/**
* Get Instance of Lockdown_Manager
*
* @return Lockdown_Manager
*/
public static function instance()
{
if (empty(self::$instance)) {
self::$instance = new self();
}
return self::$instance;
}
/**
* Setting up the HTTP Auth
* Here, we only check if it's enabled
*
* @access protected
*/
protected function setupHttpCheck($option = null)
{
// We save what type of auth we're doing here.
if (!$option) {
$option = $this->getHttpAuth();
}
// What type of auth are we doing?
switch ($option) {
// HTTP auth is going to ask for their WordPress creds.
case 'wp_creds':
$creds = $this->retrieveAuthCredentials();
if (!$creds) {
$this->unauthorizedArea();
// Invalid credentials
}
// Are they already logged in as this?
$current_uid = get_current_user_id();
// We fixed this for use with non WP-MS sites
$requested_user = get_user_by('login', $creds['username']);
// Not a valid user.
if (!$requested_user) {
$this->unauthorizedArea();
}
// The correct User ID.
$requested_uid = (int) $requested_user->ID;
// Already logged in?
if ($current_uid === $requested_uid) {
return $this->instance->passed(true);
}
// Attempt to sign them in if they aren't already
if (!is_user_logged_in()) {
// Try it via wp_signon
$creds = array();
$creds['user_login'] = $creds['username'];
$creds['user_password'] = $creds['password'];
$creds['remember'] = true;
$user = wp_signon($creds, false);
// In error
if (is_wp_error($user)) {
return $this->unauthorizedArea();
}
}
// They passed!
$this->passed(true);
break;
// Private list of users to check
// Private list of users to check
case 'private':
$users = $this->getPrivateUsers();
// We want a user to exist.
// If nobody is found, we won't lock them out!
if (!$users || !is_array($users)) {
return;
}
// Let's NOT lock everybody out
if (count($users) < 1) {
return;
}
// Get the HTTP auth creds
$creds = $this->retrieveAuthCredentials();
// Invalid creds
if (!$creds) {
$this->unauthorizedArea();
}
// Did they enter a valid user?
if ($this->matchUserToArray($users, $creds['username'], $creds['password'])) {
$this->instance->passed(true);
return $this->setUser($creds['username']);
} else {
return $this->unauthorizedArea();
}
break;
// Unknown type of auth
// Unknown type of auth
default:
$this->instance->passed(true);
return false;
}
}
<?php
if (!defined('ABSPATH')) {
exit;
}
$manager = Lockdown_Manager::instance();
?>
<div class="wrap">
<h2><?php
esc_html_e('Lockdown WordPress Admin', 'lockdown-wp-admin');
?>
</h2>
<?php
include LD_PLUGIN_DIR . '/views/errors.php';
?>
<p><?php
esc_html_e('We are going to help make WordPress a bit more secure.', 'lockdown-wp-admin');
?>
</p>
<p>
<a href="https://twitter.com/srtfisher" class="twitter-follow-button" data-show-count="false">Follow @srtfisher</a>
<script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script>
<br />
<br>
<em>
(Also, I am a freelancer and would love to <a href="http://seanfisher.co/contact">hear from you about your project</a>!)
</em>
</p>
<p>
<?php
$messages = Lockdown_Manager::instance()->admin->get_messages();
if (!empty($messages)) {
?>
<?php
foreach ($messages as $message) {
?>
<div class="<?php
if ('error' === $message['type']) {
echo 'error';
} else {
echo 'updated';
}
?>
">
<p><?php
echo esc_html($message['message']);
?>
</p>
</div>
<?php
}
}
