Changeset 3473638
- Timestamp:
- 03/03/2026 12:40:24 PM (4 weeks ago)
- Location:
- adaptive-login-action
- Files:
-
- 2 added
- 7 edited
-
assets/screenshot-3.png (modified) (previous)
-
assets/screenshot-4.png (added)
-
assets/screenshot-5.png (added)
-
trunk/adaptive-login-action.php (modified) (13 diffs)
-
trunk/includes/admin/admin-style.css (modified) (2 diffs)
-
trunk/includes/admin/options.php (modified) (8 diffs)
-
trunk/includes/functions.php (modified) (6 diffs)
-
trunk/readme.txt (modified) (4 diffs)
-
trunk/style.css (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
adaptive-login-action/trunk/adaptive-login-action.php
r3471981 r3473638 4 4 Plugin URI: https://wpgear.xyz/adaptive-login-action 5 5 Description: Compromise between Comfort and Paranoia. 6 Version: 2.10.16 Version: 3.11 7 7 Text Domain: adaptive-login-action 8 8 Domain Path: /languages … … 61 61 $Option_SecretKey = $Options['secretkey']; 62 62 $Option_WhiteListIP = $Options['whitelist_ip']; 63 $Option_ZerroTrustMode = $Options['zerro_trust_mode']; 63 $Option_ZeroTrustMode = $Options['zero_trust_mode']; 64 65 $Option_RestrictiveTimeout_Enable = $Options['restrictive_timeout_enable']; 66 $Option_RestrictiveTimeout_Limit = $Options['restrictive_timeout_limit']; 67 $Option_RestrictiveTimeout_Delay = $Options['restrictive_timeout_delay']; 64 68 65 69 if ($Option_Enable) { 70 $Timeout_Delay_Sec = $Option_RestrictiveTimeout_Delay * 60; 71 AdaptiveLoginAction_Debugger ($Timeout_Delay_Sec, '$Timeout_Delay_Sec', $debug_process, __FUNCTION__, __LINE__); 72 66 73 $UserIP = AdaptiveLoginAction_GetUserIP(); 67 74 AdaptiveLoginAction_Debugger ($UserIP, '$UserIP', $debug_process, __FUNCTION__, __LINE__); 68 75 69 if ($Option_Zer roTrustMode) {70 // Zer ro Trust Mode76 if ($Option_ZeroTrustMode) { 77 // Zero Trust Mode 71 78 72 79 $Trusted = false; … … 75 82 $IP_Options = get_option('adaptive-login-action_ip_' .$UserIP, array()); 76 83 AdaptiveLoginAction_Debugger ($IP_Options, '$IP_Options', $debug_process, __FUNCTION__, __LINE__); 84 85 if ($Option_RestrictiveTimeout_Enable) { 86 $IP_Chain_Errors = isset($IP_Options['chain_errors']) ? $IP_Options['chain_errors'] : 0; 87 $IP_TimeStamp = isset($IP_Options['timestamp']) ? $IP_Options['timestamp'] : 0; 88 89 $Threshold = $Option_RestrictiveTimeout_Limit - $IP_Chain_Errors; 90 AdaptiveLoginAction_Debugger ($Threshold, '$Threshold', $debug_process, __FUNCTION__, __LINE__); 91 92 if ($Threshold == 1) { 93 // Осталась 1 Попытка до Блокировки 94 ?> 95 <div class="adaptive-login-action_threshold"> 96 <?php echo esc_html( __('1 Attempt left before Blocking!', 'adaptive-login-action') ); ?> 97 </div> 98 <?php 99 } 100 101 if ($IP_TimeStamp > 0 && $Threshold <= 0 && $Option_RestrictiveTimeout_Delay > 0) { 102 // Блокировка IP 103 $TimeStamp_Now = time(); 104 AdaptiveLoginAction_Debugger ($TimeStamp_Now, '$TimeStamp_Now', $debug_process, __FUNCTION__, __LINE__); 105 106 $TimeLeft = $Timeout_Delay_Sec - ($TimeStamp_Now - $IP_TimeStamp); 107 AdaptiveLoginAction_Debugger ($TimeLeft, '$TimeLeft', $debug_process, __FUNCTION__, __LINE__); 108 109 if ($TimeLeft > 0) { 110 $TimeLeft = date("H:i:s", $TimeLeft); 111 112 ?> 113 <div class="adaptive-login-action_blocked"> 114 <?php echo esc_html( __('Access has been temporarily blocked due to a large number of unsuccessful attempts', 'adaptive-login-action') ); ?> 115 </div> 116 <div class="adaptive-login-action_blocked_timeout"> 117 <?php echo esc_html( __('Time left', 'adaptive-login-action') ) .': ' .esc_html( $TimeLeft ) ?> 118 </div> 119 120 <div class="adaptive-login-action_security_field_ip"> 121 IP: <span><?php echo esc_html( $UserIP ); ?></span> 122 </div> 123 <?php 124 125 exit(); 126 127 } else { 128 // Reset 129 AdaptiveLoginAction_Update_LoginIP ($UserIP, null); 130 } 131 } 132 } 77 133 78 134 $LastOK = isset($IP_Options['last_ok']) ? $IP_Options['last_ok'] : 0; … … 128 184 if ($UserIP) { 129 185 $Login = isset($_REQUEST['log']) ? sanitize_text_field( wp_unslash( $_REQUEST['log'] ) ) : ''; // phpcs:ignore 186 AdaptiveLoginAction_Debugger ($Login, '$Login', $debug_process, __FUNCTION__, __LINE__); 130 187 131 188 if ($Login) { 189 $user = get_user_by ('login', $Login); 190 191 if (!$user) { 192 $user = get_user_by ('email', $Login); 193 } 194 195 if ($user) { 196 $User_ID = $user -> ID; 197 198 } else { 199 // Нет такого Пользователя. Будем считать его как ID=0 200 $User_ID = 0; 201 } 202 203 AdaptiveLoginAction_Debugger ($User_ID, '$User_ID', $debug_process, __FUNCTION__, __LINE__); 204 205 $UserLastLoginData = AdaptiveLoginAction_Get_UserLastLoginData_by_ID ($User_ID); 206 AdaptiveLoginAction_Debugger ($UserLastLoginData, '$UserLastLoginData', $debug_process, __FUNCTION__, __LINE__); 207 208 $User_LoginErrors = isset($UserLastLoginData['errors']) ? $UserLastLoginData['errors'] : 0; 209 $User_LoginTimeStamp = isset($UserLastLoginData['timestamp']) ? $UserLastLoginData['timestamp'] : null; 210 $User_LoginLastIP = isset($UserLastLoginData['last_ip']) ? $UserLastLoginData['last_ip'] : null; 211 212 if ($Option_RestrictiveTimeout_Enable) { 213 $Threshold = $Option_RestrictiveTimeout_Limit - $User_LoginErrors; 214 AdaptiveLoginAction_Debugger ($Threshold, '$Threshold', $debug_process, __FUNCTION__, __LINE__); 215 216 if ($Threshold == 1) { 217 // Осталась 1 Попытка до Блокировки 218 ?> 219 <div class="adaptive-login-action_threshold"> 220 <?php echo esc_html( __('1 Attempt left before Blocking!', 'adaptive-login-action') ); ?> 221 </div> 222 <?php 223 } 224 225 if ($User_LoginTimeStamp > 0 && $Threshold <= 0 && $Option_RestrictiveTimeout_Delay > 0) { 226 // Блокировка User 227 $TimeStamp_Now = time(); 228 AdaptiveLoginAction_Debugger ($TimeStamp_Now, '$TimeStamp_Now', $debug_process, __FUNCTION__, __LINE__); 229 230 $TimeLeft = $Timeout_Delay_Sec - ($TimeStamp_Now - $User_LoginTimeStamp); 231 AdaptiveLoginAction_Debugger ($TimeLeft, '$TimeLeft', $debug_process, __FUNCTION__, __LINE__); 232 233 if ($TimeLeft > 0) { 234 $TimeLeft = date("H:i:s", $TimeLeft); 235 236 ?> 237 <div class="adaptive-login-action_blocked"> 238 <?php echo esc_html( __('Access has been temporarily blocked due to a large number of unsuccessful attempts', 'adaptive-login-action') ); ?> 239 </div> 240 <div class="adaptive-login-action_blocked_timeout"> 241 <?php echo esc_html( __('Time left', 'adaptive-login-action') ) .': ' .esc_html( $TimeLeft ) ?> 242 </div> 243 244 <div class="adaptive-login-action_security_field_ip"> 245 IP: <span><?php echo esc_html( $UserIP ); ?></span> 246 </div> 247 <?php 248 249 exit(); 250 251 } else { 252 // Reset 253 AdaptiveLoginAction_Update_UserLastLoginData_by_ID($User_ID, null); 254 } 255 } 256 } 257 258 132 259 // Ext. Security. 133 260 ?> … … 149 276 } 150 277 151 /* Zer ro Trust Mode -> Check Secret Key278 /* Zero Trust Mode -> Check Secret Key 152 279 ----------------------------------------------------------------- */ 153 280 add_filter('wp_authenticate_user', 'AdaptiveLoginAction_Filter_wp_authenticate_user', 10); … … 162 289 $Option_Enable = $Options['enable']; 163 290 $Option_SecretKey = $Options['secretkey']; 164 $Option_Zer roTrustMode = $Options['zerro_trust_mode'];291 $Option_ZeroTrustMode = $Options['zero_trust_mode']; 165 292 166 293 if ($Option_Enable) { 167 if ($Option_Zer roTrustMode) {168 // Zer ro Trust Mode. Check Secret Key294 if ($Option_ZeroTrustMode) { 295 // Zero Trust Mode. Check Secret Key 169 296 170 297 $SecretKey_Input = isset($_REQUEST['adaptive-login-action_secretkey']) ? sanitize_text_field( wp_unslash( $_REQUEST['adaptive-login-action_secretkey'] ) ) : null; // phpcs:ignore … … 257 384 258 385 $Option_Enable = $Options['enable']; 259 $Option_Zer roTrustMode = $Options['zerro_trust_mode'];386 $Option_ZeroTrustMode = $Options['zero_trust_mode']; 260 387 261 388 if ($Option_Enable) { 262 if (! $Option_ZerroTrustMode ) { 389 if ($Option_ZeroTrustMode ) { 390 // Zero Trust Mode. 391 } else { 263 392 // Dynamics IP Mode. 264 393 … … 268 397 269 398 if ($User_ID) { 270 $User_IP = AdaptiveLoginAction_GetUserIP (); 271 $TimeStamp = time(); 272 273 $UserLastLoginData= array ( 274 'errors' => 0, 275 'timestamp' => $TimeStamp, 276 'last_ip' => $User_IP, 277 ); 278 AdaptiveLoginAction_Debugger ($UserLastLoginData, '$UserLastLoginData', $debug_process, __FUNCTION__, __LINE__); 279 280 update_option('adaptive-login-action_user_id_' .$User_ID, $UserLastLoginData); // phpcs:ignore 399 $Success = true; 400 401 AdaptiveLoginAction_Update_UserLastLoginData_by_ID ($User_ID, $Success); 281 402 } 282 403 } … … 323 444 ----------------------------------------------------------------- */ 324 445 add_action('wp_login_failed', 'AdaptiveLoginAction_Action_wp_login_failed', 9999, 2); 325 function AdaptiveLoginAction_Action_wp_login_failed ($ username, $error){446 function AdaptiveLoginAction_Action_wp_login_failed ($Login, $error){ 326 447 $debug_process = 'wp_login_failed'; 327 448 328 AdaptiveLoginAction_Debugger ($ username, '$username', $debug_process, __FUNCTION__, __LINE__);449 AdaptiveLoginAction_Debugger ($Login, '$Login', $debug_process, __FUNCTION__, __LINE__); 329 450 AdaptiveLoginAction_Debugger ($error, '$error', $debug_process, __FUNCTION__, __LINE__); 330 451 331 452 $Options = AdaptiveLoginAction_Get_Options(); 453 AdaptiveLoginAction_Debugger ($Options, '$Options', $debug_process, __FUNCTION__, __LINE__); 332 454 333 455 $Option_Enable = $Options['enable']; 334 $Option_Zer roTrustMode = $Options['zerro_trust_mode'];456 $Option_ZeroTrustMode = $Options['zero_trust_mode']; 335 457 336 458 if ($Option_Enable) { 337 if ($Option_Zer roTrustMode) {338 // Zer ro Trust Mode.459 if ($Option_ZeroTrustMode) { 460 // Zero Trust Mode. 339 461 340 462 $UserIP = AdaptiveLoginAction_GetUserIP(); 341 342 if (AdaptiveLoginAction_Check_Plugin_Installed ('new-users-monitor')) { 343 // New Users Monitor. Integration. 463 AdaptiveLoginAction_Debugger ($UserIP, '$UserIP', $debug_process, __FUNCTION__, __LINE__); 464 465 $is_Plugin_NewUsersMonitor_Installed = AdaptiveLoginAction_Check_Plugin_Installed ('new-users-monitor'); 466 AdaptiveLoginAction_Debugger ($is_Plugin_NewUsersMonitor_Installed, '$is_Plugin_NewUsersMonitor_Installed', $debug_process, __FUNCTION__, __LINE__); 467 468 if ($is_Plugin_NewUsersMonitor_Installed) { 469 // New Users Monitor. Integration. (Недоделано.) 344 470 $is_User_Confirmed = false; 345 471 346 $user = get_user_by ('login', $username); 472 $user = get_user_by ('login', $Login); 473 474 if (!$user) { 475 $user = get_user_by ('email', $Login); 476 } 347 477 348 478 if ($user) { … … 350 480 351 481 $is_User_Confirmed = get_user_meta ($User_ID, 'num_confirm', true); 482 AdaptiveLoginAction_Debugger ($is_User_Confirmed, '$is_User_Confirmed', $debug_process, __FUNCTION__, __LINE__); 352 483 } 353 484 } else { … … 355 486 } 356 487 357 if ($is_User_Confirmed) { 488 AdaptiveLoginAction_Debugger ($is_User_Confirmed, '$is_User_Confirmed', $debug_process, __FUNCTION__, __LINE__); 489 490 // if ($is_User_Confirmed) { 358 491 if ($UserIP) { 359 492 // Remember the Failed of the Login from this IP … … 362 495 AdaptiveLoginAction_Update_LoginIP ($UserIP, $Success); 363 496 } 364 }497 // } 365 498 366 499 } else { … … 373 506 AdaptiveLoginAction_Debugger ($Error_Code, '$Error_Code', $debug_process, __FUNCTION__, __LINE__); 374 507 375 if ($Error_Code == 'incorrect_password'){ 376 $User = get_user_by( 'login', $username ); 377 378 if ($User) { 379 $User_ID = $User -> ID; 380 AdaptiveLoginAction_Debugger ($User_ID, '$User_ID', $debug_process, __FUNCTION__, __LINE__); 508 if ($Error_Code == 'incorrect_password' || $Error_Code == 'invalid_username' || $Error_Code == 'secret_string_problem'){ 509 $user = get_user_by( 'login', $Login ); 510 511 if (!$user) { 512 $user = get_user_by ('email', $Login); 513 } 514 515 if ($user) { 516 $User_ID = $user -> ID; 381 517 382 AdaptiveLoginAction_Update_UserLastLoginData_by_ID ($User_ID); 518 } else { 519 // Нет такого Пользователя. Будем считать его как ID=0 520 $User_ID = 0; 383 521 } 522 523 AdaptiveLoginAction_Debugger ($User_ID, '$User_ID', $debug_process, __FUNCTION__, __LINE__); 524 525 $Success = false; 526 AdaptiveLoginAction_Update_UserLastLoginData_by_ID ($User_ID, $Success); 384 527 } 385 528 } -
adaptive-login-action/trunk/includes/admin/admin-style.css
r3216517 r3473638 6 6 margin-left: 20px; 7 7 } 8 .adaptive-login-action_options_section { 9 margin-left: 20px; 10 margin-bottom: 10px; 11 } 12 .adaptive-login-action_options_section table th { 13 padding-top: 10px !important; 14 padding-bottom: 5px !important; 15 padding-right: 10px; 16 width: 300px; 17 } 18 .adaptive-login-action_options_section table td { 19 padding-top: 10px !important; 20 padding-bottom: 5px !important; 21 } 8 22 .adaptive_login_action_option_field_label { 9 23 font-weight: normal !important; … … 11 25 .adaptive_login_action_option_whitelist_ip { 12 26 27 } 28 .adaptive_login_action_options_field_input_number input{ 29 width: 4em; 13 30 } 14 31 .adaptive_login_action_warning { -
adaptive-login-action/trunk/includes/admin/options.php
r3471962 r3473638 18 18 19 19 if ($AdaptiveLoginAction_Action == 'Update') { 20 $AdaptiveLoginAction_NonceRequest = isset($_REQUEST['_wpnonce']) ? sanitize_text_field( wp_unslash( $_REQUEST['_wpnonce'] ) ) : 'none'; 21 $AdaptiveLoginAction_AdminOnly = isset($_REQUEST['adaptive_login_action_option_adminonly']) ? 1 : 0; 22 $AdaptiveLoginAction_Enable = isset($_REQUEST['adaptive_login_action_option_enable']) ? 1 : 0; 23 $AdaptiveLoginAction_SecretKey = isset($_REQUEST['adaptive_login_action_option_secretkey']) ? sanitize_text_field( wp_unslash( $_REQUEST['adaptive_login_action_option_secretkey'] ) ) : ''; 24 $AdaptiveLoginAction_ZerroTrustMode_Enable = isset($_REQUEST['adaptive_login_action_option_zerro_trust_mode']) ? 1 : 0; 25 $AdaptiveLoginAction_WhiteListIP = isset($_REQUEST['adaptive_login_action_option_whitelist_ip']) ? sanitize_textarea_field( wp_unslash( $_REQUEST['adaptive_login_action_option_whitelist_ip'] ) ) : ''; 26 $AdaptiveLoginAction_WhiteListAutoUpdate = isset($_REQUEST['adaptive_login_action_option_whitelist_ip_autoupdate']) ? 1 : 0; 27 $AdaptiveLoginAction_Clearing = isset($_REQUEST['adaptive_login_action_option_clearing']) ? 1 : 0; 20 $AdaptiveLoginAction_NonceRequest = isset($_REQUEST['_wpnonce']) ? sanitize_text_field( wp_unslash( $_REQUEST['_wpnonce'] ) ) : 'none'; 21 $AdaptiveLoginAction_AdminOnly = isset($_REQUEST['adaptive_login_action_option_adminonly']) ? 1 : 0; 22 $AdaptiveLoginAction_Enable = isset($_REQUEST['adaptive_login_action_option_enable']) ? 1 : 0; 23 $AdaptiveLoginAction_SecretKey = isset($_REQUEST['adaptive_login_action_option_secretkey']) ? sanitize_text_field( wp_unslash( $_REQUEST['adaptive_login_action_option_secretkey'] ) ) : ''; 24 $AdaptiveLoginAction_ZeroTrustMode_Enable = isset($_REQUEST['adaptive_login_action_option_zero_trust_mode']) ? 1 : 0; 25 $AdaptiveLoginAction_WhiteListIP = isset($_REQUEST['adaptive_login_action_option_whitelist_ip']) ? sanitize_textarea_field( wp_unslash( $_REQUEST['adaptive_login_action_option_whitelist_ip'] ) ) : ''; 26 $AdaptiveLoginAction_WhiteListAutoUpdate = isset($_REQUEST['adaptive_login_action_option_whitelist_ip_autoupdate']) ? 1 : 0; 27 $AdaptiveLoginAction_RestrictiveTimeout_Enable = isset($_REQUEST['adaptive_login_action_option_restrictive_timeout_enable']) ? 1 : 0; 28 $AdaptiveLoginAction_RestrictiveTimeout_Limit = isset($_REQUEST['adaptive_login_action_option_restrictive_timeout_limit']) ? absint($_REQUEST['adaptive_login_action_option_restrictive_timeout_limit']) : 3; 29 $AdaptiveLoginAction_RestrictiveTimeout_Delay = isset($_REQUEST['adaptive_login_action_option_restrictive_timeout_delay']) ? absint($_REQUEST['adaptive_login_action_option_restrictive_timeout_delay']) : 5; 30 $AdaptiveLoginAction_Clearing = isset($_REQUEST['adaptive_login_action_option_clearing']) ? 1 : 0; 28 31 29 32 if (!wp_verify_nonce ($AdaptiveLoginAction_NonceRequest, $AdaptiveLoginAction_NonceKey)) { … … 33 36 <hr> 34 37 <div class="adaptive_login_action_options_box"> 35 <?php echo esc_html( __('Warning! Data Incorrect. Update Disable .', 'adaptive-login-action') ); ?>38 <?php echo esc_html( __('Warning! Data Incorrect. Update Disable', 'adaptive-login-action') ); ?> 36 39 </div> 37 40 </div> … … 66 69 'enable' => $AdaptiveLoginAction_Enable, 67 70 'secretkey' => $AdaptiveLoginAction_SecretKey, 68 'zer ro_trust_mode' => $AdaptiveLoginAction_ZerroTrustMode_Enable,71 'zero_trust_mode' => $AdaptiveLoginAction_ZeroTrustMode_Enable, 69 72 'whitelist_ip' => $AdaptiveLoginAction_WhiteListIP_txt, 70 73 'whitelist_ip_autoupdate' => $AdaptiveLoginAction_WhiteListAutoUpdate, 74 'restrictive_timeout_enable' => $AdaptiveLoginAction_RestrictiveTimeout_Enable, 75 'restrictive_timeout_limit' => $AdaptiveLoginAction_RestrictiveTimeout_Limit, 76 'restrictive_timeout_delay' => $AdaptiveLoginAction_RestrictiveTimeout_Delay, 71 77 'clearing' => $AdaptiveLoginAction_Clearing, 72 78 ); 73 79 AdaptiveLoginAction_Debugger ($AdaptiveLoginAction_Options, '$AdaptiveLoginAction_Options', $AdaptiveLoginAction_DebugProcess, __FUNCTION__, __LINE__); // phpcs:ignore 80 74 81 update_option( 'adaptive-login-action_option', $AdaptiveLoginAction_Options ); // phpcs:ignore 75 82 … … 87 94 88 95 $AdaptiveLoginAction_Options = AdaptiveLoginAction_Get_Options(); 89 90 $AdaptiveLoginAction_AdminOnly = $AdaptiveLoginAction_Options['adminonly']; 91 $AdaptiveLoginAction_Enable = $AdaptiveLoginAction_Options['enable']; 92 $AdaptiveLoginAction_SecretKey = $AdaptiveLoginAction_Options['secretkey']; 93 $AdaptiveLoginAction_ZerroTrustMode_Enable = $AdaptiveLoginAction_Options['zerro_trust_mode']; 94 $AdaptiveLoginAction_WhiteListIP = $AdaptiveLoginAction_Options['whitelist_ip']; 95 $AdaptiveLoginAction_WhiteListAutoUpdate = $AdaptiveLoginAction_Options['whitelist_ip_autoupdate']; 96 $AdaptiveLoginAction_Clearing = $AdaptiveLoginAction_Options['clearing']; 96 AdaptiveLoginAction_Debugger ($AdaptiveLoginAction_Options, '$AdaptiveLoginAction_Options', $AdaptiveLoginAction_DebugProcess, __FUNCTION__, __LINE__); // phpcs:ignore 97 98 $AdaptiveLoginAction_AdminOnly = $AdaptiveLoginAction_Options['adminonly']; 99 $AdaptiveLoginAction_Enable = $AdaptiveLoginAction_Options['enable']; 100 $AdaptiveLoginAction_SecretKey = $AdaptiveLoginAction_Options['secretkey']; 101 $AdaptiveLoginAction_ZeroTrustMode_Enable = $AdaptiveLoginAction_Options['zero_trust_mode']; 102 $AdaptiveLoginAction_WhiteListIP = $AdaptiveLoginAction_Options['whitelist_ip']; 103 $AdaptiveLoginAction_WhiteListAutoUpdate = $AdaptiveLoginAction_Options['whitelist_ip_autoupdate']; 104 $AdaptiveLoginAction_RestrictiveTimeout_Enable = $AdaptiveLoginAction_Options['restrictive_timeout_enable']; 105 $AdaptiveLoginAction_RestrictiveTimeout_Limit = $AdaptiveLoginAction_Options['restrictive_timeout_limit']; 106 $AdaptiveLoginAction_RestrictiveTimeout_Delay = $AdaptiveLoginAction_Options['restrictive_timeout_delay']; 107 $AdaptiveLoginAction_Clearing = $AdaptiveLoginAction_Options['clearing']; 97 108 98 109 if ($AdaptiveLoginAction_AdminOnly) { … … 116 127 <form name="form_AdaptiveLoginAction_Options" method="post" style="margin-top: 20px;"> 117 128 <h3><?php echo esc_html( __('General', 'adaptive-login-action') ); ?></h3> 118 <div style="margin-left: 20px; margin-bottom: 10px;">129 <div class="adaptive-login-action_options_section"> 119 130 <table class="form-table"> 120 131 <tbody> … … 166 177 <hr> 167 178 168 <h3><?php echo esc_html( __('Zer ro-Trust Mode', 'adaptive-login-action') ); ?></h3>179 <h3><?php echo esc_html( __('Zero-Trust Mode', 'adaptive-login-action') ); ?></h3> 169 180 <div> 170 181 <p> 171 Recommended for small groups of regular Users with a Static IP Address.<br> 172 Not recommended for Dynamic IP Addresses or Mobile Users. 182 <?php echo esc_html( __('Recommended for small groups of regular Users with a Static IP Address', 'adaptive-login-action') ) .'.'; ?> 183 <br> 184 <?php echo esc_html( __('Not recommended for Dynamic IP Addresses or Mobile Users', 'adaptive-login-action') ) .'.'; ?> 173 185 </p> 174 186 </div> 175 <div style="margin-left: 20px; margin-bottom: 10px;">187 <div class="adaptive-login-action_options_section"> 176 188 <table class="form-table"> 177 189 <tbody> 178 190 <tr> 179 191 <th scope="row" class="adaptive_login_action_option_field_label"> 180 <label for="adaptive_login_action_option_zer ro_trust_mode">181 <?php echo esc_html( __('Enable Zer ro-Trust Mode', 'adaptive-login-action') ); ?>182 </label> 183 </th> 184 <td class="adaptive_login_action_options_field_input"> 185 <input id="adaptive_login_action_option_zer ro_trust_mode" name="adaptive_login_action_option_zerro_trust_mode" type="checkbox" <?php if($AdaptiveLoginAction_ZerroTrustMode_Enable) {echo 'checked';} ?>>192 <label for="adaptive_login_action_option_zero_trust_mode"> 193 <?php echo esc_html( __('Enable Zero-Trust Mode', 'adaptive-login-action') ); ?> 194 </label> 195 </th> 196 <td class="adaptive_login_action_options_field_input"> 197 <input id="adaptive_login_action_option_zero_trust_mode" name="adaptive_login_action_option_zero_trust_mode" type="checkbox" <?php if($AdaptiveLoginAction_ZeroTrustMode_Enable) {echo 'checked';} ?>> 186 198 <span class="adaptive_login_action_options_field_description"> 187 199 <?php echo esc_html( __('On/Off', 'adaptive-login-action') ); ?> … … 228 240 229 241 <hr> 242 243 <h3><?php echo esc_html( __('Restrictive Timeout', 'adaptive-login-action') ); ?></h3> 244 <div class="adaptive-login-action_options_section"> 245 <table class="form-table"> 246 <tbody> 247 <tr> 248 <th scope="row" class="adaptive_login_action_option_field_label"> 249 <label for="adaptive_login_action_option_restrictive_timeout_enable"> 250 <?php echo esc_html( __('Login denied after a series of unsuccessful attempts', 'adaptive-login-action') ); ?> 251 </label> 252 </th> 253 <td class="adaptive_login_action_options_field_input"> 254 <input id="adaptive_login_action_option_restrictive_timeout_enable" name="adaptive_login_action_option_restrictive_timeout_enable" type="checkbox" <?php if($AdaptiveLoginAction_RestrictiveTimeout_Enable) {echo 'checked';} ?>> 255 <span class="adaptive_login_action_options_field_description"> 256 <?php echo esc_html( __('On/Off', 'adaptive-login-action') ); ?> 257 </span> 258 </td> 259 </tr> 260 <tr> 261 <th scope="row" class="adaptive_login_action_option_field_label"> 262 <label for="adaptive_login_action_option_restrictive_timeout_limit"> 263 <?php echo esc_html( __('Number of unsuccessful attempts', 'adaptive-login-action') ); ?> 264 </label> 265 </th> 266 <td class="adaptive_login_action_options_field_input_number"> 267 <input id="adaptive_login_action_option_restrictive_timeout_limit" name="adaptive_login_action_option_restrictive_timeout_limit" type="number" min="1" value="<?php echo esc_attr( $AdaptiveLoginAction_RestrictiveTimeout_Limit ); ?>"> 268 <span class="adaptive_login_action_options_field_description"> 269 <?php echo esc_html( __('Limit', 'adaptive-login-action') ); ?> 270 </span> 271 </td> 272 </tr> 273 <tr> 274 <th scope="row" class="adaptive_login_action_option_field_label"> 275 <label for="adaptive_login_action_option_restrictive_timeout_delay"> 276 <?php echo esc_html( __('Temporary blocking', 'adaptive-login-action') ); ?> 277 </label> 278 </th> 279 <td class="adaptive_login_action_options_field_input_number"> 280 <input id="adaptive_login_action_option_restrictive_timeout_delay" name="adaptive_login_action_option_restrictive_timeout_delay" type="number" min="1" value="<?php echo esc_attr( $AdaptiveLoginAction_RestrictiveTimeout_Delay ); ?>"> 281 <span class="adaptive_login_action_options_field_description"> 282 <?php echo esc_html( __('Minutes', 'adaptive-login-action') ); ?> 283 </span> 284 </td> 285 </tr> 286 </tbody> 287 </table> 288 </div> 289 290 <hr> 230 291 231 292 <h3><?php echo esc_html( __('Clearing', 'adaptive-login-action') ); ?></h3> 232 <div style="margin-left: 20px; margin-bottom: 10px;">293 <div class="adaptive-login-action_options_section"> 233 294 <table class="form-table"> 234 295 <tbody> … … 236 297 <th scope="row" class="adaptive_login_action_option_field_label"> 237 298 <label for="adaptive_login_action_option_clearing"> 238 <?php echo esc_html( __('Delete MetaData with Uninstall Plugin .', 'adaptive-login-action') ); ?>299 <?php echo esc_html( __('Delete MetaData with Uninstall Plugin', 'adaptive-login-action') ); ?> 239 300 </label> 240 301 </th> -
adaptive-login-action/trunk/includes/functions.php
r3471962 r3473638 15 15 'enable' => 1, 16 16 'secretkey' => '', 17 'zer ro_trust_mode' => 1,17 'zero_trust_mode' => 1, 18 18 'whitelist_ip' => '', 19 19 'whitelist_ip_autoupdate' => 1, 20 'restrictive_timeout_enable' => 0, 21 'restrictive_timeout_limit' => 3, 22 'restrictive_timeout_delay' => 5, 20 23 'clearing' => 1, 21 24 ) 22 25 ); 23 26 24 $Option_AdminOnly = isset( $Options['adminonly'] ) ? $Options['adminonly'] : 1; 25 $Option_Enable = isset( $Options['enable'] ) ? $Options['enable'] : 1; 26 $Option_SecretKey = isset( $Options['secretkey'] ) ? $Options['secretkey'] : ''; 27 $Option_Zerro_Trust_Mode = isset( $Options['zerro_trust_mode'] ) ? $Options['zerro_trust_mode'] : 1; 28 $Option_WhiteListIP = isset( $Options['whitelist_ip'] ) ? $Options['whitelist_ip'] : ''; 29 $Option_WhiteListAutoUpdate = isset( $Options['whitelist_ip_autoupdate'] ) ? $Options['whitelist_ip_autoupdate'] : 1; 30 $Option_Clearing = isset( $Options['clearing'] ) ? $Options['clearing'] : 1; 27 $Option_AdminOnly = isset( $Options['adminonly'] ) ? $Options['adminonly'] : 1; 28 $Option_Enable = isset( $Options['enable'] ) ? $Options['enable'] : 1; 29 $Option_SecretKey = isset( $Options['secretkey'] ) ? $Options['secretkey'] : ''; 30 $Option_Zero_Trust_Mode = isset( $Options['zero_trust_mode'] ) ? $Options['zero_trust_mode'] : 1; 31 $Option_WhiteListIP = isset( $Options['whitelist_ip'] ) ? $Options['whitelist_ip'] : ''; 32 $Option_WhiteListAutoUpdate = isset( $Options['whitelist_ip_autoupdate'] ) ? $Options['whitelist_ip_autoupdate'] : 1; 33 $Option_RestrictiveTimeout_Enable = isset( $Options['restrictive_timeout_enable'] ) ? $Options['restrictive_timeout_enable'] : 0; 34 $Option_RestrictiveTimeout_Limit = isset( $Options['restrictive_timeout_limit'] ) ? $Options['restrictive_timeout_limit'] : 3; 35 $Option_RestrictiveTimeout_Delay = isset( $Options['restrictive_timeout_delay'] ) ? $Options['restrictive_timeout_delay'] : 5; 36 $Option_Clearing = isset( $Options['clearing'] ) ? $Options['clearing'] : 1; 31 37 32 38 if ($Option_WhiteListIP) { … … 38 44 'enable' => $Option_Enable, 39 45 'secretkey' => $Option_SecretKey, 40 'zer ro_trust_mode' => $Option_Zerro_Trust_Mode,46 'zero_trust_mode' => $Option_Zero_Trust_Mode, 41 47 'whitelist_ip' => $Option_WhiteListIP, 42 48 'whitelist_ip_autoupdate' => $Option_WhiteListAutoUpdate, 49 'restrictive_timeout_enable' => $Option_RestrictiveTimeout_Enable, 50 'restrictive_timeout_limit' => $Option_RestrictiveTimeout_Limit, 51 'restrictive_timeout_delay' => $Option_RestrictiveTimeout_Delay, 43 52 'clearing' => $Option_Clearing, 44 53 ); … … 69 78 } 70 79 71 /* Update IP-Stat (Zerro Trust Mode) 72 ----------------------------------------------------------------- */ 73 function AdaptiveLoginAction_Update_LoginIP ($UserIP, $Success = true) { 80 /* Update IP-Stat (Zero Trust Mode) 81 ----------------------------------------------------------------- */ 82 function AdaptiveLoginAction_Update_LoginIP ($UserIP, $Success) { 83 $debug_process = 'f_update_login-ip'; 84 74 85 $IP_Options = get_option('adaptive-login-action_ip_' .$UserIP, array()); 75 86 76 87 $IP_LoginTotal = isset($IP_Options['total']) ? $IP_Options['total'] : 0; 77 88 $IP_LoginSuccess = isset($IP_Options['success']) ? $IP_Options['success'] : 0; 78 79 $IP_LoginTotal += 1; 80 81 if ($Success == true) { 82 $LastOK = 1; 83 $IP_LoginSuccess += 1; 89 $IP_Chain_Errors = isset($IP_Options['chain_errors']) ? $IP_Options['chain_errors'] : 0; 90 91 if ( is_null($Success) ) { 92 // Reset 93 $LastOK = 0; 94 $IP_Chain_Errors = 0; 95 84 96 } else { 85 $LastOK = 0; 86 } 97 // Processing Success / Fail 98 $IP_LoginTotal += 1; 99 100 if ($Success == true) { 101 $LastOK = 1; 102 $IP_LoginSuccess += 1; 103 $IP_Chain_Errors = 0; 104 105 } else { 106 $LastOK = 0; 107 $IP_Chain_Errors += 1; 108 } 109 } 110 111 $TimeStamp = time(); 87 112 88 113 $IP_Options = array ( … … 90 115 'total' => $IP_LoginTotal, 91 116 'success' => $IP_LoginSuccess, 117 'chain_errors' => $IP_Chain_Errors, 118 'timestamp' => $TimeStamp, 92 119 ); 120 AdaptiveLoginAction_Debugger ($IP_Options, '$IP_Options', $debug_process, __FUNCTION__, __LINE__); 93 121 94 122 update_option('adaptive-login-action_ip_' .$UserIP, $IP_Options); // phpcs:ignore … … 134 162 /* Update User LastLoginData by ID (Dynamics IP Mode.) 135 163 ----------------------------------------------------------------- */ 136 function AdaptiveLoginAction_Update_UserLastLoginData_by_ID ($User_ID ) {164 function AdaptiveLoginAction_Update_UserLastLoginData_by_ID ($User_ID, $Success) { 137 165 $debug_process = 'f_update_user_lastlogindata_by_id'; 138 166 139 167 AdaptiveLoginAction_Debugger ($User_ID, '$User_ID', $debug_process, __FUNCTION__, __LINE__); 168 AdaptiveLoginAction_Debugger ($Success, '$Success', $debug_process, __FUNCTION__, __LINE__); 140 169 141 170 $UserLastLoginData = get_option( 'adaptive-login-action_user_id_' .$User_ID, array() ); … … 143 172 144 173 $User_LoginErrors = isset($UserLastLoginData['errors']) ? $UserLastLoginData['errors'] : 0; 145 $User_LoginErrors = $User_LoginErrors + 1; 146 174 175 if ( is_null($Success) ) { 176 // Reset 177 $User_LoginErrors = 0; 178 179 } else { 180 // Processing Success / Fail 181 if ($Success) { 182 $User_LoginErrors = 0; 183 } else { 184 $User_LoginErrors = $User_LoginErrors + 1; 185 } 186 } 187 147 188 $User_IP = AdaptiveLoginAction_GetUserIP (); 148 189 -
adaptive-login-action/trunk/readme.txt
r3471981 r3473638 8 8 License: GPLv2 9 9 License URI: https://www.gnu.org/licenses/gpl-2.0.html 10 Stable tag: 2.10.110 Stable tag: 3.11 11 11 12 12 Adaptive Login Form: Adjusting compromise between Comfort and Paranoia. … … 15 15 Adaptive Login Form: Adjusting compromise between Comfort and Paranoia. 16 16 17 2 Conception's: 18 1. "Zerro Trust Mode" 19 Recommended for small groups of regular Users with a Static IP Address. 20 Not recommended for Dynamic IP Addresses or Mobile Users. 21 22 If my current IP address is not marked as Dangerous since my last successful login, then there is no need to distrust me and force me to go through Quests to solve different types of Captchas. 23 In this case, the standard "Password" field is sufficient for one attempt. 17 Conception: 18 1. "Zero Trust Mode" 19 Recommended for small groups of regular Users with a Static IP Address. 20 Not recommended for Dynamic IP Addresses or Mobile Users. 24 21 25 But if the Attempt is unsuccessful, then we mark the IP address as Dangerous, and then it is possible and necessary to trick me (or the one who is trying to be me) with a more thorough login procedure. 22 If my current IP address is not marked as Dangerous since my last successful login, then there is no need to distrust me and force me to go through Quests to solve different types of Captchas. 23 In this case, the standard "Password" field is sufficient for one attempt. 26 24 27 There may be multilevel options. It doesn't matter (this will be gradually added to the functionality). We are now talking about the General Principle.25 But if the Attempt is unsuccessful, then we mark the IP address as Dangerous, and then it is possible and necessary to trick me (or the one who is trying to be me) with a more thorough login procedure. 28 26 29 Separate statistics are generated for each IP address and the ratio "Successful number of entries" / "Total number of entries" is determined. Depending on how close this parameter is to 100%, we can talk about the need for the Toughness of the Mistrust process.27 There may be multilevel options. It doesn't matter (this will be gradually added to the functionality). We are now talking about the General Principle. 30 28 31 This mechanism starts before the User enters his Login.29 Separate statistics are generated for each IP address and the ratio "Successful number of entries" / "Total number of entries" is determined. Depending on how close this parameter is to 100%, we can talk about the need for the Toughness of the Mistrust process. 32 30 33 The more Unsuccessful Login attempts occur from a given IP Address, the more thoroughly it is checked. 34 Conversely, the Login procedure can be simplified as much as possible if there is no obvious reason. 31 This mechanism starts before the User enters his Login. 35 32 36 2. "Dynamics IP Mode" 37 Recommended for mobile Users with a Dynamic IP Address. 38 Not recommended for Static IP Addresses. 39 40 If the User's previous login was successful, their next authentication is performed using a simplified method. 41 Simply enter the correct password. However, only one attempt is allowed. 42 If the password was entered incorrectly, an additional security element is added to the login form: the "Secret Key" field. 33 The more Unsuccessful Login attempts occur from a given IP Address, the more thoroughly it is checked. 34 Conversely, the Login procedure can be simplified as much as possible if there is no obvious reason. 43 35 44 If multiple consecutive unsuccessful login attempts occur, a Restrictive Timeout may be activated for the given User. 36 2. "Dynamics IP Mode" 37 Recommended for mobile Users with a Dynamic IP Address. 38 Not recommended for Static IP Addresses. 39 40 If the User's previous login was successful, their next authentication is performed using a simplified method. 41 Simply enter the correct password. However, only one attempt is allowed. 42 If the password was entered incorrectly, an additional security element is added to the login form: the "Secret Key" field. 45 43 46 44 = Futured = … … 51 49 This will not be indicated in the error message. There will always be only one message: "Authentication Failed". 52 50 Thus, we do not explicitly indicate to the potential Villain / Bot the reason for the denial of access. And the more such Reasons there are, the more complicated the Entry procedure becomes. 51 - If multiple consecutive unsuccessful login attempts occur, a Restrictive Timeout may be activated for the given User. 53 52 - <a href="https://wordpress.org/plugins/new-users-monitor/">Integration with "New Users Monitor"</a> 54 53 … … 65 64 1. screenshot-1.png This is the "Login Form" with "Adaptive Login Action" - Mode: Normal. 66 65 2. screenshot-2.png This is the "Login Form" with "Adaptive Login Action" - Mode: Security. 67 3. screenshot-3.png This is the "Adaptive Login Action" Options page. 66 3. screenshot-3.png This is the "Login Form" with "Adaptive Login Action" - Mode: Security. 1 Attempt left before Blocking. 67 4. screenshot-4.png This is the "Login Form" with "Adaptive Login Action" - Mode: Security. Access temporarily blocked. 68 5. screenshot-5.png This is the "Adaptive Login Action" Options page. 68 69 69 70 == Changelog == 71 = 3.11 = 72 2026.03.02 73 * Add Restrictive Timeout. 74 * Add Screenshots. 75 70 76 = 2.10.1 = 71 77 2026.03.01 72 78 * Change Readme.txt 73 * Change screenshot-3 ("Adaptive Login Action" Options page)79 * Change Screenshot-3 ("Adaptive Login Action" Options page) 74 80 75 81 = 2.10 = -
adaptive-login-action/trunk/style.css
r3471962 r3473638 36 36 padding-right: 5px; 37 37 } 38 .adaptive-login-action_threshold { 39 font-size: larger; 40 font-weight: bold; 41 text-align: center; 42 padding-bottom: 10px; 43 } 44 .adaptive-login-action_blocked { 45 color: red; 46 text-align: center; 47 } 48 .adaptive-login-action_blocked_timeout { 49 text-align: center; 50 padding-top: 10px; 51 }
Note: See TracChangeset
for help on using the changeset viewer.