Lubuntu
/
lubuntu.me
mirror of https://github.com/lubuntu-team/lubuntu.me.git
8
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9a3748aa8e'
${ noResults }
lubuntu.me/plugins/all-in-one-wp-security-and-.../classes/wp-security-process-renamed...

193 lines
8.7 KiB
Raw Normal View History Unescape

initial commit
8 years ago
<?php
class AIOWPSecurity_Process_Renamed_Login_Page
{
function __construct()
{
add_action('login_init', array(&$this, 'aiowps_login_init'));
add_filter('site_url', array(&$this, 'aiowps_site_url'), 10, 2);
add_filter('network_site_url', array(&$this, 'aiowps_site_url'), 10, 2);
add_filter('wp_redirect', array(&$this, 'aiowps_wp_redirect'), 10, 2);
add_filter('register', array(&$this, 'register_link'));
remove_action('template_redirect', 'wp_redirect_admin_locations', 1000); //To prevent redirect to login page when people type "login" at end of home URL
}
function aiowps_login_init()
{
if (strpos($_SERVER['REQUEST_URI'], 'wp-login') !== false){
$referer = wp_get_referer();
if($referer && strpos($referer, 'wp-activate.php') !== false){
$parsed_referer = parse_url($referer);
if($parsed_referer && !empty($parsed_referer['query'])){
parse_str($parsed_referer['query'], $referer);
if (!empty($parsed_referer['key'])){
$result = wpmu_activate_signup($parsed_referer['key']); //MS site creation
if($result && is_wp_error($result) && ($result->get_error_code() === 'already_active' || $result->get_error_code() === 'blog_taken')){
$aiowps_new_login_url = AIOWPSecurity_Process_Renamed_Login_Page::new_login_url();
wp_safe_redirect($aiowps_new_login_url . (!empty($_SERVER['QUERY_STRING']) ? '?' . $_SERVER['QUERY_STRING'] : ''));
die;
}
}
}
}
AIOWPSecurity_Process_Renamed_Login_Page::aiowps_set_404();
}
}
function aiowps_site_url($url, $path)
{
return $this->aiowps_filter_wp_login_file($url);
}
function aiowps_wp_redirect($location, $status)
{
return $this->aiowps_filter_wp_login_file($location);
}
//Filter register link on the login page
function register_link($registration_url)
{
return $this->aiowps_filter_wp_login_file($registration_url);
}
//Filter all login url strings on the login page
function aiowps_filter_wp_login_file($url)
{
if (strpos($url, 'wp-login.php') !== false){
$args = explode( '?', $url );
if (isset($args[1])){
if (strpos($args[1], 'action=postpass') !== FALSE){
return $url; //Don't reveal the secret URL in the post password action url
}
parse_str($args[1], $args);
$url = esc_url(add_query_arg($args, AIOWPSecurity_Process_Renamed_Login_Page::new_login_url()));
$url = html_entity_decode($url);
}else{
$url = AIOWPSecurity_Process_Renamed_Login_Page::new_login_url();
}
}
return $url;
}
static function renamed_login_init_tasks()
{
global $aio_wp_security;
//The following will process the native wordpress post password protection form
//Normally this is done by wp-login.php file but we cannot use that since the login page has been renamed
$action = isset($_GET['action'])?strip_tags($_GET['action']):'';
if(isset($_POST['post_password']) && $action == 'postpass'){
require_once ABSPATH . 'wp-includes/class-phpass.php';
$hasher = new PasswordHash( 8, true );
/**
* Filter the life span of the post password cookie.
*
* By default, the cookie expires 10 days from creation. To turn this
* into a session cookie, return 0.
*
* @since 3.7.0
*
* @param int $expires The expiry time, as passed to setcookie().
*/
$expire = apply_filters( 'post_password_expires', time() + 10 * DAY_IN_SECONDS );
setcookie( 'wp-postpass_' . COOKIEHASH, $hasher->HashPassword( wp_unslash( $_POST['post_password'] ) ), $expire, COOKIEPATH );
wp_safe_redirect( wp_get_referer() );
exit();
}
//case where someone attempting to reach wp-admin
if (is_admin() && !is_user_logged_in() && !defined('DOING_AJAX')){
//Fix to prevent fatal error caused by some themes and Yoast SEO
wp_die( __( 'Not available.', 'all-in-one-wp-security-and-firewall' ), 403 );
}
//case where someone attempting to reach wp-login
if(isset($_SERVER['REQUEST_URI']) && strpos( $_SERVER['REQUEST_URI'], 'wp-login.php' ) && !is_user_logged_in()){
//Check if the maintenance (lockout) mode is active - if so prevent access to site by not displaying 404 page!
if($aio_wp_security->configs->get_value('aiowps_site_lockout') == '1'){
AIOWPSecurity_WP_Loaded_Tasks::site_lockout_tasks();
}else{
AIOWPSecurity_Process_Renamed_Login_Page::aiowps_set_404();
}
}
//case where someone attempting to reach the standard register or signup pages
if(isset( $_SERVER['REQUEST_URI'] ) && strpos( $_SERVER['REQUEST_URI'], 'wp-register.php' ) ||
isset( $_SERVER['REQUEST_URI'] ) && strpos( $_SERVER['REQUEST_URI'], 'wp-signup.php' )){
//Check if the maintenance (lockout) mode is active - if so prevent access to site by not displaying 404 page!
if($aio_wp_security->configs->get_value('aiowps_site_lockout') == '1'){
AIOWPSecurity_WP_Loaded_Tasks::site_lockout_tasks();
}else{
AIOWPSecurity_Process_Renamed_Login_Page::aiowps_set_404();
}
}
$parsed_url = parse_url($_SERVER['REQUEST_URI']);
$login_slug = $aio_wp_security->configs->get_value('aiowps_login_page_slug');
$home_url_with_slug = home_url($login_slug, 'relative');
/*
* Compatibility fix for WPML plugin
*/
if (function_exists('icl_object_id') && strpos($home_url_with_slug,$login_slug)){
$home_url_with_slug = home_url($login_slug);
function qtranxf_init_language() {}
}
/*
* *** Compatibility fix for qTranslate-X plugin ***
* qTranslate-X plugin modifies the result for the following command by adding the protocol and host to the url path:
* home_url($login_slug, 'relative');
* Therefore we will remove the protocol and host for the following cases:
* qTranslate-X is active AND the URL being accessed contains the secret slug
*/
if (function_exists('qtranxf_init_language') && strpos($home_url_with_slug,$login_slug)){
$parsed_home_url_with_slug = parse_url($home_url_with_slug);
$home_url_with_slug = $parsed_home_url_with_slug['path']; //this will return just the path minus the protocol and host
}
if(untrailingslashit($parsed_url['path']) === $home_url_with_slug
|| (!get_option('permalink_structure') && isset($_GET[$login_slug]))){
if(empty($action) && is_user_logged_in()){
//if user is already logged in but tries to access the renamed login page, send them to the dashboard
AIOWPSecurity_Utility::redirect_to_url(AIOWPSEC_WP_URL."/wp-admin");
}else{
status_header( 200 );
require_once(AIO_WP_SECURITY_PATH . '/other-includes/wp-security-rename-login-feature.php' );
die;
}
}
}
static function new_login_url()
{
global $aio_wp_security;
$login_slug = $aio_wp_security->configs->get_value('aiowps_login_page_slug');
if(get_option('permalink_structure')){
return trailingslashit(trailingslashit(home_url()) . $login_slug);
}else{
return trailingslashit(home_url()) . '?' . $login_slug;
}
}
static function aiowps_set_404()
{
global $wp_query;
do_action('aiopws_before_set_404'); //This hook is for themes which produce a fatal error when the rename login feature is enabled and someone visits "wp-admin" slug directly
status_header(404);
$wp_query->set_404();
if ((($template = get_404_template()) || ($template = get_index_template()))
&& ($template = apply_filters('template_include', $template))){
include($template);
}
die;
}
}