BulletProof Security - Version 3.6

Version Description

Download this release

Release Info

Developer AITpro
Plugin Icon 128x128 BulletProof Security
Version 3.6
Comparing to
See all releases

Code changes from version 3.5 to 3.6

Files changed (77) hide show
  1. admin/core/core-custom-code.php +562 -61
  2. admin/core/core-help-text.php +2 -2
  3. admin/core/core.php +624 -288
  4. admin/css/bps-black-ui-theme.css +5 -0
  5. admin/css/bps-blue-ui-theme.css +5 -0
  6. admin/css/bps-grey-ui-theme.css +5 -0
  7. admin/db-backup-security/db-backup-security.php +17 -17
  8. admin/email-log-settings/email-log-settings.php +17 -17
  9. admin/htaccess/secure.htaccess +1 -1
  10. admin/htaccess/wpadmin-secure.htaccess +1 -1
  11. admin/includes/admin.php +9 -3
  12. admin/js/bps-encryption.js +103 -0
  13. admin/js/crypto-js/CONTRIBUTING.md +28 -0
  14. admin/js/crypto-js/LICENSE +24 -0
  15. admin/js/crypto-js/README.md +198 -0
  16. admin/js/crypto-js/aes.js +232 -0
  17. admin/js/crypto-js/bower.json +35 -0
  18. admin/js/crypto-js/cipher-core.js +880 -0
  19. admin/js/crypto-js/core.js +760 -0
  20. admin/js/crypto-js/crypto-js.js +5988 -0
  21. admin/js/crypto-js/docs/QuickStartGuide.wiki +470 -0
  22. admin/js/crypto-js/enc-base64.js +135 -0
  23. admin/js/crypto-js/enc-hex.js +18 -0
  24. admin/js/crypto-js/enc-latin1.js +18 -0
  25. admin/js/crypto-js/enc-utf16.js +149 -0
  26. admin/js/crypto-js/enc-utf8.js +18 -0
  27. admin/js/crypto-js/evpkdf.js +132 -0
  28. admin/js/crypto-js/format-hex.js +66 -0
  29. admin/js/crypto-js/format-openssl.js +18 -0
  30. admin/js/crypto-js/hmac-md5.js +18 -0
  31. admin/js/crypto-js/hmac-ripemd160.js +18 -0
  32. admin/js/crypto-js/hmac-sha1.js +18 -0
  33. admin/js/crypto-js/hmac-sha224.js +18 -0
  34. admin/js/crypto-js/hmac-sha256.js +18 -0
  35. admin/js/crypto-js/hmac-sha3.js +18 -0
  36. admin/js/crypto-js/hmac-sha384.js +18 -0
  37. admin/js/crypto-js/hmac-sha512.js +18 -0
  38. admin/js/crypto-js/hmac.js +143 -0
  39. admin/js/crypto-js/index.js +18 -0
  40. admin/js/crypto-js/lib-typedarrays.js +76 -0
  41. admin/js/crypto-js/md5.js +268 -0
  42. admin/js/crypto-js/mode-cfb.js +78 -0
  43. admin/js/crypto-js/mode-ctr-gladman.js +116 -0
  44. admin/js/crypto-js/mode-ctr.js +58 -0
  45. admin/js/crypto-js/mode-ecb.js +40 -0
  46. admin/js/crypto-js/mode-ofb.js +54 -0
  47. admin/js/crypto-js/package.json +38 -0
  48. admin/js/crypto-js/pad-ansix923.js +49 -0
  49. admin/js/crypto-js/pad-iso10126.js +44 -0
  50. admin/js/crypto-js/pad-iso97971.js +40 -0
  51. admin/js/crypto-js/pad-nopadding.js +30 -0
  52. admin/js/crypto-js/pad-pkcs7.js +18 -0
  53. admin/js/crypto-js/pad-zeropadding.js +45 -0
  54. admin/js/crypto-js/pbkdf2.js +145 -0
  55. admin/js/crypto-js/rabbit-legacy.js +190 -0
  56. admin/js/crypto-js/rabbit.js +192 -0
  57. admin/js/crypto-js/rc4.js +139 -0
  58. admin/js/crypto-js/ripemd160.js +267 -0
  59. admin/js/crypto-js/sha1.js +150 -0
  60. admin/js/crypto-js/sha224.js +80 -0
  61. admin/js/crypto-js/sha256.js +199 -0
  62. admin/js/crypto-js/sha3.js +323 -0
  63. admin/js/crypto-js/sha384.js +83 -0
  64. admin/js/crypto-js/sha512.js +323 -0
  65. admin/js/crypto-js/tripledes.js +770 -0
  66. admin/js/crypto-js/x64-core.js +304 -0
  67. admin/login/login.php +17 -17
  68. admin/maintenance/maintenance.php +16 -16
  69. admin/mscan/mscan.php +18 -18
  70. admin/security-log/security-log.php +57 -41
  71. admin/system-info/system-info.php +17 -17
  72. admin/theme-skin/theme-skin.php +17 -17
  73. admin/wizard/wizard.php +17 -17
  74. bulletproof-security.php +10 -4
  75. includes/encrypt-decrypt-class.php +109 -0
  76. languages/bulletproof-security.pot +557 -336
  77. readme.txt +1 -1
admin/core/core-custom-code.php CHANGED
@@ -53,51 +53,141 @@ CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRE
53
  bps_CustomCode_BPSQSE_check();
54
 
55
  // Root Custom Code Form
 
 
 
56
  function bpsPro_CC_Root_values_form() {
57
  global $bps_topDiv, $bps_bottomDiv;
58
 
59
  if ( isset( $_POST['bps_customcode_submit'] ) && current_user_can('manage_options') ) {
60
  check_admin_referer( 'bulletproof_security_CC_Root' );
61
 
62
- if ( ! is_multisite() ) {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
63
 
64
  $Root_CC_Options = array(
65
- 'bps_customcode_one' => stripslashes($_POST['bps_customcode_one']),
66
- 'bps_customcode_server_signature' => stripslashes($_POST['bps_customcode_server_signature']),
67
- 'bps_customcode_directory_index' => stripslashes($_POST['bps_customcode_directory_index']),
68
- 'bps_customcode_server_protocol' => stripslashes($_POST['bps_customcode_server_protocol']),
69
- 'bps_customcode_error_logging' => stripslashes($_POST['bps_customcode_error_logging']),
70
- 'bps_customcode_deny_dot_folders' => stripslashes($_POST['bps_customcode_deny_dot_folders']),
71
- 'bps_customcode_admin_includes' => stripslashes($_POST['bps_customcode_admin_includes']),
72
- 'bps_customcode_wp_rewrite_start' => stripslashes($_POST['bps_customcode_wp_rewrite_start']),
73
- 'bps_customcode_request_methods' => stripslashes($_POST['bps_customcode_request_methods']),
74
- 'bps_customcode_two' => stripslashes($_POST['bps_customcode_two']),
75
- 'bps_customcode_timthumb_misc' => stripslashes($_POST['bps_customcode_timthumb_misc']),
76
- 'bps_customcode_bpsqse' => stripslashes($_POST['bps_customcode_bpsqse']),
77
- 'bps_customcode_deny_files' => stripslashes($_POST['bps_customcode_deny_files']),
78
- 'bps_customcode_three' => stripslashes($_POST['bps_customcode_three'])
 
79
  );
80
-
81
- } else {
82
-
83
- $Root_CC_Options = array(
84
- 'bps_customcode_one' => stripslashes($_POST['bps_customcode_one']),
85
- 'bps_customcode_server_signature' => stripslashes($_POST['bps_customcode_server_signature']),
86
- 'bps_customcode_directory_index' => stripslashes($_POST['bps_customcode_directory_index']),
87
- 'bps_customcode_server_protocol' => stripslashes($_POST['bps_customcode_server_protocol']),
88
- 'bps_customcode_error_logging' => stripslashes($_POST['bps_customcode_error_logging']),
89
- 'bps_customcode_deny_dot_folders' => stripslashes($_POST['bps_customcode_deny_dot_folders']),
90
- 'bps_customcode_admin_includes' => stripslashes($_POST['bps_customcode_admin_includes']),
91
- 'bps_customcode_wp_rewrite_start' => stripslashes($_POST['bps_customcode_wp_rewrite_start']),
92
- 'bps_customcode_request_methods' => stripslashes($_POST['bps_customcode_request_methods']),
93
- 'bps_customcode_two' => stripslashes($_POST['bps_customcode_two']),
94
- 'bps_customcode_timthumb_misc' => stripslashes($_POST['bps_customcode_timthumb_misc']),
95
- 'bps_customcode_bpsqse' => stripslashes($_POST['bps_customcode_bpsqse']),
96
- 'bps_customcode_wp_rewrite_end' => stripslashes($_POST['bps_customcode_wp_rewrite_end']),
97
- 'bps_customcode_deny_files' => stripslashes($_POST['bps_customcode_deny_files']),
98
- 'bps_customcode_three' => stripslashes($_POST['bps_customcode_three'])
99
- );
100
- }
101
 
102
  foreach( $Root_CC_Options as $key => $value ) {
103
  update_option('bulletproof_security_options_customcode', $Root_CC_Options);
@@ -112,17 +202,51 @@ global $bps_topDiv, $bps_bottomDiv;
112
  }
113
 
114
  // wp-admin Custom Code Form
 
 
115
  function bpsPro_CC_WPA_values_form() {
116
  global $bps_topDiv, $bps_bottomDiv;
117
 
118
  if ( isset( $_POST['bps_customcode_submit_wpa'] ) && current_user_can('manage_options') ) {
119
  check_admin_referer( 'bulletproof_security_CC_WPA' );
120
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
121
  $wpadmin_CC_Options = array(
122
- 'bps_customcode_deny_files_wpa' => stripslashes($_POST['bps_customcode_deny_files_wpa']),
123
- 'bps_customcode_one_wpa' => stripslashes($_POST['bps_customcode_one_wpa']),
124
- 'bps_customcode_two_wpa' => stripslashes($_POST['bps_customcode_two_wpa']),
125
- 'bps_customcode_bpsqse_wpa' => stripslashes($_POST['bps_customcode_bpsqse_wpa'])
126
  );
127
 
128
  foreach( $wpadmin_CC_Options as $key => $value ) {
@@ -138,12 +262,18 @@ global $bps_topDiv, $bps_bottomDiv;
138
  }
139
 
140
  $Apache_Mod_options = get_option('bulletproof_security_options_apache_modules');
 
 
 
141
  ?>
142
 
143
  <div id="bps-accordion-2" class="bps-accordion-main-2" style="">
144
  <h3><?php _e('Root htaccess File Custom Code', 'bulletproof-security'); ?></h3>
145
  <div id="cc-accordion-inner">
146
 
 
 
 
147
  <table width="100%" border="0" cellspacing="0" cellpadding="10" class="bps-help_faq_table">
148
  <tr>
149
  <td colspan="2" class="bps-table_title"></td>
@@ -161,7 +291,7 @@ global $bps_topDiv, $bps_bottomDiv;
161
 
162
  <strong><label for="bps-CCode"><?php echo number_format_i18n( 1 ).'. '; _e('CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE:<br>Add php/php.ini handler code, cache code and/or <a href="https://forum.ait-pro.com/forums/topic/htaccess-caching-code-speed-boost-cache-code/" title="Link opens in a new Browser window" target="_blank">Speed Boost Cache Code</a>', 'bulletproof-security'); ?> </label></strong><br />
163
  <strong><?php $text = '<font color="#2ea2cc">'.__('ONLY add valid php/php.ini handler htaccess code and/or cache htaccess code below or text commented out with a pound sign #', 'bulletproof-security').'</font>'; echo $text ; ?></strong><br />
164
- <textarea class="bps-text-area-custom-code" name="bps_customcode_one" tabindex="1"><?php echo $CC_Options_root['bps_customcode_one']; ?></textarea>
165
  </td>
166
  <td class="bps-table_cell_help_custom_code" style="padding-top:75px;"><span style="color:#2ea2cc;font-weight:bold;">Example Code: Click the Read Me help button for Custom Code Setup Steps. This example code is a visual reference to show you where your php/php.ini handler and/or cache htaccess code will be created in your root htaccess file. If you have php/php.ini handler and/or cache htaccess code, copy and paste it into the CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE text box to the left.</span><pre># PHP/PHP.INI HANDLER/CACHE CODE<br /># Use BPS Custom Code to add php/php.ini Handler and Cache htaccess code and to save it permanently.<br /># Most Hosts do not have/use/require php/php.ini Handler htaccess code</pre></td>
167
  </tr>
@@ -169,7 +299,7 @@ global $bps_topDiv, $bps_bottomDiv;
169
  <td class="bps-table_cell_help_custom_code">
170
  <strong><label for="bps-CCode"><?php echo number_format_i18n( 2 ).'. '; _e('CUSTOM CODE TURN OFF YOUR SERVER SIGNATURE:', 'bulletproof-security'); ?> </label></strong><br />
171
  <strong><?php $text = '<font color="#2ea2cc">'.__('You MUST copy and paste the entire TURN OFF YOUR SERVER SIGNATURE section of code from your root .htaccess file into this text box first. You can then edit and modify the code in this text window and save your changes.', 'bulletproof-security').'</font>'; echo $text ; ?></strong><br />
172
- <textarea class="bps-text-area-custom-code" name="bps_customcode_server_signature" tabindex="2"><?php echo @$CC_Options_root['bps_customcode_server_signature']; ?></textarea>
173
  </td>
174
  <td class="bps-table_cell_help_custom_code" style="padding-top:75px;"><span style="color:#2ea2cc;font-weight:bold;">Example Code: Click the Read Me help button for Custom Code Setup Steps. This example code is a visual reference to show you which root htaccess file code goes in the CUSTOM CODE TURN OFF YOUR SERVER SIGNATURE text box. Go to the htaccess File Editor tab page and copy your actual TURN OFF YOUR SERVER SIGNATURE root htaccess file code and paste it into the CUSTOM CODE TURN OFF YOUR SERVER SIGNATURE text box to the left.</span><pre># TURN OFF YOUR SERVER SIGNATURE<br /># Suppresses the footer line server version number and ServerName of the serving virtual host<br />ServerSignature Off</pre></td>
175
  </tr>
@@ -177,7 +307,7 @@ global $bps_topDiv, $bps_bottomDiv;
177
  <td class="bps-table_cell_help_custom_code">
178
  <strong><label for="bps-CCode"><?php echo number_format_i18n( 3 ).'. '; _e('CUSTOM CODE DO NOT SHOW DIRECTORY LISTING/DIRECTORY INDEX:', 'bulletproof-security'); ?> </label></strong><br />
179
  <strong><?php $text = '<font color="#2ea2cc">'.__('You MUST copy and paste the entire DO NOT SHOW DIRECTORY LISTING and DIRECTORY INDEX sections of code from your root .htaccess file into this text box first. You can then edit and modify the code in this text window and save your changes.', 'bulletproof-security').'</font>'; echo $text ; ?></strong><br />
180
- <textarea class="bps-text-area-custom-code" name="bps_customcode_directory_index" tabindex="3"><?php echo $CC_Options_root['bps_customcode_directory_index']; ?></textarea>
181
  </td>
182
  <td class="bps-table_cell_help_custom_code" style="padding-top:75px;"><span style="color:#2ea2cc;font-weight:bold;">Example Code: Click the Read Me help button for Custom Code Setup Steps. This example code is a visual reference to show you which root htaccess file code goes in the CUSTOM CODE DO NOT SHOW DIRECTORY LISTING/DIRECTORY INDEX text box. Go to the htaccess File Editor tab page and copy your actual DO NOT SHOW DIRECTORY LISTING/DIRECTORY INDEX root htaccess file code and paste it into the CUSTOM CODE DO NOT SHOW DIRECTORY LISTING/DIRECTORY INDEX text box to the left.</span><pre style="max-height:130px;"># DO NOT SHOW DIRECTORY LISTING<br /># Disallow mod_autoindex from displaying a directory listing<br /># If a 500 Internal Server Error occurs when activating Root BulletProof Mode<br /># copy the entire DO NOT SHOW DIRECTORY LISTING and DIRECTORY INDEX sections of code<br /># and paste it into BPS Custom Code and comment out Options -Indexes<br /># by adding a # sign in front of it.<br /># Example: #Options -Indexes<br />Options -Indexes<br /><br /># DIRECTORY INDEX FORCE INDEX.PHP<br /># Use index.php as default directory index file. index.html will be ignored.<br /># If a 500 Internal Server Error occurs when activating Root BulletProof Mode<br /># copy the entire DO NOT SHOW DIRECTORY LISTING and DIRECTORY INDEX sections of code<br /># and paste it into BPS Custom Code and comment out DirectoryIndex<br /># by adding a # sign in front of it.<br /># Example: #DirectoryIndex index.php index.html /index.php<br />DirectoryIndex index.php index.html /index.php</pre></td>
183
  </tr>
@@ -185,7 +315,7 @@ global $bps_topDiv, $bps_bottomDiv;
185
  <td class="bps-table_cell_help_custom_code">
186
  <strong><label for="bps-CCode"><?php echo number_format_i18n( 4 ).'. '; _e('CUSTOM CODE BRUTE FORCE LOGIN PAGE PROTECTION:', 'bulletproof-security'); ?> </label></strong><br />
187
  <strong><?php $text = '<font color="#2ea2cc">'.__('This Custom Code text box is for optional/Bonus code. To get this code click the link below:', 'bulletproof-security').'<br><a href="https://forum.ait-pro.com/forums/topic/protect-login-page-from-brute-force-login-attacks/" title="Link opens in a new Browser window" target="_blank">Brute Force Login Page Protection Code</a></font>'; echo $text ; ?></strong><br />
188
- <textarea class="bps-text-area-custom-code" name="bps_customcode_server_protocol" tabindex="4"><?php echo $CC_Options_root['bps_customcode_server_protocol']; ?></textarea>
189
  </td>
190
  <td class="bps-table_cell_help_custom_code" style="padding-top:60px;"><span style="color:#2ea2cc;font-weight:bold;">Example Code: Click the Read Me help button for Custom Code Setup Steps. This example code is a visual reference to show you where your Brute Force Login Page Protection code will be created in your root htaccess file if you decide to add the option/Bonus code. You can get the code by clicking the Brute Force Login Page Protection Code link. Copy and paste it into the CUSTOM CODE BRUTE FORCE LOGIN PAGE PROTECTION text box to the left.</span><pre># BRUTE FORCE LOGIN PAGE PROTECTION<br /># PLACEHOLDER ONLY<br /># Use BPS Custom Code to add Brute Force Login protection code and to save it permanently.<br /># See this link: https://forum.ait-pro.com/forums/topic/protect-login-page-from-brute-force-login-attacks/<br /># for more information.</pre></td>
191
  </tr>
@@ -193,7 +323,7 @@ global $bps_topDiv, $bps_bottomDiv;
193
  <td class="bps-table_cell_help_custom_code">
194
  <strong><label for="bps-CCode"><?php echo number_format_i18n( 5 ).'. '; _e('CUSTOM CODE ERROR LOGGING AND TRACKING:', 'bulletproof-security'); ?> </label></strong><br />
195
  <strong><?php $text = '<font color="#2ea2cc">'.__('You MUST copy and paste the entire ERROR LOGGING AND TRACKING section of code from your root .htaccess file into this text box first. You can then edit and modify the code in this text window and save your changes.', 'bulletproof-security').'</font>'; echo $text ; ?></strong><br />
196
- <textarea class="bps-text-area-custom-code" name="bps_customcode_error_logging" tabindex="5"><?php echo $CC_Options_root['bps_customcode_error_logging']; ?></textarea>
197
  </td>
198
  <td class="bps-table_cell_help_custom_code" style="padding-top:75px;"><span style="color:#2ea2cc;font-weight:bold;">Example Code: Click the Read Me help button for Custom Code Setup Steps. This example code is a visual reference to show you which root htaccess file code goes in the CUSTOM CODE ERROR LOGGING AND TRACKING text box. Go to the htaccess File Editor tab page and copy your actual ERROR LOGGING AND TRACKING root htaccess file code and paste it into the CUSTOM CODE ERROR LOGGING AND TRACKING text box to the left.</span><pre style="max-height:145px;"># BPS PRO ERROR LOGGING AND TRACKING<br /># Use BPS Custom Code to modify/edit/change this code and to save it permanently.<br /># BPS Pro has premade 400 Bad Request, 403 Forbidden, 404 Not Found, 405 Method Not Allowed and<br /># 410 Gone template logging files that are used to track and log 400, 403, 404, 405 and 410 errors<br />.....<br />.....<br />ErrorDocument 400 <?php echo '/'.$bps_plugin_dir; ?>/bulletproof-security/400.php<br />ErrorDocument 401 default<br />ErrorDocument 403 <?php echo '/'.$bps_plugin_dir; ?>/bulletproof-security/403.php<br />ErrorDocument 404 /404.php<br />ErrorDocument 405 <?php echo '/'.$bps_plugin_dir; ?>/bulletproof-security/405.php<br />ErrorDocument 410 <?php echo '/'.$bps_plugin_dir; ?>/bulletproof-security/410.php</pre></td>
199
  </tr>
@@ -201,7 +331,7 @@ global $bps_topDiv, $bps_bottomDiv;
201
  <td class="bps-table_cell_help_custom_code">
202
  <strong><label for="bps-CCode"><?php echo number_format_i18n( 6 ).'. '; _e('CUSTOM CODE DENY ACCESS TO PROTECTED SERVER FILES AND FOLDERS:', 'bulletproof-security'); ?> </label></strong><br />
203
  <strong><?php $text = '<font color="#2ea2cc">'.__('You MUST copy and paste the entire DENY ACCESS TO PROTECTED SERVER FILES AND FOLDERS section of code from your root .htaccess file into this text box first. You can then edit and modify the code in this text window and save your changes.', 'bulletproof-security').'</font>'; echo $text ; ?></strong><br />
204
- <textarea class="bps-text-area-custom-code" name="bps_customcode_deny_dot_folders" tabindex="6"><?php echo @$CC_Options_root['bps_customcode_deny_dot_folders']; ?></textarea>
205
  </td>
206
  <td class="bps-table_cell_help_custom_code" style="padding-top:75px;"><span style="color:#2ea2cc;font-weight:bold;">Example Code: Click the Read Me help button for Custom Code Setup Steps. This example code is a visual reference to show you which root htaccess file code goes in the CUSTOM CODE DENY ACCESS TO PROTECTED SERVER FILES AND FOLDERS text box. Go to the htaccess File Editor tab page and copy your actual DENY ACCESS TO PROTECTED SERVER FILES AND FOLDERS root htaccess file code and paste it into the CUSTOM CODE DENY ACCESS TO PROTECTED SERVER FILES AND FOLDERS text box to the left.</span><pre># DENY ACCESS TO PROTECTED SERVER FILES AND FOLDERS<br /># Use BPS Custom Code to modify/edit/change this code and to save it permanently.<br /># Files and folders starting with a dot: .htaccess, .htpasswd, .errordocs, .logs<br />RedirectMatch 403 \.(htaccess|htpasswd|errordocs|logs)$</pre></td>
207
  </tr>
@@ -209,7 +339,7 @@ global $bps_topDiv, $bps_bottomDiv;
209
  <td class="bps-table_cell_help_custom_code">
210
  <strong><label for="bps-CCode"><?php echo number_format_i18n( 7 ).'. '; _e('CUSTOM CODE WP-ADMIN/INCLUDES: DO NOT add wp-admin .htaccess code here', 'bulletproof-security'); ?> </label></strong><br />
211
  <strong><?php $text = '<font color="#2ea2cc">'.__('Add one pound sign # below to prevent the WP-ADMIN/INCLUDES section of code from being created in your root .htaccess file', 'bulletproof-security').'</font>'; echo $text ; ?></strong><br />
212
- <textarea class="bps-text-area-custom-code" name="bps_customcode_admin_includes" tabindex="7"><?php echo $CC_Options_root['bps_customcode_admin_includes']; ?></textarea>
213
  </td>
214
  <td class="bps-table_cell_help_custom_code" style="padding-top:60px;"><span style="color:#2ea2cc;font-weight:bold;">Example Code: Click the Read Me help button for Custom Code Setup Steps. This example code is a visual reference to show you which root htaccess file code goes in the CUSTOM CODE WP-ADMIN/INCLUDES text box. Go to the htaccess File Editor tab page and copy your actual WP-ADMIN/INCLUDES root htaccess file code and paste it into the CUSTOM CODE WP-ADMIN/INCLUDES text box to the left.</span><pre># WP-ADMIN/INCLUDES<br /># Use BPS Custom Code to remove this code permanently.<br />RewriteEngine On<br />RewriteBase /<br />RewriteRule ^wp-admin/includes/ - [F]<br />RewriteRule !^wp-includes/ - [S=3]<br />RewriteRule ^wp-includes/[^/]+\.php$ - [F]<br />RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F]<br />RewriteRule ^wp-includes/theme-compat/ - [F]</pre></td>
215
  </tr>
@@ -217,7 +347,7 @@ global $bps_topDiv, $bps_bottomDiv;
217
  <td class="bps-table_cell_help_custom_code">
218
  <strong><label for="bps-CCode"><?php echo number_format_i18n( 8 ).'. '; _e('CUSTOM CODE WP REWRITE LOOP START: www/non-www http/https Rewrite code here', 'bulletproof-security'); ?> </label></strong><br />
219
  <strong><?php $text = '<font color="#2ea2cc">'.__('You MUST copy and paste the entire WP REWRITE LOOP START section of code from your root .htaccess file into this text box first. You can then edit and modify the code in this text window and save your changes.', 'bulletproof-security').'</font>'; echo $text ; ?></strong><br />
220
- <textarea class="bps-text-area-custom-code" name="bps_customcode_wp_rewrite_start" tabindex="8"><?php echo $CC_Options_root['bps_customcode_wp_rewrite_start']; ?></textarea>
221
  </td>
222
  <td class="bps-table_cell_help_custom_code" style="padding-top:75px;"><span style="color:#2ea2cc;font-weight:bold;">Example Code: Click the Read Me help button for Custom Code Setup Steps. This example code is a visual reference to show you which root htaccess file code goes in the CUSTOM CODE WP REWRITE LOOP START text box. Go to the htaccess File Editor tab page and copy your actual WP REWRITE LOOP START root htaccess file code and paste it into the CUSTOM CODE WP REWRITE LOOP START text box to the left.</span><br /><pre># CUSTOM CODE WP REWRITE LOOP START<br /># WP REWRITE LOOP START<br />RewriteEngine On<br />RewriteBase /<br />RewriteRule ^index\.php$ - [L]</pre></td>
223
  </tr>
@@ -227,7 +357,7 @@ global $bps_topDiv, $bps_bottomDiv;
227
  <?php echo number_format_i18n( 9 ).'. '; _e('CUSTOM CODE REQUEST METHODS FILTERED:', 'bulletproof-security'); ?><br />
228
  <?php _e('Whitelist User Agents and allow HEAD Requests', 'bulletproof-security'); ?> </label></strong><br />
229
  <strong><?php $text = '<font color="#2ea2cc">'.__('You MUST copy and paste the entire REQUEST METHODS FILTERED section of code from your root .htaccess file into this text box first. You can then edit and modify the code in this text window and save your changes. To Allow HEAD Requests click the Read Me help button at the top of the Custom Code page for instructions and examples.', 'bulletproof-security').'</font>'; echo $text ; ?></strong><br />
230
- <textarea class="bps-text-area-custom-code" name="bps_customcode_request_methods" tabindex="9"><?php echo $CC_Options_root['bps_customcode_request_methods']; ?></textarea>
231
  </td>
232
  <td class="bps-table_cell_help_custom_code" style="padding-top:75px;">
233
 
@@ -247,7 +377,7 @@ global $bps_topDiv, $bps_bottomDiv;
247
  <td class="bps-table_cell_help_custom_code">
248
  <strong><label for="bps-CCode"><?php echo number_format_i18n( 10 ).'. '; _e('CUSTOM CODE PLUGIN/THEME SKIP/BYPASS RULES:<br>Add personal plugin/theme skip/bypass rules here', 'bulletproof-security'); ?> </label></strong><br />
249
  <strong><?php $text = '<font color="#2ea2cc">'.__('ONLY add valid htaccess code below or text commented out with a pound sign #', 'bulletproof-security').'</font>'; echo $text; ?></strong><br />
250
- <textarea class="bps-text-area-custom-code" name="bps_customcode_two" tabindex="10"><?php echo $CC_Options_root['bps_customcode_two']; ?></textarea>
251
  </td>
252
  <td class="bps-table_cell_help_custom_code" style="padding-top:60px;"><span style="color:#2ea2cc;font-weight:bold;">Example Code: Click the Read Me help button for Custom Code Setup Steps. This example code is a visual reference to show you where your plugin/theme skip/bypass rules code will be created in your root htaccess file. If you have plugin/theme skip/bypass rules, copy and paste it into the CUSTOM CODE PLUGIN/THEME SKIP/BYPASS RULES text box to the left. Click the Read Me help button for more information about plugin/theme skip/bypass rules code.</span><pre style="max-height:145px;"># PLUGINS/THEMES AND VARIOUS EXPLOIT FILTER SKIP RULES<br /># To add plugin/theme skip/bypass rules use BPS Custom Code.<br /># The [S] flag is used to skip following rules. Skip rule [S=12] will skip 12 following RewriteRules.<br /># The skip rules MUST be in descending consecutive number order: 12, 11, 10, 9...<br /># If you delete a skip rule, change the other skip rule numbers accordingly.<br /># Examples: If RewriteRule [S=5] is deleted than change [S=6] to [S=5], [S=7] to [S=6], etc.<br /># If you add a new skip rule above skip rule 12 it will be skip rule 13: [S=13]<br /><br /><div style="background-color:#FFFF00;padding:3px;">Your plugin/theme skip/bypass rules will be created here in your root htaccess file</div><br /># Adminer MySQL management tool data populate<br />RewriteCond %{REQUEST_URI} ^/<?php echo $bps_plugin_dir; ?>/adminer/ [NC]<br />RewriteRule . - [S=12]</pre></td>
253
  </tr>
@@ -255,7 +385,7 @@ global $bps_topDiv, $bps_bottomDiv;
255
  <td class="bps-table_cell_help_custom_code">
256
  <strong><label for="bps-CCode"><?php echo number_format_i18n( 11 ).'. '; _e('CUSTOM CODE TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE:', 'bulletproof-security'); ?> </label></strong><br />
257
  <strong><?php $text = '<font color="#2ea2cc">'.__('You MUST copy and paste the entire TIMTHUMB FORBID RFI section of code from your root .htaccess file into this text box first. You can then edit and modify the code in this text window and save your changes.', 'bulletproof-security').'</font>'; echo $text; ?></strong><br />
258
- <textarea class="bps-text-area-custom-code" name="bps_customcode_timthumb_misc" tabindex="11"><?php echo $CC_Options_root['bps_customcode_timthumb_misc']; ?></textarea>
259
  </td>
260
  <td class="bps-table_cell_help_custom_code" style="padding-top:75px;"><span style="color:#2ea2cc;font-weight:bold;">Example Code: Click the Read Me help button for Custom Code Setup Steps. This example code is a visual reference to show you which root htaccess file code goes in the CUSTOM CODE TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE text box. Go to the htaccess File Editor tab page and copy your actual TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE root htaccess file code and paste it into the CUSTOM CODE text box to the left.</span><pre style="max-height:145px;"># TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE<br /># Use BPS Custom Code to modify/edit/change this code and to save it permanently.<br /># Remote File Inclusion (RFI) security rules<br />.....<br />.....<br /># Example: Whitelist additional misc files: (example\.php|another-file\.php|phpthumb\.php|thumb\.php|thumbs\.php)<br />RewriteCond %{REQUEST_URI} (timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC]<br /># Example: Whitelist additional website domains: RewriteCond %{HTTP_REFERER} ^.*(YourWebsite.com|AnotherWebsite.com).*<br />RewriteCond %{HTTP_REFERER} ^.*<?php echo $bps_get_domain_root; ?>.*<br />RewriteRule . - [S=1]</pre></td>
261
  </tr>
@@ -263,7 +393,7 @@ global $bps_topDiv, $bps_bottomDiv;
263
  <td class="bps-table_cell_help_custom_code">
264
  <strong><label for="bps-CCode"><?php echo number_format_i18n( 12 ).'. '; _e('CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS:', 'bulletproof-security'); ?> </label></strong><br />
265
  <strong><?php $text = '<font color="#2ea2cc">'.__('You MUST copy and paste the entire BPSQSE QUERY STRING EXPLOITS section of code from your root .htaccess file from # BEGIN BPSQSE BPS QUERY STRING EXPLOITS to # END BPSQSE BPS QUERY STRING EXPLOITS into this text box first. You can then edit and modify the code in this text window and save your changes.', 'bulletproof-security').'</font>'; echo $text; ?></strong><br />
266
- <textarea class="bps-text-area-custom-code" name="bps_customcode_bpsqse" tabindex="12"><?php echo $CC_Options_root['bps_customcode_bpsqse']; ?></textarea>
267
  </td>
268
  <td class="bps-table_cell_help_custom_code" style="padding-top:90px;"><span style="color:#2ea2cc;font-weight:bold;">Example Code: Click the Read Me help button for Custom Code Setup Steps. This example code is a visual reference to show you which root htaccess file code goes in the CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS text box. Go to the htaccess File Editor tab page and copy your actual BPSQSE BPS QUERY STRING EXPLOITS root htaccess file code and paste it into the CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS text box to the left.</span><pre># BEGIN BPSQSE BPS QUERY STRING EXPLOITS<br /># The libwww-perl User Agent is forbidden - Many bad bots use libwww-perl modules, but some good bots use it too.<br /># Good sites such as W3C use it for their W3C-LinkChecker.<br /># Use BPS Custom Code to add or remove user agents temporarily or permanently from the<br />.....<br />.....<br />RewriteCond %{QUERY_STRING} (sp_executesql) [NC]<br />RewriteRule ^(.*)$ - [F]<br /># END BPSQSE BPS QUERY STRING EXPLOITS</pre></td>
269
  </tr>
@@ -274,20 +404,24 @@ global $bps_topDiv, $bps_bottomDiv;
274
  <td class="bps-table_cell_help_custom_code">
275
  <strong><label for="bps-CCode"><?php echo number_format_i18n( 12 ).'b. '; _e('CUSTOM CODE WP REWRITE LOOP END: Add WP Rewrite Loop End code here', 'bulletproof-security'); ?> </label></strong><br />
276
  <strong><?php $text = '<font color="#2ea2cc">'.__('This is a Special Custom Code text box that should only be used if the correct WP REWRITE LOOP END code is not being created in your root .htaccess file. See the Read Me help button for more information.', 'bulletproof-security').'</font>'; echo $text; ?></strong><br />
277
- <textarea class="bps-text-area-custom-code" name="bps_customcode_wp_rewrite_end" tabindex="13"><?php echo $CC_Options_root['bps_customcode_wp_rewrite_end']; ?></textarea>
278
 
279
  </td>
280
  <td class="bps-table_cell_help_custom_code" style="padding-top:75px;"><span style="color:#2ea2cc;font-weight:bold;">Example Code: The actual WP REWRITE LOOP END code for your website may be different. This example code is a visual reference to show you which root htaccess file code goes in the CUSTOM CODE WP REWRITE LOOP END text box. Go to the htaccess File Editor tab page and copy your actual WP REWRITE LOOP END root htaccess file code and paste it into the CUSTOM CODE WP REWRITE LOOP END text box to the left.</span><br /><pre># END BPSQSE BPS QUERY STRING EXPLOITS<br /><div style="background-color:#FFFF00;padding:3px;">RewriteCond %{REQUEST_FILENAME} -f [OR]<br />RewriteCond %{REQUEST_FILENAME} -d<br />RewriteRule ^ - [L]<br />RewriteRule ^[_0-9a-zA-Z-]+/(wp-(content|admin|includes).*) $1 [L]<br />RewriteRule ^[_0-9a-zA-Z-]+/(.*\.php)$ $1 [L]<br />RewriteRule . index.php [L]<br /># WP REWRITE LOOP END</div></pre>
281
  </td>
282
  </tr>
283
 
 
 
 
 
284
  <?php } ?>
285
 
286
  <tr>
287
  <td class="bps-table_cell_help_custom_code">
288
  <strong><label for="bps-CCode"><?php echo number_format_i18n( 13 ).'. '; _e('CUSTOM CODE DENY BROWSER ACCESS TO THESE FILES:', 'bulletproof-security'); ?> </label></strong><br />
289
  <strong><?php $text = '<font color="#2ea2cc">'.__('You MUST copy and paste the entire DENY BROWSER ACCESS section of code from your root .htaccess file into this text box first. You can then edit and modify the code in this text window and save your changes.', 'bulletproof-security').'</font>'; echo $text; ?></strong><br />
290
- <textarea class="bps-text-area-custom-code" name="bps_customcode_deny_files" tabindex="14"><?php echo $CC_Options_root['bps_customcode_deny_files']; ?></textarea>
291
  </td>
292
  <td class="bps-table_cell_help_custom_code" style="padding-top:75px;"><span style="color:#2ea2cc;font-weight:bold;">Example Code: Click the Read Me help button for Custom Code Setup Steps. This example code is a visual reference to show you which root htaccess file code goes in the CUSTOM CODE DENY BROWSER ACCESS TO THESE FILES text box. Go to the htaccess File Editor tab page and copy your actual DENY BROWSER ACCESS TO THESE FILES root htaccess file code and paste it into the CUSTOM CODE DENY BROWSER ACCESS TO THESE FILES text box to the left.</span>
293
 
@@ -307,17 +441,22 @@ global $bps_topDiv, $bps_bottomDiv;
307
  <td class="bps-table_cell_help_custom_code">
308
  <strong><label for="bps-CCode"><?php echo number_format_i18n( 14 ).'. '; _e('CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE: Add miscellaneous code here', 'bulletproof-security'); ?> </label></strong><br />
309
  <strong><?php $text = '<font color="#2ea2cc">'.__('ONLY add valid htaccess code below or text commented out with a pound sign #', 'bulletproof-security').'</font>'; echo $text; ?></strong><br />
310
- <textarea class="bps-text-area-custom-code" name="bps_customcode_three" tabindex="15"><?php echo $CC_Options_root['bps_customcode_three']; ?></textarea>
311
  </td>
312
  <td class="bps-table_cell_help_custom_code" style="padding-top:60px;"><span style="color:#2ea2cc;font-weight:bold;">Example Code: Click the Read Me help button for Custom Code Setup Steps. This example code is a visual reference to show you where your custom htaccess code will be created in your root htaccess file. If you have Hotlinking, Redirect, IP Blocking htaccess code then copy and paste it into the CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE text box to the left.</span><pre># CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE<br /># PLACEHOLDER ONLY<br /># Use BPS Custom Code to add custom code and save it permanently here.</pre></td>
313
  </tr>
314
  <tr>
315
  <td class="bps-table_cell_help_custom_code">
316
 
 
 
317
  <input type="hidden" name="scrolltoCCode" value="<?php echo esc_html( $scrolltoCCode ); ?>" />
318
- <input type="submit" name="bps_customcode_submit" value="<?php esc_attr_e('Save Root Custom Code', 'bulletproof-security') ?>" class="button bps-button" onclick="return confirm('<?php $text = __('Click OK to save your Root Custom Code or click Cancel.', 'bulletproof-security'); echo $text; ?>')" />
319
  </form>
320
 
 
 
 
321
  </td>
322
  <td class="bps-table_cell_help_custom_code">&nbsp;</td>
323
  </tr>
@@ -333,6 +472,271 @@ jQuery(document).ready(function($){
333
  $('#bpsCustomCodeForm').submit(function(){ $('#scrolltoCCode').val( $('#bps_customcode_one').scrollTop() ); });
334
  $('#bps_customcode_one').scrollTop( $('#scrolltoCCode').val() );
335
  });
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
336
  /* ]]> */
337
  </script>
338
 
@@ -348,6 +752,9 @@ jQuery(document).ready(function($){
348
  <h3><?php _e('wp-admin htaccess File Custom Code', 'bulletproof-security'); ?></h3>
349
  <div id="cc-accordion-inner">
350
 
 
 
 
351
  <table width="100%" border="0" cellspacing="0" cellpadding="10" class="bps-help_faq_table">
352
  <tr>
353
  <td colspan="2" class="bps-table_title"></td>
@@ -364,7 +771,7 @@ jQuery(document).ready(function($){
364
 
365
  <strong><label for="bps-CCode"><?php echo number_format_i18n( 1 ).'. '; _e('CUSTOM CODE WPADMIN DENY BROWSER ACCESS TO FILES:<br>Add additional wp-admin files that you would like to block here', 'bulletproof-security'); ?> </label></strong><br />
366
  <strong><?php $text = '<font color="#2ea2cc">'.__('You MUST copy and paste the entire WPADMIN DENY BROWSER ACCESS TO FILES section of code from your wp-admin .htaccess file into this text box first. You can then edit and modify the code in this text window and save your changes. Add one pound sign # below to prevent the WPADMIN DENY BROWSER ACCESS TO FILES section of code from being created in your wp-admin .htaccess file', 'bulletproof-security').'</font>'; echo $text; ?></strong><br />
367
- <textarea class="bps-text-area-custom-code" name="bps_customcode_deny_files_wpa" tabindex="1"><?php echo $CC_Options_wpadmin['bps_customcode_deny_files_wpa']; ?></textarea>
368
  </td>
369
  <td class="bps-table_cell_help_custom_code" style="padding-top:105px;"><span style="color:#2ea2cc;font-weight:bold;">Example Code: Click the Read Me help button for wp-admin Custom Code Setup Steps. This example code is a visual reference to show you which wp-admin htaccess file code goes in the CUSTOM CODE WPADMIN DENY BROWSER ACCESS TO FILES text box. Go to the htaccess File Editor tab page and copy your actual WPADMIN DENY BROWSER ACCESS TO FILES wp-admin htaccess file code and paste it into the CUSTOM CODE text box to the left.</span>
370
 
@@ -385,7 +792,7 @@ jQuery(document).ready(function($){
385
  <td class="bps-table_cell_help_custom_code">
386
  <strong><label for="bps-CCode"><?php echo number_format_i18n( 2 ).'. '; _e('CUSTOM CODE WPADMIN TOP:<br>wp-admin password protection & miscellaneous custom code here', 'bulletproof-security'); ?> </label></strong><br />
387
  <strong><?php $text = '<font color="#2ea2cc">'.__('ONLY add valid htaccess code below or text commented out with a pound sign #', 'bulletproof-security').'</font>'; echo $text; ?></strong><br />
388
- <textarea class="bps-text-area-custom-code" name="bps_customcode_one_wpa" tabindex="2"><?php echo $CC_Options_wpadmin['bps_customcode_one_wpa']; ?></textarea>
389
  </td>
390
  <td class="bps-table_cell_help_custom_code" style="padding-top:60px;"><span style="color:#2ea2cc;font-weight:bold;">Example Code: Click the Read Me help button for wp-admin Custom Code Setup Steps. This example code is a visual reference to show you where your wp-admin custom htaccess code will be created in your wp-admin htaccess file. If you have custom wp-admin htaccess code, copy and paste it into the CUSTOM CODE WPADMIN TOP text box to the left.</span><pre># BEGIN OPTIONAL WP-ADMIN ADDITIONAL SECURITY MEASURES:<br /><br /># BEGIN CUSTOM CODE WPADMIN TOP<br /># Use BPS wp-admin Custom Code to modify/edit/change this code and to save it permanently.<br /><div style="background-color:#FFFF00;padding:3px;"># CCWTOP - Your custom code will be created here when you activate wp-admin BulletProof Mode</div># END CUSTOM CODE WPADMIN TOP</pre></td>
391
  </tr>
@@ -393,7 +800,7 @@ jQuery(document).ready(function($){
393
  <td class="bps-table_cell_help_custom_code">
394
  <strong><label for="bps-CCode"><?php echo number_format_i18n( 3 ).'. '; _e('CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES:<br>Add wp-admin plugin/file skip rules code here', 'bulletproof-security'); ?> </label></strong><br />
395
  <strong><?php $text = '<font color="#2ea2cc">'.__('ONLY add valid htaccess code below or text commented out with a pound sign #', 'bulletproof-security').'</font>'; echo $text; ?></strong><br />
396
- <textarea class="bps-text-area-custom-code" name="bps_customcode_two_wpa" tabindex="3"><?php echo $CC_Options_wpadmin['bps_customcode_two_wpa']; ?></textarea>
397
  </td>
398
  <td class="bps-table_cell_help_custom_code" style="padding-top:60px;"><span style="color:#2ea2cc;font-weight:bold;">Example Code: Click the Read Me help button for wp-admin Custom Code Setup Steps. This example code is a visual reference to show you where your wp-admin plugin/file skip rules code will be created in your wp-admin htaccess file. If you have wp-admin plugin/file skip rules code, copy and paste it into the CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES text box to the left.</span><pre># BEGIN CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES<br /># To add wp-admin plugin skip/bypass rules use BPS wp-admin Custom Code.<br /># If a plugin is calling a wp-admin file in a way that it is being blocked/forbidden<br />...<br />...<br /><div style="background-color:#FFFF00;padding:3px;"># CCWPF - Your custom code will be created here when you activate wp-admin BulletProof Mode</div># END CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES</pre></td>
399
  </tr>
@@ -401,17 +808,22 @@ jQuery(document).ready(function($){
401
  <td class="bps-table_cell_help_custom_code">
402
  <strong><label for="bps-CCode"><?php echo number_format_i18n( 4 ).'. '; _e('CUSTOM CODE BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS:<br>Modify Query String Exploit code here', 'bulletproof-security'); ?> </label></strong><br />
403
  <strong><?php $text = '<font color="#2ea2cc">'.__('You MUST copy and paste the entire BPS QUERY STRING EXPLOITS section of code from your wp-admin .htaccess file from # BEGIN BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS to # END BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS into this text box first. You can then edit and modify the code in this text window and save your changes.', 'bulletproof-security').'</font>'; echo $text; ?></strong><br />
404
- <textarea class="bps-text-area-custom-code" name="bps_customcode_bpsqse_wpa" tabindex="4"><?php echo $CC_Options_wpadmin['bps_customcode_bpsqse_wpa']; ?></textarea>
405
  </td>
406
  <td class="bps-table_cell_help_custom_code" style="padding-top:105px;"><span style="color:#2ea2cc;font-weight:bold;">Example Code: Click the Read Me help button for wp-admin Custom Code Setup Steps. This example code is a visual reference to show you which wp-admin htaccess file code goes in the CUSTOM CODE BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS text box. Go to the htaccess File Editor tab page and copy your actual BPS QUERY STRING EXPLOITS AND FILTERS wp-admin htaccess file code and paste it into the CUSTOM CODE text box to the left.</span><pre># BEGIN BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS<br /># WORDPRESS WILL BREAK IF ALL THE BPSQSE FILTERS ARE DELETED<br /># Use BPS wp-admin Custom Code to modify/edit/change this code and to save it permanently.<br />RewriteCond %{HTTP_USER_AGENT} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]<br />.....<br />.....<br />RewriteCond %{QUERY_STRING} (sp_executesql) [NC]<br />RewriteRule ^(.*)$ - [F]<br /># END BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS</pre></td>
407
  </tr>
408
  <tr>
409
  <td class="bps-table_cell_help_custom_code">
410
 
 
 
411
  <input type="hidden" name="scrolltoCCodeWPA" value="<?php echo esc_html( $scrolltoCCodeWPA ); ?>" />
412
- <input type="submit" name="bps_customcode_submit_wpa" value="<?php esc_attr_e('Save wp-admin Custom Code', 'bulletproof-security') ?>" class="button bps-button" onclick="return confirm('<?php $text = __('Click OK to save your wp-admin Custom Code or click Cancel.', 'bulletproof-security'); echo $text; ?>')" />
413
  </form>
414
 
 
 
 
415
  </td>
416
  <td class="bps-table_cell_help_custom_code">&nbsp;</td>
417
  </tr>
@@ -427,6 +839,95 @@ jQuery(document).ready(function($){
427
  $('#bpsCustomCodeFormWPA').submit(function(){ $('#scrolltoCCodeWPA').val( $('#bps_customcode_deny_files_wpa').scrollTop() ); });
428
  $('#bps_customcode_deny_files_wpa').scrollTop( $('#scrolltoCCodeWPA').val() );
429
  });
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
430
  /* ]]> */
431
  </script>
432
 
53
  bps_CustomCode_BPSQSE_check();
54
 
55
  // Root Custom Code Form
56
+ // Important Note: stripslashes is used to strip any slashes that are added to a $_POST value and not slashes in the code itself.
57
+ // Note: Form value bps_customcode_wp_rewrite_end is conditional to Network|Multisite and is hidden for single WP site types, which means the value is not saved in the DB.
58
+ ## 3.6: Encryption|Decryption added to Forms to bypass/evade OWASP ModSecurity CRS Ruleset on web hosts.
59
  function bpsPro_CC_Root_values_form() {
60
  global $bps_topDiv, $bps_bottomDiv;
61
 
62
  if ( isset( $_POST['bps_customcode_submit'] ) && current_user_can('manage_options') ) {
63
  check_admin_referer( 'bulletproof_security_CC_Root' );
64
 
65
+ $Encryption = new bpsProPHPEncryption();
66
+ $nonceValue = 'ghbhnyxu';
67
+
68
+ $pos1 = strpos( $_POST['bps_customcode_one'], 'eyJjaXBoZXJ0ZXh0Ijoi' );
69
+ $pos2 = strpos( $_POST['bps_customcode_server_signature'], 'eyJjaXBoZXJ0ZXh0Ijoi' );
70
+ $pos3 = strpos( $_POST['bps_customcode_directory_index'], 'eyJjaXBoZXJ0ZXh0Ijoi' );
71
+ $pos4 = strpos( $_POST['bps_customcode_server_protocol'], 'eyJjaXBoZXJ0ZXh0Ijoi' );
72
+ $pos5 = strpos( $_POST['bps_customcode_error_logging'], 'eyJjaXBoZXJ0ZXh0Ijoi' );
73
+ $pos6 = strpos( $_POST['bps_customcode_deny_dot_folders'], 'eyJjaXBoZXJ0ZXh0Ijoi' );
74
+ $pos7 = strpos( $_POST['bps_customcode_admin_includes'], 'eyJjaXBoZXJ0ZXh0Ijoi' );
75
+ $pos8 = strpos( $_POST['bps_customcode_wp_rewrite_start'], 'eyJjaXBoZXJ0ZXh0Ijoi' );
76
+ $pos9 = strpos( $_POST['bps_customcode_request_methods'], 'eyJjaXBoZXJ0ZXh0Ijoi' );
77
+ $pos10 = strpos( $_POST['bps_customcode_two'], 'eyJjaXBoZXJ0ZXh0Ijoi' );
78
+ $pos11 = strpos( $_POST['bps_customcode_timthumb_misc'], 'eyJjaXBoZXJ0ZXh0Ijoi' );
79
+ $pos12 = strpos( $_POST['bps_customcode_bpsqse'], 'eyJjaXBoZXJ0ZXh0Ijoi' );
80
+ $pos13 = strpos( $_POST['bps_customcode_wp_rewrite_end'], 'eyJjaXBoZXJ0ZXh0Ijoi' );
81
+ $pos14 = strpos( $_POST['bps_customcode_deny_files'], 'eyJjaXBoZXJ0ZXh0Ijoi' );
82
+ $pos15 = strpos( $_POST['bps_customcode_three'], 'eyJjaXBoZXJ0ZXh0Ijoi' );
83
+
84
+ if ( $pos1 === false ) {
85
+ $bps_customcode_one = stripslashes($_POST['bps_customcode_one']);
86
+ } else {
87
+ $bps_customcode_one = $Encryption->decrypt($_POST['bps_customcode_one'], $nonceValue);
88
+ }
89
+
90
+ if ( $pos2 === false ) {
91
+ $bps_customcode_server_signature = stripslashes($_POST['bps_customcode_server_signature']);
92
+ } else {
93
+ $bps_customcode_server_signature = $Encryption->decrypt($_POST['bps_customcode_server_signature'], $nonceValue);
94
+ }
95
+
96
+ if ( $pos3 === false ) {
97
+ $bps_customcode_directory_index = stripslashes($_POST['bps_customcode_directory_index']);
98
+ } else {
99
+ $bps_customcode_directory_index = $Encryption->decrypt($_POST['bps_customcode_directory_index'], $nonceValue);
100
+ }
101
+
102
+ if ( $pos4 === false ) {
103
+ $bps_customcode_server_protocol = stripslashes($_POST['bps_customcode_server_protocol']);
104
+ } else {
105
+ $bps_customcode_server_protocol = $Encryption->decrypt($_POST['bps_customcode_server_protocol'], $nonceValue);
106
+ }
107
+
108
+ if ( $pos5 === false ) {
109
+ $bps_customcode_error_logging = stripslashes($_POST['bps_customcode_error_logging']);
110
+ } else {
111
+ $bps_customcode_error_logging = $Encryption->decrypt($_POST['bps_customcode_error_logging'], $nonceValue);
112
+ }
113
+
114
+ if ( $pos6 === false ) {
115
+ $bps_customcode_deny_dot_folders = stripslashes($_POST['bps_customcode_deny_dot_folders']);
116
+ } else {
117
+ $bps_customcode_deny_dot_folders = $Encryption->decrypt($_POST['bps_customcode_deny_dot_folders'], $nonceValue);
118
+ }
119
+
120
+ if ( $pos7 === false ) {
121
+ $bps_customcode_admin_includes = stripslashes($_POST['bps_customcode_admin_includes']);
122
+ } else {
123
+ $bps_customcode_admin_includes = $Encryption->decrypt($_POST['bps_customcode_admin_includes'], $nonceValue);
124
+ }
125
+
126
+ if ( $pos8 === false ) {
127
+ $bps_customcode_wp_rewrite_start = stripslashes($_POST['bps_customcode_wp_rewrite_start']);
128
+ } else {
129
+ $bps_customcode_wp_rewrite_start = $Encryption->decrypt($_POST['bps_customcode_wp_rewrite_start'], $nonceValue);
130
+ }
131
+
132
+ if ( $pos9 === false ) {
133
+ $bps_customcode_request_methods = stripslashes($_POST['bps_customcode_request_methods']);
134
+ } else {
135
+ $bps_customcode_request_methods = $Encryption->decrypt($_POST['bps_customcode_request_methods'], $nonceValue);
136
+ }
137
+
138
+ if ( $pos10 === false ) {
139
+ $bps_customcode_two = stripslashes($_POST['bps_customcode_two']);
140
+ } else {
141
+ $bps_customcode_two = $Encryption->decrypt($_POST['bps_customcode_two'], $nonceValue);
142
+ }
143
+
144
+ if ( $pos11 === false ) {
145
+ $bps_customcode_timthumb_misc = stripslashes($_POST['bps_customcode_timthumb_misc']);
146
+ } else {
147
+ $bps_customcode_timthumb_misc = $Encryption->decrypt($_POST['bps_customcode_timthumb_misc'], $nonceValue);
148
+ }
149
+
150
+ if ( $pos12 === false ) {
151
+ $bps_customcode_bpsqse = stripslashes($_POST['bps_customcode_bpsqse']);
152
+ } else {
153
+ $bps_customcode_bpsqse = $Encryption->decrypt($_POST['bps_customcode_bpsqse'], $nonceValue);
154
+ }
155
+
156
+ if ( $pos13 === false ) {
157
+ $bps_customcode_wp_rewrite_end = stripslashes($_POST['bps_customcode_wp_rewrite_end']);
158
+ } else {
159
+ $bps_customcode_wp_rewrite_end = $Encryption->decrypt($_POST['bps_customcode_wp_rewrite_end'], $nonceValue);
160
+ }
161
+
162
+ if ( $pos14 === false ) {
163
+ $bps_customcode_deny_files = stripslashes($_POST['bps_customcode_deny_files']);
164
+ } else {
165
+ $bps_customcode_deny_files = $Encryption->decrypt($_POST['bps_customcode_deny_files'], $nonceValue);
166
+ }
167
+
168
+ if ( $pos15 === false ) {
169
+ $bps_customcode_three = stripslashes($_POST['bps_customcode_three']);
170
+ } else {
171
+ $bps_customcode_three = $Encryption->decrypt($_POST['bps_customcode_three'], $nonceValue);
172
+ }
173
 
174
  $Root_CC_Options = array(
175
+ 'bps_customcode_one' => $bps_customcode_one,
176
+ 'bps_customcode_server_signature' => $bps_customcode_server_signature,
177
+ 'bps_customcode_directory_index' => $bps_customcode_directory_index,
178
+ 'bps_customcode_server_protocol' => $bps_customcode_server_protocol,
179
+ 'bps_customcode_error_logging' => $bps_customcode_error_logging,
180
+ 'bps_customcode_deny_dot_folders' => $bps_customcode_deny_dot_folders,
181
+ 'bps_customcode_admin_includes' => $bps_customcode_admin_includes,
182
+ 'bps_customcode_wp_rewrite_start' => $bps_customcode_wp_rewrite_start,
183
+ 'bps_customcode_request_methods' => $bps_customcode_request_methods,
184
+ 'bps_customcode_two' => $bps_customcode_two,
185
+ 'bps_customcode_timthumb_misc' => $bps_customcode_timthumb_misc,
186
+ 'bps_customcode_bpsqse' => $bps_customcode_bpsqse,
187
+ 'bps_customcode_wp_rewrite_end' => $bps_customcode_wp_rewrite_end,
188
+ 'bps_customcode_deny_files' => $bps_customcode_deny_files,
189
+ 'bps_customcode_three' => $bps_customcode_three
190
  );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
191
 
192
  foreach( $Root_CC_Options as $key => $value ) {
193
  update_option('bulletproof_security_options_customcode', $Root_CC_Options);
202
  }
203
 
204
  // wp-admin Custom Code Form
205
+ // Important Note: stripslashes is used to strip any slashes that are added to a $_POST value and not slashes in the code itself.
206
+ ## 3.6: Encryption|Decryption added to Forms to bypass/evade OWASP ModSecurity CRS Ruleset on web hosts.
207
  function bpsPro_CC_WPA_values_form() {
208
  global $bps_topDiv, $bps_bottomDiv;
209
 
210
  if ( isset( $_POST['bps_customcode_submit_wpa'] ) && current_user_can('manage_options') ) {
211
  check_admin_referer( 'bulletproof_security_CC_WPA' );
212
 
213
+ $Encryption = new bpsProPHPEncryption();
214
+ $nonceValue = 'ghbhnyxu';
215
+
216
+ $pos1 = strpos( $_POST['bps_customcode_deny_files_wpa'], 'eyJjaXBoZXJ0ZXh0Ijoi' );
217
+ $pos2 = strpos( $_POST['bps_customcode_one_wpa'], 'eyJjaXBoZXJ0ZXh0Ijoi' );
218
+ $pos3 = strpos( $_POST['bps_customcode_two_wpa'], 'eyJjaXBoZXJ0ZXh0Ijoi' );
219
+ $pos4 = strpos( $_POST['bps_customcode_bpsqse_wpa'], 'eyJjaXBoZXJ0ZXh0Ijoi' );
220
+
221
+ if ( $pos1 === false ) {
222
+ $bps_customcode_deny_files_wpa = stripslashes($_POST['bps_customcode_deny_files_wpa']);
223
+ } else {
224
+ $bps_customcode_deny_files_wpa = $Encryption->decrypt($_POST['bps_customcode_deny_files_wpa'], $nonceValue);
225
+ }
226
+
227
+ if ( $pos2 === false ) {
228
+ $bps_customcode_one_wpa = stripslashes($_POST['bps_customcode_one_wpa']);
229
+ } else {
230
+ $bps_customcode_one_wpa = $Encryption->decrypt($_POST['bps_customcode_one_wpa'], $nonceValue);
231
+ }
232
+
233
+ if ( $pos3 === false ) {
234
+ $bps_customcode_two_wpa = stripslashes($_POST['bps_customcode_two_wpa']);
235
+ } else {
236
+ $bps_customcode_two_wpa = $Encryption->decrypt($_POST['bps_customcode_two_wpa'], $nonceValue);
237
+ }
238
+
239
+ if ( $pos4 === false ) {
240
+ $bps_customcode_bpsqse_wpa = stripslashes($_POST['bps_customcode_bpsqse_wpa']);
241
+ } else {
242
+ $bps_customcode_bpsqse_wpa = $Encryption->decrypt($_POST['bps_customcode_bpsqse_wpa'], $nonceValue);
243
+ }
244
+
245
  $wpadmin_CC_Options = array(
246
+ 'bps_customcode_deny_files_wpa' => $bps_customcode_deny_files_wpa,
247
+ 'bps_customcode_one_wpa' => $bps_customcode_one_wpa,
248
+ 'bps_customcode_two_wpa' => $bps_customcode_two_wpa,
249
+ 'bps_customcode_bpsqse_wpa' => $bps_customcode_bpsqse_wpa
250
  );
251
 
252
  foreach( $wpadmin_CC_Options as $key => $value ) {
262
  }
263
 
264
  $Apache_Mod_options = get_option('bulletproof_security_options_apache_modules');
265
+ // Nonce for Crypto-js
266
+ $bps_nonceValue = 'ghbhnyxu';
267
+ $bpsSpacePop = '-------------------------------------------------------------';
268
  ?>
269
 
270
  <div id="bps-accordion-2" class="bps-accordion-main-2" style="">
271
  <h3><?php _e('Root htaccess File Custom Code', 'bulletproof-security'); ?></h3>
272
  <div id="cc-accordion-inner">
273
 
274
+ <button onclick="bpsRootCCEncrypt()" class="button bps-button"><?php esc_attr_e('Encrypt Custom Code', 'bulletproof-security'); ?></button>
275
+ <button onclick="bpsRootCCDecrypt()" class="button bps-button"><?php esc_attr_e('Decrypt Custom Code', 'bulletproof-security'); ?></button>
276
+
277
  <table width="100%" border="0" cellspacing="0" cellpadding="10" class="bps-help_faq_table">
278
  <tr>
279
  <td colspan="2" class="bps-table_title"></td>
291
 
292
  <strong><label for="bps-CCode"><?php echo number_format_i18n( 1 ).'. '; _e('CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE:<br>Add php/php.ini handler code, cache code and/or <a href="https://forum.ait-pro.com/forums/topic/htaccess-caching-code-speed-boost-cache-code/" title="Link opens in a new Browser window" target="_blank">Speed Boost Cache Code</a>', 'bulletproof-security'); ?> </label></strong><br />
293
  <strong><?php $text = '<font color="#2ea2cc">'.__('ONLY add valid php/php.ini handler htaccess code and/or cache htaccess code below or text commented out with a pound sign #', 'bulletproof-security').'</font>'; echo $text ; ?></strong><br />
294
+ <textarea id="crypt1" class="bps-text-area-custom-code" name="bps_customcode_one" tabindex="1"><?php echo $CC_Options_root['bps_customcode_one']; ?></textarea>
295
  </td>
296
  <td class="bps-table_cell_help_custom_code" style="padding-top:75px;"><span style="color:#2ea2cc;font-weight:bold;">Example Code: Click the Read Me help button for Custom Code Setup Steps. This example code is a visual reference to show you where your php/php.ini handler and/or cache htaccess code will be created in your root htaccess file. If you have php/php.ini handler and/or cache htaccess code, copy and paste it into the CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE text box to the left.</span><pre># PHP/PHP.INI HANDLER/CACHE CODE<br /># Use BPS Custom Code to add php/php.ini Handler and Cache htaccess code and to save it permanently.<br /># Most Hosts do not have/use/require php/php.ini Handler htaccess code</pre></td>
297
  </tr>
299
  <td class="bps-table_cell_help_custom_code">
300
  <strong><label for="bps-CCode"><?php echo number_format_i18n( 2 ).'. '; _e('CUSTOM CODE TURN OFF YOUR SERVER SIGNATURE:', 'bulletproof-security'); ?> </label></strong><br />
301
  <strong><?php $text = '<font color="#2ea2cc">'.__('You MUST copy and paste the entire TURN OFF YOUR SERVER SIGNATURE section of code from your root .htaccess file into this text box first. You can then edit and modify the code in this text window and save your changes.', 'bulletproof-security').'</font>'; echo $text ; ?></strong><br />
302
+ <textarea id="crypt2" class="bps-text-area-custom-code" name="bps_customcode_server_signature" tabindex="2"><?php echo @$CC_Options_root['bps_customcode_server_signature']; ?></textarea>
303
  </td>
304
  <td class="bps-table_cell_help_custom_code" style="padding-top:75px;"><span style="color:#2ea2cc;font-weight:bold;">Example Code: Click the Read Me help button for Custom Code Setup Steps. This example code is a visual reference to show you which root htaccess file code goes in the CUSTOM CODE TURN OFF YOUR SERVER SIGNATURE text box. Go to the htaccess File Editor tab page and copy your actual TURN OFF YOUR SERVER SIGNATURE root htaccess file code and paste it into the CUSTOM CODE TURN OFF YOUR SERVER SIGNATURE text box to the left.</span><pre># TURN OFF YOUR SERVER SIGNATURE<br /># Suppresses the footer line server version number and ServerName of the serving virtual host<br />ServerSignature Off</pre></td>
305
  </tr>
307
  <td class="bps-table_cell_help_custom_code">
308
  <strong><label for="bps-CCode"><?php echo number_format_i18n( 3 ).'. '; _e('CUSTOM CODE DO NOT SHOW DIRECTORY LISTING/DIRECTORY INDEX:', 'bulletproof-security'); ?> </label></strong><br />
309
  <strong><?php $text = '<font color="#2ea2cc">'.__('You MUST copy and paste the entire DO NOT SHOW DIRECTORY LISTING and DIRECTORY INDEX sections of code from your root .htaccess file into this text box first. You can then edit and modify the code in this text window and save your changes.', 'bulletproof-security').'</font>'; echo $text ; ?></strong><br />
310
+ <textarea id="crypt3" class="bps-text-area-custom-code" name="bps_customcode_directory_index" tabindex="3"><?php echo $CC_Options_root['bps_customcode_directory_index']; ?></textarea>
311
  </td>
312
  <td class="bps-table_cell_help_custom_code" style="padding-top:75px;"><span style="color:#2ea2cc;font-weight:bold;">Example Code: Click the Read Me help button for Custom Code Setup Steps. This example code is a visual reference to show you which root htaccess file code goes in the CUSTOM CODE DO NOT SHOW DIRECTORY LISTING/DIRECTORY INDEX text box. Go to the htaccess File Editor tab page and copy your actual DO NOT SHOW DIRECTORY LISTING/DIRECTORY INDEX root htaccess file code and paste it into the CUSTOM CODE DO NOT SHOW DIRECTORY LISTING/DIRECTORY INDEX text box to the left.</span><pre style="max-height:130px;"># DO NOT SHOW DIRECTORY LISTING<br /># Disallow mod_autoindex from displaying a directory listing<br /># If a 500 Internal Server Error occurs when activating Root BulletProof Mode<br /># copy the entire DO NOT SHOW DIRECTORY LISTING and DIRECTORY INDEX sections of code<br /># and paste it into BPS Custom Code and comment out Options -Indexes<br /># by adding a # sign in front of it.<br /># Example: #Options -Indexes<br />Options -Indexes<br /><br /># DIRECTORY INDEX FORCE INDEX.PHP<br /># Use index.php as default directory index file. index.html will be ignored.<br /># If a 500 Internal Server Error occurs when activating Root BulletProof Mode<br /># copy the entire DO NOT SHOW DIRECTORY LISTING and DIRECTORY INDEX sections of code<br /># and paste it into BPS Custom Code and comment out DirectoryIndex<br /># by adding a # sign in front of it.<br /># Example: #DirectoryIndex index.php index.html /index.php<br />DirectoryIndex index.php index.html /index.php</pre></td>
313
  </tr>
315
  <td class="bps-table_cell_help_custom_code">
316
  <strong><label for="bps-CCode"><?php echo number_format_i18n( 4 ).'. '; _e('CUSTOM CODE BRUTE FORCE LOGIN PAGE PROTECTION:', 'bulletproof-security'); ?> </label></strong><br />
317
  <strong><?php $text = '<font color="#2ea2cc">'.__('This Custom Code text box is for optional/Bonus code. To get this code click the link below:', 'bulletproof-security').'<br><a href="https://forum.ait-pro.com/forums/topic/protect-login-page-from-brute-force-login-attacks/" title="Link opens in a new Browser window" target="_blank">Brute Force Login Page Protection Code</a></font>'; echo $text ; ?></strong><br />
318
+ <textarea id="crypt4" class="bps-text-area-custom-code" name="bps_customcode_server_protocol" tabindex="4"><?php echo $CC_Options_root['bps_customcode_server_protocol']; ?></textarea>
319
  </td>
320
  <td class="bps-table_cell_help_custom_code" style="padding-top:60px;"><span style="color:#2ea2cc;font-weight:bold;">Example Code: Click the Read Me help button for Custom Code Setup Steps. This example code is a visual reference to show you where your Brute Force Login Page Protection code will be created in your root htaccess file if you decide to add the option/Bonus code. You can get the code by clicking the Brute Force Login Page Protection Code link. Copy and paste it into the CUSTOM CODE BRUTE FORCE LOGIN PAGE PROTECTION text box to the left.</span><pre># BRUTE FORCE LOGIN PAGE PROTECTION<br /># PLACEHOLDER ONLY<br /># Use BPS Custom Code to add Brute Force Login protection code and to save it permanently.<br /># See this link: https://forum.ait-pro.com/forums/topic/protect-login-page-from-brute-force-login-attacks/<br /># for more information.</pre></td>
321
  </tr>
323
  <td class="bps-table_cell_help_custom_code">
324
  <strong><label for="bps-CCode"><?php echo number_format_i18n( 5 ).'. '; _e('CUSTOM CODE ERROR LOGGING AND TRACKING:', 'bulletproof-security'); ?> </label></strong><br />
325
  <strong><?php $text = '<font color="#2ea2cc">'.__('You MUST copy and paste the entire ERROR LOGGING AND TRACKING section of code from your root .htaccess file into this text box first. You can then edit and modify the code in this text window and save your changes.', 'bulletproof-security').'</font>'; echo $text ; ?></strong><br />
326
+ <textarea id="crypt5" class="bps-text-area-custom-code" name="bps_customcode_error_logging" tabindex="5"><?php echo $CC_Options_root['bps_customcode_error_logging']; ?></textarea>
327
  </td>
328
  <td class="bps-table_cell_help_custom_code" style="padding-top:75px;"><span style="color:#2ea2cc;font-weight:bold;">Example Code: Click the Read Me help button for Custom Code Setup Steps. This example code is a visual reference to show you which root htaccess file code goes in the CUSTOM CODE ERROR LOGGING AND TRACKING text box. Go to the htaccess File Editor tab page and copy your actual ERROR LOGGING AND TRACKING root htaccess file code and paste it into the CUSTOM CODE ERROR LOGGING AND TRACKING text box to the left.</span><pre style="max-height:145px;"># BPS PRO ERROR LOGGING AND TRACKING<br /># Use BPS Custom Code to modify/edit/change this code and to save it permanently.<br /># BPS Pro has premade 400 Bad Request, 403 Forbidden, 404 Not Found, 405 Method Not Allowed and<br /># 410 Gone template logging files that are used to track and log 400, 403, 404, 405 and 410 errors<br />.....<br />.....<br />ErrorDocument 400 <?php echo '/'.$bps_plugin_dir; ?>/bulletproof-security/400.php<br />ErrorDocument 401 default<br />ErrorDocument 403 <?php echo '/'.$bps_plugin_dir; ?>/bulletproof-security/403.php<br />ErrorDocument 404 /404.php<br />ErrorDocument 405 <?php echo '/'.$bps_plugin_dir; ?>/bulletproof-security/405.php<br />ErrorDocument 410 <?php echo '/'.$bps_plugin_dir; ?>/bulletproof-security/410.php</pre></td>
329
  </tr>
331
  <td class="bps-table_cell_help_custom_code">
332
  <strong><label for="bps-CCode"><?php echo number_format_i18n( 6 ).'. '; _e('CUSTOM CODE DENY ACCESS TO PROTECTED SERVER FILES AND FOLDERS:', 'bulletproof-security'); ?> </label></strong><br />
333
  <strong><?php $text = '<font color="#2ea2cc">'.__('You MUST copy and paste the entire DENY ACCESS TO PROTECTED SERVER FILES AND FOLDERS section of code from your root .htaccess file into this text box first. You can then edit and modify the code in this text window and save your changes.', 'bulletproof-security').'</font>'; echo $text ; ?></strong><br />
334
+ <textarea id="crypt6" class="bps-text-area-custom-code" name="bps_customcode_deny_dot_folders" tabindex="6"><?php echo @$CC_Options_root['bps_customcode_deny_dot_folders']; ?></textarea>
335
  </td>
336
  <td class="bps-table_cell_help_custom_code" style="padding-top:75px;"><span style="color:#2ea2cc;font-weight:bold;">Example Code: Click the Read Me help button for Custom Code Setup Steps. This example code is a visual reference to show you which root htaccess file code goes in the CUSTOM CODE DENY ACCESS TO PROTECTED SERVER FILES AND FOLDERS text box. Go to the htaccess File Editor tab page and copy your actual DENY ACCESS TO PROTECTED SERVER FILES AND FOLDERS root htaccess file code and paste it into the CUSTOM CODE DENY ACCESS TO PROTECTED SERVER FILES AND FOLDERS text box to the left.</span><pre># DENY ACCESS TO PROTECTED SERVER FILES AND FOLDERS<br /># Use BPS Custom Code to modify/edit/change this code and to save it permanently.<br /># Files and folders starting with a dot: .htaccess, .htpasswd, .errordocs, .logs<br />RedirectMatch 403 \.(htaccess|htpasswd|errordocs|logs)$</pre></td>
337
  </tr>
339
  <td class="bps-table_cell_help_custom_code">
340
  <strong><label for="bps-CCode"><?php echo number_format_i18n( 7 ).'. '; _e('CUSTOM CODE WP-ADMIN/INCLUDES: DO NOT add wp-admin .htaccess code here', 'bulletproof-security'); ?> </label></strong><br />
341
  <strong><?php $text = '<font color="#2ea2cc">'.__('Add one pound sign # below to prevent the WP-ADMIN/INCLUDES section of code from being created in your root .htaccess file', 'bulletproof-security').'</font>'; echo $text ; ?></strong><br />
342
+ <textarea id="crypt7" class="bps-text-area-custom-code" name="bps_customcode_admin_includes" tabindex="7"><?php echo $CC_Options_root['bps_customcode_admin_includes']; ?></textarea>
343
  </td>
344
  <td class="bps-table_cell_help_custom_code" style="padding-top:60px;"><span style="color:#2ea2cc;font-weight:bold;">Example Code: Click the Read Me help button for Custom Code Setup Steps. This example code is a visual reference to show you which root htaccess file code goes in the CUSTOM CODE WP-ADMIN/INCLUDES text box. Go to the htaccess File Editor tab page and copy your actual WP-ADMIN/INCLUDES root htaccess file code and paste it into the CUSTOM CODE WP-ADMIN/INCLUDES text box to the left.</span><pre># WP-ADMIN/INCLUDES<br /># Use BPS Custom Code to remove this code permanently.<br />RewriteEngine On<br />RewriteBase /<br />RewriteRule ^wp-admin/includes/ - [F]<br />RewriteRule !^wp-includes/ - [S=3]<br />RewriteRule ^wp-includes/[^/]+\.php$ - [F]<br />RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F]<br />RewriteRule ^wp-includes/theme-compat/ - [F]</pre></td>
345
  </tr>
347
  <td class="bps-table_cell_help_custom_code">
348
  <strong><label for="bps-CCode"><?php echo number_format_i18n( 8 ).'. '; _e('CUSTOM CODE WP REWRITE LOOP START: www/non-www http/https Rewrite code here', 'bulletproof-security'); ?> </label></strong><br />
349
  <strong><?php $text = '<font color="#2ea2cc">'.__('You MUST copy and paste the entire WP REWRITE LOOP START section of code from your root .htaccess file into this text box first. You can then edit and modify the code in this text window and save your changes.', 'bulletproof-security').'</font>'; echo $text ; ?></strong><br />
350
+ <textarea id="crypt8" class="bps-text-area-custom-code" name="bps_customcode_wp_rewrite_start" tabindex="8"><?php echo $CC_Options_root['bps_customcode_wp_rewrite_start']; ?></textarea>
351
  </td>
352
  <td class="bps-table_cell_help_custom_code" style="padding-top:75px;"><span style="color:#2ea2cc;font-weight:bold;">Example Code: Click the Read Me help button for Custom Code Setup Steps. This example code is a visual reference to show you which root htaccess file code goes in the CUSTOM CODE WP REWRITE LOOP START text box. Go to the htaccess File Editor tab page and copy your actual WP REWRITE LOOP START root htaccess file code and paste it into the CUSTOM CODE WP REWRITE LOOP START text box to the left.</span><br /><pre># CUSTOM CODE WP REWRITE LOOP START<br /># WP REWRITE LOOP START<br />RewriteEngine On<br />RewriteBase /<br />RewriteRule ^index\.php$ - [L]</pre></td>
353
  </tr>
357
  <?php echo number_format_i18n( 9 ).'. '; _e('CUSTOM CODE REQUEST METHODS FILTERED:', 'bulletproof-security'); ?><br />
358
  <?php _e('Whitelist User Agents and allow HEAD Requests', 'bulletproof-security'); ?> </label></strong><br />
359
  <strong><?php $text = '<font color="#2ea2cc">'.__('You MUST copy and paste the entire REQUEST METHODS FILTERED section of code from your root .htaccess file into this text box first. You can then edit and modify the code in this text window and save your changes. To Allow HEAD Requests click the Read Me help button at the top of the Custom Code page for instructions and examples.', 'bulletproof-security').'</font>'; echo $text ; ?></strong><br />
360
+ <textarea id="crypt9" class="bps-text-area-custom-code" name="bps_customcode_request_methods" tabindex="9"><?php echo $CC_Options_root['bps_customcode_request_methods']; ?></textarea>
361
  </td>
362
  <td class="bps-table_cell_help_custom_code" style="padding-top:75px;">
363
 
377
  <td class="bps-table_cell_help_custom_code">
378
  <strong><label for="bps-CCode"><?php echo number_format_i18n( 10 ).'. '; _e('CUSTOM CODE PLUGIN/THEME SKIP/BYPASS RULES:<br>Add personal plugin/theme skip/bypass rules here', 'bulletproof-security'); ?> </label></strong><br />
379
  <strong><?php $text = '<font color="#2ea2cc">'.__('ONLY add valid htaccess code below or text commented out with a pound sign #', 'bulletproof-security').'</font>'; echo $text; ?></strong><br />
380
+ <textarea id="crypt10" class="bps-text-area-custom-code" name="bps_customcode_two" tabindex="10"><?php echo $CC_Options_root['bps_customcode_two']; ?></textarea>
381
  </td>
382
  <td class="bps-table_cell_help_custom_code" style="padding-top:60px;"><span style="color:#2ea2cc;font-weight:bold;">Example Code: Click the Read Me help button for Custom Code Setup Steps. This example code is a visual reference to show you where your plugin/theme skip/bypass rules code will be created in your root htaccess file. If you have plugin/theme skip/bypass rules, copy and paste it into the CUSTOM CODE PLUGIN/THEME SKIP/BYPASS RULES text box to the left. Click the Read Me help button for more information about plugin/theme skip/bypass rules code.</span><pre style="max-height:145px;"># PLUGINS/THEMES AND VARIOUS EXPLOIT FILTER SKIP RULES<br /># To add plugin/theme skip/bypass rules use BPS Custom Code.<br /># The [S] flag is used to skip following rules. Skip rule [S=12] will skip 12 following RewriteRules.<br /># The skip rules MUST be in descending consecutive number order: 12, 11, 10, 9...<br /># If you delete a skip rule, change the other skip rule numbers accordingly.<br /># Examples: If RewriteRule [S=5] is deleted than change [S=6] to [S=5], [S=7] to [S=6], etc.<br /># If you add a new skip rule above skip rule 12 it will be skip rule 13: [S=13]<br /><br /><div style="background-color:#FFFF00;padding:3px;">Your plugin/theme skip/bypass rules will be created here in your root htaccess file</div><br /># Adminer MySQL management tool data populate<br />RewriteCond %{REQUEST_URI} ^/<?php echo $bps_plugin_dir; ?>/adminer/ [NC]<br />RewriteRule . - [S=12]</pre></td>
383
  </tr>
385
  <td class="bps-table_cell_help_custom_code">
386
  <strong><label for="bps-CCode"><?php echo number_format_i18n( 11 ).'. '; _e('CUSTOM CODE TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE:', 'bulletproof-security'); ?> </label></strong><br />
387
  <strong><?php $text = '<font color="#2ea2cc">'.__('You MUST copy and paste the entire TIMTHUMB FORBID RFI section of code from your root .htaccess file into this text box first. You can then edit and modify the code in this text window and save your changes.', 'bulletproof-security').'</font>'; echo $text; ?></strong><br />
388
+ <textarea id="crypt11" class="bps-text-area-custom-code" name="bps_customcode_timthumb_misc" tabindex="11"><?php echo $CC_Options_root['bps_customcode_timthumb_misc']; ?></textarea>
389
  </td>
390
  <td class="bps-table_cell_help_custom_code" style="padding-top:75px;"><span style="color:#2ea2cc;font-weight:bold;">Example Code: Click the Read Me help button for Custom Code Setup Steps. This example code is a visual reference to show you which root htaccess file code goes in the CUSTOM CODE TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE text box. Go to the htaccess File Editor tab page and copy your actual TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE root htaccess file code and paste it into the CUSTOM CODE text box to the left.</span><pre style="max-height:145px;"># TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE<br /># Use BPS Custom Code to modify/edit/change this code and to save it permanently.<br /># Remote File Inclusion (RFI) security rules<br />.....<br />.....<br /># Example: Whitelist additional misc files: (example\.php|another-file\.php|phpthumb\.php|thumb\.php|thumbs\.php)<br />RewriteCond %{REQUEST_URI} (timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC]<br /># Example: Whitelist additional website domains: RewriteCond %{HTTP_REFERER} ^.*(YourWebsite.com|AnotherWebsite.com).*<br />RewriteCond %{HTTP_REFERER} ^.*<?php echo $bps_get_domain_root; ?>.*<br />RewriteRule . - [S=1]</pre></td>
391
  </tr>
393
  <td class="bps-table_cell_help_custom_code">
394
  <strong><label for="bps-CCode"><?php echo number_format_i18n( 12 ).'. '; _e('CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS:', 'bulletproof-security'); ?> </label></strong><br />
395
  <strong><?php $text = '<font color="#2ea2cc">'.__('You MUST copy and paste the entire BPSQSE QUERY STRING EXPLOITS section of code from your root .htaccess file from # BEGIN BPSQSE BPS QUERY STRING EXPLOITS to # END BPSQSE BPS QUERY STRING EXPLOITS into this text box first. You can then edit and modify the code in this text window and save your changes.', 'bulletproof-security').'</font>'; echo $text; ?></strong><br />
396
+ <textarea id="crypt12" class="bps-text-area-custom-code" name="bps_customcode_bpsqse" tabindex="12"><?php echo $CC_Options_root['bps_customcode_bpsqse']; ?></textarea>
397
  </td>
398
  <td class="bps-table_cell_help_custom_code" style="padding-top:90px;"><span style="color:#2ea2cc;font-weight:bold;">Example Code: Click the Read Me help button for Custom Code Setup Steps. This example code is a visual reference to show you which root htaccess file code goes in the CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS text box. Go to the htaccess File Editor tab page and copy your actual BPSQSE BPS QUERY STRING EXPLOITS root htaccess file code and paste it into the CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS text box to the left.</span><pre># BEGIN BPSQSE BPS QUERY STRING EXPLOITS<br /># The libwww-perl User Agent is forbidden - Many bad bots use libwww-perl modules, but some good bots use it too.<br /># Good sites such as W3C use it for their W3C-LinkChecker.<br /># Use BPS Custom Code to add or remove user agents temporarily or permanently from the<br />.....<br />.....<br />RewriteCond %{QUERY_STRING} (sp_executesql) [NC]<br />RewriteRule ^(.*)$ - [F]<br /># END BPSQSE BPS QUERY STRING EXPLOITS</pre></td>
399
  </tr>
404
  <td class="bps-table_cell_help_custom_code">
405
  <strong><label for="bps-CCode"><?php echo number_format_i18n( 12 ).'b. '; _e('CUSTOM CODE WP REWRITE LOOP END: Add WP Rewrite Loop End code here', 'bulletproof-security'); ?> </label></strong><br />
406
  <strong><?php $text = '<font color="#2ea2cc">'.__('This is a Special Custom Code text box that should only be used if the correct WP REWRITE LOOP END code is not being created in your root .htaccess file. See the Read Me help button for more information.', 'bulletproof-security').'</font>'; echo $text; ?></strong><br />
407
+ <textarea id="crypt12b" class="bps-text-area-custom-code" name="bps_customcode_wp_rewrite_end" tabindex="13"><?php echo $CC_Options_root['bps_customcode_wp_rewrite_end']; ?></textarea>
408
 
409
  </td>
410
  <td class="bps-table_cell_help_custom_code" style="padding-top:75px;"><span style="color:#2ea2cc;font-weight:bold;">Example Code: The actual WP REWRITE LOOP END code for your website may be different. This example code is a visual reference to show you which root htaccess file code goes in the CUSTOM CODE WP REWRITE LOOP END text box. Go to the htaccess File Editor tab page and copy your actual WP REWRITE LOOP END root htaccess file code and paste it into the CUSTOM CODE WP REWRITE LOOP END text box to the left.</span><br /><pre># END BPSQSE BPS QUERY STRING EXPLOITS<br /><div style="background-color:#FFFF00;padding:3px;">RewriteCond %{REQUEST_FILENAME} -f [OR]<br />RewriteCond %{REQUEST_FILENAME} -d<br />RewriteRule ^ - [L]<br />RewriteRule ^[_0-9a-zA-Z-]+/(wp-(content|admin|includes).*) $1 [L]<br />RewriteRule ^[_0-9a-zA-Z-]+/(.*\.php)$ $1 [L]<br />RewriteRule . index.php [L]<br /># WP REWRITE LOOP END</div></pre>
411
  </td>
412
  </tr>
413
 
414
+ <?php } else { ?>
415
+
416
+ <textarea id="crypt12b" class="bps-text-area-custom-code" name="bps_customcode_wp_rewrite_end" tabindex="13" style="display:none;"></textarea>
417
+
418
  <?php } ?>
419
 
420
  <tr>
421
  <td class="bps-table_cell_help_custom_code">
422
  <strong><label for="bps-CCode"><?php echo number_format_i18n( 13 ).'. '; _e('CUSTOM CODE DENY BROWSER ACCESS TO THESE FILES:', 'bulletproof-security'); ?> </label></strong><br />
423
  <strong><?php $text = '<font color="#2ea2cc">'.__('You MUST copy and paste the entire DENY BROWSER ACCESS section of code from your root .htaccess file into this text box first. You can then edit and modify the code in this text window and save your changes.', 'bulletproof-security').'</font>'; echo $text; ?></strong><br />
424
+ <textarea id="crypt13" class="bps-text-area-custom-code" name="bps_customcode_deny_files" tabindex="14"><?php echo $CC_Options_root['bps_customcode_deny_files']; ?></textarea>
425
  </td>
426
  <td class="bps-table_cell_help_custom_code" style="padding-top:75px;"><span style="color:#2ea2cc;font-weight:bold;">Example Code: Click the Read Me help button for Custom Code Setup Steps. This example code is a visual reference to show you which root htaccess file code goes in the CUSTOM CODE DENY BROWSER ACCESS TO THESE FILES text box. Go to the htaccess File Editor tab page and copy your actual DENY BROWSER ACCESS TO THESE FILES root htaccess file code and paste it into the CUSTOM CODE DENY BROWSER ACCESS TO THESE FILES text box to the left.</span>
427
 
441
  <td class="bps-table_cell_help_custom_code">
442
  <strong><label for="bps-CCode"><?php echo number_format_i18n( 14 ).'. '; _e('CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE: Add miscellaneous code here', 'bulletproof-security'); ?> </label></strong><br />
443
  <strong><?php $text = '<font color="#2ea2cc">'.__('ONLY add valid htaccess code below or text commented out with a pound sign #', 'bulletproof-security').'</font>'; echo $text; ?></strong><br />
444
+ <textarea id="crypt14" class="bps-text-area-custom-code" name="bps_customcode_three" tabindex="15"><?php echo $CC_Options_root['bps_customcode_three']; ?></textarea>
445
  </td>
446
  <td class="bps-table_cell_help_custom_code" style="padding-top:60px;"><span style="color:#2ea2cc;font-weight:bold;">Example Code: Click the Read Me help button for Custom Code Setup Steps. This example code is a visual reference to show you where your custom htaccess code will be created in your root htaccess file. If you have Hotlinking, Redirect, IP Blocking htaccess code then copy and paste it into the CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE text box to the left.</span><pre># CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE<br /># PLACEHOLDER ONLY<br /># Use BPS Custom Code to add custom code and save it permanently here.</pre></td>
447
  </tr>
448
  <tr>
449
  <td class="bps-table_cell_help_custom_code">
450
 
451
+ <?php echo '<label for="bps-mscan-label" style="">'.__('If you are unable to save Custom Code and/or see an error message when trying to save Custom Code, click the Encrypt Custom Code button first and then click the Save Root Custom Code button. Mouse over the question mark image to the right for help info.', 'bulletproof-security').'</label><strong><font color="black"><span class="tooltip-350-225"><img src="'.plugins_url('/bulletproof-security/admin/images/question-mark.png').'" style="position:relative;top:3px;left:5px;" /><span>'.__('If your web host currently has ModSecurity installed or installs ModSecurity at a later time then ModSecurity will prevent you from saving your custom htaccess code unless you encrypt it first by clicking the Encrypt Custom Code button.', 'bulletproof-security').'<br><br>'.__('If you click the Encrypt Custom Code button, but then want to add or edit additional custom code click the Decrypt Custom Code button. After you are done adding or editing custom code click the Encrypt Custom Code button before clicking the Save Root Custom Code button.', 'bulletproof-security').'<br><br>'.__('Additional Encrypt and Decrypt buttons have been added at the top of the Root Custom Code Form.', 'bulletproof-security').'<br><br>'.__('Click the Custom Code Read Me help button for more help info.', 'bulletproof-security').'</span></span></font></strong><br><br>'; ?>
452
+
453
  <input type="hidden" name="scrolltoCCode" value="<?php echo esc_html( $scrolltoCCode ); ?>" />
454
+ <input type="submit" name="bps_customcode_submit" value="<?php esc_attr_e('Save Root Custom Code', 'bulletproof-security') ?>" class="button bps-button" onclick="return confirm('<?php $text = __('IMPORTANT!!! Did you remember to click the Encrypt Custom Code button first before saving your Root Custom Code?', 'bulletproof-security').'\n\n'.$bpsSpacePop.'\n\n'.__('Click OK to save your Root Custom Code or click Cancel.', 'bulletproof-security'); echo $text; ?>')" />
455
  </form>
456
 
457
+ <button onclick="bpsRootCCEncrypt()" class="button bps-button"><?php esc_attr_e('Encrypt Custom Code', 'bulletproof-security'); ?></button>
458
+ <button onclick="bpsRootCCDecrypt()" class="button bps-button"><?php esc_attr_e('Decrypt Custom Code', 'bulletproof-security'); ?></button>
459
+
460
  </td>
461
  <td class="bps-table_cell_help_custom_code">&nbsp;</td>
462
  </tr>
472
  $('#bpsCustomCodeForm').submit(function(){ $('#scrolltoCCode').val( $('#bps_customcode_one').scrollTop() ); });
473
  $('#bps_customcode_one').scrollTop( $('#scrolltoCCode').val() );
474
  });
475
+
476
+ function bpsRootCCEncrypt() {
477
+
478
+ var nonceValue = '<?php echo $bps_nonceValue; ?>';
479
+
480
+ var CCString1 = document.getElementById("crypt1").value;
481
+ var CCString2 = document.getElementById("crypt2").value;
482
+ var CCString3 = document.getElementById("crypt3").value;
483
+ var CCString4 = document.getElementById("crypt4").value;
484
+ var CCString5 = document.getElementById("crypt5").value;
485
+ var CCString6 = document.getElementById("crypt6").value;
486
+ var CCString7 = document.getElementById("crypt7").value;
487
+ var CCString8 = document.getElementById("crypt8").value;
488
+ var CCString9 = document.getElementById("crypt9").value;
489
+ var CCString10 = document.getElementById("crypt10").value;
490
+ var CCString11 = document.getElementById("crypt11").value;
491
+ var CCString12 = document.getElementById("crypt12").value;
492
+ var CCString12b = document.getElementById("crypt12b").value;
493
+ var CCString13 = document.getElementById("crypt13").value;
494
+ var CCString14 = document.getElementById("crypt14").value;
495
+
496
+ // Prevent Double, Triple, etc. encryption
497
+ // The includes() method is not supported in IE 11 (and earlier versions)
498
+ var NoEncrypt1 = CCString1.includes("eyJjaXBoZXJ0ZXh0Ijoi");
499
+ //console.log(NoEncrypt1);
500
+ var NoEncrypt2 = CCString2.includes("eyJjaXBoZXJ0ZXh0Ijoi");
501
+ //console.log(NoEncrypt2);
502
+ var NoEncrypt3 = CCString3.includes("eyJjaXBoZXJ0ZXh0Ijoi");
503
+ //console.log(NoEncrypt3);
504
+ var NoEncrypt4 = CCString4.includes("eyJjaXBoZXJ0ZXh0Ijoi");
505
+ //console.log(NoEncrypt4);
506
+ var NoEncrypt5 = CCString5.includes("eyJjaXBoZXJ0ZXh0Ijoi");
507
+ //console.log(NoEncrypt5);
508
+ var NoEncrypt6 = CCString6.includes("eyJjaXBoZXJ0ZXh0Ijoi");
509
+ //console.log(NoEncrypt6);
510
+ var NoEncrypt7 = CCString7.includes("eyJjaXBoZXJ0ZXh0Ijoi");
511
+ //console.log(NoEncrypt7);
512
+ var NoEncrypt8 = CCString8.includes("eyJjaXBoZXJ0ZXh0Ijoi");
513
+ //console.log(NoEncrypt8);
514
+ var NoEncrypt9 = CCString9.includes("eyJjaXBoZXJ0ZXh0Ijoi");
515
+ //console.log(NoEncrypt9);
516
+ var NoEncrypt10 = CCString10.includes("eyJjaXBoZXJ0ZXh0Ijoi");
517
+ //console.log(NoEncrypt10);
518
+ var NoEncrypt11 = CCString11.includes("eyJjaXBoZXJ0ZXh0Ijoi");
519
+ //console.log(NoEncrypt11);
520
+ var NoEncrypt12 = CCString12.includes("eyJjaXBoZXJ0ZXh0Ijoi");
521
+ //console.log(NoEncrypt12);
522
+ var NoEncrypt12b = CCString12b.includes("eyJjaXBoZXJ0ZXh0Ijoi");
523
+ //console.log(NoEncrypt12b);
524
+ var NoEncrypt13 = CCString13.includes("eyJjaXBoZXJ0ZXh0Ijoi");
525
+ //console.log(NoEncrypt13);
526
+ var NoEncrypt14 = CCString14.includes("eyJjaXBoZXJ0ZXh0Ijoi");
527
+ //console.log(NoEncrypt14);
528
+
529
+ let encryption = new bpsProJSEncryption();
530
+
531
+ if (CCString1 != '' && NoEncrypt1 === false) {
532
+ var encrypted1 = encryption.encrypt(CCString1, nonceValue);
533
+ }
534
+ if (CCString2 != '' && NoEncrypt2 === false) {
535
+ var encrypted2 = encryption.encrypt(CCString2, nonceValue);
536
+ }
537
+ if (CCString3 != '' && NoEncrypt3 === false) {
538
+ var encrypted3 = encryption.encrypt(CCString3, nonceValue);
539
+ }
540
+ if (CCString4 != '' && NoEncrypt4 === false) {
541
+ var encrypted4 = encryption.encrypt(CCString4, nonceValue);
542
+ }
543
+ if (CCString5 != '' && NoEncrypt5 === false) {
544
+ var encrypted5 = encryption.encrypt(CCString5, nonceValue);
545
+ }
546
+ if (CCString6 != '' && NoEncrypt6 === false) {
547
+ var encrypted6 = encryption.encrypt(CCString6, nonceValue);
548
+ }
549
+ if (CCString7 != '' && NoEncrypt7 === false) {
550
+ var encrypted7 = encryption.encrypt(CCString7, nonceValue);
551
+ }
552
+ if (CCString8 != '' && NoEncrypt8 === false) {
553
+ var encrypted8 = encryption.encrypt(CCString8, nonceValue);
554
+ }
555
+ if (CCString9 != '' && NoEncrypt9 === false) {
556
+ var encrypted9 = encryption.encrypt(CCString9, nonceValue);
557
+ }
558
+ if (CCString10 != '' && NoEncrypt10 === false) {
559
+ var encrypted10 = encryption.encrypt(CCString10, nonceValue);
560
+ }
561
+ if (CCString11 != '' && NoEncrypt11 === false) {
562
+ var encrypted11 = encryption.encrypt(CCString11, nonceValue);
563
+ }
564
+ if (CCString12 != '' && NoEncrypt12 === false) {
565
+ var encrypted12 = encryption.encrypt(CCString12, nonceValue);
566
+ }
567
+ if (CCString12b != '' && NoEncrypt12b === false) {
568
+ var encrypted12b = encryption.encrypt(CCString12b, nonceValue);
569
+ }
570
+ if (CCString13 != '' && NoEncrypt13 === false) {
571
+ var encrypted13 = encryption.encrypt(CCString13, nonceValue);
572
+ }
573
+ if (CCString14 != '' && NoEncrypt14 === false) {
574
+ var encrypted14 = encryption.encrypt(CCString14, nonceValue);
575
+ }
576
+ //console.log(encrypted);
577
+
578
+ if (CCString1 != '' && NoEncrypt1 === false) {
579
+ document.getElementById("crypt1").value = encrypted1;
580
+ }
581
+ if (CCString2 != '' && NoEncrypt2 === false) {
582
+ document.getElementById("crypt2").value = encrypted2;
583
+ }
584
+ if (CCString3 != '' && NoEncrypt3 === false) {
585
+ document.getElementById("crypt3").value = encrypted3;
586
+ }
587
+ if (CCString4 != '' && NoEncrypt4 === false) {
588
+ document.getElementById("crypt4").value = encrypted4;
589
+ }
590
+ if (CCString5 != '' && NoEncrypt5 === false) {
591
+ document.getElementById("crypt5").value = encrypted5;
592
+ }
593
+ if (CCString6 != '' && NoEncrypt6 === false) {
594
+ document.getElementById("crypt6").value = encrypted6;
595
+ }
596
+ if (CCString7 != '' && NoEncrypt7 === false) {
597
+ document.getElementById("crypt7").value = encrypted7;
598
+ }
599
+ if (CCString8 != '' && NoEncrypt8 === false) {
600
+ document.getElementById("crypt8").value = encrypted8;
601
+ }
602
+ if (CCString9 != '' && NoEncrypt9 === false) {
603
+ document.getElementById("crypt9").value = encrypted9;
604
+ }
605
+ if (CCString10 != '' && NoEncrypt10 === false) {
606
+ document.getElementById("crypt10").value = encrypted10;
607
+ }
608
+ if (CCString11 != '' && NoEncrypt11 === false) {
609
+ document.getElementById("crypt11").value = encrypted11;
610
+ }
611
+ if (CCString12 != '' && NoEncrypt12 === false) {
612
+ document.getElementById("crypt12").value = encrypted12;
613
+ }
614
+ if (CCString12b != '' && NoEncrypt12b === false) {
615
+ document.getElementById("crypt12b").value = encrypted12b;
616
+ }
617
+ if (CCString13 != '' && NoEncrypt13 === false) {
618
+ document.getElementById("crypt13").value = encrypted13;
619
+ }
620
+ if (CCString14 != '' && NoEncrypt14 === false) {
621
+ document.getElementById("crypt14").value = encrypted14;
622
+ }
623
+ }
624
+
625
+ function bpsRootCCDecrypt() {
626
+
627
+ var nonceValue = '<?php echo $bps_nonceValue; ?>';
628
+
629
+ var CCString1 = document.getElementById("crypt1").value;
630
+ var CCString2 = document.getElementById("crypt2").value;
631
+ var CCString3 = document.getElementById("crypt3").value;
632
+ var CCString4 = document.getElementById("crypt4").value;
633
+ var CCString5 = document.getElementById("crypt5").value;
634
+ var CCString6 = document.getElementById("crypt6").value;
635
+ var CCString7 = document.getElementById("crypt7").value;
636
+ var CCString8 = document.getElementById("crypt8").value;
637
+ var CCString9 = document.getElementById("crypt9").value;
638
+ var CCString10 = document.getElementById("crypt10").value;
639
+ var CCString11 = document.getElementById("crypt11").value;
640
+ var CCString12 = document.getElementById("crypt12").value;
641
+ var CCString12b = document.getElementById("crypt12b").value;
642
+ var CCString13 = document.getElementById("crypt13").value;
643
+ var CCString14 = document.getElementById("crypt14").value;
644
+
645
+ let encryption = new bpsProJSEncryption();
646
+
647
+ if (CCString1 != '') {
648
+ var decrypted1 = encryption.decrypt(CCString1, nonceValue);
649
+ }
650
+ if (CCString2 != '') {
651
+ var decrypted2 = encryption.decrypt(CCString2, nonceValue);
652
+ }
653
+ if (CCString3 != '') {
654
+ var decrypted3 = encryption.decrypt(CCString3, nonceValue);
655
+ }
656
+ if (CCString4 != '') {
657
+ var decrypted4 = encryption.decrypt(CCString4, nonceValue);
658
+ }
659
+ if (CCString5 != '') {
660
+ var decrypted5 = encryption.decrypt(CCString5, nonceValue);
661
+ }
662
+ if (CCString6 != '') {
663
+ var decrypted6 = encryption.decrypt(CCString6, nonceValue);
664
+ }
665
+ if (CCString7 != '') {
666
+ var decrypted7 = encryption.decrypt(CCString7, nonceValue);
667
+ }
668
+ if (CCString8 != '') {
669
+ var decrypted8 = encryption.decrypt(CCString8, nonceValue);
670
+ }
671
+ if (CCString9 != '') {
672
+ var decrypted9 = encryption.decrypt(CCString9, nonceValue);
673
+ }
674
+ if (CCString10 != '') {
675
+ var decrypted10 = encryption.decrypt(CCString10, nonceValue);
676
+ }
677
+ if (CCString11 != '') {
678
+ var decrypted11 = encryption.decrypt(CCString11, nonceValue);
679
+ }
680
+ if (CCString12 != '') {
681
+ var decrypted12 = encryption.decrypt(CCString12, nonceValue);
682
+ }
683
+ if (CCString12b != '') {
684
+ var decrypted12b = encryption.decrypt(CCString12b, nonceValue);
685
+ }
686
+ if (CCString13 != '') {
687
+ var decrypted13 = encryption.decrypt(CCString13, nonceValue);
688
+ }
689
+ if (CCString14 != '') {
690
+ var decrypted14 = encryption.decrypt(CCString14, nonceValue);
691
+ }
692
+ //console.log(decrypted);
693
+
694
+ if (CCString1 != '') {
695
+ document.getElementById("crypt1").value = decrypted1;
696
+ }
697
+ if (CCString2 != '') {
698
+ document.getElementById("crypt2").value = decrypted2;
699
+ }
700
+ if (CCString3 != '') {
701
+ document.getElementById("crypt3").value = decrypted3;
702
+ }
703
+ if (CCString4 != '') {
704
+ document.getElementById("crypt4").value = decrypted4;
705
+ }
706
+ if (CCString5 != '') {
707
+ document.getElementById("crypt5").value = decrypted5;
708
+ }
709
+ if (CCString6 != '') {
710
+ document.getElementById("crypt6").value = decrypted6;
711
+ }
712
+ if (CCString7 != '') {
713
+ document.getElementById("crypt7").value = decrypted7;
714
+ }
715
+ if (CCString8 != '') {
716
+ document.getElementById("crypt8").value = decrypted8;
717
+ }
718
+ if (CCString9 != '') {
719
+ document.getElementById("crypt9").value = decrypted9;
720
+ }
721
+ if (CCString10 != '') {
722
+ document.getElementById("crypt10").value = decrypted10;
723
+ }
724
+ if (CCString11 != '') {
725
+ document.getElementById("crypt11").value = decrypted11;
726
+ }
727
+ if (CCString12 != '') {
728
+ document.getElementById("crypt12").value = decrypted12;
729
+ }
730
+ if (CCString12b != '') {
731
+ document.getElementById("crypt12b").value = decrypted12b;
732
+ }
733
+ if (CCString13 != '') {
734
+ document.getElementById("crypt13").value = decrypted13;
735
+ }
736
+ if (CCString14 != '') {
737
+ document.getElementById("crypt14").value = decrypted14;
738
+ }
739
+ }
740
  /* ]]> */
741
  </script>
742
 
752
  <h3><?php _e('wp-admin htaccess File Custom Code', 'bulletproof-security'); ?></h3>
753
  <div id="cc-accordion-inner">
754
 
755
+ <button onclick="bpsWpadminCCEncrypt()" class="button bps-button"><?php esc_attr_e('Encrypt Custom Code', 'bulletproof-security'); ?></button>
756
+ <button onclick="bpsWpadminCCDecrypt()" class="button bps-button"><?php esc_attr_e('Decrypt Custom Code', 'bulletproof-security'); ?></button>
757
+
758
  <table width="100%" border="0" cellspacing="0" cellpadding="10" class="bps-help_faq_table">
759
  <tr>
760
  <td colspan="2" class="bps-table_title"></td>
771
 
772
  <strong><label for="bps-CCode"><?php echo number_format_i18n( 1 ).'. '; _e('CUSTOM CODE WPADMIN DENY BROWSER ACCESS TO FILES:<br>Add additional wp-admin files that you would like to block here', 'bulletproof-security'); ?> </label></strong><br />
773
  <strong><?php $text = '<font color="#2ea2cc">'.__('You MUST copy and paste the entire WPADMIN DENY BROWSER ACCESS TO FILES section of code from your wp-admin .htaccess file into this text box first. You can then edit and modify the code in this text window and save your changes. Add one pound sign # below to prevent the WPADMIN DENY BROWSER ACCESS TO FILES section of code from being created in your wp-admin .htaccess file', 'bulletproof-security').'</font>'; echo $text; ?></strong><br />
774
+ <textarea id="crypt15" class="bps-text-area-custom-code" name="bps_customcode_deny_files_wpa" tabindex="1"><?php echo $CC_Options_wpadmin['bps_customcode_deny_files_wpa']; ?></textarea>
775
  </td>
776
  <td class="bps-table_cell_help_custom_code" style="padding-top:105px;"><span style="color:#2ea2cc;font-weight:bold;">Example Code: Click the Read Me help button for wp-admin Custom Code Setup Steps. This example code is a visual reference to show you which wp-admin htaccess file code goes in the CUSTOM CODE WPADMIN DENY BROWSER ACCESS TO FILES text box. Go to the htaccess File Editor tab page and copy your actual WPADMIN DENY BROWSER ACCESS TO FILES wp-admin htaccess file code and paste it into the CUSTOM CODE text box to the left.</span>
777
 
792
  <td class="bps-table_cell_help_custom_code">
793
  <strong><label for="bps-CCode"><?php echo number_format_i18n( 2 ).'. '; _e('CUSTOM CODE WPADMIN TOP:<br>wp-admin password protection & miscellaneous custom code here', 'bulletproof-security'); ?> </label></strong><br />
794
  <strong><?php $text = '<font color="#2ea2cc">'.__('ONLY add valid htaccess code below or text commented out with a pound sign #', 'bulletproof-security').'</font>'; echo $text; ?></strong><br />
795
+ <textarea id="crypt16" class="bps-text-area-custom-code" name="bps_customcode_one_wpa" tabindex="2"><?php echo $CC_Options_wpadmin['bps_customcode_one_wpa']; ?></textarea>
796
  </td>
797
  <td class="bps-table_cell_help_custom_code" style="padding-top:60px;"><span style="color:#2ea2cc;font-weight:bold;">Example Code: Click the Read Me help button for wp-admin Custom Code Setup Steps. This example code is a visual reference to show you where your wp-admin custom htaccess code will be created in your wp-admin htaccess file. If you have custom wp-admin htaccess code, copy and paste it into the CUSTOM CODE WPADMIN TOP text box to the left.</span><pre># BEGIN OPTIONAL WP-ADMIN ADDITIONAL SECURITY MEASURES:<br /><br /># BEGIN CUSTOM CODE WPADMIN TOP<br /># Use BPS wp-admin Custom Code to modify/edit/change this code and to save it permanently.<br /><div style="background-color:#FFFF00;padding:3px;"># CCWTOP - Your custom code will be created here when you activate wp-admin BulletProof Mode</div># END CUSTOM CODE WPADMIN TOP</pre></td>
798
  </tr>
800
  <td class="bps-table_cell_help_custom_code">
801
  <strong><label for="bps-CCode"><?php echo number_format_i18n( 3 ).'. '; _e('CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES:<br>Add wp-admin plugin/file skip rules code here', 'bulletproof-security'); ?> </label></strong><br />
802
  <strong><?php $text = '<font color="#2ea2cc">'.__('ONLY add valid htaccess code below or text commented out with a pound sign #', 'bulletproof-security').'</font>'; echo $text; ?></strong><br />
803
+ <textarea id="crypt17" class="bps-text-area-custom-code" name="bps_customcode_two_wpa" tabindex="3"><?php echo $CC_Options_wpadmin['bps_customcode_two_wpa']; ?></textarea>
804
  </td>
805
  <td class="bps-table_cell_help_custom_code" style="padding-top:60px;"><span style="color:#2ea2cc;font-weight:bold;">Example Code: Click the Read Me help button for wp-admin Custom Code Setup Steps. This example code is a visual reference to show you where your wp-admin plugin/file skip rules code will be created in your wp-admin htaccess file. If you have wp-admin plugin/file skip rules code, copy and paste it into the CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES text box to the left.</span><pre># BEGIN CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES<br /># To add wp-admin plugin skip/bypass rules use BPS wp-admin Custom Code.<br /># If a plugin is calling a wp-admin file in a way that it is being blocked/forbidden<br />...<br />...<br /><div style="background-color:#FFFF00;padding:3px;"># CCWPF - Your custom code will be created here when you activate wp-admin BulletProof Mode</div># END CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES</pre></td>
806
  </tr>
808
  <td class="bps-table_cell_help_custom_code">
809
  <strong><label for="bps-CCode"><?php echo number_format_i18n( 4 ).'. '; _e('CUSTOM CODE BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS:<br>Modify Query String Exploit code here', 'bulletproof-security'); ?> </label></strong><br />
810
  <strong><?php $text = '<font color="#2ea2cc">'.__('You MUST copy and paste the entire BPS QUERY STRING EXPLOITS section of code from your wp-admin .htaccess file from # BEGIN BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS to # END BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS into this text box first. You can then edit and modify the code in this text window and save your changes.', 'bulletproof-security').'</font>'; echo $text; ?></strong><br />
811
+ <textarea id="crypt18" class="bps-text-area-custom-code" name="bps_customcode_bpsqse_wpa" tabindex="4"><?php echo $CC_Options_wpadmin['bps_customcode_bpsqse_wpa']; ?></textarea>
812
  </td>
813
  <td class="bps-table_cell_help_custom_code" style="padding-top:105px;"><span style="color:#2ea2cc;font-weight:bold;">Example Code: Click the Read Me help button for wp-admin Custom Code Setup Steps. This example code is a visual reference to show you which wp-admin htaccess file code goes in the CUSTOM CODE BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS text box. Go to the htaccess File Editor tab page and copy your actual BPS QUERY STRING EXPLOITS AND FILTERS wp-admin htaccess file code and paste it into the CUSTOM CODE text box to the left.</span><pre># BEGIN BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS<br /># WORDPRESS WILL BREAK IF ALL THE BPSQSE FILTERS ARE DELETED<br /># Use BPS wp-admin Custom Code to modify/edit/change this code and to save it permanently.<br />RewriteCond %{HTTP_USER_AGENT} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]<br />.....<br />.....<br />RewriteCond %{QUERY_STRING} (sp_executesql) [NC]<br />RewriteRule ^(.*)$ - [F]<br /># END BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS</pre></td>
814
  </tr>
815
  <tr>
816
  <td class="bps-table_cell_help_custom_code">
817
 
818
+ <?php echo '<label for="bps-mscan-label" style="">'.__('If you are unable to save Custom Code and/or see an error message when trying to save Custom Code, click the Encrypt Custom Code button first and then click the Save wp-admin Custom Code button. Mouse over the question mark image to the right for help info.', 'bulletproof-security').'</label><strong><font color="black"><span class="tooltip-350-225"><img src="'.plugins_url('/bulletproof-security/admin/images/question-mark.png').'" style="position:relative;top:3px;left:5px;" /><span>'.__('If your web host currently has ModSecurity installed or installs ModSecurity at a later time then ModSecurity will prevent you from saving your custom htaccess code unless you encrypt it first by clicking the Encrypt Custom Code button.', 'bulletproof-security').'<br><br>'.__('If you click the Encrypt Custom Code button, but then want to add or edit additional custom code click the Decrypt Custom Code button. After you are done adding or editing custom code click the Encrypt Custom Code button before clicking the Save wp-admin Custom Code button.', 'bulletproof-security').'<br><br>'.__('Additional Encrypt and Decrypt buttons have been added at the top of the wp-admin Custom Code Form.', 'bulletproof-security').'<br><br>'.__('Click the Custom Code Read Me help button for more help info.', 'bulletproof-security').'</span></span></font></strong><br><br>'; ?>
819
+
820
  <input type="hidden" name="scrolltoCCodeWPA" value="<?php echo esc_html( $scrolltoCCodeWPA ); ?>" />
821
+ <input type="submit" name="bps_customcode_submit_wpa" value="<?php esc_attr_e('Save wp-admin Custom Code', 'bulletproof-security') ?>" class="button bps-button" onclick="return confirm('<?php $text = __('IMPORTANT!!! Did you remember to click the Encrypt Custom Code button first before saving your wp-admin Custom Code?', 'bulletproof-security').'\n\n'.$bpsSpacePop.'\n\n'.__('Click OK to save your wp-admin Custom Code or click Cancel.', 'bulletproof-security'); echo $text; ?>')" />
822
  </form>
823
 
824
+ <button onclick="bpsWpadminCCEncrypt()" class="button bps-button"><?php esc_attr_e('Encrypt Custom Code', 'bulletproof-security'); ?></button>
825
+ <button onclick="bpsWpadminCCDecrypt()" class="button bps-button"><?php esc_attr_e('Decrypt Custom Code', 'bulletproof-security'); ?></button>
826
+
827
  </td>
828
  <td class="bps-table_cell_help_custom_code">&nbsp;</td>
829
  </tr>
839
  $('#bpsCustomCodeFormWPA').submit(function(){ $('#scrolltoCCodeWPA').val( $('#bps_customcode_deny_files_wpa').scrollTop() ); });
840
  $('#bps_customcode_deny_files_wpa').scrollTop( $('#scrolltoCCodeWPA').val() );
841
  });
842
+
843
+ function bpsWpadminCCEncrypt() {
844
+
845
+ var nonceValue = '<?php echo $bps_nonceValue; ?>';
846
+
847
+ var CCString1 = document.getElementById("crypt15").value;
848
+ var CCString2 = document.getElementById("crypt16").value;
849
+ var CCString3 = document.getElementById("crypt17").value;
850
+ var CCString4 = document.getElementById("crypt18").value;
851
+
852
+ // Prevent Double, Triple, etc. encryption
853
+ // The includes() method is not supported in IE 11 (and earlier versions)
854
+ var NoEncrypt1 = CCString1.includes("eyJjaXBoZXJ0ZXh0Ijoi");
855
+ //console.log(NoEncrypt1);
856
+ var NoEncrypt2 = CCString2.includes("eyJjaXBoZXJ0ZXh0Ijoi");
857
+ //console.log(NoEncrypt2);
858
+ var NoEncrypt3 = CCString3.includes("eyJjaXBoZXJ0ZXh0Ijoi");
859
+ //console.log(NoEncrypt3);
860
+ var NoEncrypt4 = CCString4.includes("eyJjaXBoZXJ0ZXh0Ijoi");
861
+ //console.log(NoEncrypt4);
862
+
863
+ let encryption = new bpsProJSEncryption();
864
+
865
+ if (CCString1 != '' && NoEncrypt1 === false) {
866
+ var encrypted1 = encryption.encrypt(CCString1, nonceValue);
867
+ }
868
+ if (CCString2 != '' && NoEncrypt2 === false) {
869
+ var encrypted2 = encryption.encrypt(CCString2, nonceValue);
870
+ }
871
+ if (CCString3 != '' && NoEncrypt3 === false) {
872
+ var encrypted3 = encryption.encrypt(CCString3, nonceValue);
873
+ }
874
+ if (CCString4 != '' && NoEncrypt4 === false) {
875
+ var encrypted4 = encryption.encrypt(CCString4, nonceValue);
876
+ }
877
+ //console.log(encrypted);
878
+
879
+ if (CCString1 != '' && NoEncrypt1 === false) {
880
+ document.getElementById("crypt15").value = encrypted1;
881
+ }
882
+ if (CCString2 != '' && NoEncrypt2 === false) {
883
+ document.getElementById("crypt16").value = encrypted2;
884
+ }
885
+ if (CCString3 != '' && NoEncrypt3 === false) {
886
+ document.getElementById("crypt17").value = encrypted3;
887
+ }
888
+ if (CCString4 != '' && NoEncrypt4 === false) {
889
+ document.getElementById("crypt18").value = encrypted4;
890
+ }
891
+ }
892
+
893
+ function bpsWpadminCCDecrypt() {
894
+
895
+ var nonceValue = '<?php echo $bps_nonceValue; ?>';
896
+
897
+ var CCString1 = document.getElementById("crypt15").value;
898
+ var CCString2 = document.getElementById("crypt16").value;
899
+ var CCString3 = document.getElementById("crypt17").value;
900
+ var CCString4 = document.getElementById("crypt18").value;
901
+
902
+ let encryption = new bpsProJSEncryption();
903
+
904
+ if (CCString1 != '') {
905
+ var decrypted1 = encryption.decrypt(CCString1, nonceValue);
906
+ }
907
+ if (CCString2 != '') {
908
+ var decrypted2 = encryption.decrypt(CCString2, nonceValue);
909
+ }
910
+ if (CCString3 != '') {
911
+ var decrypted3 = encryption.decrypt(CCString3, nonceValue);
912
+ }
913
+ if (CCString4 != '') {
914
+ var decrypted4 = encryption.decrypt(CCString4, nonceValue);
915
+ }
916
+ //console.log(decrypted);
917
+
918
+ if (CCString1 != '') {
919
+ document.getElementById("crypt15").value = decrypted1;
920
+ }
921
+ if (CCString2 != '') {
922
+ document.getElementById("crypt16").value = decrypted2;
923
+ }
924
+ if (CCString3 != '') {
925
+ document.getElementById("crypt17").value = decrypted3;
926
+ }
927
+ if (CCString4 != '') {
928
+ document.getElementById("crypt18").value = decrypted4;
929
+ }
930
+ }
931
  /* ]]> */
932
  </script>
933
 
admin/core/core-help-text.php CHANGED
@@ -27,7 +27,7 @@ if ( ! current_user_can('manage_options') ) {
27
  $bps_backup_restore_content = __('The Backup and Restore tools can be used to quickly backup and restore the root and wp-admin htaccess files. Example usage: You are testing some code and want to save copies of your working root and wp-admin htaccess files so that you can quickly restore them. It is not necessary to create backups of the root and wp-admin htaccess files. These tools should just be used as stated above.', 'bulletproof-security').'<br><br><strong>'.__('Note:', 'bulletproof-security').'</strong><br>'.__('Typically if invalid/bad htaccess code is added in an htaccess file then most likely your site will crash. The quick and simple solution if your website crashes is to use FTP or your web host control panel file manager and delete the htaccess file that has the invalid/bad htaccess code in it so you can log back into your site and correct or delete the invalid/bad htaccess code. So using Backup & Restore will not work in a scenario where invalid/bad htaccess code has caused your website to crash.','bulletproof-security').'<br><br><strong>'.__('Tip:', 'bulletproof-security').'</strong><br>'.__('A more practical method of temporarily testing new htaccess code is to use the htaccess File Editor. Example: You add your new htaccess code using the htaccess File Editor, save it and activate BulletProof Mode instead of using these Backup & Restore options. Or you can use Custom Code. Example: You add your new htaccess code using BPS Custom Code, save it and activate BulletProof Mode.', 'bulletproof-security').'<br><br><strong>'.__('Reminder:', 'bulletproof-security').'</strong><br>'.__('Any htaccess code that you add using the htaccess File Editor is not saved permanently. To save any new htaccess code permanently use BPS Custom Code.', 'bulletproof-security').'<br><br><strong>'.__('BPS Video Tutorial links can be found in the Help & FAQ pages.', 'bulletproof-security').'</strong>';
28
 
29
  /** htaccess File Editing **/
30
- $bps_hfe_content = '<strong>'.__('This Read Me Help window is draggable (top) and resizable (bottom right corner)', 'bulletproof-security').'</strong><br><br><strong>'.__('The File Editor is designed to open all of your htaccess files simultaneously and allow you to copy and paste from one window (file) to another window (file), BUT you can ONLY save your edits for one file at a time. Whichever file you currently have opened (the tab that you are currently viewing) when you click the Update File button is the file that will be updated/saved.', 'bulletproof-security').'</strong><br><br><strong>'.__('Important Notes: ', 'bulletproof-security').'</strong><br>'.__('You can edit all of your htaccess files directly using the htaccess File Editor, but to save your edits permanently for the "Your Current Root htaccess File" tab, which is your Root htaccess file and the "Your Current wp-admin htaccess File" tab, which is your wp-admin folder htaccess file, use BPS Custom Code to save your editing changes permanently.', 'bulletproof-security').'<br><br><font color="blue"><strong>'.__('default.htaccess File Exception: ', 'bulletproof-security').'</strong></font>'.__('You can create a Custom default.htaccess file that will be saved permanently by editing the default.htaccess file using the htaccess File Editor. Your Custom default.htaccess file will be saved permanently to this folder: /bps-backup/master-backups/default.htaccess. If you have created a Custom default.htaccess file then it will be automatically copied from the /bps-backup/master-backups/ folder during a BPS plugin upgrade and will replace the default BPS default.htaccess Master file.', 'bulletproof-security').'<br><br>'.__('The secure.htaccess (Root htaccess Master htaccess file), default.htaccess (Default WP Master htaccess file) and wpadmin-secure.htaccess (wp-admin folder Master htaccess file) tabs are Master htaccess files that will be replaced when you upgrade BPS. You can edit these files directly, but these files will not be saved permanently, with the exception of the default.htaccess file - See the ', 'bulletproof-security').'<font color="blue"><strong>'.__('default.htaccess File Exception', 'bulletproof-security').'</strong></font>'.__(' help information above.', 'bulletproof-security').'<br><br><strong>'.__('Lock|Unlock .htaccess Files', 'bulletproof-security').'</strong><br>'.__('If your Server API is using CGI then you will see Lock and Unlock buttons to lock your Root htaccess file with 404 Permissions and unlock your root htaccess file with 644 Permissions. If your Server API is using CLI - DSO/Apache/mod_php then you will not see lock and unlock buttons. 644 Permissions are required to write to/edit the root htaccess file. Once you are done editing your root htaccess file use the lock button to lock it with 404 Permissions. 644 Permissions for DSO are considered secure for DSO because of the different way that file security is handled with DSO.', 'bulletproof-security').'<br><br>'.__('If your Root htaccess file is locked and you try to save your editing changes you will see a pop message that your Root htaccess file is locked. You will need to unlock your Root htaccess file before you can save your changes.', 'bulletproof-security').'<br><br><strong>'.__('Turn On AutoLock|Turn Off AutoLock', 'bulletproof-security').'</strong><br>'.__('AutoLock is designed to automatically lock your root .htaccess file to save you an additional step of locking your root .htaccess file when performing certain actions, tasks or functions and AutoLock also automatically locks your root .htaccess during BPS Pro upgrades. This can be a problem for some folks whose Web Hosts do not allow locking the root .htaccess file with 404 file permissions and can cause 403 errors and/or cause a website to crash. For 99.99% of folks leaving AutoLock turned On will work fine. If your Web Host ONLY allows 644 file permissions for your root .htaccess file then click the Turn Off AutoLock button. This turns Off AutoLocking for all BPS actions, tasks, functions and also for BPS Pro upgrades.', 'bulletproof-security').'<br><br><strong>'.__('BPS Video Tutorial links can be found in the Help & FAQ pages.','bulletproof-security').'</strong>';
31
 
32
  /** Custom Code - Network/Multisite specific **/
33
  if ( is_multisite() ) {
@@ -37,6 +37,6 @@ if ( ! current_user_can('manage_options') ) {
37
  }
38
 
39
  /** Custom Code **/
40
- $bps_customcode_content = '<strong>'.__('Reset|Recheck Dismiss Notices:', 'bulletproof-security').'</strong><br>'.__('Clicking this button resets ALL Dismiss Notices such as Bonus Code Dismiss Notices and ALL other Dismiss Notices. If you previously dismissed a Dismiss Notice and want to display it again at a later time click this button.', 'bulletproof-security').'<br><br><strong>'.__('Export Tool', 'bulletproof-security').'</strong><br>'.__('The Custom Code Export tool exports (copies) all of your Root and wp-admin custom htaccess code into the cc-master.zip file, which you can then download to your computer by clicking the Download Zip Export button displayed in the Custom Code Export success message. You can unzip the cc-master.zip file on your computer to extract the cc-master.txt file for editing - see the Import Tool help info below.', 'bulletproof-security').'<br><br><strong>'.__('Import Tool', 'bulletproof-security').'</strong><br>'.__('The Custom Code Import tool imports all of your Root and wp-admin Custom Code from the cc-master.zip file on your computer into the Custom Code text boxes and saves your imported custom htaccess code to your WordPress Database. You can unzip the cc-master.zip file on your computer to extract the cc-master.txt file for editing to add/change any custom htaccess code in the cc-master.txt file. Do NOT delete any of the BEGIN and END placeholder lines of code in the cc-master.txt file. You can add/edit/change any code in-between the BEGIN and END lines of code. After editing the cc-master.txt file you will need to zip the cc-master.txt file in order to be able to import the cc-master.zip file using the Custom Code Import tool. The zip file MUST be named cc-master.zip in order to be able to Import it to BPS Custom Code. Important Note: Use Notepad, Notepad++ or another ASCII text editor to edit the cc-master.txt file. Do NOT use Word or WordPad to edit the cc-master.txt file.', 'bulletproof-security').'<br><br><strong>'.__('Delete Tool', 'bulletproof-security').'</strong><br>'.__('The Custom Code Delete tool deletes all of your Root and wp-admin Custom Code from all of the Custom Code text boxes and your WordPress Database. The Delete tool can be used for troubleshooting possible invalid/bad custom htaccess code issues/problems or simply just to delete all custom htaccess code in all of the Custom Code text boxes.', 'bulletproof-security').'<br><br><strong>'.__('Custom Code General Help Information', 'bulletproof-security').'</strong><br>'.__('ONLY add valid htaccess code into these text areas/text boxes. If you want to add regular text instead of .htaccess code then you will need to add a pound sign # in front of the text to comment it out. If you do not do this then the next time you activate BulletProof Mode for your Root folder or your wp-admin folder your website WILL crash.', 'bulletproof-security').'<br><br>'.__('For Custom Code text boxes the require that you copy the entire section of code that you want to edit and modify you will see this blue help text - ', 'bulletproof-security').'<strong><font color="blue">'.__('"You MUST copy and paste the entire xxxxx section of code from your root .htaccess file into this text box first. You can then edit and modify the code in this text window and save your changes."', 'bulletproof-security').'</font></strong><br><br><strong>'.__('If you do not copy the entire section of code into a text box that requires this then the next time activate BulletProof Mode for your Root folder or your wp-admin folder your website WILL crash.', 'bulletproof-security').'</strong><br><br><strong>'.__('If your website crashes after adding custom code: Use FTP or use your web host control panel file manager and delete the root .htaccess file or the wp-admin file or both files if necessary. Log back into your website and correct/fix the invalid/incorrect custom htaccess code that was added in any of the Custom Code text boxes, save your changes, go to the Security Modes page and click the Activate button for the Root or wp-admin Folder BulletProof Mode or both if necessary.', 'bulletproof-security').'</strong><br><br><strong>'.__('Your Custom Code is saved permanently until you delete it and will not be removed or deleted when you upgrade BPS.','bulletproof-security').'</strong><br><br><strong>'.__('Root htaccess File Custom Code Setup Steps', 'bulletproof-security').'</strong><br>'.__('1. Add your custom code in the appropriate Root Custom Code text box.', 'bulletproof-security').'<br>'.__('2. Click the Save Root Custom Code button to save your Root custom code.', 'bulletproof-security').'<br>'.__('3. Go to the Security Modes page and click the Root Folder BulletProof Mode Activate button.', 'bulletproof-security').'<br><br><strong>'.__('CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE:', 'bulletproof-security').'<br>'.__('Add php/php.ini handler code, cache code and/or Speed Boost Cache Code here', 'bulletproof-security').'</strong><br>'.__('ONLY add valid php/php.ini handler htaccess code and/or cache htaccess code or text commented out with a pound sign #.','bulletproof-security').'<br><br><strong>'.__('CUSTOM CODE TURN OFF YOUR SERVER SIGNATURE:', 'bulletproof-security').'</strong><br>'.__('You MUST copy and paste the entire TURN OFF YOUR SERVER SIGNATURE section of code from your root .htaccess file into this text box first. You can then edit and modify the code in this text window and save your changes.','bulletproof-security').'<br><br><strong>'.__('CUSTOM CODE DO NOT SHOW DIRECTORY LISTING/DIRECTORY INDEX:','bulletproof-security').'</strong><br>'.__('You MUST copy and paste the entire DO NOT SHOW DIRECTORY LISTING and DIRECTORY INDEX sections of code from your root .htaccess file into this text box first. You can then edit and modify the code in this text window and save your changes.','bulletproof-security').'<br><br><strong>'.__('CUSTOM CODE BRUTE FORCE LOGIN PAGE PROTECTION:','bulletproof-security').'</strong><br>'.__('This Custom Code text box is for optional/Bonus code. To get this code see the Forum Help Links at the top of this Read Me help window. CAUTION! This code has a 95%/5% success/fail ratio meaning that this code will not work on 5% of websites. If you see a 403 error when logging out and logging into your website then you cannot use this code on your website and will need to delete this code to correct the 403 error when logging out and logging into your website.','bulletproof-security').'<br><br><strong>'.__('CUSTOM CODE ERROR LOGGING AND TRACKING:','bulletproof-security').'</strong><br>'.__('You MUST copy and paste the entire ERROR LOGGING AND TRACKING section of code from your root .htaccess file into this text box first. You can then edit and modify the code in this text window and save your changes.','bulletproof-security').'<br><br><strong>'.__('CUSTOM CODE DENY ACCESS TO PROTECTED SERVER FILES AND FOLDERS:', 'bulletproof-security').'</strong><br>'.__('You MUST copy and paste the entire DENY ACCESS TO PROTECTED SERVER FILES AND FOLDERS section of code from your root .htaccess file into this text box first. You can then edit and modify the code in this text window and save your changes.', 'bulletproof-security').'<br><br><strong>'.__('CUSTOM CODE WP-ADMIN/INCLUDES: DO NOT add wp-admin .htaccess file code here', 'bulletproof-security').'</strong><br>'.__('Add one pound sign # in this text box to prevent the WP-ADMIN/INCLUDES section of code from being created in your root .htaccess file.','bulletproof-security').'<br><br><strong>'.__('CUSTOM CODE WP REWRITE LOOP START: Add www to non-www/non-www to www code here', 'bulletproof-security').'</strong><br>'.__('You MUST copy and paste the entire WP REWRITE LOOP START section of code from your root .htaccess file into this text box first. You can then edit and modify the code in this text window and save your changes.','bulletproof-security').'<br><br><strong>'.__('CUSTOM CODE REQUEST METHODS FILTERED: Whitelist User Agents and allow HEAD Requests', 'bulletproof-security').'</strong><br>'.__('You MUST copy and paste the entire REQUEST METHODS FILTERED section of code from your root .htaccess file into this text box first. You can then edit and modify the code in this text window and save your changes. If you see this code: ','bulletproof-security').'RewriteRule ^(.*)$ - [R=405,L]'.__('. To Allow HEAD Requests, comment out these 2 lines of code with # signs: ', 'bulletproof-security').'#RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC] and #RewriteRule ^(.*)$ - [R=405,L].'.__(' If you see this code: ','bulletproof-security').'RewriteRule ^(.*)$ /wp-content/plugins/bulletproof-security/405.php [L]'.__('. To Allow HEAD Requests, comment out these 2 lines of code with # signs: ', 'bulletproof-security').'#RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC] and #RewriteRule ^(.*)$ /wp-content/plugins/bulletproof-security/405.php [L].<br><br><strong>'.__('CUSTOM CODE PLUGIN/THEME SKIP/BYPASS RULES:','bulletproof-security').'</strong><br>'.__('ONLY add valid htaccess code or text commented out with a pound sign #. This text area is for plugin fixes that are specific to your website. BPS already has some plugin skip/bypass rules included in the Root htaccess file by default. Adding additional plugin skip/bypass rules for your plugins on your website goes in this text box. There are 12 default skip rules in the standard BPS root htaccess file already. Skip rules MUST be in descending consecutive number order: 15, 14, 13... If you add one plugin skip/bypass rule in this text box it should be skip rule #13. For each additional plugin skip rule that you add the S= skip number is increased by one. Example: if you add 3 plugin skip rules in this text box they would be Skip rules #15, #14 and #13 - RewriteRule . - [S=15] and RewriteRule . - [S=14] and RewriteRule . - [S=13] in descending consecutive order', 'bulletproof-security').'<br><br><strong>'.__('CUSTOM CODE TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE:','bulletproof-security').'</strong><br>'.__('You MUST copy and paste the entire TIMTHUMB FORBID RFI section of code from your root .htaccess file into this text box first. You can then edit and modify the code in this text window and save your changes.','bulletproof-security').'<br><br><strong>'.__('CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS:','bulletproof-security').'</strong><br>'.__('You MUST copy and paste the entire BPSQSE QUERY STRING EXPLOITS section of code from your root .htaccess file from # BEGIN BPSQSE BPS QUERY STRING EXPLOITS to # END BPSQSE BPS QUERY STRING EXPLOITS into this text box first. You can then edit and modify the code in this text window and save your changes.', 'bulletproof-security').$network_cc_help.'<br><br><strong>'.__('CUSTOM CODE DENY BROWSER ACCESS TO THESE FILES:','bulletproof-security').'</strong><br>'.__('You MUST copy and paste the entire DENY BROWSER ACCESS section of code from your root .htaccess file into this text box first. You can then edit and modify the code in this text window and save your changes.', 'bulletproof-security').'<br><br><strong>'.__('CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE: Add miscellaneous code here','bulletproof-security').'</strong><br>'.__('This Custom Code text box is for any/all personal custom code that you have created or want to use that is not standard BPS htaccess code. ONLY add valid htaccess code below or text commented out with a pound sign # You can save any miscellaneous custom htaccess code here as long as it is valid htaccess code or if it is just plain text then you will need to comment it out with a pound sign # in front of the text.', 'bulletproof-security').'<br><br><strong>'.__('wp-admin htaccess File Custom Code Steps','bulletproof-security').'</strong><br>'.__('1. Add your custom code in the appropriate wp-admin Custom Code text box.', 'bulletproof-security').'<br>'.__('2. Click the Save wp-admin Custom Code button to save your wp-admin custom code.', 'bulletproof-security').'<br>'.__('3. Go to the Security Modes page and click the wp-admin Folder BulletProof Mode Activate button.', 'bulletproof-security').'<br><br><strong>'.__('CUSTOM CODE BPS WPADMIN DENY ACCESS TO FILES:','bulletproof-security').'<br>'.__('Add additional wp-admin files that you would like to block here','bulletproof-security').'</strong><br>'.__('You MUST copy and paste the entire WPADMIN DENY BROWSER ACCESS TO FILES section of code from your wp-admin .htaccess file into this text box first. You can then edit and modify the code in this text window and save your changes. Add one pound sign # below to prevent the WPADMIN DENY BROWSER ACCESS TO FILES section of code from being created in your wp-admin .htaccess file.', 'bulletproof-security').'<br><br><strong>'.__('CUSTOM CODE WPADMIN TOP:','bulletproof-security').'<br>'.__('Add wp-admin password protection, IP whitelist allow access & miscellaneous custom code here','bulletproof-security').'</strong><br>'.__('ONLY add valid htaccess code below or text commented out with a pound sign # You can save any miscellaneous custom htaccess code here as long as it is valid htaccess code or if it is just plain text then you will need to comment it out with a pound sign # in front of the text.','bulletproof-security').'<br><br><strong>'.__('CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES:','bulletproof-security').'<br>'.__('Add wp-admin plugin/file skip rules code here','bulletproof-security').'</strong><br>'.__('ONLY add valid htaccess code below or text commented out with a pound sign #. There is currently one default skip rule [S=1] in the standard BPS wp-admin htaccess file already. Skip rules MUST be in descending consecutive number order: 4, 3, 2... If you add one plugin skip/bypass rule in this text box it will be skip rule #2. For each additional plugin skip rule that you add the S= skip number is increased by one. Example: if you add 3 plugin skip rules in this text box they would be Skip rules #4, #3 and #2 - RewriteRule . - [S=4] and RewriteRule . - [S=3] and RewriteRule . - [S=2] in descending consecutive order.','bulletproof-security').'<br><br><strong>'.__('CUSTOM CODE BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS:','bulletproof-security').'<br>'.__('Modify wp-admin Query String Exploit code here','bulletproof-security').'</strong><br>'.__('You MUST copy and paste the entire BPS QUERY STRING EXPLOITS section of code from your wp-admin .htaccess file from # BEGIN BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS to # END BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS into this text box first. You can then edit and modify the code in this text window and save your changes.','bulletproof-security').'<br><br><strong>'.__('BPS Video Tutorial links can be found in the Help & FAQ pages.','bulletproof-security').'</strong>';
41
 
42
  ?>
27
  $bps_backup_restore_content = __('The Backup and Restore tools can be used to quickly backup and restore the root and wp-admin htaccess files. Example usage: You are testing some code and want to save copies of your working root and wp-admin htaccess files so that you can quickly restore them. It is not necessary to create backups of the root and wp-admin htaccess files. These tools should just be used as stated above.', 'bulletproof-security').'<br><br><strong>'.__('Note:', 'bulletproof-security').'</strong><br>'.__('Typically if invalid/bad htaccess code is added in an htaccess file then most likely your site will crash. The quick and simple solution if your website crashes is to use FTP or your web host control panel file manager and delete the htaccess file that has the invalid/bad htaccess code in it so you can log back into your site and correct or delete the invalid/bad htaccess code. So using Backup & Restore will not work in a scenario where invalid/bad htaccess code has caused your website to crash.','bulletproof-security').'<br><br><strong>'.__('Tip:', 'bulletproof-security').'</strong><br>'.__('A more practical method of temporarily testing new htaccess code is to use the htaccess File Editor. Example: You add your new htaccess code using the htaccess File Editor, save it and activate BulletProof Mode instead of using these Backup & Restore options. Or you can use Custom Code. Example: You add your new htaccess code using BPS Custom Code, save it and activate BulletProof Mode.', 'bulletproof-security').'<br><br><strong>'.__('Reminder:', 'bulletproof-security').'</strong><br>'.__('Any htaccess code that you add using the htaccess File Editor is not saved permanently. To save any new htaccess code permanently use BPS Custom Code.', 'bulletproof-security').'<br><br><strong>'.__('BPS Video Tutorial links can be found in the Help & FAQ pages.', 'bulletproof-security').'</strong>';
28
 
29
  /** htaccess File Editing **/
30
+ $bps_hfe_content = '<strong>'.__('This Read Me Help window is draggable (top) and resizable (bottom right corner)', 'bulletproof-security').'</strong><br><br><strong>'.__('The File Editor is designed to open all of your htaccess files simultaneously and allow you to copy and paste from one window (file) to another window (file), BUT you can ONLY save your edits for one file at a time. Whichever file you currently have opened (the tab that you are currently viewing) when you click the Update File button is the file that will be updated/saved.', 'bulletproof-security').'</strong><br><br><strong>'.__('Important Notes: ', 'bulletproof-security').'</strong><br>'.__('You can edit all of your htaccess files directly using the htaccess File Editor, but to save your edits permanently for the "Your Current Root htaccess File" tab, which is your Root htaccess file and the "Your Current wp-admin htaccess File" tab, which is your wp-admin folder htaccess file, use BPS Custom Code to save your editing changes permanently.', 'bulletproof-security').'<br><br><font color="blue"><strong>'.__('default.htaccess File Exception: ', 'bulletproof-security').'</strong></font>'.__('You can create a Custom default.htaccess file that will be saved permanently by editing the default.htaccess file using the htaccess File Editor. Your Custom default.htaccess file will be saved permanently to this folder: /bps-backup/master-backups/default.htaccess. If you have created a Custom default.htaccess file then it will be automatically copied from the /bps-backup/master-backups/ folder during a BPS plugin upgrade and will replace the default BPS default.htaccess Master file.', 'bulletproof-security').'<br><br>'.__('The secure.htaccess (Root htaccess Master htaccess file), default.htaccess (Default WP Master htaccess file) and wpadmin-secure.htaccess (wp-admin folder Master htaccess file) tabs are Master htaccess files that will be replaced when you upgrade BPS. You can edit these files directly, but these files will not be saved permanently, with the exception of the default.htaccess file - See the ', 'bulletproof-security').'<font color="blue"><strong>'.__('default.htaccess File Exception', 'bulletproof-security').'</strong></font>'.__(' help information above.', 'bulletproof-security').'<br><br><strong>'.__('Encryption|Decryption ModSecurity CRS Bypass', 'bulletproof-security').'</strong><br>'.__('ModSecurity CRS is a security feature installed on some web hosts. ModSecurity CRS sees the legitimate htaccess code in the htaccess File Editor as malicious and will prevent you from saving your htaccess code edits. When trying to save your htaccess code you may see an error message or you may be redirected to your website Home page or nothing happens or other various problems. To evade/bypass ModSecurity CRS click the Encrypt htaccess Code button before clicking the Update File button. Your htaccess code is encrypted in the POST Form submission and then decrypted in the Form processing code. That means that your htaccess code is only encrypted temporarily during htaccess File Editor Form submission to bypass/evade ModSecurity CRS detection. The Decrypt htaccess Code feature was added as an additional user friendly convenience feature. It allows you to decrypt your htaccess code in real time if you already clicked the Encrypt htaccess Code button. You can then continue editing your htaccess code and then click the Encrypt htaccess Code button again when you are done editing custom code. Important!!! Do not forget to click the Encrypt htaccess Code button before clicking the Update File button.', 'bulletproof-security').'<br><br><strong>'.__('Lock|Unlock .htaccess Files', 'bulletproof-security').'</strong><br>'.__('If your Server API is using CGI then you will see Lock and Unlock buttons to lock your Root htaccess file with 404 Permissions and unlock your root htaccess file with 644 Permissions. If your Server API is using CLI - DSO/Apache/mod_php then you will not see lock and unlock buttons. 644 Permissions are required to write to/edit the root htaccess file. Once you are done editing your root htaccess file use the lock button to lock it with 404 Permissions. 644 Permissions for DSO are considered secure for DSO because of the different way that file security is handled with DSO.', 'bulletproof-security').'<br><br>'.__('If your Root htaccess file is locked and you try to save your editing changes you will see a pop message that your Root htaccess file is locked. You will need to unlock your Root htaccess file before you can save your changes.', 'bulletproof-security').'<br><br><strong>'.__('Turn On AutoLock|Turn Off AutoLock', 'bulletproof-security').'</strong><br>'.__('AutoLock is designed to automatically lock your root .htaccess file to save you an additional step of locking your root .htaccess file when performing certain actions, tasks or functions and AutoLock also automatically locks your root .htaccess during BPS Pro upgrades. This can be a problem for some folks whose Web Hosts do not allow locking the root .htaccess file with 404 file permissions and can cause 403 errors and/or cause a website to crash. For 99.99% of folks leaving AutoLock turned On will work fine. If your Web Host ONLY allows 644 file permissions for your root .htaccess file then click the Turn Off AutoLock button. This turns Off AutoLocking for all BPS actions, tasks, functions and also for BPS Pro upgrades.', 'bulletproof-security').'<br><br><strong>'.__('BPS Video Tutorial links can be found in the Help & FAQ pages.','bulletproof-security').'</strong>';
31
 
32
  /** Custom Code - Network/Multisite specific **/
33
  if ( is_multisite() ) {
37
  }
38
 
39
  /** Custom Code **/
40
+ $bps_customcode_content = '<strong>'.__('Reset|Recheck Dismiss Notices:', 'bulletproof-security').'</strong><br>'.__('Clicking this button resets ALL Dismiss Notices such as Bonus Code Dismiss Notices and ALL other Dismiss Notices. If you previously dismissed a Dismiss Notice and want to display it again at a later time click this button.', 'bulletproof-security').'<br><br><strong>'.__('Export Tool', 'bulletproof-security').'</strong><br>'.__('The Custom Code Export tool exports (copies) all of your Root and wp-admin custom htaccess code into the cc-master.zip file, which you can then download to your computer by clicking the Download Zip Export button displayed in the Custom Code Export success message. You can unzip the cc-master.zip file on your computer to extract the cc-master.txt file for editing - see the Import Tool help info below.', 'bulletproof-security').'<br><br><strong>'.__('Import Tool', 'bulletproof-security').'</strong><br>'.__('The Custom Code Import tool imports all of your Root and wp-admin Custom Code from the cc-master.zip file on your computer into the Custom Code text boxes and saves your imported custom htaccess code to your WordPress Database. You can unzip the cc-master.zip file on your computer to extract the cc-master.txt file for editing to add/change any custom htaccess code in the cc-master.txt file. Do NOT delete any of the BEGIN and END placeholder lines of code in the cc-master.txt file. You can add/edit/change any code in-between the BEGIN and END lines of code. After editing the cc-master.txt file you will need to zip the cc-master.txt file in order to be able to import the cc-master.zip file using the Custom Code Import tool. The zip file MUST be named cc-master.zip in order to be able to Import it to BPS Custom Code. Important Note: Use Notepad, Notepad++ or another ASCII text editor to edit the cc-master.txt file. Do NOT use Word or WordPad to edit the cc-master.txt file.', 'bulletproof-security').'<br><br><strong>'.__('Delete Tool', 'bulletproof-security').'</strong><br>'.__('The Custom Code Delete tool deletes all of your Root and wp-admin Custom Code from all of the Custom Code text boxes and your WordPress Database. The Delete tool can be used for troubleshooting possible invalid/bad custom htaccess code issues/problems or simply just to delete all custom htaccess code in all of the Custom Code text boxes.', 'bulletproof-security').'<br><br><strong>'.__('Custom Code General Help Information', 'bulletproof-security').'</strong><br>'.__('ONLY add valid htaccess code into these text areas/text boxes. If you want to add regular text instead of .htaccess code then you will need to add a pound sign # in front of the text to comment it out. If you do not do this then the next time you activate BulletProof Mode for your Root folder or your wp-admin folder your website WILL crash.', 'bulletproof-security').'<br><br>'.__('For Custom Code text boxes the require that you copy the entire section of code that you want to edit and modify you will see this blue help text - ', 'bulletproof-security').'<strong><font color="blue">'.__('"You MUST copy and paste the entire xxxxx section of code from your root .htaccess file into this text box first. You can then edit and modify the code in this text window and save your changes."', 'bulletproof-security').'</font></strong><br><br><strong>'.__('If you do not copy the entire section of code into a text box that requires this then the next time activate BulletProof Mode for your Root folder or your wp-admin folder your website WILL crash.', 'bulletproof-security').'</strong><br><br><strong>'.__('If your website crashes after adding custom code: Use FTP or use your web host control panel file manager and delete the root .htaccess file or the wp-admin file or both files if necessary. Log back into your website and correct/fix the invalid/incorrect custom htaccess code that was added in any of the Custom Code text boxes, save your changes, go to the Security Modes page and click the Activate button for the Root or wp-admin Folder BulletProof Mode or both if necessary.', 'bulletproof-security').'</strong><br><br><strong>'.__('Your Custom Code is saved permanently until you delete it and will not be removed or deleted when you upgrade BPS.','bulletproof-security').'</strong><br><br><strong>'.__('Root htaccess File Custom Code Setup Steps', 'bulletproof-security').'</strong><br>'.__('1. Add your custom code in the appropriate Root Custom Code text box.', 'bulletproof-security').'<br>'.__('2. Click the Encrypt Custom Code button - You only need to do this step if you are unable to save your custom code - See the Encryption|Decryption ModSecurity CRS Bypass help section below.', 'bulletproof-security').'<br>'.__('3. Click the Save Root Custom Code button to save your Root custom code.', 'bulletproof-security').'<br>'.__('4. Go to the Security Modes page and click the Root Folder BulletProof Mode Activate button.', 'bulletproof-security').'<br><br><strong>'.__('Encryption|Decryption ModSecurity CRS Bypass', 'bulletproof-security').'</strong><br>'.__('ModSecurity CRS is a security feature installed on some web hosts. ModSecurity CRS sees the legitimate htaccess code in the Custom Code text boxes as malicious and will prevent you from saving your custom htaccess code. When trying to save your custom code you may see an error message or you may be redirected to your website Home page or nothing happens or other various problems. To evade/bypass ModSecurity CRS click the Encrypt Custom Code button before clicking the Save Custom Code buttons. Your custom htaccess code is encrypted in the POST Form submission and then decrypted in the Form processing code. That means that your custom htaccess code is only encrypted temporarily during Custom Code Form submission to bypass/evade ModSecurity CRS detection. The Decrypt Custom Code feature was added as an additional user friendly convenience feature. It allows you to decrypt your custom code in real time if you already clicked the Encrypt Custom Code button. You can then continue adding or editing your custom code and then click the Encrypt Custom Code button again when you are done adding or editing custom code. Important!!! Do not forget to click the Encrypt Custom Code button before clicking the Save Custom Code buttons.', 'bulletproof-security').'<br><br><strong>'.__('CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE:', 'bulletproof-security').'<br>'.__('Add php/php.ini handler code, cache code and/or Speed Boost Cache Code here', 'bulletproof-security').'</strong><br>'.__('ONLY add valid php/php.ini handler htaccess code and/or cache htaccess code or text commented out with a pound sign #.','bulletproof-security').'<br><br><strong>'.__('CUSTOM CODE TURN OFF YOUR SERVER SIGNATURE:', 'bulletproof-security').'</strong><br>'.__('You MUST copy and paste the entire TURN OFF YOUR SERVER SIGNATURE section of code from your root .htaccess file into this text box first. You can then edit and modify the code in this text window and save your changes.','bulletproof-security').'<br><br><strong>'.__('CUSTOM CODE DO NOT SHOW DIRECTORY LISTING/DIRECTORY INDEX:','bulletproof-security').'</strong><br>'.__('You MUST copy and paste the entire DO NOT SHOW DIRECTORY LISTING and DIRECTORY INDEX sections of code from your root .htaccess file into this text box first. You can then edit and modify the code in this text window and save your changes.','bulletproof-security').'<br><br><strong>'.__('CUSTOM CODE BRUTE FORCE LOGIN PAGE PROTECTION:','bulletproof-security').'</strong><br>'.__('This Custom Code text box is for optional/Bonus code. To get this code see the Forum Help Links at the top of this Read Me help window. CAUTION! This code has a 95%/5% success/fail ratio meaning that this code will not work on 5% of websites. If you see a 403 error when logging out and logging into your website then you cannot use this code on your website and will need to delete this code to correct the 403 error when logging out and logging into your website.','bulletproof-security').'<br><br><strong>'.__('CUSTOM CODE ERROR LOGGING AND TRACKING:','bulletproof-security').'</strong><br>'.__('You MUST copy and paste the entire ERROR LOGGING AND TRACKING section of code from your root .htaccess file into this text box first. You can then edit and modify the code in this text window and save your changes.','bulletproof-security').'<br><br><strong>'.__('CUSTOM CODE DENY ACCESS TO PROTECTED SERVER FILES AND FOLDERS:', 'bulletproof-security').'</strong><br>'.__('You MUST copy and paste the entire DENY ACCESS TO PROTECTED SERVER FILES AND FOLDERS section of code from your root .htaccess file into this text box first. You can then edit and modify the code in this text window and save your changes.', 'bulletproof-security').'<br><br><strong>'.__('CUSTOM CODE WP-ADMIN/INCLUDES: DO NOT add wp-admin .htaccess file code here', 'bulletproof-security').'</strong><br>'.__('Add one pound sign # in this text box to prevent the WP-ADMIN/INCLUDES section of code from being created in your root .htaccess file.','bulletproof-security').'<br><br><strong>'.__('CUSTOM CODE WP REWRITE LOOP START: Add www to non-www/non-www to www code here', 'bulletproof-security').'</strong><br>'.__('You MUST copy and paste the entire WP REWRITE LOOP START section of code from your root .htaccess file into this text box first. You can then edit and modify the code in this text window and save your changes.','bulletproof-security').'<br><br><strong>'.__('CUSTOM CODE REQUEST METHODS FILTERED: Whitelist User Agents and allow HEAD Requests', 'bulletproof-security').'</strong><br>'.__('You MUST copy and paste the entire REQUEST METHODS FILTERED section of code from your root .htaccess file into this text box first. You can then edit and modify the code in this text window and save your changes. If you see this code: ','bulletproof-security').'RewriteRule ^(.*)$ - [R=405,L]'.__('. To Allow HEAD Requests, comment out these 2 lines of code with # signs: ', 'bulletproof-security').'#RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC] and #RewriteRule ^(.*)$ - [R=405,L].'.__(' If you see this code: ','bulletproof-security').'RewriteRule ^(.*)$ /wp-content/plugins/bulletproof-security/405.php [L]'.__('. To Allow HEAD Requests, comment out these 2 lines of code with # signs: ', 'bulletproof-security').'#RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC] and #RewriteRule ^(.*)$ /wp-content/plugins/bulletproof-security/405.php [L].<br><br><strong>'.__('CUSTOM CODE PLUGIN/THEME SKIP/BYPASS RULES:','bulletproof-security').'</strong><br>'.__('ONLY add valid htaccess code or text commented out with a pound sign #. This text area is for plugin fixes that are specific to your website. BPS already has some plugin skip/bypass rules included in the Root htaccess file by default. Adding additional plugin skip/bypass rules for your plugins on your website goes in this text box. There are 12 default skip rules in the standard BPS root htaccess file already. Skip rules MUST be in descending consecutive number order: 15, 14, 13... If you add one plugin skip/bypass rule in this text box it should be skip rule #13. For each additional plugin skip rule that you add the S= skip number is increased by one. Example: if you add 3 plugin skip rules in this text box they would be Skip rules #15, #14 and #13 - RewriteRule . - [S=15] and RewriteRule . - [S=14] and RewriteRule . - [S=13] in descending consecutive order', 'bulletproof-security').'<br><br><strong>'.__('CUSTOM CODE TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE:','bulletproof-security').'</strong><br>'.__('You MUST copy and paste the entire TIMTHUMB FORBID RFI section of code from your root .htaccess file into this text box first. You can then edit and modify the code in this text window and save your changes.','bulletproof-security').'<br><br><strong>'.__('CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS:','bulletproof-security').'</strong><br>'.__('You MUST copy and paste the entire BPSQSE QUERY STRING EXPLOITS section of code from your root .htaccess file from # BEGIN BPSQSE BPS QUERY STRING EXPLOITS to # END BPSQSE BPS QUERY STRING EXPLOITS into this text box first. You can then edit and modify the code in this text window and save your changes.', 'bulletproof-security').$network_cc_help.'<br><br><strong>'.__('CUSTOM CODE DENY BROWSER ACCESS TO THESE FILES:','bulletproof-security').'</strong><br>'.__('You MUST copy and paste the entire DENY BROWSER ACCESS section of code from your root .htaccess file into this text box first. You can then edit and modify the code in this text window and save your changes.', 'bulletproof-security').'<br><br><strong>'.__('CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE: Add miscellaneous code here','bulletproof-security').'</strong><br>'.__('This Custom Code text box is for any/all personal custom code that you have created or want to use that is not standard BPS htaccess code. ONLY add valid htaccess code below or text commented out with a pound sign # You can save any miscellaneous custom htaccess code here as long as it is valid htaccess code or if it is just plain text then you will need to comment it out with a pound sign # in front of the text.', 'bulletproof-security').'<br><br><strong>'.__('wp-admin htaccess File Custom Code Steps','bulletproof-security').'</strong><br>'.__('1. Add your custom code in the appropriate wp-admin Custom Code text box.', 'bulletproof-security').'<br>'.__('2. Click the Save wp-admin Custom Code button to save your wp-admin custom code.', 'bulletproof-security').'<br>'.__('3. Go to the Security Modes page and click the wp-admin Folder BulletProof Mode Activate button.', 'bulletproof-security').'<br><br><strong>'.__('CUSTOM CODE BPS WPADMIN DENY ACCESS TO FILES:','bulletproof-security').'<br>'.__('Add additional wp-admin files that you would like to block here','bulletproof-security').'</strong><br>'.__('You MUST copy and paste the entire WPADMIN DENY BROWSER ACCESS TO FILES section of code from your wp-admin .htaccess file into this text box first. You can then edit and modify the code in this text window and save your changes. Add one pound sign # below to prevent the WPADMIN DENY BROWSER ACCESS TO FILES section of code from being created in your wp-admin .htaccess file.', 'bulletproof-security').'<br><br><strong>'.__('CUSTOM CODE WPADMIN TOP:','bulletproof-security').'<br>'.__('Add wp-admin password protection, IP whitelist allow access & miscellaneous custom code here','bulletproof-security').'</strong><br>'.__('ONLY add valid htaccess code below or text commented out with a pound sign # You can save any miscellaneous custom htaccess code here as long as it is valid htaccess code or if it is just plain text then you will need to comment it out with a pound sign # in front of the text.','bulletproof-security').'<br><br><strong>'.__('CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES:','bulletproof-security').'<br>'.__('Add wp-admin plugin/file skip rules code here','bulletproof-security').'</strong><br>'.__('ONLY add valid htaccess code below or text commented out with a pound sign #. There is currently one default skip rule [S=1] in the standard BPS wp-admin htaccess file already. Skip rules MUST be in descending consecutive number order: 4, 3, 2... If you add one plugin skip/bypass rule in this text box it will be skip rule #2. For each additional plugin skip rule that you add the S= skip number is increased by one. Example: if you add 3 plugin skip rules in this text box they would be Skip rules #4, #3 and #2 - RewriteRule . - [S=4] and RewriteRule . - [S=3] and RewriteRule . - [S=2] in descending consecutive order.','bulletproof-security').'<br><br><strong>'.__('CUSTOM CODE BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS:','bulletproof-security').'<br>'.__('Modify wp-admin Query String Exploit code here','bulletproof-security').'</strong><br>'.__('You MUST copy and paste the entire BPS QUERY STRING EXPLOITS section of code from your wp-admin .htaccess file from # BEGIN BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS to # END BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS into this text box first. You can then edit and modify the code in this text window and save your changes.','bulletproof-security').'<br><br><strong>'.__('BPS Video Tutorial links can be found in the Help & FAQ pages.','bulletproof-security').'</strong>';
41
 
42
  ?>
admin/core/core.php CHANGED
@@ -31,34 +31,34 @@ if ( $ScrollTop_options['bps_scrolltop'] != 'Off' ) {
31
  ?>
32
 
33
  <?php
34
- if ( function_exists('get_transient') ) {
35
- require_once( ABSPATH . 'wp-admin/includes/plugin-install.php' );
36
 
37
- if ( false === ( $bps_api = get_transient('bulletproof-security_info') ) ) {
38
- $bps_api = plugins_api( 'plugin_information', array( 'slug' => stripslashes( 'bulletproof-security' ) ) );
39
 
40
- if ( ! is_wp_error( $bps_api ) ) {
41
- $bps_expire = 60 * 30; // Cache downloads data for 30 minutes
42
- $bps_downloaded = array( 'downloaded' => $bps_api->downloaded );
43
- maybe_serialize( $bps_downloaded );
44
- set_transient( 'bulletproof-security_info', $bps_downloaded, $bps_expire );
45
- }
46
- }
47
-
48
- $bps_transient = get_transient( 'bulletproof-security_info' );
49
 
50
  echo '<div class="bps-star-container">';
51
  echo '<div class="bps-star"><img src="'.plugins_url('/bulletproof-security/admin/images/star.png').'" /></div>';
52
  echo '<div class="bps-downloaded">';
53
 
54
- foreach ( $bps_transient as $key => $value ) {
55
- echo number_format_i18n( $value ) .' '. str_replace( 'downloaded', "Downloads", $key );
56
- }
57
-
58
  echo '<div class="bps-star-link"><a href="https://wordpress.org/support/view/plugin-reviews/bulletproof-security#postform" target="_blank" title="Add a Star Rating for the BPS plugin">'.__('Rate BPS', 'bulletproof-security').'</a><br><a href="https://affiliates.ait-pro.com/po/" target="_blank" title="Upgrade to BulletProof Security Pro">Upgrade to Pro</a></div>';
59
  echo '</div>';
60
  echo '</div>';
61
- }
62
 
63
  // Get Real IP address - USE EXTREME CAUTION!!!
64
  function bpsPro_get_real_ip_address_cc() {
@@ -142,6 +142,9 @@ $bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );
142
  // Replace ABSPATH = wp-content/uploads
143
  $wp_upload_dir = wp_upload_dir();
144
  $bps_uploads_dir = str_replace( ABSPATH, '', $wp_upload_dir['basedir'] );
 
 
 
145
 
146
  $bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
147
  $bps_bottomDiv = '</p></div>';
@@ -166,8 +169,6 @@ if ( isset( $_POST['Submit-RBM-Activate'] ) || isset( $_POST['Submit-RBM-Deactiv
166
  require_once( WP_PLUGIN_DIR . '/bulletproof-security/admin/core/core-htaccess-code.php' );
167
  }
168
 
169
- $bpsSpacePop = '-------------------------------------------------------------';
170
-
171
  ?>
172
  </div>
173
 
@@ -733,49 +734,44 @@ echo bps_secure_htaccess_file_check();
733
  echo bps_default_htaccess_file_check();
734
  echo bps_wpadmin_htaccess_file_check();
735
 
736
- // Perform File Open and Write test first by appending a blank space/nothing to files for write testing.
737
- if ( current_user_can('manage_options') ) {
738
- $secure_htaccess_file = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/secure.htaccess';
739
- $write_test = "";
740
- $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
741
-
742
- if ( $HFiles_options['bps_htaccess_files'] == 'disabled' ) {
743
- $text = '<font color="blue" style="font-size:12px;"><strong>'.__('htaccess Files Disabled: secure.htaccess Master file is disabled.', 'bulletproof-security').'</strong></font><br>';
744
- echo $text;
745
 
746
- } elseif ( ! file_exists($secure_htaccess_file) && $HFiles_options['bps_htaccess_files'] != 'disabled' ) {
747
- $text = '<font color="#fb0101" style="font-size:12px;"><strong>'.__('ERROR: A secure.htaccess Master file was NOT found.', 'bulletproof-security').'</strong></font><br>';
748
- echo $text;
 
749
 
750
- } else {
 
 
751
 
752
- if ( file_exists($secure_htaccess_file) ) {
753
-
754
- if ( is_writable($secure_htaccess_file) ) {
755
- if ( ! $handle = fopen($secure_htaccess_file, 'a+b') ) {
756
- exit;
757
- }
758
-
759
- if ( fwrite($handle, $write_test) === FALSE ) {
760
- exit;
761
- }
762
 
763
- $text = '<font color="green" style="font-size:12px;"><strong>'.__('File Open and Write test successful! The secure.htaccess Master file is writable.', 'bulletproof-security').'</strong></font><br>';
764
- echo $text;
765
- fclose($handle);
 
 
 
 
 
 
 
766
  }
767
-
768
- if ( ! is_writable($secure_htaccess_file) ) {
769
- $text = '<font color="#fb0101" style="font-size:12px;"><strong>'.__('Cannot write to file: ', 'bulletproof-security').$secure_htaccess_file . '</strong></font><br>';
770
- echo $text;
771
- }
772
  }
773
  }
774
  }
775
 
 
 
776
  if ( isset( $_POST['submit1'] ) && current_user_can('manage_options') ) {
777
  check_admin_referer( 'bulletproof_security_save_settings_1' );
778
- $newcontent1 = stripslashes($_POST['newcontent1']);
779
 
780
  if ( $HFiles_options['bps_htaccess_files'] == 'disabled' ) {
781
  echo $bps_topDiv;
@@ -785,74 +781,81 @@ $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
785
  return;
786
  }
787
 
788
- if ( ! is_writable($secure_htaccess_file) ) {
789
- echo $bps_topDiv;
790
- $text = '<font color="#fb0101"><strong>'.__('Error: Unable to write to the secure.htaccess Master file.', 'bulletproof-security').'</strong></font><br>';
791
- echo $text;
792
- echo $bps_bottomDiv;
793
- }
794
-
795
- if ( is_writable($secure_htaccess_file) ) {
796
 
797
- if ( ! $handle = fopen($secure_htaccess_file, 'w+b') ) {
798
- exit;
799
- }
800
-
801
- if ( fwrite($handle, $newcontent1) === FALSE ) {
802
- exit;
803
  }
804
 
 
805
  echo $bps_topDiv;
806
- $text = '<font color="green"><strong>'.__('The secure.htaccess Master file has been updated.', 'bulletproof-security').'</strong></font><br>';
807
  echo $text;
808
- echo $bps_bottomDiv;
809
 
810
- fclose($handle);
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
811
  }
812
  }
813
 
814
- if ( current_user_can('manage_options') ) {
815
- $default_htaccess_file = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/default.htaccess';
816
- $write_test = "";
817
- $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
818
-
819
- if ( $HFiles_options['bps_htaccess_files'] == 'disabled' ) {
820
- $text = '<font color="blue" style="font-size:12px;"><strong>'.__('htaccess Files Disabled: default.htaccess Master file is disabled.', 'bulletproof-security').'</strong></font><br>';
821
- echo $text;
822
 
823
- } elseif ( ! file_exists($default_htaccess_file) && $HFiles_options['bps_htaccess_files'] != 'disabled' ) {
824
- $text = '<font color="#fb0101" style="font-size:12px;"><strong>'.__('ERROR: A default.htaccess Master file was NOT found.', 'bulletproof-security').'</strong></font><br>';
825
- echo $text;
 
826
 
827
- } else {
 
 
828
 
829
- if ( file_exists($default_htaccess_file) ) {
830
-
831
- if ( is_writable($default_htaccess_file) ) {
832
- if ( ! $handle = fopen($default_htaccess_file, 'a+b') ) {
833
- exit;
834
- }
835
-
836
- if ( fwrite($handle, $write_test) === FALSE ) {
837
- exit;
838
- }
839
 
840
- $text = '<font color="green" style="font-size:12px;"><strong>'.__('File Open and Write test successful! The default.htaccess Master file is writable.', 'bulletproof-security').'</strong></font><br>';
841
- echo $text;
842
- fclose($handle);
843
- }
844
 
845
- if ( ! is_writable($default_htaccess_file) ) {
846
- $text = '<font color="#fb0101" style="font-size:12px;"><strong>'.__('Cannot write to file: ', 'bulletproof-security').$default_htaccess_file . '</strong></font><br>';
847
- echo $text;
848
- }
 
 
 
 
 
849
  }
850
  }
851
  }
852
 
 
 
853
  if ( isset( $_POST['submit2'] ) && current_user_can('manage_options') ) {
854
  check_admin_referer( 'bulletproof_security_save_settings_2' );
855
- $newcontent2 = stripslashes($_POST['newcontent2']);
856
 
857
  if ( $HFiles_options['bps_htaccess_files'] == 'disabled' ) {
858
  echo $bps_topDiv;
@@ -862,29 +865,40 @@ $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
862
  return;
863
  }
864
 
865
- if ( ! is_writable($default_htaccess_file) ) {
866
- echo $bps_topDiv;
867
- $text = '<font color="#fb0101"><strong>'.__('Error: Unable to write to the default.htaccess Master file.', 'bulletproof-security').'</strong></font><br>';
868
- echo $text;
869
- echo $bps_bottomDiv;
870
- }
871
-
872
- if ( is_writable($default_htaccess_file) ) {
873
 
874
- if ( ! $handle = fopen($default_htaccess_file, 'w+b') ) {
875
- exit;
876
- }
877
-
878
- if ( fwrite($handle, $newcontent2) === FALSE ) {
879
- exit;
880
  }
881
 
 
882
  echo $bps_topDiv;
883
- $text = '<font color="green"><strong>'.__('The default.htaccess Master file has been updated.', 'bulletproof-security').'</strong></font><br>';
884
  echo $text;
885
- echo $bps_bottomDiv;
886
 
887
- fclose($handle);
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
888
  }
889
 
890
  $custom_default_htaccess = WP_CONTENT_DIR . '/bps-backup/master-backups/default.htaccess';
@@ -903,58 +917,53 @@ $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
903
  }
904
  }
905
 
906
- if ( current_user_can('manage_options') ) {
907
- $wpadmin_htaccess_file = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/wpadmin-secure.htaccess';
908
- $write_test = "";
909
-
910
- $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
911
- $BPS_wpadmin_Options = get_option('bulletproof_security_options_htaccess_res');
912
- $GDMW_options = get_option('bulletproof_security_options_GDMW');
913
-
914
- if ( $BPS_wpadmin_Options['bps_wpadmin_restriction'] == 'disabled' || $GDMW_options['bps_gdmw_hosting'] == 'yes' ) {
915
- $text = '<strong><font color="black">'.__('wpadmin-secure.htaccess file writing is disabled.', 'bulletproof-security').'</font></strong><br>';
916
- echo $text;
917
-
918
- } else {
919
 
920
- if ( $HFiles_options['bps_htaccess_files'] == 'disabled' ) {
921
- $text = '<font color="blue" style="font-size:12px;"><strong>'.__('htaccess Files Disabled: wpadmin-secure.htaccess Master file is disabled.', 'bulletproof-security').'</strong></font><br>';
 
 
 
 
 
 
 
922
  echo $text;
923
-
924
- } elseif ( ! file_exists($wpadmin_htaccess_file) && $HFiles_options['bps_htaccess_files'] != 'disabled' ) {
925
- $text = '<font color="#fb0101" style="font-size:12px;"><strong>'.__('ERROR: A wpadmin-secure.htaccess Master file was NOT found.', 'bulletproof-security').'</strong></font><br>';
926
- echo $text;
927
 
928
  } else {
 
 
 
 
929
 
930
- if ( file_exists($wpadmin_htaccess_file) ) {
931
-
932
- if ( is_writable($wpadmin_htaccess_file) ) {
933
- if ( ! $handle = fopen($wpadmin_htaccess_file, 'a+b') ) {
934
- exit;
935
- }
936
-
937
- if ( fwrite($handle, $write_test) === FALSE ) {
938
- exit;
939
- }
940
-
941
- $text = '<font color="green" style="font-size:12px;"><strong>'.__('File Open and Write test successful! The wpadmin-secure.htaccess Master file is writable.', 'bulletproof-security').'</strong></font><br>';
942
- echo $text;
943
- fclose($handle);
944
- }
945
 
946
- if ( ! is_writable($wpadmin_htaccess_file) ) {
947
- $text = '<font color="#fb0101" style="font-size:12px;"><strong>'.__('Cannot write to file: ', 'bulletproof-security').$wpadmin_htaccess_file . '</strong></font><br>';
948
- echo $text;
949
- }
 
 
 
 
 
 
 
 
 
 
 
950
  }
951
  }
952
  }
953
  }
954
 
 
 
955
  if ( isset( $_POST['submit4'] ) && current_user_can('manage_options') ) {
956
  check_admin_referer( 'bulletproof_security_save_settings_4' );
957
- $newcontent4 = stripslashes($_POST['newcontent4']);
958
 
959
  if ( $HFiles_options['bps_htaccess_files'] == 'disabled' ) {
960
  echo $bps_topDiv;
@@ -964,75 +973,81 @@ $write_test = "";
964
  return;
965
  }
966
 
967
- if ( ! is_writable($wpadmin_htaccess_file) ) {
968
- echo $bps_topDiv;
969
- $text = '<font color="#fb0101"><strong>'.__('Error: Unable to write to the wpadmin-secure.htaccess Master file.', 'bulletproof-security').'</strong></font><br>';
970
- echo $text;
971
- echo $bps_bottomDiv;
972
- }
973
-
974
- if ( is_writable($wpadmin_htaccess_file) ) {
975
 
976
- if ( ! $handle = fopen($wpadmin_htaccess_file, 'w+b') ) {
977
- exit;
978
- }
979
-
980
- if ( fwrite($handle, $newcontent4) === FALSE ) {
981
- exit;
982
  }
983
 
 
984
  echo $bps_topDiv;
985
- $text = '<font color="green"><strong>'.__('The wpadmin-secure.htaccess Master file has been updated.', 'bulletproof-security').'</strong></font><br>';
986
  echo $text;
987
- echo $bps_bottomDiv;
988
 
989
- fclose($handle);
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
990
  }
991
  }
992
 
993
- if ( current_user_can('manage_options') ) {
994
- $root_htaccess_file = ABSPATH . '.htaccess';
995
- $write_test = "";
996
- $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
997
-
998
- if ( ! file_exists($root_htaccess_file) && $HFiles_options['bps_htaccess_files'] == 'disabled' ) {
999
- $text = '<font color="blue" style="font-size:12px;"><strong>'.__('htaccess Files Disabled: Root htaccess file does not exist.', 'bulletproof-security').'</strong></font><br>';
1000
- echo $text;
1001
 
1002
- } elseif ( ! file_exists($root_htaccess_file) && $HFiles_options['bps_htaccess_files'] != 'disabled' ) {
1003
- $text = '<font color="#fb0101" style="font-size:12px;"><strong>'.__('ERROR: An htaccess file was NOT found in your root folder', 'bulletproof-security').'</strong></font><br>';
1004
- echo $text;
1005
 
1006
- } else {
1007
-
1008
- if ( file_exists($root_htaccess_file) ) {
1009
-
1010
- if ( is_writable($root_htaccess_file) ) {
1011
-
1012
- if ( ! $handle = fopen($root_htaccess_file, 'a+b') ) {
1013
- exit;
1014
- }
1015
- if ( fwrite($handle, $write_test) === FALSE ) {
1016
- exit;
1017
- }
1018
 
1019
- $text = '<font color="green" style="font-size:12px;"><strong>'.__('File Open and Write test successful! Your currently active root htaccess file is writable.', 'bulletproof-security').'</strong></font><br>';
1020
- echo $text;
 
1021
 
1022
- fclose($handle);
1023
- }
1024
 
1025
- if ( ! is_writable($root_htaccess_file) ) {
1026
- $text = '<font color="blue" style="font-size:12px;"><strong>'.__('Your root htaccess file is Locked with Read Only Permissions.', 'bulletproof-security').'<br>'.__('Use the Lock and Unlock buttons below to Lock or Unlock your root htaccess file for editing.', 'bulletproof-security').'</strong></font><br>';
1027
- echo $text;
 
 
 
 
 
 
 
 
 
1028
  }
1029
  }
1030
  }
1031
  }
 
 
1032
 
1033
  if ( isset( $_POST['submit5'] ) && current_user_can('manage_options') ) {
1034
  check_admin_referer( 'bulletproof_security_save_settings_5' );
1035
- $newcontent5 = stripslashes($_POST['newcontent5']);
1036
 
1037
  if ( $HFiles_options['bps_htaccess_files'] == 'disabled' ) {
1038
  echo $bps_topDiv;
@@ -1042,85 +1057,90 @@ $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
1042
  return;
1043
  }
1044
 
1045
- if ( ! is_writable($root_htaccess_file) ) {
1046
- echo $bps_topDiv;
1047
- $text = '<font color="#fb0101"><strong>'.__('Error: Unable to write to the Root htaccess file. If your Root htaccess file is locked you must unlock first.', 'bulletproof-security').'</strong></font><br>';
1048
- echo $text;
1049
- echo $bps_bottomDiv;
1050
- }
1051
-
1052
- if ( is_writable($root_htaccess_file) ) {
1053
 
1054
- if ( ! $handle = fopen($root_htaccess_file, 'w+b') ) {
1055
- exit;
1056
- }
1057
-
1058
- if ( fwrite($handle, $newcontent5) === FALSE ) {
1059
- exit;
1060
  }
1061
 
 
1062
  echo $bps_topDiv;
1063
- $text = '<font color="green"><strong>'.__('Your currently active root htaccess file has been updated.', 'bulletproof-security').'</strong></font><br>';
1064
  echo $text;
1065
- echo $bps_bottomDiv;
1066
 
1067
- fclose($handle);
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1068
  }
1069
  }
1070
 
1071
- if ( current_user_can('manage_options') ) {
1072
- $current_wpadmin_htaccess_file = ABSPATH . 'wp-admin/.htaccess';
1073
- $write_test = "";
1074
-
1075
- $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
1076
- $BPS_wpadmin_Options = get_option('bulletproof_security_options_htaccess_res');
1077
- $GDMW_options = get_option('bulletproof_security_options_GDMW');
1078
-
1079
- if ( $BPS_wpadmin_Options['bps_wpadmin_restriction'] == 'disabled' || $GDMW_options['bps_gdmw_hosting'] == 'yes' ) {
1080
- $text = '<font color="blue" style="font-size:12px;"><strong>'.__('wp-admin active htaccess file writing is disabled.', 'bulletproof-security').'</strong></font><br>';
1081
- echo $text;
1082
-
1083
- } else {
1084
 
1085
- if ( ! file_exists($root_htaccess_file) && $HFiles_options['bps_htaccess_files'] == 'disabled' ) {
1086
- $text = '<font color="blue" style="font-size:12px;"><strong>'.__('htaccess Files Disabled: wp-admin folder htaccess file does not exist.', 'bulletproof-security').'</strong></font><br>';
 
 
 
 
 
 
 
1087
  echo $text;
1088
-
1089
- } elseif ( ! file_exists($root_htaccess_file) && $HFiles_options['bps_htaccess_files'] != 'disabled' ) {
1090
- $text = '<font color="#fb0101" style="font-size:12px;"><strong>'.__('ERROR: An htaccess file was NOT found in your wp-admin folder', 'bulletproof-security').'</strong></font><br>';
1091
- echo $text;
1092
 
1093
  } else {
 
 
 
 
1094
 
1095
- if ( file_exists($current_wpadmin_htaccess_file) ) {
1096
-
1097
- if ( is_writable($current_wpadmin_htaccess_file) ) {
1098
- if ( ! $handle = fopen($current_wpadmin_htaccess_file, 'a+b') ) {
1099
- exit;
1100
- }
1101
-
1102
- if ( fwrite($handle, $write_test) === FALSE ) {
1103
- exit;
1104
- }
1105
-
1106
- $text = '<font color="green" style="font-size:12px;"><strong>'.__('File Open and Write test successful! Your currently active wp-admin htaccess file is writable.', 'bulletproof-security').'</strong></font><br>';
1107
- echo $text;
1108
 
1109
- fclose($handle);
1110
- }
 
1111
 
1112
- if ( ! is_writable($current_wpadmin_htaccess_file) ) {
1113
- $text = '<font color="#fb0101" style="font-size:12px;"><strong>'.__('Cannot write to file: ', 'bulletproof-security').$current_wpadmin_htaccess_file . '</strong></font><br>';
1114
- echo $text;
 
 
 
 
 
 
 
1115
  }
1116
  }
1117
  }
1118
  }
1119
  }
1120
 
 
 
1121
  if ( isset( $_POST['submit6'] ) && current_user_can('manage_options') ) {
1122
  check_admin_referer( 'bulletproof_security_save_settings_6' );
1123
- $newcontent6 = stripslashes($_POST['newcontent6']);
1124
 
1125
  if ( $HFiles_options['bps_htaccess_files'] == 'disabled' ) {
1126
  echo $bps_topDiv;
@@ -1130,29 +1150,40 @@ $write_test = "";
1130
  return;
1131
  }
1132
 
1133
- if ( ! is_writable($current_wpadmin_htaccess_file) ) {
1134
- echo $bps_topDiv;
1135
- $text = '<font color="#fb0101"><strong>'.__('Error: Unable to write to the wp-admin htaccess file.', 'bulletproof-security').'</strong></font><br>';
1136
- echo $text;
1137
- echo $bps_bottomDiv;
1138
- }
1139
-
1140
- if ( is_writable($current_wpadmin_htaccess_file) ) {
1141
 
1142
- if ( ! $handle = fopen($current_wpadmin_htaccess_file, 'w+b') ) {
1143
- exit;
1144
- }
1145
-
1146
- if ( fwrite($handle, $newcontent6) === FALSE ) {
1147
- exit;
1148
  }
1149
 
 
1150
  echo $bps_topDiv;
1151
- $text = '<font color="green"><strong>'.__('Your currently active wp-admin htaccess file has been updated.', 'bulletproof-security').'</strong></font><br>';
1152
  echo $text;
1153
- echo $bps_bottomDiv;
1154
 
1155
- fclose($handle);
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1156
  }
1157
  }
1158
 
@@ -1277,20 +1308,68 @@ $scrollto6 = isset($_REQUEST['scrollto6']) ? (int) $_REQUEST['scrollto6'] : 0;
1277
  <form name="template1" id="template1" action="<?php echo admin_url( 'admin.php?page=bulletproof-security/admin/core/core.php#bps-tabs-6' ); ?>" method="post">
1278
  <?php wp_nonce_field('bulletproof_security_save_settings_1'); ?>
1279
  <div>
1280
- <textarea class="bps-text-area-600x700" name="newcontent1" id="newcontent1" tabindex="1"><?php echo bps_get_secure_htaccess(); ?></textarea>
1281
  <input type="hidden" name="action" value="update" />
1282
  <input type="hidden" name="filename" value="<?php echo esc_attr( $secure_htaccess_file ) ?>" />
1283
  <input type="hidden" name="scrollto1" id="scrollto1" value="<?php echo esc_html( $scrollto1 ); ?>" />
1284
  <p class="submit">
 
 
 
1285
  <input type="submit" name="submit1" class="button bps-button" value="<?php esc_attr_e('Update File', 'bulletproof-security') ?>" /></p>
1286
  </div>
1287
  </form>
 
 
 
 
1288
  <script type="text/javascript">
1289
  /* <![CDATA[ */
1290
  jQuery(document).ready(function($){
1291
  $('#template1').submit(function(){ $('#scrollto1').val( $('#newcontent1').scrollTop() ); });
1292
  $('#newcontent1').scrollTop( $('#scrollto1').val() );
1293
  });
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1294
  /* ]]> */
1295
  </script>
1296
  </div>
@@ -1299,13 +1378,20 @@ jQuery(document).ready(function($){
1299
  <form name="template2" id="template2" action="<?php echo admin_url( 'admin.php?page=bulletproof-security/admin/core/core.php#bps-tabs-6' ); ?>" method="post">
1300
  <?php wp_nonce_field('bulletproof_security_save_settings_2'); ?>
1301
  <div>
1302
- <textarea class="bps-text-area-600x700" name="newcontent2" id="newcontent2" tabindex="2"><?php echo bps_get_default_htaccess(); ?></textarea>
1303
  <input type="hidden" name="action" value="update" />
1304
  <input type="hidden" name="filename" value="<?php echo esc_attr( $default_htaccess_file ) ?>" />
1305
  <input type="hidden" name="scrollto2" id="scrollto2" value="<?php echo esc_html( $scrollto2 ); ?>" />
1306
  <p class="submit">
 
 
 
1307
  <input type="submit" name="submit2" class="button bps-button" value="<?php esc_attr_e('Update File', 'bulletproof-security') ?>" /></p>
1308
  </div>
 
 
 
 
1309
  </form>
1310
  <script type="text/javascript">
1311
  /* <![CDATA[ */
@@ -1313,6 +1399,47 @@ jQuery(document).ready(function($){
1313
  $('#template2').submit(function(){ $('#scrollto2').val( $('#newcontent2').scrollTop() ); });
1314
  $('#newcontent2').scrollTop( $('#scrollto2').val() );
1315
  });
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1316
  /* ]]> */
1317
  </script>
1318
  </div>
@@ -1321,20 +1448,68 @@ jQuery(document).ready(function($){
1321
  <form name="template4" id="template4" action="<?php echo admin_url( 'admin.php?page=bulletproof-security/admin/core/core.php#bps-tabs-6' ); ?>" method="post">
1322
  <?php wp_nonce_field('bulletproof_security_save_settings_4'); ?>
1323
  <div>
1324
- <textarea class="bps-text-area-600x700" name="newcontent4" id="newcontent4" tabindex="4"><?php echo bps_get_wpadmin_htaccess(); ?></textarea>
1325
  <input type="hidden" name="action" value="update" />
1326
  <input type="hidden" name="filename" value="<?php echo esc_attr( $wpadmin_htaccess_file ) ?>" />
1327
  <input type="hidden" name="scrollto4" id="scrollto4" value="<?php echo esc_html( $scrollto4 ); ?>" />
1328
  <p class="submit">
 
 
 
1329
  <input type="submit" name="submit4" class="button bps-button" value="<?php esc_attr_e('Update File', 'bulletproof-security') ?>" /></p>
1330
  </div>
1331
  </form>
 
 
 
 
1332
  <script type="text/javascript">
1333
  /* <![CDATA[ */
1334
  jQuery(document).ready(function($){
1335
  $('#template4').submit(function(){ $('#scrollto4').val( $('#newcontent4').scrollTop() ); });
1336
  $('#newcontent4').scrollTop( $('#scrollto4').val() );
1337
  });
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1338
  /* ]]> */
1339
  </script>
1340
  </div>
@@ -1357,7 +1532,7 @@ $sapi_type = php_sapi_name();
1357
  <form name="template5" id="template5" action="<?php echo admin_url( 'admin.php?page=bulletproof-security/admin/core/core.php#bps-tabs-6' ); ?>" method="post">
1358
  <?php wp_nonce_field('bulletproof_security_save_settings_5'); ?>
1359
  <div>
1360
- <textarea class="bps-text-area-600x700" name="newcontent5" id="newcontent5" tabindex="5"><?php echo bps_get_root_htaccess(); ?></textarea>
1361
  <input type="hidden" name="action" value="update" />
1362
  <input type="hidden" name="filename" value="<?php echo esc_attr( $root_htaccess_file ) ?>" />
1363
  <input type="hidden" name="scrollto5" id="scrollto5" value="<?php echo esc_html( $scrollto5 ); ?>" />
@@ -1366,17 +1541,65 @@ $sapi_type = php_sapi_name();
1366
  <?php if ( @bpsStatusRHE($perms) == '0404' ) { ?>
1367
  <input type="submit" name="submit5" value="<?php esc_attr_e('Update File', 'bulletproof-security') ?>" class="button bps-button" onClick="return confirm('<?php $text = __('YOUR ROOT HTACCESS FILE IS LOCKED.', 'bulletproof-security').'\n\n'.__('YOUR FILE EDITS|CHANGES CANNOT BE SAVED.', 'bulletproof-security').'\n\n'.__('Click Cancel, copy the file editing changes you made to save them and then click the Unlock .htaccess File button to unlock your Root .htaccess file. After your Root .htaccess file is unlocked paste your file editing changes back into your Root .htaccess file and click this Update File button again to save your file edits/changes.', 'bulletproof-security'); echo $text; ?>')" />
1368
  <?php } else { ?>
 
 
 
1369
  <input type="submit" name="submit5" class="button bps-button" value="<?php esc_attr_e('Update File', 'bulletproof-security') ?>" /></p>
1370
  <?php } ?>
1371
 
1372
  </div>
1373
  </form>
 
 
 
 
1374
  <script type="text/javascript">
1375
  /* <![CDATA[ */
1376
  jQuery(document).ready(function($){
1377
  $('#template5').submit(function(){ $('#scrollto5').val( $('#newcontent5').scrollTop() ); });
1378
  $('#newcontent5').scrollTop( $('#scrollto5').val() );
1379
  });
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1380
  /* ]]> */
1381
  </script>
1382
  </div>
@@ -1385,20 +1608,68 @@ jQuery(document).ready(function($){
1385
  <form name="template6" id="template6" action="<?php echo admin_url( 'admin.php?page=bulletproof-security/admin/core/core.php#bps-tabs-6' ); ?>" method="post">
1386
  <?php wp_nonce_field('bulletproof_security_save_settings_6'); ?>
1387
  <div>
1388
- <textarea class="bps-text-area-600x700" name="newcontent6" id="newcontent6" tabindex="6"><?php echo bps_get_current_wpadmin_htaccess_file(); ?></textarea>
1389
  <input type="hidden" name="action" value="update" />
1390
  <input type="hidden" name="filename" value="<?php echo esc_attr( $current_wpadmin_htaccess_file ) ?>" />
1391
  <input type="hidden" name="scrollto6" id="scrollto6" value="<?php echo esc_html( $scrollto6 ); ?>" />
1392
  <p class="submit">
 
 
 
1393
  <input type="submit" name="submit6" class="button bps-button" value="<?php esc_attr_e('Update File', 'bulletproof-security') ?>" /></p>
1394
  </div>
1395
  </form>
 
 
 
 
1396
  <script type="text/javascript">
1397
  /* <![CDATA[ */
1398
  jQuery(document).ready(function($){
1399
  $('#template6').submit(function(){ $('#scrollto6').val( $('#newcontent6').scrollTop() ); });
1400
  $('#newcontent6').scrollTop( $('#scrollto6').val() );
1401
  });
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1402
  /* ]]> */
1403
  </script>
1404
  </div>
@@ -1523,7 +1794,18 @@ global $bps_topDiv, $bps_bottomDiv;
1523
  if ( isset( $_POST['myNotes_submit'] ) && current_user_can('manage_options') ) {
1524
  check_admin_referer( 'bulletproof_security_My_Notes' );
1525
 
1526
- $MyNotes_Options = array( 'bps_my_notes' => stripslashes($_POST['bps_my_notes']) );
 
 
 
 
 
 
 
 
 
 
 
1527
 
1528
  foreach( $MyNotes_Options as $key => $value ) {
1529
  update_option('bulletproof_security_options_mynotes', $MyNotes_Options);
@@ -1549,6 +1831,11 @@ global $bps_topDiv, $bps_bottomDiv;
1549
  <tr>
1550
  <td class="bps-table_cell_help">
1551
 
 
 
 
 
 
1552
  <form name="myNotes" action="<?php echo admin_url( 'admin.php?page=bulletproof-security/admin/core/core.php#bps-tabs-9' ); ?>" method="post">
1553
  <?php
1554
  wp_nonce_field('bulletproof_security_My_Notes');
@@ -1556,20 +1843,66 @@ global $bps_topDiv, $bps_bottomDiv;
1556
  $My_Notes_options = get_option('bulletproof_security_options_mynotes');
1557
  ?>
1558
 
1559
- <div>
1560
- <textarea class="bps-text-area-600x700" name="bps_my_notes" tabindex="1"><?php echo $My_Notes_options['bps_my_notes']; ?></textarea>
1561
  <input type="hidden" name="scrolltoNotes" value="<?php echo esc_html( $scrolltoNotes ); ?>" />
1562
- <p class="submit">
1563
- <input type="submit" name="myNotes_submit" class="button bps-button" value="<?php esc_attr_e('Save My Notes', 'bulletproof-security') ?>" /></p>
1564
- </div>
 
1565
  </form>
1566
 
 
 
 
 
 
1567
  <script type="text/javascript">
1568
  /* <![CDATA[ */
1569
  jQuery(document).ready(function($){
1570
  $('#myNotes').submit(function(){ $('#scrolltoNotes').val( $('#bps_my_notes').scrollTop() ); });
1571
  $('#bps_my_notes').scrollTop( $('#scrolltoNotes').val() );
1572
  });
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1573
  /* ]]> */
1574
  </script>
1575
 
@@ -1674,7 +2007,7 @@ jQuery(document).ready(function($){
1674
  <div id="bpsProFeatures">
1675
 
1676
  <?php
1677
- $text = '<h3><span class="blue-bold">'.__('The Complete Website Security Solution for Hacker and Spammer Protection', 'bulletproof-security').'</span></h3><h3><span class="blue-bold">'.__('BulletProof Security Pro has an amazing track record. BPS Pro has been publicly available for 7+ years and is installed on over 45,000 websites worldwide. Not a single one of those 45,000+ websites in 7+ years have been hacked.', 'bulletproof-security').'</span></h3><h3><span class="blue-bold">'.__('Why pay 10 times or more for other premium WordPress Security Plugins with recurring yearly subscriptions when you can get the best WordPress Security Plugin for an extremely low one-time purchase price?', 'bulletproof-security').'<br><a href="https://affiliates.ait-pro.com/po/" target="_blank">'.__('View Cost Comparison', 'bulletproof-security').'</a></span></h3><h3><span class="blue-bold">'.__('30-Day Money-Back Guarantee: If you are dissatisfied with BulletProof Security Pro for any reason. We offer a no questions asked full refund.', 'bulletproof-security').'</span></h3>'; echo $text;
1678
  ?>
1679
 
1680
  <?php echo '<p><span class="blue-bold">'; _e('One-Click Setup Wizard Installation: ', 'bulletproof-security'); echo '</span>'; _e('Fast, simple and complete BPS Pro installation and setup in less than 1 minute.', 'bulletproof-security').'</p>'; ?>
@@ -1713,6 +2046,9 @@ $text = '<h3><span class="blue-bold">'.__('The Complete Website Security Solutio
1713
  <div id="bpsProVersions">
1714
 
1715
  <a href="https://forum.ait-pro.com/forums/topic/bulletproof-security-pro-version-release-dates/" target="_blank" title="Link Opens in New Browser Window" style="font-size:22px;"><?php _e('BPS Pro Version Release Dates', 'bulletproof-security'); ?></a><br /><br />
 
 
 
1716
  <div id="milestone">8 Year Milestone: 8-1-2019 | First Public Release: 8-1-2011</div>
1717
  <div class="pro-links">
1718
  <?php
31
  ?>
32
 
33
  <?php
34
+ //if ( function_exists('get_transient') ) {
35
+ //require_once( ABSPATH . 'wp-admin/includes/plugin-install.php' );
36
 
37
+ // if ( false === ( $bps_api = get_transient('bulletproof-security_info') ) ) {
38
+ // $bps_api = plugins_api( 'plugin_information', array( 'slug' => stripslashes( 'bulletproof-security' ) ) );
39
 
40
+ // if ( ! is_wp_error( $bps_api ) ) {
41
+ // $bps_expire = 60 * 30; // Cache downloads data for 30 minutes
42
+ // $bps_downloaded = array( 'downloaded' => $bps_api->downloaded );
43
+ // maybe_serialize( $bps_downloaded );
44
+ // set_transient( 'bulletproof-security_info', $bps_downloaded, $bps_expire );
45
+ // }
46
+ // }
47
+
48
+ // $bps_transient = get_transient( 'bulletproof-security_info' );
49
 
50
  echo '<div class="bps-star-container">';
51
  echo '<div class="bps-star"><img src="'.plugins_url('/bulletproof-security/admin/images/star.png').'" /></div>';
52
  echo '<div class="bps-downloaded">';
53
 
54
+ // foreach ( $bps_transient as $key => $value ) {
55
+ // echo number_format_i18n( $value ) .' '. str_replace( 'downloaded', "Downloads", $key );
56
+ // }
57
+
58
  echo '<div class="bps-star-link"><a href="https://wordpress.org/support/view/plugin-reviews/bulletproof-security#postform" target="_blank" title="Add a Star Rating for the BPS plugin">'.__('Rate BPS', 'bulletproof-security').'</a><br><a href="https://affiliates.ait-pro.com/po/" target="_blank" title="Upgrade to BulletProof Security Pro">Upgrade to Pro</a></div>';
59
  echo '</div>';
60
  echo '</div>';
61
+ //}
62
 
63
  // Get Real IP address - USE EXTREME CAUTION!!!
64
  function bpsPro_get_real_ip_address_cc() {
142
  // Replace ABSPATH = wp-content/uploads
143
  $wp_upload_dir = wp_upload_dir();
144
  $bps_uploads_dir = str_replace( ABSPATH, '', $wp_upload_dir['basedir'] );
145
+ // Nonce for Crypto-js
146
+ $bps_nonceValue = 'ghbhnyxu';
147
+ $bpsSpacePop = '-------------------------------------------------------------';
148
 
149
  $bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
150
  $bps_bottomDiv = '</p></div>';
169
  require_once( WP_PLUGIN_DIR . '/bulletproof-security/admin/core/core-htaccess-code.php' );
170
  }
171
 
 
 
172
  ?>
173
  </div>
174
 
734
  echo bps_default_htaccess_file_check();
735
  echo bps_wpadmin_htaccess_file_check();
736
 
737
+ function bpsPro_secure_htaccess_write_check() {
 
 
 
 
 
 
 
 
738
 
739
+ if ( @$_POST['submit1'] != true ) {
740
+
741
+ $secure_htaccess_file = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/secure.htaccess';
742
+ $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
743
 
744
+ if ( $HFiles_options['bps_htaccess_files'] == 'disabled' ) {
745
+ $text = '<font color="blue" style="font-size:12px;"><strong>'.__('htaccess Files Disabled: secure.htaccess Master file is disabled.', 'bulletproof-security').'</strong></font><br>';
746
+ echo $text;
747
 
748
+ } elseif ( ! file_exists($secure_htaccess_file) && $HFiles_options['bps_htaccess_files'] != 'disabled' ) {
749
+ $text = '<font color="#fb0101" style="font-size:12px;"><strong>'.__('ERROR: A secure.htaccess Master file was NOT found.', 'bulletproof-security').'</strong></font><br>';
750
+ echo $text;
751
+
752
+ } else {
753
+
754
+ if ( file_exists($secure_htaccess_file) ) {
 
 
 
755
 
756
+ if ( is_writable($secure_htaccess_file) ) {
757
+
758
+ $text = '<font color="green" style="font-size:12px;"><strong>'.__('File Open and Write test successful! The secure.htaccess Master file is writable.', 'bulletproof-security').'</strong></font><br>';
759
+ echo $text;
760
+
761
+ } else {
762
+
763
+ $text = '<font color="#fb0101" style="font-size:12px;"><strong>'.__('Cannot write to file: ', 'bulletproof-security').$secure_htaccess_file . '</strong></font><br>';
764
+ echo $text;
765
+ }
766
  }
 
 
 
 
 
767
  }
768
  }
769
  }
770
 
771
+ bpsPro_secure_htaccess_write_check();
772
+
773
  if ( isset( $_POST['submit1'] ) && current_user_can('manage_options') ) {
774
  check_admin_referer( 'bulletproof_security_save_settings_1' );
 
775
 
776
  if ( $HFiles_options['bps_htaccess_files'] == 'disabled' ) {
777
  echo $bps_topDiv;
781
  return;
782
  }
783
 
784
+ $Encryption = new bpsProPHPEncryption();
785
+ $nonceValue = 'ghbhnyxu';
786
+ $secure_htaccess_file = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/secure.htaccess';
787
+
788
+ $pos = strpos( $_POST['newcontent1'], 'eyJjaXBoZXJ0ZXh0Ijoi' );
 
 
 
789
 
790
+ if ( $pos === false ) {
791
+ $newcontent1 = stripslashes($_POST['newcontent1']);
792
+ } else {
793
+ $newcontent1 = $Encryption->decrypt($_POST['newcontent1'], $nonceValue);
 
 
794
  }
795
 
796
+ if ( ! is_writable($secure_htaccess_file) ) {
797
  echo $bps_topDiv;
798
+ $text = '<font color="#fb0101"><strong>'.__('Error: Unable to write to the secure.htaccess Master file.', 'bulletproof-security').'</strong></font><br>';
799
  echo $text;
800
+ echo $bps_bottomDiv;
801
 
802
+ } else {
803
+
804
+ if ( ! $handle = fopen($secure_htaccess_file, 'w+b') ) {
805
+ exit;
806
+ }
807
+
808
+ if ( fwrite($handle, $newcontent1) === FALSE ) {
809
+ exit;
810
+ }
811
+
812
+ echo $bps_topDiv;
813
+ $text = '<font color="green"><strong>'.__('The secure.htaccess Master file has been updated.', 'bulletproof-security').'</strong></font><br>';
814
+ echo $text;
815
+ echo $bps_bottomDiv;
816
+
817
+ fclose($handle);
818
  }
819
  }
820
 
821
+ function bpsPro_default_htaccess_write_check() {
 
 
 
 
 
 
 
822
 
823
+ if ( @$_POST['submit2'] != true ) {
824
+
825
+ $default_htaccess_file = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/default.htaccess';
826
+ $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
827
 
828
+ if ( $HFiles_options['bps_htaccess_files'] == 'disabled' ) {
829
+ $text = '<font color="blue" style="font-size:12px;"><strong>'.__('htaccess Files Disabled: default.htaccess Master file is disabled.', 'bulletproof-security').'</strong></font><br>';
830
+ echo $text;
831
 
832
+ } elseif ( ! file_exists($default_htaccess_file) && $HFiles_options['bps_htaccess_files'] != 'disabled' ) {
833
+ $text = '<font color="#fb0101" style="font-size:12px;"><strong>'.__('ERROR: A default.htaccess Master file was NOT found.', 'bulletproof-security').'</strong></font><br>';
834
+ echo $text;
835
+
836
+ } else {
837
+
838
+ if ( file_exists($default_htaccess_file) ) {
 
 
 
839
 
840
+ if ( is_writable($default_htaccess_file) ) {
 
 
 
841
 
842
+ $text = '<font color="green" style="font-size:12px;"><strong>'.__('File Open and Write test successful! The default.htaccess Master file is writable.', 'bulletproof-security').'</strong></font><br>';
843
+ echo $text;
844
+
845
+ } else {
846
+
847
+ $text = '<font color="#fb0101" style="font-size:12px;"><strong>'.__('Cannot write to file: ', 'bulletproof-security').$default_htaccess_file . '</strong></font><br>';
848
+ echo $text;
849
+ }
850
+ }
851
  }
852
  }
853
  }
854
 
855
+ bpsPro_default_htaccess_write_check();
856
+
857
  if ( isset( $_POST['submit2'] ) && current_user_can('manage_options') ) {
858
  check_admin_referer( 'bulletproof_security_save_settings_2' );
 
859
 
860
  if ( $HFiles_options['bps_htaccess_files'] == 'disabled' ) {
861
  echo $bps_topDiv;
865
  return;
866
  }
867
 
868
+ $Encryption = new bpsProPHPEncryption();
869
+ $nonceValue = 'ghbhnyxu';
870
+ $default_htaccess_file = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/default.htaccess';
871
+
872
+ $pos = strpos( $_POST['newcontent2'], 'eyJjaXBoZXJ0ZXh0Ijoi' );
 
 
 
873
 
874
+ if ( $pos === false ) {
875
+ $newcontent2 = stripslashes($_POST['newcontent2']);
876
+ } else {
877
+ $newcontent2 = $Encryption->decrypt($_POST['newcontent2'], $nonceValue);
 
 
878
  }
879
 
880
+ if ( ! is_writable($default_htaccess_file) ) {
881
  echo $bps_topDiv;
882
+ $text = '<font color="#fb0101"><strong>'.__('Error: Unable to write to the default.htaccess Master file.', 'bulletproof-security').'</strong></font><br>';
883
  echo $text;
884
+ echo $bps_bottomDiv;
885
 
886
+ } else {
887
+
888
+ if ( ! $handle = fopen($default_htaccess_file, 'w+b') ) {
889
+ exit;
890
+ }
891
+
892
+ if ( fwrite($handle, $newcontent2) === FALSE ) {
893
+ exit;
894
+ }
895
+
896
+ echo $bps_topDiv;
897
+ $text = '<font color="green"><strong>'.__('The default.htaccess Master file has been updated.', 'bulletproof-security').'</strong></font><br>';
898
+ echo $text;
899
+ echo $bps_bottomDiv;
900
+
901
+ fclose($handle);
902
  }
903
 
904
  $custom_default_htaccess = WP_CONTENT_DIR . '/bps-backup/master-backups/default.htaccess';
917
  }
918
  }
919
 
920
+ function bpsPro_wpadmin_secure_htaccess_write_check() {
 
 
 
 
 
 
 
 
 
 
 
 
921
 
922
+ if ( @$_POST['submit4'] != true ) {
923
+
924
+ $wpadmin_htaccess_file = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/wpadmin-secure.htaccess';
925
+ $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
926
+ $BPS_wpadmin_Options = get_option('bulletproof_security_options_htaccess_res');
927
+ $GDMW_options = get_option('bulletproof_security_options_GDMW');
928
+
929
+ if ( $BPS_wpadmin_Options['bps_wpadmin_restriction'] == 'disabled' || $GDMW_options['bps_gdmw_hosting'] == 'yes' ) {
930
+ $text = '<strong><font color="black">'.__('wpadmin-secure.htaccess file writing is disabled.', 'bulletproof-security').'</font></strong><br>';
931
  echo $text;
 
 
 
 
932
 
933
  } else {
934
+
935
+ if ( $HFiles_options['bps_htaccess_files'] == 'disabled' ) {
936
+ $text = '<font color="blue" style="font-size:12px;"><strong>'.__('htaccess Files Disabled: wpadmin-secure.htaccess Master file is disabled.', 'bulletproof-security').'</strong></font><br>';
937
+ echo $text;
938
 
939
+ } elseif ( ! file_exists($wpadmin_htaccess_file) && $HFiles_options['bps_htaccess_files'] != 'disabled' ) {
940
+ $text = '<font color="#fb0101" style="font-size:12px;"><strong>'.__('ERROR: A wpadmin-secure.htaccess Master file was NOT found.', 'bulletproof-security').'</strong></font><br>';
941
+ echo $text;
 
 
 
 
 
 
 
 
 
 
 
 
942
 
943
+ } else {
944
+
945
+ if ( file_exists($wpadmin_htaccess_file) ) {
946
+
947
+ if ( is_writable($wpadmin_htaccess_file) ) {
948
+
949
+ $text = '<font color="green" style="font-size:12px;"><strong>'.__('File Open and Write test successful! The wpadmin-secure.htaccess Master file is writable.', 'bulletproof-security').'</strong></font><br>';
950
+ echo $text;
951
+
952
+ } else {
953
+
954
+ $text = '<font color="#fb0101" style="font-size:12px;"><strong>'.__('Cannot write to file: ', 'bulletproof-security').$wpadmin_htaccess_file . '</strong></font><br>';
955
+ echo $text;
956
+ }
957
+ }
958
  }
959
  }
960
  }
961
  }
962
 
963
+ bpsPro_wpadmin_secure_htaccess_write_check();
964
+
965
  if ( isset( $_POST['submit4'] ) && current_user_can('manage_options') ) {
966
  check_admin_referer( 'bulletproof_security_save_settings_4' );
 
967
 
968
  if ( $HFiles_options['bps_htaccess_files'] == 'disabled' ) {
969
  echo $bps_topDiv;
973
  return;
974
  }
975
 
976
+ $Encryption = new bpsProPHPEncryption();
977
+ $nonceValue = 'ghbhnyxu';
978
+ $wpadmin_htaccess_file = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/wpadmin-secure.htaccess';
979
+
980
+ $pos = strpos( $_POST['newcontent4'], 'eyJjaXBoZXJ0ZXh0Ijoi' );
 
 
 
981
 
982
+ if ( $pos === false ) {
983
+ $newcontent4 = stripslashes($_POST['newcontent4']);
984
+ } else {
985
+ $newcontent4 = $Encryption->decrypt($_POST['newcontent4'], $nonceValue);
 
 
986
  }
987
 
988
+ if ( ! is_writable($wpadmin_htaccess_file) ) {
989
  echo $bps_topDiv;
990
+ $text = '<font color="#fb0101"><strong>'.__('Error: Unable to write to the wpadmin-secure.htaccess Master file.', 'bulletproof-security').'</strong></font><br>';
991
  echo $text;
992
+ echo $bps_bottomDiv;
993
 
994
+ } else {
995
+
996
+ if ( ! $handle = fopen($wpadmin_htaccess_file, 'w+b') ) {
997
+ exit;
998
+ }
999
+
1000
+ if ( fwrite($handle, $newcontent4) === FALSE ) {
1001
+ exit;
1002
+ }
1003
+
1004
+ echo $bps_topDiv;
1005
+ $text = '<font color="green"><strong>'.__('The wpadmin-secure.htaccess Master file has been updated.', 'bulletproof-security').'</strong></font><br>';
1006
+ echo $text;
1007
+ echo $bps_bottomDiv;
1008
+
1009
+ fclose($handle);
1010
  }
1011
  }
1012
 
1013
+ function bpsPro_root_htaccess_write_check() {
1014
+
1015
+ if ( @$_POST['submit7'] != true ) {
 
 
 
 
 
1016
 
1017
+ $root_htaccess_file = ABSPATH . '.htaccess';
1018
+ $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
 
1019
 
1020
+ if ( ! file_exists($root_htaccess_file) && $HFiles_options['bps_htaccess_files'] == 'disabled' ) {
1021
+ $text = '<font color="blue" style="font-size:12px;"><strong>'.__('htaccess Files Disabled: Root htaccess file does not exist.', 'bulletproof-security').'</strong></font><br>';
1022
+ echo $text;
 
 
 
 
 
 
 
 
 
1023
 
1024
+ } elseif ( ! file_exists($root_htaccess_file) && $HFiles_options['bps_htaccess_files'] != 'disabled' ) {
1025
+ $text = '<font color="#fb0101" style="font-size:12px;"><strong>'.__('ERROR: An htaccess file was NOT found in your root folder', 'bulletproof-security').'</strong></font><br>';
1026
+ echo $text;
1027
 
1028
+ } else {
 
1029
 
1030
+ if ( file_exists($root_htaccess_file) ) {
1031
+
1032
+ if ( is_writable($root_htaccess_file) ) {
1033
+
1034
+ $text = '<font color="green" style="font-size:12px;"><strong>'.__('File Open and Write test successful! Your currently active root htaccess file is writable.', 'bulletproof-security').'</strong></font><br>';
1035
+ echo $text;
1036
+
1037
+ } else {
1038
+
1039
+ $text = '<font color="blue" style="font-size:12px;"><strong>'.__('Your root htaccess file is Locked with Read Only Permissions.', 'bulletproof-security').'<br>'.__('Use the Lock and Unlock buttons below to Lock or Unlock your root htaccess file for editing.', 'bulletproof-security').'</strong></font><br>';
1040
+ echo $text;
1041
+ }
1042
  }
1043
  }
1044
  }
1045
  }
1046
+
1047
+ bpsPro_root_htaccess_write_check();
1048
 
1049
  if ( isset( $_POST['submit5'] ) && current_user_can('manage_options') ) {
1050
  check_admin_referer( 'bulletproof_security_save_settings_5' );
 
1051
 
1052
  if ( $HFiles_options['bps_htaccess_files'] == 'disabled' ) {
1053
  echo $bps_topDiv;
1057
  return;
1058
  }
1059
 
1060
+ $Encryption = new bpsProPHPEncryption();
1061
+ $nonceValue = 'ghbhnyxu';
1062
+ $root_htaccess_file = ABSPATH . '.htaccess';
1063
+
1064
+ $pos = strpos( $_POST['newcontent5'], 'eyJjaXBoZXJ0ZXh0Ijoi' );
 
 
 
1065
 
1066
+ if ( $pos === false ) {
1067
+ $newcontent5 = stripslashes($_POST['newcontent5']);
1068
+ } else {
1069
+ $newcontent5 = $Encryption->decrypt($_POST['newcontent5'], $nonceValue);
 
 
1070
  }
1071
 
1072
+ if ( ! is_writable($root_htaccess_file) ) {
1073
  echo $bps_topDiv;
1074
+ $text = '<font color="#fb0101"><strong>'.__('Error: Unable to write to the Root htaccess file. If your Root htaccess file is locked you must unlock first.', 'bulletproof-security').'</strong></font><br>';
1075
  echo $text;
1076
+ echo $bps_bottomDiv;
1077
 
1078
+ } else {
1079
+
1080
+ if ( ! $handle = fopen($root_htaccess_file, 'w+b') ) {
1081
+ exit;
1082
+ }
1083
+
1084
+ if ( fwrite($handle, $newcontent5) === FALSE ) {
1085
+ exit;
1086
+ }
1087
+
1088
+ echo $bps_topDiv;
1089
+ $text = '<font color="green"><strong>'.__('Your currently active root htaccess file has been updated.', 'bulletproof-security').'</strong></font><br>';
1090
+ echo $text;
1091
+ echo $bps_bottomDiv;
1092
+
1093
+ fclose($handle);
1094
  }
1095
  }
1096
 
1097
+ function bpsPro_wpadmin_htaccess_write_check() {
 
 
 
 
 
 
 
 
 
 
 
 
1098
 
1099
+ if ( @$_POST['submit8'] != true ) {
1100
+
1101
+ $current_wpadmin_htaccess_file = ABSPATH . 'wp-admin/.htaccess';
1102
+ $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
1103
+ $BPS_wpadmin_Options = get_option('bulletproof_security_options_htaccess_res');
1104
+ $GDMW_options = get_option('bulletproof_security_options_GDMW');
1105
+
1106
+ if ( $BPS_wpadmin_Options['bps_wpadmin_restriction'] == 'disabled' || $GDMW_options['bps_gdmw_hosting'] == 'yes' ) {
1107
+ $text = '<font color="blue" style="font-size:12px;"><strong>'.__('wp-admin active htaccess file writing is disabled.', 'bulletproof-security').'</strong></font><br>';
1108
  echo $text;
 
 
 
 
1109
 
1110
  } else {
1111
+
1112
+ if ( ! file_exists($current_wpadmin_htaccess_file) && $HFiles_options['bps_htaccess_files'] == 'disabled' ) {
1113
+ $text = '<font color="blue" style="font-size:12px;"><strong>'.__('htaccess Files Disabled: wp-admin folder htaccess file does not exist.', 'bulletproof-security').'</strong></font><br>';
1114
+ echo $text;
1115
 
1116
+ } elseif ( ! file_exists($current_wpadmin_htaccess_file) && $HFiles_options['bps_htaccess_files'] != 'disabled' ) {
1117
+ $text = '<font color="#fb0101" style="font-size:12px;"><strong>'.__('ERROR: An htaccess file was NOT found in your wp-admin folder', 'bulletproof-security').'</strong></font><br>';
1118
+ echo $text;
 
 
 
 
 
 
 
 
 
 
1119
 
1120
+ } else {
1121
+
1122
+ if ( file_exists($current_wpadmin_htaccess_file) ) {
1123
 
1124
+ if ( is_writable($current_wpadmin_htaccess_file) ) {
1125
+
1126
+ $text = '<font color="green" style="font-size:12px;"><strong>'.__('File Open and Write test successful! Your currently active wp-admin htaccess file is writable.', 'bulletproof-security').'</strong></font><br>';
1127
+ echo $text;
1128
+
1129
+ } else {
1130
+
1131
+ $text = '<font color="#fb0101" style="font-size:12px;"><strong>'.__('Cannot write to file: ', 'bulletproof-security').$current_wpadmin_htaccess_file . '</strong></font><br>';
1132
+ echo $text;
1133
+ }
1134
  }
1135
  }
1136
  }
1137
  }
1138
  }
1139
 
1140
+ bpsPro_wpadmin_htaccess_write_check();
1141
+
1142
  if ( isset( $_POST['submit6'] ) && current_user_can('manage_options') ) {
1143
  check_admin_referer( 'bulletproof_security_save_settings_6' );
 
1144
 
1145
  if ( $HFiles_options['bps_htaccess_files'] == 'disabled' ) {
1146
  echo $bps_topDiv;
1150
  return;
1151
  }
1152
 
1153
+ $Encryption = new bpsProPHPEncryption();
1154
+ $nonceValue = 'ghbhnyxu';
1155
+ $current_wpadmin_htaccess_file = ABSPATH . 'wp-admin/.htaccess';
1156
+
1157
+ $pos = strpos( $_POST['newcontent6'], 'eyJjaXBoZXJ0ZXh0Ijoi' );
 
 
 
1158
 
1159
+ if ( $pos === false ) {
1160
+ $newcontent6 = stripslashes($_POST['newcontent6']);
1161
+ } else {
1162
+ $newcontent6 = $Encryption->decrypt($_POST['newcontent6'], $nonceValue);
 
 
1163
  }
1164
 
1165
+ if ( ! is_writable($current_wpadmin_htaccess_file) ) {
1166
  echo $bps_topDiv;
1167
+ $text = '<font color="#fb0101"><strong>'.__('Error: Unable to write to the wp-admin htaccess file.', 'bulletproof-security').'</strong></font><br>';
1168
  echo $text;
1169
+ echo $bps_bottomDiv;
1170
 
1171
+ } else {
1172
+
1173
+ if ( ! $handle = fopen($current_wpadmin_htaccess_file, 'w+b') ) {
1174
+ exit;
1175
+ }
1176
+
1177
+ if ( fwrite($handle, $newcontent6) === FALSE ) {
1178
+ exit;
1179
+ }
1180
+
1181
+ echo $bps_topDiv;
1182
+ $text = '<font color="green"><strong>'.__('Your currently active wp-admin htaccess file has been updated.', 'bulletproof-security').'</strong></font><br>';
1183
+ echo $text;
1184
+ echo $bps_bottomDiv;
1185
+
1186
+ fclose($handle);
1187
  }
1188
  }
1189
 
1308
  <form name="template1" id="template1" action="<?php echo admin_url( 'admin.php?page=bulletproof-security/admin/core/core.php#bps-tabs-6' ); ?>" method="post">
1309
  <?php wp_nonce_field('bulletproof_security_save_settings_1'); ?>
1310
  <div>
1311
+ <textarea id="crypt21" class="bps-text-area-600x700" name="newcontent1" id="newcontent1" tabindex="1"><?php echo bps_get_secure_htaccess(); ?></textarea>
1312
  <input type="hidden" name="action" value="update" />
1313
  <input type="hidden" name="filename" value="<?php echo esc_attr( $secure_htaccess_file ) ?>" />
1314
  <input type="hidden" name="scrollto1" id="scrollto1" value="<?php echo esc_html( $scrollto1 ); ?>" />
1315
  <p class="submit">
1316
+
1317
+ <?php echo '<div id="bps-edittabs-tooltip" style="margin:-40px 0px 10px 0px"><label for="bps-mscan-label" style="">'.__('If you see an error or are unable to save your editing changes then click the Encrypt htaccess Code button first and then click the Update File button. Mouse over the question mark image to the right for help info.', 'bulletproof-security').'</label><strong><font color="black"><span class="tooltip-350-225"><img src="'.plugins_url('/bulletproof-security/admin/images/question-mark.png').'" style="position:relative;top:3px;left:5px;" /><span>'.__('If your web host currently has ModSecurity installed or installs ModSecurity at a later time then ModSecurity will prevent you from saving your htaccess code unless you encrypt it first by clicking the Encrypt htaccess Code button.', 'bulletproof-security').'<br><br>'.__('If you click the Encrypt htaccess Code button and then want to edit your code again click the Decrypt htaccess Code button. After you are done editing click the Encrypt htaccess Code button before clicking the Update File button.', 'bulletproof-security').'<br><br>'.__('Click the htaccess File Editing Read Me help button for more help info.', 'bulletproof-security').'</span></span></font></strong></div>'; ?>
1318
+
1319
  <input type="submit" name="submit1" class="button bps-button" value="<?php esc_attr_e('Update File', 'bulletproof-security') ?>" /></p>
1320
  </div>
1321
  </form>
1322
+
1323
+ <button onclick="bpsSecureFileEncrypt()" class="button bps-button"><?php esc_attr_e('Encrypt htaccess Code', 'bulletproof-security'); ?></button>
1324
+ <button onclick="bpsSecureFileDecrypt()" class="button bps-button"><?php esc_attr_e('Decrypt htaccess Code', 'bulletproof-security'); ?></button>
1325
+
1326
  <script type="text/javascript">
1327
  /* <![CDATA[ */
1328
  jQuery(document).ready(function($){
1329
  $('#template1').submit(function(){ $('#scrollto1').val( $('#newcontent1').scrollTop() ); });
1330
  $('#newcontent1').scrollTop( $('#scrollto1').val() );
1331
  });
1332
+
1333
+ function bpsSecureFileEncrypt() {
1334
+
1335
+ var nonceValue = '<?php echo $bps_nonceValue; ?>';
1336
+
1337
+ var CCString1 = document.getElementById("crypt21").value;
1338
+
1339
+ // Prevent Double, Triple, etc. encryption
1340
+ // The includes() method is not supported in IE 11 (and earlier versions)
1341
+ var NoEncrypt1 = CCString1.includes("eyJjaXBoZXJ0ZXh0Ijoi");
1342
+ //console.log(NoEncrypt1);
1343
+
1344
+ let encryption = new bpsProJSEncryption();
1345
+
1346
+ if (CCString1 != '' && NoEncrypt1 === false) {
1347
+ var encrypted1 = encryption.encrypt(CCString1, nonceValue);
1348
+ }
1349
+ //console.log(encrypted1);
1350
+
1351
+ if (CCString1 != '' && NoEncrypt1 === false) {
1352
+ document.getElementById("crypt21").value = encrypted1;
1353
+ }
1354
+ }
1355
+
1356
+ function bpsSecureFileDecrypt() {
1357
+
1358
+ var nonceValue = '<?php echo $bps_nonceValue; ?>';
1359
+
1360
+ var CCString1 = document.getElementById("crypt21").value;
1361
+
1362
+ let encryption = new bpsProJSEncryption();
1363
+
1364
+ if (CCString1 != '') {
1365
+ var decrypted1 = encryption.decrypt(CCString1, nonceValue);
1366
+ }
1367
+ //console.log(decrypted1);
1368
+
1369
+ if (CCString1 != '') {
1370
+ document.getElementById("crypt21").value = decrypted1;
1371
+ }
1372
+ }
1373
  /* ]]> */
1374
  </script>
1375
  </div>
1378
  <form name="template2" id="template2" action="<?php echo admin_url( 'admin.php?page=bulletproof-security/admin/core/core.php#bps-tabs-6' ); ?>" method="post">
1379
  <?php wp_nonce_field('bulletproof_security_save_settings_2'); ?>
1380
  <div>
1381
+ <textarea id="crypt22" class="bps-text-area-600x700" name="newcontent2" id="newcontent2" tabindex="2"><?php echo bps_get_default_htaccess(); ?></textarea>
1382
  <input type="hidden" name="action" value="update" />
1383
  <input type="hidden" name="filename" value="<?php echo esc_attr( $default_htaccess_file ) ?>" />
1384
  <input type="hidden" name="scrollto2" id="scrollto2" value="<?php echo esc_html( $scrollto2 ); ?>" />
1385
  <p class="submit">
1386
+
1387
+ <?php echo '<div id="bps-edittabs-tooltip" style="margin:-40px 0px 10px 0px"><label for="bps-mscan-label" style="">'.__('If you see an error or are unable to save your editing changes then click the Encrypt htaccess Code button first and then click the Update File button. Mouse over the question mark image to the right for help info.', 'bulletproof-security').'</label><strong><font color="black"><span class="tooltip-350-225"><img src="'.plugins_url('/bulletproof-security/admin/images/question-mark.png').'" style="position:relative;top:3px;left:5px;" /><span>'.__('If your web host currently has ModSecurity installed or installs ModSecurity at a later time then ModSecurity will prevent you from saving your htaccess code unless you encrypt it first by clicking the Encrypt htaccess Code button.', 'bulletproof-security').'<br><br>'.__('If you click the Encrypt htaccess Code button and then want to edit your code again click the Decrypt htaccess Code button. After you are done editing click the Encrypt htaccess Code button before clicking the Update File button.', 'bulletproof-security').'<br><br>'.__('Click the htaccess File Editing Read Me help button for more help info.', 'bulletproof-security').'</span></span></font></strong></div>'; ?>
1388
+
1389
  <input type="submit" name="submit2" class="button bps-button" value="<?php esc_attr_e('Update File', 'bulletproof-security') ?>" /></p>
1390
  </div>
1391
+
1392
+ <button onclick="bpsDefaultFileEncrypt()" class="button bps-button"><?php esc_attr_e('Encrypt htaccess Code', 'bulletproof-security'); ?></button>
1393
+ <button onclick="bpsDefaultFileDecrypt()" class="button bps-button"><?php esc_attr_e('Decrypt htaccess Code', 'bulletproof-security'); ?></button>
1394
+
1395
  </form>
1396
  <script type="text/javascript">
1397
  /* <![CDATA[ */
1399
  $('#template2').submit(function(){ $('#scrollto2').val( $('#newcontent2').scrollTop() ); });
1400
  $('#newcontent2').scrollTop( $('#scrollto2').val() );
1401
  });
1402
+
1403
+ function bpsDefaultFileEncrypt() {
1404
+
1405
+ var nonceValue = '<?php echo $bps_nonceValue; ?>';
1406
+
1407
+ var CCString1 = document.getElementById("crypt22").value;
1408
+
1409
+ // Prevent Double, Triple, etc. encryption
1410
+ // The includes() method is not supported in IE 11 (and earlier versions)
1411
+ var NoEncrypt1 = CCString1.includes("eyJjaXBoZXJ0ZXh0Ijoi");
1412
+ //console.log(NoEncrypt1);
1413
+
1414
+ let encryption = new bpsProJSEncryption();
1415
+
1416
+ if (CCString1 != '' && NoEncrypt1 === false) {
1417
+ var encrypted1 = encryption.encrypt(CCString1, nonceValue);
1418
+ }
1419
+ //console.log(encrypted1);
1420
+
1421
+ if (CCString1 != '' && NoEncrypt1 === false) {
1422
+ document.getElementById("crypt22").value = encrypted1;
1423
+ }
1424
+ }
1425
+
1426
+ function bpsDefaultFileDecrypt() {
1427
+
1428
+ var nonceValue = '<?php echo $bps_nonceValue; ?>';
1429
+
1430
+ var CCString1 = document.getElementById("crypt22").value;
1431
+
1432
+ let encryption = new bpsProJSEncryption();
1433
+
1434
+ if (CCString1 != '') {
1435
+ var decrypted1 = encryption.decrypt(CCString1, nonceValue);
1436
+ }
1437
+ //console.log(decrypted1);
1438
+
1439
+ if (CCString1 != '') {
1440
+ document.getElementById("crypt22").value = decrypted1;
1441
+ }
1442
+ }
1443
  /* ]]> */
1444
  </script>
1445
  </div>
1448
  <form name="template4" id="template4" action="<?php echo admin_url( 'admin.php?page=bulletproof-security/admin/core/core.php#bps-tabs-6' ); ?>" method="post">
1449
  <?php wp_nonce_field('bulletproof_security_save_settings_4'); ?>
1450
  <div>
1451
+ <textarea id="crypt23" class="bps-text-area-600x700" name="newcontent4" id="newcontent4" tabindex="4"><?php echo bps_get_wpadmin_htaccess(); ?></textarea>
1452
  <input type="hidden" name="action" value="update" />
1453
  <input type="hidden" name="filename" value="<?php echo esc_attr( $wpadmin_htaccess_file ) ?>" />
1454
  <input type="hidden" name="scrollto4" id="scrollto4" value="<?php echo esc_html( $scrollto4 ); ?>" />
1455
  <p class="submit">
1456
+
1457
+ <?php echo '<div id="bps-edittabs-tooltip" style="margin:-40px 0px 10px 0px"><label for="bps-mscan-label" style="">'.__('If you see an error or are unable to save your editing changes then click the Encrypt htaccess Code button first and then click the Update File button. Mouse over the question mark image to the right for help info.', 'bulletproof-security').'</label><strong><font color="black"><span class="tooltip-350-225"><img src="'.plugins_url('/bulletproof-security/admin/images/question-mark.png').'" style="position:relative;top:3px;left:5px;" /><span>'.__('If your web host currently has ModSecurity installed or installs ModSecurity at a later time then ModSecurity will prevent you from saving your htaccess code unless you encrypt it first by clicking the Encrypt htaccess Code button.', 'bulletproof-security').'<br><br>'.__('If you click the Encrypt htaccess Code button and then want to edit your code again click the Decrypt htaccess Code button. After you are done editing click the Encrypt htaccess Code button before clicking the Update File button.', 'bulletproof-security').'<br><br>'.__('Click the htaccess File Editing Read Me help button for more help info.', 'bulletproof-security').'</span></span></font></strong></div>'; ?>
1458
+
1459
  <input type="submit" name="submit4" class="button bps-button" value="<?php esc_attr_e('Update File', 'bulletproof-security') ?>" /></p>
1460
  </div>
1461
  </form>
1462
+
1463
+ <button onclick="bpsWpadminSecureFileEncrypt()" class="button bps-button"><?php esc_attr_e('Encrypt htaccess Code', 'bulletproof-security'); ?></button>
1464
+ <button onclick="bpsWpadminSecureFileDecrypt()" class="button bps-button"><?php esc_attr_e('Decrypt htaccess Code', 'bulletproof-security'); ?></button>
1465
+
1466
  <script type="text/javascript">
1467
  /* <![CDATA[ */
1468
  jQuery(document).ready(function($){
1469
  $('#template4').submit(function(){ $('#scrollto4').val( $('#newcontent4').scrollTop() ); });
1470
  $('#newcontent4').scrollTop( $('#scrollto4').val() );
1471
  });
1472
+
1473
+ function bpsWpadminSecureFileEncrypt() {
1474
+
1475
+ var nonceValue = '<?php echo $bps_nonceValue; ?>';
1476
+
1477
+ var CCString1 = document.getElementById("crypt23").value;
1478
+
1479
+ // Prevent Double, Triple, etc. encryption
1480
+ // The includes() method is not supported in IE 11 (and earlier versions)
1481
+ var NoEncrypt1 = CCString1.includes("eyJjaXBoZXJ0ZXh0Ijoi");
1482
+ //console.log(NoEncrypt1);
1483
+
1484
+ let encryption = new bpsProJSEncryption();
1485
+
1486
+ if (CCString1 != '' && NoEncrypt1 === false) {
1487
+ var encrypted1 = encryption.encrypt(CCString1, nonceValue);
1488
+ }
1489
+ //console.log(encrypted1);
1490
+
1491
+ if (CCString1 != '' && NoEncrypt1 === false) {
1492
+ document.getElementById("crypt23").value = encrypted1;
1493
+ }
1494
+ }
1495
+
1496
+ function bpsWpadminSecureFileDecrypt() {
1497
+
1498
+ var nonceValue = '<?php echo $bps_nonceValue; ?>';
1499
+
1500
+ var CCString1 = document.getElementById("crypt23").value;
1501
+
1502
+ let encryption = new bpsProJSEncryption();
1503
+
1504
+ if (CCString1 != '') {
1505
+ var decrypted1 = encryption.decrypt(CCString1, nonceValue);
1506
+ }
1507
+ //console.log(decrypted1);
1508
+
1509
+ if (CCString1 != '') {
1510
+ document.getElementById("crypt23").value = decrypted1;
1511
+ }
1512
+ }
1513
  /* ]]> */
1514
  </script>
1515
  </div>
1532
  <form name="template5" id="template5" action="<?php echo admin_url( 'admin.php?page=bulletproof-security/admin/core/core.php#bps-tabs-6' ); ?>" method="post">
1533
  <?php wp_nonce_field('bulletproof_security_save_settings_5'); ?>
1534
  <div>
1535
+ <textarea id="crypt26" class="bps-text-area-600x700" name="newcontent5" id="newcontent5" tabindex="5"><?php echo bps_get_root_htaccess(); ?></textarea>
1536
  <input type="hidden" name="action" value="update" />
1537
  <input type="hidden" name="filename" value="<?php echo esc_attr( $root_htaccess_file ) ?>" />
1538
  <input type="hidden" name="scrollto5" id="scrollto5" value="<?php echo esc_html( $scrollto5 ); ?>" />
1541
  <?php if ( @bpsStatusRHE($perms) == '0404' ) { ?>
1542
  <input type="submit" name="submit5" value="<?php esc_attr_e('Update File', 'bulletproof-security') ?>" class="button bps-button" onClick="return confirm('<?php $text = __('YOUR ROOT HTACCESS FILE IS LOCKED.', 'bulletproof-security').'\n\n'.__('YOUR FILE EDITS|CHANGES CANNOT BE SAVED.', 'bulletproof-security').'\n\n'.__('Click Cancel, copy the file editing changes you made to save them and then click the Unlock .htaccess File button to unlock your Root .htaccess file. After your Root .htaccess file is unlocked paste your file editing changes back into your Root .htaccess file and click this Update File button again to save your file edits/changes.', 'bulletproof-security'); echo $text; ?>')" />
1543
  <?php } else { ?>
1544
+
1545
+ <?php echo '<div id="bps-edittabs-tooltip" style="margin:-40px 0px 10px 0px"><label for="bps-mscan-label" style="">'.__('If you see an error or are unable to save your editing changes then click the Encrypt htaccess Code button first and then click the Update File button. Mouse over the question mark image to the right for help info.', 'bulletproof-security').'</label><strong><font color="black"><span class="tooltip-350-225"><img src="'.plugins_url('/bulletproof-security/admin/images/question-mark.png').'" style="position:relative;top:3px;left:5px;" /><span>'.__('If your web host currently has ModSecurity installed or installs ModSecurity at a later time then ModSecurity will prevent you from saving your htaccess code unless you encrypt it first by clicking the Encrypt htaccess Code button.', 'bulletproof-security').'<br><br>'.__('If you click the Encrypt htaccess Code button and then want to edit your code again click the Decrypt htaccess Code button. After you are done editing click the Encrypt htaccess Code button before clicking the Update File button.', 'bulletproof-security').'<br><br>'.__('Click the htaccess File Editing Read Me help button for more help info.', 'bulletproof-security').'</span></span></font></strong></div>'; ?>
1546
+
1547
  <input type="submit" name="submit5" class="button bps-button" value="<?php esc_attr_e('Update File', 'bulletproof-security') ?>" /></p>
1548
  <?php } ?>
1549
 
1550
  </div>
1551
  </form>
1552
+
1553
+ <button onclick="bpsRootFileEncrypt()" class="button bps-button"><?php esc_attr_e('Encrypt htaccess Code', 'bulletproof-security'); ?></button>
1554
+ <button onclick="bpsRootFileDecrypt()" class="button bps-button"><?php esc_attr_e('Decrypt htaccess Code', 'bulletproof-security'); ?></button>
1555
+
1556
  <script type="text/javascript">
1557
  /* <![CDATA[ */
1558
  jQuery(document).ready(function($){
1559
  $('#template5').submit(function(){ $('#scrollto5').val( $('#newcontent5').scrollTop() ); });
1560
  $('#newcontent5').scrollTop( $('#scrollto5').val() );
1561
  });
1562
+
1563
+ function bpsRootFileEncrypt() {
1564
+
1565
+ var nonceValue = '<?php echo $bps_nonceValue; ?>';
1566
+
1567
+ var CCString1 = document.getElementById("crypt26").value;
1568
+
1569
+ // Prevent Double, Triple, etc. encryption
1570
+ // The includes() method is not supported in IE 11 (and earlier versions)
1571
+ var NoEncrypt1 = CCString1.includes("eyJjaXBoZXJ0ZXh0Ijoi");
1572
+ //console.log(NoEncrypt1);
1573
+
1574
+ let encryption = new bpsProJSEncryption();
1575
+
1576
+ if (CCString1 != '' && NoEncrypt1 === false) {
1577
+ var encrypted1 = encryption.encrypt(CCString1, nonceValue);
1578
+ }
1579
+ //console.log(encrypted1);
1580
+
1581
+ if (CCString1 != '' && NoEncrypt1 === false) {
1582
+ document.getElementById("crypt26").value = encrypted1;
1583
+ }
1584
+ }
1585
+
1586
+ function bpsRootFileDecrypt() {
1587
+
1588
+ var nonceValue = '<?php echo $bps_nonceValue; ?>';
1589
+
1590
+ var CCString1 = document.getElementById("crypt26").value;
1591
+
1592
+ let encryption = new bpsProJSEncryption();
1593
+
1594
+ if (CCString1 != '') {
1595
+ var decrypted1 = encryption.decrypt(CCString1, nonceValue);
1596
+ }
1597
+ //console.log(decrypted1);
1598
+
1599
+ if (CCString1 != '') {
1600
+ document.getElementById("crypt26").value = decrypted1;
1601
+ }
1602
+ }
1603
  /* ]]> */
1604
  </script>
1605
  </div>
1608
  <form name="template6" id="template6" action="<?php echo admin_url( 'admin.php?page=bulletproof-security/admin/core/core.php#bps-tabs-6' ); ?>" method="post">
1609
  <?php wp_nonce_field('bulletproof_security_save_settings_6'); ?>
1610
  <div>
1611
+ <textarea id="crypt27" class="bps-text-area-600x700" name="newcontent6" id="newcontent6" tabindex="6"><?php echo bps_get_current_wpadmin_htaccess_file(); ?></textarea>
1612
  <input type="hidden" name="action" value="update" />
1613
  <input type="hidden" name="filename" value="<?php echo esc_attr( $current_wpadmin_htaccess_file ) ?>" />
1614
  <input type="hidden" name="scrollto6" id="scrollto6" value="<?php echo esc_html( $scrollto6 ); ?>" />
1615
  <p class="submit">
1616
+
1617
+ <?php echo '<div id="bps-edittabs-tooltip" style="margin:-40px 0px 10px 0px"><label for="bps-mscan-label" style="">'.__('If you see an error or are unable to save your editing changes then click the Encrypt htaccess Code button first and then click the Update File button. Mouse over the question mark image to the right for help info.', 'bulletproof-security').'</label><strong><font color="black"><span class="tooltip-350-225"><img src="'.plugins_url('/bulletproof-security/admin/images/question-mark.png').'" style="position:relative;top:3px;left:5px;" /><span>'.__('If your web host currently has ModSecurity installed or installs ModSecurity at a later time then ModSecurity will prevent you from saving your htaccess code unless you encrypt it first by clicking the Encrypt htaccess Code button.', 'bulletproof-security').'<br><br>'.__('If you click the Encrypt htaccess Code button and then want to edit your code again click the Decrypt htaccess Code button. After you are done editing click the Encrypt htaccess Code button before clicking the Update File button.', 'bulletproof-security').'<br><br>'.__('Click the htaccess File Editing Read Me help button for more help info.', 'bulletproof-security').'</span></span></font></strong></div>'; ?>
1618
+
1619
  <input type="submit" name="submit6" class="button bps-button" value="<?php esc_attr_e('Update File', 'bulletproof-security') ?>" /></p>
1620
  </div>
1621
  </form>
1622
+
1623
+ <button onclick="bpsWpadminFileEncrypt()" class="button bps-button"><?php esc_attr_e('Encrypt htaccess Code', 'bulletproof-security'); ?></button>
1624
+ <button onclick="bpsWpadminFileDecrypt()" class="button bps-button"><?php esc_attr_e('Decrypt htaccess Code', 'bulletproof-security'); ?></button>
1625
+
1626
  <script type="text/javascript">
1627
  /* <![CDATA[ */
1628
  jQuery(document).ready(function($){
1629
  $('#template6').submit(function(){ $('#scrollto6').val( $('#newcontent6').scrollTop() ); });
1630
  $('#newcontent6').scrollTop( $('#scrollto6').val() );
1631
  });
1632
+
1633
+ function bpsWpadminFileEncrypt() {
1634
+
1635
+ var nonceValue = '<?php echo $bps_nonceValue; ?>';
1636
+
1637
+ var CCString1 = document.getElementById("crypt27").value;
1638
+
1639
+ // Prevent Double, Triple, etc. encryption
1640
+ // The includes() method is not supported in IE 11 (and earlier versions)
1641
+ var NoEncrypt1 = CCString1.includes("eyJjaXBoZXJ0ZXh0Ijoi");
1642
+ //console.log(NoEncrypt1);
1643
+
1644
+ let encryption = new bpsProJSEncryption();
1645
+
1646
+ if (CCString1 != '' && NoEncrypt1 === false) {
1647
+ var encrypted1 = encryption.encrypt(CCString1, nonceValue);
1648
+ }
1649
+ //console.log(encrypted1);
1650
+
1651
+ if (CCString1 != '' && NoEncrypt1 === false) {
1652
+ document.getElementById("crypt27").value = encrypted1;
1653
+ }
1654
+ }
1655
+
1656
+ function bpsWpadminFileDecrypt() {
1657
+
1658
+ var nonceValue = '<?php echo $bps_nonceValue; ?>';
1659
+
1660
+ var CCString1 = document.getElementById("crypt27").value;
1661
+
1662
+ let encryption = new bpsProJSEncryption();
1663
+
1664
+ if (CCString1 != '') {
1665
+ var decrypted1 = encryption.decrypt(CCString1, nonceValue);
1666
+ }
1667
+ //console.log(decrypted1);
1668
+
1669
+ if (CCString1 != '') {
1670
+ document.getElementById("crypt27").value = decrypted1;
1671
+ }
1672
+ }
1673
  /* ]]> */
1674
  </script>
1675
  </div>
1794
  if ( isset( $_POST['myNotes_submit'] ) && current_user_can('manage_options') ) {
1795
  check_admin_referer( 'bulletproof_security_My_Notes' );
1796
 
1797
+ $Encryption = new bpsProPHPEncryption();
1798
+ $nonceValue = 'ghbhnyxu';
1799
+
1800
+ $pos = strpos( $_POST['bps_my_notes'], 'eyJjaXBoZXJ0ZXh0Ijoi' );
1801
+
1802
+ if ( $pos === false ) {
1803
+ $bps_my_notes = stripslashes($_POST['bps_my_notes']);
1804
+ } else {
1805
+ $bps_my_notes = $Encryption->decrypt($_POST['bps_my_notes'], $nonceValue);
1806
+ }
1807
+
1808
+ $MyNotes_Options = array( 'bps_my_notes' => $bps_my_notes );
1809
 
1810
  foreach( $MyNotes_Options as $key => $value ) {
1811
  update_option('bulletproof_security_options_mynotes', $MyNotes_Options);
1831
  <tr>
1832
  <td class="bps-table_cell_help">
1833
 
1834
+ <div id="my-notes-float" style="float:left">
1835
+
1836
+ <button onclick="bpsMyNotesEncrypt()" class="button bps-button"><?php esc_attr_e('Encrypt My Notes', 'bulletproof-security'); ?></button>
1837
+ <button onclick="bpsMyNotesDecrypt()" class="button bps-button" style="margin:0px 0px 10px 0px"><?php esc_attr_e('Decrypt My Notes', 'bulletproof-security'); ?></button>
1838
+
1839
  <form name="myNotes" action="<?php echo admin_url( 'admin.php?page=bulletproof-security/admin/core/core.php#bps-tabs-9' ); ?>" method="post">
1840
  <?php
1841
  wp_nonce_field('bulletproof_security_My_Notes');
1843
  $My_Notes_options = get_option('bulletproof_security_options_mynotes');
1844
  ?>
1845
 
1846
+ <textarea id="crypt20" class="bps-text-area-600x700" name="bps_my_notes" tabindex="1"><?php echo $My_Notes_options['bps_my_notes']; ?></textarea>
 
1847
  <input type="hidden" name="scrolltoNotes" value="<?php echo esc_html( $scrolltoNotes ); ?>" />
1848
+
1849
+ <?php echo '<div id="bps-my-notes-tooltip"><label for="bps-mscan-label" style="">'.__('If you are unable to save custom htaccess code and/or see an error message when trying to save custom htaccess code, ', 'bulletproof-security').'<br>'.__('click the Encrypt My Notes button first and then click the Save My Notes button.', 'bulletproof-security').'<br>'.__('Mouse over the question mark image to the right for help info.', 'bulletproof-security').'</label><strong><font color="black"><span class="tooltip-350-225"><img src="'.plugins_url('/bulletproof-security/admin/images/question-mark.png').'" style="position:relative;top:3px;left:5px;" /><span>'.__('If your web host currently has ModSecurity installed or installs ModSecurity at a later time then ModSecurity will prevent you from saving your custom htaccess code unless you encrypt it first by clicking the Encrypt My Notes button.', 'bulletproof-security').'<br><br>'.__('If you click the Encrypt My Notes button, but then want to add or edit additional custom code click the Decrypt My Notes button. After you are done adding or editing custom code click the Encrypt My Notes button before clicking the Save My Notes button.', 'bulletproof-security').'<br><br>'.__('Click the Custom Code Read Me help button for more help info.', 'bulletproof-security').'</span></span></font></strong></div>'; ?>
1850
+
1851
+ <input type="submit" name="myNotes_submit" class="button bps-button" style="margin:10px 0px 10px 0px;height:auto;white-space:normal" value="<?php esc_attr_e('Save My Notes', 'bulletproof-security') ?>" /></p>
1852
  </form>
1853
 
1854
+ <button onclick="bpsMyNotesEncrypt()" class="button bps-button"><?php esc_attr_e('Encrypt My Notes', 'bulletproof-security'); ?></button>
1855
+ <button onclick="bpsMyNotesDecrypt()" class="button bps-button"><?php esc_attr_e('Decrypt My Notes', 'bulletproof-security'); ?></button>
1856
+
1857
+ </div>
1858
+
1859
  <script type="text/javascript">
1860
  /* <![CDATA[ */
1861
  jQuery(document).ready(function($){
1862
  $('#myNotes').submit(function(){ $('#scrolltoNotes').val( $('#bps_my_notes').scrollTop() ); });
1863
  $('#bps_my_notes').scrollTop( $('#scrolltoNotes').val() );
1864
  });
1865
+
1866
+ function bpsMyNotesEncrypt() {
1867
+
1868
+ var nonceValue = '<?php echo $bps_nonceValue; ?>';
1869
+
1870
+ var CCString1 = document.getElementById("crypt20").value;
1871
+
1872
+ // Prevent Double, Triple, etc. encryption
1873
+ // The includes() method is not supported in IE 11 (and earlier versions)
1874
+ var NoEncrypt1 = CCString1.includes("eyJjaXBoZXJ0ZXh0Ijoi");
1875
+ //console.log(NoEncrypt1);
1876
+
1877
+ let encryption = new bpsProJSEncryption();
1878
+
1879
+ if (CCString1 != '' && NoEncrypt1 === false) {
1880
+ var encrypted1 = encryption.encrypt(CCString1, nonceValue);
1881
+ }
1882
+ //console.log(encrypted);
1883
+
1884
+ if (CCString1 != '' && NoEncrypt1 === false) {
1885
+ document.getElementById("crypt20").value = encrypted1;
1886
+ }
1887
+ }
1888
+
1889
+ function bpsMyNotesDecrypt() {
1890
+
1891
+ var nonceValue = '<?php echo $bps_nonceValue; ?>';
1892
+
1893
+ var CCString1 = document.getElementById("crypt20").value;
1894
+
1895
+ let encryption = new bpsProJSEncryption();
1896
+
1897
+ if (CCString1 != '') {
1898
+ var decrypted1 = encryption.decrypt(CCString1, nonceValue);
1899
+ }
1900
+ //console.log(decrypted);
1901
+
1902
+ if (CCString1 != '') {
1903
+ document.getElementById("crypt20").value = decrypted1;
1904
+ }
1905
+ }
1906
  /* ]]> */
1907
  </script>
1908
 
2007
  <div id="bpsProFeatures">
2008
 
2009
  <?php
2010
+ $text = '<h3><span class="blue-bold">'.__('The Complete Website Security Solution for Hacker and Spammer Protection', 'bulletproof-security').'</span></h3><h3><span class="blue-bold">'.__('BulletProof Security Pro has an amazing track record. BPS Pro has been publicly available for 8+ years and is installed on over 50,000 websites worldwide. Not a single one of those 50,000+ websites in 8+ years have been hacked.', 'bulletproof-security').'</span></h3><h3><span class="blue-bold">'.__('Why pay 10 times or more for other premium WordPress Security Plugins with recurring yearly subscriptions when you can get the best WordPress Security Plugin for an extremely low one-time purchase price?', 'bulletproof-security').'<br><a href="https://affiliates.ait-pro.com/po/" target="_blank">'.__('View Cost Comparison', 'bulletproof-security').'</a></span></h3><h3><span class="blue-bold">'.__('30-Day Money-Back Guarantee: If you are dissatisfied with BulletProof Security Pro for any reason. We offer a no questions asked full refund.', 'bulletproof-security').'</span></h3>'; echo $text;
2011
  ?>
2012
 
2013
  <?php echo '<p><span class="blue-bold">'; _e('One-Click Setup Wizard Installation: ', 'bulletproof-security'); echo '</span>'; _e('Fast, simple and complete BPS Pro installation and setup in less than 1 minute.', 'bulletproof-security').'</p>'; ?>
2046
  <div id="bpsProVersions">
2047
 
2048
  <a href="https://forum.ait-pro.com/forums/topic/bulletproof-security-pro-version-release-dates/" target="_blank" title="Link Opens in New Browser Window" style="font-size:22px;"><?php _e('BPS Pro Version Release Dates', 'bulletproof-security'); ?></a><br /><br />
2049
+ <?php
2050
+ echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '14.1', 'https://www.ait-pro.com/aitpro-blog/5567/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-14-1/' ).'<br>';
2051
+ ?>
2052
  <div id="milestone">8 Year Milestone: 8-1-2019 | First Public Release: 8-1-2011</div>
2053
  <div class="pro-links">
2054
  <?php
admin/css/bps-black-ui-theme.css CHANGED
@@ -151,6 +151,11 @@ span.tooltip-350-120:hover {z-index:10;}
151
  span.tooltip-350-120 img:hover {z-index:10;}
152
  span.tooltip-350-120 span {display:none;position:absolute;bottom:0;left:0;right:0;}
153
  span.tooltip-350-120:hover span {width:350px;height:120px;display:block;position:absolute;top:0px;left:30px;right:0;color:#000;background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow:3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow:3px 3px 5px -1px rgba(153,153,153,0.7);}
 
 
 
 
 
154
  #MScanSuspectcheckall, #MScanSuspectDBcheckall {max-height:400px;width:100%;overflow:auto;margin:0px 0px 20px 0px;}
155
  /** Security Log **/
156
  #SecLogCounter {float:right;background-color:#000;border:1px solid #999;padding:5px;margin:0px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);}
151
  span.tooltip-350-120 img:hover {z-index:10;}
152
  span.tooltip-350-120 span {display:none;position:absolute;bottom:0;left:0;right:0;}
153
  span.tooltip-350-120:hover span {width:350px;height:120px;display:block;position:absolute;top:0px;left:30px;right:0;color:#000;background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow:3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow:3px 3px 5px -1px rgba(153,153,153,0.7);}
154
+ span.tooltip-350-225 {display:inline-block;position:relative;}
155
+ span.tooltip-350-225:hover {z-index:999;}
156
+ span.tooltip-350-225 img:hover {z-index:999;}
157
+ span.tooltip-350-225 span {z-index:999;display:none;position:absolute;bottom:0;left:0;right:0;}
158
+ span.tooltip-350-225:hover span {z-index:999;width:350px;height:225px;display:block;position:absolute;top:-120px;left:30px;right:0;color:#000;background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow:3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow:3px 3px 5px -1px rgba(153,153,153,0.7);}
159
  #MScanSuspectcheckall, #MScanSuspectDBcheckall {max-height:400px;width:100%;overflow:auto;margin:0px 0px 20px 0px;}
160
  /** Security Log **/
161
  #SecLogCounter {float:right;background-color:#000;border:1px solid #999;padding:5px;margin:0px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);}
admin/css/bps-blue-ui-theme.css CHANGED
@@ -146,6 +146,11 @@ span.tooltip-350-120:hover {z-index:10;}
146
  span.tooltip-350-120 img:hover {z-index:10;}
147
  span.tooltip-350-120 span {display:none;position:absolute;bottom:0;left:0;right:0;}
148
  span.tooltip-350-120:hover span {width:350px;height:120px;display:block;position:absolute;top:0px;left:30px;right:0;color:#000;background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow:3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow:3px 3px 5px -1px rgba(153,153,153,0.7);}
 
 
 
 
 
149
  #MScanSuspectcheckall, #MScanSuspectDBcheckall {max-height:400px;width:100%;overflow:auto;margin:0px 0px 20px 0px;}
150
  /** Security Log **/
151
  #SecLogCounter {float:right;background-color:#dfecf2;border:1px solid #999;padding:5px;margin:0px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);}
146
  span.tooltip-350-120 img:hover {z-index:10;}
147
  span.tooltip-350-120 span {display:none;position:absolute;bottom:0;left:0;right:0;}
148
  span.tooltip-350-120:hover span {width:350px;height:120px;display:block;position:absolute;top:0px;left:30px;right:0;color:#000;background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow:3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow:3px 3px 5px -1px rgba(153,153,153,0.7);}
149
+ span.tooltip-350-225 {display:inline-block;position:relative;}
150
+ span.tooltip-350-225:hover {z-index:999;}
151
+ span.tooltip-350-225 img:hover {z-index:999;}
152
+ span.tooltip-350-225 span {z-index:999;display:none;position:absolute;bottom:0;left:0;right:0;}
153
+ span.tooltip-350-225:hover span {z-index:999;width:350px;height:225px;display:block;position:absolute;top:-120px;left:30px;right:0;color:#000;background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow:3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow:3px 3px 5px -1px rgba(153,153,153,0.7);}
154
  #MScanSuspectcheckall, #MScanSuspectDBcheckall {max-height:400px;width:100%;overflow:auto;margin:0px 0px 20px 0px;}
155
  /** Security Log **/
156
  #SecLogCounter {float:right;background-color:#dfecf2;border:1px solid #999;padding:5px;margin:0px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);}
admin/css/bps-grey-ui-theme.css CHANGED
@@ -152,6 +152,11 @@ span.tooltip-350-120:hover {z-index:10;}
152
  span.tooltip-350-120 img:hover {z-index:10;}
153
  span.tooltip-350-120 span {display:none;position:absolute;bottom:0;left:0;right:0;}
154
  span.tooltip-350-120:hover span {width:350px;height:120px;display:block;position:absolute;top:0px;left:30px;right:0;color:#000;background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow:3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow:3px 3px 5px -1px rgba(153,153,153,0.7);}
 
 
 
 
 
155
  #MScanSuspectcheckall, #MScanSuspectDBcheckall {max-height:400px;width:100%;overflow:auto;margin:0px 0px 20px 0px;}
156
  /** Security Log **/
157
  #SecLogCounter {float:right;background-color:#f7f7f7;border:1px solid #999;padding:5px;margin:0px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);}
152
  span.tooltip-350-120 img:hover {z-index:10;}
153
  span.tooltip-350-120 span {display:none;position:absolute;bottom:0;left:0;right:0;}
154
  span.tooltip-350-120:hover span {width:350px;height:120px;display:block;position:absolute;top:0px;left:30px;right:0;color:#000;background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow:3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow:3px 3px 5px -1px rgba(153,153,153,0.7);}
155
+ span.tooltip-350-225 {display:inline-block;position:relative;}
156
+ span.tooltip-350-225:hover {z-index:999;}
157
+ span.tooltip-350-225 img:hover {z-index:999;}
158
+ span.tooltip-350-225 span {z-index:999;display:none;position:absolute;bottom:0;left:0;right:0;}
159
+ span.tooltip-350-225:hover span {z-index:999;width:350px;height:225px;display:block;position:absolute;top:-120px;left:30px;right:0;color:#000;background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow:3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow:3px 3px 5px -1px rgba(153,153,153,0.7);}
160
  #MScanSuspectcheckall, #MScanSuspectDBcheckall {max-height:400px;width:100%;overflow:auto;margin:0px 0px 20px 0px;}
161
  /** Security Log **/
162
  #SecLogCounter {float:right;background-color:#f7f7f7;border:1px solid #999;padding:5px;margin:0px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);}
admin/db-backup-security/db-backup-security.php CHANGED
@@ -29,34 +29,34 @@ if ( $ScrollTop_options['bps_scrolltop'] != 'Off' ) {
29
  ?>
30
 
31
  <?php
32
- if ( function_exists('get_transient') ) {
33
- require_once( ABSPATH . 'wp-admin/includes/plugin-install.php' );
34
 
35
- if ( false === ( $bps_api = get_transient('bulletproof-security_info') ) ) {
36
- $bps_api = plugins_api( 'plugin_information', array( 'slug' => stripslashes( 'bulletproof-security' ) ) );
37
 
38
- if ( ! is_wp_error( $bps_api ) ) {
39
- $bps_expire = 60 * 30; // Cache downloads data for 30 minutes
40
- $bps_downloaded = array( 'downloaded' => $bps_api->downloaded );
41
- maybe_serialize( $bps_downloaded );
42
- set_transient( 'bulletproof-security_info', $bps_downloaded, $bps_expire );
43
- }
44
- }
45
-
46
- $bps_transient = get_transient( 'bulletproof-security_info' );
47
 
48
  echo '<div class="bps-star-container">';
49
  echo '<div class="bps-star"><img src="'.plugins_url('/bulletproof-security/admin/images/star.png').'" /></div>';
50
  echo '<div class="bps-downloaded">';
51
 
52
- foreach ( $bps_transient as $key => $value ) {
53
- echo number_format_i18n( $value ) .' '. str_replace( 'downloaded', "Downloads", $key );
54
- }
55
 
56
  echo '<div class="bps-star-link"><a href="https://wordpress.org/support/view/plugin-reviews/bulletproof-security#postform" target="_blank" title="Add a Star Rating for the BPS plugin">'.__('Rate BPS', 'bulletproof-security').'</a><br><a href="https://affiliates.ait-pro.com/po/" target="_blank" title="Upgrade to BulletProof Security Pro">Upgrade to Pro</a></div>';
57
  echo '</div>';
58
  echo '</div>';
59
- }
60
  ?>
61
 
62
  <h2 class="bps-tab-title"><?php _e('BulletProof Security ~ DB Backup & Security', 'bulletproof-security'); ?></h2>
29
  ?>
30
 
31
  <?php
32
+ //if ( function_exists('get_transient') ) {
33
+ //require_once( ABSPATH . 'wp-admin/includes/plugin-install.php' );
34
 
35
+ // if ( false === ( $bps_api = get_transient('bulletproof-security_info') ) ) {
36
+ // $bps_api = plugins_api( 'plugin_information', array( 'slug' => stripslashes( 'bulletproof-security' ) ) );
37
 
38
+ // if ( ! is_wp_error( $bps_api ) ) {
39
+ // $bps_expire = 60 * 30; // Cache downloads data for 30 minutes
40
+ // $bps_downloaded = array( 'downloaded' => $bps_api->downloaded );
41
+ // maybe_serialize( $bps_downloaded );
42
+ // set_transient( 'bulletproof-security_info', $bps_downloaded, $bps_expire );
43
+ // }
44
+ // }
45
+
46
+ // $bps_transient = get_transient( 'bulletproof-security_info' );
47
 
48
  echo '<div class="bps-star-container">';
49
  echo '<div class="bps-star"><img src="'.plugins_url('/bulletproof-security/admin/images/star.png').'" /></div>';
50
  echo '<div class="bps-downloaded">';
51
 
52
+ // foreach ( $bps_transient as $key => $value ) {
53
+ // echo number_format_i18n( $value ) .' '. str_replace( 'downloaded', "Downloads", $key );
54
+ // }
55
 
56
  echo '<div class="bps-star-link"><a href="https://wordpress.org/support/view/plugin-reviews/bulletproof-security#postform" target="_blank" title="Add a Star Rating for the BPS plugin">'.__('Rate BPS', 'bulletproof-security').'</a><br><a href="https://affiliates.ait-pro.com/po/" target="_blank" title="Upgrade to BulletProof Security Pro">Upgrade to Pro</a></div>';
57
  echo '</div>';
58
  echo '</div>';
59
+ //}
60
  ?>
61
 
62
  <h2 class="bps-tab-title"><?php _e('BulletProof Security ~ DB Backup & Security', 'bulletproof-security'); ?></h2>
admin/email-log-settings/email-log-settings.php CHANGED
@@ -24,34 +24,34 @@ if ( $ScrollTop_options['bps_scrolltop'] != 'Off' ) {
24
  ?>
25
 
26
  <?php
27
- if ( function_exists('get_transient') ) {
28
- require_once( ABSPATH . 'wp-admin/includes/plugin-install.php' );
29
 
30
- if ( false === ( $bps_api = get_transient('bulletproof-security_info') ) ) {
31
- $bps_api = plugins_api( 'plugin_information', array( 'slug' => stripslashes( 'bulletproof-security' ) ) );
32
 
33
- if ( ! is_wp_error( $bps_api ) ) {
34
- $bps_expire = 60 * 30; // Cache downloads data for 30 minutes
35
- $bps_downloaded = array( 'downloaded' => $bps_api->downloaded );
36
- maybe_serialize( $bps_downloaded );
37
- set_transient( 'bulletproof-security_info', $bps_downloaded, $bps_expire );
38
- }
39
- }
40
-
41
- $bps_transient = get_transient( 'bulletproof-security_info' );
42
 
43
  echo '<div class="bps-star-container">';
44
  echo '<div class="bps-star"><img src="'.plugins_url('/bulletproof-security/admin/images/star.png').'" /></div>';
45
  echo '<div class="bps-downloaded">';
46
 
47
- foreach ( $bps_transient as $key => $value ) {
48
- echo number_format_i18n( $value ) .' '. str_replace( 'downloaded', "Downloads", $key );
49
- }
50
 
51
  echo '<div class="bps-star-link"><a href="https://wordpress.org/support/view/plugin-reviews/bulletproof-security#postform" target="_blank" title="Add a Star Rating for the BPS plugin">'.__('Rate BPS', 'bulletproof-security').'</a><br><a href="https://affiliates.ait-pro.com/po/" target="_blank" title="Upgrade to BulletProof Security Pro">Upgrade to Pro</a></div>';
52
  echo '</div>';
53
  echo '</div>';
54
- }
55
  ?>
56
 
57
  <h2 class="bps-tab-title"><?php _e('BulletProof Security ~ Email Alerts & Log File Settings', 'bulletproof-security'); ?></h2>
24
  ?>
25
 
26
  <?php
27
+ //if ( function_exists('get_transient') ) {
28
+ //require_once( ABSPATH . 'wp-admin/includes/plugin-install.php' );
29
 
30
+ // if ( false === ( $bps_api = get_transient('bulletproof-security_info') ) ) {
31
+ // $bps_api = plugins_api( 'plugin_information', array( 'slug' => stripslashes( 'bulletproof-security' ) ) );
32
 
33
+ // if ( ! is_wp_error( $bps_api ) ) {
34
+ // $bps_expire = 60 * 30; // Cache downloads data for 30 minutes
35
+ // $bps_downloaded = array( 'downloaded' => $bps_api->downloaded );
36
+ // maybe_serialize( $bps_downloaded );
37
+ // set_transient( 'bulletproof-security_info', $bps_downloaded, $bps_expire );
38
+ // }
39
+ // }
40
+
41
+ // $bps_transient = get_transient( 'bulletproof-security_info' );
42
 
43
  echo '<div class="bps-star-container">';
44
  echo '<div class="bps-star"><img src="'.plugins_url('/bulletproof-security/admin/images/star.png').'" /></div>';
45
  echo '<div class="bps-downloaded">';
46
 
47
+ // foreach ( $bps_transient as $key => $value ) {
48
+ // echo number_format_i18n( $value ) .' '. str_replace( 'downloaded', "Downloads", $key );
49
+ // }
50
 
51
  echo '<div class="bps-star-link"><a href="https://wordpress.org/support/view/plugin-reviews/bulletproof-security#postform" target="_blank" title="Add a Star Rating for the BPS plugin">'.__('Rate BPS', 'bulletproof-security').'</a><br><a href="https://affiliates.ait-pro.com/po/" target="_blank" title="Upgrade to BulletProof Security Pro">Upgrade to Pro</a></div>';
52
  echo '</div>';
53
  echo '</div>';
54
+ //}
55
  ?>
56
 
57
  <h2 class="bps-tab-title"><?php _e('BulletProof Security ~ Email Alerts & Log File Settings', 'bulletproof-security'); ?></h2>
admin/htaccess/secure.htaccess CHANGED
@@ -1,4 +1,4 @@
1
- # BULLETPROOF 3.5 SECURE .HTACCESS
2
 
3
  # PHP/PHP.INI HANDLER/CACHE CODE
4
  # Use BPS Custom Code to add php/php.ini Handler and Cache htaccess code and to save it permanently.
1
+ # BULLETPROOF 3.6 SECURE .HTACCESS
2
 
3
  # PHP/PHP.INI HANDLER/CACHE CODE
4
  # Use BPS Custom Code to add php/php.ini Handler and Cache htaccess code and to save it permanently.
admin/htaccess/wpadmin-secure.htaccess CHANGED
@@ -1,4 +1,4 @@
1
- # BULLETPROOF 3.5 WP-ADMIN SECURE .HTACCESS
2
 
3
  # DO NOT ADD URL REWRITING IN THIS FILE OR WORDPRESS WILL BREAK
4
  # RewriteRule ^(.*)$ - [F] works in /wp-admin without breaking WordPress
1
+ # BULLETPROOF 3.6 WP-ADMIN SECURE .HTACCESS
2
 
3
  # DO NOT ADD URL REWRITING IN THIS FILE OR WORDPRESS WILL BREAK
4
  # RewriteRule ^(.*)$ - [F] works in /wp-admin without breaking WordPress
admin/includes/admin.php CHANGED
@@ -442,6 +442,7 @@ add_action( 'admin_enqueue_scripts', 'bpsPro_register_enqueue_scripts_styles' );
442
  // .53.8: BugFix: script handles & dependencies code was fubar. Added: ver Query Strings * load scripts in footer * Debug option
443
  // 2.3: Remove all version compare conditions for >= 3.8. Minimum WP version required is now WP 3.8.
444
  // 2.4: register and enqueue new BPS MScan AJAX script
 
445
  function bpsPro_register_enqueue_scripts_styles() {
446
  global $wp_scripts, $wp_styles, $bulletproof_security, $wp_version, $bps_version;
447
 
@@ -460,7 +461,10 @@ global $wp_scripts, $wp_styles, $bulletproof_security, $wp_version, $bps_version
460
  wp_register_script('bps-tabs', plugins_url( '/bulletproof-security/admin/js/bps-ui-tabs.js' ), array( 'jquery', 'jquery-ui-tabs' ), $bps_version, true );
461
  wp_register_script('bps-dialog', plugins_url( '/bulletproof-security/admin/js/bps-ui-dialog.js' ), array( 'jquery', 'jquery-ui-dialog', 'jquery-effects-core', 'jquery-effects-blind', 'jquery-effects-explode' ), $bps_version, true );
462
  wp_register_script('bps-accordion', plugins_url( '/bulletproof-security/admin/js/bps-ui-accordion.js' ), array( 'jquery', 'jquery-ui-accordion' ), $bps_version, true );
463
-
 
 
 
464
  // Register BPS Styles
465
  switch ( $UIoptions['bps_ui_theme_skin'] ) {
466
  case 'blue':
@@ -480,7 +484,9 @@ global $wp_scripts, $wp_styles, $bulletproof_security, $wp_version, $bps_version
480
  wp_enqueue_script( 'bps-tabs' );
481
  wp_enqueue_script( 'bps-dialog' );
482
  wp_enqueue_script( 'bps-accordion' );
483
-
 
 
484
  // Enqueue BPS stylesheets
485
  switch ( $UIoptions['bps_ui_theme_skin'] ) {
486
  case 'blue':
@@ -497,7 +503,7 @@ global $wp_scripts, $wp_styles, $bulletproof_security, $wp_version, $bps_version
497
  }
498
 
499
  // Dequeue any other plugin or theme scripts that should not be loading on BPS plugin pages
500
- $script_handles = array( 'bps-mscan-ajax', 'bps-tabs', 'bps-dialog', 'bps-accordion', 'admin-bar', 'jquery', 'jquery-ui-core', 'jquery-ui-tabs', 'jquery-ui-dialog', 'jquery-ui-widget', 'jquery-ui-mouse', 'jquery-ui-resizable', 'jquery-ui-draggable', 'jquery-ui-button', 'jquery-ui-position', 'jquery-ui-accordion', 'jquery-effects-core', 'jquery-effects-blind', 'jquery-effects-explode', 'common', 'utils', 'svg-painter', 'wp-auth-check', 'heartbeat', 'debug-bar' );
501
 
502
  $style_handles = array( 'bps-css', 'bps-css-38', 'admin-bar', 'colors', 'ie', 'wp-auth-check', 'debug-bar' );
503
 
442
  // .53.8: BugFix: script handles & dependencies code was fubar. Added: ver Query Strings * load scripts in footer * Debug option
443
  // 2.3: Remove all version compare conditions for >= 3.8. Minimum WP version required is now WP 3.8.
444
  // 2.4: register and enqueue new BPS MScan AJAX script
445
+ // 3.6: Encryption/Decryption added to evade/bypass the Mod Security CRS ruleset, which breaks numerous Forms throughout BPS.
446
  function bpsPro_register_enqueue_scripts_styles() {
447
  global $wp_scripts, $wp_styles, $bulletproof_security, $wp_version, $bps_version;
448
 
461
  wp_register_script('bps-tabs', plugins_url( '/bulletproof-security/admin/js/bps-ui-tabs.js' ), array( 'jquery', 'jquery-ui-tabs' ), $bps_version, true );
462
  wp_register_script('bps-dialog', plugins_url( '/bulletproof-security/admin/js/bps-ui-dialog.js' ), array( 'jquery', 'jquery-ui-dialog', 'jquery-effects-core', 'jquery-effects-blind', 'jquery-effects-explode' ), $bps_version, true );
463
  wp_register_script('bps-accordion', plugins_url( '/bulletproof-security/admin/js/bps-ui-accordion.js' ), array( 'jquery', 'jquery-ui-accordion' ), $bps_version, true );
464
+ ## 3.6: Encryption js scripts added
465
+ wp_register_script('bps-encryption', plugins_url( '/bulletproof-security/admin/js/bps-encryption.js' ), '', $bpspro_version, true );
466
+ wp_register_script('bps-crypto-js', plugins_url( '/bulletproof-security/admin/js/crypto-js/crypto-js.js' ), '', $bpspro_version, true );
467
+
468
  // Register BPS Styles
469
  switch ( $UIoptions['bps_ui_theme_skin'] ) {
470
  case 'blue':
484
  wp_enqueue_script( 'bps-tabs' );
485
  wp_enqueue_script( 'bps-dialog' );
486
  wp_enqueue_script( 'bps-accordion' );
487
+ wp_enqueue_script( 'bps-encryption' );
488
+ wp_enqueue_script( 'bps-crypto-js' );
489
+
490
  // Enqueue BPS stylesheets
491
  switch ( $UIoptions['bps_ui_theme_skin'] ) {
492
  case 'blue':
503
  }
504
 
505
  // Dequeue any other plugin or theme scripts that should not be loading on BPS plugin pages
506
+ $script_handles = array( 'bps-mscan-ajax', 'bps-tabs', 'bps-dialog', 'bps-accordion', 'bps-encryption', 'bps-crypto-js', 'admin-bar', 'jquery', 'jquery-ui-core', 'jquery-ui-tabs', 'jquery-ui-dialog', 'jquery-ui-widget', 'jquery-ui-mouse', 'jquery-ui-resizable', 'jquery-ui-draggable', 'jquery-ui-button', 'jquery-ui-position', 'jquery-ui-accordion', 'jquery-effects-core', 'jquery-effects-blind', 'jquery-effects-explode', 'common', 'utils', 'svg-painter', 'wp-auth-check', 'heartbeat', 'debug-bar' );
507
 
508
  $style_handles = array( 'bps-css', 'bps-css-38', 'admin-bar', 'colors', 'ie', 'wp-auth-check', 'debug-bar' );
509
 
admin/js/bps-encryption.js ADDED
@@ -0,0 +1,103 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ /**
2
+ * Encryption class for encrypt/decrypt that works between programming languages.
3
+ *
4
+ * @author Vee Winch.
5
+ * @link https://stackoverflow.com/questions/41222162/encrypt-in-php-openssl-and-decrypt-in-javascript-cryptojs Reference.
6
+ * @link https://github.com/brix/crypto-js/releases crypto-js.js can be download from here.
7
+ */
8
+ class bpsProJSEncryption {
9
+
10
+
11
+ /**
12
+ * @var integer Return encrypt method or Cipher method number. (128, 192, 256)
13
+ */
14
+ get encryptMethodLength() {
15
+ var encryptMethod = this.encryptMethod;
16
+ // get only number from string.
17
+ // @link https://stackoverflow.com/a/10003709/128761 Reference.
18
+ var aesNumber = encryptMethod.match(/\d+/)[0];
19
+ return parseInt(aesNumber);
20
+ }// encryptMethodLength
21
+
22
+
23
+ /**
24
+ * @var integer Return cipher method divide by 8. example: AES number 256 will be 256/8 = 32.
25
+ */
26
+ get encryptKeySize() {
27
+ var aesNumber = this.encryptMethodLength;
28
+ return parseInt(aesNumber / 8);
29
+ }// encryptKeySize
30
+
31
+
32
+ /**
33
+ * @link http://php.net/manual/en/function.openssl-get-cipher-methods.php Refer to available methods in PHP if we are working between JS & PHP encryption.
34
+ * @var string Cipher method.
35
+ * Recommended AES-128-CBC, AES-192-CBC, AES-256-CBC
36
+ * due to there is no `openssl_cipher_iv_length()` function in JavaScript
37
+ * and all of these methods are known as 16 in iv_length.
38
+ */
39
+ get encryptMethod() {
40
+ return 'AES-256-CBC';
41
+ }// encryptMethod
42
+
43
+
44
+ /**
45
+ * Decrypt string.
46
+ *
47
+ * @link https://stackoverflow.com/questions/41222162/encrypt-in-php-openssl-and-decrypt-in-javascript-cryptojs Reference.
48
+ * @link https://stackoverflow.com/questions/25492179/decode-a-base64-string-using-cryptojs Crypto JS base64 encode/decode reference.
49
+ * @param string encryptedString The encrypted string to be decrypt.
50
+ * @param string key The key.
51
+ * @return string Return decrypted string.
52
+ */
53
+ decrypt(encryptedString, key) {
54
+ var json = JSON.parse(CryptoJS.enc.Utf8.stringify(CryptoJS.enc.Base64.parse(encryptedString)));
55
+
56
+ var salt = CryptoJS.enc.Hex.parse(json.salt);
57
+ var iv = CryptoJS.enc.Hex.parse(json.iv);
58
+
59
+ var encrypted = json.ciphertext;// no need to base64 decode.
60
+
61
+ var iterations = parseInt(json.iterations);
62
+ if (iterations <= 0) {
63
+ iterations = 999;
64
+ }
65
+ var encryptMethodLength = (this.encryptMethodLength/4);// example: AES number is 256 / 4 = 64
66
+ var hashKey = CryptoJS.PBKDF2(key, salt, {'hasher': CryptoJS.algo.SHA512, 'keySize': (encryptMethodLength/8), 'iterations': iterations});
67
+
68
+ var decrypted = CryptoJS.AES.decrypt(encrypted, hashKey, {'mode': CryptoJS.mode.CBC, 'iv': iv});
69
+
70
+ return decrypted.toString(CryptoJS.enc.Utf8);
71
+ }// decrypt
72
+
73
+
74
+ /**
75
+ * Encrypt string.
76
+ *
77
+ * @link https://stackoverflow.com/questions/41222162/encrypt-in-php-openssl-and-decrypt-in-javascript-cryptojs Reference.
78
+ * @link https://stackoverflow.com/questions/25492179/decode-a-base64-string-using-cryptojs Crypto JS base64 encode/decode reference.
79
+ * @param string string The original string to be encrypt.
80
+ * @param string key The key.
81
+ * @return string Return encrypted string.
82
+ */
83
+ encrypt(string, key) {
84
+ var iv = CryptoJS.lib.WordArray.random(16);// the reason to be 16, please read on `encryptMethod` property.
85
+
86
+ var salt = CryptoJS.lib.WordArray.random(256);
87
+ var iterations = 999;
88
+ var encryptMethodLength = (this.encryptMethodLength/4);// example: AES number is 256 / 4 = 64
89
+ var hashKey = CryptoJS.PBKDF2(key, salt, {'hasher': CryptoJS.algo.SHA512, 'keySize': (encryptMethodLength/8), 'iterations': iterations});
90
+
91
+ var encrypted = CryptoJS.AES.encrypt(string, hashKey, {'mode': CryptoJS.mode.CBC, 'iv': iv});
92
+ var encryptedString = CryptoJS.enc.Base64.stringify(encrypted.ciphertext);
93
+
94
+ var output = {
95
+ 'ciphertext': encryptedString,
96
+ 'iv': CryptoJS.enc.Hex.stringify(iv),
97
+ 'salt': CryptoJS.enc.Hex.stringify(salt),
98
+ 'iterations': iterations
99
+ };
100
+
101
+ return CryptoJS.enc.Base64.stringify(CryptoJS.enc.Utf8.parse(JSON.stringify(output)));
102
+ }// encrypt
103
+ }
admin/js/crypto-js/CONTRIBUTING.md ADDED
@@ -0,0 +1,28 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ # Contribution
2
+
3
+ # Git Flow
4
+
5
+ The crypto-js project uses [git flow](https://github.com/nvie/gitflow) to manage branches.
6
+ Do your changes on the `develop` or even better on a `feature/*` branch. Don't do any changes on the `master` branch.
7
+
8
+ # Pull request
9
+
10
+ Target your pull request on `develop` branch. Other pull request won't be accepted.
11
+
12
+ # How to build
13
+
14
+ 1. Clone
15
+
16
+ 2. Run
17
+
18
+ ```sh
19
+ npm install
20
+ ```
21
+
22
+ 3. Run
23
+
24
+ ```sh
25
+ npm run build
26
+ ```
27
+
28
+ 4. Check `build` folder
admin/js/crypto-js/LICENSE ADDED
@@ -0,0 +1,24 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ # License
2
+
3
+ [The MIT License (MIT)](http://opensource.org/licenses/MIT)
4
+
5
+ Copyright (c) 2009-2013 Jeff Mott
6
+ Copyright (c) 2013-2016 Evan Vosberg
7
+
8
+ Permission is hereby granted, free of charge, to any person obtaining a copy
9
+ of this software and associated documentation files (the "Software"), to deal
10
+ in the Software without restriction, including without limitation the rights
11
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12
+ copies of the Software, and to permit persons to whom the Software is
13
+ furnished to do so, subject to the following conditions:
14
+
15
+ The above copyright notice and this permission notice shall be included in
16
+ all copies or substantial portions of the Software.
17
+
18
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
21
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24
+ THE SOFTWARE.
admin/js/crypto-js/README.md ADDED
@@ -0,0 +1,198 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ # crypto-js
2
+
3
+ JavaScript library of crypto standards.
4
+
5
+ ## Node.js (Install)
6
+
7
+ Requirements:
8
+
9
+ - Node.js
10
+ - npm (Node.js package manager)
11
+
12
+ ```bash
13
+ npm install crypto-js
14
+ ```
15
+
16
+ ### Usage
17
+
18
+ Modular include:
19
+
20
+ ```javascript
21
+ var AES = require("crypto-js/aes");
22
+ var SHA256 = require("crypto-js/sha256");
23
+ ...
24
+ console.log(SHA256("Message"));
25
+ ```
26
+
27
+ Including all libraries, for access to extra methods:
28
+
29
+ ```javascript
30
+ var CryptoJS = require("crypto-js");
31
+ console.log(CryptoJS.HmacSHA1("Message", "Key"));
32
+ ```
33
+
34
+ ## Client (browser)
35
+
36
+ Requirements:
37
+
38
+ - Node.js
39
+ - Bower (package manager for frontend)
40
+
41
+ ```bash
42
+ bower install crypto-js
43
+ ```
44
+
45
+ ### Usage
46
+
47
+ Modular include:
48
+
49
+ ```javascript
50
+ require.config({
51
+ packages: [
52
+ {
53
+ name: 'crypto-js',
54
+ location: 'path-to/bower_components/crypto-js',
55
+ main: 'index'
56
+ }
57
+ ]
58
+ });
59
+
60
+ require(["crypto-js/aes", "crypto-js/sha256"], function (AES, SHA256) {
61
+ console.log(SHA256("Message"));
62
+ });
63
+ ```
64
+
65
+ Including all libraries, for access to extra methods:
66
+
67
+ ```javascript
68
+ // Above-mentioned will work or use this simple form
69
+ require.config({
70
+ paths: {
71
+ 'crypto-js': 'path-to/bower_components/crypto-js/crypto-js'
72
+ }
73
+ });
74
+
75
+ require(["crypto-js"], function (CryptoJS) {
76
+ console.log(CryptoJS.HmacSHA1("Message", "Key"));
77
+ });
78
+ ```
79
+
80
+ ### Usage without RequireJS
81
+
82
+ ```html
83
+ <script type="text/javascript" src="path-to/bower_components/crypto-js/crypto-js.js"></script>
84
+ <script type="text/javascript">
85
+ var encrypted = CryptoJS.AES(...);
86
+ var encrypted = CryptoJS.SHA256(...);
87
+ </script>
88
+ ```
89
+
90
+ ## API
91
+
92
+ See: https://code.google.com/p/crypto-js
93
+
94
+ ### AES Encryption
95
+
96
+ #### Plain text encryption
97
+
98
+ ```javascript
99
+ var CryptoJS = require("crypto-js");
100
+
101
+ // Encrypt
102
+ var ciphertext = CryptoJS.AES.encrypt('my message', 'secret key 123');
103
+
104
+ // Decrypt
105
+ var bytes = CryptoJS.AES.decrypt(ciphertext.toString(), 'secret key 123');
106
+ var plaintext = bytes.toString(CryptoJS.enc.Utf8);
107
+
108
+ console.log(plaintext);
109
+ ```
110
+
111
+ #### Object encryption
112
+
113
+ ```javascript
114
+ var CryptoJS = require("crypto-js");
115
+
116
+ var data = [{id: 1}, {id: 2}]
117
+
118
+ // Encrypt
119
+ var ciphertext = CryptoJS.AES.encrypt(JSON.stringify(data), 'secret key 123');
120
+
121
+ // Decrypt
122
+ var bytes = CryptoJS.AES.decrypt(ciphertext.toString(), 'secret key 123');
123
+ var decryptedData = JSON.parse(bytes.toString(CryptoJS.enc.Utf8));
124
+
125
+ console.log(decryptedData);
126
+ ```
127
+
128
+ ### List of modules
129
+
130
+
131
+ - ```crypto-js/core```
132
+ - ```crypto-js/x64-core```
133
+ - ```crypto-js/lib-typedarrays```
134
+
135
+ ---
136
+
137
+ - ```crypto-js/md5```
138
+ - ```crypto-js/sha1```
139
+ - ```crypto-js/sha256```
140
+ - ```crypto-js/sha224```
141
+ - ```crypto-js/sha512```
142
+ - ```crypto-js/sha384```
143
+ - ```crypto-js/sha3```
144
+ - ```crypto-js/ripemd160```
145
+
146
+ ---
147
+
148
+ - ```crypto-js/hmac-md5```
149
+ - ```crypto-js/hmac-sha1```
150
+ - ```crypto-js/hmac-sha256```
151
+ - ```crypto-js/hmac-sha224```
152
+ - ```crypto-js/hmac-sha512```
153
+ - ```crypto-js/hmac-sha384```
154
+ - ```crypto-js/hmac-sha3```
155
+ - ```crypto-js/hmac-ripemd160```
156
+
157
+ ---
158
+
159
+ - ```crypto-js/pbkdf2```
160
+
161
+ ---
162
+
163
+ - ```crypto-js/aes```
164
+ - ```crypto-js/tripledes```
165
+ - ```crypto-js/rc4```
166
+ - ```crypto-js/rabbit```
167
+ - ```crypto-js/rabbit-legacy```
168
+ - ```crypto-js/evpkdf```
169
+
170
+ ---
171
+
172
+ - ```crypto-js/format-openssl```
173
+ - ```crypto-js/format-hex```
174
+
175
+ ---
176
+
177
+ - ```crypto-js/enc-latin1```
178
+ - ```crypto-js/enc-utf8```
179
+ - ```crypto-js/enc-hex```
180
+ - ```crypto-js/enc-utf16```
181
+ - ```crypto-js/enc-base64```
182
+
183
+ ---
184
+
185
+ - ```crypto-js/mode-cfb```
186
+ - ```crypto-js/mode-ctr```
187
+ - ```crypto-js/mode-ctr-gladman```
188
+ - ```crypto-js/mode-ofb```
189
+ - ```crypto-js/mode-ecb```
190
+
191
+ ---
192
+
193
+ - ```crypto-js/pad-pkcs7```
194
+ - ```crypto-js/pad-ansix923```
195
+ - ```crypto-js/pad-iso10126```
196
+ - ```crypto-js/pad-iso97971```
197
+ - ```crypto-js/pad-zeropadding```
198
+ - ```crypto-js/pad-nopadding```
admin/js/crypto-js/aes.js ADDED
@@ -0,0 +1,232 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ;(function (root, factory, undef) {
2
+ if (typeof exports === "object") {
3
+ // CommonJS
4
+ module.exports = exports = factory(require("./core"), require("./enc-base64"), require("./md5"), require("./evpkdf"), require("./cipher-core"));
5
+ }
6
+ else if (typeof define === "function" && define.amd) {
7
+ // AMD
8
+ define(["./core", "./enc-base64", "./md5", "./evpkdf", "./cipher-core"], factory);
9
+ }
10
+ else {
11
+ // Global (browser)
12
+ factory(root.CryptoJS);
13
+ }
14
+ }(this, function (CryptoJS) {
15
+
16
+ (function () {
17
+ // Shortcuts
18
+ var C = CryptoJS;
19
+ var C_lib = C.lib;
20
+ var BlockCipher = C_lib.BlockCipher;
21
+ var C_algo = C.algo;
22
+
23
+ // Lookup tables
24
+ var SBOX = [];
25
+ var INV_SBOX = [];
26
+ var SUB_MIX_0 = [];
27
+ var SUB_MIX_1 = [];
28
+ var SUB_MIX_2 = [];
29
+ var SUB_MIX_3 = [];
30
+ var INV_SUB_MIX_0 = [];
31
+ var INV_SUB_MIX_1 = [];
32
+ var INV_SUB_MIX_2 = [];
33
+ var INV_SUB_MIX_3 = [];
34
+
35
+ // Compute lookup tables
36
+ (function () {
37
+ // Compute double table
38
+ var d = [];
39
+ for (var i = 0; i < 256; i++) {
40
+ if (i < 128) {
41
+ d[i] = i << 1;
42
+ } else {
43
+ d[i] = (i << 1) ^ 0x11b;
44
+ }
45
+ }
46
+
47
+ // Walk GF(2^8)
48
+ var x = 0;
49
+ var xi = 0;
50
+ for (var i = 0; i < 256; i++) {
51
+ // Compute sbox
52
+ var sx = xi ^ (xi << 1) ^ (xi << 2) ^ (xi << 3) ^ (xi << 4);
53
+ sx = (sx >>> 8) ^ (sx & 0xff) ^ 0x63;
54
+ SBOX[x] = sx;
55
+ INV_SBOX[sx] = x;
56
+
57
+ // Compute multiplication
58
+ var x2 = d[x];
59
+ var x4 = d[x2];
60
+ var x8 = d[x4];
61
+
62
+ // Compute sub bytes, mix columns tables
63
+ var t = (d[sx] * 0x101) ^ (sx * 0x1010100);
64
+ SUB_MIX_0[x] = (t << 24) | (t >>> 8);
65
+ SUB_MIX_1[x] = (t << 16) | (t >>> 16);
66
+ SUB_MIX_2[x] = (t << 8) | (t >>> 24);
67
+ SUB_MIX_3[x] = t;
68
+
69
+ // Compute inv sub bytes, inv mix columns tables
70
+ var t = (x8 * 0x1010101) ^ (x4 * 0x10001) ^ (x2 * 0x101) ^ (x * 0x1010100);
71
+ INV_SUB_MIX_0[sx] = (t << 24) | (t >>> 8);
72
+ INV_SUB_MIX_1[sx] = (t << 16) | (t >>> 16);
73
+ INV_SUB_MIX_2[sx] = (t << 8) | (t >>> 24);
74
+ INV_SUB_MIX_3[sx] = t;
75
+
76
+ // Compute next counter
77
+ if (!x) {
78
+ x = xi = 1;
79
+ } else {
80
+ x = x2 ^ d[d[d[x8 ^ x2]]];
81
+ xi ^= d[d[xi]];
82
+ }
83
+ }
84
+ }());
85
+
86
+ // Precomputed Rcon lookup
87
+ var RCON = [0x00, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36];
88
+
89
+ /**
90
+ * AES block cipher algorithm.
91
+ */
92
+ var AES = C_algo.AES = BlockCipher.extend({
93
+ _doReset: function () {
94
+ // Skip reset of nRounds has been set before and key did not change
95
+ if (this._nRounds && this._keyPriorReset === this._key) {
96
+ return;
97
+ }
98
+
99
+ // Shortcuts
100
+ var key = this._keyPriorReset = this._key;
101
+ var keyWords = key.words;
102
+ var keySize = key.sigBytes / 4;
103
+
104
+ // Compute number of rounds
105
+ var nRounds = this._nRounds = keySize + 6;
106
+
107
+ // Compute number of key schedule rows
108
+ var ksRows = (nRounds + 1) * 4;
109
+
110
+ // Compute key schedule
111
+ var keySchedule = this._keySchedule = [];
112
+ for (var ksRow = 0; ksRow < ksRows; ksRow++) {
113
+ if (ksRow < keySize) {
114
+ keySchedule[ksRow] = keyWords[ksRow];
115
+ } else {
116
+ var t = keySchedule[ksRow - 1];
117
+
118
+ if (!(ksRow % keySize)) {
119
+ // Rot word
120
+ t = (t << 8) | (t >>> 24);
121
+
122
+ // Sub word
123
+ t = (SBOX[t >>> 24] << 24) | (SBOX[(t >>> 16) & 0xff] << 16) | (SBOX[(t >>> 8) & 0xff] << 8) | SBOX[t & 0xff];
124
+
125
+ // Mix Rcon
126
+ t ^= RCON[(ksRow / keySize) | 0] << 24;
127
+ } else if (keySize > 6 && ksRow % keySize == 4) {
128
+ // Sub word
129
+ t = (SBOX[t >>> 24] << 24) | (SBOX[(t >>> 16) & 0xff] << 16) | (SBOX[(t >>> 8) & 0xff] << 8) | SBOX[t & 0xff];
130
+ }
131
+
132
+ keySchedule[ksRow] = keySchedule[ksRow - keySize] ^ t;
133
+ }
134
+ }
135
+
136
+ // Compute inv key schedule
137
+ var invKeySchedule = this._invKeySchedule = [];
138
+ for (var invKsRow = 0; invKsRow < ksRows; invKsRow++) {
139
+ var ksRow = ksRows - invKsRow;
140
+
141
+ if (invKsRow % 4) {
142
+ var t = keySchedule[ksRow];
143
+ } else {
144
+ var t = keySchedule[ksRow - 4];
145
+ }
146
+
147
+ if (invKsRow < 4 || ksRow <= 4) {
148
+ invKeySchedule[invKsRow] = t;
149
+ } else {
150
+ invKeySchedule[invKsRow] = INV_SUB_MIX_0[SBOX[t >>> 24]] ^ INV_SUB_MIX_1[SBOX[(t >>> 16) & 0xff]] ^
151
+ INV_SUB_MIX_2[SBOX[(t >>> 8) & 0xff]] ^ INV_SUB_MIX_3[SBOX[t & 0xff]];
152
+ }
153
+ }
154
+ },
155
+
156
+ encryptBlock: function (M, offset) {
157
+ this._doCryptBlock(M, offset, this._keySchedule, SUB_MIX_0, SUB_MIX_1, SUB_MIX_2, SUB_MIX_3, SBOX);
158
+ },
159
+
160
+ decryptBlock: function (M, offset) {
161
+ // Swap 2nd and 4th rows
162
+ var t = M[offset + 1];
163
+ M[offset + 1] = M[offset + 3];
164
+ M[offset + 3] = t;
165
+
166
+ this._doCryptBlock(M, offset, this._invKeySchedule, INV_SUB_MIX_0, INV_SUB_MIX_1, INV_SUB_MIX_2, INV_SUB_MIX_3, INV_SBOX);
167
+
168
+ // Inv swap 2nd and 4th rows
169
+ var t = M[offset + 1];
170
+ M[offset + 1] = M[offset + 3];
171
+ M[offset + 3] = t;
172
+ },
173
+
174
+ _doCryptBlock: function (M, offset, keySchedule, SUB_MIX_0, SUB_MIX_1, SUB_MIX_2, SUB_MIX_3, SBOX) {
175
+ // Shortcut
176
+ var nRounds = this._nRounds;
177
+
178
+ // Get input, add round key
179
+ var s0 = M[offset] ^ keySchedule[0];
180
+ var s1 = M[offset + 1] ^ keySchedule[1];
181
+ var s2 = M[offset + 2] ^ keySchedule[2];
182
+ var s3 = M[offset + 3] ^ keySchedule[3];
183
+
184
+ // Key schedule row counter
185
+ var ksRow = 4;
186
+
187
+ // Rounds
188
+ for (var round = 1; round < nRounds; round++) {
189
+ // Shift rows, sub bytes, mix columns, add round key
190
+ var t0 = SUB_MIX_0[s0 >>> 24] ^ SUB_MIX_1[(s1 >>> 16) & 0xff] ^ SUB_MIX_2[(s2 >>> 8) & 0xff] ^ SUB_MIX_3[s3 & 0xff] ^ keySchedule[ksRow++];
191
+ var t1 = SUB_MIX_0[s1 >>> 24] ^ SUB_MIX_1[(s2 >>> 16) & 0xff] ^ SUB_MIX_2[(s3 >>> 8) & 0xff] ^ SUB_MIX_3[s0 & 0xff] ^ keySchedule[ksRow++];
192
+ var t2 = SUB_MIX_0[s2 >>> 24] ^ SUB_MIX_1[(s3 >>> 16) & 0xff] ^ SUB_MIX_2[(s0 >>> 8) & 0xff] ^ SUB_MIX_3[s1 & 0xff] ^ keySchedule[ksRow++];
193
+ var t3 = SUB_MIX_0[s3 >>> 24] ^ SUB_MIX_1[(s0 >>> 16) & 0xff] ^ SUB_MIX_2[(s1 >>> 8) & 0xff] ^ SUB_MIX_3[s2 & 0xff] ^ keySchedule[ksRow++];
194
+
195
+ // Update state
196
+ s0 = t0;
197
+ s1 = t1;
198
+ s2 = t2;
199
+ s3 = t3;
200
+ }
201
+
202
+ // Shift rows, sub bytes, add round key
203
+ var t0 = ((SBOX[s0 >>> 24] << 24) | (SBOX[(s1 >>> 16) & 0xff] << 16) | (SBOX[(s2 >>> 8) & 0xff] << 8) | SBOX[s3 & 0xff]) ^ keySchedule[ksRow++];
204
+ var t1 = ((SBOX[s1 >>> 24] << 24) | (SBOX[(s2 >>> 16) & 0xff] << 16) | (SBOX[(s3 >>> 8) & 0xff] << 8) | SBOX[s0 & 0xff]) ^ keySchedule[ksRow++];
205
+ var t2 = ((SBOX[s2 >>> 24] << 24) | (SBOX[(s3 >>> 16) & 0xff] << 16) | (SBOX[(s0 >>> 8) & 0xff] << 8) | SBOX[s1 & 0xff]) ^ keySchedule[ksRow++];
206
+ var t3 = ((SBOX[s3 >>> 24] << 24) | (SBOX[(s0 >>> 16) & 0xff] << 16) | (SBOX[(s1 >>> 8) & 0xff] << 8) | SBOX[s2 & 0xff]) ^ keySchedule[ksRow++];
207
+
208
+ // Set output
209
+ M[offset] = t0;
210
+ M[offset + 1] = t1;
211
+ M[offset + 2] = t2;
212
+ M[offset + 3] = t3;
213
+ },
214
+
215
+ keySize: 256/32
216
+ });
217
+
218
+ /**
219
+ * Shortcut functions to the cipher's object interface.
220
+ *
221
+ * @example
222
+ *
223
+ * var ciphertext = CryptoJS.AES.encrypt(message, key, cfg);
224
+ * var plaintext = CryptoJS.AES.decrypt(ciphertext, key, cfg);
225
+ */
226
+ C.AES = BlockCipher._createHelper(AES);
227
+ }());
228
+
229
+
230
+ return CryptoJS.AES;
231
+
232
+ }));
admin/js/crypto-js/bower.json ADDED
@@ -0,0 +1,35 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ {
2
+ "name": "crypto-js",
3
+ "version": "3.1.9",
4
+ "description": "JavaScript library of crypto standards.",
5
+ "license": "MIT",
6
+ "homepage": "http://github.com/brix/crypto-js",
7
+ "repository": {
8
+ "type": "git",
9
+ "url": "http://github.com/brix/crypto-js.git"
10
+ },
11
+ "keywords": [
12
+ "security",
13
+ "crypto",
14
+ "Hash",
15
+ "MD5",
16
+ "SHA1",
17
+ "SHA-1",
18
+ "SHA256",
19
+ "SHA-256",
20
+ "RC4",
21
+ "Rabbit",
22
+ "AES",
23
+ "DES",
24
+ "PBKDF2",
25
+ "HMAC",
26
+ "OFB",
27
+ "CFB",
28
+ "CTR",
29
+ "CBC",
30
+ "Base64"
31
+ ],
32
+ "main": "index.js",
33
+ "dependencies": {},
34
+ "ignore": []
35
+ }
admin/js/crypto-js/cipher-core.js ADDED
@@ -0,0 +1,880 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ;(function (root, factory, undef) {
2
+ if (typeof exports === "object") {
3
+ // CommonJS
4
+ module.exports = exports = factory(require("./core"), require("./evpkdf"));
5
+ }
6
+ else if (typeof define === "function" && define.amd) {
7
+ // AMD
8
+ define(["./core", "./evpkdf"], factory);
9
+ }
10
+ else {
11
+ // Global (browser)
12
+ factory(root.CryptoJS);
13
+ }
14
+ }(this, function (CryptoJS) {
15
+
16
+ /**
17
+ * Cipher core components.
18
+ */
19
+ CryptoJS.lib.Cipher || (function (undefined) {
20
+ // Shortcuts
21
+ var C = CryptoJS;
22
+ var C_lib = C.lib;
23
+ var Base = C_lib.Base;
24
+ var WordArray = C_lib.WordArray;
25
+ var BufferedBlockAlgorithm = C_lib.BufferedBlockAlgorithm;
26
+ var C_enc = C.enc;
27
+ var Utf8 = C_enc.Utf8;
28
+ var Base64 = C_enc.Base64;
29
+ var C_algo = C.algo;
30
+ var EvpKDF = C_algo.EvpKDF;
31
+
32
+ /**
33
+ * Abstract base cipher template.
34
+ *
35
+ * @property {number} keySize This cipher's key size. Default: 4 (128 bits)
36
+ * @property {number} ivSize This cipher's IV size. Default: 4 (128 bits)
37
+ * @property {number} _ENC_XFORM_MODE A constant representing encryption mode.
38
+ * @property {number} _DEC_XFORM_MODE A constant representing decryption mode.
39
+ */
40
+ var Cipher = C_lib.Cipher = BufferedBlockAlgorithm.extend({
41
+ /**
42
+ * Configuration options.
43
+ *
44
+ * @property {WordArray} iv The IV to use for this operation.
45
+ */
46
+ cfg: Base.extend(),
47
+
48
+ /**
49
+ * Creates this cipher in encryption mode.
50
+ *
51
+ * @param {WordArray} key The key.
52
+ * @param {Object} cfg (Optional) The configuration options to use for this operation.
53
+ *
54
+ * @return {Cipher} A cipher instance.
55
+ *
56
+ * @static
57
+ *
58
+ * @example
59
+ *
60
+ * var cipher = CryptoJS.algo.AES.createEncryptor(keyWordArray, { iv: ivWordArray });
61
+ */
62
+ createEncryptor: function (key, cfg) {
63
+ return this.create(this._ENC_XFORM_MODE, key, cfg);
64
+ },
65
+
66
+ /**
67
+ * Creates this cipher in decryption mode.
68
+ *
69
+ * @param {WordArray} key The key.
70
+ * @param {Object} cfg (Optional) The configuration options to use for this operation.
71
+ *
72
+ * @return {Cipher} A cipher instance.
73
+ *
74
+ * @static
75
+ *
76
+ * @example
77
+ *
78
+ * var cipher = CryptoJS.algo.AES.createDecryptor(keyWordArray, { iv: ivWordArray });
79
+ */
80
+ createDecryptor: function (key, cfg) {
81
+ return this.create(this._DEC_XFORM_MODE, key, cfg);
82
+ },
83
+
84
+ /**
85
+ * Initializes a newly created cipher.
86
+ *
87
+ * @param {number} xformMode Either the encryption or decryption transormation mode constant.
88
+ * @param {WordArray} key The key.
89
+ * @param {Object} cfg (Optional) The configuration options to use for this operation.
90
+ *
91
+ * @example
92
+ *
93
+ * var cipher = CryptoJS.algo.AES.create(CryptoJS.algo.AES._ENC_XFORM_MODE, keyWordArray, { iv: ivWordArray });
94
+ */
95
+ init: function (xformMode, key, cfg) {
96
+ // Apply config defaults
97
+ this.cfg = this.cfg.extend(cfg);
98
+
99
+ // Store transform mode and key
100
+ this._xformMode = xformMode;
101
+ this._key = key;
102
+
103
+ // Set initial values
104
+ this.reset();
105
+ },
106
+
107
+ /**
108
+ * Resets this cipher to its initial state.
109
+ *
110
+ * @example
111
+ *
112
+ * cipher.reset();
113
+ */
114
+ reset: function () {
115
+ // Reset data buffer
116
+ BufferedBlockAlgorithm.reset.call(this);
117
+
118
+ // Perform concrete-cipher logic
119
+ this._doReset();
120
+ },
121
+
122
+ /**
123
+ * Adds data to be encrypted or decrypted.
124
+ *
125
+ * @param {WordArray|string} dataUpdate The data to encrypt or decrypt.
126
+ *
127
+ * @return {WordArray} The data after processing.
128
+ *
129
+ * @example
130
+ *
131
+ * var encrypted = cipher.process('data');
132
+ * var encrypted = cipher.process(wordArray);
133
+ */
134
+ process: function (dataUpdate) {
135
+ // Append
136
+ this._append(dataUpdate);
137
+
138
+ // Process available blocks
139
+ return this._process();
140
+ },
141
+
142
+ /**
143
+ * Finalizes the encryption or decryption process.
144
+ * Note that the finalize operation is effectively a destructive, read-once operation.
145
+ *
146
+ * @param {WordArray|string} dataUpdate The final data to encrypt or decrypt.
147
+ *
148
+ * @return {WordArray} The data after final processing.
149
+ *
150
+ * @example
151
+ *
152
+ * var encrypted = cipher.finalize();
153
+ * var encrypted = cipher.finalize('data');
154
+ * var encrypted = cipher.finalize(wordArray);
155
+ */
156
+ finalize: function (dataUpdate) {
157
+ // Final data update
158
+ if (dataUpdate) {
159
+ this._append(dataUpdate);
160
+ }
161
+
162
+ // Perform concrete-cipher logic
163
+ var finalProcessedData = this._doFinalize();
164
+
165
+ return finalProcessedData;
166
+ },
167
+
168
+ keySize: 128/32,
169
+
170
+ ivSize: 128/32,
171
+
172
+ _ENC_XFORM_MODE: 1,
173
+
174
+ _DEC_XFORM_MODE: 2,
175
+
176
+ /**
177
+ * Creates shortcut functions to a cipher's object interface.
178
+ *
179
+ * @param {Cipher} cipher The cipher to create a helper for.
180
+ *
181
+ * @return {Object} An object with encrypt and decrypt shortcut functions.
182
+ *
183
+ * @static
184
+ *
185
+ * @example
186
+ *
187
+ * var AES = CryptoJS.lib.Cipher._createHelper(CryptoJS.algo.AES);
188
+ */
189
+ _createHelper: (function () {
190
+ function selectCipherStrategy(key) {
191
+ if (typeof key == 'string') {
192
+ return PasswordBasedCipher;
193
+ } else {
194
+ return SerializableCipher;
195
+ }
196
+ }
197
+
198
+ return function (cipher) {
199
+ return {
200
+ encrypt: function (message, key, cfg) {
201
+ return selectCipherStrategy(key).encrypt(cipher, message, key, cfg);
202
+ },
203
+
204
+ decrypt: function (ciphertext, key, cfg) {
205
+ return selectCipherStrategy(key).decrypt(cipher, ciphertext, key, cfg);
206
+ }
207
+ };
208
+ };
209
+ }())
210
+ });
211
+
212
+ /**
213
+ * Abstract base stream cipher template.
214
+ *
215
+ * @property {number} blockSize The number of 32-bit words this cipher operates on. Default: 1 (32 bits)
216
+ */
217
+ var StreamCipher = C_lib.StreamCipher = Cipher.extend({
218
+ _doFinalize: function () {
219
+ // Process partial blocks
220
+ var finalProcessedBlocks = this._process(!!'flush');
221
+
222
+ return finalProcessedBlocks;
223
+ },
224
+
225
+ blockSize: 1
226
+ });
227
+
228
+ /**
229
+ * Mode namespace.
230
+ */
231
+ var C_mode = C.mode = {};
232
+
233
+ /**
234
+ * Abstract base block cipher mode template.
235
+ */
236
+ var BlockCipherMode = C_lib.BlockCipherMode = Base.extend({
237
+ /**
238
+ * Creates this mode for encryption.
239
+ *
240
+ * @param {Cipher} cipher A block cipher instance.
241
+ * @param {Array} iv The IV words.
242
+ *
243
+ * @static
244
+ *
245
+ * @example
246
+ *
247
+ * var mode = CryptoJS.mode.CBC.createEncryptor(cipher, iv.words);
248
+ */
249
+ createEncryptor: function (cipher, iv) {
250
+ return this.Encryptor.create(cipher, iv);
251
+ },
252
+
253
+ /**
254
+ * Creates this mode for decryption.
255
+ *
256
+ * @param {Cipher} cipher A block cipher instance.
257
+ * @param {Array} iv The IV words.
258
+ *
259
+ * @static
260
+ *
261
+ * @example
262
+ *
263
+ * var mode = CryptoJS.mode.CBC.createDecryptor(cipher, iv.words);
264
+ */
265
+ createDecryptor: function (cipher, iv) {
266
+ return this.Decryptor.create(cipher, iv);
267
+ },
268
+
269
+ /**
270
+ * Initializes a newly created mode.
271
+ *
272
+ * @param {Cipher} cipher A block cipher instance.
273
+ * @param {Array} iv The IV words.
274
+ *
275
+ * @example
276
+ *
277
+ * var mode = CryptoJS.mode.CBC.Encryptor.create(cipher, iv.words);
278
+ */
279
+ init: function (cipher, iv) {
280
+ this._cipher = cipher;
281
+ this._iv = iv;
282
+ }
283
+ });
284
+
285
+ /**
286
+ * Cipher Block Chaining mode.
287
+ */
288
+ var CBC = C_mode.CBC = (function () {
289
+ /**
290
+ * Abstract base CBC mode.
291
+ */
292
+ var CBC = BlockCipherMode.extend();
293
+
294
+ /**
295
+ * CBC encryptor.
296
+ */
297
+ CBC.Encryptor = CBC.extend({
298
+ /**
299
+ * Processes the data block at offset.
300
+ *
301
+ * @param {Array} words The data words to operate on.
302
+ * @param {number} offset The offset where the block starts.
303
+ *
304
+ * @example
305
+ *
306
+ * mode.processBlock(data.words, offset);
307
+ */
308
+ processBlock: function (words, offset) {
309
+ // Shortcuts
310
+ var cipher = this._cipher;
311
+ var blockSize = cipher.blockSize;
312
+
313
+ // XOR and encrypt
314
+ xorBlock.call(this, words, offset, blockSize);
315
+ cipher.encryptBlock(words, offset);
316
+
317
+ // Remember this block to use with next block
318
+ this._prevBlock = words.slice(offset, offset + blockSize);
319
+ }
320
+ });
321
+
322
+ /**
323
+ * CBC decryptor.
324
+ */
325
+ CBC.Decryptor = CBC.extend({
326
+ /**
327
+ * Processes the data block at offset.
328
+ *
329
+ * @param {Array} words The data words to operate on.
330
+ * @param {number} offset The offset where the block starts.
331
+ *
332
+ * @example
333
+ *
334
+ * mode.processBlock(data.words, offset);
335
+ */
336
+ processBlock: function (words, offset) {
337
+ // Shortcuts
338
+ var cipher = this._cipher;
339
+ var blockSize = cipher.blockSize;
340
+
341
+ // Remember this block to use with next block
342
+ var thisBlock = words.slice(offset, offset + blockSize);
343
+
344
+ // Decrypt and XOR
345
+ cipher.decryptBlock(words, offset);
346
+ xorBlock.call(this, words, offset, blockSize);
347
+
348
+ // This block becomes the previous block
349
+ this._prevBlock = thisBlock;
350
+ }
351
+ });
352
+
353
+ function xorBlock(words, offset, blockSize) {
354
+ // Shortcut
355
+ var iv = this._iv;
356
+
357
+ // Choose mixing block
358
+ if (iv) {
359
+ var block = iv;
360
+
361
+ // Remove IV for subsequent blocks
362
+ this._iv = undefined;
363
+ } else {
364
+ var block = this._prevBlock;
365
+ }
366
+
367
+ // XOR blocks
368
+ for (var i = 0; i < blockSize; i++) {
369
+ words[offset + i] ^= block[i];
370
+ }
371
+ }
372
+
373
+ return CBC;
374
+ }());
375
+
376
+ /**
377
+ * Padding namespace.
378
+ */
379
+ var C_pad = C.pad = {};
380
+
381
+ /**
382
+ * PKCS #5/7 padding strategy.
383
+ */
384
+ var Pkcs7 = C_pad.Pkcs7 = {
385
+ /**
386
+ * Pads data using the algorithm defined in PKCS #5/7.
387
+ *
388
+ * @param {WordArray} data The data to pad.
389
+ * @param {number} blockSize The multiple that the data should be padded to.
390
+ *
391
+ * @static
392
+ *
393
+ * @example
394
+ *
395
+ * CryptoJS.pad.Pkcs7.pad(wordArray, 4);
396
+ */
397
+ pad: function (data, blockSize) {
398
+ // Shortcut
399
+ var blockSizeBytes = blockSize * 4;
400
+
401
+ // Count padding bytes
402
+ var nPaddingBytes = blockSizeBytes - data.sigBytes % blockSizeBytes;
403
+
404
+ // Create padding word
405
+ var paddingWord = (nPaddingBytes << 24) | (nPaddingBytes << 16) | (nPaddingBytes << 8) | nPaddingBytes;
406
+
407
+ // Create padding
408
+ var paddingWords = [];
409
+ for (var i = 0; i < nPaddingBytes; i += 4) {
410
+ paddingWords.push(paddingWord);
411
+ }
412
+ var padding = WordArray.create(paddingWords, nPaddingBytes);
413
+
414
+ // Add padding
415
+ data.concat(padding);
416
+ },
417
+
418
+ /**
419
+ * Unpads data that had been padded using the algorithm defined in PKCS #5/7.
420
+ *
421
+ * @param {WordArray} data The data to unpad.
422
+ *
423
+ * @static
424
+ *
425
+ * @example
426
+ *
427
+ * CryptoJS.pad.Pkcs7.unpad(wordArray);
428
+ */
429
+ unpad: function (data) {
430
+ // Get number of padding bytes from last byte
431
+ var nPaddingBytes = data.words[(data.sigBytes - 1) >>> 2] & 0xff;
432
+
433
+ // Remove padding
434
+ data.sigBytes -= nPaddingBytes;
435
+ }
436
+ };
437
+
438
+ /**
439
+ * Abstract base block cipher template.
440
+ *
441
+ * @property {number} blockSize The number of 32-bit words this cipher operates on. Default: 4 (128 bits)
442
+ */
443
+ var BlockCipher = C_lib.BlockCipher = Cipher.extend({
444
+ /**
445
+ * Configuration options.
446
+ *
447
+ * @property {Mode} mode The block mode to use. Default: CBC
448
+ * @property {Padding} padding The padding strategy to use. Default: Pkcs7
449
+ */
450
+ cfg: Cipher.cfg.extend({
451
+ mode: CBC,
452
+ padding: Pkcs7
453
+ }),
454
+
455
+ reset: function () {
456
+ // Reset cipher
457
+ Cipher.reset.call(this);
458
+
459
+ // Shortcuts
460
+ var cfg = this.cfg;
461
+ var iv = cfg.iv;
462
+ var mode = cfg.mode;
463
+
464
+ // Reset block mode
465
+ if (this._xformMode == this._ENC_XFORM_MODE) {
466
+ var modeCreator = mode.createEncryptor;
467
+ } else /* if (this._xformMode == this._DEC_XFORM_MODE) */ {
468
+ var modeCreator = mode.createDecryptor;
469
+ // Keep at least one block in the buffer for unpadding
470
+ this._minBufferSize = 1;
471
+ }
472
+
473
+ if (this._mode && this._mode.__creator == modeCreator) {
474
+ this._mode.init(this, iv && iv.words);
475
+ } else {
476
+ this._mode = modeCreator.call(mode, this, iv && iv.words);
477
+ this._mode.__creator = modeCreator;
478
+ }
479
+ },
480
+
481
+ _doProcessBlock: function (words, offset) {
482
+ this._mode.processBlock(words, offset);
483
+ },
484
+
485
+ _doFinalize: function () {
486
+ // Shortcut
487
+ var padding = this.cfg.padding;
488
+
489
+ // Finalize
490
+ if (this._xformMode == this._ENC_XFORM_MODE) {
491
+ // Pad data
492
+ padding.pad(this._data, this.blockSize);
493
+
494
+ // Process final blocks
495
+ var finalProcessedBlocks = this._process(!!'flush');
496
+ } else /* if (this._xformMode == this._DEC_XFORM_MODE) */ {
497
+ // Process final blocks
498
+ var finalProcessedBlocks = this._process(!!'flush');
499
+
500
+ // Unpad data
501
+ padding.unpad(finalProcessedBlocks);
502
+ }
503
+
504
+ return finalProcessedBlocks;
505
+ },
506
+
507
+ blockSize: 128/32
508
+ });
509
+
510
+ /**
511
+ * A collection of cipher parameters.
512
+ *
513
+ * @property {WordArray} ciphertext The raw ciphertext.
514
+ * @property {WordArray} key The key to this ciphertext.
515
+ * @property {WordArray} iv The IV used in the ciphering operation.
516
+ * @property {WordArray} salt The salt used with a key derivation function.
517
+ * @property {Cipher} algorithm The cipher algorithm.
518
+ * @property {Mode} mode The block mode used in the ciphering operation.
519
+ * @property {Padding} padding The padding scheme used in the ciphering operation.
520
+ * @property {number} blockSize The block size of the cipher.
521
+ * @property {Format} formatter The default formatting strategy to convert this cipher params object to a string.
522
+ */
523
+ var CipherParams = C_lib.CipherParams = Base.extend({
524
+ /**
525
+ * Initializes a newly created cipher params object.
526
+ *
527
+ * @param {Object} cipherParams An object with any of the possible cipher parameters.
528
+ *
529
+ * @example
530
+ *
531
+ * var cipherParams = CryptoJS.lib.CipherParams.create({
532
+ * ciphertext: ciphertextWordArray,
533
+ * key: keyWordArray,
534
+ * iv: ivWordArray,
535
+ * salt: saltWordArray,
536
+ * algorithm: CryptoJS.algo.AES,
537
+ * mode: CryptoJS.mode.CBC,
538
+ * padding: CryptoJS.pad.PKCS7,
539
+ * blockSize: 4,
540
+ * formatter: CryptoJS.format.OpenSSL
541
+ * });
542
+ */
543
+ init: function (cipherParams) {
544
+ this.mixIn(cipherParams);
545
+ },
546
+
547
+ /**
548
+ * Converts this cipher params object to a string.
549
+ *
550
+ * @param {Format} formatter (Optional) The formatting strategy to use.
551
+ *
552
+ * @return {string} The stringified cipher params.
553
+ *
554
+ * @throws Error If neither the formatter nor the default formatter is set.
555
+ *
556
+ * @example
557
+ *
558
+ * var string = cipherParams + '';
559
+ * var string = cipherParams.toString();
560
+ * var string = cipherParams.toString(CryptoJS.format.OpenSSL);
561
+ */
562
+ toString: function (formatter) {
563
+ return (formatter || this.formatter).stringify(this);
564
+ }
565
+ });
566
+
567
+ /**
568
+ * Format namespace.
569
+ */
570
+ var C_format = C.format = {};
571
+
572
+ /**
573
+ * OpenSSL formatting strategy.
574
+ */
575
+ var OpenSSLFormatter = C_format.OpenSSL = {
576
+ /**
577
+ * Converts a cipher params object to an OpenSSL-compatible string.
578
+ *
579
+ * @param {CipherParams} cipherParams The cipher params object.
580
+ *
581
+ * @return {string} The OpenSSL-compatible string.
582
+ *
583
+ * @static
584
+ *
585
+ * @example
586
+ *
587
+ * var openSSLString = CryptoJS.format.OpenSSL.stringify(cipherParams);
588
+ */
589
+ stringify: function (cipherParams) {
590
+ // Shortcuts
591
+ var ciphertext = cipherParams.ciphertext;
592
+ var salt = cipherParams.salt;
593
+
594
+ // Format
595
+ if (salt) {
596
+ var wordArray = WordArray.create([0x53616c74, 0x65645f5f]).concat(salt).concat(ciphertext);
597
+ } else {
598
+ var wordArray = ciphertext;
599
+ }
600
+
601
+ return wordArray.toString(Base64);
602
+ },
603
+
604
+ /**
605
+ * Converts an OpenSSL-compatible string to a cipher params object.
606
+ *
607
+ * @param {string} openSSLStr The OpenSSL-compatible string.
608
+ *
609
+ * @return {CipherParams} The cipher params object.
610
+ *
611
+ * @static
612
+ *
613
+ * @example
614
+ *
615
+ * var cipherParams = CryptoJS.format.OpenSSL.parse(openSSLString);
616
+ */
617
+ parse: function (openSSLStr) {
618
+ // Parse base64
619
+ var ciphertext = Base64.parse(openSSLStr);
620
+
621
+ // Shortcut
622
+ var ciphertextWords = ciphertext.words;
623
+
624
+ // Test for salt
625
+ if (ciphertextWords[0] == 0x53616c74 && ciphertextWords[1] == 0x65645f5f) {
626
+ // Extract salt
627
+ var salt = WordArray.create(ciphertextWords.slice(2, 4));
628
+
629
+ // Remove salt from ciphertext
630
+ ciphertextWords.splice(0, 4);
631
+ ciphertext.sigBytes -= 16;
632
+ }
633
+
634
+ return CipherParams.create({ ciphertext: ciphertext, salt: salt });
635
+ }
636
+ };
637
+
638
+ /**
639
+ * A cipher wrapper that returns ciphertext as a serializable cipher params object.
640
+ */
641
+ var SerializableCipher = C_lib.SerializableCipher = Base.extend({
642
+ /**
643
+ * Configuration options.
644
+ *
645
+ * @property {Formatter} format The formatting strategy to convert cipher param objects to and from a string. Default: OpenSSL
646
+ */
647
+ cfg: Base.extend({
648
+ format: OpenSSLFormatter
649
+ }),
650
+
651
+ /**
652
+ * Encrypts a message.
653
+ *
654
+ * @param {Cipher} cipher The cipher algorithm to use.
655
+ * @param {WordArray|string} message The message to encrypt.
656
+ * @param {WordArray} key The key.
657
+ * @param {Object} cfg (Optional) The configuration options to use for this operation.
658
+ *
659
+ * @return {CipherParams} A cipher params object.
660
+ *
661
+ * @static
662
+ *
663
+ * @example
664
+ *
665
+ * var ciphertextParams = CryptoJS.lib.SerializableCipher.encrypt(CryptoJS.algo.AES, message, key);
666
+ * var ciphertextParams = CryptoJS.lib.SerializableCipher.encrypt(CryptoJS.algo.AES, message, key, { iv: iv });
667
+ * var ciphertextParams = CryptoJS.lib.SerializableCipher.encrypt(CryptoJS.algo.AES, message, key, { iv: iv, format: CryptoJS.format.OpenSSL });
668
+ */
669
+ encrypt: function (cipher, message, key, cfg) {
670
+ // Apply config defaults
671
+ cfg = this.cfg.extend(cfg);
672
+
673
+ // Encrypt
674
+ var encryptor = cipher.createEncryptor(key, cfg);
675
+ var ciphertext = encryptor.finalize(message);
676
+
677
+ // Shortcut
678
+ var cipherCfg = encryptor.cfg;
679
+
680
+ // Create and return serializable cipher params
681
+ return CipherParams.create({
682
+ ciphertext: ciphertext,
683
+ key: key,
684
+ iv: cipherCfg.iv,
685
+ algorithm: cipher,
686
+ mode: cipherCfg.mode,
687
+ padding: cipherCfg.padding,
688
+ blockSize: cipher.blockSize,
689
+ formatter: cfg.format
690
+ });
691
+ },
692
+
693
+ /**
694
+ * Decrypts serialized ciphertext.
695
+ *
696
+ * @param {Cipher} cipher The cipher algorithm to use.
697
+ * @param {CipherParams|string} ciphertext The ciphertext to decrypt.
698
+ * @param {WordArray} key The key.
699
+ * @param {Object} cfg (Optional) The configuration options to use for this operation.
700
+ *
701
+ * @return {WordArray} The plaintext.
702
+ *
703
+ * @static
704
+ *
705
+ * @example
706
+ *
707
+ * var plaintext = CryptoJS.lib.SerializableCipher.decrypt(CryptoJS.algo.AES, formattedCiphertext, key, { iv: iv, format: CryptoJS.format.OpenSSL });
708
+ * var plaintext = CryptoJS.lib.SerializableCipher.decrypt(CryptoJS.algo.AES, ciphertextParams, key, { iv: iv, format: CryptoJS.format.OpenSSL });
709
+ */
710
+ decrypt: function (cipher, ciphertext, key, cfg) {
711
+ // Apply config defaults
712
+ cfg = this.cfg.extend(cfg);
713
+
714
+ // Convert string to CipherParams
715
+ ciphertext = this._parse(ciphertext, cfg.format);
716
+
717
+ // Decrypt
718
+ var plaintext = cipher.createDecryptor(key, cfg).finalize(ciphertext.ciphertext);
719
+
720
+ return plaintext;
721
+ },
722
+
723
+ /**
724
+ * Converts serialized ciphertext to CipherParams,
725
+ * else assumed CipherParams already and returns ciphertext unchanged.
726
+ *
727
+ * @param {CipherParams|string} ciphertext The ciphertext.
728
+ * @param {Formatter} format The formatting strategy to use to parse serialized ciphertext.
729
+ *
730
+ * @return {CipherParams} The unserialized ciphertext.
731
+ *
732
+ * @static
733
+ *
734
+ * @example
735
+ *
736
+ * var ciphertextParams = CryptoJS.lib.SerializableCipher._parse(ciphertextStringOrParams, format);
737
+ */
738
+ _parse: function (ciphertext, format) {
739
+ if (typeof ciphertext == 'string') {
740
+ return format.parse(ciphertext, this);
741
+ } else {
742
+ return ciphertext;
743
+ }
744
+ }
745
+ });
746
+
747
+ /**
748
+ * Key derivation function namespace.
749
+ */
750
+ var C_kdf = C.kdf = {};
751
+
752
+ /**
753
+ * OpenSSL key derivation function.
754
+ */
755
+ var OpenSSLKdf = C_kdf.OpenSSL = {
756
+ /**
757
+ * Derives a key and IV from a password.
758
+ *
759
+ * @param {string} password The password to derive from.
760
+ * @param {number} keySize The size in words of the key to generate.
761
+ * @param {number} ivSize The size in words of the IV to generate.
762
+ * @param {WordArray|string} salt (Optional) A 64-bit salt to use. If omitted, a salt will be generated randomly.
763
+ *
764
+ * @return {CipherParams} A cipher params object with the key, IV, and salt.
765
+ *
766
+ * @static
767
+ *
768
+ * @example
769
+ *
770
+ * var derivedParams = CryptoJS.kdf.OpenSSL.execute('Password', 256/32, 128/32);
771
+ * var derivedParams = CryptoJS.kdf.OpenSSL.execute('Password', 256/32, 128/32, 'saltsalt');
772
+ */
773
+ execute: function (password, keySize, ivSize, salt) {
774
+ // Generate random salt
775
+ if (!salt) {
776
+ salt = WordArray.random(64/8);
777
+ }
778
+
779
+ // Derive key and IV
780
+ var key = EvpKDF.create({ keySize: keySize + ivSize }).compute(password, salt);
781
+
782
+ // Separate key and IV
783
+ var iv = WordArray.create(key.words.slice(keySize), ivSize * 4);
784
+ key.sigBytes = keySize * 4;
785
+
786
+ // Return params
787
+ return CipherParams.create({ key: key, iv: iv, salt: salt });
788
+ }
789
+ };
790
+
791
+ /**
792
+ * A serializable cipher wrapper that derives the key from a password,
793
+ * and returns ciphertext as a serializable cipher params object.
794
+ */
795
+ var PasswordBasedCipher = C_lib.PasswordBasedCipher = SerializableCipher.extend({
796
+ /**
797
+ * Configuration options.
798
+ *
799
+ * @property {KDF} kdf The key derivation function to use to generate a key and IV from a password. Default: OpenSSL
800
+ */
801
+ cfg: SerializableCipher.cfg.extend({
802
+ kdf: OpenSSLKdf
803
+ }),
804
+
805
+ /**
806
+ * Encrypts a message using a password.
807
+ *
808
+ * @param {Cipher} cipher The cipher algorithm to use.
809
+ * @param {WordArray|string} message The message to encrypt.
810
+ * @param {string} password The password.
811
+ * @param {Object} cfg (Optional) The configuration options to use for this operation.
812
+ *
813
+ * @return {CipherParams} A cipher params object.
814
+ *
815
+ * @static
816
+ *
817
+ * @example
818
+ *
819
+ * var ciphertextParams = CryptoJS.lib.PasswordBasedCipher.encrypt(CryptoJS.algo.AES, message, 'password');
820
+ * var ciphertextParams = CryptoJS.lib.PasswordBasedCipher.encrypt(CryptoJS.algo.AES, message, 'password', { format: CryptoJS.format.OpenSSL });
821
+ */
822
+ encrypt: function (cipher, message, password, cfg) {
823
+ // Apply config defaults
824
+ cfg = this.cfg.extend(cfg);
825
+
826
+ // Derive key and other params
827
+ var derivedParams = cfg.kdf.execute(password, cipher.keySize, cipher.ivSize);
828
+
829
+ // Add IV to config
830
+ cfg.iv = derivedParams.iv;
831
+
832
+ // Encrypt
833
+ var ciphertext = SerializableCipher.encrypt.call(this, cipher, message, derivedParams.key, cfg);
834
+
835
+ // Mix in derived params
836
+ ciphertext.mixIn(derivedParams);
837
+
838
+ return ciphertext;
839
+ },
840
+
841
+ /**
842
+ * Decrypts serialized ciphertext using a password.
843
+ *
844
+ * @param {Cipher} cipher The cipher algorithm to use.
845
+ * @param {CipherParams|string} ciphertext The ciphertext to decrypt.
846
+ * @param {string} password The password.
847
+ * @param {Object} cfg (Optional) The configuration options to use for this operation.
848
+ *
849
+ * @return {WordArray} The plaintext.
850
+ *
851
+ * @static
852
+ *
853
+ * @example
854
+ *
855
+ * var plaintext = CryptoJS.lib.PasswordBasedCipher.decrypt(CryptoJS.algo.AES, formattedCiphertext, 'password', { format: CryptoJS.format.OpenSSL });
856
+ * var plaintext = CryptoJS.lib.PasswordBasedCipher.decrypt(CryptoJS.algo.AES, ciphertextParams, 'password', { format: CryptoJS.format.OpenSSL });
857
+ */
858
+ decrypt: function (cipher, ciphertext, password, cfg) {
859
+ // Apply config defaults
860
+ cfg = this.cfg.extend(cfg);
861
+
862
+ // Convert string to CipherParams
863
+ ciphertext = this._parse(ciphertext, cfg.format);
864
+
865
+ // Derive key and other params
866
+ var derivedParams = cfg.kdf.execute(password, cipher.keySize, cipher.ivSize, ciphertext.salt);
867
+
868
+ // Add IV to config
869
+ cfg.iv = derivedParams.iv;
870
+
871
+ // Decrypt
872
+ var plaintext = SerializableCipher.decrypt.call(this, cipher, ciphertext, derivedParams.key, cfg);
873
+
874
+ return plaintext;
875
+ }
876
+ });
877
+ }());
878
+
879
+
880
+ }));
admin/js/crypto-js/core.js ADDED
@@ -0,0 +1,760 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ;(function (root, factory) {
2
+ if (typeof exports === "object") {
3
+ // CommonJS
4
+ module.exports = exports = factory();
5
+ }
6
+ else if (typeof define === "function" && define.amd) {
7
+ // AMD
8
+ define([], factory);
9
+ }
10
+ else {
11
+ // Global (browser)
12
+ root.CryptoJS = factory();
13
+ }
14
+ }(this, function () {
15
+
16
+ /**
17
+ * CryptoJS core components.
18
+ */
19
+ var CryptoJS = CryptoJS || (function (Math, undefined) {
20
+ /*
21
+ * Local polyfil of Object.create
22
+ */
23
+ var create = Object.create || (function () {
24
+ function F() {};
25
+
26
+ return function (obj) {
27
+ var subtype;
28
+
29
+ F.prototype = obj;
30
+
31
+ subtype = new F();
32
+
33
+ F.prototype = null;
34
+
35
+ return subtype;
36
+ };
37
+ }())
38
+
39
+ /**
40
+ * CryptoJS namespace.
41
+ */
42
+ var C = {};
43
+
44
+ /**
45
+ * Library namespace.
46
+ */
47
+ var C_lib = C.lib = {};
48
+
49
+ /**
50
+ * Base object for prototypal inheritance.
51
+ */
52
+ var Base = C_lib.Base = (function () {
53
+
54
+
55
+ return {
56
+ /**
57
+ * Creates a new object that inherits from this object.
58
+ *
59
+ * @param {Object} overrides Properties to copy into the new object.
60
+ *
61
+ * @return {Object} The new object.
62
+ *
63
+ * @static
64
+ *
65
+ * @example
66
+ *
67
+ * var MyType = CryptoJS.lib.Base.extend({
68
+ * field: 'value',
69
+ *
70
+ * method: function () {
71
+ * }
72
+ * });
73
+ */
74
+ extend: function (overrides) {
75
+ // Spawn
76
+ var subtype = create(this);
77
+
78
+ // Augment
79
+ if (overrides) {
80
+ subtype.mixIn(overrides);
81
+ }
82
+
83
+ // Create default initializer
84
+ if (!subtype.hasOwnProperty('init') || this.init === subtype.init) {
85
+ subtype.init = function () {
86
+ subtype.$super.init.apply(this, arguments);
87
+ };
88
+ }
89
+
90
+ // Initializer's prototype is the subtype object
91
+ subtype.init.prototype = subtype;
92
+
93
+ // Reference supertype
94
+ subtype.$super = this;
95
+
96
+ return subtype;
97
+ },
98
+
99
+ /**
100
+ * Extends this object and runs the init method.
101
+ * Arguments to create() will be passed to init().
102
+ *
103
+ * @return {Object} The new object.
104
+ *
105
+ * @static
106
+ *
107
+ * @example
108
+ *
109
+ * var instance = MyType.create();
110
+ */
111
+ create: function () {
112
+ var instance = this.extend();
113
+ instance.init.apply(instance, arguments);
114
+
115
+ return instance;
116
+ },
117
+
118
+ /**
119
+ * Initializes a newly created object.
120
+ * Override this method to add some logic when your objects are created.
121
+ *
122
+ * @example
123
+ *
124
+ * var MyType = CryptoJS.lib.Base.extend({
125
+ * init: function () {
126
+ * // ...
127
+ * }
128
+ * });
129
+ */
130
+ init: function () {
131
+ },
132
+
133
+ /**
134
+ * Copies properties into this object.
135
+ *
136
+ * @param {Object} properties The properties to mix in.
137
+ *
138
+ * @example
139
+ *
140
+ * MyType.mixIn({
141
+ * field: 'value'
142
+ * });
143
+ */
144
+ mixIn: function (properties) {
145
+ for (var propertyName in properties) {
146
+ if (properties.hasOwnProperty(propertyName)) {
147
+ this[propertyName] = properties[propertyName];
148
+ }
149
+ }
150
+
151
+ // IE won't copy toString using the loop above
152
+ if (properties.hasOwnProperty('toString')) {
153
+ this.toString = properties.toString;
154
+ }
155
+ },
156
+
157
+ /**
158
+ * Creates a copy of this object.
159
+ *
160
+ * @return {Object} The clone.
161
+ *
162
+ * @example
163
+ *
164
+ * var clone = instance.clone();
165
+ */
166
+ clone: function () {
167
+ return this.init.prototype.extend(this);
168
+ }
169
+ };
170
+ }());
171
+
172
+ /**
173
+ * An array of 32-bit words.
174
+ *
175
+ * @property {Array} words The array of 32-bit words.
176
+ * @property {number} sigBytes The number of significant bytes in this word array.
177
+ */
178
+ var WordArray = C_lib.WordArray = Base.extend({
179
+ /**
180
+ * Initializes a newly created word array.
181
+ *
182
+ * @param {Array} words (Optional) An array of 32-bit words.
183
+ * @param {number} sigBytes (Optional) The number of significant bytes in the words.
184
+ *
185
+ * @example
186
+ *
187
+ * var wordArray = CryptoJS.lib.WordArray.create();
188
+ * var wordArray = CryptoJS.lib.WordArray.create([0x00010203, 0x04050607]);
189
+ * var wordArray = CryptoJS.lib.WordArray.create([0x00010203, 0x04050607], 6);
190
+ */
191
+ init: function (words, sigBytes) {
192
+ words = this.words = words || [];
193
+
194
+ if (sigBytes != undefined) {
195
+ this.sigBytes = sigBytes;
196
+ } else {
197
+ this.sigBytes = words.length * 4;
198
+ }
199
+ },
200
+
201
+ /**
202
+ * Converts this word array to a string.
203
+ *
204
+ * @param {Encoder} encoder (Optional) The encoding strategy to use. Default: CryptoJS.enc.Hex
205
+ *
206
+ * @return {string} The stringified word array.
207
+ *
208
+ * @example
209
+ *
210
+ * var string = wordArray + '';
211
+ * var string = wordArray.toString();
212
+ * var string = wordArray.toString(CryptoJS.enc.Utf8);
213
+ */
214
+ toString: function (encoder) {
215
+ return (encoder || Hex).stringify(this);
216
+ },
217
+
218
+ /**
219
+ * Concatenates a word array to this word array.
220
+ *
221
+ * @param {WordArray} wordArray The word array to append.
222
+ *
223
+ * @return {WordArray} This word array.
224
+ *
225
+ * @example
226
+ *
227
+ * wordArray1.concat(wordArray2);
228
+ */
229
+ concat: function (wordArray) {
230
+ // Shortcuts
231
+ var thisWords = this.words;
232
+ var thatWords = wordArray.words;
233
+ var thisSigBytes = this.sigBytes;
234
+ var thatSigBytes = wordArray.sigBytes;
235
+
236
+ // Clamp excess bits
237
+ this.clamp();
238
+
239
+ // Concat
240
+ if (thisSigBytes % 4) {
241
+ // Copy one byte at a time
242
+ for (var i = 0; i < thatSigBytes; i++) {
243
+ var thatByte = (thatWords[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff;
244
+ thisWords[(thisSigBytes + i) >>> 2] |= thatByte << (24 - ((thisSigBytes + i) % 4) * 8);
245
+ }
246
+ } else {
247
+ // Copy one word at a time
248
+ for (var i = 0; i < thatSigBytes; i += 4) {
249
+ thisWords[(thisSigBytes + i) >>> 2] = thatWords[i >>> 2];
250
+ }
251
+ }
252
+ this.sigBytes += thatSigBytes;
253
+
254
+ // Chainable
255
+ return this;
256
+ },
257
+
258
+ /**
259
+ * Removes insignificant bits.
260
+ *
261
+ * @example
262
+ *
263
+ * wordArray.clamp();
264
+ */
265
+ clamp: function () {
266
+ // Shortcuts
267
+ var words = this.words;
268
+ var sigBytes = this.sigBytes;
269
+
270
+ // Clamp
271
+ words[sigBytes >>> 2] &= 0xffffffff << (32 - (sigBytes % 4) * 8);
272
+ words.length = Math.ceil(sigBytes / 4);
273
+ },
274
+
275
+ /**
276
+ * Creates a copy of this word array.
277
+ *
278
+ * @return {WordArray} The clone.
279
+ *
280
+ * @example
281
+ *
282
+ * var clone = wordArray.clone();
283
+ */
284
+ clone: function () {
285
+ var clone = Base.clone.call(this);
286
+ clone.words = this.words.slice(0);
287
+
288
+ return clone;
289
+ },
290
+
291
+ /**
292
+ * Creates a word array filled with random bytes.
293
+ *
294
+ * @param {number} nBytes The number of random bytes to generate.
295
+ *
296
+ * @return {WordArray} The random word array.
297
+ *
298
+ * @static
299
+ *
300
+ * @example
301
+ *
302
+ * var wordArray = CryptoJS.lib.WordArray.random(16);
303
+ */
304
+ random: function (nBytes) {
305
+ var words = [];
306
+
307
+ var r = (function (m_w) {
308
+ var m_w = m_w;
309
+ var m_z = 0x3ade68b1;
310
+ var mask = 0xffffffff;
311
+
312
+ return function () {
313
+ m_z = (0x9069 * (m_z & 0xFFFF) + (m_z >> 0x10)) & mask;
314
+ m_w = (0x4650 * (m_w & 0xFFFF) + (m_w >> 0x10)) & mask;
315
+ var result = ((m_z << 0x10) + m_w) & mask;
316
+ result /= 0x100000000;
317
+ result += 0.5;
318
+ return result * (Math.random() > .5 ? 1 : -1);
319
+ }
320
+ });
321
+
322
+ for (var i = 0, rcache; i < nBytes; i += 4) {
323
+ var _r = r((rcache || Math.random()) * 0x100000000);
324
+
325
+ rcache = _r() * 0x3ade67b7;
326
+ words.push((_r() * 0x100000000) | 0);
327
+ }
328
+
329
+ return new WordArray.init(words, nBytes);
330
+ }
331
+ });
332
+
333
+ /**
334
+ * Encoder namespace.
335
+ */
336
+ var C_enc = C.enc = {};
337
+
338
+ /**
339
+ * Hex encoding strategy.
340
+ */
341
+ var Hex = C_enc.Hex = {
342
+ /**
343
+ * Converts a word array to a hex string.
344
+ *
345
+ * @param {WordArray} wordArray The word array.
346
+ *
347
+ * @return {string} The hex string.
348
+ *
349
+ * @static
350
+ *
351
+ * @example
352
+ *
353
+ * var hexString = CryptoJS.enc.Hex.stringify(wordArray);
354
+ */
355
+ stringify: function (wordArray) {
356
+ // Shortcuts
357
+ var words = wordArray.words;
358
+ var sigBytes = wordArray.sigBytes;
359
+
360
+ // Convert
361
+ var hexChars = [];
362
+ for (var i = 0; i < sigBytes; i++) {
363
+ var bite = (words[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff;
364
+ hexChars.push((bite >>> 4).toString(16));
365
+ hexChars.push((bite & 0x0f).toString(16));
366
+ }
367
+
368
+ return hexChars.join('');
369
+ },
370
+
371
+ /**
372
+ * Converts a hex string to a word array.
373
+ *
374
+ * @param {string} hexStr The hex string.
375
+ *
376
+ * @return {WordArray} The word array.
377
+ *
378
+ * @static
379
+ *
380
+ * @example
381
+ *
382
+ * var wordArray = CryptoJS.enc.Hex.parse(hexString);
383
+ */
384
+ parse: function (hexStr) {
385
+ // Shortcut
386
+ var hexStrLength = hexStr.length;
387
+
388
+ // Convert
389
+ var words = [];
390
+ for (var i = 0; i < hexStrLength; i += 2) {
391
+ words[i >>> 3] |= parseInt(hexStr.substr(i, 2), 16) << (24 - (i % 8) * 4);
392
+ }
393
+
394
+ return new WordArray.init(words, hexStrLength / 2);
395
+ }
396
+ };
397
+
398
+ /**
399
+ * Latin1 encoding strategy.
400
+ */
401
+ var Latin1 = C_enc.Latin1 = {
402
+ /**
403
+ * Converts a word array to a Latin1 string.
404
+ *
405
+ * @param {WordArray} wordArray The word array.
406
+ *
407
+ * @return {string} The Latin1 string.
408
+ *
409
+ * @static
410
+ *
411
+ * @example
412
+ *
413
+ * var latin1String = CryptoJS.enc.Latin1.stringify(wordArray);
414
+ */
415
+ stringify: function (wordArray) {
416
+ // Shortcuts
417
+ var words = wordArray.words;
418
+ var sigBytes = wordArray.sigBytes;
419
+
420
+ // Convert
421
+ var latin1Chars = [];
422
+ for (var i = 0; i < sigBytes; i++) {
423
+ var bite = (words[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff;
424
+ latin1Chars.push(String.fromCharCode(bite));
425
+ }
426
+
427
+ return latin1Chars.join('');
428
+ },
429
+
430
+ /**
431
+ * Converts a Latin1 string to a word array.
432
+ *
433
+ * @param {string} latin1Str The Latin1 string.
434
+ *
435
+ * @return {WordArray} The word array.
436
+ *
437
+ * @static
438
+ *
439
+ * @example
440
+ *
441
+ * var wordArray = CryptoJS.enc.Latin1.parse(latin1String);
442
+ */
443
+ parse: function (latin1Str) {
444
+ // Shortcut
445
+ var latin1StrLength = latin1Str.length;
446
+
447
+ // Convert
448
+ var words = [];
449
+ for (var i = 0; i < latin1StrLength; i++) {
450
+ words[i >>> 2] |= (latin1Str.charCodeAt(i) & 0xff) << (24 - (i % 4) * 8);
451
+ }
452
+
453
+ return new WordArray.init(words, latin1StrLength);
454
+ }
455
+ };
456
+
457
+ /**
458
+ * UTF-8 encoding strategy.
459
+ */
460
+ var Utf8 = C_enc.Utf8 = {
461
+ /**
462
+ * Converts a word array to a UTF-8 string.
463
+ *
464
+ * @param {WordArray} wordArray The word array.
465
+ *
466
+ * @return {string} The UTF-8 string.
467
+ *
468
+ * @static
469
+ *
470
+ * @example
471
+ *
472
+ * var utf8String = CryptoJS.enc.Utf8.stringify(wordArray);
473
+ */
474
+ stringify: function (wordArray) {
475
+ try {
476
+ return decodeURIComponent(escape(Latin1.stringify(wordArray)));
477
+ } catch (e) {
478
+ throw new Error('Malformed UTF-8 data');
479
+ }
480
+ },
481
+
482
+ /**
483
+ * Converts a UTF-8 string to a word array.
484
+ *
485
+ * @param {string} utf8Str The UTF-8 string.
486
+ *
487
+ * @return {WordArray} The word array.
488
+ *
489
+ * @static
490
+ *
491
+ * @example
492
+ *
493
+ * var wordArray = CryptoJS.enc.Utf8.parse(utf8String);
494
+ */
495
+ parse: function (utf8Str) {
496
+ return Latin1.parse(unescape(encodeURIComponent(utf8Str)));
497
+ }
498
+ };
499
+
500
+ /**
501
+ * Abstract buffered block algorithm template.
502
+ *
503
+ * The property blockSize must be implemented in a concrete subtype.
504
+ *
505
+ * @property {number} _minBufferSize The number of blocks that should be kept unprocessed in the buffer. Default: 0
506
+ */
507
+ var BufferedBlockAlgorithm = C_lib.BufferedBlockAlgorithm = Base.extend({
508
+ /**
509
+ * Resets this block algorithm's data buffer to its initial state.
510
+ *
511
+ * @example
512
+ *
513
+ * bufferedBlockAlgorithm.reset();
514
+ */
515
+ reset: function () {
516
+ // Initial values
517
+ this._data = new WordArray.init();
518
+ this._nDataBytes = 0;
519
+ },
520
+
521
+ /**
522
+ * Adds new data to this block algorithm's buffer.
523
+ *
524
+ * @param {WordArray|string} data The data to append. Strings are converted to a WordArray using UTF-8.
525
+ *
526
+ * @example
527
+ *
528
+ * bufferedBlockAlgorithm._append('data');
529
+ * bufferedBlockAlgorithm._append(wordArray);
530
+ */
531
+ _append: function (data) {
532
+ // Convert string to WordArray, else assume WordArray already
533
+ if (typeof data == 'string') {
534
+ data = Utf8.parse(data);
535
+ }
536
+
537
+ // Append
538
+ this._data.concat(data);
539
+ this._nDataBytes += data.sigBytes;
540
+ },
541
+
542
+ /**
543
+ * Processes available data blocks.
544
+ *
545
+ * This method invokes _doProcessBlock(offset), which must be implemented by a concrete subtype.
546
+ *
547
+ * @param {boolean} doFlush Whether all blocks and partial blocks should be processed.
548
+ *
549
+ * @return {WordArray} The processed data.
550
+ *
551
+ * @example
552
+ *
553
+ * var processedData = bufferedBlockAlgorithm._process();
554
+ * var processedData = bufferedBlockAlgorithm._process(!!'flush');
555
+ */
556
+ _process: function (doFlush) {
557
+ // Shortcuts
558
+ var data = this._data;
559
+ var dataWords = data.words;
560
+ var dataSigBytes = data.sigBytes;
561
+ var blockSize = this.blockSize;
562
+ var blockSizeBytes = blockSize * 4;
563
+
564
+ // Count blocks ready
565
+ var nBlocksReady = dataSigBytes / blockSizeBytes;
566
+ if (doFlush) {
567
+ // Round up to include partial blocks
568
+ nBlocksReady = Math.ceil(nBlocksReady);
569
+ } else {
570
+ // Round down to include only full blocks,
571
+ // less the number of blocks that must remain in the buffer
572
+ nBlocksReady = Math.max((nBlocksReady | 0) - this._minBufferSize, 0);
573
+ }
574
+
575
+ // Count words ready
576
+ var nWordsReady = nBlocksReady * blockSize;
577
+
578
+ // Count bytes ready
579
+ var nBytesReady = Math.min(nWordsReady * 4, dataSigBytes);
580
+
581
+ // Process blocks
582
+ if (nWordsReady) {
583
+ for (var offset = 0; offset < nWordsReady; offset += blockSize) {
584
+ // Perform concrete-algorithm logic
585
+ this._doProcessBlock(dataWords, offset);
586
+ }
587
+
588
+ // Remove processed words
589
+ var processedWords = dataWords.splice(0, nWordsReady);
590
+ data.sigBytes -= nBytesReady;
591
+ }
592
+
593
+ // Return processed words
594
+ return new WordArray.init(processedWords, nBytesReady);
595
+ },
596
+
597
+ /**
598
+ * Creates a copy of this object.
599
+ *
600
+ * @return {Object} The clone.
601
+ *
602
+ * @example
603
+ *
604
+ * var clone = bufferedBlockAlgorithm.clone();
605
+ */
606
+ clone: function () {
607
+ var clone = Base.clone.call(this);
608
+ clone._data = this._data.clone();
609
+
610
+ return clone;
611
+ },
612
+
613
+ _minBufferSize: 0
614
+ });
615
+
616
+ /**
617
+ * Abstract hasher template.
618
+ *
619
+ * @property {number} blockSize The number of 32-bit words this hasher operates on. Default: 16 (512 bits)
620
+ */
621
+ var Hasher = C_lib.Hasher = BufferedBlockAlgorithm.extend({
622
+ /**
623
+ * Configuration options.
624
+ */
625
+ cfg: Base.extend(),
626
+
627
+ /**
628
+ * Initializes a newly created hasher.
629
+ *
630
+ * @param {Object} cfg (Optional) The configuration options to use for this hash computation.
631
+ *
632
+ * @example
633
+ *
634
+ * var hasher = CryptoJS.algo.SHA256.create();
635
+ */
636
+ init: function (cfg) {
637
+ // Apply config defaults
638
+ this.cfg = this.cfg.extend(cfg);
639
+
640
+ // Set initial values
641
+ this.reset();
642
+ },
643
+
644
+ /**
645
+ * Resets this hasher to its initial state.
646
+ *
647
+ * @example
648
+ *
649
+ * hasher.reset();
650
+ */
651
+ reset: function () {
652
+ // Reset data buffer
653
+ BufferedBlockAlgorithm.reset.call(this);
654
+
655
+ // Perform concrete-hasher logic
656
+ this._doReset();
657
+ },
658
+
659
+ /**
660
+ * Updates this hasher with a message.
661
+ *
662
+ * @param {WordArray|string} messageUpdate The message to append.
663
+ *
664
+ * @return {Hasher} This hasher.
665
+ *
666
+ * @example
667
+ *
668
+ * hasher.update('message');
669
+ * hasher.update(wordArray);
670
+ */
671
+ update: function (messageUpdate) {
672
+ // Append
673
+ this._append(messageUpdate);
674
+
675
+ // Update the hash
676
+ this._process();
677
+
678
+ // Chainable
679
+ return this;
680
+ },
681
+
682
+ /**
683
+ * Finalizes the hash computation.
684
+ * Note that the finalize operation is effectively a destructive, read-once operation.
685
+ *
686
+ * @param {WordArray|string} messageUpdate (Optional) A final message update.
687
+ *
688
+ * @return {WordArray} The hash.
689
+ *
690
+ * @example
691
+ *
692
+ * var hash = hasher.finalize();
693
+ * var hash = hasher.finalize('message');
694
+ * var hash = hasher.finalize(wordArray);
695
+ */
696
+ finalize: function (messageUpdate) {
697
+ // Final message update
698
+ if (messageUpdate) {
699
+ this._append(messageUpdate);
700
+ }
701
+
702
+ // Perform concrete-hasher logic
703
+ var hash = this._doFinalize();
704
+
705
+ return hash;
706
+ },
707
+
708
+ blockSize: 512/32,
709
+
710
+ /**
711
+ * Creates a shortcut function to a hasher's object interface.
712
+ *
713
+ * @param {Hasher} hasher The hasher to create a helper for.
714
+ *
715
+ * @return {Function} The shortcut function.
716
+ *
717
+ * @static
718
+ *
719
+ * @example
720
+ *
721
+ * var SHA256 = CryptoJS.lib.Hasher._createHelper(CryptoJS.algo.SHA256);
722
+ */
723
+ _createHelper: function (hasher) {
724
+ return function (message, cfg) {
725
+ return new hasher.init(cfg).finalize(message);
726
+ };
727
+ },
728
+
729
+ /**
730
+ * Creates a shortcut function to the HMAC's object interface.
731
+ *
732
+ * @param {Hasher} hasher The hasher to use in this HMAC helper.
733
+ *
734
+ * @return {Function} The shortcut function.
735
+ *
736
+ * @static
737
+ *
738
+ * @example
739
+ *
740
+ * var HmacSHA256 = CryptoJS.lib.Hasher._createHmacHelper(CryptoJS.algo.SHA256);
741
+ */
742
+ _createHmacHelper: function (hasher) {
743
+ return function (message, key) {
744
+ return new C_algo.HMAC.init(hasher, key).finalize(message);
745
+ };
746
+ }
747
+ });
748
+
749
+ /**
750
+ * Algorithm namespace.
751
+ */
752
+ var C_algo = C.algo = {};
753
+
754
+ return C;
755
+ }(Math));
756
+
757
+
758
+ return CryptoJS;
759
+
760
+ }));
admin/js/crypto-js/crypto-js.js ADDED
@@ -0,0 +1,5988 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ;(function (root, factory) {
2
+ if (typeof exports === "object") {
3
+ // CommonJS
4
+ module.exports = exports = factory();
5
+ }
6
+ else if (typeof define === "function" && define.amd) {
7
+ // AMD
8
+ define([], factory);
9
+ }
10
+ else {
11
+ // Global (browser)
12
+ root.CryptoJS = factory();
13
+ }
14
+ }(this, function () {
15
+
16
+ /**
17
+ * CryptoJS core components.
18
+ */
19
+ var CryptoJS = CryptoJS || (function (Math, undefined) {
20
+ /*
21
+ * Local polyfil of Object.create
22
+ */
23
+ var create = Object.create || (function () {
24
+ function F() {};
25
+
26
+ return function (obj) {
27
+ var subtype;
28
+
29
+ F.prototype = obj;
30
+
31
+ subtype = new F();
32
+
33
+ F.prototype = null;
34
+
35
+ return subtype;
36
+ };
37
+ }())
38
+
39
+ /**
40
+ * CryptoJS namespace.
41
+ */
42
+ var C = {};
43
+
44
+ /**
45
+ * Library namespace.
46
+ */
47
+ var C_lib = C.lib = {};
48
+
49
+ /**
50
+ * Base object for prototypal inheritance.
51
+ */
52
+ var Base = C_lib.Base = (function () {
53
+
54
+
55
+ return {
56
+ /**
57
+ * Creates a new object that inherits from this object.
58
+ *
59
+ * @param {Object} overrides Properties to copy into the new object.
60
+ *
61
+ * @return {Object} The new object.
62
+ *
63
+ * @static
64
+ *
65
+ * @example
66
+ *
67
+ * var MyType = CryptoJS.lib.Base.extend({
68
+ * field: 'value',
69
+ *
70
+ * method: function () {
71
+ * }
72
+ * });
73
+ */
74
+ extend: function (overrides) {
75
+ // Spawn
76
+ var subtype = create(this);
77
+
78
+ // Augment
79
+ if (overrides) {
80
+ subtype.mixIn(overrides);
81
+ }
82
+
83
+ // Create default initializer
84
+ if (!subtype.hasOwnProperty('init') || this.init === subtype.init) {
85
+ subtype.init = function () {
86
+ subtype.$super.init.apply(this, arguments);
87
+ };
88
+ }
89
+
90
+ // Initializer's prototype is the subtype object
91
+ subtype.init.prototype = subtype;
92
+
93
+ // Reference supertype
94
+ subtype.$super = this;
95
+
96
+ return subtype;
97
+ },
98
+
99
+ /**
100
+ * Extends this object and runs the init method.
101
+ * Arguments to create() will be passed to init().
102
+ *
103
+ * @return {Object} The new object.
104
+ *
105
+ * @static
106
+ *
107
+ * @example
108
+ *
109
+ * var instance = MyType.create();
110
+ */
111
+ create: function () {
112
+ var instance = this.extend();
113
+ instance.init.apply(instance, arguments);
114
+
115
+ return instance;
116
+ },
117
+
118
+ /**
119
+ * Initializes a newly created object.
120
+ * Override this method to add some logic when your objects are created.
121
+ *
122
+ * @example
123
+ *
124
+ * var MyType = CryptoJS.lib.Base.extend({
125
+ * init: function () {
126
+ * // ...
127
+ * }
128
+ * });
129
+ */
130
+ init: function () {
131
+ },
132
+
133
+ /**
134
+ * Copies properties into this object.
135
+ *
136
+ * @param {Object} properties The properties to mix in.
137
+ *
138
+ * @example
139
+ *
140
+ * MyType.mixIn({
141
+ * field: 'value'
142
+ * });
143
+ */
144
+ mixIn: function (properties) {
145
+ for (var propertyName in properties) {
146
+ if (properties.hasOwnProperty(propertyName)) {
147
+ this[propertyName] = properties[propertyName];
148
+ }
149
+ }
150
+
151
+ // IE won't copy toString using the loop above
152
+ if (properties.hasOwnProperty('toString')) {
153
+ this.toString = properties.toString;
154
+ }
155
+ },
156
+
157
+ /**
158
+ * Creates a copy of this object.
159
+ *
160
+ * @return {Object} The clone.
161
+ *
162
+ * @example
163
+ *
164
+ * var clone = instance.clone();
165
+ */
166
+ clone: function () {
167
+ return this.init.prototype.extend(this);
168
+ }
169
+ };
170
+ }());
171
+
172
+ /**
173
+ * An array of 32-bit words.
174
+ *
175
+ * @property {Array} words The array of 32-bit words.
176
+ * @property {number} sigBytes The number of significant bytes in this word array.
177
+ */
178
+ var WordArray = C_lib.WordArray = Base.extend({
179
+ /**
180
+ * Initializes a newly created word array.
181
+ *
182
+ * @param {Array} words (Optional) An array of 32-bit words.
183
+ * @param {number} sigBytes (Optional) The number of significant bytes in the words.
184
+ *
185
+ * @example
186
+ *
187
+ * var wordArray = CryptoJS.lib.WordArray.create();
188
+ * var wordArray = CryptoJS.lib.WordArray.create([0x00010203, 0x04050607]);
189
+ * var wordArray = CryptoJS.lib.WordArray.create([0x00010203, 0x04050607], 6);
190
+ */
191
+ init: function (words, sigBytes) {
192
+ words = this.words = words || [];
193
+
194
+ if (sigBytes != undefined) {
195
+ this.sigBytes = sigBytes;
196
+ } else {
197
+ this.sigBytes = words.length * 4;
198
+ }
199
+ },
200
+
201
+ /**
202
+ * Converts this word array to a string.
203
+ *
204
+ * @param {Encoder} encoder (Optional) The encoding strategy to use. Default: CryptoJS.enc.Hex
205
+ *
206
+ * @return {string} The stringified word array.
207
+ *
208
+ * @example
209
+ *
210
+ * var string = wordArray + '';
211
+ * var string = wordArray.toString();
212
+ * var string = wordArray.toString(CryptoJS.enc.Utf8);
213
+ */
214
+ toString: function (encoder) {
215
+ return (encoder || Hex).stringify(this);
216
+ },
217
+
218
+ /**
219
+ * Concatenates a word array to this word array.
220
+ *
221
+ * @param {WordArray} wordArray The word array to append.
222
+ *
223
+ * @return {WordArray} This word array.
224
+ *
225
+ * @example
226
+ *
227
+ * wordArray1.concat(wordArray2);
228
+ */
229
+ concat: function (wordArray) {
230
+ // Shortcuts
231
+ var thisWords = this.words;
232
+ var thatWords = wordArray.words;
233
+ var thisSigBytes = this.sigBytes;
234
+ var thatSigBytes = wordArray.sigBytes;
235
+
236
+ // Clamp excess bits
237
+ this.clamp();
238
+
239
+ // Concat
240
+ if (thisSigBytes % 4) {
241
+ // Copy one byte at a time
242
+ for (var i = 0; i < thatSigBytes; i++) {
243
+ var thatByte = (thatWords[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff;
244
+ thisWords[(thisSigBytes + i) >>> 2] |= thatByte << (24 - ((thisSigBytes + i) % 4) * 8);
245
+ }
246
+ } else {
247
+ // Copy one word at a time
248
+ for (var i = 0; i < thatSigBytes; i += 4) {
249
+ thisWords[(thisSigBytes + i) >>> 2] = thatWords[i >>> 2];
250
+ }
251
+ }
252
+ this.sigBytes += thatSigBytes;
253
+
254
+ // Chainable
255
+ return this;
256
+ },
257
+
258
+ /**
259
+ * Removes insignificant bits.
260
+ *
261
+ * @example
262
+ *
263
+ * wordArray.clamp();
264
+ */
265
+ clamp: function () {
266
+ // Shortcuts
267
+ var words = this.words;
268
+ var sigBytes = this.sigBytes;
269
+
270
+ // Clamp
271
+ words[sigBytes >>> 2] &= 0xffffffff << (32 - (sigBytes % 4) * 8);
272
+ words.length = Math.ceil(sigBytes / 4);
273
+ },
274
+
275
+ /**
276
+ * Creates a copy of this word array.
277
+ *
278
+ * @return {WordArray} The clone.
279
+ *
280
+ * @example
281
+ *
282
+ * var clone = wordArray.clone();
283
+ */
284
+ clone: function () {
285
+ var clone = Base.clone.call(this);
286
+ clone.words = this.words.slice(0);
287
+
288
+ return clone;
289
+ },
290
+
291
+ /**
292
+ * Creates a word array filled with random bytes.
293
+ *
294
+ * @param {number} nBytes The number of random bytes to generate.
295
+ *
296
+ * @return {WordArray} The random word array.
297
+ *
298
+ * @static
299
+ *
300
+ * @example
301
+ *
302
+ * var wordArray = CryptoJS.lib.WordArray.random(16);
303
+ */
304
+ random: function (nBytes) {
305
+ var words = [];
306
+
307
+ var r = (function (m_w) {
308
+ var m_w = m_w;
309
+ var m_z = 0x3ade68b1;
310
+ var mask = 0xffffffff;
311
+
312
+ return function () {
313
+ m_z = (0x9069 * (m_z & 0xFFFF) + (m_z >> 0x10)) & mask;
314
+ m_w = (0x4650 * (m_w & 0xFFFF) + (m_w >> 0x10)) & mask;
315
+ var result = ((m_z << 0x10) + m_w) & mask;
316
+ result /= 0x100000000;
317
+ result += 0.5;
318
+ return result * (Math.random() > .5 ? 1 : -1);
319
+ }
320
+ });
321
+
322
+ for (var i = 0, rcache; i < nBytes; i += 4) {
323
+ var _r = r((rcache || Math.random()) * 0x100000000);
324
+
325
+ rcache = _r() * 0x3ade67b7;
326
+ words.push((_r() * 0x100000000) | 0);
327
+ }
328
+
329
+ return new WordArray.init(words, nBytes);
330
+ }
331
+ });
332
+
333
+ /**
334
+ * Encoder namespace.
335
+ */
336
+ var C_enc = C.enc = {};
337
+
338
+ /**
339
+ * Hex encoding strategy.
340
+ */
341
+ var Hex = C_enc.Hex = {
342
+ /**
343
+ * Converts a word array to a hex string.
344
+ *
345
+ * @param {WordArray} wordArray The word array.
346
+ *
347
+ * @return {string} The hex string.
348
+ *
349
+ * @static
350
+ *
351
+ * @example
352
+ *
353
+ * var hexString = CryptoJS.enc.Hex.stringify(wordArray);
354
+ */
355
+ stringify: function (wordArray) {
356
+ // Shortcuts
357
+ var words = wordArray.words;
358
+ var sigBytes = wordArray.sigBytes;
359
+
360
+ // Convert
361
+ var hexChars = [];
362
+ for (var i = 0; i < sigBytes; i++) {
363
+ var bite = (words[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff;
364
+ hexChars.push((bite >>> 4).toString(16));
365
+ hexChars.push((bite & 0x0f).toString(16));
366
+ }
367
+
368
+ return hexChars.join('');
369
+ },
370
+
371
+ /**
372
+ * Converts a hex string to a word array.
373
+ *
374
+ * @param {string} hexStr The hex string.
375
+ *
376
+ * @return {WordArray} The word array.
377
+ *
378
+ * @static
379
+ *
380
+ * @example
381
+ *
382
+ * var wordArray = CryptoJS.enc.Hex.parse(hexString);
383
+ */
384
+ parse: function (hexStr) {
385
+ // Shortcut
386
+ var hexStrLength = hexStr.length;
387
+
388
+ // Convert
389
+ var words = [];
390
+ for (var i = 0; i < hexStrLength; i += 2) {
391
+ words[i >>> 3] |= parseInt(hexStr.substr(i, 2), 16) << (24 - (i % 8) * 4);
392
+ }
393
+
394
+ return new WordArray.init(words, hexStrLength / 2);
395
+ }
396
+ };
397
+
398
+ /**
399
+ * Latin1 encoding strategy.
400
+ */
401
+ var Latin1 = C_enc.Latin1 = {
402
+ /**
403
+ * Converts a word array to a Latin1 string.
404
+ *
405
+ * @param {WordArray} wordArray The word array.
406
+ *
407
+ * @return {string} The Latin1 string.
408
+ *
409
+ * @static
410
+ *
411
+ * @example
412
+ *
413
+ * var latin1String = CryptoJS.enc.Latin1.stringify(wordArray);
414
+ */
415
+ stringify: function (wordArray) {
416
+ // Shortcuts
417
+ var words = wordArray.words;
418
+ var sigBytes = wordArray.sigBytes;
419
+
420
+ // Convert
421
+ var latin1Chars = [];
422
+ for (var i = 0; i < sigBytes; i++) {
423
+ var bite = (words[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff;
424
+ latin1Chars.push(String.fromCharCode(bite));
425
+ }
426
+
427
+ return latin1Chars.join('');
428
+ },
429
+
430
+ /**
431
+ * Converts a Latin1 string to a word array.
432
+ *
433
+ * @param {string} latin1Str The Latin1 string.
434
+ *
435
+ * @return {WordArray} The word array.
436
+ *
437
+ * @static
438
+ *
439
+ * @example
440
+ *
441
+ * var wordArray = CryptoJS.enc.Latin1.parse(latin1String);
442
+ */
443
+ parse: function (latin1Str) {
444
+ // Shortcut
445
+ var latin1StrLength = latin1Str.length;
446
+
447
+ // Convert
448
+ var words = [];
449
+ for (var i = 0; i < latin1StrLength; i++) {
450
+ words[i >>> 2] |= (latin1Str.charCodeAt(i) & 0xff) << (24 - (i % 4) * 8);
451
+ }
452
+
453
+ return new WordArray.init(words, latin1StrLength);
454
+ }
455
+ };
456
+
457
+ /**
458
+ * UTF-8 encoding strategy.
459
+ */
460
+ var Utf8 = C_enc.Utf8 = {
461
+ /**
462
+ * Converts a word array to a UTF-8 string.
463
+ *
464
+ * @param {WordArray} wordArray The word array.
465
+ *
466
+ * @return {string} The UTF-8 string.
467
+ *
468
+ * @static
469
+ *
470
+ * @example
471
+ *
472
+ * var utf8String = CryptoJS.enc.Utf8.stringify(wordArray);
473
+ */
474
+ stringify: function (wordArray) {
475
+ try {
476
+ return decodeURIComponent(escape(Latin1.stringify(wordArray)));
477
+ } catch (e) {
478
+ throw new Error('Malformed UTF-8 data');
479
+ }
480
+ },
481
+
482
+ /**
483
+ * Converts a UTF-8 string to a word array.
484
+ *
485
+ * @param {string} utf8Str The UTF-8 string.
486
+ *
487
+ * @return {WordArray} The word array.
488
+ *
489
+ * @static
490
+ *
491
+ * @example
492
+ *
493
+ * var wordArray = CryptoJS.enc.Utf8.parse(utf8String);
494
+ */
495
+ parse: function (utf8Str) {
496
+ return Latin1.parse(unescape(encodeURIComponent(utf8Str)));
497
+ }
498
+ };
499
+
500
+ /**
501
+ * Abstract buffered block algorithm template.
502
+ *
503
+ * The property blockSize must be implemented in a concrete subtype.
504
+ *
505
+ * @property {number} _minBufferSize The number of blocks that should be kept unprocessed in the buffer. Default: 0
506
+ */
507
+ var BufferedBlockAlgorithm = C_lib.BufferedBlockAlgorithm = Base.extend({
508
+ /**
509
+ * Resets this block algorithm's data buffer to its initial state.
510
+ *
511
+ * @example
512
+ *
513
+ * bufferedBlockAlgorithm.reset();
514
+ */
515
+ reset: function () {
516
+ // Initial values
517
+ this._data = new WordArray.init();
518
+ this._nDataBytes = 0;
519
+ },
520
+
521
+ /**
522
+ * Adds new data to this block algorithm's buffer.
523
+ *
524
+ * @param {WordArray|string} data The data to append. Strings are converted to a WordArray using UTF-8.
525
+ *
526
+ * @example
527
+ *
528
+ * bufferedBlockAlgorithm._append('data');
529
+ * bufferedBlockAlgorithm._append(wordArray);
530
+ */
531
+ _append: function (data) {
532
+ // Convert string to WordArray, else assume WordArray already
533
+ if (typeof data == 'string') {
534
+ data = Utf8.parse(data);
535
+ }
536
+
537
+ // Append
538
+ this._data.concat(data);
539
+ this._nDataBytes += data.sigBytes;
540
+ },
541
+
542
+ /**
543
+ * Processes available data blocks.
544
+ *
545
+ * This method invokes _doProcessBlock(offset), which must be implemented by a concrete subtype.
546
+ *
547
+ * @param {boolean} doFlush Whether all blocks and partial blocks should be processed.
548
+ *
549
+ * @return {WordArray} The processed data.
550
+ *
551
+ * @example
552
+ *
553
+ * var processedData = bufferedBlockAlgorithm._process();
554
+ * var processedData = bufferedBlockAlgorithm._process(!!'flush');
555
+ */
556
+ _process: function (doFlush) {
557
+ // Shortcuts
558
+ var data = this._data;
559
+ var dataWords = data.words;
560
+ var dataSigBytes = data.sigBytes;
561
+ var blockSize = this.blockSize;
562
+ var blockSizeBytes = blockSize * 4;
563
+
564
+ // Count blocks ready
565
+ var nBlocksReady = dataSigBytes / blockSizeBytes;
566
+ if (doFlush) {
567
+ // Round up to include partial blocks
568
+ nBlocksReady = Math.ceil(nBlocksReady);
569
+ } else {
570
+ // Round down to include only full blocks,
571
+ // less the number of blocks that must remain in the buffer
572
+ nBlocksReady = Math.max((nBlocksReady | 0) - this._minBufferSize, 0);
573
+ }
574
+
575
+ // Count words ready
576
+ var nWordsReady = nBlocksReady * blockSize;
577
+
578
+ // Count bytes ready
579
+ var nBytesReady = Math.min(nWordsReady * 4, dataSigBytes);
580
+
581
+ // Process blocks
582
+ if (nWordsReady) {
583
+ for (var offset = 0; offset < nWordsReady; offset += blockSize) {
584
+ // Perform concrete-algorithm logic
585
+ this._doProcessBlock(dataWords, offset);
586
+ }
587
+
588
+ // Remove processed words
589
+ var processedWords = dataWords.splice(0, nWordsReady);
590
+ data.sigBytes -= nBytesReady;
591
+ }
592
+
593
+ // Return processed words
594
+ return new WordArray.init(processedWords, nBytesReady);
595
+ },
596
+
597
+ /**
598
+ * Creates a copy of this object.
599
+ *
600
+ * @return {Object} The clone.
601
+ *
602
+ * @example
603
+ *
604
+ * var clone = bufferedBlockAlgorithm.clone();
605
+ */
606
+ clone: function () {
607
+ var clone = Base.clone.call(this);
608
+ clone._data = this._data.clone();
609
+
610
+ return clone;
611
+ },
612
+
613
+ _minBufferSize: 0
614
+ });
615
+
616
+ /**
617
+ * Abstract hasher template.
618
+ *
619
+ * @property {number} blockSize The number of 32-bit words this hasher operates on. Default: 16 (512 bits)
620
+ */
621
+ var Hasher = C_lib.Hasher = BufferedBlockAlgorithm.extend({
622
+ /**
623
+ * Configuration options.
624
+ */
625
+ cfg: Base.extend(),
626
+
627
+ /**
628
+ * Initializes a newly created hasher.
629
+ *
630
+ * @param {Object} cfg (Optional) The configuration options to use for this hash computation.
631
+ *
632
+ * @example
633
+ *
634
+ * var hasher = CryptoJS.algo.SHA256.create();
635
+ */
636
+ init: function (cfg) {
637
+ // Apply config defaults
638
+ this.cfg = this.cfg.extend(cfg);
639
+
640
+ // Set initial values
641
+ this.reset();
642
+ },
643
+
644
+ /**
645
+ * Resets this hasher to its initial state.
646
+ *
647
+ * @example
648
+ *
649
+ * hasher.reset();
650
+ */
651
+ reset: function () {
652
+ // Reset data buffer
653
+ BufferedBlockAlgorithm.reset.call(this);
654
+
655
+ // Perform concrete-hasher logic
656
+ this._doReset();
657
+ },
658
+
659
+ /**
660
+ * Updates this hasher with a message.
661
+ *
662
+ * @param {WordArray|string} messageUpdate The message to append.
663
+ *
664
+ * @return {Hasher} This hasher.
665
+ *
666
+ * @example
667
+ *
668
+ * hasher.update('message');
669
+ * hasher.update(wordArray);
670
+ */
671
+ update: function (messageUpdate) {
672
+ // Append
673
+ this._append(messageUpdate);
674
+
675
+ // Update the hash
676
+ this._process();
677
+
678
+ // Chainable
679
+ return this;
680
+ },
681
+
682
+ /**
683
+ * Finalizes the hash computation.
684
+ * Note that the finalize operation is effectively a destructive, read-once operation.
685
+ *
686
+ * @param {WordArray|string} messageUpdate (Optional) A final message update.
687
+ *
688
+ * @return {WordArray} The hash.
689
+ *
690
+ * @example
691
+ *
692
+ * var hash = hasher.finalize();
693
+ * var hash = hasher.finalize('message');
694
+ * var hash = hasher.finalize(wordArray);
695
+ */
696
+ finalize: function (messageUpdate) {
697
+ // Final message update
698
+ if (messageUpdate) {
699
+ this._append(messageUpdate);
700
+ }
701
+
702
+ // Perform concrete-hasher logic
703
+ var hash = this._doFinalize();
704
+
705
+ return hash;
706
+ },
707
+
708
+ blockSize: 512/32,
709
+
710
+ /**
711
+ * Creates a shortcut function to a hasher's object interface.
712
+ *
713
+ * @param {Hasher} hasher The hasher to create a helper for.
714
+ *
715
+ * @return {Function} The shortcut function.
716
+ *
717
+ * @static
718
+ *
719
+ * @example
720
+ *
721
+ * var SHA256 = CryptoJS.lib.Hasher._createHelper(CryptoJS.algo.SHA256);
722
+ */
723
+ _createHelper: function (hasher) {
724
+ return function (message, cfg) {
725
+ return new hasher.init(cfg).finalize(message);
726
+ };
727
+ },
728
+
729
+ /**
730
+ * Creates a shortcut function to the HMAC's object interface.
731
+ *
732
+ * @param {Hasher} hasher The hasher to use in this HMAC helper.
733
+ *
734
+ * @return {Function} The shortcut function.
735
+ *
736
+ * @static
737
+ *
738
+ * @example
739
+ *
740
+ * var HmacSHA256 = CryptoJS.lib.Hasher._createHmacHelper(CryptoJS.algo.SHA256);
741
+ */
742
+ _createHmacHelper: function (hasher) {
743
+ return function (message, key) {
744
+ return new C_algo.HMAC.init(hasher, key).finalize(message);
745
+ };
746
+ }
747
+ });
748
+
749
+ /**
750
+ * Algorithm namespace.
751
+ */
752
+ var C_algo = C.algo = {};
753
+
754
+ return C;
755
+ }(Math));
756
+
757
+
758
+ (function () {
759
+ // Shortcuts
760
+ var C = CryptoJS;
761
+ var C_lib = C.lib;
762
+ var WordArray = C_lib.WordArray;
763
+ var C_enc = C.enc;
764
+
765
+ /**
766
+ * Base64 encoding strategy.
767
+ */
768
+ var Base64 = C_enc.Base64 = {
769
+ /**
770
+ * Converts a word array to a Base64 string.
771
+ *
772
+ * @param {WordArray} wordArray The word array.
773
+ *
774
+ * @return {string} The Base64 string.
775
+ *
776
+ * @static
777
+ *
778
+ * @example
779
+ *
780
+ * var base64String = CryptoJS.enc.Base64.stringify(wordArray);
781
+ */
782
+ stringify: function (wordArray) {
783
+ // Shortcuts
784
+ var words = wordArray.words;
785
+ var sigBytes = wordArray.sigBytes;
786
+ var map = this._map;
787
+
788
+ // Clamp excess bits
789
+ wordArray.clamp();
790
+
791
+ // Convert
792
+ var base64Chars = [];
793
+ for (var i = 0; i < sigBytes; i += 3) {
794
+ var byte1 = (words[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff;
795
+ var byte2 = (words[(i + 1) >>> 2] >>> (24 - ((i + 1) % 4) * 8)) & 0xff;
796
+ var byte3 = (words[(i + 2) >>> 2] >>> (24 - ((i + 2) % 4) * 8)) & 0xff;
797
+
798
+ var triplet = (byte1 << 16) | (byte2 << 8) | byte3;
799
+
800
+ for (var j = 0; (j < 4) && (i + j * 0.75 < sigBytes); j++) {
801
+ base64Chars.push(map.charAt((triplet >>> (6 * (3 - j))) & 0x3f));
802
+ }
803
+ }
804
+
805
+ // Add padding
806
+ var paddingChar = map.charAt(64);
807
+ if (paddingChar) {
808
+ while (base64Chars.length % 4) {
809
+ base64Chars.push(paddingChar);
810
+ }
811
+ }
812
+
813
+ return base64Chars.join('');
814
+ },
815
+
816
+ /**
817
+ * Converts a Base64 string to a word array.
818
+ *
819
+ * @param {string} base64Str The Base64 string.
820
+ *
821
+ * @return {WordArray} The word array.
822
+ *
823
+ * @static
824
+ *
825
+ * @example
826
+ *
827
+ * var wordArray = CryptoJS.enc.Base64.parse(base64String);
828
+ */
829
+ parse: function (base64Str) {
830
+ // Shortcuts
831
+ var base64StrLength = base64Str.length;
832
+ var map = this._map;
833
+ var reverseMap = this._reverseMap;
834
+
835
+ if (!reverseMap) {
836
+ reverseMap = this._reverseMap = [];
837
+ for (var j = 0; j < map.length; j++) {
838
+ reverseMap[map.charCodeAt(j)] = j;
839
+ }
840
+ }
841
+
842
+ // Ignore padding
843
+ var paddingChar = map.charAt(64);
844
+ if (paddingChar) {
845
+ var paddingIndex = base64Str.indexOf(paddingChar);
846
+ if (paddingIndex !== -1) {
847
+ base64StrLength = paddingIndex;
848
+ }
849
+ }
850
+
851
+ // Convert
852
+ return parseLoop(base64Str, base64StrLength, reverseMap);
853
+
854
+ },
855
+
856
+ _map: 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/='
857
+ };
858
+
859
+ function parseLoop(base64Str, base64StrLength, reverseMap) {
860
+ var words = [];
861
+ var nBytes = 0;
862
+ for (var i = 0; i < base64StrLength; i++) {
863
+ if (i % 4) {
864
+ var bits1 = reverseMap[base64Str.charCodeAt(i - 1)] << ((i % 4) * 2);
865
+ var bits2 = reverseMap[base64Str.charCodeAt(i)] >>> (6 - (i % 4) * 2);
866
+ words[nBytes >>> 2] |= (bits1 | bits2) << (24 - (nBytes % 4) * 8);
867
+ nBytes++;
868
+ }
869
+ }
870
+ return WordArray.create(words, nBytes);
871
+ }
872
+ }());
873
+
874
+
875
+ (function (Math) {
876
+ // Shortcuts
877
+ var C = CryptoJS;
878
+ var C_lib = C.lib;
879
+ var WordArray = C_lib.WordArray;
880
+ var Hasher = C_lib.Hasher;
881
+ var C_algo = C.algo;
882
+
883
+ // Constants table
884
+ var T = [];
885
+
886
+ // Compute constants
887
+ (function () {
888
+ for (var i = 0; i < 64; i++) {
889
+ T[i] = (Math.abs(Math.sin(i + 1)) * 0x100000000) | 0;
890
+ }
891
+ }());
892
+
893
+ /**
894
+ * MD5 hash algorithm.
895
+ */
896
+ var MD5 = C_algo.MD5 = Hasher.extend({
897
+ _doReset: function () {
898
+ this._hash = new WordArray.init([
899
+ 0x67452301, 0xefcdab89,
900
+ 0x98badcfe, 0x10325476
901
+ ]);
902
+ },
903
+
904
+ _doProcessBlock: function (M, offset) {
905
+ // Swap endian
906
+ for (var i = 0; i < 16; i++) {
907
+ // Shortcuts
908
+ var offset_i = offset + i;
909
+ var M_offset_i = M[offset_i];
910
+
911
+ M[offset_i] = (
912
+ (((M_offset_i << 8) | (M_offset_i >>> 24)) & 0x00ff00ff) |
913
+ (((M_offset_i << 24) | (M_offset_i >>> 8)) & 0xff00ff00)
914
+ );
915
+ }
916
+
917
+ // Shortcuts
918
+ var H = this._hash.words;
919
+
920
+ var M_offset_0 = M[offset + 0];
921
+ var M_offset_1 = M[offset + 1];
922
+ var M_offset_2 = M[offset + 2];
923
+ var M_offset_3 = M[offset + 3];
924
+ var M_offset_4 = M[offset + 4];
925
+ var M_offset_5 = M[offset + 5];
926
+ var M_offset_6 = M[offset + 6];
927
+ var M_offset_7 = M[offset + 7];
928
+ var M_offset_8 = M[offset + 8];
929
+ var M_offset_9 = M[offset + 9];
930
+ var M_offset_10 = M[offset + 10];
931
+ var M_offset_11 = M[offset + 11];
932
+ var M_offset_12 = M[offset + 12];
933
+ var M_offset_13 = M[offset + 13];
934
+ var M_offset_14 = M[offset + 14];
935
+ var M_offset_15 = M[offset + 15];
936
+
937
+ // Working varialbes
938
+ var a = H[0];
939
+ var b = H[1];
940
+ var c = H[2];
941
+ var d = H[3];
942
+
943
+ // Computation
944
+ a = FF(a, b, c, d, M_offset_0, 7, T[0]);
945
+ d = FF(d, a, b, c, M_offset_1, 12, T[1]);
946
+ c = FF(c, d, a, b, M_offset_2, 17, T[2]);
947
+ b = FF(b, c, d, a, M_offset_3, 22, T[3]);
948
+ a = FF(a, b, c, d, M_offset_4, 7, T[4]);
949
+ d = FF(d, a, b, c, M_offset_5, 12, T[5]);
950
+ c = FF(c, d, a, b, M_offset_6, 17, T[6]);
951
+ b = FF(b, c, d, a, M_offset_7, 22, T[7]);
952
+ a = FF(a, b, c, d, M_offset_8, 7, T[8]);
953
+ d = FF(d, a, b, c, M_offset_9, 12, T[9]);
954
+ c = FF(c, d, a, b, M_offset_10, 17, T[10]);
955
+ b = FF(b, c, d, a, M_offset_11, 22, T[11]);
956
+ a = FF(a, b, c, d, M_offset_12, 7, T[12]);
957
+ d = FF(d, a, b, c, M_offset_13, 12, T[13]);
958
+ c = FF(c, d, a, b, M_offset_14, 17, T[14]);
959
+ b = FF(b, c, d, a, M_offset_15, 22, T[15]);
960
+
961
+ a = GG(a, b, c, d, M_offset_1, 5, T[16]);
962
+ d = GG(d, a, b, c, M_offset_6, 9, T[17]);
963
+ c = GG(c, d, a, b, M_offset_11, 14, T[18]);
964
+ b = GG(b, c, d, a, M_offset_0, 20, T[19]);
965
+ a = GG(a, b, c, d, M_offset_5, 5, T[20]);
966
+ d = GG(d, a, b, c, M_offset_10, 9, T[21]);
967
+ c = GG(c, d, a, b, M_offset_15, 14, T[22]);
968
+ b = GG(b, c, d, a, M_offset_4, 20, T[23]);
969
+ a = GG(a, b, c, d, M_offset_9, 5, T[24]);
970
+ d = GG(d, a, b, c, M_offset_14, 9, T[25]);
971
+ c = GG(c, d, a, b, M_offset_3, 14, T[26]);
972
+ b = GG(b, c, d, a, M_offset_8, 20, T[27]);
973
+ a = GG(a, b, c, d, M_offset_13, 5, T[28]);
974
+ d = GG(d, a, b, c, M_offset_2, 9, T[29]);
975
+ c = GG(c, d, a, b, M_offset_7, 14, T[30]);
976
+ b = GG(b, c, d, a, M_offset_12, 20, T[31]);
977
+
978
+ a = HH(a, b, c, d, M_offset_5, 4, T[32]);
979
+ d = HH(d, a, b, c, M_offset_8, 11, T[33]);
980
+ c = HH(c, d, a, b, M_offset_11, 16, T[34]);
981
+ b = HH(b, c, d, a, M_offset_14, 23, T[35]);
982
+ a = HH(a, b, c, d, M_offset_1, 4, T[36]);
983
+ d = HH(d, a, b, c, M_offset_4, 11, T[37]);
984
+ c = HH(c, d, a, b, M_offset_7, 16, T[38]);
985
+ b = HH(b, c, d, a, M_offset_10, 23, T[39]);
986
+ a = HH(a, b, c, d, M_offset_13, 4, T[40]);
987
+ d = HH(d, a, b, c, M_offset_0, 11, T[41]);
988
+ c = HH(c, d, a, b, M_offset_3, 16, T[42]);
989
+ b = HH(b, c, d, a, M_offset_6, 23, T[43]);
990
+ a = HH(a, b, c, d, M_offset_9, 4, T[44]);
991
+ d = HH(d, a, b, c, M_offset_12, 11, T[45]);
992
+ c = HH(c, d, a, b, M_offset_15, 16, T[46]);
993
+ b = HH(b, c, d, a, M_offset_2, 23, T[47]);
994
+
995
+ a = II(a, b, c, d, M_offset_0, 6, T[48]);
996
+ d = II(d, a, b, c, M_offset_7, 10, T[49]);
997
+ c = II(c, d, a, b, M_offset_14, 15, T[50]);
998
+ b = II(b, c, d, a, M_offset_5, 21, T[51]);
999
+ a = II(a, b, c, d, M_offset_12, 6, T[52]);
1000
+ d = II(d, a, b, c, M_offset_3, 10, T[53]);
1001
+ c = II(c, d, a, b, M_offset_10, 15, T[54]);
1002
+ b = II(b, c, d, a, M_offset_1, 21, T[55]);
1003
+ a = II(a, b, c, d, M_offset_8, 6, T[56]);
1004
+ d = II(d, a, b, c, M_offset_15, 10, T[57]);
1005
+ c = II(c, d, a, b, M_offset_6, 15, T[58]);
1006
+ b = II(b, c, d, a, M_offset_13, 21, T[59]);
1007
+ a = II(a, b, c, d, M_offset_4, 6, T[60]);
1008
+ d = II(d, a, b, c, M_offset_11, 10, T[61]);
1009
+ c = II(c, d, a, b, M_offset_2, 15, T[62]);
1010
+ b = II(b, c, d, a, M_offset_9, 21, T[63]);
1011
+
1012
+ // Intermediate hash value
1013
+ H[0] = (H[0] + a) | 0;
1014
+ H[1] = (H[1] + b) | 0;
1015
+ H[2] = (H[2] + c) | 0;
1016
+ H[3] = (H[3] + d) | 0;
1017
+ },
1018
+
1019
+ _doFinalize: function () {
1020
+ // Shortcuts
1021
+ var data = this._data;
1022
+ var dataWords = data.words;
1023
+
1024
+ var nBitsTotal = this._nDataBytes * 8;
1025
+ var nBitsLeft = data.sigBytes * 8;
1026
+
1027
+ // Add padding
1028
+ dataWords[nBitsLeft >>> 5] |= 0x80 << (24 - nBitsLeft % 32);
1029
+
1030
+ var nBitsTotalH = Math.floor(nBitsTotal / 0x100000000);
1031
+ var nBitsTotalL = nBitsTotal;
1032
+ dataWords[(((nBitsLeft + 64) >>> 9) << 4) + 15] = (
1033
+ (((nBitsTotalH << 8) | (nBitsTotalH >>> 24)) & 0x00ff00ff) |
1034
+ (((nBitsTotalH << 24) | (nBitsTotalH >>> 8)) & 0xff00ff00)
1035
+ );
1036
+ dataWords[(((nBitsLeft + 64) >>> 9) << 4) + 14] = (
1037
+ (((nBitsTotalL << 8) | (nBitsTotalL >>> 24)) & 0x00ff00ff) |
1038
+ (((nBitsTotalL << 24) | (nBitsTotalL >>> 8)) & 0xff00ff00)
1039
+ );
1040
+
1041
+ data.sigBytes = (dataWords.length + 1) * 4;
1042
+
1043
+ // Hash final blocks
1044
+ this._process();
1045
+
1046
+ // Shortcuts
1047
+ var hash = this._hash;
1048
+ var H = hash.words;
1049
+
1050
+ // Swap endian
1051
+ for (var i = 0; i < 4; i++) {
1052
+ // Shortcut
1053
+ var H_i = H[i];
1054
+
1055
+ H[i] = (((H_i << 8) | (H_i >>> 24)) & 0x00ff00ff) |
1056
+ (((H_i << 24) | (H_i >>> 8)) & 0xff00ff00);
1057
+ }
1058
+
1059
+ // Return final computed hash
1060
+ return hash;
1061
+ },
1062
+
1063
+ clone: function () {
1064
+ var clone = Hasher.clone.call(this);
1065
+ clone._hash = this._hash.clone();
1066
+
1067
+ return clone;
1068
+ }
1069
+ });
1070
+
1071
+ function FF(a, b, c, d, x, s, t) {
1072
+ var n = a + ((b & c) | (~b & d)) + x + t;
1073
+ return ((n << s) | (n >>> (32 - s))) + b;
1074
+ }
1075
+
1076
+ function GG(a, b, c, d, x, s, t) {
1077
+ var n = a + ((b & d) | (c & ~d)) + x + t;
1078
+ return ((n << s) | (n >>> (32 - s))) + b;
1079
+ }
1080
+
1081
+ function HH(a, b, c, d, x, s, t) {
1082
+ var n = a + (b ^ c ^ d) + x + t;
1083
+ return ((n << s) | (n >>> (32 - s))) + b;
1084
+ }
1085
+
1086
+ function II(a, b, c, d, x, s, t) {
1087
+ var n = a + (c ^ (b | ~d)) + x + t;
1088
+ return ((n << s) | (n >>> (32 - s))) + b;
1089
+ }
1090
+
1091
+ /**
1092
+ * Shortcut function to the hasher's object interface.
1093
+ *
1094
+ * @param {WordArray|string} message The message to hash.
1095
+ *
1096
+ * @return {WordArray} The hash.
1097
+ *
1098
+ * @static
1099
+ *
1100
+ * @example
1101
+ *
1102
+ * var hash = CryptoJS.MD5('message');
1103
+ * var hash = CryptoJS.MD5(wordArray);
1104
+ */
1105
+ C.MD5 = Hasher._createHelper(MD5);
1106
+
1107
+ /**
1108
+ * Shortcut function to the HMAC's object interface.
1109
+ *
1110
+ * @param {WordArray|string} message The message to hash.
1111
+ * @param {WordArray|string} key The secret key.
1112
+ *
1113
+ * @return {WordArray} The HMAC.
1114
+ *
1115
+ * @static
1116
+ *
1117
+ * @example
1118
+ *
1119
+ * var hmac = CryptoJS.HmacMD5(message, key);
1120
+ */
1121
+ C.HmacMD5 = Hasher._createHmacHelper(MD5);
1122
+ }(Math));
1123
+
1124
+
1125
+ (function () {
1126
+ // Shortcuts
1127
+ var C = CryptoJS;
1128
+ var C_lib = C.lib;
1129
+ var WordArray = C_lib.WordArray;
1130
+ var Hasher = C_lib.Hasher;
1131
+ var C_algo = C.algo;
1132
+
1133
+ // Reusable object
1134
+ var W = [];
1135
+
1136
+ /**
1137
+ * SHA-1 hash algorithm.
1138
+ */
1139
+ var SHA1 = C_algo.SHA1 = Hasher.extend({
1140
+ _doReset: function () {
1141
+ this._hash = new WordArray.init([
1142
+ 0x67452301, 0xefcdab89,
1143
+ 0x98badcfe, 0x10325476,
1144
+ 0xc3d2e1f0
1145
+ ]);
1146
+ },
1147
+
1148
+ _doProcessBlock: function (M, offset) {
1149
+ // Shortcut
1150
+ var H = this._hash.words;
1151
+
1152
+ // Working variables
1153
+ var a = H[0];
1154
+ var b = H[1];
1155
+ var c = H[2];
1156
+ var d = H[3];
1157
+ var e = H[4];
1158
+
1159
+ // Computation
1160
+ for (var i = 0; i < 80; i++) {
1161
+ if (i < 16) {
1162
+ W[i] = M[offset + i] | 0;
1163
+ } else {
1164
+ var n = W[i - 3] ^ W[i - 8] ^ W[i - 14] ^ W[i - 16];
1165
+ W[i] = (n << 1) | (n >>> 31);
1166
+ }
1167
+
1168
+ var t = ((a << 5) | (a >>> 27)) + e + W[i];
1169
+ if (i < 20) {
1170
+ t += ((b & c) | (~b & d)) + 0x5a827999;
1171
+ } else if (i < 40) {
1172
+ t += (b ^ c ^ d) + 0x6ed9eba1;
1173
+ } else if (i < 60) {
1174
+ t += ((b & c) | (b & d) | (c & d)) - 0x70e44324;
1175
+ } else /* if (i < 80) */ {
1176
+ t += (b ^ c ^ d) - 0x359d3e2a;
1177
+ }
1178
+
1179
+ e = d;
1180
+ d = c;
1181
+ c = (b << 30) | (b >>> 2);
1182
+ b = a;
1183
+ a = t;
1184
+ }
1185
+
1186
+ // Intermediate hash value
1187
+ H[0] = (H[0] + a) | 0;
1188
+ H[1] = (H[1] + b) | 0;
1189
+ H[2] = (H[2] + c) | 0;
1190
+ H[3] = (H[3] + d) | 0;
1191
+ H[4] = (H[4] + e) | 0;
1192
+ },
1193
+
1194
+ _doFinalize: function () {
1195
+ // Shortcuts
1196
+ var data = this._data;
1197
+ var dataWords = data.words;
1198
+
1199
+ var nBitsTotal = this._nDataBytes * 8;
1200
+ var nBitsLeft = data.sigBytes * 8;
1201
+
1202
+ // Add padding
1203
+ dataWords[nBitsLeft >>> 5] |= 0x80 << (24 - nBitsLeft % 32);
1204
+ dataWords[(((nBitsLeft + 64) >>> 9) << 4) + 14] = Math.floor(nBitsTotal / 0x100000000);
1205
+ dataWords[(((nBitsLeft + 64) >>> 9) << 4) + 15] = nBitsTotal;
1206
+ data.sigBytes = dataWords.length * 4;
1207
+
1208
+ // Hash final blocks
1209
+ this._process();
1210
+
1211
+ // Return final computed hash
1212
+ return this._hash;
1213
+ },
1214
+
1215
+ clone: function () {
1216
+ var clone = Hasher.clone.call(this);
1217
+ clone._hash = this._hash.clone();
1218
+
1219
+ return clone;
1220
+ }
1221
+ });
1222
+
1223
+ /**
1224
+ * Shortcut function to the hasher's object interface.
1225
+ *
1226
+ * @param {WordArray|string} message The message to hash.
1227
+ *
1228
+ * @return {WordArray} The hash.
1229
+ *
1230
+ * @static
1231
+ *
1232
+ * @example
1233
+ *
1234
+ * var hash = CryptoJS.SHA1('message');
1235
+ * var hash = CryptoJS.SHA1(wordArray);
1236
+ */
1237
+ C.SHA1 = Hasher._createHelper(SHA1);
1238
+
1239
+ /**
1240
+ * Shortcut function to the HMAC's object interface.
1241
+ *
1242
+ * @param {WordArray|string} message The message to hash.
1243
+ * @param {WordArray|string} key The secret key.
1244
+ *
1245
+ * @return {WordArray} The HMAC.
1246
+ *
1247
+ * @static
1248
+ *
1249
+ * @example
1250
+ *
1251
+ * var hmac = CryptoJS.HmacSHA1(message, key);
1252
+ */
1253
+ C.HmacSHA1 = Hasher._createHmacHelper(SHA1);
1254
+ }());
1255
+
1256
+
1257
+ (function (Math) {
1258
+ // Shortcuts
1259
+ var C = CryptoJS;
1260
+ var C_lib = C.lib;
1261
+ var WordArray = C_lib.WordArray;
1262
+ var Hasher = C_lib.Hasher;
1263
+ var C_algo = C.algo;
1264
+
1265
+ // Initialization and round constants tables
1266
+ var H = [];
1267
+ var K = [];
1268
+
1269
+ // Compute constants
1270
+ (function () {
1271
+ function isPrime(n) {
1272
+ var sqrtN = Math.sqrt(n);
1273
+ for (var factor = 2; factor <= sqrtN; factor++) {
1274
+ if (!(n % factor)) {
1275
+ return false;
1276
+ }
1277
+ }
1278
+
1279
+ return true;
1280
+ }
1281
+
1282
+ function getFractionalBits(n) {
1283
+ return ((n - (n | 0)) * 0x100000000) | 0;
1284
+ }
1285
+
1286
+ var n = 2;
1287
+ var nPrime = 0;
1288
+ while (nPrime < 64) {
1289
+ if (isPrime(n)) {
1290
+ if (nPrime < 8) {
1291
+ H[nPrime] = getFractionalBits(Math.pow(n, 1 / 2));
1292
+ }
1293
+ K[nPrime] = getFractionalBits(Math.pow(n, 1 / 3));
1294
+
1295
+ nPrime++;
1296
+ }
1297
+
1298
+ n++;
1299
+ }
1300
+ }());
1301
+
1302
+ // Reusable object
1303
+ var W = [];
1304
+
1305
+ /**
1306
+ * SHA-256 hash algorithm.
1307
+ */
1308
+ var SHA256 = C_algo.SHA256 = Hasher.extend({
1309
+ _doReset: function () {
1310
+ this._hash = new WordArray.init(H.slice(0));
1311
+ },
1312
+
1313
+ _doProcessBlock: function (M, offset) {
1314
+ // Shortcut
1315
+ var H = this._hash.words;
1316
+
1317
+ // Working variables
1318
+ var a = H[0];
1319
+ var b = H[1];
1320
+ var c = H[2];
1321
+ var d = H[3];
1322
+ var e = H[4];
1323
+ var f = H[5];
1324
+ var g = H[6];
1325
+ var h = H[7];
1326
+
1327
+ // Computation
1328
+ for (var i = 0; i < 64; i++) {
1329
+ if (i < 16) {
1330
+ W[i] = M[offset + i] | 0;
1331
+ } else {
1332
+ var gamma0x = W[i - 15];
1333
+ var gamma0 = ((gamma0x << 25) | (gamma0x >>> 7)) ^
1334
+ ((gamma0x << 14) | (gamma0x >>> 18)) ^
1335
+ (gamma0x >>> 3);
1336
+
1337
+ var gamma1x = W[i - 2];
1338
+ var gamma1 = ((gamma1x << 15) | (gamma1x >>> 17)) ^
1339
+ ((gamma1x << 13) | (gamma1x >>> 19)) ^
1340
+ (gamma1x >>> 10);
1341
+
1342
+ W[i] = gamma0 + W[i - 7] + gamma1 + W[i - 16];
1343
+ }
1344
+
1345
+ var ch = (e & f) ^ (~e & g);
1346
+ var maj = (a & b) ^ (a & c) ^ (b & c);
1347
+
1348
+ var sigma0 = ((a << 30) | (a >>> 2)) ^ ((a << 19) | (a >>> 13)) ^ ((a << 10) | (a >>> 22));
1349
+ var sigma1 = ((e << 26) | (e >>> 6)) ^ ((e << 21) | (e >>> 11)) ^ ((e << 7) | (e >>> 25));
1350
+
1351
+ var t1 = h + sigma1 + ch + K[i] + W[i];
1352
+ var t2 = sigma0 + maj;
1353
+
1354
+ h = g;
1355
+ g = f;
1356
+ f = e;
1357
+ e = (d + t1) | 0;
1358
+ d = c;
1359
+ c = b;
1360
+ b = a;
1361
+ a = (t1 + t2) | 0;
1362
+ }
1363
+
1364
+ // Intermediate hash value
1365
+ H[0] = (H[0] + a) | 0;
1366
+ H[1] = (H[1] + b) | 0;
1367
+ H[2] = (H[2] + c) | 0;
1368
+ H[3] = (H[3] + d) | 0;
1369
+ H[4] = (H[4] + e) | 0;
1370
+ H[5] = (H[5] + f) | 0;
1371
+ H[6] = (H[6] + g) | 0;
1372
+ H[7] = (H[7] + h) | 0;
1373
+ },
1374
+
1375
+ _doFinalize: function () {
1376
+ // Shortcuts
1377
+ var data = this._data;
1378
+ var dataWords = data.words;
1379
+
1380
+ var nBitsTotal = this._nDataBytes * 8;
1381
+ var nBitsLeft = data.sigBytes * 8;
1382
+
1383
+ // Add padding
1384
+ dataWords[nBitsLeft >>> 5] |= 0x80 << (24 - nBitsLeft % 32);
1385
+ dataWords[(((nBitsLeft + 64) >>> 9) << 4) + 14] = Math.floor(nBitsTotal / 0x100000000);
1386
+ dataWords[(((nBitsLeft + 64) >>> 9) << 4) + 15] = nBitsTotal;
1387
+ data.sigBytes = dataWords.length * 4;
1388
+
1389
+ // Hash final blocks
1390
+ this._process();
1391
+
1392
+ // Return final computed hash
1393
+ return this._hash;
1394
+ },
1395
+
1396
+ clone: function () {
1397
+ var clone = Hasher.clone.call(this);
1398
+ clone._hash = this._hash.clone();
1399
+
1400
+ return clone;
1401
+ }
1402
+ });
1403
+
1404
+ /**
1405
+ * Shortcut function to the hasher's object interface.
1406
+ *
1407
+ * @param {WordArray|string} message The message to hash.
1408
+ *
1409
+ * @return {WordArray} The hash.
1410
+ *
1411
+ * @static
1412
+ *
1413
+ * @example
1414
+ *
1415
+ * var hash = CryptoJS.SHA256('message');
1416
+ * var hash = CryptoJS.SHA256(wordArray);
1417
+ */
1418
+ C.SHA256 = Hasher._createHelper(SHA256);
1419
+
1420
+ /**
1421
+ * Shortcut function to the HMAC's object interface.
1422
+ *
1423
+ * @param {WordArray|string} message The message to hash.
1424
+ * @param {WordArray|string} key The secret key.
1425
+ *
1426
+ * @return {WordArray} The HMAC.
1427
+ *
1428
+ * @static
1429
+ *
1430
+ * @example
1431
+ *
1432
+ * var hmac = CryptoJS.HmacSHA256(message, key);
1433
+ */
1434
+ C.HmacSHA256 = Hasher._createHmacHelper(SHA256);
1435
+ }(Math));
1436
+
1437
+
1438
+ (function () {
1439
+ // Shortcuts
1440
+ var C = CryptoJS;
1441
+ var C_lib = C.lib;
1442
+ var WordArray = C_lib.WordArray;
1443
+ var C_enc = C.enc;
1444
+
1445
+ /**
1446
+ * UTF-16 BE encoding strategy.
1447
+ */
1448
+ var Utf16BE = C_enc.Utf16 = C_enc.Utf16BE = {
1449
+ /**
1450
+ * Converts a word array to a UTF-16 BE string.
1451
+ *
1452
+ * @param {WordArray} wordArray The word array.
1453
+ *
1454
+ * @return {string} The UTF-16 BE string.
1455
+ *
1456
+ * @static
1457
+ *
1458
+ * @example
1459
+ *
1460
+ * var utf16String = CryptoJS.enc.Utf16.stringify(wordArray);
1461
+ */
1462
+ stringify: function (wordArray) {
1463
+ // Shortcuts
1464
+ var words = wordArray.words;
1465
+ var sigBytes = wordArray.sigBytes;
1466
+
1467
+ // Convert
1468
+ var utf16Chars = [];
1469
+ for (var i = 0; i < sigBytes; i += 2) {
1470
+ var codePoint = (words[i >>> 2] >>> (16 - (i % 4) * 8)) & 0xffff;
1471
+ utf16Chars.push(String.fromCharCode(codePoint));
1472
+ }
1473
+
1474
+ return utf16Chars.join('');
1475
+ },
1476
+
1477
+ /**
1478
+ * Converts a UTF-16 BE string to a word array.
1479
+ *
1480
+ * @param {string} utf16Str The UTF-16 BE string.
1481
+ *
1482
+ * @return {WordArray} The word array.
1483
+ *
1484
+ * @static
1485
+ *
1486
+ * @example
1487
+ *
1488
+ * var wordArray = CryptoJS.enc.Utf16.parse(utf16String);
1489
+ */
1490
+ parse: function (utf16Str) {
1491
+ // Shortcut
1492
+ var utf16StrLength = utf16Str.length;
1493
+
1494
+ // Convert
1495
+ var words = [];
1496
+ for (var i = 0; i < utf16StrLength; i++) {
1497
+ words[i >>> 1] |= utf16Str.charCodeAt(i) << (16 - (i % 2) * 16);
1498
+ }
1499
+
1500
+ return WordArray.create(words, utf16StrLength * 2);
1501
+ }
1502
+ };
1503
+
1504
+ /**
1505
+ * UTF-16 LE encoding strategy.
1506
+ */
1507
+ C_enc.Utf16LE = {
1508
+ /**
1509
+ * Converts a word array to a UTF-16 LE string.
1510
+ *
1511
+ * @param {WordArray} wordArray The word array.
1512
+ *
1513
+ * @return {string} The UTF-16 LE string.
1514
+ *
1515
+ * @static
1516
+ *
1517
+ * @example
1518
+ *
1519
+ * var utf16Str = CryptoJS.enc.Utf16LE.stringify(wordArray);
1520
+ */
1521
+ stringify: function (wordArray) {
1522
+ // Shortcuts
1523
+ var words = wordArray.words;
1524
+ var sigBytes = wordArray.sigBytes;
1525
+
1526
+ // Convert
1527
+ var utf16Chars = [];
1528
+ for (var i = 0; i < sigBytes; i += 2) {
1529
+ var codePoint = swapEndian((words[i >>> 2] >>> (16 - (i % 4) * 8)) & 0xffff);
1530
+ utf16Chars.push(String.fromCharCode(codePoint));
1531
+ }
1532
+
1533
+ return utf16Chars.join('');
1534
+ },
1535
+
1536
+ /**
1537
+ * Converts a UTF-16 LE string to a word array.
1538
+ *
1539
+ * @param {string} utf16Str The UTF-16 LE string.
1540
+ *
1541
+ * @return {WordArray} The word array.
1542
+ *
1543
+ * @static
1544
+ *
1545
+ * @example
1546
+ *
1547
+ * var wordArray = CryptoJS.enc.Utf16LE.parse(utf16Str);
1548
+ */
1549
+ parse: function (utf16Str) {
1550
+ // Shortcut
1551
+ var utf16StrLength = utf16Str.length;
1552
+
1553
+ // Convert
1554
+ var words = [];
1555
+ for (var i = 0; i < utf16StrLength; i++) {
1556
+ words[i >>> 1] |= swapEndian(utf16Str.charCodeAt(i) << (16 - (i % 2) * 16));
1557
+ }
1558
+
1559
+ return WordArray.create(words, utf16StrLength * 2);
1560
+ }
1561
+ };
1562
+
1563
+ function swapEndian(word) {
1564
+ return ((word << 8) & 0xff00ff00) | ((word >>> 8) & 0x00ff00ff);
1565
+ }
1566
+ }());
1567
+
1568
+
1569
+ (function () {
1570
+ // Check if typed arrays are supported
1571
+ if (typeof ArrayBuffer != 'function') {
1572
+ return;
1573
+ }
1574
+
1575
+ // Shortcuts
1576
+ var C = CryptoJS;
1577
+ var C_lib = C.lib;
1578
+ var WordArray = C_lib.WordArray;
1579
+
1580
+ // Reference original init
1581
+ var superInit = WordArray.init;
1582
+
1583
+ // Augment WordArray.init to handle typed arrays
1584
+ var subInit = WordArray.init = function (typedArray) {
1585
+ // Convert buffers to uint8
1586
+ if (typedArray instanceof ArrayBuffer) {
1587
+ typedArray = new Uint8Array(typedArray);
1588
+ }
1589
+
1590
+ // Convert other array views to uint8
1591
+ if (
1592
+ typedArray instanceof Int8Array ||
1593
+ (typeof Uint8ClampedArray !== "undefined" && typedArray instanceof Uint8ClampedArray) ||
1594
+ typedArray instanceof Int16Array ||
1595
+ typedArray instanceof Uint16Array ||
1596
+ typedArray instanceof Int32Array ||
1597
+ typedArray instanceof Uint32Array ||
1598
+ typedArray instanceof Float32Array ||
1599
+ typedArray instanceof Float64Array
1600
+ ) {
1601
+ typedArray = new Uint8Array(typedArray.buffer, typedArray.byteOffset, typedArray.byteLength);
1602
+ }
1603
+
1604
+ // Handle Uint8Array
1605
+ if (typedArray instanceof Uint8Array) {
1606
+ // Shortcut
1607
+ var typedArrayByteLength = typedArray.byteLength;
1608
+
1609
+ // Extract bytes
1610
+ var words = [];
1611
+ for (var i = 0; i < typedArrayByteLength; i++) {
1612
+ words[i >>> 2] |= typedArray[i] << (24 - (i % 4) * 8);
1613
+ }
1614
+
1615
+ // Initialize this word array
1616
+ superInit.call(this, words, typedArrayByteLength);
1617
+ } else {
1618
+ // Else call normal init
1619
+ superInit.apply(this, arguments);
1620
+ }
1621
+ };
1622
+
1623
+ subInit.prototype = WordArray;
1624
+ }());
1625
+
1626
+
1627
+ /** @preserve
1628
+ (c) 2012 by Cédric Mesnil. All rights reserved.
1629
+
1630
+ Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
1631
+
1632
+ - Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
1633
+ - Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
1634
+
1635
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
1636
+ */
1637
+
1638
+ (function (Math) {
1639
+ // Shortcuts
1640
+ var C = CryptoJS;
1641
+ var C_lib = C.lib;
1642
+ var WordArray = C_lib.WordArray;
1643
+ var Hasher = C_lib.Hasher;
1644
+ var C_algo = C.algo;
1645
+
1646
+ // Constants table
1647
+ var _zl = WordArray.create([
1648
+ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
1649
+ 7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8,
1650
+ 3, 10, 14, 4, 9, 15, 8, 1, 2, 7, 0, 6, 13, 11, 5, 12,
1651
+ 1, 9, 11, 10, 0, 8, 12, 4, 13, 3, 7, 15, 14, 5, 6, 2,
1652
+ 4, 0, 5, 9, 7, 12, 2, 10, 14, 1, 3, 8, 11, 6, 15, 13]);
1653
+ var _zr = WordArray.create([
1654
+ 5, 14, 7, 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12,
1655
+ 6, 11, 3, 7, 0, 13, 5, 10, 14, 15, 8, 12, 4, 9, 1, 2,
1656
+ 15, 5, 1, 3, 7, 14, 6, 9, 11, 8, 12, 2, 10, 0, 4, 13,
1657
+ 8, 6, 4, 1, 3, 11, 15, 0, 5, 12, 2, 13, 9, 7, 10, 14,
1658
+ 12, 15, 10, 4, 1, 5, 8, 7, 6, 2, 13, 14, 0, 3, 9, 11]);
1659
+ var _sl = WordArray.create([
1660
+ 11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8,
1661
+ 7, 6, 8, 13, 11, 9, 7, 15, 7, 12, 15, 9, 11, 7, 13, 12,
1662
+ 11, 13, 6, 7, 14, 9, 13, 15, 14, 8, 13, 6, 5, 12, 7, 5,
1663
+ 11, 12, 14, 15, 14, 15, 9, 8, 9, 14, 5, 6, 8, 6, 5, 12,
1664
+ 9, 15, 5, 11, 6, 8, 13, 12, 5, 12, 13, 14, 11, 8, 5, 6 ]);
1665
+ var _sr = WordArray.create([
1666
+ 8, 9, 9, 11, 13, 15, 15, 5, 7, 7, 8, 11, 14, 14, 12, 6,
1667
+ 9, 13, 15, 7, 12, 8, 9, 11, 7, 7, 12, 7, 6, 15, 13, 11,
1668
+ 9, 7, 15, 11, 8, 6, 6, 14, 12, 13, 5, 14, 13, 13, 7, 5,
1669
+ 15, 5, 8, 11, 14, 14, 6, 14, 6, 9, 12, 9, 12, 5, 15, 8,
1670
+ 8, 5, 12, 9, 12, 5, 14, 6, 8, 13, 6, 5, 15, 13, 11, 11 ]);
1671
+
1672
+ var _hl = WordArray.create([ 0x00000000, 0x5A827999, 0x6ED9EBA1, 0x8F1BBCDC, 0xA953FD4E]);
1673
+ var _hr = WordArray.create([ 0x50A28BE6, 0x5C4DD124, 0x6D703EF3, 0x7A6D76E9, 0x00000000]);
1674
+
1675
+ /**
1676
+ * RIPEMD160 hash algorithm.
1677
+ */
1678
+ var RIPEMD160 = C_algo.RIPEMD160 = Hasher.extend({
1679
+ _doReset: function () {
1680
+ this._hash = WordArray.create([0x67452301, 0xEFCDAB89, 0x98BADCFE, 0x10325476, 0xC3D2E1F0]);
1681
+ },
1682
+
1683
+ _doProcessBlock: function (M, offset) {
1684
+
1685
+ // Swap endian
1686
+ for (var i = 0; i < 16; i++) {
1687
+ // Shortcuts
1688
+ var offset_i = offset + i;
1689
+ var M_offset_i = M[offset_i];
1690
+
1691
+ // Swap
1692
+ M[offset_i] = (
1693
+ (((M_offset_i << 8) | (M_offset_i >>> 24)) & 0x00ff00ff) |
1694
+ (((M_offset_i << 24) | (M_offset_i >>> 8)) & 0xff00ff00)
1695
+ );
1696
+ }
1697
+ // Shortcut
1698
+ var H = this._hash.words;
1699
+ var hl = _hl.words;
1700
+ var hr = _hr.words;
1701
+ var zl = _zl.words;
1702
+ var zr = _zr.words;
1703
+ var sl = _sl.words;
1704
+ var sr = _sr.words;
1705
+
1706
+ // Working variables
1707
+ var al, bl, cl, dl, el;
1708
+ var ar, br, cr, dr, er;
1709
+
1710
+ ar = al = H[0];
1711
+ br = bl = H[1];
1712
+ cr = cl = H[2];
1713
+ dr = dl = H[3];
1714
+ er = el = H[4];
1715
+ // Computation
1716
+ var t;
1717
+ for (var i = 0; i < 80; i += 1) {
1718
+ t = (al + M[offset+zl[i]])|0;
1719
+ if (i<16){
1720
+ t += f1(bl,cl,dl) + hl[0];
1721
+ } else if (i<32) {
1722
+ t += f2(bl,cl,dl) + hl[1];
1723
+ } else if (i<48) {
1724
+ t += f3(bl,cl,dl) + hl[2];
1725
+ } else if (i<64) {
1726
+ t += f4(bl,cl,dl) + hl[3];
1727
+ } else {// if (i<80) {
1728
+ t += f5(bl,cl,dl) + hl[4];
1729
+ }
1730
+ t = t|0;
1731
+ t = rotl(t,sl[i]);
1732
+ t = (t+el)|0;
1733
+ al = el;
1734
+ el = dl;
1735
+ dl = rotl(cl, 10);
1736
+ cl = bl;
1737
+ bl = t;
1738
+
1739
+ t = (ar + M[offset+zr[i]])|0;
1740
+ if (i<16){
1741
+ t += f5(br,cr,dr) + hr[0];
1742
+ } else if (i<32) {
1743
+ t += f4(br,cr,dr) + hr[1];
1744
+ } else if (i<48) {
1745
+ t += f3(br,cr,dr) + hr[2];
1746
+ } else if (i<64) {
1747
+ t += f2(br,cr,dr) + hr[3];
1748
+ } else {// if (i<80) {
1749
+ t += f1(br,cr,dr) + hr[4];
1750
+ }
1751
+ t = t|0;
1752
+ t = rotl(t,sr[i]) ;
1753
+ t = (t+er)|0;
1754
+ ar = er;
1755
+ er = dr;
1756
+ dr = rotl(cr, 10);
1757
+ cr = br;
1758
+ br = t;
1759
+ }
1760
+ // Intermediate hash value
1761
+ t = (H[1] + cl + dr)|0;
1762
+ H[1] = (H[2] + dl + er)|0;
1763
+ H[2] = (H[3] + el + ar)|0;
1764
+ H[3] = (H[4] + al + br)|0;
1765
+ H[4] = (H[0] + bl + cr)|0;
1766
+ H[0] = t;
1767
+ },
1768
+
1769
+ _doFinalize: function () {
1770
+ // Shortcuts
1771
+ var data = this._data;
1772
+ var dataWords = data.words;
1773
+
1774
+ var nBitsTotal = this._nDataBytes * 8;
1775
+ var nBitsLeft = data.sigBytes * 8;
1776
+
1777
+ // Add padding
1778
+ dataWords[nBitsLeft >>> 5] |= 0x80 << (24 - nBitsLeft % 32);
1779
+ dataWords[(((nBitsLeft + 64) >>> 9) << 4) + 14] = (
1780
+ (((nBitsTotal << 8) | (nBitsTotal >>> 24)) & 0x00ff00ff) |
1781
+ (((nBitsTotal << 24) | (nBitsTotal >>> 8)) & 0xff00ff00)
1782
+ );
1783
+ data.sigBytes = (dataWords.length + 1) * 4;
1784
+
1785
+ // Hash final blocks
1786
+ this._process();
1787
+
1788
+ // Shortcuts
1789
+ var hash = this._hash;
1790
+ var H = hash.words;
1791
+
1792
+ // Swap endian
1793
+ for (var i = 0; i < 5; i++) {
1794
+ // Shortcut
1795
+ var H_i = H[i];
1796
+
1797
+ // Swap
1798
+ H[i] = (((H_i << 8) | (H_i >>> 24)) & 0x00ff00ff) |
1799
+ (((H_i << 24) | (H_i >>> 8)) & 0xff00ff00);
1800
+ }
1801
+
1802
+ // Return final computed hash
1803
+ return hash;
1804
+ },
1805
+
1806
+ clone: function () {
1807
+ var clone = Hasher.clone.call(this);
1808
+ clone._hash = this._hash.clone();
1809
+
1810
+ return clone;
1811
+ }
1812
+ });
1813
+
1814
+
1815
+ function f1(x, y, z) {
1816
+ return ((x) ^ (y) ^ (z));
1817
+
1818
+ }
1819
+
1820
+ function f2(x, y, z) {
1821
+ return (((x)&(y)) | ((~x)&(z)));
1822
+ }
1823
+
1824
+ function f3(x, y, z) {
1825
+ return (((x) | (~(y))) ^ (z));
1826
+ }
1827
+
1828
+ function f4(x, y, z) {
1829
+ return (((x) & (z)) | ((y)&(~(z))));
1830
+ }
1831
+
1832
+ function f5(x, y, z) {
1833
+ return ((x) ^ ((y) |(~(z))));
1834
+
1835
+ }
1836
+
1837
+ function rotl(x,n) {
1838
+ return (x<<n) | (x>>>(32-n));
1839
+ }
1840
+
1841
+
1842
+ /**
1843
+ * Shortcut function to the hasher's object interface.
1844
+ *
1845
+ * @param {WordArray|string} message The message to hash.
1846
+ *
1847
+ * @return {WordArray} The hash.
1848
+ *
1849
+ * @static
1850
+ *
1851
+ * @example
1852
+ *
1853
+ * var hash = CryptoJS.RIPEMD160('message');
1854
+ * var hash = CryptoJS.RIPEMD160(wordArray);
1855
+ */
1856
+ C.RIPEMD160 = Hasher._createHelper(RIPEMD160);
1857
+
1858
+ /**
1859
+ * Shortcut function to the HMAC's object interface.
1860
+ *
1861
+ * @param {WordArray|string} message The message to hash.
1862
+ * @param {WordArray|string} key The secret key.
1863
+ *
1864
+ * @return {WordArray} The HMAC.
1865
+ *
1866
+ * @static
1867
+ *
1868
+ * @example
1869
+ *
1870
+ * var hmac = CryptoJS.HmacRIPEMD160(message, key);
1871
+ */
1872
+ C.HmacRIPEMD160 = Hasher._createHmacHelper(RIPEMD160);
1873
+ }(Math));
1874
+
1875
+
1876
+ (function () {
1877
+ // Shortcuts
1878
+ var C = CryptoJS;
1879
+ var C_lib = C.lib;
1880
+ var Base = C_lib.Base;
1881
+ var C_enc = C.enc;
1882
+ var Utf8 = C_enc.Utf8;
1883
+ var C_algo = C.algo;
1884
+
1885
+ /**
1886
+ * HMAC algorithm.
1887
+ */
1888
+ var HMAC = C_algo.HMAC = Base.extend({
1889
+ /**
1890
+ * Initializes a newly created HMAC.
1891
+ *
1892
+ * @param {Hasher} hasher The hash algorithm to use.
1893
+ * @param {WordArray|string} key The secret key.
1894
+ *
1895
+ * @example
1896
+ *
1897
+ * var hmacHasher = CryptoJS.algo.HMAC.create(CryptoJS.algo.SHA256, key);
1898
+ */
1899
+ init: function (hasher, key) {
1900
+ // Init hasher
1901
+ hasher = this._hasher = new hasher.init();
1902
+
1903
+ // Convert string to WordArray, else assume WordArray already
1904
+ if (typeof key == 'string') {
1905
+ key = Utf8.parse(key);
1906
+ }
1907
+
1908
+ // Shortcuts
1909
+ var hasherBlockSize = hasher.blockSize;
1910
+ var hasherBlockSizeBytes = hasherBlockSize * 4;
1911
+
1912
+ // Allow arbitrary length keys
1913
+ if (key.sigBytes > hasherBlockSizeBytes) {
1914
+ key = hasher.finalize(key);
1915
+ }
1916
+
1917
+ // Clamp excess bits
1918
+ key.clamp();
1919
+
1920
+ // Clone key for inner and outer pads
1921
+ var oKey = this._oKey = key.clone();
1922
+ var iKey = this._iKey = key.clone();
1923
+
1924
+ // Shortcuts
1925
+ var oKeyWords = oKey.words;
1926
+ var iKeyWords = iKey.words;
1927
+
1928
+ // XOR keys with pad constants
1929
+ for (var i = 0; i < hasherBlockSize; i++) {
1930
+ oKeyWords[i] ^= 0x5c5c5c5c;
1931
+ iKeyWords[i] ^= 0x36363636;
1932
+ }
1933
+ oKey.sigBytes = iKey.sigBytes = hasherBlockSizeBytes;
1934
+
1935
+ // Set initial values
1936
+ this.reset();
1937
+ },
1938
+
1939
+ /**
1940
+ * Resets this HMAC to its initial state.
1941
+ *
1942
+ * @example
1943
+ *
1944
+ * hmacHasher.reset();
1945
+ */
1946
+ reset: function () {
1947
+ // Shortcut
1948
+ var hasher = this._hasher;
1949
+
1950
+ // Reset
1951
+ hasher.reset();
1952
+ hasher.update(this._iKey);
1953
+ },
1954
+
1955
+ /**
1956
+ * Updates this HMAC with a message.
1957
+ *
1958
+ * @param {WordArray|string} messageUpdate The message to append.
1959
+ *
1960
+ * @return {HMAC} This HMAC instance.
1961
+ *
1962
+ * @example
1963
+ *
1964
+ * hmacHasher.update('message');
1965
+ * hmacHasher.update(wordArray);
1966
+ */
1967
+ update: function (messageUpdate) {
1968
+ this._hasher.update(messageUpdate);
1969
+
1970
+ // Chainable
1971
+ return this;
1972
+ },
1973
+
1974
+ /**
1975
+ * Finalizes the HMAC computation.
1976
+ * Note that the finalize operation is effectively a destructive, read-once operation.
1977
+ *
1978
+ * @param {WordArray|string} messageUpdate (Optional) A final message update.
1979
+ *
1980
+ * @return {WordArray} The HMAC.
1981
+ *
1982
+ * @example
1983
+ *
1984
+ * var hmac = hmacHasher.finalize();
1985
+ * var hmac = hmacHasher.finalize('message');
1986
+ * var hmac = hmacHasher.finalize(wordArray);
1987
+ */
1988
+ finalize: function (messageUpdate) {
1989
+ // Shortcut
1990
+ var hasher = this._hasher;
1991
+
1992
+ // Compute HMAC
1993
+ var innerHash = hasher.finalize(messageUpdate);
1994
+ hasher.reset();
1995
+ var hmac = hasher.finalize(this._oKey.clone().concat(innerHash));
1996
+
1997
+ return hmac;
1998
+ }
1999
+ });
2000
+ }());
2001
+
2002
+
2003
+ (function () {
2004
+ // Shortcuts
2005
+ var C = CryptoJS;
2006
+ var C_lib = C.lib;
2007
+ var Base = C_lib.Base;
2008
+ var WordArray = C_lib.WordArray;
2009
+ var C_algo = C.algo;
2010
+ var SHA1 = C_algo.SHA1;
2011
+ var HMAC = C_algo.HMAC;
2012
+
2013
+ /**
2014
+ * Password-Based Key Derivation Function 2 algorithm.
2015
+ */
2016
+ var PBKDF2 = C_algo.PBKDF2 = Base.extend({
2017
+ /**
2018
+ * Configuration options.
2019
+ *
2020
+ * @property {number} keySize The key size in words to generate. Default: 4 (128 bits)
2021
+ * @property {Hasher} hasher The hasher to use. Default: SHA1
2022
+ * @property {number} iterations The number of iterations to perform. Default: 1
2023
+ */
2024
+ cfg: Base.extend({
2025
+ keySize: 128/32,
2026
+ hasher: SHA1,
2027
+ iterations: 1
2028
+ }),
2029
+
2030
+ /**
2031
+ * Initializes a newly created key derivation function.
2032
+ *
2033
+ * @param {Object} cfg (Optional) The configuration options to use for the derivation.
2034
+ *
2035
+ * @example
2036
+ *
2037
+ * var kdf = CryptoJS.algo.PBKDF2.create();
2038
+ * var kdf = CryptoJS.algo.PBKDF2.create({ keySize: 8 });
2039
+ * var kdf = CryptoJS.algo.PBKDF2.create({ keySize: 8, iterations: 1000 });
2040
+ */
2041
+ init: function (cfg) {
2042
+ this.cfg = this.cfg.extend(cfg);
2043
+ },
2044
+
2045
+ /**
2046
+ * Computes the Password-Based Key Derivation Function 2.
2047
+ *
2048
+ * @param {WordArray|string} password The password.
2049
+ * @param {WordArray|string} salt A salt.
2050
+ *
2051
+ * @return {WordArray} The derived key.
2052
+ *
2053
+ * @example
2054
+ *
2055
+ * var key = kdf.compute(password, salt);
2056
+ */
2057
+ compute: function (password, salt) {
2058
+ // Shortcut
2059
+ var cfg = this.cfg;
2060
+
2061
+ // Init HMAC
2062
+ var hmac = HMAC.create(cfg.hasher, password);
2063
+
2064
+ // Initial values
2065
+ var derivedKey = WordArray.create();
2066
+ var blockIndex = WordArray.create([0x00000001]);
2067
+
2068
+ // Shortcuts
2069
+ var derivedKeyWords = derivedKey.words;
2070
+ var blockIndexWords = blockIndex.words;
2071
+ var keySize = cfg.keySize;
2072
+ var iterations = cfg.iterations;
2073
+
2074
+ // Generate key
2075
+ while (derivedKeyWords.length < keySize) {
2076
+ var block = hmac.update(salt).finalize(blockIndex);
2077
+ hmac.reset();
2078
+
2079
+ // Shortcuts
2080
+ var blockWords = block.words;
2081
+ var blockWordsLength = blockWords.length;
2082
+
2083
+ // Iterations
2084
+ var intermediate = block;
2085
+ for (var i = 1; i < iterations; i++) {
2086
+ intermediate = hmac.finalize(intermediate);
2087
+ hmac.reset();
2088
+
2089
+ // Shortcut
2090
+ var intermediateWords = intermediate.words;
2091
+
2092
+ // XOR intermediate with block
2093
+ for (var j = 0; j < blockWordsLength; j++) {
2094
+ blockWords[j] ^= intermediateWords[j];
2095
+ }
2096
+ }
2097
+
2098
+ derivedKey.concat(block);
2099
+ blockIndexWords[0]++;
2100
+ }
2101
+ derivedKey.sigBytes = keySize * 4;
2102
+
2103
+ return derivedKey;
2104
+ }
2105
+ });
2106
+
2107
+ /**
2108
+ * Computes the Password-Based Key Derivation Function 2.
2109
+ *
2110
+ * @param {WordArray|string} password The password.
2111
+ * @param {WordArray|string} salt A salt.
2112
+ * @param {Object} cfg (Optional) The configuration options to use for this computation.
2113
+ *
2114
+ * @return {WordArray} The derived key.
2115
+ *
2116
+ * @static
2117
+ *
2118
+ * @example
2119
+ *
2120
+ * var key = CryptoJS.PBKDF2(password, salt);
2121
+ * var key = CryptoJS.PBKDF2(password, salt, { keySize: 8 });
2122
+ * var key = CryptoJS.PBKDF2(password, salt, { keySize: 8, iterations: 1000 });
2123
+ */
2124
+ C.PBKDF2 = function (password, salt, cfg) {
2125
+ return PBKDF2.create(cfg).compute(password, salt);
2126
+ };
2127
+ }());
2128
+
2129
+
2130
+ (function () {
2131
+ // Shortcuts
2132
+ var C = CryptoJS;
2133
+ var C_lib = C.lib;
2134
+ var Base = C_lib.Base;
2135
+ var WordArray = C_lib.WordArray;
2136
+ var C_algo = C.algo;
2137
+ var MD5 = C_algo.MD5;
2138
+
2139
+ /**
2140
+ * This key derivation function is meant to conform with EVP_BytesToKey.
2141
+ * www.openssl.org/docs/crypto/EVP_BytesToKey.html
2142
+ */
2143
+ var EvpKDF = C_algo.EvpKDF = Base.extend({
2144
+ /**
2145
+ * Configuration options.
2146
+ *
2147
+ * @property {number} keySize The key size in words to generate. Default: 4 (128 bits)
2148
+ * @property {Hasher} hasher The hash algorithm to use. Default: MD5
2149
+ * @property {number} iterations The number of iterations to perform. Default: 1
2150
+ */
2151
+ cfg: Base.extend({
2152
+ keySize: 128/32,
2153
+ hasher: MD5,
2154
+ iterations: 1
2155
+ }),
2156
+
2157
+ /**
2158
+ * Initializes a newly created key derivation function.
2159
+ *
2160
+ * @param {Object} cfg (Optional) The configuration options to use for the derivation.
2161
+ *
2162
+ * @example
2163
+ *
2164
+ * var kdf = CryptoJS.algo.EvpKDF.create();
2165
+ * var kdf = CryptoJS.algo.EvpKDF.create({ keySize: 8 });
2166
+ * var kdf = CryptoJS.algo.EvpKDF.create({ keySize: 8, iterations: 1000 });
2167
+ */
2168
+ init: function (cfg) {
2169
+ this.cfg = this.cfg.extend(cfg);
2170
+ },
2171
+
2172
+ /**
2173
+ * Derives a key from a password.
2174
+ *
2175
+ * @param {WordArray|string} password The password.
2176
+ * @param {WordArray|string} salt A salt.
2177
+ *
2178
+ * @return {WordArray} The derived key.
2179
+ *
2180
+ * @example
2181
+ *
2182
+ * var key = kdf.compute(password, salt);
2183
+ */
2184
+ compute: function (password, salt) {
2185
+ // Shortcut
2186
+ var cfg = this.cfg;
2187
+
2188
+ // Init hasher
2189
+ var hasher = cfg.hasher.create();
2190
+
2191
+ // Initial values
2192
+ var derivedKey = WordArray.create();
2193
+
2194
+ // Shortcuts
2195
+ var derivedKeyWords = derivedKey.words;
2196
+ var keySize = cfg.keySize;
2197
+ var iterations = cfg.iterations;
2198
+
2199
+ // Generate key
2200
+ while (derivedKeyWords.length < keySize) {
2201
+ if (block) {
2202
+ hasher.update(block);
2203
+ }
2204
+ var block = hasher.update(password).finalize(salt);
2205
+ hasher.reset();
2206
+
2207
+ // Iterations
2208
+ for (var i = 1; i < iterations; i++) {
2209
+ block = hasher.finalize(block);
2210
+ hasher.reset();
2211
+ }
2212
+
2213
+ derivedKey.concat(block);
2214
+ }
2215
+ derivedKey.sigBytes = keySize * 4;
2216
+
2217
+ return derivedKey;
2218
+ }
2219
+ });
2220
+
2221
+ /**
2222
+ * Derives a key from a password.
2223
+ *
2224
+ * @param {WordArray|string} password The password.
2225
+ * @param {WordArray|string} salt A salt.
2226
+ * @param {Object} cfg (Optional) The configuration options to use for this computation.
2227
+ *
2228
+ * @return {WordArray} The derived key.
2229
+ *
2230
+ * @static
2231
+ *
2232
+ * @example
2233
+ *
2234
+ * var key = CryptoJS.EvpKDF(password, salt);
2235
+ * var key = CryptoJS.EvpKDF(password, salt, { keySize: 8 });
2236
+ * var key = CryptoJS.EvpKDF(password, salt, { keySize: 8, iterations: 1000 });
2237
+ */
2238
+ C.EvpKDF = function (password, salt, cfg) {
2239
+ return EvpKDF.create(cfg).compute(password, salt);
2240
+ };
2241
+ }());
2242
+
2243
+
2244
+ (function () {
2245
+ // Shortcuts
2246
+ var C = CryptoJS;
2247
+ var C_lib = C.lib;
2248
+ var WordArray = C_lib.WordArray;
2249
+ var C_algo = C.algo;
2250
+ var SHA256 = C_algo.SHA256;
2251
+
2252
+ /**
2253
+ * SHA-224 hash algorithm.
2254
+ */
2255
+ var SHA224 = C_algo.SHA224 = SHA256.extend({
2256
+ _doReset: function () {
2257
+ this._hash = new WordArray.init([
2258
+ 0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939,
2259
+ 0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4
2260
+ ]);
2261
+ },
2262
+
2263
+ _doFinalize: function () {
2264
+ var hash = SHA256._doFinalize.call(this);
2265
+
2266
+ hash.sigBytes -= 4;
2267
+
2268
+ return hash;
2269
+ }
2270
+ });
2271
+
2272
+ /**
2273
+ * Shortcut function to the hasher's object interface.
2274
+ *
2275
+ * @param {WordArray|string} message The message to hash.
2276
+ *
2277
+ * @return {WordArray} The hash.
2278
+ *
2279
+ * @static
2280
+ *
2281
+ * @example
2282
+ *
2283
+ * var hash = CryptoJS.SHA224('message');
2284
+ * var hash = CryptoJS.SHA224(wordArray);
2285
+ */
2286
+ C.SHA224 = SHA256._createHelper(SHA224);
2287
+
2288
+ /**
2289
+ * Shortcut function to the HMAC's object interface.
2290
+ *
2291
+ * @param {WordArray|string} message The message to hash.
2292
+ * @param {WordArray|string} key The secret key.
2293
+ *
2294
+ * @return {WordArray} The HMAC.
2295
+ *
2296
+ * @static
2297
+ *
2298
+ * @example
2299
+ *
2300
+ * var hmac = CryptoJS.HmacSHA224(message, key);
2301
+ */
2302
+ C.HmacSHA224 = SHA256._createHmacHelper(SHA224);
2303
+ }());
2304
+
2305
+
2306
+ (function (undefined) {
2307
+ // Shortcuts
2308
+ var C = CryptoJS;
2309
+ var C_lib = C.lib;
2310
+ var Base = C_lib.Base;
2311
+ var X32WordArray = C_lib.WordArray;
2312
+
2313
+ /**
2314
+ * x64 namespace.
2315
+ */
2316
+ var C_x64 = C.x64 = {};
2317
+
2318
+ /**
2319
+ * A 64-bit word.
2320
+ */
2321
+ var X64Word = C_x64.Word = Base.extend({
2322
+ /**
2323
+ * Initializes a newly created 64-bit word.
2324
+ *
2325
+ * @param {number} high The high 32 bits.
2326
+ * @param {number} low The low 32 bits.
2327
+ *
2328
+ * @example
2329
+ *
2330
+ * var x64Word = CryptoJS.x64.Word.create(0x00010203, 0x04050607);
2331
+ */
2332
+ init: function (high, low) {
2333
+ this.high = high;
2334
+ this.low = low;
2335
+ }
2336
+
2337
+ /**
2338
+ * Bitwise NOTs this word.
2339
+ *
2340
+ * @return {X64Word} A new x64-Word object after negating.
2341
+ *
2342
+ * @example
2343
+ *
2344
+ * var negated = x64Word.not();
2345
+ */
2346
+ // not: function () {
2347
+ // var high = ~this.high;
2348
+ // var low = ~this.low;
2349
+
2350
+ // return X64Word.create(high, low);
2351
+ // },
2352
+
2353
+ /**
2354
+ * Bitwise ANDs this word with the passed word.
2355
+ *
2356
+ * @param {X64Word} word The x64-Word to AND with this word.
2357
+ *
2358
+ * @return {X64Word} A new x64-Word object after ANDing.
2359
+ *
2360
+ * @example
2361
+ *
2362
+ * var anded = x64Word.and(anotherX64Word);
2363
+ */
2364
+ // and: function (word) {
2365
+ // var high = this.high & word.high;
2366
+ // var low = this.low & word.low;
2367
+
2368
+ // return X64Word.create(high, low);
2369
+ // },
2370
+
2371
+ /**
2372
+ * Bitwise ORs this word with the passed word.
2373
+ *
2374
+ * @param {X64Word} word The x64-Word to OR with this word.
2375
+ *
2376
+ * @return {X64Word} A new x64-Word object after ORing.
2377
+ *
2378
+ * @example
2379
+ *
2380
+ * var ored = x64Word.or(anotherX64Word);
2381
+ */
2382
+ // or: function (word) {
2383
+ // var high = this.high | word.high;
2384
+ // var low = this.low | word.low;
2385
+
2386
+ // return X64Word.create(high, low);
2387
+ // },
2388
+
2389
+ /**
2390
+ * Bitwise XORs this word with the passed word.
2391
+ *
2392
+ * @param {X64Word} word The x64-Word to XOR with this word.
2393
+ *
2394
+ * @return {X64Word} A new x64-Word object after XORing.
2395
+ *
2396
+ * @example
2397
+ *
2398
+ * var xored = x64Word.xor(anotherX64Word);
2399
+ */
2400
+ // xor: function (word) {
2401
+ // var high = this.high ^ word.high;
2402
+ // var low = this.low ^ word.low;
2403
+
2404
+ // return X64Word.create(high, low);
2405
+ // },
2406
+
2407
+ /**
2408
+ * Shifts this word n bits to the left.
2409
+ *
2410
+ * @param {number} n The number of bits to shift.
2411
+ *
2412
+ * @return {X64Word} A new x64-Word object after shifting.
2413
+ *
2414
+ * @example
2415
+ *
2416
+ * var shifted = x64Word.shiftL(25);
2417
+ */
2418
+ // shiftL: function (n) {
2419
+ // if (n < 32) {
2420
+ // var high = (this.high << n) | (this.low >>> (32 - n));
2421
+ // var low = this.low << n;
2422
+ // } else {
2423
+ // var high = this.low << (n - 32);
2424
+ // var low = 0;
2425
+ // }
2426
+
2427
+ // return X64Word.create(high, low);
2428
+ // },
2429
+
2430
+ /**
2431
+ * Shifts this word n bits to the right.
2432
+ *
2433
+ * @param {number} n The number of bits to shift.
2434
+ *
2435
+ * @return {X64Word} A new x64-Word object after shifting.
2436
+ *
2437
+ * @example
2438
+ *
2439
+ * var shifted = x64Word.shiftR(7);
2440
+ */
2441
+ // shiftR: function (n) {
2442
+ // if (n < 32) {
2443
+ // var low = (this.low >>> n) | (this.high << (32 - n));
2444
+ // var high = this.high >>> n;
2445
+ // } else {
2446
+ // var low = this.high >>> (n - 32);
2447
+ // var high = 0;
2448
+ // }
2449
+
2450
+ // return X64Word.create(high, low);
2451
+ // },
2452
+
2453
+ /**
2454
+ * Rotates this word n bits to the left.
2455
+ *
2456
+ * @param {number} n The number of bits to rotate.
2457
+ *
2458
+ * @return {X64Word} A new x64-Word object after rotating.
2459
+ *
2460
+ * @example
2461
+ *
2462
+ * var rotated = x64Word.rotL(25);
2463
+ */
2464
+ // rotL: function (n) {
2465
+ // return this.shiftL(n).or(this.shiftR(64 - n));
2466
+ // },
2467
+
2468
+ /**
2469
+ * Rotates this word n bits to the right.
2470
+ *
2471
+ * @param {number} n The number of bits to rotate.
2472
+ *
2473
+ * @return {X64Word} A new x64-Word object after rotating.
2474
+ *
2475
+ * @example
2476
+ *
2477
+ * var rotated = x64Word.rotR(7);
2478
+ */
2479
+ // rotR: function (n) {
2480
+ // return this.shiftR(n).or(this.shiftL(64 - n));
2481
+ // },
2482
+
2483
+ /**
2484
+ * Adds this word with the passed word.
2485
+ *
2486
+ * @param {X64Word} word The x64-Word to add with this word.
2487
+ *
2488
+ * @return {X64Word} A new x64-Word object after adding.
2489
+ *
2490
+ * @example
2491
+ *
2492
+ * var added = x64Word.add(anotherX64Word);
2493
+ */
2494
+ // add: function (word) {
2495
+ // var low = (this.low + word.low) | 0;
2496
+ // var carry = (low >>> 0) < (this.low >>> 0) ? 1 : 0;
2497
+ // var high = (this.high + word.high + carry) | 0;
2498
+
2499
+ // return X64Word.create(high, low);
2500
+ // }
2501
+ });
2502
+
2503
+ /**
2504
+ * An array of 64-bit words.
2505
+ *
2506
+ * @property {Array} words The array of CryptoJS.x64.Word objects.
2507
+ * @property {number} sigBytes The number of significant bytes in this word array.
2508
+ */
2509
+ var X64WordArray = C_x64.WordArray = Base.extend({
2510
+ /**
2511
+ * Initializes a newly created word array.
2512
+ *
2513
+ * @param {Array} words (Optional) An array of CryptoJS.x64.Word objects.
2514
+ * @param {number} sigBytes (Optional) The number of significant bytes in the words.
2515
+ *
2516
+ * @example
2517
+ *
2518
+ * var wordArray = CryptoJS.x64.WordArray.create();
2519
+ *
2520
+ * var wordArray = CryptoJS.x64.WordArray.create([
2521
+ * CryptoJS.x64.Word.create(0x00010203, 0x04050607),
2522
+ * CryptoJS.x64.Word.create(0x18191a1b, 0x1c1d1e1f)
2523
+ * ]);
2524
+ *
2525
+ * var wordArray = CryptoJS.x64.WordArray.create([
2526
+ * CryptoJS.x64.Word.create(0x00010203, 0x04050607),
2527
+ * CryptoJS.x64.Word.create(0x18191a1b, 0x1c1d1e1f)
2528
+ * ], 10);
2529
+ */
2530
+ init: function (words, sigBytes) {
2531
+ words = this.words = words || [];
2532
+
2533
+ if (sigBytes != undefined) {
2534
+ this.sigBytes = sigBytes;
2535
+ } else {
2536
+ this.sigBytes = words.length * 8;
2537
+ }
2538
+ },
2539
+
2540
+ /**
2541
+ * Converts this 64-bit word array to a 32-bit word array.
2542
+ *
2543
+ * @return {CryptoJS.lib.WordArray} This word array's data as a 32-bit word array.
2544
+ *
2545
+ * @example
2546
+ *
2547
+ * var x32WordArray = x64WordArray.toX32();
2548
+ */
2549
+ toX32: function () {
2550
+ // Shortcuts
2551
+ var x64Words = this.words;
2552
+ var x64WordsLength = x64Words.length;
2553
+
2554
+ // Convert
2555
+ var x32Words = [];
2556
+ for (var i = 0; i < x64WordsLength; i++) {
2557
+ var x64Word = x64Words[i];
2558
+ x32Words.push(x64Word.high);
2559
+ x32Words.push(x64Word.low);
2560
+ }
2561
+
2562
+ return X32WordArray.create(x32Words, this.sigBytes);
2563
+ },
2564
+
2565
+ /**
2566
+ * Creates a copy of this word array.
2567
+ *
2568
+ * @return {X64WordArray} The clone.
2569
+ *
2570
+ * @example
2571
+ *
2572
+ * var clone = x64WordArray.clone();
2573
+ */
2574
+ clone: function () {
2575
+ var clone = Base.clone.call(this);
2576
+
2577
+ // Clone "words" array
2578
+ var words = clone.words = this.words.slice(0);
2579
+
2580
+ // Clone each X64Word object
2581
+ var wordsLength = words.length;
2582
+ for (var i = 0; i < wordsLength; i++) {
2583
+ words[i] = words[i].clone();
2584
+ }
2585
+
2586
+ return clone;
2587
+ }
2588
+ });
2589
+ }());
2590
+
2591
+
2592
+ (function (Math) {
2593
+ // Shortcuts
2594
+ var C = CryptoJS;
2595
+ var C_lib = C.lib;
2596
+ var WordArray = C_lib.WordArray;
2597
+ var Hasher = C_lib.Hasher;
2598
+ var C_x64 = C.x64;
2599
+ var X64Word = C_x64.Word;
2600
+ var C_algo = C.algo;
2601
+
2602
+ // Constants tables
2603
+ var RHO_OFFSETS = [];
2604
+ var PI_INDEXES = [];
2605
+ var ROUND_CONSTANTS = [];
2606
+
2607
+ // Compute Constants
2608
+ (function () {
2609
+ // Compute rho offset constants
2610
+ var x = 1, y = 0;
2611
+ for (var t = 0; t < 24; t++) {
2612
+ RHO_OFFSETS[x + 5 * y] = ((t + 1) * (t + 2) / 2) % 64;
2613
+
2614
+ var newX = y % 5;
2615
+ var newY = (2 * x + 3 * y) % 5;
2616
+ x = newX;
2617
+ y = newY;
2618
+ }
2619
+
2620
+ // Compute pi index constants
2621
+ for (var x = 0; x < 5; x++) {
2622
+ for (var y = 0; y < 5; y++) {
2623
+ PI_INDEXES[x + 5 * y] = y + ((2 * x + 3 * y) % 5) * 5;
2624
+ }
2625
+ }
2626
+
2627
+ // Compute round constants
2628
+ var LFSR = 0x01;
2629
+ for (var i = 0; i < 24; i++) {
2630
+ var roundConstantMsw = 0;
2631
+ var roundConstantLsw = 0;
2632
+
2633
+ for (var j = 0; j < 7; j++) {
2634
+ if (LFSR & 0x01) {
2635
+ var bitPosition = (1 << j) - 1;
2636
+ if (bitPosition < 32) {
2637
+ roundConstantLsw ^= 1 << bitPosition;
2638
+ } else /* if (bitPosition >= 32) */ {
2639
+ roundConstantMsw ^= 1 << (bitPosition - 32);
2640
+ }
2641
+ }
2642
+
2643
+ // Compute next LFSR
2644
+ if (LFSR & 0x80) {
2645
+ // Primitive polynomial over GF(2): x^8 + x^6 + x^5 + x^4 + 1
2646
+ LFSR = (LFSR << 1) ^ 0x71;
2647
+ } else {
2648
+ LFSR <<= 1;
2649
+ }
2650
+ }
2651
+
2652
+ ROUND_CONSTANTS[i] = X64Word.create(roundConstantMsw, roundConstantLsw);
2653
+ }
2654
+ }());
2655
+
2656
+ // Reusable objects for temporary values
2657
+ var T = [];
2658
+ (function () {
2659
+ for (var i = 0; i < 25; i++) {
2660
+ T[i] = X64Word.create();
2661
+ }
2662
+ }());
2663
+
2664
+ /**
2665
+ * SHA-3 hash algorithm.
2666
+ */
2667
+ var SHA3 = C_algo.SHA3 = Hasher.extend({
2668
+ /**
2669
+ * Configuration options.
2670
+ *
2671
+ * @property {number} outputLength
2672
+ * The desired number of bits in the output hash.
2673
+ * Only values permitted are: 224, 256, 384, 512.
2674
+ * Default: 512
2675
+ */
2676
+ cfg: Hasher.cfg.extend({
2677
+ outputLength: 512
2678
+ }),
2679
+
2680
+ _doReset: function () {
2681
+ var state = this._state = []
2682
+ for (var i = 0; i < 25; i++) {
2683
+ state[i] = new X64Word.init();
2684
+ }
2685
+
2686
+ this.blockSize = (1600 - 2 * this.cfg.outputLength) / 32;
2687
+ },
2688
+
2689
+ _doProcessBlock: function (M, offset) {
2690
+ // Shortcuts
2691
+ var state = this._state;
2692
+ var nBlockSizeLanes = this.blockSize / 2;
2693
+
2694
+ // Absorb
2695
+ for (var i = 0; i < nBlockSizeLanes; i++) {
2696
+ // Shortcuts
2697
+ var M2i = M[offset + 2 * i];
2698
+ var M2i1 = M[offset + 2 * i + 1];
2699
+
2700
+ // Swap endian
2701
+ M2i = (
2702
+ (((M2i << 8) | (M2i >>> 24)) & 0x00ff00ff) |
2703
+ (((M2i << 24) | (M2i >>> 8)) & 0xff00ff00)
2704
+ );
2705
+ M2i1 = (
2706
+ (((M2i1 << 8) | (M2i1 >>> 24)) & 0x00ff00ff) |
2707
+ (((M2i1 << 24) | (M2i1 >>> 8)) & 0xff00ff00)
2708
+ );
2709
+
2710
+ // Absorb message into state
2711
+ var lane = state[i];
2712
+ lane.high ^= M2i1;
2713
+ lane.low ^= M2i;
2714
+ }
2715
+
2716
+ // Rounds
2717
+ for (var round = 0; round < 24; round++) {
2718
+ // Theta
2719
+ for (var x = 0; x < 5; x++) {
2720
+ // Mix column lanes
2721
+ var tMsw = 0, tLsw = 0;
2722
+ for (var y = 0; y < 5; y++) {
2723
+ var lane = state[x + 5 * y];
2724
+ tMsw ^= lane.high;
2725
+ tLsw ^= lane.low;
2726
+ }
2727
+
2728
+ // Temporary values
2729
+ var Tx = T[x];
2730
+ Tx.high = tMsw;
2731
+ Tx.low = tLsw;
2732
+ }
2733
+ for (var x = 0; x < 5; x++) {
2734
+ // Shortcuts
2735
+ var Tx4 = T[(x + 4) % 5];
2736
+ var Tx1 = T[(x + 1) % 5];
2737
+ var Tx1Msw = Tx1.high;
2738
+ var Tx1Lsw = Tx1.low;
2739
+
2740
+ // Mix surrounding columns
2741
+ var tMsw = Tx4.high ^ ((Tx1Msw << 1) | (Tx1Lsw >>> 31));
2742
+ var tLsw = Tx4.low ^ ((Tx1Lsw << 1) | (Tx1Msw >>> 31));
2743
+ for (var y = 0; y < 5; y++) {
2744
+ var lane = state[x + 5 * y];
2745
+ lane.high ^= tMsw;
2746
+ lane.low ^= tLsw;
2747
+ }
2748
+ }
2749
+
2750
+ // Rho Pi
2751
+ for (var laneIndex = 1; laneIndex < 25; laneIndex++) {
2752
+ // Shortcuts
2753
+ var lane = state[laneIndex];
2754
+ var laneMsw = lane.high;
2755
+ var laneLsw = lane.low;
2756
+ var rhoOffset = RHO_OFFSETS[laneIndex];
2757
+
2758
+ // Rotate lanes
2759
+ if (rhoOffset < 32) {
2760
+ var tMsw = (laneMsw << rhoOffset) | (laneLsw >>> (32 - rhoOffset));
2761
+ var tLsw = (laneLsw << rhoOffset) | (laneMsw >>> (32 - rhoOffset));
2762
+ } else /* if (rhoOffset >= 32) */ {
2763
+ var tMsw = (laneLsw << (rhoOffset - 32)) | (laneMsw >>> (64 - rhoOffset));
2764
+ var tLsw = (laneMsw << (rhoOffset - 32)) | (laneLsw >>> (64 - rhoOffset));
2765
+ }
2766
+
2767
+ // Transpose lanes
2768
+ var TPiLane = T[PI_INDEXES[laneIndex]];
2769
+ TPiLane.high = tMsw;
2770
+ TPiLane.low = tLsw;
2771
+ }
2772
+
2773
+ // Rho pi at x = y = 0
2774
+ var T0 = T[0];
2775
+ var state0 = state[0];
2776
+ T0.high = state0.high;
2777
+ T0.low = state0.low;
2778
+
2779
+ // Chi
2780
+ for (var x = 0; x < 5; x++) {
2781
+ for (var y = 0; y < 5; y++) {
2782
+ // Shortcuts
2783
+ var laneIndex = x + 5 * y;
2784
+ var lane = state[laneIndex];
2785
+ var TLane = T[laneIndex];
2786
+ var Tx1Lane = T[((x + 1) % 5) + 5 * y];
2787
+ var Tx2Lane = T[((x + 2) % 5) + 5 * y];
2788
+
2789
+ // Mix rows
2790
+ lane.high = TLane.high ^ (~Tx1Lane.high & Tx2Lane.high);
2791
+ lane.low = TLane.low ^ (~Tx1Lane.low & Tx2Lane.low);
2792
+ }
2793
+ }
2794
+
2795
+ // Iota
2796
+ var lane = state[0];
2797
+ var roundConstant = ROUND_CONSTANTS[round];
2798
+ lane.high ^= roundConstant.high;
2799
+ lane.low ^= roundConstant.low;;
2800
+ }
2801
+ },
2802
+
2803
+ _doFinalize: function () {
2804
+ // Shortcuts
2805
+ var data = this._data;
2806
+ var dataWords = data.words;
2807
+ var nBitsTotal = this._nDataBytes * 8;
2808
+ var nBitsLeft = data.sigBytes * 8;
2809
+ var blockSizeBits = this.blockSize * 32;
2810
+
2811
+ // Add padding
2812
+ dataWords[nBitsLeft >>> 5] |= 0x1 << (24 - nBitsLeft % 32);
2813
+ dataWords[((Math.ceil((nBitsLeft + 1) / blockSizeBits) * blockSizeBits) >>> 5) - 1] |= 0x80;
2814
+ data.sigBytes = dataWords.length * 4;
2815
+
2816
+ // Hash final blocks
2817
+ this._process();
2818
+
2819
+ // Shortcuts
2820
+ var state = this._state;
2821
+ var outputLengthBytes = this.cfg.outputLength / 8;
2822
+ var outputLengthLanes = outputLengthBytes / 8;
2823
+
2824
+ // Squeeze
2825
+ var hashWords = [];
2826
+ for (var i = 0; i < outputLengthLanes; i++) {
2827
+ // Shortcuts
2828
+ var lane = state[i];
2829
+ var laneMsw = lane.high;
2830
+ var laneLsw = lane.low;
2831
+
2832
+ // Swap endian
2833
+ laneMsw = (
2834
+ (((laneMsw << 8) | (laneMsw >>> 24)) & 0x00ff00ff) |
2835
+ (((laneMsw << 24) | (laneMsw >>> 8)) & 0xff00ff00)
2836
+ );
2837
+ laneLsw = (
2838
+ (((laneLsw << 8) | (laneLsw >>> 24)) & 0x00ff00ff) |
2839
+ (((laneLsw << 24) | (laneLsw >>> 8)) & 0xff00ff00)
2840
+ );
2841
+
2842
+ // Squeeze state to retrieve hash
2843
+ hashWords.push(laneLsw);
2844
+ hashWords.push(laneMsw);
2845
+ }
2846
+
2847
+ // Return final computed hash
2848
+ return new WordArray.init(hashWords, outputLengthBytes);
2849
+ },
2850
+
2851
+ clone: function () {
2852
+ var clone = Hasher.clone.call(this);
2853
+
2854
+ var state = clone._state = this._state.slice(0);
2855
+ for (var i = 0; i < 25; i++) {
2856
+ state[i] = state[i].clone();
2857
+ }
2858
+
2859
+ return clone;
2860
+ }
2861
+ });
2862
+
2863
+ /**
2864
+ * Shortcut function to the hasher's object interface.
2865
+ *
2866
+ * @param {WordArray|string} message The message to hash.
2867
+ *
2868
+ * @return {WordArray} The hash.
2869
+ *
2870
+ * @static
2871
+ *
2872
+ * @example
2873
+ *
2874
+ * var hash = CryptoJS.SHA3('message');
2875
+ * var hash = CryptoJS.SHA3(wordArray);
2876
+ */
2877
+ C.SHA3 = Hasher._createHelper(SHA3);
2878
+
2879
+ /**
2880
+ * Shortcut function to the HMAC's object interface.
2881
+ *
2882
+ * @param {WordArray|string} message The message to hash.
2883
+ * @param {WordArray|string} key The secret key.
2884
+ *
2885
+ * @return {WordArray} The HMAC.
2886
+ *
2887
+ * @static
2888
+ *
2889
+ * @example
2890
+ *
2891
+ * var hmac = CryptoJS.HmacSHA3(message, key);
2892
+ */
2893
+ C.HmacSHA3 = Hasher._createHmacHelper(SHA3);
2894
+ }(Math));
2895
+
2896
+
2897
+ (function () {
2898
+ // Shortcuts
2899
+ var C = CryptoJS;
2900
+ var C_lib = C.lib;
2901
+ var Hasher = C_lib.Hasher;
2902
+ var C_x64 = C.x64;
2903
+ var X64Word = C_x64.Word;
2904
+ var X64WordArray = C_x64.WordArray;
2905
+ var C_algo = C.algo;
2906
+
2907
+ function X64Word_create() {
2908
+ return X64Word.create.apply(X64Word, arguments);
2909
+ }
2910
+
2911
+ // Constants
2912
+ var K = [
2913
+ X64Word_create(0x428a2f98, 0xd728ae22), X64Word_create(0x71374491, 0x23ef65cd),
2914
+ X64Word_create(0xb5c0fbcf, 0xec4d3b2f), X64Word_create(0xe9b5dba5, 0x8189dbbc),
2915
+ X64Word_create(0x3956c25b, 0xf348b538), X64Word_create(0x59f111f1, 0xb605d019),
2916
+ X64Word_create(0x923f82a4, 0xaf194f9b), X64Word_create(0xab1c5ed5, 0xda6d8118),
2917
+ X64Word_create(0xd807aa98, 0xa3030242), X64Word_create(0x12835b01, 0x45706fbe),
2918
+ X64Word_create(0x243185be, 0x4ee4b28c), X64Word_create(0x550c7dc3, 0xd5ffb4e2),
2919
+ X64Word_create(0x72be5d74, 0xf27b896f), X64Word_create(0x80deb1fe, 0x3b1696b1),
2920
+ X64Word_create(0x9bdc06a7, 0x25c71235), X64Word_create(0xc19bf174, 0xcf692694),
2921
+ X64Word_create(0xe49b69c1, 0x9ef14ad2), X64Word_create(0xefbe4786, 0x384f25e3),
2922
+ X64Word_create(0x0fc19dc6, 0x8b8cd5b5), X64Word_create(0x240ca1cc, 0x77ac9c65),
2923
+ X64Word_create(0x2de92c6f, 0x592b0275), X64Word_create(0x4a7484aa, 0x6ea6e483),
2924
+ X64Word_create(0x5cb0a9dc, 0xbd41fbd4), X64Word_create(0x76f988da, 0x831153b5),
2925
+ X64Word_create(0x983e5152, 0xee66dfab), X64Word_create(0xa831c66d, 0x2db43210),
2926
+ X64Word_create(0xb00327c8, 0x98fb213f), X64Word_create(0xbf597fc7, 0xbeef0ee4),
2927
+ X64Word_create(0xc6e00bf3, 0x3da88fc2), X64Word_create(0xd5a79147, 0x930aa725),
2928
+ X64Word_create(0x06ca6351, 0xe003826f), X64Word_create(0x14292967, 0x0a0e6e70),
2929
+ X64Word_create(0x27b70a85, 0x46d22ffc), X64Word_create(0x2e1b2138, 0x5c26c926),
2930
+ X64Word_create(0x4d2c6dfc, 0x5ac42aed), X64Word_create(0x53380d13, 0x9d95b3df),
2931
+ X64Word_create(0x650a7354, 0x8baf63de), X64Word_create(0x766a0abb, 0x3c77b2a8),
2932
+ X64Word_create(0x81c2c92e, 0x47edaee6), X64Word_create(0x92722c85, 0x1482353b),
2933
+ X64Word_create(0xa2bfe8a1, 0x4cf10364), X64Word_create(0xa81a664b, 0xbc423001),
2934
+ X64Word_create(0xc24b8b70, 0xd0f89791), X64Word_create(0xc76c51a3, 0x0654be30),
2935
+ X64Word_create(0xd192e819, 0xd6ef5218), X64Word_create(0xd6990624, 0x5565a910),
2936
+ X64Word_create(0xf40e3585, 0x5771202a), X64Word_create(0x106aa070, 0x32bbd1b8),
2937
+ X64Word_create(0x19a4c116, 0xb8d2d0c8), X64Word_create(0x1e376c08, 0x5141ab53),
2938
+ X64Word_create(0x2748774c, 0xdf8eeb99), X64Word_create(0x34b0bcb5, 0xe19b48a8),
2939
+ X64Word_create(0x391c0cb3, 0xc5c95a63), X64Word_create(0x4ed8aa4a, 0xe3418acb),
2940
+ X64Word_create(0x5b9cca4f, 0x7763e373), X64Word_create(0x682e6ff3, 0xd6b2b8a3),
2941
+ X64Word_create(0x748f82ee, 0x5defb2fc), X64Word_create(0x78a5636f, 0x43172f60),
2942
+ X64Word_create(0x84c87814, 0xa1f0ab72), X64Word_create(0x8cc70208, 0x1a6439ec),
2943
+ X64Word_create(0x90befffa, 0x23631e28), X64Word_create(0xa4506ceb, 0xde82bde9),
2944
+ X64Word_create(0xbef9a3f7, 0xb2c67915), X64Word_create(0xc67178f2, 0xe372532b),
2945
+ X64Word_create(0xca273ece, 0xea26619c), X64Word_create(0xd186b8c7, 0x21c0c207),
2946
+ X64Word_create(0xeada7dd6, 0xcde0eb1e), X64Word_create(0xf57d4f7f, 0xee6ed178),
2947
+ X64Word_create(0x06f067aa, 0x72176fba), X64Word_create(0x0a637dc5, 0xa2c898a6),
2948
+ X64Word_create(0x113f9804, 0xbef90dae), X64Word_create(0x1b710b35, 0x131c471b),
2949
+ X64Word_create(0x28db77f5, 0x23047d84), X64Word_create(0x32caab7b, 0x40c72493),
2950
+ X64Word_create(0x3c9ebe0a, 0x15c9bebc), X64Word_create(0x431d67c4, 0x9c100d4c),
2951
+ X64Word_create(0x4cc5d4be, 0xcb3e42b6), X64Word_create(0x597f299c, 0xfc657e2a),
2952
+ X64Word_create(0x5fcb6fab, 0x3ad6faec), X64Word_create(0x6c44198c, 0x4a475817)
2953
+ ];
2954
+
2955
+ // Reusable objects
2956
+ var W = [];
2957
+ (function () {
2958
+ for (var i = 0; i < 80; i++) {
2959
+ W[i] = X64Word_create();
2960
+ }
2961
+ }());
2962
+
2963
+ /**
2964
+ * SHA-512 hash algorithm.
2965
+ */
2966
+ var SHA512 = C_algo.SHA512 = Hasher.extend({
2967
+ _doReset: function () {
2968
+ this._hash = new X64WordArray.init([
2969
+ new X64Word.init(0x6a09e667, 0xf3bcc908), new X64Word.init(0xbb67ae85, 0x84caa73b),
2970
+ new X64Word.init(0x3c6ef372, 0xfe94f82b), new X64Word.init(0xa54ff53a, 0x5f1d36f1),
2971
+ new X64Word.init(0x510e527f, 0xade682d1), new X64Word.init(0x9b05688c, 0x2b3e6c1f),
2972
+ new X64Word.init(0x1f83d9ab, 0xfb41bd6b), new X64Word.init(0x5be0cd19, 0x137e2179)
2973
+ ]);
2974
+ },
2975
+
2976
+ _doProcessBlock: function (M, offset) {
2977
+ // Shortcuts
2978
+ var H = this._hash.words;
2979
+
2980
+ var H0 = H[0];
2981
+ var H1 = H[1];
2982
+ var H2 = H[2];
2983
+ var H3 = H[3];
2984
+ var H4 = H[4];
2985
+ var H5 = H[5];
2986
+ var H6 = H[6];
2987
+ var H7 = H[7];
2988
+
2989
+ var H0h = H0.high;
2990
+ var H0l = H0.low;
2991
+ var H1h = H1.high;
2992
+ var H1l = H1.low;
2993
+ var H2h = H2.high;
2994
+ var H2l = H2.low;
2995
+ var H3h = H3.high;
2996
+ var H3l = H3.low;
2997
+ var H4h = H4.high;
2998
+ var H4l = H4.low;
2999
+ var H5h = H5.high;
3000
+ var H5l = H5.low;
3001
+ var H6h = H6.high;
3002
+ var H6l = H6.low;
3003
+ var H7h = H7.high;
3004
+ var H7l = H7.low;
3005
+
3006
+ // Working variables
3007
+ var ah = H0h;
3008
+ var al = H0l;
3009
+ var bh = H1h;
3010
+ var bl = H1l;
3011
+ var ch = H2h;
3012
+ var cl = H2l;
3013
+ var dh = H3h;
3014
+ var dl = H3l;
3015
+ var eh = H4h;
3016
+ var el = H4l;
3017
+ var fh = H5h;
3018
+ var fl = H5l;
3019
+ var gh = H6h;
3020
+ var gl = H6l;
3021
+ var hh = H7h;
3022
+ var hl = H7l;
3023
+
3024
+ // Rounds
3025
+ for (var i = 0; i < 80; i++) {
3026
+ // Shortcut
3027
+ var Wi = W[i];
3028
+
3029
+ // Extend message
3030
+ if (i < 16) {
3031
+ var Wih = Wi.high = M[offset + i * 2] | 0;
3032
+ var Wil = Wi.low = M[offset + i * 2 + 1] | 0;
3033
+ } else {
3034
+ // Gamma0
3035
+ var gamma0x = W[i - 15];
3036
+ var gamma0xh = gamma0x.high;
3037
+ var gamma0xl = gamma0x.low;
3038
+ var gamma0h = ((gamma0xh >>> 1) | (gamma0xl << 31)) ^ ((gamma0xh >>> 8) | (gamma0xl << 24)) ^ (gamma0xh >>> 7);
3039
+ var gamma0l = ((gamma0xl >>> 1) | (gamma0xh << 31)) ^ ((gamma0xl >>> 8) | (gamma0xh << 24)) ^ ((gamma0xl >>> 7) | (gamma0xh << 25));
3040
+
3041
+ // Gamma1
3042
+ var gamma1x = W[i - 2];
3043
+ var gamma1xh = gamma1x.high;
3044
+ var gamma1xl = gamma1x.low;
3045
+ var gamma1h = ((gamma1xh >>> 19) | (gamma1xl << 13)) ^ ((gamma1xh << 3) | (gamma1xl >>> 29)) ^ (gamma1xh >>> 6);
3046
+ var gamma1l = ((gamma1xl >>> 19) | (gamma1xh << 13)) ^ ((gamma1xl << 3) | (gamma1xh >>> 29)) ^ ((gamma1xl >>> 6) | (gamma1xh << 26));
3047
+
3048
+ // W[i] = gamma0 + W[i - 7] + gamma1 + W[i - 16]
3049
+ var Wi7 = W[i - 7];
3050
+ var Wi7h = Wi7.high;
3051
+ var Wi7l = Wi7.low;
3052
+
3053
+ var Wi16 = W[i - 16];
3054
+ var Wi16h = Wi16.high;
3055
+ var Wi16l = Wi16.low;
3056
+
3057
+ var Wil = gamma0l + Wi7l;
3058
+ var Wih = gamma0h + Wi7h + ((Wil >>> 0) < (gamma0l >>> 0) ? 1 : 0);
3059
+ var Wil = Wil + gamma1l;
3060
+ var Wih = Wih + gamma1h + ((Wil >>> 0) < (gamma1l >>> 0) ? 1 : 0);
3061
+ var Wil = Wil + Wi16l;
3062
+ var Wih = Wih + Wi16h + ((Wil >>> 0) < (Wi16l >>> 0) ? 1 : 0);
3063
+
3064
+ Wi.high = Wih;
3065
+ Wi.low = Wil;
3066
+ }
3067
+
3068
+ var chh = (eh & fh) ^ (~eh & gh);
3069
+ var chl = (el & fl) ^ (~el & gl);
3070
+ var majh = (ah & bh) ^ (ah & ch) ^ (bh & ch);
3071
+ var majl = (al & bl) ^ (al & cl) ^ (bl & cl);
3072
+
3073
+ var sigma0h = ((ah >>> 28) | (al << 4)) ^ ((ah << 30) | (al >>> 2)) ^ ((ah << 25) | (al >>> 7));
3074
+ var sigma0l = ((al >>> 28) | (ah << 4)) ^ ((al << 30) | (ah >>> 2)) ^ ((al << 25) | (ah >>> 7));
3075
+ var sigma1h = ((eh >>> 14) | (el << 18)) ^ ((eh >>> 18) | (el << 14)) ^ ((eh << 23) | (el >>> 9));
3076
+ var sigma1l = ((el >>> 14) | (eh << 18)) ^ ((el >>> 18) | (eh << 14)) ^ ((el << 23) | (eh >>> 9));
3077
+
3078
+ // t1 = h + sigma1 + ch + K[i] + W[i]
3079
+ var Ki = K[i];
3080
+ var Kih = Ki.high;
3081
+ var Kil = Ki.low;
3082
+
3083
+ var t1l = hl + sigma1l;
3084
+ var t1h = hh + sigma1h + ((t1l >>> 0) < (hl >>> 0) ? 1 : 0);
3085
+ var t1l = t1l + chl;
3086
+ var t1h = t1h + chh + ((t1l >>> 0) < (chl >>> 0) ? 1 : 0);
3087
+ var t1l = t1l + Kil;
3088
+ var t1h = t1h + Kih + ((t1l >>> 0) < (Kil >>> 0) ? 1 : 0);
3089
+ var t1l = t1l + Wil;
3090
+ var t1h = t1h + Wih + ((t1l >>> 0) < (Wil >>> 0) ? 1 : 0);
3091
+
3092
+ // t2 = sigma0 + maj
3093
+ var t2l = sigma0l + majl;
3094
+ var t2h = sigma0h + majh + ((t2l >>> 0) < (sigma0l >>> 0) ? 1 : 0);
3095
+
3096
+ // Update working variables
3097
+ hh = gh;
3098
+ hl = gl;
3099
+ gh = fh;
3100
+ gl = fl;
3101
+ fh = eh;
3102
+ fl = el;
3103
+ el = (dl + t1l) | 0;
3104
+ eh = (dh + t1h + ((el >>> 0) < (dl >>> 0) ? 1 : 0)) | 0;
3105
+ dh = ch;
3106
+ dl = cl;
3107
+ ch = bh;
3108
+ cl = bl;
3109
+ bh = ah;
3110
+ bl = al;
3111
+ al = (t1l + t2l) | 0;
3112
+ ah = (t1h + t2h + ((al >>> 0) < (t1l >>> 0) ? 1 : 0)) | 0;
3113
+ }
3114
+
3115
+ // Intermediate hash value
3116
+ H0l = H0.low = (H0l + al);
3117
+ H0.high = (H0h + ah + ((H0l >>> 0) < (al >>> 0) ? 1 : 0));
3118
+ H1l = H1.low = (H1l + bl);
3119
+ H1.high = (H1h + bh + ((H1l >>> 0) < (bl >>> 0) ? 1 : 0));
3120
+ H2l = H2.low = (H2l + cl);
3121
+ H2.high = (H2h + ch + ((H2l >>> 0) < (cl >>> 0) ? 1 : 0));
3122
+ H3l = H3.low = (H3l + dl);
3123
+ H3.high = (H3h + dh + ((H3l >>> 0) < (dl >>> 0) ? 1 : 0));
3124
+ H4l = H4.low = (H4l + el);
3125
+ H4.high = (H4h + eh + ((H4l >>> 0) < (el >>> 0) ? 1 : 0));
3126
+ H5l = H5.low = (H5l + fl);
3127
+ H5.high = (H5h + fh + ((H5l >>> 0) < (fl >>> 0) ? 1 : 0));
3128
+ H6l = H6.low = (H6l + gl);
3129
+ H6.high = (H6h + gh + ((H6l >>> 0) < (gl >>> 0) ? 1 : 0));
3130
+ H7l = H7.low = (H7l + hl);
3131
+ H7.high = (H7h + hh + ((H7l >>> 0) < (hl >>> 0) ? 1 : 0));
3132
+ },
3133
+
3134
+ _doFinalize: function () {
3135
+ // Shortcuts
3136
+ var data = this._data;
3137
+ var dataWords = data.words;
3138
+
3139
+ var nBitsTotal = this._nDataBytes * 8;
3140
+ var nBitsLeft = data.sigBytes * 8;
3141
+
3142
+ // Add padding
3143
+ dataWords[nBitsLeft >>> 5] |= 0x80 << (24 - nBitsLeft % 32);
3144
+ dataWords[(((nBitsLeft + 128) >>> 10) << 5) + 30] = Math.floor(nBitsTotal / 0x100000000);
3145
+ dataWords[(((nBitsLeft + 128) >>> 10) << 5) + 31] = nBitsTotal;
3146
+ data.sigBytes = dataWords.length * 4;
3147
+
3148
+ // Hash final blocks
3149
+ this._process();
3150
+
3151
+ // Convert hash to 32-bit word array before returning
3152
+ var hash = this._hash.toX32();
3153
+
3154
+ // Return final computed hash
3155
+ return hash;
3156
+ },
3157
+
3158
+ clone: function () {
3159
+ var clone = Hasher.clone.call(this);
3160
+ clone._hash = this._hash.clone();
3161
+
3162
+ return clone;
3163
+ },
3164
+
3165
+ blockSize: 1024/32
3166
+ });
3167
+
3168
+ /**
3169
+ * Shortcut function to the hasher's object interface.
3170
+ *
3171
+ * @param {WordArray|string} message The message to hash.
3172
+ *
3173
+ * @return {WordArray} The hash.
3174
+ *
3175
+ * @static
3176
+ *
3177
+ * @example
3178
+ *
3179
+ * var hash = CryptoJS.SHA512('message');
3180
+ * var hash = CryptoJS.SHA512(wordArray);
3181
+ */
3182
+ C.SHA512 = Hasher._createHelper(SHA512);
3183
+
3184
+ /**
3185
+ * Shortcut function to the HMAC's object interface.
3186
+ *
3187
+ * @param {WordArray|string} message The message to hash.
3188
+ * @param {WordArray|string} key The secret key.
3189
+ *
3190
+ * @return {WordArray} The HMAC.
3191
+ *
3192
+ * @static
3193
+ *
3194
+ * @example
3195
+ *
3196
+ * var hmac = CryptoJS.HmacSHA512(message, key);
3197
+ */
3198
+ C.HmacSHA512 = Hasher._createHmacHelper(SHA512);
3199
+ }());
3200
+
3201
+
3202
+ (function () {
3203
+ // Shortcuts
3204
+ var C = CryptoJS;
3205
+ var C_x64 = C.x64;
3206
+ var X64Word = C_x64.Word;
3207
+ var X64WordArray = C_x64.WordArray;
3208
+ var C_algo = C.algo;
3209
+ var SHA512 = C_algo.SHA512;
3210
+
3211
+ /**
3212
+ * SHA-384 hash algorithm.
3213
+ */
3214
+ var SHA384 = C_algo.SHA384 = SHA512.extend({
3215
+ _doReset: function () {
3216
+ this._hash = new X64WordArray.init([
3217
+ new X64Word.init(0xcbbb9d5d, 0xc1059ed8), new X64Word.init(0x629a292a, 0x367cd507),
3218
+ new X64Word.init(0x9159015a, 0x3070dd17), new X64Word.init(0x152fecd8, 0xf70e5939),
3219
+ new X64Word.init(0x67332667, 0xffc00b31), new X64Word.init(0x8eb44a87, 0x68581511),
3220
+ new X64Word.init(0xdb0c2e0d, 0x64f98fa7), new X64Word.init(0x47b5481d, 0xbefa4fa4)
3221
+ ]);
3222
+ },
3223
+
3224
+ _doFinalize: function () {
3225
+ var hash = SHA512._doFinalize.call(this);
3226
+
3227
+ hash.sigBytes -= 16;
3228
+
3229
+ return hash;
3230
+ }
3231
+ });
3232
+
3233
+ /**
3234
+ * Shortcut function to the hasher's object interface.
3235
+ *
3236
+ * @param {WordArray|string} message The message to hash.
3237
+ *
3238
+ * @return {WordArray} The hash.
3239
+ *
3240
+ * @static
3241
+ *
3242
+ * @example
3243
+ *
3244
+ * var hash = CryptoJS.SHA384('message');
3245
+ * var hash = CryptoJS.SHA384(wordArray);
3246
+ */
3247
+ C.SHA384 = SHA512._createHelper(SHA384);
3248
+
3249
+ /**
3250
+ * Shortcut function to the HMAC's object interface.
3251
+ *
3252
+ * @param {WordArray|string} message The message to hash.
3253
+ * @param {WordArray|string} key The secret key.
3254
+ *
3255
+ * @return {WordArray} The HMAC.
3256
+ *
3257
+ * @static
3258
+ *
3259
+ * @example
3260
+ *
3261
+ * var hmac = CryptoJS.HmacSHA384(message, key);
3262
+ */
3263
+ C.HmacSHA384 = SHA512._createHmacHelper(SHA384);
3264
+ }());
3265
+
3266
+
3267
+ /**
3268
+ * Cipher core components.
3269
+ */
3270
+ CryptoJS.lib.Cipher || (function (undefined) {
3271
+ // Shortcuts
3272
+ var C = CryptoJS;
3273
+ var C_lib = C.lib;
3274
+ var Base = C_lib.Base;
3275
+ var WordArray = C_lib.WordArray;
3276
+ var BufferedBlockAlgorithm = C_lib.BufferedBlockAlgorithm;
3277
+ var C_enc = C.enc;
3278
+ var Utf8 = C_enc.Utf8;
3279
+ var Base64 = C_enc.Base64;
3280
+ var C_algo = C.algo;
3281
+ var EvpKDF = C_algo.EvpKDF;
3282
+
3283
+ /**
3284
+ * Abstract base cipher template.
3285
+ *
3286
+ * @property {number} keySize This cipher's key size. Default: 4 (128 bits)
3287
+ * @property {number} ivSize This cipher's IV size. Default: 4 (128 bits)
3288
+ * @property {number} _ENC_XFORM_MODE A constant representing encryption mode.
3289
+ * @property {number} _DEC_XFORM_MODE A constant representing decryption mode.
3290
+ */
3291
+ var Cipher = C_lib.Cipher = BufferedBlockAlgorithm.extend({
3292
+ /**
3293
+ * Configuration options.
3294
+ *
3295
+ * @property {WordArray} iv The IV to use for this operation.
3296
+ */
3297
+ cfg: Base.extend(),
3298
+
3299
+ /**
3300
+ * Creates this cipher in encryption mode.
3301
+ *
3302
+ * @param {WordArray} key The key.
3303
+ * @param {Object} cfg (Optional) The configuration options to use for this operation.
3304
+ *
3305
+ * @return {Cipher} A cipher instance.
3306
+ *
3307
+ * @static
3308
+ *
3309
+ * @example
3310
+ *
3311
+ * var cipher = CryptoJS.algo.AES.createEncryptor(keyWordArray, { iv: ivWordArray });
3312
+ */
3313
+ createEncryptor: function (key, cfg) {
3314
+ return this.create(this._ENC_XFORM_MODE, key, cfg);
3315
+ },
3316
+
3317
+ /**
3318
+ * Creates this cipher in decryption mode.
3319
+ *
3320
+ * @param {WordArray} key The key.
3321
+ * @param {Object} cfg (Optional) The configuration options to use for this operation.
3322
+ *
3323
+ * @return {Cipher} A cipher instance.
3324
+ *
3325
+ * @static
3326
+ *
3327
+ * @example
3328
+ *
3329
+ * var cipher = CryptoJS.algo.AES.createDecryptor(keyWordArray, { iv: ivWordArray });
3330
+ */
3331
+ createDecryptor: function (key, cfg) {
3332
+ return this.create(this._DEC_XFORM_MODE, key, cfg);
3333
+ },
3334
+
3335
+ /**
3336
+ * Initializes a newly created cipher.
3337
+ *
3338
+ * @param {number} xformMode Either the encryption or decryption transormation mode constant.
3339
+ * @param {WordArray} key The key.
3340
+ * @param {Object} cfg (Optional) The configuration options to use for this operation.
3341
+ *
3342
+ * @example
3343
+ *
3344
+ * var cipher = CryptoJS.algo.AES.create(CryptoJS.algo.AES._ENC_XFORM_MODE, keyWordArray, { iv: ivWordArray });
3345
+ */
3346
+ init: function (xformMode, key, cfg) {
3347
+ // Apply config defaults
3348
+ this.cfg = this.cfg.extend(cfg);
3349
+
3350
+ // Store transform mode and key
3351
+ this._xformMode = xformMode;
3352
+ this._key = key;
3353
+
3354
+ // Set initial values
3355
+ this.reset();
3356
+ },
3357
+
3358
+ /**
3359
+ * Resets this cipher to its initial state.
3360
+ *
3361
+ * @example
3362
+ *
3363
+ * cipher.reset();
3364
+ */
3365
+ reset: function () {
3366
+ // Reset data buffer
3367
+ BufferedBlockAlgorithm.reset.call(this);
3368
+
3369
+ // Perform concrete-cipher logic
3370
+ this._doReset();
3371
+ },
3372
+
3373
+ /**
3374
+ * Adds data to be encrypted or decrypted.
3375
+ *
3376
+ * @param {WordArray|string} dataUpdate The data to encrypt or decrypt.
3377
+ *
3378
+ * @return {WordArray} The data after processing.
3379
+ *
3380
+ * @example
3381
+ *
3382
+ * var encrypted = cipher.process('data');
3383
+ * var encrypted = cipher.process(wordArray);
3384
+ */
3385
+ process: function (dataUpdate) {
3386
+ // Append
3387
+ this._append(dataUpdate);
3388
+
3389
+ // Process available blocks
3390
+ return this._process();
3391
+ },
3392
+
3393
+ /**
3394
+ * Finalizes the encryption or decryption process.
3395
+ * Note that the finalize operation is effectively a destructive, read-once operation.
3396
+ *
3397
+ * @param {WordArray|string} dataUpdate The final data to encrypt or decrypt.
3398
+ *
3399
+ * @return {WordArray} The data after final processing.
3400
+ *
3401
+ * @example
3402
+ *
3403
+ * var encrypted = cipher.finalize();
3404
+ * var encrypted = cipher.finalize('data');
3405
+ * var encrypted = cipher.finalize(wordArray);
3406
+ */
3407
+ finalize: function (dataUpdate) {
3408
+ // Final data update
3409
+ if (dataUpdate) {
3410
+ this._append(dataUpdate);
3411
+ }
3412
+
3413
+ // Perform concrete-cipher logic
3414
+ var finalProcessedData = this._doFinalize();
3415
+
3416
+ return finalProcessedData;
3417
+ },
3418
+
3419
+ keySize: 128/32,
3420
+
3421
+ ivSize: 128/32,
3422
+
3423
+ _ENC_XFORM_MODE: 1,
3424
+
3425
+ _DEC_XFORM_MODE: 2,
3426
+
3427
+ /**
3428
+ * Creates shortcut functions to a cipher's object interface.
3429
+ *
3430
+ * @param {Cipher} cipher The cipher to create a helper for.
3431
+ *
3432
+ * @return {Object} An object with encrypt and decrypt shortcut functions.
3433
+ *
3434
+ * @static
3435
+ *
3436
+ * @example
3437
+ *
3438
+ * var AES = CryptoJS.lib.Cipher._createHelper(CryptoJS.algo.AES);
3439
+ */
3440
+ _createHelper: (function () {
3441
+ function selectCipherStrategy(key) {
3442
+ if (typeof key == 'string') {
3443
+ return PasswordBasedCipher;
3444
+ } else {
3445
+ return SerializableCipher;
3446
+ }
3447
+ }
3448
+
3449
+ return function (cipher) {
3450
+ return {
3451
+ encrypt: function (message, key, cfg) {
3452
+ return selectCipherStrategy(key).encrypt(cipher, message, key, cfg);
3453
+ },
3454
+
3455
+ decrypt: function (ciphertext, key, cfg) {
3456
+ return selectCipherStrategy(key).decrypt(cipher, ciphertext, key, cfg);
3457
+ }
3458
+ };
3459
+ };
3460
+ }())
3461
+ });
3462
+
3463
+ /**
3464
+ * Abstract base stream cipher template.
3465
+ *
3466
+ * @property {number} blockSize The number of 32-bit words this cipher operates on. Default: 1 (32 bits)
3467
+ */
3468
+ var StreamCipher = C_lib.StreamCipher = Cipher.extend({
3469
+ _doFinalize: function () {
3470
+ // Process partial blocks
3471
+ var finalProcessedBlocks = this._process(!!'flush');
3472
+
3473
+ return finalProcessedBlocks;
3474
+ },
3475
+
3476
+ blockSize: 1
3477
+ });
3478
+
3479
+ /**
3480
+ * Mode namespace.
3481
+ */
3482
+ var C_mode = C.mode = {};
3483
+
3484
+ /**
3485
+ * Abstract base block cipher mode template.
3486
+ */
3487
+ var BlockCipherMode = C_lib.BlockCipherMode = Base.extend({
3488
+ /**
3489
+ * Creates this mode for encryption.
3490
+ *
3491
+ * @param {Cipher} cipher A block cipher instance.
3492
+ * @param {Array} iv The IV words.
3493
+ *
3494
+ * @static
3495
+ *
3496
+ * @example
3497
+ *
3498
+ * var mode = CryptoJS.mode.CBC.createEncryptor(cipher, iv.words);
3499
+ */
3500
+ createEncryptor: function (cipher, iv) {
3501
+ return this.Encryptor.create(cipher, iv);
3502
+ },
3503
+
3504
+ /**
3505
+ * Creates this mode for decryption.
3506
+ *
3507
+ * @param {Cipher} cipher A block cipher instance.
3508
+ * @param {Array} iv The IV words.
3509
+ *
3510
+ * @static
3511
+ *
3512
+ * @example
3513
+ *
3514
+ * var mode = CryptoJS.mode.CBC.createDecryptor(cipher, iv.words);
3515
+ */
3516
+ createDecryptor: function (cipher, iv) {
3517
+ return this.Decryptor.create(cipher, iv);
3518
+ },
3519
+
3520
+ /**
3521
+ * Initializes a newly created mode.
3522
+ *
3523
+ * @param {Cipher} cipher A block cipher instance.
3524
+ * @param {Array} iv The IV words.
3525
+ *
3526
+ * @example
3527
+ *
3528
+ * var mode = CryptoJS.mode.CBC.Encryptor.create(cipher, iv.words);
3529
+ */
3530
+ init: function (cipher, iv) {
3531
+ this._cipher = cipher;
3532
+ this._iv = iv;
3533
+ }
3534
+ });
3535
+
3536
+ /**
3537
+ * Cipher Block Chaining mode.
3538
+ */
3539
+ var CBC = C_mode.CBC = (function () {
3540
+ /**
3541
+ * Abstract base CBC mode.
3542
+ */
3543
+ var CBC = BlockCipherMode.extend();
3544
+
3545
+ /**
3546
+ * CBC encryptor.
3547
+ */
3548
+ CBC.Encryptor = CBC.extend({
3549
+ /**
3550
+ * Processes the data block at offset.
3551
+ *
3552
+ * @param {Array} words The data words to operate on.
3553
+ * @param {number} offset The offset where the block starts.
3554
+ *
3555
+ * @example
3556
+ *
3557
+ * mode.processBlock(data.words, offset);
3558
+ */
3559
+ processBlock: function (words, offset) {
3560
+ // Shortcuts
3561
+ var cipher = this._cipher;
3562
+ var blockSize = cipher.blockSize;
3563
+
3564
+ // XOR and encrypt
3565
+ xorBlock.call(this, words, offset, blockSize);
3566
+ cipher.encryptBlock(words, offset);
3567
+
3568
+ // Remember this block to use with next block
3569
+ this._prevBlock = words.slice(offset, offset + blockSize);
3570
+ }
3571
+ });
3572
+
3573
+ /**
3574
+ * CBC decryptor.
3575
+ */
3576
+ CBC.Decryptor = CBC.extend({
3577
+ /**
3578
+ * Processes the data block at offset.
3579
+ *
3580
+ * @param {Array} words The data words to operate on.
3581
+ * @param {number} offset The offset where the block starts.
3582
+ *
3583
+ * @example
3584
+ *
3585
+ * mode.processBlock(data.words, offset);
3586
+ */
3587
+ processBlock: function (words, offset) {
3588
+ // Shortcuts
3589
+ var cipher = this._cipher;
3590
+ var blockSize = cipher.blockSize;
3591
+
3592
+ // Remember this block to use with next block
3593
+ var thisBlock = words.slice(offset, offset + blockSize);
3594
+
3595
+ // Decrypt and XOR
3596
+ cipher.decryptBlock(words, offset);
3597
+ xorBlock.call(this, words, offset, blockSize);
3598
+
3599
+ // This block becomes the previous block
3600
+ this._prevBlock = thisBlock;
3601
+ }
3602
+ });
3603
+
3604
+ function xorBlock(words, offset, blockSize) {
3605
+ // Shortcut
3606
+ var iv = this._iv;
3607
+
3608
+ // Choose mixing block
3609
+ if (iv) {
3610
+ var block = iv;
3611
+
3612
+ // Remove IV for subsequent blocks
3613
+ this._iv = undefined;
3614
+ } else {
3615
+ var block = this._prevBlock;
3616
+ }
3617
+
3618
+ // XOR blocks
3619
+ for (var i = 0; i < blockSize; i++) {
3620
+ words[offset + i] ^= block[i];
3621
+ }
3622
+ }
3623
+
3624
+ return CBC;
3625
+ }());
3626
+
3627
+ /**
3628
+ * Padding namespace.
3629
+ */
3630
+ var C_pad = C.pad = {};
3631
+
3632
+ /**
3633
+ * PKCS #5/7 padding strategy.
3634
+ */
3635
+ var Pkcs7 = C_pad.Pkcs7 = {
3636
+ /**
3637
+ * Pads data using the algorithm defined in PKCS #5/7.
3638
+ *
3639
+ * @param {WordArray} data The data to pad.
3640
+ * @param {number} blockSize The multiple that the data should be padded to.
3641
+ *
3642
+ * @static
3643
+ *
3644
+ * @example
3645
+ *
3646
+ * CryptoJS.pad.Pkcs7.pad(wordArray, 4);
3647
+ */
3648
+ pad: function (data, blockSize) {
3649
+ // Shortcut
3650
+ var blockSizeBytes = blockSize * 4;
3651
+
3652
+ // Count padding bytes
3653
+ var nPaddingBytes = blockSizeBytes - data.sigBytes % blockSizeBytes;
3654
+
3655
+ // Create padding word
3656
+ var paddingWord = (nPaddingBytes << 24) | (nPaddingBytes << 16) | (nPaddingBytes << 8) | nPaddingBytes;
3657
+
3658
+ // Create padding
3659
+ var paddingWords = [];
3660
+ for (var i = 0; i < nPaddingBytes; i += 4) {
3661
+ paddingWords.push(paddingWord);
3662
+ }
3663
+ var padding = WordArray.create(paddingWords, nPaddingBytes);
3664
+
3665
+ // Add padding
3666
+ data.concat(padding);
3667
+ },
3668
+
3669
+ /**
3670
+ * Unpads data that had been padded using the algorithm defined in PKCS #5/7.
3671
+ *
3672
+ * @param {WordArray} data The data to unpad.
3673
+ *
3674
+ * @static
3675
+ *
3676
+ * @example
3677
+ *
3678
+ * CryptoJS.pad.Pkcs7.unpad(wordArray);
3679
+ */
3680
+ unpad: function (data) {
3681
+ // Get number of padding bytes from last byte
3682
+ var nPaddingBytes = data.words[(data.sigBytes - 1) >>> 2] & 0xff;
3683
+
3684
+ // Remove padding
3685
+ data.sigBytes -= nPaddingBytes;
3686
+ }
3687
+ };
3688
+
3689
+ /**
3690
+ * Abstract base block cipher template.
3691
+ *
3692
+ * @property {number} blockSize The number of 32-bit words this cipher operates on. Default: 4 (128 bits)
3693
+ */
3694
+ var BlockCipher = C_lib.BlockCipher = Cipher.extend({
3695
+ /**
3696
+ * Configuration options.
3697
+ *
3698
+ * @property {Mode} mode The block mode to use. Default: CBC
3699
+ * @property {Padding} padding The padding strategy to use. Default: Pkcs7
3700
+ */
3701
+ cfg: Cipher.cfg.extend({
3702
+ mode: CBC,
3703
+ padding: Pkcs7
3704
+ }),
3705
+
3706
+ reset: function () {
3707
+ // Reset cipher
3708
+ Cipher.reset.call(this);
3709
+
3710
+ // Shortcuts
3711
+ var cfg = this.cfg;
3712
+ var iv = cfg.iv;
3713
+ var mode = cfg.mode;
3714
+
3715
+ // Reset block mode
3716
+ if (this._xformMode == this._ENC_XFORM_MODE) {
3717
+ var modeCreator = mode.createEncryptor;
3718
+ } else /* if (this._xformMode == this._DEC_XFORM_MODE) */ {
3719
+ var modeCreator = mode.createDecryptor;
3720
+ // Keep at least one block in the buffer for unpadding
3721
+ this._minBufferSize = 1;
3722
+ }
3723
+
3724
+ if (this._mode && this._mode.__creator == modeCreator) {
3725
+ this._mode.init(this, iv && iv.words);
3726
+ } else {
3727
+ this._mode = modeCreator.call(mode, this, iv && iv.words);
3728
+ this._mode.__creator = modeCreator;
3729
+ }
3730
+ },
3731
+
3732
+ _doProcessBlock: function (words, offset) {
3733
+ this._mode.processBlock(words, offset);
3734
+ },
3735
+
3736
+ _doFinalize: function () {
3737
+ // Shortcut
3738
+ var padding = this.cfg.padding;
3739
+
3740
+ // Finalize
3741
+ if (this._xformMode == this._ENC_XFORM_MODE) {
3742
+ // Pad data
3743
+ padding.pad(this._data, this.blockSize);
3744
+
3745
+ // Process final blocks
3746
+ var finalProcessedBlocks = this._process(!!'flush');
3747
+ } else /* if (this._xformMode == this._DEC_XFORM_MODE) */ {
3748
+ // Process final blocks
3749
+ var finalProcessedBlocks = this._process(!!'flush');
3750
+
3751
+ // Unpad data
3752
+ padding.unpad(finalProcessedBlocks);
3753
+ }
3754
+
3755
+ return finalProcessedBlocks;
3756
+ },
3757
+
3758
+ blockSize: 128/32
3759
+ });
3760
+
3761
+ /**
3762
+ * A collection of cipher parameters.
3763
+ *
3764
+ * @property {WordArray} ciphertext The raw ciphertext.
3765
+ * @property {WordArray} key The key to this ciphertext.
3766
+ * @property {WordArray} iv The IV used in the ciphering operation.
3767
+ * @property {WordArray} salt The salt used with a key derivation function.
3768
+ * @property {Cipher} algorithm The cipher algorithm.
3769
+ * @property {Mode} mode The block mode used in the ciphering operation.
3770
+ * @property {Padding} padding The padding scheme used in the ciphering operation.
3771
+ * @property {number} blockSize The block size of the cipher.
3772
+ * @property {Format} formatter The default formatting strategy to convert this cipher params object to a string.
3773
+ */
3774
+ var CipherParams = C_lib.CipherParams = Base.extend({
3775
+ /**
3776
+ * Initializes a newly created cipher params object.
3777
+ *
3778
+ * @param {Object} cipherParams An object with any of the possible cipher parameters.
3779
+ *
3780
+ * @example
3781
+ *
3782
+ * var cipherParams = CryptoJS.lib.CipherParams.create({
3783
+ * ciphertext: ciphertextWordArray,
3784
+ * key: keyWordArray,
3785
+ * iv: ivWordArray,
3786
+ * salt: saltWordArray,
3787
+ * algorithm: CryptoJS.algo.AES,
3788
+ * mode: CryptoJS.mode.CBC,
3789
+ * padding: CryptoJS.pad.PKCS7,
3790
+ * blockSize: 4,
3791
+ * formatter: CryptoJS.format.OpenSSL
3792
+ * });
3793
+ */
3794
+ init: function (cipherParams) {
3795
+ this.mixIn(cipherParams);
3796
+ },
3797
+
3798
+ /**
3799
+ * Converts this cipher params object to a string.
3800
+ *
3801
+ * @param {Format} formatter (Optional) The formatting strategy to use.
3802
+ *
3803
+ * @return {string} The stringified cipher params.
3804
+ *
3805
+ * @throws Error If neither the formatter nor the default formatter is set.
3806
+ *
3807
+ * @example
3808
+ *
3809
+ * var string = cipherParams + '';
3810
+ * var string = cipherParams.toString();
3811
+ * var string = cipherParams.toString(CryptoJS.format.OpenSSL);
3812
+ */
3813
+ toString: function (formatter) {
3814
+ return (formatter || this.formatter).stringify(this);
3815
+ }
3816
+ });
3817
+
3818
+ /**
3819
+ * Format namespace.
3820
+ */
3821
+ var C_format = C.format = {};
3822
+
3823
+ /**
3824
+ * OpenSSL formatting strategy.
3825
+ */
3826
+ var OpenSSLFormatter = C_format.OpenSSL = {
3827
+ /**
3828
+ * Converts a cipher params object to an OpenSSL-compatible string.
3829
+ *
3830
+ * @param {CipherParams} cipherParams The cipher params object.
3831
+ *
3832
+ * @return {string} The OpenSSL-compatible string.
3833
+ *
3834
+ * @static
3835
+ *
3836
+ * @example
3837
+ *
3838
+ * var openSSLString = CryptoJS.format.OpenSSL.stringify(cipherParams);
3839
+ */
3840
+ stringify: function (cipherParams) {
3841
+ // Shortcuts
3842
+ var ciphertext = cipherParams.ciphertext;
3843
+ var salt = cipherParams.salt;
3844
+
3845
+ // Format
3846
+ if (salt) {
3847
+ var wordArray = WordArray.create([0x53616c74, 0x65645f5f]).concat(salt).concat(ciphertext);
3848
+ } else {
3849
+ var wordArray = ciphertext;
3850
+ }
3851
+
3852
+ return wordArray.toString(Base64);
3853
+ },
3854
+
3855
+ /**
3856
+ * Converts an OpenSSL-compatible string to a cipher params object.
3857
+ *
3858
+ * @param {string} openSSLStr The OpenSSL-compatible string.
3859
+ *
3860
+ * @return {CipherParams} The cipher params object.
3861
+ *
3862
+ * @static
3863
+ *
3864
+ * @example
3865
+ *
3866
+ * var cipherParams = CryptoJS.format.OpenSSL.parse(openSSLString);
3867
+ */
3868
+ parse: function (openSSLStr) {
3869
+ // Parse base64
3870
+ var ciphertext = Base64.parse(openSSLStr);
3871
+
3872
+ // Shortcut
3873
+ var ciphertextWords = ciphertext.words;
3874
+
3875
+ // Test for salt
3876
+ if (ciphertextWords[0] == 0x53616c74 && ciphertextWords[1] == 0x65645f5f) {
3877
+ // Extract salt
3878
+ var salt = WordArray.create(ciphertextWords.slice(2, 4));
3879
+
3880
+ // Remove salt from ciphertext
3881
+ ciphertextWords.splice(0, 4);
3882
+ ciphertext.sigBytes -= 16;
3883
+ }
3884
+
3885
+ return CipherParams.create({ ciphertext: ciphertext, salt: salt });
3886
+ }
3887
+ };
3888
+
3889
+ /**
3890
+ * A cipher wrapper that returns ciphertext as a serializable cipher params object.
3891
+ */
3892
+ var SerializableCipher = C_lib.SerializableCipher = Base.extend({
3893
+ /**
3894
+ * Configuration options.
3895
+ *
3896
+ * @property {Formatter} format The formatting strategy to convert cipher param objects to and from a string. Default: OpenSSL
3897
+ */
3898
+ cfg: Base.extend({
3899
+ format: OpenSSLFormatter
3900
+ }),
3901
+
3902
+ /**
3903
+ * Encrypts a message.
3904
+ *
3905
+ * @param {Cipher} cipher The cipher algorithm to use.
3906
+ * @param {WordArray|string} message The message to encrypt.
3907
+ * @param {WordArray} key The key.
3908
+ * @param {Object} cfg (Optional) The configuration options to use for this operation.
3909
+ *
3910
+ * @return {CipherParams} A cipher params object.
3911
+ *
3912
+ * @static
3913
+ *
3914
+ * @example
3915
+ *
3916
+ * var ciphertextParams = CryptoJS.lib.SerializableCipher.encrypt(CryptoJS.algo.AES, message, key);
3917
+ * var ciphertextParams = CryptoJS.lib.SerializableCipher.encrypt(CryptoJS.algo.AES, message, key, { iv: iv });
3918
+ * var ciphertextParams = CryptoJS.lib.SerializableCipher.encrypt(CryptoJS.algo.AES, message, key, { iv: iv, format: CryptoJS.format.OpenSSL });
3919
+ */
3920
+ encrypt: function (cipher, message, key, cfg) {
3921
+ // Apply config defaults
3922
+ cfg = this.cfg.extend(cfg);
3923
+
3924
+ // Encrypt
3925
+ var encryptor = cipher.createEncryptor(key, cfg);
3926
+ var ciphertext = encryptor.finalize(message);
3927
+
3928
+ // Shortcut
3929
+ var cipherCfg = encryptor.cfg;
3930
+
3931
+ // Create and return serializable cipher params
3932
+ return CipherParams.create({
3933
+ ciphertext: ciphertext,
3934
+ key: key,
3935
+ iv: cipherCfg.iv,
3936
+ algorithm: cipher,
3937
+ mode: cipherCfg.mode,
3938
+ padding: cipherCfg.padding,
3939
+ blockSize: cipher.blockSize,
3940
+ formatter: cfg.format
3941
+ });
3942
+ },
3943
+
3944
+ /**
3945
+ * Decrypts serialized ciphertext.
3946
+ *
3947
+ * @param {Cipher} cipher The cipher algorithm to use.
3948
+ * @param {CipherParams|string} ciphertext The ciphertext to decrypt.
3949
+ * @param {WordArray} key The key.
3950
+ * @param {Object} cfg (Optional) The configuration options to use for this operation.
3951
+ *
3952
+ * @return {WordArray} The plaintext.
3953
+ *
3954
+ * @static
3955
+ *
3956
+ * @example
3957
+ *
3958
+ * var plaintext = CryptoJS.lib.SerializableCipher.decrypt(CryptoJS.algo.AES, formattedCiphertext, key, { iv: iv, format: CryptoJS.format.OpenSSL });
3959
+ * var plaintext = CryptoJS.lib.SerializableCipher.decrypt(CryptoJS.algo.AES, ciphertextParams, key, { iv: iv, format: CryptoJS.format.OpenSSL });
3960
+ */
3961
+ decrypt: function (cipher, ciphertext, key, cfg) {
3962
+ // Apply config defaults
3963
+ cfg = this.cfg.extend(cfg);
3964
+
3965
+ // Convert string to CipherParams
3966
+ ciphertext = this._parse(ciphertext, cfg.format);
3967
+
3968
+ // Decrypt
3969
+ var plaintext = cipher.createDecryptor(key, cfg).finalize(ciphertext.ciphertext);
3970
+
3971
+ return plaintext;
3972
+ },
3973
+
3974
+ /**
3975
+ * Converts serialized ciphertext to CipherParams,
3976
+ * else assumed CipherParams already and returns ciphertext unchanged.
3977
+ *
3978
+ * @param {CipherParams|string} ciphertext The ciphertext.
3979
+ * @param {Formatter} format The formatting strategy to use to parse serialized ciphertext.
3980
+ *
3981
+ * @return {CipherParams} The unserialized ciphertext.
3982
+ *
3983
+ * @static
3984
+ *
3985
+ * @example
3986
+ *
3987
+ * var ciphertextParams = CryptoJS.lib.SerializableCipher._parse(ciphertextStringOrParams, format);
3988
+ */
3989
+ _parse: function (ciphertext, format) {
3990
+ if (typeof ciphertext == 'string') {
3991
+ return format.parse(ciphertext, this);
3992
+ } else {
3993
+ return ciphertext;
3994
+ }
3995
+ }
3996
+ });
3997
+
3998
+ /**
3999
+ * Key derivation function namespace.
4000
+ */
4001
+ var C_kdf = C.kdf = {};
4002
+
4003
+ /**
4004
+ * OpenSSL key derivation function.
4005
+ */
4006
+ var OpenSSLKdf = C_kdf.OpenSSL = {
4007
+ /**
4008
+ * Derives a key and IV from a password.
4009
+ *
4010
+ * @param {string} password The password to derive from.
4011
+ * @param {number} keySize The size in words of the key to generate.
4012
+ * @param {number} ivSize The size in words of the IV to generate.
4013
+ * @param {WordArray|string} salt (Optional) A 64-bit salt to use. If omitted, a salt will be generated randomly.
4014
+ *
4015
+ * @return {CipherParams} A cipher params object with the key, IV, and salt.
4016
+ *
4017
+ * @static
4018
+ *
4019
+ * @example
4020
+ *
4021
+ * var derivedParams = CryptoJS.kdf.OpenSSL.execute('Password', 256/32, 128/32);
4022
+ * var derivedParams = CryptoJS.kdf.OpenSSL.execute('Password', 256/32, 128/32, 'saltsalt');
4023
+ */
4024
+ execute: function (password, keySize, ivSize, salt) {
4025
+ // Generate random salt
4026
+ if (!salt) {
4027
+ salt = WordArray.random(64/8);
4028
+ }
4029
+
4030
+ // Derive key and IV
4031
+ var key = EvpKDF.create({ keySize: keySize + ivSize }).compute(password, salt);
4032
+
4033
+ // Separate key and IV
4034
+ var iv = WordArray.create(key.words.slice(keySize), ivSize * 4);
4035
+ key.sigBytes = keySize * 4;
4036
+
4037
+ // Return params
4038
+ return CipherParams.create({ key: key, iv: iv, salt: salt });
4039
+ }
4040
+ };
4041
+
4042
+ /**
4043
+ * A serializable cipher wrapper that derives the key from a password,
4044
+ * and returns ciphertext as a serializable cipher params object.
4045
+ */
4046
+ var PasswordBasedCipher = C_lib.PasswordBasedCipher = SerializableCipher.extend({
4047
+ /**
4048
+ * Configuration options.
4049
+ *
4050
+ * @property {KDF} kdf The key derivation function to use to generate a key and IV from a password. Default: OpenSSL
4051
+ */
4052
+ cfg: SerializableCipher.cfg.extend({
4053
+ kdf: OpenSSLKdf
4054
+ }),
4055
+
4056
+ /**
4057
+ * Encrypts a message using a password.
4058
+ *
4059
+ * @param {Cipher} cipher The cipher algorithm to use.
4060
+ * @param {WordArray|string} message The message to encrypt.
4061
+ * @param {string} password The password.
4062
+ * @param {Object} cfg (Optional) The configuration options to use for this operation.
4063
+ *
4064
+ * @return {CipherParams} A cipher params object.
4065
+ *
4066
+ * @static
4067
+ *
4068
+ * @example
4069
+ *
4070
+ * var ciphertextParams = CryptoJS.lib.PasswordBasedCipher.encrypt(CryptoJS.algo.AES, message, 'password');
4071
+ * var ciphertextParams = CryptoJS.lib.PasswordBasedCipher.encrypt(CryptoJS.algo.AES, message, 'password', { format: CryptoJS.format.OpenSSL });
4072
+ */
4073
+ encrypt: function (cipher, message, password, cfg) {
4074
+ // Apply config defaults
4075
+ cfg = this.cfg.extend(cfg);
4076
+
4077
+ // Derive key and other params
4078
+ var derivedParams = cfg.kdf.execute(password, cipher.keySize, cipher.ivSize);
4079
+
4080
+ // Add IV to config
4081
+ cfg.iv = derivedParams.iv;
4082
+
4083
+ // Encrypt
4084
+ var ciphertext = SerializableCipher.encrypt.call(this, cipher, message, derivedParams.key, cfg);
4085
+
4086
+ // Mix in derived params
4087
+ ciphertext.mixIn(derivedParams);
4088
+
4089
+ return ciphertext;
4090
+ },
4091
+
4092
+ /**
4093
+ * Decrypts serialized ciphertext using a password.
4094
+ *
4095
+ * @param {Cipher} cipher The cipher algorithm to use.
4096
+ * @param {CipherParams|string} ciphertext The ciphertext to decrypt.
4097
+ * @param {string} password The password.
4098
+ * @param {Object} cfg (Optional) The configuration options to use for this operation.
4099
+ *
4100
+ * @return {WordArray} The plaintext.
4101
+ *
4102
+ * @static
4103
+ *
4104
+ * @example
4105
+ *
4106
+ * var plaintext = CryptoJS.lib.PasswordBasedCipher.decrypt(CryptoJS.algo.AES, formattedCiphertext, 'password', { format: CryptoJS.format.OpenSSL });
4107
+ * var plaintext = CryptoJS.lib.PasswordBasedCipher.decrypt(CryptoJS.algo.AES, ciphertextParams, 'password', { format: CryptoJS.format.OpenSSL });
4108
+ */
4109
+ decrypt: function (cipher, ciphertext, password, cfg) {
4110
+ // Apply config defaults
4111
+ cfg = this.cfg.extend(cfg);
4112
+
4113
+ // Convert string to CipherParams
4114
+ ciphertext = this._parse(ciphertext, cfg.format);
4115
+
4116
+ // Derive key and other params
4117
+ var derivedParams = cfg.kdf.execute(password, cipher.keySize, cipher.ivSize, ciphertext.salt);
4118
+
4119
+ // Add IV to config
4120
+ cfg.iv = derivedParams.iv;
4121
+
4122
+ // Decrypt
4123
+ var plaintext = SerializableCipher.decrypt.call(this, cipher, ciphertext, derivedParams.key, cfg);
4124
+
4125
+ return plaintext;
4126
+ }
4127
+ });
4128
+ }());
4129
+
4130
+
4131
+ /**
4132
+ * Cipher Feedback block mode.
4133
+ */
4134
+ CryptoJS.mode.CFB = (function () {
4135
+ var CFB = CryptoJS.lib.BlockCipherMode.extend();
4136
+
4137
+ CFB.Encryptor = CFB.extend({
4138
+ processBlock: function (words, offset) {
4139
+ // Shortcuts
4140
+ var cipher = this._cipher;
4141
+ var blockSize = cipher.blockSize;
4142
+
4143
+ generateKeystreamAndEncrypt.call(this, words, offset, blockSize, cipher);
4144
+
4145
+ // Remember this block to use with next block
4146
+ this._prevBlock = words.slice(offset, offset + blockSize);
4147
+ }
4148
+ });
4149
+
4150
+ CFB.Decryptor = CFB.extend({
4151
+ processBlock: function (words, offset) {
4152
+ // Shortcuts
4153
+ var cipher = this._cipher;
4154
+ var blockSize = cipher.blockSize;
4155
+
4156
+ // Remember this block to use with next block
4157
+ var thisBlock = words.slice(offset, offset + blockSize);
4158
+
4159
+ generateKeystreamAndEncrypt.call(this, words, offset, blockSize, cipher);
4160
+
4161
+ // This block becomes the previous block
4162
+ this._prevBlock = thisBlock;
4163
+ }
4164
+ });
4165
+
4166
+ function generateKeystreamAndEncrypt(words, offset, blockSize, cipher) {
4167
+ // Shortcut
4168
+ var iv = this._iv;
4169
+
4170
+ // Generate keystream
4171
+ if (iv) {
4172
+ var keystream = iv.slice(0);
4173
+
4174
+ // Remove IV for subsequent blocks
4175
+ this._iv = undefined;
4176
+ } else {
4177
+ var keystream = this._prevBlock;
4178
+ }
4179
+ cipher.encryptBlock(keystream, 0);
4180
+
4181
+ // Encrypt
4182
+ for (var i = 0; i < blockSize; i++) {
4183
+ words[offset + i] ^= keystream[i];
4184
+ }
4185
+ }
4186
+
4187
+ return CFB;
4188
+ }());
4189
+
4190
+
4191
+ /**
4192
+ * Electronic Codebook block mode.
4193
+ */
4194
+ CryptoJS.mode.ECB = (function () {
4195
+ var ECB = CryptoJS.lib.BlockCipherMode.extend();
4196
+
4197
+ ECB.Encryptor = ECB.extend({
4198
+ processBlock: function (words, offset) {
4199
+ this._cipher.encryptBlock(words, offset);
4200
+ }
4201
+ });
4202
+
4203
+ ECB.Decryptor = ECB.extend({
4204
+ processBlock: function (words, offset) {
4205
+ this._cipher.decryptBlock(words, offset);
4206
+ }
4207
+ });
4208
+
4209
+ return ECB;
4210
+ }());
4211
+
4212
+
4213
+ /**
4214
+ * ANSI X.923 padding strategy.
4215
+ */
4216
+ CryptoJS.pad.AnsiX923 = {
4217
+ pad: function (data, blockSize) {
4218
+ // Shortcuts
4219
+ var dataSigBytes = data.sigBytes;
4220
+ var blockSizeBytes = blockSize * 4;
4221
+
4222
+ // Count padding bytes
4223
+ var nPaddingBytes = blockSizeBytes - dataSigBytes % blockSizeBytes;
4224
+
4225
+ // Compute last byte position
4226
+ var lastBytePos = dataSigBytes + nPaddingBytes - 1;
4227
+
4228
+ // Pad
4229
+ data.clamp();
4230
+ data.words[lastBytePos >>> 2] |= nPaddingBytes << (24 - (lastBytePos % 4) * 8);
4231
+ data.sigBytes += nPaddingBytes;
4232
+ },
4233
+
4234
+ unpad: function (data) {
4235
+ // Get number of padding bytes from last byte
4236
+ var nPaddingBytes = data.words[(data.sigBytes - 1) >>> 2] & 0xff;
4237
+
4238
+ // Remove padding
4239
+ data.sigBytes -= nPaddingBytes;
4240
+ }
4241
+ };
4242
+
4243
+
4244
+ /**
4245
+ * ISO 10126 padding strategy.
4246
+ */
4247
+ CryptoJS.pad.Iso10126 = {
4248
+ pad: function (data, blockSize) {
4249
+ // Shortcut
4250
+ var blockSizeBytes = blockSize * 4;
4251
+
4252
+ // Count padding bytes
4253
+ var nPaddingBytes = blockSizeBytes - data.sigBytes % blockSizeBytes;
4254
+
4255
+ // Pad
4256
+ data.concat(CryptoJS.lib.WordArray.random(nPaddingBytes - 1)).
4257
+ concat(CryptoJS.lib.WordArray.create([nPaddingBytes << 24], 1));
4258
+ },
4259
+
4260
+ unpad: function (data) {
4261
+ // Get number of padding bytes from last byte
4262
+ var nPaddingBytes = data.words[(data.sigBytes - 1) >>> 2] & 0xff;
4263
+
4264
+ // Remove padding
4265
+ data.sigBytes -= nPaddingBytes;
4266
+ }
4267
+ };
4268
+
4269
+
4270
+ /**
4271
+ * ISO/IEC 9797-1 Padding Method 2.
4272
+ */
4273
+ CryptoJS.pad.Iso97971 = {
4274
+ pad: function (data, blockSize) {
4275
+ // Add 0x80 byte
4276
+ data.concat(CryptoJS.lib.WordArray.create([0x80000000], 1));
4277
+
4278
+ // Zero pad the rest
4279
+ CryptoJS.pad.ZeroPadding.pad(data, blockSize);
4280
+ },
4281
+
4282
+ unpad: function (data) {
4283
+ // Remove zero padding
4284
+ CryptoJS.pad.ZeroPadding.unpad(data);
4285
+
4286
+ // Remove one more byte -- the 0x80 byte
4287
+ data.sigBytes--;
4288
+ }
4289
+ };
4290
+
4291
+
4292
+ /**
4293
+ * Output Feedback block mode.
4294
+ */
4295
+ CryptoJS.mode.OFB = (function () {
4296
+ var OFB = CryptoJS.lib.BlockCipherMode.extend();
4297
+
4298
+ var Encryptor = OFB.Encryptor = OFB.extend({
4299
+ processBlock: function (words, offset) {
4300
+ // Shortcuts
4301
+ var cipher = this._cipher
4302
+ var blockSize = cipher.blockSize;
4303
+ var iv = this._iv;
4304
+ var keystream = this._keystream;
4305
+
4306
+ // Generate keystream
4307
+ if (iv) {
4308
+ keystream = this._keystream = iv.slice(0);
4309
+
4310
+ // Remove IV for subsequent blocks
4311
+ this._iv = undefined;
4312
+ }
4313
+ cipher.encryptBlock(keystream, 0);
4314
+
4315
+ // Encrypt
4316
+ for (var i = 0; i < blockSize; i++) {
4317
+ words[offset + i] ^= keystream[i];
4318
+ }
4319
+ }
4320
+ });
4321
+
4322
+ OFB.Decryptor = Encryptor;
4323
+
4324
+ return OFB;
4325
+ }());
4326
+
4327
+
4328
+ /**
4329
+ * A noop padding strategy.
4330
+ */
4331
+ CryptoJS.pad.NoPadding = {
4332
+ pad: function () {
4333
+ },
4334
+
4335
+ unpad: function () {
4336
+ }
4337
+ };
4338
+
4339
+
4340
+ (function (undefined) {
4341
+ // Shortcuts
4342
+ var C = CryptoJS;
4343
+ var C_lib = C.lib;
4344
+ var CipherParams = C_lib.CipherParams;
4345
+ var C_enc = C.enc;
4346
+ var Hex = C_enc.Hex;
4347
+ var C_format = C.format;
4348
+
4349
+ var HexFormatter = C_format.Hex = {
4350
+ /**
4351
+ * Converts the ciphertext of a cipher params object to a hexadecimally encoded string.
4352
+ *
4353
+ * @param {CipherParams} cipherParams The cipher params object.
4354
+ *
4355
+ * @return {string} The hexadecimally encoded string.
4356
+ *
4357
+ * @static
4358
+ *
4359
+ * @example
4360
+ *
4361
+ * var hexString = CryptoJS.format.Hex.stringify(cipherParams);
4362
+ */
4363
+ stringify: function (cipherParams) {
4364
+ return cipherParams.ciphertext.toString(Hex);
4365
+ },
4366
+
4367
+ /**
4368
+ * Converts a hexadecimally encoded ciphertext string to a cipher params object.
4369
+ *
4370
+ * @param {string} input The hexadecimally encoded string.
4371
+ *
4372
+ * @return {CipherParams} The cipher params object.
4373
+ *
4374
+ * @static
4375
+ *
4376
+ * @example
4377
+ *
4378
+ * var cipherParams = CryptoJS.format.Hex.parse(hexString);
4379
+ */
4380
+ parse: function (input) {
4381
+ var ciphertext = Hex.parse(input);
4382
+ return CipherParams.create({ ciphertext: ciphertext });
4383
+ }
4384
+ };
4385
+ }());
4386
+
4387
+
4388
+ (function () {
4389
+ // Shortcuts
4390
+ var C = CryptoJS;
4391
+ var C_lib = C.lib;
4392
+ var BlockCipher = C_lib.BlockCipher;
4393
+ var C_algo = C.algo;
4394
+
4395
+ // Lookup tables
4396
+ var SBOX = [];
4397
+ var INV_SBOX = [];
4398
+ var SUB_MIX_0 = [];
4399
+ var SUB_MIX_1 = [];
4400
+ var SUB_MIX_2 = [];
4401
+ var SUB_MIX_3 = [];
4402
+ var INV_SUB_MIX_0 = [];
4403
+ var INV_SUB_MIX_1 = [];
4404
+ var INV_SUB_MIX_2 = [];
4405
+ var INV_SUB_MIX_3 = [];
4406
+
4407
+ // Compute lookup tables
4408
+ (function () {
4409
+ // Compute double table
4410
+ var d = [];
4411
+ for (var i = 0; i < 256; i++) {
4412
+ if (i < 128) {
4413
+ d[i] = i << 1;
4414
+ } else {
4415
+ d[i] = (i << 1) ^ 0x11b;
4416
+ }
4417
+ }
4418
+
4419
+ // Walk GF(2^8)
4420
+ var x = 0;
4421
+ var xi = 0;
4422
+ for (var i = 0; i < 256; i++) {
4423
+ // Compute sbox
4424
+ var sx = xi ^ (xi << 1) ^ (xi << 2) ^ (xi << 3) ^ (xi << 4);
4425
+ sx = (sx >>> 8) ^ (sx & 0xff) ^ 0x63;
4426
+ SBOX[x] = sx;
4427
+ INV_SBOX[sx] = x;
4428
+
4429
+ // Compute multiplication
4430
+ var x2 = d[x];
4431
+ var x4 = d[x2];
4432
+ var x8 = d[x4];
4433
+
4434
+ // Compute sub bytes, mix columns tables
4435
+ var t = (d[sx] * 0x101) ^ (sx * 0x1010100);
4436
+ SUB_MIX_0[x] = (t << 24) | (t >>> 8);
4437
+ SUB_MIX_1[x] = (t << 16) | (t >>> 16);
4438
+ SUB_MIX_2[x] = (t << 8) | (t >>> 24);
4439
+ SUB_MIX_3[x] = t;
4440
+
4441
+ // Compute inv sub bytes, inv mix columns tables
4442
+ var t = (x8 * 0x1010101) ^ (x4 * 0x10001) ^ (x2 * 0x101) ^ (x * 0x1010100);
4443
+ INV_SUB_MIX_0[sx] = (t << 24) | (t >>> 8);
4444
+ INV_SUB_MIX_1[sx] = (t << 16) | (t >>> 16);
4445
+ INV_SUB_MIX_2[sx] = (t << 8) | (t >>> 24);
4446
+ INV_SUB_MIX_3[sx] = t;
4447
+
4448
+ // Compute next counter
4449
+ if (!x) {
4450
+ x = xi = 1;
4451
+ } else {
4452
+ x = x2 ^ d[d[d[x8 ^ x2]]];
4453
+ xi ^= d[d[xi]];
4454
+ }
4455
+ }
4456
+ }());
4457
+
4458
+ // Precomputed Rcon lookup
4459
+ var RCON = [0x00, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36];
4460
+
4461
+ /**
4462
+ * AES block cipher algorithm.
4463
+ */
4464
+ var AES = C_algo.AES = BlockCipher.extend({
4465
+ _doReset: function () {
4466
+ // Skip reset of nRounds has been set before and key did not change
4467
+ if (this._nRounds && this._keyPriorReset === this._key) {
4468
+ return;
4469
+ }
4470
+
4471
+ // Shortcuts
4472
+ var key = this._keyPriorReset = this._key;
4473
+ var keyWords = key.words;
4474
+ var keySize = key.sigBytes / 4;
4475
+
4476
+ // Compute number of rounds
4477
+ var nRounds = this._nRounds = keySize + 6;
4478
+
4479
+ // Compute number of key schedule rows
4480
+ var ksRows = (nRounds + 1) * 4;
4481
+
4482
+ // Compute key schedule
4483
+ var keySchedule = this._keySchedule = [];
4484
+ for (var ksRow = 0; ksRow < ksRows; ksRow++) {
4485
+ if (ksRow < keySize) {
4486
+ keySchedule[ksRow] = keyWords[ksRow];
4487
+ } else {
4488
+ var t = keySchedule[ksRow - 1];
4489
+
4490
+ if (!(ksRow % keySize)) {
4491
+ // Rot word
4492
+ t = (t << 8) | (t >>> 24);
4493
+
4494
+ // Sub word
4495
+ t = (SBOX[t >>> 24] << 24) | (SBOX[(t >>> 16) & 0xff] << 16) | (SBOX[(t >>> 8) & 0xff] << 8) | SBOX[t & 0xff];
4496
+
4497
+ // Mix Rcon
4498
+ t ^= RCON[(ksRow / keySize) | 0] << 24;
4499
+ } else if (keySize > 6 && ksRow % keySize == 4) {
4500
+ // Sub word
4501
+ t = (SBOX[t >>> 24] << 24) | (SBOX[(t >>> 16) & 0xff] << 16) | (SBOX[(t >>> 8) & 0xff] << 8) | SBOX[t & 0xff];
4502
+ }
4503
+
4504
+ keySchedule[ksRow] = keySchedule[ksRow - keySize] ^ t;
4505
+ }
4506
+ }
4507
+
4508
+ // Compute inv key schedule
4509
+ var invKeySchedule = this._invKeySchedule = [];
4510
+ for (var invKsRow = 0; invKsRow < ksRows; invKsRow++) {
4511
+ var ksRow = ksRows - invKsRow;
4512
+
4513
+ if (invKsRow % 4) {
4514
+ var t = keySchedule[ksRow];
4515
+ } else {
4516
+ var t = keySchedule[ksRow - 4];
4517
+ }
4518
+
4519
+ if (invKsRow < 4 || ksRow <= 4) {
4520
+ invKeySchedule[invKsRow] = t;
4521
+ } else {
4522
+ invKeySchedule[invKsRow] = INV_SUB_MIX_0[SBOX[t >>> 24]] ^ INV_SUB_MIX_1[SBOX[(t >>> 16) & 0xff]] ^
4523
+ INV_SUB_MIX_2[SBOX[(t >>> 8) & 0xff]] ^ INV_SUB_MIX_3[SBOX[t & 0xff]];
4524
+ }
4525
+ }
4526
+ },
4527
+
4528
+ encryptBlock: function (M, offset) {
4529
+ this._doCryptBlock(M, offset, this._keySchedule, SUB_MIX_0, SUB_MIX_1, SUB_MIX_2, SUB_MIX_3, SBOX);
4530
+ },
4531
+
4532
+ decryptBlock: function (M, offset) {
4533
+ // Swap 2nd and 4th rows
4534
+ var t = M[offset + 1];
4535
+ M[offset + 1] = M[offset + 3];
4536
+ M[offset + 3] = t;
4537
+
4538
+ this._doCryptBlock(M, offset, this._invKeySchedule, INV_SUB_MIX_0, INV_SUB_MIX_1, INV_SUB_MIX_2, INV_SUB_MIX_3, INV_SBOX);
4539
+
4540
+ // Inv swap 2nd and 4th rows
4541
+ var t = M[offset + 1];
4542
+ M[offset + 1] = M[offset + 3];
4543
+ M[offset + 3] = t;
4544
+ },
4545
+
4546
+ _doCryptBlock: function (M, offset, keySchedule, SUB_MIX_0, SUB_MIX_1, SUB_MIX_2, SUB_MIX_3, SBOX) {
4547
+ // Shortcut
4548
+ var nRounds = this._nRounds;
4549
+
4550
+ // Get input, add round key
4551
+ var s0 = M[offset] ^ keySchedule[0];
4552
+ var s1 = M[offset + 1] ^ keySchedule[1];
4553
+ var s2 = M[offset + 2] ^ keySchedule[2];
4554
+ var s3 = M[offset + 3] ^ keySchedule[3];
4555
+
4556
+ // Key schedule row counter
4557
+ var ksRow = 4;
4558
+
4559
+ // Rounds
4560
+ for (var round = 1; round < nRounds; round++) {
4561
+ // Shift rows, sub bytes, mix columns, add round key
4562
+ var t0 = SUB_MIX_0[s0 >>> 24] ^ SUB_MIX_1[(s1 >>> 16) & 0xff] ^ SUB_MIX_2[(s2 >>> 8) & 0xff] ^ SUB_MIX_3[s3 & 0xff] ^ keySchedule[ksRow++];
4563
+ var t1 = SUB_MIX_0[s1 >>> 24] ^ SUB_MIX_1[(s2 >>> 16) & 0xff] ^ SUB_MIX_2[(s3 >>> 8) & 0xff] ^ SUB_MIX_3[s0 & 0xff] ^ keySchedule[ksRow++];
4564
+ var t2 = SUB_MIX_0[s2 >>> 24] ^ SUB_MIX_1[(s3 >>> 16) & 0xff] ^ SUB_MIX_2[(s0 >>> 8) & 0xff] ^ SUB_MIX_3[s1 & 0xff] ^ keySchedule[ksRow++];
4565
+ var t3 = SUB_MIX_0[s3 >>> 24] ^ SUB_MIX_1[(s0 >>> 16) & 0xff] ^ SUB_MIX_2[(s1 >>> 8) & 0xff] ^ SUB_MIX_3[s2 & 0xff] ^ keySchedule[ksRow++];
4566
+
4567
+ // Update state
4568
+ s0 = t0;
4569
+ s1 = t1;
4570
+ s2 = t2;
4571
+ s3 = t3;
4572
+ }
4573
+
4574
+ // Shift rows, sub bytes, add round key
4575
+ var t0 = ((SBOX[s0 >>> 24] << 24) | (SBOX[(s1 >>> 16) & 0xff] << 16) | (SBOX[(s2 >>> 8) & 0xff] << 8) | SBOX[s3 & 0xff]) ^ keySchedule[ksRow++];
4576
+ var t1 = ((SBOX[s1 >>> 24] << 24) | (SBOX[(s2 >>> 16) & 0xff] << 16) | (SBOX[(s3 >>> 8) & 0xff] << 8) | SBOX[s0 & 0xff]) ^ keySchedule[ksRow++];
4577
+ var t2 = ((SBOX[s2 >>> 24] << 24) | (SBOX[(s3 >>> 16) & 0xff] << 16) | (SBOX[(s0 >>> 8) & 0xff] << 8) | SBOX[s1 & 0xff]) ^ keySchedule[ksRow++];
4578
+ var t3 = ((SBOX[s3 >>> 24] << 24) | (SBOX[(s0 >>> 16) & 0xff] << 16) | (SBOX[(s1 >>> 8) & 0xff] << 8) | SBOX[s2 & 0xff]) ^ keySchedule[ksRow++];
4579
+
4580
+ // Set output
4581
+ M[offset] = t0;
4582
+ M[offset + 1] = t1;
4583
+ M[offset + 2] = t2;
4584
+ M[offset + 3] = t3;
4585
+ },
4586
+
4587
+ keySize: 256/32
4588
+ });
4589
+
4590
+ /**
4591
+ * Shortcut functions to the cipher's object interface.
4592
+ *
4593
+ * @example
4594
+ *
4595
+ * var ciphertext = CryptoJS.AES.encrypt(message, key, cfg);
4596
+ * var plaintext = CryptoJS.AES.decrypt(ciphertext, key, cfg);
4597
+ */
4598
+ C.AES = BlockCipher._createHelper(AES);
4599
+ }());
4600
+
4601
+
4602
+ (function () {
4603
+ // Shortcuts
4604
+ var C = CryptoJS;
4605
+ var C_lib = C.lib;
4606
+ var WordArray = C_lib.WordArray;
4607
+ var BlockCipher = C_lib.BlockCipher;
4608
+ var C_algo = C.algo;
4609
+
4610
+ // Permuted Choice 1 constants
4611
+ var PC1 = [
4612
+ 57, 49, 41, 33, 25, 17, 9, 1,
4613
+ 58, 50, 42, 34, 26, 18, 10, 2,
4614
+ 59, 51, 43, 35, 27, 19, 11, 3,
4615
+ 60, 52, 44, 36, 63, 55, 47, 39,
4616
+ 31, 23, 15, 7, 62, 54, 46, 38,
4617
+ 30, 22, 14, 6, 61, 53, 45, 37,
4618
+ 29, 21, 13, 5, 28, 20, 12, 4
4619
+ ];
4620
+
4621
+ // Permuted Choice 2 constants
4622
+ var PC2 = [
4623
+ 14, 17, 11, 24, 1, 5,
4624
+ 3, 28, 15, 6, 21, 10,
4625
+ 23, 19, 12, 4, 26, 8,
4626
+ 16, 7, 27, 20, 13, 2,
4627
+ 41, 52, 31, 37, 47, 55,
4628
+ 30, 40, 51, 45, 33, 48,
4629
+ 44, 49, 39, 56, 34, 53,
4630
+ 46, 42, 50, 36, 29, 32
4631
+ ];
4632
+
4633
+ // Cumulative bit shift constants
4634
+ var BIT_SHIFTS = [1, 2, 4, 6, 8, 10, 12, 14, 15, 17, 19, 21, 23, 25, 27, 28];
4635
+
4636
+ // SBOXes and round permutation constants
4637
+ var SBOX_P = [
4638
+ {
4639
+ 0x0: 0x808200,
4640
+ 0x10000000: 0x8000,
4641
+ 0x20000000: 0x808002,
4642
+ 0x30000000: 0x2,
4643
+ 0x40000000: 0x200,
4644
+ 0x50000000: 0x808202,
4645
+ 0x60000000: 0x800202,
4646
+ 0x70000000: 0x800000,
4647
+ 0x80000000: 0x202,
4648
+ 0x90000000: 0x800200,
4649
+ 0xa0000000: 0x8200,
4650
+ 0xb0000000: 0x808000,
4651
+ 0xc0000000: 0x8002,
4652
+ 0xd0000000: 0x800002,
4653
+ 0xe0000000: 0x0,
4654
+ 0xf0000000: 0x8202,
4655
+ 0x8000000: 0x0,
4656
+ 0x18000000: 0x808202,
4657
+ 0x28000000: 0x8202,
4658
+ 0x38000000: 0x8000,
4659
+ 0x48000000: 0x808200,
4660
+ 0x58000000: 0x200,
4661
+ 0x68000000: 0x808002,
4662
+ 0x78000000: 0x2,
4663
+ 0x88000000: 0x800200,
4664
+ 0x98000000: 0x8200,
4665
+ 0xa8000000: 0x808000,
4666
+ 0xb8000000: 0x800202,
4667
+ 0xc8000000: 0x800002,
4668
+ 0xd8000000: 0x8002,
4669
+ 0xe8000000: 0x202,
4670
+ 0xf8000000: 0x800000,
4671
+ 0x1: 0x8000,
4672
+ 0x10000001: 0x2,
4673
+ 0x20000001: 0x808200,
4674
+ 0x30000001: 0x800000,
4675
+ 0x40000001: 0x808002,
4676
+ 0x50000001: 0x8200,
4677
+ 0x60000001: 0x200,
4678
+ 0x70000001: 0x800202,
4679
+ 0x80000001: 0x808202,
4680
+ 0x90000001: 0x808000,
4681
+ 0xa0000001: 0x800002,
4682
+ 0xb0000001: 0x8202,
4683
+ 0xc0000001: 0x202,
4684
+ 0xd0000001: 0x800200,
4685
+ 0xe0000001: 0x8002,
4686
+ 0xf0000001: 0x0,
4687
+ 0x8000001: 0x808202,
4688
+ 0x18000001: 0x808000,
4689
+ 0x28000001: 0x800000,
4690
+ 0x38000001: 0x200,
4691
+ 0x48000001: 0x8000,
4692
+ 0x58000001: 0x800002,
4693
+ 0x68000001: 0x2,
4694
+ 0x78000001: 0x8202,
4695
+ 0x88000001: 0x8002,
4696
+ 0x98000001: 0x800202,
4697
+ 0xa8000001: 0x202,
4698
+ 0xb8000001: 0x808200,
4699
+ 0xc8000001: 0x800200,
4700
+ 0xd8000001: 0x0,
4701
+ 0xe8000001: 0x8200,
4702
+ 0xf8000001: 0x808002
4703
+ },
4704
+ {
4705
+ 0x0: 0x40084010,
4706
+ 0x1000000: 0x4000,
4707
+ 0x2000000: 0x80000,
4708
+ 0x3000000: 0x40080010,
4709
+ 0x4000000: 0x40000010,
4710
+ 0x5000000: 0x40084000,
4711
+ 0x6000000: 0x40004000,
4712
+ 0x7000000: 0x10,
4713
+ 0x8000000: 0x84000,
4714
+ 0x9000000: 0x40004010,
4715
+ 0xa000000: 0x40000000,
4716
+ 0xb000000: 0x84010,
4717
+ 0xc000000: 0x80010,
4718
+ 0xd000000: 0x0,
4719
+ 0xe000000: 0x4010,
4720
+ 0xf000000: 0x40080000,
4721
+ 0x800000: 0x40004000,
4722
+ 0x1800000: 0x84010,
4723
+ 0x2800000: 0x10,
4724
+ 0x3800000: 0x40004010,
4725
+ 0x4800000: 0x40084010,
4726
+ 0x5800000: 0x40000000,
4727
+ 0x6800000: 0x80000,
4728
+ 0x7800000: 0x40080010,
4729
+ 0x8800000: 0x80010,
4730
+ 0x9800000: 0x0,
4731
+ 0xa800000: 0x4000,
4732
+ 0xb800000: 0x40080000,
4733
+ 0xc800000: 0x40000010,
4734
+ 0xd800000: 0x84000,
4735
+ 0xe800000: 0x40084000,
4736
+ 0xf800000: 0x4010,
4737
+ 0x10000000: 0x0,
4738
+ 0x11000000: 0x40080010,
4739
+ 0x12000000: 0x40004010,
4740
+ 0x13000000: 0x40084000,
4741
+ 0x14000000: 0x40080000,
4742
+ 0x15000000: 0x10,
4743
+ 0x16000000: 0x84010,
4744
+ 0x17000000: 0x4000,
4745
+ 0x18000000: 0x4010,
4746
+ 0x19000000: 0x80000,
4747
+ 0x1a000000: 0x80010,
4748
+ 0x1b000000: 0x40000010,
4749
+ 0x1c000000: 0x84000,
4750
+ 0x1d000000: 0x40004000,
4751
+ 0x1e000000: 0x40000000,
4752
+ 0x1f000000: 0x40084010,
4753
+ 0x10800000: 0x84010,
4754
+ 0x11800000: 0x80000,
4755
+ 0x12800000: 0x40080000,
4756
+ 0x13800000: 0x4000,
4757
+ 0x14800000: 0x40004000,
4758
+ 0x15800000: 0x40084010,
4759
+ 0x16800000: 0x10,
4760
+ 0x17800000: 0x40000000,
4761
+ 0x18800000: 0x40084000,
4762
+ 0x19800000: 0x40000010,
4763
+ 0x1a800000: 0x40004010,
4764
+ 0x1b800000: 0x80010,
4765
+ 0x1c800000: 0x0,
4766
+ 0x1d800000: 0x4010,
4767
+ 0x1e800000: 0x40080010,
4768
+ 0x1f800000: 0x84000
4769
+ },
4770
+ {
4771
+ 0x0: 0x104,
4772
+ 0x100000: 0x0,
4773
+ 0x200000: 0x4000100,
4774
+ 0x300000: 0x10104,
4775
+ 0x400000: 0x10004,
4776
+ 0x500000: 0x4000004,
4777
+ 0x600000: 0x4010104,
4778
+ 0x700000: 0x4010000,
4779
+ 0x800000: 0x4000000,
4780
+ 0x900000: 0x4010100,
4781
+ 0xa00000: 0x10100,
4782
+ 0xb00000: 0x4010004,
4783
+ 0xc00000: 0x4000104,
4784
+ 0xd00000: 0x10000,
4785
+ 0xe00000: 0x4,
4786
+ 0xf00000: 0x100,
4787
+ 0x80000: 0x4010100,
4788
+ 0x180000: 0x4010004,
4789
+ 0x280000: 0x0,
4790
+ 0x380000: 0x4000100,
4791
+ 0x480000: 0x4000004,
4792
+ 0x580000: 0x10000,
4793
+ 0x680000: 0x10004,
4794
+ 0x780000: 0x104,
4795
+ 0x880000: 0x4,
4796
+ 0x980000: 0x100,
4797
+ 0xa80000: 0x4010000,
4798
+ 0xb80000: 0x10104,
4799
+ 0xc80000: 0x10100,
4800
+ 0xd80000: 0x4000104,
4801
+ 0xe80000: 0x4010104,
4802
+ 0xf80000: 0x4000000,
4803
+ 0x1000000: 0x4010100,
4804
+ 0x1100000: 0x10004,
4805
+ 0x1200000: 0x10000,
4806
+ 0x1300000: 0x4000100,
4807
+ 0x1400000: 0x100,
4808
+ 0x1500000: 0x4010104,
4809
+ 0x1600000: 0x4000004,
4810
+ 0x1700000: 0x0,
4811
+ 0x1800000: 0x4000104,
4812
+ 0x1900000: 0x4000000,
4813
+ 0x1a00000: 0x4,
4814
+ 0x1b00000: 0x10100,
4815
+ 0x1c00000: 0x4010000,
4816
+ 0x1d00000: 0x104,
4817
+ 0x1e00000: 0x10104,
4818
+ 0x1f00000: 0x4010004,
4819
+ 0x1080000: 0x4000000,
4820
+ 0x1180000: 0x104,
4821
+ 0x1280000: 0x4010100,
4822
+ 0x1380000: 0x0,
4823
+ 0x1480000: 0x10004,
4824
+ 0x1580000: 0x4000100,
4825
+ 0x1680000: 0x100,
4826
+ 0x1780000: 0x4010004,
4827
+ 0x1880000: 0x10000,
4828
+ 0x1980000: 0x4010104,
4829
+ 0x1a80000: 0x10104,
4830
+ 0x1b80000: 0x4000004,
4831
+ 0x1c80000: 0x4000104,
4832
+ 0x1d80000: 0x4010000,
4833
+ 0x1e80000: 0x4,
4834
+ 0x1f80000: 0x10100
4835
+ },
4836
+ {
4837
+ 0x0: 0x80401000,
4838
+ 0x10000: 0x80001040,
4839
+ 0x20000: 0x401040,
4840
+ 0x30000: 0x80400000,
4841
+ 0x40000: 0x0,
4842
+ 0x50000: 0x401000,
4843
+ 0x60000: 0x80000040,
4844
+ 0x70000: 0x400040,
4845
+ 0x80000: 0x80000000,
4846
+ 0x90000: 0x400000,
4847
+ 0xa0000: 0x40,
4848
+ 0xb0000: 0x80001000,
4849
+ 0xc0000: 0x80400040,
4850
+ 0xd0000: 0x1040,
4851
+ 0xe0000: 0x1000,
4852
+ 0xf0000: 0x80401040,
4853
+ 0x8000: 0x80001040,
4854
+ 0x18000: 0x40,
4855
+ 0x28000: 0x80400040,
4856
+ 0x38000: 0x80001000,
4857
+ 0x48000: 0x401000,
4858
+ 0x58000: 0x80401040,
4859
+ 0x68000: 0x0,
4860
+ 0x78000: 0x80400000,
4861
+ 0x88000: 0x1000,
4862
+ 0x98000: 0x80401000,
4863
+ 0xa8000: 0x400000,
4864
+ 0xb8000: 0x1040,
4865
+ 0xc8000: 0x80000000,
4866
+ 0xd8000: 0x400040,
4867
+ 0xe8000: 0x401040,
4868
+ 0xf8000: 0x80000040,
4869
+ 0x100000: 0x400040,
4870
+ 0x110000: 0x401000,
4871
+ 0x120000: 0x80000040,
4872
+ 0x130000: 0x0,
4873
+ 0x140000: 0x1040,
4874
+ 0x150000: 0x80400040,
4875
+ 0x160000: 0x80401000,
4876
+ 0x170000: 0x80001040,
4877
+ 0x180000: 0x80401040,
4878
+ 0x190000: 0x80000000,
4879
+ 0x1a0000: 0x80400000,
4880
+ 0x1b0000: 0x401040,
4881
+ 0x1c0000: 0x80001000,
4882
+ 0x1d0000: 0x400000,
4883
+ 0x1e0000: 0x40,
4884
+ 0x1f0000: 0x1000,
4885
+ 0x108000: 0x80400000,
4886
+ 0x118000: 0x80401040,
4887
+ 0x128000: 0x0,
4888
+ 0x138000: 0x401000,
4889
+ 0x148000: 0x400040,
4890
+ 0x158000: 0x80000000,
4891
+ 0x168000: 0x80001040,
4892
+ 0x178000: 0x40,
4893
+ 0x188000: 0x80000040,
4894
+ 0x198000: 0x1000,
4895
+ 0x1a8000: 0x80001000,
4896
+ 0x1b8000: 0x80400040,
4897
+ 0x1c8000: 0x1040,
4898
+ 0x1d8000: 0x80401000,
4899
+ 0x1e8000: 0x400000,
4900
+ 0x1f8000: 0x401040
4901
+ },
4902
+ {
4903
+ 0x0: 0x80,
4904
+ 0x1000: 0x1040000,
4905
+ 0x2000: 0x40000,
4906
+ 0x3000: 0x20000000,
4907
+ 0x4000: 0x20040080,
4908
+ 0x5000: 0x1000080,
4909
+ 0x6000: 0x21000080,
4910
+ 0x7000: 0x40080,
4911
+ 0x8000: 0x1000000,
4912
+ 0x9000: 0x20040000,
4913
+ 0xa000: 0x20000080,
4914
+ 0xb000: 0x21040080,
4915
+ 0xc000: 0x21040000,
4916
+ 0xd000: 0x0,
4917
+ 0xe000: 0x1040080,
4918
+ 0xf000: 0x21000000,
4919
+ 0x800: 0x1040080,
4920
+ 0x1800: 0x21000080,
4921
+ 0x2800: 0x80,
4922
+ 0x3800: 0x1040000,
4923
+ 0x4800: 0x40000,
4924
+ 0x5800: 0x20040080,
4925
+ 0x6800: 0x21040000,
4926
+ 0x7800: 0x20000000,
4927
+ 0x8800: 0x20040000,
4928
+ 0x9800: 0x0,
4929
+ 0xa800: 0x21040080,
4930
+ 0xb800: 0x1000080,
4931
+ 0xc800: 0x20000080,
4932
+ 0xd800: 0x21000000,
4933
+ 0xe800: 0x1000000,
4934
+ 0xf800: 0x40080,
4935
+ 0x10000: 0x40000,
4936
+ 0x11000: 0x80,
4937
+ 0x12000: 0x20000000,
4938
+ 0x13000: 0x21000080,
4939
+ 0x14000: 0x1000080,
4940
+ 0x15000: 0x21040000,
4941
+ 0x16000: 0x20040080,
4942
+ 0x17000: 0x1000000,
4943
+ 0x18000: 0x21040080,
4944
+ 0x19000: 0x21000000,
4945
+ 0x1a000: 0x1040000,
4946
+ 0x1b000: 0x20040000,
4947
+ 0x1c000: 0x40080,
4948
+ 0x1d000: 0x20000080,
4949
+ 0x1e000: 0x0,
4950
+ 0x1f000: 0x1040080,
4951
+ 0x10800: 0x21000080,
4952
+ 0x11800: 0x1000000,
4953
+ 0x12800: 0x1040000,
4954
+ 0x13800: 0x20040080,
4955
+ 0x14800: 0x20000000,
4956
+ 0x15800: 0x1040080,
4957
+ 0x16800: 0x80,
4958
+ 0x17800: 0x21040000,
4959
+ 0x18800: 0x40080,
4960
+ 0x19800: 0x21040080,
4961
+ 0x1a800: 0x0,
4962
+ 0x1b800: 0x21000000,
4963
+ 0x1c800: 0x1000080,
4964
+ 0x1d800: 0x40000,
4965
+ 0x1e800: 0x20040000,
4966
+ 0x1f800: 0x20000080
4967
+ },
4968
+ {
4969
+ 0x0: 0x10000008,
4970
+ 0x100: 0x2000,
4971
+ 0x200: 0x10200000,
4972
+ 0x300: 0x10202008,
4973
+ 0x400: 0x10002000,
4974
+ 0x500: 0x200000,
4975
+ 0x600: 0x200008,
4976
+ 0x700: 0x10000000,
4977
+ 0x800: 0x0,
4978
+ 0x900: 0x10002008,
4979
+ 0xa00: 0x202000,
4980
+ 0xb00: 0x8,
4981
+ 0xc00: 0x10200008,
4982
+ 0xd00: 0x202008,
4983
+ 0xe00: 0x2008,
4984
+ 0xf00: 0x10202000,
4985
+ 0x80: 0x10200000,
4986
+ 0x180: 0x10202008,
4987
+ 0x280: 0x8,
4988
+ 0x380: 0x200000,
4989
+ 0x480: 0x202008,
4990
+ 0x580: 0x10000008,
4991
+ 0x680: 0x10002000,
4992
+ 0x780: 0x2008,
4993
+ 0x880: 0x200008,
4994
+ 0x980: 0x2000,
4995
+ 0xa80: 0x10002008,
4996
+ 0xb80: 0x10200008,
4997
+ 0xc80: 0x0,
4998
+ 0xd80: 0x10202000,
4999
+ 0xe80: 0x202000,
5000
+ 0xf80: 0x10000000,
5001
+ 0x1000: 0x10002000,
5002
+ 0x1100: 0x10200008,
5003
+ 0x1200: 0x10202008,
5004
+ 0x1300: 0x2008,
5005
+ 0x1400: 0x200000,
5006
+ 0x1500: 0x10000000,
5007
+ 0x1600: 0x10000008,
5008
+ 0x1700: 0x202000,
5009
+ 0x1800: 0x202008,
5010
+ 0x1900: 0x0,
5011
+ 0x1a00: 0x8,
5012
+ 0x1b00: 0x10200000,
5013
+ 0x1c00: 0x2000,
5014
+ 0x1d00: 0x10002008,
5015
+ 0x1e00: 0x10202000,
5016
+ 0x1f00: 0x200008,
5017
+ 0x1080: 0x8,
5018
+ 0x1180: 0x202000,
5019
+ 0x1280: 0x200000,
5020
+ 0x1380: 0x10000008,
5021
+ 0x1480: 0x10002000,
5022
+ 0x1580: 0x2008,
5023
+ 0x1680: 0x10202008,
5024
+ 0x1780: 0x10200000,
5025
+ 0x1880: 0x10202000,
5026
+ 0x1980: 0x10200008,
5027
+ 0x1a80: 0x2000,
5028
+ 0x1b80: 0x202008,
5029
+ 0x1c80: 0x200008,
5030
+ 0x1d80: 0x0,
5031
+ 0x1e80: 0x10000000,
5032
+ 0x1f80: 0x10002008
5033
+ },
5034
+ {
5035
+ 0x0: 0x100000,
5036
+ 0x10: 0x2000401,
5037
+ 0x20: 0x400,
5038
+ 0x30: 0x100401,
5039
+ 0x40: 0x2100401,
5040
+ 0x50: 0x0,
5041
+ 0x60: 0x1,
5042
+ 0x70: 0x2100001,
5043
+ 0x80: 0x2000400,
5044
+ 0x90: 0x100001,
5045
+ 0xa0: 0x2000001,
5046
+ 0xb0: 0x2100400,
5047
+ 0xc0: 0x2100000,
5048
+ 0xd0: 0x401,
5049
+ 0xe0: 0x100400,
5050
+ 0xf0: 0x2000000,
5051
+ 0x8: 0x2100001,
5052
+ 0x18: 0x0,
5053
+ 0x28: 0x2000401,
5054
+ 0x38: 0x2100400,
5055
+ 0x48: 0x100000,
5056
+ 0x58: 0x2000001,
5057
+ 0x68: 0x2000000,
5058
+ 0x78: 0x401,
5059
+ 0x88: 0x100401,
5060
+ 0x98: 0x2000400,
5061
+ 0xa8: 0x2100000,
5062
+ 0xb8: 0x100001,
5063
+ 0xc8: 0x400,
5064
+ 0xd8: 0x2100401,
5065
+ 0xe8: 0x1,
5066
+ 0xf8: 0x100400,
5067
+ 0x100: 0x2000000,
5068
+ 0x110: 0x100000,
5069
+ 0x120: 0x2000401,
5070
+ 0x130: 0x2100001,
5071
+ 0x140: 0x100001,
5072
+ 0x150: 0x2000400,
5073
+ 0x160: 0x2100400,
5074
+ 0x170: 0x100401,
5075
+ 0x180: 0x401,
5076
+ 0x190: 0x2100401,
5077
+ 0x1a0: 0x100400,
5078
+ 0x1b0: 0x1,
5079
+ 0x1c0: 0x0,
5080
+ 0x1d0: 0x2100000,
5081
+ 0x1e0: 0x2000001,
5082
+ 0x1f0: 0x400,
5083
+ 0x108: 0x100400,
5084
+ 0x118: 0x2000401,
5085
+ 0x128: 0x2100001,
5086
+ 0x138: 0x1,
5087
+ 0x148: 0x2000000,
5088
+ 0x158: 0x100000,
5089
+ 0x168: 0x401,
5090
+ 0x178: 0x2100400,
5091
+ 0x188: 0x2000001,
5092
+ 0x198: 0x2100000,
5093
+ 0x1a8: 0x0,
5094
+ 0x1b8: 0x2100401,
5095
+ 0x1c8: 0x100401,
5096
+ 0x1d8: 0x400,
5097
+ 0x1e8: 0x2000400,
5098
+ 0x1f8: 0x100001
5099
+ },
5100
+ {
5101
+ 0x0: 0x8000820,
5102
+ 0x1: 0x20000,
5103
+ 0x2: 0x8000000,
5104
+ 0x3: 0x20,
5105
+ 0x4: 0x20020,
5106
+ 0x5: 0x8020820,
5107
+ 0x6: 0x8020800,
5108
+ 0x7: 0x800,
5109
+ 0x8: 0x8020000,
5110
+ 0x9: 0x8000800,
5111
+ 0xa: 0x20800,
5112
+ 0xb: 0x8020020,
5113
+ 0xc: 0x820,
5114
+ 0xd: 0x0,
5115
+ 0xe: 0x8000020,
5116
+ 0xf: 0x20820,
5117
+ 0x80000000: 0x800,
5118
+ 0x80000001: 0x8020820,
5119
+ 0x80000002: 0x8000820,
5120
+ 0x80000003: 0x8000000,
5121
+ 0x80000004: 0x8020000,
5122
+ 0x80000005: 0x20800,
5123
+ 0x80000006: 0x20820,
5124
+ 0x80000007: 0x20,
5125
+ 0x80000008: 0x8000020,
5126
+ 0x80000009: 0x820,
5127
+ 0x8000000a: 0x20020,
5128
+ 0x8000000b: 0x8020800,
5129
+ 0x8000000c: 0x0,
5130
+ 0x8000000d: 0x8020020,
5131
+ 0x8000000e: 0x8000800,
5132
+ 0x8000000f: 0x20000,
5133
+ 0x10: 0x20820,
5134
+ 0x11: 0x8020800,
5135
+ 0x12: 0x20,
5136
+ 0x13: 0x800,
5137
+ 0x14: 0x8000800,
5138
+ 0x15: 0x8000020,
5139
+ 0x16: 0x8020020,
5140
+ 0x17: 0x20000,
5141
+ 0x18: 0x0,
5142
+ 0x19: 0x20020,
5143
+ 0x1a: 0x8020000,
5144
+ 0x1b: 0x8000820,
5145
+ 0x1c: 0x8020820,
5146
+ 0x1d: 0x20800,
5147
+ 0x1e: 0x820,
5148
+ 0x1f: 0x8000000,
5149
+ 0x80000010: 0x20000,
5150
+ 0x80000011: 0x800,
5151
+ 0x80000012: 0x8020020,
5152
+ 0x80000013: 0x20820,
5153
+ 0x80000014: 0x20,
5154
+ 0x80000015: 0x8020000,
5155
+ 0x80000016: 0x8000000,
5156
+ 0x80000017: 0x8000820,
5157
+ 0x80000018: 0x8020820,
5158
+ 0x80000019: 0x8000020,
5159
+ 0x8000001a: 0x8000800,
5160
+ 0x8000001b: 0x0,
5161
+ 0x8000001c: 0x20800,
5162
+ 0x8000001d: 0x820,
5163
+ 0x8000001e: 0x20020,
5164
+ 0x8000001f: 0x8020800
5165
+ }
5166
+ ];
5167
+
5168
+ // Masks that select the SBOX input
5169
+ var SBOX_MASK = [
5170
+ 0xf8000001, 0x1f800000, 0x01f80000, 0x001f8000,
5171
+ 0x0001f800, 0x00001f80, 0x000001f8, 0x8000001f
5172
+ ];
5173
+
5174
+ /**
5175
+ * DES block cipher algorithm.
5176
+ */
5177
+ var DES = C_algo.DES = BlockCipher.extend({
5178
+ _doReset: function () {
5179
+ // Shortcuts
5180
+ var key = this._key;
5181
+ var keyWords = key.words;
5182
+
5183
+ // Select 56 bits according to PC1
5184
+ var keyBits = [];
5185
+ for (var i = 0; i < 56; i++) {
5186
+ var keyBitPos = PC1[i] - 1;
5187
+ keyBits[i] = (keyWords[keyBitPos >>> 5] >>> (31 - keyBitPos % 32)) & 1;
5188
+ }
5189
+
5190
+ // Assemble 16 subkeys
5191
+ var subKeys = this._subKeys = [];
5192
+ for (var nSubKey = 0; nSubKey < 16; nSubKey++) {
5193
+ // Create subkey
5194
+ var subKey = subKeys[nSubKey] = [];
5195
+
5196
+ // Shortcut
5197
+ var bitShift = BIT_SHIFTS[nSubKey];
5198
+
5199
+ // Select 48 bits according to PC2
5200
+ for (var i = 0; i < 24; i++) {
5201
+ // Select from the left 28 key bits
5202
+ subKey[(i / 6) | 0] |= keyBits[((PC2[i] - 1) + bitShift) % 28] << (31 - i % 6);
5203
+
5204
+ // Select from the right 28 key bits
5205
+ subKey[4 + ((i / 6) | 0)] |= keyBits[28 + (((PC2[i + 24] - 1) + bitShift) % 28)] << (31 - i % 6);
5206
+ }
5207
+
5208
+ // Since each subkey is applied to an expanded 32-bit input,
5209
+ // the subkey can be broken into 8 values scaled to 32-bits,
5210
+ // which allows the key to be used without expansion
5211
+ subKey[0] = (subKey[0] << 1) | (subKey[0] >>> 31);
5212
+ for (var i = 1; i < 7; i++) {
5213
+ subKey[i] = subKey[i] >>> ((i - 1) * 4 + 3);
5214
+ }
5215
+ subKey[7] = (subKey[7] << 5) | (subKey[7] >>> 27);
5216
+ }
5217
+
5218
+ // Compute inverse subkeys
5219
+ var invSubKeys = this._invSubKeys = [];
5220
+ for (var i = 0; i < 16; i++) {
5221
+ invSubKeys[i] = subKeys[15 - i];
5222
+ }
5223
+ },
5224
+
5225
+ encryptBlock: function (M, offset) {
5226
+ this._doCryptBlock(M, offset, this._subKeys);
5227
+ },
5228
+
5229
+ decryptBlock: function (M, offset) {
5230
+ this._doCryptBlock(M, offset, this._invSubKeys);
5231
+ },
5232
+
5233
+ _doCryptBlock: function (M, offset, subKeys) {
5234
+ // Get input
5235
+ this._lBlock = M[offset];
5236
+ this._rBlock = M[offset + 1];
5237
+
5238
+ // Initial permutation
5239
+ exchangeLR.call(this, 4, 0x0f0f0f0f);
5240
+ exchangeLR.call(this, 16, 0x0000ffff);
5241
+ exchangeRL.call(this, 2, 0x33333333);
5242
+ exchangeRL.call(this, 8, 0x00ff00ff);
5243
+ exchangeLR.call(this, 1, 0x55555555);
5244
+
5245
+ // Rounds
5246
+ for (var round = 0; round < 16; round++) {
5247
+ // Shortcuts
5248
+ var subKey = subKeys[round];
5249
+ var lBlock = this._lBlock;
5250
+ var rBlock = this._rBlock;
5251
+
5252
+ // Feistel function
5253
+ var f = 0;
5254
+ for (var i = 0; i < 8; i++) {
5255
+ f |= SBOX_P[i][((rBlock ^ subKey[i]) & SBOX_MASK[i]) >>> 0];
5256
+ }
5257
+ this._lBlock = rBlock;
5258
+ this._rBlock = lBlock ^ f;
5259
+ }
5260
+
5261
+ // Undo swap from last round
5262
+ var t = this._lBlock;
5263
+ this._lBlock = this._rBlock;
5264
+ this._rBlock = t;
5265
+
5266
+ // Final permutation
5267
+ exchangeLR.call(this, 1, 0x55555555);
5268
+ exchangeRL.call(this, 8, 0x00ff00ff);
5269
+ exchangeRL.call(this, 2, 0x33333333);
5270
+ exchangeLR.call(this, 16, 0x0000ffff);
5271
+ exchangeLR.call(this, 4, 0x0f0f0f0f);
5272
+
5273
+ // Set output
5274
+ M[offset] = this._lBlock;
5275
+ M[offset + 1] = this._rBlock;
5276
+ },
5277
+
5278
+ keySize: 64/32,
5279
+
5280
+ ivSize: 64/32,
5281
+
5282
+ blockSize: 64/32
5283
+ });
5284
+
5285
+ // Swap bits across the left and right words
5286
+ function exchangeLR(offset, mask) {
5287
+ var t = ((this._lBlock >>> offset) ^ this._rBlock) & mask;
5288
+ this._rBlock ^= t;
5289
+ this._lBlock ^= t << offset;
5290
+ }
5291
+
5292
+ function exchangeRL(offset, mask) {
5293
+ var t = ((this._rBlock >>> offset) ^ this._lBlock) & mask;
5294
+ this._lBlock ^= t;
5295
+ this._rBlock ^= t << offset;
5296
+ }
5297
+
5298
+ /**
5299
+ * Shortcut functions to the cipher's object interface.
5300
+ *
5301
+ * @example
5302
+ *
5303
+ * var ciphertext = CryptoJS.DES.encrypt(message, key, cfg);
5304
+ * var plaintext = CryptoJS.DES.decrypt(ciphertext, key, cfg);
5305
+ */
5306
+ C.DES = BlockCipher._createHelper(DES);
5307
+
5308
+ /**
5309
+ * Triple-DES block cipher algorithm.
5310
+ */
5311
+ var TripleDES = C_algo.TripleDES = BlockCipher.extend({
5312
+ _doReset: function () {
5313
+ // Shortcuts
5314
+ var key = this._key;
5315
+ var keyWords = key.words;
5316
+
5317
+ // Create DES instances
5318
+ this._des1 = DES.createEncryptor(WordArray.create(keyWords.slice(0, 2)));
5319
+ this._des2 = DES.createEncryptor(WordArray.create(keyWords.slice(2, 4)));
5320
+ this._des3 = DES.createEncryptor(WordArray.create(keyWords.slice(4, 6)));
5321
+ },
5322
+
5323
+ encryptBlock: function (M, offset) {
5324
+ this._des1.encryptBlock(M, offset);
5325
+ this._des2.decryptBlock(M, offset);
5326
+ this._des3.encryptBlock(M, offset);
5327
+ },
5328
+
5329
+ decryptBlock: function (M, offset) {
5330
+ this._des3.decryptBlock(M, offset);
5331
+ this._des2.encryptBlock(M, offset);
5332
+ this._des1.decryptBlock(M, offset);
5333
+ },
5334
+
5335
+ keySize: 192/32,
5336
+
5337
+ ivSize: 64/32,
5338
+
5339
+ blockSize: 64/32
5340
+ });
5341
+
5342
+ /**
5343
+ * Shortcut functions to the cipher's object interface.
5344
+ *
5345
+ * @example
5346
+ *
5347
+ * var ciphertext = CryptoJS.TripleDES.encrypt(message, key, cfg);
5348
+ * var plaintext = CryptoJS.TripleDES.decrypt(ciphertext, key, cfg);
5349
+ */
5350
+ C.TripleDES = BlockCipher._createHelper(TripleDES);
5351
+ }());
5352
+
5353
+
5354
+ (function () {
5355
+ // Shortcuts
5356
+ var C = CryptoJS;
5357
+ var C_lib = C.lib;
5358
+ var StreamCipher = C_lib.StreamCipher;
5359
+ var C_algo = C.algo;
5360
+
5361
+ /**
5362
+ * RC4 stream cipher algorithm.
5363
+ */
5364
+ var RC4 = C_algo.RC4 = StreamCipher.extend({
5365
+ _doReset: function () {
5366
+ // Shortcuts
5367
+ var key = this._key;
5368
+ var keyWords = key.words;
5369
+ var keySigBytes = key.sigBytes;
5370
+
5371
+ // Init sbox
5372
+ var S = this._S = [];
5373
+ for (var i = 0; i < 256; i++) {
5374
+ S[i] = i;
5375
+ }
5376
+
5377
+ // Key setup
5378
+ for (var i = 0, j = 0; i < 256; i++) {
5379
+ var keyByteIndex = i % keySigBytes;
5380
+ var keyByte = (keyWords[keyByteIndex >>> 2] >>> (24 - (keyByteIndex % 4) * 8)) & 0xff;
5381
+
5382
+ j = (j + S[i] + keyByte) % 256;
5383
+
5384
+ // Swap
5385
+ var t = S[i];
5386
+ S[i] = S[j];
5387
+ S[j] = t;
5388
+ }
5389
+
5390
+ // Counters
5391
+ this._i = this._j = 0;
5392
+ },
5393
+
5394
+ _doProcessBlock: function (M, offset) {
5395
+ M[offset] ^= generateKeystreamWord.call(this);
5396
+ },
5397
+
5398
+ keySize: 256/32,
5399
+
5400
+ ivSize: 0
5401
+ });
5402
+
5403
+ function generateKeystreamWord() {
5404
+ // Shortcuts
5405
+ var S = this._S;
5406
+ var i = this._i;
5407
+ var j = this._j;
5408
+
5409
+ // Generate keystream word
5410
+ var keystreamWord = 0;
5411
+ for (var n = 0; n < 4; n++) {
5412
+ i = (i + 1) % 256;
5413
+ j = (j + S[i]) % 256;
5414
+
5415
+ // Swap
5416
+ var t = S[i];
5417
+ S[i] = S[j];
5418
+ S[j] = t;
5419
+
5420
+ keystreamWord |= S[(S[i] + S[j]) % 256] << (24 - n * 8);
5421
+ }
5422
+
5423
+ // Update counters
5424
+ this._i = i;
5425
+ this._j = j;
5426
+
5427
+ return keystreamWord;
5428
+ }
5429
+
5430
+ /**
5431
+ * Shortcut functions to the cipher's object interface.
5432
+ *
5433
+ * @example
5434
+ *
5435
+ * var ciphertext = CryptoJS.RC4.encrypt(message, key, cfg);
5436
+ * var plaintext = CryptoJS.RC4.decrypt(ciphertext, key, cfg);
5437
+ */
5438
+ C.RC4 = StreamCipher._createHelper(RC4);
5439
+
5440
+ /**
5441
+ * Modified RC4 stream cipher algorithm.
5442
+ */
5443
+ var RC4Drop = C_algo.RC4Drop = RC4.extend({
5444
+ /**
5445
+ * Configuration options.
5446
+ *
5447
+ * @property {number} drop The number of keystream words to drop. Default 192
5448
+ */
5449
+ cfg: RC4.cfg.extend({
5450
+ drop: 192
5451
+ }),
5452
+
5453
+ _doReset: function () {
5454
+ RC4._doReset.call(this);
5455
+
5456
+ // Drop
5457
+ for (var i = this.cfg.drop; i > 0; i--) {
5458
+ generateKeystreamWord.call(this);
5459
+ }
5460
+ }
5461
+ });
5462
+
5463
+ /**
5464
+ * Shortcut functions to the cipher's object interface.
5465
+ *
5466
+ * @example
5467
+ *
5468
+ * var ciphertext = CryptoJS.RC4Drop.encrypt(message, key, cfg);
5469
+ * var plaintext = CryptoJS.RC4Drop.decrypt(ciphertext, key, cfg);
5470
+ */
5471
+ C.RC4Drop = StreamCipher._createHelper(RC4Drop);
5472
+ }());
5473
+
5474
+
5475
+ /** @preserve
5476
+ * Counter block mode compatible with Dr Brian Gladman fileenc.c
5477
+ * derived from CryptoJS.mode.CTR
5478
+ * Jan Hruby jhruby.web@gmail.com
5479
+ */
5480
+ CryptoJS.mode.CTRGladman = (function () {
5481
+ var CTRGladman = CryptoJS.lib.BlockCipherMode.extend();
5482
+
5483
+ function incWord(word)
5484
+ {
5485
+ if (((word >> 24) & 0xff) === 0xff) { //overflow
5486
+ var b1 = (word >> 16)&0xff;
5487
+ var b2 = (word >> 8)&0xff;
5488
+ var b3 = word & 0xff;
5489
+
5490
+ if (b1 === 0xff) // overflow b1
5491
+ {
5492
+ b1 = 0;
5493
+ if (b2 === 0xff)
5494
+ {
5495
+ b2 = 0;
5496
+ if (b3 === 0xff)
5497
+ {
5498
+ b3 = 0;
5499
+ }
5500
+ else
5501
+ {
5502
+ ++b3;
5503
+ }
5504
+ }
5505
+ else
5506
+ {
5507
+ ++b2;
5508
+ }
5509
+ }
5510
+ else
5511
+ {
5512
+ ++b1;
5513
+ }
5514
+
5515
+ word = 0;
5516
+ word += (b1 << 16);
5517
+ word += (b2 << 8);
5518
+ word += b3;
5519
+ }
5520
+ else
5521
+ {
5522
+ word += (0x01 << 24);
5523
+ }
5524
+ return word;
5525
+ }
5526
+
5527
+ function incCounter(counter)
5528
+ {
5529
+ if ((counter[0] = incWord(counter[0])) === 0)
5530
+ {
5531
+ // encr_data in fileenc.c from Dr Brian Gladman's counts only with DWORD j < 8
5532
+ counter[1] = incWord(counter[1]);
5533
+ }
5534
+ return counter;
5535
+ }
5536
+
5537
+ var Encryptor = CTRGladman.Encryptor = CTRGladman.extend({
5538
+ processBlock: function (words, offset) {
5539
+ // Shortcuts
5540
+ var cipher = this._cipher
5541
+ var blockSize = cipher.blockSize;
5542
+ var iv = this._iv;
5543
+ var counter = this._counter;
5544
+
5545
+ // Generate keystream
5546
+ if (iv) {
5547
+ counter = this._counter = iv.slice(0);
5548
+
5549
+ // Remove IV for subsequent blocks
5550
+ this._iv = undefined;
5551
+ }
5552
+
5553
+ incCounter(counter);
5554
+
5555
+ var keystream = counter.slice(0);
5556
+ cipher.encryptBlock(keystream, 0);
5557
+
5558
+ // Encrypt
5559
+ for (var i = 0; i < blockSize; i++) {
5560
+ words[offset + i] ^= keystream[i];
5561
+ }
5562
+ }
5563
+ });
5564
+
5565
+ CTRGladman.Decryptor = Encryptor;
5566
+
5567
+ return CTRGladman;
5568
+ }());
5569
+
5570
+
5571
+
5572
+
5573
+ (function () {
5574
+ // Shortcuts
5575
+ var C = CryptoJS;
5576
+ var C_lib = C.lib;
5577
+ var StreamCipher = C_lib.StreamCipher;
5578
+ var C_algo = C.algo;
5579
+
5580
+ // Reusable objects
5581
+ var S = [];
5582
+ var C_ = [];
5583
+ var G = [];
5584
+
5585
+ /**
5586
+ * Rabbit stream cipher algorithm
5587
+ */
5588
+ var Rabbit = C_algo.Rabbit = StreamCipher.extend({
5589
+ _doReset: function () {
5590
+ // Shortcuts
5591
+ var K = this._key.words;
5592
+ var iv = this.cfg.iv;
5593
+
5594
+ // Swap endian
5595
+ for (var i = 0; i < 4; i++) {
5596
+ K[i] = (((K[i] << 8) | (K[i] >>> 24)) & 0x00ff00ff) |
5597
+ (((K[i] << 24) | (K[i] >>> 8)) & 0xff00ff00);
5598
+ }
5599
+
5600
+ // Generate initial state values
5601
+ var X = this._X = [
5602
+ K[0], (K[3] << 16) | (K[2] >>> 16),
5603
+ K[1], (K[0] << 16) | (K[3] >>> 16),
5604
+ K[2], (K[1] << 16) | (K[0] >>> 16),
5605
+ K[3], (K[2] << 16) | (K[1] >>> 16)
5606
+ ];
5607
+
5608
+ // Generate initial counter values
5609
+ var C = this._C = [
5610
+ (K[2] << 16) | (K[2] >>> 16), (K[0] & 0xffff0000) | (K[1] & 0x0000ffff),
5611
+ (K[3] << 16) | (K[3] >>> 16), (K[1] & 0xffff0000) | (K[2] & 0x0000ffff),
5612
+ (K[0] << 16) | (K[0] >>> 16), (K[2] & 0xffff0000) | (K[3] & 0x0000ffff),
5613
+ (K[1] << 16) | (K[1] >>> 16), (K[3] & 0xffff0000) | (K[0] & 0x0000ffff)
5614
+ ];
5615
+
5616
+ // Carry bit
5617
+ this._b = 0;
5618
+
5619
+ // Iterate the system four times
5620
+ for (var i = 0; i < 4; i++) {
5621
+ nextState.call(this);
5622
+ }
5623
+
5624
+ // Modify the counters
5625
+ for (var i = 0; i < 8; i++) {
5626
+ C[i] ^= X[(i + 4) & 7];
5627
+ }
5628
+
5629
+ // IV setup
5630
+ if (iv) {
5631
+ // Shortcuts
5632
+ var IV = iv.words;
5633
+ var IV_0 = IV[0];
5634
+ var IV_1 = IV[1];
5635
+
5636
+ // Generate four subvectors
5637
+ var i0 = (((IV_0 << 8) | (IV_0 >>> 24)) & 0x00ff00ff) | (((IV_0 << 24) | (IV_0 >>> 8)) & 0xff00ff00);
5638
+ var i2 = (((IV_1 << 8) | (IV_1 >>> 24)) & 0x00ff00ff) | (((IV_1 << 24) | (IV_1 >>> 8)) & 0xff00ff00);
5639
+ var i1 = (i0 >>> 16) | (i2 & 0xffff0000);
5640
+ var i3 = (i2 << 16) | (i0 & 0x0000ffff);
5641
+
5642
+ // Modify counter values
5643
+ C[0] ^= i0;
5644
+ C[1] ^= i1;
5645
+ C[2] ^= i2;
5646
+ C[3] ^= i3;
5647
+ C[4] ^= i0;
5648
+ C[5] ^= i1;
5649
+ C[6] ^= i2;
5650
+ C[7] ^= i3;
5651
+
5652
+ // Iterate the system four times
5653
+ for (var i = 0; i < 4; i++) {
5654
+ nextState.call(this);
5655
+ }
5656
+ }
5657
+ },
5658
+
5659
+ _doProcessBlock: function (M, offset) {
5660
+ // Shortcut
5661
+ var X = this._X;
5662
+
5663
+ // Iterate the system
5664
+ nextState.call(this);
5665
+
5666
+ // Generate four keystream words
5667
+ S[0] = X[0] ^ (X[5] >>> 16) ^ (X[3] << 16);
5668
+ S[1] = X[2] ^ (X[7] >>> 16) ^ (X[5] << 16);
5669
+ S[2] = X[4] ^ (X[1] >>> 16) ^ (X[7] << 16);
5670
+ S[3] = X[6] ^ (X[3] >>> 16) ^ (X[1] << 16);
5671
+
5672
+ for (var i = 0; i < 4; i++) {
5673
+ // Swap endian
5674
+ S[i] = (((S[i] << 8) | (S[i] >>> 24)) & 0x00ff00ff) |
5675
+ (((S[i] << 24) | (S[i] >>> 8)) & 0xff00ff00);
5676
+
5677
+ // Encrypt
5678
+ M[offset + i] ^= S[i];
5679
+ }
5680
+ },
5681
+
5682
+ blockSize: 128/32,
5683
+
5684
+ ivSize: 64/32
5685
+ });
5686
+
5687
+ function nextState() {
5688
+ // Shortcuts
5689
+ var X = this._X;
5690
+ var C = this._C;
5691
+
5692
+ // Save old counter values
5693
+ for (var i = 0; i < 8; i++) {
5694
+ C_[i] = C[i];
5695
+ }
5696
+
5697
+ // Calculate new counter values
5698
+ C[0] = (C[0] + 0x4d34d34d + this._b) | 0;
5699
+ C[1] = (C[1] + 0xd34d34d3 + ((C[0] >>> 0) < (C_[0] >>> 0) ? 1 : 0)) | 0;
5700
+ C[2] = (C[2] + 0x34d34d34 + ((C[1] >>> 0) < (C_[1] >>> 0) ? 1 : 0)) | 0;
5701
+ C[3] = (C[3] + 0x4d34d34d + ((C[2] >>> 0) < (C_[2] >>> 0) ? 1 : 0)) | 0;
5702
+ C[4] = (C[4] + 0xd34d34d3 + ((C[3] >>> 0) < (C_[3] >>> 0) ? 1 : 0)) | 0;
5703
+ C[5] = (C[5] + 0x34d34d34 + ((C[4] >>> 0) < (C_[4] >>> 0) ? 1 : 0)) | 0;
5704
+ C[6] = (C[6] + 0x4d34d34d + ((C[5] >>> 0) < (C_[5] >>> 0) ? 1 : 0)) | 0;
5705
+ C[7] = (C[7] + 0xd34d34d3 + ((C[6] >>> 0) < (C_[6] >>> 0) ? 1 : 0)) | 0;
5706
+ this._b = (C[7] >>> 0) < (C_[7] >>> 0) ? 1 : 0;
5707
+
5708
+ // Calculate the g-values
5709
+ for (var i = 0; i < 8; i++) {
5710
+ var gx = X[i] + C[i];
5711
+
5712
+ // Construct high and low argument for squaring
5713
+ var ga = gx & 0xffff;
5714
+ var gb = gx >>> 16;
5715
+
5716
+ // Calculate high and low result of squaring
5717
+ var gh = ((((ga * ga) >>> 17) + ga * gb) >>> 15) + gb * gb;
5718
+ var gl = (((gx & 0xffff0000) * gx) | 0) + (((gx & 0x0000ffff) * gx) | 0);
5719
+
5720
+ // High XOR low
5721
+ G[i] = gh ^ gl;
5722
+ }
5723
+
5724
+ // Calculate new state values
5725
+ X[0] = (G[0] + ((G[7] << 16) | (G[7] >>> 16)) + ((G[6] << 16) | (G[6] >>> 16))) | 0;
5726
+ X[1] = (G[1] + ((G[0] << 8) | (G[0] >>> 24)) + G[7]) | 0;
5727
+ X[2] = (G[2] + ((G[1] << 16) | (G[1] >>> 16)) + ((G[0] << 16) | (G[0] >>> 16))) | 0;
5728
+ X[3] = (G[3] + ((G[2] << 8) | (G[2] >>> 24)) + G[1]) | 0;
5729
+ X[4] = (G[4] + ((G[3] << 16) | (G[3] >>> 16)) + ((G[2] << 16) | (G[2] >>> 16))) | 0;
5730
+ X[5] = (G[5] + ((G[4] << 8) | (G[4] >>> 24)) + G[3]) | 0;
5731
+ X[6] = (G[6] + ((G[5] << 16) | (G[5] >>> 16)) + ((G[4] << 16) | (G[4] >>> 16))) | 0;
5732
+ X[7] = (G[7] + ((G[6] << 8) | (G[6] >>> 24)) + G[5]) | 0;
5733
+ }
5734
+
5735
+ /**
5736
+ * Shortcut functions to the cipher's object interface.
5737
+ *
5738
+ * @example
5739
+ *
5740
+ * var ciphertext = CryptoJS.Rabbit.encrypt(message, key, cfg);
5741
+ * var plaintext = CryptoJS.Rabbit.decrypt(ciphertext, key, cfg);
5742
+ */
5743
+ C.Rabbit = StreamCipher._createHelper(Rabbit);
5744
+ }());
5745
+
5746
+
5747
+ /**
5748
+ * Counter block mode.
5749
+ */
5750
+ CryptoJS.mode.CTR = (function () {
5751
+ var CTR = CryptoJS.lib.BlockCipherMode.extend();
5752
+
5753
+ var Encryptor = CTR.Encryptor = CTR.extend({
5754
+ processBlock: function (words, offset) {
5755
+ // Shortcuts
5756
+ var cipher = this._cipher
5757
+ var blockSize = cipher.blockSize;
5758
+ var iv = this._iv;
5759
+ var counter = this._counter;
5760
+
5761
+ // Generate keystream
5762
+ if (iv) {
5763
+ counter = this._counter = iv.slice(0);
5764
+
5765
+ // Remove IV for subsequent blocks
5766
+ this._iv = undefined;
5767
+ }
5768
+ var keystream = counter.slice(0);
5769
+ cipher.encryptBlock(keystream, 0);
5770
+
5771
+ // Increment counter
5772
+ counter[blockSize - 1] = (counter[blockSize - 1] + 1) | 0
5773
+
5774
+ // Encrypt
5775
+ for (var i = 0; i < blockSize; i++) {
5776
+ words[offset + i] ^= keystream[i];
5777
+ }
5778
+ }
5779
+ });
5780
+
5781
+ CTR.Decryptor = Encryptor;
5782
+
5783
+ return CTR;
5784
+ }());
5785
+
5786
+
5787
+ (function () {
5788
+ // Shortcuts
5789
+ var C = CryptoJS;
5790
+ var C_lib = C.lib;
5791
+ var StreamCipher = C_lib.StreamCipher;
5792
+ var C_algo = C.algo;
5793
+
5794
+ // Reusable objects
5795
+ var S = [];
5796
+ var C_ = [];
5797
+ var G = [];
5798
+
5799
+ /**
5800
+ * Rabbit stream cipher algorithm.
5801
+ *
5802
+ * This is a legacy version that neglected to convert the key to little-endian.
5803
+ * This error doesn't affect the cipher's security,
5804
+ * but it does affect its compatibility with other implementations.
5805
+ */
5806
+ var RabbitLegacy = C_algo.RabbitLegacy = StreamCipher.extend({
5807
+ _doReset: function () {
5808
+ // Shortcuts
5809
+ var K = this._key.words;
5810
+ var iv = this.cfg.iv;
5811
+
5812
+ // Generate initial state values
5813
+ var X = this._X = [
5814
+ K[0], (K[3] << 16) | (K[2] >>> 16),
5815
+ K[1], (K[0] << 16) | (K[3] >>> 16),
5816
+ K[2], (K[1] << 16) | (K[0] >>> 16),
5817
+ K[3], (K[2] << 16) | (K[1] >>> 16)
5818
+ ];
5819
+
5820
+ // Generate initial counter values
5821
+ var C = this._C = [
5822
+ (K[2] << 16) | (K[2] >>> 16), (K[0] & 0xffff0000) | (K[1] & 0x0000ffff),
5823
+ (K[3] << 16) | (K[3] >>> 16), (K[1] & 0xffff0000) | (K[2] & 0x0000ffff),
5824
+ (K[0] << 16) | (K[0] >>> 16), (K[2] & 0xffff0000) | (K[3] & 0x0000ffff),
5825
+ (K[1] << 16) | (K[1] >>> 16), (K[3] & 0xffff0000) | (K[0] & 0x0000ffff)
5826
+ ];
5827
+
5828
+ // Carry bit
5829
+ this._b = 0;
5830
+
5831
+ // Iterate the system four times
5832
+ for (var i = 0; i < 4; i++) {
5833
+ nextState.call(this);
5834
+ }
5835
+
5836
+ // Modify the counters
5837
+ for (var i = 0; i < 8; i++) {
5838
+ C[i] ^= X[(i + 4) & 7];
5839
+ }
5840
+
5841
+ // IV setup
5842
+ if (iv) {
5843
+ // Shortcuts
5844
+ var IV = iv.words;
5845
+ var IV_0 = IV[0];
5846
+ var IV_1 = IV[1];
5847
+
5848
+ // Generate four subvectors
5849
+ var i0 = (((IV_0 << 8) | (IV_0 >>> 24)) & 0x00ff00ff) | (((IV_0 << 24) | (IV_0 >>> 8)) & 0xff00ff00);
5850
+ var i2 = (((IV_1 << 8) | (IV_1 >>> 24)) & 0x00ff00ff) | (((IV_1 << 24) | (IV_1 >>> 8)) & 0xff00ff00);
5851
+ var i1 = (i0 >>> 16) | (i2 & 0xffff0000);
5852
+ var i3 = (i2 << 16) | (i0 & 0x0000ffff);
5853
+
5854
+ // Modify counter values
5855
+ C[0] ^= i0;
5856
+ C[1] ^= i1;
5857
+ C[2] ^= i2;
5858
+ C[3] ^= i3;
5859
+ C[4] ^= i0;
5860
+ C[5] ^= i1;
5861
+ C[6] ^= i2;
5862
+ C[7] ^= i3;
5863
+
5864
+ // Iterate the system four times
5865
+ for (var i = 0; i < 4; i++) {
5866
+ nextState.call(this);
5867
+ }
5868
+ }
5869
+ },
5870
+
5871
+ _doProcessBlock: function (M, offset) {
5872
+ // Shortcut
5873
+ var X = this._X;
5874
+
5875
+ // Iterate the system
5876
+ nextState.call(this);
5877
+
5878
+ // Generate four keystream words
5879
+ S[0] = X[0] ^ (X[5] >>> 16) ^ (X[3] << 16);
5880
+ S[1] = X[2] ^ (X[7] >>> 16) ^ (X[5] << 16);
5881
+ S[2] = X[4] ^ (X[1] >>> 16) ^ (X[7] << 16);
5882
+ S[3] = X[6] ^ (X[3] >>> 16) ^ (X[1] << 16);
5883
+
5884
+ for (var i = 0; i < 4; i++) {
5885
+ // Swap endian
5886
+ S[i] = (((S[i] << 8) | (S[i] >>> 24)) & 0x00ff00ff) |
5887
+ (((S[i] << 24) | (S[i] >>> 8)) & 0xff00ff00);
5888
+
5889
+ // Encrypt
5890
+ M[offset + i] ^= S[i];
5891
+ }
5892
+ },
5893
+
5894
+ blockSize: 128/32,
5895
+
5896
+ ivSize: 64/32
5897
+ });
5898
+
5899
+ function nextState() {
5900
+ // Shortcuts
5901
+ var X = this._X;
5902
+ var C = this._C;
5903
+
5904
+ // Save old counter values
5905
+ for (var i = 0; i < 8; i++) {
5906
+ C_[i] = C[i];
5907
+ }
5908
+
5909
+ // Calculate new counter values
5910
+ C[0] = (C[0] + 0x4d34d34d + this._b) | 0;
5911
+ C[1] = (C[1] + 0xd34d34d3 + ((C[0] >>> 0) < (C_[0] >>> 0) ? 1 : 0)) | 0;
5912
+ C[2] = (C[2] + 0x34d34d34 + ((C[1] >>> 0) < (C_[1] >>> 0) ? 1 : 0)) | 0;
5913
+ C[3] = (C[3] + 0x4d34d34d + ((C[2] >>> 0) < (C_[2] >>> 0) ? 1 : 0)) | 0;
5914
+ C[4] = (C[4] + 0xd34d34d3 + ((C[3] >>> 0) < (C_[3] >>> 0) ? 1 : 0)) | 0;
5915
+ C[5] = (C[5] + 0x34d34d34 + ((C[4] >>> 0) < (C_[4] >>> 0) ? 1 : 0)) | 0;
5916
+ C[6] = (C[6] + 0x4d34d34d + ((C[5] >>> 0) < (C_[5] >>> 0) ? 1 : 0)) | 0;
5917
+ C[7] = (C[7] + 0xd34d34d3 + ((C[6] >>> 0) < (C_[6] >>> 0) ? 1 : 0)) | 0;
5918
+ this._b = (C[7] >>> 0) < (C_[7] >>> 0) ? 1 : 0;
5919
+
5920
+ // Calculate the g-values
5921
+ for (var i = 0; i < 8; i++) {
5922
+ var gx = X[i] + C[i];
5923
+
5924
+ // Construct high and low argument for squaring
5925
+ var ga = gx & 0xffff;
5926
+ var gb = gx >>> 16;
5927
+
5928
+ // Calculate high and low result of squaring
5929
+ var gh = ((((ga * ga) >>> 17) + ga * gb) >>> 15) + gb * gb;
5930
+ var gl = (((gx & 0xffff0000) * gx) | 0) + (((gx & 0x0000ffff) * gx) | 0);
5931
+
5932
+ // High XOR low
5933
+ G[i] = gh ^ gl;
5934
+ }
5935
+
5936
+ // Calculate new state values
5937
+ X[0] = (G[0] + ((G[7] << 16) | (G[7] >>> 16)) + ((G[6] << 16) | (G[6] >>> 16))) | 0;
5938
+ X[1] = (G[1] + ((G[0] << 8) | (G[0] >>> 24)) + G[7]) | 0;
5939
+ X[2] = (G[2] + ((G[1] << 16) | (G[1] >>> 16)) + ((G[0] << 16) | (G[0] >>> 16))) | 0;
5940
+ X[3] = (G[3] + ((G[2] << 8) | (G[2] >>> 24)) + G[1]) | 0;
5941
+ X[4] = (G[4] + ((G[3] << 16) | (G[3] >>> 16)) + ((G[2] << 16) | (G[2] >>> 16))) | 0;
5942
+ X[5] = (G[5] + ((G[4] << 8) | (G[4] >>> 24)) + G[3]) | 0;
5943
+ X[6] = (G[6] + ((G[5] << 16) | (G[5] >>> 16)) + ((G[4] << 16) | (G[4] >>> 16))) | 0;
5944
+ X[7] = (G[7] + ((G[6] << 8) | (G[6] >>> 24)) + G[5]) | 0;
5945
+ }
5946
+
5947
+ /**
5948
+ * Shortcut functions to the cipher's object interface.
5949
+ *
5950
+ * @example
5951
+ *
5952
+ * var ciphertext = CryptoJS.RabbitLegacy.encrypt(message, key, cfg);
5953
+ * var plaintext = CryptoJS.RabbitLegacy.decrypt(ciphertext, key, cfg);
5954
+ */
5955
+ C.RabbitLegacy = StreamCipher._createHelper(RabbitLegacy);
5956
+ }());
5957
+
5958
+
5959
+ /**
5960
+ * Zero padding strategy.
5961
+ */
5962
+ CryptoJS.pad.ZeroPadding = {
5963
+ pad: function (data, blockSize) {
5964
+ // Shortcut
5965
+ var blockSizeBytes = blockSize * 4;
5966
+
5967
+ // Pad
5968
+ data.clamp();
5969
+ data.sigBytes += blockSizeBytes - ((data.sigBytes % blockSizeBytes) || blockSizeBytes);
5970
+ },
5971
+
5972
+ unpad: function (data) {
5973
+ // Shortcut
5974
+ var dataWords = data.words;
5975
+
5976
+ // Unpad
5977
+ var i = data.sigBytes - 1;
5978
+ while (!((dataWords[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff)) {
5979
+ i--;
5980
+ }
5981
+ data.sigBytes = i + 1;
5982
+ }
5983
+ };
5984
+
5985
+
5986
+ return CryptoJS;
5987
+
5988
+ }));
admin/js/crypto-js/docs/QuickStartGuide.wiki ADDED
@@ -0,0 +1,470 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <wiki:toc/>
2
+
3
+ ----
4
+
5
+ = Quick-start Guide =
6
+
7
+ == Hashers ==
8
+
9
+ === The Hasher Algorithms ===
10
+
11
+ ==== MD5 ====
12
+
13
+ MD5 is a widely used hash function. It's been used in a variety of security applications and is also commonly used to check the integrity of files. Though, MD5 is not collision resistant, and it isn't suitable for applications like SSL certificates or digital signatures that rely on this property.
14
+
15
+ {{{
16
+ <script src="http://crypto-js.googlecode.com/svn/tags/3.1/build/rollups/md5.js"></script>
17
+ <script>
18
+ var hash = CryptoJS.MD5("Message");
19
+ </script>
20
+ }}}
21
+
22
+ ==== SHA-1 ====
23
+
24
+ The SHA hash functions were designed by the National Security Agency (NSA). SHA-1 is the most established of the existing SHA hash functions, and it's used in a variety of security applications and protocols. Though, SHA-1's collision resistance has been weakening as new attacks are discovered or improved.
25
+
26
+ {{{
27
+ <script src="http://crypto-js.googlecode.com/svn/tags/3.1/build/rollups/sha1.js"></script>
28
+ <script>
29
+ var hash = CryptoJS.SHA1("Message");
30
+ </script>
31
+ }}}
32
+
33
+ ==== SHA-2 ====
34
+
35
+ SHA-256 is one of the four variants in the SHA-2 set. It isn't as widely used as SHA-1, though it appears to provide much better security.
36
+
37
+ {{{
38
+ <script src="http://crypto-js.googlecode.com/svn/tags/3.1/build/rollups/sha256.js"></script>
39
+ <script>
40
+ var hash = CryptoJS.SHA256("Message");
41
+ </script>
42
+ }}}
43
+
44
+ SHA-512 is largely identical to SHA-256 but operates on 64-bit words rather than 32.
45
+
46
+ {{{
47
+ <script src="http://crypto-js.googlecode.com/svn/tags/3.1/build/rollups/sha512.js"></script>
48
+ <script>
49
+ var hash = CryptoJS.SHA512("Message");
50
+ </script>
51
+ }}}
52
+
53
+ CryptoJS also supports SHA-224 and SHA-384, which are largely identical but truncated versions of SHA-256 and SHA-512 respectively.
54
+
55
+ ==== SHA-3 ====
56
+
57
+ SHA-3 is the winner of a five-year competition to select a new cryptographic hash algorithm where 64 competing designs were evaluated.
58
+
59
+ {{{
60
+ <script src="http://crypto-js.googlecode.com/svn/tags/3.1/build/rollups/sha3.js"></script>
61
+ <script>
62
+ var hash = CryptoJS.SHA3("Message");
63
+ </script>
64
+ }}}
65
+
66
+ SHA-3 can be configured to output hash lengths of one of 224, 256, 384, or 512 bits. The default is 512 bits.
67
+
68
+ {{{
69
+ <script src="http://crypto-js.googlecode.com/svn/tags/3.1/build/rollups/sha3.js"></script>
70
+ <script>
71
+ var hash = CryptoJS.SHA3("Message", { outputLength: 512 });
72
+ var hash = CryptoJS.SHA3("Message", { outputLength: 384 });
73
+ var hash = CryptoJS.SHA3("Message", { outputLength: 256 });
74
+ var hash = CryptoJS.SHA3("Message", { outputLength: 224 });
75
+ </script>
76
+ }}}
77
+
78
+ ==== RIPEMD-160 ====
79
+
80
+ {{{
81
+ <script src="http://crypto-js.googlecode.com/svn/tags/3.1/build/rollups/ripemd160.js"></script>
82
+ <script>
83
+ var hash = CryptoJS.RIPEMD160("Message");
84
+ </script>
85
+ }}}
86
+
87
+ === The Hasher Input ===
88
+
89
+ The hash algorithms accept either strings or instances of CryptoJS.lib.WordArray. A WordArray object represents an array of 32-bit words. When you pass a string, it's automatically converted to a WordArray encoded as UTF-8.
90
+
91
+ === The Hasher Output ===
92
+
93
+ The hash you get back isn't a string yet. It's a WordArray object. When you use a WordArray object in a string context, it's automatically converted to a hex string.
94
+
95
+ {{{
96
+ <script src="http://crypto-js.googlecode.com/svn/tags/3.1/build/rollups/sha256.js"></script>
97
+ <script>
98
+ var hash = CryptoJS.SHA256("Message");
99
+
100
+ alert(typeof hash); // object
101
+
102
+ alert(hash); // 2f77668a9dfbf8d5848b9eeb4a7145ca94c6ed9236e4a773f6dcafa5132b2f91
103
+ </script>
104
+ }}}
105
+
106
+ You can convert a WordArray object to other formats by explicitly calling the toString method and passing an encoder.
107
+
108
+ {{{
109
+ <script src="http://crypto-js.googlecode.com/svn/tags/3.1/build/rollups/sha256.js"></script>
110
+ <script src="http://crypto-js.googlecode.com/svn/tags/3.1/build/components/enc-base64-min.js"></script>
111
+ <script>
112
+ var hash = CryptoJS.SHA256("Message");
113
+
114
+ alert(hash.toString(CryptoJS.enc.Base64)); // L3dmip37+NWEi57rSnFFypTG7ZI25Kdz9tyvpRMrL5E=
115
+
116
+ alert(hash.toString(CryptoJS.enc.Latin1)); // /wf��ûøÕ���ëJqEÊ�Æí�6ä§söܯ¥+/�
117
+
118
+ alert(hash.toString(CryptoJS.enc.Hex)); // 2f77668a9dfbf8d5848b9eeb4a7145ca94c6ed9236e4a773f6dcafa5132b2f91
119
+ </script>
120
+ }}}
121
+
122
+ === Progressive Hashing ===
123
+
124
+ {{{
125
+ <script src="http://crypto-js.googlecode.com/svn/tags/3.1/build/rollups/sha256.js"></script>
126
+ <script>
127
+ var sha256 = CryptoJS.algo.SHA256.create();
128
+
129
+ sha256.update("Message Part 1");
130
+ sha256.update("Message Part 2");
131
+ sha256.update("Message Part 3");
132
+
133
+ var hash = sha256.finalize();
134
+ </script>
135
+ }}}
136
+
137
+ == HMAC ==
138
+
139
+ Keyed-hash message authentication codes (HMAC) is a mechanism for message authentication using cryptographic hash functions.
140
+
141
+ HMAC can be used in combination with any iterated cryptographic hash function.
142
+
143
+ {{{
144
+ <script src="http://crypto-js.googlecode.com/svn/tags/3.1/build/rollups/hmac-md5.js"></script>
145
+ <script src="http://crypto-js.googlecode.com/svn/tags/3.1/build/rollups/hmac-sha1.js"></script>
146
+ <script src="http://crypto-js.googlecode.com/svn/tags/3.1/build/rollups/hmac-sha256.js"></script>
147
+ <script src="http://crypto-js.googlecode.com/svn/tags/3.1/build/rollups/hmac-sha512.js"></script>
148
+ <script>
149
+ var hash = CryptoJS.HmacMD5("Message", "Secret Passphrase");
150
+ var hash = CryptoJS.HmacSHA1("Message", "Secret Passphrase");
151
+ var hash = CryptoJS.HmacSHA256("Message", "Secret Passphrase");
152
+ var hash = CryptoJS.HmacSHA512("Message", "Secret Passphrase");
153
+ </script>
154
+ }}}
155
+
156
+ === Progressive HMAC Hashing ===
157
+
158
+ {{{
159
+ <script src="http://crypto-js.googlecode.com/svn/tags/3.1/build/rollups/hmac-sha256.js"></script>
160
+ <script>
161
+ var hmac = CryptoJS.algo.HMAC.create(CryptoJS.algo.SHA256, "Secret Passphrase");
162
+
163
+ hmac.update("Message Part 1");
164
+ hmac.update("Message Part 2");
165
+ hmac.update("Message Part 3");
166
+
167
+ var hash = hmac.finalize();
168
+ </script>
169
+ }}}
170
+
171
+ == PBKDF2 ==
172
+
173
+ PBKDF2 is a password-based key derivation function. In many applications of cryptography, user security is ultimately dependent on a password, and because a password usually can't be used directly as a cryptographic key, some processing is required.
174
+
175
+ A salt provides a large set of keys for any given password, and an iteration count increases the cost of producing keys from a password, thereby also increasing the difficulty of attack.
176
+
177
+ {{{
178
+ <script src="http://crypto-js.googlecode.com/svn/tags/3.1/build/rollups/pbkdf2.js"></script>
179
+ <script>
180
+ var salt = CryptoJS.lib.WordArray.random(128/8);
181
+
182
+ var key128Bits = CryptoJS.PBKDF2("Secret Passphrase", salt, { keySize: 128/32 });
183
+ var key256Bits = CryptoJS.PBKDF2("Secret Passphrase", salt, { keySize: 256/32 });
184
+ var key512Bits = CryptoJS.PBKDF2("Secret Passphrase", salt, { keySize: 512/32 });
185
+
186
+ var key512Bits1000Iterations = CryptoJS.PBKDF2("Secret Passphrase", salt, { keySize: 512/32, iterations: 1000 });
187
+ </script>
188
+ }}}
189
+
190
+ == Ciphers ==
191
+
192
+ === The Cipher Algorithms ===
193
+
194
+ ==== AES ====
195
+
196
+ The Advanced Encryption Standard (AES) is a U.S. Federal Information Processing Standard (FIPS). It was selected after a 5-year process where 15 competing designs were evaluated.
197
+
198
+ {{{
199
+ <script src="http://crypto-js.googlecode.com/svn/tags/3.1/build/rollups/aes.js"></script>
200
+ <script>
201
+ var encrypted = CryptoJS.AES.encrypt("Message", "Secret Passphrase");
202
+
203
+ var decrypted = CryptoJS.AES.decrypt(encrypted, "Secret Passphrase");
204
+ </script>
205
+ }}}
206
+
207
+ CryptoJS supports AES-128, AES-192, and AES-256. It will pick the variant by the size of the key you pass in. If you use a passphrase, then it will generate a 256-bit key.
208
+
209
+ ==== DES, Triple DES ====
210
+
211
+ DES is a previously dominant algorithm for encryption, and was published as an official Federal Information Processing Standard (FIPS). DES is now considered to be insecure due to the small key size.
212
+
213
+ {{{
214
+ <script src="http://crypto-js.googlecode.com/svn/tags/3.1/build/rollups/tripledes.js"></script>
215
+ <script>
216
+ var encrypted = CryptoJS.DES.encrypt("Message", "Secret Passphrase");
217
+
218
+ var decrypted = CryptoJS.DES.decrypt(encrypted, "Secret Passphrase");
219
+ </script>
220
+ }}}
221
+
222
+ Triple DES applies DES three times to each block to increase the key size. The algorithm is believed to be secure in this form.
223
+
224
+ {{{
225
+ <script src="http://crypto-js.googlecode.com/svn/tags/3.1/build/rollups/tripledes.js"></script>
226
+ <script>
227
+ var encrypted = CryptoJS.TripleDES.encrypt("Message", "Secret Passphrase");
228
+
229
+ var decrypted = CryptoJS.TripleDES.decrypt(encrypted, "Secret Passphrase");
230
+ </script>
231
+ }}}
232
+
233
+ ==== Rabbit ====
234
+
235
+ Rabbit is a high-performance stream cipher and a finalist in the eSTREAM Portfolio. It is one of the four designs selected after a 3 1/2-year process where 22 designs were evaluated.
236
+
237
+ {{{
238
+ <script src="http://crypto-js.googlecode.com/svn/tags/3.1/build/rollups/rabbit.js"></script>
239
+ <script>
240
+ var encrypted = CryptoJS.Rabbit.encrypt("Message", "Secret Passphrase");
241
+
242
+ var decrypted = CryptoJS.Rabbit.decrypt(encrypted, "Secret Passphrase");
243
+ </script>
244
+ }}}
245
+
246
+ ==== RC4, RC4Drop ====
247
+
248
+ RC4 is a widely-used stream cipher. It's used in popular protocols such as SSL and WEP. Although remarkable for its simplicity and speed, the algorithm's history doesn't inspire confidence in its security.
249
+
250
+ {{{
251
+ <script src="http://crypto-js.googlecode.com/svn/tags/3.1/build/rollups/rc4.js"></script>
252
+ <script>
253
+ var encrypted = CryptoJS.RC4.encrypt("Message", "Secret Passphrase");
254
+
255
+ var decrypted = CryptoJS.RC4.decrypt(encrypted, "Secret Passphrase");
256
+ </script>
257
+ }}}
258
+
259
+ It was discovered that the first few bytes of keystream are strongly non-random and leak information about the key. We can defend against this attack by discarding the initial portion of the keystream. This modified algorithm is traditionally called RC4-drop.
260
+
261
+ By default, 192 words (768 bytes) are dropped, but you can configure the algorithm to drop any number of words.
262
+
263
+ {{{
264
+ <script src="http://crypto-js.googlecode.com/svn/tags/3.1/build/rollups/rc4.js"></script>
265
+ <script>
266
+ var encrypted = CryptoJS.RC4Drop.encrypt("Message", "Secret Passphrase");
267
+
268
+ var encrypted = CryptoJS.RC4Drop.encrypt("Message", "Secret Passphrase", { drop: 3072/4 });
269
+
270
+ var decrypted = CryptoJS.RC4Drop.decrypt(encrypted, "Secret Passphrase", { drop: 3072/4 });
271
+ </script>
272
+ }}}
273
+
274
+ === Custom Key and IV ===
275
+
276
+ {{{
277
+ <script src="http://crypto-js.googlecode.com/svn/tags/3.1/build/rollups/aes.js"></script>
278
+ <script>
279
+ var key = CryptoJS.enc.Hex.parse('000102030405060708090a0b0c0d0e0f');
280
+ var iv = CryptoJS.enc.Hex.parse('101112131415161718191a1b1c1d1e1f');
281
+
282
+ var encrypted = CryptoJS.AES.encrypt("Message", key, { iv: iv });
283
+ </script>
284
+ }}}
285
+
286
+ === Block Modes and Padding ===
287
+
288
+ {{{
289
+ <script src="http://crypto-js.googlecode.com/svn/tags/3.1/build/rollups/aes.js"></script>
290
+ <script src="http://crypto-js.googlecode.com/svn/tags/3.1/build/components/mode-cfb-min.js"></script>
291
+ <script src="http://crypto-js.googlecode.com/svn/tags/3.1/build/components/pad-ansix923-min.js"></script>
292
+ <script>
293
+ var encrypted = CryptoJS.AES.encrypt("Message", "Secret Passphrase", { mode: CryptoJS.mode.CFB, padding: CryptoJS.pad.AnsiX923 });
294
+ </script>
295
+ }}}
296
+
297
+ CryptoJS supports the following modes:
298
+
299
+ * CBC (the default)
300
+ * CFB
301
+ * CTR
302
+ * OFB
303
+ * ECB
304
+
305
+ And CryptoJS supports the following padding schemes:
306
+
307
+ * Pkcs7 (the default)
308
+ * Iso97971
309
+ * AnsiX923
310
+ * Iso10126
311
+ * ZeroPadding
312
+ * NoPadding
313
+
314
+ === The Cipher Input ===
315
+
316
+ For the plaintext message, the cipher algorithms accept either strings or instances of CryptoJS.lib.WordArray.
317
+
318
+ For the key, when you pass a string, it's treated as a passphrase and used to derive an actual key and IV. Or you can pass a WordArray that represents the actual key. If you pass the actual key, you must also pass the actual IV.
319
+
320
+ For the ciphertext, the cipher algorithms accept either strings or instances of CryptoJS.lib.CipherParams. A CipherParams object represents a collection of parameters such as the IV, a salt, and the raw ciphertext itself. When you pass a string, it's automatically converted to a CipherParams object according to a configurable format strategy.
321
+
322
+ === The Cipher Output ===
323
+
324
+ The plaintext you get back after decryption is a WordArray object. See Hashers' Output for more detail.
325
+
326
+ The ciphertext you get back after encryption isn't a string yet. It's a CipherParams object. A CipherParams object gives you access to all the parameters used during encryption. When you use a CipherParams object in a string context, it's automatically converted to a string according to a format strategy. The default is an OpenSSL-compatible format.
327
+
328
+ {{{
329
+ <script src="http://crypto-js.googlecode.com/svn/tags/3.1/build/rollups/aes.js"></script>
330
+ <script>
331
+ var encrypted = CryptoJS.AES.encrypt("Message", "Secret Passphrase");
332
+
333
+ alert(encrypted.key); // 74eb593087a982e2a6f5dded54ecd96d1fd0f3d44a58728cdcd40c55227522223
334
+ alert(encrypted.iv); // 7781157e2629b094f0e3dd48c4d786115
335
+ alert(encrypted.salt); // 7a25f9132ec6a8b34
336
+ alert(encrypted.ciphertext); // 73e54154a15d1beeb509d9e12f1e462a0
337
+
338
+ alert(encrypted); // U2FsdGVkX1+iX5Ey7GqLND5UFUoV0b7rUJ2eEvHkYqA=
339
+ </script>
340
+ }}}
341
+
342
+ You can define your own formats in order to be compatible with other crypto implementations. A format is an object with two methods—stringify and parse—that converts between CipherParams objects and ciphertext strings.
343
+
344
+ Here's how you might write a JSON formatter:
345
+
346
+ {{{
347
+ <script src="http://crypto-js.googlecode.com/svn/tags/3.1/build/rollups/aes.js"></script>
348
+ <script>
349
+ var JsonFormatter = {
350
+ stringify: function (cipherParams) {
351
+ // create json object with ciphertext
352
+ var jsonObj = {
353
+ ct: cipherParams.ciphertext.toString(CryptoJS.enc.Base64)
354
+ };
355
+
356
+ // optionally add iv and salt
357
+ if (cipherParams.iv) {
358
+ jsonObj.iv = cipherParams.iv.toString();
359
+ }
360
+ if (cipherParams.salt) {
361
+ jsonObj.s = cipherParams.salt.toString();
362
+ }
363
+
364
+ // stringify json object
365
+ return JSON.stringify(jsonObj);
366
+ },
367
+
368
+ parse: function (jsonStr) {
369
+ // parse json string
370
+ var jsonObj = JSON.parse(jsonStr);
371
+
372
+ // extract ciphertext from json object, and create cipher params object
373
+ var cipherParams = CryptoJS.lib.CipherParams.create({
374
+ ciphertext: CryptoJS.enc.Base64.parse(jsonObj.ct)
375
+ });
376
+
377
+ // optionally extract iv and salt
378
+ if (jsonObj.iv) {
379
+ cipherParams.iv = CryptoJS.enc.Hex.parse(jsonObj.iv)
380
+ }
381
+ if (jsonObj.s) {
382
+ cipherParams.salt = CryptoJS.enc.Hex.parse(jsonObj.s)
383
+ }
384
+
385
+ return cipherParams;
386
+ }
387
+ };
388
+
389
+ var encrypted = CryptoJS.AES.encrypt("Message", "Secret Passphrase", { format: JsonFormatter });
390
+
391
+ alert(encrypted); // {"ct":"tZ4MsEnfbcDOwqau68aOrQ==","iv":"8a8c8fd8fe33743d3638737ea4a00698","s":"ba06373c8f57179c"}
392
+
393
+ var decrypted = CryptoJS.AES.decrypt(encrypted, "Secret Passphrase", { format: JsonFormatter });
394
+
395
+ alert(decrypted.toString(CryptoJS.enc.Utf8)); // Message
396
+ </script>
397
+ }}}
398
+
399
+ === Progressive Ciphering ===
400
+
401
+ {{{
402
+ <script src="http://crypto-js.googlecode.com/svn/tags/3.1/build/rollups/aes.js"></script>
403
+ <script>
404
+ var key = CryptoJS.enc.Hex.parse('000102030405060708090a0b0c0d0e0f');
405
+ var iv = CryptoJS.enc.Hex.parse('101112131415161718191a1b1c1d1e1f');
406
+
407
+ var aesEncryptor = CryptoJS.algo.AES.createEncryptor(key, { iv: iv });
408
+
409
+ var ciphertextPart1 = aesEncryptor.process("Message Part 1");
410
+ var ciphertextPart2 = aesEncryptor.process("Message Part 2");
411
+ var ciphertextPart3 = aesEncryptor.process("Message Part 3");
412
+ var ciphertextPart4 = aesEncryptor.finalize();
413
+
414
+ var aesDecryptor = CryptoJS.algo.AES.createDecryptor(key, { iv: iv });
415
+
416
+ var plaintextPart1 = aesDecryptor.process(ciphertextPart1);
417
+ var plaintextPart2 = aesDecryptor.process(ciphertextPart2);
418
+ var plaintextPart3 = aesDecryptor.process(ciphertextPart3);
419
+ var plaintextPart4 = aesDecryptor.process(ciphertextPart4);
420
+ var plaintextPart5 = aesDecryptor.finalize();
421
+ </script>
422
+ }}}
423
+
424
+ === Interoperability ===
425
+
426
+ ==== With OpenSSL ====
427
+
428
+ Encrypt with OpenSSL:
429
+
430
+ {{{
431
+ openssl enc -aes-256-cbc -in infile -out outfile -pass pass:"Secret Passphrase" -e -base64
432
+ }}}
433
+
434
+ Decrypt with CryptoJS:
435
+
436
+ {{{
437
+ <script src="http://crypto-js.googlecode.com/svn/tags/3.1/build/rollups/aes.js"></script>
438
+ <script>
439
+ var decrypted = CryptoJS.AES.decrypt(openSSLEncrypted, "Secret Passphrase");
440
+ </script>
441
+ }}}
442
+
443
+ == Encoders ==
444
+
445
+ CryptoJS can convert from encoding formats such as Base64, Latin1 or Hex to WordArray objects and vica versa.
446
+
447
+ {{{
448
+ <script src="http://crypto-js.googlecode.com/svn/tags/3.1/build/components/core-min.js"></script>
449
+ <script src="http://crypto-js.googlecode.com/svn/tags/3.1/build/components/enc-utf16-min.js"></script>
450
+ <script src="http://crypto-js.googlecode.com/svn/tags/3.1/build/components/enc-base64-min.js"></script>
451
+ <script>
452
+ var words = CryptoJS.enc.Base64.parse('SGVsbG8sIFdvcmxkIQ==');
453
+ var base64 = CryptoJS.enc.Base64.stringify(words);
454
+
455
+ var words = CryptoJS.enc.Latin1.parse('Hello, World!');
456
+ var latin1 = CryptoJS.enc.Latin1.stringify(words);
457
+
458
+ var words = CryptoJS.enc.Hex.parse('48656c6c6f2c20576f726c6421');
459
+ var hex = CryptoJS.enc.Hex.stringify(words);
460
+
461
+ var words = CryptoJS.enc.Utf8.parse('𤭢');
462
+ var utf8 = CryptoJS.enc.Utf8.stringify(words);
463
+
464
+ var words = CryptoJS.enc.Utf16.parse('Hello, World!');
465
+ var utf16 = CryptoJS.enc.Utf16.stringify(words);
466
+
467
+ var words = CryptoJS.enc.Utf16LE.parse('Hello, World!');
468
+ var utf16 = CryptoJS.enc.Utf16LE.stringify(words);
469
+ </script>
470
+ }}}
admin/js/crypto-js/enc-base64.js ADDED
@@ -0,0 +1,135 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ;(function (root, factory) {
2
+ if (typeof exports === "object") {
3
+ // CommonJS
4
+ module.exports = exports = factory(require("./core"));
5
+ }
6
+ else if (typeof define === "function" && define.amd) {
7
+ // AMD
8
+ define(["./core"], factory);
9
+ }
10
+ else {
11
+ // Global (browser)
12
+ factory(root.CryptoJS);
13
+ }
14
+ }(this, function (CryptoJS) {
15
+
16
+ (function () {
17
+ // Shortcuts
18
+ var C = CryptoJS;
19
+ var C_lib = C.lib;
20
+ var WordArray = C_lib.WordArray;
21
+ var C_enc = C.enc;
22
+
23
+ /**
24
+ * Base64 encoding strategy.
25
+ */
26
+ var Base64 = C_enc.Base64 = {
27
+ /**
28
+ * Converts a word array to a Base64 string.
29
+ *
30
+ * @param {WordArray} wordArray The word array.
31
+ *
32
+ * @return {string} The Base64 string.
33
+ *
34
+ * @static
35
+ *
36
+ * @example
37
+ *
38
+ * var base64String = CryptoJS.enc.Base64.stringify(wordArray);
39
+ */
40
+ stringify: function (wordArray) {
41
+ // Shortcuts
42
+ var words = wordArray.words;
43
+ var sigBytes = wordArray.sigBytes;
44
+ var map = this._map;
45
+
46
+ // Clamp excess bits
47
+ wordArray.clamp();
48
+
49
+ // Convert
50
+ var base64Chars = [];
51
+ for (var i = 0; i < sigBytes; i += 3) {
52
+ var byte1 = (words[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff;
53
+ var byte2 = (words[(i + 1) >>> 2] >>> (24 - ((i + 1) % 4) * 8)) & 0xff;
54
+ var byte3 = (words[(i + 2) >>> 2] >>> (24 - ((i + 2) % 4) * 8)) & 0xff;
55
+
56
+ var triplet = (byte1 << 16) | (byte2 << 8) | byte3;
57
+
58
+ for (var j = 0; (j < 4) && (i + j * 0.75 < sigBytes); j++) {
59
+ base64Chars.push(map.charAt((triplet >>> (6 * (3 - j))) & 0x3f));
60
+ }
61
+ }
62
+
63
+ // Add padding
64
+ var paddingChar = map.charAt(64);
65
+ if (paddingChar) {
66
+ while (base64Chars.length % 4) {
67
+ base64Chars.push(paddingChar);
68
+ }
69
+ }
70
+
71
+ return base64Chars.join('');
72
+ },
73
+
74
+ /**
75
+ * Converts a Base64 string to a word array.
76
+ *
77
+ * @param {string} base64Str The Base64 string.
78
+ *
79
+ * @return {WordArray} The word array.
80
+ *
81
+ * @static
82
+ *
83
+ * @example
84
+ *
85
+ * var wordArray = CryptoJS.enc.Base64.parse(base64String);
86
+ */
87
+ parse: function (base64Str) {
88
+ // Shortcuts
89
+ var base64StrLength = base64Str.length;
90
+ var map = this._map;
91
+ var reverseMap = this._reverseMap;
92
+
93
+ if (!reverseMap) {
94
+ reverseMap = this._reverseMap = [];
95
+ for (var j = 0; j < map.length; j++) {
96
+ reverseMap[map.charCodeAt(j)] = j;
97
+ }
98
+ }
99
+
100
+ // Ignore padding
101
+ var paddingChar = map.charAt(64);
102
+ if (paddingChar) {
103
+ var paddingIndex = base64Str.indexOf(paddingChar);
104
+ if (paddingIndex !== -1) {
105
+ base64StrLength = paddingIndex;
106
+ }
107
+ }
108
+
109
+ // Convert
110
+ return parseLoop(base64Str, base64StrLength, reverseMap);
111
+
112
+ },
113
+
114
+ _map: 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/='
115
+ };
116
+
117
+ function parseLoop(base64Str, base64StrLength, reverseMap) {
118
+ var words = [];
119
+ var nBytes = 0;
120
+ for (var i = 0; i < base64StrLength; i++) {
121
+ if (i % 4) {
122
+ var bits1 = reverseMap[base64Str.charCodeAt(i - 1)] << ((i % 4) * 2);
123
+ var bits2 = reverseMap[base64Str.charCodeAt(i)] >>> (6 - (i % 4) * 2);
124
+ words[nBytes >>> 2] |= (bits1 | bits2) << (24 - (nBytes % 4) * 8);
125
+ nBytes++;
126
+ }
127
+ }
128
+ return WordArray.create(words, nBytes);
129
+ }
130
+ }());
131
+
132
+
133
+ return CryptoJS.enc.Base64;
134
+
135
+ }));
admin/js/crypto-js/enc-hex.js ADDED
@@ -0,0 +1,18 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ;(function (root, factory) {
2
+ if (typeof exports === "object") {
3
+ // CommonJS
4
+ module.exports = exports = factory(require("./core"));
5
+ }
6
+ else if (typeof define === "function" && define.amd) {
7
+ // AMD
8
+ define(["./core"], factory);
9
+ }
10
+ else {
11
+ // Global (browser)
12
+ factory(root.CryptoJS);
13
+ }
14
+ }(this, function (CryptoJS) {
15
+
16
+ return CryptoJS.enc.Hex;
17
+
18
+ }));
admin/js/crypto-js/enc-latin1.js ADDED
@@ -0,0 +1,18 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ;(function (root, factory) {
2
+ if (typeof exports === "object") {
3
+ // CommonJS
4
+ module.exports = exports = factory(require("./core"));
5
+ }
6
+ else if (typeof define === "function" && define.amd) {
7
+ // AMD
8
+ define(["./core"], factory);
9
+ }
10
+ else {
11
+ // Global (browser)
12
+ factory(root.CryptoJS);
13
+ }
14
+ }(this, function (CryptoJS) {
15
+
16
+ return CryptoJS.enc.Latin1;
17
+
18
+ }));
admin/js/crypto-js/enc-utf16.js ADDED
@@ -0,0 +1,149 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ;(function (root, factory) {
2
+ if (typeof exports === "object") {
3
+ // CommonJS
4
+ module.exports = exports = factory(require("./core"));
5
+ }
6
+ else if (typeof define === "function" && define.amd) {
7
+ // AMD
8
+ define(["./core"], factory);
9
+ }
10
+ else {
11
+ // Global (browser)
12
+ factory(root.CryptoJS);
13
+ }
14
+ }(this, function (CryptoJS) {
15
+
16
+ (function () {
17
+ // Shortcuts
18
+ var C = CryptoJS;
19
+ var C_lib = C.lib;
20
+ var WordArray = C_lib.WordArray;
21
+ var C_enc = C.enc;
22
+
23
+ /**
24
+ * UTF-16 BE encoding strategy.
25
+ */
26
+ var Utf16BE = C_enc.Utf16 = C_enc.Utf16BE = {
27
+ /**
28
+ * Converts a word array to a UTF-16 BE string.
29
+ *
30
+ * @param {WordArray} wordArray The word array.
31
+ *
32
+ * @return {string} The UTF-16 BE string.
33
+ *
34
+ * @static
35
+ *
36
+ * @example
37
+ *
38
+ * var utf16String = CryptoJS.enc.Utf16.stringify(wordArray);
39
+ */
40
+ stringify: function (wordArray) {
41
+ // Shortcuts
42
+ var words = wordArray.words;
43
+ var sigBytes = wordArray.sigBytes;
44
+
45
+ // Convert
46
+ var utf16Chars = [];
47
+ for (var i = 0; i < sigBytes; i += 2) {
48
+ var codePoint = (words[i >>> 2] >>> (16 - (i % 4) * 8)) & 0xffff;
49
+ utf16Chars.push(String.fromCharCode(codePoint));
50
+ }
51
+
52
+ return utf16Chars.join('');
53
+ },
54
+
55
+ /**
56
+ * Converts a UTF-16 BE string to a word array.
57
+ *
58
+ * @param {string} utf16Str The UTF-16 BE string.
59
+ *
60
+ * @return {WordArray} The word array.
61
+ *
62
+ * @static
63
+ *
64
+ * @example
65
+ *
66
+ * var wordArray = CryptoJS.enc.Utf16.parse(utf16String);
67
+ */
68
+ parse: function (utf16Str) {
69
+ // Shortcut
70
+ var utf16StrLength = utf16Str.length;
71
+
72
+ // Convert
73
+ var words = [];
74
+ for (var i = 0; i < utf16StrLength; i++) {
75
+ words[i >>> 1] |= utf16Str.charCodeAt(i) << (16 - (i % 2) * 16);
76
+ }
77
+
78
+ return WordArray.create(words, utf16StrLength * 2);
79
+ }
80
+ };
81
+
82
+ /**
83
+ * UTF-16 LE encoding strategy.
84
+ */
85
+ C_enc.Utf16LE = {
86
+ /**
87
+ * Converts a word array to a UTF-16 LE string.
88
+ *
89
+ * @param {WordArray} wordArray The word array.
90
+ *
91
+ * @return {string} The UTF-16 LE string.
92
+ *
93
+ * @static
94
+ *
95
+ * @example
96
+ *
97
+ * var utf16Str = CryptoJS.enc.Utf16LE.stringify(wordArray);
98
+ */
99
+ stringify: function (wordArray) {
100
+ // Shortcuts
101
+ var words = wordArray.words;
102
+ var sigBytes = wordArray.sigBytes;
103
+
104
+ // Convert
105
+ var utf16Chars = [];
106
+ for (var i = 0; i < sigBytes; i += 2) {
107
+ var codePoint = swapEndian((words[i >>> 2] >>> (16 - (i % 4) * 8)) & 0xffff);
108
+ utf16Chars.push(String.fromCharCode(codePoint));
109
+ }
110
+
111
+ return utf16Chars.join('');
112
+ },
113
+
114
+ /**
115
+ * Converts a UTF-16 LE string to a word array.
116
+ *
117
+ * @param {string} utf16Str The UTF-16 LE string.
118
+ *
119
+ * @return {WordArray} The word array.
120
+ *
121
+ * @static
122
+ *
123
+ * @example
124
+ *
125
+ * var wordArray = CryptoJS.enc.Utf16LE.parse(utf16Str);
126
+ */
127
+ parse: function (utf16Str) {
128
+ // Shortcut
129
+ var utf16StrLength = utf16Str.length;
130
+
131
+ // Convert
132
+ var words = [];
133
+ for (var i = 0; i < utf16StrLength; i++) {
134
+ words[i >>> 1] |= swapEndian(utf16Str.charCodeAt(i) << (16 - (i % 2) * 16));
135
+ }
136
+
137
+ return WordArray.create(words, utf16StrLength * 2);
138
+ }
139
+ };
140
+
141
+ function swapEndian(word) {
142
+ return ((word << 8) & 0xff00ff00) | ((word >>> 8) & 0x00ff00ff);
143
+ }
144
+ }());
145
+
146
+
147
+ return CryptoJS.enc.Utf16;
148
+
149
+ }));
admin/js/crypto-js/enc-utf8.js ADDED
@@ -0,0 +1,18 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ;(function (root, factory) {
2
+ if (typeof exports === "object") {
3
+ // CommonJS
4
+ module.exports = exports = factory(require("./core"));
5
+ }
6
+ else if (typeof define === "function" && define.amd) {
7
+ // AMD
8
+ define(["./core"], factory);
9
+ }
10
+ else {
11
+ // Global (browser)
12
+ factory(root.CryptoJS);
13
+ }
14
+ }(this, function (CryptoJS) {
15
+
16
+ return CryptoJS.enc.Utf8;
17
+
18
+ }));
admin/js/crypto-js/evpkdf.js ADDED
@@ -0,0 +1,132 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ;(function (root, factory, undef) {
2
+ if (typeof exports === "object") {
3
+ // CommonJS
4
+ module.exports = exports = factory(require("./core"), require("./sha1"), require("./hmac"));
5
+ }
6
+ else if (typeof define === "function" && define.amd) {
7
+ // AMD
8
+ define(["./core", "./sha1", "./hmac"], factory);
9
+ }
10
+ else {
11
+ // Global (browser)
12
+ factory(root.CryptoJS);
13
+ }
14
+ }(this, function (CryptoJS) {
15
+
16
+ (function () {
17
+ // Shortcuts
18
+ var C = CryptoJS;
19
+ var C_lib = C.lib;
20
+ var Base = C_lib.Base;
21
+ var WordArray = C_lib.WordArray;
22
+ var C_algo = C.algo;
23
+ var MD5 = C_algo.MD5;
24
+
25
+ /**
26
+ * This key derivation function is meant to conform with EVP_BytesToKey.
27
+ * www.openssl.org/docs/crypto/EVP_BytesToKey.html
28
+ */
29
+ var EvpKDF = C_algo.EvpKDF = Base.extend({
30
+ /**
31
+ * Configuration options.
32
+ *
33
+ * @property {number} keySize The key size in words to generate. Default: 4 (128 bits)
34
+ * @property {Hasher} hasher The hash algorithm to use. Default: MD5
35
+ * @property {number} iterations The number of iterations to perform. Default: 1
36
+ */
37
+ cfg: Base.extend({
38
+ keySize: 128/32,
39
+ hasher: MD5,
40
+ iterations: 1
41
+ }),
42
+
43
+ /**
44
+ * Initializes a newly created key derivation function.
45
+ *
46
+ * @param {Object} cfg (Optional) The configuration options to use for the derivation.
47
+ *
48
+ * @example
49
+ *
50
+ * var kdf = CryptoJS.algo.EvpKDF.create();
51
+ * var kdf = CryptoJS.algo.EvpKDF.create({ keySize: 8 });
52
+ * var kdf = CryptoJS.algo.EvpKDF.create({ keySize: 8, iterations: 1000 });
53
+ */
54
+ init: function (cfg) {
55
+ this.cfg = this.cfg.extend(cfg);
56
+ },
57
+
58
+ /**
59
+ * Derives a key from a password.
60
+ *
61
+ * @param {WordArray|string} password The password.
62
+ * @param {WordArray|string} salt A salt.
63
+ *
64
+ * @return {WordArray} The derived key.
65
+ *
66
+ * @example
67
+ *
68
+ * var key = kdf.compute(password, salt);
69
+ */
70
+ compute: function (password, salt) {
71
+ // Shortcut
72
+ var cfg = this.cfg;
73
+
74
+ // Init hasher
75
+ var hasher = cfg.hasher.create();
76
+
77
+ // Initial values
78
+ var derivedKey = WordArray.create();
79
+
80
+ // Shortcuts
81
+ var derivedKeyWords = derivedKey.words;
82
+ var keySize = cfg.keySize;
83
+ var iterations = cfg.iterations;
84
+
85
+ // Generate key
86
+ while (derivedKeyWords.length < keySize) {
87
+ if (block) {
88
+ hasher.update(block);
89
+ }
90
+ var block = hasher.update(password).finalize(salt);
91
+ hasher.reset();
92
+
93
+ // Iterations
94
+ for (var i = 1; i < iterations; i++) {
95
+ block = hasher.finalize(block);
96
+ hasher.reset();
97
+ }
98
+
99
+ derivedKey.concat(block);
100
+ }
101
+ derivedKey.sigBytes = keySize * 4;
102
+
103
+ return derivedKey;
104
+ }
105
+ });
106
+
107
+ /**
108
+ * Derives a key from a password.
109
+ *
110
+ * @param {WordArray|string} password The password.
111
+ * @param {WordArray|string} salt A salt.
112
+ * @param {Object} cfg (Optional) The configuration options to use for this computation.
113
+ *
114
+ * @return {WordArray} The derived key.
115
+ *
116
+ * @static
117
+ *
118
+ * @example
119
+ *
120
+ * var key = CryptoJS.EvpKDF(password, salt);
121
+ * var key = CryptoJS.EvpKDF(password, salt, { keySize: 8 });
122
+ * var key = CryptoJS.EvpKDF(password, salt, { keySize: 8, iterations: 1000 });
123
+ */
124
+ C.EvpKDF = function (password, salt, cfg) {
125
+ return EvpKDF.create(cfg).compute(password, salt);
126
+ };
127
+ }());
128
+
129
+
130
+ return CryptoJS.EvpKDF;
131
+
132
+ }));
admin/js/crypto-js/format-hex.js ADDED
@@ -0,0 +1,66 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ;(function (root, factory, undef) {
2
+ if (typeof exports === "object") {
3
+ // CommonJS
4
+ module.exports = exports = factory(require("./core"), require("./cipher-core"));
5
+ }
6
+ else if (typeof define === "function" && define.amd) {
7
+ // AMD
8
+ define(["./core", "./cipher-core"], factory);
9
+ }
10
+ else {
11
+ // Global (browser)
12
+ factory(root.CryptoJS);
13
+ }
14
+ }(this, function (CryptoJS) {
15
+
16
+ (function (undefined) {
17
+ // Shortcuts
18
+ var C = CryptoJS;
19
+ var C_lib = C.lib;
20
+ var CipherParams = C_lib.CipherParams;
21
+ var C_enc = C.enc;
22
+ var Hex = C_enc.Hex;
23
+ var C_format = C.format;
24
+
25
+ var HexFormatter = C_format.Hex = {
26
+ /**
27
+ * Converts the ciphertext of a cipher params object to a hexadecimally encoded string.
28
+ *
29
+ * @param {CipherParams} cipherParams The cipher params object.
30
+ *
31
+ * @return {string} The hexadecimally encoded string.
32
+ *
33
+ * @static
34
+ *
35
+ * @example
36
+ *
37
+ * var hexString = CryptoJS.format.Hex.stringify(cipherParams);
38
+ */
39
+ stringify: function (cipherParams) {
40
+ return cipherParams.ciphertext.toString(Hex);
41
+ },
42
+
43
+ /**
44
+ * Converts a hexadecimally encoded ciphertext string to a cipher params object.
45
+ *
46
+ * @param {string} input The hexadecimally encoded string.
47
+ *
48
+ * @return {CipherParams} The cipher params object.
49
+ *
50
+ * @static
51
+ *
52
+ * @example
53
+ *
54
+ * var cipherParams = CryptoJS.format.Hex.parse(hexString);
55
+ */
56
+ parse: function (input) {
57
+ var ciphertext = Hex.parse(input);
58
+ return CipherParams.create({ ciphertext: ciphertext });
59
+ }
60
+ };
61
+ }());
62
+
63
+
64
+ return CryptoJS.format.Hex;
65
+
66
+ }));
admin/js/crypto-js/format-openssl.js ADDED
@@ -0,0 +1,18 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ;(function (root, factory, undef) {
2
+ if (typeof exports === "object") {
3
+ // CommonJS
4
+ module.exports = exports = factory(require("./core"), require("./cipher-core"));
5
+ }
6
+ else if (typeof define === "function" && define.amd) {
7
+ // AMD
8
+ define(["./core", "./cipher-core"], factory);
9
+ }
10
+ else {
11
+ // Global (browser)
12
+ factory(root.CryptoJS);
13
+ }
14
+ }(this, function (CryptoJS) {
15
+
16
+ return CryptoJS.format.OpenSSL;
17
+
18
+ }));
admin/js/crypto-js/hmac-md5.js ADDED
@@ -0,0 +1,18 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ;(function (root, factory, undef) {
2
+ if (typeof exports === "object") {
3
+ // CommonJS
4
+ module.exports = exports = factory(require("./core"), require("./md5"), require("./hmac"));
5
+ }
6
+ else if (typeof define === "function" && define.amd) {
7
+ // AMD
8
+ define(["./core", "./md5", "./hmac"], factory);
9
+ }
10
+ else {
11
+ // Global (browser)
12
+ factory(root.CryptoJS);
13
+ }
14
+ }(this, function (CryptoJS) {
15
+
16
+ return CryptoJS.HmacMD5;
17
+
18
+ }));
admin/js/crypto-js/hmac-ripemd160.js ADDED
@@ -0,0 +1,18 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ;(function (root, factory, undef) {
2
+ if (typeof exports === "object") {
3
+ // CommonJS
4
+ module.exports = exports = factory(require("./core"), require("./ripemd160"), require("./hmac"));
5
+ }
6
+ else if (typeof define === "function" && define.amd) {
7
+ // AMD
8
+ define(["./core", "./ripemd160", "./hmac"], factory);
9
+ }
10
+ else {
11
+ // Global (browser)
12
+ factory(root.CryptoJS);
13
+ }
14
+ }(this, function (CryptoJS) {
15
+
16
+ return CryptoJS.HmacRIPEMD160;
17
+
18
+ }));
admin/js/crypto-js/hmac-sha1.js ADDED
@@ -0,0 +1,18 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ;(function (root, factory, undef) {
2
+ if (typeof exports === "object") {
3
+ // CommonJS
4
+ module.exports = exports = factory(require("./core"), require("./sha1"), require("./hmac"));
5
+ }
6
+ else if (typeof define === "function" && define.amd) {
7
+ // AMD
8
+ define(["./core", "./sha1", "./hmac"], factory);
9
+ }
10
+ else {
11
+ // Global (browser)
12
+ factory(root.CryptoJS);
13
+ }
14
+ }(this, function (CryptoJS) {
15
+
16
+ return CryptoJS.HmacSHA1;
17
+
18
+ }));
admin/js/crypto-js/hmac-sha224.js ADDED
@@ -0,0 +1,18 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ;(function (root, factory, undef) {
2
+ if (typeof exports === "object") {
3
+ // CommonJS
4
+ module.exports = exports = factory(require("./core"), require("./sha256"), require("./sha224"), require("./hmac"));
5
+ }
6
+ else if (typeof define === "function" && define.amd) {
7
+ // AMD
8
+ define(["./core", "./sha256", "./sha224", "./hmac"], factory);
9
+ }
10
+ else {
11
+ // Global (browser)
12
+ factory(root.CryptoJS);
13
+ }
14
+ }(this, function (CryptoJS) {
15
+
16
+ return CryptoJS.HmacSHA224;
17
+
18
+ }));
admin/js/crypto-js/hmac-sha256.js ADDED
@@ -0,0 +1,18 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ;(function (root, factory, undef) {
2
+ if (typeof exports === "object") {
3
+ // CommonJS
4
+ module.exports = exports = factory(require("./core"), require("./sha256"), require("./hmac"));
5
+ }
6
+ else if (typeof define === "function" && define.amd) {
7
+ // AMD
8
+ define(["./core", "./sha256", "./hmac"], factory);
9
+ }
10
+ else {
11
+ // Global (browser)
12
+ factory(root.CryptoJS);
13
+ }
14
+ }(this, function (CryptoJS) {
15
+
16
+ return CryptoJS.HmacSHA256;
17
+
18
+ }));
admin/js/crypto-js/hmac-sha3.js ADDED
@@ -0,0 +1,18 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ;(function (root, factory, undef) {
2
+ if (typeof exports === "object") {
3
+ // CommonJS
4
+ module.exports = exports = factory(require("./core"), require("./x64-core"), require("./sha3"), require("./hmac"));
5
+ }
6
+ else if (typeof define === "function" && define.amd) {
7
+ // AMD
8
+ define(["./core", "./x64-core", "./sha3", "./hmac"], factory);
9
+ }
10
+ else {
11
+ // Global (browser)
12
+ factory(root.CryptoJS);
13
+ }
14
+ }(this, function (CryptoJS) {
15
+
16
+ return CryptoJS.HmacSHA3;
17
+
18
+ }));
admin/js/crypto-js/hmac-sha384.js ADDED
@@ -0,0 +1,18 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ;(function (root, factory, undef) {
2
+ if (typeof exports === "object") {
3
+ // CommonJS
4
+ module.exports = exports = factory(require("./core"), require("./x64-core"), require("./sha512"), require("./sha384"), require("./hmac"));
5
+ }
6
+ else if (typeof define === "function" && define.amd) {
7
+ // AMD
8
+ define(["./core", "./x64-core", "./sha512", "./sha384", "./hmac"], factory);
9
+ }
10
+ else {
11
+ // Global (browser)
12
+ factory(root.CryptoJS);
13
+ }
14
+ }(this, function (CryptoJS) {
15
+
16
+ return CryptoJS.HmacSHA384;
17
+
18
+ }));
admin/js/crypto-js/hmac-sha512.js ADDED
@@ -0,0 +1,18 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ;(function (root, factory, undef) {
2
+ if (typeof exports === "object") {
3
+ // CommonJS
4
+ module.exports = exports = factory(require("./core"), require("./x64-core"), require("./sha512"), require("./hmac"));
5
+ }
6
+ else if (typeof define === "function" && define.amd) {
7
+ // AMD
8
+ define(["./core", "./x64-core", "./sha512", "./hmac"], factory);
9
+ }
10
+ else {
11
+ // Global (browser)
12
+ factory(root.CryptoJS);
13
+ }
14
+ }(this, function (CryptoJS) {
15
+
16
+ return CryptoJS.HmacSHA512;
17
+
18
+ }));
admin/js/crypto-js/hmac.js ADDED
@@ -0,0 +1,143 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ;(function (root, factory) {
2
+ if (typeof exports === "object") {
3
+ // CommonJS
4
+ module.exports = exports = factory(require("./core"));
5
+ }
6
+ else if (typeof define === "function" && define.amd) {
7
+ // AMD
8
+ define(["./core"], factory);
9
+ }
10
+ else {
11
+ // Global (browser)
12
+ factory(root.CryptoJS);
13
+ }
14
+ }(this, function (CryptoJS) {
15
+
16
+ (function () {
17
+ // Shortcuts
18
+ var C = CryptoJS;
19
+ var C_lib = C.lib;
20
+ var Base = C_lib.Base;
21
+ var C_enc = C.enc;
22
+ var Utf8 = C_enc.Utf8;
23
+ var C_algo = C.algo;
24
+
25
+ /**
26
+ * HMAC algorithm.
27
+ */
28
+ var HMAC = C_algo.HMAC = Base.extend({
29
+ /**
30
+ * Initializes a newly created HMAC.
31
+ *
32
+ * @param {Hasher} hasher The hash algorithm to use.
33
+ * @param {WordArray|string} key The secret key.
34
+ *
35
+ * @example
36
+ *
37
+ * var hmacHasher = CryptoJS.algo.HMAC.create(CryptoJS.algo.SHA256, key);
38
+ */
39
+ init: function (hasher, key) {
40
+ // Init hasher
41
+ hasher = this._hasher = new hasher.init();
42
+
43
+ // Convert string to WordArray, else assume WordArray already
44
+ if (typeof key == 'string') {
45
+ key = Utf8.parse(key);
46
+ }
47
+
48
+ // Shortcuts
49
+ var hasherBlockSize = hasher.blockSize;
50
+ var hasherBlockSizeBytes = hasherBlockSize * 4;
51
+
52
+ // Allow arbitrary length keys
53
+ if (key.sigBytes > hasherBlockSizeBytes) {
54
+ key = hasher.finalize(key);
55
+ }
56
+
57
+ // Clamp excess bits
58
+ key.clamp();
59
+
60
+ // Clone key for inner and outer pads
61
+ var oKey = this._oKey = key.clone();
62
+ var iKey = this._iKey = key.clone();
63
+
64
+ // Shortcuts
65
+ var oKeyWords = oKey.words;
66
+ var iKeyWords = iKey.words;
67
+
68
+ // XOR keys with pad constants
69
+ for (var i = 0; i < hasherBlockSize; i++) {
70
+ oKeyWords[i] ^= 0x5c5c5c5c;
71
+ iKeyWords[i] ^= 0x36363636;
72
+ }
73
+ oKey.sigBytes = iKey.sigBytes = hasherBlockSizeBytes;
74
+
75
+ // Set initial values
76
+ this.reset();
77
+ },
78
+
79
+ /**
80
+ * Resets this HMAC to its initial state.
81
+ *
82
+ * @example
83
+ *
84
+ * hmacHasher.reset();
85
+ */
86
+ reset: function () {
87
+ // Shortcut
88
+ var hasher = this._hasher;
89
+
90
+ // Reset
91
+ hasher.reset();
92
+ hasher.update(this._iKey);
93
+ },
94
+
95
+ /**
96
+ * Updates this HMAC with a message.
97
+ *
98
+ * @param {WordArray|string} messageUpdate The message to append.
99
+ *
100
+ * @return {HMAC} This HMAC instance.
101
+ *
102
+ * @example
103
+ *
104
+ * hmacHasher.update('message');
105
+ * hmacHasher.update(wordArray);
106
+ */
107
+ update: function (messageUpdate) {
108
+ this._hasher.update(messageUpdate);
109
+
110
+ // Chainable
111
+ return this;
112
+ },
113
+
114
+ /**
115
+ * Finalizes the HMAC computation.
116
+ * Note that the finalize operation is effectively a destructive, read-once operation.
117
+ *
118
+ * @param {WordArray|string} messageUpdate (Optional) A final message update.
119
+ *
120
+ * @return {WordArray} The HMAC.
121
+ *
122
+ * @example
123
+ *
124
+ * var hmac = hmacHasher.finalize();
125
+ * var hmac = hmacHasher.finalize('message');
126
+ * var hmac = hmacHasher.finalize(wordArray);
127
+ */
128
+ finalize: function (messageUpdate) {
129
+ // Shortcut
130
+ var hasher = this._hasher;
131
+
132
+ // Compute HMAC
133
+ var innerHash = hasher.finalize(messageUpdate);
134
+ hasher.reset();
135
+ var hmac = hasher.finalize(this._oKey.clone().concat(innerHash));
136
+
137
+ return hmac;
138
+ }
139
+ });
140
+ }());
141
+
142
+
143
+ }));
admin/js/crypto-js/index.js ADDED
@@ -0,0 +1,18 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ;(function (root, factory, undef) {
2
+ if (typeof exports === "object") {
3
+ // CommonJS
4
+ module.exports = exports = factory(require("./core"), require("./x64-core"), require("./lib-typedarrays"), require("./enc-utf16"), require("./enc-base64"), require("./md5"), require("./sha1"), require("./sha256"), require("./sha224"), require("./sha512"), require("./sha384"), require("./sha3"), require("./ripemd160"), require("./hmac"), require("./pbkdf2"), require("./evpkdf"), require("./cipher-core"), require("./mode-cfb"), require("./mode-ctr"), require("./mode-ctr-gladman"), require("./mode-ofb"), require("./mode-ecb"), require("./pad-ansix923"), require("./pad-iso10126"), require("./pad-iso97971"), require("./pad-zeropadding"), require("./pad-nopadding"), require("./format-hex"), require("./aes"), require("./tripledes"), require("./rc4"), require("./rabbit"), require("./rabbit-legacy"));
5
+ }
6
+ else if (typeof define === "function" && define.amd) {
7
+ // AMD
8
+ define(["./core", "./x64-core", "./lib-typedarrays", "./enc-utf16", "./enc-base64", "./md5", "./sha1", "./sha256", "./sha224", "./sha512", "./sha384", "./sha3", "./ripemd160", "./hmac", "./pbkdf2", "./evpkdf", "./cipher-core", "./mode-cfb", "./mode-ctr", "./mode-ctr-gladman", "./mode-ofb", "./mode-ecb", "./pad-ansix923", "./pad-iso10126", "./pad-iso97971", "./pad-zeropadding", "./pad-nopadding", "./format-hex", "./aes", "./tripledes", "./rc4", "./rabbit", "./rabbit-legacy"], factory);
9
+ }
10
+ else {
11
+ // Global (browser)
12
+ root.CryptoJS = factory(root.CryptoJS);
13
+ }
14
+ }(this, function (CryptoJS) {
15
+
16
+ return CryptoJS;
17
+
18
+ }));
admin/js/crypto-js/lib-typedarrays.js ADDED
@@ -0,0 +1,76 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ;(function (root, factory) {
2
+ if (typeof exports === "object") {
3
+ // CommonJS
4
+ module.exports = exports = factory(require("./core"));
5
+ }
6
+ else if (typeof define === "function" && define.amd) {
7
+ // AMD
8
+ define(["./core"], factory);
9
+ }
10
+ else {
11
+ // Global (browser)
12
+ factory(root.CryptoJS);
13
+ }
14
+ }(this, function (CryptoJS) {
15
+
16
+ (function () {
17
+ // Check if typed arrays are supported
18
+ if (typeof ArrayBuffer != 'function') {
19
+ return;
20
+ }
21
+
22
+ // Shortcuts
23
+ var C = CryptoJS;
24
+ var C_lib = C.lib;
25
+ var WordArray = C_lib.WordArray;
26
+
27
+ // Reference original init
28
+ var superInit = WordArray.init;
29
+
30
+ // Augment WordArray.init to handle typed arrays
31
+ var subInit = WordArray.init = function (typedArray) {
32
+ // Convert buffers to uint8
33
+ if (typedArray instanceof ArrayBuffer) {
34
+ typedArray = new Uint8Array(typedArray);
35
+ }
36
+
37
+ // Convert other array views to uint8
38
+ if (
39
+ typedArray instanceof Int8Array ||
40
+ (typeof Uint8ClampedArray !== "undefined" && typedArray instanceof Uint8ClampedArray) ||
41
+ typedArray instanceof Int16Array ||
42
+ typedArray instanceof Uint16Array ||
43
+ typedArray instanceof Int32Array ||
44
+ typedArray instanceof Uint32Array ||
45
+ typedArray instanceof Float32Array ||
46
+ typedArray instanceof Float64Array
47
+ ) {
48
+ typedArray = new Uint8Array(typedArray.buffer, typedArray.byteOffset, typedArray.byteLength);
49
+ }
50
+
51
+ // Handle Uint8Array
52
+ if (typedArray instanceof Uint8Array) {
53
+ // Shortcut
54
+ var typedArrayByteLength = typedArray.byteLength;
55
+
56
+ // Extract bytes
57
+ var words = [];
58
+ for (var i = 0; i < typedArrayByteLength; i++) {
59
+ words[i >>> 2] |= typedArray[i] << (24 - (i % 4) * 8);
60
+ }
61
+
62
+ // Initialize this word array
63
+ superInit.call(this, words, typedArrayByteLength);
64
+ } else {
65
+ // Else call normal init
66
+ superInit.apply(this, arguments);
67
+ }
68
+ };
69
+
70
+ subInit.prototype = WordArray;
71
+ }());
72
+
73
+
74
+ return CryptoJS.lib.WordArray;
75
+
76
+ }));
admin/js/crypto-js/md5.js ADDED
@@ -0,0 +1,268 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ;(function (root, factory) {
2
+ if (typeof exports === "object") {
3
+ // CommonJS
4
+ module.exports = exports = factory(require("./core"));
5
+ }
6
+ else if (typeof define === "function" && define.amd) {
7
+ // AMD
8
+ define(["./core"], factory);
9
+ }
10
+ else {
11
+ // Global (browser)
12
+ factory(root.CryptoJS);
13
+ }
14
+ }(this, function (CryptoJS) {
15
+
16
+ (function (Math) {
17
+ // Shortcuts
18
+ var C = CryptoJS;
19
+ var C_lib = C.lib;
20
+ var WordArray = C_lib.WordArray;
21
+ var Hasher = C_lib.Hasher;
22
+ var C_algo = C.algo;
23
+
24
+ // Constants table
25
+ var T = [];
26
+
27
+ // Compute constants
28
+ (function () {
29
+ for (var i = 0; i < 64; i++) {
30
+ T[i] = (Math.abs(Math.sin(i + 1)) * 0x100000000) | 0;
31
+ }
32
+ }());
33
+
34
+ /**
35
+ * MD5 hash algorithm.
36
+ */
37
+ var MD5 = C_algo.MD5 = Hasher.extend({
38
+ _doReset: function () {
39
+ this._hash = new WordArray.init([
40
+ 0x67452301, 0xefcdab89,
41
+ 0x98badcfe, 0x10325476
42
+ ]);
43
+ },
44
+
45
+ _doProcessBlock: function (M, offset) {
46
+ // Swap endian
47
+ for (var i = 0; i < 16; i++) {
48
+ // Shortcuts
49
+ var offset_i = offset + i;
50
+ var M_offset_i = M[offset_i];
51
+
52
+ M[offset_i] = (
53
+ (((M_offset_i << 8) | (M_offset_i >>> 24)) & 0x00ff00ff) |
54
+ (((M_offset_i << 24) | (M_offset_i >>> 8)) & 0xff00ff00)
55
+ );
56
+ }
57
+
58
+ // Shortcuts
59
+ var H = this._hash.words;
60
+
61
+ var M_offset_0 = M[offset + 0];
62
+ var M_offset_1 = M[offset + 1];
63
+ var M_offset_2 = M[offset + 2];
64
+ var M_offset_3 = M[offset + 3];
65
+ var M_offset_4 = M[offset + 4];
66
+ var M_offset_5 = M[offset + 5];
67
+ var M_offset_6 = M[offset + 6];
68
+ var M_offset_7 = M[offset + 7];
69
+ var M_offset_8 = M[offset + 8];
70
+ var M_offset_9 = M[offset + 9];
71
+ var M_offset_10 = M[offset + 10];
72
+ var M_offset_11 = M[offset + 11];
73
+ var M_offset_12 = M[offset + 12];
74
+ var M_offset_13 = M[offset + 13];
75
+ var M_offset_14 = M[offset + 14];
76
+ var M_offset_15 = M[offset + 15];
77
+
78
+ // Working varialbes
79
+ var a = H[0];
80
+ var b = H[1];
81
+ var c = H[2];
82
+ var d = H[3];
83
+
84
+ // Computation
85
+ a = FF(a, b, c, d, M_offset_0, 7, T[0]);
86
+ d = FF(d, a, b, c, M_offset_1, 12, T[1]);
87
+ c = FF(c, d, a, b, M_offset_2, 17, T[2]);
88
+ b = FF(b, c, d, a, M_offset_3, 22, T[3]);
89
+ a = FF(a, b, c, d, M_offset_4, 7, T[4]);
90
+ d = FF(d, a, b, c, M_offset_5, 12, T[5]);
91
+ c = FF(c, d, a, b, M_offset_6, 17, T[6]);
92
+ b = FF(b, c, d, a, M_offset_7, 22, T[7]);
93
+ a = FF(a, b, c, d, M_offset_8, 7, T[8]);
94
+ d = FF(d, a, b, c, M_offset_9, 12, T[9]);
95
+ c = FF(c, d, a, b, M_offset_10, 17, T[10]);
96
+ b = FF(b, c, d, a, M_offset_11, 22, T[11]);
97
+ a = FF(a, b, c, d, M_offset_12, 7, T[12]);
98
+ d = FF(d, a, b, c, M_offset_13, 12, T[13]);
99
+ c = FF(c, d, a, b, M_offset_14, 17, T[14]);
100
+ b = FF(b, c, d, a, M_offset_15, 22, T[15]);
101
+
102
+ a = GG(a, b, c, d, M_offset_1, 5, T[16]);
103
+ d = GG(d, a, b, c, M_offset_6, 9, T[17]);
104
+ c = GG(c, d, a, b, M_offset_11, 14, T[18]);
105
+ b = GG(b, c, d, a, M_offset_0, 20, T[19]);
106
+ a = GG(a, b, c, d, M_offset_5, 5, T[20]);
107
+ d = GG(d, a, b, c, M_offset_10, 9, T[21]);
108
+ c = GG(c, d, a, b, M_offset_15, 14, T[22]);
109
+ b = GG(b, c, d, a, M_offset_4, 20, T[23]);
110
+ a = GG(a, b, c, d, M_offset_9, 5, T[24]);
111
+ d = GG(d, a, b, c, M_offset_14, 9, T[25]);
112
+ c = GG(c, d, a, b, M_offset_3, 14, T[26]);
113
+ b = GG(b, c, d, a, M_offset_8, 20, T[27]);
114
+ a = GG(a, b, c, d, M_offset_13, 5, T[28]);
115
+ d = GG(d, a, b, c, M_offset_2, 9, T[29]);
116
+ c = GG(c, d, a, b, M_offset_7, 14, T[30]);
117
+ b = GG(b, c, d, a, M_offset_12, 20, T[31]);
118
+
119
+ a = HH(a, b, c, d, M_offset_5, 4, T[32]);
120
+ d = HH(d, a, b, c, M_offset_8, 11, T[33]);
121
+ c = HH(c, d, a, b, M_offset_11, 16, T[34]);
122
+ b = HH(b, c, d, a, M_offset_14, 23, T[35]);
123
+ a = HH(a, b, c, d, M_offset_1, 4, T[36]);
124
+ d = HH(d, a, b, c, M_offset_4, 11, T[37]);
125
+ c = HH(c, d, a, b, M_offset_7, 16, T[38]);
126
+ b = HH(b, c, d, a, M_offset_10, 23, T[39]);
127
+ a = HH(a, b, c, d, M_offset_13, 4, T[40]);
128
+ d = HH(d, a, b, c, M_offset_0, 11, T[41]);
129
+ c = HH(c, d, a, b, M_offset_3, 16, T[42]);
130
+ b = HH(b, c, d, a, M_offset_6, 23, T[43]);
131
+ a = HH(a, b, c, d, M_offset_9, 4, T[44]);
132
+ d = HH(d, a, b, c, M_offset_12, 11, T[45]);
133
+ c = HH(c, d, a, b, M_offset_15, 16, T[46]);
134
+ b = HH(b, c, d, a, M_offset_2, 23, T[47]);
135
+
136
+ a = II(a, b, c, d, M_offset_0, 6, T[48]);
137
+ d = II(d, a, b, c, M_offset_7, 10, T[49]);
138
+ c = II(c, d, a, b, M_offset_14, 15, T[50]);
139
+ b = II(b, c, d, a, M_offset_5, 21, T[51]);
140
+ a = II(a, b, c, d, M_offset_12, 6, T[52]);
141
+ d = II(d, a, b, c, M_offset_3, 10, T[53]);
142
+ c = II(c, d, a, b, M_offset_10, 15, T[54]);
143
+ b = II(b, c, d, a, M_offset_1, 21, T[55]);
144
+ a = II(a, b, c, d, M_offset_8, 6, T[56]);
145
+ d = II(d, a, b, c, M_offset_15, 10, T[57]);
146
+ c = II(c, d, a, b, M_offset_6, 15, T[58]);
147
+ b = II(b, c, d, a, M_offset_13, 21, T[59]);
148
+ a = II(a, b, c, d, M_offset_4, 6, T[60]);
149
+ d = II(d, a, b, c, M_offset_11, 10, T[61]);
150
+ c = II(c, d, a, b, M_offset_2, 15, T[62]);
151
+ b = II(b, c, d, a, M_offset_9, 21, T[63]);
152
+
153
+ // Intermediate hash value
154
+ H[0] = (H[0] + a) | 0;
155
+ H[1] = (H[1] + b) | 0;
156
+ H[2] = (H[2] + c) | 0;
157
+ H[3] = (H[3] + d) | 0;
158
+ },
159
+
160
+ _doFinalize: function () {
161
+ // Shortcuts
162
+ var data = this._data;
163
+ var dataWords = data.words;
164
+
165
+ var nBitsTotal = this._nDataBytes * 8;
166
+ var nBitsLeft = data.sigBytes * 8;
167
+
168
+ // Add padding
169
+ dataWords[nBitsLeft >>> 5] |= 0x80 << (24 - nBitsLeft % 32);
170
+
171
+ var nBitsTotalH = Math.floor(nBitsTotal / 0x100000000);
172
+ var nBitsTotalL = nBitsTotal;
173
+ dataWords[(((nBitsLeft + 64) >>> 9) << 4) + 15] = (
174
+ (((nBitsTotalH << 8) | (nBitsTotalH >>> 24)) & 0x00ff00ff) |
175
+ (((nBitsTotalH << 24) | (nBitsTotalH >>> 8)) & 0xff00ff00)
176
+ );
177
+ dataWords[(((nBitsLeft + 64) >>> 9) << 4) + 14] = (
178
+ (((nBitsTotalL << 8) | (nBitsTotalL >>> 24)) & 0x00ff00ff) |
179
+ (((nBitsTotalL << 24) | (nBitsTotalL >>> 8)) & 0xff00ff00)
180
+ );
181
+
182
+ data.sigBytes = (dataWords.length + 1) * 4;
183
+
184
+ // Hash final blocks
185
+ this._process();
186
+
187
+ // Shortcuts
188
+ var hash = this._hash;
189
+ var H = hash.words;
190
+
191
+ // Swap endian
192
+ for (var i = 0; i < 4; i++) {
193
+ // Shortcut
194
+ var H_i = H[i];
195
+
196
+ H[i] = (((H_i << 8) | (H_i >>> 24)) & 0x00ff00ff) |
197
+ (((H_i << 24) | (H_i >>> 8)) & 0xff00ff00);
198
+ }
199
+
200
+ // Return final computed hash
201
+ return hash;
202
+ },
203
+
204
+ clone: function () {
205
+ var clone = Hasher.clone.call(this);
206
+ clone._hash = this._hash.clone();
207
+
208
+ return clone;
209
+ }
210
+ });
211
+
212
+ function FF(a, b, c, d, x, s, t) {
213
+ var n = a + ((b & c) | (~b & d)) + x + t;
214
+ return ((n << s) | (n >>> (32 - s))) + b;
215
+ }
216
+
217
+ function GG(a, b, c, d, x, s, t) {
218
+ var n = a + ((b & d) | (c & ~d)) + x + t;
219
+ return ((n << s) | (n >>> (32 - s))) + b;
220
+ }
221
+
222
+ function HH(a, b, c, d, x, s, t) {
223
+ var n = a + (b ^ c ^ d) + x + t;
224
+ return ((n << s) | (n >>> (32 - s))) + b;
225
+ }
226
+
227
+ function II(a, b, c, d, x, s, t) {
228
+ var n = a + (c ^ (b | ~d)) + x + t;
229
+ return ((n << s) | (n >>> (32 - s))) + b;
230
+ }
231
+
232
+ /**
233
+ * Shortcut function to the hasher's object interface.
234
+ *
235
+ * @param {WordArray|string} message The message to hash.
236
+ *
237
+ * @return {WordArray} The hash.
238
+ *
239
+ * @static
240
+ *
241
+ * @example
242
+ *
243
+ * var hash = CryptoJS.MD5('message');
244
+ * var hash = CryptoJS.MD5(wordArray);
245
+ */
246
+ C.MD5 = Hasher._createHelper(MD5);
247
+
248
+ /**
249
+ * Shortcut function to the HMAC's object interface.
250
+ *
251
+ * @param {WordArray|string} message The message to hash.
252
+ * @param {WordArray|string} key The secret key.
253
+ *
254
+ * @return {WordArray} The HMAC.
255
+ *
256
+ * @static
257
+ *
258
+ * @example
259
+ *
260
+ * var hmac = CryptoJS.HmacMD5(message, key);
261
+ */
262
+ C.HmacMD5 = Hasher._createHmacHelper(MD5);
263
+ }(Math));
264
+
265
+
266
+ return CryptoJS.MD5;
267
+
268
+ }));
admin/js/crypto-js/mode-cfb.js ADDED
@@ -0,0 +1,78 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ;(function (root, factory, undef) {
2
+ if (typeof exports === "object") {
3
+ // CommonJS
4
+ module.exports = exports = factory(require("./core"), require("./cipher-core"));
5
+ }
6
+ else if (typeof define === "function" && define.amd) {
7
+ // AMD
8
+ define(["./core", "./cipher-core"], factory);
9
+ }
10
+ else {
11
+ // Global (browser)
12
+ factory(root.CryptoJS);
13
+ }
14
+ }(this, function (CryptoJS) {
15
+
16
+ /**
17
+ * Cipher Feedback block mode.
18
+ */
19
+ CryptoJS.mode.CFB = (function () {
20
+ var CFB = CryptoJS.lib.BlockCipherMode.extend();
21
+
22
+ CFB.Encryptor = CFB.extend({
23
+ processBlock: function (words, offset) {
24
+ // Shortcuts
25
+ var cipher = this._cipher;
26
+ var blockSize = cipher.blockSize;
27
+
28
+ generateKeystreamAndEncrypt.call(this, words, offset, blockSize, cipher);
29
+
30
+ // Remember this block to use with next block
31
+ this._prevBlock = words.slice(offset, offset + blockSize);
32
+ }
33
+ });
34
+
35
+ CFB.Decryptor = CFB.extend({
36
+ processBlock: function (words, offset) {
37
+ // Shortcuts
38
+ var cipher = this._cipher;
39
+ var blockSize = cipher.blockSize;
40
+
41
+ // Remember this block to use with next block
42
+ var thisBlock = words.slice(offset, offset + blockSize);
43
+
44
+ generateKeystreamAndEncrypt.call(this, words, offset, blockSize, cipher);
45
+
46
+ // This block becomes the previous block
47
+ this._prevBlock = thisBlock;
48
+ }
49
+ });
50
+
51
+ function generateKeystreamAndEncrypt(words, offset, blockSize, cipher) {
52
+ // Shortcut
53
+ var iv = this._iv;
54
+
55
+ // Generate keystream
56
+ if (iv) {
57
+ var keystream = iv.slice(0);
58
+
59
+ // Remove IV for subsequent blocks
60
+ this._iv = undefined;
61
+ } else {
62
+ var keystream = this._prevBlock;
63
+ }
64
+ cipher.encryptBlock(keystream, 0);
65
+
66
+ // Encrypt
67
+ for (var i = 0; i < blockSize; i++) {
68
+ words[offset + i] ^= keystream[i];
69
+ }
70
+ }
71
+
72
+ return CFB;
73
+ }());
74
+
75
+
76
+ return CryptoJS.mode.CFB;
77
+
78
+ }));
admin/js/crypto-js/mode-ctr-gladman.js ADDED
@@ -0,0 +1,116 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ;(function (root, factory, undef) {
2
+ if (typeof exports === "object") {
3
+ // CommonJS
4
+ module.exports = exports = factory(require("./core"), require("./cipher-core"));
5
+ }
6
+ else if (typeof define === "function" && define.amd) {
7
+ // AMD
8
+ define(["./core", "./cipher-core"], factory);
9
+ }
10
+ else {
11
+ // Global (browser)
12
+ factory(root.CryptoJS);
13
+ }
14
+ }(this, function (CryptoJS) {
15
+
16
+ /** @preserve
17
+ * Counter block mode compatible with Dr Brian Gladman fileenc.c
18
+ * derived from CryptoJS.mode.CTR
19
+ * Jan Hruby jhruby.web@gmail.com
20
+ */
21
+ CryptoJS.mode.CTRGladman = (function () {
22
+ var CTRGladman = CryptoJS.lib.BlockCipherMode.extend();
23
+
24
+ function incWord(word)
25
+ {
26
+ if (((word >> 24) & 0xff) === 0xff) { //overflow
27
+ var b1 = (word >> 16)&0xff;
28
+ var b2 = (word >> 8)&0xff;
29
+ var b3 = word & 0xff;
30
+
31
+ if (b1 === 0xff) // overflow b1
32
+ {
33
+ b1 = 0;
34
+ if (b2 === 0xff)
35
+ {
36
+ b2 = 0;
37
+ if (b3 === 0xff)
38
+ {
39
+ b3 = 0;
40
+ }
41
+ else
42
+ {
43
+ ++b3;
44
+ }
45
+ }
46
+ else
47
+ {
48
+ ++b2;
49
+ }
50
+ }
51
+ else
52
+ {
53
+ ++b1;
54
+ }
55
+
56
+ word = 0;
57
+ word += (b1 << 16);
58
+ word += (b2 << 8);
59
+ word += b3;
60
+ }
61
+ else
62
+ {
63
+ word += (0x01 << 24);
64
+ }
65
+ return word;
66
+ }
67
+
68
+ function incCounter(counter)
69
+ {
70
+ if ((counter[0] = incWord(counter[0])) === 0)
71
+ {
72
+ // encr_data in fileenc.c from Dr Brian Gladman's counts only with DWORD j < 8
73
+ counter[1] = incWord(counter[1]);
74
+ }
75
+ return counter;
76
+ }
77
+
78
+ var Encryptor = CTRGladman.Encryptor = CTRGladman.extend({
79
+ processBlock: function (words, offset) {
80
+ // Shortcuts
81
+ var cipher = this._cipher
82
+ var blockSize = cipher.blockSize;
83
+ var iv = this._iv;
84
+ var counter = this._counter;
85
+
86
+ // Generate keystream
87
+ if (iv) {
88
+ counter = this._counter = iv.slice(0);
89
+
90
+ // Remove IV for subsequent blocks
91
+ this._iv = undefined;
92
+ }
93
+
94
+ incCounter(counter);
95
+
96
+ var keystream = counter.slice(0);
97
+ cipher.encryptBlock(keystream, 0);
98
+
99
+ // Encrypt
100
+ for (var i = 0; i < blockSize; i++) {
101
+ words[offset + i] ^= keystream[i];
102
+ }
103
+ }
104
+ });
105
+
106
+ CTRGladman.Decryptor = Encryptor;
107
+
108
+ return CTRGladman;
109
+ }());
110
+
111
+
112
+
113
+
114
+ return CryptoJS.mode.CTRGladman;
115
+
116
+ }));
admin/js/crypto-js/mode-ctr.js ADDED
@@ -0,0 +1,58 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ;(function (root, factory, undef) {
2
+ if (typeof exports === "object") {
3
+ // CommonJS
4
+ module.exports = exports = factory(require("./core"), require("./cipher-core"));
5
+ }
6
+ else if (typeof define === "function" && define.amd) {
7
+ // AMD
8
+ define(["./core", "./cipher-core"], factory);
9
+ }
10
+ else {
11
+ // Global (browser)
12
+ factory(root.CryptoJS);
13
+ }
14
+ }(this, function (CryptoJS) {
15
+
16
+ /**
17
+ * Counter block mode.
18
+ */
19
+ CryptoJS.mode.CTR = (function () {
20
+ var CTR = CryptoJS.lib.BlockCipherMode.extend();
21
+
22
+ var Encryptor = CTR.Encryptor = CTR.extend({
23
+ processBlock: function (words, offset) {
24
+ // Shortcuts
25
+ var cipher = this._cipher
26
+ var blockSize = cipher.blockSize;
27
+ var iv = this._iv;
28
+ var counter = this._counter;
29
+
30
+ // Generate keystream
31
+ if (iv) {
32
+ counter = this._counter = iv.slice(0);
33
+
34
+ // Remove IV for subsequent blocks
35
+ this._iv = undefined;
36
+ }
37
+ var keystream = counter.slice(0);
38
+ cipher.encryptBlock(keystream, 0);
39
+
40
+ // Increment counter
41
+ counter[blockSize - 1] = (counter[blockSize - 1] + 1) | 0
42
+
43
+ // Encrypt
44
+ for (var i = 0; i < blockSize; i++) {
45
+ words[offset + i] ^= keystream[i];
46
+ }
47
+ }
48
+ });
49
+
50
+ CTR.Decryptor = Encryptor;
51
+
52
+ return CTR;
53
+ }());
54
+
55
+
56
+ return CryptoJS.mode.CTR;
57
+
58
+ }));
admin/js/crypto-js/mode-ecb.js ADDED
@@ -0,0 +1,40 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ;(function (root, factory, undef) {
2
+ if (typeof exports === "object") {
3
+ // CommonJS
4
+ module.exports = exports = factory(require("./core"), require("./cipher-core"));
5
+ }
6
+ else if (typeof define === "function" && define.amd) {
7
+ // AMD
8
+ define(["./core", "./cipher-core"], factory);
9
+ }
10
+ else {
11
+ // Global (browser)
12
+ factory(root.CryptoJS);
13
+ }
14
+ }(this, function (CryptoJS) {
15
+
16
+ /**
17
+ * Electronic Codebook block mode.
18
+ */
19
+ CryptoJS.mode.ECB = (function () {
20
+ var ECB = CryptoJS.lib.BlockCipherMode.extend();
21
+
22
+ ECB.Encryptor = ECB.extend({
23
+ processBlock: function (words, offset) {
24
+ this._cipher.encryptBlock(words, offset);
25
+ }
26
+ });
27
+
28
+ ECB.Decryptor = ECB.extend({
29
+ processBlock: function (words, offset) {
30
+ this._cipher.decryptBlock(words, offset);
31
+ }
32
+ });
33
+
34
+ return ECB;
35
+ }());
36
+
37
+
38
+ return CryptoJS.mode.ECB;
39
+
40
+ }));
admin/js/crypto-js/mode-ofb.js ADDED
@@ -0,0 +1,54 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ;(function (root, factory, undef) {
2
+ if (typeof exports === "object") {
3
+ // CommonJS
4
+ module.exports = exports = factory(require("./core"), require("./cipher-core"));
5
+ }
6
+ else if (typeof define === "function" && define.amd) {
7
+ // AMD
8
+ define(["./core", "./cipher-core"], factory);
9
+ }
10
+ else {
11
+ // Global (browser)
12
+ factory(root.CryptoJS);
13
+ }
14
+ }(this, function (CryptoJS) {
15
+
16
+ /**
17
+ * Output Feedback block mode.
18
+ */
19
+ CryptoJS.mode.OFB = (function () {
20
+ var OFB = CryptoJS.lib.BlockCipherMode.extend();
21
+
22
+ var Encryptor = OFB.Encryptor = OFB.extend({
23
+ processBlock: function (words, offset) {
24
+ // Shortcuts
25
+ var cipher = this._cipher
26
+ var blockSize = cipher.blockSize;
27
+ var iv = this._iv;
28
+ var keystream = this._keystream;
29
+
30
+ // Generate keystream
31
+ if (iv) {
32
+ keystream = this._keystream = iv.slice(0);
33
+
34
+ // Remove IV for subsequent blocks
35
+ this._iv = undefined;
36
+ }
37
+ cipher.encryptBlock(keystream, 0);
38
+
39
+ // Encrypt
40
+ for (var i = 0; i < blockSize; i++) {
41
+ words[offset + i] ^= keystream[i];
42
+ }
43
+ }
44
+ });
45
+
46
+ OFB.Decryptor = Encryptor;
47
+
48
+ return OFB;
49
+ }());
50
+
51
+
52
+ return CryptoJS.mode.OFB;
53
+
54
+ }));
admin/js/crypto-js/package.json ADDED
@@ -0,0 +1,38 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ {
2
+ "name": "crypto-js",
3
+ "version": "3.1.9",
4
+ "description": "JavaScript library of crypto standards.",
5
+ "license": "MIT",
6
+ "author": {
7
+ "name": "Evan Vosberg",
8
+ "url": "http://github.com/evanvosberg"
9
+ },
10
+ "homepage": "http://github.com/brix/crypto-js",
11
+ "repository": {
12
+ "type": "git",
13
+ "url": "http://github.com/brix/crypto-js.git"
14
+ },
15
+ "keywords": [
16
+ "security",
17
+ "crypto",
18
+ "Hash",
19
+ "MD5",
20
+ "SHA1",
21
+ "SHA-1",
22
+ "SHA256",
23
+ "SHA-256",
24
+ "RC4",
25
+ "Rabbit",
26
+ "AES",
27
+ "DES",
28
+ "PBKDF2",
29
+ "HMAC",
30
+ "OFB",
31
+ "CFB",
32
+ "CTR",
33
+ "CBC",
34
+ "Base64"
35
+ ],
36
+ "main": "index.js",
37
+ "dependencies": {}
38
+ }
admin/js/crypto-js/pad-ansix923.js ADDED
@@ -0,0 +1,49 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ;(function (root, factory, undef) {
2
+ if (typeof exports === "object") {
3
+ // CommonJS
4
+ module.exports = exports = factory(require("./core"), require("./cipher-core"));
5
+ }
6
+ else if (typeof define === "function" && define.amd) {
7
+ // AMD
8
+ define(["./core", "./cipher-core"], factory);
9
+ }
10
+ else {
11
+ // Global (browser)
12
+ factory(root.CryptoJS);
13
+ }
14
+ }(this, function (CryptoJS) {
15
+
16
+ /**
17
+ * ANSI X.923 padding strategy.
18
+ */
19
+ CryptoJS.pad.AnsiX923 = {
20
+ pad: function (data, blockSize) {
21
+ // Shortcuts
22
+ var dataSigBytes = data.sigBytes;
23
+ var blockSizeBytes = blockSize * 4;
24
+
25
+ // Count padding bytes
26
+ var nPaddingBytes = blockSizeBytes - dataSigBytes % blockSizeBytes;
27
+
28
+ // Compute last byte position
29
+ var lastBytePos = dataSigBytes + nPaddingBytes - 1;
30
+
31
+ // Pad
32
+ data.clamp();
33
+ data.words[lastBytePos >>> 2] |= nPaddingBytes << (24 - (lastBytePos % 4) * 8);
34
+ data.sigBytes += nPaddingBytes;
35
+ },
36
+
37
+ unpad: function (data) {
38
+ // Get number of padding bytes from last byte
39
+ var nPaddingBytes = data.words[(data.sigBytes - 1) >>> 2] & 0xff;
40
+
41
+ // Remove padding
42
+ data.sigBytes -= nPaddingBytes;
43
+ }
44
+ };
45
+
46
+
47
+ return CryptoJS.pad.Ansix923;
48
+
49
+ }));
admin/js/crypto-js/pad-iso10126.js ADDED
@@ -0,0 +1,44 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ;(function (root, factory, undef) {
2
+ if (typeof exports === "object") {
3
+ // CommonJS
4
+ module.exports = exports = factory(require("./core"), require("./cipher-core"));
5
+ }
6
+ else if (typeof define === "function" && define.amd) {
7
+ // AMD
8
+ define(["./core", "./cipher-core"], factory);
9
+ }
10
+ else {
11
+ // Global (browser)
12
+ factory(root.CryptoJS);
13
+ }
14
+ }(this, function (CryptoJS) {
15
+
16
+ /**
17
+ * ISO 10126 padding strategy.
18
+ */
19
+ CryptoJS.pad.Iso10126 = {
20
+ pad: function (data, blockSize) {
21
+ // Shortcut
22
+ var blockSizeBytes = blockSize * 4;
23
+
24
+ // Count padding bytes
25
+ var nPaddingBytes = blockSizeBytes - data.sigBytes % blockSizeBytes;
26
+
27
+ // Pad
28
+ data.concat(CryptoJS.lib.WordArray.random(nPaddingBytes - 1)).
29
+ concat(CryptoJS.lib.WordArray.create([nPaddingBytes << 24], 1));
30
+ },
31
+
32
+ unpad: function (data) {
33
+ // Get number of padding bytes from last byte
34
+ var nPaddingBytes = data.words[(data.sigBytes - 1) >>> 2] & 0xff;
35
+
36
+ // Remove padding
37
+ data.sigBytes -= nPaddingBytes;
38
+ }
39
+ };
40
+
41
+
42
+ return CryptoJS.pad.Iso10126;
43
+
44
+ }));
admin/js/crypto-js/pad-iso97971.js ADDED
@@ -0,0 +1,40 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ;(function (root, factory, undef) {
2
+ if (typeof exports === "object") {
3
+ // CommonJS
4
+ module.exports = exports = factory(require("./core"), require("./cipher-core"));
5
+ }
6
+ else if (typeof define === "function" && define.amd) {
7
+ // AMD
8
+ define(["./core", "./cipher-core"], factory);
9
+ }
10
+ else {
11
+ // Global (browser)
12
+ factory(root.CryptoJS);
13
+ }
14
+ }(this, function (CryptoJS) {
15
+
16
+ /**
17
+ * ISO/IEC 9797-1 Padding Method 2.
18
+ */
19
+ CryptoJS.pad.Iso97971 = {
20
+ pad: function (data, blockSize) {
21
+ // Add 0x80 byte
22
+ data.concat(CryptoJS.lib.WordArray.create([0x80000000], 1));
23
+
24
+ // Zero pad the rest
25
+ CryptoJS.pad.ZeroPadding.pad(data, blockSize);
26
+ },
27
+
28
+ unpad: function (data) {
29
+ // Remove zero padding
30
+ CryptoJS.pad.ZeroPadding.unpad(data);
31
+
32
+ // Remove one more byte -- the 0x80 byte
33
+ data.sigBytes--;
34
+ }
35
+ };
36
+
37
+
38
+ return CryptoJS.pad.Iso97971;
39
+
40
+ }));
admin/js/crypto-js/pad-nopadding.js ADDED
@@ -0,0 +1,30 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ;(function (root, factory, undef) {
2
+ if (typeof exports === "object") {
3
+ // CommonJS
4
+ module.exports = exports = factory(require("./core"), require("./cipher-core"));
5
+ }
6
+ else if (typeof define === "function" && define.amd) {
7
+ // AMD
8
+ define(["./core", "./cipher-core"], factory);
9
+ }
10
+ else {
11
+ // Global (browser)
12
+ factory(root.CryptoJS);
13
+ }
14
+ }(this, function (CryptoJS) {
15
+
16
+ /**
17
+ * A noop padding strategy.
18
+ */
19
+ CryptoJS.pad.NoPadding = {
20
+ pad: function () {
21
+ },
22
+
23
+ unpad: function () {
24
+ }
25
+ };
26
+
27
+
28
+ return CryptoJS.pad.NoPadding;
29
+
30
+ }));
admin/js/crypto-js/pad-pkcs7.js ADDED
@@ -0,0 +1,18 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ;(function (root, factory, undef) {
2
+ if (typeof exports === "object") {
3
+ // CommonJS
4
+ module.exports = exports = factory(require("./core"), require("./cipher-core"));
5
+ }
6
+ else if (typeof define === "function" && define.amd) {
7
+ // AMD
8
+ define(["./core", "./cipher-core"], factory);
9
+ }
10
+ else {
11
+ // Global (browser)
12
+ factory(root.CryptoJS);
13
+ }
14
+ }(this, function (CryptoJS) {
15
+
16
+ return CryptoJS.pad.Pkcs7;
17
+
18
+ }));
admin/js/crypto-js/pad-zeropadding.js ADDED
@@ -0,0 +1,45 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ;(function (root, factory, undef) {
2
+ if (typeof exports === "object") {
3
+ // CommonJS
4
+ module.exports = exports = factory(require("./core"), require("./cipher-core"));
5
+ }
6
+ else if (typeof define === "function" && define.amd) {
7
+ // AMD
8
+ define(["./core", "./cipher-core"], factory);
9
+ }
10
+ else {
11
+ // Global (browser)
12
+ factory(root.CryptoJS);
13
+ }
14
+ }(this, function (CryptoJS) {
15
+
16
+ /**
17
+ * Zero padding strategy.
18
+ */
19
+ CryptoJS.pad.ZeroPadding = {
20
+ pad: function (data, blockSize) {
21
+ // Shortcut
22
+ var blockSizeBytes = blockSize * 4;
23
+
24
+ // Pad
25
+ data.clamp();
26
+ data.sigBytes += blockSizeBytes - ((data.sigBytes % blockSizeBytes) || blockSizeBytes);
27
+ },
28
+
29
+ unpad: function (data) {
30
+ // Shortcut
31
+ var dataWords = data.words;
32
+
33
+ // Unpad
34
+ var i = data.sigBytes - 1;
35
+ while (!((dataWords[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff)) {
36
+ i--;
37
+ }
38
+ data.sigBytes = i + 1;
39
+ }
40
+ };
41
+
42
+
43
+ return CryptoJS.pad.ZeroPadding;
44
+
45
+ }));
admin/js/crypto-js/pbkdf2.js ADDED
@@ -0,0 +1,145 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ;(function (root, factory, undef) {
2
+ if (typeof exports === "object") {
3
+ // CommonJS
4
+ module.exports = exports = factory(require("./core"), require("./sha1"), require("./hmac"));
5
+ }
6
+ else if (typeof define === "function" && define.amd) {
7
+ // AMD
8
+ define(["./core", "./sha1", "./hmac"], factory);
9
+ }
10
+ else {
11
+ // Global (browser)
12
+ factory(root.CryptoJS);
13
+ }
14
+ }(this, function (CryptoJS) {
15
+
16
+ (function () {
17
+ // Shortcuts
18
+ var C = CryptoJS;
19
+ var C_lib = C.lib;
20
+ var Base = C_lib.Base;
21
+ var WordArray = C_lib.WordArray;
22
+ var C_algo = C.algo;
23
+ var SHA1 = C_algo.SHA1;
24
+ var HMAC = C_algo.HMAC;
25
+
26
+ /**
27
+ * Password-Based Key Derivation Function 2 algorithm.
28
+ */
29
+ var PBKDF2 = C_algo.PBKDF2 = Base.extend({
30
+ /**
31
+ * Configuration options.
32
+ *
33
+ * @property {number} keySize The key size in words to generate. Default: 4 (128 bits)
34
+ * @property {Hasher} hasher The hasher to use. Default: SHA1
35
+ * @property {number} iterations The number of iterations to perform. Default: 1
36
+ */
37
+ cfg: Base.extend({
38
+ keySize: 128/32,
39
+ hasher: SHA1,
40
+ iterations: 1
41
+ }),
42
+
43
+ /**
44
+ * Initializes a newly created key derivation function.
45
+ *
46
+ * @param {Object} cfg (Optional) The configuration options to use for the derivation.
47
+ *
48
+ * @example
49
+ *
50
+ * var kdf = CryptoJS.algo.PBKDF2.create();
51
+ * var kdf = CryptoJS.algo.PBKDF2.create({ keySize: 8 });
52
+ * var kdf = CryptoJS.algo.PBKDF2.create({ keySize: 8, iterations: 1000 });
53
+ */
54
+ init: function (cfg) {
55
+ this.cfg = this.cfg.extend(cfg);
56
+ },
57
+
58
+ /**
59
+ * Computes the Password-Based Key Derivation Function 2.
60
+ *
61
+ * @param {WordArray|string} password The password.
62
+ * @param {WordArray|string} salt A salt.
63
+ *
64
+ * @return {WordArray} The derived key.
65
+ *
66
+ * @example
67
+ *
68
+ * var key = kdf.compute(password, salt);
69
+ */
70
+ compute: function (password, salt) {
71
+ // Shortcut
72
+ var cfg = this.cfg;
73
+
74
+ // Init HMAC
75
+ var hmac = HMAC.create(cfg.hasher, password);
76
+
77
+ // Initial values
78
+ var derivedKey = WordArray.create();
79
+ var blockIndex = WordArray.create([0x00000001]);
80
+
81
+ // Shortcuts
82
+ var derivedKeyWords = derivedKey.words;
83
+ var blockIndexWords = blockIndex.words;
84
+ var keySize = cfg.keySize;
85
+ var iterations = cfg.iterations;
86
+
87
+ // Generate key
88
+ while (derivedKeyWords.length < keySize) {
89
+ var block = hmac.update(salt).finalize(blockIndex);
90
+ hmac.reset();
91
+
92
+ // Shortcuts
93
+ var blockWords = block.words;
94
+ var blockWordsLength = blockWords.length;
95
+
96
+ // Iterations
97
+ var intermediate = block;
98
+ for (var i = 1; i < iterations; i++) {
99
+ intermediate = hmac.finalize(intermediate);
100
+ hmac.reset();
101
+
102
+ // Shortcut
103
+ var intermediateWords = intermediate.words;
104
+
105
+ // XOR intermediate with block
106
+ for (var j = 0; j < blockWordsLength; j++) {
107
+ blockWords[j] ^= intermediateWords[j];
108
+ }
109
+ }
110
+
111
+ derivedKey.concat(block);
112
+ blockIndexWords[0]++;
113
+ }
114
+ derivedKey.sigBytes = keySize * 4;
115
+
116
+ return derivedKey;
117
+ }
118
+ });
119
+
120
+ /**
121
+ * Computes the Password-Based Key Derivation Function 2.
122
+ *
123
+ * @param {WordArray|string} password The password.
124
+ * @param {WordArray|string} salt A salt.
125
+ * @param {Object} cfg (Optional) The configuration options to use for this computation.
126
+ *
127
+ * @return {WordArray} The derived key.
128
+ *
129
+ * @static
130
+ *
131
+ * @example
132
+ *
133
+ * var key = CryptoJS.PBKDF2(password, salt);
134
+ * var key = CryptoJS.PBKDF2(password, salt, { keySize: 8 });
135
+ * var key = CryptoJS.PBKDF2(password, salt, { keySize: 8, iterations: 1000 });
136
+ */
137
+ C.PBKDF2 = function (password, salt, cfg) {
138
+ return PBKDF2.create(cfg).compute(password, salt);
139
+ };
140
+ }());
141
+
142
+
143
+ return CryptoJS.PBKDF2;
144
+
145
+ }));
admin/js/crypto-js/rabbit-legacy.js ADDED
@@ -0,0 +1,190 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ;(function (root, factory, undef) {
2
+ if (typeof exports === "object") {
3
+ // CommonJS
4
+ module.exports = exports = factory(require("./core"), require("./enc-base64"), require("./md5"), require("./evpkdf"), require("./cipher-core"));
5
+ }
6
+ else if (typeof define === "function" && define.amd) {
7
+ // AMD
8
+ define(["./core", "./enc-base64", "./md5", "./evpkdf", "./cipher-core"], factory);
9
+ }
10
+ else {
11
+ // Global (browser)
12
+ factory(root.CryptoJS);
13
+ }
14
+ }(this, function (CryptoJS) {
15
+
16
+ (function () {
17
+ // Shortcuts
18
+ var C = CryptoJS;
19
+ var C_lib = C.lib;
20
+ var StreamCipher = C_lib.StreamCipher;
21
+ var C_algo = C.algo;
22
+
23
+ // Reusable objects
24
+ var S = [];
25
+ var C_ = [];
26
+ var G = [];
27
+
28
+ /**
29
+ * Rabbit stream cipher algorithm.
30
+ *
31
+ * This is a legacy version that neglected to convert the key to little-endian.
32
+ * This error doesn't affect the cipher's security,
33
+ * but it does affect its compatibility with other implementations.
34
+ */
35
+ var RabbitLegacy = C_algo.RabbitLegacy = StreamCipher.extend({
36
+ _doReset: function () {
37
+ // Shortcuts
38
+ var K = this._key.words;
39
+ var iv = this.cfg.iv;
40
+
41
+ // Generate initial state values
42
+ var X = this._X = [
43
+ K[0], (K[3] << 16) | (K[2] >>> 16),
44
+ K[1], (K[0] << 16) | (K[3] >>> 16),
45
+ K[2], (K[1] << 16) | (K[0] >>> 16),
46
+ K[3], (K[2] << 16) | (K[1] >>> 16)
47
+ ];
48
+
49
+ // Generate initial counter values
50
+ var C = this._C = [
51
+ (K[2] << 16) | (K[2] >>> 16), (K[0] & 0xffff0000) | (K[1] & 0x0000ffff),
52
+ (K[3] << 16) | (K[3] >>> 16), (K[1] & 0xffff0000) | (K[2] & 0x0000ffff),
53
+ (K[0] << 16) | (K[0] >>> 16), (K[2] & 0xffff0000) | (K[3] & 0x0000ffff),
54
+ (K[1] << 16) | (K[1] >>> 16), (K[3] & 0xffff0000) | (K[0] & 0x0000ffff)
55
+ ];
56
+
57
+ // Carry bit
58
+ this._b = 0;
59
+
60
+ // Iterate the system four times
61
+ for (var i = 0; i < 4; i++) {
62
+ nextState.call(this);
63
+ }
64
+
65
+ // Modify the counters
66
+ for (var i = 0; i < 8; i++) {
67
+ C[i] ^= X[(i + 4) & 7];
68
+ }
69
+
70
+ // IV setup
71
+ if (iv) {
72
+ // Shortcuts
73
+ var IV = iv.words;
74
+ var IV_0 = IV[0];
75
+ var IV_1 = IV[1];
76
+
77
+ // Generate four subvectors
78
+ var i0 = (((IV_0 << 8) | (IV_0 >>> 24)) & 0x00ff00ff) | (((IV_0 << 24) | (IV_0 >>> 8)) & 0xff00ff00);
79
+ var i2 = (((IV_1 << 8) | (IV_1 >>> 24)) & 0x00ff00ff) | (((IV_1 << 24) | (IV_1 >>> 8)) & 0xff00ff00);
80
+ var i1 = (i0 >>> 16) | (i2 & 0xffff0000);
81
+ var i3 = (i2 << 16) | (i0 & 0x0000ffff);
82
+
83
+ // Modify counter values
84
+ C[0] ^= i0;
85
+ C[1] ^= i1;
86
+ C[2] ^= i2;
87
+ C[3] ^= i3;
88
+ C[4] ^= i0;
89
+ C[5] ^= i1;
90
+ C[6] ^= i2;
91
+ C[7] ^= i3;
92
+
93
+ // Iterate the system four times
94
+ for (var i = 0; i < 4; i++) {
95
+ nextState.call(this);
96
+ }
97
+ }
98
+ },
99
+
100
+ _doProcessBlock: function (M, offset) {
101
+ // Shortcut
102
+ var X = this._X;
103
+
104
+ // Iterate the system
105
+ nextState.call(this);
106
+
107
+ // Generate four keystream words
108
+ S[0] = X[0] ^ (X[5] >>> 16) ^ (X[3] << 16);
109
+ S[1] = X[2] ^ (X[7] >>> 16) ^ (X[5] << 16);
110
+ S[2] = X[4] ^ (X[1] >>> 16) ^ (X[7] << 16);
111
+ S[3] = X[6] ^ (X[3] >>> 16) ^ (X[1] << 16);
112
+
113
+ for (var i = 0; i < 4; i++) {
114
+ // Swap endian
115
+ S[i] = (((S[i] << 8) | (S[i] >>> 24)) & 0x00ff00ff) |
116
+ (((S[i] << 24) | (S[i] >>> 8)) & 0xff00ff00);
117
+
118
+ // Encrypt
119
+ M[offset + i] ^= S[i];
120
+ }
121
+ },
122
+
123
+ blockSize: 128/32,
124
+
125
+ ivSize: 64/32
126
+ });
127
+
128
+ function nextState() {
129
+ // Shortcuts
130
+ var X = this._X;
131
+ var C = this._C;
132
+
133
+ // Save old counter values
134
+ for (var i = 0; i < 8; i++) {
135
+ C_[i] = C[i];
136
+ }
137
+
138
+ // Calculate new counter values
139
+ C[0] = (C[0] + 0x4d34d34d + this._b) | 0;
140
+ C[1] = (C[1] + 0xd34d34d3 + ((C[0] >>> 0) < (C_[0] >>> 0) ? 1 : 0)) | 0;
141
+ C[2] = (C[2] + 0x34d34d34 + ((C[1] >>> 0) < (C_[1] >>> 0) ? 1 : 0)) | 0;
142
+ C[3] = (C[3] + 0x4d34d34d + ((C[2] >>> 0) < (C_[2] >>> 0) ? 1 : 0)) | 0;
143
+ C[4] = (C[4] + 0xd34d34d3 + ((C[3] >>> 0) < (C_[3] >>> 0) ? 1 : 0)) | 0;
144
+ C[5] = (C[5] + 0x34d34d34 + ((C[4] >>> 0) < (C_[4] >>> 0) ? 1 : 0)) | 0;
145
+ C[6] = (C[6] + 0x4d34d34d + ((C[5] >>> 0) < (C_[5] >>> 0) ? 1 : 0)) | 0;
146
+ C[7] = (C[7] + 0xd34d34d3 + ((C[6] >>> 0) < (C_[6] >>> 0) ? 1 : 0)) | 0;
147
+ this._b = (C[7] >>> 0) < (C_[7] >>> 0) ? 1 : 0;
148
+
149
+ // Calculate the g-values
150
+ for (var i = 0; i < 8; i++) {
151
+ var gx = X[i] + C[i];
152
+
153
+ // Construct high and low argument for squaring
154
+ var ga = gx & 0xffff;
155
+ var gb = gx >>> 16;
156
+
157
+ // Calculate high and low result of squaring
158
+ var gh = ((((ga * ga) >>> 17) + ga * gb) >>> 15) + gb * gb;
159
+ var gl = (((gx & 0xffff0000) * gx) | 0) + (((gx & 0x0000ffff) * gx) | 0);
160
+
161
+ // High XOR low
162
+ G[i] = gh ^ gl;
163
+ }
164
+
165
+ // Calculate new state values
166
+ X[0] = (G[0] + ((G[7] << 16) | (G[7] >>> 16)) + ((G[6] << 16) | (G[6] >>> 16))) | 0;
167
+ X[1] = (G[1] + ((G[0] << 8) | (G[0] >>> 24)) + G[7]) | 0;
168
+ X[2] = (G[2] + ((G[1] << 16) | (G[1] >>> 16)) + ((G[0] << 16) | (G[0] >>> 16))) | 0;
169
+ X[3] = (G[3] + ((G[2] << 8) | (G[2] >>> 24)) + G[1]) | 0;
170
+ X[4] = (G[4] + ((G[3] << 16) | (G[3] >>> 16)) + ((G[2] << 16) | (G[2] >>> 16))) | 0;
171
+ X[5] = (G[5] + ((G[4] << 8) | (G[4] >>> 24)) + G[3]) | 0;
172
+ X[6] = (G[6] + ((G[5] << 16) | (G[5] >>> 16)) + ((G[4] << 16) | (G[4] >>> 16))) | 0;
173
+ X[7] = (G[7] + ((G[6] << 8) | (G[6] >>> 24)) + G[5]) | 0;
174
+ }
175
+
176
+ /**
177
+ * Shortcut functions to the cipher's object interface.
178
+ *
179
+ * @example
180
+ *
181
+ * var ciphertext = CryptoJS.RabbitLegacy.encrypt(message, key, cfg);
182
+ * var plaintext = CryptoJS.RabbitLegacy.decrypt(ciphertext, key, cfg);
183
+ */
184
+ C.RabbitLegacy = StreamCipher._createHelper(RabbitLegacy);
185
+ }());
186
+
187
+
188
+ return CryptoJS.RabbitLegacy;
189
+
190
+ }));
admin/js/crypto-js/rabbit.js ADDED
@@ -0,0 +1,192 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ;(function (root, factory, undef) {
2
+ if (typeof exports === "object") {
3
+ // CommonJS
4
+ module.exports = exports = factory(require("./core"), require("./enc-base64"), require("./md5"), require("./evpkdf"), require("./cipher-core"));
5
+ }
6
+ else if (typeof define === "function" && define.amd) {
7
+ // AMD
8
+ define(["./core", "./enc-base64", "./md5", "./evpkdf", "./cipher-core"], factory);
9
+ }
10
+ else {
11
+ // Global (browser)
12
+ factory(root.CryptoJS);
13
+ }
14
+ }(this, function (CryptoJS) {
15
+
16
+ (function () {
17
+ // Shortcuts
18
+ var C = CryptoJS;
19
+ var C_lib = C.lib;
20
+ var StreamCipher = C_lib.StreamCipher;
21
+ var C_algo = C.algo;
22
+
23
+ // Reusable objects
24
+ var S = [];
25
+ var C_ = [];
26
+ var G = [];
27
+
28
+ /**
29
+ * Rabbit stream cipher algorithm
30
+ */
31
+ var Rabbit = C_algo.Rabbit = StreamCipher.extend({
32
+ _doReset: function () {
33
+ // Shortcuts
34
+ var K = this._key.words;
35
+ var iv = this.cfg.iv;
36
+
37
+ // Swap endian
38
+ for (var i = 0; i < 4; i++) {
39
+ K[i] = (((K[i] << 8) | (K[i] >>> 24)) & 0x00ff00ff) |
40
+ (((K[i] << 24) | (K[i] >>> 8)) & 0xff00ff00);
41
+ }
42
+
43
+ // Generate initial state values
44
+ var X = this._X = [
45
+ K[0], (K[3] << 16) | (K[2] >>> 16),
46
+ K[1], (K[0] << 16) | (K[3] >>> 16),
47
+ K[2], (K[1] << 16) | (K[0] >>> 16),
48
+ K[3], (K[2] << 16) | (K[1] >>> 16)
49
+ ];
50
+
51
+ // Generate initial counter values
52
+ var C = this._C = [
53
+ (K[2] << 16) | (K[2] >>> 16), (K[0] & 0xffff0000) | (K[1] & 0x0000ffff),
54
+ (K[3] << 16) | (K[3] >>> 16), (K[1] & 0xffff0000) | (K[2] & 0x0000ffff),
55
+ (K[0] << 16) | (K[0] >>> 16), (K[2] & 0xffff0000) | (K[3] & 0x0000ffff),
56
+ (K[1] << 16) | (K[1] >>> 16), (K[3] & 0xffff0000) | (K[0] & 0x0000ffff)
57
+ ];
58
+
59
+ // Carry bit
60
+ this._b = 0;
61
+
62
+ // Iterate the system four times
63
+ for (var i = 0; i < 4; i++) {
64
+ nextState.call(this);
65
+ }
66
+
67
+ // Modify the counters
68
+ for (var i = 0; i < 8; i++) {
69
+ C[i] ^= X[(i + 4) & 7];
70
+ }
71
+
72
+ // IV setup
73
+ if (iv) {
74
+ // Shortcuts
75
+ var IV = iv.words;
76
+ var IV_0 = IV[0];
77
+ var IV_1 = IV[1];
78
+
79
+ // Generate four subvectors
80
+ var i0 = (((IV_0 << 8) | (IV_0 >>> 24)) & 0x00ff00ff) | (((IV_0 << 24) | (IV_0 >>> 8)) & 0xff00ff00);
81
+ var i2 = (((IV_1 << 8) | (IV_1 >>> 24)) & 0x00ff00ff) | (((IV_1 << 24) | (IV_1 >>> 8)) & 0xff00ff00);
82
+ var i1 = (i0 >>> 16) | (i2 & 0xffff0000);
83
+ var i3 = (i2 << 16) | (i0 & 0x0000ffff);
84
+
85
+ // Modify counter values
86
+ C[0] ^= i0;
87
+ C[1] ^= i1;
88
+ C[2] ^= i2;
89
+ C[3] ^= i3;
90
+ C[4] ^= i0;
91
+ C[5] ^= i1;
92
+ C[6] ^= i2;
93
+ C[7] ^= i3;
94
+
95
+ // Iterate the system four times
96
+ for (var i = 0; i < 4; i++) {
97
+ nextState.call(this);
98
+ }
99
+ }
100
+ },
101
+
102
+ _doProcessBlock: function (M, offset) {
103
+ // Shortcut
104
+ var X = this._X;
105
+
106
+ // Iterate the system
107
+ nextState.call(this);
108
+
109
+ // Generate four keystream words
110
+ S[0] = X[0] ^ (X[5] >>> 16) ^ (X[3] << 16);
111
+ S[1] = X[2] ^ (X[7] >>> 16) ^ (X[5] << 16);
112
+ S[2] = X[4] ^ (X[1] >>> 16) ^ (X[7] << 16);
113
+ S[3] = X[6] ^ (X[3] >>> 16) ^ (X[1] << 16);
114
+
115
+ for (var i = 0; i < 4; i++) {
116
+ // Swap endian
117
+ S[i] = (((S[i] << 8) | (S[i] >>> 24)) & 0x00ff00ff) |
118
+ (((S[i] << 24) | (S[i] >>> 8)) & 0xff00ff00);
119
+
120
+ // Encrypt
121
+ M[offset + i] ^= S[i];
122
+ }
123
+ },
124
+
125
+ blockSize: 128/32,
126
+
127
+ ivSize: 64/32
128
+ });
129
+
130
+ function nextState() {
131
+ // Shortcuts
132
+ var X = this._X;
133
+ var C = this._C;
134
+
135
+ // Save old counter values
136
+ for (var i = 0; i < 8; i++) {
137
+ C_[i] = C[i];
138
+ }
139
+
140
+ // Calculate new counter values
141
+ C[0] = (C[0] + 0x4d34d34d + this._b) | 0;
142
+ C[1] = (C[1] + 0xd34d34d3 + ((C[0] >>> 0) < (C_[0] >>> 0) ? 1 : 0)) | 0;
143
+ C[2] = (C[2] + 0x34d34d34 + ((C[1] >>> 0) < (C_[1] >>> 0) ? 1 : 0)) | 0;
144
+ C[3] = (C[3] + 0x4d34d34d + ((C[2] >>> 0) < (C_[2] >>> 0) ? 1 : 0)) | 0;
145
+ C[4] = (C[4] + 0xd34d34d3 + ((C[3] >>> 0) < (C_[3] >>> 0) ? 1 : 0)) | 0;
146
+ C[5] = (C[5] + 0x34d34d34 + ((C[4] >>> 0) < (C_[4] >>> 0) ? 1 : 0)) | 0;
147
+ C[6] = (C[6] + 0x4d34d34d + ((C[5] >>> 0) < (C_[5] >>> 0) ? 1 : 0)) | 0;
148
+ C[7] = (C[7] + 0xd34d34d3 + ((C[6] >>> 0) < (C_[6] >>> 0) ? 1 : 0)) | 0;
149
+ this._b = (C[7] >>> 0) < (C_[7] >>> 0) ? 1 : 0;
150
+
151
+ // Calculate the g-values
152
+ for (var i = 0; i < 8; i++) {
153
+ var gx = X[i] + C[i];
154
+
155
+ // Construct high and low argument for squaring
156
+ var ga = gx & 0xffff;
157
+ var gb = gx >>> 16;
158
+
159
+ // Calculate high and low result of squaring
160
+ var gh = ((((ga * ga) >>> 17) + ga * gb) >>> 15) + gb * gb;
161
+ var gl = (((gx & 0xffff0000) * gx) | 0) + (((gx & 0x0000ffff) * gx) | 0);
162
+
163
+ // High XOR low
164
+ G[i] = gh ^ gl;
165
+ }
166
+
167
+ // Calculate new state values
168
+ X[0] = (G[0] + ((G[7] << 16) | (G[7] >>> 16)) + ((G[6] << 16) | (G[6] >>> 16))) | 0;
169
+ X[1] = (G[1] + ((G[0] << 8) | (G[0] >>> 24)) + G[7]) | 0;
170
+ X[2] = (G[2] + ((G[1] << 16) | (G[1] >>> 16)) + ((G[0] << 16) | (G[0] >>> 16))) | 0;
171
+ X[3] = (G[3] + ((G[2] << 8) | (G[2] >>> 24)) + G[1]) | 0;
172
+ X[4] = (G[4] + ((G[3] << 16) | (G[3] >>> 16)) + ((G[2] << 16) | (G[2] >>> 16))) | 0;
173
+ X[5] = (G[5] + ((G[4] << 8) | (G[4] >>> 24)) + G[3]) | 0;
174
+ X[6] = (G[6] + ((G[5] << 16) | (G[5] >>> 16)) + ((G[4] << 16) | (G[4] >>> 16))) | 0;
175
+ X[7] = (G[7] + ((G[6] << 8) | (G[6] >>> 24)) + G[5]) | 0;
176
+ }
177
+
178
+ /**
179
+ * Shortcut functions to the cipher's object interface.
180
+ *
181
+ * @example
182
+ *
183
+ * var ciphertext = CryptoJS.Rabbit.encrypt(message, key, cfg);
184
+ * var plaintext = CryptoJS.Rabbit.decrypt(ciphertext, key, cfg);
185
+ */
186
+ C.Rabbit = StreamCipher._createHelper(Rabbit);
187
+ }());
188
+
189
+
190
+ return CryptoJS.Rabbit;
191
+
192
+ }));
admin/js/crypto-js/rc4.js ADDED
@@ -0,0 +1,139 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ;(function (root, factory, undef) {
2
+ if (typeof exports === "object") {
3
+ // CommonJS
4
+ module.exports = exports = factory(require("./core"), require("./enc-base64"), require("./md5"), require("./evpkdf"), require("./cipher-core"));
5
+ }
6
+ else if (typeof define === "function" && define.amd) {
7
+ // AMD
8
+ define(["./core", "./enc-base64", "./md5", "./evpkdf", "./cipher-core"], factory);
9
+ }
10
+ else {
11
+ // Global (browser)
12
+ factory(root.CryptoJS);
13
+ }
14
+ }(this, function (CryptoJS) {
15
+
16
+ (function () {
17
+ // Shortcuts
18
+ var C = CryptoJS;
19
+ var C_lib = C.lib;
20
+ var StreamCipher = C_lib.StreamCipher;
21
+ var C_algo = C.algo;
22
+
23
+ /**
24
+ * RC4 stream cipher algorithm.
25
+ */
26
+ var RC4 = C_algo.RC4 = StreamCipher.extend({
27
+ _doReset: function () {
28
+ // Shortcuts
29
+ var key = this._key;
30
+ var keyWords = key.words;
31
+ var keySigBytes = key.sigBytes;
32
+
33
+ // Init sbox
34
+ var S = this._S = [];
35
+ for (var i = 0; i < 256; i++) {
36
+ S[i] = i;
37
+ }
38
+
39
+ // Key setup
40
+ for (var i = 0, j = 0; i < 256; i++) {
41
+ var keyByteIndex = i % keySigBytes;
42
+ var keyByte = (keyWords[keyByteIndex >>> 2] >>> (24 - (keyByteIndex % 4) * 8)) & 0xff;
43
+
44
+ j = (j + S[i] + keyByte) % 256;
45
+
46
+ // Swap
47
+ var t = S[i];
48
+ S[i] = S[j];
49
+ S[j] = t;
50
+ }
51
+
52
+ // Counters
53
+ this._i = this._j = 0;
54
+ },
55
+
56
+ _doProcessBlock: function (M, offset) {
57
+ M[offset] ^= generateKeystreamWord.call(this);
58
+ },
59
+
60
+ keySize: 256/32,
61
+
62
+ ivSize: 0
63
+ });
64
+
65
+ function generateKeystreamWord() {
66
+ // Shortcuts
67
+ var S = this._S;
68
+ var i = this._i;
69
+ var j = this._j;
70
+
71
+ // Generate keystream word
72
+ var keystreamWord = 0;
73
+ for (var n = 0; n < 4; n++) {
74
+ i = (i + 1) % 256;
75
+ j = (j + S[i]) % 256;
76
+
77
+ // Swap
78
+ var t = S[i];
79
+ S[i] = S[j];
80
+ S[j] = t;
81
+
82
+ keystreamWord |= S[(S[i] + S[j]) % 256] << (24 - n * 8);
83
+ }
84
+
85
+ // Update counters
86
+ this._i = i;
87
+ this._j = j;
88
+
89
+ return keystreamWord;
90
+ }
91
+
92
+ /**
93
+ * Shortcut functions to the cipher's object interface.
94
+ *
95
+ * @example
96
+ *
97
+ * var ciphertext = CryptoJS.RC4.encrypt(message, key, cfg);
98
+ * var plaintext = CryptoJS.RC4.decrypt(ciphertext, key, cfg);
99
+ */
100
+ C.RC4 = StreamCipher._createHelper(RC4);
101
+
102
+ /**
103
+ * Modified RC4 stream cipher algorithm.
104
+ */
105
+ var RC4Drop = C_algo.RC4Drop = RC4.extend({
106
+ /**
107
+ * Configuration options.
108
+ *
109
+ * @property {number} drop The number of keystream words to drop. Default 192
110
+ */
111
+ cfg: RC4.cfg.extend({
112
+ drop: 192
113
+ }),
114
+
115
+ _doReset: function () {
116
+ RC4._doReset.call(this);
117
+
118
+ // Drop
119
+ for (var i = this.cfg.drop; i > 0; i--) {
120
+ generateKeystreamWord.call(this);
121
+ }
122
+ }
123
+ });
124
+
125
+ /**
126
+ * Shortcut functions to the cipher's object interface.
127
+ *
128
+ * @example
129
+ *
130
+ * var ciphertext = CryptoJS.RC4Drop.encrypt(message, key, cfg);
131
+ * var plaintext = CryptoJS.RC4Drop.decrypt(ciphertext, key, cfg);
132
+ */
133
+ C.RC4Drop = StreamCipher._createHelper(RC4Drop);
134
+ }());
135
+
136
+
137
+ return CryptoJS.RC4;
138
+
139
+ }));
admin/js/crypto-js/ripemd160.js ADDED
@@ -0,0 +1,267 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ;(function (root, factory) {
2
+ if (typeof exports === "object") {
3
+ // CommonJS
4
+ module.exports = exports = factory(require("./core"));
5
+ }
6
+ else if (typeof define === "function" && define.amd) {
7
+ // AMD
8
+ define(["./core"], factory);
9
+ }
10
+ else {
11
+ // Global (browser)
12
+ factory(root.CryptoJS);
13
+ }
14
+ }(this, function (CryptoJS) {
15
+
16
+ /** @preserve
17
+ (c) 2012 by Cédric Mesnil. All rights reserved.
18
+
19
+ Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
20
+
21
+ - Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
22
+ - Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
23
+
24
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25
+ */
26
+
27
+ (function (Math) {
28
+ // Shortcuts
29
+ var C = CryptoJS;
30
+ var C_lib = C.lib;
31
+ var WordArray = C_lib.WordArray;
32
+ var Hasher = C_lib.Hasher;
33
+ var C_algo = C.algo;
34
+
35
+ // Constants table
36
+ var _zl = WordArray.create([
37
+ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
38
+ 7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8,
39
+ 3, 10, 14, 4, 9, 15, 8, 1, 2, 7, 0, 6, 13, 11, 5, 12,
40
+ 1, 9, 11, 10, 0, 8, 12, 4, 13, 3, 7, 15, 14, 5, 6, 2,
41
+ 4, 0, 5, 9, 7, 12, 2, 10, 14, 1, 3, 8, 11, 6, 15, 13]);
42
+ var _zr = WordArray.create([
43
+ 5, 14, 7, 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12,
44
+ 6, 11, 3, 7, 0, 13, 5, 10, 14, 15, 8, 12, 4, 9, 1, 2,
45
+ 15, 5, 1, 3, 7, 14, 6, 9, 11, 8, 12, 2, 10, 0, 4, 13,
46
+ 8, 6, 4, 1, 3, 11, 15, 0, 5, 12, 2, 13, 9, 7, 10, 14,
47
+ 12, 15, 10, 4, 1, 5, 8, 7, 6, 2, 13, 14, 0, 3, 9, 11]);
48
+ var _sl = WordArray.create([
49
+ 11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8,
50
+ 7, 6, 8, 13, 11, 9, 7, 15, 7, 12, 15, 9, 11, 7, 13, 12,
51
+ 11, 13, 6, 7, 14, 9, 13, 15, 14, 8, 13, 6, 5, 12, 7, 5,
52
+ 11, 12, 14, 15, 14, 15, 9, 8, 9, 14, 5, 6, 8, 6, 5, 12,
53
+ 9, 15, 5, 11, 6, 8, 13, 12, 5, 12, 13, 14, 11, 8, 5, 6 ]);
54
+ var _sr = WordArray.create([
55
+ 8, 9, 9, 11, 13, 15, 15, 5, 7, 7, 8, 11, 14, 14, 12, 6,
56
+ 9, 13, 15, 7, 12, 8, 9, 11, 7, 7, 12, 7, 6, 15, 13, 11,
57
+ 9, 7, 15, 11, 8, 6, 6, 14, 12, 13, 5, 14, 13, 13, 7, 5,
58
+ 15, 5, 8, 11, 14, 14, 6, 14, 6, 9, 12, 9, 12, 5, 15, 8,
59
+ 8, 5, 12, 9, 12, 5, 14, 6, 8, 13, 6, 5, 15, 13, 11, 11 ]);
60
+
61
+ var _hl = WordArray.create([ 0x00000000, 0x5A827999, 0x6ED9EBA1, 0x8F1BBCDC, 0xA953FD4E]);
62
+ var _hr = WordArray.create([ 0x50A28BE6, 0x5C4DD124, 0x6D703EF3, 0x7A6D76E9, 0x00000000]);
63
+
64
+ /**
65
+ * RIPEMD160 hash algorithm.
66
+ */
67
+ var RIPEMD160 = C_algo.RIPEMD160 = Hasher.extend({
68
+ _doReset: function () {
69
+ this._hash = WordArray.create([0x67452301, 0xEFCDAB89, 0x98BADCFE, 0x10325476, 0xC3D2E1F0]);
70
+ },
71
+
72
+ _doProcessBlock: function (M, offset) {
73
+
74
+ // Swap endian
75
+ for (var i = 0; i < 16; i++) {
76
+ // Shortcuts
77
+ var offset_i = offset + i;
78
+ var M_offset_i = M[offset_i];
79
+
80
+ // Swap
81
+ M[offset_i] = (
82
+ (((M_offset_i << 8) | (M_offset_i >>> 24)) & 0x00ff00ff) |
83
+ (((M_offset_i << 24) | (M_offset_i >>> 8)) & 0xff00ff00)
84
+ );
85
+ }
86
+ // Shortcut
87
+ var H = this._hash.words;
88
+ var hl = _hl.words;
89
+ var hr = _hr.words;
90
+ var zl = _zl.words;
91
+ var zr = _zr.words;
92
+ var sl = _sl.words;
93
+ var sr = _sr.words;
94
+
95
+ // Working variables
96
+ var al, bl, cl, dl, el;
97
+ var ar, br, cr, dr, er;
98
+
99
+ ar = al = H[0];
100
+ br = bl = H[1];
101
+ cr = cl = H[2];
102
+ dr = dl = H[3];
103
+ er = el = H[4];
104
+ // Computation
105
+ var t;
106
+ for (var i = 0; i < 80; i += 1) {
107
+ t = (al + M[offset+zl[i]])|0;
108
+ if (i<16){
109
+ t += f1(bl,cl,dl) + hl[0];
110
+ } else if (i<32) {
111
+ t += f2(bl,cl,dl) + hl[1];
112
+ } else if (i<48) {
113
+ t += f3(bl,cl,dl) + hl[2];
114
+ } else if (i<64) {
115
+ t += f4(bl,cl,dl) + hl[3];
116
+ } else {// if (i<80) {
117
+ t += f5(bl,cl,dl) + hl[4];
118
+ }
119
+ t = t|0;
120
+ t = rotl(t,sl[i]);
121
+ t = (t+el)|0;
122
+ al = el;
123
+ el = dl;
124
+ dl = rotl(cl, 10);
125
+ cl = bl;
126
+ bl = t;
127
+
128
+ t = (ar + M[offset+zr[i]])|0;
129
+ if (i<16){
130
+ t += f5(br,cr,dr) + hr[0];
131
+ } else if (i<32) {
132
+ t += f4(br,cr,dr) + hr[1];
133
+ } else if (i<48) {
134
+ t += f3(br,cr,dr) + hr[2];
135
+ } else if (i<64) {
136
+ t += f2(br,cr,dr) + hr[3];
137
+ } else {// if (i<80) {
138
+ t += f1(br,cr,dr) + hr[4];
139
+ }
140
+ t = t|0;
141
+ t = rotl(t,sr[i]) ;
142
+ t = (t+er)|0;
143
+ ar = er;
144
+ er = dr;
145
+ dr = rotl(cr, 10);
146
+ cr = br;
147
+ br = t;
148
+ }
149
+ // Intermediate hash value
150
+ t = (H[1] + cl + dr)|0;
151
+ H[1] = (H[2] + dl + er)|0;
152
+ H[2] = (H[3] + el + ar)|0;
153
+ H[3] = (H[4] + al + br)|0;
154
+ H[4] = (H[0] + bl + cr)|0;
155
+ H[0] = t;
156
+ },
157
+
158
+ _doFinalize: function () {
159
+ // Shortcuts
160
+ var data = this._data;
161
+ var dataWords = data.words;
162
+
163
+ var nBitsTotal = this._nDataBytes * 8;
164
+ var nBitsLeft = data.sigBytes * 8;
165
+
166
+ // Add padding
167
+ dataWords[nBitsLeft >>> 5] |= 0x80 << (24 - nBitsLeft % 32);
168
+ dataWords[(((nBitsLeft + 64) >>> 9) << 4) + 14] = (
169
+ (((nBitsTotal << 8) | (nBitsTotal >>> 24)) & 0x00ff00ff) |
170
+ (((nBitsTotal << 24) | (nBitsTotal >>> 8)) & 0xff00ff00)
171
+ );
172
+ data.sigBytes = (dataWords.length + 1) * 4;
173
+
174
+ // Hash final blocks
175
+ this._process();
176
+
177
+ // Shortcuts
178
+ var hash = this._hash;
179
+ var H = hash.words;
180
+
181
+ // Swap endian
182
+ for (var i = 0; i < 5; i++) {
183
+ // Shortcut
184
+ var H_i = H[i];
185
+
186
+ // Swap
187
+ H[i] = (((H_i << 8) | (H_i >>> 24)) & 0x00ff00ff) |
188
+ (((H_i << 24) | (H_i >>> 8)) & 0xff00ff00);
189
+ }
190
+
191
+ // Return final computed hash
192
+ return hash;
193
+ },
194
+
195
+ clone: function () {
196
+ var clone = Hasher.clone.call(this);
197
+ clone._hash = this._hash.clone();
198
+
199
+ return clone;
200
+ }
201
+ });
202
+
203
+
204
+ function f1(x, y, z) {
205
+ return ((x) ^ (y) ^ (z));
206
+
207
+ }
208
+
209
+ function f2(x, y, z) {
210
+ return (((x)&(y)) | ((~x)&(z)));
211
+ }
212
+
213
+ function f3(x, y, z) {
214
+ return (((x) | (~(y))) ^ (z));
215
+ }
216
+
217
+ function f4(x, y, z) {
218
+ return (((x) & (z)) | ((y)&(~(z))));
219
+ }
220
+
221
+ function f5(x, y, z) {
222
+ return ((x) ^ ((y) |(~(z))));
223
+
224
+ }
225
+
226
+ function rotl(x,n) {
227
+ return (x<<n) | (x>>>(32-n));
228
+ }
229
+
230
+
231
+ /**
232
+ * Shortcut function to the hasher's object interface.
233
+ *
234
+ * @param {WordArray|string} message The message to hash.
235
+ *
236
+ * @return {WordArray} The hash.
237
+ *
238
+ * @static
239
+ *
240
+ * @example
241
+ *
242
+ * var hash = CryptoJS.RIPEMD160('message');
243
+ * var hash = CryptoJS.RIPEMD160(wordArray);
244
+ */
245
+ C.RIPEMD160 = Hasher._createHelper(RIPEMD160);
246
+
247
+ /**
248
+ * Shortcut function to the HMAC's object interface.
249
+ *
250
+ * @param {WordArray|string} message The message to hash.
251
+ * @param {WordArray|string} key The secret key.
252
+ *
253
+ * @return {WordArray} The HMAC.
254
+ *
255
+ * @static
256
+ *
257
+ * @example
258
+ *
259
+ * var hmac = CryptoJS.HmacRIPEMD160(message, key);
260
+ */
261
+ C.HmacRIPEMD160 = Hasher._createHmacHelper(RIPEMD160);
262
+ }(Math));
263
+
264
+
265
+ return CryptoJS.RIPEMD160;
266
+
267
+ }));
admin/js/crypto-js/sha1.js ADDED
@@ -0,0 +1,150 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ;(function (root, factory) {
2
+ if (typeof exports === "object") {
3
+ // CommonJS
4
+ module.exports = exports = factory(require("./core"));
5
+ }
6
+ else if (typeof define === "function" && define.amd) {
7
+ // AMD
8
+ define(["./core"], factory);
9
+ }
10
+ else {
11
+ // Global (browser)
12
+ factory(root.CryptoJS);
13
+ }
14
+ }(this, function (CryptoJS) {
15
+
16
+ (function () {
17
+ // Shortcuts
18
+ var C = CryptoJS;
19
+ var C_lib = C.lib;
20
+ var WordArray = C_lib.WordArray;
21
+ var Hasher = C_lib.Hasher;
22
+ var C_algo = C.algo;
23
+
24
+ // Reusable object
25
+ var W = [];
26
+
27
+ /**
28
+ * SHA-1 hash algorithm.
29
+ */
30
+ var SHA1 = C_algo.SHA1 = Hasher.extend({
31
+ _doReset: function () {
32
+ this._hash = new WordArray.init([
33
+ 0x67452301, 0xefcdab89,
34
+ 0x98badcfe, 0x10325476,
35
+ 0xc3d2e1f0
36
+ ]);
37
+ },
38
+
39
+ _doProcessBlock: function (M, offset) {
40
+ // Shortcut
41
+ var H = this._hash.words;
42
+
43
+ // Working variables
44
+ var a = H[0];
45
+ var b = H[1];
46
+ var c = H[2];
47
+ var d = H[3];
48
+ var e = H[4];
49
+
50
+ // Computation
51
+ for (var i = 0; i < 80; i++) {
52
+ if (i < 16) {
53
+ W[i] = M[offset + i] | 0;
54
+ } else {
55
+ var n = W[i - 3] ^ W[i - 8] ^ W[i - 14] ^ W[i - 16];
56
+ W[i] = (n << 1) | (n >>> 31);
57
+ }
58
+
59
+ var t = ((a << 5) | (a >>> 27)) + e + W[i];
60
+ if (i < 20) {
61
+ t += ((b & c) | (~b & d)) + 0x5a827999;
62
+ } else if (i < 40) {
63
+ t += (b ^ c ^ d) + 0x6ed9eba1;
64
+ } else if (i < 60) {
65
+ t += ((b & c) | (b & d) | (c & d)) - 0x70e44324;
66
+ } else /* if (i < 80) */ {
67
+ t += (b ^ c ^ d) - 0x359d3e2a;
68
+ }
69
+
70
+ e = d;
71
+ d = c;
72
+ c = (b << 30) | (b >>> 2);
73
+ b = a;
74
+ a = t;
75
+ }
76
+
77
+ // Intermediate hash value
78
+ H[0] = (H[0] + a) | 0;
79
+ H[1] = (H[1] + b) | 0;
80
+ H[2] = (H[2] + c) | 0;
81
+ H[3] = (H[3] + d) | 0;
82
+ H[4] = (H[4] + e) | 0;
83
+ },
84
+
85
+ _doFinalize: function () {
86
+ // Shortcuts
87
+ var data = this._data;
88
+ var dataWords = data.words;
89
+
90
+ var nBitsTotal = this._nDataBytes * 8;
91
+ var nBitsLeft = data.sigBytes * 8;
92
+
93
+ // Add padding
94
+ dataWords[nBitsLeft >>> 5] |= 0x80 << (24 - nBitsLeft % 32);
95
+ dataWords[(((nBitsLeft + 64) >>> 9) << 4) + 14] = Math.floor(nBitsTotal / 0x100000000);
96
+ dataWords[(((nBitsLeft + 64) >>> 9) << 4) + 15] = nBitsTotal;
97
+ data.sigBytes = dataWords.length * 4;
98
+
99
+ // Hash final blocks
100
+ this._process();
101
+
102
+ // Return final computed hash
103
+ return this._hash;
104
+ },
105
+
106
+ clone: function () {
107
+ var clone = Hasher.clone.call(this);
108
+ clone._hash = this._hash.clone();
109
+
110
+ return clone;
111
+ }
112
+ });
113
+
114
+ /**
115
+ * Shortcut function to the hasher's object interface.
116
+ *
117
+ * @param {WordArray|string} message The message to hash.
118
+ *
119
+ * @return {WordArray} The hash.
120
+ *
121
+ * @static
122
+ *
123
+ * @example
124
+ *
125
+ * var hash = CryptoJS.SHA1('message');
126
+ * var hash = CryptoJS.SHA1(wordArray);
127
+ */
128
+ C.SHA1 = Hasher._createHelper(SHA1);
129
+
130
+ /**
131
+ * Shortcut function to the HMAC's object interface.
132
+ *
133
+ * @param {WordArray|string} message The message to hash.
134
+ * @param {WordArray|string} key The secret key.
135
+ *
136
+ * @return {WordArray} The HMAC.
137
+ *
138
+ * @static
139
+ *
140
+ * @example
141
+ *
142
+ * var hmac = CryptoJS.HmacSHA1(message, key);
143
+ */
144
+ C.HmacSHA1 = Hasher._createHmacHelper(SHA1);
145
+ }());
146
+
147
+
148
+ return CryptoJS.SHA1;
149
+
150
+ }));
admin/js/crypto-js/sha224.js ADDED
@@ -0,0 +1,80 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ;(function (root, factory, undef) {
2
+ if (typeof exports === "object") {
3
+ // CommonJS
4
+ module.exports = exports = factory(require("./core"), require("./sha256"));
5
+ }
6
+ else if (typeof define === "function" && define.amd) {
7
+ // AMD
8
+ define(["./core", "./sha256"], factory);
9
+ }
10
+ else {
11
+ // Global (browser)
12
+ factory(root.CryptoJS);
13
+ }
14
+ }(this, function (CryptoJS) {
15
+
16
+ (function () {
17
+ // Shortcuts
18
+ var C = CryptoJS;
19
+ var C_lib = C.lib;
20
+ var WordArray = C_lib.WordArray;
21
+ var C_algo = C.algo;
22
+ var SHA256 = C_algo.SHA256;
23
+
24
+ /**
25
+ * SHA-224 hash algorithm.
26
+ */
27
+ var SHA224 = C_algo.SHA224 = SHA256.extend({
28
+ _doReset: function () {
29
+ this._hash = new WordArray.init([
30
+ 0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939,
31
+ 0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4
32
+ ]);
33
+ },
34
+
35
+ _doFinalize: function () {
36
+ var hash = SHA256._doFinalize.call(this);
37
+
38
+ hash.sigBytes -= 4;
39
+
40
+ return hash;
41
+ }
42
+ });
43
+
44
+ /**
45
+ * Shortcut function to the hasher's object interface.
46
+ *
47
+ * @param {WordArray|string} message The message to hash.
48
+ *
49
+ * @return {WordArray} The hash.
50
+ *
51
+ * @static
52
+ *
53
+ * @example
54
+ *
55
+ * var hash = CryptoJS.SHA224('message');
56
+ * var hash = CryptoJS.SHA224(wordArray);
57
+ */
58
+ C.SHA224 = SHA256._createHelper(SHA224);
59
+
60
+ /**
61
+ * Shortcut function to the HMAC's object interface.
62
+ *
63
+ * @param {WordArray|string} message The message to hash.
64
+ * @param {WordArray|string} key The secret key.
65
+ *
66
+ * @return {WordArray} The HMAC.
67
+ *
68
+ * @static
69
+ *
70
+ * @example
71
+ *
72
+ * var hmac = CryptoJS.HmacSHA224(message, key);
73
+ */
74
+ C.HmacSHA224 = SHA256._createHmacHelper(SHA224);
75
+ }());
76
+
77
+
78
+ return CryptoJS.SHA224;
79
+
80
+ }));
admin/js/crypto-js/sha256.js ADDED
@@ -0,0 +1,199 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ;(function (root, factory) {
2
+ if (typeof exports === "object") {
3
+ // CommonJS
4
+ module.exports = exports = factory(require("./core"));
5
+ }
6
+ else if (typeof define === "function" && define.amd) {
7
+ // AMD
8
+ define(["./core"], factory);
9
+ }
10
+ else {
11
+ // Global (browser)
12
+ factory(root.CryptoJS);
13
+ }
14
+ }(this, function (CryptoJS) {
15
+
16
+ (function (Math) {
17
+ // Shortcuts
18
+ var C = CryptoJS;
19
+ var C_lib = C.lib;
20
+ var WordArray = C_lib.WordArray;
21
+ var Hasher = C_lib.Hasher;
22
+ var C_algo = C.algo;
23
+
24
+ // Initialization and round constants tables
25
+ var H = [];
26
+ var K = [];
27
+
28
+ // Compute constants
29
+ (function () {
30
+ function isPrime(n) {
31
+ var sqrtN = Math.sqrt(n);
32
+ for (var factor = 2; factor <= sqrtN; factor++) {
33
+ if (!(n % factor)) {
34
+ return false;
35
+ }
36
+ }
37
+
38
+ return true;
39
+ }
40
+
41
+ function getFractionalBits(n) {
42
+ return ((n - (n | 0)) * 0x100000000) | 0;
43
+ }
44
+
45
+ var n = 2;
46
+ var nPrime = 0;
47
+ while (nPrime < 64) {
48
+ if (isPrime(n)) {
49
+ if (nPrime < 8) {
50
+ H[nPrime] = getFractionalBits(Math.pow(n, 1 / 2));
51
+ }
52
+ K[nPrime] = getFractionalBits(Math.pow(n, 1 / 3));
53
+
54
+ nPrime++;
55
+ }
56
+
57
+ n++;
58
+ }
59
+ }());
60
+
61
+ // Reusable object
62
+ var W = [];
63
+
64
+ /**
65
+ * SHA-256 hash algorithm.
66
+ */
67
+ var SHA256 = C_algo.SHA256 = Hasher.extend({
68
+ _doReset: function () {
69
+ this._hash = new WordArray.init(H.slice(0));
70
+ },
71
+
72
+ _doProcessBlock: function (M, offset) {
73
+ // Shortcut
74
+ var H = this._hash.words;
75
+
76
+ // Working variables
77
+ var a = H[0];
78
+ var b = H[1];
79
+ var c = H[2];
80
+ var d = H[3];
81
+ var e = H[4];
82
+ var f = H[5];
83
+ var g = H[6];
84
+ var h = H[7];
85
+
86
+ // Computation
87
+ for (var i = 0; i < 64; i++) {
88
+ if (i < 16) {
89
+ W[i] = M[offset + i] | 0;
90
+ } else {
91
+ var gamma0x = W[i - 15];
92
+ var gamma0 = ((gamma0x << 25) | (gamma0x >>> 7)) ^
93
+ ((gamma0x << 14) | (gamma0x >>> 18)) ^
94
+ (gamma0x >>> 3);
95
+
96
+ var gamma1x = W[i - 2];
97
+ var gamma1 = ((gamma1x << 15) | (gamma1x >>> 17)) ^
98
+ ((gamma1x << 13) | (gamma1x >>> 19)) ^
99
+ (gamma1x >>> 10);
100
+
101
+ W[i] = gamma0 + W[i - 7] + gamma1 + W[i - 16];
102
+ }
103
+
104
+ var ch = (e & f) ^ (~e & g);
105
+ var maj = (a & b) ^ (a & c) ^ (b & c);
106
+
107
+ var sigma0 = ((a << 30) | (a >>> 2)) ^ ((a << 19) | (a >>> 13)) ^ ((a << 10) | (a >>> 22));
108
+ var sigma1 = ((e << 26) | (e >>> 6)) ^ ((e << 21) | (e >>> 11)) ^ ((e << 7) | (e >>> 25));
109
+
110
+ var t1 = h + sigma1 + ch + K[i] + W[i];
111
+ var t2 = sigma0 + maj;
112
+
113
+ h = g;
114
+ g = f;
115
+ f = e;
116
+ e = (d + t1) | 0;
117
+ d = c;
118
+ c = b;
119
+ b = a;
120
+ a = (t1 + t2) | 0;
121
+ }
122
+
123
+ // Intermediate hash value
124
+ H[0] = (H[0] + a) | 0;
125
+ H[1] = (H[1] + b) | 0;
126
+ H[2] = (H[2] + c) | 0;
127
+ H[3] = (H[3] + d) | 0;
128
+ H[4] = (H[4] + e) | 0;
129
+ H[5] = (H[5] + f) | 0;
130
+ H[6] = (H[6] + g) | 0;
131
+ H[7] = (H[7] + h) | 0;
132
+ },
133
+
134
+ _doFinalize: function () {
135
+ // Shortcuts
136
+ var data = this._data;
137
+ var dataWords = data.words;
138
+
139
+ var nBitsTotal = this._nDataBytes * 8;
140
+ var nBitsLeft = data.sigBytes * 8;
141
+
142
+ // Add padding
143
+ dataWords[nBitsLeft >>> 5] |= 0x80 << (24 - nBitsLeft % 32);
144
+ dataWords[(((nBitsLeft + 64) >>> 9) << 4) + 14] = Math.floor(nBitsTotal / 0x100000000);
145
+ dataWords[(((nBitsLeft + 64) >>> 9) << 4) + 15] = nBitsTotal;
146
+ data.sigBytes = dataWords.length * 4;
147
+
148
+ // Hash final blocks
149
+ this._process();
150
+
151
+ // Return final computed hash
152
+ return this._hash;
153
+ },
154
+
155
+ clone: function () {
156
+ var clone = Hasher.clone.call(this);
157
+ clone._hash = this._hash.clone();
158
+
159
+ return clone;
160
+ }
161
+ });
162
+
163
+ /**
164
+ * Shortcut function to the hasher's object interface.
165
+ *
166
+ * @param {WordArray|string} message The message to hash.
167
+ *
168
+ * @return {WordArray} The hash.
169
+ *
170
+ * @static
171
+ *
172
+ * @example
173
+ *
174
+ * var hash = CryptoJS.SHA256('message');
175
+ * var hash = CryptoJS.SHA256(wordArray);
176
+ */
177
+ C.SHA256 = Hasher._createHelper(SHA256);
178
+
179
+ /**
180
+ * Shortcut function to the HMAC's object interface.
181
+ *
182
+ * @param {WordArray|string} message The message to hash.
183
+ * @param {WordArray|string} key The secret key.
184
+ *
185
+ * @return {WordArray} The HMAC.
186
+ *
187
+ * @static
188
+ *
189
+ * @example
190
+ *
191
+ * var hmac = CryptoJS.HmacSHA256(message, key);
192
+ */
193
+ C.HmacSHA256 = Hasher._createHmacHelper(SHA256);
194
+ }(Math));
195
+
196
+
197
+ return CryptoJS.SHA256;
198
+
199
+ }));
admin/js/crypto-js/sha3.js ADDED
@@ -0,0 +1,323 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ;(function (root, factory, undef) {
2
+ if (typeof exports === "object") {
3
+ // CommonJS
4
+ module.exports = exports = factory(require("./core"), require("./x64-core"));
5
+ }
6
+ else if (typeof define === "function" && define.amd) {
7
+ // AMD
8
+ define(["./core", "./x64-core"], factory);
9
+ }
10
+ else {
11
+ // Global (browser)
12
+ factory(root.CryptoJS);
13
+ }
14
+ }(this, function (CryptoJS) {
15
+
16
+ (function (Math) {
17
+ // Shortcuts
18
+ var C = CryptoJS;
19
+ var C_lib = C.lib;
20
+ var WordArray = C_lib.WordArray;
21
+ var Hasher = C_lib.Hasher;
22
+ var C_x64 = C.x64;
23
+ var X64Word = C_x64.Word;
24
+ var C_algo = C.algo;
25
+
26
+ // Constants tables
27
+ var RHO_OFFSETS = [];
28
+ var PI_INDEXES = [];
29
+ var ROUND_CONSTANTS = [];
30
+
31
+ // Compute Constants
32
+ (function () {
33
+ // Compute rho offset constants
34
+ var x = 1, y = 0;
35
+ for (var t = 0; t < 24; t++) {
36
+ RHO_OFFSETS[x + 5 * y] = ((t + 1) * (t + 2) / 2) % 64;
37
+
38
+ var newX = y % 5;
39
+ var newY = (2 * x + 3 * y) % 5;
40
+ x = newX;
41
+ y = newY;
42
+ }
43
+
44
+ // Compute pi index constants
45
+ for (var x = 0; x < 5; x++) {
46
+ for (var y = 0; y < 5; y++) {
47
+ PI_INDEXES[x + 5 * y] = y + ((2 * x + 3 * y) % 5) * 5;
48
+ }
49
+ }
50
+
51
+ // Compute round constants
52
+ var LFSR = 0x01;
53
+ for (var i = 0; i < 24; i++) {
54
+ var roundConstantMsw = 0;
55
+ var roundConstantLsw = 0;
56
+
57
+ for (var j = 0; j < 7; j++) {
58
+ if (LFSR & 0x01) {
59
+ var bitPosition = (1 << j) - 1;
60
+ if (bitPosition < 32) {
61
+ roundConstantLsw ^= 1 << bitPosition;
62
+ } else /* if (bitPosition >= 32) */ {
63
+ roundConstantMsw ^= 1 << (bitPosition - 32);
64
+ }
65
+ }
66
+
67
+ // Compute next LFSR
68
+ if (LFSR & 0x80) {
69
+ // Primitive polynomial over GF(2): x^8 + x^6 + x^5 + x^4 + 1
70
+ LFSR = (LFSR << 1) ^ 0x71;
71
+ } else {
72
+ LFSR <<= 1;
73
+ }
74
+ }
75
+
76
+ ROUND_CONSTANTS[i] = X64Word.create(roundConstantMsw, roundConstantLsw);
77
+ }
78
+ }());
79
+
80
+ // Reusable objects for temporary values
81
+ var T = [];
82
+ (function () {
83
+ for (var i = 0; i < 25; i++) {
84
+ T[i] = X64Word.create();
85
+ }
86
+ }());
87
+
88
+ /**
89
+ * SHA-3 hash algorithm.
90
+ */
91
+ var SHA3 = C_algo.SHA3 = Hasher.extend({
92
+ /**
93
+ * Configuration options.
94
+ *
95
+ * @property {number} outputLength
96
+ * The desired number of bits in the output hash.
97
+ * Only values permitted are: 224, 256, 384, 512.
98
+ * Default: 512
99
+ */
100
+ cfg: Hasher.cfg.extend({
101
+ outputLength: 512
102
+ }),
103
+
104
+ _doReset: function () {
105
+ var state = this._state = []
106
+ for (var i = 0; i < 25; i++) {
107
+ state[i] = new X64Word.init();
108
+ }
109
+
110
+ this.blockSize = (1600 - 2 * this.cfg.outputLength) / 32;
111
+ },
112
+
113
+ _doProcessBlock: function (M, offset) {
114
+ // Shortcuts
115
+ var state = this._state;
116
+ var nBlockSizeLanes = this.blockSize / 2;
117
+
118
+ // Absorb
119
+ for (var i = 0; i < nBlockSizeLanes; i++) {
120
+ // Shortcuts
121
+ var M2i = M[offset + 2 * i];
122
+ var M2i1 = M[offset + 2 * i + 1];
123
+
124
+ // Swap endian
125
+ M2i = (
126
+ (((M2i << 8) | (M2i >>> 24)) & 0x00ff00ff) |
127
+ (((M2i << 24) | (M2i >>> 8)) & 0xff00ff00)
128
+ );
129
+ M2i1 = (
130
+ (((M2i1 << 8) | (M2i1 >>> 24)) & 0x00ff00ff) |
131
+ (((M2i1 << 24) | (M2i1 >>> 8)) & 0xff00ff00)
132
+ );
133
+
134
+ // Absorb message into state
135
+ var lane = state[i];
136
+ lane.high ^= M2i1;
137
+ lane.low ^= M2i;
138
+ }
139
+
140
+ // Rounds
141
+ for (var round = 0; round < 24; round++) {
142
+ // Theta
143
+ for (var x = 0; x < 5; x++) {
144
+ // Mix column lanes
145
+ var tMsw = 0, tLsw = 0;
146
+ for (var y = 0; y < 5; y++) {
147
+ var lane = state[x + 5 * y];
148
+ tMsw ^= lane.high;
149
+ tLsw ^= lane.low;
150
+ }
151
+
152
+ // Temporary values
153
+ var Tx = T[x];
154
+ Tx.high = tMsw;
155
+ Tx.low = tLsw;
156
+ }
157
+ for (var x = 0; x < 5; x++) {
158
+ // Shortcuts
159
+ var Tx4 = T[(x + 4) % 5];
160
+ var Tx1 = T[(x + 1) % 5];
161
+ var Tx1Msw = Tx1.high;
162
+ var Tx1Lsw = Tx1.low;
163
+
164
+ // Mix surrounding columns
165
+ var tMsw = Tx4.high ^ ((Tx1Msw << 1) | (Tx1Lsw >>> 31));
166
+ var tLsw = Tx4.low ^ ((Tx1Lsw << 1) | (Tx1Msw >>> 31));
167
+ for (var y = 0; y < 5; y++) {
168
+ var lane = state[x + 5 * y];
169
+ lane.high ^= tMsw;
170
+ lane.low ^= tLsw;
171
+ }
172
+ }
173
+
174
+ // Rho Pi
175
+ for (var laneIndex = 1; laneIndex < 25; laneIndex++) {
176
+ // Shortcuts
177
+ var lane = state[laneIndex];
178
+ var laneMsw = lane.high;
179
+ var laneLsw = lane.low;
180
+ var rhoOffset = RHO_OFFSETS[laneIndex];
181
+
182
+ // Rotate lanes
183
+ if (rhoOffset < 32) {
184
+ var tMsw = (laneMsw << rhoOffset) | (laneLsw >>> (32 - rhoOffset));
185
+ var tLsw = (laneLsw << rhoOffset) | (laneMsw >>> (32 - rhoOffset));
186
+ } else /* if (rhoOffset >= 32) */ {
187
+ var tMsw = (laneLsw << (rhoOffset - 32)) | (laneMsw >>> (64 - rhoOffset));
188
+ var tLsw = (laneMsw << (rhoOffset - 32)) | (laneLsw >>> (64 - rhoOffset));
189
+ }
190
+
191
+ // Transpose lanes
192
+ var TPiLane = T[PI_INDEXES[laneIndex]];
193
+ TPiLane.high = tMsw;
194
+ TPiLane.low = tLsw;
195
+ }
196
+
197
+ // Rho pi at x = y = 0
198
+ var T0 = T[0];
199
+ var state0 = state[0];
200
+ T0.high = state0.high;
201
+ T0.low = state0.low;
202
+
203
+ // Chi
204
+ for (var x = 0; x < 5; x++) {
205
+ for (var y = 0; y < 5; y++) {
206
+ // Shortcuts
207
+ var laneIndex = x + 5 * y;
208
+ var lane = state[laneIndex];
209
+ var TLane = T[laneIndex];
210
+ var Tx1Lane = T[((x + 1) % 5) + 5 * y];
211
+ var Tx2Lane = T[((x + 2) % 5) + 5 * y];
212
+
213
+ // Mix rows
214
+ lane.high = TLane.high ^ (~Tx1Lane.high & Tx2Lane.high);
215
+ lane.low = TLane.low ^ (~Tx1Lane.low & Tx2Lane.low);
216
+ }
217
+ }
218
+
219
+ // Iota
220
+ var lane = state[0];
221
+ var roundConstant = ROUND_CONSTANTS[round];
222
+ lane.high ^= roundConstant.high;
223
+ lane.low ^= roundConstant.low;;
224
+ }
225
+ },
226
+
227
+ _doFinalize: function () {
228
+ // Shortcuts
229
+ var data = this._data;
230
+ var dataWords = data.words;
231
+ var nBitsTotal = this._nDataBytes * 8;
232
+ var nBitsLeft = data.sigBytes * 8;
233
+ var blockSizeBits = this.blockSize * 32;
234
+
235
+ // Add padding
236
+ dataWords[nBitsLeft >>> 5] |= 0x1 << (24 - nBitsLeft % 32);
237
+ dataWords[((Math.ceil((nBitsLeft + 1) / blockSizeBits) * blockSizeBits) >>> 5) - 1] |= 0x80;
238
+ data.sigBytes = dataWords.length * 4;
239
+
240
+ // Hash final blocks
241
+ this._process();
242
+
243
+ // Shortcuts
244
+ var state = this._state;
245
+ var outputLengthBytes = this.cfg.outputLength / 8;
246
+ var outputLengthLanes = outputLengthBytes / 8;
247
+
248
+ // Squeeze
249
+ var hashWords = [];
250
+ for (var i = 0; i < outputLengthLanes; i++) {
251
+ // Shortcuts
252
+ var lane = state[i];
253
+ var laneMsw = lane.high;
254
+ var laneLsw = lane.low;
255
+
256
+ // Swap endian
257
+ laneMsw = (
258
+ (((laneMsw << 8) | (laneMsw >>> 24)) & 0x00ff00ff) |
259
+ (((laneMsw << 24) | (laneMsw >>> 8)) & 0xff00ff00)
260
+ );
261
+ laneLsw = (
262
+ (((laneLsw << 8) | (laneLsw >>> 24)) & 0x00ff00ff) |
263
+ (((laneLsw << 24) | (laneLsw >>> 8)) & 0xff00ff00)
264
+ );
265
+
266
+ // Squeeze state to retrieve hash
267
+ hashWords.push(laneLsw);
268
+ hashWords.push(laneMsw);
269
+ }
270
+
271
+ // Return final computed hash
272
+ return new WordArray.init(hashWords, outputLengthBytes);
273
+ },
274
+
275
+ clone: function () {
276
+ var clone = Hasher.clone.call(this);
277
+
278
+ var state = clone._state = this._state.slice(0);
279
+ for (var i = 0; i < 25; i++) {
280
+ state[i] = state[i].clone();
281
+ }
282
+
283
+ return clone;
284
+ }
285
+ });
286
+
287
+ /**
288
+ * Shortcut function to the hasher's object interface.
289
+ *
290
+ * @param {WordArray|string} message The message to hash.
291
+ *
292
+ * @return {WordArray} The hash.
293
+ *
294
+ * @static
295
+ *
296
+ * @example
297
+ *
298
+ * var hash = CryptoJS.SHA3('message');
299
+ * var hash = CryptoJS.SHA3(wordArray);
300
+ */
301
+ C.SHA3 = Hasher._createHelper(SHA3);
302
+
303
+ /**
304
+ * Shortcut function to the HMAC's object interface.
305
+ *
306
+ * @param {WordArray|string} message The message to hash.
307
+ * @param {WordArray|string} key The secret key.
308
+ *
309
+ * @return {WordArray} The HMAC.
310
+ *
311
+ * @static
312
+ *
313
+ * @example
314
+ *
315
+ * var hmac = CryptoJS.HmacSHA3(message, key);
316
+ */
317
+ C.HmacSHA3 = Hasher._createHmacHelper(SHA3);
318
+ }(Math));
319
+
320
+
321
+ return CryptoJS.SHA3;
322
+
323
+ }));
admin/js/crypto-js/sha384.js ADDED
@@ -0,0 +1,83 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ;(function (root, factory, undef) {
2
+ if (typeof exports === "object") {
3
+ // CommonJS
4
+ module.exports = exports = factory(require("./core"), require("./x64-core"), require("./sha512"));
5
+ }
6
+ else if (typeof define === "function" && define.amd) {
7
+ // AMD
8
+ define(["./core", "./x64-core", "./sha512"], factory);
9
+ }
10
+ else {
11
+ // Global (browser)
12
+ factory(root.CryptoJS);
13
+ }
14
+ }(this, function (CryptoJS) {
15
+
16
+ (function () {
17
+ // Shortcuts
18
+ var C = CryptoJS;
19
+ var C_x64 = C.x64;
20
+ var X64Word = C_x64.Word;
21
+ var X64WordArray = C_x64.WordArray;
22
+ var C_algo = C.algo;
23
+ var SHA512 = C_algo.SHA512;
24
+
25
+ /**
26
+ * SHA-384 hash algorithm.
27
+ */
28
+ var SHA384 = C_algo.SHA384 = SHA512.extend({
29
+ _doReset: function () {
30
+ this._hash = new X64WordArray.init([
31
+ new X64Word.init(0xcbbb9d5d, 0xc1059ed8), new X64Word.init(0x629a292a, 0x367cd507),
32
+ new X64Word.init(0x9159015a, 0x3070dd17), new X64Word.init(0x152fecd8, 0xf70e5939),
33
+ new X64Word.init(0x67332667, 0xffc00b31), new X64Word.init(0x8eb44a87, 0x68581511),
34
+ new X64Word.init(0xdb0c2e0d, 0x64f98fa7), new X64Word.init(0x47b5481d, 0xbefa4fa4)
35
+ ]);
36
+ },
37
+
38
+ _doFinalize: function () {
39
+ var hash = SHA512._doFinalize.call(this);
40
+
41
+ hash.sigBytes -= 16;
42
+
43
+ return hash;
44
+ }
45
+ });
46
+
47
+ /**
48
+ * Shortcut function to the hasher's object interface.
49
+ *
50
+ * @param {WordArray|string} message The message to hash.
51
+ *
52
+ * @return {WordArray} The hash.
53
+ *
54
+ * @static
55
+ *
56
+ * @example
57
+ *
58
+ * var hash = CryptoJS.SHA384('message');
59
+ * var hash = CryptoJS.SHA384(wordArray);
60
+ */
61
+ C.SHA384 = SHA512._createHelper(SHA384);
62
+
63
+ /**
64
+ * Shortcut function to the HMAC's object interface.
65
+ *
66
+ * @param {WordArray|string} message The message to hash.
67
+ * @param {WordArray|string} key The secret key.
68
+ *
69
+ * @return {WordArray} The HMAC.
70
+ *
71
+ * @static
72
+ *
73
+ * @example
74
+ *
75
+ * var hmac = CryptoJS.HmacSHA384(message, key);
76
+ */
77
+ C.HmacSHA384 = SHA512._createHmacHelper(SHA384);
78
+ }());
79
+
80
+
81
+ return CryptoJS.SHA384;
82
+
83
+ }));
admin/js/crypto-js/sha512.js ADDED
@@ -0,0 +1,323 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ;(function (root, factory, undef) {
2
+ if (typeof exports === "object") {
3
+ // CommonJS
4
+ module.exports = exports = factory(require("./core"), require("./x64-core"));
5
+ }
6
+ else if (typeof define === "function" && define.amd) {
7
+ // AMD
8
+ define(["./core", "./x64-core"], factory);
9
+ }
10
+ else {
11
+ // Global (browser)
12
+ factory(root.CryptoJS);
13
+ }
14
+ }(this, function (CryptoJS) {
15
+
16
+ (function () {
17
+ // Shortcuts
18
+ var C = CryptoJS;
19
+ var C_lib = C.lib;
20
+ var Hasher = C_lib.Hasher;
21
+ var C_x64 = C.x64;
22
+ var X64Word = C_x64.Word;
23
+ var X64WordArray = C_x64.WordArray;
24
+ var C_algo = C.algo;
25
+
26
+ function X64Word_create() {
27
+ return X64Word.create.apply(X64Word, arguments);
28
+ }
29
+
30
+ // Constants
31
+ var K = [
32
+ X64Word_create(0x428a2f98, 0xd728ae22), X64Word_create(0x71374491, 0x23ef65cd),
33
+ X64Word_create(0xb5c0fbcf, 0xec4d3b2f), X64Word_create(0xe9b5dba5, 0x8189dbbc),
34
+ X64Word_create(0x3956c25b, 0xf348b538), X64Word_create(0x59f111f1, 0xb605d019),
35
+ X64Word_create(0x923f82a4, 0xaf194f9b), X64Word_create(0xab1c5ed5, 0xda6d8118),
36
+ X64Word_create(0xd807aa98, 0xa3030242), X64Word_create(0x12835b01, 0x45706fbe),
37
+ X64Word_create(0x243185be, 0x4ee4b28c), X64Word_create(0x550c7dc3, 0xd5ffb4e2),
38
+ X64Word_create(0x72be5d74, 0xf27b896f), X64Word_create(0x80deb1fe, 0x3b1696b1),
39
+ X64Word_create(0x9bdc06a7, 0x25c71235), X64Word_create(0xc19bf174, 0xcf692694),
40
+ X64Word_create(0xe49b69c1, 0x9ef14ad2), X64Word_create(0xefbe4786, 0x384f25e3),
41
+ X64Word_create(0x0fc19dc6, 0x8b8cd5b5), X64Word_create(0x240ca1cc, 0x77ac9c65),
42
+ X64Word_create(0x2de92c6f, 0x592b0275), X64Word_create(0x4a7484aa, 0x6ea6e483),
43
+ X64Word_create(0x5cb0a9dc, 0xbd41fbd4), X64Word_create(0x76f988da, 0x831153b5),
44
+ X64Word_create(0x983e5152, 0xee66dfab), X64Word_create(0xa831c66d, 0x2db43210),
45
+ X64Word_create(0xb00327c8, 0x98fb213f), X64Word_create(0xbf597fc7, 0xbeef0ee4),
46
+ X64Word_create(0xc6e00bf3, 0x3da88fc2), X64Word_create(0xd5a79147, 0x930aa725),
47
+ X64Word_create(0x06ca6351, 0xe003826f), X64Word_create(0x14292967, 0x0a0e6e70),
48
+ X64Word_create(0x27b70a85, 0x46d22ffc), X64Word_create(0x2e1b2138, 0x5c26c926),
49
+ X64Word_create(0x4d2c6dfc, 0x5ac42aed), X64Word_create(0x53380d13, 0x9d95b3df),
50
+ X64Word_create(0x650a7354, 0x8baf63de), X64Word_create(0x766a0abb, 0x3c77b2a8),
51
+ X64Word_create(0x81c2c92e, 0x47edaee6), X64Word_create(0x92722c85, 0x1482353b),
52
+ X64Word_create(0xa2bfe8a1, 0x4cf10364), X64Word_create(0xa81a664b, 0xbc423001),
53
+ X64Word_create(0xc24b8b70, 0xd0f89791), X64Word_create(0xc76c51a3, 0x0654be30),
54
+ X64Word_create(0xd192e819, 0xd6ef5218), X64Word_create(0xd6990624, 0x5565a910),
55
+ X64Word_create(0xf40e3585, 0x5771202a), X64Word_create(0x106aa070, 0x32bbd1b8),
56
+ X64Word_create(0x19a4c116, 0xb8d2d0c8), X64Word_create(0x1e376c08, 0x5141ab53),
57
+ X64Word_create(0x2748774c, 0xdf8eeb99), X64Word_create(0x34b0bcb5, 0xe19b48a8),
58
+ X64Word_create(0x391c0cb3, 0xc5c95a63), X64Word_create(0x4ed8aa4a, 0xe3418acb),
59
+ X64Word_create(0x5b9cca4f, 0x7763e373), X64Word_create(0x682e6ff3, 0xd6b2b8a3),
60
+ X64Word_create(0x748f82ee, 0x5defb2fc), X64Word_create(0x78a5636f, 0x43172f60),
61
+ X64Word_create(0x84c87814, 0xa1f0ab72), X64Word_create(0x8cc70208, 0x1a6439ec),
62
+ X64Word_create(0x90befffa, 0x23631e28), X64Word_create(0xa4506ceb, 0xde82bde9),
63
+ X64Word_create(0xbef9a3f7, 0xb2c67915), X64Word_create(0xc67178f2, 0xe372532b),
64
+ X64Word_create(0xca273ece, 0xea26619c), X64Word_create(0xd186b8c7, 0x21c0c207),
65
+ X64Word_create(0xeada7dd6, 0xcde0eb1e), X64Word_create(0xf57d4f7f, 0xee6ed178),
66
+ X64Word_create(0x06f067aa, 0x72176fba), X64Word_create(0x0a637dc5, 0xa2c898a6),
67
+ X64Word_create(0x113f9804, 0xbef90dae), X64Word_create(0x1b710b35, 0x131c471b),
68
+ X64Word_create(0x28db77f5, 0x23047d84), X64Word_create(0x32caab7b, 0x40c72493),
69
+ X64Word_create(0x3c9ebe0a, 0x15c9bebc), X64Word_create(0x431d67c4, 0x9c100d4c),
70
+ X64Word_create(0x4cc5d4be, 0xcb3e42b6), X64Word_create(0x597f299c, 0xfc657e2a),
71
+ X64Word_create(0x5fcb6fab, 0x3ad6faec), X64Word_create(0x6c44198c, 0x4a475817)
72
+ ];
73
+
74
+ // Reusable objects
75
+ var W = [];
76
+ (function () {
77
+ for (var i = 0; i < 80; i++) {
78
+ W[i] = X64Word_create();
79
+ }
80
+ }());
81
+
82
+ /**
83
+ * SHA-512 hash algorithm.
84
+ */
85
+ var SHA512 = C_algo.SHA512 = Hasher.extend({
86
+ _doReset: function () {
87
+ this._hash = new X64WordArray.init([
88
+ new X64Word.init(0x6a09e667, 0xf3bcc908), new X64Word.init(0xbb67ae85, 0x84caa73b),
89
+ new X64Word.init(0x3c6ef372, 0xfe94f82b), new X64Word.init(0xa54ff53a, 0x5f1d36f1),
90
+ new X64Word.init(0x510e527f, 0xade682d1), new X64Word.init(0x9b05688c, 0x2b3e6c1f),
91
+ new X64Word.init(0x1f83d9ab, 0xfb41bd6b), new X64Word.init(0x5be0cd19, 0x137e2179)
92
+ ]);
93
+ },
94
+
95
+ _doProcessBlock: function (M, offset) {
96
+ // Shortcuts
97
+ var H = this._hash.words;
98
+
99
+ var H0 = H[0];
100
+ var H1 = H[1];
101
+ var H2 = H[2];
102
+ var H3 = H[3];
103
+ var H4 = H[4];
104
+ var H5 = H[5];
105
+ var H6 = H[6];
106
+ var H7 = H[7];
107
+
108
+ var H0h = H0.high;
109
+ var H0l = H0.low;
110
+ var H1h = H1.high;
111
+ var H1l = H1.low;
112
+ var H2h = H2.high;
113
+ var H2l = H2.low;
114
+ var H3h = H3.high;
115
+ var H3l = H3.low;
116
+ var H4h = H4.high;
117
+ var H4l = H4.low;
118
+ var H5h = H5.high;
119
+ var H5l = H5.low;
120
+ var H6h = H6.high;
121
+ var H6l = H6.low;
122
+ var H7h = H7.high;
123
+ var H7l = H7.low;
124
+
125
+ // Working variables
126
+ var ah = H0h;
127
+ var al = H0l;
128
+ var bh = H1h;
129
+ var bl = H1l;
130
+ var ch = H2h;
131
+ var cl = H2l;
132
+ var dh = H3h;
133
+ var dl = H3l;
134
+ var eh = H4h;
135
+ var el = H4l;
136
+ var fh = H5h;
137
+ var fl = H5l;
138
+ var gh = H6h;
139
+ var gl = H6l;
140
+ var hh = H7h;
141
+ var hl = H7l;
142
+
143
+ // Rounds
144
+ for (var i = 0; i < 80; i++) {
145
+ // Shortcut
146
+ var Wi = W[i];
147
+
148
+ // Extend message
149
+ if (i < 16) {
150
+ var Wih = Wi.high = M[offset + i * 2] | 0;
151
+ var Wil = Wi.low = M[offset + i * 2 + 1] | 0;
152
+ } else {
153
+ // Gamma0
154
+ var gamma0x = W[i - 15];
155
+ var gamma0xh = gamma0x.high;
156
+ var gamma0xl = gamma0x.low;
157
+ var gamma0h = ((gamma0xh >>> 1) | (gamma0xl << 31)) ^ ((gamma0xh >>> 8) | (gamma0xl << 24)) ^ (gamma0xh >>> 7);
158
+ var gamma0l = ((gamma0xl >>> 1) | (gamma0xh << 31)) ^ ((gamma0xl >>> 8) | (gamma0xh << 24)) ^ ((gamma0xl >>> 7) | (gamma0xh << 25));
159
+
160
+ // Gamma1
161
+ var gamma1x = W[i - 2];
162
+ var gamma1xh = gamma1x.high;
163
+ var gamma1xl = gamma1x.low;
164
+ var gamma1h = ((gamma1xh >>> 19) | (gamma1xl << 13)) ^ ((gamma1xh << 3) | (gamma1xl >>> 29)) ^ (gamma1xh >>> 6);
165
+ var gamma1l = ((gamma1xl >>> 19) | (gamma1xh << 13)) ^ ((gamma1xl << 3) | (gamma1xh >>> 29)) ^ ((gamma1xl >>> 6) | (gamma1xh << 26));
166
+
167
+ // W[i] = gamma0 + W[i - 7] + gamma1 + W[i - 16]
168
+ var Wi7 = W[i - 7];
169
+ var Wi7h = Wi7.high;
170
+ var Wi7l = Wi7.low;
171
+
172
+ var Wi16 = W[i - 16];
173
+ var Wi16h = Wi16.high;
174
+ var Wi16l = Wi16.low;
175
+
176
+ var Wil = gamma0l + Wi7l;
177
+ var Wih = gamma0h + Wi7h + ((Wil >>> 0) < (gamma0l >>> 0) ? 1 : 0);
178
+ var Wil = Wil + gamma1l;
179
+ var Wih = Wih + gamma1h + ((Wil >>> 0) < (gamma1l >>> 0) ? 1 : 0);
180
+ var Wil = Wil + Wi16l;
181
+ var Wih = Wih + Wi16h + ((Wil >>> 0) < (Wi16l >>> 0) ? 1 : 0);
182
+
183
+ Wi.high = Wih;
184
+ Wi.low = Wil;
185
+ }
186
+
187
+ var chh = (eh & fh) ^ (~eh & gh);
188
+ var chl = (el & fl) ^ (~el & gl);
189
+ var majh = (ah & bh) ^ (ah & ch) ^ (bh & ch);
190
+ var majl = (al & bl) ^ (al & cl) ^ (bl & cl);
191
+
192
+ var sigma0h = ((ah >>> 28) | (al << 4)) ^ ((ah << 30) | (al >>> 2)) ^ ((ah << 25) | (al >>> 7));
193
+ var sigma0l = ((al >>> 28) | (ah << 4)) ^ ((al << 30) | (ah >>> 2)) ^ ((al << 25) | (ah >>> 7));
194
+ var sigma1h = ((eh >>> 14) | (el << 18)) ^ ((eh >>> 18) | (el << 14)) ^ ((eh << 23) | (el >>> 9));
195
+ var sigma1l = ((el >>> 14) | (eh << 18)) ^ ((el >>> 18) | (eh << 14)) ^ ((el << 23) | (eh >>> 9));
196
+
197
+ // t1 = h + sigma1 + ch + K[i] + W[i]
198
+ var Ki = K[i];
199
+ var Kih = Ki.high;
200
+ var Kil = Ki.low;
201
+
202
+ var t1l = hl + sigma1l;
203
+ var t1h = hh + sigma1h + ((t1l >>> 0) < (hl >>> 0) ? 1 : 0);
204
+ var t1l = t1l + chl;
205
+ var t1h = t1h + chh + ((t1l >>> 0) < (chl >>> 0) ? 1 : 0);
206
+ var t1l = t1l + Kil;
207
+ var t1h = t1h + Kih + ((t1l >>> 0) < (Kil >>> 0) ? 1 : 0);
208
+ var t1l = t1l + Wil;
209
+ var t1h = t1h + Wih + ((t1l >>> 0) < (Wil >>> 0) ? 1 : 0);
210
+
211
+ // t2 = sigma0 + maj
212
+ var t2l = sigma0l + majl;
213
+ var t2h = sigma0h + majh + ((t2l >>> 0) < (sigma0l >>> 0) ? 1 : 0);
214
+
215
+ // Update working variables
216
+ hh = gh;
217
+ hl = gl;
218
+ gh = fh;
219
+ gl = fl;
220
+ fh = eh;
221
+ fl = el;
222
+ el = (dl + t1l) | 0;
223
+ eh = (dh + t1h + ((el >>> 0) < (dl >>> 0) ? 1 : 0)) | 0;
224
+ dh = ch;
225
+ dl = cl;
226
+ ch = bh;
227
+ cl = bl;
228
+ bh = ah;
229
+ bl = al;
230
+ al = (t1l + t2l) | 0;
231
+ ah = (t1h + t2h + ((al >>> 0) < (t1l >>> 0) ? 1 : 0)) | 0;
232
+ }
233
+
234
+ // Intermediate hash value
235
+ H0l = H0.low = (H0l + al);
236
+ H0.high = (H0h + ah + ((H0l >>> 0) < (al >>> 0) ? 1 : 0));
237
+ H1l = H1.low = (H1l + bl);
238
+ H1.high = (H1h + bh + ((H1l >>> 0) < (bl >>> 0) ? 1 : 0));
239
+ H2l = H2.low = (H2l + cl);
240
+ H2.high = (H2h + ch + ((H2l >>> 0) < (cl >>> 0) ? 1 : 0));
241
+ H3l = H3.low = (H3l + dl);
242
+ H3.high = (H3h + dh + ((H3l >>> 0) < (dl >>> 0) ? 1 : 0));
243
+ H4l = H4.low = (H4l + el);
244
+ H4.high = (H4h + eh + ((H4l >>> 0) < (el >>> 0) ? 1 : 0));
245
+ H5l = H5.low = (H5l + fl);
246
+ H5.high = (H5h + fh + ((H5l >>> 0) < (fl >>> 0) ? 1 : 0));
247
+ H6l = H6.low = (H6l + gl);
248
+ H6.high = (H6h + gh + ((H6l >>> 0) < (gl >>> 0) ? 1 : 0));
249
+ H7l = H7.low = (H7l + hl);
250
+ H7.high = (H7h + hh + ((H7l >>> 0) < (hl >>> 0) ? 1 : 0));
251
+ },
252
+
253
+ _doFinalize: function () {
254
+ // Shortcuts
255
+ var data = this._data;
256
+ var dataWords = data.words;
257
+
258
+ var nBitsTotal = this._nDataBytes * 8;
259
+ var nBitsLeft = data.sigBytes * 8;
260
+
261
+ // Add padding
262
+ dataWords[nBitsLeft >>> 5] |= 0x80 << (24 - nBitsLeft % 32);
263
+ dataWords[(((nBitsLeft + 128) >>> 10) << 5) + 30] = Math.floor(nBitsTotal / 0x100000000);
264
+ dataWords[(((nBitsLeft + 128) >>> 10) << 5) + 31] = nBitsTotal;
265
+ data.sigBytes = dataWords.length * 4;
266
+
267
+ // Hash final blocks
268
+ this._process();
269
+
270
+ // Convert hash to 32-bit word array before returning
271
+ var hash = this._hash.toX32();
272
+
273
+ // Return final computed hash
274
+ return hash;
275
+ },
276
+
277
+ clone: function () {
278
+ var clone = Hasher.clone.call(this);
279
+ clone._hash = this._hash.clone();
280
+
281
+ return clone;
282
+ },
283
+
284
+ blockSize: 1024/32
285
+ });
286
+
287
+ /**
288
+ * Shortcut function to the hasher's object interface.
289
+ *
290
+ * @param {WordArray|string} message The message to hash.
291
+ *
292
+ * @return {WordArray} The hash.
293
+ *
294
+ * @static
295
+ *
296
+ * @example
297
+ *
298
+ * var hash = CryptoJS.SHA512('message');
299
+ * var hash = CryptoJS.SHA512(wordArray);
300
+ */
301
+ C.SHA512 = Hasher._createHelper(SHA512);
302
+
303
+ /**
304
+ * Shortcut function to the HMAC's object interface.
305
+ *
306
+ * @param {WordArray|string} message The message to hash.
307
+ * @param {WordArray|string} key The secret key.
308
+ *
309
+ * @return {WordArray} The HMAC.
310
+ *
311
+ * @static
312
+ *
313
+ * @example
314
+ *
315
+ * var hmac = CryptoJS.HmacSHA512(message, key);
316
+ */
317
+ C.HmacSHA512 = Hasher._createHmacHelper(SHA512);
318
+ }());
319
+
320
+
321
+ return CryptoJS.SHA512;
322
+
323
+ }));
admin/js/crypto-js/tripledes.js ADDED
@@ -0,0 +1,770 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ;(function (root, factory, undef) {
2
+ if (typeof exports === "object") {
3
+ // CommonJS
4
+ module.exports = exports = factory(require("./core"), require("./enc-base64"), require("./md5"), require("./evpkdf"), require("./cipher-core"));
5
+ }
6
+ else if (typeof define === "function" && define.amd) {
7
+ // AMD
8
+ define(["./core", "./enc-base64", "./md5", "./evpkdf", "./cipher-core"], factory);
9
+ }
10
+ else {
11
+ // Global (browser)
12
+ factory(root.CryptoJS);
13
+ }
14
+ }(this, function (CryptoJS) {
15
+
16
+ (function () {
17
+ // Shortcuts
18
+ var C = CryptoJS;
19
+ var C_lib = C.lib;
20
+ var WordArray = C_lib.WordArray;
21
+ var BlockCipher = C_lib.BlockCipher;
22
+ var C_algo = C.algo;
23
+
24
+ // Permuted Choice 1 constants
25
+ var PC1 = [
26
+ 57, 49, 41, 33, 25, 17, 9, 1,
27
+ 58, 50, 42, 34, 26, 18, 10, 2,
28
+ 59, 51, 43, 35, 27, 19, 11, 3,
29
+ 60, 52, 44, 36, 63, 55, 47, 39,
30
+ 31, 23, 15, 7, 62, 54, 46, 38,
31
+ 30, 22, 14, 6, 61, 53, 45, 37,
32
+ 29, 21, 13, 5, 28, 20, 12, 4
33
+ ];
34
+
35
+ // Permuted Choice 2 constants
36
+ var PC2 = [
37
+ 14, 17, 11, 24, 1, 5,
38
+ 3, 28, 15, 6, 21, 10,
39
+ 23, 19, 12, 4, 26, 8,
40
+ 16, 7, 27, 20, 13, 2,
41
+ 41, 52, 31, 37, 47, 55,
42
+ 30, 40, 51, 45, 33, 48,
43
+ 44, 49, 39, 56, 34, 53,
44
+ 46, 42, 50, 36, 29, 32
45
+ ];
46
+
47
+ // Cumulative bit shift constants
48
+ var BIT_SHIFTS = [1, 2, 4, 6, 8, 10, 12, 14, 15, 17, 19, 21, 23, 25, 27, 28];
49
+
50
+ // SBOXes and round permutation constants
51
+ var SBOX_P = [
52
+ {
53
+ 0x0: 0x808200,
54
+ 0x10000000: 0x8000,
55
+ 0x20000000: 0x808002,
56
+ 0x30000000: 0x2,
57
+ 0x40000000: 0x200,
58
+ 0x50000000: 0x808202,
59
+ 0x60000000: 0x800202,
60
+ 0x70000000: 0x800000,
61
+ 0x80000000: 0x202,
62
+ 0x90000000: 0x800200,
63
+ 0xa0000000: 0x8200,
64
+ 0xb0000000: 0x808000,
65
+ 0xc0000000: 0x8002,
66
+ 0xd0000000: 0x800002,
67
+ 0xe0000000: 0x0,
68
+ 0xf0000000: 0x8202,
69
+ 0x8000000: 0x0,
70
+ 0x18000000: 0x808202,
71
+ 0x28000000: 0x8202,
72
+ 0x38000000: 0x8000,
73
+ 0x48000000: 0x808200,
74
+ 0x58000000: 0x200,
75
+ 0x68000000: 0x808002,
76
+ 0x78000000: 0x2,
77
+ 0x88000000: 0x800200,
78
+ 0x98000000: 0x8200,
79
+ 0xa8000000: 0x808000,
80
+ 0xb8000000: 0x800202,
81
+ 0xc8000000: 0x800002,
82
+ 0xd8000000: 0x8002,
83
+ 0xe8000000: 0x202,
84
+ 0xf8000000: 0x800000,
85
+ 0x1: 0x8000,
86
+ 0x10000001: 0x2,
87
+ 0x20000001: 0x808200,
88
+ 0x30000001: 0x800000,
89
+ 0x40000001: 0x808002,
90
+ 0x50000001: 0x8200,
91
+ 0x60000001: 0x200,
92
+ 0x70000001: 0x800202,
93
+ 0x80000001: 0x808202,
94
+ 0x90000001: 0x808000,
95
+ 0xa0000001: 0x800002,
96
+ 0xb0000001: 0x8202,
97
+ 0xc0000001: 0x202,
98
+ 0xd0000001: 0x800200,
99
+ 0xe0000001: 0x8002,
100
+ 0xf0000001: 0x0,
101
+ 0x8000001: 0x808202,
102
+ 0x18000001: 0x808000,
103
+ 0x28000001: 0x800000,
104
+ 0x38000001: 0x200,
105
+ 0x48000001: 0x8000,
106
+ 0x58000001: 0x800002,
107
+ 0x68000001: 0x2,
108
+ 0x78000001: 0x8202,
109
+ 0x88000001: 0x8002,
110
+ 0x98000001: 0x800202,
111
+ 0xa8000001: 0x202,
112
+ 0xb8000001: 0x808200,
113
+ 0xc8000001: 0x800200,
114
+ 0xd8000001: 0x0,
115
+ 0xe8000001: 0x8200,
116
+ 0xf8000001: 0x808002
117
+ },
118
+ {
119
+ 0x0: 0x40084010,
120
+ 0x1000000: 0x4000,
121
+ 0x2000000: 0x80000,
122
+ 0x3000000: 0x40080010,
123
+ 0x4000000: 0x40000010,
124
+ 0x5000000: 0x40084000,
125
+ 0x6000000: 0x40004000,
126
+ 0x7000000: 0x10,
127
+ 0x8000000: 0x84000,
128
+ 0x9000000: 0x40004010,
129
+ 0xa000000: 0x40000000,
130
+ 0xb000000: 0x84010,
131
+ 0xc000000: 0x80010,
132
+ 0xd000000: 0x0,
133
+ 0xe000000: 0x4010,
134
+ 0xf000000: 0x40080000,
135
+ 0x800000: 0x40004000,
136
+ 0x1800000: 0x84010,
137
+ 0x2800000: 0x10,
138
+ 0x3800000: 0x40004010,
139
+ 0x4800000: 0x40084010,
140
+ 0x5800000: 0x40000000,
141
+ 0x6800000: 0x80000,
142
+ 0x7800000: 0x40080010,
143
+ 0x8800000: 0x80010,
144
+ 0x9800000: 0x0,
145
+ 0xa800000: 0x4000,
146
+ 0xb800000: 0x40080000,
147
+ 0xc800000: 0x40000010,
148
+ 0xd800000: 0x84000,
149
+ 0xe800000: 0x40084000,
150
+ 0xf800000: 0x4010,
151
+ 0x10000000: 0x0,
152
+ 0x11000000: 0x40080010,
153
+ 0x12000000: 0x40004010,
154
+ 0x13000000: 0x40084000,
155
+ 0x14000000: 0x40080000,
156
+ 0x15000000: 0x10,
157
+ 0x16000000: 0x84010,
158
+ 0x17000000: 0x4000,
159
+ 0x18000000: 0x4010,
160
+ 0x19000000: 0x80000,
161
+ 0x1a000000: 0x80010,
162
+ 0x1b000000: 0x40000010,
163
+ 0x1c000000: 0x84000,
164
+ 0x1d000000: 0x40004000,
165
+ 0x1e000000: 0x40000000,
166
+ 0x1f000000: 0x40084010,
167
+ 0x10800000: 0x84010,
168
+ 0x11800000: 0x80000,
169
+ 0x12800000: 0x40080000,
170
+ 0x13800000: 0x4000,
171
+ 0x14800000: 0x40004000,
172
+ 0x15800000: 0x40084010,
173
+ 0x16800000: 0x10,
174
+ 0x17800000: 0x40000000,
175
+ 0x18800000: 0x40084000,
176
+ 0x19800000: 0x40000010,
177
+ 0x1a800000: 0x40004010,
178
+ 0x1b800000: 0x80010,
179
+ 0x1c800000: 0x0,
180
+ 0x1d800000: 0x4010,
181
+ 0x1e800000: 0x40080010,
182
+ 0x1f800000: 0x84000
183
+ },
184
+ {
185
+ 0x0: 0x104,
186
+ 0x100000: 0x0,
187
+ 0x200000: 0x4000100,
188
+ 0x300000: 0x10104,
189
+ 0x400000: 0x10004,
190
+ 0x500000: 0x4000004,
191
+ 0x600000: 0x4010104,
192
+ 0x700000: 0x4010000,
193
+ 0x800000: 0x4000000,
194
+ 0x900000: 0x4010100,
195
+ 0xa00000: 0x10100,
196
+ 0xb00000: 0x4010004,
197
+ 0xc00000: 0x4000104,
198
+ 0xd00000: 0x10000,
199
+ 0xe00000: 0x4,
200
+ 0xf00000: 0x100,
201
+ 0x80000: 0x4010100,
202
+ 0x180000: 0x4010004,
203
+ 0x280000: 0x0,
204
+ 0x380000: 0x4000100,
205
+ 0x480000: 0x4000004,
206
+ 0x580000: 0x10000,
207
+ 0x680000: 0x10004,
208
+ 0x780000: 0x104,
209
+ 0x880000: 0x4,
210
+ 0x980000: 0x100,
211
+ 0xa80000: 0x4010000,
212
+ 0xb80000: 0x10104,
213
+ 0xc80000: 0x10100,
214
+ 0xd80000: 0x4000104,
215
+ 0xe80000: 0x4010104,
216
+ 0xf80000: 0x4000000,
217
+ 0x1000000: 0x4010100,
218
+ 0x1100000: 0x10004,
219
+ 0x1200000: 0x10000,
220
+ 0x1300000: 0x4000100,
221
+ 0x1400000: 0x100,
222
+ 0x1500000: 0x4010104,
223
+ 0x1600000: 0x4000004,
224
+ 0x1700000: 0x0,
225
+ 0x1800000: 0x4000104,
226
+ 0x1900000: 0x4000000,
227
+ 0x1a00000: 0x4,
228
+ 0x1b00000: 0x10100,
229
+ 0x1c00000: 0x4010000,
230
+ 0x1d00000: 0x104,
231
+ 0x1e00000: 0x10104,
232
+ 0x1f00000: 0x4010004,
233
+ 0x1080000: 0x4000000,
234
+ 0x1180000: 0x104,
235
+ 0x1280000: 0x4010100,
236
+ 0x1380000: 0x0,
237
+ 0x1480000: 0x10004,
238
+ 0x1580000: 0x4000100,
239
+ 0x1680000: 0x100,
240
+ 0x1780000: 0x4010004,
241
+ 0x1880000: 0x10000,
242
+ 0x1980000: 0x4010104,
243
+ 0x1a80000: 0x10104,
244
+ 0x1b80000: 0x4000004,
245
+ 0x1c80000: 0x4000104,
246
+ 0x1d80000: 0x4010000,
247
+ 0x1e80000: 0x4,
248
+ 0x1f80000: 0x10100
249
+ },
250
+ {
251
+ 0x0: 0x80401000,
252
+ 0x10000: 0x80001040,
253
+ 0x20000: 0x401040,
254
+ 0x30000: 0x80400000,
255
+ 0x40000: 0x0,
256
+ 0x50000: 0x401000,
257
+ 0x60000: 0x80000040,
258
+ 0x70000: 0x400040,
259
+ 0x80000: 0x80000000,
260
+ 0x90000: 0x400000,
261
+ 0xa0000: 0x40,
262
+ 0xb0000: 0x80001000,
263
+ 0xc0000: 0x80400040,
264
+ 0xd0000: 0x1040,
265
+ 0xe0000: 0x1000,
266
+ 0xf0000: 0x80401040,
267
+ 0x8000: 0x80001040,
268
+ 0x18000: 0x40,
269
+ 0x28000: 0x80400040,
270
+ 0x38000: 0x80001000,
271
+ 0x48000: 0x401000,
272
+ 0x58000: 0x80401040,
273
+ 0x68000: 0x0,
274
+ 0x78000: 0x80400000,
275
+ 0x88000: 0x1000,
276
+ 0x98000: 0x80401000,
277
+ 0xa8000: 0x400000,
278
+ 0xb8000: 0x1040,
279
+ 0xc8000: 0x80000000,
280
+ 0xd8000: 0x400040,
281
+ 0xe8000: 0x401040,
282
+ 0xf8000: 0x80000040,
283
+ 0x100000: 0x400040,
284
+ 0x110000: 0x401000,
285
+ 0x120000: 0x80000040,
286
+ 0x130000: 0x0,
287
+ 0x140000: 0x1040,
288
+ 0x150000: 0x80400040,
289
+ 0x160000: 0x80401000,
290
+ 0x170000: 0x80001040,
291
+ 0x180000: 0x80401040,
292
+ 0x190000: 0x80000000,
293
+ 0x1a0000: 0x80400000,
294
+ 0x1b0000: 0x401040,
295
+ 0x1c0000: 0x80001000,
296
+ 0x1d0000: 0x400000,
297
+ 0x1e0000: 0x40,
298
+ 0x1f0000: 0x1000,
299
+ 0x108000: 0x80400000,
300
+ 0x118000: 0x80401040,
301
+ 0x128000: 0x0,
302
+ 0x138000: 0x401000,
303
+ 0x148000: 0x400040,
304
+ 0x158000: 0x80000000,
305
+ 0x168000: 0x80001040,
306
+ 0x178000: 0x40,
307
+ 0x188000: 0x80000040,
308
+ 0x198000: 0x1000,
309
+ 0x1a8000: 0x80001000,
310
+ 0x1b8000: 0x80400040,
311
+ 0x1c8000: 0x1040,
312
+ 0x1d8000: 0x80401000,
313
+ 0x1e8000: 0x400000,
314
+ 0x1f8000: 0x401040
315
+ },
316
+ {
317
+ 0x0: 0x80,
318
+ 0x1000: 0x1040000,
319
+ 0x2000: 0x40000,
320
+ 0x3000: 0x20000000,
321
+ 0x4000: 0x20040080,
322
+ 0x5000: 0x1000080,
323
+ 0x6000: 0x21000080,
324
+ 0x7000: 0x40080,
325
+ 0x8000: 0x1000000,
326
+ 0x9000: 0x20040000,
327
+ 0xa000: 0x20000080,
328
+ 0xb000: 0x21040080,
329
+ 0xc000: 0x21040000,
330
+ 0xd000: 0x0,
331
+ 0xe000: 0x1040080,
332
+ 0xf000: 0x21000000,
333
+ 0x800: 0x1040080,
334
+ 0x1800: 0x21000080,
335
+ 0x2800: 0x80,
336
+ 0x3800: 0x1040000,
337
+ 0x4800: 0x40000,
338
+ 0x5800: 0x20040080,
339
+ 0x6800: 0x21040000,
340
+ 0x7800: 0x20000000,
341
+ 0x8800: 0x20040000,
342
+ 0x9800: 0x0,
343
+ 0xa800: 0x21040080,
344
+ 0xb800: 0x1000080,
345
+ 0xc800: 0x20000080,
346
+ 0xd800: 0x21000000,
347
+ 0xe800: 0x1000000,
348
+ 0xf800: 0x40080,
349
+ 0x10000: 0x40000,
350
+ 0x11000: 0x80,
351
+ 0x12000: 0x20000000,
352
+ 0x13000: 0x21000080,
353
+ 0x14000: 0x1000080,
354
+ 0x15000: 0x21040000,
355
+ 0x16000: 0x20040080,
356
+ 0x17000: 0x1000000,
357
+ 0x18000: 0x21040080,
358
+ 0x19000: 0x21000000,
359
+ 0x1a000: 0x1040000,
360
+ 0x1b000: 0x20040000,
361
+ 0x1c000: 0x40080,
362
+ 0x1d000: 0x20000080,
363
+ 0x1e000: 0x0,
364
+ 0x1f000: 0x1040080,
365
+ 0x10800: 0x21000080,
366
+ 0x11800: 0x1000000,
367
+ 0x12800: 0x1040000,
368
+ 0x13800: 0x20040080,
369
+ 0x14800: 0x20000000,
370
+ 0x15800: 0x1040080,
371
+ 0x16800: 0x80,
372
+ 0x17800: 0x21040000,
373
+ 0x18800: 0x40080,
374
+ 0x19800: 0x21040080,
375
+ 0x1a800: 0x0,
376
+ 0x1b800: 0x21000000,
377
+ 0x1c800: 0x1000080,
378
+ 0x1d800: 0x40000,
379
+ 0x1e800: 0x20040000,
380
+ 0x1f800: 0x20000080
381
+ },
382
+ {
383
+ 0x0: 0x10000008,
384
+ 0x100: 0x2000,
385
+ 0x200: 0x10200000,
386
+ 0x300: 0x10202008,
387
+ 0x400: 0x10002000,
388
+ 0x500: 0x200000,
389
+ 0x600: 0x200008,
390
+ 0x700: 0x10000000,
391
+ 0x800: 0x0,
392
+ 0x900: 0x10002008,
393
+ 0xa00: 0x202000,
394
+ 0xb00: 0x8,
395
+ 0xc00: 0x10200008,
396
+ 0xd00: 0x202008,
397
+ 0xe00: 0x2008,
398
+ 0xf00: 0x10202000,
399
+ 0x80: 0x10200000,
400
+ 0x180: 0x10202008,
401
+ 0x280: 0x8,
402
+ 0x380: 0x200000,
403
+ 0x480: 0x202008,
404
+ 0x580: 0x10000008,
405
+ 0x680: 0x10002000,
406
+ 0x780: 0x2008,
407
+ 0x880: 0x200008,
408
+ 0x980: 0x2000,
409
+ 0xa80: 0x10002008,
410
+ 0xb80: 0x10200008,
411
+ 0xc80: 0x0,
412
+ 0xd80: 0x10202000,
413
+ 0xe80: 0x202000,
414
+ 0xf80: 0x10000000,
415
+ 0x1000: 0x10002000,
416
+ 0x1100: 0x10200008,
417
+ 0x1200: 0x10202008,
418
+ 0x1300: 0x2008,
419
+ 0x1400: 0x200000,
420
+ 0x1500: 0x10000000,
421
+ 0x1600: 0x10000008,
422
+ 0x1700: 0x202000,
423
+ 0x1800: 0x202008,
424
+ 0x1900: 0x0,
425
+ 0x1a00: 0x8,
426
+ 0x1b00: 0x10200000,
427
+ 0x1c00: 0x2000,
428
+ 0x1d00: 0x10002008,
429
+ 0x1e00: 0x10202000,
430
+ 0x1f00: 0x200008,
431
+ 0x1080: 0x8,
432
+ 0x1180: 0x202000,
433
+ 0x1280: 0x200000,
434
+ 0x1380: 0x10000008,
435
+ 0x1480: 0x10002000,
436
+ 0x1580: 0x2008,
437
+ 0x1680: 0x10202008,
438
+ 0x1780: 0x10200000,
439
+ 0x1880: 0x10202000,
440
+ 0x1980: 0x10200008,
441
+ 0x1a80: 0x2000,
442
+ 0x1b80: 0x202008,
443
+ 0x1c80: 0x200008,
444
+ 0x1d80: 0x0,
445
+ 0x1e80: 0x10000000,
446
+ 0x1f80: 0x10002008
447
+ },
448
+ {
449
+ 0x0: 0x100000,
450
+ 0x10: 0x2000401,
451
+ 0x20: 0x400,
452
+ 0x30: 0x100401,
453
+ 0x40: 0x2100401,
454
+ 0x50: 0x0,
455
+ 0x60: 0x1,
456
+ 0x70: 0x2100001,
457
+ 0x80: 0x2000400,
458
+ 0x90: 0x100001,
459
+ 0xa0: 0x2000001,
460
+ 0xb0: 0x2100400,
461
+ 0xc0: 0x2100000,
462
+ 0xd0: 0x401,
463
+ 0xe0: 0x100400,
464
+ 0xf0: 0x2000000,
465
+ 0x8: 0x2100001,
466
+ 0x18: 0x0,
467
+ 0x28: 0x2000401,
468
+ 0x38: 0x2100400,
469
+ 0x48: 0x100000,
470
+ 0x58: 0x2000001,
471
+ 0x68: 0x2000000,
472
+ 0x78: 0x401,
473
+ 0x88: 0x100401,
474
+ 0x98: 0x2000400,
475
+ 0xa8: 0x2100000,
476
+ 0xb8: 0x100001,
477
+ 0xc8: 0x400,
478
+ 0xd8: 0x2100401,
479
+ 0xe8: 0x1,
480
+ 0xf8: 0x100400,
481
+ 0x100: 0x2000000,
482
+ 0x110: 0x100000,
483
+ 0x120: 0x2000401,
484
+ 0x130: 0x2100001,
485
+ 0x140: 0x100001,
486
+ 0x150: 0x2000400,
487
+ 0x160: 0x2100400,
488
+ 0x170: 0x100401,
489
+ 0x180: 0x401,
490
+ 0x190: 0x2100401,
491
+ 0x1a0: 0x100400,
492
+ 0x1b0: 0x1,
493
+ 0x1c0: 0x0,
494
+ 0x1d0: 0x2100000,
495
+ 0x1e0: 0x2000001,
496
+ 0x1f0: 0x400,
497
+ 0x108: 0x100400,
498
+ 0x118: 0x2000401,
499
+ 0x128: 0x2100001,
500
+ 0x138: 0x1,
501
+ 0x148: 0x2000000,
502
+ 0x158: 0x100000,
503
+ 0x168: 0x401,
504
+ 0x178: 0x2100400,
505
+ 0x188: 0x2000001,
506
+ 0x198: 0x2100000,
507
+ 0x1a8: 0x0,
508
+ 0x1b8: 0x2100401,
509
+ 0x1c8: 0x100401,
510
+ 0x1d8: 0x400,
511
+ 0x1e8: 0x2000400,
512
+ 0x1f8: 0x100001
513
+ },
514
+ {
515
+ 0x0: 0x8000820,
516
+ 0x1: 0x20000,
517
+ 0x2: 0x8000000,
518
+ 0x3: 0x20,
519
+ 0x4: 0x20020,
520
+ 0x5: 0x8020820,
521
+ 0x6: 0x8020800,
522
+ 0x7: 0x800,
523
+ 0x8: 0x8020000,
524
+ 0x9: 0x8000800,
525
+ 0xa: 0x20800,
526
+ 0xb: 0x8020020,
527
+ 0xc: 0x820,
528
+ 0xd: 0x0,
529
+ 0xe: 0x8000020,
530
+ 0xf: 0x20820,
531
+ 0x80000000: 0x800,
532
+ 0x80000001: 0x8020820,
533
+ 0x80000002: 0x8000820,
534
+ 0x80000003: 0x8000000,
535
+ 0x80000004: 0x8020000,
536
+ 0x80000005: 0x20800,
537
+ 0x80000006: 0x20820,
538
+ 0x80000007: 0x20,
539
+ 0x80000008: 0x8000020,
540
+ 0x80000009: 0x820,
541
+ 0x8000000a: 0x20020,
542
+ 0x8000000b: 0x8020800,
543
+ 0x8000000c: 0x0,
544
+ 0x8000000d: 0x8020020,
545
+ 0x8000000e: 0x8000800,
546
+ 0x8000000f: 0x20000,
547
+ 0x10: 0x20820,
548
+ 0x11: 0x8020800,
549
+ 0x12: 0x20,
550
+ 0x13: 0x800,
551
+ 0x14: 0x8000800,
552
+ 0x15: 0x8000020,
553
+ 0x16: 0x8020020,
554
+ 0x17: 0x20000,
555
+ 0x18: 0x0,
556
+ 0x19: 0x20020,
557
+ 0x1a: 0x8020000,
558
+ 0x1b: 0x8000820,
559
+ 0x1c: 0x8020820,
560
+ 0x1d: 0x20800,
561
+ 0x1e: 0x820,
562
+ 0x1f: 0x8000000,
563
+ 0x80000010: 0x20000,
564
+ 0x80000011: 0x800,
565
+ 0x80000012: 0x8020020,
566
+ 0x80000013: 0x20820,
567
+ 0x80000014: 0x20,
568
+ 0x80000015: 0x8020000,
569
+ 0x80000016: 0x8000000,
570
+ 0x80000017: 0x8000820,
571
+ 0x80000018: 0x8020820,
572
+ 0x80000019: 0x8000020,
573
+ 0x8000001a: 0x8000800,
574
+ 0x8000001b: 0x0,
575
+ 0x8000001c: 0x20800,
576
+ 0x8000001d: 0x820,
577
+ 0x8000001e: 0x20020,
578
+ 0x8000001f: 0x8020800
579
+ }
580
+ ];
581
+
582
+ // Masks that select the SBOX input
583
+ var SBOX_MASK = [
584
+ 0xf8000001, 0x1f800000, 0x01f80000, 0x001f8000,
585
+ 0x0001f800, 0x00001f80, 0x000001f8, 0x8000001f
586
+ ];
587
+
588
+ /**
589
+ * DES block cipher algorithm.
590
+ */
591
+ var DES = C_algo.DES = BlockCipher.extend({
592
+ _doReset: function () {
593
+ // Shortcuts
594
+ var key = this._key;
595
+ var keyWords = key.words;
596
+
597
+ // Select 56 bits according to PC1
598
+ var keyBits = [];
599
+ for (var i = 0; i < 56; i++) {
600
+ var keyBitPos = PC1[i] - 1;
601
+ keyBits[i] = (keyWords[keyBitPos >>> 5] >>> (31 - keyBitPos % 32)) & 1;
602
+ }
603
+
604
+ // Assemble 16 subkeys
605
+ var subKeys = this._subKeys = [];
606
+ for (var nSubKey = 0; nSubKey < 16; nSubKey++) {
607
+ // Create subkey
608
+ var subKey = subKeys[nSubKey] = [];
609
+
610
+ // Shortcut
611
+ var bitShift = BIT_SHIFTS[nSubKey];
612
+
613
+ // Select 48 bits according to PC2
614
+ for (var i = 0; i < 24; i++) {
615
+ // Select from the left 28 key bits
616
+ subKey[(i / 6) | 0] |= keyBits[((PC2[i] - 1) + bitShift) % 28] << (31 - i % 6);
617
+
618
+ // Select from the right 28 key bits
619
+ subKey[4 + ((i / 6) | 0)] |= keyBits[28 + (((PC2[i + 24] - 1) + bitShift) % 28)] << (31 - i % 6);
620
+ }
621
+
622
+ // Since each subkey is applied to an expanded 32-bit input,
623
+ // the subkey can be broken into 8 values scaled to 32-bits,
624
+ // which allows the key to be used without expansion
625
+ subKey[0] = (subKey[0] << 1) | (subKey[0] >>> 31);
626
+ for (var i = 1; i < 7; i++) {
627
+ subKey[i] = subKey[i] >>> ((i - 1) * 4 + 3);
628
+ }
629
+ subKey[7] = (subKey[7] << 5) | (subKey[7] >>> 27);
630
+ }
631
+
632
+ // Compute inverse subkeys
633
+ var invSubKeys = this._invSubKeys = [];
634
+ for (var i = 0; i < 16; i++) {
635
+ invSubKeys[i] = subKeys[15 - i];
636
+ }
637
+ },
638
+
639
+ encryptBlock: function (M, offset) {
640
+ this._doCryptBlock(M, offset, this._subKeys);
641
+ },
642
+
643
+ decryptBlock: function (M, offset) {
644
+ this._doCryptBlock(M, offset, this._invSubKeys);
645
+ },
646
+
647
+ _doCryptBlock: function (M, offset, subKeys) {
648
+ // Get input
649
+ this._lBlock = M[offset];
650
+ this._rBlock = M[offset + 1];
651
+
652
+ // Initial permutation
653
+ exchangeLR.call(this, 4, 0x0f0f0f0f);
654
+ exchangeLR.call(this, 16, 0x0000ffff);
655
+ exchangeRL.call(this, 2, 0x33333333);
656
+ exchangeRL.call(this, 8, 0x00ff00ff);
657
+ exchangeLR.call(this, 1, 0x55555555);
658
+
659
+ // Rounds
660
+ for (var round = 0; round < 16; round++) {
661
+ // Shortcuts
662
+ var subKey = subKeys[round];
663
+ var lBlock = this._lBlock;
664
+ var rBlock = this._rBlock;
665
+
666
+ // Feistel function
667
+ var f = 0;
668
+ for (var i = 0; i < 8; i++) {
669
+ f |= SBOX_P[i][((rBlock ^ subKey[i]) & SBOX_MASK[i]) >>> 0];
670
+ }
671
+ this._lBlock = rBlock;
672
+ this._rBlock = lBlock ^ f;
673
+ }
674
+
675
+ // Undo swap from last round
676
+ var t = this._lBlock;
677
+ this._lBlock = this._rBlock;
678
+ this._rBlock = t;
679
+
680
+ // Final permutation
681
+ exchangeLR.call(this, 1, 0x55555555);
682
+ exchangeRL.call(this, 8, 0x00ff00ff);
683
+ exchangeRL.call(this, 2, 0x33333333);
684
+ exchangeLR.call(this, 16, 0x0000ffff);
685
+ exchangeLR.call(this, 4, 0x0f0f0f0f);
686
+
687
+ // Set output
688
+ M[offset] = this._lBlock;
689
+ M[offset + 1] = this._rBlock;
690
+ },
691
+
692
+ keySize: 64/32,
693
+
694
+ ivSize: 64/32,
695
+
696
+ blockSize: 64/32
697
+ });
698
+
699
+ // Swap bits across the left and right words
700
+ function exchangeLR(offset, mask) {
701
+ var t = ((this._lBlock >>> offset) ^ this._rBlock) & mask;
702
+ this._rBlock ^= t;
703
+ this._lBlock ^= t << offset;
704
+ }
705
+
706
+ function exchangeRL(offset, mask) {
707
+ var t = ((this._rBlock >>> offset) ^ this._lBlock) & mask;
708
+ this._lBlock ^= t;
709
+ this._rBlock ^= t << offset;
710
+ }
711
+
712
+ /**
713
+ * Shortcut functions to the cipher's object interface.
714
+ *
715
+ * @example
716
+ *
717
+ * var ciphertext = CryptoJS.DES.encrypt(message, key, cfg);
718
+ * var plaintext = CryptoJS.DES.decrypt(ciphertext, key, cfg);
719
+ */
720
+ C.DES = BlockCipher._createHelper(DES);
721
+
722
+ /**
723
+ * Triple-DES block cipher algorithm.
724
+ */
725
+ var TripleDES = C_algo.TripleDES = BlockCipher.extend({
726
+ _doReset: function () {
727
+ // Shortcuts
728
+ var key = this._key;
729
+ var keyWords = key.words;
730
+
731
+ // Create DES instances
732
+ this._des1 = DES.createEncryptor(WordArray.create(keyWords.slice(0, 2)));
733
+ this._des2 = DES.createEncryptor(WordArray.create(keyWords.slice(2, 4)));
734
+ this._des3 = DES.createEncryptor(WordArray.create(keyWords.slice(4, 6)));
735
+ },
736
+
737
+ encryptBlock: function (M, offset) {
738
+ this._des1.encryptBlock(M, offset);
739
+ this._des2.decryptBlock(M, offset);
740
+ this._des3.encryptBlock(M, offset);
741
+ },
742
+
743
+ decryptBlock: function (M, offset) {
744
+ this._des3.decryptBlock(M, offset);
745
+ this._des2.encryptBlock(M, offset);
746
+ this._des1.decryptBlock(M, offset);
747
+ },
748
+
749
+ keySize: 192/32,
750
+
751
+ ivSize: 64/32,
752
+
753
+ blockSize: 64/32
754
+ });
755
+
756
+ /**
757
+ * Shortcut functions to the cipher's object interface.
758
+ *
759
+ * @example
760
+ *
761
+ * var ciphertext = CryptoJS.TripleDES.encrypt(message, key, cfg);
762
+ * var plaintext = CryptoJS.TripleDES.decrypt(ciphertext, key, cfg);
763
+ */
764
+ C.TripleDES = BlockCipher._createHelper(TripleDES);
765
+ }());
766
+
767
+
768
+ return CryptoJS.TripleDES;
769
+
770
+ }));
admin/js/crypto-js/x64-core.js ADDED
@@ -0,0 +1,304 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ;(function (root, factory) {
2
+ if (typeof exports === "object") {
3
+ // CommonJS
4
+ module.exports = exports = factory(require("./core"));
5
+ }
6
+ else if (typeof define === "function" && define.amd) {
7
+ // AMD
8
+ define(["./core"], factory);
9
+ }
10
+ else {
11
+ // Global (browser)
12
+ factory(root.CryptoJS);
13
+ }
14
+ }(this, function (CryptoJS) {
15
+
16
+ (function (undefined) {
17
+ // Shortcuts
18
+ var C = CryptoJS;
19
+ var C_lib = C.lib;
20
+ var Base = C_lib.Base;
21
+ var X32WordArray = C_lib.WordArray;
22
+
23
+ /**
24
+ * x64 namespace.
25
+ */
26
+ var C_x64 = C.x64 = {};
27
+
28
+ /**
29
+ * A 64-bit word.
30
+ */
31
+ var X64Word = C_x64.Word = Base.extend({
32
+ /**
33
+ * Initializes a newly created 64-bit word.
34
+ *
35
+ * @param {number} high The high 32 bits.
36
+ * @param {number} low The low 32 bits.
37
+ *
38
+ * @example
39
+ *
40
+ * var x64Word = CryptoJS.x64.Word.create(0x00010203, 0x04050607);
41
+ */
42
+ init: function (high, low) {
43
+ this.high = high;
44
+ this.low = low;
45
+ }
46
+
47
+ /**
48
+ * Bitwise NOTs this word.
49
+ *
50
+ * @return {X64Word} A new x64-Word object after negating.
51
+ *
52
+ * @example
53
+ *
54
+ * var negated = x64Word.not();
55
+ */
56
+ // not: function () {
57
+ // var high = ~this.high;
58
+ // var low = ~this.low;
59
+
60
+ // return X64Word.create(high, low);
61
+ // },
62
+
63
+ /**
64
+ * Bitwise ANDs this word with the passed word.
65
+ *
66
+ * @param {X64Word} word The x64-Word to AND with this word.
67
+ *
68
+ * @return {X64Word} A new x64-Word object after ANDing.
69
+ *
70
+ * @example
71
+ *
72
+ * var anded = x64Word.and(anotherX64Word);
73
+ */
74
+ // and: function (word) {
75
+ // var high = this.high & word.high;
76
+ // var low = this.low & word.low;
77
+
78
+ // return X64Word.create(high, low);
79
+ // },
80
+
81
+ /**
82
+ * Bitwise ORs this word with the passed word.
83
+ *
84
+ * @param {X64Word} word The x64-Word to OR with this word.
85
+ *
86
+ * @return {X64Word} A new x64-Word object after ORing.
87
+ *
88
+ * @example
89
+ *
90
+ * var ored = x64Word.or(anotherX64Word);
91
+ */
92
+ // or: function (word) {
93
+ // var high = this.high | word.high;
94
+ // var low = this.low | word.low;
95
+
96
+ // return X64Word.create(high, low);
97
+ // },
98
+
99
+ /**
100
+ * Bitwise XORs this word with the passed word.
101
+ *
102
+ * @param {X64Word} word The x64-Word to XOR with this word.
103
+ *
104
+ * @return {X64Word} A new x64-Word object after XORing.
105
+ *
106
+ * @example
107
+ *
108
+ * var xored = x64Word.xor(anotherX64Word);
109
+ */
110
+ // xor: function (word) {
111
+ // var high = this.high ^ word.high;
112
+ // var low = this.low ^ word.low;
113
+
114
+ // return X64Word.create(high, low);
115
+ // },
116
+
117
+ /**
118
+ * Shifts this word n bits to the left.
119
+ *
120
+ * @param {number} n The number of bits to shift.
121
+ *
122
+ * @return {X64Word} A new x64-Word object after shifting.
123
+ *
124
+ * @example
125
+ *
126
+ * var shifted = x64Word.shiftL(25);
127
+ */
128
+ // shiftL: function (n) {
129
+ // if (n < 32) {
130
+ // var high = (this.high << n) | (this.low >>> (32 - n));
131
+ // var low = this.low << n;
132
+ // } else {
133
+ // var high = this.low << (n - 32);
134
+ // var low = 0;
135
+ // }
136
+
137
+ // return X64Word.create(high, low);
138
+ // },
139
+
140
+ /**
141
+ * Shifts this word n bits to the right.
142
+ *
143
+ * @param {number} n The number of bits to shift.
144
+ *
145
+ * @return {X64Word} A new x64-Word object after shifting.
146
+ *
147
+ * @example
148
+ *
149
+ * var shifted = x64Word.shiftR(7);
150
+ */
151
+ // shiftR: function (n) {
152
+ // if (n < 32) {
153
+ // var low = (this.low >>> n) | (this.high << (32 - n));
154
+ // var high = this.high >>> n;
155
+ // } else {
156
+ // var low = this.high >>> (n - 32);
157
+ // var high = 0;
158
+ // }
159
+
160
+ // return X64Word.create(high, low);
161
+ // },
162
+
163
+ /**
164
+ * Rotates this word n bits to the left.
165
+ *
166
+ * @param {number} n The number of bits to rotate.
167
+ *
168
+ * @return {X64Word} A new x64-Word object after rotating.
169
+ *
170
+ * @example
171
+ *
172
+ * var rotated = x64Word.rotL(25);
173
+ */
174
+ // rotL: function (n) {
175
+ // return this.shiftL(n).or(this.shiftR(64 - n));
176
+ // },
177
+
178
+ /**
179
+ * Rotates this word n bits to the right.
180
+ *
181
+ * @param {number} n The number of bits to rotate.
182
+ *
183
+ * @return {X64Word} A new x64-Word object after rotating.
184
+ *
185
+ * @example
186
+ *
187
+ * var rotated = x64Word.rotR(7);
188
+ */
189
+ // rotR: function (n) {
190
+ // return this.shiftR(n).or(this.shiftL(64 - n));
191
+ // },
192
+
193
+ /**
194
+ * Adds this word with the passed word.
195
+ *
196
+ * @param {X64Word} word The x64-Word to add with this word.
197
+ *
198
+ * @return {X64Word} A new x64-Word object after adding.
199
+ *
200
+ * @example
201
+ *
202
+ * var added = x64Word.add(anotherX64Word);
203
+ */
204
+ // add: function (word) {
205
+ // var low = (this.low + word.low) | 0;
206
+ // var carry = (low >>> 0) < (this.low >>> 0) ? 1 : 0;
207
+ // var high = (this.high + word.high + carry) | 0;
208
+
209
+ // return X64Word.create(high, low);
210
+ // }
211
+ });
212
+
213
+ /**
214
+ * An array of 64-bit words.
215
+ *
216
+ * @property {Array} words The array of CryptoJS.x64.Word objects.
217
+ * @property {number} sigBytes The number of significant bytes in this word array.
218
+ */
219
+ var X64WordArray = C_x64.WordArray = Base.extend({
220
+ /**
221
+ * Initializes a newly created word array.
222
+ *
223
+ * @param {Array} words (Optional) An array of CryptoJS.x64.Word objects.
224
+ * @param {number} sigBytes (Optional) The number of significant bytes in the words.
225
+ *
226
+ * @example
227
+ *
228
+ * var wordArray = CryptoJS.x64.WordArray.create();
229
+ *
230
+ * var wordArray = CryptoJS.x64.WordArray.create([
231
+ * CryptoJS.x64.Word.create(0x00010203, 0x04050607),
232
+ * CryptoJS.x64.Word.create(0x18191a1b, 0x1c1d1e1f)
233
+ * ]);
234
+ *
235
+ * var wordArray = CryptoJS.x64.WordArray.create([
236
+ * CryptoJS.x64.Word.create(0x00010203, 0x04050607),
237
+ * CryptoJS.x64.Word.create(0x18191a1b, 0x1c1d1e1f)
238
+ * ], 10);
239
+ */
240
+ init: function (words, sigBytes) {
241
+ words = this.words = words || [];
242
+
243
+ if (sigBytes != undefined) {
244
+ this.sigBytes = sigBytes;
245
+ } else {
246
+ this.sigBytes = words.length * 8;
247
+ }
248
+ },
249
+
250
+ /**
251
+ * Converts this 64-bit word array to a 32-bit word array.
252
+ *
253
+ * @return {CryptoJS.lib.WordArray} This word array's data as a 32-bit word array.
254
+ *
255
+ * @example
256
+ *
257
+ * var x32WordArray = x64WordArray.toX32();
258
+ */
259
+ toX32: function () {
260
+ // Shortcuts
261
+ var x64Words = this.words;
262
+ var x64WordsLength = x64Words.length;
263
+
264
+ // Convert
265
+ var x32Words = [];
266
+ for (var i = 0; i < x64WordsLength; i++) {
267
+ var x64Word = x64Words[i];
268
+ x32Words.push(x64Word.high);
269
+ x32Words.push(x64Word.low);
270
+ }
271
+
272
+ return X32WordArray.create(x32Words, this.sigBytes);
273
+ },
274
+
275
+ /**
276
+ * Creates a copy of this word array.
277
+ *
278
+ * @return {X64WordArray} The clone.
279
+ *
280
+ * @example
281
+ *
282
+ * var clone = x64WordArray.clone();
283
+ */
284
+ clone: function () {
285
+ var clone = Base.clone.call(this);
286
+
287
+ // Clone "words" array
288
+ var words = clone.words = this.words.slice(0);
289
+
290
+ // Clone each X64Word object
291
+ var wordsLength = words.length;
292
+ for (var i = 0; i < wordsLength; i++) {
293
+ words[i] = words[i].clone();
294
+ }
295
+
296
+ return clone;
297
+ }
298
+ });
299
+ }());
300
+
301
+
302
+ return CryptoJS;
303
+
304
+ }));
admin/login/login.php CHANGED
@@ -24,34 +24,34 @@ if ( $ScrollTop_options['bps_scrolltop'] != 'Off' ) {
24
  ?>
25
 
26
  <?php
27
- if ( function_exists('get_transient') ) {
28
- require_once( ABSPATH . 'wp-admin/includes/plugin-install.php' );
29
 
30
- if ( false === ( $bps_api = get_transient('bulletproof-security_info') ) ) {
31
- $bps_api = plugins_api( 'plugin_information', array( 'slug' => stripslashes( 'bulletproof-security' ) ) );
32
 
33
- if ( ! is_wp_error( $bps_api ) ) {
34
- $bps_expire = 60 * 30; // Cache downloads data for 30 minutes
35
- $bps_downloaded = array( 'downloaded' => $bps_api->downloaded );
36
- maybe_serialize( $bps_downloaded );
37
- set_transient( 'bulletproof-security_info', $bps_downloaded, $bps_expire );
38
- }
39
- }
40
-
41
- $bps_transient = get_transient( 'bulletproof-security_info' );
42
 
43
  echo '<div class="bps-star-container">';
44
  echo '<div class="bps-star"><img src="'.plugins_url('/bulletproof-security/admin/images/star.png').'" /></div>';
45
  echo '<div class="bps-downloaded">';
46
 
47
- foreach ( $bps_transient as $key => $value ) {
48
- echo number_format_i18n( $value ) .' '. str_replace( 'downloaded', "Downloads", $key );
49
- }
50
 
51
  echo '<div class="bps-star-link"><a href="https://wordpress.org/support/view/plugin-reviews/bulletproof-security#postform" target="_blank" title="Add a Star Rating for the BPS plugin">'.__('Rate BPS', 'bulletproof-security').'</a><br><a href="https://affiliates.ait-pro.com/po/" target="_blank" title="Upgrade to BulletProof Security Pro">Upgrade to Pro</a></div>';
52
  echo '</div>';
53
  echo '</div>';
54
- }
55
 
56
  // Get Real IP address - USE EXTREME CAUTION!!!
57
  function bpsPro_get_real_ip_address_lsm() {
24
  ?>
25
 
26
  <?php
27
+ //if ( function_exists('get_transient') ) {
28
+ //require_once( ABSPATH . 'wp-admin/includes/plugin-install.php' );
29
 
30
+ // if ( false === ( $bps_api = get_transient('bulletproof-security_info') ) ) {
31
+ // $bps_api = plugins_api( 'plugin_information', array( 'slug' => stripslashes( 'bulletproof-security' ) ) );
32
 
33
+ // if ( ! is_wp_error( $bps_api ) ) {
34
+ // $bps_expire = 60 * 30; // Cache downloads data for 30 minutes
35
+ // $bps_downloaded = array( 'downloaded' => $bps_api->downloaded );
36
+ // maybe_serialize( $bps_downloaded );
37
+ // set_transient( 'bulletproof-security_info', $bps_downloaded, $bps_expire );
38
+ // }
39
+ // }
40
+
41
+ // $bps_transient = get_transient( 'bulletproof-security_info' );
42
 
43
  echo '<div class="bps-star-container">';
44
  echo '<div class="bps-star"><img src="'.plugins_url('/bulletproof-security/admin/images/star.png').'" /></div>';
45
  echo '<div class="bps-downloaded">';
46
 
47
+ // foreach ( $bps_transient as $key => $value ) {
48
+ // echo number_format_i18n( $value ) .' '. str_replace( 'downloaded', "Downloads", $key );
49
+ // }
50
 
51
  echo '<div class="bps-star-link"><a href="https://wordpress.org/support/view/plugin-reviews/bulletproof-security#postform" target="_blank" title="Add a Star Rating for the BPS plugin">'.__('Rate BPS', 'bulletproof-security').'</a><br><a href="https://affiliates.ait-pro.com/po/" target="_blank" title="Upgrade to BulletProof Security Pro">Upgrade to Pro</a></div>';
52
  echo '</div>';
53
  echo '</div>';
54
+ //}
55
 
56
  // Get Real IP address - USE EXTREME CAUTION!!!
57
  function bpsPro_get_real_ip_address_lsm() {
admin/maintenance/maintenance.php CHANGED
@@ -24,34 +24,34 @@ if ( $ScrollTop_options['bps_scrolltop'] != 'Off' ) {
24
  ?>
25
 
26
  <?php
27
- if ( function_exists('get_transient') ) {
28
- require_once( ABSPATH . 'wp-admin/includes/plugin-install.php' );
29
 
30
- if ( false === ( $bps_api = get_transient('bulletproof-security_info') ) ) {
31
- $bps_api = plugins_api( 'plugin_information', array( 'slug' => stripslashes( 'bulletproof-security' ) ) );
32
 
33
- if ( ! is_wp_error( $bps_api ) ) {
34
- $bps_expire = 60 * 30; // Cache downloads data for 30 minutes
35
- $bps_downloaded = array( 'downloaded' => $bps_api->downloaded );
36
- maybe_serialize( $bps_downloaded );
37
- set_transient( 'bulletproof-security_info', $bps_downloaded, $bps_expire );
38
- }
39
- }
40
 
41
- $bps_transient = get_transient( 'bulletproof-security_info' );
42
 
43
  echo '<div class="bps-star-container">';
44
  echo '<div class="bps-star"><img src="'.plugins_url('/bulletproof-security/admin/images/star.png').'" /></div>';
45
  echo '<div class="bps-downloaded">';
46
 
47
- foreach ( $bps_transient as $key => $value ) {
48
- echo number_format_i18n( $value ) .' '. str_replace( 'downloaded', "Downloads", $key );
49
- }
50
 
51
  echo '<div class="bps-star-link"><a href="https://wordpress.org/support/view/plugin-reviews/bulletproof-security#postform" target="_blank" title="Add a Star Rating for the BPS plugin">'.__('Rate BPS', 'bulletproof-security').'</a><br><a href="https://affiliates.ait-pro.com/po/" target="_blank" title="Upgrade to BulletProof Security Pro">Upgrade to Pro</a></div>';
52
  echo '</div>';
53
  echo '</div>';
54
- }
55
 
56
  ?>
57
 
24
  ?>
25
 
26
  <?php
27
+ //if ( function_exists('get_transient') ) {
28
+ //require_once( ABSPATH . 'wp-admin/includes/plugin-install.php' );
29
 
30
+ // if ( false === ( $bps_api = get_transient('bulletproof-security_info') ) ) {
31
+ // $bps_api = plugins_api( 'plugin_information', array( 'slug' => stripslashes( 'bulletproof-security' ) ) );
32
 
33
+ // if ( ! is_wp_error( $bps_api ) ) {
34
+ // $bps_expire = 60 * 30; // Cache downloads data for 30 minutes
35
+ // $bps_downloaded = array( 'downloaded' => $bps_api->downloaded );
36
+ // maybe_serialize( $bps_downloaded );
37
+ // set_transient( 'bulletproof-security_info', $bps_downloaded, $bps_expire );
38
+ // }
39
+ // }
40
 
41
+ // $bps_transient = get_transient( 'bulletproof-security_info' );
42
 
43
  echo '<div class="bps-star-container">';
44
  echo '<div class="bps-star"><img src="'.plugins_url('/bulletproof-security/admin/images/star.png').'" /></div>';
45
  echo '<div class="bps-downloaded">';
46
 
47
+ // foreach ( $bps_transient as $key => $value ) {
48
+ // echo number_format_i18n( $value ) .' '. str_replace( 'downloaded', "Downloads", $key );
49
+ // }
50
 
51
  echo '<div class="bps-star-link"><a href="https://wordpress.org/support/view/plugin-reviews/bulletproof-security#postform" target="_blank" title="Add a Star Rating for the BPS plugin">'.__('Rate BPS', 'bulletproof-security').'</a><br><a href="https://affiliates.ait-pro.com/po/" target="_blank" title="Upgrade to BulletProof Security Pro">Upgrade to Pro</a></div>';
52
  echo '</div>';
53
  echo '</div>';
54
+ //}
55
 
56
  ?>
57
 
admin/mscan/mscan.php CHANGED
@@ -18,34 +18,34 @@ if ( ! current_user_can('manage_options') ) {
18
  <noscript><div id="message" class="updated" style="font-weight:600;font-size:13px;padding:5px;background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><span style="color:blue">BPS Warning: JavaScript is disabled in your Browser</span><br />BPS plugin pages will not display visually correct and all BPS JavaScript functionality will not work correctly.</div></noscript>
19
 
20
  <?php
21
- if ( function_exists('get_transient') ) {
22
- require_once( ABSPATH . 'wp-admin/includes/plugin-install.php' );
23
 
24
- if ( false === ( $bps_api = get_transient('bulletproof-security_info') ) ) {
25
- $bps_api = plugins_api( 'plugin_information', array( 'slug' => stripslashes( 'bulletproof-security' ) ) );
26
 
27
- if ( ! is_wp_error( $bps_api ) ) {
28
- $bps_expire = 60 * 30; // Cache downloads data for 30 minutes
29
- $bps_downloaded = array( 'downloaded' => $bps_api->downloaded );
30
- maybe_serialize( $bps_downloaded );
31
- set_transient( 'bulletproof-security_info', $bps_downloaded, $bps_expire );
32
- }
33
- }
34
-
35
- $bps_transient = get_transient( 'bulletproof-security_info' );
36
 
37
  echo '<div class="bps-star-container">';
38
  echo '<div class="bps-star"><img src="'.plugins_url('/bulletproof-security/admin/images/star.png').'" /></div>';
39
  echo '<div class="bps-downloaded">';
40
 
41
- foreach ( $bps_transient as $key => $value ) {
42
- echo number_format_i18n( $value ) .' '. str_replace( 'downloaded', "Downloads", $key );
43
- }
44
-
45
  echo '<div class="bps-star-link"><a href="https://wordpress.org/support/view/plugin-reviews/bulletproof-security#postform" target="_blank" title="Add a Star Rating for the BPS plugin">'.__('Rate BPS', 'bulletproof-security').'</a><br><a href="https://affiliates.ait-pro.com/po/" target="_blank" title="Upgrade to BulletProof Security Pro">Upgrade to Pro</a></div>';
46
  echo '</div>';
47
  echo '</div>';
48
- }
49
 
50
  ## 2.9: Created new file for mscan pattern matching code. If web host deletes or nulls that file or Dir then mscan will not work, but BPS Pro will still work.
51
  function bpsPro_mscan_pattern_match_file_check() {
18
  <noscript><div id="message" class="updated" style="font-weight:600;font-size:13px;padding:5px;background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><span style="color:blue">BPS Warning: JavaScript is disabled in your Browser</span><br />BPS plugin pages will not display visually correct and all BPS JavaScript functionality will not work correctly.</div></noscript>
19
 
20
  <?php
21
+ //if ( function_exists('get_transient') ) {
22
+ //require_once( ABSPATH . 'wp-admin/includes/plugin-install.php' );
23
 
24
+ // if ( false === ( $bps_api = get_transient('bulletproof-security_info') ) ) {
25
+ // $bps_api = plugins_api( 'plugin_information', array( 'slug' => stripslashes( 'bulletproof-security' ) ) );
26
 
27
+ // if ( ! is_wp_error( $bps_api ) ) {
28
+ // $bps_expire = 60 * 30; // Cache downloads data for 30 minutes
29
+ // $bps_downloaded = array( 'downloaded' => $bps_api->downloaded );
30
+ // maybe_serialize( $bps_downloaded );
31
+ // set_transient( 'bulletproof-security_info', $bps_downloaded, $bps_expire );
32
+ // }
33
+ // }
34
+
35
+ // $bps_transient = get_transient( 'bulletproof-security_info' );
36
 
37
  echo '<div class="bps-star-container">';
38
  echo '<div class="bps-star"><img src="'.plugins_url('/bulletproof-security/admin/images/star.png').'" /></div>';
39
  echo '<div class="bps-downloaded">';
40
 
41
+ // foreach ( $bps_transient as $key => $value ) {
42
+ // echo number_format_i18n( $value ) .' '. str_replace( 'downloaded', "Downloads", $key );
43
+ // }
44
+
45
  echo '<div class="bps-star-link"><a href="https://wordpress.org/support/view/plugin-reviews/bulletproof-security#postform" target="_blank" title="Add a Star Rating for the BPS plugin">'.__('Rate BPS', 'bulletproof-security').'</a><br><a href="https://affiliates.ait-pro.com/po/" target="_blank" title="Upgrade to BulletProof Security Pro">Upgrade to Pro</a></div>';
46
  echo '</div>';
47
  echo '</div>';
48
+ //}
49
 
50
  ## 2.9: Created new file for mscan pattern matching code. If web host deletes or nulls that file or Dir then mscan will not work, but BPS Pro will still work.
51
  function bpsPro_mscan_pattern_match_file_check() {
admin/security-log/security-log.php CHANGED
@@ -24,34 +24,34 @@ if ( $ScrollTop_options['bps_scrolltop'] != 'Off' ) {
24
  ?>
25
 
26
  <?php
27
- if ( function_exists('get_transient') ) {
28
- require_once( ABSPATH . 'wp-admin/includes/plugin-install.php' );
29
 
30
- if ( false === ( $bps_api = get_transient('bulletproof-security_info') ) ) {
31
- $bps_api = plugins_api( 'plugin_information', array( 'slug' => stripslashes( 'bulletproof-security' ) ) );
32
 
33
- if ( ! is_wp_error( $bps_api ) ) {
34
- $bps_expire = 60 * 30; // Cache downloads data for 30 minutes
35
- $bps_downloaded = array( 'downloaded' => $bps_api->downloaded );
36
- maybe_serialize( $bps_downloaded );
37
- set_transient( 'bulletproof-security_info', $bps_downloaded, $bps_expire );
38
- }
39
- }
40
 
41
- $bps_transient = get_transient( 'bulletproof-security_info' );
42
 
43
  echo '<div class="bps-star-container">';
44
  echo '<div class="bps-star"><img src="'.plugins_url('/bulletproof-security/admin/images/star.png').'" /></div>';
45
  echo '<div class="bps-downloaded">';
46
 
47
- foreach ( $bps_transient as $key => $value ) {
48
- echo number_format_i18n( $value ) .' '. str_replace( 'downloaded', "Downloads", $key );
49
- }
50
 
51
  echo '<div class="bps-star-link"><a href="https://wordpress.org/support/view/plugin-reviews/bulletproof-security#postform" target="_blank" title="Add a Star Rating for the BPS plugin">'.__('Rate BPS', 'bulletproof-security').'</a><br><a href="https://affiliates.ait-pro.com/po/" target="_blank" title="Upgrade to BulletProof Security Pro">Upgrade to Pro</a></div>';
52
  echo '</div>';
53
  echo '</div>';
54
- }
55
  ?>
56
 
57
  <h2 class="bps-tab-title"><?php _e('BulletProof Security ~ Security Log', 'bulletproof-security'); ?></h2>
@@ -252,7 +252,7 @@ if ( isset( $_POST['Submit-Error-Log-On'] ) && current_user_can('manage_options'
252
  <strong><a href="https://forum.ait-pro.com/forums/topic/read-me-first-free/#bps-free-general-troubleshooting" title="BPS Troubleshooting Steps" target="_blank"><?php _e('BPS Troubleshooting Steps', 'bulletproof-security'); ?></a></strong><br />
253
  <strong><a href="https://forum.ait-pro.com/forums/topic/post-request-protection-post-attack-protection-post-request-blocker/" title="POST Request Attack Protection Bonus Custom Code" target="_blank"><?php _e('POST Request Attack Protection', 'bulletproof-security'); ?></a></strong><br /><br />
254
 
255
- <?php $text = '<strong>'.__('Security Log General Information', 'bulletproof-security').'</strong><br>'.__('Your Security Log file is a plain text static file and not a dynamic file or dynamic display to keep your website resource usage at a bare minimum and keep your website performance at a maximum. Log entries are logged in descending order by Date and Time. You can copy, edit and delete this plain text file.', 'bulletproof-security').'<br><br><strong>'.__('Note: ', 'bulletproof-security').'</strong>'.__('Security Log Email Alert and Log file option settings are on the Email|Log Settings page.', 'bulletproof-security').'<strong><br><br>'.__('NOTE: ', 'bulletproof-security').'</strong>'.__('If a particular User Agent|Bot is generating excessive log entries you can add it to Add User Agents|Bots to Ignore|Not Log tool and that User Agent|Bot will no longer be logged. See the Ignoring|Not Logging User Agents|Bots help section.', 'bulletproof-security').'<strong><br><br>'.__('NOTE: ', 'bulletproof-security').'</strong>'.__('BPS logs all 403 errors, but a 403 error may not necessarily be caused by BPS. Use the troubleshooting steps in the BPS Troubleshooting Steps link at the top of this Read Me help window to confirm or eliminate that the 403 error is being caused by BPS.', 'bulletproof-security').'<br><br>'.__('The Security Log logs 400, 403, 405 and 410 HTTP Response Status Codes by default. You can also log 404 HTTP Response Status Codes by opening this BPS 404 Template file - /bulletproof-security/404.php and copying the logging code into your Theme\'s 404 Template file. When you open the BPS Pro 404.php file you will see simple instructions on how to add the 404 logging code to your Theme\'s 404 Template file. The Security Log also logs other events. See the ', 'bulletproof-security').'<strong>'.__('Total # of Security Log Entries by Type', 'bulletproof-security').'</strong>'.__(' help section below for a complete list of BPS Security Log Entry Types.', 'bulletproof-security').'<br><br><strong>'.__('Total # of Security Log Entries by Type', 'bulletproof-security').'</strong><br>'.__('Displays the total number of each type of Security Log Entry in your Security Log file. The Total # of Security Log Entries by Type is also added to each Security Log file when it is zipped and emailed to you and also added directly in the automated Security Log email. Complete list of BPS Security Log Entry Types: 400 POST Bad Request, 400 GET Bad Request, 403 GET Request, 403 POST Request, 404 GET Not Found Request, 404 POST Not Found Request, 405 HEAD Request, 410 Gone POST Request, 410 Gone GET Request, Idle Session Logout, Maintenance Mode - Visitor Logged. BPS has a total of 11 Security Log Entry Types. BPS Pro has a total of 27 Security Log Entry Types.', 'bulletproof-security').'<br><br><strong>'.__('HTTP Response Status Codes', 'bulletproof-security').'</strong><br>'.__('400 Bad Request - The request could not be understood by the server due to malformed syntax.', 'bulletproof-security').'<br><br>'.__('403 Forbidden - The Server understood the request, but is refusing to fulfill it.', 'bulletproof-security').'<br><br>'.__('404 Not Found - The Server has not found anything matching the Request-URI|URL. No indication is given of whether the condition is temporary or permanent.', 'bulletproof-security').'<br><br>'.__('405 Method Not Allowed - The method specified in the Request-Line is not allowed for the resource identified by the Request-URI. The response MUST include an Allow header containing a list of valid methods for the requested resource. BPS blocks HEAD Requests using a 405 ErrorDocument Redirect. The BPS 405 Template has an Allow header field for the GET, POST and PUT HTTP Methods.', 'bulletproof-security').'<br><br>'.__('410 Gone - The requested resource is no longer available at the Server/site and no forwarding address is known. This condition is expected to be considered permanent.', 'bulletproof-security').'<br><br><strong>'.__('Security Log File Size', 'bulletproof-security').'</strong><br>'.__('Displays the size of your Security Log file. 500KB is the optimum recommended log file size setting that you should choose for your log file to be automatically zipped, emailed and replaced with a new blank Security Log file.', 'bulletproof-security').'<br><br><strong>'.__('Security Log Status:', 'bulletproof-security').'</strong><br>'.__('Displays either Logging is Turned On or Logging is Turned Off.', 'bulletproof-security').'<br><br><strong>'.__('Security Log Last Modified Time:', 'bulletproof-security').'</strong><br>'.__('Displays the last time a Security Log entry was logged.', 'bulletproof-security').'<br><br><strong>'.__('Turn Off Logging', 'bulletproof-security').'</strong><br>'.__('Turns Off HTTP 400, 403, 404, 405 & 410 Security Logging.', 'bulletproof-security').'<br><br><strong>'.__('Turn On Logging', 'bulletproof-security').'</strong><br>'.__('Turns On HTTP 400, 403, 404, 405 & 410 Security Logging.', 'bulletproof-security').'<br><br><strong>'.__('Delete Log Button', 'bulletproof-security').'</strong><br>'.__('Clicking the Delete Log button will delete the entire contents of your Security Log File.', 'bulletproof-security').'<br><br><strong>'.__('POST Request Body Data', 'bulletproof-security').'</strong><br>'.__('The POST Request Body Data option settings only affect the REQUEST BODY Security Log field in your Security Log entries when a POST Request is blocked and logged by BPS. To capture/log all POST Request Attacks against your website you will need to add the POST Request Attack Protection Bonus Custom Code. A link to that Bonus Custom Code is at the top of this Read Me help window. If you do not want to add the Bonus Custom Code then some, but not all POST Request Attacks will be captured/logged in the Security Log.', 'bulletproof-security').'<br><br>'.__('The default POST Request Body Data option setting is "Do Not Log POST Request Body Data (0KB)", which means do not capture/log the POST Request data that was sent in the attack. You will see this text in the REQUEST BODY Security Log entry field: "REQUEST BODY: BPS Security Log option set to: Do Not Log POST Request Body Data" instead of the actual POST Request Body data used in the attack on your website. The reason the default setting is set to: "Do Not Log POST Request Body Data (0KB)" is because some web hosts falsely interpret the BPS Security Log text file as malicious since hacker code used to attack your website can be captured/logged in the Security Log text file if you are using the "Log Minimum..." or "Log Maximum..." POST Request Body Data option settings.', 'bulletproof-security').'<br><br>'.__('The "Log Minimum POST Request Body Data (5KB)" option setting will capture/log the first 500 characters or 5KB of hacker code used to attack your website in a POST Request attack and log that hacker code in the REQUEST BODY Security Log entry field. The "Log Maximum POST Request Body Data (250KB)" option setting will capture/log the first 250000 characters or roughly 250KB of hacker code used to attack your website in a POST Request attack and log that hacker code in the REQUEST BODY Security Log entry field. Hacker scripts typically range in size from 20KB to 100KB on average.', 'bulletproof-security').'<br><br><strong>'.__('Important Notes: ', 'bulletproof-security').'</strong>'.__('If you are using email security protection on your computer then your automatically zipped and emailed BPS Security Log files may be seen as containing a virus (hacker script/code) and they could be automatically deleted by your email protection application on your computer. Your computer security protection software may also see the Security Log file as malicious and block it. If your web host falsely sees the BPS Security Log file as a malicious hacker file then you will need to change your POST Request Body Data option setting and use the "Do Not Log POST Request Body Data (0KB)" option setting instead.', 'bulletproof-security').'<br><br><strong>'.__('Ignoring|Not Logging User Agents|Bots - Allowing|Logging User Agents|Bots', 'bulletproof-security').'</strong><br>'.__('Adding or Removing User Agents|Bots adds or removes User Agents|Bots to your Database and also writes new code to the 403.php Security Logging template. The 403.php Security Logging file is where the check occurs whether or not to log or not log a User Agent|Bot. It would be foolish and costly to website performance to have your WordPress database handle the task/function/burden of checking which User Agents|Bots to log or not log. WordPress database queries are the most resource draining function of a WordPress website. The more database queries that are happening at the same time on your website the slower your website will perform and load. For this reason the Security Logging check is done from code in the 403.php Security Logging file.', 'bulletproof-security').'<br><br>'.__('If a particular User Agent|Bot is being logged excessively in your Security Log file you can Ignore|Not Log that particular User Agent|Bot based on the HTTP_USER_AGENT string in your Security Log. Example User Agent strings: Mozilla/5.0 (compatible; 008/0.85; http://www.80legs.com/webcrawler.html) Gecko/2008032620 and facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php). You could enter 008 or 80legs or webcrawler to Ignore|Not Log the 80legs User Agent|Bot. You could enter facebookexternalhit or facebook or externalhit_uatext to Ignore|Not Log the facebook User Agent|Bot.', 'bulletproof-security').'<br><br><strong>'.__('Add User Agents|Bots to Ignore|Not Log', 'bulletproof-security').'</strong><br>'.__('Add the User Agent|Bot names you would like to Ignore|Not Log in your Security Log. These code characters are not allowed to be used: ', 'bulletproof-security').'/ | < > \' "<br><br><strong>'.__('Removing User Agents|Bots to Allow|Log', 'bulletproof-security').'</strong><br>'.__('To search for ALL User Agents|Bots to remove/delete from your database leave the text box blank and click the Remove|Allow button. You will see a Dynamically generated Radio Button Form that will display the User Agents|Bots in the BPS User Agent|Bot database Table, Remove or Do Not Remove Radio buttons and the Timestamp when the User Agent|Bot was added to your DB. Select the Remove Radio buttons for the User Agents|Bots you want to remove/delete from your database and click the Remove button. Removing/deleting User Agents|Bots from your database means that you want to have these User Agents|Bots logged again in your Security Log.', 'bulletproof-security'); echo $text; ?></p>
256
  </div>
257
 
258
  <?php
@@ -703,6 +703,13 @@ echo '<div id="message" class="updated" style="background-color:#dfecf2;border:1
703
  /*************************************/
704
  ?>
705
 
 
 
 
 
 
 
 
706
  <div id="messageinner" class="updatedinner">
707
 
708
  <?php
@@ -712,7 +719,9 @@ echo '<div id="message" class="updated" style="background-color:#dfecf2;border:1
712
  // Note: If this is a problem for other non-English languages then switch to UTF-8
713
  function bps_get_security_log() {
714
 
715
- if ( current_user_can('manage_options') ) {
 
 
716
  $bps_sec_log = WP_CONTENT_DIR . '/bps-backup/logs/http_error_log.txt';
717
  $bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );
718
 
@@ -731,37 +740,44 @@ function bps_get_security_log() {
731
  }
732
 
733
  // Form - Security Log - Perform File Open and Write test - If append write test is successful write to file
734
- if ( current_user_can('manage_options') ) {
735
- $bps_sec_log = WP_CONTENT_DIR . '/bps-backup/logs/http_error_log.txt';
736
- $write_test = "";
 
 
737
 
738
- if ( is_writable($bps_sec_log) ) {
739
- if ( !$handle = fopen($bps_sec_log, 'a+b' ) ) {
740
- exit;
741
- }
742
- if ( fwrite($handle, $write_test) === FALSE ) {
743
- exit;
744
- }
745
- $text = '<font color="green" style="font-size:12px;"><strong>'.__('File Open and Write test successful! Your Security Log file is writable.', 'bulletproof-security').'</strong></font><br>';
746
- echo $text;
747
- }
748
  }
749
-
 
 
 
750
  if ( isset( $_POST['submit-security-log'] ) && current_user_can('manage_options') ) {
751
  check_admin_referer( 'bulletproof_security_save_security_log' );
752
  $newcontentSecLog = stripslashes($_POST['newcontentSecLog']);
 
753
  if ( is_writable($bps_sec_log) ) {
 
754
  $handle = fopen($bps_sec_log, 'w+b');
755
  fwrite($handle, $newcontentSecLog);
756
- $text = '<font color="green" style="font-size:12px;"><strong>'.__('Success! Your Security Log file has been updated.', 'bulletproof-security').'</strong></font><br>';
757
- echo $text;
758
-
759
- echo $bps_topDiv;
760
- $text = '<font color="green"><strong>'.__('Success! Your Security Log file has been updated.', 'bulletproof-security').'</strong></font>';
761
- echo $text;
762
- echo $bps_bottomDiv;
763
-
764
- fclose($handle);
 
765
  }
766
  }
767
  $scrolltoSecLog = isset($_REQUEST['scrolltoSecLog']) ? (int) $_REQUEST['scrolltoSecLog'] : 0;
24
  ?>
25
 
26
  <?php
27
+ //if ( function_exists('get_transient') ) {
28
+ //require_once( ABSPATH . 'wp-admin/includes/plugin-install.php' );
29
 
30
+ // if ( false === ( $bps_api = get_transient('bulletproof-security_info') ) ) {
31
+ // $bps_api = plugins_api( 'plugin_information', array( 'slug' => stripslashes( 'bulletproof-security' ) ) );
32
 
33
+ // if ( ! is_wp_error( $bps_api ) ) {
34
+ // $bps_expire = 60 * 30; // Cache downloads data for 30 minutes
35
+ // $bps_downloaded = array( 'downloaded' => $bps_api->downloaded );
36
+ // maybe_serialize( $bps_downloaded );
37
+ // set_transient( 'bulletproof-security_info', $bps_downloaded, $bps_expire );
38
+ // }
39
+ // }
40
 
41
+ // $bps_transient = get_transient( 'bulletproof-security_info' );
42
 
43
  echo '<div class="bps-star-container">';
44
  echo '<div class="bps-star"><img src="'.plugins_url('/bulletproof-security/admin/images/star.png').'" /></div>';
45
  echo '<div class="bps-downloaded">';
46
 
47
+ // foreach ( $bps_transient as $key => $value ) {
48
+ // echo number_format_i18n( $value ) .' '. str_replace( 'downloaded', "Downloads", $key );
49
+ // }
50
 
51
  echo '<div class="bps-star-link"><a href="https://wordpress.org/support/view/plugin-reviews/bulletproof-security#postform" target="_blank" title="Add a Star Rating for the BPS plugin">'.__('Rate BPS', 'bulletproof-security').'</a><br><a href="https://affiliates.ait-pro.com/po/" target="_blank" title="Upgrade to BulletProof Security Pro">Upgrade to Pro</a></div>';
52
  echo '</div>';
53
  echo '</div>';
54
+ //}
55
  ?>
56
 
57
  <h2 class="bps-tab-title"><?php _e('BulletProof Security ~ Security Log', 'bulletproof-security'); ?></h2>
252
  <strong><a href="https://forum.ait-pro.com/forums/topic/read-me-first-free/#bps-free-general-troubleshooting" title="BPS Troubleshooting Steps" target="_blank"><?php _e('BPS Troubleshooting Steps', 'bulletproof-security'); ?></a></strong><br />
253
  <strong><a href="https://forum.ait-pro.com/forums/topic/post-request-protection-post-attack-protection-post-request-blocker/" title="POST Request Attack Protection Bonus Custom Code" target="_blank"><?php _e('POST Request Attack Protection', 'bulletproof-security'); ?></a></strong><br /><br />
254
 
255
+ <?php $text = '<strong>'.__('Security Log General Information', 'bulletproof-security').'</strong><br>'.__('To view your Security Log click the View Log button. Your Security Log file is a plain text static file and not a dynamic file or dynamic display to keep your website resource usage at a bare minimum and keep your website performance at a maximum. Log entries are logged in descending order by Date and Time. You can copy, edit and delete this plain text file.', 'bulletproof-security').'<br><br><strong>'.__('Note: ', 'bulletproof-security').'</strong>'.__('Security Log Email Alert and Log file option settings are on the Email|Log Settings page.', 'bulletproof-security').'<strong><br><br>'.__('NOTE: ', 'bulletproof-security').'</strong>'.__('If a particular User Agent|Bot is generating excessive log entries you can add it to Add User Agents|Bots to Ignore|Not Log tool and that User Agent|Bot will no longer be logged. See the Ignoring|Not Logging User Agents|Bots help section.', 'bulletproof-security').'<strong><br><br>'.__('NOTE: ', 'bulletproof-security').'</strong>'.__('BPS logs all 403 errors, but a 403 error may not necessarily be caused by BPS. Use the troubleshooting steps in the BPS Troubleshooting Steps link at the top of this Read Me help window to confirm or eliminate that the 403 error is being caused by BPS.', 'bulletproof-security').'<br><br>'.__('The Security Log logs 400, 403, 405 and 410 HTTP Response Status Codes by default. You can also log 404 HTTP Response Status Codes by opening this BPS 404 Template file - /bulletproof-security/404.php and copying the logging code into your Theme\'s 404 Template file. When you open the BPS Pro 404.php file you will see simple instructions on how to add the 404 logging code to your Theme\'s 404 Template file. The Security Log also logs other events. See the ', 'bulletproof-security').'<strong>'.__('Total # of Security Log Entries by Type', 'bulletproof-security').'</strong>'.__(' help section below for a complete list of BPS Security Log Entry Types.', 'bulletproof-security').'<br><br><strong>'.__('Total # of Security Log Entries by Type', 'bulletproof-security').'</strong><br>'.__('Displays the total number of each type of Security Log Entry in your Security Log file. The Total # of Security Log Entries by Type is also added to each Security Log file when it is zipped and emailed to you and also added directly in the automated Security Log email. Complete list of BPS Security Log Entry Types: 400 POST Bad Request, 400 GET Bad Request, 403 GET Request, 403 POST Request, 404 GET Not Found Request, 404 POST Not Found Request, 405 HEAD Request, 410 Gone POST Request, 410 Gone GET Request, Idle Session Logout, Maintenance Mode - Visitor Logged. BPS has a total of 11 Security Log Entry Types. BPS Pro has a total of 27 Security Log Entry Types.', 'bulletproof-security').'<br><br><strong>'.__('HTTP Response Status Codes', 'bulletproof-security').'</strong><br>'.__('400 Bad Request - The request could not be understood by the server due to malformed syntax.', 'bulletproof-security').'<br><br>'.__('403 Forbidden - The Server understood the request, but is refusing to fulfill it.', 'bulletproof-security').'<br><br>'.__('404 Not Found - The Server has not found anything matching the Request-URI|URL. No indication is given of whether the condition is temporary or permanent.', 'bulletproof-security').'<br><br>'.__('405 Method Not Allowed - The method specified in the Request-Line is not allowed for the resource identified by the Request-URI. The response MUST include an Allow header containing a list of valid methods for the requested resource. BPS blocks HEAD Requests using a 405 ErrorDocument Redirect. The BPS 405 Template has an Allow header field for the GET, POST and PUT HTTP Methods.', 'bulletproof-security').'<br><br>'.__('410 Gone - The requested resource is no longer available at the Server/site and no forwarding address is known. This condition is expected to be considered permanent.', 'bulletproof-security').'<br><br><strong>'.__('Security Log File Size', 'bulletproof-security').'</strong><br>'.__('Displays the size of your Security Log file. 500KB is the optimum recommended log file size setting that you should choose for your log file to be automatically zipped, emailed and replaced with a new blank Security Log file.', 'bulletproof-security').'<br><br><strong>'.__('Security Log Status:', 'bulletproof-security').'</strong><br>'.__('Displays either Logging is Turned On or Logging is Turned Off.', 'bulletproof-security').'<br><br><strong>'.__('Security Log Last Modified Time:', 'bulletproof-security').'</strong><br>'.__('Displays the last time a Security Log entry was logged.', 'bulletproof-security').'<br><br><strong>'.__('Turn Off Logging', 'bulletproof-security').'</strong><br>'.__('Turns Off HTTP 400, 403, 404, 405 & 410 Security Logging.', 'bulletproof-security').'<br><br><strong>'.__('Turn On Logging', 'bulletproof-security').'</strong><br>'.__('Turns On HTTP 400, 403, 404, 405 & 410 Security Logging.', 'bulletproof-security').'<br><br><strong>'.__('Delete Log Button', 'bulletproof-security').'</strong><br>'.__('Clicking the Delete Log button will delete the entire contents of your Security Log File.', 'bulletproof-security').'<br><br><strong>'.__('POST Request Body Data', 'bulletproof-security').'</strong><br>'.__('The POST Request Body Data option settings only affect the REQUEST BODY Security Log field in your Security Log entries when a POST Request is blocked and logged by BPS. To capture/log all POST Request Attacks against your website you will need to add the POST Request Attack Protection Bonus Custom Code. A link to that Bonus Custom Code is at the top of this Read Me help window. If you do not want to add the Bonus Custom Code then some, but not all POST Request Attacks will be captured/logged in the Security Log.', 'bulletproof-security').'<br><br>'.__('The default POST Request Body Data option setting is "Do Not Log POST Request Body Data (0KB)", which means do not capture/log the POST Request data that was sent in the attack. You will see this text in the REQUEST BODY Security Log entry field: "REQUEST BODY: BPS Security Log option set to: Do Not Log POST Request Body Data" instead of the actual POST Request Body data used in the attack on your website. The reason the default setting is set to: "Do Not Log POST Request Body Data (0KB)" is because some web hosts falsely interpret the BPS Security Log text file as malicious since hacker code used to attack your website can be captured/logged in the Security Log text file if you are using the "Log Minimum..." or "Log Maximum..." POST Request Body Data option settings.', 'bulletproof-security').'<br><br>'.__('The "Log Minimum POST Request Body Data (5KB)" option setting will capture/log the first 500 characters or 5KB of hacker code used to attack your website in a POST Request attack and log that hacker code in the REQUEST BODY Security Log entry field. The "Log Maximum POST Request Body Data (250KB)" option setting will capture/log the first 250000 characters or roughly 250KB of hacker code used to attack your website in a POST Request attack and log that hacker code in the REQUEST BODY Security Log entry field. Hacker scripts typically range in size from 20KB to 100KB on average.', 'bulletproof-security').'<br><br><strong>'.__('Important Notes: ', 'bulletproof-security').'</strong>'.__('If you are using email security protection on your computer then your automatically zipped and emailed BPS Security Log files may be seen as containing a virus (hacker script/code) and they could be automatically deleted by your email protection application on your computer. Your computer security protection software may also see the Security Log file as malicious and block it. If your web host falsely sees the BPS Security Log file as a malicious hacker file then you will need to change your POST Request Body Data option setting and use the "Do Not Log POST Request Body Data (0KB)" option setting instead.', 'bulletproof-security').'<br><br><strong>'.__('Ignoring|Not Logging User Agents|Bots - Allowing|Logging User Agents|Bots', 'bulletproof-security').'</strong><br>'.__('Adding or Removing User Agents|Bots adds or removes User Agents|Bots to your Database and also writes new code to the 403.php Security Logging template. The 403.php Security Logging file is where the check occurs whether or not to log or not log a User Agent|Bot. It would be foolish and costly to website performance to have your WordPress database handle the task/function/burden of checking which User Agents|Bots to log or not log. WordPress database queries are the most resource draining function of a WordPress website. The more database queries that are happening at the same time on your website the slower your website will perform and load. For this reason the Security Logging check is done from code in the 403.php Security Logging file.', 'bulletproof-security').'<br><br>'.__('If a particular User Agent|Bot is being logged excessively in your Security Log file you can Ignore|Not Log that particular User Agent|Bot based on the HTTP_USER_AGENT string in your Security Log. Example User Agent strings: Mozilla/5.0 (compatible; 008/0.85; http://www.80legs.com/webcrawler.html) Gecko/2008032620 and facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php). You could enter 008 or 80legs or webcrawler to Ignore|Not Log the 80legs User Agent|Bot. You could enter facebookexternalhit or facebook or externalhit_uatext to Ignore|Not Log the facebook User Agent|Bot.', 'bulletproof-security').'<br><br><strong>'.__('Add User Agents|Bots to Ignore|Not Log', 'bulletproof-security').'</strong><br>'.__('Add the User Agent|Bot names you would like to Ignore|Not Log in your Security Log. These code characters are not allowed to be used: ', 'bulletproof-security').'/ | < > \' "<br><br><strong>'.__('Removing User Agents|Bots to Allow|Log', 'bulletproof-security').'</strong><br>'.__('To search for ALL User Agents|Bots to remove/delete from your database leave the text box blank and click the Remove|Allow button. You will see a Dynamically generated Radio Button Form that will display the User Agents|Bots in the BPS User Agent|Bot database Table, Remove or Do Not Remove Radio buttons and the Timestamp when the User Agent|Bot was added to your DB. Select the Remove Radio buttons for the User Agents|Bots you want to remove/delete from your database and click the Remove button. Removing/deleting User Agents|Bots from your database means that you want to have these User Agents|Bots logged again in your Security Log.', 'bulletproof-security').'<br><br><strong>'.__('View Log', 'bulletproof-security').'</strong><br>'.__('In previous versions of BPS the Security Log was displayed open by default. The Security Log is now closed by default due to problems with ModSecurity CRS seeing the Security Log entries as malicious and blocking access to the Security Log page. If you are unable to open/view your Security Log file you can view your Security Log file by using FTP or your web host control panel file manager and opening the Security Log file located here ', 'bulletproof-security').'/'.$bps_wpcontent_dir.'/bps-backup/logs/http_error_log.txt. '.__('The new View Log feature also resolves another problem, which is if the Security Log file automation is not working due to WP Cron jobs being disabled on a website then the Security Log file will not be automatically zipped, emailed to you and replaced with a new blank log file at regular cron intervals by the Security Log file Cron job automation. If your Security Log file is extremely large and you are unable to open/view it then you can manually download a copy of the Security Log file using FTP or your web host control panel file manager and then delete it using the Delete Log button.', 'bulletproof-security'); echo $text; ?></p>
256
  </div>
257
 
258
  <?php
703
  /*************************************/
704
  ?>
705
 
706
+ <div id="ViewSecurityLog" style="margin:10px 0px 10px 0px">
707
+ <form name="ViewSecurityLogForm" action="<?php echo admin_url( 'admin.php?page=bulletproof-security/admin/security-log/security-log.php' ); ?>" method="post">
708
+ <?php wp_nonce_field('bps_view_security_log'); ?>
709
+ <input type="submit" name="Submit-View-Security-Log" value="<?php esc_attr_e('View Log', 'bulletproof-security') ?>" class="button bps-button" onclick="return confirm('<?php $text = __('Clicking OK will display the contents of your Security Log file.', 'bulletproof-security').'\n\n'.$bpsSpacePop.'\n\n'.__('Click OK to view the Log file or click Cancel.', 'bulletproof-security'); echo $text; ?>')" />
710
+ </form>
711
+ </div>
712
+
713
  <div id="messageinner" class="updatedinner">
714
 
715
  <?php
719
  // Note: If this is a problem for other non-English languages then switch to UTF-8
720
  function bps_get_security_log() {
721
 
722
+ if ( isset( $_POST['Submit-View-Security-Log'] ) && current_user_can('manage_options') ) {
723
+ check_admin_referer( 'bps_view_security_log' );
724
+
725
  $bps_sec_log = WP_CONTENT_DIR . '/bps-backup/logs/http_error_log.txt';
726
  $bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );
727
 
740
  }
741
 
742
  // Form - Security Log - Perform File Open and Write test - If append write test is successful write to file
743
+ function bpsPro_security_log_write_check() {
744
+
745
+ if ( @$_POST['submit-security-log'] != true ) {
746
+
747
+ $bps_sec_log = WP_CONTENT_DIR . '/bps-backup/logs/http_error_log.txt';
748
 
749
+ if ( is_writable($bps_sec_log) ) {
750
+ $text = '<font color="green" style="font-size:12px;"><strong>'.__('File Open and Write test successful! Your Security Log file is writable.', 'bulletproof-security').'</strong></font><br>';
751
+ echo $text;
752
+
753
+ } else {
754
+
755
+ $text = '<font color="#fb0101" style="font-size:12px;"><strong>'.__('Cannot write to file: ', 'bulletproof-security').$bps_sec_log . '</strong></font><br>';
756
+ echo $text;
757
+ }
 
758
  }
759
+ }
760
+
761
+ bpsPro_security_log_write_check();
762
+
763
  if ( isset( $_POST['submit-security-log'] ) && current_user_can('manage_options') ) {
764
  check_admin_referer( 'bulletproof_security_save_security_log' );
765
  $newcontentSecLog = stripslashes($_POST['newcontentSecLog']);
766
+
767
  if ( is_writable($bps_sec_log) ) {
768
+
769
  $handle = fopen($bps_sec_log, 'w+b');
770
  fwrite($handle, $newcontentSecLog);
771
+
772
+ $text = '<font color="green" style="font-size:12px;"><strong>'.__('Success! Your Security Log file has been updated.', 'bulletproof-security').'</strong></font><br>';
773
+ echo $text;
774
+
775
+ echo $bps_topDiv;
776
+ $text = '<font color="green"><strong>'.__('Success! Your Security Log file has been updated.', 'bulletproof-security').'</strong></font>';
777
+ echo $text;
778
+ echo $bps_bottomDiv;
779
+
780
+ fclose($handle);
781
  }
782
  }
783
  $scrolltoSecLog = isset($_REQUEST['scrolltoSecLog']) ? (int) $_REQUEST['scrolltoSecLog'] : 0;
admin/system-info/system-info.php CHANGED
@@ -24,34 +24,34 @@ if ( $ScrollTop_options['bps_scrolltop'] != 'Off' ) {
24
  ?>
25
 
26
  <?php
27
- if ( function_exists('get_transient') ) {
28
- require_once( ABSPATH . 'wp-admin/includes/plugin-install.php' );
29
 
30
- if ( false === ( $bps_api = get_transient('bulletproof-security_info') ) ) {
31
- $bps_api = plugins_api( 'plugin_information', array( 'slug' => stripslashes( 'bulletproof-security' ) ) );
32
 
33
- if ( ! is_wp_error( $bps_api ) ) {
34
- $bps_expire = 60 * 30; // Cache downloads data for 30 minutes
35
- $bps_downloaded = array( 'downloaded' => $bps_api->downloaded );
36
- maybe_serialize( $bps_downloaded );
37
- set_transient( 'bulletproof-security_info', $bps_downloaded, $bps_expire );
38
- }
39
- }
40
-
41
- $bps_transient = get_transient( 'bulletproof-security_info' );
42
 
43
  echo '<div class="bps-star-container">';
44
  echo '<div class="bps-star"><img src="'.plugins_url('/bulletproof-security/admin/images/star.png').'" /></div>';
45
  echo '<div class="bps-downloaded">';
46
 
47
- foreach ( $bps_transient as $key => $value ) {
48
- echo number_format_i18n( $value ) .' '. str_replace( 'downloaded', "Downloads", $key );
49
- }
50
 
51
  echo '<div class="bps-star-link"><a href="https://wordpress.org/support/view/plugin-reviews/bulletproof-security#postform" target="_blank" title="Add a Star Rating for the BPS plugin">'.__('Rate BPS', 'bulletproof-security').'</a><br><a href="https://affiliates.ait-pro.com/po/" target="_blank" title="Upgrade to BulletProof Security Pro">Upgrade to Pro</a></div>';
52
  echo '</div>';
53
  echo '</div>';
54
- }
55
  ?>
56
 
57
  <h2 class="bps-tab-title"><?php _e('BulletProof Security ~ System Information', 'bulletproof-security'); ?></h2>
24
  ?>
25
 
26
  <?php
27
+ //if ( function_exists('get_transient') ) {
28
+ //require_once( ABSPATH . 'wp-admin/includes/plugin-install.php' );
29
 
30
+ // if ( false === ( $bps_api = get_transient('bulletproof-security_info') ) ) {
31
+ // $bps_api = plugins_api( 'plugin_information', array( 'slug' => stripslashes( 'bulletproof-security' ) ) );
32
 
33
+ // if ( ! is_wp_error( $bps_api ) ) {
34
+ // $bps_expire = 60 * 30; // Cache downloads data for 30 minutes
35
+ // $bps_downloaded = array( 'downloaded' => $bps_api->downloaded );
36
+ // maybe_serialize( $bps_downloaded );
37
+ // set_transient( 'bulletproof-security_info', $bps_downloaded, $bps_expire );
38
+ // }
39
+ // }
40
+
41
+ // $bps_transient = get_transient( 'bulletproof-security_info' );
42
 
43
  echo '<div class="bps-star-container">';
44
  echo '<div class="bps-star"><img src="'.plugins_url('/bulletproof-security/admin/images/star.png').'" /></div>';
45
  echo '<div class="bps-downloaded">';
46
 
47
+ // foreach ( $bps_transient as $key => $value ) {
48
+ // echo number_format_i18n( $value ) .' '. str_replace( 'downloaded', "Downloads", $key );
49
+ // }
50
 
51
  echo '<div class="bps-star-link"><a href="https://wordpress.org/support/view/plugin-reviews/bulletproof-security#postform" target="_blank" title="Add a Star Rating for the BPS plugin">'.__('Rate BPS', 'bulletproof-security').'</a><br><a href="https://affiliates.ait-pro.com/po/" target="_blank" title="Upgrade to BulletProof Security Pro">Upgrade to Pro</a></div>';
52
  echo '</div>';
53
  echo '</div>';
54
+ //}
55
  ?>
56
 
57
  <h2 class="bps-tab-title"><?php _e('BulletProof Security ~ System Information', 'bulletproof-security'); ?></h2>
admin/theme-skin/theme-skin.php CHANGED
@@ -29,34 +29,34 @@ if ( $ScrollTop_options['bps_scrolltop'] != 'Off' ) {
29
  ?>
30
 
31
  <?php
32
- if ( function_exists('get_transient') ) {
33
- require_once( ABSPATH . 'wp-admin/includes/plugin-install.php' );
34
 
35
- if ( false === ( $bps_api = get_transient('bulletproof-security_info') ) ) {
36
- $bps_api = plugins_api( 'plugin_information', array( 'slug' => stripslashes( 'bulletproof-security' ) ) );
37
 
38
- if ( ! is_wp_error( $bps_api ) ) {
39
- $bps_expire = 60 * 30; // Cache downloads data for 30 minutes
40
- $bps_downloaded = array( 'downloaded' => $bps_api->downloaded );
41
- maybe_serialize( $bps_downloaded );
42
- set_transient( 'bulletproof-security_info', $bps_downloaded, $bps_expire );
43
- }
44
- }
45
-
46
- $bps_transient = get_transient( 'bulletproof-security_info' );
47
 
48
  echo '<div class="bps-star-container">';
49
  echo '<div class="bps-star"><img src="'.plugins_url('/bulletproof-security/admin/images/star.png').'" /></div>';
50
  echo '<div class="bps-downloaded">';
51
 
52
- foreach ( $bps_transient as $key => $value ) {
53
- echo number_format_i18n( $value ) .' '. str_replace( 'downloaded', "Downloads", $key );
54
- }
55
 
56
  echo '<div class="bps-star-link"><a href="https://wordpress.org/support/view/plugin-reviews/bulletproof-security#postform" target="_blank" title="Add a Star Rating for the BPS plugin">'.__('Rate BPS', 'bulletproof-security').'</a><br><a href="https://affiliates.ait-pro.com/po/" target="_blank" title="Upgrade to BulletProof Security Pro">Upgrade to Pro</a></div>';
57
  echo '</div>';
58
  echo '</div>';
59
- }
60
  ?>
61
 
62
  <h2 class="bps-tab-title"><?php _e('BulletProof Security ~ UI|UX Settings', 'bulletproof-security'); ?></h2>
29
  ?>
30
 
31
  <?php
32
+ //if ( function_exists('get_transient') ) {
33
+ //require_once( ABSPATH . 'wp-admin/includes/plugin-install.php' );
34
 
35
+ // if ( false === ( $bps_api = get_transient('bulletproof-security_info') ) ) {
36
+ // $bps_api = plugins_api( 'plugin_information', array( 'slug' => stripslashes( 'bulletproof-security' ) ) );
37
 
38
+ // if ( ! is_wp_error( $bps_api ) ) {
39
+ // $bps_expire = 60 * 30; // Cache downloads data for 30 minutes
40
+ // $bps_downloaded = array( 'downloaded' => $bps_api->downloaded );
41
+ // maybe_serialize( $bps_downloaded );
42
+ // set_transient( 'bulletproof-security_info', $bps_downloaded, $bps_expire );
43
+ // }
44
+ // }
45
+
46
+ // $bps_transient = get_transient( 'bulletproof-security_info' );
47
 
48
  echo '<div class="bps-star-container">';
49
  echo '<div class="bps-star"><img src="'.plugins_url('/bulletproof-security/admin/images/star.png').'" /></div>';
50
  echo '<div class="bps-downloaded">';
51
 
52
+ // foreach ( $bps_transient as $key => $value ) {
53
+ // echo number_format_i18n( $value ) .' '. str_replace( 'downloaded', "Downloads", $key );
54
+ // }
55
 
56
  echo '<div class="bps-star-link"><a href="https://wordpress.org/support/view/plugin-reviews/bulletproof-security#postform" target="_blank" title="Add a Star Rating for the BPS plugin">'.__('Rate BPS', 'bulletproof-security').'</a><br><a href="https://affiliates.ait-pro.com/po/" target="_blank" title="Upgrade to BulletProof Security Pro">Upgrade to Pro</a></div>';
57
  echo '</div>';
58
  echo '</div>';
59
+ //}
60
  ?>
61
 
62
  <h2 class="bps-tab-title"><?php _e('BulletProof Security ~ UI|UX Settings', 'bulletproof-security'); ?></h2>
admin/wizard/wizard.php CHANGED
@@ -73,34 +73,34 @@ bpsPro_w3tc_dashboard_iframe_preload();
73
  ?>
74
 
75
  <?php
76
- if ( function_exists('get_transient') ) {
77
- require_once( ABSPATH . 'wp-admin/includes/plugin-install.php' );
78
 
79
- if ( false === ( $bps_api = get_transient('bulletproof-security_info') ) ) {
80
- $bps_api = plugins_api( 'plugin_information', array( 'slug' => stripslashes( 'bulletproof-security' ) ) );
81
 
82
- if ( ! is_wp_error( $bps_api ) ) {
83
- $bps_expire = 60 * 30; // Cache downloads data for 30 minutes
84
- $bps_downloaded = array( 'downloaded' => $bps_api->downloaded );
85
- maybe_serialize( $bps_downloaded );
86
- set_transient( 'bulletproof-security_info', $bps_downloaded, $bps_expire );
87
- }
88
- }
89
-
90
- $bps_transient = get_transient( 'bulletproof-security_info' );
91
 
92
  echo '<div class="bps-star-container">';
93
  echo '<div class="bps-star"><img src="'.plugins_url('/bulletproof-security/admin/images/star.png').'" /></div>';
94
  echo '<div class="bps-downloaded">';
95
 
96
- foreach ( $bps_transient as $key => $value ) {
97
- echo number_format_i18n( $value ) .' '. str_replace( 'downloaded', "Downloads", $key );
98
- }
99
 
100
  echo '<div class="bps-star-link"><a href="https://wordpress.org/support/view/plugin-reviews/bulletproof-security#postform" target="_blank" title="Add a Star Rating for the BPS plugin">'.__('Rate BPS', 'bulletproof-security').'</a><br><a href="https://affiliates.ait-pro.com/po/" target="_blank" title="Upgrade to BulletProof Security Pro">Upgrade to Pro</a></div>';
101
  echo '</div>';
102
  echo '</div>';
103
- }
104
  ?>
105
 
106
  <div id="message" class="updated" style="border:1px solid #999;background-color:#000;">
73
  ?>
74
 
75
  <?php
76
+ //if ( function_exists('get_transient') ) {
77
+ //require_once( ABSPATH . 'wp-admin/includes/plugin-install.php' );
78
 
79
+ // if ( false === ( $bps_api = get_transient('bulletproof-security_info') ) ) {
80
+ // $bps_api = plugins_api( 'plugin_information', array( 'slug' => stripslashes( 'bulletproof-security' ) ) );
81
 
82
+ // if ( ! is_wp_error( $bps_api ) ) {
83
+ // $bps_expire = 60 * 30; // Cache downloads data for 30 minutes
84
+ // $bps_downloaded = array( 'downloaded' => $bps_api->downloaded );
85
+ // maybe_serialize( $bps_downloaded );
86
+ // set_transient( 'bulletproof-security_info', $bps_downloaded, $bps_expire );
87
+ // }
88
+ // }
89
+
90
+ // $bps_transient = get_transient( 'bulletproof-security_info' );
91
 
92
  echo '<div class="bps-star-container">';
93
  echo '<div class="bps-star"><img src="'.plugins_url('/bulletproof-security/admin/images/star.png').'" /></div>';
94
  echo '<div class="bps-downloaded">';
95
 
96
+ // foreach ( $bps_transient as $key => $value ) {
97
+ // echo number_format_i18n( $value ) .' '. str_replace( 'downloaded', "Downloads", $key );
98
+ // }
99
 
100
  echo '<div class="bps-star-link"><a href="https://wordpress.org/support/view/plugin-reviews/bulletproof-security#postform" target="_blank" title="Add a Star Rating for the BPS plugin">'.__('Rate BPS', 'bulletproof-security').'</a><br><a href="https://affiliates.ait-pro.com/po/" target="_blank" title="Upgrade to BulletProof Security Pro">Upgrade to Pro</a></div>';
101
  echo '</div>';
102
  echo '</div>';
103
+ //}
104
  ?>
105
 
106
  <div id="message" class="updated" style="border:1px solid #999;background-color:#000;">
bulletproof-security.php CHANGED
@@ -5,7 +5,7 @@ Plugin URI: https://forum.ait-pro.com/read-me-first/
5
  Text Domain: bulletproof-security
6
  Domain Path: /languages/
7
  Description: <strong>Feature Highlights:</strong> Setup Wizard &bull; MScan Malware Scanner &bull; .htaccess Website Security Protection (Firewalls) &bull; Security Logging|HTTP Error Logging &bull; DB Backup &bull; DB Table Prefix Changer &bull; Login Security & Monitoring &bull; JTC-Lite Login Form Bot Lockout Protection &bull; Idle Session Logout (ISL) &bull; Auth Cookie Expiration (ACE) &bull; UI Theme Skin Changer &bull; System Info: Extensive System, Server and Security Status Information &bull; FrontEnd|BackEnd Maintenance Mode
8
- Version: 3.5
9
  Author: AITpro Website Security
10
  Author URI: https://forum.ait-pro.com/read-me-first/
11
  */
@@ -33,9 +33,9 @@ Author URI: https://forum.ait-pro.com/read-me-first/
33
  // and cannot access the global variables within functions in BPS. Luckily this does not break BPS or WordPress in any way and PHP.net states this is technically not an error.
34
  global $bps_last_version, $bps_version, $aitpro_bullet, $bps_topDiv, $bps_bottomDiv, $bpsPro_remote_addr, $bpsPro_http_client_ip, $bpsPro_http_forwarded, $bpsPro_http_x_forwarded_for, $bpsPro_http_x_cluster_client_ip, $bps_wpcontent_dir, $bps_plugin_dir;
35
 
36
- define( 'BULLETPROOF_VERSION', '3.5' );
37
- $bps_last_version = '3.4';
38
- $bps_version = '3.5';
39
  $aitpro_bullet = '<img src="'.plugins_url('/bulletproof-security/admin/images/aitpro-bullet.png').'" style="padding:0px 3px 0px 3px;" />';
40
  // Top div & bottom div
41
  $bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
@@ -98,6 +98,12 @@ $BPS_ISL_options = get_option('bulletproof_security_options_idle_session');
98
  if ( $BPS_ISL_options['bps_isl'] == 'On' ) {
99
  require_once( WP_PLUGIN_DIR . '/bulletproof-security/includes/idle-session-logout.php' );
100
  }
 
 
 
 
 
 
101
 
102
  // If in single site Admin Dashboard
103
  if ( is_admin() ) {
5
  Text Domain: bulletproof-security
6
  Domain Path: /languages/
7
  Description: <strong>Feature Highlights:</strong> Setup Wizard &bull; MScan Malware Scanner &bull; .htaccess Website Security Protection (Firewalls) &bull; Security Logging|HTTP Error Logging &bull; DB Backup &bull; DB Table Prefix Changer &bull; Login Security & Monitoring &bull; JTC-Lite Login Form Bot Lockout Protection &bull; Idle Session Logout (ISL) &bull; Auth Cookie Expiration (ACE) &bull; UI Theme Skin Changer &bull; System Info: Extensive System, Server and Security Status Information &bull; FrontEnd|BackEnd Maintenance Mode
8
+ Version: 3.6
9
  Author: AITpro Website Security
10
  Author URI: https://forum.ait-pro.com/read-me-first/
11
  */
33
  // and cannot access the global variables within functions in BPS. Luckily this does not break BPS or WordPress in any way and PHP.net states this is technically not an error.
34
  global $bps_last_version, $bps_version, $aitpro_bullet, $bps_topDiv, $bps_bottomDiv, $bpsPro_remote_addr, $bpsPro_http_client_ip, $bpsPro_http_forwarded, $bpsPro_http_x_forwarded_for, $bpsPro_http_x_cluster_client_ip, $bps_wpcontent_dir, $bps_plugin_dir;
35
 
36
+ define( 'BULLETPROOF_VERSION', '3.6' );
37
+ $bps_last_version = '3.5';
38
+ $bps_version = '3.6';
39
  $aitpro_bullet = '<img src="'.plugins_url('/bulletproof-security/admin/images/aitpro-bullet.png').'" style="padding:0px 3px 0px 3px;" />';
40
  // Top div & bottom div
41
  $bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
98
  if ( $BPS_ISL_options['bps_isl'] == 'On' ) {
99
  require_once( WP_PLUGIN_DIR . '/bulletproof-security/includes/idle-session-logout.php' );
100
  }
101
+ // PHP Encryption|Decryption class using openssl_decrypt() and openssl_encrypt()
102
+ // Web hosts may see this file as malicious and block or delete it. So a file_exists check needs to be here.
103
+ $bpsPro_encrypt_decrypt_class = WP_PLUGIN_DIR . '/bulletproof-security/includes/encrypt-decrypt-class.php';
104
+ if ( file_exists ( $bpsPro_encrypt_decrypt_class ) ) {
105
+ require_once( WP_PLUGIN_DIR . '/bulletproof-security/includes/encrypt-decrypt-class.php' );
106
+ }
107
 
108
  // If in single site Admin Dashboard
109
  if ( is_admin() ) {
includes/encrypt-decrypt-class.php ADDED
@@ -0,0 +1,109 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /**
3
+ * Web hosts and other WordPress Security Plugins will most likely falsely see this file as malicious.
4
+ * This file contains 2 PHP functions that scanners consider malicious: base64_decode() and base64_encode.
5
+ * You will need to inform or contact your web host or plugin author that this file is not malicous.
6
+ * Your web host or your WP Security plugin should allow you to whitelist this file.
7
+ */
8
+
9
+ /**
10
+ * Encryption class for encrypt/decrypt that works between programming languages.
11
+ *
12
+ * @author Vee Winch.
13
+ * @link https://stackoverflow.com/questions/41222162/encrypt-in-php-openssl-and-decrypt-in-javascript-cryptojs Reference.
14
+ */
15
+ class bpsProPHPEncryption
16
+ {
17
+
18
+ /**
19
+ * @link http://php.net/manual/en/function.openssl-get-cipher-methods.php Available methods.
20
+ * @var string Cipher method. Recommended AES-128-CBC, AES-192-CBC, AES-256-CBC
21
+ */
22
+ protected $encryptMethod = 'AES-256-CBC';
23
+
24
+ /**
25
+ * Decrypt string.
26
+ *
27
+ * @link https://stackoverflow.com/questions/41222162/encrypt-in-php-openssl-and-decrypt-in-javascript-cryptojs Reference.
28
+ * @param string $encryptedString The encrypted string that is base64 encode.
29
+ * @param string $key The key.
30
+ * @return mixed Return original string value. Return null for failure get salt, iv.
31
+ */
32
+ public function decrypt($encryptedString, $key)
33
+ {
34
+ $json = json_decode(base64_decode($encryptedString), true);
35
+
36
+ try {
37
+ $salt = hex2bin($json["salt"]);
38
+ $iv = hex2bin($json["iv"]);
39
+ } catch (Exception $e) {
40
+ return null;
41
+ }
42
+
43
+ $cipherText = base64_decode($json['ciphertext']);
44
+
45
+ $iterations = intval(abs($json['iterations']));
46
+ if ($iterations <= 0) {
47
+ $iterations = 999;
48
+ }
49
+ $hashKey = hash_pbkdf2('sha512', $key, $salt, $iterations, ($this->encryptMethodLength() / 4));
50
+ unset($iterations, $json, $salt);
51
+
52
+ $decrypted = openssl_decrypt($cipherText , $this->encryptMethod, hex2bin($hashKey), OPENSSL_RAW_DATA, $iv);
53
+ unset($cipherText, $hashKey, $iv);
54
+
55
+ return $decrypted;
56
+ }// decrypt
57
+
58
+ /**
59
+ * Encrypt string.
60
+ *
61
+ * @link https://stackoverflow.com/questions/41222162/encrypt-in-php-openssl-and-decrypt-in-javascript-cryptojs Reference.
62
+ * @param string $string The original string to be encrypt.
63
+ * @param string $key The key.
64
+ * @return string Return encrypted string.
65
+ */
66
+ public function encrypt($string, $key)
67
+ {
68
+ $ivLength = openssl_cipher_iv_length($this->encryptMethod);
69
+ $iv = openssl_random_pseudo_bytes($ivLength);
70
+
71
+ $salt = openssl_random_pseudo_bytes(256);
72
+ $iterations = 999;
73
+ $hashKey = hash_pbkdf2('sha512', $key, $salt, $iterations, ($this->encryptMethodLength() / 4));
74
+
75
+ $encryptedString = openssl_encrypt($string, $this->encryptMethod, hex2bin($hashKey), OPENSSL_RAW_DATA, $iv);
76
+
77
+ $encryptedString = base64_encode($encryptedString);
78
+ unset($hashKey);
79
+
80
+ // DW is seeing a syntax error here, but the syntax is correct. Ignore this.
81
+ $output = ['ciphertext' => $encryptedString, 'iv' => bin2hex($iv), 'salt' => bin2hex($salt), 'iterations' => $iterations];
82
+ unset($encryptedString, $iterations, $iv, $ivLength, $salt);
83
+
84
+ return base64_encode(json_encode($output));
85
+ }// encrypt
86
+
87
+ /**
88
+ * Get encrypt method length number (128, 192, 256).
89
+ *
90
+ * @return integer.
91
+ */
92
+ protected function encryptMethodLength()
93
+ {
94
+ $number = filter_var($this->encryptMethod, FILTER_SANITIZE_NUMBER_INT);
95
+
96
+ return intval(abs($number));
97
+ }// encryptMethodLength
98
+
99
+ /**
100
+ * Set encryption method.
101
+ *
102
+ * @link http://php.net/manual/en/function.openssl-get-cipher-methods.php Available methods.
103
+ * @param string $cipherMethod
104
+ */
105
+ public function setCipherMethod($cipherMethod)
106
+ {
107
+ $this->encryptMethod = $cipherMethod;
108
+ }// setCipherMethod
109
+ }
languages/bulletproof-security.pot CHANGED
@@ -3,7 +3,7 @@ msgid ""
3
  msgstr ""
4
  "Project-Id-Version: bulletproof-security\n"
5
  "Report-Msgid-Bugs-To: \n"
6
- "POT-Creation-Date: 2019-07-01 16:18-0700\n"
7
  "PO-Revision-Date: 2015-06-20 19:13-0800\n"
8
  "Last-Translator: Ed Alexander <edward@ait-pro.com>\n"
9
  "Language-Team: AITpro <info@ait-pro.com>\n"
@@ -39,25 +39,25 @@ msgid ""
39
  "text box were it was added and click the Save Root Custom Code button."
40
  msgstr ""
41
 
42
- #: admin/core/core-custom-code.php:107
43
  msgid ""
44
  "Root Custom Code saved successfully! Go to the Security Modes tab page and "
45
  "click the Root Folder BulletProof Mode Activate button to add/create your "
46
  "new Custom Code in your Root htaccess file."
47
  msgstr ""
48
 
49
- #: admin/core/core-custom-code.php:133
50
  msgid ""
51
  "wp-admin Custom Code saved successfully! Go to the Security Modes tab page "
52
  "and click wp-admin Folder BulletProof Mode Activate button to add/create "
53
  "your new Custom Code in your wp-admin htaccess file."
54
  msgstr ""
55
 
56
- #: admin/core/core-custom-code.php:144
57
  msgid "Root htaccess File Custom Code"
58
  msgstr ""
59
 
60
- #: admin/core/core-custom-code.php:162
61
  msgid ""
62
  "CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE:<br>Add php/php.ini handler "
63
  "code, cache code and/or <a href=\"https://forum.ait-pro.com/forums/topic/"
@@ -65,28 +65,28 @@ msgid ""
65
  "Browser window\" target=\"_blank\">Speed Boost Cache Code</a>"
66
  msgstr ""
67
 
68
- #: admin/core/core-custom-code.php:163
69
  msgid ""
70
  "ONLY add valid php/php.ini handler htaccess code and/or cache htaccess code "
71
  "below or text commented out with a pound sign #"
72
  msgstr ""
73
 
74
- #: admin/core/core-custom-code.php:170 admin/core/core-help-text.php:40
75
  msgid "CUSTOM CODE TURN OFF YOUR SERVER SIGNATURE:"
76
  msgstr ""
77
 
78
- #: admin/core/core-custom-code.php:171 admin/core/core-help-text.php:40
79
  msgid ""
80
  "You MUST copy and paste the entire TURN OFF YOUR SERVER SIGNATURE section of "
81
  "code from your root .htaccess file into this text box first. You can then "
82
  "edit and modify the code in this text window and save your changes."
83
  msgstr ""
84
 
85
- #: admin/core/core-custom-code.php:178 admin/core/core-help-text.php:40
86
  msgid "CUSTOM CODE DO NOT SHOW DIRECTORY LISTING/DIRECTORY INDEX:"
87
  msgstr ""
88
 
89
- #: admin/core/core-custom-code.php:179 admin/core/core-help-text.php:40
90
  msgid ""
91
  "You MUST copy and paste the entire DO NOT SHOW DIRECTORY LISTING and "
92
  "DIRECTORY INDEX sections of code from your root .htaccess file into this "
@@ -94,32 +94,32 @@ msgid ""
94
  "and save your changes."
95
  msgstr ""
96
 
97
- #: admin/core/core-custom-code.php:186 admin/core/core-help-text.php:40
98
  msgid "CUSTOM CODE BRUTE FORCE LOGIN PAGE PROTECTION:"
99
  msgstr ""
100
 
101
- #: admin/core/core-custom-code.php:187
102
  msgid ""
103
  "This Custom Code text box is for optional/Bonus code. To get this code click "
104
  "the link below:"
105
  msgstr ""
106
 
107
- #: admin/core/core-custom-code.php:194 admin/core/core-help-text.php:40
108
  msgid "CUSTOM CODE ERROR LOGGING AND TRACKING:"
109
  msgstr ""
110
 
111
- #: admin/core/core-custom-code.php:195 admin/core/core-help-text.php:40
112
  msgid ""
113
  "You MUST copy and paste the entire ERROR LOGGING AND TRACKING section of "
114
  "code from your root .htaccess file into this text box first. You can then "
115
  "edit and modify the code in this text window and save your changes."
116
  msgstr ""
117
 
118
- #: admin/core/core-custom-code.php:202 admin/core/core-help-text.php:40
119
  msgid "CUSTOM CODE DENY ACCESS TO PROTECTED SERVER FILES AND FOLDERS:"
120
  msgstr ""
121
 
122
- #: admin/core/core-custom-code.php:203 admin/core/core-help-text.php:40
123
  msgid ""
124
  "You MUST copy and paste the entire DENY ACCESS TO PROTECTED SERVER FILES AND "
125
  "FOLDERS section of code from your root .htaccess file into this text box "
@@ -127,37 +127,37 @@ msgid ""
127
  "your changes."
128
  msgstr ""
129
 
130
- #: admin/core/core-custom-code.php:210
131
  msgid "CUSTOM CODE WP-ADMIN/INCLUDES: DO NOT add wp-admin .htaccess code here"
132
  msgstr ""
133
 
134
- #: admin/core/core-custom-code.php:211
135
  msgid ""
136
  "Add one pound sign # below to prevent the WP-ADMIN/INCLUDES section of code "
137
  "from being created in your root .htaccess file"
138
  msgstr ""
139
 
140
- #: admin/core/core-custom-code.php:218
141
  msgid ""
142
  "CUSTOM CODE WP REWRITE LOOP START: www/non-www http/https Rewrite code here"
143
  msgstr ""
144
 
145
- #: admin/core/core-custom-code.php:219 admin/core/core-help-text.php:40
146
  msgid ""
147
  "You MUST copy and paste the entire WP REWRITE LOOP START section of code "
148
  "from your root .htaccess file into this text box first. You can then edit "
149
  "and modify the code in this text window and save your changes."
150
  msgstr ""
151
 
152
- #: admin/core/core-custom-code.php:227
153
  msgid "CUSTOM CODE REQUEST METHODS FILTERED:"
154
  msgstr ""
155
 
156
- #: admin/core/core-custom-code.php:228
157
  msgid "Whitelist User Agents and allow HEAD Requests"
158
  msgstr ""
159
 
160
- #: admin/core/core-custom-code.php:229
161
  msgid ""
162
  "You MUST copy and paste the entire REQUEST METHODS FILTERED section of code "
163
  "from your root .htaccess file into this text box first. You can then edit "
@@ -166,34 +166,34 @@ msgid ""
166
  "for instructions and examples."
167
  msgstr ""
168
 
169
- #: admin/core/core-custom-code.php:248
170
  msgid ""
171
  "CUSTOM CODE PLUGIN/THEME SKIP/BYPASS RULES:<br>Add personal plugin/theme "
172
  "skip/bypass rules here"
173
  msgstr ""
174
 
175
- #: admin/core/core-custom-code.php:249 admin/core/core-custom-code.php:309
176
- #: admin/core/core-custom-code.php:387 admin/core/core-custom-code.php:395
177
  msgid ""
178
  "ONLY add valid htaccess code below or text commented out with a pound sign #"
179
  msgstr ""
180
 
181
- #: admin/core/core-custom-code.php:256 admin/core/core-help-text.php:40
182
  msgid "CUSTOM CODE TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE:"
183
  msgstr ""
184
 
185
- #: admin/core/core-custom-code.php:257 admin/core/core-help-text.php:40
186
  msgid ""
187
  "You MUST copy and paste the entire TIMTHUMB FORBID RFI section of code from "
188
  "your root .htaccess file into this text box first. You can then edit and "
189
  "modify the code in this text window and save your changes."
190
  msgstr ""
191
 
192
- #: admin/core/core-custom-code.php:264 admin/core/core-help-text.php:40
193
  msgid "CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS:"
194
  msgstr ""
195
 
196
- #: admin/core/core-custom-code.php:265 admin/core/core-help-text.php:40
197
  msgid ""
198
  "You MUST copy and paste the entire BPSQSE QUERY STRING EXPLOITS section of "
199
  "code from your root .htaccess file from # BEGIN BPSQSE BPS QUERY STRING "
@@ -202,49 +202,90 @@ msgid ""
202
  "changes."
203
  msgstr ""
204
 
205
- #: admin/core/core-custom-code.php:275 admin/core/core-help-text.php:34
206
  msgid "CUSTOM CODE WP REWRITE LOOP END: Add WP Rewrite Loop End code here"
207
  msgstr ""
208
 
209
- #: admin/core/core-custom-code.php:276
210
  msgid ""
211
  "This is a Special Custom Code text box that should only be used if the "
212
  "correct WP REWRITE LOOP END code is not being created in your root .htaccess "
213
  "file. See the Read Me help button for more information."
214
  msgstr ""
215
 
216
- #: admin/core/core-custom-code.php:288 admin/core/core-help-text.php:40
217
  msgid "CUSTOM CODE DENY BROWSER ACCESS TO THESE FILES:"
218
  msgstr ""
219
 
220
- #: admin/core/core-custom-code.php:289 admin/core/core-help-text.php:40
221
  msgid ""
222
  "You MUST copy and paste the entire DENY BROWSER ACCESS section of code from "
223
  "your root .htaccess file into this text box first. You can then edit and "
224
  "modify the code in this text window and save your changes."
225
  msgstr ""
226
 
227
- #: admin/core/core-custom-code.php:308 admin/core/core-help-text.php:40
228
  msgid ""
229
  "CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/"
230
  "REDIRECT CODE: Add miscellaneous code here"
231
  msgstr ""
232
 
233
- #: admin/core/core-custom-code.php:318
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
234
  msgid "Click OK to save your Root Custom Code or click Cancel."
235
  msgstr ""
236
 
237
- #: admin/core/core-custom-code.php:348
238
  msgid "wp-admin htaccess File Custom Code"
239
  msgstr ""
240
 
241
- #: admin/core/core-custom-code.php:365
242
  msgid ""
243
  "CUSTOM CODE WPADMIN DENY BROWSER ACCESS TO FILES:<br>Add additional wp-admin "
244
  "files that you would like to block here"
245
  msgstr ""
246
 
247
- #: admin/core/core-custom-code.php:366
248
  msgid ""
249
  "You MUST copy and paste the entire WPADMIN DENY BROWSER ACCESS TO FILES "
250
  "section of code from your wp-admin .htaccess file into this text box first. "
@@ -254,25 +295,25 @@ msgid ""
254
  "htaccess file"
255
  msgstr ""
256
 
257
- #: admin/core/core-custom-code.php:386
258
  msgid ""
259
  "CUSTOM CODE WPADMIN TOP:<br>wp-admin password protection & miscellaneous "
260
  "custom code here"
261
  msgstr ""
262
 
263
- #: admin/core/core-custom-code.php:394
264
  msgid ""
265
  "CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES:<br>Add wp-admin plugin/file skip "
266
  "rules code here"
267
  msgstr ""
268
 
269
- #: admin/core/core-custom-code.php:402
270
  msgid ""
271
  "CUSTOM CODE BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS:<br>Modify "
272
  "Query String Exploit code here"
273
  msgstr ""
274
 
275
- #: admin/core/core-custom-code.php:403 admin/core/core-help-text.php:40
276
  msgid ""
277
  "You MUST copy and paste the entire BPS QUERY STRING EXPLOITS section of code "
278
  "from your wp-admin .htaccess file from # BEGIN BPSQSE-check BPS QUERY STRING "
@@ -281,7 +322,35 @@ msgid ""
281
  "this text window and save your changes."
282
  msgstr ""
283
 
284
- #: admin/core/core-custom-code.php:412
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
285
  msgid "Click OK to save your wp-admin Custom Code or click Cancel."
286
  msgstr ""
287
 
@@ -392,7 +461,7 @@ msgid "Your Root and wp-admin Custom Code has been deleted successfully."
392
  msgstr ""
393
 
394
  #: admin/core/core-forms.php:18 admin/core/core-forms.php:98
395
- #: admin/core/core.php:1127
396
  msgid "htaccess Files Disabled: wp-admin htaccess file writing is disabled. "
397
  msgstr ""
398
 
@@ -402,8 +471,8 @@ msgstr ""
402
  #: admin/core/core-forms.php:364 admin/core/core-forms.php:430
403
  #: admin/core/core-htaccess-code.php:437 admin/core/core-htaccess-code.php:521
404
  #: admin/core/core-htaccess-code.php:590 admin/core/core-htaccess-code.php:674
405
- #: admin/core/core.php:782 admin/core/core.php:859 admin/core/core.php:961
406
- #: admin/core/core.php:1039 admin/core/core.php:1127
407
  #: admin/maintenance/maintenance.php:814 admin/maintenance/maintenance.php:1130
408
  #: admin/maintenance/maintenance.php:1639
409
  #: admin/maintenance/maintenance.php:1769
@@ -417,8 +486,8 @@ msgstr ""
417
  #: admin/core/core-forms.php:364 admin/core/core-forms.php:430
418
  #: admin/core/core-htaccess-code.php:437 admin/core/core-htaccess-code.php:521
419
  #: admin/core/core-htaccess-code.php:590 admin/core/core-htaccess-code.php:674
420
- #: admin/core/core.php:782 admin/core/core.php:859 admin/core/core.php:961
421
- #: admin/core/core.php:1039 admin/core/core.php:1127
422
  #: admin/maintenance/maintenance.php:814 admin/maintenance/maintenance.php:1130
423
  #: admin/maintenance/maintenance.php:1639
424
  #: admin/maintenance/maintenance.php:1769
@@ -996,7 +1065,7 @@ msgid ""
996
  "Send Email Alerts."
997
  msgstr ""
998
 
999
- #: admin/core/core-help-text.php:18 admin/core/core.php:458
1000
  msgid "HPF Cron Check Frequency:"
1001
  msgstr ""
1002
 
@@ -1008,7 +1077,7 @@ msgid ""
1008
  "Options button to save your settings."
1009
  msgstr ""
1010
 
1011
- #: admin/core/core-help-text.php:18 admin/core/core.php:469
1012
  msgid "HPF Cron On|Off:"
1013
  msgstr ""
1014
 
@@ -1018,7 +1087,7 @@ msgid ""
1018
  "HPF Cron Off. Click the Save HPF Cron Options button to save your settings."
1019
  msgstr ""
1020
 
1021
- #: admin/core/core-help-text.php:18 admin/core/core.php:489
1022
  msgid "Ignore Hidden Plugin Folders & Files:"
1023
  msgstr ""
1024
 
@@ -1120,9 +1189,9 @@ msgid ""
1120
  "permanently. To save any new htaccess code permanently use BPS Custom Code."
1121
  msgstr ""
1122
 
1123
- #: admin/core/core-help-text.php:30 admin/core/core.php:208
1124
- #: admin/core/core.php:318 admin/core/core.php:407 admin/core/core.php:519
1125
- #: admin/core/core.php:595 admin/core/core.php:671 admin/core/core.php:1445
1126
  #: admin/db-backup-security/db-backup-help-text.php:12
1127
  #: admin/db-backup-security/db-backup-help-text.php:15
1128
  #: admin/db-backup-security/db-backup-security.php:281
@@ -1194,6 +1263,31 @@ msgstr ""
1194
  msgid " help information above."
1195
  msgstr ""
1196
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1197
  #: admin/core/core-help-text.php:30
1198
  msgid "Lock|Unlock .htaccess Files"
1199
  msgstr ""
@@ -1375,15 +1469,43 @@ msgstr ""
1375
 
1376
  #: admin/core/core-help-text.php:40
1377
  msgid ""
1378
- "2. Click the Save Root Custom Code button to save your Root custom code."
 
 
1379
  msgstr ""
1380
 
1381
  #: admin/core/core-help-text.php:40
1382
  msgid ""
1383
- "3. Go to the Security Modes page and click the Root Folder BulletProof Mode "
 
 
 
 
 
1384
  "Activate button."
1385
  msgstr ""
1386
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1387
  #: admin/core/core-help-text.php:40
1388
  msgid "CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE:"
1389
  msgstr ""
@@ -1600,17 +1722,17 @@ msgstr ""
1600
 
1601
  #: admin/core/core-htaccess-code.php:437 admin/core/core-htaccess-code.php:521
1602
  #: admin/core/core-htaccess-code.php:590 admin/core/core-htaccess-code.php:674
1603
- #: admin/core/core.php:1039
1604
  msgid "htaccess Files Disabled: Root htaccess file writing is disabled. "
1605
  msgstr ""
1606
 
1607
  #: admin/core/core-htaccess-code.php:459 admin/core/core-htaccess-code.php:612
1608
- #: admin/core/core.php:895
1609
  msgid "Failed to copy your Custom default.htaccess file: "
1610
  msgstr ""
1611
 
1612
  #: admin/core/core-htaccess-code.php:459 admin/core/core-htaccess-code.php:612
1613
- #: admin/core/core.php:895
1614
  msgid " to: "
1615
  msgstr ""
1616
 
@@ -1657,7 +1779,7 @@ msgstr ""
1657
  msgid "BulletProof Security ~ htaccess Core"
1658
  msgstr ""
1659
 
1660
- #: admin/core/core.php:152 admin/db-backup-security/db-backup-security.php:69
1661
  #: admin/email-log-settings/email-log-settings.php:64 admin/login/login.php:126
1662
  #: admin/maintenance/maintenance.php:75 admin/mscan/mscan.php:78
1663
  #: admin/security-log/security-log.php:64 admin/system-info/system-info.php:64
@@ -1665,27 +1787,27 @@ msgstr ""
1665
  msgid "Settings Saved"
1666
  msgstr ""
1667
 
1668
- #: admin/core/core.php:179
1669
  msgid "Security Modes"
1670
  msgstr ""
1671
 
1672
- #: admin/core/core.php:180
1673
  msgid "htaccess File Editor"
1674
  msgstr ""
1675
 
1676
- #: admin/core/core.php:181 admin/core/core.php:1429 admin/core/core.php:1442
1677
  msgid "Custom Code"
1678
  msgstr ""
1679
 
1680
- #: admin/core/core.php:182
1681
  msgid "My Notes"
1682
  msgstr ""
1683
 
1684
- #: admin/core/core.php:183
1685
  msgid "Whats New"
1686
  msgstr ""
1687
 
1688
- #: admin/core/core.php:184 admin/db-backup-security/db-backup-security.php:262
1689
  #: admin/db-backup-security/db-backup-security.php:1697
1690
  #: admin/email-log-settings/email-log-settings.php:87 admin/login/login.php:164
1691
  #: admin/maintenance/maintenance.php:150 admin/mscan/mscan.php:115
@@ -1695,20 +1817,20 @@ msgstr ""
1695
  msgid "Help &amp; FAQ"
1696
  msgstr ""
1697
 
1698
- #: admin/core/core.php:185 bulletproof-security.php:152
1699
  msgid "BPS Pro Features"
1700
  msgstr ""
1701
 
1702
- #: admin/core/core.php:193
1703
  msgid "htaccess File Security Modes ~ "
1704
  msgstr ""
1705
 
1706
- #: admin/core/core.php:193
1707
  msgid "RBM, WBM, HPF, MBM & BBM BulletProof Modes"
1708
  msgstr ""
1709
 
1710
- #: admin/core/core.php:193 admin/core/core.php:711 admin/core/core.php:1423
1711
- #: admin/core/core.php:1546 admin/core/core.php:1601
1712
  #: admin/db-backup-security/db-backup-security.php:270
1713
  #: admin/db-backup-security/db-backup-security.php:1201
1714
  #: admin/db-backup-security/db-backup-security.php:1357
@@ -1720,8 +1842,8 @@ msgstr ""
1720
  msgid "Want even more security protection?"
1721
  msgstr ""
1722
 
1723
- #: admin/core/core.php:193 admin/core/core.php:711 admin/core/core.php:1423
1724
- #: admin/core/core.php:1546 admin/core/core.php:1601
1725
  #: admin/email-log-settings/email-log-settings.php:95
1726
  #: admin/maintenance/maintenance.php:170 admin/maintenance/maintenance.php:172
1727
  #: admin/security-log/security-log.php:235 admin/theme-skin/theme-skin.php:101
@@ -1730,8 +1852,8 @@ msgid ""
1730
  "Protect all of your Plugins (plugin folders and files) with an IP Firewall: "
1731
  msgstr ""
1732
 
1733
- #: admin/core/core.php:193 admin/core/core.php:711 admin/core/core.php:1423
1734
- #: admin/core/core.php:1546 admin/core/core.php:1601
1735
  #: admin/email-log-settings/email-log-settings.php:95
1736
  #: admin/maintenance/maintenance.php:170 admin/maintenance/maintenance.php:172
1737
  #: admin/security-log/security-log.php:235 admin/theme-skin/theme-skin.php:101
@@ -1739,8 +1861,8 @@ msgstr ""
1739
  msgid "Get BPS Pro Plugin Firewall"
1740
  msgstr ""
1741
 
1742
- #: admin/core/core.php:193 admin/core/core.php:711 admin/core/core.php:1423
1743
- #: admin/core/core.php:1546 admin/core/core.php:1601
1744
  #: admin/email-log-settings/email-log-settings.php:95
1745
  #: admin/maintenance/maintenance.php:170 admin/maintenance/maintenance.php:172
1746
  #: admin/security-log/security-log.php:235 admin/theme-skin/theme-skin.php:101
@@ -1750,8 +1872,8 @@ msgid ""
1750
  "files: "
1751
  msgstr ""
1752
 
1753
- #: admin/core/core.php:193 admin/core/core.php:711 admin/core/core.php:1423
1754
- #: admin/core/core.php:1546 admin/core/core.php:1601
1755
  #: admin/email-log-settings/email-log-settings.php:95
1756
  #: admin/maintenance/maintenance.php:170 admin/maintenance/maintenance.php:172
1757
  #: admin/security-log/security-log.php:235 admin/theme-skin/theme-skin.php:101
@@ -1759,25 +1881,25 @@ msgstr ""
1759
  msgid "Get BPS Pro Uploads Anti-Exploit Guard"
1760
  msgstr ""
1761
 
1762
- #: admin/core/core.php:199 admin/core/core.php:723 admin/core/core.php:1464
1763
- #: admin/core/core.php:1500 admin/core/core.php:1517 admin/login/login.php:142
1764
  #: admin/login/login.php:199 admin/login/login.php:871
1765
  #: admin/login/login.php:1019 admin/system-info/system-info.php:116
1766
  #: admin/system-info/system-info.php:1034
1767
  msgid "Permission Denied"
1768
  msgstr ""
1769
 
1770
- #: admin/core/core.php:201
1771
  msgid "Activate|Deactivate Security Modes"
1772
  msgstr ""
1773
 
1774
- #: admin/core/core.php:203 admin/core/core.php:205 admin/core/core.php:315
1775
  msgid "Root Folder BulletProof Mode (RBM)"
1776
  msgstr ""
1777
 
1778
- #: admin/core/core.php:203 admin/core/core.php:313 admin/core/core.php:402
1779
- #: admin/core/core.php:514 admin/core/core.php:590 admin/core/core.php:666
1780
- #: admin/core/core.php:717 admin/core/core.php:1429
1781
  #: admin/db-backup-security/db-backup-security.php:276
1782
  #: admin/db-backup-security/db-backup-security.php:1207
1783
  #: admin/db-backup-security/db-backup-security.php:1363
@@ -1791,7 +1913,7 @@ msgstr ""
1791
  msgid "Read Me"
1792
  msgstr ""
1793
 
1794
- #: admin/core/core.php:210 admin/core/core.php:320 admin/core/core.php:1447
1795
  #: admin/db-backup-security/db-backup-security.php:284
1796
  #: admin/email-log-settings/email-log-settings.php:109
1797
  #: admin/login/login.php:1001 admin/maintenance/maintenance.php:189
@@ -1799,122 +1921,122 @@ msgstr ""
1799
  msgid "Forum Help Links: "
1800
  msgstr ""
1801
 
1802
- #: admin/core/core.php:213 admin/core/core.php:323
1803
  msgid "Setup Wizard & Other Video Tutorials"
1804
  msgstr ""
1805
 
1806
- #: admin/core/core.php:214 admin/core/core.php:324
1807
  #: admin/email-log-settings/email-log-settings.php:112
1808
  #: admin/mscan/mscan.php:141 admin/security-log/security-log.php:252
1809
  msgid "BPS Troubleshooting Steps"
1810
  msgstr ""
1811
 
1812
- #: admin/core/core.php:236 admin/core/core.php:239 admin/core/core.php:242
1813
- #: admin/core/core.php:245 admin/core/core.php:253 admin/core/core.php:256
1814
- #: admin/core/core.php:259 admin/core/core.php:262
1815
  msgid "RBM Status: "
1816
  msgstr ""
1817
 
1818
- #: admin/core/core.php:236 admin/core/core.php:253 admin/core/core.php:351
1819
- #: admin/core/core.php:365 admin/core/core.php:538 admin/core/core.php:552
1820
- #: admin/core/core.php:614 admin/core/core.php:628
1821
  msgid "Disabled"
1822
  msgstr ""
1823
 
1824
- #: admin/core/core.php:239 admin/core/core.php:256
1825
  msgid "Root htaccess File Does Not Exist"
1826
  msgstr ""
1827
 
1828
- #: admin/core/core.php:242 admin/core/core.php:259 admin/core/core.php:357
1829
- #: admin/core/core.php:371 admin/core/core.php:544 admin/core/core.php:558
1830
- #: admin/core/core.php:620 admin/core/core.php:634
1831
  #: admin/system-info/system-info.php:243
1832
  msgid "Activated"
1833
  msgstr ""
1834
 
1835
- #: admin/core/core.php:245 admin/core/core.php:262 admin/core/core.php:354
1836
- #: admin/core/core.php:368 admin/core/core.php:541 admin/core/core.php:555
1837
- #: admin/core/core.php:617 admin/core/core.php:631
1838
  #: admin/system-info/system-info.php:252
1839
  msgid "Deactivated"
1840
  msgstr ""
1841
 
1842
- #: admin/core/core.php:279 admin/core/core.php:297
1843
  msgid "Click OK to Activate Root Folder BulletProof Mode or click Cancel."
1844
  msgstr ""
1845
 
1846
- #: admin/core/core.php:287 admin/core/core.php:305
1847
  msgid "Click OK to Deactivate Root Folder BulletProof Mode or click Cancel."
1848
  msgstr ""
1849
 
1850
- #: admin/core/core.php:313
1851
  msgid "wp-admin Folder BulletProof Mode (WBM)"
1852
  msgstr ""
1853
 
1854
- #: admin/core/core.php:351 admin/core/core.php:354 admin/core/core.php:357
1855
- #: admin/core/core.php:365 admin/core/core.php:368 admin/core/core.php:371
1856
  msgid "WBM Status: "
1857
  msgstr ""
1858
 
1859
- #: admin/core/core.php:386
1860
  msgid "Click OK to Activate wp-admin Folder BulletProof Mode or click Cancel."
1861
  msgstr ""
1862
 
1863
- #: admin/core/core.php:394
1864
  msgid ""
1865
  "Click OK to Deactivate wp-admin Folder BulletProof Mode or click Cancel."
1866
  msgstr ""
1867
 
1868
- #: admin/core/core.php:402 admin/core/core.php:404
1869
  msgid "Hidden Plugin Folders|Files Cron (HPF)"
1870
  msgstr ""
1871
 
1872
- #: admin/core/core.php:425 admin/core/core.php:428 admin/core/core.php:436
1873
- #: admin/core/core.php:439
1874
  msgid "HPF Status: "
1875
  msgstr ""
1876
 
1877
- #: admin/core/core.php:425 admin/core/core.php:436 admin/core/core.php:471
1878
  msgid "HPF Cron On"
1879
  msgstr ""
1880
 
1881
- #: admin/core/core.php:428 admin/core/core.php:439 admin/core/core.php:472
1882
  msgid "HPF Cron Off"
1883
  msgstr ""
1884
 
1885
- #: admin/core/core.php:460
1886
  msgid "Run Check Every 1 Minute"
1887
  msgstr ""
1888
 
1889
- #: admin/core/core.php:461
1890
  msgid "Run Check Every 5 Minutes"
1891
  msgstr ""
1892
 
1893
- #: admin/core/core.php:462
1894
  msgid "Run Check Every 10 Minutes"
1895
  msgstr ""
1896
 
1897
- #: admin/core/core.php:463
1898
  msgid "Run Check Every 15 Minutes"
1899
  msgstr ""
1900
 
1901
- #: admin/core/core.php:464
1902
  msgid "Run Check Every 30 Minutes"
1903
  msgstr ""
1904
 
1905
- #: admin/core/core.php:465
1906
  msgid "Run Check Every 60 Minutes"
1907
  msgstr ""
1908
 
1909
- #: admin/core/core.php:466
1910
  msgid "Run Check Once Daily"
1911
  msgstr ""
1912
 
1913
- #: admin/core/core.php:475
1914
  msgid "Save HPF Cron Options"
1915
  msgstr ""
1916
 
1917
- #: admin/core/core.php:475
1918
  msgid ""
1919
  "The default Cron Frequency is: Run Check Every 15 Minutes. This is a "
1920
  "lightweight check that uses an insignificant amount of resources/memory so 4 "
@@ -1926,32 +2048,32 @@ msgid ""
1926
  "OK to proceed or click Cancel"
1927
  msgstr ""
1928
 
1929
- #: admin/core/core.php:490
1930
  msgid "Add Ignore rules using plugin folder names or file names."
1931
  msgstr ""
1932
 
1933
- #: admin/core/core.php:490
1934
  msgid "Use a comma and a space between folder and/or file names."
1935
  msgstr ""
1936
 
1937
- #: admin/core/core.php:490
1938
  msgid "Example: plugin-folder-name, example-file-name.php"
1939
  msgstr ""
1940
 
1941
- #: admin/core/core.php:496
1942
  msgid ""
1943
  "This option is for adding ignore rules for Hidden or Empty Plugin Folders "
1944
  "Detected by BPS or Non-standard WP files detected by BPS in your /plugins/ "
1945
  "folder."
1946
  msgstr ""
1947
 
1948
- #: admin/core/core.php:496
1949
  msgid ""
1950
  "This is an independent option setting that does not require clicking any "
1951
  "other buttons."
1952
  msgstr ""
1953
 
1954
- #: admin/core/core.php:496 admin/maintenance/maintenance.php:641
1955
  #: admin/security-log/security-log.php:465
1956
  #: admin/security-log/security-log.php:480
1957
  #: admin/security-log/security-log.php:698
@@ -1959,281 +2081,281 @@ msgstr ""
1959
  msgid "Click OK to proceed or click Cancel."
1960
  msgstr ""
1961
 
1962
- #: admin/core/core.php:514
1963
  msgid "Master htaccess Folder BulletProof Mode (MBM)"
1964
  msgstr ""
1965
 
1966
- #: admin/core/core.php:516
1967
  msgid "MBM BulletProof Modes"
1968
  msgstr ""
1969
 
1970
- #: admin/core/core.php:538 admin/core/core.php:541 admin/core/core.php:544
1971
- #: admin/core/core.php:552 admin/core/core.php:555 admin/core/core.php:558
1972
  msgid "MBM Status: "
1973
  msgstr ""
1974
 
1975
- #: admin/core/core.php:573
1976
  msgid "Click OK to Activate MBM BulletProof Mode or click Cancel."
1977
  msgstr ""
1978
 
1979
- #: admin/core/core.php:581
1980
  msgid "Click OK to Deactivate MBM BulletProof Mode or click Cancel."
1981
  msgstr ""
1982
 
1983
- #: admin/core/core.php:590
1984
  msgid "BPS Backup Folder BulletProof Mode (BBM)"
1985
  msgstr ""
1986
 
1987
- #: admin/core/core.php:592
1988
  msgid "BBM BulletProof Modes"
1989
  msgstr ""
1990
 
1991
- #: admin/core/core.php:614 admin/core/core.php:617 admin/core/core.php:620
1992
- #: admin/core/core.php:628 admin/core/core.php:631 admin/core/core.php:634
1993
  msgid "BBM Status: "
1994
  msgstr ""
1995
 
1996
- #: admin/core/core.php:649
1997
  msgid "Click OK to Activate BBM BulletProof Mode or click Cancel."
1998
  msgstr ""
1999
 
2000
- #: admin/core/core.php:657
2001
  msgid ""
2002
  "Caution: BPS Backup Folder BulletProof Mode (BBM) should only be deactivated "
2003
  "for testing or troubleshooting. Be sure to activate BBM BulletProof Mode "
2004
  "after you are done testing or troubleshooting."
2005
  msgstr ""
2006
 
2007
- #: admin/core/core.php:657
2008
  msgid "Click OK to Deactivate BBM BulletProof Mode or click Cancel."
2009
  msgstr ""
2010
 
2011
- #: admin/core/core.php:666 admin/core/core.php:668
2012
  msgid "Backup & Restore BPS htaccess Files"
2013
  msgstr ""
2014
 
2015
- #: admin/core/core.php:684
2016
  msgid "Click OK to Backup BPS htaccess files or click Cancel."
2017
  msgstr ""
2018
 
2019
- #: admin/core/core.php:692
2020
  msgid "Click OK to Restore BPS htaccess files or click Cancel."
2021
  msgstr ""
2022
 
2023
- #: admin/core/core.php:711
2024
  msgid "htaccess File Editor ~ "
2025
  msgstr ""
2026
 
2027
- #: admin/core/core.php:711
2028
  msgid ""
2029
  "Check or edit BPS htaccess files/code manually/directly for testing. Use BPS "
2030
  "Custom Code to save htaccess code permanently"
2031
  msgstr ""
2032
 
2033
- #: admin/core/core.php:717 admin/core/core.php:719
2034
  msgid "htaccess File Editing"
2035
  msgstr ""
2036
 
2037
- #: admin/core/core.php:743
2038
  msgid "htaccess Files Disabled: secure.htaccess Master file is disabled."
2039
  msgstr ""
2040
 
2041
- #: admin/core/core.php:747
2042
  msgid "ERROR: A secure.htaccess Master file was NOT found."
2043
  msgstr ""
2044
 
2045
- #: admin/core/core.php:763
2046
  msgid ""
2047
  "File Open and Write test successful! The secure.htaccess Master file is "
2048
  "writable."
2049
  msgstr ""
2050
 
2051
- #: admin/core/core.php:769 admin/core/core.php:846 admin/core/core.php:947
2052
- #: admin/core/core.php:1113
2053
  msgid "Cannot write to file: "
2054
  msgstr ""
2055
 
2056
- #: admin/core/core.php:782
2057
  msgid ""
2058
  "htaccess Files Disabled: secure.htaccess Master file writing is disabled. "
2059
  msgstr ""
2060
 
2061
- #: admin/core/core.php:790
2062
  msgid "Error: Unable to write to the secure.htaccess Master file."
2063
  msgstr ""
2064
 
2065
- #: admin/core/core.php:806
2066
  msgid "The secure.htaccess Master file has been updated."
2067
  msgstr ""
2068
 
2069
- #: admin/core/core.php:820
2070
  msgid "htaccess Files Disabled: default.htaccess Master file is disabled."
2071
  msgstr ""
2072
 
2073
- #: admin/core/core.php:824
2074
  msgid "ERROR: A default.htaccess Master file was NOT found."
2075
  msgstr ""
2076
 
2077
- #: admin/core/core.php:840
2078
  msgid ""
2079
  "File Open and Write test successful! The default.htaccess Master file is "
2080
  "writable."
2081
  msgstr ""
2082
 
2083
- #: admin/core/core.php:859
2084
  msgid ""
2085
  "htaccess Files Disabled: default.htaccess Master file writing is disabled. "
2086
  msgstr ""
2087
 
2088
- #: admin/core/core.php:867
2089
  msgid "Error: Unable to write to the default.htaccess Master file."
2090
  msgstr ""
2091
 
2092
- #: admin/core/core.php:883
2093
  msgid "The default.htaccess Master file has been updated."
2094
  msgstr ""
2095
 
2096
- #: admin/core/core.php:895
2097
  msgid ""
2098
  " Check that the /bps-backup/ and /master-backups/ folders exist and the "
2099
  "folder permissions or Ownership for these folders."
2100
  msgstr ""
2101
 
2102
- #: admin/core/core.php:900
2103
  msgid ""
2104
  "Your Custom default.htaccess Master file has been successfully saved to: "
2105
  msgstr ""
2106
 
2107
- #: admin/core/core.php:915
2108
  msgid "wpadmin-secure.htaccess file writing is disabled."
2109
  msgstr ""
2110
 
2111
- #: admin/core/core.php:921
2112
  msgid ""
2113
  "htaccess Files Disabled: wpadmin-secure.htaccess Master file is disabled."
2114
  msgstr ""
2115
 
2116
- #: admin/core/core.php:925
2117
  msgid "ERROR: A wpadmin-secure.htaccess Master file was NOT found."
2118
  msgstr ""
2119
 
2120
- #: admin/core/core.php:941
2121
  msgid ""
2122
  "File Open and Write test successful! The wpadmin-secure.htaccess Master file "
2123
  "is writable."
2124
  msgstr ""
2125
 
2126
- #: admin/core/core.php:961
2127
  msgid ""
2128
  "htaccess Files Disabled: wpadmin-secure.htaccess Master file writing is "
2129
  "disabled. "
2130
  msgstr ""
2131
 
2132
- #: admin/core/core.php:969
2133
  msgid "Error: Unable to write to the wpadmin-secure.htaccess Master file."
2134
  msgstr ""
2135
 
2136
- #: admin/core/core.php:985
2137
  msgid "The wpadmin-secure.htaccess Master file has been updated."
2138
  msgstr ""
2139
 
2140
- #: admin/core/core.php:999
2141
  msgid "htaccess Files Disabled: Root htaccess file does not exist."
2142
  msgstr ""
2143
 
2144
- #: admin/core/core.php:1003
2145
  msgid "ERROR: An htaccess file was NOT found in your root folder"
2146
  msgstr ""
2147
 
2148
- #: admin/core/core.php:1019
2149
  msgid ""
2150
  "File Open and Write test successful! Your currently active root htaccess "
2151
  "file is writable."
2152
  msgstr ""
2153
 
2154
- #: admin/core/core.php:1026
2155
  msgid "Your root htaccess file is Locked with Read Only Permissions."
2156
  msgstr ""
2157
 
2158
- #: admin/core/core.php:1026
2159
  msgid ""
2160
  "Use the Lock and Unlock buttons below to Lock or Unlock your root htaccess "
2161
  "file for editing."
2162
  msgstr ""
2163
 
2164
- #: admin/core/core.php:1047
2165
  msgid ""
2166
  "Error: Unable to write to the Root htaccess file. If your Root htaccess file "
2167
  "is locked you must unlock first."
2168
  msgstr ""
2169
 
2170
- #: admin/core/core.php:1063
2171
  msgid "Your currently active root htaccess file has been updated."
2172
  msgstr ""
2173
 
2174
- #: admin/core/core.php:1080
2175
  msgid "wp-admin active htaccess file writing is disabled."
2176
  msgstr ""
2177
 
2178
- #: admin/core/core.php:1086
2179
  msgid "htaccess Files Disabled: wp-admin folder htaccess file does not exist."
2180
  msgstr ""
2181
 
2182
- #: admin/core/core.php:1090
2183
  msgid "ERROR: An htaccess file was NOT found in your wp-admin folder"
2184
  msgstr ""
2185
 
2186
- #: admin/core/core.php:1106
2187
  msgid ""
2188
  "File Open and Write test successful! Your currently active wp-admin htaccess "
2189
  "file is writable."
2190
  msgstr ""
2191
 
2192
- #: admin/core/core.php:1135
2193
  msgid "Error: Unable to write to the wp-admin htaccess file."
2194
  msgstr ""
2195
 
2196
- #: admin/core/core.php:1151
2197
  msgid "Your currently active wp-admin htaccess file has been updated."
2198
  msgstr ""
2199
 
2200
- #: admin/core/core.php:1168
2201
  msgid "Your Root htaccess file has been Locked."
2202
  msgstr ""
2203
 
2204
- #: admin/core/core.php:1173
2205
  msgid "Unable to Lock your Root htaccess file."
2206
  msgstr ""
2207
 
2208
- #: admin/core/core.php:1187
2209
  msgid "Your Root htaccess file has been Unlocked."
2210
  msgstr ""
2211
 
2212
- #: admin/core/core.php:1192
2213
  msgid "Unable to Unlock your Root htaccess file."
2214
  msgstr ""
2215
 
2216
- #: admin/core/core.php:1215
2217
  msgid "Click OK to Lock your Root htaccess file or click Cancel."
2218
  msgstr ""
2219
 
2220
- #: admin/core/core.php:1215
2221
  msgid ""
2222
  "Note: The File Open and Write Test window will still display the last status "
2223
  "of the file as Unlocked. To see the current status refresh your browser."
2224
  msgstr ""
2225
 
2226
- #: admin/core/core.php:1223
2227
  msgid "Click OK to Unlock your Root htaccess file or click Cancel."
2228
  msgstr ""
2229
 
2230
- #: admin/core/core.php:1223
2231
  msgid ""
2232
  "Note: The File Open and Write Test window will still display the last status "
2233
  "of the file as Locked. To see the current status refresh your browser."
2234
  msgstr ""
2235
 
2236
- #: admin/core/core.php:1232
2237
  msgid ""
2238
  "Turning AutoLock On will allow BPS Pro to automatically lock your Root ."
2239
  "htaccess file. For some folks this causes a problem because their Web Hosts "
@@ -2241,11 +2363,11 @@ msgid ""
2241
  "BPS Pro to AutoLock the Root .htaccess file works fine."
2242
  msgstr ""
2243
 
2244
- #: admin/core/core.php:1232
2245
  msgid "Click OK to Turn AutoLock On or click Cancel."
2246
  msgstr ""
2247
 
2248
- #: admin/core/core.php:1234 admin/system-info/system-info.php:752
2249
  #: admin/system-info/system-info.php:768 admin/system-info/system-info.php:776
2250
  #: admin/system-info/system-info.php:784 admin/system-info/system-info.php:792
2251
  #: admin/system-info/system-info.php:800 admin/system-info/system-info.php:808
@@ -2257,7 +2379,7 @@ msgstr ""
2257
  msgid "On"
2258
  msgstr ""
2259
 
2260
- #: admin/core/core.php:1244
2261
  msgid ""
2262
  "Turning AutoLock Off will prevent BPS Pro from automatically locking your "
2263
  "Root .htaccess file. For some folks this is necessary because their Web "
@@ -2265,11 +2387,11 @@ msgid ""
2265
  "allowing BPS Pro to AutoLock the Root .htaccess file works fine."
2266
  msgstr ""
2267
 
2268
- #: admin/core/core.php:1244
2269
  msgid "Click OK to Turn AutoLock Off or click Cancel."
2270
  msgstr ""
2271
 
2272
- #: admin/core/core.php:1246 admin/system-info/system-info.php:536
2273
  #: admin/system-info/system-info.php:771 admin/system-info/system-info.php:779
2274
  #: admin/system-info/system-info.php:787 admin/system-info/system-info.php:795
2275
  #: admin/system-info/system-info.php:803 admin/system-info/system-info.php:811
@@ -2281,35 +2403,66 @@ msgstr ""
2281
  msgid "Off"
2282
  msgstr ""
2283
 
2284
- #: admin/core/core.php:1261
2285
  msgid "secure.htaccess"
2286
  msgstr ""
2287
 
2288
- #: admin/core/core.php:1262
2289
  msgid "default.htaccess"
2290
  msgstr ""
2291
 
2292
- #: admin/core/core.php:1263
2293
  msgid "wpadmin-secure.htaccess"
2294
  msgstr ""
2295
 
2296
- #: admin/core/core.php:1264
2297
  msgid "Your Current Root htaccess File"
2298
  msgstr ""
2299
 
2300
- #: admin/core/core.php:1265
2301
  msgid "Your Current wp-admin htaccess File"
2302
  msgstr ""
2303
 
2304
- #: admin/core/core.php:1367
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
2305
  msgid "YOUR ROOT HTACCESS FILE IS LOCKED."
2306
  msgstr ""
2307
 
2308
- #: admin/core/core.php:1367
2309
  msgid "YOUR FILE EDITS|CHANGES CANNOT BE SAVED."
2310
  msgstr ""
2311
 
2312
- #: admin/core/core.php:1367
2313
  msgid ""
2314
  "Click Cancel, copy the file editing changes you made to save them and then "
2315
  "click the Unlock .htaccess File button to unlock your Root .htaccess file. "
@@ -2318,44 +2471,44 @@ msgid ""
2318
  "to save your file edits/changes."
2319
  msgstr ""
2320
 
2321
- #: admin/core/core.php:1423
2322
  msgid "htaccess File Custom Code ~ "
2323
  msgstr ""
2324
 
2325
- #: admin/core/core.php:1423
2326
  msgid ""
2327
  "Save custom htaccess code for your Root and wp-admin htaccess Files "
2328
  "permanently"
2329
  msgstr ""
2330
 
2331
- #: admin/core/core.php:1435
2332
  msgid "Reset|Recheck Dismiss Notices: "
2333
  msgstr ""
2334
 
2335
- #: admin/core/core.php:1450
2336
  msgid "Brute Force Login Page Protection code"
2337
  msgstr ""
2338
 
2339
- #: admin/core/core.php:1458 admin/core/core.php:1644
2340
  #: admin/wizard/wizard.php:1043
2341
  msgid "Custom Code Video Tutorial"
2342
  msgstr ""
2343
 
2344
- #: admin/core/core.php:1459
2345
  msgid "BulletProof Security Forum"
2346
  msgstr ""
2347
 
2348
- #: admin/core/core.php:1476
2349
  msgid ""
2350
  "Clicking OK will Import all of your Root and wp-admin Custom Code from the "
2351
  "cc-master.zip file on your computer."
2352
  msgstr ""
2353
 
2354
- #: admin/core/core.php:1476
2355
  msgid "Click OK to Import Custom Code or click Cancel."
2356
  msgstr ""
2357
 
2358
- #: admin/core/core.php:1485
2359
  msgid ""
2360
  "Clicking OK will Export (copy) all of your Root and wp-admin Custom Code "
2361
  "into the cc-master.zip file, which you can then download to your computer by "
@@ -2363,53 +2516,85 @@ msgid ""
2363
  "success message."
2364
  msgstr ""
2365
 
2366
- #: admin/core/core.php:1485
2367
  msgid "Click OK to Export Custom Code or click Cancel."
2368
  msgstr ""
2369
 
2370
- #: admin/core/core.php:1493
2371
  msgid ""
2372
  "Clicking OK will delete all of your Root and wp-admin Custom Code from all "
2373
  "of the Custom Code text boxes."
2374
  msgstr ""
2375
 
2376
- #: admin/core/core.php:1493
2377
  msgid "Click OK to Delete Custom Code or click Cancel."
2378
  msgstr ""
2379
 
2380
- #: admin/core/core.php:1533
2381
  msgid ""
2382
  "Your My Notes Personal Notes and/or htaccess Code Notes saved successfully "
2383
  "to your WordPress Database."
2384
  msgstr ""
2385
 
2386
- #: admin/core/core.php:1546
2387
  msgid "My Notes ~ "
2388
  msgstr ""
2389
 
2390
- #: admin/core/core.php:1546
2391
  msgid "Save Personal Notes and htaccess Code Notes to your WordPress Database"
2392
  msgstr ""
2393
 
2394
- #: admin/core/core.php:1588
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
2395
  #: admin/db-backup-security/db-backup-security.php:1701
2396
  #: admin/mscan/mscan.php:1918 admin/theme-skin/theme-skin.php:219
2397
  msgid "Whats New in "
2398
  msgstr ""
2399
 
2400
- #: admin/core/core.php:1588
2401
  msgid " and General Help Info & Tips"
2402
  msgstr ""
2403
 
2404
- #: admin/core/core.php:1593
2405
  msgid "The BPS Changelog|Whats New page has been moved to the "
2406
  msgstr ""
2407
 
2408
- #: admin/core/core.php:1593
2409
  msgid "Reasons for this Changelog|Whats New page change: "
2410
  msgstr ""
2411
 
2412
- #: admin/core/core.php:1593
2413
  msgid ""
2414
  "The BPS Changelog|Whats New page will not have to be translated by the "
2415
  "WordPress PolyGlots Language Packs Team for each new version release of BPS, "
@@ -2418,7 +2603,7 @@ msgid ""
2418
  "BPS version changes through the years and other beneficial reasons."
2419
  msgstr ""
2420
 
2421
- #: admin/core/core.php:1601 admin/db-backup-security/db-backup-security.php:270
2422
  #: admin/db-backup-security/db-backup-security.php:1201
2423
  #: admin/db-backup-security/db-backup-security.php:1357
2424
  #: admin/email-log-settings/email-log-settings.php:95
@@ -2430,7 +2615,7 @@ msgid ""
2430
  "Detection & Prevention System: "
2431
  msgstr ""
2432
 
2433
- #: admin/core/core.php:1601 admin/db-backup-security/db-backup-security.php:270
2434
  #: admin/db-backup-security/db-backup-security.php:1201
2435
  #: admin/db-backup-security/db-backup-security.php:1357
2436
  #: admin/email-log-settings/email-log-settings.php:95
@@ -2441,7 +2626,7 @@ msgstr ""
2441
  msgid "Get BPS Pro ARQ IDPS"
2442
  msgstr ""
2443
 
2444
- #: admin/core/core.php:1601 admin/email-log-settings/email-log-settings.php:95
2445
  #: admin/maintenance/maintenance.php:170 admin/maintenance/maintenance.php:172
2446
  #: admin/security-log/security-log.php:235 admin/theme-skin/theme-skin.php:101
2447
  #: admin/wizard/wizard.php:1022 admin/wizard/wizard.php:1091
@@ -2450,7 +2635,7 @@ msgid ""
2450
  "posting, auto-commenting): "
2451
  msgstr ""
2452
 
2453
- #: admin/core/core.php:1601 admin/email-log-settings/email-log-settings.php:95
2454
  #: admin/login/login.php:181 admin/login/login.php:792
2455
  #: admin/maintenance/maintenance.php:170 admin/maintenance/maintenance.php:172
2456
  #: admin/security-log/security-log.php:235 admin/theme-skin/theme-skin.php:101
@@ -2458,29 +2643,29 @@ msgstr ""
2458
  msgid "Get BPS Pro JTC Anti-Spam|Anti-Hacker"
2459
  msgstr ""
2460
 
2461
- #: admin/core/core.php:1606
2462
  msgid "General Help Info & Tips:"
2463
  msgstr ""
2464
 
2465
- #: admin/core/core.php:1610
2466
  msgid "If BPS plugin pages are not displaying visually correct you can "
2467
  msgstr ""
2468
 
2469
- #: admin/core/core.php:1614
2470
  msgid "BPS Video Tutorials|Setup Wizard: "
2471
  msgstr ""
2472
 
2473
- #: admin/core/core.php:1622
2474
  msgid "Troubleshooting Steps & The BPS Security Log: "
2475
  msgstr ""
2476
 
2477
- #: admin/core/core.php:1622
2478
  msgid ""
2479
  "All BPS plugin features can be turned Off/On individually to confirm, "
2480
  "eliminate or isolate a problem or issue that may or may not be caused by BPS."
2481
  msgstr ""
2482
 
2483
- #: admin/core/core.php:1622
2484
  msgid ""
2485
  "The BPS Security Log is a primary troubleshooting tool. If BPS is blocking "
2486
  "something legitimate in another plugin or theme then a Security Log entry "
@@ -2489,117 +2674,117 @@ msgid ""
2489
  "being blocked."
2490
  msgstr ""
2491
 
2492
- #: admin/core/core.php:1622
2493
  msgid ""
2494
  "Search the Forum site to see if a known issue or problem is already posted "
2495
  "with a solution/whitelist rule in the Forum."
2496
  msgstr ""
2497
 
2498
- #: admin/core/core.php:1635 admin/maintenance/maintenance.php:2078
2499
  msgid "Help & FAQ"
2500
  msgstr ""
2501
 
2502
- #: admin/core/core.php:1639 admin/email-log-settings/email-log-settings.php:220
2503
  #: admin/login/login.php:1355 admin/maintenance/maintenance.php:2083
2504
- #: admin/security-log/security-log.php:806
2505
  #: admin/system-info/system-info.php:1109
2506
  msgid "Contributors Page"
2507
  msgstr ""
2508
 
2509
- #: admin/core/core.php:1640
2510
  msgid "WP Permalinks - Custom Permalink Structure Help Info"
2511
  msgstr ""
2512
 
2513
- #: admin/core/core.php:1641 admin/email-log-settings/email-log-settings.php:219
2514
  #: admin/login/login.php:1354 admin/maintenance/maintenance.php:2084
2515
- #: admin/security-log/security-log.php:805
2516
  #: admin/system-info/system-info.php:1108
2517
  msgid "Security Log Event Codes"
2518
  msgstr ""
2519
 
2520
- #: admin/core/core.php:1642
2521
  msgid "Adding a Custom 403 Forbidden Page For Your Website"
2522
  msgstr ""
2523
 
2524
- #: admin/core/core.php:1643
2525
  #: admin/db-backup-security/db-backup-security.php:1705
2526
  #: admin/email-log-settings/email-log-settings.php:221
2527
  #: admin/login/login.php:1356 admin/maintenance/maintenance.php:2085
2528
- #: admin/mscan/mscan.php:1921 admin/security-log/security-log.php:807
2529
  #: admin/system-info/system-info.php:1110 admin/theme-skin/theme-skin.php:222
2530
  msgid "Forum: Search, Troubleshooting Steps & Post Questions For Assistance"
2531
  msgstr ""
2532
 
2533
- #: admin/core/core.php:1656
2534
  msgid "BulletProof Security Pro Feature Highlights"
2535
  msgstr ""
2536
 
2537
- #: admin/core/core.php:1666
2538
  msgid "The Ultimate Security Protection"
2539
  msgstr ""
2540
 
2541
- #: admin/core/core.php:1669
2542
  msgid "BPS Pro One-Click Setup Wizard & Demo Video Tutorial"
2543
  msgstr ""
2544
 
2545
- #: admin/core/core.php:1670
2546
  msgid "View All BPS Pro Features"
2547
  msgstr ""
2548
 
2549
- #: admin/core/core.php:1677
2550
  msgid ""
2551
  "The Complete Website Security Solution for Hacker and Spammer Protection"
2552
  msgstr ""
2553
 
2554
- #: admin/core/core.php:1677
2555
  msgid ""
2556
  "BulletProof Security Pro has an amazing track record. BPS Pro has been "
2557
- "publicly available for 7+ years and is installed on over 45,000 websites "
2558
- "worldwide. Not a single one of those 45,000+ websites in 7+ years have been "
2559
  "hacked."
2560
  msgstr ""
2561
 
2562
- #: admin/core/core.php:1677
2563
  msgid ""
2564
  "Why pay 10 times or more for other premium WordPress Security Plugins with "
2565
  "recurring yearly subscriptions when you can get the best WordPress Security "
2566
  "Plugin for an extremely low one-time purchase price?"
2567
  msgstr ""
2568
 
2569
- #: admin/core/core.php:1677
2570
  msgid "View Cost Comparison"
2571
  msgstr ""
2572
 
2573
- #: admin/core/core.php:1677
2574
  msgid ""
2575
  "30-Day Money-Back Guarantee: If you are dissatisfied with BulletProof "
2576
  "Security Pro for any reason. We offer a no questions asked full refund."
2577
  msgstr ""
2578
 
2579
- #: admin/core/core.php:1680
2580
  msgid "One-Click Setup Wizard Installation: "
2581
  msgstr ""
2582
 
2583
- #: admin/core/core.php:1680
2584
  msgid ""
2585
  "Fast, simple and complete BPS Pro installation and setup in less than 1 "
2586
  "minute."
2587
  msgstr ""
2588
 
2589
- #: admin/core/core.php:1682
2590
  msgid "One-Click Upgrade: "
2591
  msgstr ""
2592
 
2593
- #: admin/core/core.php:1682
2594
  msgid "One-click plugin upgrade on the WordPress Plugins page."
2595
  msgstr ""
2596
 
2597
- #: admin/core/core.php:1684
2598
  msgid ""
2599
  "AutoRestore|Quarantine Intrusion Detection and Prevention System (ARQ IDPS): "
2600
  msgstr ""
2601
 
2602
- #: admin/core/core.php:1684
2603
  msgid ""
2604
  "ARQ IDPS is a real-time file scanner that automatically quarantines "
2605
  "malicious hacker files and autorestores legitimate website files if they "
@@ -2613,11 +2798,11 @@ msgid ""
2613
  "Plugin and Theme Automatic, Manual and Shiny installations and updates."
2614
  msgstr ""
2615
 
2616
- #: admin/core/core.php:1686
2617
  msgid "MScan Malware Scanner: "
2618
  msgstr ""
2619
 
2620
- #: admin/core/core.php:1686
2621
  msgid ""
2622
  "MScan Scheduled Scans are available in BPS Pro only. The BPS Pro ARQ IDPS "
2623
  "scanner is far superior to malware scanners including MScan, but both the "
@@ -2625,11 +2810,11 @@ msgid ""
2625
  "website if someone would like to do that."
2626
  msgstr ""
2627
 
2628
- #: admin/core/core.php:1688
2629
  msgid "Plugin Firewall|Plugin Firewall AutoPilot Mode: "
2630
  msgstr ""
2631
 
2632
- #: admin/core/core.php:1688
2633
  msgid ""
2634
  "The Plugin Firewall protects all of your Plugins (plugin folders and files) "
2635
  "with an IP Address Firewall, which prevents/blocks/forbids Remote Access to "
@@ -2643,11 +2828,11 @@ msgid ""
2643
  "firewall whitelist rules."
2644
  msgstr ""
2645
 
2646
- #: admin/core/core.php:1690
2647
  msgid "JTC Anti-Spam|Anti-Hacker (JTC): "
2648
  msgstr ""
2649
 
2650
- #: admin/core/core.php:1690
2651
  #, php-format
2652
  msgid ""
2653
  "Blocks 100% of all SpamBot and HackerBot Brute Force Login attacks (auto-"
@@ -2661,11 +2846,11 @@ msgid ""
2661
  "includes a SpamBot Trap."
2662
  msgstr ""
2663
 
2664
- #: admin/core/core.php:1692
2665
  msgid "Uploads Folder Anti-Exploit Guard (UAEG): "
2666
  msgstr ""
2667
 
2668
- #: admin/core/core.php:1692
2669
  msgid ""
2670
  "Protects the WordPress Uploads folder. ONLY safe image files with valid "
2671
  "image file extensions such as jpg, gif, png, etc. can be accessed, opened or "
@@ -2675,11 +2860,11 @@ msgid ""
2675
  "executed in the WordPress Uploads folder."
2676
  msgstr ""
2677
 
2678
- #: admin/core/core.php:1694
2679
  msgid "DB Monitor Intrusion Detection System (IDS): "
2680
  msgstr ""
2681
 
2682
- #: admin/core/core.php:1694
2683
  msgid ""
2684
  "The DB Monitor is an automated Intrusion Detection System (IDS) that alerts "
2685
  "you via email anytime a change/modification occurs in your WordPress "
@@ -2690,11 +2875,11 @@ msgid ""
2690
  "help info."
2691
  msgstr ""
2692
 
2693
- #: admin/core/core.php:1696
2694
  msgid "DB Diff Tool: "
2695
  msgstr ""
2696
 
2697
- #: admin/core/core.php:1696
2698
  msgid ""
2699
  "The DB Diff Tool compares old database tables from DB backups to current "
2700
  "database tables and displays any differences in the data/content of those 2 "
@@ -2702,11 +2887,11 @@ msgid ""
2702
  "not only just DB data."
2703
  msgstr ""
2704
 
2705
- #: admin/core/core.php:1698
2706
  msgid "DB Status & Info: "
2707
  msgstr ""
2708
 
2709
- #: admin/core/core.php:1698
2710
  msgid ""
2711
  "General DB Info shows commonly checked DB status and info about your "
2712
  "WordPress database at a glance. Extensive DB Info shows extensive DB status "
@@ -2715,11 +2900,11 @@ msgid ""
2715
  "SHOW GLOBAL VARIABLES and SHOW SESSION VARIABLES."
2716
  msgstr ""
2717
 
2718
- #: admin/core/core.php:1700
2719
  msgid "S-Monitor: "
2720
  msgstr ""
2721
 
2722
- #: admin/core/core.php:1700
2723
  msgid ""
2724
  "S-Monitor is the centralized Security Monitoring and Alerting Core where you "
2725
  "can manage and choose BPS Pro settings for Dashboard Alerts, Dashboard "
@@ -2729,11 +2914,11 @@ msgid ""
2729
  "easy to change all/any BPS Pro settings to your particular preferences."
2730
  msgstr ""
2731
 
2732
- #: admin/core/core.php:1702
2733
  msgid "Advanced Real-Time Alerting & Heads Up Dashboard Status Display: "
2734
  msgstr ""
2735
 
2736
- #: admin/core/core.php:1702
2737
  msgid ""
2738
  "BPS Pro checks and displays error, warning, notifications and alert messages "
2739
  "in real time. You can choose how you want these messages displayed to you "
@@ -2741,11 +2926,11 @@ msgid ""
2741
  "Dashboard, BPS Pro pages only, Turned off, Email Alerts, Logging..."
2742
  msgstr ""
2743
 
2744
- #: admin/core/core.php:1705
2745
  msgid "Custom php.ini|ini_set Options: "
2746
  msgstr ""
2747
 
2748
- #: admin/core/core.php:1705
2749
  msgid ""
2750
  "Quickly create a custom php.ini file for your website or use ini_set Options "
2751
  "to increase security and performance with just a few clicks. Additional P-"
@@ -2753,11 +2938,11 @@ msgid ""
2753
  "Protected PHP Error Log, PHP Error Alerts, Secure phpinfo Viewer..."
2754
  msgstr ""
2755
 
2756
- #: admin/core/core.php:1707
2757
  msgid "Pro Tools: 16 mini-plugins: "
2758
  msgstr ""
2759
 
2760
- #: admin/core/core.php:1707
2761
  msgid ""
2762
  "Online Base64 Decoder, Offline Base64 Decode|Encode, Mcrypt ~ Decrypt|"
2763
  "Encrypt, Crypt Encryption, Scheduled Crons (display and reschedule/reset "
@@ -2776,36 +2961,37 @@ msgid ""
2776
  "vulnerable to an XML-RPC exploit)."
2777
  msgstr ""
2778
 
2779
- #: admin/core/core.php:1715
2780
  msgid "BPS Pro Version Release Dates"
2781
  msgstr ""
2782
 
2783
- #: admin/core/core.php:1719 admin/core/core.php:1720 admin/core/core.php:1721
2784
- #: admin/core/core.php:1722 admin/core/core.php:1727 admin/core/core.php:1728
2785
- #: admin/core/core.php:1729 admin/core/core.php:1730 admin/core/core.php:1731
2786
- #: admin/core/core.php:1736 admin/core/core.php:1737 admin/core/core.php:1738
2787
- #: admin/core/core.php:1739 admin/core/core.php:1740 admin/core/core.php:1741
2788
- #: admin/core/core.php:1742 admin/core/core.php:1743 admin/core/core.php:1744
2789
- #: admin/core/core.php:1749 admin/core/core.php:1750 admin/core/core.php:1751
2790
- #: admin/core/core.php:1752 admin/core/core.php:1753 admin/core/core.php:1754
2791
- #: admin/core/core.php:1755 admin/core/core.php:1756 admin/core/core.php:1757
2792
- #: admin/core/core.php:1758 admin/core/core.php:1759 admin/core/core.php:1760
2793
- #: admin/core/core.php:1761 admin/core/core.php:1767 admin/core/core.php:1768
2794
- #: admin/core/core.php:1769 admin/core/core.php:1770 admin/core/core.php:1771
2795
- #: admin/core/core.php:1772 admin/core/core.php:1773 admin/core/core.php:1774
2796
- #: admin/core/core.php:1775 admin/core/core.php:1776 admin/core/core.php:1777
2797
- #: admin/core/core.php:1778 admin/core/core.php:1779 admin/core/core.php:1780
2798
- #: admin/core/core.php:1786 admin/core/core.php:1787 admin/core/core.php:1788
2799
- #: admin/core/core.php:1789 admin/core/core.php:1790 admin/core/core.php:1791
2800
- #: admin/core/core.php:1792 admin/core/core.php:1793 admin/core/core.php:1794
2801
- #: admin/core/core.php:1795 admin/core/core.php:1796 admin/core/core.php:1797
2802
- #: admin/core/core.php:1798 admin/core/core.php:1804 admin/core/core.php:1805
2803
- #: admin/core/core.php:1806 admin/core/core.php:1807 admin/core/core.php:1808
2804
- #: admin/core/core.php:1809 admin/core/core.php:1810 admin/core/core.php:1811
2805
- #: admin/core/core.php:1812 admin/core/core.php:1813 admin/core/core.php:1819
2806
- #: admin/core/core.php:1820 admin/core/core.php:1821 admin/core/core.php:1822
2807
- #: admin/core/core.php:1823 admin/core/core.php:1824 admin/core/core.php:1825
2808
- #: admin/core/core.php:1826 admin/core/core.php:1827 admin/core/core.php:1828
 
2809
  #, php-format
2810
  msgid ""
2811
  "<a href=\"%2$s\" target=\"_blank\" title=\"Link Opens in New Browser Window"
@@ -4465,7 +4651,7 @@ msgid "MScan Malware Scanner Email|Delete Log File When..."
4465
  msgstr ""
4466
 
4467
  #: admin/email-log-settings/email-log-settings.php:215
4468
- #: admin/login/login.php:1350 admin/security-log/security-log.php:801
4469
  #: admin/system-info/system-info.php:1105
4470
  msgid "BulletProof Security Help &amp; FAQ"
4471
  msgstr ""
@@ -4543,7 +4729,7 @@ msgstr ""
4543
 
4544
  #: admin/includes/admin.php:353 admin/wizard/wizard.php:998
4545
  #: admin/wizard/wizard.php:1028 admin/wizard/wizard.php:1030
4546
- #: bulletproof-security.php:127 bulletproof-security.php:130
4547
  msgid "Setup Wizard"
4548
  msgstr ""
4549
 
@@ -4560,37 +4746,37 @@ msgstr ""
4560
  msgid "BPS UI|UX Debug: SLF: js Script Loaded"
4561
  msgstr ""
4562
 
4563
- #: admin/includes/admin.php:506
4564
  msgid "BPS UI|UX Debug: Scripts|Styles Dequeued"
4565
  msgstr ""
4566
 
4567
- #: admin/includes/admin.php:518
4568
  msgid "Script Dequeued: "
4569
  msgstr ""
4570
 
4571
- #: admin/includes/admin.php:524
4572
  msgid ""
4573
  "No additional plugin or theme Scripts were found that needed to be Dequeued."
4574
  msgstr ""
4575
 
4576
- #: admin/includes/admin.php:536
4577
  msgid "Style Dequeued: "
4578
  msgstr ""
4579
 
4580
- #: admin/includes/admin.php:542
4581
  msgid ""
4582
  "No additional plugin or theme Styles were found that needed to be Dequeued."
4583
  msgstr ""
4584
 
4585
- #: admin/includes/admin.php:580 admin/includes/admin.php:613
4586
  msgid "BPS UI|UX Debug: WP Toolbar nodes|menu items Removed"
4587
  msgstr ""
4588
 
4589
- #: admin/includes/admin.php:592 admin/includes/admin.php:625
4590
  msgid "WP Toolbar node|menu item Removed: "
4591
  msgstr ""
4592
 
4593
- #: admin/includes/admin.php:600 admin/includes/admin.php:633
4594
  msgid "No WP Toolbar nodes|menu items were Removed in BPS plugin pages"
4595
  msgstr ""
4596
 
@@ -7950,11 +8136,11 @@ msgstr ""
7950
 
7951
  #: admin/security-log/security-log.php:255
7952
  msgid ""
7953
- "Your Security Log file is a plain text static file and not a dynamic file or "
7954
- "dynamic display to keep your website resource usage at a bare minimum and "
7955
- "keep your website performance at a maximum. Log entries are logged in "
7956
- "descending order by Date and Time. You can copy, edit and delete this plain "
7957
- "text file."
7958
  msgstr ""
7959
 
7960
  #: admin/security-log/security-log.php:255
@@ -8220,6 +8406,33 @@ msgid ""
8220
  "Agents|Bots logged again in your Security Log."
8221
  msgstr ""
8222
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
8223
  #: admin/security-log/security-log.php:282
8224
  msgid "There are no Security Log Entries yet."
8225
  msgstr ""
@@ -8463,23 +8676,31 @@ msgstr ""
8463
  msgid "To add a User Agent|Bot, use the Add|Ignore tool."
8464
  msgstr ""
8465
 
8466
- #: admin/security-log/security-log.php:727
 
 
 
 
 
 
 
 
8467
  msgid ""
8468
  "The Security Log File Was Not Found! Check that the file really exists here "
8469
  "- /"
8470
  msgstr ""
8471
 
8472
- #: admin/security-log/security-log.php:727
8473
  msgid "/bps-backup/logs/http_error_log.txt and is named correctly."
8474
  msgstr ""
8475
 
8476
- #: admin/security-log/security-log.php:745
8477
  msgid ""
8478
  "File Open and Write test successful! Your Security Log file is writable."
8479
  msgstr ""
8480
 
8481
- #: admin/security-log/security-log.php:756
8482
- #: admin/security-log/security-log.php:760
8483
  msgid "Success! Your Security Log file has been updated."
8484
  msgstr ""
8485
 
@@ -11021,15 +11242,15 @@ msgstr ""
11021
  msgid " JTC DB Options created or updated Successfully!"
11022
  msgstr ""
11023
 
11024
- #: bulletproof-security.php:128
11025
  msgid "Uninstall Options"
11026
  msgstr ""
11027
 
11028
- #: bulletproof-security.php:150
11029
  msgid "Forum - Support"
11030
  msgstr ""
11031
 
11032
- #: bulletproof-security.php:151
11033
  msgid "Upgrade"
11034
  msgstr ""
11035
 
3
  msgstr ""
4
  "Project-Id-Version: bulletproof-security\n"
5
  "Report-Msgid-Bugs-To: \n"
6
+ "POT-Creation-Date: 2019-08-26 15:58-0700\n"
7
  "PO-Revision-Date: 2015-06-20 19:13-0800\n"
8
  "Last-Translator: Ed Alexander <edward@ait-pro.com>\n"
9
  "Language-Team: AITpro <info@ait-pro.com>\n"
39
  "text box were it was added and click the Save Root Custom Code button."
40
  msgstr ""
41
 
42
+ #: admin/core/core-custom-code.php:197
43
  msgid ""
44
  "Root Custom Code saved successfully! Go to the Security Modes tab page and "
45
  "click the Root Folder BulletProof Mode Activate button to add/create your "
46
  "new Custom Code in your Root htaccess file."
47
  msgstr ""
48
 
49
+ #: admin/core/core-custom-code.php:257
50
  msgid ""
51
  "wp-admin Custom Code saved successfully! Go to the Security Modes tab page "
52
  "and click wp-admin Folder BulletProof Mode Activate button to add/create "
53
  "your new Custom Code in your wp-admin htaccess file."
54
  msgstr ""
55
 
56
+ #: admin/core/core-custom-code.php:271
57
  msgid "Root htaccess File Custom Code"
58
  msgstr ""
59
 
60
+ #: admin/core/core-custom-code.php:292
61
  msgid ""
62
  "CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE:<br>Add php/php.ini handler "
63
  "code, cache code and/or <a href=\"https://forum.ait-pro.com/forums/topic/"
65
  "Browser window\" target=\"_blank\">Speed Boost Cache Code</a>"
66
  msgstr ""
67
 
68
+ #: admin/core/core-custom-code.php:293
69
  msgid ""
70
  "ONLY add valid php/php.ini handler htaccess code and/or cache htaccess code "
71
  "below or text commented out with a pound sign #"
72
  msgstr ""
73
 
74
+ #: admin/core/core-custom-code.php:300 admin/core/core-help-text.php:40
75
  msgid "CUSTOM CODE TURN OFF YOUR SERVER SIGNATURE:"
76
  msgstr ""
77
 
78
+ #: admin/core/core-custom-code.php:301 admin/core/core-help-text.php:40
79
  msgid ""
80
  "You MUST copy and paste the entire TURN OFF YOUR SERVER SIGNATURE section of "
81
  "code from your root .htaccess file into this text box first. You can then "
82
  "edit and modify the code in this text window and save your changes."
83
  msgstr ""
84
 
85
+ #: admin/core/core-custom-code.php:308 admin/core/core-help-text.php:40
86
  msgid "CUSTOM CODE DO NOT SHOW DIRECTORY LISTING/DIRECTORY INDEX:"
87
  msgstr ""
88
 
89
+ #: admin/core/core-custom-code.php:309 admin/core/core-help-text.php:40
90
  msgid ""
91
  "You MUST copy and paste the entire DO NOT SHOW DIRECTORY LISTING and "
92
  "DIRECTORY INDEX sections of code from your root .htaccess file into this "
94
  "and save your changes."
95
  msgstr ""
96
 
97
+ #: admin/core/core-custom-code.php:316 admin/core/core-help-text.php:40
98
  msgid "CUSTOM CODE BRUTE FORCE LOGIN PAGE PROTECTION:"
99
  msgstr ""
100
 
101
+ #: admin/core/core-custom-code.php:317
102
  msgid ""
103
  "This Custom Code text box is for optional/Bonus code. To get this code click "
104
  "the link below:"
105
  msgstr ""
106
 
107
+ #: admin/core/core-custom-code.php:324 admin/core/core-help-text.php:40
108
  msgid "CUSTOM CODE ERROR LOGGING AND TRACKING:"
109
  msgstr ""
110
 
111
+ #: admin/core/core-custom-code.php:325 admin/core/core-help-text.php:40
112
  msgid ""
113
  "You MUST copy and paste the entire ERROR LOGGING AND TRACKING section of "
114
  "code from your root .htaccess file into this text box first. You can then "
115
  "edit and modify the code in this text window and save your changes."
116
  msgstr ""
117
 
118
+ #: admin/core/core-custom-code.php:332 admin/core/core-help-text.php:40
119
  msgid "CUSTOM CODE DENY ACCESS TO PROTECTED SERVER FILES AND FOLDERS:"
120
  msgstr ""
121
 
122
+ #: admin/core/core-custom-code.php:333 admin/core/core-help-text.php:40
123
  msgid ""
124
  "You MUST copy and paste the entire DENY ACCESS TO PROTECTED SERVER FILES AND "
125
  "FOLDERS section of code from your root .htaccess file into this text box "
127
  "your changes."
128
  msgstr ""
129
 
130
+ #: admin/core/core-custom-code.php:340
131
  msgid "CUSTOM CODE WP-ADMIN/INCLUDES: DO NOT add wp-admin .htaccess code here"
132
  msgstr ""
133
 
134
+ #: admin/core/core-custom-code.php:341
135
  msgid ""
136
  "Add one pound sign # below to prevent the WP-ADMIN/INCLUDES section of code "
137
  "from being created in your root .htaccess file"
138
  msgstr ""
139
 
140
+ #: admin/core/core-custom-code.php:348
141
  msgid ""
142
  "CUSTOM CODE WP REWRITE LOOP START: www/non-www http/https Rewrite code here"
143
  msgstr ""
144
 
145
+ #: admin/core/core-custom-code.php:349 admin/core/core-help-text.php:40
146
  msgid ""
147
  "You MUST copy and paste the entire WP REWRITE LOOP START section of code "
148
  "from your root .htaccess file into this text box first. You can then edit "
149
  "and modify the code in this text window and save your changes."
150
  msgstr ""
151
 
152
+ #: admin/core/core-custom-code.php:357
153
  msgid "CUSTOM CODE REQUEST METHODS FILTERED:"
154
  msgstr ""
155
 
156
+ #: admin/core/core-custom-code.php:358
157
  msgid "Whitelist User Agents and allow HEAD Requests"
158
  msgstr ""
159
 
160
+ #: admin/core/core-custom-code.php:359
161
  msgid ""
162
  "You MUST copy and paste the entire REQUEST METHODS FILTERED section of code "
163
  "from your root .htaccess file into this text box first. You can then edit "
166
  "for instructions and examples."
167
  msgstr ""
168
 
169
+ #: admin/core/core-custom-code.php:378
170
  msgid ""
171
  "CUSTOM CODE PLUGIN/THEME SKIP/BYPASS RULES:<br>Add personal plugin/theme "
172
  "skip/bypass rules here"
173
  msgstr ""
174
 
175
+ #: admin/core/core-custom-code.php:379 admin/core/core-custom-code.php:443
176
+ #: admin/core/core-custom-code.php:794 admin/core/core-custom-code.php:802
177
  msgid ""
178
  "ONLY add valid htaccess code below or text commented out with a pound sign #"
179
  msgstr ""
180
 
181
+ #: admin/core/core-custom-code.php:386 admin/core/core-help-text.php:40
182
  msgid "CUSTOM CODE TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE:"
183
  msgstr ""
184
 
185
+ #: admin/core/core-custom-code.php:387 admin/core/core-help-text.php:40
186
  msgid ""
187
  "You MUST copy and paste the entire TIMTHUMB FORBID RFI section of code from "
188
  "your root .htaccess file into this text box first. You can then edit and "
189
  "modify the code in this text window and save your changes."
190
  msgstr ""
191
 
192
+ #: admin/core/core-custom-code.php:394 admin/core/core-help-text.php:40
193
  msgid "CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS:"
194
  msgstr ""
195
 
196
+ #: admin/core/core-custom-code.php:395 admin/core/core-help-text.php:40
197
  msgid ""
198
  "You MUST copy and paste the entire BPSQSE QUERY STRING EXPLOITS section of "
199
  "code from your root .htaccess file from # BEGIN BPSQSE BPS QUERY STRING "
202
  "changes."
203
  msgstr ""
204
 
205
+ #: admin/core/core-custom-code.php:405 admin/core/core-help-text.php:34
206
  msgid "CUSTOM CODE WP REWRITE LOOP END: Add WP Rewrite Loop End code here"
207
  msgstr ""
208
 
209
+ #: admin/core/core-custom-code.php:406
210
  msgid ""
211
  "This is a Special Custom Code text box that should only be used if the "
212
  "correct WP REWRITE LOOP END code is not being created in your root .htaccess "
213
  "file. See the Read Me help button for more information."
214
  msgstr ""
215
 
216
+ #: admin/core/core-custom-code.php:422 admin/core/core-help-text.php:40
217
  msgid "CUSTOM CODE DENY BROWSER ACCESS TO THESE FILES:"
218
  msgstr ""
219
 
220
+ #: admin/core/core-custom-code.php:423 admin/core/core-help-text.php:40
221
  msgid ""
222
  "You MUST copy and paste the entire DENY BROWSER ACCESS section of code from "
223
  "your root .htaccess file into this text box first. You can then edit and "
224
  "modify the code in this text window and save your changes."
225
  msgstr ""
226
 
227
+ #: admin/core/core-custom-code.php:442 admin/core/core-help-text.php:40
228
  msgid ""
229
  "CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/"
230
  "REDIRECT CODE: Add miscellaneous code here"
231
  msgstr ""
232
 
233
+ #: admin/core/core-custom-code.php:451
234
+ msgid ""
235
+ "If you are unable to save Custom Code and/or see an error message when "
236
+ "trying to save Custom Code, click the Encrypt Custom Code button first and "
237
+ "then click the Save Root Custom Code button. Mouse over the question mark "
238
+ "image to the right for help info."
239
+ msgstr ""
240
+
241
+ #: admin/core/core-custom-code.php:451 admin/core/core-custom-code.php:818
242
+ msgid ""
243
+ "If your web host currently has ModSecurity installed or installs ModSecurity "
244
+ "at a later time then ModSecurity will prevent you from saving your custom "
245
+ "htaccess code unless you encrypt it first by clicking the Encrypt Custom "
246
+ "Code button."
247
+ msgstr ""
248
+
249
+ #: admin/core/core-custom-code.php:451
250
+ msgid ""
251
+ "If you click the Encrypt Custom Code button, but then want to add or edit "
252
+ "additional custom code click the Decrypt Custom Code button. After you are "
253
+ "done adding or editing custom code click the Encrypt Custom Code button "
254
+ "before clicking the Save Root Custom Code button."
255
+ msgstr ""
256
+
257
+ #: admin/core/core-custom-code.php:451
258
+ msgid ""
259
+ "Additional Encrypt and Decrypt buttons have been added at the top of the "
260
+ "Root Custom Code Form."
261
+ msgstr ""
262
+
263
+ #: admin/core/core-custom-code.php:451 admin/core/core-custom-code.php:818
264
+ #: admin/core/core.php:1849
265
+ msgid "Click the Custom Code Read Me help button for more help info."
266
+ msgstr ""
267
+
268
+ #: admin/core/core-custom-code.php:454
269
+ msgid ""
270
+ "IMPORTANT!!! Did you remember to click the Encrypt Custom Code button first "
271
+ "before saving your Root Custom Code?"
272
+ msgstr ""
273
+
274
+ #: admin/core/core-custom-code.php:454
275
  msgid "Click OK to save your Root Custom Code or click Cancel."
276
  msgstr ""
277
 
278
+ #: admin/core/core-custom-code.php:752
279
  msgid "wp-admin htaccess File Custom Code"
280
  msgstr ""
281
 
282
+ #: admin/core/core-custom-code.php:772
283
  msgid ""
284
  "CUSTOM CODE WPADMIN DENY BROWSER ACCESS TO FILES:<br>Add additional wp-admin "
285
  "files that you would like to block here"
286
  msgstr ""
287
 
288
+ #: admin/core/core-custom-code.php:773
289
  msgid ""
290
  "You MUST copy and paste the entire WPADMIN DENY BROWSER ACCESS TO FILES "
291
  "section of code from your wp-admin .htaccess file into this text box first. "
295
  "htaccess file"
296
  msgstr ""
297
 
298
+ #: admin/core/core-custom-code.php:793
299
  msgid ""
300
  "CUSTOM CODE WPADMIN TOP:<br>wp-admin password protection & miscellaneous "
301
  "custom code here"
302
  msgstr ""
303
 
304
+ #: admin/core/core-custom-code.php:801
305
  msgid ""
306
  "CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES:<br>Add wp-admin plugin/file skip "
307
  "rules code here"
308
  msgstr ""
309
 
310
+ #: admin/core/core-custom-code.php:809
311
  msgid ""
312
  "CUSTOM CODE BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS:<br>Modify "
313
  "Query String Exploit code here"
314
  msgstr ""
315
 
316
+ #: admin/core/core-custom-code.php:810 admin/core/core-help-text.php:40
317
  msgid ""
318
  "You MUST copy and paste the entire BPS QUERY STRING EXPLOITS section of code "
319
  "from your wp-admin .htaccess file from # BEGIN BPSQSE-check BPS QUERY STRING "
322
  "this text window and save your changes."
323
  msgstr ""
324
 
325
+ #: admin/core/core-custom-code.php:818
326
+ msgid ""
327
+ "If you are unable to save Custom Code and/or see an error message when "
328
+ "trying to save Custom Code, click the Encrypt Custom Code button first and "
329
+ "then click the Save wp-admin Custom Code button. Mouse over the question "
330
+ "mark image to the right for help info."
331
+ msgstr ""
332
+
333
+ #: admin/core/core-custom-code.php:818
334
+ msgid ""
335
+ "If you click the Encrypt Custom Code button, but then want to add or edit "
336
+ "additional custom code click the Decrypt Custom Code button. After you are "
337
+ "done adding or editing custom code click the Encrypt Custom Code button "
338
+ "before clicking the Save wp-admin Custom Code button."
339
+ msgstr ""
340
+
341
+ #: admin/core/core-custom-code.php:818
342
+ msgid ""
343
+ "Additional Encrypt and Decrypt buttons have been added at the top of the wp-"
344
+ "admin Custom Code Form."
345
+ msgstr ""
346
+
347
+ #: admin/core/core-custom-code.php:821
348
+ msgid ""
349
+ "IMPORTANT!!! Did you remember to click the Encrypt Custom Code button first "
350
+ "before saving your wp-admin Custom Code?"
351
+ msgstr ""
352
+
353
+ #: admin/core/core-custom-code.php:821
354
  msgid "Click OK to save your wp-admin Custom Code or click Cancel."
355
  msgstr ""
356
 
461
  msgstr ""
462
 
463
  #: admin/core/core-forms.php:18 admin/core/core-forms.php:98
464
+ #: admin/core/core.php:1147
465
  msgid "htaccess Files Disabled: wp-admin htaccess file writing is disabled. "
466
  msgstr ""
467
 
471
  #: admin/core/core-forms.php:364 admin/core/core-forms.php:430
472
  #: admin/core/core-htaccess-code.php:437 admin/core/core-htaccess-code.php:521
473
  #: admin/core/core-htaccess-code.php:590 admin/core/core-htaccess-code.php:674
474
+ #: admin/core/core.php:778 admin/core/core.php:862 admin/core/core.php:970
475
+ #: admin/core/core.php:1054 admin/core/core.php:1147
476
  #: admin/maintenance/maintenance.php:814 admin/maintenance/maintenance.php:1130
477
  #: admin/maintenance/maintenance.php:1639
478
  #: admin/maintenance/maintenance.php:1769
486
  #: admin/core/core-forms.php:364 admin/core/core-forms.php:430
487
  #: admin/core/core-htaccess-code.php:437 admin/core/core-htaccess-code.php:521
488
  #: admin/core/core-htaccess-code.php:590 admin/core/core-htaccess-code.php:674
489
+ #: admin/core/core.php:778 admin/core/core.php:862 admin/core/core.php:970
490
+ #: admin/core/core.php:1054 admin/core/core.php:1147
491
  #: admin/maintenance/maintenance.php:814 admin/maintenance/maintenance.php:1130
492
  #: admin/maintenance/maintenance.php:1639
493
  #: admin/maintenance/maintenance.php:1769
1065
  "Send Email Alerts."
1066
  msgstr ""
1067
 
1068
+ #: admin/core/core-help-text.php:18 admin/core/core.php:459
1069
  msgid "HPF Cron Check Frequency:"
1070
  msgstr ""
1071
 
1077
  "Options button to save your settings."
1078
  msgstr ""
1079
 
1080
+ #: admin/core/core-help-text.php:18 admin/core/core.php:470
1081
  msgid "HPF Cron On|Off:"
1082
  msgstr ""
1083
 
1087
  "HPF Cron Off. Click the Save HPF Cron Options button to save your settings."
1088
  msgstr ""
1089
 
1090
+ #: admin/core/core-help-text.php:18 admin/core/core.php:490
1091
  msgid "Ignore Hidden Plugin Folders & Files:"
1092
  msgstr ""
1093
 
1189
  "permanently. To save any new htaccess code permanently use BPS Custom Code."
1190
  msgstr ""
1191
 
1192
+ #: admin/core/core-help-text.php:30 admin/core/core.php:209
1193
+ #: admin/core/core.php:319 admin/core/core.php:408 admin/core/core.php:520
1194
+ #: admin/core/core.php:596 admin/core/core.php:672 admin/core/core.php:1716
1195
  #: admin/db-backup-security/db-backup-help-text.php:12
1196
  #: admin/db-backup-security/db-backup-help-text.php:15
1197
  #: admin/db-backup-security/db-backup-security.php:281
1263
  msgid " help information above."
1264
  msgstr ""
1265
 
1266
+ #: admin/core/core-help-text.php:30 admin/core/core-help-text.php:40
1267
+ msgid "Encryption|Decryption ModSecurity CRS Bypass"
1268
+ msgstr ""
1269
+
1270
+ #: admin/core/core-help-text.php:30
1271
+ msgid ""
1272
+ "ModSecurity CRS is a security feature installed on some web hosts. "
1273
+ "ModSecurity CRS sees the legitimate htaccess code in the htaccess File "
1274
+ "Editor as malicious and will prevent you from saving your htaccess code "
1275
+ "edits. When trying to save your htaccess code you may see an error message "
1276
+ "or you may be redirected to your website Home page or nothing happens or "
1277
+ "other various problems. To evade/bypass ModSecurity CRS click the Encrypt "
1278
+ "htaccess Code button before clicking the Update File button. Your htaccess "
1279
+ "code is encrypted in the POST Form submission and then decrypted in the Form "
1280
+ "processing code. That means that your htaccess code is only encrypted "
1281
+ "temporarily during htaccess File Editor Form submission to bypass/evade "
1282
+ "ModSecurity CRS detection. The Decrypt htaccess Code feature was added as an "
1283
+ "additional user friendly convenience feature. It allows you to decrypt your "
1284
+ "htaccess code in real time if you already clicked the Encrypt htaccess Code "
1285
+ "button. You can then continue editing your htaccess code and then click the "
1286
+ "Encrypt htaccess Code button again when you are done editing custom code. "
1287
+ "Important!!! Do not forget to click the Encrypt htaccess Code button before "
1288
+ "clicking the Update File button."
1289
+ msgstr ""
1290
+
1291
  #: admin/core/core-help-text.php:30
1292
  msgid "Lock|Unlock .htaccess Files"
1293
  msgstr ""
1469
 
1470
  #: admin/core/core-help-text.php:40
1471
  msgid ""
1472
+ "2. Click the Encrypt Custom Code button - You only need to do this step if "
1473
+ "you are unable to save your custom code - See the Encryption|Decryption "
1474
+ "ModSecurity CRS Bypass help section below."
1475
  msgstr ""
1476
 
1477
  #: admin/core/core-help-text.php:40
1478
  msgid ""
1479
+ "3. Click the Save Root Custom Code button to save your Root custom code."
1480
+ msgstr ""
1481
+
1482
+ #: admin/core/core-help-text.php:40
1483
+ msgid ""
1484
+ "4. Go to the Security Modes page and click the Root Folder BulletProof Mode "
1485
  "Activate button."
1486
  msgstr ""
1487
 
1488
+ #: admin/core/core-help-text.php:40
1489
+ msgid ""
1490
+ "ModSecurity CRS is a security feature installed on some web hosts. "
1491
+ "ModSecurity CRS sees the legitimate htaccess code in the Custom Code text "
1492
+ "boxes as malicious and will prevent you from saving your custom htaccess "
1493
+ "code. When trying to save your custom code you may see an error message or "
1494
+ "you may be redirected to your website Home page or nothing happens or other "
1495
+ "various problems. To evade/bypass ModSecurity CRS click the Encrypt Custom "
1496
+ "Code button before clicking the Save Custom Code buttons. Your custom "
1497
+ "htaccess code is encrypted in the POST Form submission and then decrypted in "
1498
+ "the Form processing code. That means that your custom htaccess code is only "
1499
+ "encrypted temporarily during Custom Code Form submission to bypass/evade "
1500
+ "ModSecurity CRS detection. The Decrypt Custom Code feature was added as an "
1501
+ "additional user friendly convenience feature. It allows you to decrypt your "
1502
+ "custom code in real time if you already clicked the Encrypt Custom Code "
1503
+ "button. You can then continue adding or editing your custom code and then "
1504
+ "click the Encrypt Custom Code button again when you are done adding or "
1505
+ "editing custom code. Important!!! Do not forget to click the Encrypt Custom "
1506
+ "Code button before clicking the Save Custom Code buttons."
1507
+ msgstr ""
1508
+
1509
  #: admin/core/core-help-text.php:40
1510
  msgid "CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE:"
1511
  msgstr ""
1722
 
1723
  #: admin/core/core-htaccess-code.php:437 admin/core/core-htaccess-code.php:521
1724
  #: admin/core/core-htaccess-code.php:590 admin/core/core-htaccess-code.php:674
1725
+ #: admin/core/core.php:1054
1726
  msgid "htaccess Files Disabled: Root htaccess file writing is disabled. "
1727
  msgstr ""
1728
 
1729
  #: admin/core/core-htaccess-code.php:459 admin/core/core-htaccess-code.php:612
1730
+ #: admin/core/core.php:909
1731
  msgid "Failed to copy your Custom default.htaccess file: "
1732
  msgstr ""
1733
 
1734
  #: admin/core/core-htaccess-code.php:459 admin/core/core-htaccess-code.php:612
1735
+ #: admin/core/core.php:909
1736
  msgid " to: "
1737
  msgstr ""
1738
 
1779
  msgid "BulletProof Security ~ htaccess Core"
1780
  msgstr ""
1781
 
1782
+ #: admin/core/core.php:155 admin/db-backup-security/db-backup-security.php:69
1783
  #: admin/email-log-settings/email-log-settings.php:64 admin/login/login.php:126
1784
  #: admin/maintenance/maintenance.php:75 admin/mscan/mscan.php:78
1785
  #: admin/security-log/security-log.php:64 admin/system-info/system-info.php:64
1787
  msgid "Settings Saved"
1788
  msgstr ""
1789
 
1790
+ #: admin/core/core.php:180
1791
  msgid "Security Modes"
1792
  msgstr ""
1793
 
1794
+ #: admin/core/core.php:181
1795
  msgid "htaccess File Editor"
1796
  msgstr ""
1797
 
1798
+ #: admin/core/core.php:182 admin/core/core.php:1700 admin/core/core.php:1713
1799
  msgid "Custom Code"
1800
  msgstr ""
1801
 
1802
+ #: admin/core/core.php:183
1803
  msgid "My Notes"
1804
  msgstr ""
1805
 
1806
+ #: admin/core/core.php:184
1807
  msgid "Whats New"
1808
  msgstr ""
1809
 
1810
+ #: admin/core/core.php:185 admin/db-backup-security/db-backup-security.php:262
1811
  #: admin/db-backup-security/db-backup-security.php:1697
1812
  #: admin/email-log-settings/email-log-settings.php:87 admin/login/login.php:164
1813
  #: admin/maintenance/maintenance.php:150 admin/mscan/mscan.php:115
1817
  msgid "Help &amp; FAQ"
1818
  msgstr ""
1819
 
1820
+ #: admin/core/core.php:186 bulletproof-security.php:158
1821
  msgid "BPS Pro Features"
1822
  msgstr ""
1823
 
1824
+ #: admin/core/core.php:194
1825
  msgid "htaccess File Security Modes ~ "
1826
  msgstr ""
1827
 
1828
+ #: admin/core/core.php:194
1829
  msgid "RBM, WBM, HPF, MBM & BBM BulletProof Modes"
1830
  msgstr ""
1831
 
1832
+ #: admin/core/core.php:194 admin/core/core.php:712 admin/core/core.php:1694
1833
+ #: admin/core/core.php:1828 admin/core/core.php:1934
1834
  #: admin/db-backup-security/db-backup-security.php:270
1835
  #: admin/db-backup-security/db-backup-security.php:1201
1836
  #: admin/db-backup-security/db-backup-security.php:1357
1842
  msgid "Want even more security protection?"
1843
  msgstr ""
1844
 
1845
+ #: admin/core/core.php:194 admin/core/core.php:712 admin/core/core.php:1694
1846
+ #: admin/core/core.php:1828 admin/core/core.php:1934
1847
  #: admin/email-log-settings/email-log-settings.php:95
1848
  #: admin/maintenance/maintenance.php:170 admin/maintenance/maintenance.php:172
1849
  #: admin/security-log/security-log.php:235 admin/theme-skin/theme-skin.php:101
1852
  "Protect all of your Plugins (plugin folders and files) with an IP Firewall: "
1853
  msgstr ""
1854
 
1855
+ #: admin/core/core.php:194 admin/core/core.php:712 admin/core/core.php:1694
1856
+ #: admin/core/core.php:1828 admin/core/core.php:1934
1857
  #: admin/email-log-settings/email-log-settings.php:95
1858
  #: admin/maintenance/maintenance.php:170 admin/maintenance/maintenance.php:172
1859
  #: admin/security-log/security-log.php:235 admin/theme-skin/theme-skin.php:101
1861
  msgid "Get BPS Pro Plugin Firewall"
1862
  msgstr ""
1863
 
1864
+ #: admin/core/core.php:194 admin/core/core.php:712 admin/core/core.php:1694
1865
+ #: admin/core/core.php:1828 admin/core/core.php:1934
1866
  #: admin/email-log-settings/email-log-settings.php:95
1867
  #: admin/maintenance/maintenance.php:170 admin/maintenance/maintenance.php:172
1868
  #: admin/security-log/security-log.php:235 admin/theme-skin/theme-skin.php:101
1872
  "files: "
1873
  msgstr ""
1874
 
1875
+ #: admin/core/core.php:194 admin/core/core.php:712 admin/core/core.php:1694
1876
+ #: admin/core/core.php:1828 admin/core/core.php:1934
1877
  #: admin/email-log-settings/email-log-settings.php:95
1878
  #: admin/maintenance/maintenance.php:170 admin/maintenance/maintenance.php:172
1879
  #: admin/security-log/security-log.php:235 admin/theme-skin/theme-skin.php:101
1881
  msgid "Get BPS Pro Uploads Anti-Exploit Guard"
1882
  msgstr ""
1883
 
1884
+ #: admin/core/core.php:200 admin/core/core.php:724 admin/core/core.php:1735
1885
+ #: admin/core/core.php:1771 admin/core/core.php:1788 admin/login/login.php:142
1886
  #: admin/login/login.php:199 admin/login/login.php:871
1887
  #: admin/login/login.php:1019 admin/system-info/system-info.php:116
1888
  #: admin/system-info/system-info.php:1034
1889
  msgid "Permission Denied"
1890
  msgstr ""
1891
 
1892
+ #: admin/core/core.php:202
1893
  msgid "Activate|Deactivate Security Modes"
1894
  msgstr ""
1895
 
1896
+ #: admin/core/core.php:204 admin/core/core.php:206 admin/core/core.php:316
1897
  msgid "Root Folder BulletProof Mode (RBM)"
1898
  msgstr ""
1899
 
1900
+ #: admin/core/core.php:204 admin/core/core.php:314 admin/core/core.php:403
1901
+ #: admin/core/core.php:515 admin/core/core.php:591 admin/core/core.php:667
1902
+ #: admin/core/core.php:718 admin/core/core.php:1700
1903
  #: admin/db-backup-security/db-backup-security.php:276
1904
  #: admin/db-backup-security/db-backup-security.php:1207
1905
  #: admin/db-backup-security/db-backup-security.php:1363
1913
  msgid "Read Me"
1914
  msgstr ""
1915
 
1916
+ #: admin/core/core.php:211 admin/core/core.php:321 admin/core/core.php:1718
1917
  #: admin/db-backup-security/db-backup-security.php:284
1918
  #: admin/email-log-settings/email-log-settings.php:109
1919
  #: admin/login/login.php:1001 admin/maintenance/maintenance.php:189
1921
  msgid "Forum Help Links: "
1922
  msgstr ""
1923
 
1924
+ #: admin/core/core.php:214 admin/core/core.php:324
1925
  msgid "Setup Wizard & Other Video Tutorials"
1926
  msgstr ""
1927
 
1928
+ #: admin/core/core.php:215 admin/core/core.php:325
1929
  #: admin/email-log-settings/email-log-settings.php:112
1930
  #: admin/mscan/mscan.php:141 admin/security-log/security-log.php:252
1931
  msgid "BPS Troubleshooting Steps"
1932
  msgstr ""
1933
 
1934
+ #: admin/core/core.php:237 admin/core/core.php:240 admin/core/core.php:243
1935
+ #: admin/core/core.php:246 admin/core/core.php:254 admin/core/core.php:257
1936
+ #: admin/core/core.php:260 admin/core/core.php:263
1937
  msgid "RBM Status: "
1938
  msgstr ""
1939
 
1940
+ #: admin/core/core.php:237 admin/core/core.php:254 admin/core/core.php:352
1941
+ #: admin/core/core.php:366 admin/core/core.php:539 admin/core/core.php:553
1942
+ #: admin/core/core.php:615 admin/core/core.php:629
1943
  msgid "Disabled"
1944
  msgstr ""
1945
 
1946
+ #: admin/core/core.php:240 admin/core/core.php:257
1947
  msgid "Root htaccess File Does Not Exist"
1948
  msgstr ""
1949
 
1950
+ #: admin/core/core.php:243 admin/core/core.php:260 admin/core/core.php:358
1951
+ #: admin/core/core.php:372 admin/core/core.php:545 admin/core/core.php:559
1952
+ #: admin/core/core.php:621 admin/core/core.php:635
1953
  #: admin/system-info/system-info.php:243
1954
  msgid "Activated"
1955
  msgstr ""
1956
 
1957
+ #: admin/core/core.php:246 admin/core/core.php:263 admin/core/core.php:355
1958
+ #: admin/core/core.php:369 admin/core/core.php:542 admin/core/core.php:556
1959
+ #: admin/core/core.php:618 admin/core/core.php:632
1960
  #: admin/system-info/system-info.php:252
1961
  msgid "Deactivated"
1962
  msgstr ""
1963
 
1964
+ #: admin/core/core.php:280 admin/core/core.php:298
1965
  msgid "Click OK to Activate Root Folder BulletProof Mode or click Cancel."
1966
  msgstr ""
1967
 
1968
+ #: admin/core/core.php:288 admin/core/core.php:306
1969
  msgid "Click OK to Deactivate Root Folder BulletProof Mode or click Cancel."
1970
  msgstr ""
1971
 
1972
+ #: admin/core/core.php:314
1973
  msgid "wp-admin Folder BulletProof Mode (WBM)"
1974
  msgstr ""
1975
 
1976
+ #: admin/core/core.php:352 admin/core/core.php:355 admin/core/core.php:358
1977
+ #: admin/core/core.php:366 admin/core/core.php:369 admin/core/core.php:372
1978
  msgid "WBM Status: "
1979
  msgstr ""
1980
 
1981
+ #: admin/core/core.php:387
1982
  msgid "Click OK to Activate wp-admin Folder BulletProof Mode or click Cancel."
1983
  msgstr ""
1984
 
1985
+ #: admin/core/core.php:395
1986
  msgid ""
1987
  "Click OK to Deactivate wp-admin Folder BulletProof Mode or click Cancel."
1988
  msgstr ""
1989
 
1990
+ #: admin/core/core.php:403 admin/core/core.php:405
1991
  msgid "Hidden Plugin Folders|Files Cron (HPF)"
1992
  msgstr ""
1993
 
1994
+ #: admin/core/core.php:426 admin/core/core.php:429 admin/core/core.php:437
1995
+ #: admin/core/core.php:440
1996
  msgid "HPF Status: "
1997
  msgstr ""
1998
 
1999
+ #: admin/core/core.php:426 admin/core/core.php:437 admin/core/core.php:472
2000
  msgid "HPF Cron On"
2001
  msgstr ""
2002
 
2003
+ #: admin/core/core.php:429 admin/core/core.php:440 admin/core/core.php:473
2004
  msgid "HPF Cron Off"
2005
  msgstr ""
2006
 
2007
+ #: admin/core/core.php:461
2008
  msgid "Run Check Every 1 Minute"
2009
  msgstr ""
2010
 
2011
+ #: admin/core/core.php:462
2012
  msgid "Run Check Every 5 Minutes"
2013
  msgstr ""
2014
 
2015
+ #: admin/core/core.php:463
2016
  msgid "Run Check Every 10 Minutes"
2017
  msgstr ""
2018
 
2019
+ #: admin/core/core.php:464
2020
  msgid "Run Check Every 15 Minutes"
2021
  msgstr ""
2022
 
2023
+ #: admin/core/core.php:465
2024
  msgid "Run Check Every 30 Minutes"
2025
  msgstr ""
2026
 
2027
+ #: admin/core/core.php:466
2028
  msgid "Run Check Every 60 Minutes"
2029
  msgstr ""
2030
 
2031
+ #: admin/core/core.php:467
2032
  msgid "Run Check Once Daily"
2033
  msgstr ""
2034
 
2035
+ #: admin/core/core.php:476
2036
  msgid "Save HPF Cron Options"
2037
  msgstr ""
2038
 
2039
+ #: admin/core/core.php:476
2040
  msgid ""
2041
  "The default Cron Frequency is: Run Check Every 15 Minutes. This is a "
2042
  "lightweight check that uses an insignificant amount of resources/memory so 4 "
2048
  "OK to proceed or click Cancel"
2049
  msgstr ""
2050
 
2051
+ #: admin/core/core.php:491
2052
  msgid "Add Ignore rules using plugin folder names or file names."
2053
  msgstr ""
2054
 
2055
+ #: admin/core/core.php:491
2056
  msgid "Use a comma and a space between folder and/or file names."
2057
  msgstr ""
2058
 
2059
+ #: admin/core/core.php:491
2060
  msgid "Example: plugin-folder-name, example-file-name.php"
2061
  msgstr ""
2062
 
2063
+ #: admin/core/core.php:497
2064
  msgid ""
2065
  "This option is for adding ignore rules for Hidden or Empty Plugin Folders "
2066
  "Detected by BPS or Non-standard WP files detected by BPS in your /plugins/ "
2067
  "folder."
2068
  msgstr ""
2069
 
2070
+ #: admin/core/core.php:497
2071
  msgid ""
2072
  "This is an independent option setting that does not require clicking any "
2073
  "other buttons."
2074
  msgstr ""
2075
 
2076
+ #: admin/core/core.php:497 admin/maintenance/maintenance.php:641
2077
  #: admin/security-log/security-log.php:465
2078
  #: admin/security-log/security-log.php:480
2079
  #: admin/security-log/security-log.php:698
2081
  msgid "Click OK to proceed or click Cancel."
2082
  msgstr ""
2083
 
2084
+ #: admin/core/core.php:515
2085
  msgid "Master htaccess Folder BulletProof Mode (MBM)"
2086
  msgstr ""
2087
 
2088
+ #: admin/core/core.php:517
2089
  msgid "MBM BulletProof Modes"
2090
  msgstr ""
2091
 
2092
+ #: admin/core/core.php:539 admin/core/core.php:542 admin/core/core.php:545
2093
+ #: admin/core/core.php:553 admin/core/core.php:556 admin/core/core.php:559
2094
  msgid "MBM Status: "
2095
  msgstr ""
2096
 
2097
+ #: admin/core/core.php:574
2098
  msgid "Click OK to Activate MBM BulletProof Mode or click Cancel."
2099
  msgstr ""
2100
 
2101
+ #: admin/core/core.php:582
2102
  msgid "Click OK to Deactivate MBM BulletProof Mode or click Cancel."
2103
  msgstr ""
2104
 
2105
+ #: admin/core/core.php:591
2106
  msgid "BPS Backup Folder BulletProof Mode (BBM)"
2107
  msgstr ""
2108
 
2109
+ #: admin/core/core.php:593
2110
  msgid "BBM BulletProof Modes"
2111
  msgstr ""
2112
 
2113
+ #: admin/core/core.php:615 admin/core/core.php:618 admin/core/core.php:621
2114
+ #: admin/core/core.php:629 admin/core/core.php:632 admin/core/core.php:635
2115
  msgid "BBM Status: "
2116
  msgstr ""
2117
 
2118
+ #: admin/core/core.php:650
2119
  msgid "Click OK to Activate BBM BulletProof Mode or click Cancel."
2120
  msgstr ""
2121
 
2122
+ #: admin/core/core.php:658
2123
  msgid ""
2124
  "Caution: BPS Backup Folder BulletProof Mode (BBM) should only be deactivated "
2125
  "for testing or troubleshooting. Be sure to activate BBM BulletProof Mode "
2126
  "after you are done testing or troubleshooting."
2127
  msgstr ""
2128
 
2129
+ #: admin/core/core.php:658
2130
  msgid "Click OK to Deactivate BBM BulletProof Mode or click Cancel."
2131
  msgstr ""
2132
 
2133
+ #: admin/core/core.php:667 admin/core/core.php:669
2134
  msgid "Backup & Restore BPS htaccess Files"
2135
  msgstr ""
2136
 
2137
+ #: admin/core/core.php:685
2138
  msgid "Click OK to Backup BPS htaccess files or click Cancel."
2139
  msgstr ""
2140
 
2141
+ #: admin/core/core.php:693
2142
  msgid "Click OK to Restore BPS htaccess files or click Cancel."
2143
  msgstr ""
2144
 
2145
+ #: admin/core/core.php:712
2146
  msgid "htaccess File Editor ~ "
2147
  msgstr ""
2148
 
2149
+ #: admin/core/core.php:712
2150
  msgid ""
2151
  "Check or edit BPS htaccess files/code manually/directly for testing. Use BPS "
2152
  "Custom Code to save htaccess code permanently"
2153
  msgstr ""
2154
 
2155
+ #: admin/core/core.php:718 admin/core/core.php:720
2156
  msgid "htaccess File Editing"
2157
  msgstr ""
2158
 
2159
+ #: admin/core/core.php:745
2160
  msgid "htaccess Files Disabled: secure.htaccess Master file is disabled."
2161
  msgstr ""
2162
 
2163
+ #: admin/core/core.php:749
2164
  msgid "ERROR: A secure.htaccess Master file was NOT found."
2165
  msgstr ""
2166
 
2167
+ #: admin/core/core.php:758
2168
  msgid ""
2169
  "File Open and Write test successful! The secure.htaccess Master file is "
2170
  "writable."
2171
  msgstr ""
2172
 
2173
+ #: admin/core/core.php:763 admin/core/core.php:847 admin/core/core.php:954
2174
+ #: admin/core/core.php:1131 admin/security-log/security-log.php:755
2175
  msgid "Cannot write to file: "
2176
  msgstr ""
2177
 
2178
+ #: admin/core/core.php:778
2179
  msgid ""
2180
  "htaccess Files Disabled: secure.htaccess Master file writing is disabled. "
2181
  msgstr ""
2182
 
2183
+ #: admin/core/core.php:798
2184
  msgid "Error: Unable to write to the secure.htaccess Master file."
2185
  msgstr ""
2186
 
2187
+ #: admin/core/core.php:813
2188
  msgid "The secure.htaccess Master file has been updated."
2189
  msgstr ""
2190
 
2191
+ #: admin/core/core.php:829
2192
  msgid "htaccess Files Disabled: default.htaccess Master file is disabled."
2193
  msgstr ""
2194
 
2195
+ #: admin/core/core.php:833
2196
  msgid "ERROR: A default.htaccess Master file was NOT found."
2197
  msgstr ""
2198
 
2199
+ #: admin/core/core.php:842
2200
  msgid ""
2201
  "File Open and Write test successful! The default.htaccess Master file is "
2202
  "writable."
2203
  msgstr ""
2204
 
2205
+ #: admin/core/core.php:862
2206
  msgid ""
2207
  "htaccess Files Disabled: default.htaccess Master file writing is disabled. "
2208
  msgstr ""
2209
 
2210
+ #: admin/core/core.php:882
2211
  msgid "Error: Unable to write to the default.htaccess Master file."
2212
  msgstr ""
2213
 
2214
+ #: admin/core/core.php:897
2215
  msgid "The default.htaccess Master file has been updated."
2216
  msgstr ""
2217
 
2218
+ #: admin/core/core.php:909
2219
  msgid ""
2220
  " Check that the /bps-backup/ and /master-backups/ folders exist and the "
2221
  "folder permissions or Ownership for these folders."
2222
  msgstr ""
2223
 
2224
+ #: admin/core/core.php:914
2225
  msgid ""
2226
  "Your Custom default.htaccess Master file has been successfully saved to: "
2227
  msgstr ""
2228
 
2229
+ #: admin/core/core.php:930
2230
  msgid "wpadmin-secure.htaccess file writing is disabled."
2231
  msgstr ""
2232
 
2233
+ #: admin/core/core.php:936
2234
  msgid ""
2235
  "htaccess Files Disabled: wpadmin-secure.htaccess Master file is disabled."
2236
  msgstr ""
2237
 
2238
+ #: admin/core/core.php:940
2239
  msgid "ERROR: A wpadmin-secure.htaccess Master file was NOT found."
2240
  msgstr ""
2241
 
2242
+ #: admin/core/core.php:949
2243
  msgid ""
2244
  "File Open and Write test successful! The wpadmin-secure.htaccess Master file "
2245
  "is writable."
2246
  msgstr ""
2247
 
2248
+ #: admin/core/core.php:970
2249
  msgid ""
2250
  "htaccess Files Disabled: wpadmin-secure.htaccess Master file writing is "
2251
  "disabled. "
2252
  msgstr ""
2253
 
2254
+ #: admin/core/core.php:990
2255
  msgid "Error: Unable to write to the wpadmin-secure.htaccess Master file."
2256
  msgstr ""
2257
 
2258
+ #: admin/core/core.php:1005
2259
  msgid "The wpadmin-secure.htaccess Master file has been updated."
2260
  msgstr ""
2261
 
2262
+ #: admin/core/core.php:1021
2263
  msgid "htaccess Files Disabled: Root htaccess file does not exist."
2264
  msgstr ""
2265
 
2266
+ #: admin/core/core.php:1025
2267
  msgid "ERROR: An htaccess file was NOT found in your root folder"
2268
  msgstr ""
2269
 
2270
+ #: admin/core/core.php:1034
2271
  msgid ""
2272
  "File Open and Write test successful! Your currently active root htaccess "
2273
  "file is writable."
2274
  msgstr ""
2275
 
2276
+ #: admin/core/core.php:1039
2277
  msgid "Your root htaccess file is Locked with Read Only Permissions."
2278
  msgstr ""
2279
 
2280
+ #: admin/core/core.php:1039
2281
  msgid ""
2282
  "Use the Lock and Unlock buttons below to Lock or Unlock your root htaccess "
2283
  "file for editing."
2284
  msgstr ""
2285
 
2286
+ #: admin/core/core.php:1074
2287
  msgid ""
2288
  "Error: Unable to write to the Root htaccess file. If your Root htaccess file "
2289
  "is locked you must unlock first."
2290
  msgstr ""
2291
 
2292
+ #: admin/core/core.php:1089
2293
  msgid "Your currently active root htaccess file has been updated."
2294
  msgstr ""
2295
 
2296
+ #: admin/core/core.php:1107
2297
  msgid "wp-admin active htaccess file writing is disabled."
2298
  msgstr ""
2299
 
2300
+ #: admin/core/core.php:1113
2301
  msgid "htaccess Files Disabled: wp-admin folder htaccess file does not exist."
2302
  msgstr ""
2303
 
2304
+ #: admin/core/core.php:1117
2305
  msgid "ERROR: An htaccess file was NOT found in your wp-admin folder"
2306
  msgstr ""
2307
 
2308
+ #: admin/core/core.php:1126
2309
  msgid ""
2310
  "File Open and Write test successful! Your currently active wp-admin htaccess "
2311
  "file is writable."
2312
  msgstr ""
2313
 
2314
+ #: admin/core/core.php:1167
2315
  msgid "Error: Unable to write to the wp-admin htaccess file."
2316
  msgstr ""
2317
 
2318
+ #: admin/core/core.php:1182
2319
  msgid "Your currently active wp-admin htaccess file has been updated."
2320
  msgstr ""
2321
 
2322
+ #: admin/core/core.php:1199
2323
  msgid "Your Root htaccess file has been Locked."
2324
  msgstr ""
2325
 
2326
+ #: admin/core/core.php:1204
2327
  msgid "Unable to Lock your Root htaccess file."
2328
  msgstr ""
2329
 
2330
+ #: admin/core/core.php:1218
2331
  msgid "Your Root htaccess file has been Unlocked."
2332
  msgstr ""
2333
 
2334
+ #: admin/core/core.php:1223
2335
  msgid "Unable to Unlock your Root htaccess file."
2336
  msgstr ""
2337
 
2338
+ #: admin/core/core.php:1246
2339
  msgid "Click OK to Lock your Root htaccess file or click Cancel."
2340
  msgstr ""
2341
 
2342
+ #: admin/core/core.php:1246
2343
  msgid ""
2344
  "Note: The File Open and Write Test window will still display the last status "
2345
  "of the file as Unlocked. To see the current status refresh your browser."
2346
  msgstr ""
2347
 
2348
+ #: admin/core/core.php:1254
2349
  msgid "Click OK to Unlock your Root htaccess file or click Cancel."
2350
  msgstr ""
2351
 
2352
+ #: admin/core/core.php:1254
2353
  msgid ""
2354
  "Note: The File Open and Write Test window will still display the last status "
2355
  "of the file as Locked. To see the current status refresh your browser."
2356
  msgstr ""
2357
 
2358
+ #: admin/core/core.php:1263
2359
  msgid ""
2360
  "Turning AutoLock On will allow BPS Pro to automatically lock your Root ."
2361
  "htaccess file. For some folks this causes a problem because their Web Hosts "
2363
  "BPS Pro to AutoLock the Root .htaccess file works fine."
2364
  msgstr ""
2365
 
2366
+ #: admin/core/core.php:1263
2367
  msgid "Click OK to Turn AutoLock On or click Cancel."
2368
  msgstr ""
2369
 
2370
+ #: admin/core/core.php:1265 admin/system-info/system-info.php:752
2371
  #: admin/system-info/system-info.php:768 admin/system-info/system-info.php:776
2372
  #: admin/system-info/system-info.php:784 admin/system-info/system-info.php:792
2373
  #: admin/system-info/system-info.php:800 admin/system-info/system-info.php:808
2379
  msgid "On"
2380
  msgstr ""
2381
 
2382
+ #: admin/core/core.php:1275
2383
  msgid ""
2384
  "Turning AutoLock Off will prevent BPS Pro from automatically locking your "
2385
  "Root .htaccess file. For some folks this is necessary because their Web "
2387
  "allowing BPS Pro to AutoLock the Root .htaccess file works fine."
2388
  msgstr ""
2389
 
2390
+ #: admin/core/core.php:1275
2391
  msgid "Click OK to Turn AutoLock Off or click Cancel."
2392
  msgstr ""
2393
 
2394
+ #: admin/core/core.php:1277 admin/system-info/system-info.php:536
2395
  #: admin/system-info/system-info.php:771 admin/system-info/system-info.php:779
2396
  #: admin/system-info/system-info.php:787 admin/system-info/system-info.php:795
2397
  #: admin/system-info/system-info.php:803 admin/system-info/system-info.php:811
2403
  msgid "Off"
2404
  msgstr ""
2405
 
2406
+ #: admin/core/core.php:1292
2407
  msgid "secure.htaccess"
2408
  msgstr ""
2409
 
2410
+ #: admin/core/core.php:1293
2411
  msgid "default.htaccess"
2412
  msgstr ""
2413
 
2414
+ #: admin/core/core.php:1294
2415
  msgid "wpadmin-secure.htaccess"
2416
  msgstr ""
2417
 
2418
+ #: admin/core/core.php:1295
2419
  msgid "Your Current Root htaccess File"
2420
  msgstr ""
2421
 
2422
+ #: admin/core/core.php:1296
2423
  msgid "Your Current wp-admin htaccess File"
2424
  msgstr ""
2425
 
2426
+ #: admin/core/core.php:1317 admin/core/core.php:1387 admin/core/core.php:1457
2427
+ #: admin/core/core.php:1545 admin/core/core.php:1617
2428
+ msgid ""
2429
+ "If you see an error or are unable to save your editing changes then click "
2430
+ "the Encrypt htaccess Code button first and then click the Update File "
2431
+ "button. Mouse over the question mark image to the right for help info."
2432
+ msgstr ""
2433
+
2434
+ #: admin/core/core.php:1317 admin/core/core.php:1387 admin/core/core.php:1457
2435
+ #: admin/core/core.php:1545 admin/core/core.php:1617
2436
+ msgid ""
2437
+ "If your web host currently has ModSecurity installed or installs ModSecurity "
2438
+ "at a later time then ModSecurity will prevent you from saving your htaccess "
2439
+ "code unless you encrypt it first by clicking the Encrypt htaccess Code "
2440
+ "button."
2441
+ msgstr ""
2442
+
2443
+ #: admin/core/core.php:1317 admin/core/core.php:1387 admin/core/core.php:1457
2444
+ #: admin/core/core.php:1545 admin/core/core.php:1617
2445
+ msgid ""
2446
+ "If you click the Encrypt htaccess Code button and then want to edit your "
2447
+ "code again click the Decrypt htaccess Code button. After you are done "
2448
+ "editing click the Encrypt htaccess Code button before clicking the Update "
2449
+ "File button."
2450
+ msgstr ""
2451
+
2452
+ #: admin/core/core.php:1317 admin/core/core.php:1387 admin/core/core.php:1457
2453
+ #: admin/core/core.php:1545 admin/core/core.php:1617
2454
+ msgid "Click the htaccess File Editing Read Me help button for more help info."
2455
+ msgstr ""
2456
+
2457
+ #: admin/core/core.php:1542
2458
  msgid "YOUR ROOT HTACCESS FILE IS LOCKED."
2459
  msgstr ""
2460
 
2461
+ #: admin/core/core.php:1542
2462
  msgid "YOUR FILE EDITS|CHANGES CANNOT BE SAVED."
2463
  msgstr ""
2464
 
2465
+ #: admin/core/core.php:1542
2466
  msgid ""
2467
  "Click Cancel, copy the file editing changes you made to save them and then "
2468
  "click the Unlock .htaccess File button to unlock your Root .htaccess file. "
2471
  "to save your file edits/changes."
2472
  msgstr ""
2473
 
2474
+ #: admin/core/core.php:1694
2475
  msgid "htaccess File Custom Code ~ "
2476
  msgstr ""
2477
 
2478
+ #: admin/core/core.php:1694
2479
  msgid ""
2480
  "Save custom htaccess code for your Root and wp-admin htaccess Files "
2481
  "permanently"
2482
  msgstr ""
2483
 
2484
+ #: admin/core/core.php:1706
2485
  msgid "Reset|Recheck Dismiss Notices: "
2486
  msgstr ""
2487
 
2488
+ #: admin/core/core.php:1721
2489
  msgid "Brute Force Login Page Protection code"
2490
  msgstr ""
2491
 
2492
+ #: admin/core/core.php:1729 admin/core/core.php:1977
2493
  #: admin/wizard/wizard.php:1043
2494
  msgid "Custom Code Video Tutorial"
2495
  msgstr ""
2496
 
2497
+ #: admin/core/core.php:1730
2498
  msgid "BulletProof Security Forum"
2499
  msgstr ""
2500
 
2501
+ #: admin/core/core.php:1747
2502
  msgid ""
2503
  "Clicking OK will Import all of your Root and wp-admin Custom Code from the "
2504
  "cc-master.zip file on your computer."
2505
  msgstr ""
2506
 
2507
+ #: admin/core/core.php:1747
2508
  msgid "Click OK to Import Custom Code or click Cancel."
2509
  msgstr ""
2510
 
2511
+ #: admin/core/core.php:1756
2512
  msgid ""
2513
  "Clicking OK will Export (copy) all of your Root and wp-admin Custom Code "
2514
  "into the cc-master.zip file, which you can then download to your computer by "
2516
  "success message."
2517
  msgstr ""
2518
 
2519
+ #: admin/core/core.php:1756
2520
  msgid "Click OK to Export Custom Code or click Cancel."
2521
  msgstr ""
2522
 
2523
+ #: admin/core/core.php:1764
2524
  msgid ""
2525
  "Clicking OK will delete all of your Root and wp-admin Custom Code from all "
2526
  "of the Custom Code text boxes."
2527
  msgstr ""
2528
 
2529
+ #: admin/core/core.php:1764
2530
  msgid "Click OK to Delete Custom Code or click Cancel."
2531
  msgstr ""
2532
 
2533
+ #: admin/core/core.php:1815
2534
  msgid ""
2535
  "Your My Notes Personal Notes and/or htaccess Code Notes saved successfully "
2536
  "to your WordPress Database."
2537
  msgstr ""
2538
 
2539
+ #: admin/core/core.php:1828
2540
  msgid "My Notes ~ "
2541
  msgstr ""
2542
 
2543
+ #: admin/core/core.php:1828
2544
  msgid "Save Personal Notes and htaccess Code Notes to your WordPress Database"
2545
  msgstr ""
2546
 
2547
+ #: admin/core/core.php:1849
2548
+ msgid ""
2549
+ "If you are unable to save custom htaccess code and/or see an error message "
2550
+ "when trying to save custom htaccess code, "
2551
+ msgstr ""
2552
+
2553
+ #: admin/core/core.php:1849
2554
+ msgid ""
2555
+ "click the Encrypt My Notes button first and then click the Save My Notes "
2556
+ "button."
2557
+ msgstr ""
2558
+
2559
+ #: admin/core/core.php:1849
2560
+ msgid "Mouse over the question mark image to the right for help info."
2561
+ msgstr ""
2562
+
2563
+ #: admin/core/core.php:1849
2564
+ msgid ""
2565
+ "If your web host currently has ModSecurity installed or installs ModSecurity "
2566
+ "at a later time then ModSecurity will prevent you from saving your custom "
2567
+ "htaccess code unless you encrypt it first by clicking the Encrypt My Notes "
2568
+ "button."
2569
+ msgstr ""
2570
+
2571
+ #: admin/core/core.php:1849
2572
+ msgid ""
2573
+ "If you click the Encrypt My Notes button, but then want to add or edit "
2574
+ "additional custom code click the Decrypt My Notes button. After you are done "
2575
+ "adding or editing custom code click the Encrypt My Notes button before "
2576
+ "clicking the Save My Notes button."
2577
+ msgstr ""
2578
+
2579
+ #: admin/core/core.php:1921
2580
  #: admin/db-backup-security/db-backup-security.php:1701
2581
  #: admin/mscan/mscan.php:1918 admin/theme-skin/theme-skin.php:219
2582
  msgid "Whats New in "
2583
  msgstr ""
2584
 
2585
+ #: admin/core/core.php:1921
2586
  msgid " and General Help Info & Tips"
2587
  msgstr ""
2588
 
2589
+ #: admin/core/core.php:1926
2590
  msgid "The BPS Changelog|Whats New page has been moved to the "
2591
  msgstr ""
2592
 
2593
+ #: admin/core/core.php:1926
2594
  msgid "Reasons for this Changelog|Whats New page change: "
2595
  msgstr ""
2596
 
2597
+ #: admin/core/core.php:1926
2598
  msgid ""
2599
  "The BPS Changelog|Whats New page will not have to be translated by the "
2600
  "WordPress PolyGlots Language Packs Team for each new version release of BPS, "
2603
  "BPS version changes through the years and other beneficial reasons."
2604
  msgstr ""
2605
 
2606
+ #: admin/core/core.php:1934 admin/db-backup-security/db-backup-security.php:270
2607
  #: admin/db-backup-security/db-backup-security.php:1201
2608
  #: admin/db-backup-security/db-backup-security.php:1357
2609
  #: admin/email-log-settings/email-log-settings.php:95
2615
  "Detection & Prevention System: "
2616
  msgstr ""
2617
 
2618
+ #: admin/core/core.php:1934 admin/db-backup-security/db-backup-security.php:270
2619
  #: admin/db-backup-security/db-backup-security.php:1201
2620
  #: admin/db-backup-security/db-backup-security.php:1357
2621
  #: admin/email-log-settings/email-log-settings.php:95
2626
  msgid "Get BPS Pro ARQ IDPS"
2627
  msgstr ""
2628
 
2629
+ #: admin/core/core.php:1934 admin/email-log-settings/email-log-settings.php:95
2630
  #: admin/maintenance/maintenance.php:170 admin/maintenance/maintenance.php:172
2631
  #: admin/security-log/security-log.php:235 admin/theme-skin/theme-skin.php:101
2632
  #: admin/wizard/wizard.php:1022 admin/wizard/wizard.php:1091
2635
  "posting, auto-commenting): "
2636
  msgstr ""
2637
 
2638
+ #: admin/core/core.php:1934 admin/email-log-settings/email-log-settings.php:95
2639
  #: admin/login/login.php:181 admin/login/login.php:792
2640
  #: admin/maintenance/maintenance.php:170 admin/maintenance/maintenance.php:172
2641
  #: admin/security-log/security-log.php:235 admin/theme-skin/theme-skin.php:101
2643
  msgid "Get BPS Pro JTC Anti-Spam|Anti-Hacker"
2644
  msgstr ""
2645
 
2646
+ #: admin/core/core.php:1939
2647
  msgid "General Help Info & Tips:"
2648
  msgstr ""
2649
 
2650
+ #: admin/core/core.php:1943
2651
  msgid "If BPS plugin pages are not displaying visually correct you can "
2652
  msgstr ""
2653
 
2654
+ #: admin/core/core.php:1947
2655
  msgid "BPS Video Tutorials|Setup Wizard: "
2656
  msgstr ""
2657
 
2658
+ #: admin/core/core.php:1955
2659
  msgid "Troubleshooting Steps & The BPS Security Log: "
2660
  msgstr ""
2661
 
2662
+ #: admin/core/core.php:1955
2663
  msgid ""
2664
  "All BPS plugin features can be turned Off/On individually to confirm, "
2665
  "eliminate or isolate a problem or issue that may or may not be caused by BPS."
2666
  msgstr ""
2667
 
2668
+ #: admin/core/core.php:1955
2669
  msgid ""
2670
  "The BPS Security Log is a primary troubleshooting tool. If BPS is blocking "
2671
  "something legitimate in another plugin or theme then a Security Log entry "
2674
  "being blocked."
2675
  msgstr ""
2676
 
2677
+ #: admin/core/core.php:1955
2678
  msgid ""
2679
  "Search the Forum site to see if a known issue or problem is already posted "
2680
  "with a solution/whitelist rule in the Forum."
2681
  msgstr ""
2682
 
2683
+ #: admin/core/core.php:1968 admin/maintenance/maintenance.php:2078
2684
  msgid "Help & FAQ"
2685
  msgstr ""
2686
 
2687
+ #: admin/core/core.php:1972 admin/email-log-settings/email-log-settings.php:220
2688
  #: admin/login/login.php:1355 admin/maintenance/maintenance.php:2083
2689
+ #: admin/security-log/security-log.php:822
2690
  #: admin/system-info/system-info.php:1109
2691
  msgid "Contributors Page"
2692
  msgstr ""
2693
 
2694
+ #: admin/core/core.php:1973
2695
  msgid "WP Permalinks - Custom Permalink Structure Help Info"
2696
  msgstr ""
2697
 
2698
+ #: admin/core/core.php:1974 admin/email-log-settings/email-log-settings.php:219
2699
  #: admin/login/login.php:1354 admin/maintenance/maintenance.php:2084
2700
+ #: admin/security-log/security-log.php:821
2701
  #: admin/system-info/system-info.php:1108
2702
  msgid "Security Log Event Codes"
2703
  msgstr ""
2704
 
2705
+ #: admin/core/core.php:1975
2706
  msgid "Adding a Custom 403 Forbidden Page For Your Website"
2707
  msgstr ""
2708
 
2709
+ #: admin/core/core.php:1976
2710
  #: admin/db-backup-security/db-backup-security.php:1705
2711
  #: admin/email-log-settings/email-log-settings.php:221
2712
  #: admin/login/login.php:1356 admin/maintenance/maintenance.php:2085
2713
+ #: admin/mscan/mscan.php:1921 admin/security-log/security-log.php:823
2714
  #: admin/system-info/system-info.php:1110 admin/theme-skin/theme-skin.php:222
2715
  msgid "Forum: Search, Troubleshooting Steps & Post Questions For Assistance"
2716
  msgstr ""
2717
 
2718
+ #: admin/core/core.php:1989
2719
  msgid "BulletProof Security Pro Feature Highlights"
2720
  msgstr ""
2721
 
2722
+ #: admin/core/core.php:1999
2723
  msgid "The Ultimate Security Protection"
2724
  msgstr ""
2725
 
2726
+ #: admin/core/core.php:2002
2727
  msgid "BPS Pro One-Click Setup Wizard & Demo Video Tutorial"
2728
  msgstr ""
2729
 
2730
+ #: admin/core/core.php:2003
2731
  msgid "View All BPS Pro Features"
2732
  msgstr ""
2733
 
2734
+ #: admin/core/core.php:2010
2735
  msgid ""
2736
  "The Complete Website Security Solution for Hacker and Spammer Protection"
2737
  msgstr ""
2738
 
2739
+ #: admin/core/core.php:2010
2740
  msgid ""
2741
  "BulletProof Security Pro has an amazing track record. BPS Pro has been "
2742
+ "publicly available for 8+ years and is installed on over 50,000 websites "
2743
+ "worldwide. Not a single one of those 50,000+ websites in 8+ years have been "
2744
  "hacked."
2745
  msgstr ""
2746
 
2747
+ #: admin/core/core.php:2010
2748
  msgid ""
2749
  "Why pay 10 times or more for other premium WordPress Security Plugins with "
2750
  "recurring yearly subscriptions when you can get the best WordPress Security "
2751
  "Plugin for an extremely low one-time purchase price?"
2752
  msgstr ""
2753
 
2754
+ #: admin/core/core.php:2010
2755
  msgid "View Cost Comparison"
2756
  msgstr ""
2757
 
2758
+ #: admin/core/core.php:2010
2759
  msgid ""
2760
  "30-Day Money-Back Guarantee: If you are dissatisfied with BulletProof "
2761
  "Security Pro for any reason. We offer a no questions asked full refund."
2762
  msgstr ""
2763
 
2764
+ #: admin/core/core.php:2013
2765
  msgid "One-Click Setup Wizard Installation: "
2766
  msgstr ""
2767
 
2768
+ #: admin/core/core.php:2013
2769
  msgid ""
2770
  "Fast, simple and complete BPS Pro installation and setup in less than 1 "
2771
  "minute."
2772
  msgstr ""
2773
 
2774
+ #: admin/core/core.php:2015
2775
  msgid "One-Click Upgrade: "
2776
  msgstr ""
2777
 
2778
+ #: admin/core/core.php:2015
2779
  msgid "One-click plugin upgrade on the WordPress Plugins page."
2780
  msgstr ""
2781
 
2782
+ #: admin/core/core.php:2017
2783
  msgid ""
2784
  "AutoRestore|Quarantine Intrusion Detection and Prevention System (ARQ IDPS): "
2785
  msgstr ""
2786
 
2787
+ #: admin/core/core.php:2017
2788
  msgid ""
2789
  "ARQ IDPS is a real-time file scanner that automatically quarantines "
2790
  "malicious hacker files and autorestores legitimate website files if they "
2798
  "Plugin and Theme Automatic, Manual and Shiny installations and updates."
2799
  msgstr ""
2800
 
2801
+ #: admin/core/core.php:2019
2802
  msgid "MScan Malware Scanner: "
2803
  msgstr ""
2804
 
2805
+ #: admin/core/core.php:2019
2806
  msgid ""
2807
  "MScan Scheduled Scans are available in BPS Pro only. The BPS Pro ARQ IDPS "
2808
  "scanner is far superior to malware scanners including MScan, but both the "
2810
  "website if someone would like to do that."
2811
  msgstr ""
2812
 
2813
+ #: admin/core/core.php:2021
2814
  msgid "Plugin Firewall|Plugin Firewall AutoPilot Mode: "
2815
  msgstr ""
2816
 
2817
+ #: admin/core/core.php:2021
2818
  msgid ""
2819
  "The Plugin Firewall protects all of your Plugins (plugin folders and files) "
2820
  "with an IP Address Firewall, which prevents/blocks/forbids Remote Access to "
2828
  "firewall whitelist rules."
2829
  msgstr ""
2830
 
2831
+ #: admin/core/core.php:2023
2832
  msgid "JTC Anti-Spam|Anti-Hacker (JTC): "
2833
  msgstr ""
2834
 
2835
+ #: admin/core/core.php:2023
2836
  #, php-format
2837
  msgid ""
2838
  "Blocks 100% of all SpamBot and HackerBot Brute Force Login attacks (auto-"
2846
  "includes a SpamBot Trap."
2847
  msgstr ""
2848
 
2849
+ #: admin/core/core.php:2025
2850
  msgid "Uploads Folder Anti-Exploit Guard (UAEG): "
2851
  msgstr ""
2852
 
2853
+ #: admin/core/core.php:2025
2854
  msgid ""
2855
  "Protects the WordPress Uploads folder. ONLY safe image files with valid "
2856
  "image file extensions such as jpg, gif, png, etc. can be accessed, opened or "
2860
  "executed in the WordPress Uploads folder."
2861
  msgstr ""
2862
 
2863
+ #: admin/core/core.php:2027
2864
  msgid "DB Monitor Intrusion Detection System (IDS): "
2865
  msgstr ""
2866
 
2867
+ #: admin/core/core.php:2027
2868
  msgid ""
2869
  "The DB Monitor is an automated Intrusion Detection System (IDS) that alerts "
2870
  "you via email anytime a change/modification occurs in your WordPress "
2875
  "help info."
2876
  msgstr ""
2877
 
2878
+ #: admin/core/core.php:2029
2879
  msgid "DB Diff Tool: "
2880
  msgstr ""
2881
 
2882
+ #: admin/core/core.php:2029
2883
  msgid ""
2884
  "The DB Diff Tool compares old database tables from DB backups to current "
2885
  "database tables and displays any differences in the data/content of those 2 "
2887
  "not only just DB data."
2888
  msgstr ""
2889
 
2890
+ #: admin/core/core.php:2031
2891
  msgid "DB Status & Info: "
2892
  msgstr ""
2893
 
2894
+ #: admin/core/core.php:2031
2895
  msgid ""
2896
  "General DB Info shows commonly checked DB status and info about your "
2897
  "WordPress database at a glance. Extensive DB Info shows extensive DB status "
2900
  "SHOW GLOBAL VARIABLES and SHOW SESSION VARIABLES."
2901
  msgstr ""
2902
 
2903
+ #: admin/core/core.php:2033
2904
  msgid "S-Monitor: "
2905
  msgstr ""
2906
 
2907
+ #: admin/core/core.php:2033
2908
  msgid ""
2909
  "S-Monitor is the centralized Security Monitoring and Alerting Core where you "
2910
  "can manage and choose BPS Pro settings for Dashboard Alerts, Dashboard "
2914
  "easy to change all/any BPS Pro settings to your particular preferences."
2915
  msgstr ""
2916
 
2917
+ #: admin/core/core.php:2035
2918
  msgid "Advanced Real-Time Alerting & Heads Up Dashboard Status Display: "
2919
  msgstr ""
2920
 
2921
+ #: admin/core/core.php:2035
2922
  msgid ""
2923
  "BPS Pro checks and displays error, warning, notifications and alert messages "
2924
  "in real time. You can choose how you want these messages displayed to you "
2926
  "Dashboard, BPS Pro pages only, Turned off, Email Alerts, Logging..."
2927
  msgstr ""
2928
 
2929
+ #: admin/core/core.php:2038
2930
  msgid "Custom php.ini|ini_set Options: "
2931
  msgstr ""
2932
 
2933
+ #: admin/core/core.php:2038
2934
  msgid ""
2935
  "Quickly create a custom php.ini file for your website or use ini_set Options "
2936
  "to increase security and performance with just a few clicks. Additional P-"
2938
  "Protected PHP Error Log, PHP Error Alerts, Secure phpinfo Viewer..."
2939
  msgstr ""
2940
 
2941
+ #: admin/core/core.php:2040
2942
  msgid "Pro Tools: 16 mini-plugins: "
2943
  msgstr ""
2944
 
2945
+ #: admin/core/core.php:2040
2946
  msgid ""
2947
  "Online Base64 Decoder, Offline Base64 Decode|Encode, Mcrypt ~ Decrypt|"
2948
  "Encrypt, Crypt Encryption, Scheduled Crons (display and reschedule/reset "
2961
  "vulnerable to an XML-RPC exploit)."
2962
  msgstr ""
2963
 
2964
+ #: admin/core/core.php:2048
2965
  msgid "BPS Pro Version Release Dates"
2966
  msgstr ""
2967
 
2968
+ #: admin/core/core.php:2050 admin/core/core.php:2055 admin/core/core.php:2056
2969
+ #: admin/core/core.php:2057 admin/core/core.php:2058 admin/core/core.php:2063
2970
+ #: admin/core/core.php:2064 admin/core/core.php:2065 admin/core/core.php:2066
2971
+ #: admin/core/core.php:2067 admin/core/core.php:2072 admin/core/core.php:2073
2972
+ #: admin/core/core.php:2074 admin/core/core.php:2075 admin/core/core.php:2076
2973
+ #: admin/core/core.php:2077 admin/core/core.php:2078 admin/core/core.php:2079
2974
+ #: admin/core/core.php:2080 admin/core/core.php:2085 admin/core/core.php:2086
2975
+ #: admin/core/core.php:2087 admin/core/core.php:2088 admin/core/core.php:2089
2976
+ #: admin/core/core.php:2090 admin/core/core.php:2091 admin/core/core.php:2092
2977
+ #: admin/core/core.php:2093 admin/core/core.php:2094 admin/core/core.php:2095
2978
+ #: admin/core/core.php:2096 admin/core/core.php:2097 admin/core/core.php:2103
2979
+ #: admin/core/core.php:2104 admin/core/core.php:2105 admin/core/core.php:2106
2980
+ #: admin/core/core.php:2107 admin/core/core.php:2108 admin/core/core.php:2109
2981
+ #: admin/core/core.php:2110 admin/core/core.php:2111 admin/core/core.php:2112
2982
+ #: admin/core/core.php:2113 admin/core/core.php:2114 admin/core/core.php:2115
2983
+ #: admin/core/core.php:2116 admin/core/core.php:2122 admin/core/core.php:2123
2984
+ #: admin/core/core.php:2124 admin/core/core.php:2125 admin/core/core.php:2126
2985
+ #: admin/core/core.php:2127 admin/core/core.php:2128 admin/core/core.php:2129
2986
+ #: admin/core/core.php:2130 admin/core/core.php:2131 admin/core/core.php:2132
2987
+ #: admin/core/core.php:2133 admin/core/core.php:2134 admin/core/core.php:2140
2988
+ #: admin/core/core.php:2141 admin/core/core.php:2142 admin/core/core.php:2143
2989
+ #: admin/core/core.php:2144 admin/core/core.php:2145 admin/core/core.php:2146
2990
+ #: admin/core/core.php:2147 admin/core/core.php:2148 admin/core/core.php:2149
2991
+ #: admin/core/core.php:2155 admin/core/core.php:2156 admin/core/core.php:2157
2992
+ #: admin/core/core.php:2158 admin/core/core.php:2159 admin/core/core.php:2160
2993
+ #: admin/core/core.php:2161 admin/core/core.php:2162 admin/core/core.php:2163
2994
+ #: admin/core/core.php:2164
2995
  #, php-format
2996
  msgid ""
2997
  "<a href=\"%2$s\" target=\"_blank\" title=\"Link Opens in New Browser Window"
4651
  msgstr ""
4652
 
4653
  #: admin/email-log-settings/email-log-settings.php:215
4654
+ #: admin/login/login.php:1350 admin/security-log/security-log.php:817
4655
  #: admin/system-info/system-info.php:1105
4656
  msgid "BulletProof Security Help &amp; FAQ"
4657
  msgstr ""
4729
 
4730
  #: admin/includes/admin.php:353 admin/wizard/wizard.php:998
4731
  #: admin/wizard/wizard.php:1028 admin/wizard/wizard.php:1030
4732
+ #: bulletproof-security.php:133 bulletproof-security.php:136
4733
  msgid "Setup Wizard"
4734
  msgstr ""
4735
 
4746
  msgid "BPS UI|UX Debug: SLF: js Script Loaded"
4747
  msgstr ""
4748
 
4749
+ #: admin/includes/admin.php:512
4750
  msgid "BPS UI|UX Debug: Scripts|Styles Dequeued"
4751
  msgstr ""
4752
 
4753
+ #: admin/includes/admin.php:524
4754
  msgid "Script Dequeued: "
4755
  msgstr ""
4756
 
4757
+ #: admin/includes/admin.php:530
4758
  msgid ""
4759
  "No additional plugin or theme Scripts were found that needed to be Dequeued."
4760
  msgstr ""
4761
 
4762
+ #: admin/includes/admin.php:542
4763
  msgid "Style Dequeued: "
4764
  msgstr ""
4765
 
4766
+ #: admin/includes/admin.php:548
4767
  msgid ""
4768
  "No additional plugin or theme Styles were found that needed to be Dequeued."
4769
  msgstr ""
4770
 
4771
+ #: admin/includes/admin.php:586 admin/includes/admin.php:619
4772
  msgid "BPS UI|UX Debug: WP Toolbar nodes|menu items Removed"
4773
  msgstr ""
4774
 
4775
+ #: admin/includes/admin.php:598 admin/includes/admin.php:631
4776
  msgid "WP Toolbar node|menu item Removed: "
4777
  msgstr ""
4778
 
4779
+ #: admin/includes/admin.php:606 admin/includes/admin.php:639
4780
  msgid "No WP Toolbar nodes|menu items were Removed in BPS plugin pages"
4781
  msgstr ""
4782
 
8136
 
8137
  #: admin/security-log/security-log.php:255
8138
  msgid ""
8139
+ "To view your Security Log click the View Log button. Your Security Log file "
8140
+ "is a plain text static file and not a dynamic file or dynamic display to "
8141
+ "keep your website resource usage at a bare minimum and keep your website "
8142
+ "performance at a maximum. Log entries are logged in descending order by Date "
8143
+ "and Time. You can copy, edit and delete this plain text file."
8144
  msgstr ""
8145
 
8146
  #: admin/security-log/security-log.php:255
8406
  "Agents|Bots logged again in your Security Log."
8407
  msgstr ""
8408
 
8409
+ #: admin/security-log/security-log.php:255
8410
+ msgid "View Log"
8411
+ msgstr ""
8412
+
8413
+ #: admin/security-log/security-log.php:255
8414
+ msgid ""
8415
+ "In previous versions of BPS the Security Log was displayed open by default. "
8416
+ "The Security Log is now closed by default due to problems with ModSecurity "
8417
+ "CRS seeing the Security Log entries as malicious and blocking access to the "
8418
+ "Security Log page. If you are unable to open/view your Security Log file you "
8419
+ "can view your Security Log file by using FTP or your web host control panel "
8420
+ "file manager and opening the Security Log file located here "
8421
+ msgstr ""
8422
+
8423
+ #: admin/security-log/security-log.php:255
8424
+ msgid ""
8425
+ "The new View Log feature also resolves another problem, which is if the "
8426
+ "Security Log file automation is not working due to WP Cron jobs being "
8427
+ "disabled on a website then the Security Log file will not be automatically "
8428
+ "zipped, emailed to you and replaced with a new blank log file at regular "
8429
+ "cron intervals by the Security Log file Cron job automation. If your "
8430
+ "Security Log file is extremely large and you are unable to open/view it then "
8431
+ "you can manually download a copy of the Security Log file using FTP or your "
8432
+ "web host control panel file manager and then delete it using the Delete Log "
8433
+ "button."
8434
+ msgstr ""
8435
+
8436
  #: admin/security-log/security-log.php:282
8437
  msgid "There are no Security Log Entries yet."
8438
  msgstr ""
8676
  msgid "To add a User Agent|Bot, use the Add|Ignore tool."
8677
  msgstr ""
8678
 
8679
+ #: admin/security-log/security-log.php:709
8680
+ msgid "Clicking OK will display the contents of your Security Log file."
8681
+ msgstr ""
8682
+
8683
+ #: admin/security-log/security-log.php:709
8684
+ msgid "Click OK to view the Log file or click Cancel."
8685
+ msgstr ""
8686
+
8687
+ #: admin/security-log/security-log.php:736
8688
  msgid ""
8689
  "The Security Log File Was Not Found! Check that the file really exists here "
8690
  "- /"
8691
  msgstr ""
8692
 
8693
+ #: admin/security-log/security-log.php:736
8694
  msgid "/bps-backup/logs/http_error_log.txt and is named correctly."
8695
  msgstr ""
8696
 
8697
+ #: admin/security-log/security-log.php:750
8698
  msgid ""
8699
  "File Open and Write test successful! Your Security Log file is writable."
8700
  msgstr ""
8701
 
8702
+ #: admin/security-log/security-log.php:772
8703
+ #: admin/security-log/security-log.php:776
8704
  msgid "Success! Your Security Log file has been updated."
8705
  msgstr ""
8706
 
11242
  msgid " JTC DB Options created or updated Successfully!"
11243
  msgstr ""
11244
 
11245
+ #: bulletproof-security.php:134
11246
  msgid "Uninstall Options"
11247
  msgstr ""
11248
 
11249
+ #: bulletproof-security.php:156
11250
  msgid "Forum - Support"
11251
  msgstr ""
11252
 
11253
+ #: bulletproof-security.php:157
11254
  msgid "Upgrade"
11255
  msgstr ""
11256
 
readme.txt CHANGED
@@ -4,7 +4,7 @@ Donate link: https://wordpress.org/support/view/plugin-reviews/bulletproof-secur
4
  Tags: security, secure, malware scanner, login security, firewall, security plugin, wordpress security, login, bruteforce, backup, exploit, infection, protection, virus, anti-virus, logout, spam, anti-spam
5
  Requires at least: 3.8
6
  Tested up to: 5.2.2
7
- Stable tag: 3.5
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
4
  Tags: security, secure, malware scanner, login security, firewall, security plugin, wordpress security, login, bruteforce, backup, exploit, infection, protection, virus, anti-virus, logout, spam, anti-spam
5
  Requires at least: 3.8
6
  Tested up to: 5.2.2
7
+ Stable tag: 3.6
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10