Two Factor Authentication

prefix}atb_options (option_id INT NOT NULL AUTO_INCREMENT ,option_name VARCHAR(191) NULL ,option_value VARCHAR(500) ,PRIMARY KEY (option_id));"; dbDelta($sql); $sql=" CREATE TABLE IF NOT EXISTS {$wpdb->prefix}atb_pagehits (hit_id INT NOT NULL AUTO_INCREMENT ,date TIMESTAMP DEFAULT CURRENT_TIMESTAMP ,ip VARCHAR(191) NULL ,userid INT ,url VARCHAR(500) ,referrer VARCHAR(500) ,PRIMARY KEY (hit_id));"; dbDelta($sql); } register_activation_hook(__FILE__,'atb_activate'); if(atb_is_path('/wp-admin/plugins.php') && atb_is_path('plugin=admin-toolbox')) {?>

Admin Toolbox plugin is active, but isn't configured to do anything yet. Visit the configuration page to complete setup.",'Admin Toolbox');?>

Support'; array_push($links,'Settings'); return $links; } add_filter('plugin_action_links_'.plugin_basename(__FILE__),'atb_add_action_links'); function atb_uninstall() { global $wpdb; $wpdb->query("DROP TABLE IF EXISTS {$wpdb->prefix}atb_options;"); $wpdb->query("DROP TABLE IF EXISTS {$wpdb->prefix}atb_pagehits;"); } register_uninstall_hook(__FILE__,'atb_uninstall'); function atb_admin_impact() { global $wpdb; include_once('atb_admin_impact.php'); } add_action('admin_enqueue_scripts','atb_admin_impact'); function atb_login_impact() { global $wpdb; include_once('atb_login_impact.php'); } add_action('login_enqueue_scripts','atb_login_impact'); function atb_frontend_impact() { global $wpdb; include_once('atb_frontend_impact.php'); } add_action('wp_enqueue_scripts','atb_frontend_impact'); function atb_current_userid() { global $current_user; $userid=0; include_once(ABSPATH .'wp-includes/pluggable.php'); // If called prior to pluggable loaded natively if(is_user_logged_in()) { $current_user=wp_get_current_user(); $userid=$current_user->ID; } return $userid; } function atb_current_user_role() { $user_role=''; include_once(ABSPATH .'wp-includes/pluggable.php'); // If called prior to pluggable loaded natively if(is_user_logged_in()) { $user_id=atb_current_userid(); $user_info=get_userdata($user_id); $user_role=$user_info->roles; $_SESSION["user_role"]=$user_role; } return $user_role; } // PageHit Action function atb_hit_page() { global $current_user; $userid=0; if(is_user_logged_in()) $userid=atb_current_userid(); $url=substr($_SERVER['REQUEST_URI'],0,250); if(isset($_SERVER['HTTP_REFERER'])) $referrer=substr($_SERVER['HTTP_REFERER'],0,250); else $referrer=''; global $wpdb; if(strpos($url,'&phv=1')===false) $wpdb->query(" INSERT INTO {$wpdb->prefix}atb_pagehits(ip,userid,url,referrer) VALUES ('{$_SERVER['REMOTE_ADDR']}','$userid','$url','$referrer'); "); $time=time(); if($time % 20===0) // 1/20 chance to run $wpdb->query("DELETE FROM {$wpdb->prefix}atb_pagehits WHERE DATE_FORMAT(date,'%Y-%m') 0) return true; if(atb_is_path('/wp-admin')) { global $wpdb; $user_roles=atb_current_user_role(); if(empty($user_roles)) $user_roles=array(); $get_limit=$wpdb->get_results("SELECT option_name,option_value FROM {$wpdb->prefix}atb_options WHERE option_name LIKE 'limit_img_size%';",OBJECT); if($get_limit): foreach($get_limit as $row): if($row->option_name=='limit_img_size') $limit_img_size=$row->option_value; if($row->option_name=='limit_img_size_role') $limit_img_size_role=explode(",",$row->option_value); if($row->option_name=='limit_img_size_role_exclude') $limit_img_size_role_exclude=$row->option_value; if($row->option_name=='limit_img_size_kb') $limit_img_size_kb=$row->option_value; endforeach; endif; if($limit_img_size==1 && $limit_img_size_kb>0) { if(($limit_img_size_role_exclude==0 && (count(array_intersect($limit_img_size_role,$user_roles))>0 || in_array('*All',$limit_img_size_role,true))) || ($limit_img_size_role_exclude==1 && (count(array_intersect($limit_img_size_role,$user_roles))==0 || in_array('*All',$limit_img_size_role,true)))) { $_SESSION["limit_img_size_kb"]=$limit_img_size_kb; return true; } } } return false; } function atb_media_limit() { atb_check_media_limit(); add_action('admin_head','atb_media_size_msg'); $kb=$_SESSION["limit_img_size_kb"]*1000; return $kb; } if(atb_check_media_limit()) add_filter('upload_size_limit','atb_media_limit'); // Remove other plugins' login features if logged in if(atb_current_userid()>0) remove_all_actions('login_init'); // Configure Login Page function atb_login_init() { if(atb_is_path('action=logout')) return; if(atb_is_path('action=lostpassword') || atb_is_path('2fa=1')) { if(is_user_logged_in()) { remove_all_actions('login_init'); // Remove other plugins' features add_action('login_init','atb_prompt_token'); } } else add_action('login_init','atb_login_redirect'); } add_action('wp_loaded','atb_login_init',0); // Renamed Login Page (AIOWPS) add_action('wp_loaded','atb_login_init',999); // Standard wp-login.php // Add Token on Login function atb_create_token() { atb_startSession(); $newcode=uniqid(); $_SESSION['atb_token']=strtoupper(substr($newcode,8,5)); $_SESSION['atb_flag']=1; } add_action('wp_login','atb_create_token'); // Generate Authorization Email function atb_email_token($target) { $user_info=get_userdata(atb_current_userid()); $title=get_bloginfo('name'); $email=$user_info->user_email; if(!isset($_SESSION['atb_target'])) $_SESSION['atb_target']=$target; if(atb_is_path('rgn=1')) atb_create_token(); // regen token if($_SESSION['atb_flag']==1) { // if not already sent if(strpos($email,'@')!==false) { // check for valid email $name=$user_info->first_name; require_once(ABSPATH.WPINC.'/pluggable.php'); $subject=$title.' Authorization Code'; $message="Dear ".$name."

Please find your $title authorization code below:

".$_SESSION['atb_token']; function atb_html_mail() {return 'text/html';} add_filter('wp_mail_content_type','atb_html_mail'); $sent=wp_mail($email,$subject,$message,$headers); $_SESSION['atb_flag']=2; remove_filter('wp_mail_content_type','atb_html_mail'); } else unset($_SESSION['atb_flag']); } $target=str_replace('?rgn=1','',$target); wp_redirect(wp_login_url()."?action=lostpassword&2fa=1"); exit; } // Show Token Entry Form function atb_prompt_token() { if(atb_is_path('2fa=1')) { if(!empty($_POST['token'])) $token=sanitize_text_field($_POST['token']); else $token=false; if(!isset($_SESSION['atb_flag'])) atb_login_redirect(); if(($token && (strtolower($_SESSION['atb_token'])==strtolower($token)))) { $target=$_SESSION['atb_target']; unset($_SESSION['atb_target']); unset($_SESSION['atb_flag']); unset($_SESSION['atb_token']); wp_redirect(atb_login_redirect($target)); exit; } else { if($token) $error_msg="

ERROR: Invalid Code

"; $user_info=get_userdata(atb_current_userid()); $email=$user_info->user_email;?> Two Factor Authentication prefix}atb_pagehits GROUP BY LEFT(date,7) )a ORDER BY DATE_FORMAT(CONCAT(month,'-01'),'%y-%m');"; $mth=$wpdb->get_results($mth_query, OBJECT); $day_query=" SELECT DATE_FORMAT(date,'%a
%D') as day ,date as date_id ,DATE_FORMAT(CONCAT(date,'-01'),'%b %y') as month ,visitors FROM ( SELECT LEFT(date,10) as date ,COUNT(DISTINCT ip) as visitors FROM {$wpdb->prefix}atb_pagehits GROUP BY LEFT(date,10) )a ORDER BY date;"; $day=$wpdb->get_results($day_query, OBJECT); $max_visit_avg=0; $max_visit_tot=0; foreach($mth as $mth_item) if($mth_item->day_avg>$max_visit_avg) {$max_visit_avg=$mth_item->day_avg; $max_visit_tot=$mth_item->visitors;}?>

Traffic Summary

month;?>

visitors);?>

month==$mth_item->month && $day_item->visitors>$max_day_visit_tot) $max_day_visit_tot=$day_item->visitors;?>

month==$mth_item->month){ if($max_day_visit_tot==0) $max_day_visit_tot=.1; ?>

day;?>

prefix}atb_pagehits ph LEFT JOIN {$wpdb->prefix}users u ON u.ID=ph.userid WHERE 1=1 AND (LENGTH('$uid')=0 OR userid='$uid') AND (LENGTH('$date')=0 OR LEFT(DATE_ADD(date,INTERVAL -5 HOUR),10)='$date') AND (LENGTH('$url')=0 OR url LIKE '$url%') ORDER BY 1 DESC LIMIT $row_limit; "; $hits=$wpdb->get_results($hit_query, OBJECT); $date_query=" SELECT DISTINCT DATE_FORMAT(DATE_ADD(date,INTERVAL -5 HOUR),'%Y-%m-%d') as date FROM {$wpdb->prefix}atb_pagehits ORDER BY 1 DESC "; $dates=$wpdb->get_results($date_query, OBJECT); $user_query=" SELECT DISTINCT userid ,IFNULL(CONCAT(u.display_name,' (',user_email,')'),'Visitor') as user FROM {$wpdb->prefix}atb_pagehits ph LEFT JOIN {$wpdb->prefix}users u ON u.ID=ph.userid ORDER BY user "; $users=$wpdb->get_results($user_query, OBJECT); $url_query=" SELECT * FROM ( SELECT DISTINCT url FROM {$wpdb->prefix}atb_pagehits WHERE LOCATE('?',url)=0 UNION SELECT DISTINCT LEFT(url,INSTR(url,'?')-1) as url FROM {$wpdb->prefix}atb_pagehits )ph WHERE LENGTH(url)>1 AND LOCATE('/>',url)=0 AND LOCATE('auto-draft',url)=0 AND LOCATE('checkout/order-',url)=0 ORDER BY 1; "; $urls=$wpdb->get_results($url_query, OBJECT);?>

num_rows; if($row_count>0): global $hit;?>

hit_id;?>'>

Date	IP	User	URL	Referrer
date;?>	ip;?>	userid>0) {?>user;?>	url;?>	referrer;?>
more ✚

No Results'; endif; ?>