can_send_recovery_emails = apply_filters( 'jetpack_protect_can_send_recovery_emails', true ); $this->ip_address = $ip_address; add_filter( 'wp_authenticate_user', array( $this, 'check_valid_blocked_user' ), 10, 1 ); add_filter( 'site_url', array( $this, 'add_args_to_login_post_url' ), 10, 3 ); add_filter( 'network_site_url', array( $this, 'add_args_to_login_post_url' ), 10, 3 ); add_filter( 'lostpassword_url', array( $this, 'add_args_to_lostpassword_url' ), 10, 2 ); add_filter( 'login_url', array( $this, 'add_args_to_login_url' ), 10, 3 ); add_filter( 'lostpassword_redirect', array( $this, 'add_args_to_lostpassword_redirect_url' ), 10, 1 ); } public function add_args_to_lostpassword_redirect_url( $url ) { if ( $this->valid_blocked_user_id ) { $url = empty( $url ) ? wp_login_url() : $url; $url = add_query_arg( array( 'validate_jetpack_protect_recovery' => $_GET['validate_jetpack_protect_recovery'], 'user_id' => $_GET['user_id'], 'checkemail' => 'confirm', ), $url ); } return $url; } public function add_args_to_lostpassword_url( $url, $redirect ) { if ( $this->valid_blocked_user_id ) { $args = array( 'validate_jetpack_protect_recovery' => $_GET['validate_jetpack_protect_recovery'], 'user_id' => $_GET['user_id'], 'action' => 'lostpassword', ); if ( ! empty( $redirect ) ) { $args['redirect_to'] = $redirect; } $url = add_query_arg( $args, $url ); } return $url; } public function add_args_to_login_post_url( $url, $path, $scheme ) { if ( $this->valid_blocked_user_id && ( 'login_post' === $scheme || 'login' === $scheme ) ) { $url = add_query_arg( array( 'validate_jetpack_protect_recovery' => $_GET['validate_jetpack_protect_recovery'], 'user_id' => $_GET['user_id'], ), $url ); } return $url; } public function add_args_to_login_url( $url, $redirect, $force_reauth ) { if ( $this->valid_blocked_user_id ) { $args = array( 'validate_jetpack_protect_recovery' => $_GET['validate_jetpack_protect_recovery'], 'user_id' => $_GET['user_id'], ); if ( ! empty( $redirect ) ) { $args['redirect_to'] = $redirect; } if ( ! empty( $force_reauth ) ) { $args['reauth'] = '1'; } $url = add_query_arg( $args, $url ); } return $url; } public function check_valid_blocked_user( $user ) { if ( $this->valid_blocked_user_id && $this->valid_blocked_user_id != $user->ID ) { return new WP_Error( 'invalid_recovery_token', __( 'The recovery token is not valid for this user.', 'jetpack' ) ); } return $user; } public function is_blocked_user_valid() { if ( ! $this->can_send_recovery_emails ) { return false; } if ( $this->valid_blocked_user_id ) { return true; } if ( ! isset( $_GET['validate_jetpack_protect_recovery'], $_GET['user_id'] ) ) { return false; } if ( ! $this->is_valid_protect_recovery_key( $_GET['validate_jetpack_protect_recovery'], $_GET['user_id'] ) ) { return false; } $this->valid_blocked_user_id = (int) $_GET['user_id']; return true; } public function is_valid_protect_recovery_key( $key, $user_id ) { $path = sprintf( '/sites/%d/protect/recovery/confirm', Jetpack::get_option( 'id' ) ); $response = Jetpack_Client::wpcom_json_api_request_as_blog( $path, '1.1', array( 'method' => 'post' ), array( 'token' => $key, 'user_id' => $user_id, 'ip' => $this->ip_address, ) ); $result = json_decode( wp_remote_retrieve_body( $response ) ); if ( is_wp_error( $result ) || empty( $result ) || isset( $result->error ) ) { return false; } return true; } public function render_and_die() { if ( ! $this->can_send_recovery_emails ) { $this->render_blocked_login_message(); return; } if ( isset( $_GET['validate_jetpack_protect_recovery'] ) && $_GET['user_id'] ) { $error = new WP_Error( 'invalid_token', __( "Oops, we couldn't validate the recovery token.", 'jetpack' ) ); $this->protect_die( $error ); return; } if ( isset( $_GET['jetpack-protect-recovery'] ) && isset( $_POST['_wpnonce'] ) && wp_verify_nonce( $_POST['_wpnonce'], 'bypass-protect' ) ) { $this->process_recovery_email(); return; } if ( isset( $_GET['loggedout'] ) && 'true' === $_GET['loggedout'] ) { $this->protect_die( __( 'You successfully logged out.', 'jetpack' ) ); } $this->render_recovery_form(); } public function render_blocked_login_message() { $this->protect_die( $this->get_html_blocked_login_message() ); } function process_recovery_email() { $sent = $this->send_recovery_email(); $show_recovery_form = true; if ( is_wp_error( $sent ) ) { if ( 'email_already_sent' === $sent->get_error_code() ) { $show_recovery_form = false; } $this->protect_die( $sent,null,true, $show_recovery_form ); } else { $this->render_recovery_success(); } } function send_recovery_email() { $email = isset( $_POST['email'] ) ? $_POST['email'] : ''; if ( sanitize_email( $email ) !== $email || ! is_email( $email ) ) { return new WP_Error( 'invalid_email', __( "Oops, looks like that's not the right email address. Please try again!", 'jetpack' ) ); } $user = get_user_by( 'email', trim( $email ) ); if ( ! $user ) { return new WP_Error( 'invalid_user', __( "Oops, we couldn't find a user with that email. Please try again!", 'jetpack' ) ); } $this->email_address = $email; $path = sprintf( '/sites/%d/protect/recovery/request', Jetpack::get_option( 'id' ) ); $response = Jetpack_Client::wpcom_json_api_request_as_blog( $path, '1.1', array( 'method' => 'post' ), array( 'user_id' => $user->ID, 'ip' => $this->ip_address ) ); $code = wp_remote_retrieve_response_code( $response ); $result = json_decode( wp_remote_retrieve_body( $response ) ); if ( self::HTTP_STATUS_CODE_TOO_MANY_REQUESTS === $code ) { return new WP_Error( 'email_already_sent', sprintf( __( 'Recovery instructions were sent to %s. Check your inbox!', 'jetpack' ), $this->email_address ) ); } else if ( is_wp_error( $result ) || empty( $result ) || isset( $result->error ) ) { return new WP_Error( 'email_send_error', __( 'Oops, we were unable to send a recovery email. Try again.', 'jetpack' ) ); } return true; } function protect_die( $content, $title = null, $back_link = false, $recovery_form = false ) { if ( empty( $title ) ) { $title = __( 'Jetpack has locked your site\'s login page.', 'jetpack' ); } if ( is_wp_error( $content ) ) { $svg = ''; $content = ' '. $svg . $content->get_error_message() . ''; } $content = '
'. $content .'
'; // If for some reason the login pop up box show up in the wp-admin. if ( isset( $_GET['interim-login'] ) ) { $content = "" . $content; } $this->display_page( $title, $content, $back_link, $recovery_form ); } function render_recovery_form() { $content = $this->get_html_blocked_login_message(); $this->protect_die( $content, null, null, true ); } function render_recovery_success() { $this->protect_die( sprintf( __( 'Recovery instructions were sent to %s. Check your inbox!', 'jetpack' ), $this->email_address ) ); } function get_html_blocked_login_message() { $icon = ''; $ip = str_replace( 'http://', '', esc_url( 'http://' . $this->ip_address ) ); return sprintf( __( 'Your IP address %2$s
has been flagged for potential security violations. You can unlock your login by sending yourself a special link via email. Learn More