-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathhonnypotter.php
106 lines (92 loc) · 3.25 KB
/
honnypotter.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
<?php
/**
* @package HonnyPotter
*/
/*
Plugin Name: HonnyPotter
Plugin URI: https://github.com/MartinIngesen/HonnyPotter
Description: Log all failed login-attempts.
Version: 1.2
Author: Martin ingesen
Author URI: http://martin.ingesen.no
License: GPLv2 or later
Text Domain: honnypotter
*/
/*
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
Copyright 2005-2015 Martin Ingesen.
*/
define('WP_DEBUG', true);
error_reporting(E_ALL);
ini_set('display_errors', 1);
define( 'HONNYPOTTER__PLUGIN_DIR', plugin_dir_path( __FILE__ ) );
require_once ( HONNYPOTTER__PLUGIN_DIR . 'class.honnypotter.php' );
register_activation_hook(__FILE__, array( 'HonnyPotter', 'options_init' ) );
add_action( 'init', array( 'HonnyPotter', 'init' ) );
if( is_admin() )
{
require_once( HONNYPOTTER__PLUGIN_DIR . 'class.honnypotter-admin.php' );
add_action( 'init', array( 'HonnyPotter_Admin', 'init' ) );
}
if (!function_exists('wp_authenticate')) {
$options = get_option('honnypotter');
$options['wp_authenticate_override'] = true;
update_option('honnypotter', $options);
function wp_authenticate($username, $password)
{
$username = sanitize_user($username);
$password = trim($password);
/**
* Filter the user to authenticate.
*
* If a non-null value is passed, the filter will effectively short-circuit
* authentication, returning an error instead.
*
* @since 2.8.0
*
* @param null|WP_User $user User to authenticate.
* @param string $username User login.
* @param string $password User password
*/
$user = apply_filters('authenticate', null, $username, $password);
if ($user == null) {
// TODO what should the error message be? (Or would these even happen?)
// Only needed if all authentication handlers fail to return anything.
$user = new WP_Error('authentication_failed', __('<strong>ERROR</strong>: Invalid username or incorrect password.'));
}
$ignore_codes = array(
'empty_username',
'empty_password'
);
if (is_wp_error($user) && !in_array($user->get_error_code() , $ignore_codes)) {
/**
* Fires after a user login has failed.
*
* @since 2.5.0
*
* @param string $username User login.
*/
$logname = get_option('honnypotter');
$logname = $logname['log_name'];
$logfile = fopen(plugin_dir_path(__FILE__) . $logname, 'a') or die('could not open/create file');
fwrite($logfile, sprintf("wp: %s - %s:%s\n", date('Y-m-d H:i:s') , $username, $password));
fclose($logfile);
do_action('wp_login_failed', $username);
}
return $user;
}
}else{
$options = get_option('honnypotter');
$options['wp_authenticate_override'] = false;
update_option('honnypotter', $options);
}