public function logined()
{
if (is_session_started() === FALSE) {
if (!$this->is_call_me()) {
$this->session_start_expired();
}
}
$result = null;
if (!empty($_SESSION['user_name']) && $_SESSION['user_is_logged_in']) {
$result = array();
$result['user_name'] = $_SESSION['user_name'];
$result['user_email'] = $_SESSION['user_email'];
} else {
return null;
}
$userdata = $this->get_userdata($result['user_name']);
if (empty($userdata)) {
if (is_session_started() === FALSE) {
session_destroy();
}
$this->user_is_logged_in = false;
$this->feedback = T('Your account not exists');
return null;
}
return $result;
}
public function logout()
{
session_unset();
if (is_session_started() !== FALSE) {
session_destroy();
}
log_message("info", "session ended");
if (isset($_SESSION['uname'])) {
$this->_error("cant logout", "please reload page");
log_message("error", "session unset" . __FILE__ . __LINE__);
} else {
log_message("info", "log out successful " . __FILE__ . __LINE__);
redir(HTTPPATH . "login?msg=logout successful");
return;
}
}
<?php
session_destroy();
/**
* @return bool
*/
function is_session_started()
{
if (php_sapi_name() !== 'cli') {
if (version_compare(phpversion(), '5.4.0', '>=')) {
return session_status() === PHP_SESSION_ACTIVE ? TRUE : FALSE;
} else {
return session_id() === '' ? FALSE : TRUE;
}
}
return FALSE;
}
// Example
if (is_session_started() === FALSE) {
header("Location:index.php");
exit;
}
/**
* Class constructor
*
* @param array $params
* @return void
*/
public function __construct($params)
{
if (is_array($params)) {
if (!empty($params['read']) && !empty($params['write'])) {
$this->read_write = TRUE;
if (is_session_started()) {
if (!isset($_SESSION['insanedb_read_delay'])) {
$_SESSION['insanedb_read_delay'] = $this->read_delay;
}
$this->read_delay =& $_SESSION['insanedb_read_delay'];
}
}
foreach ($params as $key => $val) {
$this->{$key} = $val;
}
}
log_message('info', 'Database Driver Class Initialized');
}
/**
* Receives oauth_verifier, requests for access_token and redirect to callback
*/
public function oauth_callback()
{
if (is_session_started() === FALSE) {
session_start();
}
// User cancelled auth
if (!isset($_SESSION['oauth_token_secret']) || !isset($_GET['oauth_token'])) {
$error = array('code' => 'access_denied', 'message' => 'User denied access.', 'raw' => $_GET);
$this->errorCallback($error);
exit;
}
// $_SESSION[oauth_token_secret] was stored before the Authorization redirect
$signatures = array('oauth_secret' => $_SESSION['oauth_token_secret'], 'oauth_token' => $_GET['oauth_token']);
$request = $this->oauth->sign(array('path' => $this->strategy['access_token_url'], 'parameters' => array('oauth_verifier' => $_GET['oauth_verifier'], 'oauth_token' => $_GET['oauth_token']), 'signatures' => $signatures));
// Initiate our request to get a permanent access token
$ch = curl_init($request['signed_url']);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$result = curl_exec($ch);
// Parse our tokens and store them
parse_str($result, $returned_items);
$token = $returned_items['oauth_token'];
$secret = $returned_items['oauth_token_secret'];
// To prevent a refresh of the page from working to re-do this step, clear out the temp
// access token.
unset($_SESSION['oauth_token_secret']);
if ($token && $secret) {
$url = $this->strategy['base_url'] . 'members/me';
$data = ['key' => $this->strategy['consumer_key'], 'token' => $token];
$results = $this->serverGet($url, $data);
if ($results !== false && ($user = json_decode($results, true))) {
$this->auth = array('uid' => $user['id'], 'info' => array('name' => $user['fullName'], 'email' => $user['email'], 'username' => $user['username'], 'image' => 'http://www.gravatar.com/avatar/' . $user['gravatarHash']), 'credentials' => array('token' => $token, 'secret' => $secret), 'raw' => $user);
$this->callback();
} else {
$error = array('code' => 'missing_user_details', 'message' => 'Could not retrieve user details.', 'raw' => $results);
$this->errorCallback($error);
}
} else {
$error = array('code' => 'access_denied', 'message' => 'User denied access.', 'raw' => $_GET);
$this->errorCallback($error);
}
}
function wp_limit_login_init()
{
function is_session_started()
{
if (php_sapi_name() !== 'cli') {
if (version_compare(phpversion(), '5.4.0', '>=')) {
return session_status() === PHP_SESSION_ACTIVE ? TRUE : FALSE;
} else {
return session_id() === '' ? FALSE : TRUE;
}
}
return FALSE;
}
if (is_session_started() === FALSE) {
session_start();
}
if (!isset($_SESSION["popup_flag"])) {
$_SESSION["popup_flag"] = "first";
}
if (isset($_GET['captcha'])) {
if ($_GET['captcha'] == $_SESSION["captcha"]) {
$_SESSION["popup_flag"] = "true_0152";
} else {
$_SESSION["popup_flag"] = "false_0152";
}
}
add_action('login_head', 'wp_limit_login_head');
add_action('wp_login_failed', 'wp_limit_login_failed');
add_action('login_errors', 'wp_limit_login_errors');
add_filter('authenticate', 'wp_limit_login_auth_signon', 30, 3);
add_action('admin_init', 'wp_limit_login_admin_init');
function wp_limit_login_head()
{
?>
<script>var popup_flag = "<?php
echo $_SESSION["popup_flag"];
?>
";
</script>
<div class='popup' style="display: none;">
<div class='popup_box'>
<p class='x' id='x'> × </p>
<p>Please enter captcha text</p>
<img class="captcha" src="<?php
echo plugin_dir_url(__FILE__) . '/captcha.php';
?>
" />
<form class="captcha_form" action="" method="GET">
<input type="text" placeholder="Enter here.." name="captcha">
<input class="submit" type="submit" value="Submit">
</form>
</div>
</div>
<?php
}
function wp_limit_login_failed($username)
{
global $msg, $ip, $wpdb;
if ($_SESSION["popup_flag"] == "true_0152") {
$ip = getip();
$tablename = $wpdb->prefix . "limit_login";
$tablerows = $wpdb->get_results("SELECT `login_id`, `login_ip`,`login_attempts`,`attempt_time`,`locked_time` FROM `{$tablename}` WHERE `login_ip` = '{$ip}' ORDER BY `login_id` DESC LIMIT 1 ");
if (count($tablerows) == 1) {
$attempt = $tablerows[0]->login_attempts;
if ($attempt <= 5) {
$attempt = $attempt + 1;
$update_table = array('login_id' => $tablerows[0]->login_id, 'login_attempts' => $attempt);
$wpdb->update($tablename, $update_table, array('login_id' => $tablerows[0]->login_id));
$remain_attempt = 6 - $attempt;
$msg = $remain_attempt . ' attempts remaining..!';
return $msg;
} else {
if (is_numeric($tablerows[0]->locked_time)) {
$attempt = $attempt + 1;
$update_table = array('login_id' => $tablerows[0]->login_id, 'login_attempts' => $attempt, 'locked_time' => date('Y-m-d G:i:s'));
$wpdb->update($tablename, $update_table, array('login_id' => $tablerows[0]->login_id));
} else {
$attempt = $attempt + 1;
$update_table = array('login_id' => $tablerows[0]->login_id, 'login_attempts' => $attempt);
$wpdb->update($tablename, $update_table, array('login_id' => $tablerows[0]->login_id));
}
$msg = "The maximum number of login attempts has been reached. Please try again in 10 minutes";
return $msg;
}
$time_now = date_create(date('Y-m-d G:i:s'));
$attempt_time = date_create($tablerows[0]->attempt_time);
$interval = date_diff($attempt_time, $time_now);
if ($interval->format("%s") <= 2) {
//wp_redirect(home_url());
//exit;
}
} else {
global $wpdb;
$tablename = $wpdb->prefix . "limit_login";
$newdata = array('login_ip' => $ip, 'login_attempts' => 1, 'attempt_time' => date('Y-m-d G:i:s'), 'locked_time' => 0);
$wpdb->insert($tablename, $newdata);
$remain_attempt = 5;
$msg = $remain_attempt . ' attempts remaining..!';
return $msg;
}
} else {
$_SESSION["popup_flag"] = "first";
$error = new WP_Error();
$error->remove('wp_captcha', "Sorry..! captcha");
return $error;
}
}
function wp_limit_login_admin_init()
{
if (is_user_logged_in()) {
global $wpdb;
$tablename = $wpdb->prefix . "limit_login";
$ip = getip();
wp_limit_login_nag_ignore();
$tablerows = $wpdb->get_results("SELECT `login_id`, `login_ip`,`login_attempts`,`locked_time` FROM `{$tablename}` WHERE `login_ip` = '{$ip}' ORDER BY `login_id` DESC LIMIT 1 ");
if (count($tablerows) == 1) {
$update_table = array('login_id' => $tablerows[0]->login_id, 'login_attempts' => 0, 'locked_time' => 0);
$wpdb->update($tablename, $update_table, array('login_id' => $tablerows[0]->login_id));
//update table
}
}
}
function wp_limit_login_errors($error)
{
global $msg;
$pos_first = strpos($error, 'Proxy');
$pos_second = strpos($error, 'wait');
$pos_third = strpos($error, 'captcha');
if (is_int($pos_first)) {
$error = "Sorry..! Proxy detected..!";
} else {
if ($pos_second) {
$error = "Sorry..! Please wait 10 minutes..!";
} else {
if ($pos_third) {
$error = "Sorry..! Please enter correct captcha..!";
} else {
$error = "<strong>Login Failed</strong>: Sorry..! Wrong information..! </br>" . $msg;
}
}
}
return $error;
}
function wp_limit_login_auth_signon($user, $username, $password)
{
global $ip, $msg, $wpdb;
$ip = getip();
if (empty($username) || empty($password)) {
// do_action( 'wp_login_failed' );
}
if ($_SESSION["popup_flag"] == "true_0152") {
$tablename = $wpdb->prefix . "limit_login";
$tablerows = $wpdb->get_results("SELECT `login_id`, `login_ip`,`login_attempts`,`attempt_time`,`locked_time` FROM `{$tablename}` WHERE `login_ip` = '{$ip}' ORDER BY `login_id` DESC LIMIT 1 ");
if (count($tablerows) == 1) {
$time_now = date_create(date('Y-m-d G:i:s'));
$attempt_time = date_create($tablerows[0]->attempt_time);
$interval = date_diff($attempt_time, $time_now);
if ($interval->format("%s") <= 1) {
if ($tablerows[0]->login_attempts != 0) {
wp_redirect(home_url());
exit;
} else {
return $user;
}
} else {
/*$url_first = "http://www.shroomery.org/ythan/proxycheck.php?ip=".$ip;
$url_second = "http://check.getipintel.net/check.php?ip=".$ip;
$response_first = wp_remote_get($url_first);
$response_second = wp_remote_get($url_second);
$ip_check = false;
if(($response_first['body']=="N")|| ($response_second['body']<=0.99)){
$ip_check = true;
} */
$ip_check = true;
if ($tablerows[0]->login_attempts % 7 == 0) {
if ($tablerows[0]->login_attempts != 0) {
$attempts = $tablerows[0]->login_attempts;
$attempts = $attempts + 1;
$_SESSION["popup_flag"] = "first";
$update_table = array('login_id' => $tablerows[0]->login_id, 'login_attempts' => $attempts);
$wpdb->update($tablename, $update_table, array('login_id' => $tablerows[0]->login_id));
}
}
// proxy or not
if ($ip_check == true) {
if (!is_numeric($tablerows[0]->locked_time)) {
$locked_time = date_create($tablerows[0]->locked_time);
$time_now = date_create(date('Y-m-d G:i:s'));
$interval = date_diff($locked_time, $time_now);
if ($interval->format("%i") <= 10) {
$msg = "Sorry..! Please wait 10 minutes..!";
$error = new WP_Error();
$error->add('wp_to_many_try', $msg);
return $error;
} else {
$update_table = array('login_id' => $tablerows[0]->login_id, 'login_attempts' => 0, 'attempt_time' => date('Y-m-d G:i:s'), 'locked_time' => 0);
$wpdb->update($tablename, $update_table, array('login_id' => $tablerows[0]->login_id));
return $user;
}
} else {
return $user;
}
} else {
$_SESSION["popup_flag"] = "first";
$error = new WP_Error();
$error->add('wp_proxy_detection', "Sorry..! Proxy detected..!");
return $error;
}
}
} else {
return $user;
}
} else {
$_SESSION["popup_flag"] = "first";
$error = new WP_Error();
$error->remove('wp_captcha', "Sorry..! captcha");
return $error;
}
}
function getip()
{
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
$ip = esc_sql($_SERVER['HTTP_CLIENT_IP']);
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ip = esc_sql($_SERVER['HTTP_X_FORWARDED_FOR']);
} else {
$ip = esc_sql($_SERVER['REMOTE_ADDR']);
if ($ip == '::1') {
$ip = '127.0.0.1';
}
}
return $ip;
}
function wp_limit_login_nag_ignore()
{
global $current_user;
$user_id = $current_user->ID;
/* If user clicks to ignore the notice, add that to their user meta */
if (isset($_GET['wp_limit_login_nag_ignore']) && '0' == $_GET['wp_limit_login_nag_ignore']) {
add_user_meta($user_id, 'wp_limit_login_nag_ignore', 'true', true);
}
}
}
/**
* Loads a state string from session storage for CSRF validation. May return
* null if no object exists. Developers should subclass and override this
* method if they want to load the state from a different location.
*
* @return string|null
*
* @throws FacebookSDKException
*/
protected function loadState()
{
if ($this->checkForSessionStatus === true && !is_session_started()) {
throw new FacebookSDKException('Session not active, could not load state.', 721);
}
if (isset($_SESSION[$this->sessionPrefix . 'state'])) {
$this->state = $_SESSION[$this->sessionPrefix . 'state'];
return $this->state;
}
return null;
}
<?php
if (!defined("Z_ENTRANCE")) {
header("HTTP/1.0 404 Not Found");
exit;
}
require_once Z_ABSPATH . Z_INC . 'envchk.php';
require_once Z_ABSPATH . Z_INC . 'functions.php';
require_once Z_ABSPATH . Z_INC . 'autoload.php';
require_once Z_ABSPATH . 'settings.php';
z_debug_mode();
z_check_php_mysql();
date_default_timezone_set(Z_TIMEZONE);
if (!is_session_started()) {
session_start();
}
/**
* @return bool
*/
function close_session()
{
if (is_session_started() === FALSE) {
session_start();
}
session_unset();
session_destroy();
return TRUE;
}
