2020-01-26 15:14:37 +01:00
|
|
|
|
<?php
|
|
|
|
|
|
|
2020-01-29 07:46:05 +01:00
|
|
|
|
//define('DISALLOW_FILE_MODS',true);
|
2020-01-26 15:14:37 +01:00
|
|
|
|
|
2020-02-02 11:19:41 +01:00
|
|
|
|
//阻止异常请求
|
2020-03-15 14:29:06 +01:00
|
|
|
|
function gdk_prevent_requst()
|
|
|
|
|
|
{
|
|
|
|
|
|
global $user_ID;
|
|
|
|
|
|
if (!current_user_can('level_10')) {
|
2021-10-10 15:48:53 +02:00
|
|
|
|
if (strlen($_SERVER['REQUEST_URI']) > 255
|
|
|
|
|
|
|| stripos($_SERVER['REQUEST_URI'], 'eval(')
|
|
|
|
|
|
|| stripos($_SERVER['REQUEST_URI'], 'CONCAT')
|
|
|
|
|
|
|| stripos($_SERVER['REQUEST_URI'], 'UNION+SELECT')
|
|
|
|
|
|
|| stripos($_SERVER['REQUEST_URI'], 'GLOBALS(')
|
|
|
|
|
|
|| stripos($_SERVER['REQUEST_URI'], '_REQUEST')
|
|
|
|
|
|
|| stripos($_SERVER['REQUEST_URI'], '/localhost')
|
|
|
|
|
|
|| stripos($_SERVER['QUERY_STRING'], '127.0.0.1')
|
|
|
|
|
|
|| stripos($_SERVER['REQUEST_URI'], '/config.')
|
|
|
|
|
|
|| stripos($_SERVER['REQUEST_URI'], 'wp-config.')
|
|
|
|
|
|
|| stripos($_SERVER['REQUEST_URI'], 'etc/passwd')
|
|
|
|
|
|
|| stripos($_SERVER['REQUEST_URI'], '<')
|
|
|
|
|
|
|| stripos($_SERVER['REQUEST_URI'], 'base64')) {
|
2020-03-15 14:29:06 +01:00
|
|
|
|
@header('HTTP/1.1 403 Forbidden');
|
|
|
|
|
|
@header('Status: 403 Forbidden');
|
|
|
|
|
|
@header('Connection: Close');
|
|
|
|
|
|
@exit;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2020-02-02 11:19:41 +01:00
|
|
|
|
}
|
2020-03-15 14:29:06 +01:00
|
|
|
|
if (gdk_option('gdk_block_requst')) {
|
|
|
|
|
|
add_action('wp', 'gdk_prevent_requst'); //阻止乱七八糟的请求
|
2020-02-02 19:46:18 +01:00
|
|
|
|
}
|
2020-01-29 04:41:36 +01:00
|
|
|
|
|
2020-02-04 18:14:04 +01:00
|
|
|
|
//禁用 XML-RPC 接口
|
|
|
|
|
|
if (gdk_option('gdk_disable_xmlrpc')) {
|
2020-03-15 14:29:06 +01:00
|
|
|
|
add_filter('xmlrpc_enabled', '__return_false');
|
|
|
|
|
|
remove_action('xmlrpc_rsd_apis', 'rest_output_rsd');
|
2020-02-04 18:14:04 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
//彻底关闭 pingback
|
|
|
|
|
|
if (gdk_option('gdk_disable_trackbacks')) {
|
2020-03-15 14:29:06 +01:00
|
|
|
|
add_filter('xmlrpc_methods', 'gdk_xmlrpc_methods');
|
|
|
|
|
|
function gdk_xmlrpc_methods($methods)
|
|
|
|
|
|
{
|
|
|
|
|
|
unset($methods['system.multicall']);
|
2021-10-10 15:48:53 +02:00
|
|
|
|
$methods['pingback.ping'] = '__return_false';
|
2020-03-15 14:29:06 +01:00
|
|
|
|
$methods['pingback.extensions.getPingbacks'] = '__return_false';
|
2021-10-10 15:48:53 +02:00
|
|
|
|
|
2020-03-15 14:29:06 +01:00
|
|
|
|
return $methods;
|
2020-02-04 18:14:04 +01:00
|
|
|
|
}
|
2020-03-15 14:29:06 +01:00
|
|
|
|
|
2021-10-10 15:48:53 +02:00
|
|
|
|
//阻止站内PingBack
|
2020-03-15 14:29:06 +01:00
|
|
|
|
function gdk_noself_ping(&$links)
|
|
|
|
|
|
{
|
|
|
|
|
|
$home = home_url();
|
|
|
|
|
|
foreach ($links as $l => $link) {
|
|
|
|
|
|
if (0 === strpos($link, $home)) {
|
|
|
|
|
|
unset($links[$l]);
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
add_action('pre_ping', 'gdk_noself_ping');
|
2021-10-10 15:48:53 +02:00
|
|
|
|
//禁用 pingbacks, enclosures, trackbacks
|
2020-03-15 14:29:06 +01:00
|
|
|
|
remove_action('do_pings', 'do_all_pings', 10);
|
2021-10-10 15:48:53 +02:00
|
|
|
|
//去掉 _encloseme 和 do_ping 操作。
|
2020-03-15 14:29:06 +01:00
|
|
|
|
remove_action('publish_post', '_publish_post_hook', 5);
|
2020-02-04 18:14:04 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
//隐藏用户昵称
|
|
|
|
|
|
add_filter('redirect_canonical', 'security_stop_user_enumeration', 10, 2);
|
2020-03-15 14:29:06 +01:00
|
|
|
|
if (!function_exists('security_stop_user_enumeration')) {
|
|
|
|
|
|
function security_stop_user_enumeration($redirect, $request)
|
|
|
|
|
|
{
|
|
|
|
|
|
if (preg_match('/\?author=([0-9]*)(\/*)/i', $request)) {
|
|
|
|
|
|
wp_redirect(get_site_url(), 301);
|
2021-10-10 15:48:53 +02:00
|
|
|
|
|
|
|
|
|
|
exit();
|
2020-02-04 18:14:04 +01:00
|
|
|
|
}
|
2021-10-10 15:48:53 +02:00
|
|
|
|
|
|
|
|
|
|
return $redirect;
|
2020-02-04 18:14:04 +01:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-02-02 11:19:41 +01:00
|
|
|
|
//登陆错误锁定
|
2020-03-15 14:29:06 +01:00
|
|
|
|
if (!class_exists('GDK_Limit_Login_Attempts')) {
|
|
|
|
|
|
class GDK_Limit_Login_Attempts
|
|
|
|
|
|
{
|
2021-10-10 15:48:53 +02:00
|
|
|
|
public $transient_name = 'attempted_login'; //Transient used
|
2020-03-15 14:29:06 +01:00
|
|
|
|
private $__failed_login_limit; //登录失败的次数限制
|
|
|
|
|
|
private $__lockout_duration; //暂停登陆时间
|
2021-10-10 15:48:53 +02:00
|
|
|
|
|
2020-03-15 14:29:06 +01:00
|
|
|
|
public function __construct($config = null)
|
|
|
|
|
|
{
|
|
|
|
|
|
$this->failed_login_limit = $config['failed_login_limit'];
|
2021-10-10 15:48:53 +02:00
|
|
|
|
$this->lockout_duration = $config['lockout_duration'];
|
|
|
|
|
|
add_filter('authenticate', [$this, 'check_attempted_login'], 30, 3);
|
|
|
|
|
|
add_action('wp_login_failed', [$this, 'login_failed'], 10, 1);
|
2020-03-15 14:29:06 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
public function check_attempted_login($user, $username, $password)
|
|
|
|
|
|
{
|
|
|
|
|
|
if (get_transient($this->transient_name)) {
|
|
|
|
|
|
$datas = get_transient($this->transient_name);
|
|
|
|
|
|
if ($datas['tried'] >= $this->failed_login_limit) {
|
2021-10-10 15:48:53 +02:00
|
|
|
|
$until = get_option('_transient_timeout_'.$this->transient_name);
|
|
|
|
|
|
$time = $this->when($until);
|
2020-03-15 14:29:06 +01:00
|
|
|
|
//Display error message to the user when limit is reached
|
|
|
|
|
|
return new WP_Error('too_many_tried', sprintf(esc_attr('ERROR:您已触发登陆安全保护,请在 %1$s 后再次尝试.'), $time));
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2021-10-10 15:48:53 +02:00
|
|
|
|
|
2020-03-15 14:29:06 +01:00
|
|
|
|
return $user;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
public function login_failed($username)
|
|
|
|
|
|
{
|
|
|
|
|
|
if (get_transient($this->transient_name)) {
|
|
|
|
|
|
$datas = get_transient($this->transient_name);
|
2021-10-10 15:48:53 +02:00
|
|
|
|
++$datas['tried'];
|
2020-03-15 14:29:06 +01:00
|
|
|
|
if ($datas['tried'] <= $this->failed_login_limit) {
|
|
|
|
|
|
set_transient($this->transient_name, $datas, $this->lockout_duration);
|
|
|
|
|
|
}
|
|
|
|
|
|
} else {
|
2021-10-10 15:48:53 +02:00
|
|
|
|
$datas = ['tried' => 1];
|
2020-03-15 14:29:06 +01:00
|
|
|
|
set_transient($this->transient_name, $datas, $this->lockout_duration);
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-04-06 04:24:38 +02:00
|
|
|
|
private function when($time)
|
2020-03-15 14:29:06 +01:00
|
|
|
|
{
|
|
|
|
|
|
if (!$time) {
|
|
|
|
|
|
return;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
$right_now = time();
|
2021-10-10 15:48:53 +02:00
|
|
|
|
$diff = abs($right_now - $time);
|
|
|
|
|
|
$second = 1;
|
|
|
|
|
|
$minute = $second * 60;
|
|
|
|
|
|
$hour = $minute * 60;
|
|
|
|
|
|
$day = $hour * 24;
|
2020-03-15 14:29:06 +01:00
|
|
|
|
if ($diff < $minute) {
|
2021-10-10 15:48:53 +02:00
|
|
|
|
return floor($diff / $second).' '.esc_attr('秒');
|
2020-03-15 14:29:06 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if ($diff < $minute * 2) {
|
|
|
|
|
|
return esc_attr('about 1 minute ago');
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if ($diff < $hour) {
|
2021-10-10 15:48:53 +02:00
|
|
|
|
return floor($diff / $minute).' '.esc_attr('分钟');
|
2020-03-15 14:29:06 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if ($diff < $hour * 2) {
|
|
|
|
|
|
return esc_attr('about 1 hour');
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-10-10 15:48:53 +02:00
|
|
|
|
return floor($diff / $hour).' '.esc_attr('小时');
|
2020-03-15 14:29:06 +01:00
|
|
|
|
}
|
|
|
|
|
|
}
|
2020-02-02 11:19:41 +01:00
|
|
|
|
}
|
|
|
|
|
|
//Enable it:
|
2020-02-02 19:46:18 +01:00
|
|
|
|
$LLA_config = [
|
2020-03-15 14:29:06 +01:00
|
|
|
|
'failed_login_limit' => gdk_option('gdk_failed_login_limit'), // 登录失败的次数限制
|
2021-10-10 15:48:53 +02:00
|
|
|
|
'lockout_duration' => gdk_option('gdk_lockout_duration'), // 暂停登陆时间
|
2020-02-02 11:19:41 +01:00
|
|
|
|
];
|
2020-03-15 14:29:06 +01:00
|
|
|
|
if (gdk_option('gdk_lock_login')) {
|
|
|
|
|
|
new GDK_Limit_Login_Attempts($LLA_config);
|
2020-01-26 18:57:04 +01:00
|
|
|
|
}
|
2020-01-26 15:14:37 +01:00
|
|
|
|
|
|
|
|
|
|
//禁用登陆错误信息
|
2020-03-15 14:29:06 +01:00
|
|
|
|
function gdk_disable_login_errors($error)
|
|
|
|
|
|
{
|
|
|
|
|
|
global $errors;
|
|
|
|
|
|
$err_codes = $errors->get_error_codes();
|
2021-10-07 16:43:05 +02:00
|
|
|
|
if (!array_key_exists('too_many_tried', $err_codes)) {
|
2020-03-15 14:29:06 +01:00
|
|
|
|
// For security reason
|
|
|
|
|
|
return esc_attr('Access Denied!');
|
|
|
|
|
|
}
|
2021-10-10 15:48:53 +02:00
|
|
|
|
|
2020-03-15 14:29:06 +01:00
|
|
|
|
return $error;
|
2020-01-26 15:14:37 +01:00
|
|
|
|
}
|
2020-04-06 04:24:38 +02:00
|
|
|
|
//add_filter('login_errors', 'gdk_disable_login_errors');
|
2020-01-26 15:14:37 +01:00
|
|
|
|
|
2020-02-02 09:12:28 +01:00
|
|
|
|
//网站维护代码
|
2020-03-15 14:29:06 +01:00
|
|
|
|
function gdk_maintenance_mode()
|
|
|
|
|
|
{
|
|
|
|
|
|
if (!current_user_can('edit_themes') || !is_user_logged_in()) {
|
2021-10-10 15:48:53 +02:00
|
|
|
|
wp_die('网站维护中ing, 没事儿您就别来啦……', 'Maintenance - Could you please not disturb me ', ['response' => '503']);
|
2020-03-15 14:29:06 +01:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
if (gdk_option('gdk_maintenance_mode')) {
|
|
|
|
|
|
add_action('get_header', 'gdk_maintenance_mode');
|
2020-02-02 09:12:28 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
2020-02-02 19:46:18 +01:00
|
|
|
|
//各种措施拦截垃圾评论
|
2020-03-15 14:29:06 +01:00
|
|
|
|
if (gdk_option('gdk_fuck_spam')) {
|
|
|
|
|
|
//拦截无来路的评论
|
|
|
|
|
|
function gdk_comment_check_referrer()
|
|
|
|
|
|
{
|
2021-10-10 15:48:53 +02:00
|
|
|
|
if (!isset($_SERVER['HTTP_REFERER']) || '' == $_SERVER['HTTP_REFERER']) {
|
2020-03-15 14:29:06 +01:00
|
|
|
|
wp_die(esc_attr('Please enable referrers in your browser!'));
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
add_action('check_comment_flood', 'gdk_comment_check_referrer');
|
|
|
|
|
|
//拦截超长链接垃圾评论
|
|
|
|
|
|
function gdk_url_spamcheck($approved, $commentdata)
|
|
|
|
|
|
{
|
|
|
|
|
|
return (strlen($commentdata['comment_author_url']) > 50) ? 'spam' : $approved;
|
|
|
|
|
|
}
|
|
|
|
|
|
add_filter('pre_comment_approved', 'gdk_url_spamcheck', 99, 2);
|
|
|
|
|
|
function gdk_comment_lang($commentdata)
|
|
|
|
|
|
{
|
|
|
|
|
|
if (is_user_logged_in()) {
|
|
|
|
|
|
return $commentdata;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
$pattern = '/[一-龥]/u';
|
|
|
|
|
|
// 禁止全英文评论
|
|
|
|
|
|
if (!preg_match($pattern, $commentdata['comment_content'])) {
|
2021-10-10 15:48:53 +02:00
|
|
|
|
gdk_die('您的评论中必须包含汉字!');
|
2020-03-15 14:29:06 +01:00
|
|
|
|
}
|
|
|
|
|
|
$pattern = '/[あ-んア-ン]/u';
|
|
|
|
|
|
// 禁止日文评论
|
|
|
|
|
|
if (preg_match($pattern, $commentdata['comment_content'])) {
|
2021-10-10 15:48:53 +02:00
|
|
|
|
gdk_die('评论禁止包含日文!');
|
2020-03-15 14:29:06 +01:00
|
|
|
|
}
|
|
|
|
|
|
//屏蔽评论里面黑名单内容
|
2021-10-06 15:44:41 +02:00
|
|
|
|
if (wp_check_comment_disallowed_list($commentdata['comment_author'], $commentdata['comment_author_email'], $commentdata['comment_author_url'], $commentdata['comment_content'], $commentdata['comment_author_IP'], $commentdata['comment_agent'])) {
|
2020-03-15 14:29:06 +01:00
|
|
|
|
gdk_die('不好意思,您的评论违反本站评论规则');
|
|
|
|
|
|
}
|
2021-10-10 15:48:53 +02:00
|
|
|
|
|
2020-03-15 14:29:06 +01:00
|
|
|
|
return $commentdata;
|
|
|
|
|
|
}
|
|
|
|
|
|
add_filter('preprocess_comment', 'gdk_comment_lang');
|
2020-01-26 18:57:04 +01:00
|
|
|
|
}
|
2020-01-27 19:03:14 +01:00
|
|
|
|
|
|
|
|
|
|
//隐藏用户名字
|
2020-03-15 14:29:06 +01:00
|
|
|
|
if (gdk_option('gdk_hide_user_name')) {
|
2021-10-10 15:48:53 +02:00
|
|
|
|
// 文本加密
|
2020-03-15 14:29:06 +01:00
|
|
|
|
function gdk_text_encrypt($string, $operation, $key = '')
|
|
|
|
|
|
{
|
2021-10-10 15:48:53 +02:00
|
|
|
|
$string = 'D' == $operation ? str_replace(['!', '-', '_'], ['=', '+', '/'], $string) : $string;
|
|
|
|
|
|
$key = md5($key);
|
|
|
|
|
|
$key_length = strlen($key);
|
|
|
|
|
|
$string = 'D' == $operation ? base64_decode($string) : substr(md5($string.$key), 0, 8).$string;
|
2020-03-15 14:29:06 +01:00
|
|
|
|
$string_length = strlen($string);
|
2021-10-10 15:48:53 +02:00
|
|
|
|
$rndkey = $box = [];
|
|
|
|
|
|
$result = '';
|
|
|
|
|
|
for ($i = 0; $i <= 255; ++$i) {
|
2020-03-15 14:29:06 +01:00
|
|
|
|
$rndkey[$i] = ord($key[$i % $key_length]);
|
2021-10-10 15:48:53 +02:00
|
|
|
|
$box[$i] = $i;
|
2020-03-15 14:29:06 +01:00
|
|
|
|
}
|
2021-10-10 15:48:53 +02:00
|
|
|
|
for ($j = $i = 0; $i < 256; ++$i) {
|
|
|
|
|
|
$j = ($j + $box[$i] + $rndkey[$i]) % 256;
|
|
|
|
|
|
$tmp = $box[$i];
|
2020-03-15 14:29:06 +01:00
|
|
|
|
$box[$i] = $box[$j];
|
|
|
|
|
|
$box[$j] = $tmp;
|
|
|
|
|
|
}
|
2021-10-10 15:48:53 +02:00
|
|
|
|
for ($a = $j = $i = 0; $i < $string_length; ++$i) {
|
|
|
|
|
|
$a = ($a + 1) % 256;
|
|
|
|
|
|
$j = ($j + $box[$a]) % 256;
|
|
|
|
|
|
$tmp = $box[$a];
|
2020-03-15 14:29:06 +01:00
|
|
|
|
$box[$a] = $box[$j];
|
|
|
|
|
|
$box[$j] = $tmp;
|
|
|
|
|
|
$result .= chr(ord($string[$i]) ^ ($box[($box[$a] + $box[$j]) % 256]));
|
|
|
|
|
|
}
|
2021-10-10 15:48:53 +02:00
|
|
|
|
if ('D' == $operation) {
|
|
|
|
|
|
if (substr($result, 0, 8) == substr(md5(substr($result, 8).$key), 0, 8)) {
|
2020-03-15 14:29:06 +01:00
|
|
|
|
return substr($result, 8);
|
|
|
|
|
|
}
|
2021-10-10 15:48:53 +02:00
|
|
|
|
|
|
|
|
|
|
return '';
|
2020-03-15 14:29:06 +01:00
|
|
|
|
}
|
2021-10-10 15:48:53 +02:00
|
|
|
|
|
|
|
|
|
|
return strtr(base64_encode($result), '=+/', '!-_');
|
2020-03-15 14:29:06 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
function gdk_custom_author_link_request($query_vars)
|
|
|
|
|
|
{
|
|
|
|
|
|
if (array_key_exists('author_name', $query_vars)) {
|
|
|
|
|
|
global $wpdb;
|
|
|
|
|
|
$author_id = gdk_text_encrypt($query_vars['author_name'], 'D', AUTH_KEY);
|
2021-10-10 15:48:53 +02:00
|
|
|
|
if (isset($author_id)) {
|
2020-03-15 14:29:06 +01:00
|
|
|
|
$query_vars['author'] = $author_id;
|
|
|
|
|
|
unset($query_vars['author_name']);
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2021-10-10 15:48:53 +02:00
|
|
|
|
|
2020-03-15 14:29:06 +01:00
|
|
|
|
return $query_vars;
|
|
|
|
|
|
}
|
|
|
|
|
|
add_filter('request', 'gdk_custom_author_link_request');
|
|
|
|
|
|
|
|
|
|
|
|
function gdk_custom_author_link($link, $author_id)
|
|
|
|
|
|
{
|
|
|
|
|
|
global $wp_rewrite;
|
2021-10-10 15:48:53 +02:00
|
|
|
|
$author_id = (int) $author_id;
|
|
|
|
|
|
$link = $wp_rewrite->get_author_permastruct();
|
2020-03-15 14:29:06 +01:00
|
|
|
|
if (empty($link)) {
|
2021-10-10 15:48:53 +02:00
|
|
|
|
$link = home_url('/').'?author='.gdk_text_encrypt($author_id, 'E', AUTH_KEY);
|
2020-03-15 14:29:06 +01:00
|
|
|
|
} else {
|
|
|
|
|
|
$link = str_replace('%author%', gdk_text_encrypt($author_id, 'E', AUTH_KEY), $link);
|
2021-10-10 15:48:53 +02:00
|
|
|
|
$link = home_url().user_trailingslashit($link);
|
2020-03-15 14:29:06 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return $link;
|
|
|
|
|
|
}
|
|
|
|
|
|
add_filter('author_link', 'gdk_custom_author_link', 10, 2);
|
2020-02-02 19:46:18 +01:00
|
|
|
|
|
2020-03-15 14:29:06 +01:00
|
|
|
|
// wp-rest 可能暴露用户名
|
|
|
|
|
|
function gdk_custom_rest_prepare_user($response, $user, $request)
|
|
|
|
|
|
{
|
|
|
|
|
|
$response->data['slug'] = gdk_text_encrypt($user->ID, 'E', AUTH_KEY);
|
2021-10-10 15:48:53 +02:00
|
|
|
|
|
2020-03-15 14:29:06 +01:00
|
|
|
|
return $response;
|
|
|
|
|
|
}
|
|
|
|
|
|
add_filter('rest_prepare_user', 'gdk_custom_rest_prepare_user', 10, 3);
|
|
|
|
|
|
}
|
2020-02-04 18:14:04 +01:00
|
|
|
|
|
|
|
|
|
|
//记录登陆失败发邮件
|
2020-04-03 13:11:11 +02:00
|
|
|
|
if (gdk_option('gdk_login_email')) {
|
2021-10-10 15:48:53 +02:00
|
|
|
|
add_action('wp_authenticate', 'gdk_log_login', 10, 2);
|
2020-04-03 13:11:11 +02:00
|
|
|
|
}
|
2021-10-10 15:48:53 +02:00
|
|
|
|
function gdk_log_login($username, $password)
|
2020-03-15 14:29:06 +01:00
|
|
|
|
{
|
2021-10-10 15:48:53 +02:00
|
|
|
|
if (isset($username, $password)) {
|
2020-03-15 14:29:06 +01:00
|
|
|
|
$check = wp_authenticate_username_password(null, $username, $password);
|
|
|
|
|
|
if (is_wp_error($check)) {
|
2021-10-10 15:48:53 +02:00
|
|
|
|
$ua = gdk_getBrowser();
|
2020-03-26 15:24:00 +01:00
|
|
|
|
$agent = $ua['name'];
|
2020-02-04 18:14:04 +01:00
|
|
|
|
|
2021-10-10 15:48:53 +02:00
|
|
|
|
$referrer = $_SERVER['HTTP_REFERER'] ?? $_SERVER['PHP_SELF'];
|
2020-03-15 14:29:06 +01:00
|
|
|
|
if (strstr($referrer, 'wp-login')) {
|
2020-02-04 18:14:04 +01:00
|
|
|
|
$ref = 'wp-login.php';
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-03-15 14:29:06 +01:00
|
|
|
|
if (strstr($referrer, 'wp-admin')) {
|
2020-02-04 18:14:04 +01:00
|
|
|
|
$ref = 'wp-admin/';
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
$contact_errors = false;
|
|
|
|
|
|
// get the posted data
|
2021-10-10 15:48:53 +02:00
|
|
|
|
$name = get_bloginfo('name');
|
2020-03-15 14:29:06 +01:00
|
|
|
|
$email_address = get_bloginfo('admin_email');
|
2020-02-04 18:14:04 +01:00
|
|
|
|
|
|
|
|
|
|
// write the email content
|
|
|
|
|
|
$header = "MIME-Version: 1.0\n";
|
|
|
|
|
|
$header .= "Content-Type: text/html; charset=utf-8\n";
|
2021-10-10 15:48:53 +02:00
|
|
|
|
$header .= "From: {$name} <{$email_address}>\n";
|
|
|
|
|
|
|
|
|
|
|
|
$message = "<a href='".home_url()."' target='_blank'>".$name.'</a> 登陆失败提醒<br>'.PHP_EOL;
|
|
|
|
|
|
$message .= 'Browser: '.$agent.'<br>'.PHP_EOL;
|
|
|
|
|
|
$message .= 'OS: '.$ua['platform'].'<br>'.PHP_EOL;
|
|
|
|
|
|
$message .= 'IP: <a href="https://www.ipip.net/ip/'.gdk_get_ip().'.html" target="_blank">'.gdk_get_ip().'</a><br>'.PHP_EOL;
|
|
|
|
|
|
$message .= 'Date: '.date('Y-m-d H:i:s').'<br>'.PHP_EOL;
|
|
|
|
|
|
$message .= 'Referrer: '.$referrer.'<br>'.PHP_EOL;
|
|
|
|
|
|
$message .= 'User Agent: '.$ua['userAgent'].'<br>'.PHP_EOL;
|
|
|
|
|
|
$message .= 'Username: '.$username.'<br>'.PHP_EOL;
|
|
|
|
|
|
$message .= 'Password: '.$password.'<br>'.PHP_EOL;
|
|
|
|
|
|
$subject = '登陆失败提醒 - '.$name;
|
|
|
|
|
|
$mail_content = gdk_mail_temp($subject, $message, home_url(), $name);
|
|
|
|
|
|
if (isset($email_address)) {
|
2020-02-04 18:14:04 +01:00
|
|
|
|
// send the email using wp_mail()
|
2021-10-10 15:48:53 +02:00
|
|
|
|
if (!wp_mail($email_address, $subject, $mail_content, $header)) {
|
2020-02-04 18:14:04 +01:00
|
|
|
|
$contact_errors = true;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2020-02-13 01:53:12 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
2021-10-10 15:48:53 +02:00
|
|
|
|
//封禁用户
|
2020-03-15 14:29:06 +01:00
|
|
|
|
function gdk_edit_user_profile($user)
|
|
|
|
|
|
{
|
|
|
|
|
|
if (!current_user_can('edit_users')) {
|
|
|
|
|
|
return;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if (get_current_user_id() == $user->ID) {
|
|
|
|
|
|
return;
|
2021-10-10 15:48:53 +02:00
|
|
|
|
} ?>
|
|
|
|
|
|
<table class="form-table">
|
|
|
|
|
|
<tr>
|
|
|
|
|
|
<th scope="row">封禁用户</th>
|
|
|
|
|
|
<td>
|
|
|
|
|
|
<label for="gdk_ban">
|
|
|
|
|
|
<input name="gdk_ban" type="checkbox" id="gdk_ban" <?php checked(gdk_is_user_banned($user->ID), true); ?>
|
|
|
|
|
|
value="1">
|
|
|
|
|
|
封禁此用户</label>
|
|
|
|
|
|
</td>
|
|
|
|
|
|
</tr>
|
|
|
|
|
|
</table>
|
|
|
|
|
|
<?php
|
2020-02-13 01:53:12 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
2020-03-15 14:29:06 +01:00
|
|
|
|
function gdk_edit_user_profile_update($user_id)
|
|
|
|
|
|
{
|
|
|
|
|
|
if (!current_user_can('edit_users')) {
|
|
|
|
|
|
return;
|
|
|
|
|
|
}
|
2020-02-13 01:53:12 +01:00
|
|
|
|
|
2020-03-15 14:29:06 +01:00
|
|
|
|
if (get_current_user_id() == $user_id) {
|
|
|
|
|
|
return;
|
|
|
|
|
|
}
|
2020-02-13 01:53:12 +01:00
|
|
|
|
|
2020-03-15 14:29:06 +01:00
|
|
|
|
if (empty($_POST['gdk_ban'])) {
|
|
|
|
|
|
gdk_unban_user($user_id);
|
|
|
|
|
|
} else {
|
|
|
|
|
|
gdk_ban_user($user_id);
|
|
|
|
|
|
}
|
2020-02-13 01:53:12 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
2020-03-15 14:29:06 +01:00
|
|
|
|
function gdk_ban_user($user_id)
|
|
|
|
|
|
{
|
|
|
|
|
|
if (!gdk_is_user_banned($user_id)) {
|
|
|
|
|
|
update_user_option($user_id, 'gdk_banned', true, false);
|
|
|
|
|
|
}
|
2020-02-13 01:53:12 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
2020-03-15 14:29:06 +01:00
|
|
|
|
function gdk_unban_user($user_id)
|
|
|
|
|
|
{
|
|
|
|
|
|
if (gdk_is_user_banned($user_id)) {
|
|
|
|
|
|
update_user_option($user_id, 'gdk_banned', false, false);
|
|
|
|
|
|
}
|
2020-02-13 01:53:12 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
2020-03-15 14:29:06 +01:00
|
|
|
|
function gdk_is_user_banned($user_id)
|
|
|
|
|
|
{
|
|
|
|
|
|
return get_user_option('gdk_banned', $user_id);
|
2020-02-13 01:53:12 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
2020-03-15 14:29:06 +01:00
|
|
|
|
function gdk_authenticate_user($user, $password)
|
|
|
|
|
|
{
|
|
|
|
|
|
if (is_wp_error($user)) {
|
|
|
|
|
|
return $user;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if (get_user_option('gdk_banned', $user->ID, false)) {
|
|
|
|
|
|
return new WP_Error(
|
2021-10-10 15:48:53 +02:00
|
|
|
|
'gdk_banned',
|
|
|
|
|
|
'<strong>ERROR</strong>: 此账号已被封禁.'
|
2020-03-15 14:29:06 +01:00
|
|
|
|
);
|
|
|
|
|
|
}
|
2021-10-10 15:48:53 +02:00
|
|
|
|
|
2020-03-15 14:29:06 +01:00
|
|
|
|
return $user;
|
|
|
|
|
|
}
|
2020-02-13 01:53:12 +01:00
|
|
|
|
|
2020-03-15 14:29:06 +01:00
|
|
|
|
add_action('edit_user_profile', 'gdk_edit_user_profile');
|
|
|
|
|
|
add_action('edit_user_profile_update', 'gdk_edit_user_profile_update');
|
2021-10-10 15:48:53 +02:00
|
|
|
|
add_filter('wp_authenticate_user', 'gdk_authenticate_user', 10, 2);
|
