All In One WP Security & Firewall - Version 4.4.10

Version Description

  • 21/Jan/2022 =

  • FEATURE: Auto-purge failed login records after 90 days.

  • FEATURE: Change the debug log so it's stored in the database and not a file

  • FIX: Missing Plugin header fields are added.

  • FIX: PHP Warning Notice for finding IP Address appears when a dual proxy used.

  • FIX: Logout date-time shows 1000-10-10 10:00:00 for non-logged out user.

  • FIX: The notification for re-inserting the security rules in your .htaccess file appears after deactivating and activating the plugin to non-admin users.

  • TWEAK: Replace obsolete variable reference style

  • TWEAK: View debug logs from within the UI

Download this release

Release Info

Developer DavidAnderson
Plugin Icon 128x128 All In One WP Security & Firewall
Version 4.4.10
Comparing to
See all releases

Code changes from version 4.4.9 to 4.4.10

Files changed (25) hide show
  1. admin/general/wp-security-list-table.php +1 -1
  2. admin/wp-security-admin-init.php +410 -410
  3. admin/wp-security-admin-menu.php +108 -108
  4. admin/wp-security-blacklist-menu.php +266 -266
  5. admin/wp-security-brute-force-menu.php +912 -912
  6. admin/wp-security-dashboard-menu.php +823 -824
  7. admin/wp-security-database-menu.php +610 -610
  8. admin/wp-security-filescan-menu.php +489 -489
  9. admin/wp-security-filesystem-menu.php +504 -504
  10. admin/wp-security-firewall-menu.php +1128 -1128
  11. admin/wp-security-list-404.php +323 -323
  12. admin/wp-security-list-acct-activity.php +201 -198
  13. admin/wp-security-list-comment-spammer-ip.php +275 -275
  14. admin/wp-security-list-debug.php +124 -0
  15. admin/wp-security-list-locked-ip.php +233 -233
  16. admin/wp-security-list-logged-in-users.php +142 -142
  17. admin/wp-security-list-login-fails.php +195 -195
  18. admin/wp-security-list-permanent-blocked-ip.php +191 -191
  19. admin/wp-security-list-registered-users.php +346 -346
  20. admin/wp-security-maintenance-menu.php +142 -142
  21. admin/wp-security-misc-options-menu.php +292 -292
  22. admin/wp-security-settings-menu.php +862 -864
  23. admin/wp-security-spam-menu.php +555 -555
  24. admin/wp-security-user-accounts-menu.php +344 -344
  25. admin/wp-security-user-login-menu.php +0 -654
admin/general/wp-security-list-table.php CHANGED
@@ -1399,6 +1399,6 @@ class AIOWPSecurity_List_Table {
1399
  ),
1400
  );
1401
 
1402
- printf( "<script type='text/javascript'>list_args = %s;</script>\n", wp_json_encode( $args ) );
1403
  }
1404
  }
1399
  ),
1400
  );
1401
 
1402
+ printf( "<script>list_args = %s;</script>\n", wp_json_encode( $args ) );
1403
  }
1404
  }
admin/wp-security-admin-init.php CHANGED
@@ -1,410 +1,410 @@
1
- <?php
2
- /*
3
- * Inits the admin dashboard side of things.
4
- * Main admin file which loads all settings panels and sets up admin menus.
5
- */
6
- if(!defined('ABSPATH')){
7
- exit;//Exit if accessed directly
8
- }
9
-
10
- class AIOWPSecurity_Admin_Init
11
- {
12
- var $main_menu_page;
13
- var $dashboard_menu;
14
- var $settings_menu;
15
- var $user_accounts_menu;
16
- var $user_login_menu;
17
- var $user_registration_menu;
18
- var $db_security_menu;
19
- var $filesystem_menu;
20
- var $blacklist_menu;
21
- var $firewall_menu;
22
- var $brute_force_menu;
23
- var $maintenance_menu;
24
- var $spam_menu;
25
- var $filescan_menu;
26
- var $misc_menu;
27
-
28
- function __construct() {
29
- //This class is only initialized if is_admin() is true
30
- $this->admin_includes();
31
- add_action('admin_menu', array(&$this, 'create_admin_menus'));
32
- //handle CSV download
33
- add_action('admin_init', array(&$this, 'aiowps_csv_download'));
34
-
35
- //make sure we are on our plugin's menu pages
36
- if (isset($_GET['page']) && strpos($_GET['page'], AIOWPSEC_MENU_SLUG_PREFIX) !== false) {
37
- add_action('admin_print_scripts', array(&$this, 'admin_menu_page_scripts'));
38
- add_action('admin_print_styles', array(&$this, 'admin_menu_page_styles'));
39
- add_action('init', array(&$this, 'init_hook_handler_for_admin_side'));
40
- }
41
- }
42
-
43
- private function aiowps_output_csv($items, $export_keys, $filename='data.csv') {
44
- header("Content-Type: text/csv; charset=utf-8");
45
- header("Content-Disposition: attachment; filename=".$filename);
46
- header("Pragma: no-cache");
47
- header("Expires: 0");
48
- $output = fopen('php://output', 'w'); //open output stream
49
-
50
- fputcsv($output, $export_keys); //let's put column names first
51
-
52
- foreach ($items as $item) {
53
- unset($csv_line);
54
- foreach ($export_keys as $key => $value) {
55
- if (isset($item[$key])) {
56
- $csv_line[] = $item[$key];
57
- }
58
- }
59
- fputcsv($output, $csv_line);
60
- }
61
- }
62
-
63
- function aiowps_csv_download() {
64
- global $aio_wp_security;
65
- if (isset($_POST['aiowpsec_export_acct_activity_logs_to_csv'])) { //Export account activity logs
66
- $nonce = $_REQUEST['_wpnonce'];
67
- if (!wp_verify_nonce($nonce, 'aiowpsec-export-acct-activity-logs-to-csv-nonce')) {
68
- $aio_wp_security->debug_logger->log_debug("Nonce check failed for export account activity logs to CSV!", 4);
69
- die(__('Nonce check failed for export account activity logs to CSV!', 'all-in-one-wp-security-and-firewall'));
70
- }
71
- include_once 'wp-security-list-acct-activity.php';
72
- $acct_activity_list = new AIOWPSecurity_List_Account_Activity();
73
- $acct_activity_list->prepare_items(true);
74
- //Let's build a list of items we want to export and give them readable names
75
- $export_keys = array(
76
- 'user_id' => 'User ID',
77
- 'user_login' => 'Username',
78
- 'login_date' => 'Login Date',
79
- 'logout_date' => 'Logout Date',
80
- 'login_ip' => 'IP'
81
- );
82
- $this->aiowps_output_csv($acct_activity_list->items, $export_keys, 'account_activity_logs.csv');
83
- exit();
84
- }
85
- if (isset($_POST['aiowps_export_failed_login_records_to_csv'])) {//Export failed login records
86
- $nonce = $_REQUEST['_wpnonce'];
87
- if (!wp_verify_nonce($nonce, 'aiowpsec-export-failed-login-records-to-csv-nonce')) {
88
- $aio_wp_security->debug_logger->log_debug("Nonce check failed for export failed login records to CSV!", 4);
89
- die(__('Nonce check failed for export failed login records to CSV!', 'all-in-one-wp-security-and-firewall'));
90
- }
91
- include_once 'wp-security-list-login-fails.php';
92
- $failed_login_list = new AIOWPSecurity_List_Login_Failed_Attempts();
93
- $failed_login_list->prepare_items(true);
94
- $export_keys = array(
95
- 'login_attempt_ip' => 'Login IP Range',
96
- 'user_id' => 'User ID',
97
- 'user_login' => 'Username',
98
- 'failed_login_date' => 'Date',
99
- );
100
- $this->aiowps_output_csv($failed_login_list->items, $export_keys, 'failed_login_records.csv');
101
- exit();
102
- }
103
- if (isset($_POST['aiowps_export_404_event_logs_to_csv'])) {//Export 404 event logs
104
- $nonce = $_REQUEST['_wpnonce'];
105
- if (!wp_verify_nonce($nonce, 'aiowpsec-export-404-event-logs-to-csv-nonce')) {
106
- $aio_wp_security->debug_logger->log_debug("Nonce check failed for export 404 event logs to CSV!", 4);
107
- die(__('Nonce check failed for export 404 event logs to CSV!', 'all-in-one-wp-security-and-firewall'));
108
- }
109
- include_once 'wp-security-list-404.php'; //For rendering the AIOWPSecurity_List_Table in tab1
110
- $event_list_404 = new AIOWPSecurity_List_404(); //For rendering the AIOWPSecurity_List_Table in tab1
111
- $event_list_404->prepare_items(true);
112
- $export_keys = array(
113
- 'id' => 'Id',
114
- 'event_type' => 'Event Type',
115
- 'ip_or_host' => 'IP Address',
116
- 'url' => 'Attempted URL',
117
- 'referer_info' => 'Referer',
118
- 'event_date' => 'Date',
119
- 'status' => 'Lock Status',
120
- );
121
- $this->aiowps_output_csv($event_list_404->items, $export_keys, '404_event_logs.csv');
122
- exit();
123
- }
124
- }
125
-
126
- function admin_includes()
127
- {
128
- include_once('wp-security-admin-menu.php');
129
- }
130
-
131
- function admin_menu_page_scripts()
132
- {
133
- wp_enqueue_script('jquery');
134
- wp_enqueue_script('postbox');
135
- wp_enqueue_script('dashboard');
136
- wp_enqueue_script('thickbox');
137
- wp_enqueue_script('media-upload');
138
- wp_register_script('aiowpsec-admin-js', AIO_WP_SECURITY_URL. '/js/wp-security-admin-script.js', array('jquery'));
139
- wp_enqueue_script('aiowpsec-admin-js');
140
- wp_register_script('aiowpsec-pw-tool-js', AIO_WP_SECURITY_URL. '/js/password-strength-tool.js', array('jquery')); // We will enqueue this in the user acct menu class
141
- }
142
-
143
- function admin_menu_page_styles()
144
- {
145
- wp_enqueue_style('dashboard');
146
- wp_enqueue_style('thickbox');
147
- wp_enqueue_style('global');
148
- wp_enqueue_style('wp-admin');
149
- wp_enqueue_style('aiowpsec-admin-css', AIO_WP_SECURITY_URL. '/css/wp-security-admin-styles.css');
150
- }
151
-
152
- function init_hook_handler_for_admin_side()
153
- {
154
- $this->aiowps_media_uploader_modification();
155
- $this->initialize_feature_manager();
156
- $this->do_other_admin_side_init_tasks();
157
- }
158
-
159
- function aiowps_media_uploader_modification()
160
- {
161
- //For changing button text inside media uploader (thickbox)
162
- global $pagenow;
163
- if ('media-upload.php' == $pagenow || 'async-upload.php' == $pagenow)
164
- {
165
- // Here we will customize the 'Insert into Post' Button text inside Thickbox
166
- add_filter( 'gettext', array($this, 'aiowps_media_uploader_replace_thickbox_text'), 1, 2);
167
- }
168
- }
169
-
170
- function aiowps_media_uploader_replace_thickbox_text($translated_text, $text)
171
- {
172
- if ('Insert into Post' == $text)
173
- {
174
- $referer = strpos(wp_get_referer(), 'aiowpsec');
175
- if ($referer != '')
176
- {
177
- return ('Select File');
178
- }
179
- }
180
- return $translated_text;
181
- }
182
-
183
- function initialize_feature_manager()
184
- {
185
- $aiowps_feature_mgr = new AIOWPSecurity_Feature_Item_Manager();
186
- $aiowps_feature_mgr->initialize_features();
187
- $aiowps_feature_mgr->check_and_set_feature_status();
188
- $aiowps_feature_mgr->calculate_total_points();
189
- $GLOBALS['aiowps_feature_mgr'] = $aiowps_feature_mgr;
190
- }
191
-
192
- function do_other_admin_side_init_tasks()
193
- {
194
- global $aio_wp_security;
195
-
196
- //***New Feature improvement for Cookie Based Brute Force Protection***//
197
- //The old "test cookie" used to be too easy to guess because someone could just read the code and get the value.
198
- //So now we will drop a more secure test cookie using a 10 digit random string
199
-
200
- if($aio_wp_security->configs->get_value('aiowps_enable_brute_force_attack_prevention')=='1'){
201
- // This code is for users who had this feature saved using an older release. This will drop the new more secure test cookie to the browser and will write it to the .htaccess file too
202
- $test_cookie = $aio_wp_security->configs->get_value('aiowps_cookie_brute_test');
203
- if(empty($test_cookie)){
204
- $random_suffix = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(10);
205
- $test_cookie_name = 'aiowps_cookie_test_'.$random_suffix;
206
- $aio_wp_security->configs->set_value('aiowps_cookie_brute_test',$test_cookie_name);
207
- $aio_wp_security->configs->save_config();//save the value
208
- AIOWPSecurity_Utility::set_cookie_value($test_cookie_name, "1");
209
-
210
- //Write this new cookie to the .htaccess file
211
- $res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
212
- if( !$res ){
213
- $aio_wp_security->debug_logger->log_debug("Error writing new test cookie with random suffix to .htaccess file!",4);
214
- }
215
-
216
- }
217
- }
218
- //For cookie test form submission case
219
- if (isset($_GET['page']) && $_GET['page'] == AIOWPSEC_BRUTE_FORCE_MENU_SLUG && isset($_GET['tab']) && $_GET['tab'] == 'tab2')
220
- {
221
- global $aio_wp_security;
222
- if(isset($_POST['aiowps_do_cookie_test_for_bfla'])){
223
- $random_suffix = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(10);
224
- $test_cookie_name = 'aiowps_cookie_test_'.$random_suffix;
225
- $aio_wp_security->configs->set_value('aiowps_cookie_brute_test',$test_cookie_name);
226
- $aio_wp_security->configs->save_config();//save the value
227
- AIOWPSecurity_Utility::set_cookie_value($test_cookie_name, "1");
228
- $cur_url = "admin.php?page=".AIOWPSEC_BRUTE_FORCE_MENU_SLUG."&tab=tab2";
229
- $redirect_url = AIOWPSecurity_Utility::add_query_data_to_url($cur_url, 'aiowps_cookie_test', "1");
230
- AIOWPSecurity_Utility::redirect_to_url($redirect_url);
231
- }
232
-
233
- if(isset($_POST['aiowps_enable_brute_force_attack_prevention']))//Enabling the BFLA feature so drop the cookie again
234
- {
235
- $brute_force_feature_secret_word = sanitize_text_field($_POST['aiowps_brute_force_secret_word']);
236
- if(empty($brute_force_feature_secret_word)){
237
- $brute_force_feature_secret_word = "aiowps_secret";
238
- }
239
- AIOWPSecurity_Utility::set_cookie_value($brute_force_feature_secret_word, "1");
240
- }
241
-
242
- if(isset($_REQUEST['aiowps_cookie_test']))
243
- {
244
- $test_cookie = $aio_wp_security->configs->get_value('aiowps_cookie_brute_test');
245
- $cookie_val = AIOWPSecurity_Utility::get_cookie_value($test_cookie);
246
- if(empty($cookie_val))
247
- {
248
- $aio_wp_security->configs->set_value('aiowps_cookie_test_success','');
249
- }
250
- else
251
- {
252
- $aio_wp_security->configs->set_value('aiowps_cookie_test_success','1');
253
- }
254
- $aio_wp_security->configs->save_config();//save the value
255
- }
256
- }
257
-
258
- if(isset($_POST['aiowps_save_wp_config']))//the wp-config backup operation
259
- {
260
- $nonce=$_REQUEST['_wpnonce'];
261
- if (!wp_verify_nonce($nonce, 'aiowpsec-save-wp-config-nonce'))
262
- {
263
- $aio_wp_security->debug_logger->log_debug("Nonce check failed on wp_config file save!",4);
264
- die("Nonce check failed on wp_config file save!");
265
- }
266
- $wp_config_path = AIOWPSecurity_Utility_File::get_wp_config_file_path();
267
- $result = AIOWPSecurity_Utility_File::backup_and_rename_wp_config($wp_config_path); //Backup the wp_config.php file
268
- AIOWPSecurity_Utility_File::download_a_file_option1($wp_config_path, "wp-config-backup.txt");
269
- }
270
-
271
- //Handle export settings
272
- if(isset($_POST['aiowps_export_settings']))//Do form submission tasks
273
- {
274
- $nonce=$_REQUEST['_wpnonce'];
275
- if (!wp_verify_nonce($nonce, 'aiowpsec-export-settings-nonce'))
276
- {
277
- $aio_wp_security->debug_logger->log_debug("Nonce check failed on export AIOWPS settings!",4);
278
- die("Nonce check failed on export AIOWPS settings!");
279
- }
280
- $config_data = get_option('aio_wp_security_configs');
281
- $output = json_encode($config_data);
282
- AIOWPSecurity_Utility_File::download_content_to_a_file($output);
283
- }
284
-
285
- }
286
-
287
- function create_admin_menus()
288
- {
289
- $menu_icon_url = AIO_WP_SECURITY_URL.'/images/plugin-icon.png';
290
- $this->main_menu_page = add_menu_page(__('WP Security', 'all-in-one-wp-security-and-firewall'), __('WP Security', 'all-in-one-wp-security-and-firewall'), AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_MAIN_MENU_SLUG , array(&$this, 'handle_dashboard_menu_rendering'), $menu_icon_url);
291
- add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Dashboard', 'all-in-one-wp-security-and-firewall'), __('Dashboard', 'all-in-one-wp-security-and-firewall') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_MAIN_MENU_SLUG, array(&$this, 'handle_dashboard_menu_rendering'));
292
- add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Settings', 'all-in-one-wp-security-and-firewall'), __('Settings', 'all-in-one-wp-security-and-firewall') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_SETTINGS_MENU_SLUG, array(&$this, 'handle_settings_menu_rendering'));
293
- add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('User Accounts', 'all-in-one-wp-security-and-firewall'), __('User Accounts', 'all-in-one-wp-security-and-firewall') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_USER_ACCOUNTS_MENU_SLUG, array(&$this, 'handle_user_accounts_menu_rendering'));
294
- add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('User Login', 'all-in-one-wp-security-and-firewall'), __('User Login', 'all-in-one-wp-security-and-firewall') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_USER_LOGIN_MENU_SLUG, array(&$this, 'handle_user_login_menu_rendering'));
295
- add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('User Registration', 'all-in-one-wp-security-and-firewall'), __('User Registration', 'all-in-one-wp-security-and-firewall') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_USER_REGISTRATION_MENU_SLUG, array(&$this, 'handle_user_registration_menu_rendering'));
296
- add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Database Security', 'all-in-one-wp-security-and-firewall'), __('Database Security', 'all-in-one-wp-security-and-firewall') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_DB_SEC_MENU_SLUG, array(&$this, 'handle_database_menu_rendering'));
297
- if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1){
298
- //Suppress the Filesystem Security menu if site is a multi site AND not the main site
299
- }else{
300
- add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Filesystem Security', 'all-in-one-wp-security-and-firewall'), __('Filesystem Security', 'all-in-one-wp-security-and-firewall') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_FILESYSTEM_MENU_SLUG, array(&$this, 'handle_filesystem_menu_rendering'));
301
- }
302
- if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1){
303
- //Suppress the Blacklist Manager menu if site is a multi site AND not the main site
304
- }else{
305
- add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Blacklist Manager', 'all-in-one-wp-security-and-firewall'), __('Blacklist Manager', 'all-in-one-wp-security-and-firewall') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_BLACKLIST_MENU_SLUG, array(&$this, 'handle_blacklist_menu_rendering'));
306
- }
307
- if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1){
308
- //Suppress the firewall menu if site is a multi site AND not the main site
309
- }else{
310
- add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Firewall', 'all-in-one-wp-security-and-firewall'), __('Firewall', 'all-in-one-wp-security-and-firewall') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_FIREWALL_MENU_SLUG, array(&$this, 'handle_firewall_menu_rendering'));
311
- }
312
- add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Brute Force', 'all-in-one-wp-security-and-firewall'), __('Brute Force', 'all-in-one-wp-security-and-firewall') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_BRUTE_FORCE_MENU_SLUG, array(&$this, 'handle_brute_force_menu_rendering'));
313
- add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('SPAM Prevention', 'all-in-one-wp-security-and-firewall'), __('SPAM Prevention', 'all-in-one-wp-security-and-firewall') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_SPAM_MENU_SLUG, array(&$this, 'handle_spam_menu_rendering'));
314
- if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1){
315
- //Suppress the filescan menu if site is a multi site AND not the main site
316
- }else{
317
- add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Scanner', 'all-in-one-wp-security-and-firewall'), __('Scanner', 'all-in-one-wp-security-and-firewall') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_FILESCAN_MENU_SLUG, array(&$this, 'handle_filescan_menu_rendering'));
318
- }
319
- add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Maintenance', 'all-in-one-wp-security-and-firewall'), __('Maintenance', 'all-in-one-wp-security-and-firewall') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_MAINTENANCE_MENU_SLUG, array(&$this, 'handle_maintenance_menu_rendering'));
320
- add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Miscellaneous', 'all-in-one-wp-security-and-firewall'), __('Miscellaneous', 'all-in-one-wp-security-and-firewall') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_MISC_MENU_SLUG, array(&$this, 'handle_misc_menu_rendering'));
321
- do_action('aiowpsecurity_admin_menu_created');
322
- }
323
-
324
- function handle_dashboard_menu_rendering()
325
- {
326
- include_once('wp-security-dashboard-menu.php');
327
- $this->dashboard_menu = new AIOWPSecurity_Dashboard_Menu();
328
- }
329
-
330
- function handle_settings_menu_rendering()
331
- {
332
- include_once('wp-security-settings-menu.php');
333
- $this->settings_menu = new AIOWPSecurity_Settings_Menu();
334
-
335
- }
336
-
337
- function handle_user_accounts_menu_rendering()
338
- {
339
- include_once('wp-security-user-accounts-menu.php');
340
- $this->user_accounts_menu = new AIOWPSecurity_User_Accounts_Menu();
341
- }
342
-
343
- function handle_user_login_menu_rendering()
344
- {
345
- include_once('wp-security-user-login-menu.php');
346
- $this->user_login_menu = new AIOWPSecurity_User_Login_Menu();
347
- }
348
-
349
- function handle_user_registration_menu_rendering()
350
- {
351
- include_once('wp-security-user-registration-menu.php');
352
- $this->user_registration_menu = new AIOWPSecurity_User_Registration_Menu();
353
- }
354
-
355
- function handle_database_menu_rendering()
356
- {
357
- include_once('wp-security-database-menu.php');
358
- $this->db_security_menu = new AIOWPSecurity_Database_Menu();
359
- }
360
-
361
- function handle_filesystem_menu_rendering()
362
- {
363
- include_once('wp-security-filesystem-menu.php');
364
- $this->filesystem_menu = new AIOWPSecurity_Filesystem_Menu();
365
- }
366
-
367
- function handle_blacklist_menu_rendering()
368
- {
369
- include_once('wp-security-blacklist-menu.php');
370
- $this->blacklist_menu = new AIOWPSecurity_Blacklist_Menu();
371
- }
372
-
373
- function handle_firewall_menu_rendering()
374
- {
375
- include_once('wp-security-firewall-menu.php');
376
- $this->firewall_menu = new AIOWPSecurity_Firewall_Menu();
377
- }
378
-
379
- function handle_brute_force_menu_rendering()
380
- {
381
- include_once('wp-security-brute-force-menu.php');
382
- $this->brute_force_menu = new AIOWPSecurity_Brute_Force_Menu();
383
- }
384
-
385
- function handle_maintenance_menu_rendering()
386
- {
387
- include_once('wp-security-maintenance-menu.php');
388
- $this->maintenance_menu = new AIOWPSecurity_Maintenance_Menu();
389
- }
390
-
391
- function handle_spam_menu_rendering()
392
- {
393
- include_once('wp-security-spam-menu.php');
394
- $this->spam_menu = new AIOWPSecurity_Spam_Menu();
395
- }
396
-
397
- function handle_filescan_menu_rendering()
398
- {
399
- include_once('wp-security-filescan-menu.php');
400
- $this->filescan_menu = new AIOWPSecurity_Filescan_Menu();
401
- }
402
-
403
- function handle_misc_menu_rendering()
404
- {
405
- include_once('wp-security-misc-options-menu.php');
406
- $this->misc_menu = new AIOWPSecurity_Misc_Options_Menu();
407
- }
408
-
409
- }//End of class
410
-
1
+ <?php
2
+ /*
3
+ * Inits the admin dashboard side of things.
4
+ * Main admin file which loads all settings panels and sets up admin menus.
5
+ */
6
+ if(!defined('ABSPATH')){
7
+ exit;//Exit if accessed directly
8
+ }
9
+
10
+ class AIOWPSecurity_Admin_Init
11
+ {
12
+ var $main_menu_page;
13
+ var $dashboard_menu;
14
+ var $settings_menu;
15
+ var $user_accounts_menu;
16
+ var $user_login_menu;
17
+ var $user_registration_menu;
18
+ var $db_security_menu;
19
+ var $filesystem_menu;
20
+ var $blacklist_menu;
21
+ var $firewall_menu;
22
+ var $brute_force_menu;
23
+ var $maintenance_menu;
24
+ var $spam_menu;
25
+ var $filescan_menu;
26
+ var $misc_menu;
27
+
28
+ function __construct() {
29
+ //This class is only initialized if is_admin() is true
30
+ $this->admin_includes();
31
+ add_action('admin_menu', array($this, 'create_admin_menus'));
32
+ //handle CSV download
33
+ add_action('admin_init', array($this, 'aiowps_csv_download'));
34
+
35
+ //make sure we are on our plugin's menu pages
36
+ if (isset($_GET['page']) && strpos($_GET['page'], AIOWPSEC_MENU_SLUG_PREFIX) !== false) {
37
+ add_action('admin_print_scripts', array($this, 'admin_menu_page_scripts'));
38
+ add_action('admin_print_styles', array($this, 'admin_menu_page_styles'));
39
+ add_action('init', array($this, 'init_hook_handler_for_admin_side'));
40
+ }
41
+ }
42
+
43
+ private function aiowps_output_csv($items, $export_keys, $filename='data.csv') {
44
+ header("Content-Type: text/csv; charset=utf-8");
45
+ header("Content-Disposition: attachment; filename=".$filename);
46
+ header("Pragma: no-cache");
47
+ header("Expires: 0");
48
+ $output = fopen('php://output', 'w'); //open output stream
49
+
50
+ fputcsv($output, $export_keys); //let's put column names first
51
+
52
+ foreach ($items as $item) {
53
+ unset($csv_line);
54
+ foreach ($export_keys as $key => $value) {
55
+ if (isset($item[$key])) {
56
+ $csv_line[] = $item[$key];
57
+ }
58
+ }
59
+ fputcsv($output, $csv_line);
60
+ }
61
+ }
62
+
63
+ function aiowps_csv_download() {
64
+ global $aio_wp_security;
65
+ if (isset($_POST['aiowpsec_export_acct_activity_logs_to_csv'])) { //Export account activity logs
66
+ $nonce = $_REQUEST['_wpnonce'];
67
+ if (!wp_verify_nonce($nonce, 'aiowpsec-export-acct-activity-logs-to-csv-nonce')) {
68
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed for export account activity logs to CSV!", 4);
69
+ die(__('Nonce check failed for export account activity logs to CSV!', 'all-in-one-wp-security-and-firewall'));
70
+ }
71
+ include_once 'wp-security-list-acct-activity.php';
72
+ $acct_activity_list = new AIOWPSecurity_List_Account_Activity();
73
+ $acct_activity_list->prepare_items(true);
74
+ //Let's build a list of items we want to export and give them readable names
75
+ $export_keys = array(
76
+ 'user_id' => 'User ID',
77
+ 'user_login' => 'Username',
78
+ 'login_date' => 'Login Date',
79
+ 'logout_date' => 'Logout Date',
80
+ 'login_ip' => 'IP'
81
+ );
82
+ $this->aiowps_output_csv($acct_activity_list->items, $export_keys, 'account_activity_logs.csv');
83
+ exit();
84
+ }
85
+ if (isset($_POST['aiowps_export_failed_login_records_to_csv'])) {//Export failed login records
86
+ $nonce = $_REQUEST['_wpnonce'];
87
+ if (!wp_verify_nonce($nonce, 'aiowpsec-export-failed-login-records-to-csv-nonce')) {
88
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed for export failed login records to CSV!", 4);
89
+ die(__('Nonce check failed for export failed login records to CSV!', 'all-in-one-wp-security-and-firewall'));
90
+ }
91
+ include_once 'wp-security-list-login-fails.php';
92
+ $failed_login_list = new AIOWPSecurity_List_Login_Failed_Attempts();
93
+ $failed_login_list->prepare_items(true);
94
+ $export_keys = array(
95
+ 'login_attempt_ip' => 'Login IP Range',
96
+ 'user_id' => 'User ID',
97
+ 'user_login' => 'Username',
98
+ 'failed_login_date' => 'Date',
99
+ );
100
+ $this->aiowps_output_csv($failed_login_list->items, $export_keys, 'failed_login_records.csv');
101
+ exit();
102
+ }
103
+ if (isset($_POST['aiowps_export_404_event_logs_to_csv'])) {//Export 404 event logs
104
+ $nonce = $_REQUEST['_wpnonce'];
105
+ if (!wp_verify_nonce($nonce, 'aiowpsec-export-404-event-logs-to-csv-nonce')) {
106
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed for export 404 event logs to CSV!", 4);
107
+ die(__('Nonce check failed for export 404 event logs to CSV!', 'all-in-one-wp-security-and-firewall'));
108
+ }
109
+ include_once 'wp-security-list-404.php'; //For rendering the AIOWPSecurity_List_Table in tab1
110
+ $event_list_404 = new AIOWPSecurity_List_404(); //For rendering the AIOWPSecurity_List_Table in tab1
111
+ $event_list_404->prepare_items(true);
112
+ $export_keys = array(
113
+ 'id' => 'Id',
114
+ 'event_type' => 'Event Type',
115
+ 'ip_or_host' => 'IP Address',
116
+ 'url' => 'Attempted URL',
117
+ 'referer_info' => 'Referer',
118
+ 'event_date' => 'Date',
119
+ 'status' => 'Lock Status',
120
+ );
121
+ $this->aiowps_output_csv($event_list_404->items, $export_keys, '404_event_logs.csv');
122
+ exit();
123
+ }
124
+ }
125
+
126
+ function admin_includes()
127
+ {
128
+ include_once('wp-security-admin-menu.php');
129
+ }
130
+
131
+ function admin_menu_page_scripts()
132
+ {
133
+ wp_enqueue_script('jquery');
134
+ wp_enqueue_script('postbox');
135
+ wp_enqueue_script('dashboard');
136
+ wp_enqueue_script('thickbox');
137
+ wp_enqueue_script('media-upload');
138
+ wp_register_script('aiowpsec-admin-js', AIO_WP_SECURITY_URL. '/js/wp-security-admin-script.js', array('jquery'));
139
+ wp_enqueue_script('aiowpsec-admin-js');
140
+ wp_register_script('aiowpsec-pw-tool-js', AIO_WP_SECURITY_URL. '/js/password-strength-tool.js', array('jquery')); // We will enqueue this in the user acct menu class
141
+ }
142
+
143
+ function admin_menu_page_styles()
144
+ {
145
+ wp_enqueue_style('dashboard');
146
+ wp_enqueue_style('thickbox');
147
+ wp_enqueue_style('global');
148
+ wp_enqueue_style('wp-admin');
149
+ wp_enqueue_style('aiowpsec-admin-css', AIO_WP_SECURITY_URL. '/css/wp-security-admin-styles.css');
150
+ }
151
+
152
+ function init_hook_handler_for_admin_side()
153
+ {
154
+ $this->aiowps_media_uploader_modification();
155
+ $this->initialize_feature_manager();
156
+ $this->do_other_admin_side_init_tasks();
157
+ }
158
+
159
+ function aiowps_media_uploader_modification()
160
+ {
161
+ //For changing button text inside media uploader (thickbox)
162
+ global $pagenow;
163
+ if ('media-upload.php' == $pagenow || 'async-upload.php' == $pagenow)
164
+ {
165
+ // Here we will customize the 'Insert into Post' Button text inside Thickbox
166
+ add_filter( 'gettext', array($this, 'aiowps_media_uploader_replace_thickbox_text'), 1, 2);
167
+ }
168
+ }
169
+
170
+ function aiowps_media_uploader_replace_thickbox_text($translated_text, $text)
171
+ {
172
+ if ('Insert into Post' == $text)
173
+ {
174
+ $referer = strpos(wp_get_referer(), 'aiowpsec');
175
+ if ($referer != '')
176
+ {
177
+ return ('Select File');
178
+ }
179
+ }
180
+ return $translated_text;
181
+ }
182
+
183
+ function initialize_feature_manager()
184
+ {
185
+ $aiowps_feature_mgr = new AIOWPSecurity_Feature_Item_Manager();
186
+ $aiowps_feature_mgr->initialize_features();
187
+ $aiowps_feature_mgr->check_and_set_feature_status();
188
+ $aiowps_feature_mgr->calculate_total_points();
189
+ $GLOBALS['aiowps_feature_mgr'] = $aiowps_feature_mgr;
190
+ }
191
+
192
+ function do_other_admin_side_init_tasks()
193
+ {
194
+ global $aio_wp_security;
195
+
196
+ //***New Feature improvement for Cookie Based Brute Force Protection***//
197
+ //The old "test cookie" used to be too easy to guess because someone could just read the code and get the value.
198
+ //So now we will drop a more secure test cookie using a 10 digit random string
199
+
200
+ if($aio_wp_security->configs->get_value('aiowps_enable_brute_force_attack_prevention')=='1'){
201
+ // This code is for users who had this feature saved using an older release. This will drop the new more secure test cookie to the browser and will write it to the .htaccess file too
202
+ $test_cookie = $aio_wp_security->configs->get_value('aiowps_cookie_brute_test');
203
+ if(empty($test_cookie)){
204
+ $random_suffix = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(10);
205
+ $test_cookie_name = 'aiowps_cookie_test_'.$random_suffix;
206
+ $aio_wp_security->configs->set_value('aiowps_cookie_brute_test',$test_cookie_name);
207
+ $aio_wp_security->configs->save_config();//save the value
208
+ AIOWPSecurity_Utility::set_cookie_value($test_cookie_name, "1");
209
+
210
+ //Write this new cookie to the .htaccess file
211
+ $res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
212
+ if( !$res ){
213
+ $aio_wp_security->debug_logger->log_debug("Error writing new test cookie with random suffix to .htaccess file!",4);
214
+ }
215
+
216
+ }
217
+ }
218
+ //For cookie test form submission case
219
+ if (isset($_GET['page']) && $_GET['page'] == AIOWPSEC_BRUTE_FORCE_MENU_SLUG && isset($_GET['tab']) && $_GET['tab'] == 'tab2')
220
+ {
221
+ global $aio_wp_security;
222
+ if(isset($_POST['aiowps_do_cookie_test_for_bfla'])){
223
+ $random_suffix = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(10);
224
+ $test_cookie_name = 'aiowps_cookie_test_'.$random_suffix;
225
+ $aio_wp_security->configs->set_value('aiowps_cookie_brute_test',$test_cookie_name);
226
+ $aio_wp_security->configs->save_config();//save the value
227
+ AIOWPSecurity_Utility::set_cookie_value($test_cookie_name, "1");
228
+ $cur_url = "admin.php?page=".AIOWPSEC_BRUTE_FORCE_MENU_SLUG."&tab=tab2";
229
+ $redirect_url = AIOWPSecurity_Utility::add_query_data_to_url($cur_url, 'aiowps_cookie_test', "1");
230
+ AIOWPSecurity_Utility::redirect_to_url($redirect_url);
231
+ }
232
+
233
+ if(isset($_POST['aiowps_enable_brute_force_attack_prevention']))//Enabling the BFLA feature so drop the cookie again
234
+ {
235
+ $brute_force_feature_secret_word = sanitize_text_field($_POST['aiowps_brute_force_secret_word']);
236
+ if(empty($brute_force_feature_secret_word)){
237
+ $brute_force_feature_secret_word = "aiowps_secret";
238
+ }
239
+ AIOWPSecurity_Utility::set_cookie_value($brute_force_feature_secret_word, "1");
240
+ }
241
+
242
+ if(isset($_REQUEST['aiowps_cookie_test']))
243
+ {
244
+ $test_cookie = $aio_wp_security->configs->get_value('aiowps_cookie_brute_test');
245
+ $cookie_val = AIOWPSecurity_Utility::get_cookie_value($test_cookie);
246
+ if(empty($cookie_val))
247
+ {
248
+ $aio_wp_security->configs->set_value('aiowps_cookie_test_success','');
249
+ }
250
+ else
251
+ {
252
+ $aio_wp_security->configs->set_value('aiowps_cookie_test_success','1');
253
+ }
254
+ $aio_wp_security->configs->save_config();//save the value
255
+ }
256
+ }
257
+
258
+ if(isset($_POST['aiowps_save_wp_config']))//the wp-config backup operation
259
+ {
260
+ $nonce=$_REQUEST['_wpnonce'];
261
+ if (!wp_verify_nonce($nonce, 'aiowpsec-save-wp-config-nonce'))
262
+ {
263
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed on wp_config file save!",4);
264
+ die("Nonce check failed on wp_config file save!");
265
+ }
266
+ $wp_config_path = AIOWPSecurity_Utility_File::get_wp_config_file_path();
267
+ $result = AIOWPSecurity_Utility_File::backup_and_rename_wp_config($wp_config_path); //Backup the wp_config.php file
268
+ AIOWPSecurity_Utility_File::download_a_file_option1($wp_config_path, "wp-config-backup.txt");
269
+ }
270
+
271
+ //Handle export settings
272
+ if(isset($_POST['aiowps_export_settings']))//Do form submission tasks
273
+ {
274
+ $nonce=$_REQUEST['_wpnonce'];
275
+ if (!wp_verify_nonce($nonce, 'aiowpsec-export-settings-nonce'))
276
+ {
277
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed on export AIOWPS settings!",4);
278
+ die("Nonce check failed on export AIOWPS settings!");
279
+ }
280
+ $config_data = get_option('aio_wp_security_configs');
281
+ $output = json_encode($config_data);
282
+ AIOWPSecurity_Utility_File::download_content_to_a_file($output);
283
+ }
284
+
285
+ }
286
+
287
+ function create_admin_menus()
288
+ {
289
+ $menu_icon_url = AIO_WP_SECURITY_URL.'/images/plugin-icon.png';
290
+ $this->main_menu_page = add_menu_page(__('WP Security', 'all-in-one-wp-security-and-firewall'), __('WP Security', 'all-in-one-wp-security-and-firewall'), AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_MAIN_MENU_SLUG , array($this, 'handle_dashboard_menu_rendering'), $menu_icon_url);
291
+ add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Dashboard', 'all-in-one-wp-security-and-firewall'), __('Dashboard', 'all-in-one-wp-security-and-firewall') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_MAIN_MENU_SLUG, array($this, 'handle_dashboard_menu_rendering'));
292
+ add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Settings', 'all-in-one-wp-security-and-firewall'), __('Settings', 'all-in-one-wp-security-and-firewall') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_SETTINGS_MENU_SLUG, array($this, 'handle_settings_menu_rendering'));
293
+ add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('User Accounts', 'all-in-one-wp-security-and-firewall'), __('User Accounts', 'all-in-one-wp-security-and-firewall') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_USER_ACCOUNTS_MENU_SLUG, array($this, 'handle_user_accounts_menu_rendering'));
294
+ add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('User Login', 'all-in-one-wp-security-and-firewall'), __('User Login', 'all-in-one-wp-security-and-firewall') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_USER_LOGIN_MENU_SLUG, array($this, 'handle_user_login_menu_rendering'));
295
+ add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('User Registration', 'all-in-one-wp-security-and-firewall'), __('User Registration', 'all-in-one-wp-security-and-firewall') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_USER_REGISTRATION_MENU_SLUG, array($this, 'handle_user_registration_menu_rendering'));
296
+ add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Database Security', 'all-in-one-wp-security-and-firewall'), __('Database Security', 'all-in-one-wp-security-and-firewall') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_DB_SEC_MENU_SLUG, array($this, 'handle_database_menu_rendering'));
297
+ if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1){
298
+ //Suppress the Filesystem Security menu if site is a multi site AND not the main site
299
+ }else{
300
+ add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Filesystem Security', 'all-in-one-wp-security-and-firewall'), __('Filesystem Security', 'all-in-one-wp-security-and-firewall') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_FILESYSTEM_MENU_SLUG, array($this, 'handle_filesystem_menu_rendering'));
301
+ }
302
+ if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1){
303
+ //Suppress the Blacklist Manager menu if site is a multi site AND not the main site
304
+ }else{
305
+ add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Blacklist Manager', 'all-in-one-wp-security-and-firewall'), __('Blacklist Manager', 'all-in-one-wp-security-and-firewall') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_BLACKLIST_MENU_SLUG, array($this, 'handle_blacklist_menu_rendering'));
306
+ }
307
+ if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1){
308
+ //Suppress the firewall menu if site is a multi site AND not the main site
309
+ }else{
310
+ add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Firewall', 'all-in-one-wp-security-and-firewall'), __('Firewall', 'all-in-one-wp-security-and-firewall') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_FIREWALL_MENU_SLUG, array($this, 'handle_firewall_menu_rendering'));
311
+ }
312
+ add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Brute Force', 'all-in-one-wp-security-and-firewall'), __('Brute Force', 'all-in-one-wp-security-and-firewall') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_BRUTE_FORCE_MENU_SLUG, array($this, 'handle_brute_force_menu_rendering'));
313
+ add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('SPAM Prevention', 'all-in-one-wp-security-and-firewall'), __('SPAM Prevention', 'all-in-one-wp-security-and-firewall') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_SPAM_MENU_SLUG, array($this, 'handle_spam_menu_rendering'));
314
+ if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1){
315
+ //Suppress the filescan menu if site is a multi site AND not the main site
316
+ }else{
317
+ add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Scanner', 'all-in-one-wp-security-and-firewall'), __('Scanner', 'all-in-one-wp-security-and-firewall') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_FILESCAN_MENU_SLUG, array($this, 'handle_filescan_menu_rendering'));
318
+ }
319
+ add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Maintenance', 'all-in-one-wp-security-and-firewall'), __('Maintenance', 'all-in-one-wp-security-and-firewall') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_MAINTENANCE_MENU_SLUG, array($this, 'handle_maintenance_menu_rendering'));
320
+ add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Miscellaneous', 'all-in-one-wp-security-and-firewall'), __('Miscellaneous', 'all-in-one-wp-security-and-firewall') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_MISC_MENU_SLUG, array($this, 'handle_misc_menu_rendering'));
321
+ do_action('aiowpsecurity_admin_menu_created');
322
+ }
323
+
324
+ function handle_dashboard_menu_rendering()
325
+ {
326
+ include_once('wp-security-dashboard-menu.php');
327
+ $this->dashboard_menu = new AIOWPSecurity_Dashboard_Menu();
328
+ }
329
+
330
+ function handle_settings_menu_rendering()
331
+ {
332
+ include_once('wp-security-settings-menu.php');
333
+ $this->settings_menu = new AIOWPSecurity_Settings_Menu();
334
+
335
+ }
336
+
337
+ function handle_user_accounts_menu_rendering()
338
+ {
339
+ include_once('wp-security-user-accounts-menu.php');
340
+ $this->user_accounts_menu = new AIOWPSecurity_User_Accounts_Menu();
341
+ }
342
+
343
+ function handle_user_login_menu_rendering()
344
+ {
345
+ include_once('wp-security-user-login-menu.php');
346
+ $this->user_login_menu = new AIOWPSecurity_User_Login_Menu();
347
+ }
348
+
349
+ function handle_user_registration_menu_rendering()
350
+ {
351
+ include_once('wp-security-user-registration-menu.php');
352
+ $this->user_registration_menu = new AIOWPSecurity_User_Registration_Menu();
353
+ }
354
+
355
+ function handle_database_menu_rendering()
356
+ {
357
+ include_once('wp-security-database-menu.php');
358
+ $this->db_security_menu = new AIOWPSecurity_Database_Menu();
359
+ }
360
+
361
+ function handle_filesystem_menu_rendering()
362
+ {
363
+ include_once('wp-security-filesystem-menu.php');
364
+ $this->filesystem_menu = new AIOWPSecurity_Filesystem_Menu();
365
+ }
366
+
367
+ function handle_blacklist_menu_rendering()
368
+ {
369
+ include_once('wp-security-blacklist-menu.php');
370
+ $this->blacklist_menu = new AIOWPSecurity_Blacklist_Menu();
371
+ }
372
+
373
+ function handle_firewall_menu_rendering()
374
+ {
375
+ include_once('wp-security-firewall-menu.php');
376
+ $this->firewall_menu = new AIOWPSecurity_Firewall_Menu();
377
+ }
378
+
379
+ function handle_brute_force_menu_rendering()
380
+ {
381
+ include_once('wp-security-brute-force-menu.php');
382
+ $this->brute_force_menu = new AIOWPSecurity_Brute_Force_Menu();
383
+ }
384
+
385
+ function handle_maintenance_menu_rendering()
386
+ {
387
+ include_once('wp-security-maintenance-menu.php');
388
+ $this->maintenance_menu = new AIOWPSecurity_Maintenance_Menu();
389
+ }
390
+
391
+ function handle_spam_menu_rendering()
392
+ {
393
+ include_once('wp-security-spam-menu.php');
394
+ $this->spam_menu = new AIOWPSecurity_Spam_Menu();
395
+ }
396
+
397
+ function handle_filescan_menu_rendering()
398
+ {
399
+ include_once('wp-security-filescan-menu.php');
400
+ $this->filescan_menu = new AIOWPSecurity_Filescan_Menu();
401
+ }
402
+
403
+ function handle_misc_menu_rendering()
404
+ {
405
+ include_once('wp-security-misc-options-menu.php');
406
+ $this->misc_menu = new AIOWPSecurity_Misc_Options_Menu();
407
+ }
408
+
409
+ }//End of class
410
+
admin/wp-security-admin-menu.php CHANGED
@@ -1,109 +1,109 @@
1
- <?php
2
-
3
- /* Parent class for all admin menu classes */
4
-
5
- if(!defined('ABSPATH')){
6
- exit;//Exit if accessed directly
7
- }
8
-
9
- abstract class AIOWPSecurity_Admin_Menu
10
- {
11
- /**
12
- * Shows postbox for settings menu
13
- *
14
- * @param string $id css ID for postbox
15
- * @param string $title title of the postbox section
16
- * @param string $content the content of the postbox
17
- **/
18
- function postbox_toggle($id, $title, $content)
19
- {
20
- //Always send string with translation markers in it
21
- ?>
22
- <div id="<?php echo $id; ?>" class="postbox">
23
- <div class="handlediv" title="Click to toggle"><br /></div>
24
- <h3 class="hndle"><span><?php echo $title; ?></span></h3>
25
- <div class="inside">
26
- <?php echo $content; ?>
27
- </div>
28
- </div>
29
- <?php
30
- }
31
-
32
- function postbox($title, $content)
33
- {
34
- //Always send string with translation markers in it
35
- ?>
36
- <div class="postbox">
37
- <h3 class="hndle"><label for="title"><?php echo $title; ?></label></h3>
38
- <div class="inside">
39
- <?php echo $content; ?>
40
- </div>
41
- </div>
42
- <?php
43
- }
44
-
45
- function show_msg_settings_updated()
46
- {
47
- echo '<div id="message" class="updated fade"><p><strong>';
48
- _e('Settings successfully updated.','all-in-one-wp-security-and-firewall');
49
- echo '</strong></p></div>';
50
- }
51
-
52
- static function show_msg_record_deleted_st()
53
- {
54
- echo '<div id="message" class="updated fade"><p><strong>';
55
- _e('The selected record(s) deleted successfully!','all-in-one-wp-security-and-firewall');
56
- echo '</strong></p></div>';
57
- }
58
-
59
- function show_msg_updated($msg)
60
- {
61
- echo '<div id="message" class="updated fade"><p><strong>';
62
- echo $msg;
63
- echo '</strong></p></div>';
64
- }
65
-
66
- static function show_msg_updated_st($msg)
67
- {
68
- echo '<div id="message" class="updated fade"><p><strong>';
69
- echo $msg;
70
- echo '</strong></p></div>';
71
- }
72
-
73
- function show_msg_error($error_msg)
74
- {
75
- echo '<div id="message" class="error"><p><strong>';
76
- echo $error_msg;
77
- echo '</strong></p></div>';
78
- }
79
-
80
- static function show_msg_error_st($error_msg)
81
- {
82
- echo '<div id="message" class="error"><p><strong>';
83
- echo $error_msg;
84
- echo '</strong></p></div>';
85
- }
86
-
87
- function start_buffer()
88
- {
89
- ob_start();
90
- }
91
-
92
- function end_buffer_and_collect()
93
- {
94
- $output = ob_get_contents();
95
- ob_end_clean();
96
- return $output;
97
- }
98
-
99
- static function display_bulk_result_message()
100
- {
101
- if(isset($_GET['bulk_count'])) {
102
- AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The bulk action was successful', 'all-in-one-wp-security-and-firewall'));
103
- }
104
-
105
- if(isset($_GET['bulk_error'])) {
106
- AIOWPSecurity_Admin_Menu::show_msg_error_st(__('The bulk action failed', 'all-in-one-wp-security-and-firewall'));
107
- }
108
- }
109
  }
1
+ <?php
2
+
3
+ /* Parent class for all admin menu classes */
4
+
5
+ if(!defined('ABSPATH')){
6
+ exit;//Exit if accessed directly
7
+ }
8
+
9
+ abstract class AIOWPSecurity_Admin_Menu
10
+ {
11
+ /**
12
+ * Shows postbox for settings menu
13
+ *
14
+ * @param string $id css ID for postbox
15
+ * @param string $title title of the postbox section
16
+ * @param string $content the content of the postbox
17
+ **/
18
+ function postbox_toggle($id, $title, $content)
19
+ {
20
+ //Always send string with translation markers in it
21
+ ?>
22
+ <div id="<?php echo $id; ?>" class="postbox">
23
+ <div class="handlediv" title="Click to toggle"><br /></div>
24
+ <h3 class="hndle"><span><?php echo $title; ?></span></h3>
25
+ <div class="inside">
26
+ <?php echo $content; ?>
27
+ </div>
28
+ </div>
29
+ <?php
30
+ }
31
+
32
+ function postbox($title, $content)
33
+ {
34
+ //Always send string with translation markers in it
35
+ ?>
36
+ <div class="postbox">
37
+ <h3 class="hndle"><label for="title"><?php echo $title; ?></label></h3>
38
+ <div class="inside">
39
+ <?php echo $content; ?>
40
+ </div>
41
+ </div>
42
+ <?php
43
+ }
44
+
45
+ function show_msg_settings_updated()
46
+ {
47
+ echo '<div id="message" class="updated fade"><p><strong>';
48
+ _e('Settings successfully updated.','all-in-one-wp-security-and-firewall');
49
+ echo '</strong></p></div>';
50
+ }
51
+
52
+ static function show_msg_record_deleted_st()
53
+ {
54
+ echo '<div id="message" class="updated fade"><p><strong>';
55
+ _e('The selected record(s) deleted successfully!','all-in-one-wp-security-and-firewall');
56
+ echo '</strong></p></div>';
57
+ }
58
+
59
+ function show_msg_updated($msg)
60
+ {
61
+ echo '<div id="message" class="updated fade"><p><strong>';
62
+ echo $msg;
63
+ echo '</strong></p></div>';
64
+ }
65
+
66
+ static function show_msg_updated_st($msg)
67
+ {
68
+ echo '<div id="message" class="updated fade"><p><strong>';
69
+ echo $msg;
70
+ echo '</strong></p></div>';
71
+ }
72
+
73
+ function show_msg_error($error_msg)
74
+ {
75
+ echo '<div id="message" class="error"><p><strong>';
76
+ echo $error_msg;
77
+ echo '</strong></p></div>';
78
+ }
79
+
80
+ static function show_msg_error_st($error_msg)
81
+ {
82
+ echo '<div id="message" class="error"><p><strong>';
83
+ echo $error_msg;
84
+ echo '</strong></p></div>';
85
+ }
86
+
87
+ function start_buffer()
88
+ {
89
+ ob_start();
90
+ }
91
+
92
+ function end_buffer_and_collect()
93
+ {
94
+ $output = ob_get_contents();
95
+ ob_end_clean();
96
+ return $output;
97
+ }
98
+
99
+ static function display_bulk_result_message()
100
+ {
101
+ if(isset($_GET['bulk_count'])) {
102
+ AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The bulk action was successful', 'all-in-one-wp-security-and-firewall'));
103
+ }
104
+
105
+ if(isset($_GET['bulk_error'])) {
106
+ AIOWPSecurity_Admin_Menu::show_msg_error_st(__('The bulk action failed', 'all-in-one-wp-security-and-firewall'));
107
+ }
108
+ }
109
  }
admin/wp-security-blacklist-menu.php CHANGED
@@ -1,267 +1,267 @@
1
- <?php
2
- if(!defined('ABSPATH')){
3
- exit;//Exit if accessed directly
4
- }
5
-
6
- class AIOWPSecurity_Blacklist_Menu extends AIOWPSecurity_Admin_Menu
7
- {
8
- var $menu_page_slug = AIOWPSEC_BLACKLIST_MENU_SLUG;
9
-
10
- /* Specify all the tabs of this menu in the following array */
11
- var $menu_tabs;
12
-
13
- var $menu_tabs_handler = array(
14
- 'tab1' => 'render_tab1',
15
- );
16
-
17
- function __construct()
18
- {
19
- $this->render_menu_page();
20
- }
21
-
22
- function set_menu_tabs()
23
- {
24
- $this->menu_tabs = array(
25
- 'tab1' => __('Ban Users', 'all-in-one-wp-security-and-firewall'),
26
- );
27
- }
28
-
29
- function get_current_tab()
30
- {
31
- $tab_keys = array_keys($this->menu_tabs);
32
- $tab = isset( $_GET['tab'] ) ? sanitize_text_field($_GET['tab']) : $tab_keys[0];
33
- return $tab;
34
- }
35
-
36
- /*
37
- * Renders our tabs of this menu as nav items
38
- */
39
- function render_menu_tabs()
40
- {
41
- $current_tab = $this->get_current_tab();
42
-
43
- echo '<h2 class="nav-tab-wrapper">';
44
- foreach ( $this->menu_tabs as $tab_key => $tab_caption )
45
- {
46
- $active = $current_tab == $tab_key ? 'nav-tab-active' : '';
47
- echo '<a class="nav-tab ' . $active . '" href="?page=' . $this->menu_page_slug . '&tab=' . $tab_key . '">' . $tab_caption . '</a>';
48
- }
49
- echo '</h2>';
50
- }
51
-
52
- /*
53
- * The menu rendering goes here
54
- */
55
- function render_menu_page()
56
- {
57
- echo '<div class="wrap">';
58
- echo '<h2>'.__('Blacklist Manager','all-in-one-wp-security-and-firewall').'</h2>';//Interface title
59
- $this->set_menu_tabs();
60
- $tab = $this->get_current_tab();
61
- $this->render_menu_tabs();
62
- ?>
63
- <div id="poststuff"><div id="post-body">
64
- <?php
65
- //$tab_keys = array_keys($this->menu_tabs);
66
- call_user_func(array(&$this, $this->menu_tabs_handler[$tab]));
67
- ?>
68
- </div></div>
69
- </div><!-- end of wrap -->
70
- <?php
71
- }
72
-
73
- function render_tab1()
74
- {
75
- global $aio_wp_security;
76
- global $aiowps_feature_mgr;
77
- $result = 1;
78
- if (isset($_POST['aiowps_save_blacklist_settings']))
79
- {
80
- $nonce=$_REQUEST['_wpnonce'];
81
- if (!wp_verify_nonce($nonce, 'aiowpsec-blacklist-settings-nonce'))
82
- {
83
- $aio_wp_security->debug_logger->log_debug("Nonce check failed for save blacklist settings!",4);
84
- die(__('Nonce check failed for save blacklist settings!','all-in-one-wp-security-and-firewall'));
85
- }
86
-
87
- if (isset($_POST["aiowps_enable_blacklisting"]) && empty($_POST['aiowps_banned_ip_addresses']) && empty($_POST['aiowps_banned_user_agents']))
88
- {
89
- $this->show_msg_error('You must submit at least one IP address or one User Agent value or both!','all-in-one-wp-security-and-firewall');
90
- }
91
- else
92
- {
93
- if (!empty($_POST['aiowps_banned_ip_addresses']))
94
- {
95
- $ip_addresses = $_POST['aiowps_banned_ip_addresses'];
96
- $ip_list_array = AIOWPSecurity_Utility_IP::create_ip_list_array_from_string_with_newline($ip_addresses);
97
- $payload = AIOWPSecurity_Utility_IP::validate_ip_list($ip_list_array, 'blacklist');
98
- if($payload[0] == 1){
99
- //success case
100
- $result = 1;
101
- $list = $payload[1];
102
- $banned_ip_data = implode(PHP_EOL, $list);
103
- $aio_wp_security->configs->set_value('aiowps_banned_ip_addresses',$banned_ip_data);
104
- $_POST['aiowps_banned_ip_addresses'] = ''; //Clear the post variable for the banned address list
105
- }
106
- else{
107
- $result = -1;
108
- $error_msg = $payload[1][0];
109
- $this->show_msg_error($error_msg);
110
- }
111
-
112
- }
113
- else
114
- {
115
- $aio_wp_security->configs->set_value('aiowps_banned_ip_addresses',''); //Clear the IP address config value
116
- }
117
-
118
- if (!empty($_POST['aiowps_banned_user_agents']))
119
- {
120
- $result = $result * $this->validate_user_agent_list();
121
- }else{
122
- //clear the user agent list
123
- $aio_wp_security->configs->set_value('aiowps_banned_user_agents','');
124
- }
125
-
126
- if ($result == 1)
127
- {
128
- $aio_wp_security->configs->set_value('aiowps_enable_blacklisting',isset($_POST["aiowps_enable_blacklisting"])?'1':'');
129
- $aio_wp_security->configs->save_config(); //Save the configuration
130
-
131
- //Recalculate points after the feature status/options have been altered
132
- $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
133
-
134
- $this->show_msg_settings_updated();
135
-
136
- $write_result = AIOWPSecurity_Utility_Htaccess::write_to_htaccess(); //now let's write to the .htaccess file
137
- if ( !$write_result )
138
- {
139
- $this->show_msg_error(__('The plugin was unable to write to the .htaccess file. Please edit file manually.','all-in-one-wp-security-and-firewall'));
140
- $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_Blacklist_Menu - The plugin was unable to write to the .htaccess file.");
141
- }
142
- }
143
- }
144
- }
145
- ?>
146
- <h2><?php _e('Ban IPs or User Agents', 'all-in-one-wp-security-and-firewall')?></h2>
147
- <div class="aio_blue_box">
148
- <?php
149
- echo '<p>'.__('The All In One WP Security Blacklist feature gives you the option of banning certain host IP addresses or ranges and also user agents.', 'all-in-one-wp-security-and-firewall').'
150
- <br />'.__('This feature will deny total site access for users which have IP addresses or user agents matching those which you have configured in the settings below.', 'all-in-one-wp-security-and-firewall').'
151
- <br />'.__('The plugin achieves this by making appropriate modifications to your .htaccess file.', 'all-in-one-wp-security-and-firewall').'
152
- <br />'.__('By blocking people via the .htaccess file your are using the most secure first line of defence which denies all access to blacklisted visitors as soon as they hit your hosting server.', 'all-in-one-wp-security-and-firewall').'
153
- </p>';
154
- ?>
155
- </div>
156
- <div class="aio_grey_box">
157
- <?php
158
- $addon_link = '<strong><a href="http://www.site-scanners.com/country-blocking-addon/" target="_blank">'.__('Country Blocking Addon', 'all-in-one-wp-security-and-firewall').'</a></strong>';
159
- $info_msg = sprintf( __('You may also be interested in our %s.', 'all-in-one-wp-security-and-firewall'), $addon_link);
160
- $info_msg2 = __('This addon allows you to automatically block IP addresses based on their country of origin.', 'all-in-one-wp-security-and-firewall');
161
-
162
- echo '<p>'.$info_msg.
163
- '<br />'.$info_msg2.'</p>';
164
- ?>
165
- </div>
166
-
167
- <div class="postbox">
168
- <h3 class="hndle"><label for="title"><?php _e('IP Hosts and User Agent Blacklist Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
169
- <div class="inside">
170
- <?php
171
- //Display security info badge
172
- global $aiowps_feature_mgr;
173
- $aiowps_feature_mgr->output_feature_details_badge("blacklist-manager-ip-user-agent-blacklisting");
174
- ?>
175
- <form action="" method="POST">
176
- <?php wp_nonce_field('aiowpsec-blacklist-settings-nonce'); ?>
177
- <div class="aio_orange_box">
178
- <p>
179
- <?php
180
- $read_link = '<a href="https://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin#advanced_features_note" target="_blank">'.__('must read this message', 'all-in-one-wp-security-and-firewall').'</a>';
181
- echo sprintf(__('This feature can lock you out of admin if it doesn\'t work correctly on your site. You %s before activating this feature.', 'all-in-one-wp-security-and-firewall'), $read_link);
182
- ?>
183
- </p>
184
- </div>
185
- <table class="form-table">
186
- <tr valign="top">
187
- <th scope="row"><?php _e('Enable IP or User Agent Blacklisting', 'all-in-one-wp-security-and-firewall')?>:</th>
188
- <td>
189
- <input name="aiowps_enable_blacklisting" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_blacklisting')=='1') echo ' checked="checked"'; ?> value="1"/>
190
- <span class="description"><?php _e('Check this if you want to enable the banning (or blacklisting) of selected IP addresses and/or user agents specified in the settings below', 'all-in-one-wp-security-and-firewall'); ?></span>
191
- </td>
192
- </tr>
193
- <tr valign="top">
194
- <th scope="row"><?php _e('Enter IP Addresses:', 'all-in-one-wp-security-and-firewall')?></th>
195
- <td>
196
- <textarea name="aiowps_banned_ip_addresses" rows="5" cols="50"><?php echo ($result == -1)?htmlspecialchars($_POST['aiowps_banned_ip_addresses']):htmlspecialchars($aio_wp_security->configs->get_value('aiowps_banned_ip_addresses')); ?></textarea>
197
- <br />
198
- <span class="description"><?php _e('Enter one or more IP addresses or IP ranges.','all-in-one-wp-security-and-firewall');?></span>
199
- <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
200
- <div class="aiowps_more_info_body">
201
- <?php
202
- echo '<p class="description">'.__('Each IP address must be on a new line.', 'all-in-one-wp-security-and-firewall').'</p>';
203
- echo '<p class="description">'.__('To specify an IP range use a wildcard "*" character. Acceptable ways to use wildcards is shown in the examples below:', 'all-in-one-wp-security-and-firewall').'</p>';
204
- echo '<p class="description">'.__('Example 1: 195.47.89.*', 'all-in-one-wp-security-and-firewall').'</p>';
205
- echo '<p class="description">'.__('Example 2: 195.47.*.*', 'all-in-one-wp-security-and-firewall').'</p>';
206
- echo '<p class="description">'.__('Example 3: 195.*.*.*', 'all-in-one-wp-security-and-firewall').'</p>';
207
- ?>
208
- </div>
209
-
210
- </td>
211
- </tr>
212
- <tr valign="top">
213
- <th scope="row"><?php _e('Enter User Agents:', 'all-in-one-wp-security-and-firewall')?></th>
214
- <td>
215
- <textarea name="aiowps_banned_user_agents" rows="5" cols="50"><?php echo ($result == -1)?htmlspecialchars($_POST['aiowps_banned_user_agents']):htmlspecialchars($aio_wp_security->configs->get_value('aiowps_banned_user_agents')); ?></textarea>
216
- <br />
217
- <span class="description">
218
- <?php _e('Enter one or more user agent strings.','all-in-one-wp-security-and-firewall');?></span>
219
- <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
220
- <div class="aiowps_more_info_body">
221
- <?php
222
- echo '<p class="description">'.__('Each user agent string must be on a new line.', 'all-in-one-wp-security-and-firewall').'</p>';
223
- echo '<p class="description">'.__('Example 1 - A single user agent string to block:', 'all-in-one-wp-security-and-firewall').'</p>';
224
- echo '<p class="description">SquigglebotBot</p>';
225
- echo '<p class="description">'.__('Example 2 - A list of more than 1 user agent strings to block', 'all-in-one-wp-security-and-firewall').'</p>';
226
- echo '<p class="description">baiduspider<br />SquigglebotBot<br />SurveyBot<br />VoidEYE<br />webcrawl.net<br />YottaShopping_Bot</p>';
227
- ?>
228
- </div>
229
-
230
- </td>
231
- </tr>
232
- </table>
233
- <input type="submit" name="aiowps_save_blacklist_settings" value="<?php _e('Save Settings', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
234
- </form>
235
- </div></div>
236
- <?php
237
- }
238
-
239
- function validate_user_agent_list()
240
- {
241
- global $aio_wp_security;
242
- @ini_set('auto_detect_line_endings', true);
243
- //$errors = '';
244
-
245
- $submitted_agents = explode(PHP_EOL, $_POST['aiowps_banned_user_agents']);
246
- $agents = array();
247
- if (!empty($submitted_agents))
248
- {
249
- foreach ($submitted_agents as $agent)
250
- {
251
- $text = sanitize_text_field($agent);
252
- $agents[] = $text;
253
- }
254
- }
255
-
256
- if (sizeof($agents) > 1)
257
- {
258
- sort( $agents );
259
- $agents = array_unique($agents, SORT_STRING);
260
- }
261
-
262
- $banned_user_agent_data = implode(PHP_EOL, $agents);
263
- $aio_wp_security->configs->set_value('aiowps_banned_user_agents',$banned_user_agent_data);
264
- $_POST['aiowps_banned_user_agents'] = ''; //Clear the post variable for the banned address list
265
- return 1;
266
- }
267
  } //end class
1
+ <?php
2
+ if(!defined('ABSPATH')){
3
+ exit;//Exit if accessed directly
4
+ }
5
+
6
+ class AIOWPSecurity_Blacklist_Menu extends AIOWPSecurity_Admin_Menu
7
+ {
8
+ var $menu_page_slug = AIOWPSEC_BLACKLIST_MENU_SLUG;
9
+
10
+ /* Specify all the tabs of this menu in the following array */
11
+ var $menu_tabs;
12
+
13
+ var $menu_tabs_handler = array(
14
+ 'tab1' => 'render_tab1',
15
+ );
16
+
17
+ function __construct()
18
+ {
19
+ $this->render_menu_page();
20
+ }
21
+
22
+ function set_menu_tabs()
23
+ {
24
+ $this->menu_tabs = array(
25
+ 'tab1' => __('Ban Users', 'all-in-one-wp-security-and-firewall'),
26
+ );
27
+ }
28
+
29
+ function get_current_tab()
30
+ {
31
+ $tab_keys = array_keys($this->menu_tabs);
32
+ $tab = isset( $_GET['tab'] ) ? sanitize_text_field($_GET['tab']) : $tab_keys[0];
33
+ return $tab;
34
+ }
35
+
36
+ /*
37
+ * Renders our tabs of this menu as nav items
38
+ */
39
+ function render_menu_tabs()
40
+ {
41
+ $current_tab = $this->get_current_tab();
42
+
43
+ echo '<h2 class="nav-tab-wrapper">';
44
+ foreach ( $this->menu_tabs as $tab_key => $tab_caption )
45
+ {
46
+ $active = $current_tab == $tab_key ? 'nav-tab-active' : '';
47
+ echo '<a class="nav-tab ' . $active . '" href="?page=' . $this->menu_page_slug . '&tab=' . $tab_key . '">' . $tab_caption . '</a>';
48
+ }
49
+ echo '</h2>';
50
+ }
51
+
52
+ /*
53
+ * The menu rendering goes here
54
+ */
55
+ function render_menu_page()
56
+ {
57
+ echo '<div class="wrap">';
58
+ echo '<h2>'.__('Blacklist Manager','all-in-one-wp-security-and-firewall').'</h2>';//Interface title
59
+ $this->set_menu_tabs();
60
+ $tab = $this->get_current_tab();
61
+ $this->render_menu_tabs();
62
+ ?>
63
+ <div id="poststuff"><div id="post-body">
64
+ <?php
65
+ //$tab_keys = array_keys($this->menu_tabs);
66
+ call_user_func(array($this, $this->menu_tabs_handler[$tab]));
67
+ ?>
68
+ </div></div>
69
+ </div><!-- end of wrap -->
70
+ <?php
71
+ }
72
+
73
+ function render_tab1()
74
+ {
75
+ global $aio_wp_security;
76
+ global $aiowps_feature_mgr;
77
+ $result = 1;
78
+ if (isset($_POST['aiowps_save_blacklist_settings']))
79
+ {
80
+ $nonce=$_REQUEST['_wpnonce'];
81
+ if (!wp_verify_nonce($nonce, 'aiowpsec-blacklist-settings-nonce'))
82
+ {
83
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed for save blacklist settings!",4);
84
+ die(__('Nonce check failed for save blacklist settings!','all-in-one-wp-security-and-firewall'));
85
+ }
86
+
87
+ if (isset($_POST["aiowps_enable_blacklisting"]) && empty($_POST['aiowps_banned_ip_addresses']) && empty($_POST['aiowps_banned_user_agents']))
88
+ {
89
+ $this->show_msg_error('You must submit at least one IP address or one User Agent value or both!','all-in-one-wp-security-and-firewall');
90
+ }
91
+ else
92
+ {
93
+ if (!empty($_POST['aiowps_banned_ip_addresses']))
94
+ {
95
+ $ip_addresses = $_POST['aiowps_banned_ip_addresses'];
96
+ $ip_list_array = AIOWPSecurity_Utility_IP::create_ip_list_array_from_string_with_newline($ip_addresses);
97
+ $payload = AIOWPSecurity_Utility_IP::validate_ip_list($ip_list_array, 'blacklist');
98
+ if($payload[0] == 1){
99
+ //success case
100
+ $result = 1;
101
+ $list = $payload[1];
102
+ $banned_ip_data = implode(PHP_EOL, $list);
103
+ $aio_wp_security->configs->set_value('aiowps_banned_ip_addresses',$banned_ip_data);
104
+ $_POST['aiowps_banned_ip_addresses'] = ''; //Clear the post variable for the banned address list
105
+ }
106
+ else{
107
+ $result = -1;
108
+ $error_msg = $payload[1][0];
109
+ $this->show_msg_error($error_msg);
110
+ }
111
+
112
+ }
113
+ else
114
+ {
115
+ $aio_wp_security->configs->set_value('aiowps_banned_ip_addresses',''); //Clear the IP address config value
116
+ }
117
+
118
+ if (!empty($_POST['aiowps_banned_user_agents']))
119
+ {
120
+ $result = $result * $this->validate_user_agent_list();
121
+ }else{
122
+ //clear the user agent list
123
+ $aio_wp_security->configs->set_value('aiowps_banned_user_agents','');
124
+ }
125
+
126
+ if ($result == 1)
127
+ {
128
+ $aio_wp_security->configs->set_value('aiowps_enable_blacklisting',isset($_POST["aiowps_enable_blacklisting"])?'1':'');
129
+ $aio_wp_security->configs->save_config(); //Save the configuration
130
+
131
+ //Recalculate points after the feature status/options have been altered
132
+ $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
133
+
134
+ $this->show_msg_settings_updated();
135
+
136
+ $write_result = AIOWPSecurity_Utility_Htaccess::write_to_htaccess(); //now let's write to the .htaccess file
137
+ if ( !$write_result )
138
+ {
139
+ $this->show_msg_error(__('The plugin was unable to write to the .htaccess file. Please edit file manually.','all-in-one-wp-security-and-firewall'));
140
+ $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_Blacklist_Menu - The plugin was unable to write to the .htaccess file.");
141
+ }
142
+ }
143
+ }
144
+ }
145
+ ?>
146
+ <h2><?php _e('Ban IPs or User Agents', 'all-in-one-wp-security-and-firewall')?></h2>
147
+ <div class="aio_blue_box">
148
+ <?php
149
+ echo '<p>'.__('The All In One WP Security Blacklist feature gives you the option of banning certain host IP addresses or ranges and also user agents.', 'all-in-one-wp-security-and-firewall').'
150
+ <br />'.__('This feature will deny total site access for users which have IP addresses or user agents matching those which you have configured in the settings below.', 'all-in-one-wp-security-and-firewall').'
151
+ <br />'.__('The plugin achieves this by making appropriate modifications to your .htaccess file.', 'all-in-one-wp-security-and-firewall').'
152
+ <br />'.__('By blocking people via the .htaccess file your are using the most secure first line of defence which denies all access to blacklisted visitors as soon as they hit your hosting server.', 'all-in-one-wp-security-and-firewall').'
153
+ </p>';
154
+ ?>
155
+ </div>
156
+ <div class="aio_grey_box">
157
+ <?php
158
+ $addon_link = '<strong><a href="http://www.site-scanners.com/country-blocking-addon/" target="_blank">'.__('Country Blocking Addon', 'all-in-one-wp-security-and-firewall').'</a></strong>';
159
+ $info_msg = sprintf( __('You may also be interested in our %s.', 'all-in-one-wp-security-and-firewall'), $addon_link);
160
+ $info_msg2 = __('This addon allows you to automatically block IP addresses based on their country of origin.', 'all-in-one-wp-security-and-firewall');
161
+
162
+ echo '<p>'.$info_msg.
163
+ '<br />'.$info_msg2.'</p>';
164
+ ?>
165
+ </div>
166
+
167
+ <div class="postbox">
168
+ <h3 class="hndle"><label for="title"><?php _e('IP Hosts and User Agent Blacklist Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
169
+ <div class="inside">
170
+ <?php
171
+ //Display security info badge
172
+ global $aiowps_feature_mgr;
173
+ $aiowps_feature_mgr->output_feature_details_badge("blacklist-manager-ip-user-agent-blacklisting");
174
+ ?>
175
+ <form action="" method="POST">
176
+ <?php wp_nonce_field('aiowpsec-blacklist-settings-nonce'); ?>
177
+ <div class="aio_orange_box">
178
+ <p>
179
+ <?php
180
+ $read_link = '<a href="https://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin#advanced_features_note" target="_blank">'.__('must read this message', 'all-in-one-wp-security-and-firewall').'</a>';
181
+ echo sprintf(__('This feature can lock you out of admin if it doesn\'t work correctly on your site. You %s before activating this feature.', 'all-in-one-wp-security-and-firewall'), $read_link);
182
+ ?>
183
+ </p>
184
+ </div>
185
+ <table class="form-table">
186
+ <tr valign="top">
187
+ <th scope="row"><?php _e('Enable IP or User Agent Blacklisting', 'all-in-one-wp-security-and-firewall')?>:</th>
188
+ <td>
189
+ <input name="aiowps_enable_blacklisting" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_blacklisting')=='1') echo ' checked="checked"'; ?> value="1"/>
190
+ <span class="description"><?php _e('Check this if you want to enable the banning (or blacklisting) of selected IP addresses and/or user agents specified in the settings below', 'all-in-one-wp-security-and-firewall'); ?></span>
191
+ </td>
192
+ </tr>
193
+ <tr valign="top">
194
+ <th scope="row"><?php _e('Enter IP Addresses:', 'all-in-one-wp-security-and-firewall')?></th>
195
+ <td>
196
+ <textarea name="aiowps_banned_ip_addresses" rows="5" cols="50"><?php echo ($result == -1)?htmlspecialchars($_POST['aiowps_banned_ip_addresses']):htmlspecialchars($aio_wp_security->configs->get_value('aiowps_banned_ip_addresses')); ?></textarea>
197
+ <br />
198
+ <span class="description"><?php _e('Enter one or more IP addresses or IP ranges.','all-in-one-wp-security-and-firewall');?></span>
199
+ <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
200
+ <div class="aiowps_more_info_body">
201
+ <?php
202
+ echo '<p class="description">'.__('Each IP address must be on a new line.', 'all-in-one-wp-security-and-firewall').'</p>';
203
+ echo '<p class="description">'.__('To specify an IP range use a wildcard "*" character. Acceptable ways to use wildcards is shown in the examples below:', 'all-in-one-wp-security-and-firewall').'</p>';
204
+ echo '<p class="description">'.__('Example 1: 195.47.89.*', 'all-in-one-wp-security-and-firewall').'</p>';
205
+ echo '<p class="description">'.__('Example 2: 195.47.*.*', 'all-in-one-wp-security-and-firewall').'</p>';
206
+ echo '<p class="description">'.__('Example 3: 195.*.*.*', 'all-in-one-wp-security-and-firewall').'</p>';
207
+ ?>
208
+ </div>
209
+
210
+ </td>
211
+ </tr>
212
+ <tr valign="top">
213
+ <th scope="row"><?php _e('Enter User Agents:', 'all-in-one-wp-security-and-firewall')?></th>
214
+ <td>
215
+ <textarea name="aiowps_banned_user_agents" rows="5" cols="50"><?php echo ($result == -1)?htmlspecialchars($_POST['aiowps_banned_user_agents']):htmlspecialchars($aio_wp_security->configs->get_value('aiowps_banned_user_agents')); ?></textarea>
216
+ <br />
217
+ <span class="description">
218
+ <?php _e('Enter one or more user agent strings.','all-in-one-wp-security-and-firewall');?></span>
219
+ <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
220
+ <div class="aiowps_more_info_body">
221
+ <?php
222
+ echo '<p class="description">'.__('Each user agent string must be on a new line.', 'all-in-one-wp-security-and-firewall').'</p>';
223
+ echo '<p class="description">'.__('Example 1 - A single user agent string to block:', 'all-in-one-wp-security-and-firewall').'</p>';
224
+ echo '<p class="description">SquigglebotBot</p>';
225
+ echo '<p class="description">'.__('Example 2 - A list of more than 1 user agent strings to block', 'all-in-one-wp-security-and-firewall').'</p>';
226
+ echo '<p class="description">baiduspider<br />SquigglebotBot<br />SurveyBot<br />VoidEYE<br />webcrawl.net<br />YottaShopping_Bot</p>';
227
+ ?>
228
+ </div>
229
+
230
+ </td>
231
+ </tr>
232
+ </table>
233
+ <input type="submit" name="aiowps_save_blacklist_settings" value="<?php _e('Save Settings', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
234
+ </form>
235
+ </div></div>
236
+ <?php
237
+ }
238
+
239
+ function validate_user_agent_list()
240
+ {
241
+ global $aio_wp_security;
242
+ @ini_set('auto_detect_line_endings', true);
243
+ //$errors = '';
244
+
245
+ $submitted_agents = explode(PHP_EOL, $_POST['aiowps_banned_user_agents']);
246
+ $agents = array();
247
+ if (!empty($submitted_agents))
248
+ {
249
+ foreach ($submitted_agents as $agent)
250
+ {
251
+ $text = sanitize_text_field($agent);
252
+ $agents[] = $text;
253
+ }
254
+ }
255
+
256
+ if (sizeof($agents) > 1)
257
+ {
258
+ sort( $agents );
259
+ $agents = array_unique($agents, SORT_STRING);
260
+ }
261
+
262
+ $banned_user_agent_data = implode(PHP_EOL, $agents);
263
+ $aio_wp_security->configs->set_value('aiowps_banned_user_agents',$banned_user_agent_data);
264
+ $_POST['aiowps_banned_user_agents'] = ''; //Clear the post variable for the banned address list
265
+ return 1;
266
+ }
267
  } //end class
admin/wp-security-brute-force-menu.php CHANGED
@@ -1,913 +1,913 @@
1
- <?php
2
- if(!defined('ABSPATH')){
3
- exit;//Exit if accessed directly
4
- }
5
-
6
- class AIOWPSecurity_Brute_Force_Menu extends AIOWPSecurity_Admin_Menu
7
- {
8
- var $menu_page_slug = AIOWPSEC_BRUTE_FORCE_MENU_SLUG;
9
-
10
- /* Specify all the tabs of this menu in the following array */
11
- var $menu_tabs;
12
-
13
- var $menu_tabs_handler = array(
14
- 'tab1' => 'render_tab1',
15
- 'tab2' => 'render_tab2',
16
- 'tab3' => 'render_tab3',
17
- 'tab4' => 'render_tab4',
18
- 'tab5' => 'render_tab5',
19
- );
20
-
21
- function __construct()
22
- {
23
- $this->render_menu_page();
24
- }
25
-
26
- function set_menu_tabs()
27
- {
28
- $this->menu_tabs = array(
29
- 'tab1' => __('Rename Login Page','all-in-one-wp-security-and-firewall'),
30
- 'tab2' => __('Cookie Based Brute Force Prevention', 'all-in-one-wp-security-and-firewall'),
31
- 'tab3' => __('Login Captcha', 'all-in-one-wp-security-and-firewall'),
32
- 'tab4' => __('Login Whitelist', 'all-in-one-wp-security-and-firewall'),
33
- 'tab5' => __('Honeypot', 'all-in-one-wp-security-and-firewall'),
34
-
35
- );
36
- }
37
-
38
- function get_current_tab()
39
- {
40
- $tab_keys = array_keys($this->menu_tabs);
41
- $tab = isset( $_GET['tab'] ) ? sanitize_text_field($_GET['tab']) : $tab_keys[0];
42
- return $tab;
43
- }
44
-
45
- /*
46
- * Renders our tabs of this menu as nav items
47
- */
48
- function render_menu_tabs()
49
- {
50
- $current_tab = $this->get_current_tab();
51
-
52
- echo '<h2 class="nav-tab-wrapper">';
53
- foreach ( $this->menu_tabs as $tab_key => $tab_caption )
54
- {
55
- if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1
56
- && stristr($tab_caption, "Rename Login Page") === false && stristr($tab_caption, "Login Captcha") === false){
57
- //Suppress the all Brute Force menu tabs if site is a multi site AND not the main site except "rename login" and "captcha"
58
- }else{
59
- $active = $current_tab == $tab_key ? 'nav-tab-active' : '';
60
- echo '<a class="nav-tab ' . $active . '" href="?page=' . $this->menu_page_slug . '&tab=' . $tab_key . '">' . $tab_caption . '</a>';
61
- }
62
- }
63
- echo '</h2>';
64
- }
65
-
66
- /*
67
- * The menu rendering goes here
68
- */
69
- function render_menu_page()
70
- {
71
- echo '<div class="wrap">';
72
- echo '<h2>'.__('Brute Force','all-in-one-wp-security-and-firewall').'</h2>';//Interface title
73
- $this->set_menu_tabs();
74
- $tab = $this->get_current_tab();
75
- $this->render_menu_tabs();
76
- ?>
77
- <div id="poststuff"><div id="post-body">
78
- <?php
79
- //$tab_keys = array_keys($this->menu_tabs);
80
- call_user_func(array(&$this, $this->menu_tabs_handler[$tab]));
81
- ?>
82
- </div></div>
83
- </div><!-- end of wrap -->
84
- <?php
85
- }
86
-
87
- function render_tab1()
88
- {
89
- global $wpdb, $aio_wp_security;
90
- global $aiowps_feature_mgr;
91
- $aiowps_login_page_slug = '';
92
-
93
- if (get_option('permalink_structure')){
94
- $home_url = trailingslashit(home_url());
95
- }else{
96
- $home_url = trailingslashit(home_url()) . '?';
97
- }
98
-
99
- if(isset($_POST['aiowps_save_rename_login_page_settings']))//Do form submission tasks
100
- {
101
- $error = '';
102
- $nonce=$_REQUEST['_wpnonce'];
103
- if (!wp_verify_nonce($nonce, 'aiowpsec-rename-login-page-nonce'))
104
- {
105
- $aio_wp_security->debug_logger->log_debug("Nonce check failed for rename login page save!",4);
106
- die("Nonce check failed for rename login page save!");
107
- }
108
-
109
- if (empty($_POST['aiowps_login_page_slug']) && isset($_POST["aiowps_enable_rename_login_page"])){
110
- $error .= '<br />'.__('Please enter a value for your login page slug.','all-in-one-wp-security-and-firewall');
111
- }else if (!empty($_POST['aiowps_login_page_slug'])){
112
- $aiowps_login_page_slug = sanitize_text_field($_POST['aiowps_login_page_slug']);
113
- if($aiowps_login_page_slug == 'wp-admin'){
114
- $error .= '<br />'.__('You cannot use the value "wp-admin" for your login page slug.','all-in-one-wp-security-and-firewall');
115
- }elseif(preg_match('/[^a-z_\-0-9]/i', $aiowps_login_page_slug)){
116
- $error .= '<br />'.__('You must use alpha numeric characters for your login page slug.','all-in-one-wp-security-and-firewall');
117
- }
118
- }
119
-
120
- if($error){
121
- $this->show_msg_error(__('Attention!','all-in-one-wp-security-and-firewall').$error);
122
- }else{
123
- $htaccess_res = '';
124
- $cookie_feature_active = false;
125
- //Save all the form values to the options
126
- if (isset($_POST["aiowps_enable_rename_login_page"])){
127
- $aio_wp_security->configs->set_value('aiowps_enable_rename_login_page', '1');
128
- // check if the cookie based feature was active and deactivate it and delete the directives in .htaccess
129
- if($aio_wp_security->configs->get_value('aiowps_enable_brute_force_attack_prevention')){
130
- $cookie_feature_active = true;
131
- $aio_wp_security->configs->set_value('aiowps_enable_brute_force_attack_prevention', '');//deactivate cookie based feature
132
- }
133
- }else{
134
- $aio_wp_security->configs->set_value('aiowps_enable_rename_login_page', '');
135
- }
136
- $aio_wp_security->configs->set_value('aiowps_login_page_slug',$aiowps_login_page_slug);
137
- $aio_wp_security->configs->save_config();
138
-
139
- // if cookie based feature was active previously need to clear those rules out of .htaccess
140
- if($cookie_feature_active){
141
- $htaccess_res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess(); //Delete the cookie based directives
142
- }
143
-
144
- //Recalculate points after the feature status/options have been altered
145
- $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
146
- if ($htaccess_res === false) {
147
- $this->show_msg_error(__('Could not delete the Cookie-based directives from the .htaccess file. Please check the file permissions.', 'all-in-one-wp-security-and-firewall'));
148
- }
149
- else {
150
- $this->show_msg_settings_updated();
151
- }
152
-
153
- /** The following is a fix/workaround for the following issue:
154
- * https://wordpress.org/support/topic/applying-brute-force-rename-login-page-not-working/
155
- * ie, when saving the rename login config, the logout link does not update on the first page load after the $_POST submit to reflect the new rename login setting.
156
- * Added a page refresh to fix this for now until I figure out a better solution.
157
- *
158
- **/
159
- $cur_url = "admin.php?page=".AIOWPSEC_BRUTE_FORCE_MENU_SLUG."&tab=tab1";
160
- AIOWPSecurity_Utility::redirect_to_url($cur_url);
161
-
162
- }
163
- }
164
-
165
- ?>
166
- <div class="aio_blue_box">
167
- <?php
168
- $cookie_based_feature_url = '<a href="admin.php?page='.AIOWPSEC_BRUTE_FORCE_MENU_SLUG.'&tab=tab2" target="_blank">'.__('Cookie Based Brute Force Prevention', 'all-in-one-wp-security-and-firewall').'</a>';
169
- $white_list_feature_url = '<a href="admin.php?page='.AIOWPSEC_BRUTE_FORCE_MENU_SLUG.'&tab=tab4" target="_blank">'.__('Login Page White List', 'all-in-one-wp-security-and-firewall').'</a>';
170
- echo '<p>'.__('An effective Brute Force prevention technique is to change the default WordPress login page URL.', 'all-in-one-wp-security-and-firewall').'</p>'.
171
- '<p>'.__('Normally if you wanted to login to WordPress you would type your site\'s home URL followed by wp-login.php.', 'all-in-one-wp-security-and-firewall').'</p>'.
172
- '<p>'.__('This feature allows you to change the login URL by setting your own slug and renaming the last portion of the login URL which contains the <strong>wp-login.php</strong> to any string that you like.', 'all-in-one-wp-security-and-firewall').'</p>'.
173
- '<p>'.__('By doing this, malicious bots and hackers will not be able to access your login page because they will not know the correct login page URL.', 'all-in-one-wp-security-and-firewall').'</p>'.
174
- '<div class="aio_section_separator_1"></div>'.
175
- '<p>'.__('You may also be interested in the following alternative brute force prevention features:', 'all-in-one-wp-security-and-firewall').'</p>'.
176
- '<p>'.$cookie_based_feature_url.'</p>'.
177
- '<p>'.$white_list_feature_url.'</p>';
178
- ?>
179
- </div>
180
- <?php
181
- //Show the user the new login URL if this feature is active
182
- if ($aio_wp_security->configs->get_value('aiowps_enable_rename_login_page')=='1')
183
- {
184
- ?>
185
- <div class="aio_yellow_box">
186
- <p><?php _e('Your WordPress login page URL has been renamed.', 'all-in-one-wp-security-and-firewall'); ?></p>
187
- <p><?php _e('Your current login URL is:', 'all-in-one-wp-security-and-firewall'); ?></p>
188
- <p><strong><?php echo $home_url.$aio_wp_security->configs->get_value('aiowps_login_page_slug'); ?></strong></p>
189
- <p><strong><?php _e('NOTE: If you already had the Cookie-Based Brute Force Prevention feature active, the plugin has automatically deactivated it because only one of these features can be active at any one time.', 'all-in-one-wp-security-and-firewall'); ?></strong></p>
190
- </div>
191
-
192
- <?php
193
- }
194
- ?>
195
- <div class="postbox">
196
- <h3 class="hndle"><label for="title"><?php _e('Rename Login Page Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
197
- <div class="inside">
198
- <?php
199
- //Display security info badge
200
- global $aiowps_feature_mgr;
201
- $aiowps_feature_mgr->output_feature_details_badge("bf-rename-login-page");
202
- ?>
203
-
204
- <form action="" method="POST">
205
- <?php wp_nonce_field('aiowpsec-rename-login-page-nonce'); ?>
206
- <div class="aio_orange_box">
207
- <?php
208
- $read_link = '<a href="https://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin#advanced_features_note" target="_blank">'.__('must read this message', 'all-in-one-wp-security-and-firewall').'</a>';
209
- echo '<p>'.sprintf(__('This feature can lock you out of admin if it doesn\'t work correctly on your site. You %s before activating this feature.', 'all-in-one-wp-security-and-firewall'), $read_link).'</p>';
210
- echo '<p>'.__("NOTE: If you are hosting your site on WPEngine or a provider which performs server caching, you will need to ask the host support people to NOT cache your renamed login page.", "all-in-one-wp-security-and-firewall").'</p>';
211
- ?>
212
- </div>
213
- <table class="form-table">
214
- <tr valign="top">
215
- <th scope="row"><?php _e('Enable Rename Login Page Feature', 'all-in-one-wp-security-and-firewall')?>:</th>
216
- <td>
217
- <input name="aiowps_enable_rename_login_page" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_rename_login_page')=='1') echo ' checked="checked"'; ?> value="1"/>
218
- <span class="description"><?php _e('Check this if you want to enable the rename login page feature', 'all-in-one-wp-security-and-firewall'); ?></span>
219
- </td>
220
- </tr>
221
- <tr valign="top">
222
- <th scope="row"><?php _e('Login Page URL', 'all-in-one-wp-security-and-firewall')?>:</th>
223
- <td><code><?php echo $home_url; ?></code><input type="text" size="15" name="aiowps_login_page_slug" value="<?php echo $aio_wp_security->configs->get_value('aiowps_login_page_slug'); ?>" />
224
- <span class="description"><?php _e('Enter a string which will represent your secure login page slug. You are encouraged to choose something which is hard to guess and only you will remember.', 'all-in-one-wp-security-and-firewall'); ?></span>
225
- </td>
226
- </tr>
227
- </table>
228
- <input type="submit" name="aiowps_save_rename_login_page_settings" value="<?php _e('Save Settings', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
229
- </form>
230
- </div></div>
231
-
232
- <?php
233
- }
234
-
235
- function render_tab2()
236
- {
237
- global $aio_wp_security;
238
- global $aiowps_feature_mgr;
239
- $error = false;
240
-
241
- //Save settings for brute force cookie method
242
- if(isset($_POST['aiowps_apply_cookie_based_bruteforce_firewall']))
243
- {
244
- $nonce=$_REQUEST['_wpnonce'];
245
- if (!wp_verify_nonce($nonce, 'aiowpsec-enable-cookie-based-brute-force-prevention'))
246
- {
247
- $aio_wp_security->debug_logger->log_debug("Nonce check failed on enable cookie based brute force prevention feature!",4);
248
- die("Nonce check failed on enable cookie based brute force prevention feature!");
249
- }
250
-
251
- if(isset($_POST['aiowps_enable_brute_force_attack_prevention']))
252
- {
253
- $brute_force_feature_secret_word = sanitize_text_field($_POST['aiowps_brute_force_secret_word']);
254
- if(empty($brute_force_feature_secret_word)){
255
- $brute_force_feature_secret_word = "aiowps_secret";
256
- }else if(!ctype_alnum($brute_force_feature_secret_word)){
257
- $msg = '<p>'.__('Settings have not been saved - your secret word must consist only of alphanumeric characters, ie, letters and/or numbers only!', 'all-in-one-wp-security-and-firewall').'</p>';
258
- $error = true;
259
- }
260
-
261
- if(filter_var($_POST['aiowps_cookie_based_brute_force_redirect_url'], FILTER_VALIDATE_URL))
262
- {
263
- $aio_wp_security->configs->set_value('aiowps_cookie_based_brute_force_redirect_url',esc_url_raw($_POST['aiowps_cookie_based_brute_force_redirect_url']));
264
- }
265
- else
266
- {
267
- $aio_wp_security->configs->set_value('aiowps_cookie_based_brute_force_redirect_url','http://127.0.0.1');
268
- }
269
-
270
- $aio_wp_security->configs->set_value('aiowps_enable_brute_force_attack_prevention','1');
271
- $aio_wp_security->configs->set_value('aiowps_enable_rename_login_page',''); //Disable the Rename Login Page feature
272
-
273
- if (!$error)
274
- {
275
- $aio_wp_security->configs->set_value('aiowps_brute_force_secret_word',$brute_force_feature_secret_word);
276
- $msg = '<p>'.__('You have successfully enabled the cookie based brute force prevention feature', 'all-in-one-wp-security-and-firewall').'</p>';
277
- $msg .= '<p>'.__('From now on you will need to log into your WP Admin using the following URL:', 'all-in-one-wp-security-and-firewall').'</p>';
278
- $msg .= '<p><strong>'.AIOWPSEC_WP_URL.'/?'.$brute_force_feature_secret_word.'=1</strong></p>';
279
- $msg .= '<p>'.__('It is important that you save this URL value somewhere in case you forget it, OR,', 'all-in-one-wp-security-and-firewall').'</p>';
280
- $msg .= '<p>'.sprintf( __('simply remember to add a "?%s=1" to your current site URL address.', 'all-in-one-wp-security-and-firewall'), $brute_force_feature_secret_word).'</p>';
281
- }
282
- }
283
- else
284
- {
285
- $aio_wp_security->configs->set_value('aiowps_enable_brute_force_attack_prevention','');
286
- $msg = __('You have successfully saved cookie based brute force prevention feature settings.', 'all-in-one-wp-security-and-firewall');
287
- }
288
-
289
- if(isset($_POST['aiowps_brute_force_attack_prevention_pw_protected_exception']))
290
- {
291
- $aio_wp_security->configs->set_value('aiowps_brute_force_attack_prevention_pw_protected_exception','1');
292
- }
293
- else
294
- {
295
- $aio_wp_security->configs->set_value('aiowps_brute_force_attack_prevention_pw_protected_exception','');
296
- }
297
-
298
- if(isset($_POST['aiowps_brute_force_attack_prevention_ajax_exception']))
299
- {
300
- $aio_wp_security->configs->set_value('aiowps_brute_force_attack_prevention_ajax_exception','1');
301
- }
302
- else
303
- {
304
- $aio_wp_security->configs->set_value('aiowps_brute_force_attack_prevention_ajax_exception','');
305
- }
306
-
307
- if (!$error)
308
- {
309
- $aio_wp_security->configs->save_config();//save the value
310
-
311
- //Recalculate points after the feature status/options have been altered
312
- $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
313
-
314
- $res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
315
- if ($res) {
316
- echo '<div id="message" class="updated fade"><p>';
317
- echo $msg;
318
- echo '</p></div>';
319
- }
320
- else {
321
- $this->show_msg_error(__('Could not write to the .htaccess file. Please check the file permissions.', 'all-in-one-wp-security-and-firewall'));
322
- }
323
- }
324
- else
325
- {
326
- $this->show_msg_error($msg);
327
- }
328
- }
329
-
330
- ?>
331
- <h2><?php _e('Brute Force Prevention Firewall Settings', 'all-in-one-wp-security-and-firewall')?></h2>
332
-
333
- <div class="aio_blue_box">
334
- <?php
335
- //TODO - need to fix the following message
336
- echo '<p>'.__('A Brute Force Attack is when a hacker tries many combinations of usernames and passwords until they succeed in guessing the right combination.', 'all-in-one-wp-security-and-firewall').
337
- '<br />'.__('Due to the fact that at any one time there may be many concurrent login attempts occurring on your site via malicious automated robots, this also has a negative impact on your server\'s memory and performance.', 'all-in-one-wp-security-and-firewall').
338
- '<br />'.__('The features in this tab will stop the majority of Brute Force Login Attacks at the .htaccess level thus providing even better protection for your WP login page and also reducing the load on your server because the system does not have to run PHP code to process the login attempts.', 'all-in-one-wp-security-and-firewall').'</p>';
339
- ?>
340
- </div>
341
- <div class="aio_yellow_box">
342
- <?php
343
- $backup_tab_link = '<a href="admin.php?page='.AIOWPSEC_SETTINGS_MENU_SLUG.'&tab=tab2" target="_blank">'.__('backup', 'all-in-one-wp-security-and-firewall').'</a>';
344
- $video_link = '<a href="https://www.tipsandtricks-hq.com/all-in-one-wp-security-plugin-cookie-based-brute-force-login-attack-prevention-feature-5994" target="_blank">'.__('video tutorial', 'all-in-one-wp-security-and-firewall').'</a>';
345
- $info_msg = sprintf( __('Even though this feature should not have any impact on your site\'s general functionality <strong>you are strongly encouraged to take a %s of your .htaccess file before proceeding</strong>.', 'all-in-one-wp-security-and-firewall'), $backup_tab_link);
346
- $info_msg1 = __('If this feature is not used correctly, you can get locked out of your site. A backed up .htaccess file will come in handy if that happens.', 'all-in-one-wp-security-and-firewall');
347
- $info_msg2 = sprintf( __('To learn more about how to use this feature please watch the following %s.', 'all-in-one-wp-security-and-firewall'), $video_link);
348
- $brute_force_login_feature_link = '<a href="admin.php?page='.AIOWPSEC_FIREWALL_MENU_SLUG.'&tab=tab4" target="_blank">'.__('Cookie-Based Brute Force Login Prevention', 'all-in-one-wp-security-and-firewall').'</a>';
349
- echo '<p>'.$info_msg.
350
- '<br />'.$info_msg1.
351
- '<br />'.$info_msg2.'</p>';
352
- ?>
353
- </div>
354
- <?php
355
- //Show the user the new login URL if this feature is active
356
- if ($aio_wp_security->configs->get_value('aiowps_enable_brute_force_attack_prevention')=='1')
357
- {
358
- ?>
359
- <div class="aio_yellow_box">
360
- <p><strong><?php _e('NOTE: If you already had the Rename Login Page feature active, the plugin has automatically deactivated it because only one of these features can be active at any one time.', 'all-in-one-wp-security-and-firewall'); ?></strong></p>
361
- </div>
362
-
363
- <?php
364
- }
365
- ?>
366
-
367
- <div class="postbox">
368
- <h3 class="hndle"><label for="title"><?php _e('Cookie Based Brute Force Login Prevention', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
369
- <div class="inside">
370
- <?php
371
- //Display security info badge
372
- global $aiowps_feature_mgr;
373
- $aiowps_feature_mgr->output_feature_details_badge("firewall-enable-brute-force-attack-prevention");
374
- ?>
375
- <form action="" method="POST">
376
- <?php wp_nonce_field('aiowpsec-enable-cookie-based-brute-force-prevention'); ?>
377
- <div class="aio_orange_box">
378
- <p>
379
- <?php _e('This feature can lock you out of admin if it doesn\'t work correctly on your site. You <a href="https://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin#advanced_features_note" target="_blank">'.__('must read this message', 'all-in-one-wp-security-and-firewall').'</a> before activating this feature.', 'all-in-one-wp-security-and-firewall'); ?>
380
- </p>
381
- </div>
382
- <table class="form-table">
383
- <tr valign="top">
384
- <th scope="row"><?php _e('Enable Brute Force Attack Prevention', 'all-in-one-wp-security-and-firewall')?>:</th>
385
- <td>
386
- <input name="aiowps_enable_brute_force_attack_prevention" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_brute_force_attack_prevention')=='1') echo ' checked="checked"'; ?> value="1"/>
387
- <span class="description"><?php _e('Check this if you want to protect your login page from Brute Force Attack.', 'all-in-one-wp-security-and-firewall'); ?></span>
388
- <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
389
- <div class="aiowps_more_info_body">
390
- <p class="description">
391
- <?php
392
- _e('This feature will deny access to your WordPress login page for all people except those who have a special cookie in their browser.', 'all-in-one-wp-security-and-firewall');
393
- echo '<br />';
394
- _e('To use this feature do the following:', 'all-in-one-wp-security-and-firewall');
395
- echo '<br />';
396
- _e('1) Enable the checkbox.', 'all-in-one-wp-security-and-firewall');
397
- echo '<br />';
398
- _e('2) Enter a secret word consisting of alphanumeric characters which will be difficult to guess. This secret word will be useful whenever you need to know the special URL which you will use to access the login page (see point below).', 'all-in-one-wp-security-and-firewall');
399
- echo '<br />';
400
- _e('3) You will then be provided with a special login URL. You will need to use this URL to login to your WordPress site instead of the usual login URL. NOTE: The system will deposit a special cookie in your browser which will allow you access to the WordPress administration login page.', 'all-in-one-wp-security-and-firewall');
401
- echo '<br />';
402
- _e('Any person trying to access your login page who does not have the special cookie in their browser will be automatically blocked.', 'all-in-one-wp-security-and-firewall');
403
- ?>
404
- </p>
405
- </div>
406
- </td>
407
- </tr>
408
- <tr valign="top">
409
- <th scope="row"><?php _e('Secret Word', 'all-in-one-wp-security-and-firewall')?>:</th>
410
- <td><input type="text" size="40" name="aiowps_brute_force_secret_word" value="<?php echo $aio_wp_security->configs->get_value('aiowps_brute_force_secret_word'); ?>" />
411
- <span class="description"><?php _e('Choose a secret word consisting of alphanumeric characters which you can use to access your special URL. Your are highly encouraged to choose a word which will be difficult to guess.', 'all-in-one-wp-security-and-firewall'); ?></span>
412
- </td>
413
- </tr>
414
- <tr valign="top">
415
- <th scope="row"><?php _e('Re-direct URL', 'all-in-one-wp-security-and-firewall')?>:</th>
416
- <td><input type="text" size="40" name="aiowps_cookie_based_brute_force_redirect_url" value="<?php echo $aio_wp_security->configs->get_value('aiowps_cookie_based_brute_force_redirect_url'); ?>" />
417
- <span class="description">
418
- <?php
419
- _e('Specify a URL to redirect a hacker to when they try to access your WordPress login page.', 'all-in-one-wp-security-and-firewall');
420
- ?>
421
- </span>
422
- <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
423
- <div class="aiowps_more_info_body">
424
- <p class="description">
425
- <?php
426
- _e('The URL specified here can be any site\'s URL and does not have to be your own. For example you can be as creative as you like and send hackers to the CIA or NSA home page.', 'all-in-one-wp-security-and-firewall');
427
- echo '<br />';
428
- _e('This field will default to: http://127.0.0.1 if you do not enter a value.', 'all-in-one-wp-security-and-firewall');
429
- echo '<br />';
430
- _e('Useful Tip:', 'all-in-one-wp-security-and-firewall');
431
- echo '<br />';
432
- _e('It\'s a good idea to not redirect attempted brute force login attempts to your site because it increases the load on your server.', 'all-in-one-wp-security-and-firewall');
433
- echo '<br />';
434
- _e('Redirecting a hacker or malicious bot back to "http://127.0.0.1" is ideal because it deflects them back to their own local host and puts the load on their server instead of yours.', 'all-in-one-wp-security-and-firewall');
435
- ?>
436
- </p>
437
- </div>
438
- </td>
439
- </tr>
440
- <tr valign="top">
441
- <th scope="row"><?php _e('My Site Has Posts Or Pages Which Are Password Protected', 'all-in-one-wp-security-and-firewall')?>:</th>
442
- <td>
443
- <input name="aiowps_brute_force_attack_prevention_pw_protected_exception" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_brute_force_attack_prevention_pw_protected_exception')=='1') echo ' checked="checked"'; ?> value="1"/>
444
- <span class="description"><?php _e('Check this if you are using the native WordPress password protection feature for some or all of your blog posts or pages.', 'all-in-one-wp-security-and-firewall'); ?></span>
445
- <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
446
- <div class="aiowps_more_info_body">
447
- <p class="description">
448
- <?php
449
- _e('In the cases where you are protecting some of your posts or pages using the in-built WordPress password protection feature, a few extra lines of directives and exceptions need to be added to your .htacces file so that people trying to access pages are not automatically blocked.', 'all-in-one-wp-security-and-firewall');
450
- echo '<br />';
451
- _e('By enabling this checkbox the plugin will add the necessary rules and exceptions to your .htacces file so that people trying to access these pages are not automatically blocked.', 'all-in-one-wp-security-and-firewall');
452
- echo '<br />';
453
- echo "<strong>".__('Helpful Tip:', 'all-in-one-wp-security-and-firewall')."</strong>";
454
- echo '<br />';
455
- _e('If you do not use the WordPress password protection feature for your posts or pages then it is highly recommended that you leave this checkbox disabled.', 'all-in-one-wp-security-and-firewall');
456
- ?>
457
- </p>
458
- </div>
459
- </td>
460
- </tr>
461
- <tr valign="top">
462
- <th scope="row"><?php _e('My Site Has a Theme or Plugins Which Use AJAX', 'all-in-one-wp-security-and-firewall')?>:</th>
463
- <td>
464
- <input name="aiowps_brute_force_attack_prevention_ajax_exception" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_brute_force_attack_prevention_ajax_exception')=='1') echo ' checked="checked"'; ?> value="1"/>
465
- <span class="description"><?php _e('Check this if your site uses AJAX functionality.', 'all-in-one-wp-security-and-firewall'); ?></span>
466
- <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
467
- <div class="aiowps_more_info_body">
468
- <p class="description">
469
- <?php
470
- _e('In the cases where your WordPress installation has a theme or plugins which use AJAX, a few extra lines of directives and exceptions need to be added to your .htacces file to prevent AJAX requests from being automatically blocked by the brute force prevention feature.', 'all-in-one-wp-security-and-firewall');
471
- echo '<br />';
472
- _e('By enabling this checkbox the plugin will add the necessary rules and exceptions to your .htacces file so that AJAX operations will work as expected.', 'all-in-one-wp-security-and-firewall');
473
- ?>
474
- </p>
475
- </div>
476
- </td>
477
- </tr>
478
- </table>
479
- <?php
480
- $cookie_test_value = $aio_wp_security->configs->get_value('aiowps_cookie_test_success');
481
- $bfla_feature_enabled = $aio_wp_security->configs->get_value('aiowps_enable_brute_force_attack_prevention');
482
- if($cookie_test_value == '1' || $bfla_feature_enabled == '1')//If the cookie test is successful or if the feature is already enabled then go ahead as normal
483
- {
484
- if (isset($_REQUEST['aiowps_cookie_test']))
485
- {//Cookie test was just performed and the test succeded
486
- echo '<div class="aio_green_box"><p>';
487
- _e('The cookie test was successful. You can now enable this feature.', 'all-in-one-wp-security-and-firewall');
488
- echo '</p></div>';
489
- }
490
- echo '<input type="submit" name="aiowps_apply_cookie_based_bruteforce_firewall" value="'.__('Save Feature Settings', 'all-in-one-wp-security-and-firewall').'" class="button-primary" />';
491
- }
492
- else
493
- {
494
- //Cookie test needs to be performed
495
- if(isset($_REQUEST['aiowps_cookie_test']) && $cookie_test_value != '1'){//Test failed
496
- echo '<div class="aio_red_box"><p>';
497
- _e('The cookie test failed on this server. So this feature cannot be used on this site.', 'all-in-one-wp-security-and-firewall');
498
- echo '</p></div>';
499
- }
500
-
501
- echo '<div class="aio_yellow_box"><p>';
502
- _e("Before using this feature you are required to perform a cookie test first. This is to make sure that your browser cookie is working correctly and that you won't lock yourself out.", 'all-in-one-wp-security-and-firewall');
503
- echo '</p></div>';
504
- echo '<input type="submit" name="aiowps_do_cookie_test_for_bfla" value="'.__('Perform Cookie Test', 'all-in-one-wp-security-and-firewall').'" class="button-primary" />';
505
- }
506
- ?>
507
- </form>
508
- </div></div>
509
- <?php
510
- }
511
-
512
- function render_tab3()
513
- {
514
- global $aio_wp_security;
515
- global $aiowps_feature_mgr;
516
-
517
- if(isset($_POST['aiowpsec_save_captcha_settings']))//Do form submission tasks
518
- {
519
- $error = '';
520
- $nonce=$_REQUEST['_wpnonce'];
521
- if (!wp_verify_nonce($nonce, 'aiowpsec-captcha-settings-nonce'))
522
- {
523
- $aio_wp_security->debug_logger->log_debug("Nonce check failed on captcha settings save!",4);
524
- die("Nonce check failed on captcha settings save!");
525
- }
526
-
527
-
528
- //Save all the form values to the options
529
- $random_20_digit_string = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(20); //Generate random 20 char string for use during captcha encode/decode
530
- $aio_wp_security->configs->set_value('aiowps_captcha_secret_key', $random_20_digit_string);
531
- $aio_wp_security->configs->set_value('aiowps_enable_login_captcha',isset($_POST["aiowps_enable_login_captcha"])?'1':'');
532
- $aio_wp_security->configs->set_value('aiowps_enable_woo_login_captcha',isset($_POST["aiowps_enable_woo_login_captcha"])?'1':'');
533
- $aio_wp_security->configs->set_value('aiowps_enable_woo_register_captcha',isset($_POST["aiowps_enable_woo_register_captcha"])?'1':'');
534
- $aio_wp_security->configs->set_value('aiowps_enable_woo_lostpassword_captcha',isset($_POST["aiowps_enable_woo_lostpassword_captcha"])?'1':'');
535
- $aio_wp_security->configs->set_value('aiowps_enable_custom_login_captcha',isset($_POST["aiowps_enable_custom_login_captcha"])?'1':'');
536
- $aio_wp_security->configs->set_value('aiowps_enable_lost_password_captcha',isset($_POST["aiowps_enable_lost_password_captcha"])?'1':'');
537
-
538
- // if secret key is masked then don't resave it or the site key
539
- $secret_key = sanitize_text_field($_POST["aiowps_recaptcha_secret_key"]);
540
- if(strpos($secret_key, '********') === false){
541
- $aio_wp_security->configs->set_value('aiowps_recaptcha_site_key',sanitize_text_field($_POST["aiowps_recaptcha_site_key"]));
542
- $aio_wp_security->configs->set_value('aiowps_recaptcha_secret_key',sanitize_text_field($_POST["aiowps_recaptcha_secret_key"]));
543
- }
544
-
545
- $aio_wp_security->configs->set_value('aiowps_default_recaptcha',isset($_POST["aiowps_default_recaptcha"])?'1':'');//Checkbox
546
- $aio_wp_security->configs->save_config();
547
-
548
- //Recalculate points after the feature status/options have been altered
549
- $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
550
-
551
- $this->show_msg_settings_updated();
552
- }
553
-
554
- $secret_key_masked = AIOWPSecurity_Utility::mask_string($aio_wp_security->configs->get_value('aiowps_recaptcha_secret_key'));
555
- ?>
556
- <div class="aio_blue_box">
557
- <?php
558
- $recaptcha_link = '<a href="https://www.google.com/recaptcha" target="_blank">Google reCAPTCHA v2</a>';
559
- echo sprintf('<p>'.__('This feature allows you to add a captcha form on various WordPress login pages and forms.', 'all-in-one-wp-security-and-firewall').'
560
- <br />'.__('Adding a captcha form on a login page or form is another effective yet simple "Brute Force" prevention technique.', 'all-in-one-wp-security-and-firewall').'
561
- <br />'.__('You have the option of using either %s or a plain maths captcha form.', 'all-in-one-wp-security-and-firewall').'
562
- <br />'.__('If you enable Google reCAPTCHA the reCAPTCHA widget will be displayed for all forms the captcha settings below.', 'all-in-one-wp-security-and-firewall').'
563
- <br />'.__('If Google reCAPTCHA is disabled the simple maths captcha form will apply and users will need to enter the answer to a simple mathematical question.', 'all-in-one-wp-security-and-firewall').'
564
- </p>', $recaptcha_link);
565
- ?>
566
- </div>
567
- <form action="" method="POST">
568
- <?php wp_nonce_field('aiowpsec-captcha-settings-nonce'); ?>
569
- <div class="postbox">
570
- <h3 class="hndle"><label for="title"><?php _e('Google reCAPTCHA Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
571
- <div class="inside">
572
- <div class="aio_orange_box">
573
- <p>
574
- <?php
575
- echo __('By enabling these settings the Google reCAPTCHA v2 widget will be applied by default for all forms with captcha enabled.', 'all-in-one-wp-security-and-firewall');
576
- ?>
577
- </p>
578
- </div>
579
-
580
- <table class="form-table">
581
- <tr valign="top">
582
- <th scope="row"><?php _e('Use Google reCAPTCHA as default', 'all-in-one-wp-security-and-firewall')?>:</th>
583
- <td>
584
- <input name="aiowps_default_recaptcha" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_default_recaptcha')=='1') echo ' checked="checked"'; ?> value="1"/>
585
- <span class="description"><?php _e('Check this if you want to default to Google reCAPTCHA for all settings below. (If this is left unchecked, all captcha forms will revert to the plain maths captcha)', 'all-in-one-wp-security-and-firewall'); ?></span>
586
- </td>
587
- </tr>
588
- <tr valign="top">
589
- <th scope="row"><?php _e('Site Key', 'all-in-one-wp-security-and-firewall')?>:</th>
590
- <td><input type="text" size="50" name="aiowps_recaptcha_site_key" value="<?php echo esc_html( $aio_wp_security->configs->get_value('aiowps_recaptcha_site_key') ); ?>" />
591
- </td>
592
- </tr>
593
- <tr valign="top">
594
- <th scope="row"><?php _e('Secret Key', 'all-in-one-wp-security-and-firewall')?>:</th>
595
- <td><input type="text" size="50" name="aiowps_recaptcha_secret_key" value="<?php echo esc_html( $secret_key_masked ); ?>" />
596
- </td>
597
- </tr>
598
- </table>
599
- </div></div>
600
- <div class="postbox">
601
- <h3 class="hndle"><label for="title"><?php _e('Login Form Captcha Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
602
- <div class="inside">
603
- <?php
604
- //Display security info badge
605
- global $aiowps_feature_mgr;
606
- $aiowps_feature_mgr->output_feature_details_badge("user-login-captcha");
607
- ?>
608
- <table class="form-table">
609
- <tr valign="top">
610
- <th scope="row"><?php _e('Enable Captcha On Login Page', 'all-in-one-wp-security-and-firewall')?>:</th>
611
- <td>
612
- <input name="aiowps_enable_login_captcha" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_login_captcha')=='1') echo ' checked="checked"'; ?> value="1"/>
613
- <span class="description"><?php _e('Check this if you want to insert a captcha form on the login page', 'all-in-one-wp-security-and-firewall'); ?></span>
614
- </td>
615
- </tr>
616
- </table>
617
- </div></div>
618
- <div class="postbox">
619
- <h3 class="hndle"><label for="title"><?php _e('Lost Password Form Captcha Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
620
- <div class="inside">
621
- <?php
622
- //Display security info badge
623
- global $aiowps_feature_mgr;
624
- $aiowps_feature_mgr->output_feature_details_badge("lost-password-captcha");
625
- ?>
626
-
627
- <table class="form-table">
628
- <tr valign="top">
629
- <th scope="row"><?php _e('Enable Captcha On Lost Password Page', 'all-in-one-wp-security-and-firewall')?>:</th>
630
- <td>
631
- <input name="aiowps_enable_lost_password_captcha" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_lost_password_captcha')=='1') echo ' checked="checked"'; ?> value="1"/>
632
- <span class="description"><?php _e('Check this if you want to insert a captcha form on the lost password page', 'all-in-one-wp-security-and-firewall'); ?></span>
633
- </td>
634
- </tr>
635
- </table>
636
- </div></div>
637
- <div class="postbox">
638
- <h3 class="hndle"><label for="title"><?php _e('Custom Login Form Captcha Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
639
- <div class="inside">
640
- <?php
641
- //Display security info badge
642
- global $aiowps_feature_mgr;
643
- $aiowps_feature_mgr->output_feature_details_badge("custom-login-captcha");
644
- ?>
645
- <table class="form-table">
646
- <tr valign="top">
647
- <th scope="row"><?php _e('Enable Captcha On Custom Login Form', 'all-in-one-wp-security-and-firewall')?>:</th>
648
- <td>
649
- <input name="aiowps_enable_custom_login_captcha" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_custom_login_captcha')=='1') echo ' checked="checked"'; ?> value="1"/>
650
- <span class="description"><?php _e('Check this if you want to insert captcha on a custom login form generated by the following WP function: wp_login_form()', 'all-in-one-wp-security-and-firewall'); ?></span>
651
- </td>
652
- </tr>
653
- </table>
654
- </div></div>
655
- <?php
656
- // Only display woocommerce captcha settings if woo is active
657
- if ( in_array( 'woocommerce/woocommerce.php', apply_filters( 'active_plugins', get_option( 'active_plugins' ) ) ) ) {
658
- ?>
659
- <div class="postbox">
660
- <h3 class="hndle"><label for="title"><?php _e('Woocommerce Forms Captcha Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
661
- <div class="inside">
662
- <?php
663
- //Display security info badge
664
- global $aiowps_feature_mgr;
665
- $aiowps_feature_mgr->output_feature_details_badge("woo-login-captcha");
666
- ?>
667
- <table class="form-table">
668
- <tr valign="top">
669
- <th scope="row"><?php _e('Enable Captcha On Woocommerce Login Form', 'all-in-one-wp-security-and-firewall')?>:</th>
670
- <td>
671
- <input name="aiowps_enable_woo_login_captcha" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_woo_login_captcha')=='1') echo ' checked="checked"'; ?> value="1"/>
672
- <span class="description"><?php _e('Check this if you want to insert captcha on a Woocommerce login form', 'all-in-one-wp-security-and-firewall'); ?></span>
673
- </td>
674
- </tr>
675
- </table>
676
- <hr>
677
- <?php
678
- $aiowps_feature_mgr->output_feature_details_badge("woo-lostpassword-captcha");
679
- ?>
680
- <table class="form-table">
681
- <tr valign="top">
682
- <th scope="row"><?php _e('Enable Captcha On Woocommerce Lost Password Form', 'all-in-one-wp-security-and-firewall')?>:</th>
683
- <td>
684
- <input name="aiowps_enable_woo_lostpassword_captcha" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_woo_lostpassword_captcha')=='1') echo ' checked="checked"'; ?> value="1"/>
685
- <span class="description"><?php _e('Check this if you want to insert captcha on a Woocommerce lost password form', 'all-in-one-wp-security-and-firewall'); ?></span>
686
- </td>
687
- </tr>
688
- </table>
689
- <hr>
690
- <?php
691
- $aiowps_feature_mgr->output_feature_details_badge("woo-register-captcha");
692
- ?>
693
- <table class="form-table">
694
- <tr valign="top">
695
- <th scope="row"><?php _e('Enable Captcha On Woocommerce Registration Form', 'all-in-one-wp-security-and-firewall')?>:</th>
696
- <td>
697
- <input name="aiowps_enable_woo_register_captcha" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_woo_register_captcha')=='1') echo ' checked="checked"'; ?> value="1"/>
698
- <span class="description"><?php _e('Check this if you want to insert captcha on a Woocommerce registration form', 'all-in-one-wp-security-and-firewall'); ?></span>
699
- </td>
700
- </tr>
701
- </table>
702
- </div></div>
703
- <?php
704
- }
705
- ?>
706
-
707
- <input type="submit" name="aiowpsec_save_captcha_settings" value="<?php _e('Save Settings', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
708
- </form>
709
- <?php
710
- }
711
-
712
- function render_tab4()
713
- {
714
- global $aio_wp_security;
715
- global $aiowps_feature_mgr;
716
- $result = 1;
717
- $your_ip_address = AIOWPSecurity_Utility_IP::get_user_ip_address();
718
- if (isset($_POST['aiowps_save_whitelist_settings']))
719
- {
720
- $nonce=$_REQUEST['_wpnonce'];
721
- if (!wp_verify_nonce($nonce, 'aiowpsec-whitelist-settings-nonce'))
722
- {
723
- $aio_wp_security->debug_logger->log_debug("Nonce check failed for save whitelist settings!",4);
724
- die(__('Nonce check failed for save whitelist settings!','all-in-one-wp-security-and-firewall'));
725
- }
726
-
727
- if (isset($_POST["aiowps_enable_whitelisting"]) && empty($_POST['aiowps_allowed_ip_addresses']))
728
- {
729
- $this->show_msg_error('You must submit at least one IP address!','all-in-one-wp-security-and-firewall');
730
- }
731
- else
732
- {
733
- if (!empty($_POST['aiowps_allowed_ip_addresses']))
734
- {
735
- $ip_addresses = $_POST['aiowps_allowed_ip_addresses'];
736
- $ip_list_array = AIOWPSecurity_Utility_IP::create_ip_list_array_from_string_with_newline($ip_addresses);
737
- $payload = AIOWPSecurity_Utility_IP::validate_ip_list($ip_list_array, 'whitelist');
738
- if($payload[0] == 1){
739
- //success case
740
- $result = 1;
741
- $list = $payload[1];
742
- $whitelist_ip_data = implode(PHP_EOL, $list);
743
- $aio_wp_security->configs->set_value('aiowps_allowed_ip_addresses',$whitelist_ip_data);
744
- $_POST['aiowps_allowed_ip_addresses'] = ''; //Clear the post variable for the banned address list
745
- }
746
- else{
747
- $result = -1;
748
- $error_msg = htmlspecialchars($payload[1][0]);
749
- $this->show_msg_error($error_msg);
750
- }
751
-
752
- }
753
- else
754
- {
755
- $aio_wp_security->configs->set_value('aiowps_allowed_ip_addresses',''); //Clear the IP address config value
756
- }
757
-
758
- if ($result == 1)
759
- {
760
- $aio_wp_security->configs->set_value('aiowps_enable_whitelisting',isset($_POST["aiowps_enable_whitelisting"])?'1':'');
761
- $aio_wp_security->configs->save_config(); //Save the configuration
762
-
763
- //Recalculate points after the feature status/options have been altered
764
- $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
765
-
766
- $this->show_msg_settings_updated();
767
-
768
- $write_result = AIOWPSecurity_Utility_Htaccess::write_to_htaccess(); //now let's write to the .htaccess file
769
- if ( !$write_result )
770
- {
771
- $this->show_msg_error(__('The plugin was unable to write to the .htaccess file. Please edit file manually.','all-in-one-wp-security-and-firewall'));
772
- $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_whitelist_Menu - The plugin was unable to write to the .htaccess file.");
773
- }
774
- }
775
- }
776
- }
777
- ?>
778
- <h2><?php _e('Login Whitelist', 'all-in-one-wp-security-and-firewall')?></h2>
779
- <div class="aio_blue_box">
780
- <?php
781
- echo '<p>'.__('The All In One WP Security Whitelist feature gives you the option of only allowing certain IP addresses or ranges to have access to your WordPress login page.', 'all-in-one-wp-security-and-firewall').'
782
- <br />'.__('This feature will deny login access for all IP addresses which are not in your whitelist as configured in the settings below.', 'all-in-one-wp-security-and-firewall').'
783
- <br />'.__('The plugin achieves this by writing the appropriate directives to your .htaccess file.', 'all-in-one-wp-security-and-firewall').'
784
- <br />'.__('By allowing/blocking IP addresses via the .htaccess file your are using the most secure first line of defence because login access will only be granted to whitelisted IP addresses and other addresses will be blocked as soon as they try to access your login page.', 'all-in-one-wp-security-and-firewall').'
785
- </p>';
786
- ?>
787
- </div>
788
- <div class="aio_yellow_box">
789
- <?php
790
- $brute_force_login_feature_link = '<a href="admin.php?page='.AIOWPSEC_BRUTE_FORCE_MENU_SLUG.'&tab=tab2" target="_blank">'.__('Cookie-Based Brute Force Login Prevention', 'all-in-one-wp-security-and-firewall').'</a>';
791
- $rename_login_feature_link = '<a href="admin.php?page='.AIOWPSEC_BRUTE_FORCE_MENU_SLUG.'&tab=tab1" target="_blank">'.__('Rename Login Page', 'all-in-one-wp-security-and-firewall').'</a>';
792
- echo '<p>'.sprintf( __('Attention: If in addition to enabling the white list feature, you also have one of the %s or %s features enabled, <strong>you will still need to use your secret word or special slug in the URL when trying to access your WordPress login page</strong>.', 'all-in-one-wp-security-and-firewall'), $brute_force_login_feature_link, $rename_login_feature_link).'</p>
793
- <p>'.__('These features are NOT functionally related. Having both of them enabled on your site means you are creating 2 layers of security.', 'all-in-one-wp-security-and-firewall').'</p>';
794
- ?>
795
- </div>
796
-
797
- <div class="postbox">
798
- <h3 class="hndle"><label for="title"><?php _e('Login IP Whitelist Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
799
- <div class="inside">
800
- <?php
801
- //Display security info badge
802
- global $aiowps_feature_mgr;
803
- $aiowps_feature_mgr->output_feature_details_badge("whitelist-manager-ip-login-whitelisting");
804
- ?>
805
- <form action="" method="POST">
806
- <?php wp_nonce_field('aiowpsec-whitelist-settings-nonce'); ?>
807
- <table class="form-table">
808
- <tr valign="top">
809
- <th scope="row"><?php _e('Enable IP Whitelisting', 'all-in-one-wp-security-and-firewall')?>:</th>
810
- <td>
811
- <input name="aiowps_enable_whitelisting" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_whitelisting')=='1') echo ' checked="checked"'; ?> value="1"/>
812
- <span class="description"><?php _e('Check this if you want to enable the whitelisting of selected IP addresses specified in the settings below', 'all-in-one-wp-security-and-firewall'); ?></span>
813
- </td>
814
- </tr>
815
- <tr valign="top">
816
- <th scope="row"><?php _e('Your Current IP Address', 'all-in-one-wp-security-and-firewall')?>:</th>
817
- <td>
818
- <input size="20" name="aiowps_user_ip" type="text" value="<?php echo $your_ip_address; ?>" readonly="readonly"/>
819
- <span class="description"><?php _e('You can copy and paste this address in the text box below if you want to include it in your login whitelist.', 'all-in-one-wp-security-and-firewall'); ?></span>
820
- </td>
821
- </tr>
822
- <tr valign="top">
823
- <th scope="row"><?php _e('Enter Whitelisted IP Addresses:', 'all-in-one-wp-security-and-firewall')?></th>
824
- <td>
825
- <textarea name="aiowps_allowed_ip_addresses" rows="5" cols="50"><?php echo ($result == -1)?htmlspecialchars($_POST['aiowps_allowed_ip_addresses']):htmlspecialchars($aio_wp_security->configs->get_value('aiowps_allowed_ip_addresses')); ?></textarea>
826
- <br />
827
- <span class="description"><?php _e('Enter one or more IP addresses or IP ranges you wish to include in your whitelist. Only the addresses specified here will have access to the WordPress login page.','all-in-one-wp-security-and-firewall');?></span>
828
- <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
829
- <div class="aiowps_more_info_body">
830
- <?php
831
- echo '<p class="description"><strong>'.__('Each IP address must be on a new line.', 'all-in-one-wp-security-and-firewall').'</strong></p>';
832
- echo '<p class="description">'.__('To specify an IPv4 range use a wildcard "*" character. Acceptable ways to use wildcards is shown in the examples below:', 'all-in-one-wp-security-and-firewall').'</p>';
833
- echo '<p class="description">'.__('Example 1: 195.47.89.*', 'all-in-one-wp-security-and-firewall').'</p>';
834
- echo '<p class="description">'.__('Example 2: 195.47.*.*', 'all-in-one-wp-security-and-firewall').'</p>';
835
- echo '<p class="description">'.__('Example 3: 195.*.*.*', 'all-in-one-wp-security-and-firewall').'</p>';
836
- echo '<p class="description">'.__('Or you can enter an IPv6 address (NOTE: ranges/wildcards are currently not supported for ipv6)', 'all-in-one-wp-security-and-firewall').'</p>';
837
- echo '<p class="description">'.__('Example 4: 4102:0:3ea6:79fd:b:46f8:230f:bb05', 'all-in-one-wp-security-and-firewall').'</p>';
838
- echo '<p class="description">'.__('Example 5: 2205:0:1ca2:810d::', 'all-in-one-wp-security-and-firewall').'</p>';
839
- ?>
840
- </div>
841
-
842
- </td>
843
- </tr>
844
- </table>
845
- <input type="submit" name="aiowps_save_whitelist_settings" value="<?php _e('Save Settings', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
846
- </form>
847
- </div></div>
848
- <?php
849
- }
850
-
851
- function render_tab5()
852
- {
853
- global $aio_wp_security;
854
- global $aiowps_feature_mgr;
855
-
856
- if(isset($_POST['aiowpsec_save_honeypot_settings']))//Do form submission tasks
857
- {
858
- $error = '';
859
- $nonce=$_REQUEST['_wpnonce'];
860
- if (!wp_verify_nonce($nonce, 'aiowpsec-honeypot-settings-nonce'))
861
- {
862
- $aio_wp_security->debug_logger->log_debug("Nonce check failed on honeypot settings save!",4);
863
- die("Nonce check failed on honeypot settings save!");
864
- }
865
-
866
- //Save all the form values to the options
867
- $aio_wp_security->configs->set_value('aiowps_enable_login_honeypot',isset($_POST["aiowps_enable_login_honeypot"])?'1':'');
868
- $aio_wp_security->configs->save_config();
869
-
870
- //Recalculate points after the feature status/options have been altered
871
- $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
872
-
873
- $this->show_msg_settings_updated();
874
- }
875
- ?>
876
- <div class="aio_blue_box">
877
- <?php
878
- echo '<p>'.__('This feature allows you to add a special hidden "honeypot" field on the WordPress login page. This will only be visible to robots and not humans.', 'all-in-one-wp-security-and-firewall').'
879
- <br />'.__('Since robots usually fill in every input field from a login form, they will also submit a value for the special hidden honeypot field.', 'all-in-one-wp-security-and-firewall').'
880
- <br />'.__('The way honeypots work is that a hidden field is placed somewhere inside a form which only robots will submit. If that field contains a value when the form is submitted then a robot has most likely submitted the form and it is consequently dealt with.', 'all-in-one-wp-security-and-firewall').'
881
- <br />'.__('Therefore, if the plugin detects that this field has a value when the login form is submitted, then the robot which is attempting to login to your site will be redirected to its localhost address - http://127.0.0.1.', 'all-in-one-wp-security-and-firewall').'
882
- </p>';
883
- ?>
884
- </div>
885
- <form action="" method="POST">
886
- <div class="postbox">
887
- <h3 class="hndle"><label for="title"><?php _e('Login Form Honeypot Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
888
- <div class="inside">
889
- <?php
890
- //Display security info badge
891
- global $aiowps_feature_mgr;
892
- $aiowps_feature_mgr->output_feature_details_badge("login-honeypot");
893
- ?>
894
-
895
- <?php wp_nonce_field('aiowpsec-honeypot-settings-nonce'); ?>
896
- <table class="form-table">
897
- <tr valign="top">
898
- <th scope="row"><?php _e('Enable Honeypot On Login Page', 'all-in-one-wp-security-and-firewall')?>:</th>
899
- <td>
900
- <input name="aiowps_enable_login_honeypot" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_login_honeypot')=='1') echo ' checked="checked"'; ?> value="1"/>
901
- <span class="description"><?php _e('Check this if you want to enable the honeypot feature for the login page', 'all-in-one-wp-security-and-firewall'); ?></span>
902
- </td>
903
- </tr>
904
- </table>
905
- </div></div>
906
-
907
- <input type="submit" name="aiowpsec_save_honeypot_settings" value="<?php _e('Save Settings', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
908
- </form>
909
- <?php
910
- }
911
-
912
-
913
  } //end class
1
+ <?php
2
+ if(!defined('ABSPATH')){
3
+ exit;//Exit if accessed directly
4
+ }
5
+
6
+ class AIOWPSecurity_Brute_Force_Menu extends AIOWPSecurity_Admin_Menu
7
+ {
8
+ var $menu_page_slug = AIOWPSEC_BRUTE_FORCE_MENU_SLUG;
9
+
10
+ /* Specify all the tabs of this menu in the following array */
11
+ var $menu_tabs;
12
+
13
+ var $menu_tabs_handler = array(
14
+ 'tab1' => 'render_tab1',
15
+ 'tab2' => 'render_tab2',
16
+ 'tab3' => 'render_tab3',
17
+ 'tab4' => 'render_tab4',
18
+ 'tab5' => 'render_tab5',
19
+ );
20
+
21
+ function __construct()
22
+ {
23
+ $this->render_menu_page();
24
+ }
25
+
26
+ function set_menu_tabs()
27
+ {
28
+ $this->menu_tabs = array(
29
+ 'tab1' => __('Rename Login Page','all-in-one-wp-security-and-firewall'),
30
+ 'tab2' => __('Cookie Based Brute Force Prevention', 'all-in-one-wp-security-and-firewall'),
31
+ 'tab3' => __('Login Captcha', 'all-in-one-wp-security-and-firewall'),
32
+ 'tab4' => __('Login Whitelist', 'all-in-one-wp-security-and-firewall'),
33
+ 'tab5' => __('Honeypot', 'all-in-one-wp-security-and-firewall'),
34
+
35
+ );
36
+ }
37
+
38
+ function get_current_tab()
39
+ {
40
+ $tab_keys = array_keys($this->menu_tabs);
41
+ $tab = isset( $_GET['tab'] ) ? sanitize_text_field($_GET['tab']) : $tab_keys[0];
42
+ return $tab;
43
+ }
44
+
45
+ /*
46
+ * Renders our tabs of this menu as nav items
47
+ */
48
+ function render_menu_tabs()
49
+ {
50
+ $current_tab = $this->get_current_tab();
51
+
52
+ echo '<h2 class="nav-tab-wrapper">';
53
+ foreach ( $this->menu_tabs as $tab_key => $tab_caption )
54
+ {
55
+ if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1
56
+ && stristr($tab_caption, "Rename Login Page") === false && stristr($tab_caption, "Login Captcha") === false){
57
+ //Suppress the all Brute Force menu tabs if site is a multi site AND not the main site except "rename login" and "captcha"
58
+ }else{
59
+ $active = $current_tab == $tab_key ? 'nav-tab-active' : '';
60
+ echo '<a class="nav-tab ' . $active . '" href="?page=' . $this->menu_page_slug . '&tab=' . $tab_key . '">' . $tab_caption . '</a>';
61
+ }
62
+ }
63
+ echo '</h2>';
64
+ }
65
+
66
+ /*
67
+ * The menu rendering goes here
68
+ */
69
+ function render_menu_page()
70
+ {
71
+ echo '<div class="wrap">';
72
+ echo '<h2>'.__('Brute Force','all-in-one-wp-security-and-firewall').'</h2>';//Interface title
73
+ $this->set_menu_tabs();
74
+ $tab = $this->get_current_tab();
75
+ $this->render_menu_tabs();
76
+ ?>
77
+ <div id="poststuff"><div id="post-body">
78
+ <?php
79
+ //$tab_keys = array_keys($this->menu_tabs);
80
+ call_user_func(array($this, $this->menu_tabs_handler[$tab]));
81
+ ?>
82
+ </div></div>
83
+ </div><!-- end of wrap -->
84
+ <?php
85
+ }
86
+
87
+ function render_tab1()
88
+ {
89
+ global $wpdb, $aio_wp_security;
90
+ global $aiowps_feature_mgr;
91
+ $aiowps_login_page_slug = '';
92
+
93
+ if (get_option('permalink_structure')){
94
+ $home_url = trailingslashit(home_url());
95
+ }else{
96
+ $home_url = trailingslashit(home_url()) . '?';
97
+ }
98
+
99
+ if(isset($_POST['aiowps_save_rename_login_page_settings']))//Do form submission tasks
100
+ {
101
+ $error = '';
102
+ $nonce=$_REQUEST['_wpnonce'];
103
+ if (!wp_verify_nonce($nonce, 'aiowpsec-rename-login-page-nonce'))
104
+ {
105
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed for rename login page save!",4);
106
+ die("Nonce check failed for rename login page save!");
107
+ }
108
+
109
+ if (empty($_POST['aiowps_login_page_slug']) && isset($_POST["aiowps_enable_rename_login_page"])){
110
+ $error .= '<br />'.__('Please enter a value for your login page slug.','all-in-one-wp-security-and-firewall');
111
+ }else if (!empty($_POST['aiowps_login_page_slug'])){
112
+ $aiowps_login_page_slug = sanitize_text_field($_POST['aiowps_login_page_slug']);
113
+ if($aiowps_login_page_slug == 'wp-admin'){
114
+ $error .= '<br />'.__('You cannot use the value "wp-admin" for your login page slug.','all-in-one-wp-security-and-firewall');
115
+ }elseif(preg_match('/[^a-z_\-0-9]/i', $aiowps_login_page_slug)){
116
+ $error .= '<br />'.__('You must use alpha numeric characters for your login page slug.','all-in-one-wp-security-and-firewall');
117
+ }
118
+ }
119
+
120
+ if($error){
121
+ $this->show_msg_error(__('Attention!','all-in-one-wp-security-and-firewall').$error);
122
+ }else{
123
+ $htaccess_res = '';
124
+ $cookie_feature_active = false;
125
+ //Save all the form values to the options
126
+ if (isset($_POST["aiowps_enable_rename_login_page"])){
127
+ $aio_wp_security->configs->set_value('aiowps_enable_rename_login_page', '1');
128
+ // check if the cookie based feature was active and deactivate it and delete the directives in .htaccess
129
+ if($aio_wp_security->configs->get_value('aiowps_enable_brute_force_attack_prevention')){
130
+ $cookie_feature_active = true;
131
+ $aio_wp_security->configs->set_value('aiowps_enable_brute_force_attack_prevention', '');//deactivate cookie based feature
132
+ }
133
+ }else{
134
+ $aio_wp_security->configs->set_value('aiowps_enable_rename_login_page', '');
135
+ }
136
+ $aio_wp_security->configs->set_value('aiowps_login_page_slug',$aiowps_login_page_slug);
137
+ $aio_wp_security->configs->save_config();
138
+
139
+ // if cookie based feature was active previously need to clear those rules out of .htaccess
140
+ if($cookie_feature_active){
141
+ $htaccess_res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess(); //Delete the cookie based directives
142
+ }
143
+
144
+ //Recalculate points after the feature status/options have been altered
145
+ $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
146
+ if ($htaccess_res === false) {
147
+ $this->show_msg_error(__('Could not delete the Cookie-based directives from the .htaccess file. Please check the file permissions.', 'all-in-one-wp-security-and-firewall'));
148
+ }
149
+ else {
150
+ $this->show_msg_settings_updated();
151
+ }
152
+
153
+ /** The following is a fix/workaround for the following issue:
154
+ * https://wordpress.org/support/topic/applying-brute-force-rename-login-page-not-working/
155
+ * ie, when saving the rename login config, the logout link does not update on the first page load after the $_POST submit to reflect the new rename login setting.
156
+ * Added a page refresh to fix this for now until I figure out a better solution.
157
+ *
158
+ **/
159
+ $cur_url = "admin.php?page=".AIOWPSEC_BRUTE_FORCE_MENU_SLUG."&tab=tab1";
160
+ AIOWPSecurity_Utility::redirect_to_url($cur_url);
161
+
162
+ }
163
+ }
164
+
165
+ ?>
166
+ <div class="aio_blue_box">
167
+ <?php
168
+ $cookie_based_feature_url = '<a href="admin.php?page='.AIOWPSEC_BRUTE_FORCE_MENU_SLUG.'&tab=tab2" target="_blank">'.__('Cookie Based Brute Force Prevention', 'all-in-one-wp-security-and-firewall').'</a>';
169
+ $white_list_feature_url = '<a href="admin.php?page='.AIOWPSEC_BRUTE_FORCE_MENU_SLUG.'&tab=tab4" target="_blank">'.__('Login Page White List', 'all-in-one-wp-security-and-firewall').'</a>';
170
+ echo '<p>'.__('An effective Brute Force prevention technique is to change the default WordPress login page URL.', 'all-in-one-wp-security-and-firewall').'</p>'.
171
+ '<p>'.__('Normally if you wanted to login to WordPress you would type your site\'s home URL followed by wp-login.php.', 'all-in-one-wp-security-and-firewall').'</p>'.
172
+ '<p>'.__('This feature allows you to change the login URL by setting your own slug and renaming the last portion of the login URL which contains the <strong>wp-login.php</strong> to any string that you like.', 'all-in-one-wp-security-and-firewall').'</p>'.
173
+ '<p>'.__('By doing this, malicious bots and hackers will not be able to access your login page because they will not know the correct login page URL.', 'all-in-one-wp-security-and-firewall').'</p>'.
174
+ '<div class="aio_section_separator_1"></div>'.
175
+ '<p>'.__('You may also be interested in the following alternative brute force prevention features:', 'all-in-one-wp-security-and-firewall').'</p>'.
176
+ '<p>'.$cookie_based_feature_url.'</p>'.
177
+ '<p>'.$white_list_feature_url.'</p>';
178
+ ?>
179
+ </div>
180
+ <?php
181
+ //Show the user the new login URL if this feature is active
182
+ if ($aio_wp_security->configs->get_value('aiowps_enable_rename_login_page')=='1')
183
+ {
184
+ ?>
185
+ <div class="aio_yellow_box">
186
+ <p><?php _e('Your WordPress login page URL has been renamed.', 'all-in-one-wp-security-and-firewall'); ?></p>
187
+ <p><?php _e('Your current login URL is:', 'all-in-one-wp-security-and-firewall'); ?></p>
188
+ <p><strong><?php echo $home_url.$aio_wp_security->configs->get_value('aiowps_login_page_slug'); ?></strong></p>
189
+ <p><strong><?php _e('NOTE: If you already had the Cookie-Based Brute Force Prevention feature active, the plugin has automatically deactivated it because only one of these features can be active at any one time.', 'all-in-one-wp-security-and-firewall'); ?></strong></p>
190
+ </div>
191
+
192
+ <?php
193
+ }
194
+ ?>
195
+ <div class="postbox">
196
+ <h3 class="hndle"><label for="title"><?php _e('Rename Login Page Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
197
+ <div class="inside">
198
+ <?php
199
+ //Display security info badge
200
+ global $aiowps_feature_mgr;
201
+ $aiowps_feature_mgr->output_feature_details_badge("bf-rename-login-page");
202
+ ?>
203
+
204
+ <form action="" method="POST">
205
+ <?php wp_nonce_field('aiowpsec-rename-login-page-nonce'); ?>
206
+ <div class="aio_orange_box">
207
+ <?php
208
+ $read_link = '<a href="https://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin#advanced_features_note" target="_blank">'.__('must read this message', 'all-in-one-wp-security-and-firewall').'</a>';
209
+ echo '<p>'.sprintf(__('This feature can lock you out of admin if it doesn\'t work correctly on your site. You %s before activating this feature.', 'all-in-one-wp-security-and-firewall'), $read_link).'</p>';
210
+ echo '<p>'.__("NOTE: If you are hosting your site on WPEngine or a provider which performs server caching, you will need to ask the host support people to NOT cache your renamed login page.", "all-in-one-wp-security-and-firewall").'</p>';
211
+ ?>
212
+ </div>
213
+ <table class="form-table">
214
+ <tr valign="top">
215
+ <th scope="row"><?php _e('Enable Rename Login Page Feature', 'all-in-one-wp-security-and-firewall')?>:</th>
216
+ <td>
217
+ <input name="aiowps_enable_rename_login_page" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_rename_login_page')=='1') echo ' checked="checked"'; ?> value="1"/>
218
+ <span class="description"><?php _e('Check this if you want to enable the rename login page feature', 'all-in-one-wp-security-and-firewall'); ?></span>
219
+ </td>
220
+ </tr>
221
+ <tr valign="top">
222
+ <th scope="row"><?php _e('Login Page URL', 'all-in-one-wp-security-and-firewall')?>:</th>
223
+ <td><code><?php echo $home_url; ?></code><input type="text" size="15" name="aiowps_login_page_slug" value="<?php echo $aio_wp_security->configs->get_value('aiowps_login_page_slug'); ?>" />
224
+ <span class="description"><?php _e('Enter a string which will represent your secure login page slug. You are encouraged to choose something which is hard to guess and only you will remember.', 'all-in-one-wp-security-and-firewall'); ?></span>
225
+ </td>
226
+ </tr>
227
+ </table>
228
+ <input type="submit" name="aiowps_save_rename_login_page_settings" value="<?php _e('Save Settings', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
229
+ </form>
230
+ </div></div>
231
+
232
+ <?php
233
+ }
234
+
235
+ function render_tab2()
236
+ {
237
+ global $aio_wp_security;
238
+ global $aiowps_feature_mgr;
239
+ $error = false;
240
+
241
+ //Save settings for brute force cookie method
242
+ if(isset($_POST['aiowps_apply_cookie_based_bruteforce_firewall']))
243
+ {
244
+ $nonce=$_REQUEST['_wpnonce'];
245
+ if (!wp_verify_nonce($nonce, 'aiowpsec-enable-cookie-based-brute-force-prevention'))
246
+ {
247
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed on enable cookie based brute force prevention feature!",4);
248
+ die("Nonce check failed on enable cookie based brute force prevention feature!");
249
+ }
250
+
251
+ if(isset($_POST['aiowps_enable_brute_force_attack_prevention']))
252
+ {
253
+ $brute_force_feature_secret_word = sanitize_text_field($_POST['aiowps_brute_force_secret_word']);
254
+ if(empty($brute_force_feature_secret_word)){
255
+ $brute_force_feature_secret_word = "aiowps_secret";
256
+ }else if(!ctype_alnum($brute_force_feature_secret_word)){
257
+ $msg = '<p>'.__('Settings have not been saved - your secret word must consist only of alphanumeric characters, ie, letters and/or numbers only!', 'all-in-one-wp-security-and-firewall').'</p>';
258
+ $error = true;
259
+ }
260
+
261
+ if(filter_var($_POST['aiowps_cookie_based_brute_force_redirect_url'], FILTER_VALIDATE_URL))
262
+ {
263
+ $aio_wp_security->configs->set_value('aiowps_cookie_based_brute_force_redirect_url',esc_url_raw($_POST['aiowps_cookie_based_brute_force_redirect_url']));
264
+ }
265
+ else
266
+ {
267
+ $aio_wp_security->configs->set_value('aiowps_cookie_based_brute_force_redirect_url','http://127.0.0.1');
268
+ }
269
+
270
+ $aio_wp_security->configs->set_value('aiowps_enable_brute_force_attack_prevention','1');
271
+ $aio_wp_security->configs->set_value('aiowps_enable_rename_login_page',''); //Disable the Rename Login Page feature
272
+
273
+ if (!$error)
274
+ {
275
+ $aio_wp_security->configs->set_value('aiowps_brute_force_secret_word',$brute_force_feature_secret_word);
276
+ $msg = '<p>'.__('You have successfully enabled the cookie based brute force prevention feature', 'all-in-one-wp-security-and-firewall').'</p>';
277
+ $msg .= '<p>'.__('From now on you will need to log into your WP Admin using the following URL:', 'all-in-one-wp-security-and-firewall').'</p>';
278
+ $msg .= '<p><strong>'.AIOWPSEC_WP_URL.'/?'.$brute_force_feature_secret_word.'=1</strong></p>';
279
+ $msg .= '<p>'.__('It is important that you save this URL value somewhere in case you forget it, OR,', 'all-in-one-wp-security-and-firewall').'</p>';
280
+ $msg .= '<p>'.sprintf( __('simply remember to add a "?%s=1" to your current site URL address.', 'all-in-one-wp-security-and-firewall'), $brute_force_feature_secret_word).'</p>';
281
+ }
282
+ }
283
+ else
284
+ {
285
+ $aio_wp_security->configs->set_value('aiowps_enable_brute_force_attack_prevention','');
286
+ $msg = __('You have successfully saved cookie based brute force prevention feature settings.', 'all-in-one-wp-security-and-firewall');
287
+ }
288
+
289
+ if(isset($_POST['aiowps_brute_force_attack_prevention_pw_protected_exception']))
290
+ {
291
+ $aio_wp_security->configs->set_value('aiowps_brute_force_attack_prevention_pw_protected_exception','1');
292
+ }
293
+ else
294
+ {
295
+ $aio_wp_security->configs->set_value('aiowps_brute_force_attack_prevention_pw_protected_exception','');
296
+ }
297
+
298
+ if(isset($_POST['aiowps_brute_force_attack_prevention_ajax_exception']))
299
+ {
300
+ $aio_wp_security->configs->set_value('aiowps_brute_force_attack_prevention_ajax_exception','1');
301
+ }
302
+ else
303
+ {
304
+ $aio_wp_security->configs->set_value('aiowps_brute_force_attack_prevention_ajax_exception','');
305
+ }
306
+
307
+ if (!$error)
308
+ {
309
+ $aio_wp_security->configs->save_config();//save the value
310
+
311
+ //Recalculate points after the feature status/options have been altered
312
+ $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
313
+
314
+ $res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
315
+ if ($res) {
316
+ echo '<div id="message" class="updated fade"><p>';
317
+ echo $msg;
318
+ echo '</p></div>';
319
+ }
320
+ else {
321
+ $this->show_msg_error(__('Could not write to the .htaccess file. Please check the file permissions.', 'all-in-one-wp-security-and-firewall'));
322
+ }
323
+ }
324
+ else
325
+ {
326
+ $this->show_msg_error($msg);
327
+ }
328
+ }
329
+
330
+ ?>
331
+ <h2><?php _e('Brute Force Prevention Firewall Settings', 'all-in-one-wp-security-and-firewall')?></h2>
332
+
333
+ <div class="aio_blue_box">
334
+ <?php
335
+ //TODO - need to fix the following message
336
+ echo '<p>'.__('A Brute Force Attack is when a hacker tries many combinations of usernames and passwords until they succeed in guessing the right combination.', 'all-in-one-wp-security-and-firewall').
337
+ '<br />'.__('Due to the fact that at any one time there may be many concurrent login attempts occurring on your site via malicious automated robots, this also has a negative impact on your server\'s memory and performance.', 'all-in-one-wp-security-and-firewall').
338
+ '<br />'.__('The features in this tab will stop the majority of Brute Force Login Attacks at the .htaccess level thus providing even better protection for your WP login page and also reducing the load on your server because the system does not have to run PHP code to process the login attempts.', 'all-in-one-wp-security-and-firewall').'</p>';
339
+ ?>
340
+ </div>
341
+ <div class="aio_yellow_box">
342
+ <?php
343
+ $backup_tab_link = '<a href="admin.php?page='.AIOWPSEC_SETTINGS_MENU_SLUG.'&tab=tab2" target="_blank">'.__('backup', 'all-in-one-wp-security-and-firewall').'</a>';
344
+ $video_link = '<a href="https://www.tipsandtricks-hq.com/all-in-one-wp-security-plugin-cookie-based-brute-force-login-attack-prevention-feature-5994" target="_blank">'.__('video tutorial', 'all-in-one-wp-security-and-firewall').'</a>';
345
+ $info_msg = sprintf( __('Even though this feature should not have any impact on your site\'s general functionality <strong>you are strongly encouraged to take a %s of your .htaccess file before proceeding</strong>.', 'all-in-one-wp-security-and-firewall'), $backup_tab_link);
346
+ $info_msg1 = __('If this feature is not used correctly, you can get locked out of your site. A backed up .htaccess file will come in handy if that happens.', 'all-in-one-wp-security-and-firewall');
347
+ $info_msg2 = sprintf( __('To learn more about how to use this feature please watch the following %s.', 'all-in-one-wp-security-and-firewall'), $video_link);
348
+ $brute_force_login_feature_link = '<a href="admin.php?page='.AIOWPSEC_FIREWALL_MENU_SLUG.'&tab=tab4" target="_blank">'.__('Cookie-Based Brute Force Login Prevention', 'all-in-one-wp-security-and-firewall').'</a>';
349
+ echo '<p>'.$info_msg.
350
+ '<br />'.$info_msg1.
351
+ '<br />'.$info_msg2.'</p>';
352
+ ?>
353
+ </div>
354
+ <?php
355
+ //Show the user the new login URL if this feature is active
356
+ if ($aio_wp_security->configs->get_value('aiowps_enable_brute_force_attack_prevention')=='1')
357
+ {
358
+ ?>
359
+ <div class="aio_yellow_box">
360
+ <p><strong><?php _e('NOTE: If you already had the Rename Login Page feature active, the plugin has automatically deactivated it because only one of these features can be active at any one time.', 'all-in-one-wp-security-and-firewall'); ?></strong></p>
361
+ </div>
362
+
363
+ <?php
364
+ }
365
+ ?>
366
+
367
+ <div class="postbox">
368
+ <h3 class="hndle"><label for="title"><?php _e('Cookie Based Brute Force Login Prevention', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
369
+ <div class="inside">
370
+ <?php
371
+ //Display security info badge
372
+ global $aiowps_feature_mgr;
373
+ $aiowps_feature_mgr->output_feature_details_badge("firewall-enable-brute-force-attack-prevention");
374
+ ?>
375
+ <form action="" method="POST">
376
+ <?php wp_nonce_field('aiowpsec-enable-cookie-based-brute-force-prevention'); ?>
377
+ <div class="aio_orange_box">
378
+ <p>
379
+ <?php _e('This feature can lock you out of admin if it doesn\'t work correctly on your site. You <a href="https://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin#advanced_features_note" target="_blank">'.__('must read this message', 'all-in-one-wp-security-and-firewall').'</a> before activating this feature.', 'all-in-one-wp-security-and-firewall'); ?>
380
+ </p>
381
+ </div>
382
+ <table class="form-table">
383
+ <tr valign="top">
384
+ <th scope="row"><?php _e('Enable Brute Force Attack Prevention', 'all-in-one-wp-security-and-firewall')?>:</th>
385
+ <td>
386
+ <input name="aiowps_enable_brute_force_attack_prevention" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_brute_force_attack_prevention')=='1') echo ' checked="checked"'; ?> value="1"/>
387
+ <span class="description"><?php _e('Check this if you want to protect your login page from Brute Force Attack.', 'all-in-one-wp-security-and-firewall'); ?></span>
388
+ <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
389
+ <div class="aiowps_more_info_body">
390
+ <p class="description">
391
+ <?php
392
+ _e('This feature will deny access to your WordPress login page for all people except those who have a special cookie in their browser.', 'all-in-one-wp-security-and-firewall');
393
+ echo '<br />';
394
+ _e('To use this feature do the following:', 'all-in-one-wp-security-and-firewall');
395
+ echo '<br />';
396
+ _e('1) Enable the checkbox.', 'all-in-one-wp-security-and-firewall');
397
+ echo '<br />';
398
+ _e('2) Enter a secret word consisting of alphanumeric characters which will be difficult to guess. This secret word will be useful whenever you need to know the special URL which you will use to access the login page (see point below).', 'all-in-one-wp-security-and-firewall');
399
+ echo '<br />';
400
+ _e('3) You will then be provided with a special login URL. You will need to use this URL to login to your WordPress site instead of the usual login URL. NOTE: The system will deposit a special cookie in your browser which will allow you access to the WordPress administration login page.', 'all-in-one-wp-security-and-firewall');
401
+ echo '<br />';
402
+ _e('Any person trying to access your login page who does not have the special cookie in their browser will be automatically blocked.', 'all-in-one-wp-security-and-firewall');
403
+ ?>
404
+ </p>
405
+ </div>
406
+ </td>
407
+ </tr>
408
+ <tr valign="top">
409
+ <th scope="row"><?php _e('Secret Word', 'all-in-one-wp-security-and-firewall')?>:</th>
410
+ <td><input type="text" size="40" name="aiowps_brute_force_secret_word" value="<?php echo $aio_wp_security->configs->get_value('aiowps_brute_force_secret_word'); ?>" />
411
+ <span class="description"><?php _e('Choose a secret word consisting of alphanumeric characters which you can use to access your special URL. Your are highly encouraged to choose a word which will be difficult to guess.', 'all-in-one-wp-security-and-firewall'); ?></span>
412
+ </td>
413
+ </tr>
414
+ <tr valign="top">
415
+ <th scope="row"><?php _e('Re-direct URL', 'all-in-one-wp-security-and-firewall')?>:</th>
416
+ <td><input type="text" size="40" name="aiowps_cookie_based_brute_force_redirect_url" value="<?php echo $aio_wp_security->configs->get_value('aiowps_cookie_based_brute_force_redirect_url'); ?>" />
417
+ <span class="description">
418
+ <?php
419
+ _e('Specify a URL to redirect a hacker to when they try to access your WordPress login page.', 'all-in-one-wp-security-and-firewall');
420
+ ?>
421
+ </span>
422
+ <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
423
+ <div class="aiowps_more_info_body">
424
+ <p class="description">
425
+ <?php
426
+ _e('The URL specified here can be any site\'s URL and does not have to be your own. For example you can be as creative as you like and send hackers to the CIA or NSA home page.', 'all-in-one-wp-security-and-firewall');
427
+ echo '<br />';
428
+ _e('This field will default to: http://127.0.0.1 if you do not enter a value.', 'all-in-one-wp-security-and-firewall');
429
+ echo '<br />';
430
+ _e('Useful Tip:', 'all-in-one-wp-security-and-firewall');
431
+ echo '<br />';
432
+ _e('It\'s a good idea to not redirect attempted brute force login attempts to your site because it increases the load on your server.', 'all-in-one-wp-security-and-firewall');
433
+ echo '<br />';
434
+ _e('Redirecting a hacker or malicious bot back to "http://127.0.0.1" is ideal because it deflects them back to their own local host and puts the load on their server instead of yours.', 'all-in-one-wp-security-and-firewall');
435
+ ?>
436
+ </p>
437
+ </div>
438
+ </td>
439
+ </tr>
440
+ <tr valign="top">
441
+ <th scope="row"><?php _e('My Site Has Posts Or Pages Which Are Password Protected', 'all-in-one-wp-security-and-firewall')?>:</th>
442
+ <td>
443
+ <input name="aiowps_brute_force_attack_prevention_pw_protected_exception" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_brute_force_attack_prevention_pw_protected_exception')=='1') echo ' checked="checked"'; ?> value="1"/>
444
+ <span class="description"><?php _e('Check this if you are using the native WordPress password protection feature for some or all of your blog posts or pages.', 'all-in-one-wp-security-and-firewall'); ?></span>
445
+ <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
446
+ <div class="aiowps_more_info_body">
447
+ <p class="description">
448
+ <?php
449
+ _e('In the cases where you are protecting some of your posts or pages using the in-built WordPress password protection feature, a few extra lines of directives and exceptions need to be added to your .htacces file so that people trying to access pages are not automatically blocked.', 'all-in-one-wp-security-and-firewall');
450
+ echo '<br />';
451
+ _e('By enabling this checkbox the plugin will add the necessary rules and exceptions to your .htacces file so that people trying to access these pages are not automatically blocked.', 'all-in-one-wp-security-and-firewall');
452
+ echo '<br />';
453
+ echo "<strong>".__('Helpful Tip:', 'all-in-one-wp-security-and-firewall')."</strong>";
454
+ echo '<br />';
455
+ _e('If you do not use the WordPress password protection feature for your posts or pages then it is highly recommended that you leave this checkbox disabled.', 'all-in-one-wp-security-and-firewall');
456
+ ?>
457
+ </p>
458
+ </div>
459
+ </td>
460
+ </tr>
461
+ <tr valign="top">
462
+ <th scope="row"><?php _e('My Site Has a Theme or Plugins Which Use AJAX', 'all-in-one-wp-security-and-firewall')?>:</th>
463
+ <td>
464
+ <input name="aiowps_brute_force_attack_prevention_ajax_exception" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_brute_force_attack_prevention_ajax_exception')=='1') echo ' checked="checked"'; ?> value="1"/>
465
+ <span class="description"><?php _e('Check this if your site uses AJAX functionality.', 'all-in-one-wp-security-and-firewall'); ?></span>
466
+ <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
467
+ <div class="aiowps_more_info_body">
468
+ <p class="description">
469
+ <?php
470
+ _e('In the cases where your WordPress installation has a theme or plugins which use AJAX, a few extra lines of directives and exceptions need to be added to your .htacces file to prevent AJAX requests from being automatically blocked by the brute force prevention feature.', 'all-in-one-wp-security-and-firewall');
471
+ echo '<br />';
472
+ _e('By enabling this checkbox the plugin will add the necessary rules and exceptions to your .htacces file so that AJAX operations will work as expected.', 'all-in-one-wp-security-and-firewall');
473
+ ?>
474
+ </p>
475
+ </div>
476
+ </td>
477
+ </tr>
478
+ </table>
479
+ <?php
480
+ $cookie_test_value = $aio_wp_security->configs->get_value('aiowps_cookie_test_success');
481
+ $bfla_feature_enabled = $aio_wp_security->configs->get_value('aiowps_enable_brute_force_attack_prevention');
482
+ if($cookie_test_value == '1' || $bfla_feature_enabled == '1')//If the cookie test is successful or if the feature is already enabled then go ahead as normal
483
+ {
484
+ if (isset($_REQUEST['aiowps_cookie_test']))
485
+ {//Cookie test was just performed and the test succeded
486
+ echo '<div class="aio_green_box"><p>';
487
+ _e('The cookie test was successful. You can now enable this feature.', 'all-in-one-wp-security-and-firewall');
488
+ echo '</p></div>';
489
+ }
490
+ echo '<input type="submit" name="aiowps_apply_cookie_based_bruteforce_firewall" value="'.__('Save Feature Settings', 'all-in-one-wp-security-and-firewall').'" class="button-primary" />';
491
+ }
492
+ else
493
+ {
494
+ //Cookie test needs to be performed
495
+ if(isset($_REQUEST['aiowps_cookie_test']) && $cookie_test_value != '1'){//Test failed
496
+ echo '<div class="aio_red_box"><p>';
497
+ _e('The cookie test failed on this server. So this feature cannot be used on this site.', 'all-in-one-wp-security-and-firewall');
498
+ echo '</p></div>';
499
+ }
500
+
501
+ echo '<div class="aio_yellow_box"><p>';
502
+ _e("Before using this feature you are required to perform a cookie test first. This is to make sure that your browser cookie is working correctly and that you won't lock yourself out.", 'all-in-one-wp-security-and-firewall');
503
+ echo '</p></div>';
504
+ echo '<input type="submit" name="aiowps_do_cookie_test_for_bfla" value="'.__('Perform Cookie Test', 'all-in-one-wp-security-and-firewall').'" class="button-primary" />';
505
+ }
506
+ ?>
507
+ </form>
508
+ </div></div>
509
+ <?php
510
+ }
511
+
512
+ function render_tab3()
513
+ {
514
+ global $aio_wp_security;
515
+ global $aiowps_feature_mgr;
516
+
517
+ if(isset($_POST['aiowpsec_save_captcha_settings']))//Do form submission tasks
518
+ {
519
+ $error = '';
520
+ $nonce=$_REQUEST['_wpnonce'];
521
+ if (!wp_verify_nonce($nonce, 'aiowpsec-captcha-settings-nonce'))
522
+ {
523
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed on captcha settings save!",4);
524
+ die("Nonce check failed on captcha settings save!");
525
+ }
526
+
527
+
528
+ //Save all the form values to the options
529
+ $random_20_digit_string = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(20); //Generate random 20 char string for use during captcha encode/decode
530
+ $aio_wp_security->configs->set_value('aiowps_captcha_secret_key', $random_20_digit_string);
531
+ $aio_wp_security->configs->set_value('aiowps_enable_login_captcha',isset($_POST["aiowps_enable_login_captcha"])?'1':'');
532
+ $aio_wp_security->configs->set_value('aiowps_enable_woo_login_captcha',isset($_POST["aiowps_enable_woo_login_captcha"])?'1':'');
533
+ $aio_wp_security->configs->set_value('aiowps_enable_woo_register_captcha',isset($_POST["aiowps_enable_woo_register_captcha"])?'1':'');
534
+ $aio_wp_security->configs->set_value('aiowps_enable_woo_lostpassword_captcha',isset($_POST["aiowps_enable_woo_lostpassword_captcha"])?'1':'');
535
+ $aio_wp_security->configs->set_value('aiowps_enable_custom_login_captcha',isset($_POST["aiowps_enable_custom_login_captcha"])?'1':'');
536
+ $aio_wp_security->configs->set_value('aiowps_enable_lost_password_captcha',isset($_POST["aiowps_enable_lost_password_captcha"])?'1':'');
537
+
538
+ // if secret key is masked then don't resave it or the site key
539
+ $secret_key = sanitize_text_field($_POST["aiowps_recaptcha_secret_key"]);
540
+ if(strpos($secret_key, '********') === false){
541
+ $aio_wp_security->configs->set_value('aiowps_recaptcha_site_key',sanitize_text_field($_POST["aiowps_recaptcha_site_key"]));
542
+ $aio_wp_security->configs->set_value('aiowps_recaptcha_secret_key',sanitize_text_field($_POST["aiowps_recaptcha_secret_key"]));
543
+ }
544
+
545
+ $aio_wp_security->configs->set_value('aiowps_default_recaptcha',isset($_POST["aiowps_default_recaptcha"])?'1':'');//Checkbox
546
+ $aio_wp_security->configs->save_config();
547
+
548
+ //Recalculate points after the feature status/options have been altered
549
+ $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
550
+
551
+ $this->show_msg_settings_updated();
552
+ }
553
+
554
+ $secret_key_masked = AIOWPSecurity_Utility::mask_string($aio_wp_security->configs->get_value('aiowps_recaptcha_secret_key'));
555
+ ?>
556
+ <div class="aio_blue_box">
557
+ <?php
558
+ $recaptcha_link = '<a href="https://www.google.com/recaptcha" target="_blank">Google reCAPTCHA v2</a>';
559
+ echo sprintf('<p>'.__('This feature allows you to add a captcha form on various WordPress login pages and forms.', 'all-in-one-wp-security-and-firewall').'
560
+ <br />'.__('Adding a captcha form on a login page or form is another effective yet simple "Brute Force" prevention technique.', 'all-in-one-wp-security-and-firewall').'
561
+ <br />'.__('You have the option of using either %s or a plain maths captcha form.', 'all-in-one-wp-security-and-firewall').'
562
+ <br />'.__('If you enable Google reCAPTCHA the reCAPTCHA widget will be displayed for all forms the captcha settings below.', 'all-in-one-wp-security-and-firewall').'
563
+ <br />'.__('If Google reCAPTCHA is disabled the simple maths captcha form will apply and users will need to enter the answer to a simple mathematical question.', 'all-in-one-wp-security-and-firewall').'
564
+ </p>', $recaptcha_link);
565
+ ?>
566
+ </div>
567
+ <form action="" method="POST">
568
+ <?php wp_nonce_field('aiowpsec-captcha-settings-nonce'); ?>
569
+ <div class="postbox">
570
+ <h3 class="hndle"><label for="title"><?php _e('Google reCAPTCHA Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
571
+ <div class="inside">
572
+ <div class="aio_orange_box">
573
+ <p>
574
+ <?php
575
+ echo __('By enabling these settings the Google reCAPTCHA v2 widget will be applied by default for all forms with captcha enabled.', 'all-in-one-wp-security-and-firewall');
576
+ ?>
577
+ </p>
578
+ </div>
579
+
580
+ <table class="form-table">
581
+ <tr valign="top">
582
+ <th scope="row"><?php _e('Use Google reCAPTCHA as default', 'all-in-one-wp-security-and-firewall')?>:</th>
583
+ <td>
584
+ <input name="aiowps_default_recaptcha" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_default_recaptcha')=='1') echo ' checked="checked"'; ?> value="1"/>
585
+ <span class="description"><?php _e('Check this if you want to default to Google reCAPTCHA for all settings below. (If this is left unchecked, all captcha forms will revert to the plain maths captcha)', 'all-in-one-wp-security-and-firewall'); ?></span>
586
+ </td>
587
+ </tr>
588
+ <tr valign="top">
589
+ <th scope="row"><?php _e('Site Key', 'all-in-one-wp-security-and-firewall')?>:</th>
590
+ <td><input type="text" size="50" name="aiowps_recaptcha_site_key" value="<?php echo esc_html( $aio_wp_security->configs->get_value('aiowps_recaptcha_site_key') ); ?>" />
591
+ </td>
592
+ </tr>
593
+ <tr valign="top">
594
+ <th scope="row"><?php _e('Secret Key', 'all-in-one-wp-security-and-firewall')?>:</th>
595
+ <td><input type="text" size="50" name="aiowps_recaptcha_secret_key" value="<?php echo esc_html( $secret_key_masked ); ?>" />
596
+ </td>
597
+ </tr>
598
+ </table>
599
+ </div></div>
600
+ <div class="postbox">
601
+ <h3 class="hndle"><label for="title"><?php _e('Login Form Captcha Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
602
+ <div class="inside">
603
+ <?php
604
+ //Display security info badge
605
+ global $aiowps_feature_mgr;
606
+ $aiowps_feature_mgr->output_feature_details_badge("user-login-captcha");
607
+ ?>
608
+ <table class="form-table">
609
+ <tr valign="top">
610
+ <th scope="row"><?php _e('Enable Captcha On Login Page', 'all-in-one-wp-security-and-firewall')?>:</th>
611
+ <td>
612
+ <input name="aiowps_enable_login_captcha" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_login_captcha')=='1') echo ' checked="checked"'; ?> value="1"/>
613
+ <span class="description"><?php _e('Check this if you want to insert a captcha form on the login page', 'all-in-one-wp-security-and-firewall'); ?></span>
614
+ </td>
615
+ </tr>
616
+ </table>
617
+ </div></div>
618
+ <div class="postbox">
619
+ <h3 class="hndle"><label for="title"><?php _e('Lost Password Form Captcha Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
620
+ <div class="inside">
621
+ <?php
622
+ //Display security info badge
623
+ global $aiowps_feature_mgr;
624
+ $aiowps_feature_mgr->output_feature_details_badge("lost-password-captcha");
625
+ ?>
626
+
627
+ <table class="form-table">
628
+ <tr valign="top">
629
+ <th scope="row"><?php _e('Enable Captcha On Lost Password Page', 'all-in-one-wp-security-and-firewall')?>:</th>
630
+ <td>
631
+ <input name="aiowps_enable_lost_password_captcha" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_lost_password_captcha')=='1') echo ' checked="checked"'; ?> value="1"/>
632
+ <span class="description"><?php _e('Check this if you want to insert a captcha form on the lost password page', 'all-in-one-wp-security-and-firewall'); ?></span>
633
+ </td>
634
+ </tr>
635
+ </table>
636
+ </div></div>
637
+ <div class="postbox">
638
+ <h3 class="hndle"><label for="title"><?php _e('Custom Login Form Captcha Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
639
+ <div class="inside">
640
+ <?php
641
+ //Display security info badge
642
+ global $aiowps_feature_mgr;
643
+ $aiowps_feature_mgr->output_feature_details_badge("custom-login-captcha");
644
+ ?>
645
+ <table class="form-table">
646
+ <tr valign="top">
647
+ <th scope="row"><?php _e('Enable Captcha On Custom Login Form', 'all-in-one-wp-security-and-firewall')?>:</th>
648
+ <td>
649
+ <input name="aiowps_enable_custom_login_captcha" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_custom_login_captcha')=='1') echo ' checked="checked"'; ?> value="1"/>
650
+ <span class="description"><?php _e('Check this if you want to insert captcha on a custom login form generated by the following WP function: wp_login_form()', 'all-in-one-wp-security-and-firewall'); ?></span>
651
+ </td>
652
+ </tr>
653
+ </table>
654
+ </div></div>
655
+ <?php
656
+ // Only display woocommerce captcha settings if woo is active
657
+ if ( in_array( 'woocommerce/woocommerce.php', apply_filters( 'active_plugins', get_option( 'active_plugins' ) ) ) ) {
658
+ ?>
659
+ <div class="postbox">
660
+ <h3 class="hndle"><label for="title"><?php _e('Woocommerce Forms Captcha Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
661
+ <div class="inside">
662
+ <?php
663
+ //Display security info badge
664
+ global $aiowps_feature_mgr;
665
+ $aiowps_feature_mgr->output_feature_details_badge("woo-login-captcha");
666
+ ?>
667
+ <table class="form-table">
668
+ <tr valign="top">
669
+ <th scope="row"><?php _e('Enable Captcha On Woocommerce Login Form', 'all-in-one-wp-security-and-firewall')?>:</th>
670
+ <td>
671
+ <input name="aiowps_enable_woo_login_captcha" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_woo_login_captcha')=='1') echo ' checked="checked"'; ?> value="1"/>
672
+ <span class="description"><?php _e('Check this if you want to insert captcha on a Woocommerce login form', 'all-in-one-wp-security-and-firewall'); ?></span>
673
+ </td>
674
+ </tr>
675
+ </table>
676
+ <hr>
677
+ <?php
678
+ $aiowps_feature_mgr->output_feature_details_badge("woo-lostpassword-captcha");
679
+ ?>
680
+ <table class="form-table">
681
+ <tr valign="top">
682
+ <th scope="row"><?php _e('Enable Captcha On Woocommerce Lost Password Form', 'all-in-one-wp-security-and-firewall')?>:</th>
683
+ <td>
684
+ <input name="aiowps_enable_woo_lostpassword_captcha" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_woo_lostpassword_captcha')=='1') echo ' checked="checked"'; ?> value="1"/>
685
+ <span class="description"><?php _e('Check this if you want to insert captcha on a Woocommerce lost password form', 'all-in-one-wp-security-and-firewall'); ?></span>
686
+ </td>
687
+ </tr>
688
+ </table>
689
+ <hr>
690
+ <?php
691
+ $aiowps_feature_mgr->output_feature_details_badge("woo-register-captcha");
692
+ ?>
693
+ <table class="form-table">
694
+ <tr valign="top">
695
+ <th scope="row"><?php _e('Enable Captcha On Woocommerce Registration Form', 'all-in-one-wp-security-and-firewall')?>:</th>
696
+ <td>
697
+ <input name="aiowps_enable_woo_register_captcha" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_woo_register_captcha')=='1') echo ' checked="checked"'; ?> value="1"/>
698
+ <span class="description"><?php _e('Check this if you want to insert captcha on a Woocommerce registration form', 'all-in-one-wp-security-and-firewall'); ?></span>
699
+ </td>
700
+ </tr>
701
+ </table>
702
+ </div></div>
703
+ <?php
704
+ }
705
+ ?>
706
+
707
+ <input type="submit" name="aiowpsec_save_captcha_settings" value="<?php _e('Save Settings', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
708
+ </form>
709
+ <?php
710
+ }
711
+
712
+ function render_tab4()
713
+ {
714
+ global $aio_wp_security;
715
+ global $aiowps_feature_mgr;
716
+ $result = 1;
717
+ $your_ip_address = AIOWPSecurity_Utility_IP::get_user_ip_address();
718
+ if (isset($_POST['aiowps_save_whitelist_settings']))
719
+ {
720
+ $nonce=$_REQUEST['_wpnonce'];
721
+ if (!wp_verify_nonce($nonce, 'aiowpsec-whitelist-settings-nonce'))
722
+ {
723
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed for save whitelist settings!",4);
724
+ die(__('Nonce check failed for save whitelist settings!','all-in-one-wp-security-and-firewall'));
725
+ }
726
+
727
+ if (isset($_POST["aiowps_enable_whitelisting"]) && empty($_POST['aiowps_allowed_ip_addresses']))
728
+ {
729
+ $this->show_msg_error('You must submit at least one IP address!','all-in-one-wp-security-and-firewall');
730
+ }
731
+ else
732
+ {
733
+ if (!empty($_POST['aiowps_allowed_ip_addresses']))
734
+ {
735
+ $ip_addresses = $_POST['aiowps_allowed_ip_addresses'];
736
+ $ip_list_array = AIOWPSecurity_Utility_IP::create_ip_list_array_from_string_with_newline($ip_addresses);
737
+ $payload = AIOWPSecurity_Utility_IP::validate_ip_list($ip_list_array, 'whitelist');
738
+ if($payload[0] == 1){
739
+ //success case
740
+ $result = 1;
741
+ $list = $payload[1];
742
+ $whitelist_ip_data = implode(PHP_EOL, $list);
743
+ $aio_wp_security->configs->set_value('aiowps_allowed_ip_addresses',$whitelist_ip_data);
744
+ $_POST['aiowps_allowed_ip_addresses'] = ''; //Clear the post variable for the banned address list
745
+ }
746
+ else{
747
+ $result = -1;
748
+ $error_msg = htmlspecialchars($payload[1][0]);
749
+ $this->show_msg_error($error_msg);
750
+ }
751
+
752
+ }
753
+ else
754
+ {
755
+ $aio_wp_security->configs->set_value('aiowps_allowed_ip_addresses',''); //Clear the IP address config value
756
+ }
757
+
758
+ if ($result == 1)
759
+ {
760
+ $aio_wp_security->configs->set_value('aiowps_enable_whitelisting',isset($_POST["aiowps_enable_whitelisting"])?'1':'');
761
+ $aio_wp_security->configs->save_config(); //Save the configuration
762
+
763
+ //Recalculate points after the feature status/options have been altered
764
+ $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
765
+
766
+ $this->show_msg_settings_updated();
767
+
768
+ $write_result = AIOWPSecurity_Utility_Htaccess::write_to_htaccess(); //now let's write to the .htaccess file
769
+ if ( !$write_result )
770
+ {
771
+ $this->show_msg_error(__('The plugin was unable to write to the .htaccess file. Please edit file manually.','all-in-one-wp-security-and-firewall'));
772
+ $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_whitelist_Menu - The plugin was unable to write to the .htaccess file.");
773
+ }
774
+ }
775
+ }
776
+ }
777
+ ?>
778
+ <h2><?php _e('Login Whitelist', 'all-in-one-wp-security-and-firewall')?></h2>
779
+ <div class="aio_blue_box">
780
+ <?php
781
+ echo '<p>'.__('The All In One WP Security Whitelist feature gives you the option of only allowing certain IP addresses or ranges to have access to your WordPress login page.', 'all-in-one-wp-security-and-firewall').'
782
+ <br />'.__('This feature will deny login access for all IP addresses which are not in your whitelist as configured in the settings below.', 'all-in-one-wp-security-and-firewall').'
783
+ <br />'.__('The plugin achieves this by writing the appropriate directives to your .htaccess file.', 'all-in-one-wp-security-and-firewall').'
784
+ <br />'.__('By allowing/blocking IP addresses via the .htaccess file your are using the most secure first line of defence because login access will only be granted to whitelisted IP addresses and other addresses will be blocked as soon as they try to access your login page.', 'all-in-one-wp-security-and-firewall').'
785
+ </p>';
786
+ ?>
787
+ </div>
788
+ <div class="aio_yellow_box">
789
+ <?php
790
+ $brute_force_login_feature_link = '<a href="admin.php?page='.AIOWPSEC_BRUTE_FORCE_MENU_SLUG.'&tab=tab2" target="_blank">'.__('Cookie-Based Brute Force Login Prevention', 'all-in-one-wp-security-and-firewall').'</a>';
791
+ $rename_login_feature_link = '<a href="admin.php?page='.AIOWPSEC_BRUTE_FORCE_MENU_SLUG.'&tab=tab1" target="_blank">'.__('Rename Login Page', 'all-in-one-wp-security-and-firewall').'</a>';
792
+ echo '<p>'.sprintf( __('Attention: If in addition to enabling the white list feature, you also have one of the %s or %s features enabled, <strong>you will still need to use your secret word or special slug in the URL when trying to access your WordPress login page</strong>.', 'all-in-one-wp-security-and-firewall'), $brute_force_login_feature_link, $rename_login_feature_link).'</p>
793
+ <p>'.__('These features are NOT functionally related. Having both of them enabled on your site means you are creating 2 layers of security.', 'all-in-one-wp-security-and-firewall').'</p>';
794
+ ?>
795
+ </div>
796
+
797
+ <div class="postbox">
798
+ <h3 class="hndle"><label for="title"><?php _e('Login IP Whitelist Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
799
+ <div class="inside">
800
+ <?php
801
+ //Display security info badge
802
+ global $aiowps_feature_mgr;
803
+ $aiowps_feature_mgr->output_feature_details_badge("whitelist-manager-ip-login-whitelisting");
804
+ ?>
805
+ <form action="" method="POST">
806
+ <?php wp_nonce_field('aiowpsec-whitelist-settings-nonce'); ?>
807
+ <table class="form-table">
808
+ <tr valign="top">
809
+ <th scope="row"><?php _e('Enable IP Whitelisting', 'all-in-one-wp-security-and-firewall')?>:</th>
810
+ <td>
811
+ <input name="aiowps_enable_whitelisting" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_whitelisting')=='1') echo ' checked="checked"'; ?> value="1"/>
812
+ <span class="description"><?php _e('Check this if you want to enable the whitelisting of selected IP addresses specified in the settings below', 'all-in-one-wp-security-and-firewall'); ?></span>
813
+ </td>
814
+ </tr>
815
+ <tr valign="top">
816
+ <th scope="row"><?php _e('Your Current IP Address', 'all-in-one-wp-security-and-firewall')?>:</th>
817
+ <td>
818
+ <input size="20" name="aiowps_user_ip" type="text" value="<?php echo $your_ip_address; ?>" readonly="readonly"/>
819
+ <span class="description"><?php _e('You can copy and paste this address in the text box below if you want to include it in your login whitelist.', 'all-in-one-wp-security-and-firewall'); ?></span>
820
+ </td>
821
+ </tr>
822
+ <tr valign="top">
823
+ <th scope="row"><?php _e('Enter Whitelisted IP Addresses:', 'all-in-one-wp-security-and-firewall')?></th>
824
+ <td>
825
+ <textarea name="aiowps_allowed_ip_addresses" rows="5" cols="50"><?php echo ($result == -1)?htmlspecialchars($_POST['aiowps_allowed_ip_addresses']):htmlspecialchars($aio_wp_security->configs->get_value('aiowps_allowed_ip_addresses')); ?></textarea>
826
+ <br />
827
+ <span class="description"><?php _e('Enter one or more IP addresses or IP ranges you wish to include in your whitelist. Only the addresses specified here will have access to the WordPress login page.','all-in-one-wp-security-and-firewall');?></span>
828
+ <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
829
+ <div class="aiowps_more_info_body">
830
+ <?php
831
+ echo '<p class="description"><strong>'.__('Each IP address must be on a new line.', 'all-in-one-wp-security-and-firewall').'</strong></p>';
832
+ echo '<p class="description">'.__('To specify an IPv4 range use a wildcard "*" character. Acceptable ways to use wildcards is shown in the examples below:', 'all-in-one-wp-security-and-firewall').'</p>';
833
+ echo '<p class="description">'.__('Example 1: 195.47.89.*', 'all-in-one-wp-security-and-firewall').'</p>';
834
+ echo '<p class="description">'.__('Example 2: 195.47.*.*', 'all-in-one-wp-security-and-firewall').'</p>';
835
+ echo '<p class="description">'.__('Example 3: 195.*.*.*', 'all-in-one-wp-security-and-firewall').'</p>';
836
+ echo '<p class="description">'.__('Or you can enter an IPv6 address (NOTE: ranges/wildcards are currently not supported for ipv6)', 'all-in-one-wp-security-and-firewall').'</p>';
837
+ echo '<p class="description">'.__('Example 4: 4102:0:3ea6:79fd:b:46f8:230f:bb05', 'all-in-one-wp-security-and-firewall').'</p>';
838
+ echo '<p class="description">'.__('Example 5: 2205:0:1ca2:810d::', 'all-in-one-wp-security-and-firewall').'</p>';
839
+ ?>
840
+ </div>
841
+
842
+ </td>
843
+ </tr>
844
+ </table>
845
+ <input type="submit" name="aiowps_save_whitelist_settings" value="<?php _e('Save Settings', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
846
+ </form>
847
+ </div></div>
848
+ <?php
849
+ }
850
+
851
+ function render_tab5()
852
+ {
853
+ global $aio_wp_security;
854
+ global $aiowps_feature_mgr;
855
+
856
+ if(isset($_POST['aiowpsec_save_honeypot_settings']))//Do form submission tasks
857
+ {
858
+ $error = '';
859
+ $nonce=$_REQUEST['_wpnonce'];
860
+ if (!wp_verify_nonce($nonce, 'aiowpsec-honeypot-settings-nonce'))
861
+ {
862
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed on honeypot settings save!",4);
863
+ die("Nonce check failed on honeypot settings save!");
864
+ }
865
+
866
+ //Save all the form values to the options
867
+ $aio_wp_security->configs->set_value('aiowps_enable_login_honeypot',isset($_POST["aiowps_enable_login_honeypot"])?'1':'');
868
+ $aio_wp_security->configs->save_config();
869
+
870
+ //Recalculate points after the feature status/options have been altered
871
+ $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
872
+
873
+ $this->show_msg_settings_updated();
874
+ }
875
+ ?>
876
+ <div class="aio_blue_box">
877
+ <?php
878
+ echo '<p>'.__('This feature allows you to add a special hidden "honeypot" field on the WordPress login page. This will only be visible to robots and not humans.', 'all-in-one-wp-security-and-firewall').'
879
+ <br />'.__('Since robots usually fill in every input field from a login form, they will also submit a value for the special hidden honeypot field.', 'all-in-one-wp-security-and-firewall').'
880
+ <br />'.__('The way honeypots work is that a hidden field is placed somewhere inside a form which only robots will submit. If that field contains a value when the form is submitted then a robot has most likely submitted the form and it is consequently dealt with.', 'all-in-one-wp-security-and-firewall').'
881
+ <br />'.__('Therefore, if the plugin detects that this field has a value when the login form is submitted, then the robot which is attempting to login to your site will be redirected to its localhost address - http://127.0.0.1.', 'all-in-one-wp-security-and-firewall').'
882
+ </p>';
883
+ ?>
884
+ </div>
885
+ <form action="" method="POST">
886
+ <div class="postbox">
887
+ <h3 class="hndle"><label for="title"><?php _e('Login Form Honeypot Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
888
+ <div class="inside">
889
+ <?php
890
+ //Display security info badge
891
+ global $aiowps_feature_mgr;
892
+ $aiowps_feature_mgr->output_feature_details_badge("login-honeypot");
893
+ ?>
894
+
895
+ <?php wp_nonce_field('aiowpsec-honeypot-settings-nonce'); ?>
896
+ <table class="form-table">
897
+ <tr valign="top">
898
+ <th scope="row"><?php _e('Enable Honeypot On Login Page', 'all-in-one-wp-security-and-firewall')?>:</th>
899
+ <td>
900
+ <input name="aiowps_enable_login_honeypot" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_login_honeypot')=='1') echo ' checked="checked"'; ?> value="1"/>
901
+ <span class="description"><?php _e('Check this if you want to enable the honeypot feature for the login page', 'all-in-one-wp-security-and-firewall'); ?></span>
902
+ </td>
903
+ </tr>
904
+ </table>
905
+ </div></div>
906
+
907
+ <input type="submit" name="aiowpsec_save_honeypot_settings" value="<?php _e('Save Settings', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
908
+ </form>
909
+ <?php
910
+ }
911
+
912
+
913
  } //end class
admin/wp-security-dashboard-menu.php CHANGED
@@ -1,824 +1,823 @@
1
- <?php
2
- if(!defined('ABSPATH')){
3
- exit;//Exit if accessed directly
4
- }
5
-
6
- class AIOWPSecurity_Dashboard_Menu extends AIOWPSecurity_Admin_Menu
7
- {
8
- var $dashboard_menu_page_slug = AIOWPSEC_MAIN_MENU_SLUG;
9
-
10
- var $menu_tabs;
11
-
12
- var $menu_tabs_handler = array(
13
- 'tab1' => 'render_tab1',
14
- 'tab2' => 'render_tab2',
15
- 'tab3' => 'render_tab3',
16
- 'tab4' => 'render_tab4',
17
- 'tab5' => 'render_tab5',
18
- );
19
-
20
- function __construct()
21
- {
22
- $this->render_menu_page();
23
- }
24
-
25
- function set_menu_tabs()
26
- {
27
- $this->menu_tabs = array(
28
- 'tab1' => __('Dashboard', 'all-in-one-wp-security-and-firewall'),
29
- 'tab2' => __('System Info', 'all-in-one-wp-security-and-firewall'),
30
- 'tab3' => __('Locked IP Addresses', 'all-in-one-wp-security-and-firewall'),
31
- 'tab4' => __('Permanent Block List', 'all-in-one-wp-security-and-firewall'),
32
- 'tab5' => __('AIOWPS Logs', 'all-in-one-wp-security-and-firewall'),
33
- );
34
- }
35
-
36
- function get_current_tab()
37
- {
38
- $tab_keys = array_keys($this->menu_tabs);
39
- $tab = isset($_GET['tab']) ? sanitize_text_field($_GET['tab']) : $tab_keys[0];
40
- return $tab;
41
- }
42
-
43
- /*
44
- * Renders our tabs of this menu as nav items
45
- */
46
- function render_menu_tabs()
47
- {
48
- $current_tab = $this->get_current_tab();
49
-
50
- echo '<h2 class="nav-tab-wrapper">';
51
- foreach ($this->menu_tabs as $tab_key => $tab_caption) {
52
- $active = $current_tab == $tab_key ? 'nav-tab-active' : '';
53
- echo '<a class="nav-tab ' . $active . '" href="?page=' . $this->dashboard_menu_page_slug . '&tab=' . $tab_key . '">' . $tab_caption . '</a>';
54
- }
55
- echo '</h2>';
56
- }
57
-
58
- /*
59
- * The menu rendering goes here
60
- */
61
- function render_menu_page()
62
- {
63
- echo '<div class="wrap">';
64
- echo '<h2>' . __('Dashboard', 'all-in-one-wp-security-and-firewall') . '</h2>';//Interface title
65
- $this->set_menu_tabs();
66
- $tab = $this->get_current_tab();
67
- $this->render_menu_tabs();
68
- ?>
69
- <div id="poststuff"><div id="post-body">
70
- <?php
71
- call_user_func(array(&$this, $this->menu_tabs_handler[$tab]));
72
- ?>
73
- </div></div>
74
- </div><!-- end of wrap -->
75
- <?php
76
- }
77
-
78
- function render_tab1()
79
- {
80
- /** Load WordPress dashboard API */
81
- require_once(ABSPATH . 'wp-admin/includes/dashboard.php');
82
- $this->wp_dashboard_setup();
83
-
84
- wp_enqueue_script( 'dashboard' );
85
- if ( wp_is_mobile() )
86
- wp_enqueue_script( 'jquery-touch-punch' );
87
- ?>
88
- <script type='text/javascript' src='https://www.google.com/jsapi'></script>
89
- <div id="dashboard-widgets-wrap">
90
- <?php $this->wp_dashboard(); ?>
91
- </div><!-- dashboard-widgets-wrap -->
92
- <?php
93
- }
94
-
95
- function render_tab2()
96
- {
97
- global $wpdb;
98
- ?>
99
- <div class="postbox">
100
- <h3 class="hndle"><label for="title"><?php _e('Site Info', 'all-in-one-wp-security-and-firewall');?></label>
101
- </h3>
102
-
103
- <div class="inside">
104
- <strong><?php _e('Plugin Version', 'all-in-one-wp-security-and-firewall');?>
105
- : </strong><code><?php echo AIO_WP_SECURITY_VERSION;?></code><br/>
106
- <strong><?php _e('WP Version', 'all-in-one-wp-security-and-firewall');?>
107
- : </strong><code><?php echo get_bloginfo("version"); ?></code><br/>
108
- <strong>WPMU: </strong><code><?php echo (!defined('MULTISITE') || !MULTISITE) ? "No" : "Yes"; ?></code><br/>
109
- <strong>MySQL <?php _e('Version', 'all-in-one-wp-security-and-firewall');?>
110
- : </strong><code><?php echo $wpdb->db_version();?></code><br/>
111
- <strong>WP <?php _e('Table Prefix', 'all-in-one-wp-security-and-firewall');?>
112
- : </strong><code><?php echo $wpdb->prefix; ?></code><br/>
113
- <strong>PHP <?php _e('Version', 'all-in-one-wp-security-and-firewall');?>
114
- : </strong><code><?php echo phpversion(); ?></code><br/>
115
- <strong><?php _e('Session Save Path', 'all-in-one-wp-security-and-firewall');?>
116
- : </strong><code><?php echo ini_get("session.save_path"); ?></code><br/>
117
- <strong>WP URL: </strong><code><?php echo get_bloginfo('wpurl'); ?></code><br/>
118
- <strong><?php _e('Server Name', 'all-in-one-wp-security-and-firewall');?>
119
- : </strong><code><?php echo $_SERVER['SERVER_NAME']; ?></code><br/>
120
- <strong><?php _e('Cookie Domain', 'all-in-one-wp-security-and-firewall');?>
121
- : </strong><code><?php $cookieDomain = parse_url(strtolower(get_bloginfo('wpurl')));
122
- echo $cookieDomain['host']; ?></code><br/>
123
- <strong>CURL <?php _e('Library Present', 'all-in-one-wp-security-and-firewall');?>
124
- : </strong><code><?php echo (function_exists('curl_init')) ? "Yes" : "No"; ?></code><br/>
125
- <strong><?php _e('Debug File Write Permissions', 'all-in-one-wp-security-and-firewall');?>
126
- : </strong><code><?php echo (is_writable(AIO_WP_SECURITY_PATH)) ? "Writable" : "Not Writable"; ?></code><br/>
127
- </div>
128
- </div><!-- End of Site Info -->
129
-
130
- <div class="postbox">
131
- <h3 class="hndle"><label for="title"><?php _e('PHP Info', 'all-in-one-wp-security-and-firewall');?></label>
132
- </h3>
133
-
134
- <div class="inside">
135
- <strong><?php _e('PHP Version', 'all-in-one-wp-security-and-firewall'); ?>
136
- : </strong><code><?php echo PHP_VERSION; ?></code><br/>
137
- <strong><?php _e('PHP Memory Usage', 'all-in-one-wp-security-and-firewall'); ?>:
138
- </strong><code><?php echo round(memory_get_usage() / 1024 / 1024, 2) . __(' MB', 'all-in-one-wp-security-and-firewall'); ?></code>
139
- <br/>
140
- <?php
141
- if (ini_get('memory_limit')) {
142
- $memory_limit = filter_var(ini_get('memory_limit'), FILTER_SANITIZE_STRING);
143
- } else {
144
- $memory_limit = __('N/A', 'all-in-one-wp-security-and-firewall');
145
- }
146
- ?>
147
- <strong><?php _e('PHP Memory Limit', 'all-in-one-wp-security-and-firewall'); ?>
148
- : </strong><code><?php echo $memory_limit; ?></code><br/>
149
- <?php
150
- if (ini_get('upload_max_filesize')) {
151
- $upload_max = filter_var(ini_get('upload_max_filesize'), FILTER_SANITIZE_STRING);
152
- } else {
153
- $upload_max = __('N/A', 'all-in-one-wp-security-and-firewall');
154
- }
155
- ?>
156
- <strong><?php _e('PHP Max Upload Size', 'all-in-one-wp-security-and-firewall'); ?>
157
- : </strong><code><?php echo $upload_max; ?></code><br/>
158
- <?php
159
- if (ini_get('post_max_size')) {
160
- $post_max = filter_var(ini_get('post_max_size'), FILTER_SANITIZE_STRING);
161
- } else {
162
- $post_max = __('N/A', 'all-in-one-wp-security-and-firewall');
163
- }
164
- ?>
165
- <strong><?php _e('PHP Max Post Size', 'all-in-one-wp-security-and-firewall'); ?>
166
- : </strong><code><?php echo $post_max; ?></code><br/>
167
- <?php
168
- if (ini_get('allow_url_fopen')) {
169
- $allow_url_fopen = __('On', 'all-in-one-wp-security-and-firewall');
170
- } else {
171
- $allow_url_fopen = __('Off', 'all-in-one-wp-security-and-firewall');
172
- }
173
- ?>
174
- <strong><?php _e('PHP Allow URL fopen', 'all-in-one-wp-security-and-firewall'); ?>
175
- : </strong><code><?php echo $allow_url_fopen; ?></code>
176
- <br/>
177
- <?php
178
- if (ini_get('display_errors')) {
179
- $display_errors = __('On', 'all-in-one-wp-security-and-firewall');
180
- } else {
181
- $display_errors = __('Off', 'all-in-one-wp-security-and-firewall');
182
- }
183
- ?>
184
- <strong><?php _e('PHP Display Errors', 'all-in-one-wp-security-and-firewall'); ?>
185
- : </strong><code><?php echo $display_errors; ?></code>
186
- <br/>
187
- <?php
188
- if (ini_get('max_execution_time')) {
189
- $max_execute = filter_var(ini_get('max_execution_time'));
190
- } else {
191
- $max_execute = __('N/A', 'all-in-one-wp-security-and-firewall');
192
- }
193
- ?>
194
- <strong><?php _e('PHP Max Script Execution Time', 'all-in-one-wp-security-and-firewall'); ?>
195
- : </strong><code><?php echo $max_execute; ?> <?php _e('Seconds'); ?></code><br/>
196
- </div>
197
- </div><!-- End of PHP Info -->
198
-
199
- <div class="postbox">
200
- <h3 class="hndle"><label
201
- for="title"><?php _e('Active Plugins', 'all-in-one-wp-security-and-firewall');?></label></h3>
202
-
203
- <div class="inside">
204
- <?php
205
- $all_plugins = get_plugins();
206
- $active_plugins = get_option('active_plugins');
207
- //var_dump($all_plugins);
208
- ?>
209
- <table class="widefat aio_spacer_10_tb">
210
- <thead>
211
- <tr>
212
- <th><?php _e('Name', 'all-in-one-wp-security-and-firewall') ?></th>
213
- <th><?php _e('Version', 'all-in-one-wp-security-and-firewall') ?></th>
214
- <th><?php _e('Plugin URL', 'all-in-one-wp-security-and-firewall') ?></th>
215
- </tr>
216
- </thead>
217
- <tbody>
218
- <?php
219
- foreach ($active_plugins as $plugin_key) {
220
- $plugin_details = $all_plugins[$plugin_key];
221
- echo '<tr><td>' . $plugin_details['Name'] . '</td><td>' . $plugin_details['Version'] . '</td><td>' . $plugin_details['PluginURI'] . '</td></tr>';
222
- }
223
- ?>
224
- </tbody>
225
- </table>
226
- </div>
227
- </div><!-- End of Active Plugins -->
228
- <?php
229
- }
230
-
231
- function render_tab3()
232
- {
233
- global $wpdb;
234
- include_once 'wp-security-list-locked-ip.php'; //For rendering the AIOWPSecurity_List_Table in tab1
235
- $locked_ip_list = new AIOWPSecurity_List_Locked_IP(); //For rendering the AIOWPSecurity_List_Table in tab1
236
-
237
- if (isset($_REQUEST['action'])) //Do list table form row action tasks
238
- {
239
- if ($_REQUEST['action'] == 'delete_blocked_ip') { //Delete link was clicked for a row in list table
240
- $locked_ip_list->delete_lockdown_records(strip_tags($_REQUEST['lockdown_id']));
241
- }
242
-
243
- if ($_REQUEST['action'] == 'unlock_ip') { //Unlock link was clicked for a row in list table
244
- $locked_ip_list->unlock_ip_range(strip_tags($_REQUEST['lockdown_id']));
245
- }
246
- }
247
-
248
- ?>
249
- <div class="aio_blue_box">
250
- <?php
251
- $login_lockdown_feature_url = '<a href="admin.php?page=' . AIOWPSEC_USER_LOGIN_MENU_SLUG . '&tab=tab1" target="_blank">'.__('Login Lockdown', 'all-in-one-wp-security-and-firewall').'</a>';
252
- echo '<p>' . __('This tab displays the list of all IP addresses which are currently temporarily locked out due to the Login Lockdown feature:', 'all-in-one-wp-security-and-firewall') . '</p>' .
253
- '<p>' . $login_lockdown_feature_url . '</p>';
254
- ?>
255
- </div>
256
-
257
- <div class="postbox">
258
- <h3 class="hndle"><label
259
- for="title"><?php _e('Currently Locked Out IP Addresses and Ranges', 'all-in-one-wp-security-and-firewall');?></label>
260
- </h3>
261
-
262
- <div class="inside">
263
- <?php
264
- //Fetch, prepare, sort, and filter our data...
265
- $locked_ip_list->prepare_items();
266
- //echo "put table of locked entries here";
267
- ?>
268
- <form id="tables-filter" method="get"
269
- onSubmit="return confirm('Are you sure you want to perform this bulk operation on the selected entries?');">
270
- <!-- For plugins, we also need to ensure that the form posts back to our current page -->
271
- <input type="hidden" name="page" value="<?php echo esc_attr($_REQUEST['page']); ?>"/>
272
- <?php
273
- if (isset($_REQUEST["tab"])) {
274
- echo '<input type="hidden" name="tab" value="' . esc_attr($_REQUEST["tab"]) . '" />';
275
- }
276
- ?>
277
- <!-- Now we can render the completed list table -->
278
- <?php $locked_ip_list->display(); ?>
279
- </form>
280
- </div>
281
- </div>
282
-
283
- <?php
284
- }
285
-
286
- function render_tab4()
287
- {
288
- global $wpdb;
289
- include_once 'wp-security-list-permanent-blocked-ip.php'; //For rendering the AIOWPSecurity_List_Table
290
- $blocked_ip_list = new AIOWPSecurity_List_Blocked_IP(); //For rendering the AIOWPSecurity_List_Table
291
-
292
- if (isset($_REQUEST['action'])) //Do list table form row action tasks
293
- {
294
- if ($_REQUEST['action'] == 'unblock_ip') { //Unblock link was clicked for a row in list table
295
- $blocked_ip_list->unblock_ip_address(strip_tags($_REQUEST['blocked_id']));
296
- }
297
- }
298
- AIOWPSecurity_Admin_Menu::display_bulk_result_message();
299
-
300
- ?>
301
- <div class="aio_blue_box">
302
- <?php
303
- echo '<p>' . __('This tab displays the list of all permanently blocked IP addresses.', 'all-in-one-wp-security-and-firewall') . '</p>' .
304
- '<p>' . __('NOTE: This feature does NOT use the .htaccess file to permanently block the IP addresses so it should be compatible with all web servers running WordPress.', 'all-in-one-wp-security-and-firewall') . '</p>';
305
- ?>
306
- </div>
307
-
308
- <div class="postbox">
309
- <h3 class="hndle"><label
310
- for="title"><?php _e('Permanently Blocked IP Addresses', 'all-in-one-wp-security-and-firewall');?></label>
311
- </h3>
312
-
313
- <div class="inside">
314
- <?php
315
- //Fetch, prepare, sort, and filter our data...
316
- $blocked_ip_list->prepare_items();
317
- ?>
318
- <form id="tables-filter" method="get">
319
- <!-- For plugins, we also need to ensure that the form posts back to our current page -->
320
- <input type="hidden" name="page" value="<?php echo esc_attr($_REQUEST['page']); ?>"/>
321
- <?php
322
- $blocked_ip_list->search_box(__('Search', 'all-in-one-wp-security-and-firewall'), 'search_permanent_block');
323
- if (isset($_REQUEST["tab"])) {
324
- echo '<input type="hidden" name="tab" value="' . esc_attr($_REQUEST["tab"]) . '" />';
325
- }
326
- ?>
327
- <!-- Now we can render the completed list table -->
328
- <?php $blocked_ip_list->display(); ?>
329
- </form>
330
- </div>
331
- </div>
332
-
333
- <?php
334
- }
335
-
336
- function render_tab5()
337
- {
338
- global $aio_wp_security;
339
- $file_selected = filter_input(INPUT_POST, 'aiowps_log_file'); // Get the selected file
340
-
341
- ?>
342
- <div class="postbox">
343
- <h3 class="hndle"><label
344
- for="title"><?php _e('View Logs for All In WP Security & Firewall Plugin', 'all-in-one-wp-security-and-firewall');?></label>
345
- </h3>
346
-
347
- <div class="inside">
348
- <form action="" method="POST">
349
- <?php wp_nonce_field('aiowpsec-dashboard-logs-nonce'); ?>
350
- <table class="form-table">
351
- <tr valign="top">
352
- <th scope="row"><?php _e('Log File', 'all-in-one-wp-security-and-firewall')?>:</th>
353
- <td>
354
- <select id="aiowps_log_file" name="aiowps_log_file">
355
- <option
356
- value=""><?php _e('--Select a file--', 'all-in-one-wp-security-and-firewall')?></option>
357
- <option
358
- value="wp-security-log.txt" <?php selected($file_selected, 'wp-security-log.txt'); ?>>
359
- wp-security-log
360
- </option>
361
- <option
362
- value="wp-security-log-cron-job.txt" <?php selected($file_selected, 'wp-security-log-cron-job.txt'); ?>>
363
- wp-security-log-cron-job
364
- </option>
365
- </select>
366
- <span
367
- class="description"><?php _e('Select one of the log files to view the contents', 'all-in-one-wp-security-and-firewall'); ?></span>
368
- </td>
369
- </tr>
370
- </table>
371
- <input type="submit" name="aiowps_view_logs"
372
- value="<?php _e('View Logs', 'all-in-one-wp-security-and-firewall')?>"
373
- class="button-primary"/>
374
- </form>
375
-
376
- </div>
377
- </div>
378
- <?php
379
- if (isset($_POST['aiowps_view_logs']) && $file_selected)//Do form submission tasks
380
- {
381
- //Check nonce before doing anything
382
- $nonce = $_REQUEST['_wpnonce'];
383
- if (!wp_verify_nonce($nonce, 'aiowpsec-dashboard-logs-nonce')) {
384
- $aio_wp_security->debug_logger->log_debug("Nonce check failed on dashboard view logs!", 4);
385
- wp_die("Error! Nonce check failed on dashboard view logs!");
386
- }
387
-
388
- //Let's make sure that the file selected can only ever be the correct log file of this plugin.
389
- $valid_aiowps_log_files = array('wp-security-log.txt', 'wp-security-log-cron-job.txt');
390
- if(!in_array($file_selected, $valid_aiowps_log_files)){
391
- $file_selected = '';
392
- unset($_POST['aiowps_view_logs']);
393
- wp_die(__('Error! The file you selected is not a permitted file. You can only view log files created by this plugin.','all-in-one-wp-security-and-firewall'));
394
- }
395
-
396
- if (!empty($file_selected)) {
397
- ?>
398
- <div class="postbox">
399
- <h3 class="hndle"><label
400
- for="title"><?php echo __('Log File Contents For', 'all-in-one-wp-security-and-firewall') . ': ' . $file_selected;?></label>
401
- </h3>
402
-
403
- <div class="inside">
404
- <?php
405
- $aiowps_log_dir = AIO_WP_SECURITY_PATH . '/logs';
406
- $log_file = $aiowps_log_dir . '/' . $file_selected;
407
- if (file_exists($log_file)) {
408
- $log_contents = AIOWPSecurity_Utility_File::get_file_contents($log_file);
409
- } else {
410
- $log_contents = '';
411
- }
412
-
413
- if (empty($log_contents)) {
414
- $log_contents = $file_selected . ': ' . __('Log file is empty!', 'all-in-one-wp-security-and-firewall');
415
- }
416
- ?>
417
- <textarea class="aio_text_area_file_output aio_half_width aio_spacer_10_tb" rows="15" readonly><?php echo esc_textarea($log_contents); ?></textarea>
418
-
419
- </div>
420
- </div>
421
-
422
- <?php
423
-
424
- }
425
- }
426
- ?>
427
-
428
-
429
-
430
- <?php
431
- }
432
-
433
- function wp_dashboard() {
434
- $screen = get_current_screen();
435
- $columns = absint( $screen->get_columns() );
436
- $columns_css = '';
437
- if ( $columns ) {
438
- $columns_css = " columns-$columns";
439
- }
440
-
441
- ?>
442
- <div id="dashboard-widgets" class="metabox-holder<?php echo $columns_css; ?>">
443
- <div id="postbox-container-1" class="postbox-container">
444
- <?php do_meta_boxes( $screen->id, 'normal', '' ); ?>
445
- </div>
446
- <div id="postbox-container-2" class="postbox-container">
447
- <?php do_meta_boxes( $screen->id, 'side', '' ); ?>
448
- </div>
449
- <div id="postbox-container-3" class="postbox-container">
450
- <?php do_meta_boxes( $screen->id, 'column3', '' ); ?>
451
- </div>
452
- <div id="postbox-container-4" class="postbox-container">
453
- <?php do_meta_boxes( $screen->id, 'column4', '' ); ?>
454
- </div>
455
- </div>
456
-
457
- <?php
458
- wp_nonce_field( 'closedpostboxes', 'closedpostboxesnonce', false );
459
- wp_nonce_field( 'meta-box-order', 'meta-box-order-nonce', false );
460
- }
461
-
462
- function wp_dashboard_setup() {
463
- global $aio_wp_security;
464
- global $wp_registered_widgets, $wp_registered_widget_controls, $wp_dashboard_control_callbacks;
465
- $wp_dashboard_control_callbacks = array();
466
- $screen = get_current_screen();
467
-
468
- // Add widgets
469
- wp_add_dashboard_widget( 'security_strength_meter', __( 'Security Strength Meter', 'all-in-one-wp-security-and-firewall' ), array(&$this, 'widget_security_strength_meter') );
470
- wp_add_dashboard_widget( 'security_points_breakdown', __( 'Security Points Breakdown', 'all-in-one-wp-security-and-firewall' ), array(&$this, 'widget_security_points_breakdown') );
471
- wp_add_dashboard_widget( 'spread_the_word', __( 'Spread the Word', 'all-in-one-wp-security-and-firewall' ), array(&$this, 'widget_spread_the_word') );
472
- wp_add_dashboard_widget( 'know_developers', __( 'Get To Know The Developers', 'all-in-one-wp-security-and-firewall' ), array(&$this, 'widget_know_developers') );
473
- wp_add_dashboard_widget( 'critical_feature_status', __( 'Critical Feature Status', 'all-in-one-wp-security-and-firewall' ), array(&$this, 'widget_critical_feature_status') );
474
- wp_add_dashboard_widget( 'last_5_logins', __( 'Last 5 Logins', 'all-in-one-wp-security-and-firewall' ), array(&$this, 'widget_last_5_logins') );
475
- wp_add_dashboard_widget( 'maintenance_mode_status', __( 'Maintenance Mode Status', 'all-in-one-wp-security-and-firewall' ), array(&$this, 'widget_maintenance_mode_status') );
476
- if ($aio_wp_security->configs->get_value('aiowps_enable_brute_force_attack_prevention') == '1' ||
477
- $aio_wp_security->configs->get_value('aiowps_enable_rename_login_page') == '1') {
478
- wp_add_dashboard_widget( 'brute_force', __( 'Brute Force Prevention Login Page' ), array(&$this, 'widget_brute_force') );
479
- }
480
- wp_add_dashboard_widget( 'logged_in_users', __( 'Logged In Users', 'all-in-one-wp-security-and-firewall' ), array(&$this, 'widget_logged_in_users') );
481
- wp_add_dashboard_widget( 'locked_ip_addresses', __( 'Locked IP Addresses', 'all-in-one-wp-security-and-firewall' ), array(&$this, 'widget_locked_ip_addresses') );
482
-
483
- do_action( 'aiowps_dashboard_setup' );
484
- $dashboard_widgets = apply_filters( 'aiowps_dashboard_widgets', array() );
485
-
486
- foreach ( $dashboard_widgets as $widget_id ) {
487
- $name = empty( $wp_registered_widgets[$widget_id]['all_link'] ) ? $wp_registered_widgets[$widget_id]['name'] : $wp_registered_widgets[$widget_id]['name'] . " <a href='{$wp_registered_widgets[$widget_id]['all_link']}' class='edit-box open-box'>" . __('View all') . '</a>';
488
- wp_add_dashboard_widget( $widget_id, $name, $wp_registered_widgets[$widget_id]['callback'], $wp_registered_widget_controls[$widget_id]['callback'] );
489
- }
490
- }
491
-
492
- function widget_security_strength_meter() {
493
- global $aiowps_feature_mgr;
494
- global $aio_wp_security;
495
- $total_site_security_points = $aiowps_feature_mgr->get_total_site_points();
496
- $total_security_points_achievable = $aiowps_feature_mgr->get_total_achievable_points();
497
-
498
- ?>
499
- <script type='text/javascript'>
500
- google.load('visualization', '1', {packages: ['gauge']});
501
- google.setOnLoadCallback(drawChart);
502
- function drawChart() {
503
- var data = google.visualization.arrayToDataTable([
504
- ['Label', 'Value'],
505
- ['Strength', <?php echo $total_site_security_points; ?>]
506
- ]);
507
-
508
- var options = {
509
- width: 320, height: 200, max: <?php echo $total_security_points_achievable; ?>,
510
- greenColor: '8EFA9B', yellowColor: 'F5EE90', redColor: 'FA7373',
511
- redFrom: 0, redTo: 10,
512
- yellowFrom: 10, yellowTo: 50,
513
- greenFrom: 50, greenTo: <?php echo $total_security_points_achievable; ?>,
514
- minorTicks: 5
515
- };
516
-
517
- var chart = new google.visualization.Gauge(document.getElementById('security_strength_chart_div'));
518
- chart.draw(data, options);
519
- }
520
- </script>
521
- <div id='security_strength_chart_div'></div>
522
- <div class="aiowps_dashboard_widget_footer">
523
- <?php
524
- _e('Total Achievable Points: ', 'all-in-one-wp-security-and-firewall');
525
- echo '<strong>' . $total_security_points_achievable . '</strong><br />';
526
- _e('Current Score of Your Site: ', 'all-in-one-wp-security-and-firewall');
527
- echo '<strong>' . $total_site_security_points . '</strong>';
528
- ?>
529
- </div>
530
- <?php
531
- }
532
-
533
- function widget_security_points_breakdown() {
534
- global $aiowps_feature_mgr;
535
- global $aio_wp_security;
536
- $feature_mgr = $aiowps_feature_mgr;
537
- $total_site_security_points = $feature_mgr->get_total_site_points();
538
- $total_security_points_achievable = $feature_mgr->get_total_achievable_points();
539
-
540
- $feature_items = $feature_mgr->feature_items;
541
- $pt_src_chart_data = "";
542
- $pt_src_chart_data .= "['Feature Name', 'Points'],";
543
- foreach ($feature_items as $item) {
544
- if ($item->feature_status == $feature_mgr->feature_active) {
545
- $pt_src_chart_data .= "['" . $item->feature_name . "', " . $item->item_points . "],";
546
- }
547
- }
548
-
549
- ?>
550
- <script type="text/javascript">
551
- google.load("visualization", "1", {packages: ["corechart"]});
552
- google.setOnLoadCallback(drawChart);
553
- function drawChart() {
554
- var data = google.visualization.arrayToDataTable([
555
- <?php echo $pt_src_chart_data; ?>
556
- ]);
557
-
558
- var options = {
559
- // height: '250',
560
- // width: '450',
561
- backgroundColor: 'F6F6F6',
562
- pieHole: 0.4,
563
- chartArea: {
564
- width: '95%',
565
- height: '95%',
566
- }
567
- };
568
-
569
- var chart = new google.visualization.PieChart(document.getElementById('points_source_breakdown_chart_div'));
570
- chart.draw(data, options);
571
- }
572
- </script>
573
- <div id='points_source_breakdown_chart_div'></div>
574
- <?php
575
- }
576
-
577
- function widget_spread_the_word() {
578
- ?>
579
- <p><?php _e('We are working hard to make your WordPress site more secure. Please support us, here is how:', 'all-in-one-wp-security-and-firewall');?></p>
580
- <p><a href="https://www.facebook.com/tipsntrickshq/" target="_blank"><?php _e('Follow us on', 'all-in-one-wp-security-and-firewall');?> Facebook</a>
581
- </p>
582
- <p>
583
- <a href="http://twitter.com/intent/tweet?url=https://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin&text=I love the All In One WP Security and Firewall plugin!"
584
- target="_blank" class="aio_tweet_link"><?php _e('Post to Twitter', 'all-in-one-wp-security-and-firewall');?></a>
585
- </p>
586
- <p>
587
- <a href="http://wordpress.org/support/view/plugin-reviews/all-in-one-wp-security-and-firewall/"
588
- target="_blank" class="aio_rate_us_link"><?php _e('Give us a Good Rating', 'all-in-one-wp-security-and-firewall');?></a>
589
- </p>
590
- <?php
591
- }
592
-
593
- function widget_know_developers() {
594
- ?>
595
- <p><?php _e('Wanna know more about the developers behind this plugin?', 'all-in-one-wp-security-and-firewall');?></p>
596
- <p><a href="https://wpsolutions-hq.com/" target="_blank">WPSolutions</a></p>
597
- <p><a href="https://www.tipsandtricks-hq.com/" target="_blank">Tips and Tricks HQ</a></p>
598
-
599
- <?php
600
- }
601
-
602
- function widget_critical_feature_status() {
603
- global $aiowps_feature_mgr;
604
- global $aio_wp_security;
605
- $feature_mgr = $aiowps_feature_mgr;
606
-
607
- _e('Below is the current status of the critical features that you should activate on your site to achieve a minimum level of recommended security', 'all-in-one-wp-security-and-firewall');
608
- $feature_items = $aiowps_feature_mgr->feature_items;
609
- $username_admin_feature = $aiowps_feature_mgr->get_feature_item_by_id("user-accounts-change-admin-user");
610
- echo '<div class="aiowps_feature_status_container">';
611
- echo '<div class="aiowps_feature_status_name">' . __('Admin Username', 'all-in-one-wp-security-and-firewall') . '</div>';
612
- echo '<a href="admin.php?page=' . AIOWPSEC_USER_ACCOUNTS_MENU_SLUG . '">';
613
- echo '<div class="aiowps_feature_status_bar">';
614
- if ($username_admin_feature->feature_status == $aiowps_feature_mgr->feature_active) {
615
- echo '<div class="aiowps_feature_status_label aiowps_feature_status_on">On</div>';
616
- echo '<div class="aiowps_feature_status_label">Off</div>';
617
- } else {
618
- echo '<div class="aiowps_feature_status_label">On</div>';
619
- echo '<div class="aiowps_feature_status_label aiowps_feature_status_off">Off</div>';
620
- }
621
- echo '</div></div></a>';
622
- echo '<div class="aio_clear_float"></div>';
623
-
624
- $login_lockdown_feature = $aiowps_feature_mgr->get_feature_item_by_id("user-login-login-lockdown");
625
- echo '<div class="aiowps_feature_status_container">';
626
- echo '<div class="aiowps_feature_status_name">' . __('Login Lockdown', 'all-in-one-wp-security-and-firewall') . '</div>';
627
- echo '<a href="admin.php?page=' . AIOWPSEC_USER_LOGIN_MENU_SLUG . '">';
628
- echo '<div class="aiowps_feature_status_bar">';
629
- if ($login_lockdown_feature->feature_status == $aiowps_feature_mgr->feature_active) {
630
- echo '<div class="aiowps_feature_status_label aiowps_feature_status_on">On</div>';
631
- echo '<div class="aiowps_feature_status_label">Off</div>';
632
- } else {
633
- echo '<div class="aiowps_feature_status_label">On</div>';
634
- echo '<div class="aiowps_feature_status_label aiowps_feature_status_off">Off</div>';
635
- }
636
- echo '</div></div></a>';
637
- echo '<div class="aio_clear_float"></div>';
638
-
639
- $filesystem_feature = $aiowps_feature_mgr->get_feature_item_by_id("filesystem-file-permissions");
640
- echo '<div class="aiowps_feature_status_container">';
641
- echo '<div class="aiowps_feature_status_name">' . __('File Permission', 'all-in-one-wp-security-and-firewall') . '</div>';
642
- echo '<a href="admin.php?page=' . AIOWPSEC_FILESYSTEM_MENU_SLUG . '">';
643
- echo '<div class="aiowps_feature_status_bar">';
644
- if ($filesystem_feature->feature_status == $aiowps_feature_mgr->feature_active) {
645
- echo '<div class="aiowps_feature_status_label aiowps_feature_status_on">On</div>';
646
- echo '<div class="aiowps_feature_status_label">Off</div>';
647
- } else {
648
- echo '<div class="aiowps_feature_status_label">On</div>';
649
- echo '<div class="aiowps_feature_status_label aiowps_feature_status_off">Off</div>';
650
- }
651
- echo '</div></div></a>';
652
- echo '<div class="aio_clear_float"></div>';
653
-
654
- $basic_firewall_feature = $aiowps_feature_mgr->get_feature_item_by_id("firewall-basic-rules");
655
- echo '<div class="aiowps_feature_status_container">';
656
- echo '<div class="aiowps_feature_status_name">' . __('Basic Firewall', 'all-in-one-wp-security-and-firewall') . '</div>';
657
- echo '<a href="admin.php?page=' . AIOWPSEC_FIREWALL_MENU_SLUG . '">';
658
- echo '<div class="aiowps_feature_status_bar">';
659
- if ($basic_firewall_feature->feature_status == $aiowps_feature_mgr->feature_active) {
660
- echo '<div class="aiowps_feature_status_label aiowps_feature_status_on">On</div>';
661
- echo '<div class="aiowps_feature_status_label">Off</div>';
662
- } else {
663
- echo '<div class="aiowps_feature_status_label">On</div>';
664
- echo '<div class="aiowps_feature_status_label aiowps_feature_status_off">Off</div>';
665
- }
666
- echo '</div></div></a>';
667
- echo '<div class="aio_clear_float"></div>';
668
- }
669
-
670
- function widget_last_5_logins() {
671
- global $wpdb;
672
- $login_activity_table = AIOWPSEC_TBL_USER_LOGIN_ACTIVITY;
673
-
674
- /* -- Ordering parameters -- */
675
- //Parameters that are going to be used to order the result
676
- isset($_GET["orderby"]) ? $orderby = strip_tags($_GET["orderby"]) : $orderby = '';
677
- isset($_GET["order"]) ? $order = strip_tags($_GET["order"]) : $order = '';
678
-
679
- $orderby = !empty($orderby) ? $orderby : 'login_date';
680
- $order = !empty($order) ? $order : 'DESC';
681
-
682
- $data = $wpdb->get_results($wpdb->prepare("SELECT * FROM $login_activity_table ORDER BY login_date DESC LIMIT %d", 5), ARRAY_A); //Get the last 5 records
683
-
684
- if ($data == NULL) {
685
- echo '<p>' . __('No data found!', 'all-in-one-wp-security-and-firewall') . '</p>';
686
-
687
- } else {
688
- $login_summary_table = '';
689
- echo '<p>' . __('Last 5 logins summary:', 'all-in-one-wp-security-and-firewall') . '</p>';
690
- $login_summary_table .= '<table class="widefat aiowps_dashboard_table">';
691
- $login_summary_table .= '<thead>';
692
- $login_summary_table .= '<tr>';
693
- $login_summary_table .= '<th>' . __('User', 'all-in-one-wp-security-and-firewall') . '</th>';
694
- $login_summary_table .= '<th>' . __('Date', 'all-in-one-wp-security-and-firewall') . '</th>';
695
- $login_summary_table .= '<th>' . __('IP', 'all-in-one-wp-security-and-firewall') . '</th>';
696
- $login_summary_table .= '</tr>';
697
- $login_summary_table .= '</thead>';
698
- foreach ($data as $entry) {
699
- $login_summary_table .= '<tr>';
700
- $login_summary_table .= '<td>' . $entry['user_login'] . '</td>';
701
- $login_summary_table .= '<td>' . $entry['login_date'] . '</td>';
702
- $login_summary_table .= '<td>' . $entry['login_ip'] . '</td>';
703
- $login_summary_table .= '</tr>';
704
- }
705
- $login_summary_table .= '</table>';
706
- echo $login_summary_table;
707
- }
708
-
709
- echo '<div class="aio_clear_float"></div>';
710
-
711
- }
712
-
713
- function widget_maintenance_mode_status() {
714
- global $aio_wp_security;
715
- if ($aio_wp_security->configs->get_value('aiowps_site_lockout') == '1') {
716
- echo '<p>' . __('Maintenance mode is currently enabled. Remember to turn it off when you are done', 'all-in-one-wp-security-and-firewall') . '</p>';
717
- } else {
718
- echo '<p>' . __('Maintenance mode is currently off.', 'all-in-one-wp-security-and-firewall') . '</p>';
719
- }
720
-
721
- echo '<div class="aiowps_feature_status_container">';
722
- echo '<div class="aiowps_feature_status_name">' . __('Maintenance Mode', 'all-in-one-wp-security-and-firewall') . '</div>';
723
- echo '<a href="admin.php?page=' . AIOWPSEC_MAINTENANCE_MENU_SLUG . '">';
724
- echo '<div class="aiowps_feature_status_bar">';
725
- if ($aio_wp_security->configs->get_value('aiowps_site_lockout') == '1') {//Maintenance mode is enabled
726
- echo '<div class="aiowps_feature_status_label aiowps_feature_status_off">On</div>';//If enabled show red by usign the "off" class
727
- echo '<div class="aiowps_feature_status_label">Off</div>';
728
- } else {
729
- echo '<div class="aiowps_feature_status_label">On</div>';
730
- echo '<div class="aiowps_feature_status_label aiowps_feature_status_on">Off</div>';
731
- }
732
- echo '</div></div></a>';
733
- echo '<div class="aio_clear_float"></div>';
734
-
735
- }
736
-
737
- function widget_brute_force() {
738
- global $aio_wp_security;
739
- if ($aio_wp_security->configs->get_value('aiowps_enable_brute_force_attack_prevention') == '1') {
740
- $brute_force_login_feature_link = '<a href="admin.php?page=' . AIOWPSEC_BRUTE_FORCE_MENU_SLUG . '&tab=tab2" target="_blank">' . __('Cookie-Based Brute Force', 'all-in-one-wp-security-and-firewall') . '</a>';
741
- $brute_force_feature_secret_word = $aio_wp_security->configs->get_value('aiowps_brute_force_secret_word');
742
- echo '<div class="aio_yellow_box">';
743
-
744
- echo '<p>' . sprintf(__('The %s feature is currently active.', 'all-in-one-wp-security-and-firewall'), $brute_force_login_feature_link) . '</p>';
745
- echo '<p>' . __('Your new WordPress login URL is now:', 'all-in-one-wp-security-and-firewall') . '</p>';
746
- echo '<p><strong>' . AIOWPSEC_WP_URL . '/?' . $brute_force_feature_secret_word . '=1</strong></p>';
747
- echo '</div>'; //yellow box div
748
- echo '<div class="aio_clear_float"></div>';
749
- }//End if statement for Cookie Based Brute Prevention box
750
-
751
- //Insert Rename Login Page feature box if this feature is active
752
- if ($aio_wp_security->configs->get_value('aiowps_enable_rename_login_page') == '1') {
753
- if (get_option('permalink_structure')) {
754
- $home_url = trailingslashit(home_url());
755
- } else {
756
- $home_url = trailingslashit(home_url()) . '?';
757
- }
758
-
759
- $rename_login_feature_link = '<a href="admin.php?page=' . AIOWPSEC_BRUTE_FORCE_MENU_SLUG . '&tab=tab1" target="_blank">' . __('Rename Login Page', 'all-in-one-wp-security-and-firewall') . '</a>';
760
- echo '<div class="aio_yellow_box">';
761
-
762
- echo '<p>' . sprintf(__('The %s feature is currently active.', 'all-in-one-wp-security-and-firewall'), $rename_login_feature_link) . '</p>';
763
- echo '<p>' . __('Your new WordPress login URL is now:', 'all-in-one-wp-security-and-firewall') . '</p>';
764
- echo '<p><strong>' . $home_url . $aio_wp_security->configs->get_value('aiowps_login_page_slug') . '</strong></p>';
765
- echo '</div>'; //yellow box div
766
- echo '<div class="aio_clear_float"></div>';
767
- }//End if statement for Rename Login box
768
-
769
- }
770
-
771
- function widget_logged_in_users() {
772
- $users_online_link = '<a href="admin.php?page=' . AIOWPSEC_USER_LOGIN_MENU_SLUG . '&tab=tab5">Logged In Users</a>';
773
- // default display messages
774
- $multiple_users_info_msg = __('Number of users currently logged into your site (including you) is:', 'all-in-one-wp-security-and-firewall');
775
- $single_user_info_msg = __('There are no other users currently logged in.', 'all-in-one-wp-security-and-firewall');
776
- if (AIOWPSecurity_Utility::is_multisite_install()) {
777
- $current_blog_id = get_current_blog_id();
778
- $is_main = is_main_site($current_blog_id);
779
-
780
- if(empty($is_main)) {
781
- // subsite - only get logged in users for this blog_id
782
- $logged_in_users = AIOWPSecurity_User_Login::get_subsite_logged_in_users($current_blog_id);
783
- } else {
784
- // main site - get sitewide users
785
- $logged_in_users = get_site_transient('users_online');
786
-
787
- // If viewing aiowps from multisite main network dashboard then display a different message
788
- $multiple_users_info_msg = __('Number of users currently logged in site-wide (including you) is:', 'all-in-one-wp-security-and-firewall');
789
- $single_user_info_msg = __('There are no other site-wide users currently logged in.', 'all-in-one-wp-security-and-firewall');
790
- }
791
- } else {
792
- $logged_in_users = get_transient('users_online');
793
- }
794
-
795
- if (empty($logged_in_users)) {
796
- $num_users = 0;
797
- } else {
798
- $num_users = count($logged_in_users);
799
- }
800
- if ($num_users > 1) {
801
- echo '<div class="aio_red_box"><p>' . $multiple_users_info_msg . ' <strong>' . $num_users . '</strong></p>';
802
- $info_msg = '<p>' . sprintf(__('Go to the %s menu to see more details', 'all-in-one-wp-security-and-firewall'), $users_online_link) . '</p>';
803
- echo $info_msg . '</div>';
804
- } else {
805
- echo '<div class="aio_green_box"><p>' . $single_user_info_msg . '</p></div>';
806
- }
807
-
808
- }
809
-
810
- function widget_locked_ip_addresses() {
811
- $locked_ips_link = '<a href="admin.php?page=' . AIOWPSEC_MAIN_MENU_SLUG . '&tab=tab3">Locked IP Addresses</a>';
812
-
813
- $locked_ips = AIOWPSecurity_Utility::get_locked_ips();
814
- if ($locked_ips === FALSE) {
815
- echo '<div class="aio_green_box"><p>' . __('There are no IP addresses currently locked out.', 'all-in-one-wp-security-and-firewall') . '</p></div>';
816
- } else {
817
- $num_ips = count($locked_ips);
818
- echo '<div class="aio_red_box"><p>' . __('Number of temporarily locked out IP addresses: ', 'all-in-one-wp-security-and-firewall') . ' <strong>' . $num_ips . '</strong></p>';
819
- $info_msg = '<p>' . sprintf(__('Go to the %s menu to see more details', 'all-in-one-wp-security-and-firewall'), $locked_ips_link) . '</p>';
820
- echo $info_msg . '</div>';
821
- }
822
- }
823
-
824
- } //end class
1
+ <?php
2
+ if(!defined('ABSPATH')){
3
+ exit;//Exit if accessed directly
4
+ }
5
+
6
+ class AIOWPSecurity_Dashboard_Menu extends AIOWPSecurity_Admin_Menu
7
+ {
8
+ protected $dashboard_menu_page_slug = AIOWPSEC_MAIN_MENU_SLUG;
9
+
10
+ protected $menu_tabs;
11
+
12
+ protected $menu_tabs_handler = array(
13
+ 'tab1' => 'render_tab1',
14
+ 'tab2' => 'render_tab2',
15
+ 'tab3' => 'render_tab3',
16
+ 'tab4' => 'render_tab4',
17
+ 'tab5' => 'render_tab5'
18
+ );
19
+
20
+ public function __construct()
21
+ {
22
+ $this->render_menu_page();
23
+ }
24
+
25
+ public function set_menu_tabs()
26
+ {
27
+ $this->menu_tabs = array(
28
+ 'tab1' => __('Dashboard', 'all-in-one-wp-security-and-firewall'),
29
+ 'tab2' => __('System Info', 'all-in-one-wp-security-and-firewall'),
30
+ 'tab3' => __('Locked IP Addresses', 'all-in-one-wp-security-and-firewall'),
31
+ 'tab4' => __('Permanent Block List', 'all-in-one-wp-security-and-firewall'),
32
+ 'tab5' => __('Logs', 'all-in-one-wp-security-and-firewall')
33
+ );
34
+ }
35
+
36
+ public function get_current_tab()
37
+ {
38
+ $tab_keys = array_keys($this->menu_tabs);
39
+ $tab = isset($_GET['tab']) ? sanitize_text_field($_GET['tab']) : $tab_keys[0];
40
+ return $tab;
41
+ }
42
+
43
+ /*
44
+ * Renders our tabs of this menu as nav items
45
+ */
46
+ public function render_menu_tabs()
47
+ {
48
+ $current_tab = $this->get_current_tab();
49
+
50
+ echo '<h2 class="nav-tab-wrapper">';
51
+ foreach ($this->menu_tabs as $tab_key => $tab_caption) {
52
+ $active = $current_tab == $tab_key ? 'nav-tab-active' : '';
53
+ echo '<a class="nav-tab ' . $active . '" href="?page=' . $this->dashboard_menu_page_slug . '&tab=' . $tab_key . '">' . $tab_caption . '</a>';
54
+ }
55
+ echo '</h2>';
56
+ }
57
+
58
+ /*
59
+ * The menu rendering goes here
60
+ */
61
+ public function render_menu_page()
62
+ {
63
+ echo '<div class="wrap">';
64
+ echo '<h2>' . __('Dashboard', 'all-in-one-wp-security-and-firewall') . '</h2>';//Interface title
65
+ $this->set_menu_tabs();
66
+ $tab = $this->get_current_tab();
67
+ $this->render_menu_tabs();
68
+ ?>
69
+ <div id="poststuff"><div id="post-body">
70
+ <?php
71
+ call_user_func(array($this, $this->menu_tabs_handler[$tab]));
72
+ ?>
73
+ </div></div>
74
+ </div><!-- end of wrap -->
75
+ <?php
76
+ }
77
+
78
+ public function render_tab1()
79
+ {
80
+ /** Load WordPress dashboard API */
81
+ require_once(ABSPATH . 'wp-admin/includes/dashboard.php');
82
+ $this->wp_dashboard_setup();
83
+
84
+ wp_enqueue_script( 'dashboard' );
85
+ if ( wp_is_mobile() )
86
+ wp_enqueue_script( 'jquery-touch-punch' );
87
+ ?>
88
+ <script type='text/javascript' src='https://www.google.com/jsapi'></script>
89
+ <div id="dashboard-widgets-wrap">
90
+ <?php $this->wp_dashboard(); ?>
91
+ </div><!-- dashboard-widgets-wrap -->
92
+ <?php
93
+ }
94
+
95
+ public function render_tab2()
96
+ {
97
+ global $wpdb;
98
+ ?>
99
+ <div class="postbox">
100
+ <h3 class="hndle"><label for="title"><?php _e('Site Info', 'all-in-one-wp-security-and-firewall');?></label>
101
+ </h3>
102
+
103
+ <div class="inside">
104
+ <strong><?php _e('Plugin Version', 'all-in-one-wp-security-and-firewall');?>
105
+ : </strong><code><?php echo AIO_WP_SECURITY_VERSION;?></code><br/>
106
+ <strong><?php _e('WP Version', 'all-in-one-wp-security-and-firewall');?>
107
+ : </strong><code><?php echo get_bloginfo("version"); ?></code><br/>
108
+ <strong>WPMU: </strong><code><?php echo (!defined('MULTISITE') || !MULTISITE) ? "No" : "Yes"; ?></code><br/>
109
+ <strong>MySQL <?php _e('Version', 'all-in-one-wp-security-and-firewall');?>
110
+ : </strong><code><?php echo $wpdb->db_version();?></code><br/>
111
+ <strong>WP <?php _e('Table Prefix', 'all-in-one-wp-security-and-firewall');?>
112
+ : </strong><code><?php echo $wpdb->prefix; ?></code><br/>
113
+ <strong>PHP <?php _e('Version', 'all-in-one-wp-security-and-firewall');?>
114
+ : </strong><code><?php echo phpversion(); ?></code><br/>
115
+ <strong><?php _e('Session Save Path', 'all-in-one-wp-security-and-firewall');?>
116
+ : </strong><code><?php echo ini_get("session.save_path"); ?></code><br/>
117
+ <strong>WP URL: </strong><code><?php echo get_bloginfo('wpurl'); ?></code><br/>
118
+ <strong><?php _e('Server Name', 'all-in-one-wp-security-and-firewall');?>
119
+ : </strong><code><?php echo $_SERVER['SERVER_NAME']; ?></code><br/>
120
+ <strong><?php _e('Cookie Domain', 'all-in-one-wp-security-and-firewall');?>
121
+ : </strong><code><?php $cookieDomain = parse_url(strtolower(get_bloginfo('wpurl')));
122
+ echo $cookieDomain['host']; ?></code><br/>
123
+ <strong>CURL <?php _e('Library Present', 'all-in-one-wp-security-and-firewall');?>
124
+ : </strong><code><?php echo (function_exists('curl_init')) ? "Yes" : "No"; ?></code><br/>
125
+ <strong><?php _e('Debug File Write Permissions', 'all-in-one-wp-security-and-firewall');?>
126
+ : </strong><code><?php echo (is_writable(AIO_WP_SECURITY_PATH)) ? "Writable" : "Not Writable"; ?></code><br/>
127
+ </div>
128
+ </div><!-- End of Site Info -->
129
+
130
+ <div class="postbox">
131
+ <h3 class="hndle"><label for="title"><?php _e('PHP Info', 'all-in-one-wp-security-and-firewall');?></label>
132
+ </h3>
133
+
134
+ <div class="inside">
135
+ <strong><?php _e('PHP Version', 'all-in-one-wp-security-and-firewall'); ?>
136
+ : </strong><code><?php echo PHP_VERSION; ?></code><br/>
137
+ <strong><?php _e('PHP Memory Usage', 'all-in-one-wp-security-and-firewall'); ?>:
138
+ </strong><code><?php echo round(memory_get_usage() / 1024 / 1024, 2) . __(' MB', 'all-in-one-wp-security-and-firewall'); ?></code>
139
+ <br/>
140
+ <?php
141
+ if (ini_get('memory_limit')) {
142
+ $memory_limit = filter_var(ini_get('memory_limit'), FILTER_SANITIZE_STRING);
143
+ } else {
144
+ $memory_limit = __('N/A', 'all-in-one-wp-security-and-firewall');
145
+ }
146
+ ?>
147
+ <strong><?php _e('PHP Memory Limit', 'all-in-one-wp-security-and-firewall'); ?>
148
+ : </strong><code><?php echo $memory_limit; ?></code><br/>
149
+ <?php
150
+ if (ini_get('upload_max_filesize')) {
151
+ $upload_max = filter_var(ini_get('upload_max_filesize'), FILTER_SANITIZE_STRING);
152
+ } else {
153
+ $upload_max = __('N/A', 'all-in-one-wp-security-and-firewall');
154
+ }
155
+ ?>
156
+ <strong><?php _e('PHP Max Upload Size', 'all-in-one-wp-security-and-firewall'); ?>
157
+ : </strong><code><?php echo $upload_max; ?></code><br/>
158
+ <?php
159
+ if (ini_get('post_max_size')) {
160
+ $post_max = filter_var(ini_get('post_max_size'), FILTER_SANITIZE_STRING);
161
+ } else {
162
+ $post_max = __('N/A', 'all-in-one-wp-security-and-firewall');
163
+ }
164
+ ?>
165
+ <strong><?php _e('PHP Max Post Size', 'all-in-one-wp-security-and-firewall'); ?>
166
+ : </strong><code><?php echo $post_max; ?></code><br/>
167
+ <?php
168
+ if (ini_get('allow_url_fopen')) {
169
+ $allow_url_fopen = __('On', 'all-in-one-wp-security-and-firewall');
170
+ } else {
171
+ $allow_url_fopen = __('Off', 'all-in-one-wp-security-and-firewall');
172
+ }
173
+ ?>
174
+ <strong><?php _e('PHP Allow URL fopen', 'all-in-one-wp-security-and-firewall'); ?>
175
+ : </strong><code><?php echo $allow_url_fopen; ?></code>
176
+ <br/>
177
+ <?php
178
+ if (ini_get('display_errors')) {
179
+ $display_errors = __('On', 'all-in-one-wp-security-and-firewall');
180
+ } else {
181
+ $display_errors = __('Off', 'all-in-one-wp-security-and-firewall');
182
+ }
183
+ ?>
184
+ <strong><?php _e('PHP Display Errors', 'all-in-one-wp-security-and-firewall'); ?>
185
+ : </strong><code><?php echo $display_errors; ?></code>
186
+ <br/>
187
+ <?php
188
+ if (ini_get('max_execution_time')) {
189
+ $max_execute = filter_var(ini_get('max_execution_time'));
190
+ } else {
191
+ $max_execute = __('N/A', 'all-in-one-wp-security-and-firewall');
192
+ }
193
+ ?>
194
+ <strong><?php _e('PHP Max Script Execution Time', 'all-in-one-wp-security-and-firewall'); ?>
195
+ : </strong><code><?php echo $max_execute; ?> <?php _e('Seconds'); ?></code><br/>
196
+ </div>
197
+ </div><!-- End of PHP Info -->
198
+
199
+ <div class="postbox">
200
+ <h3 class="hndle"><label
201
+ for="title"><?php _e('Active Plugins', 'all-in-one-wp-security-and-firewall');?></label></h3>
202
+
203
+ <div class="inside">
204
+ <?php
205
+ $all_plugins = get_plugins();
206
+ $active_plugins = get_option('active_plugins');
207
+ //var_dump($all_plugins);
208
+ ?>
209
+ <table class="widefat aio_spacer_10_tb">
210
+ <thead>
211
+ <tr>
212
+ <th><?php _e('Name', 'all-in-one-wp-security-and-firewall') ?></th>
213
+ <th><?php _e('Version', 'all-in-one-wp-security-and-firewall') ?></th>
214
+ <th><?php _e('Plugin URL', 'all-in-one-wp-security-and-firewall') ?></th>
215
+ </tr>
216
+ </thead>
217
+ <tbody>
218
+ <?php
219
+ foreach ($active_plugins as $plugin_key) {
220
+ $plugin_details = $all_plugins[$plugin_key];
221
+ echo '<tr><td>' . $plugin_details['Name'] . '</td><td>' . $plugin_details['Version'] . '</td><td>' . $plugin_details['PluginURI'] . '</td></tr>';
222
+ }
223
+ ?>
224
+ </tbody>
225
+ </table>
226
+ </div>
227
+ </div><!-- End of Active Plugins -->
228
+ <?php
229
+ }
230
+
231
+ public function render_tab3()
232
+ {
233
+ global $wpdb;
234
+ include_once 'wp-security-list-locked-ip.php'; //For rendering the AIOWPSecurity_List_Table in tab1
235
+ $locked_ip_list = new AIOWPSecurity_List_Locked_IP(); //For rendering the AIOWPSecurity_List_Table in tab1
236
+
237
+ if (isset($_REQUEST['action'])) //Do list table form row action tasks
238
+ {
239
+ if ($_REQUEST['action'] == 'delete_blocked_ip') { //Delete link was clicked for a row in list table
240
+ $locked_ip_list->delete_lockdown_records(strip_tags($_REQUEST['lockdown_id']));
241
+ }
242
+
243
+ if ($_REQUEST['action'] == 'unlock_ip') { //Unlock link was clicked for a row in list table
244
+ $locked_ip_list->unlock_ip_range(strip_tags($_REQUEST['lockdown_id']));
245
+ }
246
+ }
247
+
248
+ ?>
249
+ <div class="aio_blue_box">
250
+ <?php
251
+ $login_lockdown_feature_url = '<a href="admin.php?page=' . AIOWPSEC_USER_LOGIN_MENU_SLUG . '&tab=tab1" target="_blank">'.__('Login Lockdown', 'all-in-one-wp-security-and-firewall').'</a>';
252
+ echo '<p>' . __('This tab displays the list of all IP addresses which are currently temporarily locked out due to the Login Lockdown feature:', 'all-in-one-wp-security-and-firewall') . '</p>' .
253
+ '<p>' . $login_lockdown_feature_url . '</p>';
254
+ ?>
255
+ </div>
256
+
257
+ <div class="postbox">
258
+ <h3 class="hndle"><label
259
+ for="title"><?php _e('Currently Locked Out IP Addresses and Ranges', 'all-in-one-wp-security-and-firewall');?></label>
260
+ </h3>
261
+
262
+ <div class="inside">
263
+ <?php
264
+ //Fetch, prepare, sort, and filter our data...
265
+ $locked_ip_list->prepare_items();
266
+ //echo "put table of locked entries here";
267
+ ?>
268
+ <form id="tables-filter" method="get"
269
+ onSubmit="return confirm('Are you sure you want to perform this bulk operation on the selected entries?');">
270
+ <!-- For plugins, we also need to ensure that the form posts back to our current page -->
271
+ <input type="hidden" name="page" value="<?php echo esc_attr($_REQUEST['page']); ?>"/>
272
+ <?php
273
+ if (isset($_REQUEST["tab"])) {
274
+ echo '<input type="hidden" name="tab" value="' . esc_attr($_REQUEST["tab"]) . '" />';
275
+ }
276
+ ?>
277
+ <!-- Now we can render the completed list table -->
278
+ <?php $locked_ip_list->display(); ?>
279
+ </form>
280
+ </div>
281
+ </div>
282
+
283
+ <?php
284
+ }
285
+
286
+ public function render_tab4()
287
+ {
288
+ global $wpdb;
289
+ include_once 'wp-security-list-permanent-blocked-ip.php'; //For rendering the AIOWPSecurity_List_Table
290
+ $blocked_ip_list = new AIOWPSecurity_List_Blocked_IP(); //For rendering the AIOWPSecurity_List_Table
291
+
292
+ if (isset($_REQUEST['action'])) //Do list table form row action tasks
293
+ {
294
+ if ($_REQUEST['action'] == 'unblock_ip') { //Unblock link was clicked for a row in list table
295
+ $blocked_ip_list->unblock_ip_address(strip_tags($_REQUEST['blocked_id']));
296
+ }
297
+ }
298
+ AIOWPSecurity_Admin_Menu::display_bulk_result_message();
299
+
300
+ ?>
301
+ <div class="aio_blue_box">
302
+ <?php
303
+ echo '<p>' . __('This tab displays the list of all permanently blocked IP addresses.', 'all-in-one-wp-security-and-firewall') . '</p>' .
304
+ '<p>' . __('NOTE: This feature does NOT use the .htaccess file to permanently block the IP addresses so it should be compatible with all web servers running WordPress.', 'all-in-one-wp-security-and-firewall') . '</p>';
305
+ ?>
306
+ </div>
307
+
308
+ <div class="postbox">
309
+ <h3 class="hndle"><label
310
+ for="title"><?php _e('Permanently Blocked IP Addresses', 'all-in-one-wp-security-and-firewall');?></label>
311
+ </h3>
312
+
313
+ <div class="inside">
314
+ <?php
315
+ //Fetch, prepare, sort, and filter our data...
316
+ $blocked_ip_list->prepare_items();
317
+ ?>
318
+ <form id="tables-filter" method="get">
319
+ <!-- For plugins, we also need to ensure that the form posts back to our current page -->
320
+ <input type="hidden" name="page" value="<?php echo esc_attr($_REQUEST['page']); ?>"/>
321
+ <?php
322
+ $blocked_ip_list->search_box(__('Search', 'all-in-one-wp-security-and-firewall'), 'search_permanent_block');
323
+ if (isset($_REQUEST["tab"])) {
324
+ echo '<input type="hidden" name="tab" value="' . esc_attr($_REQUEST["tab"]) . '" />';
325
+ }
326
+ ?>
327
+ <!-- Now we can render the completed list table -->
328
+ <?php $blocked_ip_list->display(); ?>
329
+ </form>
330
+ </div>
331
+ </div>
332
+
333
+ <?php
334
+ }
335
+
336
+ /**
337
+ * Renders tab 5 which is the AIOWPS Logs tab. Responsible for displaying the logs
338
+ *
339
+ * @return void
340
+ */
341
+ public function render_tab5()
342
+ {
343
+ //Needed for rendering the debug log table
344
+ include_once 'wp-security-list-debug.php';
345
+ $debug_log_list = new AIOWPSecurity_List_Debug_Log();
346
+
347
+ global $wpdb; global $aio_wp_security;
348
+
349
+ //Handles clearing the debug logs
350
+ if (isset($_POST['aiowpsec_clear_logs']) && isset($_POST['_wpnonce'])) {
351
+
352
+ if (wp_verify_nonce($_POST['_wpnonce'], 'aiowpsec_clear_debug_logs')) {
353
+
354
+ $ret = $aio_wp_security->debug_logger->clear_logs();
355
+
356
+ if (is_wp_error($ret)) {
357
+
358
+ ?>
359
+
360
+ <div class="notice notice-error is-dismissible">
361
+ <p><strong><?php echo htmlspecialchars(__('All In One WP Security & Firewall', 'all-in-one-wp-security-and-firewall')); ?></strong></p>
362
+ <p><?php echo esc_html($ret->get_error_message()); ?></p>
363
+ <p><?php echo esc_html($ret->get_error_data()); ?></p>
364
+ </div>
365
+
366
+ <?php
367
+
368
+ } else {
369
+
370
+ ?>
371
+ <div class="notice notice-success is-dismissible">
372
+ <p><strong><?php _e( 'All In One WP Security & Firewall', 'all-in-one-wp-security-and-firewall' ); ?></strong></p>
373
+ <p><?php _e( 'Debug logs have been cleared', 'all-in-one-wp-security-and-firewall' ); ?></p>
374
+ </div>
375
+ <?php
376
+
377
+ }
378
+
379
+ } else {
380
+ ?>
381
+
382
+ <div class="notice notice-error is-dismissible">
383
+ <p><strong><?php echo htmlspecialchars(__( 'All In One WP Security & Firewall', 'all-in-one-wp-security-and-firewall' )); ?></strong></p>
384
+ <p><?php _e( 'Unable to clear the logs; an invalid nonce was provided', 'all-in-one-wp-security-and-firewall' ); ?></p>
385
+ </div>
386
+
387
+ <?php
388
+ }
389
+
390
+ }
391
+
392
+ ?>
393
+
394
+ <div class="inside">
395
+ <div class="postbox">
396
+ <h3 class="hndle"><label
397
+ for="title"><?php _e('Debug log options', 'all-in-one-wp-security-and-firewall');?></label>
398
+ </h3>
399
+
400
+ <div class="inside">
401
+ <form action ="" method="POST">
402
+ <?php wp_nonce_field('aiowpsec_clear_debug_logs'); ?>
403
+
404
+ <input name="aiowpsec_clear_logs" type="submit" value="<?php _e('Clear logs', 'all-in-one-wp-security-and-firewall'); ?>" class="button-primary">
405
+ </form>
406
+ </div>
407
+ </div>
408
+ </div>
409
+
410
+ <div class="postbox">
411
+ <h3 class="hndle"><label
412
+ for="title"><?php _e('Debug logs', 'all-in-one-wp-security-and-firewall');?></label>
413
+ </h3>
414
+
415
+ <div class="inside">
416
+
417
+ <div class="postbox">
418
+
419
+ <div class="inside">
420
+ <?php
421
+ $debug_log_list->prepare_items();
422
+ $debug_log_list->display();
423
+ ?>
424
+
425
+ </div>
426
+ </div>
427
+ </div>
428
+
429
+ <?php
430
+ }
431
+
432
+ public function wp_dashboard() {
433
+ $screen = get_current_screen();
434
+ $columns = absint( $screen->get_columns() );
435
+ $columns_css = '';
436
+ if ( $columns ) {
437
+ $columns_css = " columns-$columns";
438
+ }
439
+
440
+ ?>
441
+ <div id="dashboard-widgets" class="metabox-holder<?php echo $columns_css; ?>">
442
+ <div id="postbox-container-1" class="postbox-container">
443
+ <?php do_meta_boxes( $screen->id, 'normal', '' ); ?>
444
+ </div>
445
+ <div id="postbox-container-2" class="postbox-container">
446
+ <?php do_meta_boxes( $screen->id, 'side', '' ); ?>
447
+ </div>
448
+ <div id="postbox-container-3" class="postbox-container">
449
+ <?php do_meta_boxes( $screen->id, 'column3', '' ); ?>
450
+ </div>
451
+ <div id="postbox-container-4" class="postbox-container">
452
+ <?php do_meta_boxes( $screen->id, 'column4', '' ); ?>
453
+ </div>
454
+ </div>
455
+
456
+ <?php
457
+ wp_nonce_field( 'closedpostboxes', 'closedpostboxesnonce', false );
458
+ wp_nonce_field( 'meta-box-order', 'meta-box-order-nonce', false );
459
+ }
460
+
461
+ function wp_dashboard_setup() {
462
+ global $aio_wp_security;
463
+ global $wp_registered_widgets, $wp_registered_widget_controls, $wp_dashboard_control_callbacks;
464
+ $wp_dashboard_control_callbacks = array();
465
+ $screen = get_current_screen();
466
+
467
+ // Add widgets
468
+ wp_add_dashboard_widget( 'security_strength_meter', __( 'Security Strength Meter', 'all-in-one-wp-security-and-firewall' ), array($this, 'widget_security_strength_meter') );
469
+ wp_add_dashboard_widget( 'security_points_breakdown', __( 'Security Points Breakdown', 'all-in-one-wp-security-and-firewall' ), array($this, 'widget_security_points_breakdown') );
470
+ wp_add_dashboard_widget( 'spread_the_word', __( 'Spread the Word', 'all-in-one-wp-security-and-firewall' ), array($this, 'widget_spread_the_word') );
471
+ wp_add_dashboard_widget( 'know_developers', __( 'Get To Know The Developers', 'all-in-one-wp-security-and-firewall' ), array($this, 'widget_know_developers') );
472
+ wp_add_dashboard_widget( 'critical_feature_status', __( 'Critical Feature Status', 'all-in-one-wp-security-and-firewall' ), array($this, 'widget_critical_feature_status') );
473
+ wp_add_dashboard_widget( 'last_5_logins', __( 'Last 5 Logins', 'all-in-one-wp-security-and-firewall' ), array($this, 'widget_last_5_logins') );
474
+ wp_add_dashboard_widget( 'maintenance_mode_status', __( 'Maintenance Mode Status', 'all-in-one-wp-security-and-firewall' ), array($this, 'widget_maintenance_mode_status') );
475
+ if ($aio_wp_security->configs->get_value('aiowps_enable_brute_force_attack_prevention') == '1' ||
476
+ $aio_wp_security->configs->get_value('aiowps_enable_rename_login_page') == '1') {
477
+ wp_add_dashboard_widget( 'brute_force', __( 'Brute Force Prevention Login Page' ), array($this, 'widget_brute_force') );
478
+ }
479
+ wp_add_dashboard_widget( 'logged_in_users', __( 'Logged In Users', 'all-in-one-wp-security-and-firewall' ), array($this, 'widget_logged_in_users') );
480
+ wp_add_dashboard_widget( 'locked_ip_addresses', __( 'Locked IP Addresses', 'all-in-one-wp-security-and-firewall' ), array($this, 'widget_locked_ip_addresses') );
481
+
482
+ do_action( 'aiowps_dashboard_setup' );
483
+ $dashboard_widgets = apply_filters( 'aiowps_dashboard_widgets', array() );
484
+
485
+ foreach ( $dashboard_widgets as $widget_id ) {
486
+ $name = empty( $wp_registered_widgets[$widget_id]['all_link'] ) ? $wp_registered_widgets[$widget_id]['name'] : $wp_registered_widgets[$widget_id]['name'] . " <a href='{$wp_registered_widgets[$widget_id]['all_link']}' class='edit-box open-box'>" . __('View all') . '</a>';
487
+ wp_add_dashboard_widget( $widget_id, $name, $wp_registered_widgets[$widget_id]['callback'], $wp_registered_widget_controls[$widget_id]['callback'] );
488
+ }
489
+ }
490
+
491
+ public function widget_security_strength_meter() {
492
+ global $aiowps_feature_mgr;
493
+ global $aio_wp_security;
494
+ $total_site_security_points = $aiowps_feature_mgr->get_total_site_points();
495
+ $total_security_points_achievable = $aiowps_feature_mgr->get_total_achievable_points();
496
+
497
+ ?>
498
+ <script type='text/javascript'>
499
+ google.load('visualization', '1', {packages: ['gauge']});
500
+ google.setOnLoadCallback(drawChart);
501
+ function drawChart() {
502
+ var data = google.visualization.arrayToDataTable([
503
+ ['Label', 'Value'],
504
+ ['Strength', <?php echo $total_site_security_points; ?>]
505
+ ]);
506
+
507
+ var options = {
508
+ width: 320, height: 200, max: <?php echo $total_security_points_achievable; ?>,
509
+ greenColor: '8EFA9B', yellowColor: 'F5EE90', redColor: 'FA7373',
510
+ redFrom: 0, redTo: 10,
511
+ yellowFrom: 10, yellowTo: 50,
512
+ greenFrom: 50, greenTo: <?php echo $total_security_points_achievable; ?>,
513
+ minorTicks: 5
514
+ };
515
+
516
+ var chart = new google.visualization.Gauge(document.getElementById('security_strength_chart_div'));
517
+ chart.draw(data, options);
518
+ }
519
+ </script>
520
+ <div id='security_strength_chart_div'></div>
521
+ <div class="aiowps_dashboard_widget_footer">
522
+ <?php
523
+ _e('Total Achievable Points: ', 'all-in-one-wp-security-and-firewall');
524
+ echo '<strong>' . $total_security_points_achievable . '</strong><br />';
525
+ _e('Current Score of Your Site: ', 'all-in-one-wp-security-and-firewall');
526
+ echo '<strong>' . $total_site_security_points . '</strong>';
527
+ ?>
528
+ </div>
529
+ <?php
530
+ }
531
+
532
+ public function widget_security_points_breakdown() {
533
+ global $aiowps_feature_mgr;
534
+ global $aio_wp_security;
535
+ $feature_mgr = $aiowps_feature_mgr;
536
+ $total_site_security_points = $feature_mgr->get_total_site_points();
537
+ $total_security_points_achievable = $feature_mgr->get_total_achievable_points();
538
+
539
+ $feature_items = $feature_mgr->feature_items;
540
+ $pt_src_chart_data = "";
541
+ $pt_src_chart_data .= "['Feature Name', 'Points'],";
542
+ foreach ($feature_items as $item) {
543
+ if ($item->feature_status == $feature_mgr->feature_active) {
544
+ $pt_src_chart_data .= "['" . $item->feature_name . "', " . $item->item_points . "],";
545
+ }
546
+ }
547
+
548
+ ?>
549
+ <script type="text/javascript">
550
+ google.load("visualization", "1", {packages: ["corechart"]});
551
+ google.setOnLoadCallback(drawChart);
552
+ function drawChart() {
553
+ var data = google.visualization.arrayToDataTable([
554
+ <?php echo $pt_src_chart_data; ?>
555
+ ]);
556
+
557
+ var options = {
558
+ // height: '250',
559
+ // width: '450',
560
+ backgroundColor: 'F6F6F6',
561
+ pieHole: 0.4,
562
+ chartArea: {
563
+ width: '95%',
564
+ height: '95%',
565
+ }
566
+ };
567
+
568
+ var chart = new google.visualization.PieChart(document.getElementById('points_source_breakdown_chart_div'));
569
+ chart.draw(data, options);
570
+ }
571
+ </script>
572
+ <div id='points_source_breakdown_chart_div'></div>
573
+ <?php
574
+ }
575
+
576
+ public function widget_spread_the_word() {
577
+ ?>
578
+ <p><?php _e('We are working hard to make your WordPress site more secure. Please support us, here is how:', 'all-in-one-wp-security-and-firewall');?></p>
579
+ <p><a href="https://www.facebook.com/tipsntrickshq/" target="_blank"><?php _e('Follow us on', 'all-in-one-wp-security-and-firewall');?> Facebook</a>
580
+ </p>
581
+ <p>
582
+ <a href="http://twitter.com/intent/tweet?url=https://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin&text=I love the All In One WP Security and Firewall plugin!"
583
+ target="_blank" class="aio_tweet_link"><?php _e('Post to Twitter', 'all-in-one-wp-security-and-firewall');?></a>
584
+ </p>
585
+ <p>
586
+ <a href="http://wordpress.org/support/view/plugin-reviews/all-in-one-wp-security-and-firewall/"
587
+ target="_blank" class="aio_rate_us_link"><?php _e('Give us a Good Rating', 'all-in-one-wp-security-and-firewall');?></a>
588
+ </p>
589
+ <?php
590
+ }
591
+
592
+ public function widget_know_developers() {
593
+ ?>
594
+ <p><?php _e('Wanna know more about the developers behind this plugin?', 'all-in-one-wp-security-and-firewall');?></p>
595
+ <p><a href="https://wpsolutions-hq.com/" target="_blank">WPSolutions</a></p>
596
+ <p><a href="https://www.tipsandtricks-hq.com/" target="_blank">Tips and Tricks HQ</a></p>
597
+
598
+ <?php
599
+ }
600
+
601
+ public function widget_critical_feature_status() {
602
+ global $aiowps_feature_mgr;
603
+ global $aio_wp_security;
604
+ $feature_mgr = $aiowps_feature_mgr;
605
+
606
+ _e('Below is the current status of the critical features that you should activate on your site to achieve a minimum level of recommended security', 'all-in-one-wp-security-and-firewall');
607
+ $feature_items = $aiowps_feature_mgr->feature_items;
608
+ $username_admin_feature = $aiowps_feature_mgr->get_feature_item_by_id("user-accounts-change-admin-user");
609
+ echo '<div class="aiowps_feature_status_container">';
610
+ echo '<div class="aiowps_feature_status_name">' . __('Admin Username', 'all-in-one-wp-security-and-firewall') . '</div>';
611
+ echo '<a href="admin.php?page=' . AIOWPSEC_USER_ACCOUNTS_MENU_SLUG . '">';
612
+ echo '<div class="aiowps_feature_status_bar">';
613
+ if ($username_admin_feature->feature_status == $aiowps_feature_mgr->feature_active) {
614
+ echo '<div class="aiowps_feature_status_label aiowps_feature_status_on">On</div>';
615
+ echo '<div class="aiowps_feature_status_label">Off</div>';
616
+ } else {
617
+ echo '<div class="aiowps_feature_status_label">On</div>';
618
+ echo '<div class="aiowps_feature_status_label aiowps_feature_status_off">Off</div>';
619
+ }
620
+ echo '</div></div></a>';
621
+ echo '<div class="aio_clear_float"></div>';
622
+
623
+ $login_lockdown_feature = $aiowps_feature_mgr->get_feature_item_by_id("user-login-login-lockdown");
624
+ echo '<div class="aiowps_feature_status_container">';
625
+ echo '<div class="aiowps_feature_status_name">' . __('Login Lockdown', 'all-in-one-wp-security-and-firewall') . '</div>';
626
+ echo '<a href="admin.php?page=' . AIOWPSEC_USER_LOGIN_MENU_SLUG . '">';
627
+ echo '<div class="aiowps_feature_status_bar">';
628
+ if ($login_lockdown_feature->feature_status == $aiowps_feature_mgr->feature_active) {
629
+ echo '<div class="aiowps_feature_status_label aiowps_feature_status_on">On</div>';
630
+ echo '<div class="aiowps_feature_status_label">Off</div>';
631
+ } else {
632
+ echo '<div class="aiowps_feature_status_label">On</div>';
633
+ echo '<div class="aiowps_feature_status_label aiowps_feature_status_off">Off</div>';
634
+ }
635
+ echo '</div></div></a>';
636
+ echo '<div class="aio_clear_float"></div>';
637
+
638
+ $filesystem_feature = $aiowps_feature_mgr->get_feature_item_by_id("filesystem-file-permissions");
639
+ echo '<div class="aiowps_feature_status_container">';
640
+ echo '<div class="aiowps_feature_status_name">' . __('File Permission', 'all-in-one-wp-security-and-firewall') . '</div>';
641
+ echo '<a href="admin.php?page=' . AIOWPSEC_FILESYSTEM_MENU_SLUG . '">';
642
+ echo '<div class="aiowps_feature_status_bar">';
643
+ if ($filesystem_feature->feature_status == $aiowps_feature_mgr->feature_active) {
644
+ echo '<div class="aiowps_feature_status_label aiowps_feature_status_on">On</div>';
645
+ echo '<div class="aiowps_feature_status_label">Off</div>';
646
+ } else {
647
+ echo '<div class="aiowps_feature_status_label">On</div>';
648
+ echo '<div class="aiowps_feature_status_label aiowps_feature_status_off">Off</div>';
649
+ }
650
+ echo '</div></div></a>';
651
+ echo '<div class="aio_clear_float"></div>';
652
+
653
+ $basic_firewall_feature = $aiowps_feature_mgr->get_feature_item_by_id("firewall-basic-rules");
654
+ echo '<div class="aiowps_feature_status_container">';
655
+ echo '<div class="aiowps_feature_status_name">' . __('Basic Firewall', 'all-in-one-wp-security-and-firewall') . '</div>';
656
+ echo '<a href="admin.php?page=' . AIOWPSEC_FIREWALL_MENU_SLUG . '">';
657
+ echo '<div class="aiowps_feature_status_bar">';
658
+ if ($basic_firewall_feature->feature_status == $aiowps_feature_mgr->feature_active) {
659
+ echo '<div class="aiowps_feature_status_label aiowps_feature_status_on">On</div>';
660
+ echo '<div class="aiowps_feature_status_label">Off</div>';
661
+ } else {
662
+ echo '<div class="aiowps_feature_status_label">On</div>';
663
+ echo '<div class="aiowps_feature_status_label aiowps_feature_status_off">Off</div>';
664
+ }
665
+ echo '</div></div></a>';
666
+ echo '<div class="aio_clear_float"></div>';
667
+ }
668
+
669
+ public function widget_last_5_logins() {
670
+ global $wpdb;
671
+ $login_activity_table = AIOWPSEC_TBL_USER_LOGIN_ACTIVITY;
672
+
673
+ /* -- Ordering parameters -- */
674
+ //Parameters that are going to be used to order the result
675
+ isset($_GET["orderby"]) ? $orderby = strip_tags($_GET["orderby"]) : $orderby = '';
676
+ isset($_GET["order"]) ? $order = strip_tags($_GET["order"]) : $order = '';
677
+
678
+ $orderby = !empty($orderby) ? $orderby : 'login_date';
679
+ $order = !empty($order) ? $order : 'DESC';
680
+
681
+ $data = $wpdb->get_results($wpdb->prepare("SELECT * FROM $login_activity_table ORDER BY login_date DESC LIMIT %d", 5), ARRAY_A); //Get the last 5 records
682
+
683
+ if ($data == NULL) {
684
+ echo '<p>' . __('No data found!', 'all-in-one-wp-security-and-firewall') . '</p>';
685
+
686
+ } else {
687
+ $login_summary_table = '';
688
+ echo '<p>' . __('Last 5 logins summary:', 'all-in-one-wp-security-and-firewall') . '</p>';
689
+ $login_summary_table .= '<table class="widefat aiowps_dashboard_table">';
690
+ $login_summary_table .= '<thead>';
691
+ $login_summary_table .= '<tr>';
692
+ $login_summary_table .= '<th>' . __('User', 'all-in-one-wp-security-and-firewall') . '</th>';
693
+ $login_summary_table .= '<th>' . __('Date', 'all-in-one-wp-security-and-firewall') . '</th>';
694
+ $login_summary_table .= '<th>' . __('IP', 'all-in-one-wp-security-and-firewall') . '</th>';
695
+ $login_summary_table .= '</tr>';
696
+ $login_summary_table .= '</thead>';
697
+ foreach ($data as $entry) {
698
+ $login_summary_table .= '<tr>';
699
+ $login_summary_table .= '<td>' . $entry['user_login'] . '</td>';
700
+ $login_summary_table .= '<td>' . $entry['login_date'] . '</td>';
701
+ $login_summary_table .= '<td>' . $entry['login_ip'] . '</td>';
702
+ $login_summary_table .= '</tr>';
703
+ }
704
+ $login_summary_table .= '</table>';
705
+ echo $login_summary_table;
706
+ }
707
+
708
+ echo '<div class="aio_clear_float"></div>';
709
+
710
+ }
711
+
712
+ public function widget_maintenance_mode_status() {
713
+ global $aio_wp_security;
714
+ if ($aio_wp_security->configs->get_value('aiowps_site_lockout') == '1') {
715
+ echo '<p>' . __('Maintenance mode is currently enabled. Remember to turn it off when you are done', 'all-in-one-wp-security-and-firewall') . '</p>';
716
+ } else {
717
+ echo '<p>' . __('Maintenance mode is currently off.', 'all-in-one-wp-security-and-firewall') . '</p>';
718
+ }
719
+
720
+ echo '<div class="aiowps_feature_status_container">';
721
+ echo '<div class="aiowps_feature_status_name">' . __('Maintenance Mode', 'all-in-one-wp-security-and-firewall') . '</div>';
722
+ echo '<a href="admin.php?page=' . AIOWPSEC_MAINTENANCE_MENU_SLUG . '">';
723
+ echo '<div class="aiowps_feature_status_bar">';
724
+ if ($aio_wp_security->configs->get_value('aiowps_site_lockout') == '1') {//Maintenance mode is enabled
725
+ echo '<div class="aiowps_feature_status_label aiowps_feature_status_off">On</div>';//If enabled show red by usign the "off" class
726
+ echo '<div class="aiowps_feature_status_label">Off</div>';
727
+ } else {
728
+ echo '<div class="aiowps_feature_status_label">On</div>';
729
+ echo '<div class="aiowps_feature_status_label aiowps_feature_status_on">Off</div>';
730
+ }
731
+ echo '</div></div></a>';
732
+ echo '<div class="aio_clear_float"></div>';
733
+
734
+ }
735
+
736
+ public function widget_brute_force() {
737
+ global $aio_wp_security;
738
+ if ($aio_wp_security->configs->get_value('aiowps_enable_brute_force_attack_prevention') == '1') {
739
+ $brute_force_login_feature_link = '<a href="admin.php?page=' . AIOWPSEC_BRUTE_FORCE_MENU_SLUG . '&tab=tab2" target="_blank">' . __('Cookie-Based Brute Force', 'all-in-one-wp-security-and-firewall') . '</a>';
740
+ $brute_force_feature_secret_word = $aio_wp_security->configs->get_value('aiowps_brute_force_secret_word');
741
+ echo '<div class="aio_yellow_box">';
742
+
743
+ echo '<p>' . sprintf(__('The %s feature is currently active.', 'all-in-one-wp-security-and-firewall'), $brute_force_login_feature_link) . '</p>';
744
+ echo '<p>' . __('Your new WordPress login URL is now:', 'all-in-one-wp-security-and-firewall') . '</p>';
745
+ echo '<p><strong>' . AIOWPSEC_WP_URL . '/?' . $brute_force_feature_secret_word . '=1</strong></p>';
746
+ echo '</div>'; //yellow box div
747
+ echo '<div class="aio_clear_float"></div>';
748
+ }//End if statement for Cookie Based Brute Prevention box
749
+
750
+ //Insert Rename Login Page feature box if this feature is active
751
+ if ($aio_wp_security->configs->get_value('aiowps_enable_rename_login_page') == '1') {
752
+ if (get_option('permalink_structure')) {
753
+ $home_url = trailingslashit(home_url());
754
+ } else {
755
+ $home_url = trailingslashit(home_url()) . '?';
756
+ }
757
+
758
+ $rename_login_feature_link = '<a href="admin.php?page=' . AIOWPSEC_BRUTE_FORCE_MENU_SLUG . '&tab=tab1" target="_blank">' . __('Rename Login Page', 'all-in-one-wp-security-and-firewall') . '</a>';
759
+ echo '<div class="aio_yellow_box">';
760
+
761
+ echo '<p>' . sprintf(__('The %s feature is currently active.', 'all-in-one-wp-security-and-firewall'), $rename_login_feature_link) . '</p>';
762
+ echo '<p>' . __('Your new WordPress login URL is now:', 'all-in-one-wp-security-and-firewall') . '</p>';
763
+ echo '<p><strong>' . $home_url . $aio_wp_security->configs->get_value('aiowps_login_page_slug') . '</strong></p>';
764
+ echo '</div>'; //yellow box div
765
+ echo '<div class="aio_clear_float"></div>';
766
+ }//End if statement for Rename Login box
767
+
768
+ }
769
+
770
+ public function widget_logged_in_users() {
771
+ $users_online_link = '<a href="admin.php?page=' . AIOWPSEC_USER_LOGIN_MENU_SLUG . '&tab=tab5">Logged In Users</a>';
772
+ // default display messages
773
+ $multiple_users_info_msg = __('Number of users currently logged into your site (including you) is:', 'all-in-one-wp-security-and-firewall');
774
+ $single_user_info_msg = __('There are no other users currently logged in.', 'all-in-one-wp-security-and-firewall');
775
+ if (AIOWPSecurity_Utility::is_multisite_install()) {
776
+ $current_blog_id = get_current_blog_id();
777
+ $is_main = is_main_site($current_blog_id);
778
+
779
+ if(empty($is_main)) {
780
+ // subsite - only get logged in users for this blog_id
781
+ $logged_in_users = AIOWPSecurity_User_Login::get_subsite_logged_in_users($current_blog_id);
782
+ } else {
783
+ // main site - get sitewide users
784
+ $logged_in_users = get_site_transient('users_online');
785
+
786
+ // If viewing aiowps from multisite main network dashboard then display a different message
787
+ $multiple_users_info_msg = __('Number of users currently logged in site-wide (including you) is:', 'all-in-one-wp-security-and-firewall');
788
+ $single_user_info_msg = __('There are no other site-wide users currently logged in.', 'all-in-one-wp-security-and-firewall');
789
+ }
790
+ } else {
791
+ $logged_in_users = get_transient('users_online');
792
+ }
793
+
794
+ if (empty($logged_in_users)) {
795
+ $num_users = 0;
796
+ } else {
797
+ $num_users = count($logged_in_users);
798
+ }
799
+ if ($num_users > 1) {
800
+ echo '<div class="aio_red_box"><p>' . $multiple_users_info_msg . ' <strong>' . $num_users . '</strong></p>';
801
+ $info_msg = '<p>' . sprintf(__('Go to the %s menu to see more details', 'all-in-one-wp-security-and-firewall'), $users_online_link) . '</p>';
802
+ echo $info_msg . '</div>';
803
+ } else {
804
+ echo '<div class="aio_green_box"><p>' . $single_user_info_msg . '</p></div>';
805
+ }
806
+
807
+ }
808
+
809
+ public function widget_locked_ip_addresses() {
810
+ $locked_ips_link = '<a href="admin.php?page=' . AIOWPSEC_MAIN_MENU_SLUG . '&tab=tab3">Locked IP Addresses</a>';
811
+
812
+ $locked_ips = AIOWPSecurity_Utility::get_locked_ips();
813
+ if ($locked_ips === FALSE) {
814
+ echo '<div class="aio_green_box"><p>' . __('There are no IP addresses currently locked out.', 'all-in-one-wp-security-and-firewall') . '</p></div>';
815
+ } else {
816
+ $num_ips = count($locked_ips);
817
+ echo '<div class="aio_red_box"><p>' . __('Number of temporarily locked out IP addresses: ', 'all-in-one-wp-security-and-firewall') . ' <strong>' . $num_ips . '</strong></p>';
818
+ $info_msg = '<p>' . sprintf(__('Go to the %s menu to see more details', 'all-in-one-wp-security-and-firewall'), $locked_ips_link) . '</p>';
819
+ echo $info_msg . '</div>';
820
+ }
821
+ }
822
+
823
+ } //end class
 
admin/wp-security-database-menu.php CHANGED
@@ -1,611 +1,611 @@
1
- <?php
2
- if(!defined('ABSPATH')){
3
- exit;//Exit if accessed directly
4
- }
5
-
6
- class AIOWPSecurity_Database_Menu extends AIOWPSecurity_Admin_Menu
7
- {
8
- var $menu_page_slug = AIOWPSEC_DB_SEC_MENU_SLUG;
9
-
10
- /* Specify all the tabs of this menu in the following array */
11
- var $menu_tabs;
12
-
13
- var $menu_tabs_handler = array(
14
- 'tab1' => 'render_tab1',
15
- 'tab2' => 'render_tab2',
16
- );
17
-
18
- function __construct()
19
- {
20
- $this->render_menu_page();
21
- }
22
-
23
- function set_menu_tabs()
24
- {
25
- if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1){
26
- //Suppress the DB prefix change tab if site is a multi site AND not the main site
27
- $this->menu_tabs = array(
28
- //'tab1' => __('DB Prefix', 'all-in-one-wp-security-and-firewall'),
29
- 'tab2' => __('DB Backup', 'all-in-one-wp-security-and-firewall'),
30
- );
31
- }else{
32
- $this->menu_tabs = array(
33
- 'tab1' => __('DB Prefix', 'all-in-one-wp-security-and-firewall'),
34
- 'tab2' => __('DB Backup', 'all-in-one-wp-security-and-firewall'),
35
- );
36
- }
37
-
38
- }
39
-
40
- function get_current_tab()
41
- {
42
- $tab_keys = array_keys($this->menu_tabs);
43
- $tab = isset( $_GET['tab'] ) ? sanitize_text_field($_GET['tab']) : $tab_keys[0];
44
- return $tab;
45
- }
46
-
47
- /*
48
- * Renders our tabs of this menu as nav items
49
- */
50
- function render_menu_tabs()
51
- {
52
- $current_tab = $this->get_current_tab();
53
-
54
- echo '<h2 class="nav-tab-wrapper">';
55
- foreach ( $this->menu_tabs as $tab_key => $tab_caption )
56
- {
57
- $active = $current_tab == $tab_key ? 'nav-tab-active' : '';
58
- echo '<a class="nav-tab ' . $active . '" href="?page=' . $this->menu_page_slug . '&tab=' . $tab_key . '">' . $tab_caption . '</a>';
59
- }
60
- echo '</h2>';
61
- }
62
-
63
- /*
64
- * The menu rendering goes here
65
- */
66
- function render_menu_page()
67
- {
68
- echo '<div class="wrap">';
69
- echo '<h2>'.__('Database Security','all-in-one-wp-security-and-firewall').'</h2>';//Interface title
70
- $this->set_menu_tabs();
71
- $tab = $this->get_current_tab();
72
- $this->render_menu_tabs();
73
- ?>
74
- <div id="poststuff"><div id="post-body">
75
- <?php
76
- //$tab_keys = array_keys($this->menu_tabs);
77
- call_user_func(array(&$this, $this->menu_tabs_handler[$tab]));
78
- ?>
79
- </div></div>
80
- </div><!-- end of wrap -->
81
- <?php
82
- }
83
-
84
- function render_tab1()
85
- {
86
- global $wpdb, $aio_wp_security;
87
- $old_db_prefix = $wpdb->prefix;
88
- $new_db_prefix = '';
89
- $perform_db_change = false;
90
-
91
- if (isset($_POST['aiowps_db_prefix_change']))//Do form submission tasks
92
- {
93
- $nonce=$_REQUEST['_wpnonce'];
94
- if (!wp_verify_nonce($nonce, 'aiowpsec-db-prefix-change-nonce'))
95
- {
96
- $aio_wp_security->debug_logger->log_debug("Nonce check failed for DB prefix change operation!",4);
97
- die(__('Nonce check failed for DB prefix change operation!','all-in-one-wp-security-and-firewall'));
98
- }
99
-
100
- //Let's first check if user's system allows writing to wp-config.php file. If plugin cannot write to wp-config we will not do the prefix change.
101
- $config_file = AIOWPSecurity_Utility_File::get_wp_config_file_path();
102
- $file_write = AIOWPSecurity_Utility_File::is_file_writable($config_file);
103
- if (!$file_write)
104
- {
105
- $this->show_msg_error(__('The plugin has detected that it cannot write to the wp-config.php file. This feature can only be used if the plugin can successfully write to the wp-config.php file.', 'all-in-one-wp-security-and-firewall'));
106
- }
107
- else
108
- {
109
- if( isset($_POST['aiowps_enable_random_prefix']))
110
- {//User has elected to generate a random DB prefix
111
- $string = AIOWPSecurity_Utility::generate_alpha_random_string('5');
112
- $new_db_prefix = $string . '_';
113
- $perform_db_change = true;
114
- }else
115
- {
116
- if (empty($_POST['aiowps_new_manual_db_prefix']))
117
- {
118
- $this->show_msg_error(__('Please enter a value for the DB prefix.', 'all-in-one-wp-security-and-firewall'));
119
- }
120
- else
121
- {
122
- //User has chosen their own DB prefix value
123
- $new_db_prefix = wp_strip_all_tags( trim( $_POST['aiowps_new_manual_db_prefix'] ) );
124
- $error = $wpdb->set_prefix( $new_db_prefix ); //validate the user chosen prefix
125
- if(is_wp_error($error))
126
- {
127
- wp_die( __('<strong>ERROR</strong>: The table prefix can only contain numbers, letters, and underscores.', 'all-in-one-wp-security-and-firewall') );
128
- }
129
- $wpdb->set_prefix( $old_db_prefix );
130
- $perform_db_change = true;
131
- }
132
- }
133
- }
134
- }
135
- ?>
136
- <h2><?php _e('Change Database Prefix', 'all-in-one-wp-security-and-firewall')?></h2>
137
- <div class="aio_blue_box">
138
- <?php
139
- echo '<p>'.__('Your WordPress DB is the most important asset of your website because it contains a lot of your site\'s precious information.', 'all-in-one-wp-security-and-firewall').'
140
- <br />'.__('The DB is also a target for hackers via methods such as SQL injections and malicious and automated code which targets certain tables.', 'all-in-one-wp-security-and-firewall').'
141
- <br />'.__('One way to add a layer of protection for your DB is to change the default WordPress table prefix from "wp_" to something else which will be difficult for hackers to guess.', 'all-in-one-wp-security-and-firewall').'
142
- <br />'.__('This feature allows you to easily change the prefix to a value of your choice or to a random value set by this plugin.', 'all-in-one-wp-security-and-firewall').'
143
- </p>';
144
- ?>
145
- </div>
146
-
147
- <div class="postbox">
148
- <h3 class="hndle"><label for="title"><?php _e('DB Prefix Options', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
149
- <div class="inside">
150
- <?php
151
- //Display security info badge
152
- global $aiowps_feature_mgr;
153
- $aiowps_feature_mgr->output_feature_details_badge("db-security-db-prefix");
154
- ?>
155
-
156
- <div class="aio_red_box">
157
- <?php
158
- $backup_tab_link = '<a href="admin.php?page='.AIOWPSEC_DB_SEC_MENU_SLUG.'&tab=tab2">DB Backup</a>';
159
- $info_msg = '<p><strong>'.sprintf( __('It is recommended that you perform a %s before using this feature', 'all-in-one-wp-security-and-firewall'), $backup_tab_link).'</strong></p>';
160
- echo $info_msg;
161
- ?>
162
- </div>
163
-
164
- <form action="" method="POST">
165
- <?php wp_nonce_field('aiowpsec-db-prefix-change-nonce'); ?>
166
- <table class="form-table">
167
- <tr valign="top">
168
- <th scope="row"><?php _e('Current DB Table Prefix', 'all-in-one-wp-security-and-firewall')?>:</th>
169
- <td>
170
- <span class="aiowpsec_field_value"><strong><?php echo $wpdb->prefix; ?></strong></span>
171
- <?php
172
- //now let's display a warning notification if default prefix is used
173
- if ($old_db_prefix == 'wp_') {
174
- echo '&nbsp;&nbsp;&nbsp;<span class="aio_error_with_icon">'.__('Your site is currently using the default WordPress DB prefix value of "wp_".
175
- To increase your site\'s security you should consider changing the DB prefix value to another value.', 'all-in-one-wp-security-and-firewall').'</span>';
176
- }
177
- ?>
178
- </td>
179
- </tr>
180
- <tr valign="top">
181
- <th scope="row"><?php _e('Generate New DB Table Prefix', 'all-in-one-wp-security-and-firewall')?>:</th>
182
- <td>
183
- <input name="aiowps_enable_random_prefix" type="checkbox" <?php if($aio_wp_security->configs->get_value('aiowps_enable_random_prefix')=='1') echo ' checked="checked"'; ?> value="1"/>
184
- <span class="description"><?php _e('Check this if you want the plugin to generate a random 6 character string for the table prefix', 'all-in-one-wp-security-and-firewall'); ?></span>
185
- <br /><?php _e('OR', 'all-in-one-wp-security-and-firewall'); ?>
186
- <br /><input type="text" size="10" name="aiowps_new_manual_db_prefix" value="<?php //echo $aio_wp_security->configs->get_value('aiowps_new_manual_db_prefix'); ?>" />
187
- <span class="description"><?php _e('Choose your own DB prefix by specifying a string which contains letters and/or numbers and/or underscores. Example: xyz_', 'all-in-one-wp-security-and-firewall'); ?></span>
188
- </td>
189
- </tr>
190
- </table>
191
- <input type="submit" name="aiowps_db_prefix_change" value="<?php _e('Change DB Prefix', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
192
- </form>
193
- </div></div>
194
- <?php
195
- if ($perform_db_change)
196
- {
197
- //Do the DB prefix change operations
198
- $this->change_db_prefix($old_db_prefix,$new_db_prefix);
199
- }
200
- }
201
-
202
- function render_tab2()
203
- {
204
- global $aio_wp_security;
205
- global $aiowps_feature_mgr;
206
- if (isset($_POST['aiowps_manual_db_backup']))
207
- {
208
- $nonce=$_REQUEST['_wpnonce'];
209
- if (!wp_verify_nonce($nonce, 'aiowpsec-db-manual-change-nonce'))
210
- {
211
- $aio_wp_security->debug_logger->log_debug("Nonce check failed for manual DB backup operation!",4);
212
- die(__('Nonce check failed for manual DB backup operation!','all-in-one-wp-security-and-firewall'));
213
- }
214
-
215
- $result = $aio_wp_security->backup_obj->execute_backup();
216
- if ($result)
217
- {
218
- $backup_file_name = $aio_wp_security->backup_obj->last_backup_file_name;
219
- if (function_exists('is_multisite') && is_multisite())
220
- {
221
- $aiowps_backup_file_path = $aio_wp_security->backup_obj->last_backup_file_dir_multisite . '/' . $backup_file_name;
222
- }
223
- else
224
- {
225
- $aiowps_backup_dir = WP_CONTENT_DIR.'/'.AIO_WP_SECURITY_BACKUPS_DIR_NAME;
226
- $aiowps_backup_file_path = $aiowps_backup_dir. '/' . $backup_file_name;
227
- }
228
- echo '<div id="message" class="updated fade"><p>';
229
- _e('DB Backup was successfully completed! You will receive the backup file via email if you have enabled "Send Backup File Via Email", otherwise you can retrieve it via FTP from the following directory:','all-in-one-wp-security-and-firewall');
230
- echo '</p><p>';
231
- _e('Your DB Backup File location: ');
232
- echo '<strong>'.$aiowps_backup_file_path.'</strong>';
233
- echo '</p></div>';
234
- }
235
- else
236
- {
237
- $aio_wp_security->debug_logger->log_debug("DB Backup - Backup operation failed!",4);
238
- $this->show_msg_error(__('DB Backup failed. Please check the permissions of the backup directory.','all-in-one-wp-security-and-firewall'));
239
- }
240
- }
241
-
242
- if(isset($_POST['aiowps_schedule_backups']))//Do form submission tasks
243
- {
244
- $error = '';
245
- $nonce=$_REQUEST['_wpnonce'];
246
- if (!wp_verify_nonce($nonce, 'aiowpsec-scheduled-backup-nonce'))
247
- {
248
- $aio_wp_security->debug_logger->log_debug("Nonce check failed on scheduled DB backup options save!",4);
249
- die("Nonce check failed on scheduled DB backup options save!");
250
- }
251
-
252
- $backup_frequency = sanitize_text_field($_POST['aiowps_db_backup_frequency']);
253
- if(!is_numeric($backup_frequency))
254
- {
255
- $error .= '<br />'.__('You entered a non numeric value for the "backup time interval" field. It has been set to the default value.','all-in-one-wp-security-and-firewall');
256
- $backup_frequency = '4';//Set it to the default value for this field
257
- }
258
-
259
- $files_to_keep = sanitize_text_field($_POST['aiowps_backup_files_stored']);
260
- if(!is_numeric($files_to_keep))
261
- {
262
- $error .= '<br />'.__('You entered a non numeric value for the "number of backup files to keep" field. It has been set to the default value.','all-in-one-wp-security-and-firewall');
263
- $files_to_keep = '2';//Set it to the default value for this field
264
- }
265
-
266
- $email_address = sanitize_email($_POST['aiowps_backup_email_address']);
267
- if(!is_email($email_address))
268
- {
269
- $error .= '<br />'.__('You have entered an incorrect email address format. It has been set to your WordPress admin email as default.','all-in-one-wp-security-and-firewall');
270
- $email_address = get_bloginfo('admin_email'); //Set the default value to the blog admin email
271
- }
272
-
273
- if($error)
274
- {
275
- $this->show_msg_error(__('Attention!','all-in-one-wp-security-and-firewall').$error);
276
- }
277
-
278
- //Save all the form values to the options
279
- $aio_wp_security->configs->set_value('aiowps_enable_automated_backups',isset($_POST["aiowps_enable_automated_backups"])?'1':'');
280
- $aio_wp_security->configs->set_value('aiowps_db_backup_frequency',absint($backup_frequency));
281
- $aio_wp_security->configs->set_value('aiowps_db_backup_interval',$_POST["aiowps_db_backup_interval"]);
282
- $aio_wp_security->configs->set_value('aiowps_backup_files_stored',absint($files_to_keep));
283
- $aio_wp_security->configs->set_value('aiowps_send_backup_email_address',isset($_POST["aiowps_send_backup_email_address"])?'1':'');
284
- $aio_wp_security->configs->set_value('aiowps_backup_email_address',$email_address);
285
- $aio_wp_security->configs->save_config();
286
-
287
- //Recalculate points after the feature status/options have been altered
288
- $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
289
- $this->show_msg_settings_updated();
290
-
291
- //Let's check if backup interval was set to less than 24 hours
292
- if (isset($_POST["aiowps_enable_automated_backups"]) && ($backup_frequency < 24) && $_POST["aiowps_db_backup_interval"]==0)
293
- {
294
- $alert_user_msg = 'ATTENTION: You have configured your backups to occur at least once daily. For most websites we recommended that you choose a less frequent backup
295
- schedule such as once every few days, once a week or once a month. Choosing a less frequent schedule will also help reduce your server load.';
296
- $this->show_msg_updated_st(__($alert_user_msg, 'all-in-one-wp-security-and-firewall'));
297
- }
298
- }
299
-
300
- ?>
301
- <div class="postbox">
302
- <h3 class="hndle"><label for="title"><?php _e('Manual Backup', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
303
- <div class="inside">
304
- <form action="" method="POST">
305
- <?php wp_nonce_field('aiowpsec-db-manual-change-nonce'); ?>
306
- <p>
307
- <span class="description"><?php _e('To create a new DB backup just click on the button below.', 'all-in-one-wp-security-and-firewall'); ?></span>
308
- </p>
309
- <input type="submit" name="aiowps_manual_db_backup" value="<?php _e('Create DB Backup Now', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
310
- </form>
311
- </div></div>
312
- <div class="postbox">
313
- <h3 class="hndle"><label for="title"><?php _e('Automated Scheduled Backups', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
314
- <div class="inside">
315
- <?php
316
- //Display security info badge
317
- global $aiowps_feature_mgr;
318
- $aiowps_feature_mgr->output_feature_details_badge("db-security-db-backup");
319
- ?>
320
-
321
- <form action="" method="POST">
322
- <?php wp_nonce_field('aiowpsec-scheduled-backup-nonce'); ?>
323
- <table class="form-table">
324
- <tr valign="top">
325
- <th scope="row"><?php _e('Enable Automated Scheduled Backups', 'all-in-one-wp-security-and-firewall')?>:</th>
326
- <td>
327
- <input name="aiowps_enable_automated_backups" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_automated_backups')=='1') echo ' checked="checked"'; ?> value="1"/>
328
- <span class="description"><?php _e('Check this if you want the system to automatically generate backups periodically based on the settings below', 'all-in-one-wp-security-and-firewall'); ?></span>
329
- </td>
330
- </tr>
331
- <tr valign="top">
332
- <th scope="row"><?php _e('Backup Time Interval', 'all-in-one-wp-security-and-firewall')?>:</th>
333
- <td><input type="text" size="5" name="aiowps_db_backup_frequency" value="<?php echo $aio_wp_security->configs->get_value('aiowps_db_backup_frequency'); ?>" />
334
- <select id="backup_interval" name="aiowps_db_backup_interval">
335
- <option value="0" <?php selected( $aio_wp_security->configs->get_value('aiowps_db_backup_interval'), '0' ); ?>><?php _e( 'Hours', 'all-in-one-wp-security-and-firewall' ); ?></option>
336
- <option value="1" <?php selected( $aio_wp_security->configs->get_value('aiowps_db_backup_interval'), '1' ); ?>><?php _e( 'Days', 'all-in-one-wp-security-and-firewall' ); ?></option>
337
- <option value="2" <?php selected( $aio_wp_security->configs->get_value('aiowps_db_backup_interval'), '2' ); ?>><?php _e( 'Weeks', 'all-in-one-wp-security-and-firewall' ); ?></option>
338
- </select>
339
- <span class="description"><?php _e('Set the value for how often you would like an automated backup to occur', 'all-in-one-wp-security-and-firewall'); ?></span>
340
- </td>
341
- </tr>
342
- <tr valign="top">
343
- <th scope="row"><?php _e('Number of Backup Files To Keep', 'all-in-one-wp-security-and-firewall')?>:</th>
344
- <td><input type="text" size="5" name="aiowps_backup_files_stored" value="<?php echo $aio_wp_security->configs->get_value('aiowps_backup_files_stored'); ?>" />
345
- <span class="description"><?php _e('Thie field allows you to choose the number of backup files you would like to keep in the backup directory', 'all-in-one-wp-security-and-firewall'); ?></span>
346
- </td>
347
- </tr>
348
- <tr valign="top">
349
- <th scope="row"><?php _e('Send Backup File Via Email', 'all-in-one-wp-security-and-firewall')?>:</th>
350
- <td>
351
- <input name="aiowps_send_backup_email_address" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_send_backup_email_address')=='1') echo ' checked="checked"'; ?> value="1"/>
352
- <span class="description"><?php _e('Check this if you want the system to email you the backup file after a DB backup has been performed', 'all-in-one-wp-security-and-firewall'); ?></span>
353
- <br /><input type="text" size="30" name="aiowps_backup_email_address" value="<?php echo $aio_wp_security->configs->get_value('aiowps_backup_email_address'); ?>" />
354
- <span class="description"><?php _e('Enter an email address', 'all-in-one-wp-security-and-firewall'); ?></span>
355
- </td>
356
- </tr>
357
- </table>
358
- <input type="submit" name="aiowps_schedule_backups" value="<?php _e('Save Settings', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
359
- </form>
360
- </div></div>
361
-
362
- <?php
363
- }
364
-
365
- /*
366
- * Changes the DB prefix
367
- */
368
- function change_db_prefix($table_old_prefix, $table_new_prefix)
369
- {
370
- global $wpdb, $aio_wp_security;
371
- $old_prefix_length = strlen( $table_old_prefix );
372
- $error = 0;
373
-
374
- //Config file path
375
- $config_file = AIOWPSecurity_Utility_File::get_wp_config_file_path();
376
-
377
- //Get the table resource
378
- //$result = mysql_list_tables(DB_NAME);
379
- $result = $this->get_mysql_tables(DB_NAME); //Fix for deprecated php mysql_list_tables function
380
-
381
- //Count the number of tables
382
- if (is_array($result) && count($result) > 0){
383
- $num_rows = count($result);
384
- }else{
385
- echo '<div class="aio_red_box"><p>'.__('Error - Could not get tables or no tables found!', 'all-in-one-wp-security-and-firewall').'</p></div>';
386
- return;
387
- }
388
- $table_count = 0;
389
- $info_msg_string = '<p class="aio_info_with_icon">'.__('Starting DB prefix change operations.....', 'all-in-one-wp-security-and-firewall').'</p>';
390
-
391
- $info_msg_string .= '<p class="aio_info_with_icon">'.sprintf( __('Your WordPress system has a total of %s tables and your new DB prefix will be: %s', 'all-in-one-wp-security-and-firewall'), '<strong>'.$num_rows.'</strong>', '<strong>'.$table_new_prefix.'</strong>').'</p>';
392
- echo ($info_msg_string);
393
-
394
- //Do a back of the config file
395
- if(!AIOWPSecurity_Utility_File::backup_and_rename_wp_config($config_file))
396
- {
397
- echo '<div class="aio_red_box"><p>'.__('Failed to make a backup of the wp-config.php file. This operation will not go ahead.', 'all-in-one-wp-security-and-firewall').'</p></div>';
398
- return;
399
- }
400
- else{
401
- echo '<p class="aio_success_with_icon">'.__('A backup copy of your wp-config.php file was created successfully!', 'all-in-one-wp-security-and-firewall').'</p>';
402
- }
403
-
404
- //Get multisite blog_ids if applicable
405
- if (AIOWPSecurity_Utility::is_multisite_install()) {
406
- $blog_ids = AIOWPSecurity_Utility::get_blog_ids();
407
- }
408
-
409
- //Rename all the table names
410
- foreach ($result as $db_table)
411
- {
412
- //Get table name with old prefix
413
- $table_old_name = $db_table;
414
-
415
- if ( strpos( $table_old_name, $table_old_prefix ) === 0 )
416
- {
417
- //Get table name with new prefix
418
- $table_new_name = $table_new_prefix . substr( $table_old_name, $old_prefix_length );
419
-
420
- //Write query to rename tables name
421
- $sql = "RENAME TABLE `".$table_old_name."` TO `".$table_new_name."`";
422
- //$sql = "RENAME TABLE %s TO %s";
423
-
424
- //Execute the query
425
- if ( false === $wpdb->query($sql) )
426
- {
427
- $error = 1;
428
- echo '<p class="aio_error_with_icon">'.sprintf( __('%s table name update failed', 'all-in-one-wp-security-and-firewall'), '<strong>'.$table_old_name.'</strong>').'</p>';
429
- $aio_wp_security->debug_logger->log_debug("DB Security Feature - Unable to change prefix of table ".$table_old_name,4);
430
- } else {
431
- $table_count++;
432
- }
433
- } else
434
- {
435
- continue;
436
- }
437
- }
438
- if ( $error == 1 )
439
- {
440
- echo '<p class="aio_error_with_icon">'.sprintf( __('Please change the prefix manually for the above tables to: %s', 'all-in-one-wp-security-and-firewall'), '<strong>'.$table_new_prefix.'</strong>').'</p>';
441
- } else
442
- {
443
- echo '<p class="aio_success_with_icon">'.sprintf( __('%s tables had their prefix updated successfully!', 'all-in-one-wp-security-and-firewall'), '<strong>'.$table_count.'</strong>').'</p>';
444
- }
445
-
446
- //Let's check for mysql tables of type "view"
447
- $this->alter_table_views($table_old_prefix, $table_new_prefix);
448
-
449
- //Get wp-config.php file contents and modify it with new info
450
- $config_contents = file($config_file);
451
- $prefix_match_string = '$table_prefix='; //this is our search string for the wp-config.php file
452
- foreach ($config_contents as $line_num => $line) {
453
- $no_ws_line = preg_replace( '/\s+/', '', $line ); //Strip white spaces
454
- if(strpos($no_ws_line, $prefix_match_string) !== FALSE){
455
- $prefix_parts = explode("=",$config_contents[$line_num]);
456
- $prefix_parts[1] = str_replace($table_old_prefix, $table_new_prefix, $prefix_parts[1]);
457
- $config_contents[$line_num] = implode("=",$prefix_parts);
458
- break;
459
- }
460
- }
461
- //Now let's modify the wp-config.php file
462
- if (AIOWPSecurity_Utility_File::write_content_to_file($config_file, $config_contents))
463
- {
464
- echo '<p class="aio_success_with_icon">'. __('wp-config.php file was updated successfully!', 'all-in-one-wp-security-and-firewall').'</p>';
465
- }else
466
- {
467
- echo '<p class="aio_error_with_icon">'.sprintf( __('The "wp-config.php" file was not able to be modified. Please modify this file manually using your favourite editor and search
468
- for variable "$table_prefix" and assign the following value to that variable: %s', 'all-in-one-wp-security-and-firewall'), '<strong>'.$table_new_prefix.'</strong>').'</p>';
469
- $aio_wp_security->debug_logger->log_debug("DB Security Feature - Unable to modify wp-config.php",4);
470
- }
471
-
472
- //Now let's update the options table
473
- $update_option_table_query = $wpdb->prepare("UPDATE " . $table_new_prefix . "options
474
- SET option_name = '".$table_new_prefix ."user_roles'
475
- WHERE option_name = %s LIMIT 1", $table_old_prefix."user_roles");
476
-
477
- if ( false === $wpdb->query($update_option_table_query) )
478
- {
479
- echo '<p class="aio_error_with_icon">'.sprintf( __('Update of table %s failed: unable to change %s to %s', 'all-in-one-wp-security-and-firewall'),$table_new_prefix.'options', $table_old_prefix.'user_roles', $table_new_prefix.'user_roles').'</p>';
480
- $aio_wp_security->debug_logger->log_debug("DB Security Feature - Error when updating the options table",4);//Log the highly unlikely event of DB error
481
- } else
482
- {
483
- echo '<p class="aio_success_with_icon">'.sprintf( __('The options table records which had references to the old DB prefix were updated successfully!', 'all-in-one-wp-security-and-firewall')).'</p>';
484
- }
485
-
486
- //Now let's update the options tables for the multisite subsites if applicable
487
- if (AIOWPSecurity_Utility::is_multisite_install()) {
488
- if(!empty($blog_ids)){
489
- foreach ($blog_ids as $blog_id) {
490
- if ($blog_id == 1){continue;} //skip main site
491
- $new_pref_and_site_id = $table_new_prefix.$blog_id.'_';
492
- $old_pref_and_site_id = $table_old_prefix.$blog_id.'_';
493
- $update_ms_option_table_query = $wpdb->prepare("UPDATE " . $new_pref_and_site_id . "options
494
- SET option_name = '".$new_pref_and_site_id."user_roles'
495
- WHERE option_name = %s LIMIT 1", $old_pref_and_site_id."user_roles");
496
- if ( false === $wpdb->query($update_ms_option_table_query) )
497
- {
498
- echo '<p class="aio_error_with_icon">'.sprintf( __('Update of table %s failed: unable to change %s to %s', 'all-in-one-wp-security-and-firewall'),$new_pref_and_site_id.'options', $old_pref_and_site_id.'user_roles', $new_pref_and_site_id.'user_roles').'</p>';
499
- $aio_wp_security->debug_logger->log_debug("DB change prefix feature - Error when updating the subsite options table: ".$new_pref_and_site_id.'options',4);//Log the highly unlikely event of DB error
500
- } else
501
- {
502
- echo '<p class="aio_success_with_icon">'.sprintf( __('The %s table records which had references to the old DB prefix were updated successfully!', 'all-in-one-wp-security-and-firewall'),$new_pref_and_site_id.'options').'</p>';
503
- }
504
- }
505
-
506
- }
507
- }
508
-
509
- //Now let's update the user meta table
510
- $custom_sql = "SELECT user_id, meta_key
511
- FROM " . $table_new_prefix . "usermeta
512
- WHERE meta_key
513
- LIKE '" . $table_old_prefix . "%'";
514
-
515
- $meta_keys = $wpdb->get_results( $custom_sql );
516
-
517
- $error_update_usermeta = '';
518
-
519
- //Update all meta_key field values which have the old table prefix in user_meta table
520
- foreach ($meta_keys as $meta_key ) {
521
- //Create new meta key
522
- $new_meta_key = $table_new_prefix . substr( $meta_key->meta_key, $old_prefix_length );
523
-
524
- $update_user_meta_sql = $wpdb->prepare("UPDATE " . $table_new_prefix . "usermeta
525
- SET meta_key='" . $new_meta_key . "'
526
- WHERE meta_key=%s AND user_id=%s", $meta_key->meta_key, $meta_key->user_id);
527
-
528
- if (false === $wpdb->query($update_user_meta_sql))
529
- {
530
- $error_update_usermeta .= '<p class="aio_error_with_icon">'.sprintf( __('Error updating user_meta table where new meta_key = %s, old meta_key = %s and user_id = %s.', 'all-in-one-wp-security-and-firewall'),$new_meta_key,$meta_key->meta_key,$meta_key->user_id).'</p>';
531
- echo $error_update_usermeta;
532
- $aio_wp_security->debug_logger->log_debug("DB Security Feature - Error updating user_meta table where new meta_key = ".$new_meta_key." old meta_key = ".$meta_key->meta_key." and user_id = ".$meta_key->user_id,4);//Log the highly unlikely event of DB error
533
- }
534
- }
535
- echo '<p class="aio_success_with_icon">'.__('The usermeta table records which had references to the old DB prefix were updated successfully!', 'all-in-one-wp-security-and-firewall').'</p>';
536
- //Display tasks finished message
537
- $tasks_finished_msg_string = '<p class="aio_info_with_icon">'. __('DB prefix change tasks have been completed.', 'all-in-one-wp-security-and-firewall').'</p>';
538
- echo ($tasks_finished_msg_string);
539
- }
540
-
541
- /**
542
- * This is an alternative to the deprecated "mysql_list_tables"
543
- * Returns an array of table names
544
- */
545
- function get_mysql_tables($database='')
546
- {
547
- global $aio_wp_security;
548
- $tables = array();
549
- $list_tables_sql = "SHOW TABLES FROM `{$database}`;";
550
- $mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
551
-
552
- if ($mysqli->connect_errno) {
553
- $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_Database_Menu->get_mysql_tables() - DB connection error.",4);
554
- return false;
555
- }
556
-
557
- if ($result = $mysqli->query($list_tables_sql, MYSQLI_USE_RESULT)) {
558
- //Alternative way to get the tables
559
- while ($row = $result->fetch_assoc()) {
560
- foreach( $row AS $value ) {
561
- $tables[] = $value;
562
- }
563
- }
564
- $result->close();
565
- }
566
- $mysqli->close();
567
- return $tables;
568
- }
569
-
570
- /**
571
- * Will modify existing table view definitions to reflect the new DB prefix change
572
- *
573
- * @param type $old_prefix
574
- * @param type $new_prefix
575
- */
576
- function alter_table_views($old_db_prefix, $new_db_prefix)
577
- {
578
- global $wpdb;
579
- $table_count = 0;
580
- $db_name = $wpdb->dbname;
581
- $info_msg_string = '<p class="aio_info_with_icon">'.__('Checking for MySQL tables of type "view".....', 'all-in-one-wp-security-and-firewall').'</p>';
582
- echo ($info_msg_string);
583
-
584
- //get tables which are views
585
- $query = "SELECT * FROM INFORMATION_SCHEMA.VIEWS WHERE TABLE_SCHEMA LIKE '".$db_name."'";
586
- $res = $wpdb->get_results($query);
587
- if(empty($res)) return;
588
- $view_count = 0;
589
- foreach ($res as $item){
590
- $old_def = $item->VIEW_DEFINITION;
591
- $new_def = str_replace($old_db_prefix, $new_db_prefix, $old_def);
592
- $new_def_no_bt = str_replace("`", "", $new_def); //remove any backticks because these will cause the "ALTER" command used later to fail
593
-
594
- $view_name = $item->TABLE_NAME;
595
- $chg_view_sql = "ALTER VIEW $view_name AS $new_def_no_bt"; //Note: cannot use $wpdb->prepare because it adds single quotes which cause the ALTER query to fail
596
- $view_res = $wpdb->query($chg_view_sql);
597
- if($view_res === false){
598
- echo '<p class="aio_error_with_icon">'.sprintf( __('Update of the following MySQL view definition failed: %s', 'all-in-one-wp-security-and-firewall'),$old_def).'</p>';
599
- $aio_wp_security->debug_logger->log_debug("Update of the following MySQL view definition failed: ".$old_def,4);//Log the highly unlikely event of DB error
600
- }else{
601
- $view_count++;
602
- }
603
- }
604
- if($view_count > 0){
605
- echo '<p class="aio_success_with_icon">'.sprintf( __('%s view definitions were updated successfully!', 'all-in-one-wp-security-and-firewall'), '<strong>'.$view_count.'</strong>').'</p>';
606
- }
607
-
608
- return;
609
- }
610
-
611
  } //end class
1
+ <?php
2
+ if(!defined('ABSPATH')){
3
+ exit;//Exit if accessed directly
4
+ }
5
+
6
+ class AIOWPSecurity_Database_Menu extends AIOWPSecurity_Admin_Menu
7
+ {
8
+ var $menu_page_slug = AIOWPSEC_DB_SEC_MENU_SLUG;
9
+
10
+ /* Specify all the tabs of this menu in the following array */
11
+ var $menu_tabs;
12
+
13
+ var $menu_tabs_handler = array(
14
+ 'tab1' => 'render_tab1',
15
+ 'tab2' => 'render_tab2',
16
+ );
17
+
18
+ function __construct()
19
+ {
20
+ $this->render_menu_page();
21
+ }
22
+
23
+ function set_menu_tabs()
24
+ {
25
+ if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1){
26
+ //Suppress the DB prefix change tab if site is a multi site AND not the main site
27
+ $this->menu_tabs = array(
28
+ //'tab1' => __('DB Prefix', 'all-in-one-wp-security-and-firewall'),
29
+ 'tab2' => __('DB Backup', 'all-in-one-wp-security-and-firewall'),
30
+ );
31
+ }else{
32
+ $this->menu_tabs = array(
33
+ 'tab1' => __('DB Prefix', 'all-in-one-wp-security-and-firewall'),
34
+ 'tab2' => __('DB Backup', 'all-in-one-wp-security-and-firewall'),
35
+ );
36
+ }
37
+
38
+ }
39
+
40
+ function get_current_tab()
41
+ {
42
+ $tab_keys = array_keys($this->menu_tabs);
43
+ $tab = isset( $_GET['tab'] ) ? sanitize_text_field($_GET['tab']) : $tab_keys[0];
44
+ return $tab;
45
+ }
46
+
47
+ /*
48
+ * Renders our tabs of this menu as nav items
49
+ */
50
+ function render_menu_tabs()
51
+ {
52
+ $current_tab = $this->get_current_tab();
53
+
54
+ echo '<h2 class="nav-tab-wrapper">';
55
+ foreach ( $this->menu_tabs as $tab_key => $tab_caption )
56
+ {
57
+ $active = $current_tab == $tab_key ? 'nav-tab-active' : '';
58
+ echo '<a class="nav-tab ' . $active . '" href="?page=' . $this->menu_page_slug . '&tab=' . $tab_key . '">' . $tab_caption . '</a>';
59
+ }
60
+ echo '</h2>';
61
+ }
62
+
63
+ /*
64
+ * The menu rendering goes here
65
+ */
66
+ function render_menu_page()
67
+ {
68
+ echo '<div class="wrap">';
69
+ echo '<h2>'.__('Database Security','all-in-one-wp-security-and-firewall').'</h2>';//Interface title
70
+ $this->set_menu_tabs();
71
+ $tab = $this->get_current_tab();
72
+ $this->render_menu_tabs();
73
+ ?>
74
+ <div id="poststuff"><div id="post-body">
75
+ <?php
76
+ //$tab_keys = array_keys($this->menu_tabs);
77
+ call_user_func(array($this, $this->menu_tabs_handler[$tab]));
78
+ ?>
79
+ </div></div>
80
+ </div><!-- end of wrap -->
81
+ <?php
82
+ }
83
+
84
+ function render_tab1()
85
+ {
86
+ global $wpdb, $aio_wp_security;
87
+ $old_db_prefix = $wpdb->prefix;
88
+ $new_db_prefix = '';
89
+ $perform_db_change = false;
90
+
91
+ if (isset($_POST['aiowps_db_prefix_change']))//Do form submission tasks
92
+ {
93
+ $nonce=$_REQUEST['_wpnonce'];
94
+ if (!wp_verify_nonce($nonce, 'aiowpsec-db-prefix-change-nonce'))
95
+ {
96
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed for DB prefix change operation!",4);
97
+ die(__('Nonce check failed for DB prefix change operation!','all-in-one-wp-security-and-firewall'));
98
+ }
99
+
100
+ //Let's first check if user's system allows writing to wp-config.php file. If plugin cannot write to wp-config we will not do the prefix change.
101
+ $config_file = AIOWPSecurity_Utility_File::get_wp_config_file_path();
102
+ $file_write = AIOWPSecurity_Utility_File::is_file_writable($config_file);
103
+ if (!$file_write)
104
+ {
105
+ $this->show_msg_error(__('The plugin has detected that it cannot write to the wp-config.php file. This feature can only be used if the plugin can successfully write to the wp-config.php file.', 'all-in-one-wp-security-and-firewall'));
106
+ }
107
+ else
108
+ {
109
+ if( isset($_POST['aiowps_enable_random_prefix']))
110
+ {//User has elected to generate a random DB prefix
111
+ $string = AIOWPSecurity_Utility::generate_alpha_random_string('5');
112
+ $new_db_prefix = $string . '_';
113
+ $perform_db_change = true;
114
+ }else
115
+ {
116
+ if (empty($_POST['aiowps_new_manual_db_prefix']))
117
+ {
118
+ $this->show_msg_error(__('Please enter a value for the DB prefix.', 'all-in-one-wp-security-and-firewall'));
119
+ }
120
+ else
121
+ {
122
+ //User has chosen their own DB prefix value
123
+ $new_db_prefix = wp_strip_all_tags( trim( $_POST['aiowps_new_manual_db_prefix'] ) );
124
+ $error = $wpdb->set_prefix( $new_db_prefix ); //validate the user chosen prefix
125
+ if(is_wp_error($error))
126
+ {
127
+ wp_die( __('<strong>ERROR</strong>: The table prefix can only contain numbers, letters, and underscores.', 'all-in-one-wp-security-and-firewall') );
128
+ }
129
+ $wpdb->set_prefix( $old_db_prefix );
130
+ $perform_db_change = true;
131
+ }
132
+ }
133
+ }
134
+ }
135
+ ?>
136
+ <h2><?php _e('Change Database Prefix', 'all-in-one-wp-security-and-firewall')?></h2>
137
+ <div class="aio_blue_box">
138
+ <?php
139
+ echo '<p>'.__('Your WordPress DB is the most important asset of your website because it contains a lot of your site\'s precious information.', 'all-in-one-wp-security-and-firewall').'
140
+ <br />'.__('The DB is also a target for hackers via methods such as SQL injections and malicious and automated code which targets certain tables.', 'all-in-one-wp-security-and-firewall').'
141
+ <br />'.__('One way to add a layer of protection for your DB is to change the default WordPress table prefix from "wp_" to something else which will be difficult for hackers to guess.', 'all-in-one-wp-security-and-firewall').'
142
+ <br />'.__('This feature allows you to easily change the prefix to a value of your choice or to a random value set by this plugin.', 'all-in-one-wp-security-and-firewall').'
143
+ </p>';
144
+ ?>
145
+ </div>
146
+
147
+ <div class="postbox">
148
+ <h3 class="hndle"><label for="title"><?php _e('DB Prefix Options', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
149
+ <div class="inside">
150
+ <?php
151
+ //Display security info badge
152
+ global $aiowps_feature_mgr;
153
+ $aiowps_feature_mgr->output_feature_details_badge("db-security-db-prefix");
154
+ ?>
155
+
156
+ <div class="aio_red_box">
157
+ <?php
158
+ $backup_tab_link = '<a href="admin.php?page='.AIOWPSEC_DB_SEC_MENU_SLUG.'&tab=tab2">DB Backup</a>';
159
+ $info_msg = '<p><strong>'.sprintf( __('It is recommended that you perform a %s before using this feature', 'all-in-one-wp-security-and-firewall'), $backup_tab_link).'</strong></p>';
160
+ echo $info_msg;
161
+ ?>
162
+ </div>
163
+
164
+ <form action="" method="POST">
165
+ <?php wp_nonce_field('aiowpsec-db-prefix-change-nonce'); ?>
166
+ <table class="form-table">
167
+ <tr valign="top">
168
+ <th scope="row"><?php _e('Current DB Table Prefix', 'all-in-one-wp-security-and-firewall')?>:</th>
169
+ <td>
170
+ <span class="aiowpsec_field_value"><strong><?php echo $wpdb->prefix; ?></strong></span>
171
+ <?php
172
+ //now let's display a warning notification if default prefix is used
173
+ if ($old_db_prefix == 'wp_') {
174
+ echo '&nbsp;&nbsp;&nbsp;<span class="aio_error_with_icon">'.__('Your site is currently using the default WordPress DB prefix value of "wp_".
175
+ To increase your site\'s security you should consider changing the DB prefix value to another value.', 'all-in-one-wp-security-and-firewall').'</span>';
176
+ }
177
+ ?>
178
+ </td>
179
+ </tr>
180
+ <tr valign="top">
181
+ <th scope="row"><?php _e('Generate New DB Table Prefix', 'all-in-one-wp-security-and-firewall')?>:</th>
182
+ <td>
183
+ <input name="aiowps_enable_random_prefix" type="checkbox" <?php if($aio_wp_security->configs->get_value('aiowps_enable_random_prefix')=='1') echo ' checked="checked"'; ?> value="1"/>
184
+ <span class="description"><?php _e('Check this if you want the plugin to generate a random 6 character string for the table prefix', 'all-in-one-wp-security-and-firewall'); ?></span>
185
+ <br /><?php _e('OR', 'all-in-one-wp-security-and-firewall'); ?>
186
+ <br /><input type="text" size="10" name="aiowps_new_manual_db_prefix" value="<?php //echo $aio_wp_security->configs->get_value('aiowps_new_manual_db_prefix'); ?>" />
187
+ <span class="description"><?php _e('Choose your own DB prefix by specifying a string which contains letters and/or numbers and/or underscores. Example: xyz_', 'all-in-one-wp-security-and-firewall'); ?></span>
188
+ </td>
189
+ </tr>
190
+ </table>
191
+ <input type="submit" name="aiowps_db_prefix_change" value="<?php _e('Change DB Prefix', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
192
+ </form>
193
+ </div></div>
194
+ <?php
195
+ if ($perform_db_change)
196
+ {
197
+ //Do the DB prefix change operations
198
+ $this->change_db_prefix($old_db_prefix,$new_db_prefix);
199
+ }
200
+ }
201
+
202
+ function render_tab2()
203
+ {
204
+ global $aio_wp_security;
205
+ global $aiowps_feature_mgr;
206
+ if (isset($_POST['aiowps_manual_db_backup']))
207
+ {
208
+ $nonce=$_REQUEST['_wpnonce'];
209
+ if (!wp_verify_nonce($nonce, 'aiowpsec-db-manual-change-nonce'))
210
+ {
211
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed for manual DB backup operation!",4);
212
+ die(__('Nonce check failed for manual DB backup operation!','all-in-one-wp-security-and-firewall'));
213
+ }
214
+
215
+ $result = $aio_wp_security->backup_obj->execute_backup();
216
+ if ($result)
217
+ {
218
+ $backup_file_name = $aio_wp_security->backup_obj->last_backup_file_name;
219
+ if (function_exists('is_multisite') && is_multisite())
220
+ {
221
+ $aiowps_backup_file_path = $aio_wp_security->backup_obj->last_backup_file_dir_multisite . '/' . $backup_file_name;
222
+ }
223
+ else
224
+ {
225
+ $aiowps_backup_dir = WP_CONTENT_DIR.'/'.AIO_WP_SECURITY_BACKUPS_DIR_NAME;
226
+ $aiowps_backup_file_path = $aiowps_backup_dir. '/' . $backup_file_name;
227
+ }
228
+ echo '<div id="message" class="updated fade"><p>';
229
+ _e('DB Backup was successfully completed! You will receive the backup file via email if you have enabled "Send Backup File Via Email", otherwise you can retrieve it via FTP from the following directory:','all-in-one-wp-security-and-firewall');
230
+ echo '</p><p>';
231
+ _e('Your DB Backup File location: ');
232
+ echo '<strong>'.$aiowps_backup_file_path.'</strong>';
233
+ echo '</p></div>';
234
+ }
235
+ else
236
+ {
237
+ $aio_wp_security->debug_logger->log_debug("DB Backup - Backup operation failed!",4);
238
+ $this->show_msg_error(__('DB Backup failed. Please check the permissions of the backup directory.','all-in-one-wp-security-and-firewall'));
239
+ }
240
+ }
241
+
242
+ if(isset($_POST['aiowps_schedule_backups']))//Do form submission tasks
243
+ {
244
+ $error = '';
245
+ $nonce=$_REQUEST['_wpnonce'];
246
+ if (!wp_verify_nonce($nonce, 'aiowpsec-scheduled-backup-nonce'))
247
+ {
248
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed on scheduled DB backup options save!",4);
249
+ die("Nonce check failed on scheduled DB backup options save!");
250
+ }
251
+
252
+ $backup_frequency = sanitize_text_field($_POST['aiowps_db_backup_frequency']);
253
+ if(!is_numeric($backup_frequency))
254
+ {
255
+ $error .= '<br />'.__('You entered a non numeric value for the "backup time interval" field. It has been set to the default value.','all-in-one-wp-security-and-firewall');
256
+ $backup_frequency = '4';//Set it to the default value for this field
257
+ }
258
+
259
+ $files_to_keep = sanitize_text_field($_POST['aiowps_backup_files_stored']);
260
+ if(!is_numeric($files_to_keep))
261
+ {
262
+ $error .= '<br />'.__('You entered a non numeric value for the "number of backup files to keep" field. It has been set to the default value.','all-in-one-wp-security-and-firewall');
263
+ $files_to_keep = '2';//Set it to the default value for this field
264
+ }
265
+
266
+ $email_address = sanitize_email($_POST['aiowps_backup_email_address']);
267
+ if(!is_email($email_address))
268
+ {
269
+ $error .= '<br />'.__('You have entered an incorrect email address format. It has been set to your WordPress admin email as default.','all-in-one-wp-security-and-firewall');
270
+ $email_address = get_bloginfo('admin_email'); //Set the default value to the blog admin email
271
+ }
272
+
273
+ if($error)
274
+ {
275
+ $this->show_msg_error(__('Attention!','all-in-one-wp-security-and-firewall').$error);
276
+ }
277
+
278
+ //Save all the form values to the options
279
+ $aio_wp_security->configs->set_value('aiowps_enable_automated_backups',isset($_POST["aiowps_enable_automated_backups"])?'1':'');
280
+ $aio_wp_security->configs->set_value('aiowps_db_backup_frequency',absint($backup_frequency));
281
+ $aio_wp_security->configs->set_value('aiowps_db_backup_interval',$_POST["aiowps_db_backup_interval"]);
282
+ $aio_wp_security->configs->set_value('aiowps_backup_files_stored',absint($files_to_keep));
283
+ $aio_wp_security->configs->set_value('aiowps_send_backup_email_address',isset($_POST["aiowps_send_backup_email_address"])?'1':'');
284
+ $aio_wp_security->configs->set_value('aiowps_backup_email_address',$email_address);
285
+ $aio_wp_security->configs->save_config();
286
+
287
+ //Recalculate points after the feature status/options have been altered
288
+ $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
289
+ $this->show_msg_settings_updated();
290
+
291
+ //Let's check if backup interval was set to less than 24 hours
292
+ if (isset($_POST["aiowps_enable_automated_backups"]) && ($backup_frequency < 24) && $_POST["aiowps_db_backup_interval"]==0)
293
+ {
294
+ $alert_user_msg = 'ATTENTION: You have configured your backups to occur at least once daily. For most websites we recommended that you choose a less frequent backup
295
+ schedule such as once every few days, once a week or once a month. Choosing a less frequent schedule will also help reduce your server load.';
296
+ $this->show_msg_updated_st(__($alert_user_msg, 'all-in-one-wp-security-and-firewall'));
297
+ }
298
+ }
299
+
300
+ ?>
301
+ <div class="postbox">
302
+ <h3 class="hndle"><label for="title"><?php _e('Manual Backup', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
303
+ <div class="inside">
304
+ <form action="" method="POST">
305
+ <?php wp_nonce_field('aiowpsec-db-manual-change-nonce'); ?>
306
+ <p>
307
+ <span class="description"><?php _e('To create a new DB backup just click on the button below.', 'all-in-one-wp-security-and-firewall'); ?></span>
308
+ </p>
309
+ <input type="submit" name="aiowps_manual_db_backup" value="<?php _e('Create DB Backup Now', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
310
+ </form>
311
+ </div></div>
312
+ <div class="postbox">
313
+ <h3 class="hndle"><label for="title"><?php _e('Automated Scheduled Backups', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
314
+ <div class="inside">
315
+ <?php
316
+ //Display security info badge
317
+ global $aiowps_feature_mgr;
318
+ $aiowps_feature_mgr->output_feature_details_badge("db-security-db-backup");
319
+ ?>
320
+
321
+ <form action="" method="POST">
322
+ <?php wp_nonce_field('aiowpsec-scheduled-backup-nonce'); ?>
323
+ <table class="form-table">
324
+ <tr valign="top">
325
+ <th scope="row"><?php _e('Enable Automated Scheduled Backups', 'all-in-one-wp-security-and-firewall')?>:</th>
326
+ <td>
327
+ <input name="aiowps_enable_automated_backups" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_automated_backups')=='1') echo ' checked="checked"'; ?> value="1"/>
328
+ <span class="description"><?php _e('Check this if you want the system to automatically generate backups periodically based on the settings below', 'all-in-one-wp-security-and-firewall'); ?></span>
329
+ </td>
330
+ </tr>
331
+ <tr valign="top">
332
+ <th scope="row"><?php _e('Backup Time Interval', 'all-in-one-wp-security-and-firewall')?>:</th>
333
+ <td><input type="text" size="5" name="aiowps_db_backup_frequency" value="<?php echo $aio_wp_security->configs->get_value('aiowps_db_backup_frequency'); ?>" />
334
+ <select id="backup_interval" name="aiowps_db_backup_interval">
335
+ <option value="0" <?php selected( $aio_wp_security->configs->get_value('aiowps_db_backup_interval'), '0' ); ?>><?php _e( 'Hours', 'all-in-one-wp-security-and-firewall' ); ?></option>
336
+ <option value="1" <?php selected( $aio_wp_security->configs->get_value('aiowps_db_backup_interval'), '1' ); ?>><?php _e( 'Days', 'all-in-one-wp-security-and-firewall' ); ?></option>
337
+ <option value="2" <?php selected( $aio_wp_security->configs->get_value('aiowps_db_backup_interval'), '2' ); ?>><?php _e( 'Weeks', 'all-in-one-wp-security-and-firewall' ); ?></option>
338
+ </select>
339
+ <span class="description"><?php _e('Set the value for how often you would like an automated backup to occur', 'all-in-one-wp-security-and-firewall'); ?></span>
340
+ </td>
341
+ </tr>
342
+ <tr valign="top">
343
+ <th scope="row"><?php _e('Number of Backup Files To Keep', 'all-in-one-wp-security-and-firewall')?>:</th>
344
+ <td><input type="text" size="5" name="aiowps_backup_files_stored" value="<?php echo $aio_wp_security->configs->get_value('aiowps_backup_files_stored'); ?>" />
345
+ <span class="description"><?php _e('Thie field allows you to choose the number of backup files you would like to keep in the backup directory', 'all-in-one-wp-security-and-firewall'); ?></span>
346
+ </td>
347
+ </tr>
348
+ <tr valign="top">
349
+ <th scope="row"><?php _e('Send Backup File Via Email', 'all-in-one-wp-security-and-firewall')?>:</th>
350
+ <td>
351
+ <input name="aiowps_send_backup_email_address" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_send_backup_email_address')=='1') echo ' checked="checked"'; ?> value="1"/>
352
+ <span class="description"><?php _e('Check this if you want the system to email you the backup file after a DB backup has been performed', 'all-in-one-wp-security-and-firewall'); ?></span>
353
+ <br /><input type="text" size="30" name="aiowps_backup_email_address" value="<?php echo $aio_wp_security->configs->get_value('aiowps_backup_email_address'); ?>" />
354
+ <span class="description"><?php _e('Enter an email address', 'all-in-one-wp-security-and-firewall'); ?></span>
355
+ </td>
356
+ </tr>
357
+ </table>
358
+ <input type="submit" name="aiowps_schedule_backups" value="<?php _e('Save Settings', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
359
+ </form>
360
+ </div></div>
361
+
362
+ <?php
363
+ }
364
+
365
+ /*
366
+ * Changes the DB prefix
367
+ */
368
+ function change_db_prefix($table_old_prefix, $table_new_prefix)
369
+ {
370
+ global $wpdb, $aio_wp_security;
371
+ $old_prefix_length = strlen( $table_old_prefix );
372
+ $error = 0;
373
+
374
+ //Config file path
375
+ $config_file = AIOWPSecurity_Utility_File::get_wp_config_file_path();
376
+
377
+ //Get the table resource
378
+ //$result = mysql_list_tables(DB_NAME);
379
+ $result = $this->get_mysql_tables(DB_NAME); //Fix for deprecated php mysql_list_tables function
380
+
381
+ //Count the number of tables
382
+ if (is_array($result) && count($result) > 0){
383
+ $num_rows = count($result);
384
+ }else{
385
+ echo '<div class="aio_red_box"><p>'.__('Error - Could not get tables or no tables found!', 'all-in-one-wp-security-and-firewall').'</p></div>';
386
+ return;
387
+ }
388
+ $table_count = 0;
389
+ $info_msg_string = '<p class="aio_info_with_icon">'.__('Starting DB prefix change operations.....', 'all-in-one-wp-security-and-firewall').'</p>';
390
+
391
+ $info_msg_string .= '<p class="aio_info_with_icon">'.sprintf( __('Your WordPress system has a total of %s tables and your new DB prefix will be: %s', 'all-in-one-wp-security-and-firewall'), '<strong>'.$num_rows.'</strong>', '<strong>'.$table_new_prefix.'</strong>').'</p>';
392
+ echo ($info_msg_string);
393
+
394
+ //Do a back of the config file
395
+ if(!AIOWPSecurity_Utility_File::backup_and_rename_wp_config($config_file))
396
+ {
397
+ echo '<div class="aio_red_box"><p>'.__('Failed to make a backup of the wp-config.php file. This operation will not go ahead.', 'all-in-one-wp-security-and-firewall').'</p></div>';
398
+ return;
399
+ }
400
+ else{
401
+ echo '<p class="aio_success_with_icon">'.__('A backup copy of your wp-config.php file was created successfully!', 'all-in-one-wp-security-and-firewall').'</p>';
402
+ }
403
+
404
+ //Get multisite blog_ids if applicable
405
+ if (AIOWPSecurity_Utility::is_multisite_install()) {
406
+ $blog_ids = AIOWPSecurity_Utility::get_blog_ids();
407
+ }
408
+
409
+ //Rename all the table names
410
+ foreach ($result as $db_table)
411
+ {
412
+ //Get table name with old prefix
413
+ $table_old_name = $db_table;
414
+
415
+ if ( strpos( $table_old_name, $table_old_prefix ) === 0 )
416
+ {
417
+ //Get table name with new prefix
418
+ $table_new_name = $table_new_prefix . substr( $table_old_name, $old_prefix_length );
419
+
420
+ //Write query to rename tables name
421
+ $sql = "RENAME TABLE `".$table_old_name."` TO `".$table_new_name."`";
422
+ //$sql = "RENAME TABLE %s TO %s";
423
+
424
+ //Execute the query
425
+ if ( false === $wpdb->query($sql) )
426
+ {
427
+ $error = 1;
428
+ echo '<p class="aio_error_with_icon">'.sprintf( __('%s table name update failed', 'all-in-one-wp-security-and-firewall'), '<strong>'.$table_old_name.'</strong>').'</p>';
429
+ $aio_wp_security->debug_logger->log_debug("DB Security Feature - Unable to change prefix of table ".$table_old_name,4);
430
+ } else {
431
+ $table_count++;
432
+ }
433
+ } else
434
+ {
435
+ continue;
436
+ }
437
+ }
438
+ if ( $error == 1 )
439
+ {
440
+ echo '<p class="aio_error_with_icon">'.sprintf( __('Please change the prefix manually for the above tables to: %s', 'all-in-one-wp-security-and-firewall'), '<strong>'.$table_new_prefix.'</strong>').'</p>';
441
+ } else
442
+ {
443
+ echo '<p class="aio_success_with_icon">'.sprintf( __('%s tables had their prefix updated successfully!', 'all-in-one-wp-security-and-firewall'), '<strong>'.$table_count.'</strong>').'</p>';
444
+ }
445
+
446
+ //Let's check for mysql tables of type "view"
447
+ $this->alter_table_views($table_old_prefix, $table_new_prefix);
448
+
449
+ //Get wp-config.php file contents and modify it with new info
450
+ $config_contents = file($config_file);
451
+ $prefix_match_string = '$table_prefix='; //this is our search string for the wp-config.php file
452
+ foreach ($config_contents as $line_num => $line) {
453
+ $no_ws_line = preg_replace( '/\s+/', '', $line ); //Strip white spaces
454
+ if(strpos($no_ws_line, $prefix_match_string) !== FALSE){
455
+ $prefix_parts = explode("=",$config_contents[$line_num]);
456
+ $prefix_parts[1] = str_replace($table_old_prefix, $table_new_prefix, $prefix_parts[1]);
457
+ $config_contents[$line_num] = implode("=",$prefix_parts);
458
+ break;
459
+ }
460
+ }
461
+ //Now let's modify the wp-config.php file
462
+ if (AIOWPSecurity_Utility_File::write_content_to_file($config_file, $config_contents))
463
+ {
464
+ echo '<p class="aio_success_with_icon">'. __('wp-config.php file was updated successfully!', 'all-in-one-wp-security-and-firewall').'</p>';
465
+ }else
466
+ {
467
+ echo '<p class="aio_error_with_icon">'.sprintf( __('The "wp-config.php" file was not able to be modified. Please modify this file manually using your favourite editor and search
468
+ for variable "$table_prefix" and assign the following value to that variable: %s', 'all-in-one-wp-security-and-firewall'), '<strong>'.$table_new_prefix.'</strong>').'</p>';
469
+ $aio_wp_security->debug_logger->log_debug("DB Security Feature - Unable to modify wp-config.php",4);
470
+ }
471
+
472
+ //Now let's update the options table
473
+ $update_option_table_query = $wpdb->prepare("UPDATE " . $table_new_prefix . "options
474
+ SET option_name = '".$table_new_prefix ."user_roles'
475
+ WHERE option_name = %s LIMIT 1", $table_old_prefix."user_roles");
476
+
477
+ if ( false === $wpdb->query($update_option_table_query) )
478
+ {
479
+ echo '<p class="aio_error_with_icon">'.sprintf( __('Update of table %s failed: unable to change %s to %s', 'all-in-one-wp-security-and-firewall'),$table_new_prefix.'options', $table_old_prefix.'user_roles', $table_new_prefix.'user_roles').'</p>';
480
+ $aio_wp_security->debug_logger->log_debug("DB Security Feature - Error when updating the options table",4);//Log the highly unlikely event of DB error
481
+ } else
482
+ {
483
+ echo '<p class="aio_success_with_icon">'.sprintf( __('The options table records which had references to the old DB prefix were updated successfully!', 'all-in-one-wp-security-and-firewall')).'</p>';
484
+ }
485
+
486
+ //Now let's update the options tables for the multisite subsites if applicable
487
+ if (AIOWPSecurity_Utility::is_multisite_install()) {
488
+ if(!empty($blog_ids)){
489
+ foreach ($blog_ids as $blog_id) {
490
+ if ($blog_id == 1){continue;} //skip main site
491
+ $new_pref_and_site_id = $table_new_prefix.$blog_id.'_';
492
+ $old_pref_and_site_id = $table_old_prefix.$blog_id.'_';
493
+ $update_ms_option_table_query = $wpdb->prepare("UPDATE " . $new_pref_and_site_id . "options
494
+ SET option_name = '".$new_pref_and_site_id."user_roles'
495
+ WHERE option_name = %s LIMIT 1", $old_pref_and_site_id."user_roles");
496
+ if ( false === $wpdb->query($update_ms_option_table_query) )
497
+ {
498
+ echo '<p class="aio_error_with_icon">'.sprintf( __('Update of table %s failed: unable to change %s to %s', 'all-in-one-wp-security-and-firewall'),$new_pref_and_site_id.'options', $old_pref_and_site_id.'user_roles', $new_pref_and_site_id.'user_roles').'</p>';
499
+ $aio_wp_security->debug_logger->log_debug("DB change prefix feature - Error when updating the subsite options table: ".$new_pref_and_site_id.'options',4);//Log the highly unlikely event of DB error
500
+ } else
501
+ {
502
+ echo '<p class="aio_success_with_icon">'.sprintf( __('The %s table records which had references to the old DB prefix were updated successfully!', 'all-in-one-wp-security-and-firewall'),$new_pref_and_site_id.'options').'</p>';
503
+ }
504
+ }
505
+
506
+ }
507
+ }
508
+
509
+ //Now let's update the user meta table
510
+ $custom_sql = "SELECT user_id, meta_key
511
+ FROM " . $table_new_prefix . "usermeta
512
+ WHERE meta_key
513
+ LIKE '" . $table_old_prefix . "%'";
514
+
515
+ $meta_keys = $wpdb->get_results( $custom_sql );
516
+
517
+ $error_update_usermeta = '';
518
+
519
+ //Update all meta_key field values which have the old table prefix in user_meta table
520
+ foreach ($meta_keys as $meta_key ) {
521
+ //Create new meta key
522
+ $new_meta_key = $table_new_prefix . substr( $meta_key->meta_key, $old_prefix_length );
523
+
524
+ $update_user_meta_sql = $wpdb->prepare("UPDATE " . $table_new_prefix . "usermeta
525
+ SET meta_key='" . $new_meta_key . "'
526
+ WHERE meta_key=%s AND user_id=%s", $meta_key->meta_key, $meta_key->user_id);
527
+
528
+ if (false === $wpdb->query($update_user_meta_sql))
529
+ {
530
+ $error_update_usermeta .= '<p class="aio_error_with_icon">'.sprintf( __('Error updating user_meta table where new meta_key = %s, old meta_key = %s and user_id = %s.', 'all-in-one-wp-security-and-firewall'),$new_meta_key,$meta_key->meta_key,$meta_key->user_id).'</p>';
531
+ echo $error_update_usermeta;
532
+ $aio_wp_security->debug_logger->log_debug("DB Security Feature - Error updating user_meta table where new meta_key = ".$new_meta_key." old meta_key = ".$meta_key->meta_key." and user_id = ".$meta_key->user_id,4);//Log the highly unlikely event of DB error
533
+ }
534
+ }
535
+ echo '<p class="aio_success_with_icon">'.__('The usermeta table records which had references to the old DB prefix were updated successfully!', 'all-in-one-wp-security-and-firewall').'</p>';
536
+ //Display tasks finished message
537
+ $tasks_finished_msg_string = '<p class="aio_info_with_icon">'. __('DB prefix change tasks have been completed.', 'all-in-one-wp-security-and-firewall').'</p>';
538
+ echo ($tasks_finished_msg_string);
539
+ }
540
+
541
+ /**
542
+ * This is an alternative to the deprecated "mysql_list_tables"
543
+ * Returns an array of table names
544
+ */
545
+ function get_mysql_tables($database='')
546
+ {
547
+ global $aio_wp_security;
548
+ $tables = array();
549
+ $list_tables_sql = "SHOW TABLES FROM `{$database}`;";
550
+ $mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
551
+
552
+ if ($mysqli->connect_errno) {
553
+ $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_Database_Menu->get_mysql_tables() - DB connection error.",4);
554
+ return false;
555
+ }
556
+
557
+ if ($result = $mysqli->query($list_tables_sql, MYSQLI_USE_RESULT)) {
558
+ //Alternative way to get the tables
559
+ while ($row = $result->fetch_assoc()) {
560
+ foreach( $row AS $value ) {
561
+ $tables[] = $value;
562
+ }
563
+ }
564
+ $result->close();
565
+ }
566
+ $mysqli->close();
567
+ return $tables;
568
+ }
569
+
570
+ /**
571
+ * Will modify existing table view definitions to reflect the new DB prefix change
572
+ *
573
+ * @param type $old_prefix
574
+ * @param type $new_prefix
575
+ */
576
+ function alter_table_views($old_db_prefix, $new_db_prefix)
577
+ {
578
+ global $wpdb;
579
+ $table_count = 0;
580
+ $db_name = $wpdb->dbname;
581
+ $info_msg_string = '<p class="aio_info_with_icon">'.__('Checking for MySQL tables of type "view".....', 'all-in-one-wp-security-and-firewall').'</p>';
582
+ echo ($info_msg_string);
583
+
584
+ //get tables which are views
585
+ $query = "SELECT * FROM INFORMATION_SCHEMA.VIEWS WHERE TABLE_SCHEMA LIKE '".$db_name."'";
586
+ $res = $wpdb->get_results($query);
587
+ if(empty($res)) return;
588
+ $view_count = 0;
589
+ foreach ($res as $item){
590
+ $old_def = $item->VIEW_DEFINITION;
591
+ $new_def = str_replace($old_db_prefix, $new_db_prefix, $old_def);
592
+ $new_def_no_bt = str_replace("`", "", $new_def); //remove any backticks because these will cause the "ALTER" command used later to fail
593
+
594
+ $view_name = $item->TABLE_NAME;
595
+ $chg_view_sql = "ALTER VIEW $view_name AS $new_def_no_bt"; //Note: cannot use $wpdb->prepare because it adds single quotes which cause the ALTER query to fail
596
+ $view_res = $wpdb->query($chg_view_sql);
597
+ if($view_res === false){
598
+ echo '<p class="aio_error_with_icon">'.sprintf( __('Update of the following MySQL view definition failed: %s', 'all-in-one-wp-security-and-firewall'),$old_def).'</p>';
599
+ $aio_wp_security->debug_logger->log_debug("Update of the following MySQL view definition failed: ".$old_def,4);//Log the highly unlikely event of DB error
600
+ }else{
601
+ $view_count++;
602
+ }
603
+ }
604
+ if($view_count > 0){
605
+ echo '<p class="aio_success_with_icon">'.sprintf( __('%s view definitions were updated successfully!', 'all-in-one-wp-security-and-firewall'), '<strong>'.$view_count.'</strong>').'</p>';
606
+ }
607
+
608
+ return;
609
+ }
610
+
611
  } //end class
admin/wp-security-filescan-menu.php CHANGED
@@ -1,490 +1,490 @@
1
- <?php
2
- if(!defined('ABSPATH')){
3
- exit;//Exit if accessed directly
4
- }
5
-
6
- class AIOWPSecurity_Filescan_Menu extends AIOWPSecurity_Admin_Menu
7
- {
8
- var $menu_page_slug = AIOWPSEC_FILESCAN_MENU_SLUG;
9
-
10
- /* Specify all the tabs of this menu in the following array */
11
- var $menu_tabs;
12
-
13
- var $menu_tabs_handler = array(
14
- 'tab1' => 'render_tab1',
15
- 'tab2' => 'render_tab2',
16
- );
17
-
18
- function __construct()
19
- {
20
- $this->render_menu_page();
21
- }
22
-
23
- function set_menu_tabs()
24
- {
25
- $this->menu_tabs = array(
26
- 'tab1' => __('File Change Detection','all-in-one-wp-security-and-firewall'),
27
- 'tab2' => __('Malware Scan','all-in-one-wp-security-and-firewall'),
28
- );
29
- }
30
-
31
- function get_current_tab()
32
- {
33
- $tab_keys = array_keys($this->menu_tabs);
34
- $tab = isset( $_GET['tab'] ) ? sanitize_text_field($_GET['tab']) : $tab_keys[0];
35
- return $tab;
36
- }
37
-
38
- /*
39
- * Renders our tabs of this menu as nav items
40
- */
41
- function render_menu_tabs()
42
- {
43
- $current_tab = $this->get_current_tab();
44
-
45
- echo '<h2 class="nav-tab-wrapper">';
46
- foreach ( $this->menu_tabs as $tab_key => $tab_caption )
47
- {
48
- $active = $current_tab == $tab_key ? 'nav-tab-active' : '';
49
- echo '<a class="nav-tab ' . $active . '" href="?page=' . $this->menu_page_slug . '&tab=' . $tab_key . '">' . $tab_caption . '</a>';
50
- }
51
- echo '</h2>';
52
- }
53
-
54
- /*
55
- * The menu rendering goes here
56
- */
57
- function render_menu_page()
58
- {
59
- echo '<div class="wrap">';
60
- echo '<h2>'.__('Scanner','all-in-one-wp-security-and-firewall').'</h2>';//Interface title
61
- $this->set_menu_tabs();
62
- $tab = $this->get_current_tab();
63
- $this->render_menu_tabs();
64
- ?>
65
- <div id="poststuff"><div id="post-body">
66
- <?php
67
- //$tab_keys = array_keys($this->menu_tabs);
68
- call_user_func(array(&$this, $this->menu_tabs_handler[$tab]));
69
- ?>
70
- </div></div>
71
- </div><!-- end of wrap -->
72
- <?php
73
- }
74
-
75
- function render_tab1()
76
- {
77
- global $wpdb, $aio_wp_security;
78
- global $aiowps_feature_mgr;
79
- if (isset($_POST['fcd_scan_info']))
80
- {
81
- //Display scan file change info and clear the global alert variable
82
-
83
- //Clear the global variable
84
- $aio_wp_security->configs->set_value('aiowps_fcds_change_detected', FALSE);
85
- $aio_wp_security->configs->save_config();
86
-
87
- //Display the last scan results
88
- $this->display_last_scan_results();
89
- }
90
-
91
- if (isset($_POST['aiowps_view_last_fcd_results']))
92
- {
93
- //Display the last scan results
94
- if (!$this->display_last_scan_results()){
95
- $this->show_msg_updated(__('There have been no file changes since the last scan.', 'all-in-one-wp-security-and-firewall'));
96
- }
97
- }
98
-
99
- if (isset($_POST['aiowps_manual_fcd_scan']))
100
- {
101
- $nonce=$_REQUEST['_wpnonce'];
102
- if (!wp_verify_nonce($nonce, 'aiowpsec-fcd-manual-scan-nonce'))
103
- {
104
- $aio_wp_security->debug_logger->log_debug("Nonce check failed for manual file change detection scan operation!",4);
105
- die(__('Nonce check failed for manual file change detection scan operation!','all-in-one-wp-security-and-firewall'));
106
- }
107
-
108
- $result = $aio_wp_security->scan_obj->execute_file_change_detection_scan();
109
- if ($result === false) {
110
- // error case
111
- $this->show_msg_error(__('There was an error during the file change detection scan. Please check the aiowps logs.','all-in-one-wp-security-and-firewall'));
112
- }
113
-
114
- //If this is first scan display special message
115
- if ($result['initial_scan'] == 1)
116
- {
117
- $this->show_msg_updated(__('The plugin has detected that this is your first file change detection scan. The file details from this scan will be used to detect file changes for future scans.','all-in-one-wp-security-and-firewall'));
118
- }else if(!$aio_wp_security->configs->get_value('aiowps_fcds_change_detected')){
119
- $this->show_msg_updated(__('Scan Complete - There were no file changes detected!', 'all-in-one-wp-security-and-firewall'));
120
- }
121
- }
122
-
123
- if(isset($_POST['aiowps_schedule_fcd_scan']))//Do form submission tasks
124
- {
125
- $error = '';
126
- $reset_scan_data = FALSE;
127
- $file_types = '';
128
- $files = '';
129
-
130
- $nonce=$_REQUEST['_wpnonce'];
131
- if (!wp_verify_nonce($nonce, 'aiowpsec-scheduled-fcd-scan-nonce'))
132
- {
133
- $aio_wp_security->debug_logger->log_debug("Nonce check failed for file change detection scan options save!",4);
134
- die("Nonce check failed for file change detection scan options save!");
135
- }
136
-
137
- $fcd_scan_frequency = sanitize_text_field($_POST['aiowps_fcd_scan_frequency']);
138
- if(!is_numeric($fcd_scan_frequency))
139
- {
140
- $error .= '<br />'.__('You entered a non numeric value for the "backup time interval" field. It has been set to the default value.','all-in-one-wp-security-and-firewall');
141
- $fcd_scan_frequency = '4';//Set it to the default value for this field
142
- }
143
-
144
- if (!empty($_POST['aiowps_fcd_exclude_filetypes']))
145
- {
146
- $file_types = trim($_POST['aiowps_fcd_exclude_filetypes']);
147
- //$file_types_array = preg_split( '/\r\n|\r|\n/', $file_types );
148
-
149
- //Get the currently saved config value and check if this has changed. If so do another scan to reset the scan data so it omits these filetypes
150
- if ($file_types != $aio_wp_security->configs->get_value('aiowps_fcd_exclude_filetypes'))
151
- {
152
- $reset_scan_data = TRUE;
153
- }
154
- }
155
-
156
- if (!empty($_POST['aiowps_fcd_exclude_files']))
157
- {
158
- $files = trim($_POST['aiowps_fcd_exclude_files']);
159
- //Get the currently saved config value and check if this has changed. If so do another scan to reset the scan data so it omits these files/dirs
160
- if ($files != $aio_wp_security->configs->get_value('aiowps_fcd_exclude_files'))
161
- {
162
- $reset_scan_data = TRUE;
163
- }
164
-
165
- }
166
-
167
- // Explode by end-of-line character, then trim and filter empty lines
168
- $email_list_array = array_filter(array_map('trim', explode(PHP_EOL, $_POST['aiowps_fcd_scan_email_address'])), 'strlen');
169
- $errors = array();
170
- foreach($email_list_array as $key=>$value){
171
- $email_sane = sanitize_email($value);
172
- if(!is_email($email_sane))
173
- {
174
- $errors[] = __('The following address was removed because it is not a valid email address: ', 'all-in-one-wp-security-and-firewall')
175
- . htmlspecialchars($value);
176
- unset($email_list_array[$key]);
177
- }
178
- }
179
- $email_address = implode(PHP_EOL, $email_list_array);
180
- if ( !empty($errors) )
181
- {
182
- $this->show_msg_error(__('Attention!','all-in-one-wp-security-and-firewall') . '<br/>' . implode('<br />', $errors));
183
- }
184
-
185
- //Save all the form values to the options
186
- $aio_wp_security->configs->set_value('aiowps_enable_automated_fcd_scan',isset($_POST["aiowps_enable_automated_fcd_scan"])?'1':'');
187
- $aio_wp_security->configs->set_value('aiowps_fcd_scan_frequency',absint($fcd_scan_frequency));
188
- $aio_wp_security->configs->set_value('aiowps_fcd_scan_interval',$_POST["aiowps_fcd_scan_interval"]);
189
- $aio_wp_security->configs->set_value('aiowps_fcd_exclude_filetypes',$file_types);
190
- $aio_wp_security->configs->set_value('aiowps_fcd_exclude_files',$files);
191
- $aio_wp_security->configs->set_value('aiowps_send_fcd_scan_email',isset($_POST["aiowps_send_fcd_scan_email"])?'1':'');
192
- $aio_wp_security->configs->set_value('aiowps_fcd_scan_email_address',$email_address);
193
- $aio_wp_security->configs->save_config();
194
-
195
- //Recalculate points after the feature status/options have been altered
196
- $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
197
- $this->show_msg_settings_updated();
198
-
199
- //Let's check if backup interval was set to less than 24 hours
200
- if (isset($_POST["aiowps_enable_automated_fcd_scan"]) && ($fcd_scan_frequency < 24) && $_POST["aiowps_fcd_scan_interval"]==0)
201
- {
202
- $alert_user_msg = 'ATTENTION: You have configured your file change detection scan to occur at least once daily. For most websites we recommended that you choose a less frequent
203
- schedule such as once every few days, once a week or once a month. Choosing a less frequent schedule will also help reduce your server load.';
204
- $this->show_msg_updated(__($alert_user_msg, 'all-in-one-wp-security-and-firewall'));
205
- }
206
-
207
- if($reset_scan_data)
208
- {
209
- //Clear old scan row and ask user to perform a fresh scan to reset the data
210
- $aiowps_global_meta_tbl_name = AIOWPSEC_TBL_GLOBAL_META_DATA;
211
- $where = array('meta_key1' => 'file_change_detection', 'meta_value1' => 'file_scan_data');
212
- $wpdb->delete( $aiowps_global_meta_tbl_name, $where);
213
- $result = $aio_wp_security->scan_obj->execute_file_change_detection_scan();
214
- $new_scan_alert = __('NEW SCAN COMPLETED: The plugin has detected that you have made changes to the "File Types To Ignore" or "Files To Ignore" fields.
215
- In order to ensure that future scan results are accurate, the old scan data has been refreshed.', 'all-in-one-wp-security-and-firewall');
216
- $this->show_msg_updated($new_scan_alert);
217
- }
218
-
219
- }
220
-
221
- //Display an alert warning message if a file change was detected
222
- if ($aio_wp_security->configs->get_value('aiowps_fcds_change_detected'))
223
- {
224
- $error_msg = __('All In One WP Security & Firewall has detected that there was a change in your host\'s files.', 'all-in-one-wp-security-and-firewall');
225
-
226
- $button = '<div><form action="" method="POST"><input type="submit" name="fcd_scan_info" value="'.__('View Scan Details & Clear This Message', 'all-in-one-wp-security-and-firewall').'" class="button-secondary" /></form></div>';
227
- $error_msg .= $button;
228
- $this->show_msg_error($error_msg);
229
- }
230
-
231
-
232
- ?>
233
- <div class="aio_blue_box">
234
- <?php
235
- echo '<p>'.__('If given an opportunity hackers can insert their code or files into your system which they can then use to carry out malicious acts on your site.', 'all-in-one-wp-security-and-firewall').
236
- '<br />'.__('Being informed of any changes in your files can be a good way to quickly prevent a hacker from causing damage to your website.', 'all-in-one-wp-security-and-firewall').
237
- '<br />'.__('In general, WordPress core and plugin files and file types such as ".php" or ".js" should not change often and when they do, it is important that you are made aware when a change occurs and which file was affected.', 'all-in-one-wp-security-and-firewall').
238
- '<br />'.__('The "File Change Detection Feature" will notify you of any file change which occurs on your system, including the addition and deletion of files by performing a regular automated or manual scan of your system\'s files.', 'all-in-one-wp-security-and-firewall').
239
- '<br />'.__('This feature also allows you to exclude certain files or folders from the scan in cases where you know that they change often as part of their normal operation. (For example log files and certain caching plugin files may change often and hence you may choose to exclude such files from the file change detection scan)', 'all-in-one-wp-security-and-firewall').'</p>';
240
- ?>
241
- </div>
242
-
243
- <?php
244
- if (!class_exists ( "FilesystemIterator" )){
245
- ?>
246
- <div class="aio_orange_box">
247
- <p>
248
- <?php
249
- $read_link = '<a href="https://secure.php.net/manual/en/class.filesystemiterator.php" target="_blank">the FilesystemIterator class</a>';
250
- echo sprintf(__('It appears that your server is using an old PHP version which is missing the %s. The file scanner feature needs this class in order to work. If you would like to use this feature please upgrade your server PHP version to 5.3 or greater.', 'all-in-one-wp-security-and-firewall'), $read_link);
251
- ?>
252
- </p>
253
- </div>
254
- <?php
255
- } else {
256
- ?>
257
- <div class="postbox">
258
- <h3 class="hndle"><label for="title"><?php _e('Manual File Change Detection Scan', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
259
- <div class="inside">
260
- <form action="" method="POST">
261
- <?php wp_nonce_field('aiowpsec-fcd-manual-scan-nonce'); ?>
262
- <table class="form-table">
263
- <tr valign="top">
264
- <span class="description"><?php _e('To perform a manual file change detection scan click on the button below.', 'all-in-one-wp-security-and-firewall'); ?></span>
265
- </tr>
266
- </table>
267
- <input type="submit" name="aiowps_manual_fcd_scan" value="<?php _e('Perform Scan Now', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
268
- </form>
269
- </div></div>
270
- <div class="postbox">
271
- <h3 class="hndle"><label for="title"><?php _e('View Last Saved File Change Results', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
272
- <div class="inside">
273
- <form action="" method="POST">
274
- <?php wp_nonce_field('aiowpsec-view-last-fcd-results-nonce'); ?>
275
- <table class="form-table">
276
- <tr valign="top">
277
- <span class="description"><?php _e('Click the button below to view the saved file change results from the last scan.', 'all-in-one-wp-security-and-firewall'); ?></span>
278
- </tr>
279
- </table>
280
- <input type="submit" name="aiowps_view_last_fcd_results" value="<?php _e('View Last File Change', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
281
- </form>
282
- </div></div>
283
- <div class="postbox">
284
- <h3 class="hndle"><label for="title"><?php _e('File Change Detection Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
285
- <div class="inside">
286
- <?php
287
- //Display security info badge
288
- global $aiowps_feature_mgr;
289
- $aiowps_feature_mgr->output_feature_details_badge("scan-file-change-detection");
290
- ?>
291
-
292
- <form action="" method="POST">
293
- <?php wp_nonce_field('aiowpsec-scheduled-fcd-scan-nonce'); ?>
294
- <table class="form-table">
295
- <tr valign="top">
296
- <th scope="row"><?php _e('Enable Automated File Change Detection Scan', 'all-in-one-wp-security-and-firewall')?>:</th>
297
- <td>
298
- <input name="aiowps_enable_automated_fcd_scan" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_automated_fcd_scan')=='1') echo ' checked="checked"'; ?> value="1"/>
299
- <span class="description"><?php _e('Check this if you want the system to automatically/periodically scan your files to check for file changes based on the settings below', 'all-in-one-wp-security-and-firewall'); ?></span>
300
- </td>
301
- </tr>
302
- <tr valign="top">
303
- <th scope="row"><?php _e('Scan Time Interval', 'all-in-one-wp-security-and-firewall')?>:</th>
304
- <td><input type="text" size="5" name="aiowps_fcd_scan_frequency" value="<?php echo $aio_wp_security->configs->get_value('aiowps_fcd_scan_frequency'); ?>" />
305
- <select id="backup_interval" name="aiowps_fcd_scan_interval">
306
- <option value="0" <?php selected( $aio_wp_security->configs->get_value('aiowps_fcd_scan_interval'), '0' ); ?>><?php _e( 'Hours', 'all-in-one-wp-security-and-firewall' ); ?></option>
307
- <option value="1" <?php selected( $aio_wp_security->configs->get_value('aiowps_fcd_scan_interval'), '1' ); ?>><?php _e( 'Days', 'all-in-one-wp-security-and-firewall' ); ?></option>
308
- <option value="2" <?php selected( $aio_wp_security->configs->get_value('aiowps_fcd_scan_interval'), '2' ); ?>><?php _e( 'Weeks', 'all-in-one-wp-security-and-firewall' ); ?></option>
309
- </select>
310
- <span class="description"><?php _e('Set the value for how often you would like a scan to occur', 'all-in-one-wp-security-and-firewall'); ?></span>
311
- </td>
312
- </tr>
313
- <tr valign="top">
314
- <th scope="row"><?php _e('File Types To Ignore', 'all-in-one-wp-security-and-firewall')?>:</th>
315
- <td><textarea name="aiowps_fcd_exclude_filetypes" rows="5" cols="50"><?php echo htmlspecialchars($aio_wp_security->configs->get_value('aiowps_fcd_exclude_filetypes')); ?></textarea>
316
- <br />
317
- <span class="description"><?php _e('Enter each file type or extension on a new line which you wish to exclude from the file change detection scan.', 'all-in-one-wp-security-and-firewall'); ?></span>
318
- <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
319
- <div class="aiowps_more_info_body">
320
- <?php
321
- echo '<p class="description">'.__('You can exclude file types from the scan which would not normally pose any security threat if they were changed. These can include things such as image files.', 'all-in-one-wp-security-and-firewall').'</p>';
322
- echo '<p class="description">'.__('Example: If you want the scanner to ignore files of type jpg, png, and bmp, then you would enter the following:', 'all-in-one-wp-security-and-firewall').'</p>';
323
- echo '<p class="description">'.__('jpg', 'all-in-one-wp-security-and-firewall').'</p>';
324
- echo '<p class="description">'.__('png', 'all-in-one-wp-security-and-firewall').'</p>';
325
- echo '<p class="description">'.__('bmp', 'all-in-one-wp-security-and-firewall').'</p>';
326
- ?>
327
- </div>
328
- </td>
329
- </tr>
330
- <tr valign="top">
331
- <th scope="row"><?php _e('Files/Directories To Ignore', 'all-in-one-wp-security-and-firewall')?>:</th>
332
- <td><textarea name="aiowps_fcd_exclude_files" rows="5" cols="50"><?php echo htmlspecialchars($aio_wp_security->configs->get_value('aiowps_fcd_exclude_files')); ?></textarea>
333
- <br />
334
- <span class="description"><?php _e('Enter each file or directory on a new line which you wish to exclude from the file change detection scan.', 'all-in-one-wp-security-and-firewall'); ?></span>
335
- <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
336
- <div class="aiowps_more_info_body">
337
- <?php
338
- echo '<p class="description">'.__('You can exclude specific files/directories from the scan which would not normally pose any security threat if they were changed. These can include things such as log files.', 'all-in-one-wp-security-and-firewall').'</p>';
339
- echo '<p class="description">'.__('Example: If you want the scanner to ignore certain files in different directories or whole directories, then you would enter the following:', 'all-in-one-wp-security-and-firewall').'</p>';
340
- echo '<p class="description">'.__('cache/config/master.php', 'all-in-one-wp-security-and-firewall').'</p>';
341
- echo '<p class="description">'.__('somedirectory', 'all-in-one-wp-security-and-firewall').'</p>';
342
- ?>
343
- </div>
344
- </td>
345
- </tr>
346
- <tr valign="top">
347
- <th scope="row"><?php _e('Send Email When Change Detected', 'all-in-one-wp-security-and-firewall')?>:</th>
348
- <td>
349
- <input name="aiowps_send_fcd_scan_email" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_send_fcd_scan_email')=='1') echo ' checked="checked"'; ?> value="1"/>
350
- <span class="description"><?php _e('Check this if you want the system to email you if a file change was detected', 'all-in-one-wp-security-and-firewall'); ?></span>
351
- <br />
352
- <textarea name="aiowps_fcd_scan_email_address" rows="5" cols="50"><?php echo htmlspecialchars($aio_wp_security->configs->get_value('aiowps_fcd_scan_email_address')); ?></textarea>
353
- <br />
354
- <span class="description"><?php _e('Enter one or more email addresses on a new line.', 'all-in-one-wp-security-and-firewall'); ?></span>
355
- </td>
356
- </tr>
357
- </table>
358
- <input type="submit" name="aiowps_schedule_fcd_scan" value="<?php _e('Save Settings', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
359
- </form>
360
- </div></div>
361
-
362
- <?php
363
- }
364
- }
365
-
366
- function render_tab2()
367
- {
368
- ?>
369
- <div class="aio_blue_box">
370
- <?php
371
- echo '<h2>'.__('What is Malware?', 'all-in-one-wp-security-and-firewall').'</h2>';
372
- echo '<p>'.__('The word Malware stands for Malicious Software. It can consist of things like trojan horses, adware, worms, spyware and any other undesirable code which a hacker will try to inject into your website.', 'all-in-one-wp-security-and-firewall').'</p>'.
373
- '<p>'.__('Often when malware code has been inserted into your site you will normally not notice anything out of the ordinary based on appearances, but it can have a dramatic effect on your site\'s search ranking.', 'all-in-one-wp-security-and-firewall').'</p>'.
374
- '<p>'.__('This is because the bots and spiders from search engines such as Google have the capability to detect malware when they are indexing the pages on your site, and consequently they can blacklist your website which will in turn affect your search rankings.', 'all-in-one-wp-security-and-firewall').'</p>';
375
-
376
- $site_scanners_link = '<a href="http://www.site-scanners.com" target="_blank">'.__('CLICK HERE', 'all-in-one-wp-security-and-firewall').'</a>';
377
-
378
- echo '<h2>'.__('Scanning For Malware', 'all-in-one-wp-security-and-firewall').'</h2>';
379
- echo '<p>'.__('Due to the constantly changing and complex nature of Malware, scanning for such things using a standalone plugin will not work reliably. This is something best done via an external scan of your site regularly.', 'all-in-one-wp-security-and-firewall').'</p>'.
380
- '<p>'.__('This is why we have created an easy-to-use scanning service which is hosted off our own server which will scan your site for malware once every day and notify you if it finds anything.', 'all-in-one-wp-security-and-firewall').'</p>';
381
- echo '<p>'.__('When you sign up for this service you will get the following:', 'all-in-one-wp-security-and-firewall').'</p>';
382
- echo '<ul class="aiowps_admin_ul_grp1">
383
- <li>'.__('Automatic Daily Scan of 1 Website','all-in-one-wp-security-and-firewall').'</li>
384
- <li>'.__('Automatic Malware & Blacklist Monitoring','all-in-one-wp-security-and-firewall').'</li>
385
- <li>'.__('Automatic Email Alerting','all-in-one-wp-security-and-firewall').'</li>
386
- <li>'.__('Site uptime monitoring','all-in-one-wp-security-and-firewall').'</li>
387
- <li>'.__('Site response time monitoring','all-in-one-wp-security-and-firewall').'</li>
388
- <li>'.__('We provide advice for malware cleanup','all-in-one-wp-security-and-firewall').'</li>
389
- <li>'.__('Blacklist Removal','all-in-one-wp-security-and-firewall').'</li>
390
- <li>'.__('No Contract (Cancel Anytime)','all-in-one-wp-security-and-firewall').'</li>
391
- </ul>';
392
- echo '<p>'.sprintf(__('To learn more please %s.', 'all-in-one-wp-security-and-firewall'), $site_scanners_link).'</p>';
393
- ?>
394
- </div>
395
-
396
- <?php
397
- }
398
-
399
-
400
- /*
401
- * Outputs the last scan results in a postbox
402
- */
403
- function display_last_scan_results()
404
- {
405
- $fcd_data = AIOWPSecurity_Scan::get_fcd_data();
406
- if (!$fcd_data || !isset($fcd_data['last_scan_result']))
407
- {
408
- // no fcd data found
409
- return false;
410
- }
411
- ?>
412
- <div class="postbox">
413
- <h3 class="hndle"><label for="title"><?php _e('Latest File Change Scan Results', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
414
- <div class="inside">
415
- <?php
416
- $files_added_output = "";
417
- $files_removed_output = "";
418
- $files_changed_output = "";
419
- $last_scan_results = $fcd_data['last_scan_result'];
420
- if (!empty($last_scan_results['files_added']))
421
- {
422
- //Output table of files added
423
- echo '<div class="aio_info_with_icon aio_spacer_10_tb">'.__('The following files were added to your host.', 'all-in-one-wp-security-and-firewall').'</div>';
424
- $files_added_output .= '<table class="widefat">';
425
- $files_added_output .= '<tr>';
426
- $files_added_output .= '<th>'.__('File','all-in-one-wp-security-and-firewall').'</th>';
427
- $files_added_output .= '<th>'.__('File Size','all-in-one-wp-security-and-firewall').'</th>';
428
- $files_added_output .= '<th>'.__('File Modified','all-in-one-wp-security-and-firewall').'</th>';
429
- $files_added_output .= '</tr>';
430
- foreach ($last_scan_results['files_added'] as $key=>$value) {
431
- $files_added_output .= '<tr>';
432
- $files_added_output .= '<td>'.$key.'</td>';
433
- $files_added_output .= '<td>'.$value['filesize'].'</td>';
434
- $files_added_output .= '<td>'.date('Y-m-d H:i:s',$value['last_modified']).'</td>';
435
- $files_added_output .= '</tr>';
436
- }
437
- $files_added_output .= '</table>';
438
- echo $files_added_output;
439
- }
440
- echo '<div class="aio_spacer_15"></div>';
441
- if (!empty($last_scan_results['files_removed']))
442
- {
443
- //Output table of files removed
444
- echo '<div class="aio_info_with_icon aio_spacer_10_tb">'.__('The following files were removed from your host.', 'all-in-one-wp-security-and-firewall').'</div>';
445
- $files_removed_output .= '<table class="widefat">';
446
- $files_removed_output .= '<tr>';
447
- $files_removed_output .= '<th>'.__('File','all-in-one-wp-security-and-firewall').'</th>';
448
- $files_removed_output .= '<th>'.__('File Size','all-in-one-wp-security-and-firewall').'</th>';
449
- $files_removed_output .= '<th>'.__('File Modified','all-in-one-wp-security-and-firewall').'</th>';
450
- $files_removed_output .= '</tr>';
451
- foreach ($last_scan_results['files_removed'] as $key=>$value) {
452
- $files_removed_output .= '<tr>';
453
- $files_removed_output .= '<td>'.$key.'</td>';
454
- $files_removed_output .= '<td>'.$value['filesize'].'</td>';
455
- $files_removed_output .= '<td>'.date('Y-m-d H:i:s',$value['last_modified']).'</td>';
456
- $files_removed_output .= '</tr>';
457
- }
458
- $files_removed_output .= '</table>';
459
- echo $files_removed_output;
460
-
461
- }
462
-
463
- echo '<div class="aio_spacer_15"></div>';
464
-
465
- if (!empty($last_scan_results['files_changed']))
466
- {
467
- //Output table of files changed
468
- echo '<div class="aio_info_with_icon aio_spacer_10_tb">'.__('The following files were changed on your host.', 'all-in-one-wp-security-and-firewall').'</div>';
469
- $files_changed_output .= '<table class="widefat">';
470
- $files_changed_output .= '<tr>';
471
- $files_changed_output .= '<th>'.__('File','all-in-one-wp-security-and-firewall').'</th>';
472
- $files_changed_output .= '<th>'.__('File Size','all-in-one-wp-security-and-firewall').'</th>';
473
- $files_changed_output .= '<th>'.__('File Modified','all-in-one-wp-security-and-firewall').'</th>';
474
- $files_changed_output .= '</tr>';
475
- foreach ($last_scan_results['files_changed'] as $key=>$value) {
476
- $files_changed_output .= '<tr>';
477
- $files_changed_output .= '<td>'.$key.'</td>';
478
- $files_changed_output .= '<td>'.$value['filesize'].'</td>';
479
- $files_changed_output .= '<td>'.date('Y-m-d H:i:s',$value['last_modified']).'</td>';
480
- $files_changed_output .= '</tr>';
481
- }
482
- $files_changed_output .= '</table>';
483
- echo $files_changed_output;
484
- }
485
-
486
- ?>
487
- </div></div>
488
- <?php
489
- }
490
  } //end class
1
+ <?php
2
+ if(!defined('ABSPATH')){
3
+ exit;//Exit if accessed directly
4
+ }
5
+
6
+ class AIOWPSecurity_Filescan_Menu extends AIOWPSecurity_Admin_Menu
7
+ {
8
+ var $menu_page_slug = AIOWPSEC_FILESCAN_MENU_SLUG;
9
+
10
+ /* Specify all the tabs of this menu in the following array */
11
+ var $menu_tabs;
12
+
13
+ var $menu_tabs_handler = array(
14
+ 'tab1' => 'render_tab1',
15
+ 'tab2' => 'render_tab2',
16
+ );
17
+
18
+ function __construct()
19
+ {
20
+ $this->render_menu_page();
21
+ }
22
+
23
+ function set_menu_tabs()
24
+ {
25
+ $this->menu_tabs = array(
26
+ 'tab1' => __('File Change Detection','all-in-one-wp-security-and-firewall'),
27
+ 'tab2' => __('Malware Scan','all-in-one-wp-security-and-firewall'),
28
+ );
29
+ }
30
+
31
+ function get_current_tab()
32
+ {
33
+ $tab_keys = array_keys($this->menu_tabs);
34
+ $tab = isset( $_GET['tab'] ) ? sanitize_text_field($_GET['tab']) : $tab_keys[0];
35
+ return $tab;
36
+ }
37
+
38
+ /*
39
+ * Renders our tabs of this menu as nav items
40
+ */
41
+ function render_menu_tabs()
42
+ {
43
+ $current_tab = $this->get_current_tab();
44
+
45
+ echo '<h2 class="nav-tab-wrapper">';
46
+ foreach ( $this->menu_tabs as $tab_key => $tab_caption )
47
+ {
48
+ $active = $current_tab == $tab_key ? 'nav-tab-active' : '';
49
+ echo '<a class="nav-tab ' . $active . '" href="?page=' . $this->menu_page_slug . '&tab=' . $tab_key . '">' . $tab_caption . '</a>';
50
+ }
51
+ echo '</h2>';
52
+ }
53
+
54
+ /*
55
+ * The menu rendering goes here
56
+ */
57
+ function render_menu_page()
58
+ {
59
+ echo '<div class="wrap">';
60
+ echo '<h2>'.__('Scanner','all-in-one-wp-security-and-firewall').'</h2>';//Interface title
61
+ $this->set_menu_tabs();
62
+ $tab = $this->get_current_tab();
63
+ $this->render_menu_tabs();
64
+ ?>
65
+ <div id="poststuff"><div id="post-body">
66
+ <?php
67
+ //$tab_keys = array_keys($this->menu_tabs);
68
+ call_user_func(array($this, $this->menu_tabs_handler[$tab]));
69
+ ?>
70
+ </div></div>
71
+ </div><!-- end of wrap -->
72
+ <?php
73
+ }
74
+
75
+ function render_tab1()
76
+ {
77
+ global $wpdb, $aio_wp_security;
78
+ global $aiowps_feature_mgr;
79
+ if (isset($_POST['fcd_scan_info']))
80
+ {
81
+ //Display scan file change info and clear the global alert variable
82
+
83
+ //Clear the global variable
84
+ $aio_wp_security->configs->set_value('aiowps_fcds_change_detected', FALSE);
85
+ $aio_wp_security->configs->save_config();
86
+
87
+ //Display the last scan results
88
+ $this->display_last_scan_results();
89
+ }
90
+
91
+ if (isset($_POST['aiowps_view_last_fcd_results']))
92
+ {
93
+ //Display the last scan results
94
+ if (!$this->display_last_scan_results()){
95
+ $this->show_msg_updated(__('There have been no file changes since the last scan.', 'all-in-one-wp-security-and-firewall'));
96
+ }
97
+ }
98
+
99
+ if (isset($_POST['aiowps_manual_fcd_scan']))
100
+ {
101
+ $nonce=$_REQUEST['_wpnonce'];
102
+ if (!wp_verify_nonce($nonce, 'aiowpsec-fcd-manual-scan-nonce'))
103
+ {
104
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed for manual file change detection scan operation!",4);
105
+ die(__('Nonce check failed for manual file change detection scan operation!','all-in-one-wp-security-and-firewall'));
106
+ }
107
+
108
+ $result = $aio_wp_security->scan_obj->execute_file_change_detection_scan();
109
+ if ($result === false) {
110
+ // error case
111
+ $this->show_msg_error(__('There was an error during the file change detection scan. Please check the aiowps logs.','all-in-one-wp-security-and-firewall'));
112
+ }
113
+
114
+ //If this is first scan display special message
115
+ if ($result['initial_scan'] == 1)
116
+ {
117
+ $this->show_msg_updated(__('The plugin has detected that this is your first file change detection scan. The file details from this scan will be used to detect file changes for future scans.','all-in-one-wp-security-and-firewall'));
118
+ }else if(!$aio_wp_security->configs->get_value('aiowps_fcds_change_detected')){
119
+ $this->show_msg_updated(__('Scan Complete - There were no file changes detected!', 'all-in-one-wp-security-and-firewall'));
120
+ }
121
+ }
122
+
123
+ if(isset($_POST['aiowps_schedule_fcd_scan']))//Do form submission tasks
124
+ {
125
+ $error = '';
126
+ $reset_scan_data = FALSE;
127
+ $file_types = '';
128
+ $files = '';
129
+
130
+ $nonce=$_REQUEST['_wpnonce'];
131
+ if (!wp_verify_nonce($nonce, 'aiowpsec-scheduled-fcd-scan-nonce'))
132
+ {
133
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed for file change detection scan options save!",4);
134
+ die("Nonce check failed for file change detection scan options save!");
135
+ }
136
+
137
+ $fcd_scan_frequency = sanitize_text_field($_POST['aiowps_fcd_scan_frequency']);
138
+ if(!is_numeric($fcd_scan_frequency))
139
+ {
140
+ $error .= '<br />'.__('You entered a non numeric value for the "backup time interval" field. It has been set to the default value.','all-in-one-wp-security-and-firewall');
141
+ $fcd_scan_frequency = '4';//Set it to the default value for this field
142
+ }
143
+
144
+ if (!empty($_POST['aiowps_fcd_exclude_filetypes']))
145
+ {
146
+ $file_types = trim($_POST['aiowps_fcd_exclude_filetypes']);
147
+ //$file_types_array = preg_split( '/\r\n|\r|\n/', $file_types );
148
+
149
+ //Get the currently saved config value and check if this has changed. If so do another scan to reset the scan data so it omits these filetypes
150
+ if ($file_types != $aio_wp_security->configs->get_value('aiowps_fcd_exclude_filetypes'))
151
+ {
152
+ $reset_scan_data = TRUE;
153
+ }
154
+ }
155
+
156
+ if (!empty($_POST['aiowps_fcd_exclude_files']))
157
+ {
158
+ $files = trim($_POST['aiowps_fcd_exclude_files']);
159
+ //Get the currently saved config value and check if this has changed. If so do another scan to reset the scan data so it omits these files/dirs
160
+ if ($files != $aio_wp_security->configs->get_value('aiowps_fcd_exclude_files'))
161
+ {
162
+ $reset_scan_data = TRUE;
163
+ }
164
+
165
+ }
166
+
167
+ // Explode by end-of-line character, then trim and filter empty lines
168
+ $email_list_array = array_filter(array_map('trim', explode(PHP_EOL, $_POST['aiowps_fcd_scan_email_address'])), 'strlen');
169
+ $errors = array();
170
+ foreach($email_list_array as $key=>$value){
171
+ $email_sane = sanitize_email($value);
172
+ if(!is_email($email_sane))
173
+ {
174
+ $errors[] = __('The following address was removed because it is not a valid email address: ', 'all-in-one-wp-security-and-firewall')
175
+ . htmlspecialchars($value);
176
+ unset($email_list_array[$key]);
177
+ }
178
+ }
179
+ $email_address = implode(PHP_EOL, $email_list_array);
180
+ if ( !empty($errors) )
181
+ {
182
+ $this->show_msg_error(__('Attention!','all-in-one-wp-security-and-firewall') . '<br/>' . implode('<br />', $errors));
183
+ }
184
+
185
+ //Save all the form values to the options
186
+ $aio_wp_security->configs->set_value('aiowps_enable_automated_fcd_scan',isset($_POST["aiowps_enable_automated_fcd_scan"])?'1':'');
187
+ $aio_wp_security->configs->set_value('aiowps_fcd_scan_frequency',absint($fcd_scan_frequency));
188
+ $aio_wp_security->configs->set_value('aiowps_fcd_scan_interval',$_POST["aiowps_fcd_scan_interval"]);
189
+ $aio_wp_security->configs->set_value('aiowps_fcd_exclude_filetypes',$file_types);
190
+ $aio_wp_security->configs->set_value('aiowps_fcd_exclude_files',$files);
191
+ $aio_wp_security->configs->set_value('aiowps_send_fcd_scan_email',isset($_POST["aiowps_send_fcd_scan_email"])?'1':'');
192
+ $aio_wp_security->configs->set_value('aiowps_fcd_scan_email_address',$email_address);
193
+ $aio_wp_security->configs->save_config();
194
+
195
+ //Recalculate points after the feature status/options have been altered
196
+ $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
197
+ $this->show_msg_settings_updated();
198
+
199
+ //Let's check if backup interval was set to less than 24 hours
200
+ if (isset($_POST["aiowps_enable_automated_fcd_scan"]) && ($fcd_scan_frequency < 24) && $_POST["aiowps_fcd_scan_interval"]==0)
201
+ {
202
+ $alert_user_msg = 'ATTENTION: You have configured your file change detection scan to occur at least once daily. For most websites we recommended that you choose a less frequent
203
+ schedule such as once every few days, once a week or once a month. Choosing a less frequent schedule will also help reduce your server load.';
204
+ $this->show_msg_updated(__($alert_user_msg, 'all-in-one-wp-security-and-firewall'));
205
+ }
206
+
207
+ if($reset_scan_data)
208
+ {
209
+ //Clear old scan row and ask user to perform a fresh scan to reset the data
210
+ $aiowps_global_meta_tbl_name = AIOWPSEC_TBL_GLOBAL_META_DATA;
211
+ $where = array('meta_key1' => 'file_change_detection', 'meta_value1' => 'file_scan_data');
212
+ $wpdb->delete( $aiowps_global_meta_tbl_name, $where);
213
+ $result = $aio_wp_security->scan_obj->execute_file_change_detection_scan();
214
+ $new_scan_alert = __('NEW SCAN COMPLETED: The plugin has detected that you have made changes to the "File Types To Ignore" or "Files To Ignore" fields.
215
+ In order to ensure that future scan results are accurate, the old scan data has been refreshed.', 'all-in-one-wp-security-and-firewall');
216
+ $this->show_msg_updated($new_scan_alert);
217
+ }
218
+
219
+ }
220
+
221
+ //Display an alert warning message if a file change was detected
222
+ if ($aio_wp_security->configs->get_value('aiowps_fcds_change_detected'))
223
+ {
224
+ $error_msg = __('All In One WP Security & Firewall has detected that there was a change in your host\'s files.', 'all-in-one-wp-security-and-firewall');
225
+
226
+ $button = '<div><form action="" method="POST"><input type="submit" name="fcd_scan_info" value="'.__('View Scan Details & Clear This Message', 'all-in-one-wp-security-and-firewall').'" class="button-secondary" /></form></div>';
227
+ $error_msg .= $button;
228
+ $this->show_msg_error($error_msg);
229
+ }
230
+
231
+
232
+ ?>
233
+ <div class="aio_blue_box">
234
+ <?php
235
+ echo '<p>'.__('If given an opportunity hackers can insert their code or files into your system which they can then use to carry out malicious acts on your site.', 'all-in-one-wp-security-and-firewall').
236
+ '<br />'.__('Being informed of any changes in your files can be a good way to quickly prevent a hacker from causing damage to your website.', 'all-in-one-wp-security-and-firewall').
237
+ '<br />'.__('In general, WordPress core and plugin files and file types such as ".php" or ".js" should not change often and when they do, it is important that you are made aware when a change occurs and which file was affected.', 'all-in-one-wp-security-and-firewall').
238
+ '<br />'.__('The "File Change Detection Feature" will notify you of any file change which occurs on your system, including the addition and deletion of files by performing a regular automated or manual scan of your system\'s files.', 'all-in-one-wp-security-and-firewall').
239
+ '<br />'.__('This feature also allows you to exclude certain files or folders from the scan in cases where you know that they change often as part of their normal operation. (For example log files and certain caching plugin files may change often and hence you may choose to exclude such files from the file change detection scan)', 'all-in-one-wp-security-and-firewall').'</p>';
240
+ ?>
241
+ </div>
242
+
243
+ <?php
244
+ if (!class_exists ( "FilesystemIterator" )){
245
+ ?>
246
+ <div class="aio_orange_box">
247
+ <p>
248
+ <?php
249
+ $read_link = '<a href="https://secure.php.net/manual/en/class.filesystemiterator.php" target="_blank">the FilesystemIterator class</a>';
250
+ echo sprintf(__('It appears that your server is using an old PHP version which is missing the %s. The file scanner feature needs this class in order to work. If you would like to use this feature please upgrade your server PHP version to 5.3 or greater.', 'all-in-one-wp-security-and-firewall'), $read_link);
251
+ ?>
252
+ </p>
253
+ </div>
254
+ <?php
255
+ } else {
256
+ ?>
257
+ <div class="postbox">
258
+ <h3 class="hndle"><label for="title"><?php _e('Manual File Change Detection Scan', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
259
+ <div class="inside">
260
+ <form action="" method="POST">
261
+ <?php wp_nonce_field('aiowpsec-fcd-manual-scan-nonce'); ?>
262
+ <table class="form-table">
263
+ <tr valign="top">
264
+ <span class="description"><?php _e('To perform a manual file change detection scan click on the button below.', 'all-in-one-wp-security-and-firewall'); ?></span>
265
+ </tr>
266
+ </table>
267
+ <input type="submit" name="aiowps_manual_fcd_scan" value="<?php _e('Perform Scan Now', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
268
+ </form>
269
+ </div></div>
270
+ <div class="postbox">
271
+ <h3 class="hndle"><label for="title"><?php _e('View Last Saved File Change Results', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
272
+ <div class="inside">
273
+ <form action="" method="POST">
274
+ <?php wp_nonce_field('aiowpsec-view-last-fcd-results-nonce'); ?>
275
+ <table class="form-table">
276
+ <tr valign="top">
277
+ <span class="description"><?php _e('Click the button below to view the saved file change results from the last scan.', 'all-in-one-wp-security-and-firewall'); ?></span>
278
+ </tr>
279
+ </table>
280
+ <input type="submit" name="aiowps_view_last_fcd_results" value="<?php _e('View Last File Change', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
281
+ </form>
282
+ </div></div>
283
+ <div class="postbox">
284
+ <h3 class="hndle"><label for="title"><?php _e('File Change Detection Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
285
+ <div class="inside">
286
+ <?php
287
+ //Display security info badge
288
+ global $aiowps_feature_mgr;
289
+ $aiowps_feature_mgr->output_feature_details_badge("scan-file-change-detection");
290
+ ?>
291
+
292
+ <form action="" method="POST">
293
+ <?php wp_nonce_field('aiowpsec-scheduled-fcd-scan-nonce'); ?>
294
+ <table class="form-table">
295
+ <tr valign="top">
296
+ <th scope="row"><?php _e('Enable Automated File Change Detection Scan', 'all-in-one-wp-security-and-firewall')?>:</th>
297
+ <td>
298
+ <input name="aiowps_enable_automated_fcd_scan" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_automated_fcd_scan')=='1') echo ' checked="checked"'; ?> value="1"/>
299
+ <span class="description"><?php _e('Check this if you want the system to automatically/periodically scan your files to check for file changes based on the settings below', 'all-in-one-wp-security-and-firewall'); ?></span>
300
+ </td>
301
+ </tr>
302
+ <tr valign="top">
303
+ <th scope="row"><?php _e('Scan Time Interval', 'all-in-one-wp-security-and-firewall')?>:</th>
304
+ <td><input type="text" size="5" name="aiowps_fcd_scan_frequency" value="<?php echo $aio_wp_security->configs->get_value('aiowps_fcd_scan_frequency'); ?>" />
305
+ <select id="backup_interval" name="aiowps_fcd_scan_interval">
306
+ <option value="0" <?php selected( $aio_wp_security->configs->get_value('aiowps_fcd_scan_interval'), '0' ); ?>><?php _e( 'Hours', 'all-in-one-wp-security-and-firewall' ); ?></option>
307
+ <option value="1" <?php selected( $aio_wp_security->configs->get_value('aiowps_fcd_scan_interval'), '1' ); ?>><?php _e( 'Days', 'all-in-one-wp-security-and-firewall' ); ?></option>
308
+ <option value="2" <?php selected( $aio_wp_security->configs->get_value('aiowps_fcd_scan_interval'), '2' ); ?>><?php _e( 'Weeks', 'all-in-one-wp-security-and-firewall' ); ?></option>
309
+ </select>
310
+ <span class="description"><?php _e('Set the value for how often you would like a scan to occur', 'all-in-one-wp-security-and-firewall'); ?></span>
311
+ </td>
312
+ </tr>
313
+ <tr valign="top">
314
+ <th scope="row"><?php _e('File Types To Ignore', 'all-in-one-wp-security-and-firewall')?>:</th>
315
+ <td><textarea name="aiowps_fcd_exclude_filetypes" rows="5" cols="50"><?php echo htmlspecialchars($aio_wp_security->configs->get_value('aiowps_fcd_exclude_filetypes')); ?></textarea>
316
+ <br />
317
+ <span class="description"><?php _e('Enter each file type or extension on a new line which you wish to exclude from the file change detection scan.', 'all-in-one-wp-security-and-firewall'); ?></span>
318
+ <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
319
+ <div class="aiowps_more_info_body">
320
+ <?php
321
+ echo '<p class="description">'.__('You can exclude file types from the scan which would not normally pose any security threat if they were changed. These can include things such as image files.', 'all-in-one-wp-security-and-firewall').'</p>';
322
+ echo '<p class="description">'.__('Example: If you want the scanner to ignore files of type jpg, png, and bmp, then you would enter the following:', 'all-in-one-wp-security-and-firewall').'</p>';
323
+ echo '<p class="description">'.__('jpg', 'all-in-one-wp-security-and-firewall').'</p>';
324
+ echo '<p class="description">'.__('png', 'all-in-one-wp-security-and-firewall').'</p>';
325
+ echo '<p class="description">'.__('bmp', 'all-in-one-wp-security-and-firewall').'</p>';
326
+ ?>
327
+ </div>
328
+ </td>
329
+ </tr>
330
+ <tr valign="top">
331
+ <th scope="row"><?php _e('Files/Directories To Ignore', 'all-in-one-wp-security-and-firewall')?>:</th>
332
+ <td><textarea name="aiowps_fcd_exclude_files" rows="5" cols="50"><?php echo htmlspecialchars($aio_wp_security->configs->get_value('aiowps_fcd_exclude_files')); ?></textarea>
333
+ <br />
334
+ <span class="description"><?php _e('Enter each file or directory on a new line which you wish to exclude from the file change detection scan.', 'all-in-one-wp-security-and-firewall'); ?></span>
335
+ <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
336
+ <div class="aiowps_more_info_body">
337
+ <?php
338
+ echo '<p class="description">'.__('You can exclude specific files/directories from the scan which would not normally pose any security threat if they were changed. These can include things such as log files.', 'all-in-one-wp-security-and-firewall').'</p>';
339
+ echo '<p class="description">'.__('Example: If you want the scanner to ignore certain files in different directories or whole directories, then you would enter the following:', 'all-in-one-wp-security-and-firewall').'</p>';
340
+ echo '<p class="description">'.__('cache/config/master.php', 'all-in-one-wp-security-and-firewall').'</p>';
341
+ echo '<p class="description">'.__('somedirectory', 'all-in-one-wp-security-and-firewall').'</p>';
342
+ ?>
343
+ </div>
344
+ </td>
345
+ </tr>
346
+ <tr valign="top">
347
+ <th scope="row"><?php _e('Send Email When Change Detected', 'all-in-one-wp-security-and-firewall')?>:</th>
348
+ <td>
349
+ <input name="aiowps_send_fcd_scan_email" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_send_fcd_scan_email')=='1') echo ' checked="checked"'; ?> value="1"/>
350
+ <span class="description"><?php _e('Check this if you want the system to email you if a file change was detected', 'all-in-one-wp-security-and-firewall'); ?></span>
351
+ <br />
352
+ <textarea name="aiowps_fcd_scan_email_address" rows="5" cols="50"><?php echo htmlspecialchars($aio_wp_security->configs->get_value('aiowps_fcd_scan_email_address')); ?></textarea>
353
+ <br />
354
+ <span class="description"><?php _e('Enter one or more email addresses on a new line.', 'all-in-one-wp-security-and-firewall'); ?></span>
355
+ </td>
356
+ </tr>
357
+ </table>
358
+ <input type="submit" name="aiowps_schedule_fcd_scan" value="<?php _e('Save Settings', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
359
+ </form>
360
+ </div></div>
361
+
362
+ <?php
363
+ }
364
+ }
365
+
366
+ function render_tab2()
367
+ {
368
+ ?>
369
+ <div class="aio_blue_box">
370
+ <?php
371
+ echo '<h2>'.__('What is Malware?', 'all-in-one-wp-security-and-firewall').'</h2>';
372
+ echo '<p>'.__('The word Malware stands for Malicious Software. It can consist of things like trojan horses, adware, worms, spyware and any other undesirable code which a hacker will try to inject into your website.', 'all-in-one-wp-security-and-firewall').'</p>'.
373
+ '<p>'.__('Often when malware code has been inserted into your site you will normally not notice anything out of the ordinary based on appearances, but it can have a dramatic effect on your site\'s search ranking.', 'all-in-one-wp-security-and-firewall').'</p>'.
374
+ '<p>'.__('This is because the bots and spiders from search engines such as Google have the capability to detect malware when they are indexing the pages on your site, and consequently they can blacklist your website which will in turn affect your search rankings.', 'all-in-one-wp-security-and-firewall').'</p>';
375
+
376
+ $site_scanners_link = '<a href="http://www.site-scanners.com" target="_blank">'.__('CLICK HERE', 'all-in-one-wp-security-and-firewall').'</a>';
377
+
378
+ echo '<h2>'.__('Scanning For Malware', 'all-in-one-wp-security-and-firewall').'</h2>';
379
+ echo '<p>'.__('Due to the constantly changing and complex nature of Malware, scanning for such things using a standalone plugin will not work reliably. This is something best done via an external scan of your site regularly.', 'all-in-one-wp-security-and-firewall').'</p>'.
380
+ '<p>'.__('This is why we have created an easy-to-use scanning service which is hosted off our own server which will scan your site for malware once every day and notify you if it finds anything.', 'all-in-one-wp-security-and-firewall').'</p>';
381
+ echo '<p>'.__('When you sign up for this service you will get the following:', 'all-in-one-wp-security-and-firewall').'</p>';
382
+ echo '<ul class="aiowps_admin_ul_grp1">
383
+ <li>'.__('Automatic Daily Scan of 1 Website','all-in-one-wp-security-and-firewall').'</li>
384
+ <li>'.__('Automatic Malware & Blacklist Monitoring','all-in-one-wp-security-and-firewall').'</li>
385
+ <li>'.__('Automatic Email Alerting','all-in-one-wp-security-and-firewall').'</li>
386
+ <li>'.__('Site uptime monitoring','all-in-one-wp-security-and-firewall').'</li>
387
+ <li>'.__('Site response time monitoring','all-in-one-wp-security-and-firewall').'</li>
388
+ <li>'.__('We provide advice for malware cleanup','all-in-one-wp-security-and-firewall').'</li>
389
+ <li>'.__('Blacklist Removal','all-in-one-wp-security-and-firewall').'</li>
390
+ <li>'.__('No Contract (Cancel Anytime)','all-in-one-wp-security-and-firewall').'</li>
391
+ </ul>';
392
+ echo '<p>'.sprintf(__('To learn more please %s.', 'all-in-one-wp-security-and-firewall'), $site_scanners_link).'</p>';
393
+ ?>
394
+ </div>
395
+
396
+ <?php
397
+ }
398
+
399
+
400
+ /*
401
+ * Outputs the last scan results in a postbox
402
+ */
403
+ function display_last_scan_results()
404
+ {
405
+ $fcd_data = AIOWPSecurity_Scan::get_fcd_data();
406
+ if (!$fcd_data || !isset($fcd_data['last_scan_result']))
407
+ {
408
+ // no fcd data found
409
+ return false;
410
+ }
411
+ ?>
412
+ <div class="postbox">
413
+ <h3 class="hndle"><label for="title"><?php _e('Latest File Change Scan Results', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
414
+ <div class="inside">
415
+ <?php
416
+ $files_added_output = "";
417
+ $files_removed_output = "";
418
+ $files_changed_output = "";
419
+ $last_scan_results = $fcd_data['last_scan_result'];
420
+ if (!empty($last_scan_results['files_added']))
421
+ {
422
+ //Output table of files added
423
+ echo '<div class="aio_info_with_icon aio_spacer_10_tb">'.__('The following files were added to your host.', 'all-in-one-wp-security-and-firewall').'</div>';
424
+ $files_added_output .= '<table class="widefat">';
425
+ $files_added_output .= '<tr>';
426
+ $files_added_output .= '<th>'.__('File','all-in-one-wp-security-and-firewall').'</th>';
427
+ $files_added_output .= '<th>'.__('File Size','all-in-one-wp-security-and-firewall').'</th>';
428
+ $files_added_output .= '<th>'.__('File Modified','all-in-one-wp-security-and-firewall').'</th>';
429
+ $files_added_output .= '</tr>';
430
+ foreach ($last_scan_results['files_added'] as $key=>$value) {
431
+ $files_added_output .= '<tr>';
432
+ $files_added_output .= '<td>'.$key.'</td>';
433
+ $files_added_output .= '<td>'.$value['filesize'].'</td>';
434
+ $files_added_output .= '<td>'.date('Y-m-d H:i:s',$value['last_modified']).'</td>';
435
+ $files_added_output .= '</tr>';
436
+ }
437
+ $files_added_output .= '</table>';
438
+ echo $files_added_output;
439
+ }
440
+ echo '<div class="aio_spacer_15"></div>';
441
+ if (!empty($last_scan_results['files_removed']))
442
+ {
443
+ //Output table of files removed
444
+ echo '<div class="aio_info_with_icon aio_spacer_10_tb">'.__('The following files were removed from your host.', 'all-in-one-wp-security-and-firewall').'</div>';
445
+ $files_removed_output .= '<table class="widefat">';
446
+ $files_removed_output .= '<tr>';
447
+ $files_removed_output .= '<th>'.__('File','all-in-one-wp-security-and-firewall').'</th>';
448
+ $files_removed_output .= '<th>'.__('File Size','all-in-one-wp-security-and-firewall').'</th>';
449
+ $files_removed_output .= '<th>'.__('File Modified','all-in-one-wp-security-and-firewall').'</th>';
450
+ $files_removed_output .= '</tr>';
451
+ foreach ($last_scan_results['files_removed'] as $key=>$value) {
452
+ $files_removed_output .= '<tr>';
453
+ $files_removed_output .= '<td>'.$key.'</td>';
454
+ $files_removed_output .= '<td>'.$value['filesize'].'</td>';
455
+ $files_removed_output .= '<td>'.date('Y-m-d H:i:s',$value['last_modified']).'</td>';
456
+ $files_removed_output .= '</tr>';
457
+ }
458
+ $files_removed_output .= '</table>';
459
+ echo $files_removed_output;
460
+
461
+ }
462
+
463
+ echo '<div class="aio_spacer_15"></div>';
464
+
465
+ if (!empty($last_scan_results['files_changed']))
466
+ {
467
+ //Output table of files changed
468
+ echo '<div class="aio_info_with_icon aio_spacer_10_tb">'.__('The following files were changed on your host.', 'all-in-one-wp-security-and-firewall').'</div>';
469
+ $files_changed_output .= '<table class="widefat">';
470
+ $files_changed_output .= '<tr>';
471
+ $files_changed_output .= '<th>'.__('File','all-in-one-wp-security-and-firewall').'</th>';
472
+ $files_changed_output .= '<th>'.__('File Size','all-in-one-wp-security-and-firewall').'</th>';
473
+ $files_changed_output .= '<th>'.__('File Modified','all-in-one-wp-security-and-firewall').'</th>';
474
+ $files_changed_output .= '</tr>';
475
+ foreach ($last_scan_results['files_changed'] as $key=>$value) {
476
+ $files_changed_output .= '<tr>';
477
+ $files_changed_output .= '<td>'.$key.'</td>';
478
+ $files_changed_output .= '<td>'.$value['filesize'].'</td>';
479
+ $files_changed_output .= '<td>'.date('Y-m-d H:i:s',$value['last_modified']).'</td>';
480
+ $files_changed_output .= '</tr>';
481
+ }
482
+ $files_changed_output .= '</table>';
483
+ echo $files_changed_output;
484
+ }
485
+
486
+ ?>
487
+ </div></div>
488
+ <?php
489
+ }
490
  } //end class
admin/wp-security-filesystem-menu.php CHANGED
@@ -1,505 +1,505 @@
1
- <?php
2
- if ( !defined( 'ABSPATH' ) ) { exit; } // Prevent direct access to file
3
- class AIOWPSecurity_Filesystem_Menu extends AIOWPSecurity_Admin_Menu
4
- {
5
- var $menu_page_slug = AIOWPSEC_FILESYSTEM_MENU_SLUG;
6
-
7
- /* Specify all the tabs of this menu in the following array */
8
- var $menu_tabs;
9
-
10
- var $menu_tabs_handler = array(
11
- 'tab1' => 'render_tab1',
12
- 'tab2' => 'render_tab2',
13
- 'tab3' => 'render_tab3',
14
- 'tab4' => 'render_tab4',
15
- );
16
-
17
- function __construct()
18
- {
19
- $this->render_menu_page();
20
- add_action( 'admin_footer', array( &$this, 'filesystem_menu_footer_code' ) );
21
- }
22
-
23
- function set_menu_tabs()
24
- {
25
- $this->menu_tabs = array(
26
- 'tab1' => __('File Permissions','all-in-one-wp-security-and-firewall'),
27
- 'tab2' => __('PHP File Editing','all-in-one-wp-security-and-firewall'),
28
- 'tab3' => __('WP File Access','all-in-one-wp-security-and-firewall'),
29
- 'tab4' => __('Host System Logs','all-in-one-wp-security-and-firewall'),
30
- );
31
- }
32
-
33
- function get_current_tab()
34
- {
35
- $tab_keys = array_keys($this->menu_tabs);
36
- $tab = isset( $_GET['tab'] ) ? sanitize_text_field($_GET['tab']) : $tab_keys[0];
37
- return $tab;
38
- }
39
-
40
- /*
41
- * Renders our tabs of this menu as nav items
42
- */
43
- function render_menu_tabs()
44
- {
45
- $current_tab = $this->get_current_tab();
46
-
47
- echo '<h2 class="nav-tab-wrapper">';
48
- foreach ( $this->menu_tabs as $tab_key => $tab_caption )
49
- {
50
- $active = $current_tab == $tab_key ? 'nav-tab-active' : '';
51
- echo '<a class="nav-tab ' . $active . '" href="?page=' . $this->menu_page_slug . '&tab=' . $tab_key . '">' . $tab_caption . '</a>';
52
- }
53
- echo '</h2>';
54
- }
55
-
56
- /*
57
- * The menu rendering goes here
58
- */
59
- function render_menu_page()
60
- {
61
- echo '<div class="wrap">';
62
- echo '<h2>'.__('Filesystem Security','all-in-one-wp-security-and-firewall').'</h2>';//Interface title
63
- $this->set_menu_tabs();
64
- $tab = $this->get_current_tab();
65
- $this->render_menu_tabs();
66
- ?>
67
- <div id="poststuff"><div id="post-body">
68
- <?php
69
- //$tab_keys = array_keys($this->menu_tabs);
70
- call_user_func(array(&$this, $this->menu_tabs_handler[$tab]));
71
- ?>
72
- </div></div>
73
- </div><!-- end of wrap -->
74
- <?php
75
- }
76
-
77
- function render_tab1()
78
- {
79
- //if this is the case there is no need to display a "fix permissions" button
80
- global $wpdb, $aio_wp_security;
81
- if (isset($_POST['aiowps_fix_permissions']))
82
- {
83
- $nonce=$_REQUEST['_wpnonce'];
84
- if (!wp_verify_nonce($nonce, 'aiowpsec-fix-permissions-nonce'))
85
- {
86
- $aio_wp_security->debug_logger->log_debug("Nonce check failed for manual DB backup operation!",4);
87
- die(__('Nonce check failed for manual DB backup operation!','all-in-one-wp-security-and-firewall'));
88
- }
89
- if (isset($_POST['aiowps_permission_chg_file']))
90
- {
91
- $folder_or_file = $_POST['aiowps_permission_chg_file'];
92
- $rec_perm_oct_string = $_POST['aiowps_recommended_permissions']; //Convert the octal string to dec so the chmod func will accept it
93
- $rec_perm_dec = octdec($rec_perm_oct_string); //Convert the octal string to dec so the chmod func will accept it
94
- $perm_result = @chmod($_POST['aiowps_permission_chg_file'], $rec_perm_dec);
95
- if ($perm_result === true)
96
- {
97
- $msg = sprintf( __('The permissions for %s were succesfully changed to %s', 'all-in-one-wp-security-and-firewall'), $folder_or_file, $rec_perm_oct_string);
98
- $this->show_msg_updated($msg);
99
- }else if($perm_result === false)
100
- {
101
- $msg = sprintf( __('Unable to change permissions for %s!', 'all-in-one-wp-security-and-firewall'), $folder_or_file);
102
- $this->show_msg_error($msg);
103
- }
104
- }
105
- }
106
- ?>
107
- <h2><?php _e('File Permissions Scan', 'all-in-one-wp-security-and-firewall')?></h2>
108
- <div class="aio_blue_box">
109
- <?php
110
- echo '<p>'.__('Your WordPress file and folder permission settings govern the accessability and read/write privileges of the files and folders which make up your WP installation.', 'all-in-one-wp-security-and-firewall').'
111
- <br />'.__('Your WP installation already comes with reasonably secure file permission settings for the filesystem.', 'all-in-one-wp-security-and-firewall').'
112
- <br />'.__('However, sometimes people or other plugins modify the various permission settings of certain core WP folders or files such that they end up making their site less secure because they chose the wrong permission values.', 'all-in-one-wp-security-and-firewall').'
113
- <br />'.__('This feature will scan the critical WP core folders and files and will highlight any permission settings which are insecure.', 'all-in-one-wp-security-and-firewall').'
114
- </p>';
115
- ?>
116
- </div>
117
- <?php
118
- $detected_os = strtoupper(PHP_OS);
119
- if(strpos($detected_os, "WIN") !== false && $detected_os != "DARWIN"){
120
- echo '<div class="aio_yellow_box">';
121
- echo '<p>'.__('This plugin has detected that your site is running on a Windows server.', 'all-in-one-wp-security-and-firewall').'
122
- <br />'.__('This feature is not applicable for Windows server installations.', 'all-in-one-wp-security-and-firewall').'
123
- </p>';
124
- echo '</div>';
125
- }else{
126
- ?>
127
- <div class="postbox">
128
- <h3 class="hndle"><label for="title"><?php _e('WP Directory and File Permissions Scan Results', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
129
- <div class="inside">
130
- <?php
131
- //Display security info badge
132
- global $aiowps_feature_mgr;
133
- $aiowps_feature_mgr->output_feature_details_badge("filesystem-file-permissions");
134
- ?>
135
- <form action="" method="POST">
136
- <?php wp_nonce_field('aiowpsec-fix-permissions-nonce'); ?>
137
- <table class="widefat file_permission_table">
138
- <thead>
139
- <tr>
140
- <th><?php _e('Name', 'all-in-one-wp-security-and-firewall') ?></th>
141
- <th><?php _e('File/Folder', 'all-in-one-wp-security-and-firewall') ?></th>
142
- <th><?php _e('Current Permissions', 'all-in-one-wp-security-and-firewall') ?></th>
143
- <th><?php _e('Recommended Permissions', 'all-in-one-wp-security-and-firewall') ?></th>
144
- <th><?php _e('Recommended Action', 'all-in-one-wp-security-and-firewall') ?></th>
145
- </tr>
146
- </thead>
147
- <tbody>
148
- <?php
149
- $util = new AIOWPSecurity_Utility_File;
150
- $files_dirs_to_check = $util->files_and_dirs_to_check;
151
- foreach ($files_dirs_to_check as $file_or_dir)
152
- {
153
- $this->show_wp_filesystem_permission_status($file_or_dir['name'],$file_or_dir['path'],$file_or_dir['permissions']);
154
- }
155
- ?>
156
- </tbody>
157
- <tfoot>
158
- <tr>
159
- <th><?php _e('Name', 'all-in-one-wp-security-and-firewall') ?></th>
160
- <th><?php _e('File/Folder', 'all-in-one-wp-security-and-firewall') ?></th>
161
- <th><?php _e('Current Permissions', 'all-in-one-wp-security-and-firewall') ?></th>
162
- <th><?php _e('Recommended Permissions', 'all-in-one-wp-security-and-firewall') ?></th>
163
- <th><?php _e('Recommended Action', 'all-in-one-wp-security-and-firewall') ?></th>
164
- </tfoot>
165
- </table>
166
- </form>
167
- </div></div>
168
- <?php
169
- }
170
- }
171
-
172
- function render_tab2()
173
- {
174
- global $aio_wp_security;
175
- global $aiowps_feature_mgr;
176
-
177
- if(isset($_POST['aiowps_disable_file_edit']))//Do form submission tasks
178
- {
179
- $nonce=$_REQUEST['_wpnonce'];
180
- if (!wp_verify_nonce($nonce, 'aiowpsec-disable-file-edit-nonce'))
181
- {
182
- $aio_wp_security->debug_logger->log_debug("Nonce check failed on disable PHP file edit options save!",4);
183
- die("Nonce check failed on disable PHP file edit options save!");
184
- }
185
-
186
- if(isset($_POST['aiowps_disable_file_editing']))
187
- {
188
-
189
- $res = AIOWPSecurity_Utility::disable_file_edits();//$this->disable_file_edits();
190
- } else
191
- {
192
- $res = AIOWPSecurity_Utility::enable_file_edits();//$this->enable_file_edits();
193
- }
194
- if ($res)
195
- {
196
- //Save settings if no errors
197
- $aio_wp_security->configs->set_value('aiowps_disable_file_editing',isset($_POST["aiowps_disable_file_editing"])?'1':'');
198
- $aio_wp_security->configs->save_config();
199
-
200
- //Recalculate points after the feature status/options have been altered
201
- $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
202
- $this->show_msg_updated(__('Your PHP file editing settings were saved successfully.', 'all-in-one-wp-security-and-firewall'));
203
- }
204
- else
205
- {
206
- $this->show_msg_error(__('Operation failed! Unable to modify or make a backup of wp-config.php file!', 'all-in-one-wp-security-and-firewall'));
207
- }
208
- //$this->show_msg_settings_updated();
209
-
210
- }
211
- else {
212
- // Make sure the setting value is up-to-date with current value in WP config
213
- $aio_wp_security->configs->set_value('aiowps_disable_file_editing', defined('DISALLOW_FILE_EDIT') && DISALLOW_FILE_EDIT ? '1' : '');
214
- $aio_wp_security->configs->save_config();
215
- //Recalculate points after the feature status/options have been altered
216
- $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
217
- }
218
- ?>
219
- <h2><?php _e('File Editing', 'all-in-one-wp-security-and-firewall')?></h2>
220
- <div class="aio_blue_box">
221
- <?php
222
- echo '<p>'.__('The Wordpress Dashboard by default allows administrators to edit PHP files, such as plugin and theme files.', 'all-in-one-wp-security-and-firewall').'
223
- <br />'.__('This is often the first tool an attacker will use if able to login, since it allows code execution.', 'all-in-one-wp-security-and-firewall').'
224
- <br />'.__('This feature will disable the ability for people to edit PHP files via the dashboard.', 'all-in-one-wp-security-and-firewall').'
225
- </p>';
226
- ?>
227
- </div>
228
-
229
- <div class="postbox">
230
- <h3 class="hndle"><label for="title"><?php _e('Disable PHP File Editing', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
231
- <div class="inside">
232
- <?php
233
- //Display security info badge
234
- global $aiowps_feature_mgr;
235
- $aiowps_feature_mgr->output_feature_details_badge("filesystem-file-editing");
236
- ?>
237
-
238
- <form action="" method="POST">
239
- <?php wp_nonce_field('aiowpsec-disable-file-edit-nonce'); ?>
240
- <table class="form-table">
241
- <tr valign="top">
242
- <th scope="row"><?php _e('Disable Ability To Edit PHP Files', 'all-in-one-wp-security-and-firewall')?>:</th>
243
- <td>
244
- <input name="aiowps_disable_file_editing" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_disable_file_editing')=='1') echo ' checked="checked"'; ?> value="1"/>
245
- <span class="description"><?php _e('Check this if you want to remove the ability for people to edit PHP files via the WP dashboard', 'all-in-one-wp-security-and-firewall'); ?></span>
246
- </td>
247
- </tr>
248
- </table>
249
- <input type="submit" name="aiowps_disable_file_edit" value="<?php _e('Save Settings', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
250
- </form>
251
- </div></div>
252
- <?php
253
- }
254
-
255
- function render_tab3()
256
- {
257
- global $aio_wp_security;
258
- global $aiowps_feature_mgr;
259
- if(isset($_POST['aiowps_save_wp_file_access_settings']))//Do form submission tasks
260
- {
261
- $nonce=$_REQUEST['_wpnonce'];
262
- if (!wp_verify_nonce($nonce, 'aiowpsec-prevent-default-wp-file-access-nonce'))
263
- {
264
- $aio_wp_security->debug_logger->log_debug("Nonce check failed on enable basic firewall settings!",4);
265
- die("Nonce check failed on enable basic firewall settings!");
266
- }
267
-
268
- //Save settings
269
- if(isset($_POST['aiowps_prevent_default_wp_file_access']))
270
- {
271
- $aio_wp_security->configs->set_value('aiowps_prevent_default_wp_file_access','1');
272
- }
273
- else
274
- {
275
- $aio_wp_security->configs->set_value('aiowps_prevent_default_wp_file_access','');
276
- }
277
-
278
- //Commit the config settings
279
- $aio_wp_security->configs->save_config();
280
-
281
- //Recalculate points after the feature status/options have been altered
282
- $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
283
-
284
- //Now let's write the applicable rules to the .htaccess file
285
- $res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
286
-
287
- if ($res)
288
- {
289
- $this->show_msg_updated(__('You have successfully saved the Prevent Access to Default WP Files configuration.', 'all-in-one-wp-security-and-firewall'));
290
- }
291
- else
292
- {
293
- $this->show_msg_error(__('Could not write to the .htaccess file. Please check the file permissions.', 'all-in-one-wp-security-and-firewall'));
294
- }
295
- }
296
-
297
- ?>
298
- <h2><?php _e('WordPress Files', 'all-in-one-wp-security-and-firewall')?></h2>
299
- <div class="aio_blue_box">
300
- <?php
301
- $info_msg = sprintf( __('This feature allows you to prevent access to files such as %s, %s and %s which are delivered with all WP installations.', 'all-in-one-wp-security-and-firewall'), 'readme.html', 'license.txt', 'wp-config-sample.php');
302
- echo '<p>'.$info_msg.'</p>'.'<p>'.__('By preventing access to these files you are hiding some key pieces of information (such as WordPress version info) from potential hackers.', 'all-in-one-wp-security-and-firewall').'</p>';
303
- ?>
304
- </div>
305
-
306
- <div class="postbox">
307
- <h3 class="hndle"><label for="title"><?php _e('Prevent Access to Default WP Files', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
308
- <div class="inside">
309
- <?php
310
- //Display security info badge
311
- global $aiowps_feature_mgr;
312
- $aiowps_feature_mgr->output_feature_details_badge("block-wp-files-access");
313
- ?>
314
- <form action="" method="POST">
315
- <?php wp_nonce_field('aiowpsec-prevent-default-wp-file-access-nonce'); ?>
316
- <table class="form-table">
317
- <tr valign="top">
318
- <th scope="row"><?php _e('Prevent Access to WP Default Install Files', 'all-in-one-wp-security-and-firewall')?>:</th>
319
- <td>
320
- <input name="aiowps_prevent_default_wp_file_access" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_prevent_default_wp_file_access')=='1') echo ' checked="checked"'; ?> value="1"/>
321
- <span class="description"><?php _e('Check this if you want to prevent access to readme.html, license.txt and wp-config-sample.php.', 'all-in-one-wp-security-and-firewall'); ?></span>
322
- </td>
323
- </tr>
324
- </table>
325
- <input type="submit" name="aiowps_save_wp_file_access_settings" value="<?php _e('Save Setting', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
326
- </form>
327
- </div></div>
328
- <?php
329
- }
330
-
331
- function render_tab4()
332
- {
333
- global $aio_wp_security;
334
-
335
- if (isset($_POST['aiowps_system_log_file'])){
336
- if ($_POST['aiowps_system_log_file'] != NULL){
337
- $sys_log_file = esc_html($_POST['aiowps_system_log_file']);
338
- $aio_wp_security->configs->set_value('aiowps_system_log_file',$sys_log_file);
339
- }else{
340
- $sys_log_file = 'error_log';
341
- $aio_wp_security->configs->set_value('aiowps_system_log_file',$sys_log_file);
342
- }
343
- $aio_wp_security->configs->save_config();
344
- }else{
345
- $sys_log_file = $aio_wp_security->configs->get_value('aiowps_system_log_file');
346
- }
347
-
348
- ?>
349
- <h2><?php _e('System Logs', 'all-in-one-wp-security-and-firewall')?></h2>
350
- <div class="aio_blue_box">
351
- <?php
352
- echo '<p>'.__('Sometimes your hosting platform will produce error or warning logs in a file called "error_log".', 'all-in-one-wp-security-and-firewall').'
353
- <br />'.__('Depending on the nature and cause of the error or warning, your hosting server can create multiple instances of this file in numerous directory locations of your WordPress installation.', 'all-in-one-wp-security-and-firewall').'
354
- <br />'.__('By occassionally viewing the contents of these logs files you can keep informed of any underlying problems on your system which you might need to address.', 'all-in-one-wp-security-and-firewall').'
355
- </p>';
356
- ?>
357
- </div>
358
-
359
- <div class="postbox">
360
- <h3 class="hndle"><label for="title"><?php _e('View System Logs', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
361
- <div class="inside">
362
- <p><?php _e('Please click the button below to view the latest system logs', 'all-in-one-wp-security-and-firewall'); ?>:</p>
363
- <form action="" method="POST">
364
- <?php wp_nonce_field('aiowpsec-view-system-logs-nonce'); ?>
365
- <div><?php _e('Enter System Log File Name', 'all-in-one-wp-security-and-firewall')?>:
366
- <input type="text" size="25" name="aiowps_system_log_file" value="<?php echo esc_html($sys_log_file); ?>" />
367
- <span class="description"><?php _e('Enter your system log file name. (Defaults to error_log)', 'all-in-one-wp-security-and-firewall'); ?></span>
368
- </div>
369
- <div class="aio_spacer_15"></div>
370
- <input type="submit" name="aiowps_search_error_files" value="<?php _e('View Latest System Logs', 'all-in-one-wp-security-and-firewall'); ?>" class="button-primary search-error-files" />
371
- <span class="aiowps_loading_1">
372
- <img src="<?php echo AIO_WP_SECURITY_URL.'/images/loading.gif'; ?>" alt="<?php __('Loading...', 'all-in-one-wp-security-and-firewall'); ?>" />
373
- </span>
374
- </form>
375
- </div></div>
376
- <?php
377
- if (isset($_POST['aiowps_search_error_files']))
378
- {
379
- $nonce=$_REQUEST['_wpnonce'];
380
- if (!wp_verify_nonce($nonce, 'aiowpsec-view-system-logs-nonce'))
381
- {
382
- $aio_wp_security->debug_logger->log_debug("Nonce check failed on view system log operation!",4);
383
- die("Nonce check failed on view system log operation!");
384
- }
385
-
386
- $logResults = AIOWPSecurity_Utility_File::recursive_file_search($sys_log_file, 0, ABSPATH);
387
- if (empty($logResults) || $logResults == NULL || $logResults == '' || $logResults === FALSE)
388
- {
389
- $this->show_msg_updated(__('No system logs were found!', 'all-in-one-wp-security-and-firewall'));
390
- }
391
- else
392
- {
393
- foreach($logResults as $file)
394
- {
395
- $this->display_system_logs_in_table($file);
396
- }
397
- }
398
- }
399
- }
400
-
401
- /*
402
- * Scans WP key core files and directory permissions and populates a wp wide_fat table
403
- * Displays a red background entry with a "Fix" button for permissions which are "777"
404
- * Displays a yellow background entry with a "Fix" button for permissions which are less secure than the recommended
405
- * Displays a green entry for permissions which are as secure or better than the recommended
406
- */
407
- function show_wp_filesystem_permission_status($name,$path,$recommended)
408
- {
409
- $fix = false;
410
- $configmod = AIOWPSecurity_Utility_File::get_file_permission($path);
411
- if ($configmod == "0777"){
412
- $trclass = "aio_table_row_red"; //Display a red background if permissions are set as least secure ("777")
413
- $fix = true;
414
- }
415
- else if($configmod != $recommended)
416
- {
417
- //$res = $this->is_file_permission_secure($recommended, $configmod);
418
- $res = AIOWPSecurity_Utility_File::is_file_permission_secure($recommended, $configmod);
419
- if ($res)
420
- {
421
- $trclass = "aio_table_row_green"; //If the current permissions are even tighter than recommended then display a green row
422
- $fix = true;
423
- }
424
- else
425
- {
426
- $trclass = "aio_table_row_yellow"; //Display a yellow background if permissions are set to something different than recommended
427
- $fix = true;
428
- }
429
- }
430
- else
431
- {
432
- $trclass = "aio_table_row_green";
433
- }
434
- echo "<tr class=".$trclass.">";
435
- echo '<td>' . $name . "</td>";
436
- echo '<td>'. $path ."</td>";
437
- echo '<td>' . $configmod . '</td>';
438
- echo '<td>' . $recommended . '</td>';
439
- if ($fix)
440
- {
441
- echo '<td>
442
- <input type="submit" name="aiowps_fix_permissions" value="'.__('Set Recommended Permissions','all-in-one-wp-security-and-firewall').'" class="button-secondary" />
443
- <input type="hidden" name="aiowps_permission_chg_file" value="'.$path.'"/>
444
- <input type="hidden" name="aiowps_recommended_permissions" value="'.$recommended.'"/>
445
- </td>';
446
- } else
447
- {
448
- echo '<td>'.__('No Action Required', 'all-in-one-wp-security-and-firewall').'</td>';
449
- }
450
- echo "</tr>";
451
- }
452
-
453
-
454
-
455
- function filesystem_menu_footer_code()
456
- {
457
- ?>
458
- <script type="text/javascript">
459
- /* <![CDATA[ */
460
- jQuery(document).ready(function($) {
461
- loading_span = $('.aiowps_loading_1');
462
- loading_span.hide(); //hide the spinner gif after page has successfully loaded
463
- $('.search-error-files').on("click",function(){
464
- loading_span.show();
465
- });
466
- });
467
- /* ]]> */
468
- </script>
469
- <?php
470
- }
471
-
472
- function display_system_logs_in_table($filepath)
473
- {
474
- global $aio_wp_security;
475
- //Get contents of the error_log file
476
- $error_file_contents = file($filepath);
477
- if (!$error_file_contents)
478
- {
479
- //TODO - error could not read file, display notice???
480
- $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_Filesystem_Menu - Unable to read file: ".$filepath,4);
481
-
482
- }
483
- $last_50_entries = array_slice($error_file_contents, -50); //extract the last 50 entries
484
- ?>
485
- <table class="widefat file_permission_table">
486
- <thead>
487
- <tr>
488
- <th><?php echo(sprintf(__('Showing latest entries of error_log file: %s', 'all-in-one-wp-security-and-firewall'),'<strong>'.$filepath.'</strong>')); ?></th>
489
- </tr>
490
- </thead>
491
- <tbody>
492
- <?php
493
- foreach ($last_50_entries as $entry)
494
- {
495
- echo "<tr>";
496
- echo '<td>' . $entry . "</td>";
497
- echo "</tr>";
498
- }
499
- ?>
500
- </tbody>
501
- </table>
502
- <?php
503
-
504
- }
505
  } //end class
1
+ <?php
2
+ if ( !defined( 'ABSPATH' ) ) { exit; } // Prevent direct access to file
3
+ class AIOWPSecurity_Filesystem_Menu extends AIOWPSecurity_Admin_Menu
4
+ {
5
+ var $menu_page_slug = AIOWPSEC_FILESYSTEM_MENU_SLUG;
6
+
7
+ /* Specify all the tabs of this menu in the following array */
8
+ var $menu_tabs;
9
+
10
+ var $menu_tabs_handler = array(
11
+ 'tab1' => 'render_tab1',
12
+ 'tab2' => 'render_tab2',
13
+ 'tab3' => 'render_tab3',
14
+ 'tab4' => 'render_tab4',
15
+ );
16
+
17
+ function __construct()
18
+ {
19
+ $this->render_menu_page();
20
+ add_action( 'admin_footer', array($this, 'filesystem_menu_footer_code' ) );
21
+ }
22
+
23
+ function set_menu_tabs()
24
+ {
25
+ $this->menu_tabs = array(
26
+ 'tab1' => __('File Permissions','all-in-one-wp-security-and-firewall'),
27
+ 'tab2' => __('PHP File Editing','all-in-one-wp-security-and-firewall'),
28
+ 'tab3' => __('WP File Access','all-in-one-wp-security-and-firewall'),
29
+ 'tab4' => __('Host System Logs','all-in-one-wp-security-and-firewall'),
30
+ );
31
+ }
32
+
33
+ function get_current_tab()
34
+ {
35
+ $tab_keys = array_keys($this->menu_tabs);
36
+ $tab = isset( $_GET['tab'] ) ? sanitize_text_field($_GET['tab']) : $tab_keys[0];
37
+ return $tab;
38
+ }
39
+
40
+ /*
41
+ * Renders our tabs of this menu as nav items
42
+ */
43
+ function render_menu_tabs()
44
+ {
45
+ $current_tab = $this->get_current_tab();
46
+
47
+ echo '<h2 class="nav-tab-wrapper">';
48
+ foreach ( $this->menu_tabs as $tab_key => $tab_caption )
49
+ {
50
+ $active = $current_tab == $tab_key ? 'nav-tab-active' : '';
51
+ echo '<a class="nav-tab ' . $active . '" href="?page=' . $this->menu_page_slug . '&tab=' . $tab_key . '">' . $tab_caption . '</a>';
52
+ }
53
+ echo '</h2>';
54
+ }
55
+
56
+ /*
57
+ * The menu rendering goes here
58
+ */
59
+ function render_menu_page()
60
+ {
61
+ echo '<div class="wrap">';
62
+ echo '<h2>'.__('Filesystem Security','all-in-one-wp-security-and-firewall').'</h2>';//Interface title
63
+ $this->set_menu_tabs();
64
+ $tab = $this->get_current_tab();
65
+ $this->render_menu_tabs();
66
+ ?>
67
+ <div id="poststuff"><div id="post-body">
68
+ <?php
69
+ //$tab_keys = array_keys($this->menu_tabs);
70
+ call_user_func(array($this, $this->menu_tabs_handler[$tab]));
71
+ ?>
72
+ </div></div>
73
+ </div><!-- end of wrap -->
74
+ <?php
75
+ }
76
+
77
+ function render_tab1()
78
+ {
79
+ //if this is the case there is no need to display a "fix permissions" button
80
+ global $wpdb, $aio_wp_security;
81
+ if (isset($_POST['aiowps_fix_permissions']))
82
+ {
83
+ $nonce=$_REQUEST['_wpnonce'];
84
+ if (!wp_verify_nonce($nonce, 'aiowpsec-fix-permissions-nonce'))
85
+ {
86
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed for manual DB backup operation!",4);
87
+ die(__('Nonce check failed for manual DB backup operation!','all-in-one-wp-security-and-firewall'));
88
+ }
89
+ if (isset($_POST['aiowps_permission_chg_file']))
90
+ {
91
+ $folder_or_file = $_POST['aiowps_permission_chg_file'];
92
+ $rec_perm_oct_string = $_POST['aiowps_recommended_permissions']; //Convert the octal string to dec so the chmod func will accept it
93
+ $rec_perm_dec = octdec($rec_perm_oct_string); //Convert the octal string to dec so the chmod func will accept it
94
+ $perm_result = @chmod($_POST['aiowps_permission_chg_file'], $rec_perm_dec);
95
+ if ($perm_result === true)
96
+ {
97
+ $msg = sprintf( __('The permissions for %s were succesfully changed to %s', 'all-in-one-wp-security-and-firewall'), $folder_or_file, $rec_perm_oct_string);
98
+ $this->show_msg_updated($msg);
99
+ }else if($perm_result === false)
100
+ {
101
+ $msg = sprintf( __('Unable to change permissions for %s!', 'all-in-one-wp-security-and-firewall'), $folder_or_file);
102
+ $this->show_msg_error($msg);
103
+ }
104
+ }
105
+ }
106
+ ?>
107
+ <h2><?php _e('File Permissions Scan', 'all-in-one-wp-security-and-firewall')?></h2>
108
+ <div class="aio_blue_box">
109
+ <?php
110
+ echo '<p>'.__('Your WordPress file and folder permission settings govern the accessability and read/write privileges of the files and folders which make up your WP installation.', 'all-in-one-wp-security-and-firewall').'
111
+ <br />'.__('Your WP installation already comes with reasonably secure file permission settings for the filesystem.', 'all-in-one-wp-security-and-firewall').'
112
+ <br />'.__('However, sometimes people or other plugins modify the various permission settings of certain core WP folders or files such that they end up making their site less secure because they chose the wrong permission values.', 'all-in-one-wp-security-and-firewall').'
113
+ <br />'.__('This feature will scan the critical WP core folders and files and will highlight any permission settings which are insecure.', 'all-in-one-wp-security-and-firewall').'
114
+ </p>';
115
+ ?>
116
+ </div>
117
+ <?php
118
+ $detected_os = strtoupper(PHP_OS);
119
+ if(strpos($detected_os, "WIN") !== false && $detected_os != "DARWIN"){
120
+ echo '<div class="aio_yellow_box">';
121
+ echo '<p>'.__('This plugin has detected that your site is running on a Windows server.', 'all-in-one-wp-security-and-firewall').'
122
+ <br />'.__('This feature is not applicable for Windows server installations.', 'all-in-one-wp-security-and-firewall').'
123
+ </p>';
124
+ echo '</div>';
125
+ }else{
126
+ ?>
127
+ <div class="postbox">
128
+ <h3 class="hndle"><label for="title"><?php _e('WP Directory and File Permissions Scan Results', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
129
+ <div class="inside">
130
+ <?php
131
+ //Display security info badge
132
+ global $aiowps_feature_mgr;
133
+ $aiowps_feature_mgr->output_feature_details_badge("filesystem-file-permissions");
134
+ ?>
135
+ <form action="" method="POST">
136
+ <?php wp_nonce_field('aiowpsec-fix-permissions-nonce'); ?>
137
+ <table class="widefat file_permission_table">
138
+ <thead>
139
+ <tr>
140
+ <th><?php _e('Name', 'all-in-one-wp-security-and-firewall') ?></th>
141
+ <th><?php _e('File/Folder', 'all-in-one-wp-security-and-firewall') ?></th>
142
+ <th><?php _e('Current Permissions', 'all-in-one-wp-security-and-firewall') ?></th>
143
+ <th><?php _e('Recommended Permissions', 'all-in-one-wp-security-and-firewall') ?></th>
144
+ <th><?php _e('Recommended Action', 'all-in-one-wp-security-and-firewall') ?></th>
145
+ </tr>
146
+ </thead>
147
+ <tbody>
148
+ <?php
149
+ $util = new AIOWPSecurity_Utility_File;
150
+ $files_dirs_to_check = $util->files_and_dirs_to_check;
151
+ foreach ($files_dirs_to_check as $file_or_dir)
152
+ {
153
+ $this->show_wp_filesystem_permission_status($file_or_dir['name'],$file_or_dir['path'],$file_or_dir['permissions']);
154
+ }
155
+ ?>
156
+ </tbody>
157
+ <tfoot>
158
+ <tr>
159
+ <th><?php _e('Name', 'all-in-one-wp-security-and-firewall') ?></th>
160
+ <th><?php _e('File/Folder', 'all-in-one-wp-security-and-firewall') ?></th>
161
+ <th><?php _e('Current Permissions', 'all-in-one-wp-security-and-firewall') ?></th>
162
+ <th><?php _e('Recommended Permissions', 'all-in-one-wp-security-and-firewall') ?></th>
163
+ <th><?php _e('Recommended Action', 'all-in-one-wp-security-and-firewall') ?></th>
164
+ </tfoot>
165
+ </table>
166
+ </form>
167
+ </div></div>
168
+ <?php
169
+ }
170
+ }
171
+
172
+ function render_tab2()
173
+ {
174
+ global $aio_wp_security;
175
+ global $aiowps_feature_mgr;
176
+
177
+ if(isset($_POST['aiowps_disable_file_edit']))//Do form submission tasks
178
+ {
179
+ $nonce=$_REQUEST['_wpnonce'];
180
+ if (!wp_verify_nonce($nonce, 'aiowpsec-disable-file-edit-nonce'))
181
+ {
182
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed on disable PHP file edit options save!",4);
183
+ die("Nonce check failed on disable PHP file edit options save!");
184
+ }
185
+
186
+ if(isset($_POST['aiowps_disable_file_editing']))
187
+ {
188
+
189
+ $res = AIOWPSecurity_Utility::disable_file_edits();//$this->disable_file_edits();
190
+ } else
191
+ {
192
+ $res = AIOWPSecurity_Utility::enable_file_edits();//$this->enable_file_edits();
193
+ }
194
+ if ($res)
195
+ {
196
+ //Save settings if no errors
197
+ $aio_wp_security->configs->set_value('aiowps_disable_file_editing',isset($_POST["aiowps_disable_file_editing"])?'1':'');
198
+ $aio_wp_security->configs->save_config();
199
+
200
+ //Recalculate points after the feature status/options have been altered
201
+ $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
202
+ $this->show_msg_updated(__('Your PHP file editing settings were saved successfully.', 'all-in-one-wp-security-and-firewall'));
203
+ }
204
+ else
205
+ {
206
+ $this->show_msg_error(__('Operation failed! Unable to modify or make a backup of wp-config.php file!', 'all-in-one-wp-security-and-firewall'));
207
+ }
208
+ //$this->show_msg_settings_updated();
209
+
210
+ }
211
+ else {
212
+ // Make sure the setting value is up-to-date with current value in WP config
213
+ $aio_wp_security->configs->set_value('aiowps_disable_file_editing', defined('DISALLOW_FILE_EDIT') && DISALLOW_FILE_EDIT ? '1' : '');
214
+ $aio_wp_security->configs->save_config();
215
+ //Recalculate points after the feature status/options have been altered
216
+ $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
217
+ }
218
+ ?>
219
+ <h2><?php _e('File Editing', 'all-in-one-wp-security-and-firewall')?></h2>
220
+ <div class="aio_blue_box">
221
+ <?php
222
+ echo '<p>'.__('The Wordpress Dashboard by default allows administrators to edit PHP files, such as plugin and theme files.', 'all-in-one-wp-security-and-firewall').'
223
+ <br />'.__('This is often the first tool an attacker will use if able to login, since it allows code execution.', 'all-in-one-wp-security-and-firewall').'
224
+ <br />'.__('This feature will disable the ability for people to edit PHP files via the dashboard.', 'all-in-one-wp-security-and-firewall').'
225
+ </p>';
226
+ ?>
227
+ </div>
228
+
229
+ <div class="postbox">
230
+ <h3 class="hndle"><label for="title"><?php _e('Disable PHP File Editing', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
231
+ <div class="inside">
232
+ <?php
233
+ //Display security info badge
234
+ global $aiowps_feature_mgr;
235
+ $aiowps_feature_mgr->output_feature_details_badge("filesystem-file-editing");
236
+ ?>
237
+
238
+ <form action="" method="POST">
239
+ <?php wp_nonce_field('aiowpsec-disable-file-edit-nonce'); ?>
240
+ <table class="form-table">
241
+ <tr valign="top">
242
+ <th scope="row"><?php _e('Disable Ability To Edit PHP Files', 'all-in-one-wp-security-and-firewall')?>:</th>
243
+ <td>
244
+ <input name="aiowps_disable_file_editing" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_disable_file_editing')=='1') echo ' checked="checked"'; ?> value="1"/>
245
+ <span class="description"><?php _e('Check this if you want to remove the ability for people to edit PHP files via the WP dashboard', 'all-in-one-wp-security-and-firewall'); ?></span>
246
+ </td>
247
+ </tr>
248
+ </table>
249
+ <input type="submit" name="aiowps_disable_file_edit" value="<?php _e('Save Settings', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
250
+ </form>
251
+ </div></div>
252
+ <?php
253
+ }
254
+
255
+ function render_tab3()
256
+ {
257
+ global $aio_wp_security;
258
+ global $aiowps_feature_mgr;
259
+ if(isset($_POST['aiowps_save_wp_file_access_settings']))//Do form submission tasks
260
+ {
261
+ $nonce=$_REQUEST['_wpnonce'];
262
+ if (!wp_verify_nonce($nonce, 'aiowpsec-prevent-default-wp-file-access-nonce'))
263
+ {
264
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed on enable basic firewall settings!",4);
265
+ die("Nonce check failed on enable basic firewall settings!");
266
+ }
267
+
268
+ //Save settings
269
+ if(isset($_POST['aiowps_prevent_default_wp_file_access']))
270
+ {
271
+ $aio_wp_security->configs->set_value('aiowps_prevent_default_wp_file_access','1');
272
+ }
273
+ else
274
+ {
275
+ $aio_wp_security->configs->set_value('aiowps_prevent_default_wp_file_access','');
276
+ }
277
+
278
+ //Commit the config settings
279
+ $aio_wp_security->configs->save_config();
280
+
281
+ //Recalculate points after the feature status/options have been altered
282
+ $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
283
+
284
+ //Now let's write the applicable rules to the .htaccess file
285
+ $res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
286
+
287
+ if ($res)
288
+ {
289
+ $this->show_msg_updated(__('You have successfully saved the Prevent Access to Default WP Files configuration.', 'all-in-one-wp-security-and-firewall'));
290
+ }
291
+ else
292
+ {
293
+ $this->show_msg_error(__('Could not write to the .htaccess file. Please check the file permissions.', 'all-in-one-wp-security-and-firewall'));
294
+ }
295
+ }
296
+
297
+ ?>
298
+ <h2><?php _e('WordPress Files', 'all-in-one-wp-security-and-firewall')?></h2>
299
+ <div class="aio_blue_box">
300
+ <?php
301
+ $info_msg = sprintf( __('This feature allows you to prevent access to files such as %s, %s and %s which are delivered with all WP installations.', 'all-in-one-wp-security-and-firewall'), 'readme.html', 'license.txt', 'wp-config-sample.php');
302
+ echo '<p>'.$info_msg.'</p>'.'<p>'.__('By preventing access to these files you are hiding some key pieces of information (such as WordPress version info) from potential hackers.', 'all-in-one-wp-security-and-firewall').'</p>';
303
+ ?>
304
+ </div>
305
+
306
+ <div class="postbox">
307
+ <h3 class="hndle"><label for="title"><?php _e('Prevent Access to Default WP Files', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
308
+ <div class="inside">
309
+ <?php
310
+ //Display security info badge
311
+ global $aiowps_feature_mgr;
312
+ $aiowps_feature_mgr->output_feature_details_badge("block-wp-files-access");
313
+ ?>
314
+ <form action="" method="POST">
315
+ <?php wp_nonce_field('aiowpsec-prevent-default-wp-file-access-nonce'); ?>
316
+ <table class="form-table">
317
+ <tr valign="top">
318
+ <th scope="row"><?php _e('Prevent Access to WP Default Install Files', 'all-in-one-wp-security-and-firewall')?>:</th>
319
+ <td>
320
+ <input name="aiowps_prevent_default_wp_file_access" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_prevent_default_wp_file_access')=='1') echo ' checked="checked"'; ?> value="1"/>
321
+ <span class="description"><?php _e('Check this if you want to prevent access to readme.html, license.txt and wp-config-sample.php.', 'all-in-one-wp-security-and-firewall'); ?></span>
322
+ </td>
323
+ </tr>
324
+ </table>
325
+ <input type="submit" name="aiowps_save_wp_file_access_settings" value="<?php _e('Save Setting', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
326
+ </form>
327
+ </div></div>
328
+ <?php
329
+ }
330
+
331
+ function render_tab4()
332
+ {
333
+ global $aio_wp_security;
334
+
335
+ if (isset($_POST['aiowps_system_log_file'])){
336
+ if ($_POST['aiowps_system_log_file'] != NULL){
337
+ $sys_log_file = esc_html($_POST['aiowps_system_log_file']);
338
+ $aio_wp_security->configs->set_value('aiowps_system_log_file',$sys_log_file);
339
+ }else{
340
+ $sys_log_file = 'error_log';
341
+ $aio_wp_security->configs->set_value('aiowps_system_log_file',$sys_log_file);
342
+ }
343
+ $aio_wp_security->configs->save_config();
344
+ }else{
345
+ $sys_log_file = $aio_wp_security->configs->get_value('aiowps_system_log_file');
346
+ }
347
+
348
+ ?>
349
+ <h2><?php _e('System Logs', 'all-in-one-wp-security-and-firewall')?></h2>
350
+ <div class="aio_blue_box">
351
+ <?php
352
+ echo '<p>'.__('Sometimes your hosting platform will produce error or warning logs in a file called "error_log".', 'all-in-one-wp-security-and-firewall').'
353
+ <br />'.__('Depending on the nature and cause of the error or warning, your hosting server can create multiple instances of this file in numerous directory locations of your WordPress installation.', 'all-in-one-wp-security-and-firewall').'
354
+ <br />'.__('By occassionally viewing the contents of these logs files you can keep informed of any underlying problems on your system which you might need to address.', 'all-in-one-wp-security-and-firewall').'
355
+ </p>';
356
+ ?>
357
+ </div>
358
+
359
+ <div class="postbox">
360
+ <h3 class="hndle"><label for="title"><?php _e('View System Logs', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
361
+ <div class="inside">
362
+ <p><?php _e('Please click the button below to view the latest system logs', 'all-in-one-wp-security-and-firewall'); ?>:</p>
363
+ <form action="" method="POST">
364
+ <?php wp_nonce_field('aiowpsec-view-system-logs-nonce'); ?>
365
+ <div><?php _e('Enter System Log File Name', 'all-in-one-wp-security-and-firewall')?>:
366
+ <input type="text" size="25" name="aiowps_system_log_file" value="<?php echo esc_html($sys_log_file); ?>" />
367
+ <span class="description"><?php _e('Enter your system log file name. (Defaults to error_log)', 'all-in-one-wp-security-and-firewall'); ?></span>
368
+ </div>
369
+ <div class="aio_spacer_15"></div>
370
+ <input type="submit" name="aiowps_search_error_files" value="<?php _e('View Latest System Logs', 'all-in-one-wp-security-and-firewall'); ?>" class="button-primary search-error-files" />
371
+ <span class="aiowps_loading_1">
372
+ <img src="<?php echo AIO_WP_SECURITY_URL.'/images/loading.gif'; ?>" alt="<?php __('Loading...', 'all-in-one-wp-security-and-firewall'); ?>" />
373
+ </span>
374
+ </form>
375
+ </div></div>
376
+ <?php
377
+ if (isset($_POST['aiowps_search_error_files']))
378
+ {
379
+ $nonce=$_REQUEST['_wpnonce'];
380
+ if (!wp_verify_nonce($nonce, 'aiowpsec-view-system-logs-nonce'))
381
+ {
382
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed on view system log operation!",4);
383
+ die("Nonce check failed on view system log operation!");
384
+ }
385
+
386
+ $logResults = AIOWPSecurity_Utility_File::recursive_file_search($sys_log_file, 0, ABSPATH);
387
+ if (empty($logResults) || $logResults == NULL || $logResults == '' || $logResults === FALSE)
388
+ {
389
+ $this->show_msg_updated(__('No system logs were found!', 'all-in-one-wp-security-and-firewall'));
390
+ }
391
+ else
392
+ {
393
+ foreach($logResults as $file)
394
+ {
395
+ $this->display_system_logs_in_table($file);
396
+ }
397
+ }
398
+ }
399
+ }
400
+
401
+ /*
402
+ * Scans WP key core files and directory permissions and populates a wp wide_fat table
403
+ * Displays a red background entry with a "Fix" button for permissions which are "777"
404
+ * Displays a yellow background entry with a "Fix" button for permissions which are less secure than the recommended
405
+ * Displays a green entry for permissions which are as secure or better than the recommended
406
+ */
407
+ function show_wp_filesystem_permission_status($name,$path,$recommended)
408
+ {
409
+ $fix = false;
410
+ $configmod = AIOWPSecurity_Utility_File::get_file_permission($path);
411
+ if ($configmod == "0777"){
412
+ $trclass = "aio_table_row_red"; //Display a red background if permissions are set as least secure ("777")
413
+ $fix = true;
414
+ }
415
+ else if($configmod != $recommended)
416
+ {
417
+ //$res = $this->is_file_permission_secure($recommended, $configmod);
418
+ $res = AIOWPSecurity_Utility_File::is_file_permission_secure($recommended, $configmod);
419
+ if ($res)
420
+ {
421
+ $trclass = "aio_table_row_green"; //If the current permissions are even tighter than recommended then display a green row
422
+ $fix = true;
423
+ }
424
+ else
425
+ {
426
+ $trclass = "aio_table_row_yellow"; //Display a yellow background if permissions are set to something different than recommended
427
+ $fix = true;
428
+ }
429
+ }
430
+ else
431
+ {
432
+ $trclass = "aio_table_row_green";
433
+ }
434
+ echo "<tr class=".$trclass.">";
435
+ echo '<td>' . $name . "</td>";
436
+ echo '<td>'. $path ."</td>";
437
+ echo '<td>' . $configmod . '</td>';
438
+ echo '<td>' . $recommended . '</td>';
439
+ if ($fix)
440
+ {
441
+ echo '<td>
442
+ <input type="submit" name="aiowps_fix_permissions" value="'.__('Set Recommended Permissions','all-in-one-wp-security-and-firewall').'" class="button-secondary" />
443
+ <input type="hidden" name="aiowps_permission_chg_file" value="'.$path.'"/>
444
+ <input type="hidden" name="aiowps_recommended_permissions" value="'.$recommended.'"/>
445
+ </td>';
446
+ } else
447
+ {
448
+ echo '<td>'.__('No Action Required', 'all-in-one-wp-security-and-firewall').'</td>';
449
+ }
450
+ echo "</tr>";
451
+ }
452
+
453
+
454
+
455
+ function filesystem_menu_footer_code()
456
+ {
457
+ ?>
458
+ <script type="text/javascript">
459
+ /* <![CDATA[ */
460
+ jQuery(document).ready(function($) {
461
+ loading_span = $('.aiowps_loading_1');
462
+ loading_span.hide(); //hide the spinner gif after page has successfully loaded
463
+ $('.search-error-files').on("click",function(){
464
+ loading_span.show();
465
+ });
466
+ });
467
+ /* ]]> */
468
+ </script>
469
+ <?php
470
+ }
471
+
472
+ function display_system_logs_in_table($filepath)
473
+ {
474
+ global $aio_wp_security;
475
+ //Get contents of the error_log file
476
+ $error_file_contents = file($filepath);
477
+ if (!$error_file_contents)
478
+ {
479
+ //TODO - error could not read file, display notice???
480
+ $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_Filesystem_Menu - Unable to read file: ".$filepath,4);
481
+
482
+ }
483
+ $last_50_entries = array_slice($error_file_contents, -50); //extract the last 50 entries
484
+ ?>
485
+ <table class="widefat file_permission_table">
486
+ <thead>
487
+ <tr>
488
+ <th><?php echo(sprintf(__('Showing latest entries of error_log file: %s', 'all-in-one-wp-security-and-firewall'),'<strong>'.$filepath.'</strong>')); ?></th>
489
+ </tr>
490
+ </thead>
491
+ <tbody>
492
+ <?php
493
+ foreach ($last_50_entries as $entry)
494
+ {
495
+ echo "<tr>";
496
+ echo '<td>' . $entry . "</td>";
497
+ echo "</tr>";
498
+ }
499
+ ?>
500
+ </tbody>
501
+ </table>
502
+ <?php
503
+
504
+ }
505
  } //end class
admin/wp-security-firewall-menu.php CHANGED
@@ -1,1129 +1,1129 @@
1
- <?php
2
- if ( !defined( 'ABSPATH' ) ) { exit; } // Prevent direct access to file
3
- class AIOWPSecurity_Firewall_Menu extends AIOWPSecurity_Admin_Menu
4
- {
5
- var $menu_page_slug = AIOWPSEC_FIREWALL_MENU_SLUG;
6
-
7
- /* Specify all the tabs of this menu in the following array */
8
- var $menu_tabs;
9
-
10
- var $menu_tabs_handler = array(
11
- 'tab1' => 'render_tab1',
12
- 'tab2' => 'render_tab2',
13
- 'tab3' => 'render_tab3',
14
- 'tab4' => 'render_tab4',
15
- 'tab5' => 'render_tab5',
16
- 'tab6' => 'render_tab6',
17
- 'tab7' => 'render_tab7',
18
- );
19
-
20
- function __construct()
21
- {
22
- $this->render_menu_page();
23
- }
24
-
25
- function set_menu_tabs()
26
- {
27
- $this->menu_tabs = array(
28
- 'tab1' => __('Basic Firewall Rules', 'all-in-one-wp-security-and-firewall'),
29
- 'tab2' => __('Additional Firewall Rules', 'all-in-one-wp-security-and-firewall'),
30
- 'tab3' => __('6G Blacklist Firewall Rules', 'all-in-one-wp-security-and-firewall'),
31
- 'tab4' => __('Internet Bots', 'all-in-one-wp-security-and-firewall'),
32
- 'tab5' => __('Prevent Hotlinks', 'all-in-one-wp-security-and-firewall'),
33
- 'tab6' => __('404 Detection', 'all-in-one-wp-security-and-firewall'),
34
- 'tab7' => __('Custom Rules', 'all-in-one-wp-security-and-firewall'),
35
- );
36
- }
37
-
38
- function get_current_tab()
39
- {
40
- $tab_keys = array_keys($this->menu_tabs);
41
- $tab = isset( $_GET['tab'] ) ? sanitize_text_field($_GET['tab']) : $tab_keys[0];
42
- return $tab;
43
- }
44
-
45
- /*
46
- * Renders our tabs of this menu as nav items
47
- */
48
- function render_menu_tabs()
49
- {
50
- $current_tab = $this->get_current_tab();
51
-
52
- echo '<h2 class="nav-tab-wrapper">';
53
- foreach ( $this->menu_tabs as $tab_key => $tab_caption )
54
- {
55
- $active = $current_tab == $tab_key ? 'nav-tab-active' : '';
56
- echo '<a class="nav-tab ' . $active . '" href="?page=' . $this->menu_page_slug . '&tab=' . $tab_key . '">' . $tab_caption . '</a>';
57
- }
58
- echo '</h2>';
59
- }
60
-
61
- /*
62
- * The menu rendering goes here
63
- */
64
- function render_menu_page()
65
- {
66
- echo '<div class="wrap">';
67
- echo '<h2>'.__('Firewall','all-in-one-wp-security-and-firewall').'</h2>';//Interface title
68
- $this->set_menu_tabs();
69
- $tab = $this->get_current_tab();
70
- $this->render_menu_tabs();
71
- ?>
72
- <div id="poststuff"><div id="post-body">
73
- <?php
74
- //$tab_keys = array_keys($this->menu_tabs);
75
- call_user_func(array(&$this, $this->menu_tabs_handler[$tab]));
76
- ?>
77
- </div></div>
78
- </div><!-- end of wrap -->
79
- <?php
80
- }
81
-
82
- function render_tab1()
83
- {
84
- global $aiowps_feature_mgr;
85
- global $aio_wp_security;
86
- if(isset($_POST['aiowps_apply_basic_firewall_settings']))//Do form submission tasks
87
- {
88
- $nonce=$_REQUEST['_wpnonce'];
89
- if (!wp_verify_nonce($nonce, 'aiowpsec-enable-basic-firewall-nonce'))
90
- {
91
- $aio_wp_security->debug_logger->log_debug("Nonce check failed on enable basic firewall settings!",4);
92
- die("Nonce check failed on enable basic firewall settings!");
93
- }
94
-
95
- // Max file upload size in basic rules
96
- $upload_size = absint($_POST['aiowps_max_file_upload_size']);
97
-
98
- $max_allowed = apply_filters( 'aiowps_max_allowed_upload_config', 250 ); // Set a filterable limit of 250MB
99
- $max_allowed = absint($max_allowed);
100
-
101
- if($upload_size > $max_allowed) {
102
- $upload_size = $max_allowed;
103
- } else if(empty ($upload_size)) {
104
- $upload_size = 10;
105
- }
106
-
107
- //Save settings
108
- $aio_wp_security->configs->set_value('aiowps_enable_basic_firewall',isset($_POST["aiowps_enable_basic_firewall"])?'1':'');
109
- $aio_wp_security->configs->set_value('aiowps_max_file_upload_size',$upload_size);
110
- $aio_wp_security->configs->set_value('aiowps_enable_pingback_firewall',isset($_POST["aiowps_enable_pingback_firewall"])?'1':''); //this disables all xmlrpc functionality
111
- $aio_wp_security->configs->set_value('aiowps_disable_xmlrpc_pingback_methods',isset($_POST["aiowps_disable_xmlrpc_pingback_methods"])?'1':''); //this disables only pingback methods of xmlrpc but leaves other methods so that Jetpack and other apps will still work
112
- $aio_wp_security->configs->set_value('aiowps_block_debug_log_file_access',isset($_POST["aiowps_block_debug_log_file_access"])?'1':'');
113
-
114
- //Commit the config settings
115
- $aio_wp_security->configs->save_config();
116
-
117
- //Recalculate points after the feature status/options have been altered
118
- $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
119
-
120
- //Now let's write the applicable rules to the .htaccess file
121
- $res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
122
-
123
- if ($res)
124
- {
125
- $this->show_msg_updated(__('Settings were successfully saved', 'all-in-one-wp-security-and-firewall'));
126
- }
127
- else
128
- {
129
- $this->show_msg_error(__('Could not write to the .htaccess file. Please check the file permissions.', 'all-in-one-wp-security-and-firewall'));
130
- }
131
- }
132
-
133
- ?>
134
- <h2><?php _e('Firewall Settings', 'all-in-one-wp-security-and-firewall')?></h2>
135
- <form action="" method="POST">
136
- <?php wp_nonce_field('aiowpsec-enable-basic-firewall-nonce'); ?>
137
-
138
- <div class="aio_blue_box">
139
- <?php
140
- $backup_tab_link = '<a href="admin.php?page='.AIOWPSEC_SETTINGS_MENU_SLUG.'&tab=tab2" target="_blank">backup</a>';
141
- $info_msg = sprintf( __('This should not have any impact on your site\'s general functionality but if you wish you can take a %s of your .htaccess file before proceeding.', 'all-in-one-wp-security-and-firewall'), $backup_tab_link);
142
- echo '<p>'.__('The features in this tab allow you to activate some basic firewall security protection rules for your site.', 'all-in-one-wp-security-and-firewall').
143
- '<br />'.__('The firewall functionality is achieved via the insertion of special code into your currently active .htaccess file.', 'all-in-one-wp-security-and-firewall').
144
- '<br />'.$info_msg.'</p>';
145
- ?>
146
- </div>
147
- <?php
148
- //show a warning message if xmlrpc has been completely disabled
149
- if($aio_wp_security->configs->get_value('aiowps_enable_pingback_firewall')=='1'){
150
- ?>
151
- <div class="aio_orange_box">
152
- <p>
153
- <?php
154
- echo '<p>'.__('Attention: You have enabled the "Completely Block Access To XMLRPC" checkbox which means all XMLRPC functionality will be blocked.', 'all-in-one-wp-security-and-firewall').'</p>';
155
- echo '<p>'.__('By leaving this feature enabled you will prevent Jetpack or Wordpress iOS or other apps which need XMLRPC from working correctly on your site.', 'all-in-one-wp-security-and-firewall').'</p>';
156
- echo '<p>'.__('If you still need XMLRPC then uncheck the "Completely Block Access To XMLRPC" checkbox and enable only the "Disable Pingback Functionality From XMLRPC" checkbox.', 'all-in-one-wp-security-and-firewall').'</p>';
157
- ?>
158
- </p>
159
- </div>
160
-
161
- <?php
162
- }
163
- ?>
164
-
165
- <div class="postbox">
166
- <h3 class="hndle"><label for="title"><?php _e('Basic Firewall Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
167
- <div class="inside">
168
- <?php
169
- //Display security info badge
170
- $aiowps_feature_mgr->output_feature_details_badge("firewall-basic-rules");
171
- ?>
172
- <table class="form-table">
173
- <tr valign="top">
174
- <th scope="row"><?php _e('Enable Basic Firewall Protection', 'all-in-one-wp-security-and-firewall')?>:</th>
175
- <td>
176
- <input name="aiowps_enable_basic_firewall" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_basic_firewall')=='1') echo ' checked="checked"'; ?> value="1"/>
177
- <span class="description"><?php _e('Check this if you want to apply basic firewall protection to your site.', 'all-in-one-wp-security-and-firewall'); ?></span>
178
- <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
179
- <div class="aiowps_more_info_body">
180
- <?php
181
- echo '<p class="description">'.__('This setting will implement the following basic firewall protection mechanisms on your site:', 'all-in-one-wp-security-and-firewall').'</p>';
182
- echo '<p class="description">'.__('1) Protect your htaccess file by denying access to it.', 'all-in-one-wp-security-and-firewall').'</p>';
183
- echo '<p class="description">'.__('2) Disable the server signature.', 'all-in-one-wp-security-and-firewall').'</p>';
184
- echo '<p class="description">'.__('3) Limit file upload size (10MB).', 'all-in-one-wp-security-and-firewall').'</p>';
185
- echo '<p class="description">'.__('4) Protect your wp-config.php file by denying access to it.', 'all-in-one-wp-security-and-firewall').'</p>';
186
- echo '<p class="description">'.__('The above firewall features will be applied via your .htaccess file and should not affect your site\'s overall functionality.', 'all-in-one-wp-security-and-firewall').'</p>';
187
- echo '<p class="description">'.__('You are still advised to take a backup of your active .htaccess file just in case.', 'all-in-one-wp-security-and-firewall').'</p>';
188
- ?>
189
- </div>
190
- </td>
191
- </tr>
192
- <tr valign="top">
193
- <th scope="row"><?php _e('Max File Upload Size (MB)', 'all-in-one-wp-security-and-firewall')?>:</th>
194
- <td><input type="number" min="0" step="1" name="aiowps_max_file_upload_size" value="<?php echo esc_html($aio_wp_security->configs->get_value('aiowps_max_file_upload_size')); ?>" />
195
- <span class="description"><?php _e('The value for the maximum file upload size used in the .htaccess file. (Defaults to 10MB if left blank)', 'all-in-one-wp-security-and-firewall'); ?></span>
196
- </td>
197
- </tr>
198
-
199
- </table>
200
- </div></div>
201
-
202
- <div class="postbox">
203
- <h3 class="hndle"><label for="title"><?php _e('WordPress XMLRPC & Pingback Vulnerability Protection', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
204
- <div class="inside">
205
- <?php
206
- //Display security info badge
207
- $aiowps_feature_mgr->output_feature_details_badge("firewall-pingback-rules");
208
- ?>
209
- <table class="form-table">
210
- <tr valign="top">
211
- <th scope="row"><?php _e('Completely Block Access To XMLRPC', 'all-in-one-wp-security-and-firewall')?>:</th>
212
- <td>
213
- <input name="aiowps_enable_pingback_firewall" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_pingback_firewall')=='1') echo ' checked="checked"'; ?> value="1"/>
214
- <span class="description"><?php _e('Check this if you are not using the WP XML-RPC functionality and you want to completely block external access to XMLRPC.', 'all-in-one-wp-security-and-firewall'); ?></span>
215
- <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
216
- <div class="aiowps_more_info_body">
217
- <?php
218
- echo '<p class="description">'.__('This setting will add a directive in your .htaccess to disable access to the WordPress xmlrpc.php file which is responsible for the XML-RPC functionality in WordPress.', 'all-in-one-wp-security-and-firewall').'</p>';
219
- echo '<p class="description">'.__('Hackers can exploit various vulnerabilities in the WordPress XML-RPC API in a number of ways such as:', 'all-in-one-wp-security-and-firewall').'</p>';
220
- echo '<p class="description">'.__('1) Denial of Service (DoS) attacks', 'all-in-one-wp-security-and-firewall').'</p>';
221
- echo '<p class="description">'.__('2) Hacking internal routers.', 'all-in-one-wp-security-and-firewall').'</p>';
222
- echo '<p class="description">'.__('3) Scanning ports in internal networks to get info from various hosts.', 'all-in-one-wp-security-and-firewall').'</p>';
223
- echo '<p class="description">'.__('Apart from the security protection benefit, this feature may also help reduce load on your server, particularly if your site currently has a lot of unwanted traffic hitting the XML-RPC API on your installation.', 'all-in-one-wp-security-and-firewall').'</p>';
224
- echo '<p class="description">'.__('NOTE: You should only enable this feature if you are not currently using the XML-RPC functionality on your WordPress installation.', 'all-in-one-wp-security-and-firewall').'</p>';
225
- echo '<p class="description">'.__('Leave this feature disabled and use the feature below if you want pingback protection but you still need XMLRPC.', 'all-in-one-wp-security-and-firewall').'</p>';
226
- ?>
227
- </div>
228
- </td>
229
- </tr>
230
- <tr valign="top">
231
- <th scope="row"><?php _e('Disable Pingback Functionality From XMLRPC', 'all-in-one-wp-security-and-firewall')?>:</th>
232
- <td>
233
- <input name="aiowps_disable_xmlrpc_pingback_methods" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_disable_xmlrpc_pingback_methods')=='1') echo ' checked="checked"'; ?> value="1"/>
234
- <span class="description"><?php _e('If you use Jetpack or WP iOS or other apps which need WP XML-RPC functionality then check this. This will enable protection against WordPress pingback vulnerabilities.', 'all-in-one-wp-security-and-firewall'); ?></span>
235
- <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
236
- <div class="aiowps_more_info_body">
237
- <?php
238
- echo '<p class="description">'.__('NOTE: If you use Jetpack or the Wordpress iOS or other apps then you should enable this feature but leave the "Completely Block Access To XMLRPC" checkbox unchecked.', 'all-in-one-wp-security-and-firewall').'</p>';
239
- echo '<p class="description">'.__('The feature will still allow XMLRPC functionality on your site but will disable the pingback methods.', 'all-in-one-wp-security-and-firewall').'</p>';
240
- echo '<p class="description">'.__('This feature will also remove the "X-Pingback" header if it is present.', 'all-in-one-wp-security-and-firewall').'</p>';
241
- ?>
242
- </div>
243
- </td>
244
- </tr>
245
- </table>
246
- </div></div>
247
-
248
- <div class="postbox">
249
- <h3 class="hndle"><label for="title"><?php _e('Block Access to Debug Log File', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
250
- <div class="inside">
251
- <?php
252
- //Display security info badge
253
- $aiowps_feature_mgr->output_feature_details_badge("firewall-block-debug-file-access");
254
- ?>
255
- <table class="form-table">
256
- <tr valign="top">
257
- <th scope="row"><?php _e('Block Access to debug.log File', 'all-in-one-wp-security-and-firewall')?>:</th>
258
- <td>
259
- <input name="aiowps_block_debug_log_file_access" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_block_debug_log_file_access')=='1') echo ' checked="checked"'; ?> value="1"/>
260
- <span class="description"><?php _e('Check this if you want to block access to the debug.log file that WordPress creates when debug logging is enabled.', 'all-in-one-wp-security-and-firewall'); ?></span>
261
- <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
262
- <div class="aiowps_more_info_body">
263
- <?php
264
- echo '<p class="description">'.__('WordPress has an option to turn on the debug logging to a file located in wp-content/debug.log. This file may contain sensitive information.', 'all-in-one-wp-security-and-firewall').'</p>';
265
- echo '<p class="description">'.__('Using this optoin will block external access to this file. You can still access this file by logging into your site via FTP', 'all-in-one-wp-security-and-firewall').'</p>';
266
- ?>
267
- </div>
268
- </td>
269
- </tr>
270
- </table>
271
- </div></div>
272
-
273
- <input type="submit" name="aiowps_apply_basic_firewall_settings" value="<?php _e('Save Basic Firewall Settings', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
274
- </form>
275
- <?php
276
- }
277
-
278
- function render_tab2()
279
- {
280
- global $aio_wp_security;
281
- $error = '';
282
- if(isset($_POST['aiowps_apply_additional_firewall_settings']))//Do advanced firewall submission tasks
283
- {
284
- $nonce=$_REQUEST['_wpnonce'];
285
- if (!wp_verify_nonce($nonce, 'aiowpsec-enable-additional-firewall-nonce'))
286
- {
287
- $aio_wp_security->debug_logger->log_debug("Nonce check failed on enable advanced firewall settings!",4);
288
- die("Nonce check failed on enable advanced firewall settings!");
289
- }
290
-
291
- //Save settings
292
- if(isset($_POST['aiowps_disable_index_views']))
293
- {
294
- $aio_wp_security->configs->set_value('aiowps_disable_index_views','1');
295
- }
296
- else
297
- {
298
- $aio_wp_security->configs->set_value('aiowps_disable_index_views','');
299
- }
300
-
301
- if(isset($_POST['aiowps_disable_trace_and_track']))
302
- {
303
- $aio_wp_security->configs->set_value('aiowps_disable_trace_and_track','1');
304
- }
305
- else
306
- {
307
- $aio_wp_security->configs->set_value('aiowps_disable_trace_and_track','');
308
- }
309
-
310
- if(isset($_POST['aiowps_forbid_proxy_comments']))
311
- {
312
- $aio_wp_security->configs->set_value('aiowps_forbid_proxy_comments','1');
313
- }
314
- else
315
- {
316
- $aio_wp_security->configs->set_value('aiowps_forbid_proxy_comments','');
317
- }
318
-
319
- if(isset($_POST['aiowps_deny_bad_query_strings']))
320
- {
321
- $aio_wp_security->configs->set_value('aiowps_deny_bad_query_strings','1');
322
- }
323
- else
324
- {
325
- $aio_wp_security->configs->set_value('aiowps_deny_bad_query_strings','');
326
- }
327
-
328
- if(isset($_POST['aiowps_advanced_char_string_filter']))
329
- {
330
- $aio_wp_security->configs->set_value('aiowps_advanced_char_string_filter','1');
331
- }
332
- else
333
- {
334
- $aio_wp_security->configs->set_value('aiowps_advanced_char_string_filter','');
335
- }
336
-
337
- //Commit the config settings
338
- $aio_wp_security->configs->save_config();
339
-
340
- //Now let's write the applicable rules to the .htaccess file
341
- $res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
342
-
343
- if ($res)
344
- {
345
- $this->show_msg_updated(__('You have successfully saved the Additional Firewall Protection configuration', 'all-in-one-wp-security-and-firewall'));
346
- }
347
- else
348
- {
349
- $this->show_msg_error(__('Could not write to the .htaccess file. Please check the file permissions.', 'all-in-one-wp-security-and-firewall'));
350
- }
351
-
352
- if($error)
353
- {
354
- $this->show_msg_error($error);
355
- }
356
-
357
- }
358
- ?>
359
- <h2><?php _e('Additional Firewall Protection', 'all-in-one-wp-security-and-firewall')?></h2>
360
- <div class="aio_blue_box">
361
- <?php
362
- $backup_tab_link = '<a href="admin.php?page='.AIOWPSEC_SETTINGS_MENU_SLUG.'&tab=tab2" target="_blank">backup</a>';
363
- $info_msg = sprintf( __('Due to the nature of the code being inserted to the .htaccess file, this feature may break some functionality for certain plugins and you are therefore advised to take a %s of .htaccess before applying this configuration.', 'all-in-one-wp-security-and-firewall'), $backup_tab_link);
364
-
365
- echo '<p>'.__('This feature allows you to activate more advanced firewall settings to your site.', 'all-in-one-wp-security-and-firewall').
366
- '<br />'.__('The advanced firewall rules are applied via the insertion of special code to your currently active .htaccess file.', 'all-in-one-wp-security-and-firewall').
367
- '<br />'.$info_msg.'</p>';
368
- ?>
369
- </div>
370
-
371
- <form action="" method="POST">
372
- <?php wp_nonce_field('aiowpsec-enable-additional-firewall-nonce'); ?>
373
-
374
- <div class="postbox">
375
- <h3 class="hndle"><label for="title"><?php _e('Listing of Directory Contents', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
376
- <div class="inside">
377
- <?php
378
- //Display security info badge
379
- global $aiowps_feature_mgr;
380
- $aiowps_feature_mgr->output_feature_details_badge("firewall-disable-index-views");
381
- ?>
382
- <table class="form-table">
383
- <tr valign="top">
384
- <th scope="row"><?php _e('Disable Index Views', 'all-in-one-wp-security-and-firewall')?>:</th>
385
- <td>
386
- <input name="aiowps_disable_index_views" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_disable_index_views')=='1') echo ' checked="checked"'; ?> value="1"/>
387
- <span class="description"><?php _e('Check this if you want to disable directory and file listing.', 'all-in-one-wp-security-and-firewall'); ?></span>
388
- <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
389
- <div class="aiowps_more_info_body">
390
- <p class="description">
391
- <?php
392
- _e('By default, an Apache server will allow the listing of the contents of a directory if it doesn\'t contain an index.php file.', 'all-in-one-wp-security-and-firewall');
393
- echo '<br />';
394
- _e('This feature will prevent the listing of contents for all directories.', 'all-in-one-wp-security-and-firewall');
395
- echo '<br />';
396
- _e('NOTE: In order for this feature to work "AllowOverride" of the Indexes directive must be enabled in your httpd.conf file. Ask your hosting provider to check this if you don\'t have access to httpd.conf', 'all-in-one-wp-security-and-firewall');
397
- ?>
398
- </p>
399
- </div>
400
- </td>
401
- </tr>
402
- </table>
403
- </div></div>
404
- <div class="postbox">
405
- <h3 class="hndle"><label for="title"><?php _e('Trace and Track', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
406
- <div class="inside">
407
- <?php
408
- //Display security info badge
409
- global $aiowps_feature_mgr;
410
- $aiowps_feature_mgr->output_feature_details_badge("firewall-disable-trace-track");
411
- ?>
412
- <table class="form-table">
413
- <tr valign="top">
414
- <th scope="row"><?php _e('Disable Trace and Track', 'all-in-one-wp-security-and-firewall')?>:</th>
415
- <td>
416
- <input name="aiowps_disable_trace_and_track" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_disable_trace_and_track')=='1') echo ' checked="checked"'; ?> value="1"/>
417
- <span class="description"><?php _e('Check this if you want to disable trace and track.', 'all-in-one-wp-security-and-firewall'); ?></span>
418
- <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
419
- <div class="aiowps_more_info_body">
420
- <p class="description">
421
- <?php
422
- _e('HTTP Trace attack (XST) can be used to return header requests and grab cookies and other information.', 'all-in-one-wp-security-and-firewall');
423
- echo '<br />';
424
- _e('This hacking technique is usually used together with cross site scripting attacks (XSS).', 'all-in-one-wp-security-and-firewall');
425
- echo '<br />';
426
- _e('Disabling trace and track on your site will help prevent HTTP Trace attacks.', 'all-in-one-wp-security-and-firewall');
427
- ?>
428
- </p>
429
- </div>
430
- </td>
431
- </tr>
432
- </table>
433
- </div></div>
434
- <div class="postbox">
435
- <h3 class="hndle"><label for="title"><?php _e('Proxy Comment Posting', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
436
- <div class="inside">
437
- <?php
438
- //Display security info badge
439
- global $aiowps_feature_mgr;
440
- $aiowps_feature_mgr->output_feature_details_badge("firewall-forbid-proxy-comments");
441
- ?>
442
-
443
- <table class="form-table">
444
- <tr valign="top">
445
- <th scope="row"><?php _e('Forbid Proxy Comment Posting', 'all-in-one-wp-security-and-firewall')?>:</th>
446
- <td>
447
- <input name="aiowps_forbid_proxy_comments" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_forbid_proxy_comments')=='1') echo ' checked="checked"'; ?> value="1"/>
448
- <span class="description"><?php _e('Check this if you want to forbid proxy comment posting.', 'all-in-one-wp-security-and-firewall'); ?></span>
449
- <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
450
- <div class="aiowps_more_info_body">
451
- <p class="description">
452
- <?php
453
- _e('This setting will deny any requests that use a proxy server when posting comments.', 'all-in-one-wp-security-and-firewall');
454
- echo '<br />'.__('By forbidding proxy comments you are in effect eliminating some SPAM and other proxy requests.', 'all-in-one-wp-security-and-firewall');
455
- ?>
456
- </p>
457
- </div>
458
- </td>
459
- </tr>
460
- </table>
461
- </div></div>
462
- <div class="postbox">
463
- <h3 class="hndle"><label for="title"><?php _e('Bad Query Strings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
464
- <div class="inside">
465
- <?php
466
- //Display security info badge
467
- global $aiowps_feature_mgr;
468
- $aiowps_feature_mgr->output_feature_details_badge("firewall-deny-bad-queries");
469
- ?>
470
-
471
- <table class="form-table">
472
- <tr valign="top">
473
- <th scope="row"><?php _e('Deny Bad Query Strings', 'all-in-one-wp-security-and-firewall')?>:</th>
474
- <td>
475
- <input name="aiowps_deny_bad_query_strings" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_deny_bad_query_strings')=='1') echo ' checked="checked"'; ?> value="1"/>
476
- <span class="description"><?php _e('This will help protect you against malicious queries via XSS.', 'all-in-one-wp-security-and-firewall'); ?></span>
477
- <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
478
- <div class="aiowps_more_info_body">
479
- <p class="description">
480
- <?php
481
- _e('This feature will write rules in your .htaccess file to prevent malicious string attacks on your site using XSS.', 'all-in-one-wp-security-and-firewall');
482
- echo '<br />'.__('NOTE: Some of these strings might be used for plugins or themes and hence this might break some functionality.', 'all-in-one-wp-security-and-firewall');
483
- echo '<br /><strong>'.__('You are therefore strongly advised to take a backup of your active .htaccess file before applying this feature.', 'all-in-one-wp-security-and-firewall').'<strong>';
484
- ?>
485
- </p>
486
- </div>
487
- </td>
488
- </tr>
489
- </table>
490
- </div></div>
491
- <div class="postbox">
492
- <h3 class="hndle"><label for="title"><?php _e('Advanced Character String Filter', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
493
- <div class="inside">
494
- <?php
495
- //Display security info badge
496
- global $aiowps_feature_mgr;
497
- $aiowps_feature_mgr->output_feature_details_badge("firewall-advanced-character-string-filter");
498
- ?>
499
-
500
- <table class="form-table">
501
- <tr valign="top">
502
- <th scope="row"><?php _e('Enable Advanced Character String Filter', 'all-in-one-wp-security-and-firewall')?>:</th>
503
- <td>
504
- <input name="aiowps_advanced_char_string_filter" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_advanced_char_string_filter')=='1') echo ' checked="checked"'; ?> value="1"/>
505
- <span class="description"><?php _e('This will block bad character matches from XSS.', 'all-in-one-wp-security-and-firewall'); ?></span>
506
- <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
507
- <div class="aiowps_more_info_body">
508
- <p class="description">
509
- <?php
510
- _e('This is an advanced character string filter to prevent malicious string attacks on your site coming from Cross Site Scripting (XSS).', 'all-in-one-wp-security-and-firewall');
511
- echo '<br />'.__('This setting matches for common malicious string patterns and exploits and will produce a 403 error for the hacker attempting the query.', 'all-in-one-wp-security-and-firewall');
512
- echo '<br />'.__('NOTE: Some strings for this setting might break some functionality.', 'all-in-one-wp-security-and-firewall');
513
- echo '<br /><strong>'.__('You are therefore strongly advised to take a backup of your active .htaccess file before applying this feature.', 'all-in-one-wp-security-and-firewall').'<strong>';
514
- ?>
515
- </p>
516
- </div>
517
- </td>
518
- </tr>
519
- </table>
520
- </div></div>
521
- <input type="submit" name="aiowps_apply_additional_firewall_settings" value="<?php _e('Save Additional Firewall Settings', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
522
- </form>
523
- <?php
524
- }
525
-
526
- function render_tab3()
527
- {
528
- global $aio_wp_security, $aiowps_feature_mgr;
529
- if(isset($_POST['aiowps_apply_5g_6g_firewall_settings']))//Do form submission tasks
530
- {
531
- $nonce=$_REQUEST['_wpnonce'];
532
- if (!wp_verify_nonce($nonce, 'aiowpsec-enable-5g-6g-firewall-nonce'))
533
- {
534
- $aio_wp_security->debug_logger->log_debug("Nonce check failed on enable 5G/6G firewall settings!",4);
535
- die("Nonce check failed on enable 5G/6G firewall settings!");
536
- }
537
-
538
- //Save settings
539
- if(isset($_POST['aiowps_enable_5g_firewall']))
540
- {
541
- $aio_wp_security->configs->set_value('aiowps_enable_5g_firewall','1');
542
- }
543
- else
544
- {
545
- $aio_wp_security->configs->set_value('aiowps_enable_5g_firewall','');
546
- }
547
- if(isset($_POST['aiowps_enable_6g_firewall']))
548
- {
549
- $aio_wp_security->configs->set_value('aiowps_enable_6g_firewall','1');
550
- }
551
- else
552
- {
553
- $aio_wp_security->configs->set_value('aiowps_enable_6g_firewall','');
554
- }
555
-
556
- //Commit the config settings
557
- $aio_wp_security->configs->save_config();
558
-
559
- //Now let's write the applicable rules to the .htaccess file
560
- $res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
561
-
562
- if ($res)
563
- {
564
- $this->show_msg_updated(__('You have successfully saved the 5G/6G Firewall Protection configuration', 'all-in-one-wp-security-and-firewall'));
565
- // Recalculate points after the feature status/options have been altered
566
- $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
567
- }
568
- else
569
- {
570
- $this->show_msg_error(__('Could not write to the .htaccess file. Please check the file permissions.', 'all-in-one-wp-security-and-firewall'));
571
- }
572
- }
573
-
574
- ?>
575
- <h2><?php _e('Firewall Settings', 'all-in-one-wp-security-and-firewall')?></h2>
576
- <div class="aio_blue_box">
577
- <?php
578
- $backup_tab_link = '<a href="admin.php?page='.AIOWPSEC_SETTINGS_MENU_SLUG.'&tab=tab2" target="_blank">backup</a>';
579
- $info_msg = '<p>'.sprintf( __('This feature allows you to activate the %s (or legacy %s) firewall security protection rules designed and produced by %s.', 'all-in-one-wp-security-and-firewall'), '<a href="http://perishablepress.com/6g/" target="_blank">6G</a>', '<a href="http://perishablepress.com/5g-blacklist-2013/" target="_blank">5G</a>', '<a href="http://perishablepress.com/" target="_blank">Perishable Press</a>').'</p>';
580
- $info_msg .= '<p>'.__('The 6G Blacklist is updated and improved version of 5G Blacklist. If you have 5G Blacklist active, you might consider activating 6G Blacklist instead.', 'all-in-one-wp-security-and-firewall').'</p>';
581
- $info_msg .= '<p>'.__('The 6G Blacklist is a simple, flexible blacklist that helps reduce the number of malicious URL requests that hit your website.', 'all-in-one-wp-security-and-firewall').'</p>';
582
- $info_msg .= '<p>'.__('The added advantage of applying the 6G firewall to your site is that it has been tested and confirmed by the people at PerishablePress.com to be an optimal and least disruptive set of .htaccess security rules for general WP sites running on an Apache server or similar.', 'all-in-one-wp-security-and-firewall').'</p>';
583
- $info_msg .= '<p>'.sprintf( __('Therefore the 6G firewall rules should not have any impact on your site\'s general functionality but if you wish you can take a %s of your .htaccess file before proceeding.', 'all-in-one-wp-security-and-firewall'), $backup_tab_link).'</p>';
584
- echo $info_msg;
585
- ?>
586
- </div>
587
-
588
- <div class="postbox">
589
- <h3 class="hndle"><label for="title"><?php _e('6G Blacklist/Firewall Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
590
- <div class="inside">
591
- <?php
592
- //Display security info badge
593
- global $aiowps_feature_mgr;
594
- $aiowps_feature_mgr->output_feature_details_badge("firewall-enable-5g-6g-blacklist");
595
- ?>
596
-
597
- <form action="" method="POST">
598
- <?php wp_nonce_field('aiowpsec-enable-5g-6g-firewall-nonce'); ?>
599
- <table class="form-table">
600
- <tr valign="top">
601
- <th scope="row"><?php _e('Enable 6G Firewall Protection', 'all-in-one-wp-security-and-firewall')?>:</th>
602
- <td>
603
- <input name="aiowps_enable_6g_firewall" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_6g_firewall')=='1') echo ' checked="checked"'; ?> value="1"/>
604
- <span class="description"><?php _e('Check this if you want to apply the 6G Blacklist firewall protection from perishablepress.com to your site.', 'all-in-one-wp-security-and-firewall'); ?></span>
605
- <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
606
- <div class="aiowps_more_info_body">
607
- <?php
608
- echo '<p class="description">'.__('This setting will implement the 6G security firewall protection mechanisms on your site which include the following things:', 'all-in-one-wp-security-and-firewall').'</p>';
609
- echo '<p class="description">'.__('1) Block forbidden characters commonly used in exploitative attacks.', 'all-in-one-wp-security-and-firewall').'</p>';
610
- echo '<p class="description">'.__('2) Block malicious encoded URL characters such as the ".css(" string.', 'all-in-one-wp-security-and-firewall').'</p>';
611
- echo '<p class="description">'.__('3) Guard against the common patterns and specific exploits in the root portion of targeted URLs.', 'all-in-one-wp-security-and-firewall').'</p>';
612
- echo '<p class="description">'.__('4) Stop attackers from manipulating query strings by disallowing illicit characters.', 'all-in-one-wp-security-and-firewall').'</p>';
613
- echo '<p class="description">'.__('....and much more.', 'all-in-one-wp-security-and-firewall').'</p>';
614
- ?>
615
- </div>
616
- </td>
617
- </tr>
618
- <tr valign="top">
619
- <th scope="row"><?php _e('Enable legacy 5G Firewall Protection', 'all-in-one-wp-security-and-firewall')?>:</th>
620
- <td>
621
- <input name="aiowps_enable_5g_firewall" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_5g_firewall')=='1') echo ' checked="checked"'; ?> value="1"/>
622
- <span class="description"><?php _e('Check this if you want to apply the 5G Blacklist firewall protection from perishablepress.com to your site.', 'all-in-one-wp-security-and-firewall'); ?></span>
623
- <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
624
- <div class="aiowps_more_info_body">
625
- <?php
626
- echo '<p class="description">'.__('This setting will implement the 5G security firewall protection mechanisms on your site which include the following things:', 'all-in-one-wp-security-and-firewall').'</p>';
627
- echo '<p class="description">'.__('1) Block forbidden characters commonly used in exploitative attacks.', 'all-in-one-wp-security-and-firewall').'</p>';
628
- echo '<p class="description">'.__('2) Block malicious encoded URL characters such as the ".css(" string.', 'all-in-one-wp-security-and-firewall').'</p>';
629
- echo '<p class="description">'.__('3) Guard against the common patterns and specific exploits in the root portion of targeted URLs.', 'all-in-one-wp-security-and-firewall').'</p>';
630
- echo '<p class="description">'.__('4) Stop attackers from manipulating query strings by disallowing illicit characters.', 'all-in-one-wp-security-and-firewall').'</p>';
631
- echo '<p class="description">'.__('....and much more.', 'all-in-one-wp-security-and-firewall').'</p>';
632
- ?>
633
- </div>
634
- </td>
635
- </tr>
636
- </table>
637
- <input type="submit" name="aiowps_apply_5g_6g_firewall_settings" value="<?php _e('Save 5G/6G Firewall Settings', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
638
- </form>
639
- </div></div>
640
- <?php
641
- }
642
-
643
- function render_tab4()
644
- {
645
- global $aio_wp_security;
646
- if(isset($_POST['aiowps_save_internet_bot_settings']))//Do form submission tasks
647
- {
648
- $nonce=$_REQUEST['_wpnonce'];
649
- if (!wp_verify_nonce($nonce, 'aiowpsec-save-internet-bot-settings-nonce'))
650
- {
651
- $aio_wp_security->debug_logger->log_debug("Nonce check failed for save internet bot settings!",4);
652
- die("Nonce check failed for save internet bot settings!");
653
- }
654
-
655
- //Save settings
656
- if(isset($_POST['aiowps_block_fake_googlebots']))
657
- {
658
- $aio_wp_security->configs->set_value('aiowps_block_fake_googlebots','1');
659
- }
660
- else
661
- {
662
- $aio_wp_security->configs->set_value('aiowps_block_fake_googlebots','');
663
- }
664
-
665
- //Commit the config settings
666
- $aio_wp_security->configs->save_config();
667
-
668
- $this->show_msg_updated(__('The Internet bot settings were successfully saved', 'all-in-one-wp-security-and-firewall'));
669
- }
670
-
671
- ?>
672
- <h2><?php _e('Internet Bot Settings', 'all-in-one-wp-security-and-firewall')?></h2>
673
- <form action="" method="POST">
674
- <?php wp_nonce_field('aiowpsec-save-internet-bot-settings-nonce'); ?>
675
- <div class="aio_blue_box">
676
- <?php
677
- $info_msg = '';
678
- $wiki_link = '<a href="http://en.wikipedia.org/wiki/Internet_bot" target="_blank">'.__('What is an Internet Bot', 'all-in-one-wp-security-and-firewall').'</a>';
679
- $info_msg .= '<p><strong>'.sprintf( __('%s?', 'all-in-one-wp-security-and-firewall'), $wiki_link).'</strong></p>';
680
-
681
- $info_msg .= '<p>'. __('A bot is a piece of software which runs on the Internet and performs automatic tasks. For example when Google indexes your pages it uses automatic bots to achieve this task.', 'all-in-one-wp-security-and-firewall').'</p>';
682
- $info_msg .= '<p>'. __('A lot of bots are legitimate and non-malicous but not all bots are good and often you will find some which try to impersonate legitimate bots such as "Googlebot" but in reality they have nohing to do with Google at all.', 'all-in-one-wp-security-and-firewall').'</p>';
683
- $info_msg .= '<p>'. __('Although most of the bots out there are relatively harmless sometimes website owners want to have more control over which bots they allow into their site.', 'all-in-one-wp-security-and-firewall').'</p>';
684
- $info_msg .= '<p>'. __('This feature allows you to block bots which are impersonating as a Googlebot but actually aren\'t. (In other words they are fake Google bots)', 'all-in-one-wp-security-and-firewall').'</p>';
685
- $info_msg .= '<p>'.__('Googlebots have a unique indentity which cannot easily be forged and this feature will indentify any fake Google bots and block them from reading your site\'s pages.', 'all-in-one-wp-security-and-firewall').'</p>';
686
- echo $info_msg;
687
- ?>
688
- </div>
689
- <div class="aio_yellow_box">
690
- <?php
691
- $info_msg_2 = '<p>'. __('<strong>Attention</strong>: Sometimes non-malicious Internet organizations might have bots which impersonate as a "Googlebot".', 'all-in-one-wp-security-and-firewall').'</p>';
692
- $info_msg_2 .= '<p>'.__('Just be aware that if you activate this feature the plugin will block all bots which use the "Googlebot" string in their User Agent information but are NOT officially from Google (irrespective whether they are malicious or not).', 'all-in-one-wp-security-and-firewall').'</p>';
693
- $info_msg_2 .= '<p>'.__('All other bots from other organizations such as "Yahoo", "Bing" etc will not be affected by this feature.', 'all-in-one-wp-security-and-firewall').'</p>';
694
- echo $info_msg_2;
695
- ?>
696
- </div>
697
-
698
- <div class="postbox">
699
- <h3 class="hndle"><label for="title"><?php _e('Block Fake Googlebots', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
700
- <div class="inside">
701
- <?php
702
- //Display security info badge
703
- global $aiowps_feature_mgr;
704
- $aiowps_feature_mgr->output_feature_details_badge("firewall-block-fake-googlebots");
705
- ?>
706
-
707
- <table class="form-table">
708
- <tr valign="top">
709
- <th scope="row"><?php _e('Block Fake Googlebots', 'all-in-one-wp-security-and-firewall')?>:</th>
710
- <td>
711
- <input name="aiowps_block_fake_googlebots" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_block_fake_googlebots')=='1') echo ' checked="checked"'; ?> value="1"/>
712
- <span class="description"><?php _e('Check this if you want to block all fake Googlebots.', 'all-in-one-wp-security-and-firewall'); ?></span>
713
- <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
714
- <div class="aiowps_more_info_body">
715
- <?php
716
- echo '<p class="description">'.__('This feature will check if the User Agent information of a bot contains the string "Googlebot".', 'all-in-one-wp-security-and-firewall').'</p>';
717
- echo '<p class="description">'.__('It will then perform a few tests to verify if the bot is legitimately from Google and if so it will allow the bot to proceed.', 'all-in-one-wp-security-and-firewall').'</p>';
718
- echo '<p class="description">'.__('If the bot fails the checks then the plugin will mark it as being a fake Googlebot and it will block it', 'all-in-one-wp-security-and-firewall').'</p>';
719
- ?>
720
- </div>
721
- </td>
722
- </tr>
723
- </table>
724
- </div></div>
725
- <input type="submit" name="aiowps_save_internet_bot_settings" value="<?php _e('Save Internet Bot Settings', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
726
- </form>
727
- <?php
728
- }
729
-
730
- function render_tab5()
731
- {
732
- global $aio_wp_security;
733
- global $aiowps_feature_mgr;
734
-
735
- if(isset($_POST['aiowps_save_prevent_hotlinking']))//Do form submission tasks
736
- {
737
- $nonce=$_REQUEST['_wpnonce'];
738
- if (!wp_verify_nonce($nonce, 'aiowpsec-prevent-hotlinking-nonce'))
739
- {
740
- $aio_wp_security->debug_logger->log_debug("Nonce check failed on prevent hotlinking options save!",4);
741
- die("Nonce check failed on prevent hotlinking options save!");
742
- }
743
- $aio_wp_security->configs->set_value('aiowps_prevent_hotlinking',isset($_POST["aiowps_prevent_hotlinking"])?'1':'');
744
- $aio_wp_security->configs->save_config();
745
-
746
- //Recalculate points after the feature status/options have been altered
747
- $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
748
-
749
- //Now let's write the applicable rules to the .htaccess file
750
- $res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
751
-
752
- if ($res)
753
- {
754
- $this->show_msg_updated(__('Settings were successfully saved', 'all-in-one-wp-security-and-firewall'));
755
- }
756
- else
757
- {
758
- $this->show_msg_error(__('Could not write to the .htaccess file. Please check the file permissions.', 'all-in-one-wp-security-and-firewall'));
759
- }
760
- }
761
- ?>
762
- <h2><?php _e('Prevent Image Hotlinking', 'all-in-one-wp-security-and-firewall')?></h2>
763
- <div class="aio_blue_box">
764
- <?php
765
- echo '<p>'.__('A Hotlink is where someone displays an image on their site which is actually located on your site by using a direct link to the source of the image on your server.', 'all-in-one-wp-security-and-firewall');
766
- echo '<br />'.__('Due to the fact that the image being displayed on the other person\'s site is coming from your server, this can cause leaking of bandwidth and resources for you because your server has to present this image for the people viewing it on someone elses\'s site.','all-in-one-wp-security-and-firewall');
767
- echo '<br />'.__('This feature will prevent people from directly hotlinking images from your site\'s pages by writing some directives in your .htaccess file.', 'all-in-one-wp-security-and-firewall').'</p>';
768
- ?>
769
- </div>
770
-
771
- <div class="postbox">
772
- <h3 class="hndle"><label for="title"><?php _e('Prevent Hotlinking', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
773
- <div class="inside">
774
- <?php
775
- //Display security info badge
776
- global $aiowps_feature_mgr;
777
- $aiowps_feature_mgr->output_feature_details_badge("prevent-hotlinking");
778
- ?>
779
-
780
- <form action="" method="POST">
781
- <?php wp_nonce_field('aiowpsec-prevent-hotlinking-nonce'); ?>
782
- <table class="form-table">
783
- <tr valign="top">
784
- <th scope="row"><?php _e('Prevent Image Hotlinking', 'all-in-one-wp-security-and-firewall')?>:</th>
785
- <td>
786
- <input name="aiowps_prevent_hotlinking" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_prevent_hotlinking')=='1') echo ' checked="checked"'; ?> value="1"/>
787
- <span class="description"><?php _e('Check this if you want to prevent hotlinking to images on your site.', 'all-in-one-wp-security-and-firewall'); ?></span>
788
- </td>
789
- </tr>
790
- </table>
791
- <input type="submit" name="aiowps_save_prevent_hotlinking" value="<?php _e('Save Settings', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
792
- </form>
793
- </div></div>
794
- <?php
795
- }
796
-
797
- function render_tab6()
798
- {
799
- global $aio_wp_security;
800
- global $aiowps_feature_mgr;
801
- if (isset($_POST['aiowps_delete_404_event_records']))
802
- {
803
- $nonce=$_REQUEST['_wpnonce'];
804
- if (!wp_verify_nonce($nonce, 'aiowpsec-delete-404-event-records-nonce'))
805
- {
806
- $aio_wp_security->debug_logger->log_debug("Nonce check failed for delete all 404 event logs operation!",4);
807
- die(__('Nonce check failed for delete all 404 event logs operation!','all-in-one-wp-security-and-firewall'));
808
- }
809
- global $wpdb;
810
- $events_table_name = AIOWPSEC_TBL_EVENTS;
811
- //Delete all 404 records from the events table
812
- $where = array('event_type' => '404');
813
- $result = $wpdb->delete($events_table_name, $where);
814
-
815
- if ($result === FALSE)
816
- {
817
- $aio_wp_security->debug_logger->log_debug("404 Detection Feature - Delete all 404 event logs operation failed!",4);
818
- $this->show_msg_error(__('404 Detection Feature - Delete all 404 event logs operation failed!','all-in-one-wp-security-and-firewall'));
819
- }
820
- else
821
- {
822
- $this->show_msg_updated(__('All 404 event logs were deleted from the DB successfully!','all-in-one-wp-security-and-firewall'));
823
- }
824
- }
825
-
826
-
827
- include_once 'wp-security-list-404.php'; //For rendering the AIOWPSecurity_List_Table in tab1
828
- $event_list_404 = new AIOWPSecurity_List_404(); //For rendering the AIOWPSecurity_List_Table in tab1
829
-
830
- if(isset($_POST['aiowps_save_404_detect_options']))//Do form submission tasks
831
- {
832
- $error = '';
833
- $nonce=$_REQUEST['_wpnonce'];
834
- if (!wp_verify_nonce($nonce, 'aiowpsec-404-detection-nonce'))
835
- {
836
- $aio_wp_security->debug_logger->log_debug("Nonce check failed on 404 detection options save!",4);
837
- die("Nonce check failed on 404 detection options save!");
838
- }
839
-
840
- $aio_wp_security->configs->set_value('aiowps_enable_404_logging',isset($_POST["aiowps_enable_404_IP_lockout"])?'1':''); //the "aiowps_enable_404_IP_lockout" checkbox currently controls both the 404 lockout and 404 logging
841
- $aio_wp_security->configs->set_value('aiowps_enable_404_IP_lockout',isset($_POST["aiowps_enable_404_IP_lockout"])?'1':'');
842
-
843
- $lockout_time_length = isset($_POST['aiowps_404_lockout_time_length'])?sanitize_text_field($_POST['aiowps_404_lockout_time_length']):'';
844
- if(!is_numeric($lockout_time_length))
845
- {
846
- $error .= '<br />'.__('You entered a non numeric value for the lockout time length field. It has been set to the default value.','all-in-one-wp-security-and-firewall');
847
- $lockout_time_length = '60';//Set it to the default value for this field
848
- }
849
-
850
- $redirect_url = isset($_POST['aiowps_404_lock_redirect_url'])?trim($_POST['aiowps_404_lock_redirect_url']):'';
851
- if ($redirect_url == '' || esc_url($redirect_url, array('http', 'https')) == ''){
852
- $error .= '<br />'.__('You entered an incorrect format for the "Redirect URL" field. It has been set to the default value.','all-in-one-wp-security-and-firewall');
853
- $redirect_url = 'http://127.0.0.1';
854
- }
855
-
856
- if($error)
857
- {
858
- $this->show_msg_error(__('Attention!','all-in-one-wp-security-and-firewall').$error);
859
- }
860
-
861
- $aio_wp_security->configs->set_value('aiowps_404_lockout_time_length',absint($lockout_time_length));
862
- $aio_wp_security->configs->set_value('aiowps_404_lock_redirect_url',$redirect_url);
863
- $aio_wp_security->configs->save_config();
864
-
865
- //Recalculate points after the feature status/options have been altered
866
- $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
867
-
868
- $this->show_msg_settings_updated();
869
- }
870
-
871
-
872
- if(isset($_REQUEST['action'])) //Do list table form row action tasks
873
- {
874
- if($_REQUEST['action'] == 'temp_block'){ //Temp Block link was clicked for a row in list table
875
- $event_list_404->block_ip(strip_tags($_REQUEST['ip_address']));
876
- }
877
-
878
- if($_REQUEST['action'] == 'blacklist_ip'){ //Blacklist IP link was clicked for a row in list table
879
- $event_list_404->blacklist_ip_address(strip_tags($_REQUEST['ip_address']));
880
- }
881
-
882
- if($_REQUEST['action'] == 'delete_event_log'){ //Unlock link was clicked for a row in list table
883
- $event_list_404->delete_404_event_records(strip_tags($_REQUEST['id']));
884
- }
885
- }
886
- ?>
887
- <h2><?php _e('404 Detection Configuration', 'all-in-one-wp-security-and-firewall')?></h2>
888
- <div class="aio_blue_box">
889
- <?php
890
- echo '<p>'.__('A 404 or Not Found error occurs when somebody tries to access a non-existent page on your website.', 'all-in-one-wp-security-and-firewall').'
891
- <br />'.__('Typically, most 404 errors happen quite innocently when people have mis-typed a URL or used an old link to page which doesn\'t exist anymore.', 'all-in-one-wp-security-and-firewall').'
892
- <br />'.__('However, in some cases you may find many repeated 404 errors which occur in a relatively short space of time and from the same IP address which are all attempting to access a variety of non-existent page URLs.', 'all-in-one-wp-security-and-firewall').'
893
- <br />'.__('Such behaviour can mean that a hacker might be trying to find a particular page or URL for sinister reasons.', 'all-in-one-wp-security-and-firewall').'
894
- <br /><br />'.__('This feature allows you to monitor all 404 events which occur on your site, and it also gives you the option of blocking IP addresses for a configured length of time.', 'all-in-one-wp-security-and-firewall').'
895
- <br />'.__('If you want to temporarily block or blacklist an IP address, simply click the "Temp Block" or "Blacklist IP" link for the applicable IP entry in the "404 Event Logs" table below.', 'all-in-one-wp-security-and-firewall').'</p>';
896
- ?>
897
- </div>
898
- <div class="aio_grey_box">
899
- <?php
900
- $addon_link = '<strong><a href="http://www.site-scanners.com/smart-404-security-blocking-addon/" target="_blank">Smart404 Blocking Addon</a></strong>';
901
- $info_msg = sprintf( __('You may also be interested in our %s.', 'all-in-one-wp-security-and-firewall'), $addon_link);
902
- $info_msg2 = __('This addon allows you to automatically and permanently block IP addresses based on how many 404 errors they produce.', 'all-in-one-wp-security-and-firewall');
903
-
904
- echo '<p>'.$info_msg.
905
- '<br />'.$info_msg2.'</p>';
906
- ?>
907
- </div>
908
-
909
- <div class="postbox">
910
- <h3 class="hndle"><label for="title"><?php _e('404 Detection Options', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
911
- <div class="inside">
912
- <?php
913
- //Display security info badge
914
- global $aiowps_feature_mgr;
915
- $aiowps_feature_mgr->output_feature_details_badge("firewall-enable-404-blocking");
916
- ?>
917
-
918
- <form action="" method="POST">
919
- <?php wp_nonce_field('aiowpsec-404-detection-nonce'); ?>
920
- <table class="form-table">
921
- <tr valign="top">
922
- <th scope="row"><?php _e('Enable 404 IP Detection and Lockout', 'all-in-one-wp-security-and-firewall')?>:</th>
923
- <td>
924
- <input name="aiowps_enable_404_IP_lockout" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_404_IP_lockout')=='1') echo ' checked="checked"'; ?> value="1"/>
925
- <span class="description"><?php _e('Check this if you want to enable the lockout of selected IP addresses.', 'all-in-one-wp-security-and-firewall'); ?></span>
926
- <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
927
- <div class="aiowps_more_info_body">
928
- <p class="description">
929
- <?php
930
- _e('When you enable this checkbox, all 404 events on your site will be logged in the table below. You can monitor these events and select some IP addresses listed in the table below and block them for a specified amount of time. All IP addresses you select to be blocked from the "404 Event Logs" table section will be unable to access your site during the time specified.', 'all-in-one-wp-security-and-firewall');
931
- ?>
932
- </p>
933
- </div>
934
- </td>
935
- </tr>
936
- <!-- currently this option is automatically set when the aiowps_enable_404_IP_lockout feature is turned on
937
- <tr valign="top">
938
- <th scope="row"><?php _e('Enable 404 Event Logging', 'all-in-one-wp-security-and-firewall')?>:</th>
939
- <td>
940
- <input name="aiowps_enable_404_logging" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_404_logging')=='1') echo ' checked="checked"'; ?> value="1"/>
941
- <span class="description"><?php _e('Check this if you want to enable the logging of 404 events', 'all-in-one-wp-security-and-firewall'); ?></span>
942
- </td>
943
- </tr>
944
- -->
945
- <tr valign="top">
946
- <th scope="row"><?php _e('Time Length of 404 Lockout (min)', 'all-in-one-wp-security-and-firewall')?>:</th>
947
- <td><input type="text" size="5" name="aiowps_404_lockout_time_length" value="<?php echo $aio_wp_security->configs->get_value('aiowps_404_lockout_time_length'); ?>" />
948
- <span class="description"><?php _e('Set the length of time for which a blocked IP address will be prevented from visiting your site', 'all-in-one-wp-security-and-firewall'); ?></span>
949
- <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
950
- <div class="aiowps_more_info_body">
951
- <p class="description">
952
- <?php
953
- _e('You can lock any IP address which is recorded in the "404 Event Logs" table section below.', 'all-in-one-wp-security-and-firewall');
954
- echo '<br />';
955
- _e('To temporarily lock an IP address, hover over the ID column and click the "Temp Block" link for the applicable IP entry.', 'all-in-one-wp-security-and-firewall');
956
- ?>
957
- </p>
958
- </div>
959
- </td>
960
- </tr>
961
- <tr valign="top">
962
- <th scope="row"><?php _e('404 Lockout Redirect URL', 'all-in-one-wp-security-and-firewall')?>:</th>
963
- <td><input type="text" size="50" name="aiowps_404_lock_redirect_url" value="<?php echo esc_url_raw( $aio_wp_security->configs->get_value('aiowps_404_lock_redirect_url'), array( 'http', 'https' ) ); ?>" />
964
- <span class="description"><?php _e('A blocked visitor will be automatically redirected to this URL.', 'all-in-one-wp-security-and-firewall'); ?></span>
965
- </td>
966
- </tr>
967
- </table>
968
- <input type="submit" name="aiowps_save_404_detect_options" value="<?php _e('Save Settings', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
969
-
970
- </form>
971
- </div></div>
972
- <div class="postbox">
973
- <h3 class="hndle"><label for="title"><?php _e('404 Event Logs', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
974
- <div class="inside">
975
- <?php
976
- //Fetch, prepare, sort, and filter our data...
977
- $event_list_404->prepare_items();
978
- //echo "put table of locked entries here";
979
- ?>
980
- <form id="tables-filter" method="post">
981
- <!-- For plugins, we also need to ensure that the form posts back to our current page -->
982
- <input type="hidden" name="page" value="<?php echo esc_attr($_REQUEST['page']); ?>" />
983
- <?php $event_list_404->search_box(__('Search', 'all-in-one-wp-security-and-firewall'), 'search_404_events'); ?>
984
- <?php
985
- if(isset($_REQUEST["tab"]))
986
- {
987
- echo '<input type="hidden" name="tab" value="'.esc_attr($_REQUEST["tab"]).'" />';
988
- }
989
- ?>
990
- <!-- Now we can render the completed list table -->
991
- <?php $event_list_404->display(); ?>
992
- </form>
993
- </div></div>
994
- <div class="postbox">
995
- <h3 class="hndle"><label for="title"><?php _e('Export to CSV', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
996
- <div class="inside">
997
- <form action="" method="POST">
998
- <?php wp_nonce_field('aiowpsec-export-404-event-logs-to-csv-nonce'); ?>
999
- <table class="form-table">
1000
- <tr valign="top">
1001
- <span class="description"><?php _e('Click this button if you wish to download this log in CSV format.', 'all-in-one-wp-security-and-firewall'); ?></span>
1002
- </tr>
1003
- </table>
1004
- <input type="submit" name="aiowps_export_404_event_logs_to_csv" value="<?php _e('Export to CSV', 'all-in-one-wp-security-and-firewall')?>" class="button-primary"/>
1005
- </form>
1006
- </div></div>
1007
- <div class="postbox">
1008
- <h3 class="hndle"><label for="title"><?php _e('Delete All 404 Event Logs', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
1009
- <div class="inside">
1010
- <form action="" method="POST">
1011
- <?php wp_nonce_field('aiowpsec-delete-404-event-records-nonce'); ?>
1012
- <table class="form-table">
1013
- <tr valign="top">
1014
- <span class="description"><?php _e('Click this button if you wish to purge all 404 event logs from the DB.', 'all-in-one-wp-security-and-firewall'); ?></span>
1015
- </tr>
1016
- </table>
1017
- <input type="submit" name="aiowps_delete_404_event_records" value="<?php _e('Delete All 404 Event Logs', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" onclick="return confirm('Are you sure you want to delete all records?')"/>
1018
- </form>
1019
- </div></div>
1020
-
1021
- <?php
1022
- }
1023
-
1024
- function render_tab7()
1025
- {
1026
- global $aio_wp_security;
1027
- if(isset($_POST['aiowps_save_custom_rules_settings']))//Do form submission tasks
1028
- {
1029
- $nonce=$_REQUEST['_wpnonce'];
1030
- if (!wp_verify_nonce($nonce, 'aiowpsec-save-custom-rules-settings-nonce'))
1031
- {
1032
- $aio_wp_security->debug_logger->log_debug("Nonce check failed for save custom rules settings!",4);
1033
- die("Nonce check failed for save custom rules settings!");
1034
- }
1035
-
1036
- //Save settings
1037
- if (isset($_POST["aiowps_enable_custom_rules"]) && empty($_POST['aiowps_custom_rules']))
1038
- {
1039
- $this->show_msg_error('You must enter some .htaccess directives code in the text box below','all-in-one-wp-security-and-firewall');
1040
- }
1041
- else
1042
- {
1043
- if (!empty($_POST['aiowps_custom_rules']))
1044
- {
1045
- // Undo magic quotes that are automatically added to `$_GET`,
1046
- // `$_POST`, `$_COOKIE`, and `$_SERVER` by WordPress as
1047
- // they corrupt any custom rule with backslash in it...
1048
- $custom_rules = stripslashes($_POST['aiowps_custom_rules']);
1049
- }
1050
- else
1051
- {
1052
- $aio_wp_security->configs->set_value('aiowps_custom_rules',''); //Clear the custom rules config value
1053
- }
1054
-
1055
- $aio_wp_security->configs->set_value('aiowps_custom_rules',$custom_rules);
1056
- $aio_wp_security->configs->set_value('aiowps_enable_custom_rules',isset($_POST["aiowps_enable_custom_rules"])?'1':'');
1057
- $aio_wp_security->configs->set_value('aiowps_place_custom_rules_at_top',isset($_POST["aiowps_place_custom_rules_at_top"])?'1':'');
1058
- $aio_wp_security->configs->save_config(); //Save the configuration
1059
-
1060
- $this->show_msg_settings_updated();
1061
-
1062
- $write_result = AIOWPSecurity_Utility_Htaccess::write_to_htaccess(); //now let's write to the .htaccess file
1063
- if ( !$write_result )
1064
- {
1065
- $this->show_msg_error(__('The plugin was unable to write to the .htaccess file. Please edit file manually.','all-in-one-wp-security-and-firewall'));
1066
- $aio_wp_security->debug_logger->log_debug("Custom Rules feature - The plugin was unable to write to the .htaccess file.");
1067
- }
1068
- }
1069
-
1070
- }
1071
-
1072
- ?>
1073
- <h2><?php _e('Custom .htaccess Rules Settings', 'all-in-one-wp-security-and-firewall')?></h2>
1074
- <form action="" method="POST">
1075
- <?php wp_nonce_field('aiowpsec-save-custom-rules-settings-nonce'); ?>
1076
- <div class="aio_blue_box">
1077
- <?php
1078
- $info_msg = '';
1079
-
1080
- $info_msg .= '<p>'. __('This feature can be used to apply your own custom .htaccess rules and directives.', 'all-in-one-wp-security-and-firewall').'</p>';
1081
- $info_msg .= '<p>'. __('It is useful for when you want to tweak our existing firewall rules or when you want to add your own.', 'all-in-one-wp-security-and-firewall').'</p>';
1082
- $info_msg .= '<p>'. __('NOTE: This feature can only be used if your site is hosted in an apache or similar web server.', 'all-in-one-wp-security-and-firewall').'</p>';
1083
- echo $info_msg;
1084
- ?>
1085
- </div>
1086
- <div class="aio_yellow_box">
1087
- <?php
1088
- $info_msg_2 = '<p>'. __('<strong>Warning</strong>: Only use this feature if you know what you are doing.', 'all-in-one-wp-security-and-firewall').'</p>';
1089
- $info_msg_2 .= '<p>'.__('Incorrect .htaccess rules or directives can break or prevent access to your site.', 'all-in-one-wp-security-and-firewall').'</p>';
1090
- $info_msg_2 .= '<p>'.__('It is your responsibility to ensure that you are entering the correct code!', 'all-in-one-wp-security-and-firewall').'</p>';
1091
- $info_msg_2 .= '<p>'.__('If you break your site you will need to access your server via FTP or something similar and then edit your .htaccess file and delete the changes you made.', 'all-in-one-wp-security-and-firewall').'</p>';
1092
- echo $info_msg_2;
1093
- ?>
1094
- </div>
1095
-
1096
- <div class="postbox">
1097
- <h3 class="hndle"><label for="title"><?php _e('Custom .htaccess Rules', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
1098
- <div class="inside">
1099
- <table class="form-table">
1100
- <tr valign="top">
1101
- <th scope="row"><?php _e('Enable Custom .htaccess Rules', 'all-in-one-wp-security-and-firewall')?>:</th>
1102
- <td>
1103
- <input name="aiowps_enable_custom_rules" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_custom_rules')=='1') echo ' checked="checked"'; ?> value="1"/>
1104
- <span class="description"><?php _e('Check this if you want to enable custom rules entered in the text box below', 'all-in-one-wp-security-and-firewall'); ?></span>
1105
- </td>
1106
- </tr>
1107
- <tr valign="top">
1108
- <th scope="row"><?php _e('Place custom rules at the top', 'all-in-one-wp-security-and-firewall')?>:</th>
1109
- <td>
1110
- <input name="aiowps_place_custom_rules_at_top" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_place_custom_rules_at_top')=='1') echo ' checked="checked"'; ?> value="1"/>
1111
- <span class="description"><?php _e('Check this if you want to place your custom rules at the beginning of all the rules applied by this plugin', 'all-in-one-wp-security-and-firewall'); ?></span>
1112
- </td>
1113
- </tr>
1114
- <tr valign="top">
1115
- <th scope="row"><?php _e('Enter Custom .htaccess Rules:', 'all-in-one-wp-security-and-firewall')?></th>
1116
- <td>
1117
- <textarea name="aiowps_custom_rules" rows="35" cols="50"><?php echo htmlspecialchars($aio_wp_security->configs->get_value('aiowps_custom_rules')); ?></textarea>
1118
- <br />
1119
- <span class="description"><?php _e('Enter your custom .htaccess rules/directives.','all-in-one-wp-security-and-firewall');?></span>
1120
- </td>
1121
- </tr>
1122
- </table>
1123
- </div></div>
1124
- <input type="submit" name="aiowps_save_custom_rules_settings" value="<?php _e('Save Custom Rules', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
1125
- </form>
1126
- <?php
1127
- }
1128
-
1129
  } //end class
1
+ <?php
2
+ if ( !defined( 'ABSPATH' ) ) { exit; } // Prevent direct access to file
3
+ class AIOWPSecurity_Firewall_Menu extends AIOWPSecurity_Admin_Menu
4
+ {
5
+ var $menu_page_slug = AIOWPSEC_FIREWALL_MENU_SLUG;
6
+
7
+ /* Specify all the tabs of this menu in the following array */
8
+ var $menu_tabs;
9
+
10
+ var $menu_tabs_handler = array(
11
+ 'tab1' => 'render_tab1',
12
+ 'tab2' => 'render_tab2',
13
+ 'tab3' => 'render_tab3',
14
+ 'tab4' => 'render_tab4',
15
+ 'tab5' => 'render_tab5',
16
+ 'tab6' => 'render_tab6',
17
+ 'tab7' => 'render_tab7',
18
+ );
19
+
20
+ function __construct()
21
+ {
22
+ $this->render_menu_page();
23
+ }
24
+
25
+ function set_menu_tabs()
26
+ {
27
+ $this->menu_tabs = array(
28
+ 'tab1' => __('Basic Firewall Rules', 'all-in-one-wp-security-and-firewall'),
29
+ 'tab2' => __('Additional Firewall Rules', 'all-in-one-wp-security-and-firewall'),
30
+ 'tab3' => __('6G Blacklist Firewall Rules', 'all-in-one-wp-security-and-firewall'),
31
+ 'tab4' => __('Internet Bots', 'all-in-one-wp-security-and-firewall'),
32
+ 'tab5' => __('Prevent Hotlinks', 'all-in-one-wp-security-and-firewall'),
33
+ 'tab6' => __('404 Detection', 'all-in-one-wp-security-and-firewall'),
34
+ 'tab7' => __('Custom Rules', 'all-in-one-wp-security-and-firewall'),
35
+ );
36
+ }
37
+
38
+ function get_current_tab()
39
+ {
40
+ $tab_keys = array_keys($this->menu_tabs);
41
+ $tab = isset( $_GET['tab'] ) ? sanitize_text_field($_GET['tab']) : $tab_keys[0];
42
+ return $tab;
43
+ }
44
+
45
+ /*
46
+ * Renders our tabs of this menu as nav items
47
+ */
48
+ function render_menu_tabs()
49
+ {
50
+ $current_tab = $this->get_current_tab();
51
+
52
+ echo '<h2 class="nav-tab-wrapper">';
53
+ foreach ( $this->menu_tabs as $tab_key => $tab_caption )
54
+ {
55
+ $active = $current_tab == $tab_key ? 'nav-tab-active' : '';
56
+ echo '<a class="nav-tab ' . $active . '" href="?page=' . $this->menu_page_slug . '&tab=' . $tab_key . '">' . $tab_caption . '</a>';
57
+ }
58
+ echo '</h2>';
59
+ }
60
+
61
+ /*
62
+ * The menu rendering goes here
63
+ */
64
+ function render_menu_page()
65
+ {
66
+ echo '<div class="wrap">';
67
+ echo '<h2>'.__('Firewall','all-in-one-wp-security-and-firewall').'</h2>';//Interface title
68
+ $this->set_menu_tabs();
69
+ $tab = $this->get_current_tab();
70
+ $this->render_menu_tabs();
71
+ ?>
72
+ <div id="poststuff"><div id="post-body">
73
+ <?php
74
+ //$tab_keys = array_keys($this->menu_tabs);
75
+ call_user_func(array($this, $this->menu_tabs_handler[$tab]));
76
+ ?>
77
+ </div></div>
78
+ </div><!-- end of wrap -->
79
+ <?php
80
+ }
81
+
82
+ function render_tab1()
83
+ {
84
+ global $aiowps_feature_mgr;
85
+ global $aio_wp_security;
86
+ if(isset($_POST['aiowps_apply_basic_firewall_settings']))//Do form submission tasks
87
+ {
88
+ $nonce=$_REQUEST['_wpnonce'];
89
+ if (!wp_verify_nonce($nonce, 'aiowpsec-enable-basic-firewall-nonce'))
90
+ {
91
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed on enable basic firewall settings!",4);
92
+ die("Nonce check failed on enable basic firewall settings!");
93
+ }
94
+
95
+ // Max file upload size in basic rules
96
+ $upload_size = absint($_POST['aiowps_max_file_upload_size']);
97
+
98
+ $max_allowed = apply_filters( 'aiowps_max_allowed_upload_config', 250 ); // Set a filterable limit of 250MB
99
+ $max_allowed = absint($max_allowed);
100
+
101
+ if($upload_size > $max_allowed) {
102
+ $upload_size = $max_allowed;
103
+ } else if(empty ($upload_size)) {
104
+ $upload_size = 10;
105
+ }
106
+
107
+ //Save settings
108
+ $aio_wp_security->configs->set_value('aiowps_enable_basic_firewall',isset($_POST["aiowps_enable_basic_firewall"])?'1':'');
109
+ $aio_wp_security->configs->set_value('aiowps_max_file_upload_size',$upload_size);
110
+ $aio_wp_security->configs->set_value('aiowps_enable_pingback_firewall',isset($_POST["aiowps_enable_pingback_firewall"])?'1':''); //this disables all xmlrpc functionality
111
+ $aio_wp_security->configs->set_value('aiowps_disable_xmlrpc_pingback_methods',isset($_POST["aiowps_disable_xmlrpc_pingback_methods"])?'1':''); //this disables only pingback methods of xmlrpc but leaves other methods so that Jetpack and other apps will still work
112
+ $aio_wp_security->configs->set_value('aiowps_block_debug_log_file_access',isset($_POST["aiowps_block_debug_log_file_access"])?'1':'');
113
+
114
+ //Commit the config settings
115
+ $aio_wp_security->configs->save_config();
116
+
117
+ //Recalculate points after the feature status/options have been altered
118
+ $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
119
+
120
+ //Now let's write the applicable rules to the .htaccess file
121
+ $res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
122
+
123
+ if ($res)
124
+ {
125
+ $this->show_msg_updated(__('Settings were successfully saved', 'all-in-one-wp-security-and-firewall'));
126
+ }
127
+ else
128
+ {
129
+ $this->show_msg_error(__('Could not write to the .htaccess file. Please check the file permissions.', 'all-in-one-wp-security-and-firewall'));
130
+ }
131
+ }
132
+
133
+ ?>
134
+ <h2><?php _e('Firewall Settings', 'all-in-one-wp-security-and-firewall')?></h2>
135
+ <form action="" method="POST">
136
+ <?php wp_nonce_field('aiowpsec-enable-basic-firewall-nonce'); ?>
137
+
138
+ <div class="aio_blue_box">
139
+ <?php
140
+ $backup_tab_link = '<a href="admin.php?page='.AIOWPSEC_SETTINGS_MENU_SLUG.'&tab=tab2" target="_blank">backup</a>';
141
+ $info_msg = sprintf( __('This should not have any impact on your site\'s general functionality but if you wish you can take a %s of your .htaccess file before proceeding.', 'all-in-one-wp-security-and-firewall'), $backup_tab_link);
142
+ echo '<p>'.__('The features in this tab allow you to activate some basic firewall security protection rules for your site.', 'all-in-one-wp-security-and-firewall').
143
+ '<br />'.__('The firewall functionality is achieved via the insertion of special code into your currently active .htaccess file.', 'all-in-one-wp-security-and-firewall').
144
+ '<br />'.$info_msg.'</p>';
145
+ ?>
146
+ </div>
147
+ <?php
148
+ //show a warning message if xmlrpc has been completely disabled
149
+ if($aio_wp_security->configs->get_value('aiowps_enable_pingback_firewall')=='1'){
150
+ ?>
151
+ <div class="aio_orange_box">
152
+ <p>
153
+ <?php
154
+ echo '<p>'.__('Attention: You have enabled the "Completely Block Access To XMLRPC" checkbox which means all XMLRPC functionality will be blocked.', 'all-in-one-wp-security-and-firewall').'</p>';
155
+ echo '<p>'.__('By leaving this feature enabled you will prevent Jetpack or Wordpress iOS or other apps which need XMLRPC from working correctly on your site.', 'all-in-one-wp-security-and-firewall').'</p>';
156
+ echo '<p>'.__('If you still need XMLRPC then uncheck the "Completely Block Access To XMLRPC" checkbox and enable only the "Disable Pingback Functionality From XMLRPC" checkbox.', 'all-in-one-wp-security-and-firewall').'</p>';
157
+ ?>
158
+ </p>
159
+ </div>
160
+
161
+ <?php
162
+ }
163
+ ?>
164
+
165
+ <div class="postbox">
166
+ <h3 class="hndle"><label for="title"><?php _e('Basic Firewall Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
167
+ <div class="inside">
168
+ <?php
169
+ //Display security info badge
170
+ $aiowps_feature_mgr->output_feature_details_badge("firewall-basic-rules");
171
+ ?>
172
+ <table class="form-table">
173
+ <tr valign="top">
174
+ <th scope="row"><?php _e('Enable Basic Firewall Protection', 'all-in-one-wp-security-and-firewall')?>:</th>
175
+ <td>
176
+ <input name="aiowps_enable_basic_firewall" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_basic_firewall')=='1') echo ' checked="checked"'; ?> value="1"/>
177
+ <span class="description"><?php _e('Check this if you want to apply basic firewall protection to your site.', 'all-in-one-wp-security-and-firewall'); ?></span>
178
+ <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
179
+ <div class="aiowps_more_info_body">
180
+ <?php
181
+ echo '<p class="description">'.__('This setting will implement the following basic firewall protection mechanisms on your site:', 'all-in-one-wp-security-and-firewall').'</p>';
182
+ echo '<p class="description">'.__('1) Protect your htaccess file by denying access to it.', 'all-in-one-wp-security-and-firewall').'</p>';
183
+ echo '<p class="description">'.__('2) Disable the server signature.', 'all-in-one-wp-security-and-firewall').'</p>';
184
+ echo '<p class="description">'.__('3) Limit file upload size (10MB).', 'all-in-one-wp-security-and-firewall').'</p>';
185
+ echo '<p class="description">'.__('4) Protect your wp-config.php file by denying access to it.', 'all-in-one-wp-security-and-firewall').'</p>';
186
+ echo '<p class="description">'.__('The above firewall features will be applied via your .htaccess file and should not affect your site\'s overall functionality.', 'all-in-one-wp-security-and-firewall').'</p>';
187
+ echo '<p class="description">'.__('You are still advised to take a backup of your active .htaccess file just in case.', 'all-in-one-wp-security-and-firewall').'</p>';
188
+ ?>
189
+ </div>
190
+ </td>
191
+ </tr>
192
+ <tr valign="top">
193
+ <th scope="row"><?php _e('Max File Upload Size (MB)', 'all-in-one-wp-security-and-firewall')?>:</th>
194
+ <td><input type="number" min="0" step="1" name="aiowps_max_file_upload_size" value="<?php echo esc_html($aio_wp_security->configs->get_value('aiowps_max_file_upload_size')); ?>" />
195
+ <span class="description"><?php _e('The value for the maximum file upload size used in the .htaccess file. (Defaults to 10MB if left blank)', 'all-in-one-wp-security-and-firewall'); ?></span>
196
+ </td>
197
+ </tr>
198
+
199
+ </table>
200
+ </div></div>
201
+
202
+ <div class="postbox">
203
+ <h3 class="hndle"><label for="title"><?php _e('WordPress XMLRPC & Pingback Vulnerability Protection', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
204
+ <div class="inside">
205
+ <?php
206
+ //Display security info badge
207
+ $aiowps_feature_mgr->output_feature_details_badge("firewall-pingback-rules");
208
+ ?>
209
+ <table class="form-table">
210
+ <tr valign="top">
211
+ <th scope="row"><?php _e('Completely Block Access To XMLRPC', 'all-in-one-wp-security-and-firewall')?>:</th>
212
+ <td>
213
+ <input name="aiowps_enable_pingback_firewall" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_pingback_firewall')=='1') echo ' checked="checked"'; ?> value="1"/>
214
+ <span class="description"><?php _e('Check this if you are not using the WP XML-RPC functionality and you want to completely block external access to XMLRPC.', 'all-in-one-wp-security-and-firewall'); ?></span>
215
+ <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
216
+ <div class="aiowps_more_info_body">
217
+ <?php
218
+ echo '<p class="description">'.__('This setting will add a directive in your .htaccess to disable access to the WordPress xmlrpc.php file which is responsible for the XML-RPC functionality in WordPress.', 'all-in-one-wp-security-and-firewall').'</p>';
219
+ echo '<p class="description">'.__('Hackers can exploit various vulnerabilities in the WordPress XML-RPC API in a number of ways such as:', 'all-in-one-wp-security-and-firewall').'</p>';
220
+ echo '<p class="description">'.__('1) Denial of Service (DoS) attacks', 'all-in-one-wp-security-and-firewall').'</p>';
221
+ echo '<p class="description">'.__('2) Hacking internal routers.', 'all-in-one-wp-security-and-firewall').'</p>';
222
+ echo '<p class="description">'.__('3) Scanning ports in internal networks to get info from various hosts.', 'all-in-one-wp-security-and-firewall').'</p>';
223
+ echo '<p class="description">'.__('Apart from the security protection benefit, this feature may also help reduce load on your server, particularly if your site currently has a lot of unwanted traffic hitting the XML-RPC API on your installation.', 'all-in-one-wp-security-and-firewall').'</p>';
224
+ echo '<p class="description">'.__('NOTE: You should only enable this feature if you are not currently using the XML-RPC functionality on your WordPress installation.', 'all-in-one-wp-security-and-firewall').'</p>';
225
+ echo '<p class="description">'.__('Leave this feature disabled and use the feature below if you want pingback protection but you still need XMLRPC.', 'all-in-one-wp-security-and-firewall').'</p>';
226
+ ?>
227
+ </div>
228
+ </td>
229
+ </tr>
230
+ <tr valign="top">
231
+ <th scope="row"><?php _e('Disable Pingback Functionality From XMLRPC', 'all-in-one-wp-security-and-firewall')?>:</th>
232
+ <td>
233
+ <input name="aiowps_disable_xmlrpc_pingback_methods" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_disable_xmlrpc_pingback_methods')=='1') echo ' checked="checked"'; ?> value="1"/>
234
+ <span class="description"><?php _e('If you use Jetpack or WP iOS or other apps which need WP XML-RPC functionality then check this. This will enable protection against WordPress pingback vulnerabilities.', 'all-in-one-wp-security-and-firewall'); ?></span>
235
+ <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
236
+ <div class="aiowps_more_info_body">
237
+ <?php
238
+ echo '<p class="description">'.__('NOTE: If you use Jetpack or the Wordpress iOS or other apps then you should enable this feature but leave the "Completely Block Access To XMLRPC" checkbox unchecked.', 'all-in-one-wp-security-and-firewall').'</p>';
239
+ echo '<p class="description">'.__('The feature will still allow XMLRPC functionality on your site but will disable the pingback methods.', 'all-in-one-wp-security-and-firewall').'</p>';
240
+ echo '<p class="description">'.__('This feature will also remove the "X-Pingback" header if it is present.', 'all-in-one-wp-security-and-firewall').'</p>';
241
+ ?>
242
+ </div>
243
+ </td>
244
+ </tr>
245
+ </table>
246
+ </div></div>
247
+
248
+ <div class="postbox">
249
+ <h3 class="hndle"><label for="title"><?php _e('Block Access to Debug Log File', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
250
+ <div class="inside">
251
+ <?php
252
+ //Display security info badge
253
+ $aiowps_feature_mgr->output_feature_details_badge("firewall-block-debug-file-access");
254
+ ?>
255
+ <table class="form-table">
256
+ <tr valign="top">
257
+ <th scope="row"><?php _e('Block Access to debug.log File', 'all-in-one-wp-security-and-firewall')?>:</th>
258
+ <td>
259
+ <input name="aiowps_block_debug_log_file_access" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_block_debug_log_file_access')=='1') echo ' checked="checked"'; ?> value="1"/>
260
+ <span class="description"><?php _e('Check this if you want to block access to the debug.log file that WordPress creates when debug logging is enabled.', 'all-in-one-wp-security-and-firewall'); ?></span>
261
+ <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
262
+ <div class="aiowps_more_info_body">
263
+ <?php
264
+ echo '<p class="description">'.__('WordPress has an option to turn on the debug logging to a file located in wp-content/debug.log. This file may contain sensitive information.', 'all-in-one-wp-security-and-firewall').'</p>';
265
+ echo '<p class="description">'.__('Using this optoin will block external access to this file. You can still access this file by logging into your site via FTP', 'all-in-one-wp-security-and-firewall').'</p>';
266
+ ?>
267
+ </div>
268
+ </td>
269
+ </tr>
270
+ </table>
271
+ </div></div>
272
+
273
+ <input type="submit" name="aiowps_apply_basic_firewall_settings" value="<?php _e('Save Basic Firewall Settings', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
274
+ </form>
275
+ <?php
276
+ }
277
+
278
+ function render_tab2()
279
+ {
280
+ global $aio_wp_security;
281
+ $error = '';
282
+ if(isset($_POST['aiowps_apply_additional_firewall_settings']))//Do advanced firewall submission tasks
283
+ {
284
+ $nonce=$_REQUEST['_wpnonce'];
285
+ if (!wp_verify_nonce($nonce, 'aiowpsec-enable-additional-firewall-nonce'))
286
+ {
287
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed on enable advanced firewall settings!",4);
288
+ die("Nonce check failed on enable advanced firewall settings!");
289
+ }
290
+
291
+ //Save settings
292
+ if(isset($_POST['aiowps_disable_index_views']))
293
+ {
294
+ $aio_wp_security->configs->set_value('aiowps_disable_index_views','1');
295
+ }
296
+ else
297
+ {
298
+ $aio_wp_security->configs->set_value('aiowps_disable_index_views','');
299
+ }
300
+
301
+ if(isset($_POST['aiowps_disable_trace_and_track']))
302
+ {
303
+ $aio_wp_security->configs->set_value('aiowps_disable_trace_and_track','1');
304
+ }
305
+ else
306
+ {
307
+ $aio_wp_security->configs->set_value('aiowps_disable_trace_and_track','');
308
+ }
309
+
310
+ if(isset($_POST['aiowps_forbid_proxy_comments']))
311
+ {
312
+ $aio_wp_security->configs->set_value('aiowps_forbid_proxy_comments','1');
313
+ }
314
+ else
315
+ {
316
+ $aio_wp_security->configs->set_value('aiowps_forbid_proxy_comments','');
317
+ }
318
+
319
+ if(isset($_POST['aiowps_deny_bad_query_strings']))
320
+ {
321
+ $aio_wp_security->configs->set_value('aiowps_deny_bad_query_strings','1');
322
+ }
323
+ else
324
+ {
325
+ $aio_wp_security->configs->set_value('aiowps_deny_bad_query_strings','');
326
+ }
327
+
328
+ if(isset($_POST['aiowps_advanced_char_string_filter']))
329
+ {
330
+ $aio_wp_security->configs->set_value('aiowps_advanced_char_string_filter','1');
331
+ }
332
+ else
333
+ {
334
+ $aio_wp_security->configs->set_value('aiowps_advanced_char_string_filter','');
335
+ }
336
+
337
+ //Commit the config settings
338
+ $aio_wp_security->configs->save_config();
339
+
340
+ //Now let's write the applicable rules to the .htaccess file
341
+ $res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
342
+
343
+ if ($res)
344
+ {
345
+ $this->show_msg_updated(__('You have successfully saved the Additional Firewall Protection configuration', 'all-in-one-wp-security-and-firewall'));
346
+ }
347
+ else
348
+ {
349
+ $this->show_msg_error(__('Could not write to the .htaccess file. Please check the file permissions.', 'all-in-one-wp-security-and-firewall'));
350
+ }
351
+
352
+ if($error)
353
+ {
354
+ $this->show_msg_error($error);
355
+ }
356
+
357
+ }
358
+ ?>
359
+ <h2><?php _e('Additional Firewall Protection', 'all-in-one-wp-security-and-firewall')?></h2>
360
+ <div class="aio_blue_box">
361
+ <?php
362
+ $backup_tab_link = '<a href="admin.php?page='.AIOWPSEC_SETTINGS_MENU_SLUG.'&tab=tab2" target="_blank">backup</a>';
363
+ $info_msg = sprintf( __('Due to the nature of the code being inserted to the .htaccess file, this feature may break some functionality for certain plugins and you are therefore advised to take a %s of .htaccess before applying this configuration.', 'all-in-one-wp-security-and-firewall'), $backup_tab_link);
364
+
365
+ echo '<p>'.__('This feature allows you to activate more advanced firewall settings to your site.', 'all-in-one-wp-security-and-firewall').
366
+ '<br />'.__('The advanced firewall rules are applied via the insertion of special code to your currently active .htaccess file.', 'all-in-one-wp-security-and-firewall').
367
+ '<br />'.$info_msg.'</p>';
368
+ ?>
369
+ </div>
370
+
371
+ <form action="" method="POST">
372
+ <?php wp_nonce_field('aiowpsec-enable-additional-firewall-nonce'); ?>
373
+
374
+ <div class="postbox">
375
+ <h3 class="hndle"><label for="title"><?php _e('Listing of Directory Contents', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
376
+ <div class="inside">
377
+ <?php
378
+ //Display security info badge
379
+ global $aiowps_feature_mgr;
380
+ $aiowps_feature_mgr->output_feature_details_badge("firewall-disable-index-views");
381
+ ?>
382
+ <table class="form-table">
383
+ <tr valign="top">
384
+ <th scope="row"><?php _e('Disable Index Views', 'all-in-one-wp-security-and-firewall')?>:</th>
385
+ <td>
386
+ <input name="aiowps_disable_index_views" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_disable_index_views')=='1') echo ' checked="checked"'; ?> value="1"/>
387
+ <span class="description"><?php _e('Check this if you want to disable directory and file listing.', 'all-in-one-wp-security-and-firewall'); ?></span>
388
+ <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
389
+ <div class="aiowps_more_info_body">
390
+ <p class="description">
391
+ <?php
392
+ _e('By default, an Apache server will allow the listing of the contents of a directory if it doesn\'t contain an index.php file.', 'all-in-one-wp-security-and-firewall');
393
+ echo '<br />';
394
+ _e('This feature will prevent the listing of contents for all directories.', 'all-in-one-wp-security-and-firewall');
395
+ echo '<br />';
396
+ _e('NOTE: In order for this feature to work "AllowOverride" of the Indexes directive must be enabled in your httpd.conf file. Ask your hosting provider to check this if you don\'t have access to httpd.conf', 'all-in-one-wp-security-and-firewall');
397
+ ?>
398
+ </p>
399
+ </div>
400
+ </td>
401
+ </tr>
402
+ </table>
403
+ </div></div>
404
+ <div class="postbox">
405
+ <h3 class="hndle"><label for="title"><?php _e('Trace and Track', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
406
+ <div class="inside">
407
+ <?php
408
+ //Display security info badge
409
+ global $aiowps_feature_mgr;
410
+ $aiowps_feature_mgr->output_feature_details_badge("firewall-disable-trace-track");
411
+ ?>
412
+ <table class="form-table">
413
+ <tr valign="top">
414
+ <th scope="row"><?php _e('Disable Trace and Track', 'all-in-one-wp-security-and-firewall')?>:</th>
415
+ <td>
416
+ <input name="aiowps_disable_trace_and_track" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_disable_trace_and_track')=='1') echo ' checked="checked"'; ?> value="1"/>
417
+ <span class="description"><?php _e('Check this if you want to disable trace and track.', 'all-in-one-wp-security-and-firewall'); ?></span>
418
+ <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
419
+ <div class="aiowps_more_info_body">
420
+ <p class="description">
421
+ <?php
422
+ _e('HTTP Trace attack (XST) can be used to return header requests and grab cookies and other information.', 'all-in-one-wp-security-and-firewall');
423
+ echo '<br />';
424
+ _e('This hacking technique is usually used together with cross site scripting attacks (XSS).', 'all-in-one-wp-security-and-firewall');
425
+ echo '<br />';
426
+ _e('Disabling trace and track on your site will help prevent HTTP Trace attacks.', 'all-in-one-wp-security-and-firewall');
427
+ ?>
428
+ </p>
429
+ </div>
430
+ </td>
431
+ </tr>
432
+ </table>
433
+ </div></div>
434
+ <div class="postbox">
435
+ <h3 class="hndle"><label for="title"><?php _e('Proxy Comment Posting', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
436
+ <div class="inside">
437
+ <?php
438
+ //Display security info badge
439
+ global $aiowps_feature_mgr;
440
+ $aiowps_feature_mgr->output_feature_details_badge("firewall-forbid-proxy-comments");
441
+ ?>
442
+
443
+ <table class="form-table">
444
+ <tr valign="top">
445
+ <th scope="row"><?php _e('Forbid Proxy Comment Posting', 'all-in-one-wp-security-and-firewall')?>:</th>
446
+ <td>
447
+ <input name="aiowps_forbid_proxy_comments" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_forbid_proxy_comments')=='1') echo ' checked="checked"'; ?> value="1"/>
448
+ <span class="description"><?php _e('Check this if you want to forbid proxy comment posting.', 'all-in-one-wp-security-and-firewall'); ?></span>
449
+ <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
450
+ <div class="aiowps_more_info_body">
451
+ <p class="description">
452
+ <?php
453
+ _e('This setting will deny any requests that use a proxy server when posting comments.', 'all-in-one-wp-security-and-firewall');
454
+ echo '<br />'.__('By forbidding proxy comments you are in effect eliminating some SPAM and other proxy requests.', 'all-in-one-wp-security-and-firewall');
455
+ ?>
456
+ </p>
457
+ </div>
458
+ </td>
459
+ </tr>
460
+ </table>
461
+ </div></div>
462
+ <div class="postbox">
463
+ <h3 class="hndle"><label for="title"><?php _e('Bad Query Strings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
464
+ <div class="inside">
465
+ <?php
466
+ //Display security info badge
467
+ global $aiowps_feature_mgr;
468
+ $aiowps_feature_mgr->output_feature_details_badge("firewall-deny-bad-queries");
469
+ ?>
470
+
471
+ <table class="form-table">
472
+ <tr valign="top">
473
+ <th scope="row"><?php _e('Deny Bad Query Strings', 'all-in-one-wp-security-and-firewall')?>:</th>
474
+ <td>
475
+ <input name="aiowps_deny_bad_query_strings" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_deny_bad_query_strings')=='1') echo ' checked="checked"'; ?> value="1"/>
476
+ <span class="description"><?php _e('This will help protect you against malicious queries via XSS.', 'all-in-one-wp-security-and-firewall'); ?></span>
477
+ <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
478
+ <div class="aiowps_more_info_body">
479
+ <p class="description">
480
+ <?php
481
+ _e('This feature will write rules in your .htaccess file to prevent malicious string attacks on your site using XSS.', 'all-in-one-wp-security-and-firewall');
482
+ echo '<br />'.__('NOTE: Some of these strings might be used for plugins or themes and hence this might break some functionality.', 'all-in-one-wp-security-and-firewall');
483
+ echo '<br /><strong>'.__('You are therefore strongly advised to take a backup of your active .htaccess file before applying this feature.', 'all-in-one-wp-security-and-firewall').'<strong>';
484
+ ?>
485
+ </p>
486
+ </div>
487
+ </td>
488
+ </tr>
489
+ </table>
490
+ </div></div>
491
+ <div class="postbox">
492
+ <h3 class="hndle"><label for="title"><?php _e('Advanced Character String Filter', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
493
+ <div class="inside">
494
+ <?php
495
+ //Display security info badge
496
+ global $aiowps_feature_mgr;
497
+ $aiowps_feature_mgr->output_feature_details_badge("firewall-advanced-character-string-filter");
498
+ ?>
499
+
500
+ <table class="form-table">
501
+ <tr valign="top">
502
+ <th scope="row"><?php _e('Enable Advanced Character String Filter', 'all-in-one-wp-security-and-firewall')?>:</th>
503
+ <td>
504
+ <input name="aiowps_advanced_char_string_filter" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_advanced_char_string_filter')=='1') echo ' checked="checked"'; ?> value="1"/>
505
+ <span class="description"><?php _e('This will block bad character matches from XSS.', 'all-in-one-wp-security-and-firewall'); ?></span>
506
+ <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
507
+ <div class="aiowps_more_info_body">
508
+ <p class="description">
509
+ <?php
510
+ _e('This is an advanced character string filter to prevent malicious string attacks on your site coming from Cross Site Scripting (XSS).', 'all-in-one-wp-security-and-firewall');
511
+ echo '<br />'.__('This setting matches for common malicious string patterns and exploits and will produce a 403 error for the hacker attempting the query.', 'all-in-one-wp-security-and-firewall');
512
+ echo '<br />'.__('NOTE: Some strings for this setting might break some functionality.', 'all-in-one-wp-security-and-firewall');
513
+ echo '<br /><strong>'.__('You are therefore strongly advised to take a backup of your active .htaccess file before applying this feature.', 'all-in-one-wp-security-and-firewall').'<strong>';
514
+ ?>
515
+ </p>
516
+ </div>
517
+ </td>
518
+ </tr>
519
+ </table>
520
+ </div></div>
521
+ <input type="submit" name="aiowps_apply_additional_firewall_settings" value="<?php _e('Save Additional Firewall Settings', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
522
+ </form>
523
+ <?php
524
+ }
525
+
526
+ function render_tab3()
527
+ {
528
+ global $aio_wp_security, $aiowps_feature_mgr;
529
+ if(isset($_POST['aiowps_apply_5g_6g_firewall_settings']))//Do form submission tasks
530
+ {
531
+ $nonce=$_REQUEST['_wpnonce'];
532
+ if (!wp_verify_nonce($nonce, 'aiowpsec-enable-5g-6g-firewall-nonce'))
533
+ {
534
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed on enable 5G/6G firewall settings!",4);
535
+ die("Nonce check failed on enable 5G/6G firewall settings!");
536
+ }
537
+
538
+ //Save settings
539
+ if(isset($_POST['aiowps_enable_5g_firewall']))
540
+ {
541
+ $aio_wp_security->configs->set_value('aiowps_enable_5g_firewall','1');
542
+ }
543
+ else
544
+ {
545
+ $aio_wp_security->configs->set_value('aiowps_enable_5g_firewall','');
546
+ }
547
+ if(isset($_POST['aiowps_enable_6g_firewall']))
548
+ {
549
+ $aio_wp_security->configs->set_value('aiowps_enable_6g_firewall','1');
550
+ }
551
+ else
552
+ {
553
+ $aio_wp_security->configs->set_value('aiowps_enable_6g_firewall','');
554
+ }
555
+
556
+ //Commit the config settings
557
+ $aio_wp_security->configs->save_config();
558
+
559
+ //Now let's write the applicable rules to the .htaccess file
560
+ $res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
561
+
562
+ if ($res)
563
+ {
564
+ $this->show_msg_updated(__('You have successfully saved the 5G/6G Firewall Protection configuration', 'all-in-one-wp-security-and-firewall'));
565
+ // Recalculate points after the feature status/options have been altered
566
+ $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
567
+ }
568
+ else
569
+ {
570
+ $this->show_msg_error(__('Could not write to the .htaccess file. Please check the file permissions.', 'all-in-one-wp-security-and-firewall'));
571
+ }
572
+ }
573
+
574
+ ?>
575
+ <h2><?php _e('Firewall Settings', 'all-in-one-wp-security-and-firewall')?></h2>
576
+ <div class="aio_blue_box">
577
+ <?php
578
+ $backup_tab_link = '<a href="admin.php?page='.AIOWPSEC_SETTINGS_MENU_SLUG.'&tab=tab2" target="_blank">backup</a>';
579
+ $info_msg = '<p>'.sprintf( __('This feature allows you to activate the %s (or legacy %s) firewall security protection rules designed and produced by %s.', 'all-in-one-wp-security-and-firewall'), '<a href="http://perishablepress.com/6g/" target="_blank">6G</a>', '<a href="http://perishablepress.com/5g-blacklist-2013/" target="_blank">5G</a>', '<a href="http://perishablepress.com/" target="_blank">Perishable Press</a>').'</p>';
580
+ $info_msg .= '<p>'.__('The 6G Blacklist is updated and improved version of 5G Blacklist. If you have 5G Blacklist active, you might consider activating 6G Blacklist instead.', 'all-in-one-wp-security-and-firewall').'</p>';
581
+ $info_msg .= '<p>'.__('The 6G Blacklist is a simple, flexible blacklist that helps reduce the number of malicious URL requests that hit your website.', 'all-in-one-wp-security-and-firewall').'</p>';
582
+ $info_msg .= '<p>'.__('The added advantage of applying the 6G firewall to your site is that it has been tested and confirmed by the people at PerishablePress.com to be an optimal and least disruptive set of .htaccess security rules for general WP sites running on an Apache server or similar.', 'all-in-one-wp-security-and-firewall').'</p>';
583
+ $info_msg .= '<p>'.sprintf( __('Therefore the 6G firewall rules should not have any impact on your site\'s general functionality but if you wish you can take a %s of your .htaccess file before proceeding.', 'all-in-one-wp-security-and-firewall'), $backup_tab_link).'</p>';
584
+ echo $info_msg;
585
+ ?>
586
+ </div>
587
+
588
+ <div class="postbox">
589
+ <h3 class="hndle"><label for="title"><?php _e('6G Blacklist/Firewall Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
590
+ <div class="inside">
591
+ <?php
592
+ //Display security info badge
593
+ global $aiowps_feature_mgr;
594
+ $aiowps_feature_mgr->output_feature_details_badge("firewall-enable-5g-6g-blacklist");
595
+ ?>
596
+
597
+ <form action="" method="POST">
598
+ <?php wp_nonce_field('aiowpsec-enable-5g-6g-firewall-nonce'); ?>
599
+ <table class="form-table">
600
+ <tr valign="top">
601
+ <th scope="row"><?php _e('Enable 6G Firewall Protection', 'all-in-one-wp-security-and-firewall')?>:</th>
602
+ <td>
603
+ <input name="aiowps_enable_6g_firewall" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_6g_firewall')=='1') echo ' checked="checked"'; ?> value="1"/>
604
+ <span class="description"><?php _e('Check this if you want to apply the 6G Blacklist firewall protection from perishablepress.com to your site.', 'all-in-one-wp-security-and-firewall'); ?></span>
605
+ <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
606
+ <div class="aiowps_more_info_body">
607
+ <?php
608
+ echo '<p class="description">'.__('This setting will implement the 6G security firewall protection mechanisms on your site which include the following things:', 'all-in-one-wp-security-and-firewall').'</p>';
609
+ echo '<p class="description">'.__('1) Block forbidden characters commonly used in exploitative attacks.', 'all-in-one-wp-security-and-firewall').'</p>';
610
+ echo '<p class="description">'.__('2) Block malicious encoded URL characters such as the ".css(" string.', 'all-in-one-wp-security-and-firewall').'</p>';
611
+ echo '<p class="description">'.__('3) Guard against the common patterns and specific exploits in the root portion of targeted URLs.', 'all-in-one-wp-security-and-firewall').'</p>';
612
+ echo '<p class="description">'.__('4) Stop attackers from manipulating query strings by disallowing illicit characters.', 'all-in-one-wp-security-and-firewall').'</p>';
613
+ echo '<p class="description">'.__('....and much more.', 'all-in-one-wp-security-and-firewall').'</p>';
614
+ ?>
615
+ </div>
616
+ </td>
617
+ </tr>
618
+ <tr valign="top">
619
+ <th scope="row"><?php _e('Enable legacy 5G Firewall Protection', 'all-in-one-wp-security-and-firewall')?>:</th>
620
+ <td>
621
+ <input name="aiowps_enable_5g_firewall" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_5g_firewall')=='1') echo ' checked="checked"'; ?> value="1"/>
622
+ <span class="description"><?php _e('Check this if you want to apply the 5G Blacklist firewall protection from perishablepress.com to your site.', 'all-in-one-wp-security-and-firewall'); ?></span>
623
+ <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
624
+ <div class="aiowps_more_info_body">
625
+ <?php
626
+ echo '<p class="description">'.__('This setting will implement the 5G security firewall protection mechanisms on your site which include the following things:', 'all-in-one-wp-security-and-firewall').'</p>';
627
+ echo '<p class="description">'.__('1) Block forbidden characters commonly used in exploitative attacks.', 'all-in-one-wp-security-and-firewall').'</p>';
628
+ echo '<p class="description">'.__('2) Block malicious encoded URL characters such as the ".css(" string.', 'all-in-one-wp-security-and-firewall').'</p>';
629
+ echo '<p class="description">'.__('3) Guard against the common patterns and specific exploits in the root portion of targeted URLs.', 'all-in-one-wp-security-and-firewall').'</p>';
630
+ echo '<p class="description">'.__('4) Stop attackers from manipulating query strings by disallowing illicit characters.', 'all-in-one-wp-security-and-firewall').'</p>';
631
+ echo '<p class="description">'.__('....and much more.', 'all-in-one-wp-security-and-firewall').'</p>';
632
+ ?>
633
+ </div>
634
+ </td>
635
+ </tr>
636
+ </table>
637
+ <input type="submit" name="aiowps_apply_5g_6g_firewall_settings" value="<?php _e('Save 5G/6G Firewall Settings', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
638
+ </form>
639
+ </div></div>
640
+ <?php
641
+ }
642
+
643
+ function render_tab4()
644
+ {
645
+ global $aio_wp_security;
646
+ if(isset($_POST['aiowps_save_internet_bot_settings']))//Do form submission tasks
647
+ {
648
+ $nonce=$_REQUEST['_wpnonce'];
649
+ if (!wp_verify_nonce($nonce, 'aiowpsec-save-internet-bot-settings-nonce'))
650
+ {
651
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed for save internet bot settings!",4);
652
+ die("Nonce check failed for save internet bot settings!");
653
+ }
654
+
655
+ //Save settings
656
+ if(isset($_POST['aiowps_block_fake_googlebots']))
657
+ {
658
+ $aio_wp_security->configs->set_value('aiowps_block_fake_googlebots','1');
659
+ }
660
+ else
661
+ {
662
+ $aio_wp_security->configs->set_value('aiowps_block_fake_googlebots','');
663
+ }
664
+
665
+ //Commit the config settings
666
+ $aio_wp_security->configs->save_config();
667
+
668
+ $this->show_msg_updated(__('The Internet bot settings were successfully saved', 'all-in-one-wp-security-and-firewall'));
669
+ }
670
+
671
+ ?>
672
+ <h2><?php _e('Internet Bot Settings', 'all-in-one-wp-security-and-firewall')?></h2>
673
+ <form action="" method="POST">
674
+ <?php wp_nonce_field('aiowpsec-save-internet-bot-settings-nonce'); ?>
675
+ <div class="aio_blue_box">
676
+ <?php
677
+ $info_msg = '';
678
+ $wiki_link = '<a href="http://en.wikipedia.org/wiki/Internet_bot" target="_blank">'.__('What is an Internet Bot', 'all-in-one-wp-security-and-firewall').'</a>';
679
+ $info_msg .= '<p><strong>'.sprintf( __('%s?', 'all-in-one-wp-security-and-firewall'), $wiki_link).'</strong></p>';
680
+
681
+ $info_msg .= '<p>'. __('A bot is a piece of software which runs on the Internet and performs automatic tasks. For example when Google indexes your pages it uses automatic bots to achieve this task.', 'all-in-one-wp-security-and-firewall').'</p>';
682
+ $info_msg .= '<p>'. __('A lot of bots are legitimate and non-malicous but not all bots are good and often you will find some which try to impersonate legitimate bots such as "Googlebot" but in reality they have nohing to do with Google at all.', 'all-in-one-wp-security-and-firewall').'</p>';
683
+ $info_msg .= '<p>'. __('Although most of the bots out there are relatively harmless sometimes website owners want to have more control over which bots they allow into their site.', 'all-in-one-wp-security-and-firewall').'</p>';
684
+ $info_msg .= '<p>'. __('This feature allows you to block bots which are impersonating as a Googlebot but actually aren\'t. (In other words they are fake Google bots)', 'all-in-one-wp-security-and-firewall').'</p>';
685
+ $info_msg .= '<p>'.__('Googlebots have a unique indentity which cannot easily be forged and this feature will indentify any fake Google bots and block them from reading your site\'s pages.', 'all-in-one-wp-security-and-firewall').'</p>';
686
+ echo $info_msg;
687
+ ?>
688
+ </div>
689
+ <div class="aio_yellow_box">
690
+ <?php
691
+ $info_msg_2 = '<p>'. __('<strong>Attention</strong>: Sometimes non-malicious Internet organizations might have bots which impersonate as a "Googlebot".', 'all-in-one-wp-security-and-firewall').'</p>';
692
+ $info_msg_2 .= '<p>'.__('Just be aware that if you activate this feature the plugin will block all bots which use the "Googlebot" string in their User Agent information but are NOT officially from Google (irrespective whether they are malicious or not).', 'all-in-one-wp-security-and-firewall').'</p>';
693
+ $info_msg_2 .= '<p>'.__('All other bots from other organizations such as "Yahoo", "Bing" etc will not be affected by this feature.', 'all-in-one-wp-security-and-firewall').'</p>';
694
+ echo $info_msg_2;
695
+ ?>
696
+ </div>
697
+
698
+ <div class="postbox">
699
+ <h3 class="hndle"><label for="title"><?php _e('Block Fake Googlebots', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
700
+ <div class="inside">
701
+ <?php
702
+ //Display security info badge
703
+ global $aiowps_feature_mgr;
704
+ $aiowps_feature_mgr->output_feature_details_badge("firewall-block-fake-googlebots");
705
+ ?>
706
+
707
+ <table class="form-table">
708
+ <tr valign="top">
709
+ <th scope="row"><?php _e('Block Fake Googlebots', 'all-in-one-wp-security-and-firewall')?>:</th>
710
+ <td>
711
+ <input name="aiowps_block_fake_googlebots" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_block_fake_googlebots')=='1') echo ' checked="checked"'; ?> value="1"/>
712
+ <span class="description"><?php _e('Check this if you want to block all fake Googlebots.', 'all-in-one-wp-security-and-firewall'); ?></span>
713
+ <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
714
+ <div class="aiowps_more_info_body">
715
+ <?php
716
+ echo '<p class="description">'.__('This feature will check if the User Agent information of a bot contains the string "Googlebot".', 'all-in-one-wp-security-and-firewall').'</p>';
717
+ echo '<p class="description">'.__('It will then perform a few tests to verify if the bot is legitimately from Google and if so it will allow the bot to proceed.', 'all-in-one-wp-security-and-firewall').'</p>';
718
+ echo '<p class="description">'.__('If the bot fails the checks then the plugin will mark it as being a fake Googlebot and it will block it', 'all-in-one-wp-security-and-firewall').'</p>';
719
+ ?>
720
+ </div>
721
+ </td>
722
+ </tr>
723
+ </table>
724
+ </div></div>
725
+ <input type="submit" name="aiowps_save_internet_bot_settings" value="<?php _e('Save Internet Bot Settings', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
726
+ </form>
727
+ <?php
728
+ }
729
+
730
+ function render_tab5()
731
+ {
732
+ global $aio_wp_security;
733
+ global $aiowps_feature_mgr;
734
+
735
+ if(isset($_POST['aiowps_save_prevent_hotlinking']))//Do form submission tasks
736
+ {
737
+ $nonce=$_REQUEST['_wpnonce'];
738
+ if (!wp_verify_nonce($nonce, 'aiowpsec-prevent-hotlinking-nonce'))
739
+ {
740
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed on prevent hotlinking options save!",4);
741
+ die("Nonce check failed on prevent hotlinking options save!");
742
+ }
743
+ $aio_wp_security->configs->set_value('aiowps_prevent_hotlinking',isset($_POST["aiowps_prevent_hotlinking"])?'1':'');
744
+ $aio_wp_security->configs->save_config();
745
+
746
+ //Recalculate points after the feature status/options have been altered
747
+ $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
748
+
749
+ //Now let's write the applicable rules to the .htaccess file
750
+ $res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
751
+
752
+ if ($res)
753
+ {
754
+ $this->show_msg_updated(__('Settings were successfully saved', 'all-in-one-wp-security-and-firewall'));
755
+ }
756
+ else
757
+ {
758
+ $this->show_msg_error(__('Could not write to the .htaccess file. Please check the file permissions.', 'all-in-one-wp-security-and-firewall'));
759
+ }
760
+ }
761
+ ?>
762
+ <h2><?php _e('Prevent Image Hotlinking', 'all-in-one-wp-security-and-firewall')?></h2>
763
+ <div class="aio_blue_box">
764
+ <?php
765
+ echo '<p>'.__('A Hotlink is where someone displays an image on their site which is actually located on your site by using a direct link to the source of the image on your server.', 'all-in-one-wp-security-and-firewall');
766
+ echo '<br />'.__('Due to the fact that the image being displayed on the other person\'s site is coming from your server, this can cause leaking of bandwidth and resources for you because your server has to present this image for the people viewing it on someone elses\'s site.','all-in-one-wp-security-and-firewall');
767
+ echo '<br />'.__('This feature will prevent people from directly hotlinking images from your site\'s pages by writing some directives in your .htaccess file.', 'all-in-one-wp-security-and-firewall').'</p>';
768
+ ?>
769
+ </div>
770
+
771
+ <div class="postbox">
772
+ <h3 class="hndle"><label for="title"><?php _e('Prevent Hotlinking', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
773
+ <div class="inside">
774
+ <?php
775
+ //Display security info badge
776
+ global $aiowps_feature_mgr;
777
+ $aiowps_feature_mgr->output_feature_details_badge("prevent-hotlinking");
778
+ ?>
779
+
780
+ <form action="" method="POST">
781
+ <?php wp_nonce_field('aiowpsec-prevent-hotlinking-nonce'); ?>
782
+ <table class="form-table">
783
+ <tr valign="top">
784
+ <th scope="row"><?php _e('Prevent Image Hotlinking', 'all-in-one-wp-security-and-firewall')?>:</th>
785
+ <td>
786
+ <input name="aiowps_prevent_hotlinking" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_prevent_hotlinking')=='1') echo ' checked="checked"'; ?> value="1"/>
787
+ <span class="description"><?php _e('Check this if you want to prevent hotlinking to images on your site.', 'all-in-one-wp-security-and-firewall'); ?></span>
788
+ </td>
789
+ </tr>
790
+ </table>
791
+ <input type="submit" name="aiowps_save_prevent_hotlinking" value="<?php _e('Save Settings', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
792
+ </form>
793
+ </div></div>
794
+ <?php
795
+ }
796
+
797
+ function render_tab6()
798
+ {
799
+ global $aio_wp_security;
800
+ global $aiowps_feature_mgr;
801
+ if (isset($_POST['aiowps_delete_404_event_records']))
802
+ {
803
+ $nonce=$_REQUEST['_wpnonce'];
804
+ if (!wp_verify_nonce($nonce, 'aiowpsec-delete-404-event-records-nonce'))
805
+ {
806
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed for delete all 404 event logs operation!",4);
807
+ die(__('Nonce check failed for delete all 404 event logs operation!','all-in-one-wp-security-and-firewall'));
808
+ }
809
+ global $wpdb;
810
+ $events_table_name = AIOWPSEC_TBL_EVENTS;
811
+ //Delete all 404 records from the events table
812
+ $where = array('event_type' => '404');
813
+ $result = $wpdb->delete($events_table_name, $where);
814
+
815
+ if ($result === FALSE)
816
+ {
817
+ $aio_wp_security->debug_logger->log_debug("404 Detection Feature - Delete all 404 event logs operation failed!",4);
818
+ $this->show_msg_error(__('404 Detection Feature - Delete all 404 event logs operation failed!','all-in-one-wp-security-and-firewall'));
819
+ }
820
+ else
821
+ {
822
+ $this->show_msg_updated(__('All 404 event logs were deleted from the DB successfully!','all-in-one-wp-security-and-firewall'));
823
+ }
824
+ }
825
+
826
+
827
+ include_once 'wp-security-list-404.php'; //For rendering the AIOWPSecurity_List_Table in tab1
828
+ $event_list_404 = new AIOWPSecurity_List_404(); //For rendering the AIOWPSecurity_List_Table in tab1
829
+
830
+ if(isset($_POST['aiowps_save_404_detect_options']))//Do form submission tasks
831
+ {
832
+ $error = '';
833
+ $nonce=$_REQUEST['_wpnonce'];
834
+ if (!wp_verify_nonce($nonce, 'aiowpsec-404-detection-nonce'))
835
+ {
836
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed on 404 detection options save!",4);
837
+ die("Nonce check failed on 404 detection options save!");
838
+ }
839
+
840
+ $aio_wp_security->configs->set_value('aiowps_enable_404_logging',isset($_POST["aiowps_enable_404_IP_lockout"])?'1':''); //the "aiowps_enable_404_IP_lockout" checkbox currently controls both the 404 lockout and 404 logging
841
+ $aio_wp_security->configs->set_value('aiowps_enable_404_IP_lockout',isset($_POST["aiowps_enable_404_IP_lockout"])?'1':'');
842
+
843
+ $lockout_time_length = isset($_POST['aiowps_404_lockout_time_length'])?sanitize_text_field($_POST['aiowps_404_lockout_time_length']):'';
844
+ if(!is_numeric($lockout_time_length))
845
+ {
846
+ $error .= '<br />'.__('You entered a non numeric value for the lockout time length field. It has been set to the default value.','all-in-one-wp-security-and-firewall');
847
+ $lockout_time_length = '60';//Set it to the default value for this field
848
+ }
849
+
850
+ $redirect_url = isset($_POST['aiowps_404_lock_redirect_url'])?trim($_POST['aiowps_404_lock_redirect_url']):'';
851
+ if ($redirect_url == '' || esc_url($redirect_url, array('http', 'https')) == ''){
852
+ $error .= '<br />'.__('You entered an incorrect format for the "Redirect URL" field. It has been set to the default value.','all-in-one-wp-security-and-firewall');
853
+ $redirect_url = 'http://127.0.0.1';
854
+ }
855
+
856
+ if($error)
857
+ {
858
+ $this->show_msg_error(__('Attention!','all-in-one-wp-security-and-firewall').$error);
859
+ }
860
+
861
+ $aio_wp_security->configs->set_value('aiowps_404_lockout_time_length',absint($lockout_time_length));
862
+ $aio_wp_security->configs->set_value('aiowps_404_lock_redirect_url',$redirect_url);
863
+ $aio_wp_security->configs->save_config();
864
+
865
+ //Recalculate points after the feature status/options have been altered
866
+ $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
867
+
868
+ $this->show_msg_settings_updated();
869
+ }
870
+
871
+
872
+ if(isset($_REQUEST['action'])) //Do list table form row action tasks
873
+ {
874
+ if($_REQUEST['action'] == 'temp_block'){ //Temp Block link was clicked for a row in list table
875
+ $event_list_404->block_ip(strip_tags($_REQUEST['ip_address']));
876
+ }
877
+
878
+ if($_REQUEST['action'] == 'blacklist_ip'){ //Blacklist IP link was clicked for a row in list table
879
+ $event_list_404->blacklist_ip_address(strip_tags($_REQUEST['ip_address']));
880
+ }
881
+
882
+ if($_REQUEST['action'] == 'delete_event_log'){ //Unlock link was clicked for a row in list table
883
+ $event_list_404->delete_404_event_records(strip_tags($_REQUEST['id']));
884
+ }
885
+ }
886
+ ?>
887
+ <h2><?php _e('404 Detection Configuration', 'all-in-one-wp-security-and-firewall')?></h2>
888
+ <div class="aio_blue_box">
889
+ <?php
890
+ echo '<p>'.__('A 404 or Not Found error occurs when somebody tries to access a non-existent page on your website.', 'all-in-one-wp-security-and-firewall').'
891
+ <br />'.__('Typically, most 404 errors happen quite innocently when people have mis-typed a URL or used an old link to page which doesn\'t exist anymore.', 'all-in-one-wp-security-and-firewall').'
892
+ <br />'.__('However, in some cases you may find many repeated 404 errors which occur in a relatively short space of time and from the same IP address which are all attempting to access a variety of non-existent page URLs.', 'all-in-one-wp-security-and-firewall').'
893
+ <br />'.__('Such behaviour can mean that a hacker might be trying to find a particular page or URL for sinister reasons.', 'all-in-one-wp-security-and-firewall').'
894
+ <br /><br />'.__('This feature allows you to monitor all 404 events which occur on your site, and it also gives you the option of blocking IP addresses for a configured length of time.', 'all-in-one-wp-security-and-firewall').'
895
+ <br />'.__('If you want to temporarily block or blacklist an IP address, simply click the "Temp Block" or "Blacklist IP" link for the applicable IP entry in the "404 Event Logs" table below.', 'all-in-one-wp-security-and-firewall').'</p>';
896
+ ?>
897
+ </div>
898
+ <div class="aio_grey_box">
899
+ <?php
900
+ $addon_link = '<strong><a href="http://www.site-scanners.com/smart-404-security-blocking-addon/" target="_blank">Smart404 Blocking Addon</a></strong>';
901
+ $info_msg = sprintf( __('You may also be interested in our %s.', 'all-in-one-wp-security-and-firewall'), $addon_link);
902
+ $info_msg2 = __('This addon allows you to automatically and permanently block IP addresses based on how many 404 errors they produce.', 'all-in-one-wp-security-and-firewall');
903
+
904
+ echo '<p>'.$info_msg.
905
+ '<br />'.$info_msg2.'</p>';
906
+ ?>
907
+ </div>
908
+
909
+ <div class="postbox">
910
+ <h3 class="hndle"><label for="title"><?php _e('404 Detection Options', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
911
+ <div class="inside">
912
+ <?php
913
+ //Display security info badge
914
+ global $aiowps_feature_mgr;
915
+ $aiowps_feature_mgr->output_feature_details_badge("firewall-enable-404-blocking");
916
+ ?>
917
+
918
+ <form action="" method="POST">
919
+ <?php wp_nonce_field('aiowpsec-404-detection-nonce'); ?>
920
+ <table class="form-table">
921
+ <tr valign="top">
922
+ <th scope="row"><?php _e('Enable 404 IP Detection and Lockout', 'all-in-one-wp-security-and-firewall')?>:</th>
923
+ <td>
924
+ <input name="aiowps_enable_404_IP_lockout" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_404_IP_lockout')=='1') echo ' checked="checked"'; ?> value="1"/>
925
+ <span class="description"><?php _e('Check this if you want to enable the lockout of selected IP addresses.', 'all-in-one-wp-security-and-firewall'); ?></span>
926
+ <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
927
+ <div class="aiowps_more_info_body">
928
+ <p class="description">
929
+ <?php
930
+ _e('When you enable this checkbox, all 404 events on your site will be logged in the table below. You can monitor these events and select some IP addresses listed in the table below and block them for a specified amount of time. All IP addresses you select to be blocked from the "404 Event Logs" table section will be unable to access your site during the time specified.', 'all-in-one-wp-security-and-firewall');
931
+ ?>
932
+ </p>
933
+ </div>
934
+ </td>
935
+ </tr>
936
+ <!-- currently this option is automatically set when the aiowps_enable_404_IP_lockout feature is turned on
937
+ <tr valign="top">
938
+ <th scope="row"><?php _e('Enable 404 Event Logging', 'all-in-one-wp-security-and-firewall')?>:</th>
939
+ <td>
940
+ <input name="aiowps_enable_404_logging" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_404_logging')=='1') echo ' checked="checked"'; ?> value="1"/>
941
+ <span class="description"><?php _e('Check this if you want to enable the logging of 404 events', 'all-in-one-wp-security-and-firewall'); ?></span>
942
+ </td>
943
+ </tr>
944
+ -->
945
+ <tr valign="top">
946
+ <th scope="row"><?php _e('Time Length of 404 Lockout (min)', 'all-in-one-wp-security-and-firewall')?>:</th>
947
+ <td><input type="text" size="5" name="aiowps_404_lockout_time_length" value="<?php echo $aio_wp_security->configs->get_value('aiowps_404_lockout_time_length'); ?>" />
948
+ <span class="description"><?php _e('Set the length of time for which a blocked IP address will be prevented from visiting your site', 'all-in-one-wp-security-and-firewall'); ?></span>
949
+ <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
950
+ <div class="aiowps_more_info_body">
951
+ <p class="description">
952
+ <?php
953
+ _e('You can lock any IP address which is recorded in the "404 Event Logs" table section below.', 'all-in-one-wp-security-and-firewall');
954
+ echo '<br />';
955
+ _e('To temporarily lock an IP address, hover over the ID column and click the "Temp Block" link for the applicable IP entry.', 'all-in-one-wp-security-and-firewall');
956
+ ?>
957
+ </p>
958
+ </div>
959
+ </td>
960
+ </tr>
961
+ <tr valign="top">
962
+ <th scope="row"><?php _e('404 Lockout Redirect URL', 'all-in-one-wp-security-and-firewall')?>:</th>
963
+ <td><input type="text" size="50" name="aiowps_404_lock_redirect_url" value="<?php echo esc_url_raw( $aio_wp_security->configs->get_value('aiowps_404_lock_redirect_url'), array( 'http', 'https' ) ); ?>" />
964
+ <span class="description"><?php _e('A blocked visitor will be automatically redirected to this URL.', 'all-in-one-wp-security-and-firewall'); ?></span>
965
+ </td>
966
+ </tr>
967
+ </table>
968
+ <input type="submit" name="aiowps_save_404_detect_options" value="<?php _e('Save Settings', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
969
+
970
+ </form>
971
+ </div></div>
972
+ <div class="postbox">
973
+ <h3 class="hndle"><label for="title"><?php _e('404 Event Logs', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
974
+ <div class="inside">
975
+ <?php
976
+ //Fetch, prepare, sort, and filter our data...
977
+ $event_list_404->prepare_items();
978
+ //echo "put table of locked entries here";
979
+ ?>
980
+ <form id="tables-filter" method="post">
981
+ <!-- For plugins, we also need to ensure that the form posts back to our current page -->
982
+ <input type="hidden" name="page" value="<?php echo esc_attr($_REQUEST['page']); ?>" />
983
+ <?php $event_list_404->search_box(__('Search', 'all-in-one-wp-security-and-firewall'), 'search_404_events'); ?>
984
+ <?php
985
+ if(isset($_REQUEST["tab"]))
986
+ {
987
+ echo '<input type="hidden" name="tab" value="'.esc_attr($_REQUEST["tab"]).'" />';
988
+ }
989
+ ?>
990
+ <!-- Now we can render the completed list table -->
991
+ <?php $event_list_404->display(); ?>
992
+ </form>
993
+ </div></div>
994
+ <div class="postbox">
995
+ <h3 class="hndle"><label for="title"><?php _e('Export to CSV', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
996
+ <div class="inside">
997
+ <form action="" method="POST">
998
+ <?php wp_nonce_field('aiowpsec-export-404-event-logs-to-csv-nonce'); ?>
999
+ <table class="form-table">
1000
+ <tr valign="top">
1001
+ <span class="description"><?php _e('Click this button if you wish to download this log in CSV format.', 'all-in-one-wp-security-and-firewall'); ?></span>
1002
+ </tr>
1003
+ </table>
1004
+ <input type="submit" name="aiowps_export_404_event_logs_to_csv" value="<?php _e('Export to CSV', 'all-in-one-wp-security-and-firewall')?>" class="button-primary"/>
1005
+ </form>
1006
+ </div></div>
1007
+ <div class="postbox">
1008
+ <h3 class="hndle"><label for="title"><?php _e('Delete All 404 Event Logs', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
1009
+ <div class="inside">
1010
+ <form action="" method="POST">
1011
+ <?php wp_nonce_field('aiowpsec-delete-404-event-records-nonce'); ?>
1012
+ <table class="form-table">
1013
+ <tr valign="top">
1014
+ <span class="description"><?php _e('Click this button if you wish to purge all 404 event logs from the DB.', 'all-in-one-wp-security-and-firewall'); ?></span>
1015
+ </tr>
1016
+ </table>
1017
+ <input type="submit" name="aiowps_delete_404_event_records" value="<?php _e('Delete All 404 Event Logs', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" onclick="return confirm('Are you sure you want to delete all records?')"/>
1018
+ </form>
1019
+ </div></div>
1020
+
1021
+ <?php
1022
+ }
1023
+
1024
+ function render_tab7()
1025
+ {
1026
+ global $aio_wp_security;
1027
+ if(isset($_POST['aiowps_save_custom_rules_settings']))//Do form submission tasks
1028
+ {
1029
+ $nonce=$_REQUEST['_wpnonce'];
1030
+ if (!wp_verify_nonce($nonce, 'aiowpsec-save-custom-rules-settings-nonce'))
1031
+ {
1032
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed for save custom rules settings!",4);
1033
+ die("Nonce check failed for save custom rules settings!");
1034
+ }
1035
+
1036
+ //Save settings
1037
+ if (isset($_POST["aiowps_enable_custom_rules"]) && empty($_POST['aiowps_custom_rules']))
1038
+ {
1039
+ $this->show_msg_error('You must enter some .htaccess directives code in the text box below','all-in-one-wp-security-and-firewall');
1040
+ }
1041
+ else
1042
+ {
1043
+ if (!empty($_POST['aiowps_custom_rules']))
1044
+ {
1045
+ // Undo magic quotes that are automatically added to `$_GET`,
1046
+ // `$_POST`, `$_COOKIE`, and `$_SERVER` by WordPress as
1047
+ // they corrupt any custom rule with backslash in it...
1048
+ $custom_rules = stripslashes($_POST['aiowps_custom_rules']);
1049
+ }
1050
+ else
1051
+ {
1052
+ $aio_wp_security->configs->set_value('aiowps_custom_rules',''); //Clear the custom rules config value
1053
+ }
1054
+
1055
+ $aio_wp_security->configs->set_value('aiowps_custom_rules',$custom_rules);
1056
+ $aio_wp_security->configs->set_value('aiowps_enable_custom_rules',isset($_POST["aiowps_enable_custom_rules"])?'1':'');
1057
+ $aio_wp_security->configs->set_value('aiowps_place_custom_rules_at_top',isset($_POST["aiowps_place_custom_rules_at_top"])?'1':'');
1058
+ $aio_wp_security->configs->save_config(); //Save the configuration
1059
+
1060
+ $this->show_msg_settings_updated();
1061
+
1062
+ $write_result = AIOWPSecurity_Utility_Htaccess::write_to_htaccess(); //now let's write to the .htaccess file
1063
+ if ( !$write_result )
1064
+ {
1065
+ $this->show_msg_error(__('The plugin was unable to write to the .htaccess file. Please edit file manually.','all-in-one-wp-security-and-firewall'));
1066
+ $aio_wp_security->debug_logger->log_debug("Custom Rules feature - The plugin was unable to write to the .htaccess file.");
1067
+ }
1068
+ }
1069
+
1070
+ }
1071
+
1072
+ ?>
1073
+ <h2><?php _e('Custom .htaccess Rules Settings', 'all-in-one-wp-security-and-firewall')?></h2>
1074
+ <form action="" method="POST">
1075
+ <?php wp_nonce_field('aiowpsec-save-custom-rules-settings-nonce'); ?>
1076
+ <div class="aio_blue_box">
1077
+ <?php
1078
+ $info_msg = '';
1079
+
1080
+ $info_msg .= '<p>'. __('This feature can be used to apply your own custom .htaccess rules and directives.', 'all-in-one-wp-security-and-firewall').'</p>';
1081
+ $info_msg .= '<p>'. __('It is useful for when you want to tweak our existing firewall rules or when you want to add your own.', 'all-in-one-wp-security-and-firewall').'</p>';
1082
+ $info_msg .= '<p>'. __('NOTE: This feature can only be used if your site is hosted in an apache or similar web server.', 'all-in-one-wp-security-and-firewall').'</p>';
1083
+ echo $info_msg;
1084
+ ?>
1085
+ </div>
1086
+ <div class="aio_yellow_box">
1087
+ <?php
1088
+ $info_msg_2 = '<p>'. __('<strong>Warning</strong>: Only use this feature if you know what you are doing.', 'all-in-one-wp-security-and-firewall').'</p>';
1089
+ $info_msg_2 .= '<p>'.__('Incorrect .htaccess rules or directives can break or prevent access to your site.', 'all-in-one-wp-security-and-firewall').'</p>';
1090
+ $info_msg_2 .= '<p>'.__('It is your responsibility to ensure that you are entering the correct code!', 'all-in-one-wp-security-and-firewall').'</p>';
1091
+ $info_msg_2 .= '<p>'.__('If you break your site you will need to access your server via FTP or something similar and then edit your .htaccess file and delete the changes you made.', 'all-in-one-wp-security-and-firewall').'</p>';
1092
+ echo $info_msg_2;
1093
+ ?>
1094
+ </div>
1095
+
1096
+ <div class="postbox">
1097
+ <h3 class="hndle"><label for="title"><?php _e('Custom .htaccess Rules', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
1098
+ <div class="inside">
1099
+ <table class="form-table">
1100
+ <tr valign="top">
1101
+ <th scope="row"><?php _e('Enable Custom .htaccess Rules', 'all-in-one-wp-security-and-firewall')?>:</th>
1102
+ <td>
1103
+ <input name="aiowps_enable_custom_rules" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_custom_rules')=='1') echo ' checked="checked"'; ?> value="1"/>
1104
+ <span class="description"><?php _e('Check this if you want to enable custom rules entered in the text box below', 'all-in-one-wp-security-and-firewall'); ?></span>
1105
+ </td>
1106
+ </tr>
1107
+ <tr valign="top">
1108
+ <th scope="row"><?php _e('Place custom rules at the top', 'all-in-one-wp-security-and-firewall')?>:</th>
1109
+ <td>
1110
+ <input name="aiowps_place_custom_rules_at_top" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_place_custom_rules_at_top')=='1') echo ' checked="checked"'; ?> value="1"/>
1111
+ <span class="description"><?php _e('Check this if you want to place your custom rules at the beginning of all the rules applied by this plugin', 'all-in-one-wp-security-and-firewall'); ?></span>
1112
+ </td>
1113
+ </tr>
1114
+ <tr valign="top">
1115
+ <th scope="row"><?php _e('Enter Custom .htaccess Rules:', 'all-in-one-wp-security-and-firewall')?></th>
1116
+ <td>
1117
+ <textarea name="aiowps_custom_rules" rows="35" cols="50"><?php echo htmlspecialchars($aio_wp_security->configs->get_value('aiowps_custom_rules')); ?></textarea>
1118
+ <br />
1119
+ <span class="description"><?php _e('Enter your custom .htaccess rules/directives.','all-in-one-wp-security-and-firewall');?></span>
1120
+ </td>
1121
+ </tr>
1122
+ </table>
1123
+ </div></div>
1124
+ <input type="submit" name="aiowps_save_custom_rules_settings" value="<?php _e('Save Custom Rules', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
1125
+ </form>
1126
+ <?php
1127
+ }
1128
+
1129
  } //end class
admin/wp-security-list-404.php CHANGED
@@ -1,324 +1,324 @@
1
- <?php
2
- if(!defined('ABSPATH')){
3
- exit;//Exit if accessed directly
4
- }
5
-
6
- class AIOWPSecurity_List_404 extends AIOWPSecurity_List_Table {
7
-
8
- function __construct() {
9
- global $status, $page;
10
-
11
- //Set parent defaults
12
- parent::__construct(array(
13
- 'singular' => 'item', //singular name of the listed records
14
- 'plural' => 'items', //plural name of the listed records
15
- 'ajax' => false //does this table support ajax?
16
- ));
17
- }
18
-
19
- function column_default($item, $column_name) {
20
- return $item[$column_name];
21
- }
22
-
23
- function column_id($item) {
24
- $tab = strip_tags($_REQUEST['tab']);
25
- $ip = $item['ip_or_host'];
26
-
27
- $blocked_ips_tab = 'tab3';
28
- //Check if this IP address is locked
29
- $is_locked = AIOWPSecurity_Utility::check_locked_ip($ip);
30
- $delete_url = sprintf('admin.php?page=%s&tab=%s&action=%s&id=%s', AIOWPSEC_FIREWALL_MENU_SLUG, $tab, 'delete_event_log', $item['id']);
31
- //Add nonce to delete URL
32
- $delete_url_nonce = wp_nonce_url($delete_url, "delete_404_log", "aiowps_nonce");
33
- if ($is_locked) {
34
- //Build row actions
35
- $actions = array(
36
- 'unblock' => sprintf('<a href="admin.php?page=%s&tab=%s">Unblock</a>', AIOWPSEC_MAIN_MENU_SLUG, $blocked_ips_tab),
37
- 'delete' => '<a href="'.$delete_url_nonce.'" onclick="return confirm(\'Are you sure you want to delete this item?\')">Delete</a>',
38
- );
39
- } else {
40
- //Build row actions
41
- $actions = array(
42
- 'temp_block' => sprintf('<a href="admin.php?page=%s&tab=%s&action=%s&ip_address=%s&username=%s" onclick="return confirm(\'Are you sure you want to block this IP address?\')">Temp Block</a>', AIOWPSEC_FIREWALL_MENU_SLUG, $tab, 'temp_block', $item['ip_or_host'], $item['username']),
43
- 'blacklist_ip' => sprintf('<a href="admin.php?page=%s&tab=%s&action=%s&ip_address=%s&username=%s" onclick="return confirm(\'Are you sure you want to permanently block this IP address?\')">Blacklist IP</a>', AIOWPSEC_FIREWALL_MENU_SLUG, $tab, 'blacklist_ip', $item['ip_or_host'], $item['username']),
44
- 'delete' => '<a href="'.$delete_url_nonce.'" onclick="return confirm(\'Are you sure you want to delete this item?\')">Delete</a>',
45
- );
46
- }
47
-
48
- //Return the user_login contents
49
- return sprintf('%1$s <span style="color:silver"></span>%2$s',
50
- /* $1%s */ $item['id'],
51
- /* $2%s */ $this->row_actions($actions)
52
- );
53
- }
54
-
55
- function column_status($item) {
56
- global $aio_wp_security;
57
- $ip = $item['ip_or_host'];
58
- //Check if this IP address is locked
59
- $is_locked = AIOWPSecurity_Utility::check_locked_ip($ip);
60
- $blacklisted_string = $aio_wp_security->configs->get_value('aiowps_banned_ip_addresses');
61
- $banned = strpos($blacklisted_string, $ip);
62
-
63
- if ($banned !== false) {
64
- return 'blacklisted';
65
- } else if ($is_locked) {
66
- return 'temporarily blocked';
67
- } else {
68
- return '';
69
- }
70
- }
71
-
72
- function column_cb($item) {
73
- return sprintf(
74
- '<input type="checkbox" name="%1$s[]" value="%2$s" />',
75
- /* $1%s */ $this->_args['singular'], //Let's simply repurpose the table's singular label
76
- /* $2%s */ $item['id'] //The value of the checkbox should be the record's id
77
- );
78
- }
79
-
80
- function get_columns() {
81
- $columns = array(
82
- 'cb' => '<input type="checkbox" />', //Render a checkbox
83
- 'id' => 'ID',
84
- 'event_type' => __('Event Type','all-in-one-wp-security-and-firewall'),
85
- 'ip_or_host' => __('IP Address','all-in-one-wp-security-and-firewall'),
86
- 'url' => __('Attempted URL','all-in-one-wp-security-and-firewall'),
87
- 'referer_info' => __('Referer','all-in-one-wp-security-and-firewall'),
88
- 'event_date' => __('Date','all-in-one-wp-security-and-firewall'),
89
- 'status' => __('Lock Status','all-in-one-wp-security-and-firewall'),
90
- );
91
- $columns = apply_filters('list_404_get_columns', $columns);
92
- return $columns;
93
- }
94
-
95
- function get_sortable_columns() {
96
- $sortable_columns = array(
97
- 'id' => array('id', false),
98
- 'event_type' => array('event_type', false),
99
- 'ip_or_host' => array('ip_or_host', false),
100
- 'url' => array('url', false),
101
- 'referer_info' => array('referer_info', false),
102
- 'event_date' => array('event_date', false),
103
- );
104
- $sortable_columns = apply_filters('list_404_get_sortable_columns', $sortable_columns);
105
- return $sortable_columns;
106
- }
107
-
108
- function get_bulk_actions() {
109
- $actions = array(
110
- //'unlock' => 'Unlock',
111
- 'bulk_block_ip' => 'Temp Block IP',
112
- 'bulk_blacklist_ip' => 'Blacklist IP',
113
- 'delete' => 'Delete'
114
- );
115
- return $actions;
116
- }
117
-
118
- function process_bulk_action() {
119
- if ('bulk_block_ip' === $this->current_action()) {//Process delete bulk actions
120
- if (!isset($_REQUEST['item'])) {
121
- AIOWPSecurity_Admin_Menu::show_msg_error_st(__('Please select some records using the checkboxes', 'all-in-one-wp-security-and-firewall'));
122
- } else {
123
- $this->block_ip(($_REQUEST['item']));
124
- }
125
- }
126
-
127
- if ('bulk_blacklist_ip' === $this->current_action()) {//Process delete bulk actions
128
- if (!isset($_REQUEST['item'])) {
129
- AIOWPSecurity_Admin_Menu::show_msg_error_st(__('Please select some records using the checkboxes', 'all-in-one-wp-security-and-firewall'));
130
- } else {
131
- $this->blacklist_ip_address(($_REQUEST['item']));
132
- }
133
- }
134
- if ('delete' === $this->current_action()) {//Process delete bulk actions
135
- if (!isset($_REQUEST['item'])) {
136
- AIOWPSecurity_Admin_Menu::show_msg_error_st(__('Please select some records using the checkboxes', 'all-in-one-wp-security-and-firewall'));
137
- } else {
138
- $this->delete_404_event_records(($_REQUEST['item']));
139
- }
140
- }
141
- }
142
-
143
- /*
144
- * This function will lock an IP address by adding it to the "login_lockdown" table
145
- */
146
-
147
- function block_ip($entries, $username = '') {
148
- global $wpdb;
149
- $events_table = AIOWPSEC_TBL_LOGIN_LOCKDOWN;
150
- if (is_array($entries)) {
151
- //lock multiple records
152
- $entries = array_filter($entries, 'is_numeric'); //discard non-numeric ID values
153
- $id_list = "(" .implode(",",$entries) .")"; //Create comma separate list for DB operation
154
- $events_table = AIOWPSEC_TBL_EVENTS;
155
- $query = "SELECT ip_or_host FROM $events_table WHERE ID IN ".$id_list;
156
- $results = $wpdb->get_col($query);
157
- if(empty($results)){
158
- AIOWPSecurity_Admin_Menu::show_msg_error_st(__('Could not process the request because the IP addresses for the selected entries could not be found!', 'WPS'));
159
- return false;
160
- }else{
161
- foreach($results as $entry){
162
- if(filter_var($entry, FILTER_VALIDATE_IP)){
163
- AIOWPSecurity_Utility::lock_IP($entry, '404', $username);
164
- }
165
- }
166
- }
167
- AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The selected IP addresses are now temporarily blocked!', 'WPS'));
168
- } elseif ($entries != NULL) {
169
- //Block single record
170
- if(filter_var($entries, FILTER_VALIDATE_IP)){
171
- AIOWPSecurity_Utility::lock_IP($entries, '404', $username);
172
- AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The selected IP address is now temporarily blocked!', 'WPS'));
173
- }else{
174
- AIOWPSecurity_Admin_Menu::show_msg_error_st(__('The selected entry is not a valid IP address!', 'WPS'));
175
- }
176
- }
177
- }
178
-
179
- /*
180
- * This function will lock an IP address by adding it to the "login_lockdown" table
181
- */
182
-
183
- function blacklist_ip_address($entries) {
184
- global $wpdb, $aio_wp_security;
185
- $bl_ip_addresses = $aio_wp_security->configs->get_value('aiowps_banned_ip_addresses'); //get the currently saved blacklisted IPs
186
- $ip_list_array = AIOWPSecurity_Utility_IP::create_ip_list_array_from_string_with_newline($bl_ip_addresses);
187
-
188
- if (is_array($entries)) {
189
- //Get the selected IP addresses
190
- $entries = array_filter($entries, 'is_numeric'); //discard non-numeric ID values
191
- $id_list = "(" .implode(",",$entries) .")"; //Create comma separate list for DB operation
192
- $events_table = AIOWPSEC_TBL_EVENTS;
193
- $query = "SELECT ip_or_host FROM $events_table WHERE ID IN ".$id_list;
194
- $results = $wpdb->get_col($query);
195
- if(empty($results)){
196
- AIOWPSecurity_Admin_Menu::show_msg_error_st(__('Could not process the request because the IP addresses for the selected entries could not be found!', 'WPS'));
197
- return false;
198
- }else{
199
- foreach($results as $entry){
200
- $ip_list_array[] = $entry;
201
- }
202
- }
203
- } elseif ($entries != NULL) {
204
- //Blacklist single record
205
- $ip_list_array[] = $entries;
206
- }
207
- $payload = AIOWPSecurity_Utility_IP::validate_ip_list($ip_list_array, 'blacklist');
208
- if($payload[0] == 1){
209
- //success case
210
- $result = 1;
211
- $list = $payload[1];
212
- $banned_ip_data = implode(PHP_EOL, $list);
213
- $aio_wp_security->configs->set_value('aiowps_enable_blacklisting','1'); //Force blacklist feature to be enabled
214
- $aio_wp_security->configs->set_value('aiowps_banned_ip_addresses',$banned_ip_data);
215
- $aio_wp_security->configs->save_config(); //Save the configuration
216
-
217
- $write_result = AIOWPSecurity_Utility_Htaccess::write_to_htaccess(); //now let's write to the .htaccess file
218
- if ( $write_result ) {
219
- AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The selected IP addresses have been added to the blacklist and will be permanently blocked!', 'WPS'));
220
- } else {
221
- AIOWPSecurity_Admin_Menu::show_msg_error_st(__('The plugin was unable to write to the .htaccess file. Please edit file manually.','all-in-one-wp-security-and-firewall'));
222
- $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_Blacklist_Menu - The plugin was unable to write to the .htaccess file.");
223
- }
224
- }
225
- else{
226
- $result = -1;
227
- $error_msg = $payload[1][0];
228
- AIOWPSecurity_Admin_Menu::show_msg_error_st($error_msg);
229
- }
230
- }
231
-
232
- /*
233
- * This function will delete selected 404 records from the "events" table.
234
- * The function accepts either an array of IDs or a single ID
235
- */
236
-
237
- function delete_404_event_records($entries) {
238
- global $wpdb, $aio_wp_security;
239
- $events_table = AIOWPSEC_TBL_EVENTS;
240
- if (is_array($entries)) {
241
- if (isset($_REQUEST['_wp_http_referer']))
242
- {
243
- //Delete multiple records
244
- $entries = array_map( 'esc_sql', $entries); //escape every array element
245
- $entries = array_filter($entries, 'is_numeric'); //discard non-numeric ID values
246
- $id_list = "(" . implode(",", $entries) . ")"; //Create comma separate list for DB operation
247
- $delete_command = "DELETE FROM " . $events_table . " WHERE id IN " . $id_list;
248
- $result = $wpdb->query($delete_command);
249
- if ($result != NULL) {
250
- AIOWPSecurity_Admin_Menu::show_msg_record_deleted_st();
251
- }
252
- }
253
-
254
- } elseif ($entries != NULL) {
255
- $nonce=isset($_GET['aiowps_nonce'])?$_GET['aiowps_nonce']:'';
256
- if (!isset($nonce) ||!wp_verify_nonce($nonce, 'delete_404_log'))
257
- {
258
- $aio_wp_security->debug_logger->log_debug("Nonce check failed for delete selected 404 event logs operation!",4);
259
- die(__('Nonce check failed for delete selected 404 event logs operation!','all-in-one-wp-security-and-firewall'));
260
- }
261
-
262
- //Delete single record
263
- $delete_command = "DELETE FROM " . $events_table . " WHERE id = '" . absint($entries) . "'";
264
- //$delete_command = $wpdb->prepare("DELETE FROM $events_table WHERE id = %s", absint($entries));
265
- $result = $wpdb->query($delete_command);
266
- if ($result != NULL) {
267
- AIOWPSecurity_Admin_Menu::show_msg_record_deleted_st();
268
- }
269
- }
270
- }
271
-
272
- function prepare_items($ignore_pagination=false) {
273
- /**
274
- * First, lets decide how many records per page to show
275
- */
276
- $per_page = 100;
277
- $columns = $this->get_columns();
278
- $hidden = array();
279
- $sortable = $this->get_sortable_columns();
280
-
281
- $this->_column_headers = array($columns, $hidden, $sortable);
282
-
283
- $this->process_bulk_action();
284
-
285
- global $wpdb;
286
- $events_table_name = AIOWPSEC_TBL_EVENTS;
287
-
288
- /* -- Ordering parameters -- */
289
- //Parameters that are going to be used to order the result
290
- isset($_GET["orderby"]) ? $orderby = strip_tags($_GET["orderby"]): $orderby = '';
291
- isset($_GET["order"]) ? $order = strip_tags($_GET["order"]): $order = '';
292
-
293
- $orderby = !empty($orderby) ? esc_sql($orderby) : 'id';
294
- $order = !empty($order) ? esc_sql($order) : 'DESC';
295
-
296
- $orderby = AIOWPSecurity_Utility::sanitize_value_by_array($orderby, $sortable);
297
- $order = AIOWPSecurity_Utility::sanitize_value_by_array($order, array('DESC' => '1', 'ASC' => '1'));
298
-
299
- if (isset($_POST['s'])) {
300
- $search_term = trim($_POST['s']);
301
- $data = $wpdb->get_results($wpdb->prepare("SELECT * FROM " . $events_table_name . " WHERE `ip_or_host` LIKE '%%%s%%' OR `url` LIKE '%%%s%%' OR `referer_info` LIKE '%%%s%%'", $search_term, $search_term, $search_term), ARRAY_A);
302
- } else {
303
- $data = $wpdb->get_results($wpdb->prepare("SELECT * FROM $events_table_name WHERE event_type=%s ORDER BY $orderby $order",'404'), ARRAY_A);
304
- }
305
- $new_data = array();
306
- foreach ($data as $row) {
307
- //lets insert an empty "status" column - we will use later
308
- $row['status'] = '';
309
- $new_data[] = $row;
310
- }
311
- if (!$ignore_pagination) {
312
- $current_page = $this->get_pagenum();
313
- $total_items = count($new_data);
314
- $new_data = array_slice($new_data, (($current_page - 1) * $per_page), $per_page);
315
- $this->set_pagination_args(array(
316
- 'total_items' => $total_items, //WE have to calculate the total number of items
317
- 'per_page' => $per_page, //WE have to determine how many items to show on a page
318
- 'total_pages' => ceil($total_items / $per_page) //WE have to calculate the total number of pages
319
- ));
320
- }
321
- $this->items = $new_data;
322
- }
323
-
324
  }
1
+ <?php
2
+ if(!defined('ABSPATH')){
3
+ exit;//Exit if accessed directly
4
+ }
5
+
6
+ class AIOWPSecurity_List_404 extends AIOWPSecurity_List_Table {
7
+
8
+ function __construct() {
9
+ global $status, $page;
10
+
11
+ //Set parent defaults
12
+ parent::__construct(array(
13
+ 'singular' => 'item', //singular name of the listed records
14
+ 'plural' => 'items', //plural name of the listed records
15
+ 'ajax' => false //does this table support ajax?
16
+ ));
17
+ }
18
+
19
+ function column_default($item, $column_name) {
20
+ return $item[$column_name];
21
+ }
22
+
23
+ function column_id($item) {
24
+ $tab = strip_tags($_REQUEST['tab']);
25
+ $ip = $item['ip_or_host'];
26
+
27
+ $blocked_ips_tab = 'tab3';
28
+ //Check if this IP address is locked
29
+ $is_locked = AIOWPSecurity_Utility::check_locked_ip($ip);
30
+ $delete_url = sprintf('admin.php?page=%s&tab=%s&action=%s&id=%s', AIOWPSEC_FIREWALL_MENU_SLUG, $tab, 'delete_event_log', $item['id']);
31
+ //Add nonce to delete URL
32
+ $delete_url_nonce = wp_nonce_url($delete_url, "delete_404_log", "aiowps_nonce");
33
+ if ($is_locked) {
34
+ //Build row actions
35
+ $actions = array(
36
+ 'unblock' => sprintf('<a href="admin.php?page=%s&tab=%s">Unblock</a>', AIOWPSEC_MAIN_MENU_SLUG, $blocked_ips_tab),
37
+ 'delete' => '<a href="'.$delete_url_nonce.'" onclick="return confirm(\'Are you sure you want to delete this item?\')">Delete</a>',
38
+ );
39
+ } else {
40
+ //Build row actions
41
+ $actions = array(
42
+ 'temp_block' => sprintf('<a href="admin.php?page=%s&tab=%s&action=%s&ip_address=%s&username=%s" onclick="return confirm(\'Are you sure you want to block this IP address?\')">Temp Block</a>', AIOWPSEC_FIREWALL_MENU_SLUG, $tab, 'temp_block', $item['ip_or_host'], $item['username']),
43
+ 'blacklist_ip' => sprintf('<a href="admin.php?page=%s&tab=%s&action=%s&ip_address=%s&username=%s" onclick="return confirm(\'Are you sure you want to permanently block this IP address?\')">Blacklist IP</a>', AIOWPSEC_FIREWALL_MENU_SLUG, $tab, 'blacklist_ip', $item['ip_or_host'], $item['username']),
44
+ 'delete' => '<a href="'.$delete_url_nonce.'" onclick="return confirm(\'Are you sure you want to delete this item?\')">Delete</a>',
45
+ );
46
+ }
47
+
48
+ //Return the user_login contents
49
+ return sprintf('%1$s <span style="color:silver"></span>%2$s',
50
+ /* $1%s */ $item['id'],
51
+ /* $2%s */ $this->row_actions($actions)
52
+ );
53
+ }
54
+
55
+ function column_status($item) {
56
+ global $aio_wp_security;
57
+ $ip = $item['ip_or_host'];
58
+ //Check if this IP address is locked
59
+ $is_locked = AIOWPSecurity_Utility::check_locked_ip($ip);
60
+ $blacklisted_string = $aio_wp_security->configs->get_value('aiowps_banned_ip_addresses');
61
+ $banned = strpos($blacklisted_string, $ip);
62
+
63
+ if ($banned !== false) {
64
+ return 'blacklisted';
65
+ } else if ($is_locked) {
66
+ return 'temporarily blocked';
67
+ } else {
68
+ return '';
69
+ }
70
+ }
71
+
72
+ function column_cb($item) {
73
+ return sprintf(
74
+ '<input type="checkbox" name="%1$s[]" value="%2$s" />',
75
+ /* $1%s */ $this->_args['singular'], //Let's simply repurpose the table's singular label
76
+ /* $2%s */ $item['id'] //The value of the checkbox should be the record's id
77
+ );
78
+ }
79
+
80
+ function get_columns() {
81
+ $columns = array(
82
+ 'cb' => '<input type="checkbox" />', //Render a checkbox
83
+ 'id' => 'ID',
84
+ 'event_type' => __('Event Type','all-in-one-wp-security-and-firewall'),
85
+ 'ip_or_host' => __('IP Address','all-in-one-wp-security-and-firewall'),
86
+ 'url' => __('Attempted URL','all-in-one-wp-security-and-firewall'),
87
+ 'referer_info' => __('Referer','all-in-one-wp-security-and-firewall'),
88
+ 'event_date' => __('Date','all-in-one-wp-security-and-firewall'),
89
+ 'status' => __('Lock Status','all-in-one-wp-security-and-firewall'),
90
+ );
91
+ $columns = apply_filters('list_404_get_columns', $columns);
92
+ return $columns;
93
+ }
94
+
95
+ function get_sortable_columns() {
96
+ $sortable_columns = array(
97
+ 'id' => array('id', false),
98
+ 'event_type' => array('event_type', false),
99
+ 'ip_or_host' => array('ip_or_host', false),
100
+ 'url' => array('url', false),
101
+ 'referer_info' => array('referer_info', false),
102
+ 'event_date' => array('event_date', false),
103
+ );
104
+ $sortable_columns = apply_filters('list_404_get_sortable_columns', $sortable_columns);
105
+ return $sortable_columns;
106
+ }
107
+
108
+ function get_bulk_actions() {
109
+ $actions = array(
110
+ //'unlock' => 'Unlock',
111
+ 'bulk_block_ip' => 'Temp Block IP',
112
+ 'bulk_blacklist_ip' => 'Blacklist IP',
113
+ 'delete' => 'Delete'
114
+ );
115
+ return $actions;
116
+ }
117
+
118
+ function process_bulk_action() {
119
+ if ('bulk_block_ip' === $this->current_action()) {//Process delete bulk actions
120
+ if (!isset($_REQUEST['item'])) {
121
+ AIOWPSecurity_Admin_Menu::show_msg_error_st(__('Please select some records using the checkboxes', 'all-in-one-wp-security-and-firewall'));
122
+ } else {
123
+ $this->block_ip(($_REQUEST['item']));
124
+ }
125
+ }
126
+
127
+ if ('bulk_blacklist_ip' === $this->current_action()) {//Process delete bulk actions
128
+ if (!isset($_REQUEST['item'])) {
129
+ AIOWPSecurity_Admin_Menu::show_msg_error_st(__('Please select some records using the checkboxes', 'all-in-one-wp-security-and-firewall'));
130
+ } else {
131
+ $this->blacklist_ip_address(($_REQUEST['item']));
132
+ }
133
+ }
134
+ if ('delete' === $this->current_action()) {//Process delete bulk actions
135
+ if (!isset($_REQUEST['item'])) {
136
+ AIOWPSecurity_Admin_Menu::show_msg_error_st(__('Please select some records using the checkboxes', 'all-in-one-wp-security-and-firewall'));
137
+ } else {
138
+ $this->delete_404_event_records(($_REQUEST['item']));
139
+ }
140
+ }
141
+ }
142
+
143
+ /*
144
+ * This function will lock an IP address by adding it to the "login_lockdown" table
145
+ */
146
+
147
+ function block_ip($entries, $username = '') {
148
+ global $wpdb;
149
+ $events_table = AIOWPSEC_TBL_LOGIN_LOCKDOWN;
150
+ if (is_array($entries)) {
151
+ //lock multiple records
152
+ $entries = array_filter($entries, 'is_numeric'); //discard non-numeric ID values
153
+ $id_list = "(" .implode(",",$entries) .")"; //Create comma separate list for DB operation
154
+ $events_table = AIOWPSEC_TBL_EVENTS;
155
+ $query = "SELECT ip_or_host FROM $events_table WHERE ID IN ".$id_list;
156
+ $results = $wpdb->get_col($query);
157
+ if(empty($results)){
158
+ AIOWPSecurity_Admin_Menu::show_msg_error_st(__('Could not process the request because the IP addresses for the selected entries could not be found!', 'WPS'));
159
+ return false;
160
+ }else{
161
+ foreach($results as $entry){
162
+ if(filter_var($entry, FILTER_VALIDATE_IP)){
163
+ AIOWPSecurity_Utility::lock_IP($entry, '404', $username);
164
+ }
165
+ }
166
+ }
167
+ AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The selected IP addresses are now temporarily blocked!', 'WPS'));
168
+ } elseif ($entries != NULL) {
169
+ //Block single record
170
+ if(filter_var($entries, FILTER_VALIDATE_IP)){
171
+ AIOWPSecurity_Utility::lock_IP($entries, '404', $username);
172
+ AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The selected IP address is now temporarily blocked!', 'WPS'));
173
+ }else{
174
+ AIOWPSecurity_Admin_Menu::show_msg_error_st(__('The selected entry is not a valid IP address!', 'WPS'));
175
+ }
176
+ }
177
+ }
178
+
179
+ /*
180
+ * This function will lock an IP address by adding it to the "login_lockdown" table
181
+ */
182
+
183
+ function blacklist_ip_address($entries) {
184
+ global $wpdb, $aio_wp_security;
185
+ $bl_ip_addresses = $aio_wp_security->configs->get_value('aiowps_banned_ip_addresses'); //get the currently saved blacklisted IPs
186
+ $ip_list_array = AIOWPSecurity_Utility_IP::create_ip_list_array_from_string_with_newline($bl_ip_addresses);
187
+
188
+ if (is_array($entries)) {
189
+ //Get the selected IP addresses
190
+ $entries = array_filter($entries, 'is_numeric'); //discard non-numeric ID values
191
+ $id_list = "(" .implode(",",$entries) .")"; //Create comma separate list for DB operation
192
+ $events_table = AIOWPSEC_TBL_EVENTS;
193
+ $query = "SELECT ip_or_host FROM $events_table WHERE ID IN ".$id_list;
194
+ $results = $wpdb->get_col($query);
195
+ if(empty($results)){
196
+ AIOWPSecurity_Admin_Menu::show_msg_error_st(__('Could not process the request because the IP addresses for the selected entries could not be found!', 'WPS'));
197
+ return false;
198
+ }else{
199
+ foreach($results as $entry){
200
+ $ip_list_array[] = $entry;
201
+ }
202
+ }
203
+ } elseif ($entries != NULL) {
204
+ //Blacklist single record
205
+ $ip_list_array[] = $entries;
206
+ }
207
+ $payload = AIOWPSecurity_Utility_IP::validate_ip_list($ip_list_array, 'blacklist');
208
+ if($payload[0] == 1){
209
+ //success case
210
+ $result = 1;
211
+ $list = $payload[1];
212
+ $banned_ip_data = implode(PHP_EOL, $list);
213
+ $aio_wp_security->configs->set_value('aiowps_enable_blacklisting','1'); //Force blacklist feature to be enabled
214
+ $aio_wp_security->configs->set_value('aiowps_banned_ip_addresses',$banned_ip_data);
215
+ $aio_wp_security->configs->save_config(); //Save the configuration
216
+
217
+ $write_result = AIOWPSecurity_Utility_Htaccess::write_to_htaccess(); //now let's write to the .htaccess file
218
+ if ( $write_result ) {
219
+ AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The selected IP addresses have been added to the blacklist and will be permanently blocked!', 'WPS'));
220
+ } else {
221
+ AIOWPSecurity_Admin_Menu::show_msg_error_st(__('The plugin was unable to write to the .htaccess file. Please edit file manually.','all-in-one-wp-security-and-firewall'));
222
+ $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_Blacklist_Menu - The plugin was unable to write to the .htaccess file.");
223
+ }
224
+ }
225
+ else{
226
+ $result = -1;
227
+ $error_msg = $payload[1][0];
228
+ AIOWPSecurity_Admin_Menu::show_msg_error_st($error_msg);
229
+ }
230
+ }
231
+
232
+ /*
233
+ * This function will delete selected 404 records from the "events" table.
234
+ * The function accepts either an array of IDs or a single ID
235
+ */
236
+
237
+ function delete_404_event_records($entries) {
238
+ global $wpdb, $aio_wp_security;
239
+ $events_table = AIOWPSEC_TBL_EVENTS;
240
+ if (is_array($entries)) {
241
+ if (isset($_REQUEST['_wp_http_referer']))
242
+ {
243
+ //Delete multiple records
244
+ $entries = array_map( 'esc_sql', $entries); //escape every array element
245
+ $entries = array_filter($entries, 'is_numeric'); //discard non-numeric ID values
246
+ $id_list = "(" . implode(",", $entries) . ")"; //Create comma separate list for DB operation
247
+ $delete_command = "DELETE FROM " . $events_table . " WHERE id IN " . $id_list;
248
+ $result = $wpdb->query($delete_command);
249
+ if ($result != NULL) {
250
+ AIOWPSecurity_Admin_Menu::show_msg_record_deleted_st();
251
+ }
252
+ }
253
+
254
+ } elseif ($entries != NULL) {
255
+ $nonce=isset($_GET['aiowps_nonce'])?$_GET['aiowps_nonce']:'';
256
+ if (!isset($nonce) ||!wp_verify_nonce($nonce, 'delete_404_log'))
257
+ {
258
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed for delete selected 404 event logs operation!",4);
259
+ die(__('Nonce check failed for delete selected 404 event logs operation!','all-in-one-wp-security-and-firewall'));
260
+ }
261
+
262
+ //Delete single record
263
+ $delete_command = "DELETE FROM " . $events_table . " WHERE id = '" . absint($entries) . "'";
264
+ //$delete_command = $wpdb->prepare("DELETE FROM $events_table WHERE id = %s", absint($entries));
265
+ $result = $wpdb->query($delete_command);
266
+ if ($result != NULL) {
267
+ AIOWPSecurity_Admin_Menu::show_msg_record_deleted_st();
268
+ }
269
+ }
270
+ }
271
+
272
+ function prepare_items($ignore_pagination=false) {
273
+ /**
274
+ * First, lets decide how many records per page to show
275
+ */
276
+ $per_page = 100;
277
+ $columns = $this->get_columns();
278
+ $hidden = array();
279
+ $sortable = $this->get_sortable_columns();
280
+
281
+ $this->_column_headers = array($columns, $hidden, $sortable);
282
+
283
+ $this->process_bulk_action();
284
+
285
+ global $wpdb;
286
+ $events_table_name = AIOWPSEC_TBL_EVENTS;
287
+
288
+ /* -- Ordering parameters -- */
289
+ //Parameters that are going to be used to order the result
290
+ isset($_GET["orderby"]) ? $orderby = strip_tags($_GET["orderby"]): $orderby = '';
291
+ isset($_GET["order"]) ? $order = strip_tags($_GET["order"]): $order = '';
292
+
293
+ $orderby = !empty($orderby) ? esc_sql($orderby) : 'id';
294
+ $order = !empty($order) ? esc_sql($order) : 'DESC';
295
+
296
+ $orderby = AIOWPSecurity_Utility::sanitize_value_by_array($orderby, $sortable);
297
+ $order = AIOWPSecurity_Utility::sanitize_value_by_array($order, array('DESC' => '1', 'ASC' => '1'));
298
+
299
+ if (isset($_POST['s'])) {
300
+ $search_term = trim($_POST['s']);
301
+ $data = $wpdb->get_results($wpdb->prepare("SELECT * FROM " . $events_table_name . " WHERE `ip_or_host` LIKE '%%%s%%' OR `url` LIKE '%%%s%%' OR `referer_info` LIKE '%%%s%%'", $search_term, $search_term, $search_term), ARRAY_A);
302
+ } else {
303
+ $data = $wpdb->get_results($wpdb->prepare("SELECT * FROM $events_table_name WHERE event_type=%s ORDER BY $orderby $order",'404'), ARRAY_A);
304
+ }
305
+ $new_data = array();
306
+ foreach ($data as $row) {
307
+ //lets insert an empty "status" column - we will use later
308
+ $row['status'] = '';
309
+ $new_data[] = $row;
310
+ }
311
+ if (!$ignore_pagination) {
312
+ $current_page = $this->get_pagenum();
313
+ $total_items = count($new_data);
314
+ $new_data = array_slice($new_data, (($current_page - 1) * $per_page), $per_page);
315
+ $this->set_pagination_args(array(
316
+ 'total_items' => $total_items, //WE have to calculate the total number of items
317
+ 'per_page' => $per_page, //WE have to determine how many items to show on a page
318
+ 'total_pages' => ceil($total_items / $per_page) //WE have to calculate the total number of pages
319
+ ));
320
+ }
321
+ $this->items = $new_data;
322
+ }
323
+
324
  }
admin/wp-security-list-acct-activity.php CHANGED
@@ -1,198 +1,201 @@
1
- <?php
2
- if(!defined('ABSPATH')){
3
- exit;//Exit if accessed directly
4
- }
5
-
6
- class AIOWPSecurity_List_Account_Activity extends AIOWPSecurity_List_Table {
7
-
8
- function __construct(){
9
- global $status, $page;
10
-
11
- //Set parent defaults
12
- parent::__construct( array(
13
- 'singular' => 'item', //singular name of the listed records
14
- 'plural' => 'items', //plural name of the listed records
15
- 'ajax' => false //does this table support ajax?
16
- ) );
17
-
18
- }
19
-
20
- function column_default($item, $column_name){
21
- return $item[$column_name];
22
- }
23
-
24
- function column_user_id($item){
25
- $tab = strip_tags($_REQUEST['tab']);
26
- $delete_url = sprintf('admin.php?page=%s&tab=%s&action=%s&activity_login_rec=%s', AIOWPSEC_USER_LOGIN_MENU_SLUG, $tab, 'delete_acct_activity_rec', $item['id']);
27
- //Add nonce to delete URL
28
- $delete_url_nonce = wp_nonce_url($delete_url, "delete_acct_activity_log", "aiowps_nonce");
29
-
30
- //Build row actions
31
- $actions = array(
32
- 'delete' => '<a href="'.$delete_url_nonce.'" onclick="return confirm(\'Are you sure you want to delete this item?\')">Delete</a>',
33
- );
34
-
35
- //Return the user_login contents
36
- return sprintf('%1$s <span style="color:silver"></span>%2$s',
37
- /*$1%s*/ $item['user_id'],
38
- /*$2%s*/ $this->row_actions($actions)
39
- );
40
- }
41
-
42
-
43
- function column_cb($item){
44
- return sprintf(
45
- '<input type="checkbox" name="%1$s[]" value="%2$s" />',
46
- /*$1%s*/ $this->_args['singular'], //Let's simply repurpose the table's singular label
47
- /*$2%s*/ $item['id'] //The value of the checkbox should be the record's id
48
- );
49
- }
50
-
51
- function get_columns(){
52
- $columns = array(
53
- 'cb' => '<input type="checkbox" />', //Render a checkbox
54
- 'user_id' => __('User ID', 'all-in-one-wp-security-and-firewall'),
55
- 'user_login' => __('Username', 'all-in-one-wp-security-and-firewall'),
56
- 'login_date' => __('Login Date', 'all-in-one-wp-security-and-firewall'),
57
- 'logout_date' => __('Logout Date', 'all-in-one-wp-security-and-firewall'),
58
- 'login_ip' => 'IP'
59
- );
60
- return $columns;
61
- }
62
-
63
- function get_sortable_columns() {
64
- $sortable_columns = array(
65
- 'user_id' => array('user_id',false),
66
- 'user_login' => array('user_login',false),
67
- 'login_date' => array('login_date',false),
68
- 'login_ip' => array('login_ip',false),
69
- 'logout_date' => array('logout_date',false),
70
- );
71
- return $sortable_columns;
72
- }
73
-
74
- function get_bulk_actions() {
75
- $actions = array(
76
- 'delete' => 'Delete'
77
- );
78
- return $actions;
79
- }
80
-
81
- function process_bulk_action() {
82
- if('delete'===$this->current_action())
83
- {//Process delete bulk actions
84
- if(!isset($_REQUEST['item']))
85
- {
86
- $error_msg = '<div id="message" class="error"><p><strong>';
87
- $error_msg .= __('Please select some records using the checkboxes','all-in-one-wp-security-and-firewall');
88
- $error_msg .= '</strong></p></div>';
89
- _e($error_msg);
90
- } else{
91
- $this->delete_login_activity_records(($_REQUEST['item']));
92
- }
93
- }
94
- }
95
-
96
-
97
-
98
- /*
99
- * This function will delete selected records from the "user_login_activity" table.
100
- * The function accepts either an array of IDs or a single ID
101
- */
102
- function delete_login_activity_records($entries)
103
- {
104
- global $wpdb, $aio_wp_security;
105
- $login_activity_table = AIOWPSEC_TBL_USER_LOGIN_ACTIVITY;
106
- if (is_array($entries))
107
- {
108
- if (isset($_REQUEST['_wp_http_referer']))
109
- {
110
- //Delete multiple records
111
- $tab = strip_tags($_REQUEST['tab']);
112
-
113
- $entries = array_filter($entries, 'is_numeric'); //discard non-numeric ID values
114
- $id_list = "(" .implode(",",$entries) .")"; //Create comma separate list for DB operation
115
- $delete_command = "DELETE FROM ".$login_activity_table." WHERE id IN ".$id_list;
116
- $result = $wpdb->query($delete_command);
117
- if($result !== false)
118
- {
119
- $redir_url = sprintf('admin.php?page=%s&tab=%s&bulk_count=%s', AIOWPSEC_USER_LOGIN_MENU_SLUG, $tab, count($entries));
120
- AIOWPSecurity_Utility::redirect_to_url($redir_url);
121
- } else {
122
- // error on bulk delete
123
- $aio_wp_security->debug_logger->log_debug("DB error: ".$wpdb->last_error,4);
124
- $redir_url = sprintf('admin.php?page=%s&tab=%s&bulk_error=%s', AIOWPSEC_USER_LOGIN_MENU_SLUG, $tab, 1);
125
- AIOWPSecurity_Utility::redirect_to_url($redir_url);
126
-
127
- }
128
- }
129
- }
130
- elseif ($entries != NULL)
131
- {
132
- $nonce=isset($_GET['aiowps_nonce'])?$_GET['aiowps_nonce']:'';
133
- if (!isset($nonce) ||!wp_verify_nonce($nonce, 'delete_acct_activity_log'))
134
- {
135
- $aio_wp_security->debug_logger->log_debug("Nonce check failed for delete selected account activity logs operation!",4);
136
- die(__('Nonce check failed for delete selected account activity logs operation!','all-in-one-wp-security-and-firewall'));
137
- }
138
- //Delete single record
139
- $delete_command = "DELETE FROM ".$login_activity_table." WHERE id = '".absint($entries)."'";
140
- $result = $wpdb->query($delete_command);
141
- if($result !== false)
142
- {
143
- $success_msg = '<div id="message" class="updated fade"><p><strong>';
144
- $success_msg .= __('The selected entry was deleted successfully!','all-in-one-wp-security-and-firewall');
145
- $success_msg .= '</strong></p></div>';
146
- echo $success_msg;
147
- }
148
- }
149
- }
150
-
151
- function prepare_items($ignore_pagination = false) {
152
- /**
153
- * First, lets decide how many records per page to show
154
- */
155
- $per_page = 100;
156
- $columns = $this->get_columns();
157
- $hidden = array();
158
- $sortable = $this->get_sortable_columns();
159
- $search = isset( $_REQUEST['s'] ) ? sanitize_text_field( $_REQUEST['s'] ) : '';
160
-
161
- $this->_column_headers = array($columns, $hidden, $sortable);
162
-
163
- $this->process_bulk_action();
164
-
165
- global $wpdb;
166
- $login_activity_table = AIOWPSEC_TBL_USER_LOGIN_ACTIVITY;
167
-
168
- /* -- Ordering parameters -- */
169
- //Parameters that are going to be used to order the result
170
-
171
- isset($_GET["orderby"]) ? $orderby = strip_tags($_GET["orderby"]) : $orderby = '';
172
- isset($_GET["order"]) ? $order = strip_tags($_GET["order"]) : $order = '';
173
-
174
- $orderby = !empty($orderby) ? esc_sql($orderby) : 'login_date';
175
- $order = !empty($order) ? esc_sql($order) : 'DESC';
176
-
177
- $orderby = AIOWPSecurity_Utility::sanitize_value_by_array($orderby, $sortable);
178
- $order = AIOWPSecurity_Utility::sanitize_value_by_array($order, array('DESC' => '1', 'ASC' => '1'));
179
-
180
- if(empty($search)) {
181
- $data = $wpdb->get_results("SELECT * FROM $login_activity_table ORDER BY $orderby $order", ARRAY_A);
182
- } else {
183
- $data = $wpdb->get_results($wpdb->prepare("SELECT * FROM $login_activity_table WHERE `user_login` LIKE '%%%s%%' OR `login_ip` LIKE '%%%s%%' ORDER BY $orderby $order LIMIT %d", $search, $search, 100), ARRAY_A);
184
- }
185
-
186
- if (!$ignore_pagination) {
187
- $current_page = $this->get_pagenum();
188
- $total_items = count($data);
189
- $data = array_slice($data, (($current_page - 1) * $per_page), $per_page);
190
- $this->set_pagination_args(array(
191
- 'total_items' => $total_items, //WE have to calculate the total number of items
192
- 'per_page' => $per_page, //WE have to determine how many items to show on a page
193
- 'total_pages' => ceil($total_items / $per_page) //WE have to calculate the total number of pages
194
- ));
195
- }
196
- $this->items = $data;
197
- }
198
- }
 
 
 
1
+ <?php
2
+ if(!defined('ABSPATH')){
3
+ exit;//Exit if accessed directly
4
+ }
5
+
6
+ class AIOWPSecurity_List_Account_Activity extends AIOWPSecurity_List_Table {
7
+
8
+ function __construct(){
9
+ global $status, $page;
10
+
11
+ //Set parent defaults
12
+ parent::__construct( array(
13
+ 'singular' => 'item', //singular name of the listed records
14
+ 'plural' => 'items', //plural name of the listed records
15
+ 'ajax' => false //does this table support ajax?
16
+ ) );
17
+
18
+ }
19
+
20
+ function column_default($item, $column_name){
21
+ return $item[$column_name];
22
+ }
23
+
24
+ function column_user_id($item){
25
+ $tab = strip_tags($_REQUEST['tab']);
26
+ $delete_url = sprintf('admin.php?page=%s&tab=%s&action=%s&activity_login_rec=%s', AIOWPSEC_USER_LOGIN_MENU_SLUG, $tab, 'delete_acct_activity_rec', $item['id']);
27
+ //Add nonce to delete URL
28
+ $delete_url_nonce = wp_nonce_url($delete_url, "delete_acct_activity_log", "aiowps_nonce");
29
+
30
+ //Build row actions
31
+ $actions = array(
32
+ 'delete' => '<a href="'.$delete_url_nonce.'" onclick="return confirm(\''.esc_js(__('Are you sure you want to delete this item?', 'all-in-one-wp-security-and-firewall')).'\')">'.__('Delete').'</a>',
33
+ );
34
+
35
+ //Return the user_login contents
36
+ return sprintf('%1$s <span style="color:silver"></span>%2$s',
37
+ /*$1%s*/ $item['user_id'],
38
+ /*$2%s*/ $this->row_actions($actions)
39
+ );
40
+ }
41
+
42
+ public function column_logout_date($item) {
43
+ return '1000-10-10 10:00:00' == $item['logout_date'] ? __('Login session still active', 'all-in-one-wp-security-and-firewall') : $item['logout_date'];
44
+ }
45
+
46
+ function column_cb($item){
47
+ return sprintf(
48
+ '<input type="checkbox" name="%1$s[]" value="%2$s" />',
49
+ /*$1%s*/ $this->_args['singular'], //Let's simply repurpose the table's singular label
50
+ /*$2%s*/ $item['id'] //The value of the checkbox should be the record's id
51
+ );
52
+ }
53
+
54
+ function get_columns(){
55
+ $columns = array(
56
+ 'cb' => '<input type="checkbox" />', //Render a checkbox
57
+ 'user_id' => __('User ID', 'all-in-one-wp-security-and-firewall'),
58
+ 'user_login' => __('Username', 'all-in-one-wp-security-and-firewall'),
59
+ 'login_date' => __('Login Date', 'all-in-one-wp-security-and-firewall'),
60
+ 'logout_date' => __('Logout Date', 'all-in-one-wp-security-and-firewall'),
61
+ 'login_ip' => 'IP'
62
+ );
63
+ return $columns;
64
+ }
65
+
66
+ function get_sortable_columns() {
67
+ $sortable_columns = array(
68
+ 'user_id' => array('user_id',false),
69
+ 'user_login' => array('user_login',false),
70
+ 'login_date' => array('login_date',false),
71
+ 'login_ip' => array('login_ip',false),
72
+ 'logout_date' => array('logout_date',false),
73
+ );
74
+ return $sortable_columns;
75
+ }
76
+
77
+ function get_bulk_actions() {
78
+ $actions = array(
79
+ 'delete' => 'Delete'
80
+ );
81
+ return $actions;
82
+ }
83
+
84
+ function process_bulk_action() {
85
+ if('delete'===$this->current_action())
86
+ {//Process delete bulk actions
87
+ if(!isset($_REQUEST['item']))
88
+ {
89
+ $error_msg = '<div id="message" class="error"><p><strong>';
90
+ $error_msg .= __('Please select some records using the checkboxes','all-in-one-wp-security-and-firewall');
91
+ $error_msg .= '</strong></p></div>';
92
+ _e($error_msg);
93
+ } else{
94
+ $this->delete_login_activity_records(($_REQUEST['item']));
95
+ }
96
+ }
97
+ }
98
+
99
+
100
+
101
+ /*
102
+ * This function will delete selected records from the "user_login_activity" table.
103
+ * The function accepts either an array of IDs or a single ID
104
+ */
105
+ function delete_login_activity_records($entries)
106
+ {
107
+ global $wpdb, $aio_wp_security;
108
+ $login_activity_table = AIOWPSEC_TBL_USER_LOGIN_ACTIVITY;
109
+ if (is_array($entries))
110
+ {
111
+ if (isset($_REQUEST['_wp_http_referer']))
112
+ {
113
+ //Delete multiple records
114
+ $tab = strip_tags($_REQUEST['tab']);
115
+
116
+ $entries = array_filter($entries, 'is_numeric'); //discard non-numeric ID values
117
+ $id_list = "(" .implode(",",$entries) .")"; //Create comma separate list for DB operation
118
+ $delete_command = "DELETE FROM ".$login_activity_table." WHERE id IN ".$id_list;
119
+ $result = $wpdb->query($delete_command);
120
+ if($result !== false)
121
+ {
122
+ $redir_url = sprintf('admin.php?page=%s&tab=%s&bulk_count=%s', AIOWPSEC_USER_LOGIN_MENU_SLUG, $tab, count($entries));
123
+ AIOWPSecurity_Utility::redirect_to_url($redir_url);
124
+ } else {
125
+ // error on bulk delete
126
+ $aio_wp_security->debug_logger->log_debug("DB error: ".$wpdb->last_error,4);
127
+ $redir_url = sprintf('admin.php?page=%s&tab=%s&bulk_error=%s', AIOWPSEC_USER_LOGIN_MENU_SLUG, $tab, 1);
128
+ AIOWPSecurity_Utility::redirect_to_url($redir_url);
129
+
130
+ }
131
+ }
132
+ }
133
+ elseif ($entries != NULL)
134
+ {
135
+ $nonce=isset($_GET['aiowps_nonce'])?$_GET['aiowps_nonce']:'';
136
+ if (!isset($nonce) ||!wp_verify_nonce($nonce, 'delete_acct_activity_log'))
137
+ {
138
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed for delete selected account activity logs operation!",4);
139
+ die(__('Nonce check failed for delete selected account activity logs operation!','all-in-one-wp-security-and-firewall'));
140
+ }
141
+ //Delete single record
142
+ $delete_command = "DELETE FROM ".$login_activity_table." WHERE id = '".absint($entries)."'";
143
+ $result = $wpdb->query($delete_command);
144
+ if($result !== false)
145
+ {
146
+ $success_msg = '<div id="message" class="updated fade"><p><strong>';
147
+ $success_msg .= __('The selected entry was deleted successfully!','all-in-one-wp-security-and-firewall');
148
+ $success_msg .= '</strong></p></div>';
149
+ echo $success_msg;
150
+ }
151
+ }
152
+ }
153
+
154
+ function prepare_items($ignore_pagination = false) {
155
+ /**
156
+ * First, lets decide how many records per page to show
157
+ */
158
+ $per_page = 100;
159
+ $columns = $this->get_columns();
160
+ $hidden = array();
161
+ $sortable = $this->get_sortable_columns();
162
+ $search = isset( $_REQUEST['s'] ) ? sanitize_text_field( $_REQUEST['s'] ) : '';
163
+
164
+ $this->_column_headers = array($columns, $hidden, $sortable);
165
+
166
+ $this->process_bulk_action();
167
+
168
+ global $wpdb;
169
+ $login_activity_table = AIOWPSEC_TBL_USER_LOGIN_ACTIVITY;
170
+
171
+ /* -- Ordering parameters -- */
172
+ //Parameters that are going to be used to order the result
173
+
174
+ isset($_GET["orderby"]) ? $orderby = strip_tags($_GET["orderby"]) : $orderby = '';
175
+ isset($_GET["order"]) ? $order = strip_tags($_GET["order"]) : $order = '';
176
+
177
+ $orderby = !empty($orderby) ? esc_sql($orderby) : 'login_date';
178
+ $order = !empty($order) ? esc_sql($order) : 'DESC';
179
+
180
+ $orderby = AIOWPSecurity_Utility::sanitize_value_by_array($orderby, $sortable);
181
+ $order = AIOWPSecurity_Utility::sanitize_value_by_array($order, array('DESC' => '1', 'ASC' => '1'));
182
+
183
+ if(empty($search)) {
184
+ $data = $wpdb->get_results("SELECT * FROM $login_activity_table ORDER BY $orderby $order", ARRAY_A);
185
+ } else {
186
+ $data = $wpdb->get_results($wpdb->prepare("SELECT * FROM $login_activity_table WHERE `user_login` LIKE '%%%s%%' OR `login_ip` LIKE '%%%s%%' ORDER BY $orderby $order LIMIT %d", $search, $search, 100), ARRAY_A);
187
+ }
188
+
189
+ if (!$ignore_pagination) {
190
+ $current_page = $this->get_pagenum();
191
+ $total_items = count($data);
192
+ $data = array_slice($data, (($current_page - 1) * $per_page), $per_page);
193
+ $this->set_pagination_args(array(
194
+ 'total_items' => $total_items, //WE have to calculate the total number of items
195
+ 'per_page' => $per_page, //WE have to determine how many items to show on a page
196
+ 'total_pages' => ceil($total_items / $per_page) //WE have to calculate the total number of pages
197
+ ));
198
+ }
199
+ $this->items = $data;
200
+ }
201
+ }
admin/wp-security-list-comment-spammer-ip.php CHANGED
@@ -1,275 +1,275 @@
1
- <?php
2
- if(!defined('ABSPATH')){
3
- exit;//Exit if accessed directly
4
- }
5
-
6
- class AIOWPSecurity_List_Comment_Spammer_IP extends AIOWPSecurity_List_Table {
7
-
8
- function __construct(){
9
- global $status, $page;
10
-
11
- //Set parent defaults
12
- parent::__construct( array(
13
- 'singular' => 'item', //singular name of the listed records
14
- 'plural' => 'items', //plural name of the listed records
15
- 'ajax' => false //does this table support ajax?
16
- ) );
17
-
18
- }
19
-
20
- function column_default($item, $column_name){
21
- return $item[$column_name];
22
- }
23
-
24
- function column_comment_author_IP($item){
25
- $tab = strip_tags($_REQUEST['tab']);
26
- //Build row actions
27
- if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1){
28
- //Suppress the block link if site is a multi site AND not the main site
29
- $actions = array(); //blank array
30
- }else{
31
- $block_url = sprintf('admin.php?page=%s&tab=%s&action=%s&spammer_ip=%s', AIOWPSEC_SPAM_MENU_SLUG, $tab, 'block_spammer_ip', $item['comment_author_IP']);
32
- //Add nonce to block URL
33
- $block_url_nonce = wp_nonce_url($block_url, "block_spammer_ip", "aiowps_nonce");
34
-
35
- $actions = array(
36
- 'block' => '<a href="'.$block_url_nonce.'" onclick="return confirm(\'Are you sure you want to permanently block this IP address?\')">Block</a>',
37
- );
38
- }
39
-
40
- //Return the user_login contents
41
- return sprintf('%1$s <span style="color:silver"></span>%2$s',
42
- /*$1%s*/ $item['comment_author_IP'],
43
- /*$2%s*/ $this->row_actions($actions)
44
- );
45
- }
46
-
47
-
48
- function column_cb($item){
49
- return sprintf(
50
- '<input type="checkbox" name="%1$s[]" value="%2$s" />',
51
- /*$1%s*/ $this->_args['singular'], //Let's simply repurpose the table's singular label
52
- /*$2%s*/ $item['comment_author_IP'] //The value of the checkbox should be the record's id
53
- );
54
- }
55
-
56
- function get_columns(){
57
- $columns = array(
58
- 'cb' => '<input type="checkbox" />', //Render a checkbox
59
- 'comment_author_IP' => __('Spammer IP', 'all-in-one-wp-security-and-firewall'),
60
- 'amount' => __('Number of SPAM Comments From This IP', 'all-in-one-wp-security-and-firewall'),
61
- 'status' => __('Status', 'all-in-one-wp-security-and-firewall'),
62
- );
63
- return $columns;
64
- }
65
-
66
- function get_sortable_columns() {
67
- $sortable_columns = array(
68
- 'comment_author_IP' => array('comment_author_IP',false),
69
- 'amount' => array('amount',false),
70
- 'status' => array('status',false),
71
- );
72
- return $sortable_columns;
73
- }
74
-
75
- function get_bulk_actions() {
76
- if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1){
77
- //Suppress the block link if site is a multi site AND not the main site
78
- $actions = array(); //blank array
79
- }else{
80
- $actions = array(
81
- 'block' => __('Block', 'all-in-one-wp-security-and-firewall')
82
- );
83
- }
84
- return $actions;
85
- }
86
-
87
- function process_bulk_action() {
88
- global $aio_wp_security;
89
- if('block'===$this->current_action())
90
- {
91
- //Process block bulk actions
92
- if(!isset($_REQUEST['item']))
93
- {
94
- $error_msg = '<div id="message" class="error"><p><strong>';
95
- $error_msg .= __('Please select some records using the checkboxes','all-in-one-wp-security-and-firewall');
96
- $error_msg .= '</strong></p></div>';
97
- _e($error_msg);
98
- } else {
99
- $this->block_spammer_ip_records(($_REQUEST['item']));
100
- }
101
- }
102
- }
103
-
104
-
105
-
106
- /*
107
- * This function will add the selected IP addresses to the blacklist.
108
- * The function accepts either an array of IDs or a single ID
109
- */
110
- function block_spammer_ip_records($entries)
111
- {
112
- global $wpdb, $aio_wp_security;
113
- if (is_array($entries))
114
- {
115
- if (isset($_REQUEST['_wp_http_referer']))
116
- {
117
- //Bulk selection using checkboxes were used
118
- foreach ($entries as $ip_add)
119
- {
120
- AIOWPSecurity_Blocking::add_ip_to_block_list($ip_add, 'spam');
121
- }
122
- }
123
- }
124
- else if ($entries != NULL)
125
- {
126
- $nonce=isset($_GET['aiowps_nonce'])?$_GET['aiowps_nonce']:'';
127
- if (!isset($nonce) ||!wp_verify_nonce($nonce, 'block_spammer_ip'))
128
- {
129
- $aio_wp_security->debug_logger->log_debug("Nonce check failed for delete selected blocked IP operation!",4);
130
- die(__('Nonce check failed for delete selected blocked IP operation!','all-in-one-wp-security-and-firewall'));
131
- }
132
-
133
- //individual entry where "block" link was clicked
134
- AIOWPSecurity_Blocking::add_ip_to_block_list($entries, 'spam');
135
- }
136
-
137
- AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The selected IP addresses are now permanently blocked!','all-in-one-wp-security-and-firewall'));
138
- }
139
-
140
- /*
141
- * (Old function which uses .htaccess blacklist - replaced by new method which uses php blocking code)
142
- * This function will add the selected IP addresses to the .htaccess blacklist.
143
- * The function accepts either an array of IDs or a single ID
144
- */
145
- function block_spammer_ip_records_old($entries)
146
- {
147
- global $wpdb, $aio_wp_security;
148
- $raw_banned_ip_list = $aio_wp_security->configs->get_value('aiowps_banned_ip_addresses');
149
- $currently_banned_ips = explode(PHP_EOL, $aio_wp_security->configs->get_value('aiowps_banned_ip_addresses'));
150
- if (is_array($entries))
151
- {
152
- if (isset($_REQUEST['_wp_http_referer']))
153
- {
154
- //Bulk selection using checkboxes were used
155
- foreach ($entries as $ip_add)
156
- {
157
- if (!empty($currently_banned_ips) && !(sizeof($currently_banned_ips) == 1 && trim($currently_banned_ips[0]) == ''))
158
- {
159
- //Check if the IP address is already in the blacklist. If not add it to the list.
160
- if (!in_array($ip_add, $currently_banned_ips))
161
- {
162
- $raw_banned_ip_list .= PHP_EOL.$ip_add;
163
- }
164
- }
165
- else
166
- {
167
- //if blacklist is currently empty just add all IP addresses to the list regardless
168
- $raw_banned_ip_list .= PHP_EOL.$ip_add;
169
- }
170
- }
171
- }
172
- }
173
- else if ($entries != NULL)
174
- {
175
- $nonce=isset($_GET['aiowps_nonce'])?$_GET['aiowps_nonce']:'';
176
- if (!isset($nonce) ||!wp_verify_nonce($nonce, 'block_spammer_ip'))
177
- {
178
- $aio_wp_security->debug_logger->log_debug("Nonce check failed for delete selected blocked IP operation!",4);
179
- die(__('Nonce check failed for delete selected blocked IP operation!','all-in-one-wp-security-and-firewall'));
180
- }
181
-
182
- //individual entry where "block" link was clicked
183
- //Check if the IP address is already in the blacklist. If not add it to the list.
184
- if (!in_array($entries, $currently_banned_ips))
185
- {
186
- $raw_banned_ip_list .= PHP_EOL.$entries;
187
- }
188
- }
189
-
190
- //Let's save the selected IP addresses to the blacklist config
191
- $aio_wp_security->configs->set_value('aiowps_banned_ip_addresses',$raw_banned_ip_list); //Save the blocked IP address config variable with the newly added addresses
192
- $aio_wp_security->configs->save_config();
193
- AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The selected IP addresses were saved in the blacklist configuration settings.','all-in-one-wp-security-and-firewall'));
194
-
195
- //Let's check if the Enable Blacklisting flag has been set - If so, we will write the new data to the .htaccess file.
196
- if($aio_wp_security->configs->get_value('aiowps_enable_blacklisting')=='1')
197
- {
198
- $write_result = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
199
- if ( $write_result )
200
- {
201
- AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The .htaccess file was successfully modified to include the selected IP addresses.','all-in-one-wp-security-and-firewall'));
202
- }
203
- else
204
- {
205
- AIOWPSecurity_Admin_Menu::show_msg_error_st(__('The plugin was unable to write to the .htaccess file. Please edit file manually.','all-in-one-wp-security-and-firewall'));
206
- $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_Blacklist_Menu - The plugin was unable to write to the .htaccess file.");
207
- }
208
- }
209
- else
210
- {
211
- $blacklist_settings_link = '<a href="admin.php?page='.AIOWPSEC_BLACKLIST_MENU_SLUG.'">Ban Users</a>';
212
- $info_msg = '<p>'.__('NOTE: The .htaccess file was not modified because you have disabled the "Enable IP or User Agent Blacklisting" check box.', 'all-in-one-wp-security-and-firewall').
213
- '<br />'.sprintf( __('To block these IP addresses you will need to enable the above flag in the %s menu', 'all-in-one-wp-security-and-firewall'), $blacklist_settings_link).'</p>';
214
- AIOWPSecurity_Admin_Menu::show_msg_updated_st($info_msg);
215
- }
216
- }
217
-
218
- function prepare_items()
219
- {
220
- //First, lets decide how many records per page to show
221
- $per_page = 100;
222
- $columns = $this->get_columns();
223
- $hidden = array();
224
- $sortable = $this->get_sortable_columns();
225
-
226
- $this->_column_headers = array($columns, $hidden, $sortable);
227
-
228
- $this->process_bulk_action();
229
-
230
- global $wpdb;
231
- global $aio_wp_security;
232
- $minimum_comments_per_ip = $aio_wp_security->configs->get_value('aiowps_spam_ip_min_comments');
233
- if (empty($minimum_comments_per_ip)) {
234
- $minimum_comments_per_ip = 5;
235
- }
236
- /* -- Ordering parameters -- */
237
- //Parameters that are going to be used to order the result
238
- isset($_GET["orderby"]) ? $orderby = strip_tags($_GET["orderby"]) : $orderby = '';
239
- isset($_GET["order"]) ? $order = strip_tags($_GET["order"]) : $order = '';
240
-
241
- $orderby = !empty($orderby) ? esc_sql($orderby) : 'amount';
242
- $order = !empty($order) ? esc_sql($order) : 'DESC';
243
-
244
- $orderby = AIOWPSecurity_Utility::sanitize_value_by_array($orderby, $sortable);
245
- $order = AIOWPSecurity_Utility::sanitize_value_by_array($order, array('DESC' => '1', 'ASC' => '1'));
246
-
247
- $sql = $wpdb->prepare("SELECT comment_author_IP, COUNT(*) AS amount
248
- FROM $wpdb->comments
249
- WHERE comment_approved = 'spam'
250
- GROUP BY comment_author_IP
251
- HAVING amount >= %d
252
- ORDER BY $orderby $order
253
- ", $minimum_comments_per_ip);
254
- $data = $wpdb->get_results($sql, ARRAY_A);
255
-
256
- //Get all permamnetly blocked IP addresses
257
- $block_list = AIOWPSecurity_Blocking::get_list_blocked_ips();
258
- if(!empty($block_list)){
259
- foreach($data as $key=>$value){
260
- if(in_array($value['comment_author_IP'],$block_list)){
261
- $data[$key]['status'] = 'blocked';
262
- }
263
- }
264
- }
265
- $current_page = $this->get_pagenum();
266
- $total_items = count($data);
267
- $data = array_slice($data, (($current_page - 1) * $per_page), $per_page);
268
- $this->items = $data;
269
- $this->set_pagination_args(array(
270
- 'total_items' => $total_items, //WE have to calculate the total number of items
271
- 'per_page' => $per_page, //WE have to determine how many items to show on a page
272
- 'total_pages' => ceil($total_items / $per_page) //WE have to calculate the total number of pages
273
- ));
274
- }
275
- }
1
+ <?php
2
+ if(!defined('ABSPATH')){
3
+ exit;//Exit if accessed directly
4
+ }
5
+
6
+ class AIOWPSecurity_List_Comment_Spammer_IP extends AIOWPSecurity_List_Table {
7
+
8
+ function __construct(){
9
+ global $status, $page;
10
+
11
+ //Set parent defaults
12
+ parent::__construct( array(
13
+ 'singular' => 'item', //singular name of the listed records
14
+ 'plural' => 'items', //plural name of the listed records
15
+ 'ajax' => false //does this table support ajax?
16
+ ) );
17
+
18
+ }
19
+
20
+ function column_default($item, $column_name){
21
+ return $item[$column_name];
22
+ }
23
+
24
+ function column_comment_author_IP($item){
25
+ $tab = strip_tags($_REQUEST['tab']);
26
+ //Build row actions
27
+ if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1){
28
+ //Suppress the block link if site is a multi site AND not the main site
29
+ $actions = array(); //blank array
30
+ }else{
31
+ $block_url = sprintf('admin.php?page=%s&tab=%s&action=%s&spammer_ip=%s', AIOWPSEC_SPAM_MENU_SLUG, $tab, 'block_spammer_ip', $item['comment_author_IP']);
32
+ //Add nonce to block URL
33
+ $block_url_nonce = wp_nonce_url($block_url, "block_spammer_ip", "aiowps_nonce");
34
+
35
+ $actions = array(
36
+ 'block' => '<a href="'.$block_url_nonce.'" onclick="return confirm(\'Are you sure you want to permanently block this IP address?\')">Block</a>',
37
+ );
38
+ }
39
+
40
+ //Return the user_login contents
41
+ return sprintf('%1$s <span style="color:silver"></span>%2$s',
42
+ /*$1%s*/ $item['comment_author_IP'],
43
+ /*$2%s*/ $this->row_actions($actions)
44
+ );
45
+ }
46
+
47
+
48
+ function column_cb($item){
49
+ return sprintf(
50
+ '<input type="checkbox" name="%1$s[]" value="%2$s" />',
51
+ /*$1%s*/ $this->_args['singular'], //Let's simply repurpose the table's singular label
52
+ /*$2%s*/ esc_attr($item['comment_author_IP']) //The value of the checkbox should be the record's id
53
+ );
54
+ }
55
+
56
+ function get_columns(){
57
+ $columns = array(
58
+ 'cb' => '<input type="checkbox" />', //Render a checkbox
59
+ 'comment_author_IP' => __('Spammer IP', 'all-in-one-wp-security-and-firewall'),
60
+ 'amount' => __('Number of SPAM Comments From This IP', 'all-in-one-wp-security-and-firewall'),
61
+ 'status' => __('Status', 'all-in-one-wp-security-and-firewall'),
62
+ );
63
+ return $columns;
64
+ }
65
+
66
+ function get_sortable_columns() {
67
+ $sortable_columns = array(
68
+ 'comment_author_IP' => array('comment_author_IP',false),
69
+ 'amount' => array('amount',false),
70
+ 'status' => array('status',false),
71
+ );
72
+ return $sortable_columns;
73
+ }
74
+
75
+ function get_bulk_actions() {
76
+ if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1){
77
+ //Suppress the block link if site is a multi site AND not the main site
78
+ $actions = array(); //blank array
79
+ }else{
80
+ $actions = array(
81
+ 'block' => __('Block', 'all-in-one-wp-security-and-firewall')
82
+ );
83
+ }
84
+ return $actions;
85
+ }
86
+
87
+ function process_bulk_action() {
88
+ global $aio_wp_security;
89
+ if('block'===$this->current_action())
90
+ {
91
+ //Process block bulk actions
92
+ if(!isset($_REQUEST['item']))
93
+ {
94
+ $error_msg = '<div id="message" class="error"><p><strong>';
95
+ $error_msg .= __('Please select some records using the checkboxes','all-in-one-wp-security-and-firewall');
96
+ $error_msg .= '</strong></p></div>';
97
+ _e($error_msg);
98
+ } else {
99
+ $this->block_spammer_ip_records(($_REQUEST['item']));
100
+ }
101
+ }
102
+ }
103
+
104
+
105
+
106
+ /*
107
+ * This function will add the selected IP addresses to the blacklist.
108
+ * The function accepts either an array of IDs or a single ID
109
+ */
110
+ function block_spammer_ip_records($entries)
111
+ {
112
+ global $wpdb, $aio_wp_security;
113
+ if (is_array($entries))
114
+ {
115
+ if (isset($_REQUEST['_wp_http_referer']))
116
+ {
117
+ //Bulk selection using checkboxes were used
118
+ foreach ($entries as $ip_add)
119
+ {
120
+ AIOWPSecurity_Blocking::add_ip_to_block_list($ip_add, 'spam');
121
+ }
122
+ }
123
+ }
124
+ else if ($entries != NULL)
125
+ {
126
+ $nonce=isset($_GET['aiowps_nonce'])?$_GET['aiowps_nonce']:'';
127
+ if (!isset($nonce) ||!wp_verify_nonce($nonce, 'block_spammer_ip'))
128
+ {
129
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed for delete selected blocked IP operation!",4);
130
+ die(__('Nonce check failed for delete selected blocked IP operation!','all-in-one-wp-security-and-firewall'));
131
+ }
132
+
133
+ //individual entry where "block" link was clicked
134
+ AIOWPSecurity_Blocking::add_ip_to_block_list($entries, 'spam');
135
+ }
136
+
137
+ AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The selected IP addresses are now permanently blocked!','all-in-one-wp-security-and-firewall'));
138
+ }
139
+
140
+ /*
141
+ * (Old function which uses .htaccess blacklist - replaced by new method which uses php blocking code)
142
+ * This function will add the selected IP addresses to the .htaccess blacklist.
143
+ * The function accepts either an array of IDs or a single ID
144
+ */
145
+ function block_spammer_ip_records_old($entries)
146
+ {
147
+ global $wpdb, $aio_wp_security;
148
+ $raw_banned_ip_list = $aio_wp_security->configs->get_value('aiowps_banned_ip_addresses');
149
+ $currently_banned_ips = explode(PHP_EOL, $aio_wp_security->configs->get_value('aiowps_banned_ip_addresses'));
150
+ if (is_array($entries))
151
+ {
152
+ if (isset($_REQUEST['_wp_http_referer']))
153
+ {
154
+ //Bulk selection using checkboxes were used
155
+ foreach ($entries as $ip_add)
156
+ {
157
+ if (!empty($currently_banned_ips) && !(sizeof($currently_banned_ips) == 1 && trim($currently_banned_ips[0]) == ''))
158
+ {
159
+ //Check if the IP address is already in the blacklist. If not add it to the list.
160
+ if (!in_array($ip_add, $currently_banned_ips))
161
+ {
162
+ $raw_banned_ip_list .= PHP_EOL.$ip_add;
163
+ }
164
+ }
165
+ else
166
+ {
167
+ //if blacklist is currently empty just add all IP addresses to the list regardless
168
+ $raw_banned_ip_list .= PHP_EOL.$ip_add;
169
+ }
170
+ }
171
+ }
172
+ }
173
+ else if ($entries != NULL)
174
+ {
175
+ $nonce=isset($_GET['aiowps_nonce'])?$_GET['aiowps_nonce']:'';
176
+ if (!isset($nonce) ||!wp_verify_nonce($nonce, 'block_spammer_ip'))
177
+ {
178
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed for delete selected blocked IP operation!",4);
179
+ die(__('Nonce check failed for delete selected blocked IP operation!','all-in-one-wp-security-and-firewall'));
180
+ }
181
+
182
+ //individual entry where "block" link was clicked
183
+ //Check if the IP address is already in the blacklist. If not add it to the list.
184
+ if (!in_array($entries, $currently_banned_ips))
185
+ {
186
+ $raw_banned_ip_list .= PHP_EOL.$entries;
187
+ }
188
+ }
189
+
190
+ //Let's save the selected IP addresses to the blacklist config
191
+ $aio_wp_security->configs->set_value('aiowps_banned_ip_addresses',$raw_banned_ip_list); //Save the blocked IP address config variable with the newly added addresses
192
+ $aio_wp_security->configs->save_config();
193
+ AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The selected IP addresses were saved in the blacklist configuration settings.','all-in-one-wp-security-and-firewall'));
194
+
195
+ //Let's check if the Enable Blacklisting flag has been set - If so, we will write the new data to the .htaccess file.
196
+ if($aio_wp_security->configs->get_value('aiowps_enable_blacklisting')=='1')
197
+ {
198
+ $write_result = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
199
+ if ( $write_result )
200
+ {
201
+ AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The .htaccess file was successfully modified to include the selected IP addresses.','all-in-one-wp-security-and-firewall'));
202
+ }
203
+ else
204
+ {
205
+ AIOWPSecurity_Admin_Menu::show_msg_error_st(__('The plugin was unable to write to the .htaccess file. Please edit file manually.','all-in-one-wp-security-and-firewall'));
206
+ $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_Blacklist_Menu - The plugin was unable to write to the .htaccess file.");
207
+ }
208
+ }
209
+ else
210
+ {
211
+ $blacklist_settings_link = '<a href="admin.php?page='.AIOWPSEC_BLACKLIST_MENU_SLUG.'">Ban Users</a>';
212
+ $info_msg = '<p>'.__('NOTE: The .htaccess file was not modified because you have disabled the "Enable IP or User Agent Blacklisting" check box.', 'all-in-one-wp-security-and-firewall').
213
+ '<br />'.sprintf( __('To block these IP addresses you will need to enable the above flag in the %s menu', 'all-in-one-wp-security-and-firewall'), $blacklist_settings_link).'</p>';
214
+ AIOWPSecurity_Admin_Menu::show_msg_updated_st($info_msg);
215
+ }
216
+ }
217
+
218
+ function prepare_items()
219
+ {
220
+ //First, lets decide how many records per page to show
221
+ $per_page = 100;
222
+ $columns = $this->get_columns();
223
+ $hidden = array();
224
+ $sortable = $this->get_sortable_columns();
225
+
226
+ $this->_column_headers = array($columns, $hidden, $sortable);
227
+
228
+ $this->process_bulk_action();
229
+
230
+ global $wpdb;
231
+ global $aio_wp_security;
232
+ $minimum_comments_per_ip = $aio_wp_security->configs->get_value('aiowps_spam_ip_min_comments');
233
+ if (empty($minimum_comments_per_ip)) {
234
+ $minimum_comments_per_ip = 5;
235
+ }
236
+ /* -- Ordering parameters -- */
237
+ //Parameters that are going to be used to order the result
238
+ isset($_GET["orderby"]) ? $orderby = strip_tags($_GET["orderby"]) : $orderby = '';
239
+ isset($_GET["order"]) ? $order = strip_tags($_GET["order"]) : $order = '';
240
+
241
+ $orderby = !empty($orderby) ? esc_sql($orderby) : 'amount';
242
+ $order = !empty($order) ? esc_sql($order) : 'DESC';
243
+
244
+ $orderby = AIOWPSecurity_Utility::sanitize_value_by_array($orderby, $sortable);
245
+ $order = AIOWPSecurity_Utility::sanitize_value_by_array($order, array('DESC' => '1', 'ASC' => '1'));
246
+
247
+ $sql = $wpdb->prepare("SELECT comment_author_IP, COUNT(*) AS amount
248
+ FROM $wpdb->comments
249
+ WHERE comment_approved = 'spam'
250
+ GROUP BY comment_author_IP
251
+ HAVING amount >= %d
252
+ ORDER BY $orderby $order
253
+ ", $minimum_comments_per_ip);
254
+ $data = $wpdb->get_results($sql, ARRAY_A);
255
+
256
+ //Get all permamnetly blocked IP addresses
257
+ $block_list = AIOWPSecurity_Blocking::get_list_blocked_ips();
258
+ if(!empty($block_list)){
259
+ foreach($data as $key=>$value){
260
+ if(in_array($value['comment_author_IP'],$block_list)){
261
+ $data[$key]['status'] = 'blocked';
262
+ }
263
+ }
264
+ }
265
+ $current_page = $this->get_pagenum();
266
+ $total_items = count($data);
267
+ $data = array_slice($data, (($current_page - 1) * $per_page), $per_page);
268
+ $this->items = $data;
269
+ $this->set_pagination_args(array(
270
+ 'total_items' => $total_items, //WE have to calculate the total number of items
271
+ 'per_page' => $per_page, //WE have to determine how many items to show on a page
272
+ 'total_pages' => ceil($total_items / $per_page) //WE have to calculate the total number of pages
273
+ ));
274
+ }
275
+ }
admin/wp-security-list-debug.php ADDED
@@ -0,0 +1,124 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ if(!defined('ABSPATH')){
3
+ exit;//Exit if accessed directly
4
+ }
5
+
6
+ class AIOWPSecurity_List_Debug_Log extends AIOWPSecurity_List_Table
7
+ {
8
+
9
+ /**
10
+ * Sets up some table attributes (i.e: the plurals and whether it's ajax or not)
11
+ */
12
+ public function __construct()
13
+ {
14
+ global $status, $page;
15
+
16
+ //Set parent defaults
17
+ parent::__construct(array(
18
+ 'singular' => 'entry', //singular name of the listed records
19
+ 'plural' => 'entries', //plural name of the listed records
20
+ 'ajax' => false //does this table support ajax?
21
+ ));
22
+
23
+ }
24
+
25
+ /**
26
+ * Returns the default column item
27
+ *
28
+ * @param object $item
29
+ * @param string $column_name
30
+ * @return void
31
+ */
32
+ public function column_default($item, $column_name)
33
+ {
34
+ return $item[$column_name];
35
+ }
36
+
37
+ /**
38
+ * Sets the columns for the table
39
+ *
40
+ * @return array
41
+ */
42
+ public function get_columns()
43
+ {
44
+ $columns = array(
45
+ 'id' => 'ID',
46
+ 'created' => __('Date and time', 'all-in-one-security-and-firewall'),
47
+ 'level' => __('Level', 'all-in-one-wp-security-and-firewall'),
48
+ 'message' => __('Message', 'all-in-one-wp-security-and-firewall'),
49
+ 'type' => __('Type', 'all-in-one-wp-security-and-firewall')
50
+ );
51
+ return $columns;
52
+ }
53
+
54
+ /**
55
+ * Sets which of the columns the table data can be sorted by
56
+ *
57
+ * @return array
58
+ */
59
+ public function get_sortable_columns()
60
+ {
61
+ $sortable_columns = array(
62
+ 'created' => array('created', false),
63
+ 'type' => array('type', false),
64
+ 'level' => array('level', false),
65
+ 'message'=>array('message', false)
66
+ );
67
+ return $sortable_columns;
68
+ }
69
+
70
+ /**
71
+ * Grabs the data from database and handles the pagination
72
+ *
73
+ * @return void
74
+ */
75
+ public function prepare_items()
76
+ {
77
+ /**
78
+ * First, lets decide how many records per page to show
79
+ */
80
+ if (defined('AIOWPSEC_DEBUG_LOG_PER_PAGE')) {
81
+ $per_page = absint(AIOWPSEC_DEBUG_LOG_PER_PAGE);
82
+ }
83
+
84
+ $per_page = empty($per_page) ? 15 : $per_page;
85
+
86
+ $columns = $this->get_columns();
87
+ $hidden = array('id'); // we really don't need the IDs of the log entries displayed
88
+ $sortable = $this->get_sortable_columns();
89
+
90
+ $this->_column_headers = array($columns, $hidden, $sortable);
91
+
92
+ global $wpdb;
93
+
94
+ $debug_log_tbl = $wpdb->prefix . 'aiowps_debug_log';
95
+
96
+ /* -- Ordering parameters -- */
97
+
98
+ //Parameters that are going to be used to order the result
99
+ isset($_GET["orderby"]) ? $orderby = strip_tags($_GET["orderby"]) : $orderby = '';
100
+ isset($_GET["order"]) ? $order = strip_tags($_GET["order"]) : $order = '';
101
+
102
+ // By default show the most recent debug log entries.
103
+ $orderby = !empty($orderby) ? esc_sql($orderby) : 'created';
104
+ $order = !empty($order) ? esc_sql($order) : 'DESC';
105
+
106
+ $orderby = AIOWPSecurity_Utility::sanitize_value_by_array($orderby, $sortable);
107
+ $order = AIOWPSecurity_Utility::sanitize_value_by_array($order, array('DESC' => '1', 'ASC' => '1'));
108
+
109
+ $orderby = sanitize_sql_orderby($orderby);
110
+ $order = sanitize_sql_orderby($order);
111
+
112
+ $data = $wpdb->get_results("SELECT * FROM {$debug_log_tbl} ORDER BY {$orderby} {$order}", 'ARRAY_A');
113
+
114
+ $current_page = $this->get_pagenum();
115
+ $total_items = count($data);
116
+ $data = array_slice($data, (($current_page - 1) * $per_page), $per_page);
117
+ $this->items = $data;
118
+ $this->set_pagination_args(array(
119
+ 'total_items' => $total_items, //WE have to calculate the total number of items
120
+ 'per_page' => $per_page, //WE have to determine how many items to show on a page
121
+ 'total_pages' => ceil($total_items / $per_page) //WE have to calculate the total number of pages
122
+ ));
123
+ }
124
+ }
admin/wp-security-list-locked-ip.php CHANGED
@@ -1,234 +1,234 @@
1
- <?php
2
- if(!defined('ABSPATH')){
3
- exit;//Exit if accessed directly
4
- }
5
-
6
- class AIOWPSecurity_List_Locked_IP extends AIOWPSecurity_List_Table {
7
-
8
- function __construct(){
9
- global $status, $page;
10
-
11
- //Set parent defaults
12
- parent::__construct( array(
13
- 'singular' => 'item', //singular name of the listed records
14
- 'plural' => 'items', //plural name of the listed records
15
- 'ajax' => false //does this table support ajax?
16
- ) );
17
-
18
- }
19
-
20
- function column_default($item, $column_name){
21
- return $item[$column_name];
22
- }
23
-
24
- function column_failed_login_ip($item){
25
- $tab = isset($_REQUEST['tab'])?strip_tags($_REQUEST['tab']):'';
26
- $delete_lockdown_record = sprintf('admin.php?page=%s&tab=%s&action=%s&lockdown_id=%s', AIOWPSEC_MAIN_MENU_SLUG, $tab, 'delete_blocked_ip', $item['id']);
27
- //Add nonce to delete URL
28
- $delete_lockdown_record_nonce = wp_nonce_url($delete_lockdown_record, "delete_lockdown_record", "aiowps_nonce");
29
-
30
- $unlock_ip_url = sprintf('admin.php?page=%s&tab=%s&action=%s&lockdown_id=%s', AIOWPSEC_MAIN_MENU_SLUG, $tab, 'unlock_ip', $item['id']);
31
- //Add nonce to unlock IP URL
32
- $unlock_ip_nonce = wp_nonce_url($unlock_ip_url, "unlock_ip", "aiowps_nonce");
33
-
34
- //Build row actions
35
- $actions = array(
36
- 'unlock' => '<a href="'.$unlock_ip_nonce.'" onclick="return confirm(\'Are you sure you want to unlock this address range?\')">Unlock</a>',
37
- 'delete' => '<a href="'.$delete_lockdown_record_nonce.'" onclick="return confirm(\'Are you sure you want to delete this item?\')">Delete</a>',
38
- );
39
-
40
- //Return the user_login contents
41
- return sprintf('%1$s <span style="color:silver"></span>%2$s',
42
- /*$1%s*/ $item['failed_login_ip'],
43
- /*$2%s*/ $this->row_actions($actions)
44
- );
45
- }
46
-
47
-
48
- function column_cb($item){
49
- return sprintf(
50
- '<input type="checkbox" name="%1$s[]" value="%2$s" />',
51
- /*$1%s*/ $this->_args['singular'], //Let's simply repurpose the table's singular label
52
- /*$2%s*/ $item['id'] //The value of the checkbox should be the record's id
53
- );
54
- }
55
-
56
- function get_columns(){
57
- $columns = array(
58
- 'cb' => '<input type="checkbox" />', //Render a checkbox
59
- 'failed_login_ip' => __('Locked IP/Range', 'all-in-one-wp-security-and-firewall'),
60
- 'user_id' => __('User ID', 'all-in-one-wp-security-and-firewall'),
61
- 'user_login' => __('Username', 'all-in-one-wp-security-and-firewall'),
62
- 'lock_reason' => __('Reason', 'all-in-one-wp-security-and-firewall'),
63
- 'lockdown_date' => __('Date Locked', 'all-in-one-wp-security-and-firewall'),
64
- 'release_date' => __('Release Date', 'all-in-one-wp-security-and-firewall')
65
- );
66
- return $columns;
67
- }
68
-
69
- function get_sortable_columns() {
70
- $sortable_columns = array(
71
- 'failed_login_ip' => array('failed_login_ip',false),
72
- 'user_id' => array('user_id',false),
73
- 'user_login' => array('user_login',false),
74
- 'lock_reason' => array('lock_reason',false),
75
- 'lockdown_date' => array('lockdown_date',false),
76
- 'release_date' => array('release_date',false)
77
- );
78
- return $sortable_columns;
79
- }
80
-
81
- function get_bulk_actions() {
82
- $actions = array(
83
- 'unlock' => __('Unlock', 'all-in-one-wp-security-and-firewall'),
84
- 'delete' => __('Delete', 'all-in-one-wp-security-and-firewall')
85
- );
86
- return $actions;
87
- }
88
-
89
- function process_bulk_action() {
90
- if('delete'===$this->current_action())
91
- {//Process delete bulk actions
92
- if(!isset($_REQUEST['item']))
93
- {
94
- AIOWPSecurity_Admin_Menu::show_msg_error_st(__('Please select some records using the checkboxes','all-in-one-wp-security-and-firewall'));
95
- }else
96
- {
97
- $this->delete_lockdown_records(($_REQUEST['item']));
98
- }
99
- }
100
-
101
- if('unlock'===$this->current_action())
102
- {//Process unlock bulk actions
103
- if(!isset($_REQUEST['item']))
104
- {
105
- AIOWPSecurity_Admin_Menu::show_msg_error_st(__('Please select some records using the checkboxes','all-in-one-wp-security-and-firewall'));
106
- }else
107
- {
108
- $this->unlock_ip_range(($_REQUEST['item']));
109
- }
110
- }
111
- }
112
-
113
-
114
- /*
115
- * This function will unlock an IP range by modifying the "release_date" column of a record in the "login_lockdown" table
116
- */
117
- function unlock_ip_range($entries)
118
- {
119
- global $wpdb,$aio_wp_security;
120
- $lockdown_table = AIOWPSEC_TBL_LOGIN_LOCKDOWN;
121
- if (is_array($entries))
122
- {
123
- if (isset($_REQUEST['_wp_http_referer']))
124
- {
125
- //Unlock multiple records
126
- $entries = array_filter($entries, 'is_numeric'); //discard non-numeric ID values
127
- $id_list = "(" .implode(",",$entries) .")"; //Create comma separate list for DB operation
128
- $unlock_command = "UPDATE ".$lockdown_table." SET release_date = now() WHERE id IN ".$id_list;
129
- $result = $wpdb->query($unlock_command);
130
- if($result != NULL)
131
- {
132
- AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The selected IP entries were unlocked successfully!','all-in-one-wp-security-and-firewall'));
133
- }
134
- }
135
- } elseif ($entries != NULL)
136
- {
137
- $nonce=isset($_GET['aiowps_nonce'])?$_GET['aiowps_nonce']:'';
138
- if (!isset($nonce) ||!wp_verify_nonce($nonce, 'unlock_ip'))
139
- {
140
- $aio_wp_security->debug_logger->log_debug("Nonce check failed for unlock IP operation!",4);
141
- die(__('Nonce check failed for unlock IP operation!','all-in-one-wp-security-and-firewall'));
142
- }
143
-
144
- //Unlock single record
145
- $unlock_command = $wpdb->prepare( "UPDATE ".$lockdown_table." SET release_date = now() WHERE id = %d", absint($entries) );
146
- $result = $wpdb->query($unlock_command);
147
- if($result != NULL)
148
- {
149
- AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The selected IP entry was unlocked successfully!','all-in-one-wp-security-and-firewall'));
150
- }
151
- }
152
- }
153
-
154
- /*
155
- * This function will delete selected records from the "login_lockdown" table.
156
- * The function accepts either an array of IDs or a single ID
157
- */
158
- function delete_lockdown_records($entries)
159
- {
160
- global $wpdb, $aio_wp_security;
161
- $lockdown_table = AIOWPSEC_TBL_LOGIN_LOCKDOWN;
162
- if (is_array($entries))
163
- {
164
- if (isset($_REQUEST['_wp_http_referer']))
165
- {
166
- //Delete multiple records
167
- $entries = array_filter($entries, 'is_numeric'); //discard non-numeric ID values
168
- $id_list = "(" .implode(",",$entries) .")"; //Create comma separate list for DB operation
169
- $delete_command = "DELETE FROM ".$lockdown_table." WHERE id IN ".$id_list;
170
- $result = $wpdb->query($delete_command);
171
- if($result != NULL)
172
- {
173
- AIOWPSecurity_Admin_Menu::show_msg_record_deleted_st();
174
- }
175
- }
176
- }
177
- elseif ($entries != NULL)
178
- {
179
- $nonce=isset($_GET['aiowps_nonce'])?$_GET['aiowps_nonce']:'';
180
- if (!isset($nonce) ||!wp_verify_nonce($nonce, 'delete_lockdown_record'))
181
- {
182
- $aio_wp_security->debug_logger->log_debug("Nonce check failed for delete lockdown record operation!",4);
183
- die(__('Nonce check failed for delete lockdown record operation!','all-in-one-wp-security-and-firewall'));
184
- }
185
- //Delete single record
186
- $delete_command = "DELETE FROM ".$lockdown_table." WHERE id = '".absint($entries)."'";
187
- $result = $wpdb->query($delete_command);
188
- if($result != NULL)
189
- {
190
- AIOWPSecurity_Admin_Menu::show_msg_record_deleted_st();
191
- }
192
- }
193
- }
194
-
195
- function prepare_items() {
196
- /**
197
- * First, lets decide how many records per page to show
198
- */
199
- $per_page = 100;
200
- $columns = $this->get_columns();
201
- $hidden = array();
202
- $sortable = $this->get_sortable_columns();
203
-
204
- $this->_column_headers = array($columns, $hidden, $sortable);
205
-
206
- $this->process_bulk_action();
207
-
208
- global $wpdb;
209
- $lockdown_table_name = AIOWPSEC_TBL_LOGIN_LOCKDOWN;
210
-
211
- /* -- Ordering parameters -- */
212
- //Parameters that are going to be used to order the result
213
- isset($_GET["orderby"]) ? $orderby = strip_tags($_GET["orderby"]): $orderby = '';
214
- isset($_GET["order"]) ? $order = strip_tags($_GET["order"]): $order = '';
215
-
216
- $orderby = !empty($orderby) ? esc_sql($orderby) : 'lockdown_date';
217
- $order = !empty($order) ? esc_sql($order) : 'DESC';
218
-
219
- $orderby = AIOWPSecurity_Utility::sanitize_value_by_array($orderby, $sortable);
220
- $order = AIOWPSecurity_Utility::sanitize_value_by_array($order, array('DESC' => '1', 'ASC' => '1'));
221
-
222
- $now = current_time( 'mysql' );
223
- $data = $wpdb->get_results($wpdb->prepare("SELECT * FROM $lockdown_table_name WHERE (lock_reason=%s OR lock_reason=%s) AND release_date > %s ORDER BY $orderby $order", 'login_fail', '404', $now), ARRAY_A);
224
- $current_page = $this->get_pagenum();
225
- $total_items = count($data);
226
- $data = array_slice($data,(($current_page-1)*$per_page),$per_page);
227
- $this->items = $data;
228
- $this->set_pagination_args( array(
229
- 'total_items' => $total_items, //WE have to calculate the total number of items
230
- 'per_page' => $per_page, //WE have to determine how many items to show on a page
231
- 'total_pages' => ceil($total_items/$per_page) //WE have to calculate the total number of pages
232
- ) );
233
- }
234
  }
1
+ <?php
2
+ if(!defined('ABSPATH')){
3
+ exit;//Exit if accessed directly
4
+ }
5
+
6
+ class AIOWPSecurity_List_Locked_IP extends AIOWPSecurity_List_Table {
7
+
8
+ function __construct(){
9
+ global $status, $page;
10
+
11
+ //Set parent defaults
12
+ parent::__construct( array(
13
+ 'singular' => 'item', //singular name of the listed records
14
+ 'plural' => 'items', //plural name of the listed records
15
+ 'ajax' => false //does this table support ajax?
16
+ ) );
17
+
18
+ }
19
+
20
+ function column_default($item, $column_name){
21
+ return $item[$column_name];
22
+ }
23
+
24
+ function column_failed_login_ip($item){
25
+ $tab = isset($_REQUEST['tab'])?strip_tags($_REQUEST['tab']):'';
26
+ $delete_lockdown_record = sprintf('admin.php?page=%s&tab=%s&action=%s&lockdown_id=%s', AIOWPSEC_MAIN_MENU_SLUG, $tab, 'delete_blocked_ip', $item['id']);
27
+ //Add nonce to delete URL
28
+ $delete_lockdown_record_nonce = wp_nonce_url($delete_lockdown_record, "delete_lockdown_record", "aiowps_nonce");
29
+
30
+ $unlock_ip_url = sprintf('admin.php?page=%s&tab=%s&action=%s&lockdown_id=%s', AIOWPSEC_MAIN_MENU_SLUG, $tab, 'unlock_ip', $item['id']);
31
+ //Add nonce to unlock IP URL
32
+ $unlock_ip_nonce = wp_nonce_url($unlock_ip_url, "unlock_ip", "aiowps_nonce");
33
+
34
+ //Build row actions
35
+ $actions = array(
36
+ 'unlock' => '<a href="'.$unlock_ip_nonce.'" onclick="return confirm(\'Are you sure you want to unlock this address range?\')">Unlock</a>',
37
+ 'delete' => '<a href="'.$delete_lockdown_record_nonce.'" onclick="return confirm(\'Are you sure you want to delete this item?\')">Delete</a>',
38
+ );
39
+
40
+ //Return the user_login contents
41
+ return sprintf('%1$s <span style="color:silver"></span>%2$s',
42
+ /*$1%s*/ $item['failed_login_ip'],
43
+ /*$2%s*/ $this->row_actions($actions)
44
+ );
45
+ }
46
+
47
+
48
+ function column_cb($item){
49
+ return sprintf(
50
+ '<input type="checkbox" name="%1$s[]" value="%2$s" />',
51
+ /*$1%s*/ $this->_args['singular'], //Let's simply repurpose the table's singular label
52
+ /*$2%s*/ $item['id'] //The value of the checkbox should be the record's id
53
+ );
54
+ }
55
+
56
+ function get_columns(){
57
+ $columns = array(
58
+ 'cb' => '<input type="checkbox" />', //Render a checkbox
59
+ 'failed_login_ip' => __('Locked IP/Range', 'all-in-one-wp-security-and-firewall'),
60
+ 'user_id' => __('User ID', 'all-in-one-wp-security-and-firewall'),
61
+ 'user_login' => __('Username', 'all-in-one-wp-security-and-firewall'),
62
+ 'lock_reason' => __('Reason', 'all-in-one-wp-security-and-firewall'),
63
+ 'lockdown_date' => __('Date Locked', 'all-in-one-wp-security-and-firewall'),
64
+ 'release_date' => __('Release Date', 'all-in-one-wp-security-and-firewall')
65
+ );
66
+ return $columns;
67
+ }
68
+
69
+ function get_sortable_columns() {
70
+ $sortable_columns = array(
71
+ 'failed_login_ip' => array('failed_login_ip',false),
72
+ 'user_id' => array('user_id',false),
73
+ 'user_login' => array('user_login',false),
74
+ 'lock_reason' => array('lock_reason',false),
75
+ 'lockdown_date' => array('lockdown_date',false),
76
+ 'release_date' => array('release_date',false)
77
+ );
78
+ return $sortable_columns;
79
+ }
80
+
81
+ function get_bulk_actions() {
82
+ $actions = array(
83
+ 'unlock' => __('Unlock', 'all-in-one-wp-security-and-firewall'),
84
+ 'delete' => __('Delete', 'all-in-one-wp-security-and-firewall')
85
+ );
86
+ return $actions;
87
+ }
88
+
89
+ function process_bulk_action() {
90
+ if('delete'===$this->current_action())
91
+ {//Process delete bulk actions
92
+ if(!isset($_REQUEST['item']))
93
+ {
94
+ AIOWPSecurity_Admin_Menu::show_msg_error_st(__('Please select some records using the checkboxes','all-in-one-wp-security-and-firewall'));
95
+ }else
96
+ {
97
+ $this->delete_lockdown_records(($_REQUEST['item']));
98
+ }
99
+ }
100
+
101
+ if('unlock'===$this->current_action())
102
+ {//Process unlock bulk actions
103
+ if(!isset($_REQUEST['item']))
104
+ {
105
+ AIOWPSecurity_Admin_Menu::show_msg_error_st(__('Please select some records using the checkboxes','all-in-one-wp-security-and-firewall'));
106
+ }else
107
+ {
108
+ $this->unlock_ip_range(($_REQUEST['item']));
109
+ }
110
+ }
111
+ }
112
+
113
+
114
+ /*
115
+ * This function will unlock an IP range by modifying the "release_date" column of a record in the "login_lockdown" table
116
+ */
117
+ function unlock_ip_range($entries)
118
+ {
119
+ global $wpdb,$aio_wp_security;
120
+ $lockdown_table = AIOWPSEC_TBL_LOGIN_LOCKDOWN;
121
+ if (is_array($entries))
122
+ {
123
+ if (isset($_REQUEST['_wp_http_referer']))
124
+ {
125
+ //Unlock multiple records
126
+ $entries = array_filter($entries, 'is_numeric'); //discard non-numeric ID values
127
+ $id_list = "(" .implode(",",$entries) .")"; //Create comma separate list for DB operation
128
+ $unlock_command = "UPDATE ".$lockdown_table." SET release_date = now() WHERE id IN ".$id_list;
129
+ $result = $wpdb->query($unlock_command);
130
+ if($result != NULL)
131
+ {
132
+ AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The selected IP entries were unlocked successfully!','all-in-one-wp-security-and-firewall'));
133
+ }
134
+ }
135
+ } elseif ($entries != NULL)
136
+ {
137
+ $nonce=isset($_GET['aiowps_nonce'])?$_GET['aiowps_nonce']:'';
138
+ if (!isset($nonce) ||!wp_verify_nonce($nonce, 'unlock_ip'))
139
+ {
140
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed for unlock IP operation!",4);
141
+ die(__('Nonce check failed for unlock IP operation!','all-in-one-wp-security-and-firewall'));
142
+ }
143
+
144
+ //Unlock single record
145
+ $unlock_command = $wpdb->prepare( "UPDATE ".$lockdown_table." SET release_date = now() WHERE id = %d", absint($entries) );
146
+ $result = $wpdb->query($unlock_command);
147
+ if($result != NULL)
148
+ {
149
+ AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The selected IP entry was unlocked successfully!','all-in-one-wp-security-and-firewall'));
150
+ }
151
+ }
152
+ }
153
+
154
+ /*
155
+ * This function will delete selected records from the "login_lockdown" table.
156
+ * The function accepts either an array of IDs or a single ID
157
+ */
158
+ function delete_lockdown_records($entries)
159
+ {
160
+ global $wpdb, $aio_wp_security;
161
+ $lockdown_table = AIOWPSEC_TBL_LOGIN_LOCKDOWN;
162
+ if (is_array($entries))
163
+ {
164
+ if (isset($_REQUEST['_wp_http_referer']))
165
+ {
166
+ //Delete multiple records
167
+ $entries = array_filter($entries, 'is_numeric'); //discard non-numeric ID values
168
+ $id_list = "(" .implode(",",$entries) .")"; //Create comma separate list for DB operation
169
+ $delete_command = "DELETE FROM ".$lockdown_table." WHERE id IN ".$id_list;
170
+ $result = $wpdb->query($delete_command);
171
+ if($result != NULL)
172
+ {
173
+ AIOWPSecurity_Admin_Menu::show_msg_record_deleted_st();
174
+ }
175
+ }
176
+ }
177
+ elseif ($entries != NULL)
178
+ {
179
+ $nonce=isset($_GET['aiowps_nonce'])?$_GET['aiowps_nonce']:'';
180
+ if (!isset($nonce) ||!wp_verify_nonce($nonce, 'delete_lockdown_record'))
181
+ {
182
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed for delete lockdown record operation!",4);
183
+ die(__('Nonce check failed for delete lockdown record operation!','all-in-one-wp-security-and-firewall'));
184
+ }
185
+ //Delete single record
186
+ $delete_command = "DELETE FROM ".$lockdown_table." WHERE id = '".absint($entries)."'";
187
+ $result = $wpdb->query($delete_command);
188
+ if($result != NULL)
189
+ {
190
+ AIOWPSecurity_Admin_Menu::show_msg_record_deleted_st();
191
+ }
192
+ }
193
+ }
194
+
195
+ function prepare_items() {
196
+ /**
197
+ * First, lets decide how many records per page to show
198
+ */
199
+ $per_page = 100;
200
+ $columns = $this->get_columns();
201
+ $hidden = array();
202
+ $sortable = $this->get_sortable_columns();
203
+
204
+ $this->_column_headers = array($columns, $hidden, $sortable);
205
+
206
+ $this->process_bulk_action();
207
+
208
+ global $wpdb;
209
+ $lockdown_table_name = AIOWPSEC_TBL_LOGIN_LOCKDOWN;
210
+
211
+ /* -- Ordering parameters -- */
212
+ //Parameters that are going to be used to order the result
213
+ isset($_GET["orderby"]) ? $orderby = strip_tags($_GET["orderby"]): $orderby = '';
214
+ isset($_GET["order"]) ? $order = strip_tags($_GET["order"]): $order = '';
215
+
216
+ $orderby = !empty($orderby) ? esc_sql($orderby) : 'lockdown_date';
217
+ $order = !empty($order) ? esc_sql($order) : 'DESC';
218
+
219
+ $orderby = AIOWPSecurity_Utility::sanitize_value_by_array($orderby, $sortable);
220
+ $order = AIOWPSecurity_Utility::sanitize_value_by_array($order, array('DESC' => '1', 'ASC' => '1'));
221
+
222
+ $now = current_time( 'mysql' );
223
+ $data = $wpdb->get_results($wpdb->prepare("SELECT * FROM $lockdown_table_name WHERE (lock_reason=%s OR lock_reason=%s) AND release_date > %s ORDER BY $orderby $order", 'login_fail', '404', $now), ARRAY_A);
224
+ $current_page = $this->get_pagenum();
225
+ $total_items = count($data);
226
+ $data = array_slice($data,(($current_page-1)*$per_page),$per_page);
227
+ $this->items = $data;
228
+ $this->set_pagination_args( array(
229
+ 'total_items' => $total_items, //WE have to calculate the total number of items
230
+ 'per_page' => $per_page, //WE have to determine how many items to show on a page
231
+ 'total_pages' => ceil($total_items/$per_page) //WE have to calculate the total number of pages
232
+ ) );
233
+ }
234
  }
admin/wp-security-list-logged-in-users.php CHANGED
@@ -1,143 +1,143 @@
1
- <?php
2
- if(!defined('ABSPATH')){
3
- exit;//Exit if accessed directly
4
- }
5
-
6
- class AIOWPSecurity_List_Logged_In_Users extends AIOWPSecurity_List_Table {
7
-
8
- function __construct(){
9
- global $status, $page;
10
-
11
- //Set parent defaults
12
- parent::__construct( array(
13
- 'singular' => 'item', //singular name of the listed records
14
- 'plural' => 'items', //plural name of the listed records
15
- 'ajax' => false //does this table support ajax?
16
- ) );
17
-
18
- }
19
-
20
- function column_default($item, $column_name){
21
- return $item[$column_name];
22
- }
23
-
24
- function column_user_id($item){
25
- $tab = strip_tags($_REQUEST['tab']);
26
- $force_logout_url = sprintf('admin.php?page=%s&tab=%s&action=%s&logged_in_id=%s&ip_address=%s', AIOWPSEC_USER_LOGIN_MENU_SLUG, $tab, 'force_user_logout', $item['user_id'], $item['ip_address']);
27
- //Add nonce to URL
28
- $force_logout_nonce = wp_nonce_url($force_logout_url, "force_user_logout", "aiowps_nonce");
29
-
30
- //Build row actions
31
- $actions = array(
32
- 'logout' => '<a href="'.$force_logout_nonce.'" onclick="return confirm(\'Are you sure you want to force this user to be logged out of this session?\')">Force Logout</a>',
33
- );
34
-
35
- //Return the user_login contents
36
- return sprintf('%1$s <span style="color:silver"></span>%2$s',
37
- /*$1%s*/ $item['user_id'],
38
- /*$2%s*/ $this->row_actions($actions)
39
- );
40
- }
41
-
42
- function get_columns(){
43
- $columns = array(
44
- 'user_id' => __('User ID', 'all-in-one-wp-security-and-firewall'),
45
- 'username' => __('Login Name', 'all-in-one-wp-security-and-firewall'),
46
- 'ip_address' => __('IP Address', 'all-in-one-wp-security-and-firewall'),
47
- );
48
- return $columns;
49
- }
50
-
51
- function get_sortable_columns() {
52
- $sortable_columns = array(
53
- 'user_id' => array('user_id',false),
54
- 'username' => array('username',false),
55
- 'ip_address' => array('ip_address',false),
56
- );
57
- return $sortable_columns;
58
- }
59
-
60
- function get_bulk_actions() {
61
- return array();
62
- }
63
-
64
- function process_bulk_action() {
65
- }
66
-
67
- /*
68
- * This function will force a selected user to be logged out.
69
- * The function accepts either an array of IDs or a single ID (TODO - bulk actions not implemented yet!)
70
- */
71
- function force_user_logout($user_id, $ip_addr)
72
- {
73
- global $wpdb, $aio_wp_security;
74
- if (is_array($user_id))
75
- {
76
- if (isset($_REQUEST['_wp_http_referer']))
77
- {
78
- //TODO - implement bulk action in future release!
79
- }
80
- }
81
- elseif ($user_id != NULL)
82
- {
83
- $nonce=isset($_GET['aiowps_nonce'])?$_GET['aiowps_nonce']:'';
84
- if (!isset($nonce) ||!wp_verify_nonce($nonce, 'force_user_logout'))
85
- {
86
- $aio_wp_security->debug_logger->log_debug("Nonce check failed for force user logout operation!",4);
87
- die(__('Nonce check failed for force user logout operation!','all-in-one-wp-security-and-firewall'));
88
- }
89
- // Force single user logout
90
- $user_id = absint($user_id);
91
- $manager = WP_Session_Tokens::get_instance( $user_id );
92
- $manager->destroy_all();
93
-
94
- $aio_wp_security->user_login_obj->cleanup_users_online_transient($user_id, $ip_addr);
95
- $success_msg = '<div id="message" class="updated fade"><p><strong>';
96
- $success_msg .= __('The selected user was logged out successfully!','all-in-one-wp-security-and-firewall');
97
- $success_msg .= '</strong></p></div>';
98
- _e($success_msg);
99
- }
100
- }
101
-
102
-
103
- function prepare_items() {
104
- //First, lets decide how many records per page to show
105
- $per_page = 100;
106
- $columns = $this->get_columns();
107
- $hidden = array();
108
- $sortable = $this->get_sortable_columns();
109
-
110
- $this->_column_headers = array($columns, $hidden, $sortable);
111
-
112
- global $wpdb;
113
- global $aio_wp_security;
114
-
115
- if (AIOWPSecurity_Utility::is_multisite_install()) {
116
- $current_blog_id = get_current_blog_id();
117
- $logged_in_users = AIOWPSecurity_User_Login::get_subsite_logged_in_users($current_blog_id);
118
- } else {
119
- $logged_in_users = get_transient('users_online');
120
- }
121
- if(empty($logged_in_users)){
122
- $logged_in_users = array(); //If no transient found set to empty array
123
- }else{
124
- foreach ($logged_in_users as $key=>$val)
125
- {
126
- $userdata = get_userdata($val['user_id']);
127
- $username = $userdata->user_login;
128
- $val['username'] = $username;
129
- $logged_in_users[$key] = $val;
130
- }
131
- }
132
- $data = $logged_in_users;
133
- $current_page = $this->get_pagenum();
134
- $total_items = count($data);
135
- $data = array_slice($data,(($current_page-1)*$per_page),$per_page);
136
- $this->items = $data;
137
- $this->set_pagination_args( array(
138
- 'total_items' => $total_items, //WE have to calculate the total number of items
139
- 'per_page' => $per_page, //WE have to determine how many items to show on a page
140
- 'total_pages' => ceil($total_items/$per_page) //WE have to calculate the total number of pages
141
- ));
142
- }
143
  }
1
+ <?php
2
+ if(!defined('ABSPATH')){
3
+ exit;//Exit if accessed directly
4
+ }
5
+
6
+ class AIOWPSecurity_List_Logged_In_Users extends AIOWPSecurity_List_Table {
7
+
8
+ function __construct(){
9
+ global $status, $page;
10
+
11
+ //Set parent defaults
12
+ parent::__construct( array(
13
+ 'singular' => 'item', //singular name of the listed records
14
+ 'plural' => 'items', //plural name of the listed records
15
+ 'ajax' => false //does this table support ajax?
16
+ ) );
17
+
18
+ }
19
+
20
+ function column_default($item, $column_name){
21
+ return $item[$column_name];
22
+ }
23
+
24
+ function column_user_id($item){
25
+ $tab = strip_tags($_REQUEST['tab']);
26
+ $force_logout_url = sprintf('admin.php?page=%s&tab=%s&action=%s&logged_in_id=%s&ip_address=%s', AIOWPSEC_USER_LOGIN_MENU_SLUG, $tab, 'force_user_logout', $item['user_id'], $item['ip_address']);
27
+ //Add nonce to URL
28
+ $force_logout_nonce = wp_nonce_url($force_logout_url, "force_user_logout", "aiowps_nonce");
29
+
30
+ //Build row actions
31
+ $actions = array(
32
+ 'logout' => '<a href="'.$force_logout_nonce.'" onclick="return confirm(\'Are you sure you want to force this user to be logged out of this session?\')">Force Logout</a>',
33
+ );
34
+
35
+ //Return the user_login contents
36
+ return sprintf('%1$s <span style="color:silver"></span>%2$s',
37
+ /*$1%s*/ $item['user_id'],
38
+ /*$2%s*/ $this->row_actions($actions)
39
+ );
40
+ }
41
+
42
+ function get_columns(){
43
+ $columns = array(
44
+ 'user_id' => __('User ID', 'all-in-one-wp-security-and-firewall'),
45
+ 'username' => __('Login Name', 'all-in-one-wp-security-and-firewall'),
46
+ 'ip_address' => __('IP Address', 'all-in-one-wp-security-and-firewall'),
47
+ );
48
+ return $columns;
49
+ }
50
+
51
+ function get_sortable_columns() {
52
+ $sortable_columns = array(
53
+ 'user_id' => array('user_id',false),
54
+ 'username' => array('username',false),
55
+ 'ip_address' => array('ip_address',false),
56
+ );
57
+ return $sortable_columns;
58
+ }
59
+
60
+ function get_bulk_actions() {
61
+ return array();
62
+ }
63
+
64
+ function process_bulk_action() {
65
+ }
66
+
67
+ /*
68
+ * This function will force a selected user to be logged out.
69
+ * The function accepts either an array of IDs or a single ID (TODO - bulk actions not implemented yet!)
70
+ */
71
+ function force_user_logout($user_id, $ip_addr)
72
+ {
73
+ global $wpdb, $aio_wp_security;
74
+ if (is_array($user_id))
75
+ {
76
+ if (isset($_REQUEST['_wp_http_referer']))
77
+ {
78
+ //TODO - implement bulk action in future release!
79
+ }
80
+ }
81
+ elseif ($user_id != NULL)
82
+ {
83
+ $nonce=isset($_GET['aiowps_nonce'])?$_GET['aiowps_nonce']:'';
84
+ if (!isset($nonce) ||!wp_verify_nonce($nonce, 'force_user_logout'))
85
+ {
86
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed for force user logout operation!",4);
87
+ die(__('Nonce check failed for force user logout operation!','all-in-one-wp-security-and-firewall'));
88
+ }
89
+ // Force single user logout
90
+ $user_id = absint($user_id);
91
+ $manager = WP_Session_Tokens::get_instance( $user_id );
92
+ $manager->destroy_all();
93
+
94
+ $aio_wp_security->user_login_obj->cleanup_users_online_transient($user_id, $ip_addr);
95
+ $success_msg = '<div id="message" class="updated fade"><p><strong>';
96
+ $success_msg .= __('The selected user was logged out successfully!','all-in-one-wp-security-and-firewall');
97
+ $success_msg .= '</strong></p></div>';
98
+ _e($success_msg);
99
+ }
100
+ }
101
+
102
+
103
+ function prepare_items() {
104
+ //First, lets decide how many records per page to show
105
+ $per_page = 100;
106
+ $columns = $this->get_columns();
107
+ $hidden = array();
108
+ $sortable = $this->get_sortable_columns();
109
+
110
+ $this->_column_headers = array($columns, $hidden, $sortable);
111
+
112
+ global $wpdb;
113
+ global $aio_wp_security;
114
+
115
+ if (AIOWPSecurity_Utility::is_multisite_install()) {
116
+ $current_blog_id = get_current_blog_id();
117
+ $logged_in_users = AIOWPSecurity_User_Login::get_subsite_logged_in_users($current_blog_id);
118
+ } else {
119
+ $logged_in_users = get_transient('users_online');
120
+ }
121
+ if(empty($logged_in_users)){
122
+ $logged_in_users = array(); //If no transient found set to empty array
123
+ }else{
124
+ foreach ($logged_in_users as $key=>$val)
125
+ {
126
+ $userdata = get_userdata($val['user_id']);
127
+ $username = $userdata->user_login;
128
+ $val['username'] = $username;
129
+ $logged_in_users[$key] = $val;
130
+ }
131
+ }
132
+ $data = $logged_in_users;
133
+ $current_page = $this->get_pagenum();
134
+ $total_items = count($data);
135
+ $data = array_slice($data,(($current_page-1)*$per_page),$per_page);
136
+ $this->items = $data;
137
+ $this->set_pagination_args( array(
138
+ 'total_items' => $total_items, //WE have to calculate the total number of items
139
+ 'per_page' => $per_page, //WE have to determine how many items to show on a page
140
+ 'total_pages' => ceil($total_items/$per_page) //WE have to calculate the total number of pages
141
+ ));
142
+ }
143
  }
admin/wp-security-list-login-fails.php CHANGED
@@ -1,195 +1,195 @@
1
- <?php
2
- if(!defined('ABSPATH')){
3
- exit;//Exit if accessed directly
4
- }
5
-
6
- class AIOWPSecurity_List_Login_Failed_Attempts extends AIOWPSecurity_List_Table {
7
-
8
- function __construct(){
9
- global $status, $page;
10
-
11
- //Set parent defaults
12
- parent::__construct( array(
13
- 'singular' => 'item', //singular name of the listed records
14
- 'plural' => 'items', //plural name of the listed records
15
- 'ajax' => false //does this table support ajax?
16
- ) );
17
-
18
- }
19
-
20
- function column_default($item, $column_name){
21
- return $item[$column_name];
22
- }
23
-
24
- function column_login_attempt_ip($item){
25
- $tab = strip_tags($_REQUEST['tab']);
26
- $delete_url = sprintf('admin.php?page=%s&tab=%s&action=%s&failed_login_id=%s', AIOWPSEC_USER_LOGIN_MENU_SLUG, $tab, 'delete_failed_login_rec', $item['id']);
27
- //Add nonce to delete URL
28
- $delete_url_nonce = wp_nonce_url($delete_url, "delete_failed_login_rec", "aiowps_nonce");
29
-
30
- //Build row actions
31
- $actions = array(
32
- 'delete' => '<a href="'.$delete_url_nonce.'" onclick="return confirm(\'Are you sure you want to delete this item?\')">Delete</a>',
33
- );
34
-
35
- //Return the user_login contents
36
- return sprintf('%1$s <span style="color:silver"></span>%2$s',
37
- /*$1%s*/ $item['login_attempt_ip'],
38
- /*$2%s*/ $this->row_actions($actions)
39
- );
40
- }
41
-
42
-
43
- function column_cb($item){
44
- return sprintf(
45
- '<input type="checkbox" name="%1$s[]" value="%2$s" />',
46
- /*$1%s*/ $this->_args['singular'], //Let's simply repurpose the table's singular label
47
- /*$2%s*/ $item['id'] //The value of the checkbox should be the record's id
48
- );
49
- }
50
-
51
- function get_columns(){
52
- $columns = array(
53
- 'cb' => '<input type="checkbox" />', //Render a checkbox
54
- 'login_attempt_ip' => __('Login IP Range', 'all-in-one-wp-security-and-firewall'),
55
- 'user_id' => __('User ID', 'all-in-one-wp-security-and-firewall'),
56
- 'user_login' => __('Username', 'all-in-one-wp-security-and-firewall'),
57
- 'failed_login_date' => __('Date', 'all-in-one-wp-security-and-firewall')
58
- );
59
- return $columns;
60
- }
61
-
62
- function get_sortable_columns() {
63
- $sortable_columns = array(
64
- 'login_attempt_ip' => array('login_attempt_ip',false),
65
- 'user_id' => array('user_id',false),
66
- 'user_login' => array('user_login',false),
67
- 'failed_login_date' => array('failed_login_date',false),
68
- );
69
- return $sortable_columns;
70
- }
71
-
72
- function get_bulk_actions() {
73
- $actions = array(
74
- 'delete' => 'Delete'
75
- );
76
- return $actions;
77
- }
78
-
79
- function process_bulk_action() {
80
- global $aio_wp_security;
81
- if('delete'===$this->current_action())
82
- {//Process delete bulk actions
83
- if(!isset($_REQUEST['item']))
84
- {
85
- $error_msg = '<div id="message" class="error"><p><strong>';
86
- $error_msg .= __('Please select some records using the checkboxes','all-in-one-wp-security-and-firewall');
87
- $error_msg .= '</strong></p></div>';
88
- _e($error_msg);
89
- } else{
90
- $this->delete_login_failed_records(($_REQUEST['item']));
91
-
92
- }
93
- }
94
- }
95
-
96
-
97
-
98
- /*
99
- * This function will delete selected records from the "failed_logins" table.
100
- * The function accepts either an array of IDs or a single ID
101
- */
102
- function delete_login_failed_records($entries)
103
- {
104
- global $wpdb, $aio_wp_security;
105
- $failed_login_table = AIOWPSEC_TBL_FAILED_LOGINS;
106
- if (is_array($entries))
107
- {
108
- if (isset($_REQUEST['_wp_http_referer']))
109
- {
110
- //Delete multiple records
111
- $tab = strip_tags($_REQUEST['tab']);
112
- $entries = array_filter($entries, 'is_numeric'); //discard non-numeric ID values
113
- $id_list = "(" .implode(",",$entries) .")"; //Create comma separate list for DB operation
114
- $delete_command = "DELETE FROM ".$failed_login_table." WHERE ID IN ".$id_list;
115
- $result = $wpdb->query($delete_command);
116
- if($result !== false)
117
- {
118
- $redir_url = sprintf('admin.php?page=%s&tab=%s&bulk_count=%s', AIOWPSEC_USER_LOGIN_MENU_SLUG, $tab, count($entries));
119
- AIOWPSecurity_Utility::redirect_to_url($redir_url);
120
- } else {
121
- // error on bulk delete
122
- $aio_wp_security->debug_logger->log_debug("DB error: ".$wpdb->last_error,4);
123
- $redir_url = sprintf('admin.php?page=%s&tab=%s&bulk_error=%s', AIOWPSEC_USER_LOGIN_MENU_SLUG, $tab, 1);
124
- AIOWPSecurity_Utility::redirect_to_url($redir_url);
125
-
126
- }
127
- }
128
-
129
- } elseif ($entries != NULL)
130
- {
131
- $nonce=isset($_GET['aiowps_nonce'])?$_GET['aiowps_nonce']:'';
132
- if (!isset($nonce) ||!wp_verify_nonce($nonce, 'delete_failed_login_rec'))
133
- {
134
- $aio_wp_security->debug_logger->log_debug("Nonce check failed for delete failed login record operation!",4);
135
- die(__('Nonce check failed for delete failed login record operation!','all-in-one-wp-security-and-firewall'));
136
- }
137
- //Delete single record
138
- $delete_command = "DELETE FROM ".$failed_login_table." WHERE ID = '".absint($entries)."'";
139
- $result = $wpdb->query($delete_command);
140
- if($result !== false)
141
- {
142
- $success_msg = '<div id="message" class="updated fade"><p><strong>';
143
- $success_msg .= __('The selected entry was deleted successfully!','all-in-one-wp-security-and-firewall');
144
- $success_msg .= '</strong></p></div>';
145
- _e($success_msg);
146
- }
147
- }
148
- }
149
-
150
- function prepare_items($ignore_pagination = false) {
151
- /**
152
- * First, lets decide how many records per page to show
153
- */
154
- $per_page = 100;
155
- $columns = $this->get_columns();
156
- $hidden = array();
157
- $sortable = $this->get_sortable_columns();
158
- $search = isset( $_REQUEST['s'] ) ? sanitize_text_field( $_REQUEST['s'] ) : '';
159
-
160
- $this->_column_headers = array($columns, $hidden, $sortable);
161
-
162
- $this->process_bulk_action();
163
-
164
- global $wpdb;
165
- $failed_logins_table_name = AIOWPSEC_TBL_FAILED_LOGINS;
166
-
167
- /* -- Ordering parameters -- */
168
- //Parameters that are going to be used to order the result
169
- isset($_GET["orderby"]) ? $orderby = strip_tags($_GET["orderby"]) : $orderby = '';
170
- isset($_GET["order"]) ? $order = strip_tags($_GET["order"]) : $order = '';
171
-
172
- $orderby = !empty($orderby) ? esc_sql($orderby) : 'failed_login_date';
173
- $order = !empty($order) ? esc_sql($order) : 'DESC';
174
-
175
- $orderby = AIOWPSecurity_Utility::sanitize_value_by_array($orderby, $sortable);
176
- $order = AIOWPSecurity_Utility::sanitize_value_by_array($order, array('DESC' => '1', 'ASC' => '1'));
177
- if(empty($search)) {
178
- $data = $wpdb->get_results("SELECT * FROM " . $failed_logins_table_name . " ORDER BY $orderby $order", ARRAY_A);
179
- } else {
180
- $data = $wpdb->get_results($wpdb->prepare("SELECT * FROM $failed_logins_table_name WHERE `user_login` LIKE '%%%s%%' OR `login_attempt_ip` LIKE '%%%s%%' ORDER BY $orderby $order", $search, $search), ARRAY_A);
181
- }
182
-
183
- if (!$ignore_pagination) {
184
- $current_page = $this->get_pagenum();
185
- $total_items = count($data);
186
- $data = array_slice($data, (($current_page - 1) * $per_page), $per_page);
187
- $this->set_pagination_args(array(
188
- 'total_items' => $total_items, //WE have to calculate the total number of items
189
- 'per_page' => $per_page, //WE have to determine how many items to show on a page
190
- 'total_pages' => ceil($total_items / $per_page) //WE have to calculate the total number of pages
191
- ));
192
- }
193
- $this->items = $data;
194
- }
195
- }
1
+ <?php
2
+ if(!defined('ABSPATH')){
3
+ exit;//Exit if accessed directly
4
+ }
5
+
6
+ class AIOWPSecurity_List_Login_Failed_Attempts extends AIOWPSecurity_List_Table {
7
+
8
+ function __construct(){
9
+ global $status, $page;
10
+
11
+ //Set parent defaults
12
+ parent::__construct( array(
13
+ 'singular' => 'item', //singular name of the listed records
14
+ 'plural' => 'items', //plural name of the listed records
15
+ 'ajax' => false //does this table support ajax?
16
+ ) );
17
+
18
+ }
19
+
20
+ function column_default($item, $column_name){
21
+ return $item[$column_name];
22
+ }
23
+
24
+ function column_login_attempt_ip($item){
25
+ $tab = strip_tags($_REQUEST['tab']);
26
+ $delete_url = sprintf('admin.php?page=%s&tab=%s&action=%s&failed_login_id=%s', AIOWPSEC_USER_LOGIN_MENU_SLUG, $tab, 'delete_failed_login_rec', $item['id']);
27
+ //Add nonce to delete URL
28
+ $delete_url_nonce = wp_nonce_url($delete_url, "delete_failed_login_rec", "aiowps_nonce");
29
+
30
+ //Build row actions
31
+ $actions = array(
32
+ 'delete' => '<a href="'.$delete_url_nonce.'" onclick="return confirm(\'Are you sure you want to delete this item?\')">Delete</a>',
33
+ );
34
+
35
+ //Return the user_login contents
36
+ return sprintf('%1$s <span style="color:silver"></span>%2$s',
37
+ /*$1%s*/ $item['login_attempt_ip'],
38
+ /*$2%s*/ $this->row_actions($actions)
39
+ );
40
+ }
41
+
42
+
43
+ function column_cb($item){
44
+ return sprintf(
45
+ '<input type="checkbox" name="%1$s[]" value="%2$s" />',
46
+ /*$1%s*/ $this->_args['singular'], //Let's simply repurpose the table's singular label
47
+ /*$2%s*/ $item['id'] //The value of the checkbox should be the record's id
48
+ );
49
+ }
50
+
51
+ function get_columns(){
52
+ $columns = array(
53
+ 'cb' => '<input type="checkbox" />', //Render a checkbox
54
+ 'login_attempt_ip' => __('Login IP Range', 'all-in-one-wp-security-and-firewall'),
55
+ 'user_id' => __('User ID', 'all-in-one-wp-security-and-firewall'),
56
+ 'user_login' => __('Username', 'all-in-one-wp-security-and-firewall'),
57
+ 'failed_login_date' => __('Date', 'all-in-one-wp-security-and-firewall')
58
+ );
59
+ return $columns;
60
+ }
61
+
62
+ function get_sortable_columns() {
63
+ $sortable_columns = array(
64
+ 'login_attempt_ip' => array('login_attempt_ip',false),
65
+ 'user_id' => array('user_id',false),
66
+ 'user_login' => array('user_login',false),
67
+ 'failed_login_date' => array('failed_login_date',false),
68
+ );
69
+ return $sortable_columns;
70
+ }
71
+
72
+ function get_bulk_actions() {
73
+ $actions = array(
74
+ 'delete' => 'Delete'
75
+ );
76
+ return $actions;
77
+ }
78
+
79
+ function process_bulk_action() {
80
+ global $aio_wp_security;
81
+ if('delete'===$this->current_action())
82
+ {//Process delete bulk actions
83
+ if(!isset($_REQUEST['item']))
84
+ {
85
+ $error_msg = '<div id="message" class="error"><p><strong>';
86
+ $error_msg .= __('Please select some records using the checkboxes','all-in-one-wp-security-and-firewall');
87
+ $error_msg .= '</strong></p></div>';
88
+ _e($error_msg);
89
+ } else{
90
+ $this->delete_login_failed_records(($_REQUEST['item']));
91
+
92
+ }
93
+ }
94
+ }
95
+
96
+
97
+
98
+ /*
99
+ * This function will delete selected records from the "failed_logins" table.
100
+ * The function accepts either an array of IDs or a single ID
101
+ */
102
+ function delete_login_failed_records($entries)
103
+ {
104
+ global $wpdb, $aio_wp_security;
105
+ $failed_login_table = AIOWPSEC_TBL_FAILED_LOGINS;
106
+ if (is_array($entries))
107
+ {
108
+ if (isset($_REQUEST['_wp_http_referer']))
109
+ {
110
+ //Delete multiple records
111
+ $tab = strip_tags($_REQUEST['tab']);
112
+ $entries = array_filter($entries, 'is_numeric'); //discard non-numeric ID values
113
+ $id_list = "(" .implode(",",$entries) .")"; //Create comma separate list for DB operation
114
+ $delete_command = "DELETE FROM ".$failed_login_table." WHERE ID IN ".$id_list;
115
+ $result = $wpdb->query($delete_command);
116
+ if($result !== false)
117
+ {
118
+ $redir_url = sprintf('admin.php?page=%s&tab=%s&bulk_count=%s', AIOWPSEC_USER_LOGIN_MENU_SLUG, $tab, count($entries));
119
+ AIOWPSecurity_Utility::redirect_to_url($redir_url);
120
+ } else {
121
+ // error on bulk delete
122
+ $aio_wp_security->debug_logger->log_debug("DB error: ".$wpdb->last_error,4);
123
+ $redir_url = sprintf('admin.php?page=%s&tab=%s&bulk_error=%s', AIOWPSEC_USER_LOGIN_MENU_SLUG, $tab, 1);
124
+ AIOWPSecurity_Utility::redirect_to_url($redir_url);
125
+
126
+ }
127
+ }
128
+
129
+ } elseif ($entries != NULL)
130
+ {
131
+ $nonce=isset($_GET['aiowps_nonce'])?$_GET['aiowps_nonce']:'';
132
+ if (!isset($nonce) ||!wp_verify_nonce($nonce, 'delete_failed_login_rec'))
133
+ {
134
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed for delete failed login record operation!",4);
135
+ die(__('Nonce check failed for delete failed login record operation!','all-in-one-wp-security-and-firewall'));
136
+ }
137
+ //Delete single record
138
+ $delete_command = "DELETE FROM ".$failed_login_table." WHERE ID = '".absint($entries)."'";
139
+ $result = $wpdb->query($delete_command);
140
+ if($result !== false)
141
+ {
142
+ $success_msg = '<div id="message" class="updated fade"><p><strong>';
143
+ $success_msg .= __('The selected entry was deleted successfully!','all-in-one-wp-security-and-firewall');
144
+ $success_msg .= '</strong></p></div>';
145
+ _e($success_msg);
146
+ }
147
+ }
148
+ }
149
+
150
+ function prepare_items($ignore_pagination = false) {
151
+ /**
152
+ * First, lets decide how many records per page to show
153
+ */
154
+ $per_page = 100;
155
+ $columns = $this->get_columns();
156
+ $hidden = array();
157
+ $sortable = $this->get_sortable_columns();
158
+ $search = isset( $_REQUEST['s'] ) ? sanitize_text_field( $_REQUEST['s'] ) : '';
159
+
160
+ $this->_column_headers = array($columns, $hidden, $sortable);
161
+
162
+ $this->process_bulk_action();
163
+
164
+ global $wpdb;
165
+ $failed_logins_table_name = AIOWPSEC_TBL_FAILED_LOGINS;
166
+
167
+ /* -- Ordering parameters -- */
168
+ //Parameters that are going to be used to order the result
169
+ isset($_GET["orderby"]) ? $orderby = strip_tags($_GET["orderby"]) : $orderby = '';
170
+ isset($_GET["order"]) ? $order = strip_tags($_GET["order"]) : $order = '';
171
+
172
+ $orderby = !empty($orderby) ? esc_sql($orderby) : 'failed_login_date';
173
+ $order = !empty($order) ? esc_sql($order) : 'DESC';
174
+
175
+ $orderby = AIOWPSecurity_Utility::sanitize_value_by_array($orderby, $sortable);
176
+ $order = AIOWPSecurity_Utility::sanitize_value_by_array($order, array('DESC' => '1', 'ASC' => '1'));
177
+ if(empty($search)) {
178
+ $data = $wpdb->get_results("SELECT * FROM " . $failed_logins_table_name . " ORDER BY $orderby $order", ARRAY_A);
179
+ } else {
180
+ $data = $wpdb->get_results($wpdb->prepare("SELECT * FROM $failed_logins_table_name WHERE `user_login` LIKE '%%%s%%' OR `login_attempt_ip` LIKE '%%%s%%' ORDER BY $orderby $order", $search, $search), ARRAY_A);
181
+ }
182
+
183
+ if (!$ignore_pagination) {
184
+ $current_page = $this->get_pagenum();
185
+ $total_items = count($data);
186
+ $data = array_slice($data, (($current_page - 1) * $per_page), $per_page);
187
+ $this->set_pagination_args(array(
188
+ 'total_items' => $total_items, //WE have to calculate the total number of items
189
+ 'per_page' => $per_page, //WE have to determine how many items to show on a page
190
+ 'total_pages' => ceil($total_items / $per_page) //WE have to calculate the total number of pages
191
+ ));
192
+ }
193
+ $this->items = $data;
194
+ }
195
+ }
admin/wp-security-list-permanent-blocked-ip.php CHANGED
@@ -1,192 +1,192 @@
1
- <?php
2
- if(!defined('ABSPATH')){
3
- exit;//Exit if accessed directly
4
- }
5
-
6
- class AIOWPSecurity_List_Blocked_IP extends AIOWPSecurity_List_Table
7
- {
8
-
9
- function __construct()
10
- {
11
- global $status, $page;
12
-
13
- //Set parent defaults
14
- parent::__construct(array(
15
- 'singular' => 'item', //singular name of the listed records
16
- 'plural' => 'items', //plural name of the listed records
17
- 'ajax' => false //does this table support ajax?
18
- ));
19
-
20
- }
21
-
22
- function column_default($item, $column_name)
23
- {
24
- return $item[$column_name];
25
- }
26
-
27
- function column_id($item)
28
- {
29
- $tab = isset($_REQUEST['tab']) ? strip_tags($_REQUEST['tab']) : '';
30
- //Add nonce to delete URL
31
- $unblock_ip_url = sprintf('admin.php?page=%s&tab=%s&action=%s&blocked_id=%s', AIOWPSEC_MAIN_MENU_SLUG, $tab, 'unblock_ip', $item['id']);
32
- //Add nonce to unlock IP URL
33
- $unblock_ip_nonce = wp_nonce_url($unblock_ip_url, "unblock_ip", "aiowps_nonce");
34
-
35
- //Build row actions
36
- $actions = array(
37
- 'unblock' => '<a href="' . $unblock_ip_nonce . '" onclick="return confirm(\'Are you sure you want to unblock this IP address?\')">Unblock</a>',
38
- );
39
-
40
- //Return the user_login contents
41
- return sprintf('%1$s <span style="color:silver"></span>%2$s',
42
- /*$1%s*/
43
- $item['id'],
44
- /*$2%s*/
45
- $this->row_actions($actions)
46
- );
47
- }
48
-
49
-
50
- function column_cb($item)
51
- {
52
- return sprintf(
53
- '<input type="checkbox" name="%1$s[]" value="%2$s" />',
54
- /*$1%s*/
55
- $this->_args['singular'], //Let's simply repurpose the table's singular label
56
- /*$2%s*/
57
- $item['id'] //The value of the checkbox should be the record's id
58
- );
59
- }
60
-
61
- function get_columns()
62
- {
63
- $columns = array(
64
- 'cb' => '<input type="checkbox" />', //Render a checkbox
65
- 'id' => 'ID',
66
- 'blocked_ip' => __('Blocked IP', 'all-in-one-wp-security-and-firewall'),
67
- 'block_reason' => __('Reason', 'all-in-one-wp-security-and-firewall'),
68
- 'blocked_date' => __('Date', 'all-in-one-wp-security-and-firewall')
69
- );
70
- return $columns;
71
- }
72
-
73
- function get_sortable_columns()
74
- {
75
- $sortable_columns = array(
76
- 'id' => array('id', false),
77
- 'blocked_ip' => array('blocked_ip', false),
78
- 'block_reason' => array('block_reason', false),
79
- 'blocked_date' => array('blocked_date', false)
80
- );
81
- return $sortable_columns;
82
- }
83
-
84
- function get_bulk_actions()
85
- {
86
- $actions = array(
87
- 'unblock' => __('Unblock', 'all-in-one-wp-security-and-firewall')
88
- );
89
- return $actions;
90
- }
91
-
92
- function process_bulk_action()
93
- {
94
- if ('unblock' === $this->current_action()) {//Process unlock bulk actions
95
- if (!isset($_REQUEST['item'])) {
96
- AIOWPSecurity_Admin_Menu::show_msg_error_st(__('Please select some records using the checkboxes', 'all-in-one-wp-security-and-firewall'));
97
- } else {
98
- $this->unblock_ip_address(($_REQUEST['item']));
99
- }
100
- }
101
- }
102
-
103
-
104
- /*
105
- * This function will delete selected records from the "AIOWPSEC_TBL_PERM_BLOCK" table.
106
- * The function accepts either an array of IDs or a single ID
107
- */
108
- function unblock_ip_address($entries)
109
- {
110
- global $wpdb, $aio_wp_security;
111
- if (is_array($entries)) {
112
- if (isset($_REQUEST['_wp_http_referer'])) {
113
- // multiple records
114
- $tab = strip_tags($_REQUEST['tab']);
115
-
116
- $entries = array_filter($entries, 'is_numeric'); //discard non-numeric ID values
117
- $id_list = "(" . implode(",", $entries) . ")"; //Create comma separate list for DB operation
118
- $delete_command = "DELETE FROM " . AIOWPSEC_TBL_PERM_BLOCK . " WHERE id IN " . $id_list;
119
- $result = $wpdb->query($delete_command);
120
- if($result !== false)
121
- {
122
- $redir_url = sprintf('admin.php?page=%s&tab=%s&bulk_count=%s', AIOWPSEC_MAIN_MENU_SLUG, $tab, count($entries));
123
- AIOWPSecurity_Utility::redirect_to_url($redir_url);
124
- } else {
125
- // error on bulk delete
126
- $aio_wp_security->debug_logger->log_debug("DB error: ".$wpdb->last_error,4);
127
- $redir_url = sprintf('admin.php?page=%s&tab=%s&bulk_error=%s', AIOWPSEC_MAIN_MENU_SLUG, $tab, 1);
128
- AIOWPSecurity_Utility::redirect_to_url($redir_url);
129
-
130
- }
131
- }
132
- } elseif ($entries != NULL) {
133
- $nonce = isset($_GET['aiowps_nonce']) ? $_GET['aiowps_nonce'] : '';
134
- if (!isset($nonce) || !wp_verify_nonce($nonce, 'unblock_ip')) {
135
- $aio_wp_security->debug_logger->log_debug("Nonce check failed for unblock IP operation!", 4);
136
- die(__('Nonce check failed for unblock IP operation!', 'all-in-one-wp-security-and-firewall'));
137
- }
138
- //Delete single record
139
- $delete_command = "DELETE FROM " . AIOWPSEC_TBL_PERM_BLOCK . " WHERE id = '" . absint($entries) . "'";
140
- $result = $wpdb->query($delete_command);
141
- if ($result !== false) {
142
- AIOWPSecurity_Admin_Menu::show_msg_record_deleted_st();
143
- }
144
- }
145
- }
146
-
147
- function prepare_items()
148
- {
149
- /**
150
- * First, lets decide how many records per page to show
151
- */
152
- $per_page = 100;
153
- $columns = $this->get_columns();
154
- $hidden = array();
155
- $sortable = $this->get_sortable_columns();
156
- $search = isset( $_REQUEST['s'] ) ? sanitize_text_field( $_REQUEST['s'] ) : '';
157
-
158
- $this->_column_headers = array($columns, $hidden, $sortable);
159
-
160
- $this->process_bulk_action();
161
-
162
- global $wpdb;
163
- $block_table_name = AIOWPSEC_TBL_PERM_BLOCK;
164
-
165
- /* -- Ordering parameters -- */
166
- //Parameters that are going to be used to order the result
167
- isset($_GET["orderby"]) ? $orderby = strip_tags($_GET["orderby"]) : $orderby = '';
168
- isset($_GET["order"]) ? $order = strip_tags($_GET["order"]) : $order = '';
169
-
170
- $orderby = !empty($orderby) ? esc_sql($orderby) : 'id';
171
- $order = !empty($order) ? esc_sql($order) : 'DESC';
172
-
173
- $orderby = AIOWPSecurity_Utility::sanitize_value_by_array($orderby, $sortable);
174
- $order = AIOWPSecurity_Utility::sanitize_value_by_array($order, array('DESC' => '1', 'ASC' => '1'));
175
-
176
- if(empty($search)) {
177
- $data = $wpdb->get_results("SELECT * FROM " . $block_table_name . " ORDER BY $orderby $order", ARRAY_A);
178
- } else {
179
- $data = $wpdb->get_results($wpdb->prepare("SELECT * FROM " . $block_table_name . " WHERE `blocked_ip` LIKE '%%%s%%' OR `block_reason` LIKE '%%%s%%' OR `country_origin` LIKE '%%%s%%' OR `blocked_date` LIKE '%%%s%%' ORDER BY $orderby $order", $search, $search, $search, $search), ARRAY_A);
180
- }
181
-
182
- $current_page = $this->get_pagenum();
183
- $total_items = count($data);
184
- $data = array_slice($data, (($current_page - 1) * $per_page), $per_page);
185
- $this->items = $data;
186
- $this->set_pagination_args(array(
187
- 'total_items' => $total_items, //WE have to calculate the total number of items
188
- 'per_page' => $per_page, //WE have to determine how many items to show on a page
189
- 'total_pages' => ceil($total_items / $per_page) //WE have to calculate the total number of pages
190
- ));
191
- }
192
  }
1
+ <?php
2
+ if(!defined('ABSPATH')){
3
+ exit;//Exit if accessed directly
4
+ }
5
+
6
+ class AIOWPSecurity_List_Blocked_IP extends AIOWPSecurity_List_Table
7
+ {
8
+
9
+ function __construct()
10
+ {
11
+ global $status, $page;
12
+
13
+ //Set parent defaults
14
+ parent::__construct(array(
15
+ 'singular' => 'item', //singular name of the listed records
16
+ 'plural' => 'items', //plural name of the listed records
17
+ 'ajax' => false //does this table support ajax?
18
+ ));
19
+
20
+ }
21
+
22
+ function column_default($item, $column_name)
23
+ {
24
+ return $item[$column_name];
25
+ }
26
+
27
+ function column_id($item)
28
+ {
29
+ $tab = isset($_REQUEST['tab']) ? strip_tags($_REQUEST['tab']) : '';
30
+ //Add nonce to delete URL
31
+ $unblock_ip_url = sprintf('admin.php?page=%s&tab=%s&action=%s&blocked_id=%s', AIOWPSEC_MAIN_MENU_SLUG, $tab, 'unblock_ip', $item['id']);
32
+ //Add nonce to unlock IP URL
33
+ $unblock_ip_nonce = wp_nonce_url($unblock_ip_url, "unblock_ip", "aiowps_nonce");
34
+
35
+ //Build row actions
36
+ $actions = array(
37
+ 'unblock' => '<a href="' . $unblock_ip_nonce . '" onclick="return confirm(\'Are you sure you want to unblock this IP address?\')">Unblock</a>',
38
+ );
39
+
40
+ //Return the user_login contents
41
+ return sprintf('%1$s <span style="color:silver"></span>%2$s',
42
+ /*$1%s*/
43
+ $item['id'],
44
+ /*$2%s*/
45
+ $this->row_actions($actions)
46
+ );
47
+ }
48
+
49
+
50
+ function column_cb($item)
51
+ {
52
+ return sprintf(
53
+ '<input type="checkbox" name="%1$s[]" value="%2$s" />',
54
+ /*$1%s*/
55
+ $this->_args['singular'], //Let's simply repurpose the table's singular label
56
+ /*$2%s*/
57
+ $item['id'] //The value of the checkbox should be the record's id
58
+ );
59
+ }
60
+
61
+ function get_columns()
62
+ {
63
+ $columns = array(
64
+ 'cb' => '<input type="checkbox" />', //Render a checkbox
65
+ 'id' => 'ID',
66
+ 'blocked_ip' => __('Blocked IP', 'all-in-one-wp-security-and-firewall'),
67
+ 'block_reason' => __('Reason', 'all-in-one-wp-security-and-firewall'),
68
+ 'blocked_date' => __('Date', 'all-in-one-wp-security-and-firewall')
69
+ );
70
+ return $columns;
71
+ }
72
+
73
+ function get_sortable_columns()
74
+ {
75
+ $sortable_columns = array(
76
+ 'id' => array('id', false),
77
+ 'blocked_ip' => array('blocked_ip', false),
78
+ 'block_reason' => array('block_reason', false),
79
+ 'blocked_date' => array('blocked_date', false)
80
+ );
81
+ return $sortable_columns;
82
+ }
83
+
84
+ function get_bulk_actions()
85
+ {
86
+ $actions = array(
87
+ 'unblock' => __('Unblock', 'all-in-one-wp-security-and-firewall')
88
+ );
89
+ return $actions;
90
+ }
91
+
92
+ function process_bulk_action()
93
+ {
94
+ if ('unblock' === $this->current_action()) {//Process unlock bulk actions
95
+ if (!isset($_REQUEST['item'])) {
96
+ AIOWPSecurity_Admin_Menu::show_msg_error_st(__('Please select some records using the checkboxes', 'all-in-one-wp-security-and-firewall'));
97
+ } else {
98
+ $this->unblock_ip_address(($_REQUEST['item']));
99
+ }
100
+ }
101
+ }
102
+
103
+
104
+ /*
105
+ * This function will delete selected records from the "AIOWPSEC_TBL_PERM_BLOCK" table.
106
+ * The function accepts either an array of IDs or a single ID
107
+ */
108
+ function unblock_ip_address($entries)
109
+ {
110
+ global $wpdb, $aio_wp_security;
111
+ if (is_array($entries)) {
112
+ if (isset($_REQUEST['_wp_http_referer'])) {
113
+ // multiple records
114
+ $tab = strip_tags($_REQUEST['tab']);
115
+
116
+ $entries = array_filter($entries, 'is_numeric'); //discard non-numeric ID values
117
+ $id_list = "(" . implode(",", $entries) . ")"; //Create comma separate list for DB operation
118
+ $delete_command = "DELETE FROM " . AIOWPSEC_TBL_PERM_BLOCK . " WHERE id IN " . $id_list;
119
+ $result = $wpdb->query($delete_command);
120
+ if($result !== false)
121
+ {
122
+ $redir_url = sprintf('admin.php?page=%s&tab=%s&bulk_count=%s', AIOWPSEC_MAIN_MENU_SLUG, $tab, count($entries));
123
+ AIOWPSecurity_Utility::redirect_to_url($redir_url);
124
+ } else {
125
+ // error on bulk delete
126
+ $aio_wp_security->debug_logger->log_debug("DB error: ".$wpdb->last_error,4);
127
+ $redir_url = sprintf('admin.php?page=%s&tab=%s&bulk_error=%s', AIOWPSEC_MAIN_MENU_SLUG, $tab, 1);
128
+ AIOWPSecurity_Utility::redirect_to_url($redir_url);
129
+
130
+ }
131
+ }
132
+ } elseif ($entries != NULL) {
133
+ $nonce = isset($_GET['aiowps_nonce']) ? $_GET['aiowps_nonce'] : '';
134
+ if (!isset($nonce) || !wp_verify_nonce($nonce, 'unblock_ip')) {
135
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed for unblock IP operation!", 4);
136
+ die(__('Nonce check failed for unblock IP operation!', 'all-in-one-wp-security-and-firewall'));
137
+ }
138
+ //Delete single record
139
+ $delete_command = "DELETE FROM " . AIOWPSEC_TBL_PERM_BLOCK . " WHERE id = '" . absint($entries) . "'";
140
+ $result = $wpdb->query($delete_command);
141
+ if ($result !== false) {
142
+ AIOWPSecurity_Admin_Menu::show_msg_record_deleted_st();
143
+ }
144
+ }
145
+ }
146
+
147
+ function prepare_items()
148
+ {
149
+ /**
150
+ * First, lets decide how many records per page to show
151
+ */
152
+ $per_page = 100;
153
+ $columns = $this->get_columns();
154
+ $hidden = array();
155
+ $sortable = $this->get_sortable_columns();
156
+ $search = isset( $_REQUEST['s'] ) ? sanitize_text_field( $_REQUEST['s'] ) : '';
157
+
158
+ $this->_column_headers = array($columns, $hidden, $sortable);
159
+
160
+ $this->process_bulk_action();
161
+
162
+ global $wpdb;
163
+ $block_table_name = AIOWPSEC_TBL_PERM_BLOCK;
164
+
165
+ /* -- Ordering parameters -- */
166
+ //Parameters that are going to be used to order the result
167
+ isset($_GET["orderby"]) ? $orderby = strip_tags($_GET["orderby"]) : $orderby = '';
168
+ isset($_GET["order"]) ? $order = strip_tags($_GET["order"]) : $order = '';
169
+
170
+ $orderby = !empty($orderby) ? esc_sql($orderby) : 'id';
171
+ $order = !empty($order) ? esc_sql($order) : 'DESC';
172
+
173
+ $orderby = AIOWPSecurity_Utility::sanitize_value_by_array($orderby, $sortable);
174
+ $order = AIOWPSecurity_Utility::sanitize_value_by_array($order, array('DESC' => '1', 'ASC' => '1'));
175
+
176
+ if(empty($search)) {
177
+ $data = $wpdb->get_results("SELECT * FROM " . $block_table_name . " ORDER BY $orderby $order", ARRAY_A);
178
+ } else {
179
+ $data = $wpdb->get_results($wpdb->prepare("SELECT * FROM " . $block_table_name . " WHERE `blocked_ip` LIKE '%%%s%%' OR `block_reason` LIKE '%%%s%%' OR `country_origin` LIKE '%%%s%%' OR `blocked_date` LIKE '%%%s%%' ORDER BY $orderby $order", $search, $search, $search, $search), ARRAY_A);
180
+ }
181
+
182
+ $current_page = $this->get_pagenum();
183
+ $total_items = count($data);
184
+ $data = array_slice($data, (($current_page - 1) * $per_page), $per_page);
185
+ $this->items = $data;
186
+ $this->set_pagination_args(array(
187
+ 'total_items' => $total_items, //WE have to calculate the total number of items
188
+ 'per_page' => $per_page, //WE have to determine how many items to show on a page
189
+ 'total_pages' => ceil($total_items / $per_page) //WE have to calculate the total number of pages
190
+ ));
191
+ }
192
  }
admin/wp-security-list-registered-users.php CHANGED
@@ -1,347 +1,347 @@
1
- <?php
2
- if(!defined('ABSPATH')){
3
- exit;//Exit if accessed directly
4
- }
5
-
6
- class AIOWPSecurity_List_Registered_Users extends AIOWPSecurity_List_Table {
7
-
8
- function __construct(){
9
- global $status, $page;
10
-
11
- //Set parent defaults
12
- parent::__construct( array(
13
- 'singular' => 'item', //singular name of the listed records
14
- 'plural' => 'items', //plural name of the listed records
15
- 'ajax' => false //does this table support ajax?
16
- ) );
17
-
18
- }
19
-
20
- function column_default($item, $column_name){
21
- return $item[$column_name];
22
- }
23
-
24
- function column_ID($item){
25
- //$tab = strip_tags($_REQUEST['tab']);
26
- $delete_url = sprintf('admin.php?page=%s&action=%s&user_id=%s', AIOWPSEC_USER_REGISTRATION_MENU_SLUG, 'delete_acct', $item['ID']);
27
- //Add nonce to delete URL
28
- $delete_url_nonce = wp_nonce_url($delete_url, "delete_user_acct", "aiowps_nonce");
29
-
30
- $block_ip = sprintf('admin.php?page=%s&action=%s&ip_address=%s', AIOWPSEC_USER_REGISTRATION_MENU_SLUG, 'block_ip', $item['ip_address']);
31
- //Add nonce to block IP
32
- $block_ip_nonce = wp_nonce_url($block_ip, "block_ip", "aiowps_nonce");
33
-
34
- //Build row actions
35
- $actions = array(
36
- 'view' => sprintf('<a href="user-edit.php?user_id=%s" target="_blank">View</a>',$item['ID']),
37
- 'approve_acct' => sprintf('<a href="admin.php?page=%s&action=%s&user_id=%s" onclick="return confirm(\'Are you sure you want to approve this account?\')">Approve</a>',AIOWPSEC_USER_REGISTRATION_MENU_SLUG,'approve_acct',$item['ID']),
38
- 'delete_acct' => '<a href="'.$delete_url_nonce.'" onclick="return confirm(\'Are you sure you want to delete this account?\')">Delete</a>',
39
- 'block_ip' => '<a href="'.$block_ip_nonce.'" onclick="return confirm(\'Are you sure you want to block this IP address?\')">Block IP</a>',
40
- );
41
-
42
- //Return the user_login contents
43
- return sprintf('%1$s <span style="color:silver"></span>%2$s',
44
- /*$1%s*/ $item['ID'],
45
- /*$2%s*/ $this->row_actions($actions)
46
- );
47
- }
48
-
49
- function column_ip_address($item){
50
- if (AIOWPSecurity_Blocking::is_ip_blocked($item['ip_address'])){
51
- return $item['ip_address'].'<br /><span class="aiowps-label aiowps-label-success">'.__('blocked','WPS').'</span>';
52
- } else{
53
- return $item['ip_address'];
54
- }
55
- }
56
-
57
- function column_cb($item){
58
- return sprintf(
59
- '<input type="checkbox" name="%1$s[]" value="%2$s" />',
60
- /*$1%s*/ $this->_args['singular'], //Let's simply repurpose the table's singular label
61
- /*$2%s*/ $item['ID'] //The value of the checkbox should be the record's id
62
- );
63
- }
64
-
65
-
66
- function get_columns(){
67
- $columns = array(
68
- 'cb' => '<input type="checkbox" />', //Render a checkbox
69
- 'ID' => __('User ID', 'all-in-one-wp-security-and-firewall'),
70
- 'user_login' => __('Login Name', 'all-in-one-wp-security-and-firewall'),
71
- 'user_email' => __('Email', 'all-in-one-wp-security-and-firewall'),
72
- 'user_registered' => __('Register Date', 'all-in-one-wp-security-and-firewall'),
73
- 'account_status' => __('Account Status', 'all-in-one-wp-security-and-firewall'),
74
- 'ip_address' => __('IP Address', 'all-in-one-wp-security-and-firewall')
75
- );
76
- return $columns;
77
- }
78
-
79
- function get_sortable_columns() {
80
- $sortable_columns = array(
81
- // 'ID' => array('ID',false),
82
- // 'user_login' => array('user_login',false),
83
- // 'user_email' => array('user_email',false),
84
- // 'user_registered' => array('user_registered',false),
85
- // 'account_status' => array('account_status',false),
86
- );
87
- return $sortable_columns;
88
- }
89
-
90
- function get_bulk_actions() {
91
- $actions = array(
92
- 'approve' => 'Approve',
93
- 'delete' => 'Delete',
94
- 'block' => 'Block IP'
95
- );
96
- return $actions;
97
- }
98
-
99
- function process_bulk_action() {
100
- if('approve'===$this->current_action())
101
- {//Process approve bulk actions
102
- if(!isset($_REQUEST['item']))
103
- {
104
- AIOWPSecurity_Admin_Menu::show_msg_error_st(__('Please select some records using the checkboxes','all-in-one-wp-security-and-firewall'));
105
- }else
106
- {
107
- $this->approve_selected_accounts(($_REQUEST['item']));
108
- }
109
- }
110
-
111
- if('delete'===$this->current_action())
112
- {//Process delete bulk actions
113
- if(!isset($_REQUEST['item']))
114
- {
115
- AIOWPSecurity_Admin_Menu::show_msg_error_st(__('Please select some records using the checkboxes','all-in-one-wp-security-and-firewall'));
116
- }else
117
- {
118
- $this->delete_selected_accounts(($_REQUEST['item']));
119
- }
120
- }
121
-
122
- if('block'===$this->current_action())
123
- {//Process block bulk actions
124
- if(!isset($_REQUEST['item']))
125
- {
126
- AIOWPSecurity_Admin_Menu::show_msg_error_st(__('Please select some records using the checkboxes','all-in-one-wp-security-and-firewall'));
127
- }else
128
- {
129
- $this->block_selected_ips(($_REQUEST['item']));
130
- }
131
- }
132
-
133
- }
134
-
135
- function approve_selected_accounts($entries)
136
- {
137
- global $aio_wp_security;
138
- $meta_key = 'aiowps_account_status';
139
- $meta_value = 'approved'; //set account status
140
- $failed_accts = ''; //string to store comma separated accounts which failed to update
141
- $at_least_one_updated = false;
142
- if (is_array($entries))
143
- {
144
- //Let's go through each entry and approve
145
- foreach($entries as $user_id)
146
- {
147
- $result = update_user_meta($user_id, $meta_key, $meta_value);
148
- if($result === false)
149
- {
150
- $failed_accts .= ' '.$user_id.',';
151
- $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_List_Registered_Users::approve_selected_accounts() - could not approve account ID: $user_id",4);
152
- }else{
153
- $at_least_one_updated = true;
154
- $user = get_user_by('id', $user_id);
155
- if($user === false){
156
- //don't send mail
157
- }else{
158
- $sendMail = $this->send_email_upon_account_activation($user);
159
- }
160
- }
161
- }
162
- if ($at_least_one_updated){
163
- AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The selected accounts were approved successfully!','all-in-one-wp-security-and-firewall'));
164
- }
165
- if ($failed_accts != ''){//display any failed account updates
166
- rtrim($failed_accts);
167
- AIOWPSecurity_Admin_Menu::show_msg_error_st(__('The following accounts failed to update successfully: ','all-in-one-wp-security-and-firewall').$failed_accts);
168
- }
169
- } elseif ($entries != NULL)
170
- {
171
- //Approve single account
172
- $result = update_user_meta($entries, $meta_key, $meta_value);
173
- if($result)
174
- {
175
- AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The selected account was approved successfully!','all-in-one-wp-security-and-firewall'));
176
- $user = get_user_by('id', $entries);
177
- $sendMail = $this->send_email_upon_account_activation($user);
178
-
179
- }else if($result === false){
180
- $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_List_Registered_Users::approve_selected_accounts() - could not approve account ID: $user_id",4);
181
- }
182
- }
183
- }
184
-
185
- function send_email_upon_account_activation($user)
186
- {
187
- global $aio_wp_security;
188
- if (!($user instanceof WP_User)) {
189
- return false;
190
- }
191
-
192
- $to_email_address = $user->user_email;
193
- $email_msg = '';
194
- $subject = '['.get_option('siteurl').'] '. __('Your account is now active','all-in-one-wp-security-and-firewall');
195
- $email_msg .= __('Your account with username: ','all-in-one-wp-security-and-firewall').$user->user_login.__(' is now active','all-in-one-wp-security-and-firewall')."\n";
196
- $site_title = get_bloginfo( 'name' );
197
- $from_name = empty($site_title)?'WordPress':$site_title;
198
- $subject = apply_filters( 'aiowps_register_approval_email_subject', $subject );
199
- $email_msg = apply_filters( 'aiowps_register_approval_email_msg', $email_msg, $user ); //also pass the WP_User object
200
- $from_name = apply_filters( 'aiowps_register_approval_email_from_name', $from_name );
201
-
202
- $email_header = 'From: '.$from_name.' <'.get_bloginfo('admin_email').'>' . "\r\n\\";
203
- $sendMail = wp_mail($to_email_address, $subject, $email_msg, $email_header);
204
- if(FALSE === $sendMail){
205
- $aio_wp_security->debug_logger->log_debug("Manual account approval notification email failed to send to ".$to_email_address,4);
206
- }
207
- return $sendMail;
208
- }
209
-
210
- function delete_selected_accounts($entries)
211
- {
212
- global $wpdb, $aio_wp_security;
213
- if (is_array($entries))
214
- {
215
- if (isset($_REQUEST['_wp_http_referer']))
216
- {
217
- //Let's go through each entry and delete account
218
- foreach($entries as $user_id)
219
- {
220
- $result = wp_delete_user($user_id);
221
- if($result !== true)
222
- {
223
- $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_List_Registered_Users::delete_selected_accounts() - could not delete account ID: $user_id",4);
224
- }
225
- }
226
- AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The selected accounts were deleted successfully!','all-in-one-wp-security-and-firewall'));
227
- }
228
- } elseif ($entries != NULL)
229
- {
230
- $nonce=isset($_GET['aiowps_nonce'])?$_GET['aiowps_nonce']:'';
231
- if (!isset($nonce) ||!wp_verify_nonce($nonce, 'delete_user_acct'))
232
- {
233
- $aio_wp_security->debug_logger->log_debug("Nonce check failed for delete registered user account operation!",4);
234
- die(__('Nonce check failed for delete registered user account operation!','all-in-one-wp-security-and-firewall'));
235
- }
236
-
237
- //Delete single account
238
-
239
- $result = wp_delete_user($entries);
240
- if($result === true)
241
- {
242
- AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The selected account was deleted successfully!','all-in-one-wp-security-and-firewall'));
243
- }
244
- else
245
- {
246
- $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_List_Registered_Users::delete_selected_accounts() - could not delete account ID: $entries",4);
247
- }
248
- }
249
- }
250
-
251
- function block_selected_ips($entries)
252
- {
253
- global $wpdb, $aio_wp_security;
254
- if (is_array($entries))
255
- {
256
- if (isset($_REQUEST['_wp_http_referer']))
257
- {
258
- //Let's go through each entry and block IP
259
- foreach($entries as $id)
260
- {
261
- $ip_address = get_user_meta($id, 'aiowps_registrant_ip', true);
262
- $result = AIOWPSecurity_Blocking::add_ip_to_block_list($ip_address, 'registration_spam');
263
- if($result === false)
264
- {
265
- $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_List_Registered_Users::block_selected_ips() - could not block IP : $ip_address",4);
266
- }
267
- }
268
- $msg = __('The selected IP addresses were successfully added to the permanent block list!','all-in-one-wp-security-and-firewall');
269
- $msg .= ' <a href="admin.php?page='.AIOWPSEC_MAIN_MENU_SLUG.'&tab=tab4" target="_blank">'.__('View Blocked IPs','all-in-one-wp-security-and-firewall').'</a>';
270
- AIOWPSecurity_Admin_Menu::show_msg_updated_st($msg);
271
- }
272
- } elseif ($entries != NULL)
273
- {
274
- $nonce=isset($_GET['aiowps_nonce'])?$_GET['aiowps_nonce']:'';
275
- if (!isset($nonce) ||!wp_verify_nonce($nonce, 'block_ip'))
276
- {
277
- $aio_wp_security->debug_logger->log_debug("Nonce check failed for block IP operation of registered user!",4);
278
- die(__('Nonce check failed for block IP operation of registered user!','all-in-one-wp-security-and-firewall'));
279
- }
280
-
281
- //Block single IP
282
- $result = AIOWPSecurity_Blocking::add_ip_to_block_list($entries, 'registration_spam');
283
- if($result === true)
284
- {
285
- $msg = __('The selected IP was successfully added to the permanent block list!','all-in-one-wp-security-and-firewall');
286
- $msg .= ' <a href="admin.php?page='.AIOWPSEC_MAIN_MENU_SLUG.'&tab=tab4" target="_blank">'.__('View Blocked IPs','all-in-one-wp-security-and-firewall').'</a>';
287
- AIOWPSecurity_Admin_Menu::show_msg_updated_st($msg);
288
- }
289
- else
290
- {
291
- $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_List_Registered_Users::block_selected_ips() - could not block IP: $entries",4);
292
- }
293
- }
294
- }
295
-
296
- function prepare_items() {
297
- //First, lets decide how many records per page to show
298
- $per_page = 100;
299
- $columns = $this->get_columns();
300
- $hidden = array();
301
- $sortable = $this->get_sortable_columns();
302
- $search = isset( $_REQUEST['s'] ) ? sanitize_text_field( $_REQUEST['s'] ) : '';
303
-
304
- $this->_column_headers = array($columns, $hidden, $sortable);
305
-
306
- $this->process_bulk_action();
307
-
308
- //Get registered users which have the special 'aiowps_account_status' meta key set to 'pending'
309
- $data = $this->get_registered_user_data('pending', $search);
310
-
311
- $current_page = $this->get_pagenum();
312
- $total_items = count($data);
313
- $data = array_slice($data,(($current_page-1)*$per_page),$per_page);
314
- $this->items = $data;
315
- $this->set_pagination_args( array(
316
- 'total_items' => $total_items, //WE have to calculate the total number of items
317
- 'per_page' => $per_page, //WE have to determine how many items to show on a page
318
- 'total_pages' => ceil($total_items/$per_page) //WE have to calculate the total number of pages
319
- ));
320
- }
321
-
322
- //Returns all users who have the special 'aiowps_account_status' meta key
323
- function get_registered_user_data($status='', $search='')
324
- {
325
- $user_fields = array( 'ID', 'user_login', 'user_email', 'user_registered');
326
- $user_query = new WP_User_Query(array('meta_key' => 'aiowps_account_status', 'meta_value' => $status, 'fields' => $user_fields));
327
- $user_results = $user_query->results;
328
-
329
- $final_data = array();
330
- foreach ($user_results as $user)
331
- {
332
- $temp_array = get_object_vars($user); //Turn the object into array
333
- $temp_array['account_status'] = get_user_meta($temp_array['ID'], 'aiowps_account_status', true);
334
- $ip = get_user_meta($temp_array['ID'], 'aiowps_registrant_ip', true);
335
- $temp_array['ip_address'] = empty($ip)?'':$ip;
336
- if(empty($search)) {
337
- $final_data[] = $temp_array;
338
- } else {
339
- $input = preg_quote($search, '~'); // don't forget to quote input string!
340
-
341
- $result = preg_grep('~' . $input . '~', $temp_array);
342
- if(!empty($result)) $final_data[] = $temp_array;
343
- }
344
- }
345
- return $final_data;
346
- }
347
  }
1
+ <?php
2
+ if(!defined('ABSPATH')){
3
+ exit;//Exit if accessed directly
4
+ }
5
+
6
+ class AIOWPSecurity_List_Registered_Users extends AIOWPSecurity_List_Table {
7
+
8
+ function __construct(){
9
+ global $status, $page;
10
+
11
+ //Set parent defaults
12
+ parent::__construct( array(
13
+ 'singular' => 'item', //singular name of the listed records
14
+ 'plural' => 'items', //plural name of the listed records
15
+ 'ajax' => false //does this table support ajax?
16
+ ) );
17
+
18
+ }
19
+
20
+ function column_default($item, $column_name){
21
+ return $item[$column_name];
22
+ }
23
+
24
+ function column_ID($item){
25
+ //$tab = strip_tags($_REQUEST['tab']);
26
+ $delete_url = sprintf('admin.php?page=%s&action=%s&user_id=%s', AIOWPSEC_USER_REGISTRATION_MENU_SLUG, 'delete_acct', $item['ID']);
27
+ //Add nonce to delete URL
28
+ $delete_url_nonce = wp_nonce_url($delete_url, "delete_user_acct", "aiowps_nonce");
29
+
30
+ $block_ip = sprintf('admin.php?page=%s&action=%s&ip_address=%s', AIOWPSEC_USER_REGISTRATION_MENU_SLUG, 'block_ip', $item['ip_address']);
31
+ //Add nonce to block IP
32
+ $block_ip_nonce = wp_nonce_url($block_ip, "block_ip", "aiowps_nonce");
33
+
34
+ //Build row actions
35
+ $actions = array(
36
+ 'view' => sprintf('<a href="user-edit.php?user_id=%s" target="_blank">View</a>',$item['ID']),
37
+ 'approve_acct' => sprintf('<a href="admin.php?page=%s&action=%s&user_id=%s" onclick="return confirm(\'Are you sure you want to approve this account?\')">Approve</a>',AIOWPSEC_USER_REGISTRATION_MENU_SLUG,'approve_acct',$item['ID']),
38
+ 'delete_acct' => '<a href="'.$delete_url_nonce.'" onclick="return confirm(\'Are you sure you want to delete this account?\')">Delete</a>',
39
+ 'block_ip' => '<a href="'.$block_ip_nonce.'" onclick="return confirm(\'Are you sure you want to block this IP address?\')">Block IP</a>',
40
+ );
41
+
42
+ //Return the user_login contents
43
+ return sprintf('%1$s <span style="color:silver"></span>%2$s',
44
+ /*$1%s*/ $item['ID'],
45
+ /*$2%s*/ $this->row_actions($actions)
46
+ );
47
+ }
48
+
49
+ function column_ip_address($item){
50
+ if (AIOWPSecurity_Blocking::is_ip_blocked($item['ip_address'])){
51
+ return $item['ip_address'].'<br /><span class="aiowps-label aiowps-label-success">'.__('blocked','WPS').'</span>';
52
+ } else{
53
+ return $item['ip_address'];
54
+ }
55
+ }
56
+
57
+ function column_cb($item){
58
+ return sprintf(
59
+ '<input type="checkbox" name="%1$s[]" value="%2$s" />',
60
+ /*$1%s*/ $this->_args['singular'], //Let's simply repurpose the table's singular label
61
+ /*$2%s*/ $item['ID'] //The value of the checkbox should be the record's id
62
+ );
63
+ }
64
+
65
+
66
+ function get_columns(){
67
+ $columns = array(
68
+ 'cb' => '<input type="checkbox" />', //Render a checkbox
69
+ 'ID' => __('User ID', 'all-in-one-wp-security-and-firewall'),
70
+ 'user_login' => __('Login Name', 'all-in-one-wp-security-and-firewall'),
71
+ 'user_email' => __('Email', 'all-in-one-wp-security-and-firewall'),
72
+ 'user_registered' => __('Register Date', 'all-in-one-wp-security-and-firewall'),
73
+ 'account_status' => __('Account Status', 'all-in-one-wp-security-and-firewall'),
74
+ 'ip_address' => __('IP Address', 'all-in-one-wp-security-and-firewall')
75
+ );
76
+ return $columns;
77
+ }
78
+
79
+ function get_sortable_columns() {
80
+ $sortable_columns = array(
81
+ // 'ID' => array('ID',false),
82
+ // 'user_login' => array('user_login',false),
83
+ // 'user_email' => array('user_email',false),
84
+ // 'user_registered' => array('user_registered',false),
85
+ // 'account_status' => array('account_status',false),
86
+ );
87
+ return $sortable_columns;
88
+ }
89
+
90
+ function get_bulk_actions() {
91
+ $actions = array(
92
+ 'approve' => 'Approve',
93
+ 'delete' => 'Delete',
94
+ 'block' => 'Block IP'
95
+ );
96
+ return $actions;
97
+ }
98
+
99
+ function process_bulk_action() {
100
+ if('approve'===$this->current_action())
101
+ {//Process approve bulk actions
102
+ if(!isset($_REQUEST['item']))
103
+ {
104
+ AIOWPSecurity_Admin_Menu::show_msg_error_st(__('Please select some records using the checkboxes','all-in-one-wp-security-and-firewall'));
105
+ }else
106
+ {
107
+ $this->approve_selected_accounts(($_REQUEST['item']));
108
+ }
109
+ }
110
+
111
+ if('delete'===$this->current_action())
112
+ {//Process delete bulk actions
113
+ if(!isset($_REQUEST['item']))
114
+ {
115
+ AIOWPSecurity_Admin_Menu::show_msg_error_st(__('Please select some records using the checkboxes','all-in-one-wp-security-and-firewall'));
116
+ }else
117
+ {
118
+ $this->delete_selected_accounts(($_REQUEST['item']));
119
+ }
120
+ }
121
+
122
+ if('block'===$this->current_action())
123
+ {//Process block bulk actions
124
+ if(!isset($_REQUEST['item']))
125
+ {
126
+ AIOWPSecurity_Admin_Menu::show_msg_error_st(__('Please select some records using the checkboxes','all-in-one-wp-security-and-firewall'));
127
+ }else
128
+ {
129
+ $this->block_selected_ips(($_REQUEST['item']));
130
+ }
131
+ }
132
+
133
+ }
134
+
135
+ function approve_selected_accounts($entries)
136
+ {
137
+ global $aio_wp_security;
138
+ $meta_key = 'aiowps_account_status';
139
+ $meta_value = 'approved'; //set account status
140
+ $failed_accts = ''; //string to store comma separated accounts which failed to update
141
+ $at_least_one_updated = false;
142
+ if (is_array($entries))
143
+ {
144
+ //Let's go through each entry and approve
145
+ foreach($entries as $user_id)
146
+ {
147
+ $result = update_user_meta($user_id, $meta_key, $meta_value);
148
+ if($result === false)
149
+ {
150
+ $failed_accts .= ' '.$user_id.',';
151
+ $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_List_Registered_Users::approve_selected_accounts() - could not approve account ID: $user_id",4);
152
+ }else{
153
+ $at_least_one_updated = true;
154
+ $user = get_user_by('id', $user_id);
155
+ if($user === false){
156
+ //don't send mail
157
+ }else{
158
+ $sendMail = $this->send_email_upon_account_activation($user);
159
+ }
160
+ }
161
+ }
162
+ if ($at_least_one_updated){
163
+ AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The selected accounts were approved successfully!','all-in-one-wp-security-and-firewall'));
164
+ }
165
+ if ($failed_accts != ''){//display any failed account updates
166
+ rtrim($failed_accts);
167
+ AIOWPSecurity_Admin_Menu::show_msg_error_st(__('The following accounts failed to update successfully: ','all-in-one-wp-security-and-firewall').$failed_accts);
168
+ }
169
+ } elseif ($entries != NULL)
170
+ {
171
+ //Approve single account
172
+ $result = update_user_meta($entries, $meta_key, $meta_value);
173
+ if($result)
174
+ {
175
+ AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The selected account was approved successfully!','all-in-one-wp-security-and-firewall'));
176
+ $user = get_user_by('id', $entries);
177
+ $sendMail = $this->send_email_upon_account_activation($user);
178
+
179
+ }else if($result === false){
180
+ $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_List_Registered_Users::approve_selected_accounts() - could not approve account ID: $user_id",4);
181
+ }
182
+ }
183
+ }
184
+
185
+ function send_email_upon_account_activation($user)
186
+ {
187
+ global $aio_wp_security;
188
+ if (!($user instanceof WP_User)) {
189
+ return false;
190
+ }
191
+
192
+ $to_email_address = $user->user_email;
193
+ $email_msg = '';
194
+ $subject = '['.get_option('siteurl').'] '. __('Your account is now active','all-in-one-wp-security-and-firewall');
195
+ $email_msg .= __('Your account with username: ','all-in-one-wp-security-and-firewall').$user->user_login.__(' is now active','all-in-one-wp-security-and-firewall')."\n";
196
+ $site_title = get_bloginfo( 'name' );
197
+ $from_name = empty($site_title)?'WordPress':$site_title;
198
+ $subject = apply_filters( 'aiowps_register_approval_email_subject', $subject );
199
+ $email_msg = apply_filters( 'aiowps_register_approval_email_msg', $email_msg, $user ); //also pass the WP_User object
200
+ $from_name = apply_filters( 'aiowps_register_approval_email_from_name', $from_name );
201
+
202
+ $email_header = 'From: '.$from_name.' <'.get_bloginfo('admin_email').'>' . "\r\n\\";
203
+ $sendMail = wp_mail($to_email_address, $subject, $email_msg, $email_header);
204
+ if(FALSE === $sendMail){
205
+ $aio_wp_security->debug_logger->log_debug("Manual account approval notification email failed to send to ".$to_email_address,4);
206
+ }
207
+ return $sendMail;
208
+ }
209
+
210
+ function delete_selected_accounts($entries)
211
+ {
212
+ global $wpdb, $aio_wp_security;
213
+ if (is_array($entries))
214
+ {
215
+ if (isset($_REQUEST['_wp_http_referer']))
216
+ {
217
+ //Let's go through each entry and delete account
218
+ foreach($entries as $user_id)
219
+ {
220
+ $result = wp_delete_user($user_id);
221
+ if($result !== true)
222
+ {
223
+ $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_List_Registered_Users::delete_selected_accounts() - could not delete account ID: $user_id",4);
224
+ }
225
+ }
226
+ AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The selected accounts were deleted successfully!','all-in-one-wp-security-and-firewall'));
227
+ }
228
+ } elseif ($entries != NULL)
229
+ {
230
+ $nonce=isset($_GET['aiowps_nonce'])?$_GET['aiowps_nonce']:'';
231
+ if (!isset($nonce) ||!wp_verify_nonce($nonce, 'delete_user_acct'))
232
+ {
233
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed for delete registered user account operation!",4);
234
+ die(__('Nonce check failed for delete registered user account operation!','all-in-one-wp-security-and-firewall'));
235
+ }
236
+
237
+ //Delete single account
238
+
239
+ $result = wp_delete_user($entries);
240
+ if($result === true)
241
+ {
242
+ AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The selected account was deleted successfully!','all-in-one-wp-security-and-firewall'));
243
+ }
244
+ else
245
+ {
246
+ $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_List_Registered_Users::delete_selected_accounts() - could not delete account ID: $entries",4);
247
+ }
248
+ }
249
+ }
250
+
251
+ function block_selected_ips($entries)
252
+ {
253
+ global $wpdb, $aio_wp_security;
254
+ if (is_array($entries))
255
+ {
256
+ if (isset($_REQUEST['_wp_http_referer']))
257
+ {
258
+ //Let's go through each entry and block IP
259
+ foreach($entries as $id)
260
+ {
261
+ $ip_address = get_user_meta($id, 'aiowps_registrant_ip', true);
262
+ $result = AIOWPSecurity_Blocking::add_ip_to_block_list($ip_address, 'registration_spam');
263
+ if($result === false)
264
+ {
265
+ $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_List_Registered_Users::block_selected_ips() - could not block IP : $ip_address",4);
266
+ }
267
+ }
268
+ $msg = __('The selected IP addresses were successfully added to the permanent block list!','all-in-one-wp-security-and-firewall');
269
+ $msg .= ' <a href="admin.php?page='.AIOWPSEC_MAIN_MENU_SLUG.'&tab=tab4" target="_blank">'.__('View Blocked IPs','all-in-one-wp-security-and-firewall').'</a>';
270
+ AIOWPSecurity_Admin_Menu::show_msg_updated_st($msg);
271
+ }
272
+ } elseif ($entries != NULL)
273
+ {
274
+ $nonce=isset($_GET['aiowps_nonce'])?$_GET['aiowps_nonce']:'';
275
+ if (!isset($nonce) ||!wp_verify_nonce($nonce, 'block_ip'))
276
+ {
277
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed for block IP operation of registered user!",4);
278
+ die(__('Nonce check failed for block IP operation of registered user!','all-in-one-wp-security-and-firewall'));
279
+ }
280
+
281
+ //Block single IP
282
+ $result = AIOWPSecurity_Blocking::add_ip_to_block_list($entries, 'registration_spam');
283
+ if($result === true)
284
+ {
285
+ $msg = __('The selected IP was successfully added to the permanent block list!','all-in-one-wp-security-and-firewall');
286
+ $msg .= ' <a href="admin.php?page='.AIOWPSEC_MAIN_MENU_SLUG.'&tab=tab4" target="_blank">'.__('View Blocked IPs','all-in-one-wp-security-and-firewall').'</a>';
287
+ AIOWPSecurity_Admin_Menu::show_msg_updated_st($msg);
288
+ }
289
+ else
290
+ {
291
+ $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_List_Registered_Users::block_selected_ips() - could not block IP: $entries",4);
292
+ }
293
+ }
294
+ }
295
+
296
+ function prepare_items() {
297
+ //First, lets decide how many records per page to show
298
+ $per_page = 100;
299
+ $columns = $this->get_columns();
300
+ $hidden = array();
301
+ $sortable = $this->get_sortable_columns();
302
+ $search = isset( $_REQUEST['s'] ) ? sanitize_text_field( $_REQUEST['s'] ) : '';
303
+
304
+ $this->_column_headers = array($columns, $hidden, $sortable);
305
+
306
+ $this->process_bulk_action();
307
+
308
+ //Get registered users which have the special 'aiowps_account_status' meta key set to 'pending'
309
+ $data = $this->get_registered_user_data('pending', $search);
310
+
311
+ $current_page = $this->get_pagenum();
312
+ $total_items = count($data);
313
+ $data = array_slice($data,(($current_page-1)*$per_page),$per_page);
314
+ $this->items = $data;
315
+ $this->set_pagination_args( array(
316
+ 'total_items' => $total_items, //WE have to calculate the total number of items
317
+ 'per_page' => $per_page, //WE have to determine how many items to show on a page
318
+ 'total_pages' => ceil($total_items/$per_page) //WE have to calculate the total number of pages
319
+ ));
320
+ }
321
+
322
+ //Returns all users who have the special 'aiowps_account_status' meta key
323
+ function get_registered_user_data($status='', $search='')
324
+ {
325
+ $user_fields = array( 'ID', 'user_login', 'user_email', 'user_registered');
326
+ $user_query = new WP_User_Query(array('meta_key' => 'aiowps_account_status', 'meta_value' => $status, 'fields' => $user_fields));
327
+ $user_results = $user_query->results;
328
+
329
+ $final_data = array();
330
+ foreach ($user_results as $user)
331
+ {
332
+ $temp_array = get_object_vars($user); //Turn the object into array
333
+ $temp_array['account_status'] = get_user_meta($temp_array['ID'], 'aiowps_account_status', true);
334
+ $ip = get_user_meta($temp_array['ID'], 'aiowps_registrant_ip', true);
335
+ $temp_array['ip_address'] = empty($ip)?'':$ip;
336
+ if(empty($search)) {
337
+ $final_data[] = $temp_array;
338
+ } else {
339
+ $input = preg_quote($search, '~'); // don't forget to quote input string!
340
+
341
+ $result = preg_grep('~' . $input . '~', $temp_array);
342
+ if(!empty($result)) $final_data[] = $temp_array;
343
+ }
344
+ }
345
+ return $final_data;
346
+ }
347
  }
admin/wp-security-maintenance-menu.php CHANGED
@@ -1,143 +1,143 @@
1
- <?php
2
- if(!defined('ABSPATH')){
3
- exit;//Exit if accessed directly
4
- }
5
-
6
- class AIOWPSecurity_Maintenance_Menu extends AIOWPSecurity_Admin_Menu
7
- {
8
- var $menu_page_slug = AIOWPSEC_MAINTENANCE_MENU_SLUG;
9
-
10
- /* Specify all the tabs of this menu in the following array */
11
- var $menu_tabs;
12
-
13
- var $menu_tabs_handler = array(
14
- 'tab1' => 'render_tab1',
15
- );
16
-
17
- function __construct()
18
- {
19
- $this->render_menu_page();
20
- }
21
-
22
- function set_menu_tabs()
23
- {
24
- $this->menu_tabs = array(
25
- 'tab1' => __('Visitor Lockout', 'all-in-one-wp-security-and-firewall'),
26
- );
27
- }
28
-
29
- function get_current_tab()
30
- {
31
- $tab_keys = array_keys($this->menu_tabs);
32
- $tab = isset( $_GET['tab'] ) ? sanitize_text_field($_GET['tab']) : $tab_keys[0];
33
- return $tab;
34
- }
35
-
36
- /*
37
- * Renders our tabs of this menu as nav items
38
- */
39
- function render_menu_tabs()
40
- {
41
- $current_tab = $this->get_current_tab();
42
-
43
- echo '<h2 class="nav-tab-wrapper">';
44
- foreach ( $this->menu_tabs as $tab_key => $tab_caption )
45
- {
46
- $active = $current_tab == $tab_key ? 'nav-tab-active' : '';
47
- echo '<a class="nav-tab ' . $active . '" href="?page=' . $this->menu_page_slug . '&tab=' . $tab_key . '">' . $tab_caption . '</a>';
48
- }
49
- echo '</h2>';
50
- }
51
-
52
- /*
53
- * The menu rendering goes here
54
- */
55
- function render_menu_page()
56
- {
57
- echo '<div class="wrap">';
58
- echo '<h2>'.__('Maintenance','all-in-one-wp-security-and-firewall').'</h2>';//Interface title
59
- $this->set_menu_tabs();
60
- $tab = $this->get_current_tab();
61
- $this->render_menu_tabs();
62
- ?>
63
- <div id="poststuff"><div id="post-body">
64
- <?php
65
- //$tab_keys = array_keys($this->menu_tabs);
66
- call_user_func(array(&$this, $this->menu_tabs_handler[$tab]));
67
- ?>
68
- </div></div>
69
- </div><!-- end of wrap -->
70
- <?php
71
- }
72
-
73
- function render_tab1()
74
- {
75
- global $aio_wp_security;
76
- $maint_msg = '';
77
- if(isset($_POST['aiowpsec_save_site_lockout']))
78
- {
79
- $nonce=$_REQUEST['_wpnonce'];
80
- if (!wp_verify_nonce($nonce, 'aiowpsec-site-lockout'))
81
- {
82
- $aio_wp_security->debug_logger->log_debug("Nonce check failed on site lockout feature settings save!",4);
83
- die("Nonce check failed on site lockout feature settings save!");
84
- }
85
-
86
- //Save settings
87
- $aio_wp_security->configs->set_value('aiowps_site_lockout',isset($_POST["aiowps_site_lockout"])?'1':'');
88
- $maint_msg = htmlentities(stripslashes($_POST['aiowps_site_lockout_msg']), ENT_COMPAT, "UTF-8");
89
- $aio_wp_security->configs->set_value('aiowps_site_lockout_msg',$maint_msg);//Text area/msg box
90
- $aio_wp_security->configs->save_config();
91
-
92
- $this->show_msg_updated(__('Site lockout feature settings saved!', 'all-in-one-wp-security-and-firewall'));
93
-
94
- do_action('aiowps_site_lockout_settings_saved');//Trigger action hook.
95
-
96
- }
97
- ?>
98
- <div class="postbox">
99
- <h3 class="hndle"><label for="title"><?php _e('General Visitor Lockout', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
100
- <div class="inside">
101
- <form action="" method="POST">
102
- <?php wp_nonce_field('aiowpsec-site-lockout'); ?>
103
- <div class="aio_blue_box">
104
- <?php
105
- echo '<p>'.__('This feature allows you to put your site into "maintenance mode" by locking down the front-end to all visitors except logged in users with super admin privileges.', 'all-in-one-wp-security-and-firewall').'</p>';
106
- echo '<p>'.__('Locking your site down to general visitors can be useful if you are investigating some issues on your site or perhaps you might be doing some maintenance and wish to keep out all traffic for security reasons.', 'all-in-one-wp-security-and-firewall').'</p>';
107
- ?>
108
- </div>
109
- <table class="form-table">
110
- <tr valign="top">
111
- <th scope="row"><?php _e('Enable Front-end Lockout', 'all-in-one-wp-security-and-firewall')?>:</th>
112
- <td>
113
- <input name="aiowps_site_lockout" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_site_lockout')=='1') echo ' checked="checked"'; ?> value="1"/>
114
- <span class="description"><?php _e('Check this if you want all visitors except those who are logged in as administrator to be locked out of the front-end of your site.', 'all-in-one-wp-security-and-firewall'); ?></span>
115
- </td>
116
- </tr>
117
- <tr valign="top">
118
- <th scope="row"><?php _e('Enter a Message:', 'all-in-one-wp-security-and-firewall')?></th>
119
- <td>
120
- <?php
121
- $aiowps_site_lockout_msg_raw = $aio_wp_security->configs->get_value('aiowps_site_lockout_msg');
122
- if(empty($aiowps_site_lockout_msg_raw)){
123
- $aiowps_site_lockout_msg_raw = 'This site is currently not available. Please try again later.';
124
- }
125
- $aiowps_site_lockout_msg = html_entity_decode($aiowps_site_lockout_msg_raw, ENT_COMPAT, "UTF-8");
126
- $aiowps_site_lockout_msg_settings = array('textarea_name' => 'aiowps_site_lockout_msg');
127
- wp_editor($aiowps_site_lockout_msg, "aiowps_site_lockout_msg_editor_content", $aiowps_site_lockout_msg_settings);
128
- ?>
129
- <br />
130
- <span class="description"><?php _e('Enter a message you wish to display to visitors when your site is in maintenance mode.','all-in-one-wp-security-and-firewall');?></span>
131
- </td>
132
- </tr>
133
-
134
- </table>
135
-
136
- <div class="submit">
137
- <input type="submit" class="button-primary" name="aiowpsec_save_site_lockout" value="<?php _e('Save Site Lockout Settings', 'all-in-one-wp-security-and-firewall'); ?>" />
138
- </div>
139
- </form>
140
- </div></div>
141
- <?php
142
- }
143
  } //end class
1
+ <?php
2
+ if(!defined('ABSPATH')){
3
+ exit;//Exit if accessed directly
4
+ }
5
+
6
+ class AIOWPSecurity_Maintenance_Menu extends AIOWPSecurity_Admin_Menu
7
+ {
8
+ var $menu_page_slug = AIOWPSEC_MAINTENANCE_MENU_SLUG;
9
+
10
+ /* Specify all the tabs of this menu in the following array */
11
+ var $menu_tabs;
12
+
13
+ var $menu_tabs_handler = array(
14
+ 'tab1' => 'render_tab1',
15
+ );
16
+
17
+ function __construct()
18
+ {
19
+ $this->render_menu_page();
20
+ }
21
+
22
+ function set_menu_tabs()
23
+ {
24
+ $this->menu_tabs = array(
25
+ 'tab1' => __('Visitor Lockout', 'all-in-one-wp-security-and-firewall'),
26
+ );
27
+ }
28
+
29
+ function get_current_tab()
30
+ {
31
+ $tab_keys = array_keys($this->menu_tabs);
32
+ $tab = isset( $_GET['tab'] ) ? sanitize_text_field($_GET['tab']) : $tab_keys[0];
33
+ return $tab;
34
+ }
35
+
36
+ /*
37
+ * Renders our tabs of this menu as nav items
38
+ */
39
+ function render_menu_tabs()
40
+ {
41
+ $current_tab = $this->get_current_tab();
42
+
43
+ echo '<h2 class="nav-tab-wrapper">';
44
+ foreach ( $this->menu_tabs as $tab_key => $tab_caption )
45
+ {
46
+ $active = $current_tab == $tab_key ? 'nav-tab-active' : '';
47
+ echo '<a class="nav-tab ' . $active . '" href="?page=' . $this->menu_page_slug . '&tab=' . $tab_key . '">' . $tab_caption . '</a>';
48
+ }
49
+ echo '</h2>';
50
+ }
51
+
52
+ /*
53
+ * The menu rendering goes here
54
+ */
55
+ function render_menu_page()
56
+ {
57
+ echo '<div class="wrap">';
58
+ echo '<h2>'.__('Maintenance','all-in-one-wp-security-and-firewall').'</h2>';//Interface title
59
+ $this->set_menu_tabs();
60
+ $tab = $this->get_current_tab();
61
+ $this->render_menu_tabs();
62
+ ?>
63
+ <div id="poststuff"><div id="post-body">
64
+ <?php
65
+ //$tab_keys = array_keys($this->menu_tabs);
66
+ call_user_func(array($this, $this->menu_tabs_handler[$tab]));
67
+ ?>
68
+ </div></div>
69
+ </div><!-- end of wrap -->
70
+ <?php
71
+ }
72
+
73
+ function render_tab1()
74
+ {
75
+ global $aio_wp_security;
76
+ $maint_msg = '';
77
+ if(isset($_POST['aiowpsec_save_site_lockout']))
78
+ {
79
+ $nonce=$_REQUEST['_wpnonce'];
80
+ if (!wp_verify_nonce($nonce, 'aiowpsec-site-lockout'))
81
+ {
82
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed on site lockout feature settings save!",4);
83
+ die("Nonce check failed on site lockout feature settings save!");
84
+ }
85
+
86
+ //Save settings
87
+ $aio_wp_security->configs->set_value('aiowps_site_lockout',isset($_POST["aiowps_site_lockout"])?'1':'');
88
+ $maint_msg = htmlentities(stripslashes($_POST['aiowps_site_lockout_msg']), ENT_COMPAT, "UTF-8");
89
+ $aio_wp_security->configs->set_value('aiowps_site_lockout_msg',$maint_msg);//Text area/msg box
90
+ $aio_wp_security->configs->save_config();
91
+
92
+ $this->show_msg_updated(__('Site lockout feature settings saved!', 'all-in-one-wp-security-and-firewall'));
93
+
94
+ do_action('aiowps_site_lockout_settings_saved');//Trigger action hook.
95
+
96
+ }
97
+ ?>
98
+ <div class="postbox">
99
+ <h3 class="hndle"><label for="title"><?php _e('General Visitor Lockout', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
100
+ <div class="inside">
101
+ <form action="" method="POST">
102
+ <?php wp_nonce_field('aiowpsec-site-lockout'); ?>
103
+ <div class="aio_blue_box">
104
+ <?php
105
+ echo '<p>'.__('This feature allows you to put your site into "maintenance mode" by locking down the front-end to all visitors except logged in users with super admin privileges.', 'all-in-one-wp-security-and-firewall').'</p>';
106
+ echo '<p>'.__('Locking your site down to general visitors can be useful if you are investigating some issues on your site or perhaps you might be doing some maintenance and wish to keep out all traffic for security reasons.', 'all-in-one-wp-security-and-firewall').'</p>';
107
+ ?>
108
+ </div>
109
+ <table class="form-table">
110
+ <tr valign="top">
111
+ <th scope="row"><?php _e('Enable Front-end Lockout', 'all-in-one-wp-security-and-firewall')?>:</th>
112
+ <td>
113
+ <input name="aiowps_site_lockout" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_site_lockout')=='1') echo ' checked="checked"'; ?> value="1"/>
114
+ <span class="description"><?php _e('Check this if you want all visitors except those who are logged in as administrator to be locked out of the front-end of your site.', 'all-in-one-wp-security-and-firewall'); ?></span>
115
+ </td>
116
+ </tr>
117
+ <tr valign="top">
118
+ <th scope="row"><?php _e('Enter a Message:', 'all-in-one-wp-security-and-firewall')?></th>
119
+ <td>
120
+ <?php
121
+ $aiowps_site_lockout_msg_raw = $aio_wp_security->configs->get_value('aiowps_site_lockout_msg');
122
+ if(empty($aiowps_site_lockout_msg_raw)){
123
+ $aiowps_site_lockout_msg_raw = 'This site is currently not available. Please try again later.';
124
+ }
125
+ $aiowps_site_lockout_msg = html_entity_decode($aiowps_site_lockout_msg_raw, ENT_COMPAT, "UTF-8");
126
+ $aiowps_site_lockout_msg_settings = array('textarea_name' => 'aiowps_site_lockout_msg');
127
+ wp_editor($aiowps_site_lockout_msg, "aiowps_site_lockout_msg_editor_content", $aiowps_site_lockout_msg_settings);
128
+ ?>
129
+ <br />
130
+ <span class="description"><?php _e('Enter a message you wish to display to visitors when your site is in maintenance mode.','all-in-one-wp-security-and-firewall');?></span>
131
+ </td>
132
+ </tr>
133
+
134
+ </table>
135
+
136
+ <div class="submit">
137
+ <input type="submit" class="button-primary" name="aiowpsec_save_site_lockout" value="<?php _e('Save Site Lockout Settings', 'all-in-one-wp-security-and-firewall'); ?>" />
138
+ </div>
139
+ </form>
140
+ </div></div>
141
+ <?php
142
+ }
143
  } //end class
admin/wp-security-misc-options-menu.php CHANGED
@@ -1,292 +1,292 @@
1
- <?php
2
- if(!defined('ABSPATH')){
3
- exit;//Exit if accessed directly
4
- }
5
-
6
- class AIOWPSecurity_Misc_Options_Menu extends AIOWPSecurity_Admin_Menu
7
- {
8
- var $menu_page_slug = AIOWPSEC_MISC_MENU_SLUG;
9
-
10
- /* Specify all the tabs of this menu in the following array */
11
- var $menu_tabs;
12
-
13
- var $menu_tabs_handler = array(
14
- 'tab1' => 'render_tab1',
15
- 'tab2' => 'render_tab2',
16
- 'tab3' => 'render_tab3',
17
- 'tab4' => 'render_tab4',
18
- );
19
-
20
- function __construct()
21
- {
22
- $this->render_menu_page();
23
- }
24
-
25
- function set_menu_tabs()
26
- {
27
- $this->menu_tabs = array(
28
- 'tab1' => __('Copy Protection', 'all-in-one-wp-security-and-firewall'),
29
- 'tab2' => __('Frames', 'all-in-one-wp-security-and-firewall'),
30
- 'tab3' => __('Users Enumeration', 'all-in-one-wp-security-and-firewall'),
31
- 'tab4' => __('WP REST API', 'all-in-one-wp-security-and-firewall'),
32
- );
33
- }
34
-
35
- function get_current_tab()
36
- {
37
- $tab_keys = array_keys($this->menu_tabs);
38
- $tab = isset( $_GET['tab'] ) ? sanitize_text_field($_GET['tab']) : $tab_keys[0];
39
- return $tab;
40
- }
41
-
42
- /*
43
- * Renders our tabs of this menu as nav items
44
- */
45
- function render_menu_tabs()
46
- {
47
- $current_tab = $this->get_current_tab();
48
-
49
- echo '<h2 class="nav-tab-wrapper">';
50
- foreach ( $this->menu_tabs as $tab_key => $tab_caption )
51
- {
52
- $active = $current_tab == $tab_key ? 'nav-tab-active' : '';
53
- echo '<a class="nav-tab ' . $active . '" href="?page=' . $this->menu_page_slug . '&tab=' . $tab_key . '">' . $tab_caption . '</a>';
54
- }
55
- echo '</h2>';
56
- }
57
-
58
- /*
59
- * The menu rendering goes here
60
- */
61
- function render_menu_page()
62
- {
63
- echo '<div class="wrap">';
64
- echo '<h2>'.__('Miscellaneous','all-in-one-wp-security-and-firewall').'</h2>';//Interface title
65
- $this->set_menu_tabs();
66
- $tab = $this->get_current_tab();
67
- $this->render_menu_tabs();
68
- ?>
69
- <div id="poststuff"><div id="post-body">
70
- <?php
71
- //$tab_keys = array_keys($this->menu_tabs);
72
- call_user_func(array(&$this, $this->menu_tabs_handler[$tab]));
73
- ?>
74
- </div></div>
75
- </div><!-- end of wrap -->
76
- <?php
77
- }
78
-
79
- function render_tab1()
80
- {
81
- global $aio_wp_security;
82
- $maint_msg = '';
83
- if(isset($_POST['aiowpsec_save_copy_protection']))
84
- {
85
- $nonce=$_REQUEST['_wpnonce'];
86
- if (!wp_verify_nonce($nonce, 'aiowpsec-copy-protection'))
87
- {
88
- $aio_wp_security->debug_logger->log_debug("Nonce check failed on copy protection feature settings save!",4);
89
- die("Nonce check failed on copy protection feature settings save!");
90
- }
91
-
92
- //Save settings
93
- $aio_wp_security->configs->set_value('aiowps_copy_protection',isset($_POST["aiowps_copy_protection"])?'1':'');
94
- $aio_wp_security->configs->save_config();
95
-
96
- $this->show_msg_updated(__('Copy Protection feature settings saved!', 'all-in-one-wp-security-and-firewall'));
97
-
98
- }
99
- ?>
100
- <div class="postbox">
101
- <h3 class="hndle"><label for="title"><?php _e('Disable The Ability To Copy Text', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
102
- <div class="inside">
103
- <form action="" method="POST">
104
- <?php wp_nonce_field('aiowpsec-copy-protection'); ?>
105
- <div class="aio_blue_box">
106
- <?php
107
- echo '<p>'.__('This feature allows you to disable the ability to select and copy text from your front end.', 'all-in-one-wp-security-and-firewall').'</p>';
108
- echo '<p>'.__('When admin user is logged in, the feature is automatically disabled for his session.', 'all-in-one-wp-security-and-firewall').'</p>';
109
- ?>
110
- </div>
111
- <table class="form-table">
112
- <tr valign="top">
113
- <th scope="row"><?php _e('Enable Copy Protection', 'all-in-one-wp-security-and-firewall')?>:</th>
114
- <td>
115
- <input name="aiowps_copy_protection" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_copy_protection')=='1') echo ' checked="checked"'; ?> value="1"/>
116
- <span class="description"><?php _e('Check this if you want to disable the "Right Click", "Text Selection" and "Copy" option on the front end of your site.', 'all-in-one-wp-security-and-firewall'); ?></span>
117
- </td>
118
- </tr>
119
-
120
- </table>
121
-
122
- <div class="submit">
123
- <input type="submit" class="button-primary" name="aiowpsec_save_copy_protection" value="<?php _e('Save Copy Protection Settings', 'all-in-one-wp-security-and-firewall'); ?>" />
124
- </div>
125
- </form>
126
- </div></div>
127
- <?php
128
- }
129
-
130
- function render_tab2()
131
- {
132
- global $aio_wp_security;
133
- $maint_msg = '';
134
- if(isset($_POST['aiowpsec_save_frame_display_prevent']))
135
- {
136
- $nonce=$_REQUEST['_wpnonce'];
137
- if (!wp_verify_nonce($nonce, 'aiowpsec-prevent-display-frame'))
138
- {
139
- $aio_wp_security->debug_logger->log_debug("Nonce check failed on prevent display inside frame feature settings save!",4);
140
- die("Nonce check failed on prevent display inside frame feature settings save!");
141
- }
142
-
143
- //Save settings
144
- $aio_wp_security->configs->set_value('aiowps_prevent_site_display_inside_frame',isset($_POST["aiowps_prevent_site_display_inside_frame"])?'1':'');
145
- $aio_wp_security->configs->save_config();
146
-
147
- $this->show_msg_updated(__('Frame Display Prevention feature settings saved!', 'all-in-one-wp-security-and-firewall'));
148
-
149
- }
150
- ?>
151
- <div class="postbox">
152
- <h3 class="hndle"><label for="title"><?php _e('Prevent Your Site From Being Displayed In a Frame', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
153
- <div class="inside">
154
- <form action="" method="POST">
155
- <?php wp_nonce_field('aiowpsec-prevent-display-frame'); ?>
156
- <div class="aio_blue_box">
157
- <?php
158
- echo '<p>'.__('This feature allows you to prevent other sites from displaying any of your content via a frame or iframe.', 'all-in-one-wp-security-and-firewall').'</p>';
159
- echo '<p>'.__('When enabled, this feature will set the "X-Frame-Options" paramater to "sameorigin" in the HTTP header.', 'all-in-one-wp-security-and-firewall').'</p>';
160
- ?>
161
- </div>
162
- <table class="form-table">
163
- <tr valign="top">
164
- <th scope="row"><?php _e('Enable iFrame Protection', 'all-in-one-wp-security-and-firewall')?>:</th>
165
- <td>
166
- <input name="aiowps_prevent_site_display_inside_frame" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_prevent_site_display_inside_frame')=='1') echo ' checked="checked"'; ?> value="1"/>
167
- <span class="description"><?php _e('Check this if you want to stop other sites from displaying your content in a frame or iframe.', 'all-in-one-wp-security-and-firewall'); ?></span>
168
- </td>
169
- </tr>
170
-
171
- </table>
172
-
173
- <div class="submit">
174
- <input type="submit" class="button-primary" name="aiowpsec_save_frame_display_prevent" value="<?php _e('Save Settings', 'all-in-one-wp-security-and-firewall'); ?>" />
175
- </div>
176
- </form>
177
- </div></div>
178
- <?php
179
- }
180
-
181
- function render_tab3()
182
- {
183
- global $aio_wp_security;
184
- $maint_msg = '';
185
- if(isset($_POST['aiowpsec_save_users_enumeration']))
186
- {
187
- $nonce=$_REQUEST['_wpnonce'];
188
- if (!wp_verify_nonce($nonce, 'aiowpsec-users-enumeration'))
189
- {
190
- $aio_wp_security->debug_logger->log_debug("Nonce check failed on prevent users enumeration feature settings save!",4);
191
- die("Nonce check failed on prevent users enumeration feature settings save!");
192
- }
193
-
194
- //Save settings
195
- $aio_wp_security->configs->set_value('aiowps_prevent_users_enumeration',isset($_POST["aiowps_prevent_users_enumeration"])?'1':'');
196
- $aio_wp_security->configs->save_config();
197
-
198
- $this->show_msg_updated(__('Users Enumeration Prevention feature settings saved!', 'all-in-one-wp-security-and-firewall'));
199
-
200
- }
201
- ?>
202
- <div class="postbox">
203
- <h3 class="hndle"><label for="title"><?php _e('Prevent Users Enumeration', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
204
- <div class="inside">
205
- <form action="" method="POST">
206
- <?php wp_nonce_field('aiowpsec-users-enumeration'); ?>
207
- <div class="aio_blue_box">
208
- <?php
209
- echo '<p>'.__('This feature allows you to prevent external users/bots from fetching the user info with urls like "/?author=1".', 'all-in-one-wp-security-and-firewall').'</p>';
210
- echo '<p>'.__('When enabled, this feature will print a "forbidden" error rather than the user information.', 'all-in-one-wp-security-and-firewall').'</p>';
211
- ?>
212
- </div>
213
- <table class="form-table">
214
- <tr valign="top">
215
- <th scope="row"><?php _e('Disable Users Enumeration', 'all-in-one-wp-security-and-firewall')?>:</th>
216
- <td>
217
- <input name="aiowps_prevent_users_enumeration" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_prevent_users_enumeration')=='1') echo ' checked="checked"'; ?> value="1"/>
218
- <span class="description"><?php _e('Check this if you want to stop users enumeration.', 'all-in-one-wp-security-and-firewall'); ?></span>
219
- </td>
220
- </tr>
221
-
222
- </table>
223
-
224
- <div class="submit">
225
- <input type="submit" class="button-primary" name="aiowpsec_save_users_enumeration" value="<?php _e('Save Settings', 'all-in-one-wp-security-and-firewall'); ?>" />
226
- </div>
227
- </form>
228
- </div></div>
229
- <?php
230
- }
231
-
232
- function render_tab4()
233
- {
234
- global $aio_wp_security;
235
- $maint_msg = '';
236
- if(isset($_POST['aiowpsec_save_rest_settings']))
237
- {
238
- $nonce=$_REQUEST['_wpnonce'];
239
- if (!wp_verify_nonce($nonce, 'aiowpsec-rest-settings'))
240
- {
241
- $aio_wp_security->debug_logger->log_debug("Nonce check failed on REST API security feature settings save!",4);
242
- die("Nonce check failed on REST API security feature settings save!");
243
- }
244
-
245
- //Save settings
246
- $aio_wp_security->configs->set_value('aiowps_disallow_unauthorized_rest_requests',isset($_POST["aiowps_disallow_unauthorized_rest_requests"])?'1':'');
247
- $aio_wp_security->configs->save_config();
248
-
249
- $this->show_msg_updated(__('WP REST API Security feature settings saved!', 'all-in-one-wp-security-and-firewall'));
250
-
251
- }
252
- ?>
253
- <div class="postbox">
254
- <h3 class="hndle"><label for="title"><?php _e('', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
255
- <div class="inside">
256
- <form action="" method="POST">
257
- <?php wp_nonce_field('aiowpsec-rest-settings'); ?>
258
- <div class="aio_blue_box">
259
- <?php
260
- echo '<p>'.__('This feature allows you to block WordPress REST API access for unauthorized requests.', 'all-in-one-wp-security-and-firewall').'</p>';
261
- echo '<p>'.__('When enabled this feature will only allow REST requests to be processed if the user is logged in.', 'all-in-one-wp-security-and-firewall').'</p>';
262
- ?>
263
- </div>
264
- <div class="aio_orange_box">
265
- <p>
266
- <?php
267
- echo __('Beware that if you are using other plugins which have registered REST endpoints (eg, Contact Form 7), then this feature will also block REST requests used by these plugins if the user is not logged in.'
268
- . ' It is recommended that you leave this feature disabled if you want uninterrupted functionality for such plugins.', 'all-in-one-wp-security-and-firewall');
269
- ?>
270
- </p>
271
- </div>
272
-
273
- <table class="form-table">
274
- <tr valign="top">
275
- <th scope="row"><?php _e('Disallow Unauthorized REST Requests', 'all-in-one-wp-security-and-firewall')?>:</th>
276
- <td>
277
- <input name="aiowps_disallow_unauthorized_rest_requests" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_disallow_unauthorized_rest_requests')=='1') echo ' checked="checked"'; ?> value="1"/>
278
- <span class="description"><?php _e('Check this if you want to stop REST API access for non-logged in requests.', 'all-in-one-wp-security-and-firewall'); ?></span>
279
- </td>
280
- </tr>
281
-
282
- </table>
283
-
284
- <div class="submit">
285
- <input type="submit" class="button-primary" name="aiowpsec_save_rest_settings" value="<?php _e('Save Settings', 'all-in-one-wp-security-and-firewall'); ?>" />
286
- </div>
287
- </form>
288
- </div></div>
289
- <?php
290
- }
291
-
292
- } //end class
1
+ <?php
2
+ if(!defined('ABSPATH')){
3
+ exit;//Exit if accessed directly
4
+ }
5
+
6
+ class AIOWPSecurity_Misc_Options_Menu extends AIOWPSecurity_Admin_Menu
7
+ {
8
+ var $menu_page_slug = AIOWPSEC_MISC_MENU_SLUG;
9
+
10
+ /* Specify all the tabs of this menu in the following array */
11
+ var $menu_tabs;
12
+
13
+ var $menu_tabs_handler = array(
14
+ 'tab1' => 'render_tab1',
15
+ 'tab2' => 'render_tab2',
16
+ 'tab3' => 'render_tab3',
17
+ 'tab4' => 'render_tab4',
18
+ );
19
+
20
+ function __construct()
21
+ {
22
+ $this->render_menu_page();
23
+ }
24
+
25
+ function set_menu_tabs()
26
+ {
27
+ $this->menu_tabs = array(
28
+ 'tab1' => __('Copy Protection', 'all-in-one-wp-security-and-firewall'),
29
+ 'tab2' => __('Frames', 'all-in-one-wp-security-and-firewall'),
30
+ 'tab3' => __('Users Enumeration', 'all-in-one-wp-security-and-firewall'),
31
+ 'tab4' => __('WP REST API', 'all-in-one-wp-security-and-firewall'),
32
+ );
33
+ }
34
+
35
+ function get_current_tab()
36
+ {
37
+ $tab_keys = array_keys($this->menu_tabs);
38
+ $tab = isset( $_GET['tab'] ) ? sanitize_text_field($_GET['tab']) : $tab_keys[0];
39
+ return $tab;
40
+ }
41
+
42
+ /*
43
+ * Renders our tabs of this menu as nav items
44
+ */
45
+ function render_menu_tabs()
46
+ {
47
+ $current_tab = $this->get_current_tab();
48
+
49
+ echo '<h2 class="nav-tab-wrapper">';
50
+ foreach ( $this->menu_tabs as $tab_key => $tab_caption )
51
+ {
52
+ $active = $current_tab == $tab_key ? 'nav-tab-active' : '';
53
+ echo '<a class="nav-tab ' . $active . '" href="?page=' . $this->menu_page_slug . '&tab=' . $tab_key . '">' . $tab_caption . '</a>';
54
+ }
55
+ echo '</h2>';
56
+ }
57
+
58
+ /*
59
+ * The menu rendering goes here
60
+ */
61
+ function render_menu_page()
62
+ {
63
+ echo '<div class="wrap">';
64
+ echo '<h2>'.__('Miscellaneous','all-in-one-wp-security-and-firewall').'</h2>';//Interface title
65
+ $this->set_menu_tabs();
66
+ $tab = $this->get_current_tab();
67
+ $this->render_menu_tabs();
68
+ ?>
69
+ <div id="poststuff"><div id="post-body">
70
+ <?php
71
+ //$tab_keys = array_keys($this->menu_tabs);
72
+ call_user_func(array($this, $this->menu_tabs_handler[$tab]));
73
+ ?>
74
+ </div></div>
75
+ </div><!-- end of wrap -->
76
+ <?php
77
+ }
78
+
79
+ function render_tab1()
80
+ {
81
+ global $aio_wp_security;
82
+ $maint_msg = '';
83
+ if(isset($_POST['aiowpsec_save_copy_protection']))
84
+ {
85
+ $nonce=$_REQUEST['_wpnonce'];
86
+ if (!wp_verify_nonce($nonce, 'aiowpsec-copy-protection'))
87
+ {
88
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed on copy protection feature settings save!",4);
89
+ die("Nonce check failed on copy protection feature settings save!");
90
+ }
91
+
92
+ //Save settings
93
+ $aio_wp_security->configs->set_value('aiowps_copy_protection',isset($_POST["aiowps_copy_protection"])?'1':'');
94
+ $aio_wp_security->configs->save_config();
95
+
96
+ $this->show_msg_updated(__('Copy Protection feature settings saved!', 'all-in-one-wp-security-and-firewall'));
97
+
98
+ }
99
+ ?>
100
+ <div class="postbox">
101
+ <h3 class="hndle"><label for="title"><?php _e('Disable The Ability To Copy Text', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
102
+ <div class="inside">
103
+ <form action="" method="POST">
104
+ <?php wp_nonce_field('aiowpsec-copy-protection'); ?>
105
+ <div class="aio_blue_box">
106
+ <?php
107
+ echo '<p>'.__('This feature allows you to disable the ability to select and copy text from your front end.', 'all-in-one-wp-security-and-firewall').'</p>';
108
+ echo '<p>'.__('When admin user is logged in, the feature is automatically disabled for his session.', 'all-in-one-wp-security-and-firewall').'</p>';
109
+ ?>
110
+ </div>
111
+ <table class="form-table">
112
+ <tr valign="top">
113
+ <th scope="row"><?php _e('Enable Copy Protection', 'all-in-one-wp-security-and-firewall')?>:</th>
114
+ <td>
115
+ <input name="aiowps_copy_protection" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_copy_protection')=='1') echo ' checked="checked"'; ?> value="1"/>
116
+ <span class="description"><?php _e('Check this if you want to disable the "Right Click", "Text Selection" and "Copy" option on the front end of your site.', 'all-in-one-wp-security-and-firewall'); ?></span>
117
+ </td>
118
+ </tr>
119
+
120
+ </table>
121
+
122
+ <div class="submit">
123
+ <input type="submit" class="button-primary" name="aiowpsec_save_copy_protection" value="<?php _e('Save Copy Protection Settings', 'all-in-one-wp-security-and-firewall'); ?>" />
124
+ </div>
125
+ </form>
126
+ </div></div>
127
+ <?php
128
+ }
129
+
130
+ function render_tab2()
131
+ {
132
+ global $aio_wp_security;
133
+ $maint_msg = '';
134
+ if(isset($_POST['aiowpsec_save_frame_display_prevent']))
135
+ {
136
+ $nonce=$_REQUEST['_wpnonce'];
137
+ if (!wp_verify_nonce($nonce, 'aiowpsec-prevent-display-frame'))
138
+ {
139
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed on prevent display inside frame feature settings save!",4);
140
+ die("Nonce check failed on prevent display inside frame feature settings save!");
141
+ }
142
+
143
+ //Save settings
144
+ $aio_wp_security->configs->set_value('aiowps_prevent_site_display_inside_frame',isset($_POST["aiowps_prevent_site_display_inside_frame"])?'1':'');
145
+ $aio_wp_security->configs->save_config();
146
+
147
+ $this->show_msg_updated(__('Frame Display Prevention feature settings saved!', 'all-in-one-wp-security-and-firewall'));
148
+
149
+ }
150
+ ?>
151
+ <div class="postbox">
152
+ <h3 class="hndle"><label for="title"><?php _e('Prevent Your Site From Being Displayed In a Frame', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
153
+ <div class="inside">
154
+ <form action="" method="POST">
155
+ <?php wp_nonce_field('aiowpsec-prevent-display-frame'); ?>
156
+ <div class="aio_blue_box">
157
+ <?php
158
+ echo '<p>'.__('This feature allows you to prevent other sites from displaying any of your content via a frame or iframe.', 'all-in-one-wp-security-and-firewall').'</p>';
159
+ echo '<p>'.__('When enabled, this feature will set the "X-Frame-Options" paramater to "sameorigin" in the HTTP header.', 'all-in-one-wp-security-and-firewall').'</p>';
160
+ ?>
161
+ </div>
162
+ <table class="form-table">
163
+ <tr valign="top">
164
+ <th scope="row"><?php _e('Enable iFrame Protection', 'all-in-one-wp-security-and-firewall')?>:</th>
165
+ <td>
166
+ <input name="aiowps_prevent_site_display_inside_frame" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_prevent_site_display_inside_frame')=='1') echo ' checked="checked"'; ?> value="1"/>
167
+ <span class="description"><?php _e('Check this if you want to stop other sites from displaying your content in a frame or iframe.', 'all-in-one-wp-security-and-firewall'); ?></span>
168
+ </td>
169
+ </tr>
170
+
171
+ </table>
172
+
173
+ <div class="submit">
174
+ <input type="submit" class="button-primary" name="aiowpsec_save_frame_display_prevent" value="<?php _e('Save Settings', 'all-in-one-wp-security-and-firewall'); ?>" />
175
+ </div>
176
+ </form>
177
+ </div></div>
178
+ <?php
179
+ }
180
+
181
+ function render_tab3()
182
+ {
183
+ global $aio_wp_security;
184
+ $maint_msg = '';
185
+ if(isset($_POST['aiowpsec_save_users_enumeration']))
186
+ {
187
+ $nonce=$_REQUEST['_wpnonce'];
188
+ if (!wp_verify_nonce($nonce, 'aiowpsec-users-enumeration'))
189
+ {
190
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed on prevent users enumeration feature settings save!",4);
191
+ die("Nonce check failed on prevent users enumeration feature settings save!");
192
+ }
193
+
194
+ //Save settings
195
+ $aio_wp_security->configs->set_value('aiowps_prevent_users_enumeration',isset($_POST["aiowps_prevent_users_enumeration"])?'1':'');
196
+ $aio_wp_security->configs->save_config();
197
+
198
+ $this->show_msg_updated(__('Users Enumeration Prevention feature settings saved!', 'all-in-one-wp-security-and-firewall'));
199
+
200
+ }
201
+ ?>
202
+ <div class="postbox">
203
+ <h3 class="hndle"><label for="title"><?php _e('Prevent Users Enumeration', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
204
+ <div class="inside">
205
+ <form action="" method="POST">
206
+ <?php wp_nonce_field('aiowpsec-users-enumeration'); ?>
207
+ <div class="aio_blue_box">
208
+ <?php
209
+ echo '<p>'.__('This feature allows you to prevent external users/bots from fetching the user info with urls like "/?author=1".', 'all-in-one-wp-security-and-firewall').'</p>';
210
+ echo '<p>'.__('When enabled, this feature will print a "forbidden" error rather than the user information.', 'all-in-one-wp-security-and-firewall').'</p>';
211
+ ?>
212
+ </div>
213
+ <table class="form-table">
214
+ <tr valign="top">
215
+ <th scope="row"><?php _e('Disable Users Enumeration', 'all-in-one-wp-security-and-firewall')?>:</th>
216
+ <td>
217
+ <input name="aiowps_prevent_users_enumeration" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_prevent_users_enumeration')=='1') echo ' checked="checked"'; ?> value="1"/>
218
+ <span class="description"><?php _e('Check this if you want to stop users enumeration.', 'all-in-one-wp-security-and-firewall'); ?></span>
219
+ </td>
220
+ </tr>
221
+
222
+ </table>
223
+
224
+ <div class="submit">
225
+ <input type="submit" class="button-primary" name="aiowpsec_save_users_enumeration" value="<?php _e('Save Settings', 'all-in-one-wp-security-and-firewall'); ?>" />
226
+ </div>
227
+ </form>
228
+ </div></div>
229
+ <?php
230
+ }
231
+
232
+ function render_tab4()
233
+ {
234
+ global $aio_wp_security;
235
+ $maint_msg = '';
236
+ if(isset($_POST['aiowpsec_save_rest_settings']))
237
+ {
238
+ $nonce=$_REQUEST['_wpnonce'];
239
+ if (!wp_verify_nonce($nonce, 'aiowpsec-rest-settings'))
240
+ {
241
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed on REST API security feature settings save!",4);
242
+ die("Nonce check failed on REST API security feature settings save!");
243
+ }
244
+
245
+ //Save settings
246
+ $aio_wp_security->configs->set_value('aiowps_disallow_unauthorized_rest_requests',isset($_POST["aiowps_disallow_unauthorized_rest_requests"])?'1':'');
247
+ $aio_wp_security->configs->save_config();
248
+
249
+ $this->show_msg_updated(__('WP REST API Security feature settings saved!', 'all-in-one-wp-security-and-firewall'));
250
+
251
+ }
252
+ ?>
253
+ <div class="postbox">
254
+ <h3 class="hndle"><label for="title"><?php _e('', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
255
+ <div class="inside">
256
+ <form action="" method="POST">
257
+ <?php wp_nonce_field('aiowpsec-rest-settings'); ?>
258
+ <div class="aio_blue_box">
259
+ <?php
260
+ echo '<p>'.__('This feature allows you to block WordPress REST API access for unauthorized requests.', 'all-in-one-wp-security-and-firewall').'</p>';
261
+ echo '<p>'.__('When enabled this feature will only allow REST requests to be processed if the user is logged in.', 'all-in-one-wp-security-and-firewall').'</p>';
262
+ ?>
263
+ </div>
264
+ <div class="aio_orange_box">
265
+ <p>
266
+ <?php
267
+ echo __('Beware that if you are using other plugins which have registered REST endpoints (eg, Contact Form 7), then this feature will also block REST requests used by these plugins if the user is not logged in.'
268
+ . ' It is recommended that you leave this feature disabled if you want uninterrupted functionality for such plugins.', 'all-in-one-wp-security-and-firewall');
269
+ ?>
270
+ </p>
271
+ </div>
272
+
273
+ <table class="form-table">
274
+ <tr valign="top">
275
+ <th scope="row"><?php _e('Disallow Unauthorized REST Requests', 'all-in-one-wp-security-and-firewall')?>:</th>
276
+ <td>
277
+ <input name="aiowps_disallow_unauthorized_rest_requests" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_disallow_unauthorized_rest_requests')=='1') echo ' checked="checked"'; ?> value="1"/>
278
+ <span class="description"><?php _e('Check this if you want to stop REST API access for non-logged in requests.', 'all-in-one-wp-security-and-firewall'); ?></span>
279
+ </td>
280
+ </tr>
281
+
282
+ </table>
283
+
284
+ <div class="submit">
285
+ <input type="submit" class="button-primary" name="aiowpsec_save_rest_settings" value="<?php _e('Save Settings', 'all-in-one-wp-security-and-firewall'); ?>" />
286
+ </div>
287
+ </form>
288
+ </div></div>
289
+ <?php
290
+ }
291
+
292
+ } //end class
admin/wp-security-settings-menu.php CHANGED
@@ -1,865 +1,863 @@
1
- <?php
2
- if(!defined('ABSPATH')){
3
- exit;//Exit if accessed directly
4
- }
5
-
6
- class AIOWPSecurity_Settings_Menu extends AIOWPSecurity_Admin_Menu
7
- {
8
- var $menu_page_slug = AIOWPSEC_SETTINGS_MENU_SLUG;
9
-
10
- /* Specify all the tabs of this menu in the following array */
11
- var $menu_tabs;
12
-
13
- var $menu_tabs_handler = array(
14
- 'tab1' => 'render_tab1',
15
- 'tab2' => 'render_tab2',
16
- 'tab3' => 'render_tab3',
17
- 'tab4' => 'render_tab4',
18
- 'tab5' => 'render_tab5',
19
- 'tab6' => 'render_tab6',
20
- );
21
-
22
- function __construct()
23
- {
24
- $this->render_menu_page();
25
- }
26
-
27
- function set_menu_tabs()
28
- {
29
- $this->menu_tabs = array(
30
- 'tab1' => __('General Settings', 'all-in-one-wp-security-and-firewall'),
31
- 'tab2' => '.htaccess '.__('File', 'all-in-one-wp-security-and-firewall'),
32
- 'tab3' => 'wp-config.php '.__('File', 'all-in-one-wp-security-and-firewall'),
33
- 'tab4' => __('WP Version Info', 'all-in-one-wp-security-and-firewall'),
34
- 'tab5' => __('Import/Export', 'all-in-one-wp-security-and-firewall'),
35
- 'tab6' => __('Advanced Settings', 'all-in-one-wp-security-and-firewall'),
36
- );
37
- }
38
-
39
- function get_current_tab()
40
- {
41
- $tab_keys = array_keys($this->menu_tabs);
42
- $tab = isset( $_GET['tab'] ) ? sanitize_text_field($_GET['tab']) : $tab_keys[0];
43
- return $tab;
44
- }
45
-
46
- /*
47
- * Renders our tabs of this menu as nav items
48
- */
49
- function render_menu_tabs()
50
- {
51
- $current_tab = $this->get_current_tab();
52
-
53
- echo '<h2 class="nav-tab-wrapper">';
54
- foreach ( $this->menu_tabs as $tab_key => $tab_caption )
55
- {
56
- $active = $current_tab == $tab_key ? 'nav-tab-active' : '';
57
- echo '<a class="nav-tab ' . $active . '" href="?page=' . $this->menu_page_slug . '&tab=' . $tab_key . '">' . $tab_caption . '</a>';
58
- }
59
- echo '</h2>';
60
- }
61
-
62
- /*
63
- * The menu rendering goes here
64
- */
65
- function render_menu_page()
66
- {
67
- echo '<div class="wrap">';
68
- echo '<h2>'.__('Settings','all-in-one-wp-security-and-firewall').'</h2>';//Interface title
69
- $this->set_menu_tabs();
70
- $tab = $this->get_current_tab();
71
- $this->render_menu_tabs();
72
- ?>
73
- <div id="poststuff"><div id="post-body">
74
- <?php
75
- //$tab_keys = array_keys($this->menu_tabs);
76
- call_user_func(array(&$this, $this->menu_tabs_handler[$tab]));
77
- ?>
78
- </div></div>
79
- </div><!-- end of wrap -->
80
- <?php
81
- }
82
-
83
- function render_tab1()
84
- {
85
- global $aio_wp_security;
86
- if(isset($_POST['aiowpsec_disable_all_features']))//Do form submission tasks
87
- {
88
- $nonce=$_REQUEST['_wpnonce'];
89
- if (!wp_verify_nonce($nonce, 'aiowpsec-disable-all-features'))
90
- {
91
- $aio_wp_security->debug_logger->log_debug("Nonce check failed on disable all security features!",4);
92
- die("Nonce check failed on disable all security features!");
93
- }
94
- AIOWPSecurity_Configure_Settings::turn_off_all_security_features();
95
- //Now let's clear the applicable rules from the .htaccess file
96
- $res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
97
-
98
- //Now let's revert the disable editing setting in the wp-config.php file if necessary
99
- $res2 = AIOWPSecurity_Utility::enable_file_edits();
100
-
101
- if ($res)
102
- {
103
- $this->show_msg_updated(__('All the security features have been disabled successfully!', 'all-in-one-wp-security-and-firewall'));
104
- }
105
- else
106
- {
107
- $this->show_msg_error(__('Could not write to the .htaccess file. Please restore your .htaccess file manually using the restore functionality in the ".htaccess File".', 'all-in-one-wp-security-and-firewall'));
108
- }
109
-
110
- if(!$res2)
111
- {
112
- $this->show_msg_error(__('Could not write to the wp-config.php. Please restore your wp-config.php file manually using the restore functionality in the "wp-config.php File".', 'all-in-one-wp-security-and-firewall'));
113
- }
114
- }
115
-
116
- if(isset($_POST['aiowpsec_disable_all_firewall_rules']))//Do form submission tasks
117
- {
118
- $nonce=$_REQUEST['_wpnonce'];
119
- if (!wp_verify_nonce($nonce, 'aiowpsec-disable-all-firewall-rules'))
120
- {
121
- $aio_wp_security->debug_logger->log_debug("Nonce check failed on disable all firewall rules!",4);
122
- die("Nonce check failed on disable all firewall rules!");
123
- }
124
- AIOWPSecurity_Configure_Settings::turn_off_all_firewall_rules();
125
- //Now let's clear the applicable rules from the .htaccess file
126
- $res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
127
-
128
- if ($res)
129
- {
130
- $this->show_msg_updated(__('All firewall rules have been disabled successfully!', 'all-in-one-wp-security-and-firewall'));
131
- }
132
- else
133
- {
134
- $this->show_msg_error(__('Could not write to the .htaccess file. Please restore your .htaccess file manually using the restore functionality in the ".htaccess File".', 'all-in-one-wp-security-and-firewall'));
135
- }
136
- }
137
-
138
- if(isset($_POST['aiowps_save_debug_settings']))//Do form submission tasks
139
- {
140
- $nonce=$_REQUEST['_wpnonce'];
141
- if (!wp_verify_nonce($nonce, 'aiowpsec-save-debug-settings'))
142
- {
143
- $aio_wp_security->debug_logger->log_debug("Nonce check failed on save debug settings!",4);
144
- die("Nonce check failed on save debug settings!");
145
- }
146
-
147
- $aio_wp_security->configs->set_value('aiowps_enable_debug',isset($_POST["aiowps_enable_debug"])?'1':'');
148
- $aio_wp_security->configs->save_config();
149
- $this->show_msg_settings_updated();
150
- }
151
-
152
- ?>
153
- <div class="aio_grey_box">
154
- <p><?php _e('For information, updates and documentation, please visit the', 'all-in-one-wp-security-and-firewall'); ?> <a href="https://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin" target="_blank">AIO WP Security & Firewall Plugin</a> <?php _e('Page', 'all-in-one-wp-security-and-firewall'); ?>.</p>
155
- <p><a href="https://www.tipsandtricks-hq.com/development-center" target="_blank"><?php _e('Follow us', 'all-in-one-wp-security-and-firewall'); ?></a> <?php _e('on Twitter, Google+ or via Email to stay up to date about the new security features of this plugin.', 'all-in-one-wp-security-and-firewall'); ?></p>
156
- </div>
157
-
158
- <div class="postbox">
159
- <h3 class="hndle"><label for="title"><?php _e('WP Security Plugin', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
160
- <div class="inside">
161
- <p><?php _e('Thank you for using our WordPress security plugin. There are a lot of security features in this plugin.', 'all-in-one-wp-security-and-firewall'); ?></p>
162
- <p><?php _e('Go through each menu items and enable the security options to add more security to your site. Start by activating the basic features first.', 'all-in-one-wp-security-and-firewall'); ?></p>
163
- <p><?php _e('It is a good practice to take a backup of your .htaccess file, database and wp-config.php file before activating the security features. This plugin has options that you can use to backup those resources easily.', 'all-in-one-wp-security-and-firewall'); ?></p>
164
- <p>
165
- <ul class="aiowps_admin_ul_grp1">
166
- <li><a href="admin.php?page=aiowpsec_database&tab=tab2" target="_blank"><?php _e('Backup your database', 'all-in-one-wp-security-and-firewall'); ?></a></li>
167
- <li><a href="admin.php?page=aiowpsec_settings&tab=tab2" target="_blank"><?php _e('Backup .htaccess file', 'all-in-one-wp-security-and-firewall'); ?></a></li>
168
- <li><a href="admin.php?page=aiowpsec_settings&tab=tab3" target="_blank"><?php _e('Backup wp-config.php file', 'all-in-one-wp-security-and-firewall'); ?></a></li>
169
- </ul>
170
- </p>
171
- </div>
172
- </div> <!-- end postbox-->
173
-
174
- <div class="postbox">
175
- <h3 class="hndle"><label for="title"><?php _e('Disable Security Features', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
176
- <div class="inside">
177
- <form method="post" action="">
178
- <?php wp_nonce_field('aiowpsec-disable-all-features'); ?>
179
- <div class="aio_blue_box">
180
- <?php
181
- echo '<p>'.__('If you think that some plugin functionality on your site is broken due to a security feature you enabled in this plugin, then use the following option to turn off all the security features of this plugin.', 'all-in-one-wp-security-and-firewall').'</p>';
182
- ?>
183
- </div>
184
- <div class="submit">
185
- <input type="submit" class="button" name="aiowpsec_disable_all_features" value="<?php _e('Disable All Security Features', 'all-in-one-wp-security-and-firewall'); ?>" />
186
- </div>
187
- </form>
188
- </div>
189
- </div> <!-- end postbox-->
190
-
191
- <div class="postbox">
192
- <h3 class="hndle"><label for="title"><?php _e('Disable All Firewall Rules', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
193
- <div class="inside">
194
- <form method="post" action="">
195
- <?php wp_nonce_field('aiowpsec-disable-all-firewall-rules'); ?>
196
- <div class="aio_blue_box">
197
- <?php
198
- echo '<p>'.__('This feature will disable all firewall rules which are currently active in this plugin and it will also delete these rules from your .htacess file. Use it if you think one of the firewall rules is causing an issue on your site.', 'all-in-one-wp-security-and-firewall').'</p>';
199
- ?>
200
- </div>
201
- <div class="submit">
202
- <input type="submit" class="button" name="aiowpsec_disable_all_firewall_rules" value="<?php _e('Disable All Firewall Rules', 'all-in-one-wp-security-and-firewall'); ?>" />
203
- </div>
204
- </form>
205
- </div>
206
- </div> <!-- end postbox-->
207
-
208
- <div class="postbox">
209
- <h3 class="hndle"><label for="title"><?php _e('Debug Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
210
- <div class="inside">
211
- <form method="post" action="">
212
- <?php wp_nonce_field('aiowpsec-save-debug-settings'); ?>
213
- <div class="aio_blue_box">
214
- <?php
215
- echo '<p>'.__('This setting allows you to enable/disable debug for this plugin.', 'all-in-one-wp-security-and-firewall').'</p>';
216
- echo '<p>'.__('Note: the debug log files are located in the "plugins/all-in-one-wp-security-and-firewall/logs" directory.', 'all-in-one-wp-security-and-firewall').'</p>';
217
- ?>
218
- </div>
219
-
220
- <table class="form-table">
221
- <tr valign="top">
222
- <th scope="row"><?php _e('Enable Debug', 'all-in-one-wp-security-and-firewall')?>:</th>
223
- <td>
224
- <input name="aiowps_enable_debug" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_debug')=='1') echo ' checked="checked"'; ?> value="1"/>
225
- <span class="description"><?php _e('Check this if you want to enable debug. You should keep this option disabled after you have finished debugging the issue.', 'all-in-one-wp-security-and-firewall'); ?></span>
226
- <p class="description"><?php _e('Please note that the log files are reset on every plugin update.', 'all-in-one-wp-security-and-firewall'); ?></p>
227
- </td>
228
- </tr>
229
- </table>
230
- <input type="submit" name="aiowps_save_debug_settings" value="<?php _e('Save Debug Settings', 'all-in-one-wp-security-and-firewall')?>" class="button" />
231
- </form>
232
- </div>
233
- </div> <!-- end postbox-->
234
- <?php
235
- }
236
-
237
- function render_tab2()
238
- {
239
- global $aio_wp_security;
240
-
241
- if ( !function_exists( 'get_home_path' ) ) require_once( ABSPATH. '/wp-admin/includes/file.php' );
242
- $home_path = get_home_path();
243
- $htaccess_path = $home_path . '.htaccess';
244
-
245
- if(isset($_POST['aiowps_save_htaccess']))//Do form submission tasks
246
- {
247
- $nonce=$_REQUEST['_wpnonce'];
248
- if (!wp_verify_nonce($nonce, 'aiowpsec-save-htaccess-nonce'))
249
- {
250
- $aio_wp_security->debug_logger->log_debug("Nonce check failed on htaccess file save!",4);
251
- die("Nonce check failed on htaccess file save!");
252
- }
253
-
254
- $result = AIOWPSecurity_Utility_File::backup_and_rename_htaccess($htaccess_path); //Backup the htaccess file
255
-
256
- if ($result)
257
- {
258
- $random_prefix = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(10);
259
- $aiowps_backup_dir = WP_CONTENT_DIR.'/'.AIO_WP_SECURITY_BACKUPS_DIR_NAME;
260
- if (rename($aiowps_backup_dir.'/'.'.htaccess.backup', $aiowps_backup_dir.'/'.$random_prefix.'_htaccess_backup.txt'))
261
- {
262
- echo '<div id="message" class="updated fade"><p>';
263
- _e('Your .htaccess file was successfully backed up! Using an FTP program go to the "/wp-content/aiowps_backups" directory to save a copy of the file to your computer.','all-in-one-wp-security-and-firewall');
264
- echo '</p></div>';
265
- }
266
- else
267
- {
268
- $aio_wp_security->debug_logger->log_debug("htaccess file rename failed during backup!",4);
269
- $this->show_msg_error(__('htaccess file rename failed during backup. Please check your root directory for the backup file using FTP.','all-in-one-wp-security-and-firewall'));
270
- }
271
- }
272
- else
273
- {
274
- $aio_wp_security->debug_logger->log_debug("htaccess - Backup operation failed!",4);
275
- $this->show_msg_error(__('htaccess backup failed.','all-in-one-wp-security-and-firewall'));
276
- }
277
- }
278
-
279
- if(isset($_POST['aiowps_restore_htaccess_button']))//Do form submission tasks
280
- {
281
- $nonce=$_REQUEST['_wpnonce'];
282
- if (!wp_verify_nonce($nonce, 'aiowpsec-restore-htaccess-nonce'))
283
- {
284
- $aio_wp_security->debug_logger->log_debug("Nonce check failed on htaccess file restore!",4);
285
- die("Nonce check failed on htaccess file restore!");
286
- }
287
-
288
- if (empty($_POST['aiowps_htaccess_file']))
289
- {
290
- $this->show_msg_error(__('Please choose a .htaccess to restore from.', 'all-in-one-wp-security-and-firewall'));
291
- }
292
- else
293
- {
294
- //Let's copy the uploaded .htaccess file into the active root file
295
- $new_htaccess_file_path = trim($_POST['aiowps_htaccess_file']);
296
- //TODO
297
- //Verify that file chosen has contents which are relevant to .htaccess file
298
- $is_htaccess = AIOWPSecurity_Utility_Htaccess::check_if_htaccess_contents($new_htaccess_file_path);
299
- if ($is_htaccess == 1)
300
- {
301
- if (!copy($new_htaccess_file_path, $htaccess_path))
302
- {
303
- //Failed to make a backup copy
304
- $aio_wp_security->debug_logger->log_debug("htaccess - Restore from .htaccess operation failed!",4);
305
- $this->show_msg_error(__('htaccess file restore failed. Please attempt to restore the .htaccess manually using FTP.','all-in-one-wp-security-and-firewall'));
306
- }
307
- else
308
- {
309
- $this->show_msg_updated(__('Your .htaccess file has successfully been restored!', 'all-in-one-wp-security-and-firewall'));
310
- }
311
- }
312
- else
313
- {
314
- $aio_wp_security->debug_logger->log_debug("htaccess restore failed - Contents of restore file appear invalid!",4);
315
- $this->show_msg_error(__('htaccess Restore operation failed! Please check the contents of the file you are trying to restore from.','all-in-one-wp-security-and-firewall'));
316
- }
317
- }
318
- }
319
-
320
- ?>
321
- <h2><?php _e('.htaccess File Operations', 'all-in-one-wp-security-and-firewall')?></h2>
322
- <div class="aio_blue_box">
323
- <?php
324
- echo '<p>'.__('Your ".htaccess" file is a key component of your website\'s security and it can be modified to implement various levels of protection mechanisms.', 'all-in-one-wp-security-and-firewall').'
325
- <br />'.__('This feature allows you to backup and save your currently active .htaccess file should you need to re-use the the backed up file in the future.', 'all-in-one-wp-security-and-firewall').'
326
- <br />'.__('You can also restore your site\'s .htaccess settings using a backed up .htaccess file.', 'all-in-one-wp-security-and-firewall').'
327
- </p>';
328
- ?>
329
- </div>
330
- <?php
331
- $blog_id = get_current_blog_id();
332
- if (AIOWPSecurity_Utility::is_multisite_install() && !is_main_site( $blog_id ))
333
- {
334
- //Hide config settings if MS and not main site
335
- AIOWPSecurity_Utility::display_multisite_message();
336
- }
337
- else
338
- {
339
- ?>
340
- <div class="postbox">
341
- <h3 class="hndle"><label for="title"><?php _e('Save the current .htaccess file', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
342
- <div class="inside">
343
- <form action="" method="POST">
344
- <?php wp_nonce_field('aiowpsec-save-htaccess-nonce'); ?>
345
- <p class="description"><?php _e('Click the button below to backup and save the currently active .htaccess file.', 'all-in-one-wp-security-and-firewall'); ?></p>
346
- <input type="submit" name="aiowps_save_htaccess" value="<?php _e('Backup .htaccess File', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
347
- </form>
348
- </div></div>
349
- <div class="postbox">
350
- <h3 class="hndle"><label for="title"><?php _e('Restore from a backed up .htaccess file', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
351
- <div class="inside">
352
- <form action="" method="POST">
353
- <?php wp_nonce_field('aiowpsec-restore-htaccess-nonce'); ?>
354
- <table class="form-table">
355
- <tr valign="top">
356
- <th scope="row"><?php _e('.htaccess file to restore from', 'all-in-one-wp-security-and-firewall')?>:</th>
357
- <td>
358
- <input type="button" id="aiowps_htaccess_file_button" name="aiowps_htaccess_file_button" class="button rbutton" value="<?php _e('Select Your htaccess File', 'all-in-one-wp-security-and-firewall'); ?>" />
359
- <input name="aiowps_htaccess_file" type="text" id="aiowps_htaccess_file" value="" size="80" />
360
- <p class="description">
361
- <?php
362
- _e('After selecting your file, click the button below to restore your site using the backed up htaccess file (htaccess_backup.txt).', 'all-in-one-wp-security-and-firewall');
363
- ?>
364
- </p>
365
- </td>
366
- </tr>
367
- </table>
368
- <input type="submit" name="aiowps_restore_htaccess_button" value="<?php _e('Restore .htaccess File', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
369
- </form>
370
- </div></div>
371
- <?php
372
- } // End if statement
373
- }
374
-
375
- function render_tab3()
376
- {
377
- global $aio_wp_security;
378
-
379
- if(isset($_POST['aiowps_restore_wp_config_button']))//Do form submission tasks
380
- {
381
- $nonce=$_REQUEST['_wpnonce'];
382
- if (!wp_verify_nonce($nonce, 'aiowpsec-restore-wp-config-nonce'))
383
- {
384
- $aio_wp_security->debug_logger->log_debug("Nonce check failed on wp-config file restore!",4);
385
- die("Nonce check failed on wp-config file restore!");
386
- }
387
-
388
- if (empty($_POST['aiowps_wp_config_file']))
389
- {
390
- $this->show_msg_error(__('Please choose a wp-config.php file to restore from.', 'all-in-one-wp-security-and-firewall'));
391
- }
392
- else
393
- {
394
- //Let's copy the uploaded wp-config.php file into the active root file
395
- $new_wp_config_file_path = trim($_POST['aiowps_wp_config_file']);
396
-
397
- //Verify that file chosen is a wp-config.file
398
- $is_wp_config = $this->check_if_wp_config_contents($new_wp_config_file_path);
399
- if ($is_wp_config == 1)
400
- {
401
- $active_root_wp_config = AIOWPSecurity_Utility_File::get_wp_config_file_path();
402
- if (!copy($new_wp_config_file_path, $active_root_wp_config))
403
- {
404
- //Failed to make a backup copy
405
- $aio_wp_security->debug_logger->log_debug("wp-config.php - Restore from backed up wp-config operation failed!",4);
406
- $this->show_msg_error(__('wp-config.php file restore failed. Please attempt to restore this file manually using FTP.','all-in-one-wp-security-and-firewall'));
407
- }
408
- else
409
- {
410
- $this->show_msg_updated(__('Your wp-config.php file has successfully been restored!', 'all-in-one-wp-security-and-firewall'));
411
- }
412
- }
413
- else
414
- {
415
- $aio_wp_security->debug_logger->log_debug("wp-config.php restore failed - Contents of restore file appear invalid!",4);
416
- $this->show_msg_error(__('wp-config.php Restore operation failed! Please check the contents of the file you are trying to restore from.','all-in-one-wp-security-and-firewall'));
417
- }
418
- }
419
- }
420
-
421
- ?>
422
- <h2><?php _e('wp-config.php File Operations', 'all-in-one-wp-security-and-firewall')?></h2>
423
- <div class="aio_blue_box">
424
- <?php
425
- echo '<p>'.__('Your "wp-config.php" file is one of the most important in your WordPress installation. It is a primary configuration file and contains crucial things such as details of your database and other critical components.', 'all-in-one-wp-security-and-firewall').'
426
- <br />'.__('This feature allows you to backup and save your currently active wp-config.php file should you need to re-use the the backed up file in the future.', 'all-in-one-wp-security-and-firewall').'
427
- <br />'.__('You can also restore your site\'s wp-config.php settings using a backed up wp-config.php file.', 'all-in-one-wp-security-and-firewall').'
428
- </p>';
429
- ?>
430
- </div>
431
- <?php
432
- $blog_id = get_current_blog_id();
433
- if (AIOWPSecurity_Utility::is_multisite_install() && !is_main_site( $blog_id ))
434
- {
435
- //Hide config settings if MS and not main site
436
- AIOWPSecurity_Utility::display_multisite_message();
437
- }
438
- else
439
- {
440
- ?>
441
- <div class="postbox">
442
- <h3 class="hndle"><label for="title"><?php _e('Save the current wp-config.php file', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
443
- <div class="inside">
444
- <form action="" method="POST">
445
- <?php wp_nonce_field('aiowpsec-save-wp-config-nonce'); ?>
446
- <p class="description"><?php _e('Click the button below to backup and download the contents of the currently active wp-config.php file.', 'all-in-one-wp-security-and-firewall'); ?></p>
447
- <input type="submit" name="aiowps_save_wp_config" value="<?php _e('Backup wp-config.php File', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
448
-
449
- </form>
450
- </div></div>
451
- <div class="postbox">
452
- <h3 class="hndle"><label for="title"><?php _e('Restore from a backed up wp-config file', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
453
- <div class="inside">
454
- <form action="" method="POST">
455
- <?php wp_nonce_field('aiowpsec-restore-wp-config-nonce'); ?>
456
- <table class="form-table">
457
- <tr valign="top">
458
- <th scope="row"><?php _e('wp-config file to restore from', 'all-in-one-wp-security-and-firewall')?>:</th>
459
- <td>
460
- <input type="button" id="aiowps_wp_config_file_button" name="aiowps_wp_config_file_button" class="button rbutton" value="<?php _e('Select Your wp-config File', 'all-in-one-wp-security-and-firewall'); ?>" />
461
- <input name="aiowps_wp_config_file" type="text" id="aiowps_wp_config_file" value="" size="80" />
462
- <p class="description">
463
- <?php
464
- _e('After selecting your file click the button below to restore your site using the backed up wp-config file (wp-config.php.backup.txt).', 'all-in-one-wp-security-and-firewall');
465
- ?>
466
- </p>
467
- </td>
468
- </tr>
469
- </table>
470
- <input type="submit" name="aiowps_restore_wp_config_button" value="<?php _e('Restore wp-config File', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
471
- </form>
472
- </div></div>
473
- <!-- <div class="postbox">-->
474
- <!-- <h3 class="hndle"><label for="title">--><?php //_e('View Contents of the currently active wp-config.php file', 'all-in-one-wp-security-and-firewall'); ?><!--</label></h3>-->
475
- <!-- <div class="inside">-->
476
- <!-- --><?php
477
- // $wp_config_file = AIOWPSecurity_Utility_File::get_wp_config_file_path();
478
- // $wp_config_contents = AIOWPSecurity_Utility_File::get_file_contents($wp_config_file);
479
- // ?>
480
- <!-- <textarea class="aio_text_area_file_output aio_width_80 aio_spacer_10_tb" rows="20" readonly>--><?php //echo $wp_config_contents; ?><!--</textarea>-->
481
- <!-- </div></div>-->
482
-
483
- <?php
484
- } //End if statement
485
- }
486
-
487
- function render_tab4()
488
- {
489
- global $aio_wp_security;
490
- global $aiowps_feature_mgr;
491
-
492
- if(isset($_POST['aiowps_save_remove_wp_meta_info']))//Do form submission tasks
493
- {
494
- $nonce=$_REQUEST['_wpnonce'];
495
- if (!wp_verify_nonce($nonce, 'aiowpsec-remove-wp-meta-info-nonce'))
496
- {
497
- $aio_wp_security->debug_logger->log_debug("Nonce check failed on remove wp meta info options save!",4);
498
- die("Nonce check failed on remove wp meta info options save!");
499
- }
500
- $aio_wp_security->configs->set_value('aiowps_remove_wp_generator_meta_info',isset($_POST["aiowps_remove_wp_generator_meta_info"])?'1':'');
501
- $aio_wp_security->configs->save_config();
502
-
503
- //Recalculate points after the feature status/options have been altered
504
- $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
505
-
506
- $this->show_msg_settings_updated();
507
- }
508
- ?>
509
- <h2><?php _e('WP Generator Meta Tag & Version Info', 'all-in-one-wp-security-and-firewall')?></h2>
510
- <div class="aio_blue_box">
511
- <?php
512
- echo '<p>'.__('Wordpress generator automatically adds some meta information inside the "head" tags of every page on your site\'s front end. Below is an example of this:', 'all-in-one-wp-security-and-firewall');
513
- echo '<br /><strong>&lt;meta name="generator" content="WordPress 3.5.1" /&gt;</strong>';
514
- echo '<br />'.__('The above meta information shows which version of WordPress your site is currently running and thus can help hackers or crawlers scan your site to see if you have an older version of WordPress or one with a known exploit.', 'all-in-one-wp-security-and-firewall').'
515
- <br /><br />'.__('There are also other ways wordpress reveals version info such as during style and script loading. An example of this is:', 'all-in-one-wp-security-and-firewall').'
516
- <br /><strong>&lt;link rel="stylesheet" id="jquery-ui-style-css" href="//ajax.googleapis.com/ajax/libs/jqueryui/1.11.0/themes/smoothness/jquery-ui.css?ver=4.5.2" type="text/css" media="all" /&gt;</strong>
517
- <br /><br />'.__('This feature will allow you to remove the WP generator meta info and other version info from your site\'s pages.', 'all-in-one-wp-security-and-firewall').'
518
- </p>';
519
- ?>
520
- </div>
521
-
522
- <div class="postbox">
523
- <h3 class="hndle"><label for="title"><?php _e('WP Generator Meta Info', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
524
- <div class="inside">
525
- <?php
526
- //Display security info badge
527
- global $aiowps_feature_mgr;
528
- $aiowps_feature_mgr->output_feature_details_badge("wp-generator-meta-tag");
529
- ?>
530
-
531
- <form action="" method="POST">
532
- <?php wp_nonce_field('aiowpsec-remove-wp-meta-info-nonce'); ?>
533
- <table class="form-table">
534
- <tr valign="top">
535
- <th scope="row"><?php _e('Remove WP Generator Meta Info', 'all-in-one-wp-security-and-firewall')?>:</th>
536
- <td>
537
- <input name="aiowps_remove_wp_generator_meta_info" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_remove_wp_generator_meta_info')=='1') echo ' checked="checked"'; ?> value="1"/>
538
- <span class="description"><?php _e('Check this if you want to remove the version and meta info produced by WP from all pages', 'all-in-one-wp-security-and-firewall'); ?></span>
539
- </td>
540
- </tr>
541
- </table>
542
- <input type="submit" name="aiowps_save_remove_wp_meta_info" value="<?php _e('Save Settings', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
543
- </form>
544
- </div></div>
545
- <?php
546
- }
547
-
548
-
549
- function render_tab5()
550
- {
551
- global $aio_wp_security;
552
-
553
- global $wpdb;
554
-
555
- $events_table_name = AIOWPSEC_TBL_EVENTS;
556
- AIOWPSecurity_Utility::cleanup_table($events_table_name, 500);
557
- if(isset($_POST['aiowps_import_settings']))//Do form submission tasks
558
- {
559
- $nonce=$_REQUEST['_wpnonce'];
560
- if (!wp_verify_nonce($nonce, 'aiowpsec-import-settings-nonce'))
561
- {
562
- $aio_wp_security->debug_logger->log_debug("Nonce check failed on import AIOWPS settings!",4);
563
- die("Nonce check failed on import AIOWPS settings!");
564
- }
565
-
566
- if (empty($_POST['aiowps_import_settings_file']) && empty($_POST['aiowps_import_settings_text']))
567
- {
568
- $this->show_msg_error(__('Please choose a file to import your settings from.', 'all-in-one-wp-security-and-firewall'));
569
- }
570
- else
571
- {
572
- if (empty($_POST['aiowps_import_settings_file'])) {
573
- $import_from = "text";
574
- } else {
575
- $import_from = "file";
576
- }
577
-
578
- if ($import_from == "file") {
579
- //Let's get the uploaded import file path
580
- $submitted_import_file_path = trim($_POST['aiowps_import_settings_file']);
581
- $attachment_id = AIOWPSecurity_Utility_File::get_attachment_id_from_url($submitted_import_file_path); //we'll need this later for deleting
582
-
583
- //Verify that file chosen has valid AIOWPS settings contents
584
- $aiowps_settings_file_contents = $this->check_if_valid_aiowps_settings_file($submitted_import_file_path);
585
- } else {
586
- //Get the string right from the textarea. Still confirm it's in the expected format.
587
- $aiowps_settings_file_contents = $this->check_if_valid_aiowps_settings_text($_POST['aiowps_import_settings_text']);
588
- }
589
-
590
- if ($aiowps_settings_file_contents != -1)
591
- {
592
- //Apply the settings and delete the file (if applicable)
593
- $settings_array = json_decode($aiowps_settings_file_contents, true);
594
- $aiowps_settings_applied = update_option('aio_wp_security_configs', $settings_array);
595
-
596
- if (!$aiowps_settings_applied)
597
- {
598
- //Failed to import settings
599
- $aio_wp_security->debug_logger->log_debug("Import AIOWPS settings from " . $import_from . " operation failed!",4);
600
- $this->show_msg_error(__('Import AIOWPS settings from ' . $import_from . ' operation failed!','all-in-one-wp-security-and-firewall'));
601
-
602
- if ($import_from == "file") {
603
- //Delete the uploaded settings file for security purposes
604
- wp_delete_attachment( $attachment_id, true );
605
- if ( false === wp_delete_attachment( $attachment_id, true ) ){
606
- $this->show_msg_error(__('The deletion of the import file failed. Please delete this file manually via the media menu for security purposes.', 'all-in-one-wp-security-and-firewall'));
607
- }else{
608
- $this->show_msg_updated(__('The file you uploaded was also deleted for security purposes because it contains security settings details.', 'all-in-one-wp-security-and-firewall'));
609
- }
610
- }
611
- }
612
- else
613
- {
614
- $aio_wp_security->configs->configs = $settings_array; //Refresh the configs global variable
615
-
616
- //Just in case user submits partial config settings
617
- //Run add_option_values to make sure any missing config items are at least set to default
618
- AIOWPSecurity_Configure_Settings::add_option_values();
619
- if ($import_from == "file") {
620
- //Delete the uploaded settings file for security purposes
621
- wp_delete_attachment( $attachment_id, true );
622
- if ( false === wp_delete_attachment( $attachment_id, true ) ){
623
- $this->show_msg_updated(__('Your AIOWPS settings were successfully imported via file input.', 'all-in-one-wp-security-and-firewall'));
624
- $this->show_msg_error(__('The deletion of the import file failed. Please delete this file manually via the media menu for security purposes because it contains security settings details.', 'all-in-one-wp-security-and-firewall'));
625
- }else{
626
- $this->show_msg_updated(__('Your AIOWPS settings were successfully imported. The file you uploaded was also deleted for security purposes because it contains security settings details.', 'all-in-one-wp-security-and-firewall'));
627
- }
628
- } else {
629
- $this->show_msg_updated(__('Your AIOWPS settings were successfully imported via text entry.', 'all-in-one-wp-security-and-firewall'));
630
- }
631
- //Now let's refresh the .htaccess file with any modified rules if applicable
632
- $res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
633
-
634
- if( !$res )
635
- {
636
- $this->show_msg_error(__('Could not write to the .htaccess file. Please check the file permissions.', 'all-in-one-wp-security-and-firewall'));
637
- }
638
- }
639
- }
640
- else
641
- {
642
- //Invalid settings file
643
- $aio_wp_security->debug_logger->log_debug("The contents of your settings file appear invalid!",4);
644
- $this->show_msg_error(__('The contents of your settings file appear invalid. Please check the contents of the file you are trying to import settings from.','all-in-one-wp-security-and-firewall'));
645
-
646
- if ($import_from == "file") {
647
- //Let's also delete the uploaded settings file for security purposes
648
- wp_delete_attachment( $attachment_id, true );
649
- if ( false === wp_delete_attachment( $attachment_id, true ) ){
650
- $this->show_msg_error(__('The deletion of the import file failed. Please delete this file manually via the media menu for security purposes.', 'all-in-one-wp-security-and-firewall'));
651
- }else{
652
- $this->show_msg_updated(__('The file you uploaded was also deleted for security purposes because it contains security settings details.', 'all-in-one-wp-security-and-firewall'));
653
- }
654
- }
655
-
656
- }
657
- }
658
- }
659
-
660
- ?>
661
- <h2><?php _e('Export or Import Your AIOWPS Settings', 'all-in-one-wp-security-and-firewall')?></h2>
662
- <div class="aio_blue_box">
663
- <?php
664
- echo '<p>'.__('This section allows you to export or import your All In One WP Security & Firewall settings.', 'all-in-one-wp-security-and-firewall');
665
- echo '<br />'.__('This can be handy if you wanted to save time by applying the settings from one site to another site.', 'all-in-one-wp-security-and-firewall').'
666
- <br />'.__('NOTE: Before importing, it is your responsibility to know what settings you are trying to import. Importing settings blindly can cause you to be locked out of your site.', 'all-in-one-wp-security-and-firewall').'
667
- <br />'.__('For Example: If a settings item relies on the domain URL then it may not work correctly when imported into a site with a different domain.','all-in-one-wp-security-and-firewall').'
668
- </p>';
669
- ?>
670
- </div>
671
-
672
- <div class="postbox">
673
- <h3 class="hndle"><label for="title"><?php _e('Export AIOWPS Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
674
- <div class="inside">
675
- <form action="" method="POST">
676
- <?php wp_nonce_field('aiowpsec-export-settings-nonce'); ?>
677
- <table class="form-table">
678
- <tr valign="top">
679
- <span class="description"><?php _e('To export your All In One WP Security & Firewall settings click the button below.', 'all-in-one-wp-security-and-firewall'); ?></span>
680
- </tr>
681
- </table>
682
- <input type="submit" name="aiowps_export_settings" value="<?php _e('Export AIOWPS Settings', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
683
- </form>
684
- </div></div>
685
- <div class="postbox">
686
- <h3 class="hndle"><label for="title"><?php _e('Import AIOWPS Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
687
- <div class="inside">
688
- <form action="" method="POST">
689
- <?php wp_nonce_field('aiowpsec-import-settings-nonce'); ?>
690
- <table class="form-table">
691
- <tr valign="top">
692
- <span class="description"><?php _e('Use this section to import your All In One WP Security & Firewall settings from a file. Alternatively, copy/paste the contents of your import file into the textarea below.', 'all-in-one-wp-security-and-firewall'); ?></span>
693
- <th scope="row"><?php _e('Import File', 'all-in-one-wp-security-and-firewall')?>:</th>
694
- <td>
695
- <input type="button" id="aiowps_import_settings_file_button" name="aiowps_import_settings_file_button" class="button rbutton" value="<?php _e('Select Your Import Settings File', 'all-in-one-wp-security-and-firewall'); ?>" />
696
- <input name="aiowps_import_settings_file" type="text" id="aiowps_import_settings_file" value="" size="80" />
697
- <p class="description">
698
- <?php
699
- _e('After selecting your file, click the button below to apply the settings to your site.', 'all-in-one-wp-security-and-firewall');
700
- ?>
701
- </p>
702
- </td>
703
- </tr>
704
- <tr valign="top">
705
- <th scope="row"><?php _e('Copy/Paste Import Data', 'all-in-one-wp-security-and-firewall')?>:</th>
706
- <td>
707
- <textarea name="aiowps_import_settings_text" id="aiowps_import_settings_text" style="width:80%;height:140px;"></textarea>
708
- </td>
709
- </tr>
710
- </table>
711
- <input type="submit" name="aiowps_import_settings" value="<?php _e('Import AIOWPS Settings', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
712
- </form>
713
- </div></div>
714
- <?php
715
- }
716
-
717
- function render_tab6()
718
- {
719
- global $aio_wp_security;
720
-
721
- $result = 1;
722
- if (isset($_POST['aiowps_save_advanced_settings']))
723
- {
724
- $nonce=$_REQUEST['_wpnonce'];
725
- if (!wp_verify_nonce($nonce, 'aiowpsec-ip-settings-nonce'))
726
- {
727
- $aio_wp_security->debug_logger->log_debug("Nonce check failed for save advanced settings!",4);
728
- die(__('Nonce check failed for save advanced settings!','aiowpsecurity'));
729
- }
730
-
731
- $aio_wp_security->configs->set_value('aiowps_ip_retrieve_method', sanitize_text_field($_POST["aiowps_ip_retrieve_method"]));
732
- $aio_wp_security->configs->save_config(); //Save the configuration
733
-
734
- //Clear logged in list because it might be showing wrong addresses
735
- if (AIOWPSecurity_Utility::is_multisite_install()){
736
- delete_site_transient('users_online');
737
- }
738
- else{
739
- delete_transient('users_online');
740
- }
741
-
742
- $this->show_msg_settings_updated();
743
- }
744
- ?>
745
- <div class="postbox">
746
- <h3 class="hndle"><label for="title"><?php _e('IP Retrieval Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
747
- <div class="inside">
748
- <div class="aio_blue_box">
749
- <?php
750
- echo '<p>'.__('The IP Retrieval Settings allow you to specify which $_SERVER global variable you want this plugin to use to retrieve the visitor IP address.', 'all-in-one-wp-security-and-firewall').
751
- '<br />'.__('By default this plugin uses the $_SERVER[\'REMOTE_ADDR\'] variable to retrieve the visitor IP address. This should normally be the most accurate safest way to get the IP.', 'all-in-one-wp-security-and-firewall').
752
- '<br />'.__('However in some setups such as those using proxies, load-balancers and CloudFlare, it may be necessary to use a different $_SERVER variable.', 'all-in-one-wp-security-and-firewall').
753
- '<br />'.__('You can use the settings below to configure which $_SERVER global you would like to use for retrieving the IP address.', 'all-in-one-wp-security-and-firewall').'</p>';
754
- ?>
755
- </div>
756
-
757
- <form action="" method="POST">
758
- <?php wp_nonce_field('aiowpsec-ip-settings-nonce'); ?>
759
- <table class="form-table">
760
- <tr valign="top">
761
- <td>
762
- <select id="aiowps_ip_retrieve_method" name="aiowps_ip_retrieve_method">
763
- <option value="0" <?php selected( $aio_wp_security->configs->get_value('aiowps_ip_retrieve_method'), '0' ); ?>><?php echo 'REMOTE_ADDR' .' ('.__('Default','all-in-one-wp-security-and-firewall').')'; ?></option>
764
- <option value="1" <?php selected( $aio_wp_security->configs->get_value('aiowps_ip_retrieve_method'), '1' ); ?>><?php echo 'HTTP_CF_CONNECTING_IP'; ?></option>
765
- <option value="2" <?php selected( $aio_wp_security->configs->get_value('aiowps_ip_retrieve_method'), '2' ); ?>><?php echo 'HTTP_X_FORWARDED_FOR'; ?></option>
766
- <option value="3" <?php selected( $aio_wp_security->configs->get_value('aiowps_ip_retrieve_method'), '3' ); ?>><?php echo 'HTTP_X_FORWARDED'; ?></option>
767
- <option value="4" <?php selected( $aio_wp_security->configs->get_value('aiowps_ip_retrieve_method'), '4' ); ?>><?php echo 'HTTP_CLIENT_IP'; ?></option>
768
- </select>
769
- <span class="description"><?php _e('Choose a $_SERVER variable you would like to retrieve the visitor IP address from.', 'all-in-one-wp-security-and-firewall'); ?>
770
- </span>
771
- <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
772
- <div class="aiowps_more_info_body">
773
- <p class="description">
774
- <?php
775
- _e('If your chosen server variable fails the plugin will automatically fall back to retrieving the IP address from $_SERVER["REMOTE_ADDR"]', 'all-in-one-wp-security-and-firewall');
776
- ?>
777
- </p>
778
- </div>
779
- </td>
780
- </tr>
781
- </table>
782
- <input type="submit" name="aiowps_save_advanced_settings" value="<?php _e('Save Settings', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
783
- </form>
784
- </div></div>
785
- <?php
786
-
787
- }
788
-
789
- function check_if_wp_config_contents($wp_file)
790
- {
791
- $is_wp_config = false;
792
-
793
- $file_contents = file($wp_file);
794
-
795
- if ($file_contents == '' || $file_contents == NULL || $file_contents == false)
796
- {
797
- return -1;
798
- }
799
- foreach ($file_contents as $line)
800
- {
801
- if ((strpos($line, "define('DB_NAME'") !== false))
802
- {
803
- $is_wp_config = true; //It appears that we have some sort of wp-config.php file
804
- break;
805
- }
806
- else
807
- {
808
- //see if we're at the end of the section
809
- $is_wp_config = false;
810
- }
811
- }
812
- if ($is_wp_config)
813
- {
814
- return 1;
815
- }
816
- else
817
- {
818
- return -1;
819
- }
820
-
821
- }
822
-
823
- function check_if_valid_aiowps_settings_text($strText) {
824
- if ($this->check_is_aiopws_settings($strText)) {
825
- return stripcslashes($strText);
826
- } else {
827
- return -1;
828
- }
829
- }
830
-
831
- function check_is_aiopws_settings($strText) {
832
- if(strpos($strText, 'aiowps_enable_login_lockdown') === FALSE){
833
- return false;
834
- } else {
835
- return true;
836
- }
837
- }
838
-
839
- //Checks if valid aiowps settings file and returns contents as string
840
- function check_if_valid_aiowps_settings_file($wp_file)
841
- {
842
- $is_aiopws_settings = false;
843
-
844
- $file_contents = file_get_contents($wp_file);
845
-
846
- if ($file_contents == '' || $file_contents == NULL || $file_contents == false)
847
- {
848
- return -1;
849
- }
850
-
851
- //Check a known aiowps config strings to see if it is contained within this file
852
- $is_aiopws_settings = $this->check_is_aiopws_settings($file_contents);
853
-
854
- if ($is_aiopws_settings)
855
- {
856
- return $file_contents;
857
- }
858
- else
859
- {
860
- return -1;
861
- }
862
-
863
- }
864
-
865
  } //end class
1
+ <?php
2
+ if(!defined('ABSPATH')){
3
+ exit;//Exit if accessed directly
4
+ }
5
+
6
+ class AIOWPSecurity_Settings_Menu extends AIOWPSecurity_Admin_Menu
7
+ {
8
+ var $menu_page_slug = AIOWPSEC_SETTINGS_MENU_SLUG;
9
+
10
+ /* Specify all the tabs of this menu in the following array */
11
+ var $menu_tabs;
12
+
13
+ var $menu_tabs_handler = array(
14
+ 'tab1' => 'render_tab1',
15
+ 'tab2' => 'render_tab2',
16
+ 'tab3' => 'render_tab3',
17
+ 'tab4' => 'render_tab4',
18
+ 'tab5' => 'render_tab5',
19
+ 'tab6' => 'render_tab6',
20
+ );
21
+
22
+ function __construct()
23
+ {
24
+ $this->render_menu_page();
25
+ }
26
+
27
+ function set_menu_tabs()
28
+ {
29
+ $this->menu_tabs = array(
30
+ 'tab1' => __('General Settings', 'all-in-one-wp-security-and-firewall'),
31
+ 'tab2' => '.htaccess '.__('File', 'all-in-one-wp-security-and-firewall'),
32
+ 'tab3' => 'wp-config.php '.__('File', 'all-in-one-wp-security-and-firewall'),
33
+ 'tab4' => __('WP Version Info', 'all-in-one-wp-security-and-firewall'),
34
+ 'tab5' => __('Import/Export', 'all-in-one-wp-security-and-firewall'),
35
+ 'tab6' => __('Advanced Settings', 'all-in-one-wp-security-and-firewall'),
36
+ );
37
+ }
38
+
39
+ function get_current_tab()
40
+ {
41
+ $tab_keys = array_keys($this->menu_tabs);
42
+ $tab = isset( $_GET['tab'] ) ? sanitize_text_field($_GET['tab']) : $tab_keys[0];
43
+ return $tab;
44
+ }
45
+
46
+ /*
47
+ * Renders our tabs of this menu as nav items
48
+ */
49
+ function render_menu_tabs()
50
+ {
51
+ $current_tab = $this->get_current_tab();
52
+
53
+ echo '<h2 class="nav-tab-wrapper">';
54
+ foreach ( $this->menu_tabs as $tab_key => $tab_caption )
55
+ {
56
+ $active = $current_tab == $tab_key ? 'nav-tab-active' : '';
57
+ echo '<a class="nav-tab ' . $active . '" href="?page=' . $this->menu_page_slug . '&tab=' . $tab_key . '">' . $tab_caption . '</a>';
58
+ }
59
+ echo '</h2>';
60
+ }
61
+
62
+ /*
63
+ * The menu rendering goes here
64
+ */
65
+ function render_menu_page()
66
+ {
67
+ echo '<div class="wrap">';
68
+ echo '<h2>'.__('Settings','all-in-one-wp-security-and-firewall').'</h2>';//Interface title
69
+ $this->set_menu_tabs();
70
+ $tab = $this->get_current_tab();
71
+ $this->render_menu_tabs();
72
+ ?>
73
+ <div id="poststuff"><div id="post-body">
74
+ <?php
75
+ //$tab_keys = array_keys($this->menu_tabs);
76
+ call_user_func(array($this, $this->menu_tabs_handler[$tab]));
77
+ ?>
78
+ </div></div>
79
+ </div><!-- end of wrap -->
80
+ <?php
81
+ }
82
+
83
+ function render_tab1()
84
+ {
85
+ global $aio_wp_security;
86
+ if(isset($_POST['aiowpsec_disable_all_features']))//Do form submission tasks
87
+ {
88
+ $nonce=$_REQUEST['_wpnonce'];
89
+ if (!wp_verify_nonce($nonce, 'aiowpsec-disable-all-features'))
90
+ {
91
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed on disable all security features!",4);
92
+ die("Nonce check failed on disable all security features!");
93
+ }
94
+ AIOWPSecurity_Configure_Settings::turn_off_all_security_features();
95
+ //Now let's clear the applicable rules from the .htaccess file
96
+ $res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
97
+
98
+ //Now let's revert the disable editing setting in the wp-config.php file if necessary
99
+ $res2 = AIOWPSecurity_Utility::enable_file_edits();
100
+
101
+ if ($res)
102
+ {
103
+ $this->show_msg_updated(__('All the security features have been disabled successfully!', 'all-in-one-wp-security-and-firewall'));
104
+ }
105
+ else
106
+ {
107
+ $this->show_msg_error(__('Could not write to the .htaccess file. Please restore your .htaccess file manually using the restore functionality in the ".htaccess File".', 'all-in-one-wp-security-and-firewall'));
108
+ }
109
+
110
+ if(!$res2)
111
+ {
112
+ $this->show_msg_error(__('Could not write to the wp-config.php. Please restore your wp-config.php file manually using the restore functionality in the "wp-config.php File".', 'all-in-one-wp-security-and-firewall'));
113
+ }
114
+ }
115
+
116
+ if(isset($_POST['aiowpsec_disable_all_firewall_rules']))//Do form submission tasks
117
+ {
118
+ $nonce=$_REQUEST['_wpnonce'];
119
+ if (!wp_verify_nonce($nonce, 'aiowpsec-disable-all-firewall-rules'))
120
+ {
121
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed on disable all firewall rules!",4);
122
+ die("Nonce check failed on disable all firewall rules!");
123
+ }
124
+ AIOWPSecurity_Configure_Settings::turn_off_all_firewall_rules();
125
+ //Now let's clear the applicable rules from the .htaccess file
126
+ $res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
127
+
128
+ if ($res)
129
+ {
130
+ $this->show_msg_updated(__('All firewall rules have been disabled successfully!', 'all-in-one-wp-security-and-firewall'));
131
+ }
132
+ else
133
+ {
134
+ $this->show_msg_error(__('Could not write to the .htaccess file. Please restore your .htaccess file manually using the restore functionality in the ".htaccess File".', 'all-in-one-wp-security-and-firewall'));
135
+ }
136
+ }
137
+
138
+ if(isset($_POST['aiowps_save_debug_settings']))//Do form submission tasks
139
+ {
140
+ $nonce=$_REQUEST['_wpnonce'];
141
+ if (!wp_verify_nonce($nonce, 'aiowpsec-save-debug-settings'))
142
+ {
143
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed on save debug settings!",4);
144
+ die("Nonce check failed on save debug settings!");
145
+ }
146
+
147
+ $aio_wp_security->configs->set_value('aiowps_enable_debug',isset($_POST["aiowps_enable_debug"])?'1':'');
148
+ $aio_wp_security->configs->save_config();
149
+ $this->show_msg_settings_updated();
150
+ }
151
+
152
+ ?>
153
+ <div class="aio_grey_box">
154
+ <p><?php _e('For information, updates and documentation, please visit the', 'all-in-one-wp-security-and-firewall'); ?> <a href="https://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin" target="_blank">AIO WP Security & Firewall Plugin</a> <?php _e('Page', 'all-in-one-wp-security-and-firewall'); ?>.</p>
155
+ <p><a href="https://www.tipsandtricks-hq.com/development-center" target="_blank"><?php _e('Follow us', 'all-in-one-wp-security-and-firewall'); ?></a> <?php _e('on Twitter, Google+ or via Email to stay up to date about the new security features of this plugin.', 'all-in-one-wp-security-and-firewall'); ?></p>
156
+ </div>
157
+
158
+ <div class="postbox">
159
+ <h3 class="hndle"><label for="title"><?php _e('WP Security Plugin', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
160
+ <div class="inside">
161
+ <p><?php _e('Thank you for using our WordPress security plugin. There are a lot of security features in this plugin.', 'all-in-one-wp-security-and-firewall'); ?></p>
162
+ <p><?php _e('Go through each menu items and enable the security options to add more security to your site. Start by activating the basic features first.', 'all-in-one-wp-security-and-firewall'); ?></p>
163
+ <p><?php _e('It is a good practice to take a backup of your .htaccess file, database and wp-config.php file before activating the security features. This plugin has options that you can use to backup those resources easily.', 'all-in-one-wp-security-and-firewall'); ?></p>
164
+ <p>
165
+ <ul class="aiowps_admin_ul_grp1">
166
+ <li><a href="admin.php?page=aiowpsec_database&tab=tab2" target="_blank"><?php _e('Backup your database', 'all-in-one-wp-security-and-firewall'); ?></a></li>
167
+ <li><a href="admin.php?page=aiowpsec_settings&tab=tab2" target="_blank"><?php _e('Backup .htaccess file', 'all-in-one-wp-security-and-firewall'); ?></a></li>
168
+ <li><a href="admin.php?page=aiowpsec_settings&tab=tab3" target="_blank"><?php _e('Backup wp-config.php file', 'all-in-one-wp-security-and-firewall'); ?></a></li>
169
+ </ul>
170
+ </p>
171
+ </div>
172
+ </div> <!-- end postbox-->
173
+
174
+ <div class="postbox">
175
+ <h3 class="hndle"><label for="title"><?php _e('Disable Security Features', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
176
+ <div class="inside">
177
+ <form method="post" action="">
178
+ <?php wp_nonce_field('aiowpsec-disable-all-features'); ?>
179
+ <div class="aio_blue_box">
180
+ <?php
181
+ echo '<p>'.__('If you think that some plugin functionality on your site is broken due to a security feature you enabled in this plugin, then use the following option to turn off all the security features of this plugin.', 'all-in-one-wp-security-and-firewall').'</p>';
182
+ ?>
183
+ </div>
184
+ <div class="submit">
185
+ <input type="submit" class="button" name="aiowpsec_disable_all_features" value="<?php _e('Disable All Security Features', 'all-in-one-wp-security-and-firewall'); ?>" />
186
+ </div>
187
+ </form>
188
+ </div>
189
+ </div> <!-- end postbox-->
190
+
191
+ <div class="postbox">
192
+ <h3 class="hndle"><label for="title"><?php _e('Disable All Firewall Rules', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
193
+ <div class="inside">
194
+ <form method="post" action="">
195
+ <?php wp_nonce_field('aiowpsec-disable-all-firewall-rules'); ?>
196
+ <div class="aio_blue_box">
197
+ <?php
198
+ echo '<p>'.__('This feature will disable all firewall rules which are currently active in this plugin and it will also delete these rules from your .htacess file. Use it if you think one of the firewall rules is causing an issue on your site.', 'all-in-one-wp-security-and-firewall').'</p>';
199
+ ?>
200
+ </div>
201
+ <div class="submit">
202
+ <input type="submit" class="button" name="aiowpsec_disable_all_firewall_rules" value="<?php _e('Disable All Firewall Rules', 'all-in-one-wp-security-and-firewall'); ?>" />
203
+ </div>
204
+ </form>
205
+ </div>
206
+ </div> <!-- end postbox-->
207
+
208
+ <div class="postbox">
209
+ <h3 class="hndle"><label for="title"><?php _e('Debug Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
210
+ <div class="inside">
211
+ <form method="post" action="">
212
+ <?php wp_nonce_field('aiowpsec-save-debug-settings'); ?>
213
+ <div class="aio_blue_box">
214
+ <?php
215
+ echo '<p>'.__('This setting allows you to enable/disable debug for this plugin.', 'all-in-one-wp-security-and-firewall').'</p>';
216
+ ?>
217
+ </div>
218
+
219
+ <table class="form-table">
220
+ <tr valign="top">
221
+ <th scope="row"><?php _e('Enable Debug', 'all-in-one-wp-security-and-firewall')?>:</th>
222
+ <td>
223
+ <input name="aiowps_enable_debug" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_debug')=='1') echo ' checked="checked"'; ?> value="1"/>
224
+ <span class="description"><?php _e('Check this if you want to enable debug. You should keep this option disabled after you have finished debugging the issue.', 'all-in-one-wp-security-and-firewall'); ?></span>
225
+ </td>
226
+ </tr>
227
+ </table>
228
+ <input type="submit" name="aiowps_save_debug_settings" value="<?php _e('Save Debug Settings', 'all-in-one-wp-security-and-firewall')?>" class="button" />
229
+ </form>
230
+ </div>
231
+ </div> <!-- end postbox-->
232
+ <?php
233
+ }
234
+
235
+ function render_tab2()
236
+ {
237
+ global $aio_wp_security;
238
+
239
+ if ( !function_exists( 'get_home_path' ) ) require_once( ABSPATH. '/wp-admin/includes/file.php' );
240
+ $home_path = get_home_path();
241
+ $htaccess_path = $home_path . '.htaccess';
242
+
243
+ if(isset($_POST['aiowps_save_htaccess']))//Do form submission tasks
244
+ {
245
+ $nonce=$_REQUEST['_wpnonce'];
246
+ if (!wp_verify_nonce($nonce, 'aiowpsec-save-htaccess-nonce'))
247
+ {
248
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed on htaccess file save!",4);
249
+ die("Nonce check failed on htaccess file save!");
250
+ }
251
+
252
+ $result = AIOWPSecurity_Utility_File::backup_and_rename_htaccess($htaccess_path); //Backup the htaccess file
253
+
254
+ if ($result)
255
+ {
256
+ $random_prefix = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(10);
257
+ $aiowps_backup_dir = WP_CONTENT_DIR.'/'.AIO_WP_SECURITY_BACKUPS_DIR_NAME;
258
+ if (rename($aiowps_backup_dir.'/'.'.htaccess.backup', $aiowps_backup_dir.'/'.$random_prefix.'_htaccess_backup.txt'))
259
+ {
260
+ echo '<div id="message" class="updated fade"><p>';
261
+ _e('Your .htaccess file was successfully backed up! Using an FTP program go to the "/wp-content/aiowps_backups" directory to save a copy of the file to your computer.','all-in-one-wp-security-and-firewall');
262
+ echo '</p></div>';
263
+ }
264
+ else
265
+ {
266
+ $aio_wp_security->debug_logger->log_debug("htaccess file rename failed during backup!",4);
267
+ $this->show_msg_error(__('htaccess file rename failed during backup. Please check your root directory for the backup file using FTP.','all-in-one-wp-security-and-firewall'));
268
+ }
269
+ }
270
+ else
271
+ {
272
+ $aio_wp_security->debug_logger->log_debug("htaccess - Backup operation failed!",4);
273
+ $this->show_msg_error(__('htaccess backup failed.','all-in-one-wp-security-and-firewall'));
274
+ }
275
+ }
276
+
277
+ if(isset($_POST['aiowps_restore_htaccess_button']))//Do form submission tasks
278
+ {
279
+ $nonce=$_REQUEST['_wpnonce'];
280
+ if (!wp_verify_nonce($nonce, 'aiowpsec-restore-htaccess-nonce'))
281
+ {
282
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed on htaccess file restore!",4);
283
+ die("Nonce check failed on htaccess file restore!");
284
+ }
285
+
286
+ if (empty($_POST['aiowps_htaccess_file']))
287
+ {
288
+ $this->show_msg_error(__('Please choose a .htaccess to restore from.', 'all-in-one-wp-security-and-firewall'));
289
+ }
290
+ else
291
+ {
292
+ //Let's copy the uploaded .htaccess file into the active root file
293
+ $new_htaccess_file_path = trim($_POST['aiowps_htaccess_file']);
294
+ //TODO
295
+ //Verify that file chosen has contents which are relevant to .htaccess file
296
+ $is_htaccess = AIOWPSecurity_Utility_Htaccess::check_if_htaccess_contents($new_htaccess_file_path);
297
+ if ($is_htaccess == 1)
298
+ {
299
+ if (!copy($new_htaccess_file_path, $htaccess_path))
300
+ {
301
+ //Failed to make a backup copy
302
+ $aio_wp_security->debug_logger->log_debug("htaccess - Restore from .htaccess operation failed!",4);
303
+ $this->show_msg_error(__('htaccess file restore failed. Please attempt to restore the .htaccess manually using FTP.','all-in-one-wp-security-and-firewall'));
304
+ }
305
+ else
306
+ {
307
+ $this->show_msg_updated(__('Your .htaccess file has successfully been restored!', 'all-in-one-wp-security-and-firewall'));
308
+ }
309
+ }
310
+ else
311
+ {
312
+ $aio_wp_security->debug_logger->log_debug("htaccess restore failed - Contents of restore file appear invalid!",4);
313
+ $this->show_msg_error(__('htaccess Restore operation failed! Please check the contents of the file you are trying to restore from.','all-in-one-wp-security-and-firewall'));
314
+ }
315
+ }
316
+ }
317
+
318
+ ?>
319
+ <h2><?php _e('.htaccess File Operations', 'all-in-one-wp-security-and-firewall')?></h2>
320
+ <div class="aio_blue_box">
321
+ <?php
322
+ echo '<p>'.__('Your ".htaccess" file is a key component of your website\'s security and it can be modified to implement various levels of protection mechanisms.', 'all-in-one-wp-security-and-firewall').'
323
+ <br />'.__('This feature allows you to backup and save your currently active .htaccess file should you need to re-use the the backed up file in the future.', 'all-in-one-wp-security-and-firewall').'
324
+ <br />'.__('You can also restore your site\'s .htaccess settings using a backed up .htaccess file.', 'all-in-one-wp-security-and-firewall').'
325
+ </p>';
326
+ ?>
327
+ </div>
328
+ <?php
329
+ $blog_id = get_current_blog_id();
330
+ if (AIOWPSecurity_Utility::is_multisite_install() && !is_main_site( $blog_id ))
331
+ {
332
+ //Hide config settings if MS and not main site
333
+ AIOWPSecurity_Utility::display_multisite_message();
334
+ }
335
+ else
336
+ {
337
+ ?>
338
+ <div class="postbox">
339
+ <h3 class="hndle"><label for="title"><?php _e('Save the current .htaccess file', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
340
+ <div class="inside">
341
+ <form action="" method="POST">
342
+ <?php wp_nonce_field('aiowpsec-save-htaccess-nonce'); ?>
343
+ <p class="description"><?php _e('Click the button below to backup and save the currently active .htaccess file.', 'all-in-one-wp-security-and-firewall'); ?></p>
344
+ <input type="submit" name="aiowps_save_htaccess" value="<?php _e('Backup .htaccess File', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
345
+ </form>
346
+ </div></div>
347
+ <div class="postbox">
348
+ <h3 class="hndle"><label for="title"><?php _e('Restore from a backed up .htaccess file', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
349
+ <div class="inside">
350
+ <form action="" method="POST">
351
+ <?php wp_nonce_field('aiowpsec-restore-htaccess-nonce'); ?>
352
+ <table class="form-table">
353
+ <tr valign="top">
354
+ <th scope="row"><?php _e('.htaccess file to restore from', 'all-in-one-wp-security-and-firewall')?>:</th>
355
+ <td>
356
+ <input type="button" id="aiowps_htaccess_file_button" name="aiowps_htaccess_file_button" class="button rbutton" value="<?php _e('Select Your htaccess File', 'all-in-one-wp-security-and-firewall'); ?>" />
357
+ <input name="aiowps_htaccess_file" type="text" id="aiowps_htaccess_file" value="" size="80" />
358
+ <p class="description">
359
+ <?php
360
+ _e('After selecting your file, click the button below to restore your site using the backed up htaccess file (htaccess_backup.txt).', 'all-in-one-wp-security-and-firewall');
361
+ ?>
362
+ </p>
363
+ </td>
364
+ </tr>
365
+ </table>
366
+ <input type="submit" name="aiowps_restore_htaccess_button" value="<?php _e('Restore .htaccess File', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
367
+ </form>
368
+ </div></div>
369
+ <?php
370
+ } // End if statement
371
+ }
372
+
373
+ function render_tab3()
374
+ {
375
+ global $aio_wp_security;
376
+
377
+ if(isset($_POST['aiowps_restore_wp_config_button']))//Do form submission tasks
378
+ {
379
+ $nonce=$_REQUEST['_wpnonce'];
380
+ if (!wp_verify_nonce($nonce, 'aiowpsec-restore-wp-config-nonce'))
381
+ {
382
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed on wp-config file restore!",4);
383
+ die("Nonce check failed on wp-config file restore!");
384
+ }
385
+
386
+ if (empty($_POST['aiowps_wp_config_file']))
387
+ {
388
+ $this->show_msg_error(__('Please choose a wp-config.php file to restore from.', 'all-in-one-wp-security-and-firewall'));
389
+ }
390
+ else
391
+ {
392
+ //Let's copy the uploaded wp-config.php file into the active root file
393
+ $new_wp_config_file_path = trim($_POST['aiowps_wp_config_file']);
394
+
395
+ //Verify that file chosen is a wp-config.file
396
+ $is_wp_config = $this->check_if_wp_config_contents($new_wp_config_file_path);
397
+ if ($is_wp_config == 1)
398
+ {
399
+ $active_root_wp_config = AIOWPSecurity_Utility_File::get_wp_config_file_path();
400
+ if (!copy($new_wp_config_file_path, $active_root_wp_config))
401
+ {
402
+ //Failed to make a backup copy
403
+ $aio_wp_security->debug_logger->log_debug("wp-config.php - Restore from backed up wp-config operation failed!",4);
404
+ $this->show_msg_error(__('wp-config.php file restore failed. Please attempt to restore this file manually using FTP.','all-in-one-wp-security-and-firewall'));
405
+ }
406
+ else
407
+ {
408
+ $this->show_msg_updated(__('Your wp-config.php file has successfully been restored!', 'all-in-one-wp-security-and-firewall'));
409
+ }
410
+ }
411
+ else
412
+ {
413
+ $aio_wp_security->debug_logger->log_debug("wp-config.php restore failed - Contents of restore file appear invalid!",4);
414
+ $this->show_msg_error(__('wp-config.php Restore operation failed! Please check the contents of the file you are trying to restore from.','all-in-one-wp-security-and-firewall'));
415
+ }
416
+ }
417
+ }
418
+
419
+ ?>
420
+ <h2><?php _e('wp-config.php File Operations', 'all-in-one-wp-security-and-firewall')?></h2>
421
+ <div class="aio_blue_box">
422
+ <?php
423
+ echo '<p>'.__('Your "wp-config.php" file is one of the most important in your WordPress installation. It is a primary configuration file and contains crucial things such as details of your database and other critical components.', 'all-in-one-wp-security-and-firewall').'
424
+ <br />'.__('This feature allows you to backup and save your currently active wp-config.php file should you need to re-use the the backed up file in the future.', 'all-in-one-wp-security-and-firewall').'
425
+ <br />'.__('You can also restore your site\'s wp-config.php settings using a backed up wp-config.php file.', 'all-in-one-wp-security-and-firewall').'
426
+ </p>';
427
+ ?>
428
+ </div>
429
+ <?php
430
+ $blog_id = get_current_blog_id();
431
+ if (AIOWPSecurity_Utility::is_multisite_install() && !is_main_site( $blog_id ))
432
+ {
433
+ //Hide config settings if MS and not main site
434
+ AIOWPSecurity_Utility::display_multisite_message();
435
+ }
436
+ else
437
+ {
438
+ ?>
439
+ <div class="postbox">
440
+ <h3 class="hndle"><label for="title"><?php _e('Save the current wp-config.php file', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
441
+ <div class="inside">
442
+ <form action="" method="POST">
443
+ <?php wp_nonce_field('aiowpsec-save-wp-config-nonce'); ?>
444
+ <p class="description"><?php _e('Click the button below to backup and download the contents of the currently active wp-config.php file.', 'all-in-one-wp-security-and-firewall'); ?></p>
445
+ <input type="submit" name="aiowps_save_wp_config" value="<?php _e('Backup wp-config.php File', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
446
+
447
+ </form>
448
+ </div></div>
449
+ <div class="postbox">
450
+ <h3 class="hndle"><label for="title"><?php _e('Restore from a backed up wp-config file', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
451
+ <div class="inside">
452
+ <form action="" method="POST">
453
+ <?php wp_nonce_field('aiowpsec-restore-wp-config-nonce'); ?>
454
+ <table class="form-table">
455
+ <tr valign="top">
456
+ <th scope="row"><?php _e('wp-config file to restore from', 'all-in-one-wp-security-and-firewall')?>:</th>
457
+ <td>
458
+ <input type="button" id="aiowps_wp_config_file_button" name="aiowps_wp_config_file_button" class="button rbutton" value="<?php _e('Select Your wp-config File', 'all-in-one-wp-security-and-firewall'); ?>" />
459
+ <input name="aiowps_wp_config_file" type="text" id="aiowps_wp_config_file" value="" size="80" />
460
+ <p class="description">
461
+ <?php
462
+ _e('After selecting your file click the button below to restore your site using the backed up wp-config file (wp-config.php.backup.txt).', 'all-in-one-wp-security-and-firewall');
463
+ ?>
464
+ </p>
465
+ </td>
466
+ </tr>
467
+ </table>
468
+ <input type="submit" name="aiowps_restore_wp_config_button" value="<?php _e('Restore wp-config File', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
469
+ </form>
470
+ </div></div>
471
+ <!-- <div class="postbox">-->
472
+ <!-- <h3 class="hndle"><label for="title">--><?php //_e('View Contents of the currently active wp-config.php file', 'all-in-one-wp-security-and-firewall'); ?><!--</label></h3>-->
473
+ <!-- <div class="inside">-->
474
+ <!-- --><?php
475
+ // $wp_config_file = AIOWPSecurity_Utility_File::get_wp_config_file_path();
476
+ // $wp_config_contents = AIOWPSecurity_Utility_File::get_file_contents($wp_config_file);
477
+ // ?>
478
+ <!-- <textarea class="aio_text_area_file_output aio_width_80 aio_spacer_10_tb" rows="20" readonly>--><?php //echo $wp_config_contents; ?><!--</textarea>-->
479
+ <!-- </div></div>-->
480
+
481
+ <?php
482
+ } //End if statement
483
+ }
484
+
485
+ function render_tab4()
486
+ {
487
+ global $aio_wp_security;
488
+ global $aiowps_feature_mgr;
489
+
490
+ if(isset($_POST['aiowps_save_remove_wp_meta_info']))//Do form submission tasks
491
+ {
492
+ $nonce=$_REQUEST['_wpnonce'];
493
+ if (!wp_verify_nonce($nonce, 'aiowpsec-remove-wp-meta-info-nonce'))
494
+ {
495
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed on remove wp meta info options save!",4);
496
+ die("Nonce check failed on remove wp meta info options save!");
497
+ }
498
+ $aio_wp_security->configs->set_value('aiowps_remove_wp_generator_meta_info',isset($_POST["aiowps_remove_wp_generator_meta_info"])?'1':'');
499
+ $aio_wp_security->configs->save_config();
500
+
501
+ //Recalculate points after the feature status/options have been altered
502
+ $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
503
+
504
+ $this->show_msg_settings_updated();
505
+ }
506
+ ?>
507
+ <h2><?php _e('WP Generator Meta Tag & Version Info', 'all-in-one-wp-security-and-firewall')?></h2>
508
+ <div class="aio_blue_box">
509
+ <?php
510
+ echo '<p>'.__('Wordpress generator automatically adds some meta information inside the "head" tags of every page on your site\'s front end. Below is an example of this:', 'all-in-one-wp-security-and-firewall');
511
+ echo '<br /><strong>&lt;meta name="generator" content="WordPress 3.5.1" /&gt;</strong>';
512
+ echo '<br />'.__('The above meta information shows which version of WordPress your site is currently running and thus can help hackers or crawlers scan your site to see if you have an older version of WordPress or one with a known exploit.', 'all-in-one-wp-security-and-firewall').'
513
+ <br /><br />'.__('There are also other ways wordpress reveals version info such as during style and script loading. An example of this is:', 'all-in-one-wp-security-and-firewall').'
514
+ <br /><strong>&lt;link rel="stylesheet" id="jquery-ui-style-css" href="//ajax.googleapis.com/ajax/libs/jqueryui/1.11.0/themes/smoothness/jquery-ui.css?ver=4.5.2" type="text/css" media="all" /&gt;</strong>
515
+ <br /><br />'.__('This feature will allow you to remove the WP generator meta info and other version info from your site\'s pages.', 'all-in-one-wp-security-and-firewall').'
516
+ </p>';
517
+ ?>
518
+ </div>
519
+
520
+ <div class="postbox">
521
+ <h3 class="hndle"><label for="title"><?php _e('WP Generator Meta Info', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
522
+ <div class="inside">
523
+ <?php
524
+ //Display security info badge
525
+ global $aiowps_feature_mgr;
526
+ $aiowps_feature_mgr->output_feature_details_badge("wp-generator-meta-tag");
527
+ ?>
528
+
529
+ <form action="" method="POST">
530
+ <?php wp_nonce_field('aiowpsec-remove-wp-meta-info-nonce'); ?>
531
+ <table class="form-table">
532
+ <tr valign="top">
533
+ <th scope="row"><?php _e('Remove WP Generator Meta Info', 'all-in-one-wp-security-and-firewall')?>:</th>
534
+ <td>
535
+ <input name="aiowps_remove_wp_generator_meta_info" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_remove_wp_generator_meta_info')=='1') echo ' checked="checked"'; ?> value="1"/>
536
+ <span class="description"><?php _e('Check this if you want to remove the version and meta info produced by WP from all pages', 'all-in-one-wp-security-and-firewall'); ?></span>
537
+ </td>
538
+ </tr>
539
+ </table>
540
+ <input type="submit" name="aiowps_save_remove_wp_meta_info" value="<?php _e('Save Settings', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
541
+ </form>
542
+ </div></div>
543
+ <?php
544
+ }
545
+
546
+
547
+ function render_tab5()
548
+ {
549
+ global $aio_wp_security;
550
+
551
+ global $wpdb;
552
+
553
+ $events_table_name = AIOWPSEC_TBL_EVENTS;
554
+ AIOWPSecurity_Utility::cleanup_table($events_table_name, 500);
555
+ if(isset($_POST['aiowps_import_settings']))//Do form submission tasks
556
+ {
557
+ $nonce=$_REQUEST['_wpnonce'];
558
+ if (!wp_verify_nonce($nonce, 'aiowpsec-import-settings-nonce'))
559
+ {
560
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed on import AIOWPS settings!",4);
561
+ die("Nonce check failed on import AIOWPS settings!");
562
+ }
563
+
564
+ if (empty($_POST['aiowps_import_settings_file']) && empty($_POST['aiowps_import_settings_text']))
565
+ {
566
+ $this->show_msg_error(__('Please choose a file to import your settings from.', 'all-in-one-wp-security-and-firewall'));
567
+ }
568
+ else
569
+ {
570
+ if (empty($_POST['aiowps_import_settings_file'])) {
571
+ $import_from = "text";
572
+ } else {
573
+ $import_from = "file";
574
+ }
575
+
576
+ if ($import_from == "file") {
577
+ //Let's get the uploaded import file path
578
+ $submitted_import_file_path = trim($_POST['aiowps_import_settings_file']);
579
+ $attachment_id = AIOWPSecurity_Utility_File::get_attachment_id_from_url($submitted_import_file_path); //we'll need this later for deleting
580
+
581
+ //Verify that file chosen has valid AIOWPS settings contents
582
+ $aiowps_settings_file_contents = $this->check_if_valid_aiowps_settings_file($submitted_import_file_path);
583
+ } else {
584
+ //Get the string right from the textarea. Still confirm it's in the expected format.
585
+ $aiowps_settings_file_contents = $this->check_if_valid_aiowps_settings_text($_POST['aiowps_import_settings_text']);
586
+ }
587
+
588
+ if ($aiowps_settings_file_contents != -1)
589
+ {
590
+ //Apply the settings and delete the file (if applicable)
591
+ $settings_array = json_decode($aiowps_settings_file_contents, true);
592
+ $aiowps_settings_applied = update_option('aio_wp_security_configs', $settings_array);
593
+
594
+ if (!$aiowps_settings_applied)
595
+ {
596
+ //Failed to import settings
597
+ $aio_wp_security->debug_logger->log_debug("Import AIOWPS settings from " . $import_from . " operation failed!",4);
598
+ $this->show_msg_error(__('Import AIOWPS settings from ' . $import_from . ' operation failed!','all-in-one-wp-security-and-firewall'));
599
+
600
+ if ($import_from == "file") {
601
+ //Delete the uploaded settings file for security purposes
602
+ wp_delete_attachment( $attachment_id, true );
603
+ if ( false === wp_delete_attachment( $attachment_id, true ) ){
604
+ $this->show_msg_error(__('The deletion of the import file failed. Please delete this file manually via the media menu for security purposes.', 'all-in-one-wp-security-and-firewall'));
605
+ }else{
606
+ $this->show_msg_updated(__('The file you uploaded was also deleted for security purposes because it contains security settings details.', 'all-in-one-wp-security-and-firewall'));
607
+ }
608
+ }
609
+ }
610
+ else
611
+ {
612
+ $aio_wp_security->configs->configs = $settings_array; //Refresh the configs global variable
613
+
614
+ //Just in case user submits partial config settings
615
+ //Run add_option_values to make sure any missing config items are at least set to default
616
+ AIOWPSecurity_Configure_Settings::add_option_values();
617
+ if ($import_from == "file") {
618
+ //Delete the uploaded settings file for security purposes
619
+ wp_delete_attachment( $attachment_id, true );
620
+ if ( false === wp_delete_attachment( $attachment_id, true ) ){
621
+ $this->show_msg_updated(__('Your AIOWPS settings were successfully imported via file input.', 'all-in-one-wp-security-and-firewall'));
622
+ $this->show_msg_error(__('The deletion of the import file failed. Please delete this file manually via the media menu for security purposes because it contains security settings details.', 'all-in-one-wp-security-and-firewall'));
623
+ }else{
624
+ $this->show_msg_updated(__('Your AIOWPS settings were successfully imported. The file you uploaded was also deleted for security purposes because it contains security settings details.', 'all-in-one-wp-security-and-firewall'));
625
+ }
626
+ } else {
627
+ $this->show_msg_updated(__('Your AIOWPS settings were successfully imported via text entry.', 'all-in-one-wp-security-and-firewall'));
628
+ }
629
+ //Now let's refresh the .htaccess file with any modified rules if applicable
630
+ $res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
631
+
632
+ if( !$res )
633
+ {
634
+ $this->show_msg_error(__('Could not write to the .htaccess file. Please check the file permissions.', 'all-in-one-wp-security-and-firewall'));
635
+ }
636
+ }
637
+ }
638
+ else
639
+ {
640
+ //Invalid settings file
641
+ $aio_wp_security->debug_logger->log_debug("The contents of your settings file appear invalid!",4);
642
+ $this->show_msg_error(__('The contents of your settings file appear invalid. Please check the contents of the file you are trying to import settings from.','all-in-one-wp-security-and-firewall'));
643
+
644
+ if ($import_from == "file") {
645
+ //Let's also delete the uploaded settings file for security purposes
646
+ wp_delete_attachment( $attachment_id, true );
647
+ if ( false === wp_delete_attachment( $attachment_id, true ) ){
648
+ $this->show_msg_error(__('The deletion of the import file failed. Please delete this file manually via the media menu for security purposes.', 'all-in-one-wp-security-and-firewall'));
649
+ }else{
650
+ $this->show_msg_updated(__('The file you uploaded was also deleted for security purposes because it contains security settings details.', 'all-in-one-wp-security-and-firewall'));
651
+ }
652
+ }
653
+
654
+ }
655
+ }
656
+ }
657
+
658
+ ?>
659
+ <h2><?php _e('Export or Import Your AIOWPS Settings', 'all-in-one-wp-security-and-firewall')?></h2>
660
+ <div class="aio_blue_box">
661
+ <?php
662
+ echo '<p>'.__('This section allows you to export or import your All In One WP Security & Firewall settings.', 'all-in-one-wp-security-and-firewall');
663
+ echo '<br />'.__('This can be handy if you wanted to save time by applying the settings from one site to another site.', 'all-in-one-wp-security-and-firewall').'
664
+ <br />'.__('NOTE: Before importing, it is your responsibility to know what settings you are trying to import. Importing settings blindly can cause you to be locked out of your site.', 'all-in-one-wp-security-and-firewall').'
665
+ <br />'.__('For Example: If a settings item relies on the domain URL then it may not work correctly when imported into a site with a different domain.','all-in-one-wp-security-and-firewall').'
666
+ </p>';
667
+ ?>
668
+ </div>
669
+
670
+ <div class="postbox">
671
+ <h3 class="hndle"><label for="title"><?php _e('Export AIOWPS Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
672
+ <div class="inside">
673
+ <form action="" method="POST">
674
+ <?php wp_nonce_field('aiowpsec-export-settings-nonce'); ?>
675
+ <table class="form-table">
676
+ <tr valign="top">
677
+ <span class="description"><?php _e('To export your All In One WP Security & Firewall settings click the button below.', 'all-in-one-wp-security-and-firewall'); ?></span>
678
+ </tr>
679
+ </table>
680
+ <input type="submit" name="aiowps_export_settings" value="<?php _e('Export AIOWPS Settings', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
681
+ </form>
682
+ </div></div>
683
+ <div class="postbox">
684
+ <h3 class="hndle"><label for="title"><?php _e('Import AIOWPS Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
685
+ <div class="inside">
686
+ <form action="" method="POST">
687
+ <?php wp_nonce_field('aiowpsec-import-settings-nonce'); ?>
688
+ <table class="form-table">
689
+ <tr valign="top">
690
+ <span class="description"><?php _e('Use this section to import your All In One WP Security & Firewall settings from a file. Alternatively, copy/paste the contents of your import file into the textarea below.', 'all-in-one-wp-security-and-firewall'); ?></span>
691
+ <th scope="row"><?php _e('Import File', 'all-in-one-wp-security-and-firewall')?>:</th>
692
+ <td>
693
+ <input type="button" id="aiowps_import_settings_file_button" name="aiowps_import_settings_file_button" class="button rbutton" value="<?php _e('Select Your Import Settings File', 'all-in-one-wp-security-and-firewall'); ?>" />
694
+ <input name="aiowps_import_settings_file" type="text" id="aiowps_import_settings_file" value="" size="80" />
695
+ <p class="description">
696
+ <?php
697
+ _e('After selecting your file, click the button below to apply the settings to your site.', 'all-in-one-wp-security-and-firewall');
698
+ ?>
699
+ </p>
700
+ </td>
701
+ </tr>
702
+ <tr valign="top">
703
+ <th scope="row"><?php _e('Copy/Paste Import Data', 'all-in-one-wp-security-and-firewall')?>:</th>
704
+ <td>
705
+ <textarea name="aiowps_import_settings_text" id="aiowps_import_settings_text" style="width:80%;height:140px;"></textarea>
706
+ </td>
707
+ </tr>
708
+ </table>
709
+ <input type="submit" name="aiowps_import_settings" value="<?php _e('Import AIOWPS Settings', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
710
+ </form>
711
+ </div></div>
712
+ <?php
713
+ }
714
+
715
+ function render_tab6()
716
+ {
717
+ global $aio_wp_security;
718
+
719
+ $result = 1;
720
+ if (isset($_POST['aiowps_save_advanced_settings']))
721
+ {
722
+ $nonce=$_REQUEST['_wpnonce'];
723
+ if (!wp_verify_nonce($nonce, 'aiowpsec-ip-settings-nonce'))
724
+ {
725
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed for save advanced settings!",4);
726
+ die(__('Nonce check failed for save advanced settings!','aiowpsecurity'));
727
+ }
728
+
729
+ $aio_wp_security->configs->set_value('aiowps_ip_retrieve_method', sanitize_text_field($_POST["aiowps_ip_retrieve_method"]));
730
+ $aio_wp_security->configs->save_config(); //Save the configuration
731
+
732
+ //Clear logged in list because it might be showing wrong addresses
733
+ if (AIOWPSecurity_Utility::is_multisite_install()){
734
+ delete_site_transient('users_online');
735
+ }
736
+ else{
737
+ delete_transient('users_online');
738
+ }
739
+
740
+ $this->show_msg_settings_updated();
741
+ }
742
+ ?>
743
+ <div class="postbox">
744
+ <h3 class="hndle"><label for="title"><?php _e('IP Retrieval Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
745
+ <div class="inside">
746
+ <div class="aio_blue_box">
747
+ <?php
748
+ echo '<p>'.__('The IP Retrieval Settings allow you to specify which $_SERVER global variable you want this plugin to use to retrieve the visitor IP address.', 'all-in-one-wp-security-and-firewall').
749
+ '<br />'.__('By default this plugin uses the $_SERVER[\'REMOTE_ADDR\'] variable to retrieve the visitor IP address. This should normally be the most accurate safest way to get the IP.', 'all-in-one-wp-security-and-firewall').
750
+ '<br />'.__('However in some setups such as those using proxies, load-balancers and CloudFlare, it may be necessary to use a different $_SERVER variable.', 'all-in-one-wp-security-and-firewall').
751
+ '<br />'.__('You can use the settings below to configure which $_SERVER global you would like to use for retrieving the IP address.', 'all-in-one-wp-security-and-firewall').'</p>';
752
+ ?>
753
+ </div>
754
+
755
+ <form action="" method="POST">
756
+ <?php wp_nonce_field('aiowpsec-ip-settings-nonce'); ?>
757
+ <table class="form-table">
758
+ <tr valign="top">
759
+ <td>
760
+ <select id="aiowps_ip_retrieve_method" name="aiowps_ip_retrieve_method">
761
+ <option value="0" <?php selected( $aio_wp_security->configs->get_value('aiowps_ip_retrieve_method'), '0' ); ?>><?php echo 'REMOTE_ADDR' .' ('.__('Default','all-in-one-wp-security-and-firewall').')'; ?></option>
762
+ <option value="1" <?php selected( $aio_wp_security->configs->get_value('aiowps_ip_retrieve_method'), '1' ); ?>><?php echo 'HTTP_CF_CONNECTING_IP'; ?></option>
763
+ <option value="2" <?php selected( $aio_wp_security->configs->get_value('aiowps_ip_retrieve_method'), '2' ); ?>><?php echo 'HTTP_X_FORWARDED_FOR'; ?></option>
764
+ <option value="3" <?php selected( $aio_wp_security->configs->get_value('aiowps_ip_retrieve_method'), '3' ); ?>><?php echo 'HTTP_X_FORWARDED'; ?></option>
765
+ <option value="4" <?php selected( $aio_wp_security->configs->get_value('aiowps_ip_retrieve_method'), '4' ); ?>><?php echo 'HTTP_CLIENT_IP'; ?></option>
766
+ </select>
767
+ <span class="description"><?php _e('Choose a $_SERVER variable you would like to retrieve the visitor IP address from.', 'all-in-one-wp-security-and-firewall'); ?>
768
+ </span>
769
+ <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
770
+ <div class="aiowps_more_info_body">
771
+ <p class="description">
772
+ <?php
773
+ _e('If your chosen server variable fails the plugin will automatically fall back to retrieving the IP address from $_SERVER["REMOTE_ADDR"]', 'all-in-one-wp-security-and-firewall');
774
+ ?>
775
+ </p>
776
+ </div>
777
+ </td>
778
+ </tr>
779
+ </table>
780
+ <input type="submit" name="aiowps_save_advanced_settings" value="<?php _e('Save Settings', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
781
+ </form>
782
+ </div></div>
783
+ <?php
784
+
785
+ }
786
+
787
+ function check_if_wp_config_contents($wp_file)
788
+ {
789
+ $is_wp_config = false;
790
+
791
+ $file_contents = file($wp_file);
792
+
793
+ if ($file_contents == '' || $file_contents == NULL || $file_contents == false)
794
+ {
795
+ return -1;
796
+ }
797
+ foreach ($file_contents as $line)
798
+ {
799
+ if ((strpos($line, "define('DB_NAME'") !== false))
800
+ {
801
+ $is_wp_config = true; //It appears that we have some sort of wp-config.php file
802
+ break;
803
+ }
804
+ else
805
+ {
806
+ //see if we're at the end of the section
807
+ $is_wp_config = false;
808
+ }
809
+ }
810
+ if ($is_wp_config)
811
+ {
812
+ return 1;
813
+ }
814
+ else
815
+ {
816
+ return -1;
817
+ }
818
+
819
+ }
820
+
821
+ function check_if_valid_aiowps_settings_text($strText) {
822
+ if ($this->check_is_aiopws_settings($strText)) {
823
+ return stripcslashes($strText);
824
+ } else {
825
+ return -1;
826
+ }
827
+ }
828
+
829
+ function check_is_aiopws_settings($strText) {
830
+ if(strpos($strText, 'aiowps_enable_login_lockdown') === FALSE){
831
+ return false;
832
+ } else {
833
+ return true;
834
+ }
835
+ }
836
+
837
+ //Checks if valid aiowps settings file and returns contents as string
838
+ function check_if_valid_aiowps_settings_file($wp_file)
839
+ {
840
+ $is_aiopws_settings = false;
841
+
842
+ $file_contents = file_get_contents($wp_file);
843
+
844
+ if ($file_contents == '' || $file_contents == NULL || $file_contents == false)
845
+ {
846
+ return -1;
847
+ }
848
+
849
+ //Check a known aiowps config strings to see if it is contained within this file
850
+ $is_aiopws_settings = $this->check_is_aiopws_settings($file_contents);
851
+
852
+ if ($is_aiopws_settings)
853
+ {
854
+ return $file_contents;
855
+ }
856
+ else
857
+ {
858
+ return -1;
859
+ }
860
+
861
+ }
862
+
 
 
863
  } //end class
admin/wp-security-spam-menu.php CHANGED
@@ -1,556 +1,556 @@
1
- <?php
2
- if(!defined('ABSPATH')){
3
- exit;//Exit if accessed directly
4
- }
5
-
6
- class AIOWPSecurity_Spam_Menu extends AIOWPSecurity_Admin_Menu
7
- {
8
- var $menu_page_slug = AIOWPSEC_SPAM_MENU_SLUG;
9
-
10
- /* Specify all the tabs of this menu in the following array */
11
- var $menu_tabs;
12
-
13
- var $menu_tabs_handler = array(
14
- 'tab1' => 'render_tab1',
15
- 'tab2' => 'render_tab2',
16
- 'tab3' => 'render_tab3',
17
- 'tab4' => 'render_tab4',
18
- );
19
-
20
- function __construct()
21
- {
22
- $this->render_menu_page();
23
- }
24
-
25
- function set_menu_tabs()
26
- {
27
- $this->menu_tabs = array(
28
- 'tab1' => __('Comment SPAM', 'all-in-one-wp-security-and-firewall'),
29
- 'tab2' => __('Comment SPAM IP Monitoring', 'all-in-one-wp-security-and-firewall'),
30
- 'tab3' => __('BuddyPress', 'all-in-one-wp-security-and-firewall'),
31
- 'tab4' => __('BBPress', 'all-in-one-wp-security-and-firewall'),
32
- );
33
- }
34
-
35
- function get_current_tab()
36
- {
37
- $tab_keys = array_keys($this->menu_tabs);
38
- $tab = isset( $_GET['tab'] ) ? sanitize_text_field($_GET['tab']) : $tab_keys[0];
39
- return $tab;
40
- }
41
-
42
- /*
43
- * Renders our tabs of this menu as nav items
44
- */
45
- function render_menu_tabs()
46
- {
47
- $current_tab = $this->get_current_tab();
48
-
49
- echo '<h2 class="nav-tab-wrapper">';
50
- foreach ( $this->menu_tabs as $tab_key => $tab_caption )
51
- {
52
- $active = $current_tab == $tab_key ? 'nav-tab-active' : '';
53
- echo '<a class="nav-tab ' . $active . '" href="?page=' . $this->menu_page_slug . '&tab=' . $tab_key . '">' . $tab_caption . '</a>';
54
- }
55
- echo '</h2>';
56
- }
57
-
58
- /*
59
- * The menu rendering goes here
60
- */
61
- function render_menu_page()
62
- {
63
- echo '<div class="wrap">';
64
- echo '<h2>'.__('SPAM Prevention','all-in-one-wp-security-and-firewall').'</h2>';//Interface title
65
- $this->set_menu_tabs();
66
- $tab = $this->get_current_tab();
67
- $this->render_menu_tabs();
68
- ?>
69
- <div id="poststuff"><div id="post-body">
70
- <?php
71
- //$tab_keys = array_keys($this->menu_tabs);
72
- call_user_func(array(&$this, $this->menu_tabs_handler[$tab]));
73
- ?>
74
- </div></div>
75
- </div><!-- end of wrap -->
76
- <?php
77
- }
78
-
79
- function render_tab1()
80
- {
81
- global $aiowps_feature_mgr;
82
- global $aio_wp_security;
83
- if(isset($_POST['aiowps_apply_comment_spam_prevention_settings']))//Do form submission tasks
84
- {
85
- $nonce=$_REQUEST['_wpnonce'];
86
- if (!wp_verify_nonce($nonce, 'aiowpsec-comment-spam-settings-nonce'))
87
- {
88
- $aio_wp_security->debug_logger->log_debug("Nonce check failed on save comment spam settings!",4);
89
- die("Nonce check failed on save comment spam settings!");
90
- }
91
-
92
- //Save settings
93
- $random_20_digit_string = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(20); //Generate random 20 char string for use during captcha encode/decode
94
- $aio_wp_security->configs->set_value('aiowps_captcha_secret_key', $random_20_digit_string);
95
-
96
- $aio_wp_security->configs->set_value('aiowps_enable_comment_captcha',isset($_POST["aiowps_enable_comment_captcha"])?'1':'');
97
- $aio_wp_security->configs->set_value('aiowps_enable_spambot_blocking',isset($_POST["aiowps_enable_spambot_blocking"])?'1':'');
98
-
99
- //Commit the config settings
100
- $aio_wp_security->configs->save_config();
101
-
102
- //Recalculate points after the feature status/options have been altered
103
- $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
104
-
105
- //Now let's write the applicable rules to the .htaccess file
106
- $res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
107
-
108
- if ($res)
109
- {
110
- $this->show_msg_updated(__('Settings were successfully saved', 'all-in-one-wp-security-and-firewall'));
111
- }
112
- else
113
- {
114
- $this->show_msg_error(__('Could not write to the .htaccess file. Please check the file permissions.', 'all-in-one-wp-security-and-firewall'));
115
- }
116
- }
117
-
118
- ?>
119
- <h2><?php _e('Comment SPAM Settings', 'all-in-one-wp-security-and-firewall')?></h2>
120
- <form action="" method="POST">
121
- <?php wp_nonce_field('aiowpsec-comment-spam-settings-nonce'); ?>
122
-
123
- <div class="postbox">
124
- <h3 class="hndle"><label for="title"><?php _e('Add Captcha To Comments Form', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
125
- <div class="inside">
126
- <div class="aio_blue_box">
127
- <?php
128
- echo '<p>'.__('This feature will add a captcha field in the WordPress comments form.', 'all-in-one-wp-security-and-firewall').
129
- '<br />'.__('Adding a captcha field in the comment form is a simple way of greatly reducing SPAM comments from bots without using .htaccess rules.', 'all-in-one-wp-security-and-firewall').'</p>';
130
- ?>
131
- </div>
132
- <?php
133
- //Display security info badge
134
- $aiowps_feature_mgr->output_feature_details_badge("comment-form-captcha");
135
- ?>
136
- <table class="form-table">
137
- <tr valign="top">
138
- <th scope="row"><?php _e('Enable Captcha On Comment Forms', 'all-in-one-wp-security-and-firewall')?>:</th>
139
- <td>
140
- <input name="aiowps_enable_comment_captcha" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_comment_captcha')=='1') echo ' checked="checked"'; ?> value="1"/>
141
- <span class="description"><?php _e('Check this if you want to insert a captcha field on the comment forms', 'all-in-one-wp-security-and-firewall'); ?></span>
142
- </td>
143
- </tr>
144
- </table>
145
- </div></div>
146
-
147
- <div class="postbox">
148
- <h3 class="hndle"><label for="title"><?php _e('Block Spambot Comments', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
149
- <div class="inside">
150
- <div class="aio_blue_box">
151
- <?php
152
- echo '<p>'.__('A large portion of WordPress blog comment SPAM is mainly produced by automated bots and not necessarily by humans. ', 'all-in-one-wp-security-and-firewall').
153
- '<br />'.__('This feature will greatly minimize the useless and unecessary traffic and load on your server resulting from SPAM comments by blocking all comment requests which do not originate from your domain.', 'all-in-one-wp-security-and-firewall').
154
- '<br />'.__('In other words, if the comment was not submitted by a human who physically submitted the comment on your site, the request will be blocked.', 'all-in-one-wp-security-and-firewall').'</p>';
155
- ?>
156
- </div>
157
- <?php
158
- //Display security info badge
159
- $aiowps_feature_mgr->output_feature_details_badge("block-spambots");
160
- $blog_id = get_current_blog_id();
161
- if (AIOWPSecurity_Utility::is_multisite_install() && !is_main_site( $blog_id ))
162
- {
163
- //Hide config settings if MS and not main site
164
- AIOWPSecurity_Utility::display_multisite_message();
165
- }
166
- else
167
- {
168
- ?>
169
- <table class="form-table">
170
- <tr valign="top">
171
- <th scope="row"><?php _e('Block Spambots From Posting Comments', 'all-in-one-wp-security-and-firewall')?>:</th>
172
- <td>
173
- <input name="aiowps_enable_spambot_blocking" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_spambot_blocking')=='1') echo ' checked="checked"'; ?> value="1"/>
174
- <span class="description"><?php _e('Check this if you want to apply a firewall rule which will block comments originating from spambots.', 'all-in-one-wp-security-and-firewall'); ?></span>
175
- <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
176
- <div class="aiowps_more_info_body">
177
- <?php
178
- echo '<p class="description">'.__('This feature will implement a firewall rule to block all comment attempts which do not originate from your domain.', 'all-in-one-wp-security-and-firewall').'</p>';
179
- echo '<p class="description">'.__('A legitimate comment is one which is submitted by a human who physically fills out the comment form and clicks the submit button. For such events, the HTTP_REFERRER is always set to your own domain.', 'all-in-one-wp-security-and-firewall').'</p>';
180
- echo '<p class="description">'.__('A comment submitted by a spambot is done by directly calling the comments.php file, which usually means that the HTTP_REFERRER value is not your domain and often times empty.', 'all-in-one-wp-security-and-firewall').'</p>';
181
- echo '<p class="description">'.__('This feature will check and block comment requests which are not referred by your domain thus greatly reducing your overall blog SPAM and PHP requests done by the server to process these comments.', 'all-in-one-wp-security-and-firewall').'</p>';
182
- ?>
183
- </div>
184
- </td>
185
- </tr>
186
- </table>
187
- <?php } //End if statement ?>
188
- </div></div>
189
-
190
- <input type="submit" name="aiowps_apply_comment_spam_prevention_settings" value="<?php _e('Save Settings', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
191
- </form>
192
- <?php
193
- }
194
-
195
- function render_tab2()
196
- {
197
- global $aio_wp_security;
198
- global $aiowps_feature_mgr;
199
- include_once 'wp-security-list-comment-spammer-ip.php'; //For rendering the AIOWPSecurity_List_Table in tab2
200
- $spammer_ip_list = new AIOWPSecurity_List_Comment_Spammer_IP();
201
-
202
- //Do form submission tasks for auto block spam IP
203
- if(isset($_POST['aiowps_auto_spam_block']))
204
- {
205
- $error = '';
206
- $nonce=$_REQUEST['_wpnonce'];
207
- if (!wp_verify_nonce($nonce, 'aiowpsec-auto-block-spam-ip-nonce'))
208
- {
209
- $aio_wp_security->debug_logger->log_debug("Nonce check failed on auto block SPAM IPs options save!",4);
210
- die("Nonce check failed on auto block SPAM IPs options save!");
211
- }
212
-
213
- $spam_ip_min_comments = sanitize_text_field($_POST['aiowps_spam_ip_min_comments_block']);
214
- if(!is_numeric($spam_ip_min_comments))
215
- {
216
- $error .= '<br />'.__('You entered a non numeric value for the minimum number of spam comments field. It has been set to the default value.','all-in-one-wp-security-and-firewall');
217
- $spam_ip_min_comments = '3';//Set it to the default value for this field
218
- }elseif(empty($spam_ip_min_comments)){
219
- $error .= '<br />'.__('You must enter an integer greater than zero for minimum number of spam comments field. It has been set to the default value.','all-in-one-wp-security-and-firewall');
220
- $spam_ip_min_comments = '3';//Set it to the default value for this field
221
-
222
- }
223
-
224
- if($error)
225
- {
226
- $this->show_msg_error(__('Attention!','all-in-one-wp-security-and-firewall').$error);
227
- }
228
-
229
- //Save all the form values to the options
230
- $aio_wp_security->configs->set_value('aiowps_enable_autoblock_spam_ip',isset($_POST["aiowps_enable_autoblock_spam_ip"])?'1':'');
231
- $aio_wp_security->configs->set_value('aiowps_spam_ip_min_comments_block',absint($spam_ip_min_comments));
232
- $aio_wp_security->configs->save_config();
233
-
234
- //Recalculate points after the feature status/options have been altered
235
- $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
236
-
237
- $this->show_msg_settings_updated();
238
- }
239
-
240
-
241
- if (isset($_POST['aiowps_ip_spam_comment_search']))
242
- {
243
- $error = '';
244
- $nonce=$_REQUEST['_wpnonce'];
245
- if (!wp_verify_nonce($nonce, 'aiowpsec-spammer-ip-list-nonce'))
246
- {
247
- $aio_wp_security->debug_logger->log_debug("Nonce check failed for list SPAM comment IPs!",4);
248
- die(__('Nonce check failed for list SPAM comment IPs!','all-in-one-wp-security-and-firewall'));
249
- }
250
-
251
- $min_comments_per_ip = sanitize_text_field($_POST['aiowps_spam_ip_min_comments']);
252
- if(!is_numeric($min_comments_per_ip))
253
- {
254
- $error .= '<br />'.__('You entered a non numeric value for the minimum SPAM comments per IP field. It has been set to the default value.','all-in-one-wp-security-and-firewall');
255
- $min_comments_per_ip = '5';//Set it to the default value for this field
256
- }
257
-
258
- if($error)
259
- {
260
- $this->show_msg_error(__('Attention!','all-in-one-wp-security-and-firewall').$error);
261
- }
262
-
263
- //Save all the form values to the options
264
- $aio_wp_security->configs->set_value('aiowps_spam_ip_min_comments',absint($min_comments_per_ip));
265
- $aio_wp_security->configs->save_config();
266
- $info_msg_string = sprintf( __('Displaying results for IP addresses which have posted a minimum of %s SPAM comments', 'all-in-one-wp-security-and-firewall'), $min_comments_per_ip);
267
- $this->show_msg_updated($info_msg_string);
268
-
269
- }
270
-
271
- if(isset($_REQUEST['action'])) //Do list table form row action tasks
272
- {
273
- if($_REQUEST['action'] == 'block_spammer_ip')
274
- { //The "block" link was clicked for a row in the list table
275
- $spammer_ip_list->block_spammer_ip_records(strip_tags($_REQUEST['spammer_ip']));
276
- }
277
- }
278
-
279
- ?>
280
- <div class="postbox">
281
- <h3 class="hndle"><label for="title"><?php _e('Auto Block SPAMMER IPs', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
282
- <div class="inside">
283
- <?php
284
- if($aio_wp_security->configs->get_value('aiowps_enable_autoblock_spam_ip')=='1' && !class_exists('Akismet')){
285
- $akismet_link = '<a href="https://wordpress.org/plugins/akismet/" target="_blank">Akismet</a>';
286
- $info_msg = sprintf( __('This feature has detected that %s is not active. It is highly recommended that you activate the Akismet plugin to make the most of this feature.', 'all-in-one-wp-security-and-firewall'), $akismet_link);
287
-
288
- echo '<div class="aio_orange_box" id="message"><p><strong>'.$info_msg.'</strong></p></div>';
289
- }
290
-
291
- ?>
292
- <form action="" method="POST">
293
- <div class="aio_blue_box">
294
- <?php
295
- echo '<p>'.__('This feature allows you to automatically and permanently block IP addresses which have exceeded a certain number of comments labelled as SPAM.', 'all-in-one-wp-security-and-firewall').'</p>'.
296
- '<p>'.__('Comments are usually labelled as SPAM either by the Akismet plugin or manually by the WP administrator when they mark a comment as "spam" from the WordPress Comments menu.', 'all-in-one-wp-security-and-firewall').'</p>'.
297
- '<p><strong>'.__('NOTE: This feature does NOT use the .htaccess file to permanently block the IP addresses so it should be compatible with all web servers running WordPress.', 'all-in-one-wp-security-and-firewall').'</strong></p>';
298
- ?>
299
- </div>
300
- <?php
301
- $min_block_comments = $aio_wp_security->configs->get_value('aiowps_spam_ip_min_comments_block');
302
- if(!empty($min_block_comments)){
303
- global $wpdb;
304
- $sql = $wpdb->prepare('SELECT * FROM '.AIOWPSEC_TBL_PERM_BLOCK.' WHERE block_reason=%s', 'spam');
305
- $total_res = $wpdb->get_results($sql);
306
- ?>
307
- <div class="aio_yellow_box">
308
- <?php
309
- if(empty($total_res)){
310
- echo '<p><strong>'.__('You currently have no IP addresses permanently blocked due to SPAM.', 'all-in-one-wp-security-and-firewall').'</strong></p>';
311
- }else{
312
- $total_count = count($total_res);
313
- $todays_blocked_count = 0;
314
- foreach($total_res as $blocked_item){
315
- $now = current_time( 'mysql' );
316
- $now_date_time = new DateTime($now);
317
- $blocked_date = new DateTime($blocked_item->blocked_date);
318
- if($blocked_date->format('Y-m-d') == $now_date_time->format('Y-m-d')) {
319
- //there was an IP added to permanent block list today
320
- ++$todays_blocked_count;
321
- }
322
- }
323
- echo '<p><strong>'.__('Spammer IPs Added To Permanent Block List Today: ', 'all-in-one-wp-security-and-firewall').$todays_blocked_count.'</strong></p>'.
324
- '<hr><p><strong>'.__('All Time Total: ', 'all-in-one-wp-security-and-firewall').$total_count.'</strong></p>'.
325
- '<p><a class="button" href="admin.php?page='.AIOWPSEC_MAIN_MENU_SLUG.'&tab=tab4" target="_blank">'.__('View Blocked IPs','all-in-one-wp-security-and-firewall').'</a></p>';
326
- }
327
- ?>
328
- </div>
329
-
330
- <?php
331
- }
332
- //Display security info badge
333
- //$aiowps_feature_mgr->output_feature_details_badge("auto-block-spam-ip");
334
- ?>
335
- <?php wp_nonce_field('aiowpsec-auto-block-spam-ip-nonce'); ?>
336
- <table class="form-table">
337
- <tr valign="top">
338
- <th scope="row"><?php _e('Enable Auto Block of SPAM Comment IPs', 'all-in-one-wp-security-and-firewall')?>:</th>
339
- <td>
340
- <input name="aiowps_enable_autoblock_spam_ip" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_autoblock_spam_ip')=='1') echo ' checked="checked"'; ?> value="1"/>
341
- <span class="description"><?php _e('Check this box if you want this plugin to automatically block IP addresses which submit SPAM comments.', 'all-in-one-wp-security-and-firewall'); ?></span>
342
- </td>
343
- </tr>
344
- <tr valign="top">
345
- <th scope="row"><?php _e('Minimum number of SPAM comments', 'all-in-one-wp-security-and-firewall')?>:</th>
346
- <td><input type="text" size="5" name="aiowps_spam_ip_min_comments_block" value="<?php echo $aio_wp_security->configs->get_value('aiowps_spam_ip_min_comments_block'); ?>" />
347
- <span class="description"><?php _e('Specify the minimum number of SPAM comments for an IP address before it is permanently blocked.', 'all-in-one-wp-security-and-firewall');?></span>
348
- <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
349
- <div class="aiowps_more_info_body">
350
- <?php
351
- echo '<p class="description">'.__('Example 1: Setting this value to "1" will block ALL IP addresses which were used to submit at least one SPAM comment.', 'all-in-one-wp-security-and-firewall').'</p>';
352
- echo '<p class="description">'.__('Example 2: Setting this value to "5" will block only those IP addresses which were used to submit 5 SPAM comments or more on your site.', 'all-in-one-wp-security-and-firewall').'</p>';
353
- ?>
354
- </div>
355
- </td>
356
- </tr>
357
- <!-- <tr valign="top">-->
358
- <!-- <th scope="row">--><?php //_e('Run Now', 'all-in-one-wp-security-and-firewall')?><!--:</th>-->
359
- <!-- <td><input type="submit" name="aiowps_auto_spam_block_run" value="--><?php //_e('Run SPAM IP Blocking Now', 'all-in-one-wp-security-and-firewall')?><!--" class="button-secondary" />-->
360
- <!-- <span class="description">--><?php //_e('This feature normally runs automatically whenever a comment is submitted but you can run it manually by clicking this button. (useful for older comments)', 'all-in-one-wp-security-and-firewall');?><!--</span>-->
361
- <!-- </td>-->
362
- <!-- </tr>-->
363
-
364
- </table>
365
- <input type="submit" name="aiowps_auto_spam_block" value="<?php _e('Save Settings', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
366
- </form>
367
- </div></div>
368
-
369
- <div class="postbox">
370
- <h3 class="hndle"><label for="title"><?php _e('List SPAMMER IP Addresses', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
371
- <div class="inside">
372
- <div class="aio_blue_box">
373
- <?php
374
- echo '<p>'.__('This section displays a list of the IP addresses of the people or bots who have left SPAM comments on your site.', 'all-in-one-wp-security-and-firewall').'
375
- <br />'.__('This information can be handy for identifying the most persistent IP addresses or ranges used by spammers.', 'all-in-one-wp-security-and-firewall').'
376
- <br />'.__('By inspecting the IP address data coming from spammers you will be in a better position to determine which addresses or address ranges you should block by adding them to the permanent block list.', 'all-in-one-wp-security-and-firewall').'
377
- <br />'.__('To add one or more of the IP addresses displayed in the table below to your blacklist, simply click the "Block" link for the individual row or select more than one address
378
- using the checkboxes and then choose the "block" option from the Bulk Actions dropdown list and click the "Apply" button.', 'all-in-one-wp-security-and-firewall').'
379
- </p>';
380
- ?>
381
- </div>
382
-
383
- <form action="" method="POST">
384
- <?php wp_nonce_field('aiowpsec-spammer-ip-list-nonce'); ?>
385
- <table class="form-table">
386
- <tr valign="top">
387
- <th scope="row"><?php _e('Minimum number of SPAM comments per IP', 'all-in-one-wp-security-and-firewall')?>:</th>
388
- <td><input type="text" size="5" name="aiowps_spam_ip_min_comments" value="<?php echo $aio_wp_security->configs->get_value('aiowps_spam_ip_min_comments'); ?>" />
389
- <span class="description"><?php _e('This field allows you to list only those IP addresses which have been used to post X or more SPAM comments.', 'all-in-one-wp-security-and-firewall');?></span>
390
- <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
391
- <div class="aiowps_more_info_body">
392
- <?php
393
- echo '<p class="description">'.__('Example 1: Setting this value to "0" or "1" will list ALL IP addresses which were used to submit SPAM comments.', 'all-in-one-wp-security-and-firewall').'</p>';
394
- echo '<p class="description">'.__('Example 2: Setting this value to "5" will list only those IP addresses which were used to submit 5 SPAM comments or more on your site.', 'all-in-one-wp-security-and-firewall').'</p>';
395
- ?>
396
- </div>
397
-
398
- </td>
399
- </tr>
400
- </table>
401
- <input type="submit" name="aiowps_ip_spam_comment_search" value="<?php _e('Find IP Addresses', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
402
- </form>
403
- </div></div>
404
- <div class="postbox">
405
- <h3 class="hndle"><label for="title"><?php _e('SPAMMER IP Address Results', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
406
- <div class="inside">
407
- <?php
408
- if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1)
409
- {
410
- echo '<div class="aio_yellow_box">';
411
- echo '<p>'.__('The plugin has detected that you are using a Multi-Site WordPress installation.', 'all-in-one-wp-security-and-firewall').'</p>
412
- <p>'.__('Only the "superadmin" can block IP addresses from the main site.', 'all-in-one-wp-security-and-firewall').'</p>
413
- <p>'.__('Take note of the IP addresses you want blocked and ask the superadmin to add these to the blacklist using the "Blacklist Manager" on the main site.', 'all-in-one-wp-security-and-firewall').'</p>';
414
- echo '</div>';
415
- }
416
- //Fetch, prepare, sort, and filter our data...
417
- $spammer_ip_list->prepare_items();
418
- //echo "put table of locked entries here";
419
- ?>
420
- <form id="tables-filter" method="get" onSubmit="return confirm('Are you sure you want to perform this bulk operation on the selected entries?');">
421
- <!-- For plugins, we also need to ensure that the form posts back to our current page -->
422
- <input type="hidden" name="page" value="<?php echo esc_attr($_REQUEST['page']); ?>" />
423
- <input type="hidden" name="tab" value="<?php echo esc_attr($_REQUEST['tab']); ?>" />
424
- <!-- Now we can render the completed list table -->
425
- <?php $spammer_ip_list->display(); ?>
426
- </form>
427
- </div></div>
428
- <?php
429
- }
430
-
431
-
432
- function render_tab3()
433
- {
434
- global $aiowps_feature_mgr;
435
- global $aio_wp_security;
436
- if(isset($_POST['aiowps_save_bp_spam_settings']))//Do form submission tasks
437
- {
438
- $nonce=$_REQUEST['_wpnonce'];
439
- if (!wp_verify_nonce($nonce, 'aiowpsec-bp-spam-settings-nonce'))
440
- {
441
- $aio_wp_security->debug_logger->log_debug("Nonce check failed on save comment spam settings!",4);
442
- die("Nonce check failed on save comment spam settings!");
443
- }
444
-
445
- //Save settings
446
- $aio_wp_security->configs->set_value('aiowps_enable_bp_register_captcha',isset($_POST["aiowps_enable_bp_register_captcha"])?'1':'');
447
-
448
- //Commit the config settings
449
- $aio_wp_security->configs->save_config();
450
-
451
- //Recalculate points after the feature status/options have been altered
452
- $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
453
-
454
- $this->show_msg_updated(__('Settings were successfully saved', 'all-in-one-wp-security-and-firewall'));
455
- }
456
-
457
- ?>
458
- <h2><?php _e('BuddyPress SPAM Settings', 'all-in-one-wp-security-and-firewall')?></h2>
459
- <form action="" method="POST">
460
- <?php wp_nonce_field('aiowpsec-bp-spam-settings-nonce'); ?>
461
-
462
- <div class="postbox">
463
- <h3 class="hndle"><label for="title"><?php _e('Add Captcha To BuddyPress Registration Form', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
464
- <div class="inside">
465
- <div class="aio_blue_box">
466
- <?php
467
- echo '<p>'.__('This feature will add a simple math captcha field in the BuddyPress registration form.', 'all-in-one-wp-security-and-firewall').
468
- '<br />'.__('Adding a captcha field in the registration form is a simple way of greatly reducing SPAM signups from bots without using .htaccess rules.', 'all-in-one-wp-security-and-firewall').'</p>';
469
- ?>
470
- </div>
471
- <?php
472
- if (defined('BP_VERSION')){
473
- //Display security info badge
474
- $aiowps_feature_mgr->output_feature_details_badge("bp-register-captcha");
475
- ?>
476
- <table class="form-table">
477
- <tr valign="top">
478
- <th scope="row"><?php _e('Enable Captcha On BuddyPress Registration Form', 'all-in-one-wp-security-and-firewall')?>:</th>
479
- <td>
480
- <input name="aiowps_enable_bp_register_captcha" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_bp_register_captcha')=='1') echo ' checked="checked"'; ?> value="1"/>
481
- <span class="description"><?php _e('Check this if you want to insert a captcha field on the BuddyPress registration forms', 'all-in-one-wp-security-and-firewall'); ?></span>
482
- </td>
483
- </tr>
484
- </table>
485
- </div></div>
486
- <input type="submit" name="aiowps_save_bp_spam_settings" value="<?php _e('Save Settings', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
487
- </form>
488
- <?php
489
- }else{
490
- $this->show_msg_error(__('BuddyPress is not active! In order to use this feature you will need to have BuddyPress installed and activated.', 'all-in-one-wp-security-and-firewall'));
491
- }
492
- }
493
-
494
- function render_tab4()
495
- {
496
- global $aiowps_feature_mgr;
497
- global $aio_wp_security;
498
- if(isset($_POST['aiowps_save_bbp_spam_settings']))//Do form submission tasks
499
- {
500
- $nonce=$_REQUEST['_wpnonce'];
501
- if (!wp_verify_nonce($nonce, 'aiowpsec-bbp-spam-settings-nonce'))
502
- {
503
- $aio_wp_security->debug_logger->log_debug("Nonce check failed on save bbp spam settings!",4);
504
- die("Nonce check failed on save bbpress spam settings!");
505
- }
506
-
507
- //Save settings
508
- $aio_wp_security->configs->set_value('aiowps_enable_bbp_new_topic_captcha',isset($_POST["aiowps_enable_bbp_new_topic_captcha"])?'1':'');
509
-
510
- //Commit the config settings
511
- $aio_wp_security->configs->save_config();
512
-
513
- //Recalculate points after the feature status/options have been altered
514
- $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
515
-
516
- $this->show_msg_updated(__('Settings were successfully saved', 'all-in-one-wp-security-and-firewall'));
517
- }
518
-
519
- ?>
520
- <h2><?php _e('BBPress SPAM Settings', 'all-in-one-wp-security-and-firewall')?></h2>
521
- <form action="" method="POST">
522
- <?php wp_nonce_field('aiowpsec-bbp-spam-settings-nonce'); ?>
523
-
524
- <div class="postbox">
525
- <h3 class="hndle"><label for="title"><?php _e('Add Captcha To BBPress New Topic Form', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
526
- <div class="inside">
527
- <div class="aio_blue_box">
528
- <?php
529
- echo '<p>'.__('This feature will add a simple math captcha field in the BBPress new topic form.', 'all-in-one-wp-security-and-firewall').
530
- '<br />'.__('Adding a captcha field in this form is a simple way of greatly reducing SPAM submitted from bots.', 'all-in-one-wp-security-and-firewall').'</p>';
531
- ?>
532
- </div>
533
- <?php
534
- if (class_exists( 'bbPress' )){
535
- //Display security info badge
536
- $aiowps_feature_mgr->output_feature_details_badge("bbp-new-topic-captcha");
537
- ?>
538
- <table class="form-table">
539
- <tr valign="top">
540
- <th scope="row"><?php _e('Enable Captcha On BBPress New Topic Form', 'all-in-one-wp-security-and-firewall')?>:</th>
541
- <td>
542
- <input name="aiowps_enable_bbp_new_topic_captcha" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_bbp_new_topic_captcha')=='1') echo ' checked="checked"'; ?> value="1"/>
543
- <span class="description"><?php _e('Check this if you want to insert a captcha field on the BBPress new topic forms', 'all-in-one-wp-security-and-firewall'); ?></span>
544
- </td>
545
- </tr>
546
- </table>
547
- </div></div>
548
- <input type="submit" name="aiowps_save_bbp_spam_settings" value="<?php _e('Save Settings', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
549
- </form>
550
- <?php
551
- }else{
552
- $this->show_msg_error(__('BBPress is not active! In order to use this feature you will need to have BBPress installed and activated.', 'all-in-one-wp-security-and-firewall'));
553
- }
554
- }
555
-
556
  } //end class
1
+ <?php
2
+ if(!defined('ABSPATH')){
3
+ exit;//Exit if accessed directly
4
+ }
5
+
6
+ class AIOWPSecurity_Spam_Menu extends AIOWPSecurity_Admin_Menu
7
+ {
8
+ var $menu_page_slug = AIOWPSEC_SPAM_MENU_SLUG;
9
+
10
+ /* Specify all the tabs of this menu in the following array */
11
+ var $menu_tabs;
12
+
13
+ var $menu_tabs_handler = array(
14
+ 'tab1' => 'render_tab1',
15
+ 'tab2' => 'render_tab2',
16
+ 'tab3' => 'render_tab3',
17
+ 'tab4' => 'render_tab4',
18
+ );
19
+
20
+ function __construct()
21
+ {
22
+ $this->render_menu_page();
23
+ }
24
+
25
+ function set_menu_tabs()
26
+ {
27
+ $this->menu_tabs = array(
28
+ 'tab1' => __('Comment SPAM', 'all-in-one-wp-security-and-firewall'),
29
+ 'tab2' => __('Comment SPAM IP Monitoring', 'all-in-one-wp-security-and-firewall'),
30
+ 'tab3' => __('BuddyPress', 'all-in-one-wp-security-and-firewall'),
31
+ 'tab4' => __('BBPress', 'all-in-one-wp-security-and-firewall'),
32
+ );
33
+ }
34
+
35
+ function get_current_tab()
36
+ {
37
+ $tab_keys = array_keys($this->menu_tabs);
38
+ $tab = isset( $_GET['tab'] ) ? sanitize_text_field($_GET['tab']) : $tab_keys[0];
39
+ return $tab;
40
+ }
41
+
42
+ /*
43
+ * Renders our tabs of this menu as nav items
44
+ */
45
+ function render_menu_tabs()
46
+ {
47
+ $current_tab = $this->get_current_tab();
48
+
49
+ echo '<h2 class="nav-tab-wrapper">';
50
+ foreach ( $this->menu_tabs as $tab_key => $tab_caption )
51
+ {
52
+ $active = $current_tab == $tab_key ? 'nav-tab-active' : '';
53
+ echo '<a class="nav-tab ' . $active . '" href="?page=' . $this->menu_page_slug . '&tab=' . $tab_key . '">' . $tab_caption . '</a>';
54
+ }
55
+ echo '</h2>';
56
+ }
57
+
58
+ /*
59
+ * The menu rendering goes here
60
+ */
61
+ function render_menu_page()
62
+ {
63
+ echo '<div class="wrap">';
64
+ echo '<h2>'.__('SPAM Prevention','all-in-one-wp-security-and-firewall').'</h2>';//Interface title
65
+ $this->set_menu_tabs();
66
+ $tab = $this->get_current_tab();
67
+ $this->render_menu_tabs();
68
+ ?>
69
+ <div id="poststuff"><div id="post-body">
70
+ <?php
71
+ //$tab_keys = array_keys($this->menu_tabs);
72
+ call_user_func(array($this, $this->menu_tabs_handler[$tab]));
73
+ ?>
74
+ </div></div>
75
+ </div><!-- end of wrap -->
76
+ <?php
77
+ }
78
+
79
+ function render_tab1()
80
+ {
81
+ global $aiowps_feature_mgr;
82
+ global $aio_wp_security;
83
+ if(isset($_POST['aiowps_apply_comment_spam_prevention_settings']))//Do form submission tasks
84
+ {
85
+ $nonce=$_REQUEST['_wpnonce'];
86
+ if (!wp_verify_nonce($nonce, 'aiowpsec-comment-spam-settings-nonce'))
87
+ {
88
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed on save comment spam settings!",4);
89
+ die("Nonce check failed on save comment spam settings!");
90
+ }
91
+
92
+ //Save settings
93
+ $random_20_digit_string = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(20); //Generate random 20 char string for use during captcha encode/decode
94
+ $aio_wp_security->configs->set_value('aiowps_captcha_secret_key', $random_20_digit_string);
95
+
96
+ $aio_wp_security->configs->set_value('aiowps_enable_comment_captcha',isset($_POST["aiowps_enable_comment_captcha"])?'1':'');
97
+ $aio_wp_security->configs->set_value('aiowps_enable_spambot_blocking',isset($_POST["aiowps_enable_spambot_blocking"])?'1':'');
98
+
99
+ //Commit the config settings
100
+ $aio_wp_security->configs->save_config();
101
+
102
+ //Recalculate points after the feature status/options have been altered
103
+ $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
104
+
105
+ //Now let's write the applicable rules to the .htaccess file
106
+ $res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
107
+
108
+ if ($res)
109
+ {
110
+ $this->show_msg_updated(__('Settings were successfully saved', 'all-in-one-wp-security-and-firewall'));
111
+ }
112
+ else
113
+ {
114
+ $this->show_msg_error(__('Could not write to the .htaccess file. Please check the file permissions.', 'all-in-one-wp-security-and-firewall'));
115
+ }
116
+ }
117
+
118
+ ?>
119
+ <h2><?php _e('Comment SPAM Settings', 'all-in-one-wp-security-and-firewall')?></h2>
120
+ <form action="" method="POST">
121
+ <?php wp_nonce_field('aiowpsec-comment-spam-settings-nonce'); ?>
122
+
123
+ <div class="postbox">
124
+ <h3 class="hndle"><label for="title"><?php _e('Add Captcha To Comments Form', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
125
+ <div class="inside">
126
+ <div class="aio_blue_box">
127
+ <?php
128
+ echo '<p>'.__('This feature will add a captcha field in the WordPress comments form.', 'all-in-one-wp-security-and-firewall').
129
+ '<br />'.__('Adding a captcha field in the comment form is a simple way of greatly reducing SPAM comments from bots without using .htaccess rules.', 'all-in-one-wp-security-and-firewall').'</p>';
130
+ ?>
131
+ </div>
132
+ <?php
133
+ //Display security info badge
134
+ $aiowps_feature_mgr->output_feature_details_badge("comment-form-captcha");
135
+ ?>
136
+ <table class="form-table">
137
+ <tr valign="top">
138
+ <th scope="row"><?php _e('Enable Captcha On Comment Forms', 'all-in-one-wp-security-and-firewall')?>:</th>
139
+ <td>
140
+ <input name="aiowps_enable_comment_captcha" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_comment_captcha')=='1') echo ' checked="checked"'; ?> value="1"/>
141
+ <span class="description"><?php _e('Check this if you want to insert a captcha field on the comment forms', 'all-in-one-wp-security-and-firewall'); ?></span>
142
+ </td>
143
+ </tr>
144
+ </table>
145
+ </div></div>
146
+
147
+ <div class="postbox">
148
+ <h3 class="hndle"><label for="title"><?php _e('Block Spambot Comments', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
149
+ <div class="inside">
150
+ <div class="aio_blue_box">
151
+ <?php
152
+ echo '<p>'.__('A large portion of WordPress blog comment SPAM is mainly produced by automated bots and not necessarily by humans. ', 'all-in-one-wp-security-and-firewall').
153
+ '<br />'.__('This feature will greatly minimize the useless and unecessary traffic and load on your server resulting from SPAM comments by blocking all comment requests which do not originate from your domain.', 'all-in-one-wp-security-and-firewall').
154
+ '<br />'.__('In other words, if the comment was not submitted by a human who physically submitted the comment on your site, the request will be blocked.', 'all-in-one-wp-security-and-firewall').'</p>';
155
+ ?>
156
+ </div>
157
+ <?php
158
+ //Display security info badge
159
+ $aiowps_feature_mgr->output_feature_details_badge("block-spambots");
160
+ $blog_id = get_current_blog_id();
161
+ if (AIOWPSecurity_Utility::is_multisite_install() && !is_main_site( $blog_id ))
162
+ {
163
+ //Hide config settings if MS and not main site
164
+ AIOWPSecurity_Utility::display_multisite_message();
165
+ }
166
+ else
167
+ {
168
+ ?>
169
+ <table class="form-table">
170
+ <tr valign="top">
171
+ <th scope="row"><?php _e('Block Spambots From Posting Comments', 'all-in-one-wp-security-and-firewall')?>:</th>
172
+ <td>
173
+ <input name="aiowps_enable_spambot_blocking" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_spambot_blocking')=='1') echo ' checked="checked"'; ?> value="1"/>
174
+ <span class="description"><?php _e('Check this if you want to apply a firewall rule which will block comments originating from spambots.', 'all-in-one-wp-security-and-firewall'); ?></span>
175
+ <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
176
+ <div class="aiowps_more_info_body">
177
+ <?php
178
+ echo '<p class="description">'.__('This feature will implement a firewall rule to block all comment attempts which do not originate from your domain.', 'all-in-one-wp-security-and-firewall').'</p>';
179
+ echo '<p class="description">'.__('A legitimate comment is one which is submitted by a human who physically fills out the comment form and clicks the submit button. For such events, the HTTP_REFERRER is always set to your own domain.', 'all-in-one-wp-security-and-firewall').'</p>';
180
+ echo '<p class="description">'.__('A comment submitted by a spambot is done by directly calling the comments.php file, which usually means that the HTTP_REFERRER value is not your domain and often times empty.', 'all-in-one-wp-security-and-firewall').'</p>';
181
+ echo '<p class="description">'.__('This feature will check and block comment requests which are not referred by your domain thus greatly reducing your overall blog SPAM and PHP requests done by the server to process these comments.', 'all-in-one-wp-security-and-firewall').'</p>';
182
+ ?>
183
+ </div>
184
+ </td>
185
+ </tr>
186
+ </table>
187
+ <?php } //End if statement ?>
188
+ </div></div>
189
+
190
+ <input type="submit" name="aiowps_apply_comment_spam_prevention_settings" value="<?php _e('Save Settings', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
191
+ </form>
192
+ <?php
193
+ }
194
+
195
+ function render_tab2()
196
+ {
197
+ global $aio_wp_security;
198
+ global $aiowps_feature_mgr;
199
+ include_once 'wp-security-list-comment-spammer-ip.php'; //For rendering the AIOWPSecurity_List_Table in tab2
200
+ $spammer_ip_list = new AIOWPSecurity_List_Comment_Spammer_IP();
201
+
202
+ //Do form submission tasks for auto block spam IP
203
+ if(isset($_POST['aiowps_auto_spam_block']))
204
+ {
205
+ $error = '';
206
+ $nonce=$_REQUEST['_wpnonce'];
207
+ if (!wp_verify_nonce($nonce, 'aiowpsec-auto-block-spam-ip-nonce'))
208
+ {
209
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed on auto block SPAM IPs options save!",4);
210
+ die("Nonce check failed on auto block SPAM IPs options save!");
211
+ }
212
+
213
+ $spam_ip_min_comments = sanitize_text_field($_POST['aiowps_spam_ip_min_comments_block']);
214
+ if(!is_numeric($spam_ip_min_comments))
215
+ {
216
+ $error .= '<br />'.__('You entered a non numeric value for the minimum number of spam comments field. It has been set to the default value.','all-in-one-wp-security-and-firewall');
217
+ $spam_ip_min_comments = '3';//Set it to the default value for this field
218
+ }elseif(empty($spam_ip_min_comments)){
219
+ $error .= '<br />'.__('You must enter an integer greater than zero for minimum number of spam comments field. It has been set to the default value.','all-in-one-wp-security-and-firewall');
220
+ $spam_ip_min_comments = '3';//Set it to the default value for this field
221
+
222
+ }
223
+
224
+ if($error)
225
+ {
226
+ $this->show_msg_error(__('Attention!','all-in-one-wp-security-and-firewall').$error);
227
+ }
228
+
229
+ //Save all the form values to the options
230
+ $aio_wp_security->configs->set_value('aiowps_enable_autoblock_spam_ip',isset($_POST["aiowps_enable_autoblock_spam_ip"])?'1':'');
231
+ $aio_wp_security->configs->set_value('aiowps_spam_ip_min_comments_block',absint($spam_ip_min_comments));
232
+ $aio_wp_security->configs->save_config();
233
+
234
+ //Recalculate points after the feature status/options have been altered
235
+ $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
236
+
237
+ $this->show_msg_settings_updated();
238
+ }
239
+
240
+
241
+ if (isset($_POST['aiowps_ip_spam_comment_search']))
242
+ {
243
+ $error = '';
244
+ $nonce=$_REQUEST['_wpnonce'];
245
+ if (!wp_verify_nonce($nonce, 'aiowpsec-spammer-ip-list-nonce'))
246
+ {
247
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed for list SPAM comment IPs!",4);
248
+ die(__('Nonce check failed for list SPAM comment IPs!','all-in-one-wp-security-and-firewall'));
249
+ }
250
+
251
+ $min_comments_per_ip = sanitize_text_field($_POST['aiowps_spam_ip_min_comments']);
252
+ if(!is_numeric($min_comments_per_ip))
253
+ {
254
+ $error .= '<br />'.__('You entered a non numeric value for the minimum SPAM comments per IP field. It has been set to the default value.','all-in-one-wp-security-and-firewall');
255
+ $min_comments_per_ip = '5';//Set it to the default value for this field
256
+ }
257
+
258
+ if($error)
259
+ {
260
+ $this->show_msg_error(__('Attention!','all-in-one-wp-security-and-firewall').$error);
261
+ }
262
+
263
+ //Save all the form values to the options
264
+ $aio_wp_security->configs->set_value('aiowps_spam_ip_min_comments',absint($min_comments_per_ip));
265
+ $aio_wp_security->configs->save_config();
266
+ $info_msg_string = sprintf( __('Displaying results for IP addresses which have posted a minimum of %s SPAM comments', 'all-in-one-wp-security-and-firewall'), $min_comments_per_ip);
267
+ $this->show_msg_updated($info_msg_string);
268
+
269
+ }
270
+
271
+ if(isset($_REQUEST['action'])) //Do list table form row action tasks
272
+ {
273
+ if($_REQUEST['action'] == 'block_spammer_ip')
274
+ { //The "block" link was clicked for a row in the list table
275
+ $spammer_ip_list->block_spammer_ip_records(strip_tags($_REQUEST['spammer_ip']));
276
+ }
277
+ }
278
+
279
+ ?>
280
+ <div class="postbox">
281
+ <h3 class="hndle"><label for="title"><?php _e('Auto Block SPAMMER IPs', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
282
+ <div class="inside">
283
+ <?php
284
+ if($aio_wp_security->configs->get_value('aiowps_enable_autoblock_spam_ip')=='1' && !class_exists('Akismet')){
285
+ $akismet_link = '<a href="https://wordpress.org/plugins/akismet/" target="_blank">Akismet</a>';
286
+ $info_msg = sprintf( __('This feature has detected that %s is not active. It is highly recommended that you activate the Akismet plugin to make the most of this feature.', 'all-in-one-wp-security-and-firewall'), $akismet_link);
287
+
288
+ echo '<div class="aio_orange_box" id="message"><p><strong>'.$info_msg.'</strong></p></div>';
289
+ }
290
+
291
+ ?>
292
+ <form action="" method="POST">
293
+ <div class="aio_blue_box">
294
+ <?php
295
+ echo '<p>'.__('This feature allows you to automatically and permanently block IP addresses which have exceeded a certain number of comments labelled as SPAM.', 'all-in-one-wp-security-and-firewall').'</p>'.
296
+ '<p>'.__('Comments are usually labelled as SPAM either by the Akismet plugin or manually by the WP administrator when they mark a comment as "spam" from the WordPress Comments menu.', 'all-in-one-wp-security-and-firewall').'</p>'.
297
+ '<p><strong>'.__('NOTE: This feature does NOT use the .htaccess file to permanently block the IP addresses so it should be compatible with all web servers running WordPress.', 'all-in-one-wp-security-and-firewall').'</strong></p>';
298
+ ?>
299
+ </div>
300
+ <?php
301
+ $min_block_comments = $aio_wp_security->configs->get_value('aiowps_spam_ip_min_comments_block');
302
+ if(!empty($min_block_comments)){
303
+ global $wpdb;
304
+ $sql = $wpdb->prepare('SELECT * FROM '.AIOWPSEC_TBL_PERM_BLOCK.' WHERE block_reason=%s', 'spam');
305
+ $total_res = $wpdb->get_results($sql);
306
+ ?>
307
+ <div class="aio_yellow_box">
308
+ <?php
309
+ if(empty($total_res)){
310
+ echo '<p><strong>'.__('You currently have no IP addresses permanently blocked due to SPAM.', 'all-in-one-wp-security-and-firewall').'</strong></p>';
311
+ }else{
312
+ $total_count = count($total_res);
313
+ $todays_blocked_count = 0;
314
+ foreach($total_res as $blocked_item){
315
+ $now = current_time( 'mysql' );
316
+ $now_date_time = new DateTime($now);
317
+ $blocked_date = new DateTime($blocked_item->blocked_date);
318
+ if($blocked_date->format('Y-m-d') == $now_date_time->format('Y-m-d')) {
319
+ //there was an IP added to permanent block list today
320
+ ++$todays_blocked_count;
321
+ }
322
+ }
323
+ echo '<p><strong>'.__('Spammer IPs Added To Permanent Block List Today: ', 'all-in-one-wp-security-and-firewall').$todays_blocked_count.'</strong></p>'.
324
+ '<hr><p><strong>'.__('All Time Total: ', 'all-in-one-wp-security-and-firewall').$total_count.'</strong></p>'.
325
+ '<p><a class="button" href="admin.php?page='.AIOWPSEC_MAIN_MENU_SLUG.'&tab=tab4" target="_blank">'.__('View Blocked IPs','all-in-one-wp-security-and-firewall').'</a></p>';
326
+ }
327
+ ?>
328
+ </div>
329
+
330
+ <?php
331
+ }
332
+ //Display security info badge
333
+ //$aiowps_feature_mgr->output_feature_details_badge("auto-block-spam-ip");
334
+ ?>
335
+ <?php wp_nonce_field('aiowpsec-auto-block-spam-ip-nonce'); ?>
336
+ <table class="form-table">
337
+ <tr valign="top">
338
+ <th scope="row"><?php _e('Enable Auto Block of SPAM Comment IPs', 'all-in-one-wp-security-and-firewall')?>:</th>
339
+ <td>
340
+ <input name="aiowps_enable_autoblock_spam_ip" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_autoblock_spam_ip')=='1') echo ' checked="checked"'; ?> value="1"/>
341
+ <span class="description"><?php _e('Check this box if you want this plugin to automatically block IP addresses which submit SPAM comments.', 'all-in-one-wp-security-and-firewall'); ?></span>
342
+ </td>
343
+ </tr>
344
+ <tr valign="top">
345
+ <th scope="row"><?php _e('Minimum number of SPAM comments', 'all-in-one-wp-security-and-firewall')?>:</th>
346
+ <td><input type="text" size="5" name="aiowps_spam_ip_min_comments_block" value="<?php echo $aio_wp_security->configs->get_value('aiowps_spam_ip_min_comments_block'); ?>" />
347
+ <span class="description"><?php _e('Specify the minimum number of SPAM comments for an IP address before it is permanently blocked.', 'all-in-one-wp-security-and-firewall');?></span>
348
+ <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
349
+ <div class="aiowps_more_info_body">
350
+ <?php
351
+ echo '<p class="description">'.__('Example 1: Setting this value to "1" will block ALL IP addresses which were used to submit at least one SPAM comment.', 'all-in-one-wp-security-and-firewall').'</p>';
352
+ echo '<p class="description">'.__('Example 2: Setting this value to "5" will block only those IP addresses which were used to submit 5 SPAM comments or more on your site.', 'all-in-one-wp-security-and-firewall').'</p>';
353
+ ?>
354
+ </div>
355
+ </td>
356
+ </tr>
357
+ <!-- <tr valign="top">-->
358
+ <!-- <th scope="row">--><?php //_e('Run Now', 'all-in-one-wp-security-and-firewall')?><!--:</th>-->
359
+ <!-- <td><input type="submit" name="aiowps_auto_spam_block_run" value="--><?php //_e('Run SPAM IP Blocking Now', 'all-in-one-wp-security-and-firewall')?><!--" class="button-secondary" />-->
360
+ <!-- <span class="description">--><?php //_e('This feature normally runs automatically whenever a comment is submitted but you can run it manually by clicking this button. (useful for older comments)', 'all-in-one-wp-security-and-firewall');?><!--</span>-->
361
+ <!-- </td>-->
362
+ <!-- </tr>-->
363
+
364
+ </table>
365
+ <input type="submit" name="aiowps_auto_spam_block" value="<?php _e('Save Settings', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
366
+ </form>
367
+ </div></div>
368
+
369
+ <div class="postbox">
370
+ <h3 class="hndle"><label for="title"><?php _e('List SPAMMER IP Addresses', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
371
+ <div class="inside">
372
+ <div class="aio_blue_box">
373
+ <?php
374
+ echo '<p>'.__('This section displays a list of the IP addresses of the people or bots who have left SPAM comments on your site.', 'all-in-one-wp-security-and-firewall').'
375
+ <br />'.__('This information can be handy for identifying the most persistent IP addresses or ranges used by spammers.', 'all-in-one-wp-security-and-firewall').'
376
+ <br />'.__('By inspecting the IP address data coming from spammers you will be in a better position to determine which addresses or address ranges you should block by adding them to the permanent block list.', 'all-in-one-wp-security-and-firewall').'
377
+ <br />'.__('To add one or more of the IP addresses displayed in the table below to your blacklist, simply click the "Block" link for the individual row or select more than one address
378
+ using the checkboxes and then choose the "block" option from the Bulk Actions dropdown list and click the "Apply" button.', 'all-in-one-wp-security-and-firewall').'
379
+ </p>';
380
+ ?>
381
+ </div>
382
+
383
+ <form action="" method="POST">
384
+ <?php wp_nonce_field('aiowpsec-spammer-ip-list-nonce'); ?>
385
+ <table class="form-table">
386
+ <tr valign="top">
387
+ <th scope="row"><?php _e('Minimum number of SPAM comments per IP', 'all-in-one-wp-security-and-firewall')?>:</th>
388
+ <td><input type="text" size="5" name="aiowps_spam_ip_min_comments" value="<?php echo $aio_wp_security->configs->get_value('aiowps_spam_ip_min_comments'); ?>" />
389
+ <span class="description"><?php _e('This field allows you to list only those IP addresses which have been used to post X or more SPAM comments.', 'all-in-one-wp-security-and-firewall');?></span>
390
+ <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
391
+ <div class="aiowps_more_info_body">
392
+ <?php
393
+ echo '<p class="description">'.__('Example 1: Setting this value to "0" or "1" will list ALL IP addresses which were used to submit SPAM comments.', 'all-in-one-wp-security-and-firewall').'</p>';
394
+ echo '<p class="description">'.__('Example 2: Setting this value to "5" will list only those IP addresses which were used to submit 5 SPAM comments or more on your site.', 'all-in-one-wp-security-and-firewall').'</p>';
395
+ ?>
396
+ </div>
397
+
398
+ </td>
399
+ </tr>
400
+ </table>
401
+ <input type="submit" name="aiowps_ip_spam_comment_search" value="<?php _e('Find IP Addresses', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
402
+ </form>
403
+ </div></div>
404
+ <div class="postbox">
405
+ <h3 class="hndle"><label for="title"><?php _e('SPAMMER IP Address Results', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
406
+ <div class="inside">
407
+ <?php
408
+ if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1)
409
+ {
410
+ echo '<div class="aio_yellow_box">';
411
+ echo '<p>'.__('The plugin has detected that you are using a Multi-Site WordPress installation.', 'all-in-one-wp-security-and-firewall').'</p>
412
+ <p>'.__('Only the "superadmin" can block IP addresses from the main site.', 'all-in-one-wp-security-and-firewall').'</p>
413
+ <p>'.__('Take note of the IP addresses you want blocked and ask the superadmin to add these to the blacklist using the "Blacklist Manager" on the main site.', 'all-in-one-wp-security-and-firewall').'</p>';
414
+ echo '</div>';
415
+ }
416
+ //Fetch, prepare, sort, and filter our data...
417
+ $spammer_ip_list->prepare_items();
418
+ //echo "put table of locked entries here";
419
+ ?>
420
+ <form id="tables-filter" method="get" onSubmit="return confirm('Are you sure you want to perform this bulk operation on the selected entries?');">
421
+ <!-- For plugins, we also need to ensure that the form posts back to our current page -->
422
+ <input type="hidden" name="page" value="<?php echo esc_attr($_REQUEST['page']); ?>" />
423
+ <input type="hidden" name="tab" value="<?php echo esc_attr($_REQUEST['tab']); ?>" />
424
+ <!-- Now we can render the completed list table -->
425
+ <?php $spammer_ip_list->display(); ?>
426
+ </form>
427
+ </div></div>
428
+ <?php
429
+ }
430
+
431
+
432
+ function render_tab3()
433
+ {
434
+ global $aiowps_feature_mgr;
435
+ global $aio_wp_security;
436
+ if(isset($_POST['aiowps_save_bp_spam_settings']))//Do form submission tasks
437
+ {
438
+ $nonce=$_REQUEST['_wpnonce'];
439
+ if (!wp_verify_nonce($nonce, 'aiowpsec-bp-spam-settings-nonce'))
440
+ {
441
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed on save comment spam settings!",4);
442
+ die("Nonce check failed on save comment spam settings!");
443
+ }
444
+
445
+ //Save settings
446
+ $aio_wp_security->configs->set_value('aiowps_enable_bp_register_captcha',isset($_POST["aiowps_enable_bp_register_captcha"])?'1':'');
447
+
448
+ //Commit the config settings
449
+ $aio_wp_security->configs->save_config();
450
+
451
+ //Recalculate points after the feature status/options have been altered
452
+ $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
453
+
454
+ $this->show_msg_updated(__('Settings were successfully saved', 'all-in-one-wp-security-and-firewall'));
455
+ }
456
+
457
+ ?>
458
+ <h2><?php _e('BuddyPress SPAM Settings', 'all-in-one-wp-security-and-firewall')?></h2>
459
+ <form action="" method="POST">
460
+ <?php wp_nonce_field('aiowpsec-bp-spam-settings-nonce'); ?>
461
+
462
+ <div class="postbox">
463
+ <h3 class="hndle"><label for="title"><?php _e('Add Captcha To BuddyPress Registration Form', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
464
+ <div class="inside">
465
+ <div class="aio_blue_box">
466
+ <?php
467
+ echo '<p>'.__('This feature will add a simple math captcha field in the BuddyPress registration form.', 'all-in-one-wp-security-and-firewall').
468
+ '<br />'.__('Adding a captcha field in the registration form is a simple way of greatly reducing SPAM signups from bots without using .htaccess rules.', 'all-in-one-wp-security-and-firewall').'</p>';
469
+ ?>
470
+ </div>
471
+ <?php
472
+ if (defined('BP_VERSION')){
473
+ //Display security info badge
474
+ $aiowps_feature_mgr->output_feature_details_badge("bp-register-captcha");
475
+ ?>
476
+ <table class="form-table">
477
+ <tr valign="top">
478
+ <th scope="row"><?php _e('Enable Captcha On BuddyPress Registration Form', 'all-in-one-wp-security-and-firewall')?>:</th>
479
+ <td>
480
+ <input name="aiowps_enable_bp_register_captcha" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_bp_register_captcha')=='1') echo ' checked="checked"'; ?> value="1"/>
481
+ <span class="description"><?php _e('Check this if you want to insert a captcha field on the BuddyPress registration forms', 'all-in-one-wp-security-and-firewall'); ?></span>
482
+ </td>
483
+ </tr>
484
+ </table>
485
+ </div></div>
486
+ <input type="submit" name="aiowps_save_bp_spam_settings" value="<?php _e('Save Settings', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
487
+ </form>
488
+ <?php
489
+ }else{
490
+ $this->show_msg_error(__('BuddyPress is not active! In order to use this feature you will need to have BuddyPress installed and activated.', 'all-in-one-wp-security-and-firewall'));
491
+ }
492
+ }
493
+
494
+ function render_tab4()
495
+ {
496
+ global $aiowps_feature_mgr;
497
+ global $aio_wp_security;
498
+ if(isset($_POST['aiowps_save_bbp_spam_settings']))//Do form submission tasks
499
+ {
500
+ $nonce=$_REQUEST['_wpnonce'];
501
+ if (!wp_verify_nonce($nonce, 'aiowpsec-bbp-spam-settings-nonce'))
502
+ {
503
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed on save bbp spam settings!",4);
504
+ die("Nonce check failed on save bbpress spam settings!");
505
+ }
506
+
507
+ //Save settings
508
+ $aio_wp_security->configs->set_value('aiowps_enable_bbp_new_topic_captcha',isset($_POST["aiowps_enable_bbp_new_topic_captcha"])?'1':'');
509
+
510
+ //Commit the config settings
511
+ $aio_wp_security->configs->save_config();
512
+
513
+ //Recalculate points after the feature status/options have been altered
514
+ $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
515
+
516
+ $this->show_msg_updated(__('Settings were successfully saved', 'all-in-one-wp-security-and-firewall'));
517
+ }
518
+
519
+ ?>
520
+ <h2><?php _e('BBPress SPAM Settings', 'all-in-one-wp-security-and-firewall')?></h2>
521
+ <form action="" method="POST">
522
+ <?php wp_nonce_field('aiowpsec-bbp-spam-settings-nonce'); ?>
523
+
524
+ <div class="postbox">
525
+ <h3 class="hndle"><label for="title"><?php _e('Add Captcha To BBPress New Topic Form', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
526
+ <div class="inside">
527
+ <div class="aio_blue_box">
528
+ <?php
529
+ echo '<p>'.__('This feature will add a simple math captcha field in the BBPress new topic form.', 'all-in-one-wp-security-and-firewall').
530
+ '<br />'.__('Adding a captcha field in this form is a simple way of greatly reducing SPAM submitted from bots.', 'all-in-one-wp-security-and-firewall').'</p>';
531
+ ?>
532
+ </div>
533
+ <?php
534
+ if (class_exists( 'bbPress' )){
535
+ //Display security info badge
536
+ $aiowps_feature_mgr->output_feature_details_badge("bbp-new-topic-captcha");
537
+ ?>
538
+ <table class="form-table">
539
+ <tr valign="top">
540
+ <th scope="row"><?php _e('Enable Captcha On BBPress New Topic Form', 'all-in-one-wp-security-and-firewall')?>:</th>
541
+ <td>
542
+ <input name="aiowps_enable_bbp_new_topic_captcha" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_bbp_new_topic_captcha')=='1') echo ' checked="checked"'; ?> value="1"/>
543
+ <span class="description"><?php _e('Check this if you want to insert a captcha field on the BBPress new topic forms', 'all-in-one-wp-security-and-firewall'); ?></span>
544
+ </td>
545
+ </tr>
546
+ </table>
547
+ </div></div>
548
+ <input type="submit" name="aiowps_save_bbp_spam_settings" value="<?php _e('Save Settings', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
549
+ </form>
550
+ <?php
551
+ }else{
552
+ $this->show_msg_error(__('BBPress is not active! In order to use this feature you will need to have BBPress installed and activated.', 'all-in-one-wp-security-and-firewall'));
553
+ }
554
+ }
555
+
556
  } //end class
admin/wp-security-user-accounts-menu.php CHANGED
@@ -1,345 +1,345 @@
1
- <?php
2
- if(!defined('ABSPATH')){
3
- exit;//Exit if accessed directly
4
- }
5
-
6
- class AIOWPSecurity_User_Accounts_Menu extends AIOWPSecurity_Admin_Menu
7
- {
8
- var $menu_page_slug = AIOWPSEC_USER_ACCOUNTS_MENU_SLUG;
9
-
10
- /* Specify all the tabs of this menu in the following array */
11
- var $menu_tabs;
12
- var $menu_tabs_handler = array(
13
- 'tab1' => 'render_tab1',
14
- 'tab2' => 'render_tab2',
15
- 'tab3' => 'render_tab3',
16
- );
17
- function __construct()
18
- {
19
- $this->render_menu_page();
20
-
21
- //Add the JS library for password tool - make sure we are on our password tab
22
- if (isset($_GET['page']) && strpos($_GET['page'], AIOWPSEC_USER_ACCOUNTS_MENU_SLUG ) !== false) {
23
- if (isset($_GET['tab']) && $_GET['tab'] == 'tab3'){
24
- wp_enqueue_script('aiowpsec-pw-tool-js');
25
- }
26
- }
27
- }
28
-
29
- function set_menu_tabs()
30
- {
31
- $this->menu_tabs = array(
32
- 'tab1' => __('WP Username', 'all-in-one-wp-security-and-firewall'),
33
- 'tab2' => __('Display Name', 'all-in-one-wp-security-and-firewall'),
34
- 'tab3' => __('Password', 'all-in-one-wp-security-and-firewall')
35
- );
36
- }
37
-
38
- function get_current_tab()
39
- {
40
- $tab_keys = array_keys($this->menu_tabs);
41
- $tab = isset( $_GET['tab'] ) ? sanitize_text_field($_GET['tab']) : $tab_keys[0];
42
- return $tab;
43
- }
44
-
45
- /*
46
- * Renders our tabs of this menu as nav items
47
- */
48
- function render_menu_tabs()
49
- {
50
- $current_tab = $this->get_current_tab();
51
-
52
- echo '<h2 class="nav-tab-wrapper">';
53
- foreach ( $this->menu_tabs as $tab_key => $tab_caption )
54
- {
55
- $active = $current_tab == $tab_key ? 'nav-tab-active' : '';
56
- echo '<a class="nav-tab ' . $active . '" href="?page=' . $this->menu_page_slug . '&tab=' . $tab_key . '">' . $tab_caption . '</a>';
57
- }
58
- echo '</h2>';
59
- }
60
-
61
- /*
62
- * The menu rendering goes here
63
- */
64
- function render_menu_page()
65
- {
66
- echo '<div class="wrap">';
67
- echo '<h2>'.__('User Accounts','all-in-one-wp-security-and-firewall').'</h2>';//Interface title
68
- $this->set_menu_tabs();
69
- $tab = $this->get_current_tab();
70
- $this->render_menu_tabs();
71
- ?>
72
- <div id="poststuff"><div id="post-body">
73
- <?php
74
- //$tab_keys = array_keys($this->menu_tabs);
75
- call_user_func(array(&$this, $this->menu_tabs_handler[$tab]));
76
- ?>
77
- </div></div>
78
- </div><!-- end of wrap -->
79
- <?php
80
- }
81
-
82
- function render_tab1()
83
- {
84
- if (isset($_POST['aiowps_change_admin_username']))//Do form submission tasks
85
- {
86
- echo $this->validate_change_username_form();
87
- }
88
- ?>
89
- <h2><?php _e('Admin User Security', 'all-in-one-wp-security-and-firewall')?></h2>
90
- <div class="aio_blue_box">
91
- <?php
92
- echo '<p>'.__('By default, WordPress sets the administrator username to "admin" at installation time.', 'all-in-one-wp-security-and-firewall').'
93
- <br />'.__('A lot of hackers try to take advantage of this information by attempting "Brute Force Login Attacks" where they repeatedly try to guess the password by using "admin" for username.', 'all-in-one-wp-security-and-firewall').'
94
- <br />'.__('From a security perspective, changing the default "admin" user name is one of the first and smartest things you should do on your site.', 'all-in-one-wp-security-and-firewall').'
95
- <br /><br />'.__('This feature will allow you to change your default "admin" user name to a more secure name of your choosing.', 'all-in-one-wp-security-and-firewall').'
96
- </p>';
97
- ?>
98
- </div>
99
-
100
- <?php
101
- //display a list of all administrator accounts for this site
102
- $postbox_title = __('List of Administrator Accounts', 'all-in-one-wp-security-and-firewall');
103
- if (AIOWPSecurity_Utility::is_multisite_install()) { //Multi-site: get admin accounts for current site
104
- $blog_id = get_current_blog_id();
105
- $this->postbox($postbox_title, $this->get_all_admin_accounts($blog_id));
106
- } else {
107
- $this->postbox($postbox_title, $this->get_all_admin_accounts());
108
- }
109
- ?>
110
- <div class="postbox">
111
- <h3 class="hndle"><label for="title"><?php _e('Change Admin Username', 'all-in-one-wp-security-and-firewall')?></label></h3>
112
- <div class="inside">
113
- <?php
114
- global $aiowps_feature_mgr;
115
- $aiowps_feature_mgr->output_feature_details_badge("user-accounts-change-admin-user");
116
-
117
- if (AIOWPSecurity_Utility::check_user_exists('admin') || AIOWPSecurity_Utility::check_user_exists('Admin'))
118
- {
119
- echo '<div class="aio_red_box"><p>'.__('Your site currently has an account which uses the default "admin" username. It is highly recommended that you change this name to something else. Use the following field to change the admin username.', 'all-in-one-wp-security-and-firewall').'</p></div>';
120
- ?>
121
- <form action="" method="POST">
122
- <?php wp_nonce_field('aiowpsec-change-admin-nonce'); ?>
123
- <table class="form-table">
124
- <tr valign="top">
125
- <th scope="row"><label for="NewUserName"> <?php _e('New Admin Username', 'all-in-one-wp-security-and-firewall')?>:</label></th>
126
- <td><input type="text" size="16" name="aiowps_new_user_name" />
127
- <p class="description"><?php _e('Choose a new username for admin.', 'all-in-one-wp-security-and-firewall'); ?></p>
128
- </td>
129
- </tr>
130
- </table>
131
- <input type="submit" name="aiowps_change_admin_username" value="<?php _e('Change Username', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
132
- <div class="aio_spacer_15"></div>
133
- <p class="description"><?php _e('NOTE: If you are currently logged in as "admin" you will be automatically logged out after changing your username and will be required to log back in.', 'all-in-one-wp-security-and-firewall')?></p>
134
- </form>
135
- <?php
136
- }
137
- else
138
- {
139
- echo '<div id="aios_message" class="aio_green_box"><p><strong>';
140
- _e ('No action required! ', 'all-in-one-wp-security-and-firewall');
141
- echo '</strong><br />';
142
- _e ('Your site does not have any account which uses the default "admin" username. ', 'all-in-one-wp-security-and-firewall');
143
- _e ('This is good security practice.', 'all-in-one-wp-security-and-firewall');
144
- echo '</p></div>';
145
- }
146
- ?>
147
- </div>
148
- </div>
149
- <?php
150
- }
151
-
152
- function render_tab2()
153
- {
154
- ?>
155
- <h2><?php _e('Display Name Security', 'all-in-one-wp-security-and-firewall')?></h2>
156
- <div class="aio_blue_box">
157
- <?php
158
- echo '<p>'.__('When you submit a post or answer a comment, WordPress will usually display your "nickname".', 'all-in-one-wp-security-and-firewall').'
159
- <br />'.__('By default the nickname is set to the login (or user) name of your account.', 'all-in-one-wp-security-and-firewall').'
160
- <br />'.__('From a security perspective, leaving your nickname the same as your user name is bad practice because it gives a hacker at least half of your account\'s login credentials.', 'all-in-one-wp-security-and-firewall').'
161
- <br /><br />'.__('Therefore to further tighten your site\'s security you are advised to change your <strong>nickname</strong> and <strong>Display name</strong> to be different from your <strong>Username</strong>.', 'all-in-one-wp-security-and-firewall').'
162
- </p>';
163
- ?>
164
- </div>
165
-
166
- <div class="postbox">
167
- <h3 class="hndle"><label for="title"><?php _e('Modify Accounts With Identical Login Name & Display Name', 'all-in-one-wp-security-and-firewall')?></label></h3>
168
- <div class="inside">
169
- <?php
170
- global $aiowps_feature_mgr;
171
- $aiowps_feature_mgr->output_feature_details_badge("user-accounts-display-name");
172
-
173
- //now let's find any accounts which have login name same as display name
174
- $login_nick_name_accounts = AIOWPSecurity_Utility::check_identical_login_and_nick_names();
175
- if ($login_nick_name_accounts) {
176
- echo '<div class="aio_red_box"><p>'.__('Your site currently has the following accounts which have an identical login name and display name.', 'all-in-one-wp-security-and-firewall').'
177
- <span class="description">('.__('Click on the link to edit the settings of that particular user account', 'all-in-one-wp-security-and-firewall').'</span></p></div>';
178
- ?>
179
- <table class="form-table">
180
- <?php
181
- $edit_user_page = get_option('siteurl').'/wp-admin/user-edit.php?user_id=';
182
- foreach ($login_nick_name_accounts as $usr){
183
- echo '<tr valign="top">';
184
- // echo '<th scope="row"><label for="UserID'.$usr['ID'].'"> Login Name: </label></th>';
185
- echo '<td><a href="'.$edit_user_page.$usr['ID'].'" target="_blank">'.$usr['user_login'].'</a></td>';
186
- echo '</tr>';
187
- }
188
- ?>
189
- </table>
190
- <?php
191
- } else {
192
- echo '<div id="aios_message" class="aio_green_box"><p><strong>'.__('No action required.', 'all-in-one-wp-security-and-firewall').'</strong>
193
- <br />'.__('Your site does not have a user account where the display name is identical to the username.', 'all-in-one-wp-security-and-firewall').'</p></div>';
194
- }
195
- ?>
196
- </div>
197
- </div>
198
- <?php
199
- }
200
-
201
- function render_tab3()
202
- {
203
- ?>
204
- <h2><?php _e('Password Tool', 'all-in-one-wp-security-and-firewall')?></h2>
205
- <div class="aio_blue_box">
206
- <?php
207
- echo '<p>'.__('Poor password selection is one of the most common weak points of many sites and is usually the first thing a hacker will try to exploit when attempting to break into your site.', 'all-in-one-wp-security-and-firewall').'</p>'.
208
- '<p>'.__('Many people fall into the trap of using a simple word or series of numbers as their password. Such a predictable and simple password would take a competent hacker merely minutes to guess your password by using a simple script which cycles through the easy and most common combinations.', 'all-in-one-wp-security-and-firewall').'</p>'.
209
- '<p>'.__('The longer and more complex your password is the harder it is for hackers to "crack" because more complex passwords require much greater computing power and time.', 'all-in-one-wp-security-and-firewall').'</p>'.
210
- '<p>'.__('This section contains a useful password strength tool which you can use to check whether your password is sufficiently strong enough.', 'all-in-one-wp-security-and-firewall').'</p>';
211
- ?>
212
- </div>
213
-
214
- <div class="postbox">
215
- <h3 class="hndle"><label for="title"><?php _e('Password Strength Tool', 'all-in-one-wp-security-and-firewall');?></label></h3>
216
- <div class="inside">
217
- <div class="aio_grey_box aio_half_width"><p><?php _e('This password tool uses an algorithm which calculates how long it would take for your password to be cracked using the computing power of an off-the-shelf current model desktop PC with high end processor, graphics card and appropriate password cracking software.', 'all-in-one-wp-security-and-firewall');?></p></div>
218
- <div class="aiowps_password_tool_field">
219
- <input size="40" id="aiowps_password_test" name="aiowps_password_test" type="text" />
220
- <div class="description"><?php _e('Start typing a password.', 'all-in-one-wp-security-and-firewall'); ?></div>
221
- </div>
222
- <div id="aiowps_pw_tool_main">
223
- <div class="aiowps_password_crack_info_text"><?php _e('It would take a desktop PC approximately', 'all-in-one-wp-security-and-firewall'); ?>
224
- <div id="aiowps_password_crack_time_calculation"><?php _e('1 sec', 'all-in-one-wp-security-and-firewall'); ?></div> <?php _e('to crack your password!', 'all-in-one-wp-security-and-firewall'); ?></div>
225
- <!-- The rotating arrow -->
226
- <div class="arrowCap"></div>
227
- <div class="arrow"></div>
228
-
229
- <p class="meterText"><?php _e('Password Strength', 'all-in-one-wp-security-and-firewall'); ?></p>
230
- </div>
231
- </div>
232
- </div>
233
- <?php
234
- }
235
-
236
- function validate_change_username_form()
237
- {
238
- global $wpdb;
239
- global $aio_wp_security;
240
- $errors = '';
241
- $nonce=$_REQUEST['_wpnonce'];
242
- if (!wp_verify_nonce($nonce, 'aiowpsec-change-admin-nonce'))
243
- {
244
- $aio_wp_security->debug_logger->log_debug("Nonce check failed on admin username change operation!",4);
245
- die(__('Nonce check failed on admin username change operation!','all-in-one-wp-security-and-firewall'));
246
- }
247
- if (!empty($_POST['aiowps_new_user_name'])) {
248
- $new_username = sanitize_text_field($_POST['aiowps_new_user_name']);
249
- if (validate_username($new_username))
250
- {
251
- if (AIOWPSecurity_Utility::check_user_exists($new_username)){
252
- $errors .= __('Username ', 'all-in-one-wp-security-and-firewall').$new_username.__(' already exists. Please enter another value. ', 'all-in-one-wp-security-and-firewall');
253
- }
254
- else
255
- {
256
- //let's check if currently logged in username is 'admin'
257
- $user = wp_get_current_user();
258
- $user_login = $user->user_login;
259
- if (strtolower($user_login) == 'admin'){
260
- $username_is_admin = TRUE;
261
- } else {
262
- $username_is_admin = FALSE;
263
- }
264
- //Now let's change the username
265
- $sql = $wpdb->prepare( "UPDATE `" . $wpdb->users . "` SET user_login = '" . esc_sql($new_username) . "' WHERE user_login=%s", "admin" );
266
- $result = $wpdb->query($sql);
267
- if (!$result) {
268
- //There was an error updating the users table
269
- $user_update_error = __('The database update operation of the user account failed!', 'all-in-one-wp-security-and-firewall');
270
- //TODO## - add error logging here
271
- $return_msg = '<div id="message" class="updated fade"><p>'.$user_update_error.'</p></div>';
272
- return $return_msg;
273
- }
274
-
275
- //multisite considerations
276
- if ( AIOWPSecurity_Utility::is_multisite_install() ) { //process sitemeta if we're in a multi-site situation
277
- $oldAdmins = $wpdb->get_var( "SELECT meta_value FROM `" . $wpdb->sitemeta . "` WHERE meta_key = 'site_admins'" );
278
- $newAdmins = str_replace( '5:"admin"', strlen( $new_username ) . ':"' . esc_sql( $new_username ) . '"', $oldAdmins );
279
- $wpdb->query( "UPDATE `" . $wpdb->sitemeta . "` SET meta_value = '" . esc_sql( $newAdmins ) . "' WHERE meta_key = 'site_admins'" );
280
- }
281
-
282
- //If user is logged in with username "admin" then log user out and send to login page so they can login again
283
- if ($username_is_admin) {
284
- //Lets logout the user
285
- $aio_wp_security->debug_logger->log_debug("Logging User Out with login ".$user_login. " because they changed their username.");
286
- $after_logout_url = AIOWPSecurity_Utility::get_current_page_url();
287
- $after_logout_payload = array('redirect_to'=>$after_logout_url, 'msg'=>$aio_wp_security->user_login_obj->key_login_msg.'=admin_user_changed', );
288
- //Save some of the logout redirect data to a transient
289
- AIOWPSecurity_Utility::is_multisite_install() ? set_site_transient('aiowps_logout_payload', $after_logout_payload, 30 * 60) : set_transient('aiowps_logout_payload', $after_logout_payload, 30 * 60);
290
-
291
- $logout_url = AIOWPSEC_WP_URL.'?aiowpsec_do_log_out=1';
292
- $logout_url = AIOWPSecurity_Utility::add_query_data_to_url($logout_url, 'al_additional_data', '1');
293
- AIOWPSecurity_Utility::redirect_to_url($logout_url);
294
- }
295
- }
296
- }
297
- else {//An invalid username was entered
298
- $errors .= __('You entered an invalid username. Please enter another value. ', 'all-in-one-wp-security-and-firewall');
299
- }
300
- }
301
- else {//No username value was entered
302
- $errors .= __('Please enter a value for your username. ', 'all-in-one-wp-security-and-firewall');
303
- }
304
-
305
- if (strlen($errors)> 0){//We have some validation or other error
306
- $return_msg = '<div id="message" class="error"><p>' . $errors . '</p></div>';
307
- }
308
- else{
309
- $return_msg = '<div id="message" class="updated fade"><p>'.__('Username Successfully Changed!', 'all-in-one-wp-security-and-firewall').'</p></div>';
310
- }
311
- return $return_msg;
312
- }
313
-
314
-
315
- /*
316
- * This function will retrieve all user accounts which have 'administrator' role and will return html code with results in a table
317
- */
318
- function get_all_admin_accounts($blog_id='') {
319
- //TODO: Have included the "blog_id" variable for future use for cases where people want to search particular blog (eg, multi-site)
320
- if ($blog_id) {
321
- $admin_users = get_users('blog_id='.$blog_id.'&orderby=login&role=administrator');
322
- } else {
323
- $admin_users = get_users('orderby=login&role=administrator');
324
- }
325
- //now let's put the results in an HTML table
326
- $account_output = "";
327
- if ($admin_users != NULL) {
328
- $account_output .= '<table>';
329
- $account_output .= '<tr><th>'.__('Account Login Name', 'all-in-one-wp-security-and-firewall').'</th></tr>';
330
- foreach ($admin_users as $entry) {
331
- $account_output .= '<tr>';
332
- if (strtolower($entry->user_login) == 'admin') {
333
- $account_output .= '<td style="color:red; font-weight: bold;">'.$entry->user_login.'</td>';
334
- }else {
335
- $account_output .= '<td>'.$entry->user_login.'</td>';
336
- }
337
- $user_acct_edit_link = admin_url('user-edit.php?user_id=' . $entry->ID);
338
- $account_output .= '<td><a href="'.$user_acct_edit_link.'" target="_blank">'.__('Edit User', 'all-in-one-wp-security-and-firewall').'</a></td>';
339
- $account_output .= '</tr>';
340
- }
341
- $account_output .= '</table>';
342
- }
343
- return $account_output;
344
- }
345
  } //end class
1
+ <?php
2
+ if(!defined('ABSPATH')){
3
+ exit;//Exit if accessed directly
4
+ }
5
+
6
+ class AIOWPSecurity_User_Accounts_Menu extends AIOWPSecurity_Admin_Menu
7
+ {
8
+ var $menu_page_slug = AIOWPSEC_USER_ACCOUNTS_MENU_SLUG;
9
+
10
+ /* Specify all the tabs of this menu in the following array */
11
+ var $menu_tabs;
12
+ var $menu_tabs_handler = array(
13
+ 'tab1' => 'render_tab1',
14
+ 'tab2' => 'render_tab2',
15
+ 'tab3' => 'render_tab3',
16
+ );
17
+ function __construct()
18
+ {
19
+ $this->render_menu_page();
20
+
21
+ //Add the JS library for password tool - make sure we are on our password tab
22
+ if (isset($_GET['page']) && strpos($_GET['page'], AIOWPSEC_USER_ACCOUNTS_MENU_SLUG ) !== false) {
23
+ if (isset($_GET['tab']) && $_GET['tab'] == 'tab3'){
24
+ wp_enqueue_script('aiowpsec-pw-tool-js');
25
+ }
26
+ }
27
+ }
28
+
29
+ function set_menu_tabs()
30
+ {
31
+ $this->menu_tabs = array(
32
+ 'tab1' => __('WP Username', 'all-in-one-wp-security-and-firewall'),
33
+ 'tab2' => __('Display Name', 'all-in-one-wp-security-and-firewall'),
34
+ 'tab3' => __('Password', 'all-in-one-wp-security-and-firewall')
35
+ );
36
+ }
37
+
38
+ function get_current_tab()
39
+ {
40
+ $tab_keys = array_keys($this->menu_tabs);
41
+ $tab = isset( $_GET['tab'] ) ? sanitize_text_field($_GET['tab']) : $tab_keys[0];
42
+ return $tab;
43
+ }
44
+
45
+ /*
46
+ * Renders our tabs of this menu as nav items
47
+ */
48
+ function render_menu_tabs()
49
+ {
50
+ $current_tab = $this->get_current_tab();
51
+
52
+ echo '<h2 class="nav-tab-wrapper">';
53
+ foreach ( $this->menu_tabs as $tab_key => $tab_caption )
54
+ {
55
+ $active = $current_tab == $tab_key ? 'nav-tab-active' : '';
56
+ echo '<a class="nav-tab ' . $active . '" href="?page=' . $this->menu_page_slug . '&tab=' . $tab_key . '">' . $tab_caption . '</a>';
57
+ }
58
+ echo '</h2>';
59
+ }
60
+
61
+ /*
62
+ * The menu rendering goes here
63
+ */
64
+ function render_menu_page()
65
+ {
66
+ echo '<div class="wrap">';
67
+ echo '<h2>'.__('User Accounts','all-in-one-wp-security-and-firewall').'</h2>';//Interface title
68
+ $this->set_menu_tabs();
69
+ $tab = $this->get_current_tab();
70
+ $this->render_menu_tabs();
71
+ ?>
72
+ <div id="poststuff"><div id="post-body">
73
+ <?php
74
+ //$tab_keys = array_keys($this->menu_tabs);
75
+ call_user_func(array($this, $this->menu_tabs_handler[$tab]));
76
+ ?>
77
+ </div></div>
78
+ </div><!-- end of wrap -->
79
+ <?php
80
+ }
81
+
82
+ function render_tab1()
83
+ {
84
+ if (isset($_POST['aiowps_change_admin_username']))//Do form submission tasks
85
+ {
86
+ echo $this->validate_change_username_form();
87
+ }
88
+ ?>
89
+ <h2><?php _e('Admin User Security', 'all-in-one-wp-security-and-firewall')?></h2>
90
+ <div class="aio_blue_box">
91
+ <?php
92
+ echo '<p>'.__('By default, WordPress sets the administrator username to "admin" at installation time.', 'all-in-one-wp-security-and-firewall').'
93
+ <br />'.__('A lot of hackers try to take advantage of this information by attempting "Brute Force Login Attacks" where they repeatedly try to guess the password by using "admin" for username.', 'all-in-one-wp-security-and-firewall').'
94
+ <br />'.__('From a security perspective, changing the default "admin" user name is one of the first and smartest things you should do on your site.', 'all-in-one-wp-security-and-firewall').'
95
+ <br /><br />'.__('This feature will allow you to change your default "admin" user name to a more secure name of your choosing.', 'all-in-one-wp-security-and-firewall').'
96
+ </p>';
97
+ ?>
98
+ </div>
99
+
100
+ <?php
101
+ //display a list of all administrator accounts for this site
102
+ $postbox_title = __('List of Administrator Accounts', 'all-in-one-wp-security-and-firewall');
103
+ if (AIOWPSecurity_Utility::is_multisite_install()) { //Multi-site: get admin accounts for current site
104
+ $blog_id = get_current_blog_id();
105
+ $this->postbox($postbox_title, $this->get_all_admin_accounts($blog_id));
106
+ } else {
107
+ $this->postbox($postbox_title, $this->get_all_admin_accounts());
108
+ }
109
+ ?>
110
+ <div class="postbox">
111
+ <h3 class="hndle"><label for="title"><?php _e('Change Admin Username', 'all-in-one-wp-security-and-firewall')?></label></h3>
112
+ <div class="inside">
113
+ <?php
114
+ global $aiowps_feature_mgr;
115
+ $aiowps_feature_mgr->output_feature_details_badge("user-accounts-change-admin-user");
116
+
117
+ if (AIOWPSecurity_Utility::check_user_exists('admin') || AIOWPSecurity_Utility::check_user_exists('Admin'))
118
+ {
119
+ echo '<div class="aio_red_box"><p>'.__('Your site currently has an account which uses the default "admin" username. It is highly recommended that you change this name to something else. Use the following field to change the admin username.', 'all-in-one-wp-security-and-firewall').'</p></div>';
120
+ ?>
121
+ <form action="" method="POST">
122
+ <?php wp_nonce_field('aiowpsec-change-admin-nonce'); ?>
123
+ <table class="form-table">
124
+ <tr valign="top">
125
+ <th scope="row"><label for="NewUserName"> <?php _e('New Admin Username', 'all-in-one-wp-security-and-firewall')?>:</label></th>
126
+ <td><input type="text" size="16" name="aiowps_new_user_name" />
127
+ <p class="description"><?php _e('Choose a new username for admin.', 'all-in-one-wp-security-and-firewall'); ?></p>
128
+ </td>
129
+ </tr>
130
+ </table>
131
+ <input type="submit" name="aiowps_change_admin_username" value="<?php _e('Change Username', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
132
+ <div class="aio_spacer_15"></div>
133
+ <p class="description"><?php _e('NOTE: If you are currently logged in as "admin" you will be automatically logged out after changing your username and will be required to log back in.', 'all-in-one-wp-security-and-firewall')?></p>
134
+ </form>
135
+ <?php
136
+ }
137
+ else
138
+ {
139
+ echo '<div id="aios_message" class="aio_green_box"><p><strong>';
140
+ _e ('No action required! ', 'all-in-one-wp-security-and-firewall');
141
+ echo '</strong><br />';
142
+ _e ('Your site does not have any account which uses the default "admin" username. ', 'all-in-one-wp-security-and-firewall');
143
+ _e ('This is good security practice.', 'all-in-one-wp-security-and-firewall');
144
+ echo '</p></div>';
145
+ }
146
+ ?>
147
+ </div>
148
+ </div>
149
+ <?php
150
+ }
151
+
152
+ function render_tab2()
153
+ {
154
+ ?>
155
+ <h2><?php _e('Display Name Security', 'all-in-one-wp-security-and-firewall')?></h2>
156
+ <div class="aio_blue_box">
157
+ <?php
158
+ echo '<p>'.__('When you submit a post or answer a comment, WordPress will usually display your "nickname".', 'all-in-one-wp-security-and-firewall').'
159
+ <br />'.__('By default the nickname is set to the login (or user) name of your account.', 'all-in-one-wp-security-and-firewall').'
160
+ <br />'.__('From a security perspective, leaving your nickname the same as your user name is bad practice because it gives a hacker at least half of your account\'s login credentials.', 'all-in-one-wp-security-and-firewall').'
161
+ <br /><br />'.__('Therefore to further tighten your site\'s security you are advised to change your <strong>nickname</strong> and <strong>Display name</strong> to be different from your <strong>Username</strong>.', 'all-in-one-wp-security-and-firewall').'
162
+ </p>';
163
+ ?>
164
+ </div>
165
+
166
+ <div class="postbox">
167
+ <h3 class="hndle"><label for="title"><?php _e('Modify Accounts With Identical Login Name & Display Name', 'all-in-one-wp-security-and-firewall')?></label></h3>
168
+ <div class="inside">
169
+ <?php
170
+ global $aiowps_feature_mgr;
171
+ $aiowps_feature_mgr->output_feature_details_badge("user-accounts-display-name");
172
+
173
+ //now let's find any accounts which have login name same as display name
174
+ $login_nick_name_accounts = AIOWPSecurity_Utility::check_identical_login_and_nick_names();
175
+ if ($login_nick_name_accounts) {
176
+ echo '<div class="aio_red_box"><p>'.__('Your site currently has the following accounts which have an identical login name and display name.', 'all-in-one-wp-security-and-firewall').'
177
+ <span class="description">('.__('Click on the link to edit the settings of that particular user account', 'all-in-one-wp-security-and-firewall').'</span></p></div>';
178
+ ?>
179
+ <table class="form-table">
180
+ <?php
181
+ $edit_user_page = get_option('siteurl').'/wp-admin/user-edit.php?user_id=';
182
+ foreach ($login_nick_name_accounts as $usr){
183
+ echo '<tr valign="top">';
184
+ // echo '<th scope="row"><label for="UserID'.$usr['ID'].'"> Login Name: </label></th>';
185
+ echo '<td><a href="'.$edit_user_page.$usr['ID'].'" target="_blank">'.$usr['user_login'].'</a></td>';
186
+ echo '</tr>';
187
+ }
188
+ ?>
189
+ </table>
190
+ <?php
191
+ } else {
192
+ echo '<div id="aios_message" class="aio_green_box"><p><strong>'.__('No action required.', 'all-in-one-wp-security-and-firewall').'</strong>
193
+ <br />'.__('Your site does not have a user account where the display name is identical to the username.', 'all-in-one-wp-security-and-firewall').'</p></div>';
194
+ }
195
+ ?>
196
+ </div>
197
+ </div>
198
+ <?php
199
+ }
200
+
201
+ function render_tab3()
202
+ {
203
+ ?>
204
+ <h2><?php _e('Password Tool', 'all-in-one-wp-security-and-firewall')?></h2>
205
+ <div class="aio_blue_box">
206
+ <?php
207
+ echo '<p>'.__('Poor password selection is one of the most common weak points of many sites and is usually the first thing a hacker will try to exploit when attempting to break into your site.', 'all-in-one-wp-security-and-firewall').'</p>'.
208
+ '<p>'.__('Many people fall into the trap of using a simple word or series of numbers as their password. Such a predictable and simple password would take a competent hacker merely minutes to guess your password by using a simple script which cycles through the easy and most common combinations.', 'all-in-one-wp-security-and-firewall').'</p>'.
209
+ '<p>'.__('The longer and more complex your password is the harder it is for hackers to "crack" because more complex passwords require much greater computing power and time.', 'all-in-one-wp-security-and-firewall').'</p>'.
210
+ '<p>'.__('This section contains a useful password strength tool which you can use to check whether your password is sufficiently strong enough.', 'all-in-one-wp-security-and-firewall').'</p>';
211
+ ?>
212
+ </div>
213
+
214
+ <div class="postbox">
215
+ <h3 class="hndle"><label for="title"><?php _e('Password Strength Tool', 'all-in-one-wp-security-and-firewall');?></label></h3>
216
+ <div class="inside">
217
+ <div class="aio_grey_box aio_half_width"><p><?php _e('This password tool uses an algorithm which calculates how long it would take for your password to be cracked using the computing power of an off-the-shelf current model desktop PC with high end processor, graphics card and appropriate password cracking software.', 'all-in-one-wp-security-and-firewall');?></p></div>
218
+ <div class="aiowps_password_tool_field">
219
+ <input size="40" id="aiowps_password_test" name="aiowps_password_test" type="text" />
220
+ <div class="description"><?php _e('Start typing a password.', 'all-in-one-wp-security-and-firewall'); ?></div>
221
+ </div>
222
+ <div id="aiowps_pw_tool_main">
223
+ <div class="aiowps_password_crack_info_text"><?php _e('It would take a desktop PC approximately', 'all-in-one-wp-security-and-firewall'); ?>
224
+ <div id="aiowps_password_crack_time_calculation"><?php _e('1 sec', 'all-in-one-wp-security-and-firewall'); ?></div> <?php _e('to crack your password!', 'all-in-one-wp-security-and-firewall'); ?></div>
225
+ <!-- The rotating arrow -->
226
+ <div class="arrowCap"></div>
227
+ <div class="arrow"></div>
228
+
229
+ <p class="meterText"><?php _e('Password Strength', 'all-in-one-wp-security-and-firewall'); ?></p>
230
+ </div>
231
+ </div>
232
+ </div>
233
+ <?php
234
+ }
235
+
236
+ function validate_change_username_form()
237
+ {
238
+ global $wpdb;
239
+ global $aio_wp_security;
240
+ $errors = '';
241
+ $nonce=$_REQUEST['_wpnonce'];
242
+ if (!wp_verify_nonce($nonce, 'aiowpsec-change-admin-nonce'))
243
+ {
244
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed on admin username change operation!",4);
245
+ die(__('Nonce check failed on admin username change operation!','all-in-one-wp-security-and-firewall'));
246
+ }
247
+ if (!empty($_POST['aiowps_new_user_name'])) {
248
+ $new_username = sanitize_text_field($_POST['aiowps_new_user_name']);
249
+ if (validate_username($new_username))
250
+ {
251
+ if (AIOWPSecurity_Utility::check_user_exists($new_username)){
252
+ $errors .= __('Username ', 'all-in-one-wp-security-and-firewall').$new_username.__(' already exists. Please enter another value. ', 'all-in-one-wp-security-and-firewall');
253
+ }
254
+ else
255
+ {
256
+ //let's check if currently logged in username is 'admin'
257
+ $user = wp_get_current_user();
258
+ $user_login = $user->user_login;
259
+ if (strtolower($user_login) == 'admin'){
260
+ $username_is_admin = TRUE;
261
+ } else {
262
+ $username_is_admin = FALSE;
263
+ }
264
+ //Now let's change the username
265
+ $sql = $wpdb->prepare( "UPDATE `" . $wpdb->users . "` SET user_login = '" . esc_sql($new_username) . "' WHERE user_login=%s", "admin" );
266
+ $result = $wpdb->query($sql);
267
+ if (!$result) {
268
+ //There was an error updating the users table
269
+ $user_update_error = __('The database update operation of the user account failed!', 'all-in-one-wp-security-and-firewall');
270
+ //TODO## - add error logging here
271
+ $return_msg = '<div id="message" class="updated fade"><p>'.$user_update_error.'</p></div>';
272
+ return $return_msg;
273
+ }
274
+
275
+ //multisite considerations
276
+ if ( AIOWPSecurity_Utility::is_multisite_install() ) { //process sitemeta if we're in a multi-site situation
277
+ $oldAdmins = $wpdb->get_var( "SELECT meta_value FROM `" . $wpdb->sitemeta . "` WHERE meta_key = 'site_admins'" );
278
+ $newAdmins = str_replace( '5:"admin"', strlen( $new_username ) . ':"' . esc_sql( $new_username ) . '"', $oldAdmins );
279
+ $wpdb->query( "UPDATE `" . $wpdb->sitemeta . "` SET meta_value = '" . esc_sql( $newAdmins ) . "' WHERE meta_key = 'site_admins'" );
280
+ }
281
+
282
+ //If user is logged in with username "admin" then log user out and send to login page so they can login again
283
+ if ($username_is_admin) {
284
+ //Lets logout the user
285
+ $aio_wp_security->debug_logger->log_debug("Logging User Out with login ".$user_login. " because they changed their username.");
286
+ $after_logout_url = AIOWPSecurity_Utility::get_current_page_url();
287
+ $after_logout_payload = array('redirect_to'=>$after_logout_url, 'msg'=>$aio_wp_security->user_login_obj->key_login_msg.'=admin_user_changed', );
288
+ //Save some of the logout redirect data to a transient
289
+ AIOWPSecurity_Utility::is_multisite_install() ? set_site_transient('aiowps_logout_payload', $after_logout_payload, 30 * 60) : set_transient('aiowps_logout_payload', $after_logout_payload, 30 * 60);
290
+
291
+ $logout_url = AIOWPSEC_WP_URL.'?aiowpsec_do_log_out=1';
292
+ $logout_url = AIOWPSecurity_Utility::add_query_data_to_url($logout_url, 'al_additional_data', '1');
293
+ AIOWPSecurity_Utility::redirect_to_url($logout_url);
294
+ }
295
+ }
296
+ }
297
+ else {//An invalid username was entered
298
+ $errors .= __('You entered an invalid username. Please enter another value. ', 'all-in-one-wp-security-and-firewall');
299
+ }
300
+ }
301
+ else {//No username value was entered
302
+ $errors .= __('Please enter a value for your username. ', 'all-in-one-wp-security-and-firewall');
303
+ }
304
+
305
+ if (strlen($errors)> 0){//We have some validation or other error
306
+ $return_msg = '<div id="message" class="error"><p>' . $errors . '</p></div>';
307
+ }
308
+ else{
309
+ $return_msg = '<div id="message" class="updated fade"><p>'.__('Username Successfully Changed!', 'all-in-one-wp-security-and-firewall').'</p></div>';
310
+ }
311
+ return $return_msg;
312
+ }
313
+
314
+
315
+ /*
316
+ * This function will retrieve all user accounts which have 'administrator' role and will return html code with results in a table
317
+ */
318
+ function get_all_admin_accounts($blog_id='') {
319
+ //TODO: Have included the "blog_id" variable for future use for cases where people want to search particular blog (eg, multi-site)
320
+ if ($blog_id) {
321
+ $admin_users = get_users('blog_id='.$blog_id.'&orderby=login&role=administrator');
322
+ } else {
323
+ $admin_users = get_users('orderby=login&role=administrator');
324
+ }
325
+ //now let's put the results in an HTML table
326
+ $account_output = "";
327
+ if ($admin_users != NULL) {
328
+ $account_output .= '<table>';
329
+ $account_output .= '<tr><th>'.__('Account Login Name', 'all-in-one-wp-security-and-firewall').'</th></tr>';
330
+ foreach ($admin_users as $entry) {
331
+ $account_output .= '<tr>';
332
+ if (strtolower($entry->user_login) == 'admin') {
333
+ $account_output .= '<td style="color:red; font-weight: bold;">'.$entry->user_login.'</td>';
334
+ }else {
335
+ $account_output .= '<td>'.$entry->user_login.'</td>';
336
+ }
337
+ $user_acct_edit_link = admin_url('user-edit.php?user_id=' . $entry->ID);
338
+ $account_output .= '<td><a href="'.$user_acct_edit_link.'" target="_blank">'.__('Edit User', 'all-in-one-wp-security-and-firewall').'</a></td>';
339
+ $account_output .= '</tr>';
340
+ }
341
+ $account_output .= '</table>';
342
+ }
343
+ return $account_output;
344
+ }
345
  } //end class
admin/wp-security-user-login-menu.php CHANGED
@@ -1,672 +1,673 @@
1
- <?php
2
- if(!defined('ABSPATH')){
3
- exit;//Exit if accessed directly
4
- }
5
-
6
- class AIOWPSecurity_User_Login_Menu extends AIOWPSecurity_Admin_Menu
7
- {
8
- var $menu_page_slug = AIOWPSEC_USER_LOGIN_MENU_SLUG;
9
-
10
- /* Specify all the tabs of this menu in the following array */
11
- var $menu_tabs;
12
- var $menu_tabs_handler = array(
13
- 'tab1' => 'render_tab1',
14
- 'tab2' => 'render_tab2',
15
- 'tab3' => 'render_tab3',
16
- 'tab4' => 'render_tab4',
17
- 'tab5' => 'render_tab5',
18
- );
19
-
20
- function __construct()
21
- {
22
- $this->render_menu_page();
23
- }
24
-
25
- function set_menu_tabs()
26
- {
27
- $this->menu_tabs = array(
28
- 'tab1' => __('Login Lockdown', 'all-in-one-wp-security-and-firewall'),
29
- 'tab2' => __('Failed Login Records', 'all-in-one-wp-security-and-firewall'),
30
- 'tab3' => __('Force Logout', 'all-in-one-wp-security-and-firewall'),
31
- 'tab4' => __('Account Activity Logs', 'all-in-one-wp-security-and-firewall'),
32
- 'tab5' => __('Logged In Users', 'all-in-one-wp-security-and-firewall'),
33
- );
34
- }
35
-
36
- function get_current_tab()
37
- {
38
- $tab_keys = array_keys($this->menu_tabs);
39
- $tab = isset( $_GET['tab'] ) ? sanitize_text_field($_GET['tab']) : $tab_keys[0];
40
- return $tab;
41
- }
42
-
43
- /*
44
- * Renders our tabs of this menu as nav items
45
- */
46
- function render_menu_tabs()
47
- {
48
- $current_tab = $this->get_current_tab();
49
-
50
- echo '<h2 class="nav-tab-wrapper">';
51
- foreach ( $this->menu_tabs as $tab_key => $tab_caption )
52
- {
53
- $active = $current_tab == $tab_key ? 'nav-tab-active' : '';
54
- echo '<a class="nav-tab ' . $active . '" href="?page=' . $this->menu_page_slug . '&tab=' . $tab_key . '">' . $tab_caption . '</a>';
55
- }
56
- echo '</h2>';
57
- }
58
-
59
- /*
60
- * The menu rendering goes here
61
- */
62
- function render_menu_page()
63
- {
64
- echo '<div class="wrap">';
65
- echo '<h2>'.__('User Login','all-in-one-wp-security-and-firewall').'</h2>';//Interface title
66
- $this->set_menu_tabs();
67
- $tab = $this->get_current_tab();
68
- $this->render_menu_tabs();
69
- ?>
70
- <div id="poststuff"><div id="post-body">
71
- <?php
72
- //$tab_keys = array_keys($this->menu_tabs);
73
- call_user_func(array(&$this, $this->menu_tabs_handler[$tab]));
74
- ?>
75
- </div></div>
76
- </div><!-- end of wrap -->
77
- <?php
78
- }
79
-
80
- function render_tab1()
81
- {
82
- global $aio_wp_security;
83
- global $aiowps_feature_mgr;
84
- include_once 'wp-security-list-locked-ip.php'; //For rendering the AIOWPSecurity_List_Table in tab1
85
- $locked_ip_list = new AIOWPSecurity_List_Locked_IP(); //For rendering the AIOWPSecurity_List_Table in tab1
86
-
87
- if(isset($_POST['aiowps_login_lockdown']))//Do form submission tasks
88
- {
89
- $error = '';
90
- $nonce=$_REQUEST['_wpnonce'];
91
- if (!wp_verify_nonce($nonce, 'aiowpsec-login-lockdown-nonce'))
92
- {
93
- $aio_wp_security->debug_logger->log_debug("Nonce check failed on login lockdown options save!",4);
94
- die("Nonce check failed on login lockdown options save!");
95
- }
96
-
97
- $max_login_attempt_val = sanitize_text_field($_POST['aiowps_max_login_attempts']);
98
- if(!is_numeric($max_login_attempt_val))
99
- {
100
- $error .= '<br />'.__('You entered a non numeric value for the max login attempts field. It has been set to the default value.','all-in-one-wp-security-and-firewall');
101
- $max_login_attempt_val = '3';//Set it to the default value for this field
102
- }
103
-
104
- $login_retry_time_period = sanitize_text_field($_POST['aiowps_retry_time_period']);
105
- if(!is_numeric($login_retry_time_period))
106
- {
107
- $error .= '<br />'.__('You entered a non numeric value for the login retry time period field. It has been set to the default value.','all-in-one-wp-security-and-firewall');
108
- $login_retry_time_period = '5';//Set it to the default value for this field
109
- }
110
-
111
- $lockout_time_length = sanitize_text_field($_POST['aiowps_lockout_time_length']);
112
- if(!is_numeric($lockout_time_length))
113
- {
114
- $error .= '<br />'.__('You entered a non numeric value for the lockout time length field. It has been set to the default value.','all-in-one-wp-security-and-firewall');
115
- $lockout_time_length = '60';//Set it to the default value for this field
116
- }
117
-
118
- $email_address = sanitize_email($_POST['aiowps_email_address']);
119
- if(!is_email($email_address))
120
- {
121
- $error .= '<br />'.__('You have entered an incorrect email address format. It has been set to your WordPress admin email as default.','all-in-one-wp-security-and-firewall');
122
- $email_address = get_bloginfo('admin_email'); //Set the default value to the blog admin email
123
- }
124
-
125
- // Instantly lockout specific usernames
126
- $_ilsu = isset($_POST['aiowps_instantly_lockout_specific_usernames']) ? $_POST['aiowps_instantly_lockout_specific_usernames'] : '';
127
- // Read into array, sanitize, filter empty and keep only unique usernames.
128
- $instantly_lockout_specific_usernames
129
- = array_unique(
130
- array_filter(
131
- array_map(
132
- 'sanitize_user',
133
- AIOWPSecurity_Utility::explode_trim_filter_empty($_ilsu)
134
- ),
135
- 'strlen'
136
- )
137
- )
138
- ;
139
-
140
- if($error)
141
- {
142
- $this->show_msg_error(__('Attention!','all-in-one-wp-security-and-firewall').$error);
143
- }
144
-
145
- //Save all the form values to the options
146
- $random_20_digit_string = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(20); //Generate random 20 char string for use during captcha encode/decode
147
- $aio_wp_security->configs->set_value('aiowps_unlock_request_secret_key', $random_20_digit_string);
148
-
149
- $aio_wp_security->configs->set_value('aiowps_enable_login_lockdown',isset($_POST["aiowps_enable_login_lockdown"])?'1':'');
150
- $aio_wp_security->configs->set_value('aiowps_allow_unlock_requests',isset($_POST["aiowps_allow_unlock_requests"])?'1':'');
151
- $aio_wp_security->configs->set_value('aiowps_max_login_attempts',absint($max_login_attempt_val));
152
- $aio_wp_security->configs->set_value('aiowps_retry_time_period',absint($login_retry_time_period));
153
- $aio_wp_security->configs->set_value('aiowps_lockout_time_length',absint($lockout_time_length));
154
- $aio_wp_security->configs->set_value('aiowps_set_generic_login_msg',isset($_POST["aiowps_set_generic_login_msg"])?'1':'');
155
- $aio_wp_security->configs->set_value('aiowps_enable_invalid_username_lockdown',isset($_POST["aiowps_enable_invalid_username_lockdown"])?'1':'');
156
- $aio_wp_security->configs->set_value('aiowps_instantly_lockout_specific_usernames', $instantly_lockout_specific_usernames);
157
- $aio_wp_security->configs->set_value('aiowps_enable_email_notify',isset($_POST["aiowps_enable_email_notify"])?'1':'');
158
- $aio_wp_security->configs->set_value('aiowps_email_address',$email_address);
159
- $aio_wp_security->configs->save_config();
160
-
161
- //Recalculate points after the feature status/options have been altered
162
- $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
163
-
164
- $this->show_msg_settings_updated();
165
- }
166
-
167
-
168
- if(isset($_REQUEST['action'])) //Do list table form row action tasks
169
- {
170
- if($_REQUEST['action'] == 'delete_blocked_ip'){ //Delete link was clicked for a row in list table
171
- $locked_ip_list->delete_lockdown_records(strip_tags($_REQUEST['lockdown_id']));
172
- }
173
-
174
- if($_REQUEST['action'] == 'unlock_ip'){ //Unlock link was clicked for a row in list table
175
- $locked_ip_list->unlock_ip_range(strip_tags($_REQUEST['lockdown_id']));
176
- }
177
- }
178
-
179
- //login lockdown whitelist settings
180
- $result = 1;
181
- if (isset($_POST['aiowps_save_lockdown_whitelist_settings']))
182
- {
183
- $nonce=$_REQUEST['_wpnonce'];
184
- if (!wp_verify_nonce($nonce, 'aiowpsec-lockdown-whitelist-settings-nonce'))
185
- {
186
- $aio_wp_security->debug_logger->log_debug("Nonce check failed for save lockdown whitelist settings!",4);
187
- die(__('Nonce check failed for save lockdown whitelist settings!','aiowpsecurity'));
188
- }
189
-
190
- if (isset($_POST["aiowps_lockdown_enable_whitelisting"]) && empty($_POST['aiowps_lockdown_allowed_ip_addresses']))
191
- {
192
- $this->show_msg_error('You must submit at least one IP address!','aiowpsecurity');
193
- }
194
- else
195
- {
196
- if (!empty($_POST['aiowps_lockdown_allowed_ip_addresses']))
197
- {
198
- $ip_addresses = $_POST['aiowps_lockdown_allowed_ip_addresses'];
199
- $ip_list_array = AIOWPSecurity_Utility_IP::create_ip_list_array_from_string_with_newline($ip_addresses);
200
- $payload = AIOWPSecurity_Utility_IP::validate_ip_list($ip_list_array, 'whitelist');
201
- if($payload[0] == 1){
202
- //success case
203
- $result = 1;
204
- $list = $payload[1];
205
- $allowed_ip_data = implode(PHP_EOL, $list);
206
- $aio_wp_security->configs->set_value('aiowps_lockdown_allowed_ip_addresses', $allowed_ip_data);
207
- $_POST['aiowps_lockdown_allowed_ip_addresses'] = ''; //Clear the post variable for the allowed address list
208
- }
209
- else{
210
- $result = -1;
211
- $error_msg = $payload[1][0];
212
- $this->show_msg_error($error_msg);
213
- }
214
- }
215
- else
216
- {
217
- $aio_wp_security->configs->set_value('aiowps_lockdown_allowed_ip_addresses',''); //Clear the IP address config value
218
- }
219
-
220
- if ($result == 1)
221
- {
222
- $aio_wp_security->configs->set_value('aiowps_lockdown_enable_whitelisting',isset($_POST["aiowps_lockdown_enable_whitelisting"])?'1':'');
223
- $aio_wp_security->configs->save_config(); //Save the configuration
224
-
225
- $this->show_msg_settings_updated();
226
- }
227
- }
228
- }
229
- ?>
230
- <h2><?php _e('Login Lockdown Configuration', 'all-in-one-wp-security-and-firewall')?></h2>
231
- <div class="aio_blue_box">
232
- <?php
233
- $brute_force_login_feature_link = '<a href="admin.php?page='.AIOWPSEC_BRUTE_FORCE_MENU_SLUG.'&tab=tab2">'.__('Cookie-Based Brute Force Login Prevention', 'all-in-one-wp-security-and-firewall').'</a>';
234
- echo '<p>'.__('One of the ways hackers try to compromise sites is via a ', 'all-in-one-wp-security-and-firewall').'<strong>'.__('Brute Force Login Attack', 'all-in-one-wp-security-and-firewall').'</strong>. '.__('This is where attackers use repeated login attempts until they guess the password.', 'all-in-one-wp-security-and-firewall').'
235
- <br />'.__('Apart from choosing strong passwords, monitoring and blocking IP addresses which are involved in repeated login failures in a short period of time is a very effective way to stop these types of attacks.', 'all-in-one-wp-security-and-firewall').
236
- '<p>'.sprintf( esc_html(__('You may also want to checkout our %s feature for another secure way to protect against these types of attacks.', 'all-in-one-wp-security-and-firewall')), $brute_force_login_feature_link).'</p>';
237
- ?>
238
- </div>
239
-
240
- <div class="postbox">
241
- <h3 class="hndle"><label for="title"><?php _e('Login Lockdown Options', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
242
- <div class="inside">
243
- <?php
244
- //Display security info badge
245
- $aiowps_feature_mgr->output_feature_details_badge("user-login-login-lockdown");
246
- ?>
247
-
248
- <form action="" method="POST">
249
- <?php wp_nonce_field('aiowpsec-login-lockdown-nonce'); ?>
250
- <table class="form-table">
251
- <tr valign="top">
252
- <th scope="row"><?php _e('Enable Login Lockdown Feature', 'all-in-one-wp-security-and-firewall')?>:</th>
253
- <td>
254
- <input name="aiowps_enable_login_lockdown" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_login_lockdown')=='1') echo ' checked="checked"'; ?> value="1"/>
255
- <span class="description"><?php _e('Check this if you want to enable the login lockdown feature and apply the settings below', 'all-in-one-wp-security-and-firewall'); ?></span>
256
- </td>
257
- </tr>
258
- <tr valign="top">
259
- <th scope="row"><?php _e('Allow Unlock Requests', 'all-in-one-wp-security-and-firewall')?>:</th>
260
- <td>
261
- <input name="aiowps_allow_unlock_requests" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_allow_unlock_requests')=='1') echo ' checked="checked"'; ?> value="1"/>
262
- <span class="description"><?php _e('Check this if you want to allow users to generate an automated unlock request link which will unlock their account', 'all-in-one-wp-security-and-firewall'); ?></span>
263
- </td>
264
- </tr>
265
- <tr valign="top">
266
- <th scope="row"><?php _e('Max Login Attempts', 'all-in-one-wp-security-and-firewall')?>:</th>
267
- <td><input type="text" size="5" name="aiowps_max_login_attempts" value="<?php echo esc_html($aio_wp_security->configs->get_value('aiowps_max_login_attempts')); ?>" />
268
- <span class="description"><?php _e('Set the value for the maximum login retries before IP address is locked out', 'all-in-one-wp-security-and-firewall'); ?></span>
269
- </td>
270
- </tr>
271
- <tr valign="top">
272
- <th scope="row"><?php _e('Login Retry Time Period (min)', 'all-in-one-wp-security-and-firewall')?>:</th>
273
- <td><input type="text" size="5" name="aiowps_retry_time_period" value="<?php echo esc_html($aio_wp_security->configs->get_value('aiowps_retry_time_period')); ?>" />
274
- <span class="description"><?php _e('If the maximum number of failed login attempts for a particular IP address occur within this time period the plugin will lock out that address', 'all-in-one-wp-security-and-firewall'); ?></span>
275
- </td>
276
- </tr>
277
- <tr valign="top">
278
- <th scope="row"><?php _e('Time Length of Lockout (min)', 'all-in-one-wp-security-and-firewall')?>:</th>
279
- <td><input type="text" size="5" name="aiowps_lockout_time_length" value="<?php echo esc_html($aio_wp_security->configs->get_value('aiowps_lockout_time_length')); ?>" />
280
- <span class="description"><?php _e('Set the length of time for which a particular IP address will be prevented from logging in', 'all-in-one-wp-security-and-firewall'); ?></span>
281
- </td>
282
- </tr>
283
- <tr valign="top">
284
- <th scope="row"><?php _e('Display Generic Error Message', 'all-in-one-wp-security-and-firewall')?>:</th>
285
- <td>
286
- <input name="aiowps_set_generic_login_msg" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_set_generic_login_msg')=='1') echo ' checked="checked"'; ?> value="1"/>
287
- <span class="description"><?php _e('Check this if you want to show a generic error message when a login attempt fails', 'all-in-one-wp-security-and-firewall'); ?></span>
288
- </td>
289
- </tr>
290
- <tr valign="top">
291
- <th scope="row"><?php _e('Instantly Lockout Invalid Usernames', 'all-in-one-wp-security-and-firewall')?>:</th>
292
- <td>
293
- <input name="aiowps_enable_invalid_username_lockdown" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_invalid_username_lockdown')=='1') echo ' checked="checked"'; ?> value="1"/>
294
- <span class="description"><?php _e('Check this if you want to instantly lockout login attempts with usernames which do not exist on your system', 'all-in-one-wp-security-and-firewall'); ?></span>
295
- </td>
296
- </tr>
297
- <tr valign="top">
298
- <th scope="row"><?php _e('Instantly Lockout Specific Usernames', 'all-in-one-wp-security-and-firewall')?>:</th>
299
- <td>
300
- <?php
301
- $instant_lockout_users_list = $aio_wp_security->configs->get_value('aiowps_instantly_lockout_specific_usernames');
302
- if(empty($instant_lockout_users_list)){
303
- $instant_lockout_users_list = array();
304
- }
305
- ?>
306
- <textarea name="aiowps_instantly_lockout_specific_usernames" cols="50" rows="5"><?php echo esc_textarea(implode(PHP_EOL, $instant_lockout_users_list)); ?></textarea><br>
307
- <span class="description"><?php _e('Insert one username per line. Existing usernames are not blocked even if present in the list.', 'all-in-one-wp-security-and-firewall'); ?></span>
308
- </td>
309
- </tr>
310
- <tr valign="top">
311
- <th scope="row"><?php _e('Notify By Email', 'all-in-one-wp-security-and-firewall')?>:</th>
312
- <td>
313
- <input name="aiowps_enable_email_notify" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_email_notify')=='1') echo ' checked="checked"'; ?> value="1"/>
314
- <span class="description"><?php _e('Check this if you want to receive an email when someone has been locked out due to maximum failed login attempts', 'all-in-one-wp-security-and-firewall'); ?></span>
315
- <br /><input type="text" size="30" name="aiowps_email_address" value="<?php echo esc_html($aio_wp_security->configs->get_value('aiowps_email_address')); ?>" />
316
- <span class="description"><?php _e('Enter an email address', 'all-in-one-wp-security-and-firewall'); ?></span>
317
- </td>
318
- </tr>
319
- </table>
320
- <input type="submit" name="aiowps_login_lockdown" value="<?php _e('Save Settings', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
321
- </form>
322
- </div></div>
323
- <div class="postbox">
324
- <h3 class="hndle"><label for="title"><?php _e('Currently Locked Out IP Address Ranges', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
325
- <div class="inside">
326
- <div class="aio_blue_box aio_width_80">
327
- <?php
328
- $locked_ips_link = '<a href="admin.php?page='.AIOWPSEC_MAIN_MENU_SLUG.'&tab=tab3">Locked IP Addresses</a>';
329
- echo '<p>'.sprintf( __('To see a list of all locked IP addresses and ranges go to the %s tab in the dashboard menu.', 'all-in-one-wp-security-and-firewall'), $locked_ips_link).'</p>';
330
- ?>
331
- </div>
332
- </div></div>
333
- <div class="postbox">
334
- <h3 class="hndle"><label for="title"><?php _e('Login Lockdown IP Whitelist Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
335
- <div class="inside">
336
- <form action="" method="POST">
337
- <?php wp_nonce_field('aiowpsec-lockdown-whitelist-settings-nonce'); ?>
338
- <table class="form-table">
339
- <tr valign="top">
340
- <th scope="row"><?php _e('Enable Login Lockdown IP Whitelist', 'all-in-one-wp-security-and-firewall')?>:</th>
341
- <td>
342
- <input name="aiowps_lockdown_enable_whitelisting" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_lockdown_enable_whitelisting')=='1') echo ' checked="checked"'; ?> value="1"/>
343
- <span class="description"><?php _e('Check this if you want to enable the whitelisting of selected IP addresses specified in the settings below', 'all-in-one-wp-security-and-firewall'); ?></span>
344
- </td>
345
- </tr>
346
- <tr valign="top">
347
- <th scope="row"><?php _e('Enter Whitelisted IP Addresses:', 'all-in-one-wp-security-and-firewall')?></th>
348
- <td>
349
- <textarea name="aiowps_lockdown_allowed_ip_addresses" rows="5" cols="50"><?php echo ($result == -1)?htmlspecialchars($_POST['aiowps_lockdown_allowed_ip_addresses']):htmlspecialchars($aio_wp_security->configs->get_value('aiowps_lockdown_allowed_ip_addresses')); ?></textarea>
350
- <br />
351
- <span class="description"><?php _e('Enter one or more IP addresses or IP ranges you wish to include in your whitelist. The addresses specified here will never be blocked by the login lockdown feature.','all-in-one-wp-security-and-firewall');?></span>
352
- <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
353
- <div class="aiowps_more_info_body">
354
- <?php
355
- echo '<p class="description">'.__('Each IP address must be on a new line.', 'all-in-one-wp-security-and-firewall').'</p>';
356
- echo '<p class="description">'.__('To specify an IP range use a wildcard "*" character. Acceptable ways to use wildcards is shown in the examples below:', 'all-in-one-wp-security-and-firewall').'</p>';
357
- echo '<p class="description">'.__('Example 1: 195.47.89.*', 'all-in-one-wp-security-and-firewall').'</p>';
358
- echo '<p class="description">'.__('Example 2: 195.47.*.*', 'all-in-one-wp-security-and-firewall').'</p>';
359
- echo '<p class="description">'.__('Example 3: 195.*.*.*', 'all-in-one-wp-security-and-firewall').'</p>';
360
- ?>
361
- </div>
362
-
363
- </td>
364
- </tr>
365
- </table>
366
- <input type="submit" name="aiowps_save_lockdown_whitelist_settings" value="<?php _e('Save Settings', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
367
- </form>
368
- </div></div>
369
-
370
- <?php
371
- }
372
-
373
- function render_tab2()
374
- {
375
- global $aio_wp_security, $wpdb;
376
- if (isset($_POST['aiowps_delete_failed_login_records']))
377
- {
378
- $nonce=$_REQUEST['_wpnonce'];
379
- if (!wp_verify_nonce($nonce, 'aiowpsec-delete-failed-login-records-nonce'))
380
- {
381
- $aio_wp_security->debug_logger->log_debug("Nonce check failed for delete all failed login records operation!",4);
382
- die(__('Nonce check failed for delete all failed login records operation!','all-in-one-wp-security-and-firewall'));
383
- }
384
- $failed_logins_table = AIOWPSEC_TBL_FAILED_LOGINS;
385
- //Delete all records from the failed logins table
386
- $result = $wpdb->query("truncate $failed_logins_table");
387
-
388
- if ($result === FALSE)
389
- {
390
- $aio_wp_security->debug_logger->log_debug("User Login Feature - Delete all failed login records operation failed!",4);
391
- $this->show_msg_error(__('User Login Feature - Delete all failed login records operation failed!','all-in-one-wp-security-and-firewall'));
392
- }
393
- else
394
- {
395
- $this->show_msg_updated(__('All records from the Failed Logins table were deleted successfully!','all-in-one-wp-security-and-firewall'));
396
- }
397
- }
398
-
399
- include_once 'wp-security-list-login-fails.php'; //For rendering the AIOWPSecurity_List_Table in tab2
400
- $failed_login_list = new AIOWPSecurity_List_Login_Failed_Attempts(); //For rendering the AIOWPSecurity_List_Table in tab2
401
- if(isset($_REQUEST['action'])) //Do row action tasks for list table form for failed logins
402
- {
403
- if($_REQUEST['action'] == 'delete_failed_login_rec'){ //Delete link was clicked for a row in list table
404
- $failed_login_list->delete_login_failed_records(strip_tags($_REQUEST['failed_login_id']));
405
- }
406
- }
407
-
408
- AIOWPSecurity_Admin_Menu::display_bulk_result_message();
409
- ?>
410
- <div class="aio_blue_box">
411
- <?php
412
- echo '<p>'.__('This tab displays the failed login attempts for your site.', 'all-in-one-wp-security-and-firewall').'
413
- <br />'.__('The information below can be handy if you need to do security investigations because it will show you the IP range, username and ID (if applicable) and the time/date of the failed login attempt.', 'all-in-one-wp-security-and-firewall').'
414
- </p>';
415
- ?>
416
- </div>
417
- <div class="postbox">
418
- <h3 class="hndle"><label for="title"><?php _e('Failed Login Records', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
419
- <div class="inside">
420
- <?php
421
- //Fetch, prepare, sort, and filter our data...
422
- $failed_login_list->prepare_items();
423
- //echo "put table of locked entries here";
424
- ?>
425
- <form id="tables-filter" method="get">
426
- <!-- For plugins, we also need to ensure that the form posts back to our current page -->
427
- <input type="hidden" name="page" value="<?php echo esc_attr($_REQUEST['page']); ?>" />
428
- <?php
429
- $failed_login_list->search_box(__('Search', 'all-in-one-wp-security-and-firewall'), 'search_failed_login');
430
- if (isset($_REQUEST["tab"])) {
431
- echo '<input type="hidden" name="tab" value="' . esc_attr($_REQUEST["tab"]) . '" />';
432
- }
433
- ?>
434
- <!-- Now we can render the completed list table -->
435
- <?php $failed_login_list->display(); ?>
436
- </form>
437
- </div></div>
438
- <div class="postbox">
439
- <h3 class="hndle"><label for="title"><?php _e('Export to CSV', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
440
- <div class="inside">
441
- <form action="" method="POST">
442
- <?php wp_nonce_field('aiowpsec-export-failed-login-records-to-csv-nonce'); ?>
443
- <table class="form-table">
444
- <tr valign="top">
445
- <span class="description"><?php _e('Click this button if you wish to download this log in CSV format.', 'all-in-one-wp-security-and-firewall'); ?></span>
446
- </tr>
447
- </table>
448
- <input type="submit" name="aiowps_export_failed_login_records_to_csv" value="<?php _e('Export to CSV', 'all-in-one-wp-security-and-firewall')?>" class="button-primary"/>
449
- </form>
450
- </div></div>
451
- <div class="postbox">
452
- <h3 class="hndle"><label for="title"><?php _e('Delete All Failed Login Records', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
453
- <div class="inside">
454
- <form action="" method="POST">
455
- <?php wp_nonce_field('aiowpsec-delete-failed-login-records-nonce'); ?>
456
- <table class="form-table">
457
- <tr valign="top">
458
- <span class="description"><?php _e('Click this button if you wish to delete all failed login records in one go.', 'all-in-one-wp-security-and-firewall'); ?></span>
459
- </tr>
460
- </table>
461
- <input type="submit" name="aiowps_delete_failed_login_records" value="<?php _e('Delete All Failed Login Records', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" onclick="return confirm('Are you sure you want to delete all records?')"/>
462
- </form>
463
- </div></div>
464
-
465
- <?php
466
- }
467
-
468
- function render_tab3()
469
- {
470
- global $aio_wp_security;
471
- global $aiowps_feature_mgr;
472
-
473
- if(isset($_POST['aiowpsec_save_force_logout_settings']))//Do form submission tasks
474
- {
475
- $error = '';
476
- $nonce=$_REQUEST['_wpnonce'];
477
- if (!wp_verify_nonce($nonce, 'aiowpsec-force-logout-settings-nonce'))
478
- {
479
- $aio_wp_security->debug_logger->log_debug("Nonce check failed on force logout options save!",4);
480
- die("Nonce check failed on force logout options save!");
481
- }
482
-
483
- $logout_time_period = sanitize_text_field($_POST['aiowps_logout_time_period']);
484
- if(!is_numeric($logout_time_period))
485
- {
486
- $error .= '<br />'.__('You entered a non numeric value for the logout time period field. It has been set to the default value.','all-in-one-wp-security-and-firewall');
487
- $logout_time_period = '1';//Set it to the default value for this field
488
- }
489
- else
490
- {
491
- if($logout_time_period < 1){
492
- $logout_time_period = '1';
493
- }
494
- }
495
-
496
- if($error)
497
- {
498
- $this->show_msg_error(__('Attention!','all-in-one-wp-security-and-firewall').$error);
499
- }
500
-
501
- //Save all the form values to the options
502
- $aio_wp_security->configs->set_value('aiowps_logout_time_period',absint($logout_time_period));
503
- $aio_wp_security->configs->set_value('aiowps_enable_forced_logout',isset($_POST["aiowps_enable_forced_logout"])?'1':'');
504
- $aio_wp_security->configs->save_config();
505
-
506
- //Recalculate points after the feature status/options have been altered
507
- $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
508
-
509
- $this->show_msg_settings_updated();
510
- }
511
- ?>
512
- <div class="aio_blue_box">
513
- <?php
514
- echo '<p>'.__('Setting an expiry period for your WP administration session is a simple way to protect against unauthorized access to your site from your computer.', 'all-in-one-wp-security-and-firewall').'
515
- <br />'.__('This feature allows you to specify a time period in minutes after which the admin session will expire and the user will be forced to log back in.', 'all-in-one-wp-security-and-firewall').'
516
- </p>';
517
- ?>
518
- </div>
519
- <div class="postbox">
520
- <h3 class="hndle"><label for="title"><?php _e('Force User Logout Options', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
521
- <div class="inside">
522
- <?php
523
- //Display security info badge
524
- global $aiowps_feature_mgr;
525
- $aiowps_feature_mgr->output_feature_details_badge("user-login-force-logout");
526
- ?>
527
-
528
- <form action="" method="POST">
529
- <?php wp_nonce_field('aiowpsec-force-logout-settings-nonce'); ?>
530
- <table class="form-table">
531
- <tr valign="top">
532
- <th scope="row"><?php _e('Enable Force WP User Logout', 'all-in-one-wp-security-and-firewall')?>:</th>
533
- <td>
534
- <input name="aiowps_enable_forced_logout" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_forced_logout')=='1') echo ' checked="checked"'; ?> value="1"/>
535
- <span class="description"><?php _e('Check this if you want to force a wp user to be logged out after a configured amount of time', 'all-in-one-wp-security-and-firewall'); ?></span>
536
- </td>
537
- </tr>
538
- <tr valign="top">
539
- <th scope="row"><?php _e('Logout the WP User After XX Minutes', 'all-in-one-wp-security-and-firewall')?>:</th>
540
- <td><input type="text" size="5" name="aiowps_logout_time_period" value="<?php echo $aio_wp_security->configs->get_value('aiowps_logout_time_period'); ?>" />
541
- <span class="description"><?php _e('(Minutes) The user will be forced to log back in after this time period has elapased.', 'all-in-one-wp-security-and-firewall'); ?></span>
542
- </td>
543
- </tr>
544
- </table>
545
- <input type="submit" name="aiowpsec_save_force_logout_settings" value="<?php _e('Save Settings', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
546
- </form>
547
- </div></div>
548
- <?php
549
- }
550
-
551
- function render_tab4()
552
- {
553
- include_once 'wp-security-list-acct-activity.php'; //For rendering the AIOWPSecurity_List_Table in tab4
554
- $acct_activity_list = new AIOWPSecurity_List_Account_Activity(); //For rendering the AIOWPSecurity_List_Table in tab2
555
- if(isset($_REQUEST['action'])) //Do row action tasks for list table form for login activity display
556
- {
557
- if($_REQUEST['action'] == 'delete_acct_activity_rec'){ //Delete link was clicked for a row in list table
558
- $acct_activity_list->delete_login_activity_records(strip_tags($_REQUEST['activity_login_rec']));
559
- }
560
- }
561
-
562
- AIOWPSecurity_Admin_Menu::display_bulk_result_message();
563
- ?>
564
- <div class="aio_blue_box">
565
- <?php
566
- echo '<p>'.__('This tab displays the activity for accounts registered with your site that have logged in using the WordPress login form.', 'all-in-one-wp-security-and-firewall').'
567
- <br />'.__('The information below can be handy if you need to do security investigations because it will show you the last 100 recent login events by username, IP address and time/date.', 'all-in-one-wp-security-and-firewall').'
568
- </p>';
569
- ?>
570
- </div>
571
- <div class="postbox">
572
- <h3 class="hndle"><label for="title"><?php _e('Account Activity Logs', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
573
- <div class="inside">
574
- <?php
575
- //Fetch, prepare, sort, and filter our data...
576
- $acct_activity_list->prepare_items();
577
- //echo "put table of locked entries here";
578
- ?>
579
- <form id="tables-filter" method="get">
580
- <!-- For plugins, we also need to ensure that the form posts back to our current page -->
581
- <input type="hidden" name="page" value="<?php echo esc_attr($_REQUEST['page']); ?>" />
582
- <?php
583
- $acct_activity_list->search_box(__('Search', 'all-in-one-wp-security-and-firewall'), 'search_login_activity');
584
- if (isset($_REQUEST["tab"])) {
585
- echo '<input type="hidden" name="tab" value="' . esc_attr($_REQUEST["tab"]) . '" />';
586
- }
587
- ?>
588
- <!-- Now we can render the completed list table -->
589
- <?php $acct_activity_list->display(); ?>
590
- </form>
591
- </div></div>
592
- <div class="postbox">
593
- <h3 class="hndle"><label for="title"><?php _e('Export to CSV', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
594
- <div class="inside">
595
- <form action="" method="POST">
596
- <?php wp_nonce_field('aiowpsec-export-acct-activity-logs-to-csv-nonce'); ?>
597
- <table class="form-table">
598
- <tr valign="top">
599
- <span class="description"><?php _e('Click this button if you wish to download this log in CSV format.', 'all-in-one-wp-security-and-firewall'); ?></span>
600
- </tr>
601
- </table>
602
- <input type="submit" name="aiowpsec_export_acct_activity_logs_to_csv" value="<?php _e('Export to CSV', 'all-in-one-wp-security-and-firewall')?>" class="button-primary"/>
603
- </form>
604
- </div></div>
605
- <?php
606
- }
607
-
608
- function render_tab5()
609
- {
610
- global $aio_wp_security;
611
- $logged_in_users = (AIOWPSecurity_Utility::is_multisite_install() ? get_site_transient('users_online') : get_transient('users_online'));
612
-
613
- include_once 'wp-security-list-logged-in-users.php'; //For rendering the AIOWPSecurity_List_Table
614
- $user_list = new AIOWPSecurity_List_Logged_In_Users();
615
- if(isset($_REQUEST['action'])) //Do row action tasks for list table form for login activity display
616
- {
617
- if($_REQUEST['action'] == 'force_user_logout'){ //Force Logout link was clicked for a row in list table
618
- $user_list->force_user_logout(strip_tags($_REQUEST['logged_in_id']), strip_tags($_REQUEST['ip_address']));
619
- }
620
- }
621
-
622
- if (isset($_POST['aiowps_refresh_logged_in_user_list']))
623
- {
624
- $nonce=$_REQUEST['_wpnonce'];
625
- if (!wp_verify_nonce($nonce, 'aiowpsec-logged-in-users-nonce'))
626
- {
627
- $aio_wp_security->debug_logger->log_debug("Nonce check failed for users logged in list!",4);
628
- die(__('Nonce check failed for users logged in list!','all-in-one-wp-security-and-firewall'));
629
- }
630
-
631
- $user_list->prepare_items();
632
- }
633
-
634
- ?>
635
- <div class="postbox">
636
- <h3 class="hndle"><label for="title"><?php _e('Refresh Logged In User Data', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
637
- <div class="inside">
638
- <form action="" method="POST">
639
- <?php wp_nonce_field('aiowpsec-logged-in-users-nonce'); ?>
640
- <input type="submit" name="aiowps_refresh_logged_in_user_list" value="<?php _e('Refresh Data', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
641
- </form>
642
- </div></div>
643
-
644
- <div class="aio_blue_box">
645
- <?php
646
- echo '<p>'.__('This tab displays all users who are currently logged into your site.', 'all-in-one-wp-security-and-firewall').'
647
- <br />'.__('If you suspect there is a user or users who are logged in which should not be, you can block them by inspecting the IP addresses from the data below and adding them to your blacklist.', 'all-in-one-wp-security-and-firewall').'
648
- <br />'.__('You can also instantly log them out by clicking on the "Force Logout" link when you hover over the row in the User Id column.', 'all-in-one-wp-security-and-firewall').'
649
- </p>';
650
- ?>
651
- </div>
652
- <div class="postbox">
653
- <h3 class="hndle"><label for="title"><?php _e('Currently Logged In Users', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
654
- <di