Diff: STRATO-apps/wordpress_03/app/wp-content/plugins/tutor-pro/addons/auth/classes/SpamProtection.php
Keine Baseline-Datei – Diff nur gegen leer.
1
-
1
+
<?php
2
+
/**
3
+
* Spam Protection Logic
4
+
*
5
+
* @package TutorPro\Auth
6
+
* @author Themeum <support@themeum.com>
7
+
* @link https://themeum.com
8
+
* @since 2.1.9
9
+
*/
10
+
11
+
namespace TutorPro\Auth;
12
+
13
+
use TUTOR\Input;
14
+
15
+
/**
16
+
* SpamProtection Class.
17
+
*
18
+
* @since 2.1.9
19
+
*/
20
+
class SpamProtection {
21
+
/**
22
+
* Input field name for honeypot
23
+
*
24
+
* @var string
25
+
*/
26
+
const HONEYPOT_FIELD = '_uuid';
27
+
28
+
/**
29
+
* Register hooks.
30
+
*
31
+
* @since 2.1.8
32
+
*
33
+
* @return void
34
+
*/
35
+
public function __construct() {
36
+
/**
37
+
* Login Spam Protection.
38
+
*/
39
+
add_action( 'tutor_before_login_form', array( $this, 'set_pagenow_as_tutor_login' ) );
40
+
add_action( 'login_form', array( $this, 'extend_login_form' ) );
41
+
add_filter( 'authenticate', array( $this, 'auth_check' ), 10, 3 );
42
+
43
+
/**
44
+
* Registration Spam Protection.
45
+
*/
46
+
add_action( 'tutor_before_student_reg_form', array( $this, 'set_pagenow_as_tutor_register' ) );
47
+
add_action( 'tutor_before_instructor_reg_form', array( $this, 'set_pagenow_as_tutor_register' ) );
48
+
add_action( 'register_form', array( $this, 'extend_register_form' ) );
49
+
add_filter( 'registration_errors', array( $this, 'handle_registration_spam_protection' ), 10, 3 );
50
+
51
+
/**
52
+
* Password Reset Form Spam Protection.
53
+
*/
54
+
add_action( 'tutor_lostpassword_form', array( $this, 'extend_lostpassword_form' ) );
55
+
add_filter( 'tutor_before_retrieve_password_form_process', array( $this, 'handle_reset_pass_spam_protection' ) );
56
+
}
57
+
58
+
/**
59
+
* Extend tutor password reset form to add spam protection.
60
+
*
61
+
* @since 2.1.10
62
+
*
63
+
* @return void
64
+
*/
65
+
public function extend_lostpassword_form() {
66
+
$is_enabled = Settings::is_spam_protection_enabled();
67
+
if ( ! $is_enabled ) {
68
+
return;
69
+
}
70
+
71
+
$locations = Settings::get_spam_protection_location();
72
+
if ( in_array( 'tutor_login', $locations ) ) {
73
+
$method = Settings::get_spam_protection_method();
74
+
$this->add_form_content( $method );
75
+
}
76
+
}
77
+
78
+
/**
79
+
* Handle reset pass spam protection.
80
+
*
81
+
* @since 2.1.10
82
+
*
83
+
* @return void|\WP_Error
84
+
*/
85
+
public function handle_reset_pass_spam_protection() {
86
+
$is_enabled = Settings::is_spam_protection_enabled();
87
+
if ( ! $is_enabled ) {
88
+
return;
89
+
}
90
+
91
+
$locations = Settings::get_spam_protection_location();
92
+
if ( in_array( 'tutor_login', $locations ) ) {
93
+
$method = Settings::get_spam_protection_method();
94
+
$result = $this->do_spam_protect( $method );
95
+
if ( is_wp_error( $result ) ) {
96
+
return $result;
97
+
}
98
+
}
99
+
}
100
+
101
+
/**
102
+
* Set value to global pagenow key.
103
+
*
104
+
* @since 2.1.9
105
+
*
106
+
* @return void
107
+
*/
108
+
public function set_pagenow_as_tutor_login() {
109
+
$GLOBALS['pagenow'] = 'tutor_login';
110
+
}
111
+
112
+
/**
113
+
* Set value to global pagenow key.
114
+
*
115
+
* @since 2.1.9
116
+
*
117
+
* @return void
118
+
*/
119
+
public function set_pagenow_as_tutor_register() {
120
+
$GLOBALS['pagenow'] = 'tutor_registration';
121
+
}
122
+
123
+
/**
124
+
* Add form content based on protection method.
125
+
*
126
+
* @since 2.1.9
127
+
*
128
+
* @param string $method honeypot, recaptcha_v2, recaptcha_v3.
129
+
*
130
+
* @return void
131
+
*/
132
+
public function add_form_content( $method ) {
133
+
if ( Settings::METHOD_HONEYPOT === $method ) {
134
+
HoneyPot::form_content( self::HONEYPOT_FIELD );
135
+
}
136
+
137
+
if ( Settings::METHOD_RECAPTCHA_V2 === $method ) {
138
+
$site_key = tutils()->get_option( Settings::RECAPTCHA_V2_SITE_KEY, '' );
139
+
Recaptcha::form_content( Recaptcha::VERSION_V2, $site_key );
140
+
}
141
+
142
+
if ( Settings::METHOD_RECAPTCHA_V3 === $method ) {
143
+
$site_key = tutils()->get_option( Settings::RECAPTCHA_V3_SITE_KEY, '' );
144
+
Recaptcha::form_content( Recaptcha::VERSION_V3, $site_key );
145
+
}
146
+
}
147
+
148
+
/**
149
+
* Do spam protection by method.
150
+
*
151
+
* @since 2.1.9
152
+
*
153
+
* @param string $method method name like honypot, reCAPTCHA etc.
154
+
*
155
+
* @return void|\WP_Error
156
+
*/
157
+
public function do_spam_protect( $method ) {
158
+
/**
159
+
* For HoneyPot
160
+
*/
161
+
if ( Settings::METHOD_HONEYPOT === $method ) {
162
+
return HoneyPot::verify( self::HONEYPOT_FIELD );
163
+
}
164
+
165
+
/**
166
+
* For reCAPTCHA v2, v3
167
+
*/
168
+
if ( in_array( $method, array( Settings::METHOD_RECAPTCHA_V2, Settings::METHOD_RECAPTCHA_V3 ) ) ) {
169
+
$token = '';
170
+
$secret_key = '';
171
+
if ( Settings::METHOD_RECAPTCHA_V2 === $method && Input::has( 'g-recaptcha-response' ) ) {
172
+
$secret_key = tutils()->get_option( Settings::RECAPTCHA_V2_SECRET_KEY, '' );
173
+
$token = Input::post( 'g-recaptcha-response' );
174
+
}
175
+
176
+
if ( Settings::METHOD_RECAPTCHA_V3 === $method && Input::has( 'recaptcha_token' ) ) {
177
+
$secret_key = tutils()->get_option( Settings::RECAPTCHA_V3_SECRET_KEY, '' );
178
+
$token = Input::post( 'recaptcha_token' );
179
+
}
180
+
181
+
if ( ! empty( $secret_key ) ) {
182
+
$result = Recaptcha::verify( $token, $secret_key );
183
+
return $result;
184
+
}
185
+
}
186
+
}
187
+
188
+
/**
189
+
* Extend WP, Tutor registration form to add reCAPTCHA/HoneyPot fields.
190
+
*
191
+
* @since 2.1.9
192
+
*
193
+
* @return void
194
+
*/
195
+
public function extend_register_form() {
196
+
$is_enabled = Settings::is_spam_protection_enabled();
197
+
if ( ! $is_enabled ) {
198
+
return;
199
+
}
200
+
201
+
$locations = Settings::get_spam_protection_location();
202
+
203
+
$page_now = $GLOBALS['pagenow'];
204
+
205
+
$current_reg_page = '';
206
+
if ( 'wp-login.php' === $page_now ) {
207
+
$current_reg_page = 'wp_registration';
208
+
}
209
+
if ( 'tutor_registration' === $page_now ) {
210
+
$current_reg_page = 'tutor_registration';
211
+
}
212
+
213
+
if ( ! in_array( $current_reg_page, $locations ) ) {
214
+
return;
215
+
}
216
+
217
+
$method = Settings::get_spam_protection_method();
218
+
$this->add_form_content( $method );
219
+
}
220
+
221
+
/**
222
+
* Check spam protection during registration.
223
+
*
224
+
* @since 2.1.9
225
+
*
226
+
* @param \WP_Error $errors error object.
227
+
* @param string $sanitized_user_login username.
228
+
* @param string $user_email user email.
229
+
*
230
+
* @return \WP_Error
231
+
*/
232
+
public function handle_registration_spam_protection( $errors, $sanitized_user_login, $user_email ) {
233
+
$is_enabled = Settings::is_spam_protection_enabled();
234
+
if ( ! $is_enabled ) {
235
+
return $errors;
236
+
}
237
+
238
+
$locations = Settings::get_spam_protection_location();
239
+
240
+
if ( ( in_array( 'tutor_registration', $locations ) && Input::has( 'tutor_action' ) )
241
+
|| ( in_array( 'wp_registration', $locations ) && Utils::is_request_from_wp_login() ) ) {
242
+
243
+
$method = Settings::get_spam_protection_method();
244
+
$result = $this->do_spam_protect( $method );
245
+
if ( is_wp_error( $result ) ) {
246
+
$errors->add( $result->get_error_code(), $result->get_error_message() );
247
+
}
248
+
}
249
+
250
+
return $errors;
251
+
}
252
+
253
+
/**
254
+
* Extend login form to add reCAPTCHA/HoneyPot field.
255
+
*
256
+
* @since 2.1.9
257
+
*
258
+
* @return void
259
+
*/
260
+
public function extend_login_form() {
261
+
$is_enabled = Settings::is_spam_protection_enabled();
262
+
if ( ! $is_enabled ) {
263
+
return;
264
+
}
265
+
266
+
$locations = Settings::get_spam_protection_location();
267
+
268
+
$page_now = $GLOBALS['pagenow'];
269
+
270
+
$current_login_page = '';
271
+
if ( 'wp-login.php' === $page_now ) {
272
+
$current_login_page = 'wp_login';
273
+
}
274
+
if ( 'tutor_login' === $page_now ) {
275
+
$current_login_page = 'tutor_login';
276
+
}
277
+
278
+
if ( ! in_array( $current_login_page, $locations ) ) {
279
+
return;
280
+
}
281
+
282
+
$method = Settings::get_spam_protection_method();
283
+
284
+
$this->add_form_content( $method );
285
+
286
+
}
287
+
288
+
/**
289
+
* Check spam protection logic during user login
290
+
* based on spam protection method set in tutor setttings > authentication
291
+
*
292
+
* @since 2.1.9
293
+
*
294
+
* @param mixed $user $user value can be null, object or wp error.
295
+
* @param null|string $username username.
296
+
* @param null|string $password user provided password.
297
+
*
298
+
* @return mixed user null, object or wp error.
299
+
*/
300
+
public function auth_check( $user, $username, $password ) {
301
+
if ( Input::has( 'wp-submit' ) || Input::has( 'tutor_action' ) ) {
302
+
$is_enabled = Settings::is_spam_protection_enabled();
303
+
if ( ! $is_enabled ) {
304
+
return $user;
305
+
}
306
+
307
+
$locations = Settings::get_spam_protection_location();
308
+
309
+
if ( ( in_array( 'tutor_login', $locations ) && Utils::is_request_from_tutor() )
310
+
|| ( in_array( 'wp_login', $locations ) && Utils::is_request_from_wp_login() ) ) {
311
+
312
+
$method = Settings::get_spam_protection_method();
313
+
$result = $this->do_spam_protect( $method );
314
+
if ( is_wp_error( $result ) ) {
315
+
remove_all_filters( 'authenticate' );
316
+
return $result;
317
+
}
318
+
}
319
+
}
320
+
321
+
return $user;
322
+
}
323
+
}
324
+