PluginProbe ʕ •ᴥ•ʔ
CloudSecure WP Security / 1.4.5
CloudSecure WP Security v1.4.5
1.4.10 1.4.9 trunk 0.9.0 1.0.2 1.1.0 1.1.1 1.1.2 1.1.3 1.2.0 1.2.1 1.2.2 1.2.3 1.2.4 1.2.5 1.2.6 1.2.7 1.3.1 1.3.10 1.3.11 1.3.12 1.3.13 1.3.14 1.3.15 1.3.16 1.3.17 1.3.18 1.3.19 1.3.2 1.3.20 1.3.21 1.3.22 1.3.23 1.3.24 1.3.3 1.3.4 1.3.5 1.3.6 1.3.7 1.3.8 1.3.9 1.4.0 1.4.1 1.4.2 1.4.3 1.4.4 1.4.5 1.4.6 1.4.7 1.4.8
cloudsecure-wp-security / modules / rename-login-page.php
cloudsecure-wp-security / modules Last commit date
admin 4 months ago cli 8 months ago lib 4 months ago captcha.php 3 months ago cloudsecure-wp.php 3 months ago common.php 4 months ago config.php 2 years ago disable-access-system-file.php 4 months ago disable-author-query.php 2 years ago disable-login.php 1 year ago disable-restapi.php 7 months ago disable-xmlrpc.php 1 year ago htaccess.php 5 months ago login-log.php 4 months ago login-notification.php 1 year ago rename-login-page.php 1 year ago restrict-admin-page.php 10 months ago server-error-notification.php 1 year ago two-factor-authentication.php 4 months ago unify-messages.php 2 years ago update-notice.php 7 months ago waf-engine.php 4 months ago waf.php 4 months ago
rename-login-page.php
326 lines
1 <?php
2
3 if ( ! defined( 'ABSPATH' ) ) {
4 exit;
5 }
6
7 class CloudSecureWP_Rename_Login_Page extends CloudSecureWP_Common {
8 private const KEY_FEATURE = 'rename_login_page';
9 private const KEY_NAME = self::KEY_FEATURE . '_name';
10 private const KEY_DISABLE_REDIRECT = self::KEY_FEATURE . '_disable_redirect';
11 private $config;
12 private $htaccess;
13
14 function __construct( array $info, CloudSecureWP_Config $config, CloudSecureWP_Htaccess $htaccess ) {
15 parent::__construct( $info );
16 $this->config = $config;
17 $this->htaccess = $htaccess;
18 }
19
20 /**
21 * 機能毎のKEY取得
22 *
23 * @return string
24 */
25 public function get_feature_key(): string {
26 return self::KEY_FEATURE;
27 }
28
29 /**
30 * 有効無効判定
31 *
32 * @return bool
33 */
34 public function is_enabled(): bool {
35 return $this->config->get( $this->get_feature_key() ) === 't' ? true : false;
36 }
37
38 /**
39 * 初期設定値取得
40 *
41 * @return array
42 */
43 public function get_default(): array {
44 $ret = array(
45 self::KEY_FEATURE => 'f',
46 self::KEY_NAME => $this->get_new_name(),
47 self::KEY_DISABLE_REDIRECT => 'f',
48 );
49 return $ret;
50 }
51
52 /**
53 * 設定値key取得
54 */
55 public function get_keys(): array {
56 $ret = array(
57 self::KEY_FEATURE,
58 self::KEY_NAME,
59 self::KEY_DISABLE_REDIRECT,
60 );
61 return $ret;
62 }
63
64 /**
65 * 設定値取得
66 */
67 public function get_settings(): array {
68 $settings = array();
69 $keys = $this->get_keys();
70
71 foreach ( $keys as $key ) {
72 $settings[ $key ] = $this->config->get( $key );
73 }
74
75 return $settings;
76 }
77
78 /**
79 * 設定値保存
80 *
81 * @param array $settings
82 * @return void
83 */
84 public function save_settings( $settings ): void {
85 $keys = $this->get_keys();
86
87 foreach ( $keys as $key ) {
88 $this->config->set( $key, $settings[ $key ] ?? '' );
89 }
90
91 $this->config->save();
92 }
93
94 /**
95 * ランダム値を含んだ新しいログインページ名を取得
96 *
97 * @return string $name
98 */
99 public function get_new_name(): string {
100 $name = '';
101 $chars = '0123456789abcdefghijklmnopqrstuvwxyz-_';
102
103 for ( $ii = 0; $ii < 8; $ii ++ ) {
104 $name .= $chars[ rand( 0, strlen( $chars ) - 1 ) ];
105 }
106
107 return $name;
108 }
109
110 /**
111 * ファイル名重複判定
112 *
113 * @param string $name
114 */
115 public function is_duplicat_file( string $name ): bool {
116 $files = array_diff( scandir( ABSPATH ), array( '.', '..' ) );
117
118 if ( in_array( $name, $files ) ) {
119 return true;
120 }
121
122 return false;
123 }
124
125 /**
126 * htaccessに書き出す設定を取得
127 *
128 * @return string
129 */
130 private function get_htaccess_settings(): string {
131 $parse = parse_url( site_url() );
132 $base = ( $parse['path'] ?? '' ) . '/';
133 $name = $this->config->get( self::KEY_NAME );
134 $page404 = self::PAGE_404;
135
136 $setting = "<IfModule mod_rewrite.c>" . "\n";
137 $setting .= " RewriteEngine on" . "\n";
138 $setting .= " RewriteBase {$base}" . "\n";
139 $setting .= " RewriteRule ^wp-activate\.php {$page404} [L]" . "\n";
140 $setting .= " RewriteRule ^wp-signup\.php {$page404} [L]" . "\n";
141 $setting .= " RewriteRule ^{$name}(.*)$ wp-login.php$1 [L]" . "\n";
142 $setting .= "</IfModule>" . "\n";
143
144 return $setting;
145 }
146
147 /**
148 * htaccessに書き出す設定を更新
149 *
150 * @return bool
151 */
152 public function update_htaccess(): bool {
153 $plugin_tag = $this->htaccess->get_plugin_settings_tag();
154 $tag = $this->get_feature_key();
155
156 if ( $this->htaccess->setting_tag_exists( $plugin_tag ) ) {
157 if ( $this->htaccess->setting_tag_exists( $tag ) ) {
158 if ( ! $this->remove_htaccess() ) {
159 return false;
160 }
161 }
162 } else {
163 $this->htaccess->add_plugin_settings_tag();
164 }
165
166 $setting = $this->get_htaccess_settings();
167 $ret = $this->htaccess->add_feature_setting( $tag, $setting );
168
169 return $ret;
170 }
171
172 /**
173 * htaccessから設定を削除
174 *
175 * @return bool
176 */
177 public function remove_htaccess(): bool {
178 return $this->htaccess->remove_settings( array( $this->get_feature_key() ) );
179 }
180
181 /**
182 * login_init
183 */
184 public function login_init() {
185 $request_uri = sanitize_url( $_SERVER['REQUEST_URI'] ?? '' );
186 if ( false !== strpos( $request_uri, 'wp-login.php' ) ) {
187 if ( false !== strpos( wp_get_referer(), $this->config->get( self::KEY_NAME ) ) ) {
188 wp_redirect( $this->replace_wp_login( $request_uri ) );
189 exit;
190 } else {
191 $this->page404();
192 exit;
193 }
194 }
195 }
196
197 /**
198 * site_url
199 */
200 public function site_url( $url, $path, $scheme, $blog_id ) {
201 return $this->replace_wp_login( $url );
202 }
203
204 /**
205 * network_site_url
206 */
207 public function network_site_url( $url, $path, $scheme ) {
208 return $this->replace_wp_login( $url );
209 }
210
211 /**
212 * wp_redirect
213 */
214 public function wp_redirect( $location, $status ) {
215 return $this->replace_wp_login( $location );
216 }
217
218 /**
219 * register
220 */
221 public function register( $link ) {
222 return $this->replace_wp_login( $link );
223 }
224
225 /**
226 * auth_redirect_scheme
227 */
228 public function auth_redirect_scheme( $scheme ) {
229 if ( 't' === $this->config->get( self::KEY_DISABLE_REDIRECT ) ) {
230 if ( ! wp_validate_auth_cookie( '', $scheme ) ) {
231 wp_safe_redirect( home_url( self::PAGE_404 ) );
232 exit;
233 }
234 }
235 return $scheme;
236 }
237
238 /**
239 * wp-register.phpのアクセスを404にリダイレクト
240 */
241 public function wp_register_404() {
242 $request_uri = sanitize_url( $_SERVER['REQUEST_URI'] ?? '' );
243
244 if ( false !== strpos( $request_uri, 'wp-register.php' ) ) {
245 wp_safe_redirect( home_url( self::PAGE_404 ) );
246 exit;
247 }
248 }
249
250 /**
251 * ログインページ名を書き換え
252 *
253 * @param string $uri
254 * @return string $new_uri
255 */
256 private function replace_wp_login( $uri ) {
257 $uri = str_replace( 'wp-login.php', $this->config->get( self::KEY_NAME ), $uri );
258 return $uri;
259 }
260
261 /**
262 * 管理画面に通知表示
263 */
264 public function admin_notices() {
265 $feature = 'ログインURL変更';
266 $this->prepare_admin_notices( self::KEY_FEATURE, $feature );
267 }
268
269 /**
270 * メール通知
271 *
272 * @return void
273 */
274 public function notification( $name ) {
275 $login_url = site_url() . '/' . $name;
276 $subject = 'ログインURL変更';
277
278 $body = "新しいログインURLは、以下のとおりです。" . "\n";
279 $body .= "�
280 要に応じてブックマークをお願いいたします。" . "\n";
281 $body .= "" . "\n";
282 $body .= "{$login_url}" . "\n";
283 $body .= "" . "\n";
284 $body .= "--" . "\n";
285 $body .= "CloudSecure WP Security" . "\n";
286
287 $admins = $this->get_admin_users();
288
289 foreach ( $admins as $admin ) {
290 $this->wp_send_mail( $admin->user_email, esc_html( $subject ), esc_html( $body ) );
291 }
292 }
293
294 /**
295 * 有効化
296 *
297 * @return void
298 */
299 public function activate(): void {
300 $settings = $this->get_default();
301 $this->save_settings( $settings );
302
303 if ( $this->is_enabled() ) {
304 if ( ! $this->update_htaccess() ) {
305 $settings[ $this->get_feature_key() ] = 'f';
306 }
307 }
308 $this->save_settings( $settings );
309
310 if ( 't' === $this->config->get( $this->get_feature_key() ) ) {
311 $this->notification( $settings[ self::KEY_NAME ] );
312 }
313 }
314
315 /**
316 * 無効化
317 *
318 * @return void
319 */
320 public function deactivate(): void {
321 $this->remove_htaccess();
322 $this->config->set( self::KEY_FEATURE, 'f' );
323 $this->config->save();
324 }
325 }
326