PageRenderTime 60ms CodeModel.GetById 25ms RepoModel.GetById 1ms app.codeStats 0ms

/src/icwp-optionshandler-loginprotect.php

https://github.com/stackgrinder/wp-simple-firewall
PHP | 274 lines | 223 code | 16 blank | 35 comment | 5 complexity | 32ea088c5266051d5bae19ae953619f6 MD5 | raw file
    

  1. <?php

    2. 

  2. /**

    3. 

  3.  * Copyright (c) 2014 iControlWP <support@icontrolwp.com>

    4. 

  4.  * All rights reserved.

    5. 

  5.  *

    6. 

  6.  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND

    7. 

  7.  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED

    8. 

  8.  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE

    9. 

  9.  * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR

    10. 

  10.  * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES

    11. 

  11.  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

    12. 

  12.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON

    13. 

  13.  * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

    14. 

  14.  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS

    15. 

  15.  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

    16. 

  16.  */

    17. 

  17. 

    18. 

  18. require_once( dirname(__FILE__).'/icwp-optionshandler-base.php' );

    19. 

  19. 

    20. 

  20. if ( !class_exists('ICWP_OptionsHandler_LoginProtect') ):

    21. 

  21. 

    22. 

  22. class ICWP_OptionsHandler_LoginProtect extends ICWP_OptionsHandler_Base_Wpsf {

    23. 

  23. 	

    24. 

  24. 	const StoreName = 'loginprotect_options';

    25. 

  25. 	

    26. 

  26. 	public function __construct( $oPluginVo ) {

    27. 

  27. 		parent::__construct( $oPluginVo, self::StoreName );

    28. 

  28. 

    29. 

  29. 		$this->sFeatureName = _wpsf__('Login Protect');

    30. 

  30. 		$this->sFeatureSlug = 'login_protect';

    31. 

  31. 	}

    32. 

  32. 	

    33. 

  33. 	public function doPrePluginOptionsSave() {

    34. 

  34. 		$aIpWhitelist = $this->getOpt( 'ips_whitelist' );

    35. 

  35. 		if ( $aIpWhitelist === false ) {

    36. 

  36. 			$aIpWhitelist = '';

    37. 

  37. 			$this->setOpt( 'ips_whitelist', $aIpWhitelist );

    38. 

  38. 		}

    39. 

  39. 		$this->processIpFilter( 'ips_whitelist', 'icwp_simple_firewall_whitelist_ips' );

    40. 

  40. 

    41. 

  41. 		$aTwoFactorAuthRoles = $this->getOpt( 'two_factor_auth_user_roles' );

    42. 

  42. 		if ( empty($aTwoFactorAuthRoles) || !is_array( $aTwoFactorAuthRoles ) ) {

    43. 

  43. 			$this->setOpt( 'two_factor_auth_user_roles', $this->getTwoFactorUserAuthRoles( true ) );

    44. 

  44. 		}

    45. 

  45. 	}

    46. 

  46. 

    47. 

  47. 	/**

    48. 

  48. 	 * @return bool|void

    49. 

  49. 	 */

    50. 

  50. 	public function defineOptions() {

    51. 

  51. 

    52. 

  52. 		$aOptionsBase = array(

    53. 

  53. 			'section_title' => sprintf( _wpsf__( 'Enable Plugin Feature: %s' ), _wpsf__('Login Protection') ),

    54. 

  54. 			'section_options' => array(

    55. 

  55. 				array(

    56. 

  56. 					'enable_login_protect',

    57. 

  57. 					'',

    58. 

  58. 					'N',

    59. 

  59. 					'checkbox',

    60. 

  60. 					_wpsf__( 'Enable Login Protect' ),

    61. 

  61. 					_wpsf__( 'Enable (or Disable) The Login Protection Feature' ),

    62. 

  62. 					sprintf( _wpsf__( 'Checking/Un-Checking this option will completely turn on/off the whole %s feature.' ), _wpsf__('Login Protection') ),

    63. 

  63. 					'<a href="http://icwp.io/51" target="_blank">'._wpsf__( 'more info' ).'</a>'

    64. 

  64. 					.' | <a href="http://icwp.io/wpsf03" target="_blank">'._wpsf__( 'blog' ).'</a>'

    65. 

  65. 				)

    66. 

  66. 			),

    67. 

  67. 		);

    68. 

  68. 		$aWhitelist = array(

    69. 

  69. 			'section_title' => _wpsf__( 'Whitelist IPs that by-pass Login Protect' ),

    70. 

  70. 			'section_options' => array(

    71. 

  71. 				array(

    72. 

  72. 					'ips_whitelist',

    73. 

  73. 					'',

    74. 

  74. 					'',

    75. 

  75. 					'ip_addresses',

    76. 

  76. 					_wpsf__( 'Whitelist IP Addresses' ),

    77. 

  77. 					_wpsf__( 'Specify IP Addresses that by-pass all Login Protect rules' ),

    78. 

  78. 					sprintf( _wpsf__( 'Take a new line per address. Your IP address is: %s' ), '<span class="code">'.$this->getVisitorIpAddress( false ).'</span>' ),

    79. 

  79. 					'<a href="http://icwp.io/52" target="_blank">'._wpsf__( 'more info' ).'</a>'

    80. 

  80. 				)

    81. 

  81. 			)

    82. 

  82. 		);

    83. 

  83. 

    84. 

  84. 		$aTwoFactorAuth = array(

    85. 

  85. 			'section_title' => _wpsf__( 'Two-Factor Authentication Protection Options' ),

    86. 

  86. 			'section_options' => array(

    87. 

  87. 				array(

    88. 

  88. 					'two_factor_auth_user_roles',

    89. 

  89. 					'',

    90. 

  90. 					$this->getTwoFactorUserAuthRoles( true ), // default is Contributors, Authors, Editors and Administrators

    91. 

  91. 					$this->getTwoFactorUserAuthRoles(),

    92. 

  92. 					_wpsf__( 'Two-Factor Auth User Roles' ),

    93. 

  93. 					_wpsf__( 'All User Roles Subject To Two-Factor Authentication' ),

    94. 

  94. 					_wpsf__( 'Select which types of users/roles will be subject to two-factor login authentication.' ),

    95. 

  95. 					'<a href="http://icwp.io/4v" target="_blank">'._wpsf__( 'more info' ).'</a>'

    96. 

  96. 				),

    97. 

  97. 				array(

    98. 

  98. 					'enable_two_factor_auth_by_ip',

    99. 

  99. 					'',

    100. 

  100. 					'N',

    101. 

  101. 					'checkbox',

    102. 

  102. 					sprintf( _wpsf__( 'Two-Factor Authentication (%s)' ), _wpsf__('IP') ),

    103. 

  103. 					sprintf( _wpsf__( 'Two-Factor Login Authentication By %s' ), _wpsf__('IP Address') ),

    104. 

  104. 					_wpsf__( 'All users will be required to authenticate their logins by email-based two-factor authentication when logging in from a new IP address' ),

    105. 

  105. 					'<a href="http://icwp.io/3s" target="_blank">'._wpsf__( 'more info' ).'</a>'

    106. 

  106. 				),

    107. 

  107. 				array(

    108. 

  108. 					'enable_two_factor_auth_by_cookie',

    109. 

  109. 					'',

    110. 

  110. 					'N',

    111. 

  111. 					'checkbox',

    112. 

  112. 					sprintf( _wpsf__( 'Two-Factor Authentication (%s)' ), _wpsf__('Cookie') ),

    113. 

  113. 					sprintf( _wpsf__( 'Two-Factor Login Authentication By %s' ), _wpsf__('Cookie') ),

    114. 

  114. 					_wpsf__( 'This will restrict all user login sessions to a single browser. Use this if your users have dynamic IP addresses.' ),

    115. 

  115. 					'<a href="http://icwp.io/3t" target="_blank">'._wpsf__( 'more info' ).'</a>'

    116. 

  116. 				),

    117. 

  117. 				array(

    118. 

  118. 					'enable_two_factor_bypass_on_email_fail',

    119. 

  119. 					'',

    120. 

  120. 					'N',

    121. 

  121. 					'checkbox',

    122. 

  122. 					_wpsf__( 'By-Pass On Failure' ),

    123. 

  123. 					_wpsf__( 'If Sending Verification Email Sending Fails, Two-Factor Login Authentication Is Ignored' ),

    124. 

  124. 					_wpsf__( 'If you enable two-factor authentication and sending the email with the verification link fails, turning this setting on will by-pass the verification step. Use with caution' )

    125. 

  125. 				)

    126. 

  126. 			)

    127. 

  127. 		);

    128. 

  128. 		$aLoginProtect = array(

    129. 

  129. 			'section_title' => _wpsf__( 'Login Protection Options' ),

    130. 

  130. 			'section_options' => array(

    131. 

  131. 				array(

    132. 

  132. 					'login_limit_interval',

    133. 

  133. 					'',

    134. 

  134. 					'10',

    135. 

  135. 					'integer',

    136. 

  136. 					_wpsf__('Login Cooldown Interval'),

    137. 

  137. 					_wpsf__('Limit login attempts to every X seconds'),

    138. 

  138. 					_wpsf__('WordPress will process only ONE login attempt for every number of seconds specified. Zero (0) turns this off. Suggested: 5'),

    139. 

  139. 					'<a href="http://icwp.io/3q" target="_blank">'._wpsf__( 'more info' ).'</a>'

    140. 

  140. 				),

    141. 

  141. 				array(

    142. 

  142. 					'enable_login_gasp_check',

    143. 

  143. 					'',

    144. 

  144. 					'Y',

    145. 

  145. 					'checkbox',

    146. 

  146. 					_wpsf__( 'G.A.S.P Protection' ),

    147. 

  147. 					_wpsf__( 'Use G.A.S.P. Protection To Prevent Login Attempts By Bots' ),

    148. 

  148. 					_wpsf__( 'Adds a dynamically (Javascript) generated checkbox to the login form that prevents bots using automated login techniques. Recommended: ON' ),

    149. 

  149. 					'<a href="http://icwp.io/3r" target="_blank">'._wpsf__( 'more info' ).'</a>'

    150. 

  150. 				),

    151. 

  151. 				array(

    152. 

  152. 					'enable_prevent_remote_post',

    153. 

  153. 					'',

    154. 

  154. 					'Y',

    155. 

  155. 					'checkbox',

    156. 

  156. 					_wpsf__( 'Prevent Remote Login' ),

    157. 

  157. 					_wpsf__( 'Prevents Remote Login Attempts From Other Locations' ),

    158. 

  158. 					_wpsf__( 'Prevents any login attempts that do not originate from your website. This prevent bots from attempting to login remotely. Recommended: ON' ),

    159. 

  159. 					'<a href="http://icwp.io/4n" target="_blank">'._wpsf__( 'more info' ).'</a>'

    160. 

  160. 				)

    161. 

  161. 			)

    162. 

  162. 		);

    163. 

  163. 

    164. 

  164. 		$aYubikeyProtect = array(

    165. 

  165. 			'section_title' => _wpsf__( 'Yubikey Authentication' ),

    166. 

  166. 			'section_options' => array(

    167. 

  167. 				array(

    168. 

  168. 					'enable_yubikey',

    169. 

  169. 					'',

    170. 

  170. 					'N',

    171. 

  171. 					'checkbox',

    172. 

  172. 					_wpsf__('Enable Yubikey Authentication'),

    173. 

  173. 					_wpsf__('Turn On / Off Yubikey Authentication On This Site'),

    174. 

  174. 					_wpsf__('Combined with your Yubikey API Key (below) this will form the basis of your Yubikey Authentication'),

    175. 

  175. 					'<a href="http://icwp.io/4f" target="_blank">'._wpsf__( 'more info' ).'</a>'

    176. 

  176. 				),

    177. 

  177. 				array(

    178. 

  178. 					'yubikey_app_id',

    179. 

  179. 					'',

    180. 

  180. 					'',

    181. 

  181. 					'text',

    182. 

  182. 					_wpsf__('Yubikey App ID'),

    183. 

  183. 					_wpsf__('Your Unique Yubikey App ID'),

    184. 

  184. 					_wpsf__('Combined with your Yubikey API Key (below) this will form the basis of your Yubikey Authentication')

    185. 

  185. 					. _wpsf__( 'Please review the [more info] link on how to get your own Yubikey App ID and API Key.' ),

    186. 

  186. 					'<a href="http://icwp.io/4g" target="_blank">'._wpsf__( 'more info' ).'</a>'

    187. 

  187. 				),

    188. 

  188. 				array(

    189. 

  189. 					'yubikey_api_key',

    190. 

  190. 					'',

    191. 

  191. 					'',

    192. 

  192. 					'text',

    193. 

  193. 					_wpsf__( 'Yubikey API Key' ),

    194. 

  194. 					_wpsf__( 'Your Unique Yubikey App API Key' ),

    195. 

  195. 					_wpsf__( 'Combined with your Yubikey App ID (above) this will form the basis of your Yubikey Authentication.' )

    196. 

  196. 					. _wpsf__( 'Please review the [more info] link on how to get your own Yubikey App ID and API Key.' ),

    197. 

  197. 					'<a href="http://icwp.io/4g" target="_blank">'._wpsf__( 'more info' ).'</a>'

    198. 

  198. 				),

    199. 

  199. 				array(

    200. 

  200. 					'yubikey_unique_keys',

    201. 

  201. 					'',

    202. 

  202. 					'',

    203. 

  203. 					'yubikey_unique_keys',

    204. 

  204. 					_wpsf__( 'Yubikey Unique Keys' ),

    205. 

  205. 					_wpsf__( 'Permitted Username - Yubikey Pairs For This Site' ),

    206. 

  206. 					'<strong>'. sprintf( _wpsf__( 'Format: %s' ), 'Username,Yubikey').'</strong>'

    207. 

  207. 					.'<br />- '. _wpsf__( 'Provide Username<->Yubikey Pairs that are usable on this site.')

    208. 

  208. 					.'<br />- '. _wpsf__( 'If a Username if not assigned a Yubikey, Yubikey Authentication is OFF for that user.')

    209. 

  209. 					.'<br />- '. _wpsf__( 'Each [Username,Key] pair should be separated by a new line: you only need to provide the first 12 characters of the yubikey.' ),

    210. 

  210. 					'<a href="http://icwp.io/4h" target="_blank">'._wpsf__( 'more info' ).'</a>'

    211. 

  211. 				),

    212. 

  212. 				/*

    213. 

  213. 				array(

    214. 

  214. 					'enable_yubikey_only',

    215. 

  215. 					'',

    216. 

  216. 					'N',

    217. 

  217. 					'checkbox',

    218. 

  218. 					_wpsf__('Enable Yubikey Only'),

    219. 

  219. 					_wpsf__('Turn On / Off Yubikey Only Authentication'),

    220. 

  220. 					_wpsf__('Yubikey Only Authentication is where you can login into your WordPress site with just a Yubikey OTP.')

    221. 

  221. 					.'<br />- '. _wpsf__("You don't need to enter a username or a password, just a valid Yubikey OTP.")

    222. 

  222. 					.'<br />- '. _wpsf__("Check your list of Yubikeys as only 1 WordPress username may be assigned to a given Yubikey ID (but you may have multiple Yubikeys for a given username)."),

    223. 

  223. 					sprintf( _wpsf__( '%smore info%s' ), '<a href="http://icwp.io/4f" target="_blank">', '</a>' )

    224. 

  224. 				),*/

    225. 

  225. 			)

    226. 

  226. 		);

    227. 

  227. 		

    228. 

  228. 		$aLoggingSection = array(

    229. 

  229. 			'section_title' => _wpsf__( 'Logging Options' ),

    230. 

  230. 			'section_options' => array(

    231. 

  231. 				array(

    232. 

  232. 					'enable_login_protect_log',

    233. 

  233. 					'',

    234. 

  234. 					'N',

    235. 

  235. 					'checkbox',

    236. 

  236. 					_wpsf__( 'Login Protect Logging' ),

    237. 

  237. 					_wpsf__( 'Turn on a detailed Login Protect Log' ),

    238. 

  238. 					_wpsf__( 'Will log every event related to login protection and how it is processed. Not recommended to leave on unless you want to debug something and check the login protection is working as you expect.' )

    239. 

  239. 				)

    240. 

  240. 			)

    241. 

  241. 		);

    242. 

  242. 

    243. 

  243. 		$this->m_aOptions = array(

    244. 

  244. 			$aOptionsBase,

    245. 

  245. 			$aWhitelist,

    246. 

  246. 			$aLoginProtect,

    247. 

  247. 			$aTwoFactorAuth,

    248. 

  248. 			$aYubikeyProtect,

    249. 

  249. 			$aLoggingSection

    250. 

  250. 		);

    251. 

  251. 	}

    252. 

  252. 

    253. 

  253. 	/**

    254. 

  254. 	 * @param boolean $fAsDefaults

    255. 

  255. 	 * @return array

    256. 

  256. 	 */

    257. 

  257. 	protected function getTwoFactorUserAuthRoles( $fAsDefaults = false ) {

    258. 

  258. 		$aTwoAuthRoles = array( 'type' => 'multiple_select',

    259. 

  259. 			0	=> _wpsf__('Subscribers'),

    260. 

  260. 			1	=> _wpsf__('Contributors'),

    261. 

  261. 			2	=> _wpsf__('Authors'),

    262. 

  262. 			3	=> _wpsf__('Editors'),

    263. 

  263. 			8	=> _wpsf__('Administrators')

    264. 

  264. 		);

    265. 

  265. 		if ( $fAsDefaults ) {

    266. 

  266. 			unset($aTwoAuthRoles['type']);

    267. 

  267. 			unset($aTwoAuthRoles[0]);

    268. 

  268. 			return array_keys($aTwoAuthRoles);

    269. 

  269. 		}

    270. 

  270. 		return $aTwoAuthRoles;

    271. 

  271. 	}

    272. 

  272. }

    273. 

  273. 

    274. 

  274. endif;
    275.