WordPress Backup & Security Plugin – BlogVault - Version 4.2

Version Description

  • Firewall in prepend mode
  • Robust Firewall and Login protection
  • Robust write callbacks
  • Without FTP cleanup and restore support
Download this release

Release Info

Developer ritesh.soni36
Plugin Icon 128x128 WordPress Backup & Security Plugin – BlogVault
Version 4.2
Comparing to
See all releases

Code changes from version 3.4 to 4.2

account.php CHANGED
@@ -42,6 +42,10 @@ if (!class_exists('BVAccount')) :
42
return $str;
43
}
44
45
public static function apiPublicAccount($settings) {
46
$pubkey = $settings->getOption(self::$api_public_key);
47
return self::find($settings, $pubkey);
@@ -98,6 +102,7 @@ if (!class_exists('BVAccount')) :
98
}
99
100
public function newAuthParams($version) {
101
$args = array();
102
$time = time();
103
$sig = sha1($this->public.$this->secret.$time.$version);
@@ -106,6 +111,7 @@ if (!class_exists('BVAccount')) :
106
$args['bvPublic'] = $this->public;
107
$args['bvVersion'] = $version;
108
$args['sha1'] = '1';
109
return $args;
110
}
111
@@ -118,7 +124,7 @@ if (!class_exists('BVAccount')) :
118
self::update($settings, $accounts);
119
}
120
121
- public function respInfo() {
122
return array(
123
"public" => substr($this->public, 0, 6),
124
"sigmatch" => substr($this->sig_match, 0, 6)
@@ -179,4 +185,4 @@ if (!class_exists('BVAccount')) :
179
return array_key_exists($pubkey, $accounts);
180
}
181
}
182
- endif;
42
return $str;
43
}
44
45
+ public static function sanitizeKey($key) {
46
+ return preg_replace('/[^a-zA-Z0-9_\-]/', '', $key);
47
+ }
48
+
49
public static function apiPublicAccount($settings) {
50
$pubkey = $settings->getOption(self::$api_public_key);
51
return self::find($settings, $pubkey);
102
}
103
104
public function newAuthParams($version) {
105
+ $bvinfo = new BVInfo($settings);
106
$args = array();
107
$time = time();
108
$sig = sha1($this->public.$this->secret.$time.$version);
111
$args['bvPublic'] = $this->public;
112
$args['bvVersion'] = $version;
113
$args['sha1'] = '1';
114
+ $args['plugname'] = $bvinfo->plugname;
115
return $args;
116
}
117
124
self::update($settings, $accounts);
125
}
126
127
+ public function info() {
128
return array(
129
"public" => substr($this->public, 0, 6),
130
"sigmatch" => substr($this->sig_match, 0, 6)
185
return array_key_exists($pubkey, $accounts);
186
}
187
}
188
+ endif;
blogvault.php CHANGED
@@ -5,7 +5,7 @@ Plugin URI: https://blogvault.net
5
Description: Easiest way to backup & secure your WordPress site
6
Author: Backup by BlogVault
7
Author URI: https://blogvault.net
8
- Version: 3.4
9
Network: True
10
*/
11
@@ -28,6 +28,7 @@ Network: True
28
/* Global response array */
29
30
if (!defined('ABSPATH')) exit;
31
require_once dirname( __FILE__ ) . '/wp_settings.php';
32
require_once dirname( __FILE__ ) . '/wp_site_info.php';
33
require_once dirname( __FILE__ ) . '/wp_db.php';
@@ -55,7 +56,7 @@ add_action('wp_footer', array($wp_action, 'footerHandler'), 100);
55
##WPCLIMODULE##
56
if (is_admin()) {
57
require_once dirname( __FILE__ ) . '/wp_admin.php';
58
- $wpadmin = new BVWPAdmin($bvsettings, $bvsiteinfo);
59
add_action('admin_init', array($wpadmin, 'initHandler'));
60
add_filter('all_plugins', array($wpadmin, 'initBranding'));
61
add_filter('plugin_row_meta', array($wpadmin, 'hidePluginDetails'), 10, 2);
@@ -65,6 +66,7 @@ if (is_admin()) {
65
add_action('admin_menu', array($wpadmin, 'menu'));
66
}
67
add_filter('plugin_action_links', array($wpadmin, 'settingsLink'), 10, 2);
68
add_action('admin_notices', array($wpadmin, 'activateWarning'));
69
##ADMINENQUEUESCRIPTS##
70
}
@@ -80,7 +82,7 @@ if ((array_key_exists('bvplugname', $_REQUEST)) && ($_REQUEST['bvplugname'] == "
80
require_once dirname( __FILE__ ) . '/callback/request.php';
81
require_once dirname( __FILE__ ) . '/recover.php';
82
83
- $pubkey = $_REQUEST['pubkey'];
84
85
if (array_key_exists('rcvracc', $_REQUEST)) {
86
$account = BVRecover::find($bvsettings, $pubkey);
@@ -92,13 +94,16 @@ if ((array_key_exists('bvplugname', $_REQUEST)) && ($_REQUEST['bvplugname'] == "
92
$response = new BVCallbackResponse($request->bvb64cksize);
93
94
if ($account && (1 === $account->authenticate($request))) {
95
require_once dirname( __FILE__ ) . '/callback/handler.php';
96
$params = $request->processParams($_REQUEST);
97
if ($params === false) {
98
$resp = array(
99
- "account_info" => $account->respInfo(),
100
- "request_info" => $request->respInfo(),
101
- "bvinfo" => $bvinfo->respInfo(),
102
"statusmsg" => "BVPRMS_CORRUPTED"
103
);
104
$response->terminate($resp);
@@ -115,9 +120,9 @@ if ((array_key_exists('bvplugname', $_REQUEST)) && ($_REQUEST['bvplugname'] == "
115
}
116
} else {
117
$resp = array(
118
- "account_info" => $account ? $account->respInfo() : array("error" => "ACCOUNT_NOT_FOUND"),
119
- "request_info" => $request->respInfo(),
120
- "bvinfo" => $bvinfo->respInfo(),
121
"statusmsg" => "FAILED_AUTH",
122
"api_pubkey" => substr(BVAccount::getApiPublicKey($bvsettings), 0, 8),
123
"def_sigmatch" => substr(BVAccount::getSigMatch($request, BVRecover::getDefaultSecret($bvsettings)), 0, 8)
@@ -126,16 +131,15 @@ if ((array_key_exists('bvplugname', $_REQUEST)) && ($_REQUEST['bvplugname'] == "
126
}
127
} else {
128
if ($bvinfo->isProtectModuleEnabled()) {
129
- require_once dirname( __FILE__ ) . '/protect/protect.php';
130
- require_once dirname( __FILE__ ) . '/protect/ipstore.php';
131
- $bvprotect = new BVProtect($bvdb, $bvsettings);
132
- $bvprotect->init();
133
- }
134
135
if ($bvinfo->isDynSyncModuleEnabled()) {
136
- require_once dirname( __FILE__ ) . '/wp_dynsync.php';
137
- $dynsync = new BVWPDynSync($bvdb, $bvsettings);
138
- $dynsync->init();
139
- }
140
141
}
5
Description: Easiest way to backup & secure your WordPress site
6
Author: Backup by BlogVault
7
Author URI: https://blogvault.net
8
+ Version: 4.2
9
Network: True
10
*/
11
28
/* Global response array */
29
30
if (!defined('ABSPATH')) exit;
31
+
32
require_once dirname( __FILE__ ) . '/wp_settings.php';
33
require_once dirname( __FILE__ ) . '/wp_site_info.php';
34
require_once dirname( __FILE__ ) . '/wp_db.php';
56
##WPCLIMODULE##
57
if (is_admin()) {
58
require_once dirname( __FILE__ ) . '/wp_admin.php';
59
+ $wpadmin = new BVWPAdmin($bvsettings, $bvsiteinfo, $bvapi);
60
add_action('admin_init', array($wpadmin, 'initHandler'));
61
add_filter('all_plugins', array($wpadmin, 'initBranding'));
62
add_filter('plugin_row_meta', array($wpadmin, 'hidePluginDetails'), 10, 2);
66
add_action('admin_menu', array($wpadmin, 'menu'));
67
}
68
add_filter('plugin_action_links', array($wpadmin, 'settingsLink'), 10, 2);
69
+ add_action('admin_head', array($wpadmin, 'removeAdminNotices'), 3);
70
add_action('admin_notices', array($wpadmin, 'activateWarning'));
71
##ADMINENQUEUESCRIPTS##
72
}
82
require_once dirname( __FILE__ ) . '/callback/request.php';
83
require_once dirname( __FILE__ ) . '/recover.php';
84
85
+ $pubkey = BVAccount::sanitizeKey($_REQUEST['pubkey']);
86
87
if (array_key_exists('rcvracc', $_REQUEST)) {
88
$account = BVRecover::find($bvsettings, $pubkey);
94
$response = new BVCallbackResponse($request->bvb64cksize);
95
96
if ($account && (1 === $account->authenticate($request))) {
97
+ define('BVBASEPATH', plugin_dir_path(__FILE__));
98
+
99
+
100
require_once dirname( __FILE__ ) . '/callback/handler.php';
101
$params = $request->processParams($_REQUEST);
102
if ($params === false) {
103
$resp = array(
104
+ "account_info" => $account->info(),
105
+ "request_info" => $request->info(),
106
+ "bvinfo" => $bvinfo->info(),
107
"statusmsg" => "BVPRMS_CORRUPTED"
108
);
109
$response->terminate($resp);
120
}
121
} else {
122
$resp = array(
123
+ "account_info" => $account ? $account->info() : array("error" => "ACCOUNT_NOT_FOUND"),
124
+ "request_info" => $request->info(),
125
+ "bvinfo" => $bvinfo->info(),
126
"statusmsg" => "FAILED_AUTH",
127
"api_pubkey" => substr(BVAccount::getApiPublicKey($bvsettings), 0, 8),
128
"def_sigmatch" => substr(BVAccount::getSigMatch($request, BVRecover::getDefaultSecret($bvsettings)), 0, 8)
131
}
132
} else {
133
if ($bvinfo->isProtectModuleEnabled()) {
134
+ require_once dirname( __FILE__ ) . '/protect/wp/protect.php';
135
+ $bvprotect = new BVProtect($bvdb, $bvsettings);
136
+ $bvprotect->run();
137
+ }
138
139
if ($bvinfo->isDynSyncModuleEnabled()) {
140
+ require_once dirname( __FILE__ ) . '/wp_dynsync.php';
141
+ $dynsync = new BVWPDynSync($bvdb, $bvsettings);
142
+ $dynsync->init();
143
+ }
144
145
}
callback/handler.php CHANGED
@@ -10,6 +10,7 @@ if (!class_exists('BVCallbackHandler')) :
10
public $request;
11
public $account;
12
public $response;
13
14
public function __construct($db, $settings, $siteinfo, $request, $account, $response) {
15
$this->db = $db;
@@ -18,6 +19,7 @@ if (!class_exists('BVCallbackHandler')) :
18
$this->request = $request;
19
$this->account = $account;
20
$this->response = $response;
21
}
22
23
public function bvAdmExecuteWithoutUser() {
@@ -30,17 +32,16 @@ if (!class_exists('BVCallbackHandler')) :
30
31
public function execute($resp = array()) {
32
$this->routeRequest();
33
- $bvinfo = new BVInfo($this->settings);
34
$resp = array(
35
- "request_info" => $this->request->respInfo(),
36
- "site_info" => $this->siteinfo->respInfo(),
37
- "account_info" => $this->account->respInfo(),
38
- "bvinfo" => $bvinfo->respInfo(),
39
"api_pubkey" => substr(BVAccount::getApiPublicKey($this->settings), 0, 8)
40
);
41
$this->response->terminate($resp);
42
}
43
-
44
public function routeRequest() {
45
switch ($this->request->wing) {
46
case 'manage':
@@ -67,17 +68,9 @@ if (!class_exists('BVCallbackHandler')) :
67
require_once dirname( __FILE__ ) . '/wings/ipstore.php';
68
$module = new BVIPStoreCallback($this);
69
break;
70
- case 'fw':
71
- require_once dirname( __FILE__ ) . '/wings/fw.php';
72
- $module = new BVFirewallCallback($this);
73
- break;
74
- case 'lp':
75
- require_once dirname( __FILE__ ) . '/wings/lp.php';
76
- $module = new BVLoginProtectCallback($this);
77
- break;
78
- case 'monit':
79
- require_once dirname( __FILE__ ) . '/wings/monit.php';
80
- $module = new BVMonitCallback($this);
81
break;
82
case 'brand':
83
require_once dirname( __FILE__ ) . '/wings/brand.php';
@@ -91,6 +84,10 @@ if (!class_exists('BVCallbackHandler')) :
91
require_once dirname( __FILE__ ) . '/wings/account.php';
92
$module = new BVAccountCallback($this);
93
break;
94
default:
95
require_once dirname( __FILE__ ) . '/wings/misc.php';
96
$module = new BVMiscCallback($this);
10
public $request;
11
public $account;
12
public $response;
13
+ public $bvinfo;
14
15
public function __construct($db, $settings, $siteinfo, $request, $account, $response) {
16
$this->db = $db;
19
$this->request = $request;
20
$this->account = $account;
21
$this->response = $response;
22
+ $this->bvinfo = new BVInfo($this->settings);
23
}
24
25
public function bvAdmExecuteWithoutUser() {
32
33
public function execute($resp = array()) {
34
$this->routeRequest();
35
$resp = array(
36
+ "request_info" => $this->request->info(),
37
+ "site_info" => $this->siteinfo->info(),
38
+ "account_info" => $this->account->info(),
39
+ "bvinfo" => $this->bvinfo->info(),
40
"api_pubkey" => substr(BVAccount::getApiPublicKey($this->settings), 0, 8)
41
);
42
$this->response->terminate($resp);
43
}
44
+
45
public function routeRequest() {
46
switch ($this->request->wing) {
47
case 'manage':
68
require_once dirname( __FILE__ ) . '/wings/ipstore.php';
69
$module = new BVIPStoreCallback($this);
70
break;
71
+ case 'wtch':
72
+ require_once dirname( __FILE__ ) . '/wings/watch.php';
73
+ $module = new BVWatchCallback($this);
74
break;
75
case 'brand':
76
require_once dirname( __FILE__ ) . '/wings/brand.php';
84
require_once dirname( __FILE__ ) . '/wings/account.php';
85
$module = new BVAccountCallback($this);
86
break;
87
+ case 'fswrt':
88
+ require_once dirname( __FILE__ ) . '/wings/fs_write.php';
89
+ $module = new BVFSWriteCallback();
90
+ break;
91
default:
92
require_once dirname( __FILE__ ) . '/wings/misc.php';
93
$module = new BVMiscCallback($this);
callback/request.php CHANGED
@@ -40,7 +40,7 @@ if (!class_exists('BVCallbackRequest')) :
40
return array_key_exists('apicall', $this->params);
41
}
42
43
- public function respInfo() {
44
$info = array(
45
"requestedsig" => $this->sig,
46
"requestedtime" => $this->time,
@@ -89,7 +89,7 @@ if (!class_exists('BVCallbackRequest')) :
89
if (array_key_exists('bvprms', $in_params) && isset($in_params['bvprms']) &&
90
array_key_exists('bvprmsmac', $in_params) && isset($in_params['bvprmsmac'])) {
91
$digest_algo = 'SHA1';
92
- $sent_mac = $in_params['bvprmsmac'];
93
94
if (array_key_exists('bvprmshshalgo', $in_params) && isset($in_params['bvprmshshalgo'])) {
95
$digest_algo = $in_params['bvprmshshalgo'];
40
return array_key_exists('apicall', $this->params);
41
}
42
43
+ public function info() {
44
$info = array(
45
"requestedsig" => $this->sig,
46
"requestedtime" => $this->time,
89
if (array_key_exists('bvprms', $in_params) && isset($in_params['bvprms']) &&
90
array_key_exists('bvprmsmac', $in_params) && isset($in_params['bvprmsmac'])) {
91
$digest_algo = 'SHA1';
92
+ $sent_mac = BVAccount::sanitizeKey($in_params['bvprmsmac']);
93
94
if (array_key_exists('bvprmshshalgo', $in_params) && isset($in_params['bvprmshshalgo'])) {
95
$digest_algo = $in_params['bvprmshshalgo'];
callback/wings/account.php CHANGED
@@ -21,7 +21,7 @@ class BVAccountCallback extends BVCallbackBase {
21
$resp = array("status" => BVAccount::exists($this->settings, $params['public']));
22
break;
23
case "rmacc":
24
- $resp = array("status" => $account->remove($params['public']));
25
break;
26
case "updt":
27
$info = array();
@@ -32,7 +32,8 @@ class BVAccountCallback extends BVCallbackBase {
32
$resp = array("status" => BVAccount::exists($this->settings, $params['pubkey']));
33
break;
34
case "updtapikey":
35
- $resp = array("status" => BVAccount::updateApiPublicKey($this->settings, $params['pubkey']));
36
break;
37
case "rmdefsec":
38
$resp = array("status" => $settings->deleteOption('bvDefaultSecret'));
21
$resp = array("status" => BVAccount::exists($this->settings, $params['public']));
22
break;
23
case "rmacc":
24
+ $resp = array("status" => BVAccount::remove($this->settings, $params['public']));
25
break;
26
case "updt":
27
$info = array();
32
$resp = array("status" => BVAccount::exists($this->settings, $params['pubkey']));
33
break;
34
case "updtapikey":
35
+ BVAccount::updateApiPublicKey($this->settings, $params['pubkey']);
36
+ $resp = array("status" => $this->settings->getOption(BVAccount::$api_public_key));
37
break;
38
case "rmdefsec":
39
$resp = array("status" => $settings->deleteOption('bvDefaultSecret'));
callback/wings/db.php CHANGED
@@ -9,9 +9,13 @@ class BVDBCallback extends BVCallbackBase {
9
public $stream;
10
public $account;
11
12
public function __construct($callback_handler) {
13
$this->db = $callback_handler->db;
14
$this->account = $callback_handler->account;
15
}
16
17
public function getLastID($pkeys, $end_row) {
@@ -64,6 +68,9 @@ class BVDBCallback extends BVCallbackBase {
64
$db = $this->db;
65
$params = $request->params;
66
$stream_init_info = BVStream::startStream($this->account, $request);
67
if (array_key_exists('stream', $stream_init_info)) {
68
$this->stream = $stream_init_info['stream'];
69
switch ($request->method) {
@@ -140,17 +147,17 @@ class BVDBCallback extends BVCallbackBase {
140
$resp = $this->getTableData($table, $tname, $rcount, $offset, $limit, $bsize, $filter, $pkeys, true);
141
break;
142
case "tblexists":
143
- $resp = array("tblexists" => $db->isTablePresent($params['tablename']));
144
break;
145
case "crttbl":
146
$usedbdelta = array_key_exists('usedbdelta', $params);
147
- $resp = array("crttbl" => $db->createTable($params['query'], $params['tablename'], $usedbdelta));
148
break;
149
case "drptbl":
150
- $resp = array("drptbl" => $db->dropBVTable($params['name']));
151
break;
152
case "trttbl":
153
- $resp = array("trttbl" => $db->truncateBVTable($params['name']));
154
break;
155
case "altrtbl":
156
$resp = array("altrtbl" => $db->alterBVTable($params['query'], $params['query']));
9
public $stream;
10
public $account;
11
12
+ public static $bvTables = array("fw_requests", "lp_requests", "ip_store");
13
+
14
public function __construct($callback_handler) {
15
$this->db = $callback_handler->db;
16
$this->account = $callback_handler->account;
17
+ $this->siteinfo = $callback_handler->siteinfo;
18
+ $this->bvinfo = $callback_handler->bvinfo;
19
}
20
21
public function getLastID($pkeys, $end_row) {
68
$db = $this->db;
69
$params = $request->params;
70
$stream_init_info = BVStream::startStream($this->account, $request);
71
+
72
+
73
+
74
if (array_key_exists('stream', $stream_init_info)) {
75
$this->stream = $stream_init_info['stream'];
76
switch ($request->method) {
147
$resp = $this->getTableData($table, $tname, $rcount, $offset, $limit, $bsize, $filter, $pkeys, true);
148
break;
149
case "tblexists":
150
+ $resp = array("tblexists" => $db->isTablePresent($params['table']));
151
break;
152
case "crttbl":
153
$usedbdelta = array_key_exists('usedbdelta', $params);
154
+ $resp = array("crttbl" => $db->createTable($params['query'], $params['table'], $usedbdelta));
155
break;
156
case "drptbl":
157
+ $resp = array("drptbl" => $db->dropBVTable($params['table']));
158
break;
159
case "trttbl":
160
+ $resp = array("trttbl" => $db->truncateBVTable($params['table']));
161
break;
162
case "altrtbl":
163
$resp = array("altrtbl" => $db->alterBVTable($params['query'], $params['query']));
callback/wings/fs.php CHANGED
@@ -8,6 +8,8 @@ class BVFSCallback extends BVCallbackBase {
8
public $stream;
9
public $account;
10
11
public function __construct($callback_handler) {
12
$this->account = $callback_handler->account;
13
}
@@ -149,6 +151,34 @@ class BVFSCallback extends BVCallbackBase {
149
return $md5;
150
}
151
152
function getFilesStats($files, $offset = 0, $limit = 0, $bsize = 102400, $md5 = false) {
153
$result = array();
154
foreach ($files as $file) {
@@ -207,6 +237,9 @@ class BVFSCallback extends BVCallbackBase {
207
function process($request) {
208
$params = $request->params;
209
$stream_init_info = BVStream::startStream($this->account, $request);
210
if (array_key_exists('stream', $stream_init_info)) {
211
$this->stream = $stream_init_info['stream'];
212
switch ($request->method) {
@@ -264,6 +297,26 @@ class BVFSCallback extends BVCallbackBase {
264
$directoryList = glob($initdir.$regex, $glob_option);
265
$resp = $this->getFilesStats($directoryList);
266
break;
267
default:
268
$resp = false;
269
}
8
public $stream;
9
public $account;
10
11
+ public static $cwAllowedFiles = array(".htaccess", ".user.ini", "malcare-waf.php");
12
+
13
public function __construct($callback_handler) {
14
$this->account = $callback_handler->account;
15
}
151
return $md5;
152
}
153
154
+ function getFilesContent($files, $withContent = true) {
155
+ $result = array();
156
+ foreach ($files as $file) {
157
+ $fdata = $this->fileStat($file);
158
+ $absfile = ABSPATH.$file;
159
+
160
+ if (is_dir($absfile) && !is_link($absfile)) {
161
+ $fdata['is_dir'] = true;
162
+ } else {
163
+ if (!is_readable($file)) {
164
+ $fdata['error'] = 'file not readable';
165
+ } else {
166
+ if ($withContent === true) {
167
+ if ($content = file_get_contents($absfile)) {
168
+ $fdata['content'] = $content;
169
+ } else {
170
+ $fdata['error'] = 'unable to read file';
171
+ }
172
+ }
173
+ }
174
+ }
175
+
176
+ $result[$file] = $fdata;
177
+ }
178
+
179
+ return $result;
180
+ }
181
+
182
function getFilesStats($files, $offset = 0, $limit = 0, $bsize = 102400, $md5 = false) {
183
$result = array();
184
foreach ($files as $file) {
237
function process($request) {
238
$params = $request->params;
239
$stream_init_info = BVStream::startStream($this->account, $request);
240
+
241
+
242
+
243
if (array_key_exists('stream', $stream_init_info)) {
244
$this->stream = $stream_init_info['stream'];
245
switch ($request->method) {
297
$directoryList = glob($initdir.$regex, $glob_option);
298
$resp = $this->getFilesStats($directoryList);
299
break;
300
+ case "dirsexists":
301
+ $resp = array();
302
+ $dirs = $params['dirs'];
303
+
304
+ foreach ($dirs as $dir) {
305
+ $path = ABSPATH.$dir;
306
+ if (file_exists($path) && is_dir($path) && !is_link($path)) {
307
+ $resp[$dir] = true;
308
+ } else {
309
+ $resp[$dir] = false;
310
+ }
311
+ }
312
+
313
+ $resp["status"] = "Done";
314
+ break;
315
+ case "gtfilescntent":
316
+ $files = $params['files'];
317
+ $withContent = array_key_exists('withcontent', $params) ? $params['withcontent'] : true;
318
+ $resp = array("files_content" => $this->getFilesContent($files, $withContent));
319
+ break;
320
default:
321
$resp = false;
322
}
callback/wings/fs_write.php ADDED
@@ -0,0 +1,453 @@
1
+ <?php
2
+
3
+ if (!defined('ABSPATH')) exit;
4
+ if (!class_exists('BVFSWriteCallback')) :
5
+
6
+ class BVFSWriteCallback extends BVCallbackBase {
7
+
8
+ const MEGABYTE = 1024 * 1024;
9
+
10
+ public function __construct() {
11
+ }
12
+
13
+ public function removeFiles($files) {
14
+ $result = array();
15
+
16
+ foreach($files as $file) {
17
+ $file_result = array();
18
+
19
+ if (file_exists($file)) {
20
+
21
+ $file_result['status'] = unlink($file);
22
+ if ($file_result['status'] === false) {
23
+ $file_result['error'] = "UNLINK_FAILED";
24
+ }
25
+
26
+ } else {
27
+ $file_result['status'] = true;
28
+ $file_result['error'] = "NOT_PRESENT";
29
+ }
30
+
31
+ $result[$file] = $file_result;
32
+ }
33
+
34
+ $result['status'] = true;
35
+ return $result;
36
+ }
37
+
38
+ public function makeDirs($dirs) {
39
+ $result = array();
40
+
41
+ foreach($dirs as $dir) {
42
+ $dir_result = array();
43
+
44
+ if (file_exists($dir)) {
45
+
46
+ if (is_dir($dir)) {
47
+ $dir_result['status'] = true;
48
+ $dir_result['message'] = "DIR_ALREADY_PRESENT";
49
+ } else {
50
+ $dir_result['status'] = false;
51
+ $dir_result['error'] = "FILE_PRESENT_IN_PLACE_OF_DIR";
52
+ }
53
+
54
+ } else {
55
+
56
+ $dir_result['status'] = mkdir($dir);
57
+ if ($dir_result['status'] === false) {
58
+ $dir_result['error'] = "MKDIR_FAILED";
59
+ }
60
+
61
+ }
62
+
63
+ $result[$dir] = $dir_result;
64
+ }
65
+
66
+ $result['status'] = true;
67
+ return $result;
68
+ }
69
+
70
+ public function removeDirs($dirs) {
71
+ $result = array();
72
+
73
+ foreach($dirs as $dir) {
74
+ $dir_result = array();
75
+
76
+ if (is_dir($dir) && !is_link($dir)) {
77
+
78
+ if ($this->isEmptyDir($dir)) {
79
+
80
+ $dir_result['status'] = rmdir($dir);
81
+ if ($dir_result['status'] === false) {
82
+ $dir_result['error'] = "RMDIR_FAILED";
83
+ }
84
+
85
+ } else {
86
+ $dir_result['status'] = false;
87
+ $dir_result['error'] = "NOT_EMPTY";
88
+ }
89
+
90
+ } else {
91
+ $dir_result['status'] = false;
92
+ $dir_result['error'] = "NOT_DIR";
93
+ }
94
+
95
+ $result[$dir] = $dir_result;
96
+ }
97
+
98
+ $result['status'] = true;
99
+ return $result;
100
+ }
101
+
102
+ public function isEmptyDir($dir) {
103
+ $handle = opendir($dir);
104
+
105
+ while (false !== ($entry = readdir($handle))) {
106
+ if ($entry != "." && $entry != "..") {
107
+ closedir($handle);
108
+ return false;
109
+ }
110
+ }
111
+ closedir($handle);
112
+
113
+ return true;
114
+ }
115
+
116
+ public function doChmod($path_infos) {
117
+ $result = array();
118
+
119
+ foreach($path_infos as $path => $mode) {
120
+ $path_result = array();
121
+
122
+ if (file_exists($path)) {
123
+
124
+ $path_result['status'] = chmod($path, $mode);
125
+ if ($path_result['status'] === false) {
126
+ $path_result['error'] = "CHMOD_FAILED";
127
+ }
128
+
129
+ } else {
130
+ $path_result['status'] = false;
131
+ $path_result['error'] = "NOT_FOUND";
132
+ }
133
+
134
+ $result[$path] = $path_result;
135
+ }
136
+
137
+ $result['status'] = true;
138
+ return $result;
139
+ }
140
+
141
+ public function concatFiles($ifiles, $ofile, $bsize, $offset) {
142
+ if (($offset !== 0) && (!file_exists($ofile))) {
143
+ return array(
144
+ 'status' => false,
145
+ 'error' => 'OFILE_NOT_FOUND_BEFORE_CONCAT'
146
+ );
147
+ }
148
+
149
+ if (file_exists($ofile) && ($offset !== 0)) {
150
+ $handle = fopen($ofile, 'rb+');
151
+ } else {
152
+ $handle = fopen($ofile, 'wb+');
153
+ }
154
+
155
+ if ($handle === false) {
156
+ return array(
157
+ 'status' => false,
158
+ 'error' => 'FOPEN_FAILED'
159
+ );
160
+ }
161
+
162
+ if ($offset !== 0) {
163
+ if (fseek($handle, $offset, SEEK_SET) === -1) {
164
+ return array(
165
+ 'status' => false,
166
+ 'error' => 'FSEEK_FAILED'
167
+ );
168
+ }
169
+ }
170
+
171
+ $total_written = 0;
172
+ foreach($ifiles as $file) {
173
+ $fp = fopen($file, 'rb');
174
+ if ($fp === false) {
175
+ return array(
176
+ 'status' => false,
177
+ 'error' => "UNABLE_TO_OPEN_TMP_OFILE_FOR_READING"
178
+ );
179
+ }
180
+
181
+ while (!feof($fp)) {
182
+ $content = fread($fp, $bsize);
183
+ if ($content === false) {
184
+ return array(
185
+ 'status' => false,
186
+ 'error' => "UNABLE_TO_READ_INFILE",
187
+ 'filename' => $file
188
+ );
189
+ }
190
+
191
+ $written = fwrite($handle, $content);
192
+ if ($written === false) {
193
+ return array(
194
+ 'status' => false,
195
+ 'error' => "UNABLE_TO_WRITE_TO_OFILE",
196
+ 'filename' => $file
197
+ );
198
+ }
199
+ $total_written += $written;
200
+ }
201
+
202
+ fclose($fp);
203
+ }
204
+
205
+ $result = array();
206
+ $result['fclose'] = fclose($handle);
207
+
208
+ if (file_exists($ofile) && ($total_written != 0)) {
209
+ $result['status'] = true;
210
+ $result['fsize'] = filesize($ofile);
211
+ $result['total_written'] = $total_written;
212
+ } else {
213
+ $result['status'] = false;
214
+ $result['error'] = 'CONCATINATED_FILE_FAILED';
215
+ }
216
+
217
+ return $result;
218
+ }
219
+
220
+ public function renameFiles($path_infos) {
221
+ $result = array();
222
+
223
+ foreach($path_infos as $oldpath => $newpath) {
224
+ $action_result = array();
225
+ $failed = array();
226
+
227
+ if (file_exists($oldpath)) {
228
+
229
+ $action_result['status'] = rename($oldpath, $newpath);
230
+ if ($action_result['status'] === false) {
231
+ $action_result['error'] = "RENAME_FAILED";
232
+ }
233
+
234
+ } else {
235
+ $action_result['status'] = false;
236
+ $action_result['error'] = "NOT_FOUND";
237
+ }
238
+
239
+ $result[$oldpath] = $action_result;
240
+ }
241
+
242
+ $result['status'] = true;
243
+ return $result;
244
+ }
245
+
246
+ public function curlFile($ifile_url, $ofile, $timeout) {
247
+ $fp = fopen($ofile, "wb+");
248
+ if ($fp === false) {
249
+ return array(
250
+ 'error' => 'FOPEN_FAILED_FOR_TEMP_OFILE'
251
+ );
252
+ }
253
+
254
+ $result = array();
255
+ $ch = curl_init($ifile_url);
256
+ curl_setopt($ch, CURLOPT_BINARYTRANSFER, 1);
257
+ curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);
258
+ curl_setopt($ch, CURLOPT_HEADER, 0);
259
+ curl_setopt($ch, CURLOPT_FILE, $fp);
260
+
261
+ if (!curl_exec($ch)) {
262
+ $result['error'] = curl_error($ch);
263
+ $result['errorno'] = curl_errno($ch);
264
+ }
265
+
266
+ curl_close($ch);
267
+ fclose($fp);
268
+
269
+ return $result;
270
+ }
271
+
272
+ public function wgetFile($ifile_url, $ofile) {
273
+ $result = array();
274
+ system("wget -nv -O $ofile $ifile_url 2>&1 > /dev/null", $retval);
275
+
276
+ if ($retval !== 0) {
277
+ $result['error'] = "WGET_ERROR";
278
+ }
279
+
280
+ return $result;
281
+ }
282
+
283
+ public function streamCopyFile($ifile_url, $ofile) {
284
+ $result = array();
285
+ $handle = fopen($ifile_url, "rb");
286
+
287
+ if ($handle === false) {
288
+ return array(
289
+ 'error' => "UNABLE_TO_OPEN_REMOTE_FILE_STREAM"
290
+ );
291
+ }
292
+
293
+ $fp = fopen($ofile, "wb+");
294
+ if ($fp === false) {
295
+ fclose($handle);
296
+
297
+ return array(
298
+ 'error' => 'FOPEN_FAILED_FOR_OFILE'
299
+ );
300
+ }
301
+
302
+ if (stream_copy_to_stream($handle, $fp) === false) {
303
+ $result['error'] = "UNABLE_TO_WRITE_TO_TMP_OFILE";
304
+ }
305
+
306
+ fclose($handle);
307
+ fclose($fp);
308
+
309
+ return $result;
310
+ }
311
+
312
+ public function writeContentToFile($content, $ofile) {
313
+ $result = array();
314
+
315
+ $fp = fopen($ofile, "wb+");
316
+ if ($fp === false) {
317
+ return array(
318
+ 'error' => 'FOPEN_FAILED_FOR_TEMP_OFILE'
319
+ );
320
+ }
321
+
322
+ if (fwrite($fp, $content) === false) {
323
+ $resp['error'] = "UNABLE_TO_WRITE_TO_TMP_OFILE";
324
+ }
325
+ fclose($fp);
326
+
327
+ return $result;
328
+ }
329
+
330
+ public function moveUploadedFile($ofile) {
331
+ $result = array();
332
+
333
+ if (isset($_FILES['myfile'])) {
334
+ $myfile = $_FILES['myfile'];
335
+ $is_upload_ok = false;
336
+
337
+ switch ($myfile['error']) {
338
+ case UPLOAD_ERR_OK:
339
+ $is_upload_ok = true;
340
+ break;
341
+ case UPLOAD_ERR_NO_FILE:
342
+ $result['error'] = "UPLOADERR_NO_FILE";
343
+ break;
344
+ case UPLOAD_ERR_INI_SIZE:
345
+ case UPLOAD_ERR_FORM_SIZE:
346
+ $result['error'] = "UPLOADERR_FORM_SIZE";
347
+ break;
348
+ default:
349
+ $result['error'] = "UPLOAD_ERR_UNKNOWN";
350
+ }
351
+
352
+ if ($is_upload_ok && !isset($myfile['tmp_name'])) {
353
+ $result['error'] = "MYFILE_TMP_NAME_NOT_FOUND";
354
+ $is_upload_ok = false;
355
+ }
356
+
357
+ if ($is_upload_ok) {
358
+ if (move_uploaded_file($myfile['tmp_name'], $ofile) === false) {
359
+ $result['error'] = 'MOVE_UPLOAD_FILE_FAILED';
360
+ }
361
+ }
362
+
363
+ } else {
364
+ $result['error'] = "FILE_NOT_PRESENT_IN_FILES";
365
+ }
366
+
367
+ return $result;
368
+ }
369
+
370
+
371
+ public function uploadFile($params) {
372
+ $resp = array();
373
+ $ofile = $params['ofile'];
374
+
375
+ switch($params['protocol']) {
376
+ case "curl":
377
+ $timeout = isset($params['timeout']) ? $params['timeout'] : 60;
378
+ $ifile_url = isset($params['ifileurl']) ? $params['ifileurl'] : null;
379
+
380
+ $resp = $this->curlFile($ifile_url, $ofile, $timeout);
381
+ break;
382
+ case "wget":
383
+ $ifile_url = isset($params['ifileurl']) ? $params['ifileurl'] : null;
384
+
385
+ $resp = $this->wgetFile($ifile_url, $ofile);
386
+ break;
387
+ case "streamcopy":
388
+ $ifile_url = isset($params['ifileurl']) ? $params['ifileurl'] : null;
389
+
390
+ $resp = $this->streamCopyFile($ifile_url, $ofile);
391
+ break;
392
+ case "httpcontenttransfer":
393
+ $resp = $this->writeContentToFile($params['content'], $ofile);
394
+ break;
395
+ case "httpfiletransfer":
396
+ $resp = $this->moveUploadedFile($ofile);
397
+ break;
398
+ default:
399
+ $resp['error'] = "INVALID_PROTOCOL";
400
+ }
401
+
402
+ if (isset($resp['error'])) {
403
+ $resp['status'] = false;
404
+ } else {
405
+
406
+ if (file_exists($ofile)) {
407
+ $resp['status'] = true;
408
+ $resp['fsize'] = filesize($ofile);
409
+ } else {
410
+ $resp['status'] = false;
411
+ $resp['error'] = "OFILE_NOT_FOUND";
412
+ }
413
+
414
+ }
415
+
416
+ return $resp;
417
+ }
418
+
419
+ public function process($request) {
420
+ $params = $request->params;
421
+
422
+ switch ($request->method) {
423
+ case "rmfle":
424
+ $resp = $this->removeFiles($params['files']);
425
+ break;
426
+ case "chmd":
427
+ $resp = $this->doChmod($params['pathinfos']);
428
+ break;
429
+ case "mkdr":
430
+ $resp = $this->makeDirs($params['dirs']);
431
+ break;
432
+ case "rmdr":
433
+ $resp = $this->removeDirs($params['dirs']);
434
+ break;
435
+ case "renmefle":
436
+ $resp = $this->renameFiles($params['pathinfos']);
437
+ break;
438
+ case "wrtfle":
439
+ $resp = $this->uploadFile($params);
440
+ break;
441
+ case "cncatfls":
442
+ $bsize = (isset($params['bsize'])) ? $params['bsize'] : (8 * BVFSWriteCallback::MEGABYTE);
443
+ $offset = (isset($params['offset'])) ? $params['offset'] : 0;
444
+ $resp = $this->concatFiles($params['infiles'], $params['ofile'], $bsize, $offset);
445
+ break;
446
+ default:
447
+ $resp = false;
448
+ }
449
+
450
+ return $resp;
451
+ }
452
+ }
453
+ endif;
callback/wings/fw.php DELETED
@@ -1,62 +0,0 @@
1
- <?php
2
-
3
- if (!defined('ABSPATH')) exit;
4
- if (!class_exists('BVFirewallCallback')) :
5
-
6
- require_once dirname( __FILE__ ) . '/../../protect/wp_fw/config.php';
7
-
8
- class BVFirewallCallback {
9
- public $db;
10
- public $settings;
11
-
12
- public function __construct($callback_handler) {
13
- $this->db = $callback_handler->db;
14
- $this->settings = $callback_handler->settings;
15
- }
16
-
17
- public function process($request) {
18
- $params = $request->params;
19
- $config = new BVWPFWConfig($this->db, $this->settings);
20
- switch ($request->method) {
21
- case "clrconfig":
22
- $resp = array("clearconfig" => $config->clear());
23
- break;
24
- case "setmode":
25
- $config->setMode($params['mode']);
26
- $resp = array("setmode" => $config->getMode());
27
- break;
28
- case "dsblrules":
29
- $config->setDisabledRules($params['disabled_rules']);
30
- $resp = array("disabled_rules" => $config->getDisabledRules());
31
- break;
32
- case "adtrls":
33
- $config->setAuditRules($params['audit_rules']);
34
- $resp = array("audit_rules" => $config->getAuditRules());
35
- break;
36
- case "setrulesmode":
37
- $config->setRulesMode($params['rules_mode']);
38
- $resp = array("rules_mode" => $config->getRulesMode());
39
- break;
40
- case "setreqprofilingmode":
41
- $config->setReqProfilingMode($params['req_profiling_mode']);
42
- $resp = array("req_profiling_mode" => $config->getReqProfilingMode());
43
- break;
44
- case "stbypslevl":
45
- $config->setBypassLevel($params['bypslevl']);
46
- $resp = array("bypslevl" => $config->getBypassLevel());
47
- break;
48
- case "stcstmrls":
49
- $config->setCustomRoles($params['cstmrls']);
50
- $resp = array("cstmrls" => $config->getCustomRoles());
51
- break;
52
- case "stcookiemode":
53
- $config->setCookieMode($params['mode']);
54
- $resp = array("mode" => $config->getCookieMode());
55
- break;
56
- default:
57
- $resp = false;
58
- }
59
- return $resp;
60
- }
61
- }
62
- endif;
callback/wings/info.php CHANGED
@@ -96,11 +96,13 @@ class BVInfoCallback extends BVCallbackBase {
96
97
public function getSystemInfo() {
98
$sys_info = array(
99
- 'serverip' => $_SERVER['SERVER_ADDR'],
100
'host' => $_SERVER['HTTP_HOST'],
101
'phpversion' => phpversion(),
102
'AF_INET6' => defined('AF_INET6')
103
);
104
if (function_exists('get_current_user')) {
105
$sys_info['user'] = get_current_user();
106
}
@@ -134,6 +136,7 @@ class BVInfoCallback extends BVCallbackBase {
134
'wpversion' => $wp_version,
135
'dbversion' => $wp_db_version,
136
'abspath' => ABSPATH,
137
'uploadpath' => $upload_dir['basedir'],
138
'uploaddir' => wp_upload_dir(),
139
'contentdir' => defined('WP_CONTENT_DIR') ? WP_CONTENT_DIR : null,
@@ -203,51 +206,11 @@ class BVInfoCallback extends BVCallbackBase {
203
$data['dynsync'] = $settings->getOption('bvDynSyncActive');
204
$data['woodyn'] = $settings->getOption('bvWooDynSync');
205
$data['dynplug'] = $settings->getOption('bvdynplug');
206
- $data['ptplug'] = $settings->getOption('bvptplug');
207
- $data['fw'] = $this->getFWConfig();
208
- $data['lp'] = $this->getLPConfig();
209
$data['brand'] = $settings->getOption($this->bvinfo->brand_option);
210
$data['badgeinfo'] = $settings->getOption($this->bvinfo->badgeinfo);
211
}
212
213
- public function getLPConfig() {
214
- $config = array();
215
- $settings = $this->settings;
216
- $mode = $settings->getOption('bvlpmode');
217
- $cplimit = $settings->getOption('bvlpcaptchalimit');
218
- $tplimit = $settings->getOption('bvlptempblocklimit');
219
- $bllimit = $settings->getOption('bvlpblockAllLimit');
220
- $config['mode'] = intval($mode ? $mode : 1);
221
- $config['captcha_limit'] = intval($cplimit ? $cplimit : 3);
222
- $config['temp_block_limit'] = intval($tplimit? $tplimit : 6);
223
- $config['block_all_limit'] = intval($bllimit ? $bllimit : 100);
224
- return $config;
225
- }
226
-
227
- public function getFWConfig() {
228
- $config = array();
229
- $settings = $this->settings;
230
- $mode = $settings->getOption('bvfwmode');
231
- $drules = $settings->getOption('bvfwdisabledrules');
232
- $arules = $settings->getOption('bvfwauditrules');
233
- $rmode = $settings->getOption('bvfwrulesmode');
234
- $reqprofilingmode = $settings->getOption('bvfwreqprofilingmode');
235
- $bypass_level = $settings->getOption('bvfwbypasslevel');
236
- $custom_roles = $settings->getOption('bvfwcustomroles');
237
- $cookiemode = $settings->getOption('bvfwcookiemode');
238
- $cookiekey = (string) $settings->getOption('bvfwcookiekey');
239
- $config['mode'] = intval($mode ? $mode : 1);
240
- $config['disabled_rules'] = $drules ? $drules : array();
241
- $config['audit_rules'] = $arules ? $arules : array();
242
- $config['rules_mode'] = intval($rmode ? $rmode : 1);
243
- $config['req_profiling_mode'] = intval($reqprofilingmode ? $reqprofilingmode : 1);
244
- $config['bypslevl'] = intval($bypass_level ? $bypass_level : 2);
245
- $config['cstmrls'] = $custom_roles ? $custom_roles : array();
246
- $config['cookiemode'] = intval($cookiemode ? $cookiemode : 2);
247
- $config['cookiekey'] = $cookiekey;
248
- return $config;
249
- }
250
-
251
public function dbconf(&$info) {
252
$db = $this->db;
253
if (defined('DB_CHARSET'))
@@ -256,6 +219,15 @@ class BVInfoCallback extends BVCallbackBase {
256
$info['charset_collate'] = $db->getCharsetCollate();
257
return $info;
258
}
259
260
public function activate() {
261
$resp = array();
@@ -266,6 +238,15 @@ class BVInfoCallback extends BVCallbackBase {
266
return array('actinfo' => $resp);
267
}
268
269
public function process($request) {
270
$db = $this->db;
271
$params = $request->params;
@@ -273,6 +254,9 @@ class BVInfoCallback extends BVCallbackBase {
273
case "activateinfo":
274
$resp = $this->activate();
275
break;
276
case "gtpsts":
277
$count = 5;
278
if (array_key_exists('count', $params))
@@ -294,6 +278,13 @@ class BVInfoCallback extends BVCallbackBase {
294
case "gtwp":
295
$resp = $this->getWpInfo();
296
break;
297
case "getoption":
298
$resp = array("option" => $this->settings->getOption($params['name']));
299
break;
@@ -309,6 +300,19 @@ class BVInfoCallback extends BVCallbackBase {
309
$transient = $this->objectToArray($transient);
310
$resp = array("transient" => $transient);
311
break;
312
default:
313
$resp = false;
314
}
96
97
public function getSystemInfo() {
98
$sys_info = array(
99
'host' => $_SERVER['HTTP_HOST'],
100
'phpversion' => phpversion(),
101
'AF_INET6' => defined('AF_INET6')
102
);
103
+ if (array_key_exists('SERVER_ADDR', $_SERVER)) {
104
+ $sys_info['serverip'] = $_SERVER['SERVER_ADDR'];
105
+ }
106
if (function_exists('get_current_user')) {
107
$sys_info['user'] = get_current_user();
108
}
136
'wpversion' => $wp_version,
137
'dbversion' => $wp_db_version,
138
'abspath' => ABSPATH,
139
+ 'bvpluginpath' => defined('BVBASEPATH') ? BVBASEPATH : null,
140
'uploadpath' => $upload_dir['basedir'],
141
'uploaddir' => wp_upload_dir(),
142
'contentdir' => defined('WP_CONTENT_DIR') ? WP_CONTENT_DIR : null,
206
$data['dynsync'] = $settings->getOption('bvDynSyncActive');
207
$data['woodyn'] = $settings->getOption('bvWooDynSync');
208
$data['dynplug'] = $settings->getOption('bvdynplug');
209
+ $data['protect'] = $settings->getOption('bvptconf');
210
$data['brand'] = $settings->getOption($this->bvinfo->brand_option);
211
$data['badgeinfo'] = $settings->getOption($this->bvinfo->badgeinfo);
212
}
213
214
public function dbconf(&$info) {
215
$db = $this->db;
216
if (defined('DB_CHARSET'))
219
$info['charset_collate'] = $db->getCharsetCollate();
220
return $info;
221
}
222
+
223
+ public function cookieInfo() {
224
+ $resp = array();
225
+ if (defined('COOKIEPATH'))
226
+ $resp['cookiepath'] = COOKIEPATH;
227
+ if (defined('COOKIE_DOMAIN'))
228
+ $resp['cookiedomain'] = COOKIE_DOMAIN;
229
+ return array('cookieinfo' => $resp);
230
+ }
231
232
public function activate() {
233
$resp = array();
238
return array('actinfo' => $resp);
239
}
240
241
+ public function getHostInfo() {
242
+ $host_info = $_SERVER;
243
+ $host_info['PHP_SERVER_NAME'] = php_uname('\n');
244
+ if (array_key_exists('IS_PRESSABLE', get_defined_constants())) {
245
+ $host_info['IS_PRESSABLE'] = true;
246
+ }
247
+ return array('host_info' => $host_info);
248
+ }
249
+
250
public function process($request) {
251
$db = $this->db;
252
$params = $request->params;
254
case "activateinfo":
255
$resp = $this->activate();
256
break;
257
+ case "ckeyinfo":
258
+ $resp = $this->cookieInfo();
259
+ break;
260
case "gtpsts":
261
$count = 5;
262
if (array_key_exists('count', $params))
278
case "gtwp":
279
$resp = $this->getWpInfo();
280
break;
281
+ case "gtallhdrs":
282
+ $data = (function_exists('getallheaders')) ? getallheaders() : false;
283
+ $resp = array("allhdrs" => $data);
284
+ break;
285
+ case "gtsvr":
286
+ $resp = array("svr" => $_SERVER);
287
+ break;
288
case "getoption":
289
$resp = array("option" => $this->settings->getOption($params['name']));
290
break;
300
$transient = $this->objectToArray($transient);
301
$resp = array("transient" => $transient);
302
break;
303
+ case "gthost":
304
+ $resp = $this->getHostInfo();
305
+ break;
306
+ case "gtplinfo":
307
+ $args = array(
308
+ 'slug' => wp_unslash($params['slug'])
309
+ );
310
+ $action = $params['action'];
311
+ $args = (object) $args;
312
+ $args = apply_filters('plugins_api_args', $args, $action);
313
+ $data = apply_filters('plugins_api', false, $action, $args);
314
+ $resp = array("plugins_info" => $data);
315
+ break;
316
default:
317
$resp = false;
318
}
callback/wings/ipstore.php CHANGED
@@ -3,7 +3,7 @@
3
if (!defined('ABSPATH')) exit;
4
if (!class_exists('BVIPStoreCallback')) :
5
6
- require_once dirname( __FILE__ ) . '/../../protect/ipstore.php';
7
8
class BVIPStoreCallback extends BVCallbackBase {
9
public $db;
@@ -87,9 +87,8 @@ class BVIPStoreCallback extends BVCallbackBase {
87
case "insrtips":
88
$values = $params['values'];
89
$fields = $params['fields'];
90
- $rmfilter = $params['rmfilter'];
91
- if ($rmfilter) {
92
- $db->deleteBVTableContent($table, $rmfilter);
93
}
94
$this->insertIPs($bvTable, $fields, $values);
95
$resp = array("offset" => $this->getIPStoreOffset($bvTable, $auto_increment_offset));
3
if (!defined('ABSPATH')) exit;
4
if (!class_exists('BVIPStoreCallback')) :
5
6
+ require_once dirname( __FILE__ ) . '/../../protect/wp/ipstore.php';
7
8
class BVIPStoreCallback extends BVCallbackBase {
9
public $db;
87
case "insrtips":
88
$values = $params['values'];
89
$fields = $params['fields'];
90
+ if (array_key_exists('rmfilter', $params)) {
91
+ $db->deleteBVTableContent($table, $params['rmfilter']);
92
}
93
$this->insertIPs($bvTable, $fields, $values);
94
$resp = array("offset" => $this->getIPStoreOffset($bvTable, $auto_increment_offset));
callback/wings/lp.php DELETED
@@ -1,74 +0,0 @@
1
- <?php
2
-
3
- if (!defined('ABSPATH')) exit;
4
- if (!class_exists('BVLoginProtectCallback')) :
5
-
6
- require_once dirname( __FILE__ ) . '/../../protect/wp_lp/lp.php';
7
-
8
- class BVLoginProtectCallback extends BVCallbackBase {
9
- public $db;
10
- public $settings;
11
-
12
- public function __construct($callback_handler) {
13
- $this->db = $callback_handler->db;
14
- $this->settings = $callback_handler->settings;
15
- }
16
-
17
- public function unBlockLogins() {
18
- $this->settings->deleteTransient('bvlp_block_logins');
19
- $this->settings->setTransient('bvlp_allow_logins', 'true', 1800);
20
- return $this->settings->getTransient('bvlp_allow_logins');
21
- }
22
-
23
- public function blockLogins($time) {
24
- $this->settings->deleteTransient('bvlp_allow_logins');
25
- $this->settings->setTransient('bvlp_block_logins', 'true', $time);
26
- return $this->settings->getTransient('bvlp_block_logins');
27
- }
28
-
29
- public function unBlockIP($ip, $attempts, $time) {
30
- $transient_name = BVWPLP::$unblock_ip_transient.$ip;
31
- $this->settings->setTransient($transient_name, $attempts, $time);
32
- return $this->settings->getTransient($transient_name);
33
- }
34
-
35
- public function process($request) {
36
- $params = $request->params;
37
- $config = new BVWPLPConfig($this->db, $this->settings);
38
- switch ($request->method) {
39
- case "clrconfig":
40
- $resp = array("clearconfig" => $config->clear());
41
- break;
42
- case "setmode":
43
- $config->setMode($params['mode']);
44
- $resp = array("setmode" => $config->getMode());
45
- break;
46
- case "setcaptchalimit":
47
- $config->setCaptchaLimit($params['captcha_limit']);
48
- $resp = array("captcha_limit" => $config->getCaptchaLimit());
49
- break;
50
- case "settmpblklimit":
51
- $config->setTempBlockLimit($params['temp_block_limit']);
52
- $resp = array("temp_block_limit" => $config->getTempBlockLimit());
53
- break;
54
- case "setblkalllimit":
55
- $config->setBlockAllLimit($params['block_all_limit']);
56
- $resp = array("block_all_limit" => $config->getBlockAllLimit());
57
- break;
58
- case "unblklogins":
59
- $resp = array("unblocklogins" => $this->unBlockLogins());
60
- break;
61
- case "blklogins":
62
- $time = array_key_exists('time', $params) ? $params['time'] : 1800;
63
- $resp = array("blocklogins" => $this->blockLogins($time));
64
- break;
65
- case "unblkip":
66
- $resp = array("unblockip" => $this->unBlockIP($params['ip'], $params['attempts'], $params['time']));
67
- break;
68
- default:
69
- $resp = false;
70
- }
71
- return $resp;
72
- }
73
- }
74
- endif;
callback/wings/misc.php CHANGED
@@ -23,9 +23,9 @@ class BVMiscCallback extends BVCallbackBase {
23
switch ($request->method) {
24
case "dummyping":
25
$resp = array();
26
- $resp = array_merge($resp, $this->siteinfo->respInfo());
27
- $resp = array_merge($resp, $this->account->respInfo());
28
- $resp = array_merge($resp, $this->bvinfo->respInfo());
29
break;
30
case "enablebadge":
31
$option = $bvinfo->badgeinfo;
@@ -52,14 +52,6 @@ class BVMiscCallback extends BVCallbackBase {
52
$settings->deleteOption('bvdynplug');
53
$resp = array("unsetdynplug" => $settings->getOption('bvdynplug'));
54
break;
55
- case "setptplug":
56
- $settings->updateOption('bvptplug', $params['ptplug']);
57
- $resp = array("setptplug" => $settings->getOption('bvptplug'));
58
- break;
59
- case "unsetptplug":
60
- $settings->deleteOption('bvptlug');
61
- $resp = array("unsetptplug" => $settings->getOption('bvptlug'));
62
- break;
63
case "wpupplgs":
64
$resp = array("wpupdateplugins" => wp_update_plugins());
65
break;
@@ -69,10 +61,6 @@ class BVMiscCallback extends BVCallbackBase {
69
case "wpupcre":
70
$resp = array("wpupdatecore" => wp_version_check());
71
break;
72
- case "rmmonitime":
73
- $this->settings->deleteOption('bvmonittime');
74
- $resp = array("rmmonitime" => !$bvinfo->getMonitTime());
75
- break;
76
case "phpinfo":
77
phpinfo();
78
die();
@@ -86,4 +74,4 @@ class BVMiscCallback extends BVCallbackBase {
86
return $resp;
87
}
88
}
89
- endif;
23
switch ($request->method) {
24
case "dummyping":
25
$resp = array();
26
+ $resp = array_merge($resp, $this->siteinfo->info());
27
+ $resp = array_merge($resp, $this->account->info());
28
+ $resp = array_merge($resp, $this->bvinfo->info());
29
break;
30
case "enablebadge":
31
$option = $bvinfo->badgeinfo;
52
$settings->deleteOption('bvdynplug');
53
$resp = array("unsetdynplug" => $settings->getOption('bvdynplug'));
54
break;
55
case "wpupplgs":
56
$resp = array("wpupdateplugins" => wp_update_plugins());
57
break;
61
case "wpupcre":
62
$resp = array("wpupdatecore" => wp_version_check());
63
break;
64
case "phpinfo":
65
phpinfo();
66
die();
74
return $resp;
75
}
76
}
77
+ endif;
callback/wings/protect.php CHANGED
@@ -3,7 +3,9 @@
3
if (!defined('ABSPATH')) exit;
4
if (!class_exists('BVProtectCallback')) :
5
6
- require_once dirname( __FILE__ ) . '/../../protect/protect.php';
7
8
class BVProtectCallback extends BVCallbackBase {
9
public $db;
@@ -14,10 +16,40 @@ class BVProtectCallback extends BVCallbackBase {
14
$this->settings = $callback_handler->settings;
15
}
16
17
public function process($request) {
18
$bvinfo = new BVInfo($this->settings);
19
- $protect = new BVProtect($this->db, $this->settings);
20
$params = $request->params;
21
switch ($request->method) {
22
case "gtipprobeinfo":
23
$resp = array();
@@ -31,41 +63,52 @@ class BVProtectCallback extends BVCallbackBase {
31
}
32
}
33
$resp["hdrsinfo"] = $hdrsinfo;
34
- if ($iphdr = $this->settings->getOption($bvinfo->ip_header_option)) {
35
- $resp["iphdr"] = $iphdr;
36
- }
37
break;
38
case "gtraddr":
39
$raddr = array_key_exists('REMOTE_ADDR', $_SERVER) ? $_SERVER['REMOTE_ADDR'] : false;
40
$resp = array("raddr" => $raddr);
41
break;
42
- case "gtallhdrs":
43
- $data = (function_exists('getallheaders')) ? getallheaders() : false;
44
- $resp = array("allhdrs" => $data);
45
break;
46
- case "gtsvr":
47
- $resp = array("svr" => $_SERVER);
48
break;
49
- case "gtip":
50
- $resp = array("ip" => $protect->getIP());
51
break;
52
- case "stiphdr":
53
- $option_name = $bvinfo->ip_header_option;
54
- $iphdr = array('hdr' => $params['hdr'], 'pos' => $params['pos']);
55
- $this->settings->updateOption($option_name, $iphdr);
56
- $resp = array("iphdr" => $this->settings->getOption($option_name));
57
break;
58
- case "gtiphdr":
59
- $resp = array("iphdr" => $this->settings->getOption($bvinfo->ip_header_option));
60
break;
61
- case "rmiphdr":
62
- $option_name = $bvinfo->ip_header_option;
63
- $this->settings->deleteOption($option_name);
64
- $resp = array("iphdr" => $this->settings->getOption($option_name));
65
break;
66
default:
67
$resp = false;
68
}
69
return $resp;
70
}
71
}
3
if (!defined('ABSPATH')) exit;
4
if (!class_exists('BVProtectCallback')) :
5
6
+ require_once dirname( __FILE__ ) . '/../../protect/wp/protect.php';
7
+ require_once dirname( __FILE__ ) . '/../../protect/fw/config.php';
8
+ require_once dirname( __FILE__ ) . '/../../protect/wp/lp/config.php';
9
10
class BVProtectCallback extends BVCallbackBase {
11
public $db;
16
$this->settings = $callback_handler->settings;
17
}
18
19
+ public function serverConfig() {
20
+ return array(
21
+ 'software' => $_SERVER['SERVER_SOFTWARE'],
22
+ 'sapi' => (function_exists('php_sapi_name')) ? php_sapi_name() : false,
23
+ 'has_apache_get_modules' => function_exists('apache_get_modules'),
24
+ 'posix_getuid' => (function_exists('posix_getuid')) ? posix_getuid() : null,
25
+ 'uid' => (function_exists('getmyuid')) ? getmyuid() : null,
26
+ 'user_ini' => ini_get('user_ini.filename'),
27
+ 'php_major_version' => PHP_MAJOR_VERSION
28
+ );
29
+ }
30
+
31
+ public function unBlockLogins() {
32
+ $this->settings->deleteTransient('bvlp_block_logins');
33
+ $this->settings->setTransient('bvlp_allow_logins', 'true', 1800);
34
+ return $this->settings->getTransient('bvlp_allow_logins');
35
+ }
36
+
37
+ public function blockLogins($time) {
38
+ $this->settings->deleteTransient('bvlp_allow_logins');
39
+ $this->settings->setTransient('bvlp_block_logins', 'true', $time);
40
+ return $this->settings->getTransient('bvlp_block_logins');
41
+ }
42
+
43
+ public function unBlockIP($ip, $attempts, $time) {
44
+ $transient_name = BVWPLP::$unblock_ip_transient.$ip;
45
+ $this->settings->setTransient($transient_name, $attempts, $time);
46
+ return $this->settings->getTransient($transient_name);
47
+ }
48
+
49
public function process($request) {
50
$bvinfo = new BVInfo($this->settings);
51
$params = $request->params;
52
+
53
switch ($request->method) {
54
case "gtipprobeinfo":
55
$resp = array();
63
}
64
}
65
$resp["hdrsinfo"] = $hdrsinfo;
66
+ break;
67
+ case "gtptcnf":
68
+ $resp = array('conf' => $this->settings->getOption('bvptconf'));
69
+ break;
70
+ case "clrcnf":
71
+ $this->settings->deleteOption('bvptconf');
72
+ $this->settings->deleteOption('bvptplug');
73
+ $resp = array("clearconfig" => true);
74
+ break;
75
+ case "docnf":
76
+ $this->settings->updateOption('bvptconf', $params['conf']);
77
+ $resp = array('conf' => $this->settings->getOption('bvptconf'));
78
break;
79
case "gtraddr":
80
$raddr = array_key_exists('REMOTE_ADDR', $_SERVER) ? $_SERVER['REMOTE_ADDR'] : false;
81
$resp = array("raddr" => $raddr);
82
break;
83
+ case "svrcnf":
84
+ $resp = array("serverconfig" => $this->serverConfig());
85
+ break;
86
+ case "setptplug":
87
+ $this->settings->updateOption('bvptplug', $params['ptplug']);
88
+ $resp = array("setptplug" => $this->settings->getOption('bvptplug'));
89
break;
90
+ case "unsetptplug":
91
+ $this->settings->deleteOption('bvptlug');
92
+ $resp = array("unsetptplug" => $this->settings->getOption('bvptlug'));
93
break;
94
+ case "unblklogins":
95
+ $resp = array("unblocklogins" => $this->unBlockLogins());
96
break;
97
+ case "blklogins":
98
+ $time = array_key_exists('time', $params) ? $params['time'] : 1800;
99
+ $resp = array("blocklogins" => $this->blockLogins($time));
100
break;
101
+ case "unblkip":
102
+ $resp = array("unblockip" => $this->unBlockIP($params['ip'], $params['attempts'], $params['time']));
103
break;
104
+ case "rmwatchtime":
105
+ $this->settings->deleteOption('bvwatchtime');
106
+ $resp = array("rmwatchtime" => !$bvinfo->getWatchTime());
107
break;
108
default:
109
$resp = false;
110
}
111
+
112
return $resp;
113
}
114
}
callback/wings/{monit.php → watch.php} RENAMED
@@ -1,9 +1,9 @@
1
<?php
2
3
if (!defined('ABSPATH')) exit;
4
- if (!class_exists('BVMonitCallback')) :
5
6
- class BVMonitCallback extends BVCallbackBase {
7
public $db;
8
public $settings;
9
@@ -31,20 +31,65 @@ class BVMonitCallback extends BVCallbackBase {
31
return $this->db->deleteBVTableContent($name, $filter);
32
}
33
34
- public function setMonitTime() {
35
- return $this->settings->updateOption('bvmonittime', time());
36
}
37
38
public function process($request) {
39
$db = $this->db;
40
$settings = $this->settings;
41
- $this->setMonitTime();
42
$params = $request->params;
43
switch ($request->method) {
44
case "getdata":
45
$resp = array();
46
if (array_key_exists('lp', $params)) {
47
- require_once dirname( __FILE__ ) . '/../../protect/wp_lp/config.php';
48
$lp_params = $params['lp'];
49
$limit = intval(urldecode($lp_params['limit']));
50
$filter = urldecode($lp_params['filter']);
@@ -52,15 +97,22 @@ class BVMonitCallback extends BVCallbackBase {
52
$table = $db->getBVTable(BVWPLPConfig::$requests_table);
53
$resp["lplogs"] = $this->getData($table, $limit, $filter);
54
}
55
if (array_key_exists('fw', $params)) {
56
- require_once dirname( __FILE__ ) . '/../../protect/wp_fw/config.php';
57
$fw_params = $params['fw'];
58
$limit = intval(urldecode($fw_params['limit']));
59
$filter = urldecode($fw_params['filter']);
60
- $db->deleteBVTableContent(BVWPFWConfig::$requests_table, $fw_params['rmfilter']);
61
- $table = $db->getBVTable(BVWPFWConfig::$requests_table);
62
$resp["fwlogs"] = $this->getData($table, $limit, $filter);
63
}
64
if (array_key_exists('dynevent', $params)) {
65
require_once dirname( __FILE__ ) . '/../../wp_dynsync.php';
66
$isdynsyncactive = $settings->getOption('bvDynSyncActive');
@@ -76,6 +128,7 @@ class BVMonitCallback extends BVCallbackBase {
76
$resp["status"] = true;
77
}
78
}
79
$resp["status"] = "done";
80
break;
81
case "rmdata":
1
<?php
2
3
if (!defined('ABSPATH')) exit;
4
+ if (!class_exists('BVWatchCallback')) :
5
6
+ class BVWatchCallback extends BVCallbackBase {
7
public $db;
8
public $settings;
9
31
return $this->db->deleteBVTableContent($name, $filter);
32
}
33
34
+ public function setWatchTime() {
35
+ return $this->settings->updateOption('bvwatchtime', time());
36
+ }
37
+
38
+ public function getFWPrependLog($params) {
39
+ $result = array();
40
+ $fname = $params['fname'];
41
+ $limit = intval($params['limit']);
42
+
43
+ if (file_exists($fname)) {
44
+
45
+ $result['exists'] = true;
46
+ $tmpfname = $fname."tmp";
47
+
48
+ if (!@rename($fname, $tmpfname)) {
49
+
50
+ $result = array('status' => 'Error', 'message' => 'UNABLE_TO_RENAME_LOGFILE');
51
+
52
+ } else {
53
+
54
+ if (file_exists($tmpfname)) {
55
+
56
+ $fsize = filesize($tmpfname);
57
+ $result["size"] = $fsize;
58
+
59
+ if ($fsize <= $limit) {
60
+
61
+ $result['content'] = file_get_contents($tmpfname);
62
+
63
+ } else {
64
+ $handle = fopen($tmpfname, "rb");
65
+ $result['content'] = fread($handle, $limit);
66
+ $result['incomplete'] = true;
67
+ fclose($handle);
68
+ }
69
+
70
+ $result['tmpfile'] = unlink($tmpfname);
71
+ } else {
72
+ $result['tmpfile'] = 'DOES_NOT_EXISTS';
73
+ }
74
+
75
+ }
76
+ }
77
+
78
+ return $result;
79
}
80
81
public function process($request) {
82
$db = $this->db;
83
$settings = $this->settings;
84
+ $this->setWatchTime();
85
$params = $request->params;
86
+
87
switch ($request->method) {
88
case "getdata":
89
$resp = array();
90
+
91
if (array_key_exists('lp', $params)) {
92
+ require_once dirname( __FILE__ ) . '/../../protect/wp/lp/config.php';
93
$lp_params = $params['lp'];
94
$limit = intval(urldecode($lp_params['limit']));
95
$filter = urldecode($lp_params['filter']);
97
$table = $db->getBVTable(BVWPLPConfig::$requests_table);
98
$resp["lplogs"] = $this->getData($table, $limit, $filter);
99
}
100
+
101
+ if (array_key_exists('prelog', $params)) {
102
+ $prelog_params = $params['prelog'];
103
+ $resp["prelog"] = $this->getFWPrependLog($prelog_params);
104
+ }
105
+
106
if (array_key_exists('fw', $params)) {
107
+ require_once dirname( __FILE__ ) . '/../../protect/fw/config.php';
108
$fw_params = $params['fw'];
109
$limit = intval(urldecode($fw_params['limit']));
110
$filter = urldecode($fw_params['filter']);
111
+ $db->deleteBVTableContent(BVFWConfig::$requests_table, $fw_params['rmfilter']);
112
+ $table = $db->getBVTable(BVFWConfig::$requests_table);
113
$resp["fwlogs"] = $this->getData($table, $limit, $filter);
114
}
115
+
116
if (array_key_exists('dynevent', $params)) {
117
require_once dirname( __FILE__ ) . '/../../wp_dynsync.php';
118
$isdynsyncactive = $settings->getOption('bvDynSyncActive');
128
$resp["status"] = true;
129
}
130
}
131
+
132
$resp["status"] = "done";
133
break;
134
case "rmdata":
info.php CHANGED
@@ -9,17 +9,23 @@ if (!class_exists('BVInfo')) :
9
public $badgeinfo = 'bvbadge';
10
public $ip_header_option = 'bvipheader';
11
public $brand_option = 'bvbrand';
12
- public $version = '3.4';
13
public $webpage = 'https://blogvault.net';
14
public $appurl = 'https://app.blogvault.net';
15
public $slug = 'blogvault-real-time-backup/blogvault.php';
16
public $plug_redirect = 'bvredirect';
17
public $logo = '../img/bvlogo.png';
18
19
public function __construct($settings) {
20
$this->settings = $settings;
21
}
22
23
public function getBrandInfo() {
24
return $this->settings->getOption($this->brand_option);
25
}
@@ -29,11 +35,20 @@ if (!class_exists('BVInfo')) :
29
if ($brand && array_key_exists('menuname', $brand)) {
30
return $brand['menuname'];
31
}
32
return $this->brandname;
33
}
34
35
- public function getMonitTime() {
36
- $time = $this->settings->getOption('bvmonittime');
37
return ($time ? $time : 0);
38
}
39
@@ -48,10 +63,10 @@ if (!class_exists('BVInfo')) :
48
return $this->appurl;
49
}
50
}
51
-
52
public function isActivePlugin() {
53
$expiry_time = time() - (3 * 24 * 3600);
54
- return ($this->getMonitTime() > $expiry_time);
55
}
56
57
public function isProtectModuleEnabled() {
@@ -63,6 +78,7 @@ if (!class_exists('BVInfo')) :
63
return ($this->settings->getOption('bvdynplug') === $this->plugname) &&
64
$this->isActivePlugin();
65
}
66
public function isActivateRedirectSet() {
67
return ($this->settings->getOption($this->plug_redirect) === 'yes') ? true : false;
68
}
@@ -75,10 +91,11 @@ if (!class_exists('BVInfo')) :
75
return $this->getBrandName() === 'BlogVault';
76
}
77
78
- public function respInfo() {
79
return array(
80
"bvversion" => $this->version,
81
- "sha1" => "true"
82
);
83
}
84
}
9
public $badgeinfo = 'bvbadge';
10
public $ip_header_option = 'bvipheader';
11
public $brand_option = 'bvbrand';
12
+ public $version = '4.2';
13
public $webpage = 'https://blogvault.net';
14
public $appurl = 'https://app.blogvault.net';
15
public $slug = 'blogvault-real-time-backup/blogvault.php';
16
public $plug_redirect = 'bvredirect';
17
public $logo = '../img/bvlogo.png';
18
+ public $brand_icon = '/img/icon.png';
19
20
public function __construct($settings) {
21
$this->settings = $settings;
22
}
23
24
+ public function canOverrideCW() {
25
+ $scanOption = $this->settings->getOption('bvoverridecw');
26
+ return (isset($scanOption) && $scanOption == 1);
27
+ }
28
+
29
public function getBrandInfo() {
30
return $this->settings->getOption($this->brand_option);
31
}
35
if ($brand && array_key_exists('menuname', $brand)) {
36
return $brand['menuname'];
37
}
38
+
39
return $this->brandname;
40
}
41
42
+ public function getBrandIcon() {
43
+ $brand = $this->getBrandInfo();
44
+ if ($brand && array_key_exists('brand_icon', $brand)) {
45
+ return $brand['brand_icon'];
46
+ }
47
+ return $this->brand_icon;
48
+ }
49
+
50
+ public function getWatchTime() {
51
+ $time = $this->settings->getOption('bvwatchtime');
52
return ($time ? $time : 0);
53
}
54
63
return $this->appurl;
64
}
65
}
66
+
67
public function isActivePlugin() {
68
$expiry_time = time() - (3 * 24 * 3600);
69
+ return ($this->getWatchTime() > $expiry_time);
70
}
71
72
public function isProtectModuleEnabled() {
78
return ($this->settings->getOption('bvdynplug') === $this->plugname) &&
79
$this->isActivePlugin();
80
}
81
+
82
public function isActivateRedirectSet() {
83
return ($this->settings->getOption($this->plug_redirect) === 'yes') ? true : false;
84
}
91
return $this->getBrandName() === 'BlogVault';
92
}
93
94
+ public function info() {
95
return array(
96
"bvversion" => $this->version,
97
+ "sha1" => "true",
98
+ "plugname" => $this->plugname
99
);
100
}
101
}
protect/base.php ADDED
@@ -0,0 +1,29 @@
1
+ <?php
2
+ if (! (defined('ABSPATH') || defined('MCDATAPATH')) ) exit;
3
+ if (!class_exists('BVProtectBase')) :
4
+
5
+ class BVProtectBase {
6
+ public static function getIP($ipHeader) {
7
+ $ip = '127.0.0.1';
8
+ if ($ipHeader && is_array($ipHeader)) {
9
+ if (array_key_exists($ipHeader['hdr'], $_SERVER)) {
10
+ $_ips = preg_split("/(,| |\t)/", $_SERVER[$ipHeader['hdr']]);
11
+ if (array_key_exists(intval($ipHeader['pos']), $_ips)) {
12
+ $ip = $_ips[intval($ipHeader['pos'])];
13
+ }
14
+ }
15
+ } else if (array_key_exists('REMOTE_ADDR', $_SERVER)) {
16
+ $ip = $_SERVER['REMOTE_ADDR'];
17
+ }
18
+
19
+ $ip = trim($ip);
20
+ if (preg_match('/^\[([0-9a-fA-F:]+)\](:[0-9]+)#x2F;', $ip, $matches)) {
21
+ $ip = $matches[1];
22
+ } elseif (preg_match('/^([0-9.]+)(:[0-9]+)#x2F;', $ip, $matches)) {
23
+ $ip = $matches[1];
24
+ }
25
+
26
+ return $ip;
27
+ }
28
+ }
29
+ endif;
protect/fw/config.php ADDED
@@ -0,0 +1,117 @@
1
+ <?php
2
+
3
+ if (! (defined('ABSPATH') || defined('MCDATAPATH')) ) exit;
4
+ if (!class_exists('BVFWConfig')) :
5
+
6
+ class BVFWConfig {
7
+ public $mode;
8
+ public $requestProfilingMode;
9
+ public $roleLevel;
10
+ public $ipCookieMode;
11
+ public $adminCookieMode;
12
+ public $bypassLevel;
13
+ public $customRoles;
14
+ public $cookieKey;
15
+ public $cookiePath;
16
+ public $cookieDomain;
17
+ public $loggingMode;
18
+
19
+ public static $requests_table = 'fw_requests';
20
+ public static $roleLevels = array(
21
+ 'administrator' => BVFWConfig::ROLE_LEVEL_ADMIN,
22
+ 'editor' => BVFWConfig::ROLE_LEVEL_EDITOR,
23
+ 'author' => BVFWConfig::ROLE_LEVEL_AUTHOR,
24
+ 'contributor' => BVFWConfig::ROLE_LEVEL_CONTRIBUTOR,
25
+ 'subscriber' => BVFWConfig::ROLE_LEVEL_SUBSCRIBER
26
+ );
27
+
28
+ function __construct($confHash) {
29
+ $this->mode = array_key_exists('mode', $confHash) ? intval($confHash['mode']) : BVFWConfig::DISABLED;
30
+ $this->requestProfilingMode = array_key_exists('reqprofilingmode', $confHash) ? intval($confHash['reqprofilingmode']) : BVFWConfig::REQ_PROFILING_MODE_DISABLED;
31
+ $this->ipCookieMode = array_key_exists('ipcookiemode', $confHash) ? intval($confHash['ipcookiemode']) : BVFWConfig::IP_COOKIE_MODE_DISABLED;
32
+ $this->adminCookieMode = array_key_exists('admincookiemode', $confHash) ? intval($confHash['admincookiemode']) : BVFWConfig::ADMIN_COOKIE_MODE_DISABLED;
33
+ $this->loggingMode = array_key_exists('loggingmode', $confHash) ? intval($confHash['loggingmode']) : BVFWConfig::LOGGING_MODE_VISITOR;
34
+ $this->bypassLevel = array_key_exists('bypasslevel', $confHash) ? intval($confHash['bypasslevel']) : BVFWConfig::ROLE_LEVEL_CONTRIBUTOR;
35
+ $this->customRoles = array_key_exists('customroles', $confHash) ? $confHash['customroles'] : array();
36
+ $this->cookieKey = array_key_exists('cookiekey', $confHash) ? $confHash['cookiekey'] : "";
37
+ $this->cookiePath = array_key_exists('cookiepath', $confHash) ? $confHash['cookiepath'] : "";
38
+ $this->cookieDomain = array_key_exists('cookiedomain', $confHash) ? $confHash['cookiedomain'] : "";
39
+ }
40
+
41
+ #mode
42
+ const DISABLED = 1;
43
+ const AUDIT = 2;
44
+ const PROTECT = 3;
45
+
46
+ #Request Profiling Mode
47
+ const REQ_PROFILING_MODE_DISABLED = 1;
48
+ const REQ_PROFILING_MODE_NORMAL = 2;
49
+ const REQ_PROFILING_MODE_DEBUG = 3;
50
+
51
+ #IP Cookie Mode
52
+ const IP_COOKIE_MODE_ENABLED = 1;
53
+ const IP_COOKIE_MODE_DISABLED = 2;
54
+
55
+ #Admin Cookie Mode
56
+ const ADMIN_COOKIE_MODE_ENABLED = 1;
57
+ const ADMIN_COOKIE_MODE_DISABLED = 2;
58
+
59
+ #Role Level
60
+ const ROLE_LEVEL_SUBSCRIBER = 1;
61
+ const ROLE_LEVEL_CONTRIBUTOR = 2;
62
+ const ROLE_LEVEL_AUTHOR = 3;
63
+ const ROLE_LEVEL_EDITOR = 4;
64
+ const ROLE_LEVEL_ADMIN = 5;
65
+ const ROLE_LEVEL_CUSTOM = 6;
66
+
67
+ #WebServer Conf Mode
68
+ const MODE_APACHEMODPHP = 1;
69
+ const MODE_APACHESUPHP = 2;
70
+ const MODE_CGI_FASTCGI = 3;
71
+ const MODE_NGINX = 4;
72
+ const MODE_LITESPEED = 5;
73
+ const MODE_IIS = 6;
74
+
75
+ #Logging Mode
76
+ const LOGGING_MODE_VISITOR = 1;
77
+ const LOGGING_MODE_COMPLETE = 2;
78
+ const LOGGING_MODE_DISABLED = 3;
79
+
80
+
81
+ #Valid mc_data filenames
82
+ public static $validMcDataFilenames = array('mc.conf', 'mc_ips.conf');
83
+ public static $validDeletableFiles = array('mc.conf', 'mc_ips.conf', 'malcare-waf.php', 'mc.log', 'mc_data');
84
+
85
+ public function isActive() {
86
+ return ($this->mode !== BVFWConfig::DISABLED);
87
+ }
88
+
89
+ public function isProtecting() {
90
+ return ($this->mode === BVFWConfig::PROTECT);
91
+ }
92
+
93
+ public function isAuditing() {
94
+ return ($this->mode === BVFWConfig::AUDIT);
95
+ }
96
+
97
+ public function isReqProfilingModeDebug() {
98
+ return ($this->requestProfilingMode === BVFWConfig::REQ_PROFILING_MODE_DEBUG);
99
+ }
100
+
101
+ public function canProfileReqInfo() {
102
+ return ($this->requestProfilingMode !== BVFWConfig::REQ_PROFILING_MODE_DISABLED);
103
+ }
104
+
105
+ public function isCompleteLoggingEnabled() {
106
+ return ($this->loggingMode === BVFWConfig::LOGGING_MODE_COMPLETE);
107
+ }
108
+
109
+ public function isVisitorLoggingEnabled() {
110
+ return ($this->loggingMode === BVFWConfig::LOGGING_MODE_VISITOR);
111
+ }
112
+
113
+ public function isLoggingDisabled() {
114
+ return ($this->loggingMode === BVFWConfig::LOGGING_MODE_DISABLED);
115
+ }
116
+ }
117
+ endif;
protect/fw/fw.php ADDED
@@ -0,0 +1,347 @@
1
+ <?php
2
+
3
+ if (! (defined('ABSPATH') || defined('MCDATAPATH')) ) exit;
4
+ if (!class_exists('BVFW')) :
5
+
6
+ class BVFW {
7
+ public $bvinfo;
8
+ public $request;
9
+ public $config;
10
+ public $ipstore;
11
+ public $category;
12
+ public $logger;
13
+
14
+ const SQLIREGEX = '/(?:[^\\w<]|\\/\\*\\![0-9]*|^)(?:
15
+ @@HOSTNAME|
16
+ ALTER|ANALYZE|ASENSITIVE|
17
+ BEFORE|BENCHMARK|BETWEEN|BIGINT|BINARY|BLOB|
18
+ CALL|CASE|CHANGE|CHAR|CHARACTER|CHAR_LENGTH|COLLATE|COLUMN|CONCAT|CONDITION|CONSTRAINT|CONTINUE|CONVERT|CREATE|CROSS|CURRENT_DATE|CURRENT_TIME|CURRENT_TIMESTAMP|CURRENT_USER|CURSOR|
19
+ DATABASE|DATABASES|DAY_HOUR|DAY_MICROSECOND|DAY_MINUTE|DAY_SECOND|DECIMAL|DECLARE|DEFAULT|DELAYED|DELETE|DESCRIBE|DETERMINISTIC|DISTINCT|DISTINCTROW|DOUBLE|DROP|DUAL|DUMPFILE|
20
+ EACH|ELSE|ELSEIF|ELT|ENCLOSED|ESCAPED|EXISTS|EXIT|EXPLAIN|EXTRACTVALUE|
21
+ FETCH|FLOAT|FLOAT4|FLOAT8|FORCE|FOREIGN|FROM|FULLTEXT|
22
+ GRANT|GROUP|HAVING|HEX|HIGH_PRIORITY|HOUR_MICROSECOND|HOUR_MINUTE|HOUR_SECOND|
23
+ IFNULL|IGNORE|INDEX|INFILE|INNER|INOUT|INSENSITIVE|INSERT|INTERVAL|ISNULL|ITERATE|
24
+ JOIN|KILL|LEADING|LEAVE|LIMIT|LINEAR|LINES|LOAD|LOAD_FILE|LOCALTIME|LOCALTIMESTAMP|LOCK|LONG|LONGBLOB|LONGTEXT|LOOP|LOW_PRIORITY|
25
+ MASTER_SSL_VERIFY_SERVER_CERT|MATCH|MAXVALUE|MEDIUMBLOB|MEDIUMINT|MEDIUMTEXT|MID|MIDDLEINT|MINUTE_MICROSECOND|MINUTE_SECOND|MODIFIES|
26
+ NATURAL|NO_WRITE_TO_BINLOG|NULL|NUMERIC|OPTION|ORD|ORDER|OUTER|OUTFILE|
27
+ PRECISION|PRIMARY|PRIVILEGES|PROCEDURE|PROCESSLIST|PURGE|
28
+ RANGE|READ_WRITE|REGEXP|RELEASE|REPEAT|REQUIRE|RESIGNAL|RESTRICT|RETURN|REVOKE|RLIKE|ROLLBACK|
29
+ SCHEMA|SCHEMAS|SECOND_MICROSECOND|SELECT|SENSITIVE|SEPARATOR|SHOW|SIGNAL|SLEEP|SMALLINT|SPATIAL|SPECIFIC|SQLEXCEPTION|SQLSTATE|SQLWARNING|SQL_BIG_RESULT|SQL_CALC_FOUND_ROWS|SQL_SMALL_RESULT|STARTING|STRAIGHT_JOIN|SUBSTR|
30
+ TABLE|TERMINATED|TINYBLOB|TINYINT|TINYTEXT|TRAILING|TRANSACTION|TRIGGER|
31
+ UNDO|UNHEX|UNION|UNLOCK|UNSIGNED|UPDATE|UPDATEXML|USAGE|USING|UTC_DATE|UTC_TIME|UTC_TIMESTAMP|
32
+ VALUES|VARBINARY|VARCHAR|VARCHARACTER|VARYING|WHEN|WHERE|WHILE|WRITE|YEAR_MONTH|ZEROFILL)(?=[^\\w]|$)/ix';
33
+
34
+ const XSSREGEX = '/(?:
35
+ #tags
36
+ (?:\\<|\\+ADw\\-|\\xC2\\xBC)(script|iframe|svg|object|embed|applet|link|style|meta|\\/\\/|\\?xml\\-stylesheet)(?:[^\\w]|\\xC2\\xBE)|
37
+ #protocols
38
+ (?:^|[^\\w])(?:(?:\\s*(?:&\\#(?:x0*6a|0*106)|j)\\s*(?:&\\#(?:x0*61|0*97)|a)\\s*(?:&\\#(?:x0*76|0*118)|v)\\s*(?:&\\#(?:x0*61|0*97)|a)|\\s*(?:&\\#(?:x0*76|0*118)|v)\\s*(?:&\\#(?:x0*62|0*98)|b)|\\s*(?:&\\#(?:x0*65|0*101)|e)\\s*(?:&\\#(?:x0*63|0*99)|c)\\s*(?:&\\#(?:x0*6d|0*109)|m)\\s*(?:&\\#(?:x0*61|0*97)|a)|\\s*(?:&\\#(?:x0*6c|0*108)|l)\\s*(?:&\\#(?:x0*69|0*105)|i)\\s*(?:&\\#(?:x0*76|0*118)|v)\\s*(?:&\\#(?:x0*65|0*101)|e))\\s*(?:&\\#(?:x0*73|0*115)|s)\\s*(?:&\\#(?:x0*63|0*99)|c)\\s*(?:&\\#(?:x0*72|0*114)|r)\\s*(?:&\\#(?:x0*69|0*105)|i)\\s*(?:&\\#(?:x0*70|0*112)|p)\\s*(?:&\\#(?:x0*74|0*116)|t)|\\s*(?:&\\#(?:x0*6d|0*109)|m)\\s*(?:&\\#(?:x0*68|0*104)|h)\\s*(?:&\\#(?:x0*74|0*116)|t)\\s*(?:&\\#(?:x0*6d|0*109)|m)\\s*(?:&\\#(?:x0*6c|0*108)|l)|\\s*(?:&\\#(?:x0*6d|0*109)|m)\\s*(?:&\\#(?:x0*6f|0*111)|o)\\s*(?:&\\#(?:x0*63|0*99)|c)\\s*(?:&\\#(?:x0*68|0*104)|h)\\s*(?:&\\#(?:x0*61|0*97)|a)|\\s*(?:&\\#(?:x0*64|0*100)|d)\\s*(?:&\\#(?:x0*61|0*97)|a)\\s*(?:&\\#(?:x0*74|0*116)|t)\\s*(?:&\\#(?:x0*61|0*97)|a)(?!(?:&\\#(?:x0*3a|0*58)|\\:)(?:&\\#(?:x0*69|0*105)|i)(?:&\\#(?:x0*6d|0*109)|m)(?:&\\#(?:x0*61|0*97)|a)(?:&\\#(?:x0*67|0*103)|g)(?:&\\#(?:x0*65|0*101)|e)(?:&\\#(?:x0*2f|0*47)|\\/)(?:(?:&\\#(?:x0*70|0*112)|p)(?:&\\#(?:x0*6e|0*110)|n)(?:&\\#(?:x0*67|0*103)|g)|(?:&\\#(?:x0*62|0*98)|b)(?:&\\#(?:x0*6d|0*109)|m)(?:&\\#(?:x0*70|0*112)|p)|(?:&\\#(?:x0*67|0*103)|g)(?:&\\#(?:x0*69|0*105)|i)(?:&\\#(?:x0*66|0*102)|f)|(?:&\\#(?:x0*70|0*112)|p)?(?:&\\#(?:x0*6a|0*106)|j)(?:&\\#(?:x0*70|0*112)|p)(?:&\\#(?:x0*65|0*101)|e)(?:&\\#(?:x0*67|0*103)|g)|(?:&\\#(?:x0*74|0*116)|t)(?:&\\#(?:x0*69|0*105)|i)(?:&\\#(?:x0*66|0*102)|f)(?:&\\#(?:x0*66|0*102)|f)|(?:&\\#(?:x0*73|0*115)|s)(?:&\\#(?:x0*76|0*118)|v)(?:&\\#(?:x0*67|0*103)|g)(?:&\\#(?:x0*2b|0*43)|\\+)(?:&\\#(?:x0*78|0*120)|x)(?:&\\#(?:x0*6d|0*109)|m)(?:&\\#(?:x0*6c|0*108)|l))(?:(?:&\\#(?:x0*3b|0*59)|;)(?:&\\#(?:x0*63|0*99)|c)(?:&\\#(?:x0*68|0*104)|h)(?:&\\#(?:x0*61|0*97)|a)(?:&\\#(?:x0*72|0*114)|r)(?:&\\#(?:x0*73|0*115)|s)(?:&\\#(?:x0*65|0*101)|e)(?:&\\#(?:x0*74|0*116)|t)(?:&\\#(?:x0*3d|0*61)|=)[\\-a-z0-9]+)?(?:(?:&\\#(?:x0*3b|0*59)|;)(?:&\\#(?:x0*62|0*98)|b)(?:&\\#(?:x0*61|0*97)|a)(?:&\\#(?:x0*73|0*115)|s)(?:&\\#(?:x0*65|0*101)|e)(?:&\\#(?:x0*36|0*54)|6)(?:&\\#(?:x0*34|0*52)|4))?(?:&\\#(?:x0*2c|0*44)|,)))\\s*(?:&\\#(?:x0*3a|0*58)|&colon|\\:)|
39
+ #css expression
40
+ (?:^|[^\\w])(?:(?:\\\\0*65|\\\\0*45|e)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*78|\\\\0*58|x)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*70|\\\\0*50|p)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*72|\\\\0*52|r)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*65|\\\\0*45|e)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*73|\\\\0*53|s)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*73|\\\\0*53|s)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*69|\\\\0*49|i)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6f|\\\\0*4f|o)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6e|\\\\0*4e|n))[^\\w]*?(?:\\\\0*28|\\()|
41
+ #css properties
42
+ (?:^|[^\\w])(?:(?:(?:\\\\0*62|\\\\0*42|b)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*65|\\\\0*45|e)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*68|\\\\0*48|h)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*61|\\\\0*41|a)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*76|\\\\0*56|v)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*69|\\\\0*49|i)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6f|\\\\0*4f|o)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*72|\\\\0*52|r)(?:\\/\\*.*?\\*\\/)*)|(?:(?:\\\\0*2d|\\\\0*2d|-)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6d|\\\\0*4d|m)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6f|\\\\0*4f|o)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*7a|\\\\0*5a|z)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*2d|\\\\0*2d|-)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*62|\\\\0*42|b)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*69|\\\\0*49|i)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6e|\\\\0*4e|n)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*64|\\\\0*44|d)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*69|\\\\0*49|i)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6e|\\\\0*4e|n)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*67|\\\\0*47|g)(?:\\/\\*.*?\\*\\/)*))[^\\w]*(?:\\\\0*3a|\\\\0*3a|:)[^\\w]*(?:\\\\0*75|\\\\0*55|u)(?:\\\\0*72|\\\\0*52|r)(?:\\\\0*6c|\\\\0*4c|l)|
43
+ #properties
44
+ (?:^|[^\\w])(?:on(?:abort|activate|afterprint|afterupdate|autocomplete|autocompleteerror|beforeactivate|beforecopy|beforecut|beforedeactivate|beforeeditfocus|beforepaste|beforeprint|beforeunload|beforeupdate|blur|bounce|cancel|canplay|canplaythrough|cellchange|change|click|close|contextmenu|controlselect|copy|cuechange|cut|dataavailable|datasetchanged|datasetcomplete|dblclick|deactivate|drag|dragend|dragenter|dragleave|dragover|dragstart|drop|durationchange|emptied|encrypted|ended|error|errorupdate|filterchange|finish|focus|focusin|focusout|formchange|forminput|hashchange|help|input|invalid|keydown|keypress|keyup|languagechange|layoutcomplete|load|loadeddata|loadedmetadata|loadstart|losecapture|message|mousedown|mouseenter|mouseleave|mousemove|mouseout|mouseover|mouseup|mousewheel|move|moveend|movestart|mozfullscreenchange|mozfullscreenerror|mozpointerlockchange|mozpointerlockerror|offline|online|page|pagehide|pageshow|paste|pause|play|playing|popstate|progress|propertychange|ratechange|readystatechange|reset|resize|resizeend|resizestart|rowenter|rowexit|rowsdelete|rowsinserted|scroll|search|seeked|seeking|select|selectstart|show|stalled|start|storage|submit|suspend|timer|timeupdate|toggle|unload|volumechange|waiting|webkitfullscreenchange|webkitfullscreenerror|wheel)|formaction|data\\-bind|ev:event)[^\\w]
45
+ )/ix';
46
+
47
+ const BYPASS_COOKIE = "bvfw-bypass-cookie";
48
+ const IP_COOKIE = "bvfw-ip-cookie";
49
+
50
+ public function __construct($logger, $confHash, $ip, $bvinfo, $ipstore) {
51
+ $this->config = new BVFWConfig($confHash);
52
+ $this->request = new BVWPRequest($ip);
53
+ $this->bvinfo = $bvinfo;
54
+ $this->ipstore = $ipstore;
55
+ $this->logger = $logger;
56
+ }
57
+
58
+ public function setcookie($name, $value, $expire) {
59
+ $path = $this->config->cookiePath;
60
+ $cookie_domain = $this->config->cookieDomain;
61
+
62
+ if (version_compare(PHP_VERSION, '5.2.0') >= 0) {
63
+ $secure = function_exists('is_ssl') ? is_ssl() : false;
64
+ @setcookie($name, $value, $expire, $path, $cookie_domain, $secure, true);
65
+ } else {
66
+ @setcookie($name, $value, $expire, $path);
67
+ }
68
+ }
69
+
70
+ public function setBypassCookie() {
71
+ if (function_exists('is_user_logged_in') && is_user_logged_in() && !$this->hasValidBypassCookie()) {
72
+ $roleLevel = $this->getCurrentRoleLevel();
73
+ $bypassLevel = $this->config->bypassLevel;
74
+ if ($roleLevel >= $bypassLevel) {
75
+ $cookie = $this->generateBypassCookie();
76
+ $this->setcookie(BVFW::BYPASS_COOKIE, $cookie, time() + 43200);
77
+ }
78
+ }
79
+ }
80
+
81
+ public function generateBypassCookie() {
82
+ $time = floor(time() / 43200);
83
+ $bypassLevel = $this->config->bypassLevel;
84
+ $cookiekey = $this->config->cookieKey;
85
+ return sha1($bypassLevel.$time.$cookiekey);
86
+ }
87
+
88
+ public function hasValidBypassCookie() {
89
+ $cookie = (string) $this->request->getCookies(BVFW::BYPASS_COOKIE);
90
+ return ($this->canSetAdminCookie() && ($cookie === $this->generateBypassCookie()));
91
+ }
92
+
93
+ public function setIPCookie() {
94
+ if (!$this->request->getCookies(BVFW::IP_COOKIE)) {
95
+ $ip = $this->request->getIP();
96
+ $cookiekey = $this->config->cookieKey;
97
+ $time = floor(time() / 86400);
98
+ $cookie = sha1($ip.$time.$cookiekey);
99
+ $this->setcookie(BVFW::IP_COOKIE, $cookie, time() + 86400);
100
+ }
101
+ }
102
+
103
+ public function getBVCookies() {
104
+ $cookies = array();
105
+ if ($this->request->getCookies(BVFW::IP_COOKIE) !== NULL) {
106
+ $cookies[BVFW::IP_COOKIE] = (string) $this->request->getCookies(BVFW::IP_COOKIE);
107
+ }
108
+ return $cookies;
109
+ }
110
+
111
+ public function getCurrentRoleLevel() {
112
+ if (function_exists('current_user_can')) {
113
+ if (function_exists('is_super_admin') && is_super_admin()) {
114
+ return BVFWConfig::ROLE_LEVEL_ADMIN;
115
+ }
116
+ foreach ($this->config->customRoles as $role) {
117
+ if (current_user_can($role)) {
118
+ return BVFWConfig::ROLE_LEVEL_CUSTOM;
119
+ }
120
+ }
121
+ foreach (BVFWConfig::$roleLevels as $role => $level) {