/** * Get Instance of Lockdown_Manager * * @return Lockdown_Manager */ public static function instance() { if (empty(self::$instance)) { self::$instance = new self(); } return self::$instance; }
/** * Setting up the HTTP Auth * Here, we only check if it's enabled * * @access protected */ protected function setupHttpCheck($option = null) { // We save what type of auth we're doing here. if (!$option) { $option = $this->getHttpAuth(); } // What type of auth are we doing? switch ($option) { // HTTP auth is going to ask for their WordPress creds. case 'wp_creds': $creds = $this->retrieveAuthCredentials(); if (!$creds) { $this->unauthorizedArea(); // Invalid credentials } // Are they already logged in as this? $current_uid = get_current_user_id(); // We fixed this for use with non WP-MS sites $requested_user = get_user_by('login', $creds['username']); // Not a valid user. if (!$requested_user) { $this->unauthorizedArea(); } // The correct User ID. $requested_uid = (int) $requested_user->ID; // Already logged in? if ($current_uid === $requested_uid) { return $this->instance->passed(true); } // Attempt to sign them in if they aren't already if (!is_user_logged_in()) { // Try it via wp_signon $creds = array(); $creds['user_login'] = $creds['username']; $creds['user_password'] = $creds['password']; $creds['remember'] = true; $user = wp_signon($creds, false); // In error if (is_wp_error($user)) { return $this->unauthorizedArea(); } } // They passed! $this->passed(true); break; // Private list of users to check // Private list of users to check case 'private': $users = $this->getPrivateUsers(); // We want a user to exist. // If nobody is found, we won't lock them out! if (!$users || !is_array($users)) { return; } // Let's NOT lock everybody out if (count($users) < 1) { return; } // Get the HTTP auth creds $creds = $this->retrieveAuthCredentials(); // Invalid creds if (!$creds) { $this->unauthorizedArea(); } // Did they enter a valid user? if ($this->matchUserToArray($users, $creds['username'], $creds['password'])) { $this->instance->passed(true); return $this->setUser($creds['username']); } else { return $this->unauthorizedArea(); } break; // Unknown type of auth // Unknown type of auth default: $this->instance->passed(true); return false; } }
<?php if (!defined('ABSPATH')) { exit; } $manager = Lockdown_Manager::instance(); ?> <div class="wrap"> <h2><?php esc_html_e('Lockdown WordPress Admin', 'lockdown-wp-admin'); ?> </h2> <?php include LD_PLUGIN_DIR . '/views/errors.php'; ?> <p><?php esc_html_e('We are going to help make WordPress a bit more secure.', 'lockdown-wp-admin'); ?> </p> <p> <a href="https://twitter.com/srtfisher" class="twitter-follow-button" data-show-count="false">Follow @srtfisher</a> <script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script> <br /> <br> <em> (Also, I am a freelancer and would love to <a href="http://seanfisher.co/contact">hear from you about your project</a>!) </em> </p> <p>
<?php $messages = Lockdown_Manager::instance()->admin->get_messages(); if (!empty($messages)) { ?> <?php foreach ($messages as $message) { ?> <div class="<?php if ('error' === $message['type']) { echo 'error'; } else { echo 'updated'; } ?> "> <p><?php echo esc_html($message['message']); ?> </p> </div> <?php } }