1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
|
<?php
$host = $this->brute_get_local_host();
global $current_user;
if ( isset( $_POST['brute_action'] ) && $_POST['brute_action'] == 'get_api_key' && is_email( $_POST['email_address'] ) ) {
global $wp_version;
$post_host = $this->get_bruteprotect_host() . 'index.php/get_key';
$brute_ua = "WordPress/{$wp_version} | ";
$brute_ua .= 'BruteProtect/' . constant( 'BRUTEPROTECT_VERSION' );
$request['email'] = $_POST['email_address'];
$request['site'] = $host;
$args = array(
'body' => $request,
'user-agent' => $brute_ua,
'httpversion' => '1.0',
'timeout' => 15
);
$response_json = wp_remote_post( $post_host, $args );
if( $response_json[ 'response' ][ 'code' ] == 200 ) {
$key = $response_json[ 'body' ];
update_site_option( 'bruteprotect_api_key', $key );
?>
<script type="text/javascript">
<!--
window.location = "admin.php?page=bruteprotect-api&get_key=success"
//-->
</script>
<?php
} else {
?>
<script type="text/javascript">
<!--
window.location = "admin.php?page=bruteprotect-api&get_key=fail"
//-->
</script>
<?php
}
exit;
}
if ( isset( $_POST['brute_action'] ) && $_POST['brute_action'] == 'update_key' ) :
update_site_option( 'bruteprotect_api_key', $_POST['brute_api_key'] );
endif;
if ( isset( $_POST['brute_action'] ) && $_POST['brute_action'] == 'update_brute_dashboard_widget_settings' )
update_site_option( 'brute_dashboard_widget_hide', $_POST['brute_dashboard_widget_hide'] );
if ( isset( $_POST['brute_action'] ) && $_POST['brute_action'] == 'update_brute_dashboard_widget_settings_2' )
update_site_option( 'brute_dashboard_widget_admin_only', $_POST['brute_dashboard_widget_admin_only'] );
if ( isset( $_POST['brute_action'] ) && $_POST['brute_action'] == 'update_brute_whitelist' ) {
//check the whitelist to make sure that it's clean
$whitelist = $_POST['brute_ip_whitelist'];
$wl_items = explode(PHP_EOL, $whitelist);
if( is_array( $wl_items ) ) : foreach( $wl_items as $key => $item ) :
$item = trim( $item );
$ckitem = str_replace('*', '1', $item);
$ckval = ip2long( $ckitem );
if( !$ckval ) {
unset( $wl_items[ $key ] );
continue;
}
$exploded_item = explode( '.' , $item);
if( $exploded_item[0] == '*' )
unset( $wl_items[ $key ] );
if( $exploded_item[1] == '*' && !($exploded_item[2] == '*' && $exploded_item[3] == '*') )
unset( $wl_items[ $key ] );
if( $exploded_item[2] == '*' && $exploded_item[3] != '*' )
unset( $wl_items[ $key ] );
endforeach; endif;
$whitelist = implode(PHP_EOL, $wl_items);
update_site_option( 'brute_ip_whitelist', $whitelist );
}
$brute_dashboard_widget_hide = get_site_option('brute_dashboard_widget_hide');
$brute_dashboard_widget_admin_only = get_site_option('brute_dashboard_widget_admin_only');
$brute_ip_whitelist = get_site_option('brute_ip_whitelist');
$key = get_site_option( 'bruteprotect_api_key' );
$invalid_key = false;
delete_site_option( 'bruteprotect_error' );
$response = $this->brute_call( 'check_key' );
if(isset($response['error'])) :
if( $response['error'] == 'Invalid API Key' || $response['error'] == 'API Key Required' ) :
$invalid_key = 'invalid';
endif;
if( $response['error'] == 'Host match error' ) :
$invalid_key = 'host';
endif;
endif;
if( !$this->check_bruteprotect_access() ) : //server cannot access API
$invalid_key = 'server_access';
endif;
if( isset($response['ckval']) )
update_site_option( 'bruteprotect_ckval', $response['ckval'] );
?>
<div class="wrap">
<h2 style="clear: both; margin-bottom: 15px;"><img src="<?php echo BRUTEPROTECT_PLUGIN_URL ?>images/BruteProtect-Logo-Text-Only-40.png" alt="BruteProtect" width="250" height="40" style="margin-bottom: -2px;"/> API Key</h2>
<?php
if (!get_site_option('bruteprotect_api_key')) :
?>
<div class="updated below-h2" id="message"><p><?php _e( '<strong>Almost there!</strong> Just fill in your email address and click "Get an API Key" below, and you be protected from brute force attacks.' ); ?></p></div>
<?php
endif;
?>
<?php if ( false != $key && $invalid_key == 'invalid' ) : ?>
<div class="error below-h2" id="message"><p><?php _e( '<strong>Invalid API Key!</strong> You have entered an invalid API key. Please copy and paste it from the email you have received, or request a new key.' ); ?></p></div>
<?php endif ?>
<?php if ( false != $key && $invalid_key == 'host' ) : ?>
<div class="error below-h2" id="message"><p><?php _e( '<strong>Invalid API Key!</strong> You have entered an API key which is not valid for this server. Every site must have its own API key. Just click the "Get an API key" button below to get a fresh new key for free' ); ?></p></div>
<?php endif ?>
<?php if ( $invalid_key == 'server_access' ) :
include 'inc/api_access_error.php';
return;
endif; ?>
<?php if ( $this->is_on_localhost() ) :
return;
endif; ?>
<?php if ( false != $invalid_key ) : ?>
<div style="display: block; width: 500px; float: left; padding: 10px; border: 1px solid green; background-color: #eaffd6; margin-right: 20px; margin-bottom:20px;">
<h3 style="display: block; background-color: green; color: #fff; margin: -10px -10px 1em -10px; padding: 10px;">I <em>need</em> an API key for BruteProtect</h3>
<form action="" method="post">
<?php if ( isset($_GET['get_key']) && $_GET['get_key'] == 'fail' ) : ?>
<strong style="font-size: 18px;"><?php _e( 'There was an error generating your API key. Please try again later. Sorry!' ); ?></strong>
<?php else : ?>
<p><?php _e( 'You must obtain an API key for every site or network you wish to protect with BruteProtect. You will be generating a BruteProtect.com key for use on <strong><?php echo $host ?></strong>. There is no cost for an BruteProtect key, and we will never sell your email. We may contact you up to 4 times a year to let you know about new features or products we are offering, and potentially more often than that if there is a problem with your site.' ); ?></p>
<strong><?php _e( 'Email Address' ); ?></strong><br />
<input type="text" name="email_address" value="<?php echo $current_user->user_email ?>" id="brute_get_api_key" style="font-size: 18px; border: 1px solid #ccc; padding: 4px; width: 450px;" />
<input type="hidden" name="brute_action" value="get_api_key" />
<input type="submit" value="Get an API Key" class="button" style="margin-top: 10px;margin-bottom: 10px;" />
<?php endif; ?>
</form>
</div>
<?php else : ?>
<div class="updated below-h2" id="message" style="border-color: green; color: green; background-color: #eaffd6;"><p><?php _e( '<strong>API key verified!</strong> Your BruteProtect account is active and your site is protected, you don\'t need to do anything else!' ); ?></p></div>
<?php if ( isset($_GET['get_key']) && $_GET['get_key'] == 'success' ) : ?>
<strong style="font-size: 18px;"><?php _e( 'You have successfully generated an API key. BruteProtect is now activated and ready to keep you safe!' ); ?></strong><br /><br /><?php endif; ?>
<?php endif; ?>
<div style="display: block; width: 500px; float: left; padding: 10px; border: 1px solid #0649fe; background-color: #cdf0fe;">
<h3 style="display: block; background-color: #0649fe; color: #fff; margin: -10px -10px 1em -10px; padding: 10px;"><?php _e( 'I <em>have</em> an API key for BruteProtect' ); ?></h3>
<form action="" method="post">
<strong><?php _e( 'Enter your key: ' ); ?></strong><br />
<input type="text" name="brute_api_key" value="<?php echo get_site_option('bruteprotect_api_key') ?>" id="brute_api_key" style="font-size: 18px; border: 1px solid #ccc; padding: 4px; width: 450px;" />
<input type="hidden" name="brute_action" value="update_key" />
<input type="submit" value="Save API Key" class="button" style="margin-top: 10px;margin-bottom: 10px;" />
</form>
</div>
</div>
|