public static function get_instance()
{
if (!self::$instance) {
self::$instance = new self();
}
return self::$instance;
}
/**
* Inserts an IP address into the htaccess ban list.
*
* @since 4.0
*
* @param $ip
* @param null $ban_list
* @param null $white_list
*
* @return void
*/
public static function insert_ip($ip, $ban_list = null, $white_list = null)
{
$settings = get_site_option('itsec_ban_users');
$host = sanitize_text_field($ip);
if ($ban_list === null) {
$ban_list = isset($settings['host_list']) ? $settings['host_list'] : array();
}
if ($white_list === null) {
$global_settings = get_site_option('itsec_global');
$white_list = isset($global_settings['lockout_white_list']) ? $global_settings['lockout_white_list'] : array();
}
if (!in_array($host, $ban_list) && !ITSEC_Ban_Users::is_ip_whitelisted($host, $white_list)) {
$ban_list[] = $host;
$settings['host_list'] = $ban_list;
ITSEC_Files::quick_ban($host);
update_site_option('itsec_ban_users', $settings);
add_site_option('itsec_rewrites_changed', true);
}
}
<?php require_once 'class-itsec-ban-users.php'; ITSEC_Ban_Users::activate();
/**
* Sanitize and validate input
*
* @param Array $input array of input fields
*
* @return Array Sanitized array
*/
public function sanitize_module_input($input)
{
global $itsec_globals;
$has_errors = false;
//Sanitize checkbox features
$input['enabled'] = isset($input['enabled']) && intval($input['enabled'] == 1) ? true : false;
$input['default'] = isset($input['default']) && intval($input['default'] == 1) ? true : false;
if (isset($input['agent_list']) && is_string($input['agent_list'])) {
$agents = preg_split('/(?<!\\r)\\n|\\r(?!\\n)|(?<!\\r)\\r\\n|\\r\\r\\n/', trim($input['agent_list']));
} else {
if (isset($input['agent_list']) && is_array($input['agent_list'])) {
$agents = $input['agent_list'];
} else {
$agents = array();
}
}
$good_agents = array();
foreach ($agents as $agent) {
$agent = trim(sanitize_text_field($agent));
if (!empty($agent)) {
$good_agents[] = $agent;
}
}
$input['agent_list'] = array_unique($good_agents);
if (isset($input['host_list']) && is_string($input['host_list'])) {
$addresses = preg_split('/(?<!\\r)\\n|\\r(?!\\n)|(?<!\\r)\\r\\n|\\r\\r\\n/', trim($input['host_list']));
} else {
if (isset($input['host_list']) && is_array($input['host_list'])) {
$addresses = $input['host_list'];
} else {
$addresses = array();
}
}
if (!class_exists('ITSEC_Ban_Users')) {
require dirname(__FILE__) . '/class-itsec-ban-users.php';
}
$bad_ips = array();
$white_ips = array();
$raw_ips = array();
foreach ($addresses as $index => $address) {
$address = trim($address);
if (empty($address)) {
continue;
}
if (!ITSEC_Lib::validates_ip_address($address)) {
$bad_ips[] = trim(filter_var($address, FILTER_SANITIZE_STRING));
}
if (ITSEC_Ban_Users::is_ip_whitelisted($address, null, true)) {
$white_ips[] = trim(filter_var($address, FILTER_SANITIZE_STRING));
}
$raw_ips[] = trim(filter_var($address, FILTER_SANITIZE_STRING));
}
$raw_ips = array_unique($raw_ips);
if (!empty($bad_ips)) {
$input['enabled'] = false;
//disable ban users list
$type = 'error';
if (!$has_errors) {
$message = sprintf('%s<br /><br />', __('Note that the ban users feature has been disabled until the following errors are corrected:', 'better-wp-security'));
}
foreach ($bad_ips as $bad_ip) {
$message .= sprintf('%s %s<br />', $bad_ip, __('is not a valid address in the ban users box.', 'better-wp-security'));
}
add_settings_error('itsec', esc_attr('settings_updated'), $message, $type);
$has_errors = true;
}
if (sizeof($white_ips) > 0) {
$input['enabled'] = false;
//disable ban users list
$type = 'error';
if (!$has_errors) {
$message = sprintf('%s<br /><br />', __('Note that the ban users feature has been disabled until the following errors are corrected:', 'better-wp-security'));
}
foreach ($white_ips as $white_ip) {
$message .= sprintf('%s %s<br />', $white_ip, __('is not a valid address as it has been white listed.', 'better-wp-security'));
}
add_settings_error('itsec', esc_attr('settings_updated'), $message, $type);
$has_errors = true;
}
$input['host_list'] = $raw_ips;
if (!$has_errors) {
if (!isset($type) && ($input['host_list'] !== $this->settings['host_list'] || $input['enabled'] !== $this->settings['enabled'] || $input['default'] !== $this->settings['default'] || $input['agent_list'] !== $this->settings['agent_list']) || isset($itsec_globals['settings']['write_files']) && true === $itsec_globals['settings']['write_files']) {
add_site_option('itsec_rewrites_changed', true);
}
}
if (is_multisite()) {
if (isset($type)) {
$error_handler = new WP_Error();
$error_handler->add($type, $message);
$this->core->show_network_admin_notice($error_handler);
} else {
$this->core->show_network_admin_notice(false);
}
$this->settings = $input;
}
return $input;
}
/**
* Locks out given user or host
*
* @since 4.0
*
* @param string $type The type of lockout (for user reference)
* @param string $reason Reason for lockout, for notifications
* @param string $host Host to lock out
* @param int $user user id to lockout
* @param string $username username to lockout
*
* @return void
*/
private function lockout($type, $reason, $host = NULL, $user = NULL, $username = NULL)
{
global $wpdb, $itsec_logger, $itsec_globals, $itsec_files;
$host_expiration = NULL;
$user_expiration = NULL;
$username = sanitize_text_field(trim($username));
if ($itsec_files->get_file_lock('lockout_' . $host . $user . $username)) {
//Do we have a good host to lock out or not
if ($host != NULL && $this->is_ip_whitelisted(sanitize_text_field($host)) === false && ITSEC_Lib::validates_ip_address($host) === true) {
$good_host = sanitize_text_field($host);
} else {
$good_host = false;
}
//Do we have a valid user to lockout or not
if ($user !== NULL && ITSEC_Lib::user_id_exists(intval($user)) === true) {
$good_user = intval($user);
} else {
$good_user = false;
}
//Do we have a valid username to lockout or not
if ($username !== NULL && $username != '') {
$good_username = $username;
} else {
$good_username = false;
}
$blacklist_host = false;
//assume we're not permanently blcking the host
//Sanitize the data for later
$type = sanitize_text_field($type);
$reason = sanitize_text_field($reason);
//handle a permanent host ban (if needed)
if ($itsec_globals['settings']['blacklist'] === true && $good_host !== false) {
//permanent blacklist
$blacklist_period = isset($itsec_globals['settings']['blacklist_period']) ? $itsec_globals['settings']['blacklist_period'] * 24 * 60 * 60 : 604800;
$host_count = 1 + $wpdb->get_var($wpdb->prepare("SELECT COUNT(*) FROM `" . $wpdb->base_prefix . "itsec_lockouts` WHERE `lockout_expire_gmt` > '%s' AND `lockout_host`='%s';", date('Y-m-d H:i:s', $itsec_globals['current_time_gmt'] - $blacklist_period), $host));
if ($host_count >= $itsec_globals['settings']['blacklist_count'] && isset($itsec_globals['settings']['write_files']) && $itsec_globals['settings']['write_files'] === true) {
$host_expiration = false;
if (!class_exists('ITSEC_Ban_Users')) {
require trailingslashit($itsec_globals['plugin_dir']) . 'modules/free/ban-users/class-itsec-ban-users.php';
}
ITSEC_Ban_Users::insert_ip(sanitize_text_field($host));
//Send it to the Ban Users module for banning
$blacklist_host = true;
//flag it so we don't do a temp ban as well
}
}
//We have temp bans to perform
if ($good_host !== false || $good_user !== false || $good_username || $good_username !== false) {
if ($this->is_ip_whitelisted(sanitize_text_field($host))) {
$whitelisted = true;
$expiration = date('Y-m-d H:i:s', 1);
$expiration_gmt = date('Y-m-d H:i:s', 1);
} else {
$whitelisted = false;
$exp_seconds = intval($itsec_globals['settings']['lockout_period']) * 60;
$expiration = date('Y-m-d H:i:s', $itsec_globals['current_time'] + $exp_seconds);
$expiration_gmt = date('Y-m-d H:i:s', $itsec_globals['current_time_gmt'] + $exp_seconds);
}
if ($good_host !== false && $blacklist_host === false) {
//temp lockout host
$host_expiration = $expiration;
$wpdb->insert($wpdb->base_prefix . 'itsec_lockouts', array('lockout_type' => $type, 'lockout_start' => date('Y-m-d H:i:s', $itsec_globals['current_time']), 'lockout_start_gmt' => date('Y-m-d H:i:s', $itsec_globals['current_time_gmt']), 'lockout_expire' => $expiration, 'lockout_expire_gmt' => $expiration_gmt, 'lockout_host' => sanitize_text_field($host), 'lockout_user' => ''));
$itsec_logger->log_event(__('lockout', 'it-l10n-better-wp-security'), 10, array('expires' => $expiration, 'expires_gmt' => $expiration_gmt, 'type' => $type), sanitize_text_field($host));
}
if ($good_user !== false) {
//blacklist host and temp lockout user
$user_expiration = $expiration;
$wpdb->insert($wpdb->base_prefix . 'itsec_lockouts', array('lockout_type' => $type, 'lockout_start' => date('Y-m-d H:i:s', $itsec_globals['current_time']), 'lockout_start_gmt' => date('Y-m-d H:i:s', $itsec_globals['current_time_gmt']), 'lockout_expire' => $expiration, 'lockout_expire_gmt' => $expiration_gmt, 'lockout_host' => '', 'lockout_user' => intval($user)));
if ($whitelisted === false) {
$itsec_logger->log_event('lockout', 10, array('expires' => $expiration, 'expires_gmt' => $expiration_gmt, 'type' => $type), '', '', intval($user));
} else {
$itsec_logger->log_event('lockout', 10, array(__('White Listed', 'it-l10n-better-wp-security'), 'type' => $type), '', '', intval($user));
}
}
if ($good_username !== false) {
//blacklist host and temp lockout username
$user_expiration = $expiration;
$wpdb->insert($wpdb->base_prefix . 'itsec_lockouts', array('lockout_type' => $type, 'lockout_start' => date('Y-m-d H:i:s', $itsec_globals['current_time']), 'lockout_start_gmt' => date('Y-m-d H:i:s', $itsec_globals['current_time_gmt']), 'lockout_expire' => $expiration, 'lockout_expire_gmt' => $expiration_gmt, 'lockout_host' => '', 'lockout_username' => $username));
if ($whitelisted === false) {
$itsec_logger->log_event('lockout', 10, array('expires' => $expiration, 'expires_gmt' => $expiration_gmt, 'type' => $type), '', '', $username);
} else {
$itsec_logger->log_event('lockout', 10, array(__('White Listed', 'it-l10n-better-wp-security'), 'type' => $type), '', '', $username);
}
}
if ($whitelisted === false) {
if ($itsec_globals['settings']['email_notifications'] === true) {
//send email notifications
$this->send_lockout_email($good_host, $good_user, $good_username, $host_expiration, $user_expiration, $reason);
}
if ($good_host !== false) {
$itsec_files->release_file_lock('lockout_' . $host . $user . $username);
$this->execute_lock();
} else {
$itsec_files->release_file_lock('lockout_' . $host . $user . $username);
$this->execute_lock(true);
}
}
}
$itsec_files->release_file_lock('lockout_' . $host . $user . $username);
}
}
/**
* Sanitize and validate input
*
* @param Array $input array of input fields
*
* @return Array Sanitized array
*/
public function sanitize_module_input($input)
{
global $itsec_globals;
$no_errors = false;
//start out assuming they entered a bad IP somewhere
//Sanitize checkbox features
$input['enabled'] = isset($input['enabled']) && intval($input['enabled'] == 1) ? true : false;
$input['default'] = isset($input['default']) && intval($input['default'] == 1) ? true : false;
//process agent list
if (isset($input['agent_list']) && !is_array($input['agent_list'])) {
$agents = explode(PHP_EOL, $input['agent_list']);
} elseif (isset($input['agent_list'])) {
$agents = $input['agent_list'];
} else {
$agents = array();
}
$good_agents = array();
foreach ($agents as $agent) {
$good_agents[] = trim(sanitize_text_field($agent));
}
$input['agent_list'] = $good_agents;
//Process hosts list
if (isset($input['host_list']) && !is_array($input['host_list'])) {
$addresses = explode(PHP_EOL, $input['host_list']);
} elseif (isset($input['host_list'])) {
$addresses = $input['host_list'];
} else {
$addresses = array();
}
$bad_ips = array();
$white_ips = array();
$raw_ips = array();
foreach ($addresses as $index => $address) {
if (strlen(trim($address)) > 0) {
if (ITSEC_Lib::validates_ip_address($address) === false) {
$bad_ips[] = trim(filter_var($address, FILTER_SANITIZE_STRING));
}
if (!class_exists('ITSEC_Ban_Users')) {
require dirname(__FILE__) . '/class-itsec-ban-users.php';
}
if (ITSEC_Ban_Users::is_ip_whitelisted($address, NULL, true)) {
$white_ips[] = trim(filter_var($address, FILTER_SANITIZE_STRING));
}
$raw_ips[] = trim(filter_var($address, FILTER_SANITIZE_STRING));
} else {
unset($addresses[$index]);
}
}
$raw_ips = array_unique($raw_ips);
if (sizeof($bad_ips) > 0) {
$input['enabled'] = false;
//disable ban users list
$type = 'error';
if ($no_errors === true) {
$message = sprintf('%s<br /><br />', __('Note that the ban users feature has been disabled until the following errors are corrected:', 'it-l10n-better-wp-security'));
}
foreach ($bad_ips as $bad_ip) {
$message .= sprintf('%s %s<br />', $bad_ip, __('is not a valid address in the ban users box.', 'it-l10n-better-wp-security'));
}
add_settings_error('itsec', esc_attr('settings_updated'), $message, $type);
} else {
$no_errors = true;
}
if (sizeof($white_ips) > 0) {
$input['enabled'] = false;
//disable ban users list
$type = 'error';
if ($no_errors === true) {
$message = sprintf('%s<br /><br />', __('Note that the ban users feature has been disabled until the following errors are corrected:', 'it-l10n-better-wp-security'));
}
foreach ($white_ips as $white_ip) {
$message .= sprintf('%s %s<br />', $white_ip, __('is not a valid address as it has been white listed.', 'it-l10n-better-wp-security'));
}
add_settings_error('itsec', esc_attr('settings_updated'), $message, $type);
} else {
$no_errors = true;
}
$input['host_list'] = $raw_ips;
if ($no_errors === true) {
if (!isset($type) && ($input['host_list'] !== $this->settings['host_list'] || $input['enabled'] !== $this->settings['enabled'] || $input['default'] !== $this->settings['default'] || $input['agent_list'] !== $this->settings['agent_list']) || isset($itsec_globals['settings']['write_files']) && $itsec_globals['settings']['write_files'] === true) {
add_site_option('itsec_rewrites_changed', true);
}
}
if (is_multisite()) {
if (isset($type)) {
$error_handler = new WP_Error();
$error_handler->add($type, $message);
$this->core->show_network_admin_notice($error_handler);
} else {
$this->core->show_network_admin_notice(false);
}
$this->settings = $input;
}
return $input;
}
<?php // Set up Away Mode Admin require_once 'class-itsec-ban-users-admin.php'; $itsec_ban_users_admin = new ITSEC_Ban_Users_Admin(); $itsec_ban_users_admin->run(ITSEC_Core::get_instance()); // Set up Away Mode Frontend require_once 'class-itsec-ban-users.php'; $itsec_ban_users = new ITSEC_Ban_Users(); $itsec_ban_users->run();
