Edit File by line
/home/zeestwma/ceyloniy.../wp-conte.../plugins/loginize...
File: init.php
<?php
[0] Fix | Delete
[1] Fix | Delete
if(!function_exists('add_action')){
[2] Fix | Delete
echo 'You are not allowed to access this page directly.';
[3] Fix | Delete
exit;
[4] Fix | Delete
}
[5] Fix | Delete
[6] Fix | Delete
define('LOGINIZER_VERSION', '2.0.6');
[7] Fix | Delete
define('LOGINIZER_DIR', dirname(LOGINIZER_FILE));
[8] Fix | Delete
define('LOGINIZER_URL', plugins_url('', LOGINIZER_FILE));
[9] Fix | Delete
define('LOGINIZER_PRO_URL', 'https://loginizer.com/features#compare');
[10] Fix | Delete
define('LOGINIZER_PRICING_URL', 'https://loginizer.com/pricing');
[11] Fix | Delete
define('LOGINIZER_DOCS', 'https://loginizer.com/docs/');
[12] Fix | Delete
[13] Fix | Delete
include_once(LOGINIZER_DIR.'/functions.php');
[14] Fix | Delete
[15] Fix | Delete
// Ok so we are now ready to go
[16] Fix | Delete
register_activation_hook(LOGINIZER_FILE, 'loginizer_activation');
[17] Fix | Delete
[18] Fix | Delete
// Is called when the ADMIN enables the plugin
[19] Fix | Delete
function loginizer_activation(){
[20] Fix | Delete
[21] Fix | Delete
global $wpdb;
[22] Fix | Delete
[23] Fix | Delete
$sql = array();
[24] Fix | Delete
[25] Fix | Delete
$sql[] = "DROP TABLE IF EXISTS `".$wpdb->prefix."loginizer_logs`";
[26] Fix | Delete
[27] Fix | Delete
$sql[] = "CREATE TABLE `".$wpdb->prefix."loginizer_logs` (
[28] Fix | Delete
`username` varchar(255) NOT NULL DEFAULT '',
[29] Fix | Delete
`time` int(10) NOT NULL DEFAULT '0',
[30] Fix | Delete
`count` int(10) NOT NULL DEFAULT '0',
[31] Fix | Delete
`lockout` int(10) NOT NULL DEFAULT '0',
[32] Fix | Delete
`ip` varchar(255) NOT NULL DEFAULT '',
[33] Fix | Delete
`url` varchar(255) NOT NULL DEFAULT '',
[34] Fix | Delete
UNIQUE KEY `ip` (`ip`)
[35] Fix | Delete
) DEFAULT CHARSET=utf8;";
[36] Fix | Delete
[37] Fix | Delete
foreach($sql as $sk => $sv){
[38] Fix | Delete
$wpdb->query($sv);
[39] Fix | Delete
}
[40] Fix | Delete
[41] Fix | Delete
add_option('loginizer_version', LOGINIZER_VERSION);
[42] Fix | Delete
add_option('loginizer_options', array());
[43] Fix | Delete
add_option('loginizer_last_reset', 0);
[44] Fix | Delete
add_option('loginizer_whitelist', array());
[45] Fix | Delete
add_option('loginizer_blacklist', array());
[46] Fix | Delete
add_option('loginizer_2fa_whitelist', array());
[47] Fix | Delete
[48] Fix | Delete
// TODO:: REMOVE THIS AFTER MARCH 2025
[49] Fix | Delete
$softwp_upgrade = get_option('loginizer_softwp_upgrade', 0);
[50] Fix | Delete
if(!defined('SITEPAD') && empty($softwp_upgrade)){
[51] Fix | Delete
loginizer_check_softaculous();
[52] Fix | Delete
}
[53] Fix | Delete
}
[54] Fix | Delete
[55] Fix | Delete
/**
[56] Fix | Delete
* Updates the database structure for Loginizer
[57] Fix | Delete
*
[58] Fix | Delete
* If the plugin files are updated but database structure is not updated
[59] Fix | Delete
* this function will update the database structure as per the plugin version
[60] Fix | Delete
* NOTE: This does not update plugin files it just updates the database structure
[61] Fix | Delete
*/
[62] Fix | Delete
function loginizer_update_check(){
[63] Fix | Delete
[64] Fix | Delete
global $wpdb;
[65] Fix | Delete
[66] Fix | Delete
$sql = array();
[67] Fix | Delete
$current_version = get_option('loginizer_version');
[68] Fix | Delete
[69] Fix | Delete
// It must be the 1.0 pre stuff
[70] Fix | Delete
if(empty($current_version)){
[71] Fix | Delete
$current_version = get_option('lz_version');
[72] Fix | Delete
}
[73] Fix | Delete
[74] Fix | Delete
$version = (int) str_replace('.', '', $current_version);
[75] Fix | Delete
[76] Fix | Delete
// No update required
[77] Fix | Delete
if($current_version == LOGINIZER_VERSION){
[78] Fix | Delete
return true;
[79] Fix | Delete
}
[80] Fix | Delete
[81] Fix | Delete
// Is it first run ?
[82] Fix | Delete
if(empty($current_version)){
[83] Fix | Delete
[84] Fix | Delete
// Reinstall
[85] Fix | Delete
loginizer_activation();
[86] Fix | Delete
[87] Fix | Delete
// Trick the following if conditions to not run
[88] Fix | Delete
$version = (int) str_replace('.', '', LOGINIZER_VERSION);
[89] Fix | Delete
[90] Fix | Delete
}
[91] Fix | Delete
[92] Fix | Delete
// Is it less than 1.0.1 ?
[93] Fix | Delete
if($version < 101){
[94] Fix | Delete
[95] Fix | Delete
// TODO : GET the existing settings
[96] Fix | Delete
[97] Fix | Delete
// Get the existing settings
[98] Fix | Delete
$lz_failed_logs = lz_selectquery("SELECT * FROM `".$wpdb->prefix."lz_failed_logs`;", 1);
[99] Fix | Delete
$lz_options = lz_selectquery("SELECT * FROM `".$wpdb->prefix."lz_options`;", 1);
[100] Fix | Delete
$lz_iprange = lz_selectquery("SELECT * FROM `".$wpdb->prefix."lz_iprange`;", 1);
[101] Fix | Delete
[102] Fix | Delete
// Delete the three tables
[103] Fix | Delete
$sql = array();
[104] Fix | Delete
$sql[] = "DROP TABLE IF EXISTS ".$wpdb->prefix."lz_failed_logs;";
[105] Fix | Delete
$sql[] = "DROP TABLE IF EXISTS ".$wpdb->prefix."lz_options;";
[106] Fix | Delete
$sql[] = "DROP TABLE IF EXISTS ".$wpdb->prefix."lz_iprange;";
[107] Fix | Delete
[108] Fix | Delete
foreach($sql as $sk => $sv){
[109] Fix | Delete
$wpdb->query($sv);
[110] Fix | Delete
}
[111] Fix | Delete
[112] Fix | Delete
// Delete option
[113] Fix | Delete
delete_option('lz_version');
[114] Fix | Delete
[115] Fix | Delete
// Reinstall
[116] Fix | Delete
loginizer_activation();
[117] Fix | Delete
[118] Fix | Delete
// TODO : Save the existing settings
[119] Fix | Delete
[120] Fix | Delete
// Update the existing failed logs to new table
[121] Fix | Delete
if(is_array($lz_failed_logs)){
[122] Fix | Delete
foreach($lz_failed_logs as $fk => $fv){
[123] Fix | Delete
$insert_data = array('username' => $fv['username'],
[124] Fix | Delete
'time' => $fv['time'],
[125] Fix | Delete
'count' => $fv['count'],
[126] Fix | Delete
'lockout' => $fv['lockout'],
[127] Fix | Delete
'ip' => $fv['ip']);
[128] Fix | Delete
[129] Fix | Delete
$format = array('%s','%d','%d','%d','%s');
[130] Fix | Delete
[131] Fix | Delete
$wpdb->insert($wpdb->prefix.'loginizer_logs', $insert_data, $format);
[132] Fix | Delete
}
[133] Fix | Delete
}
[134] Fix | Delete
[135] Fix | Delete
// Update the existing options to new structure
[136] Fix | Delete
if(is_array($lz_options)){
[137] Fix | Delete
foreach($lz_options as $ok => $ov){
[138] Fix | Delete
[139] Fix | Delete
if($ov['option_name'] == 'lz_last_reset'){
[140] Fix | Delete
update_option('loginizer_last_reset', $ov['option_value']);
[141] Fix | Delete
continue;
[142] Fix | Delete
}
[143] Fix | Delete
[144] Fix | Delete
$old_option[str_replace('lz_', '', $ov['option_name'])] = $ov['option_value'];
[145] Fix | Delete
}
[146] Fix | Delete
// Save the options
[147] Fix | Delete
update_option('loginizer_options', $old_option);
[148] Fix | Delete
}
[149] Fix | Delete
[150] Fix | Delete
// Update the existing iprange to new structure
[151] Fix | Delete
if(is_array($lz_iprange)){
[152] Fix | Delete
[153] Fix | Delete
$old_blacklist = array();
[154] Fix | Delete
$old_whitelist = array();
[155] Fix | Delete
$bid = 1;
[156] Fix | Delete
$wid = 1;
[157] Fix | Delete
foreach($lz_iprange as $ik => $iv){
[158] Fix | Delete
[159] Fix | Delete
if(!empty($iv['blacklist'])){
[160] Fix | Delete
$old_blacklist[$bid] = array();
[161] Fix | Delete
$old_blacklist[$bid]['start'] = long2ip($iv['start']);
[162] Fix | Delete
$old_blacklist[$bid]['end'] = long2ip($iv['end']);
[163] Fix | Delete
$old_blacklist[$bid]['time'] = strtotime($iv['date']);
[164] Fix | Delete
$bid = $bid + 1;
[165] Fix | Delete
}
[166] Fix | Delete
[167] Fix | Delete
if(!empty($iv['whitelist'])){
[168] Fix | Delete
$old_whitelist[$wid] = array();
[169] Fix | Delete
$old_whitelist[$wid]['start'] = long2ip($iv['start']);
[170] Fix | Delete
$old_whitelist[$wid]['end'] = long2ip($iv['end']);
[171] Fix | Delete
$old_whitelist[$wid]['time'] = strtotime($iv['date']);
[172] Fix | Delete
$wid = $wid + 1;
[173] Fix | Delete
}
[174] Fix | Delete
}
[175] Fix | Delete
[176] Fix | Delete
if(!empty($old_blacklist)) update_option('loginizer_blacklist', $old_blacklist);
[177] Fix | Delete
if(!empty($old_whitelist)) update_option('loginizer_whitelist', $old_whitelist);
[178] Fix | Delete
}
[179] Fix | Delete
[180] Fix | Delete
}
[181] Fix | Delete
[182] Fix | Delete
// Is it less than 1.3.9 ?
[183] Fix | Delete
if($version < 139){
[184] Fix | Delete
[185] Fix | Delete
$wpdb->query("ALTER TABLE ".$wpdb->prefix."loginizer_logs ADD `url` VARCHAR(255) NOT NULL DEFAULT '' AFTER `ip`;");
[186] Fix | Delete
[187] Fix | Delete
}
[188] Fix | Delete
[189] Fix | Delete
// Setting alignment to left in social login ?
[190] Fix | Delete
if($version < 201){
[191] Fix | Delete
$social_settings = get_option('loginizer_social_settings', []);
[192] Fix | Delete
[193] Fix | Delete
if(!empty($social_settings)){
[194] Fix | Delete
if(!empty($social_settings['login']) && (!empty($social_settings['login']['login_form']) || !empty($social_settings['login']['registration_form']))){
[195] Fix | Delete
$social_settings['login']['button_alignment'] = 'left';
[196] Fix | Delete
}
[197] Fix | Delete
[198] Fix | Delete
if(!empty($social_settings['woocommerce']) && (!empty($social_settings['woocommmerce']['login_form']) || !empty($social_settings['woocommerce']['registration_form']))){
[199] Fix | Delete
$social_settings['woocommerce']['button_alignment'] = 'left';
[200] Fix | Delete
}
[201] Fix | Delete
[202] Fix | Delete
if(!empty($social_settings['comment']) && !empty($social_settings['comment']['enable_buttons'])){
[203] Fix | Delete
$social_settings['comment']['button_alignment'] = 'left';
[204] Fix | Delete
}
[205] Fix | Delete
[206] Fix | Delete
update_option('loginizer_social_settings', $social_settings);
[207] Fix | Delete
}
[208] Fix | Delete
}
[209] Fix | Delete
[210] Fix | Delete
// Save the new Version
[211] Fix | Delete
update_option('loginizer_version', LOGINIZER_VERSION);
[212] Fix | Delete
[213] Fix | Delete
// TODO:: REMOVE THIS AFTER MARCH 2025
[214] Fix | Delete
$softwp_upgrade = get_option('loginizer_softwp_upgrade', 0);
[215] Fix | Delete
if(!defined('SITEPAD') && empty($softwp_upgrade)){
[216] Fix | Delete
loginizer_check_softaculous();
[217] Fix | Delete
}
[218] Fix | Delete
[219] Fix | Delete
// In Sitepad Math Captcha is enabled by default
[220] Fix | Delete
if(defined('SITEPAD') && get_option('loginizer_captcha') === false){
[221] Fix | Delete
$option['captcha_no_google'] = 1;
[222] Fix | Delete
add_option('loginizer_captcha', $option);
[223] Fix | Delete
}
[224] Fix | Delete
[225] Fix | Delete
}
[226] Fix | Delete
[227] Fix | Delete
// Add the action to load the plugin
[228] Fix | Delete
add_action('plugins_loaded', 'loginizer_load_plugin');
[229] Fix | Delete
[230] Fix | Delete
// The function that will be called when the plugin is loaded
[231] Fix | Delete
function loginizer_load_plugin(){
[232] Fix | Delete
[233] Fix | Delete
global $loginizer;
[234] Fix | Delete
[235] Fix | Delete
// Check if the installed version is outdated
[236] Fix | Delete
loginizer_update_check();
[237] Fix | Delete
[238] Fix | Delete
// Set the array
[239] Fix | Delete
if(empty($loginizer)){
[240] Fix | Delete
$loginizer = array();
[241] Fix | Delete
}
[242] Fix | Delete
[243] Fix | Delete
$loginizer['prefix'] = !defined('SITEPAD') ? 'Loginizer ' : 'SitePad ';
[244] Fix | Delete
$loginizer['app'] = !defined('SITEPAD') ? 'WordPress' : 'SitePad';
[245] Fix | Delete
$loginizer['login_basename'] = !defined('SITEPAD') ? 'wp-login.php' : 'login.php';
[246] Fix | Delete
$loginizer['wp-includes'] = !defined('SITEPAD') ? 'wp-includes' : 'site-inc';
[247] Fix | Delete
[248] Fix | Delete
// The IP Method to use
[249] Fix | Delete
$loginizer['ip_method'] = get_option('loginizer_ip_method');
[250] Fix | Delete
if($loginizer['ip_method'] == 3){
[251] Fix | Delete
$loginizer['custom_ip_method'] = get_option('loginizer_custom_ip_method');
[252] Fix | Delete
}
[253] Fix | Delete
[254] Fix | Delete
// Load settings
[255] Fix | Delete
$options = get_option('loginizer_options');
[256] Fix | Delete
$loginizer['max_retries'] = empty($options['max_retries']) ? 3 : $options['max_retries'];
[257] Fix | Delete
$loginizer['lockout_time'] = empty($options['lockout_time']) ? 900 : $options['lockout_time']; // 15 minutes
[258] Fix | Delete
$loginizer['max_lockouts'] = empty($options['max_lockouts']) ? 5 : $options['max_lockouts'];
[259] Fix | Delete
$loginizer['lockouts_extend'] = empty($options['lockouts_extend']) ? 86400 : $options['lockouts_extend']; // 24 hours
[260] Fix | Delete
$loginizer['reset_retries'] = empty($options['reset_retries']) ? 86400 : $options['reset_retries']; // 24 hours
[261] Fix | Delete
$loginizer['notify_email'] = empty($options['notify_email']) ? 0 : $options['notify_email'];
[262] Fix | Delete
$loginizer['notify_email_address'] = lz_is_multisite() ? get_site_option('admin_email') : get_option('admin_email');
[263] Fix | Delete
$loginizer['trusted_ips'] = empty($options['trusted_ips']) ? false : true;
[264] Fix | Delete
$loginizer['blocked_screen'] = empty($options['blocked_screen']) ? false : true;
[265] Fix | Delete
$loginizer['social_settings'] = get_option('loginizer_social_settings', []);
[266] Fix | Delete
[267] Fix | Delete
if(!empty($options['notify_email_address'])){
[268] Fix | Delete
$loginizer['notify_email_address'] = $options['notify_email_address'];
[269] Fix | Delete
$loginizer['custom_notify_email'] = 1;
[270] Fix | Delete
}
[271] Fix | Delete
[272] Fix | Delete
// Login Success Email Notification.
[273] Fix | Delete
$loginizer['login_mail'] = get_option('loginizer_login_mail', []);
[274] Fix | Delete
add_action('init', 'loginizer_load_translation_vars', 0);
[275] Fix | Delete
[276] Fix | Delete
$loginizer['login_mail_subject'] = empty($loginizer['login_mail']['subject']) ? '' : $loginizer['login_mail']['subject'];
[277] Fix | Delete
$loginizer['login_mail_body'] = empty($loginizer['login_mail']['body']) ? '' : $loginizer['login_mail']['body'];
[278] Fix | Delete
[279] Fix | Delete
// Load the blacklist and whitelist
[280] Fix | Delete
$loginizer['blacklist'] = get_option('loginizer_blacklist', []);
[281] Fix | Delete
$loginizer['whitelist'] = get_option('loginizer_whitelist', []);
[282] Fix | Delete
$loginizer['2fa_whitelist'] = get_option('loginizer_2fa_whitelist');
[283] Fix | Delete
[284] Fix | Delete
// It should not be false
[285] Fix | Delete
if(empty($loginizer['2fa_whitelist'])){
[286] Fix | Delete
$loginizer['2fa_whitelist'] = array();
[287] Fix | Delete
}
[288] Fix | Delete
[289] Fix | Delete
// When was the database cleared last time
[290] Fix | Delete
$loginizer['last_reset'] = get_option('loginizer_last_reset');
[291] Fix | Delete
[292] Fix | Delete
if(!isset($loginizer['ultimate-member-active'])){
[293] Fix | Delete
$um_is_active = in_array('ultimate-member/ultimate-member.php', apply_filters('active_plugins', get_option('active_plugins', [])));
[294] Fix | Delete
[295] Fix | Delete
$loginizer['ultimate-member-active'] = !empty($um_is_active) ? true : false;
[296] Fix | Delete
}
[297] Fix | Delete
[298] Fix | Delete
//print_r($loginizer);
[299] Fix | Delete
[300] Fix | Delete
// Clear retries
[301] Fix | Delete
if((time() - $loginizer['last_reset']) >= $loginizer['reset_retries']){
[302] Fix | Delete
loginizer_reset_retries();
[303] Fix | Delete
}
[304] Fix | Delete
[305] Fix | Delete
$ins_time = get_option('loginizer_ins_time');
[306] Fix | Delete
if(empty($ins_time)){
[307] Fix | Delete
$ins_time = time();
[308] Fix | Delete
update_option('loginizer_ins_time', $ins_time);
[309] Fix | Delete
}
[310] Fix | Delete
$loginizer['ins_time'] = $ins_time;
[311] Fix | Delete
[312] Fix | Delete
// Set the current IP
[313] Fix | Delete
$loginizer['current_ip'] = lz_getip();
[314] Fix | Delete
[315] Fix | Delete
// Is Brute Force Disabled ?
[316] Fix | Delete
$loginizer['disable_brute'] = get_option('loginizer_disable_brute');
[317] Fix | Delete
[318] Fix | Delete
// Filters and actions
[319] Fix | Delete
if(empty($loginizer['disable_brute'])){
[320] Fix | Delete
[321] Fix | Delete
// Use this to verify before WP tries to login
[322] Fix | Delete
// Is always called and is the first function to be called
[323] Fix | Delete
//add_action('wp_authenticate', 'loginizer_wp_authenticate', 10, 2);// Not called by XML-RPC
[324] Fix | Delete
add_filter('authenticate', 'loginizer_wp_authenticate', 10001, 3);// This one is called by xmlrpc as well as GUI
[325] Fix | Delete
[326] Fix | Delete
// Is called when a login attempt fails
[327] Fix | Delete
// Hence Update our records that the login failed
[328] Fix | Delete
add_action('wp_login_failed', 'loginizer_login_failed');
[329] Fix | Delete
[330] Fix | Delete
// Is called before displaying the error message so that we dont show that the username is wrong or the password
[331] Fix | Delete
// Update Error message
[332] Fix | Delete
add_action('wp_login_errors', 'loginizer_error_handler', 10001, 2);
[333] Fix | Delete
add_action('woocommerce_login_failed', 'loginizer_woocommerce_error_handler', 10001);
[334] Fix | Delete
add_action('wp_login', 'loginizer_login_success', 10, 2);
[335] Fix | Delete
[336] Fix | Delete
if(!empty($loginizer['ultimate-member-active'])){
[337] Fix | Delete
add_action('wp_login_failed', 'loginizer_ultimatemember_error_handler', 10001);
[338] Fix | Delete
}
[339] Fix | Delete
[340] Fix | Delete
if(!empty($_COOKIE['lz_social_error']) && !empty($loginizer['social_settings']) && !loginizer_is_blacklisted()){
[341] Fix | Delete
add_filter('wp_login_errors', 'loginizer_social_login_error_handler', 10000, 2);
[342] Fix | Delete
}
[343] Fix | Delete
}
[344] Fix | Delete
[345] Fix | Delete
// Social Login Form Actions
[346] Fix | Delete
if(!empty($loginizer['social_settings']) && !loginizer_is_blacklisted()){
[347] Fix | Delete
if(!empty($loginizer['social_settings']['login']['login_form'])){
[348] Fix | Delete
add_action('login_form', 'loginizer_social_btn_login');
[349] Fix | Delete
}
[350] Fix | Delete
}
[351] Fix | Delete
[352] Fix | Delete
if((function_exists('wp_doing_ajax') && wp_doing_ajax()) || (defined( 'DOING_AJAX' ) && DOING_AJAX)){
[353] Fix | Delete
include_once LOGINIZER_DIR . '/main/ajax.php';
[354] Fix | Delete
}
[355] Fix | Delete
[356] Fix | Delete
if(is_admin()){
[357] Fix | Delete
include_once LOGINIZER_DIR . '/main/admin.php';
[358] Fix | Delete
}
[359] Fix | Delete
[360] Fix | Delete
// ----------------
[361] Fix | Delete
// PRO INIT END
[362] Fix | Delete
// ----------------
[363] Fix | Delete
[364] Fix | Delete
// Secuity checks for social login.
[365] Fix | Delete
if(!empty($_GET['lz_social_provider']) && loginizer_can_login() && empty($_GET['lz_api'])){
[366] Fix | Delete
add_action('init', 'loginizer_social_login_load');
[367] Fix | Delete
return;
[368] Fix | Delete
}
[369] Fix | Delete
}
[370] Fix | Delete
[371] Fix | Delete
// Should return NULL if everything is fine
[372] Fix | Delete
function loginizer_wp_authenticate($user, $username, $password){
[373] Fix | Delete
[374] Fix | Delete
global $loginizer, $lz_error, $lz_cannot_login, $lz_user_pass;
[375] Fix | Delete
[376] Fix | Delete
if(!empty($username) && !empty($password)){
[377] Fix | Delete
$lz_user_pass = 1;
[378] Fix | Delete
}
[379] Fix | Delete
[380] Fix | Delete
// Are you whitelisted ?
[381] Fix | Delete
if(loginizer_is_whitelisted()){
[382] Fix | Delete
$loginizer['ip_is_whitelisted'] = 1;
[383] Fix | Delete
return $user;
[384] Fix | Delete
[385] Fix | Delete
} else if (!empty($loginizer['trusted_ips'])){
[386] Fix | Delete
$lz_cannot_login = 1;
[387] Fix | Delete
[388] Fix | Delete
// This is used by WP Activity Log
[389] Fix | Delete
apply_filters( 'wp_login_blocked', $username );
[390] Fix | Delete
[391] Fix | Delete
// Shows a blocked screen
[392] Fix | Delete
if(!empty($loginizer['blocked_screen'])){
[393] Fix | Delete
$lz_error['trusted_ip'] = __('You are restricted from logging in as your IP is not whitelisted.', 'loginizer');
[394] Fix | Delete
loginizer_blocked_page($lz_error);
[395] Fix | Delete
}
[396] Fix | Delete
[397] Fix | Delete
return new WP_Error('ip_blacklisted', __('You are restricted from logging in as your IP is not whitelisted.', 'loginizer'));
[398] Fix | Delete
}
[399] Fix | Delete
[400] Fix | Delete
// Are you blacklisted ?
[401] Fix | Delete
if(loginizer_is_blacklisted()){
[402] Fix | Delete
$lz_cannot_login = 1;
[403] Fix | Delete
[404] Fix | Delete
// This is used by WP Activity Log
[405] Fix | Delete
apply_filters( 'wp_login_blocked', $username );
[406] Fix | Delete
[407] Fix | Delete
// Shows a blocked screen
[408] Fix | Delete
if(!empty($loginizer['blocked_screen'])){
[409] Fix | Delete
loginizer_blocked_page($lz_error);
[410] Fix | Delete
}
[411] Fix | Delete
[412] Fix | Delete
return new WP_Error('ip_blacklisted', implode('', $lz_error), 'loginizer');
[413] Fix | Delete
}
[414] Fix | Delete
[415] Fix | Delete
// Is the username blacklisted ?
[416] Fix | Delete
if(function_exists('loginizer_user_blacklisted')){
[417] Fix | Delete
if(loginizer_user_blacklisted($username)){
[418] Fix | Delete
$lz_cannot_login = 1;
[419] Fix | Delete
[420] Fix | Delete
// This is used by WP Activity Log
[421] Fix | Delete
apply_filters( 'wp_login_blocked', $username );
[422] Fix | Delete
[423] Fix | Delete
return new WP_Error('user_blacklisted', implode('', $lz_error), 'loginizer');
[424] Fix | Delete
}
[425] Fix | Delete
}
[426] Fix | Delete
[427] Fix | Delete
if(loginizer_can_login()){
[428] Fix | Delete
return $user;
[429] Fix | Delete
}
[430] Fix | Delete
[431] Fix | Delete
$lz_cannot_login = 1;
[432] Fix | Delete
[433] Fix | Delete
// This is used by WP Activity Log
[434] Fix | Delete
apply_filters( 'wp_login_blocked', $username );
[435] Fix | Delete
[436] Fix | Delete
// Shows a blocked screen
[437] Fix | Delete
if(!empty($loginizer['blocked_screen'])){
[438] Fix | Delete
loginizer_blocked_page($lz_error);
[439] Fix | Delete
}
[440] Fix | Delete
[441] Fix | Delete
return new WP_Error('ip_blocked', implode('', $lz_error), 'loginizer');
[442] Fix | Delete
[443] Fix | Delete
}
[444] Fix | Delete
[445] Fix | Delete
function loginizer_can_login(){
[446] Fix | Delete
[447] Fix | Delete
global $wpdb, $loginizer, $lz_error;
[448] Fix | Delete
[449] Fix | Delete
// Get the logs
[450] Fix | Delete
$sel_query = $wpdb->prepare("SELECT * FROM `".$wpdb->prefix."loginizer_logs` WHERE `ip` = %s", $loginizer['current_ip']);
[451] Fix | Delete
$result = lz_selectquery($sel_query);
[452] Fix | Delete
[453] Fix | Delete
if(!empty($result['count']) && ($result['count'] % $loginizer['max_retries']) == 0){
[454] Fix | Delete
[455] Fix | Delete
// Has he reached max lockouts ?
[456] Fix | Delete
if($result['lockout'] >= $loginizer['max_lockouts']){
[457] Fix | Delete
$loginizer['lockout_time'] = $loginizer['lockouts_extend'];
[458] Fix | Delete
}
[459] Fix | Delete
[460] Fix | Delete
// Is he in the lockout time ?
[461] Fix | Delete
if($result['time'] >= (time() - $loginizer['lockout_time'])){
[462] Fix | Delete
$banlift = ceil((($result['time'] + $loginizer['lockout_time']) - time()) / 60);
[463] Fix | Delete
[464] Fix | Delete
//echo 'Current Time '.date('d/M/Y H:i:s P', time()).'<br />';
[465] Fix | Delete
//echo 'Last attempt '.date('d/M/Y H:i:s P', $result['time']).'<br />';
[466] Fix | Delete
//echo 'Unlock Time '.date('d/M/Y H:i:s P', $result['time'] + $loginizer['lockout_time']).'<br />';
[467] Fix | Delete
[468] Fix | Delete
$_time = $banlift.' '.$loginizer['msg']['minutes_err'];
[469] Fix | Delete
[470] Fix | Delete
if($banlift > 60){
[471] Fix | Delete
$banlift = ceil($banlift / 60);
[472] Fix | Delete
$_time = $banlift.' '.$loginizer['msg']['hours_err'];
[473] Fix | Delete
}
[474] Fix | Delete
[475] Fix | Delete
$lz_error['ip_blocked'] = $loginizer['msg']['lockout_err'].' '.$_time;
[476] Fix | Delete
[477] Fix | Delete
if(!empty($loginizer['ultimate-member-active']) && class_exists('UM')){
[478] Fix | Delete
\UM()->form()->add_error('blocked_msg', $lz_error['ip_blocked']);
[479] Fix | Delete
}
[480] Fix | Delete
return false;
[481] Fix | Delete
}
[482] Fix | Delete
}
[483] Fix | Delete
[484] Fix | Delete
return true;
[485] Fix | Delete
}
[486] Fix | Delete
[487] Fix | Delete
function loginizer_is_blacklisted(){
[488] Fix | Delete
[489] Fix | Delete
global $wpdb, $loginizer, $lz_error;
[490] Fix | Delete
[491] Fix | Delete
$blacklist = isset($loginizer['blacklist']) ? $loginizer['blacklist'] : [];
[492] Fix | Delete
[493] Fix | Delete
if(empty($blacklist)){
[494] Fix | Delete
return false;
[495] Fix | Delete
}
[496] Fix | Delete
[497] Fix | Delete
$current_ip_inet = inet_ptoi($loginizer['current_ip']);
[498] Fix | Delete
[499] Fix | Delete
12
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
Function