Hanson.xyz Dev
114 lines
5.0 KiB
PHP
Executable File
114 lines
5.0 KiB
PHP
Executable File
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
|
<head profile="http://gmpg.org/xfn/11">
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<title><?php bloginfo('name'); ?></title>
|
|
<?php
|
|
global $aio_wp_security;
|
|
$display_form = true;
|
|
//Make this page look like the WP login page
|
|
wp_admin_css('login', true);
|
|
wp_admin_css('colors-fresh', true);
|
|
do_action('login_head');
|
|
$login_header_url = 'http://wordpress.org/';
|
|
$login_header_title = __('Powered by WordPress', 'all-in-one-wp-security-and-firewall');
|
|
?>
|
|
</head>
|
|
|
|
<body class="login login-action-login wp-core-ui aiowps-unlock-request">
|
|
<div id="login">
|
|
<h1><a href="<?php echo esc_url($login_header_url); ?>" title="<?php echo esc_attr($login_header_title); ?>"><?php bloginfo('name'); ?></a></h1>
|
|
|
|
<?php
|
|
if (isset($_POST['aiowps_unlock_request'])) {
|
|
//This catches the $_POST from the "Request Unlock" button on the main WP login page
|
|
isset($_POST['aiowps-unlock-string-info']) ? ($unlock_encoded_info = strip_tags(trim($_POST['aiowps-unlock-string-info']))) : ($unlock_encoded_info = '');
|
|
$unlock_secret_string = $aio_wp_security->configs->get_value('aiowps_unlock_request_secret_key');
|
|
$unlock_temp_string = isset($_POST['aiowps-unlock-temp-string']) ? strip_tags($_POST['aiowps-unlock-temp-string']) : '';
|
|
$submitted_encoded_string = base64_encode($unlock_temp_string.$unlock_secret_string);
|
|
if ($submitted_encoded_string !== $unlock_encoded_info) {
|
|
//Someone somehow landed on this page directly without clicking the unlock button on login form
|
|
echo '<div id="login_error">'.__('ERROR: Unable to process your request!', 'all-in-one-wp-security-and-firewall').'</div>';
|
|
die();
|
|
} elseif ($display_form) {
|
|
echo display_unlock_form();
|
|
}
|
|
} //End if block
|
|
|
|
if (isset($_POST['aiowps_wp_submit_unlock_request'])) {
|
|
//This catches the $_POST when someone submits the form from our special unlock request page where visitor enters email address
|
|
$errors = '';
|
|
|
|
$email = trim($_POST['aiowps_unlock_request_email']);
|
|
if (empty($email) || !is_email($email)) {
|
|
$errors .= '<p>'.__('Please enter a valid email address', 'all-in-one-wp-security-and-firewall').'</p>';
|
|
}
|
|
|
|
if ($errors) {
|
|
$display_form = true;
|
|
echo '<div id="login_error">'.$errors.'</div>';
|
|
$sanitized_email = sanitize_email($email);
|
|
echo display_unlock_form($sanitized_email);
|
|
} else {
|
|
$locked_user = get_user_by('email', $email);
|
|
if (!$locked_user) {
|
|
//user with this email does not exist in the system
|
|
$errors .= '<p>'.__('User account not found!', 'all-in-one-wp-security-and-firewall').'</p>';
|
|
echo '<div id="login_error">'.$errors.'</div>';
|
|
} else {
|
|
//Process unlock request
|
|
//Generate a special code and unlock url
|
|
$ip = AIOWPSecurity_Utility_IP::get_user_ip_address(); //Get the IP address of user
|
|
if (empty($ip)) {
|
|
$unlock_url = false;
|
|
} else {
|
|
$unlock_url = AIOWPSecurity_User_Login::generate_unlock_request_link($ip);
|
|
}
|
|
|
|
if (!$unlock_url) {
|
|
//No entry found in lockout table with this IP range
|
|
$error_msg = '<p>'.__('Error: No locked entry was found in the database with your IP address range.', 'all-in-one-wp-security-and-firewall').'</p>';
|
|
echo '<div id="login_error">'.$error_msg.'</div>';
|
|
} else {
|
|
//Send an email to the user
|
|
AIOWPSecurity_User_Login::send_unlock_request_email($email, $unlock_url);
|
|
echo '<p class="message">' . __('An email has been sent to you with the unlock instructions.', 'all-in-one-wp-security-and-firewall') . '</p>';
|
|
}
|
|
}
|
|
$display_form = false;
|
|
}
|
|
}
|
|
?>
|
|
</div> <!-- end #login -->
|
|
|
|
</body>
|
|
</html>
|
|
<?php
|
|
|
|
function display_unlock_form($email = '') {
|
|
ob_start();
|
|
// Display the unlock request form
|
|
$unlock_form_msg
|
|
= '<p>' . __('You are here because you have been locked out due to too many incorrect login attempts.', 'all-in-one-wp-security-and-firewall') . '</p>'
|
|
. '<p>' . __('Please enter your email address and you will receive an email with instructions on how to unlock yourself.', 'all-in-one-wp-security-and-firewall') . '</p>';
|
|
?>
|
|
<div class="message"><?php echo $unlock_form_msg; ?></div>
|
|
<form name="loginform" id="loginform" action="<?php echo wp_login_url(); ?>" method="post">
|
|
<?php
|
|
if (isset($_POST['aiowps-woo-login'])) {
|
|
echo '<input type="hidden" name="aiowps-woo-login" id="aiowps-woo-login" value="1" />';
|
|
}
|
|
?>
|
|
<p>
|
|
<label for="aiowps_unlock_request_email"><?php _e('Email Address', 'all-in-one-wp-security-and-firewall'); ?><br>
|
|
<input type="text" name="aiowps_unlock_request_email" id="aiowps_unlock_request_email" class="input" value="<?php echo $email; ?>" size="20"></label>
|
|
</p>
|
|
<p class="submit">
|
|
<input type="submit" name="aiowps_wp_submit_unlock_request" id="aiowps_wp_submit_unlock_request" class="button button-primary button-large" value="<?php esc_attr_e('Send unlock request', 'all-in-one-wp-security-and-firewall'); ?>">
|
|
</p>
|
|
</form>
|
|
<?php
|
|
$output = ob_get_contents();
|
|
ob_end_clean();
|
|
return $output;
|
|
}
|