WordPress Backup & Security Plugin – BlogVault - Version 3.4

Version Description

  • Updating account authentication structure
  • Adding params validation
  • Adding support for custom user tables
  • Restructuring classes
  • Request profiling and Firewall improvements
  • Plugin branding fixes
Download this release

Release Info

Developer ritesh.soni36
Plugin Icon 128x128 WordPress Backup & Security Plugin – BlogVault
Version 3.4
Comparing to
See all releases

Code changes from version 1.881 to 3.4

Files changed (56) hide show
  1. account.php +172 -40
  2. admin/add_new_acc.php +3 -3
  3. admin/header.php +1 -1
  4. admin/main_page.php +2 -2
  5. admin/top_box.php +1 -1
  6. blogvault.php +88 -44
  7. callback.php +0 -251
  8. callback/base.php +24 -0
  9. callback/handler.php +114 -0
  10. callback/recover.php +0 -76
  11. callback/request.php +179 -0
  12. callback/response.php +20 -91
  13. callback/streams.php +87 -12
  14. callback/wings/account.php +43 -19
  15. callback/wings/auth.php +0 -26
  16. callback/wings/brand.php +35 -29
  17. callback/wings/bv_upgrader_skin.php +3 -4
  18. callback/wings/db.php +123 -97
  19. callback/wings/dynsync.php +39 -30
  20. callback/wings/fs.php +95 -73
  21. callback/wings/fw.php +43 -15
  22. callback/wings/info.php +101 -75
  23. callback/wings/ipstore.php +33 -34
  24. callback/wings/lp.php +38 -36
  25. callback/wings/manage.php +56 -40
  26. callback/wings/misc.php +49 -31
  27. callback/wings/monit.php +53 -38
  28. callback/wings/protect.php +34 -24
  29. fw/config.php +0 -66
  30. fw/fw.php +0 -280
  31. img/sap-logo.png +0 -0
  32. info.php +85 -0
  33. lp/config.php +0 -80
  34. main.php +0 -167
  35. main/auth.php +0 -106
  36. main/lib.php +0 -44
  37. main/site_info.php +0 -99
  38. protect.php +0 -45
  39. ipstore.php → protect/ipstore.php +5 -5
  40. logger.php → protect/logger.php +0 -0
  41. protect/protect.php +58 -0
  42. protect/wp_fw/config.php +251 -0
  43. protect/wp_fw/fw.php +597 -0
  44. {fw → protect/wp_fw}/request.php +53 -24
  45. protect/wp_lp/config.php +82 -0
  46. {lp → protect/wp_lp}/lp.php +39 -45
  47. publickeys/bvkey3.pub +0 -14
  48. readme.txt +9 -3
  49. recover.php +47 -0
  50. wp_actions.php +53 -0
  51. admin.php → wp_admin.php +43 -43
  52. wp_api.php +38 -0
  53. main/db.php → wp_db.php +40 -34
  54. dynsync.php → wp_dynsync.php +22 -23
  55. wp_settings.php +54 -0
  56. wp_site_info.php +79 -0
account.php CHANGED
@@ -1,50 +1,182 @@
1
  <?php
2
- if (!defined('ABSPATH')) exit;
3
- if (!class_exists('BVAccountInfo')) :
4
 
5
- class BVAccountInfo {
6
- public $bvmain;
 
 
 
 
 
 
 
7
 
8
- function __construct($bvmain) {
9
- $this->bvmain = $bvmain;
10
- }
 
 
11
 
12
- public function add($info) {
13
- $accounts = $this->allAccounts();
14
- if(!is_array($accounts)) {
15
- $accounts = array();
 
 
 
 
 
16
  }
17
- $pubkey = $info['pubkey'];
18
- $accounts[$pubkey]['lastbackuptime'] = time();
19
- $accounts[$pubkey]['url'] = $info['url'];
20
- $accounts[$pubkey]['email'] = $info['email'];
21
- $this->update($accounts);
22
- }
23
 
24
- public function remove($pubkey) {
25
- $bvkeys = $this->bvmain->info->getOption('bvkeys');
26
- $accounts = $this->allAccounts();
27
- $this->bvmain->auth->rmkeys($pubkey);
28
- $this->bvmain->setup($this->bvmain->lib->randString(32));
29
- if ($accounts && is_array($accounts)) {
30
- unset($accounts[$pubkey]);
31
- $this->update($accounts);
32
- return true;
33
- }
34
- return false;
35
- }
36
 
37
- public function allAccounts() {
38
- return $this->bvmain->info->getOption('bvAccounts');
39
- }
40
 
41
- public function doesAccountExists($pubkey) {
42
- $accounts = $this->allAccounts();
43
- return array_key_exists($pubkey, $accounts);
44
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
45
 
46
- public function update($accounts) {
47
- $this->bvmain->info->updateOption('bvAccounts', $accounts);
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
48
  }
49
- }
50
- endif;
1
  <?php
 
 
2
 
3
+ if (!defined('ABSPATH')) exit;
4
+ if (!class_exists('BVAccount')) :
5
+ class BVAccount {
6
+ public $settings;
7
+ public $public;
8
+ public $secret;
9
+ public $sig_match;
10
+ public static $api_public_key = 'bvApiPublic';
11
+ public static $accounts_list = 'bvAccountsList';
12
 
13
+ public function __construct($settings, $public, $secret) {
14
+ $this->settings = $settings;
15
+ $this->public = $public;
16
+ $this->secret = $secret;
17
+ }
18
 
19
+ public static function find($settings, $public) {
20
+ $accounts = self::allAccounts($settings);
21
+ if (array_key_exists($public, $accounts) && isset($accounts[$public]['secret'])) {
22
+ $secret = $accounts[$public]['secret'];
23
+ }
24
+ if (empty($secret) || (strlen($secret) < 32)) {
25
+ return null;
26
+ }
27
+ return new self($settings, $public, $secret);
28
  }
 
 
 
 
 
 
29
 
30
+ public static function update($settings, $allAccounts) {
31
+ $settings->updateOption(self::$accounts_list, $allAccounts);
32
+ }
 
 
 
 
 
 
 
 
 
33
 
34
+ public static function randString($length) {
35
+ $chars = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
 
36
 
37
+ $str = "";
38
+ $size = strlen($chars);
39
+ for( $i = 0; $i < $length; $i++ ) {
40
+ $str .= $chars[rand(0, $size - 1)];
41
+ }
42
+ return $str;
43
+ }
44
+
45
+ public static function apiPublicAccount($settings) {
46
+ $pubkey = $settings->getOption(self::$api_public_key);
47
+ return self::find($settings, $pubkey);
48
+ }
49
+
50
+ public static function updateApiPublicKey($settings, $pubkey) {
51
+ $settings->updateOption(self::$api_public_key, $pubkey);
52
+ }
53
+
54
+ public static function getApiPublicKey($settings) {
55
+ return $settings->getOption(self::$api_public_key);
56
+ }
57
+
58
+ public static function getPlugName($settings) {
59
+ $bvinfo = new BVInfo($settings);
60
+ return $bvinfo->plugname;
61
+ }
62
+
63
+ public static function allAccounts($settings) {
64
+ $accounts = $settings->getOption(self::$accounts_list);
65
+ if (!is_array($accounts)) {
66
+ $accounts = array();
67
+ }
68
+ return $accounts;
69
+ }
70
+
71
+ public static function accountsByPlugname($settings) {
72
+ $accounts = self::allAccounts($settings);
73
+ $accountsByPlugname = array();
74
+ $plugname = self::getPlugName($settings);
75
+ foreach ($accounts as $pubkey => $value) {
76
+ if (array_key_exists($plugname, $value) && $value[$plugname] == 1) {
77
+ $accountsByPlugname[$pubkey] = $value;
78
+ }
79
+ }
80
+ return $accountsByPlugname;
81
+ }
82
 
83
+ public static function isConfigured($settings) {
84
+ $accounts = self::accountsByPlugname($settings);
85
+ return (sizeof($accounts) >= 1);
86
+ }
87
+
88
+ public static function setup($settings) {
89
+ $bvinfo = new BVInfo($settings);
90
+ $settings->updateOption($bvinfo->plug_redirect, 'yes');
91
+ $settings->updateOption('bvActivateTime', time());
92
+ }
93
+
94
+ public function authenticatedUrl($method) {
95
+ $bvinfo = new BVInfo($this->settings);
96
+ $qstr = http_build_query($this->newAuthParams($bvinfo->version));
97
+ return $bvinfo->appUrl().$method."?".$qstr;
98
+ }
99
+
100
+ public function newAuthParams($version) {
101
+ $args = array();
102
+ $time = time();
103
+ $sig = sha1($this->public.$this->secret.$time.$version);
104
+ $args['sig'] = $sig;
105
+ $args['bvTime'] = $time;
106
+ $args['bvPublic'] = $this->public;
107
+ $args['bvVersion'] = $version;
108
+ $args['sha1'] = '1';
109
+ return $args;
110
+ }
111
+
112
+ public static function addAccount($settings, $public, $secret) {
113
+ $accounts = self::allAccounts($settings);
114
+ if (!isset($public, $accounts)) {
115
+ $accounts[$public] = array();
116
+ }
117
+ $accounts[$public]['secret'] = $secret;
118
+ self::update($settings, $accounts);
119
+ }
120
+
121
+ public function respInfo() {
122
+ return array(
123
+ "public" => substr($this->public, 0, 6),
124
+ "sigmatch" => substr($this->sig_match, 0, 6)
125
+ );
126
+ }
127
+
128
+ public static function getSigMatch($request, $secret) {
129
+ $method = $request->method;
130
+ $time = $request->time;
131
+ $version = $request->version;
132
+ if ($request->is_sha1) {
133
+ $sig_match = sha1($method.$secret.$time.$version);
134
+ } else {
135
+ $sig_match = md5($method.$secret.$time.$version);
136
+ }
137
+ return $sig_match;
138
+ }
139
+
140
+ public function authenticate($request) {
141
+ $time = $request->time;
142
+ if ($time < intval($this->settings->getOption('bvLastRecvTime')) - 300) {
143
+ return false;
144
+ }
145
+ $this->sig_match = self::getSigMatch($request, $this->secret);
146
+ if ($this->sig_match !== $request->sig) {
147
+ return $sig_match;
148
+ }
149
+ $this->settings->updateOption('bvLastRecvTime', $time);
150
+ return 1;
151
+ }
152
+
153
+ public function updateInfo($info) {
154
+ $accounts = self::allAccounts($this->settings);
155
+ $plugname = self::getPlugName($this->settings);
156
+ $pubkey = $info['pubkey'];
157
+ if (!array_key_exists($pubkey, $accounts)) {
158
+ $accounts[$pubkey] = array();
159
+ }
160
+ $accounts[$pubkey]['lastbackuptime'] = time();
161
+ $accounts[$pubkey][$plugname] = true;
162
+ $accounts[$pubkey]['url'] = $info['url'];
163
+ $accounts[$pubkey]['email'] = $info['email'];
164
+ self::update($this->settings, $accounts);
165
+ }
166
+
167
+ public static function remove($settings, $pubkey) {
168
+ $accounts = self::allAccounts($settings);
169
+ if (array_key_exists($pubkey, $accounts)) {
170
+ unset($accounts[$pubkey]);
171
+ self::update($settings, $accounts);
172
+ return true;
173
+ }
174
+ return false;
175
+ }
176
+
177
+ public static function exists($settings, $pubkey) {
178
+ $accounts = self::allAccounts($settings);
179
+ return array_key_exists($pubkey, $accounts);
180
+ }
181
  }
182
+ endif;
 
admin/add_new_acc.php CHANGED
@@ -1,5 +1,5 @@
1
  <?php
2
- if ($this->bvmain->isMalcare()) {
3
  $signupFormTitle = "Let's scan your website";
4
  $signupPurpose = array("Malware Scan", "Malware Clean", "Firewall", "Login Protection", "Others");
5
  $signupButtonText = "Scan Site";
@@ -19,7 +19,7 @@
19
  <?php require_once dirname( __FILE__ ) . "/top_box.php";?>
20
  </div>
21
  <div class="mui-panel new-account-panel">
22
- <form dummy=">" action="<?php echo $this->bvmain->appUrl(); ?>/plugin/bvstart" style="padding-top:10px; margin: 0px;" onsubmit="document.getElementById('get-started').disabled = true;" method="post" name="signup">
23
  <div style="width: 800px; margin: 0 auto; padding: 10px;">
24
  <div class="mui--text-title form-title"><?php echo $signupFormTitle; ?></div>
25
  <input type='hidden' name='bvsrc' value='wpplugin' />
@@ -41,7 +41,7 @@
41
  </div>
42
  </div>
43
  <div class="mui-col-md-2 side">
44
- <?php if ($this->bvmain->isBlogvault()) { ?>
45
  <div class="side-box" style="margin: 0px !important;">
46
  <h2 class="side-box-title">Why choose BlogVault ?</h2>
47
  <strong>
1
  <?php
2
+ if ($this->bvinfo->isMalcare()) {
3
  $signupFormTitle = "Let's scan your website";
4
  $signupPurpose = array("Malware Scan", "Malware Clean", "Firewall", "Login Protection", "Others");
5
  $signupButtonText = "Scan Site";
19
  <?php require_once dirname( __FILE__ ) . "/top_box.php";?>
20
  </div>
21
  <div class="mui-panel new-account-panel">
22
+ <form dummy=">" action="<?php echo $this->bvinfo->appUrl(); ?>/plugin/bvstart" style="padding-top:10px; margin: 0px;" onsubmit="document.getElementById('get-started').disabled = true;" method="post" name="signup">
23
  <div style="width: 800px; margin: 0 auto; padding: 10px;">
24
  <div class="mui--text-title form-title"><?php echo $signupFormTitle; ?></div>
25
  <input type='hidden' name='bvsrc' value='wpplugin' />
41
  </div>
42
  </div>
43
  <div class="mui-col-md-2 side">
44
+ <?php if ($this->bvinfo->isBlogvault()) { ?>
45
  <div class="side-box" style="margin: 0px !important;">
46
  <h2 class="side-box-title">Why choose BlogVault ?</h2>
47
  <strong>
admin/header.php CHANGED
@@ -1,5 +1,5 @@
1
  <?php
2
- if ($this->bvmain->isMalcare()) {
3
  $headerColor = "#4686f5";
4
  $pluginSlug = "malcare-security";
5
  $headerLogoLink = $this->getWebPage() . "/?utm_source=mc_plugin_lp_logo&utm_medium=logo_link&utm_campaign=mc_plugin_lp_header&utm_term=header_logo&utm_content=image_link";
1
  <?php
2
+ if ($this->bvinfo->isMalcare()) {
3
  $headerColor = "#4686f5";
4
  $pluginSlug = "malcare-security";
5
  $headerLogoLink = $this->getWebPage() . "/?utm_source=mc_plugin_lp_logo&utm_medium=logo_link&utm_campaign=mc_plugin_lp_header&utm_term=header_logo&utm_content=image_link";
admin/main_page.php CHANGED
@@ -3,7 +3,7 @@
3
  <?php require_once dirname( __FILE__ ) . "/top_box.php";?>
4
  </div>
5
  <div class="mui-container-fluid">
6
- <?php $accounts = $this->account->allAccounts();?>
7
  <div class="mui-panel" style="width:800px; margin:0 auto;border:1px solid #CCC;">
8
  <div class="mui--text-body1" style="text-align:center;font-size:18px;">Accounts associated with this website.</div><br/>
9
  <table cellpadding="10" style="width:700px; margin:0 auto;border:1px solid black;">
@@ -30,7 +30,7 @@
30
  <?php } ?>
31
  </table>
32
  <div class="mui-col-md-12 mui-col-md-offset-3" style="padding-top:2%;">
33
- <a class="mui-btn mui-btn--raised mui-btn--primary" href=<?php echo $this->bvmain->appUrl(); ?> target="_blank">Visit Dashboard</a>
34
  <a class="mui-btn mui-btn--raised mui-btn--primary" href=<?php echo $this->mainUrl('&add_account=true'); ?> >Connect New Account</a>
35
  </div>
36
  </div>
3
  <?php require_once dirname( __FILE__ ) . "/top_box.php";?>
4
  </div>
5
  <div class="mui-container-fluid">
6
+ <?php $accounts = BVAccount::allAccounts($this->settings);?>
7
  <div class="mui-panel" style="width:800px; margin:0 auto;border:1px solid #CCC;">
8
  <div class="mui--text-body1" style="text-align:center;font-size:18px;">Accounts associated with this website.</div><br/>
9
  <table cellpadding="10" style="width:700px; margin:0 auto;border:1px solid black;">
30
  <?php } ?>
31
  </table>
32
  <div class="mui-col-md-12 mui-col-md-offset-3" style="padding-top:2%;">
33
+ <a class="mui-btn mui-btn--raised mui-btn--primary" href=<?php echo $this->bvinfo->appUrl(); ?> target="_blank">Visit Dashboard</a>
34
  <a class="mui-btn mui-btn--raised mui-btn--primary" href=<?php echo $this->mainUrl('&add_account=true'); ?> >Connect New Account</a>
35
  </div>
36
  </div>
admin/top_box.php CHANGED
@@ -1,5 +1,5 @@
1
  <?php
2
- if ($this->bvmain->isMalcare()) {
3
  $mainTitle = "Are you Hacked? Scan Your Website for FREE.";
4
  $videoId = "rBuYh2dIadk";
5
  $testimonialImg = "/../img/testimonial_mc.png";
1
  <?php
2
+ if ($this->bvinfo->isMalcare()) {
3
  $mainTitle = "Are you Hacked? Scan Your Website for FREE.";
4
  $videoId = "rBuYh2dIadk";
5
  $testimonialImg = "/../img/testimonial_mc.png";
blogvault.php CHANGED
@@ -5,7 +5,7 @@ Plugin URI: https://blogvault.net
5
  Description: Easiest way to backup & secure your WordPress site
6
  Author: Backup by BlogVault
7
  Author URI: https://blogvault.net
8
- Version: 1.881
9
  Network: True
10
  */
11
 
@@ -28,69 +28,113 @@ Network: True
28
  /* Global response array */
29
 
30
  if (!defined('ABSPATH')) exit;
31
- global $bvcb, $bvresp;
 
 
 
 
 
 
32
 
33
- require_once dirname( __FILE__ ) . '/main.php';
34
- $bvmain = new BVBackup();
35
 
36
- register_uninstall_hook(__FILE__, array('BVBackup', 'uninstall'));
37
- register_activation_hook(__FILE__, array($bvmain, 'activate'));
38
- register_deactivation_hook(__FILE__, array($bvmain, 'deactivate'));
39
 
40
- add_action('wp_footer', array($bvmain, 'footerHandler'), 100);
41
 
 
 
 
 
 
 
 
 
 
 
 
42
  if (is_admin()) {
43
- require_once dirname( __FILE__ ) . '/admin.php';
44
- $bvadmin = new BVAdmin($bvmain);
45
- add_action('admin_init', array($bvadmin, 'initHandler'));
46
- add_filter('all_plugins', array($bvadmin, 'initBranding'));
47
- add_filter('plugin_row_meta', array($bvadmin, 'hidePluginDetails'), 10, 2);
48
- if ($bvmain->info->isMultisite()) {
49
- add_action('network_admin_menu', array($bvadmin, 'menu'));
50
  } else {
51
- add_action('admin_menu', array($bvadmin, 'menu'));
52
  }
53
- add_filter('plugin_action_links', array($bvadmin, 'settingsLink'), 10, 2);
54
- add_action('admin_notices', array($bvadmin, 'activateWarning'));
55
  ##ADMINENQUEUESCRIPTS##
56
  }
57
 
 
58
  if ((array_key_exists('bvreqmerge', $_POST)) || (array_key_exists('bvreqmerge', $_GET))) {
59
- $_REQUEST = array_merge($_GET, $_POST);
60
  }
61
 
62
- if ((array_key_exists('bvplugname', $_REQUEST)) &&
63
- stristr($_REQUEST['bvplugname'], $bvmain->plugname)) {
64
- require_once dirname( __FILE__ ) . '/callback.php';
65
- $bvcb = new BVCallback($bvmain);
66
- $bvresp = new BVResponse();
67
- if ($bvcb->preauth() === 1) {
68
- if ($bvcb->authenticate() === 1) {
69
- if (array_key_exists('afterload', $_REQUEST)) {
70
- add_action('wp_loaded', array($bvcb, 'execute'));
71
- } else if (array_key_exists('adajx', $_REQUEST)) {
72
- add_action('wp_ajax_bvadm', array($bvcb, 'bvAdmExecuteWithUser'));
73
- add_action('wp_ajax_nopriv_bvadm', array($bvcb, 'bvAdmExecuteWithoutUser'));
74
- } else {
75
- $bvcb->execute();
76
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
77
  } else {
78
- $bvcb->terminate(false, array_key_exists('bvdbg', $_REQUEST));
79
  }
 
 
 
 
 
 
 
 
 
 
80
  }
81
  } else {
82
- if ($bvmain->isProtectModuleEnabled()) {
83
- require_once dirname( __FILE__ ) . '/protect.php';
84
- $bvprotect = new BVProtect($bvmain);
 
85
  $bvprotect->init();
86
- require_once dirname( __FILE__ ) . '/ipstore.php';
87
- $bvipstore = new BVIPStore($bvmain);
88
- $bvipstore->init();
89
  }
90
 
91
- if ($bvmain->isDynSyncModuleEnabled()) {
92
- require_once dirname( __FILE__ ) . '/dynsync.php';
93
- $dynsync = new BVDynSync($bvmain);
94
  $dynsync->init();
95
  }
96
 
5
  Description: Easiest way to backup & secure your WordPress site
6
  Author: Backup by BlogVault
7
  Author URI: https://blogvault.net
8
+ Version: 3.4
9
  Network: True
10
  */
11
 
28
  /* Global response array */
29
 
30
  if (!defined('ABSPATH')) exit;
31
+ require_once dirname( __FILE__ ) . '/wp_settings.php';
32
+ require_once dirname( __FILE__ ) . '/wp_site_info.php';
33
+ require_once dirname( __FILE__ ) . '/wp_db.php';
34
+ require_once dirname( __FILE__ ) . '/wp_api.php';
35
+ require_once dirname( __FILE__ ) . '/wp_actions.php';
36
+ require_once dirname( __FILE__ ) . '/info.php';
37
+ require_once dirname( __FILE__ ) . '/account.php';
38
 
 
 
39
 
40
+ $bvsettings = new BVWPSettings();
41
+ $bvsiteinfo = new BVWPSiteInfo();
42
+ $bvdb = new BVWPDb();
43
 
 
44
 
45
+ $bvapi = new BVWPAPI($bvsettings);
46
+ $bvinfo = new BVInfo($bvsettings);
47
+ $wp_action = new BVWPAction($bvsettings, $bvsiteinfo, $bvapi);
48
+
49
+ register_uninstall_hook(__FILE__, array('BVWPAction', 'uninstall'));
50
+ register_activation_hook(__FILE__, array($wp_action, 'activate'));
51
+ register_deactivation_hook(__FILE__, array($wp_action, 'deactivate'));
52
+
53
+ add_action('wp_footer', array($wp_action, 'footerHandler'), 100);
54
+
55
+ ##WPCLIMODULE##
56
  if (is_admin()) {
57
+ require_once dirname( __FILE__ ) . '/wp_admin.php';
58
+ $wpadmin = new BVWPAdmin($bvsettings, $bvsiteinfo);
59
+ add_action('admin_init', array($wpadmin, 'initHandler'));
60
+ add_filter('all_plugins', array($wpadmin, 'initBranding'));
61
+ add_filter('plugin_row_meta', array($wpadmin, 'hidePluginDetails'), 10, 2);
62
+ if ($bvsiteinfo->isMultisite()) {
63
+ add_action('network_admin_menu', array($wpadmin, 'menu'));
64
  } else {
65
+ add_action('admin_menu', array($wpadmin, 'menu'));
66
  }
67
+ add_filter('plugin_action_links', array($wpadmin, 'settingsLink'), 10, 2);
68
+ add_action('admin_notices', array($wpadmin, 'activateWarning'));
69
  ##ADMINENQUEUESCRIPTS##
70
  }
71
 
72
+
73
  if ((array_key_exists('bvreqmerge', $_POST)) || (array_key_exists('bvreqmerge', $_GET))) {
74
+ $_REQUEST = array_merge($_GET, $_POST);
75
  }
76
 
77
+ if ((array_key_exists('bvplugname', $_REQUEST)) && ($_REQUEST['bvplugname'] == "bvbackup")) {
78
+ require_once dirname( __FILE__ ) . '/callback/base.php';
79
+ require_once dirname( __FILE__ ) . '/callback/response.php';
80
+ require_once dirname( __FILE__ ) . '/callback/request.php';
81
+ require_once dirname( __FILE__ ) . '/recover.php';
82
+
83
+ $pubkey = $_REQUEST['pubkey'];
84
+
85
+ if (array_key_exists('rcvracc', $_REQUEST)) {
86
+ $account = BVRecover::find($bvsettings, $pubkey);
87
+ } else {
88
+ $account = BVAccount::find($bvsettings, $pubkey);
89
+ }
90
+
91
+ $request = new BVCallbackRequest($account, $_REQUEST);
92
+ $response = new BVCallbackResponse($request->bvb64cksize);
93
+
94
+ if ($account && (1 === $account->authenticate($request))) {
95
+ require_once dirname( __FILE__ ) . '/callback/handler.php';
96
+ $params = $request->processParams($_REQUEST);
97
+ if ($params === false) {
98
+ $resp = array(
99
+ "account_info" => $account->respInfo(),
100
+ "request_info" => $request->respInfo(),
101
+ "bvinfo" => $bvinfo->respInfo(),
102
+ "statusmsg" => "BVPRMS_CORRUPTED"
103
+ );
104
+ $response->terminate($resp);
105
+ }
106
+ $request->params = $params;
107
+ $callback_handler = new BVCallbackHandler($bvdb, $bvsettings, $bvsiteinfo, $request, $account, $response);
108
+ if ($request->is_afterload) {
109
+ add_action('wp_loaded', array($callback_handler, 'execute'));
110
+ } else if ($request->is_admin_ajax) {
111
+ add_action('wp_ajax_bvadm', array($callback_handler, 'bvAdmExecuteWithUser'));
112
+ add_action('wp_ajax_nopriv_bvadm', array($callback_handler, 'bvAdmExecuteWithoutUser'));
113
  } else {
114
+ $callback_handler->execute();
115
  }
116
+ } else {
117
+ $resp = array(
118
+ "account_info" => $account ? $account->respInfo() : array("error" => "ACCOUNT_NOT_FOUND"),
119
+ "request_info" => $request->respInfo(),
120
+ "bvinfo" => $bvinfo->respInfo(),
121
+ "statusmsg" => "FAILED_AUTH",
122
+ "api_pubkey" => substr(BVAccount::getApiPublicKey($bvsettings), 0, 8),
123
+ "def_sigmatch" => substr(BVAccount::getSigMatch($request, BVRecover::getDefaultSecret($bvsettings)), 0, 8)
124
+ );
125
+ $response->terminate($resp);
126
  }
127
  } else {
128
+ if ($bvinfo->isProtectModuleEnabled()) {
129
+ require_once dirname( __FILE__ ) . '/protect/protect.php';
130
+ require_once dirname( __FILE__ ) . '/protect/ipstore.php';
131
+ $bvprotect = new BVProtect($bvdb, $bvsettings);
132
  $bvprotect->init();
 
 
 
133
  }
134
 
135
+ if ($bvinfo->isDynSyncModuleEnabled()) {
136
+ require_once dirname( __FILE__ ) . '/wp_dynsync.php';
137
+ $dynsync = new BVWPDynSync($bvdb, $bvsettings);
138
  $dynsync->init();
139
  }
140
 
callback.php DELETED
@@ -1,251 +0,0 @@
1
- <?php
2
-
3
- if (!defined('ABSPATH')) exit;
4
- if (!class_exists('BVCallback')) :
5
-
6
- require_once dirname( __FILE__ ) . '/callback/response.php';
7
-
8
- class BVCallback {
9
- public $bvmain;
10
- function __construct($bvmain) {
11
- $this->bvmain = $bvmain;
12
- }
13
-
14
- public function serversig($full = false) {
15
- $sig = sha1($_SERVER['SERVER_ADDR'].ABSPATH);
16
- if ($full)
17
- return $sig;
18
- else
19
- return substr($sig, 0, 6);
20
- }
21
-
22
- public function terminate($with_basic, $bvdebug = false) {
23
- global $bvresp;
24
- $public = $this->bvmain->auth->defaultPublic();
25
- $bvresp->addStatus("signature", "Blogvault API");
26
- $bvresp->addStatus("asymauth", "true");
27
- $bvresp->addStatus("sha1", "true");
28
- $bvresp->addStatus("dbsig", $this->bvmain->lib->dbsig(false));
29
- $bvresp->addStatus("serversig", $this->serversig(false));
30
- $bvresp->addStatus("public", substr($public, 0, 6));
31
- if (array_key_exists('adajx', $_REQUEST)) {
32
- $bvresp->addStatus("adajx", true);
33
- }
34
- if ($with_basic) {
35
- $binfo = array();
36
- $this->bvmain->info->basic($binfo);
37
- $bvresp->addStatus("basic", $binfo);
38
- $bvresp->addStatus("bvversion", $this->bvmain->version);
39
- }
40
-
41
- if ($bvdebug) {
42
- $bvresp->addStatus("inreq", $_REQUEST);
43
- }
44
-
45
- $bvresp->finish();
46
- exit;
47
- }
48
-
49
- public function processParams() {
50
- if (array_key_exists('concat', $_REQUEST)) {
51
- foreach ($_REQUEST['concat'] as $key) {
52
- $concated = '';
53
- $count = intval($_REQUEST[$key]);
54
- for ($i = 1; $i <= $count; $i++) {
55
- $concated .= $_REQUEST[$key."_bv_".$i];
56
- }
57
- $_REQUEST[$key] = $concated;
58
- }
59
- }
60
- if (array_key_exists('b64', $_REQUEST)) {
61
- foreach ($_REQUEST['b64'] as $key) {
62
- if (is_array($_REQUEST[$key])) {
63
- $_REQUEST[$key] = array_map('base64_decode', $_REQUEST[$key]);
64
- } else {
65
- $_REQUEST[$key] = base64_decode($_REQUEST[$key]);
66
- }
67
- }
68
- }
69
- if (array_key_exists('unser', $_REQUEST)) {
70
- foreach ($_REQUEST['unser'] as $key) {
71
- $_REQUEST[$key] = json_decode($_REQUEST[$key], TRUE);
72
- }
73
- }
74
- if (array_key_exists('b642', $_REQUEST)) {
75
- foreach ($_REQUEST['b642'] as $key) {
76
- if (is_array($_REQUEST[$key])) {
77
- $_REQUEST[$key] = array_map('base64_decode', $_REQUEST[$key]);
78
- } else {
79
- $_REQUEST[$key] = base64_decode($_REQUEST[$key]);
80
- }
81
- }
82
- }
83
- if (array_key_exists('dic', $_REQUEST)) {
84
- foreach ($_REQUEST['dic'] as $key => $mkey) {
85
- $_REQUEST[$mkey] = $_REQUEST[$key];
86
- unset($_REQUEST[$key]);
87
- }
88
- }
89
- if (array_key_exists('clacts', $_REQUEST)) {
90
- foreach ($_REQUEST['clacts'] as $action) {
91
- remove_all_actions($action);
92
- }
93
- }
94
- if (array_key_exists('clallacts', $_REQUEST)) {
95
- global $wp_filter;
96
- foreach ( $wp_filter as $filter => $val ){
97
- remove_all_actions($filter);
98
- }
99
- }
100
- if (array_key_exists('memset', $_REQUEST)) {
101
- $val = intval(urldecode($_REQUEST['memset']));
102
- @ini_set('memory_limit', $val.'M');
103
- }
104
- }
105
-
106
- public function recover() {
107
- $recover = new BVRecover(base64_decode($_REQUEST['sig']), $_REQUEST['orig'],
108
- $_REQUEST['keyname'], $_REQUEST["keysize"]);
109
- if ($recover->validate() && ($recover->process() === 1)) {
110
- $recover->processKeyExchange();
111
- return 1;
112
- }
113
- return false;
114
- }
115
-
116
- public function preauth() {
117
- global $bvresp;
118
- if (array_key_exists('obend', $_REQUEST) && function_exists('ob_end_clean'))
119
- @ob_end_clean();
120
- if (array_key_exists('op_reset', $_REQUEST) && function_exists('output_reset_rewrite_vars'))
121
- @output_reset_rewrite_vars();
122
- if (array_key_exists('binhead', $_REQUEST)) {
123
- header("Content-type: application/binary");
124
- header('Content-Transfer-Encoding: binary');
125
- }
126
- if (array_key_exists('bvrcvr', $_REQUEST)) {
127
- require_once dirname( __FILE__ ) . '/callback/recover.php';
128
- if ($this->recover() !== 1) {
129
- $bvresp->addStatus("statusmsg", 'failed authentication');
130
- }
131
- $this->terminate(false, array_key_exists('bvdbg', $_REQUEST));
132
- return false;
133
- }
134
- return 1;
135
- }
136
-
137
- public function authenticate() {
138
- global $bvresp;
139
- $auth = $this->bvmain->auth;
140
- $method = $_REQUEST['bvMethod'];
141
- $time = intval($_REQUEST['bvTime']);
142
- $version = $_REQUEST['bvVersion'];
143
- $sig = $_REQUEST['sig'];
144
- $public = $auth->publicParam();
145
-
146
- $bvresp->addStatus("requestedsig", $sig);
147
- $bvresp->addStatus("requestedtime", $time);
148
- $bvresp->addStatus("requestedversion", $version);
149
-
150
- $sig_match = $auth->validate($public, $method, $time, $version, $sig);
151
- if ($sig_match === 1) {
152
- return 1;
153
- } else {
154
- $bvresp->addStatus("sigmatch", substr($sig_match, 0, 6));
155
- $bvresp->addStatus("statusmsg", 'failed authentication');
156
- return false;
157
- }
158
- }
159
-
160
- public function route($wing, $method) {
161
- global $bvresp;
162
- $bvresp->addStatus("callback", $method);
163
- switch ($wing) {
164
- case 'manage':
165
- require_once dirname( __FILE__ ) . '/callback/wings/manage.php';
166
- $module = new BVManageCallback();
167
- break;
168
- case 'fs':
169
- require_once dirname( __FILE__ ) . '/callback/wings/fs.php';
170
- $module = new BVFSCallback();
171
- break;
172
- case 'db':
173
- require_once dirname( __FILE__ ) . '/callback/wings/db.php';
174
- $module = new BVDBCallback();
175
- break;
176
- case 'info':
177
- require_once dirname( __FILE__ ) . '/callback/wings/info.php';
178
- $module = new BVInfoCallback();
179
- break;
180
- case 'dynsync':
181
- require_once dirname( __FILE__ ) . '/callback/wings/dynsync.php';
182
- $module = new BVDynSyncCallback();
183
- break;
184
- case 'ipstr':
185
- require_once dirname( __FILE__ ) . '/callback/wings/ipstore.php';
186
- $module = new BVIPStoreCallback();
187
- break;
188
- case 'auth':
189
- require_once dirname( __FILE__ ) . '/callback/wings/auth.php';
190
- $module = new BVAuthCallback();
191
- break;
192
- case 'fw':
193
- require_once dirname( __FILE__ ) . '/callback/wings/fw.php';
194
- $module = new BVFirewallCallback();
195
- break;
196
- case 'lp':
197
- require_once dirname( __FILE__ ) . '/callback/wings/lp.php';
198
- $module = new BVLoginProtectCallback();
199
- break;
200
- case 'monit':
201
- require_once dirname( __FILE__ ) . '/callback/wings/monit.php';
202
- $module = new BVMonitCallback();
203
- break;
204
- case 'brand':
205
- require_once dirname( __FILE__ ) . '/callback/wings/brand.php';
206
- $module = new BVBrandCallback();
207
- break;
208
- case 'pt':
209
- require_once dirname( __FILE__ ) . '/callback/wings/protect.php';
210
- $module = new BVProtectCallback();
211
- break;
212
- case 'act':
213
- require_once dirname( __FILE__ ) . '/callback/wings/account.php';
214
- $module = new BVAccountCallback();
215
- break;
216
- default:
217
- require_once dirname( __FILE__ ) . '/callback/wings/misc.php';
218
- $module = new BVMiscCallback();
219
- break;
220
- }
221
- $rval = $module->process($method);
222
- if ($rval === false) {
223
- $bvresp->addStatus("statusmsg", "Bad Command");
224
- $bvresp->addStatus("status", false);
225
- }
226
- return 1;
227
- }
228
-
229
- public function bvAdmExecuteWithoutUser() {
230
- global $bvresp;
231
- $bvresp->addStatus("bvadmwithoutuser", true);
232
- $this->execute();
233
- }
234
-
235
- public function bvAdmExecuteWithUser() {
236
- global $bvresp;
237
- $bvresp->addStatus("bvadmwithuser", true);
238
- $this->execute();
239
- }
240
-
241
- public function execute() {
242
- global $bvresp;
243
- $this->processParams();
244
- if ($bvresp->startStream()) {
245
- $this->route($_REQUEST['wing'], $_REQUEST['bvMethod']);
246
- $bvresp->endStream();
247
- }
248
- $this->terminate(true, array_key_exists('bvdbg', $_REQUEST));
249
- }
250
- }
251
- endif;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
callback/base.php ADDED
@@ -0,0 +1,24 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ if (!defined('ABSPATH')) exit;
4
+ if (!class_exists('BVCallbackBase')) :
5
+
6
+ class BVCallbackBase {
7
+ public function objectToArray($obj) {
8
+ return json_decode(json_encode($obj), true);
9
+ }
10
+
11
+ public function base64Encode($data, $chunk_size) {
12
+ if ($chunk_size) {
13
+ $out = "";
14
+ $len = strlen($data);
15
+ for ($i = 0; $i < $len; $i += $chunk_size) {
16
+ $out .= base64_encode(substr($data, $i, $chunk_size));
17
+ }
18
+ } else {
19
+ $out = base64_encode($data);
20
+ }
21
+ return $out;
22
+ }
23
+ }
24
+ endif;
callback/handler.php ADDED
@@ -0,0 +1,114 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ if (!defined('ABSPATH')) exit;
4
+ if (!class_exists('BVCallbackHandler')) :
5
+
6
+ class BVCallbackHandler {
7
+ public $db;
8
+ public $settings;
9
+ public $siteinfo;
10
+ public $request;
11
+ public $account;
12
+ public $response;
13
+
14
+ public function __construct($db, $settings, $siteinfo, $request, $account, $response) {
15
+ $this->db = $db;
16
+ $this->settings = $settings;
17
+ $this->siteinfo = $siteinfo;
18
+ $this->request = $request;
19
+ $this->account = $account;
20
+ $this->response = $response;
21
+ }
22
+
23
+ public function bvAdmExecuteWithoutUser() {
24
+ $this->execute(array("bvadmwithoutuser" => true));
25
+ }
26
+
27
+ public function bvAdmExecuteWithUser() {
28
+ $this->execute(array("bvadmwithuser" => true));
29
+ }
30
+
31
+ public function execute($resp = array()) {
32
+ $this->routeRequest();
33
+ $bvinfo = new BVInfo($this->settings);
34
+ $resp = array(
35
+ "request_info" => $this->request->respInfo(),
36
+ "site_info" => $this->siteinfo->respInfo(),
37
+ "account_info" => $this->account->respInfo(),
38
+ "bvinfo" => $bvinfo->respInfo(),
39
+ "api_pubkey" => substr(BVAccount::getApiPublicKey($this->settings), 0, 8)
40
+ );
41
+ $this->response->terminate($resp);
42
+ }
43
+
44
+ public function routeRequest() {
45
+ switch ($this->request->wing) {
46
+ case 'manage':
47
+ require_once dirname( __FILE__ ) . '/wings/manage.php';
48
+ $module = new BVManageCallback($this);
49
+ break;
50
+ case 'fs':
51
+ require_once dirname( __FILE__ ) . '/wings/fs.php';
52
+ $module = new BVFSCallback($this);
53
+ break;
54
+ case 'db':
55
+ require_once dirname( __FILE__ ) . '/wings/db.php';
56
+ $module = new BVDBCallback($this);
57
+ break;
58
+ case 'info':
59
+ require_once dirname( __FILE__ ) . '/wings/info.php';
60
+ $module = new BVInfoCallback($this);
61
+ break;
62
+ case 'dynsync':
63
+ require_once dirname( __FILE__ ) . '/wings/dynsync.php';
64
+ $module = new BVDynSyncCallback($this);
65
+ break;
66
+ case 'ipstr':
67
+ require_once dirname( __FILE__ ) . '/wings/ipstore.php';
68
+ $module = new BVIPStoreCallback($this);
69
+ break;
70
+ case 'fw':
71
+ require_once dirname( __FILE__ ) . '/wings/fw.php';
72
+ $module = new BVFirewallCallback($this);
73
+ break;
74
+ case 'lp':
75
+ require_once dirname( __FILE__ ) . '/wings/lp.php';
76
+ $module = new BVLoginProtectCallback($this);
77
+ break;
78
+ case 'monit':
79
+ require_once dirname( __FILE__ ) . '/wings/monit.php';
80
+ $module = new BVMonitCallback($this);
81
+ break;
82
+ case 'brand':
83
+ require_once dirname( __FILE__ ) . '/wings/brand.php';
84
+ $module = new BVBrandCallback($this);
85
+ break;
86
+ case 'pt':
87
+ require_once dirname( __FILE__ ) . '/wings/protect.php';
88
+ $module = new BVProtectCallback($this);
89
+ break;
90
+ case 'act':
91
+ require_once dirname( __FILE__ ) . '/wings/account.php';
92
+ $module = new BVAccountCallback($this);
93
+ break;
94
+ default:
95
+ require_once dirname( __FILE__ ) . '/wings/misc.php';
96
+ $module = new BVMiscCallback($this);
97
+ break;
98
+ }
99
+ $resp = $module->process($this->request);
100
+ if ($resp === false) {
101
+ $resp = array(
102
+ "statusmsg" => "Bad Command",
103
+ "status" => false);
104
+ }
105
+ $resp = array(
106
+ $this->request->wing => array(
107
+ $this->request->method => $resp
108
+ )
109
+ );
110
+ $this->response->addStatus("callbackresponse", $resp);
111
+ return 1;
112
+ }
113
+ }
114
+ endif;
callback/recover.php DELETED
@@ -1,76 +0,0 @@
1
- <?php
2
-
3
- if (!defined('ABSPATH')) exit;
4
- if (!class_exists('BVRecover')) :
5
- class BVRecover {
6
- public $keyname;
7
- public $keysize;
8
- public $signature;
9
- public $original;
10
-
11
- function __construct($_sig, $_orig, $_keyname, $_keysize) {
12
- $this->keyname = $_keyname;
13
- $this->keysize = $_keysize;
14
- $this->signature = $_sig;
15
- $this->original = $_orig;
16
- }
17
-
18
- public function keyFile() {
19
- return dirname(__DIR__)."/publickeys/$this->keyname.pub";
20
- }
21
-
22
- public function getAsymKey() {
23
- return file_get_contents($this->keyFile());
24
- }
25
-
26
- public function asymEncrypt($source) {
27
- $output = '';
28
- $blocksize = 1 + floor(($this->keysize - 1) / 8) - 11;
29
- while ($source) {
30
- $input = substr($source, 0, $blocksize);
31
- $source = substr($source, $blocksize);
32
- openssl_public_encrypt($input, $encrypted, $this->getAsymKey());
33
-
34
- $output .= $encrypted;
35
- }
36
- return base64_encode($output);
37
- }
38
-
39
- public function validate() {
40
- global $bvresp;
41
- if (!preg_match('/^\w+$/', $this->keyname)) {
42
- $bvresp->addStatus('asymerror', 'badkey');
43
- return false;
44
- } else if (!file_exists($this->keyFile())) {
45
- $bvresp->addStatus('asymerror', 'missingkey');
46
- return false;
47
- } else if (!function_exists('openssl_public_decrypt')) {
48
- $bvresp->addStatus('asymerror', 'openssl_public_decrypt');
49
- return false;
50
- } else if (!function_exists('openssl_public_encrypt')) {
51
- $bvresp->addStatus('asymerror', 'openssl_public_encrypt');
52
- return false;
53
- }
54
- return true;
55
- }
56
-
57
- public function process() {
58
- openssl_public_decrypt($this->signature, $decrypted, $this->getAsymKey());
59
- if ((strlen($decrypted) >= 32) && ($this->original === substr($decrypted, 0, 32))) {
60
- return 1;
61
- }
62
- return false;
63
- }
64
-
65
- public function processKeyExchange() {
66
- global $bvresp, $bvcb;
67
- $bvmain = $bvcb->bvmain;
68
- $keys = $bvmain->auth->allKeys();
69
- $keys['dbsig'] = $bvmain->lib->dbsig(true);
70
- $keys['salt'] = $bvmain->lib->randString(32);
71
- $bvresp->addStatus("activatetime", $bvmain->info->getOption('bvActivateTime'));
72
- $bvresp->addStatus("currenttime", time());
73
- $bvresp->addStatus("keys", $this->asymEncrypt(serialize($keys)));
74
- }
75
- }
76
- endif;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
callback/request.php ADDED
@@ -0,0 +1,179 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ if (!defined('ABSPATH')) exit;
4
+ if (!class_exists('BVCallbackRequest')) :
5
+ class BVCallbackRequest {
6
+ public $params;
7
+ public $method;
8
+ public $wing;
9
+ public $is_afterload;
10
+ public $is_admin_ajax;
11
+ public $is_debug;
12
+ public $account;
13
+ public $calculated_mac;
14
+ public $sig;
15
+ public $time;
16
+ public $version;
17
+ public $is_sha1;
18
+ public $bvb64stream;
19
+ public $bvb64cksize;
20
+ public $checksum;
21
+
22
+ public function __construct($account, $in_params) {
23
+ $this->params = array();
24
+ $this->account = $account;
25
+ $this->wing = $in_params['wing'];
26
+ $this->method = $in_params['bvMethod'];
27
+ $this->is_afterload = array_key_exists('afterload', $in_params);
28
+ $this->is_admin_ajax = array_key_exists('adajx', $in_params);
29
+ $this->is_debug = array_key_exists('bvdbg', $in_params);
30
+ $this->sig = $in_params['sig'];
31
+ $this->time = intval($in_params['bvTime']);
32
+ $this->version = $in_params['bvVersion'];
33
+ $this->is_sha1 = array_key_exists('sha1', $in_params);
34
+ $this->bvb64stream = isset($in_params['bvb64stream']);
35
+ $this->bvb64cksize = array_key_exists('bvb64cksize', $in_params) ? intval($in_params['bvb64cksize']) : false;
36
+ $this->checksum = array_key_exists('checksum', $in_params) ? $in_params['checksum'] : false;
37
+ }
38
+
39
+ public function isAPICall() {
40
+ return array_key_exists('apicall', $this->params);
41
+ }
42
+
43
+ public function respInfo() {
44
+ $info = array(
45
+ "requestedsig" => $this->sig,
46
+ "requestedtime" => $this->time,
47
+ "requestedversion" => $this->version
48
+ );
49
+ if ($this->is_debug) {
50
+ $info["inreq"] = $this->params;
51
+ }
52
+ if ($this->is_admin_ajax) {
53
+ $info["adajx"] = true;
54
+ }
55
+ if ($this->is_afterload) {
56
+ $info["afterload"] = true;
57
+ }
58
+ if ($this->calculated_mac) {
59
+ $info["calculated_mac"] = $this->calculated_mac;
60
+ }
61
+ return $info;
62
+ }
63
+
64
+ public function processParams($in_params) {
65
+ $params = array();
66
+
67
+ if (array_key_exists('obend', $in_params) && function_exists('ob_end_clean'))
68
+ @ob_end_clean();
69
+
70
+ if (array_key_exists('op_reset', $in_params) && function_exists('output_reset_rewrite_vars'))
71
+ @output_reset_rewrite_vars();
72
+
73
+ if (array_key_exists('binhead', $in_params)) {
74
+ header("Content-type: application/binary");
75
+ header('Content-Transfer-Encoding: binary');
76
+ }
77
+
78
+ if (array_key_exists('concat', $in_params)) {
79
+ foreach ($in_params['concat'] as $key) {
80
+ $concated = '';
81
+ $count = intval($in_params[$key]);
82
+ for ($i = 1; $i <= $count; $i++) {
83
+ $concated .= $in_params[$key."_bv_".$i];
84
+ }
85
+ $in_params[$key] = $concated;
86
+ }
87
+ }
88
+
89
+ if (array_key_exists('bvprms', $in_params) && isset($in_params['bvprms']) &&
90
+ array_key_exists('bvprmsmac', $in_params) && isset($in_params['bvprmsmac'])) {
91
+ $digest_algo = 'SHA1';
92
+ $sent_mac = $in_params['bvprmsmac'];
93
+
94
+ if (array_key_exists('bvprmshshalgo', $in_params) && isset($in_params['bvprmshshalgo'])) {
95
+ $digest_algo = $in_params['bvprmshshalgo'];
96
+ }
97
+
98
+ $calculated_mac = hash_hmac($digest_algo, $in_params['bvprms'], $this->account->secret);
99
+ $this->calculated_mac = substr($calculated_mac, 0, 6);
100
+
101
+ if ($this->compare_mac($sent_mac, $calculated_mac) === true) {
102
+
103
+ if (array_key_exists('b64', $in_params)) {
104
+ foreach ($in_params['b64'] as $key) {
105
+ if (is_array($in_params[$key])) {
106
+ $in_params[$key] = array_map('base64_decode', $in_params[$key]);
107
+ } else {
108
+ $in_params[$key] = base64_decode($in_params[$key]);
109
+ }
110
+ }
111
+ }
112
+
113
+ if (array_key_exists('unser', $in_params)) {
114
+ foreach ($in_params['unser'] as $key) {
115
+ $in_params[$key] = json_decode($in_params[$key], TRUE);
116
+ }
117
+ }
118
+
119
+ if (array_key_exists('sersafe', $in_params)) {
120
+ $key = $in_params['sersafe'];
121
+ $in_params[$key] = BVCallbackRequest::serialization_safe_decode($in_params[$key]);
122
+ }
123
+
124
+ if (array_key_exists('bvprms', $in_params) && isset($in_params['bvprms'])) {
125
+ $params = $in_params['bvprms'];
126
+ }
127
+
128
+ if (array_key_exists('clacts', $in_params)) {
129
+ foreach ($in_params['clacts'] as $action) {
130
+ remove_all_actions($action);
131
+ }
132
+ }
133
+
134
+ if (array_key_exists('clallacts', $in_params)) {
135
+ global $wp_filter;
136
+ foreach ( $wp_filter as $filter => $val ){
137
+ remove_all_actions($filter);
138
+ }
139
+ }
140
+
141
+ if (array_key_exists('memset', $in_params)) {
142
+ $val = intval(urldecode($in_params['memset']));
143
+ @ini_set('memory_limit', $val.'M');
144
+ }
145
+
146
+ return $params;
147
+ }
148
+ }
149
+
150
+ return false;
151
+ }
152
+
153
+ private function compare_mac($l_hash, $r_hash) {
154
+ if (!is_string($l_hash) || !is_string($r_hash)) {
155
+ return false;
156
+ }
157
+
158
+ if (strlen($l_hash) !== strlen($r_hash)) {
159
+ return false;
160
+ }
161
+
162
+ if (function_exists('hash_equals')) {
163
+ return hash_equals($l_hash, $r_hash);
164
+ } else {
165
+ return $l_hash === $r_hash;
166
+ }
167
+ }
168
+
169
+ public static function serialization_safe_decode($data) {
170
+ if (is_array($data)) {
171
+ $data = array_map(array('BVCallbackRequest', 'serialization_safe_decode'), $data);
172
+ } elseif (is_string($data)) {
173
+ $data = base64_decode($data);
174
+ }
175
+
176
+ return $data;
177
+ }
178
+ }
179
+ endif;
callback/response.php CHANGED
@@ -1,107 +1,36 @@
1
  <?php
2
 
3
  if (!defined('ABSPATH')) exit;
4
- if (!class_exists('BVResponse')) :
5
-
6
- require_once dirname( __FILE__ ) . '/streams.php';
7
 
8
- class BVResponse {
9
- public $status;
10
- public $stream;
11
 
12
- function __construct() {
13
- $this->status = array("blogvault" => "response");
14
- }
15
-
16
- public function addStatus($key, $value) {
17
- $this->status[$key] = $value;
18
- }
19
-
20
- public function addArrayToStatus($key, $value) {
21
- if (!isset($this->status[$key])) {
22
- $this->status[$key] = array();
23
  }
24
- $this->status[$key][] = $value;
25
- }
26
 
27
- public function base64Encode($data, $chunk_size) {
28
- if ($chunk_size) {
29
- $out = "";
30
- $len = strlen($data);
31
- for ($i = 0; $i < $len; $i += $chunk_size) {
32
- $out .= base64_encode(substr($data, $i, $chunk_size));
33
- }
34
- } else {
35
- $out = base64_encode($data);
36
  }
37
- return $out;
38
- }
39
 
40
- public function finish() {
41
- $response = "bvbvbvbvbv".serialize($this->status)."bvbvbvbvbv";
42
- if (array_key_exists('bvb64resp', $_REQUEST)) {
43
- $chunk_size = array_key_exists('bvb64cksize', $_REQUEST) ? intval($_REQUEST['bvb64cksize']) : false;
44
- $response = "bvb64bvb64".$this->base64Encode($response, $chunk_size)."bvb64bvb64";
45
- }
46
- die($response);
47
- }
48
-
49
- public function writeStream($_string) {
50
- if (strlen($_string) > 0) {
51
- $chunk = "";
52
- if (isset($_REQUEST['bvb64stream'])) {
53
- $chunk_size = array_key_exists('bvb64cksize', $_REQUEST) ? intval($_REQUEST['bvb64cksize']) : false;
54
- $_string = $this->base64Encode($_string, $chunk_size);
55
- $chunk .= "BVB64" . ":";
56
- }
57
- $chunk .= (strlen($_string) . ":" . $_string);
58
- if (isset($_REQUEST['checksum'])) {
59
- if ($_REQUEST['checksum'] == 'crc32') {
60
- $chunk = "CRC32" . ":" . crc32($_string) . ":" . $chunk;
61
- } else if ($_REQUEST['checksum'] == 'md5') {
62
- $chunk = "MD5" . ":" . md5($_string) . ":" . $chunk;
63
- }
64
  }
65
- $this->stream->writeChunk($chunk);
66
  }
67
- }
68
 
69
- public function startStream() {
70
- global $bvcb;
71
- $this->stream = new BVRespStream();
72
- if (array_key_exists('apicall',$_REQUEST)) {
73
- $this->stream = new BVHttpStream($_REQUEST['apihost'], intval($_REQUEST['apiport']), array_key_exists('apissl', $_REQUEST));
74
- if (!$this->stream->connect()) {
75
- $this->addStatus("httperror", "Cannot Open Connection to Host");
76
- $this->addStatus("streamerrno", $this->stream->errno);
77
- $this->addStatus("streamerrstr", $this->stream->errstr);
78
- return false;
79
- }
80
- if (array_key_exists('acbmthd', $_REQUEST)) {
81
- $url = $bvcb->bvmain->authenticatedUrl('/bvapi/'.$_REQUEST['acbmthd'], $_REQUEST['bvapicheck'], false);
82
- if (array_key_exists('acbqry', $_REQUEST)) {
83
- $url .= "&".$_REQUEST['acbqry'];
84
- }
85
- $this->stream->multipartChunkedPost($url);
86
- } else {
87
- $this->addStatus("httperror", "ApiCall method not present");
88
- return false;
89
- }
90
- }
91
- return true;
92
- }
93
 
94
- public function endStream() {
95
- $this->stream->endStream();
96
- if (array_key_exists('apicall', $_REQUEST)) {
97
- $resp = $this->stream->getResponse();
98
- if (array_key_exists('httperror', $resp)) {
99
- $this->addStatus("httperror", $resp['httperror']);
100
- } else {
101
- $this->addStatus("respstatus", $resp['status']);
102
- $this->addStatus("respstatus_string", $resp['status_string']);
103
- }
104
  }
105
  }
106
- }
107
  endif;
1
  <?php
2
 
3
  if (!defined('ABSPATH')) exit;
4
+ if (!class_exists('BVCallbackResponse')) :
 
 
5
 
6
+ class BVCallbackResponse extends BVCallbackBase {
7
+ public $status;
8
+ public $bvb64cksize;
9
 
10
+ public function __construct($bvb64cksize) {
11
+ $this->status = array("blogvault" => "response");
12
+ $this->bvb64cksize = $bvb64cksize;
 
 
 
 
 
 
 
 
13
  }
 
 
14
 
15
+ public function addStatus($key, $value) {
16
+ $this->status[$key] = $value;
 
 
 
 
 
 
 
17
  }
 
 
18
 
19
+ public function addArrayToStatus($key, $value) {
20
+ if (!isset($this->status[$key])) {
21
+ $this->status[$key] = array();
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
22
  }
23
+ $this->status[$key][] = $value;
24
  }
 
25
 
26
+ public function terminate($resp = array()) {
27
+ $resp = array_merge($this->status, $resp);
28
+ $resp["signature"] = "Blogvault API";
29
+ $response = "bvbvbvbvbv".serialize($resp)."bvbvbvbvbv";
30
+ $response = "bvb64bvb64".$this->base64Encode($response, $this->bvb64cksize)."bvb64bvb64";
31
+ die($response);
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
32
 
33
+ exit;
 
 
 
 
 
 
 
 
 
34
  }
35
  }
 
36
  endif;
callback/streams.php CHANGED
@@ -2,18 +2,85 @@
2
 
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVRespStream')) :
5
-
6
- class BVRespStream {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
7
  public function writeChunk($_string) {
8
  echo "ckckckckck".$_string."ckckckckck";
9
  }
10
 
11
  public function endStream() {
12
  echo "rerererere";
 
 
13
  }
14
  }
15
 
16
- class BVHttpStream {
17
  var $user_agent = 'BVHttpStream';
18
  var $host;
19
  var $port;
@@ -24,13 +91,11 @@ class BVHttpStream {
24
  var $boundary;
25
  var $apissl;
26
 
27
- /**
28
- * PHP5 constructor.
29
- */
30
- function __construct($_host, $_port, $_apissl) {
31
- $this->host = $_host;
32
- $this->port = $_port;
33
- $this->apissl = $_apissl;
34
  }
35
 
36
  public function connect() {
@@ -95,8 +160,8 @@ class BVHttpStream {
95
 
96
  public function multipartChunkedPost($url) {
97
  $mph = array(
98
- "Content-Disposition" => "form-data; name=bvinfile; filename=data",
99
- "Content-Type" => "application/octet-stream"
100
  );
101
  $rnd = rand(100000, 999999);
102
  $this->boundary = "----".$rnd;
@@ -122,6 +187,16 @@ class BVHttpStream {
122
  $epilogue = "\r\n\r\n--".$this->boundary."--\r\n";
123
  $this->sendChunk($epilogue);
124
  $this->closeChunk();
 
 
 
 
 
 
 
 
 
 
125
  }
126
 
127
  public function getResponse() {
2
 
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVRespStream')) :
5
+
6
+ class BVStream extends BVCallbackBase {
7
+ public $bvb64stream;
8
+ public $bvb64cksize;
9
+ public $checksum;
10
+
11
+ function __construct($request) {
12
+ $this->bvb64stream = $request->bvb64stream;
13
+ $this->bvb64cksize = $request->bvb64cksize;
14
+ $this->checksum = $request->checksum;
15
+ }
16
+
17
+ public function writeChunk($chunk) {
18
+ }
19
+
20
+ public static function startStream($account, $request) {
21
+ $result = array();
22
+ $params = $request->params;
23
+ $stream = new BVRespStream($request);
24
+ if ($request->isAPICall()) {
25
+ $stream = new BVHttpStream($request);
26
+ if (!$stream->connect()) {
27
+ $apicallstatus = array(
28
+ "httperror" => "Cannot Open Connection to Host",
29
+ "streamerrno" => $stream->errno,
30
+ "streamerrstr" => $stream->errstr
31
+ );
32
+ return array("apicallstatus" => $apicallstatus);
33
+ }
34
+ if (array_key_exists('acbmthd', $params)) {
35
+ $qstr = http_build_query(array('bvapicheck' => $params['bvapicheck']));
36
+ $url = '/bvapi/'.$params['acbmthd']."?".$qstr;
37
+ if (array_key_exists('acbqry', $params)) {
38
+ $url .= "&".$params['acbqry'];
39
+ }
40
+ $stream->multipartChunkedPost($url);
41
+ } else {
42
+ return array("apicallstatus" => array("httperror" => "ApiCall method not present"));
43
+ }
44
+ }
45
+ return array('stream' => $stream);
46
+ }
47
+
48
+ public function writeStream($_string) {
49
+ if (strlen($_string) > 0) {
50
+ $chunk = "";
51
+ if ($this->bvb64stream) {
52
+ $chunk_size = $this->bvb64cksize;
53
+ $_string = $this->base64Encode($_string, $chunk_size);
54
+ $chunk .= "BVB64" . ":";
55
+ }
56
+ $chunk .= (strlen($_string) . ":" . $_string);
57
+ if ($this->checksum == 'crc32') {
58
+ $chunk = "CRC32" . ":" . crc32($_string) . ":" . $chunk;
59
+ } else if ($this->checksum == 'md5') {
60
+ $chunk = "MD5" . ":" . md5($_string) . ":" . $chunk;
61
+ }
62
+ $this->writeChunk($chunk);
63
+ }
64
+ }
65
+ }
66
+
67
+ class BVRespStream extends BVStream {
68
+ function __construct($request) {
69
+ parent::__construct($request);
70
+ }
71
+
72
  public function writeChunk($_string) {
73
  echo "ckckckckck".$_string."ckckckckck";
74
  }
75
 
76
  public function endStream() {
77
  echo "rerererere";
78
+
79
+ return array();
80
  }
81
  }
82
 
83
+ class BVHttpStream extends BVStream {
84
  var $user_agent = 'BVHttpStream';
85
  var $host;
86
  var $port;
91
  var $boundary;
92
  var $apissl;
93
 
94
+ function __construct($request) {
95
+ parent::__construct($request);
96
+ $this->host = $request->params['apihost'];
97
+ $this->port = intval($request->params['apiport']);
98
+ $this->apissl = array_key_exists('apissl', $request->params);
 
 
99
  }
100
 
101
  public function connect() {
160
 
161
  public function multipartChunkedPost($url) {
162
  $mph = array(
163
+ "Content-Disposition" => "form-data; name=bvinfile; filename=data",
164
+ "Content-Type" => "application/octet-stream"
165
  );
166
  $rnd = rand(100000, 999999);
167
  $this->boundary = "----".$rnd;
187
  $epilogue = "\r\n\r\n--".$this->boundary."--\r\n";
188
  $this->sendChunk($epilogue);
189
  $this->closeChunk();
190
+
191
+ $result = array();
192
+ $resp = $this->getResponse();
193
+ if (array_key_exists('httperror', $resp)) {
194
+ $result["httperror"] = $resp['httperror'];
195
+ } else {
196
+ $result["respstatus"] = $resp['status'];
197
+ $result["respstatus_string"] = $resp['status_string'];
198
+ }
199
+ return array("apicallstatus" => $result);
200
  }
201
 
202
  public function getResponse() {
callback/wings/account.php CHANGED
@@ -2,33 +2,57 @@
2
 
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVAccountCallback')) :
 
 
 
5
 
6
- require_once dirname( __FILE__ ) . '/../../account.php';
7
-
8
- class BVAccountCallback {
 
9
 
10
- function process($method) {
11
- global $bvresp, $bvcb;
12
- $account = new BVAccountInfo($bvcb->bvmain);
13
- switch ($method) {
 
 
 
 
 
 
 
 
14
  case "updt":
15
  $info = array();
16
- $info['email'] = $_REQUEST['email'];
17
- $info['url'] = $_REQUEST['url'];
18
- $info['pubkey'] = $_REQUEST['pubkey'];
19
- $account->add($info);
20
- $bvresp->addStatus("status", $account->doesAccountExists($_REQUEST['pubkey']));
21
- break;
22
- case "disc":
23
- $account->remove($_REQUEST['pubkey']);
24
- $bvresp->addStatus("status", !$account->doesAccountExists($_REQUEST['pubkey']));
 
 
 
 
 
 
 
 
 
 
 
 
25
  case "fetch":
26
- $bvresp->addStatus("status", $account->allAccounts());
27
  break;
28
  default:
29
- return false;
30
  }
31
- return true;
32
  }
33
  }
34
  endif;
2
 
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVAccountCallback')) :
5
+ class BVAccountCallback extends BVCallbackBase {
6
+ public $account;
7
+ public $settings;
8
 
9
+ public function __construct($callback_handler) {
10
+ $this->account = $callback_handler->account;
11
+ $this->settings = $callback_handler->settings;
12
+ }
13
 
14
+ function process($request) {
15
+ $params = $request->params;
16
+ $account = $this->account;
17
+ $settings = $this->settings;
18
+ switch ($request->method) {
19
+ case "addacc":
20
+ BVAccount::addAccount($this->settings, $params['public'], $params['secret']);
21
+ $resp = array("status" => BVAccount::exists($this->settings, $params['public']));
22
+ break;
23
+ case "rmacc":
24
+ $resp = array("status" => $account->remove($params['public']));
25
+ break;
26
  case "updt":
27
  $info = array();
28
+ $info['email'] = $params['email'];
29
+ $info['url'] = $params['url'];
30
+ $info['pubkey'] = $params['pubkey'];
31
+ $account->updateInfo($info);
32
+ $resp = array("status" => BVAccount::exists($this->settings, $params['pubkey']));
33
+ break;
34
+ case "updtapikey":
35
+ $resp = array("status" => BVAccount::updateApiPublicKey($this->settings, $params['pubkey']));
36
+ break;
37
+ case "rmdefsec":
38
+ $resp = array("status" => $settings->deleteOption('bvDefaultSecret'));
39
+ break;
40
+ case "rmbvkeys":
41
+ $resp = array("status" => $settings->deleteOption('bvKeys'));
42
+ break;
43
+ case "rmdefpub":
44
+ $resp = array("status" => $settings->deleteOption('bvDefaultPublic'));
45
+ break;
46
+ case "rmoldbvacc":
47
+ $resp = array("status" => $settings->deleteOption('bvAccounts'));
48
+ break;
49
  case "fetch":
50
+ $resp = array("status" => BVAccount::allAccounts($this->settings));
51
  break;
52
  default:
53
+ $resp = false;
54
  }
55
+ return $resp;
56
  }
57
  }
58
  endif;
callback/wings/auth.php DELETED
@@ -1,26 +0,0 @@
1
- <?php
2
-
3
- if (!defined('ABSPATH')) exit;
4
- if (!class_exists('BVAuthCallback')) :
5
- class BVAuthCallback {
6
-
7
- function process($method) {
8
- global $bvresp, $bvcb;
9
- $auth = $bvcb->bvmain->auth;
10
- switch ($method) {
11
- case "addkeys":
12
- $bvresp->addStatus("status", $auth->addKeys($_REQUEST['public'], $_REQUEST['secret']));
13
- break;
14
- case "updatekeys":
15
- $bvresp->addStatus("status", $auth->updateKeys($_REQUEST['public'], $_REQUEST['secret']));
16
- break;
17
- case "rmkeys":
18
- $bvresp->addStatus("status", $auth->rmKeys($_REQUEST['public']));
19
- break;
20
- default:
21
- return false;
22
- }
23
- return true;
24
- }
25
- }
26
- endif;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
callback/wings/brand.php CHANGED
@@ -3,46 +3,52 @@
3
  if (!defined('ABSPATH')) exit;
4