function aiowps_login_init()
{
if (strpos($_SERVER['REQUEST_URI'], 'wp-login') !== false) {
$referer = wp_get_referer();
if ($referer && strpos($referer, 'wp-activate.php') !== false) {
$parsed_referer = parse_url($referer);
if ($parsed_referer && !empty($parsed_referer['query'])) {
parse_str($parsed_referer['query'], $referer);
if (!empty($parsed_referer['key'])) {
$result = wpmu_activate_signup($parsed_referer['key']);
//MS site creation
if ($result && is_wp_error($result) && ($result->get_error_code() === 'already_active' || $result->get_error_code() === 'blog_taken')) {
$aiowps_new_login_url = AIOWPSecurity_Process_Renamed_Login_Page::new_login_url();
wp_safe_redirect($aiowps_new_login_url . (!empty($_SERVER['QUERY_STRING']) ? '?' . $_SERVER['QUERY_STRING'] : ''));
die;
}
}
}
}
AIOWPSecurity_Process_Renamed_Login_Page::aiowps_set_404();
}
}
static function renamed_login_init_tasks()
{
global $aio_wp_security;
//The following will process the native wordpress post password protection form
//Normally this is done by wp-login.php file but we cannot use that since the login page has been renamed
$action = isset($_GET['action']) ? strip_tags($_GET['action']) : '';
if (isset($_POST['post_password']) && $action == 'postpass') {
require_once ABSPATH . 'wp-includes/class-phpass.php';
$hasher = new PasswordHash(8, true);
/**
* Filter the life span of the post password cookie.
*
* By default, the cookie expires 10 days from creation. To turn this
* into a session cookie, return 0.
*
* @since 3.7.0
*
* @param int $expires The expiry time, as passed to setcookie().
*/
$expire = apply_filters('post_password_expires', time() + 10 * DAY_IN_SECONDS);
setcookie('wp-postpass_' . COOKIEHASH, $hasher->HashPassword(wp_unslash($_POST['post_password'])), $expire, COOKIEPATH);
wp_safe_redirect(wp_get_referer());
exit;
}
//case where someone attempting to reach wp-admin
if (is_admin() && !is_user_logged_in() && !defined('DOING_AJAX')) {
//Check if the maintenance (lockout) mode is active - if so prevent access to site by not displaying 404 page!
if ($aio_wp_security->configs->get_value('aiowps_site_lockout') == '1') {
AIOWPSecurity_WP_Loaded_Tasks::site_lockout_tasks();
} else {
AIOWPSecurity_Process_Renamed_Login_Page::aiowps_set_404();
}
}
//case where someone attempting to reach wp-login
if (isset($_SERVER['REQUEST_URI']) && strpos($_SERVER['REQUEST_URI'], 'wp-login.php') && !is_user_logged_in()) {
//Check if the maintenance (lockout) mode is active - if so prevent access to site by not displaying 404 page!
if ($aio_wp_security->configs->get_value('aiowps_site_lockout') == '1') {
AIOWPSecurity_WP_Loaded_Tasks::site_lockout_tasks();
} else {
AIOWPSecurity_Process_Renamed_Login_Page::aiowps_set_404();
}
}
//case where someone attempting to reach the standard register or signup pages
if (isset($_SERVER['REQUEST_URI']) && strpos($_SERVER['REQUEST_URI'], 'wp-register.php') || isset($_SERVER['REQUEST_URI']) && strpos($_SERVER['REQUEST_URI'], 'wp-signup.php')) {
//Check if the maintenance (lockout) mode is active - if so prevent access to site by not displaying 404 page!
if ($aio_wp_security->configs->get_value('aiowps_site_lockout') == '1') {
AIOWPSecurity_WP_Loaded_Tasks::site_lockout_tasks();
} else {
AIOWPSecurity_Process_Renamed_Login_Page::aiowps_set_404();
}
}
$parsed_url = parse_url($_SERVER['REQUEST_URI']);
$login_slug = $aio_wp_security->configs->get_value('aiowps_login_page_slug');
if (untrailingslashit($parsed_url['path']) === home_url($login_slug, 'relative') || !get_option('permalink_structure') && isset($_GET[$login_slug])) {
status_header(200);
require_once AIO_WP_SECURITY_PATH . '/other-includes/wp-security-rename-login-feature.php';
die;
}
}
static function renamed_login_init_tasks()
{
global $aio_wp_security;
//case where someone attempting to reach wp-admin
if (is_admin() && !is_user_logged_in() && !defined('DOING_AJAX')) {
//Check if the maintenance (lockout) mode is active - if so prevent access to site by not displaying 404 page!
if ($aio_wp_security->configs->get_value('aiowps_site_lockout') == '1') {
AIOWPSecurity_WP_Loaded_Tasks::site_lockout_tasks();
} else {
AIOWPSecurity_Process_Renamed_Login_Page::aiowps_set_404();
}
}
//case where someone attempting to reach wp-login
if (isset($_SERVER['REQUEST_URI']) && strpos($_SERVER['REQUEST_URI'], 'wp-login.php') && !is_user_logged_in()) {
//Check if the maintenance (lockout) mode is active - if so prevent access to site by not displaying 404 page!
if ($aio_wp_security->configs->get_value('aiowps_site_lockout') == '1') {
AIOWPSecurity_WP_Loaded_Tasks::site_lockout_tasks();
} else {
AIOWPSecurity_Process_Renamed_Login_Page::aiowps_set_404();
}
}
//case where someone attempting to reach the standard register or signup pages
if (isset($_SERVER['REQUEST_URI']) && strpos($_SERVER['REQUEST_URI'], 'wp-register.php') || isset($_SERVER['REQUEST_URI']) && strpos($_SERVER['REQUEST_URI'], 'wp-signup.php')) {
//Check if the maintenance (lockout) mode is active - if so prevent access to site by not displaying 404 page!
if ($aio_wp_security->configs->get_value('aiowps_site_lockout') == '1') {
AIOWPSecurity_WP_Loaded_Tasks::site_lockout_tasks();
} else {
AIOWPSecurity_Process_Renamed_Login_Page::aiowps_set_404();
}
}
$parsed_url = parse_url($_SERVER['REQUEST_URI']);
$login_slug = $aio_wp_security->configs->get_value('aiowps_login_page_slug');
if (untrailingslashit($parsed_url['path']) === home_url($login_slug, 'relative') || !get_option('permalink_structure') && isset($_GET[$login_slug])) {
status_header(200);
require_once AIO_WP_SECURITY_PATH . '/other-includes/wp-security-rename-login-feature.php';
die;
}
}
static function renamed_login_init_tasks()
{
global $aio_wp_security;
//The following will process the native wordpress post password protection form
//Normally this is done by wp-login.php file but we cannot use that since the login page has been renamed
$action = isset($_GET['action']) ? strip_tags($_GET['action']) : '';
if (isset($_POST['post_password']) && $action == 'postpass') {
require_once ABSPATH . 'wp-includes/class-phpass.php';
$hasher = new PasswordHash(8, true);
/**
* Filter the life span of the post password cookie.
*
* By default, the cookie expires 10 days from creation. To turn this
* into a session cookie, return 0.
*
* @since 3.7.0
*
* @param int $expires The expiry time, as passed to setcookie().
*/
$expire = apply_filters('post_password_expires', time() + 10 * DAY_IN_SECONDS);
setcookie('wp-postpass_' . COOKIEHASH, $hasher->HashPassword(wp_unslash($_POST['post_password'])), $expire, COOKIEPATH);
wp_safe_redirect(wp_get_referer());
exit;
}
//case where someone attempting to reach wp-admin
if (is_admin() && !is_user_logged_in() && !defined('DOING_AJAX')) {
//Fix to prevent fatal error caused by some themes and Yoast SEO
wp_die(__('Not available.', 'all-in-one-wp-security-and-firewall'), 403);
}
//case where someone attempting to reach wp-login
if (isset($_SERVER['REQUEST_URI']) && strpos($_SERVER['REQUEST_URI'], 'wp-login.php') && !is_user_logged_in()) {
//Check if the maintenance (lockout) mode is active - if so prevent access to site by not displaying 404 page!
if ($aio_wp_security->configs->get_value('aiowps_site_lockout') == '1') {
AIOWPSecurity_WP_Loaded_Tasks::site_lockout_tasks();
} else {
AIOWPSecurity_Process_Renamed_Login_Page::aiowps_set_404();
}
}
//case where someone attempting to reach the standard register or signup pages
if (isset($_SERVER['REQUEST_URI']) && strpos($_SERVER['REQUEST_URI'], 'wp-register.php') || isset($_SERVER['REQUEST_URI']) && strpos($_SERVER['REQUEST_URI'], 'wp-signup.php')) {
//Check if the maintenance (lockout) mode is active - if so prevent access to site by not displaying 404 page!
if ($aio_wp_security->configs->get_value('aiowps_site_lockout') == '1') {
AIOWPSecurity_WP_Loaded_Tasks::site_lockout_tasks();
} else {
AIOWPSecurity_Process_Renamed_Login_Page::aiowps_set_404();
}
}
$parsed_url = parse_url($_SERVER['REQUEST_URI']);
$login_slug = $aio_wp_security->configs->get_value('aiowps_login_page_slug');
$home_url_with_slug = home_url($login_slug, 'relative');
/*
* *** Compatibility fix for qTranslate-X plugin ***
* qTranslate-X plugin modifies the result for the following command by adding the protocol and host to the url path:
* home_url($login_slug, 'relative');
* Therefore we will remove the protocol and host for the following cases:
* qTranslate-X is active AND the URL being accessed contains the secret slug
*/
if (function_exists('qtranxf_init_language') && strpos($home_url_with_slug, $login_slug)) {
$parsed_home_url_with_slug = parse_url($home_url_with_slug);
$home_url_with_slug = $parsed_home_url_with_slug['path'];
//this will return just the path minus the protocol and host
}
if (untrailingslashit($parsed_url['path']) === $home_url_with_slug || !get_option('permalink_structure') && isset($_GET[$login_slug])) {
status_header(200);
require_once AIO_WP_SECURITY_PATH . '/other-includes/wp-security-rename-login-feature.php';
die;
}
}
