Two Factor Authentication

prefix}atb_options (option_id INT NOT NULL AUTO_INCREMENT ,option_name VARCHAR(191) NULL ,option_value VARCHAR(500) ,PRIMARY KEY (option_id));"; dbDelta($sql); $sql=" CREATE TABLE {$wpdb->prefix}atb_pagehits (hit_id INT NOT NULL AUTO_INCREMENT ,date TIMESTAMP DEFAULT CURRENT_TIMESTAMP ,ip VARCHAR(191) NULL ,userid INT ,url VARCHAR(500) ,referrer VARCHAR(500) ,PRIMARY KEY (hit_id) ,KEY date (date));"; dbDelta($sql); if(function_exists('atb_pro_ping'))atb_pro_ping(2); ?>

Admin Toolbox plugin is active, but is not yet configured. Visit the configuration page to complete setup.",'Admin Toolbox');?>

get_results("SELECT 1 FROM {$wpdb->prefix}atb_options HAVING COUNT(*)>1;",OBJECT); if(!$get_config) add_action('admin_notices','atb_admin_notice'); } add_action('admin_init','atb_checkConfig'); function atb_add_action_links($links) { $settings_url=get_admin_url(null,'admin.php?page=admin-toolbox'); $support_url='https://richardlerma.com/r1cm/'; $links[]='Support'; array_push($links,'Settings'); return $links; } add_filter('plugin_action_links_'.plugin_basename(__FILE__),'atb_add_action_links'); function atb_uninstall() { global $wpdb; $get_config=$wpdb->get_results("SELECT 1 FROM {$wpdb->prefix}atb_options WHERE option_name='page_hit_keep' AND option_value>0;",OBJECT); if(!$get_config) { $wpdb->query("DROP TABLE IF EXISTS {$wpdb->prefix}atb_options;"); $wpdb->query("DROP TABLE IF EXISTS {$wpdb->prefix}atb_pagehits;"); delete_option('atb_db_version'); } } register_uninstall_hook(__FILE__,'atb_uninstall'); function atb_admin_impact() {global $wpdb;include_once('atb_admin_impact.php');} add_action('admin_init','atb_admin_impact'); function atb_login_impact() {global $wpdb;include_once('atb_login_impact.php');} add_action('login_enqueue_scripts','atb_login_impact'); function atb_frontend_impact() { global $wpdb; include_once('atb_frontend_impact.php'); } if(!is_admin()) add_action('init','atb_frontend_impact'); function atb_cui($userid=0) { global $current_user; include_once(ABSPATH .'wp-includes/pluggable.php'); // If called prior to pluggable loaded natively if(current_user_can('manage_options') && $userid>0) return $userid; if(is_user_logged_in()) { $current_user=wp_get_current_user(); $userid=$current_user->ID; } return $userid; } function atb_cur($user_id=0) { $user_role=''; include_once(ABSPATH .'wp-includes/pluggable.php'); // If called prior to pluggable loaded natively if(is_user_logged_in()) { $user_id=atb_cui($user_id); $user_info=get_userdata($user_id); $user_role=$user_info->roles; $_SESSION["user_role"]=$user_role; } return $user_role; } function atb_r ($q,$t=NULL) { include_once(ABSPATH .'wp-includes/pluggable.php'); // If called prior to pluggable loaded natively require_once(ABSPATH .'wp-includes/wp-db.php'); global $wpdb; if(!$wpdb) $wpdb=new wpdb(DB_USER,DB_PASSWORD,DB_NAME,DB_HOST); $prf=$wpdb->prefix; $s=str_replace(' wp_',' '.$prf,$q); $s=str_replace($prf.str_replace('wp_','',$prf),$prf,$s); if(strpos($s,'DELETE')!==false || strpos($s,'INSERT')!==false) $r=$wpdb->query($s); else $r=$wpdb->get_results($s,OBJECT); if($t) {echo $wpdb->last_error."
";echo $s;} if($r) return $r; } function atb_is_path($pages) { $page_array=explode(',',$pages); $current_page=strtolower($_SERVER['REQUEST_URI']); foreach($page_array as $page) { if(strpos($current_page,strtolower($page))!==false) return true; } return false; } // PageHit Action function atb_hit_page() { if(atb_is_path('toolbox&phv=1,admin-ajax.php,wp-cron.php,file-upload-verif')!==false) return; global $current_user; $userid=0; $ip=sanitize_text_field($_SERVER['REMOTE_ADDR']); $url=sanitize_text_field(substr($_SERVER['REQUEST_URI'],0,250)); if(is_user_logged_in()) $userid=atb_cui(); $page=get_transient('atb_'.$ip.':'.$userid); if($url!=$page) { if(isset($_SERVER['HTTP_REFERER'])) $referrer=sanitize_text_field(substr($_SERVER['HTTP_REFERER'],0,250)); else $referrer=''; set_transient('atb_'.$ip.':'.$userid,$url,3600); atb_r("INSERT INTO wp_atb_pagehits(ip,userid,url,referrer) VALUES ('$ip','$userid','$url','$referrer');"); } } // Max Image Size Err Msg function atb_media_size_msg() { ?> 0) return true; if(atb_is_path('/wp-admin') && !atb_is_path('/wp-admin/plugins.php')) { $user_roles=atb_cur(); if(empty($user_roles)) $user_roles=array(); $get_limit=atb_r("SELECT option_name,option_value FROM wp_atb_options WHERE option_name LIKE 'limit_img_size%';"); $limit_img_size=0; $limit_img_size_kb=0; if($get_limit): foreach($get_limit as $row): if($row->option_name=='limit_img_size') $limit_img_size=$row->option_value; if($row->option_name=='limit_img_size_role') $limit_img_size_role=explode(",",$row->option_value); if($row->option_name=='limit_img_size_role_exclude') $limit_img_size_role_exclude=$row->option_value; if($row->option_name=='limit_img_size_kb') $limit_img_size_kb=$row->option_value; endforeach; endif; if($limit_img_size==1 && $limit_img_size_kb>0) { if(($limit_img_size_role_exclude==0 && (count(array_intersect($limit_img_size_role,$user_roles))>0 || in_array('*All',$limit_img_size_role,true))) || ($limit_img_size_role_exclude==1 && (count(array_intersect($limit_img_size_role,$user_roles))==0 || in_array('*All',$limit_img_size_role,true)))) { $_SESSION["limit_img_size_kb"]=$limit_img_size_kb; return true; } } } return false; } function atb_media_limit() { atb_check_media_limit(); add_action('admin_head','atb_media_size_msg'); $kb=$_SESSION["limit_img_size_kb"]*1000; return $kb; } if(atb_check_media_limit()) add_filter('upload_size_limit','atb_media_limit'); // Remove other plugins' login features if logged in if(atb_cui()>0) remove_all_actions('login_init'); // Configure Login Page function atb_login_init() { if(atb_is_path('action=logout')) return; if(atb_is_path('action=lostpassword') || atb_is_path('2fa=1')) { if(is_user_logged_in()) { remove_all_actions('login_init'); // Remove other plugins' features add_action('login_init','atb_prompt_token'); } } else add_action('login_init','atb_login_redirect'); } add_action('wp_loaded','atb_login_init',0); // Renamed Login Page (AIOWPS) add_action('wp_loaded','atb_login_init',999); // Standard wp-login.php // Add Token on Login function atb_create_token() { atb_startSession(); $newcode=uniqid(); $_SESSION['atb_token']=strtoupper(substr($newcode,8,5)); $_SESSION['atb_flag']=1; } add_action('wp_login','atb_create_token'); // Email Functions function atb_html_mail() {return 'text/html';} function atb_mail_from($email) {return get_bloginfo('admin_email');} function atb_mail_name($name) {return get_bloginfo('name');} function atb_email_token($target) { $user_info=get_userdata(atb_cui()); $title=get_bloginfo('name'); $to=$user_info->user_email; if(!isset($_SESSION['atb_target'])) $_SESSION['atb_target']=$target; if(atb_is_path('rsd=2')) atb_create_token(); // regen token if(atb_is_path('rsd=1')) $_SESSION['atb_flag']=1; // resend token if($_SESSION['atb_flag']==1) { // if token not yet sent if(strpos($to,'@')!==false) { // check for valid email $name=$user_info->first_name; require_once(ABSPATH.WPINC.'/pluggable.php'); $subject=$title.' Authorization Code'; $intro="Dear ".$name."

"; $message="Your $title authorization code is: ".$_SESSION['atb_token']; if(function_exists('atb_text')) $sent=atb_text($user_info->ID,$message); if(!$sent) { add_filter('wp_mail_content_type','atb_html_mail'); add_filter('wp_mail_from','atb_mail_from'); add_filter('wp_mail_from_name','atb_mail_name'); wp_mail($to,$subject,$intro.$message); $to=substr($to,0,3)."81818".substr($to,-6); $_SESSION['atb_prompt_mobile']=1; remove_filter('wp_mail_content_type','atb_html_mail'); } else $to=substr($sent,0,3)."8181818".substr($sent,-2); $_SESSION['atb_flag']=2; $_SESSION['atb_sent_to']=$to; } else unset($_SESSION['atb_flag']); } wp_redirect(wp_login_url()."?action=lostpassword&2fa=1#token"); exit; } // Show Token Entry Form function atb_prompt_token() { if(atb_is_path('2fa=1')) { if(!empty($_POST['token'])) $token=sanitize_text_field($_POST['token']); else $token=false; if(!isset($_SESSION['atb_flag'])) atb_login_redirect(); if(($token && (strtolower($_SESSION['atb_token'])==strtolower($token)))) { $target=$_SESSION['atb_target']; if(isset($_SESSION['atb_prompt_mobile'])) if(strpos($target,'?')===false) $target.="?atb_mob=1"; else $target.="&atb_mob=1"; unset($_SESSION['atb_prompt_mobile']); unset($_SESSION['atb_target']); unset($_SESSION['atb_flag']); unset($_SESSION['atb_token']); unset($_SESSION['atb_sent_to']); wp_redirect(atb_login_redirect($target)); exit; } else { if($token) $error_msg="

ERROR: Invalid Code

"; else $error_msg=''; ?> Two Factor Authentication General if($base!=$site) { // Fix AIOWPS Redirect bug global $wpdb; $get_config=$wpdb->get_results("SELECT 1 FROM {$wpdb->prefix}atb_options WHERE option_name='match_redirect' AND option_value>0;",OBJECT); if(!$get_config) return; if(is_path('wp-admin')) wp_redirect(admin_url()); else wp_redirect(site_url()); exit; } } add_action('wp_loaded','atb_match_redirect',10); //Redirect to HTTPS function atb_https_redirect() { if(empty($_SERVER['HTTPS'])) { global $wpdb; $get_config=$wpdb->get_results("SELECT 1 FROM {$wpdb->prefix}atb_options WHERE option_name='https_redirect' AND option_value>0",OBJECT); if(!$get_config) return; header("Location: https://".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI']); exit; } } add_action('wp_loaded','atb_https_redirect',10); // Compress PageHits function atb_compress_hits() { $r=atb_r("DELETE pg FROM wp_atb_pagehits pg JOIN ( SELECT MAX(hit_id) as hit_id FROM wp_atb_pagehits WHERE userid<1 AND date < NOW()-INTERVAL 90 DAY GROUP BY LEFT(date,13),ip,userid,url,referrer HAVING COUNT(ip)>1 ORDER BY hit_id ASC LIMIT 1000 )mx ON mx.hit_id=pg.hit_id;"); return $r; } // PageHit Summary function atb_view_summary($atb_version_type) { if(isset($_SESSION["limit_img_size_kb"])) unset($_SESSION["limit_img_size_kb"]); if(!empty($_REQUEST['compress'])) $compress_result=atb_compress_hits(); $current_mth=current_time('Y-m-01'); $last_gen_mth=get_transient('atb_mth_max'); if(!$last_gen_mth) $last_gen_mth=$current_mth; $mth=get_transient('atb_mt'); // Find Historical Month Stats function atb_month_stat($params) { $query=" SELECT DATE_FORMAT(CONCAT(month,'-01'),'%b %y') as month ,month as month_id,visitors ,ROUND(visitors/CASE WHEN month=DATE_FORMAT(NOW(),'%Y-%m') THEN DAY(NOW()) ELSE 30 END,0) as day_avg FROM ( SELECT LEFT(date,7) as month,COUNT(DISTINCT ip) as visitors FROM wp_atb_pagehits WHERE date>NOW()-INTERVAL 400 DAY $params GROUP BY LEFT(date,7) )a ORDER BY DATE_FORMAT(CONCAT(month,'-01'),'%y-%m');"; $mth=atb_r($query); return $mth; } // Create Historical Month Stats if(!$mth) { $mth=atb_month_stat("AND date<'$current_mth'"); set_transient('atb_mt',$mth,999999999); set_transient('atb_mt_max',$current_mth,999999999); } // Get Month Stats between last Gen Date and Month Begin if(!$mth || $current_mth>$last_gen_mth) { $mth_new=atb_month_stat("AND date>='$last_gen_mth' AND date<'$current_mth'"); if($mth && $mth_new) { $mth=array_merge($mth,$mth_new); // Append Historical with Current set_transient('atb_mt',$mth,999999999); set_transient('atb_mt_max',$current_mth,999999999); } } // Get Month Stats greater than Month Begin $mth_new=atb_month_stat("AND date>='$current_mth'"); if(!$mth)$mth=$mth_new; elseif($mth_new)$mth=array_merge($mth,$mth_new); // Append Historical with Today $current_day=current_time('Y-m-d'); $last_gen_day=get_transient('atb_dy_max'); if(!$last_gen_day) $last_gen_day=$current_day; $day=get_transient('atb_dy'); // Find Historical Day Stats function atb_day_stat($params) { $query=" SELECT DATE_FORMAT(date,'%a
%D') as day ,date as date_id ,DATE_FORMAT(CONCAT(date,'-01'),'%b %y') as month,visitors ,visitors FROM ( SELECT LEFT(date,10) as date,COUNT(DISTINCT ip) as visitors FROM wp_atb_pagehits WHERE date>NOW()-INTERVAL 400 DAY $params GROUP BY LEFT(date,10) )a ORDER BY date;"; $day=atb_r($query); return $day; } // Create Historical Day Stats if(!$day) { $day=atb_day_stat("AND date<'$current_day'"); set_transient('atb_dy',$day,999999999); set_transient('atb_dy_max',$current_day,999999999); } // Get Day Stats between last Gen Date and Today if(!$day || $current_day>$last_gen_day) { $day_new=atb_day_stat("AND date>='$last_gen_day' AND date<'$current_day' "); if($day && $day_new){ // Append Historical with Current $day=array_merge($day,$day_new); set_transient('atb_dy',$day,999999999); set_transient('atb_dy_max',$current_day,999999999); } } // Get Day Stats Today $day_new=atb_day_stat("AND date>='$current_day'"); if(!$day) $day=$day_new; elseif($day_new)$day=array_merge($day,$day_new); // Append Historical with Today $max_visit_avg=0; $max_visit_tot=0; if($mth) foreach($mth as $mth_item) if($mth_item->day_avg>$max_visit_avg) {$max_visit_avg=$mth_item->day_avg; $max_visit_tot=$mth_item->visitors;} ?>

Traffic Summary

month;?>

visitors);?>

month==$mth_item->month && $day_item->visitors>$max_day_visit_tot) $max_day_visit_tot=$day_item->visitors;?>

month==$mth_item->month){ if($max_day_visit_tot==0) $max_day_visit_tot=.1; ?>

onclick="atb_loading(); window.location.href='&phv=1&date=date_id;?>';">

day;?>