public function process_generate_math_page() { $salt = get_site_option('jetpack_protect_key') . get_site_option('admin_email'); $ans = (int) $_POST['jetpack_protect_num']; $salted_ans = sha1($salt . $ans); $correct_ans = $_POST['jetpack_protect_answer']; if ($salted_ans != $correct_ans) { Jetpack_Protect_Math_Authenticate::generate_math_page(true); } else { $temp_pass = substr(sha1(rand(1, 100000000) . get_site_option('jetpack_protect_key')), 5, 25); Jetpack_Protect_Module::set_transient('jpp_math_pass_' . $temp_pass, 3, DAY_IN_SECONDS); setcookie('jpp_math_pass', $temp_pass, time() + DAY_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN, false); return true; } }
/** * Checks for loginability BEFORE authentication so that bots don't get to go around the log in form. * * If we are using our math fallback, authenticate via math-fallback.php * * @param string $user * @param string $username * @param string $password * * @return string $user */ function check_preauth($user = '******', $username = '******', $password = '******') { $this->check_login_ability(true); $use_math = $this->get_transient('brute_use_math'); if (1 == $use_math && isset($_POST['log'])) { include_once dirname(__FILE__) . '/protect/math-fallback.php'; Jetpack_Protect_Math_Authenticate::math_authenticate(); } return $user; }
/** * Checks for loginability BEFORE authentication so that bots don't get to go around the log in form. * * If we are using our math fallback, authenticate via math-fallback.php * * @param string $user * @param string $username * @param string $password * * @return string $user */ function check_preauth($user = '******', $username = '******', $password = '******') { $this->check_login_ability(true); $use_math = $this->get_transient('brute_use_math'); if (1 == $use_math && isset($_POST['log'])) { Jetpack_Protect_Math_Authenticate::math_authenticate(); } return $user; }