Changeset 1522317

Timestamp:

10/26/2016 09:49:57 AM (9 years ago)

Author:

manky

Message:

v1.2.2

Location:

ivguard

Files:

• tags/1.2.2 (added)
• tags/1.2.2/IVGuard.php (added)
• tags/1.2.2/readme.txt (added)
• trunk/IVGuard.php (modified) (8 diffs)
• trunk/readme.txt (modified) (2 diffs)

ivguard/trunk/IVGuard.php

@@ -5 +5 @@
 Description: IVGuard is one of the most powerful protection and monitoring services for WordPress. You will be informed immediately for any changes and discrepancies in your website and our team will be always on standby to help you resolve any security threats. Have full control of your website once and for all.
 Author: Ignite Vision Ltd
-Version: 1.2.1
+Version: 1.2.2
 Author URI: http://www.ignitevision.bg
 */
@@ -24 +24 @@
     add_action('login_form', array('IVGuard', 'onLoginForm'));
     add_action('password_reset', array('IVGuard', 'onPasswordReset'), 10, 2);
+    add_action('admin_post_ivguard_settings', array('IVGuard', 'setSettings'));
     add_filter('login_redirect', array('IVGuard', 'onLoginRedirect'), 10, 3);
     add_filter('authenticate', array('IVGuard', 'onAuthenticate'), 30, 3);
@@ -30 +31 @@
         const CRAWLER = 'crawler.ivguard.net';
         const APIKEY = 'ivGuardKey';
+        const API_VERIFY_IP = 'ivGuardAPIVerifyIP';
         const ALLOWED_IPS_KEY = 'ivGuardAllowedIPs';
         const WEBSITE = 'https://ivguard.net/';
@@ -48 +50 @@
                 add_option(IVGuard::APIKEY, md5((rand(999, 9999) * rand(666, 6666)) + time()));
 
+            if(!get_option(IVGuard::API_VERIFY_IP))
+                add_option(IVGuard::API_VERIFY_IP, 1);
+
             if(!function_exists('dbDelta'))
                 require_once(ABSPATH.DIRECTORY_SEPARATOR.'wp-admin'.DIRECTORY_SEPARATOR.'includes'.DIRECTORY_SEPARATOR.'upgrade.php');
@@ -120 +125 @@
             $wpdb->query('DROP TABLE IF EXISTS `'.$wpdb->prefix.IVGuard::DB_TABLE_LOGIN_FAIL.'`');
             delete_option(IVGuard::APIKEY);
+            delete_option(IVGuard::API_VERIFY_IP);
         }
 
@@ -146 +152 @@
             echo '  <div class="welcome-panel" style="background-color:rgba(255,255,255,.5)">';
             echo '      <h2>Activation</h2>';
-            echo '      <p style="font-size:1.1em">To start the monitoring process copy the following code, and paste it in the Activation Code field on the "Secure Site" Tab. Remember you must be registered and logged in <a target="_blank" href="'.IVGuard::WEBSITE.'">'.IVGuard::WEBSITE.'</a> before you proceed with this step.</p>';
+            echo '      <hr>';
+            echo '      <p style="font-size:1.1em">';
+            echo '          To start the monitoring process copy the following code, and paste it in the Activation Code field on the "Secure Site" Tab. Remember you must be registered and logged in <a target="_blank" href="'.IVGuard::WEBSITE.'">'.IVGuard::WEBSITE.'</a> before you proceed with this step.';
+            echo '          <br><br><b>Never share this activation code with anyone else</b>';
+            echo '      </p>';
             echo '      <label for="activationCode">Activation Code:</label>';
             echo '      <textarea id="activationCode" style="width:100%" readonly>' . $activationCode . '</textarea>';
             echo '      <p style="text-align:center"><button data-clipboard-target="#activationCode" class="button">Copy To Clipboard</button></p>';
             echo '  </div>';
+            echo '  <div class="welcome-panel" style="background-color:rgba(255,255,255,.5)">';
+            echo '      <h2>Settings</h2>';
+            echo '      <hr>';
+            echo '      <label for="apiVerifyIp">Enable requests behind proxy</label>';
+            echo '      <select id="apiVerifyIp" name="apiVerifyIp">';
+            echo '          <option value="1">No</option>';
+            echo '          <option value="0"'.(get_option(IVGuard::API_VERIFY_IP, 1) == 0 ? ' selected' : null).'>Yes</option>';
+            echo '      </select>';
+            echo '      <p style="font-size:1.1em">If your website is running behind a proxy like CloudFlare or this is not your IP address <b>'.$_SERVER['REMOTE_ADDR'].'</b> you need to set this option to "Yes".</p>';
+            echo '  </div>';
             echo '</div>';
             echo '<script>';
             echo 'jQuery(function() {';
-            echo 'jQuery("body").css({"background-image":"url('.IVGuard::getLogo().')","background-size":"80%","background-repeat":"no-repeat","background-position":"center 10vh","background-attachment":"fixed"});';
-            echo 'new Clipboard("button[data-clipboard-target]");';
+            echo '  jQuery("body").css({"background-image":"url('.IVGuard::getLogo().')","background-size":"80%","background-repeat":"no-repeat","background-position":"center 10vh","background-attachment":"fixed"});';
+            echo '  new Clipboard("button[data-clipboard-target]");';
+            echo '  jQuery("select#apiVerifyIp").on("change", function() {';
+            echo '      jQuery.post("'.admin_url('admin-post.php').'", {action: "ivguard_settings", '.IVGuard::API_VERIFY_IP.': jQuery(this).val()});';
+            echo '  });';
             echo '})';
             echo '</script>';
+        }
+
+        public static function setSettings() {
+            if(array_key_exists(IVGuard::API_VERIFY_IP, $_POST) && in_array($_POST[IVGuard::API_VERIFY_IP], array(0, 1)))
+                update_option(IVGuard::API_VERIFY_IP, $_POST[IVGuard::API_VERIFY_IP]);
         }
 
@@ -360 +388 @@
 
         public static function authorize() {
-            if(!in_array($_SERVER['REMOTE_ADDR'], IVGuard::getAllowedIPs()))
-                throw new Exception('Unauthorized actions have been detected! [BAD IP]');
+            if(get_option(IVGuard::API_VERIFY_IP, 1) != 0) {
+                if(!in_array($_SERVER['REMOTE_ADDR'], IVGuard::getAllowedIPs()))
+                    throw new Exception('Unauthorized actions have been detected! [BAD IP]');
+            }
             if(!($ivGuardKey = get_option(IVGuard::APIKEY)))
                 throw new Exception('Unauthorized actions have been detected! [NO KEY]');
@@ -375 +405 @@
             if(!$data) {
                 $allowedIPs = dns_get_record(IVGuard::CRAWLER, DNS_A + DNS_AAAA);
-                if(!is_array($allowedIPs))
+                if(!is_array($allowedIPs) || empty($allowedIPs))
                     throw new Exception('Unable to get a list with allowed IP addresses! [DNS Error]');
                 array_walk($allowedIPs, function(&$item, $key) { $item = $item['type'] == 'A' ? $item['ip'] : $item['ipv6']; });
-                $data = array('expire' => time() + 3600, 'allowedIPs' => $allowedIPs);
+                $data = array('expire' => time() + 300, 'allowedIPs' => $allowedIPs);
                 update_option(IVGuard::ALLOWED_IPS_KEY, json_encode($data));
             }

ivguard/trunk/readme.txt

@@ -4 +4 @@
 Tags: security, secure, protection, protect, prevention, guard, monitoring, backup, ban, block, bots, hack, anti-virus, malware, attack, injection, brute-force
 Requires at least: 4.4
-Tested up to: 4.6
-Stable tag: 1.2.1
+Tested up to: 4.6.1
+Stable tag: 1.2.2
 License: GPLv3
 License URI: https://www.gnu.org/licenses/gpl-3.0.html
@@ -96 +96 @@
 == Changelog ==
 
+= 1.2.2 =
+* Add - Option to disable IP verification (for the API Requests)
+
 = 1.2.1 =
 * Add - DNS Cache