public
Created

Workaround for the WP Login Security 2 plugin issuing "session_start(): Cannot send session cache limiter" warnings where the PHP display_errors ini setting can't be changed.

  • Download Gist
wp-login-security-2-fix.php
PHP
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65
<?php
 
function wpls2_new_ip_check() {
$error_status = ini_get('display_errors');
if ($error_status === '1') {
ini_set('display_errors', '0');
}
global $wpls2_options, $current_user;
session_start();
$known = get_option( $wpls2_options['whitelist'] );
$user = $current_user->user_login;
$ip = $_SERVER['REMOTE_ADDR'];
// First check for known and activated IP
if ( is_array($known) && $known[ $user ][ $ip ]['activated'] == true ) {
if ($error_status === '1') {
ini_set('display_errors', $error_status);
}
return false; // This is a known IP
}
// Then check for IPKEY indicating registration
elseif (isset($_SESSION['wpls2_ipkey']) ) {
 
$ipkey = $_SESSION['wpls2_ipkey'];
if ( $known[ $user ][ $ip ][ 'ipkey' ] == $ipkey ) {
// Key valid. Login.
// TODO Add check to verify key expired keys
$known[ $user ][ $ip ]['date_activated'] = date(WPLS2_DATE_FORMAT);
$known[ $user ][ $ip ]['activated'] = true;
unset( $_SESSION['wpls2_ipkey'] );
update_option( $wpls2_options['whitelist'] , $known );
 
if ( $_options['notify_both'] ) {
wpls2_notify_blog_admin();
}
if ($error_status === '1') {
ini_set('display_errors', $error_status);
}
return false;
 
} else {
wp_logout();
//wp_redirect( site_url('wp-login.php?action=invalidkey') );
// Redirect using javascript to avoid problem with output buffering.
echo "<script> document.location.href='".site_url('wp-login.php?action=invalidkey')."'</script>";
exit;
}
}
// If not known or registering, notify of new IP
else {
wpls2_send_activation();
wp_logout();
//wp_redirect(site_url('wp-login.php?action=unknownip'));
// Redirect using javascript to avoid problem with output buffering.
echo "<script>document.location.href='".site_url('wp-login.php?action=unknownip')."'</script>";
exit;
}
}
 
?>

Please sign in to comment on this gist.

Something went wrong with that request. Please try again.