File "Brute.php"
Full Path: /home/timepamn/dailynetworth.org/wp-content/plugins/hide-my-wp/controllers/Brute.php
File size: 6.6 KB
MIME-type: text/x-php
Charset: utf-8
<?php
/**
* Brute Force Protection
* Called when the Brute Force Protection is activated
*
* @file The Brute Force file
* @package HMWP/BruteForce
* @since 4.2.0
*/
defined( 'ABSPATH' ) || die( 'Cheatin\' uh?' );
/**
* Class HMWP_Controllers_Brute
*
* Handles brute force protection mechanisms including login, registration, and lost password
* attempts. Integrates various captcha methods to safeguard against automated attacks.
*/
class HMWP_Controllers_Brute extends HMWP_Classes_FrontController {
/**
* Load all Brute Force classes
*
* @throws Exception
*/
public function __construct() {
// Call parent constructor
parent::__construct();
// If the safe parameter is set, clear the banned IPs and let the default paths
if ( HMWP_Classes_Tools::calledSafeUrl( ) ) {
return;
}
// Load Brute Force for shortcodes
HMWP_Classes_ObjController::getClass( 'HMWP_Models_Bruteforce_Shortcode' );
// Check Brute Force on login
if ( HMWP_Classes_Tools::getOption( 'hmwp_bruteforce_login' ) ) {
HMWP_Classes_ObjController::getClass( 'HMWP_Models_Bruteforce_Login' );
}
// Check Brute Force on lost password
if ( HMWP_Classes_Tools::getOption( 'hmwp_bruteforce_lostpassword' ) ) {
HMWP_Classes_ObjController::getClass( 'HMWP_Models_Bruteforce_LostPassword' );
}
//Check Brute Force on comments
if ( HMWP_Classes_Tools::getOption( 'hmwp_bruteforce_comments' ) ) {
HMWP_Classes_ObjController::getClass( 'HMWP_Models_Bruteforce_Comments' );
}
//Check Brute Force on register
if ( HMWP_Classes_Tools::getOption( 'hmwp_bruteforce_register' ) ) {
HMWP_Classes_ObjController::getClass( 'HMWP_Models_Bruteforce_Registration' );
}
}
/**
* Hook into the front-end initialization process.
*
* @return void
*/
public function hookFrontinit() {
// Only if the user is not logged in
if ( function_exists( 'is_user_logged_in' ) && ! is_user_logged_in() ) {
// Load the Multilingual support for frontend
HMWP_Classes_Tools::loadMultilanguage();
// Check brute force
$this->model->bruteForceCheck();
}
}
/**
* Handles various actions related to brute force protection and IP management.
*
* @return void
* @throws Exception
*/
public function action() {
// Call parent action
parent::action();
// Handle different actions
switch ( HMWP_Classes_Tools::getValue( 'action' ) ) {
case 'hmwp_brutesettings':
// Save the brute force related settings
if ( isset( $_SERVER['REQUEST_METHOD'] ) && $_SERVER['REQUEST_METHOD'] === 'POST' ) {
HMWP_Classes_ObjController::getClass( 'HMWP_Models_Settings' )->saveValues( $_POST );
}
// Brute force math option
if ( HMWP_Classes_Tools::getValue( 'hmwp_bruteforce' ) ) {
$attempts = (int) HMWP_Classes_Tools::getValue( 'brute_max_attempts' );
if ( $attempts <= 0 ) {
$attempts = 3;
HMWP_Classes_Error::setNotification( esc_html__( 'You need to set a positive number of attempts.', 'hide-my-wp' ) );
}
HMWP_Classes_Tools::saveOptions( 'brute_max_attempts', $attempts );
$timeout = (int) HMWP_Classes_Tools::getValue( 'brute_max_timeout' );
if ( $timeout <= 0 ) {
$timeout = 3600;
HMWP_Classes_Error::setNotification( esc_html__( 'You need to set a positive waiting time.', 'hide-my-wp' ) );
}
HMWP_Classes_Tools::saveOptions( 'brute_max_timeout', $timeout );
}
// Save the text every time to prevent from removing the white space from the text
HMWP_Classes_Tools::saveOptions( 'hmwp_brute_message', HMWP_Classes_Tools::getValue( 'hmwp_brute_message', '', true ) );
// Clear the cache if there are no errors
if ( ! HMWP_Classes_Tools::getOption( 'error' ) ) {
if ( ! HMWP_Classes_Tools::getOption( 'logout' ) ) {
HMWP_Classes_Tools::saveOptionsBackup();
}
HMWP_Classes_Tools::emptyCache();
HMWP_Classes_Error::setNotification( esc_html__( 'Saved' ), 'success' );
}
break;
case 'hmwp_google_enterprise':
// Switch between google classic and google enterprise
HMWP_Classes_Tools::saveOptions( 'brute_use_google_enterprise', HMWP_Classes_Tools::getValue( 'brute_use_google_enterprise' ) );
break;
case 'hmwp_deleteip':
// Delete a specific IP from the blocked list
$ip = HMWP_Classes_Tools::getValue( 'ip' );
if ( $ip ) {
HMWP_Classes_ObjController::getClass( 'HMWP_Models_Bruteforce_Database' )->delete( $ip );
}
break;
case 'hmwp_deleteallips':
// Clear all blocked IPs
HMWP_Classes_ObjController::getClass( 'HMWP_Models_Bruteforce_Database' )->clearBlockedIPs();
break;
case 'hmwp_blockedips':
// Get the list of blocked IPs and send as JSON response if it's an Ajax request
if ( HMWP_Classes_Tools::isAjax() ) {
wp_send_json_success( $this->getBlockedIpsTable() );
}
break;
}
}
/**
* Retrieves and constructs an HTML table of blocked IP addresses and their details.
*
* @return string An HTML string representing a table with blocked IP addresses, including columns for IP address, number of failed attempts, hostname, and options for unlocking.
* @throws Exception
*/
public function getBlockedIpsTable() {
$data = '<table class="table table-striped" >';
$ips = HMWP_Classes_ObjController::getClass( 'HMWP_Models_Bruteforce_Database' )->getBlockedIps();
$data .= "<tr>
<th>" . esc_html__( 'Cnt', 'hide-my-wp' ) . "</th>
<th>" . esc_html__( 'IP', 'hide-my-wp' ) . "</th>
<th>" . esc_html__( 'Fail Attempts', 'hide-my-wp' ) . "</th>
<th>" . esc_html__( 'Options', 'hide-my-wp' ) . "</th>
</tr>";
if ( ! empty( $ips ) ) {
$cnt = 1;
foreach ( $ips as $ip ) {
$data .= "<tr>
<td>" . $cnt . "</td>
<td>{$ip['ip']}</td>
<td>{$ip['attempts']}</td>
<td class='p-2'> <form method=\"POST\">
" . wp_nonce_field( 'hmwp_deleteip', 'hmwp_nonce', true, false ) . "
<input type=\"hidden\" name=\"action\" value=\"hmwp_deleteip\" />
<input type=\"hidden\" name=\"ip\" value=\"" . $ip['ip'] . "\" />
<input type=\"submit\" class=\"btn rounded-0 btn-sm btn-light save no-p-v\" value=\"Unlock\" />
</form>
</td>
</tr>";
$cnt ++;
}
} else {
$data .= "<tr>
<td colspan='5'>" . esc_html__( 'No blacklisted ips', 'hide-my-wp' ) . "</td>
</tr>";
}
$data .= '</table>';
return $data;
}
}