th.guenther/kompass
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Protection of WordPress logins

Browse Source
This commit is contained in:
Thomas Günther
2024-02-26 14:47:51 +01:00
parent bb741539f6
commit 18820c7191
18 changed files with 903 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
assets/password.js Normal file
View File

@@ -0,0 +1,43 @@
jQuery(document).ready(function($) {
$( "<button class='button button-primary' disabled id='password_too_short'>" +
php_vars.password_too_short_text + "</button>" ).insertBefore( ".submit" );
$("#password_too_short").css('display', 'none');
$(document).on('DOMSubtreeModified', '#pass-strength-result', function() {
var strengthMeter = $(this).attr('class');
var allowedStrengths = php_vars.allowed_strengths;
$( "[name='pw_weak']" ).css('visibility', 'hidden');
$( '.pw-weak' ).css('visibility', 'hidden');
$( '#pw-weak-text-label' ).css('visibility', 'hidden');
if (strengthMeter !== '') {
if (allowedStrengths.includes(strengthMeter)) {
$("[name='pw_weak']").prop("checked", true);
$("[name='submit']").css('display', 'inline');
$('#createusersub').css('display', 'inline');
$('submit').onclick = function() {
$('your-profile').submit();
};
$("#createusersub").onclick = function() {
$('createuser').submit();
};
$("#password_too_short").css('display', 'none');
} else {
$("#createusersub").css('display', 'none');
$("[name='submit']").prop("disabled", true);
$("[name='pw_weak']").prop("checked", false);
$("[name='submit']").css('display', 'none');
$('submit').onclick = function() {
return false;
};
$("#createusersub").onclick = function() {
return false;
};
$("#password_too_short").css('display', 'inline');
}
}
});
});

12
assets/security.css
View File

@@ -51,3 +51,15 @@
.long_text { .long_text {
width: 80%; width: 80%;
} }
.protect-login-no-blocked-ips
{
padding: 5px 10px;
width: 90%;
background-color: #ffffff;
border-style: solid;
border-color: #00a32a;
border-width: 1px;
font-weight: bold;
font-size: 12pt;
}

12
bdp-kompass.php
View File

@@ -12,6 +12,7 @@
* Text Domain: bdp-kompass * Text Domain: bdp-kompass
*/ */
use Bdp\Modules\LimitLoginAttempts\Controllers\OptionsPage as OptionsPageAlias;
use Bdp\Modules\Security\Security; use Bdp\Modules\Security\Security;
use Bdp\Modules\Seo\Seo; use Bdp\Modules\Seo\Seo;
@@ -36,6 +37,9 @@ function bdp_plugin_init() {
} }
} }
add_action('admin_menu', function () {
new OptionsPageAlias();
});
function register_custom_theme_directory() { function register_custom_theme_directory() {
@@ -47,4 +51,12 @@ function register_custom_theme_directory() {
switch_theme('buena'); switch_theme('buena');
} }
function enqueue_custom_password_js() {
wp_enqueue_script( 'custom-password-js', BDP_LV_PLUGIN_URL . 'assets/password.js');
wp_localize_script( 'custom-password-js', 'php_vars', [
'allowed_strengths' => kompass_get_minimal_password_strength(),
'password_too_short_text' => 'Dass Passwort entspricht nicht den Anforderungen.'
]);
}
#add_action( 'after_setup_theme', 'register_custom_theme_directory' ); #add_action( 'after_setup_theme', 'register_custom_theme_directory' );

23
includes/action_caller.php Normal file
View File

@@ -0,0 +1,23 @@
<?php
if (!isset($loginHandler)) {
$loginHandler = new \Bdp\Modules\LimitLoginAttempts\Controllers\LoginHandler();
}
add_action('wp_login_failed', [$loginHandler, 'onFailedLogin']);
add_filter('wp_authenticate_user', [$loginHandler, 'onSuccessFullLogin'], 99999, 2);
add_filter( 'admin_enqueue_scripts', 'enqueue_custom_password_js',10 );
add_action('admin_init', 'admin_init');
if (get_option('kompass_cookies', false)) {
$loginHandler->handleCookies();
add_action('auth_cookie_bad_username', [$loginHandler, 'checkFailedCookies']);
add_action('auth_cookie_valid', [$loginHandler, 'onValidCookie'], 10, 2);
}
if (isset($_POST['save_kompass_balist_list_type'])) {
updateBlockOrAllowList($_POST);
}

34
includes/frontend-functions.php
View File

@@ -16,17 +16,13 @@ function bdp_update_dashboard_style() {
function bdp_add_menu_security() { function bdp_add_menu_security() {
$moduleLoad = get_admin_url() . 'admin.php?page=' . BDP_LV_PLUGIN_SLUG . '/modules/index.php&loadmodule='; $moduleLoad = get_admin_url() . 'admin.php?page=' . BDP_LV_PLUGIN_SLUG . '/modules/index.php&loadmodule=';
add_menu_page(
'Sicherheit',
'Webseiten-Sicherheit',
'manage_options',
'site-health.php',
'',
'dashicons-admin-network',
5
);
} }
function bdp_add_menu_contents() { function bdp_add_menu_contents() {
@@ -69,7 +65,7 @@ function bdp_add_menu_mein_lv() {
$moduleLoad = get_admin_url() . 'admin.php?page=' . BDP_LV_PLUGIN_SLUG . '/modules/index.php&loadmodule='; $moduleLoad = get_admin_url() . 'admin.php?page=' . BDP_LV_PLUGIN_SLUG . '/modules/index.php&loadmodule=';
add_menu_page( add_menu_page(
'Mein BDP', 'Mein BdP',
'BdP', 'BdP',
'manage_options', 'manage_options',
$mainSlug, $mainSlug,
@@ -113,7 +109,7 @@ function bdp_add_menu_setup() {
add_submenu_page('users.php', add_submenu_page('users.php',
'Design-Einstellungen', 'Design-Einstellungen',
'Design', 'Template bearbeiten',
'manage_options', 'manage_options',
'customize.php?return=/wp-admin/' 'customize.php?return=/wp-admin/'
); );
@@ -132,6 +128,22 @@ function bdp_add_menu_setup() {
'manage_options', 'manage_options',
'themes.php' 'themes.php'
); );
add_submenu_page('users.php',
'Sicherheit',
'Webseiten-Sicherheit',
'manage_options',
'site-health.php'
);
$loginOption = new \Bdp\Modules\LimitLoginAttempts\Controllers\OptionsPage();
add_submenu_page('users.php',
'Login-Sicherheit',
'Login-Sicherheit',
'manage_options',
BDP_LV_PLUGIN_SLUG . '-limit-login-attempts',
[$loginOption, 'limit_login_option_page']
);
} }
function bdp_cleanup_menu() function bdp_cleanup_menu()

1
includes/pre_requires.php
View File

@@ -3,3 +3,4 @@ require_once (ABSPATH . '/wp-admin/includes/plugin.php');
require_once (ABSPATH . '/wp-admin/includes/class-wp-filesystem-base.php'); require_once (ABSPATH . '/wp-admin/includes/class-wp-filesystem-base.php');
require_once (ABSPATH . '/wp-admin/includes/class-wp-filesystem-direct.php'); require_once (ABSPATH . '/wp-admin/includes/class-wp-filesystem-direct.php');
require_once (ABSPATH . '/wp-includes/pluggable.php'); require_once (ABSPATH . '/wp-includes/pluggable.php');
require_once (ABSPATH . '/wp-admin/includes/template.php');

12
includes/setup.php
View File

@@ -3,9 +3,12 @@ if ( ! defined( 'WP_PLUGIN_DIR' ) ) { // Abspath to wp-content/plu
define( 'WP_PLUGIN_DIR', WP_CONTENT_DIR . '/plugins' ); // Full path, no trailing slash. define( 'WP_PLUGIN_DIR', WP_CONTENT_DIR . '/plugins' ); // Full path, no trailing slash.
} }
use Bdp\Modules\LimitLoginAttempts\Controllers\LoginHandler;
require_once dirname(__FILE__) . '/pre_requires.php'; require_once dirname(__FILE__) . '/pre_requires.php';
require_once dirname(__FILE__) . '/environment.php'; require_once dirname(__FILE__) . '/environment.php';
require_once dirname(__FILE__) . '/spl.php';
require_once dirname(__FILE__) . '/update.class.php'; require_once dirname(__FILE__) . '/update.class.php';
require_once BDP_LV_PLUGIN_DIR . 'includes/FileAccess.class.php'; require_once BDP_LV_PLUGIN_DIR . 'includes/FileAccess.class.php';
@@ -20,6 +23,10 @@ require_once (BDP_LV_PLUGIN_DIR . '/includes/frontend-functions.php');
require_once (BDP_LV_PLUGIN_DIR . '/modules/security/security.php'); require_once (BDP_LV_PLUGIN_DIR . '/modules/security/security.php');
function admin_init()
{
kompass_settings_validators();
}
bdp_create_menu_structure(); bdp_create_menu_structure();
@@ -31,6 +38,7 @@ function bdp_kompass_load_plugin_textdomain() {
#$class = $loginHandler = new LoginHandler();
new BdpVersionChecker(); new BdpVersionChecker();
#add_filter( 'plugins_api', array( $class, 'info' ), 20, 3 ); #add_filter( 'plugins_api', array( $class, 'info' ), 20, 3 );
require_once dirname(__FILE__) . '/action_caller.php';

32
includes/spl.php Normal file
View File

@@ -0,0 +1,32 @@
<?php
spl_autoload_register(function ($className) {
if (!str_starts_with($className, 'ProtectLogin\\')) {
return;
}
$fileName = str_replace('\\','/', $className);
$fileName = str_replace('ProtectLogin/Modules/', 'ProtectLogin/modules/', $fileName);
$fileName = str_replace('ProtectLogin/', '', $fileName);
$fileName = BDP_LV_PLUGIN_DIR . $fileName . '.php';
if (!file_exists($fileName)) {
return;
}
require_once $fileName;
});
$modules = ['LimitLoginAttempts', 'PasswordStrength'];
$subdirs = ['includes', 'Controllers', 'Views'];
foreach ($modules as $curModule) {
foreach ($subdirs as $dir) {
$directoryPath = BDP_LV_PLUGIN_DIR . 'modules/' . $curModule . '/' . $dir . '/';
foreach (glob($directoryPath . '*.php') as $file) {
require_once $file;
}
}
}

282
modules/LimitLoginAttempts/Controllers/LoginHandler.php Normal file
View File

@@ -0,0 +1,282 @@
<?php
namespace Bdp\Modules\LimitLoginAttempts\Controllers;
use ProtectLogin\Modules\LimitLoginAttempts\Requests\IpAddress;
class LoginHandler {
public const DIRECT_ADDR = 'REMOTE_ADDR';
public const PROXY_ADDR = 'HTTP_X_FORWARDED_FOR';
public function onSuccessFullLogin($user, $password) {
if (!is_wp_error($user) && $this->isLoginAllowedFromIp() ) {
return $user;
}
global $limit_login_my_error_shown;
$limit_login_my_error_shown = true;
$error = new \WP_Error();
// This error should be the same as in "shake it" filter below
$error->add('too_many_retries', $this->composeErrorMessage());
return $error;
}
public function onFailedLogin(string $username) {
$ip = $this->getAddress();
/* if currently locked-out, do not add to retries */
$lockouts = get_option('protect_login_limit_login_lockouts', []);
if(isset($lockouts[$ip]) && time() < $lockouts[$ip]) {
return;
}
/* Get the arrays with retries and retries-valid information */
$retries = get_option('kompass_limit_login_retries', []);
$valid = get_option('kompass_limit_login_retries_valid', []);
/* Check validity and add one to retries */
if (isset($retries[$ip])) { //} && isset($valid[$ip]) && time() < $valid[$ip]) {
$retries[$ip] ++;
} else {
$retries[$ip] = 1;
}
update_option('kompass_limit_login_retries', $retries);
/* lockout? */
if($retries[$ip] % get_option('kompass_limit_login_allowed_retries', 0) != 0) {
return;
}
$retries_long = get_option('kompass_limit_login_allowed_retries', 1)
* get_option('kompass_limit_login_allowed_lockouts', 1);
if ($retries[$ip] >= $retries_long) {
$lockouts[$ip] = time() + get_option('kompass_limit_login_long_duration', 86400);
} else {
$lockouts[$ip] = time() + get_option('kompass_limit_login_lockout_duration', 900);
}
update_option('kompass_limit_login_lockouts', $lockouts);
/* do any notification */
$this->notify($username);
}
private function notifyByEmail($user)
{
$ip = $this->getAddress();
$lockouts = get_option('kompass_limit_login_lockouts', []);
if (!isset($lockouts[$ip])) {
return;
}
$blocked_until = $lockouts[$ip];
$retries = get_option('kompass_limit_login_retries', []);
$currentRetries = $retries[$ip];
$notify_after = get_option('kompass_limit_login_notify_email_after', 1);
if ($currentRetries % $notify_after !== 0) {
return;
}
$blogname = get_option('blogname', 'none');
$subject = sprintf(__("[%s] Too many failed login attempts"
, 'limit-login-attempts')
, $blogname);
$message = 'Neue Sperrung auf deiner Webseite: ' . PHP_EOL .
'IP-Adresse: ' . $ip . PHP_EOL .
'Gesperrt bis: ' . date('d.m.Y H:i', $blocked_until);
$admin_email = get_option('admin_email');
wp_mail($admin_email, $subject, $message);
}
/* Handle notification in event of lockout */
private function notify($user) {
$args = get_option('kompass_limit_login_lockout_notify', []);
if (!is_array($args)) {
$args = [$args];
}
foreach ($args as $mode) {
switch (trim($mode)) {
case 'email':
$this->notifyByEmail($user);
break;
}
}
}
private function composeErrorMessage() {
$ip = $this->getAddress();
$lockouts = get_option('kompass_limit_login_lockouts');
$msg = __('<strong>ERROR</strong>: Too many failed login attempts.', 'limit-login-attempts') . ' ';
if (!is_array($lockouts) || !isset($lockouts[$ip]) || time() >= $lockouts[$ip]) {
/* Huh? No timeout active? */
$msg .= __('Please try again later.', 'limit-login-attempts');
return $msg;
}
$when = ceil(($lockouts[$ip] - time()) / 60);
if ($when > 60) {
$when = ceil($when / 60);
$msg .= sprintf(_n('Please try again in %d hour.', 'Please try again in %d hours.', $when, 'limit-login-attempts'), $when);
} else {
$msg .= sprintf(_n('Please try again in %d minute.', 'Please try again in %d minutes.', $when, 'limit-login-attempts'), $when);
}
return $msg;
}
private static function getAddress($typeName = '') {
global $limitLoginAttemptsSettings;
$typeOriginal = $typeName;
if (empty($typeName)) {
$typeName = get_option('kompass_limit_loginclient_type', self::DIRECT_ADDR);
}
if (isset($_SERVER[$typeName]) && filter_var($_SERVER[$typeName], FILTER_VALIDATE_IP)) {
return $_SERVER[$typeName];
}
/*
* Not found. Did we get proxy type from option?
* If so, try to fall back to direct address.
*/
if ( empty($typeName) && $typeOriginal == self::PROXY_ADDR
&& isset($_SERVER[self::DIRECT_ADDR])
&& filter_var($_SERVER[self::DIRECT_ADDR], FILTER_VALIDATE_IP)) {
/*
* NOTE: Even though we fall back to direct address -- meaning you
* can get a mostly working plugin when set to PROXY mode while in
* fact directly connected to Internet it is not safe!
*
* Client can itself send HTTP_X_FORWARDED_FOR header fooling us
* regarding which IP should be banned.
*/
return $_SERVER[self::DIRECT_ADDR];
}
return '';
}
public function isLoginAllowedFromIp() {
$ip = $this->getAddress();
if (in_array($ip, get_option('kompass_limit_login_blocklist', []))) {
return false;
}
if (in_array($ip, get_option('kompass_limit_login_allowlist', []))) {
return true;
}
/* lockout active? */
$lockouts = get_option('kompass_limit_login_lockouts', []);
return (!is_array($lockouts) || !isset($lockouts[$ip]) || time() >= $lockouts[$ip]);
}
public function checkFailedCookies($cookie_elements) {
$this->clearAuthCookie();
/*
* Invalid username gets counted every time.
*/
$this->onFailedLogin($cookie_elements['username']);
}
private function clearAuthCookie() {
wp_clear_auth_cookie();
if (!empty($_COOKIE[AUTH_COOKIE])) {
$_COOKIE[AUTH_COOKIE] = '';
}
if (!empty($_COOKIE[SECURE_AUTH_COOKIE])) {
$_COOKIE[SECURE_AUTH_COOKIE] = '';
}
if (!empty($_COOKIE[LOGGED_IN_COOKIE])) {
$_COOKIE[LOGGED_IN_COOKIE] = '';
}
}
public function onValidCookie($cookie_elements, $user) {
/*
* As all meta values get cached on user load this should not require
* any extra work for the common case of no stored value.
*/
if (get_user_meta($user->ID, 'kompass_limit_login_previous_cookie')) {
delete_user_meta($user->ID, 'kompass_limit_login_previous_cookie');
}
}
function clearLoginCookie($cookie_elements) {
$this->clearAuthCookie();
/*
* Under some conditions an invalid auth cookie will be used multiple
* times, which results in multiple failed attempts from that one
* cookie.
*
* Unfortunately I've not been able to replicate this consistently and
* thus have not been able to make sure what the exact cause is.
*
* Probably it is because a reload of for example the admin dashboard
* might result in multiple requests from the browser before the invalid
* cookie can be cleard.
*
* Handle this by only counting the first attempt when the exact same
* cookie is attempted for a user.
*/
extract($cookie_elements, EXTR_OVERWRITE);
// Check if cookie is for a valid user
$user = get_user_by('login', $username);
if (!$user) {
// "shouldn't happen" for this action
$this->onFailedLogin($username);
return;
}
$previous_cookie = get_user_meta($user->ID, 'kompass_limit_login_previous_cookie', true);
if ($previous_cookie && $previous_cookie == $cookie_elements) {
// Identical cookies, ignore this attempt
return;
}
// Store cookie
if ($previous_cookie)
update_user_meta($user->ID, 'kompass_limit_login_previous_cookie', $cookie_elements);
else
add_user_meta($user->ID, 'kompass_limit_login_previous_cookie', $cookie_elements, true);
$this->onFailedLogin($username);
}
public function handleCookies() {
if ($this->isLoginAllowedFromIp()) {
return;
}
$this->clearAuthCookie();
}
}

130
modules/LimitLoginAttempts/Controllers/OptionsPage.php Normal file
View File

@@ -0,0 +1,130 @@
<?php
namespace Bdp\Modules\LimitLoginAttempts\Controllers;
class OptionsPage
{
public function __construct()
{
add_options_page(BDP_LV_PLUGIN_SLUG . '-limit-login-attempts',
'Protect Login',
'site-health.php',
BDP_LV_PLUGIN_SLUG . '-limit-login-attempts',
[$this, 'limit_login_option_page'],2048);
}
public function releaseIp($ip)
{
$allIps = get_option('kompass_limit_login_lockouts', []);
unset($allIps[$ip]);
update_option('kompass_limit_login_lockouts', $allIps);
}
public function getBlockedIps()
{
$ips = '';
foreach (get_option('kompass_limit_login_lockouts', []) as $ip => $blockedUntil) {
$ips .= '<tr>' .
'<td style="padding-right: 10px;">' . $ip . '</td>' .
'<td style="padding-right: 10px;">' . date('d.m.Y H:i', $blockedUntil) . ' Uhr</td>' .
'<td>
<a href="admin.php?page=bdp-kompass-limit-login-attempts&tab=tab4&action=release&ip=' .
base64_encode($ip) . '">Freigeben</a></td>' .
'</tr>';
};
return $ips;
}
public function limit_login_option_page() {
global $errors;
$showMessage = null;
if (isset($_POST['update_options'])) {
update_settings($_POST);
$showMessage = 'Die Einstellungen wurden gespeichert';
}
if (isset($_GET['action']) && $_GET['action'] == 'release') {
$showMessage = 'Die IP-Adresse wurde freigegeben.';
}
if(isset($_POST['save_kompass_balist_list_type'])) {
$showMessage = 'Die Liste wurde gespeichert.';
}
if (null !== $showMessage && $errors === false) {
echo '<div class="notice notice-success" style="padding: 5px 10px;">';
echo $showMessage;
echo '</div>';
}
if ($errors) {
echo '<div class="notice notice-error" style="padding: 5px 10px;">';
echo 'Beim Durchführen der Aktion ist ein Fehler aufgetreten.';
echo '</div>';
}
$tab = isset($_GET['tab']) ? $_GET['tab'] : 'tab1';
?>
<div class="wrap">
<h1 class="wp-heading-inline">Protect Login - Einstellungen</h1>
<hr class="wp-header-end">
<?= kompass_print_tab_header($tab); ?>
<div class="tab-content">
<?php
switch ($tab) {
case 'tab1':
echo '<form action="admin.php?page=bdp-kompass-limit-login-attempts&tab=tab1" method="post">';
do_settings_sections(BDP_LV_PLUGIN_SLUG . '-limit-login-attempts');
submit_button();
echo '</form>';
break;
case 'tab2':
echo '<h2>Blocklist</h2>';
echo '<form action="admin.php?page=bdp-kompass-limit-login-attempts&tab=tab2" method="post">';
kompass_print_block_allow_form('blocklist');
submit_button();
echo '</form>';
break;
case 'tab3':
echo '<h2>Allowlist</h2>';
echo '<form action="admin.php?page=bdp-kompass-limit-login-attempts&tab=tab3" method="post">';
kompass_print_block_allow_form('allowlist');
submit_button();
echo '</form>';
break;
case 'tab4':
if (isset($_GET['action']) && $_GET['action'] == 'release') {
$this->releaseIp(base64_decode($_GET['ip']));
}
$blockedIps = $this->getBlockedIps();
?>
<h3>Gesperrte IPs</h3>
<?php
if (strlen($blockedIps) == 0) {
echo '<div class="protect-login-no-blocked-ips">';
echo 'Derzeit sind keine Adressen gesperrt.';
echo '</div>';
} else { ?>
<table>
<tr>
<th>IP</th>
<th>Gesperrt bis</th>
<th>Aktion</th>
</tr>
<?= $blockedIps ?>
</table>
<?php
}
break;
}
?>
</div>
</div>
<?php
}
}

29
modules/LimitLoginAttempts/Views/checkbox-option.php Normal file
View File

@@ -0,0 +1,29 @@
<?php
function kompass_print_checkbox($settingName) {
$currentSetting = get_option($settingName, []);
if (!is_array($currentSetting)) {
$currentSetting = [$currentSetting];
}
$options = ['kompass_limit_login_lockout_notify' => [
'email' => 'E-Mail an Administrator'
],
];
if(!isset($options[$settingName])) {
return;
}
$setting = $options[$settingName];
foreach ($setting as $radioOption => $optionText) {
$isChecked = in_array($radioOption, $currentSetting) ? 'checked ' : '' ;
echo '<input ' .
$isChecked .
'type="checkbox"
name="' . $settingName . '[]"
value="' . $radioOption . '"
id="setting_' . $settingName . '_' . $radioOption . '" />' .
'<label for="setting_' . $settingName . '_' . $radioOption . '">' . $optionText . '</label><br />';
}
}

35
modules/LimitLoginAttempts/Views/radio-option.php Normal file
View File

@@ -0,0 +1,35 @@
<?php
function kompass_print_radio($settingName) {
$currentSetting = get_option($settingName);
$options = [
'kompass_limit_login_client_type' => [
'REMOTE_ADDR' => 'Direkte Verbrindung',
'HTTP_X_FORWARDED_FOR' => 'Hinter einem Proxy'
],
'kompass_limit_login_cookies' => [
true => 'Ja',
false => 'Nein'
],
'kompass_password_minimal_strength' => [
'1' => 'Alle Passwörter erlauben',
'2' => 'Mittelstarke Passwörter',
'3' => 'Nur Starke Passwörter'
]
];
if(!isset($options[$settingName])) {
return;
}
$setting = $options[$settingName];
foreach ($setting as $radioOption => $optionText) {
$isChecked = $currentSetting == $radioOption ? 'checked ' : '' ;
echo '<input
' . $isChecked .
' type="radio"
name="' . $settingName . '"
value="' . $radioOption . '"
id="setting_' . $settingName . '_' . $radioOption . '" />' .
'<label for="setting_' . $settingName . '_' . $radioOption . '">' . $optionText . '</label> &nbsp; ';
}
}

18
modules/LimitLoginAttempts/Views/tab-control.php Normal file
View File

@@ -0,0 +1,18 @@
<?php
function kompass_print_tab_header($activeTab = 'tab1')
{
$baseUrl = 'admin.php?page=bdp-kompass-limit-login-attempts&tab=';
return '<h2 class="nav-tab-wrapper">'.
'<a href="' . $baseUrl . 'tab1" class="nav-tab ' . ($activeTab == 'tab1' ? 'nav-tab-active' : '') . '">
Optionen
</a>'.
'<a href="' . $baseUrl . 'tab2" class="nav-tab ' . ($activeTab == 'tab2' ? 'nav-tab-active' : '') .'">
Blocklist
</a>'.
'<a href="' . $baseUrl . 'tab3" class="nav-tab ' . ($activeTab == 'tab3' ? 'nav-tab-active' : '') .'">
Allowlist
</a>'.
'<a href="' . $baseUrl . 'tab4" class="nav-tab ' . ($activeTab == 'tab4' ? 'nav-tab-active' : '') .'">
Gesperrte IPs
</a></h2>';
}

7
modules/LimitLoginAttempts/Views/text-element.php Normal file
View File

@@ -0,0 +1,7 @@
<?php
function kompass_print_textbox($settingName, $settingValue) {
echo '<input type="text" name="' . $settingName . '" value="' . $settingValue. '" />';
if (defined('WP_DEBUG') && WP_DEBUG == true) {
echo '<br />' . $settingName;
}
}

56
modules/LimitLoginAttempts/includes/block-and-allow-list-form.php Normal file
View File

@@ -0,0 +1,56 @@
<?php
function updateBlockOrAllowList($postVars)
{
$listType = $postVars['save_kompass_balist_list_type'];
$saveIPList = [];
if (isset($postVars['listElements'])) {
foreach ($postVars['listElements'] as $curIp) {
$curIp = trim($curIp);
if ($curIp !== '') {
$saveIPList[] = $curIp;
}
}
}
if (count($postVars['new_ips']) == 1) {
foreach (explode(PHP_EOL, $postVars['new_ips'][0]) as $newIp) {
$newIp = trim($newIp);
if ('' !== $newIp) {
$saveIPList[] = $newIp;
}
}
}
update_option('kompass_limit_login_' . $listType, $saveIPList);
}
function kompass_print_block_allow_form($listType) {
$elements = get_option('kompass_limit_login_' . $listType, []);
?>
<input type="hidden" name="save_kompass_balist_list_type" value="<?= $listType; ?>" />
<?php
foreach ($elements as $currentIp) {
?>
<p>
<input type="text" name="listElements[]" value="<?= $currentIp ?>" style="width: 350px;" /><br />
<label style="cursor: default; color: #a0a0a0; fot-size: 9pt; font-style: italic"><?= __('Zum Löschen frei lassen', BDP_LV_PLUGIN_SLUG); ?></label>
</p>
<?php
}
?>
</div>
<div class="kompass_setting_box">
<h3><?= __('IP-Adresse hinzufügen', BDP_LV_PLUGIN_SLUG); ?></h3>
<p>
<textarea
placeholder="<?= __('Please use line breaks to enter multiple ips', BDP_LV_PLUGIN_SLUG); ?>"
name="new_ips[]"
style="width: 350px;" rows="5"></textarea>
</p>
</div>
<?php
}

116
modules/LimitLoginAttempts/includes/gui_elements.php Normal file
View File

@@ -0,0 +1,116 @@
<?php
// Callback-Funktion für die Einstellungsseite
function custom_settings_section_callback() {
echo '<input type="hidden" name="update_options" value="true" />';
}
function _kompass_limit_logins_settings_callback($args) {
$setting = get_option($args['setting'], null);
if (null === $setting) {
$setting = '';
}
$value = esc_attr($setting);
if (isset($args['unit_division'])) {
$value = (int)$value / (int)$args['unit_division'];
}
kompass_print_textbox($args['setting'], $value);
}
function _kompass_limit_logins_settings_radio_callback($args)
{
kompass_print_radio($args['setting']);
}
function _kompass_limit_logins_settings_checkbox_callback($args) {
kompass_print_checkbox($args['setting']);
}
add_settings_section(
'custom_settings_section',
'Optionen',
'custom_settings_section_callback',
BDP_LV_PLUGIN_SLUG . '-limit-login-attempts'
);
$settings_page = BDP_LV_PLUGIN_SLUG . '-limit-login-attempts';
add_settings_field(
'kompass_lla_1',
'Maximale Wiederholungen',
'_kompass_limit_logins_settings_callback',
$settings_page,
'custom_settings_section',
['setting' => 'kompass_limit_login_allowed_retries']);
add_settings_field(
'kompass_lla_2',
'Dauer der Sperre (in Minuten)',
'_kompass_limit_logins_settings_callback',
$settings_page,
'custom_settings_section',
['setting' => 'kompass_limit_login_lockout_duration', 'unit_division' => 60 ]);
add_settings_field(
'kompass_lla_3',
'Maximale Anzahl an Sperrungen',
'_kompass_limit_logins_settings_callback',
$settings_page,
'custom_settings_section',
['setting' => 'kompass_limit_login_allowed_lockouts']);
add_settings_field(
'kompass_lla_4',
'Langzeitsperre in Stunden',
'_kompass_limit_logins_settings_callback',
$settings_page,
'custom_settings_section',
['setting' => 'kompass_limit_login_long_duration', 'unit_division' => 3600]);
add_settings_field(
'kompass_lla_5',
'Mininmale Passwort-Stärke:',
'_kompass_limit_logins_settings_radio_callback',
$settings_page,
'custom_settings_section',
['setting' => 'kompass_password_minimal_strength']);
add_settings_field(
'kompass_lla_6',
'Seite erreichbar über:',
'_kompass_limit_logins_settings_radio_callback',
$settings_page,
'custom_settings_section',
['setting' => 'kompass_limit_login_client_type']);
add_settings_field(
'kompass_lla_7',
'Cookies verarbeiten',
'_kompass_limit_logins_settings_radio_callback',
$settings_page,
'custom_settings_section',
['setting' => 'kompass_limit_login_cookies']);
add_settings_field(
'kompass_lla_8',
'Bei Sperrung benachrichtigen',
'_kompass_limit_logins_settings_checkbox_callback',
$settings_page,
'custom_settings_section',
['setting' => 'kompass_limit_login_lockout_notify']);
add_settings_field(
'kompass_lla_9',
'Fehlversuche bis zur Benachrichtigung',
'_kompass_limit_logins_settings_callback',
$settings_page,
'custom_settings_section',
['setting' => 'kompass_limit_login_notify_email_after']);

64
modules/LimitLoginAttempts/includes/validators.php Normal file
View File

@@ -0,0 +1,64 @@
<?php
function check_for_integer($input) {
if (!is_numeric($input)) {
wp_die('Bitte nur Zahlen, Danke!');
}
return $input;
}
function hours_to_seconds_converter($input) {
// Hier kannst du die Eingabe validieren, z.B. sicherstellen, dass es sich um eine gültige E-Mail-Adresse handelt.
return minutes_to_seconds_converter($input) * 60;
}
function minutes_to_seconds_converter($input) {
// Hier kannst du die Eingabe validieren, z.B. sicherstellen, dass es sich um eine gültige E-Mail-Adresse handelt.
return check_for_integer($input) * 60;
}
function kompass_settings_validators()
{
$slug = BDP_LV_PLUGIN_SLUG . '-limit-login-attempts';
register_setting($slug,
'kompass_limit_login_allowed_retries',
'check_for_integer');
register_setting($slug,
'kompass_limit_login_allowed_lockouts',
'check_for_integer');
register_setting($slug,
'kompass_limit_login_lockout_duration',
'minutes_to_seconds_converter');
register_setting($slug,
'kompass_limit_login_long_duration',
'hours_to_seconds_converter');
register_setting($slug,
'kompass_limit_login_notify_email_after',
'check_for_integer');
}
function update_settings($postParams) {
$settings = ['kompass_limit_login_lockout_duration',
'kompass_limit_login_allowed_retries',
'kompass_limit_login_allowed_lockouts',
'kompass_password_minimal_strength',
'kompass_limit_login_client_type',
'kompass_limit_login_long_duration',
'kompass_limit_login_lockout_notify',
'kompass_limit_login_notify_email_after',
'kompass_limit_login_cookies'];
foreach ($settings as $curSetting) {
if (isset($postParams[$curSetting])) {
update_option( $curSetting, $postParams[ $curSetting ] );
} else {
update_option( $curSetting, '');
}
}
}

10
modules/PasswordStrength/includes/password_strength_rules.php Normal file
View File

@@ -0,0 +1,10 @@
<?php
function kompass_get_minimal_password_strength() {
$minPasswordStrength = get_option('kompass_password_minimal_strength', 1);
$possibleStrengths = ['1' => 'short, bad, good, strong',
'2' => 'good, strong',
'3' => 'strong'];
return ' ' . $possibleStrengths[$minPasswordStrength];
}