diff options
| author |   Theo Chatzimichos <tampakrap@gentoo.org> | 2012-06-13 16:18:13 +0200 |
|---|---|---|
| committer | Theo Chatzimichos <tampakrap@gentoo.org> | 2012-06-13 16:18:13 +0200 |
| commit | ab05ecf6ac2bdd10e542eff7764de0f02a17f0a8 (patch) | |
| tree | 5134afa67836f0657151a40cfba49c9adf969a50 /plugins/limit-login-attempts/limit-login-attempts.php | |
| parent | Update limit-login-attempts, smart-youtube and wp-stats (diff) | |
| download | blogs-gentoo-ab05ecf6ac2bdd10e542eff7764de0f02a17f0a8.tar.gz blogs-gentoo-ab05ecf6ac2bdd10e542eff7764de0f02a17f0a8.tar.bz2 blogs-gentoo-ab05ecf6ac2bdd10e542eff7764de0f02a17f0a8.zip | |
New module jetpack, replacement of wp-stats
Update akismet, limit-login-attempts, smart-youtube, wp-importer
Diffstat (limited to 'plugins/limit-login-attempts/limit-login-attempts.php')
| -rwxr-xr-x | plugins/limit-login-attempts/limit-login-attempts.php | 110 |
1 files changed, 88 insertions, 22 deletions
diff --git a/plugins/limit-login-attempts/limit-login-attempts.php b/plugins/limit-login-attempts/limit-login-attempts.php index a92f5b62..3bbfa7b8 100755 --- a/plugins/limit-login-attempts/limit-login-attempts.php +++ b/plugins/limit-login-attempts/limit-login-attempts.php @@ -6,9 +6,9 @@ Author: Johan Eenfeldt Author URI: http://devel.kostdoktorn.se Text Domain: limit-login-attempts - Version: 1.6.2 + Version: 1.7.1 - Copyright 2008 - 2011 Johan Eenfeldt + Copyright 2008 - 2012 Johan Eenfeldt Thanks to Michael Skerwiderski for reverse proxy handling suggestions. @@ -43,7 +43,7 @@ define('LIMIT_LOGIN_LOCKOUT_NOTIFY_ALLOWED', 'log,email'); /* * Variables * - * Assignments are for default value -- change in admin page. + * Assignments are for default value -- change on admin page. */ $limit_login_options = @@ -85,7 +85,7 @@ $limit_login_nonempty_credentials = false; /* user and pwd nonempty */ * Startup */ -add_action('init', 'limit_login_setup'); +add_action('plugins_loaded', 'limit_login_setup', 99999); /* @@ -102,7 +102,7 @@ function limit_login_setup() { /* Filters and actions */ add_action('wp_login_failed', 'limit_login_failed'); if (limit_login_option('cookies')) { - add_action('plugins_loaded', 'limit_login_handle_cookies', 99999); + limit_login_handle_cookies(); add_action('auth_cookie_bad_username', 'limit_login_failed_cookie'); global $wp_version; @@ -175,10 +175,40 @@ function limit_login_get_address($type_name = '') { } +/* + * Check if IP is whitelisted. + * + * This function allow external ip whitelisting using a filter. Note that it can + * be called multiple times during the login process. + * + * Note that retries and statistics are still counted and notifications + * done as usual for whitelisted ips , but no lockout is done. + * + * Example: + * function my_ip_whitelist($allow, $ip) { + * return ($ip == 'my-ip') ? true : $allow; + * } + * add_filter('limit_login_whitelist_ip', 'my_ip_whitelist', 10, 2); + */ +function is_limit_login_ip_whitelisted($ip = null) { + if (is_null($ip)) { + $ip = limit_login_get_address(); + } + $whitelisted = apply_filters('limit_login_whitelist_ip', false, $ip); + + return ($whitelisted === true); +} + + /* Check if it is ok to login */ function is_limit_login_ok() { $ip = limit_login_get_address(); + /* Check external whitelist filter */ + if (is_limit_login_ip_whitelisted($ip)) { + return true; + } + /* lockout active? */ $lockouts = get_option('limit_login_lockouts'); return (!is_array($lockouts) || !isset($lockouts[$ip]) || time() >= $lockouts[$ip]); @@ -209,7 +239,7 @@ function limit_login_failure_shake($error_codes) { /* - * Action: called in plugin_loaded (really early) to make sure we do not allow + * Must be called in plugin_loaded (really early) to make sure we do not allow * auth cookies while locked out. */ function limit_login_handle_cookies() { @@ -324,6 +354,9 @@ function limit_login_clear_auth_cookie() { * * Increase nr of retries (if necessary). Reset valid value. Setup * lockout if nr of retries are above threshold. And more! + * + * A note on external whitelist: retries and statistics are still counted and + * notifications done as usual, but no lockout is done. */ function limit_login_failed($username) { $ip = limit_login_get_address(); @@ -369,20 +402,34 @@ function limit_login_failed($username) { /* lockout! */ - global $limit_login_just_lockedout; - $limit_login_just_lockedout = true; + $whitelisted = is_limit_login_ip_whitelisted($ip); - /* setup lockout, reset retries as needed */ $retries_long = limit_login_option('allowed_retries') - * limit_login_option('allowed_lockouts'); - if ($retries[$ip] >= $retries_long) { - /* long lockout */ - $lockouts[$ip] = time() + limit_login_option('long_duration'); - unset($retries[$ip]); - unset($valid[$ip]); + * limit_login_option('allowed_lockouts'); + + /* + * Note that retries and statistics are still counted and notifications + * done as usual for whitelisted ips , but no lockout is done. + */ + if ($whitelisted) { + if ($retries[$ip] >= $retries_long) { + unset($retries[$ip]); + unset($valid[$ip]); + } } else { - /* normal lockout */ - $lockouts[$ip] = time() + limit_login_option('lockout_duration'); + global $limit_login_just_lockedout; + $limit_login_just_lockedout = true; + + /* setup lockout, reset retries as needed */ + if ($retries[$ip] >= $retries_long) { + /* long lockout */ + $lockouts[$ip] = time() + limit_login_option('long_duration'); + unset($retries[$ip]); + unset($valid[$ip]); + } else { + /* normal lockout */ + $lockouts[$ip] = time() + limit_login_option('lockout_duration'); + } } /* do housecleaning and save values */ @@ -394,9 +441,9 @@ function limit_login_failed($username) { /* increase statistics */ $total = get_option('limit_login_lockouts_total'); if ($total === false || !is_numeric($total)) { - add_option('limit_login_lockouts_total', 1, '', 'no'); + add_option('limit_login_lockouts_total', 1, '', 'no'); } else { - update_option('limit_login_lockouts_total', $total + 1); + update_option('limit_login_lockouts_total', $total + 1); } } @@ -451,6 +498,7 @@ function is_limit_login_multisite() { /* Email notification of lockout to admin (if configured) */ function limit_login_notify_email($user) { $ip = limit_login_get_address(); + $whitelisted = is_limit_login_ip_whitelisted($ip); $retries = get_option('limit_login_retries'); if (!is_array($retries)) { @@ -482,8 +530,16 @@ function limit_login_notify_email($user) { $blogname = is_limit_login_multisite() ? get_site_option('site_name') : get_option('blogname'); - $subject = sprintf(__("[%s] Too many failed login attempts", 'limit-login-attempts') - , $blogname); + if ($whitelisted) { + $subject = sprintf(__("[%s] Failed login attempts from whitelisted IP" + , 'limit-login-attempts') + , $blogname); + } else { + $subject = sprintf(__("[%s] Too many failed login attempts" + , 'limit-login-attempts') + , $blogname); + } + $message = sprintf(__("%d failed login attempts (%d lockout(s)) from IP: %s" , 'limit-login-attempts') . "\r\n\r\n" , $count, $lockouts, $ip); @@ -491,7 +547,11 @@ function limit_login_notify_email($user) { $message .= sprintf(__("Last user attempted: %s", 'limit-login-attempts') . "\r\n\r\n" , $user); } - $message .= sprintf(__("IP was blocked for %s", 'limit-login-attempts'), $when); + if ($whitelisted) { + $message .= __("IP was NOT blocked because of external whitelist.", 'limit-login-attempts'); + } else { + $message .= sprintf(__("IP was blocked for %s", 'limit-login-attempts'), $when); + } $admin_email = is_limit_login_multisite() ? get_site_option('admin_email') : get_option('admin_email'); @@ -600,6 +660,12 @@ function limit_login_retries_remaining_msg() { /* Return current (error) message to show, if any */ function limit_login_get_message() { + /* Check external whitelist */ + if (is_limit_login_ip_whitelisted()) { + return ''; + } + + /* Is lockout in effect? */ if (!is_limit_login_ok()) { return limit_login_error_msg(); } |