mirror of
https://github.com/yunluo/gdk.git
synced 2024-05-23 08:32:18 +02:00
160 lines
6.3 KiB
PHP
160 lines
6.3 KiB
PHP
|
<?php
|
||
|
|
||
|
define('DISALLOW_FILE_MODS',true);
|
||
|
|
||
|
//阻止乱七八糟的请求
|
||
|
add_action( 'wp', 'gdk_prevent_script_injection' );
|
||
|
function gdk_prevent_script_injection() {
|
||
|
global $user_ID;
|
||
|
if( ! current_user_can( 'level_10' )) {
|
||
|
if ( strlen( $_SERVER['REQUEST_URI'] ) > 255 ||
|
||
|
stripos( $_SERVER['REQUEST_URI'], 'eval(' ) ||
|
||
|
stripos( $_SERVER['REQUEST_URI'], 'CONCAT' ) ||
|
||
|
stripos( $_SERVER['REQUEST_URI'], 'UNION+SELECT' ) ||
|
||
|
stripos( $_SERVER['REQUEST_URI'], 'GLOBALS(' ) ||
|
||
|
stripos( $_SERVER['REQUEST_URI'], '_REQUEST' ) ||
|
||
|
stripos( $_SERVER['REQUEST_URI'], '/localhost' ) ||
|
||
|
stripos( $_SERVER['QUERY_STRING'], '127.0.0.1' ) ||
|
||
|
stripos( $_SERVER['REQUEST_URI'], '/config.' ) ||
|
||
|
stripos( $_SERVER['REQUEST_URI'], 'wp-config.' ) ||
|
||
|
stripos( $_SERVER['REQUEST_URI'], 'etc/passwd' ) ||
|
||
|
stripos( $_SERVER['REQUEST_URI'], '<' ) ||
|
||
|
stripos( $_SERVER['REQUEST_URI'], 'base64' ) ) {
|
||
|
@header( 'HTTP/1.1 403 Forbidden' );
|
||
|
@header( 'Status: 403 Forbidden') ;
|
||
|
@header( 'Connection: Close' );
|
||
|
@exit;
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
|
||
|
if ( ! class_exists( 'Gdk_Limit_Login_Attempts' ) ) {
|
||
|
class Gdk_Limit_Login_Attempts {
|
||
|
var $failed_login_limit = 3;
|
||
|
//登录失败的次数限制
|
||
|
var $lockout_duration = 60;
|
||
|
//暂停登陆时间
|
||
|
var $transient_name = 'attempted_login';
|
||
|
//Transient used
|
||
|
public function __construct() {
|
||
|
$failed_login_limit = gdk_get_option('gdk_failed_login_limit');
|
||
|
$lockout_duration = gdk_get_option('gdk_lockout_duration');
|
||
|
add_filter( 'authenticate', array( $this, 'check_attempted_login' ), 30, 3 );
|
||
|
add_action( 'wp_login_failed', array( $this, 'login_failed' ), 10, 1 );
|
||
|
}
|
||
|
/**
|
||
|
* Lock login attempts of failed login limit is reached
|
||
|
*/
|
||
|
public function check_attempted_login( $user, $username, $password ) {
|
||
|
if ( get_transient( $this->transient_name ) ) {
|
||
|
$datas = get_transient( $this->transient_name );
|
||
|
if ( $datas['tried'] >= $this->failed_login_limit ) {
|
||
|
$until = get_option( '_transient_timeout_' . $this->transient_name );
|
||
|
$time = $this->when( $until );
|
||
|
//Display error message to the user when limit is reached
|
||
|
return new WP_Error( 'too_many_tried', sprintf( esc_attr( 'ERROR: 您已达到登陆错误次数,请在 %1$s 后再次尝试登陆.' ) , $time ) );
|
||
|
}
|
||
|
}
|
||
|
return $user;
|
||
|
}
|
||
|
/**
|
||
|
* Add transient
|
||
|
*/
|
||
|
public function login_failed( $username ) {
|
||
|
if ( get_transient( $this->transient_name ) ) {
|
||
|
$datas = get_transient( $this->transient_name );
|
||
|
$datas['tried']++;
|
||
|
if ( $datas['tried'] <= $this->failed_login_limit )
|
||
|
set_transient( $this->transient_name, $datas , $this->lockout_duration );
|
||
|
} else {
|
||
|
$datas = array(
|
||
|
'tried' => 1
|
||
|
);
|
||
|
set_transient( $this->transient_name, $datas , $this->lockout_duration );
|
||
|
}
|
||
|
}
|
||
|
/**
|
||
|
* Return difference between 2 given dates
|
||
|
* @param int $time Date as Unix timestamp
|
||
|
* @return string Return string
|
||
|
*/
|
||
|
private function when( $time ) {
|
||
|
if ( ! $time )
|
||
|
return;
|
||
|
$right_now = time();
|
||
|
$diff = abs( $right_now - $time );
|
||
|
$second = 1;
|
||
|
$minute = $second * 60;
|
||
|
$hour = $minute * 60;
|
||
|
$day = $hour * 24;
|
||
|
if ( $diff < $minute )
|
||
|
return floor( $diff / $second ) . ' ' . esc_attr( '秒' );
|
||
|
if ( $diff < $minute * 2 )
|
||
|
return esc_attr( 'about 1 minute ago' );
|
||
|
if ( $diff < $hour )
|
||
|
return floor( $diff / $minute ) . ' ' . esc_attr( '分' );
|
||
|
if ( $diff < $hour * 2 )
|
||
|
return esc_attr( 'about 1 hour');
|
||
|
return floor( $diff / $hour ) . ' ' . esc_attr( '小时' );
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
//Enable it:
|
||
|
new Gdk_Limit_Login_Attempts();
|
||
|
|
||
|
|
||
|
|
||
|
//禁用登陆错误信息
|
||
|
function gdk_disable_login_errors( $error ) {
|
||
|
global $errors;
|
||
|
$err_codes = $errors->get_error_codes();
|
||
|
if ( ! in_array( 'too_many_tried', $err_codes ) ) {
|
||
|
// For security reason
|
||
|
return esc_attr('Access denied!');
|
||
|
}
|
||
|
return $error;
|
||
|
}
|
||
|
add_filter( 'login_errors', 'gdk_disable_login_errors' );
|
||
|
|
||
|
|
||
|
//禁用找回密码
|
||
|
class Gdk_Password_Reset_Removed
|
||
|
{
|
||
|
function __construct() {
|
||
|
add_filter( 'show_password_fields', array( $this, 'disable' ) );
|
||
|
add_filter( 'allow_password_reset', array( $this, 'disable' ) );
|
||
|
add_filter( 'gettext', array( $this, 'remove' ) );
|
||
|
}
|
||
|
|
||
|
function disable() {
|
||
|
if ( is_admin() ) {
|
||
|
$user_id = get_current_user_id();
|
||
|
$user = get_user_by('id' , $user_id );
|
||
|
if ( !empty( $user->roles ) && is_array( $user->roles ) && $user->roles[0] == 'administrator' )
|
||
|
return true;
|
||
|
}
|
||
|
return false;
|
||
|
}
|
||
|
|
||
|
function remove( $translated_text, $untranslated_text ) {
|
||
|
if ( is_login() && in_string($untranslated_text,'Lost your password?') ){
|
||
|
return str_replace('Lost your password?','',$untranslated_text);
|
||
|
}else{
|
||
|
return $translated_text;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
|
||
|
}
|
||
|
|
||
|
new Gdk_Password_Reset_Removed();
|
||
|
|
||
|
//拦截无来路的评论
|
||
|
add_action('check_comment_flood', 'gdk_comment_check_referrer');
|
||
|
function gdk_comment_check_referrer() {
|
||
|
if ( ! isset( $_SERVER['HTTP_REFERER'] ) || $_SERVER['HTTP_REFERER'] == '' ) {
|
||
|
wp_die( esc_attr( 'Please enable referrers in your browser!' ) );
|
||
|
}
|
||
|
}
|