PluginProbe ʕ •ᴥ•ʔ
Anti-Malware Security and Brute-Force Firewall / 4.17.57
Anti-Malware Security and Brute-Force Firewall v4.17.57
4.23.90 trunk 1.2.03.23 1.3.02.15 3.07.06 4.14.47 4.15.16 4.16.17 4.17.28 4.17.29 4.17.44 4.17.57 4.17.58 4.17.68 4.17.69 4.18.52 4.18.62 4.18.63 4.18.69 4.18.71 4.18.74 4.18.76 4.19.44 4.19.50 4.19.68 4.19.69 4.20.59 4.20.72 4.20.92 4.20.93 4.20.94 4.20.95 4.20.96 4.21.74 4.21.83 4.21.84 4.21.85 4.21.86 4.21.87 4.21.88 4.21.89 4.21.90 4.21.91 4.21.92 4.21.93 4.21.94 4.21.95 4.21.96 4.23.56 4.23.57 4.23.67 4.23.68 4.23.69 4.23.71 4.23.73 4.23.77 4.23.81 4.23.83 4.23.85 4.23.87 4.23.88 4.23.89
gotmls / safe-load / wp-login.php
gotmls / safe-load Last commit date
.htaccess 11 years ago index.php 10 years ago session.php 11 years ago trace.php 11 years ago wp-login.php 10 years ago wp-settings.php 8 years ago
wp-login.php
94 lines
1 <?php
2 /**
3 * GOTMLS wp-login protection
4 * @package GOTMLS
5 */
6
7 if (!defined("GOTMLS_REQUEST_METHOD"))
8 define("GOTMLS_REQUEST_METHOD", (isset($_SERVER["REQUEST_METHOD"])?strtoupper($_SERVER["REQUEST_METHOD"]):"none"));
9 if ((GOTMLS_REQUEST_METHOD == "POST") && isset($_POST["log"]) && isset($_POST["pwd"]) && isset($_POST["session_id"]) && isset($_POST["sess".$_POST["session_id"]]) && is_numeric($_POST["sess".$_POST["session_id"]])) {
10 $sess = round($_POST["sess".$_POST["session_id"]] / 60000);
11 $time = round(time() / 60);
12 if ((($time - $sess) > 2) || (($sess - $time) > 2)) {
13 $GLOBALS["GOTMLS"]["detected_attacks"] = '&attack[]=NO_JS';
14 include(dirname(__FILE__)."/index.php");
15 }
16 } else {
17 include(dirname(__FILE__)."/session.php");
18 if (!function_exists("GOTMLS_update_log_file")) {
19 function GOTMLS_update_log_file($dont_force_write = true) {
20 if (!defined("GOTMLS_SESSION_FILE"))
21 define("GOTMLS_SESSION_FILE", dirname(__FILE__)."/_SESSION/index.php");
22 if (is_file(GOTMLS_SESSION_FILE))
23 include(GOTMLS_SESSION_FILE);
24 else {
25 if (!is_dir(dirname(GOTMLS_SESSION_FILE)))
26 @mkdir(dirname(GOTMLS_SESSION_FILE));
27 if (is_dir(dirname(GOTMLS_SESSION_FILE)))
28 if (!is_file(GOTMLS_SESSION_FILE))
29 if (file_put_contents(GOTMLS_SESSION_FILE, "<?php if (!defined('GOTMLS_INSTALL_TIME')) define('GOTMLS_INSTALL_TIME', '".GOTMLS_SESSION_TIME."');"))
30 include(GOTMLS_SESSION_FILE);
31 }
32 if (!defined("GOTMLS_INSTALL_TIME"))
33 return false;
34 else {
35 $GOTMLS_LOGIN_ARRAY = array("ADDR"=>(isset($_SERVER["REMOTE_ADDR"])?$_SERVER["REMOTE_ADDR"]:"REMOTE_ADDR"), "AGENT"=>(isset($_SERVER["HTTP_USER_AGENT"])?$_SERVER["HTTP_USER_AGENT"]:"HTTP_USER_AGENT"), "TIME"=>GOTMLS_INSTALL_TIME);
36 $GOTMLS_LOGIN_KEY = md5(serialize($GOTMLS_LOGIN_ARRAY));
37 if (!defined("GOTMLS_LOG_FILE"))
38 define("GOTMLS_LOG_FILE", dirname(GOTMLS_SESSION_FILE)."/.GOTMLS.$GOTMLS_LOGIN_KEY.php");
39 if (is_file(GOTMLS_LOG_FILE))
40 include(GOTMLS_LOG_FILE);
41 if (GOTMLS_REQUEST_METHOD == "POST")
42 $GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY][GOTMLS_REQUEST_METHOD][GOTMLS_INSTALL_TIME] = $GOTMLS_LOGIN_ARRAY;
43 else
44 $GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY][GOTMLS_REQUEST_METHOD] = GOTMLS_INSTALL_TIME;
45 @file_put_contents(GOTMLS_LOG_FILE, '<?php $GLOBALS["GOTMLS"]["logins"]["'.$GOTMLS_LOGIN_KEY.'"]=unserialize(base64_decode("'.base64_encode(serialize($GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY])).'"));');
46 if (isset($GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY]) && is_array($GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY]))
47 return $GOTMLS_LOGIN_KEY;
48 else
49 return 0;
50 }
51 }
52 }
53 if ((GOTMLS_REQUEST_METHOD == "POST") && isset($_POST["log"]) && isset($_POST["pwd"]) && !(isset($GOTMLS_LOGIN_KEY) && isset($GOTMLS_logins[$GOTMLS_LOGIN_KEY]["whitelist"]))) {
54 if (!(isset($_SESSION["GOTMLS_detected_attacks"]) && $_SESSION["GOTMLS_SESSION_LAST"]))
55 $GLOBALS["GOTMLS"]["detected_attacks"] = '&attack[]=NO_SESSION';
56 if (!isset($_SERVER["REMOTE_ADDR"]))
57 $GLOBALS["GOTMLS"]["detected_attacks"] .= '&attack[]=NO_REMOTE_ADDR';
58 if (!isset($_SERVER["HTTP_USER_AGENT"]))
59 $GLOBALS["GOTMLS"]["detected_attacks"] .= '&attack[]=NO_HTTP_USER_AGENT';
60 if (!isset($_SERVER["HTTP_REFERER"]))
61 $GLOBALS["GOTMLS"]["detected_attacks"] .= '&attack[]=NO_HTTP_REFERER';
62 if (!$GLOBALS["GOTMLS"]["detected_attacks"]) {
63 if (isset($_SESSION["GOTMLS_login_attempts"]) && is_numeric($_SESSION["GOTMLS_login_attempts"]) && strlen($_SESSION["GOTMLS_login_attempts"]."") > 0)
64 $_SESSION["GOTMLS_login_attempts"]++;
65 else {
66 if ($GOTMLS_LOGIN_KEY = GOTMLS_update_log_file()) {
67 if (!(isset($GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY]["POST"]) && is_array($GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY]["POST"])))
68 $GLOBALS["GOTMLS"]["detected_attacks"] .= '&attack[]=NO_LOGIN_ATTEMPTS';
69 elseif (!isset($GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY]["GET"]))
70 $GLOBALS["GOTMLS"]["detected_attacks"] .= '&attack[]=NO_LOGIN_GETS';
71 else {
72 $_SESSION["GOTMLS_login_attempts"] = 0;
73 foreach ($GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY]["POST"] as $LOGIN_TIME=>$LOGIN_ARRAY) {
74 if ($LOGIN_TIME > $GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY]["GET"])
75 $_SESSION["GOTMLS_login_attempts"]++;
76 else
77 unset($GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY]["POST"][$LOGIN_TIME]);
78 }
79 }
80 } else
81 $GLOBALS["GOTMLS"]["detected_attacks"] .= '&attack[]=NO_LOG_FILE';
82 }
83 if (!(isset($_SESSION["GOTMLS_login_attempts"]) && is_numeric($_SESSION["GOTMLS_login_attempts"]) && ($_SESSION["GOTMLS_login_attempts"] < 6) && $_SESSION["GOTMLS_login_attempts"]))
84 $GLOBALS["GOTMLS"]["detected_attacks"] .= '&attack[]=TOO_MANY_login_attempts';
85 }
86 if ($GLOBALS["GOTMLS"]["detected_attacks"])
87 include(dirname(__FILE__)."/index.php");
88 } else {
89 if (isset($_SERVER["SCRIPT_FILENAME"]) && basename(__FILE__) == basename($_SERVER["SCRIPT_FILENAME"]))
90 GOTMLS_update_log_file();
91 $_SESSION["GOTMLS_detected_attacks"] = '';
92 $_SESSION["GOTMLS_login_attempts"] = 0;
93 }
94 }