siteguard-admin-filter.php
11 years ago
siteguard-base.php
11 years ago
siteguard-captcha.php
11 years ago
siteguard-config.php
11 years ago
siteguard-disable-pingback.php
11 years ago
siteguard-htaccess.php
11 years ago
siteguard-login-alert.php
11 years ago
siteguard-login-history.php
11 years ago
siteguard-login-lock.php
11 years ago
siteguard-rename-login.php
11 years ago
siteguard-updates-notify.php
11 years ago
siteguard-waf-exclude-rule.php
11 years ago
siteguard-admin-filter.php
110 lines
| 1 | <?php |
| 2 | |
| 3 | class SiteGuard_AdminFilter extends SiteGuard_Base { |
| 4 | public static $htaccess_mark = '#==== SITEGUARD_ADMIN_FILTER_SETTINGS'; |
| 5 | |
| 6 | function __construct( ) { |
| 7 | define( 'SITEGUARD_TABLE_LOGIN', 'siteguard_login' ); |
| 8 | add_action( 'wp_login', array( $this, 'handler_wp_login' ), 1, 2 ); |
| 9 | } |
| 10 | static function get_mark( ) { |
| 11 | return SiteGuard_AdminFilter::$htaccess_mark; |
| 12 | } |
| 13 | function init( ) { |
| 14 | global $wpdb, $config; |
| 15 | $table_name = $wpdb->prefix . SITEGUARD_TABLE_LOGIN; |
| 16 | $sql = 'CREATE TABLE ' . $table_name . " ( |
| 17 | ip_address varchar(40) NOT NULL DEFAULT '', |
| 18 | status INT NOT NULL DEFAULT 0, |
| 19 | count INT NOT NULL DEFAULT 0, |
| 20 | last_login_time datetime, |
| 21 | UNIQUE KEY ip_address (ip_address) |
| 22 | ) |
| 23 | CHARACTER SET 'utf8';"; |
| 24 | require_once(ABSPATH . 'wp-admin/includes/upgrade.php'); |
| 25 | dbDelta( $sql ); |
| 26 | $config->set( 'admin_filter_exclude_path', 'css,images,admin-ajax.php' ); |
| 27 | $config->set( 'admin_filter_enable', '0' ); |
| 28 | $config->update( ); |
| 29 | } |
| 30 | function handler_wp_login( $login, $current_user ) { |
| 31 | global $htaccess, $config; |
| 32 | |
| 33 | if ( '' == $current_user->user_login ) { |
| 34 | return; |
| 35 | } |
| 36 | if ( 1 == $config->get( 'admin_filter_enable' ) ) { |
| 37 | $this->feature_on( $_SERVER['REMOTE_ADDR'] ); |
| 38 | } |
| 39 | } |
| 40 | function cvt_exclude( $exclude ) { |
| 41 | return str_replace( ',', '|', $exclude ); |
| 42 | } |
| 43 | function update_settings( $ip_address ) { |
| 44 | global $wpdb, $config; |
| 45 | $htaccess_str = ''; |
| 46 | $table_name = $wpdb->prefix . SITEGUARD_TABLE_LOGIN; |
| 47 | $exclude_paths = preg_split( '/,/', $config->get( 'admin_filter_exclude_path' ) ); |
| 48 | |
| 49 | $now_str = current_time( 'mysql' ); |
| 50 | $now_bin = strtotime( $now_str ); |
| 51 | |
| 52 | $wpdb->query( 'START TRANSACTION' ); |
| 53 | $wpdb->query( "DELETE FROM $table_name WHERE status = 1 AND last_login_time < SYSDATE() - INTERVAL 1 DAY;" ); |
| 54 | $data = array( |
| 55 | 'ip_address' => $ip_address, |
| 56 | 'status' => 1, |
| 57 | 'count' => 0, |
| 58 | 'last_login_time' => $now_str, |
| 59 | ); |
| 60 | $result = $wpdb->get_row( $wpdb->prepare( "SELECT status from $table_name WHERE ip_address = %s", $ip_address ) ); |
| 61 | if ( null == $result ) { |
| 62 | $wpdb->insert( $table_name, $data ); |
| 63 | } else { |
| 64 | $wpdb->update( $table_name, $data, array( 'ip_address' => $ip_address ) ); |
| 65 | } |
| 66 | $parse_url = parse_url( site_url( ) ); |
| 67 | if ( false == $parse_url ) { |
| 68 | $base = '/'; |
| 69 | } else { |
| 70 | if ( isset( $parse_url['path'] ) ) { |
| 71 | $base = $parse_url['path'] . '/'; |
| 72 | } else { |
| 73 | $base = '/'; |
| 74 | } |
| 75 | } |
| 76 | $htaccess_str .= "<IfModule mod_rewrite.c>\n"; |
| 77 | $htaccess_str .= " RewriteEngine on\n"; |
| 78 | $htaccess_str .= " RewriteBase $base\n"; |
| 79 | $htaccess_str .= " RewriteRule ^404-siteguard - [L]\n"; |
| 80 | foreach ( $exclude_paths as $path ) { |
| 81 | $htaccess_str .= ' RewriteRule ^wp-admin/' . trim( $path ) . " - [L]\n"; |
| 82 | } |
| 83 | $htaccess_str .= ' RewriteCond %{REMOTE_ADDR} !(127.0.0.1|'. $_SERVER['SERVER_ADDR'] . ")\n"; |
| 84 | $results = $wpdb->get_col( "SELECT ip_address FROM $table_name;" ); |
| 85 | if ( $results ) { |
| 86 | foreach ( $results as $ip ) { |
| 87 | $htaccess_str .= ' RewriteCond %{REMOTE_ADDR} !' . $ip . "\n"; |
| 88 | } |
| 89 | } |
| 90 | $htaccess_str .= " RewriteRule ^wp-admin 404-siteguard [L]\n"; |
| 91 | $htaccess_str .= "</IfModule>\n"; |
| 92 | |
| 93 | $wpdb->query( 'COMMIT' ); |
| 94 | |
| 95 | return $htaccess_str; |
| 96 | } |
| 97 | function feature_on( $ip_addres ) { |
| 98 | global $htaccess, $config; |
| 99 | $mark = $this->get_mark( ); |
| 100 | $data = $this->update_settings( $ip_addres ); |
| 101 | return $htaccess->update_settings( $mark, $data ); |
| 102 | } |
| 103 | static function feature_off( ) { |
| 104 | $mark = SiteGuard_AdminFilter::get_mark( ); |
| 105 | SiteGuard_Htaccess::clear_settings( $mark ); |
| 106 | } |
| 107 | } |
| 108 | |
| 109 | ?> |
| 110 |