Edit File by line

<?php

[0] Fix | Delete

if (!defined('ABSPATH') && !defined('MCDATAPATH')) exit;

[1] Fix | Delete

[2] Fix | Delete

if (!class_exists('BVProtectLP_V565')) :

[3] Fix | Delete

class BVProtectLP_V565 {

[4] Fix | Delete

private $ip;

[5] Fix | Delete

private $time;

[6] Fix | Delete

private $ipstore;

[7] Fix | Delete

private $logger;

[8] Fix | Delete

private $brand_name;

[9] Fix | Delete

[10] Fix | Delete

private $mode = BVProtectLP_V565::MODE_DISABLED;

[11] Fix | Delete

private $captcha_limit = 3;

[12] Fix | Delete

private $temp_block_limit = 10;

[13] Fix | Delete

private $block_all_limit = 100;

[14] Fix | Delete

private $failed_login_gap = 1800;

[15] Fix | Delete

private $success_login_gap = 1800;

[16] Fix | Delete

private $all_blocked_gap = 1800;

[17] Fix | Delete

[18] Fix | Delete

private $category = BVProtectLP_V565::CATEGORY_ALLOWED;

[19] Fix | Delete

private $username = '';

[20] Fix | Delete

private $message = '';

[21] Fix | Delete

[22] Fix | Delete

private static $instance;

[23] Fix | Delete

[24] Fix | Delete

const TABLE_NAME = 'lp_requests';

[25] Fix | Delete

const UNBLOCK_IP_TRANSIENT_PREFIX = 'bvlp_unblock_ip';

[26] Fix | Delete

[27] Fix | Delete

const MODE_DISABLED = 1;

[28] Fix | Delete

const MODE_AUDIT = 2;

[29] Fix | Delete

const MODE_PROTECT = 3;

[30] Fix | Delete

[31] Fix | Delete

const LOGIN_STATUS_FAILURE = 1;

[32] Fix | Delete

const LOGIN_STATUS_SUCCESS = 2;

[33] Fix | Delete

const LOGIN_STATUS_BLOCKED = 3;

[34] Fix | Delete

[35] Fix | Delete

const CATEGORY_CAPTCHA_BLOCK = 1;

[36] Fix | Delete

const CATEGORY_TEMP_BLOCK = 2;

[37] Fix | Delete

const CATEGORY_ALL_BLOCKED = 3;

[38] Fix | Delete

const CATEGORY_UNBLOCKED = 4;

[39] Fix | Delete

const CATEGORY_BLACKLISTED = 5;

[40] Fix | Delete

const CATEGORY_BYPASSED = 6;

[41] Fix | Delete

const CATEGORY_ALLOWED = 7;

[42] Fix | Delete

const CATEGORY_PRIVATEIP = 8;

[43] Fix | Delete

[44] Fix | Delete

private function __construct($request, $config, $brand_name) {

[45] Fix | Delete

$this->ip = $request->getIP();

[46] Fix | Delete

$this->brand_name = $brand_name;

[47] Fix | Delete

$this->ipstore = new BVProtectIpstore_V565();

[48] Fix | Delete

$this->logger = new BVProtectLogger_V565(BVProtectLP_V565::TABLE_NAME);

[49] Fix | Delete

$this->time = strtotime(date("Y-m-d H:i:s"));

[50] Fix | Delete

[51] Fix | Delete

if (is_array($config)) {

[52] Fix | Delete

if (array_key_exists('mode', $config) && is_int($config['mode'])) {

[53] Fix | Delete

$this->mode = $config['mode'];

[54] Fix | Delete

}

[55] Fix | Delete

[56] Fix | Delete

if (array_key_exists('captchalimit', $config) && is_int($config['captchalimit'])) {

[57] Fix | Delete

$this->captcha_limit = $config['captchalimit'];

[58] Fix | Delete

}

[59] Fix | Delete

[60] Fix | Delete

if (array_key_exists('tempblocklimit', $config) && is_int($config['tempblocklimit'])) {

[61] Fix | Delete

$this->temp_block_limit = $config['tempblocklimit'];

[62] Fix | Delete

}

[63] Fix | Delete

[64] Fix | Delete

if (array_key_exists('blockalllimit', $config) && is_int($config['blockalllimit'])) {

[65] Fix | Delete

$this->block_all_limit = $config['blockalllimit'];

[66] Fix | Delete

}

[67] Fix | Delete

[68] Fix | Delete

if (array_key_exists('failedlogingap', $config) && is_int($config['failedlogingap'])) {

[69] Fix | Delete

$this->failed_login_gap = $config['failedlogingap'];

[70] Fix | Delete

}

[71] Fix | Delete

[72] Fix | Delete

if (array_key_exists('successlogingap', $config) && is_int($config['successlogingap'])) {

[73] Fix | Delete

$this->success_login_gap = $config['successlogingap'];

[74] Fix | Delete

}

[75] Fix | Delete

[76] Fix | Delete

if (array_key_exists('allblockedgap', $config) && is_int($config['allblockedgap'])) {

[77] Fix | Delete

$this->all_blocked_gap = $config['allblockedgap'];

[78] Fix | Delete

}

[79] Fix | Delete

}

[80] Fix | Delete

}

[81] Fix | Delete

[82] Fix | Delete

public static function getInstance($request, $config, $brand_name) {

[83] Fix | Delete

if (!isset(self::$instance)) {

[84] Fix | Delete

self::$instance = new self($request, $config, $brand_name);

[85] Fix | Delete

}

[86] Fix | Delete

[87] Fix | Delete

return self::$instance;

[88] Fix | Delete

}

[89] Fix | Delete

[90] Fix | Delete

public static function uninstall() {

[91] Fix | Delete

BVProtect_V565::$db->dropBVTable(BVProtectLP_V565::TABLE_NAME);

[92] Fix | Delete

}

[93] Fix | Delete

[94] Fix | Delete

public function init() {

[95] Fix | Delete

if ($this->isActive()) {

[96] Fix | Delete

add_filter('authenticate', array($this, 'loginInit'), 30, 3);

[97] Fix | Delete

add_action('wp_login', array($this, 'loginSuccess'));

[98] Fix | Delete

add_action('wp_login_failed', array($this, 'loginFailed'));

[99] Fix | Delete

}

[100] Fix | Delete

}

[101] Fix | Delete

[102] Fix | Delete

private function getCaptchaLink() {

[103] Fix | Delete

$account = BVAccount::apiPublicAccount(BVProtect_V565::$settings);

[104] Fix | Delete

[105] Fix | Delete

$url = $account->authenticatedUrl('/captcha/solve');

[106] Fix | Delete

$url .= "&adminurl=".base64_encode(get_admin_url());

[107] Fix | Delete

[108] Fix | Delete

return $url;

[109] Fix | Delete

}

[110] Fix | Delete

[111] Fix | Delete

private function getAllowLoginsTransient() {

[112] Fix | Delete

return BVProtect_V565::$settings->getTransient('bvlp_allow_logins');

[113] Fix | Delete

}

[114] Fix | Delete

[115] Fix | Delete

private function getBlockLoginsTransient() {

[116] Fix | Delete

return BVProtect_V565::$settings->getTransient('bvlp_block_logins');

[117] Fix | Delete

}

[118] Fix | Delete

[119] Fix | Delete

private function terminateTemplate() {

[120] Fix | Delete

$templates = array (

[121] Fix | Delete

1 => "<p>Too many failed attempts, You are barred from logging into this site.</p>" .

[122] Fix | Delete

"<a href=" . $this->getCaptchaLink() ." class='btn btn-default'>Click here</a>" .

[123] Fix | Delete

" to unblock yourself.",

[124] Fix | Delete

2 => "You cannot login to this site for 30 minutes because of too many failed login attempts.",

[125] Fix | Delete

3 => "<p>Logins to this site are currently blocked.</p><a href=" . $this->getCaptchaLink() .

[126] Fix | Delete

" class='btn btn-default'>Click here</a> to unblock yourself.",

[127] Fix | Delete

5 => "Your IP is blacklisted."

[128] Fix | Delete

);

[129] Fix | Delete

[130] Fix | Delete

return "

[131] Fix | Delete

[132] Fix | Delete

[133] Fix | Delete

<div><p><img src=". plugins_url('/../img/icon.png', __FILE__) . "><h2>Login Protection</h2><h3>powered by</h3><h2>"

[134] Fix | Delete

. $this->brand_name . " Firewall</h2></p><div>

[135] Fix | Delete

<p>" . $templates[$this->category] . "</p>

[136] Fix | Delete

<p>Reference ID: " . BVInfo::getRequestID() . "</p>

[137] Fix | Delete

</div>

[138] Fix | Delete

</div>";

[139] Fix | Delete

}

[140] Fix | Delete

[141] Fix | Delete

private function isProtecting() {

[142] Fix | Delete

return $this->mode === BVProtectLP_V565::MODE_PROTECT;

[143] Fix | Delete

}

[144] Fix | Delete

[145] Fix | Delete

private function isActive() {

[146] Fix | Delete

return $this->mode !== BVProtectLP_V565::MODE_DISABLED;

[147] Fix | Delete

}

[148] Fix | Delete

[149] Fix | Delete

private function isBlacklistedIP() {

[150] Fix | Delete

return $this->ipstore->isLPIPBlacklisted($this->ip);

[151] Fix | Delete

}

[152] Fix | Delete

[153] Fix | Delete

private function isWhitelistedIP() {

[154] Fix | Delete

return $this->ipstore->isLPIPWhitelisted($this->ip);

[155] Fix | Delete

}

[156] Fix | Delete

[157] Fix | Delete

private function isUnBlockedIP() {

[158] Fix | Delete

$transient_name = BVProtectLP_V565::UNBLOCK_IP_TRANSIENT_PREFIX . $this->ip;

[159] Fix | Delete

$attempts = BVProtect_V565::$settings->getTransient($transient_name);

[160] Fix | Delete

[161] Fix | Delete

if ($attempts && $attempts > 0) {

[162] Fix | Delete

BVProtect_V565::$settings->setTransient($transient_name, $attempts - 1, 600 * $attempts);

[163] Fix | Delete

return true;

[164] Fix | Delete

}

[165] Fix | Delete

[166] Fix | Delete

return false;

[167] Fix | Delete

}

[168] Fix | Delete

[169] Fix | Delete

private function isLoginBlocked() {

[170] Fix | Delete

if ($this->getAllowLoginsTransient() ||

[171] Fix | Delete

($this->getLoginCount(BVProtectLP_V565::LOGIN_STATUS_FAILURE, null, $this->all_blocked_gap) < $this->block_all_limit)) {

[172] Fix | Delete

return false;

[173] Fix | Delete

}

[174] Fix | Delete

[175] Fix | Delete

return true;

[176] Fix | Delete

}

[177] Fix | Delete

[178] Fix | Delete

private function log($status) {

[179] Fix | Delete

$data = array (

[180] Fix | Delete

"ip" => $this->ip,

[181] Fix | Delete

"status" => $status,

[182] Fix | Delete

"time" => $this->time,

[183] Fix | Delete

"category" => $this->category,

[184] Fix | Delete

"username" => $this->username,

[185] Fix | Delete

"request_id" => BVInfo::getRequestID(),

[186] Fix | Delete

"message" => $this->message

[187] Fix | Delete

);

[188] Fix | Delete

[189] Fix | Delete

$this->logger->log($data);

[190] Fix | Delete

}

[191] Fix | Delete

[192] Fix | Delete

private function terminateLogin() {

[193] Fix | Delete

$this->message = 'Login Blocked';

[194] Fix | Delete

$this->log(BVProtectLP_V565::LOGIN_STATUS_BLOCKED);

[195] Fix | Delete

if ($this->isProtecting()) {

[196] Fix | Delete

header("Cache-Control: no-cache, no-store, must-revalidate");

[197] Fix | Delete

header("Pragma: no-cache");

[198] Fix | Delete

header("Expires: 0");

[199] Fix | Delete

header('HTTP/1.0 403 Forbidden');

[200] Fix | Delete

die($this->terminateTemplate());

[201] Fix | Delete

exit;

[202] Fix | Delete

}

[203] Fix | Delete

}

[204] Fix | Delete

[205] Fix | Delete

public function loginInit($user, $username = '', $password = '') {

[206] Fix | Delete

if ($this->isUnBlockedIP()) {

[207] Fix | Delete

$this->category = BVProtectLP_V565::CATEGORY_UNBLOCKED;

[208] Fix | Delete

} else {

[209] Fix | Delete

$failed_attempts = $this->getLoginCount(BVProtectLP_V565::LOGIN_STATUS_FAILURE,

[210] Fix | Delete

$this->ip, $this->failed_login_gap);

[211] Fix | Delete

[212] Fix | Delete

if ($this->isWhitelistedIP()) {

[213] Fix | Delete

$this->category = BVProtectLP_V565::CATEGORY_BYPASSED;

[214] Fix | Delete

} elseif (BVProtectUtils_V565::isPrivateIP($this->ip)) {

[215] Fix | Delete

$this->category = BVProtectLP_V565::CATEGORY_PRIVATEIP;

[216] Fix | Delete

} elseif ($this->isBlacklistedIP()) {

[217] Fix | Delete

$this->category = BVProtectLP_V565::CATEGORY_BLACKLISTED;

[218] Fix | Delete

$this->terminateLogin();

[219] Fix | Delete

} elseif ($this->isKnownLogin()) {

[220] Fix | Delete

$this->category = BVProtectLP_V565::CATEGORY_BYPASSED;

[221] Fix | Delete

} elseif ($this->isLoginBlocked()) {

[222] Fix | Delete

$this->category = BVProtectLP_V565::CATEGORY_ALL_BLOCKED;

[223] Fix | Delete

$this->terminateLogin();

[224] Fix | Delete

} elseif ($failed_attempts >= $this->temp_block_limit) {

[225] Fix | Delete

$this->category = BVProtectLP_V565::CATEGORY_TEMP_BLOCK;

[226] Fix | Delete

$this->terminateLogin();

[227] Fix | Delete

} elseif ($failed_attempts >= $this->captcha_limit) {

[228] Fix | Delete

$this->category = BVProtectLP_V565::CATEGORY_CAPTCHA_BLOCK;

[229] Fix | Delete

$this->terminateLogin();

[230] Fix | Delete

}

[231] Fix | Delete

}

[232] Fix | Delete

[233] Fix | Delete

if (!empty($user) && !empty($password) && is_wp_error($user)) {

[234] Fix | Delete

$this->message = $user->get_error_code();

[235] Fix | Delete

}

[236] Fix | Delete

[237] Fix | Delete

return $user;

[238] Fix | Delete

}

[239] Fix | Delete

[240] Fix | Delete

public function loginFailed($username) {

[241] Fix | Delete

$this->username = $username;

[242] Fix | Delete

$this->log(BVProtectLP_V565::LOGIN_STATUS_FAILURE);

[243] Fix | Delete

}

[244] Fix | Delete

[245] Fix | Delete

public function loginSuccess($username) {

[246] Fix | Delete

$this->username = $username;

[247] Fix | Delete

$this->message = 'Login Success';

[248] Fix | Delete

$this->log(BVProtectLP_V565::LOGIN_STATUS_SUCCESS);

[249] Fix | Delete

}

[250] Fix | Delete

[251] Fix | Delete

private function isKnownLogin() {

[252] Fix | Delete

return $this->getLoginCount(BVProtectLP_V565::LOGIN_STATUS_SUCCESS,

[253] Fix | Delete

$this->ip, $this->success_login_gap) > 0;

[254] Fix | Delete

}

[255] Fix | Delete

[256] Fix | Delete

private function getLoginCount($status, $ip, $gap) {

[257] Fix | Delete

$table = BVProtect_V565::$db->getBVTable(BVProtectLP_V565::TABLE_NAME);

[258] Fix | Delete

$query_str = "SELECT COUNT(*) as count from `$table` WHERE status=%d && time > %d";

[259] Fix | Delete

$query_args = array($status, ($this->time - $gap));

[260] Fix | Delete

[261] Fix | Delete

$query = BVProtect_V565::$db->prepare($query_str, $query_args);

[262] Fix | Delete

if ($ip) {

[263] Fix | Delete

$query .= BVProtect_V565::$db->prepare(" && ip=%s", $ip);

[264] Fix | Delete

}

[265] Fix | Delete

[266] Fix | Delete

$rows = BVProtect_V565::$db->getResult($query);

[267] Fix | Delete

if (!$rows) {

[268] Fix | Delete

return 0;

[269] Fix | Delete

}

[270] Fix | Delete

[271] Fix | Delete

return intval($rows[0]['count']);

[272] Fix | Delete

}

[273] Fix | Delete

}

[274] Fix | Delete

endif;

[275] Fix | Delete