (Traditional), Czech, Dutch, Finnish, French, German, Hungarian, Norwegian, Persian, Romanian, Russian, Spanish, Swedish, Turkish … … 52 53 You probably are not or you would know. We show a pretty good guess on the option page. Set the option using this unless you are sure you know better. 53 54 55 = Can I whitelist my IP so I don't get locked out? = 56 57 First please consider if you really need this. Generally speaking it is not a good idea to have exceptions to your security policies. 58 59 That said, there is now a filter which allows you to do it: "limit_login_whitelist_ip". 60 61 Example: 62 function my_ip_whitelist($allow, $ip) { 63 return ($ip == 'my-ip') ? true : $allow; 64 } 65 add_filter('limit_login_whitelist_ip', 'my_ip_whitelist', 10, 2); 66 67 Note that we still do notification and logging as usual. This is meant to allow you to be aware of any suspicious activity from whitelisted IPs. 68 54 69 = I locked myself out testing this thing, what do I do? = 55 70 56 71 Either wait, or: 72 73 If you know how to edit / add to PHP files you can use the IP whitelist functionality described above. You should then use the "Restore Lockouts" button on the plugin settings page and remove the whitelist function again. 57 74 58 75 If you have ftp / ssh access to the site rename the file "wp-content/plugins/limit-login-attempts/limit-login-attempts.php" to deactivate the plugin. … … 67 84 68 85 == Changelog == 86 87 = 1.7.0 = 88 * Added filter that allows whitelisting of IPs because of popular demand. Please use with care!! 89 * Update to Spanish translation, thanks to Marcelo Pedra 90 * Tested against WordPress 3.3.2 69 91 70 92 = 1.6.2 = -
limit-login-attempts/trunk/readme.txt
r448467 r546512 119 119 * Update screenshots 120 120 * Update site 121 122 * track registrations123 * track last login124 121 125 122 == Change Log ==
Note: See TracChangeset
for help on using the changeset viewer.