WordPress.org

Plugin Directory

Changeset 871708 for login-lockdown


Ignore:
Timestamp:
03/08/14 07:49:14 (18 months ago)
Author:
mvandemar
Message:

updating deprecated functions, misc cleanup

Location:
login-lockdown
Files:
6 edited
1 copied

Legend:

Unmodified
Added
Removed
  • login-lockdown/tags/1.6/loginlockdown.php

    r155606 r871708  
    33Plugin Name: Login LockDown 
    44Plugin URI: http://www.bad-neighborhood.com/ 
    5 Version: v1.5 
     5Version: v1.6 
    66Author: Michael VanDeMar 
    77Description: Adds some extra security to WordPress by restricting the rate at which failed logins can be re-attempted from a given IP range. Distributed through <a href="http://www.bad-neighborhood.com/" target="_blank">Bad Neighborhood</a>. 
     
    1010/* 
    1111* Change Log 
     12* 
     13* ver. 1.6 7-Mar-2014 
     14* - cleaned up deprecated functions 
     15* - fixed bug with invalid property on a non-object when locking out invalid usernames 
     16* - fixed utilization of $wpdb->prepare 
     17* - added more descriptive help text to each of the options 
     18* - added the ability to remove the "Login form protected by Login LockDown." message from within the dashboard 
    1219* 
    1320* ver. 1.5 17-Sep-2009 
     
    5360| Login LockDown - added security measures to WordPress intended to  | 
    5461| inhibit or reduce brute force password discovery.                  | 
    55 | Copyright (C) 2007 - 2009, Michael VanDeMar,                              | 
     62| Copyright (C) 2007 - 2014, Michael VanDeMar,                              | 
    5663| http://www.bad-neighborhood.com                                    | 
    5764| All rights reserved.                                               | 
     
    8188function loginLockdown_install() { 
    8289    global $wpdb; 
     90    global $loginlockdown_db_version; 
    8391    $table_name = $wpdb->prefix . "login_fails"; 
    8492 
     
    92100            );"; 
    93101 
    94         require_once(ABSPATH . 'wp-admin/upgrade-functions.php'); 
     102        require_once(ABSPATH . 'wp-admin/includes/upgrade.php'); 
    95103        dbDelta($sql); 
    96         add_option("loginlockdown_db1_version", $loginlockdown_db_version); 
    97104    } 
    98105 
     
    109116            );"; 
    110117 
    111         require_once(ABSPATH . 'wp-admin/upgrade-functions.php'); 
     118        require_once(ABSPATH . 'wp-admin/includes/upgrade.php'); 
    112119        dbDelta($sql); 
    113         add_option("loginlockdown_db2_version", $loginlockdown_db_version); 
    114     } 
     120    } 
     121    add_option("loginlockdown_db_version", "1.0", "", "no"); 
     122    // added in 1.6, cleanup from previously improperly set db versions 
     123    delete_option( "loginlockdown_db1_version" ); 
     124    delete_option( "loginlockdown_db2_version" ); 
    115125} 
    116126 
     
    122132    $class_c = substr ($ip, 0 , strrpos ( $ip, "." )); 
    123133 
    124     $numFails = $wpdb->get_var("SELECT COUNT(login_attempt_ID) FROM $table_name " .  
     134    $numFailsquery = "SELECT COUNT(login_attempt_ID) FROM $table_name " .  
    125135                    "WHERE login_attempt_date + INTERVAL " . 
    126136                    $loginlockdownOptions['retries_within'] . " MINUTE > now() AND " .  
    127                     "login_attempt_IP LIKE '" . $wpdb->escape($class_c) . "%'"); 
     137                    "login_attempt_IP LIKE '%s'"; 
     138    $numFailsquery = $wpdb->prepare( $numFailsquery, $class_c  . "%"); 
     139 
     140    $numFails = $wpdb->get_var($numFailsquery); 
    128141    return $numFails; 
    129142} 
     
    136149 
    137150    $username = sanitize_user($username); 
    138     $user = get_userdatabylogin($username); 
     151    $user = get_user_by('login',$username); 
    139152    if ( $user || "yes" == $loginlockdownOptions['lockout_invalid_usernames'] ) { 
     153        if ( $user === false ) {  
     154            $user_id = -1; 
     155        } else { 
     156            $user_id = $user->ID; 
     157        } 
    140158        $insert = "INSERT INTO " . $table_name . " (user_id, login_attempt_date, login_attempt_IP) " . 
    141                 "VALUES ('" . $user->ID . "', now(), '" . $wpdb->escape($ip) . "')"; 
     159                "VALUES ('" . $user_id . "', now(), '%s')"; 
     160        $insert = $wpdb->prepare( $insert, $ip ); 
    142161        $results = $wpdb->query($insert); 
    143162    } 
     
    151170 
    152171    $username = sanitize_user($username); 
    153     $user = get_userdatabylogin($username); 
     172    $user = get_user_by('login',$username); 
    154173    if ( $user || "yes" == $loginlockdownOptions['lockout_invalid_usernames'] ) { 
     174        if ( $user === false ) {  
     175            $user_id = -1; 
     176        } else { 
     177            $user_id = $user->ID; 
     178        } 
    155179        $insert = "INSERT INTO " . $table_name . " (user_id, lockdown_date, release_date, lockdown_IP) " . 
    156                 "VALUES ('" . $user->ID . "', now(), date_add(now(), INTERVAL " . 
    157                 $loginlockdownOptions['lockout_length'] . " MINUTE), '" . $wpdb->escape($ip) . "')"; 
     180                "VALUES ('" . $user_id . "', now(), date_add(now(), INTERVAL " . 
     181                $loginlockdownOptions['lockout_length'] . " MINUTE), '%s')"; 
     182        $insert = $wpdb->prepare( $insert, $ip ); 
    158183        $results = $wpdb->query($insert); 
    159184    } 
     
    166191    $class_c = substr ($ip, 0 , strrpos ( $ip, "." )); 
    167192 
    168     $stillLocked = $wpdb->get_var("SELECT user_id FROM $table_name " .  
     193    $stillLockedquery = "SELECT user_id FROM $table_name " .  
    169194                    "WHERE release_date > now() AND " .  
    170                     "lockdown_IP LIKE '" . $wpdb->escape($class_c) . "%'"); 
     195                    "lockdown_IP LIKE %s"; 
     196    $stillLockedquery = $wpdb->prepare($stillLockedquery,$class_c . "%"); 
     197 
     198    $stillLocked = $wpdb->get_var($stillLockedquery); 
    171199 
    172200    return $stillLocked; 
     
    189217        'lockout_length' => 60, 
    190218        'lockout_invalid_usernames' => 'no', 
    191         'mask_login_errors' => 'no'); 
     219        'mask_login_errors' => 'no', 
     220        'show_credit_link' => 'yes' 
     221    ); 
    192222    $loginlockdownOptions = get_option("loginlockdownAdminOptions"); 
    193223    if ( !empty($loginlockdownOptions) ) { 
     
    225255            $loginlockdownAdminOptions['mask_login_errors'] = $_POST['ll_mask_login_errors']; 
    226256        } 
     257        if (isset($_POST['ll_show_credit_link'])) { 
     258            $loginlockdownAdminOptions['show_credit_link'] = $_POST['ll_show_credit_link']; 
     259        } 
    227260        update_option("loginlockdownAdminOptions", $loginlockdownAdminOptions); 
    228261        ?> 
     
    238271            $released = $_POST['releaseme']; 
    239272            foreach ( $released as $release_id ) { 
    240                 $results = $wpdb->query("UPDATE $table_name SET release_date = now() " . 
    241                             "WHERE lockdown_ID = " . $wpdb->escape($release_id) . ""); 
     273                $releasequery = "UPDATE $table_name SET release_date = now() " . 
     274                            "WHERE lockdown_ID = '%d'"; 
     275                $releasequery = $wpdb->prepare($releasequery,$release_id); 
     276                $results = $wpdb->query($releasequery); 
    242277            } 
    243278        } 
     
    249284    $dalist = listLockedDown(); 
    250285?> 
    251 <div class=wrap> 
     286<div class="wrap" style="width> 
    252287<form method="post" action="<?php echo esc_attr($_SERVER["REQUEST_URI"]); ?>"> 
    253288<?php 
     
    257292<h2><?php _e('Login LockDown Options', 'loginlockdown') ?></h2> 
    258293<h3><?php _e('Max Login Retries', 'loginlockdown') ?></h3> 
    259 <input type="text" name="ll_max_login_retries" size="8" value="<?php echo esc_attr($loginlockdownAdminOptions['max_login_retries']); ?>"> 
     294<p>Number of failed login attempts within the "Retry Time Period Restriction" (defined below) needed to trigger a LockDown.</p> 
     295<p><input type="text" name="ll_max_login_retries" size="8" value="<?php echo esc_attr($loginlockdownAdminOptions['max_login_retries']); ?>"></p> 
    260296<h3><?php _e('Retry Time Period Restriction (minutes)', 'loginlockdown') ?></h3> 
    261 <input type="text" name="ll_retries_within" size="8" value="<?php echo esc_attr($loginlockdownAdminOptions['retries_within']); ?>"> 
     297<p>Amount of time that determines the rate at which failed login attempts are allowed before a LockDown occurs.</p> 
     298<p><input type="text" name="ll_retries_within" size="8" value="<?php echo esc_attr($loginlockdownAdminOptions['retries_within']); ?>"></p> 
    262299<h3><?php _e('Lockout Length (minutes)', 'loginlockdown') ?></h3> 
    263 <input type="text" name="ll_lockout_length" size="8" value="<?php echo esc_attr($loginlockdownAdminOptions['lockout_length']); ?>"> 
     300<p>How long a particular IP block will be locked out for once a LockDown has been triggered.</p> 
     301<p><input type="text" name="ll_lockout_length" size="8" value="<?php echo esc_attr($loginlockdownAdminOptions['lockout_length']); ?>"></p> 
    264302<h3><?php _e('Lockout Invalid Usernames?', 'loginlockdown') ?></h3> 
    265 <input type="radio" name="ll_lockout_invalid_usernames" value="yes" <?php if( $loginlockdownAdminOptions['lockout_invalid_usernames'] == "yes" ) echo "checked"; ?>>&nbsp;Yes&nbsp;&nbsp;&nbsp;<input type="radio" name="ll_lockout_invalid_usernames" value="no" <?php if( $loginlockdownAdminOptions['lockout_invalid_usernames'] == "no" ) echo "checked"; ?>>&nbsp;No 
     303<p>By default Login LockDown will not trigger if an attempt is made to log in using a username that does not exist. You can override this behavior here.</p> 
     304<p><input type="radio" name="ll_lockout_invalid_usernames" value="yes" <?php if( $loginlockdownAdminOptions['lockout_invalid_usernames'] == "yes" ) echo "checked"; ?>>&nbsp;Yes&nbsp;&nbsp;&nbsp;<input type="radio" name="ll_lockout_invalid_usernames" value="no" <?php if( $loginlockdownAdminOptions['lockout_invalid_usernames'] == "no" ) echo "checked"; ?>>&nbsp;No</p> 
    266305<h3><?php _e('Mask Login Errors?', 'loginlockdown') ?></h3> 
    267 <input type="radio" name="ll_mask_login_errors" value="yes" <?php if( $loginlockdownAdminOptions['mask_login_errors'] == "yes" ) echo "checked"; ?>>&nbsp;Yes&nbsp;&nbsp;&nbsp;<input type="radio" name="ll_mask_login_errors" value="no" <?php if( $loginlockdownAdminOptions['mask_login_errors'] == "no" ) echo "checked"; ?>>&nbsp;No 
     306<p>WordPress will normally display distinct messages to the user depending on whether they try and log in with an invalid username, or with a  
     307valid username but the incorrect password. Toggling this option will hide why the login failed.</p> 
     308<p><input type="radio" name="ll_mask_login_errors" value="yes" <?php if( $loginlockdownAdminOptions['mask_login_errors'] == "yes" ) echo "checked"; ?>>&nbsp;Yes&nbsp;&nbsp;&nbsp;<input type="radio" name="ll_mask_login_errors" value="no" <?php if( $loginlockdownAdminOptions['mask_login_errors'] == "no" ) echo "checked"; ?>>&nbsp;No</p> 
     309<h3><?php _e('Show Credit Link?', 'loginlockdown') ?></h3> 
     310<p>By default, Login LockDown will display the following message on the login form:<br /> 
     311<blockquote>Login form protected by <a href='http://www.bad-neighborhood.com/login-lockdown.html'>Login LockDown</a>.</blockquote> 
     312This helps others know about the plugin so they can protect their blogs as well if they like. However, you can disable this message if you prefer.</p> 
     313<input type="radio" name="ll_show_credit_link" value="yes" <?php if( $loginlockdownAdminOptions['show_credit_link'] == "yes" || $loginlockdownAdminOptions['show_credit_link'] == "" ) echo "checked"; ?>>&nbsp;Yes, display the credit link.<br /> 
     314<input type="radio" name="ll_show_credit_link" value="shownofollow" <?php if( $loginlockdownAdminOptions['show_credit_link'] == "shownofollow" ) echo "checked"; ?>>&nbsp;Display the credit link, but add "rel='nofollow'" (ie. do not pass any link juice).<br /> 
     315<input type="radio" name="ll_show_credit_link" value="no" <?php if( $loginlockdownAdminOptions['show_credit_link'] == "no" ) echo "checked"; ?>>&nbsp;No, do not display the credit link.<br /> 
    268316<div class="submit"> 
    269 <input type="submit" name="update_loginlockdownSettings" value="<?php _e('Update Settings', 'loginlockdown') ?>" /></div> 
     317<input type="submit" class="button button-primary" name="update_loginlockdownSettings" value="<?php _e('Update Settings', 'loginlockdown') ?>" /></div> 
    270318</form> 
    271319<br /> 
     
    279327    $num_lockedout = count($dalist); 
    280328    if( 0 == $num_lockedout ) { 
    281         echo "<p>No current IP blocks locked out.</p>"; 
     329        echo "<p>No IP blocks currently locked out.</p>"; 
    282330    } else { 
    283331        foreach ( $dalist as $key => $option ) { 
     
    289337?> 
    290338<div class="submit"> 
    291 <input type="submit" name="release_lockdowns" value="<?php _e('Release Selected', 'loginlockdown') ?>" /></div> 
     339<input type="submit" class="button button-primary" name="release_lockdowns" value="<?php _e('Release Selected', 'loginlockdown') ?>" /></div> 
    292340</form> 
    293341</div> 
     
    297345function loginlockdown_ap() { 
    298346    if ( function_exists('add_options_page') ) { 
    299         add_options_page('Login LockDown', 'Login LockDown', 9, basename(__FILE__), 'print_loginlockdownAdminPage'); 
     347        add_options_page('Login LockDown', 'Login LockDown', 'manage_options', basename(__FILE__), 'print_loginlockdownAdminPage'); 
    300348    } 
    301349} 
    302350 
    303351function ll_credit_link(){ 
    304     echo "<p>Login form protected by <a href='http://www.bad-neighborhood.com/login-lockdown.html'>Login LockDown</a>.<br /><br /><br /></p>"; 
     352    global $loginlockdownOptions; 
     353    $thispage = "http://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]; 
     354    $homepage = get_option( "home" ); 
     355    $showcreditlink = $loginlockdownOptions['show_credit_link']; 
     356    $relnofollow = "rel='nofollow'"; 
     357    if ( $showcreditlink != "shownofollow" && ($thispage == $homepage || $thispage == $homepage . "/" || substr($_SERVER["REQUEST_URI"], strlen($_SERVER["REQUEST_URI"]) - 12) == "wp-login.php") ) { 
     358        $relnofollow = ""; 
     359    } 
     360    if ( $showcreditlink != "no" ) { 
     361        echo "<p>Login form protected by <a href='http://www.bad-neighborhood.com/login-lockdown.html' $relnofollow>Login LockDown</a>.<br /><br /><br /></p>"; 
     362    } 
    305363} 
    306364 
     
    335393        } 
    336394 
    337         $userdata = get_userdatabylogin($username); 
     395        $userdata = get_user_by('login',$username); 
    338396 
    339397        if ( !$userdata ) { 
  • login-lockdown/tags/1.6/readme.txt

    r155606 r871708  
    22Developer: Michael VanDeMar (michael@endlesspoetry.com) 
    33Tags: security, login 
    4 Requires at least: 2.5 
    5 Tested up to: 2.8.4 
    6 Stable Tag: 1.5 
     4Requires at least: 3.6 
     5Tested up to: 3.8.1 
     6Stable Tag: 1.6 
    77 
    88Limits the number of login attempts from a given IP range within a certain time period. 
  • login-lockdown/tags/1.6/version.txt

    r155606 r871708  
    1 1.5 
     11.6 
  • login-lockdown/trunk/loginlockdown.php

    r155606 r871708  
    33Plugin Name: Login LockDown 
    44Plugin URI: http://www.bad-neighborhood.com/ 
    5 Version: v1.5 
     5Version: v1.6 
    66Author: Michael VanDeMar 
    77Description: Adds some extra security to WordPress by restricting the rate at which failed logins can be re-attempted from a given IP range. Distributed through <a href="http://www.bad-neighborhood.com/" target="_blank">Bad Neighborhood</a>. 
     
    1010/* 
    1111* Change Log 
     12* 
     13* ver. 1.6 7-Mar-2014 
     14* - cleaned up deprecated functions 
     15* - fixed bug with invalid property on a non-object when locking out invalid usernames 
     16* - fixed utilization of $wpdb->prepare 
     17* - added more descriptive help text to each of the options 
     18* - added the ability to remove the "Login form protected by Login LockDown." message from within the dashboard 
    1219* 
    1320* ver. 1.5 17-Sep-2009 
     
    5360| Login LockDown - added security measures to WordPress intended to  | 
    5461| inhibit or reduce brute force password discovery.                  | 
    55 | Copyright (C) 2007 - 2009, Michael VanDeMar,                              | 
     62| Copyright (C) 2007 - 2014, Michael VanDeMar,                              | 
    5663| http://www.bad-neighborhood.com                                    | 
    5764| All rights reserved.                                               | 
     
    8188function loginLockdown_install() { 
    8289    global $wpdb; 
     90    global $loginlockdown_db_version; 
    8391    $table_name = $wpdb->prefix . "login_fails"; 
    8492 
     
    92100            );"; 
    93101 
    94         require_once(ABSPATH . 'wp-admin/upgrade-functions.php'); 
     102        require_once(ABSPATH . 'wp-admin/includes/upgrade.php'); 
    95103        dbDelta($sql); 
    96         add_option("loginlockdown_db1_version", $loginlockdown_db_version); 
    97104    } 
    98105 
     
    109116            );"; 
    110117 
    111         require_once(ABSPATH . 'wp-admin/upgrade-functions.php'); 
     118        require_once(ABSPATH . 'wp-admin/includes/upgrade.php'); 
    112119        dbDelta($sql); 
    113         add_option("loginlockdown_db2_version", $loginlockdown_db_version); 
    114     } 
     120    } 
     121    add_option("loginlockdown_db_version", "1.0", "", "no"); 
     122    // added in 1.6, cleanup from previously improperly set db versions 
     123    delete_option( "loginlockdown_db1_version" ); 
     124    delete_option( "loginlockdown_db2_version" ); 
    115125} 
    116126 
     
    122132    $class_c = substr ($ip, 0 , strrpos ( $ip, "." )); 
    123133 
    124     $numFails = $wpdb->get_var("SELECT COUNT(login_attempt_ID) FROM $table_name " .  
     134    $numFailsquery = "SELECT COUNT(login_attempt_ID) FROM $table_name " .  
    125135                    "WHERE login_attempt_date + INTERVAL " . 
    126136                    $loginlockdownOptions['retries_within'] . " MINUTE > now() AND " .  
    127                     "login_attempt_IP LIKE '" . $wpdb->escape($class_c) . "%'"); 
     137                    "login_attempt_IP LIKE '%s'"; 
     138    $numFailsquery = $wpdb->prepare( $numFailsquery, $class_c  . "%"); 
     139 
     140    $numFails = $wpdb->get_var($numFailsquery); 
    128141    return $numFails; 
    129142} 
     
    136149 
    137150    $username = sanitize_user($username); 
    138     $user = get_userdatabylogin($username); 
     151    $user = get_user_by('login',$username); 
    139152    if ( $user || "yes" == $loginlockdownOptions['lockout_invalid_usernames'] ) { 
     153        if ( $user === false ) {  
     154            $user_id = -1; 
     155        } else { 
     156            $user_id = $user->ID; 
     157        } 
    140158        $insert = "INSERT INTO " . $table_name . " (user_id, login_attempt_date, login_attempt_IP) " . 
    141                 "VALUES ('" . $user->ID . "', now(), '" . $wpdb->escape($ip) . "')"; 
     159                "VALUES ('" . $user_id . "', now(), '%s')"; 
     160        $insert = $wpdb->prepare( $insert, $ip ); 
    142161        $results = $wpdb->query($insert); 
    143162    } 
     
    151170 
    152171    $username = sanitize_user($username); 
    153     $user = get_userdatabylogin($username); 
     172    $user = get_user_by('login',$username); 
    154173    if ( $user || "yes" == $loginlockdownOptions['lockout_invalid_usernames'] ) { 
     174        if ( $user === false ) {  
     175            $user_id = -1; 
     176        } else { 
     177            $user_id = $user->ID; 
     178        } 
    155179        $insert = "INSERT INTO " . $table_name . " (user_id, lockdown_date, release_date, lockdown_IP) " . 
    156                 "VALUES ('" . $user->ID . "', now(), date_add(now(), INTERVAL " . 
    157                 $loginlockdownOptions['lockout_length'] . " MINUTE), '" . $wpdb->escape($ip) . "')"; 
     180                "VALUES ('" . $user_id . "', now(), date_add(now(), INTERVAL " . 
     181                $loginlockdownOptions['lockout_length'] . " MINUTE), '%s')"; 
     182        $insert = $wpdb->prepare( $insert, $ip ); 
    158183        $results = $wpdb->query($insert); 
    159184    } 
     
    166191    $class_c = substr ($ip, 0 , strrpos ( $ip, "." )); 
    167192 
    168     $stillLocked = $wpdb->get_var("SELECT user_id FROM $table_name " .  
     193    $stillLockedquery = "SELECT user_id FROM $table_name " .  
    169194                    "WHERE release_date > now() AND " .  
    170                     "lockdown_IP LIKE '" . $wpdb->escape($class_c) . "%'"); 
     195                    "lockdown_IP LIKE %s"; 
     196    $stillLockedquery = $wpdb->prepare($stillLockedquery,$class_c . "%"); 
     197 
     198    $stillLocked = $wpdb->get_var($stillLockedquery); 
    171199 
    172200    return $stillLocked; 
     
    189217        'lockout_length' => 60, 
    190218        'lockout_invalid_usernames' => 'no', 
    191         'mask_login_errors' => 'no'); 
     219        'mask_login_errors' => 'no', 
     220        'show_credit_link' => 'yes' 
     221    ); 
    192222    $loginlockdownOptions = get_option("loginlockdownAdminOptions"); 
    193223    if ( !empty($loginlockdownOptions) ) { 
     
    225255            $loginlockdownAdminOptions['mask_login_errors'] = $_POST['ll_mask_login_errors']; 
    226256        } 
     257        if (isset($_POST['ll_show_credit_link'])) { 
     258            $loginlockdownAdminOptions['show_credit_link'] = $_POST['ll_show_credit_link']; 
     259        } 
    227260        update_option("loginlockdownAdminOptions", $loginlockdownAdminOptions); 
    228261        ?> 
     
    238271            $released = $_POST['releaseme']; 
    239272            foreach ( $released as $release_id ) { 
    240                 $results = $wpdb->query("UPDATE $table_name SET release_date = now() " . 
    241                             "WHERE lockdown_ID = " . $wpdb->escape($release_id) . ""); 
     273                $releasequery = "UPDATE $table_name SET release_date = now() " . 
     274                            "WHERE lockdown_ID = '%d'"; 
     275                $releasequery = $wpdb->prepare($releasequery,$release_id); 
     276                $results = $wpdb->query($releasequery); 
    242277            } 
    243278        } 
     
    249284    $dalist = listLockedDown(); 
    250285?> 
    251 <div class=wrap> 
     286<div class="wrap" style="width> 
    252287<form method="post" action="<?php echo esc_attr($_SERVER["REQUEST_URI"]); ?>"> 
    253288<?php 
     
    257292<h2><?php _e('Login LockDown Options', 'loginlockdown') ?></h2> 
    258293<h3><?php _e('Max Login Retries', 'loginlockdown') ?></h3> 
    259 <input type="text" name="ll_max_login_retries" size="8" value="<?php echo esc_attr($loginlockdownAdminOptions['max_login_retries']); ?>"> 
     294<p>Number of failed login attempts within the "Retry Time Period Restriction" (defined below) needed to trigger a LockDown.</p> 
     295<p><input type="text" name="ll_max_login_retries" size="8" value="<?php echo esc_attr($loginlockdownAdminOptions['max_login_retries']); ?>"></p> 
    260296<h3><?php _e('Retry Time Period Restriction (minutes)', 'loginlockdown') ?></h3> 
    261 <input type="text" name="ll_retries_within" size="8" value="<?php echo esc_attr($loginlockdownAdminOptions['retries_within']); ?>"> 
     297<p>Amount of time that determines the rate at which failed login attempts are allowed before a LockDown occurs.</p> 
     298<p><input type="text" name="ll_retries_within" size="8" value="<?php echo esc_attr($loginlockdownAdminOptions['retries_within']); ?>"></p> 
    262299<h3><?php _e('Lockout Length (minutes)', 'loginlockdown') ?></h3> 
    263 <input type="text" name="ll_lockout_length" size="8" value="<?php echo esc_attr($loginlockdownAdminOptions['lockout_length']); ?>"> 
     300<p>How long a particular IP block will be locked out for once a LockDown has been triggered.</p> 
     301<p><input type="text" name="ll_lockout_length" size="8" value="<?php echo esc_attr($loginlockdownAdminOptions['lockout_length']); ?>"></p> 
    264302<h3><?php _e('Lockout Invalid Usernames?', 'loginlockdown') ?></h3> 
    265 <input type="radio" name="ll_lockout_invalid_usernames" value="yes" <?php if( $loginlockdownAdminOptions['lockout_invalid_usernames'] == "yes" ) echo "checked"; ?>>&nbsp;Yes&nbsp;&nbsp;&nbsp;<input type="radio" name="ll_lockout_invalid_usernames" value="no" <?php if( $loginlockdownAdminOptions['lockout_invalid_usernames'] == "no" ) echo "checked"; ?>>&nbsp;No 
     303<p>By default Login LockDown will not trigger if an attempt is made to log in using a username that does not exist. You can override this behavior here.</p> 
     304<p><input type="radio" name="ll_lockout_invalid_usernames" value="yes" <?php if( $loginlockdownAdminOptions['lockout_invalid_usernames'] == "yes" ) echo "checked"; ?>>&nbsp;Yes&nbsp;&nbsp;&nbsp;<input type="radio" name="ll_lockout_invalid_usernames" value="no" <?php if( $loginlockdownAdminOptions['lockout_invalid_usernames'] == "no" ) echo "checked"; ?>>&nbsp;No</p> 
    266305<h3><?php _e('Mask Login Errors?', 'loginlockdown') ?></h3> 
    267 <input type="radio" name="ll_mask_login_errors" value="yes" <?php if( $loginlockdownAdminOptions['mask_login_errors'] == "yes" ) echo "checked"; ?>>&nbsp;Yes&nbsp;&nbsp;&nbsp;<input type="radio" name="ll_mask_login_errors" value="no" <?php if( $loginlockdownAdminOptions['mask_login_errors'] == "no" ) echo "checked"; ?>>&nbsp;No 
     306<p>WordPress will normally display distinct messages to the user depending on whether they try and log in with an invalid username, or with a  
     307valid username but the incorrect password. Toggling this option will hide why the login failed.</p> 
     308<p><input type="radio" name="ll_mask_login_errors" value="yes" <?php if( $loginlockdownAdminOptions['mask_login_errors'] == "yes" ) echo "checked"; ?>>&nbsp;Yes&nbsp;&nbsp;&nbsp;<input type="radio" name="ll_mask_login_errors" value="no" <?php if( $loginlockdownAdminOptions['mask_login_errors'] == "no" ) echo "checked"; ?>>&nbsp;No</p> 
     309<h3><?php _e('Show Credit Link?', 'loginlockdown') ?></h3> 
     310<p>By default, Login LockDown will display the following message on the login form:<br /> 
     311<blockquote>Login form protected by <a href='http://www.bad-neighborhood.com/login-lockdown.html'>Login LockDown</a>.</blockquote> 
     312This helps others know about the plugin so they can protect their blogs as well if they like. However, you can disable this message if you prefer.</p> 
     313<input type="radio" name="ll_show_credit_link" value="yes" <?php if( $loginlockdownAdminOptions['show_credit_link'] == "yes" || $loginlockdownAdminOptions['show_credit_link'] == "" ) echo "checked"; ?>>&nbsp;Yes, display the credit link.<br /> 
     314<input type="radio" name="ll_show_credit_link" value="shownofollow" <?php if( $loginlockdownAdminOptions['show_credit_link'] == "shownofollow" ) echo "checked"; ?>>&nbsp;Display the credit link, but add "rel='nofollow'" (ie. do not pass any link juice).<br /> 
     315<input type="radio" name="ll_show_credit_link" value="no" <?php if( $loginlockdownAdminOptions['show_credit_link'] == "no" ) echo "checked"; ?>>&nbsp;No, do not display the credit link.<br /> 
    268316<div class="submit"> 
    269 <input type="submit" name="update_loginlockdownSettings" value="<?php _e('Update Settings', 'loginlockdown') ?>" /></div> 
     317<input type="submit" class="button button-primary" name="update_loginlockdownSettings" value="<?php _e('Update Settings', 'loginlockdown') ?>" /></div> 
    270318</form> 
    271319<br /> 
     
    279327    $num_lockedout = count($dalist); 
    280328    if( 0 == $num_lockedout ) { 
    281         echo "<p>No current IP blocks locked out.</p>"; 
     329        echo "<p>No IP blocks currently locked out.</p>"; 
    282330    } else { 
    283331        foreach ( $dalist as $key => $option ) { 
     
    289337?> 
    290338<div class="submit"> 
    291 <input type="submit" name="release_lockdowns" value="<?php _e('Release Selected', 'loginlockdown') ?>" /></div> 
     339<input type="submit" class="button button-primary" name="release_lockdowns" value="<?php _e('Release Selected', 'loginlockdown') ?>" /></div> 
    292340</form> 
    293341</div> 
     
    297345function loginlockdown_ap() { 
    298346    if ( function_exists('add_options_page') ) { 
    299         add_options_page('Login LockDown', 'Login LockDown', 9, basename(__FILE__), 'print_loginlockdownAdminPage'); 
     347        add_options_page('Login LockDown', 'Login LockDown', 'manage_options', basename(__FILE__), 'print_loginlockdownAdminPage'); 
    300348    } 
    301349} 
    302350 
    303351function ll_credit_link(){ 
    304     echo "<p>Login form protected by <a href='http://www.bad-neighborhood.com/login-lockdown.html'>Login LockDown</a>.<br /><br /><br /></p>"; 
     352    global $loginlockdownOptions; 
     353    $thispage = "http://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]; 
     354    $homepage = get_option( "home" ); 
     355    $showcreditlink = $loginlockdownOptions['show_credit_link']; 
     356    $relnofollow = "rel='nofollow'"; 
     357    if ( $showcreditlink != "shownofollow" && ($thispage == $homepage || $thispage == $homepage . "/" || substr($_SERVER["REQUEST_URI"], strlen($_SERVER["REQUEST_URI"]) - 12) == "wp-login.php") ) { 
     358        $relnofollow = ""; 
     359    } 
     360    if ( $showcreditlink != "no" ) { 
     361        echo "<p>Login form protected by <a href='http://www.bad-neighborhood.com/login-lockdown.html' $relnofollow>Login LockDown</a>.<br /><br /><br /></p>"; 
     362    } 
    305363} 
    306364 
     
    335393        } 
    336394 
    337         $userdata = get_userdatabylogin($username); 
     395        $userdata = get_user_by('login',$username); 
    338396 
    339397        if ( !$userdata ) { 
  • login-lockdown/trunk/readme.txt

    r155606 r871708  
    22Developer: Michael VanDeMar (michael@endlesspoetry.com) 
    33Tags: security, login 
    4 Requires at least: 2.5 
    5 Tested up to: 2.8.4 
    6 Stable Tag: 1.5 
     4Requires at least: 3.6 
     5Tested up to: 3.8.1 
     6Stable Tag: 1.6 
    77 
    88Limits the number of login attempts from a given IP range within a certain time period. 
  • login-lockdown/trunk/version.txt

    r155606 r871708  
    1 1.5 
     11.6 
Note: See TracChangeset for help on using the changeset viewer.