File "Abstract.php"
Full Path: /home/timepamn/dailynetworth.org/wp-content/plugins/hide-my-wp/models/bruteforce/Abstract.php
File size: 3.71 KB
MIME-type: text/x-php
Charset: utf-8
<?php
/**
* Compatibility Class
*
* @file The Abstract Model file
* @package HMWP/Compatibility/Abstract
* @since 7.0.0
*/
defined( 'ABSPATH' ) || die( 'Cheatin\' uh?' );
abstract class HMWP_Models_Bruteforce_Abstract {
/**
* Show the header for the selected Brute Force
*
* @return void outputs html
*/
public function head() {}
/**
* Show the form for the selected Brute Force
*
* @return void outputs html
*/
public function form() {}
/**
* Checks for pre authentication BEFORE authentication so that bots don't get to go around the login form.
* If we are using our math fallback, authenticate via math-fallback.php
*
* @param string $user Passed via WordPress action. Not used.
*
* @return bool True, if WP_Error. False, if not WP_Error., $user Containing the auth results
* @throws Exception
*/
function pre_authentication( $user = '' ) {
if ( ! apply_filters( 'hmwp_preauth_check', true ) ) {
return $user;
}
/** @var HMWP_Models_Brute $bruteForceModel */
$bruteForceModel = HMWP_Classes_ObjController::getClass( 'HMWP_Models_Brute' );
// Check Brute Force Math or Google reCaptcha
$response = $bruteForceModel->bruteForceCheck();
// If this is a whitelist IP, return
if ( $response['status'] == 'whitelist' ) {
return $user;
}
// Check the error in authentication
if ( is_wp_error( $user ) ) {
if ( method_exists( $user, 'get_error_codes' ) ) {
$errors = $user->get_error_codes();
if ( ! empty( $errors ) ) {
foreach ( $errors as $error ) {
// Don't process the attempts if the fields are empty
if ( $error == 'empty_username' || $error == 'empty_password' ) {
return $user;
}
// Check if the brute force username option is enabled
if ( HMWP_Classes_Tools::getOption( 'hmwp_bruteforce_username' ) ) {
if ( $error == 'invalid_username' ) {
// Get current IP
/** @var HMWP_Models_Bruteforce_IpAddress $bruteForceIp */
$bruteForceIp = HMWP_Classes_ObjController::getClass( 'HMWP_Models_Bruteforce_IpAddress' );
// Block current IP on invalid username
$bruteForceModel->blockIp( $bruteForceIp->getIp() );
// Stop the process here
$bruteForceModel->bruteForceBlock();
}
}
}
}
}
}
// Check the reCaptcha error
$user = $this->authenticate( $user, $response );
// If there is a login error
if ( is_wp_error( $user ) ) {
// Show the number of attempts left based on the failed attempts
if ( isset( $response['attempts'] ) ) {
//show how many attempts remained
$attempts_left = max(((int)HMWP_Classes_Tools::getOption('brute_max_attempts') - $response['attempts']), 1);
$user = new WP_Error( 'authentication_failed', $user->get_error_message() . '<br />' . sprintf( esc_html__( 'You got %d attempts left before lockout.', 'hide-my-wp' ), $attempts_left ) );
}
}
// If the login went successfully
if ( ! is_wp_error( $user ) ) {
// remove the failed attempts for this IP
$this->success();
}
return $user;
}
/**
* Called when success login is triggered
*
* @return void
* @throws Exception
*/
function success() {
/** @var HMWP_Models_Brute $bruteForceModel */
$bruteForceModel = HMWP_Classes_ObjController::getClass( 'HMWP_Models_Brute' );
// Register the process as failed
$bruteForceModel->processIp( 'clear_ip' );
}
/**
* Called via WP action wp_login_failed to log failed attempt in db
*
* @return void
* @throws Exception
*/
function failed() {
/** @var HMWP_Models_Brute $bruteForceModel */
$bruteForceModel = HMWP_Classes_ObjController::getClass( 'HMWP_Models_Brute' );
// Register the process as failed
$bruteForceModel->processIp( 'failed_attempt' );
}
}