PluginProbe ʕ •ᴥ•ʔ
CloudSecure WP Security / 1.4.6
CloudSecure WP Security v1.4.6
1.4.10 1.4.9 trunk 0.9.0 1.0.2 1.1.0 1.1.1 1.1.2 1.1.3 1.2.0 1.2.1 1.2.2 1.2.3 1.2.4 1.2.5 1.2.6 1.2.7 1.3.1 1.3.10 1.3.11 1.3.12 1.3.13 1.3.14 1.3.15 1.3.16 1.3.17 1.3.18 1.3.19 1.3.2 1.3.20 1.3.21 1.3.22 1.3.23 1.3.24 1.3.3 1.3.4 1.3.5 1.3.6 1.3.7 1.3.8 1.3.9 1.4.0 1.4.1 1.4.2 1.4.3 1.4.4 1.4.5 1.4.6 1.4.7 1.4.8
cloudsecure-wp-security / modules / rename-login-page.php
cloudsecure-wp-security / modules Last commit date
admin 3 months ago cli 8 months ago lib 3 months ago captcha.php 3 months ago cloudsecure-wp.php 3 months ago common.php 3 months ago config.php 2 years ago disable-access-system-file.php 4 months ago disable-author-query.php 2 years ago disable-login.php 3 months ago disable-restapi.php 7 months ago disable-xmlrpc.php 1 year ago htaccess.php 3 months ago login-log.php 3 months ago login-notification.php 1 year ago rename-login-page.php 3 months ago restrict-admin-page.php 3 months ago server-error-notification.php 3 months ago two-factor-authentication.php 3 months ago unify-messages.php 2 years ago update-notice.php 7 months ago waf-engine.php 3 months ago waf.php 3 months ago
rename-login-page.php
332 lines
1 <?php
2
3 if ( ! defined( 'ABSPATH' ) ) {
4 exit;
5 }
6
7 class CloudSecureWP_Rename_Login_Page extends CloudSecureWP_Common {
8 private const KEY_FEATURE = 'rename_login_page';
9 private const KEY_NAME = self::KEY_FEATURE . '_name';
10 private const KEY_DISABLE_REDIRECT = self::KEY_FEATURE . '_disable_redirect';
11 private $config;
12 private $htaccess;
13
14 function __construct( array $info, CloudSecureWP_Config $config, CloudSecureWP_Htaccess $htaccess ) {
15 parent::__construct( $info );
16 $this->config = $config;
17 $this->htaccess = $htaccess;
18 }
19
20 /**
21 * 機能毎のKEY取得
22 *
23 * @return string
24 */
25 public function get_feature_key(): string {
26 return self::KEY_FEATURE;
27 }
28
29 /**
30 * 有効無効判定
31 *
32 * @return bool
33 */
34 public function is_enabled(): bool {
35 return $this->config->get( $this->get_feature_key() ) === 't' ? true : false;
36 }
37
38 /**
39 * 初期設定値取得
40 *
41 * @return array
42 */
43 public function get_default(): array {
44 $ret = array(
45 self::KEY_FEATURE => 'f',
46 self::KEY_NAME => $this->get_new_name(),
47 self::KEY_DISABLE_REDIRECT => 'f',
48 );
49 return $ret;
50 }
51
52 /**
53 * 設定値key取得
54 */
55 public function get_keys(): array {
56 $ret = array(
57 self::KEY_FEATURE,
58 self::KEY_NAME,
59 self::KEY_DISABLE_REDIRECT,
60 );
61 return $ret;
62 }
63
64 /**
65 * 設定値取得
66 */
67 public function get_settings(): array {
68 $settings = array();
69 $keys = $this->get_keys();
70
71 foreach ( $keys as $key ) {
72 $settings[ $key ] = $this->config->get( $key );
73 }
74
75 return $settings;
76 }
77
78 /**
79 * 設定値保存
80 *
81 * @param array $settings
82 * @return void
83 */
84 public function save_settings( $settings ): void {
85 $keys = $this->get_keys();
86
87 foreach ( $keys as $key ) {
88 $this->config->set( $key, $settings[ $key ] ?? '' );
89 }
90
91 $this->config->save();
92 }
93
94 /**
95 * ランダム値を含んだ新しいログインページ名を取得
96 *
97 * @return string $name
98 */
99 public function get_new_name(): string {
100 $name = '';
101 $chars = '0123456789abcdefghijklmnopqrstuvwxyz-_';
102 $max = strlen( $chars ) - 1;
103
104 for ( $ii = 0; $ii < 8; $ii ++ ) {
105 try {
106 $index = random_int( 0, $max );
107 } catch ( Exception $e ) {
108 $index = wp_rand( 0, $max );
109 }
110 $name .= $chars[ $index ];
111 }
112
113 return $name;
114 }
115
116 /**
117 * ファイル名重複判定
118 *
119 * @param string $name
120 */
121 public function is_duplicat_file( string $name ): bool {
122 $files = array_diff( scandir( ABSPATH ), array( '.', '..' ) );
123
124 if ( in_array( $name, $files ) ) {
125 return true;
126 }
127
128 return false;
129 }
130
131 /**
132 * htaccessに書き出す設定を取得
133 *
134 * @return string
135 */
136 private function get_htaccess_settings(): string {
137 $parse = parse_url( site_url() );
138 $base = ( $parse['path'] ?? '' ) . '/';
139 $name = $this->config->get( self::KEY_NAME );
140 $page404 = self::PAGE_404;
141
142 $setting = "<IfModule mod_rewrite.c>" . "\n";
143 $setting .= " RewriteEngine on" . "\n";
144 $setting .= " RewriteBase {$base}" . "\n";
145 $setting .= " RewriteRule ^wp-activate\.php {$page404} [L]" . "\n";
146 $setting .= " RewriteRule ^wp-signup\.php {$page404} [L]" . "\n";
147 $setting .= " RewriteRule ^{$name}(.*)$ wp-login.php$1 [L]" . "\n";
148 $setting .= "</IfModule>" . "\n";
149
150 return $setting;
151 }
152
153 /**
154 * htaccessに書き出す設定を更新
155 *
156 * @return bool
157 */
158 public function update_htaccess(): bool {
159 $plugin_tag = $this->htaccess->get_plugin_settings_tag();
160 $tag = $this->get_feature_key();
161
162 if ( $this->htaccess->setting_tag_exists( $plugin_tag ) ) {
163 if ( $this->htaccess->setting_tag_exists( $tag ) ) {
164 if ( ! $this->remove_htaccess() ) {
165 return false;
166 }
167 }
168 } else {
169 $this->htaccess->add_plugin_settings_tag();
170 }
171
172 $setting = $this->get_htaccess_settings();
173 $ret = $this->htaccess->add_feature_setting( $tag, $setting );
174
175 return $ret;
176 }
177
178 /**
179 * htaccessから設定を削除
180 *
181 * @return bool
182 */
183 public function remove_htaccess(): bool {
184 return $this->htaccess->remove_settings( array( $this->get_feature_key() ) );
185 }
186
187 /**
188 * login_init
189 */
190 public function login_init() {
191 $request_uri = sanitize_url( $_SERVER['REQUEST_URI'] ?? '' );
192 if ( false !== strpos( $request_uri, 'wp-login.php' ) ) {
193 if ( false !== strpos( wp_get_referer(), $this->config->get( self::KEY_NAME ) ) ) {
194 wp_safe_redirect( $this->replace_wp_login( $request_uri ) );
195 exit;
196 } else {
197 $this->page404();
198 exit;
199 }
200 }
201 }
202
203 /**
204 * site_url
205 */
206 public function site_url( $url, $path, $scheme, $blog_id ) {
207 return $this->replace_wp_login( $url );
208 }
209
210 /**
211 * network_site_url
212 */
213 public function network_site_url( $url, $path, $scheme ) {
214 return $this->replace_wp_login( $url );
215 }
216
217 /**
218 * wp_redirect
219 */
220 public function wp_redirect( $location, $status ) {
221 return $this->replace_wp_login( $location );
222 }
223
224 /**
225 * register
226 */
227 public function register( $link ) {
228 return $this->replace_wp_login( $link );
229 }
230
231 /**
232 * auth_redirect_scheme
233 */
234 public function auth_redirect_scheme( $scheme ) {
235 if ( 't' === $this->config->get( self::KEY_DISABLE_REDIRECT ) ) {
236 if ( ! wp_validate_auth_cookie( '', $scheme ) ) {
237 wp_safe_redirect( home_url( self::PAGE_404 ) );
238 exit;
239 }
240 }
241 return $scheme;
242 }
243
244 /**
245 * wp-register.phpのアクセスを404にリダイレクト
246 */
247 public function wp_register_404() {
248 $request_uri = sanitize_url( $_SERVER['REQUEST_URI'] ?? '' );
249
250 if ( false !== strpos( $request_uri, 'wp-register.php' ) ) {
251 wp_safe_redirect( home_url( self::PAGE_404 ) );
252 exit;
253 }
254 }
255
256 /**
257 * ログインページ名を書き換え
258 *
259 * @param string $uri
260 * @return string $new_uri
261 */
262 private function replace_wp_login( $uri ) {
263 $uri = str_replace( 'wp-login.php', $this->config->get( self::KEY_NAME ), $uri );
264 return $uri;
265 }
266
267 /**
268 * 管理画面に通知表示
269 */
270 public function admin_notices() {
271 $feature = 'ログインURL変更';
272 $this->prepare_admin_notices( self::KEY_FEATURE, $feature );
273 }
274
275 /**
276 * メール通知
277 *
278 * @return void
279 */
280 public function notification( $name ) {
281 $login_url = site_url() . '/' . $name;
282 $subject = 'ログインURL変更';
283
284 $body = "新しいログインURLは、以下のとおりです。" . "\n";
285 $body .= "�
286 要に応じてブックマークをお願いいたします。" . "\n";
287 $body .= "" . "\n";
288 $body .= "{$login_url}" . "\n";
289 $body .= "" . "\n";
290 $body .= "--" . "\n";
291 $body .= "CloudSecure WP Security" . "\n";
292
293 $admins = $this->get_admin_users();
294
295 foreach ( $admins as $admin ) {
296 $this->wp_send_mail( $admin->user_email, esc_html( $subject ), esc_html( $body ) );
297 }
298 }
299
300 /**
301 * 有効化
302 *
303 * @return void
304 */
305 public function activate(): void {
306 $settings = $this->get_default();
307 $this->save_settings( $settings );
308
309 if ( $this->is_enabled() ) {
310 if ( ! $this->update_htaccess() ) {
311 $settings[ $this->get_feature_key() ] = 'f';
312 }
313 }
314 $this->save_settings( $settings );
315
316 if ( 't' === $this->config->get( $this->get_feature_key() ) ) {
317 $this->notification( $settings[ self::KEY_NAME ] );
318 }
319 }
320
321 /**
322 * 無効化
323 *
324 * @return void
325 */
326 public function deactivate(): void {
327 $this->remove_htaccess();
328 $this->config->set( self::KEY_FEATURE, 'f' );
329 $this->config->save();
330 }
331 }
332