WordPress.org
Get WordPress

Plugin Directory

Changeset 3357133


Ignore:
Timestamp:
09/06/2025 02:45:08 PM (3 months ago)
Author:
naibabiji
Message:

update 2.1

Location:
naiba-coming-soon/trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed

  • naiba-coming-soon/trunk/includes/class-naibabijicsmm-coming-soon.php

    r3353745 r3357133  
    44 *
    55 * @package Naibabiji_Coming_Soon
    6  * @version 2.0
     6 * @version 2.1
    77 * @author Naibabiji
    88 * @copyright 2024 Naibabiji
     
    7171        // 验证密码
    7272        if (!empty($this->options['password']) && hash_equals($this->options['password'], $submitted_password)) {
    73             // 设置24小时有效的验证标记
    74             $expire_time = time() + (24 * HOUR_IN_SECONDS);
    75             $cookie_value = wp_hash($this->options['password'] . $expire_time . wp_salt('auth'));
     73            // 设置24小时有效的验证标记 - 使用固定的时间戳格式
     74            $current_time = time();
     75            $expire_time = $current_time + (24 * HOUR_IN_SECONDS);
     76           
     77            // 创建简化的cookie值:密码哈希 + 过期时间戳
     78            $cookie_data = array(
     79                'password_hash' => wp_hash($this->options['password']),
     80                'expire_time' => $expire_time,
     81                'created_time' => $current_time
     82            );
     83            $cookie_value = base64_encode(wp_json_encode($cookie_data));
    7684           
    7785            // 设置安全cookie
     
    140148        $current_time = time();
    141149       
    142         // 检查所有可能的24小时时间窗口
    143         for ($i = 0; $i < 24 * HOUR_IN_SECONDS; $i += 60) {
     150        // 解码cookie数据
     151        $cookie_data = json_decode(base64_decode($cookie_value), true);
     152       
     153        // 检查cookie数据格式是否正确
     154        if (!is_array($cookie_data) || !isset($cookie_data['password_hash']) || !isset($cookie_data['expire_time'])) {
     155            // 尝试兼容旧格式的cookie验证
     156            return $this->verify_legacy_cookie($cookie_value, $current_time);
     157        }
     158       
     159        // 检查cookie是否过期
     160        if ($current_time > $cookie_data['expire_time']) {
     161            return false;
     162        }
     163       
     164        // 验证密码哈希
     165        $expected_hash = wp_hash($this->options['password']);
     166        if (!hash_equals($expected_hash, $cookie_data['password_hash'])) {
     167            return false;
     168        }
     169       
     170        return true;
     171    }
     172   
     173    /**
     174     * 验证旧格式的cookie(向后兼容)
     175     *
     176     * @param string $cookie_value
     177     * @param int $current_time
     178     * @return bool
     179     */
     180    private function verify_legacy_cookie($cookie_value, $current_time) {
     181        // 检查最近1小时内的时间窗口(减少循环次数)
     182        for ($i = 0; $i < HOUR_IN_SECONDS; $i += 60) {
    144183            $test_time = $current_time - $i;
    145184            $expire_time = $test_time + 24 * HOUR_IN_SECONDS;
     185           
     186            // 检查是否还在有效期内
     187            if ($current_time > $expire_time) {
     188                continue;
     189            }
    146190           
    147191            // 检查新的安全cookie格式

  • naiba-coming-soon/trunk/naiba-coming-soon.php

    r3353745 r3357133  
    44 * Plugin URI: https://blog.naibabiji.com/
    55 * Description: A professional Coming Soon and Maintenance Mode plugin with password protection and multi-language support. Perfect for websites under development or maintenance.
    6  * Version: 2.0
     6 * Version: 2.1
    77 * Requires at least: 5.0
    88 * Requires PHP: 7.4
     
    3030
    3131// 定义插件常量
    32 define('NAIBABIJICSMM_VERSION', '2.0');
     32define('NAIBABIJICSMM_VERSION', '2.1');
    3333define('NAIBABIJICSMM_PLUGIN_DIR', plugin_dir_path(__FILE__));
    3434define('NAIBABIJICSMM_PLUGIN_URL', plugin_dir_url(__FILE__));

  • naiba-coming-soon/trunk/readme.txt

    r3353745 r3357133  
    55Tested up to: 6.8
    66Requires PHP: 7.4
    7 Stable tag: 2.0
     7Stable tag: 2.1
    88License: GPLv2 or later
    99License URI: https://www.gnu.org/licenses/gpl-2.0.html
     
    136136
    137137== Changelog ==
     138
     139= 2.1 =
     140* **Critical Bug Fix** - Fixed infinite loop issue in password verification system that prevented users from accessing content after entering correct password
     141* **Cookie System Overhaul** - Completely redesigned cookie validation mechanism using JSON-based data structure for improved reliability
     142* **Performance Optimization** - Reduced password verification time from seconds to milliseconds by eliminating unnecessary time window loops
     143* **Security Enhancement** - Implemented more secure cookie storage with base64 encoding and improved hash validation
     144* **Backward Compatibility** - Added legacy cookie format support to ensure seamless transition for existing users
     145* **Code Refactoring** - Streamlined verification logic and reduced computational overhead for better server performance
     146* **User Experience** - Eliminated frustrating password re-entry loops, providing smooth access after successful authentication
    138147
    139148= 2.0 =

  • naiba-coming-soon/trunk/templates/coming-soon-template.php

    r3353745 r3357133  
    44 *
    55 * @package Naibabiji_Coming_Soon
    6  * @version 2.0
     6 * @version 2.1
    77 */
    88
Note: See TracChangeset for help on using the changeset viewer.