function render_tab1()
{
global $aio_wp_security;
global $aiowps_feature_mgr;
include_once 'wp-security-list-locked-ip.php';
//For rendering the AIOWPSecurity_List_Table in tab1
$locked_ip_list = new AIOWPSecurity_List_Locked_IP();
//For rendering the AIOWPSecurity_List_Table in tab1
if (isset($_POST['aiowps_login_lockdown'])) {
$error = '';
$nonce = $_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-login-lockdown-nonce')) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed on login lockdown options save!", 4);
die("Nonce check failed on login lockdown options save!");
}
$max_login_attempt_val = sanitize_text_field($_POST['aiowps_max_login_attempts']);
if (!is_numeric($max_login_attempt_val)) {
$error .= '<br />' . __('You entered a non numeric value for the max login attempts field. It has been set to the default value.', 'all-in-one-wp-security-and-firewall');
$max_login_attempt_val = '3';
//Set it to the default value for this field
}
$login_retry_time_period = sanitize_text_field($_POST['aiowps_retry_time_period']);
if (!is_numeric($login_retry_time_period)) {
$error .= '<br />' . __('You entered a non numeric value for the login retry time period field. It has been set to the default value.', 'all-in-one-wp-security-and-firewall');
$login_retry_time_period = '5';
//Set it to the default value for this field
}
$lockout_time_length = sanitize_text_field($_POST['aiowps_lockout_time_length']);
if (!is_numeric($lockout_time_length)) {
$error .= '<br />' . __('You entered a non numeric value for the lockout time length field. It has been set to the default value.', 'all-in-one-wp-security-and-firewall');
$lockout_time_length = '60';
//Set it to the default value for this field
}
$email_address = sanitize_email($_POST['aiowps_email_address']);
if (!is_email($email_address)) {
$error .= '<br />' . __('You have entered an incorrect email address format. It has been set to your WordPress admin email as default.', 'all-in-one-wp-security-and-firewall');
$email_address = get_bloginfo('admin_email');
//Set the default value to the blog admin email
}
if ($error) {
$this->show_msg_error(__('Attention!', 'all-in-one-wp-security-and-firewall') . $error);
}
//Save all the form values to the options
$random_20_digit_string = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(20);
//Generate random 20 char string for use during captcha encode/decode
$aio_wp_security->configs->set_value('aiowps_unlock_request_secret_key', $random_20_digit_string);
$aio_wp_security->configs->set_value('aiowps_enable_login_lockdown', isset($_POST["aiowps_enable_login_lockdown"]) ? '1' : '');
$aio_wp_security->configs->set_value('aiowps_allow_unlock_requests', isset($_POST["aiowps_allow_unlock_requests"]) ? '1' : '');
$aio_wp_security->configs->set_value('aiowps_max_login_attempts', absint($max_login_attempt_val));
$aio_wp_security->configs->set_value('aiowps_retry_time_period', absint($login_retry_time_period));
$aio_wp_security->configs->set_value('aiowps_lockout_time_length', absint($lockout_time_length));
$aio_wp_security->configs->set_value('aiowps_set_generic_login_msg', isset($_POST["aiowps_set_generic_login_msg"]) ? '1' : '');
$aio_wp_security->configs->set_value('aiowps_enable_invalid_username_lockdown', isset($_POST["aiowps_enable_invalid_username_lockdown"]) ? '1' : '');
$aio_wp_security->configs->set_value('aiowps_enable_email_notify', isset($_POST["aiowps_enable_email_notify"]) ? '1' : '');
$aio_wp_security->configs->set_value('aiowps_email_address', $email_address);
$aio_wp_security->configs->save_config();
//Recalculate points after the feature status/options have been altered
$aiowps_feature_mgr->check_feature_status_and_recalculate_points();
$this->show_msg_settings_updated();
}
if (isset($_REQUEST['action'])) {
if ($_REQUEST['action'] == 'delete_blocked_ip') {
//Delete link was clicked for a row in list table
$locked_ip_list->delete_lockdown_records(strip_tags($_REQUEST['lockdown_id']));
}
if ($_REQUEST['action'] == 'unlock_ip') {
//Unlock link was clicked for a row in list table
$locked_ip_list->unlock_ip_range(strip_tags($_REQUEST['lockdown_id']));
}
}
?>
<h2><?php
_e('Login Lockdown Configuration', 'all-in-one-wp-security-and-firewall');
?>
</h2>
<div class="aio_blue_box">
<?php
$brute_force_login_feature_link = '<a href="admin.php?page=' . AIOWPSEC_BRUTE_FORCE_MENU_SLUG . '&tab=tab2">Cookie-Based Brute Force Login Prevention</a>';
echo '<p>' . __('One of the ways hackers try to compromise sites is via a ', 'all-in-one-wp-security-and-firewall') . '<strong>' . __('Brute Force Login Attack', 'all-in-one-wp-security-and-firewall') . '</strong>.
<br />' . __('This is where attackers use repeated login attempts until they guess the password.', 'all-in-one-wp-security-and-firewall') . '
<br />' . __('Apart from choosing strong passwords, monitoring and blocking IP addresses which are involved in repeated login failures in a short period of time is a very effective way to stop these types of attacks.', 'all-in-one-wp-security-and-firewall') . '<p>' . sprintf(__('You may also want to checkout our %s feature for another secure way to protect against these types of attacks.', 'all-in-one-wp-security-and-firewall'), $brute_force_login_feature_link) . '</p>';
?>
</div>
<div class="postbox">
<h3><label for="title"><?php
_e('Login Lockdown Options', 'all-in-one-wp-security-and-firewall');
?>
</label></h3>
<div class="inside">
<?php
//Display security info badge
global $aiowps_feature_mgr;
$aiowps_feature_mgr->output_feature_details_badge("user-login-login-lockdown");
?>
<form action="" method="POST">
<?php
wp_nonce_field('aiowpsec-login-lockdown-nonce');
?>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php
_e('Enable Login Lockdown Feature', 'all-in-one-wp-security-and-firewall');
?>
:</th>
<td>
<input name="aiowps_enable_login_lockdown" type="checkbox"<?php
if ($aio_wp_security->configs->get_value('aiowps_enable_login_lockdown') == '1') {
echo ' checked="checked"';
}
?>
value="1"/>
<span class="description"><?php
_e('Check this if you want to enable the login lockdown feature and apply the settings below', 'all-in-one-wp-security-and-firewall');
?>
</span>
</td>
</tr>
<tr valign="top">
<th scope="row"><?php
_e('Allow Unlock Requests', 'all-in-one-wp-security-and-firewall');
?>
:</th>
<td>
<input name="aiowps_allow_unlock_requests" type="checkbox"<?php
if ($aio_wp_security->configs->get_value('aiowps_allow_unlock_requests') == '1') {
echo ' checked="checked"';
}
?>
value="1"/>
<span class="description"><?php
_e('Check this if you want to allow users to generate an automated unlock request link which will unlock their account', 'all-in-one-wp-security-and-firewall');
?>
</span>
</td>
</tr>
<tr valign="top">
<th scope="row"><?php
_e('Max Login Attempts', 'all-in-one-wp-security-and-firewall');
?>
:</th>
<td><input type="text" size="5" name="aiowps_max_login_attempts" value="<?php
echo $aio_wp_security->configs->get_value('aiowps_max_login_attempts');
?>
" />
<span class="description"><?php
_e('Set the value for the maximum login retries before IP address is locked out', 'all-in-one-wp-security-and-firewall');
?>
</span>
</td>
</tr>
<tr valign="top">
<th scope="row"><?php
_e('Login Retry Time Period (min)', 'all-in-one-wp-security-and-firewall');
?>
:</th>
<td><input type="text" size="5" name="aiowps_retry_time_period" value="<?php
echo $aio_wp_security->configs->get_value('aiowps_retry_time_period');
?>
" />
<span class="description"><?php
_e('If the maximum number of failed login attempts for a particular IP address occur within this time period the plugin will lock out that address', 'all-in-one-wp-security-and-firewall');
?>
</span>
</td>
</tr>
<tr valign="top">
<th scope="row"><?php
_e('Time Length of Lockout (min)', 'all-in-one-wp-security-and-firewall');
?>
:</th>
<td><input type="text" size="5" name="aiowps_lockout_time_length" value="<?php
echo $aio_wp_security->configs->get_value('aiowps_lockout_time_length');
?>
" />
<span class="description"><?php
_e('Set the length of time for which a particular IP address will be prevented from logging in', 'all-in-one-wp-security-and-firewall');
?>
</span>
</td>
</tr>
<tr valign="top">
<th scope="row"><?php
_e('Display Generic Error Message', 'all-in-one-wp-security-and-firewall');
?>
:</th>
<td>
<input name="aiowps_set_generic_login_msg" type="checkbox"<?php
if ($aio_wp_security->configs->get_value('aiowps_set_generic_login_msg') == '1') {
echo ' checked="checked"';
}
?>
value="1"/>
<span class="description"><?php
_e('Check this if you want to show a generic error message when a login attempt fails', 'all-in-one-wp-security-and-firewall');
?>
</span>
</td>
</tr>
<tr valign="top">
<th scope="row"><?php
_e('Instantly Lockout Invalid Usernames', 'all-in-one-wp-security-and-firewall');
?>
:</th>
<td>
<input name="aiowps_enable_invalid_username_lockdown" type="checkbox"<?php
if ($aio_wp_security->configs->get_value('aiowps_enable_invalid_username_lockdown') == '1') {
echo ' checked="checked"';
}
?>
value="1"/>
<span class="description"><?php
_e('Check this if you want to instantly lockout login attempts with usernames which do not exist on your system', 'all-in-one-wp-security-and-firewall');
?>
</span>
</td>
</tr>
<tr valign="top">
<th scope="row"><?php
_e('Notify By Email', 'all-in-one-wp-security-and-firewall');
?>
:</th>
<td>
<input name="aiowps_enable_email_notify" type="checkbox"<?php
if ($aio_wp_security->configs->get_value('aiowps_enable_email_notify') == '1') {
echo ' checked="checked"';
}
?>
value="1"/>
<span class="description"><?php
_e('Check this if you want to receive an email when someone has been locked out due to maximum failed login attempts', 'all-in-one-wp-security-and-firewall');
?>
</span>
<br /><input type="text" size="30" name="aiowps_email_address" value="<?php
echo $aio_wp_security->configs->get_value('aiowps_email_address');
?>
" />
<span class="description"><?php
_e('Enter an email address', 'all-in-one-wp-security-and-firewall');
?>
</span>
</td>
</tr>
</table>
<input type="submit" name="aiowps_login_lockdown" value="<?php
_e('Save Settings', 'all-in-one-wp-security-and-firewall');
?>
" class="button-primary" />
</form>
</div></div>
<div class="postbox">
<h3><label for="title"><?php
_e('Currently Locked Out IP Address Ranges', 'all-in-one-wp-security-and-firewall');
?>
</label></h3>
<div class="inside">
<div class="aio_blue_box aio_width_80">
<?php
$locked_ips_link = '<a href="admin.php?page=' . AIOWPSEC_MAIN_MENU_SLUG . '&tab=tab3">Locked IP Addresses</a>';
echo '<p>' . sprintf(__('To see a list of all locked IP addresses and ranges go to the %s tab in the dashboard menu.', 'all-in-one-wp-security-and-firewall'), $locked_ips_link) . '</p>';
?>
</div>
</div></div>
<?php
}
function render_tab3()
{
global $wpdb;
include_once 'wp-security-list-locked-ip.php';
//For rendering the AIOWPSecurity_List_Table in tab1
$locked_ip_list = new AIOWPSecurity_List_Locked_IP();
//For rendering the AIOWPSecurity_List_Table in tab1
if (isset($_REQUEST['action'])) {
if ($_REQUEST['action'] == 'delete_blocked_ip') {
//Delete link was clicked for a row in list table
$locked_ip_list->delete_lockdown_records(strip_tags($_REQUEST['lockdown_id']));
}
if ($_REQUEST['action'] == 'unlock_ip') {
//Unlock link was clicked for a row in list table
$locked_ip_list->unlock_ip_range(strip_tags($_REQUEST['lockdown_id']));
}
}
?>
<div class="postbox">
<h3><label for="title"><?php
_e('Currently Locked Out IP Addresses and Ranges', 'aiowpsecurity');
?>
</label></h3>
<div class="inside">
<?php
//Fetch, prepare, sort, and filter our data...
$locked_ip_list->prepare_items();
//echo "put table of locked entries here";
?>
<form id="tables-filter" method="get" onSubmit="return confirm('Are you sure you want to perform this bulk operation on the selected entries?');">
<!-- For plugins, we also need to ensure that the form posts back to our current page -->
<input type="hidden" name="page" value="<?php
echo $_REQUEST['page'];
?>
" />
<?php
if (isset($_REQUEST["tab"])) {
echo '<input type="hidden" name="tab" value="' . $_REQUEST["tab"] . '" />';
}
?>
<!-- Now we can render the completed list table -->
<?php
$locked_ip_list->display();
?>
</form>
</div></div>
<?php
}
function render_tab3()
{
global $wpdb;
include_once 'wp-security-list-locked-ip.php';
//For rendering the AIOWPSecurity_List_Table in tab1
$locked_ip_list = new AIOWPSecurity_List_Locked_IP();
//For rendering the AIOWPSecurity_List_Table in tab1
if (isset($_REQUEST['action'])) {
if ($_REQUEST['action'] == 'delete_blocked_ip') {
//Delete link was clicked for a row in list table
$locked_ip_list->delete_lockdown_records(strip_tags($_REQUEST['lockdown_id']));
}
if ($_REQUEST['action'] == 'unlock_ip') {
//Unlock link was clicked for a row in list table
$locked_ip_list->unlock_ip_range(strip_tags($_REQUEST['lockdown_id']));
}
}
?>
<div class="aio_blue_box">
<?php
$login_lockdown_feature_url = '<a href="admin.php?page=' . AIOWPSEC_USER_LOGIN_MENU_SLUG . '&tab=tab1" target="_blank">Login Lockdown</a>';
echo '<p>' . __('This tab displays the list of all IP addresses which are currently temporarily locked out due to the Login Lockdown feature:', 'all-in-one-wp-security-and-firewall') . '</p>' . '<p>' . $login_lockdown_feature_url . '</p>';
?>
</div>
<div class="postbox">
<h3 class="hndle"><label
for="title"><?php
_e('Currently Locked Out IP Addresses and Ranges', 'all-in-one-wp-security-and-firewall');
?>
</label>
</h3>
<div class="inside">
<?php
//Fetch, prepare, sort, and filter our data...
$locked_ip_list->prepare_items();
//echo "put table of locked entries here";
?>
<form id="tables-filter" method="get"
onSubmit="return confirm('Are you sure you want to perform this bulk operation on the selected entries?');">
<!-- For plugins, we also need to ensure that the form posts back to our current page -->
<input type="hidden" name="page" value="<?php
echo esc_attr($_REQUEST['page']);
?>
"/>
<?php
if (isset($_REQUEST["tab"])) {
echo '<input type="hidden" name="tab" value="' . $_REQUEST["tab"] . '" />';
}
?>
<!-- Now we can render the completed list table -->
<?php
$locked_ip_list->display();
?>
</form>
</div>
</div>
<?php
}