Server IP : 104.21.14.48 / Your IP : 3.16.130.75 [ Web Server : Apache System : Linux b70eb322-3aee-0c53-7c82-0db91281f2c6.secureserver.net 6.1.90-1.el9.elrepo.x86_64 #1 SMP PREEMPT_DYNAMIC Thu May 2 12:09:22 EDT 2024 x86_64 User : root ( 0) PHP Version : 8.0.30.2 Disable Function : NONE Domains : 0 Domains MySQL : ON | cURL : ON | WGET : ON | Perl : OFF | Python : OFF | Sudo : OFF | Pkexec : OFF Directory : /var/www/wp-content/mu-plugins/vendor/wpsec/wp-captcha-plugin/src/handlers/ |
Upload File : |
<?php namespace Wpsec\captcha\handlers; use WP_Error; use WP_User; use Wpsec\captcha\events\AuthenticateEvent; use Wpsec\captcha\service\CaptchaService; use Wpsec\captcha\utils\IPUtil; use Wpsec\captcha\utils\Logger; use Wpsec\captcha\utils\SiteUtil; class AuthenticateEventHandler extends EventHandler { private static $event_map = array( AuthenticateEvent::NAME => 'login', ); const CREDENTIAL_ERRORS = array( 'empty_username', 'empty_password', 'invalid_username', 'incorrect_password', ); /** * Handles authenticate hook * * @param null|WP_User|WP_Error $user - WP_User if the user is authenticated. WP_Error or null otherwise. * * @return null|WP_User|WP_Error * * @since 1.0.0 */ public function handle_authenticate_hook( $user ) { $current_hook_name = current_action(); if ( empty( $user ) || $this->has_incorrect_credentials( $user ) || ! $current_hook_name || ! isset( self::$event_map[ $current_hook_name ] ) ) { return $user; } if ( ! $this->is_authenticate_from_wp_login() ) { return $user; } $meta_data = array( 'captcha_id' => isset( $_POST['wpsec_captcha_id'] ) ? $_POST['wpsec_captcha_id'] : '', 'captcha_answer' => isset( $_POST['wpsec_captcha_answer'] ) ? $_POST['wpsec_captcha_answer'] : '', ); $response = $this->send_event( self::$event_map[ $current_hook_name ], IPUtil::get_client_ip_headers(), $meta_data ); $captcha_service = new CaptchaService(); $status_code = wp_remote_retrieve_response_code( $response ); if ( 204 !== $status_code && $status_code < 500 && $captcha_service->is_wpsec_login_captcha_enabled() ) { /* translators: %s: search term */ $error_message = sprintf( esc_html__( '%1$sError%2$s: Incorrect CAPTCHA. Please try again.', 'wpsec-wp-cp' ), '<strong>', '</strong>' ); return new WP_Error( AuthenticateEvent::WP_ERROR_CODE, $error_message ); } return $user; } /** * Checks if authenticate hook has come from wp-login.php page. * * @return bool */ private function is_authenticate_from_wp_login() { $backtrace = debug_backtrace(); foreach ( $backtrace as $trace ) { if ( isset( $trace['file'] ) && str_contains( $trace['file'], 'wp-login.php' ) ) { return true; } } return false; } /** * Check if user entered incorrect credentials (checking for flags since validation is already handled by WordPress) * * @param null|WP_User|WP_Error $user - WP_User if the user is authenticated. WP_Error or null otherwise. * * @return bool * * @since 1.0.0 */ private function has_incorrect_credentials( $user ) { if ( ! is_wp_error( $user ) ) { return false; } foreach ( self::CREDENTIAL_ERRORS as $credential_error ) { if ( isset( $user->errors[ $credential_error ] ) ) { Logger::log( 'User credential error', array( 'captcha_id' => isset( $_POST['wpsec_captcha_id'] ) ? $_POST['wpsec_captcha_id'] : '', 'credential_error' => $user->errors[ $credential_error ], ) ); return true; } } return false; } }