th.guenther/kompass
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: th.guenther:e7fe409ae5d017654c093630f2d9628f66ba82d2
Branches Tags
th.guenther:main th.guenther:development-4.8.4 th.guenther:v4.8.1 th.guenther:epic-anmeldungen th.guenther:epic-teililisten th.guenther:v4.2.1
..
compare: th.guenther:development-4.8.4
Branches Tags
th.guenther:development-4.8.4 th.guenther:main th.guenther:v4.8.1 th.guenther:epic-anmeldungen th.guenther:epic-teililisten th.guenther:v4.2.1

14 Commits
e7fe409ae5 ... developmen

Author SHA1 Message Date
Thomas Günther
64a5dbf74b Updated messages for deployment of new version 2024-10-31 12:55:40 +01:00
Thomas Günther
ad0585180e Updated messages for deployment of new version 2024-10-31 12:53:26 +01:00
Thomas Günther
3983108048 Moved Hide Login to WPS Hide Login 
Moved IP restrictions to Protect Login
 2024-10-31 12:35:46 +01:00
Thomas Günther
4c95333c05 Fixes for wp.org 2024-09-29 18:12:38 +02:00
Thomas Günther
3cbb6415b6 compatibility fix for new version 2024-09-22 21:46:14 +02:00
Thomas Günther
9318732f07 Added multisite support 2024-08-17 13:55:15 +02:00
Thomas Günther
574f670ee0 Small Bugfix 2024-08-12 15:55:53 +02:00
th.guenther
073c167746 Merge pull request 'v4.8.1' (#3) from v4.8.1 into main 
Reviewed-on: #3
 2024-08-12 15:51:56 +02:00
Thomas Günther
bca4f2639b Added Control element for manual cronjobs 2024-08-12 15:49:46 +02:00
Thomas Günther
f7ca614b38 Added Control element for manual cronjobs 2024-08-12 15:48:55 +02:00
Thomas Günther
ca02db7b28 Bugfixes 2024-08-12 15:26:09 +02:00
Thomas Günther
da63fe3b3c Handling of new components 2024-08-12 15:11:25 +02:00
Thomas Günther
138b3859aa Update routines 2024-08-10 22:13:57 +02:00
Thomas Günther
f9238eef72 Final Version created 2024-08-10 17:44:27 +02:00
29 changed files with 347 additions and 861 deletions
Expand all files Collapse all files

2
.deployment/info.json
View File

@ -6,7 +6,7 @@
"version": "4.3.2",
"download_url": "http://lv-sachsen-main.bdp.mein-verein.online/wordpress/bdp-kompass-4.3.2.zip",
"requires": "6.0",
"tested": "6.5",
"tested": "6.7",
"requires_php": "8.2",
"last_updated": "02.03.2024 16:24:00",
"sections": {

2
.deployment/info.json.tpl
View File

@ -6,7 +6,7 @@
"version": "%version%",
"download_url": "http://lv-sachsen-main.bdp.mein-verein.online/wordpress/bdp-kompass-%version%.zip",
"requires": "6.0",
"tested": "6.5",
"tested": "6.7",
"requires_php": "8.2",
"last_updated": "%date%",
"sections": {

10
assets/wordpress-bdp.css
View File

@ -393,4 +393,14 @@ li.wp-has-submenu.wp-not-current-submenu.opensub:hover:after,
background-color: #FFFFFF !important;
}
.bdp-newplugin-button:hover {
color: #ffffff !important;
background-color: #1d4899 !important;
}
.bdp-newplugin-button {
background-color: #ffffff !important;
padding: 5px 20px !important;
cursor: pointer !important;
color: #1d4899 !important;
}

34
bdp-kompass.php
View File

@ -2,7 +2,7 @@
/**
* Plugin Name: BdP Kompass
* Description: Wordpress-Plugin zur Unterstützung von Stämmen im Bund der Pfadfinderinnen und Pfadfinder e.V. zur optimalen Verwaltung eurer Webseite
* Version: 4.6.2
* Version: 4.10.1
* Tags: bdp, utility, helper
* Requires at least: 6.0
* Requires PHP: 8.2
@ -14,11 +14,11 @@
use Bdp\Modules\EventParticipants\Controllers\MainController as EventsMain;
use Bdp\Modules\KompassSettings\Controllers\SettingsPage as KomnpassSettings;
use Bdp\Modules\LimitLoginAttempts\Controllers\OptionsPage as OptionsPageAlias;
use Bdp\Modules\Mail\Controllers\MailController;
use Bdp\Modules\Mail\Controllers\MailSettingsController;
use Bdp\Modules\Security\Security;
use Bdp\Modules\Seo\Seo;
use ProtectLogin\Modules\LimitLoginAttempts\Controllers\LoginHandler;
require_once dirname(__FILE__) . '/includes/setup.php';
@ -32,9 +32,22 @@ function bdp_plugin_init() {
Security::ProhibitBots();
Security::SetPageFilters();
if (null == get_option('kompass_already_installed', null)) {
if ( !file_exists( dirname( BDP_LV_STARTUP_FILE ) . '/../protect-login/protect-login.php' ) ) {
$allowed_ips = get_option('kompass_limit_login_allowlist', []);
$blocked_ips = get_option('kompass_limit_login_blocklist', []);
$lockouts = get_option('protect_login_limit_login_lockouts', []);
kompass_install_plugin('https://downloads.wordpress.org/plugin/protect-login.latest-stable.zip', 'protect-login');
update_option('protect_login_limit_login_blocklist', $blocked_ips);
update_option('protect_login_limit_login_allowlist', $allowed_ips);
foreach ($lockouts as $address => $duration) {
LoginHandler::lockout($address);
}
}
if (null == get_option('kompass_already_installed', null)) {
Seo::setup();
Calendar::setup();
Security::setup();
update_option('kompass_already_installed', true);
wp_redirect( 'site-health.php?tab=bdp_enhanced_security');
@ -45,16 +58,12 @@ function bdp_plugin_init() {
add_action('admin_menu', function () {
bdp_kompass_load_plugin_textdomain();
new OptionsPageAlias();
new KomnpassSettings();
new EventsMain();
new MailController();
});
add_action('wp_ajax_kompass_show_ajax', 'kompass_load_ajax_content');
add_action('wp_ajax_nopriv_kompass_show_ajax', 'kompass_load_ajax_content');
add_action('wp_ajax_bdp_kompass_show_ajax', 'bdp_kompass_load_ajax_content');
add_action('wp_ajax_nopriv_bdp_kompass_show_ajax', 'bdp_kompass_load_ajax_content');
function register_custom_theme_directory() {
if (is_dir(ABSPATH . '/wp-content/themes/mareike-theme/')) {
@ -70,11 +79,6 @@ function register_custom_theme_directory() {
function enqueue_custom_password_js() {
wp_enqueue_script( 'kompass-ajax', BDP_LV_PLUGIN_URL . '/assets/ajax.js');
wp_enqueue_script( 'searchable-table', BDP_LV_PLUGIN_URL . '/assets/searchtable.js');
wp_enqueue_script( 'custom-password-js', BDP_LV_PLUGIN_URL . 'assets/password.js');
wp_localize_script( 'custom-password-js', 'php_vars', [
'allowed_strengths' => kompass_get_minimal_password_strength(),
'password_too_short_text' => 'Dass Passwort entspricht nicht den Anforderungen.'
]);
}

22
changelog
View File

@ -1,3 +1,25 @@
<h4>Version 4.10.1</h4>
<ul>
<li>Replaced IP blocking by "Protect Login"</li>
<li>Replaced login redirecting by "WPS Hide login"</li>
<li>Prepared to update new kompass Version</li>
</ul>
<h4>Version 4.8.3</h4>
<ul>
<li>Bugfix</li>
</ul>
<h4>Version 4.8.2</h4>
<ul>
<li>Added Control element for manual cronjobs</li>
</ul>
<h4>Version 4.8.1</h4>
<ul>
<li>Handling of deprecated components</h4>
</ul>
<h4>Version 4.6.2</h4>
<ul>
<li>Bugfixes</li>

17
includes/action_caller.php
View File

@ -1,26 +1,11 @@
<?php
if (!isset($loginHandler)) {
$loginHandler = new \Bdp\Modules\LimitLoginAttempts\Controllers\LoginHandler();
}
add_action('wp_login_failed', [$loginHandler, 'onFailedLogin']);
add_filter('wp_authenticate_user', [$loginHandler, 'onSuccessFullLogin'], 99999, 2);
add_filter( 'admin_enqueue_scripts', 'enqueue_custom_password_js',10 );
add_action('admin_init', 'kompass_admin_init');
if (get_option('kompass_cookies', false)) {
$loginHandler->handleCookies();
add_action('auth_cookie_bad_username', [$loginHandler, 'checkFailedCookies']);
add_action('auth_cookie_valid', [$loginHandler, 'onValidCookie'], 10, 2);
}
if (isset($_POST['save_kompass_balist_list_type'])) {
updateBlockOrAllowList($_POST);
}
function add_custom_admin_bar_item() {
return;
global $wp_admin_bar;
// Überprüfen, ob der Benutzer die erforderliche Berechtigung hat

48
includes/frontend-functions.php
View File

@ -20,3 +20,51 @@ function bdp_update_dashboard_style() {
wp_enqueue_style('custom-calendar-styles', BDP_LV_PLUGIN_URL . '/assets/calendar.css');
wp_enqueue_style('custom-security-styles', BDP_LV_PLUGIN_URL . '/assets/security.css');
}
function kompass_install_plugin($url, $slug) {
// Überprüfen, ob die URL gültig ist
if (filter_var($url, FILTER_VALIDATE_URL) === FALSE) {
echo 'Ungültige URL';
return;
}
// Dateinamen und Pfad festlegen
$tmp_file = download_url($url);
// Überprüfen, ob der Download erfolgreich war
if (is_wp_error($tmp_file)) {
echo 'Download-Fehler: ' . $tmp_file->get_error_message();
return;
}
// Pfad des Plugins
$plugin_folder = WP_PLUGIN_DIR;
// Plugin Upgrader Klassen einbinden
require_once ABSPATH . 'wp-admin/includes/file.php';
require_once ABSPATH . 'wp-admin/includes/plugin.php';
require_once ABSPATH . 'wp-admin/includes/misc.php';
require_once ABSPATH . 'wp-admin/includes/class-wp-upgrader.php';
require_once ABSPATH . 'wp-admin/includes/class-wp-ajax-upgrader-skin.php';
require_once ABSPATH . 'wp-admin/includes/class-plugin-upgrader.php';
// Plugin upgrader initialisieren
$upgrader = new Plugin_Upgrader(new WP_Ajax_Upgrader_Skin());
// Plugin installieren
$result = $upgrader->install($tmp_file);
// Temp Datei löschen
unlink($tmp_file);
activate_plugin($slug . '/' . $slug . '.php' );
// Überprüfen, ob die Installation erfolgreich war
if (is_wp_error($result)) {
echo 'Installations-Fehler: ' . $result->get_error_message();
} else {
echo 'Plugin erfolgreich installiert';
}
}

10
includes/setup.php
View File

@ -1,9 +1,4 @@
<?php
use Bdp\Modules\EventParticipants\Controllers\MemberSummaryController;
use Bdp\Modules\EventParticipants\Controllers\PrintParticipantListPdfController;
use Bdp\Modules\EventParticipants\Controllers\RegisterMemberController;
use Bdp\Modules\LimitLoginAttempts\Controllers\LoginHandler;
use Bdp\Libs\DatabaseHandler;
@ -41,7 +36,6 @@ require_once (BDP_LV_PLUGIN_DIR . '/modules/security/security.php');
$dbHandler = new DatabaseHandler();
function kompass_admin_init()
{
kompass_settings_validators();
}
function bdp_kompass_load_plugin_textdomain() {
@ -70,7 +64,7 @@ function kompass_get_age(string $birthday) : int {
return $compare->y;
}
function kompass_load_ajax_content() {
function bdp_kompass_load_ajax_content() {
$class = 'Bdp\\Modules\\' . $_REQUEST['module'] . '\\Controllers\\AjaxRouterController';
if (!class_exists($class)) {
wp_die('Invalid module call: Module=' . $_REQUEST['module']);
@ -80,7 +74,7 @@ function kompass_load_ajax_content() {
}
$loginHandler = new LoginHandler();
new BdpVersionChecker();
#add_filter( 'plugins_api', array( $class, 'info' ), 20, 3 );
require_once dirname(__FILE__) . '/action_caller.php';

3
includes/update.class.php
View File

@ -1,5 +1,6 @@
<?php
class BdpVersionChecker
{
public $plugin_slug;
@ -10,7 +11,7 @@ class BdpVersionChecker
public function __construct()
{
$plugin_data = get_plugin_data( BDP_LV_STARTUP_FILE );
$plugin_data = get_plugin_data( BDP_LV_STARTUP_FILE, true, false );
$this->plugin_slug = BDP_LV_PLUGIN_SLUG;
$this->updateUrl = $plugin_data['UpdateURI'] . '/info.json';
$this->version = $plugin_data['Version'];

56
modules/KompassSettings/Controllers/SettingsPage.php
View File

@ -3,9 +3,54 @@
namespace Bdp\Modules\KompassSettings\Controllers;
use Bdp\Libs\WpConfigEditor;
class SettingsPage
{
public static function add_menu() {
if (
null !== get_option('bdp_calendar_source_url', null ) ||
!file_exists(dirname(BDP_LV_STARTUP_FILE ) . '/../kronos/kronos.php')
)
{
add_menu_page(
'Kalender Installation',
'Kalender Installation',
'manage_options',
'kompass-calendar',
['Bdp\Modules\PluginInstaller\Controllers\InstallSingleplugin', 'install_calendar'],
'dashicons-calendar-alt',
2
);
if ( file_exists(dirname(BDP_LV_STARTUP_FILE ) . '/../kronos/kronos.php') ) {
add_action( 'admin_notices', array( 'Bdp\Modules\PluginInstaller\Controllers\OutdatedModule', 'calender' ) );
}
}
if (
!file_exists(dirname(BDP_LV_STARTUP_FILE ) . '/../solea/solea.php')
)
{
add_menu_page(
'Installiere solea (Veranstaltungen)',
'Installiere solea (Veranstaltungen)',
'manage_options',
'kompass-events',
['Bdp\Modules\PluginInstaller\Controllers\InstallSingleplugin', 'install_events'],
'dashicons-tickets-alt',
2
);
}
add_submenu_page('options-general.php',
'kompass Einstellungen',
'kompass Einstellungen',
@ -46,6 +91,11 @@ class SettingsPage
if (isset($_POST['used_for_state'])) { update_option('paged_used_for_state', true); }
if (isset($_POST['self_register'])) { update_option('user_can_register', true); }
if (isset($_POST['use_mareike_theme'])) { update_option('use_mareike_theme', true); }
if (isset($_POST['external_cronjobs'])) {
WpConfigEditor::updateConfig('DISABLE_WP_CRON', true);
} else {
WpConfigEditor::deleteConfigKey('DISABLE_WP_CRON');
}
kompass_print_message_box('Die Einstellungen wurden gespeichert.');
}
@ -63,10 +113,8 @@ class SettingsPage
if (isset($_REQUEST['update_options']) && $_REQUEST['update_options'] == true) {
switch ($tab) {
case 'tab2':
update_option('bdp_calendar_categories', json_encode($_POST['category']));
update_option('bdp_calendar_source_url', $_POST['bdp_calendar_source_url']);
$showMessage = __('The settings were saved.', BDP_LV_PLUGIN_SLUG);
break;
kompass_print_message_box('Diese Funktion wird nicht mdehr unterstützt.', 'error');
break;
case 'tab3':
update_option('kompass_seo_google_verification', $_POST['kompass_seo_google_verification']);

281
modules/LimitLoginAttempts/Controllers/LoginHandler.php
View File

@ -1,281 +0,0 @@
<?php
namespace Bdp\Modules\LimitLoginAttempts\Controllers;
use ProtectLogin\Modules\LimitLoginAttempts\Requests\IpAddress;
class LoginHandler {
public const DIRECT_ADDR = 'REMOTE_ADDR';
public const PROXY_ADDR = 'HTTP_X_FORWARDED_FOR';
public function onSuccessFullLogin($user, $password) {
if (!is_wp_error($user) && $this->isLoginAllowedFromIp() ) {
return $user;
}
global $limit_login_my_error_shown;
$limit_login_my_error_shown = true;
$error = new \WP_Error();
// This error should be the same as in "shake it" filter below
$error->add('too_many_retries', $this->composeErrorMessage());
return $error;
}
public function onFailedLogin(string $username) {
$ip = $this->getAddress();
/* if currently locked-out, do not add to retries */
$lockouts = get_option('protect_login_limit_login_lockouts', []);
if(isset($lockouts[$ip]) && time() < $lockouts[$ip]) {
return;
}
/* Get the arrays with retries and retries-valid information */
$retries = get_option('kompass_limit_login_retries', []);
$valid = get_option('kompass_limit_login_retries_valid', []);
/* Check validity and add one to retries */
if (isset($retries[$ip])) { //} && isset($valid[$ip]) && time() < $valid[$ip]) {
$retries[$ip] ++;
} else {
$retries[$ip] = 1;
}
update_option('kompass_limit_login_retries', $retries);
/* lockout? */
if($retries[$ip] % get_option('kompass_limit_login_allowed_retries', 0) != 0) {
return;
}
$retries_long = get_option('kompass_limit_login_allowed_retries', 1)
* get_option('kompass_limit_login_allowed_lockouts', 1);
if ($retries[$ip] >= $retries_long) {
$lockouts[$ip] = time() + get_option('kompass_limit_login_long_duration', 86400);
} else {
$lockouts[$ip] = time() + get_option('kompass_limit_login_lockout_duration', 900);
}
update_option('kompass_limit_login_lockouts', $lockouts);
/* do any notification */
$this->notify($username);
}
private function notifyByEmail($user)
{
$ip = $this->getAddress();
$lockouts = get_option('kompass_limit_login_lockouts', []);
if (!isset($lockouts[$ip])) {
return;
}
$blocked_until = $lockouts[$ip];
$retries = get_option('kompass_limit_login_retries', []);
$currentRetries = $retries[$ip];
$notify_after = get_option('kompass_limit_login_notify_email_after', 1);
if ($currentRetries % $notify_after !== 0) {
return;
}
$blogname = get_option('blogname', 'none');
$subject = sprintf(__("[%s] Too many failed login attempts"
, 'limit-login-attempts')
, $blogname);
$message = 'Neue Sperrung auf deiner Webseite: ' . PHP_EOL .
'IP-Adresse: ' . $ip . PHP_EOL .
'Gesperrt bis: ' . date('d.m.Y H:i', $blocked_until);
$admin_email = get_option('admin_email');
wp_mail($admin_email, $subject, $message);
}
/* Handle notification in event of lockout */
private function notify($user) {
$args = get_option('kompass_limit_login_lockout_notify', []);
if (!is_array($args)) {
$args = [$args];
}
foreach ($args as $mode) {
switch (trim($mode)) {
case 'email':
$this->notifyByEmail($user);
break;
}
}
}
private function composeErrorMessage() {
$ip = $this->getAddress();
$lockouts = get_option('protect_login_limit_login_lockouts');
$msg = __('Too many failed login attempts.', BDP_LV_PLUGIN_SLUG) . ' ';
if (!is_array($lockouts) || !isset($lockouts[$ip]) || time() >= $lockouts[$ip]) {
/* Huh? No timeout active? */
$msg .= __('Please try again later.', BDP_LV_PLUGIN_SLUG);
return $msg;
}
$when = ceil(($lockouts[$ip] - time()) / 60);
if ($when > 60) {
$when = ceil($when / 60);
$msg .= sprintf(_n('Please try again in %d hour.', 'Please try again in %d hours.', $when, BDP_LV_PLUGIN_SLUG), $when);
} else {
$msg .= sprintf(_n('Please try again in %d minute.', 'Please try again in %d minutes.', $when, BDP_LV_PLUGIN_SLUG), $when);
}
return $msg;
}
private static function getAddress($typeName = '') {
global $limitLoginAttemptsSettings;
$typeOriginal = $typeName;
if (empty($typeName)) {
$typeName = get_option('kompass_limit_loginclient_type', self::DIRECT_ADDR);
}
if (isset($_SERVER[$typeName]) && filter_var($_SERVER[$typeName], FILTER_VALIDATE_IP)) {
return $_SERVER[$typeName];
}
/*
* Not found. Did we get proxy type from option?
* If so, try to fall back to direct address.
*/
if ( empty($typeName) && $typeOriginal == self::PROXY_ADDR
&& isset($_SERVER[self::DIRECT_ADDR])
&& filter_var($_SERVER[self::DIRECT_ADDR], FILTER_VALIDATE_IP)) {
/*
* NOTE: Even though we fall back to direct address -- meaning you
* can get a mostly working plugin when set to PROXY mode while in
* fact directly connected to Internet it is not safe!
*
* Client can itself send HTTP_X_FORWARDED_FOR header fooling us
* regarding which IP should be banned.
*/
return $_SERVER[self::DIRECT_ADDR];
}
return '';
}
public function isLoginAllowedFromIp() {
$ip = $this->getAddress();
if (in_array($ip, get_option('kompass_limit_login_blocklist', []))) {
return false;
}
if (in_array($ip, get_option('kompass_limit_login_allowlist', []))) {
return true;
}
/* lockout active? */
$lockouts = get_option('kompass_limit_login_lockouts', []);
return (!is_array($lockouts) || !isset($lockouts[$ip]) || time() >= $lockouts[$ip]);
}
public function checkFailedCookies($cookie_elements) {
$this->clearAuthCookie();
/*
* Invalid username gets counted every time.
*/
$this->onFailedLogin($cookie_elements['username']);
}
private function clearAuthCookie() {
wp_clear_auth_cookie();
if (!empty($_COOKIE[AUTH_COOKIE])) {
$_COOKIE[AUTH_COOKIE] = '';
}
if (!empty($_COOKIE[SECURE_AUTH_COOKIE])) {
$_COOKIE[SECURE_AUTH_COOKIE] = '';
}
if (!empty($_COOKIE[LOGGED_IN_COOKIE])) {
$_COOKIE[LOGGED_IN_COOKIE] = '';
}
}
public function onValidCookie($cookie_elements, $user) {
/*
* As all meta values get cached on user load this should not require
* any extra work for the common case of no stored value.
*/
if (get_user_meta($user->ID, 'kompass_limit_login_previous_cookie')) {
delete_user_meta($user->ID, 'kompass_limit_login_previous_cookie');
}
}
function clearLoginCookie($cookie_elements) {
$this->clearAuthCookie();
/*
* Under some conditions an invalid auth cookie will be used multiple
* times, which results in multiple failed attempts from that one
* cookie.
*
* Unfortunately I've not been able to replicate this consistently and
* thus have not been able to make sure what the exact cause is.
*
* Probably it is because a reload of for example the admin dashboard
* might result in multiple requests from the browser before the invalid
* cookie can be cleard.
*
* Handle this by only counting the first attempt when the exact same
* cookie is attempted for a user.
*/
extract($cookie_elements, EXTR_OVERWRITE);
// Check if cookie is for a valid user
$user = get_user_by('login', $username);
if (!$user) {
// "shouldn't happen" for this action
$this->onFailedLogin($username);
return;
}
$previous_cookie = get_user_meta($user->ID, 'kompass_limit_login_previous_cookie', true);
if ($previous_cookie && $previous_cookie == $cookie_elements) {
// Identical cookies, ignore this attempt
return;
}
// Store cookie
if ($previous_cookie)
update_user_meta($user->ID, 'kompass_limit_login_previous_cookie', $cookie_elements);
else
add_user_meta($user->ID, 'kompass_limit_login_previous_cookie', $cookie_elements, true);
$this->onFailedLogin($username);
}
public function handleCookies() {
if ($this->isLoginAllowedFromIp()) {
return;
}
$this->clearAuthCookie();
}
}

193
modules/LimitLoginAttempts/Controllers/OptionsPage.php
View File

@ -1,193 +0,0 @@
<?php
namespace Bdp\Modules\LimitLoginAttempts\Controllers;
class OptionsPage
{
public function __construct()
{
add_options_page(
__('Login-Protection', BDP_LV_PLUGIN_SLUG),
__('Login-Protection', BDP_LV_PLUGIN_SLUG),
'manage_options',
BDP_LV_PLUGIN_SLUG . '-limit-login-attempts',
[$this, 'limit_login_option_page'],2048);
}
public function releaseIp($ip)
{
$allIps = get_option('kompass_limit_login_lockouts', []);
unset($allIps[$ip]);
update_option('kompass_limit_login_lockouts', $allIps);
}
public static function addToBlocklist(string $ip)
{
$blockedIps = get_option('kompass_limit_login_blocklist', []);
$blockedIps[] = $ip;
update_option('kompass_limit_login_blocklist', $blockedIps);
}
public static function addToAllowlist(string $ip)
{
$allowedIps = get_option('kompass_limit_login_allowlist', []);
$allowedIps[] = $ip;
update_option('kompass_limit_login_allowlist', $allowedIps);
self::releaseIp($ip);
}
public function removeFromList(string $listType, string $ip){
update_option(
'kompass_limit_login_' . $listType,
array_diff(get_option('kompass_limit_login_' . $listType, []), [$ip])
);
}
public function getBlockedIps()
{
bdp_kompass_load_plugin_textdomain();
$ips = '';
foreach (get_option('kompass_limit_login_lockouts', []) as $ip => $blockedUntil) {
$ips .= '<tr style="vertical-align: top;">' .
'<td style="padding-right: 50px;">' . $ip . '</td>';
if (in_array($ip, get_option('protect_login_limit_login_blocklist', []))) {
$ips .= '<td style="padding-right: 50px;">Dauerhaft blockiert</td>' .
'<td>' .
'Keine Aktion möglich' .
'</td></tr>';
} else {
$ips .= '<td style="padding-right: 50px;">' . date('d.m.Y', $blockedUntil) . '<br />' . date('H:i', $blockedUntil) . ' Uhr</td>' .
'<td>
<a href="admin.php?page=bdp-kompass-limit-login-attempts&tab=tab4&action=release&ip=' .
base64_encode($ip) . '">' . __('Release ip address', BDP_LV_PLUGIN_SLUG) . '</a><br />
<a href="admin.php?page=bdp-kompass-limit-login-attempts&tab=tab4&action=toBlock&ip=' .
base64_encode($ip) . '">' . __('Add ip address to blocklist', BDP_LV_PLUGIN_SLUG) . '</a><br />
<a href="admin.php?page=bdp-kompass-limit-login-attempts&tab=tab4&action=toAllow&ip=' .
base64_encode($ip) . '">' . __('Add ip address to allowlist and release', BDP_LV_PLUGIN_SLUG) . '</a><br /> ' .
'</td></tr>';
};
}
return $ips;
}
public function limit_login_option_page() {
global $errors;
bdp_kompass_load_plugin_textdomain();
$showMessage = null;
if (isset($_POST['update_options'])) {
update_settings($_POST);
$showMessage = __('The settings were saved.', BDP_LV_PLUGIN_SLUG);
}
if (isset($_GET['action']) && $_GET['action'] == 'release') {
$showMessage = __('The ip address was released.', BDP_LV_PLUGIN_SLUG);
}
if(isset($_POST['save_kompass_balist_list_type'])) {
$showMessage = __('The list was saved.', BDP_LV_PLUGIN_SLUG);
}
if (null !== $showMessage && $errors === false) {
echo '<div class="notice notice-success" style="padding: 5px 10px;">';
echo $showMessage;
echo '</div>';
}
if ($errors) {
echo '<div class="notice notice-error" style="padding: 5px 10px;">';
echo __('An error occured.', BDP_LV_PLUGIN_SLUG);
echo '</div>';
}
$tab = isset($_GET['tab']) ? $_GET['tab'] : 'tab1';
if (isset($_GET['action']) && $_GET['action'] == 'removeFromList') {
$this->removeFromList($_GET['list'], base64_decode($_GET['ip']));
if ($_GET['list'] == 'blocklist') {
$tab = 'tab2';
} else {
$tab = 'tab3';
}
}
bdp_kompass_load_plugin_textdomain();
?>
<div class="wrap">
<h1 class="wp-heading-inline">
<?= __('Login-Protection', BDP_LV_PLUGIN_SLUG); ?> - <?= __('Settings', BDP_LV_PLUGIN_SLUG); ?></h1>
<hr class="wp-header-end">
<?= kompass_print_tab_header($tab); ?>
<div class="tab-content">
<?php
switch ($tab) {
case 'tab1':
echo '<form action="admin.php?page=bdp-kompass-limit-login-attempts&tab=tab1" method="post">';
do_settings_sections(BDP_LV_PLUGIN_SLUG . '-limit-login-attempts');
submit_button();
echo '</form>';
break;
case 'tab2':
echo '<h2>Blocklist</h2>';
echo '<form action="admin.php?page=bdp-kompass-limit-login-attempts&tab=tab2" method="post">';
kompass_print_block_allow_form('blocklist');
submit_button();
echo '</form>';
break;
case 'tab3':
echo '<h2>Allowlist</h2>';
echo '<form action="admin.php?page=bdp-kompass-limit-login-attempts&tab=tab3" method="post">';
kompass_print_block_allow_form('allowlist');
submit_button();
echo '</form>';
break;
case 'tab4':
if (isset($_GET['action']) && $_GET['action'] == 'release') {
$this->releaseIp(base64_decode($_GET['ip']));
}
if (isset($_GET['action']) && $_GET['action'] == 'toBlock') {
$this->addToBlocklist(base64_decode($_GET['ip']));
}
if (isset($_GET['action']) && $_GET['action'] == 'toAllow') {
$this->addToAllowlist(base64_decode($_GET['ip']));
}
$blockedIps = $this->getBlockedIps();
echo '<h2>'. __('Blocked IP addresses', BDP_LV_PLUGIN_SLUG) .'</h2>';
if (strlen($blockedIps) == 0) {
echo '<div class="bdp-kompass-no-blocked-ips">';
echo __('There are no ip addresses blocked.', BDP_LV_PLUGIN_SLUG);
echo '</div>';
} else { ?>
<p style="width: 100%; text-align: right">
<input type="text" id="searchInput"
onkeyup="searchTable('myTable', this)"
placeholder="<?=__('Search for ip address', BDP_LV_PLUGIN_SLUG); ?>">
</p>
<table class="wp-list-table widefat fixed striped table-view-list" id="myTable">
<thead>
<tr>
<th scope="col" class="manage-column column-name"><?= __('IP address', BDP_LV_PLUGIN_SLUG); ?></th>
<th class="manage-column column-name"><?= __('Blocked until', BDP_LV_PLUGIN_SLUG); ?></th>
<th class="manage-column column-name"><?= __('Actions', BDP_LV_PLUGIN_SLUG); ?></th>
</tr>
</thead>
<tbody>
<?= $blockedIps ?>
</tbody>
</table>
<?php
}
break;
}
?>
</div>
</div>
<?php
}
}

18
modules/LimitLoginAttempts/Views/tab-control.php
View File

@ -1,18 +0,0 @@
<?php
function kompass_print_tab_header(string $activeTab = 'tab1')
{
$baseUrl = 'admin.php?page=bdp-kompass-limit-login-attempts&tab=';
return '<h2 class="nav-tab-wrapper">'.
'<a href="' . $baseUrl . 'tab1" class="nav-tab ' . ($activeTab == 'tab1' ? 'nav-tab-active' : '') . '">' .
__('Options', BDP_LV_PLUGIN_SLUG) .
'</a>'.
'<a href="' . $baseUrl . 'tab2" class="nav-tab ' . ($activeTab == 'tab2' ? 'nav-tab-active' : '') .'">' .
__('Blocklist', BDP_LV_PLUGIN_SLUG) .
'</a>'.
'<a href="' . $baseUrl . 'tab3" class="nav-tab ' . ($activeTab == 'tab3' ? 'nav-tab-active' : '') .'">' .
__('Allowlist', BDP_LV_PLUGIN_SLUG) .
'</a>'.
'<a href="' . $baseUrl . 'tab4" class="nav-tab ' . ($activeTab == 'tab4' ? 'nav-tab-active' : '') .'">' .
__('Blocked IP addresses', BDP_LV_PLUGIN_SLUG) .
'</a></h2>';
}

65
modules/LimitLoginAttempts/includes/block-and-allow-list-form.php
View File

@ -1,65 +0,0 @@
<?php
use Bdp\Modules\LimitLoginAttempts\Controllers\OptionsPage as LimitLoginAttemptsOptions;
function updateBlockOrAllowList(array $postVars)
{
$listType = $postVars['save_kompass_balist_list_type'];
if (count($postVars['new_ips']) == 1) {
foreach (explode(PHP_EOL, $postVars['new_ips'][0]) as $newIp) {
$newIp = trim($newIp);
if ('' !== $newIp) {
if ($listType == 'blocklist') {
LimitLoginAttemptsOptions::addToBlocklist($newIp);
} else {
LimitLoginAttemptsOptions::addToAllowlist($newIp);
}
}
}
}
}
function kompass_print_block_allow_form(string $listType) {
$elements = get_option('kompass_limit_login_' . $listType, []);
?>
<input type="hidden" name="save_kompass_balist_list_type" value="<?= $listType; ?>" />
<p style="width: 100%; text-align: right">
<input type="text" id="searchInput"
onkeyup="searchTable('myTable', this)"
placeholder="<?=__('Search for ip address', BDP_LV_PLUGIN_SLUG); ?>">
</p>
<table class="wp-list-table widefat fixed striped table-view-list" id="myTable">
<thead>
<tr>
<th scope="col" class="manage-column column-name"><?= __('IP address', BDP_LV_PLUGIN_SLUG); ?></th>
<th style="width: 100px;" class="manage-column column-name"><?= __('Actions', BDP_LV_PLUGIN_SLUG); ?></th>
</tr>
</thead>
<tbody>
<?php
foreach ($elements as $currentIp) {
echo '<tr>';
echo '<td>' . $currentIp .'</td>';
echo '<td><a href="admin.php?page=bdp-kompass-limit-login-attempts&action=removeFromList' .
'&list=' . $listType . '&ip=' . base64_encode($currentIp) . '">'
. __('Delete', BDP_LV_PLUGIN_SLUG) . '</a></td>';
echo '</tr>';
}
?>
</tbody>
</table>
</div>
<div class="kompass_setting_box">
<h3><?= __('IP-Adresse hinzufügen', BDP_LV_PLUGIN_SLUG); ?></h3>
<p>
<textarea
placeholder="<?= __('Please use line breaks to enter multiple ips', BDP_LV_PLUGIN_SLUG); ?>"
name="new_ips[]"
style="width: 350px;" rows="5"></textarea>
</p>
</div>
<?php
}

102
modules/LimitLoginAttempts/includes/gui_elements.php
View File

@ -1,102 +0,0 @@
<?php
function _kompass_limit_logins_settings_radio_callback(array $args)
{
kompass_print_radio($args['setting']);
}
function _kompass_limit_logins_settings_checkbox_callback(array $args) {
kompass_print_checkbox($args['setting']);
}
bdp_kompass_load_plugin_textdomain();
add_settings_section(
'custom_settings_section',
__('Options', BDP_LV_PLUGIN_SLUG),
'kompass_prepare_form',
BDP_LV_PLUGIN_SLUG . '-limit-login-attempts'
);
$settings_page = BDP_LV_PLUGIN_SLUG . '-limit-login-attempts';
add_settings_field(
'kompass_lla_1',
__('Maximum reps until lockout', BDP_LV_PLUGIN_SLUG),
'kompass_print_textbox',
$settings_page,
'custom_settings_section',
['setting' => 'kompass_limit_login_allowed_retries']);
add_settings_field(
'kompass_lla_2',
__('Duration of lockout (in minutes)', BDP_LV_PLUGIN_SLUG),
'kompass_print_textbox',
$settings_page,
'custom_settings_section',
['setting' => 'kompass_limit_login_lockout_duration', 'unit_division' => 60 ]);
add_settings_field(
'kompass_lla_3',
__('Maximum number of lockouts', BDP_LV_PLUGIN_SLUG),
'kompass_print_textbox',
$settings_page,
'custom_settings_section',
['setting' => 'kompass_limit_login_allowed_lockouts']);
add_settings_field(
'kompass_lla_4',
__('Long-term duration (in hours)', BDP_LV_PLUGIN_SLUG),
'kompass_print_textbox',
$settings_page,
'custom_settings_section',
['setting' => 'kompass_limit_login_long_duration', 'unit_division' => 3600]);
add_settings_field(
'kompass_lla_5',
__('Minimum password strength', BDP_LV_PLUGIN_SLUG),
'_kompass_limit_logins_settings_radio_callback',
$settings_page,
'custom_settings_section',
['setting' => 'kompass_password_minimal_strength']);
add_settings_field(
'kompass_lla_6',
__('Page accessible via', BDP_LV_PLUGIN_SLUG),
'_kompass_limit_logins_settings_radio_callback',
$settings_page,
'custom_settings_section',
['setting' => 'kompass_limit_login_client_type']);
add_settings_field(
'kompass_lla_7',
__('Handle cookies', BDP_LV_PLUGIN_SLUG),
'_kompass_limit_logins_settings_radio_callback',
$settings_page,
'custom_settings_section',
['setting' => 'kompass_limit_login_cookies']);
add_settings_field(
'kompass_lla_8',
__('Notify if blocked', BDP_LV_PLUGIN_SLUG),
'_kompass_limit_logins_settings_checkbox_callback',
$settings_page,
'custom_settings_section',
['setting' => 'kompass_limit_login_lockout_notify']);
add_settings_field(
'kompass_lla_9',
__('Failed attempts until notification', BDP_LV_PLUGIN_SLUG),
'kompass_print_textbox',
$settings_page,
'custom_settings_section',
['setting' => 'kompass_limit_login_notify_email_after']);

60
modules/LimitLoginAttempts/includes/validators.php
View File

@ -1,60 +0,0 @@
<?php
function check_for_integer(int $input) {
return $input;
}
function hours_to_seconds_converter(int $input) {
// Hier kannst du die Eingabe validieren, z.B. sicherstellen, dass es sich um eine gültige E-Mail-Adresse handelt.
return minutes_to_seconds_converter($input) * 60;
}
function minutes_to_seconds_converter(int $input) {
return check_for_integer($input) * 60;
}
function kompass_settings_validators()
{
$slug = BDP_LV_PLUGIN_SLUG . '-limit-login-attempts';
register_setting($slug,
'kompass_limit_login_allowed_retries',
'check_for_integer');
register_setting($slug,
'kompass_limit_login_allowed_lockouts',
'check_for_integer');
register_setting($slug,
'kompass_limit_login_lockout_duration',
'minutes_to_seconds_converter');
register_setting($slug,
'kompass_limit_login_long_duration',
'hours_to_seconds_converter');
register_setting($slug,
'kompass_limit_login_notify_email_after',
'check_for_integer');
}
function update_settings(array $postParams) {
$settings = ['kompass_limit_login_lockout_duration',
'kompass_limit_login_allowed_retries',
'kompass_limit_login_allowed_lockouts',
'kompass_password_minimal_strength',
'kompass_limit_login_client_type',
'kompass_limit_login_long_duration',
'kompass_limit_login_lockout_notify',
'kompass_limit_login_notify_email_after',
'kompass_limit_login_cookies'];
foreach ($settings as $curSetting) {
if (isset($postParams[$curSetting])) {
update_option($curSetting, $postParams[$curSetting]);
} else {
update_option($curSetting, '');
}
}
}

10
modules/PasswordStrength/includes/password_strength_rules.php
View File

@ -1,10 +0,0 @@
<?php
function kompass_get_minimal_password_strength() {
$minPasswordStrength = get_option('kompass_password_minimal_strength', 1);
$possibleStrengths = ['1' => 'short, bad, good, strong',
'2' => 'good, strong',
'3' => 'strong'];
return ' ' . $possibleStrengths[$minPasswordStrength];
}

4
modules/calendar/Views/settings-form.php
View File

@ -1,5 +1,7 @@
<?php
if (!defined('SECURE_AUTH_COOKIE') && !defined('AUTH_COOKIE')) {
return;
}
add_settings_section(
'custom_settings_section',
__('Calendar settings', BDP_LV_PLUGIN_SLUG),

25
modules/calendar/classes/Calendar.class.php
View File

@ -5,25 +5,6 @@ class Calendar
public $ical;
private $categories = [];
public static function setup()
{
$pageName = 'Kalender';
$page_exists = get_page_by_path($pageName, OBJECT, 'page');
// Wenn die Seite nicht existiert, erstelle sie
if (!$page_exists) {
$page_id = wp_insert_post(array(
'post_title' => $pageName,
'post_content' => '{{calendar}}',
'post_status' => 'publish',
'post_type' => 'page',
));
update_option('bdp_calendar_source_url', 'https://wiki.sachsen.pfadfinden.de/rest/calendar-services/1.0/calendar/export/subcalendar/private/ff69f5a689391ac0d7f78a70189cfde7c48cb923.ics');
}
}
public static function printCalendar($content) : string {
// Der zu ersetzende String
$original_string = '{{calendar}}';
@ -67,8 +48,10 @@ class Calendar
}
$calendarUrl = get_option('bdp_calendar_source_url', 'https://wiki.sachsen.pfadfinden.de/rest/calendar-services/1.0/calendar/export/subcalendar/private/ff69f5a689391ac0d7f78a70189cfde7c48cb923.ics');
$calendarUrl = get_option('bdp_calendar_source_url', null);
if (null === '') {
return;
}
$this->ical = new \ICal('', array(
'defaultSpan' => 2, // Default value
'defaultTimeZone' => '',

74
modules/event-participants/Controllers/class-main.php
View File

@ -40,54 +40,52 @@ class MainController
}
public function __construct()
{
global $dbHandler, $wpdb;
global $dbHandler, $wpdb;
$show_menu = false;
$no_events = true;
foreach ([self::KOMPASS_EVENTS_EVENTS] as $table) {
$sqlTable = $wpdb->prefix . $table;
$sql = "SHOW TABLES LIKE '$sqlTable'";
foreach ( [ self::KOMPASS_EVENTS_EVENTS ] as $table ) {
$sqlTable = $wpdb->prefix . $table;
$sql = "SHOW TABLES LIKE '$sqlTable'";
$result = $wpdb->get_var( $sql );
if ( $result == $sqlTable ) {
$show_menu = true;
}
}
$result = $wpdb->get_var( $sql );
if ( $result == $sqlTable ) {
if (!$show_menu) {
return;
}
$no_events = 0 === $dbHandler->countSqlRows( self::KOMPASS_EVENTS_EVENTS, [ 'archived' => false ] );
}
}
add_menu_page(
__('Events (legacy)', BDP_LV_PLUGIN_SLUG),
__('Events (legacy)', BDP_LV_PLUGIN_SLUG),
'send_mails',
'kompass-events',
[$this, 'router'],
'dashicons-tickets-alt',
3
);
if ( !$no_events ) {
wp_admin_notice(
'Mit dem kommenden Update von BdP Kompass ist der Zugriff auf Legacy-Veranstaltungen nicht mehr möglich. <br />' .
'Das Update wird voraussichtlich am <strong>06.01.2025</strong> bereitgestellt werden.<br /><br />' .
'Insofern du weiterhin Zugriff auf diese Veranstaltungen benötigst, kontaktiere den LB IT.', ['type' => 'warning']);
foreach ($dbHandler->readFromDb( self::KOMPASS_EVENTS_EVENTS, ['archived' => false]) as $currentEvent) {
add_submenu_page(
'kompass-events',
$currentEvent->event_name,
$currentEvent->event_name,
'show_groups',
'kompass-events&action=show-event&event-id=' . $currentEvent->id,
[ $this, 'router' ]);
}
add_menu_page(
__( 'Events (legacy)', BDP_LV_PLUGIN_SLUG ),
__( 'Events (legacy)', BDP_LV_PLUGIN_SLUG ),
'send_mails',
'kompass-events',
[ $this, 'router' ],
'dashicons-tickets-alt',
3
);
add_submenu_page(
'kompass-events',
__('New Event', BDP_LV_PLUGIN_SLUG),
__('New Event', BDP_LV_PLUGIN_SLUG),
'show_groups',
'kompass-events&action=new-event',
[ $this, 'router' ]);
foreach ( $dbHandler->readFromDb( self::KOMPASS_EVENTS_EVENTS, [ 'archived' => false ] ) as $currentEvent ) {
add_submenu_page(
'kompass-events',
$currentEvent->event_name,
$currentEvent->event_name,
'show_groups',
'kompass-events&action=show-event&event-id=' . $currentEvent->id,
[ $this, 'router' ] );
}
}
}
public function router()
{
if (isset($_REQUEST['action'])) {

57
modules/plugin-installer/Controllers/class-installsingleplugin.php Normal file
View File

@ -0,0 +1,57 @@
<?php
/**
* File: class-installsingleplugin.php
*
*
* @since 2024-08-12
* @license GPL-3.0-or-later
*
* @package
*/
namespace Bdp\Modules\PluginInstaller\Controllers;
use Plugin_Upgrader;
use WP_Ajax_Upgrader_Skin;
class InstallSingleplugin
{
public static function install_calendar ()
{
if ( isset( $_REQUEST[ 'install' ] ) ) {
if ( !file_exists( dirname( BDP_LV_STARTUP_FILE ) . '/../kronos/kronos.php' ) ) {
$pageName = 'Kalender';
$page_exists = get_page_by_path( $pageName, OBJECT, 'page' );
if ( is_object( $page_exists ) ) {
wp_delete_post( $page_exists->ID, false );
}
$calendar_connection = get_option( 'bdp_calendar_source_url',
'https://wiki.sachsen.pfadfinden.de/rest/calendar-services/1.0/calendar/export/subcalendar/private/ff69f5a689391ac0d7f78a70189cfde7c48cb923.ics' );
if ( 'https://wiki.sachsen.pfadfinden.de/rest/calendar-services/1.0/calendar/export/subcalendar/private/ff69f5a689391ac0d7f78a70189cfde7c48cb923.ics' !== $calendar_connection ) {
update_option( 'kronos_calendar_url', $calendar_connection );
}
delete_option( 'bdp_calendar_source_url' );
kompass_install_plugin( 'https://repos.contelli.de/plugins/kronos/download', 'kronos' );
}
} else {
$install_link = admin_url( 'admin.php?page=kompass-calendar&install=true' );
require dirname( __FILE__ ) . '/../views/install-item.php';
}
}
public static function install_events ()
{
if ( isset( $_REQUEST[ 'install' ] ) ) {
if ( !file_exists( dirname( BDP_LV_STARTUP_FILE ) . '/../solea/solea.php' ) ) {
kompass_install_plugin( 'https://repos.contelli.de/plugins/solea/download', 'solea' );
}
} else {
$install_link = admin_url( 'admin.php?page=kompass-events&install=true' );
require dirname( __FILE__ ) . '/../views/install-item.php';
}
}
}

21
modules/plugin-installer/Controllers/class-outdatedmodule.php Normal file
View File

@ -0,0 +1,21 @@
<?php
/**
* File: class-outdatedmodule.php
*
*
* @since 2024-08-12
* @license GPL-3.0-or-later
*
* @package
*/
namespace Bdp\Modules\PluginInstaller\Controllers;
class OutdatedModule
{
public static function calender() {
$module = 'Kalender';
$install_url = admin_url('admin.php?page=kompass-calendar');
require dirname(__FILE__) . '/../views/outdated-component.php';
}
}

20
modules/plugin-installer/views/install-item.php Normal file
View File

@ -0,0 +1,20 @@
<?php
/**
* File: install-item.php
*
*
* @since 2024-08-12
* @license GPL-3.0-or-later
*
* @package
*/
?>
<div style="width: 80%; margin: 50px auto; border-style: solid; border-width: 2px; border-color: #1d4899; padding: 10px;">
Um die gewünschte Komponente zu aktivieren, klicke bitte hier auf aktivieren.<br />
kompass führt dabei die Installation im Hintergrund durch.
<div style="text-align: center">
<a href="<?php echo $install_link; ?>" class="button bdp-newplugin-button">Jetzt installieren</a>
</div>
</div>

18
modules/plugin-installer/views/outdated-component.php Normal file
View File

@ -0,0 +1,18 @@
<?php
/**
* File: outdated-component.php
*
*
* @since 2024-08-12
* @license GPL-3.0-or-later
*
* @package
*/
?>
<div style="padding: 10px 10px; font-size: 15pt; margin-top: 20px; line-height: 30px; background-color: #fafafa; border-left: #f10905 10px solid;">
kompass hat festgestellt, dass du die Komponente <?php echo esc_html($module); ?> nutzt, die nicht weiterentwickelt wird.<br />
Es steht eine neue Version bereit, bitte klicke <a href="<?php echo esc_url($install_url); ?>">hier</a>, um die Aktualisierung durchzuführen.
</div>

25
modules/security/classes/Security.class.php
View File

@ -11,7 +11,6 @@ class Security
public const delete_plugins = [
'akismet/akismet.php',
'hello.php',
'wps-hide-login/wps-hide-login.php',
'limit-login-attempts-reloaded'
];
@ -23,10 +22,6 @@ class Security
self::installSecurityPlugin($pluginSlug, $pluginData['downloadUrl']);
}
}
$loginUrl = get_option('kompass_sec_rewrite_login', null);
if (null == $loginUrl) {
$loginUrl = get_option('whl_page', null) ?? 'bdp-login';
}
enable_option_disable_xmlrpc();
enable_option_block_authorscan();
@ -38,7 +33,7 @@ class Security
enable_option_prohibit_bot_access();
enable_option_block_directory_listing();
self::resetLimitLoginAttempts();
delete_option('whl_page');
}
@ -83,26 +78,20 @@ class Security
global $wp;
add_action('template_redirect', [Security::class, 'protectAuthorScan']);
if (null !== is_login_rewritten()) {
if (str_contains($_SERVER['REQUEST_URI'], 'wp-login.php?action=logout')) {
return;
}
Security::protectLoginSecurity();
}
Security::protectLoginSecurity();
}
public static function protectLoginSecurity() {
$hideLogin = is_login_rewritten();
if (null === $hideLogin) {
return;
}
update_option('whl_page', get_option(get_option('kompass_sec_rewrite_login', null)));
delete_option('kompass_sec_rewrite_login');
kompass_install_plugin( 'https://downloads.wordpress.org/plugin/wps-hide-login.1.9.17.1.zip', 'wps-hide-login' );
if ( str_contains( $_SERVER['REQUEST_URI'], 'wp-login.php' ) && ! isset( $_POST['redirect_to'] ) && $_POST['redirect_to'] !== 'interner-bereich' ) {
if ( str_contains( $_SERVER['REQUEST_URI'], 'wp-login.php' ) && ! isset( $_POST['redirect_to'] ) && $_POST['redirect_to'] !== 'interner-bereich' ) {
wp_redirect( home_url() );
die();
}

6
modules/security/includes/settings_writer.php
View File

@ -86,12 +86,6 @@ function disable_option_disable_wp_debug() {
WpConfigEditor::updateConfig('WP_DEBUG', 'true');
}
function disable_option_rewrite_url() {
update_option('kompass_sec_rewrite_login', null);
}
function kompass_sec_save_settings($settings) {
$allPossibleSettings = [
'option_disable_xmlrpc',

4
modules/seo/Views/seo-form.php
View File

@ -1,5 +1,7 @@
<?php
if (!defined('SECURE_AUTH_COOKIE') && !defined('AUTH_COOKIE')) {
return;
}
add_settings_section(
'custom_settings_section',

19
settings/views/settings.php
View File

@ -1,3 +1,6 @@
<?php
use Bdp\Libs\WpConfigEditor;
?>
<form action="<?php echo esc_url(admin_url('options-general.php?page=kompass-settings')); ?>" method="post">
<input type="hidden" name="save" value="1">
<h2>Kompass Einstellungen</h2>
@ -15,6 +18,22 @@
</td>
</tr>
<tr>
<td style="font-weight: bold; padding: 10px;">Externe Cron-Ausführung</td>
<td>
<div class="switch-container">
<input name="external_cronjobs"
<?php
if (WpConfigEditor::getConfigValue('DISABLE_WP_CRON') )
echo ' checked ';?> type="checkbox" id="external_cronjobs" class="switch">
<label for="external_cronjobs" class="switch-label">
<span class="switch-inner" data-on="ON" data-off="OFF"></span>
<span class="switch-switch"></span>
</label>
</div>
</td>
</tr>
<tr>
<td style="font-weight: bold; padding: 10px;">Nutzer können sich selbst anmelden</td>
<td>