PluginProbe ʕ •ᴥ•ʔ
SiteGuard WP Plugin / 1.7.7
SiteGuard WP Plugin v1.7.7
1.8.6 1.8.6-beta1 1.8.6-beta2 1.8.4 1.8.5 1.8.3 1.8.2 1.8.1 trunk 1.0.0 1.0.1 1.0.2 1.0.3 1.0.4 1.0.5 1.0.6 1.1.0 1.1.1 1.1.2 1.2.0 1.2.1 1.2.2 1.2.3 1.4.3 1.5.0 1.5.1 1.5.2 1.6.0 1.6.1 1.7.0 1.7.1 1.7.10 1.7.11 1.7.12 1.7.2 1.7.3 1.7.4 1.7.5 1.7.6 1.7.7 1.7.8 1.7.9 1.8.0 1.8.0-beta1 1.8.0-beta2 1.8.0-beta3 1.8.0-beta4
siteguard / classes / siteguard-admin-filter.php
siteguard / classes Last commit date
siteguard-admin-filter.php 3 years ago siteguard-base.php 3 years ago siteguard-captcha.php 3 years ago siteguard-config.php 3 years ago siteguard-disable-author-query.php 3 years ago siteguard-disable-pingback.php 3 years ago siteguard-disable-xmlrpc.php 3 years ago siteguard-htaccess.php 3 years ago siteguard-login-alert.php 3 years ago siteguard-login-history.php 3 years ago siteguard-login-lock.php 3 years ago siteguard-rename-login.php 2 years ago siteguard-updates-notify.php 3 years ago siteguard-waf-exclude-rule.php 3 years ago
siteguard-admin-filter.php
124 lines
1 <?php
2
3 class SiteGuard_AdminFilter extends SiteGuard_Base {
4 public static $htaccess_mark = '#==== SITEGUARD_ADMIN_FILTER_SETTINGS';
5
6 function __construct() {
7 define( 'SITEGUARD_TABLE_LOGIN', 'siteguard_login' );
8 add_action( 'wp_login', array( $this, 'handler_wp_login' ), 1, 2 );
9 }
10 static function get_mark() {
11 return self::$htaccess_mark;
12 }
13 function init() {
14 global $wpdb, $siteguard_config;
15 $table_name = $wpdb->prefix . SITEGUARD_TABLE_LOGIN;
16 $sql = 'CREATE TABLE ' . $table_name . " (
17 ip_address varchar(40) NOT NULL DEFAULT '',
18 status INT NOT NULL DEFAULT 0,
19 count INT NOT NULL DEFAULT 0,
20 last_login_time datetime,
21 UNIQUE KEY ip_address (ip_address)
22 )
23 CHARACTER SET 'utf8';";
24 require_once ABSPATH . 'wp-admin/includes/upgrade.php';
25 dbDelta( $sql );
26 $siteguard_config->set( 'admin_filter_exclude_path', 'css,images,admin-ajax.php,load-styles.php,site-health.php' );
27 $siteguard_config->set( 'admin_filter_enable', '0' );
28 $siteguard_config->update();
29 }
30 function handler_wp_login( $login, $current_user ) {
31 global $siteguard_htaccess, $siteguard_config;
32
33 if ( '' == $current_user->user_login ) {
34 return;
35 }
36 if ( 1 == $siteguard_config->get( 'admin_filter_enable' ) ) {
37 $this->feature_on( $this->get_ip() );
38 }
39 }
40 function cvt_exclude( $exclude ) {
41 return str_replace( ',', '|', $exclude );
42 }
43 function cvt_status_for_1_2_5( $ip_address ) {
44 global $wpdb;
45 $table_name = $wpdb->prefix . SITEGUARD_TABLE_LOGIN;
46 $wpdb->update( $table_name, array( 'status' => 0 ), array( 'ip_address' => $ip_address ) );
47 }
48 function get_rewrite_cond( $ip ) {
49 return ' RewriteCond %{REMOTE_ADDR} !^' . str_replace( '.', '\.', $ip ) . "$\n";
50 }
51 function update_settings( $ip_address ) {
52 global $wpdb, $siteguard_config;
53 $htaccess_str = '';
54 $table_name = $wpdb->prefix . SITEGUARD_TABLE_LOGIN;
55 $exclude_paths = preg_split( '/,/', $siteguard_config->get( 'admin_filter_exclude_path' ) );
56
57 $now_str = current_time( 'mysql' );
58 $now_bin = strtotime( $now_str );
59
60 $wpdb->query( 'START TRANSACTION' );
61 $wpdb->query( $wpdb->prepare( "DELETE FROM $table_name WHERE status = %d AND last_login_time < SYSDATE() - INTERVAL 1 DAY;", SITEGUARD_LOGIN_SUCCESS ) );
62 $data = array(
63 'ip_address' => $ip_address,
64 'status' => SITEGUARD_LOGIN_SUCCESS,
65 'count' => 0,
66 'last_login_time' => $now_str,
67 );
68 $result = $wpdb->get_row( $wpdb->prepare( "SELECT status from $table_name WHERE ip_address = %s", $ip_address ) );
69 if ( null == $result ) {
70 $wpdb->insert( $table_name, $data );
71 } else {
72 $wpdb->update( $table_name, $data, array( 'ip_address' => $ip_address ) );
73 }
74 $parse_url = parse_url( site_url() );
75 if ( false === $parse_url ) {
76 $base = '/';
77 } else {
78 if ( isset( $parse_url['path'] ) ) {
79 $base = $parse_url['path'] . '/';
80 } else {
81 $base = '/';
82 }
83 }
84 $htaccess_str .= "<IfModule mod_rewrite.c>\n";
85 $htaccess_str .= " RewriteEngine on\n";
86 $htaccess_str .= " RewriteBase $base\n";
87 $htaccess_str .= " RewriteRule ^404-siteguard - [L]\n";
88 foreach ( $exclude_paths as $path ) {
89 $htaccess_str .= ' RewriteRule ^wp-admin/' . trim( str_replace( '.', '\.', $path ) ) . " - [L]\n";
90 }
91 $results = $wpdb->get_col( $wpdb->prepare( "SELECT ip_address FROM $table_name WHERE status = %d;", SITEGUARD_LOGIN_SUCCESS ) );
92 if ( $results ) {
93 foreach ( $results as $ip ) {
94 $htaccess_str .= $this->get_rewrite_cond( $ip );
95 }
96 }
97 $server_ip = $this->get_server_ip();
98 if ( false !== $server_ip ) {
99 $htaccess_str .= $this->get_rewrite_cond( $server_ip );
100 }
101 $htaccess_str .= $this->get_rewrite_cond( '127.0.0.1' );
102 $htaccess_str .= $this->get_rewrite_cond( '::1' );
103 $htaccess_str .= " RewriteRule ^wp-admin 404-siteguard [L]\n";
104 $htaccess_str .= "</IfModule>\n";
105
106 $wpdb->query( 'COMMIT' );
107
108 return $htaccess_str;
109 }
110 function feature_on( $ip_address ) {
111 global $siteguard_htaccess, $siteguard_config;
112 if ( false === SiteGuard_Htaccess::check_permission() ) {
113 return false;
114 }
115 $mark = $this->get_mark();
116 $data = $this->update_settings( $ip_address );
117 return $siteguard_htaccess->update_settings( $mark, $data );
118 }
119 static function feature_off() {
120 $mark = self::get_mark();
121 return SiteGuard_Htaccess::clear_settings( $mark );
122 }
123 }
124