PluginProbe ʕ •ᴥ•ʔ
Limit Login Attempts Security – Login Security, 2FA, Firewall, Brute Force Prevention / 3.2.4
Limit Login Attempts Security – Login Security, 2FA, Firewall, Brute Force Prevention v3.2.4
3.2.4 3.2.3 3.2.2 3.2.1 3.2.0 trunk 2.0.0 2.1.0 2.10.0 2.10.1 2.11.0 2.12.0 2.12.1 2.12.2 2.12.3 2.13.0 2.14.0 2.15.0 2.15.1 2.15.2 2.16.0 2.17.0 2.17.1 2.17.2 2.17.3 2.17.4 2.18.0 2.19.0 2.19.1 2.19.2 2.2.0 2.20.0 2.20.1 2.20.2 2.20.3 2.20.4 2.20.5 2.20.6 2.21.0 2.21.1 2.22.0 2.22.1 2.23.0 2.23.1 2.23.2 2.24.0 2.24.1 2.25.0 2.25.1 2.25.10 2.25.11 2.25.12 2.25.13 2.25.14 2.25.15 2.25.16 2.25.17 2.25.18 2.25.19 2.25.2 2.25.20 2.25.21 2.25.22 2.25.23 2.25.24 2.25.25 2.25.26 2.25.27 2.25.28 2.25.29 2.25.3 2.25.4 2.25.5 2.25.6 2.25.7 2.25.8 2.25.9 2.26.0 2.26.1 2.26.10 2.26.11 2.26.12 2.26.13 2.26.14 2.26.15 2.26.16 2.26.17 2.26.18 2.26.19 2.26.2 2.26.20 2.26.21 2.26.22 2.26.23 2.26.24 2.26.25 2.26.26 2.26.27 2.26.28 2.26.3 2.26.4 2.26.5 2.26.6 2.26.7 2.26.8 2.26.9 2.3.0 2.4.0 2.5.0 2.6.1 2.6.2 2.6.3 2.7.0 2.7.1 2.7.2 2.7.3 2.7.4 2.8.0 2.8.1 2.9.0 3.0.0 3.0.1 3.0.2 3.1.0
limit-login-attempts-reloaded / core / Config.php
limit-login-attempts-reloaded / core Last commit date
http 2 weeks ago integrations 2 weeks ago mfa 2 weeks ago mfa-flow 2 weeks ago AdminNoticesController.php 2 weeks ago Ajax.php 2 weeks ago CloudApp.php 2 weeks ago Config.php 2 weeks ago Helpers.php 2 weeks ago LimitLoginAttempts.php 2 weeks ago LoginFlowTransientStore.php 2 weeks ago MfaConstants.php 2 weeks ago Shortcodes.php 2 weeks ago
Config.php
226 lines
1 <?php
2
3 namespace LLAR\Core;
4
5 if ( ! defined( 'ABSPATH' ) ) {
6 exit;
7 }
8
9 class Config {
10
11 const OPTION_LOCKOUTS = 'lockouts';
12 const OPTION_LOGGED = 'logged';
13 const OPTION_ACTIVE_APP = 'active_app';
14
15 private static $default_options = array(
16 'gdpr' => 0,
17 'gdpr_message' => '',
18
19 /* Are we behind a proxy? */
20 'client_type' => LLA_DIRECT_ADDR,
21
22 /* Lock out after this many tries */
23 'allowed_retries' => 4,
24
25 /* Lock out for this many seconds */
26 'lockout_duration' => 1200, // 20 minutes
27
28 /* Long lock out after this many lockouts */
29 'allowed_lockouts' => 4,
30
31 /* Long lock out for this many seconds */
32 'long_duration' => 86400, // 24 hours,
33
34 /* Reset failed attempts after this many seconds */
35 'valid_duration' => 86400, // 12 hours
36
37 /* Also limit malformed/forged cookies? */
38 'cookies' => true,
39
40 /* Notify on lockout. Values: '', 'log', 'email', 'log,email' */
41 'lockout_notify' => 'email',
42
43 /* strong account policies */
44 'checklist' => false,
45
46 /* If notify by email, do so after this number of lockouts */
47 'notify_email_after' => 3,
48
49 'review_notice_shown' => false,
50 'enable_notify_notice_shown' => false,
51
52 'whitelist' => array(),
53 'whitelist_usernames' => array(),
54 'blacklist' => array(),
55 'blacklist_usernames' => array(),
56
57 'active_app' => 'local',
58 'app_config' => '',
59 'show_top_level_menu_item' => true,
60 'show_top_bar_menu_item' => true,
61 'hide_dashboard_widget' => false,
62 'show_warning_badge' => true,
63 'onboarding_popup_shown' => false,
64 /* Last known plugin header Version (from file), persisted on activate/update. */
65 'plugin_version' => '',
66 'custom_error_message' => '',
67
68 'logged' => array(),
69 'retries_valid' => array(),
70 'retries' => array(),
71 'lockouts' => array(),
72 'auto_update_choice' => null,
73
74 /* MFA Rescue Codes */
75 'mfa_rescue_codes' => array(),
76 'mfa_rescue_download_token' => '',
77
78 /* MFA Flow (after failed login: handshake, verify, email code) */
79 'mfa_enabled' => 0,
80 'mfa_provider' => 'llar',
81 'mfa_provider_config' => array(),
82 'mfa_roles' => array( 'administrator' ),
83 );
84
85 private static $disable_autoload_options = array(
86 'lockouts',
87 'logged',
88 'retries',
89 'retries_valid',
90 'retries_stats'
91 );
92
93 private static $prefix = 'limit_login_';
94
95 private static $use_local_options = true;
96
97 public static function get_default_options()
98 {
99 return self::$default_options || array();
100 }
101
102 public static function use_local_options( $value )
103 {
104 self::$use_local_options = $value;
105 }
106
107 public static function init() {
108 self::$use_local_options = Helpers::use_local_options();
109 }
110
111 public static function init_defaults() {
112 self::$default_options['gdpr_message'] = __( 'By proceeding you understand and give your consent that your IP address and browser information might be processed by the security plugins installed on this site.', 'limit-login-attempts-reloaded' );
113 }
114
115 /**
116 * @param $name
117 *
118 * @return false|string
119 */
120 private static function format_option_name( $name ) {
121 if ( ! $name ) {
122 return false;
123 }
124
125 return self::$prefix . $name;
126 }
127
128 /**
129 * Get option by name
130 *
131 * @param $option_name
132 *
133 * @return null
134 */
135 public static function get( $option_name ) {
136 $func = self::$use_local_options ? 'get_option' : 'get_site_option';
137 $value = $func( self::format_option_name( $option_name ), null );
138
139 if ( is_null( $value ) && isset( self::$default_options[ $option_name ] ) ) {
140 $value = self::$default_options[ $option_name ];
141 }
142
143 return $value;
144 }
145
146 /**
147 * @param $option_name
148 * @param $value
149 *
150 * @return mixed
151 */
152 public static function update( $option_name, $value ) {
153 $func = self::$use_local_options ? 'update_option' : 'update_site_option';
154
155 return $func( self::format_option_name( $option_name ), $value, self::is_autoload( $option_name ) );
156 }
157
158 /**
159 * @param $option_name
160 * @param $value
161 *
162 * @return mixed
163 */
164 public static function add( $option_name, $value ) {
165 $func = self::$use_local_options ? 'add_option' : 'add_site_option';
166
167 return $func( self::format_option_name( $option_name ), $value, '', self::is_autoload( $option_name ) );
168 }
169
170 /**
171 * @param $option_name
172 *
173 * @return mixed
174 */
175 public static function delete( $option_name ) {
176 $func = self::$use_local_options ? 'delete_option' : 'delete_site_option';
177
178 return $func( self::format_option_name( $option_name ) );
179 }
180
181 /**
182 * Setup main options
183 */
184 public static function sanitize_options() {
185 $simple_int_options = array(
186 'allowed_retries',
187 'lockout_duration',
188 'valid_duration',
189 'allowed_lockouts',
190 'long_duration',
191 'notify_email_after'
192 );
193
194 foreach ( $simple_int_options as $option ) {
195 $val = self::get( $option );
196 if ( (int) $val != $val || (int) $val <= 0 ) {
197 self::update( $option, 1 );
198 }
199 }
200
201 if ( self::get( 'notify_email_after' ) > self::get( 'allowed_lockouts' ) ) {
202 self::update( 'notify_email_after', self::get( 'allowed_lockouts' ) );
203 }
204
205 $args = explode( ',', self::get( 'lockout_notify' ) );
206 $args_allowed = explode( ',', LLA_LOCKOUT_NOTIFY_ALLOWED );
207 $new_args = array_intersect( $args, $args_allowed );
208
209 self::update( 'lockout_notify', implode( ',', $new_args ) );
210
211 $client_type = self::get( 'client_type' );
212
213 if ( $client_type != LLA_DIRECT_ADDR && $client_type != LLA_PROXY_ADDR ) {
214 self::update( 'client_type', LLA_DIRECT_ADDR );
215 }
216 }
217
218 /**
219 * @param $option_name
220 *
221 * @return string
222 */
223 private static function is_autoload( $option_name ) {
224 return in_array( trim( $option_name ), self::$disable_autoload_options ) ? 'no' : 'yes';
225 }
226 }