Last active
September 2, 2015 10:47
-
-
Save alexmoleiro/ed7d941342eed14649dd to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /* | |
| Plugin Name: Dominable.com | |
| Description: Ejemplo de plugin para animar a hacerlos | |
| Author: Alex Moleiro | |
| Version: 0.1 Beta | |
| Author URI: http://twitter.com/MoleiroAlex | |
| License: WTFPL | |
| License URI: http://www.wtfpl.net/ | |
| */ | |
| /** | |
| * Si intenta entrar en wp-login.php | |
| */ | |
| add_action('login_init', function(){ | |
| $url="http://www.apiending.com/wordpress/wp_login_ip/".$_SERVER["HTTP_HOST"] . "/" . $_SERVER["REMOTE_ADDR"]; | |
| $json= httpget($url); | |
| $v= json_decode($json,TRUE); | |
| if ($v["isPermited"]=='0'){ | |
| exit("No permitido desde esta IP "); | |
| } | |
| }); | |
| /** | |
| * Si falla el logueo | |
| */ | |
| add_action('wp_login_failed', function( $arr ) { | |
| Dominable::enviar_notificacion($arr); | |
| }); | |
| class Dominable { | |
| static function enviar_notificacion($arr) { | |
| $str = $_SERVER["HTTP_HOST"] . "," . $_SERVER["REMOTE_ADDR"] . "," . $arr[0] . "," . $arr[1] . "," . date("Y-m-d H:i:s") . "\n"; | |
| httpget("http://apiending.com/wordpress/wp_login_failed/" . $_SERVER["HTTP_HOST"] . "/" . $arr[0] . "/" . $arr[1] . "/" . $_SERVER["REMOTE_ADDR"]); | |
| } | |
| } | |
| /** | |
| * He añadid httget porque por seguridad tenemos desactivado file_get_contents | |
| */ | |
| function httpget($Url) { | |
| if (!function_exists('curl_init')) { | |
| die('CURL is not installed!'); | |
| } | |
| $ch = curl_init(); | |
| curl_setopt($ch, CURLOPT_URL, $Url); | |
| curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); | |
| $output = curl_exec($ch); | |
| curl_close($ch); | |
| return $output; | |
| } | |
| /** | |
| * Es un override para que envíe tb el password, si quieres tenerlo :-) | |
| * Como es una función pluggable, se puede overridar sin problema | |
| */ | |
| if (!function_exists('wp_authenticate')) { | |
| function wp_authenticate($username, $password) { | |
| $username = sanitize_user($username); | |
| $password = trim($password); | |
| $user = apply_filters('authenticate', null, $username, $password); | |
| if ($user == null) { | |
| $user = new WP_Error('authentication_failed', __('<strong>ERROR</strong>: Invalid username or incorrect password.')); | |
| } | |
| $ignore_codes = array('empty_username', 'empty_password'); | |
| if (is_wp_error($user) && !in_array($user->get_error_code(), $ignore_codes)) { | |
| do_action('wp_login_failed', array($username, $password)); | |
| } | |
| return $user; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment