function aiowps_filter_wp_login_file($url)
{
if (strpos($url, 'wp-login.php') !== false) {
$args = explode('?', $url);
if (isset($args[1])) {
parse_str($args[1], $args);
$url = add_query_arg($args, AIOWPSecurity_Process_Renamed_Login_Page::new_login_url());
} else {
$url = AIOWPSecurity_Process_Renamed_Login_Page::new_login_url();
}
}
return $url;
}
function __construct()
{
//Add tasks that need to be executed at wp-loaded time
global $aio_wp_security;
//Handle the rename login page feature
if ($aio_wp_security->configs->get_value('aiowps_enable_rename_login_page') == '1') {
include_once AIO_WP_SECURITY_PATH . '/classes/wp-security-process-renamed-login-page.php';
$login_object = new AIOWPSecurity_Process_Renamed_Login_Page();
AIOWPSecurity_Process_Renamed_Login_Page::renamed_login_init_tasks();
}
//For site lockout feature (ie, maintenance mode). It needs to be checked after the rename login page
if ($aio_wp_security->configs->get_value('aiowps_site_lockout') == '1') {
if (!is_user_logged_in() && !current_user_can('administrator') && !is_admin() && !in_array($GLOBALS['pagenow'], array('wp-login.php'))) {
self::site_lockout_tasks();
}
}
}
static function renamed_login_init_tasks()
{
global $aio_wp_security;
//The following will process the native wordpress post password protection form
//Normally this is done by wp-login.php file but we cannot use that since the login page has been renamed
$action = isset($_GET['action']) ? strip_tags($_GET['action']) : '';
if (isset($_POST['post_password']) && $action == 'postpass') {
require_once ABSPATH . 'wp-includes/class-phpass.php';
$hasher = new PasswordHash(8, true);
/**
* Filter the life span of the post password cookie.
*
* By default, the cookie expires 10 days from creation. To turn this
* into a session cookie, return 0.
*
* @since 3.7.0
*
* @param int $expires The expiry time, as passed to setcookie().
*/
$expire = apply_filters('post_password_expires', time() + 10 * DAY_IN_SECONDS);
setcookie('wp-postpass_' . COOKIEHASH, $hasher->HashPassword(wp_unslash($_POST['post_password'])), $expire, COOKIEPATH);
wp_safe_redirect(wp_get_referer());
exit;
}
//case where someone attempting to reach wp-admin
if (is_admin() && !is_user_logged_in() && !defined('DOING_AJAX')) {
//Check if the maintenance (lockout) mode is active - if so prevent access to site by not displaying 404 page!
if ($aio_wp_security->configs->get_value('aiowps_site_lockout') == '1') {
AIOWPSecurity_WP_Loaded_Tasks::site_lockout_tasks();
} else {
AIOWPSecurity_Process_Renamed_Login_Page::aiowps_set_404();
}
}
//case where someone attempting to reach wp-login
if (isset($_SERVER['REQUEST_URI']) && strpos($_SERVER['REQUEST_URI'], 'wp-login.php') && !is_user_logged_in()) {
//Check if the maintenance (lockout) mode is active - if so prevent access to site by not displaying 404 page!
if ($aio_wp_security->configs->get_value('aiowps_site_lockout') == '1') {
AIOWPSecurity_WP_Loaded_Tasks::site_lockout_tasks();
} else {
AIOWPSecurity_Process_Renamed_Login_Page::aiowps_set_404();
}
}
//case where someone attempting to reach the standard register or signup pages
if (isset($_SERVER['REQUEST_URI']) && strpos($_SERVER['REQUEST_URI'], 'wp-register.php') || isset($_SERVER['REQUEST_URI']) && strpos($_SERVER['REQUEST_URI'], 'wp-signup.php')) {
//Check if the maintenance (lockout) mode is active - if so prevent access to site by not displaying 404 page!
if ($aio_wp_security->configs->get_value('aiowps_site_lockout') == '1') {
AIOWPSecurity_WP_Loaded_Tasks::site_lockout_tasks();
} else {
AIOWPSecurity_Process_Renamed_Login_Page::aiowps_set_404();
}
}
$parsed_url = parse_url($_SERVER['REQUEST_URI']);
$login_slug = $aio_wp_security->configs->get_value('aiowps_login_page_slug');
if (untrailingslashit($parsed_url['path']) === home_url($login_slug, 'relative') || !get_option('permalink_structure') && isset($_GET[$login_slug])) {
status_header(200);
require_once AIO_WP_SECURITY_PATH . '/other-includes/wp-security-rename-login-feature.php';
die;
}
}
static function renamed_login_init_tasks()
{
global $aio_wp_security;
//case where someone attempting to reach wp-admin
if (is_admin() && !is_user_logged_in() && !defined('DOING_AJAX')) {
//Check if the maintenance (lockout) mode is active - if so prevent access to site by not displaying 404 page!
if ($aio_wp_security->configs->get_value('aiowps_site_lockout') == '1') {
AIOWPSecurity_WP_Loaded_Tasks::site_lockout_tasks();
} else {
AIOWPSecurity_Process_Renamed_Login_Page::aiowps_set_404();
}
}
//case where someone attempting to reach wp-login
if (isset($_SERVER['REQUEST_URI']) && strpos($_SERVER['REQUEST_URI'], 'wp-login.php') && !is_user_logged_in()) {
//Check if the maintenance (lockout) mode is active - if so prevent access to site by not displaying 404 page!
if ($aio_wp_security->configs->get_value('aiowps_site_lockout') == '1') {
AIOWPSecurity_WP_Loaded_Tasks::site_lockout_tasks();
} else {
AIOWPSecurity_Process_Renamed_Login_Page::aiowps_set_404();
}
}
//case where someone attempting to reach the standard register or signup pages
if (isset($_SERVER['REQUEST_URI']) && strpos($_SERVER['REQUEST_URI'], 'wp-register.php') || isset($_SERVER['REQUEST_URI']) && strpos($_SERVER['REQUEST_URI'], 'wp-signup.php')) {
//Check if the maintenance (lockout) mode is active - if so prevent access to site by not displaying 404 page!
if ($aio_wp_security->configs->get_value('aiowps_site_lockout') == '1') {
AIOWPSecurity_WP_Loaded_Tasks::site_lockout_tasks();
} else {
AIOWPSecurity_Process_Renamed_Login_Page::aiowps_set_404();
}
}
$parsed_url = parse_url($_SERVER['REQUEST_URI']);
$login_slug = $aio_wp_security->configs->get_value('aiowps_login_page_slug');
if (untrailingslashit($parsed_url['path']) === home_url($login_slug, 'relative') || !get_option('permalink_structure') && isset($_GET[$login_slug])) {
status_header(200);
require_once AIO_WP_SECURITY_PATH . '/other-includes/wp-security-rename-login-feature.php';
die;
}
}
static function renamed_login_init_tasks()
{
global $aio_wp_security;
//The following will process the native wordpress post password protection form
//Normally this is done by wp-login.php file but we cannot use that since the login page has been renamed
$action = isset($_GET['action']) ? strip_tags($_GET['action']) : '';
if (isset($_POST['post_password']) && $action == 'postpass') {
require_once ABSPATH . 'wp-includes/class-phpass.php';
$hasher = new PasswordHash(8, true);
/**
* Filter the life span of the post password cookie.
*
* By default, the cookie expires 10 days from creation. To turn this
* into a session cookie, return 0.
*
* @since 3.7.0
*
* @param int $expires The expiry time, as passed to setcookie().
*/
$expire = apply_filters('post_password_expires', time() + 10 * DAY_IN_SECONDS);
setcookie('wp-postpass_' . COOKIEHASH, $hasher->HashPassword(wp_unslash($_POST['post_password'])), $expire, COOKIEPATH);
wp_safe_redirect(wp_get_referer());
exit;
}
//case where someone attempting to reach wp-admin
if (is_admin() && !is_user_logged_in() && !defined('DOING_AJAX')) {
//Fix to prevent fatal error caused by some themes and Yoast SEO
wp_die(__('Not available.', 'all-in-one-wp-security-and-firewall'), 403);
}
//case where someone attempting to reach wp-login
if (isset($_SERVER['REQUEST_URI']) && strpos($_SERVER['REQUEST_URI'], 'wp-login.php') && !is_user_logged_in()) {
//Check if the maintenance (lockout) mode is active - if so prevent access to site by not displaying 404 page!
if ($aio_wp_security->configs->get_value('aiowps_site_lockout') == '1') {
AIOWPSecurity_WP_Loaded_Tasks::site_lockout_tasks();
} else {
AIOWPSecurity_Process_Renamed_Login_Page::aiowps_set_404();
}
}
//case where someone attempting to reach the standard register or signup pages
if (isset($_SERVER['REQUEST_URI']) && strpos($_SERVER['REQUEST_URI'], 'wp-register.php') || isset($_SERVER['REQUEST_URI']) && strpos($_SERVER['REQUEST_URI'], 'wp-signup.php')) {
//Check if the maintenance (lockout) mode is active - if so prevent access to site by not displaying 404 page!
if ($aio_wp_security->configs->get_value('aiowps_site_lockout') == '1') {
AIOWPSecurity_WP_Loaded_Tasks::site_lockout_tasks();
} else {
AIOWPSecurity_Process_Renamed_Login_Page::aiowps_set_404();
}
}
$parsed_url = parse_url($_SERVER['REQUEST_URI']);
$login_slug = $aio_wp_security->configs->get_value('aiowps_login_page_slug');
$home_url_with_slug = home_url($login_slug, 'relative');
/*
* *** Compatibility fix for qTranslate-X plugin ***
* qTranslate-X plugin modifies the result for the following command by adding the protocol and host to the url path:
* home_url($login_slug, 'relative');
* Therefore we will remove the protocol and host for the following cases:
* qTranslate-X is active AND the URL being accessed contains the secret slug
*/
if (function_exists('qtranxf_init_language') && strpos($home_url_with_slug, $login_slug)) {
$parsed_home_url_with_slug = parse_url($home_url_with_slug);
$home_url_with_slug = $parsed_home_url_with_slug['path'];
//this will return just the path minus the protocol and host
}
if (untrailingslashit($parsed_url['path']) === $home_url_with_slug || !get_option('permalink_structure') && isset($_GET[$login_slug])) {
status_header(200);
require_once AIO_WP_SECURITY_PATH . '/other-includes/wp-security-rename-login-feature.php';
die;
}
}
function __construct()
{
global $aio_wp_security;
if ($aio_wp_security->configs->get_value('aiowps_remove_wp_generator_meta_info') == '1') {
add_filter('the_generator', array(&$this, 'remove_wp_generator_meta_info'));
}
//For the cookie based brute force prevention feature
$bfcf_secret_word = $aio_wp_security->configs->get_value('aiowps_brute_force_secret_word');
if (isset($_GET[$bfcf_secret_word])) {
//If URL contains secret word in query param then set cookie and then redirect to the login page
AIOWPSecurity_Utility::set_cookie_value($bfcf_secret_word, "1");
AIOWPSecurity_Utility::redirect_to_url(AIOWPSEC_WP_URL . "/wp-admin");
}
//For user unlock request feature
if (isset($_POST['aiowps_unlock_request']) || isset($_POST['aiowps_wp_submit_unlock_request'])) {
nocache_headers();
remove_action('wp_head', 'head_addons', 7);
include_once AIO_WP_SECURITY_PATH . '/other-includes/wp-security-unlock-request.php';
exit;
}
if (isset($_GET['aiowps_auth_key'])) {
//If URL contains unlock key in query param then process the request
$unlock_key = strip_tags($_GET['aiowps_auth_key']);
AIOWPSecurity_User_Login::process_unlock_request($unlock_key);
}
//For 404 IP lockout feature
if ($aio_wp_security->configs->get_value('aiowps_enable_404_IP_lockout') == '1') {
if (!is_user_logged_in() || !current_user_can('administrator')) {
$this->do_404_lockout_tasks();
}
}
//For login captcha feature
if ($aio_wp_security->configs->get_value('aiowps_enable_login_captcha') == '1') {
if (!is_user_logged_in()) {
add_action('login_form', array(&$this, 'insert_captcha_question_form'));
}
}
//For lost password captcha feature
if ($aio_wp_security->configs->get_value('aiowps_enable_lost_password_captcha') == '1') {
if (!is_user_logged_in()) {
add_action('lostpassword_form', array(&$this, 'insert_captcha_question_form'));
add_action('lostpassword_post', array(&$this, 'process_lost_password_form_post'));
}
}
//For registration page captcha feature
if ($aio_wp_security->configs->get_value('aiowps_enable_registration_page_captcha') == '1') {
if (!is_user_logged_in()) {
add_action('register_form', array(&$this, 'insert_captcha_question_form'));
}
}
//For comment captcha feature
if ($aio_wp_security->configs->get_value('aiowps_enable_comment_captcha') == '1') {
add_action('comment_form_after_fields', array(&$this, 'insert_captcha_question_form'), 1);
add_action('comment_form_logged_in_after', array(&$this, 'insert_captcha_question_form'), 1);
add_filter('preprocess_comment', array(&$this, 'process_comment_post'));
}
//For rename login page feature
if ($aio_wp_security->configs->get_value('aiowps_enable_rename_login_page') == '1') {
include_once AIO_WP_SECURITY_PATH . '/classes/wp-security-process-renamed-login-page.php';
$login_object = new AIOWPSecurity_Process_Renamed_Login_Page();
AIOWPSecurity_Process_Renamed_Login_Page::renamed_login_init_tasks();
}
//For site lockout feature (ie, maintenance mode)
if ($aio_wp_security->configs->get_value('aiowps_site_lockout') == '1') {
if (!is_user_logged_in() && !current_user_can('administrator') && !is_admin() && !in_array($GLOBALS['pagenow'], array('wp-login.php', 'wp-register.php'))) {
$this->site_lockout_tasks();
}
}
//For feature which displays logged in users
$this->update_logged_in_user_transient();
//For block fake googlebots feature
if ($aio_wp_security->configs->get_value('aiowps_enable_block_fake_googlebots') == '1') {
include_once AIO_WP_SECURITY_PATH . '/classes/wp-security-bot-protection.php';
AIOWPSecurity_Fake_Bot_Protection::block_fake_googlebots();
}
//For 404 event logging
if ($aio_wp_security->configs->get_value('aiowps_enable_404_logging') == '1') {
add_action('wp_head', array(&$this, 'check_404_event'));
}
//Add more tasks that need to be executed at init time
}
