File: /var/www/html/wp-content/plugins/wp-fail2ban/feature/user.php
<?php declare(strict_types=1);
/**
* Blocked user functionality
*
* @package wp-fail2ban
* @since 4.4.0 Require PHP 7.4
* @since 4.0.0
*/
namespace org\lecklider\charles\wordpress\wp_fail2ban\feature;
use org\lecklider\charles\wordpress\wp_fail2ban\Config;
use org\lecklider\charles\wordpress\wp_fail2ban\Syslog;
use function org\lecklider\charles\wordpress\wp_fail2ban\bail;
defined( 'ABSPATH' ) or exit;
/**
* Catch blocked users
*
* @see \wp_authenticate()
*
* @since 4.4.0 Add type hints
* @since 4.3.4.0 Refactor to use Syslog::single
* @since 4.3.0 Add blocking username logins
* @since 3.5.0 Refactored for unit testing
* @since 2.0.0
*
* @param mixed|null $user
* @param string $username
* @param string $password
*
* @return mixed|null
*
* @wp-f2b-hard Blocked authentication attempt for .*
* @wp-f2b-soft Blocked username authentication attempt for .*
*/
function block_users( $user, string $username, string $password ) {
// : ?mixed
if ( ! empty( $username ) ) {
if ( Config::get( 'WP_FAIL2BAN_BLOCK_USERNAME_LOGIN' ) ) {
if ( is_email( $username ) ) {
// OK!
} else {
Syslog::single( LOG_NOTICE, "Blocked username authentication attempt for {$username}" );
do_action( __FUNCTION__ . '.block_username_login', $user, $username, $password );
return bail(); // for testing
}
}
if ( ! empty( Config::get( 'WP_FAIL2BAN_BLOCKED_USERS' ) ) ) {
/**
* @since 3.5.0 Arrays allowed in PHP 7
*/
$blocked_users = Config::get( 'WP_FAIL2BAN_BLOCKED_USERS' );
$matched = ( is_array( $blocked_users ) )
? in_array( $username, $blocked_users )
: preg_match( '/' . $blocked_users . '/i', $username );
if ( $matched ) {
Syslog::single( LOG_NOTICE, "Blocked authentication attempt for {$username}" );
do_action( __FUNCTION__ . '.blocked_users', $user, $username, $password );
return bail(); // for testing
}
}
}
return $user;
}