WordPress Backup & Security Plugin – BlogVault - Version 3.4

Version Description

  • Updating account authentication structure
  • Adding params validation
  • Adding support for custom user tables
  • Restructuring classes
  • Request profiling and Firewall improvements
  • Plugin branding fixes
Download this release

Release Info

Developer ritesh.soni36
Plugin Icon 128x128 WordPress Backup & Security Plugin – BlogVault
Version 3.4
Comparing to
See all releases

Code changes from version 1.881 to 3.4

Files changed (56) hide show
  1. account.php +172 -40
  2. admin/add_new_acc.php +3 -3
  3. admin/header.php +1 -1
  4. admin/main_page.php +2 -2
  5. admin/top_box.php +1 -1
  6. blogvault.php +88 -44
  7. callback.php +0 -251
  8. callback/base.php +24 -0
  9. callback/handler.php +114 -0
  10. callback/recover.php +0 -76
  11. callback/request.php +179 -0
  12. callback/response.php +20 -91
  13. callback/streams.php +87 -12
  14. callback/wings/account.php +43 -19
  15. callback/wings/auth.php +0 -26
  16. callback/wings/brand.php +35 -29
  17. callback/wings/bv_upgrader_skin.php +3 -4
  18. callback/wings/db.php +123 -97
  19. callback/wings/dynsync.php +39 -30
  20. callback/wings/fs.php +95 -73
  21. callback/wings/fw.php +43 -15
  22. callback/wings/info.php +101 -75
  23. callback/wings/ipstore.php +33 -34
  24. callback/wings/lp.php +38 -36
  25. callback/wings/manage.php +56 -40
  26. callback/wings/misc.php +49 -31
  27. callback/wings/monit.php +53 -38
  28. callback/wings/protect.php +34 -24
  29. fw/config.php +0 -66
  30. fw/fw.php +0 -280
  31. img/sap-logo.png +0 -0
  32. info.php +85 -0
  33. lp/config.php +0 -80
  34. main.php +0 -167
  35. main/auth.php +0 -106
  36. main/lib.php +0 -44
  37. main/site_info.php +0 -99
  38. protect.php +0 -45
  39. ipstore.php → protect/ipstore.php +5 -5
  40. logger.php → protect/logger.php +0 -0
  41. protect/protect.php +58 -0
  42. protect/wp_fw/config.php +251 -0
  43. protect/wp_fw/fw.php +597 -0
  44. {fw → protect/wp_fw}/request.php +53 -24
  45. protect/wp_lp/config.php +82 -0
  46. {lp → protect/wp_lp}/lp.php +39 -45
  47. publickeys/bvkey3.pub +0 -14
  48. readme.txt +9 -3
  49. recover.php +47 -0
  50. wp_actions.php +53 -0
  51. admin.php → wp_admin.php +43 -43
  52. wp_api.php +38 -0
  53. main/db.php → wp_db.php +40 -34
  54. dynsync.php → wp_dynsync.php +22 -23
  55. wp_settings.php +54 -0
  56. wp_site_info.php +79 -0
account.php CHANGED
@@ -1,50 +1,182 @@
1
  <?php
2
- if (!defined('ABSPATH')) exit;
3
- if (!class_exists('BVAccountInfo')) :
4
 
5
- class BVAccountInfo {
6
- public $bvmain;
 
 
 
 
 
 
 
7
 
8
- function __construct($bvmain) {
9
- $this->bvmain = $bvmain;
10
- }
 
 
11
 
12
- public function add($info) {
13
- $accounts = $this->allAccounts();
14
- if(!is_array($accounts)) {
15
- $accounts = array();
 
 
 
 
 
16
  }
17
- $pubkey = $info['pubkey'];
18
- $accounts[$pubkey]['lastbackuptime'] = time();
19
- $accounts[$pubkey]['url'] = $info['url'];
20
- $accounts[$pubkey]['email'] = $info['email'];
21
- $this->update($accounts);
22
- }
23
 
24
- public function remove($pubkey) {
25
- $bvkeys = $this->bvmain->info->getOption('bvkeys');
26
- $accounts = $this->allAccounts();
27
- $this->bvmain->auth->rmkeys($pubkey);
28
- $this->bvmain->setup($this->bvmain->lib->randString(32));
29
- if ($accounts && is_array($accounts)) {
30
- unset($accounts[$pubkey]);
31
- $this->update($accounts);
32
- return true;
33
- }
34
- return false;
35
- }
36
 
37
- public function allAccounts() {
38
- return $this->bvmain->info->getOption('bvAccounts');
39
- }
40
 
41
- public function doesAccountExists($pubkey) {
42
- $accounts = $this->allAccounts();
43
- return array_key_exists($pubkey, $accounts);
44
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
45
 
46
- public function update($accounts) {
47
- $this->bvmain->info->updateOption('bvAccounts', $accounts);
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
48
  }
49
- }
50
- endif;
1
  <?php
 
 
2
 
3
+ if (!defined('ABSPATH')) exit;
4
+ if (!class_exists('BVAccount')) :
5
+ class BVAccount {
6
+ public $settings;
7
+ public $public;
8
+ public $secret;
9
+ public $sig_match;
10
+ public static $api_public_key = 'bvApiPublic';
11
+ public static $accounts_list = 'bvAccountsList';
12
 
13
+ public function __construct($settings, $public, $secret) {
14
+ $this->settings = $settings;
15
+ $this->public = $public;
16
+ $this->secret = $secret;
17
+ }
18
 
19
+ public static function find($settings, $public) {
20
+ $accounts = self::allAccounts($settings);
21
+ if (array_key_exists($public, $accounts) && isset($accounts[$public]['secret'])) {
22
+ $secret = $accounts[$public]['secret'];
23
+ }
24
+ if (empty($secret) || (strlen($secret) < 32)) {
25
+ return null;
26
+ }
27
+ return new self($settings, $public, $secret);
28
  }
 
 
 
 
 
 
29
 
30
+ public static function update($settings, $allAccounts) {
31
+ $settings->updateOption(self::$accounts_list, $allAccounts);
32
+ }
 
 
 
 
 
 
 
 
 
33
 
34
+ public static function randString($length) {
35
+ $chars = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
 
36
 
37
+ $str = "";
38
+ $size = strlen($chars);
39
+ for( $i = 0; $i < $length; $i++ ) {
40
+ $str .= $chars[rand(0, $size - 1)];
41
+ }
42
+ return $str;
43
+ }
44
+
45
+ public static function apiPublicAccount($settings) {
46
+ $pubkey = $settings->getOption(self::$api_public_key);
47
+ return self::find($settings, $pubkey);
48
+ }
49
+
50
+ public static function updateApiPublicKey($settings, $pubkey) {
51
+ $settings->updateOption(self::$api_public_key, $pubkey);
52
+ }
53
+
54
+ public static function getApiPublicKey($settings) {
55
+ return $settings->getOption(self::$api_public_key);
56
+ }
57
+
58
+ public static function getPlugName($settings) {
59
+ $bvinfo = new BVInfo($settings);
60
+ return $bvinfo->plugname;
61
+ }
62
+
63
+ public static function allAccounts($settings) {
64
+ $accounts = $settings->getOption(self::$accounts_list);
65
+ if (!is_array($accounts)) {
66
+ $accounts = array();
67
+ }
68
+ return $accounts;
69
+ }
70
+
71
+ public static function accountsByPlugname($settings) {
72
+ $accounts = self::allAccounts($settings);
73
+ $accountsByPlugname = array();
74
+ $plugname = self::getPlugName($settings);
75
+ foreach ($accounts as $pubkey => $value) {
76
+ if (array_key_exists($plugname, $value) && $value[$plugname] == 1) {
77
+ $accountsByPlugname[$pubkey] = $value;
78
+ }
79
+ }
80
+ return $accountsByPlugname;
81
+ }
82
 
83
+ public static function isConfigured($settings) {
84
+ $accounts = self::accountsByPlugname($settings);
85
+ return (sizeof($accounts) >= 1);
86
+ }
87
+
88
+ public static function setup($settings) {
89
+ $bvinfo = new BVInfo($settings);
90
+ $settings->updateOption($bvinfo->plug_redirect, 'yes');
91
+ $settings->updateOption('bvActivateTime', time());
92
+ }
93
+
94
+ public function authenticatedUrl($method) {
95
+ $bvinfo = new BVInfo($this->settings);
96
+ $qstr = http_build_query($this->newAuthParams($bvinfo->version));
97
+ return $bvinfo->appUrl().$method."?".$qstr;
98
+ }
99
+
100
+ public function newAuthParams($version) {
101
+ $args = array();
102
+ $time = time();
103
+ $sig = sha1($this->public.$this->secret.$time.$version);
104
+ $args['sig'] = $sig;
105
+ $args['bvTime'] = $time;
106
+ $args['bvPublic'] = $this->public;
107
+ $args['bvVersion'] = $version;
108
+ $args['sha1'] = '1';
109
+ return $args;
110
+ }
111
+
112
+ public static function addAccount($settings, $public, $secret) {
113
+ $accounts = self::allAccounts($settings);
114
+ if (!isset($public, $accounts)) {
115
+ $accounts[$public] = array();
116
+ }
117
+ $accounts[$public]['secret'] = $secret;
118
+ self::update($settings, $accounts);
119
+ }
120
+
121
+ public function respInfo() {
122
+ return array(
123
+ "public" => substr($this->public, 0, 6),
124
+ "sigmatch" => substr($this->sig_match, 0, 6)
125
+ );
126
+ }
127
+
128
+ public static function getSigMatch($request, $secret) {
129
+ $method = $request->method;
130
+ $time = $request->time;
131
+ $version = $request->version;
132
+ if ($request->is_sha1) {
133
+ $sig_match = sha1($method.$secret.$time.$version);
134
+ } else {
135
+ $sig_match = md5($method.$secret.$time.$version);
136
+ }
137
+ return $sig_match;
138
+ }
139
+
140
+ public function authenticate($request) {
141
+ $time = $request->time;
142
+ if ($time < intval($this->settings->getOption('bvLastRecvTime')) - 300) {
143
+ return false;
144
+ }
145
+ $this->sig_match = self::getSigMatch($request, $this->secret);
146
+ if ($this->sig_match !== $request->sig) {
147
+ return $sig_match;
148
+ }
149
+ $this->settings->updateOption('bvLastRecvTime', $time);
150
+ return 1;
151
+ }
152
+
153
+ public function updateInfo($info) {
154
+ $accounts = self::allAccounts($this->settings);
155
+ $plugname = self::getPlugName($this->settings);
156
+ $pubkey = $info['pubkey'];
157
+ if (!array_key_exists($pubkey, $accounts)) {
158
+ $accounts[$pubkey] = array();
159
+ }
160
+ $accounts[$pubkey]['lastbackuptime'] = time();
161
+ $accounts[$pubkey][$plugname] = true;
162
+ $accounts[$pubkey]['url'] = $info['url'];
163
+ $accounts[$pubkey]['email'] = $info['email'];
164
+ self::update($this->settings, $accounts);
165
+ }
166
+
167
+ public static function remove($settings, $pubkey) {
168
+ $accounts = self::allAccounts($settings);
169
+ if (array_key_exists($pubkey, $accounts)) {
170
+ unset($accounts[$pubkey]);
171
+ self::update($settings, $accounts);
172
+ return true;
173
+ }
174
+ return false;
175
+ }
176
+
177
+ public static function exists($settings, $pubkey) {
178
+ $accounts = self::allAccounts($settings);
179
+ return array_key_exists($pubkey, $accounts);
180
+ }
181
  }
182
+ endif;
 
admin/add_new_acc.php CHANGED
@@ -1,5 +1,5 @@
1
  <?php
2
- if ($this->bvmain->isMalcare()) {
3
  $signupFormTitle = "Let's scan your website";
4
  $signupPurpose = array("Malware Scan", "Malware Clean", "Firewall", "Login Protection", "Others");
5
  $signupButtonText = "Scan Site";
@@ -19,7 +19,7 @@
19
  <?php require_once dirname( __FILE__ ) . "/top_box.php";?>
20
  </div>
21
  <div class="mui-panel new-account-panel">
22
- <form dummy=">" action="<?php echo $this->bvmain->appUrl(); ?>/plugin/bvstart" style="padding-top:10px; margin: 0px;" onsubmit="document.getElementById('get-started').disabled = true;" method="post" name="signup">
23
  <div style="width: 800px; margin: 0 auto; padding: 10px;">
24
  <div class="mui--text-title form-title"><?php echo $signupFormTitle; ?></div>
25
  <input type='hidden' name='bvsrc' value='wpplugin' />
@@ -41,7 +41,7 @@
41
  </div>
42
  </div>
43
  <div class="mui-col-md-2 side">
44
- <?php if ($this->bvmain->isBlogvault()) { ?>
45
  <div class="side-box" style="margin: 0px !important;">
46
  <h2 class="side-box-title">Why choose BlogVault ?</h2>
47
  <strong>
1
  <?php
2
+ if ($this->bvinfo->isMalcare()) {
3
  $signupFormTitle = "Let's scan your website";
4
  $signupPurpose = array("Malware Scan", "Malware Clean", "Firewall", "Login Protection", "Others");
5
  $signupButtonText = "Scan Site";
19
  <?php require_once dirname( __FILE__ ) . "/top_box.php";?>
20
  </div>
21
  <div class="mui-panel new-account-panel">
22
+ <form dummy=">" action="<?php echo $this->bvinfo->appUrl(); ?>/plugin/bvstart" style="padding-top:10px; margin: 0px;" onsubmit="document.getElementById('get-started').disabled = true;" method="post" name="signup">
23
  <div style="width: 800px; margin: 0 auto; padding: 10px;">
24
  <div class="mui--text-title form-title"><?php echo $signupFormTitle; ?></div>
25
  <input type='hidden' name='bvsrc' value='wpplugin' />
41
  </div>
42
  </div>
43
  <div class="mui-col-md-2 side">
44
+ <?php if ($this->bvinfo->isBlogvault()) { ?>
45
  <div class="side-box" style="margin: 0px !important;">
46
  <h2 class="side-box-title">Why choose BlogVault ?</h2>
47
  <strong>
admin/header.php CHANGED
@@ -1,5 +1,5 @@
1
  <?php
2
- if ($this->bvmain->isMalcare()) {
3
  $headerColor = "#4686f5";
4
  $pluginSlug = "malcare-security";
5
  $headerLogoLink = $this->getWebPage() . "/?utm_source=mc_plugin_lp_logo&utm_medium=logo_link&utm_campaign=mc_plugin_lp_header&utm_term=header_logo&utm_content=image_link";
1
  <?php
2
+ if ($this->bvinfo->isMalcare()) {
3
  $headerColor = "#4686f5";
4
  $pluginSlug = "malcare-security";
5
  $headerLogoLink = $this->getWebPage() . "/?utm_source=mc_plugin_lp_logo&utm_medium=logo_link&utm_campaign=mc_plugin_lp_header&utm_term=header_logo&utm_content=image_link";
admin/main_page.php CHANGED
@@ -3,7 +3,7 @@
3
  <?php require_once dirname( __FILE__ ) . "/top_box.php";?>
4
  </div>
5
  <div class="mui-container-fluid">
6
- <?php $accounts = $this->account->allAccounts();?>
7
  <div class="mui-panel" style="width:800px; margin:0 auto;border:1px solid #CCC;">
8
  <div class="mui--text-body1" style="text-align:center;font-size:18px;">Accounts associated with this website.</div><br/>
9
  <table cellpadding="10" style="width:700px; margin:0 auto;border:1px solid black;">
@@ -30,7 +30,7 @@
30
  <?php } ?>
31
  </table>
32
  <div class="mui-col-md-12 mui-col-md-offset-3" style="padding-top:2%;">
33
- <a class="mui-btn mui-btn--raised mui-btn--primary" href=<?php echo $this->bvmain->appUrl(); ?> target="_blank">Visit Dashboard</a>
34
  <a class="mui-btn mui-btn--raised mui-btn--primary" href=<?php echo $this->mainUrl('&add_account=true'); ?> >Connect New Account</a>
35
  </div>
36
  </div>
3
  <?php require_once dirname( __FILE__ ) . "/top_box.php";?>
4
  </div>
5
  <div class="mui-container-fluid">
6
+ <?php $accounts = BVAccount::allAccounts($this->settings);?>
7
  <div class="mui-panel" style="width:800px; margin:0 auto;border:1px solid #CCC;">
8
  <div class="mui--text-body1" style="text-align:center;font-size:18px;">Accounts associated with this website.</div><br/>
9
  <table cellpadding="10" style="width:700px; margin:0 auto;border:1px solid black;">
30
  <?php } ?>
31
  </table>
32
  <div class="mui-col-md-12 mui-col-md-offset-3" style="padding-top:2%;">
33
+ <a class="mui-btn mui-btn--raised mui-btn--primary" href=<?php echo $this->bvinfo->appUrl(); ?> target="_blank">Visit Dashboard</a>
34
  <a class="mui-btn mui-btn--raised mui-btn--primary" href=<?php echo $this->mainUrl('&add_account=true'); ?> >Connect New Account</a>
35
  </div>
36
  </div>
admin/top_box.php CHANGED
@@ -1,5 +1,5 @@
1
  <?php
2
- if ($this->bvmain->isMalcare()) {
3
  $mainTitle = "Are you Hacked? Scan Your Website for FREE.";
4
  $videoId = "rBuYh2dIadk";
5
  $testimonialImg = "/../img/testimonial_mc.png";
1
  <?php
2
+ if ($this->bvinfo->isMalcare()) {
3
  $mainTitle = "Are you Hacked? Scan Your Website for FREE.";
4
  $videoId = "rBuYh2dIadk";
5
  $testimonialImg = "/../img/testimonial_mc.png";
blogvault.php CHANGED
@@ -5,7 +5,7 @@ Plugin URI: https://blogvault.net
5
  Description: Easiest way to backup & secure your WordPress site
6
  Author: Backup by BlogVault
7
  Author URI: https://blogvault.net
8
- Version: 1.881
9
  Network: True
10
  */
11
 
@@ -28,69 +28,113 @@ Network: True
28
  /* Global response array */
29
 
30
  if (!defined('ABSPATH')) exit;
31
- global $bvcb, $bvresp;
 
 
 
 
 
 
32
 
33
- require_once dirname( __FILE__ ) . '/main.php';
34
- $bvmain = new BVBackup();
35
 
36
- register_uninstall_hook(__FILE__, array('BVBackup', 'uninstall'));
37
- register_activation_hook(__FILE__, array($bvmain, 'activate'));
38
- register_deactivation_hook(__FILE__, array($bvmain, 'deactivate'));
39
 
40
- add_action('wp_footer', array($bvmain, 'footerHandler'), 100);
41
 
 
 
 
 
 
 
 
 
 
 
 
42
  if (is_admin()) {
43
- require_once dirname( __FILE__ ) . '/admin.php';
44
- $bvadmin = new BVAdmin($bvmain);
45
- add_action('admin_init', array($bvadmin, 'initHandler'));
46
- add_filter('all_plugins', array($bvadmin, 'initBranding'));
47
- add_filter('plugin_row_meta', array($bvadmin, 'hidePluginDetails'), 10, 2);
48
- if ($bvmain->info->isMultisite()) {
49
- add_action('network_admin_menu', array($bvadmin, 'menu'));
50
  } else {
51
- add_action('admin_menu', array($bvadmin, 'menu'));
52
  }
53
- add_filter('plugin_action_links', array($bvadmin, 'settingsLink'), 10, 2);
54
- add_action('admin_notices', array($bvadmin, 'activateWarning'));
55
  ##ADMINENQUEUESCRIPTS##
56
  }
57
 
 
58
  if ((array_key_exists('bvreqmerge', $_POST)) || (array_key_exists('bvreqmerge', $_GET))) {
59
- $_REQUEST = array_merge($_GET, $_POST);
60
  }
61
 
62
- if ((array_key_exists('bvplugname', $_REQUEST)) &&
63
- stristr($_REQUEST['bvplugname'], $bvmain->plugname)) {
64
- require_once dirname( __FILE__ ) . '/callback.php';
65
- $bvcb = new BVCallback($bvmain);
66
- $bvresp = new BVResponse();
67
- if ($bvcb->preauth() === 1) {
68
- if ($bvcb->authenticate() === 1) {
69
- if (array_key_exists('afterload', $_REQUEST)) {
70
- add_action('wp_loaded', array($bvcb, 'execute'));
71
- } else if (array_key_exists('adajx', $_REQUEST)) {
72
- add_action('wp_ajax_bvadm', array($bvcb, 'bvAdmExecuteWithUser'));
73
- add_action('wp_ajax_nopriv_bvadm', array($bvcb, 'bvAdmExecuteWithoutUser'));
74
- } else {
75
- $bvcb->execute();
76
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
77
  } else {
78
- $bvcb->terminate(false, array_key_exists('bvdbg', $_REQUEST));
79
  }
 
 
 
 
 
 
 
 
 
 
80
  }
81
  } else {
82
- if ($bvmain->isProtectModuleEnabled()) {
83
- require_once dirname( __FILE__ ) . '/protect.php';
84
- $bvprotect = new BVProtect($bvmain);
 
85
  $bvprotect->init();
86
- require_once dirname( __FILE__ ) . '/ipstore.php';
87
- $bvipstore = new BVIPStore($bvmain);
88
- $bvipstore->init();
89
  }
90
 
91
- if ($bvmain->isDynSyncModuleEnabled()) {
92
- require_once dirname( __FILE__ ) . '/dynsync.php';
93
- $dynsync = new BVDynSync($bvmain);
94
  $dynsync->init();
95
  }
96
 
5
  Description: Easiest way to backup & secure your WordPress site
6
  Author: Backup by BlogVault
7
  Author URI: https://blogvault.net
8
+ Version: 3.4
9
  Network: True
10
  */
11
 
28
  /* Global response array */
29
 
30
  if (!defined('ABSPATH')) exit;
31
+ require_once dirname( __FILE__ ) . '/wp_settings.php';
32
+ require_once dirname( __FILE__ ) . '/wp_site_info.php';
33
+ require_once dirname( __FILE__ ) . '/wp_db.php';
34
+ require_once dirname( __FILE__ ) . '/wp_api.php';
35
+ require_once dirname( __FILE__ ) . '/wp_actions.php';
36
+ require_once dirname( __FILE__ ) . '/info.php';
37
+ require_once dirname( __FILE__ ) . '/account.php';
38
 
 
 
39
 
40
+ $bvsettings = new BVWPSettings();
41
+ $bvsiteinfo = new BVWPSiteInfo();
42
+ $bvdb = new BVWPDb();
43
 
 
44
 
45
+ $bvapi = new BVWPAPI($bvsettings);
46
+ $bvinfo = new BVInfo($bvsettings);
47
+ $wp_action = new BVWPAction($bvsettings, $bvsiteinfo, $bvapi);
48
+
49
+ register_uninstall_hook(__FILE__, array('BVWPAction', 'uninstall'));
50
+ register_activation_hook(__FILE__, array($wp_action, 'activate'));
51
+ register_deactivation_hook(__FILE__, array($wp_action, 'deactivate'));
52
+
53
+ add_action('wp_footer', array($wp_action, 'footerHandler'), 100);
54
+
55
+ ##WPCLIMODULE##
56
  if (is_admin()) {
57
+ require_once dirname( __FILE__ ) . '/wp_admin.php';
58
+ $wpadmin = new BVWPAdmin($bvsettings, $bvsiteinfo);
59
+ add_action('admin_init', array($wpadmin, 'initHandler'));
60
+ add_filter('all_plugins', array($wpadmin, 'initBranding'));
61
+ add_filter('plugin_row_meta', array($wpadmin, 'hidePluginDetails'), 10, 2);
62
+ if ($bvsiteinfo->isMultisite()) {
63
+ add_action('network_admin_menu', array($wpadmin, 'menu'));
64
  } else {
65
+ add_action('admin_menu', array($wpadmin, 'menu'));
66
  }
67
+ add_filter('plugin_action_links', array($wpadmin, 'settingsLink'), 10, 2);
68
+ add_action('admin_notices', array($wpadmin, 'activateWarning'));
69
  ##ADMINENQUEUESCRIPTS##
70
  }
71
 
72
+
73
  if ((array_key_exists('bvreqmerge', $_POST)) || (array_key_exists('bvreqmerge', $_GET))) {
74
+ $_REQUEST = array_merge($_GET, $_POST);
75
  }
76
 
77
+ if ((array_key_exists('bvplugname', $_REQUEST)) && ($_REQUEST['bvplugname'] == "bvbackup")) {
78
+ require_once dirname( __FILE__ ) . '/callback/base.php';
79
+ require_once dirname( __FILE__ ) . '/callback/response.php';
80
+ require_once dirname( __FILE__ ) . '/callback/request.php';
81
+ require_once dirname( __FILE__ ) . '/recover.php';
82
+
83
+ $pubkey = $_REQUEST['pubkey'];
84
+
85
+ if (array_key_exists('rcvracc', $_REQUEST)) {
86
+ $account = BVRecover::find($bvsettings, $pubkey);
87
+ } else {
88
+ $account = BVAccount::find($bvsettings, $pubkey);
89
+ }
90
+
91
+ $request = new BVCallbackRequest($account, $_REQUEST);
92
+ $response = new BVCallbackResponse($request->bvb64cksize);
93
+
94
+ if ($account && (1 === $account->authenticate($request))) {
95
+ require_once dirname( __FILE__ ) . '/callback/handler.php';
96
+ $params = $request->processParams($_REQUEST);
97
+ if ($params === false) {
98
+ $resp = array(
99
+ "account_info" => $account->respInfo(),
100
+ "request_info" => $request->respInfo(),
101
+ "bvinfo" => $bvinfo->respInfo(),
102
+ "statusmsg" => "BVPRMS_CORRUPTED"
103
+ );
104
+ $response->terminate($resp);
105
+ }
106
+ $request->params = $params;
107
+ $callback_handler = new BVCallbackHandler($bvdb, $bvsettings, $bvsiteinfo, $request, $account, $response);
108
+ if ($request->is_afterload) {
109
+ add_action('wp_loaded', array($callback_handler, 'execute'));
110
+ } else if ($request->is_admin_ajax) {
111
+ add_action('wp_ajax_bvadm', array($callback_handler, 'bvAdmExecuteWithUser'));
112
+ add_action('wp_ajax_nopriv_bvadm', array($callback_handler, 'bvAdmExecuteWithoutUser'));
113
  } else {
114
+ $callback_handler->execute();
115
  }
116
+ } else {
117
+ $resp = array(
118
+ "account_info" => $account ? $account->respInfo() : array("error" => "ACCOUNT_NOT_FOUND"),
119
+ "request_info" => $request->respInfo(),
120
+ "bvinfo" => $bvinfo->respInfo(),
121
+ "statusmsg" => "FAILED_AUTH",
122
+ "api_pubkey" => substr(BVAccount::getApiPublicKey($bvsettings), 0, 8),
123
+ "def_sigmatch" => substr(BVAccount::getSigMatch($request, BVRecover::getDefaultSecret($bvsettings)), 0, 8)
124
+ );
125
+ $response->terminate($resp);
126
  }
127
  } else {
128
+ if ($bvinfo->isProtectModuleEnabled()) {
129
+ require_once dirname( __FILE__ ) . '/protect/protect.php';
130
+ require_once dirname( __FILE__ ) . '/protect/ipstore.php';
131
+ $bvprotect = new BVProtect($bvdb, $bvsettings);
132
  $bvprotect->init();
 
 
 
133
  }
134
 
135
+ if ($bvinfo->isDynSyncModuleEnabled()) {
136
+ require_once dirname( __FILE__ ) . '/wp_dynsync.php';
137
+ $dynsync = new BVWPDynSync($bvdb, $bvsettings);
138
  $dynsync->init();
139
  }
140
 
callback.php DELETED
@@ -1,251 +0,0 @@
1
- <?php
2
-
3
- if (!defined('ABSPATH')) exit;
4
- if (!class_exists('BVCallback')) :
5
-
6
- require_once dirname( __FILE__ ) . '/callback/response.php';
7
-
8
- class BVCallback {
9
- public $bvmain;
10
- function __construct($bvmain) {
11
- $this->bvmain = $bvmain;
12
- }
13
-
14
- public function serversig($full = false) {
15
- $sig = sha1($_SERVER['SERVER_ADDR'].ABSPATH);
16
- if ($full)
17
- return $sig;
18
- else
19
- return substr($sig, 0, 6);
20
- }
21
-
22
- public function terminate($with_basic, $bvdebug = false) {
23
- global $bvresp;
24
- $public = $this->bvmain->auth->defaultPublic();
25
- $bvresp->addStatus("signature", "Blogvault API");
26
- $bvresp->addStatus("asymauth", "true");
27
- $bvresp->addStatus("sha1", "true");
28
- $bvresp->addStatus("dbsig", $this->bvmain->lib->dbsig(false));
29
- $bvresp->addStatus("serversig", $this->serversig(false));
30
- $bvresp->addStatus("public", substr($public, 0, 6));
31
- if (array_key_exists('adajx', $_REQUEST)) {
32
- $bvresp->addStatus("adajx", true);
33
- }
34
- if ($with_basic) {
35
- $binfo = array();
36
- $this->bvmain->info->basic($binfo);
37
- $bvresp->addStatus("basic", $binfo);
38
- $bvresp->addStatus("bvversion", $this->bvmain->version);
39
- }
40
-
41
- if ($bvdebug) {
42
- $bvresp->addStatus("inreq", $_REQUEST);
43
- }
44
-
45
- $bvresp->finish();
46
- exit;
47
- }
48
-
49
- public function processParams() {
50
- if (array_key_exists('concat', $_REQUEST)) {
51
- foreach ($_REQUEST['concat'] as $key) {
52
- $concated = '';
53
- $count = intval($_REQUEST[$key]);
54
- for ($i = 1; $i <= $count; $i++) {
55
- $concated .= $_REQUEST[$key."_bv_".$i];
56
- }
57
- $_REQUEST[$key] = $concated;
58
- }
59
- }
60
- if (array_key_exists('b64', $_REQUEST)) {
61
- foreach ($_REQUEST['b64'] as $key) {
62
- if (is_array($_REQUEST[$key])) {
63
- $_REQUEST[$key] = array_map('base64_decode', $_REQUEST[$key]);
64
- } else {
65
- $_REQUEST[$key] = base64_decode($_REQUEST[$key]);
66
- }
67
- }
68
- }
69
- if (array_key_exists('unser', $_REQUEST)) {
70
- foreach ($_REQUEST['unser'] as $key) {
71
- $_REQUEST[$key] = json_decode($_REQUEST[$key], TRUE);
72
- }
73
- }
74
- if (array_key_exists('b642', $_REQUEST)) {
75
- foreach ($_REQUEST['b642'] as $key) {
76
- if (is_array($_REQUEST[$key])) {
77
- $_REQUEST[$key] = array_map('base64_decode', $_REQUEST[$key]);
78
- } else {
79
- $_REQUEST[$key] = base64_decode($_REQUEST[$key]);
80
- }
81
- }
82
- }
83
- if (array_key_exists('dic', $_REQUEST)) {
84
- foreach ($_REQUEST['dic'] as $key => $mkey) {
85
- $_REQUEST[$mkey] = $_REQUEST[$key];
86
- unset($_REQUEST[$key]);
87
- }
88
- }
89
- if (array_key_exists('clacts', $_REQUEST)) {
90
- foreach ($_REQUEST['clacts'] as $action) {
91
- remove_all_actions($action);
92
- }
93
- }
94
- if (array_key_exists('clallacts', $_REQUEST)) {
95
- global $wp_filter;
96
- foreach ( $wp_filter as $filter => $val ){
97
- remove_all_actions($filter);
98
- }
99
- }
100
- if (array_key_exists('memset', $_REQUEST)) {
101
- $val = intval(urldecode($_REQUEST['memset']));
102
- @ini_set('memory_limit', $val.'M');
103
- }
104
- }
105
-
106
- public function recover() {
107
- $recover = new BVRecover(base64_decode($_REQUEST['sig']), $_REQUEST['orig'],
108
- $_REQUEST['keyname'], $_REQUEST["keysize"]);
109
- if ($recover->validate() && ($recover->process() === 1)) {
110
- $recover->processKeyExchange();
111
- return 1;
112
- }
113
- return false;
114
- }
115
-
116
- public function preauth() {
117
- global $bvresp;
118
- if (array_key_exists('obend', $_REQUEST) && function_exists('ob_end_clean'))
119
- @ob_end_clean();
120
- if (array_key_exists('op_reset', $_REQUEST) && function_exists('output_reset_rewrite_vars'))
121
- @output_reset_rewrite_vars();
122
- if (array_key_exists('binhead', $_REQUEST)) {
123
- header("Content-type: application/binary");
124
- header('Content-Transfer-Encoding: binary');
125
- }
126
- if (array_key_exists('bvrcvr', $_REQUEST)) {
127
- require_once dirname( __FILE__ ) . '/callback/recover.php';
128
- if ($this->recover() !== 1) {
129
- $bvresp->addStatus("statusmsg", 'failed authentication');
130
- }
131
- $this->terminate(false, array_key_exists('bvdbg', $_REQUEST));
132
- return false;
133
- }
134
- return 1;
135
- }
136
-
137
- public function authenticate() {
138
- global $bvresp;
139
- $auth = $this->bvmain->auth;
140
- $method = $_REQUEST['bvMethod'];
141
- $time = intval($_REQUEST['bvTime']);
142
- $version = $_REQUEST['bvVersion'];
143
- $sig = $_REQUEST['sig'];
144
- $public = $auth->publicParam();
145
-
146
- $bvresp->addStatus("requestedsig", $sig);
147
- $bvresp->addStatus("requestedtime", $time);
148
- $bvresp->addStatus("requestedversion", $version);
149
-
150
- $sig_match = $auth->validate($public, $method, $time, $version, $sig);
151
- if ($sig_match === 1) {
152
- return 1;
153
- } else {
154
- $bvresp->addStatus("sigmatch", substr($sig_match, 0, 6));
155
- $bvresp->addStatus("statusmsg", 'failed authentication');
156
- return false;
157
- }
158
- }
159
-
160
- public function route($wing, $method) {
161
- global $bvresp;
162
- $bvresp->addStatus("callback", $method);
163
- switch ($wing) {
164
- case 'manage':
165
- require_once dirname( __FILE__ ) . '/callback/wings/manage.php';
166
- $module = new BVManageCallback();
167
- break;
168
- case 'fs':
169
- require_once dirname( __FILE__ ) . '/callback/wings/fs.php';
170
- $module = new BVFSCallback();
171
- break;
172
- case 'db':
173
- require_once dirname( __FILE__ ) . '/callback/wings/db.php';
174
- $module = new BVDBCallback();
175
- break;
176
- case 'info':
177
- require_once dirname( __FILE__ ) . '/callback/wings/info.php';
178
- $module = new BVInfoCallback();
179
- break;
180
- case 'dynsync':
181
- require_once dirname( __FILE__ ) . '/callback/wings/dynsync.php';
182
- $module = new BVDynSyncCallback();
183
- break;
184
- case 'ipstr':
185
- require_once dirname( __FILE__ ) . '/callback/wings/ipstore.php';
186
- $module = new BVIPStoreCallback();
187
- break;
188
- case 'auth':
189
- require_once dirname( __FILE__ ) . '/callback/wings/auth.php';
190
- $module = new BVAuthCallback();
191
- break;
192
- case 'fw':
193
- require_once dirname( __FILE__ ) . '/callback/wings/fw.php';
194
- $module = new BVFirewallCallback();
195
- break;
196
- case 'lp':
197
- require_once dirname( __FILE__ ) . '/callback/wings/lp.php';
198
- $module = new BVLoginProtectCallback();
199
- break;
200
- case 'monit':
201
- require_once dirname( __FILE__ ) . '/callback/wings/monit.php';
202
- $module = new BVMonitCallback();
203
- break;
204
- case 'brand':
205
- require_once dirname( __FILE__ ) . '/callback/wings/brand.php';
206
- $module = new BVBrandCallback();
207
- break;
208
- case 'pt':
209
- require_once dirname( __FILE__ ) . '/callback/wings/protect.php';
210
- $module = new BVProtectCallback();
211
- break;
212
- case 'act':
213
- require_once dirname( __FILE__ ) . '/callback/wings/account.php';
214
- $module = new BVAccountCallback();
215
- break;
216
- default:
217
- require_once dirname( __FILE__ ) . '/callback/wings/misc.php';
218
- $module = new BVMiscCallback();
219
- break;
220
- }
221
- $rval = $module->process($method);
222
- if ($rval === false) {
223
- $bvresp->addStatus("statusmsg", "Bad Command");
224
- $bvresp->addStatus("status", false);
225
- }
226
- return 1;
227
- }
228
-
229
- public function bvAdmExecuteWithoutUser() {
230
- global $bvresp;
231
- $bvresp->addStatus("bvadmwithoutuser", true);
232
- $this->execute();
233
- }
234
-
235
- public function bvAdmExecuteWithUser() {
236
- global $bvresp;
237
- $bvresp->addStatus("bvadmwithuser", true);
238
- $this->execute();
239
- }
240
-
241
- public function execute() {
242
- global $bvresp;
243
- $this->processParams();
244
- if ($bvresp->startStream()) {
245
- $this->route($_REQUEST['wing'], $_REQUEST['bvMethod']);
246
- $bvresp->endStream();
247
- }
248
- $this->terminate(true, array_key_exists('bvdbg', $_REQUEST));
249
- }
250
- }
251
- endif;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
callback/base.php ADDED
@@ -0,0 +1,24 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ if (!defined('ABSPATH')) exit;
4
+ if (!class_exists('BVCallbackBase')) :
5
+
6
+ class BVCallbackBase {
7
+ public function objectToArray($obj) {
8
+ return json_decode(json_encode($obj), true);
9
+ }
10
+
11
+ public function base64Encode($data, $chunk_size) {
12
+ if ($chunk_size) {
13
+ $out = "";
14
+ $len = strlen($data);
15
+ for ($i = 0; $i < $len; $i += $chunk_size) {
16
+ $out .= base64_encode(substr($data, $i, $chunk_size));
17
+ }
18
+ } else {
19
+ $out = base64_encode($data);
20
+ }
21
+ return $out;
22
+ }
23
+ }
24
+ endif;
callback/handler.php ADDED
@@ -0,0 +1,114 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ if (!defined('ABSPATH')) exit;
4
+ if (!class_exists('BVCallbackHandler')) :
5
+
6
+ class BVCallbackHandler {
7
+ public $db;
8
+ public $settings;
9
+ public $siteinfo;
10
+ public $request;
11
+ public $account;
12
+ public $response;
13
+
14
+ public function __construct($db, $settings, $siteinfo, $request, $account, $response) {
15
+ $this->db = $db;
16
+ $this->settings = $settings;
17
+ $this->siteinfo = $siteinfo;
18
+ $this->request = $request;
19
+ $this->account = $account;
20
+ $this->response = $response;
21
+ }
22
+
23
+ public function bvAdmExecuteWithoutUser() {
24
+ $this->execute(array("bvadmwithoutuser" => true));
25
+ }
26
+
27
+ public function bvAdmExecuteWithUser() {
28
+ $this->execute(array("bvadmwithuser" => true));
29
+ }
30
+
31
+ public function execute($resp = array()) {
32
+ $this->routeRequest();
33
+ $bvinfo = new BVInfo($this->settings);
34
+ $resp = array(
35
+ "request_info" => $this->request->respInfo(),
36
+ "site_info" => $this->siteinfo->respInfo(),
37
+ "account_info" => $this->account->respInfo(),
38
+ "bvinfo" => $bvinfo->respInfo(),
39
+ "api_pubkey" => substr(BVAccount::getApiPublicKey($this->settings), 0, 8)
40
+ );
41
+ $this->response->terminate($resp);
42
+ }
43
+
44
+ public function routeRequest() {
45
+ switch ($this->request->wing) {
46
+ case 'manage':
47
+ require_once dirname( __FILE__ ) . '/wings/manage.php';
48
+ $module = new BVManageCallback($this);
49
+ break;
50
+ case 'fs':
51
+ require_once dirname( __FILE__ ) . '/wings/fs.php';
52
+ $module = new BVFSCallback($this);
53
+ break;
54
+ case 'db':
55
+ require_once dirname( __FILE__ ) . '/wings/db.php';
56
+ $module = new BVDBCallback($this);
57
+ break;
58
+ case 'info':
59
+ require_once dirname( __FILE__ ) . '/wings/info.php';
60
+ $module = new BVInfoCallback($this);
61
+ break;
62
+ case 'dynsync':
63
+ require_once dirname( __FILE__ ) . '/wings/dynsync.php';
64
+ $module = new BVDynSyncCallback($this);
65
+ break;
66
+ case 'ipstr':
67
+ require_once dirname( __FILE__ ) . '/wings/ipstore.php';
68
+ $module = new BVIPStoreCallback($this);
69
+ break;
70
+ case 'fw':
71
+ require_once dirname( __FILE__ ) . '/wings/fw.php';
72
+ $module = new BVFirewallCallback($this);
73
+ break;
74
+ case 'lp':
75
+ require_once dirname( __FILE__ ) . '/wings/lp.php';
76
+ $module = new BVLoginProtectCallback($this);
77
+ break;
78
+ case 'monit':
79
+ require_once dirname( __FILE__ ) . '/wings/monit.php';
80
+ $module = new BVMonitCallback($this);
81
+ break;
82
+ case 'brand':
83
+ require_once dirname( __FILE__ ) . '/wings/brand.php';
84
+ $module = new BVBrandCallback($this);
85
+ break;
86
+ case 'pt':
87
+ require_once dirname( __FILE__ ) . '/wings/protect.php';
88
+ $module = new BVProtectCallback($this);
89
+ break;
90
+ case 'act':
91
+ require_once dirname( __FILE__ ) . '/wings/account.php';
92
+ $module = new BVAccountCallback($this);
93
+ break;
94
+ default:
95
+ require_once dirname( __FILE__ ) . '/wings/misc.php';
96
+ $module = new BVMiscCallback($this);
97
+ break;
98
+ }
99
+ $resp = $module->process($this->request);
100
+ if ($resp === false) {
101
+ $resp = array(
102
+ "statusmsg" => "Bad Command",
103
+ "status" => false);
104
+ }
105
+ $resp = array(
106
+ $this->request->wing => array(
107
+ $this->request->method => $resp
108
+ )
109
+ );
110
+ $this->response->addStatus("callbackresponse", $resp);
111
+ return 1;
112
+ }
113
+ }
114
+ endif;
callback/recover.php DELETED
@@ -1,76 +0,0 @@
1
- <?php
2
-
3
- if (!defined('ABSPATH')) exit;
4
- if (!class_exists('BVRecover')) :
5
- class BVRecover {
6
- public $keyname;
7
- public $keysize;
8
- public $signature;
9
- public $original;
10
-
11
- function __construct($_sig, $_orig, $_keyname, $_keysize) {
12
- $this->keyname = $_keyname;
13
- $this->keysize = $_keysize;
14
- $this->signature = $_sig;
15
- $this->original = $_orig;
16
- }
17
-
18
- public function keyFile() {
19
- return dirname(__DIR__)."/publickeys/$this->keyname.pub";
20
- }
21
-
22
- public function getAsymKey() {
23
- return file_get_contents($this->keyFile());
24
- }
25
-
26
- public function asymEncrypt($source) {
27
- $output = '';
28
- $blocksize = 1 + floor(($this->keysize - 1) / 8) - 11;
29
- while ($source) {
30
- $input = substr($source, 0, $blocksize);
31
- $source = substr($source, $blocksize);
32
- openssl_public_encrypt($input, $encrypted, $this->getAsymKey());
33
-
34
- $output .= $encrypted;
35
- }
36
- return base64_encode($output);
37
- }
38
-
39
- public function validate() {
40
- global $bvresp;
41
- if (!preg_match('/^\w+$/', $this->keyname)) {
42
- $bvresp->addStatus('asymerror', 'badkey');
43
- return false;
44
- } else if (!file_exists($this->keyFile())) {
45
- $bvresp->addStatus('asymerror', 'missingkey');
46
- return false;
47
- } else if (!function_exists('openssl_public_decrypt')) {
48
- $bvresp->addStatus('asymerror', 'openssl_public_decrypt');
49
- return false;
50
- } else if (!function_exists('openssl_public_encrypt')) {
51
- $bvresp->addStatus('asymerror', 'openssl_public_encrypt');
52
- return false;
53
- }
54
- return true;
55
- }
56
-
57
- public function process() {
58
- openssl_public_decrypt($this->signature, $decrypted, $this->getAsymKey());
59
- if ((strlen($decrypted) >= 32) && ($this->original === substr($decrypted, 0, 32))) {
60
- return 1;
61
- }
62
- return false;
63
- }
64
-
65
- public function processKeyExchange() {
66
- global $bvresp, $bvcb;
67
- $bvmain = $bvcb->bvmain;
68
- $keys = $bvmain->auth->allKeys();
69
- $keys['dbsig'] = $bvmain->lib->dbsig(true);
70
- $keys['salt'] = $bvmain->lib->randString(32);
71
- $bvresp->addStatus("activatetime", $bvmain->info->getOption('bvActivateTime'));
72
- $bvresp->addStatus("currenttime", time());
73
- $bvresp->addStatus("keys", $this->asymEncrypt(serialize($keys)));
74
- }
75
- }
76
- endif;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
callback/request.php ADDED
@@ -0,0 +1,179 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ if (!defined('ABSPATH')) exit;
4
+ if (!class_exists('BVCallbackRequest')) :
5
+ class BVCallbackRequest {
6
+ public $params;
7
+ public $method;
8
+ public $wing;
9
+ public $is_afterload;
10
+ public $is_admin_ajax;
11
+ public $is_debug;
12
+ public $account;
13
+ public $calculated_mac;
14
+ public $sig;
15
+ public $time;
16
+ public $version;
17
+ public $is_sha1;
18
+ public $bvb64stream;
19
+ public $bvb64cksize;
20
+ public $checksum;
21
+
22
+ public function __construct($account, $in_params) {
23
+ $this->params = array();
24
+ $this->account = $account;
25
+ $this->wing = $in_params['wing'];
26
+ $this->method = $in_params['bvMethod'];
27
+ $this->is_afterload = array_key_exists('afterload', $in_params);
28
+ $this->is_admin_ajax = array_key_exists('adajx', $in_params);
29
+ $this->is_debug = array_key_exists('bvdbg', $in_params);
30
+ $this->sig = $in_params['sig'];
31
+ $this->time = intval($in_params['bvTime']);
32
+ $this->version = $in_params['bvVersion'];
33
+ $this->is_sha1 = array_key_exists('sha1', $in_params);
34
+ $this->bvb64stream = isset($in_params['bvb64stream']);
35
+ $this->bvb64cksize = array_key_exists('bvb64cksize', $in_params) ? intval($in_params['bvb64cksize']) : false;
36
+ $this->checksum = array_key_exists('checksum', $in_params) ? $in_params['checksum'] : false;
37
+ }
38
+
39
+ public function isAPICall() {
40
+ return array_key_exists('apicall', $this->params);
41
+ }
42
+
43
+ public function respInfo() {
44
+ $info = array(
45
+ "requestedsig" => $this->sig,
46
+ "requestedtime" => $this->time,
47
+ "requestedversion" => $this->version
48
+ );
49
+ if ($this->is_debug) {
50
+ $info["inreq"] = $this->params;
51
+ }
52
+ if ($this->is_admin_ajax) {
53
+ $info["adajx"] = true;
54
+ }
55
+ if ($this->is_afterload) {
56
+ $info["afterload"] = true;
57
+ }
58
+ if ($this->calculated_mac) {
59
+ $info["calculated_mac"] = $this->calculated_mac;
60
+ }
61
+ return $info;
62
+ }
63
+
64
+ public function processParams($in_params) {
65
+ $params = array();
66
+
67
+ if (array_key_exists('obend', $in_params) && function_exists('ob_end_clean'))
68
+ @ob_end_clean();
69
+
70
+ if (array_key_exists('op_reset', $in_params) && function_exists('output_reset_rewrite_vars'))
71
+ @output_reset_rewrite_vars();
72
+
73
+ if (array_key_exists('binhead', $in_params)) {
74
+ header("Content-type: application/binary");
75
+ header('Content-Transfer-Encoding: binary');
76
+ }
77
+
78
+ if (array_key_exists('concat', $in_params)) {
79
+ foreach ($in_params['concat'] as $key) {
80
+ $concated = '';
81
+ $count = intval($in_params[$key]);
82
+ for ($i = 1; $i <= $count; $i++) {
83
+ $concated .= $in_params[$key."_bv_".$i];
84
+ }
85
+ $in_params[$key] = $concated;
86
+ }
87
+ }
88
+
89
+ if (array_key_exists('bvprms', $in_params) && isset($in_params['bvprms']) &&
90
+ array_key_exists('bvprmsmac', $in_params) && isset($in_params['bvprmsmac'])) {
91
+ $digest_algo = 'SHA1';
92
+ $sent_mac = $in_params['bvprmsmac'];
93
+
94
+ if (array_key_exists('bvprmshshalgo', $in_params) && isset($in_params['bvprmshshalgo'])) {
95
+ $digest_algo = $in_params['bvprmshshalgo'];
96
+ }
97
+
98
+ $calculated_mac = hash_hmac($digest_algo, $in_params['bvprms'], $this->account->secret);
99
+ $this->calculated_mac = substr($calculated_mac, 0, 6);
100
+
101
+ if ($this->compare_mac($sent_mac, $calculated_mac) === true) {
102
+
103
+ if (array_key_exists('b64', $in_params)) {
104
+ foreach ($in_params['b64'] as $key) {
105
+ if (is_array($in_params[$key])) {
106
+ $in_params[$key] = array_map('base64_decode', $in_params[$key]);
107
+ } else {
108
+ $in_params[$key] = base64_decode($in_params[$key]);
109
+ }
110
+ }
111
+ }
112
+
113
+ if (array_key_exists('unser', $in_params)) {
114
+ foreach ($in_params['unser'] as $key) {
115
+ $in_params[$key] = json_decode($in_params[$key], TRUE);
116
+ }
117
+ }
118
+
119
+ if (array_key_exists('sersafe', $in_params)) {
120
+ $key = $in_params['sersafe'];
121
+ $in_params[$key] = BVCallbackRequest::serialization_safe_decode($in_params[$key]);
122
+ }
123
+
124
+ if (array_key_exists('bvprms', $in_params) && isset($in_params['bvprms'])) {
125
+ $params = $in_params['bvprms'];
126
+ }
127
+
128
+ if (array_key_exists('clacts', $in_params)) {
129
+ foreach ($in_params['clacts'] as $action) {
130
+ remove_all_actions($action);
131
+ }
132
+ }
133
+
134
+ if (array_key_exists('clallacts', $in_params)) {
135
+ global $wp_filter;
136
+ foreach ( $wp_filter as $filter => $val ){
137
+ remove_all_actions($filter);
138
+ }
139
+ }
140
+
141
+ if (array_key_exists('memset', $in_params)) {
142
+ $val = intval(urldecode($in_params['memset']));
143
+ @ini_set('memory_limit', $val.'M');
144
+ }
145
+
146
+ return $params;
147
+ }
148
+ }
149
+
150
+ return false;
151
+ }
152
+
153
+ private function compare_mac($l_hash, $r_hash) {
154
+ if (!is_string($l_hash) || !is_string($r_hash)) {
155
+ return false;
156
+ }
157
+
158
+ if (strlen($l_hash) !== strlen($r_hash)) {
159
+ return false;
160
+ }
161
+
162
+ if (function_exists('hash_equals')) {
163
+ return hash_equals($l_hash, $r_hash);
164
+ } else {
165
+ return $l_hash === $r_hash;
166
+ }
167
+ }
168
+
169
+ public static function serialization_safe_decode($data) {
170
+ if (is_array($data)) {
171
+ $data = array_map(array('BVCallbackRequest', 'serialization_safe_decode'), $data);
172
+ } elseif (is_string($data)) {
173
+ $data = base64_decode($data);
174
+ }
175
+
176
+ return $data;
177
+ }
178
+ }
179
+ endif;
callback/response.php CHANGED
@@ -1,107 +1,36 @@
1
  <?php
2
 
3
  if (!defined('ABSPATH')) exit;
4
- if (!class_exists('BVResponse')) :
5
-
6
- require_once dirname( __FILE__ ) . '/streams.php';
7
 
8
- class BVResponse {
9
- public $status;
10
- public $stream;
11
 
12
- function __construct() {
13
- $this->status = array("blogvault" => "response");
14
- }
15
-
16
- public function addStatus($key, $value) {
17
- $this->status[$key] = $value;
18
- }
19
-
20
- public function addArrayToStatus($key, $value) {
21
- if (!isset($this->status[$key])) {
22
- $this->status[$key] = array();
23
  }
24
- $this->status[$key][] = $value;
25
- }
26
 
27
- public function base64Encode($data, $chunk_size) {
28
- if ($chunk_size) {
29
- $out = "";
30
- $len = strlen($data);
31
- for ($i = 0; $i < $len; $i += $chunk_size) {
32
- $out .= base64_encode(substr($data, $i, $chunk_size));
33
- }
34
- } else {
35
- $out = base64_encode($data);
36
  }
37
- return $out;
38
- }
39
 
40
- public function finish() {
41
- $response = "bvbvbvbvbv".serialize($this->status)."bvbvbvbvbv";
42
- if (array_key_exists('bvb64resp', $_REQUEST)) {
43
- $chunk_size = array_key_exists('bvb64cksize', $_REQUEST) ? intval($_REQUEST['bvb64cksize']) : false;
44
- $response = "bvb64bvb64".$this->base64Encode($response, $chunk_size)."bvb64bvb64";
45
- }
46
- die($response);
47
- }
48
-
49
- public function writeStream($_string) {
50
- if (strlen($_string) > 0) {
51
- $chunk = "";
52
- if (isset($_REQUEST['bvb64stream'])) {
53
- $chunk_size = array_key_exists('bvb64cksize', $_REQUEST) ? intval($_REQUEST['bvb64cksize']) : false;
54
- $_string = $this->base64Encode($_string, $chunk_size);
55
- $chunk .= "BVB64" . ":";
56
- }
57
- $chunk .= (strlen($_string) . ":" . $_string);
58
- if (isset($_REQUEST['checksum'])) {
59
- if ($_REQUEST['checksum'] == 'crc32') {
60
- $chunk = "CRC32" . ":" . crc32($_string) . ":" . $chunk;
61
- } else if ($_REQUEST['checksum'] == 'md5') {
62
- $chunk = "MD5" . ":" . md5($_string) . ":" . $chunk;
63
- }
64
  }
65
- $this->stream->writeChunk($chunk);
66
  }
67
- }
68
 
69
- public function startStream() {
70
- global $bvcb;
71
- $this->stream = new BVRespStream();
72
- if (array_key_exists('apicall',$_REQUEST)) {
73
- $this->stream = new BVHttpStream($_REQUEST['apihost'], intval($_REQUEST['apiport']), array_key_exists('apissl', $_REQUEST));
74
- if (!$this->stream->connect()) {
75
- $this->addStatus("httperror", "Cannot Open Connection to Host");
76
- $this->addStatus("streamerrno", $this->stream->errno);
77
- $this->addStatus("streamerrstr", $this->stream->errstr);
78
- return false;
79
- }
80
- if (array_key_exists('acbmthd', $_REQUEST)) {
81
- $url = $bvcb->bvmain->authenticatedUrl('/bvapi/'.$_REQUEST['acbmthd'], $_REQUEST['bvapicheck'], false);
82
- if (array_key_exists('acbqry', $_REQUEST)) {
83
- $url .= "&".$_REQUEST['acbqry'];
84
- }
85
- $this->stream->multipartChunkedPost($url);
86
- } else {
87
- $this->addStatus("httperror", "ApiCall method not present");
88
- return false;
89
- }
90
- }
91
- return true;
92
- }
93
 
94
- public function endStream() {
95
- $this->stream->endStream();
96
- if (array_key_exists('apicall', $_REQUEST)) {
97
- $resp = $this->stream->getResponse();
98
- if (array_key_exists('httperror', $resp)) {
99
- $this->addStatus("httperror", $resp['httperror']);
100
- } else {
101
- $this->addStatus("respstatus", $resp['status']);
102
- $this->addStatus("respstatus_string", $resp['status_string']);
103
- }
104
  }
105
  }
106
- }
107
  endif;
1
  <?php
2
 
3
  if (!defined('ABSPATH')) exit;
4
+ if (!class_exists('BVCallbackResponse')) :
 
 
5
 
6
+ class BVCallbackResponse extends BVCallbackBase {
7
+ public $status;
8
+ public $bvb64cksize;
9
 
10
+ public function __construct($bvb64cksize) {
11
+ $this->status = array("blogvault" => "response");
12
+ $this->bvb64cksize = $bvb64cksize;
 
 
 
 
 
 
 
 
13
  }
 
 
14
 
15
+ public function addStatus($key, $value) {
16
+ $this->status[$key] = $value;
 
 
 
 
 
 
 
17
  }
 
 
18
 
19
+ public function addArrayToStatus($key, $value) {
20
+ if (!isset($this->status[$key])) {
21
+ $this->status[$key] = array();
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
22
  }
23
+ $this->status[$key][] = $value;
24
  }
 
25
 
26
+ public function terminate($resp = array()) {
27
+ $resp = array_merge($this->status, $resp);
28
+ $resp["signature"] = "Blogvault API";
29
+ $response = "bvbvbvbvbv".serialize($resp)."bvbvbvbvbv";
30
+ $response = "bvb64bvb64".$this->base64Encode($response, $this->bvb64cksize)."bvb64bvb64";
31
+ die($response);
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
32
 
33
+ exit;
 
 
 
 
 
 
 
 
 
34
  }
35
  }
 
36
  endif;
callback/streams.php CHANGED
@@ -2,18 +2,85 @@
2
 
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVRespStream')) :
5
-
6
- class BVRespStream {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
7
  public function writeChunk($_string) {
8
  echo "ckckckckck".$_string."ckckckckck";
9
  }
10
 
11
  public function endStream() {
12
  echo "rerererere";
 
 
13
  }
14
  }
15
 
16
- class BVHttpStream {
17
  var $user_agent = 'BVHttpStream';
18
  var $host;
19
  var $port;
@@ -24,13 +91,11 @@ class BVHttpStream {
24
  var $boundary;
25
  var $apissl;
26
 
27
- /**
28
- * PHP5 constructor.
29
- */
30
- function __construct($_host, $_port, $_apissl) {
31
- $this->host = $_host;
32
- $this->port = $_port;
33
- $this->apissl = $_apissl;
34
  }
35
 
36
  public function connect() {
@@ -95,8 +160,8 @@ class BVHttpStream {
95
 
96
  public function multipartChunkedPost($url) {
97
  $mph = array(
98
- "Content-Disposition" => "form-data; name=bvinfile; filename=data",
99
- "Content-Type" => "application/octet-stream"
100
  );
101
  $rnd = rand(100000, 999999);
102
  $this->boundary = "----".$rnd;
@@ -122,6 +187,16 @@ class BVHttpStream {
122
  $epilogue = "\r\n\r\n--".$this->boundary."--\r\n";
123
  $this->sendChunk($epilogue);
124
  $this->closeChunk();
 
 
 
 
 
 
 
 
 
 
125
  }
126
 
127
  public function getResponse() {
2
 
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVRespStream')) :
5
+
6
+ class BVStream extends BVCallbackBase {
7
+ public $bvb64stream;
8
+ public $bvb64cksize;
9
+ public $checksum;
10
+
11
+ function __construct($request) {
12
+ $this->bvb64stream = $request->bvb64stream;
13
+ $this->bvb64cksize = $request->bvb64cksize;
14
+ $this->checksum = $request->checksum;
15
+ }
16
+
17
+ public function writeChunk($chunk) {
18
+ }
19
+
20
+ public static function startStream($account, $request) {
21
+ $result = array();
22
+ $params = $request->params;
23
+ $stream = new BVRespStream($request);
24
+ if ($request->isAPICall()) {
25
+ $stream = new BVHttpStream($request);
26
+ if (!$stream->connect()) {
27
+ $apicallstatus = array(
28
+ "httperror" => "Cannot Open Connection to Host",
29
+ "streamerrno" => $stream->errno,
30
+ "streamerrstr" => $stream->errstr
31
+ );
32
+ return array("apicallstatus" => $apicallstatus);
33
+ }
34
+ if (array_key_exists('acbmthd', $params)) {
35
+ $qstr = http_build_query(array('bvapicheck' => $params['bvapicheck']));
36
+ $url = '/bvapi/'.$params['acbmthd']."?".$qstr;
37
+ if (array_key_exists('acbqry', $params)) {
38
+ $url .= "&".$params['acbqry'];
39
+ }
40
+ $stream->multipartChunkedPost($url);
41
+ } else {
42
+ return array("apicallstatus" => array("httperror" => "ApiCall method not present"));
43
+ }
44
+ }
45
+ return array('stream' => $stream);
46
+ }
47
+
48
+ public function writeStream($_string) {
49
+ if (strlen($_string) > 0) {
50
+ $chunk = "";
51
+ if ($this->bvb64stream) {
52
+ $chunk_size = $this->bvb64cksize;
53
+ $_string = $this->base64Encode($_string, $chunk_size);
54
+ $chunk .= "BVB64" . ":";
55
+ }
56
+ $chunk .= (strlen($_string) . ":" . $_string);
57
+ if ($this->checksum == 'crc32') {
58
+ $chunk = "CRC32" . ":" . crc32($_string) . ":" . $chunk;
59
+ } else if ($this->checksum == 'md5') {
60
+ $chunk = "MD5" . ":" . md5($_string) . ":" . $chunk;
61
+ }
62
+ $this->writeChunk($chunk);
63
+ }
64
+ }
65
+ }
66
+
67
+ class BVRespStream extends BVStream {
68
+ function __construct($request) {
69
+ parent::__construct($request);
70
+ }
71
+
72
  public function writeChunk($_string) {
73
  echo "ckckckckck".$_string."ckckckckck";
74
  }
75
 
76
  public function endStream() {
77
  echo "rerererere";
78
+
79
+ return array();
80
  }
81
  }
82
 
83
+ class BVHttpStream extends BVStream {
84
  var $user_agent = 'BVHttpStream';
85
  var $host;
86
  var $port;
91
  var $boundary;
92
  var $apissl;
93
 
94
+ function __construct($request) {
95
+ parent::__construct($request);
96
+ $this->host = $request->params['apihost'];
97
+ $this->port = intval($request->params['apiport']);
98
+ $this->apissl = array_key_exists('apissl', $request->params);
 
 
99
  }
100
 
101
  public function connect() {
160
 
161
  public function multipartChunkedPost($url) {
162
  $mph = array(
163
+ "Content-Disposition" => "form-data; name=bvinfile; filename=data",
164
+ "Content-Type" => "application/octet-stream"
165
  );
166
  $rnd = rand(100000, 999999);
167
  $this->boundary = "----".$rnd;
187
  $epilogue = "\r\n\r\n--".$this->boundary."--\r\n";
188
  $this->sendChunk($epilogue);
189
  $this->closeChunk();
190
+
191
+ $result = array();
192
+ $resp = $this->getResponse();
193
+ if (array_key_exists('httperror', $resp)) {
194
+ $result["httperror"] = $resp['httperror'];
195
+ } else {
196
+ $result["respstatus"] = $resp['status'];
197
+ $result["respstatus_string"] = $resp['status_string'];
198
+ }
199
+ return array("apicallstatus" => $result);
200
  }
201
 
202
  public function getResponse() {
callback/wings/account.php CHANGED
@@ -2,33 +2,57 @@
2
 
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVAccountCallback')) :
 
 
 
5
 
6
- require_once dirname( __FILE__ ) . '/../../account.php';
7
-
8
- class BVAccountCallback {
 
9
 
10
- function process($method) {
11
- global $bvresp, $bvcb;
12
- $account = new BVAccountInfo($bvcb->bvmain);
13
- switch ($method) {
 
 
 
 
 
 
 
 
14
  case "updt":
15
  $info = array();
16
- $info['email'] = $_REQUEST['email'];
17
- $info['url'] = $_REQUEST['url'];
18
- $info['pubkey'] = $_REQUEST['pubkey'];
19
- $account->add($info);
20
- $bvresp->addStatus("status", $account->doesAccountExists($_REQUEST['pubkey']));
21
- break;
22
- case "disc":
23
- $account->remove($_REQUEST['pubkey']);
24
- $bvresp->addStatus("status", !$account->doesAccountExists($_REQUEST['pubkey']));
 
 
 
 
 
 
 
 
 
 
 
 
25
  case "fetch":
26
- $bvresp->addStatus("status", $account->allAccounts());
27
  break;
28
  default:
29
- return false;
30
  }
31
- return true;
32
  }
33
  }
34
  endif;
2
 
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVAccountCallback')) :
5
+ class BVAccountCallback extends BVCallbackBase {
6
+ public $account;
7
+ public $settings;
8
 
9
+ public function __construct($callback_handler) {
10
+ $this->account = $callback_handler->account;
11
+ $this->settings = $callback_handler->settings;
12
+ }
13
 
14
+ function process($request) {
15
+ $params = $request->params;
16
+ $account = $this->account;
17
+ $settings = $this->settings;
18
+ switch ($request->method) {
19
+ case "addacc":
20
+ BVAccount::addAccount($this->settings, $params['public'], $params['secret']);
21
+ $resp = array("status" => BVAccount::exists($this->settings, $params['public']));
22
+ break;
23
+ case "rmacc":
24
+ $resp = array("status" => $account->remove($params['public']));
25
+ break;
26
  case "updt":
27
  $info = array();
28
+ $info['email'] = $params['email'];
29
+ $info['url'] = $params['url'];
30
+ $info['pubkey'] = $params['pubkey'];
31
+ $account->updateInfo($info);
32
+ $resp = array("status" => BVAccount::exists($this->settings, $params['pubkey']));
33
+ break;
34
+ case "updtapikey":
35
+ $resp = array("status" => BVAccount::updateApiPublicKey($this->settings, $params['pubkey']));
36
+ break;
37
+ case "rmdefsec":
38
+ $resp = array("status" => $settings->deleteOption('bvDefaultSecret'));
39
+ break;
40
+ case "rmbvkeys":
41
+ $resp = array("status" => $settings->deleteOption('bvKeys'));
42
+ break;
43
+ case "rmdefpub":
44
+ $resp = array("status" => $settings->deleteOption('bvDefaultPublic'));
45
+ break;
46
+ case "rmoldbvacc":
47
+ $resp = array("status" => $settings->deleteOption('bvAccounts'));
48
+ break;
49
  case "fetch":
50
+ $resp = array("status" => BVAccount::allAccounts($this->settings));
51
  break;
52
  default:
53
+ $resp = false;
54
  }
55
+ return $resp;
56
  }
57
  }
58
  endif;
callback/wings/auth.php DELETED
@@ -1,26 +0,0 @@
1
- <?php
2
-
3
- if (!defined('ABSPATH')) exit;
4
- if (!class_exists('BVAuthCallback')) :
5
- class BVAuthCallback {
6
-
7
- function process($method) {
8
- global $bvresp, $bvcb;
9
- $auth = $bvcb->bvmain->auth;
10
- switch ($method) {
11
- case "addkeys":
12
- $bvresp->addStatus("status", $auth->addKeys($_REQUEST['public'], $_REQUEST['secret']));
13
- break;
14
- case "updatekeys":
15
- $bvresp->addStatus("status", $auth->updateKeys($_REQUEST['public'], $_REQUEST['secret']));
16
- break;
17
- case "rmkeys":
18
- $bvresp->addStatus("status", $auth->rmKeys($_REQUEST['public']));
19
- break;
20
- default:
21
- return false;
22
- }
23
- return true;
24
- }
25
- }
26
- endif;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
callback/wings/brand.php CHANGED
@@ -3,46 +3,52 @@
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVBrandCallback')) :
5
 
6
- class BVBrandCallback {
7
- public function process($method) {
8
- global $bvresp, $bvcb;
9
- $info = $bvcb->bvmain->info;
10
- $option_name = $bvcb->bvmain->brand_option;
11
- switch($method) {
 
 
 
 
 
 
12
  case 'setbrand':
13
  $brandinfo = array();
14
- if (array_key_exists('hide', $_REQUEST)) {
15
- $brandinfo['hide'] = $_REQUEST['hide'];
16
  } else {
17
- $brandinfo['name'] = $_REQUEST['name'];
18
- $brandinfo['title'] = $_REQUEST['title'];
19
- $brandinfo['description'] = $_REQUEST['description'];
20
- $brandinfo['pluginuri'] = $_REQUEST['pluginuri'];
21
- $brandinfo['author'] = $_REQUEST['author'];
22
- $brandinfo['authorname'] = $_REQUEST['authorname'];
23
- $brandinfo['authoruri'] = $_REQUEST['authoruri'];
24
- $brandinfo['menuname'] = $_REQUEST['menuname'];
25
- $brandinfo['logo'] = $_REQUEST['logo'];
26
- $brandinfo['webpage'] = $_REQUEST['webpage'];
27
- $brandinfo['appurl'] = $_REQUEST['appurl'];
28
- if (array_key_exists('hide_plugin_details', $_REQUEST)) {
29
- $brandinfo['hide_plugin_details'] = $_REQUEST['hide_plugin_details'];
30
  }
31
- if (array_key_exists('hide_from_menu', $_REQUEST)) {
32
- $brandinfo['hide_from_menu'] = $_REQUEST['hide_from_menu'];
33
  }
34
  }
35
- $info->updateOption($option_name, $brandinfo);
36
- $bvresp->addStatus("setbrand", $info->getOption($option_name));
37
  break;
38
  case 'rmbrand':
39
- $info->deleteOption($option_name);
40
- $bvresp->addStatus("rmbrand", !$info->getOption($option_name));
41
  break;
42
  default:
43
- return false;
44
  }
45
- return true;
46
  }
47
  }
48
  endif;
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVBrandCallback')) :
5
 
6
+ class BVBrandCallback extends BVCallbackBase {
7
+ public $settings;
8
+
9
+ public function __construct($callback_handler) {
10
+ $this->settings = $callback_handler->settings;
11
+ }
12
+
13
+ public function process($request) {
14
+ $bvinfo = new BVInfo($this->settings);
15
+ $option_name = $bvinfo->brand_option;
16
+ $params = $request->params;
17
+ switch($request->method) {
18
  case 'setbrand':
19
  $brandinfo = array();
20
+ if (array_key_exists('hide', $params)) {
21
+ $brandinfo['hide'] = $params['hide'];
22
  } else {
23
+ $brandinfo['name'] = $params['name'];
24
+ $brandinfo['title'] = $params['title'];
25
+ $brandinfo['description'] = $params['description'];
26
+ $brandinfo['pluginuri'] = $params['pluginuri'];
27
+ $brandinfo['author'] = $params['author'];
28
+ $brandinfo['authorname'] = $params['authorname'];
29
+ $brandinfo['authoruri'] = $params['authoruri'];
30
+ $brandinfo['menuname'] = $params['menuname'];
31
+ $brandinfo['logo'] = $params['logo'];
32
+ $brandinfo['webpage'] = $params['webpage'];
33
+ $brandinfo['appurl'] = $params['appurl'];
34
+ if (array_key_exists('hide_plugin_details', $params)) {
35
+ $brandinfo['hide_plugin_details'] = $params['hide_plugin_details'];
36
  }
37
+ if (array_key_exists('hide_from_menu', $params)) {
38
+ $brandinfo['hide_from_menu'] = $params['hide_from_menu'];
39
  }
40
  }
41
+ $this->settings->updateOption($option_name, $brandinfo);
42
+ $resp = array("setbrand" => $this->settings->getOption($option_name));
43
  break;
44
  case 'rmbrand':
45
+ $this->settings->deleteOption($option_name);
46
+ $resp = array("rmbrand" => !$this->settings->getOption($option_name));
47
  break;
48
  default:
49
+ $resp = false;
50
  }
51
+ return $resp;
52
  }
53
  }
54
  endif;
callback/wings/bv_upgrader_skin.php CHANGED
@@ -3,6 +3,7 @@
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVUpgraderSkin')) :
5
  class BVUpgraderSkin extends WP_Upgrader_Skin {
 
6
  public $action = '';
7
  public $plugin_info = array();
8
  public $theme_info = array();
@@ -42,7 +43,6 @@ class BVUpgraderSkin extends WP_Upgrader_Skin {
42
  }
43
 
44
  function error($errors) {
45
- global $bvresp;
46
  $key = $this->get_key();
47
  $message = array();
48
  $message['error'] = true;
@@ -52,17 +52,16 @@ class BVUpgraderSkin extends WP_Upgrader_Skin {
52
  $message['data'] = $errors->get_error_data();
53
  $message['code'] = $errors->get_error_code();
54
  }
55
- $bvresp->addArrayToStatus($this->action.':'.$key, $message);
56
  }
57
 
58
  function feedback($string) {
59
- global $bvresp;
60
  if ( empty($string) )
61
  return;
62
  $key = $this->get_key();
63
  $message = array();
64
  $message['message'] = $string;
65
- $bvresp->addArrayToStatus($this->action.':'.$key, $message);
66
  }
67
  }
68
  endif;
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVUpgraderSkin')) :
5
  class BVUpgraderSkin extends WP_Upgrader_Skin {
6
+ public $status = array();
7
  public $action = '';
8
  public $plugin_info = array();
9
  public $theme_info = array();
43
  }
44
 
45
  function error($errors) {
 
46
  $key = $this->get_key();
47
  $message = array();
48
  $message['error'] = true;
52
  $message['data'] = $errors->get_error_data();
53
  $message['code'] = $errors->get_error_code();
54
  }
55
+ $this->status[$this->action.':'.$key][] = $message;
56
  }
57
 
58
  function feedback($string) {
 
59
  if ( empty($string) )
60
  return;
61
  $key = $this->get_key();
62
  $message = array();
63
  $message['message'] = $string;
64
+ $this->status[$this->action.':'.$key][] = $message;
65
  }
66
  }
67
  endif;
callback/wings/db.php CHANGED
@@ -2,7 +2,17 @@
2
 
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVDBCallback')) :
5
- class BVDBCallback {
 
 
 
 
 
 
 
 
 
 
6
 
7
  public function getLastID($pkeys, $end_row) {
8
  $last_ids = array();
@@ -13,11 +23,10 @@ class BVDBCallback {
13
  }
14
 
15
  public function getTableData($table, $tname, $rcount, $offset, $limit, $bsize, $filter, $pkeys, $include_rows = false) {
16
- global $bvcb, $bvresp;
17
  $tinfo = array();
18
 
19
- $rows_count = $bvcb->bvmain->db->rowsCount($table);
20
- $bvresp->addStatus('count', $rows_count);
21
  if ($limit == 0) {
22
  $limit = $rows_count;
23
  }
@@ -25,7 +34,7 @@ class BVDBCallback {
25
  while (($limit > 0) && ($srows > 0)) {
26
  if ($bsize > $limit)
27
  $bsize = $limit;
28
- $rows = $bvcb->bvmain->db->getTableContent($table, '*', $filter, $bsize, $offset);
29
  $srows = sizeof($rows);
30
  $data = array();
31
  $data["offset"] = $offset;
@@ -36,110 +45,127 @@ class BVDBCallback {
36
  $end_row = end($rows);
37
  $last_ids = $this->getLastID($pkeys, $end_row);
38
  $data['last_ids'] = $last_ids;
39
- $bvresp->addStatus('last_ids', $last_ids);
40
  }
41
  if ($include_rows) {
42
  $data["rows"] = $rows;
43
  $str = serialize($data);
44
- $bvresp->writeStream($str);
45
  }
46
  $offset += $srows;
47
  $limit -= $srows;
48
  }
49
- $bvresp->addStatus('size', $offset);
50
- $bvresp->addStatus('tinfo', $tinfo);
 
51
  }
52
 
53
- public function process($method) {
54
- global $bvresp, $bvcb;
55
- $db = $bvcb->bvmain->db;
56
- switch ($method) {
57
- case "gettbls":
58
- $bvresp->addStatus("tables", $db->showTables());
59
- break;
60
- case "tblstatus":
61
- $bvresp->addStatus("statuses", $db->showTableStatus());
62
- break;
63
- case "tablekeys":
64
- $table = urldecode($_REQUEST['table']);
65
- $bvresp->addStatus("table_keys", $db->tableKeys($table));
66
- break;
67
- case "describetable":
68
- $table = urldecode($_REQUEST['table']);
69
- $bvresp->addStatus("table_description", $db->describeTable($table));
70
- break;
71
- case "checktable":
72
- $table = urldecode($_REQUEST['table']);
73
- $type = urldecode($_REQUEST['type']);
74
- $bvresp->addStatus("status", $db->checkTable($table, $type));
75
- break;
76
- case "repairtable":
77
- $table = urldecode($_REQUEST['table']);
78
- $bvresp->addStatus("status", $db->repairTable($table));
79
- break;
80
- case "gettcrt":
81
- $table = urldecode($_REQUEST['table']);
82
- $bvresp->addStatus("create", $db->showTableCreate($table));
83
- break;
84
- case "getrowscount":
85
- $table = urldecode($_REQUEST['table']);
86
- $bvresp->addStatus("count", $db->rowsCount($table));
87
- break;
88
- case "gettablecontent":
89
- $table = urldecode($_REQUEST['table']);
90
- $fields = urldecode($_REQUEST['fields']);
91
- $filter = (array_key_exists('filter', $_REQUEST)) ? urldecode($_REQUEST['filter']) : "";
92
- $limit = intval(urldecode($_REQUEST['limit']));
93
- $offset = intval(urldecode($_REQUEST['offset']));
94
- $pkeys = (array_key_exists('pkeys', $_REQUEST)) ? $_REQUEST['pkeys'] : array();
95
- $bvresp->addStatus('timestamp', time());
96
- $bvresp->addStatus('tablename', $table);
97
- $rows = $db->getTableContent($table, $fields, $filter, $limit, $offset);
98
- $srows = sizeof($rows);
99
- if (!empty($pkeys) && $srows > 0) {
100
- $end_row = end($rows);
101
- $bvresp->addStatus('last_ids', $this->getLastID($pkeys, $end_row));
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
102
  }
103
- $bvresp->addStatus("rows", $rows);
104
- break;
105
- case "tableinfo":
106
- $table = urldecode($_REQUEST['table']);
107
- $offset = intval(urldecode($_REQUEST['offset']));
108
- $limit = intval(urldecode($_REQUEST['limit']));
109
- $bsize = intval(urldecode($_REQUEST['bsize']));
110
- $filter = (array_key_exists('filter', $_REQUEST)) ? urldecode($_REQUEST['filter']) : "";
111
- $rcount = intval(urldecode($_REQUEST['rcount']));
112
- $tname = urldecode($_REQUEST['tname']);
113
- $pkeys = (array_key_exists('pkeys', $_REQUEST)) ? $_REQUEST['pkeys'] : array();
114
- $this->getTableData($table, $tname, $rcount, $offset, $limit, $bsize, $filter, $pkeys, false);
115
- break;
116
- case "uploadrows":
117
- $table = urldecode($_REQUEST['table']);
118
- $offset = intval(urldecode($_REQUEST['offset']));
119
- $limit = intval(urldecode($_REQUEST['limit']));
120
- $bsize = intval(urldecode($_REQUEST['bsize']));
121
- $filter = (array_key_exists('filter', $_REQUEST)) ? urldecode($_REQUEST['filter']) : "";
122
- $rcount = intval(urldecode($_REQUEST['rcount']));
123
- $tname = urldecode($_REQUEST['tname']);
124
- $pkeys = (array_key_exists('pkeys', $_REQUEST)) ? $_REQUEST['pkeys'] : array();
125
- $this->getTableData($table, $tname, $rcount, $offset, $limit, $bsize, $filter, $pkeys, true);
126
- break;
127
- case "tblexists":
128
- $bvresp->addStatus("tblexists", $db->isTablePresent($_REQUEST['tablename']));
129
- break;
130
- case "crttbl":
131
- $bvresp->addStatus("crttbl", $db->createTable($_REQUEST['query'], $_REQUEST['tablename']));
132
- break;
133
- case "drptbl":
134
- $bvresp->addStatus("drptbl", $db->dropBVTable($_REQUEST['name']));
135
- break;
136
- case "trttbl":
137
- $bvresp->addStatus("trttbl", $db->truncateBVTable($_REQUEST['name']));
138
- break;
139
- default:
140
- return false;
141
  }
142
- return true;
143
  }
144
  }
145
  endif;
2
 
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVDBCallback')) :
5
+ require_once dirname( __FILE__ ) . '/../streams.php';
6
+
7
+ class BVDBCallback extends BVCallbackBase {
8
+ public $db;
9
+ public $stream;
10
+ public $account;
11
+
12
+ public function __construct($callback_handler) {
13
+ $this->db = $callback_handler->db;
14
+ $this->account = $callback_handler->account;
15
+ }
16
 
17
  public function getLastID($pkeys, $end_row) {
18
  $last_ids = array();
23
  }
24
 
25
  public function getTableData($table, $tname, $rcount, $offset, $limit, $bsize, $filter, $pkeys, $include_rows = false) {
 
26
  $tinfo = array();
27
 
28
+ $rows_count = $this->db->rowsCount($table);
29
+ $result = array('count' => $rows_count);
30
  if ($limit == 0) {
31
  $limit = $rows_count;
32
  }
34
  while (($limit > 0) && ($srows > 0)) {
35
  if ($bsize > $limit)
36
  $bsize = $limit;
37
+ $rows = $this->db->getTableContent($table, '*', $filter, $bsize, $offset);
38
  $srows = sizeof($rows);
39
  $data = array();
40
  $data["offset"] = $offset;
45
  $end_row = end($rows);
46
  $last_ids = $this->getLastID($pkeys, $end_row);
47
  $data['last_ids'] = $last_ids;
48
+ $result['last_ids'] = $last_ids;
49
  }
50
  if ($include_rows) {
51
  $data["rows"] = $rows;
52
  $str = serialize($data);
53
+ $this->stream->writeStream($str);
54
  }
55
  $offset += $srows;
56
  $limit -= $srows;
57
  }
58
+ $result['size'] = $offset;
59
+ $result['tinfo'] = $tinfo;
60
+ return $result;
61
  }
62
 
63
+ public function process($request) {
64
+ $db = $this->db;
65
+ $params = $request->params;
66
+ $stream_init_info = BVStream::startStream($this->account, $request);
67
+ if (array_key_exists('stream', $stream_init_info)) {
68
+ $this->stream = $stream_init_info['stream'];
69
+ switch ($request->method) {
70
+ case "gettbls":
71
+ $resp = array("tables" => $db->showTables());
72
+ break;
73
+ case "tblstatus":
74
+ $resp = array("statuses" => $db->showTableStatus());
75
+ break;
76
+ case "tablekeys":
77
+ $table = urldecode($params['table']);
78
+ $resp = array("table_keys" => $db->tableKeys($table));
79
+ break;
80
+ case "describetable":
81
+ $table = urldecode($params['table']);
82
+ $resp = array("table_description" => $db->describeTable($table));
83
+ break;
84
+ case "checktable":
85
+ $table = urldecode($params['table']);
86
+ $type = urldecode($params['type']);
87
+ $resp = array("status" => $db->checkTable($table, $type));
88
+ break;
89
+ case "repairtable":
90
+ $table = urldecode($params['table']);
91
+ $resp = array("status" => $db->repairTable($table));
92
+ break;
93
+ case "gettcrt":
94
+ $table = urldecode($params['table']);
95
+ $resp = array("create" => $db->showTableCreate($table));
96
+ break;
97
+ case "getrowscount":
98
+ $table = urldecode($params['table']);
99
+ $resp = array("count" => $db->rowsCount($table));
100
+ break;
101
+ case "gettablecontent":
102
+ $result = array();
103
+ $table = urldecode($params['table']);
104
+ $fields = urldecode($params['fields']);
105
+ $filter = (array_key_exists('filter', $params)) ? urldecode($params['filter']) : "";
106
+ $limit = intval(urldecode($params['limit']));
107
+ $offset = intval(urldecode($params['offset']));
108
+ $pkeys = (array_key_exists('pkeys', $params)) ? $params['pkeys'] : array();
109
+ $result['timestamp'] = time();
110
+ $result['tablename'] = $table;
111
+ $rows = $db->getTableContent($table, $fields, $filter, $limit, $offset);
112
+ $srows = sizeof($rows);
113
+ if (!empty($pkeys) && $srows > 0) {
114
+ $end_row = end($rows);
115
+ $result['last_ids'] = $this->getLastID($pkeys, $end_row);
116
+ }
117
+ $result["rows"] = $rows;
118
+ $resp = $result;
119
+ break;
120
+ case "tableinfo":
121
+ $table = urldecode($params['table']);
122
+ $offset = intval(urldecode($params['offset']));
123
+ $limit = intval(urldecode($params['limit']));
124
+ $bsize = intval(urldecode($params['bsize']));
125
+ $filter = (array_key_exists('filter', $params)) ? urldecode($params['filter']) : "";
126
+ $rcount = intval(urldecode($params['rcount']));
127
+ $tname = urldecode($params['tname']);
128
+ $pkeys = (array_key_exists('pkeys', $params)) ? $params['pkeys'] : array();
129
+ $resp = $this->getTableData($table, $tname, $rcount, $offset, $limit, $bsize, $filter, $pkeys, false);
130
+ break;
131
+ case "uploadrows":
132
+ $table = urldecode($params['table']);
133
+ $offset = intval(urldecode($params['offset']));
134
+ $limit = intval(urldecode($params['limit']));
135
+ $bsize = intval(urldecode($params['bsize']));
136
+ $filter = (array_key_exists('filter', $params)) ? urldecode($params['filter']) : "";
137
+ $rcount = intval(urldecode($params['rcount']));
138
+ $tname = urldecode($params['tname']);
139
+ $pkeys = (array_key_exists('pkeys', $params)) ? $params['pkeys'] : array();
140
+ $resp = $this->getTableData($table, $tname, $rcount, $offset, $limit, $bsize, $filter, $pkeys, true);
141
+ break;
142
+ case "tblexists":
143
+ $resp = array("tblexists" => $db->isTablePresent($params['tablename']));
144
+ break;
145
+ case "crttbl":
146
+ $usedbdelta = array_key_exists('usedbdelta', $params);
147
+ $resp = array("crttbl" => $db->createTable($params['query'], $params['tablename'], $usedbdelta));
148
+ break;
149
+ case "drptbl":
150
+ $resp = array("drptbl" => $db->dropBVTable($params['name']));
151
+ break;
152
+ case "trttbl":
153
+ $resp = array("trttbl" => $db->truncateBVTable($params['name']));
154
+ break;
155
+ case "altrtbl":
156
+ $resp = array("altrtbl" => $db->alterBVTable($params['query'], $params['query']));
157
+ break;
158
+ default:
159
+ $resp = false;
160
+ }
161
+ $end_stream_info = $this->stream->endStream();
162
+ if (!empty($end_stream_info) && is_array($resp)) {
163
+ $resp = array_merge($resp, $end_stream_info);
164
  }
165
+ } else {
166
+ $resp = $stream_init_info;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
167
  }
168
+ return $resp;
169
  }
170
  }
171
  endif;
callback/wings/dynsync.php CHANGED
@@ -3,19 +3,25 @@
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVDynSyncCallback')) :
5
 
6
- require_once dirname( __FILE__ ) . '/../../dynsync.php';
 
 
 
 
 
 
 
 
 
7
 
8
- class BVDynSyncCallback {
9
  public function dropDynSyncTable() {
10
- global $bvcb;
11
- return $bvcb->bvmain->db->dropBVTable(BVDynSync::$dynsync_table);
12
  }
13
 
14
- public function createDynSyncTable() {
15
- global $bvcb;
16
- $db = $bvcb->bvmain->db;
17
  $charset_collate = $db->getCharsetCollate();
18
- $table = $bvcb->bvmain->db->getBVTable(BVDynSync::$dynsync_table);
19
  $query = "CREATE TABLE $table (
20
  id bigint(20) NOT NULL AUTO_INCREMENT,
21
  site_id int NOT NULL,
@@ -24,58 +30,61 @@ class BVDynSyncCallback {
24
  event_data text NOT NULL DEFAULT '',
25
  PRIMARY KEY (id)
26
  ) $charset_collate;";
27
- return $db->createTable($query, BVDynSync::$dynsync_table);
28
  }
29
 
30
- public function process($method) {
31
- global $bvresp, $bvcb;
32
- $info = $bvcb->bvmain->info;
33
- switch ($method) {
34
  case "truncdynsynctable":
35
- $bvresp->addStatus("status", $bvcb->bvmain->db->truncateBVTable(BVDynSync::$dynsync_table));
36
  break;
37
  case "dropdynsynctable":
38
- $bvresp->addStatus("status", $this->dropDynSyncTable());
39
  break;
40
  case "createdynsynctable":
41
- $bvresp->addStatus("status", $this->createDynSyncTable());
 
42
  break;
43
  case "setdynsync":
44
- if (array_key_exists('dynplug', $_REQUEST)) {
45
- $info->updateOption('bvdynplug', $_REQUEST['dynplug']);
46
  } else {
47
- $info->deleteOption('bvdynplug');
48
  }
49
- $info->updateOption('bvDynSyncActive', $_REQUEST['dynsync']);
 
50
  break;
51
  case "setwoodyn":
52
- $info->updateOption('bvWooDynSync', $_REQUEST['woodyn']);
53
  break;
54
  case "setignorednames":
55
- switch ($_REQUEST['table']) {
56
  case "options":
57
- $info->updateOption('bvIgnoredOptions', $_REQUEST['names']);
58
  break;
59
  case "postmeta":
60
- $info->updateOption('bvIgnoredPostmeta', $_REQUEST['names']);
61
  break;
62
  }
 
63
  break;
64
  case "getignorednames":
65
- switch ($_REQUEST['table']) {
66
  case "options":
67
- $names = $info->getOption('bvIgnoredOptions');
68
  break;
69
  case "postmeta":
70
- $names = $info->getOption('bvIgnoredPostmeta');
71
  break;
72
  }
73
- $bvresp->addStatus("names", $names);
74
  break;
75
  default:
76
- return false;
77
  }
78
- return true;
79
  }
80
  }
81
  endif;
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVDynSyncCallback')) :
5
 
6
+ require_once dirname( __FILE__ ) . '/../../wp_dynsync.php';
7
+
8
+ class BVDynSyncCallback extends BVCallbackBase {
9
+ public $db;
10
+ public $settings;
11
+
12
+ public function __construct($callback_handler) {
13
+ $this->db = $callback_handler->db;
14
+ $this->settings = $callback_handler->settings;
15
+ }
16
 
 
17
  public function dropDynSyncTable() {
18
+ return $this->db->dropBVTable(BVWPDynSync::$dynsync_table);
 
19
  }
20
 
21
+ public function createDynSyncTable($usedbdelta = false) {
22
+ $db = $this->db;
 
23
  $charset_collate = $db->getCharsetCollate();
24
+ $table = $this->db->getBVTable(BVWPDynSync::$dynsync_table);
25
  $query = "CREATE TABLE $table (
26
  id bigint(20) NOT NULL AUTO_INCREMENT,
27
  site_id int NOT NULL,
30
  event_data text NOT NULL DEFAULT '',
31
  PRIMARY KEY (id)
32
  ) $charset_collate;";
33
+ return $db->createTable($query, BVWPDynSync::$dynsync_table, $usedbdelta);
34
  }
35
 
36
+ public function process($request) {
37
+ $settings = $this->settings;
38
+ $params = $request->params;
39
+ switch ($request->method) {
40
  case "truncdynsynctable":
41
+ $resp = array("status" => $this->db->truncateBVTable(BVWPDynSync::$dynsync_table));
42
  break;
43
  case "dropdynsynctable":
44
+ $resp = array("status" => $this->dropDynSyncTable());
45
  break;
46
  case "createdynsynctable":
47
+ $usedbdelta = array_key_exists('usedbdelta', $params);
48
+ $resp = array("status" => $this->createDynSyncTable($usedbdelta));
49
  break;
50
  case "setdynsync":
51
+ if (array_key_exists('dynplug', $params)) {
52
+ $settings->updateOption('bvdynplug', $params['dynplug']);
53
  } else {
54
+ $settings->deleteOption('bvdynplug');
55
  }
56
+ $settings->updateOption('bvDynSyncActive', $params['dynsync']);
57
+ $resp = array("status" => "done");
58
  break;
59
  case "setwoodyn":
60
+ $resp = array("status" => $settings->updateOption('bvWooDynSync', $params['woodyn']));
61
  break;
62
  case "setignorednames":
63
+ switch ($params['table']) {
64
  case "options":
65
+ $settings->updateOption('bvIgnoredOptions', $params['names']);
66
  break;
67
  case "postmeta":
68
+ $settings->updateOption('bvIgnoredPostmeta', $params['names']);
69
  break;
70
  }
71
+ $resp = array("status" => "done");
72
  break;
73
  case "getignorednames":
74
+ switch ($params['table']) {
75
  case "options":
76
+ $names = $settings->getOption('bvIgnoredOptions');
77
  break;
78
  case "postmeta":
79
+ $names = $settings->getOption('bvIgnoredPostmeta');
80
  break;
81
  }
82
+ $resp = array("names", $names);
83
  break;
84
  default:
85
+ $resp = false;
86
  }
87
+ return $resp;
88
  }
89
  }
90
  endif;
callback/wings/fs.php CHANGED
@@ -2,7 +2,16 @@
2
 
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVFSCallback')) :
5
- class BVFSCallback {
 
 
 
 
 
 
 
 
 
6
  function fileStat($relfile) {
7
  $absfile = ABSPATH.$relfile;
8
  $fdata = array();
@@ -22,7 +31,6 @@ class BVFSCallback {
22
  }
23
 
24
  function scanFilesUsingGlob($initdir = "./", $offset = 0, $limit = 0, $bsize = 512, $recurse = true, $regex = '{.??,}*') {
25
- global $bvresp;
26
  $i = 0;
27
  $dirs = array();
28
  $dirs[] = $initdir;
@@ -51,7 +59,7 @@ class BVFSCallback {
51
  $bfc++;
52
  if ($bfc == $bsize) {
53
  $str = serialize($bfa);
54
- $bvresp->writeStream($str);
55
  $bfc = 0;
56
  $bfa = array();
57
  }
@@ -63,12 +71,12 @@ class BVFSCallback {
63
  }
64
  if ($bfc != 0) {
65
  $str = serialize($bfa);
66
- $bvresp->writeStream($str);
67
  }
 
68
  }
69
 
70
  function scanFiles($initdir = "./", $offset = 0, $limit = 0, $bsize = 512, $recurse = true) {
71
- global $bvresp;
72
  $i = 0;
73
  $dirs = array();
74
  $dirs[] = $initdir;
@@ -97,7 +105,7 @@ class BVFSCallback {
97
  $bfc++;
98
  if ($bfc == $bsize) {
99
  $str = serialize($bfa);
100
- $bvresp->writeStream($str);
101
  $bfc = 0;
102
  $bfa = array();
103
  }
@@ -110,8 +118,9 @@ class BVFSCallback {
110
  }
111
  if ($bfc != 0) {
112
  $str = serialize($bfa);
113
- $bvresp->writeStream($str);
114
  }
 
115
  }
116
 
117
  function calculateMd5($absfile, $fdata, $offset, $limit, $bsize) {
@@ -141,27 +150,27 @@ class BVFSCallback {
141
  }
142
 
143
  function getFilesStats($files, $offset = 0, $limit = 0, $bsize = 102400, $md5 = false) {
144
- global $bvresp;
145
  foreach ($files as $file) {
146
  $fdata = $this->fileStat($file);
147
  $absfile = ABSPATH.$file;
148
  if (!is_readable($absfile)) {
149
- $bvresp->addArrayToStatus("missingfiles", $file);
150
  continue;
151
  }
152
  if ($md5 === true) {
153
  $fdata["md5"] = $this->calculateMd5($absfile, $fdata, $offset, $limit, $bsize);
154
  }
155
- $bvresp->addArrayToStatus("stats", $fdata);
156
  }
 
157
  }
158
 
159
  function uploadFiles($files, $offset = 0, $limit = 0, $bsize = 102400) {
160
- global $bvresp;
161
-
162
  foreach ($files as $file) {
163
  if (!is_readable(ABSPATH.$file)) {
164
- $bvresp->addArrayToStatus("missingfiles", $file);
165
  continue;
166
  }
167
  $handle = fopen(ABSPATH.$file, "rb");
@@ -175,7 +184,7 @@ class BVFSCallback {
175
  $_limit = $fdata["size"] - $offset;
176
  $fdata["limit"] = $_limit;
177
  $sfdata = serialize($fdata);
178
- $bvresp->writeStream($sfdata);
179
  fseek($handle, $offset, SEEK_SET);
180
  $dlen = 1;
181
  while (($_limit > 0) && ($dlen > 0)) {
@@ -183,76 +192,89 @@ class BVFSCallback {
183
  $_bsize = $_limit;
184
  $d = fread($handle, $_bsize);
185
  $dlen = strlen($d);
186
- $bvresp->writeStream($d);
187
  $_limit -= $dlen;
188
  }
189
  fclose($handle);
190
  } else {
191
- $bvresp->addArrayToStatus("unreadablefiles", $file);
192
  }
193
  }
 
 
194
  }
195
 
196
- function process($method) {
197
- switch ($method) {
198
- case "scanfilesglob":
199
- $initdir = urldecode($_REQUEST['initdir']);
200
- $offset = intval(urldecode($_REQUEST['offset']));
201
- $limit = intval(urldecode($_REQUEST['limit']));
202
- $bsize = intval(urldecode($_REQUEST['bsize']));
203
- $regex = urldecode($_REQUEST['regex']);
204
- $recurse = true;
205
- if (array_key_exists('recurse', $_REQUEST) && $_REQUEST["recurse"] == "false") {
206
- $recurse = false;
207
- }
208
- $this->scanFilesUsingGlob($initdir, $offset, $limit, $bsize, $recurse, $regex);
209
- break;
210
- case "scanfiles":
211
- $initdir = urldecode($_REQUEST['initdir']);
212
- $offset = intval(urldecode($_REQUEST['offset']));
213
- $limit = intval(urldecode($_REQUEST['limit']));
214
- $bsize = intval(urldecode($_REQUEST['bsize']));
215
- $recurse = true;
216
- if (array_key_exists('recurse', $_REQUEST) && $_REQUEST["recurse"] == "false") {
217
- $recurse = false;
218
- }
219
- $this->scanFiles($initdir, $offset, $limit, $bsize, $recurse);
220
- break;
221
- case "getfilesstats":
222
- $files = $_REQUEST['files'];
223
- $offset = intval(urldecode($_REQUEST['offset']));
224
- $limit = intval(urldecode($_REQUEST['limit']));
225
- $bsize = intval(urldecode($_REQUEST['bsize']));
226
- $md5 = false;
227
- if (array_key_exists('md5', $_REQUEST)) {
228
- $md5 = true;
229
- }
230
- $this->getFilesStats($files, $offset, $limit, $bsize, $md5);
231
- break;
232
- case "sendmanyfiles":
233
- $files = $_REQUEST['files'];
234
- $offset = intval(urldecode($_REQUEST['offset']));
235
- $limit = intval(urldecode($_REQUEST['limit']));
236
- $bsize = intval(urldecode($_REQUEST['bsize']));
237
- $this->uploadFiles($files, $offset, $limit, $bsize);
238
- break;
239
- case "filelist":
240
- $initdir = $_REQUEST['initdir'];
241
- $glob_option = GLOB_MARK;
242
- if(array_key_exists('onlydir', $_REQUEST)) {
243
- $glob_option = GLOB_ONLYDIR;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
244
  }
245
- $regex = "*";
246
- if(array_key_exists('regex', $_REQUEST)){
247
- $regex = $_REQUEST['regex'];
248
  }
249
- $directoryList = glob($initdir.$regex, $glob_option);
250
- $this->getFilesStats($directoryList);
251
- break;
252
- default:
253
- return false;
254
  }
255
- return true;
256
  }
257
  }
258
  endif;
2
 
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVFSCallback')) :
5
+ require_once dirname( __FILE__ ) . '/../streams.php';
6
+
7
+ class BVFSCallback extends BVCallbackBase {
8
+ public $stream;
9
+ public $account;
10
+
11
+ public function __construct($callback_handler) {
12
+ $this->account = $callback_handler->account;
13
+ }
14
+
15
  function fileStat($relfile) {
16
  $absfile = ABSPATH.$relfile;
17
  $fdata = array();
31
  }
32
 
33
  function scanFilesUsingGlob($initdir = "./", $offset = 0, $limit = 0, $bsize = 512, $recurse = true, $regex = '{.??,}*') {
 
34
  $i = 0;
35
  $dirs = array();
36
  $dirs[] = $initdir;
59
  $bfc++;
60
  if ($bfc == $bsize) {
61
  $str = serialize($bfa);
62
+ $this->stream->writeStream($str);
63
  $bfc = 0;
64
  $bfa = array();
65
  }
71
  }
72
  if ($bfc != 0) {
73
  $str = serialize($bfa);
74
+ $this->stream->writeStream($str);
75
  }
76
+ return array("status" => "done");
77
  }
78
 
79
  function scanFiles($initdir = "./", $offset = 0, $limit = 0, $bsize = 512, $recurse = true) {
 
80
  $i = 0;
81
  $dirs = array();
82
  $dirs[] = $initdir;
105
  $bfc++;
106
  if ($bfc == $bsize) {
107
  $str = serialize($bfa);
108
+ $this->stream->writeStream($str);
109
  $bfc = 0;
110
  $bfa = array();
111
  }
118
  }
119
  if ($bfc != 0) {
120
  $str = serialize($bfa);
121
+ $this->stream->writeStream($str);
122
  }
123
+ return array("status" => "done");
124
  }
125
 
126
  function calculateMd5($absfile, $fdata, $offset, $limit, $bsize) {
150
  }
151
 
152
  function getFilesStats($files, $offset = 0, $limit = 0, $bsize = 102400, $md5 = false) {
153
+ $result = array();
154
  foreach ($files as $file) {
155
  $fdata = $this->fileStat($file);
156
  $absfile = ABSPATH.$file;
157
  if (!is_readable($absfile)) {
158
+ $result["missingfiles"][] = $file;
159
  continue;
160
  }
161
  if ($md5 === true) {
162
  $fdata["md5"] = $this->calculateMd5($absfile, $fdata, $offset, $limit, $bsize);
163
  }
164
+ $result["stats"][] = $fdata;
165
  }
166
+ return $result;
167
  }
168
 
169
  function uploadFiles($files, $offset = 0, $limit = 0, $bsize = 102400) {
170
+ $result = array();
 
171
  foreach ($files as $file) {
172
  if (!is_readable(ABSPATH.$file)) {
173
+ $result["missingfiles"][] = $file;
174
  continue;
175
  }
176
  $handle = fopen(ABSPATH.$file, "rb");
184
  $_limit = $fdata["size"] - $offset;
185
  $fdata["limit"] = $_limit;
186
  $sfdata = serialize($fdata);
187
+ $this->stream->writeStream($sfdata);
188
  fseek($handle, $offset, SEEK_SET);
189
  $dlen = 1;
190
  while (($_limit > 0) && ($dlen > 0)) {
192
  $_bsize = $_limit;
193
  $d = fread($handle, $_bsize);
194
  $dlen = strlen($d);
195
+ $this->stream->writeStream($d);
196
  $_limit -= $dlen;
197
  }
198
  fclose($handle);
199
  } else {
200
+ $result["unreadablefiles"][] = $file;
201
  }
202
  }
203
+ $result["status"] = "done";
204
+ return $result;
205
  }
206
 
207
+ function process($request) {
208
+ $params = $request->params;
209
+ $stream_init_info = BVStream::startStream($this->account, $request);
210
+ if (array_key_exists('stream', $stream_init_info)) {
211
+ $this->stream = $stream_init_info['stream'];
212
+ switch ($request->method) {
213
+ case "scanfilesglob":
214
+ $initdir = urldecode($params['initdir']);
215
+ $offset = intval(urldecode($params['offset']));
216
+ $limit = intval(urldecode($params['limit']));
217
+ $bsize = intval(urldecode($params['bsize']));
218
+ $regex = urldecode($params['regex']);
219
+ $recurse = true;
220
+ if (array_key_exists('recurse', $params) && $params["recurse"] == "false") {
221
+ $recurse = false;
222
+ }
223
+ $resp = $this->scanFilesUsingGlob($initdir, $offset, $limit, $bsize, $recurse, $regex);
224
+ break;
225
+ case "scanfiles":
226
+ $initdir = urldecode($params['initdir']);
227
+ $offset = intval(urldecode($params['offset']));
228
+ $limit = intval(urldecode($params['limit']));
229
+ $bsize = intval(urldecode($params['bsize']));
230
+ $recurse = true;
231
+ if (array_key_exists('recurse', $params) && $params["recurse"] == "false") {
232
+ $recurse = false;
233
+ }
234
+ $resp = $this->scanFiles($initdir, $offset, $limit, $bsize, $recurse);
235
+ break;
236
+ case "getfilesstats":
237
+ $files = $params['files'];
238
+ $offset = intval(urldecode($params['offset']));
239
+ $limit = intval(urldecode($params['limit']));
240
+ $bsize = intval(urldecode($params['bsize']));
241
+ $md5 = false;
242
+ if (array_key_exists('md5', $params)) {
243
+ $md5 = true;
244
+ }
245
+ $resp = $this->getFilesStats($files, $offset, $limit, $bsize, $md5);
246
+ break;
247
+ case "sendmanyfiles":
248
+ $files = $params['files'];
249
+ $offset = intval(urldecode($params['offset']));
250
+ $limit = intval(urldecode($params['limit']));
251
+ $bsize = intval(urldecode($params['bsize']));
252
+ $resp = $this->uploadFiles($files, $offset, $limit, $bsize);
253
+ break;
254
+ case "filelist":
255
+ $initdir = $params['initdir'];
256
+ $glob_option = GLOB_MARK;
257
+ if(array_key_exists('onlydir', $params)) {
258
+ $glob_option = GLOB_ONLYDIR;
259
+ }
260
+ $regex = "*";
261
+ if(array_key_exists('regex', $params)){
262
+ $regex = $params['regex'];
263
+ }
264
+ $directoryList = glob($initdir.$regex, $glob_option);
265
+ $resp = $this->getFilesStats($directoryList);
266
+ break;
267
+ default:
268
+ $resp = false;
269
  }
270
+ $end_stream_info = $this->stream->endStream();
271
+ if (!empty($end_stream_info) && is_array($resp)) {
272
+ $resp = array_merge($resp, $end_stream_info);
273
  }
274
+ } else {
275
+ $resp = $stream_init_info;
 
 
 
276
  }
277
+ return $resp;
278
  }
279
  }
280
  endif;
callback/wings/fw.php CHANGED
@@ -3,32 +3,60 @@
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVFirewallCallback')) :
5
 
6
- require_once dirname( __FILE__ ) . '/../../fw/config.php';
7
 
8
  class BVFirewallCallback {
9
- public function process($method) {
10
- global $bvcb, $bvresp;
11
- $config = new BVFWConfig($bvcb->bvmain);
12
- switch ($method) {
 
 
 
 
 
 
 
 
13
  case "clrconfig":
14
- $bvresp->addStatus("clearconfig", $config->clear());
15
  break;
16
  case "setmode":
17
- $config->setMode($_REQUEST['mode']);
18
- $bvresp->addStatus("setmode", $config->getMode());
19
  break;
20
  case "dsblrules":
21
- $config->setDisabledRules($_REQUEST['disabled_rules']);
22
- $bvresp->addStatus("disabled_rules", $config->getDisabledRules());
 
 
 
 
23
  break;
24
  case "setrulesmode":
25
- $config->setRulesMode($_REQUEST['rules_mode']);
26
- $bvresp->addStatus("rules_mode", $config->getRulesMode());
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
27
  break;
28
  default:
29
- return false;
30
  }
31
- return true;
32
  }
33
  }
34
- endif;
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVFirewallCallback')) :
5
 
6
+ require_once dirname( __FILE__ ) . '/../../protect/wp_fw/config.php';
7
 
8
  class BVFirewallCallback {
9
+ public $db;
10
+ public $settings;
11
+
12
+ public function __construct($callback_handler) {
13
+ $this->db = $callback_handler->db;
14
+ $this->settings = $callback_handler->settings;
15
+ }
16
+
17
+ public function process($request) {
18
+ $params = $request->params;
19
+ $config = new BVWPFWConfig($this->db, $this->settings);
20
+ switch ($request->method) {
21
  case "clrconfig":
22
+ $resp = array("clearconfig" => $config->clear());
23
  break;
24
  case "setmode":
25
+ $config->setMode($params['mode']);
26
+ $resp = array("setmode" => $config->getMode());
27
  break;
28
  case "dsblrules":
29
+ $config->setDisabledRules($params['disabled_rules']);
30
+ $resp = array("disabled_rules" => $config->getDisabledRules());
31
+ break;
32
+ case "adtrls":
33
+ $config->setAuditRules($params['audit_rules']);
34
+ $resp = array("audit_rules" => $config->getAuditRules());
35
  break;
36
  case "setrulesmode":
37
+ $config->setRulesMode($params['rules_mode']);
38
+ $resp = array("rules_mode" => $config->getRulesMode());
39
+ break;
40
+ case "setreqprofilingmode":
41
+ $config->setReqProfilingMode($params['req_profiling_mode']);
42
+ $resp = array("req_profiling_mode" => $config->getReqProfilingMode());
43
+ break;
44
+ case "stbypslevl":
45
+ $config->setBypassLevel($params['bypslevl']);
46
+ $resp = array("bypslevl" => $config->getBypassLevel());
47
+ break;
48
+ case "stcstmrls":
49
+ $config->setCustomRoles($params['cstmrls']);
50
+ $resp = array("cstmrls" => $config->getCustomRoles());
51
+ break;
52
+ case "stcookiemode":
53
+ $config->setCookieMode($params['mode']);
54
+ $resp = array("mode" => $config->getCookieMode());
55
  break;
56
  default:
57
+ $resp = false;
58
  }
59
+ return $resp;
60
  }
61
  }
62
+ endif;
callback/wings/info.php CHANGED
@@ -2,36 +2,51 @@
2
 
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVInfoCallback')) :
5
- class BVInfoCallback {
 
 
 
 
 
 
 
 
 
 
 
 
 
6
  public function getPosts($post_type, $count = 5) {
7
- global $bvresp;
8
  $output = array();
9
  $args = array('numberposts' => $count, 'post_type' => $post_type);
10
  $posts = get_posts($args);
11
  $keys = array('post_title', 'guid', 'ID', 'post_date');
 
12
  foreach ($posts as $post) {
13
  $pdata = array();
14
  $post_array = get_object_vars($post);
15
  foreach ($keys as $key) {
16
  $pdata[$key] = $post_array[$key];
17
  }
18
- $bvresp->addArrayToStatus("posts", $pdata);
19
  }
 
20
  }
21
 
22
  public function getStats() {
23
- global $bvresp;
24
- $bvresp->addStatus("posts", get_object_vars(wp_count_posts()));
25
- $bvresp->addStatus("pages", get_object_vars(wp_count_posts("page")));
26
- $bvresp->addStatus("comments", get_object_vars(wp_count_comments()));
 
27
  }
28
 
29
  public function getPlugins() {
30
- global $bvresp;
31
  if (!function_exists('get_plugins')) {
32
  require_once (ABSPATH."wp-admin/includes/plugin.php");
33
  }
34
  $plugins = get_plugins();
 
35
  foreach ($plugins as $plugin_file => $plugin_data) {
36
  $pdata = array(
37
  'file' => $plugin_file,
@@ -40,8 +55,9 @@ class BVInfoCallback {
40
  'active' => is_plugin_active($plugin_file),
41
  'network' => $plugin_data['Network']
42
  );
43
- $bvresp->addArrayToStatus("plugins", $pdata);
44
  }
 
45
  }
46
 
47
  public function themeToArray($theme) {
@@ -66,19 +82,19 @@ class BVInfoCallback {
66
  }
67
 
68
  public function getThemes() {
69
- global $bvresp;
70
  $themes = function_exists('wp_get_themes') ? wp_get_themes() : get_themes();
71
  foreach($themes as $theme) {
72
  $pdata = $this->themeToArray($theme);
73
- $bvresp->addArrayToStatus("themes", $pdata);
74
  }
75
  $theme = function_exists('wp_get_theme') ? wp_get_theme() : get_current_theme();
76
  $pdata = $this->themeToArray($theme);
77
- $bvresp->addStatus("currenttheme", $pdata);
 
78
  }
79
 
80
  public function getSystemInfo() {
81
- global $bvresp;
82
  $sys_info = array(
83
  'serverip' => $_SERVER['SERVER_ADDR'],
84
  'host' => $_SERVER['HTTP_HOST'],
@@ -98,22 +114,22 @@ class BVInfoCallback {
98
  $sys_info['webuid'] = posix_getuid();
99
  $sys_info['webgid'] = posix_getgid();
100
  }
101
- $bvresp->addStatus("sys", $sys_info);
102
  }
103
 
104
  public function getWpInfo() {
105
  global $wp_version, $wp_db_version, $wp_local_package;
106
- global $bvresp, $bvcb;
 
107
  $upload_dir = wp_upload_dir();
108
- $info = $bvcb->bvmain->info;
109
 
110
  $wp_info = array(
111
- 'dbprefix' => $bvcb->bvmain->db->dbprefix(),
112
- 'wpmu' => $info->isMultisite(),
113
- 'mainsite' => $info->isMainSite(),
114
  'name' => get_bloginfo('name'),
115
- 'siteurl' => $info->siteurl(),
116
- 'homeurl' => $info->homeurl(),
117
  'charset' => get_bloginfo('charset'),
118
  'wpversion' => $wp_version,
119
  'dbversion' => $wp_db_version,
@@ -126,19 +142,20 @@ class BVInfoCallback {
126
  'dbcharset' => defined('DB_CHARSET') ? DB_CHARSET : null,
127
  'disallow_file_edit' => defined('DISALLOW_FILE_EDIT'),
128
  'disallow_file_mods' => defined('DISALLOW_FILE_MODS'),
 
 
129
  'locale' => get_locale(),
130
  'wp_local_string' => $wp_local_package,
131
- 'charset_collate' => $bvcb->bvmain->db->getCharsetCollate()
132
  );
133
- $bvresp->addStatus("wp", $wp_info);
134
  }
135
 
136
  public function getUsers($args = array(), $full) {
137
- global $bvresp, $bvcb;
138
  $results = array();
139
  $users = get_users($args);
140
  if ('true' == $full) {
141
- $results = $bvcb->bvmain->lib->objectToArray($users);
142
  } else {
143
  foreach( (array) $users as $user) {
144
  $result = array();
@@ -154,7 +171,7 @@ class BVInfoCallback {
154
  $results[] = $result;
155
  }
156
  }
157
- $bvresp->addStatus("users", $results);
158
  }
159
 
160
  public function availableFunctions(&$info) {
@@ -181,27 +198,25 @@ class BVInfoCallback {
181
  return $info;
182
  }
183
 
184
- public function servicesInfo(&$info) {
185
- global $bvcb;
186
- $bvinfo = $bvcb->bvmain->info;
187
- $info['dynsync'] = $bvinfo->getOption('bvDynSyncActive');
188
- $info['woodyn'] = $bvinfo->getOption('bvWooDynSync');
189
- $info['dynplug'] = $bvinfo->getOption('bvdynplug');
190
- $info['ptplug'] = $bvinfo->getOption('bvptplug');
191
- $info['fw'] = $this->getFWConfig();
192
- $info['lp'] = $this->getLPConfig();
193
- $info['brand'] = $bvinfo->getOption($bvcb->bvmain->brand_option);
194
- $info['badgeinfo'] = $bvinfo->getOption($bvcb->bvmain->badgeinfo);
195
  }
196
 
197
  public function getLPConfig() {
198
- global $bvcb;
199
  $config = array();
200
- $bvinfo = $bvcb->bvmain->info;
201
- $mode = $bvinfo->getOption('bvlpmode');
202
- $cplimit = $bvinfo->getOption('bvlpcaptchalimit');
203
- $tplimit = $bvinfo->getOption('bvlptempblocklimit');
204
- $bllimit = $bvinfo->getOption('bvlpblockAllLimit');
205
  $config['mode'] = intval($mode ? $mode : 1);
206
  $config['captcha_limit'] = intval($cplimit ? $cplimit : 3);
207
  $config['temp_block_limit'] = intval($tplimit? $tplimit : 6);
@@ -210,83 +225,94 @@ class BVInfoCallback {
210
  }
211
 
212
  public function getFWConfig() {
213
- global $bvcb;
214
  $config = array();
215
- $bvinfo = $bvcb->bvmain->info;
216
- $mode = $bvinfo->getOption('bvfwmode');
217
- $drules = $bvinfo->getOption('bvfwdisabledrules');
218
- $rmode = $bvinfo->getOption('bvfwrulesmode');
 
 
 
 
 
 
219
  $config['mode'] = intval($mode ? $mode : 1);
220
  $config['disabled_rules'] = $drules ? $drules : array();
 
221
  $config['rules_mode'] = intval($rmode ? $rmode : 1);
 
 
 
 
 
222
  return $config;
223
  }
224
 
225
  public function dbconf(&$info) {
226
- global $bvcb;
227
  if (defined('DB_CHARSET'))
228
  $info['dbcharset'] = DB_CHARSET;
229
- $info['dbprefix'] = $bvcb->bvmain->db->dbprefix();
230
- $info['charset_collate'] = $bvcb->bvmain->db->getCharsetCollate();
231
  return $info;
232
  }
233
 
234
  public function activate() {
235
- global $bvcb, $bvresp;
236
  $resp = array();
237
- $bvcb->bvmain->info->basic($resp);
238
  $this->servicesInfo($resp);
239
  $this->dbconf($resp);
240
  $this->availableFunctions($resp);
241
- $bvresp->addStatus('actinfo', $resp);
242
  }
243
 
244
- public function process($method) {
245
- global $bvresp, $bvcb;
246
- switch ($method) {
 
247
  case "activateinfo":
248
- $this->activate();
249
  break;
250
  case "gtpsts":
251
  $count = 5;
252
- if (array_key_exists('count', $_REQUEST))
253
- $count = $_REQUEST['count'];
254
- $this->getPosts($_REQUEST['post_type'], $count);
255
  break;
256
  case "gtsts":
257
- $this->getStats();
258
  break;
259
  case "gtplgs":
260
- $this->getPlugins();
261
  break;
262
  case "gtthms":
263
- $this->getThemes();
264
  break;
265
  case "gtsym":
266
- $this->getSystemInfo();
267
  break;
268
  case "gtwp":
269
- $this->getWpInfo();
270
  break;
271
  case "getoption":
272
- $bvresp->addStatus("option", $bvresp->getOption($_REQUEST['name']));
273
  break;
274
  case "gtusrs":
275
  $full = false;
276
- if (array_key_exists('full', $_REQUEST))
277
  $full = true;
278
- $this->getUsers($_REQUEST['args'], $full);
279
  break;
280
  case "gttrnsnt":
281
- $transient = $bvcb->bvmain->info->getTransient($_REQUEST['name']);
282
- if ($transient && array_key_exists('asarray', $_REQUEST))
283
- $transient = $bvcb->bvmain->lib->objectToArray($transient);
284
- $bvresp->addStatus("transient", $transient);
285
  break;
286
  default:
287
- return false;
288
  }
289
- return true;
290
  }
291
  }
292
  endif;
2
 
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVInfoCallback')) :
5
+
6
+ class BVInfoCallback extends BVCallbackBase {
7
+ public $db;
8
+ public $settings;
9
+ public $siteinfo;
10
+ public $bvinfo;
11
+
12
+ public function __construct($callback_handler) {
13
+ $this->db = $callback_handler->db;
14
+ $this->siteinfo = $callback_handler->siteinfo;
15
+ $this->settings = $callback_handler->settings;
16
+ $this->bvinfo = new BVInfo($this->settings);
17
+ }
18
+
19
  public function getPosts($post_type, $count = 5) {
 
20
  $output = array();
21
  $args = array('numberposts' => $count, 'post_type' => $post_type);
22
  $posts = get_posts($args);
23
  $keys = array('post_title', 'guid', 'ID', 'post_date');
24
+ $result = array();
25
  foreach ($posts as $post) {
26
  $pdata = array();
27
  $post_array = get_object_vars($post);
28
  foreach ($keys as $key) {
29
  $pdata[$key] = $post_array[$key];
30
  }
31
+ $result["posts"][] = $pdata;
32
  }
33
+ return $result;
34
  }
35
 
36
  public function getStats() {
37
+ return array(
38
+ "posts" => get_object_vars(wp_count_posts()),
39
+ "pages" => get_object_vars(wp_count_posts("page")),
40
+ "comments" => get_object_vars(wp_count_comments())
41
+ );
42
  }
43
 
44
  public function getPlugins() {
 
45
  if (!function_exists('get_plugins')) {
46
  require_once (ABSPATH."wp-admin/includes/plugin.php");
47
  }
48
  $plugins = get_plugins();
49
+ $result = array();
50
  foreach ($plugins as $plugin_file => $plugin_data) {
51
  $pdata = array(
52
  'file' => $plugin_file,
55
  'active' => is_plugin_active($plugin_file),
56
  'network' => $plugin_data['Network']
57
  );
58
+ $result["plugins"][] = $pdata;
59
  }
60
+ return $result;
61
  }
62
 
63
  public function themeToArray($theme) {
82
  }
83
 
84
  public function getThemes() {
85
+ $result = array();
86
  $themes = function_exists('wp_get_themes') ? wp_get_themes() : get_themes();
87
  foreach($themes as $theme) {
88
  $pdata = $this->themeToArray($theme);
89
+ $result["themes"][] = $pdata;
90
  }
91
  $theme = function_exists('wp_get_theme') ? wp_get_theme() : get_current_theme();
92
  $pdata = $this->themeToArray($theme);
93
+ $result["currenttheme"] = $pdata;
94
+ return $result;
95
  }
96
 
97
  public function getSystemInfo() {
 
98
  $sys_info = array(
99
  'serverip' => $_SERVER['SERVER_ADDR'],
100
  'host' => $_SERVER['HTTP_HOST'],
114
  $sys_info['webuid'] = posix_getuid();
115
  $sys_info['webgid'] = posix_getgid();
116
  }
117
+ return array("sys" => $sys_info);
118
  }
119
 
120
  public function getWpInfo() {
121
  global $wp_version, $wp_db_version, $wp_local_package;
122
+ $siteinfo = $this->siteinfo;
123
+ $db = $this->db;
124
  $upload_dir = wp_upload_dir();
 
125
 
126
  $wp_info = array(
127
+ 'dbprefix' => $db->dbprefix(),
128
+ 'wpmu' => $siteinfo->isMultisite(),
129
+ 'mainsite' => $siteinfo->isMainSite(),
130
  'name' => get_bloginfo('name'),
131
+ 'siteurl' => $siteinfo->siteurl(),
132
+ 'homeurl' => $siteinfo->homeurl(),
133
  'charset' => get_bloginfo('charset'),
134
  'wpversion' => $wp_version,
135
  'dbversion' => $wp_db_version,
142
  'dbcharset' => defined('DB_CHARSET') ? DB_CHARSET : null,
143
  'disallow_file_edit' => defined('DISALLOW_FILE_EDIT'),
144
  'disallow_file_mods' => defined('DISALLOW_FILE_MODS'),
145
+ 'custom_users' => defined('CUSTOM_USER_TABLE') ? CUSTOM_USER_TABLE : null,
146
+ 'custom_usermeta' => defined('CUSTOM_USERMETA_TABLE') ? CUSTOM_USERMETA_TABLE : null,
147
  'locale' => get_locale(),
148
  'wp_local_string' => $wp_local_package,
149
+ 'charset_collate' => $db->getCharsetCollate()
150
  );
151
+ return array("wp" => $wp_info);
152
  }
153
 
154
  public function getUsers($args = array(), $full) {
 
155
  $results = array();
156
  $users = get_users($args);
157
  if ('true' == $full) {
158
+ $results = $this->objectToArray($users);
159
  } else {
160
  foreach( (array) $users as $user) {
161
  $result = array();
171
  $results[] = $result;
172
  }
173
  }
174
+ return array("users" => $results);
175
  }
176
 
177
  public function availableFunctions(&$info) {
198
  return $info;
199
  }
200
 
201
+ public function servicesInfo(&$data) {
202
+ $settings = $this->settings;
203
+ $data['dynsync'] = $settings->getOption('bvDynSyncActive');
204
+ $data['woodyn'] = $settings->getOption('bvWooDynSync');
205
+ $data['dynplug'] = $settings->getOption('bvdynplug');
206
+ $data['ptplug'] = $settings->getOption('bvptplug');
207
+ $data['fw'] = $this->getFWConfig();
208
+ $data['lp'] = $this->getLPConfig();
209
+ $data['brand'] = $settings->getOption($this->bvinfo->brand_option);
210
+ $data['badgeinfo'] = $settings->getOption($this->bvinfo->badgeinfo);
 
211
  }
212
 
213
  public function getLPConfig() {
 
214
  $config = array();
215
+ $settings = $this->settings;
216
+ $mode = $settings->getOption('bvlpmode');
217
+ $cplimit = $settings->getOption('bvlpcaptchalimit');
218
+ $tplimit = $settings->getOption('bvlptempblocklimit');
219
+ $bllimit = $settings->getOption('bvlpblockAllLimit');
220
  $config['mode'] = intval($mode ? $mode : 1);
221
  $config['captcha_limit'] = intval($cplimit ? $cplimit : 3);
222
  $config['temp_block_limit'] = intval($tplimit? $tplimit : 6);
225
  }
226
 
227
  public function getFWConfig() {
 
228
  $config = array();
229
+ $settings = $this->settings;
230
+ $mode = $settings->getOption('bvfwmode');
231
+ $drules = $settings->getOption('bvfwdisabledrules');
232
+ $arules = $settings->getOption('bvfwauditrules');
233
+ $rmode = $settings->getOption('bvfwrulesmode');
234
+ $reqprofilingmode = $settings->getOption('bvfwreqprofilingmode');
235
+ $bypass_level = $settings->getOption('bvfwbypasslevel');
236
+ $custom_roles = $settings->getOption('bvfwcustomroles');
237
+ $cookiemode = $settings->getOption('bvfwcookiemode');
238
+ $cookiekey = (string) $settings->getOption('bvfwcookiekey');
239
  $config['mode'] = intval($mode ? $mode : 1);
240
  $config['disabled_rules'] = $drules ? $drules : array();
241
+ $config['audit_rules'] = $arules ? $arules : array();
242
  $config['rules_mode'] = intval($rmode ? $rmode : 1);
243
+ $config['req_profiling_mode'] = intval($reqprofilingmode ? $reqprofilingmode : 1);
244
+ $config['bypslevl'] = intval($bypass_level ? $bypass_level : 2);
245
+ $config['cstmrls'] = $custom_roles ? $custom_roles : array();
246
+ $config['cookiemode'] = intval($cookiemode ? $cookiemode : 2);
247
+ $config['cookiekey'] = $cookiekey;
248
  return $config;
249
  }
250
 
251
  public function dbconf(&$info) {
252
+ $db = $this->db;
253
  if (defined('DB_CHARSET'))
254
  $info['dbcharset'] = DB_CHARSET;
255
+ $info['dbprefix'] = $db->dbprefix();
256
+ $info['charset_collate'] = $db->getCharsetCollate();
257
  return $info;
258
  }
259
 
260
  public function activate() {
 
261
  $resp = array();
262
+ $this->siteinfo->basic($resp);
263
  $this->servicesInfo($resp);
264
  $this->dbconf($resp);
265
  $this->availableFunctions($resp);
266
+ return array('actinfo' => $resp);
267
  }
268
 
269
+ public function process($request) {
270
+ $db = $this->db;
271
+ $params = $request->params;
272
+ switch ($request->method) {
273
  case "activateinfo":
274
+ $resp = $this->activate();
275
  break;
276
  case "gtpsts":
277
  $count = 5;
278
+ if (array_key_exists('count', $params))
279
+ $count = $params['count'];
280
+ $resp = $this->getPosts($params['post_type'], $count);
281
  break;
282
  case "gtsts":
283
+ $resp = $this->getStats();
284
  break;
285
  case "gtplgs":
286
+ $resp = $this->getPlugins();
287
  break;
288
  case "gtthms":
289
+ $resp = $this->getThemes();
290
  break;
291
  case "gtsym":
292
+ $resp = $this->getSystemInfo();
293
  break;
294
  case "gtwp":
295
+ $resp = $this->getWpInfo();
296
  break;
297
  case "getoption":
298
+ $resp = array("option" => $this->settings->getOption($params['name']));
299
  break;
300
  case "gtusrs":
301
  $full = false;
302
+ if (array_key_exists('full', $params))
303
  $full = true;
304
+ $resp = $this->getUsers($params['args'], $full);
305
  break;
306
  case "gttrnsnt":
307
+ $transient = $this->settings->getTransient($params['name']);
308
+ if ($transient && array_key_exists('asarray', $params))
309
+ $transient = $this->objectToArray($transient);
310
+ $resp = array("transient" => $transient);
311
  break;
312
  default:
313
+ $resp = false;
314
  }
315
+ return $resp;
316
  }
317
  }
318
  endif;
callback/wings/ipstore.php CHANGED
@@ -3,26 +3,28 @@
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVIPStoreCallback')) :
5
 
6
- require_once dirname( __FILE__ ) . '/../../ipstore.php';
7
 
8
- class BVIPStoreCallback {
 
 
 
 
 
9
 
10
  public function updateBVTableContent($table, $value, $filter) {
11
- global $bvcb;
12
- $bvcb->bvmain->db->query("UPDATE $table SET $value $filter;");
13
  }
14
 
15
  public function insertBVTableContent($table, $fields, $value) {
16
- global $bvcb;
17
- $bvcb->bvmain->db->query("INSERT INTO $table $fields values $value;");
18
  }
19
 
20
  public function deleteIPs($table, $rmfilters) {
21
  if (is_array($rmfilters)) {
22
- global $bvcb;
23
  foreach ($rmfilters as $rmfilter) {
24
  $rmfilter = base64_decode($rmfilter);
25
- $bvcb->bvmain->db->deleteBVTableContent($table, $rmfilter);
26
  }
27
  }
28
  }
@@ -46,21 +48,18 @@ class BVIPStoreCallback {
46
  }
47
 
48
  public function getIPs($table, $auto_increment_offset, $type, $category) {
49
- global $bvcb;
50
  $query = "SELECT `start_ip_range` FROM $table WHERE id < $auto_increment_offset AND `type` = $type AND ";
51
  $query .= ($category == BVIPStore::FW) ? "`is_fw` = true;" : "`is_lp` = true;";
52
- return $bvcb->bvmain->db->getCol($query);
53
  }
54
 
55
  public function getIPStoreOffset($table, $auto_increment_offset) {
56
- global $bvcb;
57
- $db = $bvcb->bvmain->db;
58
  return intval($db->getVar("SELECT MAX(id) FROM $table WHERE id < $auto_increment_offset"));
59
  }
60
 
61
  public function getIPStoreInfo($table, $auto_increment_offset) {
62
- global $bvcb;
63
- $db = $bvcb->bvmain->db;
64
  $info = array();
65
  $info['fw_blacklisted_ips'] = $this->getIPs($table, $auto_increment_offset, BVIPStore::BLACKLISTED, BVIPStore::FW);
66
  $info['lp_blacklisted_ips'] = $this->getIPs($table, $auto_increment_offset, BVIPStore::BLACKLISTED, BVIPStore::LP);
@@ -71,46 +70,46 @@ class BVIPStoreCallback {
71
  return $info;
72
  }
73
 
74
- public function process($method) {
75
- global $bvresp, $bvcb;
76
- $db = $bvcb->bvmain->db;
77
- $table = $_REQUEST['table'];
78
  $bvTable = $db->getBVTable($table);
79
- $auto_increment_offset = $_REQUEST['auto_increment_offset'];
80
  if (!$db->isTablePresent($bvTable)) {
81
- $bvresp->addStatus("info", false);
82
  } else {
83
- switch ($method) {
84
  case "ipstrinfo":
85
  $info = $this->getIPStoreInfo($bvTable, $auto_increment_offset);
86
- $bvresp->addStatus("info", $info);
87
  break;
88
  case "insrtips":
89
- $values = $_REQUEST['values'];
90
- $fields = $_REQUEST['fields'];
91
- $rmfilter = $_REQUEST['rmfilter'];
92
  if ($rmfilter) {
93
  $db->deleteBVTableContent($table, $rmfilter);
94
  }
95
  $this->insertIPs($bvTable, $fields, $values);
96
- $bvresp->addStatus("offset", $this->getIPStoreOffset($bvTable, $auto_increment_offset));
97
  break;
98
  case "dltips":
99
- $rmfilters = $_REQUEST['rmfilters'];
100
  $this->deleteIPs($table, $rmfilters);
101
- $bvresp->addStatus("offset", $this->getIPStoreOffset($bvTable, $auto_increment_offset));
102
  break;
103
  case "updtips":
104
- $value = $_REQUEST['value'];
105
- $filters = $_REQUEST['filters'];
106
  $this->updateIPs($bvTable, $value, $filters);
107
- $bvresp->addStatus("offset", $this->getIPStoreOffset($bvTable, $auto_increment_offset));
108
  break;
109
  default:
110
- return false;
111
  }
112
- return true;
113
  }
114
  }
115
  }
116
- endif;
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVIPStoreCallback')) :
5
 
6
+ require_once dirname( __FILE__ ) . '/../../protect/ipstore.php';
7
 
8
+ class BVIPStoreCallback extends BVCallbackBase {
9
+ public $db;
10
+
11
+ public function __construct($callback_handler) {
12
+ $this->db = $callback_handler->db;
13
+ }
14
 
15
  public function updateBVTableContent($table, $value, $filter) {
16
+ $this->db->query("UPDATE $table SET $value $filter;");
 
17
  }
18
 
19
  public function insertBVTableContent($table, $fields, $value) {
20
+ $this->db->query("INSERT INTO $table $fields values $value;");
 
21
  }
22
 
23
  public function deleteIPs($table, $rmfilters) {
24
  if (is_array($rmfilters)) {
 
25
  foreach ($rmfilters as $rmfilter) {
26
  $rmfilter = base64_decode($rmfilter);
27
+ $this->db->deleteBVTableContent($table, $rmfilter);
28
  }
29
  }
30
  }
48
  }
49
 
50
  public function getIPs($table, $auto_increment_offset, $type, $category) {
 
51
  $query = "SELECT `start_ip_range` FROM $table WHERE id < $auto_increment_offset AND `type` = $type AND ";
52
  $query .= ($category == BVIPStore::FW) ? "`is_fw` = true;" : "`is_lp` = true;";
53
+ return $this->db->getCol($query);
54
  }
55
 
56
  public function getIPStoreOffset($table, $auto_increment_offset) {
57
+ $db = $this->db;
 
58
  return intval($db->getVar("SELECT MAX(id) FROM $table WHERE id < $auto_increment_offset"));
59
  }
60
 
61
  public function getIPStoreInfo($table, $auto_increment_offset) {
62
+ $db = $this->db;
 
63
  $info = array();
64
  $info['fw_blacklisted_ips'] = $this->getIPs($table, $auto_increment_offset, BVIPStore::BLACKLISTED, BVIPStore::FW);
65
  $info['lp_blacklisted_ips'] = $this->getIPs($table, $auto_increment_offset, BVIPStore::BLACKLISTED, BVIPStore::LP);
70
  return $info;
71
  }
72
 
73
+ public function process($request) {
74
+ $db = $this->db;
75
+ $params = $request->params;
76
+ $table = $params['table'];
77
  $bvTable = $db->getBVTable($table);
78
+ $auto_increment_offset = $params['auto_increment_offset'];
79
  if (!$db->isTablePresent($bvTable)) {
80
+ $resp = array("info" => false);
81
  } else {
82
+ switch ($request->method) {
83
  case "ipstrinfo":
84
  $info = $this->getIPStoreInfo($bvTable, $auto_increment_offset);
85
+ $resp = array("info" => $info);
86
  break;
87
  case "insrtips":
88
+ $values = $params['values'];
89
+ $fields = $params['fields'];
90
+ $rmfilter = $params['rmfilter'];
91
  if ($rmfilter) {
92
  $db->deleteBVTableContent($table, $rmfilter);
93
  }
94
  $this->insertIPs($bvTable, $fields, $values);
95
+ $resp = array("offset" => $this->getIPStoreOffset($bvTable, $auto_increment_offset));
96
  break;
97
  case "dltips":
98
+ $rmfilters = $params['rmfilters'];
99
  $this->deleteIPs($table, $rmfilters);
100
+ $resp = array("offset" => $this->getIPStoreOffset($bvTable, $auto_increment_offset));
101
  break;
102
  case "updtips":
103
+ $value = $params['value'];
104
+ $filters = $params['filters'];
105
  $this->updateIPs($bvTable, $value, $filters);
106
+ $resp = array("offset" => $this->getIPStoreOffset($bvTable, $auto_increment_offset));
107
  break;
108
  default:
109
+ $resp = false;
110
  }
111
+ return $resp;
112
  }
113
  }
114
  }
115
+ endif;
callback/wings/lp.php CHANGED
@@ -3,70 +3,72 @@
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVLoginProtectCallback')) :
5
 
6
- require_once dirname( __FILE__ ) . '/../../lp/lp.php';
7
 
8
- class BVLoginProtectCallback {
 
 
 
 
 
 
 
 
9
  public function unBlockLogins() {
10
- global $bvcb;
11
- $info = $bvcb->bvmain->info;
12
- $info->deleteTransient('bvlp_block_logins');
13
- $info->setTransient('bvlp_allow_logins', 'true', 1800);
14
- return $info->getTransient('bvlp_allow_logins');
15
  }
16
 
17
  public function blockLogins($time) {
18
- global $bvcb;
19
- $info = $bvcb->bvmain->info;
20
- $info->deleteTransient('bvlp_allow_logins');
21
- $info->setTransient('bvlp_block_logins', 'true', $time);
22
- return $info->getTransient('bvlp_block_logins');
23
  }
24
 
25
  public function unBlockIP($ip, $attempts, $time) {
26
- global $bvcb;
27
- $info = $bvcb->bvmain->info;
28
- $transient_name = BVLP::$unblock_ip_transient.$ip;
29
- $info->setTransient($transient_name, $attempts, $time);
30
- return $info->getTransient($transient_name);
31
  }
32
 
33
- public function process($method) {
34
- global $bvcb, $bvresp;
35
- $config = new BVLPConfig($bvcb->bvmain);
36
- switch ($method) {
37
  case "clrconfig":
38
- $bvresp->addStatus("clearconfig", $config->clear());
39
  break;
40
  case "setmode":
41
- $config->setMode($_REQUEST['mode']);
42
- $bvresp->addStatus("setmode", $config->getMode());
43
  break;
44
  case "setcaptchalimit":
45
- $config->setCaptchaLimit($_REQUEST['captcha_limit']);
46
- $bvresp->addStatus("captcha_limit", $config->getCaptchaLimit());
47
  break;
48
  case "settmpblklimit":
49
- $config->setTempBlockLimit($_REQUEST['temp_block_limit']);
50
- $bvresp->addStatus("temp_block_limit", $config->getTempBlockLimit());
51
  break;
52
  case "setblkalllimit":
53
- $config->setBlockAllLimit($_REQUEST['block_all_limit']);
54
- $bvresp->addStatus("block_all_limit", $config->getBlockAllLimit());
55
  break;
56
  case "unblklogins":
57
- $bvresp->addStatus("unblocklogins", $this->unBlockLogins());
58
  break;
59
  case "blklogins":
60
- $time = array_key_exists('time', $_REQUEST) ? $_REQUEST['time'] : 1800;
61
- $bvresp->addStatus("blocklogins", $this->blockLogins($time));
62
  break;
63
  case "unblkip":
64
- $bvresp->addStatus("unblockip", $this->unBlockIP($_REQUEST['ip'], $_REQUEST['attempts'], $_REQUEST['time']));
65
  break;
66
  default:
67
- return false;
68
  }
69
- return true;
70
  }
71
  }
72
  endif;
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVLoginProtectCallback')) :
5
 
6
+ require_once dirname( __FILE__ ) . '/../../protect/wp_lp/lp.php';
7
 
8
+ class BVLoginProtectCallback extends BVCallbackBase {
9
+ public $db;
10
+ public $settings;
11
+
12
+ public function __construct($callback_handler) {
13
+ $this->db = $callback_handler->db;
14
+ $this->settings = $callback_handler->settings;
15
+ }
16
+
17
  public function unBlockLogins() {
18
+ $this->settings->deleteTransient('bvlp_block_logins');
19
+ $this->settings->setTransient('bvlp_allow_logins', 'true', 1800);
20
+ return $this->settings->getTransient('bvlp_allow_logins');
 
 
21
  }
22
 
23
  public function blockLogins($time) {
24
+ $this->settings->deleteTransient('bvlp_allow_logins');
25
+ $this->settings->setTransient('bvlp_block_logins', 'true', $time);
26
+ return $this->settings->getTransient('bvlp_block_logins');
 
 
27
  }
28
 
29
  public function unBlockIP($ip, $attempts, $time) {
30
+ $transient_name = BVWPLP::$unblock_ip_transient.$ip;
31
+ $this->settings->setTransient($transient_name, $attempts, $time);
32
+ return $this->settings->getTransient($transient_name);
 
 
33
  }
34
 
35
+ public function process($request) {
36
+ $params = $request->params;
37
+ $config = new BVWPLPConfig($this->db, $this->settings);
38
+ switch ($request->method) {
39
  case "clrconfig":
40
+ $resp = array("clearconfig" => $config->clear());
41
  break;
42
  case "setmode":
43
+ $config->setMode($params['mode']);
44
+ $resp = array("setmode" => $config->getMode());
45
  break;
46
  case "setcaptchalimit":
47
+ $config->setCaptchaLimit($params['captcha_limit']);
48
+ $resp = array("captcha_limit" => $config->getCaptchaLimit());
49
  break;
50
  case "settmpblklimit":
51
+ $config->setTempBlockLimit($params['temp_block_limit']);
52
+ $resp = array("temp_block_limit" => $config->getTempBlockLimit());
53
  break;
54
  case "setblkalllimit":
55
+ $config->setBlockAllLimit($params['block_all_limit']);
56
+ $resp = array("block_all_limit" => $config->getBlockAllLimit());
57
  break;
58
  case "unblklogins":
59
+ $resp = array("unblocklogins" => $this->unBlockLogins());
60
  break;
61
  case "blklogins":
62
+ $time = array_key_exists('time', $params) ? $params['time'] : 1800;
63
+ $resp = array("blocklogins" => $this->blockLogins($time));
64
  break;
65
  case "unblkip":
66
+ $resp = array("unblockip" => $this->unBlockIP($params['ip'], $params['attempts'], $params['time']));
67
  break;
68
  default:
69
+ $resp = false;
70
  }
71
+ return $resp;
72
  }
73
  }
74
  endif;
callback/wings/manage.php CHANGED
@@ -2,10 +2,16 @@
2
 
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVManageCallback')) :
5
- class BVManageCallback {
 
 
 
 
 
 
 
6
  function getError($err) {
7
- global $bvcb;
8
- return $bvcb->bvmain->lib->objectToArray($err);
9
  }
10
 
11
  function is_pantheon() {
@@ -137,7 +143,7 @@ class BVManageCallback {
137
  $res = wp_update_user($data);
138
  break;
139
  case 'delete':
140
- if ($args['reassign']) {
141
  $user_to = get_user_by('id', $args['reassign']);
142
  if ($user_to != false) {
143
  $res = wp_delete_user($user->ID, $user_to->ID);
@@ -177,14 +183,14 @@ class BVManageCallback {
177
  }
178
  }
179
 
180
- function upgrade($params = null) {
181
  $result = array();
182
  $premium_upgrades = array();
183
  if (array_key_exists('core', $params) && !empty($params['core'])) {
184
  $result['core'] = $this->upgradeCore($params['core']);
185
  }
186
  if (array_key_exists('translations', $params) && !empty($params['translations'])) {
187
- $result['translations'] = $this->upgradeTranslations($params['translations']);
188
  }
189
  if (array_key_exists('plugins', $params) && !empty($params['plugins'])) {
190
  $files = array();
@@ -192,7 +198,7 @@ class BVManageCallback {
192
  $files[] = $plugin['file'];
193
  }
194
  if (!empty($files)) {
195
- $result['plugins'] = $this->upgradePlugins($files);
196
  }
197
  }
198
  if (array_key_exists('themes', $params) && !empty($params['themes'])) {
@@ -201,18 +207,17 @@ class BVManageCallback {
201
  $templates[] = $theme['template'];
202
  }
203
  if (!empty($templates)) {
204
- $result['themes'] = $this->upgradeThemes($templates);
205
  }
206
  }
207
  return $result;
208
  }
209
 
210
  function get_translation_updates() {
211
- global $bvcb;
212
  $updates = array();
213
  $transients = array( 'update_core' => 'core', 'update_plugins' => 'plugin', 'update_themes' => 'theme' );
214
  foreach ( $transients as $transient => $type ) {
215
- $transient = $bvcb->bvmain->info->getTransient( $transient );
216
  if ( empty( $transient->translations ) )
217
  continue;
218
 
@@ -223,7 +228,7 @@ class BVManageCallback {
223
  return $updates;
224
  }
225
 
226
- function upgradeTranslations($translations) {
227
  $language_updates = $this->get_translation_updates();
228
  $valid_updates = array();
229
  $result = array();
@@ -236,9 +241,10 @@ class BVManageCallback {
236
  }
237
  if (!empty($valid_updates)) {
238
  if (class_exists('Language_Pack_Upgrader')) {
239
- if (array_key_exists('bvskin', $_REQUEST)) {
240
  require_once( "bv_upgrader_skin.php" );
241
  $skin = new BVUpgraderSkin("upgrade_translations");
 
242
  } else {
243
  $skin = new Language_Pack_Upgrader_Skin(array());
244
  }
@@ -259,15 +265,15 @@ class BVManageCallback {
259
  }
260
 
261
  function upgradeCore($args) {
262
- global $wp_filesystem, $wp_version, $bvcb, $bvresp;
263
- $core = $bvcb->bvmain->info->getTransient('update_core');
264
  $core_update_index = intval($args['coreupdateindex']);
265
  if (isset($core->updates) && !empty($core->updates)) {
266
  $to_update = $core->updates[$core_update_index];
267
  } else {
268
  return array('status' => "Error", "message" => "Updates not available");
269
  }
270
- $bvresp->addStatus("Core_Upgrader", class_exists('Core_Upgrader'));
271
  if (version_compare($wp_version, '3.1.9', '>')) {
272
  $core = new Core_Upgrader();
273
  $result = $core->upgrade($to_update);
@@ -277,7 +283,7 @@ class BVManageCallback {
277
  return array('status' => 'Done');
278
  }
279
  } else {
280
- $bvresp->addStatus("wp_update_core", function_exists('wp_update_core'));
281
  if (function_exists('wp_update_core')) {
282
  $result = wp_update_core($to_update);
283
  if (is_wp_error($result)) {
@@ -287,7 +293,7 @@ class BVManageCallback {
287
  }
288
  }
289
 
290
- $bvresp->addStatus("WP_Upgrader", class_exists('WP_Upgrader'));
291
  if (class_exists('WP_Upgrader')) {
292
  $upgrader = new WP_Upgrader();
293
 
@@ -336,12 +342,13 @@ class BVManageCallback {
336
  }
337
  }
338
 
339
- function upgradePlugins($plugins) {
340
  $result = array();
341
  if (class_exists('Plugin_Upgrader')) {
342
- if (array_key_exists('bvskin', $_REQUEST)) {
343
  require_once( "bv_upgrader_skin.php" );
344
  $skin = new BVUpgraderSkin("plugin_upgrade");
 
345
  } else {
346
  $skin = new Bulk_Plugin_Upgrader_Skin();
347
  }
@@ -359,12 +366,13 @@ class BVManageCallback {
359
  return $result;
360
  }
361
 
362
- function upgradeThemes($themes) {
363
  $result = array();
364
  if (class_exists('Theme_Upgrader')) {
365
- if (array_key_exists('bvskin', $_REQUEST)) {
366
  require_once( "bv_upgrader_skin.php" );
367
  $skin = new BVUpgraderSkin("theme_upgrade");
 
368
  } else {
369
  $skin = new Bulk_Theme_Upgrader_Skin();
370
  }
@@ -382,14 +390,14 @@ class BVManageCallback {
382
  return $result;
383
  }
384
 
385
- function install($params) {
386
  $result = array();
387
  if (isset($params['plugins'])) {
388
  foreach ($params['plugins'] as $plugin) {
389
  if (!array_key_exists('plugins', $result))
390
  $result["plugins"] = array();
391
  $plugin['dest'] = WP_PLUGIN_DIR;
392
- $res = $this->installPackage($plugin);
393
  $pluginName = $plugin['package'];
394
  $result["plugins"][$pluginName] = $res;
395
  }
@@ -399,7 +407,7 @@ class BVManageCallback {
399
  if (!array_key_exists('themes', $result))
400
  $result["themes"] = array();
401
  $theme['dest'] = WP_CONTENT_DIR.'/themes';
402
- $res = $this->installPackage($theme);
403
  $themeName = $theme['package'];
404
  $result["themes"][$themeName] = $res;
405
  }
@@ -407,7 +415,7 @@ class BVManageCallback {
407
  return $result;
408
  }
409
 
410
- function installPackage($params) {
411
  global $wp_filesystem;
412
 
413
  if (!isset($params['package']) || empty($params['package'])) {
@@ -417,9 +425,10 @@ class BVManageCallback {
417
  if (preg_match($valid_domain_regex, $params['package']) !== 1) {
418
  return array('status' => "Error", 'message' => "Invalid package domain");
419
  }
420
- if (array_key_exists('bvskin', $_REQUEST)) {
421
  require_once( "bv_upgrader_skin.php" );
422
  $skin = new BVUpgraderSkin("installer", $params['package']);
 
423
  } else {
424
  $skin = new WP_Upgrader_Skin();
425
  }
@@ -471,46 +480,53 @@ class BVManageCallback {
471
  }
472
  }
473
 
474
- function process($method) {
475
- global $wp_filesystem, $bvresp;
476
  $this->include_files();
477
 
478
  if (!$this->is_pantheon() && !$wp_filesystem) {
479
  WP_Filesystem();
480
  }
481
 
482
- switch ($method) {
 
 
483
  case "adusr":
484
- $bvresp->addStatus("adduser", $this->addUser($_REQUEST['args']));
485
  break;
486
  case "upgrde":
487
- $bvresp->addStatus("upgrades", $this->upgrade($_REQUEST['args']));
 
488
  break;
489
  case "edt":
490
- $bvresp->addStatus("edit", $this->edit($_REQUEST['args']));
491
  break;
492
  case "instl":
493
- $bvresp->addStatus("install", $this->install($_REQUEST['args']));
 
494
  break;
495
  case "getpremiumupdates":
496
- $bvresp->addStatus("premiumupdates", $this->getPremiumUpdates());
497
  break;
498
  case "getpremiumupgradesinfo":
499
- $bvresp->addStatus("premiumupgradesinfo", $this->getPremiumUpgradesInfo());
500
  break;
501
  case "wrteble":
502
- $bvresp->addStatus("writeable", $this->isServerWritable());
503
  break;
504
  case "atolgn":
505
  $isHttps = false;
506
- if (array_key_exists('https', $_REQUEST))
507
  $isHttps = true;
508
- $bvresp->addStatus("autologin", $this->autoLogin($_REQUEST['username'], $isHttps));
509
  break;
510
  default:
511
- return false;
 
 
 
512
  }
513
- return true;
514
  }
515
  }
516
  endif;
2
 
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVManageCallback')) :
5
+ class BVManageCallback extends BVCallbackBase {
6
+ public $settings;
7
+ public $skin;
8
+
9
+ public function __construct($callback_handler) {
10
+ $this->settings = $callback_handler->settings;
11
+ }
12
+
13
  function getError($err) {
14
+ return $this->objectToArray($err);
 
15
  }
16
 
17
  function is_pantheon() {
143
  $res = wp_update_user($data);
144
  break;
145
  case 'delete':
146
+ if (array_key_exists('reassign', $args)) {
147
  $user_to = get_user_by('id', $args['reassign']);
148
  if ($user_to != false) {
149
  $res = wp_delete_user($user->ID, $user_to->ID);
183
  }
184
  }
185
 
186
+ function upgrade($params = null, $has_bv_skin = false) {
187
  $result = array();
188
  $premium_upgrades = array();
189
  if (array_key_exists('core', $params) && !empty($params['core'])) {
190
  $result['core'] = $this->upgradeCore($params['core']);
191
  }
192
  if (array_key_exists('translations', $params) && !empty($params['translations'])) {
193
+ $result['translations'] = $this->upgradeTranslations($params['translations'], $has_bv_skin);
194
  }
195
  if (array_key_exists('plugins', $params) && !empty($params['plugins'])) {
196
  $files = array();
198
  $files[] = $plugin['file'];
199
  }
200
  if (!empty($files)) {
201
+ $result['plugins'] = $this->upgradePlugins($files, $has_bv_skin);
202
  }
203
  }
204
  if (array_key_exists('themes', $params) && !empty($params['themes'])) {
207
  $templates[] = $theme['template'];
208
  }
209
  if (!empty($templates)) {
210
+ $result['themes'] = $this->upgradeThemes($templates, $has_bv_skin);
211
  }
212
  }
213
  return $result;
214
  }
215
 
216
  function get_translation_updates() {
 
217
  $updates = array();
218
  $transients = array( 'update_core' => 'core', 'update_plugins' => 'plugin', 'update_themes' => 'theme' );
219
  foreach ( $transients as $transient => $type ) {
220
+ $transient = $this->settings->getTransient( $transient );
221
  if ( empty( $transient->translations ) )
222
  continue;
223
 
228
  return $updates;
229
  }
230
 
231
+ function upgradeTranslations($translations, $has_bv_skin = false) {
232
  $language_updates = $this->get_translation_updates();
233
  $valid_updates = array();
234
  $result = array();
241
  }
242
  if (!empty($valid_updates)) {
243
  if (class_exists('Language_Pack_Upgrader')) {
244
+ if ($has_bv_skin) {
245
  require_once( "bv_upgrader_skin.php" );
246
  $skin = new BVUpgraderSkin("upgrade_translations");
247
+ $this->skin = $skin;
248
  } else {
249
  $skin = new Language_Pack_Upgrader_Skin(array());
250
  }
265
  }
266
 
267
  function upgradeCore($args) {
268
+ global $wp_filesystem, $wp_version;
269
+ $core = $this->settings->getTransient('update_core');
270
  $core_update_index = intval($args['coreupdateindex']);
271
  if (isset($core->updates) && !empty($core->updates)) {
272
  $to_update = $core->updates[$core_update_index];
273
  } else {
274
  return array('status' => "Error", "message" => "Updates not available");
275
  }
276
+ $resp = array("Core_Upgrader", class_exists('Core_Upgrader'));
277
  if (version_compare($wp_version, '3.1.9', '>')) {
278
  $core = new Core_Upgrader();
279
  $result = $core->upgrade($to_update);
283
  return array('status' => 'Done');
284
  }
285
  } else {
286
+ $resp = array("wp_update_core", function_exists('wp_update_core'));
287
  if (function_exists('wp_update_core')) {
288
  $result = wp_update_core($to_update);
289
  if (is_wp_error($result)) {
293
  }
294
  }
295
 
296
+ $resp = array("WP_Upgrader", class_exists('WP_Upgrader'));
297
  if (class_exists('WP_Upgrader')) {
298
  $upgrader = new WP_Upgrader();
299
 
342
  }
343
  }
344
 
345
+ function upgradePlugins($plugins, $has_bv_skin = false) {
346
  $result = array();
347
  if (class_exists('Plugin_Upgrader')) {
348
+ if ($has_bv_skin) {
349
  require_once( "bv_upgrader_skin.php" );
350
  $skin = new BVUpgraderSkin("plugin_upgrade");
351
+ $this->skin = $skin;
352
  } else {
353
  $skin = new Bulk_Plugin_Upgrader_Skin();
354
  }
366
  return $result;
367
  }
368
 
369
+ function upgradeThemes($themes, $has_bv_skin = false) {
370
  $result = array();
371
  if (class_exists('Theme_Upgrader')) {
372
+ if ($has_bv_skin) {
373
  require_once( "bv_upgrader_skin.php" );
374
  $skin = new BVUpgraderSkin("theme_upgrade");
375
+ $this->skin = $skin;
376
  } else {
377
  $skin = new Bulk_Theme_Upgrader_Skin();
378
  }
390
  return $result;
391
  }
392
 
393
+ function install($params, $has_bv_skin = false) {
394
  $result = array();
395
  if (isset($params['plugins'])) {
396
  foreach ($params['plugins'] as $plugin) {
397
  if (!array_key_exists('plugins', $result))
398
  $result["plugins"] = array();
399
  $plugin['dest'] = WP_PLUGIN_DIR;
400
+ $res = $this->installPackage($plugin, $has_bv_skin);
401
  $pluginName = $plugin['package'];
402
  $result["plugins"][$pluginName] = $res;
403
  }
407
  if (!array_key_exists('themes', $result))
408
  $result["themes"] = array();
409
  $theme['dest'] = WP_CONTENT_DIR.'/themes';
410
+ $res = $this->installPackage($theme, $has_bv_skin);
411
  $themeName = $theme['package'];
412
  $result["themes"][$themeName] = $res;
413
  }
415
  return $result;
416
  }
417
 
418
+ function installPackage($params, $has_bv_skin = false) {
419
  global $wp_filesystem;
420
 
421
  if (!isset($params['package']) || empty($params['package'])) {
425
  if (preg_match($valid_domain_regex, $params['package']) !== 1) {
426
  return array('status' => "Error", 'message' => "Invalid package domain");
427
  }
428
+ if ($has_bv_skin) {
429
  require_once( "bv_upgrader_skin.php" );
430
  $skin = new BVUpgraderSkin("installer", $params['package']);
431
+ $this->skin = $skin;
432
  } else {
433
  $skin = new WP_Upgrader_Skin();
434
  }
480
  }
481
  }
482
 
483
+ function process($request) {
484
+ global $wp_filesystem;
485
  $this->include_files();
486
 
487
  if (!$this->is_pantheon() && !$wp_filesystem) {
488
  WP_Filesystem();
489
  }
490
 
491
+ $params = $request->params;
492
+ $resp = array();
493
+ switch ($request->method) {
494
  case "adusr":
495
+ $resp = array("adduser" => $this->addUser($params['args']));
496
  break;
497
  case "upgrde":
498
+ $has_bv_skin = array_key_exists('bvskin', $params);
499
+ $resp = array("upgrades" => $this->upgrade($params['args'], $has_bv_skin));
500
  break;
501
  case "edt":
502
+ $resp = array("edit" => $this->edit($params['args']));
503
  break;
504
  case "instl":
505
+ $has_bv_skin = array_key_exists('bvskin', $params);
506
+ $resp = array("install" => $this->install($params['args'], $has_bv_skin));
507
  break;
508
  case "getpremiumupdates":
509
+ $resp = array("premiumupdates" => $this->getPremiumUpdates());
510
  break;
511
  case "getpremiumupgradesinfo":
512
+ $resp = array("premiumupgradesinfo" => $this->getPremiumUpgradesInfo());
513
  break;
514
  case "wrteble":
515
+ $resp = array("writeable" => $this->isServerWritable());
516
  break;
517
  case "atolgn":
518
  $isHttps = false;
519
+ if (array_key_exists('https', $params))
520
  $isHttps = true;
521
+ $resp = array("autologin" => $this->autoLogin($params['username'], $isHttps));
522
  break;
523
  default:
524
+ $resp = false;
525
+ }
526
+ if ($this->skin && is_array($resp)) {
527
+ $resp = array_merge($resp, $this->skin->status);
528
  }
529
+ return $resp;
530
  }
531
  }
532
  endif;
callback/wings/misc.php CHANGED
@@ -3,69 +3,87 @@
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVMiscCallback')) :
5
 
6
- class BVMiscCallback {
 
 
 
 
7
 
8
- function process($method) {
9
- global $bvcb, $bvresp;
10
- $info = $bvcb->bvmain->info;
11
- switch ($method) {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
12
  case "enablebadge":
13
- $option = $bvcb->bvmain->badgeinfo;
14
  $badgeinfo = array();
15
- $badgeinfo['badgeurl'] = $_REQUEST['badgeurl'];
16
- $badgeinfo['badgeimg'] = $_REQUEST['badgeimg'];
17
- $badgeinfo['badgealt'] = $_REQUEST['badgealt'];
18
- $info->updateOption($option, $badgeinfo);
19
- $bvresp->addStatus("status", $info->getOption($option));
20
  break;
21
  case "disablebadge":
22
- $option = $bvcb->bvmain->badgeinfo;
23
- $info->deleteOption($option);
24
- $bvresp->addStatus("status", !$info->getOption($option));
25
  break;
26
  case "getoption":
27
- $bvresp->addStatus('getoption', $info->getOption($_REQUEST['opkey']));
28
  break;
29
  case "setdynplug":
30
- $info->updateOption('bvdynplug', $_REQUEST['dynplug']);
31
- $bvresp->addStatus("setdynplug", $info->getOption('bvdynplug'));
32
  break;
33
  case "unsetdynplug":
34
- $info->deleteOption('bvdynplug');
35
- $bvresp->addStatus("unsetdynplug", $info->getOption('bvdynplug'));
36
  break;
37
  case "setptplug":
38
- $info->updateOption('bvptplug', $_REQUEST['ptplug']);
39
- $bvresp->addStatus("setptplug", $info->getOption('bvptplug'));
40
  break;
41
  case "unsetptplug":
42
- $info->deleteOption('bvptlug');
43
- $bvresp->addStatus("unsetptplug", $info->getOption('bvptlug'));
44
  break;
45
  case "wpupplgs":
46
- $bvresp->addStatus("wpupdateplugins", wp_update_plugins());
47
  break;
48
  case "wpupthms":
49
- $bvresp->addStatus("wpupdatethemes", wp_update_themes());
50
  break;
51
  case "wpupcre":
52
- $bvresp->addStatus("wpupdatecore", wp_version_check());
53
  break;
54
  case "rmmonitime":
55
- $bvcb->bvmain->unSetMonitTime();
56
- $bvresp->addStatus("rmmonitime", !$bvcb->bvmain->getMonitTime());
57
  break;
58
  case "phpinfo":
59
  phpinfo();
60
  die();
61
  break;
62
  case "dlttrsnt":
63
- $bvresp->addStatus("dlttrsnt", $bvcb->bvmain->info->deleteTransient($_REQUEST['key']));
64
  break;
65
  default:
66
- return false;
67
  }
68
- return true;
69
  }
70
  }
71
  endif;
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVMiscCallback')) :
5
 
6
+ class BVMiscCallback extends BVCallbackBase {
7
+ public $settings;
8
+ public $bvinfo;
9
+ public $siteinfo;
10
+ public $account;
11
 
12
+ public function __construct($callback_handler) {
13
+ $this->settings = $callback_handler->settings;
14
+ $this->siteinfo = $callback_handler->siteinfo;
15
+ $this->account = $callback_handler->account;
16
+ $this->bvinfo = new BVInfo($callback_handler->settings);
17
+ }
18
+
19
+ public function process($request) {
20
+ $bvinfo = $this->bvinfo;
21
+ $settings = $this->settings;
22
+ $params = $request->params;
23
+ switch ($request->method) {
24
+ case "dummyping":
25
+ $resp = array();
26
+ $resp = array_merge($resp, $this->siteinfo->respInfo());
27
+ $resp = array_merge($resp, $this->account->respInfo());
28
+ $resp = array_merge($resp, $this->bvinfo->respInfo());
29
+ break;
30
  case "enablebadge":
31
+ $option = $bvinfo->badgeinfo;
32
  $badgeinfo = array();
33
+ $badgeinfo['badgeurl'] = $params['badgeurl'];
34
+ $badgeinfo['badgeimg'] = $params['badgeimg'];
35
+ $badgeinfo['badgealt'] = $params['badgealt'];
36
+ $settings->updateOption($option, $badgeinfo);
37
+ $resp = array("status" => $settings->getOption($option));
38
  break;
39
  case "disablebadge":
40
+ $option = $bvinfo->badgeinfo;
41
+ $settings->deleteOption($option);
42
+ $resp = array("status" => !$settings->getOption($option));
43
  break;
44
  case "getoption":
45
+ $resp = array('getoption' => $settings->getOption($params['opkey']));
46
  break;
47
  case "setdynplug":
48
+ $settings->updateOption('bvdynplug', $params['dynplug']);
49
+ $resp = array("setdynplug" => $settings->getOption('bvdynplug'));
50
  break;
51
  case "unsetdynplug":
52
+ $settings->deleteOption('bvdynplug');
53
+ $resp = array("unsetdynplug" => $settings->getOption('bvdynplug'));
54
  break;
55
  case "setptplug":
56
+ $settings->updateOption('bvptplug', $params['ptplug']);
57
+ $resp = array("setptplug" => $settings->getOption('bvptplug'));
58
  break;
59
  case "unsetptplug":
60
+ $settings->deleteOption('bvptlug');
61
+ $resp = array("unsetptplug" => $settings->getOption('bvptlug'));
62
  break;
63
  case "wpupplgs":
64
+ $resp = array("wpupdateplugins" => wp_update_plugins());
65
  break;
66
  case "wpupthms":
67
+ $resp = array("wpupdatethemes" => wp_update_themes());
68
  break;
69
  case "wpupcre":
70
+ $resp = array("wpupdatecore" => wp_version_check());
71
  break;
72
  case "rmmonitime":
73
+ $this->settings->deleteOption('bvmonittime');
74
+ $resp = array("rmmonitime" => !$bvinfo->getMonitTime());
75
  break;
76
  case "phpinfo":
77
  phpinfo();
78
  die();
79
  break;
80
  case "dlttrsnt":
81
+ $resp = array("dlttrsnt" => $settings->deleteTransient($params['key']));
82
  break;
83
  default:
84
+ $resp = false;
85
  }
86
+ return $resp;
87
  }
88
  }
89
  endif;
callback/wings/monit.php CHANGED
@@ -3,12 +3,19 @@
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVMonitCallback')) :
5
 
6
- class BVMonitCallback {
 
 
 
 
 
 
 
 
7
  public function getData($table, $limit = 0, $filter = "") {
8
- global $bvcb;
9
  $result = array();
10
  $data = array();
11
- $rows = $bvcb->bvmain->db->getTableContent($table, '*', $filter, $limit);
12
  $last_id = 0;
13
  foreach ($rows as $row) {
14
  $result[] = $row;
@@ -20,58 +27,66 @@ class BVMonitCallback {
20
  }
21
 
22
  public function deleteBvDynamicEvents($filter = "") {
23
- global $bvcb;
24
- $name = BVDynSync::$dynsync_table;
25
- return $bvcb->bvmain->db->deleteBVTableContent($name, $filter);
 
 
 
26
  }
27
 
28
- public function process($method) {
29
- global $bvresp, $bvcb;
30
- $db = $bvcb->bvmain->db;
31
- $info = $bvcb->bvmain->info;
32
- $bvcb->bvmain->setMonitTime();
33
- switch ($method) {
34
  case "getdata":
35
- if (array_key_exists('lp', $_REQUEST)) {
36
- require_once dirname( __FILE__ ) . '/../../lp/config.php';
37
- $lp_params = $_REQUEST['lp'];
 
38
  $limit = intval(urldecode($lp_params['limit']));
39
  $filter = urldecode($lp_params['filter']);
40
- $db->deleteBVTableContent(BVLPConfig::$requests_table, $lp_params['rmfilter']);
41
- $table = $bvcb->bvmain->db->getBVTable(BVLPConfig::$requests_table);
42
- $bvresp->addStatus("lplogs", $this->getData($table, $limit, $filter));
43
  }
44
- if (array_key_exists('fw', $_REQUEST)) {
45
- require_once dirname( __FILE__ ) . '/../../fw/config.php';
46
- $fw_params = $_REQUEST['fw'];
47
  $limit = intval(urldecode($fw_params['limit']));
48
  $filter = urldecode($fw_params['filter']);
49
- $db->deleteBVTableContent(BVFWConfig::$requests_table, $fw_params['rmfilter']);
50
- $table = $bvcb->bvmain->db->getBVTable(BVFWConfig::$requests_table);
51
- $bvresp->addStatus("fwlogs", $this->getData($table, $limit, $filter));
52
  }
53
- if (array_key_exists('dynevent', $_REQUEST)) {
54
- require_once dirname( __FILE__ ) . '/../../dynsync.php';
55
- $isdynsyncactive = $info->getOption('bvDynSyncActive');
56
  if ($isdynsyncactive == 'yes') {
57
- $limit = intval(urldecode($_REQUEST['limit']));
58
- $filter = urldecode($_REQUEST['filter']);
59
- $this->deleteBvDynamicEvents($_REQUEST['rmfilter']);
60
- $table = $bvcb->bvmain->db->getBVTable(BVDynSync::$dynsync_table);
61
  $data = $this->getData($table, $limit, $filter);
62
- $bvresp->addStatus('last_id', $data['last_id']);
63
- $bvresp->addStatus('events', $data['rows']);
64
- $bvresp->addStatus('timestamp', time());
65
- $bvresp->addStatus("status", true);
66
  }
67
  }
 
68
  break;
69
  case "rmdata":
70
- require_once dirname( __FILE__ ) . '/../../dynsync.php';
71
- $filter = urldecode($_REQUEST['filter']);
72
- $bvresp->addStatus("status", $this->deleteBvDynamicEvents($filter));
73
  break;
 
 
74
  }
 
75
  }
76
  }
77
  endif;
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVMonitCallback')) :
5
 
6
+ class BVMonitCallback extends BVCallbackBase {
7
+ public $db;
8
+ public $settings;
9
+
10
+ public function __construct($callback_handler) {
11
+ $this->db = $callback_handler->db;
12
+ $this->settings = $callback_handler->settings;
13
+ }
14
+
15
  public function getData($table, $limit = 0, $filter = "") {
 
16
  $result = array();
17
  $data = array();
18
+ $rows = $this->db->getTableContent($table, '*', $filter, $limit);
19
  $last_id = 0;
20
  foreach ($rows as $row) {
21
  $result[] = $row;
27
  }
28
 
29
  public function deleteBvDynamicEvents($filter = "") {
30
+ $name = BVWPDynSync::$dynsync_table;
31
+ return $this->db->deleteBVTableContent($name, $filter);
32
+ }
33
+
34
+ public function setMonitTime() {
35
+ return $this->settings->updateOption('bvmonittime', time());
36
  }
37
 
38
+ public function process($request) {
39
+ $db = $this->db;
40
+ $settings = $this->settings;
41
+ $this->setMonitTime();
42
+ $params = $request->params;
43
+ switch ($request->method) {
44
  case "getdata":
45
+ $resp = array();
46
+ if (array_key_exists('lp', $params)) {
47
+ require_once dirname( __FILE__ ) . '/../../protect/wp_lp/config.php';
48
+ $lp_params = $params['lp'];
49
  $limit = intval(urldecode($lp_params['limit']));
50
  $filter = urldecode($lp_params['filter']);
51
+ $db->deleteBVTableContent(BVWPLPConfig::$requests_table, $lp_params['rmfilter']);
52
+ $table = $db->getBVTable(BVWPLPConfig::$requests_table);
53
+ $resp["lplogs"] = $this->getData($table, $limit, $filter);
54
  }
55
+ if (array_key_exists('fw', $params)) {
56
+ require_once dirname( __FILE__ ) . '/../../protect/wp_fw/config.php';
57
+ $fw_params = $params['fw'];
58
  $limit = intval(urldecode($fw_params['limit']));
59
  $filter = urldecode($fw_params['filter']);
60
+ $db->deleteBVTableContent(BVWPFWConfig::$requests_table, $fw_params['rmfilter']);
61
+ $table = $db->getBVTable(BVWPFWConfig::$requests_table);
62
+ $resp["fwlogs"] = $this->getData($table, $limit, $filter);
63
  }
64
+ if (array_key_exists('dynevent', $params)) {
65
+ require_once dirname( __FILE__ ) . '/../../wp_dynsync.php';
66
+ $isdynsyncactive = $settings->getOption('bvDynSyncActive');
67
  if ($isdynsyncactive == 'yes') {
68
+ $limit = intval(urldecode($params['limit']));
69
+ $filter = urldecode($params['filter']);
70
+ $this->deleteBvDynamicEvents($params['rmfilter']);
71
+ $table = $db->getBVTable(BVWPDynSync::$dynsync_table);
72
  $data = $this->getData($table, $limit, $filter);
73
+ $resp['last_id'] = $data['last_id'];
74
+ $resp['events'] = $data['rows'];
75
+ $resp['timestamp'] = time();
76
+ $resp["status"] = true;
77
  }
78
  }
79
+ $resp["status"] = "done";
80
  break;
81
  case "rmdata":
82
+ require_once dirname( __FILE__ ) . '/../../wp_dynsync.php';
83
+ $filter = urldecode($params['filter']);
84
+ $resp = array("status" => $this->deleteBvDynamicEvents($filter));
85
  break;
86
+ default:
87
+ $resp = false;
88
  }
89
+ return $resp;
90
  }
91
  }
92
  endif;
callback/wings/protect.php CHANGED
@@ -3,16 +3,25 @@
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVProtectCallback')) :
5
 
6
- require_once dirname( __FILE__ ) . '/../../protect.php';
7
 
8
- class BVProtectCallback {
9
- public function process($method) {
10
- global $bvcb, $bvresp;
11
- $protect = new BVProtect($bvcb->bvmain);
12
- $info = $bvcb->bvmain->info;
13
- switch ($method) {
 
 
 
 
 
 
 
 
14
  case "gtipprobeinfo":
15
- $headers = $_REQUEST['hdrs'];
 
16
  $hdrsinfo = array();
17
  if ($headers && is_array($headers)) {
18
  foreach($headers as $hdr) {
@@ -21,42 +30,43 @@ class BVProtectCallback {
21
  }
22
  }
23
  }
24
- $bvresp->addStatus("hdrsinfo", $hdrsinfo);
25
- if ($iphdr = $info->getOption($bvcb->bvmain->ip_header_option)) {
26
- $bvresp->addStatus("iphdr", $iphdr);
27
  }
28
  break;
29
  case "gtraddr":
30
  $raddr = array_key_exists('REMOTE_ADDR', $_SERVER) ? $_SERVER['REMOTE_ADDR'] : false;
31
- $bvresp->addStatus("raddr", $raddr);
32
  break;
33
  case "gtallhdrs":
34
  $data = (function_exists('getallheaders')) ? getallheaders() : false;
35
- $bvresp->addStatus("allhdrs", $data);
36
  break;
37
  case "gtsvr":
38
- $bvresp->addStatus("svr", $_SERVER);
39
  break;
40
  case "gtip":
41
- $bvresp->addStatus("ip", $protect->getIP());
42
  break;
43
  case "stiphdr":
44
- $option_name = $bvcb->bvmain->ip_header_option;
45
- $iphdr = array('hdr' => $_REQUEST['hdr'], 'pos' => $_REQUEST['pos']);
46
- $info->updateOption($option_name, $iphdr);
47
- $bvresp->addStatus("iphdr", $info->getOption($option_name));
48
  break;
49
  case "gtiphdr":
50
- $bvresp->addStatus("iphdr", $info->getOption($bvcb->bvmain->ip_header_option));
51
  break;
52
  case "rmiphdr":
53
- $option_name = $bvcb->bvmain->ip_header_option;
54
- $info->deleteOption($option_name);
55
- $bvresp->addStatus("iphdr", $info->getOption($option_name));
56
  break;
57
  default:
58
- return false;
59
  }
 
60
  }
61
  }
62
  endif;
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVProtectCallback')) :
5
 
6
+ require_once dirname( __FILE__ ) . '/../../protect/protect.php';
7
 
8
+ class BVProtectCallback extends BVCallbackBase {
9
+ public $db;
10
+ public $settings;
11
+
12
+ public function __construct($callback_handler) {
13
+ $this->db = $callback_handler->db;
14
+ $this->settings = $callback_handler->settings;
15
+ }
16
+
17
+ public function process($request) {
18
+ $bvinfo = new BVInfo($this->settings);
19
+ $protect = new BVProtect($this->db, $this->settings);
20
+ $params = $request->params;
21
+ switch ($request->method) {
22
  case "gtipprobeinfo":
23
+ $resp = array();
24
+ $headers = $params['hdrs'];
25
  $hdrsinfo = array();
26
  if ($headers && is_array($headers)) {
27
  foreach($headers as $hdr) {
30
  }
31
  }
32
  }
33
+ $resp["hdrsinfo"] = $hdrsinfo;
34
+ if ($iphdr = $this->settings->getOption($bvinfo->ip_header_option)) {
35
+ $resp["iphdr"] = $iphdr;
36
  }
37
  break;
38
  case "gtraddr":
39
  $raddr = array_key_exists('REMOTE_ADDR', $_SERVER) ? $_SERVER['REMOTE_ADDR'] : false;
40
+ $resp = array("raddr" => $raddr);
41
  break;
42
  case "gtallhdrs":
43
  $data = (function_exists('getallheaders')) ? getallheaders() : false;
44
+ $resp = array("allhdrs" => $data);
45
  break;
46
  case "gtsvr":
47
+ $resp = array("svr" => $_SERVER);
48
  break;
49
  case "gtip":
50
+ $resp = array("ip" => $protect->getIP());
51
  break;
52
  case "stiphdr":
53
+ $option_name = $bvinfo->ip_header_option;
54
+ $iphdr = array('hdr' => $params['hdr'], 'pos' => $params['pos']);
55
+ $this->settings->updateOption($option_name, $iphdr);
56
+ $resp = array("iphdr" => $this->settings->getOption($option_name));
57
  break;
58
  case "gtiphdr":
59
+ $resp = array("iphdr" => $this->settings->getOption($bvinfo->ip_header_option));
60
  break;
61
  case "rmiphdr":
62
+ $option_name = $bvinfo->ip_header_option;
63
+ $this->settings->deleteOption($option_name);
64
+ $resp = array("iphdr" => $this->settings->getOption($option_name));
65
  break;
66
  default:
67
+ $resp = false;
68
  }
69
+ return $resp;
70
  }
71
  }
72
  endif;
fw/config.php DELETED
@@ -1,66 +0,0 @@
1
- <?php
2
-
3
- if (!defined('ABSPATH')) exit;
4
- if (!class_exists('BVFWConfig')) :
5
- class BVFWConfig {
6
- public $bvmain;
7
- public static $requests_table = 'fw_requests';
8
-
9
- function __construct($bvmain) {
10
- $this->bvmain = $bvmain;
11
- }
12
-
13
- #mode
14
- const DISABLED = 1;
15
- const AUDIT = 2;
16
- const PROTECT = 3;
17
-
18
- public function setMode($mode) {
19
- if (!$mode) {
20
- $this->bvmain->info->deleteOption('bvfwmode');
21
- } else {
22
- $this->bvmain->info->updateOption('bvfwmode', intval($mode));
23
- }
24
- }
25
-
26
- public function setRulesMode($mode) {
27
- if (!$mode) {
28
- $this->bvmain->info->deleteOption('bvfwrulesmode');
29
- } else {
30
- $this->bvmain->info->updateOption('bvfwrulesmode', intval($mode));
31
- }
32
- }
33
-
34
- public function setDisabledRules($rules) {
35
- if (!$rules) {
36
- $this->bvmain->info->deleteOption('bvfwdisabledrules');
37
- } else {
38
- $this->bvmain->info->updateOption('bvfwdisabledrules', $rules);
39
- }
40
- }
41
-
42
- public function getMode() {
43
- $mode = $this->bvmain->info->getOption('bvfwmode');
44
- return intval($mode ? $mode : BVFWConfig::DISABLED);
45
- }
46
-
47
- public function getRulesMode() {
48
- $mode = $this->bvmain->info->getOption('bvfwrulesmode');
49
- return intval($mode ? $mode : BVFWConfig::DISABLED);
50
- }
51
-
52
- public function getDisabledRules() {
53
- $rules = $this->bvmain->info->getOption('bvfwdisabledrules');
54
- return ($rules ? $rules : array());
55
- }
56
-
57
- public function clear() {
58
- $this->setMode(false);
59
- $this->setRulesMode(false);
60
- $this->setDisabledRules(false);
61
- $this->bvmain->db->dropBVTable(BVFWConfig::$requests_table);
62
- $this->bvmain->info->deleteOption('bvptplug');
63
- return true;
64
- }
65
- }
66
- endif;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
fw/fw.php DELETED
@@ -1,280 +0,0 @@
1
- <?php
2
-
3
- if (!defined('ABSPATH')) exit;
4
- if (!class_exists('BVFW')) :
5
-
6
- require_once dirname( __FILE__ ) . '/config.php';
7
- require_once dirname( __FILE__ ) . '/request.php';
8
- require_once dirname( __FILE__ ) . './../ipstore.php';
9
-
10
- class BVFW {
11
- public $request;
12
- public $config;
13
- public $bvmain;
14
- public $ipstore;
15
- public $category;
16
- public $logger;
17
- #all rule id will also come under this
18
-
19
- const SQLIREGEX = '/(?:[^\\w<]|\\/\\*\\![0-9]*|^)(?:
20
- @@HOSTNAME|
21
- ALTER|ANALYZE|ASENSITIVE|
22
- BEFORE|BENCHMARK|BETWEEN|BIGINT|BINARY|BLOB|
23
- CALL|CASE|CHANGE|CHAR|CHARACTER|CHAR_LENGTH|COLLATE|COLUMN|CONCAT|CONDITION|CONSTRAINT|CONTINUE|CONVERT|CREATE|CROSS|CURRENT_DATE|CURRENT_TIME|CURRENT_TIMESTAMP|CURRENT_USER|CURSOR|
24
- DATABASE|DATABASES|DAY_HOUR|DAY_MICROSECOND|DAY_MINUTE|DAY_SECOND|DECIMAL|DECLARE|DEFAULT|DELAYED|DELETE|DESCRIBE|DETERMINISTIC|DISTINCT|DISTINCTROW|DOUBLE|DROP|DUAL|DUMPFILE|
25
- EACH|ELSE|ELSEIF|ELT|ENCLOSED|ESCAPED|EXISTS|EXIT|EXPLAIN|EXTRACTVALUE|
26
- FETCH|FLOAT|FLOAT4|FLOAT8|FORCE|FOREIGN|FROM|FULLTEXT|
27
- GRANT|GROUP|HAVING|HEX|HIGH_PRIORITY|HOUR_MICROSECOND|HOUR_MINUTE|HOUR_SECOND|
28
- IFNULL|IGNORE|INDEX|INFILE|INNER|INOUT|INSENSITIVE|INSERT|INTERVAL|ISNULL|ITERATE|
29
- JOIN|KILL|LEADING|LEAVE|LIMIT|LINEAR|LINES|LOAD|LOAD_FILE|LOCALTIME|LOCALTIMESTAMP|LOCK|LONG|LONGBLOB|LONGTEXT|LOOP|LOW_PRIORITY|
30
- MASTER_SSL_VERIFY_SERVER_CERT|MATCH|MAXVALUE|MEDIUMBLOB|MEDIUMINT|MEDIUMTEXT|MID|MIDDLEINT|MINUTE_MICROSECOND|MINUTE_SECOND|MODIFIES|
31
- NATURAL|NO_WRITE_TO_BINLOG|NULL|NUMERIC|OPTION|ORD|ORDER|OUTER|OUTFILE|
32
- PRECISION|PRIMARY|PRIVILEGES|PROCEDURE|PROCESSLIST|PURGE|
33
- RANGE|READ_WRITE|REGEXP|RELEASE|REPEAT|REQUIRE|RESIGNAL|RESTRICT|RETURN|REVOKE|RLIKE|ROLLBACK|
34
- SCHEMA|SCHEMAS|SECOND_MICROSECOND|SELECT|SENSITIVE|SEPARATOR|SHOW|SIGNAL|SLEEP|SMALLINT|SPATIAL|SPECIFIC|SQLEXCEPTION|SQLSTATE|SQLWARNING|SQL_BIG_RESULT|SQL_CALC_FOUND_ROWS|SQL_SMALL_RESULT|STARTING|STRAIGHT_JOIN|SUBSTR|
35
- TABLE|TERMINATED|TINYBLOB|TINYINT|TINYTEXT|TRAILING|TRANSACTION|TRIGGER|
36
- UNDO|UNHEX|UNION|UNLOCK|UNSIGNED|UPDATE|UPDATEXML|USAGE|USING|UTC_DATE|UTC_TIME|UTC_TIMESTAMP|
37
- VALUES|VARBINARY|VARCHAR|VARCHARACTER|VARYING|WHEN|WHERE|WHILE|WRITE|YEAR_MONTH|ZEROFILL)(?=[^\\w]|$)/ix';
38
- const XSSREGEX = '/(?:
39
- #tags
40
- (?:\\<|\\+ADw\\-|\\xC2\\xBC)(script|iframe|svg|object|embed|applet|link|style|meta|\\/\\/|\\?xml\\-stylesheet)(?:[^\\w]|\\xC2\\xBE)|
41
- #protocols
42
- (?:^|[^\\w])(?:(?:\\s*(?:&\\#(?:x0*6a|0*106)|j)\\s*(?:&\\#(?:x0*61|0*97)|a)\\s*(?:&\\#(?:x0*76|0*118)|v)\\s*(?:&\\#(?:x0*61|0*97)|a)|\\s*(?:&\\#(?:x0*76|0*118)|v)\\s*(?:&\\#(?:x0*62|0*98)|b)|\\s*(?:&\\#(?:x0*65|0*101)|e)\\s*(?:&\\#(?:x0*63|0*99)|c)\\s*(?:&\\#(?:x0*6d|0*109)|m)\\s*(?:&\\#(?:x0*61|0*97)|a)|\\s*(?:&\\#(?:x0*6c|0*108)|l)\\s*(?:&\\#(?:x0*69|0*105)|i)\\s*(?:&\\#(?:x0*76|0*118)|v)\\s*(?:&\\#(?:x0*65|0*101)|e))\\s*(?:&\\#(?:x0*73|0*115)|s)\\s*(?:&\\#(?:x0*63|0*99)|c)\\s*(?:&\\#(?:x0*72|0*114)|r)\\s*(?:&\\#(?:x0*69|0*105)|i)\\s*(?:&\\#(?:x0*70|0*112)|p)\\s*(?:&\\#(?:x0*74|0*116)|t)|\\s*(?:&\\#(?:x0*6d|0*109)|m)\\s*(?:&\\#(?:x0*68|0*104)|h)\\s*(?:&\\#(?:x0*74|0*116)|t)\\s*(?:&\\#(?:x0*6d|0*109)|m)\\s*(?:&\\#(?:x0*6c|0*108)|l)|\\s*(?:&\\#(?:x0*6d|0*109)|m)\\s*(?:&\\#(?:x0*6f|0*111)|o)\\s*(?:&\\#(?:x0*63|0*99)|c)\\s*(?:&\\#(?:x0*68|0*104)|h)\\s*(?:&\\#(?:x0*61|0*97)|a)|\\s*(?:&\\#(?:x0*64|0*100)|d)\\s*(?:&\\#(?:x0*61|0*97)|a)\\s*(?:&\\#(?:x0*74|0*116)|t)\\s*(?:&\\#(?:x0*61|0*97)|a)(?!(?:&\\#(?:x0*3a|0*58)|\\:)(?:&\\#(?:x0*69|0*105)|i)(?:&\\#(?:x0*6d|0*109)|m)(?:&\\#(?:x0*61|0*97)|a)(?:&\\#(?:x0*67|0*103)|g)(?:&\\#(?:x0*65|0*101)|e)(?:&\\#(?:x0*2f|0*47)|\\/)(?:(?:&\\#(?:x0*70|0*112)|p)(?:&\\#(?:x0*6e|0*110)|n)(?:&\\#(?:x0*67|0*103)|g)|(?:&\\#(?:x0*62|0*98)|b)(?:&\\#(?:x0*6d|0*109)|m)(?:&\\#(?:x0*70|0*112)|p)|(?:&\\#(?:x0*67|0*103)|g)(?:&\\#(?:x0*69|0*105)|i)(?:&\\#(?:x0*66|0*102)|f)|(?:&\\#(?:x0*70|0*112)|p)?(?:&\\#(?:x0*6a|0*106)|j)(?:&\\#(?:x0*70|0*112)|p)(?:&\\#(?:x0*65|0*101)|e)(?:&\\#(?:x0*67|0*103)|g)|(?:&\\#(?:x0*74|0*116)|t)(?:&\\#(?:x0*69|0*105)|i)(?:&\\#(?:x0*66|0*102)|f)(?:&\\#(?:x0*66|0*102)|f)|(?:&\\#(?:x0*73|0*115)|s)(?:&\\#(?:x0*76|0*118)|v)(?:&\\#(?:x0*67|0*103)|g)(?:&\\#(?:x0*2b|0*43)|\\+)(?:&\\#(?:x0*78|0*120)|x)(?:&\\#(?:x0*6d|0*109)|m)(?:&\\#(?:x0*6c|0*108)|l))(?:(?:&\\#(?:x0*3b|0*59)|;)(?:&\\#(?:x0*63|0*99)|c)(?:&\\#(?:x0*68|0*104)|h)(?:&\\#(?:x0*61|0*97)|a)(?:&\\#(?:x0*72|0*114)|r)(?:&\\#(?:x0*73|0*115)|s)(?:&\\#(?:x0*65|0*101)|e)(?:&\\#(?:x0*74|0*116)|t)(?:&\\#(?:x0*3d|0*61)|=)[\\-a-z0-9]+)?(?:(?:&\\#(?:x0*3b|0*59)|;)(?:&\\#(?:x0*62|0*98)|b)(?:&\\#(?:x0*61|0*97)|a)(?:&\\#(?:x0*73|0*115)|s)(?:&\\#(?:x0*65|0*101)|e)(?:&\\#(?:x0*36|0*54)|6)(?:&\\#(?:x0*34|0*52)|4))?(?:&\\#(?:x0*2c|0*44)|,)))\\s*(?:&\\#(?:x0*3a|0*58)|&colon|\\:)|
43
- #css expression
44
- (?:^|[^\\w])(?:(?:\\\\0*65|\\\\0*45|e)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*78|\\\\0*58|x)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*70|\\\\0*50|p)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*72|\\\\0*52|r)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*65|\\\\0*45|e)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*73|\\\\0*53|s)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*73|\\\\0*53|s)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*69|\\\\0*49|i)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6f|\\\\0*4f|o)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6e|\\\\0*4e|n))[^\\w]*?(?:\\\\0*28|\\()|
45
- #css properties
46
- (?:^|[^\\w])(?:(?:(?:\\\\0*62|\\\\0*42|b)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*65|\\\\0*45|e)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*68|\\\\0*48|h)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*61|\\\\0*41|a)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*76|\\\\0*56|v)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*69|\\\\0*49|i)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6f|\\\\0*4f|o)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*72|\\\\0*52|r)(?:\\/\\*.*?\\*\\/)*)|(?:(?:\\\\0*2d|\\\\0*2d|-)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6d|\\\\0*4d|m)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6f|\\\\0*4f|o)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*7a|\\\\0*5a|z)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*2d|\\\\0*2d|-)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*62|\\\\0*42|b)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*69|\\\\0*49|i)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6e|\\\\0*4e|n)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*64|\\\\0*44|d)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*69|\\\\0*49|i)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6e|\\\\0*4e|n)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*67|\\\\0*47|g)(?:\\/\\*.*?\\*\\/)*))[^\\w]*(?:\\\\0*3a|\\\\0*3a|:)[^\\w]*(?:\\\\0*75|\\\\0*55|u)(?:\\\\0*72|\\\\0*52|r)(?:\\\\0*6c|\\\\0*4c|l)|
47
- #properties
48
- (?:^|[^\\w])(?:on(?:abort|activate|afterprint|afterupdate|autocomplete|autocompleteerror|beforeactivate|beforecopy|beforecut|beforedeactivate|beforeeditfocus|beforepaste|beforeprint|beforeunload|beforeupdate|blur|bounce|cancel|canplay|canplaythrough|cellchange|change|click|close|contextmenu|controlselect|copy|cuechange|cut|dataavailable|datasetchanged|datasetcomplete|dblclick|deactivate|drag|dragend|dragenter|dragleave|dragover|dragstart|drop|durationchange|emptied|encrypted|ended|error|errorupdate|filterchange|finish|focus|focusin|focusout|formchange|forminput|hashchange|help|input|invalid|keydown|keypress|keyup|languagechange|layoutcomplete|load|loadeddata|loadedmetadata|loadstart|losecapture|message|mousedown|mouseenter|mouseleave|mousemove|mouseout|mouseover|mouseup|mousewheel|move|moveend|movestart|mozfullscreenchange|mozfullscreenerror|mozpointerlockchange|mozpointerlockerror|offline|online|page|pagehide|pageshow|paste|pause|play|playing|popstate|progress|propertychange|ratechange|readystatechange|reset|resize|resizeend|resizestart|rowenter|rowexit|rowsdelete|rowsinserted|scroll|search|seeked|seeking|select|selectstart|show|stalled|start|storage|submit|suspend|timer|timeupdate|toggle|unload|volumechange|waiting|webkitfullscreenchange|webkitfullscreenerror|wheel)|formaction|data\\-bind|ev:event)[^\\w]
49
- )/ix';
50
-
51
- public function __construct($bvmain, $ip) {
52
- $this->bvmain = $bvmain;
53
- $this->config = new BVFWConfig($this->bvmain);
54
- $this->request = new BVRequest($ip);
55
- $this->ipstore = new BVIPStore($bvmain);
56
- $this->logger = new BVLogger($this->bvmain->db, BVFWConfig::$requests_table);
57
- }
58
-
59
- public function init() {
60
- if ($this->isActive()) {
61
- $this->execute();
62
- }
63
- add_action('clear_fw_config', array($this->config, 'clear'));
64
- }
65
-
66
- public function initLogger() {
67
- add_filter('status_header', array($this->request, 'captureRespCode'));
68
- add_action('admin_init', array($this, 'log'));
69
- add_action('template_redirect', array($this, 'log'));
70
- }
71
-
72
- public function log() {
73
- if (!function_exists('is_user_logged_in') || !is_user_logged_in()) {
74
- $this->logger->log($this->request->getDataToLog());
75
- }
76
- }
77
-
78
- public function isActive() {
79
- return ($this->config->getMode() !== BVFWConfig::DISABLED);
80
- }
81
-
82
- public function isProtecting() {
83
- return ($this->config->getMode() === BVFWConfig::PROTECT);
84
- }
85
-
86
- public function terminateRequest($category = null) {
87
- if ($category)
88
- $this->request->setCategory($category);
89
- $this->request->setStatus(BVRequest::BLOCKED);
90
- $this->request->setRespCode(403);
91
- if ($this->isProtecting()) {
92
- header("Cache-Control: no-cache, no-store, must-revalidate");
93
- header("Pragma: no-cache");
94
- header("Expires: 0");
95
- header('HTTP/1.0 403 Forbidden');
96
- $this->log();
97
- $brandname = $this->bvmain->getBrandName();
98
- die("
99
- <div style='height: 98vh;'>
100
- <div style='text-align: center; padding: 10% 0; font-family: Arial, Helvetica, sans-serif;'>
101
- <div><p><img src=".plugins_url('../img/icon.png', __FILE__)."><h2>Firewall</h2><h3>powered by</h3><h2>"
102
- .$brandname."</h2></p><div>
103
- <p>Blocked because of Malicious Activities</p>
104
- </div>
105
- </div>
106
- ");
107
- exit;
108
- }
109
- }
110
-
111
- public function isBlacklistedIP() {
112
- return $this->ipstore->checkIPPresent($this->request->getIP(), BVIPStore::BLACKLISTED, BVIPStore::FW);
113
- }
114
-
115
- public function isWhitelistedIP() {
116
- return $this->ipstore->checkIPPresent($this->request->getIP(), BVIPStore::WHITELISTED, BVIPStore::FW);
117
- }
118
-
119
- public function canBypassFirewall() {
120
- if ($this->isWhitelistedIP()) {
121
- $this->request->setCategory(BVRequest::WHITELISTED);
122
- $this->request->setStatus(BVRequest::BYPASSED);
123
- return true;
124
- }
125
- return false;
126
- }
127
-
128
- public function execute() {
129
- $this->initLogger();
130
- if (!$this->canBypassFirewall()) {
131
- if ($this->isBlacklistedIP()) {
132
- $this->terminateRequest(BVRequest::BLACKLISTED);
133
- } else {
134
- $this->evaluateRules();
135
- }
136
- }
137
- }
138
-
139
- public function getServerValue($key) {
140
- if (isset($_SERVER) && array_key_exists($key, $_SERVER)) {
141
- return $_SERVER[$key];
142
- }
143
- return null;
144
- }
145
-
146
- public function match($pattern, $subject) {
147
- if (is_array($subject)) {
148
- foreach ($subject as $val) {
149
- return $this->match($pattern, $val);
150
- }
151
- return false;
152
- } else {
153
- return preg_match((string) $pattern, (string) $subject, $matches) > 0;
154
- }
155
- }
156
-
157
- public function matchMD5($str, $val) {
158
- return md5((string) $str) === $val;
159
- }
160
-
161
- public function getLength($val) {
162
- return strlen(is_array($val) ? join('', $val) : (string) $val);
163
- }
164
-
165
- public function contains($pattern, $subject) {
166
- if (is_array($pattern)) {
167
- return in_array($pattern, $subject, true);
168
- }
169
- return strpos((string) $subject, (string) $pattern) !== false;
170
- }
171
-
172
- public function equals($value, $subject) {
173
- return $value == $subject;
174
- }
175
-
176
- public function notEquals($value, $subject) {
177
- return $value != $subject;
178
- }
179
-
180
- public function evaluateRules() {
181
- if ($this->config->getRulesMode() == BVFWConfig::DISABLED)
182
- return false;
183
-
184
- $request = $this->request;
185
- $disabledRules = $this->config->getDisabledRules();
186
- if (!in_array(108, $disabledRules, true)) {
187
- if ($this->match(BVFW::XSSREGEX, $request->getQueryString()))
188
- $this->terminateRequest(108);
189
- }
190
- if (!in_array(112, $disabledRules, true)) {
191
- if ($this->match('/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/', $request->getPath()) &&
192
- (($this->equals('revslider_show_image', $request->getQueryString('action')) && $this->match('/\\.php$/i', $request->getQueryString('img'))) or
193
- ($this->equals('revslider_show_image', $request->getBody('action')) && $this->match('/\\.php$/i', $request->getQueryString('img')))))
194
- $this->terminateRequest(112);
195
- }
196
- if (!in_array(114, $disabledRules, true)) {
197
- if ($this->match('/<\\!(?:DOCTYPE|ENTITY)\\s+(?:%\\s*)?\\w+\\s+SYSTEM/i', $request->getBody()) or
198
- $this->match('/<\\!(?:DOCTYPE|ENTITY)\\s+(?:%\\s*)?\\w+\\s+SYSTEM/i', $request->getQueryString()))
199
- $this->terminateRequest(114);
200
- }
201
- if (!in_array(115, $disabledRules, true)) {
202
- if ($this->match('#/wp\\-admin/admin\\-ajax\\.php$#i', $this->getServerValue('script_filename')) && ($this->equals('update-plugin', $request->getBody('action')) or
203
- $this->equals('update-plugin', $request->getQueryString('action'))) && ($this->match('/(^|\\/|\\\\|%2f|%5c)\\.\\.(\\\\|\\/|%2f|%5c)/i', $request->getBody()) or
204
- ($this->match('/(^|\\/|\\\\|%2f|%5c)\\.\\.(\\\\|\\/|%2f|%5c)/i', $request->getQueryString()))))
205
- $this->terminateRequest(115);
206
- }
207
- if (!in_array(132, $disabledRules, true)) {
208
- if (($this->equals('Y', $request->getBody('kentopvc_hidden'))) &&
209
- ((!$this->match('/^1?$/', $request->getBody('kento_pvc_hide'))) or
210
- (!$this->match('/^1?$/', $request->getBody('kento_pvc_uniq'))) or
211
- (!$this->match('/^1?$/', $request->getBody('kento_pvc_posttype'))) or
212
- ($this->match(BVFW::XSSREGEX, $request->getBody('kento_pvc_today_text'))) or
213
- ($this->match(BVFW::XSSREGEX, $request->getBody('kento_pvc_total_text'))) or
214
- ($this->match(BVFW::XSSREGEX, $request->getBody('kento_pvc_numbers_lang')))))
215
- $this->terminateRequest(132);
216
- }
217
- if (!in_array(133, $disabledRules, true)) {
218
- if ((($this->match('#/wp\\-mobile\\-detector[/]+resize\\.php#i', $request->getPath())) or
219
- ($this->match('#/wp\\-mobile\\-detector[/]+timthumb\\.php#i', $request->getPath()))) &&
220
- ((($this->getLength($request->getBody('src')) > 0) &&
221
- (!$this->match('/\\.(?:png|gif|jpg|jpeg|jif|jfif|svg)$/i', $request->getBody('src')))) or
222
- (($this->getLength($request->getQueryString('src'))) &&
223
- (!$this->match('/\\.(?:png|gif|jpg|jpeg|jif|jfif|svg)$/i', $request->getQueryString('src'))))))
224
- $this->terminateRequest(133);
225
- }
226
- if (!in_array(145, $disabledRules, true)) {
227
- if ((($this->match('/Abonti|aggregator|AhrefsBot|asterias|BDCbot|BLEXBot|BuiltBotTough|Bullseye|BunnySlippers|ca\\-crawler|CCBot|Cegbfeieh|CheeseBot|CherryPicker|CopyRightCheck|cosmos|Crescent|discobot|DittoSpyder|DotBot|Download Ninja|EasouSpider|EmailCollector|EmailSiphon|EmailWolf|EroCrawler|Exabot|ExtractorPro|Fasterfox|FeedBooster|Foobot|Genieo|grub\\-client|Harvest|hloader|httplib|HTTrack|humanlinks|ieautodiscovery|InfoNaviRobot|IstellaBot|Java\\/1\\.|JennyBot|k2spider|Kenjin Spider|Keyword Density\\/0\\.9|larbin|LexiBot|libWeb|libwww|LinkextractorPro|linko|LinkScan\\/8\\.1a Unix|LinkWalker|LNSpiderguy|lwp\\-trivial|magpie|Mata Hari|MaxPointCrawler|MegaIndex|Microsoft URL Control|MIIxpc|Mippin|Missigua Locator|Mister PiX|MJ12bot|moget|MSIECrawler|NetAnts|NICErsPRO|Niki\\-Bot|NPBot|Nutch|Offline Explorer|Openfind|panscient\\.com|PHP\\/5\\.\\{|ProPowerBot\\/2\\.14|ProWebWalker|Python\\-urllib|QueryN Metasearch|RepoMonkey|RMA|SemrushBot|SeznamBot|SISTRIX|sitecheck\\.Internetseer\\.com|SiteSnagger|SnapPreviewBot|Sogou|SpankBot|spanner|spbot|Spinn3r|suzuran|Szukacz\\/1\\.4|Teleport|Telesoft|The Intraformant|TheNomad|TightTwatBot|Titan|toCrawl\\/UrlDispatcher|True_Robot|turingos|TurnitinBot|UbiCrawler|UnisterBot|URLy Warning|VCI|WBSearchBot|Web Downloader\\/6\\.9|Web Image Collector|WebAuto|WebBandit|WebCopier|WebEnhancer|WebmasterWorldForumBot|WebReaper|WebSauger|Website Quester|Webster Pro|WebStripper|WebZip|Wotbox|wsr\\-agent|WWW\\-Collector\\-E|Xenu|Zao|Zeus|ZyBORG|coccoc|Incutio|lmspider|memoryBot|SemrushBot|serf|Unknown|uptime files/i', $request->getHeader('User-Agent'))) &&
228
- ($this->match(BVFW::XSSREGEX, $request->getHeader('User-Agent')))) or
229
- (($this->match('/semalt\\.com|kambasoft\\.com|savetubevideo\\.com|buttons\\-for\\-website\\.com|sharebutton\\.net|soundfrost\\.org|srecorder\\.com|softomix\\.com|softomix\\.net|myprintscreen\\.com|joinandplay\\.me|fbfreegifts\\.com|openmediasoft\\.com|zazagames\\.org|extener\\.org|openfrost\\.com|openfrost\\.net|googlsucks\\.com|best\\-seo\\-offer\\.com|buttons\\-for\\-your\\-website\\.com|www\\.Get\\-Free\\-Traffic\\-Now\\.com|best\\-seo\\-solution\\.com|buy\\-cheap\\-online\\.info|site3\\.free\\-share\\-buttons\\.com|webmaster\\-traffic\\.co/i', $request->getHeader('Referer'))) &&
230
- ($this->match(BVFW::XSSREGEX, $request->getHeader('User-Agent')))))
231
- $this->terminateRequest(145);
232
- }
233
- if (!in_array(146, $disabledRules, true)) {
234
- if ($this->match('/sitemap_.*?<.*?(:?_\\d+)?\\.xml(:?\\.gz)?/i', $request->getPath()))
235
- $this->terminateRequest(146);
236
- }
237
- if (!in_array(155, $disabledRules, true)) {
238
- if (($this->match(BVFW::XSSREGEX, $request->getHeader('Client-IP'))) or
239
- ($this->match(BVFW::XSSREGEX, $request->getHeader('X-Forwarded'))) or
240
- ($this->match(BVFW::XSSREGEX, $request->getHeader('X-Cluster-Client-IP'))) or
241
- ($this->match(BVFW::XSSREGEX, $request->getHeader('Forwarded-For'))) or
242
- ($this->match(BVFW::XSSREGEX, $request->getHeader('Forwarded'))))
243
- $this->terminateRequest(155);
244
- }
245
- if (!in_array(156, $disabledRules, true)) {
246
- if ($this->match('#/wp\\-admin/admin\\-ajax\\.php$#i', $this->getServerValue('script_filename')) or
247
- (($this->match(BVFW::SQLIREGEX, $request->getBody('umm_user'))) or
248
- ($this->match(BVFW::SQLIREGEX, $request->getQueryString('umm_user')))))
249
- $this->terminateRequest(156);
250
- }
251
- if (!in_array(165, $disabledRules, true)) {
252
- if ($this->match('/O:\\d+:"(?!stdClass")[^"]+":/', $request->getCookies('ecwid_oauth_state')))
253
- $this->terminateRequest(165);
254
- }
255
- if (!in_array(167, $disabledRules, true)) {
256
- if ((!$this->match('/\\.(jpe?g|png|mpeg|mov|flv|pdf|docx?|txt|csv|avi|mp3|wma|wav)($|\\.)/i', $request->getFileNames())) &&
257
- ($this->getLength($request->getBody('save_bepro_listing')) > 0))
258
- $this->terminateRequest(167);
259
- }
260
- if (!in_array(168, $disabledRules, true)) {
261
- if (($this->match('#/wp\\-admin/admin\\-ajax\\.php$#i', $this->getServerValue('script_filename'))) &&
262
- ($this->equals('master-slider', $request->getQueryString('page'))) &&
263
- ($this->getLength($request->getBody('page')) > 0) &&
264
- ($this->notEquals('master-slider', $request->getBody('page'))))
265
- $this->terminateRequest(168);
266
- }
267
- if (!in_array(169, $disabledRules, true)) {
268
- if (($this->equals('fancybox-for-wordpress', $request->getQueryString('page'))) &&
269
- ($this->match(BVFW::XSSREGEX, $request->getBody('mfbfw'))))
270
- $this->terminateRequest(169);
271
- }
272
- if (!in_array(171, $disabledRules, true)) {
273
- if ((($this->match('#wp-json/wp/v\\d+/posts/#i', $request->getPath())) or
274
- ($this->match('#/wp/v\\d+/posts/#i', $request->getQueryString('rest_route')))) &&
275
- ($this->match('/[^0-9]/', $request->getQueryString('id'))))
276
- $this->terminateRequest(171);
277
- }
278
- }
279
- }
280
- endif;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
img/sap-logo.png DELETED
Binary file
info.php ADDED
@@ -0,0 +1,85 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ if (!defined('ABSPATH')) exit;
4
+ if (!class_exists('BVInfo')) :
5
+ class BVInfo {
6
+ public $settings;
7
+ public $plugname = 'bvbackup';
8
+ public $brandname = 'BlogVault';
9
+ public $badgeinfo = 'bvbadge';
10
+ public $ip_header_option = 'bvipheader';
11
+ public $brand_option = 'bvbrand';
12
+ public $version = '3.4';
13
+ public $webpage = 'https://blogvault.net';
14
+ public $appurl = 'https://app.blogvault.net';
15
+ public $slug = 'blogvault-real-time-backup/blogvault.php';
16
+ public $plug_redirect = 'bvredirect';
17
+ public $logo = '../img/bvlogo.png';
18
+
19
+ public function __construct($settings) {
20
+ $this->settings = $settings;
21
+ }
22
+
23
+ public function getBrandInfo() {
24
+ return $this->settings->getOption($this->brand_option);
25
+ }
26
+
27
+ public function getBrandName() {
28
+ $brand = $this->getBrandInfo();
29
+ if ($brand && array_key_exists('menuname', $brand)) {
30
+ return $brand['menuname'];
31
+ }
32
+ return $this->brandname;
33
+ }
34
+
35
+ public function getMonitTime() {
36
+ $time = $this->settings->getOption('bvmonittime');
37
+ return ($time ? $time : 0);
38
+ }
39
+
40
+ public function appUrl() {
41
+ if (defined('BV_APP_URL')) {
42
+ return BV_APP_URL;
43
+ } else {
44
+ $brand = $this->getBrandInfo();
45
+ if ($brand && array_key_exists('appurl', $brand)) {
46
+ return $brand['appurl'];
47
+ }
48
+ return $this->appurl;
49
+ }
50
+ }
51
+
52
+ public function isActivePlugin() {
53
+ $expiry_time = time() - (3 * 24 * 3600);
54
+ return ($this->getMonitTime() > $expiry_time);
55
+ }
56
+
57
+ public function isProtectModuleEnabled() {
58
+ return ($this->settings->getOption('bvptplug') === $this->plugname) &&
59
+ $this->isActivePlugin();
60
+ }
61
+
62
+ public function isDynSyncModuleEnabled() {
63
+ return ($this->settings->getOption('bvdynplug') === $this->plugname) &&
64
+ $this->isActivePlugin();
65
+ }
66
+ public function isActivateRedirectSet() {
67
+ return ($this->settings->getOption($this->plug_redirect) === 'yes') ? true : false;
68
+ }
69
+
70
+ public function isMalcare() {
71
+ return $this->getBrandName() === 'MalCare - Pro';
72
+ }
73
+
74
+ public function isBlogvault() {
75
+ return $this->getBrandName() === 'BlogVault';
76
+ }
77
+
78
+ public function respInfo() {
79
+ return array(
80
+ "bvversion" => $this->version,
81
+ "sha1" => "true"
82
+ );
83
+ }
84
+ }
85
+ endif;
lp/config.php DELETED
@@ -1,80 +0,0 @@
1
- <?php
2
-
3
- if (!defined('ABSPATH')) exit;
4
- if (!class_exists('BVLPConfig')) :
5
- class BVLPConfig {
6
- public $bvmain;
7
- public static $requests_table = 'lp_requests';
8
-
9
- #mode
10
- const DISABLED = 1;
11
- const AUDIT = 2;
12
- const PROTECT = 3;
13
-
14
- public function __construct($bvmain) {
15
- $this->bvmain = $bvmain;
16
- }
17
-
18
- public function setMode($mode) {
19
- if (!$mode) {
20
- $this->bvmain->info->deleteOption('bvlpmode');
21
- } else {
22
- $this->bvmain->info->updateOption('bvlpmode', intval($mode));
23
- }
24
- }
25
-
26
- public function setCaptchaLimit($count) {
27
- if (!$count) {
28
- $this->bvmain->info->deleteOption('bvlpcaptchaLimit');
29
- } else {
30
- $this->bvmain->info->updateOption('bvlpcaptchaLimit', intval($count));
31
- }
32
- }
33
-
34
- public function setTempBlockLimit($count) {
35
- if (!$count) {
36
- $this->bvmain->info->deleteOption('bvlptempblocklimit');
37
- } else {
38
- $this->bvmain->info->updateOption('bvlptempblocklimit', intval($count));
39
- }
40
- }
41
-
42
- public function setBlockAllLimit($count) {
43
- if (!$count) {
44
- $this->bvmain->info->deleteOption('bvlpblockalllimit');
45
- } else {
46
- $this->bvmain->info->updateOption('bvlpblockalllimit', intval($count));
47
- }
48
- }
49
-
50
- public function getMode() {
51
- $mode = $this->bvmain->info->getOption('bvlpmode');
52
- return intval($mode ? $mode : BVLPConfig::DISABLED);
53
- }
54
-
55
- public function getCaptchaLimit() {
56
- $limit = $this->bvmain->info->getOption('bvlpcaptchalimit');
57
- return ($limit ? $limit : 3);
58
- }
59
-
60
- public function getTempBlockLimit() {
61
- $limit = $this->bvmain->info->getOption('bvlptempblocklimit');
62
- return ($limit ? $limit : 10);
63
- }
64
-
65
- public function getBlockAllLimit() {
66
- $limit = $this->bvmain->info->getOption('bvlpblockAlllimit');
67
- return ($limit ? $limit : 100);
68
- }
69
-
70
- public function clear() {
71
- $this->setMode(false);
72
- $this->setCaptchaLimit(false);
73
- $this->setTempBlockLimit(false);
74
- $this->setBlockAllLimit(false);
75
- $this->bvmain->db->dropBVTable(BVLPConfig::$requests_table);
76
- $this->bvmain->info->deleteOption('bvptplug');
77
- return true;
78
- }
79
- }
80
- endif;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
main.php DELETED
@@ -1,167 +0,0 @@
1
- <?php
2
- if (!defined('ABSPATH')) exit;
3
- if (!class_exists('BVBackup')) :
4
-
5
- require_once dirname( __FILE__ ) . '/main/lib.php';
6
- require_once dirname( __FILE__ ) . '/main/site_info.php';
7
- require_once dirname( __FILE__ ) . '/main/auth.php';
8
- require_once dirname( __FILE__ ) . '/main/db.php';
9
-
10
- class BVBackup {
11
- public $version = '1.881';
12
- public $plugname = 'bvbackup';
13
- public $brandname = 'BlogVault';
14
- public $webpage = 'https://blogvault.net';
15
- public $appurl = 'https://app.blogvault.net';
16
- public $slug = 'blogvault-real-time-backup/blogvault.php';
17
- public $plug_redirect = 'bvredirect';
18
- public $badgeinfo = 'bvbadge';
19
- public $logo = '../img/bvlogo.png';
20
-
21
- public $ip_header_option = 'bvipheader';
22
- public $brand_option = 'bvbrand';
23
-
24
- public $lib;
25
- public $info;
26
- public $auth;
27
- public $db;
28
- function __construct() {
29
- $this->lib = new BVLib();
30
- $this->info = new BVSiteInfo($this->lib);
31
- $this->auth = new BVAuth($this->info);
32
- $this->db = new BVDb();
33
- }
34
-
35
- public function appUrl() {
36
- if (defined('BV_APP_URL')) {
37
- return BV_APP_URL;
38
- } else {
39
- $brand = $this->getBrandInfo();
40
- if ($brand && array_key_exists('appurl', $brand)) {
41
- return $brand['appurl'];
42
- }
43
- return $this->appurl;
44
- }
45
- }
46
-
47
- public function getIPHeader() {
48
- return $this->info->getOption($this->ip_header_option);
49
- }
50
-
51
- public function getBrandName() {
52
- $brand = $this->getBrandInfo();
53
- if ($brand && array_key_exists('menuname', $brand)) {
54
- return $brand['menuname'];
55
- }
56
- return $this->brandname;
57
- }
58
-
59
- public function isMalcare() {
60
- return $this->getBrandName() === 'MalCare - Pro';
61
- }
62
-
63
- public function isBlogvault() {
64
- return $this->getBrandName() === 'BlogVault';
65
- }
66
-
67
- public function getBrandInfo() {
68
- return $this->info->getOption($this->brand_option);
69
- }
70
-
71
- public function authenticatedUrl($method, $apicheck = null, $full = true) {
72
- $_params = $this->auth->newAuthParams($this->version);
73
- if ($apicheck) {
74
- $_params['bvapicheck'] = $apicheck;
75
- }
76
- $qstr = http_build_query($_params);
77
- if (!$full)
78
- return $method."?".$qstr;
79
- return $this->appUrl().$method."?".$qstr;
80
- }
81
-
82
- public function isConfigured() {
83
- return $this->auth->defaultPublic();
84
- }
85
-
86
- public function getMonitTime() {
87
- $time = $this->info->getOption('bvmonittime');
88
- return ($time ? $time : 0);
89
- }
90
-
91
- public function unSetMonitTime() {
92
- return $this->info->deleteOption('bvmonittime');
93
- }
94
-
95
- public function setMonitTime() {
96
- return $this->info->updateOption('bvmonittime', time());
97
- }
98
-
99
- public function isActivePlugin() {
100
- $expiry_time = time() - (3 * 24 * 3600);
101
- return ($this->getMonitTime() > $expiry_time);
102
- }
103
-
104
- public function isProtectModuleEnabled() {
105
- return ($this->info->getOption('bvptplug') === $this->plugname) &&
106
- $this->isActivePlugin();
107
- }
108
-
109
- public function isDynSyncModuleEnabled() {
110
- return ($this->info->getOption('bvdynplug') === $this->plugname) &&
111
- $this->isActivePlugin();
112
- }
113
-
114
- public function pingbv($method) {
115
- $body = array();
116
- $this->info->basic($body);
117
- $body['plug'] = $this->plugname;
118
- $url = $this->authenticatedUrl($method);
119
- $this->lib->http_request($url, $body);
120
- }
121
-
122
- public function setup($rand_secret) {
123
- $this->info->updateOption('bvSecretKey', $rand_secret);
124
- $this->info->updateOption($this->plug_redirect, 'yes');
125
- $this->info->updateOption('bvActivateTime', time());
126
- }
127
-
128
- public function isActivateRedirectSet() {
129
- if ($this->info->getOption($this->plug_redirect) === 'yes') {
130
- $this->info->updateOption($this->plug_redirect, 'no');
131
- return true;
132
- }
133
- return false;
134
- }
135
-
136
- public function activate() {
137
- if (!isset($_REQUEST['blogvaultkey'])) {
138
- ##BVKEYSLOCATE##
139
- }
140
- if ($this->isConfigured()) {
141
- /* This informs the server about the activation */
142
- $this->pingbv('/bvapi/activate');
143
- } else {
144
- $this->setup($this->lib->randString(32));
145
- }
146
- }
147
-
148
- public function footerHandler() {
149
- $bvfooter = $this->info->getOption($this->badgeinfo);
150
- if ($bvfooter) {
151
- echo '<div style="max-width:150px;min-height:70px;margin:0 auto;text-align:center;position:relative;">
152
- <a href='.$bvfooter['badgeurl'].' target="_blank" ><img src="'.plugins_url($bvfooter['badgeimg'], __FILE__).'" alt="'.$bvfooter['badgealt'].'" /></a></div>';
153
- }
154
- }
155
-
156
- public function deactivate() {
157
- $this->pingbv('/bvapi/deactivate');
158
- }
159
-
160
- public static function uninstall() {
161
- do_action('clear_lp_config');
162
- do_action('clear_fw_config');
163
- do_action('clear_ip_store');
164
- do_action('clear_dynsync_config');
165
- }
166
- }
167
- endif;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
main/auth.php DELETED
@@ -1,106 +0,0 @@
1
- <?php
2
-
3
- if (!defined('ABSPATH')) exit;
4
- if (!class_exists('BVAuth')) :
5
-
6
- class BVAuth {
7
- public $info;
8
- function __construct($info) {
9
- $this->info = $info;
10
- }
11
-
12
- public function defaultPublic() {
13
- return $this->info->getOption('bvPublic');
14
- }
15
-
16
- public function defaultSecret() {
17
- return $this->info->getOption('bvSecretKey');
18
- }
19
-
20
- public function allKeys() {
21
- $keys = $this->info->getOption('bvkeys');
22
- if (!is_array($keys)) {
23
- $keys = array();
24
- }
25
- $public = $this->defaultPublic();
26
- $secret = $this->defaultSecret();
27
- if ($public)
28
- $keys[$public] = $secret;
29
- $keys['default'] = $secret;
30
- return $keys;
31
- }
32
-
33
- public function publicParam() {
34
- if (array_key_exists('pubkey', $_REQUEST)) {
35
- return $_REQUEST['pubkey'];
36
- } else {
37
- return $this->defaultPublic();
38
- }
39
- }
40
-
41
- public function secretForPublic($public = false) {
42
- $bvkeys = $this->allKeys();
43
- if ($public && array_key_exists($public, $bvkeys) && isset($bvkeys[$public]))
44
- return $bvkeys[$public];
45
- else
46
- return $this->defaultSecret();
47
- }
48
-
49
- public function addKeys($public, $secret) {
50
- $bvkeys = $this->info->getOption('bvkeys');
51
- if ($bvkeys && is_array($bvkeys))
52
- $bvkeys[$public] = $secret;
53
- else
54
- $bvkeys = array($public => $secret);
55
- $this->info->updateOption('bvkeys', $bvkeys);
56
- }
57
-
58
- public function updateKeys($publickey, $secretkey) {
59
- $this->info->updateOption('bvPublic', $publickey);
60
- $this->info->updateOption('bvSecretKey', $secretkey);
61
- $this->addKeys($publickey, $secretkey);
62
- }
63
-
64
- public function rmKeys($publickey) {
65
- $bvkeys = $this->info->getOption('bvkeys');
66
- if ($bvkeys && is_array($bvkeys)) {
67
- unset($bvkeys[$publickey]);
68
- $this->info->updateOption('bvkeys', $bvkeys);
69
- return true;
70
- }
71
- return false;
72
- }
73
-
74
- public function validate($public, $method, $time, $version, $sig) {
75
- $secret = $this->secretForPublic($public);
76
- if ($time < intval($this->info->getOption('bvLastRecvTime')) - 300) {
77
- return false;
78
- }
79
- if (array_key_exists('sha1', $_REQUEST)) {
80
- $sig_match = sha1($method.$secret.$time.$version);
81
- } else {
82
- $sig_match = md5($method.$secret.$time.$version);
83
- }
84
- if ($sig_match !== $sig) {
85
- return $sig_match;
86
- }
87
- $this->info->updateOption('bvLastRecvTime', $time);
88
- return 1;
89
- }
90
-
91
- public function newAuthParams($version) {
92
- $args = array();
93
- $time = time();
94
- $public = $this->publicParam();
95
- $secret = $this->secretForPublic($public);
96
-
97
- $sig = sha1($public.$secret.$time.$version);
98
- $args['sig'] = $sig;
99
- $args['bvTime'] = $time;
100
- $args['bvPublic'] = $public;
101
- $args['bvVersion'] = $version;
102
- $args['sha1'] = '1';
103
- return $args;
104
- }
105
- }
106
- endif;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
main/lib.php DELETED
@@ -1,44 +0,0 @@
1
- <?php
2
-
3
- if (!defined('ABSPATH')) exit;
4
- if (!class_exists('BVLib')) :
5
-
6
- class BVLib {
7
- public function objectToArray($obj) {
8
- return json_decode(json_encode($obj), true);
9
- }
10
-
11
- public function dbsig($full = false) {
12
- if (defined('DB_USER') && defined('DB_NAME') &&
13
- defined('DB_PASSWORD') && defined('DB_HOST')) {
14
- $sig = sha1(DB_USER.DB_NAME.DB_PASSWORD.DB_HOST);
15
- } else {
16
- $sig = "bvnone".$this->randString(34);
17
- }
18
- if ($full)
19
- return $sig;
20
- else
21
- return substr($sig, 0, 6);
22
- }
23
-
24
- public function randString($length) {
25
- $chars = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
26
-
27
- $str = "";
28
- $size = strlen($chars);
29
- for( $i = 0; $i < $length; $i++ ) {
30
- $str .= $chars[rand(0, $size - 1)];
31
- }
32
- return $str;
33
- }
34
-
35
- public function http_request($url, $body) {
36
- $_body = array(
37
- 'method' => 'POST',
38
- 'timeout' => 15,
39
- 'body' => $body);
40
-
41
- return wp_remote_post($url, $_body);
42
- }
43
- }
44
- endif;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
main/site_info.php DELETED
@@ -1,99 +0,0 @@
1
- <?php
2
-
3
- if (!defined('ABSPATH')) exit;
4
- if (!class_exists('BVSiteInfo')) :
5
-
6
- class BVSiteInfo {
7
- public function getOption($key) {
8
- $res = false;
9
- if (function_exists('get_site_option')) {
10
- $res = get_site_option($key, false);
11
- }
12
- if ($res === false) {
13
- $res = get_option($key, false);
14
- }
15
- return $res;
16
- }
17
-
18
- public function deleteOption($key) {
19
- if (function_exists('delete_site_option')) {
20
- return delete_site_option($key);
21
- } else {
22
- return delete_option($key);
23
- }
24
- }
25
-
26
- public function updateOption($key, $value) {
27
- if (function_exists('update_site_option')) {
28
- return update_site_option($key, $value);
29
- } else {
30
- return update_option($key, $value);
31
- }
32
- }
33
-
34
- public function setTransient($name, $value, $time) {
35
- if (function_exists('set_site_transient')) {
36
- return set_site_transient($name, $value, $time);
37
- }
38
- return false;
39
- }
40
-
41
- public function deleteTransient($name) {
42
- if (function_exists('delete_site_transient')) {
43
- return delete_site_transient($name);
44
- }
45
- return false;
46
- }
47
-
48
- public function getTransient($name) {
49
- if (function_exists('get_site_transient')) {
50
- return get_site_transient($name);
51
- }
52
- return false;
53
- }
54
-
55
- public function wpurl() {
56
- if (function_exists('network_site_url'))
57
- return network_site_url();
58
- else
59
- return get_bloginfo('wpurl');
60
- }
61
-
62
- public function siteurl() {
63
- if (function_exists('site_url')) {
64
- return site_url();
65
- } else {
66
- return get_bloginfo('wpurl');
67
- }
68
- }
69
-
70
- public function homeurl() {
71
- if (function_exists('home_url')) {
72
- return home_url();
73
- } else {
74
- return get_bloginfo('url');
75
- }
76
- }
77
-
78
- public function isMultisite() {
79
- if (function_exists('is_multisite'))
80
- return is_multisite();
81
- return false;
82
- }
83
-
84
- public function isMainSite() {
85
- if (!function_exists('is_main_site' ) || !$this->isMultisite())
86
- return true;
87
- return is_main_site();
88
- }
89
-
90
- public function basic(&$info) {
91
- $info['wpurl'] = $this->wpurl();
92
- $info['siteurl'] = $this->siteurl();
93
- $info['homeurl'] = $this->homeurl();
94
- $info['serverip'] = $_SERVER['SERVER_ADDR'];
95
- $info['abspath'] = ABSPATH;
96
- return $info;
97
- }
98
- }
99
- endif;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
protect.php DELETED
@@ -1,45 +0,0 @@
1
- <?php
2
- if (!defined('ABSPATH')) exit;
3
- if (!class_exists('BVProtect')) :
4
-
5
- require_once dirname( __FILE__ ) . '/logger.php';
6
- require_once dirname( __FILE__ ) . '/fw/fw.php';
7
- require_once dirname( __FILE__ ) . '/lp/lp.php';
8
-
9
- class BVProtect {
10
- public $bvmain;
11
-
12
- function __construct($bvmain) {
13
- $this->bvmain = $bvmain;
14
- }
15
-
16
- public function init() {
17
- $ip = $this->getIP();
18
- $fw = new BVFW($this->bvmain, $ip);
19
- $fw->init();
20
- $lp = new BVLP($this->bvmain, $ip);
21
- $lp->init();
22
- }
23
-
24
- public function getIP() {
25
- $ip = '127.0.0.1';
26
- if (($ipHeader = $this->bvmain->getIPHeader()) && is_array($ipHeader)) {
27
- if (array_key_exists($ipHeader['hdr'], $_SERVER)) {
28
- $_ips = preg_split("/(,| |\t)/", $_SERVER[$ipHeader['hdr']]);
29
- if (array_key_exists(intval($ipHeader['pos']), $_ips)) {
30
- $ip = $_ips[intval($ipHeader['pos'])];
31
- }
32
- }
33
- } else if (array_key_exists('REMOTE_ADDR', $_SERVER)) {
34
- $ip = $_SERVER['REMOTE_ADDR'];
35
- }
36
- $ip = trim($ip);
37
- if (preg_match('/^\[([0-9a-fA-F:]+)\](:[0-9]+)$/', $ip, $matches)) {
38
- $ip = $matches[1];
39
- } elseif (preg_match('/^([0-9.]+)(:[0-9]+)$/', $ip, $matches)) {
40
- $ip = $matches[1];
41
- }
42
- return $ip;
43
- }
44
- }
45
- endif;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
ipstore.php → protect/ipstore.php RENAMED
@@ -4,7 +4,7 @@ if (!class_exists('BVIPStore')) :
4
 
5
  class BVIPStore {
6
 
7
- public $bvmain;
8
  public static $name = 'ip_store';
9
 
10
  #TYPE
@@ -15,8 +15,8 @@ if (!class_exists('BVIPStore')) :
15
  const FW = 3;
16
  const LP = 4;
17
 
18
- function __construct($bvmain) {
19
- $this->bvmain = $bvmain;
20
  }
21
 
22
  function init() {
@@ -24,7 +24,7 @@ if (!class_exists('BVIPStore')) :
24
  }
25
 
26
  public function clearConfig() {
27
- $this->bvmain->db->dropBVTable(BVIPStore::$name);
28
  }
29
 
30
  public function hasIPv6Support() {
@@ -77,7 +77,7 @@ if (!class_exists('BVIPStore')) :
77
  }
78
 
79
  public function checkIPPresent($ip, $type, $category) {
80
- $db = $this->bvmain->db;
81
  $table = $db->getBVTable(BVIPStore::$name);
82
  if ($db->isTablePresent($table)) {
83
  $binIP = $this->bvInetPton($ip);
4
 
5
  class BVIPStore {
6
 
7
+ public $db;
8
  public static $name = 'ip_store';
9
 
10
  #TYPE
15
  const FW = 3;
16
  const LP = 4;
17
 
18
+ function __construct($db) {
19
+ $this->db = $db;
20
  }
21
 
22
  function init() {
24
  }
25
 
26
  public function clearConfig() {
27
+ $this->db->dropBVTable(BVIPStore::$name);
28
  }
29
 
30
  public function hasIPv6Support() {
77
  }
78
 
79
  public function checkIPPresent($ip, $type, $category) {
80
+ $db = $this->db;
81
  $table = $db->getBVTable(BVIPStore::$name);
82
  if ($db->isTablePresent($table)) {
83
  $binIP = $this->bvInetPton($ip);
logger.php → protect/logger.php RENAMED
File without changes
protect/protect.php ADDED
@@ -0,0 +1,58 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ if (!defined('ABSPATH')) exit;
3
+ if (!class_exists('BVProtect')) :
4
+
5
+ require_once dirname( __FILE__ ) . '/logger.php';
6
+ require_once dirname( __FILE__ ) . '/ipstore.php';
7
+ require_once dirname( __FILE__ ) . '/wp_fw/fw.php';
8
+ require_once dirname( __FILE__ ) . '/wp_lp/lp.php';
9
+
10
+ class BVProtect {
11
+ public $db;
12
+ public $settings;
13
+
14
+ function __construct($db, $settings) {
15
+ $this->settings = $settings;
16
+ $this->db = $db;
17
+ }
18
+
19
+ public function init() {
20
+ $bvipstore = new BVIPStore($this->db);
21
+ $bvipstore->init();
22
+ $ip = $this->getIP();
23
+ $fw = new BVWPFW($this->db, $this->settings, $ip, $bvipstore);
24
+ if ($fw->config->isActive()) {
25
+ $fw->init();
26
+ $fw->execute();
27
+ }
28
+ add_action('clear_fw_config', array($fw->config, 'clear'));
29
+ $lp = new BVWPLP($this->db, $this->settings, $ip, $bvipstore);
30
+ if ($lp->isActive()) {
31
+ $lp->init();
32
+ }
33
+ add_action('clear_lp_config', array($lp->config, 'clear'));
34
+ }
35
+
36
+ public function getIP() {
37
+ $ip = '127.0.0.1';
38
+ $bvinfo = new BVInfo($this->settings);
39
+ if (($ipHeader = $this->settings->getOption($bvinfo->ip_header_option)) && is_array($ipHeader)) {
40
+ if (array_key_exists($ipHeader['hdr'], $_SERVER)) {
41
+ $_ips = preg_split("/(,| |\t)/", $_SERVER[$ipHeader['hdr']]);
42
+ if (array_key_exists(intval($ipHeader['pos']), $_ips)) {
43
+ $ip = $_ips[intval($ipHeader['pos'])];
44
+ }
45
+ }
46
+ } else if (array_key_exists('REMOTE_ADDR', $_SERVER)) {
47
+ $ip = $_SERVER['REMOTE_ADDR'];
48
+ }
49
+ $ip = trim($ip);
50
+ if (preg_match('/^\[([0-9a-fA-F:]+)\](:[0-9]+)$/', $ip, $matches)) {
51
+ $ip = $matches[1];
52
+ } elseif (preg_match('/^([0-9.]+)(:[0-9]+)$/', $ip, $matches)) {
53
+ $ip = $matches[1];
54
+ }
55
+ return $ip;
56
+ }
57
+ }
58
+ endif;
protect/wp_fw/config.php ADDED
@@ -0,0 +1,251 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ if (!defined('ABSPATH')) exit;
4
+ if (!class_exists('BVWPFWConfig')) :
5
+ class BVWPFWConfig {
6
+ public $db;
7
+ public $settings;
8
+ public static $requests_table = 'fw_requests';
9
+ public static $allRules = array(108, 112, 114, 115, 132, 133, 145, 146, 155, 156, 165, 167, 168, 169, 171, 172, 173, 174, 175, 176, 177, 178);
10
+ public static $roleLevels = array(
11
+ 'administrator' => BVWPFWConfig::ROLE_LEVEL_ADMIN,
12
+ 'editor' => BVWPFWConfig::ROLE_LEVEL_EDITOR,
13
+ 'author' => BVWPFWConfig::ROLE_LEVEL_AUTHOR,
14
+ 'contributor' => BVWPFWConfig::ROLE_LEVEL_CONTRIBUTOR,
15
+ 'subscriber' => BVWPFWConfig::ROLE_LEVEL_SUBSCRIBER
16
+ );
17
+
18
+ function __construct($db, $settings) {
19
+ $this->db = $db;
20
+ $this->settings = $settings;
21
+ }
22
+
23
+ #mode
24
+ const DISABLED = 1;
25
+ const AUDIT = 2;
26
+ const PROTECT = 3;
27
+
28
+ #Rule Mode
29
+ const DISABLEDRULE = 1;
30
+ const AUDITRULE = 2;
31
+ const PROTECTRULE = 3;
32
+
33
+ #Request Profiling Mode
34
+ const REQ_PROFILING_MODE_DISABLED = 1;
35
+ const REQ_PROFILING_MODE_NORMAL = 2;
36
+ const REQ_PROFILING_MODE_DEBUG = 3;
37
+
38
+ #Cookie Mode
39
+ const COOKIE_MODE_ENABLED = 1;
40
+ const COOKIE_MODE_DISABLED = 2;
41
+
42
+ #Role Level
43
+ const ROLE_LEVEL_SUBSCRIBER = 1;
44
+ const ROLE_LEVEL_CONTRIBUTOR = 2;
45
+ const ROLE_LEVEL_AUTHOR = 3;
46
+ const ROLE_LEVEL_EDITOR = 4;
47
+ const ROLE_LEVEL_ADMIN = 5;
48
+ const ROLE_LEVEL_CUSTOM = 6;
49
+
50
+ public static function isDisabledRule($mode) {
51
+ return ($mode === BVWPFWConfig::DISABLEDRULE);
52
+ }
53
+
54
+ public static function isProtectingRule($mode) {
55
+ return ($mode === BVWPFWConfig::PROTECTRULE);
56
+ }
57
+
58
+ public static function isAuditingRule($mode) {
59
+ return ($mode === BVWPFWConfig::AUDITRULE);
60
+ }
61
+
62
+ public function isActive() {
63
+ return ($this->getMode() !== BVWPFWConfig::DISABLED);
64
+ }
65
+
66
+ public function isProtecting() {
67
+ return ($this->getMode() === BVWPFWConfig::PROTECT);
68
+ }
69
+
70
+ public function isAuditing() {
71
+ return ($this->getMode() === BVWPFWConfig::AUDIT);
72
+ }
73
+
74
+ public function isReqProfilingModeDebug() {
75
+ return ($this->getReqProfilingMode() === BVWPFWConfig::REQ_PROFILING_MODE_DEBUG);
76
+ }
77
+
78
+ public function canProfileReqInfo() {
79
+ return ($this->getReqProfilingMode() !== BVWPFWConfig::REQ_PROFILING_MODE_DISABLED);
80
+ }
81
+
82
+ public function canSetCookie() {
83
+ return ($this->getCookieMode() === BVWPFWConfig::COOKIE_MODE_ENABLED);
84
+ }
85
+
86
+ public function getRules() {
87
+ $rules = array("audit" => array(), "protect" => array());
88
+ $isAudit = false;
89
+ $rulesMode = $this->getRulesMode();
90
+ if (BVWPFWConfig::isDisabledRule($rulesMode)) {
91
+ return $rules;
92
+ }
93
+ $isAudit = ($this->isAuditing() || BVWPFWConfig::isAuditingRule($rulesMode));
94
+ $rulesInfo = array();
95
+ foreach ($this->getAuditRules() as $rule)
96
+ $rulesInfo[$rule] = BVWPFWConfig::AUDITRULE;
97
+ foreach ($this->getDisabledRules() as $rule)
98
+ $rulesInfo[$rule] = BVWPFWConfig::DISABLEDRULE;
99
+ foreach (BVWPFWConfig::$allRules as $rule) {
100
+ if (isset($rulesInfo[$rule])) {
101
+ if (BVWPFWConfig::isAuditingRule($rulesInfo[$rule])) {
102
+ $rules["audit"][$rule] = BVWPFWConfig::AUDITRULE;
103
+ }
104
+ } else {
105
+ if ($isAudit) {
106
+ $rules["audit"][$rule] = BVWPFWConfig::AUDITRULE;
107
+ } else {
108
+ $rules["protect"][$rule] = BVWPFWConfig::PROTECTRULE;
109
+ }
110
+ }
111
+ }
112
+ return $rules;
113
+ }
114
+
115
+ public function setMode($mode) {
116
+ if (!$mode) {
117
+ $this->settings->deleteOption('bvfwmode');
118
+ } else {
119
+ $this->settings->updateOption('bvfwmode', intval($mode));
120
+ }
121
+ }
122
+
123
+ public function setRulesMode($mode) {
124
+ if (!$mode) {
125
+ $this->settings->deleteOption('bvfwrulesmode');
126
+ } else {
127
+ $this->settings->updateOption('bvfwrulesmode', intval($mode));
128
+ }
129
+ }
130
+
131
+ public function setCookieMode($mode) {
132
+ if (!$mode) {
133
+ $this->settings->deleteOption('bvfwcookiemode');
134
+ } else {
135
+ $this->settings->updateOption('bvfwcookiemode', intval($mode));
136
+ }
137
+ }
138
+
139
+ public function setCookieKey($key) {
140
+ if (!$key) {
141
+ $this->settings->deleteOption('bvfwcookiekey');
142
+ } else {
143
+ $this->settings->updateOption('bvfwcookiekey', strval($key));
144
+ }
145
+ }
146
+
147
+ public function setReqProfilingMode($mode) {
148
+ if (!$mode) {
149
+ $this->settings->deleteOption('bvfwreqprofilingmode');
150
+ } else {
151
+ $this->settings->updateOption('bvfwreqprofilingmode', intval($mode));
152
+ }
153
+ }
154
+
155
+ public function setDisabledRules($rules) {
156
+ if (!$rules) {
157
+ $this->settings->deleteOption('bvfwdisabledrules');
158
+ } else {
159
+ $this->settings->updateOption('bvfwdisabledrules', $rules);
160
+ }
161
+ }
162
+
163
+ public function setBypassLevel($level) {
164
+ if (!$level) {
165
+ $this->settings->deleteOption('bvfwbypasslevel');
166
+ } else {
167
+ $this->settings->updateOption('bvfwbypasslevel', $level);
168
+ }
169
+ }
170
+
171
+ public function setCustomRoles($roles) {
172
+ if (!$roles) {
173
+ $this->settings->deleteOption('bvfwcutomroles');
174
+ } else {
175
+ $this->settings->updateOption('bvfwcustomroles', $roles);
176
+ }
177
+ }
178
+
179
+ public function setAuditRules($rules) {
180
+ if (!$rules) {
181
+ $this->settings->deleteOption('bvfwauditrules');
182
+ } else {
183
+ $this->settings->updateOption('bvfwauditrules', $rules);
184
+ }
185
+ }
186
+
187
+ public function getMode() {
188
+ $mode = $this->settings->getOption('bvfwmode');
189
+ return intval($mode ? $mode : BVWPFWConfig::DISABLED);
190
+ }
191
+
192
+ public function getRulesMode() {
193
+ $mode = $this->settings->getOption('bvfwrulesmode');
194
+ return intval($mode ? $mode : BVWPFWConfig::DISABLED);
195
+ }
196
+
197
+ public function getCookieMode() {
198
+ $mode = $this->settings->getOption('bvfwcookiemode');
199
+ return intval($mode ? $mode : BVWPFWConfig::COOKIE_MODE_DISABLED);
200
+ }
201
+
202
+ public function getCookieKey() {
203
+ $key = (string) $this->settings->getOption('bvfwcookiekey');
204
+ if ($key === '') {
205
+ $key = BVAccount::randString(32);
206
+ $this->setCookieKey($key);
207
+ }
208
+ return $key;
209
+ }
210
+
211
+ public function getReqProfilingMode() {
212
+ $mode = $this->settings->getOption('bvfwreqprofilingmode');
213
+ return intval($mode ? $mode : BVWPFWConfig::REQ_PROFILING_MODE_DISABLED);
214
+ }
215
+
216
+ public function getDisabledRules() {
217
+ $rules = $this->settings->getOption('bvfwdisabledrules');
218
+ return ($rules ? $rules : array());
219
+ }
220
+
221
+ public function getAuditRules() {
222
+ $rules = $this->settings->getOption('bvfwauditrules');
223
+ return ($rules ? $rules : array());
224
+ }
225
+
226
+ public function getBypassLevel() {
227
+ $level = $this->settings->getOption('bvfwbypasslevel');
228
+ return intval($level ? $level : BVWPFWConfig::ROLE_LEVEL_CONTRIBUTOR);
229
+ }
230
+
231
+ public function getCustomRoles() {
232
+ $roles = $this->settings->getOption('bvfwcustomroles');
233
+ return ($roles ? $roles : array());
234
+ }
235
+
236
+ public function clear() {
237
+ $this->setMode(false);
238
+ $this->setRulesMode(false);
239
+ $this->setBypassLevel(false);
240
+ $this->setCustomRoles(false);
241
+ $this->setCookieMode(false);
242
+ $this->setCookieKey(false);
243
+ $this->setDisabledRules(false);
244
+ $this->setAuditRules(false);
245
+ $this->setReqProfilingMode(false);
246
+ $this->db->dropBVTable(BVWPFWConfig::$requests_table);
247
+ $this->settings->deleteOption('bvptplug');
248
+ return true;
249
+ }
250
+ }
251
+ endif;
protect/wp_fw/fw.php ADDED
@@ -0,0 +1,597 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ if (!defined('ABSPATH')) exit;
4
+ if (!class_exists('BVWPFW')) :
5
+
6
+ require_once dirname( __FILE__ ) . '/config.php';
7
+ require_once dirname( __FILE__ ) . '/request.php';
8
+
9
+ class BVWPFW {
10
+ public $db;
11
+ public $settings;
12
+ public $request;
13
+ public $config;
14
+ public $ipstore;
15
+ public $category;
16
+ public $logger;
17
+ private $currRuleInfo;
18
+
19
+ const SQLIREGEX = '/(?:[^\\w<]|\\/\\*\\![0-9]*|^)(?:
20
+ @@HOSTNAME|
21
+ ALTER|ANALYZE|ASENSITIVE|
22
+ BEFORE|BENCHMARK|BETWEEN|BIGINT|BINARY|BLOB|
23
+ CALL|CASE|CHANGE|CHAR|CHARACTER|CHAR_LENGTH|COLLATE|COLUMN|CONCAT|CONDITION|CONSTRAINT|CONTINUE|CONVERT|CREATE|CROSS|CURRENT_DATE|CURRENT_TIME|CURRENT_TIMESTAMP|CURRENT_USER|CURSOR|
24
+ DATABASE|DATABASES|DAY_HOUR|DAY_MICROSECOND|DAY_MINUTE|DAY_SECOND|DECIMAL|DECLARE|DEFAULT|DELAYED|DELETE|DESCRIBE|DETERMINISTIC|DISTINCT|DISTINCTROW|DOUBLE|DROP|DUAL|DUMPFILE|
25
+ EACH|ELSE|ELSEIF|ELT|ENCLOSED|ESCAPED|EXISTS|EXIT|EXPLAIN|EXTRACTVALUE|
26
+ FETCH|FLOAT|FLOAT4|FLOAT8|FORCE|FOREIGN|FROM|FULLTEXT|
27
+ GRANT|GROUP|HAVING|HEX|HIGH_PRIORITY|HOUR_MICROSECOND|HOUR_MINUTE|HOUR_SECOND|
28
+ IFNULL|IGNORE|INDEX|INFILE|INNER|INOUT|INSENSITIVE|INSERT|INTERVAL|ISNULL|ITERATE|
29
+ JOIN|KILL|LEADING|LEAVE|LIMIT|LINEAR|LINES|LOAD|LOAD_FILE|LOCALTIME|LOCALTIMESTAMP|LOCK|LONG|LONGBLOB|LONGTEXT|LOOP|LOW_PRIORITY|
30
+ MASTER_SSL_VERIFY_SERVER_CERT|MATCH|MAXVALUE|MEDIUMBLOB|MEDIUMINT|MEDIUMTEXT|MID|MIDDLEINT|MINUTE_MICROSECOND|MINUTE_SECOND|MODIFIES|
31
+ NATURAL|NO_WRITE_TO_BINLOG|NULL|NUMERIC|OPTION|ORD|ORDER|OUTER|OUTFILE|
32
+ PRECISION|PRIMARY|PRIVILEGES|PROCEDURE|PROCESSLIST|PURGE|
33
+ RANGE|READ_WRITE|REGEXP|RELEASE|REPEAT|REQUIRE|RESIGNAL|RESTRICT|RETURN|REVOKE|RLIKE|ROLLBACK|
34
+ SCHEMA|SCHEMAS|SECOND_MICROSECOND|SELECT|SENSITIVE|SEPARATOR|SHOW|SIGNAL|SLEEP|SMALLINT|SPATIAL|SPECIFIC|SQLEXCEPTION|SQLSTATE|SQLWARNING|SQL_BIG_RESULT|SQL_CALC_FOUND_ROWS|SQL_SMALL_RESULT|STARTING|STRAIGHT_JOIN|SUBSTR|
35
+ TABLE|TERMINATED|TINYBLOB|TINYINT|TINYTEXT|TRAILING|TRANSACTION|TRIGGER|
36
+ UNDO|UNHEX|UNION|UNLOCK|UNSIGNED|UPDATE|UPDATEXML|USAGE|USING|UTC_DATE|UTC_TIME|UTC_TIMESTAMP|
37
+ VALUES|VARBINARY|VARCHAR|VARCHARACTER|VARYING|WHEN|WHERE|WHILE|WRITE|YEAR_MONTH|ZEROFILL)(?=[^\\w]|$)/ix';
38
+
39
+ const XSSREGEX = '/(?:
40
+ #tags
41
+ (?:\\<|\\+ADw\\-|\\xC2\\xBC)(script|iframe|svg|object|embed|applet|link|style|meta|\\/\\/|\\?xml\\-stylesheet)(?:[^\\w]|\\xC2\\xBE)|
42
+ #protocols
43
+ (?:^|[^\\w])(?:(?:\\s*(?:&\\#(?:x0*6a|0*106)|j)\\s*(?:&\\#(?:x0*61|0*97)|a)\\s*(?:&\\#(?:x0*76|0*118)|v)\\s*(?:&\\#(?:x0*61|0*97)|a)|\\s*(?:&\\#(?:x0*76|0*118)|v)\\s*(?:&\\#(?:x0*62|0*98)|b)|\\s*(?:&\\#(?:x0*65|0*101)|e)\\s*(?:&\\#(?:x0*63|0*99)|c)\\s*(?:&\\#(?:x0*6d|0*109)|m)\\s*(?:&\\#(?:x0*61|0*97)|a)|\\s*(?:&\\#(?:x0*6c|0*108)|l)\\s*(?:&\\#(?:x0*69|0*105)|i)\\s*(?:&\\#(?:x0*76|0*118)|v)\\s*(?:&\\#(?:x0*65|0*101)|e))\\s*(?:&\\#(?:x0*73|0*115)|s)\\s*(?:&\\#(?:x0*63|0*99)|c)\\s*(?:&\\#(?:x0*72|0*114)|r)\\s*(?:&\\#(?:x0*69|0*105)|i)\\s*(?:&\\#(?:x0*70|0*112)|p)\\s*(?:&\\#(?:x0*74|0*116)|t)|\\s*(?:&\\#(?:x0*6d|0*109)|m)\\s*(?:&\\#(?:x0*68|0*104)|h)\\s*(?:&\\#(?:x0*74|0*116)|t)\\s*(?:&\\#(?:x0*6d|0*109)|m)\\s*(?:&\\#(?:x0*6c|0*108)|l)|\\s*(?:&\\#(?:x0*6d|0*109)|m)\\s*(?:&\\#(?:x0*6f|0*111)|o)\\s*(?:&\\#(?:x0*63|0*99)|c)\\s*(?:&\\#(?:x0*68|0*104)|h)\\s*(?:&\\#(?:x0*61|0*97)|a)|\\s*(?:&\\#(?:x0*64|0*100)|d)\\s*(?:&\\#(?:x0*61|0*97)|a)\\s*(?:&\\#(?:x0*74|0*116)|t)\\s*(?:&\\#(?:x0*61|0*97)|a)(?!(?:&\\#(?:x0*3a|0*58)|\\:)(?:&\\#(?:x0*69|0*105)|i)(?:&\\#(?:x0*6d|0*109)|m)(?:&\\#(?:x0*61|0*97)|a)(?:&\\#(?:x0*67|0*103)|g)(?:&\\#(?:x0*65|0*101)|e)(?:&\\#(?:x0*2f|0*47)|\\/)(?:(?:&\\#(?:x0*70|0*112)|p)(?:&\\#(?:x0*6e|0*110)|n)(?:&\\#(?:x0*67|0*103)|g)|(?:&\\#(?:x0*62|0*98)|b)(?:&\\#(?:x0*6d|0*109)|m)(?:&\\#(?:x0*70|0*112)|p)|(?:&\\#(?:x0*67|0*103)|g)(?:&\\#(?:x0*69|0*105)|i)(?:&\\#(?:x0*66|0*102)|f)|(?:&\\#(?:x0*70|0*112)|p)?(?:&\\#(?:x0*6a|0*106)|j)(?:&\\#(?:x0*70|0*112)|p)(?:&\\#(?:x0*65|0*101)|e)(?:&\\#(?:x0*67|0*103)|g)|(?:&\\#(?:x0*74|0*116)|t)(?:&\\#(?:x0*69|0*105)|i)(?:&\\#(?:x0*66|0*102)|f)(?:&\\#(?:x0*66|0*102)|f)|(?:&\\#(?:x0*73|0*115)|s)(?:&\\#(?:x0*76|0*118)|v)(?:&\\#(?:x0*67|0*103)|g)(?:&\\#(?:x0*2b|0*43)|\\+)(?:&\\#(?:x0*78|0*120)|x)(?:&\\#(?:x0*6d|0*109)|m)(?:&\\#(?:x0*6c|0*108)|l))(?:(?:&\\#(?:x0*3b|0*59)|;)(?:&\\#(?:x0*63|0*99)|c)(?:&\\#(?:x0*68|0*104)|h)(?:&\\#(?:x0*61|0*97)|a)(?:&\\#(?:x0*72|0*114)|r)(?:&\\#(?:x0*73|0*115)|s)(?:&\\#(?:x0*65|0*101)|e)(?:&\\#(?:x0*74|0*116)|t)(?:&\\#(?:x0*3d|0*61)|=)[\\-a-z0-9]+)?(?:(?:&\\#(?:x0*3b|0*59)|;)(?:&\\#(?:x0*62|0*98)|b)(?:&\\#(?:x0*61|0*97)|a)(?:&\\#(?:x0*73|0*115)|s)(?:&\\#(?:x0*65|0*101)|e)(?:&\\#(?:x0*36|0*54)|6)(?:&\\#(?:x0*34|0*52)|4))?(?:&\\#(?:x0*2c|0*44)|,)))\\s*(?:&\\#(?:x0*3a|0*58)|&colon|\\:)|
44
+ #css expression
45
+ (?:^|[^\\w])(?:(?:\\\\0*65|\\\\0*45|e)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*78|\\\\0*58|x)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*70|\\\\0*50|p)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*72|\\\\0*52|r)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*65|\\\\0*45|e)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*73|\\\\0*53|s)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*73|\\\\0*53|s)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*69|\\\\0*49|i)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6f|\\\\0*4f|o)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6e|\\\\0*4e|n))[^\\w]*?(?:\\\\0*28|\\()|
46
+ #css properties
47
+ (?:^|[^\\w])(?:(?:(?:\\\\0*62|\\\\0*42|b)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*65|\\\\0*45|e)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*68|\\\\0*48|h)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*61|\\\\0*41|a)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*76|\\\\0*56|v)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*69|\\\\0*49|i)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6f|\\\\0*4f|o)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*72|\\\\0*52|r)(?:\\/\\*.*?\\*\\/)*)|(?:(?:\\\\0*2d|\\\\0*2d|-)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6d|\\\\0*4d|m)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6f|\\\\0*4f|o)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*7a|\\\\0*5a|z)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*2d|\\\\0*2d|-)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*62|\\\\0*42|b)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*69|\\\\0*49|i)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6e|\\\\0*4e|n)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*64|\\\\0*44|d)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*69|\\\\0*49|i)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6e|\\\\0*4e|n)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*67|\\\\0*47|g)(?:\\/\\*.*?\\*\\/)*))[^\\w]*(?:\\\\0*3a|\\\\0*3a|:)[^\\w]*(?:\\\\0*75|\\\\0*55|u)(?:\\\\0*72|\\\\0*52|r)(?:\\\\0*6c|\\\\0*4c|l)|
48
+ #properties
49
+ (?:^|[^\\w])(?:on(?:abort|activate|afterprint|afterupdate|autocomplete|autocompleteerror|beforeactivate|beforecopy|beforecut|beforedeactivate|beforeeditfocus|beforepaste|beforeprint|beforeunload|beforeupdate|blur|bounce|cancel|canplay|canplaythrough|cellchange|change|click|close|contextmenu|controlselect|copy|cuechange|cut|dataavailable|datasetchanged|datasetcomplete|dblclick|deactivate|drag|dragend|dragenter|dragleave|dragover|dragstart|drop|durationchange|emptied|encrypted|ended|error|errorupdate|filterchange|finish|focus|focusin|focusout|formchange|forminput|hashchange|help|input|invalid|keydown|keypress|keyup|languagechange|layoutcomplete|load|loadeddata|loadedmetadata|loadstart|losecapture|message|mousedown|mouseenter|mouseleave|mousemove|mouseout|mouseover|mouseup|mousewheel|move|moveend|movestart|mozfullscreenchange|mozfullscreenerror|mozpointerlockchange|mozpointerlockerror|offline|online|page|pagehide|pageshow|paste|pause|play|playing|popstate|progress|propertychange|ratechange|readystatechange|reset|resize|resizeend|resizestart|rowenter|rowexit|rowsdelete|rowsinserted|scroll|search|seeked|seeking|select|selectstart|show|stalled|start|storage|submit|suspend|timer|timeupdate|toggle|unload|volumechange|waiting|webkitfullscreenchange|webkitfullscreenerror|wheel)|formaction|data\\-bind|ev:event)[^\\w]
50
+ )/ix';
51
+
52
+ const BYPASS_COOKIE = "bvfw-bypass-cookie";
53
+ const IP_COOKIE = "bvfw-ip-cookie";
54
+
55
+ public function __construct($db, $settings, $ip, $ipstore) {
56
+ $this->db = $db;
57
+ $this->settings = $settings;
58
+ $this->config = new BVWPFWConfig($db, $settings);
59
+ $this->request = new BVWPRequest($ip);
60
+ $this->ipstore = $ipstore;
61
+ $this->logger = new BVLogger($db, BVWPFWConfig::$requests_table);
62
+ }
63
+
64
+ public function init() {
65
+ if ($this->config->canSetCookie()) {
66
+ add_action('init', array($this, 'setBypassCookie'));
67
+ $this->setIPCookie();
68
+ }
69
+ add_filter('status_header', array($this->request, 'captureRespCode'));
70
+ register_shutdown_function(array($this, 'log'));
71
+ }
72
+
73
+ public function setcookie($name, $value, $expire, $path = COOKIEPATH, $domain = COOKIE_DOMAIN) {
74
+ if (version_compare(PHP_VERSION, '5.2.0') >= 0) {
75
+ $secure = function_exists('is_ssl') ? is_ssl() : false;
76
+ @setcookie($name, $value, $expire, $path, $domain, $secure, true);
77
+ } else {
78
+ @setcookie($name, $value, $expire, $path);
79
+ }
80
+ }
81
+
82
+ public function setBypassCookie() {
83
+ if (function_exists('is_user_logged_in') && is_user_logged_in() && !$this->hasValidBypassCookie()) {
84
+ $roleLevel = $this->getCurrentRoleLevel();
85
+ $bypassLevel = $this->config->getBypassLevel();
86
+ if ($roleLevel >= $bypassLevel) {
87
+ $cookie = $this->generateBypassCookie();
88
+ $this->setcookie(BVWPFW::BYPASS_COOKIE, $cookie, time() + 43200);
89
+ }
90
+ }
91
+ }
92
+
93
+ public function generateBypassCookie() {
94
+ $time = floor(time() / 43200);
95
+ $bypassLevel = $this->config->getBypassLevel();
96
+ $cookiekey = $this->config->getCookieKey();
97
+ return sha1($bypassLevel.$time.$cookiekey);
98
+ }
99
+
100
+ public function hasValidBypassCookie() {
101
+ $cookie = (string) $this->request->getCookies(BVWPFW::BYPASS_COOKIE);
102
+ return ($this->config->canSetCookie() && ($cookie === $this->generateBypassCookie()));
103
+ }
104
+
105
+ public function setIPCookie() {
106
+ if (!$this->request->getCookies(BVWPFW::IP_COOKIE)) {
107
+ $ip = $this->request->getIP();
108
+ $cookiekey = $this->config->getCookieKey();
109
+ $time = floor(time() / 3600);
110
+ $cookie = sha1($ip.$time.$cookiekey);
111
+ $this->setcookie(BVWPFW::IP_COOKIE, $cookie, time() + 3600);
112
+ }
113
+ }
114
+
115
+ public function getBVCookies() {
116
+ $cookies = array();
117
+ $cookies[BVWPFW::IP_COOKIE] = (string) $this->request->getCookies(BVWPFW::IP_COOKIE);
118
+ return $cookies;
119
+ }
120
+
121
+ public function getCurrentRoleLevel() {
122
+ if (function_exists('current_user_can')) {
123
+ if (function_exists('is_super_admin') && is_super_admin()) {
124
+ return BVWPFWConfig::ROLE_LEVEL_ADMIN;
125
+ }
126
+ foreach ($this->config->getCustomRoles() as $role) {
127
+ if (current_user_can($role)) {
128
+ return BVWPFWConfig::ROLE_LEVEL_CUSTOM;
129
+ }
130
+ }
131
+ foreach (BVWPFWConfig::$roleLevels as $role => $level) {
132
+ if (current_user_can($role)) {
133
+ return $level;
134
+ }
135
+ }
136
+ }
137
+ return 0;
138
+ }
139
+
140
+ public function log() {
141
+ if ($this->config->canSetCookie()) {
142
+ $canlog = !$this->hasValidBypassCookie();
143
+ } else {
144
+ $canlog = (!function_exists('is_user_logged_in') || !is_user_logged_in());
145
+ }
146
+ if ($canlog) {
147
+ $this->logger->log($this->request->getDataToLog());
148
+ }
149
+ }
150
+
151
+ public function terminateRequest($category = BVWPRequest::NORMAL) {
152
+ $info = new BVInfo($this->settings);
153
+ $this->request->setCategory($category);
154
+ $this->request->setStatus(BVWPRequest::BLOCKED);
155
+ $this->request->setRespCode(403);
156
+ header("Cache-Control: no-cache, no-store, must-revalidate");
157
+ header("Pragma: no-cache");
158
+ header("Expires: 0");
159
+ header('HTTP/1.0 403 Forbidden');
160
+ $brandname = $info->getBrandName();
161
+ die("
162
+ <div style='height: 98vh;'>
163
+ <div style='text-align: center; padding: 10% 0; font-family: Arial, Helvetica, sans-serif;'>
164
+ <div><p><img src=".plugins_url('/../../img/icon.png', __FILE__)."><h2>Firewall</h2><h3>powered by</h3><h2>"
165
+ .$brandname."</h2></p><div>
166
+ <p>Blocked because of Malicious Activities</p>
167
+ </div>
168
+ </div>
169
+ ");
170
+ }
171
+
172
+ public function isBlacklistedIP() {
173
+ return $this->ipstore->checkIPPresent($this->request->getIP(), BVIPStore::BLACKLISTED, BVIPStore::FW);
174
+ }
175
+
176
+ public function isWhitelistedIP() {
177
+ return $this->ipstore->checkIPPresent($this->request->getIP(), BVIPStore::WHITELISTED, BVIPStore::FW);
178
+ }
179
+
180
+ public function canBypassFirewall() {
181
+ if ($this->isWhitelistedIP() || $this->hasValidBypassCookie()) {
182
+ $this->request->setCategory(BVWPRequest::WHITELISTED);
183
+ $this->request->setStatus(BVWPRequest::BYPASSED);
184
+ return true;
185
+ }
186
+ return false;
187
+ }
188
+
189
+ public function execute() {
190
+ if ($this->config->canProfileReqInfo()) {
191
+ $result = array();
192
+ $result += $this->profileRequestInfo($this->request->getBody(),
193
+ $this->config->isReqProfilingModeDebug(), 'BODY_');
194
+ $result += $this->profileRequestInfo($this->request->getQueryString(),
195
+ true, 'GET_');
196
+ $result += $this->profileRequestInfo($this->request->getFiles(),
197
+ true, 'FILES_');
198
+ $result += $this->profileRequestInfo($this->getBVCookies(),
199
+ true, 'COOKIES_');
200
+ if (strpos($this->request->getPath(), 'admin-ajax.php') !== false) {
201
+ $result += array('BODY_ADMIN_AJAX_ACTION' => $this->request->getBody('action'));
202
+ $result += array('GET_ADMIN_AJAX_ACTION' => $this->request->getQueryString('action'));
203
+ }
204
+ if (strpos($this->request->getPath(), 'admin-post.php') !== false) {
205
+ $result += array('BODY_ADMIN_POST_ACTION' => $this->request->getBody('action'));
206
+ $result += array('GET_ADMIN_POST_ACTION' => $this->request->getQueryString('action'));
207
+ }
208
+ $this->request->updateReqInfo($result);
209
+ }
210
+ if (!$this->canBypassFirewall()) {
211
+ $rules = $this->config->getRules();
212
+ $this->matchRules($rules["audit"]);
213
+ if ($this->config->isProtecting()) {
214
+ if ($this->isBlacklistedIP()) {
215
+ $this->terminateRequest(BVWPRequest::BLACKLISTED);
216
+ }
217
+ if ($this->matchRules($rules["protect"], true)) {
218
+ $this->terminateRequest();
219
+ }
220
+ }
221
+ }
222
+ }
223
+
224
+ public function getServerValue($key) {
225
+ if (isset($_SERVER) && array_key_exists($key, $_SERVER)) {
226
+ return $_SERVER[$key];
227
+ }
228
+ return null;
229
+ }
230
+
231
+ public function match($pattern, $subject, $key = NULL) {
232
+ if (is_array($subject)) {
233
+ foreach ($subject as $k => $v) {
234
+ $k = ($key !== NULL) ? $key.'-'.$k : NULL;
235
+ if ($this->match($pattern, $v, $k)) {
236
+ return true;
237
+ }
238
+ }
239
+ } else {
240
+ if (preg_match((string) $pattern, (string) $subject) > 0) {
241
+ if ($key !== NULL) {
242
+ $this->currRuleInfo[$key] = $this->getLength($subject);
243
+ }
244
+ return true;
245
+ }
246
+ }
247
+ return false;
248
+ }
249
+
250
+ public function matchCount($pattern, $subject) {
251
+ $count = 0;
252
+ if (is_array($subject)) {
253
+ foreach ($subject as $val) {
254
+ $count += $this->matchCount($pattern, $val);
255
+ }
256
+ return $count;
257
+ } else {
258
+ $count = preg_match_all((string) $pattern, (string) $subject, $matches);
259
+ return ($count === false ? 0 : $count);
260
+ }
261
+ }
262
+
263
+ public function matchMD5($str, $val) {
264
+ return md5((string) $str) === $val;
265
+ }
266
+
267
+ public function getLength($val) {
268
+ $length = 0;
269
+ if (is_array($val)) {
270
+ foreach ($val as $v) {
271
+ $length += $this->getLength($v);
272
+ }
273
+ return $length;
274
+ } else {
275
+ return strlen((string) $val);
276
+ }
277
+ }
278
+
279
+ public function equals($value, $subject) {
280
+ return $value == $subject;
281
+ }
282
+
283
+ public function notEquals($value, $subject) {
284
+ return $value != $subject;
285
+ }
286
+
287
+ public function profileRequestInfo($params, $debug = false, $prefix = '') {
288
+ $result = array();
289
+ if (is_array($params)) {
290
+ foreach ($params as $key => $value) {
291
+ $currkey = $prefix . $key;
292
+ if (is_array($value)) {
293
+ $result = $result + $this->profileRequestInfo($value, $debug, $currkey . '_');
294
+ } else {
295
+ $result[$currkey] = array();
296
+ $valsize = $this->getLength($value);
297
+ $result[$currkey]["size"] = $valsize;
298
+ if ($debug === true && $valsize < 256) {
299
+ $result[$currkey]["value"] = $value;
300
+ continue;
301
+ }
302
+
303
+ if (preg_match('/^\d+$/', $value)) {
304
+ $result[$currkey]["numeric"] = true;
305
+ } else if (preg_match('/^\w+$/', $value)) {
306
+ $result[$currkey]["regular_word"] = true;
307
+ } else if (preg_match('/^\S+$/', $value)) {
308
+ $result[$currkey]["special_word"] = true;
309
+ } else if (preg_match('/^[\w\s]+$/', $value)) {
310
+ $result[$currkey]["regular_sentence"] = true;
311
+ } else if (preg_match('/^[\w\W]+$/', $value)) {
312
+ $result[$currkey]["special_chars_sentence"] = true;
313
+ }
314
+
315
+ if (preg_match('/^\b((25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.){3}
316
+ (25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\b$/x', $value)) {
317
+ $result[$currkey]["ipv4"] = true;
318
+ } else if (preg_match('/\b((25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.){3}
319
+ (25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\b/x', $value)) {
320
+ $result[$currkey]["embeded_ipv4"] = true;
321
+ } else if (preg_match('/^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|
322
+ ([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|
323
+ ([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}
324
+ (:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|
325
+ ([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|
326
+ :((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|
327
+ ::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3}
328
+ (25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|
329
+ (2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$/x', $value)) {
330
+ $result[$currkey]["ipv6"] = true;
331
+ } else if (preg_match('/(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|
332
+ ([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|
333
+ ([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}
334
+ (:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|
335
+ ([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|
336
+ :((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|
337
+ ::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3}
338
+ (25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|
339
+ (2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))/x', $value)) {
340
+ $result[$currkey]["embeded_ipv6"] = true;
341
+ }
342
+
343
+ if (preg_match('/^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,6}$/', $value)) {
344
+ $result[$currkey]["email"] = true;
345
+ } else if (preg_match('/[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,6}/', $value)) {
346
+ $result[$currkey]["embeded_email"] = true;
347
+ }
348
+
349
+ if (preg_match('/^(http|ftp)s?:\/\/\S+$/i', $value)) {
350
+ $result[$currkey]["link"] = true;
351
+ } else if (preg_match('/(http|ftp)s?:\/\/\S+$/i', $value)) {
352
+ $result[$currkey]["embeded_link"] = true;
353
+ }
354
+
355
+ if (preg_match('/<(html|head|title|base|link|meta|style|picture|source|img|
356
+ iframe|embed|object|param|video|audio|track|map|area|form|label|input|button|
357
+ select|datalist|optgroup|option|textarea|output|progress|meter|fieldset|legend|
358
+ script|noscript|template|slot|canvas)/ix', $value)) {
359
+ $result[$currkey]["embeded_html"] = true;
360
+ }
361
+
362
+ if (preg_match('/\.(jpg|jpeg|png|gif|ico|pdf|doc|docx|ppt|pptx|pps|ppsx|odt|xls|zip|gzip|
363
+ xlsx|psd|mp3|m4a|ogg|wav|mp4|m4v|mov|wmv|avi|mpg|ogv|3gp|3g2|php|html|phtml|js|css)/ix', $value)) {
364
+ $result[$currkey]["file"] = true;
365
+ }
366
+
367
+ if ($this->matchCount(BVWPFW::SQLIREGEX, $value) >= 2) {
368
+ $result[$currkey]["sql"] = true;
369
+ }
370
+ }
371
+ }
372
+ }
373
+ return $result;
374
+ }
375
+
376
+ public function matchRules($rules = array(), $isProtect = false) {
377
+ if (empty($rules)) {
378
+ return false;
379
+ }
380
+ if (isset($rules[108])) {
381
+ $this->currRuleInfo = array();
382
+ if ($this->match(BVWPFW::XSSREGEX, $this->request->getQueryString(), "GET")) {
383
+ $this->request->updateRulesInfo(108, $this->currRuleInfo);
384
+ if ($isProtect) return true;
385
+ }
386
+ }
387
+ if (isset($rules[112])) {
388
+ $this->currRuleInfo = array();
389
+ if ($this->match('/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/', $this->request->getPath()) &&
390
+ (($this->equals('revslider_show_image', $this->request->getQueryString('action')) && $this->match('/\\.php$/i', $this->request->getQueryString('img'), "img")) or
391
+ ($this->equals('revslider_show_image', $this->request->getBody('action')) && $this->match('/\\.php$/i', $this->request->getQueryString('img'), "img")))) {
392
+ $this->request->updateRulesInfo(112, $this->currRuleInfo);
393
+ if ($isProtect) return true;
394
+ }
395
+ }
396
+ if (isset($rules[114])) {
397
+ $this->currRuleInfo = array();
398
+ if ($this->match('/<\\!(?:DOCTYPE|ENTITY)\\s+(?:%\\s*)?\\w+\\s+SYSTEM/i', $this->request->getBody(), "BODY") or
399
+ $this->match('/<\\!(?:DOCTYPE|ENTITY)\\s+(?:%\\s*)?\\w+\\s+SYSTEM/i', $this->request->getQueryString(), "GET")) {
400
+ $this->request->updateRulesInfo(114, $this->currRuleInfo);
401
+ if ($isProtect) return true;
402
+ }
403
+ }
404
+ if (isset($rules[115])) {
405
+ $this->currRuleInfo = array();
406
+ if ($this->match('#/wp\\-admin/admin\\-ajax\\.php$#i', $this->getServerValue('SCRIPT_FILENAME')) &&
407
+ ($this->equals('update-plugin', $this->request->getBody('action')) or $this->equals('update-plugin', $this->request->getQueryString('action'))) && ($this->match('/(^|\\/|\\\\|%2f|%5c)\\.\\.(\\\\|\\/|%2f|%5c)/i', $this->request->getBody(), "BODY") or
408
+ ($this->match('/(^|\\/|\\\\|%2f|%5c)\\.\\.(\\\\|\\/|%2f|%5c)/i', $this->request->getQueryString(), "GET")))) {
409
+ $this->request->updateRulesInfo(115, $this->currRuleInfo);
410
+ if ($isProtect) return true;
411
+ }
412
+ }
413
+ if (isset($rules[132])) {
414
+ $this->currRuleInfo = array();
415
+ if (($this->equals('Y', $this->request->getBody('kentopvc_hidden'))) &&
416
+ ((!$this->match('/^1?$/', $this->request->getBody('kento_pvc_hide'), "kento_pvc_hide")) or
417
+ (!$this->match('/^1?$/', $this->request->getBody('kento_pvc_uniq'), "kento_pvc_uniq")) or
418
+ (!$this->match('/^1?$/', $this->request->getBody('kento_pvc_posttype'), "kento_pvc_posttype")) or
419
+ ($this->match(BVWPFW::XSSREGEX, $this->request->getBody('kento_pvc_today_text'), "kento_pvc_today_text")) or
420
+ ($this->match(BVWPFW::XSSREGEX, $this->request->getBody('kento_pvc_total_text'), "kento_pvc_total_text")) or
421
+ ($this->match(BVWPFW::XSSREGEX, $this->request->getBody('kento_pvc_numbers_lang'), "kento_pvc_numbers_lang")))) {
422
+ $this->request->updateRulesInfo(132, $this->currRuleInfo);
423
+ if ($isProtect) return true;
424
+ }
425
+ }
426
+ if (isset($rules[133])) {
427
+ $this->currRuleInfo = array();
428
+ if ((($this->match('#/wp\\-mobile\\-detector[/]+resize\\.php#i', $this->request->getPath())) or
429
+ ($this->match('#/wp\\-mobile\\-detector[/]+timthumb\\.php#i', $this->request->getPath()))) &&
430
+ ((($this->getLength($this->request->getBody('src')) > 0) &&
431
+ (!$this->match('/\\.(?:png|gif|jpg|jpeg|jif|jfif|svg)$/i', $this->request->getBody('src'), "src"))) or
432
+ (($this->getLength($this->request->getQueryString('src'))) &&
433
+ (!$this->match('/\\.(?:png|gif|jpg|jpeg|jif|jfif|svg)$/i', $this->request->getQueryString('src'), "src"))))) {
434
+ $this->request->updateRulesInfo(133, $this->currRuleInfo);
435
+ if ($isProtect) return true;
436
+ }
437
+ }
438
+ if (isset($rules[145])) {
439
+ $this->currRuleInfo = array();
440
+ if ((($this->match('/Abonti|aggregator|AhrefsBot|asterias|BDCbot|BLEXBot|BuiltBotTough|Bullseye|BunnySlippers|ca\\-crawler|CCBot|Cegbfeieh|CheeseBot|CherryPicker|CopyRightCheck|cosmos|Crescent|discobot|DittoSpyder|DotBot|Download Ninja|EasouSpider|EmailCollector|EmailSiphon|EmailWolf|EroCrawler|Exabot|ExtractorPro|Fasterfox|FeedBooster|Foobot|Genieo|grub\\-client|Harvest|hloader|httplib|HTTrack|humanlinks|ieautodiscovery|InfoNaviRobot|IstellaBot|Java\\/1\\.|JennyBot|k2spider|Kenjin Spider|Keyword Density\\/0\\.9|larbin|LexiBot|libWeb|libwww|LinkextractorPro|linko|LinkScan\\/8\\.1a Unix|LinkWalker|LNSpiderguy|lwp\\-trivial|magpie|Mata Hari|MaxPointCrawler|MegaIndex|Microsoft URL Control|MIIxpc|Mippin|Missigua Locator|Mister PiX|MJ12bot|moget|MSIECrawler|NetAnts|NICErsPRO|Niki\\-Bot|NPBot|Nutch|Offline Explorer|Openfind|panscient\\.com|PHP\\/5\\.\\{|ProPowerBot\\/2\\.14|ProWebWalker|Python\\-urllib|QueryN Metasearch|RepoMonkey|RMA|SemrushBot|SeznamBot|SISTRIX|sitecheck\\.Internetseer\\.com|SiteSnagger|SnapPreviewBot|Sogou|SpankBot|spanner|spbot|Spinn3r|suzuran|Szukacz\\/1\\.4|Teleport|Telesoft|The Intraformant|TheNomad|TightTwatBot|Titan|toCrawl\\/UrlDispatcher|True_Robot|turingos|TurnitinBot|UbiCrawler|UnisterBot|URLy Warning|VCI|WBSearchBot|Web Downloader\\/6\\.9|Web Image Collector|WebAuto|WebBandit|WebCopier|WebEnhancer|WebmasterWorldForumBot|WebReaper|WebSauger|Website Quester|Webster Pro|WebStripper|WebZip|Wotbox|wsr\\-agent|WWW\\-Collector\\-E|Xenu|Zao|Zeus|ZyBORG|coccoc|Incutio|lmspider|memoryBot|SemrushBot|serf|Unknown|uptime files/i', $this->request->getHeader('User-Agent'), "User-Agent")) &&
441
+ ($this->match(BVWPFW::XSSREGEX, $this->request->getHeader('User-Agent'), "User-Agent"))) or
442
+ (($this->match('/semalt\\.com|kambasoft\\.com|savetubevideo\\.com|buttons\\-for\\-website\\.com|sharebutton\\.net|soundfrost\\.org|srecorder\\.com|softomix\\.com|softomix\\.net|myprintscreen\\.com|joinandplay\\.me|fbfreegifts\\.com|openmediasoft\\.com|zazagames\\.org|extener\\.org|openfrost\\.com|openfrost\\.net|googlsucks\\.com|best\\-seo\\-offer\\.com|buttons\\-for\\-your\\-website\\.com|www\\.Get\\-Free\\-Traffic\\-Now\\.com|best\\-seo\\-solution\\.com|buy\\-cheap\\-online\\.info|site3\\.free\\-share\\-buttons\\.com|webmaster\\-traffic\\.co/i', $this->request->getHeader('Referer'), "Referer")) &&
443
+ ($this->match(BVWPFW::XSSREGEX, $this->request->getHeader('User-Agent'), "User-Agent")))) {
444
+ $this->request->updateRulesInfo(145, $this->currRuleInfo);
445
+ if ($isProtect) return true;
446
+ }
447
+ }
448
+ if (isset($rules[146])) {
449
+ $this->currRuleInfo = array();
450
+ if ($this->match('/sitemap_.*?<.*?(:?_\\d+)?\\.xml(:?\\.gz)?/i', $this->request->getPath())) {
451
+ $this->request->updateRulesInfo(146, $this->currRuleInfo);
452
+ if ($isProtect) return true;
453
+ }
454
+ }
455
+ if (isset($rules[155])) {
456
+ $this->currRuleInfo = array();
457
+ if (($this->match(BVWPFW::XSSREGEX, $this->request->getHeader('Client-IP'), "Client-IP")) or
458
+ ($this->match(BVWPFW::XSSREGEX, $this->request->getHeader('X-Forwarded'), "X-Forwarded")) or
459
+ ($this->match(BVWPFW::XSSREGEX, $this->request->getHeader('X-Cluster-Client-IP'), "X-Cluster-Client-IP")) or
460
+ ($this->match(BVWPFW::XSSREGEX, $this->request->getHeader('Forwarded-For'), "Forwarded-For")) or
461
+ ($this->match(BVWPFW::XSSREGEX, $this->request->getHeader('Forwarded'), "Forwarded"))) {
462
+ $this->request->updateRulesInfo(155, $this->currRuleInfo);
463
+ if ($isProtect) return true;
464
+ }
465
+ }
466
+ if (isset($rules[156])) {
467
+ $this->currRuleInfo = array();
468
+ if ($this->match('#/wp\\-admin/admin\\-ajax\\.php$#i', $this->getServerValue('SCRIPT_FILENAME')) and
469
+ (($this->match(BVWPFW::SQLIREGEX, $this->request->getBody('umm_user'), "umm_user")) or
470
+ ($this->match(BVWPFW::SQLIREGEX, $this->request->getQueryString('umm_user'), "umm_user")))) {
471
+ $this->request->updateRulesInfo(156, $this->currRuleInfo);
472
+ if ($isProtect) return true;
473
+ }
474
+ }
475
+ if (isset($rules[165])) {
476
+ $this->currRuleInfo = array();
477
+ if ($this->match('/O:\\d+:"(?!stdClass")[^"]+":/', $this->request->getCookies('ecwid_oauth_state'), "ecwid_oauth_state")) {
478
+ $this->request->updateRulesInfo(165, $this->currRuleInfo);
479
+ if ($isProtect) return true;
480
+ }
481
+ }
482
+ if (isset($rules[167])) {
483
+ $this->currRuleInfo = array();
484
+ if ((!$this->match('/\\.(jpe?g|png|mpeg|mov|flv|pdf|docx?|txt|csv|avi|mp3|wma|wav)($|\\.)/i', $this->request->getFileNames())) &&
485
+ ($this->getLength($this->request->getBody('save_bepro_listing')) > 0)) {
486
+ $this->request->updateRulesInfo(167, $this->currRuleInfo);
487
+ if ($isProtect) return true;
488
+ }
489
+ }
490
+ if (isset($rules[168])) {
491
+ $this->currRuleInfo = array();
492
+ if (($this->match('#/wp\\-admin/admin\\-ajax\\.php$#i', $this->getServerValue('SCRIPT_FILENAME'))) &&
493
+ ($this->equals('master-slider', $this->request->getQueryString('page'))) &&
494
+ ($this->getLength($this->request->getBody('page')) > 0) &&
495
+ ($this->notEquals('master-slider', $this->request->getBody('page')))) {
496
+ $this->request->updateRulesInfo(168, $this->currRuleInfo);
497
+ if ($isProtect) return true;
498
+ }
499
+ }
500
+ if (isset($rules[169])) {
501
+ $this->currRuleInfo = array();
502
+ if (($this->equals('fancybox-for-wordpress', $this->request->getQueryString('page'))) &&
503
+ ($this->match(BVWPFW::XSSREGEX, $this->request->getBody('mfbfw'), "mfbfw"))) {
504
+ $this->request->updateRulesInfo(169, $this->currRuleInfo);
505
+ if ($isProtect) return true;
506
+ }
507
+ }
508
+ if (isset($rules[171])) {
509
+ $this->currRuleInfo = array();
510
+ if ((($this->match('#wp-json/wp/v\\d+/posts/#i', $this->request->getPath())) or
511
+ ($this->match('#/wp/v\\d+/posts/#i', $this->request->getQueryString('rest_route'), "rest_route"))) &&
512
+ ($this->match('/[^0-9]/', $this->request->getQueryString('id'), "id"))) {
513
+ $this->request->updateRulesInfo(171, $this->currRuleInfo);
514
+ if ($isProtect) return true;
515
+ }
516
+ }
517
+ if (isset($rules[172])) {
518
+ $this->currRuleInfo = array();
519
+ $pattern = '`\b(?i:(?:conf(?:ig(?:ur(?:e|ation)|\.inc|_global)?)?)|settings?(?:\.?inc)?)\.php$`';
520
+ if ((($this->match($pattern, $this->getServerValue('SCRIPT_FILENAME'), "SCRIPT_FILENAME")) or
521
+ ($this->match($pattern, $this->request->getQueryString(), "GET")))) {
522
+ $this->request->updateRulesInfo(172, $this->currRuleInfo);
523
+ if ($isProtect) return true;
524
+ }
525
+ }
526
+ if (isset($rules[173])) {
527
+ $this->currRuleInfo = array();
528
+ $pattern = '`(?:\.{2}[\/]+)`';
529
+ if ((($this->match($pattern, $this->request->getBody(), "BODY")) or
530
+ ($this->match($pattern, $this->request->getQueryString(), "GET")) or
531
+ ($this->match($pattern, $this->request->getCookies(), "COOKIE")) or
532
+ ($this->match($pattern, $this->request->getHeader('User-Agent'), "HEADER")))) {
533
+ $this->request->updateRulesInfo(173, $this->currRuleInfo);
534
+ if ($isProtect) return true;
535
+ }
536
+ }
537
+ if (isset($rules[174])) {
538
+ $this->currRuleInfo = array();
539
+ $pattern = '`\\b(?:\\$?_(COOKIE|ENV|FILES|(?:GE|POS|REQUES)T|SE(RVER|SSION))|HTTP_(?:(?:POST|GET)_VARS|RAW_POST_DATA)|GLOBALS)\\s*[=\\[)]|\\W\\$\\{\\s*[\'"]\\w+[\'"]`';
540
+ if ((($this->match($pattern, $this->request->getBody(), "BODY")) or
541
+ ($this->match($pattern, $this->request->getQueryString(), "GET")) or
542
+ ($this->match($pattern, $this->request->getCookies(), "COOKIE")) or
543
+ ($this->match($pattern, $this->request->getHeader('User-Agent'), "User-Agent")) or
544
+ ($this->match($pattern, $this->request->getHeader('Referer'), "Referer")) or
545
+ ($this->match($pattern, $this->getServerValue('PATH_INFO'), "PATH_INFO")))) {
546
+ $this->request->updateRulesInfo(174, $this->currRuleInfo);
547
+ if ($isProtect) return true;
548
+ }
549
+ }
550
+ if (isset($rules[175])) {
551
+ $this->currRuleInfo = array();
552
+ $pattern = '`\\b(?i:eval)\\s*\\(\\s*(?i:base64_decode|exec|file_get_contents|gzinflate|passthru|shell_exec|stripslashes|system)\\s*\\(`';
553
+ if ((($this->match($pattern, $this->request->getBody(), "BODY")) or
554
+ ($this->match($pattern, $this->request->getQueryString(), "GET")) or
555
+ ($this->match($pattern, $this->request->getCookies(), "COOKIE")) or
556
+ ($this->match($pattern, $this->request->getHeader('User-Agent'), "User-Agent")))) {
557
+ $this->request->updateRulesInfo(175, $this->currRuleInfo);
558
+ if ($isProtect) return true;
559
+ }
560
+ }
561
+ if (isset($rules[176])) {
562
+ $this->currRuleInfo = array();
563
+ $pattern = '`(?:<\\?(?![Xx][Mm][Ll]).*?(?:\\$_?(?:COOKIE|ENV|FILES|GLOBALS|(?:GE|POS|REQUES)T|SE(RVER|SSION))\\s*[=\\[)]|\\b(?i:array_map|assert|base64_(?:de|en)code|curl_exec|eval|(?:ex|im)plode|file(?:_get_contents)?|fsockopen|function_exists|gzinflate|move_uploaded_file|passthru|[ep]reg_replace|phpinfo|stripslashes|strrev|substr|system|(?:shell_)?exec)\\s*(?:/\\*.+?\\*/\\s*)?\\())|#!/(?:usr|bin)/.+?\\s|\\W\\$\\{\\s*[\'"]\\w+[\'"]`';
564
+ if ((($this->match($pattern, $this->request->getBody(), "BODY")) or
565
+ ($this->match($pattern, $this->request->getQueryString(), "GET")) or
566
+ ($this->match($pattern, $this->request->getCookies(), "COOKIE")) or
567
+ ($this->match($pattern, $this->request->getHeader('User-Agent'), "User-Agent")))) {
568
+ $this->request->updateRulesInfo(176, $this->currRuleInfo);
569
+ if ($isProtect) return true;
570
+ }
571
+ }
572
+ if (isset($rules[177])) {
573
+ $this->currRuleInfo = array();
574
+ if ((($this->matchCount(BVWPFW::SQLIREGEX, $this->request->getBody()) > 2) or
575
+ ($this->matchCount(BVWPFW::SQLIREGEX, $this->request->getQueryString()) > 2) or
576
+ ($this->matchCount(BVWPFW::SQLIREGEX, $this->request->getCookies()) > 2) or
577
+ ($this->matchCount(BVWPFW::SQLIREGEX, $this->request->getHeader('User-Agent')) > 2))) {
578
+ $this->request->updateRulesInfo(177, $this->currRuleInfo);
579
+ if ($isProtect) return true;
580
+ }
581
+ }
582
+ if (isset($rules[178])) {
583
+ $this->currRuleInfo = array();
584
+ $pattern = '`(?: \\W(?:background(-image)?|-moz-binding)\\s*:[^}]*?\\burl\\s*\\([^)]+?(https?:)?//\\w|<(?i:applet|div|embed|form|i?frame(?:set)?|i(?:mg|sindex)|link|m(?:eta|arquee)|object|script|textarea)\\b.*=.*?>|\\bdocument\\s*\\.\\s*(?:body|cookie|domain|location|open|write(?:ln)?)\\b|\\blocation\\s*\\.\\s*(?:href|replace)\\b|\\bwindow\\s*\\.\\s*(?:open|location)\\b|\\b(?:alert|confirm|eval|expression|prompt|set(?:Timeout|Interval)|String\\s*\\.\\s*fromCharCode|\\.\\s*substr)\\b\\s*\\(.*?\\)|(?i)<\\s*s\\s*t\\s*y\\s*l\\s*e\\b.*?>.*?<\\s*/\\s*s\\s*t\\s*y\\s*l\\s*e\\b.*?>|(?i)<[a-z].+?\\bon[a-z]{3,29}\\b\\s*=.{5}|(?i)<.+?\\bon[a-z]{3,29}\\b\\s*=\\s*[\'"](?!\\s*return false\\b).*?[\'"].+?>|(?i)<\\s*s\\s*c\\s*r\\s*i\\s*p\\s*t\\b.*?>.*?<\\s*/\\s*s\\s*c\\s*r\\s*i\\s*p\\s*t.*?>|<.+?(?i)\\b(?:href|(?:form)?action|background|code|data|location|name|poster|src|value)\\s*=\\s*[\'"]?(?:(?:f|ht)tps?:)?//\\w+\\.\\w|\\batob\\s*(?:[\'"\\x60]\\s*\\]\\s*)?\\(\\s*([\'"\\x60])[a-zA-Z0-9/+=]+\\1\\s*\\)|<.+?(?i)[a-z]+\\s*=.*?(?:java|vb)script:.+?> |<x:script\\b.*?>.*?</x:script.*?>|\\+A(?:Dw|ACIAPgA8)-.+?\\+AD4(?:APAAi)?-|[{}+[\\]\\s]\\+\\s*\\[\\s*]\\s*\\)\\s*\\[[{!}+[\\]\\s]|(?i)<[a-z]+/[a-z]+.+?=.+?>|\\[\\s*\\]\\s*\\[\\s*[\'"\\x60]filter[\'"\\x60]\\s*\\]\\s*\\[\\s*[\'"\\x60]constructor[\'"\\x60]\\s*\\]\\s*\\(\\s*|\\b(?:document|window|this)\\s*\\[.+?\\]\\s*[\\[(]|(?:(?:\\b(?:self|this|top|window)\\s*\\[.+?\\]|\\(\\s*(?:alert|confirm|eval|expression|prompt)\\s*\\)|\\[.*?\\]\\s*\\.\\s*find)|(?:\\.\\s*(?:re(?:ject|place)|constructor)))\\s*\\(.*?\\)|\\b(\\w+)\\s*=\\s*(?:alert|confirm|eval|expression|prompt)\\s*[;,]\\1\\s*\\(.*?\\))`';
585
+ if ((($this->match($pattern, $this->request->getBody(), "BODY")) or
586
+ ($this->match($pattern, $this->request->getQueryString(), "GET")) or
587
+ ($this->match($pattern, $this->request->getCookies(), "COOKIE")) or
588
+ ($this->match($pattern, $this->request->getHeader('User-Agent'), "User-Agent")) or
589
+ ($this->match($pattern, $this->request->getHeader('Referer'), "Referer")))) {
590
+ $this->request->updateRulesInfo(178, $this->currRuleInfo);
591
+ if ($isProtect) return true;
592
+ }
593
+ }
594
+ return false;
595
+ }
596
+ }
597
+ endif;
{fw → protect/wp_fw}/request.php RENAMED
@@ -1,8 +1,8 @@
1
  <?php
2
 
3
  if (!defined('ABSPATH')) exit;
4
- if (!class_exists('BVRequest')) :
5
- class BVRequest {
6
  private $fileNames;
7
  private $files;
8
  private $headers;
@@ -17,6 +17,8 @@ class BVRequest {
17
  private $cookies;
18
  private $respcode;
19
  private $status;
 
 
20
 
21
  #status
22
  const ALLOWED = 1;
@@ -35,17 +37,19 @@ class BVRequest {
35
  $method = '';
36
  $path = '';
37
  $this->ip = $ip;
38
- $this->setRespCode(200);
39
- $this->setCategory(BVRequest::NORMAL);
40
- $this->setStatus(BVRequest::ALLOWED);
 
 
41
  $this->setTimestamp(time());
42
- $this->setQueryString(BVRequest::removeMagicQuotes($_GET));
43
- $this->setCookies(BVRequest::removeMagicQuotes($_COOKIE));
44
- $this->setBody(BVRequest::removeMagicQuotes($_POST));
45
- $this->setFiles(BVRequest::removeMagicQuotes($_FILES));
46
  if (!empty($_FILES)) {
47
  foreach ($_FILES as $input => $file) {
48
- $fileNames[$input] = BVRequest::removeMagicQuotes($file['name']);
49
  }
50
  }
51
  $this->setFileNames($fileNames);
@@ -56,30 +60,30 @@ class BVRequest {
56
  $header = str_replace(array(' ', '_'), array('', ' '), $header);
57
  $header = ucwords(strtolower($header));
58
  $header = str_replace(' ', '-', $header);
59
- $headers[$header] = BVRequest::removeMagicQuotes($value);
60
  }
61
  }
62
  if (array_key_exists('CONTENT_TYPE', $_SERVER)) {
63
- $headers['Content-Type'] = BVRequest::removeMagicQuotes($_SERVER['CONTENT_TYPE']);
64
  }
65
  if (array_key_exists('CONTENT_LENGTH', $_SERVER)) {
66
- $headers['Content-Length'] = BVRequest::removeMagicQuotes($_SERVER['CONTENT_LENGTH']);
67
  }
68
  if (array_key_exists('REFERER', $_SERVER)) {
69
- $headers['Referer'] = BVRequest::removeMagicQuotes($_SERVER['REFERER']);
70
  }
71
  if (array_key_exists('HTTP_USER_AGENT', $_SERVER)) {
72
- $headers['User-Agent'] = BVRequest::removeMagicQuotes($_SERVER['HTTP_USER_AGENT']);
73
  }
74
 
75
  if (array_key_exists('Host', $headers)) {
76
  $host = $headers['Host'];
77
  } else if (array_key_exists('SERVER_NAME', $_SERVER)) {
78
- $host = BVRequest::removeMagicQuotes($_SERVER['SERVER_NAME']);
79
  }
80
 
81
- $method = array_key_exists('REQUEST_METHOD', $_SERVER) ? BVRequest::removeMagicQuotes($_SERVER['REQUEST_METHOD']) : 'GET';
82
- $uri = array_key_exists('REQUEST_URI', $_SERVER) ? BVRequest::removeMagicQuotes($_SERVER['REQUEST_URI']) : '';
83
  $_uri = parse_url($uri);
84
  $path = (is_array($_uri) && array_key_exists('path', $_uri)) ? $_uri['path'] : $uri;
85
  }
@@ -89,7 +93,7 @@ class BVRequest {
89
  $this->setUri($uri);
90
  $this->setPath($path);
91
  }
92
-
93
  public function setStatus($status) {
94
  $this->status = $status;
95
  }
@@ -149,7 +153,25 @@ class BVRequest {
149
  public function setUri($uri) {
150
  $this->uri = $uri;
151
  }
 
 
 
 
152
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
153
  public function getStatus() {
154
  return $this->status;
155
  }
@@ -166,10 +188,16 @@ class BVRequest {
166
  }
167
 
168
  public function getDataToLog() {
169
- $querystr = maybe_serialize($this->getQueryString());
170
- $querystr = (strlen($querystr) > 512) ? maybe_serialize(array("bv_over_size" => true)) : $querystr;
171
  $referer = $this->getHeader('Referer') ? $this->getHeader('Referer') : '';
172
  $user_agent = $this->getHeader('User-Agent') ? $this->getHeader('User-Agent') : '';
 
 
 
 
 
 
 
 
173
  $data = array(
174
  "path" => $this->getPath(),
175
  "filenames" => maybe_serialize($this->getFileNames()),
@@ -177,12 +205,13 @@ class BVRequest {
177
  "time" => $this->getTimeStamp(),
178
  "ip" => $this->getIP(),
179
  "method" => $this->getMethod(),
180
- "query_string" => $querystr,
181
  "user_agent" => $user_agent,
182
  "resp_code" => $this->getRespCode(),
183
  "referer" => $referer,
184
  "status" => $this->getStatus(),
185
- "category" => $this->getCategory()
 
186
  );
187
  return $data;
188
  }
@@ -278,7 +307,7 @@ class BVRequest {
278
 
279
  public static function removeMagicQuotes($value) {
280
  if (function_exists("get_magic_quotes_gpc") && get_magic_quotes_gpc()) {
281
- return BVRequest::removeSlashesRecursively($value);
282
  }
283
  return $value;
284
  }
1
  <?php
2
 
3
  if (!defined('ABSPATH')) exit;
4
+ if (!class_exists('BVWPRequest')) :
5
+ class BVWPRequest {
6
  private $fileNames;
7
  private $files;
8
  private $headers;
17
  private $cookies;
18
  private $respcode;
19
  private $status;
20
+ private $rulesInfo;
21
+ private $reqInfo;
22
 
23
  #status
24
  const ALLOWED = 1;
37
  $method = '';
38
  $path = '';
39
  $this->ip = $ip;
40
+ $this->rulesInfo = array();
41
+ $this->reqInfo = array();
42
+ $this->setRespCode(0);
43
+ $this->setCategory(BVWPRequest::NORMAL);
44
+ $this->setStatus(BVWpRequest::ALLOWED);
45
  $this->setTimestamp(time());
46
+ $this->setQueryString(BVWPRequest::removeMagicQuotes($_GET));
47
+ $this->setCookies(BVWPRequest::removeMagicQuotes($_COOKIE));
48
+ $this->setBody(BVWPRequest::removeMagicQuotes($_POST));
49
+ $this->setFiles(BVWPRequest::removeMagicQuotes($_FILES));
50
  if (!empty($_FILES)) {
51
  foreach ($_FILES as $input => $file) {
52
+ $fileNames[$input] = BVWPRequest::removeMagicQuotes($file['name']);
53
  }
54
  }
55
  $this->setFileNames($fileNames);
60
  $header = str_replace(array(' ', '_'), array('', ' '), $header);
61
  $header = ucwords(strtolower($header));
62
  $header = str_replace(' ', '-', $header);
63
+ $headers[$header] = BVWPRequest::removeMagicQuotes($value);
64
  }
65
  }
66
  if (array_key_exists('CONTENT_TYPE', $_SERVER)) {
67
+ $headers['Content-Type'] = BVWPRequest::removeMagicQuotes($_SERVER['CONTENT_TYPE']);
68
  }
69
  if (array_key_exists('CONTENT_LENGTH', $_SERVER)) {
70
+ $headers['Content-Length'] = BVWPRequest::removeMagicQuotes($_SERVER['CONTENT_LENGTH']);
71
  }
72
  if (array_key_exists('REFERER', $_SERVER)) {
73
+ $headers['Referer'] = BVWPRequest::removeMagicQuotes($_SERVER['REFERER']);
74
  }
75
  if (array_key_exists('HTTP_USER_AGENT', $_SERVER)) {
76
+ $headers['User-Agent'] = BVWPRequest::removeMagicQuotes($_SERVER['HTTP_USER_AGENT']);
77
  }
78
 
79
  if (array_key_exists('Host', $headers)) {
80
  $host = $headers['Host'];
81
  } else if (array_key_exists('SERVER_NAME', $_SERVER)) {
82
+ $host = BVWPRequest::removeMagicQuotes($_SERVER['SERVER_NAME']);
83
  }
84
 
85
+ $method = array_key_exists('REQUEST_METHOD', $_SERVER) ? BVWPRequest::removeMagicQuotes($_SERVER['REQUEST_METHOD']) : 'GET';
86
+ $uri = array_key_exists('REQUEST_URI', $_SERVER) ? BVWPRequest::removeMagicQuotes($_SERVER['REQUEST_URI']) : '';
87
  $_uri = parse_url($uri);
88
  $path = (is_array($_uri) && array_key_exists('path', $_uri)) ? $_uri['path'] : $uri;
89
  }
93
  $this->setUri($uri);
94
  $this->setPath($path);
95
  }
96
+
97
  public function setStatus($status) {
98
  $this->status = $status;
99
  }
153
  public function setUri($uri) {
154
  $this->uri = $uri;
155
  }
156
+
157
+ public function updateRulesInfo($key, $value) {
158
+ $this->rulesInfo[$key] = $value;
159
+ }
160
 
161
+ public function getRulesInfo() {
162
+ return $this->rulesInfo;
163
+ }
164
+
165
+ public function updateReqInfo($info) {
166
+ if (is_array($info)) {
167
+ $this->reqInfo = $this->reqInfo + $info;
168
+ }
169
+ }
170
+
171
+ public function getReqInfo() {
172
+ return $this->reqInfo;
173
+ }
174
+
175
  public function getStatus() {
176
  return $this->status;
177
  }
188
  }
189
 
190
  public function getDataToLog() {
 
 
191
  $referer = $this->getHeader('Referer') ? $this->getHeader('Referer') : '';
192
  $user_agent = $this->getHeader('User-Agent') ? $this->getHeader('User-Agent') : '';
193
+ $rules_info = maybe_serialize($this->getRulesInfo());
194
+ $req_info = maybe_serialize($this->getReqInfo());
195
+ if (strlen($req_info) > 16000) {
196
+ $req_info = maybe_serialize(array("keys" => array_keys($this->getReqInfo())));
197
+ if (strlen($req_info) > 16000) {
198
+ $req_info = maybe_serialize(array("bv_over_size" => true));
199
+ }
200
+ }
201
  $data = array(
202
  "path" => $this->getPath(),
203
  "filenames" => maybe_serialize($this->getFileNames()),
205
  "time" => $this->getTimeStamp(),
206
  "ip" => $this->getIP(),
207
  "method" => $this->getMethod(),
208
+ "query_string" => $req_info,
209
  "user_agent" => $user_agent,
210
  "resp_code" => $this->getRespCode(),
211
  "referer" => $referer,
212
  "status" => $this->getStatus(),
213
+ "category" => $this->getCategory(),
214
+ "rules_info" => $rules_info
215
  );
216
  return $data;
217
  }
307
 
308
  public static function removeMagicQuotes($value) {
309
  if (function_exists("get_magic_quotes_gpc") && get_magic_quotes_gpc()) {
310
+ return BVWPRequest::removeSlashesRecursively($value);
311
  }
312
  return $value;
313
  }
protect/wp_lp/config.php ADDED
@@ -0,0 +1,82 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ if (!defined('ABSPATH')) exit;
4
+ if (!class_exists('BVWPLPConfig')) :
5
+ class BVWPLPConfig {
6
+ public $db;
7
+ public $settings;
8
+ public static $requests_table = 'lp_requests';
9
+
10
+ #mode
11
+ const DISABLED = 1;
12
+ const AUDIT = 2;
13
+ const PROTECT = 3;
14
+
15
+ public function __construct($db, $settings) {
16
+ $this->db = $db;
17
+ $this->settings = $settings;
18
+ }
19
+
20
+ public function setMode($mode) {
21
+ if (!$mode) {
22
+ $this->settings->deleteOption('bvlpmode');
23
+ } else {
24
+ $this->settings->updateOption('bvlpmode', intval($mode));
25
+ }
26
+ }
27
+
28
+ public function setCaptchaLimit($count) {
29
+ if (!$count) {
30
+ $this->settings->deleteOption('bvlpcaptchaLimit');
31
+ } else {
32
+ $this->settings->updateOption('bvlpcaptchaLimit', intval($count));
33
+ }
34
+ }
35
+
36
+ public function setTempBlockLimit($count) {
37
+ if (!$count) {
38
+ $this->settings->deleteOption('bvlptempblocklimit');
39
+ } else {
40
+ $this->settings->updateOption('bvlptempblocklimit', intval($count));
41
+ }
42
+ }
43
+
44
+ public function setBlockAllLimit($count) {
45
+ if (!$count) {
46
+ $this->settings->deleteOption('bvlpblockalllimit');
47
+ } else {
48
+ $this->settings->updateOption('bvlpblockalllimit', intval($count));
49
+ }
50
+ }
51
+
52
+ public function getMode() {
53
+ $mode = $this->settings->getOption('bvlpmode');
54
+ return intval($mode ? $mode : BVWPLPConfig::DISABLED);
55
+ }
56
+
57
+ public function getCaptchaLimit() {
58
+ $limit = $this->settings->getOption('bvlpcaptchalimit');
59
+ return ($limit ? $limit : 3);
60
+ }
61
+
62
+ public function getTempBlockLimit() {
63
+ $limit = $this->settings->getOption('bvlptempblocklimit');
64
+ return ($limit ? $limit : 10);
65
+ }
66
+
67
+ public function getBlockAllLimit() {
68
+ $limit = $this->settings->getOption('bvlpblockAlllimit');
69
+ return ($limit ? $limit : 100);
70
+ }
71
+
72
+ public function clear() {
73
+ $this->setMode(false);
74
+ $this->setCaptchaLimit(false);
75
+ $this->setTempBlockLimit(false);
76
+ $this->setBlockAllLimit(false);
77
+ $this->db->dropBVTable(BVWPLPConfig::$requests_table);
78
+ $this->settings->deleteOption('bvptplug');
79
+ return true;
80
+ }
81
+ }
82
+ endif;
{lp → protect/wp_lp}/lp.php RENAMED
@@ -1,20 +1,19 @@
1
  <?php
2
 
3
  if (!defined('ABSPATH')) exit;
4
- if (!class_exists('BVLP')) :
5
 
6
  require_once dirname( __FILE__ ) . '/config.php';
7
- require_once dirname( __FILE__ ) . './../ipstore.php';
8
 
9
- class BVLP {
10
-
 
11
  private $ip;
12
  private $time;
13
  private $category;
14
  private $username;
15
  private $message;
16
  public $config;
17
- public $bvmain;
18
  public $logger;
19
  public $ipstore;
20
  public static $requests_table = 'lp_requests';
@@ -34,23 +33,17 @@ class BVLP {
34
  const BYPASSED = 6;
35
  const ALLOWED = 7;
36
 
37
- public function __construct($bvmain, $ip) {
38
- $this->bvmain = $bvmain;
 
39
  $this->ip = $ip;
40
- $this->config = new BVLPConfig($this->bvmain);
41
- $this->ipstore = new BVIPStore($bvmain);
42
- $this->logger = new BVLogger($this->bvmain->db, BVLPConfig::$requests_table);
43
  $this->time = strtotime(date("Y-m-d H:i:s"));
44
  }
45
 
46
  public function init() {
47
- if ($this->isActive()) {
48
- $this->lpInit();
49
- }
50
- add_action('clear_lp_config', array($this->config, 'clear'));
51
- }
52
-
53
- public function lpInit() {
54
  add_filter('authenticate', array($this, 'loginInit'), 30, 3);
55
  add_action('wp_login', array($this, 'loginSuccess'));
56
  add_action('wp_login_failed', array($this, 'loginFailed'));
@@ -69,8 +62,8 @@ class BVLP {
69
  }
70
 
71
  public function getCaptchaLink() {
72
- $bvmain = $this->bvmain;
73
- $url = $bvmain->authenticatedUrl('/captcha/solve');
74
  $url .= "&adminurl=".base64_encode(get_admin_url());
75
  return $url;
76
  }
@@ -84,7 +77,7 @@ class BVLP {
84
  }
85
 
86
  public function getCategory() {
87
- return $this->category ? $this->category : BVLP::ALLOWED;
88
  }
89
 
90
  public function getCaptchaLimit() {
@@ -101,19 +94,20 @@ class BVLP {
101
 
102
  public function getLoginLogsTable() {
103
  global $bvdb;
104
- return $bvdb->getBVTable(BVLP::$requests_table);
105
  }
106
 
107
  public function getAllowLoginsTransient() {
108
- return $this->bvmain->info->getTransient('bvlp_allow_logins');
109
  }
110
 
111
  public function getBlockLoginsTransient() {
112
- return $this->bvmain->info->getTransient('bvlp_block_logins');
113
  }
114
 
115
  public function terminateTemplate() {
116
- $brandname = $this->bvmain->getBrandName();
 
117
  $templates = array (
118
  1 => "<p>Too many failed attempts, You are barred from logging into this site.</p><a href=".$this->getCaptchaLink()."
119
  class='btn btn-default'>Click here</a> to unblock yourself.",
@@ -125,7 +119,7 @@ class BVLP {
125
  return "
126
  <div style='height: 98vh;'>
127
  <div style='text-align: center; padding: 10% 0; font-family: Arial, Helvetica, sans-serif;'>
128
- <div><p><img src=".plugins_url('../img/icon.png', __FILE__)."><h2>Login Protection</h2><h3>powered by</h3><h2>"
129
  .$brandname."</h2></p><div>
130
  <p>" . $templates[$this->getCategory()]. "</p>
131
  </div>
@@ -133,11 +127,11 @@ class BVLP {
133
  }
134
 
135
  public function isProtecting() {
136
- return ($this->config->getMode() === BVLPConfig::PROTECT);
137
  }
138
 
139
  public function isActive() {
140
- return ($this->config->getMode() !== BVLPConfig::DISABLED);
141
  }
142
 
143
  public function isBlacklistedIP() {
@@ -149,10 +143,10 @@ class BVLP {
149
  }
150
 
151
  public function isUnBlockedIP() {
152
- $transient_name = BVLP::$unblock_ip_transient.$this->ip;
153
- $attempts = $this->bvmain->info->getTransient($transient_name);
154
  if ($attempts && $attempts > 0) {
155
- $this->bvmain->info->setTransient($transient_name, $attempts - 1, 600 * $attempts);
156
  return true;
157
  }
158
  return false;
@@ -160,7 +154,7 @@ class BVLP {
160
 
161
  public function isLoginBlocked() {
162
  if ($this->getAllowLoginsTransient() ||
163
- ($this->getLoginCount(BVLP::LOGINFAILURE) < $this->getBlockAllLimit())) {
164
  return false;
165
  }
166
  return true;
@@ -179,7 +173,7 @@ class BVLP {
179
 
180
  public function terminateLogin() {
181
  $this->setMessage('Login Blocked');
182
- $this->log(BVLP::LOGINBLOCKED);
183
  if ($this->isProtecting()) {
184
  header("Cache-Control: no-cache, no-store, must-revalidate");
185
  header("Pragma: no-cache");
@@ -192,22 +186,22 @@ class BVLP {
192
 
193
  public function loginInit($user, $username = '', $password = '') {
194
  if ($this->isUnBlockedIP()) {
195
- $this->setCategory(BVLP::UNBLOCKED);
196
  } else {
197
- $failed_attempts = $this->getLoginCount(BVLP::LOGINFAILURE, $this->ip);
198
  if ($this->isBlacklistedIP()) {
199
- $this->setCategory(BVLP::BLACKLISTED);
200
  $this->terminateLogin();
201
  } else if ($this->isKnownLogin() || $this->isWhitelistedIP()) {
202
- $this->setCategory(BVLP::BYPASSED);
203
  } else if ($this->isLoginBlocked()) {
204
- $this->setCategory(BVLP::ALLBLOCKED);
205
  $this->terminateLogin();
206
  } else if ($failed_attempts >= $this->getTempBlockLimit()) {
207
- $this->setCategory(BVLP::TEMPBLOCK);
208
  $this->terminateLogin();
209
  } else if ($failed_attempts >= $this->getCaptchaLimit()) {
210
- $this->setCategory(BVLP::CAPTCHABLOCK);
211
  $this->terminateLogin();
212
  }
213
  }
@@ -219,22 +213,22 @@ class BVLP {
219
 
220
  public function loginFailed($username) {
221
  $this->setUserName($username);
222
- $this->log(BVLP::LOGINFAILURE);
223
  }
224
 
225
  public function loginSuccess($username) {
226
  $this->setUserName($username);
227
  $this->setMessage('Login Success');
228
- $this->log(BVLP::LOGINSUCCESS);
229
  }
230
 
231
  public function isKnownLogin() {
232
- return $this->getLoginCount(BVLP::LOGINSUCCESS, $this->ip, 3600) > 0;
233
  }
234
 
235
  public function getLoginCount($status, $ip = null, $gap = 1800) {
236
- $db = $this->bvmain->db;
237
- $table = $db->getBVTable(BVLP::$requests_table);
238
  $query = $db->prepare("SELECT COUNT(*) as count from `$table` WHERE status=%d && time > %d", array($status, ($this->time - $gap)));
239
  if ($ip) {
240
  $query .= $db->prepare(" && ip=%s", $ip);
@@ -245,4 +239,4 @@ class BVLP {
245
  return intval($rows[0]['count']);
246
  }
247
  }
248
- endif;
1
  <?php
2
 
3
  if (!defined('ABSPATH')) exit;
4
+ if (!class_exists('BVWPLP')) :
5
 
6
  require_once dirname( __FILE__ ) . '/config.php';
 
7
 
8
+ class BVWPLP {
9
+ public $db;
10
+ public $settings;
11
  private $ip;
12
  private $time;
13
  private $category;
14
  private $username;
15
  private $message;
16
  public $config;
 
17
  public $logger;
18
  public $ipstore;
19
  public static $requests_table = 'lp_requests';
33
  const BYPASSED = 6;
34
  const ALLOWED = 7;
35
 
36
+ public function __construct($db, $settings, $ip, $ipstore) {
37
+ $this->db = $db;
38
+ $this->settings = $settings;
39
  $this->ip = $ip;
40
+ $this->config = new BVWPLPConfig($db, $settings);
41
+ $this->ipstore = $ipstore;
42
+ $this->logger = new BVLogger($db, BVWPLPConfig::$requests_table);
43
  $this->time = strtotime(date("Y-m-d H:i:s"));
44
  }
45
 
46
  public function init() {
 
 
 
 
 
 
 
47
  add_filter('authenticate', array($this, 'loginInit'), 30, 3);
48
  add_action('wp_login', array($this, 'loginSuccess'));
49
  add_action('wp_login_failed', array($this, 'loginFailed'));
62
  }
63
 
64
  public function getCaptchaLink() {
65
+ $account = BVAccount::apiPublicAccount($this->settings);
66
+ $url = $account->authenticatedUrl('/captcha/solve');
67
  $url .= "&adminurl=".base64_encode(get_admin_url());
68
  return $url;
69
  }
77
  }
78
 
79
  public function getCategory() {
80
+ return $this->category ? $this->category : BVWPLP::ALLOWED;
81
  }
82
 
83
  public function getCaptchaLimit() {
94
 
95
  public function getLoginLogsTable() {
96
  global $bvdb;
97
+ return $bvdb->getBVTable(BVWPLP::$requests_table);
98
  }
99
 
100
  public function getAllowLoginsTransient() {
101
+ return $this->settings->getTransient('bvlp_allow_logins');
102
  }
103
 
104
  public function getBlockLoginsTransient() {
105
+ return $this->settings->getTransient('bvlp_block_logins');
106
  }
107
 
108
  public function terminateTemplate() {
109
+ $info = new BVInfo($this->settings);
110
+ $brandname = $info->getBrandName();
111
  $templates = array (
112
  1 => "<p>Too many failed attempts, You are barred from logging into this site.</p><a href=".$this->getCaptchaLink()."
113
  class='btn btn-default'>Click here</a> to unblock yourself.",
119
  return "
120
  <div style='height: 98vh;'>
121
  <div style='text-align: center; padding: 10% 0; font-family: Arial, Helvetica, sans-serif;'>
122
+ <div><p><img src=".plugins_url('/../../img/icon.png', __FILE__)."><h2>Login Protection</h2><h3>powered by</h3><h2>"
123
  .$brandname."</h2></p><div>
124
  <p>" . $templates[$this->getCategory()]. "</p>
125
  </div>
127
  }
128
 
129
  public function isProtecting() {
130
+ return ($this->config->getMode() === BVWPLPConfig::PROTECT);
131
  }
132
 
133
  public function isActive() {
134
+ return ($this->config->getMode() !== BVWPLPConfig::DISABLED);
135
  }
136
 
137
  public function isBlacklistedIP() {
143
  }
144
 
145
  public function isUnBlockedIP() {
146
+ $transient_name = BVWPLP::$unblock_ip_transient.$this->ip;
147
+ $attempts = $this->settings->getTransient($transient_name);
148
  if ($attempts && $attempts > 0) {
149
+ $this->settings->setTransient($transient_name, $attempts - 1, 600 * $attempts);
150
  return true;
151
  }
152
  return false;
154
 
155
  public function isLoginBlocked() {
156
  if ($this->getAllowLoginsTransient() ||
157
+ ($this->getLoginCount(BVWPLP::LOGINFAILURE) < $this->getBlockAllLimit())) {
158
  return false;
159
  }
160
  return true;
173
 
174
  public function terminateLogin() {
175
  $this->setMessage('Login Blocked');
176
+ $this->log(BVWPLP::LOGINBLOCKED);
177
  if ($this->isProtecting()) {
178
  header("Cache-Control: no-cache, no-store, must-revalidate");
179
  header("Pragma: no-cache");
186
 
187
  public function loginInit($user, $username = '', $password = '') {
188
  if ($this->isUnBlockedIP()) {
189
+ $this->setCategory(BVWPLP::UNBLOCKED);
190
  } else {
191
+ $failed_attempts = $this->getLoginCount(BVWPLP::LOGINFAILURE, $this->ip);
192
  if ($this->isBlacklistedIP()) {
193
+ $this->setCategory(BVWPLP::BLACKLISTED);
194
  $this->terminateLogin();
195
  } else if ($this->isKnownLogin() || $this->isWhitelistedIP()) {
196
+ $this->setCategory(BVWPLP::BYPASSED);
197
  } else if ($this->isLoginBlocked()) {
198
+ $this->setCategory(BVWPLP::ALLBLOCKED);
199
  $this->terminateLogin();
200
  } else if ($failed_attempts >= $this->getTempBlockLimit()) {
201
+ $this->setCategory(BVWPLP::TEMPBLOCK);
202
  $this->terminateLogin();
203
  } else if ($failed_attempts >= $this->getCaptchaLimit()) {
204
+ $this->setCategory(BVWPLP::CAPTCHABLOCK);
205
  $this->terminateLogin();
206
  }
207
  }
213
 
214
  public function loginFailed($username) {
215
  $this->setUserName($username);
216
+ $this->log(BVWPLP::LOGINFAILURE);
217
  }
218
 
219
  public function loginSuccess($username) {
220
  $this->setUserName($username);
221
  $this->setMessage('Login Success');
222
+ $this->log(BVWPLP::LOGINSUCCESS);
223
  }
224
 
225
  public function isKnownLogin() {
226
+ return $this->getLoginCount(BVWPLP::LOGINSUCCESS, $this->ip, 3600) > 0;
227
  }
228
 
229
  public function getLoginCount($status, $ip = null, $gap = 1800) {
230
+ $db = $this->db;
231
+ $table = $db->getBVTable(BVWPLP::$requests_table);
232
  $query = $db->prepare("SELECT COUNT(*) as count from `$table` WHERE status=%d && time > %d", array($status, ($this->time - $gap)));
233
  if ($ip) {
234
  $query .= $db->prepare(" && ip=%s", $ip);
239
  return intval($rows[0]['count']);
240
  }
241
  }
242
+ endif;
publickeys/bvkey3.pub DELETED
@@ -1,14 +0,0 @@
1
- -----BEGIN PUBLIC KEY-----
2
- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqFB9e3GLIO4DaAvTKl30
3
- UPW3H0op9CqSAvUxngDolJPvAbjnjSfdv/39V3EVJJvUVBm25gq+613WnMhpACM+
4
- v7I7X4wzNFp1q1N9/b7fE2CU+UfU8nToH2DEzDtwsaKlTCJlqj602CClSKgj83Ks
5
- uUuR0/YSWV2JRX1O/4SvbmzJ41FM46uptTAx/8OlgTPr8H/SyEJA1Z0jE0KbPr2Y
6
- QY2gNauPB2V7SguRae+z1EYGVML9LPsblD7TETTRi6R6aR3eV4EZYBTQ5D0y+MA6
7
- 9BlY0CQePgQ8Vf+7LFMgy+OL742FYwF5Etz16yMxIASSLvNvsJMvCSrgenzYjpuG
8
- QRTm0PXonNT/+b634bqYMTRAu+uBIGLeunO32Upb/NeypXnorZF32zxyGPxfhd8j
9
- +plyKlb0RSmKfzwbwzxDsyxwvy//Vfy45mf7qtohRdZeNekWIEr6qubk0mjyOh/F
10
- 2QpXw+YUCNa/zlhx1mKzhwAfVBAtG1jpJOdNnyHtGhcI64OwWOV0N8jzcLRFmo6w
11
- sf3P49LZ01J0mW3vYmENlKRM9mtI6TUDC0LM90k5UyY6aUUPER0XMJuyO7z6IQyl
12
- XMlY+Pan91L81od3GS2UsegPmelRh8gvh/uJoN7dOqPTmTotT7VT60751GxYRz0Q
13
- VvqoWbbNL8R1xQWHtgAqffcCAwEAAQ==
14
- -----END PUBLIC KEY-----
 
 
 
 
 
 
 
 
 
 
 
 
 
 
readme.txt CHANGED
@@ -4,8 +4,9 @@ Tags: backup, wordpress backup, backup plugin, cloud backup, database backup, ba
4
  Plugin URI: https://blogvault.net/
5
  Donate link: https://app.blogvault.net/home/signup
6
  Requires at least: 4.0
7
- Tested up to: 5.2.1
8
- Stable tag: 1.881
 
9
  License: GPLv2 or later
10
  License URI: [http://www.gnu.org/licenses/gpl-2.0.html](http://www.gnu.org/licenses/gpl-2.0.html)
11
 
@@ -239,7 +240,12 @@ Thank you. We really appreciate these kind words, and it makes our day. We would
239
  9. We power WordPress migration for WPEngine, Pantheon, FlyWheel, LiquidWeb, Cloudways, Savvii and many more. Need we say more?
240
 
241
  == CHANGELOG ==
242
- = 1.881 =
 
 
 
 
 
243
  * Plugin branding fixes
244
 
245
  = 1.88 =
4
  Plugin URI: https://blogvault.net/
5
  Donate link: https://app.blogvault.net/home/signup
6
  Requires at least: 4.0
7
+ Requires PHP: 5.4.0
8
+ Tested up to: 5.4
9
+ Stable tag: 3.4
10
  License: GPLv2 or later
11
  License URI: [http://www.gnu.org/licenses/gpl-2.0.html](http://www.gnu.org/licenses/gpl-2.0.html)
12
 
240
  9. We power WordPress migration for WPEngine, Pantheon, FlyWheel, LiquidWeb, Cloudways, Savvii and many more. Need we say more?
241
 
242
  == CHANGELOG ==
243
+ = 3.4 =
244
+ * Updating account authentication structure
245
+ * Adding params validation
246
+ * Adding support for custom user tables
247
+ * Restructuring classes
248
+ * Request profiling and Firewall improvements
249
  * Plugin branding fixes
250
 
251
  = 1.88 =
recover.php ADDED
@@ -0,0 +1,47 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ if (!defined('ABSPATH')) exit;
3
+ if (!class_exists('BVRecover')) :
4
+ class BVRecover {
5
+ public static $default_secret_key = 'bvSecretKey';
6
+
7
+ public static function defaultSecret($settings) {
8
+ $secret = self::getDefaultSecret($settings);
9
+ if (empty($secret)) {
10
+ $secret = BVAccount::randString(32);
11
+ self::updateDefaultSecret($settings, $secret);
12
+ }
13
+ return $secret;
14
+ }
15
+
16
+ public static function deleteDefaultSecret($settings) {
17
+ $settings->deleteOption(self::$default_secret_key);
18
+ }
19
+
20
+ public static function getDefaultSecret($settings) {
21
+ return $settings->getOption(self::$default_secret_key);
22
+ }
23
+
24
+ public static function updateDefaultSecret($settings, $secret) {
25
+ $settings->updateOption(self::$default_secret_key, $secret);
26
+ }
27
+
28
+ public static function validate($pubkey) {
29
+ if ($pubkey && strlen($pubkey) >= 32) {
30
+ return true;
31
+ } else {
32
+ return false;
33
+ }
34
+ }
35
+
36
+ public static function find($settings, $pubkey) {
37
+ if (!self::validate($pubkey)) {
38
+ return null;
39
+ }
40
+ $secret = self::getDefaultSecret($settings);
41
+ if (!empty($secret) && (strlen($secret) >= 32)) {
42
+ $account = new BVAccount($settings, $pubkey, $secret);
43
+ }
44
+ return $account;
45
+ }
46
+ }
47
+ endif;
wp_actions.php ADDED
@@ -0,0 +1,53 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ if (!defined('ABSPATH')) exit;
4
+ if (!class_exists('BVWPAction')) :
5
+ class BVWPAction {
6
+ public $settings;
7
+ public $siteinfo;
8
+ public $bvinfo;
9
+ public $bvapi;
10
+
11
+ public function __construct($settings, $siteinfo, $bvapi) {
12
+ $this->settings = $settings;
13
+ $this->siteinfo = $siteinfo;
14
+ $this->bvapi = $bvapi;
15
+ $this->bvinfo = new BVInfo($settings);
16
+ }
17
+
18
+ public function activate() {
19
+ if (!isset($_REQUEST['blogvaultkey'])) {
20
+ ##BVKEYSLOCATE##
21
+ }
22
+ if (BVAccount::isConfigured($this->settings)) {
23
+ /* This informs the server about the activation */
24
+ $info = array();
25
+ $this->siteinfo->basic($info);
26
+ $this->bvapi->pingbv('/bvapi/activate', $info);
27
+ } else {
28
+ BVAccount::setup($this->settings);
29
+ }
30
+ }
31
+
32
+ public function deactivate() {
33
+ $info = array();
34
+ $this->siteinfo->basic($info);
35
+ $this->bvapi->pingbv('/bvapi/deactivate', $info);
36
+ }
37
+
38
+ public static function uninstall() {
39
+ do_action('clear_lp_config');
40
+ do_action('clear_fw_config');
41
+ do_action('clear_ip_store');
42
+ do_action('clear_dynsync_config');
43
+ }
44
+
45
+ public function footerHandler() {
46
+ $bvfooter = $this->settings->getOption($this->bvinfo->badgeinfo);
47
+ if ($bvfooter) {
48
+ echo '<div style="max-width:150px;min-height:70px;margin:0 auto;text-align:center;position:relative;">
49
+ <a href='.$bvfooter['badgeurl'].' target="_blank" ><img src="'.plugins_url($bvfooter['badgeimg'], __FILE__).'" alt="'.$bvfooter['badgealt'].'" /></a></div>';
50
+ }
51
+ }
52
+ }
53
+ endif;
admin.php → wp_admin.php RENAMED
@@ -1,23 +1,24 @@
1
  <?php
2
 
3
  if (!defined('ABSPATH')) exit;
4
- if (!class_exists('BVAdmin')) :
5
 
6
- require_once dirname( __FILE__ ) . '/account.php';
 
 
 
7
 
8
- class BVAdmin {
9
- public $bvmain;
10
- public $account;
11
- function __construct($bvmain) {
12
- $this->bvmain = $bvmain;
13
- $this->account = new BVAccountInfo($this->bvmain);
14
  }
15
 
16
  public function mainUrl($_params = '') {
17
  if (function_exists('network_admin_url')) {
18
- return network_admin_url('admin.php?page='.$this->bvmain->plugname.$_params);
19
  } else {
20
- return admin_url('admin.php?page='.$this->bvmain->plugname.$_params);
21
  }
22
  }
23
 
@@ -30,32 +31,33 @@ class BVAdmin {
30
  array_key_exists('blogvaultkey', $_REQUEST) &&
31
  (strlen($_REQUEST['blogvaultkey']) == 64) &&
32
  (array_key_exists('page', $_REQUEST) &&
33
- $_REQUEST['page'] == $this->bvmain->plugname)) {
34
  $keys = str_split($_REQUEST['blogvaultkey'], 32);
35
- $this->bvmain->auth->updateKeys($keys[0], $keys[1]);
36
  if (array_key_exists('redirect', $_REQUEST)) {
37
  $location = $_REQUEST['redirect'];
38
- wp_redirect($this->bvmain->appUrl()."/dash/redir?q=".urlencode($location));
39
  exit();
40
  }
41
  }
42
- if ($this->bvmain->isActivateRedirectSet()) {
 
43
  wp_redirect($this->mainUrl());
44
  }
45
  }
46
 
47
  public function menu() {
48
- $brand = $this->bvmain->getBrandInfo();
49
  if (!$brand || (!array_key_exists('hide', $brand) && !array_key_exists('hide_from_menu', $brand))) {
50
- $bname = $this->bvmain->getBrandName();
51
- add_menu_page($bname, $bname, 'manage_options', $this->bvmain->plugname,
52
  array($this, 'adminPage'), plugins_url('img/icon.png', __FILE__ ));
53
  }
54
  }
55
 
56
  public function hidePluginDetails($plugin_metas, $slug) {
57
- $brand = $this->bvmain->getBrandInfo();
58
- $bvslug = $this->bvmain->slug;
59
 
60
  if ($slug === $bvslug && $brand && array_key_exists('hide_plugin_details', $brand)){
61
  foreach ($plugin_metas as $pluginKey => $pluginValue) {
@@ -71,7 +73,7 @@ class BVAdmin {
71
  public function settingsLink($links, $file) {
72
  #XNOTE: Fix this
73
  if ( $file == plugin_basename( dirname(__FILE__).'/blogvault.php' ) ) {
74
- $brand = $this->bvmain->getBrandInfo();
75
  if (!$brand || !array_key_exists('hide_plugin_details', $brand)) {
76
  $links[] = '<a href="'.$this->mainUrl().'">'.__( 'Settings' ).'</a>';
77
  }
@@ -80,41 +82,44 @@ class BVAdmin {
80
  }
81
 
82
  public function getPluginLogo() {
83
- $brand = $this->bvmain->getBrandInfo();
84
  if ($brand && array_key_exists('logo', $brand)) {
85
  return $brand['logo'];
86
  }
87
- return $this->bvmain->logo;
88
  }
89
 
90
  public function getWebPage() {
91
- $brand = $this->bvmain->getBrandInfo();
92
  if ($brand && array_key_exists('webpage', $brand)) {
93
  return $brand['webpage'];
94
  }
95
- return $this->bvmain->webpage;
96
  }
97
 
98
  public function siteInfoTags() {
 
99
  $bvnonce = wp_create_nonce("bvnonce");
100
- $secret = $this->bvmain->auth->defaultSecret();
101
- $tags = "<input type='hidden' name='url' value='".$this->bvmain->info->wpurl()."'/>\n".
102
- "<input type='hidden' name='homeurl' value='".$this->bvmain->info->homeurl()."'/>\n".
103
- "<input type='hidden' name='siteurl' value='".$this->bvmain->info->siteurl()."'/>\n".
104
- "<input type='hidden' name='dbsig' value='".$this->bvmain->lib->dbsig(false)."'/>\n".
105
- "<input type='hidden' name='plug' value='".$this->bvmain->plugname."'/>\n".
 
106
  "<input type='hidden' name='adminurl' value='".$this->mainUrl()."'/>\n".
107
- "<input type='hidden' name='bvversion' value='".$this->bvmain->version."'/>\n".
108
  "<input type='hidden' name='serverip' value='".$_SERVER["SERVER_ADDR"]."'/>\n".
109
  "<input type='hidden' name='abspath' value='".ABSPATH."'/>\n".
110
  "<input type='hidden' name='secret' value='".$secret."'/>\n".
 
111
  "<input type='hidden' name='bvnonce' value='".$bvnonce."'/>\n";
112
  return $tags;
113
  }
114
 
115
  public function activateWarning() {
116
  global $hook_suffix;
117
- if (!$this->bvmain->isConfigured() && $hook_suffix == 'index.php' ) {
118
  ?>
119
  <div id="message" class="updated" style="padding: 8px; font-size: 16px; background-color: #dff0d8">
120
  <a class="button-primary" href="<?php echo $this->mainUrl(); ?>">Activate BlogVault</a>
@@ -124,19 +129,14 @@ class BVAdmin {
124
  }
125
  }
126
 
127
- public function isConfigured() {
128
- $accounts = $this->account->allAccounts();
129
- return (is_array($accounts) && sizeof($accounts) >= 1);
130
- }
131
-
132
  public function adminPage() {
133
  wp_enqueue_style( 'bvsurface', plugins_url('css/bvmui.min.css', __FILE__));
134
  wp_enqueue_style( 'bvplugin', plugins_url('css/bvplugin.min.css', __FILE__));
135
  if (isset($_REQUEST['bvnonce']) && wp_verify_nonce( $_REQUEST['bvnonce'], 'bvnonce' )) {
136
- $this->account->remove($_REQUEST['pubkey']);
137
  }
138
  require_once dirname( __FILE__ ) . '/admin/header.php';
139
- if ($this->isConfigured()) {
140
  if (!isset($_REQUEST['add_account'])) {
141
  require_once dirname( __FILE__ ) . '/admin/main_page.php';
142
  } else {
@@ -149,13 +149,13 @@ class BVAdmin {
149
  }
150
 
151
  public function initBranding($plugins) {
152
- $slug = $this->bvmain->slug;
153
-
154
  if (!is_array($plugins) || !isset($slug, $plugins)) {
155
  return $plugins;
156
  }
157
 
158
- $brand = $this->bvmain->getBrandInfo();
159
  if ($brand) {
160
  if (array_key_exists('hide', $brand)) {
161
  unset($plugins[$slug]);
@@ -186,4 +186,4 @@ class BVAdmin {
186
  return $plugins;
187
  }
188
  }
189
- endif;
1
  <?php
2
 
3
  if (!defined('ABSPATH')) exit;
4
+ if (!class_exists('BVWPAdmin')) :
5
 
6
+ class BVWPAdmin {
7
+ public $settings;
8
+ public $siteinfo;
9
+ public $bvinfo;
10
 
11
+ function __construct($settings, $siteinfo) {
12
+ $this->settings = $settings;
13
+ $this->siteinfo = $siteinfo;
14
+ $this->bvinfo = new BVInfo($this->settings);
 
 
15
  }
16
 
17
  public function mainUrl($_params = '') {
18
  if (function_exists('network_admin_url')) {
19
+ return network_admin_url('admin.php?page='.$this->bvinfo->plugname.$_params);
20
  } else {
21
+ return admin_url('admin.php?page='.$this->bvinfo->plugname.$_params);
22
  }
23
  }
24
 
31
  array_key_exists('blogvaultkey', $_REQUEST) &&
32
  (strlen($_REQUEST['blogvaultkey']) == 64) &&
33
  (array_key_exists('page', $_REQUEST) &&
34
+ $_REQUEST['page'] == $this->bvinfo->plugname)) {
35
  $keys = str_split($_REQUEST['blogvaultkey'], 32);
36
+ BVAccount::addAccount($this->settings, $keys[0], $keys[1]);
37
  if (array_key_exists('redirect', $_REQUEST)) {
38
  $location = $_REQUEST['redirect'];
39
+ wp_redirect($this->bvinfo->appUrl()."/dash/redir?q=".urlencode($location));
40
  exit();
41
  }
42
  }
43
+ if ($this->bvinfo->isActivateRedirectSet()) {
44
+ $this->settings->updateOption($this->bvinfo->plug_redirect, 'no');
45
  wp_redirect($this->mainUrl());
46
  }
47
  }
48
 
49
  public function menu() {
50
+ $brand = $this->bvinfo->getBrandInfo();
51
  if (!$brand || (!array_key_exists('hide', $brand) && !array_key_exists('hide_from_menu', $brand))) {
52
+ $bname = $this->bvinfo->getBrandName();
53
+ add_menu_page($bname, $bname, 'manage_options', $this->bvinfo->plugname,
54
  array($this, 'adminPage'), plugins_url('img/icon.png', __FILE__ ));
55
  }
56
  }
57
 
58
  public function hidePluginDetails($plugin_metas, $slug) {
59
+ $brand = $this->bvinfo->getBrandInfo();
60
+ $bvslug = $this->bvinfo->slug;
61
 
62
  if ($slug === $bvslug && $brand && array_key_exists('hide_plugin_details', $brand)){
63
  foreach ($plugin_metas as $pluginKey => $pluginValue) {
73
  public function settingsLink($links, $file) {
74
  #XNOTE: Fix this
75
  if ( $file == plugin_basename( dirname(__FILE__).'/blogvault.php' ) ) {
76
+ $brand = $this->bvinfo->getBrandInfo();
77
  if (!$brand || !array_key_exists('hide_plugin_details', $brand)) {
78
  $links[] = '<a href="'.$this->mainUrl().'">'.__( 'Settings' ).'</a>';
79
  }
82
  }
83
 
84
  public function getPluginLogo() {
85
+ $brand = $this->bvinfo->getBrandInfo();
86
  if ($brand && array_key_exists('logo', $brand)) {
87
  return $brand['logo'];
88
  }
89
+ return $this->bvinfo->logo;
90
  }
91
 
92
  public function getWebPage() {
93
+ $brand = $this->bvinfo->getBrandInfo();
94
  if ($brand && array_key_exists('webpage', $brand)) {
95
  return $brand['webpage'];
96
  }
97
+ return $this->bvinfo->webpage;
98
  }
99
 
100
  public function siteInfoTags() {
101
+ require_once dirname( __FILE__ ) . '/recover.php';
102
  $bvnonce = wp_create_nonce("bvnonce");
103
+ $public = BVAccount::getApiPublicKey($this->settings);
104
+ $secret = BVRecover::defaultSecret($this->settings);
105
+ $tags = "<input type='hidden' name='url' value='".$this->siteinfo->wpurl()."'/>\n".
106
+ "<input type='hidden' name='homeurl' value='".$this->siteinfo->homeurl()."'/>\n".
107
+ "<input type='hidden' name='siteurl' value='".$this->siteinfo->siteurl()."'/>\n".
108
+ "<input type='hidden' name='dbsig' value='".$this->siteinfo->dbsig(false)."'/>\n".
109
+ "<input type='hidden' name='plug' value='".$this->bvinfo->plugname."'/>\n".
110
  "<input type='hidden' name='adminurl' value='".$this->mainUrl()."'/>\n".
111
+ "<input type='hidden' name='bvversion' value='".$this->bvinfo->version."'/>\n".
112
  "<input type='hidden' name='serverip' value='".$_SERVER["SERVER_ADDR"]."'/>\n".
113
  "<input type='hidden' name='abspath' value='".ABSPATH."'/>\n".
114
  "<input type='hidden' name='secret' value='".$secret."'/>\n".
115
+ "<input type='hidden' name='public' value='".$public."'/>\n".
116
  "<input type='hidden' name='bvnonce' value='".$bvnonce."'/>\n";
117
  return $tags;
118
  }
119
 
120
  public function activateWarning() {
121
  global $hook_suffix;
122
+ if (!BVAccount::isConfigured($this->settings) && $hook_suffix == 'index.php' ) {
123
  ?>
124
  <div id="message" class="updated" style="padding: 8px; font-size: 16px; background-color: #dff0d8">
125
  <a class="button-primary" href="<?php echo $this->mainUrl(); ?>">Activate BlogVault</a>
129
  }
130
  }
131
 
 
 
 
 
 
132
  public function adminPage() {
133
  wp_enqueue_style( 'bvsurface', plugins_url('css/bvmui.min.css', __FILE__));
134
  wp_enqueue_style( 'bvplugin', plugins_url('css/bvplugin.min.css', __FILE__));
135
  if (isset($_REQUEST['bvnonce']) && wp_verify_nonce( $_REQUEST['bvnonce'], 'bvnonce' )) {
136
+ BVAccount::remove($this->settings, $_REQUEST['pubkey']);
137
  }
138
  require_once dirname( __FILE__ ) . '/admin/header.php';
139
+ if (BVAccount::isConfigured($this->settings)) {
140
  if (!isset($_REQUEST['add_account'])) {
141
  require_once dirname( __FILE__ ) . '/admin/main_page.php';
142
  } else {
149
  }
150
 
151
  public function initBranding($plugins) {
152
+ $slug = $this->bvinfo->slug;
153
+
154
  if (!is_array($plugins) || !isset($slug, $plugins)) {
155
  return $plugins;
156
  }
157
 
158
+ $brand = $this->bvinfo->getBrandInfo();
159
  if ($brand) {
160
  if (array_key_exists('hide', $brand)) {
161
  unset($plugins[$slug]);
186
  return $plugins;
187
  }
188
  }
189
+ endif;
wp_api.php ADDED
@@ -0,0 +1,38 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ if (!defined('ABSPATH')) exit;
4
+ if (!class_exists('BVWPAPI')) :
5
+ class BVWPAPI {
6
+ public $settings;
7
+
8
+ public function __construct($settings) {
9
+ $this->settings = $settings;
10
+ }
11
+
12
+ public function pingbv($method, $body, $public = false) {
13
+ if ($public) {
14
+ $this->create_request_params($method, $body, $public);
15
+ } else {
16
+ $accounts = BVAccount::allAccounts($this->settings);
17
+ foreach ($accounts as $pubkey => $value ) {
18
+ $this->create_request_params($method, $body, $pubkey);
19
+ }
20
+ }
21
+ }
22
+
23
+ public function create_request_params($method, $body, $pubkey) {
24
+ $account = BVAccount::find($this->settings, $pubkey);
25
+ $url = $account->authenticatedUrl($method);
26
+ $this->http_request($url, $body);
27
+ }
28
+
29
+ public function http_request($url, $body) {
30
+ $_body = array(
31
+ 'method' => 'POST',
32
+ 'timeout' => 15,
33
+ 'body' => $body);
34
+
35
+ return wp_remote_post($url, $_body);
36
+ }
37
+ }
38
+ endif;
main/db.php → wp_db.php RENAMED
@@ -1,87 +1,87 @@
1
  <?php
2
 
3
  if (!defined('ABSPATH')) exit;
4
- if (!class_exists('BVDb')) :
5
 
6
- class BVDb {
7
- function dbprefix() {
8
  global $wpdb;
9
  $prefix = $wpdb->base_prefix ? $wpdb->base_prefix : $wpdb->prefix;
10
  return $prefix;
11
  }
12
 
13
- function prepare($query, $args) {
14
  global $wpdb;
15
  return $wpdb->prepare($query, $args);
16
  }
17
 
18
- function getSiteId() {
19
  global $wpdb;
20
  return $wpdb->siteid;
21
  }
22
 
23
- function getResult($query, $obj = ARRAY_A) {
24
  global $wpdb;
25
  return $wpdb->get_results($query, $obj);
26
  }
27
 
28
- function query($query) {
29
  global $wpdb;
30
  return $wpdb->query($query);
31
  }
32
 
33
- function getVar($query, $col = 0, $row = 0) {
34
  global $wpdb;
35
  return $wpdb->get_var($query, $col, $row);
36
  }
37
 
38
- function getCol($query, $col = 0) {
39
  global $wpdb;
40
  return $wpdb->get_col($query, $col);
41
  }
42
 
43
- function tableName($table) {
44
  return $table[0];
45
  }
46
 
47
- function showTables() {
48
  $tables = $this->getResult("SHOW TABLES", ARRAY_N);
49
  return array_map(array($this, 'tableName'), $tables);
50
  }
51
 
52
- function showTableStatus() {
53
  return $this->getResult("SHOW TABLE STATUS");
54
  }
55
 
56
- function tableKeys($table) {
57
  return $this->getResult("SHOW KEYS FROM $table;");
58
  }
59
 
60
- function describeTable($table) {
61
  return $this->getResult("DESCRIBE $table;");
62
  }
63
 
64
- function checkTable($table, $type) {
65
  return $this->getResult("CHECK TABLE $table $type;");
66
  }
67
 
68
- function repairTable($table) {
69
  return $this->getResult("REPAIR TABLE $table;");
70
  }
71
 
72
- function showTableCreate($table) {
73
  return $this->getVar("SHOW CREATE TABLE $table;", 1);
74
  }
75
 
76
- function rowsCount($table) {
77
  $count = $this->getVar("SELECT COUNT(*) FROM $table;");
78
  return intval($count);
79
  }
80
 
81
- function createTable($query, $name) {
82
  $table = $this->getBVTable($name);
83
  if (!$this->isTablePresent($table)) {
84
- if (array_key_exists('usedbdelta', $_REQUEST)) {
85
  if (!function_exists('dbDelta'))
86
  require_once( ABSPATH . 'wp-admin/includes/upgrade.php' );
87
  dbDelta($query);
@@ -92,7 +92,16 @@ class BVDb {
92
  return $this->isTablePresent($table);
93
  }
94
 
95
- function getTableContent($table, $fields = '*', $filter = '', $limit = 0, $offset = 0) {
 
 
 
 
 
 
 
 
 
96
  $query = "SELECT $fields from $table $filter";
97
  if ($limit > 0)
98
  $query .= " LIMIT $limit";
@@ -102,27 +111,24 @@ class BVDb {
102
  return $rows;
103
  }
104
 
105
- function isTablePresent($table) {
106
  return ($this->getVar("SHOW TABLES LIKE '$table'") === $table);
107
  }
108
 
109
- function getCharsetCollate() {
110
  global $wpdb;
111
- if (method_exists($wpdb, 'get_charset_collate')) {
112
- return $wpdb->get_charset_collate();
113
- }
114
- return '';
115
  }
116
 
117
- function getWPTable($name) {
118
  return ($this->dbprefix() . $name);
119
  }
120
 
121
- function getBVTable($name) {
122
  return ($this->getWPTable("bv_" . $name));
123
  }
124
 
125
- function truncateBVTable($name) {
126
  $table = $this->getBVTable($name);
127
  if ($this->isTablePresent($table)) {
128
  return $this->query("TRUNCATE TABLE $table;");
@@ -131,7 +137,7 @@ class BVDb {
131
  }
132
  }
133
 
134
- function deleteBVTableContent($name, $filter = "") {
135
  $table = $this->getBVTable($name);
136
  if ($this->isTablePresent($table)) {
137
  return $this->query("DELETE FROM $table $filter;");
@@ -140,7 +146,7 @@ class BVDb {
140
  }
141
  }
142
 
143
- function dropBVTable($name) {
144
  $table = $this->getBVTable($name);
145
  if ($this->isTablePresent($table)) {
146
  $this->query("DROP TABLE IF EXISTS $table;");
@@ -148,7 +154,7 @@ class BVDb {
148
  return !$this->isTablePresent($table);
149
  }
150
 
151
- function deleteRowsFromtable($name, $count = 1) {
152
  $table = $this->getBVTable($name);
153
  if ($this->isTablePresent($table)) {
154
  return $this->getResult("DELETE FROM $table LIMIT $count;");
@@ -157,7 +163,7 @@ class BVDb {
157
  }
158
  }
159
 
160
- function replaceIntoBVTable($name, $value) {
161
  global $wpdb;
162
  $table = $this->getBVTable($name);
163
  return $wpdb->replace($table, $value);
1
  <?php
2
 
3
  if (!defined('ABSPATH')) exit;
4
+ if (!class_exists('BVWPDb')) :
5
 
6
+ class BVWPDb {
7
+ public function dbprefix() {
8
  global $wpdb;
9
  $prefix = $wpdb->base_prefix ? $wpdb->base_prefix : $wpdb->prefix;
10
  return $prefix;
11
  }
12
 
13
+ public function prepare($query, $args) {
14
  global $wpdb;
15
  return $wpdb->prepare($query, $args);
16
  }
17
 
18
+ public function getSiteId() {
19
  global $wpdb;
20
  return $wpdb->siteid;
21
  }
22
 
23
+ public function getResult($query, $obj = ARRAY_A) {
24
  global $wpdb;
25
  return $wpdb->get_results($query, $obj);
26
  }
27
 
28
+ public function query($query) {
29
  global $wpdb;
30
  return $wpdb->query($query);
31
  }
32
 
33
+ public function getVar($query, $col = 0, $row = 0) {
34
  global $wpdb;
35
  return $wpdb->get_var($query, $col, $row);
36
  }
37
 
38
+ public function getCol($query, $col = 0) {
39
  global $wpdb;
40
  return $wpdb->get_col($query, $col);
41
  }
42
 
43
+ public function tableName($table) {
44
  return $table[0];
45
  }
46
 
47
+ public function showTables() {
48
  $tables = $this->getResult("SHOW TABLES", ARRAY_N);
49
  return array_map(array($this, 'tableName'), $tables);
50
  }
51
 
52
+ public function showTableStatus() {
53
  return $this->getResult("SHOW TABLE STATUS");
54
  }
55
 
56
+ public function tableKeys($table) {
57
  return $this->getResult("SHOW KEYS FROM $table;");
58
  }
59
 
60
+ public function describeTable($table) {
61
  return $this->getResult("DESCRIBE $table;");
62
  }
63
 
64
+ public function checkTable($table, $type) {
65
  return $this->getResult("CHECK TABLE $table $type;");
66
  }
67
 
68
+ public function repairTable($table) {
69
  return $this->getResult("REPAIR TABLE $table;");
70
  }
71
 
72
+ public function showTableCreate($table) {
73
  return $this->getVar("SHOW CREATE TABLE $table;", 1);
74
  }
75
 
76
+ public function rowsCount($table) {
77
  $count = $this->getVar("SELECT COUNT(*) FROM $table;");
78
  return intval($count);
79
  }
80
 
81
+ public function createTable($query, $name, $usedbdelta = false) {
82
  $table = $this->getBVTable($name);
83
  if (!$this->isTablePresent($table)) {
84
+ if ($usedbdelta) {
85
  if (!function_exists('dbDelta'))
86
  require_once( ABSPATH . 'wp-admin/includes/upgrade.php' );
87
  dbDelta($query);
92
  return $this->isTablePresent($table);
93
  }
94
 
95
+ public function alterBVTable($query, $name) {
96
+ $resp = false;
97
+ $table = $this->getBVTable($name);
98
+ if ($this->isTablePresent($table)) {
99
+ $resp = $this->query($query);
100
+ }
101
+ return $resp;
102
+ }
103
+
104
+ public function getTableContent($table, $fields = '*', $filter = '', $limit = 0, $offset = 0) {
105
  $query = "SELECT $fields from $table $filter";
106
  if ($limit > 0)
107
  $query .= " LIMIT $limit";
111
  return $rows;
112
  }
113
 
114
+ public function isTablePresent($table) {
115
  return ($this->getVar("SHOW TABLES LIKE '$table'") === $table);
116
  }
117
 
118
+ public function getCharsetCollate() {
119
  global $wpdb;
120
+ return $wpdb->get_charset_collate();
 
 
 
121
  }
122
 
123
+ public function getWPTable($name) {
124
  return ($this->dbprefix() . $name);
125
  }
126
 
127
+ public function getBVTable($name) {
128
  return ($this->getWPTable("bv_" . $name));
129
  }
130
 
131
+ public function truncateBVTable($name) {
132
  $table = $this->getBVTable($name);
133
  if ($this->isTablePresent($table)) {
134
  return $this->query("TRUNCATE TABLE $table;");
137
  }
138
  }
139
 
140
+ public function deleteBVTableContent($name, $filter = "") {
141
  $table = $this->getBVTable($name);
142
  if ($this->isTablePresent($table)) {
143
  return $this->query("DELETE FROM $table $filter;");
146
  }
147
  }
148
 
149
+ public function dropBVTable($name) {
150
  $table = $this->getBVTable($name);
151
  if ($this->isTablePresent($table)) {
152
  $this->query("DROP TABLE IF EXISTS $table;");
154
  return !$this->isTablePresent($table);
155
  }
156
 
157
+ public function deleteRowsFromtable($name, $count = 1) {
158
  $table = $this->getBVTable($name);
159
  if ($this->isTablePresent($table)) {
160
  return $this->getResult("DELETE FROM $table LIMIT $count;");
163
  }
164
  }
165
 
166
+ public function replaceIntoBVTable($name, $value) {
167
  global $wpdb;
168
  $table = $this->getBVTable($name);
169
  return $wpdb->replace($table, $value);
dynsync.php → wp_dynsync.php RENAMED
@@ -1,17 +1,17 @@
1
  <?php
2
 
3
  if (!defined('ABSPATH')) exit;
4
- if (!class_exists('BVDynSync')) :
5
 
6
- class BVDynSync {
7
 
8
  public static $dynsync_table = 'dynamic_sync';
9
- public $bvmain;
10
- /**
11
- * PHP5 constructor.
12
- */
13
- function __construct($bvmain) {
14
- $this->bvmain = $bvmain;
15
  }
16
 
17
  function init() {
@@ -20,17 +20,17 @@ class BVDynSync {
20
  }
21
 
22
  public function clearConfig() {
23
- $this->bvmain->info->deleteOption('bvdynplug');
24
- $this->bvmain->info->deleteOption('bvDynSyncActive');
25
- $this->bvmain->info->deleteOption('bvWooDynSync');
26
- $this->bvmain->db->dropBVTable(BVDynSync::$dynsync_table);
27
  }
28
 
29
  function add_event($event_type, $event_data) {
30
  global $wp_current_filter;
31
  $site_id = get_current_blog_id();
32
  $values = array ( "event_type" => $event_type, "event_tag" => end($wp_current_filter), "event_data" => maybe_serialize($event_data), "site_id" => $site_id);
33
- $this->bvmain->db->replaceIntoBVTable(BVDynSync::$dynsync_table, $values);
34
  }
35
 
36
  function add_db_event($table, $message) {
@@ -52,7 +52,7 @@ class BVDynSync {
52
  $defaults = array(
53
  '_excluded_links'
54
  );
55
- $ignored_postmeta = $this->bvmain->info->getOption('bvIgnoredPostmeta');
56
  if (empty($ignored_postmeta)) {
57
  $ignored_postmeta = array();
58
  }
@@ -199,7 +199,7 @@ class BVDynSync {
199
  '_disqus_sync_lock',
200
  'stats_cache'
201
  );
202
- $ignored_options = $this->bvmain->info->getOption('bvIgnoredOptions');
203
  if (empty($ignored_options)) {
204
  $ignored_options = array();
205
  }
@@ -235,7 +235,7 @@ class BVDynSync {
235
  }
236
 
237
  function theme_action_handler($theme) {
238
- $this->add_event('themes', array('theme' => $this->bvmain->info->getOption('stylesheet')));
239
  }
240
 
241
  function plugin_action_handler($plugin='') {
@@ -254,7 +254,7 @@ class BVDynSync {
254
  function sitemeta_handler($option) {
255
  $ping_permitted = $this->get_ping_permission($option);
256
  if ($ping_permitted && is_multisite()) {
257
- $this->add_db_event('sitemeta', array('site_id' => $this->bvmain->db->getSiteId(), 'meta_key' => $option));
258
  }
259
  return $ping_permitted;
260
  }
@@ -264,9 +264,9 @@ class BVDynSync {
264
  function woocommerce_resume_order_handler($order_id) {
265
  $this->add_db_event('woocommerce_order_items', array('order_id' => $order_id, 'msg_type' => 'delete'));
266
  $meta_ids = array();
267
- $itemmeta_table = $this->bvmain->db->getWPTable('woocommerce_order_itemmeta');
268
- $items_table = $this->bvmain->db->getWPTable('woocommerce_order_items');
269
- foreach( $this->bvmain->db->getResult($this->bvmain->db->prepare("SELECT {$itemmeta_table}.meta_id FROM {$itemmeta_table} INNER JOIN {$items_table} WHERE {$items_table}.order_item_id = {$itemmeta_table}.order_item_id AND {$items_table}.order_id = %d", $order_id)) as $key => $row) {
270
  if (!in_array($row->meta_id, $meta_ids, true)) {
271
  $meta_ids[] = $row->meta_id;
272
  $this->add_db_event('woocommerce_order_itemmeta', array('meta_id' => $row->meta_id, 'msg_type' => 'delete'));
@@ -338,7 +338,7 @@ class BVDynSync {
338
  function woocommerce_delete_order_items_handler($postid) {
339
  $meta_ids = array();
340
  $order_item_ids = array();
341
- foreach( $this->bvmain->db->getResult("SELECT {$this->bvmain->db->dbprefix}woocommerce_order_itemmeta.meta_id, {$this->bvmain->db->dbprefix}woocommerce_order_items.order_item_id FROM {$this->bvmain->db->dbprefix}woocommerce_order_items JOIN {$this->bvmain->db->dbprefix}woocommerce_order_itemmeta ON {$this->bvmain->db->dbprefix}woocommerce_order_items.order_item_id = {$this->bvmain->db->dbprefix}woocommerce_order_itemmeta.order_item_id WHERE {$this->bvmain->db->dbprefix}woocommerce_order_items.order_id = '{$postid}'") as $key => $row) {
342
  if (!in_array($row->meta_id, $meta_ids, true)) {
343
  $meta_ids[] = $row->meta_id;
344
  $this->add_db_event('woocommerce_order_itemmeta', array('meta_id' => $row->meta_id, 'msg_type' => 'delete'));
@@ -514,12 +514,11 @@ class BVDynSync {
514
  /* These are applicable only in case of WPMU */
515
  /* XNOTE: Handle registration_log_handler from within the server */
516
  add_action('wpmu_new_blog', array($this, 'wpmu_new_blog_create_handler'), 10, 1);
517
- add_action('refresh_blog_details', array($this, 'wpmu_new_blog_create_handler'), 10, 1);
518
  add_action('delete_site_option',array($this, 'sitemeta_handler'), 10, 1);
519
  add_action('add_site_option', array($this, 'sitemeta_handler'), 10, 1);
520
  add_action('update_site_option', array($this, 'sitemeta_handler'), 10, 1);
521
 
522
- $is_woo_dyn = $this->bvmain->info->getOption('bvWooDynSync');
523
  if ($is_woo_dyn == 'yes') {
524
  add_action('woocommerce_resume_order', array($this, 'woocommerce_resume_order_handler'), 10, 1);
525
  add_action('woocommerce_new_order_item', array($this, 'woocommerce_new_order_item_handler'), 10, 3);
1
  <?php
2
 
3
  if (!defined('ABSPATH')) exit;
4
+ if (!class_exists('BVWPDynSync')) :
5
 
6
+ class BVWPDynSync {
7
 
8
  public static $dynsync_table = 'dynamic_sync';
9
+ public $db;
10
+ public $settings;
11
+
12
+ public function __construct($db, $settings) {
13
+ $this->db = $db;
14
+ $this->settings = $settings;
15
  }
16
 
17
  function init() {
20
  }
21
 
22
  public function clearConfig() {
23
+ $this->settings->deleteOption('bvdynplug');
24
+ $this->settings->deleteOption('bvDynSyncActive');
25
+ $this->settings->deleteOption('bvWooDynSync');
26
+ $this->db->dropBVTable(BVWPDynSync::$dynsync_table);
27
  }
28
 
29
  function add_event($event_type, $event_data) {
30
  global $wp_current_filter;
31
  $site_id = get_current_blog_id();
32
  $values = array ( "event_type" => $event_type, "event_tag" => end($wp_current_filter), "event_data" => maybe_serialize($event_data), "site_id" => $site_id);
33
+ $this->db->replaceIntoBVTable(BVWPDynSync::$dynsync_table, $values);
34
  }
35
 
36
  function add_db_event($table, $message) {
52
  $defaults = array(
53
  '_excluded_links'
54
  );
55
+ $ignored_postmeta = $this->settings->getOption('bvIgnoredPostmeta');
56
  if (empty($ignored_postmeta)) {
57
  $ignored_postmeta = array();
58
  }
199
  '_disqus_sync_lock',
200
  'stats_cache'
201
  );
202
+ $ignored_options = $this->settings->getOption('bvIgnoredOptions');
203
  if (empty($ignored_options)) {
204
  $ignored_options = array();
205
  }
235
  }
236
 
237
  function theme_action_handler($theme) {
238
+ $this->add_event('themes', array('theme' => $this->settings->getOption('stylesheet')));
239
  }
240
 
241
  function plugin_action_handler($plugin='') {
254
  function sitemeta_handler($option) {
255
  $ping_permitted = $this->get_ping_permission($option);
256
  if ($ping_permitted && is_multisite()) {
257
+ $this->add_db_event('sitemeta', array('site_id' => $this->db->getSiteId(), 'meta_key' => $option));
258
  }
259
  return $ping_permitted;
260
  }
264
  function woocommerce_resume_order_handler($order_id) {
265
  $this->add_db_event('woocommerce_order_items', array('order_id' => $order_id, 'msg_type' => 'delete'));
266
  $meta_ids = array();
267
+ $itemmeta_table = $this->db->getWPTable('woocommerce_order_itemmeta');
268
+ $items_table = $this->db->getWPTable('woocommerce_order_items');
269
+ foreach( $this->db->getResult($this->db->prepare("SELECT {$itemmeta_table}.meta_id FROM {$itemmeta_table} INNER JOIN {$items_table} WHERE {$items_table}.order_item_id = {$itemmeta_table}.order_item_id AND {$items_table}.order_id = %d", $order_id)) as $key => $row) {
270
  if (!in_array($row->meta_id, $meta_ids, true)) {
271
  $meta_ids[] = $row->meta_id;
272
  $this->add_db_event('woocommerce_order_itemmeta', array('meta_id' => $row->meta_id, 'msg_type' => 'delete'));
338
  function woocommerce_delete_order_items_handler($postid) {
339
  $meta_ids = array();
340
  $order_item_ids = array();
341
+ foreach( $this->db->getResult("SELECT {$this->db->dbprefix}woocommerce_order_itemmeta.meta_id, {$this->db->dbprefix}woocommerce_order_items.order_item_id FROM {$this->db->dbprefix}woocommerce_order_items JOIN {$this->db->dbprefix}woocommerce_order_itemmeta ON {$this->db->dbprefix}woocommerce_order_items.order_item_id = {$this->db->dbprefix}woocommerce_order_itemmeta.order_item_id WHERE {$this->db->dbprefix}woocommerce_order_items.order_id = '{$postid}'") as $key => $row) {
342
  if (!in_array($row->meta_id, $meta_ids, true)) {
343
  $meta_ids[] = $row->meta_id;
344
  $this->add_db_event('woocommerce_order_itemmeta', array('meta_id' => $row->meta_id, 'msg_type' => 'delete'));
514
  /* These are applicable only in case of WPMU */
515
  /* XNOTE: Handle registration_log_handler from within the server */
516
  add_action('wpmu_new_blog', array($this, 'wpmu_new_blog_create_handler'), 10, 1);
 
517
  add_action('delete_site_option',array($this, 'sitemeta_handler'), 10, 1);
518
  add_action('add_site_option', array($this, 'sitemeta_handler'), 10, 1);
519
  add_action('update_site_option', array($this, 'sitemeta_handler'), 10, 1);
520
 
521
+ $is_woo_dyn = $this->settings->getOption('bvWooDynSync');
522
  if ($is_woo_dyn == 'yes') {
523
  add_action('woocommerce_resume_order', array($this, 'woocommerce_resume_order_handler'), 10, 1);
524
  add_action('woocommerce_new_order_item', array($this, 'woocommerce_new_order_item_handler'), 10, 3);
wp_settings.php ADDED
@@ -0,0 +1,54 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ if (!defined('ABSPATH')) exit;
4
+ if (!class_exists('BVWPSettings')) :
5
+ class BVWPSettings {
6
+ public function getOption($key) {
7
+ $res = false;
8
+ if (function_exists('get_site_option')) {
9
+ $res = get_site_option($key, false);
10
+ }
11
+ if ($res === false) {
12
+ $res = get_option($key, false);
13
+ }
14
+ return $res;
15
+ }
16
+
17
+ public function deleteOption($key) {
18
+ if (function_exists('delete_site_option')) {
19
+ return delete_site_option($key);
20
+ } else {
21
+ return delete_option($key);
22
+ }
23
+ }
24
+
25
+ public function updateOption($key, $value) {
26
+ if (function_exists('update_site_option')) {
27
+ return update_site_option($key, $value);
28
+ } else {
29
+ return update_option($key, $value);
30
+ }
31
+ }
32
+
33
+ public function setTransient($name, $value, $time) {
34
+ if (function_exists('set_site_transient')) {
35
+ return set_site_transient($name, $value, $time);
36
+ }
37
+ return false;
38
+ }
39
+
40
+ public function deleteTransient($name) {
41
+ if (function_exists('delete_site_transient')) {
42
+ return delete_site_transient($name);
43
+ }
44
+ return false;
45
+ }
46
+
47
+ public function getTransient($name) {
48
+ if (function_exists('get_site_transient')) {
49
+ return get_site_transient($name);
50
+ }
51
+ return false;
52
+ }
53
+ }
54
+ endif;
wp_site_info.php ADDED
@@ -0,0 +1,79 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ if (!defined('ABSPATH')) exit;
4
+ if (!class_exists('BVWPSiteInfo')) :
5
+
6
+ class BVWPSiteInfo {
7
+ public function wpurl() {
8
+ if (function_exists('network_site_url'))
9
+ return network_site_url();
10
+ else
11
+ return get_bloginfo('wpurl');
12
+ }
13
+
14
+ public function siteurl() {
15
+ if (function_exists('site_url')) {
16
+ return site_url();
17
+ } else {
18
+ return get_bloginfo('wpurl');
19
+ }
20
+ }
21
+
22
+ public function homeurl() {
23
+ if (function_exists('home_url')) {
24
+ return home_url();
25
+ } else {
26
+ return get_bloginfo('url');
27
+ }
28
+ }
29
+
30
+ public function isMultisite() {
31
+ if (function_exists('is_multisite'))
32
+ return is_multisite();
33
+ return false;
34
+ }
35
+
36
+ public function isMainSite() {
37
+ if (!function_exists('is_main_site' ) || !$this->isMultisite())
38
+ return true;
39
+ return is_main_site();
40
+ }
41
+
42
+ public function respInfo() {
43
+ $info = array();
44
+ $this->basic($info);
45
+ $info['dbsig'] = $this->dbsig(false);
46
+ $info["serversig"] = $this->serversig(false);
47
+ return $info;
48
+ }
49
+
50
+ public function basic(&$info) {
51
+ $info['wpurl'] = $this->wpurl();
52
+ $info['siteurl'] = $this->siteurl();
53
+ $info['homeurl'] = $this->homeurl();
54
+ $info['serverip'] = $_SERVER['SERVER_ADDR'];
55
+ $info['abspath'] = ABSPATH;
56
+ }
57
+
58
+ public function serversig($full = false) {
59
+ $sig = sha1($_SERVER['SERVER_ADDR'].ABSPATH);
60
+ if ($full)
61
+ return $sig;
62
+ else
63
+ return substr($sig, 0, 6);
64
+ }
65
+
66
+ public function dbsig($full = false) {
67
+ if (defined('DB_USER') && defined('DB_NAME') &&
68
+ defined('DB_PASSWORD') && defined('DB_HOST')) {
69
+ $sig = sha1(DB_USER.DB_NAME.DB_PASSWORD.DB_HOST);
70
+ } else {
71
+ $sig = "bvnone".BVAccount::randString(34);
72
+ }
73
+ if ($full)
74
+ return $sig;
75
+ else
76
+ return substr($sig, 0, 6);
77
+ }
78
+ }
79
+ endif;