debug_logger->log_debug("Nonce check failed on login lockdown options save!",4);
die("Nonce check failed on login lockdown options save!");
}
$max_login_attempt_val = sanitize_text_field($_POST['aiowps_max_login_attempts']);
if(!is_numeric($max_login_attempt_val))
{
$error .= ' '.__('You entered a non numeric value for the max login attempts field. It has been set to the default value.','aiowpsecurity');
$max_login_attempt_val = '3';//Set it to the default value for this field
}
$login_retry_time_period = sanitize_text_field($_POST['aiowps_retry_time_period']);
if(!is_numeric($login_retry_time_period))
{
$error .= ' '.__('You entered a non numeric value for the login retry time period field. It has been set to the default value.','aiowpsecurity');
$login_retry_time_period = '5';//Set it to the default value for this field
}
$lockout_time_length = sanitize_text_field($_POST['aiowps_lockout_time_length']);
if(!is_numeric($lockout_time_length))
{
$error .= ' '.__('You entered a non numeric value for the lockout time length field. It has been set to the default value.','aiowpsecurity');
$lockout_time_length = '60';//Set it to the default value for this field
}
$email_address = sanitize_email($_POST['aiowps_email_address']);
if(!is_email($email_address))
{
$error .= ' '.__('You have entered an incorrect email address format. It has been set to your WordPress admin email as default.','aiowpsecurity');
$email_address = get_bloginfo('admin_email'); //Set the default value to the blog admin email
}
if($error)
{
$this->show_msg_error(__('Attention!','aiowpsecurity').$error);
}
//Save all the form values to the options
$aio_wp_security->configs->set_value('aiowps_enable_login_lockdown',isset($_POST["aiowps_enable_login_lockdown"])?'1':'');
$aio_wp_security->configs->set_value('aiowps_max_login_attempts',absint($max_login_attempt_val));
$aio_wp_security->configs->set_value('aiowps_retry_time_period',absint($login_retry_time_period));
$aio_wp_security->configs->set_value('aiowps_lockout_time_length',absint($lockout_time_length));
$aio_wp_security->configs->set_value('aiowps_set_generic_login_msg',isset($_POST["aiowps_set_generic_login_msg"])?'1':'');
$aio_wp_security->configs->set_value('aiowps_enable_invalid_username_lockdown',isset($_POST["aiowps_enable_invalid_username_lockdown"])?'1':'');
$aio_wp_security->configs->set_value('aiowps_enable_email_notify',isset($_POST["aiowps_enable_email_notify"])?'1':'');
$aio_wp_security->configs->set_value('aiowps_email_address',$email_address);
$aio_wp_security->configs->save_config();
//Recalculate points after the feature status/options have been altered
$aiowps_feature_mgr->check_feature_status_and_recalculate_points();
$this->show_msg_settings_updated();
}
if(isset($_REQUEST['action'])) //Do list table form row action tasks
{
if($_REQUEST['action'] == 'delete_blocked_ip'){ //Delete link was clicked for a row in list table
$locked_ip_list->delete_lockdown_records(strip_tags($_REQUEST['lockdown_id']));
}
if($_REQUEST['action'] == 'unlock_ip'){ //Unlock link was clicked for a row in list table
$locked_ip_list->unlock_ip_range(strip_tags($_REQUEST['lockdown_id']));
}
}
?>
Cookie-Based Brute Force Login Prevention';
echo '
'.__('One of the ways hackers try to compromise sites is via a ', 'aiowpsecurity').''.__('Brute Force Login Attack', 'aiowpsecurity').'.
'.__('This is where attackers use repeated login attempts until they guess the password.', 'aiowpsecurity').'
'.__('Apart from choosing strong passwords, monitoring and blocking IP addresses which are involved in repeated login failures in a short period of time is a very effective way to stop these types of attacks.', 'aiowpsecurity').
'
'.sprintf( __('You may also want to checkout our %s feature for another secure way to protect against these types of attacks.', 'aiowpsecurity'), $brute_force_login_feature_link).'
prepare_items();
//echo "put table of locked entries here";
?>
debug_logger->log_debug("Nonce check failed for delete all failed login records operation!",4);
die(__('Nonce check failed for delete all failed login records operation!','aiowpsecurity'));
}
$failed_logins_table = AIOWPSEC_TBL_FAILED_LOGINS;
//Delete all records from the failed logins table
$result = $wpdb->query("truncate $failed_logins_table");
if ($result === FALSE)
{
$aio_wp_security->debug_logger->log_debug("User Login Feature - Delete all failed login records operation failed!",4);
$this->show_msg_error(__('User Login Feature - Delete all failed login records operation failed!','aiowpsecurity'));
}
else
{
$this->show_msg_updated(__('All records from the Failed Logins table were deleted successfully!','aiowpsecurity'));
}
}
include_once 'wp-security-list-login-fails.php'; //For rendering the AIOWPSecurity_List_Table in tab2
$failed_login_list = new AIOWPSecurity_List_Login_Failed_Attempts(); //For rendering the AIOWPSecurity_List_Table in tab2
if(isset($_REQUEST['action'])) //Do row action tasks for list table form for failed logins
{
if($_REQUEST['action'] == 'delete_failed_login_rec'){ //Delete link was clicked for a row in list table
$failed_login_list->delete_login_failed_records(strip_tags($_REQUEST['failed_login_id']));
}
}
?>
'.__('This tab displays the failed login attempts for your site.', 'aiowpsecurity').'
'.__('The information below can be handy if you need to do security investigations because it will show you the IP range, username and ID (if applicable) and the time/date of the failed login attempt.', 'aiowpsecurity').'
';
?>
prepare_items();
//echo "put table of locked entries here";
?>
debug_logger->log_debug("Nonce check failed on force logout options save!",4);
die("Nonce check failed on force logout options save!");
}
$logout_time_period = sanitize_text_field($_POST['aiowps_logout_time_period']);
if(!is_numeric($logout_time_period))
{
$error .= ' '.__('You entered a non numeric value for the logout time period field. It has been set to the default value.','aiowpsecurity');
$logout_time_period = '1';//Set it to the default value for this field
}
if($error)
{
$this->show_msg_error(__('Attention!','aiowpsecurity').$error);
}
//Save all the form values to the options
$aio_wp_security->configs->set_value('aiowps_logout_time_period',absint($logout_time_period));
$aio_wp_security->configs->set_value('aiowps_enable_forced_logout',isset($_POST["aiowps_enable_forced_logout"])?'1':'');
$aio_wp_security->configs->save_config();
//Recalculate points after the feature status/options have been altered
$aiowps_feature_mgr->check_feature_status_and_recalculate_points();
$this->show_msg_settings_updated();
}
?>
'.__('Setting an expiry period for your WP administration session is a simple way to protect against unauthorized access to your site from your computer.', 'aiowpsecurity').'
'.__('This feature allows you to specify a time period in minutes after which the admin session will expire and the user will be forced to log back in.', 'aiowpsecurity').'
';
?>
'.__('This tab displays the login activity for WordPress admin accounts registered with your site.', 'aiowpsecurity').'
'.__('The information below can be handy if you need to do security investigations because it will show you the last 50 recent login events by username, IP address and time/date.', 'aiowpsecurity').'
';
?>
prepare_items();
//echo "put table of locked entries here";
?>
query($unlock_command);
if($result != NULL)
{
$this->show_msg_updated(__('The selected IP ranges were unlocked successfully!','aiowpsecurity'));
}
} elseif ($entries != NULL)
{
//Delete single record
$unlock_command = "UPDATE ".$lockdown_table." SET release_date = now() WHERE ID = '".absint($entries)."'";
$result = $wpdb->query($unlock_command);
if($result != NULL)
{
$this->show_msg_updated(__('The selected IP range was unlocked successfully!','aiowpsecurity'));
}
}
//$aio_wp_security->debug_logger->log_debug("IP range unlocked from login_lockdown table - lockdown ID: ".$lockdown_id,0);
}
/*
* This function will delete selected records from the "login_lockdown" table.
* The function accepts either an array of IDs or a single ID
*/
function delete_lockdown_records($entries)
{
global $wpdb, $aio_wp_security;
$lockdown_table = AIOWPSEC_TBL_LOGIN_LOCKDOWN;
if (is_array($entries))
{
//Delete multiple records
$id_list = "(" .implode(",",$entries) .")"; //Create comma separate list for DB operation
$delete_command = "DELETE FROM ".$lockdown_table." WHERE ID IN ".$id_list;
$result = $wpdb->query($delete_command);
if($result != NULL)
{
$this->show_msg_updated(__('The selected records were deleted successfully!','aiowpsecurity'));
}
} elseif ($entries != NULL)
{
//Delete single record
$delete_command = "DELETE FROM ".$lockdown_table." WHERE ID = '".absint($entries)."'";
$result = $wpdb->query($delete_command);
if($result != NULL)
{
$this->show_msg_updated(__('The selected record was deleted successfully!','aiowpsecurity'));
}
//$aio_wp_security->debug_logger->log_debug("Record deleted from login_lockdown table - lockdown ID: ".$entries,0);
}
}
} //end class