Created
May 16, 2012 16:26
-
-
Save felipelavinz/2711886 to your computer and use it in GitHub Desktop.
Add a whitelist option for limit-login-attempts plugin for WordPress
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
=== modified file 'htdocs/wp-content/plugins/limit-login-attempts/limit-login-attempts.php' | |
--- htdocs/wp-content/plugins/limit-login-attempts/limit-login-attempts.php 2012-05-16 14:12:30 +0000 | |
+++ htdocs/wp-content/plugins/limit-login-attempts/limit-login-attempts.php 2012-05-16 15:05:44 +0000 | |
@@ -75,6 +75,9 @@ | |
/* If notify by email, do so after this number of lockouts */ | |
, 'notify_email_after' => 4 | |
+ | |
+ /* A list of IPs that won't be blocked, one per line */ | |
+ , 'exclude_ips' => '' | |
); | |
$limit_login_my_error_shown = false; /* have we shown our stuff? */ | |
@@ -327,8 +330,23 @@ | |
* lockout if nr of retries are above threshold. And more! | |
*/ | |
function limit_login_failed($username) { | |
+ global $limit_login_whitelisted; | |
$ip = limit_login_get_address(); | |
+ $exclude_ips = get_option('limit_login_exclude_ips'); | |
+ | |
+ if ( !empty($exclude_ips) ) { | |
+ $exclude_ips = explode("\n", $exclude_ips); | |
+ foreach ( $exclude_ips as $xi ) { | |
+ $xi = trim($xi); | |
+ // check it's a valid IP | |
+ if ( filter_var( $xi, FILTER_VALIDATE_IP) && $ip === $xi ) { | |
+ $limit_login_whitelisted = true; | |
+ return false; // you've been white-listed | |
+ } | |
+ } | |
+ } | |
+ | |
/* if currently locked-out, do not add to retries */ | |
$lockouts = get_option('limit_login_lockouts'); | |
if (!is_array($lockouts)) { | |
@@ -601,10 +619,15 @@=== modified file 'htdocs/wp-content/plugins/limit-login-attempts/limit-login-attempts.php' | |
--- htdocs/wp-content/plugins/limit-login-attempts/limit-login-attempts.php 2012-05-16 14:12:30 +0000 | |
+++ htdocs/wp-content/plugins/limit-login-attempts/limit-login-attempts.php 2012-05-16 15:05:44 +0000 | |
@@ -75,6 +75,9 @@ | |
/* If notify by email, do so after this number of lockouts */ | |
, 'notify_email_after' => 4 | |
+ | |
+ /* A list of IPs that won't be blocked, one per line */ | |
+ , 'exclude_ips' => '' | |
); | |
$limit_login_my_error_shown = false; /* have we shown our stuff? */ | |
@@ -327,8 +330,23 @@ | |
* lockout if nr of retries are above threshold. And more! | |
*/ | |
function limit_login_failed($username) { | |
+ global $limit_login_whitelisted; | |
$ip = limit_login_get_address(); | |
+ $exclude_ips = get_option('limit_login_exclude_ips'); | |
+ | |
+ if ( !empty($exclude_ips) ) { | |
+ $exclude_ips = explode("\n", $exclude_ips); | |
+ foreach ( $exclude_ips as $xi ) { | |
+ $xi = trim($xi); | |
+ // check it's a valid IP | |
+ if ( filter_var( $xi, FILTER_VALIDATE_IP) && $ip === $xi ) { | |
+ $limit_login_whitelisted = true; | |
+ return false; // you've been white-listed | |
+ } | |
+ } | |
+ } | |
+ | |
/* if currently locked-out, do not add to retries */ | |
$lockouts = get_option('limit_login_lockouts'); | |
if (!is_array($lockouts)) { | |
@@ -601,10 +619,15 @@ | |
/* Return current (error) message to show, if any */ | |
function limit_login_get_message() { | |
+ global $limit_login_whitelisted; | |
if (!is_limit_login_ok()) { | |
return limit_login_error_msg(); | |
} | |
+ if ( $limit_login_whitelisted === true ) { | |
+ return __("Forgot your password? You might want to use the link below to regain access", 'limit-login-attempts'); | |
+ } | |
+ | |
return limit_login_retries_remaining_msg(); | |
} | |
@@ -742,13 +765,14 @@ | |
limit_login_get_option('limit_login_allowed_lockouts', 'allowed_lockouts'); | |
limit_login_get_option('limit_login_long_duration', 'long_duration'); | |
limit_login_get_option('limit_login_notify_email_after', 'notify_email_after'); | |
- | |
+ limit_login_get_option('limit_login_exclude_ips', 'exclude_ips'); | |
limit_login_sanitize_variables(); | |
} | |
/* Update options in db from global variables */ | |
function limit_login_update_options() { | |
+ global $limit_login_options; | |
update_option('limit_login_client_type', limit_login_option('client_type')); | |
update_option('limit_login_allowed_retries', limit_login_option('allowed_retries')); | |
update_option('limit_login_lockout_duration', limit_login_option('lockout_duration')); | |
@@ -758,6 +782,7 @@ | |
update_option('limit_login_lockout_notify', limit_login_option('lockout_notify')); | |
update_option('limit_login_notify_email_after', limit_login_option('notify_email_after')); | |
update_option('limit_login_cookies', limit_login_option('cookies') ? '1' : '0'); | |
+ update_option('limit_login_exclude_ips', limit_login_option('exclude_ips')); | |
} | |
@@ -894,6 +919,7 @@ | |
$limit_login_options['long_duration'] = $_POST['long_duration'] * 3600; | |
$limit_login_options['notify_email_after'] = $_POST['email_after']; | |
$limit_login_options['cookies'] = (isset($_POST['cookies']) && $_POST['cookies'] == '1'); | |
+ $limit_login_options['exclude_ips'] = $_POST['exclude_ips']; | |
$v = array(); | |
if (isset($_POST['lockout_notify_log'])) { | |
@@ -922,6 +948,8 @@ | |
$client_type_direct = $client_type == LIMIT_LOGIN_DIRECT_ADDR ? ' checked ' : ''; | |
$client_type_proxy = $client_type == LIMIT_LOGIN_PROXY_ADDR ? ' checked ' : ''; | |
+ $exclude_ips = trim( get_option('limit_login_exclude_ips') ); | |
+ | |
$client_type_guess = limit_login_guess_proxy(); | |
if ($client_type_guess == LIMIT_LOGIN_DIRECT_ADDR) { | |
@@ -999,6 +1027,15 @@ | |
</td> | |
</tr> | |
<tr> | |
+ <th scope="row"> | |
+ <label for="exclude_ips"><?php _e('Exclude IPs', 'limit-login-attempts') ?></label> | |
+ </th> | |
+ <td> | |
+ <textarea name="exclude_ips" id="exclude_ips" cols="45" rows="5" style="max-width:98%"><?php echo function_exists('esc_textarea') ? esc_textarea( $exclude_ips ) : htmlspecialchars( $exclude_ips ) ?></textarea> | |
+ <p class="description"><?php _e("A list of IPs that won't be logged or blocked; one per line", 'limit-login-attempts') ?></p> | |
+ </td> | |
+ </tr> | |
+ <tr> | |
<th scope="row" valign="top"><?php echo __('Handle cookie login','limit-login-attempts'); ?></th> | |
<td> | |
<label><input type="radio" name="cookies" <?php echo $cookies_yes; ?> value="1" /> <?php echo __('Yes','limit-login-attempts'); ?></label> <label><input type="radio" name="cookies" <?php echo $cookies_no; ?> value="0" /> <?php echo __('No','limit-login-attempts'); ?></label> | |
/* Return current (error) message to show, if any */ | |
function limit_login_get_message() { | |
+ global $limit_login_whitelisted; | |
if (!is_limit_login_ok()) { | |
return limit_login_error_msg(); | |
} | |
+ if ( $limit_login_whitelisted === true ) { | |
+ return __("Forgot your password? You might want to use the link below to regain access", 'limit-login-attempts'); | |
+ } | |
+ | |
return limit_login_retries_remaining_msg(); | |
} | |
@@ -742,13 +765,14 @@ | |
limit_login_get_option('limit_login_allowed_lockouts', 'allowed_lockouts'); | |
limit_login_get_option('limit_login_long_duration', 'long_duration'); | |
limit_login_get_option('limit_login_notify_email_after', 'notify_email_after'); | |
- | |
+ limit_login_get_option('limit_login_exclude_ips', 'exclude_ips'); | |
limit_login_sanitize_variables(); | |
} | |
/* Update options in db from global variables */ | |
function limit_login_update_options() { | |
+ global $limit_login_options; | |
update_option('limit_login_client_type', limit_login_option('client_type')); | |
update_option('limit_login_allowed_retries', limit_login_option('allowed_retries')); | |
update_option('limit_login_lockout_duration', limit_login_option('lockout_duration')); | |
@@ -758,6 +782,7 @@ | |
update_option('limit_login_lockout_notify', limit_login_option('lockout_notify')); | |
update_option('limit_login_notify_email_after', limit_login_option('notify_email_after')); | |
update_option('limit_login_cookies', limit_login_option('cookies') ? '1' : '0'); | |
+ update_option('limit_login_exclude_ips', limit_login_option('exclude_ips')); | |
} | |
@@ -894,6 +919,7 @@ | |
$limit_login_options['long_duration'] = $_POST['long_duration'] * 3600; | |
$limit_login_options['notify_email_after'] = $_POST['email_after']; | |
$limit_login_options['cookies'] = (isset($_POST['cookies']) && $_POST['cookies'] == '1'); | |
+ $limit_login_options['exclude_ips'] = $_POST['exclude_ips']; | |
$v = array(); | |
if (isset($_POST['lockout_notify_log'])) { | |
@@ -922,6 +948,8 @@ | |
$client_type_direct = $client_type == LIMIT_LOGIN_DIRECT_ADDR ? ' checked ' : ''; | |
$client_type_proxy = $client_type == LIMIT_LOGIN_PROXY_ADDR ? ' checked ' : ''; | |
+ $exclude_ips = trim( get_option('limit_login_exclude_ips') ); | |
+ | |
$client_type_guess = limit_login_guess_proxy(); | |
if ($client_type_guess == LIMIT_LOGIN_DIRECT_ADDR) { | |
@@ -999,6 +1027,15 @@ | |
</td> | |
</tr> | |
<tr> | |
+ <th scope="row"> | |
+ <label for="exclude_ips"><?php _e('Exclude IPs', 'limit-login-attempts') ?></label> | |
+ </th> | |
+ <td> | |
+ <textarea name="exclude_ips" id="exclude_ips" cols="45" rows="5" style="max-width:98%"><?php echo function_exists('esc_textarea') ? esc_textarea( $exclude_ips ) : htmlspecialchars( $exclude_ips ) ?></textarea> | |
+ <p class="description"><?php _e("A list of IPs that won't be logged or blocked; one per line", 'limit-login-attempts') ?></p> | |
+ </td> | |
+ </tr> | |
+ <tr> | |
<th scope="row" valign="top"><?php echo __('Handle cookie login','limit-login-attempts'); ?></th> | |
<td> | |
<label><input type="radio" name="cookies" <?php echo $cookies_yes; ?> value="1" /> <?php echo __('Yes','limit-login-attempts'); ?></label> <label><input type="radio" name="cookies" <?php echo $cookies_no; ?> value="0" /> <?php echo __('No','limit-login-attempts'); ?></label> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment