WP登录尝试
[英]WP login attempts
问题描述
I've always had policy ' the less plugins the better ', so please don't suggest Login Attempts plugin, especially if it haven't been updated for several years. 
我一直有政策“ 插件越少越好 ”,所以请不要建议“登录尝试”插件,尤其是如果它几年没有更新。
That being said I found this snippet & added it to functions.php : 话虽如此,我发现了这个片段并将其添加到functions.php :
//Limit Login Attempts
if ( ! class_exists( 'limit_login_attempts' ) ) {
class limit_login_attempts {
var $failed_login_limit = 3; //Number of authentification accepted
var $lockout_duration = 1800; //Stop authentification process for 30 minutes: 60*30 = 1800
var $transient_name = 'attempted_login'; //Transient used
public function __construct() {
add_filter( 'authenticate', array( $this, 'check_attempted_login' ), 30, 3 );
add_action( 'wp_login_failed', array( $this, 'login_failed' ), 10, 1 );
}
/**
* Lock login attempts of failed login limit is reached
*/
public function check_attempted_login( $user, $username, $password ) {
if ( get_transient( $this->transient_name ) ) {
$datas = get_transient( $this->transient_name );
if ( $datas['tried'] >= $this->failed_login_limit ) {
$until = get_option( '_transient_timeout_' . $this->transient_name );
$time = $this->when( $until );
//Display error message to the user when limit is reached
return new WP_Error( 'too_many_tried', sprintf( __( '<strong>ERROR</strong>: You have reached authentification limit, you will be able to try again in %1$s.' ) , $time ) );
}
}
return $user;
}
/**
* Add transient
*/
public function login_failed( $username ) {
if ( get_transient( $this->transient_name ) ) {
$datas = get_transient( $this->transient_name );
$datas['tried']++;
if ( $datas['tried'] <= $this->failed_login_limit )
set_transient( $this->transient_name, $datas , $this->lockout_duration );
} else {
$datas = array(
'tried' => 1
);
set_transient( $this->transient_name, $datas , $this->lockout_duration );
}
}
/**
* Return difference between 2 given dates
* @param int $time Date as Unix timestamp
* @return string Return string
*/
private function when( $time ) {
if ( ! $time )
return;
$right_now = time();
$diff = abs( $right_now - $time );
$second = 1;
$minute = $second * 60;
$hour = $minute * 60;
$day = $hour * 24;
if ( $diff < $minute )
return floor( $diff / $second ) . ' secondes';
if ( $diff < $minute * 2 )
return "about 1 minute ago";
if ( $diff < $hour )
return floor( $diff / $minute ) . ' minutes';
if ( $diff < $hour * 2 )
return 'about 1 hour';
return floor( $diff / $hour ) . ' hours';
}
}
}
//Enable
new limit_login_attempts();
It does not display any messages so I have no idea now to check if it works properly. 它不显示任何消息,所以我现在不知道要检查它是否正常工作。
I've never user WP_Error before and docs were not very useful. 我以前从未使用过WP_Error,并且文档不是很有用。 How or where should this error output? 该错误如何或在何处输出?
- I have front-end login which should not change anything because it uses
autheniticateandwp_login_failedfilter/action, right?我有前端登录,该登录不应更改任何内容,因为它使用了autheniticate和wp_login_failed过滤器/操作,对吗? - This is the first time I heard about transients & I read that this value might not be saved in database. 这是我第一次听说瞬变,并且我听说此值可能未保存在数据库中。 Checked anyway - not there. 无论如何检查-不在那里。
- No errors 没有错误
Why it doesn't work? 为什么不起作用? Few tips about how to debug it myself would also be awesome. 关于如何自己调试的一些技巧也很棒。
1 个解决方案
解决方案1
0 2015-09-12 07:59:05
Define as a class variable: 定义为类变量:
var $error = null;
Add it to your constructor: 将其添加到您的构造函数中:
$this->error = new WP_Error();
In you codition, if you have any error, add it 在编码中,如果有任何错误,请将其添加
$error->add('login_atttempts', 'Your message!');
And you can check at the end: 您可以在最后检查:
$errors = $error->get_error_messages();
if( ! empty($errors)) {
wp_die($error) // You can pass the whole WP_Error object to wp_die()
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.