BulletProof Security - Version 5.8

Version Description

Download this release

Release Info

Developer AITpro
Plugin Icon 128x128 BulletProof Security
Version 5.8
Comparing to
See all releases

Code changes from version 5.7 to 5.8

Files changed (46) hide show
  1. 400.php +69 -49
  2. 403.php +108 -96
  3. 404.php +54 -39
  4. 405.php +91 -81
  5. 410.php +67 -49
  6. admin/core/core-custom-code.php +1 -0
  7. admin/core/core-forms.php +23 -21
  8. admin/core/core-htaccess-code.php +88 -51
  9. admin/core/core.php +43 -69
  10. admin/db-backup-security/db-backup-functions.php +13 -3
  11. admin/db-backup-security/db-backup-security.php +219 -180
  12. admin/email-log-settings/email-log-settings.php +19 -19
  13. admin/htaccess/bps-maintenance-values.php +1 -1
  14. admin/htaccess/bps-maintenance.php +55 -17
  15. admin/htaccess/bps-mu-tools.php +6 -6
  16. admin/htaccess/secure.htaccess +1 -1
  17. admin/htaccess/wpadmin-secure.htaccess +1 -1
  18. admin/includes/admin.php +132 -74
  19. admin/includes/uninstall.php +2 -8
  20. admin/login/login.php +229 -188
  21. admin/maintenance/maintenance.php +135 -71
  22. admin/mscan/mscan-help-text.php +48 -11
  23. admin/mscan/mscan-scan-status.php +111 -56
  24. admin/mscan/mscan.php +370 -248
  25. admin/security-log/security-log.php +141 -106
  26. admin/system-info/system-info.php +102 -98
  27. admin/theme-skin/theme-skin.php +2 -10
  28. admin/wizard/wizard-backup.php +9 -2
  29. admin/wizard/wizard-functions.php +248 -196
  30. admin/wizard/wizard.php +18 -58
  31. bulletproof-security.php +7 -6
  32. includes/class.php +1 -8
  33. includes/db-security.php +143 -125
  34. includes/functions.php +692 -741
  35. includes/general-functions.php +285 -164
  36. includes/hidden-plugin-folders-cron.php +80 -80
  37. includes/hud-dismiss-functions.php +138 -137
  38. includes/idle-session-logout.php +185 -186
  39. includes/login-security.php +163 -145
  40. includes/mscan-ajax-functions.php +308 -244
  41. includes/mscan-plugin-hash-maker.php +111 -71
  42. includes/mscan-theme-hash-maker.php +208 -70
  43. includes/mscan-wp-core-hash-maker.php +175 -17
  44. includes/zip-email-cron-functions.php +163 -157
  45. isl-logout.php +28 -15
  46. languages/bulletproof-security.pot +485 -492
400.php CHANGED
@@ -19,50 +19,75 @@ header('Pragma: no-cache' );
19
  <head>
20
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
21
  <title>400 Bad Request</title>
 
22
  <style type="text/css">
23
  <!--
24
  body {
 
 
25
  /* If you want to add a background image uncomment the CSS properties below */
26
- /* background-image:url(http://www.example.com/wp-content/plugins/bulletproof-security/abstract-blue-bg.png); /*
27
  /* background-repeat:repeat; */
28
- background-color:#CCCCCC;
29
- line-height: normal;
30
  }
31
 
32
  #bpsMessage {
33
  text-align:center;
34
- background-color: #F7F8F9;
35
- border:5px solid #000000;
36
- padding:10px;
37
  }
38
 
39
  p {
40
- font-family: Verdana, Arial, Helvetica, sans-serif;
41
- font-size:18px;
42
- font-weight:bold;
 
43
  }
44
  -->
45
  </style>
 
46
  </head>
47
 
48
  <body>
 
49
  <div id="bpsMessage">
50
- <p><?php $bps_hostname = str_replace( 'www.', '', htmlspecialchars( $_SERVER['SERVER_NAME'], ENT_QUOTES ) );
51
- echo $bps_hostname; ?> 400 Bad Request Error</p>
52
- <p>If you arrived here due to a search or clicking on a link click your Browser's back button to return to the previous page. Thank you.</p>
53
- <p style="font-size:12px">BPS Plugin 400 Error Page</p>
 
 
 
 
 
 
 
54
  </div>
55
 
56
  <?php
 
57
  if ( file_exists( dirname(dirname(dirname(dirname(__FILE__)))) . '/wp-load.php' ) ) {
58
  require_once '../../../wp-load.php';
 
 
 
 
 
 
 
 
 
59
  }
60
 
61
- // NOTE: fwrite is faster in benchmark tests than file_put_contents for successive writes
62
- $bpsProLog = WP_CONTENT_DIR . '/bps-backup/logs/http_error_log.txt';
63
- $hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']);
64
- $timeNow = time();
65
- $gmt_offset = get_option( 'gmt_offset' ) * 3600;
 
 
 
 
 
66
 
67
  $query_string = parse_url($_SERVER['REQUEST_URI'], PHP_URL_QUERY);
68
 
@@ -75,45 +100,40 @@ $gmt_offset = get_option( 'gmt_offset' ) * 3600;
75
  $event = 'The request could not be understood by the server due to malformed syntax.';
76
  $solution = 'N/A - Malformed Request - Not an Attack';
77
 
78
- $bpsPro_http_referer = false;
79
- if ( array_key_exists('HTTP_REFERER', $_SERVER) ) {
80
- $bpsPro_http_referer = $_SERVER['HTTP_REFERER'];
81
- }
82
-
83
  if ( $_SERVER['REQUEST_METHOD'] == 'POST' ) {
84
 
85
- $log_contents = "\r\n" . '[400 POST Bad Request: ' . $timestamp . ']' . "\r\n" . 'BPS: ' . $bps_version . "\r\n" . 'WP: ' . $wp_version . "\r\n" . 'Event Code: ' . $event . "\r\n" . 'Solution: ' . $solution . "\r\n" . 'REMOTE_ADDR: '.$bpsPro_remote_addr . "\r\n" . 'Host Name: ' . $hostname . "\r\n" . 'SERVER_PROTOCOL: ' . $_SERVER['SERVER_PROTOCOL'] . "\r\n" . 'HTTP_CLIENT_IP: ' . $bpsPro_http_client_ip . "\r\n" . 'HTTP_FORWARDED: ' . $bpsPro_http_forwarded . "\r\n" . 'HTTP_X_FORWARDED_FOR: ' . $bpsPro_http_x_forwarded_for . "\r\n" . 'HTTP_X_CLUSTER_CLIENT_IP: ' . $bpsPro_http_x_cluster_client_ip."\r\n" . 'REQUEST_METHOD: '.$_SERVER['REQUEST_METHOD']."\r\n" . 'HTTP_REFERER: '.$bpsPro_http_referer."\r\n" . 'REQUEST_URI: '.$_SERVER['REQUEST_URI']."\r\n" . 'QUERY_STRING: '.$query_string."\r\n" . 'HTTP_USER_AGENT: '.$_SERVER['HTTP_USER_AGENT']."\r\n";
86
-
87
- if ( is_writable( $bpsProLog ) ) {
88
-
89
- if ( !$handle = fopen( $bpsProLog, 'a' ) ) {
90
- exit;
91
- }
92
 
93
- if ( fwrite( $handle, $log_contents) === FALSE ) {
94
- exit;
95
- }
96
-
97
- fclose($handle);
98
- }
 
 
 
 
 
 
99
  }
100
 
101
  if ( $_SERVER['REQUEST_METHOD'] != 'POST' ) {
102
 
103
- $log_contents = "\r\n" . '[400 GET Bad Request: ' . $timestamp . ']' . "\r\n" . 'BPS: ' . $bps_version . "\r\n" . 'WP: ' . $wp_version . "\r\n" . 'Event Code: ' . $event . "\r\n" . 'Solution: ' . $solution . "\r\n" . 'REMOTE_ADDR: '.$bpsPro_remote_addr . "\r\n" . 'Host Name: ' . $hostname . "\r\n" . 'SERVER_PROTOCOL: ' . $_SERVER['SERVER_PROTOCOL'] . "\r\n" . 'HTTP_CLIENT_IP: ' . $bpsPro_http_client_ip . "\r\n" . 'HTTP_FORWARDED: ' . $bpsPro_http_forwarded . "\r\n" . 'HTTP_X_FORWARDED_FOR: ' . $bpsPro_http_x_forwarded_for . "\r\n" . 'HTTP_X_CLUSTER_CLIENT_IP: ' . $bpsPro_http_x_cluster_client_ip."\r\n" . 'REQUEST_METHOD: '.$_SERVER['REQUEST_METHOD']."\r\n" . 'HTTP_REFERER: '.$bpsPro_http_referer."\r\n" . 'REQUEST_URI: '.$_SERVER['REQUEST_URI']."\r\n" . 'QUERY_STRING: '.$query_string."\r\n" . 'HTTP_USER_AGENT: '.$_SERVER['HTTP_USER_AGENT']."\r\n";
104
 
105
- if ( is_writable( $bpsProLog ) ) {
106
-
107
- if ( !$handle = fopen( $bpsProLog, 'a' ) ) {
108
- exit;
109
- }
110
-
111
- if ( fwrite( $handle, $log_contents) === FALSE ) {
112
- exit;
113
- }
114
-
115
- fclose($handle);
116
- }
117
  }
118
  ?>
119
  </body>
19
  <head>
20
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
21
  <title>400 Bad Request</title>
22
+
23
  <style type="text/css">
24
  <!--
25
  body {
26
+ background-color:#fff;
27
+ line-height:normal;
28
  /* If you want to add a background image uncomment the CSS properties below */
29
+ /* background-image:url(http://www.example.com/path-to-some-image-file/example-image-file.jpg); /*
30
  /* background-repeat:repeat; */
 
 
31
  }
32
 
33
  #bpsMessage {
34
  text-align:center;
35
+ background-color:#fff;
36
+ padding:0px;
 
37
  }
38
 
39
  p {
40
+ font-family:Verdana, Arial, Helvetica, Tahoma, sans-serif;
41
+ line-height:21px;
42
+ font-size:14px;
43
+ font-weight:normal;
44
  }
45
  -->
46
  </style>
47
+
48
  </head>
49
 
50
  <body>
51
+
52
  <div id="bpsMessage">
53
+ <!-- This code needs to be standard php code (not WP code) in case wp-load.php is not loaded -->
54
+ <?php
55
+ $http_status_code = '<p style="font-size:21px;font-weight:600">400 Bad Request Error</p>';
56
+ $message = '<p>If you arrived here due to a search or clicking on a link click your <br>Browser\'s back button to return to the previous page. Thank you.</p>';
57
+ $bps_hostname = '<p>Website: ' . htmlspecialchars( $_SERVER['SERVER_NAME'], ENT_QUOTES ) . '</p>';
58
+ $ip_address = '<p>Your IP Address: ' . htmlspecialchars( $_SERVER['REMOTE_ADDR'], ENT_QUOTES ) . '</p>';
59
+ $bps_plugin_footer = '<p>BPS Plugin 400 Error Page</p>';
60
+
61
+ echo $http_status_code . $message . $bps_hostname . $ip_address . $bps_plugin_footer;
62
+ ?>
63
+
64
  </div>
65
 
66
  <?php
67
+
68
  if ( file_exists( dirname(dirname(dirname(dirname(__FILE__)))) . '/wp-load.php' ) ) {
69
  require_once '../../../wp-load.php';
70
+ } else {
71
+ ob_end_flush();
72
+ return;
73
+ }
74
+
75
+ $bpsPro_http_referer = false;
76
+
77
+ if ( array_key_exists('HTTP_REFERER', $_SERVER) ) {
78
+ $bpsPro_http_referer = $_SERVER['HTTP_REFERER'];
79
  }
80
 
81
+ $bpsPro_http_user_agent = false;
82
+
83
+ if ( array_key_exists('HTTP_USER_AGENT', $_SERVER) ) {
84
+ $bpsPro_http_user_agent = $_SERVER['HTTP_USER_AGENT'];
85
+ }
86
+
87
+ $bpsProLog = WP_CONTENT_DIR . '/bps-backup/logs/http_error_log.txt';
88
+ $hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']);
89
+ $timeNow = time();
90
+ $gmt_offset = get_option( 'gmt_offset' ) * 3600;
91
 
92
  $query_string = parse_url($_SERVER['REQUEST_URI'], PHP_URL_QUERY);
93
 
100
  $event = 'The request could not be understood by the server due to malformed syntax.';
101
  $solution = 'N/A - Malformed Request - Not an Attack';
102
 
 
 
 
 
 
103
  if ( $_SERVER['REQUEST_METHOD'] == 'POST' ) {
104
 
105
+ $log_contents = "\r\n" . '[400 POST Bad Request: ' . $timestamp . ']' . "\r\n" . 'BPS: ' . $bps_version . "\r\n" . 'WP: ' . $wp_version . "\r\n" . 'Event Code: ' . $event . "\r\n" . 'Solution: ' . $solution . "\r\n" . 'REMOTE_ADDR: '.$bpsPro_remote_addr . "\r\n" . 'Host Name: ' . $hostname . "\r\n" . 'SERVER_PROTOCOL: ' . $_SERVER['SERVER_PROTOCOL'] . "\r\n" . 'HTTP_CLIENT_IP: ' . $bpsPro_http_client_ip . "\r\n" . 'HTTP_FORWARDED: ' . $bpsPro_http_forwarded . "\r\n" . 'HTTP_X_FORWARDED_FOR: ' . $bpsPro_http_x_forwarded_for . "\r\n" . 'HTTP_X_CLUSTER_CLIENT_IP: ' . $bpsPro_http_x_cluster_client_ip."\r\n" . 'REQUEST_METHOD: '.$_SERVER['REQUEST_METHOD']."\r\n" . 'HTTP_REFERER: '.$bpsPro_http_referer."\r\n" . 'REQUEST_URI: '.$_SERVER['REQUEST_URI']."\r\n" . 'QUERY_STRING: '.$query_string."\r\n" . 'HTTP_USER_AGENT: '.$bpsPro_http_user_agent."\r\n";
 
 
 
 
 
 
106
 
107
+ if ( is_writable( $bpsProLog ) ) {
108
+
109
+ if ( !$handle = fopen( $bpsProLog, 'a' ) ) {
110
+ exit;
111
+ }
112
+
113
+ if ( fwrite( $handle, $log_contents) === false ) {
114
+ exit;
115
+ }
116
+
117
+ fclose($handle);
118
+ }
119
  }
120
 
121
  if ( $_SERVER['REQUEST_METHOD'] != 'POST' ) {
122
 
123
+ $log_contents = "\r\n" . '[400 GET Bad Request: ' . $timestamp . ']' . "\r\n" . 'BPS: ' . $bps_version . "\r\n" . 'WP: ' . $wp_version . "\r\n" . 'Event Code: ' . $event . "\r\n" . 'Solution: ' . $solution . "\r\n" . 'REMOTE_ADDR: '.$bpsPro_remote_addr . "\r\n" . 'Host Name: ' . $hostname . "\r\n" . 'SERVER_PROTOCOL: ' . $_SERVER['SERVER_PROTOCOL'] . "\r\n" . 'HTTP_CLIENT_IP: ' . $bpsPro_http_client_ip . "\r\n" . 'HTTP_FORWARDED: ' . $bpsPro_http_forwarded . "\r\n" . 'HTTP_X_FORWARDED_FOR: ' . $bpsPro_http_x_forwarded_for . "\r\n" . 'HTTP_X_CLUSTER_CLIENT_IP: ' . $bpsPro_http_x_cluster_client_ip."\r\n" . 'REQUEST_METHOD: '.$_SERVER['REQUEST_METHOD']."\r\n" . 'HTTP_REFERER: '.$bpsPro_http_referer."\r\n" . 'REQUEST_URI: '.$_SERVER['REQUEST_URI']."\r\n" . 'QUERY_STRING: '.$query_string."\r\n" . 'HTTP_USER_AGENT: '.$bpsPro_http_user_agent."\r\n";
124
 
125
+ if ( is_writable( $bpsProLog ) ) {
126
+
127
+ if ( !$handle = fopen( $bpsProLog, 'a' ) ) {
128
+ exit;
129
+ }
130
+
131
+ if ( fwrite( $handle, $log_contents) === false ) {
132
+ exit;
133
+ }
134
+
135
+ fclose($handle);
136
+ }
137
  }
138
  ?>
139
  </body>
403.php CHANGED
@@ -19,51 +19,78 @@ header('Pragma: no-cache' );
19
  <head>
20
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
21
  <title>403 Forbidden</title>
 
22
  <style type="text/css">
23
  <!--
24
  body {
 
 
25
  /* If you want to add a background image uncomment the CSS properties below */
26
  /* background-image:url(http://www.example.com/path-to-some-image-file/example-image-file.jpg); /*
27
  /* background-repeat:repeat; */
28
- background-color:#CCCCCC;
29
- line-height: normal;
30
  }
31
 
32
  #bpsMessage {
33
  text-align:center;
34
- background-color: #F7F8F9;
35
- border:5px solid #000000;
36
- padding:10px;
37
  }
38
 
39
  p {
40
- font-family: Verdana, Arial, Helvetica, sans-serif;
41
- font-size:18px;
42
- font-weight:bold;
 
43
  }
44
  -->
45
  </style>
 
46
  </head>
47
 
48
  <body>
 
49
  <div id="bpsMessage">
50
- <p><?php $bps_hostname = str_replace( 'www.', '', htmlspecialchars( $_SERVER['SERVER_NAME'], ENT_QUOTES ) );
51
- echo $bps_hostname; ?> 403 Forbidden Error</p>
52
- <p>If you arrived here due to a search or clicking on a link click your Browser's back button to return to the previous page. Thank you.</p>
53
- <p>IP Address: <?php echo htmlspecialchars( $_SERVER['REMOTE_ADDR'], ENT_QUOTES ); ?></p>
54
- <p style="font-size:12px">BPS Plugin 403 Error Page</p>
 
 
 
 
 
55
  </div>
56
 
57
  <?php
 
58
  if ( file_exists( dirname(dirname(dirname(dirname(__FILE__)))) . '/wp-load.php' ) ) {
59
  require_once '../../../wp-load.php';
 
 
 
 
 
 
 
 
 
60
  }
61
 
62
- // NOTE: fwrite is faster in benchmark tests than file_put_contents for successive writes
63
- $bpsProLog = WP_CONTENT_DIR . '/bps-backup/logs/http_error_log.txt';
64
- $hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']);
65
- $timeNow = time();
66
- $gmt_offset = get_option( 'gmt_offset' ) * 3600;
 
 
 
 
 
 
 
 
 
67
 
68
  $post_limit = get_option('bulletproof_security_options_sec_log_post_limit');
69
  $query_string = parse_url($_SERVER['REQUEST_URI'], PHP_URL_QUERY);
@@ -86,90 +113,75 @@ $gmt_offset = get_option( 'gmt_offset' ) * 3600;
86
  $timestamp = date_i18n(get_option('date_format'), strtotime("11/15-1976")) . ' - ' . date_i18n(get_option('time_format'), $timeNow + $gmt_offset);
87
  }
88
 
89
- $bpsPro_http_referer = false;
90
- if ( array_key_exists('HTTP_REFERER', $_SERVER) ) {
91
- $bpsPro_http_referer = $_SERVER['HTTP_REFERER'];
92
- }
93
-
94
- $bpsPro_http_user_agent = false;
95
- if ( array_key_exists('HTTP_USER_AGENT', $_SERVER) ) {
96
- $bpsPro_http_user_agent = $_SERVER['HTTP_USER_AGENT'];
97
- }
98
-
99
- // BPS .52.5: Do not log test 403 errors for /mod-test/ Apache Module testing
100
  if ( ! preg_match('/wp-content\/plugins\/bulletproof-security\/admin\/mod-test/', $_SERVER['REQUEST_URI'] ) ) {
101
 
102
- // .52.7: Request Body condition added
103
- if ( ! empty($request_body) ) {
104
-
105
- if ( $post_limit['bps_security_log_post_none'] == '1' ) {
106
- $request_body = 'BPS Security Log option set to: Do Not Log POST Request Body Data';
107
- }
108
-
109
- if ( preg_match_all('/(.*)\/plugins\/(.*)\.[a-zA-Z0-9]/', $_SERVER['REQUEST_URI'], $matches ) ) {
110
- $event = 'PSBR-HPRA';
111
- $solution = 'https://forum.ait-pro.com/forums/topic/security-log-event-codes/';
112
- }
113
- elseif ( preg_match('/(.*)\/wp-admin\/(.*)\.[a-zA-Z0-9]/', $_SERVER['REQUEST_URI'], $matches ) || preg_match('/(.*)\/wp-admin\/(.*)\.[a-zA-Z0-9]/', $bpsPro_http_referer, $matches ) ) {
114
- $event = 'WPADMIN-SBR';
115
- $solution = 'https://forum.ait-pro.com/forums/topic/security-log-event-codes/';
116
 
117
- } else {
118
- $event = 'BFHS - Blocked/Forbidden Hacker or Spammer';
119
- $solution = 'N/A - Hacker/Spammer Blocked/Forbidden';
120
- }
121
-
122
- $log_contents = "\r\n" . '[403 POST Request: ' . $timestamp . ']' . "\r\n" . 'BPS: ' . $bps_version . "\r\n" . 'WP: ' . $wp_version . "\r\n" . 'Event Code: ' . $event . "\r\n" . 'Solution: ' . $solution . "\r\n" . 'REMOTE_ADDR: '.$bpsPro_remote_addr . "\r\n" . 'Host Name: ' . $hostname . "\r\n" . 'SERVER_PROTOCOL: ' . $_SERVER['SERVER_PROTOCOL'] . "\r\n" . 'HTTP_CLIENT_IP: ' . $bpsPro_http_client_ip . "\r\n" . 'HTTP_FORWARDED: ' . $bpsPro_http_forwarded . "\r\n" . 'HTTP_X_FORWARDED_FOR: ' . $bpsPro_http_x_forwarded_for . "\r\n" . 'HTTP_X_CLUSTER_CLIENT_IP: ' . $bpsPro_http_x_cluster_client_ip."\r\n" . 'REQUEST_METHOD: '.$_SERVER['REQUEST_METHOD']."\r\n" . 'HTTP_REFERER: '.$bpsPro_http_referer."\r\n" . 'REQUEST_URI: '.$_SERVER['REQUEST_URI']."\r\n" . 'QUERY_STRING: '.$query_string."\r\n" . 'HTTP_USER_AGENT: '.$bpsPro_http_user_agent . "\r\n" . 'REQUEST BODY: ' . $request_body . "\r\n";
123
-
124
- if ( is_writable( $bpsProLog ) ) {
125
-
126
- if ( ! $handle = fopen( $bpsProLog, 'a' ) ) {
127
- exit;
128
- }
129
-
130
- if ( fwrite( $handle, $log_contents) === FALSE ) {
131
- exit;
132
- }
133
-
134
- fclose($handle);
135
- }
136
- }
137
-
138
- if ( empty($request_body) ) {
139
- # BEGIN USERAGENT FILTER
140
- if ( !preg_match('/BPSUserAgentPlaceHolder/', $bpsPro_http_user_agent) ) {
141
- # END USERAGENT FILTER
142
-
143
- if ( preg_match_all('/(.*)\/plugins\/(.*)\.[a-zA-Z0-9]/', $_SERVER['REQUEST_URI'], $matches ) ) {
144
- $event = 'PSBR-HPRA';
145
- $solution = 'https://forum.ait-pro.com/forums/topic/security-log-event-codes/';
146
- }
147
- elseif ( preg_match('/(.*)\/wp-admin\/(.*)\.[a-zA-Z0-9]/', $_SERVER['REQUEST_URI'], $matches ) || preg_match('/(.*)\/wp-admin\/(.*)\.[a-zA-Z0-9]/', $bpsPro_http_referer, $matches ) ) {
148
- $event = 'WPADMIN-SBR';
149
- $solution = 'https://forum.ait-pro.com/forums/topic/security-log-event-codes/';
150
 
151
- } else {
152
- $event = 'BFHS - Blocked/Forbidden Hacker or Spammer';
153
- $solution = 'N/A - Hacker/Spammer Blocked/Forbidden';
154
- }
155
-
156
- $log_contents = "\r\n" . '[403 GET Request: ' . $timestamp . ']' . "\r\n" . 'BPS: ' . $bps_version . "\r\n" . 'WP: ' . $wp_version . "\r\n" . 'Event Code: ' . $event . "\r\n" . 'Solution: ' . $solution . "\r\n" . 'REMOTE_ADDR: '.$bpsPro_remote_addr . "\r\n" . 'Host Name: ' . $hostname . "\r\n" . 'SERVER_PROTOCOL: ' . $_SERVER['SERVER_PROTOCOL'] . "\r\n" . 'HTTP_CLIENT_IP: ' . $bpsPro_http_client_ip . "\r\n" . 'HTTP_FORWARDED: ' . $bpsPro_http_forwarded . "\r\n" . 'HTTP_X_FORWARDED_FOR: ' . $bpsPro_http_x_forwarded_for . "\r\n" . 'HTTP_X_CLUSTER_CLIENT_IP: ' . $bpsPro_http_x_cluster_client_ip."\r\n" . 'REQUEST_METHOD: '.$_SERVER['REQUEST_METHOD']."\r\n" . 'HTTP_REFERER: '.$bpsPro_http_referer."\r\n" . 'REQUEST_URI: '.$_SERVER['REQUEST_URI']."\r\n" . 'QUERY_STRING: '.$query_string."\r\n" . 'HTTP_USER_AGENT: '.$bpsPro_http_user_agent."\r\n";
157
-
158
- if ( is_writable( $bpsProLog ) ) {
159
-
160
- if ( ! $handle = fopen( $bpsProLog, 'a' ) ) {
161
- exit;
162
- }
163
-
164
- if ( fwrite( $handle, $log_contents) === FALSE ) {
165
- exit;
166
- }
 
 
 
 
 
 
 
 
 
 
 
 
167
 
168
- fclose($handle);
169
- }
170
- }
171
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
172
  }
 
173
  ?>
174
  </body>
175
  </html>
19
  <head>
20
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
21
  <title>403 Forbidden</title>
22
+
23
  <style type="text/css">
24
  <!--
25
  body {
26
+ background-color:#fff;
27
+ line-height:normal;
28
  /* If you want to add a background image uncomment the CSS properties below */
29
  /* background-image:url(http://www.example.com/path-to-some-image-file/example-image-file.jpg); /*
30
  /* background-repeat:repeat; */
 
 
31
  }
32
 
33
  #bpsMessage {
34
  text-align:center;
35
+ background-color:#fff;
36
+ padding:0px;
 
37
  }
38
 
39
  p {
40
+ font-family:Verdana, Arial, Helvetica, Tahoma, sans-serif;
41
+ line-height:21px;
42
+ font-size:14px;
43
+ font-weight:normal;
44
  }
45
  -->
46
  </style>
47
+
48
  </head>
49
 
50
  <body>
51
+
52
  <div id="bpsMessage">
53
+ <!-- This code needs to be standard php code (not WP code) in case wp-load.php is not loaded -->
54
+ <?php
55
+ $http_status_code = '<p style="font-size:21px;font-weight:600">403 Forbidden Error</p>';
56
+ $message = '<p>If you arrived here due to a search or clicking on a link click your <br>Browser\'s back button to return to the previous page. Thank you.</p>';
57
+ $bps_hostname = '<p>Website: ' . htmlspecialchars( $_SERVER['SERVER_NAME'], ENT_QUOTES ) . '</p>';
58
+ $ip_address = '<p>Your IP Address: ' . htmlspecialchars( $_SERVER['REMOTE_ADDR'], ENT_QUOTES ) . '</p>';
59
+ $bps_plugin_footer = '<p>BPS Plugin 403 Error Page</p>';
60
+
61
+ echo $http_status_code . $message . $bps_hostname . $ip_address . $bps_plugin_footer;
62
+ ?>
63
  </div>
64
 
65
  <?php
66
+
67
  if ( file_exists( dirname(dirname(dirname(dirname(__FILE__)))) . '/wp-load.php' ) ) {
68
  require_once '../../../wp-load.php';
69
+ } else {
70
+ ob_end_flush();
71
+ return;
72
+ }
73
+
74
+ $bpsPro_http_referer = false;
75
+
76
+ if ( array_key_exists('HTTP_REFERER', $_SERVER) ) {
77
+ $bpsPro_http_referer = $_SERVER['HTTP_REFERER'];
78
  }
79
 
80
+ $bpsPro_http_user_agent = false;
81
+
82
+ if ( array_key_exists('HTTP_USER_AGENT', $_SERVER) ) {
83
+ $bpsPro_http_user_agent = $_SERVER['HTTP_USER_AGENT'];
84
+ }
85
+
86
+ # BEGIN USERAGENT FILTER
87
+ if ( !preg_match('/BPSUserAgentPlaceHolder/', $bpsPro_http_user_agent) ) {
88
+ # END USERAGENT FILTER
89
+
90
+ $bpsProLog = WP_CONTENT_DIR . '/bps-backup/logs/http_error_log.txt';
91
+ $hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']);
92
+ $timeNow = time();
93
+ $gmt_offset = get_option( 'gmt_offset' ) * 3600;
94
 
95
  $post_limit = get_option('bulletproof_security_options_sec_log_post_limit');
96
  $query_string = parse_url($_SERVER['REQUEST_URI'], PHP_URL_QUERY);
113
  $timestamp = date_i18n(get_option('date_format'), strtotime("11/15-1976")) . ' - ' . date_i18n(get_option('time_format'), $timeNow + $gmt_offset);
114
  }
115
 
 
 
 
 
 
 
 
 
 
 
 
116
  if ( ! preg_match('/wp-content\/plugins\/bulletproof-security\/admin\/mod-test/', $_SERVER['REQUEST_URI'] ) ) {
117
 
118
+ if ( ! empty($request_body) ) {
 
 
 
 
 
 
 
 
 
 
 
 
 
119
 
120
+ if ( $post_limit['bps_security_log_post_none'] == '1' ) {
121
+ $request_body = 'BPS Security Log option set to: Do Not Log POST Request Body Data';
122
+ }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
123
 
124
+ if ( preg_match_all('/(.*)\/plugins\/(.*)\.[a-zA-Z0-9]/', $_SERVER['REQUEST_URI'], $matches ) ) {
125
+ $event = 'PSBR-HPRA';
126
+ $solution = 'https://forum.ait-pro.com/forums/topic/security-log-event-codes/';
127
+
128
+ } elseif ( preg_match('/(.*)\/wp-admin\/(.*)\.[a-zA-Z0-9]/', $_SERVER['REQUEST_URI'], $matches ) || preg_match('/(.*)\/wp-admin\/(.*)\.[a-zA-Z0-9]/', $bpsPro_http_referer, $matches ) ) {
129
+ $event = 'WPADMIN-SBR';
130
+ $solution = 'https://forum.ait-pro.com/forums/topic/security-log-event-codes/';
131
+
132
+ } else {
133
+ $event = 'BFHS - Blocked/Forbidden Hacker or Spammer';
134
+ $solution = 'N/A - Hacker/Spammer Blocked/Forbidden';
135
+ }
136
+
137
+ $log_contents = "\r\n" . '[403 POST Request: ' . $timestamp . ']' . "\r\n" . 'BPS: ' . $bps_version . "\r\n" . 'WP: ' . $wp_version . "\r\n" . 'Event Code: ' . $event . "\r\n" . 'Solution: ' . $solution . "\r\n" . 'REMOTE_ADDR: '.$bpsPro_remote_addr . "\r\n" . 'Host Name: ' . $hostname . "\r\n" . 'SERVER_PROTOCOL: ' . $_SERVER['SERVER_PROTOCOL'] . "\r\n" . 'HTTP_CLIENT_IP: ' . $bpsPro_http_client_ip . "\r\n" . 'HTTP_FORWARDED: ' . $bpsPro_http_forwarded . "\r\n" . 'HTTP_X_FORWARDED_FOR: ' . $bpsPro_http_x_forwarded_for . "\r\n" . 'HTTP_X_CLUSTER_CLIENT_IP: ' . $bpsPro_http_x_cluster_client_ip."\r\n" . 'REQUEST_METHOD: '.$_SERVER['REQUEST_METHOD']."\r\n" . 'HTTP_REFERER: '.$bpsPro_http_referer."\r\n" . 'REQUEST_URI: '.$_SERVER['REQUEST_URI']."\r\n" . 'QUERY_STRING: '.$query_string."\r\n" . 'HTTP_USER_AGENT: '.$bpsPro_http_user_agent . "\r\n" . 'REQUEST BODY: ' . $request_body . "\r\n";
138
+
139
+ if ( is_writable( $bpsProLog ) ) {
140
+
141
+ if ( ! $handle = fopen( $bpsProLog, 'a' ) ) {
142
+ exit;
143
+ }
144
+
145
+ if ( fwrite( $handle, $log_contents) === false ) {
146
+ exit;
147
+ }
148
+
149
+ fclose($handle);
150
+ }
151
+ }
152
 
153
+ if ( empty($request_body) ) {
154
+
155
+ if ( preg_match_all('/(.*)\/plugins\/(.*)\.[a-zA-Z0-9]/', $_SERVER['REQUEST_URI'], $matches ) ) {
156
+ $event = 'PSBR-HPRA';
157
+ $solution = 'https://forum.ait-pro.com/forums/topic/security-log-event-codes/';
158
+
159
+ } elseif ( preg_match('/(.*)\/wp-admin\/(.*)\.[a-zA-Z0-9]/', $_SERVER['REQUEST_URI'], $matches ) || preg_match('/(.*)\/wp-admin\/(.*)\.[a-zA-Z0-9]/', $bpsPro_http_referer, $matches ) ) {
160
+ $event = 'WPADMIN-SBR';
161
+ $solution = 'https://forum.ait-pro.com/forums/topic/security-log-event-codes/';
162
+
163
+ } else {
164
+ $event = 'BFHS - Blocked/Forbidden Hacker or Spammer';
165
+ $solution = 'N/A - Hacker/Spammer Blocked/Forbidden';
166
+ }
167
+
168
+ $log_contents = "\r\n" . '[403 GET Request: ' . $timestamp . ']' . "\r\n" . 'BPS: ' . $bps_version . "\r\n" . 'WP: ' . $wp_version . "\r\n" . 'Event Code: ' . $event . "\r\n" . 'Solution: ' . $solution . "\r\n" . 'REMOTE_ADDR: '.$bpsPro_remote_addr . "\r\n" . 'Host Name: ' . $hostname . "\r\n" . 'SERVER_PROTOCOL: ' . $_SERVER['SERVER_PROTOCOL'] . "\r\n" . 'HTTP_CLIENT_IP: ' . $bpsPro_http_client_ip . "\r\n" . 'HTTP_FORWARDED: ' . $bpsPro_http_forwarded . "\r\n" . 'HTTP_X_FORWARDED_FOR: ' . $bpsPro_http_x_forwarded_for . "\r\n" . 'HTTP_X_CLUSTER_CLIENT_IP: ' . $bpsPro_http_x_cluster_client_ip."\r\n" . 'REQUEST_METHOD: '.$_SERVER['REQUEST_METHOD']."\r\n" . 'HTTP_REFERER: '.$bpsPro_http_referer."\r\n" . 'REQUEST_URI: '.$_SERVER['REQUEST_URI']."\r\n" . 'QUERY_STRING: '.$query_string."\r\n" . 'HTTP_USER_AGENT: '.$bpsPro_http_user_agent."\r\n";
169
+
170
+ if ( is_writable( $bpsProLog ) ) {
171
+
172
+ if ( ! $handle = fopen( $bpsProLog, 'a' ) ) {
173
+ exit;
174
+ }
175
+
176
+ if ( fwrite( $handle, $log_contents) === false ) {
177
+ exit;
178
+ }
179
+
180
+ fclose($handle);
181
+ }
182
+ }
183
  }
184
+ }
185
  ?>
186
  </body>
187
  </html>
404.php CHANGED
@@ -3,7 +3,6 @@
3
  <?php
4
  // Copy this Security Log logging code from BEGIN COPY CODE above to END COPY CODE below and paste it right after <?php get_header(); > in
5
  // your Theme's 404.php template file located in your themes folder /wp-content/themes/your-theme-folder-name/404.php.
6
- // NOTE: fwrite is faster in benchmark tests than file_put_contents for successive writes
7
  $bpsProLog = WP_CONTENT_DIR . '/bps-backup/logs/http_error_log.txt';
8
  $hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']);
9
  $timeNow = time();
@@ -14,32 +13,45 @@ $gmt_offset = get_option( 'gmt_offset' ) * 3600;
14
  if ( isset($GDPR_Options['bps_gdpr_on_off']) && $GDPR_Options['bps_gdpr_on_off'] != 'On' ) {
15
 
16
  $bpsPro_remote_addr = false;
 
17
  if ( array_key_exists('REMOTE_ADDR', $_SERVER) ) {
18
- $bpsPro_remote_addr = $_SERVER['REMOTE_ADDR'];
19
  }
 
20
  $bpsPro_http_client_ip = false;
 
21
  if ( array_key_exists('HTTP_CLIENT_IP', $_SERVER) ) {
22
- $bpsPro_http_client_ip = $_SERVER['HTTP_CLIENT_IP'];
23
  }
 
24
  $bpsPro_http_forwarded = false;
 
25
  if ( array_key_exists('HTTP_FORWARDED', $_SERVER) ) {
26
- $bpsPro_http_forwarded = $_SERVER['HTTP_FORWARDED'];
27
  }
 
28
  $bpsPro_http_x_forwarded_for = false;
 
29
  if ( array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER) ) {
30
- $bpsPro_http_x_forwarded_for = $_SERVER['HTTP_X_FORWARDED_FOR'];
31
  }
 
32
  $bpsPro_http_x_cluster_client_ip = false;
 
33
  if ( array_key_exists('HTTP_X_CLUSTER_CLIENT_IP', $_SERVER) ) {
34
- $bpsPro_http_x_cluster_client_ip = $_SERVER['HTTP_X_CLUSTER_CLIENT_IP'];
35
  }
 
36
  $bpsPro_http_referrer = false;
 
37
  if ( array_key_exists('HTTP_REFERER', $_SERVER) ) {
38
- $bpsPro_http_referrer = $_SERVER['HTTP_REFERER'];
39
  }
 
40
  $bpsPro_http_user_agent = false;
 
41
  if ( array_key_exists('HTTP_USER_AGENT', $_SERVER) ) {
42
- $bpsPro_http_user_agent = $_SERVER['HTTP_USER_AGENT'];
43
  }
44
 
45
  } else {
@@ -49,13 +61,17 @@ $gmt_offset = get_option( 'gmt_offset' ) * 3600;
49
  $bpsPro_http_forwarded = 'GDPR Compliance On';
50
  $bpsPro_http_x_forwarded_for = 'GDPR Compliance On';
51
  $bpsPro_http_x_cluster_client_ip = 'GDPR Compliance On';
 
52
  $bpsPro_http_referrer = false;
 
53
  if ( array_key_exists('HTTP_REFERER', $_SERVER) ) {
54
- $bpsPro_http_referrer = $_SERVER['HTTP_REFERER'];
55
  }
 
56
  $bpsPro_http_user_agent = false;
 
57
  if ( array_key_exists('HTTP_USER_AGENT', $_SERVER) ) {
58
- $bpsPro_http_user_agent = $_SERVER['HTTP_USER_AGENT'];
59
  }
60
  }
61
 
@@ -80,48 +96,47 @@ $gmt_offset = get_option( 'gmt_offset' ) * 3600;
80
  $timestamp = date_i18n(get_option('date_format'), strtotime("11/15-1976")) . ' - ' . date_i18n(get_option('time_format'), $timeNow + $gmt_offset);
81
  }
82
 
83
- $event = 'The server has not found anything matching the Request-URI.';
84
- $solution = 'N/A - 404 Not Found';
85
 
86
- // 11.2: Request Body condition added
87
  if ( ! empty($request_body) ) {
88
 
89
  if ( $post_limit['bps_security_log_post_none'] == '1' ) {
90
  $request_body = 'BPS Security Log option set to: Do Not Log POST Request Body Data';
91
  }
92
 
93
- $log_contents = "\r\n" . '[404 POST Not Found Request: ' . $timestamp . ']' . "\r\n" . 'BPS: ' . $bps_version . "\r\n" . 'WP: ' . $wp_version . "\r\n" . 'Event Code: ' . $event . "\r\n" . 'Solution: ' . $solution . "\r\n" . 'REMOTE_ADDR: '.$bpsPro_remote_addr . "\r\n" . 'Host Name: ' . $hostname . "\r\n" . 'SERVER_PROTOCOL: ' . $_SERVER['SERVER_PROTOCOL'] . "\r\n" . 'HTTP_CLIENT_IP: ' . $bpsPro_http_client_ip . "\r\n" . 'HTTP_FORWARDED: ' . $bpsPro_http_forwarded . "\r\n" . 'HTTP_X_FORWARDED_FOR: ' . $bpsPro_http_x_forwarded_for . "\r\n" . 'HTTP_X_CLUSTER_CLIENT_IP: ' . $bpsPro_http_x_cluster_client_ip."\r\n" . 'REQUEST_METHOD: POST'."\r\n" . 'HTTP_REFERER: '.$bpsPro_http_referrer."\r\n" . 'REQUEST_URI: '.$_SERVER['REQUEST_URI']."\r\n" . 'QUERY_STRING: '.$query_string. "\r\n" . 'HTTP_USER_AGENT: '.$bpsPro_http_user_agent . "\r\n" . 'REQUEST BODY: ' . $request_body . "\r\n";
94
 
95
- if ( is_writable( $bpsProLog ) ) {
96
-
97
- if ( ! $handle = fopen( $bpsProLog, 'a' ) ) {
98
- exit;
99
- }
100
-
101
- if ( fwrite( $handle, $log_contents) === FALSE ) {
102
- exit;
103
- }
104
-
105
- fclose($handle);
106
- }
107
  }
108
 
109
  if ( empty($request_body) ) {
110
 
111
- $log_contents = "\r\n" . '[404 GET Not Found Request: ' . $timestamp . ']' . "\r\n" . 'BPS: ' . $bps_version . "\r\n" . 'WP: ' . $wp_version . "\r\n" . 'Event Code: ' . $event . "\r\n" . 'Solution: ' . $solution . "\r\n" . 'REMOTE_ADDR: '.$bpsPro_remote_addr . "\r\n" . 'Host Name: ' . $hostname . "\r\n" . 'SERVER_PROTOCOL: ' . $_SERVER['SERVER_PROTOCOL'] . "\r\n" . 'HTTP_CLIENT_IP: ' . $bpsPro_http_client_ip . "\r\n" . 'HTTP_FORWARDED: ' . $bpsPro_http_forwarded . "\r\n" . 'HTTP_X_FORWARDED_FOR: ' . $bpsPro_http_x_forwarded_for . "\r\n" . 'HTTP_X_CLUSTER_CLIENT_IP: ' . $bpsPro_http_x_cluster_client_ip."\r\n" . 'REQUEST_METHOD: '.$_SERVER['REQUEST_METHOD']."\r\n" . 'HTTP_REFERER: '.$bpsPro_http_referrer."\r\n" . 'REQUEST_URI: '.$_SERVER['REQUEST_URI']."\r\n" . 'QUERY_STRING: '.$query_string."\r\n" . 'HTTP_USER_AGENT: '.$bpsPro_http_user_agent."\r\n";
112
 
113
- if ( is_writable( $bpsProLog ) ) {
114
-
115
- if ( ! $handle = fopen( $bpsProLog, 'a' ) ) {
116
- exit;
117
- }
118
-
119
- if ( fwrite( $handle, $log_contents) === FALSE ) {
120
- exit;
121
- }
122
-
123
- fclose($handle);
124
- }
125
  }
126
  ?>
127
  <!-- END COPY CODE - BPS Error logging code -->
3
  <?php
4
  // Copy this Security Log logging code from BEGIN COPY CODE above to END COPY CODE below and paste it right after <?php get_header(); > in
5
  // your Theme's 404.php template file located in your themes folder /wp-content/themes/your-theme-folder-name/404.php.
 
6
  $bpsProLog = WP_CONTENT_DIR . '/bps-backup/logs/http_error_log.txt';
7
  $hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']);
8
  $timeNow = time();
13
  if ( isset($GDPR_Options['bps_gdpr_on_off']) && $GDPR_Options['bps_gdpr_on_off'] != 'On' ) {
14
 
15
  $bpsPro_remote_addr = false;
16
+
17
  if ( array_key_exists('REMOTE_ADDR', $_SERVER) ) {
18
+ $bpsPro_remote_addr = $_SERVER['REMOTE_ADDR'];
19
  }
20
+
21
  $bpsPro_http_client_ip = false;
22
+
23
  if ( array_key_exists('HTTP_CLIENT_IP', $_SERVER) ) {
24
+ $bpsPro_http_client_ip = $_SERVER['HTTP_CLIENT_IP'];
25
  }
26
+
27
  $bpsPro_http_forwarded = false;
28
+
29
  if ( array_key_exists('HTTP_FORWARDED', $_SERVER) ) {
30
+ $bpsPro_http_forwarded = $_SERVER['HTTP_FORWARDED'];
31
  }
32
+
33
  $bpsPro_http_x_forwarded_for = false;
34
+
35
  if ( array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER) ) {
36
+ $bpsPro_http_x_forwarded_for = $_SERVER['HTTP_X_FORWARDED_FOR'];
37
  }
38
+
39
  $bpsPro_http_x_cluster_client_ip = false;
40
+
41
  if ( array_key_exists('HTTP_X_CLUSTER_CLIENT_IP', $_SERVER) ) {
42
+ $bpsPro_http_x_cluster_client_ip = $_SERVER['HTTP_X_CLUSTER_CLIENT_IP'];
43
  }
44
+
45
  $bpsPro_http_referrer = false;
46
+
47
  if ( array_key_exists('HTTP_REFERER', $_SERVER) ) {
48
+ $bpsPro_http_referrer = $_SERVER['HTTP_REFERER'];
49
  }
50
+
51
  $bpsPro_http_user_agent = false;
52
+
53
  if ( array_key_exists('HTTP_USER_AGENT', $_SERVER) ) {
54
+ $bpsPro_http_user_agent = $_SERVER['HTTP_USER_AGENT'];
55
  }
56
 
57
  } else {
61
  $bpsPro_http_forwarded = 'GDPR Compliance On';
62
  $bpsPro_http_x_forwarded_for = 'GDPR Compliance On';
63
  $bpsPro_http_x_cluster_client_ip = 'GDPR Compliance On';
64
+
65
  $bpsPro_http_referrer = false;
66
+
67
  if ( array_key_exists('HTTP_REFERER', $_SERVER) ) {
68
+ $bpsPro_http_referrer = $_SERVER['HTTP_REFERER'];
69
  }
70
+
71
  $bpsPro_http_user_agent = false;
72
+
73
  if ( array_key_exists('HTTP_USER_AGENT', $_SERVER) ) {
74
+ $bpsPro_http_user_agent = $_SERVER['HTTP_USER_AGENT'];
75
  }
76
  }
77
 
96
  $timestamp = date_i18n(get_option('date_format'), strtotime("11/15-1976")) . ' - ' . date_i18n(get_option('time_format'), $timeNow + $gmt_offset);
97
  }
98
 
99
+ $event = 'The server has not found anything matching the Request-URI.';
100
+ $solution = 'N/A - 404 Not Found';
101
 
 
102
  if ( ! empty($request_body) ) {
103
 
104
  if ( $post_limit['bps_security_log_post_none'] == '1' ) {
105
  $request_body = 'BPS Security Log option set to: Do Not Log POST Request Body Data';
106
  }
107
 
108
+ $log_contents = "\r\n" . '[404 POST Not Found Request: ' . $timestamp . ']' . "\r\n" . 'BPS: ' . $bps_version . "\r\n" . 'WP: ' . $wp_version . "\r\n" . 'Event Code: ' . $event . "\r\n" . 'Solution: ' . $solution . "\r\n" . 'REMOTE_ADDR: '.$bpsPro_remote_addr . "\r\n" . 'Host Name: ' . $hostname . "\r\n" . 'SERVER_PROTOCOL: ' . $_SERVER['SERVER_PROTOCOL'] . "\r\n" . 'HTTP_CLIENT_IP: ' . $bpsPro_http_client_ip . "\r\n" . 'HTTP_FORWARDED: ' . $bpsPro_http_forwarded . "\r\n" . 'HTTP_X_FORWARDED_FOR: ' . $bpsPro_http_x_forwarded_for . "\r\n" . 'HTTP_X_CLUSTER_CLIENT_IP: ' . $bpsPro_http_x_cluster_client_ip."\r\n" . 'REQUEST_METHOD: POST'."\r\n" . 'HTTP_REFERER: '.$bpsPro_http_referrer."\r\n" . 'REQUEST_URI: '.$_SERVER['REQUEST_URI']."\r\n" . 'QUERY_STRING: '.$query_string. "\r\n" . 'HTTP_USER_AGENT: '.$bpsPro_http_user_agent . "\r\n" . 'REQUEST BODY: ' . $request_body . "\r\n";
109
 
110
+ if ( is_writable( $bpsProLog ) ) {
111
+
112
+ if ( ! $handle = fopen( $bpsProLog, 'a' ) ) {
113
+ exit;
114
+ }
115
+
116
+ if ( fwrite( $handle, $log_contents) === false ) {
117
+ exit;
118
+ }
119
+
120
+ fclose($handle);
121
+ }
122
  }
123
 
124
  if ( empty($request_body) ) {
125
 
126
+ $log_contents = "\r\n" . '[404 GET Not Found Request: ' . $timestamp . ']' . "\r\n" . 'BPS: ' . $bps_version . "\r\n" . 'WP: ' . $wp_version . "\r\n" . 'Event Code: ' . $event . "\r\n" . 'Solution: ' . $solution . "\r\n" . 'REMOTE_ADDR: '.$bpsPro_remote_addr . "\r\n" . 'Host Name: ' . $hostname . "\r\n" . 'SERVER_PROTOCOL: ' . $_SERVER['SERVER_PROTOCOL'] . "\r\n" . 'HTTP_CLIENT_IP: ' . $bpsPro_http_client_ip . "\r\n" . 'HTTP_FORWARDED: ' . $bpsPro_http_forwarded . "\r\n" . 'HTTP_X_FORWARDED_FOR: ' . $bpsPro_http_x_forwarded_for . "\r\n" . 'HTTP_X_CLUSTER_CLIENT_IP: ' . $bpsPro_http_x_cluster_client_ip."\r\n" . 'REQUEST_METHOD: '.$_SERVER['REQUEST_METHOD']."\r\n" . 'HTTP_REFERER: '.$bpsPro_http_referrer."\r\n" . 'REQUEST_URI: '.$_SERVER['REQUEST_URI']."\r\n" . 'QUERY_STRING: '.$query_string."\r\n" . 'HTTP_USER_AGENT: '.$bpsPro_http_user_agent."\r\n";
127
 
128
+ if ( is_writable( $bpsProLog ) ) {
129
+
130
+ if ( ! $handle = fopen( $bpsProLog, 'a' ) ) {
131
+ exit;
132
+ }
133
+
134
+ if ( fwrite( $handle, $log_contents) === false ) {
135
+ exit;
136
+ }
137
+
138
+ fclose($handle);
139
+ }
140
  }
141
  ?>
142
  <!-- END COPY CODE - BPS Error logging code -->
405.php CHANGED
@@ -20,52 +20,74 @@ header('Pragma: no-cache');
20
  <head>
21
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
22
  <title>405 Method Not Allowed</title>
 
23
  <style type="text/css">
24
  <!--
25
  body {
 
 
26
  /* If you want to add a background image uncomment the CSS properties below */
27
- /* background-image:url(http://www.example.com/wp-content/plugins/bulletproof-security/abstract-blue-bg.jpg); /*
28
  /* background-repeat:repeat; */
29
- background-color:#CCCCCC;
30
- line-height: normal;
31
  }
32
 
33
  #bpsMessage {
34
  text-align:center;
35
- background-color: #F7F8F9;
36
- border:5px solid #000000;
37
- padding:10px;
38
  }
39
 
40
  p {
41
- font-family: Verdana, Arial, Helvetica, sans-serif;
42
- font-size:18px;
43
- font-weight:bold;
 
44
  }
45
  -->
46
  </style>
 
47
  </head>
48
 
49
  <body>
 
50
  <div id="bpsMessage">
51
- <p><?php $bps_hostname = str_replace( 'www.', '', htmlspecialchars( $_SERVER['SERVER_NAME'], ENT_QUOTES ) );
52
- echo $bps_hostname; ?> 405 Method Not Allowed Error</p>
53
- <p>If you arrived here due to a search or clicking on a link click your Browser's back button to return to the previous page. Thank you.</p>
54
- <p>IP Address: <?php echo htmlspecialchars( $_SERVER['REMOTE_ADDR'], ENT_QUOTES ); ?></p>
55
- <p style="font-size:12px">BPS Plugin 405 Error Page</p>
 
 
 
 
 
56
  </div>
57
 
58
  <?php
59
 
60
  if ( file_exists( dirname(dirname(dirname(dirname(__FILE__)))) . '/wp-load.php' ) ) {
61
  require_once '../../../wp-load.php';
 
 
 
62
  }
63
 
64
- // NOTE: fwrite is faster in benchmark tests than file_put_contents for successive writes
65
- $bpsProLog = WP_CONTENT_DIR . '/bps-backup/logs/http_error_log.txt';
66
- $hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']);
67
- $timeNow = time();
68
- $gmt_offset = get_option( 'gmt_offset' ) * 3600;
 
 
 
 
 
 
 
 
 
 
 
69
 
70
  $post_limit = get_option('bulletproof_security_options_sec_log_post_limit');
71
  $query_string = parse_url($_SERVER['REQUEST_URI'], PHP_URL_QUERY);
@@ -88,82 +110,70 @@ $gmt_offset = get_option( 'gmt_offset' ) * 3600;
88
  $timestamp = date_i18n(get_option('date_format'), strtotime("11/15-1976")) . ' - ' . date_i18n(get_option('time_format'), $timeNow + $gmt_offset);
89
  }
90
 
91
- $bpsPro_http_referer = false;
92
- if ( array_key_exists('HTTP_REFERER', $_SERVER) ) {
93
- $bpsPro_http_referer = $_SERVER['HTTP_REFERER'];
94
- }
95
-
96
- $bpsPro_http_user_agent = false;
97
- if ( array_key_exists('HTTP_USER_AGENT', $_SERVER) ) {
98
- $bpsPro_http_user_agent = $_SERVER['HTTP_USER_AGENT'];
99
- }
100
-
101
- // Note: A HEAD Request should not have a Body, but leaving this code here anyway.
102
  if ( ! empty($request_body) ) {
103
 
104
  if ( $post_limit['bps_security_log_post_none'] == '1' ) {
105
  $request_body = 'BPS Security Log option set to: Do Not Log POST Request Body Data';
106
  }
107
 
108
- if ( preg_match_all('/(.*)\/plugins\/(.*)\.[a-zA-Z0-9]/', $_SERVER['REQUEST_URI'], $matches ) ) {
109
- $event = 'PSBR-HPRA-HEAD';
110
- $solution = 'https://forum.ait-pro.com/forums/topic/security-log-event-codes/';
111
- }
112
- elseif ( preg_match('/(.*)\/wp-admin\/(.*)\.[a-zA-Z0-9]/', $_SERVER['REQUEST_URI'], $matches ) || preg_match('/(.*)\/wp-admin\/(.*)\.[a-zA-Z0-9]/', $bpsPro_http_referer, $matches ) ) {
113
- $event = 'WPADMIN-SBR-HEAD';
114
- $solution = 'https://forum.ait-pro.com/forums/topic/security-log-event-codes/';
115
-
116
- } else {
117
- $event = 'BFHS-HEAD - HEAD Request Blocked';
118
- $solution = 'https://forum.ait-pro.com/forums/topic/security-log-event-codes/';
119
- }
120
-
121
- $log_contents = "\r\n" . '[405 HEAD Request: ' . $timestamp . ']' . "\r\n" . 'BPS: ' . $bps_version . "\r\n" . 'WP: ' . $wp_version . "\r\n" . 'Event Code: ' . $event . "\r\n" . 'Solution: ' . $solution . "\r\n" . 'REMOTE_ADDR: ' . $bpsPro_remote_addr . "\r\n" . 'Host Name: ' . $hostname . "\r\n" . 'SERVER_PROTOCOL: ' . $_SERVER['SERVER_PROTOCOL'] . "\r\n" . 'HTTP_CLIENT_IP: ' . $bpsPro_http_client_ip . "\r\n" . 'HTTP_FORWARDED: ' . $bpsPro_http_forwarded . "\r\n" . 'HTTP_X_FORWARDED_FOR: ' . $bpsPro_http_x_forwarded_for . "\r\n" . 'HTTP_X_CLUSTER_CLIENT_IP: ' . $bpsPro_http_x_cluster_client_ip . "\r\n" . 'REQUEST_METHOD: HEAD' . "\r\n" . 'HTTP_REFERER: ' . $bpsPro_http_referer . "\r\n" . 'REQUEST_URI: ' . $_SERVER['REQUEST_URI'] . "\r\n" . 'QUERY_STRING: ' . $query_string . "\r\n" . 'HTTP_USER_AGENT: '. $bpsPro_http_user_agent . "\r\n" . 'REQUEST BODY: ' . $request_body . "\r\n";
122
-
123
- if ( is_writable( $bpsProLog ) ) {
124
-
125
- if ( ! $handle = fopen( $bpsProLog, 'a' ) ) {
126
- exit;
127
- }
128
 
129
- if ( fwrite( $handle, $log_contents) === FALSE ) {
130
- exit;
131
- }
132
 
133
- fclose($handle);
134
- }
 
 
 
 
 
 
 
 
 
 
135
  }
136
 
137
- // All legitmate HEAD Requests should not have a Body and should only be logged by this condition.
138
  if ( empty($request_body) ) {
139
 
140
- if ( preg_match_all('/(.*)\/plugins\/(.*)\.[a-zA-Z0-9]/', $_SERVER['REQUEST_URI'], $matches ) ) {
141
- $event = 'PSBR-HPRA-HEAD';
142
- $solution = 'https://forum.ait-pro.com/forums/topic/security-log-event-codes/';
143
- }
144
- elseif ( preg_match('/(.*)\/wp-admin\/(.*)\.[a-zA-Z0-9]/', $_SERVER['REQUEST_URI'], $matches ) || preg_match('/(.*)\/wp-admin\/(.*)\.[a-zA-Z0-9]/', $bpsPro_http_referer, $matches ) ) {
145
- $event = 'WPADMIN-SBR-HEAD';
146
- $solution = 'https://forum.ait-pro.com/forums/topic/security-log-event-codes/';
147
-
148
- } else {
149
- $event = 'BFHS-HEAD - HEAD Request Blocked';
150
- $solution = 'https://forum.ait-pro.com/forums/topic/security-log-event-codes/';
151
- }
152
-
153
- $log_contents = "\r\n" . '[405 HEAD Request: ' . $timestamp . ']' . "\r\n" . 'BPS: ' . $bps_version . "\r\n" . 'WP: ' . $wp_version . "\r\n" . 'Event Code: ' . $event . "\r\n" . 'Solution: ' . $solution . "\r\n" . 'REMOTE_ADDR: ' . $bpsPro_remote_addr . "\r\n" . 'Host Name: ' . $hostname . "\r\n" . 'SERVER_PROTOCOL: ' . $_SERVER['SERVER_PROTOCOL'] . "\r\n" . 'HTTP_CLIENT_IP: ' . $bpsPro_http_client_ip . "\r\n" . 'HTTP_FORWARDED: ' . $bpsPro_http_forwarded . "\r\n" . 'HTTP_X_FORWARDED_FOR: ' . $bpsPro_http_x_forwarded_for . "\r\n" . 'HTTP_X_CLUSTER_CLIENT_IP: ' . $bpsPro_http_x_cluster_client_ip . "\r\n" . 'REQUEST_METHOD: HEAD' . "\r\n" . 'HTTP_REFERER: ' . $bpsPro_http_referer . "\r\n" . 'REQUEST_URI: ' . $_SERVER['REQUEST_URI'] . "\r\n" . 'QUERY_STRING: ' . $query_string . "\r\n" . 'HTTP_USER_AGENT: ' . $bpsPro_http_user_agent . "\r\n";
154
-
155
- if ( is_writable( $bpsProLog ) ) {
156
-
157
- if ( ! $handle = fopen( $bpsProLog, 'a' ) ) {
158
- exit;
159
- }
160
 
161
- if ( fwrite( $handle, $log_contents) === FALSE ) {
162
- exit;
163
- }
164
 
165
- fclose($handle);
166
- }
 
 
 
 
 
 
 
 
 
 
167
  }
168
  ?>
169
  </body>
20
  <head>
21
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
22
  <title>405 Method Not Allowed</title>
23
+
24
  <style type="text/css">
25
  <!--
26
  body {
27
+ background-color:#fff;
28
+ line-height:normal;
29
  /* If you want to add a background image uncomment the CSS properties below */
30
+ /* background-image:url(http://www.example.com/path-to-some-image-file/example-image-file.jpg); /*
31
  /* background-repeat:repeat; */
 
 
32
  }
33
 
34
  #bpsMessage {
35
  text-align:center;
36
+ background-color:#fff;
37
+ padding:0px;
 
38
  }
39
 
40
  p {
41
+ font-family:Verdana, Arial, Helvetica, Tahoma, sans-serif;
42
+ line-height:21px;
43
+ font-size:14px;
44
+ font-weight:normal;
45
  }
46
  -->
47
  </style>
48
+
49
  </head>
50
 
51
  <body>
52
+
53
  <div id="bpsMessage">
54
+ <!-- This code needs to be standard php code (not WP code) in case wp-load.php is not loaded -->
55
+ <?php
56
+ $http_status_code = '<p style="font-size:21px;font-weight:600">405 Method Not Allowed Error</p>';
57
+ $message = '<p>If you arrived here due to a search or clicking on a link click your <br>Browser\'s back button to return to the previous page. Thank you.</p>';
58
+ $bps_hostname = '<p>Website: ' . htmlspecialchars( $_SERVER['SERVER_NAME'], ENT_QUOTES ) . '</p>';
59
+ $ip_address = '<p>Your IP Address: ' . htmlspecialchars( $_SERVER['REMOTE_ADDR'], ENT_QUOTES ) . '</p>';
60
+ $bps_plugin_footer = '<p>BPS Plugin 405 Error Page</p>';
61
+
62
+ echo $http_status_code . $message . $bps_hostname . $ip_address . $bps_plugin_footer;
63
+ ?>
64
  </div>
65
 
66
  <?php
67
 
68
  if ( file_exists( dirname(dirname(dirname(dirname(__FILE__)))) . '/wp-load.php' ) ) {
69
  require_once '../../../wp-load.php';
70
+ } else {
71
+ ob_end_flush();
72
+ return;
73
  }
74
 
75
+ $bpsPro_http_referer = false;
76
+
77
+ if ( array_key_exists('HTTP_REFERER', $_SERVER) ) {
78
+ $bpsPro_http_referer = $_SERVER['HTTP_REFERER'];
79
+ }
80
+
81
+ $bpsPro_http_user_agent = false;
82
+
83
+ if ( array_key_exists('HTTP_USER_AGENT', $_SERVER) ) {
84
+ $bpsPro_http_user_agent = $_SERVER['HTTP_USER_AGENT'];
85
+ }
86
+
87
+ $bpsProLog = WP_CONTENT_DIR . '/bps-backup/logs/http_error_log.txt';
88
+ $hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']);
89
+ $timeNow = time();
90
+ $gmt_offset = get_option( 'gmt_offset' ) * 3600;
91
 
92
  $post_limit = get_option('bulletproof_security_options_sec_log_post_limit');
93
  $query_string = parse_url($_SERVER['REQUEST_URI'], PHP_URL_QUERY);
110
  $timestamp = date_i18n(get_option('date_format'), strtotime("11/15-1976")) . ' - ' . date_i18n(get_option('time_format'), $timeNow + $gmt_offset);
111
  }
112
 
 
 
 
 
 
 
 
 
 
 
 
113
  if ( ! empty($request_body) ) {
114
 
115
  if ( $post_limit['bps_security_log_post_none'] == '1' ) {
116
  $request_body = 'BPS Security Log option set to: Do Not Log POST Request Body Data';
117
  }
118
 
119
+ if ( preg_match_all('/(.*)\/plugins\/(.*)\.[a-zA-Z0-9]/', $_SERVER['REQUEST_URI'], $matches ) ) {
120
+ $event = 'PSBR-HPRA-HEAD';
121
+ $solution = 'https://forum.ait-pro.com/forums/topic/security-log-event-codes/';
122
+ }
123
+ elseif ( preg_match('/(.*)\/wp-admin\/(.*)\.[a-zA-Z0-9]/', $_SERVER['REQUEST_URI'], $matches ) || preg_match('/(.*)\/wp-admin\/(.*)\.[a-zA-Z0-9]/', $bpsPro_http_referer, $matches ) ) {
124
+ $event = 'WPADMIN-SBR-HEAD';
125
+ $solution = 'https://forum.ait-pro.com/forums/topic/security-log-event-codes/';
126
+
127
+ } else {
128
+ $event = 'BFHS-HEAD - HEAD Request Blocked';
129
+ $solution = 'https://forum.ait-pro.com/forums/topic/security-log-event-codes/';
130
+ }
 
 
 
 
 
 
 
 
131
 
132
+ $log_contents = "\r\n" . '[405 HEAD Request: ' . $timestamp . ']' . "\r\n" . 'BPS: ' . $bps_version . "\r\n" . 'WP: ' . $wp_version . "\r\n" . 'Event Code: ' . $event . "\r\n" . 'Solution: ' . $solution . "\r\n" . 'REMOTE_ADDR: ' . $bpsPro_remote_addr . "\r\n" . 'Host Name: ' . $hostname . "\r\n" . 'SERVER_PROTOCOL: ' . $_SERVER['SERVER_PROTOCOL'] . "\r\n" . 'HTTP_CLIENT_IP: ' . $bpsPro_http_client_ip . "\r\n" . 'HTTP_FORWARDED: ' . $bpsPro_http_forwarded . "\r\n" . 'HTTP_X_FORWARDED_FOR: ' . $bpsPro_http_x_forwarded_for . "\r\n" . 'HTTP_X_CLUSTER_CLIENT_IP: ' . $bpsPro_http_x_cluster_client_ip . "\r\n" . 'REQUEST_METHOD: HEAD' . "\r\n" . 'HTTP_REFERER: ' . $bpsPro_http_referer . "\r\n" . 'REQUEST_URI: ' . $_SERVER['REQUEST_URI'] . "\r\n" . 'QUERY_STRING: ' . $query_string . "\r\n" . 'HTTP_USER_AGENT: '. $bpsPro_http_user_agent . "\r\n" . 'REQUEST BODY: ' . $request_body . "\r\n";
 
 
133
 
134
+ if ( is_writable( $bpsProLog ) ) {
135
+
136
+ if ( ! $handle = fopen( $bpsProLog, 'a' ) ) {
137
+ exit;
138
+ }
139
+
140
+ if ( fwrite( $handle, $log_contents) === false ) {
141
+ exit;
142
+ }
143
+
144
+ fclose($handle);
145
+ }
146
  }
147
 
 
148
  if ( empty($request_body) ) {
149
 
150
+ if ( preg_match_all('/(.*)\/plugins\/(.*)\.[a-zA-Z0-9]/', $_SERVER['REQUEST_URI'], $matches ) ) {
151
+ $event = 'PSBR-HPRA-HEAD';
152
+ $solution = 'https://forum.ait-pro.com/forums/topic/security-log-event-codes/';
153
+ }
154
+ elseif ( preg_match('/(.*)\/wp-admin\/(.*)\.[a-zA-Z0-9]/', $_SERVER['REQUEST_URI'], $matches ) || preg_match('/(.*)\/wp-admin\/(.*)\.[a-zA-Z0-9]/', $bpsPro_http_referer, $matches ) ) {
155
+ $event = 'WPADMIN-SBR-HEAD';
156
+ $solution = 'https://forum.ait-pro.com/forums/topic/security-log-event-codes/';
157
+
158
+ } else {
159
+ $event = 'BFHS-HEAD - HEAD Request Blocked';
160
+ $solution = 'https://forum.ait-pro.com/forums/topic/security-log-event-codes/';
161
+ }
 
 
 
 
 
 
 
 
162
 
163
+ $log_contents = "\r\n" . '[405 HEAD Request: ' . $timestamp . ']' . "\r\n" . 'BPS: ' . $bps_version . "\r\n" . 'WP: ' . $wp_version . "\r\n" . 'Event Code: ' . $event . "\r\n" . 'Solution: ' . $solution . "\r\n" . 'REMOTE_ADDR: ' . $bpsPro_remote_addr . "\r\n" . 'Host Name: ' . $hostname . "\r\n" . 'SERVER_PROTOCOL: ' . $_SERVER['SERVER_PROTOCOL'] . "\r\n" . 'HTTP_CLIENT_IP: ' . $bpsPro_http_client_ip . "\r\n" . 'HTTP_FORWARDED: ' . $bpsPro_http_forwarded . "\r\n" . 'HTTP_X_FORWARDED_FOR: ' . $bpsPro_http_x_forwarded_for . "\r\n" . 'HTTP_X_CLUSTER_CLIENT_IP: ' . $bpsPro_http_x_cluster_client_ip . "\r\n" . 'REQUEST_METHOD: HEAD' . "\r\n" . 'HTTP_REFERER: ' . $bpsPro_http_referer . "\r\n" . 'REQUEST_URI: ' . $_SERVER['REQUEST_URI'] . "\r\n" . 'QUERY_STRING: ' . $query_string . "\r\n" . 'HTTP_USER_AGENT: ' . $bpsPro_http_user_agent . "\r\n";
 
 
164
 
165
+ if ( is_writable( $bpsProLog ) ) {
166
+
167
+ if ( ! $handle = fopen( $bpsProLog, 'a' ) ) {
168
+ exit;
169
+ }
170
+
171
+ if ( fwrite( $handle, $log_contents) === false ) {
172
+ exit;
173
+ }
174
+
175
+ fclose($handle);
176
+ }
177
  }
178
  ?>
179
  </body>
410.php CHANGED
@@ -21,50 +21,73 @@ header('Pragma: no-cache' );
21
  <head>
22
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
23
  <title>410 Gone</title>
 
24
  <style type="text/css">
25
  <!--
26
  body {
 
 
27
  /* If you want to add a background image uncomment the CSS properties below */
28
- /* background-image:url(http://www.example.com/wp-content/plugins/bulletproof-security/abstract-blue-bg.jpg); /*
29
  /* background-repeat:repeat; */
30
- background-color:#CCCCCC;
31
- line-height: normal;
32
  }
33
 
34
  #bpsMessage {
35
  text-align:center;
36
- background-color: #F7F8F9;
37
- border:5px solid #000000;
38
- padding:10px;
39
  }
40
 
41
  p {
42
- font-family: Verdana, Arial, Helvetica, sans-serif;
43
- font-size:18px;
44
- font-weight:bold;
 
45
  }
46
  -->
47
  </style>
 
48
  </head>
49
 
50
  <body>
 
51
  <div id="bpsMessage">
52
- <p><?php $bps_hostname = str_replace( 'www.', '', htmlspecialchars( $_SERVER['SERVER_NAME'], ENT_QUOTES ) );
53
- echo $bps_hostname; ?> 410 Gone Request</p>
54
- <p>This page no longer exists.</p>
55
- <p style="font-size:12px">BPS Plugin 410 Error Page</p>
 
 
 
 
 
 
56
  </div>
57
 
58
  <?php
59
  if ( file_exists( dirname(dirname(dirname(dirname(__FILE__)))) . '/wp-load.php' ) ) {
60
  require_once '../../../wp-load.php';
 
 
 
61
  }
62
 
63
- // NOTE: fwrite is faster in benchmark tests than file_put_contents for successive writes
64
- $bpsProLog = WP_CONTENT_DIR . '/bps-backup/logs/http_error_log.txt';
65
- $hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']);
66
- $timeNow = time();
67
- $gmt_offset = get_option( 'gmt_offset' ) * 3600;
 
 
 
 
 
 
 
 
 
 
 
68
 
69
  $query_string = parse_url($_SERVER['REQUEST_URI'], PHP_URL_QUERY);
70
 
@@ -77,45 +100,40 @@ $gmt_offset = get_option( 'gmt_offset' ) * 3600;
77
  $event = '410 Gone';
78
  $solution = 'N/A - 410 Gone - Not an Attack';
79
 
80
- $bpsPro_http_referer = false;
81
- if ( array_key_exists('HTTP_REFERER', $_SERVER) ) {
82
- $bpsPro_http_referer = $_SERVER['HTTP_REFERER'];
83
- }
84
-
85
  if ( $_SERVER['REQUEST_METHOD'] == 'POST' ) {
86
 
87
- $log_contents = "\r\n" . '[410 Gone POST Request: ' . $timestamp . ']' . "\r\n" . 'BPS: ' . $bps_version . "\r\n" . 'WP: ' . $wp_version . "\r\n" . 'Event Code: ' . $event . "\r\n" . 'Solution: ' . $solution . "\r\n" . 'REMOTE_ADDR: '.$bpsPro_remote_addr . "\r\n" . 'Host Name: ' . $hostname . "\r\n" . 'SERVER_PROTOCOL: ' . $_SERVER['SERVER_PROTOCOL'] . "\r\n" . 'HTTP_CLIENT_IP: ' . $bpsPro_http_client_ip . "\r\n" . 'HTTP_FORWARDED: ' . $bpsPro_http_forwarded . "\r\n" . 'HTTP_X_FORWARDED_FOR: ' . $bpsPro_http_x_forwarded_for . "\r\n" . 'HTTP_X_CLUSTER_CLIENT_IP: ' . $bpsPro_http_x_cluster_client_ip."\r\n" . 'REQUEST_METHOD: '.$_SERVER['REQUEST_METHOD']."\r\n" . 'HTTP_REFERER: '.$bpsPro_http_referer."\r\n" . 'REQUEST_URI: '.$_SERVER['REQUEST_URI']."\r\n" . 'QUERY_STRING: '.$query_string."\r\n" . 'HTTP_USER_AGENT: '.$_SERVER['HTTP_USER_AGENT']."\r\n";
88
-
89
- if ( is_writable( $bpsProLog ) ) {
90
-
91
- if ( ! $handle = fopen( $bpsProLog, 'a' ) ) {
92
- exit;
93
- }
94
 
95
- if ( fwrite( $handle, $log_contents) === FALSE ) {
96
- exit;
97
- }
98
-
99
- fclose($handle);
100
- }
 
 
 
 
 
 
101
  }
102
 
103
  if ( $_SERVER['REQUEST_METHOD'] != 'POST' ) {
104
 
105
- $log_contents = "\r\n" . '[410 Gone GET Request: ' . $timestamp . ']' . "\r\n" . 'BPS: ' . $bps_version . "\r\n" . 'WP: ' . $wp_version . "\r\n" . 'Event Code: ' . $event . "\r\n" . 'Solution: ' . $solution . "\r\n" . 'REMOTE_ADDR: '.$bpsPro_remote_addr . "\r\n" . 'Host Name: ' . $hostname . "\r\n" . 'SERVER_PROTOCOL: ' . $_SERVER['SERVER_PROTOCOL'] . "\r\n" . 'HTTP_CLIENT_IP: ' . $bpsPro_http_client_ip . "\r\n" . 'HTTP_FORWARDED: ' . $bpsPro_http_forwarded . "\r\n" . 'HTTP_X_FORWARDED_FOR: ' . $bpsPro_http_x_forwarded_for . "\r\n" . 'HTTP_X_CLUSTER_CLIENT_IP: ' . $bpsPro_http_x_cluster_client_ip."\r\n" . 'REQUEST_METHOD: '.$_SERVER['REQUEST_METHOD']."\r\n" . 'HTTP_REFERER: '.$bpsPro_http_referer."\r\n" . 'REQUEST_URI: '.$_SERVER['REQUEST_URI']."\r\n" . 'QUERY_STRING: '.$query_string."\r\n" . 'HTTP_USER_AGENT: '.$_SERVER['HTTP_USER_AGENT']."\r\n";
106
-
107
- if ( is_writable( $bpsProLog ) ) {
108
-
109
- if ( ! $handle = fopen( $bpsProLog, 'a' ) ) {
110
- exit;
111
- }
112
-
113
- if ( fwrite( $handle, $log_contents) === FALSE ) {
114
- exit;
115
- }
116
 
117
- fclose($handle);
118
- }
 
 
 
 
 
 
 
 
 
 
119
  }
120
 
121
  ?>
21
  <head>
22
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
23
  <title>410 Gone</title>
24
+
25
  <style type="text/css">
26
  <!--
27
  body {
28
+ background-color:#fff;
29
+ line-height:normal;
30
  /* If you want to add a background image uncomment the CSS properties below */
31
+ /* background-image:url(http://www.example.com/path-to-some-image-file/example-image-file.jpg); /*
32
  /* background-repeat:repeat; */
 
 
33
  }
34
 
35
  #bpsMessage {
36
  text-align:center;
37
+ background-color:#fff;
38
+ padding:0px;
 
39
  }
40
 
41
  p {
42
+ font-family:Verdana, Arial, Helvetica, Tahoma, sans-serif;
43
+ line-height:21px;
44
+ font-size:14px;
45
+ font-weight:normal;
46
  }
47
  -->
48
  </style>
49
+
50
  </head>
51
 
52
  <body>
53
+
54
  <div id="bpsMessage">
55
+ <!-- This code needs to be standard php code (not WP code) in case wp-load.php is not loaded -->
56
+ <?php
57
+ $http_status_code = '<p style="font-size:21px;font-weight:600">410 Gone Request</p>';
58
+ $message = '<p>This page no longer exists.</p>';
59
+ $bps_hostname = '<p>Website: ' . htmlspecialchars( $_SERVER['SERVER_NAME'], ENT_QUOTES ) . '</p>';
60
+ $ip_address = '<p>Your IP Address: ' . htmlspecialchars( $_SERVER['REMOTE_ADDR'], ENT_QUOTES ) . '</p>';
61
+ $bps_plugin_footer = '<p>BPS Plugin 410 Error Page</p>';
62
+
63
+ echo $http_status_code . $message . $bps_hostname . $ip_address . $bps_plugin_footer;
64
+ ?>
65
  </div>
66
 
67
  <?php
68
  if ( file_exists( dirname(dirname(dirname(dirname(__FILE__)))) . '/wp-load.php' ) ) {
69
  require_once '../../../wp-load.php';
70
+ } else {
71
+ ob_end_flush();
72
+ return;
73
  }
74
 
75
+ $bpsPro_http_referer = false;
76
+
77
+ if ( array_key_exists('HTTP_REFERER', $_SERVER) ) {
78
+ $bpsPro_http_referer = $_SERVER['HTTP_REFERER'];
79
+ }
80
+
81
+ $bpsPro_http_user_agent = false;
82
+
83
+ if ( array_key_exists('HTTP_USER_AGENT', $_SERVER) ) {
84
+ $bpsPro_http_user_agent = $_SERVER['HTTP_USER_AGENT'];
85
+ }
86
+
87
+ $bpsProLog = WP_CONTENT_DIR . '/bps-backup/logs/http_error_log.txt';
88
+ $hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']);
89
+ $timeNow = time();
90
+ $gmt_offset = get_option( 'gmt_offset' ) * 3600;
91
 
92
  $query_string = parse_url($_SERVER['REQUEST_URI'], PHP_URL_QUERY);
93
 
100
  $event = '410 Gone';
101
  $solution = 'N/A - 410 Gone - Not an Attack';
102
 
 
 
 
 
 
103
  if ( $_SERVER['REQUEST_METHOD'] == 'POST' ) {
104
 
105
+ $log_contents = "\r\n" . '[410 Gone POST Request: ' . $timestamp . ']' . "\r\n" . 'BPS: ' . $bps_version . "\r\n" . 'WP: ' . $wp_version . "\r\n" . 'Event Code: ' . $event . "\r\n" . 'Solution: ' . $solution . "\r\n" . 'REMOTE_ADDR: '.$bpsPro_remote_addr . "\r\n" . 'Host Name: ' . $hostname . "\r\n" . 'SERVER_PROTOCOL: ' . $_SERVER['SERVER_PROTOCOL'] . "\r\n" . 'HTTP_CLIENT_IP: ' . $bpsPro_http_client_ip . "\r\n" . 'HTTP_FORWARDED: ' . $bpsPro_http_forwarded . "\r\n" . 'HTTP_X_FORWARDED_FOR: ' . $bpsPro_http_x_forwarded_for . "\r\n" . 'HTTP_X_CLUSTER_CLIENT_IP: ' . $bpsPro_http_x_cluster_client_ip."\r\n" . 'REQUEST_METHOD: '.$_SERVER['REQUEST_METHOD']."\r\n" . 'HTTP_REFERER: '.$bpsPro_http_referer."\r\n" . 'REQUEST_URI: '.$_SERVER['REQUEST_URI']."\r\n" . 'QUERY_STRING: '.$query_string."\r\n" . 'HTTP_USER_AGENT: '.$bpsPro_http_user_agent."\r\n";
 
 
 
 
 
 
106
 
107
+ if ( is_writable( $bpsProLog ) ) {
108
+
109
+ if ( ! $handle = fopen( $bpsProLog, 'a' ) ) {
110
+ exit;
111
+ }
112
+
113
+ if ( fwrite( $handle, $log_contents) === false ) {
114
+ exit;
115
+ }
116
+
117
+ fclose($handle);
118
+ }
119
  }
120
 
121
  if ( $_SERVER['REQUEST_METHOD'] != 'POST' ) {
122
 
123
+ $log_contents = "\r\n" . '[410 Gone GET Request: ' . $timestamp . ']' . "\r\n" . 'BPS: ' . $bps_version . "\r\n" . 'WP: ' . $wp_version . "\r\n" . 'Event Code: ' . $event . "\r\n" . 'Solution: ' . $solution . "\r\n" . 'REMOTE_ADDR: '.$bpsPro_remote_addr . "\r\n" . 'Host Name: ' . $hostname . "\r\n" . 'SERVER_PROTOCOL: ' . $_SERVER['SERVER_PROTOCOL'] . "\r\n" . 'HTTP_CLIENT_IP: ' . $bpsPro_http_client_ip . "\r\n" . 'HTTP_FORWARDED: ' . $bpsPro_http_forwarded . "\r\n" . 'HTTP_X_FORWARDED_FOR: ' . $bpsPro_http_x_forwarded_for . "\r\n" . 'HTTP_X_CLUSTER_CLIENT_IP: ' . $bpsPro_http_x_cluster_client_ip."\r\n" . 'REQUEST_METHOD: '.$_SERVER['REQUEST_METHOD']."\r\n" . 'HTTP_REFERER: '.$bpsPro_http_referer."\r\n" . 'REQUEST_URI: '.$_SERVER['REQUEST_URI']."\r\n" . 'QUERY_STRING: '.$query_string."\r\n" . 'HTTP_USER_AGENT: '.$bpsPro_http_user_agent."\r\n";
 
 
 
 
 
 
 
 
 
 
124
 
125
+ if ( is_writable( $bpsProLog ) ) {
126
+
127
+ if ( ! $handle = fopen( $bpsProLog, 'a' ) ) {
128
+ exit;
129
+ }
130
+
131
+ if ( fwrite( $handle, $log_contents) === false ) {
132
+ exit;
133
+ }
134
+
135
+ fclose($handle);
136
+ }
137
  }
138
 
139
  ?>
admin/core/core-custom-code.php CHANGED
@@ -333,6 +333,7 @@ span.tooltip-575-270:hover span {display:none;}
333
  <?php
334
  wp_nonce_field('bulletproof_security_CC_Root');
335
  bpsPro_CC_Root_values_form();
 
336
  $CC_Options_root = get_option('bulletproof_security_options_customcode');
337
  $bps_customcode_one = ! isset($CC_Options_root['bps_customcode_one']) ? '' : $CC_Options_root['bps_customcode_one'];
338
  $bps_customcode_server_signature = ! isset($CC_Options_root['bps_customcode_server_signature']) ? '' : $CC_Options_root['bps_customcode_server_signature'];
333
  <?php
334
  wp_nonce_field('bulletproof_security_CC_Root');
335
  bpsPro_CC_Root_values_form();
336
+ // note: esc_textarea() is not needed in these textarea inputs since what is echoed is the DB values already converted to HTML Entities.
337
  $CC_Options_root = get_option('bulletproof_security_options_customcode');
338
  $bps_customcode_one = ! isset($CC_Options_root['bps_customcode_one']) ? '' : $CC_Options_root['bps_customcode_one'];
339
  $bps_customcode_server_signature = ! isset($CC_Options_root['bps_customcode_server_signature']) ? '' : $CC_Options_root['bps_customcode_server_signature'];
admin/core/core-forms.php CHANGED
@@ -13,7 +13,7 @@ if ( isset( $_POST['Submit-WBM-Activate'] ) && current_user_can('manage_options'
13
 
14
  $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
15
 
16
- if ( $HFiles_options['bps_htaccess_files'] == 'disabled' ) {
17
  echo $bps_topDiv;
18
  $text = '<font color="blue"><strong>'.__('htaccess Files Disabled: wp-admin htaccess file writing is disabled. ', 'bulletproof-security').'</strong></font>'.__('Click this link for help information: ', 'bulletproof-security').'<a href="https://forum.ait-pro.com/forums/topic/htaccess-files-disabled-setup-wizard-enable-disable-htaccess-files/" target="_blank" title="htaccess Files Disabled Forum Topic">'.__('htaccess Files Disabled Forum Topic', 'bulletproof-security').'</a><br>';
19
  echo $text;
@@ -24,7 +24,7 @@ if ( isset( $_POST['Submit-WBM-Activate'] ) && current_user_can('manage_options'
24
  $BPS_wpadmin_Options = get_option('bulletproof_security_options_htaccess_res');
25
  $GDMW_options = get_option('bulletproof_security_options_GDMW');
26
 
27
- if ( $BPS_wpadmin_Options['bps_wpadmin_restriction'] == 'disabled' || $GDMW_options['bps_gdmw_hosting'] == 'yes' ) {
28
  echo $bps_topDiv;
29
  $text = '<font color="#fb0101"><strong>'.__('wp-admin Folder BulletProof Mode was not activated. Either it is disabled on the Setup Wizard Options page or you have a Go Daddy Managed WordPress Hosting account. The wp-admin folder is restricted on GDMW hosting account types.', 'bulletproof-security').'</strong></font>';
30
  echo $text;
@@ -72,11 +72,11 @@ if ( isset( $_POST['Submit-WBM-Activate'] ) && current_user_can('manage_options'
72
 
73
  $bpsBaseContent = file_get_contents($wpadminHtaccess);
74
 
75
- if ( $options['bps_customcode_deny_files_wpa'] != '') {
76
  $bpsBaseContent = preg_replace('/#\sBEGIN\sBPS\sWPADMIN\sDENY\sACCESS\sTO\sFILES(.*)#\sEND\sBPS\sWPADMIN\sDENY\sACCESS\sTO\sFILES/s', $bpsReplace3, $bpsBaseContent);
77
  }
78
 
79
- if ( $options['bps_customcode_bpsqse_wpa'] != '') {
80
  $bpsBaseContent = preg_replace('/#\sBEGIN\sBPSQSE-check\sBPS\sQUERY\sSTRING\sEXPLOITS\sAND\sFILTERS(.*)#\sEND\sBPSQSE-check\sBPS\sQUERY\sSTRING\sEXPLOITS\sAND\sFILTERS/s', $bpsReplace4, $bpsBaseContent);
81
  }
82
 
@@ -99,7 +99,7 @@ if ( isset( $_POST['Submit-WBM-Deactivate'] ) && current_user_can('manage_option
99
 
100
  $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
101
 
102
- if ( $HFiles_options['bps_htaccess_files'] == 'disabled' ) {
103
  echo $bps_topDiv;
104
  $text = '<font color="blue"><strong>'.__('htaccess Files Disabled: wp-admin htaccess file writing is disabled. ', 'bulletproof-security').'</strong></font>'.__('Click this link for help information: ', 'bulletproof-security').'<a href="https://forum.ait-pro.com/forums/topic/htaccess-files-disabled-setup-wizard-enable-disable-htaccess-files/" target="_blank" title="htaccess Files Disabled Forum Topic">'.__('htaccess Files Disabled Forum Topic', 'bulletproof-security').'</a><br>';
105
  echo $text;
@@ -110,7 +110,7 @@ if ( isset( $_POST['Submit-WBM-Deactivate'] ) && current_user_can('manage_option
110
  $BPS_wpadmin_Options = get_option('bulletproof_security_options_htaccess_res');
111
  $GDMW_options = get_option('bulletproof_security_options_GDMW');
112
 
113
- if ( $BPS_wpadmin_Options['bps_wpadmin_restriction'] == 'disabled' || $GDMW_options['bps_gdmw_hosting'] == 'yes' ) {
114
  echo $bps_topDiv;
115
  $text = '<font color="#fb0101"><strong>'.__('wp-admin Folder BulletProof Mode was not activated. Either it is disabled on the Setup Wizard Options page or you have a Go Daddy Managed WordPress Hosting account. The wp-admin folder is restricted on GDMW hosting account types.', 'bulletproof-security').'</strong></font>';
116
  echo $text;
@@ -143,10 +143,10 @@ if ( isset( $_POST['Submit-Hidden-Plugins'] ) && current_user_can('manage_option
143
  check_admin_referer('bulletproof_security_hpf_cron');
144
 
145
  $HPF_Options = array(
146
- 'bps_hidden_plugins_cron' => esc_html($_POST['hpf_on_off']),
147
- 'bps_hidden_plugins_cron_frequency' => esc_html($_POST['hpf_cron_frequency']),
148
- 'bps_hidden_plugins_cron_email' => esc_html(''),
149
- 'bps_hidden_plugins_cron_alert' => esc_html('')
150
  );
151
 
152
  foreach( $HPF_Options as $key => $value ) {
@@ -155,14 +155,14 @@ if ( isset( $_POST['Submit-Hidden-Plugins'] ) && current_user_can('manage_option
155
 
156
  $hpf_options = get_option('bulletproof_security_options_hpf_cron');
157
 
158
- if ( $hpf_options['bps_hidden_plugins_cron'] == 'On' ) {
159
 
160
  echo $bps_topDiv;
161
  $text = '<strong><font color="green">'.__('The Hidden Plugin Folders|Files (HPF) Cron is turned On.', 'bulletproof-security').'<br>'.__('The HPF Cron Check Frequency setting is: ', 'bulletproof-security').$hpf_options['bps_hidden_plugins_cron_frequency'].__(' minutes.', 'bulletproof-security').'</font></strong>';
162
  echo $text;
163
  echo $bps_bottomDiv;
164
 
165
- } elseif ( $hpf_options['bps_hidden_plugins_cron'] == 'Off' ) {
166
 
167
  wp_clear_scheduled_hook('bpsPro_HPF_check');
168
 
@@ -177,7 +177,9 @@ if ( isset( $_POST['Submit-Hidden-Plugins'] ) && current_user_can('manage_option
177
  if ( isset( $_POST['Hidden-Plugins-Ignore-Submit'] ) && current_user_can('manage_options') ) {
178
  check_admin_referer('bulletproof_security_hpf_cron_ignore');
179
 
180
- $HPFI_Options = array( 'bps_hidden_plugins_check' => esc_html( $_POST['bps_hidden_plugins_check'] ) );
 
 
181
 
182
  foreach( $HPFI_Options as $key => $value ) {
183
  update_option('bulletproof_security_options_hidden_plugins', $HPFI_Options);
@@ -197,7 +199,7 @@ if ( isset( $_POST['Submit-MBM-Activate'] ) && current_user_can('manage_options'
197
 
198
  $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
199
 
200
- if ( $HFiles_options['bps_htaccess_files'] == 'disabled' ) {
201
  echo $bps_topDiv;
202
  $text = '<font color="blue"><strong>'.__('htaccess Files Disabled: Master htaccess file writing is disabled. ', 'bulletproof-security').'</strong></font>'.__('Click this link for help information: ', 'bulletproof-security').'<a href="https://forum.ait-pro.com/forums/topic/htaccess-files-disabled-setup-wizard-enable-disable-htaccess-files/" target="_blank" title="htaccess Files Disabled Forum Topic">'.__('htaccess Files Disabled Forum Topic', 'bulletproof-security').'</a><br>';
203
  echo $text;
@@ -211,7 +213,7 @@ if ( isset( $_POST['Submit-MBM-Activate'] ) && current_user_can('manage_options'
211
 
212
  $Apache_Mod_options = get_option('bulletproof_security_options_apache_modules');
213
 
214
- if ( $Apache_Mod_options['bps_apache_mod_ifmodule'] == 'Yes' ) {
215
 
216
  if ( ! copy($deny_all_ifmodule, $bps_rename_htaccess_renamed) ) {
217
  echo $bps_topDiv;
@@ -247,7 +249,7 @@ if ( isset( $_POST['Submit-MBM-Deactivate'] ) && current_user_can('manage_option
247
 
248
  $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
249
 
250
- if ( $HFiles_options['bps_htaccess_files'] == 'disabled' ) {
251
  echo $bps_topDiv;
252
  $text = '<font color="blue"><strong>'.__('htaccess Files Disabled: Master htaccess file writing is disabled. ', 'bulletproof-security').'</strong></font>'.__('Click this link for help information: ', 'bulletproof-security').'<a href="https://forum.ait-pro.com/forums/topic/htaccess-files-disabled-setup-wizard-enable-disable-htaccess-files/" target="_blank" title="htaccess Files Disabled Forum Topic">'.__('htaccess Files Disabled Forum Topic', 'bulletproof-security').'</a><br>';
253
  echo $text;
@@ -281,7 +283,7 @@ if ( isset( $_POST['Submit-BBM-Activate'] ) && current_user_can('manage_options'
281
 
282
  $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
283
 
284
- if ( $HFiles_options['bps_htaccess_files'] == 'disabled' ) {
285
  echo $bps_topDiv;
286
  $text = '<font color="blue"><strong>'.__('htaccess Files Disabled: BPS Backup htaccess file writing is disabled. ', 'bulletproof-security').'</strong></font>'.__('Click this link for help information: ', 'bulletproof-security').'<a href="https://forum.ait-pro.com/forums/topic/htaccess-files-disabled-setup-wizard-enable-disable-htaccess-files/" target="_blank" title="htaccess Files Disabled Forum Topic">'.__('htaccess Files Disabled Forum Topic', 'bulletproof-security').'</a><br>';
287
  echo $text;
@@ -295,7 +297,7 @@ if ( isset( $_POST['Submit-BBM-Activate'] ) && current_user_can('manage_options'
295
 
296
  $Apache_Mod_options = get_option('bulletproof_security_options_apache_modules');
297
 
298
- if ( $Apache_Mod_options['bps_apache_mod_ifmodule'] == 'Yes' ) {
299
 
300
  if ( ! copy($deny_all_ifmodule, $bps_rename_htaccess_backup_online) ) {
301
  echo $bps_topDiv;
@@ -331,7 +333,7 @@ if ( isset( $_POST['Submit-BBM-Deactivate'] ) && current_user_can('manage_option
331
 
332
  $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
333
 
334
- if ( $HFiles_options['bps_htaccess_files'] == 'disabled' ) {
335
  echo $bps_topDiv;
336
  $text = '<font color="blue"><strong>'.__('htaccess Files Disabled: BPS Backup htaccess file writing is disabled. ', 'bulletproof-security').'</strong></font>'.__('Click this link for help information: ', 'bulletproof-security').'<a href="https://forum.ait-pro.com/forums/topic/htaccess-files-disabled-setup-wizard-enable-disable-htaccess-files/" target="_blank" title="htaccess Files Disabled Forum Topic">'.__('htaccess Files Disabled Forum Topic', 'bulletproof-security').'</a><br>';
337
  echo $text;
@@ -365,7 +367,7 @@ if ( isset( $_POST['Submit-Backup-htaccess-Files'] ) && current_user_can('manage
365
 
366
  $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
367
 
368
- if ( $HFiles_options['bps_htaccess_files'] == 'disabled' ) {
369
  echo $bps_topDiv;
370
  $text = '<font color="blue"><strong>'.__('htaccess Files Disabled: htaccess file Backup is disabled. ', 'bulletproof-security').'</strong></font>'.__('Click this link for help information: ', 'bulletproof-security').'<a href="https://forum.ait-pro.com/forums/topic/htaccess-files-disabled-setup-wizard-enable-disable-htaccess-files/" target="_blank" title="htaccess Files Disabled Forum Topic">'.__('htaccess Files Disabled Forum Topic', 'bulletproof-security').'</a><br>';
371
  echo $text;
@@ -431,7 +433,7 @@ if ( isset( $_POST['Submit-Restore-htaccess-Files'] ) && current_user_can('manag
431
 
432
  $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
433
 
434
- if ( $HFiles_options['bps_htaccess_files'] == 'disabled' ) {
435
  echo $bps_topDiv;
436
  $text = '<font color="blue"><strong>'.__('htaccess Files Disabled: htaccess file Restore is disabled. ', 'bulletproof-security').'</strong></font>'.__('Click this link for help information: ', 'bulletproof-security').'<a href="https://forum.ait-pro.com/forums/topic/htaccess-files-disabled-setup-wizard-enable-disable-htaccess-files/" target="_blank" title="htaccess Files Disabled Forum Topic">'.__('htaccess Files Disabled Forum Topic', 'bulletproof-security').'</a><br>';
437
  echo $text;
13
 
14
  $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
15
 
16
+ if ( isset($HFiles_options['bps_htaccess_files']) && $HFiles_options['bps_htaccess_files'] == 'disabled' ) {
17
  echo $bps_topDiv;
18
  $text = '<font color="blue"><strong>'.__('htaccess Files Disabled: wp-admin htaccess file writing is disabled. ', 'bulletproof-security').'</strong></font>'.__('Click this link for help information: ', 'bulletproof-security').'<a href="https://forum.ait-pro.com/forums/topic/htaccess-files-disabled-setup-wizard-enable-disable-htaccess-files/" target="_blank" title="htaccess Files Disabled Forum Topic">'.__('htaccess Files Disabled Forum Topic', 'bulletproof-security').'</a><br>';
19
  echo $text;
24
  $BPS_wpadmin_Options = get_option('bulletproof_security_options_htaccess_res');
25
  $GDMW_options = get_option('bulletproof_security_options_GDMW');
26
 
27
+ if ( isset($BPS_wpadmin_Options['bps_wpadmin_restriction']) && $BPS_wpadmin_Options['bps_wpadmin_restriction'] == 'disabled' || isset($GDMW_options['bps_gdmw_hosting']) && $GDMW_options['bps_gdmw_hosting'] == 'yes' ) {
28
  echo $bps_topDiv;
29
  $text = '<font color="#fb0101"><strong>'.__('wp-admin Folder BulletProof Mode was not activated. Either it is disabled on the Setup Wizard Options page or you have a Go Daddy Managed WordPress Hosting account. The wp-admin folder is restricted on GDMW hosting account types.', 'bulletproof-security').'</strong></font>';
30
  echo $text;
72
 
73
  $bpsBaseContent = file_get_contents($wpadminHtaccess);
74
 
75
+ if ( isset($options['bps_customcode_deny_files_wpa']) && $options['bps_customcode_deny_files_wpa'] != '') {
76
  $bpsBaseContent = preg_replace('/#\sBEGIN\sBPS\sWPADMIN\sDENY\sACCESS\sTO\sFILES(.*)#\sEND\sBPS\sWPADMIN\sDENY\sACCESS\sTO\sFILES/s', $bpsReplace3, $bpsBaseContent);
77
  }
78
 
79
+ if ( isset($options['bps_customcode_deny_files_wpa']) && $options['bps_customcode_bpsqse_wpa'] != '') {
80
  $bpsBaseContent = preg_replace('/#\sBEGIN\sBPSQSE-check\sBPS\sQUERY\sSTRING\sEXPLOITS\sAND\sFILTERS(.*)#\sEND\sBPSQSE-check\sBPS\sQUERY\sSTRING\sEXPLOITS\sAND\sFILTERS/s', $bpsReplace4, $bpsBaseContent);
81
  }
82
 
99
 
100
  $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
101
 
102
+ if ( isset($HFiles_options['bps_htaccess_files']) && $HFiles_options['bps_htaccess_files'] == 'disabled' ) {
103
  echo $bps_topDiv;
104
  $text = '<font color="blue"><strong>'.__('htaccess Files Disabled: wp-admin htaccess file writing is disabled. ', 'bulletproof-security').'</strong></font>'.__('Click this link for help information: ', 'bulletproof-security').'<a href="https://forum.ait-pro.com/forums/topic/htaccess-files-disabled-setup-wizard-enable-disable-htaccess-files/" target="_blank" title="htaccess Files Disabled Forum Topic">'.__('htaccess Files Disabled Forum Topic', 'bulletproof-security').'</a><br>';
105
  echo $text;
110
  $BPS_wpadmin_Options = get_option('bulletproof_security_options_htaccess_res');
111
  $GDMW_options = get_option('bulletproof_security_options_GDMW');
112
 
113
+ if ( isset($BPS_wpadmin_Options['bps_wpadmin_restriction']) && $BPS_wpadmin_Options['bps_wpadmin_restriction'] == 'disabled' || isset($GDMW_options['bps_gdmw_hosting']) && $GDMW_options['bps_gdmw_hosting'] == 'yes' ) {
114
  echo $bps_topDiv;
115
  $text = '<font color="#fb0101"><strong>'.__('wp-admin Folder BulletProof Mode was not activated. Either it is disabled on the Setup Wizard Options page or you have a Go Daddy Managed WordPress Hosting account. The wp-admin folder is restricted on GDMW hosting account types.', 'bulletproof-security').'</strong></font>';
116
  echo $text;
143
  check_admin_referer('bulletproof_security_hpf_cron');
144
 
145
  $HPF_Options = array(
146
+ 'bps_hidden_plugins_cron' => $_POST['hpf_on_off'],
147
+ 'bps_hidden_plugins_cron_frequency' => $_POST['hpf_cron_frequency'],
148
+ 'bps_hidden_plugins_cron_email' => '',
149
+ 'bps_hidden_plugins_cron_alert' => ''
150
  );
151
 
152
  foreach( $HPF_Options as $key => $value ) {
155
 
156
  $hpf_options = get_option('bulletproof_security_options_hpf_cron');
157
 
158
+ if ( isset($hpf_options['bps_hidden_plugins_cron']) && $hpf_options['bps_hidden_plugins_cron'] == 'On' ) {
159
 
160
  echo $bps_topDiv;
161
  $text = '<strong><font color="green">'.__('The Hidden Plugin Folders|Files (HPF) Cron is turned On.', 'bulletproof-security').'<br>'.__('The HPF Cron Check Frequency setting is: ', 'bulletproof-security').$hpf_options['bps_hidden_plugins_cron_frequency'].__(' minutes.', 'bulletproof-security').'</font></strong>';
162
  echo $text;
163
  echo $bps_bottomDiv;
164
 
165
+ } elseif ( isset($hpf_options['bps_hidden_plugins_cron']) && $hpf_options['bps_hidden_plugins_cron'] == 'Off' ) {
166
 
167
  wp_clear_scheduled_hook('bpsPro_HPF_check');
168
 
177
  if ( isset( $_POST['Hidden-Plugins-Ignore-Submit'] ) && current_user_can('manage_options') ) {
178
  check_admin_referer('bulletproof_security_hpf_cron_ignore');
179
 
180
+ $bps_hidden_plugins_check = sanitize_textarea_field($_POST['bps_hidden_plugins_check']);
181
+
182
+ $HPFI_Options = array( 'bps_hidden_plugins_check' => $bps_hidden_plugins_check );
183
 
184
  foreach( $HPFI_Options as $key => $value ) {
185
  update_option('bulletproof_security_options_hidden_plugins', $HPFI_Options);
199
 
200
  $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
201
 
202
+ if ( isset($HFiles_options['bps_htaccess_files']) && $HFiles_options['bps_htaccess_files'] == 'disabled' ) {
203
  echo $bps_topDiv;
204
  $text = '<font color="blue"><strong>'.__('htaccess Files Disabled: Master htaccess file writing is disabled. ', 'bulletproof-security').'</strong></font>'.__('Click this link for help information: ', 'bulletproof-security').'<a href="https://forum.ait-pro.com/forums/topic/htaccess-files-disabled-setup-wizard-enable-disable-htaccess-files/" target="_blank" title="htaccess Files Disabled Forum Topic">'.__('htaccess Files Disabled Forum Topic', 'bulletproof-security').'</a><br>';
205
  echo $text;
213
 
214
  $Apache_Mod_options = get_option('bulletproof_security_options_apache_modules');
215
 
216
+ if ( isset($Apache_Mod_options['bps_apache_mod_ifmodule']) && $Apache_Mod_options['bps_apache_mod_ifmodule'] == 'Yes' ) {
217
 
218
  if ( ! copy($deny_all_ifmodule, $bps_rename_htaccess_renamed) ) {
219
  echo $bps_topDiv;
249
 
250
  $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
251
 
252
+ if ( isset($HFiles_options['bps_htaccess_files']) && $HFiles_options['bps_htaccess_files'] == 'disabled' ) {
253
  echo $bps_topDiv;
254
  $text = '<font color="blue"><strong>'.__('htaccess Files Disabled: Master htaccess file writing is disabled. ', 'bulletproof-security').'</strong></font>'.__('Click this link for help information: ', 'bulletproof-security').'<a href="https://forum.ait-pro.com/forums/topic/htaccess-files-disabled-setup-wizard-enable-disable-htaccess-files/" target="_blank" title="htaccess Files Disabled Forum Topic">'.__('htaccess Files Disabled Forum Topic', 'bulletproof-security').'</a><br>';
255
  echo $text;
283
 
284
  $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
285
 
286
+ if ( isset($HFiles_options['bps_htaccess_files']) && $HFiles_options['bps_htaccess_files'] == 'disabled' ) {
287
  echo $bps_topDiv;
288
  $text = '<font color="blue"><strong>'.__('htaccess Files Disabled: BPS Backup htaccess file writing is disabled. ', 'bulletproof-security').'</strong></font>'.__('Click this link for help information: ', 'bulletproof-security').'<a href="https://forum.ait-pro.com/forums/topic/htaccess-files-disabled-setup-wizard-enable-disable-htaccess-files/" target="_blank" title="htaccess Files Disabled Forum Topic">'.__('htaccess Files Disabled Forum Topic', 'bulletproof-security').'</a><br>';
289
  echo $text;
297
 
298
  $Apache_Mod_options = get_option('bulletproof_security_options_apache_modules');
299
 
300
+ if ( isset($Apache_Mod_options['bps_apache_mod_ifmodule']) && $Apache_Mod_options['bps_apache_mod_ifmodule'] == 'Yes' ) {
301
 
302
  if ( ! copy($deny_all_ifmodule, $bps_rename_htaccess_backup_online) ) {
303
  echo $bps_topDiv;
333
 
334
  $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
335
 
336
+ if ( isset($HFiles_options['bps_htaccess_files']) && $HFiles_options['bps_htaccess_files'] == 'disabled' ) {
337
  echo $bps_topDiv;
338
  $text = '<font color="blue"><strong>'.__('htaccess Files Disabled: BPS Backup htaccess file writing is disabled. ', 'bulletproof-security').'</strong></font>'.__('Click this link for help information: ', 'bulletproof-security').'<a href="https://forum.ait-pro.com/forums/topic/htaccess-files-disabled-setup-wizard-enable-disable-htaccess-files/" target="_blank" title="htaccess Files Disabled Forum Topic">'.__('htaccess Files Disabled Forum Topic', 'bulletproof-security').'</a><br>';
339
  echo $text;
367
 
368
  $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
369
 
370
+ if ( isset($HFiles_options['bps_htaccess_files']) && $HFiles_options['bps_htaccess_files'] == 'disabled' ) {
371
  echo $bps_topDiv;
372
  $text = '<font color="blue"><strong>'.__('htaccess Files Disabled: htaccess file Backup is disabled. ', 'bulletproof-security').'</strong></font>'.__('Click this link for help information: ', 'bulletproof-security').'<a href="https://forum.ait-pro.com/forums/topic/htaccess-files-disabled-setup-wizard-enable-disable-htaccess-files/" target="_blank" title="htaccess Files Disabled Forum Topic">'.__('htaccess Files Disabled Forum Topic', 'bulletproof-security').'</a><br>';
373
  echo $text;
433
 
434
  $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
435
 
436
+ if ( isset($HFiles_options['bps_htaccess_files']) && $HFiles_options['bps_htaccess_files'] == 'disabled' ) {
437
  echo $bps_topDiv;
438
  $text = '<font color="blue"><strong>'.__('htaccess Files Disabled: htaccess file Restore is disabled. ', 'bulletproof-security').'</strong></font>'.__('Click this link for help information: ', 'bulletproof-security').'<a href="https://forum.ait-pro.com/forums/topic/htaccess-files-disabled-setup-wizard-enable-disable-htaccess-files/" target="_blank" title="htaccess Files Disabled Forum Topic">'.__('htaccess Files Disabled Forum Topic', 'bulletproof-security').'</a><br>';
439
  echo $text;
admin/core/core-htaccess-code.php CHANGED
@@ -10,16 +10,20 @@ if ( ! current_user_can('manage_options') ) {
10
  // BEGIN HTACCESS FILE WRITING
11
  /*****************************/
12
  function bpsPro_network_domain_check() {
13
- global $wpdb;
 
14
  if ( $wpdb->get_var( "SHOW TABLES LIKE '$wpdb->site'" ) )
15
  return $wpdb->get_var( "SELECT domain FROM $wpdb->site ORDER BY id ASC LIMIT 1" );
16
  return false;
17
  }
18
 
19
  function bpsPro_get_clean_basedomain() {
 
20
  if ( $existing_domain = bpsPro_network_domain_check() )
21
- return $existing_domain;
22
- $domain = preg_replace( '|https?://|', '', get_option( 'siteurl' ) );
 
 
23
  if ( $slash = strpos( $domain, '/' ) )
24
  $domain = substr( $domain, 0, $slash );
25
  return $domain;
@@ -27,18 +31,18 @@ function bpsPro_get_clean_basedomain() {
27
 
28
  if ( is_multisite() ) {
29
 
30
- $hostname = bpsPro_get_clean_basedomain();
31
- $slashed_home = trailingslashit( get_option( 'home' ) );
32
- $base = parse_url( $slashed_home, PHP_URL_PATH );
33
- $document_root_fix = str_replace( '\\', '/', realpath( $_SERVER['DOCUMENT_ROOT'] ) );
34
- $abspath_fix = str_replace( '\\', '/', ABSPATH );
35
- $home_path = 0 === strpos( $abspath_fix, $document_root_fix ) ? $document_root_fix . $base : get_home_path();
36
- $wp_siteurl_subdir = preg_replace( '#^' . preg_quote( $home_path, '#' ) . '#', '', $abspath_fix );
37
- $rewrite_base = ! empty( $wp_siteurl_subdir ) ? ltrim( trailingslashit( $wp_siteurl_subdir ), '/' ) : '';
38
- $subdomain_install = is_subdomain_install();
39
- $subdir_match = $subdomain_install ? '' : '([_0-9a-zA-Z-]+/)?';
40
- $subdir_replacement_01 = $subdomain_install ? '' : '$1';
41
- $subdir_replacement_12 = $subdomain_install ? '$1' : '$2';
42
 
43
  $ms_files_rewriting = '';
44
 
@@ -48,15 +52,20 @@ function bpsPro_get_clean_basedomain() {
48
  }
49
  }
50
 
51
- $BPSCustomCodeOptions = get_option('bulletproof_security_options_customcode');
52
- $Apache_Mod_options = get_option('bulletproof_security_options_apache_modules');
53
- $bps_auto_write_default_file = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/default.htaccess';
54
-
55
- $bpsFailMessageDef = '<font color="#fb0101"><strong>'.__('The file ', 'bulletproof-security').$bps_auto_write_default_file.__(' is not writable or does not exist.', 'bulletproof-security').'</strong></font><br><strong>'.__('Check that the file is named default.htaccess and that the file exists in the /bulletproof-security/admin/htaccess master folder. If this is not the problem click ', 'bulletproof-security').'<a href="https://forum.ait-pro.com/read-me-first/" target="_blank">'.__('HERE', 'bulletproof-security').'</a>'.__(' to go the the BulletProof Security Forum.', 'bulletproof-security').'</strong><br>';
 
 
 
56
 
57
- if ( ! is_multisite() && $BPSCustomCodeOptions['bps_customcode_wp_rewrite_start'] != '' ) {
58
  $bpsBeginWP = "# CUSTOM CODE WP REWRITE LOOP START\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_wp_rewrite_start'], ENT_QUOTES ) . "\n\n";
 
59
  } else {
 
60
  $bpsBeginWP = "# WP REWRITE LOOP START
61
  RewriteEngine On
62
  RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
@@ -85,9 +94,12 @@ $bpsMUEndWP = "# END BPS WordPress";
85
 
86
  // Network/Multisite all site types and versions
87
  if ( is_multisite() ) {
88
- if ( $BPSCustomCodeOptions['bps_customcode_wp_rewrite_start'] != '' ) {
 
89
  $bpsMUSDirTop = "# CUSTOM CODE WP REWRITE LOOP START\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_wp_rewrite_start'], ENT_QUOTES ) . "\n\n";
 
90
  } else {
 
91
  $bpsMUSDirTop = "# WP REWRITE LOOP START
92
  RewriteEngine On
93
  RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
@@ -99,9 +111,11 @@ RewriteRule ^{$subdir_match}wp-admin$ {$subdir_replacement_01}wp-admin/ [R=301,L
99
  }
100
 
101
  // Network/Multisite all site types and versions
102
- if ( $BPSCustomCodeOptions['bps_customcode_wp_rewrite_end'] != '' ) {
103
  $bpsMUSDirBottom = "# CUSTOM CODE WP REWRITE LOOP END\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_wp_rewrite_end'], ENT_QUOTES ) . "\n\n";
 
104
  } else {
 
105
  $bpsMUSDirBottom = "RewriteCond %{REQUEST_FILENAME} -f [OR]
106
  RewriteCond %{REQUEST_FILENAME} -d
107
  RewriteRule ^ - [L]
@@ -122,25 +136,31 @@ $bpsFailMessageSec = '<font color="#fb0101"><strong>'.__('The file ', 'bulletpro
122
 
123
  $bps_secure_content_top = "# BULLETPROOF $bps_version SECURE .HTACCESS \n\n";
124
 
125
- if ( $BPSCustomCodeOptions['bps_customcode_one'] != '' ) {
126
  $bps_secure_phpini_cache = "# CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_one'], ENT_QUOTES ) . "\n\n";
 
127
  } else {
 
128
  $bps_secure_phpini_cache = "# PHP/PHP.INI HANDLER/CACHE CODE
129
  # Use BPS Custom Code to add php/php.ini Handler and Cache htaccess code and to save it permanently.
130
  # Most Hosts do not have/use/require php/php.ini Handler htaccess code\n\n";
131
  }
132
 
133
- if ( $BPSCustomCodeOptions['bps_customcode_server_signature'] != '' ) {
134
  $bps_server_signature = "# CUSTOM CODE TURN OFF YOUR SERVER SIGNATURE\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_server_signature'], ENT_QUOTES ) . "\n\n";
 
135
  } else {
 
136
  $bps_server_signature = "# TURN OFF YOUR SERVER SIGNATURE
137
  # Suppresses the footer line server version number and ServerName of the serving virtual host
138
  ServerSignature Off\n\n";
139
  }
140
 
141
- if ( $BPSCustomCodeOptions['bps_customcode_directory_index'] != '' ) {
142
  $bps_secure_directory_list_index = "# CUSTOM CODE DIRECTORY LISTING/DIRECTORY INDEX\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_directory_index'], ENT_QUOTES ) . "\n\n";
 
143
  } else {
 
144
  $bps_secure_directory_list_index = "# DO NOT SHOW DIRECTORY LISTING
145
  # Disallow mod_autoindex from displaying a directory listing
146
  # If a 500 Internal Server Error occurs when activating Root BulletProof Mode
@@ -159,9 +179,11 @@ Options -Indexes\n
159
  DirectoryIndex index.php index.html /index.php\n\n";
160
  }
161
 
162
- if ( $BPSCustomCodeOptions['bps_customcode_server_protocol'] != '' ) {
163
  $bps_secure_brute_force_login = "# CUSTOM CODE BRUTE FORCE LOGIN PAGE PROTECTION\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_server_protocol'], ENT_QUOTES ) . "\n\n";
 
164
  } else {
 
165
  $bps_secure_brute_force_login = "# BRUTE FORCE LOGIN PAGE PROTECTION
166
  # PLACEHOLDER ONLY
167
  # Use BPS Custom Code to add Brute Force Login protection code and to save it permanently.
@@ -169,9 +191,10 @@ $bps_secure_brute_force_login = "# BRUTE FORCE LOGIN PAGE PROTECTION
169
  # for more information.\n\n";
170
  }
171
 
172
- if ( $BPSCustomCodeOptions['bps_customcode_error_logging'] != '' ) {
173
  $bps_secure_error_logging = "# CUSTOM CODE ERROR LOGGING AND TRACKING\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_error_logging'], ENT_QUOTES ) . "\n\n";
174
  } else {
 
175
  $bps_secure_error_logging = "# BPS ERROR LOGGING AND TRACKING
176
  # Use BPS Custom Code to modify/edit/change this code and to save it permanently.
177
  # BPS has premade 400 Bad Request, 403 Forbidden, 404 Not Found, 405 Method Not Allowed and
@@ -195,18 +218,22 @@ ErrorDocument 405 " . $bps_get_wp_root_secure . $bps_plugin_dir . "/bulletproof-
195
  ErrorDocument 410 " . $bps_get_wp_root_secure . $bps_plugin_dir . "/bulletproof-security/410.php\n\n";
196
  }
197
 
198
- if ( $BPSCustomCodeOptions['bps_customcode_deny_dot_folders'] != '' ) {
199
  $bps_secure_dot_server_files = "# CUSTOM CODE DENY ACCESS TO PROTECTED SERVER FILES AND FOLDERS\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_deny_dot_folders'], ENT_QUOTES ) . "\n\n";
 
200
  } else {
 
201
  $bps_secure_dot_server_files = "# DENY ACCESS TO PROTECTED SERVER FILES AND FOLDERS
202
  # Use BPS Custom Code to modify/edit/change this code and to save it permanently.
203
  # Files and folders starting with a dot: .htaccess, .htpasswd, .errordocs, .logs
204
  RedirectMatch 403 \.(htaccess|htpasswd|errordocs|logs)$\n\n";
205
  }
206
 
207
- if ( $BPSCustomCodeOptions['bps_customcode_admin_includes'] != '' ) {
208
  $bps_secure_content_wpadmin = "# CUSTOM CODE WP-ADMIN/INCLUDES\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_admin_includes'], ENT_QUOTES ) . "\n\n";
 
209
  } else {
 
210
  $bps_secure_content_wpadmin = "# WP-ADMIN/INCLUDES
211
  # Use BPS Custom Code to remove this code permanently.
212
  RewriteEngine On
@@ -218,9 +245,11 @@ RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F]
218
  RewriteRule ^wp-includes/theme-compat/ - [F]\n\n";
219
  }
220
 
221
- if ( $BPSCustomCodeOptions['bps_customcode_request_methods'] != '' ) {
222
  $bps_secure_request_methods = "\n# CUSTOM CODE REQUEST METHODS FILTERED\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_request_methods'], ENT_QUOTES)."\n\n";
 
223
  } else {
 
224
  $bps_secure_request_methods = "\n# REQUEST METHODS FILTERED
225
  # If you want to allow HEAD Requests use BPS Custom Code and copy
226
  # this entire REQUEST METHODS FILTERED section of code to this BPS Custom Code
@@ -242,7 +271,8 @@ $bps_secure_begin_plugins_skip_rules_text = "# PLUGINS/THEMES AND VARIOUS EXPLOI
242
 
243
  // Plugin/Theme skip/bypass rules
244
  $bps_secure_plugins_themes_skip_rules = '';
245
- if ( $BPSCustomCodeOptions['bps_customcode_two'] != '' ) {
 
246
  $bps_secure_plugins_themes_skip_rules = "# CUSTOM CODE PLUGIN/THEME SKIP/BYPASS RULES\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_two'], ENT_QUOTES ) . "\n\n";
247
  }
248
 
@@ -277,9 +307,11 @@ RewriteRule . - [S=4]
277
  RewriteCond %{QUERY_STRING} action=rp&key=(.*) [NC]
278
  RewriteRule . - [S=3]\n\n";
279
 
280
- if ( $BPSCustomCodeOptions['bps_customcode_timthumb_misc'] != '' ) {
281
  $bps_secure_timthumb_misc = "# CUSTOM CODE TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_timthumb_misc'], ENT_QUOTES ) . "\n\n";
 
282
  } else {
 
283
  $bps_secure_timthumb_misc = "# TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE
284
  # Use BPS Custom Code to modify/edit/change this code and to save it permanently.
285
  # Remote File Inclusion (RFI) security rules
@@ -295,9 +327,11 @@ RewriteCond %{HTTP_REFERER} ^.*" . $bps_get_domain_root . ".*
295
  RewriteRule . - [S=1]\n\n";
296
  }
297
 
298
- if ( $BPSCustomCodeOptions['bps_customcode_bpsqse'] != '' ) {
299
  $bps_secure_BPSQSE = "# CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_bpsqse'], ENT_QUOTES ) . "\n\n";
 
300
  } else {
 
301
  $bps_secure_BPSQSE = "# BEGIN BPSQSE BPS QUERY STRING EXPLOITS
302
  # The libwww-perl User Agent is forbidden - Many bad bots use libwww-perl modules, but some good bots use it too.
303
  # Good sites such as W3C use it for their W3C-LinkChecker.
@@ -357,14 +391,14 @@ RewriteCond %{REQUEST_FILENAME} !-d
357
  RewriteRule . " . $bps_get_wp_root_secure . "index.php [L]
358
  # WP REWRITE LOOP END\n";
359
 
360
- if ( $BPSCustomCodeOptions['bps_customcode_deny_files'] != '' ) {
361
  $bps_secure_deny_browser_access = "\n# CUSTOM CODE DENY BROWSER ACCESS TO THESE FILES\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_deny_files'], ENT_QUOTES ) . "\n\n";
362
 
363
  } else {
364
 
365
- if ( $Apache_Mod_options['bps_apache_mod_ifmodule'] == 'Yes' ) {
366
-
367
- $bps_secure_deny_browser_access = "\n# DENY BROWSER ACCESS TO THESE FILES
368
  # Use BPS Custom Code to modify/edit/change this code and to save it permanently.
369
  # wp-config.php, bb-config.php, php.ini, php5.ini, readme.html
370
  # To be able to view these files from a Browser, replace 127.0.0.1 with your actual
@@ -386,10 +420,10 @@ Deny from all
386
  </IfModule>
387
  </IfModule>
388
  </FilesMatch>\n\n";
 
 
389
 
390
- } else {
391
-
392
- $bps_secure_deny_browser_access = "\n# DENY BROWSER ACCESS TO THESE FILES
393
  # Use BPS Custom Code to modify/edit/change this code and to save it permanently.
394
  # wp-config.php, bb-config.php, php.ini, php5.ini, readme.html
395
  # To be able to view these files from a Browser, replace 127.0.0.1 with your actual
@@ -401,14 +435,17 @@ Order Allow,Deny
401
  Deny from all
402
  #Allow from 127.0.0.1
403
  </FilesMatch>\n\n";
404
- }
405
  }
406
 
407
  // CUSTOM CODE BOTTOM
408
  $bps_secure_bottom_misc_code = '';
409
- if ( $BPSCustomCodeOptions['bps_customcode_three'] != '' ) {
 
410
  $bps_secure_bottom_misc_code = "# CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_three'], ENT_QUOTES ) . "\n\n";
 
411
  } else {
 
412
  $bps_secure_bottom_misc_code = "# HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE
413
  # PLACEHOLDER ONLY
414
  # Use BPS Custom Code to add custom code and save it permanently here.\n";
@@ -421,12 +458,12 @@ if ( isset( $_POST['Submit-RBM-Deactivate'] ) && current_user_can('manage_option
421
 
422
  $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
423
 
424
- if ( $HFiles_options['bps_htaccess_files'] == 'disabled' ) {
425
  echo $bps_topDiv;
426
  $text = '<font color="blue"><strong>'.__('htaccess Files Disabled: Root htaccess file writing is disabled. ', 'bulletproof-security').'</strong></font>'.__('Click this link for help information: ', 'bulletproof-security').'<a href="https://forum.ait-pro.com/forums/topic/htaccess-files-disabled-setup-wizard-enable-disable-htaccess-files/" target="_blank" title="htaccess Files Disabled Forum Topic">'.__('htaccess Files Disabled Forum Topic', 'bulletproof-security').'</a><br>';
427
  echo $text;
428
  echo $bps_bottomDiv;
429
- return;
430
  }
431
 
432
  $options = get_option('bulletproof_security_options_autolock');
@@ -505,12 +542,12 @@ if ( isset( $_POST['Submit-RBM-Activate'] ) && current_user_can('manage_options'
505
 
506
  $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
507
 
508
- if ( $HFiles_options['bps_htaccess_files'] == 'disabled' ) {
509
  echo $bps_topDiv;
510
  $text = '<font color="blue"><strong>'.__('htaccess Files Disabled: Root htaccess file writing is disabled. ', 'bulletproof-security').'</strong></font>'.__('Click this link for help information: ', 'bulletproof-security').'<a href="https://forum.ait-pro.com/forums/topic/htaccess-files-disabled-setup-wizard-enable-disable-htaccess-files/" target="_blank" title="htaccess Files Disabled Forum Topic">'.__('htaccess Files Disabled Forum Topic', 'bulletproof-security').'</a><br>';
511
  echo $text;
512
  echo $bps_bottomDiv;
513
- return;
514
  }
515
 
516
  $stringReplace = file_get_contents($bps_auto_write_secure_file);
@@ -574,12 +611,12 @@ if ( isset( $_POST['Submit-RBM-Deactivate-Network'] ) && current_user_can('manag
574
 
575
  $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
576
 
577
- if ( $HFiles_options['bps_htaccess_files'] == 'disabled' ) {
578
  echo $bps_topDiv;
579
  $text = '<font color="blue"><strong>'.__('htaccess Files Disabled: Root htaccess file writing is disabled. ', 'bulletproof-security').'</strong></font>'.__('Click this link for help information: ', 'bulletproof-security').'<a href="https://forum.ait-pro.com/forums/topic/htaccess-files-disabled-setup-wizard-enable-disable-htaccess-files/" target="_blank" title="htaccess Files Disabled Forum Topic">'.__('htaccess Files Disabled Forum Topic', 'bulletproof-security').'</a><br>';
580
  echo $text;
581
  echo $bps_bottomDiv;
582
- return;
583
  }
584
 
585
  $options = get_option('bulletproof_security_options_autolock');
@@ -658,12 +695,12 @@ if ( isset( $_POST['Submit-RBM-Activate-Network'] ) && current_user_can('manage_
658
 
659
  $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
660
 
661
- if ( $HFiles_options['bps_htaccess_files'] == 'disabled' ) {
662
  echo $bps_topDiv;
663
  $text = '<font color="blue"><strong>'.__('htaccess Files Disabled: Root htaccess file writing is disabled. ', 'bulletproof-security').'</strong></font>'.__('Click this link for help information: ', 'bulletproof-security').'<a href="https://forum.ait-pro.com/forums/topic/htaccess-files-disabled-setup-wizard-enable-disable-htaccess-files/" target="_blank" title="htaccess Files Disabled Forum Topic">'.__('htaccess Files Disabled Forum Topic', 'bulletproof-security').'</a><br>';
664
  echo $text;
665
  echo $bps_bottomDiv;
666
- return;
667
  }
668
 
669
  $stringReplace = file_get_contents($bps_auto_write_secure_file);
10
  // BEGIN HTACCESS FILE WRITING
11
  /*****************************/
12
  function bpsPro_network_domain_check() {
13
+ global $wpdb;
14
+
15
  if ( $wpdb->get_var( "SHOW TABLES LIKE '$wpdb->site'" ) )
16
  return $wpdb->get_var( "SELECT domain FROM $wpdb->site ORDER BY id ASC LIMIT 1" );
17
  return false;
18
  }
19
 
20
  function bpsPro_get_clean_basedomain() {
21
+
22
  if ( $existing_domain = bpsPro_network_domain_check() )
23
+ return $existing_domain;
24
+
25
+ $domain = preg_replace( '|https?://|', '', get_option( 'siteurl' ) );
26
+
27
  if ( $slash = strpos( $domain, '/' ) )
28
  $domain = substr( $domain, 0, $slash );
29
  return $domain;
31
 
32
  if ( is_multisite() ) {
33
 
34
+ $hostname = bpsPro_get_clean_basedomain();
35
+ $slashed_home = trailingslashit( get_option( 'home' ) );
36
+ $base = parse_url( $slashed_home, PHP_URL_PATH );
37
+ $document_root_fix = str_replace( '\\', '/', realpath( $_SERVER['DOCUMENT_ROOT'] ) );
38
+ $abspath_fix = str_replace( '\\', '/', ABSPATH );
39
+ $home_path = 0 === strpos( $abspath_fix, $document_root_fix ) ? $document_root_fix . $base : get_home_path();
40
+ $wp_siteurl_subdir = preg_replace( '#^' . preg_quote( $home_path, '#' ) . '#', '', $abspath_fix );
41
+ $rewrite_base = ! empty( $wp_siteurl_subdir ) ? ltrim( trailingslashit( $wp_siteurl_subdir ), '/' ) : '';
42
+ $subdomain_install = is_subdomain_install();
43
+ $subdir_match = $subdomain_install ? '' : '([_0-9a-zA-Z-]+/)?';
44
+ $subdir_replacement_01 = $subdomain_install ? '' : '$1';
45
+ $subdir_replacement_12 = $subdomain_install ? '$1' : '$2';
46
 
47
  $ms_files_rewriting = '';
48
 
52
  }
53
  }
54
 
55
+ $BPSCustomCodeOptions = get_option('bulletproof_security_options_customcode');
56
+ $Apache_Mod_options = get_option('bulletproof_security_options_apache_modules');
57
+ $bps_auto_write_default_file = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/default.htaccess';
58
+
59
+ $bpsFailMessageDef = '<font color="#fb0101"><strong>'.__('The file ', 'bulletproof-security').$bps_auto_write_default_file.__(' is not writable or does not exist.', 'bulletproof-security').'</strong></font><br><strong>'.__('Check that the file is named default.htaccess and that the file exists in the /bulletproof-security/admin/htaccess master folder. If this is not the problem click ', 'bulletproof-security').'<a href="https://forum.ait-pro.com/read-me-first/" target="_blank">'.__('HERE', 'bulletproof-security').'</a>'.__(' to go the the BulletProof Security Forum.', 'bulletproof-security').'</strong><br>';
60
+
61
+ ## IMPORTANT!!! Do not indent this code below. Whitespace will be created in the htaccess files.
62
+ ## At a later time, strip out any whitespace.
63
 
64
+ if ( ! is_multisite() && isset($BPSCustomCodeOptions['bps_customcode_wp_rewrite_start']) && $BPSCustomCodeOptions['bps_customcode_wp_rewrite_start'] != '' ) {
65
  $bpsBeginWP = "# CUSTOM CODE WP REWRITE LOOP START\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_wp_rewrite_start'], ENT_QUOTES ) . "\n\n";
66
+
67
  } else {
68
+
69
  $bpsBeginWP = "# WP REWRITE LOOP START
70
  RewriteEngine On
71
  RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
94
 
95
  // Network/Multisite all site types and versions
96
  if ( is_multisite() ) {
97
+
98
+ if ( isset($BPSCustomCodeOptions['bps_customcode_wp_rewrite_start']) && $BPSCustomCodeOptions['bps_customcode_wp_rewrite_start'] != '' ) {
99
  $bpsMUSDirTop = "# CUSTOM CODE WP REWRITE LOOP START\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_wp_rewrite_start'], ENT_QUOTES ) . "\n\n";
100
+
101
  } else {
102
+
103
  $bpsMUSDirTop = "# WP REWRITE LOOP START
104
  RewriteEngine On
105
  RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
111
  }
112
 
113
  // Network/Multisite all site types and versions
114
+ if ( isset($BPSCustomCodeOptions['bps_customcode_wp_rewrite_end']) && $BPSCustomCodeOptions['bps_customcode_wp_rewrite_end'] != '' ) {
115
  $bpsMUSDirBottom = "# CUSTOM CODE WP REWRITE LOOP END\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_wp_rewrite_end'], ENT_QUOTES ) . "\n\n";
116
+
117
  } else {
118
+
119
  $bpsMUSDirBottom = "RewriteCond %{REQUEST_FILENAME} -f [OR]
120
  RewriteCond %{REQUEST_FILENAME} -d
121
  RewriteRule ^ - [L]
136
 
137
  $bps_secure_content_top = "# BULLETPROOF $bps_version SECURE .HTACCESS \n\n";
138
 
139
+ if ( isset($BPSCustomCodeOptions['bps_customcode_one']) && $BPSCustomCodeOptions['bps_customcode_one'] != '' ) {
140
  $bps_secure_phpini_cache = "# CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_one'], ENT_QUOTES ) . "\n\n";
141
+
142
  } else {
143
+
144
  $bps_secure_phpini_cache = "# PHP/PHP.INI HANDLER/CACHE CODE
145
  # Use BPS Custom Code to add php/php.ini Handler and Cache htaccess code and to save it permanently.
146
  # Most Hosts do not have/use/require php/php.ini Handler htaccess code\n\n";
147
  }
148
 
149
+ if ( isset($BPSCustomCodeOptions['bps_customcode_server_signature']) && $BPSCustomCodeOptions['bps_customcode_server_signature'] != '' ) {
150
  $bps_server_signature = "# CUSTOM CODE TURN OFF YOUR SERVER SIGNATURE\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_server_signature'], ENT_QUOTES ) . "\n\n";
151
+
152
  } else {
153
+
154
  $bps_server_signature = "# TURN OFF YOUR SERVER SIGNATURE
155
  # Suppresses the footer line server version number and ServerName of the serving virtual host
156
  ServerSignature Off\n\n";
157
  }
158
 
159
+ if ( isset($BPSCustomCodeOptions['bps_customcode_directory_index']) && $BPSCustomCodeOptions['bps_customcode_directory_index'] != '' ) {
160
  $bps_secure_directory_list_index = "# CUSTOM CODE DIRECTORY LISTING/DIRECTORY INDEX\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_directory_index'], ENT_QUOTES ) . "\n\n";
161
+
162
  } else {
163
+
164
  $bps_secure_directory_list_index = "# DO NOT SHOW DIRECTORY LISTING
165
  # Disallow mod_autoindex from displaying a directory listing
166
  # If a 500 Internal Server Error occurs when activating Root BulletProof Mode
179
  DirectoryIndex index.php index.html /index.php\n\n";
180
  }
181
 
182
+ if ( isset($BPSCustomCodeOptions['bps_customcode_server_protocol']) && $BPSCustomCodeOptions['bps_customcode_server_protocol'] != '' ) {
183
  $bps_secure_brute_force_login = "# CUSTOM CODE BRUTE FORCE LOGIN PAGE PROTECTION\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_server_protocol'], ENT_QUOTES ) . "\n\n";
184
+
185
  } else {
186
+
187
  $bps_secure_brute_force_login = "# BRUTE FORCE LOGIN PAGE PROTECTION
188
  # PLACEHOLDER ONLY
189
  # Use BPS Custom Code to add Brute Force Login protection code and to save it permanently.
191
  # for more information.\n\n";
192
  }
193
 
194
+ if ( isset($BPSCustomCodeOptions['bps_customcode_error_logging']) && $BPSCustomCodeOptions['bps_customcode_error_logging'] != '' ) {
195
  $bps_secure_error_logging = "# CUSTOM CODE ERROR LOGGING AND TRACKING\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_error_logging'], ENT_QUOTES ) . "\n\n";
196
  } else {
197
+
198
  $bps_secure_error_logging = "# BPS ERROR LOGGING AND TRACKING
199
  # Use BPS Custom Code to modify/edit/change this code and to save it permanently.
200
  # BPS has premade 400 Bad Request, 403 Forbidden, 404 Not Found, 405 Method Not Allowed and
218
  ErrorDocument 410 " . $bps_get_wp_root_secure . $bps_plugin_dir . "/bulletproof-security/410.php\n\n";
219
  }
220
 
221
+ if ( isset($BPSCustomCodeOptions['bps_customcode_deny_dot_folders']) && $BPSCustomCodeOptions['bps_customcode_deny_dot_folders'] != '' ) {
222
  $bps_secure_dot_server_files = "# CUSTOM CODE DENY ACCESS TO PROTECTED SERVER FILES AND FOLDERS\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_deny_dot_folders'], ENT_QUOTES ) . "\n\n";
223
+
224
  } else {
225
+
226
  $bps_secure_dot_server_files = "# DENY ACCESS TO PROTECTED SERVER FILES AND FOLDERS
227
  # Use BPS Custom Code to modify/edit/change this code and to save it permanently.
228
  # Files and folders starting with a dot: .htaccess, .htpasswd, .errordocs, .logs
229
  RedirectMatch 403 \.(htaccess|htpasswd|errordocs|logs)$\n\n";
230
  }
231
 
232
+ if ( isset($BPSCustomCodeOptions['bps_customcode_admin_includes']) && $BPSCustomCodeOptions['bps_customcode_admin_includes'] != '' ) {
233
  $bps_secure_content_wpadmin = "# CUSTOM CODE WP-ADMIN/INCLUDES\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_admin_includes'], ENT_QUOTES ) . "\n\n";
234
+
235
  } else {
236
+
237
  $bps_secure_content_wpadmin = "# WP-ADMIN/INCLUDES
238
  # Use BPS Custom Code to remove this code permanently.
239
  RewriteEngine On
245
  RewriteRule ^wp-includes/theme-compat/ - [F]\n\n";
246
  }
247
 
248
+ if ( isset($BPSCustomCodeOptions['bps_customcode_request_methods']) && $BPSCustomCodeOptions['bps_customcode_request_methods'] != '' ) {
249
  $bps_secure_request_methods = "\n# CUSTOM CODE REQUEST METHODS FILTERED\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_request_methods'], ENT_QUOTES)."\n\n";
250
+
251
  } else {
252
+
253
  $bps_secure_request_methods = "\n# REQUEST METHODS FILTERED
254
  # If you want to allow HEAD Requests use BPS Custom Code and copy
255
  # this entire REQUEST METHODS FILTERED section of code to this BPS Custom Code
271
 
272
  // Plugin/Theme skip/bypass rules
273
  $bps_secure_plugins_themes_skip_rules = '';
274
+
275
+ if ( isset($BPSCustomCodeOptions['bps_customcode_two']) && $BPSCustomCodeOptions['bps_customcode_two'] != '' ) {
276
  $bps_secure_plugins_themes_skip_rules = "# CUSTOM CODE PLUGIN/THEME SKIP/BYPASS RULES\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_two'], ENT_QUOTES ) . "\n\n";
277
  }
278
 
307
  RewriteCond %{QUERY_STRING} action=rp&key=(.*) [NC]
308
  RewriteRule . - [S=3]\n\n";
309
 
310
+ if ( isset($BPSCustomCodeOptions['bps_customcode_timthumb_misc']) && $BPSCustomCodeOptions['bps_customcode_timthumb_misc'] != '' ) {
311
  $bps_secure_timthumb_misc = "# CUSTOM CODE TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_timthumb_misc'], ENT_QUOTES ) . "\n\n";
312
+
313
  } else {
314
+
315
  $bps_secure_timthumb_misc = "# TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE
316
  # Use BPS Custom Code to modify/edit/change this code and to save it permanently.
317
  # Remote File Inclusion (RFI) security rules
327
  RewriteRule . - [S=1]\n\n";
328
  }
329
 
330
+ if ( isset($BPSCustomCodeOptions['bps_customcode_bpsqse']) && $BPSCustomCodeOptions['bps_customcode_bpsqse'] != '' ) {
331
  $bps_secure_BPSQSE = "# CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_bpsqse'], ENT_QUOTES ) . "\n\n";
332
+
333
  } else {
334
+
335
  $bps_secure_BPSQSE = "# BEGIN BPSQSE BPS QUERY STRING EXPLOITS
336
  # The libwww-perl User Agent is forbidden - Many bad bots use libwww-perl modules, but some good bots use it too.
337
  # Good sites such as W3C use it for their W3C-LinkChecker.
391
  RewriteRule . " . $bps_get_wp_root_secure . "index.php [L]
392
  # WP REWRITE LOOP END\n";
393
 
394
+ if ( isset($BPSCustomCodeOptions['bps_customcode_deny_files']) && $BPSCustomCodeOptions['bps_customcode_deny_files'] != '' ) {
395
  $bps_secure_deny_browser_access = "\n# CUSTOM CODE DENY BROWSER ACCESS TO THESE FILES\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_deny_files'], ENT_QUOTES ) . "\n\n";
396
 
397
  } else {
398
 
399
+ if ( isset($Apache_Mod_options['bps_apache_mod_ifmodule']) && $Apache_Mod_options['bps_apache_mod_ifmodule'] == 'Yes' ) {
400
+
401
+ $bps_secure_deny_browser_access = "\n# DENY BROWSER ACCESS TO THESE FILES
402
  # Use BPS Custom Code to modify/edit/change this code and to save it permanently.
403
  # wp-config.php, bb-config.php, php.ini, php5.ini, readme.html
404
  # To be able to view these files from a Browser, replace 127.0.0.1 with your actual
420
  </IfModule>
421
  </IfModule>
422
  </FilesMatch>\n\n";
423
+
424
+ } else {
425
 
426
+ $bps_secure_deny_browser_access = "\n# DENY BROWSER ACCESS TO THESE FILES
 
 
427
  # Use BPS Custom Code to modify/edit/change this code and to save it permanently.
428
  # wp-config.php, bb-config.php, php.ini, php5.ini, readme.html
429
  # To be able to view these files from a Browser, replace 127.0.0.1 with your actual
435
  Deny from all
436
  #Allow from 127.0.0.1
437
  </FilesMatch>\n\n";
438
+ }
439
  }
440
 
441
  // CUSTOM CODE BOTTOM
442
  $bps_secure_bottom_misc_code = '';
443
+
444
+ if ( isset($BPSCustomCodeOptions['bps_customcode_three']) && $BPSCustomCodeOptions['bps_customcode_three'] != '' ) {
445
  $bps_secure_bottom_misc_code = "# CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_three'], ENT_QUOTES ) . "\n\n";
446
+
447
  } else {
448
+
449
  $bps_secure_bottom_misc_code = "# HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE
450
  # PLACEHOLDER ONLY
451
  # Use BPS Custom Code to add custom code and save it permanently here.\n";
458
 
459
  $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
460
 
461
+ if ( isset($HFiles_options['bps_htaccess_files']) && $HFiles_options['bps_htaccess_files'] == 'disabled' ) {
462
  echo $bps_topDiv;
463
  $text = '<font color="blue"><strong>'.__('htaccess Files Disabled: Root htaccess file writing is disabled. ', 'bulletproof-security').'</strong></font>'.__('Click this link for help information: ', 'bulletproof-security').'<a href="https://forum.ait-pro.com/forums/topic/htaccess-files-disabled-setup-wizard-enable-disable-htaccess-files/" target="_blank" title="htaccess Files Disabled Forum Topic">'.__('htaccess Files Disabled Forum Topic', 'bulletproof-security').'</a><br>';
464
  echo $text;
465
  echo $bps_bottomDiv;
466
+ return;
467
  }
468
 
469
  $options = get_option('bulletproof_security_options_autolock');
542
 
543
  $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
544
 
545
+ if ( isset($HFiles_options['bps_htaccess_files']) && $HFiles_options['bps_htaccess_files'] == 'disabled' ) {
546
  echo $bps_topDiv;
547
  $text = '<font color="blue"><strong>'.__('htaccess Files Disabled: Root htaccess file writing is disabled. ', 'bulletproof-security').'</strong></font>'.__('Click this link for help information: ', 'bulletproof-security').'<a href="https://forum.ait-pro.com/forums/topic/htaccess-files-disabled-setup-wizard-enable-disable-htaccess-files/" target="_blank" title="htaccess Files Disabled Forum Topic">'.__('htaccess Files Disabled Forum Topic', 'bulletproof-security').'</a><br>';
548
  echo $text;
549
  echo $bps_bottomDiv;
550
+ return;
551
  }
552
 
553
  $stringReplace = file_get_contents($bps_auto_write_secure_file);
611
 
612
  $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
613
 
614
+ if ( isset($HFiles_options['bps_htaccess_files']) && $HFiles_options['bps_htaccess_files'] == 'disabled' ) {
615
  echo $bps_topDiv;
616
  $text = '<font color="blue"><strong>'.__('htaccess Files Disabled: Root htaccess file writing is disabled. ', 'bulletproof-security').'</strong></font>'.__('Click this link for help information: ', 'bulletproof-security').'<a href="https://forum.ait-pro.com/forums/topic/htaccess-files-disabled-setup-wizard-enable-disable-htaccess-files/" target="_blank" title="htaccess Files Disabled Forum Topic">'.__('htaccess Files Disabled Forum Topic', 'bulletproof-security').'</a><br>';
617
  echo $text;
618
  echo $bps_bottomDiv;
619
+ return;
620
  }
621
 
622
  $options = get_option('bulletproof_security_options_autolock');
695
 
696
  $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
697
 
698
+ if ( isset($HFiles_options['bps_htaccess_files']) && $HFiles_options['bps_htaccess_files'] == 'disabled' ) {
699
  echo $bps_topDiv;
700
  $text = '<font color="blue"><strong>'.__('htaccess Files Disabled: Root htaccess file writing is disabled. ', 'bulletproof-security').'</strong></font>'.__('Click this link for help information: ', 'bulletproof-security').'<a href="https://forum.ait-pro.com/forums/topic/htaccess-files-disabled-setup-wizard-enable-disable-htaccess-files/" target="_blank" title="htaccess Files Disabled Forum Topic">'.__('htaccess Files Disabled Forum Topic', 'bulletproof-security').'</a><br>';
701
  echo $text;
702
  echo $bps_bottomDiv;
703
+ return;
704
  }
705
 
706
  $stringReplace = file_get_contents($bps_auto_write_secure_file);
admin/core/core.php CHANGED
@@ -1,11 +1,5 @@
1
  <?php
2
  // Direct calls to this file are Forbidden when core files are not present
3
- if ( ! function_exists('add_action') ) {
4
- header('Status: 403 Forbidden');
5
- header('HTTP/1.1 403 Forbidden');
6
- exit();
7
- }
8
-
9
  if ( ! current_user_can('manage_options') ) {
10
  header('Status: 403 Forbidden');
11
  header('HTTP/1.1 403 Forbidden');
@@ -169,7 +163,7 @@ $bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2
169
  $bps_bottomDiv = '</p></div>';
170
 
171
  // General all purpose "Settings Saved." message for forms
172
- if ( current_user_can('manage_options') && wp_script_is( 'bps-accordion', $list = 'queue' ) ) {
173
  if ( isset( $_GET['settings-updated'] ) && $_GET['settings-updated'] == true) {
174
  $text = '<p style="font-size:1em;font-weight:bold;padding:2px 0px 2px 5px;margin:0px -11px 0px -11px;background-color:#dfecf2;-webkit-box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);""><font color="green"><strong>'.__('Settings Saved', 'bulletproof-security').'</strong></font></p>';
175
  echo $text;
@@ -214,8 +208,6 @@ require_once WP_PLUGIN_DIR . '/bulletproof-security/admin/core/core-htaccess-cod
214
  <tr>
215
  <td class="bps-table_cell_help">
216
 
217
- <?php if ( ! current_user_can('manage_options') ) { _e('Permission Denied', 'bulletproof-security'); } else { ?>
218
-
219
  <h3 style="margin-top:0px"><?php _e('Root Folder BulletProof Mode (RBM)', 'bulletproof-security'); ?> <button id="bps-open-modal1" class="button bps-modal-button">
220
  <img src="<?php echo plugins_url('/bulletproof-security/admin/images/question-mark-large.jpg'); ?>" style="margin:0px 0px 0px -10px" /></button></h3>
221
 
@@ -541,7 +533,7 @@ function bpsPro_hpf_status() {
541
  echo '<option value="Off"'. selected('Off', $bps_hidden_plugins_cron).'>'.__('HPF Cron Off', 'bulletproof-security').'</option>';
542
  echo '</select>';
543
 
544
- echo "<p style=\"margin-top:14px\"><input type=\"submit\" name=\"Submit-Hidden-Plugins\" value=\"".__('Save HPF Cron Options', 'bulletproof-security')."\" class=\"button bps-button\" onclick=\"return confirm('".__('The default Cron Frequency is: Run Check Every 15 Minutes. This is a lightweight check that uses an insignificant amount of resources/memory so 4 checks per hour will not cause any performance issues whatsoever.\n\n-------------------------------------------------------------\n\nEven choosing Run Check Every 1 Minute would not cause any significant performance issues whatsoever.\n\n-------------------------------------------------------------\n\nClick OK to proceed or click Cancel', 'bulletproof-security')."')\" /></p></form>";
545
 
546
  $scrolltoHiddenPlugins = isset($_REQUEST['scrolltoHiddenPlugins']) ? (int) $_REQUEST['scrolltoHiddenPlugins'] : 0;
547
 
@@ -555,13 +547,13 @@ $hover_icon_hpf = '<strong><font color="black"><span class="tooltip-250-120"><im
555
  <form name="Hidden-Plugins" action="<?php echo admin_url( 'admin.php?page=bulletproof-security/admin/core/core.php' ); ?>" method="post">
556
  <?php wp_nonce_field('bulletproof_security_hpf_cron_ignore'); ?>
557
  <?php $hpfi_options = get_option('bulletproof_security_options_hidden_plugins');
558
- $bps_hidden_plugins_check = ! isset($hpfi_options['bps_hidden_plugins_check']) ? '' : esc_html( trim( $hpfi_options['bps_hidden_plugins_check'], ", \t\n\r") );
559
  ?>
560
 
561
  <div id="HPF4" style="position:relative;top:0px;left:0px;margin:10px 0px 10px 0px;">
562
  <strong><label><?php _e('Ignore Hidden Plugin Folders & Files:', 'bulletproof-security'); echo $hover_icon_hpf; ?></label></strong>
563
 
564
- <textarea class="PFW-Allow-From-Text-Area" name="bps_hidden_plugins_check" style="margin-top:5px;" tabindex="1"><?php echo $bps_hidden_plugins_check; ?></textarea>
565
  <input type="hidden" name="scrolltoHiddenPlugins" id="scrolltoHiddenPlugins" value="<?php echo esc_html( $scrolltoHiddenPlugins ); ?>" />
566
  </div>
567
 
@@ -811,8 +803,6 @@ function bpsPro_bbm_status() {
811
  </td>
812
  </tr>
813
  </table>
814
-
815
- <?php } ?>
816
  </div>
817
 
818
  <div id="bps-tabs-6" class="bps-tab-page">
@@ -841,8 +831,6 @@ function bpsPro_bbm_status() {
841
  </p>
842
  </div>
843
 
844
- <?php if ( ! current_user_can('manage_options') ) { _e('Permission Denied', 'bulletproof-security'); } else { ?>
845
-
846
  <table width="100%" border="0">
847
  <tr>
848
  <td colspan="2">
@@ -931,7 +919,7 @@ bpsPro_secure_htaccess_write_check();
931
  exit;
932
  }
933
 
934
- if ( fwrite($handle, $newcontent1) === FALSE ) {
935
  exit;
936
  }
937
 
@@ -1021,7 +1009,7 @@ bpsPro_default_htaccess_write_check();
1021
  exit;
1022
  }
1023
 
1024
- if ( fwrite($handle, $newcontent2) === FALSE ) {
1025
  exit;
1026
  }
1027
 
@@ -1135,7 +1123,7 @@ bpsPro_wpadmin_secure_htaccess_write_check();
1135
  exit;
1136
  }
1137
 
1138
- if ( fwrite($handle, $newcontent4) === FALSE ) {
1139
  exit;
1140
  }
1141
 
@@ -1225,7 +1213,7 @@ bpsPro_root_htaccess_write_check();
1225
  exit;
1226
  }
1227
 
1228
- if ( fwrite($handle, $newcontent5) === FALSE ) {
1229
  exit;
1230
  }
1231
 
@@ -1324,7 +1312,7 @@ bpsPro_wpadmin_htaccess_write_check();
1324
  exit;
1325
  }
1326
 
1327
- if ( fwrite($handle, $newcontent6) === FALSE ) {
1328
  exit;
1329
  }
1330
 
@@ -1460,7 +1448,7 @@ $scrollto6 = isset($_REQUEST['scrollto6']) ? (int) $_REQUEST['scrollto6'] : 0;
1460
  $secure_htaccess_file = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/secure.htaccess';
1461
  ?>
1462
  <div>
1463
- <textarea id="crypt21" class="bps-text-area-600x700" name="newcontent1" id="newcontent1" tabindex="1"><?php echo bps_get_secure_htaccess(); ?></textarea>
1464
  <input type="hidden" name="action" value="update" />
1465
  <input type="hidden" name="filename" value="<?php echo esc_attr( $secure_htaccess_file ) ?>" />
1466
  <input type="hidden" name="scrollto1" id="scrollto1" value="<?php echo esc_html( $scrollto1 ); ?>" />
@@ -1534,7 +1522,7 @@ function bpsSecureFileDecrypt() {
1534
  $default_htaccess_file = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/default.htaccess';
1535
  ?>
1536
  <div>
1537
- <textarea id="crypt22" class="bps-text-area-600x700" name="newcontent2" id="newcontent2" tabindex="2"><?php echo bps_get_default_htaccess(); ?></textarea>
1538
  <input type="hidden" name="action" value="update" />
1539
  <input type="hidden" name="filename" value="<?php echo esc_attr( $default_htaccess_file ) ?>" />
1540
  <input type="hidden" name="scrollto2" id="scrollto2" value="<?php echo esc_html( $scrollto2 ); ?>" />
@@ -1608,7 +1596,7 @@ function bpsDefaultFileDecrypt() {
1608
  $wpadmin_htaccess_file = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/wpadmin-secure.htaccess';
1609
  ?>
1610
  <div>
1611
- <textarea id="crypt23" class="bps-text-area-600x700" name="newcontent4" id="newcontent4" tabindex="4"><?php echo bps_get_wpadmin_htaccess(); ?></textarea>
1612
  <input type="hidden" name="action" value="update" />
1613
  <input type="hidden" name="filename" value="<?php echo esc_attr( $wpadmin_htaccess_file ) ?>" />
1614
  <input type="hidden" name="scrollto4" id="scrollto4" value="<?php echo esc_html( $scrollto4 ); ?>" />
@@ -1707,7 +1695,7 @@ function bpsStatusRHE() {
1707
  $perms = '';
1708
  ?>
1709
  <div>
1710
- <textarea id="crypt26" class="bps-text-area-600x700" name="newcontent5" id="newcontent5" tabindex="5"><?php echo bps_get_root_htaccess(); ?></textarea>
1711
  <input type="hidden" name="action" value="update" />
1712
  <input type="hidden" name="filename" value="<?php echo esc_attr( $root_htaccess_file ) ?>" />
1713
  <input type="hidden" name="scrollto5" id="scrollto5" value="<?php echo esc_html( $scrollto5 ); ?>" />
@@ -1789,7 +1777,7 @@ function bpsRootFileDecrypt() {
1789
  $current_wpadmin_htaccess_file = ABSPATH . 'wp-admin/.htaccess';
1790
  ?>
1791
  <div>
1792
- <textarea id="crypt27" class="bps-text-area-600x700" name="newcontent6" id="newcontent6" tabindex="6"><?php echo bps_get_current_wpadmin_htaccess_file(); ?></textarea>
1793
  <input type="hidden" name="action" value="update" />
1794
  <input type="hidden" name="filename" value="<?php echo esc_attr( $current_wpadmin_htaccess_file ) ?>" />
1795
  <input type="hidden" name="scrollto6" id="scrollto6" value="<?php echo esc_html( $scrollto6 ); ?>" />
@@ -1862,8 +1850,6 @@ function bpsWpadminFileDecrypt() {
1862
  </tr>
1863
  </table>
1864
 
1865
- <?php } ?>
1866
-
1867
  </td>
1868
  </tr>
1869
  </table>
@@ -1910,28 +1896,14 @@ function bpsWpadminFileDecrypt() {
1910
  <td style="width:615px;">
1911
 
1912
  <?php
1913
- if ( ! current_user_can('manage_options') ) {
1914
- _e('Permission Denied', 'bulletproof-security');
1915
-
1916
- } else {
1917
 
1918
  require_once WP_PLUGIN_DIR . '/bulletproof-security/admin/core/core-custom-code.php';
1919
- }
1920
  ?>
1921
 
1922
  </td>
1923
  <td>
1924
 
1925
- <?php
1926
- if ( ! current_user_can('manage_options') ) {
1927
- _e('Permission Denied', 'bulletproof-security');
1928
-
1929
- } else {
1930
-
1931
- require_once WP_PLUGIN_DIR . '/bulletproof-security/admin/core/core-export-import.php';
1932
- }
1933
- ?>
1934
-
1935
  <div id="CC-Import" style="margin-top:18px">
1936
  <form name="bpsImport" action="<?php echo admin_url( 'admin.php?page=bulletproof-security/admin/core/core.php#bps-tabs-7' ); ?>" method="post" enctype="multipart/form-data">
1937
  <?php wp_nonce_field('bulletproof_security_cc_import'); ?>
@@ -1972,7 +1944,6 @@ $text = __('Clicking OK will Export (copy) all of your Root and wp-admin Custom
1972
 
1973
  <div id="bps-tabs-9" class="bps-tab-page">
1974
 
1975
- <?php if ( ! current_user_can('manage_options') ) { _e('Permission Denied', 'bulletproof-security'); } else { ?>
1976
  <table width="100%" border="0" cellspacing="0" cellpadding="0" class="bps-help_faq_table">
1977
  <tr>
1978
  <td class="bps-table_title"></td>
@@ -2027,10 +1998,13 @@ global $bps_topDiv, $bps_bottomDiv;
2027
  <?php
2028
  wp_nonce_field('bulletproof_security_My_Notes');
2029
  bpsPro_My_Notes_values_form();
2030
- $My_Notes_options = get_option('bulletproof_security_options_mynotes');
 
 
 
2031
  ?>
2032
 
2033
- <textarea id="crypt20" class="bps-text-area-600x700" name="bps_my_notes" tabindex="1"><?php if ( ! empty( $My_Notes_options['bps_my_notes'] ) ) { echo $My_Notes_options['bps_my_notes']; } ?></textarea>
2034
  <input type="hidden" name="scrolltoNotes" value="<?php echo esc_html( $scrolltoNotes ); ?>" />
2035
 
2036
  <?php echo '<div id="bps-my-notes-tooltip"><label for="bps-mscan-label" style="">'.__('If you are unable to save custom htaccess code and/or see an error message when trying to save custom htaccess code, ', 'bulletproof-security').'<br>'.__('click the Encrypt My Notes button first and then click the Save My Notes button.', 'bulletproof-security').'<br>'.__('Mouse over the question mark image to the right for help info.', 'bulletproof-security').'</label><strong><font color="black"><span class="tooltip-350-250"><img src="'.plugins_url('/bulletproof-security/admin/images/question-mark.png').'" style="position:relative;top:3px;left:5px;" /><span>'.__('If your web host currently has ModSecurity installed or installs ModSecurity at a later time then ModSecurity will prevent you from saving your custom htaccess code unless you encrypt it first by clicking the Encrypt My Notes button.', 'bulletproof-security').'<br><br>'.__('If you click the Encrypt My Notes button, but then want to add or edit additional custom code click the Decrypt My Notes button. After you are done adding or editing custom code click the Encrypt My Notes button before clicking the Save My Notes button.', 'bulletproof-security').'<br><br>'.__('Click the Custom Code Question Mark help button for more help info.', 'bulletproof-security').'</span></span></font></strong></div>'; ?>
@@ -2096,7 +2070,6 @@ function bpsMyNotesDecrypt() {
2096
  </td>
2097
  </tr>
2098
  </table>
2099
- <?php } ?>
2100
  </div>
2101
 
2102
  <div id="bps-tabs-10">
@@ -2104,7 +2077,7 @@ function bpsMyNotesDecrypt() {
2104
  <table width="100%" border="0" cellspacing="0" cellpadding="0" class="bps-whats_new_table">
2105
  <tr>
2106
  <td class="bps-table_title_no_border">
2107
- <h2><?php _e('Whats New in ', 'bulletproof-security'); ?><?php echo $bps_version; _e(' and General Help Info & Tips', 'bulletproof-security'); ?></h2>
2108
  </td>
2109
  </tr>
2110
  <tr>
@@ -2115,7 +2088,7 @@ function bpsMyNotesDecrypt() {
2115
 
2116
  $bpsPro_text = '<h3><span class="blue-bold">'.__('Want even more security protection for the ridiculously cheap one-time price of $69.95', 'bulletproof-security').'<br><br>'.__('BPS Pro comes with free unlimited installations, upgrades & support for life. No yearly subscriptions or additional costs.', 'bulletproof-security').'<br><br>'.__('BBS Pro has an amazing track record. BPS Pro is installed on 60,000+ websites. Not a single one of those websites has been hacked in 10+ years.', 'bulletproof-security').'<br><br><a href="https://affiliates.ait-pro.com/po/" target="_blank" title="Get BPS Pro">'.__('Get BPS Pro', 'bulletproof-security').'</a><br><a href="https://www.ait-pro.com/bps-features/" target="_blank" title="BPS Pro Features">'.__('BPS Pro Features', 'bulletproof-security').'</a></span></h3>';
2117
  echo $bpsPro_text;
2118
- ?>
2119
 
2120
  </td>
2121
  </tr>
@@ -2132,7 +2105,7 @@ function bpsMyNotesDecrypt() {
2132
  <td class="bps-table_cell_no_border"></td>
2133
  </tr>
2134
  <tr>
2135
- <td class="bps-table_cell_no_border" style="font-size:1.13em"><?php $text = __('BPS Video Tutorials|Setup Wizard: ', 'bulletproof-security').'<strong><a href="https://forum.ait-pro.com/video-tutorials/" target="_blank" title="BPS Video Tutorials">BPS Pro Video Tutorials</a></strong><br><br>'; echo $text; ?></td>
2136
  </tr>
2137
  <tr>
2138
  <td class="bps-table_cell_no_border"></td>
@@ -2177,16 +2150,16 @@ function bpsMyNotesDecrypt() {
2177
  <tr>
2178
  <td width="62%" valign="top" class="bps-table_cell_help">
2179
 
2180
- <div id="bpsProLogo"><a href="https://affiliates.ait-pro.com/po/" target="_blank" title="Get BulletProof Security Pro">
2181
- <img src="<?php echo plugins_url('/bulletproof-security/admin/images/bpspro-plugin-logo.jpg'); ?>" /></a>
2182
  </div>
2183
 
2184
  <div id="bpsProText">
2185
  <?php $text = '<h3><span class="blue-bold">'.__('The Ultimate Security Protection', 'bulletproof-security').'</span></h3>'; echo $text; ?>
2186
 
2187
  <div id="bpsProLinks">
2188
- <div class="pro-links"><a href="https://forum.ait-pro.com/video-tutorials/" target="_blank" title="Link Opens in New Browser Window"><?php _e('BPS Pro One-Click Setup Wizard & Demo Video Tutorial', 'bulletproof-security'); ?></a></div><br /><br />
2189
- <div class="pro-links"><a href="https://www.ait-pro.com/bps-features/" target="_blank" title="Link Opens in New Browser Window"><?php _e('View All BPS Pro Features', 'bulletproof-security'); ?></a></div>
2190
  </div>
2191
  </div>
2192
 
@@ -2235,10 +2208,13 @@ $text = '<h3><span class="blue-bold">'.__('Want even more security protection fo
2235
 
2236
  <div id="bpsProVersions" style="height:650px;overflow:auto;border-left:1px solid #cdcdcd;border-bottom:1px solid #cdcdcd">
2237
 
2238
- <a href="https://forum.ait-pro.com/forums/topic/bulletproof-security-pro-version-release-dates/" target="_blank" title="Link Opens in New Browser Window" style="font-size:22px;"><?php _e('BPS Pro Version Release Dates', 'bulletproof-security'); ?></a><br /><br />
 
 
2239
 
2240
  <div class="pro-links">
2241
  <?php
 
2242
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '16.2', 'https://www.ait-pro.com/aitpro-blog/5741/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-16-2/' ).'<br>';
2243
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '16.1', 'https://www.ait-pro.com/aitpro-blog/5737/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-16-1/' ).'<br>';
2244
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '16', 'https://www.ait-pro.com/aitpro-blog/5733/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-16/' ).'<br>';
@@ -2246,7 +2222,7 @@ $text = '<h3><span class="blue-bold">'.__('Want even more security protection fo
2246
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '15.8', 'https://www.ait-pro.com/aitpro-blog/5718/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-15-8/' ).'<br>';
2247
  ?>
2248
  </div>
2249
- <div id="milestone">10 Year Milestone: 8-1-2021 | First Public Release: 8-1-2011</div>
2250
  <div class="pro-links">
2251
  <?php
2252
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '15.6/15.7', 'https://www.ait-pro.com/aitpro-blog/5704/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-15-6/' ).'<br>';
@@ -2261,7 +2237,7 @@ $text = '<h3><span class="blue-bold">'.__('Want even more security protection fo
2261
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '14.7', 'https://www.ait-pro.com/aitpro-blog/5650/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-14-7/' ).'<br>';
2262
  ?>
2263
  </div>
2264
- <div id="milestone">9 Year Milestone: 8-1-2020 | First Public Release: 8-1-2011</div>
2265
  <div class="pro-links">
2266
  <?php
2267
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '14.6', 'https://www.ait-pro.com/aitpro-blog/5644/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-14-6/' ).'<br>';
@@ -2272,7 +2248,7 @@ $text = '<h3><span class="blue-bold">'.__('Want even more security protection fo
2272
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '14.1', 'https://www.ait-pro.com/aitpro-blog/5567/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-14-1/' ).'<br>';
2273
  ?>
2274
  </div>
2275
- <div id="milestone">8 Year Milestone: 8-1-2019 | First Public Release: 8-1-2011</div>
2276
  <div class="pro-links">
2277
  <?php
2278
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '14', 'https://www.ait-pro.com/aitpro-blog/5551/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-14/' ).'<br>';
@@ -2280,7 +2256,7 @@ $text = '<h3><span class="blue-bold">'.__('Want even more security protection fo
2280
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '13.8', 'https://www.ait-pro.com/aitpro-blog/5537/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-13-8/' ).'<br>';
2281
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '13.7', 'https://www.ait-pro.com/aitpro-blog/5518/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-13-7/' ).'<br>'; ?>
2282
  </div>
2283
- <div id="milestone">7 Year Milestone: 8-1-2018 | First Public Release: 8-1-2011</div>
2284
  <div class="pro-links">
2285
  <?php
2286
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '13.6', 'https://www.ait-pro.com/aitpro-blog/5509/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-13-6/' ).'<br>';
@@ -2289,7 +2265,7 @@ echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Brows
2289
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '13.4', 'https://www.ait-pro.com/aitpro-blog/5485/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-13-4/' ).'<br>';
2290
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '13.3/13.3.1/13.3.2/13.3.3', 'https://www.ait-pro.com/aitpro-blog/5471/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-13-3/' ).'<br>'; ?>
2291
  </div>
2292
- <div id="milestone">6 Year Milestone: 8-1-2017 | First Public Release: 8-1-2011</div>
2293
  <div class="pro-links">
2294
  <?php
2295
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '13.2', 'https://www.ait-pro.com/aitpro-blog/5466/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-13-2/' ).'<br>';
@@ -2302,7 +2278,7 @@ echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Brows
2302
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '12.4/12.4.1', 'https://www.ait-pro.com/aitpro-blog/5287/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-12-4/' ).'<br>';
2303
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '12.3', 'https://www.ait-pro.com/aitpro-blog/5273/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-12-3/' ).'<br>'; ?>
2304
  </div>
2305
- <div id="milestone">5 Year Milestone: 8-1-2016 | First Public Release: 8-1-2011</div>
2306
  <div class="pro-links">
2307
  <?php
2308
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '12/12.1/12.2', 'https://www.ait-pro.com/aitpro-blog/5265/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-12/' ).'<br>';
@@ -2320,7 +2296,7 @@ echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Brows
2320
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '10.7', 'https://www.ait-pro.com/aitpro-blog/5177/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-10-7/' ).'<br>';
2321
  ?>
2322
  </div>
2323
- <div id="milestone">4 Year Milestone: 8-1-2015 | First Public Release: 8-1-2011</div>
2324
  <div class="pro-links">
2325
  <?php
2326
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '10.6', 'https://www.ait-pro.com/aitpro-blog/5169/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-10-6/' ).'<br>';
@@ -2339,7 +2315,7 @@ echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Brows
2339
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '9.2', 'https://www.ait-pro.com/aitpro-blog/5039/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-9-2/' ).'<br>';
2340
  ?>
2341
  </div>
2342
- <div id="milestone">3 Year Milestone: 8-1-2014 | First Public Release: 8-1-2011</div>
2343
  <div class="pro-links">
2344
  <?php
2345
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '9.1', 'https://www.ait-pro.com/aitpro-blog/5027/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-9-1/' ).'<br>';
@@ -2357,7 +2333,7 @@ echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Brows
2357
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '6.5', 'https://www.ait-pro.com/aitpro-blog/4845/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-6-5/' ).'<br>';
2358
  ?>
2359
  </div>
2360
- <div id="milestone">2 Year Milestone: 8-1-2013 | First Public Release: 8-1-2011</div>
2361
  <div class="pro-links">
2362
  <?php
2363
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '6.0', 'https://www.ait-pro.com/aitpro-blog/4827/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-6-0/' ).'<br>';
@@ -2372,7 +2348,7 @@ echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Brows
2372
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '5.1.9', 'https://www.ait-pro.com/aitpro-blog/4442/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-5-1-9/' ).'<br>';
2373
  ?>
2374
  </div>
2375
- <div id="milestone">1 Year Milestone: 8-1-2012 | First Public Release: 8-1-2011</div>
2376
  <div class="pro-links">
2377
  <?php
2378
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '5.1.8/5.1.8.1/5.1.8.2/5.1.8.3/5.1.8.4', 'https://www.ait-pro.com/aitpro-blog/4197/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-5-1-8/' ).'<br>';
@@ -2387,7 +2363,7 @@ echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Brows
2387
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '5.0', 'https://www.ait-pro.com/aitpro-blog/2835/bulletproof-security-pro/bulletproof-security-pro-features/' ).'<br>';
2388
  ?>
2389
  </div>
2390
- <div id="milestone">BPS Pro 1.0 - 4.0 | 1-1-2011 - 8-1-2011 | Private Use|Development</div>
2391
  </div>
2392
 
2393
  </td>
@@ -2395,8 +2371,6 @@ echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Brows
2395
  </table>
2396
  </div>
2397
  </div>
2398
-
2399
- <div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION; ?> Plugin by <a href="https://www.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
2400
- </div>
2401
  </div>
2402
  </div>
1
  <?php
2
  // Direct calls to this file are Forbidden when core files are not present
 
 
 
 
 
 
3
  if ( ! current_user_can('manage_options') ) {
4
  header('Status: 403 Forbidden');
5
  header('HTTP/1.1 403 Forbidden');
163
  $bps_bottomDiv = '</p></div>';
164
 
165
  // General all purpose "Settings Saved." message for forms
166
+ if ( current_user_can('manage_options') ) {
167
  if ( isset( $_GET['settings-updated'] ) && $_GET['settings-updated'] == true) {
168
  $text = '<p style="font-size:1em;font-weight:bold;padding:2px 0px 2px 5px;margin:0px -11px 0px -11px;background-color:#dfecf2;-webkit-box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);""><font color="green"><strong>'.__('Settings Saved', 'bulletproof-security').'</strong></font></p>';
169
  echo $text;
208
  <tr>
209
  <td class="bps-table_cell_help">
210
 
 
 
211
  <h3 style="margin-top:0px"><?php _e('Root Folder BulletProof Mode (RBM)', 'bulletproof-security'); ?> <button id="bps-open-modal1" class="button bps-modal-button">
212
  <img src="<?php echo plugins_url('/bulletproof-security/admin/images/question-mark-large.jpg'); ?>" style="margin:0px 0px 0px -10px" /></button></h3>
213
 
533
  echo '<option value="Off"'. selected('Off', $bps_hidden_plugins_cron).'>'.__('HPF Cron Off', 'bulletproof-security').'</option>';
534
  echo '</select>';
535
 
536
+ echo "<p style=\"margin-top:14px\"><input type=\"submit\" name=\"Submit-Hidden-Plugins\" value=\"".esc_attr__('Save HPF Cron Options', 'bulletproof-security')."\" class=\"button bps-button\" onclick=\"return confirm('".__('The default Cron Frequency is: Run Check Every 15 Minutes. This is a lightweight check that uses an insignificant amount of resources/memory so 4 checks per hour will not cause any performance issues whatsoever.\n\n-------------------------------------------------------------\n\nEven choosing Run Check Every 1 Minute would not cause any significant performance issues whatsoever.\n\n-------------------------------------------------------------\n\nClick OK to proceed or click Cancel', 'bulletproof-security')."')\" /></p></form>";
537
 
538
  $scrolltoHiddenPlugins = isset($_REQUEST['scrolltoHiddenPlugins']) ? (int) $_REQUEST['scrolltoHiddenPlugins'] : 0;
539
 
547
  <form name="Hidden-Plugins" action="<?php echo admin_url( 'admin.php?page=bulletproof-security/admin/core/core.php' ); ?>" method="post">
548
  <?php wp_nonce_field('bulletproof_security_hpf_cron_ignore'); ?>
549
  <?php $hpfi_options = get_option('bulletproof_security_options_hidden_plugins');
550
+ $bps_hidden_plugins_check = ! isset($hpfi_options['bps_hidden_plugins_check']) ? '' : $hpfi_options['bps_hidden_plugins_check'];
551
  ?>
552
 
553
  <div id="HPF4" style="position:relative;top:0px;left:0px;margin:10px 0px 10px 0px;">
554
  <strong><label><?php _e('Ignore Hidden Plugin Folders & Files:', 'bulletproof-security'); echo $hover_icon_hpf; ?></label></strong>
555
 
556
+ <textarea class="PFW-Allow-From-Text-Area" name="bps_hidden_plugins_check" style="margin-top:5px;" tabindex="1"><?php echo esc_textarea(trim($bps_hidden_plugins_check, ", \t\n\r")); ?></textarea>
557
  <input type="hidden" name="scrolltoHiddenPlugins" id="scrolltoHiddenPlugins" value="<?php echo esc_html( $scrolltoHiddenPlugins ); ?>" />
558
  </div>
559
 
803
  </td>
804
  </tr>
805
  </table>
 
 
806
  </div>
807
 
808
  <div id="bps-tabs-6" class="bps-tab-page">
831
  </p>
832
  </div>
833
 
 
 
834
  <table width="100%" border="0">
835
  <tr>
836
  <td colspan="2">
919
  exit;
920
  }
921
 
922
+ if ( fwrite($handle, $newcontent1) === false ) {
923
  exit;
924
  }
925
 
1009
  exit;
1010
  }
1011
 
1012
+ if ( fwrite($handle, $newcontent2) === false ) {
1013
  exit;
1014
  }
1015
 
1123
  exit;
1124
  }
1125
 
1126
+ if ( fwrite($handle, $newcontent4) === false ) {
1127
  exit;
1128
  }
1129
 
1213
  exit;
1214
  }
1215
 
1216
+ if ( fwrite($handle, $newcontent5) === false ) {
1217
  exit;
1218
  }
1219
 
1312
  exit;
1313
  }
1314
 
1315
+ if ( fwrite($handle, $newcontent6) === false ) {
1316
  exit;
1317
  }
1318
 
1448
  $secure_htaccess_file = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/secure.htaccess';
1449
  ?>
1450
  <div>
1451
+ <textarea id="crypt21" class="bps-text-area-600x700" name="newcontent1" id="newcontent1" tabindex="1"><?php bps_get_secure_htaccess(); ?></textarea>
1452
  <input type="hidden" name="action" value="update" />
1453
  <input type="hidden" name="filename" value="<?php echo esc_attr( $secure_htaccess_file ) ?>" />
1454
  <input type="hidden" name="scrollto1" id="scrollto1" value="<?php echo esc_html( $scrollto1 ); ?>" />
1522
  $default_htaccess_file = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/default.htaccess';
1523
  ?>
1524
  <div>
1525
+ <textarea id="crypt22" class="bps-text-area-600x700" name="newcontent2" id="newcontent2" tabindex="2"><?php bps_get_default_htaccess(); ?></textarea>
1526
  <input type="hidden" name="action" value="update" />
1527
  <input type="hidden" name="filename" value="<?php echo esc_attr( $default_htaccess_file ) ?>" />
1528
  <input type="hidden" name="scrollto2" id="scrollto2" value="<?php echo esc_html( $scrollto2 ); ?>" />
1596
  $wpadmin_htaccess_file = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/wpadmin-secure.htaccess';
1597
  ?>
1598
  <div>
1599
+ <textarea id="crypt23" class="bps-text-area-600x700" name="newcontent4" id="newcontent4" tabindex="4"><?php bps_get_wpadmin_htaccess(); ?></textarea>
1600
  <input type="hidden" name="action" value="update" />
1601
  <input type="hidden" name="filename" value="<?php echo esc_attr( $wpadmin_htaccess_file ) ?>" />
1602
  <input type="hidden" name="scrollto4" id="scrollto4" value="<?php echo esc_html( $scrollto4 ); ?>" />
1695
  $perms = '';
1696
  ?>
1697
  <div>
1698
+ <textarea id="crypt26" class="bps-text-area-600x700" name="newcontent5" id="newcontent5" tabindex="5"><?php bps_get_root_htaccess(); ?></textarea>
1699
  <input type="hidden" name="action" value="update" />
1700
  <input type="hidden" name="filename" value="<?php echo esc_attr( $root_htaccess_file ) ?>" />
1701
  <input type="hidden" name="scrollto5" id="scrollto5" value="<?php echo esc_html( $scrollto5 ); ?>" />
1777
  $current_wpadmin_htaccess_file = ABSPATH . 'wp-admin/.htaccess';
1778
  ?>
1779
  <div>
1780
+ <textarea id="crypt27" class="bps-text-area-600x700" name="newcontent6" id="newcontent6" tabindex="6"><?php bps_get_current_wpadmin_htaccess_file(); ?></textarea>
1781
  <input type="hidden" name="action" value="update" />
1782
  <input type="hidden" name="filename" value="<?php echo esc_attr( $current_wpadmin_htaccess_file ) ?>" />
1783
  <input type="hidden" name="scrollto6" id="scrollto6" value="<?php echo esc_html( $scrollto6 ); ?>" />
1850
  </tr>
1851
  </table>
1852
 
 
 
1853
  </td>
1854
  </tr>
1855
  </table>
1896
  <td style="width:615px;">
1897
 
1898
  <?php
 
 
 
 
1899
 
1900
  require_once WP_PLUGIN_DIR . '/bulletproof-security/admin/core/core-custom-code.php';
1901
+ require_once WP_PLUGIN_DIR . '/bulletproof-security/admin/core/core-export-import.php';
1902
  ?>
1903
 
1904
  </td>
1905
  <td>
1906
 
 
 
 
 
 
 
 
 
 
 
1907
  <div id="CC-Import" style="margin-top:18px">
1908
  <form name="bpsImport" action="<?php echo admin_url( 'admin.php?page=bulletproof-security/admin/core/core.php#bps-tabs-7' ); ?>" method="post" enctype="multipart/form-data">
1909
  <?php wp_nonce_field('bulletproof_security_cc_import'); ?>
1944
 
1945
  <div id="bps-tabs-9" class="bps-tab-page">
1946
 
 
1947
  <table width="100%" border="0" cellspacing="0" cellpadding="0" class="bps-help_faq_table">
1948
  <tr>
1949
  <td class="bps-table_title"></td>
1998
  <?php
1999
  wp_nonce_field('bulletproof_security_My_Notes');
2000
  bpsPro_My_Notes_values_form();
2001
+ $My_Notes_options = get_option('bulletproof_security_options_mynotes');
2002
+ $bps_my_notes = ! empty( $My_Notes_options['bps_my_notes'] ) ? $My_Notes_options['bps_my_notes'] : '';
2003
+ // note: esc_textarea() is not needed here because the DB value is already converted to HTML entities.
2004
+ // What is echoed in the textarea input is the DB value, not POST.
2005
  ?>
2006
 
2007
+ <textarea id="crypt20" class="bps-text-area-600x700" name="bps_my_notes" tabindex="1"><?php echo $bps_my_notes; ?></textarea>
2008
  <input type="hidden" name="scrolltoNotes" value="<?php echo esc_html( $scrolltoNotes ); ?>" />
2009
 
2010
  <?php echo '<div id="bps-my-notes-tooltip"><label for="bps-mscan-label" style="">'.__('If you are unable to save custom htaccess code and/or see an error message when trying to save custom htaccess code, ', 'bulletproof-security').'<br>'.__('click the Encrypt My Notes button first and then click the Save My Notes button.', 'bulletproof-security').'<br>'.__('Mouse over the question mark image to the right for help info.', 'bulletproof-security').'</label><strong><font color="black"><span class="tooltip-350-250"><img src="'.plugins_url('/bulletproof-security/admin/images/question-mark.png').'" style="position:relative;top:3px;left:5px;" /><span>'.__('If your web host currently has ModSecurity installed or installs ModSecurity at a later time then ModSecurity will prevent you from saving your custom htaccess code unless you encrypt it first by clicking the Encrypt My Notes button.', 'bulletproof-security').'<br><br>'.__('If you click the Encrypt My Notes button, but then want to add or edit additional custom code click the Decrypt My Notes button. After you are done adding or editing custom code click the Encrypt My Notes button before clicking the Save My Notes button.', 'bulletproof-security').'<br><br>'.__('Click the Custom Code Question Mark help button for more help info.', 'bulletproof-security').'</span></span></font></strong></div>'; ?>
2070
  </td>
2071
  </tr>
2072
  </table>
 
2073
  </div>
2074
 
2075
  <div id="bps-tabs-10">
2077
  <table width="100%" border="0" cellspacing="0" cellpadding="0" class="bps-whats_new_table">
2078
  <tr>
2079
  <td class="bps-table_title_no_border">
2080
+ <h2><?php _e('Whats New in ', 'bulletproof-security'); ?><?php echo esc_html($bps_version); _e(' and General Help Info & Tips', 'bulletproof-security'); ?></h2>
2081
  </td>
2082
  </tr>
2083
  <tr>
2088
 
2089
  $bpsPro_text = '<h3><span class="blue-bold">'.__('Want even more security protection for the ridiculously cheap one-time price of $69.95', 'bulletproof-security').'<br><br>'.__('BPS Pro comes with free unlimited installations, upgrades & support for life. No yearly subscriptions or additional costs.', 'bulletproof-security').'<br><br>'.__('BBS Pro has an amazing track record. BPS Pro is installed on 60,000+ websites. Not a single one of those websites has been hacked in 10+ years.', 'bulletproof-security').'<br><br><a href="https://affiliates.ait-pro.com/po/" target="_blank" title="Get BPS Pro">'.__('Get BPS Pro', 'bulletproof-security').'</a><br><a href="https://www.ait-pro.com/bps-features/" target="_blank" title="BPS Pro Features">'.__('BPS Pro Features', 'bulletproof-security').'</a></span></h3>';
2090
  echo $bpsPro_text;
2091
+ ?>
2092
 
2093
  </td>
2094
  </tr>
2105
  <td class="bps-table_cell_no_border"></td>
2106
  </tr>
2107
  <tr>
2108
+ <td class="bps-table_cell_no_border" style="font-size:1.13em"><?php $text = __('BPS Video Tutorials|Setup Wizard: ', 'bulletproof-security').'<strong><a href="https://forum.ait-pro.com/video-tutorials/" target="_blank" title="BPS Video Tutorials">'.__('BPS Pro Video Tutorials', 'bulletproof-security').'</a></strong><br><br>'; echo $text; ?></td>
2109
  </tr>
2110
  <tr>
2111
  <td class="bps-table_cell_no_border"></td>
2150
  <tr>
2151
  <td width="62%" valign="top" class="bps-table_cell_help">
2152
 
2153
+ <div id="bpsProLogo"><?php echo '<a href="'.esc_url('https://affiliates.ait-pro.com/po/').'" target="_blank" title="Get BulletProof Security Pro">
2154
+ <img src="'. plugins_url('/bulletproof-security/admin/images/bpspro-plugin-logo.jpg') . '" /></a>'; ?>
2155
  </div>
2156
 
2157
  <div id="bpsProText">
2158
  <?php $text = '<h3><span class="blue-bold">'.__('The Ultimate Security Protection', 'bulletproof-security').'</span></h3>'; echo $text; ?>
2159
 
2160
  <div id="bpsProLinks">
2161
+ <div class="pro-links"><?php echo '<a href="'.esc_url('https://forum.ait-pro.com/video-tutorials/').'" target="_blank" title="Link Opens in New Browser Window">'. __('BPS Pro One-Click Setup Wizard & Demo Video Tutorial', 'bulletproof-security') . '</a>'; ?></div><br /><br />
2162
+ <div class="pro-links"><?php echo '<a href="'.esc_url('https://www.ait-pro.com/bps-features/').'" target="_blank" title="Link Opens in New Browser Window">'. __('View All BPS Pro Features', 'bulletproof-security') . '</a>'; ?></div>
2163
  </div>
2164
  </div>
2165
 
2208
 
2209
  <div id="bpsProVersions" style="height:650px;overflow:auto;border-left:1px solid #cdcdcd;border-bottom:1px solid #cdcdcd">
2210
 
2211
+ <?php
2212
+ echo '<a href="'.esc_url( 'https://forum.ait-pro.com/forums/topic/bulletproof-security-pro-version-release-dates/').'" target="_blank" title="Link Opens in New Browser Window" style="font-size:22px;">' . __('BPS Pro Version Release Dates', 'bulletproof-security') . '</a><br><br>';
2213
+ ?>
2214
 
2215
  <div class="pro-links">
2216
  <?php
2217
+ echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '16.3', 'https://www.ait-pro.com/aitpro-blog/5746/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-16-3/' ).'<br>';
2218
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '16.2', 'https://www.ait-pro.com/aitpro-blog/5741/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-16-2/' ).'<br>';
2219
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '16.1', 'https://www.ait-pro.com/aitpro-blog/5737/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-16-1/' ).'<br>';
2220
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '16', 'https://www.ait-pro.com/aitpro-blog/5733/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-16/' ).'<br>';
2222
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '15.8', 'https://www.ait-pro.com/aitpro-blog/5718/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-15-8/' ).'<br>';
2223
  ?>
2224
  </div>
2225
+ <div id="milestone"><?php echo sprintf( __( '10 Year Milestone: 8-1-2021 | %1$s' ), 'First Public Release: 8-1-2011'); ?></div>
2226
  <div class="pro-links">
2227
  <?php
2228
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '15.6/15.7', 'https://www.ait-pro.com/aitpro-blog/5704/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-15-6/' ).'<br>';
2237
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '14.7', 'https://www.ait-pro.com/aitpro-blog/5650/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-14-7/' ).'<br>';
2238
  ?>
2239
  </div>
2240
+ <div id="milestone"><?php echo sprintf( __( '9 Year Milestone: 8-1-2020 | %1$s' ), 'First Public Release: 8-1-2011'); ?></div>
2241
  <div class="pro-links">
2242
  <?php
2243
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '14.6', 'https://www.ait-pro.com/aitpro-blog/5644/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-14-6/' ).'<br>';
2248
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '14.1', 'https://www.ait-pro.com/aitpro-blog/5567/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-14-1/' ).'<br>';
2249
  ?>
2250
  </div>
2251
+ <div id="milestone"><?php echo sprintf( __( '8 Year Milestone: 8-1-2019 | %1$s' ), 'First Public Release: 8-1-2011'); ?></div>
2252
  <div class="pro-links">
2253
  <?php
2254
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '14', 'https://www.ait-pro.com/aitpro-blog/5551/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-14/' ).'<br>';
2256
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '13.8', 'https://www.ait-pro.com/aitpro-blog/5537/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-13-8/' ).'<br>';
2257
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '13.7', 'https://www.ait-pro.com/aitpro-blog/5518/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-13-7/' ).'<br>'; ?>
2258
  </div>
2259
+ <div id="milestone"><?php echo sprintf( __( '7 Year Milestone: 8-1-2018 | %1$s' ), 'First Public Release: 8-1-2011'); ?></div>
2260
  <div class="pro-links">
2261
  <?php
2262
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '13.6', 'https://www.ait-pro.com/aitpro-blog/5509/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-13-6/' ).'<br>';
2265
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '13.4', 'https://www.ait-pro.com/aitpro-blog/5485/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-13-4/' ).'<br>';
2266
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '13.3/13.3.1/13.3.2/13.3.3', 'https://www.ait-pro.com/aitpro-blog/5471/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-13-3/' ).'<br>'; ?>
2267
  </div>
2268
+ <div id="milestone"><?php echo sprintf( __( '6 Year Milestone: 8-1-2017 | %1$s' ), 'First Public Release: 8-1-2011'); ?></div>
2269
  <div class="pro-links">
2270
  <?php
2271
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '13.2', 'https://www.ait-pro.com/aitpro-blog/5466/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-13-2/' ).'<br>';
2278
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '12.4/12.4.1', 'https://www.ait-pro.com/aitpro-blog/5287/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-12-4/' ).'<br>';
2279
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '12.3', 'https://www.ait-pro.com/aitpro-blog/5273/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-12-3/' ).'<br>'; ?>
2280
  </div>
2281
+ <div id="milestone"><?php echo sprintf( __( '5 Year Milestone: 8-1-2016 | %1$s' ), 'First Public Release: 8-1-2011'); ?></div>
2282
  <div class="pro-links">
2283
  <?php
2284
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '12/12.1/12.2', 'https://www.ait-pro.com/aitpro-blog/5265/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-12/' ).'<br>';
2296
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '10.7', 'https://www.ait-pro.com/aitpro-blog/5177/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-10-7/' ).'<br>';
2297
  ?>
2298
  </div>
2299
+ <div id="milestone"><?php echo sprintf( __( '4 Year Milestone: 8-1-2015 | %1$s' ), 'First Public Release: 8-1-2011'); ?></div>
2300
  <div class="pro-links">
2301
  <?php
2302
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '10.6', 'https://www.ait-pro.com/aitpro-blog/5169/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-10-6/' ).'<br>';
2315
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '9.2', 'https://www.ait-pro.com/aitpro-blog/5039/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-9-2/' ).'<br>';
2316
  ?>
2317
  </div>
2318
+ <div id="milestone"><?php echo sprintf( __( '3 Year Milestone: 8-1-2014 | %1$s' ), 'First Public Release: 8-1-2011'); ?></div>
2319
  <div class="pro-links">
2320
  <?php
2321
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '9.1', 'https://www.ait-pro.com/aitpro-blog/5027/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-9-1/' ).'<br>';
2333
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '6.5', 'https://www.ait-pro.com/aitpro-blog/4845/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-6-5/' ).'<br>';
2334
  ?>
2335
  </div>
2336
+ <div id="milestone"><?php echo sprintf( __( '2 Year Milestone: 8-1-2013 | %1$s' ), 'First Public Release: 8-1-2011'); ?></div>
2337
  <div class="pro-links">
2338
  <?php
2339
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '6.0', 'https://www.ait-pro.com/aitpro-blog/4827/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-6-0/' ).'<br>';
2348
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '5.1.9', 'https://www.ait-pro.com/aitpro-blog/4442/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-5-1-9/' ).'<br>';
2349
  ?>
2350
  </div>
2351
+ <div id="milestone"><?php echo sprintf( __( '1 Year Milestone: 8-1-2012 | %1$s' ), 'First Public Release: 8-1-2011'); ?></div>
2352
  <div class="pro-links">
2353
  <?php
2354
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '5.1.8/5.1.8.1/5.1.8.2/5.1.8.3/5.1.8.4', 'https://www.ait-pro.com/aitpro-blog/4197/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-5-1-8/' ).'<br>';
2363
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '5.0', 'https://www.ait-pro.com/aitpro-blog/2835/bulletproof-security-pro/bulletproof-security-pro-features/' ).'<br>';
2364
  ?>
2365
  </div>
2366
+ <div id="milestone"><?php _e('BPS Pro 1.0 - 4.0 | 1-1-2011 - 8-1-2011 | Private Use|Development', 'bulletproof-security'); ?></div>
2367
  </div>
2368
 
2369
  </td>
2371
  </table>
2372
  </div>
2373
  </div>
2374
+ <?php echo $bps_footer; ?>
 
 
2375
  </div>
2376
  </div>
admin/db-backup-security/db-backup-functions.php CHANGED
@@ -41,16 +41,26 @@ function bpsPro_reset_db_backup_folder() {
41
  if ( is_dir($source) ) {
42
 
43
  $options = get_option('bulletproof_security_options_db_backup');
44
- $new_db_backup_folder = $_POST['DBBFolderReset'];
45
 
46
- if ( $options['bps_db_backup_folder'] != '' ) {
47
 
 
 
 
 
 
 
 
 
 
 
48
  $db_backup_folder_name = preg_match( '/[a-zA-Z0-9-_]{1,}$/', $options['bps_db_backup_folder'], $matches );
49
 
50
  if ( ! rename( WP_CONTENT_DIR . '/bps-backup/' . $matches[0], WP_CONTENT_DIR . '/bps-backup/' . $new_db_backup_folder ) ) {
51
 
52
  echo '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
53
- $text = '<strong><font color="#fb0101">'.__('Error: Unable to rename the DB Backup folder.', 'bulletproof-security').'</font><br>'.__('Did you enter a valid DB Backup folder name? Valid folder naming characters are: Letters A to Z upper or lowercase. Numbers 0 to 9. A dash "-" or an underscore "_". Did you manually change the old DB Backup folder name using FTP?', 'bulletproof-security').'</strong>';
54
  echo $text;
55
  echo '</p></div>';
56
 
41
  if ( is_dir($source) ) {
42
 
43
  $options = get_option('bulletproof_security_options_db_backup');
44
+ $new_db_backup_folder = sanitize_text_field($_POST['DBBFolderReset']);
45
 
46
+ if ( isset($options['bps_db_backup_folder']) && $options['bps_db_backup_folder'] != '' && isset($options['bps_db_backup_download_link']) && $options['bps_db_backup_download_link'] != '' ) {
47
 
48
+ if ( preg_match ( '|[\/\|\<\>\'\"\(\)]|', $options['bps_db_backup_folder'] ) || preg_match ( '|[\/\|\<\>\'\"\(\)]|', $options['bps_db_backup_download_link'] ) ) {
49
+
50
+ echo '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
51
+ $text = '<strong><font color="#fb0101">'.__('Error: Unable to rename the DB Backup folder.', 'bulletproof-security').'</font><br>'.__('Did you enter a valid DB Backup folder name and DB Download link|url? Valid DB Backup folder naming characters are: Letters A to Z upper or lowercase. Numbers 0 to 9. A dash "-" or an underscore "_". Did you manually change the old DB Backup folder name using FTP? To fix this problem delete the text in the DB Backup Folder Location and DB Backup File Download Link|URL text boxes, click the Create Backup Job|Save Settings button and run the Rename|Create|Reset Tool again.', 'bulletproof-security').'</strong>';
52
+ echo $text;
53
+ echo '</p></div>';
54
+
55
+ return;
56
+ }
57
+
58
  $db_backup_folder_name = preg_match( '/[a-zA-Z0-9-_]{1,}$/', $options['bps_db_backup_folder'], $matches );
59
 
60
  if ( ! rename( WP_CONTENT_DIR . '/bps-backup/' . $matches[0], WP_CONTENT_DIR . '/bps-backup/' . $new_db_backup_folder ) ) {
61
 
62
  echo '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
63
+ $text = '<strong><font color="#fb0101">'.__('Error: Unable to rename the DB Backup folder.', 'bulletproof-security').'</font><br>'.__('Did you enter a valid DB Backup folder name and DB Download link|url? Valid DB Backup folder naming characters are: Letters A to Z upper or lowercase. Numbers 0 to 9. A dash "-" or an underscore "_". Did you manually change the old DB Backup folder name using FTP? To fix this problem delete the text in the DB Backup Folder Location and DB Backup File Download Link|URL text boxes, click the Create Backup Job|Save Settings button and run the Rename|Create|Reset Tool again.', 'bulletproof-security').'</strong>';
64
  echo $text;
65
  echo '</p></div>';
66
 
admin/db-backup-security/db-backup-security.php CHANGED
@@ -1,10 +1,4 @@
1
  <?php
2
- if ( ! function_exists('add_action') ) {
3
- header('Status: 403 Forbidden');
4
- header('HTTP/1.1 403 Forbidden');
5
- exit();
6
- }
7
-
8
  if ( ! current_user_can('manage_options') ) {
9
  header('Status: 403 Forbidden');
10
  header('HTTP/1.1 403 Forbidden');
@@ -38,7 +32,7 @@ if ( isset( $ScrollTop_options['bps_scrolltop'] ) && $ScrollTop_options['bps_scr
38
 
39
  <?php
40
  // General all purpose "Settings Saved." message for forms
41
- if ( current_user_can('manage_options') && wp_script_is( 'bps-accordion', $list = 'queue' ) ) {
42
  if ( isset( $_GET['settings-updated'] ) && $_GET['settings-updated'] == true) {
43
  $text = '<p style="font-size:1em;font-weight:bold;padding:2px 0px 2px 5px;margin:0px -11px 0px -11px;background-color:#dfecf2;-webkit-box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);""><font color="green"><strong>'.__('Settings Saved', 'bulletproof-security').'</strong></font></p>';
44
  echo $text;
@@ -150,7 +144,7 @@ function bpsPro_DBBackup_deny_all() {
150
  if ( ! $handle = fopen($denyall_htaccess_file, 'w+b') ) {
151
  exit;
152
  }
153
- if ( fwrite($handle, $denyall_content) === FALSE ) {
154
  exit;
155
  }
156
  fclose($handle);
@@ -311,11 +305,6 @@ function bpsSpinnerTableRefresh() {
311
  <div id="dbb-accordion-inner">
312
 
313
  <?php
314
-
315
-
316
- // Reusable variables
317
- $DBBoptions = get_option('bulletproof_security_options_db_backup');
318
-
319
  // Form Processing: DB Backup Create Job Form
320
  // Note: Needs to above all Forms to display current data.
321
  if ( isset( $_POST['Submit-DBB-Create-Job'] ) && current_user_can('manage_options') ) {
@@ -345,22 +334,28 @@ if ( isset( $_POST['Submit-DBB-Create-Job'] ) && current_user_can('manage_option
345
 
346
  <?php
347
 
348
- if ( $DBBoptions['bps_db_backup_status_display'] == 'No DB Backups' || $DBBoptions['bps_db_backup_status_display'] == '' ) {
 
 
349
  $bps_db_backup_status_display = 'Backup Job Created';
350
  } else {
351
  $bps_db_backup_status_display = $DBBoptions['bps_db_backup_status_display'];
352
  }
353
 
354
- if ( $_POST['dbb_backup_on_off'] == 'Off' ) {
355
  wp_clear_scheduled_hook('bpsPro_DBB_check');
356
  }
357
 
 
 
 
 
358
  // some of these options are "one-shot" options
359
  $DBB_Create_Job_Options = array(
360
  'bps_db_backup' => $_POST['dbb_backup_on_off'],
361
- 'bps_db_backup_description' => esc_html($_POST['DBBDescription']),
362
- 'bps_db_backup_folder' => $_POST['DBBFolder'],
363
- 'bps_db_backup_download_link' => $_POST['DBBDownloadLink'],
364
  'bps_db_backup_job_type' => $_POST['dbb_backup_job_type'],
365
  'bps_db_backup_frequency' => $_POST['dbb_backup_job_frequency'],
366
  'bps_db_backup_start_time_hour' => $_POST['dbb_backup_job_start_time_hour'],
@@ -413,8 +408,6 @@ if ( isset( $_POST['Submit-DBB-Create-Job'] ) && current_user_can('manage_option
413
  }
414
  }
415
 
416
- //$log_title = "\r\n" . '[Create Backup Job Settings Logged: ' . $timestamp . ']' . "\r\n" . 'Description|Backup Job Name: ' . $_POST['DBBDescription'] . "\r\n" . 'DB Backup Folder Location: ' . $_POST['DBBFolder'] . "\r\n" . 'DB Backup File Download Link|URL: ' . $_POST['DBBDownloadLink'] . "\r\n" . 'Backup Job Type: ' . $_POST['dbb_backup_job_type'] . "\r\n" . 'Frequency: ' . $_POST['dbb_backup_job_frequency'] . "\r\n" . 'Time When Scheduled Backup is Run: ' . $bps_next_job . "\r\n" . 'Send Scheduled Backup Zip Files Via Email: ' . $bps_email_zip_log . "\r\n" . 'Automatically Delete Old Backup Files Older Than: ' . $_POST['dbb_backup_delete'] .' day(s) old'. "\r\n" . 'Scheduled Backups (override): ' . $_POST['dbb_backup_on_off'] . "\r\n";
417
-
418
  $log_title = "\r\n" . '[Create Backup Job Settings Logged: ' . $timestamp . ']' . "\r\n" . 'Description|Backup Job Name: ' . $_POST['DBBDescription'] . "\r\n" . 'Backup Job Type: ' . $_POST['dbb_backup_job_type'] . "\r\n" . 'Frequency: ' . $_POST['dbb_backup_job_frequency'] . "\r\n" . 'Time When Scheduled Backup is Run: ' . $bps_next_job . "\r\n" . 'Send Scheduled Backup Zip Files Via Email: ' . $bps_email_zip_log . "\r\n" . 'Automatically Delete Old Backup Files Older Than: ' . $_POST['dbb_backup_delete'] .' day(s) old'. "\r\n" . 'Scheduled Backups (override): ' . $_POST['dbb_backup_on_off'] . "\r\n";
419
 
420
  if ( empty( $DBB_Create_Job ) ) {
@@ -426,14 +419,16 @@ if ( isset( $_POST['Submit-DBB-Create-Job'] ) && current_user_can('manage_option
426
  if ( ! empty( $DBB_Create_Job ) ) {
427
 
428
  if ( is_writable( $bpsDBBLog ) ) {
429
- if ( ! $handle = fopen( $bpsDBBLog, 'a' ) ) {
430
- exit;
431
- }
432
- if ( fwrite( $handle, $log_title ) === FALSE ) {
433
- exit;
434
- }
435
- fclose($handle);
436
- }
 
 
437
 
438
  echo '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
439
 
@@ -452,7 +447,7 @@ if ( isset( $_POST['Submit-DBB-Create-Job'] ) && current_user_can('manage_option
452
  if ( ! $handle = fopen( $bpsDBBLog, 'a' ) ) {
453
  exit;
454
  }
455
- if ( fwrite( $handle, $log_contents ) === FALSE ) {
456
  exit;
457
  }
458
  fclose($handle);
@@ -526,7 +521,7 @@ if ( isset( $_POST['Submit-DBB-Create-Job'] ) && current_user_can('manage_option
526
 
527
  $DBBInsertRows = $wpdb->insert( $DBBtable_name, array( 'bps_table_name' => $NoDupes, 'bps_desc' => esc_html($_POST['DBBDescription']), 'bps_job_type' => $_POST['dbb_backup_job_type'], 'bps_frequency' => $bps_frequency, 'bps_last_job' => $bps_last_job, 'bps_next_job' => $bps_next_job, 'bps_next_job_unix' => $bps_next_job_unix, 'bps_email_zip' => $bps_email_zip, 'bps_job_created' => current_time('mysql') ) );
528
 
529
- $text = '<strong><font color="green">'.__('Backup Job ', 'bulletproof-security').$_POST['DBBDescription'].__(' Created Successfully.', 'bulletproof-security').'</font></strong><br>';
530
  echo $text;
531
  echo '<strong>'.__('Backup Job Settings Logged successfully in the DB Backup Log', 'bulletproof-security').'</strong><br>';
532
  echo '</p></div>';
@@ -542,142 +537,145 @@ if ( isset( $_POST['Submit-DBB-Create-Job'] ) && current_user_can('manage_option
542
  // Form Processing: Backup Jobs ~ Manual|Scheduled - DB Backup Run|Delete Jobs Form
543
  function bpsPro_dbbackup_form_processing() {
544
 
545
- if ( isset( $_POST['Submit-DBB-Run-Job'] ) && current_user_can('manage_options') ) {
546
- check_admin_referer('bulletproof_security_db_backup_run_job');
547
-
548
- global $wpdb;
549
- $timeNow = time();
550
- $gmt_offset = get_option( 'gmt_offset' ) * 3600;
551
- $timestamp = date_i18n(get_option('date_format'), strtotime("11/15-1976")) . ' ' . date_i18n(get_option('time_format'), $timeNow + $gmt_offset);
552
- $DBBoptions = get_option('bulletproof_security_options_db_backup');
 
553
 
554
- $DBBjobs = $_POST['DBBjobs'];
555
- $DBBtable_name = $wpdb->prefix . "bpspro_db_backup";
 
556
 
557
- switch( $_POST['Submit-DBB-Run-Job'] ) {
558
- case __('Run Job|Delete Job', 'bulletproof-security'):
559
-
560
- $delete_jobs = array();
561
- $run_jobs = array();
562
-
563
- if ( ! empty( $DBBjobs ) ) {
564
 
565
- foreach ( $DBBjobs as $key => $value ) {
566
-
567
- if ( $value == 'deletejob' ) {
568
- $delete_jobs[] = $key;
569
 
570
- } elseif ( $value == 'runjob' ) {
571
- $run_jobs[] = $key;
 
 
 
 
 
 
572
  }
573
  }
574
- }
 
 
 
575
 
576
- if ( ! empty( $delete_jobs ) ) {
 
 
 
 
577
 
578
- ?>
579
-
580
- <style>
581
- <!--
582
- .ui-accordion.bps-accordion .ui-accordion-content {overflow:hidden;}
583
- -->
584
- </style>
585
-
586
- <script type="text/javascript">
587
- /* <![CDATA[ */
588
- jQuery(document).ready(function($){
589
- $( "#bps-accordion-1" ).accordion({
590
- collapsible: true,
591
- active: 0,
592
- autoHeight: true,
593
- clearStyle: true,
594
- heightStyle: "content"
595
  });
596
- });
597
- /* ]]> */
598
- </script>
599
-
600
- <?php
601
-
602
- echo '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
603
-
604
- foreach ( $delete_jobs as $delete_job ) {
605
-
606
- $DBBackupRows = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $DBBtable_name WHERE bps_id = %d", $delete_job ) );
607
 
608
- foreach ( $DBBackupRows as $row ) {
609
-
610
- $delete_row = $wpdb->query( $wpdb->prepare( "DELETE FROM $DBBtable_name WHERE bps_id = %d", $delete_job ) );
611
-
612
- wp_clear_scheduled_hook('bpsPro_DBB_check');
613
-
614
- $textDelete = '<strong><font color="green">'.__('Backup Job: ', 'bulletproof-security').$row->bps_desc.__(' has been deleted successfully.', 'bulletproof-security').'</font></strong><br>';
615
- echo $textDelete;
616
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
617
  }
 
618
  }
619
- echo '</p></div>';
620
- }
621
-
622
- if ( ! empty( $run_jobs ) ) {
623
 
624
- ?>
625
-
626
- <style>
627
- <!--
628
- .ui-accordion.bps-accordion .ui-accordion-content {overflow:hidden;}
629
- -->
630
- </style>
631
-
632
- <script type="text/javascript">
633
- /* <![CDATA[ */
634
- jQuery(document).ready(function($){
635
- $( "#bps-accordion-1" ).accordion({
636
- collapsible: true,
637
- active: 1,
638
- autoHeight: true,
639
- clearStyle: true,
640
- heightStyle: "content"
641
- });
642
- });
643
- /* ]]> */
644
- </script>
645
-
646
- <?php
647
-
648
- $db_backup = $DBBoptions['bps_db_backup_folder'] . '/' . DB_NAME . '.sql';
649
 
650
- echo '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
651
-
652
- foreach ( $run_jobs as $run_job ) {
653
-
654
- $DBBackupRows = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $DBBtable_name WHERE bps_id = %d", $run_job ) );
655
 
656
- foreach ( $DBBackupRows as $row ) {
657
-
658
- $job_name = $row->bps_desc;
659
- $job_type = $row->bps_job_type;
660
- $email_zip = $row->bps_email_zip;
661
-
662
- $build_query_1 = "SHOW TABLES FROM `".DB_NAME."` WHERE `Tables_in_".DB_NAME."` LIKE '";
663
- $build_query_2 = str_replace( ', ', "' OR `Tables_in_".DB_NAME."` LIKE '", $row->bps_table_name );
664
- $build_query_3 = "'";
665
- $tables = $wpdb->get_results( $build_query_1.$build_query_2.$build_query_3, ARRAY_A );
666
-
667
- bpsPro_db_backup( $db_backup, $tables, $job_name, $job_type, $email_zip );
 
 
 
 
 
 
 
 
 
 
 
 
 
668
 
669
- $update_rows = $wpdb->update( $DBBtable_name, array( 'bps_last_job' => $timestamp ), array( 'bps_id' => $row->bps_id ) );
670
-
671
- $textRunJob = '<strong><font color="green">'.__('Backup Job: ', 'bulletproof-security').$row->bps_desc.__(' has completed.', 'bulletproof-security').'<br>'.__('Your DB Backup Log contains the Backup Job Completion Time, Total Memory Used and other information about this Backup.', 'bulletproof-security').'</font></strong><br>';
672
- echo $textRunJob;
673
-
674
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
675
  }
676
- echo '</p></div>';
677
- }
678
- break;
679
- } // end Switch
680
- }
681
  }
682
  bpsPro_dbbackup_form_processing();
683
 
@@ -793,6 +791,13 @@ jQuery(document).ready(function($){
793
  if ( isset( $_POST['Submit-DBB-Files'] ) && current_user_can('manage_options') ) {
794
  check_admin_referer('bulletproof_security_db_backup_delete_files');
795
 
 
 
 
 
 
 
 
796
  ?>
797
 
798
  <style>
@@ -841,7 +846,7 @@ if ( isset( $_POST['Submit-DBB-Files'] ) && current_user_can('manage_options') )
841
 
842
  foreach ( $delete_files as $delete_file ) {
843
 
844
- unlink( $DBBoptions['bps_db_backup_folder'] . '/' . $delete_file );
845
  $textDelete = '<strong><font color="green">'.__('Backup File: ', 'bulletproof-security').$delete_file.__(' has been deleted successfully.', 'bulletproof-security').'</font></strong><br>';
846
  echo $textDelete;
847
  }
@@ -852,10 +857,23 @@ if ( isset( $_POST['Submit-DBB-Files'] ) && current_user_can('manage_options') )
852
  }
853
 
854
  // Form: DB Backup File Delete & Download Files Form
 
855
  echo '<form name="bpsDBBackupFiles" action="'.admin_url( 'admin.php?page=bulletproof-security/admin/db-backup-security/db-backup-security.php' ).'" method="post">';
856
  wp_nonce_field('bulletproof_security_db_backup_delete_files');
857
 
858
- $source = ! isset($DBBoptions['bps_db_backup_folder']) ? '' : $DBBoptions['bps_db_backup_folder'];
 
 
 
 
 
 
 
 
 
 
 
 
859
  $count = 0;
860
 
861
  if ( is_dir($source) ) {
@@ -886,8 +904,8 @@ if ( isset( $_POST['Submit-DBB-Files'] ) && current_user_can('manage_options') )
886
 
887
  echo '<th scope="row" style="border-bottom:none;font-size:1.13em;">'.$file->getFilename().'</th>';
888
  echo "<td><input type=\"checkbox\" id=\"deletefile\" name=\"DBBfiles[".$file->getFilename()."]\" value=\"deletefile\" class=\"deletefileALL\" /><br><span style=\"font-size:10px;\">".__('Delete', 'bulletproof-security')."</span></td>";
889
- echo '<td><div style="margin:0px;padding:2px 6px 2px 6px;background-color:#e8e8e8;border:1px solid gray;"><a href="'.$DBBoptions['bps_db_backup_download_link'] . $file->getFilename().'" style="font-size:1em;text-decoration:none;">'.__('Download', 'bulletproof-security').'</a></div></td>';
890
- echo '<td>'.$DBBoptions['bps_db_backup_folder'].'</td>';
891
 
892
  if ( number_format( $fileSize, 2, '.', '' ) >= 1048576 ) {
893
  echo '<td>'.number_format( $fileSize / ( 1024 * 1024 ), 2 ).' MB</td>';
@@ -1170,9 +1188,9 @@ if ( isset( $_POST['Submit-DBB-Reset'] ) && current_user_can('manage_options') )
1170
  // Notes: If an external/remote form is submitted the WP nonce is not checked.
1171
  // Adding validation and sanitization directly in the form input field protects against external/remote form exploits.
1172
  // $_POST['Submit-DBB-Reset'] == true condition added in admin.php return if == true
1173
- $str = '1234567890abcdefghijklmnopqrstuvxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
1174
  $db_backup_folder_obs = 'backups_' . substr( str_shuffle($str), 0, 15 );
1175
- $DBBFolderReset = ( isset( $_POST['DBBFolderReset'] ) ) ? $_POST['DBBFolderReset'] : $db_backup_folder_obs;
1176
 
1177
  echo '<form name="bpsDBBackupReset" action="'.admin_url( 'admin.php?page=bulletproof-security/admin/db-backup-security/db-backup-security.php' ).'" method="post">';
1178
  wp_nonce_field('bulletproof_security_db_backup_reset');
@@ -1252,6 +1270,7 @@ jQuery(document).ready(function($){
1252
 
1253
  // Get File Size of the DB Backup Log File
1254
  function bpsPro_DBB_LogSize() {
 
1255
  $filename = WP_CONTENT_DIR . '/bps-backup/logs/db_backup_log.txt';
1256
 
1257
  if ( file_exists($filename) ) {
@@ -1260,6 +1279,7 @@ function bpsPro_DBB_LogSize() {
1260
  if ( $logSize < 2097152 ) {
1261
  $text = '<span style="font-size:13px;"><strong>'. __('DB Backup Log File Size: ', 'bulletproof-security').'<font color="#2271b1">'. round($logSize / 1024, 2) .' KB</font></strong></span><br>';
1262
  echo $text;
 
1263
  } else {
1264
  $text = '<span style="font-size:13px;"><strong>'. __('DB Backup Log File Size: ', 'bulletproof-security').'<font color="#fb0101">'. round($logSize / 1024, 2) .' KB<br>'.__('The Email Logging options will only send log files up to 2MB in size.', 'bulletproof-security').'</font></strong><br>'.__('Copy and paste the DB Backup Log file contents into a Notepad text file on your computer and save it.', 'bulletproof-security').'<br>'.__('Then click the Delete Log button to delete the contents of this Log file.', 'bulletproof-security').'</span><br>';
1265
  echo $text;
@@ -1270,14 +1290,15 @@ bpsPro_DBB_LogSize();
1270
 
1271
  // Get the Current/Last Modifed Date of the DB Backup Log File
1272
  function bpsPro_DBB_Log_LastMod() {
 
1273
  $filename = WP_CONTENT_DIR . '/bps-backup/logs/db_backup_log.txt';
1274
 
1275
  if ( file_exists($filename) ) {
1276
  $gmt_offset = get_option( 'gmt_offset' ) * 3600;
1277
  $timestamp = date_i18n(get_option('date_format').' - '.get_option('time_format'), filemtime($filename) + $gmt_offset);
1278
 
1279
- $text = '<strong>'. __('DB Backup Log Last Modified Time: ', 'bulletproof-security').'<font color="#2271b1">'.$timestamp.'</font></strong><br><br>';
1280
- echo $text;
1281
  }
1282
  }
1283
  bpsPro_DBB_Log_LastMod();
@@ -1289,6 +1310,7 @@ if ( isset( $_POST['Submit-Delete-DBB-Log'] ) && current_user_can('manage_option
1289
  $DBBLogMaster = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/db_backup_log.txt';
1290
 
1291
  copy($DBBLogMaster, $DBBLog);
 
1292
  echo $bps_topDiv;
1293
  $text = '<font color="green"><strong>'.__('Success! Your DB Backup Log file has been deleted and replaced with a new blank DB Backup Log file.', 'bulletproof-security').'</strong></font>';
1294
  echo $text;
@@ -1313,7 +1335,8 @@ function bpsPro_DBB_get_contents() {
1313
 
1314
  if ( file_exists($dbb_log) ) {
1315
  $dbb_log = file_get_contents($dbb_log);
1316
- return htmlspecialchars($dbb_log);
 
1317
 
1318
  } else {
1319
 
@@ -1324,6 +1347,7 @@ function bpsPro_DBB_get_contents() {
1324
 
1325
  // Form: DB Backup Log editor
1326
  if ( current_user_can('manage_options') ) {
 
1327
  $dbb_log = WP_CONTENT_DIR . '/bps-backup/logs/db_backup_log.txt';
1328
  $write_test = "";
1329
 
@@ -1332,25 +1356,29 @@ if ( current_user_can('manage_options') ) {
1332
  exit;
1333
  }
1334
 
1335
- if ( fwrite($handle, $write_test) === FALSE ) {
1336
  exit;
1337
  }
1338
 
 
 
1339
  $text = '<font color="green" style="font-size:12px;"><strong>'.__('File Open and Write test successful! Your DB Backup Log file is writable.', 'bulletproof-security').'</strong></font><br>';
1340
  echo $text;
1341
- }
1342
  }
 
1343
 
1344
  if ( isset( $_POST['Submit-DBB-Log'] ) && current_user_can('manage_options') ) {
1345
  check_admin_referer( 'bulletproof_security_save_dbb_log' );
 
1346
  $newcontentdbb = stripslashes( $_POST['newcontentdbb'] );
1347
 
1348
  if ( is_writable($dbb_log) ) {
1349
  $handle = fopen($dbb_log, 'w+b');
1350
  fwrite($handle, $newcontentdbb);
1351
- $text = '<font color="green style="font-size:12px;""><strong>'.__('Success! Your DB Backup Log file has been updated.', 'bulletproof-security').'</strong></font><br>';
1352
- echo $text;
1353
- fclose($handle);
 
1354
  }
1355
  }
1356
 
@@ -1416,25 +1444,26 @@ jQuery(document).ready(function($){
1416
  </div>
1417
 
1418
  <?php
1419
- if ( is_admin() && current_user_can('manage_options') && preg_match( '/page=bulletproof-security/', esc_html( $_SERVER['REQUEST_URI'] ) ) ) {
1420
-
1421
- echo '<div id="DBPrefixText" style="width:90%;padding-bottom:20px;">';
1422
- $text = '<span style="font-size:1.13em;">'.__('Your current WordPress Database Table Prefix is: ', 'bulletproof-security').'<strong><font color="#2271b1">'.$wpdb->base_prefix .'</span><br><br><span class="bps-dbb-small-text">'.__('NOTES: ', 'bulletproof-security').'<br>'.__('1. It is recommended that you backup your database before using this tool.', 'bulletproof-security').'<br>'.__('2. If you want to create your own DB Table Prefix name or add additional characters to the randomly generated DB Table Prefix name below then ONLY use lowercase letters, numbers and underscores in your DB Table Prefix name.', 'bulletproof-security').'<br>'.__('3. The maximum length limitation of a DB Table name, including the table prefix is 64 characters. See the DB Table Names & Character Length Table to the right.', 'bulletproof-security').'<br>'.__('4. To change your DB Table Prefix name back to the WordPress default DB Table Prefix name, enter wp_ for the DB Table Prefix name.', 'bulletproof-security').'</span></font></strong>';
1423
- echo $text;
1424
- echo '</div>';
1425
 
1426
  // Form: DB Table Prefix Changer
1427
  if ( isset( $_POST['Submit-DB-Table-Prefix'] ) && current_user_can('manage_options') ) {
1428
  check_admin_referer( 'bulletproof_security_table_prefix_changer' );
 
1429
  set_time_limit(300);
1430
 
1431
- if ( preg_match( '|[^a-z0-9_]|', $_POST['DBTablePrefix'] ) ) {
1432
 
1433
  echo $bps_topDiv;
1434
  $text = '<strong><font color="#fb0101">'.__('ERROR: The DB Table Prefix name can only contain numbers, lowercase letters, and underscores.', 'bulletproof-security').'</font></strong>';
1435
  echo $text;
1436
  echo $bps_bottomDiv;
1437
- return;
 
1438
 
1439
  } else {
1440
 
@@ -1525,19 +1554,33 @@ if ( isset( $_POST['Submit-DB-Table-Prefix'] ) && current_user_can('manage_optio
1525
  } // end if ( file_exists($filename) ) {
1526
  }
1527
 
1528
- // Random DB Table Prefix Name generator
1529
- // Notes: If an external/remote form is submitted the WP nonce is not checked.
1530
- // Adding validation and sanitization directly in the form input field protects against external/remote form exploits.
 
 
1531
  $str = '1234567890abcdefghijklmnopqrstuvxyz';
1532
  $prefix_obs = substr( str_shuffle($str), 0, 6 ).'_';
1533
- $DBTablePrefix = ( isset( $_POST['DBTablePrefix'] ) ) ? $_POST['DBTablePrefix'] : $prefix_obs;
 
 
 
 
 
 
 
 
 
 
 
 
1534
  ?>
1535
 
1536
  <form name="bpsTablePrefixChanger" action="<?php echo admin_url( 'admin.php?page=bulletproof-security/admin/db-backup-security/db-backup-security.php#bps-tabs-3' ); ?>" method="post">
1537
  <?php wp_nonce_field('bulletproof_security_table_prefix_changer'); ?>
1538
  <div>
1539
  <strong><label for="bpsTablePrefix"><?php _e('Randomly Generated DB Table Prefix', 'bulletproof-security'); ?></label></strong><br />
1540
- <input type="text" name="DBTablePrefix" value="<?php if ( isset( $_POST['DBTablePrefix'] ) && preg_match( '|[^a-z0-9_]|', $_POST['DBTablePrefix'] ) ) { echo esc_html($prefix_obs); } else { echo esc_html($DBTablePrefix); } ?>" class="table-prefix-changer" style="width:152px" /> <br />
1541
  <div style="margin:10px 0px">
1542
  <input type="submit" name="Submit-DB-Table-Prefix" value="<?php esc_attr_e('Change DB Table Prefix', 'bulletproof-security') ?>" class="button bps-button" onclick="bpsSpinnerTablePrefix()" />
1543
  </div>
@@ -1703,8 +1746,6 @@ global $wpdb, $bps_topDiv, $bps_bottomDiv;
1703
  echo "</form>";
1704
  echo '</div>';
1705
 
1706
- }// end if ( is_admin() && current_user_can('manage_options')...
1707
-
1708
  ?>
1709
 
1710
  <script type="text/javascript">
@@ -1751,9 +1792,7 @@ jQuery(document).ready(function($) {
1751
  </tr>
1752
  </table>
1753
  </div>
1754
-
1755
- <div id="AITpro-link">BulletProof Security Pro <?php echo BULLETPROOF_VERSION; ?> Plugin by <a href="https://forum.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
1756
- </div>
1757
  </div>
1758
  <style>
1759
  <!--
1
  <?php
 
 
 
 
 
 
2
  if ( ! current_user_can('manage_options') ) {
3
  header('Status: 403 Forbidden');
4
  header('HTTP/1.1 403 Forbidden');
32
 
33
  <?php
34
  // General all purpose "Settings Saved." message for forms
35
+ if ( current_user_can('manage_options') ) {
36
  if ( isset( $_GET['settings-updated'] ) && $_GET['settings-updated'] == true) {
37
  $text = '<p style="font-size:1em;font-weight:bold;padding:2px 0px 2px 5px;margin:0px -11px 0px -11px;background-color:#dfecf2;-webkit-box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);""><font color="green"><strong>'.__('Settings Saved', 'bulletproof-security').'</strong></font></p>';
38
  echo $text;
144
  if ( ! $handle = fopen($denyall_htaccess_file, 'w+b') ) {
145
  exit;
146
  }
147
+ if ( fwrite($handle, $denyall_content) === false ) {
148
  exit;
149
  }
150
  fclose($handle);
305
  <div id="dbb-accordion-inner">
306
 
307
  <?php
 
 
 
 
 
308
  // Form Processing: DB Backup Create Job Form
309
  // Note: Needs to above all Forms to display current data.
310
  if ( isset( $_POST['Submit-DBB-Create-Job'] ) && current_user_can('manage_options') ) {
334
 
335
  <?php
336
 
337
+ $DBBoptions = get_option('bulletproof_security_options_db_backup');
338
+
339
+ if ( isset($DBBoptions['bps_db_backup_status_display']) && $DBBoptions['bps_db_backup_status_display'] == 'No DB Backups' || isset($DBBoptions['bps_db_backup_status_display']) && $DBBoptions['bps_db_backup_status_display'] == '' ) {
340
  $bps_db_backup_status_display = 'Backup Job Created';
341
  } else {
342
  $bps_db_backup_status_display = $DBBoptions['bps_db_backup_status_display'];
343
  }
344
 
345
+ if ( isset($_POST['dbb_backup_on_off']) && $_POST['dbb_backup_on_off'] == 'Off' ) {
346
  wp_clear_scheduled_hook('bpsPro_DBB_check');
347
  }
348
 
349
+ $DBBDescription = sanitize_text_field($_POST['DBBDescription']);
350
+ $DBBFolder = sanitize_text_field($_POST['DBBFolder']);
351
+ $DBBDownloadLink = sanitize_url($_POST['DBBDownloadLink']);
352
+
353
  // some of these options are "one-shot" options
354
  $DBB_Create_Job_Options = array(
355
  'bps_db_backup' => $_POST['dbb_backup_on_off'],
356
+ 'bps_db_backup_description' => $DBBDescription,
357
+ 'bps_db_backup_folder' => $DBBFolder,
358
+ 'bps_db_backup_download_link' => $DBBDownloadLink,
359
  'bps_db_backup_job_type' => $_POST['dbb_backup_job_type'],
360
  'bps_db_backup_frequency' => $_POST['dbb_backup_job_frequency'],
361
  'bps_db_backup_start_time_hour' => $_POST['dbb_backup_job_start_time_hour'],
408
  }
409
  }
410
 
 
 
411
  $log_title = "\r\n" . '[Create Backup Job Settings Logged: ' . $timestamp . ']' . "\r\n" . 'Description|Backup Job Name: ' . $_POST['DBBDescription'] . "\r\n" . 'Backup Job Type: ' . $_POST['dbb_backup_job_type'] . "\r\n" . 'Frequency: ' . $_POST['dbb_backup_job_frequency'] . "\r\n" . 'Time When Scheduled Backup is Run: ' . $bps_next_job . "\r\n" . 'Send Scheduled Backup Zip Files Via Email: ' . $bps_email_zip_log . "\r\n" . 'Automatically Delete Old Backup Files Older Than: ' . $_POST['dbb_backup_delete'] .' day(s) old'. "\r\n" . 'Scheduled Backups (override): ' . $_POST['dbb_backup_on_off'] . "\r\n";
412
 
413
  if ( empty( $DBB_Create_Job ) ) {
419
  if ( ! empty( $DBB_Create_Job ) ) {
420
 
421
  if ( is_writable( $bpsDBBLog ) ) {
422
+ if ( ! $handle = fopen( $bpsDBBLog, 'a' ) ) {
423
+ exit;
424
+ }
425
+
426
+ if ( fwrite( $handle, $log_title ) === false ) {
427
+ exit;
428
+ }
429
+
430
+ fclose($handle);
431
+ }
432
 
433
  echo '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
434
 
447
  if ( ! $handle = fopen( $bpsDBBLog, 'a' ) ) {
448
  exit;
449
  }
450
+ if ( fwrite( $handle, $log_contents ) === false ) {
451
  exit;
452
  }
453
  fclose($handle);
521
 
522
  $DBBInsertRows = $wpdb->insert( $DBBtable_name, array( 'bps_table_name' => $NoDupes, 'bps_desc' => esc_html($_POST['DBBDescription']), 'bps_job_type' => $_POST['dbb_backup_job_type'], 'bps_frequency' => $bps_frequency, 'bps_last_job' => $bps_last_job, 'bps_next_job' => $bps_next_job, 'bps_next_job_unix' => $bps_next_job_unix, 'bps_email_zip' => $bps_email_zip, 'bps_job_created' => current_time('mysql') ) );
523
 
524
+ $text = '<strong><font color="green">'.__('Backup Job ', 'bulletproof-security').esc_html($_POST['DBBDescription']).__(' Created Successfully.', 'bulletproof-security').'</font></strong><br>';
525
  echo $text;
526
  echo '<strong>'.__('Backup Job Settings Logged successfully in the DB Backup Log', 'bulletproof-security').'</strong><br>';
527
  echo '</p></div>';
537
  // Form Processing: Backup Jobs ~ Manual|Scheduled - DB Backup Run|Delete Jobs Form
538
  function bpsPro_dbbackup_form_processing() {
539
 
540
+ if ( isset( $_POST['Submit-DBB-Run-Job'] ) && current_user_can('manage_options') ) {
541
+ check_admin_referer('bulletproof_security_db_backup_run_job');
542
+
543
+ global $wpdb;
544
+ $timeNow = time();
545
+ $gmt_offset = get_option( 'gmt_offset' ) * 3600;
546
+ $timestamp = date_i18n(get_option('date_format'), strtotime("11/15-1976")) . ' ' . date_i18n(get_option('time_format'), $timeNow + $gmt_offset);
547
+ $DBBoptions = get_option('bulletproof_security_options_db_backup');
548
+ $db_backup = isset($DBBoptions['bps_db_backup_folder']) ? $DBBoptions['bps_db_backup_folder'] . '/' . DB_NAME . '.sql' : '';
549
 
550
+ if ( empty($db_backup) ) {
551
+ return;
552
+ }
553
 
554
+ $DBBjobs = $_POST['DBBjobs'];
555
+ $DBBtable_name = $wpdb->prefix . "bpspro_db_backup";
556
+
557
+ switch( $_POST['Submit-DBB-Run-Job'] ) {
558
+ case __('Run Job|Delete Job', 'bulletproof-security'):
 
 
559
 
560
+ $delete_jobs = array();
561
+ $run_jobs = array();
562
+
563
+ if ( ! empty( $DBBjobs ) ) {
564
 
565
+ foreach ( $DBBjobs as $key => $value ) {
566
+
567
+ if ( $value == 'deletejob' ) {
568
+ $delete_jobs[] = $key;
569
+
570
+ } elseif ( $value == 'runjob' ) {
571
+ $run_jobs[] = $key;
572
+ }
573
  }
574
  }
575
+
576
+ if ( ! empty( $delete_jobs ) ) {
577
+
578
+ ?>
579
 
580
+ <style>
581
+ <!--
582
+ .ui-accordion.bps-accordion .ui-accordion-content {overflow:hidden;}
583
+ -->
584
+ </style>
585
 
586
+ <script type="text/javascript">
587
+ /* <![CDATA[ */
588
+ jQuery(document).ready(function($){
589
+ $( "#bps-accordion-1" ).accordion({
590
+ collapsible: true,
591
+ active: 0,
592
+ autoHeight: true,
593
+ clearStyle: true,
594
+ heightStyle: "content"
595
+ });
 
 
 
 
 
 
 
596
  });
597
+ /* ]]> */
598
+ </script>
 
 
 
 
 
 
 
 
 
599
 
600
+ <?php
601
+
602
+ echo '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
 
 
 
 
 
603
 
604
+ foreach ( $delete_jobs as $delete_job ) {
605
+
606
+ $DBBackupRows = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $DBBtable_name WHERE bps_id = %d", $delete_job ) );
607
+
608
+ foreach ( $DBBackupRows as $row ) {
609
+
610
+ $delete_row = $wpdb->query( $wpdb->prepare( "DELETE FROM $DBBtable_name WHERE bps_id = %d", $delete_job ) );
611
+
612
+ wp_clear_scheduled_hook('bpsPro_DBB_check');
613
+
614
+ $textDelete = '<strong><font color="green">'.__('Backup Job: ', 'bulletproof-security').$row->bps_desc.__(' has been deleted successfully.', 'bulletproof-security').'</font></strong><br>';
615
+ echo $textDelete;
616
+
617
+ }
618
  }
619
+ echo '</p></div>';
620
  }
 
 
 
 
621
 
622
+ if ( ! empty( $run_jobs ) ) {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
623
 
624
+ ?>
 
 
 
 
625
 
626
+ <style>
627
+ <!--
628
+ .ui-accordion.bps-accordion .ui-accordion-content {overflow:hidden;}
629
+ -->
630
+ </style>
631
+
632
+ <script type="text/javascript">
633
+ /* <![CDATA[ */
634
+ jQuery(document).ready(function($){
635
+ $( "#bps-accordion-1" ).accordion({
636
+ collapsible: true,
637
+ active: 1,
638
+ autoHeight: true,
639
+ clearStyle: true,
640
+ heightStyle: "content"
641
+ });
642
+ });
643
+ /* ]]> */
644
+ </script>
645
+
646
+ <?php
647
+
648
+ echo '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
649
+
650
+ foreach ( $run_jobs as $run_job ) {
651
 
652
+ $DBBackupRows = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $DBBtable_name WHERE bps_id = %d", $run_job ) );
653
+
654
+ foreach ( $DBBackupRows as $row ) {
655
+
656
+ $job_name = $row->bps_desc;
657
+ $job_type = $row->bps_job_type;
658
+ $email_zip = $row->bps_email_zip;
659
+
660
+ $build_query_1 = "SHOW TABLES FROM `".DB_NAME."` WHERE `Tables_in_".DB_NAME."` LIKE '";
661
+ $build_query_2 = str_replace( ', ', "' OR `Tables_in_".DB_NAME."` LIKE '", $row->bps_table_name );
662
+ $build_query_3 = "'";
663
+ $tables = $wpdb->get_results( $build_query_1.$build_query_2.$build_query_3, ARRAY_A );
664
+
665
+ bpsPro_db_backup( $db_backup, $tables, $job_name, $job_type, $email_zip );
666
+
667
+ $update_rows = $wpdb->update( $DBBtable_name, array( 'bps_last_job' => $timestamp ), array( 'bps_id' => $row->bps_id ) );
668
+
669
+ $textRunJob = '<strong><font color="green">'.__('Backup Job: ', 'bulletproof-security').$row->bps_desc.__(' has completed.', 'bulletproof-security').'<br>'.__('Your DB Backup Log contains the Backup Job Completion Time, Total Memory Used and other information about this Backup.', 'bulletproof-security').'</font></strong><br>';
670
+ echo $textRunJob;
671
+
672
+ }
673
+ }
674
+ echo '</p></div>';
675
  }
676
+ break;
677
+ } // end Switch
678
+ }
 
 
679
  }
680
  bpsPro_dbbackup_form_processing();
681
 
791
  if ( isset( $_POST['Submit-DBB-Files'] ) && current_user_can('manage_options') ) {
792
  check_admin_referer('bulletproof_security_db_backup_delete_files');
793
 
794
+ $DBBoptions = get_option('bulletproof_security_options_db_backup');
795
+ $bps_db_backup_folder = isset($DBBoptions['bps_db_backup_folder']) ? $DBBoptions['bps_db_backup_folder'] : '';
796
+
797
+ if ( empty($bps_db_backup_folder) || ! is_dir($bps_db_backup_folder) ) {
798
+ return;
799
+ }
800
+
801
  ?>
802
 
803
  <style>
846
 
847
  foreach ( $delete_files as $delete_file ) {
848
 
849
+ unlink( $bps_db_backup_folder . '/' . $delete_file );
850
  $textDelete = '<strong><font color="green">'.__('Backup File: ', 'bulletproof-security').$delete_file.__(' has been deleted successfully.', 'bulletproof-security').'</font></strong><br>';
851
  echo $textDelete;
852
  }
857
  }
858
 
859
  // Form: DB Backup File Delete & Download Files Form
860
+ // Not going to bother checking if zip file urls are valid since a 404 error should be enough of a clue.
861
  echo '<form name="bpsDBBackupFiles" action="'.admin_url( 'admin.php?page=bulletproof-security/admin/db-backup-security/db-backup-security.php' ).'" method="post">';
862
  wp_nonce_field('bulletproof_security_db_backup_delete_files');
863
 
864
+ $DBBoptions = get_option('bulletproof_security_options_db_backup');
865
+ $bps_db_backup_folder = isset($DBBoptions['bps_db_backup_folder']) ? $DBBoptions['bps_db_backup_folder'] : '';
866
+ $bps_db_backup_download_link = isset($DBBoptions['bps_db_backup_download_link']) ? $DBBoptions['bps_db_backup_download_link'] : '';
867
+
868
+ if ( ! isset($_POST['Submit-DBB-Reset']) && empty($bps_db_backup_folder) || ! isset($_POST['Submit-DBB-Reset']) && ! is_dir($bps_db_backup_folder) ) {
869
+
870
+ echo $bps_topDiv;
871
+ $text = '<strong><font color="#fb0101">'.__('Error: The DB Backup Folder Location option setting is either blank or incorrect.', 'bulletproof-security').'</font><br>'.__('To fix this problem either click the Rename|Create|Reset button under the Create Backup Jobs accordion tab or run the BPS Setup Wizard again.', 'bulletproof-security').'</strong>';
872
+ echo $text;
873
+ echo $bps_bottomDiv;
874
+ }
875
+
876
+ $source = $bps_db_backup_folder;
877
  $count = 0;
878
 
879
  if ( is_dir($source) ) {
904
 
905
  echo '<th scope="row" style="border-bottom:none;font-size:1.13em;">'.$file->getFilename().'</th>';
906
  echo "<td><input type=\"checkbox\" id=\"deletefile\" name=\"DBBfiles[".$file->getFilename()."]\" value=\"deletefile\" class=\"deletefileALL\" /><br><span style=\"font-size:10px;\">".__('Delete', 'bulletproof-security')."</span></td>";
907
+ echo '<td><div style="margin:0px;padding:2px 6px 2px 6px;background-color:#e8e8e8;border:1px solid gray;"><a href="'.esc_url($bps_db_backup_download_link).$file->getFilename().'" style="font-size:1em;text-decoration:none;">'.__('Download', 'bulletproof-security').'</a></div></td>';
908
+ echo '<td>'.($bps_db_backup_folder).'</td>';
909
 
910
  if ( number_format( $fileSize, 2, '.', '' ) >= 1048576 ) {
911
  echo '<td>'.number_format( $fileSize / ( 1024 * 1024 ), 2 ).' MB</td>';
1188
  // Notes: If an external/remote form is submitted the WP nonce is not checked.
1189
  // Adding validation and sanitization directly in the form input field protects against external/remote form exploits.
1190
  // $_POST['Submit-DBB-Reset'] == true condition added in admin.php return if == true
1191
+ $str = '1234567890abcdefghijklmnopqrstuvxyz';
1192
  $db_backup_folder_obs = 'backups_' . substr( str_shuffle($str), 0, 15 );
1193
+ $DBBFolderReset = isset( $_POST['DBBFolderReset'] ) ? $_POST['DBBFolderReset'] : $db_backup_folder_obs;
1194
 
1195
  echo '<form name="bpsDBBackupReset" action="'.admin_url( 'admin.php?page=bulletproof-security/admin/db-backup-security/db-backup-security.php' ).'" method="post">';
1196
  wp_nonce_field('bulletproof_security_db_backup_reset');
1270
 
1271
  // Get File Size of the DB Backup Log File
1272
  function bpsPro_DBB_LogSize() {
1273
+
1274
  $filename = WP_CONTENT_DIR . '/bps-backup/logs/db_backup_log.txt';
1275
 
1276
  if ( file_exists($filename) ) {
1279
  if ( $logSize < 2097152 ) {
1280
  $text = '<span style="font-size:13px;"><strong>'. __('DB Backup Log File Size: ', 'bulletproof-security').'<font color="#2271b1">'. round($logSize / 1024, 2) .' KB</font></strong></span><br>';
1281
  echo $text;
1282
+
1283
  } else {
1284
  $text = '<span style="font-size:13px;"><strong>'. __('DB Backup Log File Size: ', 'bulletproof-security').'<font color="#fb0101">'. round($logSize / 1024, 2) .' KB<br>'.__('The Email Logging options will only send log files up to 2MB in size.', 'bulletproof-security').'</font></strong><br>'.__('Copy and paste the DB Backup Log file contents into a Notepad text file on your computer and save it.', 'bulletproof-security').'<br>'.__('Then click the Delete Log button to delete the contents of this Log file.', 'bulletproof-security').'</span><br>';
1285
  echo $text;
1290
 
1291
  // Get the Current/Last Modifed Date of the DB Backup Log File
1292
  function bpsPro_DBB_Log_LastMod() {
1293
+
1294
  $filename = WP_CONTENT_DIR . '/bps-backup/logs/db_backup_log.txt';
1295
 
1296
  if ( file_exists($filename) ) {
1297
  $gmt_offset = get_option( 'gmt_offset' ) * 3600;
1298
  $timestamp = date_i18n(get_option('date_format').' - '.get_option('time_format'), filemtime($filename) + $gmt_offset);
1299
 
1300
+ $text = '<strong>'. __('DB Backup Log Last Modified Time: ', 'bulletproof-security').'<font color="#2271b1">'.$timestamp.'</font></strong><br><br>';
1301
+ echo $text;
1302
  }
1303
  }
1304
  bpsPro_DBB_Log_LastMod();
1310
  $DBBLogMaster = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/db_backup_log.txt';
1311
 
1312
  copy($DBBLogMaster, $DBBLog);
1313
+
1314
  echo $bps_topDiv;
1315
  $text = '<font color="green"><strong>'.__('Success! Your DB Backup Log file has been deleted and replaced with a new blank DB Backup Log file.', 'bulletproof-security').'</strong></font>';
1316
  echo $text;
1335
 
1336
  if ( file_exists($dbb_log) ) {
1337
  $dbb_log = file_get_contents($dbb_log);
1338
+
1339
+ return esc_textarea($dbb_log);
1340
 
1341
  } else {
1342
 
1347
 
1348
  // Form: DB Backup Log editor
1349
  if ( current_user_can('manage_options') ) {
1350
+
1351
  $dbb_log = WP_CONTENT_DIR . '/bps-backup/logs/db_backup_log.txt';
1352
  $write_test = "";
1353
 
1356
  exit;
1357
  }
1358
 
1359
+ if ( fwrite($handle, $write_test) === false ) {
1360
  exit;
1361
  }
1362
 
1363
+ fclose($handle);
1364
+
1365
  $text = '<font color="green" style="font-size:12px;"><strong>'.__('File Open and Write test successful! Your DB Backup Log file is writable.', 'bulletproof-security').'</strong></font><br>';
1366
  echo $text;
 
1367
  }
1368
+ }
1369
 
1370
  if ( isset( $_POST['Submit-DBB-Log'] ) && current_user_can('manage_options') ) {
1371
  check_admin_referer( 'bulletproof_security_save_dbb_log' );
1372
+
1373
  $newcontentdbb = stripslashes( $_POST['newcontentdbb'] );
1374
 
1375
  if ( is_writable($dbb_log) ) {
1376
  $handle = fopen($dbb_log, 'w+b');
1377
  fwrite($handle, $newcontentdbb);
1378
+ $text = '<font color="green" style="font-size:12px;"><strong>'.__('Success! Your DB Backup Log file has been updated.', 'bulletproof-security').'</strong></font><br>';
1379
+ echo $text;
1380
+
1381
+ fclose($handle);
1382
  }
1383
  }
1384
 
1444
  </div>
1445
 
1446
  <?php
1447
+
1448
+ echo '<div id="DBPrefixText" style="width:90%;padding-bottom:20px;">';
1449
+ $text = '<span style="font-size:1.13em;">'.__('Your current WordPress Database Table Prefix is: ', 'bulletproof-security').'<strong><font color="#2271b1">'.$wpdb->base_prefix .'</span><br><br><span class="bps-dbb-small-text">'.__('NOTES: ', 'bulletproof-security').'<br>'.__('1. It is recommended that you backup your database before using this tool.', 'bulletproof-security').'<br>'.__('2. If you want to create your own DB Table Prefix name or add additional characters to the randomly generated DB Table Prefix name below then ONLY use lowercase letters, numbers and underscores in your DB Table Prefix name.', 'bulletproof-security').'<br>'.__('3. The maximum length limitation of a DB Table name, including the table prefix is 64 characters. See the DB Table Names & Character Length Table to the right.', 'bulletproof-security').'<br>'.__('4. To change your DB Table Prefix name back to the WordPress default DB Table Prefix name, enter wp_ for the DB Table Prefix name.', 'bulletproof-security').'</span></font></strong>';
1450
+ echo $text;
1451
+ echo '</div>';
 
1452
 
1453
  // Form: DB Table Prefix Changer
1454
  if ( isset( $_POST['Submit-DB-Table-Prefix'] ) && current_user_can('manage_options') ) {
1455
  check_admin_referer( 'bulletproof_security_table_prefix_changer' );
1456
+
1457
  set_time_limit(300);
1458
 
1459
+ if ( preg_match( '|[^a-zA-Z0-9_]|', $_POST['DBTablePrefix'] ) ) {
1460
 
1461
  echo $bps_topDiv;
1462
  $text = '<strong><font color="#fb0101">'.__('ERROR: The DB Table Prefix name can only contain numbers, lowercase letters, and underscores.', 'bulletproof-security').'</font></strong>';
1463
  echo $text;
1464
  echo $bps_bottomDiv;
1465
+
1466
+ return;
1467
 
1468
  } else {
1469
 
1554
  } // end if ( file_exists($filename) ) {
1555
  }
1556
 
1557
+ // Random DB Table Prefix Name generator
1558
+ // Notes: If an external/remote form is submitted the WP nonce is not checked.
1559
+ // Adding validation and sanitization directly in the form input field protects against external/remote form exploits.
1560
+ if ( current_user_can('manage_options') ) {
1561
+
1562
  $str = '1234567890abcdefghijklmnopqrstuvxyz';
1563
  $prefix_obs = substr( str_shuffle($str), 0, 6 ).'_';
1564
+
1565
+ if ( ! isset( $_POST['DBTablePrefix'] ) ) {
1566
+ $DBTablePrefix = $prefix_obs;
1567
+ } else {
1568
+
1569
+ if ( preg_match( '|[^a-zA-Z0-9_]|', $_POST['DBTablePrefix'] ) ) {
1570
+ $DBTablePrefix = isset( $_POST['DBTablePrefix'] ) ? $_POST['DBTablePrefix'] : $prefix_obs;
1571
+ } else {
1572
+ // Don't actually need this condition since the Form returns if the db prefix is not a valid name
1573
+ $DBTablePrefix = $prefix_obs;
1574
+ }
1575
+ }
1576
+ }
1577
  ?>
1578
 
1579
  <form name="bpsTablePrefixChanger" action="<?php echo admin_url( 'admin.php?page=bulletproof-security/admin/db-backup-security/db-backup-security.php#bps-tabs-3' ); ?>" method="post">
1580
  <?php wp_nonce_field('bulletproof_security_table_prefix_changer'); ?>
1581
  <div>
1582
  <strong><label for="bpsTablePrefix"><?php _e('Randomly Generated DB Table Prefix', 'bulletproof-security'); ?></label></strong><br />
1583
+ <input type="text" name="DBTablePrefix" value="<?php echo esc_html($DBTablePrefix); ?>" class="table-prefix-changer" style="width:152px" /> <br />
1584
  <div style="margin:10px 0px">
1585
  <input type="submit" name="Submit-DB-Table-Prefix" value="<?php esc_attr_e('Change DB Table Prefix', 'bulletproof-security') ?>" class="button bps-button" onclick="bpsSpinnerTablePrefix()" />
1586
  </div>
1746
  echo "</form>";
1747
  echo '</div>';
1748
 
 
 
1749
  ?>
1750
 
1751
  <script type="text/javascript">
1792
  </tr>
1793
  </table>
1794
  </div>
1795
+ <?php echo $bps_footer; ?>
 
 
1796
  </div>
1797
  <style>
1798
  <!--
admin/email-log-settings/email-log-settings.php CHANGED
@@ -33,7 +33,7 @@ if ( isset( $ScrollTop_options['bps_scrolltop'] ) && $ScrollTop_options['bps_scr
33
 
34
  <?php
35
  // General all purpose "Settings Saved." message for forms
36
- if ( current_user_can('manage_options') && wp_script_is( 'bps-accordion', $list = 'queue' ) ) {
37
  if ( isset( $_GET['settings-updated'] ) && $_GET['settings-updated'] == true ) {
38
  $text = '<p style="font-size:1em;font-weight:bold;padding:2px 0px 2px 5px;margin:0px -11px 0px -11px;background-color:#dfecf2;-webkit-box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);""><font color="green"><strong>'.__('Settings Saved', 'bulletproof-security').'</strong></font></p>';
39
  echo $text;
@@ -227,10 +227,18 @@ if ( isset( $_POST['bpsResetDismissSubmit'] ) && current_user_can('manage_option
227
  }
228
 
229
  if ( ! delete_user_meta($user_id, 'bpsPro_ignore_bpspro_sale_notice') ) {
230
- $text = __('The BPS Pro 25% off sale January 24th - January 31st Notice is NOT set. Nothing to reset.', 'bulletproof-security').'<br>';
231
  echo $text;
232
  } else {
233
- $text = '<span style="color:#008000;">'.__('Success! The BPS Pro 25% off sale January 24th - January 31st Notice is reset.', 'bulletproof-security').'</span><br>';
 
 
 
 
 
 
 
 
234
  echo $text;
235
  }
236
 
@@ -293,11 +301,11 @@ if ( isset( $_POST['bpsResetDismissSubmit'] ) && current_user_can('manage_option
293
  <div id="EmailOptions" style="width:100%;">
294
 
295
  <form name="bpsEmailAlerts" action="options.php" method="post">
296
- <?php settings_fields('bulletproof_security_options_email'); ?>
297
- <?php $options = get_option('bulletproof_security_options_email');
298
  $admin_email = get_option('admin_email');
299
- $bps_send_email_to = ! isset($options['bps_send_email_to']) ? '' : $options['bps_send_email_to'];
300
- $bps_send_email_from = ! isset($options['bps_send_email_from']) ? '' : $options['bps_send_email_from'];
301
  $bps_send_email_cc = ! isset($options['bps_send_email_cc']) ? '' : $options['bps_send_email_cc'];
302
  $bps_send_email_bcc = ! isset($options['bps_send_email_bcc']) ? '' : $options['bps_send_email_bcc'];
303
  $bps_login_security_email = ! isset($options['bps_login_security_email']) ? '' : $options['bps_login_security_email'];
@@ -311,16 +319,16 @@ if ( isset( $_POST['bpsResetDismissSubmit'] ) && current_user_can('manage_option
311
  $bps_plugin_updates_email = ! isset($options['bps_plugin_updates_email']) ? '' : $options['bps_plugin_updates_email'];
312
  $bps_theme_updates_frequency = ! isset($options['bps_theme_updates_frequency']) ? '' : $options['bps_theme_updates_frequency'];
313
  $bps_theme_updates_email = ! isset($options['bps_theme_updates_email']) ? '' : $options['bps_theme_updates_email'];
314
- ?>
315
 
316
  <table border="0">
317
  <tr>
318
  <td><label for="bps-monitor-email"><?php _e('Send Email Alerts & Log Files To:', 'bulletproof-security'); ?> </label><br />
319
- <input type="text" name="bulletproof_security_options_email[bps_send_email_to]" class="regular-text-340" value="<?php if ( $bps_send_email_to != '' ) { echo esc_html( $bps_send_email_to ); } else { echo esc_html( $admin_email ); } ?>" /></td>
320
  </tr>
321
  <tr>
322
  <td><label for="bps-monitor-email"><?php _e('Send Email Alerts & Log Files From:', 'bulletproof-security'); ?> </label><br />
323
- <input type="text" name="bulletproof_security_options_email[bps_send_email_from]" class="regular-text-340" value="<?php if ( $bps_send_email_from != '' ) { echo esc_html( $bps_send_email_from ); } else { echo esc_html( $admin_email ); } ?>" /></td>
324
  </tr>
325
  <tr>
326
  <td><label for="bps-monitor-email"><?php _e('Send Email Alerts & Log Files Cc:', 'bulletproof-security'); ?> </label><br />
@@ -409,12 +417,6 @@ if ( isset( $_POST['bpsResetDismissSubmit'] ) && current_user_can('manage_option
409
  </tr>
410
  </table>
411
 
412
- <!-- <strong><label for="bps-monitor-email" style="margin:0px 0px 0px 0px;"><?php //_e('BPS Plugin Upgrade Email Notification', 'bulletproof-security'); ?></label></strong><br />
413
- <select name="bulletproof_security_options_email[bps_upgrade_email]" class="form-340">
414
- <option value="yes" <?php //selected( $bps_upgrade_email, 'yes'); ?>><?php //_e('Send Email Alerts', 'bulletproof-security'); ?></option>
415
- <option value="no" <?php //selected( $bps_upgrade_email, 'no'); ?>><?php //_e('Do Not Send Email Alerts', 'bulletproof-security'); ?></option>
416
- </select><br /><br /> -->
417
-
418
  <input type="hidden" name="bpsEMA" value="bps-EMA" />
419
  <input type="submit" name="bpsEmailAlertSubmit" class="button bps-button" style="margin:15px 0px 20px 0px;" value="<?php esc_attr_e('Save Options', 'bulletproof-security') ?>" />
420
  </form>
@@ -444,8 +446,6 @@ if ( isset( $_POST['bpsResetDismissSubmit'] ) && current_user_can('manage_option
444
  </tr>
445
  </table>
446
  </div>
447
-
448
- <div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION; ?> Plugin by <a href="https://www.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
449
- </div>
450
  </div>
451
  </div>
33
 
34
  <?php
35
  // General all purpose "Settings Saved." message for forms
36
+ if ( current_user_can('manage_options') ) {
37
  if ( isset( $_GET['settings-updated'] ) && $_GET['settings-updated'] == true ) {
38
  $text = '<p style="font-size:1em;font-weight:bold;padding:2px 0px 2px 5px;margin:0px -11px 0px -11px;background-color:#dfecf2;-webkit-box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);""><font color="green"><strong>'.__('Settings Saved', 'bulletproof-security').'</strong></font></p>';
39
  echo $text;
227
  }
228
 
229
  if ( ! delete_user_meta($user_id, 'bpsPro_ignore_bpspro_sale_notice') ) {
230
+ $text = __('The BPS Pro Sale Notice is NOT set. Nothing to reset.', 'bulletproof-security').'<br>';
231
  echo $text;
232
  } else {
233
+ $text = '<span style="color:#008000;">'.__('Success! The BPS Pro Sale Notice is reset.', 'bulletproof-security').'</span><br>';
234
+ echo $text;
235
+ }
236
+
237
+ if ( ! delete_user_meta($user_id, 'bpsPro_hud_new_feature_notice') ) {
238
+ $text = __('The New Feature Notice is NOT set. Nothing to reset.', 'bulletproof-security').'<br>';
239
+ echo $text;
240
+ } else {
241
+ $text = '<span style="color:#008000;">'.__('Success! The New Feature Notice is reset.', 'bulletproof-security').'</span><br>';
242
  echo $text;
243
  }
244
 
301
  <div id="EmailOptions" style="width:100%;">
302
 
303
  <form name="bpsEmailAlerts" action="options.php" method="post">
304
+ <?php settings_fields('bulletproof_security_options_email');
305
+ $options = get_option('bulletproof_security_options_email');
306
  $admin_email = get_option('admin_email');
307
+ $bps_send_email_to = ! empty($options['bps_send_email_to']) ? $options['bps_send_email_to'] : $admin_email;
308
+ $bps_send_email_from = ! empty($options['bps_send_email_from']) ? $options['bps_send_email_from'] : $admin_email;
309
  $bps_send_email_cc = ! isset($options['bps_send_email_cc']) ? '' : $options['bps_send_email_cc'];
310
  $bps_send_email_bcc = ! isset($options['bps_send_email_bcc']) ? '' : $options['bps_send_email_bcc'];
311
  $bps_login_security_email = ! isset($options['bps_login_security_email']) ? '' : $options['bps_login_security_email'];
319
  $bps_plugin_updates_email = ! isset($options['bps_plugin_updates_email']) ? '' : $options['bps_plugin_updates_email'];
320
  $bps_theme_updates_frequency = ! isset($options['bps_theme_updates_frequency']) ? '' : $options['bps_theme_updates_frequency'];
321
  $bps_theme_updates_email = ! isset($options['bps_theme_updates_email']) ? '' : $options['bps_theme_updates_email'];
322
+ ?>
323
 
324
  <table border="0">
325
  <tr>
326
  <td><label for="bps-monitor-email"><?php _e('Send Email Alerts & Log Files To:', 'bulletproof-security'); ?> </label><br />
327
+ <input type="text" name="bulletproof_security_options_email[bps_send_email_to]" class="regular-text-340" value="<?php echo esc_html( $bps_send_email_to ); ?>" /></td>
328
  </tr>
329
  <tr>
330
  <td><label for="bps-monitor-email"><?php _e('Send Email Alerts & Log Files From:', 'bulletproof-security'); ?> </label><br />
331
+ <input type="text" name="bulletproof_security_options_email[bps_send_email_from]" class="regular-text-340" value="<?php echo esc_html( $bps_send_email_from ); ?>" /></td>
332
  </tr>
333
  <tr>
334
  <td><label for="bps-monitor-email"><?php _e('Send Email Alerts & Log Files Cc:', 'bulletproof-security'); ?> </label><br />
417
  </tr>
418
  </table>
419
 
 
 
 
 
 
 
420
  <input type="hidden" name="bpsEMA" value="bps-EMA" />
421
  <input type="submit" name="bpsEmailAlertSubmit" class="button bps-button" style="margin:15px 0px 20px 0px;" value="<?php esc_attr_e('Save Options', 'bulletproof-security') ?>" />
422
  </form>
446
  </tr>
447
  </table>
448
  </div>
449
+ <?php echo $bps_footer; ?>
 
 
450
  </div>
451
  </div>
admin/htaccess/bps-maintenance-values.php CHANGED
@@ -4,7 +4,7 @@ $bps_maint_countdown_timer = '';
4
  $bps_maint_countdown_timer_color = '';
5
  $bps_maint_time = '';
6
  $bps_maint_retry_after = '';
7
- $bps_maint_text = "";
8
  $bps_maint_background_images = '';
9
  $bps_maint_center_images = '';
10
  $bps_maint_background_color = '';
4
  $bps_maint_countdown_timer_color = '';
5
  $bps_maint_time = '';
6
  $bps_maint_retry_after = '';
7
+ $bps_maint_text = '';
8
  $bps_maint_background_images = '';
9
  $bps_maint_center_images = '';
10
  $bps_maint_background_color = '';
admin/htaccess/bps-maintenance.php CHANGED
@@ -46,26 +46,64 @@ function bps_get_wp_root_install_folder() {
46
  $timestamp = date_i18n( get_option('date_format'), strtotime("11/15-1976") ) . ' - ' . date_i18n( get_option('time_format'), $timeNow + $gmt_offset );
47
  }
48
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
49
  $bpsPro_http_referer = false;
 
50
  if ( array_key_exists('HTTP_REFERER', $_SERVER) ) {
51
- $bpsPro_http_referer = $_SERVER['HTTP_REFERER'];
 
 
 
 
 
 
52
  }
53
 
54
- if ( $_SERVER['REQUEST_URI'] != bps_get_wp_root_install_folder() . '0' ) {
55
 
56
- $log_contents = "\r\n" . '[Maintenance Mode - Visitor Logged: ' . $timestamp . ']' . "\r\n" . 'BPS: ' . $bps_version ."\r\n" . 'WP: ' . $wp_version . "\r\n" . 'REMOTE_ADDR: '.$bpsPro_remote_addr . "\r\n" . 'Host Name: ' . $hostname . "\r\n" . 'SERVER_PROTOCOL: ' . $_SERVER['SERVER_PROTOCOL'] . "\r\n" . 'HTTP_CLIENT_IP: ' . $bpsPro_http_client_ip . "\r\n" . 'HTTP_FORWARDED: ' . $bpsPro_http_forwarded . "\r\n" . 'HTTP_X_FORWARDED_FOR: ' . $bpsPro_http_x_forwarded_for . "\r\n" . 'HTTP_X_CLUSTER_CLIENT_IP: ' . $bpsPro_http_x_cluster_client_ip."\r\n" . 'REQUEST_METHOD: '.$_SERVER['REQUEST_METHOD']."\r\n" . 'HTTP_REFERER: '.$bpsPro_http_referer."\r\n" . 'REQUEST_URI: '.$_SERVER['REQUEST_URI']."\r\n" . 'QUERY_STRING: '.$query_string."\r\n" . 'HTTP_USER_AGENT: '.$_SERVER['HTTP_USER_AGENT']."\r\n";
57
 
58
- if ( is_writable( $bpsProLog ) ) {
59
-
60
- if ( ! $handle = fopen( $bpsProLog, 'a' ) ) {
61
- exit;
62
- }
63
-
64
- if ( fwrite( $handle, $log_contents) === FALSE ) {
65
- exit;
66
- }
67
- }
68
- fclose($handle);
 
69
  }
70
  }
71
  # END VISITOR LOGGING
@@ -91,7 +129,7 @@ header('Pragma: no-cache' );
91
  body {
92
  font-family: Verdana, Arial, Helvetica, sans-serif;
93
  line-height: normal;
94
- background-color:<?php echo "$bps_maint_background_color"; ?>;
95
  }
96
 
97
  p { font-family: Verdana, Arial, Helvetica, sans-serif; background-color: transparent;}
@@ -154,7 +192,7 @@ p { font-family: Verdana, Arial, Helvetica, sans-serif; background-color: transp
154
  </style>
155
  </head>
156
 
157
- <body background="<?php echo "$bps_maint_background_images"; ?>">
158
  <div id="bps-mtable-div">
159
 
160
  <?php
@@ -185,7 +223,7 @@ p { font-family: Verdana, Arial, Helvetica, sans-serif; background-color: transp
185
  <tr>
186
  <td>
187
 
188
- <p><?php echo '<div id="center-text">' . "$bps_maint_text" . '</div><br>'; ?></p>
189
 
190
  <div id="countdown-container">
191
  <p id="bpscountdowntimer"></p>
46
  $timestamp = date_i18n( get_option('date_format'), strtotime("11/15-1976") ) . ' - ' . date_i18n( get_option('time_format'), $timeNow + $gmt_offset );
47
  }
48
 
49
+ $bpsPro_remote_addr = false;
50
+
51
+ if ( array_key_exists('REMOTE_ADDR', $_SERVER) ) {
52
+ $bpsPro_remote_addr = $_SERVER['REMOTE_ADDR'];
53
+ }
54
+
55
+ $bpsPro_http_client_ip = false;
56
+
57
+ if ( array_key_exists('HTTP_CLIENT_IP', $_SERVER) ) {
58
+ $bpsPro_http_client_ip = $_SERVER['HTTP_CLIENT_IP'];
59
+ }
60
+
61
+ $bpsPro_http_forwarded = false;
62
+
63
+ if ( array_key_exists('HTTP_FORWARDED', $_SERVER) ) {
64
+ $bpsPro_http_forwarded = $_SERVER['HTTP_FORWARDED'];
65
+ }
66
+
67
+ $bpsPro_http_x_forwarded_for = false;
68
+
69
+ if ( array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER) ) {
70
+ $bpsPro_http_x_forwarded_for = $_SERVER['HTTP_X_FORWARDED_FOR'];
71
+ }
72
+
73
+ $bpsPro_http_x_cluster_client_ip = false;
74
+
75
+ if ( array_key_exists('HTTP_X_CLUSTER_CLIENT_IP', $_SERVER) ) {
76
+ $bpsPro_http_x_cluster_client_ip = $_SERVER['HTTP_X_CLUSTER_CLIENT_IP'];
77
+ }
78
+
79
  $bpsPro_http_referer = false;
80
+
81
  if ( array_key_exists('HTTP_REFERER', $_SERVER) ) {
82
+ $bpsPro_http_referer = $_SERVER['HTTP_REFERER'];
83
+ }
84
+
85
+ $bpsPro_http_user_agent = false;
86
+
87
+ if ( array_key_exists('HTTP_USER_AGENT', $_SERVER) ) {
88
+ $bpsPro_http_user_agent = $_SERVER['HTTP_USER_AGENT'];
89
  }
90
 
91
+ if ( esc_html($_SERVER['REQUEST_URI']) != bps_get_wp_root_install_folder() . '0' ) {
92
 
93
+ $log_contents = "\r\n" . '[Maintenance Mode - Visitor Logged: ' . $timestamp . ']' . "\r\n" . 'BPS: ' . $bps_version ."\r\n" . 'WP: ' . $wp_version . "\r\n" . 'REMOTE_ADDR: '.$bpsPro_remote_addr . "\r\n" . 'Host Name: ' . $hostname . "\r\n" . 'SERVER_PROTOCOL: ' . $_SERVER['SERVER_PROTOCOL'] . "\r\n" . 'HTTP_CLIENT_IP: ' . $bpsPro_http_client_ip . "\r\n" . 'HTTP_FORWARDED: ' . $bpsPro_http_forwarded . "\r\n" . 'HTTP_X_FORWARDED_FOR: ' . $bpsPro_http_x_forwarded_for . "\r\n" . 'HTTP_X_CLUSTER_CLIENT_IP: ' . $bpsPro_http_x_cluster_client_ip."\r\n" . 'REQUEST_METHOD: '.$_SERVER['REQUEST_METHOD']."\r\n" . 'HTTP_REFERER: '.$bpsPro_http_referer."\r\n" . 'REQUEST_URI: '.$_SERVER['REQUEST_URI']."\r\n" . 'QUERY_STRING: '.$query_string."\r\n" . 'HTTP_USER_AGENT: '.$bpsPro_http_user_agent."\r\n";
94
 
95
+ if ( is_writable( $bpsProLog ) ) {
96
+
97
+ if ( ! $handle = fopen( $bpsProLog, 'a' ) ) {
98
+ exit;
99
+ }
100
+
101
+ if ( fwrite( $handle, $log_contents) === false ) {
102
+ exit;
103
+ }
104
+
105
+ fclose($handle);
106
+ }
107
  }
108
  }
109
  # END VISITOR LOGGING
129
  body {
130
  font-family: Verdana, Arial, Helvetica, sans-serif;
131
  line-height: normal;
132
+ background-color:<?php echo $bps_maint_background_color; ?>;
133
  }
134
 
135
  p { font-family: Verdana, Arial, Helvetica, sans-serif; background-color: transparent;}
192
  </style>
193
  </head>
194
 
195
+ <body background="<?php echo $bps_maint_background_images; ?>">
196
  <div id="bps-mtable-div">
197
 
198
  <?php
223
  <tr>
224
  <td>
225
 
226
+ <p><?php echo '<div id="center-text">' . $bps_maint_text . '</div><br>'; ?></p>
227
 
228
  <div id="countdown-container">
229
  <p id="bpscountdowntimer"></p>
admin/htaccess/bps-mu-tools.php CHANGED
@@ -1,8 +1,8 @@
1
  <?php
2
  /*
3
  Plugin Name: BPS MU Tools
4
- Description: To turn On any of these WordPress Automatic Update options/filters click the links. When any of these WordPress Automatic Update options/filters are turned On that means that particular WP Automatic Update option/filter is enabled and the link will be displayed in green font. When any of these WordPress Automatic Update options/filters are turned Off that means that particular WP Automatic Update option/filter is not in use. It does not mean that particular WP Automatic Update filter is disabling or turning Off a particular WP Automatic Update. For additional help info about each of these WordPress Automatic Update options/filters click the "WordPress Automatic Update Help Forum Topic" link below. &bull; Disable all Updates: On = All WordPress Automatic Updates: Core, Plugins, Themes and Translations will be disabled. &bull; Disable all Core Updates: On = All WordPress Core Automatic Updates: Development, Minor and Major versions are disabled. &bull; Enable all Core Updates: On = All WordPress Core Automatic Updates: Development, Minor and Major versions are enabled. &bull; Enable Development Updates: On = WordPress Core Automatic Updates are enabled for Development WP versions. &bull; Enable Minor Updates: On = WordPress Core Automatic Updates are enabled for Minor WP versions. &bull; Enable Major Updates: On = WordPress Core Automatic Updates are enabled for Major WP versions.
5
- Version: 8.0
6
  Author: AITpro
7
  Author URI: https://forum.ait-pro.com/forums/forum/bulletproof-security-free/
8
  License: GPLv2 or later
@@ -10,6 +10,7 @@ License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
  */
11
 
12
  ## IMPORTANT!!!!: error_reporting(0); cannot be used generally in this file or all PHP Error Logging will be broken, but can be used safely within certain conditions.
 
13
  ## Important Note: If you would like to add additional customizations to this file it is recommended that you make a copy of this file after you make any customizations.
14
  ## Most likely additional things will be added/created in this BPS Pro must-use file at a later time.
15
  ## If you customize this BPS file then you will lose your customizations if/when this file is updated in the future.
@@ -20,6 +21,7 @@ License URI: http://www.gnu.org/licenses/gpl-2.0.html
20
  ## 3.2: Disabling all functions except for the BPS Plugin automatic update function.
21
  ## 4.2: Added WP Automatic Update options/filters. Removed the MU Tools Enable|Disable BPS Plugin AutoUpdates & Enable|Disable BPS Folder|Deactivation Checks code.
22
  ## 5.4: PHP error fix.
 
23
 
24
  ## Uncommenting these filters below and commenting out this BPS filter: add_filter( 'auto_update_plugin', 'bpsPro_autoupdate_bps_plugin', 10, 2 );
25
  ## will allow ALL plugin and theme automatic updates on your website. At a later time|version this BPS MU plugin file will include options to enable|disable these things.
@@ -85,7 +87,7 @@ function bpsPro_plugin_folder_check() {
85
  exit;
86
  }
87
 
88
- if ( fwrite( $handle, $log_contents) === FALSE ) {
89
  exit;
90
  }
91
 
@@ -169,7 +171,7 @@ function bpsPro_plugin_deactivation_check() {
169
  exit;
170
  }
171
 
172
- if ( fwrite( $handle, $log_contents) === FALSE ) {
173
  exit;
174
  }
175
 
@@ -495,8 +497,6 @@ bpsPro_wp_automatic_updates_free();
495
  // Add additional links on the BPS Must-Use plugins page
496
  function bpsPro_mu_plugin_extra_links_free($links, $file) {
497
  static $this_plugin;
498
- //if ( ! current_user_can('install_plugins') )
499
- //return $links;
500
  if ( ! $this_plugin ) $this_plugin = plugin_basename(__FILE__);
501
  if ( $file == $this_plugin ) {
502
  $links[] = '<a href="https://forum.ait-pro.com/forums/topic/wordpress-automatic-update-help-forum-topic-bps-must-use-plugin/" target="_blank" title="WordPress Automatic Update Help Forum Topic">' . __('WordPress Automatic Update Help Forum Topic', 'bulleproof-security').'</a>';
1
  <?php
2
  /*
3
  Plugin Name: BPS MU Tools
4
+ Description: For help info about these WordPress Automatic Update options/filters/links in the left column click the "WordPress Automatic Update Help Forum Topic" link below.
5
+ Version: 9.0
6
  Author: AITpro
7
  Author URI: https://forum.ait-pro.com/forums/forum/bulletproof-security-free/
8
  License: GPLv2 or later
10
  */
11
 
12
  ## IMPORTANT!!!!: error_reporting(0); cannot be used generally in this file or all PHP Error Logging will be broken, but can be used safely within certain conditions.
13
+ ## IMPORTANT!!! <style> tags cannot be used in a must-use plugin
14
  ## Important Note: If you would like to add additional customizations to this file it is recommended that you make a copy of this file after you make any customizations.
15
  ## Most likely additional things will be added/created in this BPS Pro must-use file at a later time.
16
  ## If you customize this BPS file then you will lose your customizations if/when this file is updated in the future.
21
  ## 3.2: Disabling all functions except for the BPS Plugin automatic update function.
22
  ## 4.2: Added WP Automatic Update options/filters. Removed the MU Tools Enable|Disable BPS Plugin AutoUpdates & Enable|Disable BPS Folder|Deactivation Checks code.
23
  ## 5.4: PHP error fix.
24
+ ## 5.8: Remove the excessive Description text. Was causing the GET links to display funky.
25
 
26
  ## Uncommenting these filters below and commenting out this BPS filter: add_filter( 'auto_update_plugin', 'bpsPro_autoupdate_bps_plugin', 10, 2 );
27
  ## will allow ALL plugin and theme automatic updates on your website. At a later time|version this BPS MU plugin file will include options to enable|disable these things.
87
  exit;
88
  }
89
 
90
+ if ( fwrite( $handle, $log_contents) === false ) {
91
  exit;
92
  }
93
 
171
  exit;
172
  }
173
 
174
+ if ( fwrite( $handle, $log_contents) === false ) {
175
  exit;
176
  }
177
 
497
  // Add additional links on the BPS Must-Use plugins page
498
  function bpsPro_mu_plugin_extra_links_free($links, $file) {
499
  static $this_plugin;
 
 
500
  if ( ! $this_plugin ) $this_plugin = plugin_basename(__FILE__);
501
  if ( $file == $this_plugin ) {
502
  $links[] = '<a href="https://forum.ait-pro.com/forums/topic/wordpress-automatic-update-help-forum-topic-bps-must-use-plugin/" target="_blank" title="WordPress Automatic Update Help Forum Topic">' . __('WordPress Automatic Update Help Forum Topic', 'bulleproof-security').'</a>';
admin/htaccess/secure.htaccess CHANGED
@@ -1,4 +1,4 @@
1
- # BULLETPROOF 5.7 SECURE .HTACCESS
2
 
3
  # PHP/PHP.INI HANDLER/CACHE CODE
4
  # Use BPS Custom Code to add php/php.ini Handler and Cache htaccess code and to save it permanently.
1
+ # BULLETPROOF 5.8 SECURE .HTACCESS
2
 
3
  # PHP/PHP.INI HANDLER/CACHE CODE
4
  # Use BPS Custom Code to add php/php.ini Handler and Cache htaccess code and to save it permanently.
admin/htaccess/wpadmin-secure.htaccess CHANGED
@@ -1,4 +1,4 @@
1
- # BULLETPROOF 5.7 WP-ADMIN SECURE .HTACCESS
2
 
3
  # DO NOT ADD URL REWRITING IN THIS FILE OR WORDPRESS WILL BREAK
4
  # RewriteRule ^(.*)$ - [F] works in /wp-admin without breaking WordPress
1
+ # BULLETPROOF 5.8 WP-ADMIN SECURE .HTACCESS
2
 
3
  # DO NOT ADD URL REWRITING IN THIS FILE OR WORDPRESS WILL BREAK
4
  # RewriteRule ^(.*)$ - [F] works in /wp-admin without breaking WordPress
admin/includes/admin.php CHANGED
@@ -162,6 +162,7 @@ register_setting('bulletproof_security_options_mscan_p_hash_new', 'bulletproof_s
162
  register_setting('bulletproof_security_options_mscan_plugin_hash', 'bulletproof_security_options_mscan_plugin_hash', 'bulletproof_security_options_validate_mscan_plugin_hash');
163
  register_setting('bulletproof_security_options_sec_log_post_limit', 'bulletproof_security_options_sec_log_post_limit', 'bulletproof_security_options_validate_sec_log_post_limit');
164
  register_setting('bulletproof_security_options_login_security_jtc', 'bulletproof_security_options_login_security_jtc', 'bulletproof_security_options_validate_login_security_jtc');
 
165
  register_setting('bulletproof_security_options_mu_wp_autoupdate', 'bulletproof_security_options_mu_wp_autoupdate', 'bulletproof_security_options_validate_mu_wp_autoupdate');
166
  register_setting('bulletproof_security_options_php_memory_limit', 'bulletproof_security_options_php_memory_limit', 'bulletproof_security_options_validate_php_memory_limit');
167
  register_setting('bulletproof_security_options_mscan_zip_upload', 'bulletproof_security_options_mscan_zip_upload', 'bulletproof_security_options_validate_mscan_zip_upload');
@@ -395,57 +396,60 @@ global $blog_id;
395
 
396
  if ( current_user_can('manage_options') ) {
397
 
398
- // Network/Multisite display partial BPS menus
399
- if ( is_multisite() && $blog_id != 1 ) {
400
-
401
- add_menu_page(__('htaccess File Options', 'bulletproof-security'), __('BPS Security', 'bulletproof-security'), 'manage_options', 'bulletproof-security/admin/login/login.php', '', plugins_url('bulletproof-security/admin/images/bps-icon-small.png'));
402
- add_submenu_page('bulletproof-security/admin/login/login.php', __('Login Security Options', 'bulletproof-security'), __('Login Security', 'bulletproof-security'), 'manage_options', 'bulletproof-security/admin/login/login.php' );
403
- add_submenu_page('bulletproof-security/admin/login/login.php', __('Login Security Options', 'bulletproof-security'), __('JTC-Lite', 'bulletproof-security'), 'manage_options', 'admin.php?page=bulletproof-security/admin/login/login.php#bps-tabs-2' );
404
-
405
- // Do not display the Maintenance Mode menu for GDMW hosted sites
406
- $BPS_wpadmin_Options = get_option('bulletproof_security_options_htaccess_res');
407
- $GDMW_options = get_option('bulletproof_security_options_GDMW');
408
- if ( isset($BPS_wpadmin_Options['bps_wpadmin_restriction']) && $BPS_wpadmin_Options['bps_wpadmin_restriction'] != 'disabled' || isset($GDMW_options['bps_gdmw_hosting']) && $GDMW_options['bps_gdmw_hosting'] != 'yes' ) {
409
- add_submenu_page('bulletproof-security/admin/login/login.php', __('Maintenance Mode', 'bulletproof-security'), __('Maintenance Mode', 'bulletproof-security'), 'manage_options', 'bulletproof-security/admin/maintenance/maintenance.php' );
410
- }
411
 
412
- // 3.2: Setup Wizard Option: Multisite Hide|Display System Info Page for Subsites
413
- $Mu_Sysinfo_page_options = get_option('bulletproof_security_options_mu_sysinfo');
414
- if ( isset($Mu_Sysinfo_page_options['bps_sysinfo_hide_display']) && $Mu_Sysinfo_page_options['bps_sysinfo_hide_display'] != 'hide' ) {
415
- add_submenu_page('bulletproof-security/admin/login/login.php', __('System Info', 'bulletproof-security'), __('System Info', 'bulletproof-security'), 'manage_options', 'bulletproof-security/admin/system-info/system-info.php' );
416
- }
417
-
418
- add_submenu_page('bulletproof-security/admin/login/login.php', __('UI|UX Options', 'bulletproof-security'), __('UI|UX Options', 'bulletproof-security'), 'manage_options', 'bulletproof-security/admin/theme-skin/theme-skin.php' );
419
-
420
- } else {
421
-
422
- add_menu_page(__('htaccess File Options', 'bulletproof-security'), __('BPS Security', 'bulletproof-security'), 'manage_options', 'bulletproof-security/admin/core/core.php', '', plugins_url('bulletproof-security/admin/images/bps-icon-small.png'));
423
- add_submenu_page('bulletproof-security/admin/core/core.php', __('htaccess File Options', 'bulletproof-security'), __('htaccess File Options', 'bulletproof-security'), 'manage_options', 'bulletproof-security/admin/core/core.php' );
424
- add_submenu_page('bulletproof-security/admin/core/core.php', __('MScan Malware Scanner', 'bulletproof-security'), __('MScan', 'bulletproof-security'), 'manage_options', 'bulletproof-security/admin/mscan/mscan.php' );
425
- add_submenu_page('bulletproof-security/admin/core/core.php', __('Login Security Options', 'bulletproof-security'), __('Login Security', 'bulletproof-security'), 'manage_options', 'bulletproof-security/admin/login/login.php' );
426
- add_submenu_page('bulletproof-security/admin/core/core.php', __('Login Security Options', 'bulletproof-security'), __('JTC-Lite', 'bulletproof-security'), 'manage_options', 'admin.php?page=bulletproof-security/admin/login/login.php#bps-tabs-2' );
427
- add_submenu_page('bulletproof-security/admin/core/core.php', __('Login Security Options', 'bulletproof-security'), __('Idle Session Logout<br>Cookie Expiration', 'bulletproof-security'), 'manage_options', 'admin.php?page=bulletproof-security/admin/login/login.php#bps-tabs-3' );
428
- add_submenu_page('bulletproof-security/admin/core/core.php', __('DB Backup & Security', 'bulletproof-security'), __('DB Backup', 'bulletproof-security'), 'manage_options', 'bulletproof-security/admin/db-backup-security/db-backup-security.php' );
429
- add_submenu_page('bulletproof-security/admin/core/core.php', __('Security Log', 'bulletproof-security'), __('Security Log', 'bulletproof-security'), 'manage_options', 'bulletproof-security/admin/security-log/security-log.php' );
430
-
431
- // Do not display the Maintenance Mode menu for GDMW hosted sites
432
- $BPS_wpadmin_Options = get_option('bulletproof_security_options_htaccess_res');
433
- $GDMW_options = get_option('bulletproof_security_options_GDMW');
434
- if ( isset( $BPS_wpadmin_Options['bps_wpadmin_restriction'] ) && $BPS_wpadmin_Options['bps_wpadmin_restriction'] != 'disabled' || isset( $GDMW_options['bps_gdmw_hosting'] ) && $GDMW_options['bps_gdmw_hosting'] != 'yes' ) {
435
- add_submenu_page('bulletproof-security/admin/core/core.php', __('Maintenance Mode', 'bulletproof-security'), __('Maintenance Mode', 'bulletproof-security'), 'manage_options', 'bulletproof-security/admin/maintenance/maintenance.php' );
436
- }
437
 
438
- add_submenu_page('bulletproof-security/admin/core/core.php', __('System Info', 'bulletproof-security'), __('System Info', 'bulletproof-security'), 'manage_options', 'bulletproof-security/admin/system-info/system-info.php' );
439
- add_submenu_page('bulletproof-security/admin/core/core.php', __('Alerts|Logs|Email Options', 'bulletproof-security'), __('Alerts|Logs|Email Options', 'bulletproof-security'), 'manage_options', 'bulletproof-security/admin/email-log-settings/email-log-settings.php' );
440
- add_submenu_page('bulletproof-security/admin/core/core.php', __('UI|UX Options', 'bulletproof-security'), __('UI|UX Options', 'bulletproof-security'), 'manage_options', 'bulletproof-security/admin/theme-skin/theme-skin.php' );
441
- add_submenu_page('bulletproof-security/admin/core/core.php', __('Setup Wizard', 'bulletproof-security'), __('Setup Wizard', 'bulletproof-security'), 'manage_options', 'bulletproof-security/admin/wizard/wizard.php' );
442
- // MScan Scan Status Page: hidden submenu. Necessary to avoid the "you don't have permission to view this page" error message.
443
- add_submenu_page( null, __('MScan Scan Status', 'bulletproof-security'), __('MScan Scan Status', 'bulletproof-security'), 'manage_options', 'bulletproof-security/admin/mscan/mscan-scan-status.php' );
444
-
445
- // Do not display a submenu|link: jQuery UI Dialog Pop up Form Uninstaller Options for BPS free
446
- add_submenu_page( null, __('BPS Plugin Uninstall Options', 'bulletproof-security'), __('BPS Plugin Uninstall Options', 'bulletproof-security'), 'manage_options', 'bulletproof-security/admin/includes/uninstall.php' );
447
 
448
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
449
  }
450
  }
451
 
@@ -454,6 +458,19 @@ function bulletproof_security_network_admin_menu() {
454
  add_submenu_page( null, __('BPS Plugin Uninstall Options', 'bulletproof-security'), __('BPS Plugin Uninstall Options', 'bulletproof-security'), 'manage_options', 'bulletproof-security/admin/includes/uninstall.php' );
455
  }
456
 
 
 
 
 
 
 
 
 
 
 
 
 
 
457
  $bpsPro_SLF_options = get_option('bulletproof_security_options_SLF');
458
 
459
  if ( isset($bpsPro_SLF_options['bps_slf_filter']) && $bpsPro_SLF_options['bps_slf_filter'] == 'On' ) {
@@ -659,13 +676,24 @@ add_action( 'wp_before_admin_bar_render', 'bpsPro_remove_non_wp_nodes_from_toolb
659
  // .53.8: Added Debug option
660
  function bpsPro_remove_non_wp_nodes_from_toolbar() {
661
 
 
 
 
 
 
 
 
 
 
 
 
 
662
  if ( preg_match( '/page=bulletproof-security/', esc_html($_SERVER['REQUEST_URI']), $matches ) ) {
663
 
664
  $UIWPToptions = get_option('bulletproof_security_options_wpt_nodes');
665
 
666
  if ( isset($UIWPToptions['bps_wpt_nodes']) && $UIWPToptions['bps_wpt_nodes'] != 'allnodes' ) {
667
 
668
- global $wp_admin_bar;
669
  $all_toolbar_nodes = $wp_admin_bar->get_nodes();
670
  $Debug_options = get_option('bulletproof_security_options_debug');
671
  $WPTB = 0;
@@ -765,7 +793,7 @@ $options = get_option('bulletproof_security_options_db_backup');
765
  }
766
  }
767
 
768
- $str = '1234567890abcdefghijklmnopqrstuvxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
769
  $folder_obs = substr( str_shuffle($str), 0, 15 );
770
  mkdir( WP_CONTENT_DIR . '/bps-backup/backups_' . $folder_obs, 0755, true );
771
  chmod( WP_CONTENT_DIR . '/bps-backup/backups_' . $folder_obs . '/', 0755 );
@@ -827,7 +855,8 @@ function bulletproof_security_deactivation() {
827
 
828
  // BPS Pro Uninstall Multisite: Get domain
829
  function bpsPro_network_domain_check_uninstall() {
830
- global $wpdb;
 
831
  if ( $wpdb->get_var( "SHOW TABLES LIKE '$wpdb->site'" ) )
832
  return $wpdb->get_var( "SELECT domain FROM $wpdb->site ORDER BY id ASC LIMIT 1" );
833
  return false;
@@ -835,9 +864,12 @@ function bpsPro_network_domain_check_uninstall() {
835
 
836
  // BPS Pro Uninstall Multisite: Get basedomain
837
  function bpsPro_get_clean_basedomain_uninstall() {
 
838
  if ( $existing_domain = bpsPro_network_domain_check_uninstall() )
839
- return $existing_domain;
 
840
  $domain = preg_replace( '|https?://|', '', get_option( 'siteurl' ) );
 
841
  if ( $slash = strpos( $domain, '/' ) )
842
  $domain = substr( $domain, 0, $slash );
843
  return $domain;
@@ -845,6 +877,7 @@ function bpsPro_get_clean_basedomain_uninstall() {
845
 
846
  // BPS Pro Uninstall Multisite: Get root folder
847
  function bps_wp_get_root_folder_uninstall() {
 
848
  if ( is_admin() && current_user_can('manage_options') ) {
849
  $site_root = parse_url(get_option('siteurl'));
850
  if ( isset( $site_root['path'] ) )
@@ -861,26 +894,30 @@ global $bpspro_version;
861
 
862
  if ( is_multisite() ) {
863
 
864
- $bps_get_wp_root_default = bps_wp_get_root_folder_uninstall();
865
-
866
- $hostname = bpsPro_get_clean_basedomain_uninstall();
867
- $slashed_home = trailingslashit( get_option( 'home' ) );
868
- $base = parse_url( $slashed_home, PHP_URL_PATH );
869
- $document_root_fix = str_replace( '\\', '/', realpath( $_SERVER['DOCUMENT_ROOT'] ) );
870
- $abspath_fix = str_replace( '\\', '/', ABSPATH );
871
- $home_path = 0 === strpos( $abspath_fix, $document_root_fix ) ? $document_root_fix . $base : get_home_path();
872
- $wp_siteurl_subdir = preg_replace( '#^' . preg_quote( $home_path, '#' ) . '#', '', $abspath_fix );
873
- $rewrite_base = ! empty( $wp_siteurl_subdir ) ? ltrim( trailingslashit( $wp_siteurl_subdir ), '/' ) : '';
874
- $subdomain_install = is_subdomain_install();
875
- $subdir_match = $subdomain_install ? '' : '([_0-9a-zA-Z-]+/)?';
876
- $subdir_replacement_01 = $subdomain_install ? '' : '$1';
877
- $subdir_replacement_12 = $subdomain_install ? '$1' : '$2';
878
 
879
- $ms_files_rewriting = '';
880
- if ( is_multisite() && get_site_option( 'ms_files_rewriting' ) ) {
881
- $ms_files_rewriting = "\n# uploaded files\nRewriteRule ^";
882
- $ms_files_rewriting .= $subdir_match . "files/(.+) {$rewrite_base}wp-includes/ms-files.php?file={$subdir_replacement_12} [L]" . "\n";
883
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
884
 
885
  $bps_default_content_top = "# BEGIN WordPress
886
  # The directives (lines) between \"BEGIN WordPress\" and \"END WordPress\" are
@@ -909,6 +946,7 @@ RewriteRule . index.php [L]
909
  $bps_root_htaccess_file = ABSPATH . '.htaccess';
910
 
911
  if ( file_exists( $bps_auto_write_default_file ) ) {
 
912
  copy($bps_auto_write_default_file, $bps_root_htaccess_file);
913
  $stringReplace = file_get_contents($bps_root_htaccess_file);
914
  $stringReplace = $bps_default_content_top.$bpsMUSDirTop.$bpsMUSDirBottom;
@@ -952,9 +990,10 @@ function bpsPro_pop_uninstall_bps_backup_folder($source) {
952
 
953
  // Uninstallation: Conditional Uninstall based on bps_pop_uninstall value: 2 == Complete BPS Plugin Uninstall or 1 == BPS Pro Upgrade Uninstall
954
  function bulletproof_security_uninstall() {
955
- $POPoptions = get_option('bulletproof_security_options_pop_uninstall');
956
 
957
- require_once ABSPATH . 'wp-admin/includes/plugin.php';
 
 
958
 
959
  if ( $POPoptions['bps_pop_uninstall'] == 2 ) {
960
 
@@ -975,12 +1014,13 @@ require_once ABSPATH . 'wp-admin/includes/plugin.php';
975
  if ( file_exists($RootHtaccess) ) {
976
  copy($RootHtaccess, $RootHtaccessBackup);
977
  }
 
978
  if ( file_exists($wpadminHtaccess) ) {
979
  copy($wpadminHtaccess, $wpadminHtaccessBackup);
980
  }
981
 
982
  delete_transient( 'bulletproof-security_info' );
983
-
984
  delete_option('bulletproof_security_options');
985
  delete_option('bulletproof_security_options_customcode');
986
  delete_option('bulletproof_security_options_customcode_WPA');
@@ -1039,6 +1079,7 @@ require_once ABSPATH . 'wp-admin/includes/plugin.php';
1039
  delete_option('bulletproof_security_options_mscan_zip_upload');
1040
  delete_option('bulletproof_security_options_mscan_report');
1041
  delete_option('bulletproof_security_options_zip_filename');
 
1042
  // will be adding this new upgrade notice option later
1043
  // delete_option('bulletproof_security_options_upgrade_notice');
1044
 
@@ -1076,6 +1117,8 @@ require_once ABSPATH . 'wp-admin/includes/plugin.php';
1076
  delete_user_meta($user_id, 'bps_ignore_root_version_check_notice');
1077
  delete_user_meta($user_id, 'bpsPro_ignore_mu_wp_automatic_updates_notice');
1078
  delete_user_meta($user_id, 'bpsPro_hud_owner_uid_check_notice');
 
 
1079
 
1080
  unlink($wpadminHtaccess);
1081
 
@@ -1107,6 +1150,7 @@ require_once ABSPATH . 'wp-admin/includes/plugin.php';
1107
  delete_option('bulletproof_security_options_rate_free');
1108
 
1109
  delete_user_meta($user_id, 'bps_ignore_autoupdate_notice');
 
1110
 
1111
  $autoupdate_muplugins_file = WP_CONTENT_DIR . '/mu-plugins/bps-plugin-autoupdate.php';
1112
  $bps_mu_tools_muplugins_file = WP_CONTENT_DIR . '/mu-plugins/bps-mu-tools.php';
@@ -1539,6 +1583,20 @@ function bulletproof_security_options_validate_MScan_status($input) {
1539
  return $options;
1540
  }
1541
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1542
  // MScan Scan Options: folders to scan, cron schedules, etc.
1543
  function bulletproof_security_options_validate_MScan($input) {
1544
  $options = get_option('bulletproof_security_options_MScan');
162
  register_setting('bulletproof_security_options_mscan_plugin_hash', 'bulletproof_security_options_mscan_plugin_hash', 'bulletproof_security_options_validate_mscan_plugin_hash');
163
  register_setting('bulletproof_security_options_sec_log_post_limit', 'bulletproof_security_options_sec_log_post_limit', 'bulletproof_security_options_validate_sec_log_post_limit');
164
  register_setting('bulletproof_security_options_login_security_jtc', 'bulletproof_security_options_login_security_jtc', 'bulletproof_security_options_validate_login_security_jtc');
165
+ register_setting('bulletproof_security_options_mscan_hash_status', 'bulletproof_security_options_mscan_hash_status', 'bulletproof_security_options_validate_mscan_hash_status');
166
  register_setting('bulletproof_security_options_mu_wp_autoupdate', 'bulletproof_security_options_mu_wp_autoupdate', 'bulletproof_security_options_validate_mu_wp_autoupdate');
167
  register_setting('bulletproof_security_options_php_memory_limit', 'bulletproof_security_options_php_memory_limit', 'bulletproof_security_options_validate_php_memory_limit');
168
  register_setting('bulletproof_security_options_mscan_zip_upload', 'bulletproof_security_options_mscan_zip_upload', 'bulletproof_security_options_validate_mscan_zip_upload');
396
 
397
  if ( current_user_can('manage_options') ) {
398
 
399
+ // Network/Multisite display partial BPS menus
400
+ if ( is_multisite() && $blog_id != 1 ) {
 
 
 
 
 
 
 
 
 
 
 
401
 
402
+ add_menu_page(__('htaccess File Options', 'bulletproof-security'), __('BPS Security', 'bulletproof-security'), 'manage_options', 'bulletproof-security/admin/login/login.php', '', plugins_url('bulletproof-security/admin/images/bps-icon-small.png'));
403
+ add_submenu_page('bulletproof-security/admin/login/login.php', __('Login Security Options', 'bulletproof-security'), __('Login Security', 'bulletproof-security'), 'manage_options', 'bulletproof-security/admin/login/login.php' );
404
+ add_submenu_page('bulletproof-security/admin/login/login.php', __('Login Security Options', 'bulletproof-security'), __('JTC-Lite', 'bulletproof-security'), 'manage_options', 'admin.php?page=bulletproof-security/admin/login/login.php#bps-tabs-2' );
405
+
406
+ // Do not display the Maintenance Mode menu for GDMW hosted sites
407
+ $BPS_wpadmin_Options = get_option('bulletproof_security_options_htaccess_res');
408
+ $GDMW_options = get_option('bulletproof_security_options_GDMW');
409
+
410
+ if ( isset($BPS_wpadmin_Options['bps_wpadmin_restriction']) && $BPS_wpadmin_Options['bps_wpadmin_restriction'] != 'disabled' || isset($GDMW_options['bps_gdmw_hosting']) && $GDMW_options['bps_gdmw_hosting'] != 'yes' ) {
411
+ add_submenu_page('bulletproof-security/admin/login/login.php', __('Maintenance Mode', 'bulletproof-security'), __('Maintenance Mode', 'bulletproof-security'), 'manage_options', 'bulletproof-security/admin/maintenance/maintenance.php' );
412
+ }
413
+
414
+ // 3.2: Setup Wizard Option: Multisite Hide|Display System Info Page for Subsites
415
+ $Mu_Sysinfo_page_options = get_option('bulletproof_security_options_mu_sysinfo');
416
+
417
+ if ( isset($Mu_Sysinfo_page_options['bps_sysinfo_hide_display']) && $Mu_Sysinfo_page_options['bps_sysinfo_hide_display'] != 'hide' ) {
418
+ add_submenu_page('bulletproof-security/admin/login/login.php', __('System Info', 'bulletproof-security'), __('System Info', 'bulletproof-security'), 'manage_options', 'bulletproof-security/admin/system-info/system-info.php' );
419
+ }
420
+
421
+ add_submenu_page('bulletproof-security/admin/login/login.php', __('UI|UX Options', 'bulletproof-security'), __('UI|UX Options', 'bulletproof-security'), 'manage_options', 'bulletproof-security/admin/theme-skin/theme-skin.php' );
 
 
 
 
 
422
 
423
+ } else {
 
 
 
 
 
 
 
 
424
 
425
+ add_menu_page(__('htaccess File Options', 'bulletproof-security'), __('BPS Security', 'bulletproof-security'), 'manage_options', 'bulletproof-security/admin/core/core.php', '', plugins_url('bulletproof-security/admin/images/bps-icon-small.png'));
426
+ add_submenu_page('bulletproof-security/admin/core/core.php', __('htaccess File Options', 'bulletproof-security'), __('htaccess File Options', 'bulletproof-security'), 'manage_options', 'bulletproof-security/admin/core/core.php' );
427
+ add_submenu_page('bulletproof-security/admin/core/core.php', __('MScan Malware Scanner', 'bulletproof-security'), __('MScan', 'bulletproof-security'), 'manage_options', 'bulletproof-security/admin/mscan/mscan.php' );
428
+ add_submenu_page('bulletproof-security/admin/core/core.php', __('Login Security Options', 'bulletproof-security'), __('Login Security', 'bulletproof-security'), 'manage_options', 'bulletproof-security/admin/login/login.php' );
429
+ add_submenu_page('bulletproof-security/admin/core/core.php', __('Login Security Options', 'bulletproof-security'), __('JTC-Lite', 'bulletproof-security'), 'manage_options', 'admin.php?page=bulletproof-security/admin/login/login.php#bps-tabs-2' );
430
+ add_submenu_page('bulletproof-security/admin/core/core.php', __('Login Security Options', 'bulletproof-security'), __('Idle Session Logout<br>Cookie Expiration', 'bulletproof-security'), 'manage_options', 'admin.php?page=bulletproof-security/admin/login/login.php#bps-tabs-3' );
431
+ add_submenu_page('bulletproof-security/admin/core/core.php', __('DB Backup & Security', 'bulletproof-security'), __('DB Backup', 'bulletproof-security'), 'manage_options', 'bulletproof-security/admin/db-backup-security/db-backup-security.php' );
432
+ add_submenu_page('bulletproof-security/admin/core/core.php', __('Security Log', 'bulletproof-security'), __('Security Log', 'bulletproof-security'), 'manage_options', 'bulletproof-security/admin/security-log/security-log.php' );
433
+
434
+ // Do not display the Maintenance Mode menu for GDMW hosted sites
435
+ $BPS_wpadmin_Options = get_option('bulletproof_security_options_htaccess_res');
436
+ $GDMW_options = get_option('bulletproof_security_options_GDMW');
437
+
438
+ if ( isset( $BPS_wpadmin_Options['bps_wpadmin_restriction'] ) && $BPS_wpadmin_Options['bps_wpadmin_restriction'] != 'disabled' || isset( $GDMW_options['bps_gdmw_hosting'] ) && $GDMW_options['bps_gdmw_hosting'] != 'yes' ) {
439
+ add_submenu_page('bulletproof-security/admin/core/core.php', __('Maintenance Mode', 'bulletproof-security'), __('Maintenance Mode', 'bulletproof-security'), 'manage_options', 'bulletproof-security/admin/maintenance/maintenance.php' );
440
+ }
441
+
442
+ add_submenu_page('bulletproof-security/admin/core/core.php', __('System Info', 'bulletproof-security'), __('System Info', 'bulletproof-security'), 'manage_options', 'bulletproof-security/admin/system-info/system-info.php' );
443
+ add_submenu_page('bulletproof-security/admin/core/core.php', __('Alerts|Logs|Email Options', 'bulletproof-security'), __('Alerts|Logs|Email Options', 'bulletproof-security'), 'manage_options', 'bulletproof-security/admin/email-log-settings/email-log-settings.php' );
444
+ add_submenu_page('bulletproof-security/admin/core/core.php', __('UI|UX Options', 'bulletproof-security'), __('UI|UX Options', 'bulletproof-security'), 'manage_options', 'bulletproof-security/admin/theme-skin/theme-skin.php' );
445
+ add_submenu_page('bulletproof-security/admin/core/core.php', __('Setup Wizard', 'bulletproof-security'), __('Setup Wizard', 'bulletproof-security'), 'manage_options', 'bulletproof-security/admin/wizard/wizard.php' );
446
+ // MScan Scan Status Page: hidden submenu. Necessary to avoid the "you don't have permission to view this page" error message.
447
+ add_submenu_page( '', __('MScan Scan Status', 'bulletproof-security'), __('MScan Scan Status', 'bulletproof-security'), 'manage_options', 'bulletproof-security/admin/mscan/mscan-scan-status.php' );
448
+
449
+ // Do not display a submenu|link: jQuery UI Dialog Pop up Form Uninstaller Options for BPS free
450
+ add_submenu_page( '', __('BPS Plugin Uninstall Options', 'bulletproof-security'), __('BPS Plugin Uninstall Options', 'bulletproof-security'), 'manage_options', 'bulletproof-security/admin/includes/uninstall.php' );
451
+
452
+ }
453
  }
454
  }
455
 
458
  add_submenu_page( null, __('BPS Plugin Uninstall Options', 'bulletproof-security'), __('BPS Plugin Uninstall Options', 'bulletproof-security'), 'manage_options', 'bulletproof-security/admin/includes/uninstall.php' );
459
  }
460
 
461
+ add_filter( 'admin_body_class', 'mscan_collapse_wp_nav_menu', 10, 1 );
462
+
463
+ // 5.8: Collapse the WP Nav menu on the mscan-scan-status.php page only.
464
+ function mscan_collapse_wp_nav_menu($classes) {
465
+
466
+ if ( is_admin() && preg_match( '/page=bulletproof-security.*mscan-scan-status.php/', esc_html($_SERVER['REQUEST_URI']) ) ) {
467
+ $classes .= ' folded';
468
+ return $classes;
469
+ } else {
470
+ return $classes;
471
+ }
472
+ }
473
+
474
  $bpsPro_SLF_options = get_option('bulletproof_security_options_SLF');
475
 
476
  if ( isset($bpsPro_SLF_options['bps_slf_filter']) && $bpsPro_SLF_options['bps_slf_filter'] == 'On' ) {
676
  // .53.8: Added Debug option
677
  function bpsPro_remove_non_wp_nodes_from_toolbar() {
678
 
679
+ global $wp_admin_bar;
680
+
681
+ // 5.8: Remove all nodes from the WP toolbar on the mscan scan status page only
682
+ if ( is_admin() && preg_match( '/page=bulletproof-security.*mscan-scan-status.php/', esc_html($_SERVER['REQUEST_URI']) ) ) {
683
+
684
+ $all_toolbar_nodes = $wp_admin_bar->get_nodes();
685
+
686
+ foreach ( $all_toolbar_nodes as $node ) {
687
+ $wp_admin_bar->remove_node( $node->id );
688
+ }
689
+ }
690
+
691
  if ( preg_match( '/page=bulletproof-security/', esc_html($_SERVER['REQUEST_URI']), $matches ) ) {
692
 
693
  $UIWPToptions = get_option('bulletproof_security_options_wpt_nodes');
694
 
695
  if ( isset($UIWPToptions['bps_wpt_nodes']) && $UIWPToptions['bps_wpt_nodes'] != 'allnodes' ) {
696
 
 
697
  $all_toolbar_nodes = $wp_admin_bar->get_nodes();
698
  $Debug_options = get_option('bulletproof_security_options_debug');
699
  $WPTB = 0;
793
  }
794
  }
795
 
796
+ $str = '1234567890abcdefghijklmnopqrstuvxyz';
797
  $folder_obs = substr( str_shuffle($str), 0, 15 );
798
  mkdir( WP_CONTENT_DIR . '/bps-backup/backups_' . $folder_obs, 0755, true );
799
  chmod( WP_CONTENT_DIR . '/bps-backup/backups_' . $folder_obs . '/', 0755 );
855
 
856
  // BPS Pro Uninstall Multisite: Get domain
857
  function bpsPro_network_domain_check_uninstall() {
858
+ global $wpdb;
859
+
860
  if ( $wpdb->get_var( "SHOW TABLES LIKE '$wpdb->site'" ) )
861
  return $wpdb->get_var( "SELECT domain FROM $wpdb->site ORDER BY id ASC LIMIT 1" );
862
  return false;
864
 
865
  // BPS Pro Uninstall Multisite: Get basedomain
866
  function bpsPro_get_clean_basedomain_uninstall() {
867
+
868
  if ( $existing_domain = bpsPro_network_domain_check_uninstall() )
869
+ return $existing_domain;
870
+
871
  $domain = preg_replace( '|https?://|', '', get_option( 'siteurl' ) );
872
+
873
  if ( $slash = strpos( $domain, '/' ) )
874
  $domain = substr( $domain, 0, $slash );
875
  return $domain;
877
 
878
  // BPS Pro Uninstall Multisite: Get root folder
879
  function bps_wp_get_root_folder_uninstall() {
880
+
881
  if ( is_admin() && current_user_can('manage_options') ) {
882
  $site_root = parse_url(get_option('siteurl'));
883
  if ( isset( $site_root['path'] ) )
894
 
895
  if ( is_multisite() ) {
896
 
897
+ $bps_get_wp_root_default = bps_wp_get_root_folder_uninstall();
 
 
 
 
 
 
 
 
 
 
 
 
 
898
 
899
+ $hostname = bpsPro_get_clean_basedomain_uninstall();
900
+ $slashed_home = trailingslashit( get_option( 'home' ) );
901
+ $base = parse_url( $slashed_home, PHP_URL_PATH );
902
+ $document_root_fix = str_replace( '\\', '/', realpath( $_SERVER['DOCUMENT_ROOT'] ) );
903
+ $abspath_fix = str_replace( '\\', '/', ABSPATH );
904
+ $home_path = 0 === strpos( $abspath_fix, $document_root_fix ) ? $document_root_fix . $base : get_home_path();
905
+ $wp_siteurl_subdir = preg_replace( '#^' . preg_quote( $home_path, '#' ) . '#', '', $abspath_fix );
906
+ $rewrite_base = ! empty( $wp_siteurl_subdir ) ? ltrim( trailingslashit( $wp_siteurl_subdir ), '/' ) : '';
907
+ $subdomain_install = is_subdomain_install();
908
+ $subdir_match = $subdomain_install ? '' : '([_0-9a-zA-Z-]+/)?';
909
+ $subdir_replacement_01 = $subdomain_install ? '' : '$1';
910
+ $subdir_replacement_12 = $subdomain_install ? '$1' : '$2';
911
+
912
+ $ms_files_rewriting = '';
913
+
914
+ ## IMPORTANT!!! Do not indent this code below. Whitespace will be created in the htaccess files.
915
+ ## At a later time, strip out any whitespace.
916
+
917
+ if ( is_multisite() && get_site_option( 'ms_files_rewriting' ) ) {
918
+ $ms_files_rewriting = "\n# uploaded files\nRewriteRule ^";
919
+ $ms_files_rewriting .= $subdir_match . "files/(.+) {$rewrite_base}wp-includes/ms-files.php?file={$subdir_replacement_12} [L]" . "\n";
920
+ }
921
 
922
  $bps_default_content_top = "# BEGIN WordPress
923
  # The directives (lines) between \"BEGIN WordPress\" and \"END WordPress\" are
946
  $bps_root_htaccess_file = ABSPATH . '.htaccess';
947
 
948
  if ( file_exists( $bps_auto_write_default_file ) ) {
949
+
950
  copy($bps_auto_write_default_file, $bps_root_htaccess_file);
951
  $stringReplace = file_get_contents($bps_root_htaccess_file);
952
  $stringReplace = $bps_default_content_top.$bpsMUSDirTop.$bpsMUSDirBottom;
990
 
991
  // Uninstallation: Conditional Uninstall based on bps_pop_uninstall value: 2 == Complete BPS Plugin Uninstall or 1 == BPS Pro Upgrade Uninstall
992
  function bulletproof_security_uninstall() {
 
993
 
994
+ $POPoptions = get_option('bulletproof_security_options_pop_uninstall');
995
+
996
+ require_once ABSPATH . 'wp-admin/includes/plugin.php';
997
 
998
  if ( $POPoptions['bps_pop_uninstall'] == 2 ) {
999
 
1014
  if ( file_exists($RootHtaccess) ) {
1015
  copy($RootHtaccess, $RootHtaccessBackup);
1016
  }
1017
+
1018
  if ( file_exists($wpadminHtaccess) ) {
1019
  copy($wpadminHtaccess, $wpadminHtaccessBackup);
1020
  }
1021
 
1022
  delete_transient( 'bulletproof-security_info' );
1023
+
1024
  delete_option('bulletproof_security_options');
1025
  delete_option('bulletproof_security_options_customcode');
1026
  delete_option('bulletproof_security_options_customcode_WPA');
1079
  delete_option('bulletproof_security_options_mscan_zip_upload');
1080
  delete_option('bulletproof_security_options_mscan_report');
1081
  delete_option('bulletproof_security_options_zip_filename');
1082
+ delete_option('bulletproof_security_options_mscan_hash_status');
1083
  // will be adding this new upgrade notice option later
1084
  // delete_option('bulletproof_security_options_upgrade_notice');
1085
 
1117
  delete_user_meta($user_id, 'bps_ignore_root_version_check_notice');
1118
  delete_user_meta($user_id, 'bpsPro_ignore_mu_wp_automatic_updates_notice');
1119
  delete_user_meta($user_id, 'bpsPro_hud_owner_uid_check_notice');
1120
+ delete_user_meta($user_id, 'bpsPro_ignore_bpspro_sale_notice');
1121
+ delete_user_meta($user_id, 'bpsPro_hud_new_feature_notice');
1122
 
1123
  unlink($wpadminHtaccess);
1124
 
1150
  delete_option('bulletproof_security_options_rate_free');
1151
 
1152
  delete_user_meta($user_id, 'bps_ignore_autoupdate_notice');
1153
+ delete_user_meta($user_id, 'bpsPro_ignore_bpspro_sale_notice');
1154
 
1155
  $autoupdate_muplugins_file = WP_CONTENT_DIR . '/mu-plugins/bps-plugin-autoupdate.php';
1156
  $bps_mu_tools_muplugins_file = WP_CONTENT_DIR . '/mu-plugins/bps-mu-tools.php';
1583
  return $options;
1584
  }
1585
 
1586
+ // MScan Hash Maker: WP Core, Plugins + Themes used to display in the Hash Maker popup window
1587
+ // and for other conditions
1588
+ function bulletproof_security_options_validate_mscan_hash_status($input) {
1589
+ $options = get_option('bulletproof_security_options_mscan_hash_status');
1590
+ $options['mscan_wp_core_hash_status'] = wp_filter_nohtml_kses($input['mscan_wp_core_hash_status']);
1591
+ $options['mscan_wp_core_hash_count'] = wp_filter_nohtml_kses($input['mscan_wp_core_hash_count']);
1592
+ $options['mscan_plugin_hash_status'] = wp_filter_nohtml_kses($input['mscan_plugin_hash_status']);
1593
+ $options['mscan_plugin_hash_count'] = wp_filter_nohtml_kses($input['mscan_plugin_hash_count']);
1594
+ $options['mscan_theme_hash_status'] = wp_filter_nohtml_kses($input['mscan_theme_hash_status']);
1595
+ $options['mscan_theme_hash_count'] = wp_filter_nohtml_kses($input['mscan_theme_hash_count']);
1596
+
1597
+ return $options;
1598
+ }
1599
+
1600
  // MScan Scan Options: folders to scan, cron schedules, etc.
1601
  function bulletproof_security_options_validate_MScan($input) {
1602
  $options = get_option('bulletproof_security_options_MScan');
admin/includes/uninstall.php CHANGED
@@ -1,10 +1,4 @@
1
  <?php
2
- if ( ! function_exists('add_action') ) {
3
- header('Status: 403 Forbidden');
4
- header('HTTP/1.1 403 Forbidden');
5
- exit();
6
- }
7
-
8
  if ( ! current_user_can('manage_options') ) {
9
  header('Status: 403 Forbidden');
10
  header('HTTP/1.1 403 Forbidden');
@@ -46,8 +40,8 @@ function bpsPro_pop_get_message() {
46
  <p><?php $text = '<strong>'.__('If you are upgrading to BPS Pro, select the BPS Pro Upgrade Uninstall option and click the Save Option button or just click the Close button below and do a normal plugin uninstall.', 'bulletproof-security').'</strong><br><br><strong>'.__('If you want to completely delete the BPS plugin, all files, Custom Code and BPS database settings, select the Complete BPS Plugin Uninstall option and click the Save Option button.', 'bulletproof-security').'</strong>'; echo $text; ?></p>
47
 
48
  <form name="bpsPOPuninstall" action="options.php" method="post">
49
- <?php settings_fields('bulletproof_security_options_pop_uninstall'); ?>
50
- <?php $POPoptions = get_option('bulletproof_security_options_pop_uninstall');
51
  $bps_pop_uninstall = ! isset($POPoptions['bps_pop_uninstall']) ? '' : $POPoptions['bps_pop_uninstall'];
52
  ?>
53
 
1
  <?php
 
 
 
 
 
 
2
  if ( ! current_user_can('manage_options') ) {
3
  header('Status: 403 Forbidden');
4
  header('HTTP/1.1 403 Forbidden');
40
  <p><?php $text = '<strong>'.__('If you are upgrading to BPS Pro, select the BPS Pro Upgrade Uninstall option and click the Save Option button or just click the Close button below and do a normal plugin uninstall.', 'bulletproof-security').'</strong><br><br><strong>'.__('If you want to completely delete the BPS plugin, all files, Custom Code and BPS database settings, select the Complete BPS Plugin Uninstall option and click the Save Option button.', 'bulletproof-security').'</strong>'; echo $text; ?></p>
41
 
42
  <form name="bpsPOPuninstall" action="options.php" method="post">
43
+ <?php settings_fields('bulletproof_security_options_pop_uninstall');
44
+ $POPoptions = get_option('bulletproof_security_options_pop_uninstall');
45
  $bps_pop_uninstall = ! isset($POPoptions['bps_pop_uninstall']) ? '' : $POPoptions['bps_pop_uninstall'];
46
  ?>
47
 
admin/login/login.php CHANGED
@@ -137,7 +137,7 @@ bpsPro_Core_LSM_deny_all();
137
 
138
  <?php
139
  // General all purpose "Settings Saved." message for forms
140
- if ( current_user_can('manage_options') && wp_script_is( 'bps-accordion', $list = 'queue' ) ) {
141
  if ( isset( $_GET['settings-updated'] ) && $_GET['settings-updated'] == true) {
142
  $text = '<p style="font-size:1em;font-weight:bold;padding:2px 0px 2px 5px;margin:0px -11px 0px -11px;background-color:#dfecf2;-webkit-box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);""><font color="green"><strong>'.__('Settings Saved', 'bulletproof-security').'</strong></font></p>';
143
  echo $text;
@@ -154,15 +154,8 @@ $bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );
154
  $bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
155
  $bps_bottomDiv = '</p></div>';
156
 
157
- if ( ! current_user_can('manage_options') ) {
158
- _e('Permission Denied', 'bulletproof-security');
159
-
160
- } else {
161
-
162
  require_once WP_PLUGIN_DIR . '/bulletproof-security/admin/login/lsm-export.php';
163
  require_once WP_PLUGIN_DIR . '/bulletproof-security/admin/login/lsm-help-text.php';
164
- }
165
-
166
  ?>
167
  </div>
168
 
@@ -216,7 +209,7 @@ if ( ! current_user_can('manage_options') ) {
216
  </p>
217
  </div>
218
 
219
- <?php if ( ! current_user_can('manage_options') ) { _e('Permission Denied', 'bulletproof-security'); } else {
220
 
221
  // Standard Static visible Login Security form proccessing - Lock, Unlock or Delete user login status from DB
222
  if ( isset($_POST['Submit-Login-Security-Radio'] ) && current_user_can('manage_options') ) {
@@ -416,46 +409,49 @@ if ( isset($_POST['Submit-Login-Search-Radio'] ) && current_user_can('manage_opt
416
  <div id="LoginSecurityOptions" style="width:100%;">
417
 
418
  <form name="LoginSecurityOptions" action="options.php" method="post">
419
- <?php settings_fields('bulletproof_security_options_login_security'); ?>
420
- <?php $BPSoptions = get_option('bulletproof_security_options_login_security');
421
- $bps_max_logins = ! isset($BPSoptions['bps_max_logins']) ? '' : $BPSoptions['bps_max_logins'];
422
- $bps_lockout_duration = ! isset($BPSoptions['bps_lockout_duration']) ? '' : $BPSoptions['bps_lockout_duration'];
423
- $bps_manual_lockout_duration = ! isset($BPSoptions['bps_manual_lockout_duration']) ? '' : $BPSoptions['bps_manual_lockout_duration'];
424
- $bps_max_db_rows_display = ! isset($BPSoptions['bps_max_db_rows_display']) ? '' : $BPSoptions['bps_max_db_rows_display'];
425
- //$bps_enable_lsm_woocommerce = ! isset($BPSoptions['bps_enable_lsm_woocommerce']) ? '' : checked( $BPSoptions['bps_enable_lsm_woocommerce'], 1 );
426
- $bps_login_security_OnOff = ! isset($BPSoptions['bps_login_security_OnOff']) ? '' : $BPSoptions['bps_login_security_OnOff'];
427
- $bps_login_security_logging = ! isset($BPSoptions['bps_login_security_logging']) ? '' : $BPSoptions['bps_login_security_logging'];
428
- $bps_login_security_errors = ! isset($BPSoptions['bps_login_security_errors']) ? '' : $BPSoptions['bps_login_security_errors'];
429
- $bps_login_security_remaining = ! isset($BPSoptions['bps_login_security_remaining']) ? '' : $BPSoptions['bps_login_security_remaining'];
430
- $bps_login_security_pw_reset = ! isset($BPSoptions['bps_login_security_pw_reset']) ? '' : $BPSoptions['bps_login_security_pw_reset'];
431
- $bps_login_security_sort = ! isset($BPSoptions['bps_login_security_sort']) ? '' : $BPSoptions['bps_login_security_sort'];
432
  ?>
433
 
434
  <table border="0">
435
  <tr>
436
  <td><label for="LSLog"><?php _e('Max Login Attempts:', 'bulletproof-security'); ?></label></td>
437
- <td><input type="text" name="bulletproof_security_options_login_security[bps_max_logins]" class="regular-text-50-fixed" value="<?php if ( $bps_max_logins != '' ) { echo esc_html( $bps_max_logins ); } else { echo esc_html('3'); } ?>" /></td>
 
 
438
  <td>&nbsp;</td>
439
  </tr>
440
  <tr>
441
  <td><label for="LSLog"><?php _e('Automatic Lockout Time:', 'bulletproof-security'); ?></label></td>
442
- <td><input type="text" name="bulletproof_security_options_login_security[bps_lockout_duration]" class="regular-text-50-fixed" value="<?php if ( $bps_lockout_duration != '' ) { echo esc_html( $bps_lockout_duration ); } else { echo esc_html('15'); } ?>" /></td>
 
443
  <td><label for="LSLog" style="margin:0px 0px 0px 5px;"><strong><?php _e('Minutes', 'bulletproof-security'); ?></strong></label></td>
444
  </tr>
445
  <tr>
446
  <td><label for="LSLog"><?php _e('Manual Lockout Time:', 'bulletproof-security'); ?></label></td>
447
- <td><input type="text" name="bulletproof_security_options_login_security[bps_manual_lockout_duration]" class="regular-text-50-fixed" value="<?php if ( $bps_manual_lockout_duration != '' ) { echo esc_html( $bps_manual_lockout_duration ); } else { echo esc_html('60'); } ?>" /></td>
448
  <td><label for="LSLog" style="margin:0px 0px 0px 5px;"><strong><?php _e('Minutes', 'bulletproof-security'); ?></strong></label></td>
449
  </tr>
450
  <tr>
451
  <td><label for="LSLog"><?php _e('Max DB Rows To Show:', 'bulletproof-security'); ?></label></td>
452
- <td><input type="text" name="bulletproof_security_options_login_security[bps_max_db_rows_display]" class="regular-text-50-fixed" value="<?php if ( $bps_max_db_rows_display != '' ) { echo esc_html( $bps_max_db_rows_display ); } else { echo esc_html(''); } ?>" /></td>
453
  <td><label for="LSLog" style="margin:0px 0px 0px 5px;"><strong><?php _e('Blank = Show All Rows', 'bulletproof-security'); ?></strong></label></td>
454
  </tr>
455
  </table>
456
 
457
  <div id="LSM-woocommerce" style="margin:10px 0px 10px 0px">
458
- <input type="checkbox" name="bulletproof_security_options_login_security[bps_enable_lsm_woocommerce]" value="" <?php if ( empty( $BPSoptions['bps_enable_lsm_woocommerce'] ) ) { echo ''; } else { checked( $BPSoptions['bps_enable_lsm_woocommerce'], 1 ); } ?> /><label><?php _e(' Enable Login Security for WooCommerce (BPS Pro Only)', 'bulletproof-security'); ?></label>
459
  </div>
460
 
461
  <table border="0">
@@ -526,8 +522,10 @@ if ( isset($_POST['Submit-Login-Search-Radio'] ) && current_user_can('manage_opt
526
 
527
  <div id="LoginSecuritySearch">
528
  <form name="LoginSecuritySearchForm" action="<?php echo admin_url( 'admin.php?page=bulletproof-security/admin/login/login.php#LSM-DB-Table' ); ?>" method="post">
529
- <?php wp_nonce_field('bulletproof_security_login_security_search'); ?>
530
- <input type="text" name="LSSearch" class="LSSearch-text" style="width:170px" value="" />
 
 
531
  <input type="submit" name="Submit-Login-Security-search" class="button bps-button" value="<?php esc_attr_e('Search', 'bulletproof-security') ?>" />
532
  </form>
533
  </div>
@@ -596,31 +594,31 @@ if ( isset( $_POST['Submit-Login-Security-search'] ) && current_user_can('manage
596
  $gmt_offset = get_option( 'gmt_offset' ) * 3600;
597
 
598
  if ( $row->status == 'Locked' ) {
599
- echo '<th scope="row" style="border-bottom:none;color:red;font-weight:bold;">'.$row->status.'</th>';
600
  } else {
601
- echo '<th scope="row" style="border-bottom:none;">'.$row->status.'</th>';
602
  }
603
 
604
  echo "<td><input type=\"checkbox\" id=\"lockuser\" name=\"LSradio[$row->user_id]\" value=\"lockuser\" class=\"lockuserALL\" /><br><span style=\"font-size:10px;\">".__('Lock', 'bulletproof-security')."</span></td>";
605
  echo "<td><input type=\"checkbox\" id=\"unlockuser\" name=\"LSradio[$row->user_id]\" value=\"unlockuser\" class=\"unlockuserALL\" /><br><span style=\"font-size:10px;\">".__('Unlock', 'bulletproof-security')."</span></td>";
606
  echo "<td><input type=\"checkbox\" id=\"deleteuser\" name=\"LSradio[$row->user_id]\" value=\"deleteuser\" class=\"deleteuserALL\" /><br><span style=\"font-size:10px;\">".__('Delete', 'bulletproof-security')."</span></td>";
607
 
608
- echo '<td>'.$row->user_id.'</td>';
609
- echo '<td>'.$row->username.'</td>';
610
- echo '<td>'.$row->public_name.'</td>';
611
- echo '<td>'.$row->email.'</td>';
612
- echo '<td>'.$row->role.'</td>';
613
- echo '<td>'.date_i18n(get_option('date_format').' '.get_option('time_format'), $row->login_time + $gmt_offset).'</td>';
614
 
615
  if ( $row->lockout_time == 0 ) {
616
  echo '<td>'.__('NA', 'bulletproof-security').'</td>';
617
  } else {
618
- echo '<td>'.date_i18n(get_option('date_format').' '.get_option('time_format'), $row->lockout_time + $gmt_offset).'</td>';
619
  }
620
 
621
- echo '<td>'.$row->ip_address.'</td>';
622
- echo '<td>'.$row->hostname.'</td>';
623
- echo '<td>'.$row->request_uri.'</td>';
624
  echo '</tr>';
625
  }
626
  }
@@ -643,7 +641,7 @@ if ( isset( $_POST['Submit-Login-Security-search'] ) && current_user_can('manage
643
  echo '</table>';
644
  echo '</div>';
645
 
646
- echo "<input type=\"submit\" name=\"Submit-Login-Search-Radio\" value=\"".__('Submit', 'bulletproof-security')."\" class=\"button bps-button\" onclick=\"return confirm('".__('Locking and Unlocking a User is reversible, but Deleting a User is not.\n\n-------------------------------------------------------------\n\nWhen you delete a User you are deleting that User database row from the BPS Login Security Database Table and not from the WordPress User Database Table.\n\n-------------------------------------------------------------\n\nTo delete a User Account from your WordPress website use the standard/normal WordPress Users page.\n\n-------------------------------------------------------------\n\nClick OK to proceed or click Cancel', 'bulletproof-security')."')\" />&nbsp;&nbsp;<input type=\"button\" name=\"cancel\" value=\"".__('Clear|Refresh', 'bulletproof-security')."\" class=\"button bps-button\" onclick=\"javascript:history.go(0)\" /></form><br>";
647
 
648
  } else { // if the LSM Search form is not submitted then display the static LSM form
649
 
@@ -697,31 +695,31 @@ if ( isset( $_POST['Submit-Login-Security-search'] ) && current_user_can('manage
697
  $gmt_offset = get_option( 'gmt_offset' ) * 3600;
698
 
699
  if ( $row->status == 'Locked' ) {
700
- echo '<th scope="row" style="border-bottom:none;color:red;font-weight:bold;">'.$row->status.'</th>';
701
  } else {
702
- echo '<th scope="row" style="border-bottom:none;">'.$row->status.'</th>';
703
  }
704
 
705
  echo "<td><input type=\"checkbox\" id=\"lockuser\" name=\"LSradio[$row->user_id]\" value=\"lockuser\" class=\"lockuserALL\" /><br><span style=\"font-size:10px;\">".__('Lock', 'bulletproof-security')."</span></td>";
706
  echo "<td><input type=\"checkbox\" id=\"unlockuser\" name=\"LSradio[$row->user_id]\" value=\"unlockuser\" class=\"unlockuserALL\" /><br><span style=\"font-size:10px;\">".__('Unlock', 'bulletproof-security')."</span></td>";
707
  echo "<td><input type=\"checkbox\" id=\"deleteuser\" name=\"LSradio[$row->user_id]\" value=\"deleteuser\" class=\"deleteuserALL\" /><br><span style=\"font-size:10px;\">".__('Delete', 'bulletproof-security')."</span></td>";
708
 
709
- echo '<td>'.$row->user_id.'</td>';
710
- echo '<td>'.$row->username.'</td>';
711
- echo '<td>'.$row->public_name.'</td>';
712
- echo '<td>'.$row->email.'</td>';
713
- echo '<td>'.$row->role.'</td>';
714
- echo '<td>'.date_i18n(get_option('date_format').' '.get_option('time_format'), $row->login_time + $gmt_offset).'</td>';
715
 
716
  if ( $row->lockout_time == 0 ) {
717
  echo '<td>'.__('NA', 'bulletproof-security').'</td>';
718
  } else {
719
- echo '<td>'.date_i18n(get_option('date_format').' '.get_option('time_format'), $row->lockout_time + $gmt_offset).'</td>';
720
  }
721
 
722
- echo '<td>'.$row->ip_address.'</td>';
723
- echo '<td>'.$row->hostname.'</td>';
724
- echo '<td>'.$row->request_uri.'</td>';
725
  echo '</tr>';
726
  }
727
  }
@@ -744,7 +742,7 @@ if ( isset( $_POST['Submit-Login-Security-search'] ) && current_user_can('manage
744
  echo '</table>';
745
  echo '</div>';
746
 
747
- echo "<input type=\"submit\" name=\"Submit-Login-Security-Radio\" value=\"".__('Submit', 'bulletproof-security')."\" class=\"button bps-button\" onclick=\"return confirm('".__('Locking and Unlocking a User is reversible, but Deleting a User is not.\n\n-------------------------------------------------------------\n\nWhen you delete a User you are deleting that User database row from the BPS Login Security Database Table and not from the WordPress User Database Table.\n\n-------------------------------------------------------------\n\nTo delete a User Account from your WordPress website use the standard/normal WordPress Users page.\n\n-------------------------------------------------------------\n\nClick OK to proceed or click Cancel', 'bulletproof-security')."')\" />&nbsp;&nbsp;<input type=\"button\" name=\"cancel\" value=\"".__('Clear|Refresh', 'bulletproof-security')."\" class=\"button bps-button\" onclick=\"javascript:history.go(0)\" /></form><br>";
748
  }
749
  ?>
750
  <br />
@@ -791,9 +789,6 @@ jQuery(document).ready(function($){
791
  /* ]]> */
792
  </script>
793
 
794
- <?php
795
- } // end if current_user_can('manage_options') - forms are not displayed to non-administrators
796
- ?>
797
  </td>
798
  </tr>
799
  </table>
@@ -873,36 +868,39 @@ if ( isset( $_POST['Submit-Security-Log-Options-JTC'] ) && current_user_can('man
873
  $pos4 = strpos( $_POST['bps_jtc_comment_form_input'], 'eyJjaXBoZXJ0ZXh0Ijoi' );
874
 
875
  if ( $pos1 === false ) {
876
- $bps_jtc_custom_form_error = stripslashes($_POST['bps_jtc_custom_form_error']);
877
  } else {
878
  $bps_jtc_custom_form_error = $Encryption->decrypt($_POST['bps_jtc_custom_form_error'], $nonceValue);
879
  }
880
 
881
  if ( $pos2 === false ) {
882
- $bps_jtc_comment_form_error = stripslashes($_POST['bps_jtc_comment_form_error']);
883
  } else {
884
  $bps_jtc_comment_form_error = $Encryption->decrypt($_POST['bps_jtc_comment_form_error'], $nonceValue);
885
  }
886
 
887
  if ( $pos3 === false ) {
888
- $bps_jtc_comment_form_label = esc_html($_POST['bps_jtc_comment_form_label']);
889
  } else {
890
  $bps_jtc_comment_form_label = $Encryption->decrypt($_POST['bps_jtc_comment_form_label'], $nonceValue);
891
  }
892
 
893
  if ( $pos4 === false ) {
894
- $bps_jtc_comment_form_input = esc_html($_POST['bps_jtc_comment_form_input']);
895
  } else {
896
  $bps_jtc_comment_form_input = $Encryption->decrypt($_POST['bps_jtc_comment_form_input'], $nonceValue);
897
  }
898
  }
899
 
900
  $bps_jtc_login_form = ! empty($_POST['bps_jtc_login_form']) ? '1' : '';
 
 
 
901
 
902
  $JTC_Options = array(
903
- 'bps_tooltip_captcha_key' => esc_html($_POST['bps_tooltip_captcha_key']),
904
- 'bps_tooltip_captcha_hover_text' => esc_html($_POST['bps_tooltip_captcha_hover_text']),
905
- 'bps_tooltip_captcha_title' => esc_html($_POST['bps_tooltip_captcha_title']),
906
  'bps_tooltip_captcha_logging' => 'Off',
907
  'bps_jtc_login_form' => $bps_jtc_login_form,
908
  'bps_jtc_register_form' => '',
@@ -932,40 +930,33 @@ if ( isset( $_POST['Submit-Security-Log-Options-JTC'] ) && current_user_can('man
932
  echo '<strong><font color="green">'.__('JTC-Lite Settings Saved.', 'bulletproof-security').'</font></strong><br>';
933
  echo $bps_bottomDiv;
934
  }
935
-
936
- if ( ! current_user_can('manage_options') ) { _e('Permission Denied', 'bulletproof-security'); } else {
937
-
938
  ?>
939
 
940
  <div id="LoginSecurityJTC" style="position:relative;top:0px;left:0px;margin:0px 0px 0px 0px;">
941
 
942
  <form name="LoginSecurityJTC" action="<?php echo admin_url( 'admin.php?page=bulletproof-security/admin/login/login.php#bps-tabs-2' ); ?>" method="post">
943
- <?php wp_nonce_field('bps_login_security_jtc'); ?>
944
- <?php $BPSoptionsJTC = get_option('bulletproof_security_options_login_security_jtc');
945
- $bps_tooltip_captcha_key = ! isset($BPSoptionsJTC['bps_tooltip_captcha_key']) ? '' : $BPSoptionsJTC['bps_tooltip_captcha_key'];
946
- $bps_tooltip_captcha_hover_text = ! isset($BPSoptionsJTC['bps_tooltip_captcha_hover_text']) ? '' : $BPSoptionsJTC['bps_tooltip_captcha_hover_text'];
947
- $bps_tooltip_captcha_title = ! isset($BPSoptionsJTC['bps_tooltip_captcha_title']) ? '' : $BPSoptionsJTC['bps_tooltip_captcha_title'];
948
- $bps_tooltip_captcha_logging = ! isset($BPSoptionsJTC['bps_tooltip_captcha_logging']) ? '' : $BPSoptionsJTC['bps_tooltip_captcha_logging'];
949
- $bps_jtc_custom_form_error = ! isset($BPSoptionsJTC['bps_jtc_custom_form_error']) ? '' : $BPSoptionsJTC['bps_jtc_custom_form_error'];
950
- $bps_jtc_comment_form_error = ! isset($BPSoptionsJTC['bps_jtc_comment_form_error']) ? '' : $BPSoptionsJTC['bps_jtc_comment_form_error'];
951
- $bps_jtc_comment_form_label = ! isset($BPSoptionsJTC['bps_jtc_comment_form_label']) ? '' : $BPSoptionsJTC['bps_jtc_comment_form_label'];
952
- $bps_jtc_comment_form_input = ! isset($BPSoptionsJTC['bps_jtc_comment_form_input']) ? '' : $BPSoptionsJTC['bps_jtc_comment_form_input'];
953
  ?>
954
 
955
  <table border="0">
956
  <tr>
957
  <td><label for="LSLog"><?php _e('JTC CAPTCHA:', 'bulletproof-security'); ?></label></td>
958
- <td><input type="text" name="bps_tooltip_captcha_key" class="regular-text-250" value="<?php if ( $bps_tooltip_captcha_key != '' ) { echo $bps_tooltip_captcha_key; } else { echo ''; } ?>" /></td>
959
  <td><label for="LSLog" style="margin:0px 0px 0px 5px;font-style:italic;font-weight:normal;"><?php _e('jtc', 'bulletproof-security'); ?></label></td>
960
  </tr>
961
  <tr>
962
  <td><label for="LSLog"><?php _e('JTC ToolTip:', 'bulletproof-security'); ?></label></td>
963
- <td><input type="text" name="bps_tooltip_captcha_hover_text" class="regular-text-250" value="<?php if ( $bps_tooltip_captcha_hover_text != '' ) { echo $bps_tooltip_captcha_hover_text; } else { echo 'Type/Enter: '; } ?>" /></td>
964
  <td><label for="LSLog" style="margin:0px 0px 0px 5px;font-style:italic;font-weight:normal;"><?php _e('Type/Enter: jtc. Enter a blank space for no text (Spacebar Key)', 'bulletproof-security'); ?></label></td>
965
  </tr>
966
  <tr>
967
  <td><label for="LSLog"><?php _e('JTC Title|Text:', 'bulletproof-security'); ?></label></td>
968
- <td><input type="text" name="bps_tooltip_captcha_title" class="regular-text-250" value="<?php if ( $bps_tooltip_captcha_title != '' ) { echo $bps_tooltip_captcha_title; } else { echo 'Hover or click the text box below'; } ?>" /></td>
969
  <td><label for="LSLog" style="margin:0px 0px 0px 5px;font-style:italic;font-weight:normal;"><?php _e('Enter a blank space for no text (Spacebar Key)', 'bulletproof-security'); ?></label></td>
970
  </tr>
971
 
@@ -985,29 +976,45 @@ if ( ! current_user_can('manage_options') ) { _e('Permission Denied', 'bulletpro
985
  <!-- Important: </table> needs to come after the closing php tag above for Network subsites -->
986
  </table>
987
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
988
  <div id="JTC-woocommerce" style="margin:10px 0px 10px 0px">
989
- <input type="checkbox" name="bps_enable_jtc_woocommerce" value="1" <?php if ( empty( $BPSoptionsJTC['bps_enable_jtc_woocommerce'] ) ) { echo ''; } else { checked( $BPSoptionsJTC['bps_enable_jtc_woocommerce'], 1 ); } ?> /><label><?php _e(' Enable JTC for WooCommerce (BPS Pro Only)', 'bulletproof-security'); ?></label>
990
  </div>
991
 
992
  <label><strong><?php _e('Enable|Disable JTC For These Forms: ', 'bulletproof-security'); ?></strong></label><br />
993
  <label><i><?php _e('Check to Enable. Uncheck to Disable.', 'bulletproof-security'); ?></i></label><br />
994
- <input type="checkbox" name="bps_jtc_login_form" value="1" <?php if ( empty( $BPSoptionsJTC['bps_jtc_login_form'] ) ) { echo ''; } else { checked( $BPSoptionsJTC['bps_jtc_login_form'], 1 ); } ?> /><label><?php _e(' Login Form', 'bulletproof-security'); ?></label><br />
995
- <input type="checkbox" name="bps_jtc_register_form" value="1" <?php if ( empty( $BPSoptionsJTC['bps_jtc_register_form'] ) ) { echo ''; } else { checked( $BPSoptionsJTC['bps_jtc_register_form'], 1 ); } ?> /><label><?php _e(' Register Form (BPS Pro Only)', 'bulletproof-security'); ?></label><br />
996
- <input type="checkbox" name="bps_jtc_lostpassword_form" value="1" <?php if ( empty( $BPSoptionsJTC['bps_jtc_lostpassword_form'] ) ) { echo ''; } else { checked( $BPSoptionsJTC['bps_jtc_lostpassword_form'], 1 ); } ?> /><label><?php _e(' Lost Password Form (BPS Pro Only)', 'bulletproof-security'); ?></label><br />
997
- <input type="checkbox" name="bps_jtc_comment_form" value="1" <?php if ( empty( $BPSoptionsJTC['bps_jtc_comment_form'] ) ) { echo ''; } else { checked( $BPSoptionsJTC['bps_jtc_comment_form'], 1 ); } ?> /><label><?php _e(' Comment Form (BPS Pro Only)', 'bulletproof-security'); ?></label><br />
998
- <input type="checkbox" name="bps_jtc_mu_register_form" value="1" <?php if ( empty( $BPSoptionsJTC['bps_jtc_mu_register_form'] ) ) { echo ''; } else { checked( $BPSoptionsJTC['bps_jtc_mu_register_form'], 1 ); } ?> /><label><?php _e(' Multisite Register Form (BPS Pro Only)', 'bulletproof-security'); ?></label><br />
999
- <input type="checkbox" name="bps_jtc_buddypress_register_form" value="1" <?php if ( empty( $BPSoptionsJTC['bps_jtc_buddypress_register_form'] ) ) { echo ''; } else { checked( $BPSoptionsJTC['bps_jtc_buddypress_register_form'], 1 ); } ?> /><label><?php _e(' BuddyPress Register Form (BPS Pro Only)', 'bulletproof-security'); ?></label><br />
1000
- <input type="checkbox" name="bps_jtc_buddypress_sidebar_form" value="1" <?php if ( empty( $BPSoptionsJTC['bps_jtc_buddypress_sidebar_form'] ) ) { echo ''; } else { checked( $BPSoptionsJTC['bps_jtc_buddypress_sidebar_form'], 1 ); } ?> /><label><?php _e(' BuddyPress Sidebar Login Form (BPS Pro Only)', 'bulletproof-security'); ?></label><br /><br />
1001
 
1002
  <label><strong><?php _e('Comment Form: (BPS Pro Only)', 'bulletproof-security'); ?></strong></label><br />
1003
  <label><strong><?php _e('Enable|Disable JTC For These Registered/Logged In User Roles (BPS Pro Only): ', 'bulletproof-security'); ?></strong></label><br />
1004
  <label><i><?php _e('Check to Enable. Uncheck to Disable.', 'bulletproof-security'); ?></i></label><br />
1005
  <div id="Roles-scroller">
1006
- <input type="checkbox" name="bps_jtc_administrator" value="1" <?php if ( empty( $BPSoptionsJTC['bps_jtc_administrator'] ) ) { echo ''; } else { checked( $BPSoptionsJTC['bps_jtc_administrator'], 1 ); } ?> /><label><?php _e(' Administrator', 'bulletproof-security'); ?></label><br />
1007
- <input type="checkbox" name="bps_jtc_editor" value="1" <?php if ( empty( $BPSoptionsJTC['bps_jtc_editor'] ) ) { echo ''; } else { checked( $BPSoptionsJTC['bps_jtc_editor'], 1 ); } ?> /><label><?php _e(' Editor', 'bulletproof-security'); ?></label><br />
1008
- <input type="checkbox" name="bps_jtc_author" value="1" <?php if ( empty( $BPSoptionsJTC['bps_jtc_author'] ) ) { echo ''; } else { checked( $BPSoptionsJTC['bps_jtc_author'], 1 ); } ?> /><label><?php _e(' Author', 'bulletproof-security'); ?></label><br />
1009
- <input type="checkbox" name="bps_jtc_contributor" value="1" <?php if ( empty( $BPSoptionsJTC['bps_jtc_contributor'] ) ) { echo ''; } else { checked( $BPSoptionsJTC['bps_jtc_contributor'], 1 ); } ?> /><label><?php _e(' Contributor', 'bulletproof-security'); ?></label><br />
1010
- <input type="checkbox" name="bps_jtc_subscriber" value="1" <?php if ( empty( $BPSoptionsJTC['bps_jtc_subscriber'] ) ) { echo ''; } else { checked( $BPSoptionsJTC['bps_jtc_subscriber'], 1 ); } ?> /><label><?php _e(' Subscriber', 'bulletproof-security'); ?></label><br />
1011
 
1012
  <?php
1013
 
@@ -1015,28 +1022,35 @@ if ( ! current_user_can('manage_options') ) { _e('Permission Denied', 'bulletpro
1015
 
1016
  if ( $role_name != 'administrator' && $role_name != 'editor' && $role_name != 'author' && $role_name != 'contributor' && $role_name != 'subscriber' ) {
1017
 
 
 
1018
  echo "<input type=\"checkbox\" name=\"bps_jtc_custom_roles[$role_name]\" value=\"1\"";
1019
- if ( ! empty($BPSoptionsJTC['bps_jtc_custom_roles'][$role_name]) ) {
1020
- checked( $BPSoptionsJTC['bps_jtc_custom_roles'][$role_name], 1 );
1021
- }
1022
- echo " /><label> ". $role_info['name'] ."</label>".'<br>';
1023
  }
1024
  }
1025
  ?>
1026
  </div>
1027
-
1028
- <br />
 
 
 
 
 
 
 
1029
  <label for="LSLog"><?php _e('Login Form: CAPTCHA Error message', 'bulletproof-security'); ?></label><br />
1030
- <input type="text" id="crypt29" name="bps_jtc_custom_form_error" class="regular-text-short-fixed" style="width:75%;" value="<?php if ($bps_jtc_custom_form_error != '') { echo $bps_jtc_custom_form_error; } else { echo '<strong>ERROR</strong>: Incorrect CAPTCHA Entered.'; } ?>" /><br /><br />
1031
 
1032
  <label for="LSLog"><?php _e('Comment Form: CAPTCHA Error message (BPS Pro Only)', 'bulletproof-security'); ?></label><br />
1033
- <input type="text" id="crypt30" name="bps_jtc_comment_form_error" class="regular-text-short-fixed" style="width:75%;" value="<?php if ($bps_jtc_comment_form_error != '') { echo $bps_jtc_comment_form_error; } else { echo '<strong>ERROR</strong>: Incorrect JTC CAPTCHA Entered. Click your Browser back button and re-enter the JTC CAPTCHA.'; } ?>" /><br /><br />
1034
 
1035
  <label><strong><?php _e('Comment Form: CSS Styling (BPS Pro Only)', 'bulletproof-security'); ?></strong></label><br />
1036
  <label><?php _e('Comment Form Label (BPS Pro Only): <i>The JTC Title|Text above the Form Input text box</i>', 'bulletproof-security'); ?></label><br />
1037
- <input type="text" id="crypt31" name="bps_jtc_comment_form_label" class="regular-text-short-fixed" style="width:75%;" value="<?php if ($bps_jtc_comment_form_label != '') { echo $bps_jtc_comment_form_label; } else { echo 'position:relative;top:0px;left:0px;padding:0px 0px 0px 0px;margin:0px 0px 0px 0px;'; } ?>" /><br />
1038
  <label><?php _e('Comment Form Input Text Box (BPS Pro Only): <i>The JTC CAPTCHA Form Input text box</i>', 'bulletproof-security'); ?></label><br />
1039
- <input type="text" id="crypt32" name="bps_jtc_comment_form_input" class="regular-text-short-fixed" style="width:75%;" value="<?php if ($bps_jtc_comment_form_input != '') { echo $bps_jtc_comment_form_input; } else { echo 'position:relative;top:0px;left:0px;padding:0px 0px 0px 0px;margin:0px 0px 0px 0px;'; } ?>" /><br /><br />
1040
 
1041
  <?php echo '<div id="jtc-tooltip" style="margin:0px 0px 10px 0px;max-width:640px"><label for="bps-mscan-label" style="">'.__('If you see an error or are unable to save your JTC option settings then click the Encrypt JTC Code button first and then click the Save Options button. Mouse over the question mark image to the right for help info.', 'bulletproof-security').'</label><strong><font color="black"><span class="tooltip-350-225"><img src="'.plugins_url('/bulletproof-security/admin/images/question-mark.png').'" style="position:relative;top:3px;left:5px;" /><span>'.__('If your web host currently has ModSecurity installed or installs ModSecurity at a later time then ModSecurity will prevent you from saving your JTC options settings and CSS code unless you encrypt it first by clicking the Encrypt JTC Code button.', 'bulletproof-security').'<br><br>'.__('If you click the Encrypt JTC Code button and then want to edit your CSS code again click the Decrypt JTC Code button. After you are done editing click the Encrypt JTC Code button before clicking the Save Options button.', 'bulletproof-security').'<br><br>'.__('Click the JTC Anti-Spam|Anti-Hacker Question Mark help button for more help info.', 'bulletproof-security').'</span></span></font></strong></div>'; ?>
1042
 
@@ -1137,8 +1151,6 @@ function bpsJTCDecrypt() {
1137
  /* ]]> */
1138
  </script>
1139
 
1140
- <?php } ?>
1141
-
1142
  </td>
1143
  </tr>
1144
  </table>
@@ -1189,7 +1201,7 @@ function bpsJTCDecrypt() {
1189
  </div>
1190
 
1191
  <?php
1192
- if ( ! current_user_can('manage_options') ) { _e('Permission Denied', 'bulletproof-security'); } else {
1193
  $scrolltoISLMessage = isset($_REQUEST['scrolltoISLMessage']) ? (int) $_REQUEST['scrolltoISLMessage'] : 0;
1194
 
1195
  // ISL Form processing
@@ -1226,25 +1238,25 @@ if ( isset( $_POST['Submit-ISL-Options'] ) && current_user_can('manage_options')
1226
  $pos4 = strpos( $_POST['bps_isl_custom_css_4'], 'eyJjaXBoZXJ0ZXh0Ijoi' );
1227
 
1228
  if ( $pos1 === false ) {
1229
- $bps_isl_custom_css_1 = esc_html($_POST['bps_isl_custom_css_1']);
1230
  } else {
1231
  $bps_isl_custom_css_1 = $Encryption->decrypt($_POST['bps_isl_custom_css_1'], $nonceValue);
1232
  }
1233
 
1234
  if ( $pos2 === false ) {
1235
- $bps_isl_custom_css_2 = esc_html($_POST['bps_isl_custom_css_2']);
1236
  } else {
1237
  $bps_isl_custom_css_2 = $Encryption->decrypt($_POST['bps_isl_custom_css_2'], $nonceValue);
1238
  }
1239
 
1240
  if ( $pos3 === false ) {
1241
- $bps_isl_custom_css_3 = esc_html($_POST['bps_isl_custom_css_3']);
1242
  } else {
1243
  $bps_isl_custom_css_3 = $Encryption->decrypt($_POST['bps_isl_custom_css_3'], $nonceValue);
1244
  }
1245
 
1246
  if ( $pos4 === false ) {
1247
- $bps_isl_custom_css_4 = esc_html($_POST['bps_isl_custom_css_4']);
1248
  } else {
1249
  $bps_isl_custom_css_4 = $Encryption->decrypt($_POST['bps_isl_custom_css_4'], $nonceValue);
1250
  }
@@ -1256,25 +1268,32 @@ if ( isset( $_POST['Submit-ISL-Options'] ) && current_user_can('manage_options')
1256
  $bps_isl_contributor = ! empty($_POST['bps_isl_contributor']) ? '1' : '';
1257
  $bps_isl_subscriber = ! empty($_POST['bps_isl_subscriber']) ? '1' : '';
1258
  $bps_isl_tinymce = ! empty($_POST['bps_isl_tinymce']) ? '1' : '';
 
 
 
 
 
 
 
1259
 
1260
  $ISL_Options = array(
1261
  'bps_isl' => $_POST['bps_isl'],
1262
- 'bps_isl_timeout' => esc_html($_POST['bps_isl_timeout']),
1263
- 'bps_isl_logout_url' => esc_html($_POST['bps_isl_logout_url']),
1264
- 'bps_isl_login_url' => esc_html($_POST['bps_isl_login_url']),
1265
- 'bps_isl_custom_message' => esc_html($_POST['bps_isl_custom_message']),
1266
  'bps_isl_custom_css_1' => $bps_isl_custom_css_1,
1267
  'bps_isl_custom_css_2' => $bps_isl_custom_css_2,
1268
  'bps_isl_custom_css_3' => $bps_isl_custom_css_3,
1269
  'bps_isl_custom_css_4' => $bps_isl_custom_css_4,
1270
- 'bps_isl_user_account_exceptions' => esc_html($_POST['bps_isl_user_account_exceptions']),
1271
  'bps_isl_administrator' => $bps_isl_administrator,
1272
  'bps_isl_editor' => $bps_isl_editor,
1273
  'bps_isl_author' => $bps_isl_author,
1274
  'bps_isl_contributor' => $bps_isl_contributor,
1275
  'bps_isl_subscriber' => $bps_isl_subscriber,
1276
  'bps_isl_tinymce' => $bps_isl_tinymce,
1277
- 'bps_isl_uri_exclusions' => esc_html($_POST['bps_isl_uri_exclusions']),
1278
  'bps_isl_custom_roles' => $Custom_Roles_array
1279
  );
1280
 
@@ -1299,21 +1318,28 @@ if ( isset( $_POST['Submit-ISL-Options'] ) && current_user_can('manage_options')
1299
  <div id="Idle-Session-Logout">
1300
 
1301
  <form name="IdleSessionLogout" action="<?php echo admin_url( 'admin.php?page=bulletproof-security/admin/login/login.php#bps-tabs-3' ); ?>" method="post">
1302
- <?php wp_nonce_field('bps_isl_logout'); ?>
1303
- <?php $BPS_ISL_options = get_option('bulletproof_security_options_idle_session');
1304
- $ISL_on_off = ! isset($BPS_ISL_options['bps_isl']) ? '' : $BPS_ISL_options['bps_isl'];
1305
- $ISL_timeout = isset($BPS_ISL_options['bps_isl_timeout']) ? preg_replace('/\D/', "", esc_html($BPS_ISL_options['bps_isl_timeout'])) : esc_html('60');
1306
- $ISL_logout_url = isset($BPS_ISL_options['bps_isl_logout_url']) ? esc_url($BPS_ISL_options['bps_isl_logout_url']) : esc_url(plugins_url('/bulletproof-security/isl-logout.php'));
1307
- $ISL_login_url = isset($BPS_ISL_options['bps_isl_login_url']) ? esc_url($BPS_ISL_options['bps_isl_login_url']) : esc_url(site_url('/wp-login.php'));
1308
- $ISL_exclusions = isset($BPS_ISL_options['bps_isl_uri_exclusions']) ? esc_html($BPS_ISL_options['bps_isl_uri_exclusions']) : esc_html('');
1309
- $ISL_message = isset($BPS_ISL_options['bps_isl_custom_message']) ? esc_html($BPS_ISL_options['bps_isl_custom_message']) : esc_html('');
1310
- $ISL_css_1 = isset($BPS_ISL_options['bps_isl_custom_css_1']) ? esc_html($BPS_ISL_options['bps_isl_custom_css_1']) : esc_html('background-color:#fff;line-height:normal;');
1311
- $ISL_css_2 = isset($BPS_ISL_options['bps_isl_custom_css_2']) ? esc_html($BPS_ISL_options['bps_isl_custom_css_2']) : esc_html('position:fixed;top:20%;left:0%;text-align:center;height:100%;width:100%;');
1312
- $ISL_css_3 = isset($BPS_ISL_options['bps_isl_custom_css_3']) ? esc_html($BPS_ISL_options['bps_isl_custom_css_3']) : esc_html('border:5px solid gray;background-color:#BCE2F1;');
1313
- $ISL_css_4 = isset($BPS_ISL_options['bps_isl_custom_css_4']) ? esc_html($BPS_ISL_options['bps_isl_custom_css_4']) : esc_html('font-family:Verdana, Arial, Helvetica, sans-serif;font-size:18px;font-weight:bold;');
1314
- $ISL_exceptions = isset($BPS_ISL_options['bps_isl_user_account_exceptions']) ? esc_html($BPS_ISL_options['bps_isl_user_account_exceptions']) : esc_html('');
 
 
 
 
 
 
 
1315
  ?>
1316
-
1317
  <h3><?php _e('Idle Session Logout (ISL) Settings', 'bulletproof-security'); ?></h3>
1318
 
1319
  <table border="0">
@@ -1329,34 +1355,34 @@ $ISL_exceptions = isset($BPS_ISL_options['bps_isl_user_account_exceptions']) ? e
1329
  <tr>
1330
  <td>
1331
  <label for="LSLog"><?php _e('Idle Session Logout Time in Minutes:', 'bulletproof-security'); ?></label><br />
1332
- <input type="text" name="bps_isl_timeout" class="regular-text-250" value="<?php echo $ISL_timeout; ?>" />
1333
  </td>
1334
  </tr>
1335
  <tr>
1336
  <td>
1337
  <label for="LSLog"><?php _e('Idle Session Logout Page URL:', 'bulletproof-security'); ?></label><br />
1338
- <input type="text" name="bps_isl_logout_url" class="regular-text-450" value="<?php echo $ISL_logout_url; ?>" />
1339
  </td>
1340
  </tr>
1341
  <tr>
1342
  <td>
1343
  <label for="LSLog"><?php _e('Idle Session Logout Page Login URL:', 'bulletproof-security'); ?></label><br />
1344
  <label><strong><i><?php _e('Enter/Type: "No" (without quotes) if you do not want a Login URL displayed.', 'bulletproof-security'); ?></i></strong></label><br />
1345
- <input type="text" name="bps_isl_login_url" class="regular-text-450" value="<?php echo $ISL_login_url; ?>" />
1346
  </td>
1347
  </tr>
1348
  <tr>
1349
  <td>
1350
  <label for="LSLog"><?php _e('Idle Session Logout Exclude URLs|URIs:', 'bulletproof-security'); ?></label><br />
1351
  <label><strong><i><?php _e('Enter URIs separated by a comma and a space: /some-post/, /some-page/', 'bulletproof-security'); ?></i></strong></label><br />
1352
- <textarea style="width:450px" class="PFW-Allow-From-Text-Area" name="bps_isl_uri_exclusions" tabindex="1"><?php echo $ISL_exclusions; ?></textarea>
1353
  <input type="hidden" name="scrolltoISLMessage" id="scrolltoISLMessage" value="<?php echo esc_html( $scrolltoISLMessage ); ?>" />
1354
  </td>
1355
  </tr>
1356
  <tr>
1357
  <td>
1358
  <label for="LSLog"><?php _e('Idle Session Logout Page Custom Message:', 'bulletproof-security'); ?></label><br />
1359
- <textarea style="width:450px" class="PFW-Allow-From-Text-Area" name="bps_isl_custom_message" tabindex="1"><?php echo $ISL_message; ?></textarea>
1360
  <input type="hidden" name="scrolltoISLMessage" id="scrolltoISLMessage" value="<?php echo esc_html( $scrolltoISLMessage ); ?>" />
1361
  </td>
1362
  </tr>
@@ -1364,16 +1390,16 @@ $ISL_exceptions = isset($BPS_ISL_options['bps_isl_user_account_exceptions']) ? e
1364
  <td>
1365
  <label for="LSLog"><?php _e('Idle Session Logout Page Custom CSS Style:', 'bulletproof-security'); ?></label><br />
1366
  <label><strong><?php echo 'body CSS property'; ?></strong></label><br />
1367
- <input type="text" id="crypt33" name="bps_isl_custom_css_1" class="regular-text-450" value="<?php echo $ISL_css_1; ?>" />
1368
  <br />
1369
  <label><strong><?php echo '#bpsMessage CSS property'; ?></strong></label><br />
1370
- <input type="text" id="crypt34" name="bps_isl_custom_css_2" class="regular-text-450" value="<?php echo $ISL_css_2; ?>" />
1371
  <br />
1372
  <label><strong><?php echo '#bpsMessageTextBox CSS property'; ?></strong></label><br />
1373
- <input type="text" id="crypt35" name="bps_isl_custom_css_3" class="regular-text-450" value="<?php echo $ISL_css_3; ?>" />
1374
  <br />
1375
  <label><strong><?php echo 'p CSS property'; ?></strong></label><br />
1376
- <input type="text" id="crypt36" name="bps_isl_custom_css_4" class="regular-text-450" value="<?php echo $ISL_css_4; ?>" />
1377
  <br />
1378
  </td>
1379
  </tr>
@@ -1382,7 +1408,7 @@ $ISL_exceptions = isset($BPS_ISL_options['bps_isl_user_account_exceptions']) ? e
1382
  <label for="LSLog"><?php _e('User Account Exceptions:', 'bulletproof-security'); ?></label><br />
1383
  <label for="LSLog"><i><?php _e('Enter User Account names separated by a comma and a space: johnDoe, janeDoe', 'bulletproof-security'); ?></i></label><br />
1384
  <label for="LSLog"><i><?php _e('Idle Session Logout Time Will Not Be Applied For These User Accounts.', 'bulletproof-security'); ?></i></label><br />
1385
- <input type="text" name="bps_isl_user_account_exceptions" class="regular-text-450" value="<?php echo $ISL_exceptions; ?>" />
1386
  </td>
1387
  </tr>
1388
  <tr>
@@ -1390,11 +1416,11 @@ $ISL_exceptions = isset($BPS_ISL_options['bps_isl_user_account_exceptions']) ? e
1390
  <label><strong><?php _e('Enable|Disable Idle Session Logouts For These User Roles: ', 'bulletproof-security'); ?></strong></label><br />
1391
  <label><strong><i><?php _e('Check to Enable. Uncheck to Disable. See the Question Mark help button for details.', 'bulletproof-security'); ?></i></strong></label><br />
1392
  <div id="Roles-scroller">
1393
- <input type="checkbox" name="bps_isl_administrator" value="1" <?php if ( empty( $BPS_ISL_options['bps_isl_administrator'] ) ) { echo ''; } else { checked( $BPS_ISL_options['bps_isl_administrator'], 1 ); } ?> /><label><?php _e(' Administrator', 'bulletproof-security'); ?></label><br />
1394
- <input type="checkbox" name="bps_isl_editor" value="1" <?php if ( empty( $BPS_ISL_options['bps_isl_editor'] ) ) { echo ''; } else { checked( $BPS_ISL_options['bps_isl_editor'], 1 ); } ?> /><label><?php _e(' Editor', 'bulletproof-security'); ?></label><br />
1395
- <input type="checkbox" name="bps_isl_author" value="1" <?php if ( empty( $BPS_ISL_options['bps_isl_author'] ) ) { echo ''; } else { checked( $BPS_ISL_options['bps_isl_author'], 1 ); } ?> /><label><?php _e(' Author', 'bulletproof-security'); ?></label><br />
1396
- <input type="checkbox" name="bps_isl_contributor" value="1" <?php if ( empty( $BPS_ISL_options['bps_isl_contributor'] ) ) { echo ''; } else { checked( $BPS_ISL_options['bps_isl_contributor'], 1 ); } ?> /><label><?php _e(' Contributor', 'bulletproof-security'); ?></label><br />
1397
- <input type="checkbox" name="bps_isl_subscriber" value="1" <?php if ( empty( $BPS_ISL_options['bps_isl_subscriber'] ) ) { echo ''; } else { checked( $BPS_ISL_options['bps_isl_subscriber'], 1 ); } ?> /><label><?php _e(' Subscriber', 'bulletproof-security'); ?></label><br />
1398
 
1399
  <?php
1400
 
@@ -1402,11 +1428,11 @@ $ISL_exceptions = isset($BPS_ISL_options['bps_isl_user_account_exceptions']) ? e
1402
 
1403
  if ( $role_name != 'administrator' && $role_name != 'editor' && $role_name != 'author' && $role_name != 'contributor' && $role_name != 'subscriber' ) {
1404
 
 
 
1405
  echo "<input type=\"checkbox\" name=\"bps_isl_custom_roles[$role_name]\" value=\"1\"";
1406
- if ( ! empty($BPS_ISL_options['bps_isl_custom_roles'][$role_name]) ) {
1407
- checked( $BPS_ISL_options['bps_isl_custom_roles'][$role_name], 1 );
1408
- }
1409
- echo " /><label> ". $role_info['name'] ."</label>".'<br>';
1410
  }
1411
  }
1412
  ?>
@@ -1565,11 +1591,15 @@ if ( isset( $_POST['Submit-ACE-Options'] ) && current_user_can('manage_options')
1565
  $bps_ace_subscriber = ! empty($_POST['bps_ace_subscriber']) ? '1' : '';
1566
  $bps_ace_rememberme_disable = ! empty($_POST['bps_ace_rememberme_disable']) ? '1' : '';
1567
 
 
 
 
 
1568
  $ACE_Options = array(
1569
  'bps_ace' => $_POST['bps_ace'],
1570
- 'bps_ace_expiration' => esc_html($_POST['bps_ace_expiration']),
1571
- 'bps_ace_rememberme_expiration' => esc_html($_POST['bps_ace_rememberme_expiration']),
1572
- 'bps_ace_user_account_exceptions' => esc_html($_POST['bps_ace_user_account_exceptions']),
1573
  'bps_ace_administrator' => $bps_ace_administrator,
1574
  'bps_ace_editor' => $bps_ace_editor,
1575
  'bps_ace_author' => $bps_ace_author,
@@ -1598,14 +1628,20 @@ if ( isset( $_POST['Submit-ACE-Options'] ) && current_user_can('manage_options')
1598
  ?>
1599
 
1600
  <form name="ACELogout" action="<?php echo admin_url( 'admin.php?page=bulletproof-security/admin/login/login.php#bps-tabs-3' ); ?>" method="post">
1601
- <?php wp_nonce_field('bps_auth_cookie_expiration'); ?>
1602
- <?php $BPS_ACE_options = get_option('bulletproof_security_options_auth_cookie');
1603
- $ACE_on_off = ! isset($BPS_ACE_options['bps_ace']) ? '' : $BPS_ACE_options['bps_ace'];
1604
- $ACE_Expiration = isset($BPS_ACE_options['bps_ace_expiration']) ? preg_replace('/\D/', "", esc_html($BPS_ACE_options['bps_ace_expiration'])) : esc_html('2880');
1605
- $ACE_RM_Expiration = isset($BPS_ACE_options['bps_ace_rememberme_expiration']) ? preg_replace('/\D/', "", esc_html($BPS_ACE_options['bps_ace_rememberme_expiration'])) : esc_html('20160');
1606
- $ACE_exceptions = isset($BPS_ACE_options['bps_ace_user_account_exceptions']) ? esc_html($BPS_ACE_options['bps_ace_user_account_exceptions']) : esc_html('');
 
 
 
 
 
 
1607
  ?>
1608
-
1609
  <table border="0">
1610
  <tr>
1611
  <td>
@@ -1620,14 +1656,14 @@ $ACE_exceptions = isset($BPS_ACE_options['bps_ace_user_account_exceptions']) ? e
1620
  <td>
1621
  <label for="LSLog"><?php _e('Auth Cookie Expiration Time in Minutes:', 'bulletproof-security'); ?></label><br />
1622
  <label for="LSLog"><?php _e('WP Default setting is 2880 Minutes/2 Days:', 'bulletproof-security'); ?></label><br />
1623
- <input type="text" name="bps_ace_expiration" class="regular-text-250" value="<?php echo $ACE_Expiration; ?>" />
1624
  </td>
1625
  </tr>
1626
  <tr>
1627
  <td>
1628
  <label for="LSLog"><?php _e('Remember Me Auth Cookie Expiration Time in Minutes:', 'bulletproof-security'); ?></label><br />
1629
  <label for="LSLog"><?php _e('WP Default setting is 20160 Minutes/14 Days:', 'bulletproof-security'); ?></label><br />
1630
- <input type="text" name="bps_ace_rememberme_expiration" class="regular-text-250" value="<?php echo $ACE_RM_Expiration; ?>" />
1631
  </td>
1632
  </tr>
1633
  <tr>
@@ -1642,19 +1678,20 @@ $ACE_exceptions = isset($BPS_ACE_options['bps_ace_user_account_exceptions']) ? e
1642
  <label for="LSLog"><?php _e('User Account Exceptions:', 'bulletproof-security'); ?></label><br />
1643
  <label for="LSLog"><i><?php _e('Enter User Account names separated by a comma and a space: johnDoe, janeDoe', 'bulletproof-security'); ?></i></label><br />
1644
  <label for="LSLog"><i><?php _e('Auth Cookie Expiration Time Will Not Be Applied To These User Accounts.', 'bulletproof-security'); ?></i></label><br />
1645
- <input type="text" name="bps_ace_user_account_exceptions" class="regular-text-450" value="<?php echo $ACE_exceptions; ?>" />
1646
  </td>
1647
  </tr>
1648
  <tr>
1649
  <td>
1650
  <label><strong><?php _e('Enable|Disable Auth Cookie Expiration Time For These User Roles: ', 'bulletproof-security'); ?></strong></label><br />
1651
  <label><strong><i><?php _e('Check to Enable. Uncheck to Disable. See the Question Mark help button for details.', 'bulletproof-security'); ?></i></strong></label><br />
 
1652
  <div id="Roles-scroller">
1653
- <input type="checkbox" name="bps_ace_administrator" value="1" <?php if ( empty( $BPS_ACE_options['bps_ace_administrator'] ) ) { echo ''; } else { checked( $BPS_ACE_options['bps_ace_administrator'], 1 ); } ?> /><label><?php _e(' Administrator', 'bulletproof-security'); ?></label><br />
1654
- <input type="checkbox" name="bps_ace_editor" value="1" <?php if ( empty( $BPS_ACE_options['bps_ace_editor'] ) ) { echo ''; } else { checked( $BPS_ACE_options['bps_ace_editor'], 1 ); } ?> /><label><?php _e(' Editor', 'bulletproof-security'); ?></label><br />
1655
- <input type="checkbox" name="bps_ace_author" value="1" <?php if ( empty( $BPS_ACE_options['bps_ace_author'] ) ) { echo ''; } else { checked( $BPS_ACE_options['bps_ace_author'], 1 ); } ?> /><label><?php _e(' Author', 'bulletproof-security'); ?></label><br />
1656
- <input type="checkbox" name="bps_ace_contributor" value="1" <?php if ( empty( $BPS_ACE_options['bps_ace_contributor'] ) ) { echo ''; } else { checked( $BPS_ACE_options['bps_ace_contributor'], 1 ); } ?> /><label><?php _e(' Contributor', 'bulletproof-security'); ?></label><br />
1657
- <input type="checkbox" name="bps_ace_subscriber" value="1" <?php if ( empty( $BPS_ACE_options['bps_ace_subscriber'] ) ) { echo ''; } else { checked( $BPS_ACE_options['bps_ace_subscriber'], 1 ); } ?> /><label><?php _e(' Subscriber', 'bulletproof-security'); ?></label><br />
1658
 
1659
  <?php
1660
 
@@ -1662,11 +1699,11 @@ $ACE_exceptions = isset($BPS_ACE_options['bps_ace_user_account_exceptions']) ? e
1662
 
1663
  if ( $role_name != 'administrator' && $role_name != 'editor' && $role_name != 'author' && $role_name != 'contributor' && $role_name != 'subscriber' ) {
1664
 
 
 
1665
  echo "<input type=\"checkbox\" name=\"bps_ace_custom_roles[$role_name]\" value=\"1\"";
1666
- if ( ! empty($BPS_ACE_options['bps_ace_custom_roles'][$role_name]) ) {
1667
- checked( $BPS_ACE_options['bps_ace_custom_roles'][$role_name], 1 );
1668
- }
1669
- echo " /><label> ". $role_info['name'] ."</label>".'<br>';
1670
  }
1671
  }
1672
  ?>
@@ -1688,8 +1725,6 @@ $ACE_exceptions = isset($BPS_ACE_options['bps_ace_user_account_exceptions']) ? e
1688
 
1689
  </div>
1690
 
1691
- <?php } ?>
1692
-
1693
  <div id="bps-tabs-4" class="bps-tab-page" style="">
1694
 
1695
  <table width="100%" border="0" cellspacing="0" cellpadding="0" class="bps-help_faq_table">
@@ -1728,15 +1763,18 @@ if ( isset( $_POST['Submit-FSP-Options'] ) && current_user_can('manage_options')
1728
  $bps_fsp_upper_case = ! empty($_POST['bps_fsp_upper_case']) ? '1' : '';
1729
  $bps_fsp_number = ! empty($_POST['bps_fsp_number']) ? '1' : '';
1730
  $bps_fsp_special_char = ! empty($_POST['bps_fsp_special_char']) ? '1' : '';
 
 
 
1731
 
1732
  $FSP_Options = array(
1733
  'bps_fsp_on_off' => $_POST['bps_fsp_on_off'],
1734
- 'bps_fsp_char_length' => esc_html( trim($_POST['bps_fsp_char_length']) ),
1735
  'bps_fsp_lower_case' => $bps_fsp_lower_case,
1736
  'bps_fsp_upper_case' => $bps_fsp_upper_case,
1737
  'bps_fsp_number' => $bps_fsp_number,
1738
  'bps_fsp_special_char' => $bps_fsp_special_char,
1739
- 'bps_fsp_message' => esc_html($_POST['bps_fsp_message'])
1740
  );
1741
 
1742
  foreach( $FSP_Options as $key => $value ) {
@@ -1765,9 +1803,14 @@ $scrolltoFSPMessage = isset($_REQUEST['scrolltoFSPMessage']) ? (int) $_REQUEST['
1765
  <?php
1766
  wp_nonce_field('bps_fsp_settings');
1767
  $BPS_FSP_options = get_option('bulletproof_security_options_fsp');
1768
- $bps_fsp_on_off = isset($BPS_FSP_options['bps_fsp_on_off']) ? esc_html($BPS_FSP_options['bps_fsp_on_off']) : esc_html('Off');
1769
- $bps_fsp_char_length = isset($BPS_FSP_options['bps_fsp_char_length']) ? preg_replace('/\D/', "", esc_html($BPS_FSP_options['bps_fsp_char_length'])) : esc_html('12');
1770
- $FSP_Message = isset($BPS_FSP_options['bps_fsp_message']) ? esc_html($BPS_FSP_options['bps_fsp_message']) : esc_html('Password must contain 1 lowercase letter, 1 uppercase letter, 1 number, 1 special character and be a minimum of 12 characters long.');
 
 
 
 
 
1771
  ?>
1772
 
1773
  <table border="0">
@@ -1781,7 +1824,7 @@ $scrolltoFSPMessage = isset($_REQUEST['scrolltoFSPMessage']) ? (int) $_REQUEST['
1781
  </tr>
1782
  <tr>
1783
  <td><label for="LSLog"><?php _e('Password Character Length:', 'bulletproof-security'); ?></label></td>
1784
- <td><input type="text" name="bps_fsp_char_length" class="regular-text-150" style="width:120px;" value="<?php echo trim($bps_fsp_char_length); ?>" /></td>
1785
  <td><label for="LSLog" style="margin:0px 0px 0px 5px;font-style:italic;font-weight:normal;"><?php _e('Example: 12', 'bulletproof-security'); ?></label></td>
1786
  </tr>
1787
  </table>
@@ -1790,10 +1833,10 @@ $scrolltoFSPMessage = isset($_REQUEST['scrolltoFSPMessage']) ? (int) $_REQUEST['
1790
 
1791
  <label><strong><?php _e('Password Criteria Requirements: ', 'bulletproof-security'); ?></strong></label><br />
1792
  <label><i><?php _e('Check to require. Uncheck to remove requirement.', 'bulletproof-security'); ?></i></label><br />
1793
- <input type="checkbox" name="bps_fsp_lower_case" value="1" <?php if ( empty( $BPS_FSP_options['bps_fsp_lower_case'] ) ) { echo ''; } else { checked( $BPS_FSP_options['bps_fsp_lower_case'], 1 ); } ?> /><label><?php _e(' At least 1 lowercase letter', 'bulletproof-security'); ?></label><br />
1794
- <input type="checkbox" name="bps_fsp_upper_case" value="1" <?php if ( empty( $BPS_FSP_options['bps_fsp_upper_case'] ) ) { echo ''; } else { checked( $BPS_FSP_options['bps_fsp_upper_case'], 1 ); } ?> /><label><?php _e(' At least 1 uppercase letter', 'bulletproof-security'); ?></label><br />
1795
- <input type="checkbox" name="bps_fsp_number" value="1" <?php if ( empty( $BPS_FSP_options['bps_fsp_number'] ) ) { echo ''; } else { checked( $BPS_FSP_options['bps_fsp_number'], 1 ); } ?> /><label><?php _e(' At least 1 number', 'bulletproof-security'); ?></label><br />
1796
- <input type="checkbox" name="bps_fsp_special_char" value="1" <?php if ( empty( $BPS_FSP_options['bps_fsp_special_char'] ) ) { echo ''; } else { checked( $BPS_FSP_options['bps_fsp_special_char'], 1 ); } ?> /><label><?php _e(' At least 1 special character', 'bulletproof-security'); ?></label><br />
1797
 
1798
  <br />
1799
 
@@ -1801,7 +1844,7 @@ $scrolltoFSPMessage = isset($_REQUEST['scrolltoFSPMessage']) ? (int) $_REQUEST['
1801
  <tr>
1802
  <td>
1803
  <label for="LSLog"><?php _e('Displayed Message/Error Message:', 'bulletproof-security'); ?></label><br />
1804
- <textarea class="PFW-Allow-From-Text-Area" name="bps_fsp_message" tabindex="1"><?php echo $FSP_Message; ?></textarea>
1805
  <input type="hidden" name="scrolltoFSPMessage" id="scrolltoFSPMessage" value="<?php echo esc_html( $scrolltoFSPMessage ); ?>" />
1806
  </td>
1807
  </tr>
@@ -1833,8 +1876,6 @@ $scrolltoFSPMessage = isset($_REQUEST['scrolltoFSPMessage']) ? (int) $_REQUEST['
1833
  </tr>
1834
  </table>
1835
  </div>
1836
-
1837
- <div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION; ?> Plugin by <a href="https://www.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
1838
- </div>
1839
  </div>
1840
  </div>
137
 
138
  <?php
139
  // General all purpose "Settings Saved." message for forms
140
+ if ( current_user_can('manage_options') ) {
141
  if ( isset( $_GET['settings-updated'] ) && $_GET['settings-updated'] == true) {
142
  $text = '<p style="font-size:1em;font-weight:bold;padding:2px 0px 2px 5px;margin:0px -11px 0px -11px;background-color:#dfecf2;-webkit-box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);""><font color="green"><strong>'.__('Settings Saved', 'bulletproof-security').'</strong></font></p>';
143
  echo $text;
154
  $bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
155
  $bps_bottomDiv = '</p></div>';
156
 
 
 
 
 
 
157
  require_once WP_PLUGIN_DIR . '/bulletproof-security/admin/login/lsm-export.php';
158
  require_once WP_PLUGIN_DIR . '/bulletproof-security/admin/login/lsm-help-text.php';
 
 
159
  ?>
160
  </div>
161
 
209
  </p>
210
  </div>
211
 
212
+ <?php
213
 
214
  // Standard Static visible Login Security form proccessing - Lock, Unlock or Delete user login status from DB
215
  if ( isset($_POST['Submit-Login-Security-Radio'] ) && current_user_can('manage_options') ) {
409
  <div id="LoginSecurityOptions" style="width:100%;">
410
 
411
  <form name="LoginSecurityOptions" action="options.php" method="post">
412
+ <?php settings_fields('bulletproof_security_options_login_security');
413
+ $BPSoptions = get_option('bulletproof_security_options_login_security');
414
+ $bps_max_logins = ! empty($BPSoptions['bps_max_logins']) ? $BPSoptions['bps_max_logins'] : '3';
415
+ $bps_lockout_duration = ! empty($BPSoptions['bps_lockout_duration']) ? $BPSoptions['bps_lockout_duration'] : '15';
416
+ $bps_manual_lockout_duration = ! empty($BPSoptions['bps_manual_lockout_duration']) ? $BPSoptions['bps_manual_lockout_duration'] : '60';
417
+ $bps_max_db_rows_display = isset($BPSoptions['bps_max_db_rows_display']) ? $BPSoptions['bps_max_db_rows_display'] : '';
418
+ $bps_enable_lsm_woocommerce = ! empty($BPSoptions['bps_enable_lsm_woocommerce']) ? checked( $BPSoptions['bps_enable_lsm_woocommerce'], 1, false ) : '';
419
+ $bps_login_security_OnOff = isset($BPSoptions['bps_login_security_OnOff']) ? $BPSoptions['bps_login_security_OnOff'] : '';
420
+ $bps_login_security_logging = isset($BPSoptions['bps_login_security_logging']) ? $BPSoptions['bps_login_security_logging'] : '';
421
+ $bps_login_security_errors = isset($BPSoptions['bps_login_security_errors']) ? $BPSoptions['bps_login_security_errors'] : '';
422
+ $bps_login_security_remaining = isset($BPSoptions['bps_login_security_remaining']) ? $BPSoptions['bps_login_security_remaining'] : '';
423
+ $bps_login_security_pw_reset = isset($BPSoptions['bps_login_security_pw_reset']) ? $BPSoptions['bps_login_security_pw_reset'] : '';
424
+ $bps_login_security_sort = isset($BPSoptions['bps_login_security_sort']) ? $BPSoptions['bps_login_security_sort'] : '';
425
  ?>
426
 
427
  <table border="0">
428
  <tr>
429
  <td><label for="LSLog"><?php _e('Max Login Attempts:', 'bulletproof-security'); ?></label></td>
430
+ <td>
431
+ <input type="text" name="bulletproof_security_options_login_security[bps_max_logins]" class="regular-text-50-fixed" value="<?php echo esc_html( $bps_max_logins ); ?>" />
432
+ </td>
433
  <td>&nbsp;</td>
434
  </tr>
435
  <tr>
436
  <td><label for="LSLog"><?php _e('Automatic Lockout Time:', 'bulletproof-security'); ?></label></td>
437
+ <td><input type="text" name="bulletproof_security_options_login_security[bps_lockout_duration]" class="regular-text-50-fixed" value="<?php echo esc_html( $bps_lockout_duration ); ?>" />
438
+ </td>
439
  <td><label for="LSLog" style="margin:0px 0px 0px 5px;"><strong><?php _e('Minutes', 'bulletproof-security'); ?></strong></label></td>
440
  </tr>
441
  <tr>
442
  <td><label for="LSLog"><?php _e('Manual Lockout Time:', 'bulletproof-security'); ?></label></td>
443
+ <td><input type="text" name="bulletproof_security_options_login_security[bps_manual_lockout_duration]" class="regular-text-50-fixed" value="<?php echo esc_html( $bps_manual_lockout_duration ); ?>" /></td>
444
  <td><label for="LSLog" style="margin:0px 0px 0px 5px;"><strong><?php _e('Minutes', 'bulletproof-security'); ?></strong></label></td>
445
  </tr>
446
  <tr>
447
  <td><label for="LSLog"><?php _e('Max DB Rows To Show:', 'bulletproof-security'); ?></label></td>
448
+ <td><input type="text" name="bulletproof_security_options_login_security[bps_max_db_rows_display]" class="regular-text-50-fixed" value="<?php echo esc_html( $bps_max_db_rows_display ); ?>" /></td>
449
  <td><label for="LSLog" style="margin:0px 0px 0px 5px;"><strong><?php _e('Blank = Show All Rows', 'bulletproof-security'); ?></strong></label></td>
450
  </tr>
451
  </table>
452
 
453
  <div id="LSM-woocommerce" style="margin:10px 0px 10px 0px">
454
+ <input type="checkbox" name="bulletproof_security_options_login_security[bps_enable_lsm_woocommerce]" value="" <?php echo esc_html($bps_enable_lsm_woocommerce); ?> /><label><?php _e(' Enable Login Security for WooCommerce (BPS Pro Only)', 'bulletproof-security'); ?></label>
455
  </div>
456
 
457
  <table border="0">
522
 
523
  <div id="LoginSecuritySearch">
524
  <form name="LoginSecuritySearchForm" action="<?php echo admin_url( 'admin.php?page=bulletproof-security/admin/login/login.php#LSM-DB-Table' ); ?>" method="post">
525
+ <?php wp_nonce_field('bulletproof_security_login_security_search');
526
+ $login_security_search = isset($_POST['LSSearch']) ? $_POST['LSSearch'] : '';
527
+ ?>
528
+ <input type="text" name="LSSearch" class="LSSearch-text" style="width:170px" value="<?php echo esc_html($login_security_search); ?>" />
529
  <input type="submit" name="Submit-Login-Security-search" class="button bps-button" value="<?php esc_attr_e('Search', 'bulletproof-security') ?>" />
530
  </form>
531
  </div>
594
  $gmt_offset = get_option( 'gmt_offset' ) * 3600;
595
 
596
  if ( $row->status == 'Locked' ) {
597
+ echo '<th scope="row" style="border-bottom:none;color:red;font-weight:bold;">'.esc_html($row->status).'</th>';
598
  } else {
599
+ echo '<th scope="row" style="border-bottom:none;">'.esc_html($row->status).'</th>';
600
  }
601
 
602
  echo "<td><input type=\"checkbox\" id=\"lockuser\" name=\"LSradio[$row->user_id]\" value=\"lockuser\" class=\"lockuserALL\" /><br><span style=\"font-size:10px;\">".__('Lock', 'bulletproof-security')."</span></td>";
603
  echo "<td><input type=\"checkbox\" id=\"unlockuser\" name=\"LSradio[$row->user_id]\" value=\"unlockuser\" class=\"unlockuserALL\" /><br><span style=\"font-size:10px;\">".__('Unlock', 'bulletproof-security')."</span></td>";
604
  echo "<td><input type=\"checkbox\" id=\"deleteuser\" name=\"LSradio[$row->user_id]\" value=\"deleteuser\" class=\"deleteuserALL\" /><br><span style=\"font-size:10px;\">".__('Delete', 'bulletproof-security')."</span></td>";
605
 
606
+ echo '<td>'.esc_html($row->user_id).'</td>';
607
+ echo '<td>'.esc_html($row->username).'</td>';
608
+ echo '<td>'.esc_html($row->public_name).'</td>';
609
+ echo '<td>'.esc_html($row->email).'</td>';
610
+ echo '<td>'.esc_html($row->role).'</td>';
611
+ echo '<td>'.date_i18n(get_option('date_format').' '.get_option('time_format'), esc_html($row->login_time) + $gmt_offset).'</td>';
612
 
613
  if ( $row->lockout_time == 0 ) {
614
  echo '<td>'.__('NA', 'bulletproof-security').'</td>';
615
  } else {
616
+ echo '<td>'.date_i18n(get_option('date_format').' '.get_option('time_format'), esc_html($row->lockout_time) + $gmt_offset).'</td>';
617
  }
618
 
619
+ echo '<td>'.esc_html($row->ip_address).'</td>';
620
+ echo '<td>'.esc_html($row->hostname).'</td>';
621
+ echo '<td>'.esc_html($row->request_uri).'</td>';
622
  echo '</tr>';
623
  }
624
  }
641
  echo '</table>';
642
  echo '</div>';
643
 
644
+ echo "<input type=\"submit\" name=\"Submit-Login-Search-Radio\" value=\"".esc_attr__('Submit', 'bulletproof-security')."\" class=\"button bps-button\" onclick=\"return confirm('".__('Locking and Unlocking a User is reversible, but Deleting a User is not.\n\n-------------------------------------------------------------\n\nWhen you delete a User you are deleting that User database row from the BPS Login Security Database Table and not from the WordPress User Database Table.\n\n-------------------------------------------------------------\n\nTo delete a User Account from your WordPress website use the standard/normal WordPress Users page.\n\n-------------------------------------------------------------\n\nClick OK to proceed or click Cancel', 'bulletproof-security')."')\" />&nbsp;&nbsp;<input type=\"button\" name=\"cancel\" value=\"".__('Clear|Refresh', 'bulletproof-security')."\" class=\"button bps-button\" onclick=\"javascript:history.go(0)\" /></form><br>";
645
 
646
  } else { // if the LSM Search form is not submitted then display the static LSM form
647
 
695
  $gmt_offset = get_option( 'gmt_offset' ) * 3600;
696
 
697
  if ( $row->status == 'Locked' ) {
698
+ echo '<th scope="row" style="border-bottom:none;color:red;font-weight:bold;">'.esc_html($row->status).'</th>';
699
  } else {
700
+ echo '<th scope="row" style="border-bottom:none;">'.esc_html($row->status).'</th>';
701
  }
702
 
703
  echo "<td><input type=\"checkbox\" id=\"lockuser\" name=\"LSradio[$row->user_id]\" value=\"lockuser\" class=\"lockuserALL\" /><br><span style=\"font-size:10px;\">".__('Lock', 'bulletproof-security')."</span></td>";
704
  echo "<td><input type=\"checkbox\" id=\"unlockuser\" name=\"LSradio[$row->user_id]\" value=\"unlockuser\" class=\"unlockuserALL\" /><br><span style=\"font-size:10px;\">".__('Unlock', 'bulletproof-security')."</span></td>";
705
  echo "<td><input type=\"checkbox\" id=\"deleteuser\" name=\"LSradio[$row->user_id]\" value=\"deleteuser\" class=\"deleteuserALL\" /><br><span style=\"font-size:10px;\">".__('Delete', 'bulletproof-security')."</span></td>";
706
 
707
+ echo '<td>'.esc_html($row->user_id).'</td>';
708
+ echo '<td>'.esc_html($row->username).'</td>';
709
+ echo '<td>'.esc_html($row->public_name).'</td>';
710
+ echo '<td>'.esc_html($row->email).'</td>';
711
+ echo '<td>'.esc_html($row->role).'</td>';
712
+ echo '<td>'.date_i18n(get_option('date_format').' '.get_option('time_format'), esc_html($row->login_time) + $gmt_offset).'</td>';
713
 
714
  if ( $row->lockout_time == 0 ) {
715
  echo '<td>'.__('NA', 'bulletproof-security').'</td>';
716
  } else {
717
+ echo '<td>'.date_i18n(get_option('date_format').' '.get_option('time_format'), esc_html($row->lockout_time) + $gmt_offset).'</td>';
718
  }
719
 
720
+ echo '<td>'.esc_html($row->ip_address).'</td>';
721
+ echo '<td>'.esc_html($row->hostname).'</td>';
722
+ echo '<td>'.esc_html($row->request_uri).'</td>';
723
  echo '</tr>';
724
  }
725
  }
742
  echo '</table>';
743
  echo '</div>';
744
 
745
+ echo "<input type=\"submit\" name=\"Submit-Login-Security-Radio\" value=\"".esc_attr__('Submit', 'bulletproof-security')."\" class=\"button bps-button\" onclick=\"return confirm('".__('Locking and Unlocking a User is reversible, but Deleting a User is not.\n\n-------------------------------------------------------------\n\nWhen you delete a User you are deleting that User database row from the BPS Login Security Database Table and not from the WordPress User Database Table.\n\n-------------------------------------------------------------\n\nTo delete a User Account from your WordPress website use the standard/normal WordPress Users page.\n\n-------------------------------------------------------------\n\nClick OK to proceed or click Cancel', 'bulletproof-security')."')\" />&nbsp;&nbsp;<input type=\"button\" name=\"cancel\" value=\"".__('Clear|Refresh', 'bulletproof-security')."\" class=\"button bps-button\" onclick=\"javascript:history.go(0)\" /></form><br>";
746
  }
747
  ?>
748
  <br />
789
  /* ]]> */
790
  </script>
791
 
 
 
 
792
  </td>
793
  </tr>
794
  </table>
868
  $pos4 = strpos( $_POST['bps_jtc_comment_form_input'], 'eyJjaXBoZXJ0ZXh0Ijoi' );
869
 
870
  if ( $pos1 === false ) {
871
+ $bps_jtc_custom_form_error = sanitize_text_field(stripslashes($_POST['bps_jtc_custom_form_error']));
872
  } else {
873
  $bps_jtc_custom_form_error = $Encryption->decrypt($_POST['bps_jtc_custom_form_error'], $nonceValue);
874
  }
875
 
876
  if ( $pos2 === false ) {
877
+ $bps_jtc_comment_form_error = sanitize_text_field(stripslashes($_POST['bps_jtc_comment_form_error']));
878
  } else {
879
  $bps_jtc_comment_form_error = $Encryption->decrypt($_POST['bps_jtc_comment_form_error'], $nonceValue);
880
  }
881
 
882
  if ( $pos3 === false ) {
883
+ $bps_jtc_comment_form_label = sanitize_text_field(stripslashes($_POST['bps_jtc_comment_form_label']));
884
  } else {
885
  $bps_jtc_comment_form_label = $Encryption->decrypt($_POST['bps_jtc_comment_form_label'], $nonceValue);
886
  }
887
 
888
  if ( $pos4 === false ) {
889
+ $bps_jtc_comment_form_input = sanitize_text_field(stripslashes($_POST['bps_jtc_comment_form_input']));
890
  } else {
891
  $bps_jtc_comment_form_input = $Encryption->decrypt($_POST['bps_jtc_comment_form_input'], $nonceValue);
892
  }
893
  }
894
 
895
  $bps_jtc_login_form = ! empty($_POST['bps_jtc_login_form']) ? '1' : '';
896
+ $bps_tooltip_captcha_key = sanitize_text_field($_POST['bps_tooltip_captcha_key']);
897
+ $bps_tooltip_captcha_hover_text = sanitize_text_field($_POST['bps_tooltip_captcha_hover_text']);
898
+ $bps_tooltip_captcha_title = sanitize_text_field($_POST['bps_tooltip_captcha_title']);
899
 
900
  $JTC_Options = array(
901
+ 'bps_tooltip_captcha_key' => $bps_tooltip_captcha_key,
902
+ 'bps_tooltip_captcha_hover_text' => $bps_tooltip_captcha_hover_text,
903
+ 'bps_tooltip_captcha_title' => $bps_tooltip_captcha_title,
904
  'bps_tooltip_captcha_logging' => 'Off',
905
  'bps_jtc_login_form' => $bps_jtc_login_form,
906
  'bps_jtc_register_form' => '',
930
  echo '<strong><font color="green">'.__('JTC-Lite Settings Saved.', 'bulletproof-security').'</font></strong><br>';
931
  echo $bps_bottomDiv;
932
  }
 
 
 
933
  ?>
934
 
935
  <div id="LoginSecurityJTC" style="position:relative;top:0px;left:0px;margin:0px 0px 0px 0px;">
936
 
937
  <form name="LoginSecurityJTC" action="<?php echo admin_url( 'admin.php?page=bulletproof-security/admin/login/login.php#bps-tabs-2' ); ?>" method="post">
938
+ <?php wp_nonce_field('bps_login_security_jtc');
939
+ $BPSoptionsJTC = get_option('bulletproof_security_options_login_security_jtc');
940
+ $bps_tooltip_captcha_key = ! empty($BPSoptionsJTC['bps_tooltip_captcha_key']) ? $BPSoptionsJTC['bps_tooltip_captcha_key'] : 'jtc';
941
+ $bps_tooltip_captcha_hover_text = ! empty($BPSoptionsJTC['bps_tooltip_captcha_hover_text']) ? $BPSoptionsJTC['bps_tooltip_captcha_hover_text'] : 'Type/Enter: jtc';
942
+ $bps_tooltip_captcha_title = ! empty($BPSoptionsJTC['bps_tooltip_captcha_title']) ? $BPSoptionsJTC['bps_tooltip_captcha_title'] : 'Hover or click the text box below';
943
+ $bps_tooltip_captcha_logging = isset($BPSoptionsJTC['bps_tooltip_captcha_logging']) ? $BPSoptionsJTC['bps_tooltip_captcha_logging'] : '';
 
 
 
 
944
  ?>
945
 
946
  <table border="0">
947
  <tr>
948
  <td><label for="LSLog"><?php _e('JTC CAPTCHA:', 'bulletproof-security'); ?></label></td>
949
+ <td><input type="text" name="bps_tooltip_captcha_key" class="regular-text-250" value="<?php echo esc_html($bps_tooltip_captcha_key); ?>" /></td>
950
  <td><label for="LSLog" style="margin:0px 0px 0px 5px;font-style:italic;font-weight:normal;"><?php _e('jtc', 'bulletproof-security'); ?></label></td>
951
  </tr>
952
  <tr>
953
  <td><label for="LSLog"><?php _e('JTC ToolTip:', 'bulletproof-security'); ?></label></td>
954
+ <td><input type="text" name="bps_tooltip_captcha_hover_text" class="regular-text-250" value="<?php echo esc_html($bps_tooltip_captcha_hover_text); ?>" /></td>
955
  <td><label for="LSLog" style="margin:0px 0px 0px 5px;font-style:italic;font-weight:normal;"><?php _e('Type/Enter: jtc. Enter a blank space for no text (Spacebar Key)', 'bulletproof-security'); ?></label></td>
956
  </tr>
957
  <tr>
958
  <td><label for="LSLog"><?php _e('JTC Title|Text:', 'bulletproof-security'); ?></label></td>
959
+ <td><input type="text" name="bps_tooltip_captcha_title" class="regular-text-250" value="<?php echo esc_html($bps_tooltip_captcha_title); ?>" /></td>
960
  <td><label for="LSLog" style="margin:0px 0px 0px 5px;font-style:italic;font-weight:normal;"><?php _e('Enter a blank space for no text (Spacebar Key)', 'bulletproof-security'); ?></label></td>
961
  </tr>
962
 
976
  <!-- Important: </table> needs to come after the closing php tag above for Network subsites -->
977
  </table>
978
 
979
+ <?php
980
+ $bps_enable_jtc_woocommerce = ! empty($BPSoptionsJTC['bps_enable_jtc_woocommerce']) ? checked( $BPSoptionsJTC['bps_enable_jtc_woocommerce'], 1, false ) : '';
981
+ $bps_jtc_login_form = ! empty($BPSoptionsJTC['bps_jtc_login_form']) ? checked( $BPSoptionsJTC['bps_jtc_login_form'], 1, false ) : '';
982
+ $bps_jtc_register_form = ! empty($BPSoptionsJTC['bps_jtc_register_form']) ? checked( $BPSoptionsJTC['bps_jtc_register_form'], 1, false ) : '';
983
+ $bps_jtc_lostpassword_form = ! empty($BPSoptionsJTC['bps_jtc_lostpassword_form']) ? checked( $BPSoptionsJTC['bps_jtc_lostpassword_form'], 1, false ) : '';
984
+ $bps_jtc_comment_form = ! empty($BPSoptionsJTC['bps_jtc_comment_form']) ? checked( $BPSoptionsJTC['bps_jtc_comment_form'], 1, false ) : '';
985
+ $bps_jtc_mu_register_form = ! empty($BPSoptionsJTC['bps_jtc_mu_register_form']) ? checked( $BPSoptionsJTC['bps_jtc_mu_register_form'], 1, false ) : '';
986
+ $bps_jtc_buddypress_register_form = ! empty($BPSoptionsJTC['bps_jtc_buddypress_register_form']) ? checked( $BPSoptionsJTC['bps_jtc_buddypress_register_form'], 1, false ) : '';
987
+ $bps_jtc_buddypress_sidebar_form = ! empty($BPSoptionsJTC['bps_jtc_buddypress_sidebar_form']) ? checked( $BPSoptionsJTC['bps_jtc_buddypress_sidebar_form'], 1, false ) : '';
988
+ $bps_jtc_administrator = ! empty($BPSoptionsJTC['bps_jtc_administrator']) ? checked( $BPSoptionsJTC['bps_jtc_administrator'], 1, false ) : '';
989
+ $bps_jtc_editor = ! empty($BPSoptionsJTC['bps_jtc_editor']) ? checked( $BPSoptionsJTC['bps_jtc_editor'], 1, false ) : '';
990
+ $bps_jtc_author = ! empty($BPSoptionsJTC['bps_jtc_author']) ? checked( $BPSoptionsJTC['bps_jtc_author'], 1, false ) : '';
991
+ $bps_jtc_contributor = ! empty($BPSoptionsJTC['bps_jtc_contributor']) ? checked( $BPSoptionsJTC['bps_jtc_contributor'], 1, false ) : '';
992
+ $bps_jtc_subscriber = ! empty($BPSoptionsJTC['bps_jtc_subscriber']) ? checked( $BPSoptionsJTC['bps_jtc_subscriber'], 1, false ) : '';
993
+ ?>
994
+
995
  <div id="JTC-woocommerce" style="margin:10px 0px 10px 0px">
996
+ <input type="checkbox" name="bps_enable_jtc_woocommerce" value="1" <?php echo esc_html($bps_enable_jtc_woocommerce); ?> /><label><?php _e(' Enable JTC for WooCommerce (BPS Pro Only)', 'bulletproof-security'); ?></label>
997
  </div>
998
 
999
  <label><strong><?php _e('Enable|Disable JTC For These Forms: ', 'bulletproof-security'); ?></strong></label><br />
1000
  <label><i><?php _e('Check to Enable. Uncheck to Disable.', 'bulletproof-security'); ?></i></label><br />
1001
+ <input type="checkbox" name="bps_jtc_login_form" value="1" <?php echo esc_html($bps_jtc_login_form); ?> /><label><?php _e(' Login Form', 'bulletproof-security'); ?></label><br />
1002
+ <input type="checkbox" name="bps_jtc_register_form" value="1" <?php echo esc_html($bps_jtc_register_form); ?> /><label><?php _e(' Register Form (BPS Pro Only)', 'bulletproof-security'); ?></label><br />
1003
+ <input type="checkbox" name="bps_jtc_lostpassword_form" value="1" <?php echo esc_html($bps_jtc_lostpassword_form); ?> /><label><?php _e(' Lost Password Form (BPS Pro Only)', 'bulletproof-security'); ?></label><br />
1004
+ <input type="checkbox" name="bps_jtc_comment_form" value="1" <?php echo esc_html($bps_jtc_comment_form); ?> /><label><?php _e(' Comment Form (BPS Pro Only)', 'bulletproof-security'); ?></label><br />
1005
+ <input type="checkbox" name="bps_jtc_mu_register_form" value="1" <?php echo esc_html($bps_jtc_mu_register_form); ?> /><label><?php _e(' Multisite Register Form (BPS Pro Only)', 'bulletproof-security'); ?></label><br />
1006
+ <input type="checkbox" name="bps_jtc_buddypress_register_form" value="1" <?php echo esc_html($bps_jtc_buddypress_register_form); ?> /><label><?php _e(' BuddyPress Register Form (BPS Pro Only)', 'bulletproof-security'); ?></label><br />
1007
+ <input type="checkbox" name="bps_jtc_buddypress_sidebar_form" value="1" <?php echo esc_html($bps_jtc_buddypress_sidebar_form); ?> /><label><?php _e(' BuddyPress Sidebar Login Form (BPS Pro Only)', 'bulletproof-security'); ?></label><br /><br />
1008
 
1009
  <label><strong><?php _e('Comment Form: (BPS Pro Only)', 'bulletproof-security'); ?></strong></label><br />
1010
  <label><strong><?php _e('Enable|Disable JTC For These Registered/Logged In User Roles (BPS Pro Only): ', 'bulletproof-security'); ?></strong></label><br />
1011
  <label><i><?php _e('Check to Enable. Uncheck to Disable.', 'bulletproof-security'); ?></i></label><br />
1012
  <div id="Roles-scroller">
1013
+ <input type="checkbox" name="bps_jtc_administrator" value="1" <?php echo esc_html($bps_jtc_administrator); ?> /><label><?php _e(' Administrator', 'bulletproof-security'); ?></label><br />
1014
+ <input type="checkbox" name="bps_jtc_editor" value="1" <?php echo esc_html($bps_jtc_editor); ?> /><label><?php _e(' Editor', 'bulletproof-security'); ?></label><br />
1015
+ <input type="checkbox" name="bps_jtc_author" value="1" <?php echo esc_html($bps_jtc_author); ?> /><label><?php _e(' Author', 'bulletproof-security'); ?></label><br />
1016
+ <input type="checkbox" name="bps_jtc_contributor" value="1" <?php echo esc_html($bps_jtc_contributor); ?> /><label><?php _e(' Contributor', 'bulletproof-security'); ?></label><br />
1017
+ <input type="checkbox" name="bps_jtc_subscriber" value="1" <?php echo esc_html($bps_jtc_subscriber); ?> /><label><?php _e(' Subscriber', 'bulletproof-security'); ?></label><br />
1018
 
1019
  <?php
1020
 
1022
 
1023
  if ( $role_name != 'administrator' && $role_name != 'editor' && $role_name != 'author' && $role_name != 'contributor' && $role_name != 'subscriber' ) {
1024
 
1025
+ $bps_jtc_custom_roles = ! empty($BPSoptionsJTC['bps_jtc_custom_roles'][$role_name]) ? checked( $BPSoptionsJTC['bps_jtc_custom_roles'][$role_name], 1, false ) : '';
1026
+
1027
  echo "<input type=\"checkbox\" name=\"bps_jtc_custom_roles[$role_name]\" value=\"1\"";
1028
+ echo esc_html($bps_jtc_custom_roles);
1029
+ echo " /><label> ". esc_html($role_info['name']) ."</label>".'<br>';
 
 
1030
  }
1031
  }
1032
  ?>
1033
  </div>
1034
+ <br />
1035
+
1036
+ <?php
1037
+ $bps_jtc_custom_form_error = ! empty($BPSoptionsJTC['bps_jtc_custom_form_error']) ? $BPSoptionsJTC['bps_jtc_custom_form_error'] : '<strong>ERROR</strong>: Incorrect CAPTCHA Entered.';
1038
+ $bps_jtc_comment_form_error = ! empty($BPSoptionsJTC['bps_jtc_comment_form_error']) ? $BPSoptionsJTC['bps_jtc_comment_form_error'] :'<strong>ERROR</strong>: Incorrect JTC CAPTCHA Entered. Click your Browser back button and re-enter the JTC CAPTCHA.';
1039
+ $bps_jtc_comment_form_label = ! empty($BPSoptionsJTC['bps_jtc_comment_form_label']) ? $BPSoptionsJTC['bps_jtc_comment_form_label'] : 'position:relative;top:0px;left:0px;padding:0px 0px 0px 0px;margin:0px 0px 0px 0px;';
1040
+ $bps_jtc_comment_form_input = ! empty($BPSoptionsJTC['bps_jtc_comment_form_input']) ? $BPSoptionsJTC['bps_jtc_comment_form_input'] : 'position:relative;top:0px;left:0px;padding:0px 0px 0px 0px;margin:0px 0px 0px 0px;';
1041
+ ?>
1042
+
1043
  <label for="LSLog"><?php _e('Login Form: CAPTCHA Error message', 'bulletproof-security'); ?></label><br />
1044
+ <input type="text" id="crypt29" name="bps_jtc_custom_form_error" class="regular-text-short-fixed" style="width:75%;" value="<?php echo esc_html($bps_jtc_custom_form_error); ?>" /><br /><br />
1045
 
1046
  <label for="LSLog"><?php _e('Comment Form: CAPTCHA Error message (BPS Pro Only)', 'bulletproof-security'); ?></label><br />
1047
+ <input type="text" id="crypt30" name="bps_jtc_comment_form_error" class="regular-text-short-fixed" style="width:75%;" value="<?php echo esc_html($bps_jtc_comment_form_error) ?>" /><br /><br />
1048
 
1049
  <label><strong><?php _e('Comment Form: CSS Styling (BPS Pro Only)', 'bulletproof-security'); ?></strong></label><br />
1050
  <label><?php _e('Comment Form Label (BPS Pro Only): <i>The JTC Title|Text above the Form Input text box</i>', 'bulletproof-security'); ?></label><br />
1051
+ <input type="text" id="crypt31" name="bps_jtc_comment_form_label" class="regular-text-short-fixed" style="width:75%;" value="<?php echo esc_html($bps_jtc_comment_form_label) ?>" /><br />
1052
  <label><?php _e('Comment Form Input Text Box (BPS Pro Only): <i>The JTC CAPTCHA Form Input text box</i>', 'bulletproof-security'); ?></label><br />
1053
+ <input type="text" id="crypt32" name="bps_jtc_comment_form_input" class="regular-text-short-fixed" style="width:75%;" value="<?php echo esc_html($bps_jtc_comment_form_input) ?>" /><br /><br />
1054
 
1055
  <?php echo '<div id="jtc-tooltip" style="margin:0px 0px 10px 0px;max-width:640px"><label for="bps-mscan-label" style="">'.__('If you see an error or are unable to save your JTC option settings then click the Encrypt JTC Code button first and then click the Save Options button. Mouse over the question mark image to the right for help info.', 'bulletproof-security').'</label><strong><font color="black"><span class="tooltip-350-225"><img src="'.plugins_url('/bulletproof-security/admin/images/question-mark.png').'" style="position:relative;top:3px;left:5px;" /><span>'.__('If your web host currently has ModSecurity installed or installs ModSecurity at a later time then ModSecurity will prevent you from saving your JTC options settings and CSS code unless you encrypt it first by clicking the Encrypt JTC Code button.', 'bulletproof-security').'<br><br>'.__('If you click the Encrypt JTC Code button and then want to edit your CSS code again click the Decrypt JTC Code button. After you are done editing click the Encrypt JTC Code button before clicking the Save Options button.', 'bulletproof-security').'<br><br>'.__('Click the JTC Anti-Spam|Anti-Hacker Question Mark help button for more help info.', 'bulletproof-security').'</span></span></font></strong></div>'; ?>
1056
 
1151
  /* ]]> */
1152
  </script>
1153
 
 
 
1154
  </td>
1155
  </tr>
1156
  </table>
1201
  </div>
1202
 
1203
  <?php
1204
+
1205
  $scrolltoISLMessage = isset($_REQUEST['scrolltoISLMessage']) ? (int) $_REQUEST['scrolltoISLMessage'] : 0;
1206
 
1207
  // ISL Form processing
1238
  $pos4 = strpos( $_POST['bps_isl_custom_css_4'], 'eyJjaXBoZXJ0ZXh0Ijoi' );
1239
 
1240
  if ( $pos1 === false ) {
1241
+ $bps_isl_custom_css_1 = sanitize_text_field(stripslashes($_POST['bps_isl_custom_css_1']));
1242
  } else {
1243
  $bps_isl_custom_css_1 = $Encryption->decrypt($_POST['bps_isl_custom_css_1'], $nonceValue);
1244
  }
1245
 
1246
  if ( $pos2 === false ) {
1247
+ $bps_isl_custom_css_2 = sanitize_text_field(stripslashes($_POST['bps_isl_custom_css_2']));
1248
  } else {
1249
  $bps_isl_custom_css_2 = $Encryption->decrypt($_POST['bps_isl_custom_css_2'], $nonceValue);
1250
  }
1251
 
1252
  if ( $pos3 === false ) {
1253
+ $bps_isl_custom_css_3 = sanitize_text_field(stripslashes($_POST['bps_isl_custom_css_3']));
1254
  } else {
1255
  $bps_isl_custom_css_3 = $Encryption->decrypt($_POST['bps_isl_custom_css_3'], $nonceValue);
1256
  }
1257
 
1258
  if ( $pos4 === false ) {
1259
+ $bps_isl_custom_css_4 = sanitize_text_field(stripslashes($_POST['bps_isl_custom_css_4']));
1260
  } else {
1261
  $bps_isl_custom_css_4 = $Encryption->decrypt($_POST['bps_isl_custom_css_4'], $nonceValue);
1262
  }
1268
  $bps_isl_contributor = ! empty($_POST['bps_isl_contributor']) ? '1' : '';
1269
  $bps_isl_subscriber = ! empty($_POST['bps_isl_subscriber']) ? '1' : '';
1270
  $bps_isl_tinymce = ! empty($_POST['bps_isl_tinymce']) ? '1' : '';
1271
+
1272
+ $bps_isl_timeout = sanitize_text_field($_POST['bps_isl_timeout']);
1273
+ $bps_isl_logout_url = sanitize_url($_POST['bps_isl_logout_url']);
1274
+ $bps_isl_login_url = sanitize_url($_POST['bps_isl_login_url']);
1275
+ $bps_isl_custom_message = sanitize_textarea_field($_POST['bps_isl_custom_message']);
1276
+ $bps_isl_user_account_exceptions = sanitize_text_field($_POST['bps_isl_user_account_exceptions']);
1277
+ $bps_isl_uri_exclusions = sanitize_textarea_field($_POST['bps_isl_uri_exclusions']);
1278
 
1279
  $ISL_Options = array(
1280
  'bps_isl' => $_POST['bps_isl'],
1281
+ 'bps_isl_timeout' => $bps_isl_timeout,
1282
+ 'bps_isl_logout_url' => $bps_isl_logout_url,
1283
+ 'bps_isl_login_url' => $bps_isl_login_url,
1284
+ 'bps_isl_custom_message' => $bps_isl_custom_message,
1285
  'bps_isl_custom_css_1' => $bps_isl_custom_css_1,
1286
  'bps_isl_custom_css_2' => $bps_isl_custom_css_2,
1287
  'bps_isl_custom_css_3' => $bps_isl_custom_css_3,
1288
  'bps_isl_custom_css_4' => $bps_isl_custom_css_4,
1289
+ 'bps_isl_user_account_exceptions' => $bps_isl_user_account_exceptions,
1290
  'bps_isl_administrator' => $bps_isl_administrator,
1291
  'bps_isl_editor' => $bps_isl_editor,
1292
  'bps_isl_author' => $bps_isl_author,
1293
  'bps_isl_contributor' => $bps_isl_contributor,
1294
  'bps_isl_subscriber' => $bps_isl_subscriber,
1295
  'bps_isl_tinymce' => $bps_isl_tinymce,
1296
+ 'bps_isl_uri_exclusions' => $bps_isl_uri_exclusions,
1297
  'bps_isl_custom_roles' => $Custom_Roles_array
1298
  );
1299
 
1318
  <div id="Idle-Session-Logout">
1319
 
1320
  <form name="IdleSessionLogout" action="<?php echo admin_url( 'admin.php?page=bulletproof-security/admin/login/login.php#bps-tabs-3' ); ?>" method="post">
1321
+
1322
+ <?php wp_nonce_field('bps_isl_logout');
1323
+ $BPS_ISL_options = get_option('bulletproof_security_options_idle_session');
1324
+ $ISL_on_off = isset($BPS_ISL_options['bps_isl']) ? $BPS_ISL_options['bps_isl'] : '';
1325
+ $ISL_timeout = ! empty($BPS_ISL_options['bps_isl_timeout']) ? $BPS_ISL_options['bps_isl_timeout'] : '60';
1326
+ $ISL_logout_url = ! empty($BPS_ISL_options['bps_isl_logout_url']) ? $BPS_ISL_options['bps_isl_logout_url'] : plugins_url('/bulletproof-security/isl-logout.php');
1327
+ $ISL_login_url = ! empty($BPS_ISL_options['bps_isl_login_url']) ? $BPS_ISL_options['bps_isl_login_url'] : site_url('/wp-login.php');
1328
+ $ISL_exclusions = isset($BPS_ISL_options['bps_isl_uri_exclusions']) ? $BPS_ISL_options['bps_isl_uri_exclusions'] : '';
1329
+ $ISL_message = isset($BPS_ISL_options['bps_isl_custom_message']) ? $BPS_ISL_options['bps_isl_custom_message'] : '';
1330
+ $ISL_css_1 = ! empty($BPS_ISL_options['bps_isl_custom_css_1']) ? $BPS_ISL_options['bps_isl_custom_css_1'] : 'background-color:#fff;line-height:normal;';
1331
+ $ISL_css_2 = ! empty($BPS_ISL_options['bps_isl_custom_css_2']) ? $BPS_ISL_options['bps_isl_custom_css_2'] : 'position:fixed;top:20%;left:0%;text-align:center;height:100%;width:100%;';
1332
+ $ISL_css_3 = ! empty($BPS_ISL_options['bps_isl_custom_css_3']) ? $BPS_ISL_options['bps_isl_custom_css_3'] : 'border:5px solid gray;background-color:#BCE2F1;';
1333
+ $ISL_css_4 = ! empty($BPS_ISL_options['bps_isl_custom_css_4']) ? $BPS_ISL_options['bps_isl_custom_css_4'] : 'font-family:Verdana, Arial, Helvetica, sans-serif;font-size:18px;font-weight:bold;';
1334
+ $ISL_exceptions = isset($BPS_ISL_options['bps_isl_user_account_exceptions']) ? $BPS_ISL_options['bps_isl_user_account_exceptions'] : '';
1335
+
1336
+ $bps_isl_administrator = ! empty($BPS_ISL_options['bps_isl_administrator']) ? checked( $BPS_ISL_options['bps_isl_administrator'], 1, false ) : '';
1337
+ $bps_isl_editor = ! empty($BPS_ISL_options['bps_isl_editor']) ? checked( $BPS_ISL_options['bps_isl_editor'], 1, false ) : '';
1338
+ $bps_isl_author = ! empty($BPS_ISL_options['bps_isl_author']) ? checked( $BPS_ISL_options['bps_isl_author'], 1, false ) : '';
1339
+ $bps_isl_contributor = ! empty($BPS_ISL_options['bps_isl_contributor']) ? checked( $BPS_ISL_options['bps_isl_contributor'], 1, false ) : '';
1340
+ $bps_isl_subscriber = ! empty($BPS_ISL_options['bps_isl_subscriber']) ? checked( $BPS_ISL_options['bps_isl_subscriber'], 1, false ) : '';
1341
  ?>
1342
+
1343
  <h3><?php _e('Idle Session Logout (ISL) Settings', 'bulletproof-security'); ?></h3>
1344
 
1345
  <table border="0">
1355
  <tr>
1356
  <td>
1357
  <label for="LSLog"><?php _e('Idle Session Logout Time in Minutes:', 'bulletproof-security'); ?></label><br />
1358
+ <input type="text" name="bps_isl_timeout" class="regular-text-250" value="<?php echo esc_html($ISL_timeout); ?>" />
1359
  </td>
1360
  </tr>
1361
  <tr>
1362
  <td>
1363
  <label for="LSLog"><?php _e('Idle Session Logout Page URL:', 'bulletproof-security'); ?></label><br />
1364
+ <input type="text" name="bps_isl_logout_url" class="regular-text-450" value="<?php echo esc_url($ISL_logout_url); ?>" />
1365
  </td>
1366
  </tr>
1367
  <tr>
1368
  <td>
1369
  <label for="LSLog"><?php _e('Idle Session Logout Page Login URL:', 'bulletproof-security'); ?></label><br />
1370
  <label><strong><i><?php _e('Enter/Type: "No" (without quotes) if you do not want a Login URL displayed.', 'bulletproof-security'); ?></i></strong></label><br />
1371
+ <input type="text" name="bps_isl_login_url" class="regular-text-450" value="<?php echo esc_url($ISL_login_url); ?>" />
1372
  </td>
1373
  </tr>
1374
  <tr>
1375
  <td>
1376
  <label for="LSLog"><?php _e('Idle Session Logout Exclude URLs|URIs:', 'bulletproof-security'); ?></label><br />
1377
  <label><strong><i><?php _e('Enter URIs separated by a comma and a space: /some-post/, /some-page/', 'bulletproof-security'); ?></i></strong></label><br />
1378
+ <textarea style="width:450px" class="PFW-Allow-From-Text-Area" name="bps_isl_uri_exclusions" tabindex="1"><?php echo esc_textarea($ISL_exclusions); ?></textarea>
1379
  <input type="hidden" name="scrolltoISLMessage" id="scrolltoISLMessage" value="<?php echo esc_html( $scrolltoISLMessage ); ?>" />
1380
  </td>
1381
  </tr>
1382
  <tr>
1383
  <td>
1384
  <label for="LSLog"><?php _e('Idle Session Logout Page Custom Message:', 'bulletproof-security'); ?></label><br />
1385
+ <textarea style="width:450px" class="PFW-Allow-From-Text-Area" name="bps_isl_custom_message" tabindex="1"><?php echo esc_textarea($ISL_message); ?></textarea>
1386
  <input type="hidden" name="scrolltoISLMessage" id="scrolltoISLMessage" value="<?php echo esc_html( $scrolltoISLMessage ); ?>" />
1387
  </td>
1388
  </tr>
1390
  <td>
1391
  <label for="LSLog"><?php _e('Idle Session Logout Page Custom CSS Style:', 'bulletproof-security'); ?></label><br />
1392
  <label><strong><?php echo 'body CSS property'; ?></strong></label><br />
1393
+ <input type="text" id="crypt33" name="bps_isl_custom_css_1" class="regular-text-450" value="<?php echo esc_html($ISL_css_1); ?>" />
1394
  <br />
1395
  <label><strong><?php echo '#bpsMessage CSS property'; ?></strong></label><br />
1396
+ <input type="text" id="crypt34" name="bps_isl_custom_css_2" class="regular-text-450" value="<?php echo esc_html($ISL_css_2); ?>" />
1397
  <br />
1398
  <label><strong><?php echo '#bpsMessageTextBox CSS property'; ?></strong></label><br />
1399
+ <input type="text" id="crypt35" name="bps_isl_custom_css_3" class="regular-text-450" value="<?php echo esc_html($ISL_css_3); ?>" />
1400
  <br />
1401
  <label><strong><?php echo 'p CSS property'; ?></strong></label><br />
1402
+ <input type="text" id="crypt36" name="bps_isl_custom_css_4" class="regular-text-450" value="<?php echo esc_html($ISL_css_4); ?>" />
1403
  <br />
1404
  </td>
1405
  </tr>
1408
  <label for="LSLog"><?php _e('User Account Exceptions:', 'bulletproof-security'); ?></label><br />
1409
  <label for="LSLog"><i><?php _e('Enter User Account names separated by a comma and a space: johnDoe, janeDoe', 'bulletproof-security'); ?></i></label><br />
1410
  <label for="LSLog"><i><?php _e('Idle Session Logout Time Will Not Be Applied For These User Accounts.', 'bulletproof-security'); ?></i></label><br />
1411
+ <input type="text" name="bps_isl_user_account_exceptions" class="regular-text-450" value="<?php echo esc_html($ISL_exceptions); ?>" />
1412
  </td>
1413
  </tr>
1414
  <tr>
1416
  <label><strong><?php _e('Enable|Disable Idle Session Logouts For These User Roles: ', 'bulletproof-security'); ?></strong></label><br />
1417
  <label><strong><i><?php _e('Check to Enable. Uncheck to Disable. See the Question Mark help button for details.', 'bulletproof-security'); ?></i></strong></label><br />
1418
  <div id="Roles-scroller">
1419
+ <input type="checkbox" name="bps_isl_administrator" value="1" <?php echo esc_html($bps_isl_administrator); ?> /><label><?php _e(' Administrator', 'bulletproof-security'); ?></label><br />
1420
+ <input type="checkbox" name="bps_isl_editor" value="1" <?php echo esc_html($bps_isl_editor); ?> /><label><?php _e(' Editor', 'bulletproof-security'); ?></label><br />
1421
+ <input type="checkbox" name="bps_isl_author" value="1" <?php echo esc_html($bps_isl_author); ?> /><label><?php _e(' Author', 'bulletproof-security'); ?></label><br />
1422
+ <input type="checkbox" name="bps_isl_contributor" value="1" <?php echo esc_html($bps_isl_contributor); ?> /><label><?php _e(' Contributor', 'bulletproof-security'); ?></label><br />
1423
+ <input type="checkbox" name="bps_isl_subscriber" value="1" <?php echo esc_html($bps_isl_subscriber); ?> /><label><?php _e(' Subscriber', 'bulletproof-security'); ?></label><br />
1424
 
1425
  <?php
1426
 
1428
 
1429
  if ( $role_name != 'administrator' && $role_name != 'editor' && $role_name != 'author' && $role_name != 'contributor' && $role_name != 'subscriber' ) {
1430
 
1431
+ $bps_isl_custom_roles = ! empty($BPS_ISL_options['bps_isl_custom_roles'][$role_name]) ? checked( $BPS_ISL_options['bps_isl_custom_roles'][$role_name], 1, false ) : '';
1432
+
1433
  echo "<input type=\"checkbox\" name=\"bps_isl_custom_roles[$role_name]\" value=\"1\"";
1434
+ echo esc_html($bps_isl_custom_roles);
1435
+ echo " /><label> ". esc_html($role_info['name']) ."</label>".'<br>';
 
 
1436
  }
1437
  }
1438
  ?>
1591
  $bps_ace_subscriber = ! empty($_POST['bps_ace_subscriber']) ? '1' : '';
1592
  $bps_ace_rememberme_disable = ! empty($_POST['bps_ace_rememberme_disable']) ? '1' : '';
1593
 
1594
+ $bps_ace_expiration = sanitize_text_field($_POST['bps_ace_expiration']);
1595
+ $bps_ace_rememberme_expiration = sanitize_text_field($_POST['bps_ace_rememberme_expiration']);
1596
+ $bps_ace_user_account_exceptions = sanitize_text_field($_POST['bps_ace_user_account_exceptions']);
1597
+
1598
  $ACE_Options = array(
1599
  'bps_ace' => $_POST['bps_ace'],
1600
+ 'bps_ace_expiration' => $bps_ace_expiration,
1601
+ 'bps_ace_rememberme_expiration' => $bps_ace_rememberme_expiration,
1602
+ 'bps_ace_user_account_exceptions' => $bps_ace_user_account_exceptions,
1603
  'bps_ace_administrator' => $bps_ace_administrator,
1604
  'bps_ace_editor' => $bps_ace_editor,
1605
  'bps_ace_author' => $bps_ace_author,
1628
  ?>
1629
 
1630
  <form name="ACELogout" action="<?php echo admin_url( 'admin.php?page=bulletproof-security/admin/login/login.php#bps-tabs-3' ); ?>" method="post">
1631
+ <?php wp_nonce_field('bps_auth_cookie_expiration');
1632
+ $BPS_ACE_options = get_option('bulletproof_security_options_auth_cookie');
1633
+ $ACE_on_off = ! isset($BPS_ACE_options['bps_ace']) ? '' : $BPS_ACE_options['bps_ace'];
1634
+ $ACE_Expiration = ! empty($BPS_ACE_options['bps_ace_expiration']) ? $BPS_ACE_options['bps_ace_expiration'] : '2880';
1635
+ $ACE_RM_Expiration = ! empty($BPS_ACE_options['bps_ace_rememberme_expiration']) ? $BPS_ACE_options['bps_ace_rememberme_expiration'] : '20160';
1636
+ $ACE_exceptions = isset($BPS_ACE_options['bps_ace_user_account_exceptions']) ? esc_html($BPS_ACE_options['bps_ace_user_account_exceptions']) : '';
1637
+
1638
+ $bps_ace_administrator = ! empty($BPS_ACE_options['bps_ace_administrator']) ? checked( $BPS_ACE_options['bps_ace_administrator'], 1, false ) : '';
1639
+ $bps_ace_editor = ! empty($BPS_ACE_options['bps_ace_editor']) ? checked( $BPS_ACE_options['bps_ace_editor'], 1, false ) : '';
1640
+ $bps_ace_author = ! empty($BPS_ACE_options['bps_ace_author']) ? checked( $BPS_ACE_options['bps_ace_author'], 1, false ) : '';
1641
+ $bps_ace_contributor = ! empty($BPS_ACE_options['bps_ace_contributor']) ? checked( $BPS_ACE_options['bps_ace_contributor'], 1, false ) : '';
1642
+ $bps_ace_subscriber = ! empty($BPS_ACE_options['bps_ace_subscriber']) ? checked( $BPS_ACE_options['bps_ace_subscriber'], 1, false ) : '';
1643
  ?>
1644
+
1645
  <table border="0">
1646
  <tr>
1647
  <td>
1656
  <td>
1657
  <label for="LSLog"><?php _e('Auth Cookie Expiration Time in Minutes:', 'bulletproof-security'); ?></label><br />
1658
  <label for="LSLog"><?php _e('WP Default setting is 2880 Minutes/2 Days:', 'bulletproof-security'); ?></label><br />
1659
+ <input type="text" name="bps_ace_expiration" class="regular-text-250" value="<?php echo esc_html($ACE_Expiration); ?>" />
1660
  </td>
1661
  </tr>
1662
  <tr>
1663
  <td>
1664
  <label for="LSLog"><?php _e('Remember Me Auth Cookie Expiration Time in Minutes:', 'bulletproof-security'); ?></label><br />
1665
  <label for="LSLog"><?php _e('WP Default setting is 20160 Minutes/14 Days:', 'bulletproof-security'); ?></label><br />
1666
+ <input type="text" name="bps_ace_rememberme_expiration" class="regular-text-250" value="<?php echo esc_html($ACE_RM_Expiration); ?>" />
1667
  </td>
1668
  </tr>
1669
  <tr>
1678
  <label for="LSLog"><?php _e('User Account Exceptions:', 'bulletproof-security'); ?></label><br />
1679
  <label for="LSLog"><i><?php _e('Enter User Account names separated by a comma and a space: johnDoe, janeDoe', 'bulletproof-security'); ?></i></label><br />
1680
  <label for="LSLog"><i><?php _e('Auth Cookie Expiration Time Will Not Be Applied To These User Accounts.', 'bulletproof-security'); ?></i></label><br />
1681
+ <input type="text" name="bps_ace_user_account_exceptions" class="regular-text-450" value="<?php echo esc_html($ACE_exceptions); ?>" />
1682
  </td>
1683
  </tr>
1684
  <tr>
1685
  <td>
1686
  <label><strong><?php _e('Enable|Disable Auth Cookie Expiration Time For These User Roles: ', 'bulletproof-security'); ?></strong></label><br />
1687
  <label><strong><i><?php _e('Check to Enable. Uncheck to Disable. See the Question Mark help button for details.', 'bulletproof-security'); ?></i></strong></label><br />
1688
+
1689
  <div id="Roles-scroller">
1690
+ <input type="checkbox" name="bps_ace_administrator" value="1" <?php echo esc_html($bps_ace_administrator); ?> /><label><?php _e(' Administrator', 'bulletproof-security'); ?></label><br />
1691
+ <input type="checkbox" name="bps_ace_editor" value="1" <?php echo esc_html($bps_ace_editor); ?> /><label><?php _e(' Editor', 'bulletproof-security'); ?></label><br />
1692
+ <input type="checkbox" name="bps_ace_author" value="1" <?php echo esc_html($bps_ace_author); ?> /><label><?php _e(' Author', 'bulletproof-security'); ?></label><br />
1693
+ <input type="checkbox" name="bps_ace_contributor" value="1" <?php echo esc_html($bps_ace_contributor); ?> /><label><?php _e(' Contributor', 'bulletproof-security'); ?></label><br />
1694
+ <input type="checkbox" name="bps_ace_subscriber" value="1" <?php echo esc_html($bps_ace_subscriber); ?> /><label><?php _e(' Subscriber', 'bulletproof-security'); ?></label><br />
1695
 
1696
  <?php
1697
 
1699
 
1700
  if ( $role_name != 'administrator' && $role_name != 'editor' && $role_name != 'author' && $role_name != 'contributor' && $role_name != 'subscriber' ) {
1701
 
1702
+ $bps_ace_custom_roles = ! empty($BPS_ACE_options['bps_ace_custom_roles'][$role_name]) ? checked( $BPS_ACE_options['bps_ace_custom_roles'][$role_name], 1, false ) : '';
1703
+
1704
  echo "<input type=\"checkbox\" name=\"bps_ace_custom_roles[$role_name]\" value=\"1\"";
1705
+ echo esc_html($bps_ace_custom_roles);
1706
+ echo " /><label> ". esc_html($role_info['name']) ."</label>".'<br>';
 
 
1707
  }
1708
  }
1709
  ?>
1725
 
1726
  </div>
1727
 
 
 
1728
  <div id="bps-tabs-4" class="bps-tab-page" style="">
1729
 
1730
  <table width="100%" border="0" cellspacing="0" cellpadding="0" class="bps-help_faq_table">
1763
  $bps_fsp_upper_case = ! empty($_POST['bps_fsp_upper_case']) ? '1' : '';
1764
  $bps_fsp_number = ! empty($_POST['bps_fsp_number']) ? '1' : '';
1765
  $bps_fsp_special_char = ! empty($_POST['bps_fsp_special_char']) ? '1' : '';
1766
+
1767
+ $bps_fsp_char_length = sanitize_text_field($_POST['bps_fsp_char_length']);
1768
+ $bps_fsp_message = sanitize_textarea_field($_POST['bps_fsp_message']);
1769
 
1770
  $FSP_Options = array(
1771
  'bps_fsp_on_off' => $_POST['bps_fsp_on_off'],
1772
+ 'bps_fsp_char_length' => $bps_fsp_char_length,
1773
  'bps_fsp_lower_case' => $bps_fsp_lower_case,
1774
  'bps_fsp_upper_case' => $bps_fsp_upper_case,
1775
  'bps_fsp_number' => $bps_fsp_number,
1776
  'bps_fsp_special_char' => $bps_fsp_special_char,
1777
+ 'bps_fsp_message' => $bps_fsp_message
1778
  );
1779
 
1780
  foreach( $FSP_Options as $key => $value ) {
1803
  <?php
1804
  wp_nonce_field('bps_fsp_settings');
1805
  $BPS_FSP_options = get_option('bulletproof_security_options_fsp');
1806
+ $bps_fsp_on_off = isset($BPS_FSP_options['bps_fsp_on_off']) ? $BPS_FSP_options['bps_fsp_on_off'] : '';
1807
+ $bps_fsp_char_length = ! empty($BPS_FSP_options['bps_fsp_char_length']) ? $BPS_FSP_options['bps_fsp_char_length'] : '12';
1808
+ $FSP_Message = ! empty($BPS_FSP_options['bps_fsp_message']) ? $BPS_FSP_options['bps_fsp_message'] : 'Password must contain 1 lowercase letter, 1 uppercase letter, 1 number, 1 special character and be a minimum of 12 characters long.';
1809
+
1810
+ $bps_fsp_lower_case = ! empty($BPS_FSP_options['bps_fsp_lower_case']) ? checked( $BPS_FSP_options['bps_fsp_lower_case'], 1, false ) : '';
1811
+ $bps_fsp_upper_case = ! empty($BPS_FSP_options['bps_fsp_upper_case']) ? checked( $BPS_FSP_options['bps_fsp_upper_case'], 1, false ) : '';
1812
+ $bps_fsp_number = ! empty($BPS_FSP_options['bps_fsp_number']) ? checked( $BPS_FSP_options['bps_fsp_number'], 1, false ) : '';
1813
+ $bps_fsp_special_char = ! empty($BPS_FSP_options['bps_fsp_special_char']) ? checked( $BPS_FSP_options['bps_fsp_special_char'], 1, false ) : '';
1814
  ?>
1815
 
1816
  <table border="0">
1824
  </tr>
1825
  <tr>
1826
  <td><label for="LSLog"><?php _e('Password Character Length:', 'bulletproof-security'); ?></label></td>
1827
+ <td><input type="text" name="bps_fsp_char_length" class="regular-text-150" style="width:120px;" value="<?php echo esc_html($bps_fsp_char_length); ?>" /></td>
1828
  <td><label for="LSLog" style="margin:0px 0px 0px 5px;font-style:italic;font-weight:normal;"><?php _e('Example: 12', 'bulletproof-security'); ?></label></td>
1829
  </tr>
1830
  </table>
1833
 
1834
  <label><strong><?php _e('Password Criteria Requirements: ', 'bulletproof-security'); ?></strong></label><br />
1835
  <label><i><?php _e('Check to require. Uncheck to remove requirement.', 'bulletproof-security'); ?></i></label><br />
1836
+ <input type="checkbox" name="bps_fsp_lower_case" value="1" <?php echo esc_html($bps_fsp_lower_case); ?> /><label><?php _e(' At least 1 lowercase letter', 'bulletproof-security'); ?></label><br />
1837
+ <input type="checkbox" name="bps_fsp_upper_case" value="1" <?php echo esc_html($bps_fsp_upper_case); ?> /><label><?php _e(' At least 1 uppercase letter', 'bulletproof-security'); ?></label><br />
1838
+ <input type="checkbox" name="bps_fsp_number" value="1" <?php echo esc_html($bps_fsp_number); ?> /><label><?php _e(' At least 1 number', 'bulletproof-security'); ?></label><br />
1839
+ <input type="checkbox" name="bps_fsp_special_char" value="1" <?php echo esc_html($bps_fsp_special_char); ?> /><label><?php _e(' At least 1 special character', 'bulletproof-security'); ?></label><br />
1840
 
1841
  <br />
1842
 
1844
  <tr>
1845
  <td>
1846
  <label for="LSLog"><?php _e('Displayed Message/Error Message:', 'bulletproof-security'); ?></label><br />
1847
+ <textarea class="PFW-Allow-From-Text-Area" name="bps_fsp_message" tabindex="1"><?php echo esc_textarea($FSP_Message); ?></textarea>
1848
  <input type="hidden" name="scrolltoFSPMessage" id="scrolltoFSPMessage" value="<?php echo esc_html( $scrolltoFSPMessage ); ?>" />
1849
  </td>
1850
  </tr>
1876
  </tr>
1877
  </table>
1878
  </div>
1879
+ <?php echo $bps_footer; ?>
 
 
1880
  </div>
1881
  </div>
admin/maintenance/maintenance.php CHANGED
@@ -43,7 +43,7 @@ _e('Maintenance Mode', 'bulletproof-security');
43
 
44
  <?php
45
  // General all purpose "Settings Saved." message for forms
46
- if ( current_user_can('manage_options') && wp_script_is( 'bps-accordion', $list = 'queue' ) ) {
47
  if ( isset( $_GET['settings-updated'] ) && $_GET['settings-updated'] == true ) {
48
  $text = '<p style="font-size:1em;font-weight:bold;padding:2px 0px 2px 5px;margin:0px -11px 0px -11px;background-color:#dfecf2;-webkit-box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);""><font color="green"><strong>'.__('Settings Saved', 'bulletproof-security').'</strong></font></p>';
49
  echo $text;
@@ -255,21 +255,21 @@ if ( isset( $_POST['Submit-Maintenance-Mode-Form'] ) && current_user_can('manage
255
  return;
256
  }
257
 
258
- if ( empty($_POST['mmode_time']) ) {
259
- $bps_maint_time = '0';
260
  } else {
261
- $bps_maint_time = $_POST['mmode_time'];
262
  }
263
 
264
- if ( empty($_POST['mmode_retry_after']) ) {
265
- $bps_maint_retry_after = '0';
266
  } else {
267
- $bps_maint_retry_after = $_POST['mmode_retry_after'];
268
  }
269
 
270
- if ( empty($_POST['mmode_ip_allowed']) ) {
271
  echo $bps_topDiv;
272
- $text = '<font color="#fb0101"><strong>'.__('Error: You did not enter an IP Address in the Maintenance Mode IP Address Whitelist Text Box.', 'bulletproof-security').'</strong></font>';
273
  echo $text;
274
  echo $bps_bottomDiv;
275
  return;
@@ -279,12 +279,49 @@ if ( isset( $_POST['Submit-Maintenance-Mode-Form'] ) && current_user_can('manage
279
  $bps_maint_ip_allowed = trim( $_POST['mmode_ip_allowed'], ", \t\n\r");
280
  }
281
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
282
  $bps_maint_frontend = ! empty($_POST['mmode_frontend']) ? '1' : '';
283
  $bps_maint_show_visitor_ip = ! empty($_POST['mmode_visitor_ip']) ? '1' : '';
284
  $bps_maint_show_login_link = ! empty($_POST['mmode_login_link']) ? '1' : '';
285
  $bps_maint_dashboard_reminder = ! empty($_POST['mmode_dashboard_reminder']) ? '1' : '';
286
  $bps_maint_log_visitors = ! empty($_POST['mmode_log_visitors']) ? '1' : '';
287
  $bps_maint_countdown_email = ! empty($_POST['mmode_countdown_email']) ? '1' : '';
 
 
 
 
 
 
 
 
 
 
288
 
289
  $BPS_Options = array(
290
  'bps_maint_on_off' => $bps_maint_on_off,
@@ -295,7 +332,7 @@ if ( isset( $_POST['Submit-Maintenance-Mode-Form'] ) && current_user_can('manage
295
  'bps_maint_frontend' => $bps_maint_frontend,
296
  'bps_maint_backend' => $bps_maint_backend,
297
  'bps_maint_ip_allowed' => $bps_maint_ip_allowed,
298
- 'bps_maint_text' => $_POST['bpscustomeditor'],
299
  'bps_maint_background_images' => $_POST['mmode_background_images'],
300
  'bps_maint_center_images' => $_POST['mmode_center_images'],
301
  'bps_maint_background_color' => $_POST['mmode_background_color'],
@@ -304,10 +341,10 @@ if ( isset( $_POST['Submit-Maintenance-Mode-Form'] ) && current_user_can('manage
304
  'bps_maint_dashboard_reminder' => $bps_maint_dashboard_reminder,
305
  'bps_maint_log_visitors' => $bps_maint_log_visitors,
306
  'bps_maint_countdown_email' => $bps_maint_countdown_email,
307
- 'bps_maint_email_to' => $_POST['mmode_email_to'],
308
- 'bps_maint_email_from' => $_POST['mmode_email_from'],
309
- 'bps_maint_email_cc' => $_POST['mmode_email_cc'],
310
- 'bps_maint_email_bcc' => $_POST['mmode_email_bcc'],
311
  'bps_maint_mu_entire_site' => $bps_maint_mu_entire_site,
312
  'bps_maint_mu_subsites_only' => $bps_maint_mu_subsites_only
313
  );
@@ -320,8 +357,19 @@ if ( isset( $_POST['Submit-Maintenance-Mode-Form'] ) && current_user_can('manage
320
  $MMoptions = get_option('bulletproof_security_options_maint_mode');
321
  $bps_maintenance_file = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/bps-maintenance.php';
322
  $bps_maintenance_values = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/bps-maintenance-values.php';
323
- $bps_maint_time = time() + ( $MMoptions['bps_maint_time'] * 60 );
 
 
 
 
 
324
 
 
 
 
 
 
 
325
  if ( is_multisite() ) {
326
 
327
  if ( is_subdomain_install() ) {
@@ -356,27 +404,31 @@ if ( isset( $_POST['Submit-Maintenance-Mode-Form'] ) && current_user_can('manage
356
  $primary_site_uri_path = '';
357
  }
358
 
 
 
 
 
359
  $bps_maint_content = '<?php'."\n".'# BEGIN BPS MAINTENANCE MODE'."\n"
360
- .'$bps_maint_countdown_timer = \''.$MMoptions['bps_maint_countdown_timer'].'\';'."\n"
361
  .'$bps_maint_countdown_timer_color = \''.$MMoptions['bps_maint_countdown_timer_color'].'\';'."\n"
362
  .'$bps_maint_time = \''.$bps_maint_time.'\';'."\n"
363
- .'$bps_maint_retry_after = \''.$MMoptions['bps_maint_retry_after'].'\';'."\n"
364
- .'$bps_maint_text = "'.str_replace( array("\&#039;", "\'") , "'", htmlspecialchars_decode( $MMoptions['bps_maint_text'], ENT_QUOTES) ).'";'."\n"
365
  .'$bps_maint_background_images = \''.$MMoptions['bps_maint_background_images'].'\';'."\n"
366
  .'$bps_maint_center_images = \''.$MMoptions['bps_maint_center_images'].'\';'."\n"
367
  .'$bps_maint_background_color = \''.$MMoptions['bps_maint_background_color'].'\';'."\n"
368
- .'$bps_maint_show_visitor_ip = \''.$MMoptions['bps_maint_show_visitor_ip'].'\';'."\n"
369
- .'$bps_maint_show_login_link = \''.$MMoptions['bps_maint_show_login_link'].'\';'."\n"
370
  .'$bps_maint_login_link = \''.get_site_url().'/wp-admin/' .'\';'."\n"
371
- .'$bps_maint_log_visitors = \''.$MMoptions['bps_maint_log_visitors'].'\';'."\n"
372
- .'$bps_maint_countdown_email = \''.$MMoptions['bps_maint_countdown_email'].'\';'."\n"
373
- .'$bps_maint_email_to = \''.$MMoptions['bps_maint_email_to'].'\';'."\n"
374
- .'$bps_maint_email_from = \''.$MMoptions['bps_maint_email_from'].'\';'."\n"
375
- .'$bps_maint_email_cc = \''.$MMoptions['bps_maint_email_cc'].'\';'."\n"
376
- .'$bps_maint_email_bcc = \''.$MMoptions['bps_maint_email_bcc'].'\';'."\n"
377
  .'# BEGIN BPS MAINTENANCE MODE PRIMARY SITE'."\n"
378
- .'$all_sites = \''.$MMoptions['bps_maint_mu_entire_site'].'\';'."\n"
379
- .'$all_subsites = \''.$MMoptions['bps_maint_mu_subsites_only'].'\';'."\n"
380
  .'$primary_site_uri = \''.$primary_site_uri_path.'\';'."\n"
381
  .'# END BPS MAINTENANCE MODE PRIMARY SITE'."\n"
382
  .'# END BPS MAINTENANCE MODE'."\n".'?>';
@@ -524,19 +576,30 @@ function bps_get_proxy_real_ip_address_maint() {
524
  wp_nonce_field('bpsMaintenanceMode');
525
  bpsPro_maintenance_mode_values_form();
526
  $MMoptions = get_option('bulletproof_security_options_maint_mode');
527
-
 
 
528
  $bps_maint_text = ! isset($MMoptions['bps_maint_text']) ? '' : $MMoptions['bps_maint_text'];
529
  $bps_maint_countdown_timer_color = ! isset($MMoptions['bps_maint_countdown_timer_color']) ? '' : $MMoptions['bps_maint_countdown_timer_color'];
530
- $bps_maint_time = isset($MMoptions['bps_maint_time']) ? esc_html($MMoptions['bps_maint_time']) : esc_html('');
531
- $bps_maint_retry_after = isset($MMoptions['bps_maint_retry_after']) ? esc_html($MMoptions['bps_maint_retry_after']) : esc_html('');
532
- $bps_maint_ip_allowed = isset($MMoptions['bps_maint_ip_allowed']) ? esc_html($MMoptions['bps_maint_ip_allowed']) : esc_html('');
 
 
533
  $bps_maint_background_images = ! isset($MMoptions['bps_maint_background_images']) ? '' : $MMoptions['bps_maint_background_images'];
534
  $bps_maint_center_images = ! isset($MMoptions['bps_maint_center_images']) ? '' : $MMoptions['bps_maint_center_images'];
535
  $bps_maint_background_color = ! isset($MMoptions['bps_maint_background_color']) ? '' : $MMoptions['bps_maint_background_color'];
536
- $bps_maint_email_to = isset($MMoptions['bps_maint_email_to']) ? esc_html($MMoptions['bps_maint_email_to']) : esc_html('');
537
- $bps_maint_email_from = isset($MMoptions['bps_maint_email_to']) ? esc_html($MMoptions['bps_maint_email_to']) : esc_html('');
538
- $bps_maint_email_cc = isset($MMoptions['bps_maint_email_to']) ? esc_html($MMoptions['bps_maint_email_to']) : esc_html('');
539
- $bps_maint_email_bcc = isset($MMoptions['bps_maint_email_to']) ? esc_html($MMoptions['bps_maint_email_to']) : esc_html('');
 
 
 
 
 
 
 
540
  ?>
541
 
542
  <div id="bps-accordion-3" class="bps-accordion-main-2" style="">
@@ -546,7 +609,6 @@ function bps_get_proxy_real_ip_address_maint() {
546
  <label for="mmode"><?php _e('Maintenance Mode Text, CSS Style Code, Images, Videos Displayed To Website Visitors:', 'bulletproof-security'); ?></label><br />
547
  <label for="mmode"><?php _e('Click the Maintenance Mode Guide link in the Question Mark help button above for CSS Code, Image & Video Embed examples.', 'bulletproof-security'); ?></label><br /><br />
548
 
549
- <!-- Note: wp_editor/TinyMCE causes XAMPP Apache server crash: XAMPP: 1.8.1, pcre.dll, PHP 5.4.7 (VC9 X86 32bit thread safe) + PEAR -->
550
  <div class="mmode-tinymce">
551
  <?php wp_editor( stripslashes( htmlspecialchars_decode( $bps_maint_text, ENT_QUOTES ) ), 'bpscustomeditor' ); ?><br />
552
  </div>
@@ -556,7 +618,7 @@ function bps_get_proxy_real_ip_address_maint() {
556
  <h3><?php _e('MMode Option Settings', 'bulletproof-security'); ?></h3>
557
  <div id="mmode-accordion-inner">
558
 
559
- <input type="checkbox" name="mmode_countdown_timer" style="margin-top:5px;" value="1" <?php if ( empty( $MMoptions['bps_maint_countdown_timer'] ) ) { echo ''; } else { checked( $MMoptions['bps_maint_countdown_timer'], 1 ); } ?> /><label for="mmode"><?php _e('Enable Countdown Timer', 'bulletproof-security'); ?></label><br /><br />
560
 
561
  <label for="mmode"><?php _e('Countdown Timer Text Color:', 'bulletproof-security'); ?></label><br />
562
  <select name="mmode_countdown_timer_color" class="form-340">
@@ -568,20 +630,20 @@ function bps_get_proxy_real_ip_address_maint() {
568
 
569
  <label for="mmode"><?php _e('Maintenance Mode Time (in Minutes):', 'bulletproof-security'); ?></label><br />
570
  <label for="mmode"><?php _e('Example: 10 = 10 minutes, 180 = 3 hours, 1440 = 24 hours.', 'bulletproof-security'); ?></label><br />
571
- <input type="text" name="mmode_time" class="regular-text-340" value="<?php echo $bps_maint_time; ?>" /><br /><br />
572
 
573
  <label for="mmode"><?php _e('Header Retry-After (Enter the same time as above):', 'bulletproof-security'); ?></label><br />
574
  <label for="mmode"><?php _e('Example: 10 = 10 minutes, 180 = 3 hours, 1440 = 24 hours.', 'bulletproof-security'); ?></label><br />
575
- <input type="text" name="mmode_retry_after" class="regular-text-340" value="<?php echo $bps_maint_retry_after; ?>" /><br /><br />
576
 
577
- <input type="checkbox" name="mmode_frontend" value="1" <?php if ( empty( $MMoptions['bps_maint_frontend'] ) ) { echo ''; } else { checked( $MMoptions['bps_maint_frontend'], 1 ); } ?> /><label for="mmode"><?php _e('Enable FrontEnd Maintenance Mode', 'bulletproof-security'); ?></label><br /><br />
578
 
579
  <?php if ( is_multisite() && $blog_id != 1 ) { echo '<div style="margin:0px 0px 0px 0px;"></div>'; } else { ?>
580
 
581
  <div id="mmode-caution">
582
  <?php $text = '<font color="#fb0101">'.__('CAUTION: ', 'bulletproof-security').'</font><font color="blue">'.__('You MUST enter Your Current IP Address or the Recommended IP Address if you Enable BackEnd Maintenance Mode or you will be locked out of your WordPress Dashboard.', 'bulletproof-security').'</font>'; echo $text; ?>
583
  </div>
584
- <input type="checkbox" name="mmode_backend" value="1" <?php if ( empty( $MMoptions['bps_maint_backend'] ) ) { echo ''; } else { checked( $MMoptions['bps_maint_backend'], 1 ); } ?> /><label for="mmode"><?php _e('Enable BackEnd Maintenance Mode ', 'bulletproof-security'); ?></label><br /><br />
585
 
586
  <?php }
587
 
@@ -595,7 +657,7 @@ function bps_get_proxy_real_ip_address_maint() {
595
  <?php bps_get_proxy_real_ip_address_maint(); ?>
596
 
597
  <input type="hidden" name="scrolltommode1" id="scrolltommode1" value="<?php echo esc_html( $scrolltommode1 ); ?>" />
598
- <textarea style="width:340px" class="PFW-Allow-From-Text-Area" name="mmode_ip_allowed" id="mmode_ip_allowed" tabindex="1"><?php echo trim( $bps_maint_ip_allowed, ", \t\n\r"); ?></textarea><br /><br />
599
 
600
  <label for="mmode"><?php _e('Background Images:', 'bulletproof-security'); ?></label><br />
601
  <select name="mmode_background_images" class="form-340">
@@ -650,24 +712,24 @@ function bps_get_proxy_real_ip_address_maint() {
650
  <option value="gray" <?php selected('gray', $bps_maint_background_color); ?>><?php _e('Gray', 'bulletproof-security'); ?></option>
651
  </select><br /><br />
652
 
653
- <input type="checkbox" name="mmode_visitor_ip" value="1" <?php if ( empty( $MMoptions['bps_maint_show_visitor_ip'] ) ) { echo ''; } else { checked( $MMoptions['bps_maint_show_visitor_ip'], 1 ); } ?> /><label for="mmode"><?php _e('Display Visitor IP Address', 'bulletproof-security'); ?></label><br /><br />
654
 
655
- <input type="checkbox" name="mmode_login_link" value="1" <?php if ( empty( $MMoptions['bps_maint_show_login_link'] ) ) { echo ''; } else { checked( $MMoptions['bps_maint_show_login_link'], 1 ); } ?> /><label for="mmode"><?php _e('Display Admin|Login Link', 'bulletproof-security'); ?></label><br /><br />
656
 
657
- <input type="checkbox" name="mmode_dashboard_reminder" value="1" <?php if ( empty( $MMoptions['bps_maint_dashboard_reminder'] ) ) { echo ''; } else { checked( $MMoptions['bps_maint_dashboard_reminder'], 1 ); } ?> /><label for="mmode"><?php _e('Display Dashboard Reminder Message', 'bulletproof-security'); ?></label><br /><br />
658
 
659
- <input type="checkbox" name="mmode_log_visitors" value="1" <?php if ( empty( $MMoptions['bps_maint_log_visitors'] ) ) { echo ''; } else { checked( $MMoptions['bps_maint_log_visitors'], 1 ); } ?> /><label for="mmode"><?php _e('Enable Visitor Logging', 'bulletproof-security'); ?></label><br /><br />
660
 
661
- <input type="checkbox" name="mmode_countdown_email" value="1" <?php if ( empty( $MMoptions['bps_maint_countdown_email'] ) ) { echo ''; } else { checked( $MMoptions['bps_maint_countdown_email'], 1 ); } ?> /><label for="mmode"><?php _e('Send Email when Countdown Timer has completed', 'bulletproof-security'); ?></label><br /><br />
662
 
663
  <strong><label for="mmode-email"><?php _e('Send Countdown Timer Email To:', 'bulletproof-security'); ?> </label></strong><br />
664
- <input type="text" name="mmode_email_to" class="regular-text-340" value="<?php echo $bps_maint_email_to; ?>" /><br />
665
  <strong><label for="mmode-email"><?php _e('Send Countdown Timer Email From:', 'bulletproof-security'); ?> </label></strong><br />
666
- <input type="text" name="mmode_email_from" class="regular-text-340" value="<?php echo $bps_maint_email_from; ?>" /><br />
667
  <strong><label for="mmode-email"><?php _e('Send Countdown Timer Email Cc:', 'bulletproof-security'); ?> </label></strong><br />
668
- <input type="text" name="mmode_email_cc" class="regular-text-340" value="<?php echo $bps_maint_email_cc; ?>" /><br />
669
  <strong><label for="mmode-email"><?php _e('Send Countdown Timer Email Bcc:', 'bulletproof-security'); ?> </label></strong><br />
670
- <input type="text" name="mmode_email_bcc" class="regular-text-340" value="<?php echo $bps_maint_email_bcc; ?>" /><br />
671
 
672
  </div>
673
 
@@ -679,9 +741,9 @@ function bps_get_proxy_real_ip_address_maint() {
679
  <?php if ( is_multisite() && $blog_id != 1 ) { echo '<div style="margin:0px 0px 10px 0px;"></div>'; } else { ?>
680
 
681
  <strong><label for="mmode" style="color:#2271b1;"><?php _e('Click the Maintenance Mode Question Mark help button for the steps to use these special options:', 'bulletproof-security'); ?></label></strong><br /><br />
682
- <input type="checkbox" name="mmode_mu_entire_site" value="1" <?php if ( empty( $MMoptions['bps_maint_mu_entire_site'] ) ) { echo ''; } else { checked( $MMoptions['bps_maint_mu_entire_site'], 1 ); } ?> /><label for="mmode"><?php _e('Put The Primary Site And All Subsites In Maintenance Mode', 'bulletproof-security'); ?></label><br /><br />
683
 
684
- <input type="checkbox" name="mmode_mu_subsites_only" value="1" <?php if ( empty( $MMoptions['bps_maint_mu_subsites_only'] ) ) { echo ''; } else { checked( $MMoptions['bps_maint_mu_subsites_only'], 1 ); } ?> /><label for="mmode"><?php _e('Put All Subsites In Maintenance Mode, But Not The Primary Site', 'bulletproof-security'); ?></label><br /><br />
685
 
686
  <?php } ?>
687
 
@@ -801,12 +863,13 @@ global $bps_topDiv, $bps_bottomDiv;
801
  $format_error_2 = '/,[^\s]/'; // no whitespaces between commas
802
  $lock = '';
803
 
804
- if ( $MMoptions['bps_maint_ip_allowed'] == '' ) {
805
  echo $bps_topDiv;
806
  $text = '<font color="#fb0101"><strong>'.__('Error: You did not enter an IP Address in the Maintenance Mode IP Address Whitelist Text Box.', 'bulletproof-security').'</strong></font>';
807
  echo $text;
808
  echo $bps_bottomDiv;
809
- return;
 
810
  }
811
 
812
  // IP Address Text Box Error Checking: 2 to 20 extra whitespaces, no whitespace between commas, no commas
@@ -817,16 +880,17 @@ global $bps_topDiv, $bps_bottomDiv;
817
  $text = '<font color="#fb0101"><strong>'.__('IP Address Format Error: You have entered multiple IP Addresses using an incorrect Format.', 'bulletproof-security').'</font><br>'.__('The correct IP Address Format is: IP Address comma single space. Example: 100.99.88.77, 200.66.55.44, 44.33.22.1 or 100.99.88., 200.66.55., 44.33.22. if you are using the recommended 3 octet IP addresses.', 'bulletproof-security').'<br>'.__('Correct the IP Address Format and click the Save Options button again. If you have an IPv6 IP address use the same general format as an IPv4 IP address - comma single space.', 'bulletproof-security').'</strong>';
818
  echo $text;
819
  echo $bps_bottomDiv;
820
- return;
 
821
  }
822
 
823
  // Frontend Maintenance Mode
824
  // Single/GWIOD: if a user unchecks frontend mmode, saves options again and then clicks turn on then frontend mmode needs to be turned off
825
- if ( $MMoptions['bps_maint_frontend'] != '1' ) {
826
  bpsPro_mmode_single_gwiod_turn_off_frontend();
827
  }
828
 
829
- if ( $MMoptions['bps_maint_ip_allowed'] != '' && $MMoptions['bps_maint_frontend'] == '1' ) {
830
 
831
  if ( get_option('home') != get_option('siteurl') ) {
832
  bpsPro_mmode_gwiod_site_root_index_file_on();
@@ -923,7 +987,7 @@ global $bps_topDiv, $bps_bottomDiv;
923
  $AllowFromRules = file_get_contents($MMAllowFromTXT);
924
  $stringReplace = file_get_contents($wpadminHtaccess);
925
 
926
- if ( $Apache_Mod_options['bps_apache_mod_ifmodule'] == 'Yes' ) {
927
 
928
  if ( ! preg_match( $pattern3, $stringReplace, $matches ) ) {
929
 
@@ -1010,7 +1074,7 @@ global $current_blog, $blog_id, $bps_topDiv, $bps_bottomDiv;
1010
  $format_error_1 = '/,(\s){2,20}/'; // 2 to 20 extra whitespaces
1011
  $format_error_2 = '/,[^\s]/'; // no whitespaces between commas
1012
 
1013
- if ( $MMoptions['bps_maint_ip_allowed'] == '' ) {
1014
  echo $bps_topDiv;
1015
  $text = '<font color="#fb0101"><strong>'.__('Error: You did not enter an IP Address in the Maintenance Mode IP Address Whitelist Text Box.', 'bulletproof-security').'</strong></font>';
1016
  echo $text;
@@ -1031,11 +1095,11 @@ global $current_blog, $blog_id, $bps_topDiv, $bps_bottomDiv;
1031
 
1032
  // Frontend Maintenance Mode
1033
  // Network/Multisite: if a user unchecks frontend mmode, saves options again and then clicks turn on then frontend mmode needs to be turned off
1034
- if ( $MMoptions['bps_maint_frontend'] != '1' ) {
1035
  bpsPro_mmode_network_turn_off_frontend();
1036
  }
1037
 
1038
- if ( $MMoptions['bps_maint_ip_allowed'] != '' && $MMoptions['bps_maint_frontend'] == '1' ) {
1039
 
1040
  // backup the original WP root index.php file ONLY once the first time mmode is turned On and never again.
1041
  if ( ! file_exists($root_index_file_backup) ) {
@@ -1221,7 +1285,7 @@ global $current_blog, $blog_id, $bps_topDiv, $bps_bottomDiv;
1221
  $pattern3 = '/#\sBEGIN\sBPS\sMAINTENANCE\sMODE\sIP(.*\s*){8}(Allow(.*)\s*){1,}<\/IfModule>\s*<\/IfModule>\s*#\sEND\sBPS\sMAINTENANCE\sMODE\sIP/';
1222
  $Apache_Mod_options = get_option('bulletproof_security_options_apache_modules');
1223
 
1224
- if ( $MMoptions['bps_maint_ip_allowed'] != '' && $MMoptions['bps_maint_backend'] == '1' ) {
1225
 
1226
  if ( $permsHtaccess == '0404') {
1227
  $lock = '0404';
@@ -1242,7 +1306,7 @@ global $current_blog, $blog_id, $bps_topDiv, $bps_bottomDiv;
1242
  $AllowFromRules = file_get_contents($MMAllowFromTXT);
1243
  $stringReplace = file_get_contents($wpadminHtaccess);
1244
 
1245
- if ( $Apache_Mod_options['bps_apache_mod_ifmodule'] == 'Yes' ) {
1246
 
1247
  if ( ! preg_match( $pattern3, $stringReplace, $matches ) ) {
1248
 
@@ -1296,7 +1360,8 @@ if ( isset( $_POST['Submit-maintenance-mode-on'] ) && current_user_can('manage_o
1296
  $text = '<font color="#fb0101"><strong>'.__('Error: You have not saved your option settings yet. Click the Save Options button.', 'bulletproof-security').'</strong></font>';
1297
  echo $text;
1298
  echo $bps_bottomDiv;
1299
- return;
 
1300
  }
1301
 
1302
  if ( is_multisite() && $blog_id != 1 ) {
@@ -2093,12 +2158,13 @@ if ( isset( $_POST['Submit-maintenance-mode-off'] ) && current_user_can('manage_
2093
 
2094
  $MMoptions = get_option('bulletproof_security_options_maint_mode');
2095
 
2096
- if ( !get_option('bulletproof_security_options_maint_mode') ) {
2097
  echo $bps_topDiv;
2098
  $text = '<font color="#fb0101"><strong>'.__('Error: You have not saved your option settings yet. Click the Save Options button.', 'bulletproof-security').'</strong></font>';
2099
  echo $text;
2100
  echo $bps_bottomDiv;
2101
- return;
 
2102
  }
2103
 
2104
  if ( is_multisite() && $blog_id != 1 ) {
@@ -2176,8 +2242,6 @@ if ( isset( $_POST['Submit-maintenance-mode-off'] ) && current_user_can('manage_
2176
  </tr>
2177
  </table>
2178
  </div>
2179
-
2180
- <div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION; ?> Plugin by <a href="https://www.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
2181
- </div>
2182
  </div>
2183
  </div>
43
 
44
  <?php
45
  // General all purpose "Settings Saved." message for forms
46
+ if ( current_user_can('manage_options') ) {
47
  if ( isset( $_GET['settings-updated'] ) && $_GET['settings-updated'] == true ) {
48
  $text = '<p style="font-size:1em;font-weight:bold;padding:2px 0px 2px 5px;margin:0px -11px 0px -11px;background-color:#dfecf2;-webkit-box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);""><font color="green"><strong>'.__('Settings Saved', 'bulletproof-security').'</strong></font></p>';
49
  echo $text;
255
  return;
256
  }
257
 
258
+ if ( empty($_POST['mmode_time']) || preg_match( '|[\/\|\<\>\'\"\(\)]|', $_POST['mmode_time'] ) ) {
259
+ $bps_maint_time = '';
260
  } else {
261
+ $bps_maint_time = $_POST['mmode_time'];
262
  }
263
 
264
+ if ( empty($_POST['mmode_retry_after']) || preg_match( '|[\/\|\<\>\'\"\(\)]|', $_POST['mmode_retry_after'] ) ) {
265
+ $bps_maint_retry_after = '';
266
  } else {
267
+ $bps_maint_retry_after = $_POST['mmode_retry_after'];
268
  }
269
 
270
+ if ( empty($_POST['mmode_ip_allowed']) || preg_match( '|[\/\|\<\>\'\"\(\)]|', $_POST['mmode_ip_allowed'] ) ) {
271
  echo $bps_topDiv;
272
+ $text = '<font color="#fb0101"><strong>'.__('Error: You did not enter an IP Address in the Maintenance Mode IP Address Whitelist Text Box. Only IP Addresses are allowed.', 'bulletproof-security').'</strong></font>';
273
  echo $text;
274
  echo $bps_bottomDiv;
275
  return;
279
  $bps_maint_ip_allowed = trim( $_POST['mmode_ip_allowed'], ", \t\n\r");
280
  }
281
 
282
+ $pattern = '/<script>|<\/script>|javascript|onload|onunload|onbeforeprint|onbeforeunload|onchange|onfocusin|onfocusout|onfocus|onblur|onerror|oninput|onopen|onmessage|onmouseover|onmousedown|onmouseup|onmouseout|onmouseleave|onmousemove|onmouseenter|onclick|ondblclick|onkeyup|onkeydown|onkeypress|onsubmit|onselect|onoffline|ononline|onpagehide|onpageshow|onpaste|onresize|onreset|onscroll|onsearch|onshow|ontoggle|ontouchcancel|ontouchend|ontouchmove|ontouchstart|onhashchange|oninvalid|allowscriptaccess|currentTarget|addEventListener|getElementById|getElementsByTagName|getElementsByClassName|documentElement|innerHTML|setAttribute|createElement|removeChild|appendChild|replaceChild|parentNode|childNodes|createTextNode|nodeValue|firstChild|lastChild|querySelectorAll|EventSource/i';
283
+
284
+ $subject = $_POST['bpscustomeditor'];
285
+
286
+ $javascript_matches = preg_match_all( $pattern, $subject, $matches );
287
+ $javascript_matches_array = array();
288
+
289
+ foreach( $matches[0] as $key => $value ) {
290
+
291
+ $javascript_matches_array[] = htmlspecialchars($value);
292
+ }
293
+
294
+ if ( ! empty($javascript_matches_array) ) {
295
+
296
+ echo $bps_topDiv;
297
+ $text = '<strong><font color="#fb0101">'.__('Error: Sorry, JavaScript is not allowed in the MMode Editor. Only HTML, CSS, images and regular text are allowed.', 'bulletproof-security').'</font><br>'.__('JavaScript Matches:', 'bulletproof-security') . '</strong><br>';;
298
+ echo $text;
299
+
300
+ foreach( $javascript_matches_array as $key => $value ) {
301
+
302
+ echo esc_html($value) . '<br>';
303
+ }
304
+
305
+ echo $bps_bottomDiv;
306
+ return;
307
+ }
308
+
309
  $bps_maint_frontend = ! empty($_POST['mmode_frontend']) ? '1' : '';
310
  $bps_maint_show_visitor_ip = ! empty($_POST['mmode_visitor_ip']) ? '1' : '';
311
  $bps_maint_show_login_link = ! empty($_POST['mmode_login_link']) ? '1' : '';
312
  $bps_maint_dashboard_reminder = ! empty($_POST['mmode_dashboard_reminder']) ? '1' : '';
313
  $bps_maint_log_visitors = ! empty($_POST['mmode_log_visitors']) ? '1' : '';
314
  $bps_maint_countdown_email = ! empty($_POST['mmode_countdown_email']) ? '1' : '';
315
+
316
+ // Notes: HTML code in the Editor is converted and saved in the DB as HTML Entities.
317
+ // The JavaScript filter condition above will not allow any js to get this far.
318
+ $bps_maint_text = ! empty($_POST['bpscustomeditor']) ? stripslashes($_POST['bpscustomeditor']) : '';
319
+
320
+ $admin_email = get_option('admin_email');
321
+ $bps_maint_email_to = ! empty($_POST['mmode_email_to']) ? sanitize_text_field($_POST['mmode_email_to']) : $admin_email;
322
+ $bps_maint_email_from = ! empty($_POST['mmode_email_from']) ? sanitize_text_field($_POST['mmode_email_from']) : $admin_email;
323
+ $bps_maint_email_cc = isset($_POST['mmode_email_cc']) ? sanitize_text_field($_POST['mmode_email_cc']) : '';
324
+ $bps_maint_email_bcc = isset($_POST['mmode_email_bcc']) ? sanitize_text_field($_POST['mmode_email_bcc']) : '';
325
 
326
  $BPS_Options = array(
327
  'bps_maint_on_off' => $bps_maint_on_off,
332
  'bps_maint_frontend' => $bps_maint_frontend,
333
  'bps_maint_backend' => $bps_maint_backend,
334
  'bps_maint_ip_allowed' => $bps_maint_ip_allowed,
335
+ 'bps_maint_text' => $bps_maint_text,
336
  'bps_maint_background_images' => $_POST['mmode_background_images'],
337
  'bps_maint_center_images' => $_POST['mmode_center_images'],
338
  'bps_maint_background_color' => $_POST['mmode_background_color'],
341
  'bps_maint_dashboard_reminder' => $bps_maint_dashboard_reminder,
342
  'bps_maint_log_visitors' => $bps_maint_log_visitors,
343
  'bps_maint_countdown_email' => $bps_maint_countdown_email,
344
+ 'bps_maint_email_to' => $bps_maint_email_to,
345
+ 'bps_maint_email_from' => $bps_maint_email_from,
346
+ 'bps_maint_email_cc' => $bps_maint_email_cc,
347
+ 'bps_maint_email_bcc' => $bps_maint_email_bcc,
348
  'bps_maint_mu_entire_site' => $bps_maint_mu_entire_site,
349
  'bps_maint_mu_subsites_only' => $bps_maint_mu_subsites_only
350
  );
357
  $MMoptions = get_option('bulletproof_security_options_maint_mode');
358
  $bps_maintenance_file = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/bps-maintenance.php';
359
  $bps_maintenance_values = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/bps-maintenance-values.php';
360
+
361
+ if ( is_numeric( $MMoptions['bps_maint_time'] ) ) {
362
+ $bps_maint_time = time() + ( $MMoptions['bps_maint_time'] * 60 );
363
+ } else {
364
+ $bps_maint_time = '0';
365
+ }
366
 
367
+ if ( is_numeric( $MMoptions['bps_maint_retry_after'] ) ) {
368
+ $bps_maint_retry_after = $MMoptions['bps_maint_retry_after'];
369
+ } else {
370
+ $bps_maint_retry_after = '0';
371
+ }
372
+
373
  if ( is_multisite() ) {
374
 
375
  if ( is_subdomain_install() ) {
404
  $primary_site_uri_path = '';
405
  }
406
 
407
+ ## IMPORTANT!!! Do not indent this code below. Whitespace will be created in the htaccess files.
408
+ ## At a later time, strip out any whitespace.
409
+ ## Note: This code should actually be fine since I am using a single quote, not a double quote, but leave it alone for now.
410
+
411
  $bps_maint_content = '<?php'."\n".'# BEGIN BPS MAINTENANCE MODE'."\n"
412
+ .'$bps_maint_countdown_timer = \''.$mmode_countdown_timer.'\';'."\n"
413
  .'$bps_maint_countdown_timer_color = \''.$MMoptions['bps_maint_countdown_timer_color'].'\';'."\n"
414
  .'$bps_maint_time = \''.$bps_maint_time.'\';'."\n"
415
+ .'$bps_maint_retry_after = \''.$bps_maint_retry_after.'\';'."\n"
416
+ .'$bps_maint_text = \''.str_replace( array("\&#039;", "\'") , "'", htmlspecialchars_decode( $bps_maint_text, ENT_QUOTES) ).'\';'."\n"
417
  .'$bps_maint_background_images = \''.$MMoptions['bps_maint_background_images'].'\';'."\n"
418
  .'$bps_maint_center_images = \''.$MMoptions['bps_maint_center_images'].'\';'."\n"
419
  .'$bps_maint_background_color = \''.$MMoptions['bps_maint_background_color'].'\';'."\n"
420
+ .'$bps_maint_show_visitor_ip = \''.$bps_maint_show_visitor_ip.'\';'."\n"
421
+ .'$bps_maint_show_login_link = \''.$bps_maint_show_login_link.'\';'."\n"
422
  .'$bps_maint_login_link = \''.get_site_url().'/wp-admin/' .'\';'."\n"
423
+ .'$bps_maint_log_visitors = \''.$bps_maint_log_visitors.'\';'."\n"
424
+ .'$bps_maint_countdown_email = \''.$bps_maint_countdown_email.'\';'."\n"
425
+ .'$bps_maint_email_to = \''.$bps_maint_email_to.'\';'."\n"
426
+ .'$bps_maint_email_from = \''.$bps_maint_email_from.'\';'."\n"
427
+ .'$bps_maint_email_cc = \''.$bps_maint_email_cc.'\';'."\n"
428
+ .'$bps_maint_email_bcc = \''.$bps_maint_email_bcc.'\';'."\n"
429
  .'# BEGIN BPS MAINTENANCE MODE PRIMARY SITE'."\n"
430
+ .'$all_sites = \''.$bps_maint_mu_entire_site.'\';'."\n"
431
+ .'$all_subsites = \''.$bps_maint_mu_subsites_only.'\';'."\n"
432
  .'$primary_site_uri = \''.$primary_site_uri_path.'\';'."\n"
433
  .'# END BPS MAINTENANCE MODE PRIMARY SITE'."\n"
434
  .'# END BPS MAINTENANCE MODE'."\n".'?>';
576
  wp_nonce_field('bpsMaintenanceMode');
577
  bpsPro_maintenance_mode_values_form();
578
  $MMoptions = get_option('bulletproof_security_options_maint_mode');
579
+ $admin_email = get_option('admin_email');
580
+
581
+ $bps_maint_countdown_timer = ! empty($MMoptions['bps_maint_countdown_timer']) ? checked( $MMoptions['bps_maint_countdown_timer'], 1, false ) : '';
582
  $bps_maint_text = ! isset($MMoptions['bps_maint_text']) ? '' : $MMoptions['bps_maint_text'];
583
  $bps_maint_countdown_timer_color = ! isset($MMoptions['bps_maint_countdown_timer_color']) ? '' : $MMoptions['bps_maint_countdown_timer_color'];
584
+ $bps_maint_time = isset($MMoptions['bps_maint_time']) ? $MMoptions['bps_maint_time'] : '';
585
+ $bps_maint_retry_after = isset($MMoptions['bps_maint_retry_after']) ? $MMoptions['bps_maint_retry_after'] : '';
586
+ $bps_maint_frontend = ! empty($MMoptions['bps_maint_frontend']) ? checked( $MMoptions['bps_maint_frontend'], 1, false ) : '';
587
+ $bps_maint_backend = ! empty($MMoptions['bps_maint_backend']) ? checked( $MMoptions['bps_maint_backend'], 1, false ) : '';
588
+ $bps_maint_ip_allowed = isset($MMoptions['bps_maint_ip_allowed']) ? $MMoptions['bps_maint_ip_allowed'] : '';
589
  $bps_maint_background_images = ! isset($MMoptions['bps_maint_background_images']) ? '' : $MMoptions['bps_maint_background_images'];
590
  $bps_maint_center_images = ! isset($MMoptions['bps_maint_center_images']) ? '' : $MMoptions['bps_maint_center_images'];
591
  $bps_maint_background_color = ! isset($MMoptions['bps_maint_background_color']) ? '' : $MMoptions['bps_maint_background_color'];
592
+ $bps_maint_show_visitor_ip = ! empty($MMoptions['bps_maint_show_visitor_ip']) ? checked( $MMoptions['bps_maint_show_visitor_ip'], 1, false ) : '';
593
+ $bps_maint_show_login_link = ! empty($MMoptions['bps_maint_show_login_link']) ? checked( $MMoptions['bps_maint_show_login_link'], 1, false ) : '';
594
+ $bps_maint_dashboard_reminder = ! empty($MMoptions['bps_maint_dashboard_reminder']) ? checked( $MMoptions['bps_maint_dashboard_reminder'], 1, false ) : '';
595
+ $bps_maint_log_visitors = ! empty($MMoptions['bps_maint_log_visitors']) ? checked( $MMoptions['bps_maint_log_visitors'], 1, false ) : '';
596
+ $bps_maint_countdown_email = ! empty($MMoptions['bps_maint_countdown_email']) ? checked( $MMoptions['bps_maint_countdown_email'], 1, false ) : '';
597
+ $bps_maint_email_to = ! empty($MMoptions['bps_maint_email_to']) ? $MMoptions['bps_maint_email_to'] : $admin_email;
598
+ $bps_maint_email_from = ! empty($MMoptions['bps_maint_email_from']) ? $MMoptions['bps_maint_email_from'] : $admin_email;
599
+ $bps_maint_email_cc = isset($MMoptions['bps_maint_email_cc']) ? $MMoptions['bps_maint_email_cc'] : '';
600
+ $bps_maint_email_bcc = isset($MMoptions['bps_maint_email_bcc']) ? $MMoptions['bps_maint_email_bcc'] : '';
601
+ $bps_maint_mu_entire_site = ! empty($MMoptions['bps_maint_mu_entire_site']) ? checked( $MMoptions['bps_maint_mu_entire_site'], 1, false ) : '';
602
+ $bps_maint_mu_subsites_only = ! empty($MMoptions['bps_maint_mu_subsites_only']) ? checked( $MMoptions['bps_maint_mu_subsites_only'], 1, false ) : '';
603
  ?>
604
 
605
  <div id="bps-accordion-3" class="bps-accordion-main-2" style="">
609
  <label for="mmode"><?php _e('Maintenance Mode Text, CSS Style Code, Images, Videos Displayed To Website Visitors:', 'bulletproof-security'); ?></label><br />
610
  <label for="mmode"><?php _e('Click the Maintenance Mode Guide link in the Question Mark help button above for CSS Code, Image & Video Embed examples.', 'bulletproof-security'); ?></label><br /><br />
611
 
 
612
  <div class="mmode-tinymce">
613
  <?php wp_editor( stripslashes( htmlspecialchars_decode( $bps_maint_text, ENT_QUOTES ) ), 'bpscustomeditor' ); ?><br />
614
  </div>
618
  <h3><?php _e('MMode Option Settings', 'bulletproof-security'); ?></h3>
619
  <div id="mmode-accordion-inner">
620
 
621
+ <input type="checkbox" name="mmode_countdown_timer" style="margin-top:5px;" value="1" <?php echo esc_html($bps_maint_countdown_timer); ?> /><label for="mmode"><?php _e('Enable Countdown Timer', 'bulletproof-security'); ?></label><br /><br />
622
 
623
  <label for="mmode"><?php _e('Countdown Timer Text Color:', 'bulletproof-security'); ?></label><br />
624
  <select name="mmode_countdown_timer_color" class="form-340">
630
 
631
  <label for="mmode"><?php _e('Maintenance Mode Time (in Minutes):', 'bulletproof-security'); ?></label><br />
632
  <label for="mmode"><?php _e('Example: 10 = 10 minutes, 180 = 3 hours, 1440 = 24 hours.', 'bulletproof-security'); ?></label><br />
633
+ <input type="text" name="mmode_time" class="regular-text-340" value="<?php echo esc_html($bps_maint_time); ?>" /><br /><br />
634
 
635
  <label for="mmode"><?php _e('Header Retry-After (Enter the same time as above):', 'bulletproof-security'); ?></label><br />
636
  <label for="mmode"><?php _e('Example: 10 = 10 minutes, 180 = 3 hours, 1440 = 24 hours.', 'bulletproof-security'); ?></label><br />
637
+ <input type="text" name="mmode_retry_after" class="regular-text-340" value="<?php echo esc_html($bps_maint_retry_after); ?>" /><br /><br />
638
 
639
+ <input type="checkbox" name="mmode_frontend" value="1" <?php echo esc_html($bps_maint_frontend); ?> /><label for="mmode"><?php _e('Enable FrontEnd Maintenance Mode', 'bulletproof-security'); ?></label><br /><br />
640
 
641
  <?php if ( is_multisite() && $blog_id != 1 ) { echo '<div style="margin:0px 0px 0px 0px;"></div>'; } else { ?>
642
 
643
  <div id="mmode-caution">
644
  <?php $text = '<font color="#fb0101">'.__('CAUTION: ', 'bulletproof-security').'</font><font color="blue">'.__('You MUST enter Your Current IP Address or the Recommended IP Address if you Enable BackEnd Maintenance Mode or you will be locked out of your WordPress Dashboard.', 'bulletproof-security').'</font>'; echo $text; ?>
645
  </div>
646
+ <input type="checkbox" name="mmode_backend" value="1" <?php echo esc_html($bps_maint_backend); ?> /><label for="mmode"><?php _e('Enable BackEnd Maintenance Mode ', 'bulletproof-security'); ?></label><br /><br />
647
 
648
  <?php }
649
 
657
  <?php bps_get_proxy_real_ip_address_maint(); ?>
658
 
659
  <input type="hidden" name="scrolltommode1" id="scrolltommode1" value="<?php echo esc_html( $scrolltommode1 ); ?>" />
660
+ <textarea style="width:340px" class="PFW-Allow-From-Text-Area" name="mmode_ip_allowed" id="mmode_ip_allowed" tabindex="1"><?php echo esc_textarea($bps_maint_ip_allowed); ?></textarea><br /><br />
661
 
662
  <label for="mmode"><?php _e('Background Images:', 'bulletproof-security'); ?></label><br />
663
  <select name="mmode_background_images" class="form-340">
712
  <option value="gray" <?php selected('gray', $bps_maint_background_color); ?>><?php _e('Gray', 'bulletproof-security'); ?></option>
713
  </select><br /><br />
714
 
715
+ <input type="checkbox" name="mmode_visitor_ip" value="1" <?php echo esc_html($bps_maint_show_visitor_ip); ?> /><label for="mmode"><?php _e('Display Visitor IP Address', 'bulletproof-security'); ?></label><br /><br />
716
 
717
+ <input type="checkbox" name="mmode_login_link" value="1" <?php echo esc_html($bps_maint_show_login_link); ?> /><label for="mmode"><?php _e('Display Admin|Login Link', 'bulletproof-security'); ?></label><br /><br />
718
 
719
+ <input type="checkbox" name="mmode_dashboard_reminder" value="1" <?php echo esc_html($bps_maint_dashboard_reminder); ?> /><label for="mmode"><?php _e('Display Dashboard Reminder Message', 'bulletproof-security'); ?></label><br /><br />
720
 
721
+ <input type="checkbox" name="mmode_log_visitors" value="1" <?php echo esc_html($bps_maint_log_visitors); ?> /><label for="mmode"><?php _e('Enable Visitor Logging', 'bulletproof-security'); ?></label><br /><br />
722
 
723
+ <input type="checkbox" name="mmode_countdown_email" value="1" <?php echo esc_html($bps_maint_countdown_email); ?> /><label for="mmode"><?php _e('Send Email when Countdown Timer has completed', 'bulletproof-security'); ?></label><br /><br />
724
 
725
  <strong><label for="mmode-email"><?php _e('Send Countdown Timer Email To:', 'bulletproof-security'); ?> </label></strong><br />
726
+ <input type="text" name="mmode_email_to" class="regular-text-340" value="<?php echo esc_html($bps_maint_email_to); ?>" /><br />
727
  <strong><label for="mmode-email"><?php _e('Send Countdown Timer Email From:', 'bulletproof-security'); ?> </label></strong><br />
728
+ <input type="text" name="mmode_email_from" class="regular-text-340" value="<?php echo esc_html($bps_maint_email_from); ?>" /><br />
729
  <strong><label for="mmode-email"><?php _e('Send Countdown Timer Email Cc:', 'bulletproof-security'); ?> </label></strong><br />
730
+ <input type="text" name="mmode_email_cc" class="regular-text-340" value="<?php echo esc_html($bps_maint_email_cc); ?>" /><br />
731
  <strong><label for="mmode-email"><?php _e('Send Countdown Timer Email Bcc:', 'bulletproof-security'); ?> </label></strong><br />
732
+ <input type="text" name="mmode_email_bcc" class="regular-text-340" value="<?php echo esc_html($bps_maint_email_bcc); ?>" /><br />
733
 
734
  </div>
735
 
741
  <?php if ( is_multisite() && $blog_id != 1 ) { echo '<div style="margin:0px 0px 10px 0px;"></div>'; } else { ?>
742
 
743
  <strong><label for="mmode" style="color:#2271b1;"><?php _e('Click the Maintenance Mode Question Mark help button for the steps to use these special options:', 'bulletproof-security'); ?></label></strong><br /><br />
744
+ <input type="checkbox" name="mmode_mu_entire_site" value="1" <?php echo esc_html($bps_maint_mu_entire_site); ?> /><label for="mmode"><?php _e('Put The Primary Site And All Subsites In Maintenance Mode', 'bulletproof-security'); ?></label><br /><br />
745
 
746
+ <input type="checkbox" name="mmode_mu_subsites_only" value="1" <?php echo esc_html($bps_maint_mu_subsites_only); ?> /><label for="mmode"><?php _e('Put All Subsites In Maintenance Mode, But Not The Primary Site', 'bulletproof-security'); ?></label><br /><br />
747
 
748
  <?php } ?>
749
 
863
  $format_error_2 = '/,[^\s]/'; // no whitespaces between commas
864
  $lock = '';
865
 
866
+ if ( isset($MMoptions['bps_maint_ip_allowed']) && $MMoptions['bps_maint_ip_allowed'] == '' ) {
867
  echo $bps_topDiv;
868
  $text = '<font color="#fb0101"><strong>'.__('Error: You did not enter an IP Address in the Maintenance Mode IP Address Whitelist Text Box.', 'bulletproof-security').'</strong></font>';
869
  echo $text;
870
  echo $bps_bottomDiv;
871
+
872
+ return;
873
  }
874
 
875
  // IP Address Text Box Error Checking: 2 to 20 extra whitespaces, no whitespace between commas, no commas
880
  $text = '<font color="#fb0101"><strong>'.__('IP Address Format Error: You have entered multiple IP Addresses using an incorrect Format.', 'bulletproof-security').'</font><br>'.__('The correct IP Address Format is: IP Address comma single space. Example: 100.99.88.77, 200.66.55.44, 44.33.22.1 or 100.99.88., 200.66.55., 44.33.22. if you are using the recommended 3 octet IP addresses.', 'bulletproof-security').'<br>'.__('Correct the IP Address Format and click the Save Options button again. If you have an IPv6 IP address use the same general format as an IPv4 IP address - comma single space.', 'bulletproof-security').'</strong>';
881
  echo $text;
882
  echo $bps_bottomDiv;
883
+
884
+ return;
885
  }
886
 
887
  // Frontend Maintenance Mode
888
  // Single/GWIOD: if a user unchecks frontend mmode, saves options again and then clicks turn on then frontend mmode needs to be turned off
889
+ if ( isset($MMoptions['bps_maint_frontend']) && $MMoptions['bps_maint_frontend'] != '1' ) {
890
  bpsPro_mmode_single_gwiod_turn_off_frontend();
891
  }
892
 
893
+ if ( isset($MMoptions['bps_maint_ip_allowed']) && $MMoptions['bps_maint_ip_allowed'] != '' && isset($MMoptions['bps_maint_frontend']) && $MMoptions['bps_maint_frontend'] == '1' ) {
894
 
895
  if ( get_option('home') != get_option('siteurl') ) {
896
  bpsPro_mmode_gwiod_site_root_index_file_on();
987
  $AllowFromRules = file_get_contents($MMAllowFromTXT);
988
  $stringReplace = file_get_contents($wpadminHtaccess);
989
 
990
+ if ( isset($Apache_Mod_options['bps_apache_mod_ifmodule']) && $Apache_Mod_options['bps_apache_mod_ifmodule'] == 'Yes' ) {
991
 
992
  if ( ! preg_match( $pattern3, $stringReplace, $matches ) ) {
993
 
1074
  $format_error_1 = '/,(\s){2,20}/'; // 2 to 20 extra whitespaces
1075
  $format_error_2 = '/,[^\s]/'; // no whitespaces between commas
1076
 
1077
+ if ( isset($MMoptions['bps_maint_ip_allowed']) && $MMoptions['bps_maint_ip_allowed'] == '' ) {
1078
  echo $bps_topDiv;
1079
  $text = '<font color="#fb0101"><strong>'.__('Error: You did not enter an IP Address in the Maintenance Mode IP Address Whitelist Text Box.', 'bulletproof-security').'</strong></font>';
1080
  echo $text;
1095
 
1096
  // Frontend Maintenance Mode
1097
  // Network/Multisite: if a user unchecks frontend mmode, saves options again and then clicks turn on then frontend mmode needs to be turned off
1098
+ if ( isset($MMoptions['bps_maint_frontend']) && $MMoptions['bps_maint_frontend'] != '1' ) {
1099
  bpsPro_mmode_network_turn_off_frontend();
1100
  }
1101
 
1102
+ if ( isset($MMoptions['bps_maint_ip_allowed']) && $MMoptions['bps_maint_ip_allowed'] != '' && isset($MMoptions['bps_maint_frontend']) && $MMoptions['bps_maint_frontend'] == '1' ) {
1103
 
1104
  // backup the original WP root index.php file ONLY once the first time mmode is turned On and never again.
1105
  if ( ! file_exists($root_index_file_backup) ) {
1285
  $pattern3 = '/#\sBEGIN\sBPS\sMAINTENANCE\sMODE\sIP(.*\s*){8}(Allow(.*)\s*){1,}<\/IfModule>\s*<\/IfModule>\s*#\sEND\sBPS\sMAINTENANCE\sMODE\sIP/';
1286
  $Apache_Mod_options = get_option('bulletproof_security_options_apache_modules');
1287
 
1288
+ if ( isset($MMoptions['bps_maint_ip_allowed']) && $MMoptions['bps_maint_ip_allowed'] != '' && isset($MMoptions['bps_maint_backend']) && $MMoptions['bps_maint_backend'] == '1' ) {
1289
 
1290
  if ( $permsHtaccess == '0404') {
1291
  $lock = '0404';
1306
  $AllowFromRules = file_get_contents($MMAllowFromTXT);
1307
  $stringReplace = file_get_contents($wpadminHtaccess);
1308
 
1309
+ if ( isset($Apache_Mod_options['bps_apache_mod_ifmodule']) && $Apache_Mod_options['bps_apache_mod_ifmodule'] == 'Yes' ) {
1310
 
1311
  if ( ! preg_match( $pattern3, $stringReplace, $matches ) ) {
1312
 
1360
  $text = '<font color="#fb0101"><strong>'.__('Error: You have not saved your option settings yet. Click the Save Options button.', 'bulletproof-security').'</strong></font>';
1361
  echo $text;
1362
  echo $bps_bottomDiv;
1363
+
1364
+ return;
1365
  }
1366
 
1367
  if ( is_multisite() && $blog_id != 1 ) {
2158
 
2159
  $MMoptions = get_option('bulletproof_security_options_maint_mode');
2160
 
2161
+ if ( ! get_option('bulletproof_security_options_maint_mode' ) ) {
2162
  echo $bps_topDiv;
2163
  $text = '<font color="#fb0101"><strong>'.__('Error: You have not saved your option settings yet. Click the Save Options button.', 'bulletproof-security').'</strong></font>';
2164
  echo $text;
2165
  echo $bps_bottomDiv;
2166
+
2167
+ return;
2168
  }
2169
 
2170
  if ( is_multisite() && $blog_id != 1 ) {
2242
  </tr>
2243
  </table>
2244
  </div>
2245
+ <?php echo $bps_footer; ?>
 
 
2246
  </div>
2247
  </div>
admin/mscan/mscan-help-text.php CHANGED
@@ -1,4 +1,35 @@
1
  <?php
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
2
  // Direct calls to this file are Forbidden when core files are not present
3
  if ( ! current_user_can('manage_options') ) {
4
  header('Status: 403 Forbidden');
@@ -9,16 +40,16 @@ if ( ! current_user_can('manage_options') ) {
9
  /** MScan **/
10
  $bps_modal_content1 = '<strong><font color="blue">'.__('For more extensive help info and answers to common issues or problems click the MScan Malware Scanner Guide link above. For troubleshooting help or to post suspicious code click the MScan Troubleshooting & Code Posting link above.', 'bulletproof-security').'</font></strong>
11
 
12
- <br><br><strong>'.__('MScan Scan General Info', 'bulletproof-security').'</strong><br>'.__('MScan Scan scans WP Core, Plugin and Theme files using file hash comparisons, which is 100% accurate vs conventional pattern matching, which is typically around 75% - 85% accurate. MScan scans all other website files (non-WordPress files) using conventional pattern matching scanning. The pattern matching code is much more extensive in MScan Scan and will hopefully achieve a 95% or higher detection rate. False positives are inevitable when using conventional pattern matching scanning, but since MScan Scan uses file hash comparison scanning for all WP Core, Plugin and Theme files then there will not be any false positives detected for any/all WordPress files (WP Core, Plugins and Themes). MScan Scan automatically downloads WordPress, Plugin and Theme zip files, extracts the zip files, creates file hashes for all files and then deletes the zip files. WP Core, Plugin and Theme zip downloads only occur on the first MScan scan or when a new WordPress, Plugin or Theme version is installed/updated on a website.', 'bulletproof-security').
13
 
14
- '<br><br><strong>'.__('Scanning Other WordPress Sites', 'bulletproof-security').'</strong><br>'.__('Website folder checkboxes cannot be checked for other WordPress sites under your hosting account. To scan other WordPress sites under your hosting account run MScan Scan from each site. There are several technical reasons for doing this: Each site may have a different version of WordPress installed and different Plugins and Themes installed. MScan Scan now uses file hash comparisons for each individual site based on the WordPress, Plugin and Theme versions installed on each individual website.', 'bulletproof-security').
 
 
15
 
16
- '<br><br><strong>'.__('Estimated Scan Time Exceeded', 'bulletproof-security').'</strong><br>'.__('If you see "Estimated Scan Time Exceeded: Still scanning files" that means that the current scan that you are running is taking longer than the estimated scan time. The scan will complete successfully.', 'bulletproof-security').
17
 
18
  '<br><br><strong>'.__('Processing Total File Count', 'bulletproof-security').'</strong><br>'.__('If you see "Processing Total File Count: Still scanning files" that means that the current scan that you are running has not yet processed the total number of files to scan yet. The scan will complete successfully.', 'bulletproof-security').
19
 
20
- '<br><br><strong>'.__('New Hash Files Created: Run A New Scan', 'bulletproof-security').'</strong><br>'.__('If you see "Total Files Scanned: New Hash Files Created: Run A New Scan" that means that the current scan that you are running will create new Plugin or Theme Hash files and not scan any files. You will see this message instead of the total number of files scanned whenever new or updated Plugins or Themes need new Hash files created. Run another scan to scan the new/updated Plugin and Theme files. Note: This safety precaution ensures that Plugin and Theme hash files are not being created at the same time Plugin and Theme files are being scanned, which could result in false positive file hash comparison results for Plugin and Theme files.', 'bulletproof-security').
21
-
22
  '<br><br><strong>'.__('Error: Files found in the plugin-hashes folder', 'bulletproof-security').'</strong><br>'.__('If you see "Total Files Scanned: Error: Files found in the plugin-hashes folder" that means that files (and probably folders too) were found in the /wp-content/bps-backup/plugin-hashes/ folder. This problem could be caused by uploading a plugin zip file that does not extract the entire plugin folder and instead extracts individual plugin folders and files. To fix this problem you will need to use FTP or your web host control panel file manager and delete all folders and files in the /plugin-hashes/ folder except for this file: plugin-hashes.php. To correctly make a plugin zip file that extracts the entire plugin folder you would right mouse click on the plugin folder, click "send to" and then click "Compressed (zipped) folder" on Windows.', 'bulletproof-security').
23
 
24
  '<br><br><strong>'.__('Error: Files found in the theme-hashes folder', 'bulletproof-security').'</strong><br>'.__('If you see "Total Files Scanned: Error: Files found in the theme-hashes folder" that means that files (and probably folders too) were found in the /wp-content/bps-backup/theme-hashes/ folder. This problem could be caused by uploading a theme zip file that does not extract the entire theme folder and instead extracts individual theme folders and files. To fix this problem you will need to use FTP or your web host control panel file manager and delete all folders and files in the /theme-hashes/ folder except for this file: theme-hashes.php. To correctly make a theme zip file that extracts the entire theme folder you would right mouse click on the theme folder, click "send to" and then click "Compressed (zipped) folder" on Windows.', 'bulletproof-security').
@@ -62,22 +93,28 @@ if ( ! current_user_can('manage_options') ) {
62
  '<br><br><strong>'.__('View|Ignore Suspicious DB Entries', 'bulletproof-security').'</strong><br>'.__('This form allows you to view, ignore or unignore suspicious DB Entries. Note: The view option displays the DB Table, Column, Row ID and the MScan Pattern Match that was detected by the MScan scan. Use phpMyAdmin or a similar tool to check your database Row where the suspicious code was found. When you ignore a DB Entry it will no longer be scanned in any future scans. When you unignore an ignored DB Entry it will be scanned in future scans.', 'bulletproof-security');
63
 
64
  /** MScan Log **/
65
- $bps_modal_content2 = '<strong>'.__('MScan Log General Information', 'bulletproof-security').'</strong><br>'.__('Your MScan Log file is a plain text static file and not a dynamic file or dynamic display to keep your website resource usage at a bare minimum and keep your website performance at a maximum. Log entries are logged in descending order by Date and Time. You can copy, edit and delete this plain text file. You can choose S-Monitor Email Alerting & Log File Options to automatically email your MScan Log file to you and delete it when it reaches a certain size (256KB, 500KB or 1MB).', 'bulletproof-security').
 
 
66
 
67
  '<strong><br><br>'.__('MScan Logging', 'bulletproof-security').'</strong><br>'.__('Logs extensive details about each scan that you run.', 'bulletproof-security').
68
 
69
- '<strong><br><br>'.__('MScan Log File Size', 'bulletproof-security').'</strong><br>'.__('Displays the size of your MScan Log file. If your log file is larger than 2MB then you will see a Red warning message displayed: The S-Monitor Email Alerting & Log File Options will only send log files up to 2MB in size. Copy and paste the MScan Log file contents into a Notepad text file on your computer and save it. Then click the Delete Log button to delete the contents of this Log file.', 'bulletproof-security').'<br><br><strong>'.__('MScan Log Last Modified Time', 'bulletproof-security').
70
 
71
  '</strong><br>'.__('The Reset Last Modified Time in DB option/feature is completely automated and does not require any manual steps performed by you.', 'bulletproof-security').
72
 
73
- '<br><br><strong>'.__('Delete Log Button', 'bulletproof-security').'</strong><br>'.__('Clicking the Delete Log button will delete the entire contents of your MScan Log File. If you have setup S-Monitor Email Alerting & Log Options then the only time you would probably need to use the Delete Log button is if your MScan Log file exceeds 2MB in size.', 'bulletproof-security');
74
 
75
  /** MScan Report **/
76
- $bps_modal_content3 = '<strong>'.__('MScan Report General Information', 'bulletproof-security').'</strong><br>'.__('After running a scan your extensive scan results data is displayed on this tab page. If you would like to save your scan results data click the Save MScan Report button. You can save up to 20 scan reports. You can view or delete scan reports on the MScan Saved Reports tab page using the MScan Saved Reports Form.', 'bulletproof-security').
 
 
77
 
78
- '<br><br><strong>'.__('No File Hashes for This Plugin or No File Hashes for This Theme', 'bulletproof-security').'</strong><br>'.__('If you see either of these status messages under Plugin File Hashes or Theme File Hashes then go to the main MScan Scan tab page, click the MScan Scan Question Mark help button and read the "Upload Plugin Zip Files" or "Upload Theme Zip Files" help section.', 'bulletproof-security');
79
 
80
  /** MScan Saved Reports **/
81
- $bps_modal_content4 = '<strong>'.__('MScan Saved Reports General Information', 'bulletproof-security').'</strong><br>'.__('You can save up to 20 scan reports. You can view or delete scan reports. If you would like to view a saved scan report select the View Report checkbox for the scan report you would like to view and click the View|Delete Reports button. Scan report data is displayed below the MScan Saved Reports Form. If you would like to delete a saved scan report select the Delete Report checkbox for the scan report you would like to delete and click the View|Delete Reports button. Refresh/reload the MScan Saved Reports tab page when deleting scan reports to see the current MScan Saved Reports Form data.', 'bulletproof-security');
 
 
82
 
83
  ?>
1
  <?php
2
+ # ________ ____________ _____ ________ ________
3
+ # ___ __ )____ _____ /___ /_____ __ /____ __ \______________ ______ ___ __/
4
+ # __ __ |_ / / /__ / __ / _ _ \_ __/__ /_/ /__ ___/_ __ \_ __ \__ /_
5
+ # _ /_/ / / /_/ / _ / _ / / __// /_ _ ____/ _ / / /_/ // /_/ /_ __/
6
+ # /_____/ \__,_/ /_/ /_/ \___/ \__/ /_/ /_/ \____/ \____/ /_/
7
+ # ________ _____ _____ ________
8
+ # __ ___/_____ ___________ _____________(_)__ /______ __ ___ __ \______________
9
+ # _____ \ _ _ \_ ___/_ / / /__ ___/__ / _ __/__ / / / __ /_/ /__ ___/_ __ \
10
+ # ____/ / / __// /__ / /_/ / _ / _ / / /_ _ /_/ / _ ____/ _ / / /_/ /
11
+ # /____/ \___/ \___/ \__,_/ /_/ /_/ \__/ _\__, / /_/ /_/ \____/
12
+ # /____/
13
+ # 42756C6C657450726F6F66 5365637572697479 50726F
14
+ #
15
+ /* The Copyright, AITpro Software Products License Information must remain
16
+ intact or all BulletProof Security Pro warranties, guarantees, liabilities are void.
17
+
18
+ Copyright (C) Edward Alexander, AIT-pro.com. All rights reserved.
19
+
20
+ AITpro Software Products License Information:
21
+ BY DOWNLOADING, INSTALLING, COPYING, ACCESSING, OR USING BulletProof Security Pro YOU AGREE TO THE TERMS OF THIS AGREEMENT.
22
+ IF YOU ARE ACCEPTING THESE TERMS ON BEHALF OF ANOTHER PERSON OR A COMPANY OR OTHER LEGAL ENTITY, YOU REPRESENT AND WARRANT
23
+ THAT YOU HAVE FULL AUTHORITY TO BIND THAT PERSON, COMPANY, OR LEGAL ENTITY TO THESE TERMS. IF YOU DO NOT AGREE TO THESE TERMS,
24
+ * DO NOT DOWNLOAD, INSTALL, COPY, ACCESS, OR USE BulletProof Security Pro; AND
25
+ * PROMPTLY RETURN BulletProof Security Pro TO THE PARTY FROM WHOM YOU ACQUIRED IT. IF YOU DOWNLOADED BulletProof Security Pro
26
+ FROM THE AITPRO WEBSITE, CONTACT AITPRO FOR A REFUND IF APPLICABLE.
27
+
28
+ AITpro Software Products License Information continued:
29
+ You agree to keep the AITpro Software Products License for BulletProof Security Pro, unmodified or altered in any way,
30
+ with the original copy of BulletProof Security Pro that you have and any and all copies or partial copies of BulletProof
31
+ Security Pro that You make.
32
+ */
33
  // Direct calls to this file are Forbidden when core files are not present
34
  if ( ! current_user_can('manage_options') ) {
35
  header('Status: 403 Forbidden');
40
  /** MScan **/
41
  $bps_modal_content1 = '<strong><font color="blue">'.__('For more extensive help info and answers to common issues or problems click the MScan Malware Scanner Guide link above. For troubleshooting help or to post suspicious code click the MScan Troubleshooting & Code Posting link above.', 'bulletproof-security').'</font></strong>
42
 
43
+ <br><br><strong>'.__('MScan General Info', 'bulletproof-security').'</strong><br>'.__('MScan scans WP Core, Plugin and Theme files using file hash comparisons, which is 100% accurate vs conventional pattern matching, which is typically around 75% - 85% accurate. MScan scans all other website files (non-WordPress files) using conventional pattern matching scanning. The pattern matching code is much more extensive in MScan and will hopefully achieve a 95% or higher detection rate. False positives are inevitable when using conventional pattern matching scanning, but since MScan uses file hash comparison scanning for all WP Core, Plugin and Theme files then there will not be any false positives detected for any/all WordPress files (WP Core, Plugins and Themes). MScan automatically downloads WordPress, Plugin and Theme zip files, extracts the zip files, creates file hashes for all files and then deletes the zip files and all extracted folders and files. WP Core, Plugin and Theme zip downloads only occur on the first MScan scan or when a new WordPress, Plugin or Theme version is installed/updated or when the Delete File Hashes Tool is used.', 'bulletproof-security').
44
 
45
+ '<br><br><strong>'.__('File Hash Maker', 'bulletproof-security').'</strong><br>'.__('If new WP Core, Plugin or Theme zip files need to be downloaded and processed you will see the see the "File Hash Maker Time Remaining: 00:00:00: Downloading and extracting zip files" scan status. Once the File Hash Maker has completed it will display the number of zip files processed. Click the Start Scan button after the File Hash Maker has completed to scan files. Note: File scanning does not occur when the File Hash Maker is running to prevent false positive file hash mismatches.', 'bulletproof-security').
46
+
47
+ '<br><br><strong>'.__('Scanning Other WordPress Sites', 'bulletproof-security').'</strong><br>'.__('Website folder checkboxes cannot be checked for other WordPress sites under your hosting account. To scan other WordPress sites under your hosting account run MScan from each site. There are several technical reasons for doing this: Each site may have a different version of WordPress installed and different Plugins and Themes installed. MScan now uses file hash comparisons for each individual site based on the WordPress, Plugin and Theme versions installed on each individual website.', 'bulletproof-security').
48
 
49
+ '<br><br><strong>'.__('Calculating Scan Time Exceeded', 'bulletproof-security').'</strong><br>'.__('If you see "Calculating Scan Time Exceeded: Still calculating estimated scan time" this means that the current scan time estimate is taking longer than expected. The scan will still complete successfully.', 'bulletproof-security').
50
 
51
  '<br><br><strong>'.__('Processing Total File Count', 'bulletproof-security').'</strong><br>'.__('If you see "Processing Total File Count: Still scanning files" that means that the current scan that you are running has not yet processed the total number of files to scan yet. The scan will complete successfully.', 'bulletproof-security').
52
 
 
 
53
  '<br><br><strong>'.__('Error: Files found in the plugin-hashes folder', 'bulletproof-security').'</strong><br>'.__('If you see "Total Files Scanned: Error: Files found in the plugin-hashes folder" that means that files (and probably folders too) were found in the /wp-content/bps-backup/plugin-hashes/ folder. This problem could be caused by uploading a plugin zip file that does not extract the entire plugin folder and instead extracts individual plugin folders and files. To fix this problem you will need to use FTP or your web host control panel file manager and delete all folders and files in the /plugin-hashes/ folder except for this file: plugin-hashes.php. To correctly make a plugin zip file that extracts the entire plugin folder you would right mouse click on the plugin folder, click "send to" and then click "Compressed (zipped) folder" on Windows.', 'bulletproof-security').
54
 
55
  '<br><br><strong>'.__('Error: Files found in the theme-hashes folder', 'bulletproof-security').'</strong><br>'.__('If you see "Total Files Scanned: Error: Files found in the theme-hashes folder" that means that files (and probably folders too) were found in the /wp-content/bps-backup/theme-hashes/ folder. This problem could be caused by uploading a theme zip file that does not extract the entire theme folder and instead extracts individual theme folders and files. To fix this problem you will need to use FTP or your web host control panel file manager and delete all folders and files in the /theme-hashes/ folder except for this file: theme-hashes.php. To correctly make a theme zip file that extracts the entire theme folder you would right mouse click on the theme folder, click "send to" and then click "Compressed (zipped) folder" on Windows.', 'bulletproof-security').
93
  '<br><br><strong>'.__('View|Ignore Suspicious DB Entries', 'bulletproof-security').'</strong><br>'.__('This form allows you to view, ignore or unignore suspicious DB Entries. Note: The view option displays the DB Table, Column, Row ID and the MScan Pattern Match that was detected by the MScan scan. Use phpMyAdmin or a similar tool to check your database Row where the suspicious code was found. When you ignore a DB Entry it will no longer be scanned in any future scans. When you unignore an ignored DB Entry it will be scanned in future scans.', 'bulletproof-security');
94
 
95
  /** MScan Log **/
96
+ $bps_modal_content2 = '<strong>'.__('This Question Mark Help window is draggable (top) and resizable (bottom right corner)', 'bulletproof-security').'</strong><br><br><strong>'.
97
+
98
+ __('MScan Log General Information', 'bulletproof-security').'</strong><br>'.__('Your MScan Log file is a plain text static file and not a dynamic file or dynamic display to keep your website resource usage at a bare minimum and keep your website performance at a maximum. Log entries are logged in descending order by Date and Time. You can copy, edit and delete this plain text file. You can choose Display & Alert Options Email Alerting & Log File Options to automatically email your MScan Log file to you and delete it when it reaches a certain size (256KB, 500KB or 1MB).', 'bulletproof-security').
99
 
100
  '<strong><br><br>'.__('MScan Logging', 'bulletproof-security').'</strong><br>'.__('Logs extensive details about each scan that you run.', 'bulletproof-security').
101
 
102
+ '<strong><br><br>'.__('MScan Log File Size', 'bulletproof-security').'</strong><br>'.__('Displays the size of your MScan Log file. If your log file is larger than 2MB then you will see a Red warning message displayed: The Display & Alert Options Email Alerting & Log File Options will only send log files up to 2MB in size. Copy and paste the MScan Log file contents into a Notepad text file on your computer and save it. Then click the Delete Log button to delete the contents of this Log file.', 'bulletproof-security').'<br><br><strong>'.__('MScan Log Last Modified Time', 'bulletproof-security').
103
 
104
  '</strong><br>'.__('The Reset Last Modified Time in DB option/feature is completely automated and does not require any manual steps performed by you.', 'bulletproof-security').
105
 
106
+ '<br><br><strong>'.__('Delete Log Button', 'bulletproof-security').'</strong><br>'.__('Clicking the Delete Log button will delete the entire contents of your MScan Log File. If you have setup Display & Alert Options Email Alerting & Log Options then the only time you would probably need to use the Delete Log button is if your MScan Log file exceeds 2MB in size.', 'bulletproof-security');
107
 
108
  /** MScan Report **/
109
+ $bps_modal_content3 = '<strong>'.__('This Question Mark Help window is draggable (top) and resizable (bottom right corner)', 'bulletproof-security').'</strong><br><br><strong>'.
110
+
111
+ __('MScan Report General Information', 'bulletproof-security').'</strong><br>'.__('After running a scan your extensive scan results data is displayed on this tab page. If you would like to save your scan results data click the Save MScan Report button. You can save up to 20 scan reports. You can view or delete scan reports on the MScan Saved Reports tab page using the MScan Saved Reports Form.', 'bulletproof-security').
112
 
113
+ '<br><br><strong>'.__('No File Hashes for This Plugin or No File Hashes for This Theme', 'bulletproof-security').'</strong><br>'.__('If you see either of these status messages under Plugin File Hashes or Theme File Hashes then go to the main MScan tab page, click the MScan Question Mark help button and read the "Upload Plugin Zip Files" or "Upload Theme Zip Files" help section.', 'bulletproof-security');
114
 
115
  /** MScan Saved Reports **/
116
+ $bps_modal_content4 = '<strong>'.__('This Question Mark Help window is draggable (top) and resizable (bottom right corner)', 'bulletproof-security').'</strong><br><br><strong>'.
117
+
118
+ __('MScan Saved Reports General Information', 'bulletproof-security').'</strong><br>'.__('You can save up to 20 scan reports. You can view or delete scan reports. If you would like to view a saved scan report select the View Report checkbox for the scan report you would like to view and click the View|Delete Reports button. Scan report data is displayed below the MScan Saved Reports Form. If you would like to delete a saved scan report select the Delete Report checkbox for the scan report you would like to delete and click the View|Delete Reports button. Refresh/reload the MScan Saved Reports tab page when deleting scan reports to see the current MScan Saved Reports Form data.', 'bulletproof-security');
119
 
120
  ?>
admin/mscan/mscan-scan-status.php CHANGED
@@ -5,20 +5,29 @@
5
  <title>MScan Scan Status</title>
6
 
7
  <style>
8
- body {background:white}
9
  html.wp-toolbar{padding:0px}
10
  #wpcontent{margin-left:0px}
11
- #wpadminbar{display:none}
12
- #adminmenuback{display:none}
13
  #adminmenuwrap{display:none}
 
 
14
  #footer-thankyou{display:none}
15
  div#wpfooter{display:none}
16
  div#bps-inpage-message{display:none}
17
  div.update-nag{display:none}
18
  div.notice{display:none}
19
- div#bps-status-display{display:none}
 
 
 
 
 
 
 
20
  div#query-monitor-main{visibility:hidden}
21
- div#MScan-Time-Container {z-index:999999999;position:relative;top:0px;left:0px;background-color:#fff}
22
  div#mscantimer {z-index:999999999;color:#000;font-size:13px!important;font-weight:600!important;line-height:18px;padding:4px 5px 0px 0px;position:relative;top:0px;left:0px;}
23
  #MscanProgressBar {z-index:999999999;position:relative;top:0px;left:0px;width:98%;height:25px;background-color:#e8e8e8;border-radius:2px;-webkit-box-shadow:inset 0 2px 3px rgba(0, 0, 0, 0.25);-moz-box-shadow:inset 0 2px 3px rgba(0, 0, 0, 0.25);box-shadow:inset 0 2px 3px rgba(0, 0, 0, 0.25);}
24
  #MscanBar {z-index:999999999;width:0%;height:25px;font-size:12px!important;font-weight:600!important;text-align:center;line-height:25px;color:white;}
@@ -29,7 +38,7 @@ div#bps-status-display{display:none}
29
  }
30
  @media screen and (min-width: 280px) and (max-width: 960px){
31
  div#wpadminbar{display:none}
32
- div#adminmenu, div#adminmenu .wp-submenu, div#adminmenuback, div#adminmenuwrap{display:none}
33
  }
34
  </style>
35
 
@@ -48,13 +57,9 @@ function AutoRefreshOnce( m ) {
48
  </head>
49
 
50
  <body onload="JavaScript:AutoRefreshOnce(1000);">
 
51
  <?php
52
- // don't add any commented out CSS code in the CSS code above - The commented out code will still be processed.
53
- // Note if someone is displaying the BPS Pro status display in BPS plugin pages only it throws off the iframe section Don't adjust for that and don't use any CSS
54
- // because it causes other problems.
55
-
56
- // A typical site will load wp-load.php using $wp_load_file6.
57
- // The conditions need to check for the nearest wp-load.php file to load the correct file for the site.
58
  if ( ! function_exists( 'get_option' ) ) {
59
  $wp_load_file1 = dirname(__FILE__) . '/wp-load.php';
60
  $wp_load_file2 = dirname(dirname(__FILE__)) . '/wp-load.php';
@@ -99,8 +104,6 @@ function AutoRefreshOnce( m ) {
99
  }
100
  }
101
 
102
- // This function is executed in the js below after the actual scan has completed with MScan Status value: 3 or 5.
103
- // IMPORTANT: Do not echo anything directly in this function. It will break the js timer.
104
  function bpsPro_mscan_completed() {
105
 
106
  $MScan_status = get_option('bulletproof_security_options_MScan_status');
@@ -108,7 +111,36 @@ function bpsPro_mscan_completed() {
108
  $mstime = ! isset($MScan_options['mscan_max_time_limit']) ? '' : $MScan_options['mscan_max_time_limit'];
109
  ini_set('max_execution_time', $mstime);
110
 
111
- if ( isset($MScan_status['bps_mscan_status']) && $MScan_status['bps_mscan_status'] == '3' || isset($MScan_status['bps_mscan_status']) && $MScan_status['bps_mscan_status'] == '5' ) {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
112
 
113
  $MScan_status_db = array(
114
  'bps_mscan_time_start' => $MScan_status['bps_mscan_time_start'],
@@ -166,8 +198,40 @@ function bpsPro_mscan_completed() {
166
  $mscan_db_scan = 0;
167
  }
168
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
169
 
170
- if ( isset($MScan_status['bps_mscan_status']) && $MScan_status['bps_mscan_status'] == '2' || isset($MScan_status['bps_mscan_status']) && $MScan_status['bps_mscan_status'] == '3' || isset($MScan_status['bps_mscan_status']) && $MScan_status['bps_mscan_status'] == '5' ) { ?>
 
 
 
 
 
 
 
 
171
 
172
  <div id="MscanProgressBar">
173
  <div id="MscanBar" class="mscan-progress-bar"></div>
@@ -194,6 +258,9 @@ if ( isset($MScan_status['bps_mscan_status']) && $MScan_status['bps_mscan_status
194
  var suspectI = <?php echo json_encode( $mscan_suspect_files, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_QUOT | JSON_HEX_AMP | JSON_UNESCAPED_UNICODE ); ?>;
195
  var suspectSkipI = <?php echo json_encode( $mscan_suspect_skipped_files, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_QUOT | JSON_HEX_AMP | JSON_UNESCAPED_UNICODE ); ?>;
196
  var suspectDBI = <?php echo json_encode( $mscan_suspect_db, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_QUOT | JSON_HEX_AMP | JSON_UNESCAPED_UNICODE ); ?>;
 
 
 
197
 
198
  var timeRemainingI = futureTimeI - currentTimeI;
199
  var minuteI = 60;
@@ -207,8 +274,6 @@ if ( isset($MScan_status['bps_mscan_status']) && $MScan_status['bps_mscan_status
207
  var minuteFloorFI = ("0" + minuteFloorI).slice(-2);
208
  var secondFloorFI = ("0" + secondFloorI).slice(-2);
209
 
210
- // 1 = On | 0 = Off or 0 in the case of Total Files or Suspect Files | blank value = 0|Off
211
-
212
  if ( totalFilesI == "" ) {
213
  totalFilesI = 0;
214
  }
@@ -229,14 +294,15 @@ if ( isset($MScan_status['bps_mscan_status']) && $MScan_status['bps_mscan_status
229
  suspectDBI = 0;
230
  }
231
 
232
- // This condition prevents displaying the previous scan results if the scan finishes very quickly.
233
- if ( mscanStatusI == 4 && futureTimeI > currentTimeI ) {
234
- document.getElementById("mscantimer").innerHTML = "The Scan Completed Before The Scan Estimate Time Finished. Reload/Refresh The MScan Page For Scan Results.<br />Note: For best scan results reload/refresh the MScan page before running a new scan.";
235
- console.log( "Status: 4 : Future Time > Time : Scan Completed Before The Scan Estimate Time Finished" );
 
236
 
237
- } else {
238
 
239
- if ( mscanStatusI == 4 && skippedScanI == 0 ) {
240
 
241
  if ( dbScanI == 1 ) {
242
  document.getElementById("mscantimer").innerHTML = "Scan Completed [" + timeStampI + "] : Total Scan Time: " + hourFloorFI + ":" + minuteFloorFI + ":" + secondFloorFI + " : Total Files Scanned: " + totalFilesI + " : Skipped Files: " + skippedFilesI + " : Suspicious Files: " + suspectI + " : Suspicious DB Entries: " + suspectDBI + "<br />" + "To view the detailed Scan Report click the View Report button below. Please view the Scan Report before clicking the Suspicious Files and DB Entries accordion tabs below.";
@@ -251,7 +317,7 @@ if ( isset($MScan_status['bps_mscan_status']) && $MScan_status['bps_mscan_status
251
  }
252
  }
253
 
254
- if ( mscanStatusI == 4 && skippedScanI == 1 ) {
255
  document.getElementById("mscantimer").innerHTML = "Skipped File Scan Completed [" + timeStampI + "] : Total Scan Time: " + hourFloorFI + ":" + minuteFloorFI + ":" + secondFloorFI + " : Total Files Scanned: " + totalFilesI + " : Suspicious Files: " + suspectSkipI + "<br />" + "To view the detailed Scan Report click the View Report button below. Please view the Scan Report before clicking the Suspicious Files and DB Entries accordion tabs below.";
256
  window.opener.location.reload();
257
  console.log( "Status: 4 : Future Time < Time : Skipped Files: On : DB Scan: NA" );
@@ -268,18 +334,16 @@ function MScanTimer() {
268
  var scanStop = <?php echo json_encode( $mscan_time_stop, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_QUOT | JSON_HEX_AMP | JSON_UNESCAPED_UNICODE ); ?>;
269
  var totalFiles = <?php echo json_encode( $mscan_total_files, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_QUOT | JSON_HEX_AMP | JSON_UNESCAPED_UNICODE ); ?>;
270
  var mscanStatus = <?php echo json_encode( $mscan_status, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_QUOT | JSON_HEX_AMP | JSON_UNESCAPED_UNICODE ); ?>;
271
-
272
- var timeRemaining = futureTime - (currentTime - 10); // - 10 forces the scan time caculation to appear to end earlier. Just a visual gimmick.
273
- var timeRemainingTE = futureTime - (currentTime + 30); // + 30 second countdown used in Estimated Scan Time Exceeded. Just a visual gimmick.
274
  var timeRemainingPB = futureTime - currentTime;
275
 
276
  var minute = 60;
277
  var hour = 60 * 60;
278
  var day = 60 * 60 * 24;
279
 
280
- // Right to left direction decrease - 100% to 0% width and used in the pBarPercentWidthIncrease math below - don't comment this var out.
281
  var pBarPercentWidthDecrease = Math.round(timeRemainingPB/(futureTime - scanStart) * 100);
282
- // Left to right direction increase - 0% to 100% width
283
  var pBarPercentWidthIncrease = 100 - pBarPercentWidthDecrease;
284
 
285
  var dayFloor = Math.floor(timeRemaining / day);
@@ -308,19 +372,6 @@ function MScanTimer() {
308
 
309
  var ScanCompleted = "<?php bpsPro_mscan_completed(); ?>";
310
 
311
- // IMPORTANT: Reloading the page during any Progress bar conditions breaks the display of the Progress bar.
312
- // Scan times can vary significantly depending on caching and other factors. The visual stuff is primarily for letting someone know things are still happening.
313
- // The only time a scan will not complete successfully will be if the mscan-ajax-functions.php file functions fail for some reason. ie folder/Ownership, etc. problem.
314
- // MScan Status 1 is set when the Start button is clicked and means the scan estimate function is being processed. Has an AJAX action.
315
- // MScan Status 2 is set at the end of the scan estimate function and means the file scanning function and other functions are still being processed.
316
- // MScan Status 3 is set at the end of the file scanning function and means all scanning is completed.
317
- // MScan Status 3 Process the ScanCompleted var, which executes the PHP bpsPro_mscan_completed() function.
318
- // MScan Status 4 is set when the MScan Stop button is clicked and on Scan Completion.
319
- // MScan Status 4 is a "resting/completed" state that displays the scan results.
320
- // MScan Status 5 is set when the Scan Time Estimate Tool button is clicked. Has an AJAX action. 1 > 5 > 4. No longer used.
321
- // futureTime is the current time + the scan estimate time total (time remaining).
322
- // A typical/average file scan range is: 3,000 to 8,000 files.
323
-
324
  if ( futureTime > currentTime ) {
325
 
326
  if ( mscanStatus == 1 && secondFloorF <= 10 ) {
@@ -333,7 +384,6 @@ function MScanTimer() {
333
  console.log( "Status: 1 : Future Time > Time : Calculating Scan Time : secondFloorF > 9 : " + secondFloorF );
334
  }
335
 
336
- // Removing the status 5 condition: mscanStatus == 5 && totalFiles != "". Status 5 is no longer used.
337
  if ( mscanStatus == 2 && totalFiles != "" || mscanStatus == 3 && totalFiles != "" ) {
338
  document.getElementById("MscanBar").style.width = pBarPercentWidthIncrease + '%';
339
  document.getElementById("MscanBar").innerHTML = pBarPercentWidthIncrease + '%';
@@ -341,47 +391,52 @@ function MScanTimer() {
341
  console.log( "Status: 2 or 3: Future Time > Time : Total Files: not blank" );
342
  }
343
 
344
- // A blank value is set on MScan Start button click for the total scannable files DB option.
345
- // Removing the status 5 condition: || mscanStatus == 5 && totalFiles == "". Status 5 is no longer used.
346
  if ( mscanStatus == 2 && totalFiles == "" ) {
347
  document.getElementById("MscanBar").style.width = pBarPercentWidthIncrease + '%';
348
  document.getElementById("MscanBar").innerHTML = pBarPercentWidthIncrease + '%';
349
  document.getElementById("mscantimer").innerHTML = "Processing Total File Count: Still scanning files: 00:00:" + secondFloorFTE;
350
  console.log( "Status: 2: Future Time > Time : Total Files: blank" );
351
  }
352
-
 
 
 
 
 
 
 
353
  } else {
354
 
355
- // Status 5 is no longer used
 
 
 
 
 
356
  if ( mscanStatus == 5 && futureTime < currentTime ) {
357
  window.location.reload(true);
358
- //clearInterval(MScan); // for testing ONLY
359
  console.log( "Status: 5 : Future Time < Time" );
360
  }
361
 
362
- // Clicking MScan Reset sets scanStart to a blank value. scanStop != "stop" prevents an endless reload loop from occurring.
363
  if ( mscanStatus == 4 && futureTime < currentTime && totalFiles == "" && scanStart != "" && scanStop != "stop" ) {
364
  window.location.reload(true);
365
- //window.location=window.location;
366
  console.log( "Status: 4 : Future Time < Time : Total Files: blank : Start: not blank : Stop: not stop" );
367
  }
368
 
369
  if ( mscanStatus == 3 && futureTime < currentTime ) {
370
  window.location.reload(true);
371
- //window.opener.location.reload();
372
  document.getElementById("mscantimer").innerHTML = ScanCompleted;
373
  console.log( "Status: 3 : Future Time < Time : Scan Completed" );
374
  }
375
 
376
- // Unfortunately, this condition goes over and under time. Not much I can do about that.
377
  if ( mscanStatus == 2 && futureTime < currentTime ) {
378
  window.location.reload(true);
379
- document.getElementById("mscantimer").innerHTML = "Estimated Scan Time Exceeded: Still scanning files: 00:00:" + secondFloorFTE;
380
- console.log( "Status: 2 : Future Time < Time : Scan Time Estimate Exceeded. Still Scanning Files." );
381
  }
382
 
383
- if ( mscanStatus == 1 && futureTime < currentTime || mscanStatus == 1 && secondFloorF <= 10 ) {
384
  window.location.reload(true);
 
385
  console.log( "Status: 1 : Future Time < Time : secondFloorF <= 10 : " + secondFloorF );
386
  }
387
  }
5
  <title>MScan Scan Status</title>
6
 
7
  <style>
8
+ body {background:white;}
9
  html.wp-toolbar{padding:0px}
10
  #wpcontent{margin-left:0px}
11
+ #wpadminbar{height:0}
12
+ #adminmenuback{}
13
  #adminmenuwrap{display:none}
14
+ #adminmenu div.wp-menu-name{display:none}
15
+ ul#adminmenu{display:none}
16
  #footer-thankyou{display:none}
17
  div#wpfooter{display:none}
18
  div#bps-inpage-message{display:none}
19
  div.update-nag{display:none}
20
  div.notice{display:none}
21
+ div.notice-message{display:none}
22
+ div.notice-success{display:none}
23
+ div.notice-error{display:none}
24
+ div.notice-warning{display:none}
25
+ div.notice-info{display:none}
26
+ div.is-dismissible{display:none}
27
+ div#message{display:none}
28
+ div#bps-status-display{}
29
  div#query-monitor-main{visibility:hidden}
30
+ div#MScan-Time-Container {z-index:999999999;position:relative;top:0px;left:0px;background-color:#fff;}
31
  div#mscantimer {z-index:999999999;color:#000;font-size:13px!important;font-weight:600!important;line-height:18px;padding:4px 5px 0px 0px;position:relative;top:0px;left:0px;}
32
  #MscanProgressBar {z-index:999999999;position:relative;top:0px;left:0px;width:98%;height:25px;background-color:#e8e8e8;border-radius:2px;-webkit-box-shadow:inset 0 2px 3px rgba(0, 0, 0, 0.25);-moz-box-shadow:inset 0 2px 3px rgba(0, 0, 0, 0.25);box-shadow:inset 0 2px 3px rgba(0, 0, 0, 0.25);}
33
  #MscanBar {z-index:999999999;width:0%;height:25px;font-size:12px!important;font-weight:600!important;text-align:center;line-height:25px;color:white;}
38
  }
39
  @media screen and (min-width: 280px) and (max-width: 960px){
40
  div#wpadminbar{display:none}
41
+ div#adminmenu, div#adminmenu .wp-submenu, div#adminmenuwrap{display:none}
42
  }
43
  </style>
44
 
57
  </head>
58
 
59
  <body onload="JavaScript:AutoRefreshOnce(1000);">
60
+
61
  <?php
62
+
 
 
 
 
 
63
  if ( ! function_exists( 'get_option' ) ) {
64
  $wp_load_file1 = dirname(__FILE__) . '/wp-load.php';
65
  $wp_load_file2 = dirname(dirname(__FILE__)) . '/wp-load.php';
104
  }
105
  }
106
 
 
 
107
  function bpsPro_mscan_completed() {
108
 
109
  $MScan_status = get_option('bulletproof_security_options_MScan_status');
111
  $mstime = ! isset($MScan_options['mscan_max_time_limit']) ? '' : $MScan_options['mscan_max_time_limit'];
112
  ini_set('max_execution_time', $mstime);
113
 
114
+ if ( isset($MScan_status['bps_mscan_status']) && $MScan_status['bps_mscan_status'] == '9' ) {
115
+
116
+ $MScan_status_db = array(
117
+ 'bps_mscan_time_start' => $MScan_status['bps_mscan_time_start'],
118
+ 'bps_mscan_time_stop' => $MScan_status['bps_mscan_time_stop'],
119
+ 'bps_mscan_time_end' => $MScan_status['bps_mscan_time_end'],
120
+ 'bps_mscan_time_remaining' => $MScan_status['bps_mscan_time_remaining'],
121
+ 'bps_mscan_status' => '8',
122
+ 'bps_mscan_last_scan_timestamp' => $MScan_status['bps_mscan_last_scan_timestamp'],
123
+ 'bps_mscan_total_time' => $MScan_status['bps_mscan_total_time'],
124
+ 'bps_mscan_total_website_files' => '',
125
+ 'bps_mscan_total_wp_core_files' => $MScan_status['bps_mscan_total_wp_core_files'],
126
+ 'bps_mscan_total_non_image_files' => $MScan_status['bps_mscan_total_non_image_files'],
127
+ 'bps_mscan_total_image_files' => '',
128
+ 'bps_mscan_total_all_scannable_files' => $MScan_status['bps_mscan_total_all_scannable_files'],
129
+ 'bps_mscan_total_skipped_files' => $MScan_status['bps_mscan_total_skipped_files'],
130
+ 'bps_mscan_total_suspect_files' => $MScan_status['bps_mscan_total_suspect_files'],
131
+ 'bps_mscan_suspect_skipped_files' => $MScan_status['bps_mscan_suspect_skipped_files'],
132
+ 'bps_mscan_total_suspect_db' => $MScan_status['bps_mscan_total_suspect_db'],
133
+ 'bps_mscan_total_ignored_files' => $MScan_status['bps_mscan_total_ignored_files'],
134
+ 'bps_mscan_total_plugin_files' => $MScan_status['bps_mscan_total_plugin_files'],
135
+ 'bps_mscan_total_theme_files' => $MScan_status['bps_mscan_total_theme_files']
136
+ );
137
+
138
+ foreach( $MScan_status_db as $key => $value ) {
139
+ update_option('bulletproof_security_options_MScan_status', $MScan_status_db);
140
+ }
141
+ }
142
+
143
+ if ( isset($MScan_status['bps_mscan_status']) && $MScan_status['bps_mscan_status'] == '3' || isset($MScan_status['bps_mscan_status']) && $MScan_status['bps_mscan_status'] == '2' ) {
144
 
145
  $MScan_status_db = array(
146
  'bps_mscan_time_start' => $MScan_status['bps_mscan_time_start'],
198
  $mscan_db_scan = 0;
199
  }
200
 
201
+ $mscan_hash_status_options = get_option('bulletproof_security_options_mscan_hash_status');
202
+
203
+ $mscan_wp_core_hash_status = isset($mscan_hash_status_options['mscan_wp_core_hash_status']) ? $mscan_hash_status_options['mscan_wp_core_hash_status'] : '';
204
+ $mscan_wp_core_hash_count = isset($mscan_hash_status_options['mscan_wp_core_hash_count']) ? $mscan_hash_status_options['mscan_wp_core_hash_count'] : '';
205
+ $mscan_plugin_hash_status = isset($mscan_hash_status_options['mscan_plugin_hash_status']) ? $mscan_hash_status_options['mscan_plugin_hash_status'] : '';
206
+ $mscan_plugin_hash_count = isset($mscan_hash_status_options['mscan_plugin_hash_count']) ? $mscan_hash_status_options['mscan_plugin_hash_count'] : '';
207
+ $mscan_theme_hash_status = isset($mscan_hash_status_options['mscan_theme_hash_status']) ? $mscan_hash_status_options['mscan_theme_hash_status'] : '';
208
+ $mscan_theme_hash_count = isset($mscan_hash_status_options['mscan_theme_hash_count']) ? $mscan_hash_status_options['mscan_theme_hash_count'] : '';
209
+
210
+ if ( $mscan_wp_core_hash_status == '1' ) {
211
+ $mscan_wp_core_status = 'WP Core Zip Files: ' . $mscan_wp_core_hash_count;
212
+ } elseif ( $mscan_wp_core_hash_status == '0' ) {
213
+ $mscan_wp_core_status = 'WP Core Zip Files: Error';
214
+ } else {
215
+ $mscan_wp_core_status = 'WP Core Zip Files: 0';
216
+ }
217
+
218
+ if ( $mscan_plugin_hash_status == '1' ) {
219
+ $mscan_plugin_status = 'Plugin Zip Files: ' . $mscan_plugin_hash_count;
220
+ } elseif ( $mscan_plugin_hash_status == '0' ) {
221
+ $mscan_plugin_status = 'Plugin Zip Files: Error';
222
+ } else {
223
+ $mscan_plugin_status = 'Plugin Zip Files: 0';
224
+ }
225
 
226
+ if ( $mscan_theme_hash_status == '1' ) {
227
+ $mscan_theme_status = 'Theme Zip Files: ' . $mscan_theme_hash_count;
228
+ } elseif ( $mscan_theme_hash_status == '0' ) {
229
+ $mscan_theme_status = 'Theme Zip Files: Error';
230
+ } else {
231
+ $mscan_theme_status = 'Theme Zip Files: 0';
232
+ }
233
+
234
+ if ( isset($MScan_status['bps_mscan_status']) && $MScan_status['bps_mscan_status'] == '2' || isset($MScan_status['bps_mscan_status']) && $MScan_status['bps_mscan_status'] == '3' || isset($MScan_status['bps_mscan_status']) && $MScan_status['bps_mscan_status'] == '5' || isset($MScan_status['bps_mscan_status']) && $MScan_status['bps_mscan_status'] == '9' ) { ?>
235
 
236
  <div id="MscanProgressBar">
237
  <div id="MscanBar" class="mscan-progress-bar"></div>
258
  var suspectI = <?php echo json_encode( $mscan_suspect_files, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_QUOT | JSON_HEX_AMP | JSON_UNESCAPED_UNICODE ); ?>;
259
  var suspectSkipI = <?php echo json_encode( $mscan_suspect_skipped_files, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_QUOT | JSON_HEX_AMP | JSON_UNESCAPED_UNICODE ); ?>;
260
  var suspectDBI = <?php echo json_encode( $mscan_suspect_db, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_QUOT | JSON_HEX_AMP | JSON_UNESCAPED_UNICODE ); ?>;
261
+ var wpCoreZipI = <?php echo json_encode( $mscan_wp_core_status, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_QUOT | JSON_HEX_AMP | JSON_UNESCAPED_UNICODE ); ?>;
262
+ var pluginZipI = <?php echo json_encode( $mscan_plugin_status, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_QUOT | JSON_HEX_AMP | JSON_UNESCAPED_UNICODE ); ?>;
263
+ var themeZipI = <?php echo json_encode( $mscan_theme_status, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_QUOT | JSON_HEX_AMP | JSON_UNESCAPED_UNICODE ); ?>;
264
 
265
  var timeRemainingI = futureTimeI - currentTimeI;
266
  var minuteI = 60;
274
  var minuteFloorFI = ("0" + minuteFloorI).slice(-2);
275
  var secondFloorFI = ("0" + secondFloorI).slice(-2);
276
 
 
 
277
  if ( totalFilesI == "" ) {
278
  totalFilesI = 0;
279
  }
294
  suspectDBI = 0;
295
  }
296
 
297
+ if ( mscanStatusI == 8 && futureTimeI < currentTimeI ) {
298
+ document.getElementById("mscantimer").innerHTML = "Hash Maker Completed [" + timeStampI + "] : Total Time: " + hourFloorFI + ":" + minuteFloorFI + ":" + secondFloorFI + " : Total Zip Files Downloaded, Extracted and File Hashes Created: " + wpCoreZipI + " : " + pluginZipI + " : " + themeZipI + "<br />" + "Scanning is turned off when WP Core, Plugin or Theme zip files are being processed. Click the Start Scan button to run a file scan.";
299
+ window.opener.location.reload();
300
+ console.log( "Status: 8 : Future Time < Time : Hash Maker Completed" );
301
+ }
302
 
303
+ if ( mscanStatusI == 4 && futureTimeI < currentTimeI ) {
304
 
305
+ if ( skippedScanI == 0 ) {
306
 
307
  if ( dbScanI == 1 ) {
308
  document.getElementById("mscantimer").innerHTML = "Scan Completed [" + timeStampI + "] : Total Scan Time: " + hourFloorFI + ":" + minuteFloorFI + ":" + secondFloorFI + " : Total Files Scanned: " + totalFilesI + " : Skipped Files: " + skippedFilesI + " : Suspicious Files: " + suspectI + " : Suspicious DB Entries: " + suspectDBI + "<br />" + "To view the detailed Scan Report click the View Report button below. Please view the Scan Report before clicking the Suspicious Files and DB Entries accordion tabs below.";
317
  }
318
  }
319
 
320
+ if ( skippedScanI == 1 ) {
321
  document.getElementById("mscantimer").innerHTML = "Skipped File Scan Completed [" + timeStampI + "] : Total Scan Time: " + hourFloorFI + ":" + minuteFloorFI + ":" + secondFloorFI + " : Total Files Scanned: " + totalFilesI + " : Suspicious Files: " + suspectSkipI + "<br />" + "To view the detailed Scan Report click the View Report button below. Please view the Scan Report before clicking the Suspicious Files and DB Entries accordion tabs below.";
322
  window.opener.location.reload();
323
  console.log( "Status: 4 : Future Time < Time : Skipped Files: On : DB Scan: NA" );
334
  var scanStop = <?php echo json_encode( $mscan_time_stop, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_QUOT | JSON_HEX_AMP | JSON_UNESCAPED_UNICODE ); ?>;
335
  var totalFiles = <?php echo json_encode( $mscan_total_files, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_QUOT | JSON_HEX_AMP | JSON_UNESCAPED_UNICODE ); ?>;
336
  var mscanStatus = <?php echo json_encode( $mscan_status, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_QUOT | JSON_HEX_AMP | JSON_UNESCAPED_UNICODE ); ?>;
337
+
338
+ var timeRemaining = futureTime - (currentTime - 10);
339
+ var timeRemainingTE = futureTime - (currentTime + 30);
340
  var timeRemainingPB = futureTime - currentTime;
341
 
342
  var minute = 60;
343
  var hour = 60 * 60;
344
  var day = 60 * 60 * 24;
345
 
 
346
  var pBarPercentWidthDecrease = Math.round(timeRemainingPB/(futureTime - scanStart) * 100);
 
347
  var pBarPercentWidthIncrease = 100 - pBarPercentWidthDecrease;
348
 
349
  var dayFloor = Math.floor(timeRemaining / day);
372
 
373
  var ScanCompleted = "<?php bpsPro_mscan_completed(); ?>";
374
 
 
 
 
 
 
 
 
 
 
 
 
 
 
375
  if ( futureTime > currentTime ) {
376
 
377
  if ( mscanStatus == 1 && secondFloorF <= 10 ) {
384
  console.log( "Status: 1 : Future Time > Time : Calculating Scan Time : secondFloorF > 9 : " + secondFloorF );
385
  }
386
 
 
387
  if ( mscanStatus == 2 && totalFiles != "" || mscanStatus == 3 && totalFiles != "" ) {
388
  document.getElementById("MscanBar").style.width = pBarPercentWidthIncrease + '%';
389
  document.getElementById("MscanBar").innerHTML = pBarPercentWidthIncrease + '%';
391
  console.log( "Status: 2 or 3: Future Time > Time : Total Files: not blank" );
392
  }
393
 
 
 
394
  if ( mscanStatus == 2 && totalFiles == "" ) {
395
  document.getElementById("MscanBar").style.width = pBarPercentWidthIncrease + '%';
396
  document.getElementById("MscanBar").innerHTML = pBarPercentWidthIncrease + '%';
397
  document.getElementById("mscantimer").innerHTML = "Processing Total File Count: Still scanning files: 00:00:" + secondFloorFTE;
398
  console.log( "Status: 2: Future Time > Time : Total Files: blank" );
399
  }
400
+
401
+ if ( mscanStatus == 9 ) {
402
+ document.getElementById("MscanBar").style.width = pBarPercentWidthIncrease + '%';
403
+ document.getElementById("MscanBar").innerHTML = pBarPercentWidthIncrease + '%';
404
+ document.getElementById("mscantimer").innerHTML = "File Hash Maker Time Remaining: " + hourFloorFPB + ":" + minuteFloorFPB + ":" + secondFloorFPB + " : " + "Downloading and extracting zip files";
405
+ console.log( "Status: 9 : Future Time > Time : Hash Maker : File Scanning Stopped" );
406
+ }
407
+
408
  } else {
409
 
410
+ if ( mscanStatus == 9 && futureTime < currentTime ) {
411
+ window.location.reload(true);
412
+ document.getElementById("mscantimer").innerHTML = ScanCompleted;
413
+ console.log( "Status: 9 : Future Time < Time : Hash Maker Completed" );
414
+ }
415
+
416
  if ( mscanStatus == 5 && futureTime < currentTime ) {
417
  window.location.reload(true);
 
418
  console.log( "Status: 5 : Future Time < Time" );
419
  }
420
 
 
421
  if ( mscanStatus == 4 && futureTime < currentTime && totalFiles == "" && scanStart != "" && scanStop != "stop" ) {
422
  window.location.reload(true);
 
423
  console.log( "Status: 4 : Future Time < Time : Total Files: blank : Start: not blank : Stop: not stop" );
424
  }
425
 
426
  if ( mscanStatus == 3 && futureTime < currentTime ) {
427
  window.location.reload(true);
 
428
  document.getElementById("mscantimer").innerHTML = ScanCompleted;
429
  console.log( "Status: 3 : Future Time < Time : Scan Completed" );
430
  }
431
 
 
432
  if ( mscanStatus == 2 && futureTime < currentTime ) {
433
  window.location.reload(true);
434
+ console.log( "Status: 2 : Future Time < Time : No HTML is echoed: " + secondFloorF );
 
435
  }
436
 
437
+ if ( mscanStatus == 1 && futureTime < currentTime && secondFloorF <= 10 && scanStart != "" ) {
438
  window.location.reload(true);
439
+ document.getElementById("mscantimer").innerHTML = "Calculating Scan Time Exceeded: Still calculating estimated scan time: " + secondFloorFTE;
440
  console.log( "Status: 1 : Future Time < Time : secondFloorF <= 10 : " + secondFloorF );
441
  }
442
  }
admin/mscan/mscan.php CHANGED
@@ -14,10 +14,7 @@ div.notice{display:none}
14
  <noscript><div id="message" class="updated" style="font-weight:600;font-size:13px;padding:5px;background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><span style="color:blue">BPS Warning: JavaScript is disabled in your Browser</span><br />BPS plugin pages will not display visually correct and all BPS JavaScript functionality will not work correctly.</div></noscript>
15
 
16
  <?php
17
- ## 2.9: Created new file for mscan pattern matching code. If web host deletes or nulls that file or Dir then mscan will not work, but BPS Pro will still work.
18
- ## 4.8: Major rebuild: Plugin and Theme files will be checked using MD5 file hash comparisons. Will still offer pattern matching, but am recommending
19
- ## Premium/custom plugin and theme zip uploads so that MD5 hashes can be made from those plugin and theme files.
20
- ## MScan pattern matching code is now saved in the DB.
21
  function bpsPro_mscan_pattern_match_file_check() {
22
 
23
  $mscan_db_pattern_match_options = get_option('bulletproof_security_options_mscan_patterns');
@@ -52,6 +49,7 @@ bpsPro_mscan_pattern_match_file_check();
52
  function bpsPro_firefox_browser_check() {
53
 
54
  $user_agent = false;
 
55
  if ( array_key_exists('HTTP_USER_AGENT', $_SERVER) ) {
56
  $user_agent = $_SERVER['HTTP_USER_AGENT'];
57
  }
@@ -63,6 +61,19 @@ function bpsPro_firefox_browser_check() {
63
  }
64
  bpsPro_firefox_browser_check();
65
 
 
 
 
 
 
 
 
 
 
 
 
 
 
66
  ?>
67
 
68
  <div id="message" class="updated" style="border:1px solid #999;background-color:#000;">
@@ -72,10 +83,10 @@ bpsPro_firefox_browser_check();
72
  $bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
73
  $bps_bottomDiv = '</p></div>';
74
 
75
- // General all purpose "Settings Saved." message for forms
76
- if ( current_user_can('manage_options') && wp_script_is( 'bps-accordion', $list = 'queue' ) ) {
77
- if ( isset( $_GET['settings-updated'] ) && $_GET['settings-updated'] == true) {
78
- $text = '<p style="font-size:1em;font-weight:bold;padding:2px 0px 2px 5px;margin:0px -11px 0px -11px;background-color:#dfecf2;-webkit-box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);""><font color="green"><strong>'.__('Settings Saved', 'bulletproof-security').'</strong></font></p>';
79
  echo $text;
80
  }
81
  }
@@ -92,7 +103,6 @@ $bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );
92
  $wp_upload_dir = wp_upload_dir();
93
  $bps_uploads_dir = str_replace( ABSPATH, '', $wp_upload_dir['basedir'] );
94
 
95
- // Get Real IP address - USE EXTREME CAUTION!!!
96
  function bpsPro_get_real_ip_address_mscan() {
97
 
98
  if ( is_admin() && current_user_can('manage_options') ) {
@@ -150,8 +160,6 @@ function bpsPro_get_real_ip_address_mscan() {
150
  }
151
  }
152
 
153
- // Create a new Deny All .htaccess file on first page load with users current IP address to allow the cc-master.zip file to be downloaded
154
- // Create a new Deny All .htaccess file if IP address is not current
155
  function bpsPro_Core_mscan_deny_all() {
156
 
157
  if ( is_admin() && current_user_can('manage_options') ) {
@@ -227,7 +235,7 @@ bpsPro_Core_mscan_deny_all();
227
  <div id="bps-modal-content1" class="bps-dialog-hide" title="<?php _e('MScan', 'bulletproof-security'); ?>">
228
  <p>
229
  <?php
230
- $text = '<strong>'.__('This Question Mark Help window is draggable (top) and resizable (bottom right corner)', 'bulletproof-security').'</strong><br><br>';
231
  echo $text;
232
 
233
  $bpsPro_text = '<strong><font color="blue">'.__('Want even more security protection for the ridiculously cheap one-time price of $69.95', 'bulletproof-security').'</font><br>'.__('BPS Pro comes with free unlimited installations, upgrades & support for life. No yearly subscriptions or additional costs.', 'bulletproof-security').'<br><br>'.__('BBS Pro has an amazing track record. BPS Pro is installed on 60,000+ websites. Not a single one of those websites has been hacked in 10+ years.', 'bulletproof-security').'<br><br><a href="https://affiliates.ait-pro.com/po/" target="_blank" title="Get BPS Pro">'.__('Get BPS Pro', 'bulletproof-security').'</a><br><a href="https://www.ait-pro.com/bps-features/" target="_blank" title="BPS Pro Features">'.__('BPS Pro Features', 'bulletproof-security').'</a></strong><br><br>';
@@ -260,7 +268,112 @@ function closeWin() {
260
  </script>
261
 
262
  <?php
263
- // Form Processing: Reset MScan: Deletes the bpspro_mscan DB table, saves blank values for the MScan Status DB options.
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
264
  if ( isset( $_POST['Submit-MScan-Reset'] ) && current_user_can('manage_options') ) {
265
  check_admin_referer('bulletproof_security_mscan_reset');
266
 
@@ -299,7 +412,7 @@ function closeWin() {
299
  'bps_mscan_time_stop' => '',
300
  'bps_mscan_time_end' => '',
301
  'bps_mscan_time_remaining' => '',
302
- 'bps_mscan_status' => '4',
303
  'bps_mscan_last_scan_timestamp' => '',
304
  'bps_mscan_total_time' => '',
305
  'bps_mscan_total_website_files' => '',
@@ -320,14 +433,25 @@ function closeWin() {
320
  update_option('bulletproof_security_options_MScan_status', $MScan_status_db);
321
  }
322
 
 
 
 
 
 
 
 
 
 
 
 
 
 
323
  echo $bps_topDiv;
324
  $text = '<font color="green"><strong>'.__('MScan scan results and data has been deleted. Your MScan option settings have not been deleted.', 'bulletproof-security').'</strong></font>';
325
  echo $text;
326
  echo $bps_bottomDiv;
327
  }
328
 
329
- // Form Processing: Delete File Hashes Tool: Deletes the plugin and theme hash DB options
330
- // and the no zip download DB option (premium/paid and custom plugins and themes or plugins and themes without a zip version #).
331
  if ( isset( $_POST['Submit-MScan-Delete-Hashes'] ) && current_user_can('manage_options') ) {
332
  check_admin_referer('bulletproof_security_mscan_delete_hashes');
333
 
@@ -337,13 +461,25 @@ function closeWin() {
337
  delete_option('bulletproof_security_options_mscan_t_hash_new');
338
  delete_option('bulletproof_security_options_mscan_nodownload');
339
 
 
 
 
 
 
 
 
 
 
 
 
 
 
340
  echo $bps_topDiv;
341
  $text = '<font color="green"><strong>'.__('MScan Plugin and Theme file hashes have been deleted. New Plugin and Theme file hashes will be created the next time you run a scan. You should also click the MScan Reset button after using this tool. Your MScan option settings have not been deleted.', 'bulletproof-security').'</strong></font>';
342
  echo $text;
343
  echo $bps_bottomDiv;
344
  }
345
 
346
- // Form Processing: MScan Stop
347
  if ( isset( $_POST['Submit-MScan-Stop'] ) && current_user_can('manage_options') ) {
348
  check_admin_referer( 'bulletproof_security_mscan_stop' );
349
 
@@ -384,7 +520,7 @@ function closeWin() {
384
  }
385
 
386
  echo $bps_topDiv;
387
- $text = '<font color="green"><strong>'.__('MScan scanning has been stopped. Note: The Stop Scan button also stops the Scan Time Estimate Tool from calculating estimated scan time.', 'bulletproof-security').'</strong></font>'.$mscan_scan_skipped_files_message;
388
  echo $text;
389
  echo $bps_bottomDiv;
390
  }
@@ -408,7 +544,6 @@ global $bps_topDiv, $bps_bottomDiv;
408
 
409
  bpsPro_mscan_displayed_messages();
410
 
411
- // Form Processing: Scan Time Estimate Tool Form > Start
412
  if ( isset( $_POST['Submit-MScan-Time-Estimate'] ) && current_user_can('manage_options') ) {
413
  check_admin_referer('bulletproof_security_mscan_time_estimate');
414
 
@@ -441,7 +576,7 @@ bpsPro_mscan_displayed_messages();
441
  'bps_mscan_total_wp_core_files' => $bps_mscan_total_wp_core_files,
442
  'bps_mscan_total_non_image_files' => $bps_mscan_total_non_image_files,
443
  'bps_mscan_total_image_files' => '',
444
- 'bps_mscan_total_all_scannable_files' => '', // this needs to be reset/blank on each new scan. extremely large or small file scans have whacky results.
445
  'bps_mscan_total_skipped_files' => $bps_mscan_total_skipped_files,
446
  'bps_mscan_total_suspect_files' => $bps_mscan_total_suspect_files,
447
  'bps_mscan_suspect_skipped_files' => $bps_mscan_suspect_skipped_files,
@@ -456,7 +591,6 @@ bpsPro_mscan_displayed_messages();
456
  }
457
  }
458
 
459
- // Form Processing: MScan Start
460
  if ( isset( $_POST['Submit-MScan-Start'] ) && current_user_can('manage_options') ) {
461
  check_admin_referer( 'bulletproof_security_mscan_start' );
462
 
@@ -479,18 +613,18 @@ bpsPro_mscan_displayed_messages();
479
  $bps_mscan_total_theme_files = ! isset($MScan_status['bps_mscan_total_theme_files']) ? '' : $MScan_status['bps_mscan_total_theme_files'];
480
 
481
  $MScan_status_db = array(
482
- 'bps_mscan_time_start' => $bps_mscan_time_start, // note: time start does not occur here. It occurs in the scan time estimate function.
483
  'bps_mscan_time_stop' => '',
484
- 'bps_mscan_time_end' => time() + 10,
485
- 'bps_mscan_time_remaining' => time() + 10, // +10 is the calculating scan time countdown. Don't go any lower than +10.
486
- 'bps_mscan_status' => '1', // Time Remaining is updated in the scan time estimate function with the estimated scan time.
487
  'bps_mscan_last_scan_timestamp' => $bps_mscan_last_scan_timestamp,
488
  'bps_mscan_total_time' => $bps_mscan_total_time,
489
  'bps_mscan_total_website_files' => '',
490
  'bps_mscan_total_wp_core_files' => $bps_mscan_total_wp_core_files,
491
  'bps_mscan_total_non_image_files' => $bps_mscan_total_non_image_files,
492
  'bps_mscan_total_image_files' => '',
493
- 'bps_mscan_total_all_scannable_files' => '', // this needs to be reset/blank on each new scan. extremely large or small file scans have whacky results.
494
  'bps_mscan_total_skipped_files' => $bps_mscan_total_skipped_files,
495
  'bps_mscan_total_suspect_files' => $bps_mscan_total_suspect_files,
496
  'bps_mscan_suspect_skipped_files' => $bps_mscan_suspect_skipped_files,
@@ -504,23 +638,33 @@ bpsPro_mscan_displayed_messages();
504
  update_option('bulletproof_security_options_MScan_status', $MScan_status_db);
505
  }
506
 
 
 
 
 
 
 
 
 
 
 
 
 
 
507
  if ( ! get_option('bulletproof_security_options_mscan_theme_hash') || ! get_option('bulletproof_security_options_mscan_plugin_hash') ) {
508
  echo $bps_topDiv;
509
- $text = '<strong><font color="blue">'.__('First Time Scan or the Delete File Hashes Tool was used', 'bulletproof-security').'</font><br><font color="green">'.__('You will only see this message the first time you do a scan or if you use the Delete Files Hashes Tool. In order to make sure all Plugin and Theme hash files are created successfully no file scanning will occur during this scan. You can run a new scan after this scan has completed.', 'bulletproof-security').'</font></strong>';
510
  echo $text;
511
  echo $bps_bottomDiv;
512
  }
513
  }
514
 
515
- // Form Processing: MScan Report. I want the page to refresh/reload with a POST instead of GET so that
516
- // Scan Report scan data is current and the Suspicious Files/DB accordion tab forms scan data is current.
517
  if ( isset( $_POST['Submit-MScan-Report'] ) && current_user_can('manage_options') ) {
518
  check_admin_referer( 'bulletproof_security_mscan_report' );
519
- // don't need to echo a message
520
  }
521
  ?>
522
 
523
- <div id="MscanStartStopResetTable" style="position:relative;top:0px;left:-2px;margin:0px;">
524
 
525
  <table width="400" border="0">
526
  <tr>
@@ -557,8 +701,7 @@ bpsPro_mscan_displayed_messages();
557
  <div id="mscan-accordion-inner">
558
 
559
  <?php
560
- // Form Processing: MScan Options Form
561
- // Important: This Form processing code MUST be above the Form & bpsPro_save_mscan_options() function so that new DB option values are current.
562
  if ( isset( $_POST['Submit-MScan-Options'] ) && current_user_can('manage_options') ) {
563
  check_admin_referer('bulletproof_security_mscan_options');
564
 
@@ -636,40 +779,46 @@ if ( isset( $_POST['Submit-MScan-Options'] ) && current_user_can('manage_options
636
  $dir_array_merge = array_merge($dir_array, $home_dir_array);
637
  $dir_flip = array_flip($dir_array_merge);
638
 
639
- // replace values in the flipped array with blank values.
640
- // This seems wrong, but it is not > The $mscan_dirs_checked array (actual checked form checkboxes) is merged below.
641
- // I don't need to strip out any other WP sites since the form will not allow checking checkboxes for other WP sites.
642
  $mscan_actual_dirs = array();
643
 
644
  foreach ( $dir_flip as $key => $value ) {
645
  $mscan_actual_dirs[$key] = preg_replace( '/\d/', "", $value );
646
  }
647
 
648
- // get dirs that do not exist in the bps_mscan_dirs db option. ie an unchecked form checkbox.
649
  $mscan_diff_key_dir = array_diff_key( $mscan_actual_dirs, $mscan_dirs_checked );
650
-
651
- // merge checked form checkboxes and dir array with blank values
652
  $mscan_array_merge = array_merge( $mscan_diff_key_dir, $mscan_dirs_checked );
653
  ksort($mscan_array_merge);
654
 
655
  break;
656
  }
657
 
658
- // Add an additional newline for: mscan_exclude_tmp_files so the last file is included in the array
659
- // when using explode()
660
- $mscan_exclude_tmp_files = $_POST['mscan_exclude_tmp_files'] . "\n";
661
  $mscan_exclude_tmp_files = preg_replace("/(\n\n|\n\n\n|\n\n\n\n)/", "\n", $mscan_exclude_tmp_files);
662
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
663
  $MS_Options = array(
664
  'bps_mscan_dirs' => $mscan_array_merge,
665
- 'mscan_max_file_size' => esc_html($_POST['mscan_max_file_size']),
666
- 'mscan_max_time_limit' => esc_html($_POST['mscan_max_time_limit']),
667
  'mscan_scan_database' => $_POST['mscan_scan_database_select'],
668
  'mscan_scan_images' => 'Off',
669
  'mscan_scan_skipped_files' => $_POST['mscan_scan_skipped_files_select'],
670
  'mscan_scan_delete_tmp_files' => $_POST['mscan_scan_delete_tmp_files_select'],
671
- 'mscan_scan_frequency' => 'Off',
672
- 'mscan_exclude_dirs' => $_POST['mscan_exclude_dirs'],
673
  'mscan_exclude_tmp_files' => $mscan_exclude_tmp_files,
674
  'mscan_file_size_limit_hidden' => '14'
675
  );
@@ -701,9 +850,6 @@ if ( isset( $_POST['Submit-MScan-Options'] ) && current_user_can('manage_options
701
  echo $bps_bottomDiv;
702
  }
703
 
704
- // Get any new dirs that have been created and remove any old dirs from the bps_mscan_dirs db option.
705
- // Update the bps_mscan_dirs db option for use in the MscanOptions Form.
706
- // 15.4: MScan now does 2 dir iterations: ABSPATH and Home directory and merges the results.
707
  function bpsPro_save_mscan_options() {
708
 
709
  $MScan_options = get_option('bulletproof_security_options_MScan');
@@ -764,7 +910,6 @@ function bpsPro_save_mscan_options() {
764
  $dir_array_merge = array_merge($dir_array, $home_dir_array);
765
  $dir_flip = array_flip($dir_array_merge);
766
 
767
- // replace values in the flipped array, good for bulk replacing all values. ie all dirs found.
768
  $mscan_actual_dirs = array();
769
  $pattern = '/define\((\s|)\'WP_USE_THEMES/';
770
 
@@ -799,18 +944,17 @@ function bpsPro_save_mscan_options() {
799
  }
800
  }
801
 
802
- // Only processed once on first MScan page load
803
  if ( empty($MScan_options['bps_mscan_dirs']) ) {
804
 
805
- $mscan_max_file_size = isset($MScan_options['mscan_max_file_size']) ? $MScan_options['mscan_max_file_size'] : '400';
806
- $mscan_max_time_limit = isset($MScan_options['mscan_max_time_limit']) ? $MScan_options['mscan_max_time_limit'] : '300';
807
- $mscan_scan_database = isset($MScan_options['mscan_scan_database']) ? $MScan_options['mscan_scan_database'] : 'On';
808
- $mscan_scan_skipped_files = isset($MScan_options['mscan_scan_skipped_files']) ? $MScan_options['mscan_scan_skipped_files'] : 'Off';
809
- $mscan_scan_delete_tmp_files = isset($MScan_options['mscan_scan_delete_tmp_files']) ? $MScan_options['mscan_scan_delete_tmp_files'] : 'Off';
810
- $mscan_scan_frequency = isset($MScan_options['mscan_scan_frequency']) ? $MScan_options['mscan_scan_frequency'] : 'Off';
811
  $mscan_exclude_dirs = isset($MScan_options['mscan_exclude_dirs']) ? $MScan_options['mscan_exclude_dirs'] : '';
812
  $mscan_exclude_tmp_files = isset($MScan_options['mscan_exclude_tmp_files']) ? $MScan_options['mscan_exclude_tmp_files'] : '';
813
- $mscan_file_size_limit_hidden = ! isset($MScan_options['mscan_file_size_limit_hidden']) ? '14' : $MScan_options['mscan_file_size_limit_hidden'];
814
 
815
  $MS_Options = array(
816
  'bps_mscan_dirs' => $mscan_actual_dirs,
@@ -838,10 +982,7 @@ function bpsPro_save_mscan_options() {
838
  $mscan_dirs_options_inner_array[$key] = $value;
839
  }
840
 
841
- // get new dirs found that do not exist in the bps_mscan_dirs db option. ie a new dir has been created.
842
  $mscan_diff_key_dir = array_diff_key($mscan_actual_dirs, $mscan_dirs_options_inner_array);
843
-
844
- // get old dirs that still exist in the bps_mscan_dirs db option. ie a dir has been deleted.
845
  $mscan_diff_key_options = array_diff_key($mscan_dirs_options_inner_array, $dir_flip);
846
 
847
  if ( ! empty($mscan_diff_key_options) ) {
@@ -850,13 +991,11 @@ function bpsPro_save_mscan_options() {
850
  unset($mscan_dirs_options_inner_array[$key]);
851
  }
852
 
853
- // merge any new dirs found
854
  $mscan_array_merge = array_merge( $mscan_diff_key_dir, $mscan_dirs_options_inner_array );
855
  ksort($mscan_array_merge);
856
 
857
  } else {
858
 
859
- // merge any new dirs found
860
  $mscan_array_merge = array_merge( $mscan_diff_key_dir, $mscan_dirs_options_inner_array );
861
  ksort($mscan_array_merge);
862
  }
@@ -869,7 +1008,7 @@ function bpsPro_save_mscan_options() {
869
  'mscan_scan_images' => 'Off',
870
  'mscan_scan_skipped_files' => $MScan_options['mscan_scan_skipped_files'],
871
  'mscan_scan_delete_tmp_files' => $MScan_options['mscan_scan_delete_tmp_files'],
872
- 'mscan_scan_frequency' => 'Off',
873
  'mscan_exclude_dirs' => $MScan_options['mscan_exclude_dirs'],
874
  'mscan_exclude_tmp_files' => $MScan_options['mscan_exclude_tmp_files'],
875
  'mscan_file_size_limit_hidden' => '14'
@@ -886,7 +1025,6 @@ bpsPro_save_mscan_options();
886
  $scrolltoExcludeDirs = isset($_REQUEST['scrolltoExcludeDirs']) ? (int) $_REQUEST['scrolltoExcludeDirs'] : 0;
887
  $scrolltoExcludeTmpFiles = isset($_REQUEST['scrolltoExcludeTmpFiles']) ? (int) $_REQUEST['scrolltoExcludeTmpFiles'] : 0;
888
 
889
- // Form: MScan Options Form
890
  echo '<form name="MscanOptions" action="'.admin_url( 'admin.php?page=bulletproof-security/admin/mscan/mscan.php' ).'" method="post">';
891
  wp_nonce_field('bulletproof_security_mscan_options');
892
  $MScan_options = get_option('bulletproof_security_options_MScan');
@@ -976,35 +1114,35 @@ bpsPro_save_mscan_options();
976
 
977
  echo '</tbody>';
978
  echo '</table>';
979
- echo '</div>'; // jQuery div parent
980
  echo '</th>';
981
 
982
  echo '<td style="border:none">';
983
  echo '<div id="MScanOptions" style="margin:0px 0px 0px 0px;float:left;">';
984
 
985
- $max_file_size = ( isset( $_POST['mscan_max_file_size'] ) ) ? $_POST['mscan_max_file_size'] : '1000';
986
- $max_time_limit = ( isset( $_POST['mscan_max_time_limit'] ) ) ? $_POST['mscan_max_time_limit'] : '300';
987
 
988
  $mscan_exclude_dirs = ! isset($MScan_options['mscan_exclude_dirs']) ? '' : $MScan_options['mscan_exclude_dirs'];
989
  $mscan_scan_database = ! isset($MScan_options['mscan_scan_database']) ? '' : $MScan_options['mscan_scan_database'];
990
  $mscan_scan_skipped_files = ! isset($MScan_options['mscan_scan_skipped_files']) ? '' : $MScan_options['mscan_scan_skipped_files'];
991
  $mscan_scan_delete_tmp_files = ! isset($MScan_options['mscan_scan_delete_tmp_files']) ? '' : $MScan_options['mscan_scan_delete_tmp_files'];
992
  $mscan_exclude_tmp_files = ! isset($MScan_options['mscan_exclude_tmp_files']) ? '' : $MScan_options['mscan_exclude_tmp_files'];
993
- $mscan_scan_frequency = ! isset($MScan_options['mscan_scan_frequency']) ? 'Off' : $MScan_options['mscan_scan_frequency'];
994
  $mscan_file_size_limit_hidden = ! isset($MScan_options['mscan_file_size_limit_hidden']) ? '14' : $MScan_options['mscan_file_size_limit_hidden'];
995
 
996
  echo '<label for="bps-mscan-label" style="padding-right:5px">'.__('Max File Size Limit to Scan:', 'bulletproof-security').'</label>';
997
- echo '<input type="text" name="mscan_max_file_size" class="regular-text-50-fixed" style="margin-bottom:5px" value="'; if ( isset( $_POST['mscan_max_file_size'] ) && preg_match( '/\d/', $_POST['mscan_max_file_size'] ) ) { echo esc_html($max_file_size); } else { echo esc_html(trim(stripslashes($max_file_size))); } echo '" /> KB';
998
  echo '<input type="hidden" name="mscan_file_size_limit_hidden" value="14" />';
999
  echo '<br>';
1000
 
1001
  echo '<label for="bps-mscan-label" style="padding-right:23px">'.__('Max Time Limit to Scan:', 'bulletproof-security').'</label>';
1002
- echo '<input type="text" name="mscan_max_time_limit" class="regular-text-50-fixed" style="margin-bottom:5px" value="'; if ( isset( $_POST['mscan_max_time_limit'] ) && preg_match( '/\d/', $_POST['mscan_max_time_limit'] ) ) { echo esc_html($max_time_limit); } else { echo esc_html(trim(stripslashes($max_time_limit))); } echo '" /> Seconds';
1003
  echo '<br>';
1004
 
1005
  echo '<label for="bps-mscan-label" style="">'.__('Exclude Individual Folders', 'bulletproof-security').'</label><strong><font color="black"><span class="tooltip-350-120"><img src="'.plugins_url('/bulletproof-security/admin/images/question-mark.png').'" style="position:relative;top:3px;left:10px;" /><span>'.__('Enter one folder path per line. Include folder slashes.', 'bulletproof-security').'<br>'.__('Example:', 'bulletproof-security').'<br>/parent-folder-1/child-folder-1/<br>/parent-folder-2/child-folder-2/<br><br>'.__('Click the MScan Question Mark help button for more help info.', 'bulletproof-security').'</span></span></font></strong><br>';
1006
  // trimming whitespace does not work because I am not trimming newlines or returns
1007
- echo '<textarea class="text-area-340x60" name="mscan_exclude_dirs" style="width:340px;height:60px;margin-bottom:5px" tabindex="1">'.esc_html( trim(stripslashes($mscan_exclude_dirs), " \t\0\x0B") ).'</textarea>';
1008
  echo '<input type="hidden" name="scrolltoExcludeDirs" id="scrolltoExcludeDirs" value="'.esc_html( $scrolltoExcludeDirs ).'" />';
1009
  echo '<br>';
1010
 
@@ -1028,7 +1166,7 @@ bpsPro_save_mscan_options();
1028
 
1029
  echo '<label for="bps-mscan-label" style="">'.__('Exclude /tmp Files', 'bulletproof-security').'</label><strong><font color="black"><span class="tooltip-350-120"><img src="'.plugins_url('/bulletproof-security/admin/images/question-mark.png').'" style="position:relative;top:3px;left:10px;" /><span>'.__('Enter one file name per line.', 'bulletproof-security').'<br>'.__('Example:', 'bulletproof-security').'<br>mysql.sock<br>.s.PGSQL.5432<br>.per-user<br>'.__('Click the MScan Question Mark help button for more help info.', 'bulletproof-security').'</span></span></font></strong><br>';
1030
  // trimming whitespace does not work because I am not trimming newlines or returns
1031
- echo '<textarea class="text-area-340x60" name="mscan_exclude_tmp_files" style="width:340px;height:60px;margin-bottom:5px" tabindex="1">'.esc_html( trim(stripslashes($mscan_exclude_tmp_files), " \t\0\x0B") ).'</textarea>';
1032
  echo '<input type="hidden" name="scrolltoExcludeTmpFiles" id="scrolltoExcludeTmpFiles" value="'.esc_html( $scrolltoExcludeTmpFiles ).'" />';
1033
  echo '<br>';
1034
 
@@ -1049,13 +1187,6 @@ bpsPro_save_mscan_options();
1049
  echo '<td style="border:none">';
1050
  echo '<div id="MScanOptions" style="margin:19px 0px 0px 0px;float:left;">';
1051
 
1052
- /*
1053
- echo '<form name="MScanTimeEstimate" action="'.admin_url( 'admin.php?page=bulletproof-security/admin/mscan/mscan.php' ).'" method="post">';
1054
- wp_nonce_field('bulletproof_security_mscan_time_estimate');
1055
- echo "<input type=\"submit\" id=\"bps-mscan-time-estimate-button\" name=\"Submit-MScan-Time-Estimate\" value=\"".esc_attr__('Scan Time Estimate Tool', 'bulletproof-security')."\" class=\"button bps-button\" style=\"width:175px;height:auto;white-space:normal\" onclick=\"return confirm('".__('IMPORTANT: You can stop the scan time estimate if it hangs or is taking too long by clicking the Stop Scan button.\n\n-------------------------------------------------------------\n\nThis tool allows you to check the estimated total scan time of a scan based on your MScan option settings without actually performing/running a scan. Note: This tool does not affect or change any previous scan results except for the Total Scan Time, which will be changed to the estimated scan time.\n\n-------------------------------------------------------------\n\nExample Usage: You can check or uncheck Hosting Account Root Folders checkboxes and change any other MScan option settings, save your MScan option settings and then run the Scan Time Estimate Tool to get the total estimated time that the actual scan will take. For additional help information click the MScan Question Mark help button.\n\n-------------------------------------------------------------\n\nClick OK to get a scan time estimate or click Cancel', 'bulletproof-security')."')\" />";
1056
- echo '</form><br>';
1057
- */
1058
-
1059
  echo '<form name="MScanDeleteHashes" action="'.admin_url( 'admin.php?page=bulletproof-security/admin/mscan/mscan.php' ).'" method="post">';
1060
  wp_nonce_field('bulletproof_security_mscan_delete_hashes');
1061
  echo "<input type=\"submit\" name=\"Submit-MScan-Delete-Hashes\" value=\"".esc_attr__('Delete File Hashes Tool', 'bulletproof-security')."\" class=\"button bps-button\" style=\"width:175px;height:auto;white-space:normal\" onclick=\"return confirm('".__('CAUTION: Please click the MScan Question Mark help button before using this tool. This tool allows you to delete the Plugin and Theme file hashes.\n\n-------------------------------------------------------------\n\nThis tool should ONLY be used if there is a problem when scanning Plugin and Theme files.\n\n-------------------------------------------------------------\n\nClick OK to delete Plugin and Theme file hashes or click Cancel', 'bulletproof-security')."')\" />";
@@ -1090,8 +1221,6 @@ bpsPro_save_mscan_options();
1090
  echo '</tbody>';
1091
  echo '</table>';
1092
 
1093
- // Plugin Zip file upload Form
1094
- // Note: ModSecurity randomly breaks file uploads: https://forum.ait-pro.com/forums/topic/file-upload-does-not-work-no-errors-modsecurity/
1095
  function bpsPro_mscan_plugin_zip_upload() {
1096
  global $bps_topDiv, $bps_bottomDiv;
1097
 
@@ -1127,11 +1256,11 @@ global $bps_topDiv, $bps_bottomDiv;
1127
  $plugin_name_version_array = array();
1128
 
1129
  foreach ( $_FILES['bps_plugin_zip_upload']['name'] as $key => $value ) {
1130
- // Plugin File Name: plugin-name.1.0.zip
1131
- $plugin_name = strstr($value, '.', true); // plugin-name
1132
- $plugin_version = strstr($value, '.'); // .1.0.zip
1133
- $plugin_version_nodot = substr($plugin_version, 1); // 1.0.zip
1134
- $plugin_version_replace = str_replace( ".zip", "", $plugin_version_nodot ); // 1.0
1135
  $plugin_name_version_array[$plugin_name] = $plugin_version_replace;
1136
  }
1137
 
@@ -1204,8 +1333,6 @@ global $bps_topDiv, $bps_bottomDiv;
1204
  }
1205
  }
1206
 
1207
- // Theme Zip file upload Form
1208
- // Note: ModSecurity randomly breaks file uploads: https://forum.ait-pro.com/forums/topic/file-upload-does-not-work-no-errors-modsecurity/
1209
  function bpsPro_mscan_theme_zip_upload() {
1210
  global $bps_topDiv, $bps_bottomDiv;
1211
 
@@ -1241,11 +1368,11 @@ global $bps_topDiv, $bps_bottomDiv;
1241
  $theme_name_version_array = array();
1242
 
1243
  foreach ( $_FILES['bps_theme_zip_upload']['name'] as $key => $value ) {
1244
- // Theme File Name: theme-name.1.0.zip
1245
- $theme_name = strstr($value, '.', true); // theme-name
1246
- $theme_version = strstr($value, '.'); // .1.0.zip
1247
- $theme_version_nodot = substr($theme_version, 1); // 1.0.zip
1248
- $theme_version_replace = str_replace( ".zip", "", $theme_version_nodot ); // 1.0
1249
  $theme_name_version_array[$theme_name] = $theme_version_replace;
1250
  }
1251
 
@@ -1355,56 +1482,54 @@ if ( isset( $_GET['mscan_view_file'] ) && 'view_file' == $_GET['mscan_view_file'
1355
 
1356
  ?>
1357
 
1358
- <style>
1359
- <!--
1360
- .ui-accordion.bps-accordion .ui-accordion-content {overflow:hidden;}
1361
- -->
1362
- </style>
1363
-
1364
- <script type="text/javascript">
1365
- /* <![CDATA[ */
1366
- jQuery(document).ready(function($){
1367
- $( "#bps-accordion-1" ).accordion({
1368
- collapsible: true,
1369
- active: 1,
1370
- autoHeight: true,
1371
- clearStyle: true,
1372
- heightStyle: "content"
1373
- });
1374
- });
1375
- /* ]]> */
1376
- </script>
1377
 
1378
  <?php
1379
  }
1380
  }
1381
 
1382
- // MScan Suspicious Files Form Proccessing - View, Ignore, Unignore or Delete Files
1383
- // Note: This form processing code must be above the form so that the View File output is displayed above the Suspicious Files form.
1384
  if ( isset( $_POST['Submit-MScan-Suspect-Form'] ) && current_user_can('manage_options') ) {
1385
  check_admin_referer('bulletproof_security_mscan_suspicious_files');
1386
 
1387
  ?>
1388
 
1389
- <style>
1390
- <!--
1391
- .ui-accordion.bps-accordion .ui-accordion-content {overflow:hidden;}
1392
- -->
1393
- </style>
1394
-
1395
  <script type="text/javascript">
1396
- /* <![CDATA[ */
1397
- jQuery(document).ready(function($){
1398
- $( "#bps-accordion-1" ).accordion({
1399
- collapsible: true,
1400
- active: 1,
1401
- autoHeight: true,
1402
- clearStyle: true,
1403
- heightStyle: "content"
1404
- });
1405
- });
1406
- /* ]]> */
1407
- </script>
1408
 
1409
  <?php
1410
 
@@ -1526,9 +1651,19 @@ if ( isset( $_POST['Submit-MScan-Suspect-Form'] ) && current_user_can('manage_op
1526
 
1527
  } else {
1528
 
1529
- $text = '<div style="margin:0px 0px 5px 0px;font-size:1.13em;font-weight:600"><span style="width:100px;margin:0px;padding:0px 6px 0px 6px;background-color:#e8e8e8;border:1px solid gray;"><a href="'.admin_url( "admin.php?page=bulletproof-security/admin/mscan/mscan.php&mscan_view_file=view_file&_wpnonce=$nonce" ).'" style="text-decoration:none;">'.__('Close File', 'bulletproof-security').'</a></span> '.$filename.' : '.__('MScan Pattern Match', 'bulletproof-security').': <span style="background-color:yellow;">'.esc_html($row->mscan_pattern).'</span><br>'.__('You can use your Browser\'s Search or Find feature to search the file contents/code displayed below using the MScan Pattern Match above for the suspicious code that was detected by MScan.', 'bulletproof-security').'<br>'.__('You can download suspicious files if you would like to check the file contents/code more extensively with a code editor like Notepad++.', 'bulletproof-security').'<br>'.__('If you are not sure what to check for or what is and is not malicious code then click the MScan Question Mark help button.', 'bulletproof-security').'</div>';
 
 
 
 
 
 
 
 
 
 
 
1530
 
1531
- echo $text;
1532
  echo '<pre style="max-width:70%;height:200px;white-space:pre-wrap;white-space:-moz-pre-wrap;white-space:-pre-wrap;white-space:-o-pre-wrap;word-wrap:break-word;">';
1533
  echo esc_html($file_contents);
1534
  echo '</pre>';
@@ -1634,7 +1769,7 @@ if ( isset( $_POST['Submit-MScan-Suspect-Form'] ) && current_user_can('manage_op
1634
  echo '</table>';
1635
  echo '</div>';
1636
 
1637
- echo "<input type=\"submit\" name=\"Submit-MScan-Suspect-Form\" value=\"".__('Submit', 'bulletproof-security')."\" class=\"button bps-button\" onclick=\"return confirm('".__('View File Option: Selecting the View File Checkbox Form option will display the contents of the file that you have selected to view.\n\n-------------------------------------------------------------\n\nIgnore File Option: Selecting the Ignore File Checkbox Form option will change the Current Status of a file to Ignored File and MScan will ignore that file in any future scans.\n\n-------------------------------------------------------------\n\nUnignore File Option: Selecting the Unignore File Checkbox Form option will remove the Ignored File Current Status of a file and MScan will scan that file in any future scans. Note: The previous Status of the file will be displayed again.\n\n-------------------------------------------------------------\n\nDelete File Option: Selecting the Delete File Checkbox Form option will delete the file and delete the database entry for that file.\n\n-------------------------------------------------------------\n\nClick OK to proceed or click Cancel', 'bulletproof-security')."')\" />";
1638
  echo "<input type=\"button\" name=\"cancel\" value=\"".__('Clear|Refresh', 'bulletproof-security')."\" class=\"button bps-button\" style=\"margin-left:20px\" onclick=\"javascript:history.go(0)\" />";
1639
  echo '</form>';
1640
 
@@ -1692,56 +1827,54 @@ if ( isset( $_GET['mscan_view_db'] ) && 'view_db_entry' == $_GET['mscan_view_db'
1692
 
1693
  ?>
1694
 
1695
- <style>
1696
- <!--
1697
- .ui-accordion.bps-accordion .ui-accordion-content {overflow:hidden;}
1698
- -->
1699
- </style>
1700
-
1701
- <script type="text/javascript">
1702
- /* <![CDATA[ */
1703
- jQuery(document).ready(function($){
1704
- $( "#bps-accordion-1" ).accordion({
1705
- collapsible: true,
1706
- active: 2,
1707
- autoHeight: true,
1708
- clearStyle: true,
1709
- heightStyle: "content"
1710
- });
1711
- });
1712
- /* ]]> */
1713
- </script>
1714
 
1715
  <?php
1716
  }
1717
  }
1718
 
1719
- // MScan Suspicious DB Entries Form Proccessing - View, Ignore or Unignore DB Entries
1720
- // Note: This form processing code must be above the form so that the View DB Entry output is displayed above the Suspicious DB Entries form.
1721
  if ( isset( $_POST['Submit-MScan-Suspect-DB-Form'] ) && current_user_can('manage_options') ) {
1722
  check_admin_referer('bulletproof_security_mscan_suspicious_db_entries');
1723
 
1724
  ?>
1725
 
1726
- <style>
1727
- <!--
1728
- .ui-accordion.bps-accordion .ui-accordion-content {overflow:hidden;}
1729
- -->
1730
- </style>
1731
-
1732
  <script type="text/javascript">
1733
- /* <![CDATA[ */
1734
- jQuery(document).ready(function($){
1735
- $( "#bps-accordion-1" ).accordion({
1736
- collapsible: true,
1737
- active: 2,
1738
- autoHeight: true,
1739
- clearStyle: true,
1740
- heightStyle: "content"
1741
- });
1742
- });
1743
- /* ]]> */
1744
- </script>
1745
 
1746
  <?php
1747
 
@@ -1908,7 +2041,7 @@ if ( isset( $_POST['Submit-MScan-Suspect-DB-Form'] ) && current_user_can('manage
1908
  echo '</table>';
1909
  echo '</div>';
1910
 
1911
- echo "<input type=\"submit\" name=\"Submit-MScan-Suspect-DB-Form\" value=\"".__('Submit', 'bulletproof-security')."\" class=\"button bps-button\" onclick=\"return confirm('".__('View DB Entry Option: Selecting the View DB Entry Checkbox Form option will display the contents of the DB Table, Column and Row ID that you have selected to view.\n\n-------------------------------------------------------------\n\nIgnore DB Entry Option: Selecting the Ignore DB Entry Checkbox Form option will change the Current Status of a DB Entry to Ignored DB Entry and MScan will ignore that DB Entry in any future scans.\n\n-------------------------------------------------------------\n\nUnignore DB Entry Option: Selecting the Unignore DB Entry Checkbox Form option will remove the Ignored DB Entry Current Status of a DB Entry and MScan will scan that DB Entry in any future scans. Note: The previous Status of the DB Entry will be displayed again.\n\n-------------------------------------------------------------\n\nClick OK to proceed or click Cancel', 'bulletproof-security')."')\" />";
1912
  echo "<input type=\"button\" name=\"cancel\" value=\"".__('Clear|Refresh', 'bulletproof-security')."\" class=\"button bps-button\" style=\"margin-left:20px\" onclick=\"javascript:history.go(0)\" />";
1913
  echo '</form>';
1914
 
@@ -1960,8 +2093,7 @@ jQuery(document).ready(function($){
1960
  <tr>
1961
  <td class="bps-table_cell_help">
1962
 
1963
- <h3 style="margin:0px 0px 10px 0px;"><?php _e('MScan Log', 'bulletproof-security'); ?> <button id="bps-open-modal2" class="button bps-modal-button">
1964
- <img src="<?php echo plugins_url('/bulletproof-security/admin/images/question-mark-large.jpg'); ?>" style="margin:0px 0px 0px -10px" /></button></h3>
1965
 
1966
  <div id="bps-modal-content2" class="bps-dialog-hide" title="<?php _e('MScan Log', 'bulletproof-security'); ?>">
1967
  <p>
@@ -1980,22 +2112,23 @@ jQuery(document).ready(function($){
1980
 
1981
  <?php
1982
 
1983
- // Get the Current / Last Modifed Date of the MScan Log File
1984
  function bpsPro_MScan_Log_LastMod() {
1985
- $filename = WP_CONTENT_DIR . '/bps-backup/logs/mscan_log.txt';
1986
- $gmt_offset = get_option( 'gmt_offset' ) * 3600;
1987
-
1988
- if ( file_exists($filename) ) {
1989
- $last_modified = date("F d Y H:i:s", filemtime($filename) + $gmt_offset);
1990
- return $last_modified;
 
 
1991
  }
1992
  }
1993
 
1994
- // String comparison of MScan Last Modified Time and Actual File Last Modified Time
1995
  function bpsPro_MScan_ModTimeDiff() {
1996
- $options = get_option('bulletproof_security_options_MScan_log');
1997
- $last_modified_time = bpsPro_MScan_Log_LastMod();
1998
- $last_modified_time_db = ! isset($options['bps_mscan_log_date_mod']) ? '' : $options['bps_mscan_log_date_mod'];
 
1999
 
2000
  if ( isset($options['bps_mscan_log_date_mod']) && $options['bps_mscan_log_date_mod'] == '' ) {
2001
  $text = '<font color="#fb0101" style="padding-right:5px;"><strong>'.__('Click the Reset Last Modified Time in DB button', 'bulletproof-security').'<br>'.__('to set the', 'bulletproof-security').'</strong></font>';
@@ -2013,20 +2146,22 @@ $last_modified_time_db = ! isset($options['bps_mscan_log_date_mod']) ? '' : $opt
2013
  }
2014
  }
2015
 
2016
- // Get File Size of the MScan Log File
2017
  function bpsPro_MScan_LogSize() {
2018
- $filename = WP_CONTENT_DIR . '/bps-backup/logs/mscan_log.txt';
2019
-
2020
- if ( file_exists($filename) ) {
2021
- $logSize = filesize($filename);
2022
 
2023
- if ( $logSize < 2097152 ) {
2024
- $text = '<span style="font-size:13px;"><strong>'. __('MScan Log File Size: ', 'bulletproof-security').'<font color="#2271b1">'. round($logSize / 1024, 2) .' KB</font></strong></span><br><br>';
2025
- echo $text;
2026
- } else {
2027
- $text = '<span style="font-size:13px;"><strong>'. __('MScan Log File Size: ', 'bulletproof-security').'<font color="#fb0101">'. round($logSize / 1024, 2) .' KB<br>'.__('The S-Monitor Email Logging options will only send log files up to 2MB in size.', 'bulletproof-security').'</font></strong><br>'.__('Copy and paste the MScan Log file contents into a Notepad text file on your computer and save it.', 'bulletproof-security').'<br>'.__('Then click the Delete Log button to delete the contents of this Log file.', 'bulletproof-security').'</span><br><br>';
2028
- echo $text;
2029
- }
 
 
 
 
 
 
 
2030
  }
2031
  }
2032
  bpsPro_MScan_LogSize();
@@ -2038,7 +2173,7 @@ bpsPro_MScan_LogSize();
2038
  $bps_mscan_log_date_mod = ! isset($MScanLogoptions['bps_mscan_log_date_mod']) ? '' : $MScanLogoptions['bps_mscan_log_date_mod'];
2039
  ?>
2040
  <label for="QLog"><strong><?php _e('MScan Log Last Modified Time:', 'bulletproof-security'); ?></strong></label><br />
2041
- <label for="QLog"><strong><?php echo bpsPro_MScan_ModTimeDiff(); ?></strong><?php echo $bps_mscan_log_date_mod; ?></label><br />
2042
  <label for="QLog" style="vertical-align:top;"><strong><?php _e('Last Modified Time in File:', 'bulletproof-security'); ?></strong></label>
2043
  <input type="text" name="bulletproof_security_options_MScan_log[bps_mscan_log_date_mod]" style="color:#2271b1;font-size:13px;width:200px;margin-top:-6px;padding-left:4px;font-weight:600;border:none;background:none;outline:none;-webkit-box-shadow:none;box-shadow:none;-webkit-transition:none;transition:none;" value="<?php echo bpsPro_MScan_Log_LastMod(); ?>" /><br />
2044
  <input type="submit" name="Submit-MScan-Mod" class="button bps-button" style="margin:10px 0px 0px 0px;" value="<?php esc_attr_e('Reset Last Modified Time in DB', 'bulletproof-security') ?>" />
@@ -2048,20 +2183,6 @@ bpsPro_MScan_LogSize();
2048
  if ( isset( $_POST['Submit-Delete-MScan-Log'] ) && current_user_can('manage_options') ) {
2049
  check_admin_referer( 'bulletproof_security_delete_mscan_log' );
2050
 
2051
- ?>
2052
- <script type="text/javascript">
2053
- /* <![CDATA[ */
2054
- // Note: Active Tab numbering is literal from left to right.
2055
- jQuery(document).ready(function($){
2056
- $( "#bps-tabs" ).tabs({
2057
- active: 1
2058
- });
2059
- });
2060
- /* ]]> */
2061
- </script>
2062
-
2063
- <?php
2064
-
2065
  $options = get_option('bulletproof_security_options_MScan_log');
2066
  $last_modified_time_db = $options['bps_mscan_log_date_mod'];
2067
  $time = strtotime($last_modified_time_db);
@@ -2088,7 +2209,6 @@ if ( isset( $_POST['Submit-Delete-MScan-Log'] ) && current_user_can('manage_opti
2088
  <div id="messageinner" class="updatedinner">
2089
  <?php
2090
 
2091
- // Get MScan log file contents
2092
  function bpsPro_MScan_get_contents() {
2093
 
2094
  if ( current_user_can('manage_options') ) {
@@ -2097,7 +2217,8 @@ function bpsPro_MScan_get_contents() {
2097
 
2098
  if ( file_exists($mscan_log) ) {
2099
  $mscan_log = file_get_contents($mscan_log);
2100
- return htmlspecialchars($mscan_log);
 
2101
 
2102
  } else {
2103
 
@@ -2106,30 +2227,35 @@ function bpsPro_MScan_get_contents() {
2106
  }
2107
  }
2108
 
2109
- // Form: MScan Log editor
2110
  if ( current_user_can('manage_options') ) {
 
2111
  $mscan_log = WP_CONTENT_DIR . '/bps-backup/logs/mscan_log.txt';
2112
  $write_test = "";
2113
 
2114
  if ( is_writable($mscan_log) ) {
2115
- if ( ! $handle = fopen($mscan_log, 'a+b' ) ) {
2116
- exit;
2117
- }
 
2118
 
2119
- if ( fwrite($handle, $write_test) === FALSE ) {
2120
- exit;
2121
- }
2122
-
2123
- $text = '<font color="green" style="font-size:12px;"><strong>'.__('File Open and Write test successful! Your MScan Log file is writable.', 'bulletproof-security').'</strong></font><br>';
2124
- echo $text;
2125
- }
 
2126
  }
 
2127
 
2128
- if ( isset( $_POST['Submit-MScan-Log'] ) && current_user_can('manage_options') ) {
2129
- check_admin_referer( 'bulletproof_security_save_mscan_log' );
2130
- $newcontent_mscan = stripslashes( $_POST['newcontent_mscan'] );
2131
 
 
 
2132
  if ( is_writable($mscan_log) ) {
 
2133
  $handle = fopen($mscan_log, 'w+b');
2134
  fwrite($handle, $newcontent_mscan);
2135
  $text = '<font color="green" style="font-size:12px;"><strong>'.__('Success! Your MScan Log file has been updated.', 'bulletproof-security').'</strong></font><br>';
@@ -2140,7 +2266,7 @@ if ( current_user_can('manage_options') ) {
2140
  echo $text;
2141
  echo $bps_bottomDiv;
2142
 
2143
- fclose($handle);
2144
 
2145
  $gmt_offset = get_option( 'gmt_offset' ) * 3600;
2146
  $time_now = date("F d Y H:i:s", time() + $gmt_offset );
@@ -2226,7 +2352,6 @@ jQuery(document).ready(function($){
2226
 
2227
  <?php
2228
 
2229
- // MScan Report: Displays the current Report & contains the MScan Save Report Form processing code.
2230
  function bpsPro_mscan_report() {
2231
  global $wpdb, $wp_version, $bps_topDiv, $bps_bottomDiv;
2232
 
@@ -2374,8 +2499,12 @@ global $wpdb, $wp_version, $bps_topDiv, $bps_bottomDiv;
2374
 
2375
  if ( file_exists($wp_hashes_file) ) {
2376
  $check_string = file_get_contents($wp_hashes_file);
2377
- $wp_core_hash_file_version = preg_match( '/WordPress\s(\d\.){1,}\d\sHashes/', $check_string, $matches );
2378
- $wp_core_hash_file_version_replace = preg_replace( array( '/WordPress\s/', '/\sHashes/' ), "", $matches[0] );
 
 
 
 
2379
 
2380
  $mscan_report_core_hash_version_comparison = '<div class="mscan-report-row"><strong>'.__('WP Core Hash File Version: ', 'bulletproof-security'). '</strong>' .$wp_core_hash_file_version_replace.' | <strong>'.__('WP Installed Version: ', 'bulletproof-security').'</strong>' .$wp_version.'</div>';
2381
  echo $mscan_report_core_hash_version_comparison;
@@ -2466,7 +2595,7 @@ global $wpdb, $wp_version, $bps_topDiv, $bps_bottomDiv;
2466
 
2467
  $hover_icon_theme_hash = '<strong><font color="black"><span class="tooltip-350-150"><img src="'.plugins_url('/bulletproof-security/admin/images/question-mark.png').'" style="position:relative;top:3px;left:10px;" /><span>'.__('File hashes do not exist for this theme. This theme\'s files were not scanned. If you would like to scan this themes\'s files then use the "Upload Theme Zip Files" Form to upload a zip file for this theme. Click the MScan Scan Question Mark help button on the MScan Scan tab page and read the "Upload Theme Zip Files" help section for more help info.', 'bulletproof-security').'</span></span></font></strong>';
2468
 
2469
- if ( is_array( $mscan_plugin_hash['bps_mscan_plugin_hash_version_check'] ) && ! is_null( $mscan_plugin_hash['bps_mscan_plugin_hash_version_check'] ) ) {
2470
 
2471
  foreach ( $mscan_plugin_hash['bps_mscan_plugin_hash_version_check'] as $key => $value ) {
2472
 
@@ -2522,7 +2651,7 @@ global $wpdb, $wp_version, $bps_topDiv, $bps_bottomDiv;
2522
  }
2523
  }
2524
 
2525
- if ( is_array( $mscan_theme_hash['bps_mscan_theme_hash_version_check'] ) && ! is_null( $mscan_theme_hash['bps_mscan_theme_hash_version_check'] ) ) {
2526
 
2527
  foreach ( $mscan_theme_hash['bps_mscan_theme_hash_version_check'] as $key => $value ) {
2528
 
@@ -2705,7 +2834,6 @@ global $wpdb, $wp_version, $bps_topDiv, $bps_bottomDiv;
2705
  echo '</div>';
2706
  }
2707
 
2708
- // MScan Save Report Form processing
2709
  if ( isset( $_POST['Submit-MScan-Save-Report'] ) && current_user_can('manage_options') ) {
2710
  check_admin_referer('bulletproof_security_mscan_save_report');
2711
 
@@ -2927,7 +3055,6 @@ bpsPro_mscan_report();
2927
 
2928
  <?php
2929
 
2930
- // MScan Saved Reports Form: View or Delete Report
2931
  if ( ! get_option('bulletproof_security_options_mscan_report') ) {
2932
 
2933
  echo '<h2>'.__('No Saved MScan Reports To Display: No MScan Reports have been saved yet.', 'bulletproof-security').'</h2>';
@@ -3050,12 +3177,11 @@ bpsPro_mscan_report();
3050
  echo '</tbody>';
3051
  echo '</table>';
3052
  echo '</div>';
3053
-
3054
- echo "<input type=\"submit\" name=\"Submit-MScan-View-Delete\" value=\"".__('View|Delete Reports', 'bulletproof-security')."\" class=\"button bps-button\" style=\"margin:0px 0px 0px 0px\" onclick=\"return confirm('".__('Click OK to proceed or click Cancel', 'bulletproof-security')."')\" /></p></form>";
3055
 
3056
  }
3057
 
3058
- // MScan Saved Reports Form Proccessing - View or Delete Scan Reports
3059
  if ( isset( $_POST['Submit-MScan-View-Delete'] ) && current_user_can('manage_options') ) {
3060
  check_admin_referer('bulletproof_security_mscan_saved_reports');
3061
 
@@ -3376,7 +3502,6 @@ if ( isset( $_POST['Submit-MScan-View-Delete'] ) && current_user_can('manage_opt
3376
  $mscan_report_plugin_hash_title = '<div class="mscan-report-row-title" style="padding-top:8px">'.__('Plugin File Hashes: ', 'bulletproof-security').'</div>';
3377
  echo $mscan_report_plugin_hash_title;
3378
 
3379
- // Plugins Hashes:
3380
  foreach ( $report_options[$bps_mscan_report_data_view][6][8][0]['Plugin File Hashes:'] as $key => $value ) {
3381
  echo $value;
3382
  }
@@ -3384,7 +3509,6 @@ if ( isset( $_POST['Submit-MScan-View-Delete'] ) && current_user_can('manage_opt
3384
  $mscan_report_theme_hash_title = '<div class="mscan-report-row-title" style="padding-top:8px">'.__('Theme File Hashes: ', 'bulletproof-security').'</div>';
3385
  echo $mscan_report_theme_hash_title;
3386
 
3387
- // Theme Hashes:
3388
  foreach ( $report_options[$bps_mscan_report_data_view][6][8][0][0]['Theme File Hashes:'] as $key => $value ) {
3389
  echo $value;
3390
  }
@@ -3538,8 +3662,6 @@ jQuery(document).ready(function($){
3538
  </tr>
3539
  </table>
3540
  </div>
3541
-
3542
- <div id="AITpro-link">BulletProof Security Pro <?php echo BULLETPROOF_VERSION; ?> Plugin by <a href="https://forum.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
3543
- </div>
3544
  </div>
3545
  </div>
14
  <noscript><div id="message" class="updated" style="font-weight:600;font-size:13px;padding:5px;background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><span style="color:blue">BPS Warning: JavaScript is disabled in your Browser</span><br />BPS plugin pages will not display visually correct and all BPS JavaScript functionality will not work correctly.</div></noscript>
15
 
16
  <?php
17
+
 
 
 
18
  function bpsPro_mscan_pattern_match_file_check() {
19
 
20
  $mscan_db_pattern_match_options = get_option('bulletproof_security_options_mscan_patterns');
49
  function bpsPro_firefox_browser_check() {
50
 
51
  $user_agent = false;
52
+
53
  if ( array_key_exists('HTTP_USER_AGENT', $_SERVER) ) {
54
  $user_agent = $_SERVER['HTTP_USER_AGENT'];
55
  }
61
  }
62
  bpsPro_firefox_browser_check();
63
 
64
+ function bpsPro_mscan_debug_check() {
65
+
66
+ $query_monitor = 'query-monitor/query-monitor.php';
67
+ $query_monitor_active = in_array( $query_monitor, apply_filters('active_plugins', get_option('active_plugins')));
68
+
69
+ if ( $query_monitor_active == 1 || is_plugin_active_for_network( $query_monitor ) ) {
70
+ $text = '<div id="bps-inpage-message" style="background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:0px 5px;margin:-7px 0px 10px 0px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="#fb0101">'.__('The Query Monitor Plugin is Activated', 'bulletproof-security').'</font><br>'.__('Deactivate the Query Monitor plugin before running an MScan Scan.', 'bulletproof-security').'<br>'.__('If you run an MScan Scan while the Query Monitor plugin is activated then the scanning process will not work correctly.', 'bulletproof-security').'</div>';
71
+ echo $text;
72
+
73
+ }
74
+ }
75
+ bpsPro_mscan_debug_check();
76
+
77
  ?>
78
 
79
  <div id="message" class="updated" style="border:1px solid #999;background-color:#000;">
83
  $bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
84
  $bps_bottomDiv = '</p></div>';
85
 
86
+ // General all purpose "Settings Saved." message for forms - /includes/class.php
87
+ if ( current_user_can('manage_options') ) {
88
+ if ( isset( $_GET['settings-updated'] ) && $_GET['settings-updated'] == true ) {
89
+ $text = '<p style="font-size:1em;font-weight:bold;padding:2px 0px 2px 5px;margin:0px -11px 0px -11px;background-color:#dfecf2;-webkit-box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);"><font color="green"><strong>'.__('Settings Saved', 'bulletproof-security').'</strong></font></p>';
90
  echo $text;
91
  }
92
  }
103
  $wp_upload_dir = wp_upload_dir();
104
  $bps_uploads_dir = str_replace( ABSPATH, '', $wp_upload_dir['basedir'] );
105
 
 
106
  function bpsPro_get_real_ip_address_mscan() {
107
 
108
  if ( is_admin() && current_user_can('manage_options') ) {
160
  }
161
  }
162
 
 
 
163
  function bpsPro_Core_mscan_deny_all() {
164
 
165
  if ( is_admin() && current_user_can('manage_options') ) {
235
  <div id="bps-modal-content1" class="bps-dialog-hide" title="<?php _e('MScan', 'bulletproof-security'); ?>">
236
  <p>
237
  <?php
238
+ $text = '<strong>'.__('This Question Mark Help window is draggable (top) and resizable (bottom right corner)', 'bulletproof-security').'</strong><br><br>';
239
  echo $text;
240
 
241
  $bpsPro_text = '<strong><font color="blue">'.__('Want even more security protection for the ridiculously cheap one-time price of $69.95', 'bulletproof-security').'</font><br>'.__('BPS Pro comes with free unlimited installations, upgrades & support for life. No yearly subscriptions or additional costs.', 'bulletproof-security').'<br><br>'.__('BBS Pro has an amazing track record. BPS Pro is installed on 60,000+ websites. Not a single one of those websites has been hacked in 10+ years.', 'bulletproof-security').'<br><br><a href="https://affiliates.ait-pro.com/po/" target="_blank" title="Get BPS Pro">'.__('Get BPS Pro', 'bulletproof-security').'</a><br><a href="https://www.ait-pro.com/bps-features/" target="_blank" title="BPS Pro Features">'.__('BPS Pro Features', 'bulletproof-security').'</a></strong><br><br>';
268
  </script>
269
 
270
  <?php
271
+
272
+ function bpsPro_hash_maker_completed_reset() {
273
+ global $bps_topDiv, $bps_bottomDiv;
274
+
275
+ $MScan_status = get_option('bulletproof_security_options_MScan_status');
276
+
277
+ if ( isset($MScan_status['bps_mscan_status']) && $MScan_status['bps_mscan_status'] == '4' ) {
278
+
279
+ $bps_mscan_total_plugin_files = isset($MScan_status['bps_mscan_total_plugin_files']) ? $MScan_status['bps_mscan_total_plugin_files'] : '';
280
+ $bps_mscan_total_theme_files = isset($MScan_status['bps_mscan_total_theme_files']) ? $MScan_status['bps_mscan_total_theme_files'] : '';
281
+
282
+ $MScan_status_db = array(
283
+ 'bps_mscan_time_start' => $MScan_status['bps_mscan_time_start'],
284
+ 'bps_mscan_time_stop' => $MScan_status['bps_mscan_time_stop'],
285
+ 'bps_mscan_time_end' => time() + 10,
286
+ 'bps_mscan_time_remaining' => time() + 10,
287
+ 'bps_mscan_status' => '1',
288
+ 'bps_mscan_last_scan_timestamp' => $MScan_status['bps_mscan_last_scan_timestamp'],
289
+ 'bps_mscan_total_time' => $MScan_status['bps_mscan_total_time'],
290
+ 'bps_mscan_total_website_files' => '',
291
+ 'bps_mscan_total_wp_core_files' => $MScan_status['bps_mscan_total_wp_core_files'],
292
+ 'bps_mscan_total_non_image_files' => $MScan_status['bps_mscan_total_non_image_files'],
293
+ 'bps_mscan_total_image_files' => '',
294
+ 'bps_mscan_total_all_scannable_files' => $MScan_status['bps_mscan_total_all_scannable_files'],
295
+ 'bps_mscan_total_skipped_files' => $MScan_status['bps_mscan_total_skipped_files'],
296
+ 'bps_mscan_total_suspect_files' => $MScan_status['bps_mscan_total_suspect_files'],
297
+ 'bps_mscan_suspect_skipped_files' => $MScan_status['bps_mscan_suspect_skipped_files'],
298
+ 'bps_mscan_total_suspect_db' => $MScan_status['bps_mscan_total_suspect_db'],
299
+ 'bps_mscan_total_ignored_files' => $MScan_status['bps_mscan_total_ignored_files'],
300
+ 'bps_mscan_total_plugin_files' => $bps_mscan_total_plugin_files,
301
+ 'bps_mscan_total_theme_files' => $bps_mscan_total_theme_files
302
+ );
303
+
304
+ foreach( $MScan_status_db as $key => $value ) {
305
+ update_option('bulletproof_security_options_MScan_status', $MScan_status_db);
306
+ }
307
+ }
308
+
309
+ if ( isset($MScan_status['bps_mscan_status']) && $MScan_status['bps_mscan_status'] == '8' ) {
310
+
311
+ $MScan_status_db = array(
312
+ 'bps_mscan_time_start' => $MScan_status['bps_mscan_time_start'],
313
+ 'bps_mscan_time_stop' => $MScan_status['bps_mscan_time_stop'],
314
+ 'bps_mscan_time_end' => time() + 10,
315
+ 'bps_mscan_time_remaining' => time() + 10,
316
+ 'bps_mscan_status' => '1',
317
+ 'bps_mscan_last_scan_timestamp' => $MScan_status['bps_mscan_last_scan_timestamp'],
318
+ 'bps_mscan_total_time' => $MScan_status['bps_mscan_total_time'],
319
+ 'bps_mscan_total_website_files' => '',
320
+ 'bps_mscan_total_wp_core_files' => $MScan_status['bps_mscan_total_wp_core_files'],
321
+ 'bps_mscan_total_non_image_files' => $MScan_status['bps_mscan_total_non_image_files'],
322
+ 'bps_mscan_total_image_files' => '',
323
+ 'bps_mscan_total_all_scannable_files' => $MScan_status['bps_mscan_total_all_scannable_files'],
324
+ 'bps_mscan_total_skipped_files' => $MScan_status['bps_mscan_total_skipped_files'],
325
+ 'bps_mscan_total_suspect_files' => $MScan_status['bps_mscan_total_suspect_files'],
326
+ 'bps_mscan_suspect_skipped_files' => $MScan_status['bps_mscan_suspect_skipped_files'],
327
+ 'bps_mscan_total_suspect_db' => $MScan_status['bps_mscan_total_suspect_db'],
328
+ 'bps_mscan_total_ignored_files' => $MScan_status['bps_mscan_total_ignored_files'],
329
+ 'bps_mscan_total_plugin_files' => $MScan_status['bps_mscan_total_plugin_files'],
330
+ 'bps_mscan_total_theme_files' => $MScan_status['bps_mscan_total_theme_files']
331
+ );
332
+
333
+ foreach( $MScan_status_db as $key => $value ) {
334
+ update_option('bulletproof_security_options_MScan_status', $MScan_status_db);
335
+ }
336
+
337
+ $mscan_hash_status_options = get_option('bulletproof_security_options_mscan_hash_status');
338
+
339
+ $mscan_wp_core_hash_status = isset($mscan_hash_status_options['mscan_wp_core_hash_status']) ? $mscan_hash_status_options['mscan_wp_core_hash_status'] : '';
340
+ $mscan_wp_core_hash_count = isset($mscan_hash_status_options['mscan_wp_core_hash_count']) ? $mscan_hash_status_options['mscan_wp_core_hash_count'] : '';
341
+ $mscan_plugin_hash_status = isset($mscan_hash_status_options['mscan_plugin_hash_status']) ? $mscan_hash_status_options['mscan_plugin_hash_status'] : '';
342
+ $mscan_plugin_hash_count = isset($mscan_hash_status_options['mscan_plugin_hash_count']) ? $mscan_hash_status_options['mscan_plugin_hash_count'] : '';
343
+ $mscan_theme_hash_status = isset($mscan_hash_status_options['mscan_theme_hash_status']) ? $mscan_hash_status_options['mscan_theme_hash_status'] : '';
344
+ $mscan_theme_hash_count = isset($mscan_hash_status_options['mscan_theme_hash_count']) ? $mscan_hash_status_options['mscan_theme_hash_count'] : '';
345
+
346
+ if ( $mscan_wp_core_hash_status == '0' ) {
347
+ $wp_core_zip_error = __('WP Core Zip File Download Failed', 'bulletproof-security');
348
+ } else {
349
+ $wp_core_zip_error = '';
350
+ }
351
+
352
+ if ( $mscan_plugin_hash_status == '0' ) {
353
+ $plugin_zip_error = __('Plugin Zip File Download Failed', 'bulletproof-security');
354
+ } else {
355
+ $plugin_zip_error = '';
356
+ }
357
+
358
+ if ( $mscan_theme_hash_status == '0' ) {
359
+ $theme_zip_error = __('Theme Zip File Download Failed', 'bulletproof-security');
360
+ } else {
361
+ $theme_zip_error = '';
362
+ }
363
+
364
+ if ( $mscan_wp_core_hash_status == '0' || $mscan_plugin_hash_status == '0' || $mscan_theme_hash_status == '0' ) {
365
+
366
+ echo $bps_topDiv;
367
+ $text = '<strong><font color="#fb0101">'.__('Error: Zip file download errors occurred', 'bulletproof-security').'</font><br><font color="black">'.__('The problem could either be caused due to a connectivity issue when requesting zip files from wordpress.org or a folder permission or Ownership problem. Click the Start Scan button to try again. If the same problem occurs again create a new forum topic for help: https://forum.ait-pro.com/activity/', 'bulletproof-security').'<br>'.$wp_core_zip_error.'<br>'.$plugin_zip_error.'<br>'.$theme_zip_error.'</font></strong>';
368
+ echo $text;
369
+ echo $bps_bottomDiv;
370
+
371
+ }
372
+ }
373
+ }
374
+
375
+ bpsPro_hash_maker_completed_reset();
376
+
377
  if ( isset( $_POST['Submit-MScan-Reset'] ) && current_user_can('manage_options') ) {
378
  check_admin_referer('bulletproof_security_mscan_reset');
379
 
412
  'bps_mscan_time_stop' => '',
413
  'bps_mscan_time_end' => '',
414
  'bps_mscan_time_remaining' => '',
415
+ 'bps_mscan_status' => '1',
416
  'bps_mscan_last_scan_timestamp' => '',
417
  'bps_mscan_total_time' => '',
418
  'bps_mscan_total_website_files' => '',
433
  update_option('bulletproof_security_options_MScan_status', $MScan_status_db);
434
  }
435
 
436
+ $mscan_hash_status_options_db = array(
437
+ 'mscan_wp_core_hash_status' => '',
438
+ 'mscan_wp_core_hash_count' => '',
439
+ 'mscan_plugin_hash_status' => '',
440
+ 'mscan_plugin_hash_count' => '',
441
+ 'mscan_theme_hash_status' => '',
442
+ 'mscan_theme_hash_count' => ''
443
+ );
444
+
445
+ foreach( $mscan_hash_status_options_db as $key => $value ) {
446
+ update_option('bulletproof_security_options_mscan_hash_status', $mscan_hash_status_options_db);
447
+ }
448
+
449
  echo $bps_topDiv;
450
  $text = '<font color="green"><strong>'.__('MScan scan results and data has been deleted. Your MScan option settings have not been deleted.', 'bulletproof-security').'</strong></font>';
451
  echo $text;
452
  echo $bps_bottomDiv;
453
  }
454
 
 
 
455
  if ( isset( $_POST['Submit-MScan-Delete-Hashes'] ) && current_user_can('manage_options') ) {
456
  check_admin_referer('bulletproof_security_mscan_delete_hashes');
457
 
461
  delete_option('bulletproof_security_options_mscan_t_hash_new');
462
  delete_option('bulletproof_security_options_mscan_nodownload');
463
 
464
+ $mscan_hash_status_options_db = array(
465
+ 'mscan_wp_core_hash_status' => '',
466
+ 'mscan_wp_core_hash_count' => '',
467
+ 'mscan_plugin_hash_status' => '',
468
+ 'mscan_plugin_hash_count' => '',
469
+ 'mscan_theme_hash_status' => '',
470
+ 'mscan_theme_hash_count' => ''
471
+ );
472
+
473
+ foreach( $mscan_hash_status_options_db as $key => $value ) {
474
+ update_option('bulletproof_security_options_mscan_hash_status', $mscan_hash_status_options_db);
475
+ }
476
+
477
  echo $bps_topDiv;
478
  $text = '<font color="green"><strong>'.__('MScan Plugin and Theme file hashes have been deleted. New Plugin and Theme file hashes will be created the next time you run a scan. You should also click the MScan Reset button after using this tool. Your MScan option settings have not been deleted.', 'bulletproof-security').'</strong></font>';
479
  echo $text;
480
  echo $bps_bottomDiv;
481
  }
482
 
 
483
  if ( isset( $_POST['Submit-MScan-Stop'] ) && current_user_can('manage_options') ) {
484
  check_admin_referer( 'bulletproof_security_mscan_stop' );
485
 
520
  }
521
 
522
  echo $bps_topDiv;
523
+ $text = '<font color="green"><strong>'.__('MScan scanning has been stopped.', 'bulletproof-security').'</strong></font>'.$mscan_scan_skipped_files_message;
524
  echo $text;
525
  echo $bps_bottomDiv;
526
  }
544
 
545
  bpsPro_mscan_displayed_messages();
546
 
 
547
  if ( isset( $_POST['Submit-MScan-Time-Estimate'] ) && current_user_can('manage_options') ) {
548
  check_admin_referer('bulletproof_security_mscan_time_estimate');
549
 
576
  'bps_mscan_total_wp_core_files' => $bps_mscan_total_wp_core_files,
577
  'bps_mscan_total_non_image_files' => $bps_mscan_total_non_image_files,
578
  'bps_mscan_total_image_files' => '',
579
+ 'bps_mscan_total_all_scannable_files' => '',
580
  'bps_mscan_total_skipped_files' => $bps_mscan_total_skipped_files,
581
  'bps_mscan_total_suspect_files' => $bps_mscan_total_suspect_files,
582
  'bps_mscan_suspect_skipped_files' => $bps_mscan_suspect_skipped_files,
591
  }
592
  }
593
 
 
594
  if ( isset( $_POST['Submit-MScan-Start'] ) && current_user_can('manage_options') ) {
595
  check_admin_referer( 'bulletproof_security_mscan_start' );
596
 
613
  $bps_mscan_total_theme_files = ! isset($MScan_status['bps_mscan_total_theme_files']) ? '' : $MScan_status['bps_mscan_total_theme_files'];
614
 
615
  $MScan_status_db = array(
616
+ 'bps_mscan_time_start' => $bps_mscan_time_start,
617
  'bps_mscan_time_stop' => '',
618
+ 'bps_mscan_time_end' => time() + 30,
619
+ 'bps_mscan_time_remaining' => time() + 30,
620
+ 'bps_mscan_status' => '1',
621
  'bps_mscan_last_scan_timestamp' => $bps_mscan_last_scan_timestamp,
622
  'bps_mscan_total_time' => $bps_mscan_total_time,
623
  'bps_mscan_total_website_files' => '',
624
  'bps_mscan_total_wp_core_files' => $bps_mscan_total_wp_core_files,
625
  'bps_mscan_total_non_image_files' => $bps_mscan_total_non_image_files,
626
  'bps_mscan_total_image_files' => '',
627
+ 'bps_mscan_total_all_scannable_files' => '',
628
  'bps_mscan_total_skipped_files' => $bps_mscan_total_skipped_files,
629
  'bps_mscan_total_suspect_files' => $bps_mscan_total_suspect_files,
630
  'bps_mscan_suspect_skipped_files' => $bps_mscan_suspect_skipped_files,
638
  update_option('bulletproof_security_options_MScan_status', $MScan_status_db);
639
  }
640
 
641
+ $mscan_hash_status_options_db = array(
642
+ 'mscan_wp_core_hash_status' => '',
643
+ 'mscan_wp_core_hash_count' => '',
644
+ 'mscan_plugin_hash_status' => '',
645
+ 'mscan_plugin_hash_count' => '',
646
+ 'mscan_theme_hash_status' => '',
647
+ 'mscan_theme_hash_count' => ''
648
+ );
649
+
650
+ foreach( $mscan_hash_status_options_db as $key => $value ) {
651
+ update_option('bulletproof_security_options_mscan_hash_status', $mscan_hash_status_options_db);
652
+ }
653
+
654
  if ( ! get_option('bulletproof_security_options_mscan_theme_hash') || ! get_option('bulletproof_security_options_mscan_plugin_hash') ) {
655
  echo $bps_topDiv;
656
+ $text = '<strong><font color="blue">'.__('First Time Scan or the Delete File Hashes Tool was used', 'bulletproof-security').'</font><br><font color="green">'.__('You will only see this message the first time you run a scan or if you use the Delete Files Hashes Tool. The File Hash Maker runs whenever WP Core, Plugin or Theme zip files need to downloaded, extracted and deleted. No file scanning occurs while the File Hash Maker is running. Run a new file scan after the File Hash Maker has completed.', 'bulletproof-security').'</font></strong>';
657
  echo $text;
658
  echo $bps_bottomDiv;
659
  }
660
  }
661
 
 
 
662
  if ( isset( $_POST['Submit-MScan-Report'] ) && current_user_can('manage_options') ) {
663
  check_admin_referer( 'bulletproof_security_mscan_report' );
 
664
  }
665
  ?>
666
 
667
+ <div id="MscanStartStopResetTable" style="position:relative;top:5px;left:-2px;margin:0px;">
668
 
669
  <table width="400" border="0">
670
  <tr>
701
  <div id="mscan-accordion-inner">
702
 
703
  <?php
704
+
 
705
  if ( isset( $_POST['Submit-MScan-Options'] ) && current_user_can('manage_options') ) {
706
  check_admin_referer('bulletproof_security_mscan_options');
707
 
779
  $dir_array_merge = array_merge($dir_array, $home_dir_array);
780
  $dir_flip = array_flip($dir_array_merge);
781
 
 
 
 
782
  $mscan_actual_dirs = array();
783
 
784
  foreach ( $dir_flip as $key => $value ) {
785
  $mscan_actual_dirs[$key] = preg_replace( '/\d/', "", $value );
786
  }
787
 
 
788
  $mscan_diff_key_dir = array_diff_key( $mscan_actual_dirs, $mscan_dirs_checked );
 
 
789
  $mscan_array_merge = array_merge( $mscan_diff_key_dir, $mscan_dirs_checked );
790
  ksort($mscan_array_merge);
791
 
792
  break;
793
  }
794
 
795
+ $mscan_exclude_tmp_files = sanitize_textarea_field($_POST['mscan_exclude_tmp_files']) . "\n";
 
 
796
  $mscan_exclude_tmp_files = preg_replace("/(\n\n|\n\n\n|\n\n\n\n)/", "\n", $mscan_exclude_tmp_files);
797
 
798
+ if ( empty($_POST['mscan_max_file_size']) || preg_match( '|[\/\|\<\>\'\"\(\)]|', $_POST['mscan_max_file_size'] ) ) {
799
+ $mscan_max_file_size = sanitize_text_field('1000');
800
+ } else {
801
+ $mscan_max_file_size = sanitize_text_field($_POST['mscan_max_file_size']);
802
+ }
803
+
804
+ if ( empty($_POST['mscan_max_time_limit']) || preg_match( '|[\/\|\<\>\'\"\(\)]|', $_POST['mscan_max_time_limit'] ) ) {
805
+ $mscan_max_time_limit = sanitize_text_field('300');
806
+ } else {
807
+ $mscan_max_time_limit = sanitize_text_field($_POST['mscan_max_time_limit']);
808
+ }
809
+
810
+ $mscan_exclude_dirs = sanitize_textarea_field($_POST['mscan_exclude_dirs']);
811
+
812
  $MS_Options = array(
813
  'bps_mscan_dirs' => $mscan_array_merge,
814
+ 'mscan_max_file_size' => $mscan_max_file_size,
815
+ 'mscan_max_time_limit' => $mscan_max_time_limit,
816
  'mscan_scan_database' => $_POST['mscan_scan_database_select'],
817
  'mscan_scan_images' => 'Off',
818
  'mscan_scan_skipped_files' => $_POST['mscan_scan_skipped_files_select'],
819
  'mscan_scan_delete_tmp_files' => $_POST['mscan_scan_delete_tmp_files_select'],
820
+ 'mscan_scan_frequency' => $_POST['mscan_scan_frequency_select'],
821
+ 'mscan_exclude_dirs' => $mscan_exclude_dirs,
822
  'mscan_exclude_tmp_files' => $mscan_exclude_tmp_files,
823
  'mscan_file_size_limit_hidden' => '14'
824
  );
850
  echo $bps_bottomDiv;
851
  }
852
 
 
 
 
853
  function bpsPro_save_mscan_options() {
854
 
855
  $MScan_options = get_option('bulletproof_security_options_MScan');
910
  $dir_array_merge = array_merge($dir_array, $home_dir_array);
911
  $dir_flip = array_flip($dir_array_merge);
912
 
 
913
  $mscan_actual_dirs = array();
914
  $pattern = '/define\((\s|)\'WP_USE_THEMES/';
915
 
944
  }
945
  }
946
 
 
947
  if ( empty($MScan_options['bps_mscan_dirs']) ) {
948
 
949
+ $mscan_max_file_size = ! empty($MScan_options['mscan_max_file_size']) ? $MScan_options['mscan_max_file_size'] : '1000';
950
+ $mscan_max_time_limit = ! empty($MScan_options['mscan_max_time_limit']) ? $MScan_options['mscan_max_time_limit'] : '300';
951
+ $mscan_scan_database = ! empty($MScan_options['mscan_scan_database']) ? $MScan_options['mscan_scan_database'] : 'On';
952
+ $mscan_scan_skipped_files = ! empty($MScan_options['mscan_scan_skipped_files']) ? $MScan_options['mscan_scan_skipped_files'] : 'Off';
953
+ $mscan_scan_delete_tmp_files = ! empty($MScan_options['mscan_scan_delete_tmp_files']) ? $MScan_options['mscan_scan_delete_tmp_files'] : 'Off';
954
+ $mscan_scan_frequency = ! empty($MScan_options['mscan_scan_frequency']) ? $MScan_options['mscan_scan_frequency'] : 'Off';
955
  $mscan_exclude_dirs = isset($MScan_options['mscan_exclude_dirs']) ? $MScan_options['mscan_exclude_dirs'] : '';
956
  $mscan_exclude_tmp_files = isset($MScan_options['mscan_exclude_tmp_files']) ? $MScan_options['mscan_exclude_tmp_files'] : '';
957
+ $mscan_file_size_limit_hidden = isset($MScan_options['mscan_file_size_limit_hidden']) ? $MScan_options['mscan_file_size_limit_hidden'] : '14';
958
 
959
  $MS_Options = array(
960
  'bps_mscan_dirs' => $mscan_actual_dirs,
982
  $mscan_dirs_options_inner_array[$key] = $value;
983
  }
984
 
 
985
  $mscan_diff_key_dir = array_diff_key($mscan_actual_dirs, $mscan_dirs_options_inner_array);
 
 
986
  $mscan_diff_key_options = array_diff_key($mscan_dirs_options_inner_array, $dir_flip);
987
 
988
  if ( ! empty($mscan_diff_key_options) ) {
991
  unset($mscan_dirs_options_inner_array[$key]);
992
  }
993
 
 
994
  $mscan_array_merge = array_merge( $mscan_diff_key_dir, $mscan_dirs_options_inner_array );
995
  ksort($mscan_array_merge);
996
 
997
  } else {
998
 
 
999
  $mscan_array_merge = array_merge( $mscan_diff_key_dir, $mscan_dirs_options_inner_array );
1000
  ksort($mscan_array_merge);
1001
  }
1008
  'mscan_scan_images' => 'Off',
1009
  'mscan_scan_skipped_files' => $MScan_options['mscan_scan_skipped_files'],
1010
  'mscan_scan_delete_tmp_files' => $MScan_options['mscan_scan_delete_tmp_files'],
1011
+ 'mscan_scan_frequency' => $MScan_options['mscan_scan_frequency'],
1012
  'mscan_exclude_dirs' => $MScan_options['mscan_exclude_dirs'],
1013
  'mscan_exclude_tmp_files' => $MScan_options['mscan_exclude_tmp_files'],
1014
  'mscan_file_size_limit_hidden' => '14'
1025
  $scrolltoExcludeDirs = isset($_REQUEST['scrolltoExcludeDirs']) ? (int) $_REQUEST['scrolltoExcludeDirs'] : 0;
1026
  $scrolltoExcludeTmpFiles = isset($_REQUEST['scrolltoExcludeTmpFiles']) ? (int) $_REQUEST['scrolltoExcludeTmpFiles'] : 0;
1027
 
 
1028
  echo '<form name="MscanOptions" action="'.admin_url( 'admin.php?page=bulletproof-security/admin/mscan/mscan.php' ).'" method="post">';
1029
  wp_nonce_field('bulletproof_security_mscan_options');
1030
  $MScan_options = get_option('bulletproof_security_options_MScan');
1114
 
1115
  echo '</tbody>';
1116
  echo '</table>';
1117
+ echo '</div>';
1118
  echo '</th>';
1119
 
1120
  echo '<td style="border:none">';
1121
  echo '<div id="MScanOptions" style="margin:0px 0px 0px 0px;float:left;">';
1122
 
1123
+ $max_file_size = ! empty( $MScan_options['mscan_max_file_size'] ) ? $MScan_options['mscan_max_file_size'] : '1000';
1124
+ $max_time_limit = ! empty( $MScan_options['mscan_max_time_limit'] ) ? $MScan_options['mscan_max_time_limit'] : '300';
1125
 
1126
  $mscan_exclude_dirs = ! isset($MScan_options['mscan_exclude_dirs']) ? '' : $MScan_options['mscan_exclude_dirs'];
1127
  $mscan_scan_database = ! isset($MScan_options['mscan_scan_database']) ? '' : $MScan_options['mscan_scan_database'];
1128
  $mscan_scan_skipped_files = ! isset($MScan_options['mscan_scan_skipped_files']) ? '' : $MScan_options['mscan_scan_skipped_files'];
1129
  $mscan_scan_delete_tmp_files = ! isset($MScan_options['mscan_scan_delete_tmp_files']) ? '' : $MScan_options['mscan_scan_delete_tmp_files'];
1130
  $mscan_exclude_tmp_files = ! isset($MScan_options['mscan_exclude_tmp_files']) ? '' : $MScan_options['mscan_exclude_tmp_files'];
1131
+ $mscan_scan_frequency = ! isset($MScan_options['mscan_scan_frequency']) ? '' : $MScan_options['mscan_scan_frequency'];
1132
  $mscan_file_size_limit_hidden = ! isset($MScan_options['mscan_file_size_limit_hidden']) ? '14' : $MScan_options['mscan_file_size_limit_hidden'];
1133
 
1134
  echo '<label for="bps-mscan-label" style="padding-right:5px">'.__('Max File Size Limit to Scan:', 'bulletproof-security').'</label>';
1135
+ echo '<input type="text" name="mscan_max_file_size" class="regular-text-50-fixed" style="margin-bottom:5px" value="'.esc_html(trim(stripslashes($max_file_size))).'" /> KB';
1136
  echo '<input type="hidden" name="mscan_file_size_limit_hidden" value="14" />';
1137
  echo '<br>';
1138
 
1139
  echo '<label for="bps-mscan-label" style="padding-right:23px">'.__('Max Time Limit to Scan:', 'bulletproof-security').'</label>';
1140
+ echo '<input type="text" name="mscan_max_time_limit" class="regular-text-50-fixed" style="margin-bottom:5px" value="'.esc_html(trim(stripslashes($max_time_limit))).'" /> Seconds';
1141
  echo '<br>';
1142
 
1143
  echo '<label for="bps-mscan-label" style="">'.__('Exclude Individual Folders', 'bulletproof-security').'</label><strong><font color="black"><span class="tooltip-350-120"><img src="'.plugins_url('/bulletproof-security/admin/images/question-mark.png').'" style="position:relative;top:3px;left:10px;" /><span>'.__('Enter one folder path per line. Include folder slashes.', 'bulletproof-security').'<br>'.__('Example:', 'bulletproof-security').'<br>/parent-folder-1/child-folder-1/<br>/parent-folder-2/child-folder-2/<br><br>'.__('Click the MScan Question Mark help button for more help info.', 'bulletproof-security').'</span></span></font></strong><br>';
1144
  // trimming whitespace does not work because I am not trimming newlines or returns
1145
+ echo '<textarea class="text-area-340x60" name="mscan_exclude_dirs" style="width:340px;height:60px;margin-bottom:5px" tabindex="1">'.esc_textarea(trim(stripslashes($mscan_exclude_dirs), " \t\0\x0B") ).'</textarea>';
1146
  echo '<input type="hidden" name="scrolltoExcludeDirs" id="scrolltoExcludeDirs" value="'.esc_html( $scrolltoExcludeDirs ).'" />';
1147
  echo '<br>';
1148
 
1166
 
1167
  echo '<label for="bps-mscan-label" style="">'.__('Exclude /tmp Files', 'bulletproof-security').'</label><strong><font color="black"><span class="tooltip-350-120"><img src="'.plugins_url('/bulletproof-security/admin/images/question-mark.png').'" style="position:relative;top:3px;left:10px;" /><span>'.__('Enter one file name per line.', 'bulletproof-security').'<br>'.__('Example:', 'bulletproof-security').'<br>mysql.sock<br>.s.PGSQL.5432<br>.per-user<br>'.__('Click the MScan Question Mark help button for more help info.', 'bulletproof-security').'</span></span></font></strong><br>';
1168
  // trimming whitespace does not work because I am not trimming newlines or returns
1169
+ echo '<textarea class="text-area-340x60" name="mscan_exclude_tmp_files" style="width:340px;height:60px;margin-bottom:5px" tabindex="1">'.esc_textarea(trim(stripslashes($mscan_exclude_tmp_files), " \t\0\x0B") ).'</textarea>';
1170
  echo '<input type="hidden" name="scrolltoExcludeTmpFiles" id="scrolltoExcludeTmpFiles" value="'.esc_html( $scrolltoExcludeTmpFiles ).'" />';
1171
  echo '<br>';
1172
 
1187
  echo '<td style="border:none">';
1188
  echo '<div id="MScanOptions" style="margin:19px 0px 0px 0px;float:left;">';
1189
 
 
 
 
 
 
 
 
1190
  echo '<form name="MScanDeleteHashes" action="'.admin_url( 'admin.php?page=bulletproof-security/admin/mscan/mscan.php' ).'" method="post">';
1191
  wp_nonce_field('bulletproof_security_mscan_delete_hashes');
1192
  echo "<input type=\"submit\" name=\"Submit-MScan-Delete-Hashes\" value=\"".esc_attr__('Delete File Hashes Tool', 'bulletproof-security')."\" class=\"button bps-button\" style=\"width:175px;height:auto;white-space:normal\" onclick=\"return confirm('".__('CAUTION: Please click the MScan Question Mark help button before using this tool. This tool allows you to delete the Plugin and Theme file hashes.\n\n-------------------------------------------------------------\n\nThis tool should ONLY be used if there is a problem when scanning Plugin and Theme files.\n\n-------------------------------------------------------------\n\nClick OK to delete Plugin and Theme file hashes or click Cancel', 'bulletproof-security')."')\" />";
1221
  echo '</tbody>';
1222
  echo '</table>';
1223
 
 
 
1224
  function bpsPro_mscan_plugin_zip_upload() {
1225
  global $bps_topDiv, $bps_bottomDiv;
1226
 
1256
  $plugin_name_version_array = array();
1257
 
1258
  foreach ( $_FILES['bps_plugin_zip_upload']['name'] as $key => $value ) {
1259
+
1260
+ $plugin_name = strstr($value, '.', true);
1261
+ $plugin_version = strstr($value, '.');
1262
+ $plugin_version_nodot = substr($plugin_version, 1);
1263
+ $plugin_version_replace = str_replace( ".zip", "", $plugin_version_nodot );
1264
  $plugin_name_version_array[$plugin_name] = $plugin_version_replace;
1265
  }
1266
 
1333
  }
1334
  }
1335
 
 
 
1336
  function bpsPro_mscan_theme_zip_upload() {
1337
  global $bps_topDiv, $bps_bottomDiv;
1338
 
1368
  $theme_name_version_array = array();
1369
 
1370
  foreach ( $_FILES['bps_theme_zip_upload']['name'] as $key => $value ) {
1371
+
1372
+ $theme_name = strstr($value, '.', true);
1373
+ $theme_version = strstr($value, '.');
1374
+ $theme_version_nodot = substr($theme_version, 1);
1375
+ $theme_version_replace = str_replace( ".zip", "", $theme_version_nodot );
1376
  $theme_name_version_array[$theme_name] = $theme_version_replace;
1377
  }
1378
 
1482
 
1483
  ?>
1484
 
1485
+ <style>
1486
+ <!--
1487
+ .ui-accordion.bps-accordion .ui-accordion-content {overflow:hidden;}
1488
+ -->
1489
+ </style>
1490
+
1491
+ <script type="text/javascript">
1492
+ /* <![CDATA[ */
1493
+ jQuery(document).ready(function($){
1494
+ $( "#bps-accordion-1" ).accordion({
1495
+ collapsible: true,
1496
+ active: 1,
1497
+ autoHeight: true,
1498
+ clearStyle: true,
1499
+ heightStyle: "content"
1500
+ });
1501
+ });
1502
+ /* ]]> */
1503
+ </script>
1504
 
1505
  <?php
1506
  }
1507
  }
1508
 
 
 
1509
  if ( isset( $_POST['Submit-MScan-Suspect-Form'] ) && current_user_can('manage_options') ) {
1510
  check_admin_referer('bulletproof_security_mscan_suspicious_files');
1511
 
1512
  ?>
1513
 
1514
+ <style>
1515
+ <!--
1516
+ .ui-accordion.bps-accordion .ui-accordion-content {overflow:hidden;}
1517
+ -->
1518
+ </style>
1519
+
1520
  <script type="text/javascript">
1521
+ /* <![CDATA[ */
1522
+ jQuery(document).ready(function($){
1523
+ $( "#bps-accordion-1" ).accordion({
1524
+ collapsible: true,
1525
+ active: 1,
1526
+ autoHeight: true,
1527
+ clearStyle: true,
1528
+ heightStyle: "content"
1529
+ });
1530
+ });
1531
+ /* ]]> */
1532
+ </script>
1533
 
1534
  <?php
1535
 
1651
 
1652
  } else {
1653
 
1654
+ if ( preg_match( '/Altered\sor\sunknown/', $row->mscan_pattern ) ) {
1655
+
1656
+ $text = '<div style="margin:0px 0px 5px 0px;font-size:1.13em;font-weight:600"><span style="width:100px;margin:0px;padding:0px 6px 0px 6px;background-color:#e8e8e8;border:1px solid gray;"><a href="'.admin_url( "admin.php?page=bulletproof-security/admin/mscan/mscan.php&mscan_view_file=view_file&_wpnonce=$nonce" ).'" style="text-decoration:none;">'.__('Close File', 'bulletproof-security').'</a></span> '.$filename.' : '.__('MScan File Hash Mismatch', 'bulletproof-security').': <span style="background-color:yellow;">'.esc_html($row->mscan_pattern).'</span><br>'.__('Known Issues: Some plugins and themes alter or create new files after they are installed. That will create false positives.', 'bulletproof-security').'<br>'.__('You can download files that are seen as suspicious and compare them to new plugin or theme files using a code editor like Notepad++.', 'bulletproof-security').'<br>'.__('If you are not sure what to check for or what is and is not malicious code then click the MScan Question Mark help button.', 'bulletproof-security').'</div>';
1657
+
1658
+ echo $text;
1659
+
1660
+ } else {
1661
+
1662
+ $text = '<div style="margin:0px 0px 5px 0px;font-size:1.13em;font-weight:600"><span style="width:100px;margin:0px;padding:0px 6px 0px 6px;background-color:#e8e8e8;border:1px solid gray;"><a href="'.admin_url( "admin.php?page=bulletproof-security/admin/mscan/mscan.php&mscan_view_file=view_file&_wpnonce=$nonce" ).'" style="text-decoration:none;">'.__('Close File', 'bulletproof-security').'</a></span> '.$filename.' : '.__('MScan Pattern Match', 'bulletproof-security').': <span style="background-color:yellow;">'.esc_html($row->mscan_pattern).'</span><br>'.__('You can use your Browser\'s Search or Find feature to search the file contents/code displayed below using the MScan Pattern Match above for the suspicious code that was detected by MScan.', 'bulletproof-security').'<br>'.__('You can download suspicious files if you would like to check the file contents/code more extensively with a code editor like Notepad++.', 'bulletproof-security').'<br>'.__('If you are not sure what to check for or what is and is not malicious code then click the MScan Question Mark help button.', 'bulletproof-security').'</div>';
1663
+
1664
+ echo $text;
1665
+ }
1666
 
 
1667
  echo '<pre style="max-width:70%;height:200px;white-space:pre-wrap;white-space:-moz-pre-wrap;white-space:-pre-wrap;white-space:-o-pre-wrap;word-wrap:break-word;">';
1668
  echo esc_html($file_contents);
1669
  echo '</pre>';
1769
  echo '</table>';
1770
  echo '</div>';
1771
 
1772
+ echo "<input type=\"submit\" name=\"Submit-MScan-Suspect-Form\" value=\"".esc_attr__('Submit', 'bulletproof-security')."\" class=\"button bps-button\" onclick=\"return confirm('".__('View File Option: Selecting the View File Checkbox Form option will display the contents of the file that you have selected to view.\n\n-------------------------------------------------------------\n\nIgnore File Option: Selecting the Ignore File Checkbox Form option will change the Current Status of a file to Ignored File and MScan will ignore that file in any future scans.\n\n-------------------------------------------------------------\n\nUnignore File Option: Selecting the Unignore File Checkbox Form option will remove the Ignored File Current Status of a file and MScan will scan that file in any future scans. Note: The previous Status of the file will be displayed again.\n\n-------------------------------------------------------------\n\nDelete File Option: Selecting the Delete File Checkbox Form option will delete the file and delete the database entry for that file.\n\n-------------------------------------------------------------\n\nClick OK to proceed or click Cancel', 'bulletproof-security')."')\" />";
1773
  echo "<input type=\"button\" name=\"cancel\" value=\"".__('Clear|Refresh', 'bulletproof-security')."\" class=\"button bps-button\" style=\"margin-left:20px\" onclick=\"javascript:history.go(0)\" />";
1774
  echo '</form>';
1775
 
1827
 
1828
  ?>
1829
 
1830
+ <style>
1831
+ <!--
1832
+ .ui-accordion.bps-accordion .ui-accordion-content {overflow:hidden;}
1833
+ -->
1834
+ </style>
1835
+
1836
+ <script type="text/javascript">
1837
+ /* <![CDATA[ */
1838
+ jQuery(document).ready(function($){
1839
+ $( "#bps-accordion-1" ).accordion({
1840
+ collapsible: true,
1841
+ active: 2,
1842
+ autoHeight: true,
1843
+ clearStyle: true,
1844
+ heightStyle: "content"
1845
+ });
1846
+ });
1847
+ /* ]]> */
1848
+ </script>
1849
 
1850
  <?php
1851
  }
1852
  }
1853
 
 
 
1854
  if ( isset( $_POST['Submit-MScan-Suspect-DB-Form'] ) && current_user_can('manage_options') ) {
1855
  check_admin_referer('bulletproof_security_mscan_suspicious_db_entries');
1856
 
1857
  ?>
1858
 
1859
+ <style>
1860
+ <!--
1861
+ .ui-accordion.bps-accordion .ui-accordion-content {overflow:hidden;}
1862
+ -->
1863
+ </style>
1864
+
1865
  <script type="text/javascript">
1866
+ /* <![CDATA[ */
1867
+ jQuery(document).ready(function($){
1868
+ $( "#bps-accordion-1" ).accordion({
1869
+ collapsible: true,
1870
+ active: 2,
1871
+ autoHeight: true,
1872
+ clearStyle: true,
1873
+ heightStyle: "content"
1874
+ });
1875
+ });
1876
+ /* ]]> */
1877
+ </script>
1878
 
1879
  <?php
1880
 
2041
  echo '</table>';
2042
  echo '</div>';
2043
 
2044
+ echo "<input type=\"submit\" name=\"Submit-MScan-Suspect-DB-Form\" value=\"".esc_attr__('Submit', 'bulletproof-security')."\" class=\"button bps-button\" onclick=\"return confirm('".__('View DB Entry Option: Selecting the View DB Entry Checkbox Form option will display the contents of the DB Table, Column and Row ID that you have selected to view.\n\n-------------------------------------------------------------\n\nIgnore DB Entry Option: Selecting the Ignore DB Entry Checkbox Form option will change the Current Status of a DB Entry to Ignored DB Entry and MScan will ignore that DB Entry in any future scans.\n\n-------------------------------------------------------------\n\nUnignore DB Entry Option: Selecting the Unignore DB Entry Checkbox Form option will remove the Ignored DB Entry Current Status of a DB Entry and MScan will scan that DB Entry in any future scans. Note: The previous Status of the DB Entry will be displayed again.\n\n-------------------------------------------------------------\n\nClick OK to proceed or click Cancel', 'bulletproof-security')."')\" />";
2045
  echo "<input type=\"button\" name=\"cancel\" value=\"".__('Clear|Refresh', 'bulletproof-security')."\" class=\"button bps-button\" style=\"margin-left:20px\" onclick=\"javascript:history.go(0)\" />";
2046
  echo '</form>';
2047
 
2093
  <tr>
2094
  <td class="bps-table_cell_help">
2095
 
2096
+ <h3 style="margin:0px 0px 10px 0px;"><?php _e('MScan Log', 'bulletproof-security'); ?> <button id="bps-open-modal2" class="button bps-modal-button"><img src="<?php echo plugins_url('/bulletproof-security/admin/images/question-mark-large.jpg'); ?>" style="margin:0px 0px 0px -10px" /></button></h3>
 
2097
 
2098
  <div id="bps-modal-content2" class="bps-dialog-hide" title="<?php _e('MScan Log', 'bulletproof-security'); ?>">
2099
  <p>
2112
 
2113
  <?php
2114
 
 
2115
  function bpsPro_MScan_Log_LastMod() {
2116
+
2117
+ $filename = WP_CONTENT_DIR . '/bps-backup/logs/mscan_log.txt';
2118
+ $gmt_offset = get_option( 'gmt_offset' ) * 3600;
2119
+
2120
+ if ( file_exists($filename) ) {
2121
+ $last_modified = date("F d Y H:i:s", filemtime($filename) + $gmt_offset);
2122
+
2123
+ return esc_html($last_modified);
2124
  }
2125
  }
2126
 
 
2127
  function bpsPro_MScan_ModTimeDiff() {
2128
+
2129
+ $options = get_option('bulletproof_security_options_MScan_log');
2130
+ $last_modified_time = bpsPro_MScan_Log_LastMod();
2131
+ $last_modified_time_db = ! isset($options['bps_mscan_log_date_mod']) ? '' : $options['bps_mscan_log_date_mod'];
2132
 
2133
  if ( isset($options['bps_mscan_log_date_mod']) && $options['bps_mscan_log_date_mod'] == '' ) {
2134
  $text = '<font color="#fb0101" style="padding-right:5px;"><strong>'.__('Click the Reset Last Modified Time in DB button', 'bulletproof-security').'<br>'.__('to set the', 'bulletproof-security').'</strong></font>';
2146
  }
2147
  }
2148
 
 
2149
  function bpsPro_MScan_LogSize() {
 
 
 
 
2150
 
2151
+ $filename = WP_CONTENT_DIR . '/bps-backup/logs/mscan_log.txt';
2152
+
2153
+ if ( file_exists($filename) ) {
2154
+ $logSize = filesize($filename);
2155
+
2156
+ if ( $logSize < 2097152 ) {
2157
+ $text = '<span style="font-size:13px;"><strong>'. __('MScan Log File Size: ', 'bulletproof-security').'<font color="#2271b1">'. round($logSize / 1024, 2) .' KB</font></strong></span><br><br>';
2158
+ echo $text;
2159
+
2160
+ } else {
2161
+
2162
+ $text = '<span style="font-size:13px;"><strong>'. __('MScan Log File Size: ', 'bulletproof-security').'<font color="#fb0101">'. round($logSize / 1024, 2) .' KB<br>'.__('The Display & Alert Options Email Logging options will only send log files up to 2MB in size.', 'bulletproof-security').'</font></strong><br>'.__('Copy and paste the MScan Log file contents into a Notepad text file on your computer and save it.', 'bulletproof-security').'<br>'.__('Then click the Delete Log button to delete the contents of this Log file.', 'bulletproof-security').'</span><br><br>';
2163
+ echo $text;
2164
+ }
2165
  }
2166
  }
2167
  bpsPro_MScan_LogSize();
2173
  $bps_mscan_log_date_mod = ! isset($MScanLogoptions['bps_mscan_log_date_mod']) ? '' : $MScanLogoptions['bps_mscan_log_date_mod'];
2174
  ?>
2175
  <label for="QLog"><strong><?php _e('MScan Log Last Modified Time:', 'bulletproof-security'); ?></strong></label><br />
2176
+ <label for="QLog"><strong><?php echo bpsPro_MScan_ModTimeDiff(); ?></strong><?php echo esc_html($bps_mscan_log_date_mod); ?></label><br />
2177
  <label for="QLog" style="vertical-align:top;"><strong><?php _e('Last Modified Time in File:', 'bulletproof-security'); ?></strong></label>
2178
  <input type="text" name="bulletproof_security_options_MScan_log[bps_mscan_log_date_mod]" style="color:#2271b1;font-size:13px;width:200px;margin-top:-6px;padding-left:4px;font-weight:600;border:none;background:none;outline:none;-webkit-box-shadow:none;box-shadow:none;-webkit-transition:none;transition:none;" value="<?php echo bpsPro_MScan_Log_LastMod(); ?>" /><br />
2179
  <input type="submit" name="Submit-MScan-Mod" class="button bps-button" style="margin:10px 0px 0px 0px;" value="<?php esc_attr_e('Reset Last Modified Time in DB', 'bulletproof-security') ?>" />
2183
  if ( isset( $_POST['Submit-Delete-MScan-Log'] ) && current_user_can('manage_options') ) {
2184
  check_admin_referer( 'bulletproof_security_delete_mscan_log' );
2185
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
2186
  $options = get_option('bulletproof_security_options_MScan_log');
2187
  $last_modified_time_db = $options['bps_mscan_log_date_mod'];
2188
  $time = strtotime($last_modified_time_db);
2209
  <div id="messageinner" class="updatedinner">
2210
  <?php
2211
 
 
2212
  function bpsPro_MScan_get_contents() {
2213
 
2214
  if ( current_user_can('manage_options') ) {
2217
 
2218
  if ( file_exists($mscan_log) ) {
2219
  $mscan_log = file_get_contents($mscan_log);
2220
+
2221
+ return esc_textarea($mscan_log);
2222
 
2223
  } else {
2224
 
2227
  }
2228
  }
2229
 
 
2230
  if ( current_user_can('manage_options') ) {
2231
+
2232
  $mscan_log = WP_CONTENT_DIR . '/bps-backup/logs/mscan_log.txt';
2233
  $write_test = "";
2234
 
2235
  if ( is_writable($mscan_log) ) {
2236
+
2237
+ if ( ! $handle = fopen($mscan_log, 'a+b' ) ) {
2238
+ exit;
2239
+ }
2240
 
2241
+ if ( fwrite($handle, $write_test) === false ) {
2242
+ exit;
2243
+ }
2244
+
2245
+ fclose($handle);
2246
+
2247
+ $text = '<font color="green" style="font-size:12px;"><strong>'.__('File Open and Write test successful! Your MScan Log file is writable.', 'bulletproof-security').'</strong></font><br>';
2248
+ echo $text;
2249
  }
2250
+ }
2251
 
2252
+ if ( isset( $_POST['Submit-MScan-Log'] ) && current_user_can('manage_options') ) {
2253
+ check_admin_referer( 'bulletproof_security_save_mscan_log' );
 
2254
 
2255
+ $newcontent_mscan = stripslashes( $_POST['newcontent_mscan'] );
2256
+
2257
  if ( is_writable($mscan_log) ) {
2258
+
2259
  $handle = fopen($mscan_log, 'w+b');
2260
  fwrite($handle, $newcontent_mscan);
2261
  $text = '<font color="green" style="font-size:12px;"><strong>'.__('Success! Your MScan Log file has been updated.', 'bulletproof-security').'</strong></font><br>';
2266
  echo $text;
2267
  echo $bps_bottomDiv;
2268
 
2269
+ fclose($handle);
2270
 
2271
  $gmt_offset = get_option( 'gmt_offset' ) * 3600;
2272
  $time_now = date("F d Y H:i:s", time() + $gmt_offset );
2352
 
2353
  <?php
2354
 
 
2355
  function bpsPro_mscan_report() {
2356
  global $wpdb, $wp_version, $bps_topDiv, $bps_bottomDiv;
2357
 
2499
 
2500
  if ( file_exists($wp_hashes_file) ) {
2501
  $check_string = file_get_contents($wp_hashes_file);
2502
+
2503
+ if ( preg_match( '/WordPress\s(\d\.){1,}\d\sHashes/', $check_string, $matches ) ) {
2504
+ $wp_core_hash_file_version_replace = preg_replace( array( '/WordPress\s/', '/\sHashes/' ), "", $matches[0] );
2505
+ } else {
2506
+ $wp_core_hash_file_version_replace = 'NA';
2507
+ }
2508
 
2509
  $mscan_report_core_hash_version_comparison = '<div class="mscan-report-row"><strong>'.__('WP Core Hash File Version: ', 'bulletproof-security'). '</strong>' .$wp_core_hash_file_version_replace.' | <strong>'.__('WP Installed Version: ', 'bulletproof-security').'</strong>' .$wp_version.'</div>';
2510
  echo $mscan_report_core_hash_version_comparison;
2595
 
2596
  $hover_icon_theme_hash = '<strong><font color="black"><span class="tooltip-350-150"><img src="'.plugins_url('/bulletproof-security/admin/images/question-mark.png').'" style="position:relative;top:3px;left:10px;" /><span>'.__('File hashes do not exist for this theme. This theme\'s files were not scanned. If you would like to scan this themes\'s files then use the "Upload Theme Zip Files" Form to upload a zip file for this theme. Click the MScan Scan Question Mark help button on the MScan Scan tab page and read the "Upload Theme Zip Files" help section for more help info.', 'bulletproof-security').'</span></span></font></strong>';
2597
 
2598
+ if ( isset($mscan_plugin_hash['bps_mscan_plugin_hash_version_check']) && is_array( $mscan_plugin_hash['bps_mscan_plugin_hash_version_check'] ) && ! is_null( $mscan_plugin_hash['bps_mscan_plugin_hash_version_check'] ) ) {
2599
 
2600
  foreach ( $mscan_plugin_hash['bps_mscan_plugin_hash_version_check'] as $key => $value ) {
2601
 
2651
  }
2652
  }
2653
 
2654
+ if ( isset($mscan_theme_hash['bps_mscan_theme_hash_version_check']) && is_array( $mscan_theme_hash['bps_mscan_theme_hash_version_check'] ) && ! is_null( $mscan_theme_hash['bps_mscan_theme_hash_version_check'] ) ) {
2655
 
2656
  foreach ( $mscan_theme_hash['bps_mscan_theme_hash_version_check'] as $key => $value ) {
2657
 
2834
  echo '</div>';
2835
  }
2836
 
 
2837
  if ( isset( $_POST['Submit-MScan-Save-Report'] ) && current_user_can('manage_options') ) {
2838
  check_admin_referer('bulletproof_security_mscan_save_report');
2839
 
3055
 
3056
  <?php
3057
 
 
3058
  if ( ! get_option('bulletproof_security_options_mscan_report') ) {
3059
 
3060
  echo '<h2>'.__('No Saved MScan Reports To Display: No MScan Reports have been saved yet.', 'bulletproof-security').'</h2>';
3177
  echo '</tbody>';
3178
  echo '</table>';
3179
  echo '</div>';
3180
+
3181
+ echo "<p><input type=\"submit\" name=\"Submit-MScan-View-Delete\" value=\"".esc_attr__('View|Delete Reports', 'bulletproof-security')."\" class=\"button bps-button\" style=\"margin:0px 0px 0px 0px\" onclick=\"return confirm('".__('Click OK to proceed or click Cancel', 'bulletproof-security')."')\" /></p></form>";
3182
 
3183
  }
3184
 
 
3185
  if ( isset( $_POST['Submit-MScan-View-Delete'] ) && current_user_can('manage_options') ) {
3186
  check_admin_referer('bulletproof_security_mscan_saved_reports');
3187
 
3502
  $mscan_report_plugin_hash_title = '<div class="mscan-report-row-title" style="padding-top:8px">'.__('Plugin File Hashes: ', 'bulletproof-security').'</div>';
3503
  echo $mscan_report_plugin_hash_title;
3504
 
 
3505
  foreach ( $report_options[$bps_mscan_report_data_view][6][8][0]['Plugin File Hashes:'] as $key => $value ) {
3506
  echo $value;
3507
  }
3509
  $mscan_report_theme_hash_title = '<div class="mscan-report-row-title" style="padding-top:8px">'.__('Theme File Hashes: ', 'bulletproof-security').'</div>';
3510
  echo $mscan_report_theme_hash_title;
3511
 
 
3512
  foreach ( $report_options[$bps_mscan_report_data_view][6][8][0][0]['Theme File Hashes:'] as $key => $value ) {
3513
  echo $value;
3514
  }
3662
  </tr>
3663
  </table>
3664
  </div>
3665
+ <?php echo $bps_footer; ?>
 
 
3666
  </div>
3667
  </div>
admin/security-log/security-log.php CHANGED
@@ -33,7 +33,7 @@ if ( isset( $ScrollTop_options['bps_scrolltop'] ) && $ScrollTop_options['bps_scr
33
 
34
  <?php
35
  // General all purpose "Settings Saved." message for forms
36
- if ( current_user_can('manage_options') && wp_script_is( 'bps-accordion', $list = 'queue' ) ) {
37
  if ( isset( $_GET['settings-updated'] ) && $_GET['settings-updated'] == true ) {
38
  $text = '<p style="font-size:1em;font-weight:bold;padding:2px 0px 2px 5px;margin:0px -11px 0px -11px;background-color:#dfecf2;-webkit-box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);""><font color="green"><strong>'.__('Settings Saved', 'bulletproof-security').'</strong></font></p>';
39
  echo $text;
@@ -86,7 +86,7 @@ if ( isset( $_POST['Submit-Error-Log-Off'] ) && current_user_can('manage_options
86
 
87
  } else {
88
 
89
- if ( $lock == '0404' || $AutoLockoptions['bps_root_htaccess_autolock'] == 'On' ) {
90
  chmod($filename, 0404);
91
  }
92
  }
@@ -108,7 +108,7 @@ if ( isset( $_POST['Submit-Error-Log-Off'] ) && current_user_can('manage_options
108
 
109
  } else {
110
 
111
- if ( $lock == '0404' || $AutoLockoptions['bps_root_htaccess_autolock'] == 'On' ) {
112
  chmod($filename, 0404);
113
  }
114
 
@@ -158,7 +158,7 @@ if ( isset( $_POST['Submit-Error-Log-On'] ) && current_user_can('manage_options'
158
 
159
  } else {
160
 
161
- if ( $lock == '0404' || $AutoLockoptions['bps_root_htaccess_autolock'] == 'On' ) {
162
  chmod($filename, 0404);
163
  }
164
 
@@ -185,14 +185,14 @@ if ( isset( $_POST['Submit-Error-Log-On'] ) && current_user_can('manage_options'
185
 
186
  } else {
187
 
188
- if ( $lock == '0404' || $AutoLockoptions['bps_root_htaccess_autolock'] == 'On' ) {
189
  chmod($filename, 0404);
190
  }
191
  }
192
  }
193
  }
194
-
195
  ?>
 
196
  </div>
197
 
198
  <!-- jQuery UI Tab Menu -->
@@ -278,27 +278,29 @@ echo '</div>';
278
 
279
  // Get File Size of the Security Log File
280
  function bps_getSecurityLogSize() {
281
- $filename = WP_CONTENT_DIR . '/bps-backup/logs/http_error_log.txt';
282
-
283
- if ( file_exists($filename) ) {
284
- $logSize = filesize($filename);
285
 
286
- if ( $logSize < 2097152 ) {
287
- $text = '<span style="font-size:13px;"><strong>'. __('Security Log File Size: ', 'bulletproof-security').'<font color="#2271b1">'. round($logSize / 1024, 2) .' KB</font></strong></span><br>';
288
- echo $text;
289
- } else {
290
- $text = '<span style="font-size:13px;"><strong>'. __('Security Log File Size: ', 'bulletproof-security').'<font color="#fb0101">'. round($logSize / 1024, 2) .' KB<br>'.__('Your Security Log file is larger than 2MB. It appears that BPS is unable to automatically zip, email and delete your Security Log file.', 'bulletproof-security').'</font></strong><br>'.__('Check your Email Alerts & Log File Options.', 'bulletproof-security').'<br>'.__('You can manually delete the contents of this log file by clicking the Delete Log button.', 'bulletproof-security').'</span><br>';
291
- echo $text;
292
- }
 
 
 
 
 
293
  }
294
  }
295
  bps_getSecurityLogSize();
296
 
297
  // Echo Error Logging On or Off
298
  function bpsErrorLoggingOnOff() {
299
- $filename = ABSPATH . '.htaccess';
300
- $check_string = file_get_contents($filename);
301
- $pattern = '/#{1,}(\s|){1,}ErrorDocument\s403(.*)\/bulletproof-security\/403\.php/';
 
302
 
303
  if ( file_exists($filename) && preg_match($pattern, $check_string, $matches) ) {
304
  $text = '<span style="font-size:13px;"><strong>'.__('Security Log Status: ', 'bulletproof-security').'<font color="#2271b1">'.__('Logging is Turned Off', 'bulletproof-security').'</font></strong></span><br>';
@@ -312,14 +314,15 @@ echo bpsErrorLoggingOnOff();
312
 
313
  // Get the Current/Last Modifed Date of the Security Log File
314
  function bps_getSecurityLogLastMod() {
315
- $filename = WP_CONTENT_DIR . '/bps-backup/logs/http_error_log.txt';
 
316
 
317
  if ( file_exists($filename) ) {
318
  $gmt_offset = get_option( 'gmt_offset' ) * 3600;
319
  $timestamp = date_i18n(get_option('date_format').' - '.get_option('time_format'), filemtime($filename) + $gmt_offset);
320
 
321
- $text = '<span style="font-size:13px;"><strong>'. __('Security Log Last Modified Time: ', 'bulletproof-security').'<font color="#2271b1">'.$timestamp.'</font></strong></span><br><br>';
322
- echo $text;
323
  }
324
  }
325
  echo bps_getSecurityLogLastMod();
@@ -330,31 +333,34 @@ if ( isset( $_POST['Submit-Delete-Log'] ) && current_user_can('manage_options')
330
 
331
  $SecurityLog = WP_CONTENT_DIR . '/bps-backup/logs/http_error_log.txt';
332
  $SecurityLogMaster = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/http_error_log.txt';
 
333
  copy($SecurityLogMaster, $SecurityLog);
334
- echo $bps_topDiv;
335
- $text = '<font color="green"><strong>'.__('Success! Your Security Log file has been deleted and replaced with a new blank Security Log file.', 'bulletproof-security').'</strong></font>';
336
- echo $text;
337
- echo $bps_bottomDiv;
 
338
  }
339
 
340
  // Security Log Form - Add User Agents to DB and write them to the 403.php template
341
  if ( isset( $_POST['Submit-UserAgent-Ignore'] ) && current_user_can('manage_options') ) {
342
  check_admin_referer( 'bulletproof_security_useragent_ignore' );
343
 
344
- $userAgent = trim(stripslashes($_POST['user-agent-ignore']));
345
- $table_name = $wpdb->prefix . "bpspro_seclog_ignore";
346
- $blankFile = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/blank.txt';
347
- $userAgentMaster = WP_CONTENT_DIR . '/bps-backup/master-backups/UserAgentMaster.txt';
348
- $bps403File = WP_PLUGIN_DIR . '/bulletproof-security/403.php';
349
- $search = '';
350
 
351
  // Halt Form Processing for characters that are not allowed: /, |, <, >, ' and "
352
  if ( preg_match( '|[\/\|\<\>\'\"]|', $userAgent ) ) {
353
 
354
  echo $bps_topDiv;
355
- $text = '<font color="#fb0101"><strong>'.__('Error: ', 'bulletproof-security').$userAgent.__(' User Agent|Bot was not successfully added. These code characters are not allowed to be used: ', 'bulletproof-security').'/ | < > \' "'.__(' Click the Read Help button for examples of valid User Agent|Bot names.', 'bulletproof-security').'</strong></font>';
356
  echo $text;
357
  echo $bps_bottomDiv;
 
358
  return;
359
  }
360
 
@@ -362,7 +368,7 @@ $search = '';
362
 
363
  echo $bps_topDiv;
364
  $rows_affected = $wpdb->insert( $table_name, array( 'time' => current_time('mysql'), 'user_agent_bot' => $userAgent ) );
365
- $text = '<font color="green"><strong>'.__('Success! ', 'bulletproof-security').$userAgent.__(' User Agent|Bot has been added to your DB. ', 'bulletproof-security').'</strong></font>';
366
  echo $text;
367
  echo $bps_bottomDiv;
368
 
@@ -395,8 +401,8 @@ $search = '';
395
  file_put_contents($userAgentMaster, $UserAgentRules);
396
  }
397
 
398
- $UserAgentRulesT = file_get_contents($userAgentMaster);
399
- $stringReplace = file_get_contents($bps403File);
400
 
401
  $stringReplace = preg_replace('/# BEGIN USERAGENT FILTER(.*)# END USERAGENT FILTER/s', "# BEGIN USERAGENT FILTER\nif ( !preg_match('/".trim($UserAgentRulesT, "|")."/', \$bpsPro_http_user_agent) ) {\n# END USERAGENT FILTER", $stringReplace);
402
 
@@ -421,21 +427,29 @@ $search = '';
421
  ?>
422
 
423
  <div id="SecLogPostLimit">
 
424
  <form name="SecLogPostLimit" action="options.php" method="post">
425
- <?php settings_fields('bulletproof_security_options_sec_log_post_limit'); ?>
426
- <?php $SecLogPostLimit = get_option('bulletproof_security_options_sec_log_post_limit'); ?>
 
 
 
 
 
427
 
428
  <strong><label for="SecLogPostLimit"><?php _e('POST Request Body Data', 'bulletproof-security'); ?></label></strong><br />
429
- <input type="checkbox" name="bulletproof_security_options_sec_log_post_limit[bps_security_log_post_none]" value="1" <?php if ( empty( $SecLogPostLimit['bps_security_log_post_none'] ) ) { echo ''; } else { checked( $SecLogPostLimit['bps_security_log_post_none'], 1 ); } ?> /><label><?php _e(' Do Not Log POST Request Body Data (0KB)', 'bulletproof-security'); ?></label><br />
430
- <input type="checkbox" name="bulletproof_security_options_sec_log_post_limit[bps_security_log_post_limit]" value="1" <?php if ( empty( $SecLogPostLimit['bps_security_log_post_limit'] ) ) { echo ''; } else { checked( $SecLogPostLimit['bps_security_log_post_limit'], 1 ); } ?> /><label><?php _e(' Log Minimum POST Request Body Data (5KB)', 'bulletproof-security'); ?></label><br />
431
- <input type="checkbox" name="bulletproof_security_options_sec_log_post_limit[bps_security_log_post_max]" value="1" <?php if ( empty( $SecLogPostLimit['bps_security_log_post_max'] ) ) { echo ''; } else { checked( $SecLogPostLimit['bps_security_log_post_max'], 1 ); } ?> /><label><?php _e(' Log Maximum POST Request Body Data (250KB)', 'bulletproof-security'); ?></label><br />
432
  <input type="submit" name="Submit-Sec-Log-Post-Limit" class="button bps-button" style="margin-top:5px;" value="<?php esc_attr_e('Save POST Request Body Data Option', 'bulletproof-security') ?>" onclick="return confirm('<?php $text = __('Click OK to Proceed or click Cancel.', 'bulletproof-security'); echo $text; ?>')"/>
433
  </form>
 
434
  </div>
435
 
436
  <div id="SecLogRemove-Allow"></div>
437
 
438
  <div id="bpsUserAgent1" style="margin:0px 0px 0px 0px;">
 
439
  <form action="<?php echo admin_url( 'admin.php?page=bulletproof-security/admin/security-log/security-log.php' ); ?>" method="post">
440
  <?php wp_nonce_field('bulletproof_security_useragent_ignore'); ?>
441
  <strong><label for="UA-ignore"><?php _e('Add User Agents|Bots to Ignore|Not Log', 'bulletproof-security'); ?></label></strong><br />
@@ -443,6 +457,7 @@ $search = '';
443
  <input type="text" name="user-agent-ignore" class="regular-text-320" value="" />
444
  <input type="submit" name="Submit-UserAgent-Ignore" value="<?php esc_attr_e('Add|Ignore', 'bulletproof-security') ?>" class="button bps-button" style="width:104px;height:auto;white-space:normal" onclick="return confirm('<?php $text = __('Clicking OK will Add the User Agent|Bot name you have entered to your DB and the 403.php Security Logging template.', 'bulletproof-security').'\n\n'.$bpsSpacePop.'\n\n'.__('Security logging checks are done by the 403.php Security Logging file and not by DB Queries.', 'bulletproof-security').'\n\n'.$bpsSpacePop.'\n\n'.__('To remove User Agents|Bots from being ignored/not logged use the Remove|Allow tool.', 'bulletproof-security').'\n\n'.$bpsSpacePop.'\n\n'.__('Click OK to proceed or click Cancel.', 'bulletproof-security'); echo $text; ?>')" />
445
  </form>
 
446
  </div>
447
 
448
 
@@ -467,26 +482,32 @@ $search = '';
467
  <tr>
468
  <td>
469
  <div id="SecurityLogTurnOffButton">
 
470
  <form name="BPSErrorLogOff" action="<?php echo admin_url( 'admin.php?page=bulletproof-security/admin/security-log/security-log.php' ); ?>" method="post">
471
  <?php wp_nonce_field('bps-error-log-off'); ?>
472
  <input type="submit" name="Submit-Error-Log-Off" value="<?php esc_attr_e('Turn Off Logging', 'bulletproof-security') ?>" class="button bps-button" style="width:125px;margin-right:15px;height:auto;white-space:normal" onclick="return confirm('<?php $text = __('Click OK to Turn Off Error Logging or click Cancel.', 'bulletproof-security'); echo $text; ?>')" />
473
  </form>
 
474
  </div>
475
  </td>
476
  <td>
477
  <div id="SecurityLogTurnOnButton">
 
478
  <form name="BPSErrorLogOn" action="<?php echo admin_url( 'admin.php?page=bulletproof-security/admin/security-log/security-log.php' ); ?>" method="post">
479
  <?php wp_nonce_field('bps-error-log-on'); ?>
480
  <input type="submit" name="Submit-Error-Log-On" value="<?php esc_attr_e('Turn On Logging', 'bulletproof-security') ?>" class="button bps-button" style="width:125px;margin-right:15px;height:auto;white-space:normal" onclick="return confirm('<?php $text = __('Click OK to Turn On Logging or click Cancel.', 'bulletproof-security'); echo $text; ?>')" />
481
  </form>
 
482
  </div>
483
  </td>
484
  <td>
485
  <div id="SecurityLogDeleteLogButton">
 
486
  <form name="DeleteLogForm" action="<?php echo admin_url( 'admin.php?page=bulletproof-security/admin/security-log/security-log.php' ); ?>" method="post">
487
  <?php wp_nonce_field('bps-delete-security-log'); ?>
488
  <input type="submit" name="Submit-Delete-Log" value="<?php esc_attr_e('Delete Log', 'bulletproof-security') ?>" class="button bps-button" style="width:125px;height:auto;white-space:normal" onclick="return confirm('<?php $text = __('Clicking OK will delete the contents of your Security Log file.', 'bulletproof-security').'\n\n'.$bpsSpacePop.'\n\n'.__('Click OK to Delete the Log file contents or click Cancel.', 'bulletproof-security'); echo $text; ?>')" />
489
  </form>
 
490
  </div>
491
  </td>
492
  </tr>
@@ -501,25 +522,25 @@ $search = '';
501
  if ( isset( $_POST['Submit-SecLog-Search'] ) && current_user_can('manage_options') ) {
502
  check_admin_referer( 'bulletproof_security_seclog_db_search' );
503
 
504
- $search = $_POST['userAgentSearchRemove'];
505
- $bpspro_seclog_table = $wpdb->prefix . "bpspro_seclog_ignore";
506
- $bps403File = WP_PLUGIN_DIR . '/bulletproof-security/403.php';
507
- $stringReplace = file_get_contents($bps403File);
508
- $searchAll = '';
509
 
510
- if ( ! file_exists($bps403File) ) {
511
- echo $bps_topDiv;
512
- $text = '<font color="#fb0101"><strong>'.__('Error: The ', 'bulletproof-security').$bps403File.__(' does not exist.', 'bulletproof-security').'</strong></font>';
513
- echo $text;
514
- echo $bps_bottomDiv;
515
- }
516
 
517
- $getSecLogTableSearch = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $bpspro_seclog_table WHERE user_agent_bot LIKE %s", "%$searchAll%") );
518
-
519
- if ( $wpdb->num_rows == 0 ) { // if no rows exist in DB add the BPSUserAgentPlaceHolder back into the 403.php security logging template
520
-
521
- $stringReplace = preg_replace('/# BEGIN USERAGENT FILTER(.*)# END USERAGENT FILTER/s', "# BEGIN USERAGENT FILTER\nif ( !preg_match('/BPSUserAgentPlaceHolder/', \$bpsPro_http_user_agent) ) {\n# END USERAGENT FILTER", $stringReplace);
522
 
 
 
523
  if ( ! file_put_contents($bps403File, $stringReplace) ) {
524
  echo $bps_topDiv;
525
  $text = '<font color="#fb0101"><strong>'.__('Error: Unable to write to file ', 'bulletproof-security').$bps403File.__('. Check that file permissions allow writing to this file. If you have a DSO Server check file and folder Ownership.', 'bulletproof-security').'</strong></font>';
@@ -527,20 +548,22 @@ $searchAll = '';
527
  echo $bps_bottomDiv;
528
 
529
  } else {
530
- // blah
531
  }
532
- } // end if ($wpdb->num_rows == 0) { // No database rows
533
  }
534
 
535
  // Remove User Agents|Bots Dynamic Radio button Form proccessing code
536
  if ( isset( $_POST['Submit-SecLog-Remove'] ) && current_user_can('manage_options') ) {
537
  check_admin_referer('bulletproof_security_seclog_db_remove');
538
 
539
- $removeornot = $_POST['removeornot'];
540
- $bpspro_seclog_table = $wpdb->prefix . "bpspro_seclog_ignore";
541
- $userAgentMaster = WP_CONTENT_DIR . '/bps-backup/master-backups/UserAgentMaster.txt';
542
- $bps403File = WP_PLUGIN_DIR . '/bulletproof-security/403.php';
543
- $searchALLD = '';
 
 
544
 
545
  switch( $_POST['Submit-SecLog-Remove'] ) {
546
  case __('Remove', 'bulletproof-security'):
@@ -563,6 +586,7 @@ $searchALLD = '';
563
  if ( ! empty($remove_rows) ) {
564
 
565
  foreach ( $remove_rows as $remove_row ) {
 
566
  if ( ! $delete_row = $wpdb->query( $wpdb->prepare( "DELETE FROM $bpspro_seclog_table WHERE user_agent_bot = %s", $remove_row) )) {
567
  $textSecLogRemove = '<font color="#fb0101"><strong>'.sprintf(__('%s unable to delete row from your DB.', 'bulletproof-security'), $remove_row).'</strong></font><br>';
568
  } else {
@@ -584,27 +608,27 @@ $searchALLD = '';
584
 
585
  $stringReplace = preg_replace('/# BEGIN USERAGENT FILTER(.*)# END USERAGENT FILTER/s', "# BEGIN USERAGENT FILTER\nif ( !preg_match('/".trim($UserAgentRulesT, "|")."/', \$bpsPro_http_user_agent) ) {\n# END USERAGENT FILTER", $stringReplace);
586
 
587
- if ( ! file_put_contents($bps403File, $stringReplace) ) {
588
- echo $bps_topDiv;
589
- $text = '<font color="#fb0101"><strong>'.__('Error: Unable to write to file ', 'bulletproof-security').$bps403File.__('. Check that file permissions allow writing to this file. If you have a DSO Server check file and folder Ownership.', 'bulletproof-security').'</strong></font>';
590
- echo $text;
591
- echo $bps_bottomDiv;
592
-
593
- } else {
594
- // need to run the Query again just in case there are 0 DB rows
595
- $getSecLogTableRemove = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $bpspro_seclog_table WHERE user_agent_bot LIKE %s", "%$searchAll%" ) );
596
-
597
- if ( $wpdb->num_rows == 0 ) { // if no rows exist in DB add the BPSUserAgentPlaceHolder back into the 403.php security logging template
598
 
599
- $stringReplace = preg_replace('/# BEGIN USERAGENT FILTER(.*)# END USERAGENT FILTER/s', "# BEGIN USERAGENT FILTER\nif ( !preg_match('/BPSUserAgentPlaceHolder/', \$bpsPro_http_user_agent) ) {\n# END USERAGENT FILTER", $stringReplace);
600
- file_put_contents($bps403File, $stringReplace);
601
- }
602
-
603
- echo $bps_topDiv;
604
- $text = '<font color="green"><strong>'.__('Success! The BPS 403.php Security Logging template file has been updated. This User Agent|Bot will be logged again in your Security Log.', 'bulletproof-security').'</strong></font>';
605
- echo $text;
606
- echo $bps_bottomDiv;
607
- }
 
 
 
 
 
 
608
  } // end if (!empty($remove_rows)) { // no rows selected to delete
609
 
610
  if ( ! empty($donotremove) ) {
@@ -616,7 +640,7 @@ $searchALLD = '';
616
  }
617
 
618
  if ( ! empty($textSecLogRemove) ) {
619
- echo '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>'.$textSecLogRemove.'</p></div>';
620
  }
621
  ?>
622
 
@@ -632,7 +656,8 @@ echo '<div id="message" class="updated" style="background-color:#dfecf2;border:1
632
  $text = '<font color="#fb0101"><strong>'.__('Error: These code characters are not allowed to be used: ', 'bulletproof-security').'/ | < > \' "'.'</strong></font>';
633
  echo $text;
634
  echo $bps_bottomDiv;
635
- return;
 
636
  }
637
 
638
  $bpspro_seclog_table = $wpdb->prefix . "bpspro_seclog_ignore";
@@ -654,24 +679,27 @@ echo '<div id="message" class="updated" style="background-color:#dfecf2;border:1
654
 
655
  foreach ( $getSecLogTableSearchForm as $row ) {
656
 
657
- echo '<th scope="row" style="border-bottom:none;">'.$row->user_agent_bot.'</th>';
658
- echo "<td><input type=\"radio\" id=\"remove\" name=\"removeornot[$row->user_agent_bot]\" value=\"remove\" /></td>";
659
- echo "<td><input type=\"radio\" id=\"donotremove\" name=\"removeornot[$row->user_agent_bot]\" value=\"donotremove\" checked /></td>";
660
- echo '<td>'.$row->time.'</td>';
661
- echo '</tr>';
662
  }
 
663
  echo '</tbody>';
664
  echo '</table>';
 
665
  if ( $wpdb->num_rows != 0 ) {
666
- echo $bps_topDiv;
667
- $text = '<font color="green"><strong>'.__('Your DB Search Results For User Agents|Bots To Remove are displayed below the Remove|Allow Search tool.', 'bulletproof-security').'</strong></font><br>';
668
- echo $text;
669
  } else {
670
- echo $bps_topDiv;
671
- $text = '<font color="blue"><strong>'.__('You do not have any User Agents|Bots in your DB To Remove. An empty/blank dynamic radio button form is displayed below the Remove|Allow Search tool since you do not have any User Agents|Bot to remove.', 'bulletproof-security').'</strong></font><br>';
672
- echo $text;
673
  }
674
- echo $bps_bottomDiv;
 
675
 
676
  ?>
677
  <input type="submit" name="Submit-SecLog-Remove" value="<?php esc_attr_e('Remove', 'bulletproof-security'); ?>" class="button bps-button" onclick="return confirm('<?php $text = __('Clicking OK will Remove the User Agent|Bot DB entries for any Remove Radio button selections you have made. User Agents|Bots will also be removed from the 403.php Security Logging template.', 'bulletproof-security').'\n\n'.$bpsSpacePop.'\n\n'.__('To add a User Agent|Bot, use the Add|Ignore tool.', 'bulletproof-security').'\n\n'.$bpsSpacePop.'\n\n'.__('Click OK to proceed or click Cancel.', 'bulletproof-security'); echo $text; ?>')" />
@@ -683,10 +711,12 @@ echo '<div id="message" class="updated" style="background-color:#dfecf2;border:1
683
  ?>
684
 
685
  <div id="ViewSecurityLog" style="margin:10px 0px 10px 0px">
 
686
  <form name="ViewSecurityLogForm" action="<?php echo admin_url( 'admin.php?page=bulletproof-security/admin/security-log/security-log.php' ); ?>" method="post">
687
  <?php wp_nonce_field('bps_view_security_log'); ?>
688
  <input type="submit" name="Submit-View-Security-Log" value="<?php esc_attr_e('View Log', 'bulletproof-security') ?>" class="button bps-button" onclick="return confirm('<?php $text = __('Clicking OK will display the contents of your Security Log file.', 'bulletproof-security').'\n\n'.$bpsSpacePop.'\n\n'.__('Click OK to view the Log file or click Cancel.', 'bulletproof-security'); echo $text; ?>')" />
689
  </form>
 
690
  </div>
691
 
692
  <div id="messageinner" class="updatedinner">
@@ -708,7 +738,7 @@ function bps_get_security_log() {
708
  $get_sec_log_contents = file_get_contents($bps_sec_log);
709
  $sec_log_clean = preg_replace( '/[^\x01-\x7F]/', "", remove_accents( $get_sec_log_contents ) );
710
 
711
- return esc_html($sec_log_clean);
712
 
713
  } else {
714
 
@@ -745,9 +775,12 @@ function bpsPro_security_log_write_check() {
745
 
746
  bpsPro_security_log_write_check();
747
 
748
- if ( isset( $_POST['submit-security-log'] ) && current_user_can('manage_options') ) {
749
- check_admin_referer( 'bulletproof_security_save_security_log' );
750
- $newcontentSecLog = stripslashes($_POST['newcontentSecLog']);
 
 
 
751
 
752
  if ( is_writable($bps_sec_log) ) {
753
 
@@ -770,6 +803,7 @@ $scrolltoSecLog = isset($_REQUEST['scrolltoSecLog']) ? (int) $_REQUEST['scrollto
770
  </div>
771
 
772
  <div id="SecLogEditor">
 
773
  <form name="bpsSecLog" id="bpsSecLog" action="<?php echo admin_url( 'admin.php?page=bulletproof-security/admin/security-log/security-log.php' ); ?>" method="post">
774
  <?php wp_nonce_field('bulletproof_security_save_security_log'); ?>
775
  <div id="bpsSecLog">
@@ -779,7 +813,9 @@ $scrolltoSecLog = isset($_REQUEST['scrolltoSecLog']) ? (int) $_REQUEST['scrollto
779
  <input type="submit" name="submit-security-log" class="button bps-button" value="<?php esc_attr_e('Update File', 'bulletproof-security') ?>" />
780
  </div>
781
  </div>
 
782
  </form>
 
783
  <script type="text/javascript">
784
  /* <![CDATA[ */
785
  jQuery(document).ready(function($){
@@ -788,6 +824,7 @@ jQuery(document).ready(function($){
788
  });
789
  /* ]]> */
790
  </script>
 
791
  </div>
792
 
793
  </td>
@@ -814,8 +851,6 @@ jQuery(document).ready(function($){
814
  </tr>
815
  </table>
816
  </div>
817
-
818
- <div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION; ?> Plugin by <a href="https://www.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
819
- </div>
820
  </div>
821
  </div>
33
 
34
  <?php
35
  // General all purpose "Settings Saved." message for forms
36
+ if ( current_user_can('manage_options') ) {
37
  if ( isset( $_GET['settings-updated'] ) && $_GET['settings-updated'] == true ) {
38
  $text = '<p style="font-size:1em;font-weight:bold;padding:2px 0px 2px 5px;margin:0px -11px 0px -11px;background-color:#dfecf2;-webkit-box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);""><font color="green"><strong>'.__('Settings Saved', 'bulletproof-security').'</strong></font></p>';
39
  echo $text;
86
 
87
  } else {
88
 
89
+ if ( $lock == '0404' || isset($AutoLockoptions['bps_root_htaccess_autolock']) && $AutoLockoptions['bps_root_htaccess_autolock'] == 'On' ) {
90
  chmod($filename, 0404);
91
  }
92
  }
108
 
109
  } else {
110
 
111
+ if ( $lock == '0404' || isset($AutoLockoptions['bps_root_htaccess_autolock']) && $AutoLockoptions['bps_root_htaccess_autolock'] == 'On' ) {
112
  chmod($filename, 0404);
113
  }
114
 
158
 
159
  } else {
160
 
161
+ if ( $lock == '0404' || isset($AutoLockoptions['bps_root_htaccess_autolock']) && $AutoLockoptions['bps_root_htaccess_autolock'] == 'On' ) {
162
  chmod($filename, 0404);
163
  }
164
 
185
 
186
  } else {
187
 
188
+ if ( $lock == '0404' || isset($AutoLockoptions['bps_root_htaccess_autolock']) && $AutoLockoptions['bps_root_htaccess_autolock'] == 'On' ) {
189
  chmod($filename, 0404);
190
  }
191
  }
192
  }
193
  }
 
194
  ?>
195
+
196
  </div>
197
 
198
  <!-- jQuery UI Tab Menu -->
278
 
279
  // Get File Size of the Security Log File
280
  function bps_getSecurityLogSize() {
 
 
 
 
281
 
282
+ $filename = WP_CONTENT_DIR . '/bps-backup/logs/http_error_log.txt';
283
+
284
+ if ( file_exists($filename) ) {
285
+ $logSize = filesize($filename);
286
+
287
+ if ( $logSize < 2097152 ) {
288
+ $text = '<span style="font-size:13px;"><strong>'. __('Security Log File Size: ', 'bulletproof-security').'<font color="#2271b1">'. round($logSize / 1024, 2) .' KB</font></strong></span><br>';
289
+ echo $text;
290
+ } else {
291
+ $text = '<span style="font-size:13px;"><strong>'. __('Security Log File Size: ', 'bulletproof-security').'<font color="#fb0101">'. round($logSize / 1024, 2) .' KB<br>'.__('Your Security Log file is larger than 2MB. It appears that BPS is unable to automatically zip, email and delete your Security Log file.', 'bulletproof-security').'</font></strong><br>'.__('Check your Email Alerts & Log File Options.', 'bulletproof-security').'<br>'.__('You can manually delete the contents of this log file by clicking the Delete Log button.', 'bulletproof-security').'</span><br>';
292
+ echo $text;
293
+ }
294
  }
295
  }
296
  bps_getSecurityLogSize();
297
 
298
  // Echo Error Logging On or Off
299
  function bpsErrorLoggingOnOff() {
300
+
301
+ $filename = ABSPATH . '.htaccess';
302
+ $check_string = file_get_contents($filename);
303
+ $pattern = '/#{1,}(\s|){1,}ErrorDocument\s403(.*)\/bulletproof-security\/403\.php/';
304
 
305
  if ( file_exists($filename) && preg_match($pattern, $check_string, $matches) ) {
306
  $text = '<span style="font-size:13px;"><strong>'.__('Security Log Status: ', 'bulletproof-security').'<font color="#2271b1">'.__('Logging is Turned Off', 'bulletproof-security').'</font></strong></span><br>';
314
 
315
  // Get the Current/Last Modifed Date of the Security Log File
316
  function bps_getSecurityLogLastMod() {
317
+
318
+ $filename = WP_CONTENT_DIR . '/bps-backup/logs/http_error_log.txt';
319
 
320
  if ( file_exists($filename) ) {
321
  $gmt_offset = get_option( 'gmt_offset' ) * 3600;
322
  $timestamp = date_i18n(get_option('date_format').' - '.get_option('time_format'), filemtime($filename) + $gmt_offset);
323
 
324
+ $text = '<span style="font-size:13px;"><strong>'. __('Security Log Last Modified Time: ', 'bulletproof-security').'<font color="#2271b1">'.$timestamp.'</font></strong></span><br><br>';
325
+ echo $text;
326
  }
327
  }
328
  echo bps_getSecurityLogLastMod();
333
 
334
  $SecurityLog = WP_CONTENT_DIR . '/bps-backup/logs/http_error_log.txt';
335
  $SecurityLogMaster = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/http_error_log.txt';
336
+
337
  copy($SecurityLogMaster, $SecurityLog);
338
+
339
+ echo $bps_topDiv;
340
+ $text = '<font color="green"><strong>'.__('Success! Your Security Log file has been deleted and replaced with a new blank Security Log file.', 'bulletproof-security').'</strong></font>';
341
+ echo $text;
342
+ echo $bps_bottomDiv;
343
  }
344
 
345
  // Security Log Form - Add User Agents to DB and write them to the 403.php template
346
  if ( isset( $_POST['Submit-UserAgent-Ignore'] ) && current_user_can('manage_options') ) {
347
  check_admin_referer( 'bulletproof_security_useragent_ignore' );
348
 
349
+ $userAgent = trim(stripslashes($_POST['user-agent-ignore']));
350
+ $table_name = $wpdb->prefix . "bpspro_seclog_ignore";
351
+ $blankFile = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/blank.txt';
352
+ $userAgentMaster = WP_CONTENT_DIR . '/bps-backup/master-backups/UserAgentMaster.txt';
353
+ $bps403File = WP_PLUGIN_DIR . '/bulletproof-security/403.php';
354
+ $search = '';
355
 
356
  // Halt Form Processing for characters that are not allowed: /, |, <, >, ' and "
357
  if ( preg_match( '|[\/\|\<\>\'\"]|', $userAgent ) ) {
358
 
359
  echo $bps_topDiv;
360
+ $text = '<font color="#fb0101"><strong>'.__('Error: ', 'bulletproof-security').esc_html($userAgent).__(' User Agent|Bot was not successfully added. These code characters are not allowed to be used: ', 'bulletproof-security').'/ | < > \' "'.__(' Click the Read Help button for examples of valid User Agent|Bot names.', 'bulletproof-security').'</strong></font>';
361
  echo $text;
362
  echo $bps_bottomDiv;
363
+
364
  return;
365
  }
366
 
368
 
369
  echo $bps_topDiv;
370
  $rows_affected = $wpdb->insert( $table_name, array( 'time' => current_time('mysql'), 'user_agent_bot' => $userAgent ) );
371
+ $text = '<font color="green"><strong>'.__('Success! ', 'bulletproof-security').esc_html($userAgent).__(' User Agent|Bot has been added to your DB. ', 'bulletproof-security').'</strong></font>';
372
  echo $text;
373
  echo $bps_bottomDiv;
374
 
401
  file_put_contents($userAgentMaster, $UserAgentRules);
402
  }
403
 
404
+ $UserAgentRulesT = file_get_contents($userAgentMaster);
405
+ $stringReplace = file_get_contents($bps403File);
406
 
407
  $stringReplace = preg_replace('/# BEGIN USERAGENT FILTER(.*)# END USERAGENT FILTER/s', "# BEGIN USERAGENT FILTER\nif ( !preg_match('/".trim($UserAgentRulesT, "|")."/', \$bpsPro_http_user_agent) ) {\n# END USERAGENT FILTER", $stringReplace);
408
 
427
  ?>
428
 
429
  <div id="SecLogPostLimit">
430
+
431
  <form name="SecLogPostLimit" action="options.php" method="post">
432
+ <?php settings_fields('bulletproof_security_options_sec_log_post_limit');
433
+ $SecLogPostLimit = get_option('bulletproof_security_options_sec_log_post_limit');
434
+
435
+ $bps_security_log_post_none = ! empty($SecLogPostLimit['bps_security_log_post_none']) ? checked( $SecLogPostLimit['bps_security_log_post_none'], 1, false ) : '';
436
+ $bps_security_log_post_limit = ! empty($SecLogPostLimit['bps_security_log_post_limit']) ? checked( $SecLogPostLimit['bps_security_log_post_limit'], 1, false ) : '';
437
+ $bps_security_log_post_max = ! empty($SecLogPostLimit['bps_security_log_post_max']) ? checked( $SecLogPostLimit['bps_security_log_post_max'], 1, false ) : '';
438
+ ?>
439
 
440
  <strong><label for="SecLogPostLimit"><?php _e('POST Request Body Data', 'bulletproof-security'); ?></label></strong><br />
441
+ <input type="checkbox" name="bulletproof_security_options_sec_log_post_limit[bps_security_log_post_none]" value="1" <?php echo esc_html($bps_security_log_post_none); ?> /><label><?php _e(' Do Not Log POST Request Body Data (0KB)', 'bulletproof-security'); ?></label><br />
442
+ <input type="checkbox" name="bulletproof_security_options_sec_log_post_limit[bps_security_log_post_limit]" value="1" <?php echo esc_html($bps_security_log_post_limit); ?> /><label><?php _e(' Log Minimum POST Request Body Data (5KB)', 'bulletproof-security'); ?></label><br />
443
+ <input type="checkbox" name="bulletproof_security_options_sec_log_post_limit[bps_security_log_post_max]" value="1" <?php echo esc_html($bps_security_log_post_max); ?> /><label><?php _e(' Log Maximum POST Request Body Data (250KB)', 'bulletproof-security'); ?></label><br />
444
  <input type="submit" name="Submit-Sec-Log-Post-Limit" class="button bps-button" style="margin-top:5px;" value="<?php esc_attr_e('Save POST Request Body Data Option', 'bulletproof-security') ?>" onclick="return confirm('<?php $text = __('Click OK to Proceed or click Cancel.', 'bulletproof-security'); echo $text; ?>')"/>
445
  </form>
446
+
447
  </div>
448
 
449
  <div id="SecLogRemove-Allow"></div>
450
 
451
  <div id="bpsUserAgent1" style="margin:0px 0px 0px 0px;">
452
+
453
  <form action="<?php echo admin_url( 'admin.php?page=bulletproof-security/admin/security-log/security-log.php' ); ?>" method="post">
454
  <?php wp_nonce_field('bulletproof_security_useragent_ignore'); ?>
455
  <strong><label for="UA-ignore"><?php _e('Add User Agents|Bots to Ignore|Not Log', 'bulletproof-security'); ?></label></strong><br />
457
  <input type="text" name="user-agent-ignore" class="regular-text-320" value="" />
458
  <input type="submit" name="Submit-UserAgent-Ignore" value="<?php esc_attr_e('Add|Ignore', 'bulletproof-security') ?>" class="button bps-button" style="width:104px;height:auto;white-space:normal" onclick="return confirm('<?php $text = __('Clicking OK will Add the User Agent|Bot name you have entered to your DB and the 403.php Security Logging template.', 'bulletproof-security').'\n\n'.$bpsSpacePop.'\n\n'.__('Security logging checks are done by the 403.php Security Logging file and not by DB Queries.', 'bulletproof-security').'\n\n'.$bpsSpacePop.'\n\n'.__('To remove User Agents|Bots from being ignored/not logged use the Remove|Allow tool.', 'bulletproof-security').'\n\n'.$bpsSpacePop.'\n\n'.__('Click OK to proceed or click Cancel.', 'bulletproof-security'); echo $text; ?>')" />
459
  </form>
460
+
461
  </div>
462
 
463
 
482
  <tr>
483
  <td>
484
  <div id="SecurityLogTurnOffButton">
485
+
486
  <form name="BPSErrorLogOff" action="<?php echo admin_url( 'admin.php?page=bulletproof-security/admin/security-log/security-log.php' ); ?>" method="post">
487
  <?php wp_nonce_field('bps-error-log-off'); ?>
488
  <input type="submit" name="Submit-Error-Log-Off" value="<?php esc_attr_e('Turn Off Logging', 'bulletproof-security') ?>" class="button bps-button" style="width:125px;margin-right:15px;height:auto;white-space:normal" onclick="return confirm('<?php $text = __('Click OK to Turn Off Error Logging or click Cancel.', 'bulletproof-security'); echo $text; ?>')" />
489
  </form>
490
+
491
  </div>
492
  </td>
493
  <td>
494
  <div id="SecurityLogTurnOnButton">
495
+
496
  <form name="BPSErrorLogOn" action="<?php echo admin_url( 'admin.php?page=bulletproof-security/admin/security-log/security-log.php' ); ?>" method="post">
497
  <?php wp_nonce_field('bps-error-log-on'); ?>
498
  <input type="submit" name="Submit-Error-Log-On" value="<?php esc_attr_e('Turn On Logging', 'bulletproof-security') ?>" class="button bps-button" style="width:125px;margin-right:15px;height:auto;white-space:normal" onclick="return confirm('<?php $text = __('Click OK to Turn On Logging or click Cancel.', 'bulletproof-security'); echo $text; ?>')" />
499
  </form>
500
+
501
  </div>
502
  </td>
503
  <td>
504
  <div id="SecurityLogDeleteLogButton">
505
+
506
  <form name="DeleteLogForm" action="<?php echo admin_url( 'admin.php?page=bulletproof-security/admin/security-log/security-log.php' ); ?>" method="post">
507
  <?php wp_nonce_field('bps-delete-security-log'); ?>
508
  <input type="submit" name="Submit-Delete-Log" value="<?php esc_attr_e('Delete Log', 'bulletproof-security') ?>" class="button bps-button" style="width:125px;height:auto;white-space:normal" onclick="return confirm('<?php $text = __('Clicking OK will delete the contents of your Security Log file.', 'bulletproof-security').'\n\n'.$bpsSpacePop.'\n\n'.__('Click OK to Delete the Log file contents or click Cancel.', 'bulletproof-security'); echo $text; ?>')" />
509
  </form>
510
+
511
  </div>
512
  </td>
513
  </tr>
522
  if ( isset( $_POST['Submit-SecLog-Search'] ) && current_user_can('manage_options') ) {
523
  check_admin_referer( 'bulletproof_security_seclog_db_search' );
524
 
525
+ $search = $_POST['userAgentSearchRemove'];
526
+ $bpspro_seclog_table = $wpdb->prefix . "bpspro_seclog_ignore";
527
+ $bps403File = WP_PLUGIN_DIR . '/bulletproof-security/403.php';
528
+ $stringReplace = file_get_contents($bps403File);
529
+ $searchAll = '';
530
 
531
+ if ( ! file_exists($bps403File) ) {
532
+ echo $bps_topDiv;
533
+ $text = '<font color="#fb0101"><strong>'.__('Error: The ', 'bulletproof-security').$bps403File.__(' does not exist.', 'bulletproof-security').'</strong></font>';
534
+ echo $text;
535
+ echo $bps_bottomDiv;
536
+ }
537
 
538
+ $getSecLogTableSearch = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $bpspro_seclog_table WHERE user_agent_bot LIKE %s", "%$searchAll%") );
539
+
540
+ if ( $wpdb->num_rows == 0 ) { // if no rows exist in DB add the BPSUserAgentPlaceHolder back into the 403.php security logging template
 
 
541
 
542
+ $stringReplace = preg_replace('/# BEGIN USERAGENT FILTER(.*)# END USERAGENT FILTER/s', "# BEGIN USERAGENT FILTER\nif ( !preg_match('/BPSUserAgentPlaceHolder/', \$bpsPro_http_user_agent) ) {\n# END USERAGENT FILTER", $stringReplace);
543
+
544
  if ( ! file_put_contents($bps403File, $stringReplace) ) {
545
  echo $bps_topDiv;
546
  $text = '<font color="#fb0101"><strong>'.__('Error: Unable to write to file ', 'bulletproof-security').$bps403File.__('. Check that file permissions allow writing to this file. If you have a DSO Server check file and folder Ownership.', 'bulletproof-security').'</strong></font>';
548
  echo $bps_bottomDiv;
549
 
550
  } else {
551
+
552
  }
553
+ } // end if ($wpdb->num_rows == 0) { // No database rows
554
  }
555
 
556
  // Remove User Agents|Bots Dynamic Radio button Form proccessing code
557
  if ( isset( $_POST['Submit-SecLog-Remove'] ) && current_user_can('manage_options') ) {
558
  check_admin_referer('bulletproof_security_seclog_db_remove');
559
 
560
+ $removeornot = $_POST['removeornot'];
561
+ $bpspro_seclog_table = $wpdb->prefix . "bpspro_seclog_ignore";
562
+ $userAgentMaster = WP_CONTENT_DIR . '/bps-backup/master-backups/UserAgentMaster.txt';
563
+ $bps403File = WP_PLUGIN_DIR . '/bulletproof-security/403.php';
564
+ $searchALLD = '';
565
+ $searchAll = '';
566
+ $donotremove = '';
567
 
568
  switch( $_POST['Submit-SecLog-Remove'] ) {
569
  case __('Remove', 'bulletproof-security'):
586
  if ( ! empty($remove_rows) ) {
587
 
588
  foreach ( $remove_rows as $remove_row ) {
589
+
590
  if ( ! $delete_row = $wpdb->query( $wpdb->prepare( "DELETE FROM $bpspro_seclog_table WHERE user_agent_bot = %s", $remove_row) )) {
591
  $textSecLogRemove = '<font color="#fb0101"><strong>'.sprintf(__('%s unable to delete row from your DB.', 'bulletproof-security'), $remove_row).'</strong></font><br>';
592
  } else {
608
 
609
  $stringReplace = preg_replace('/# BEGIN USERAGENT FILTER(.*)# END USERAGENT FILTER/s', "# BEGIN USERAGENT FILTER\nif ( !preg_match('/".trim($UserAgentRulesT, "|")."/', \$bpsPro_http_user_agent) ) {\n# END USERAGENT FILTER", $stringReplace);
610
 
611
+ if ( ! file_put_contents($bps403File, $stringReplace) ) {
612
+ echo $bps_topDiv;
613
+ $text = '<font color="#fb0101"><strong>'.__('Error: Unable to write to file ', 'bulletproof-security').$bps403File.__('. Check that file permissions allow writing to this file. If you have a DSO Server check file and folder Ownership.', 'bulletproof-security').'</strong></font>';
614
+ echo $text;
615
+ echo $bps_bottomDiv;
 
 
 
 
 
 
616
 
617
+ } else {
618
+ // need to run the Query again just in case there are 0 DB rows
619
+ $getSecLogTableRemove = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $bpspro_seclog_table WHERE user_agent_bot LIKE %s", "%$searchAll%" ) );
620
+
621
+ if ( $wpdb->num_rows == 0 ) { // if no rows exist in DB add the BPSUserAgentPlaceHolder back into the 403.php security logging template
622
+
623
+ $stringReplace = preg_replace('/# BEGIN USERAGENT FILTER(.*)# END USERAGENT FILTER/s', "# BEGIN USERAGENT FILTER\nif ( !preg_match('/BPSUserAgentPlaceHolder/', \$bpsPro_http_user_agent) ) {\n# END USERAGENT FILTER", $stringReplace);
624
+ file_put_contents($bps403File, $stringReplace);
625
+ }
626
+
627
+ echo $bps_topDiv;
628
+ $text = '<font color="green"><strong>'.__('Success! The BPS 403.php Security Logging template file has been updated. This User Agent|Bot will be logged again in your Security Log.', 'bulletproof-security').'</strong></font>';
629
+ echo $text;
630
+ echo $bps_bottomDiv;
631
+ }
632
  } // end if (!empty($remove_rows)) { // no rows selected to delete
633
 
634
  if ( ! empty($donotremove) ) {
640
  }
641
 
642
  if ( ! empty($textSecLogRemove) ) {
643
+ echo '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>'.$textSecLogRemove.'</p></div>';
644
  }
645
  ?>
646
 
656
  $text = '<font color="#fb0101"><strong>'.__('Error: These code characters are not allowed to be used: ', 'bulletproof-security').'/ | < > \' "'.'</strong></font>';
657
  echo $text;
658
  echo $bps_bottomDiv;
659
+
660
+ return;
661
  }
662
 
663
  $bpspro_seclog_table = $wpdb->prefix . "bpspro_seclog_ignore";
679
 
680
  foreach ( $getSecLogTableSearchForm as $row ) {
681
 
682
+ echo '<th scope="row" style="border-bottom:none;">'.$row->user_agent_bot.'</th>';
683
+ echo "<td><input type=\"radio\" id=\"remove\" name=\"removeornot[$row->user_agent_bot]\" value=\"remove\" /></td>";
684
+ echo "<td><input type=\"radio\" id=\"donotremove\" name=\"removeornot[$row->user_agent_bot]\" value=\"donotremove\" checked /></td>";
685
+ echo '<td>'.$row->time.'</td>';
686
+ echo '</tr>';
687
  }
688
+
689
  echo '</tbody>';
690
  echo '</table>';
691
+
692
  if ( $wpdb->num_rows != 0 ) {
693
+ echo $bps_topDiv;
694
+ $text = '<font color="green"><strong>'.__('Your DB Search Results For User Agents|Bots To Remove are displayed below the Remove|Allow Search tool.', 'bulletproof-security').'</strong></font><br>';
695
+ echo $text;
696
  } else {
697
+ echo $bps_topDiv;
698
+ $text = '<font color="blue"><strong>'.__('You do not have any User Agents|Bots in your DB To Remove. An empty/blank dynamic radio button form is displayed below the Remove|Allow Search tool since you do not have any User Agents|Bot to remove.', 'bulletproof-security').'</strong></font><br>';
699
+ echo $text;
700
  }
701
+
702
+ echo $bps_bottomDiv;
703
 
704
  ?>
705
  <input type="submit" name="Submit-SecLog-Remove" value="<?php esc_attr_e('Remove', 'bulletproof-security'); ?>" class="button bps-button" onclick="return confirm('<?php $text = __('Clicking OK will Remove the User Agent|Bot DB entries for any Remove Radio button selections you have made. User Agents|Bots will also be removed from the 403.php Security Logging template.', 'bulletproof-security').'\n\n'.$bpsSpacePop.'\n\n'.__('To add a User Agent|Bot, use the Add|Ignore tool.', 'bulletproof-security').'\n\n'.$bpsSpacePop.'\n\n'.__('Click OK to proceed or click Cancel.', 'bulletproof-security'); echo $text; ?>')" />
711
  ?>
712
 
713
  <div id="ViewSecurityLog" style="margin:10px 0px 10px 0px">
714
+
715
  <form name="ViewSecurityLogForm" action="<?php echo admin_url( 'admin.php?page=bulletproof-security/admin/security-log/security-log.php' ); ?>" method="post">
716
  <?php wp_nonce_field('bps_view_security_log'); ?>
717
  <input type="submit" name="Submit-View-Security-Log" value="<?php esc_attr_e('View Log', 'bulletproof-security') ?>" class="button bps-button" onclick="return confirm('<?php $text = __('Clicking OK will display the contents of your Security Log file.', 'bulletproof-security').'\n\n'.$bpsSpacePop.'\n\n'.__('Click OK to view the Log file or click Cancel.', 'bulletproof-security'); echo $text; ?>')" />
718
  </form>
719
+
720
  </div>
721
 
722
  <div id="messageinner" class="updatedinner">
738
  $get_sec_log_contents = file_get_contents($bps_sec_log);
739
  $sec_log_clean = preg_replace( '/[^\x01-\x7F]/', "", remove_accents( $get_sec_log_contents ) );
740
 
741
+ return esc_textarea($sec_log_clean);
742
 
743
  } else {
744
 
775
 
776
  bpsPro_security_log_write_check();
777
 
778
+ if ( isset( $_POST['submit-security-log'] ) && current_user_can('manage_options') ) {
779
+ check_admin_referer( 'bulletproof_security_save_security_log' );
780
+
781
+ $newcontentSecLog = stripslashes($_POST['newcontentSecLog']);
782
+
783
+ $bps_sec_log = WP_CONTENT_DIR . '/bps-backup/logs/http_error_log.txt';
784
 
785
  if ( is_writable($bps_sec_log) ) {
786
 
803
  </div>
804
 
805
  <div id="SecLogEditor">
806
+
807
  <form name="bpsSecLog" id="bpsSecLog" action="<?php echo admin_url( 'admin.php?page=bulletproof-security/admin/security-log/security-log.php' ); ?>" method="post">
808
  <?php wp_nonce_field('bulletproof_security_save_security_log'); ?>
809
  <div id="bpsSecLog">
813
  <input type="submit" name="submit-security-log" class="button bps-button" value="<?php esc_attr_e('Update File', 'bulletproof-security') ?>" />
814
  </div>
815
  </div>
816
+
817
  </form>
818
+
819
  <script type="text/javascript">
820
  /* <![CDATA[ */
821
  jQuery(document).ready(function($){
824
  });
825
  /* ]]> */
826
  </script>
827
+
828
  </div>
829
 
830
  </td>
851
  </tr>
852
  </table>
853
  </div>
854
+ <?php echo $bps_footer; ?>
 
 
855
  </div>
856
  </div>
admin/system-info/system-info.php CHANGED
@@ -33,7 +33,7 @@ if ( isset( $ScrollTop_options['bps_scrolltop'] ) && $ScrollTop_options['bps_scr
33
 
34
  <?php
35
  // General all purpose "Settings Saved." message for forms
36
- if ( current_user_can('manage_options') && wp_script_is( 'bps-accordion', $list = 'queue' ) ) {
37
  if ( isset( $_GET['settings-updated'] ) && $_GET['settings-updated'] == true) {
38
  $text = '<p style="font-size:1em;font-weight:bold;padding:2px 0px 2px 5px;margin:0px -11px 0px -11px;background-color:#dfecf2;-webkit-box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);""><font color="green"><strong>'.__('Settings Saved', 'bulletproof-security').'</strong></font></p>';
39
  echo $text;
@@ -91,12 +91,6 @@ $bps_bottomDiv = '</p></div>';
91
  </div>
92
  </div>
93
 
94
- <?php
95
- if ( ! current_user_can('manage_options') ) { _e('Permission Denied', 'bulletproof-security');
96
- } else {
97
- if ( is_admin() && wp_script_is( 'bps-accordion', $list = 'queue' ) && current_user_can('manage_options') && ! isset( $_POST['Submit-Headers-Check-Get'] ) && ! isset( $_POST['Submit-Headers-Check-Head'] ) ) {
98
- ?>
99
-
100
  <div id="System-Info-Table">
101
 
102
  <table width="100%" border="0" cellspacing="0" cellpadding="0" class="bps-system_info_table">
@@ -110,71 +104,75 @@ if ( is_admin() && wp_script_is( 'bps-accordion', $list = 'queue' ) && current_u
110
  <?php
111
 
112
  $time_start = microtime( true );
113
-
114
- // Get DNS Name Server from [target] Root Domain
115
- // Note: This code runs fastest in this format vs nesting conditions
116
- if ( isset( $_SERVER['SERVER_NAME'] ) ) {
117
- $bpsHostName = esc_html($_SERVER['SERVER_NAME']);
118
- } elseif ( isset( $_SERVER['HTTP_HOST'] ) ) {
119
- $bpsHostName = esc_html($_SERVER['HTTP_HOST']);
120
- }
121
-
122
  $bpsTargetNS = '';
123
  $bpsTarget = '';
124
 
125
- $label_1 = preg_match( '/(([a-zA-Z0-9-])+\.){1}([a-zA-Z0-9-])+$/', $bpsHostName, $matches_1 );
126
- $label_2 = preg_match( '/(([a-zA-Z0-9-])+\.){2}([a-zA-Z0-9-])+$/', $bpsHostName, $matches_2 );
127
- $label_3 = preg_match( '/(([a-zA-Z0-9-])+\.){3}([a-zA-Z0-9-])+$/', $bpsHostName, $matches_3 );
128
 
129
- if ( ! empty($matches_1) ) {
130
- $domain_labels = array( $matches_1[0] );
131
- }
132
- if ( ! empty($matches_2) ) {
133
- $domain_labels = array( $matches_2[0] );
134
- }
135
- if ( ! empty($matches_3) ) {
136
- $domain_labels = array( $matches_3[0] );
137
- }
138
-
139
- //$domain_labels = array( $matches_1[0], $matches_2[0], $matches_3[0] );
140
- $labels = array_filter( $domain_labels, 'strlen' );
141
 
142
- foreach ( $labels as $domain ) {
143
-
144
- if ( filter_var( gethostbyname($domain), FILTER_VALIDATE_IP ) ) {
145
-
146
- $bpsGetDNS = dns_get_record( $domain, DNS_NS );
 
 
 
 
 
 
 
 
147
 
148
- if ( empty( $bpsGetDNS[0]['target'] ) ) {
149
-
150
- } else {
151
-
152
- $bpsTargetNS = $bpsGetDNS[0]['target'];
153
- }
154
 
155
- if ( empty( $bpsTargetNS ) ) {
156
-
157
- // Note: Known Issue: This Warning error only occurs on XAMPP/Windows when using DNS_ALL: dns_get_record(): Type '251721779' not supported
158
- // DNS_ANY works fine on Windows/XAMPP
159
- @dns_get_record( $domain, DNS_ALL, $authns, $addtl );
160
 
161
- if ( empty( $authns[0]['target'] ) ) {
162
-
163
  } else {
164
 
165
- $bpsTarget = $authns[0]['target'];
166
  }
167
- }
 
 
 
 
 
168
 
169
- if ( empty( $bpsTarget ) && empty( $bpsTargetNS ) ) {
170
-
171
- @dns_get_record( $domain, DNS_ANY, $authns, $addtl );
 
 
172
 
173
- if ( empty( $authns[0]['target'] ) ) {
174
-
175
- } else {
176
 
177
- $bpsTarget = $authns[0]['target'];
 
 
 
 
 
 
 
178
  }
179
  }
180
  }
@@ -183,7 +181,8 @@ if ( is_admin() && wp_script_is( 'bps-accordion', $list = 'queue' ) && current_u
183
  // Get Server IP address
184
  function bps_get_server_ip_address_sysinfo() {
185
 
186
- if ( is_admin() && wp_script_is( 'bps-accordion', $list = 'queue' ) && current_user_can('manage_options') ) {
 
187
  if ( isset( $_SERVER['SERVER_ADDR'] ) ) {
188
  $ip = esc_html($_SERVER['SERVER_ADDR']);
189
  echo '<strong><span class="sysinfo-label-text">'.__('Server|Website IP Address: ', 'bulletproof-security').'</span></strong>'.$ip.'<br>';
@@ -191,8 +190,11 @@ function bps_get_server_ip_address_sysinfo() {
191
  $ip = esc_html( gethostbyname( $_SERVER['HTTP_HOST'] ) );
192
  echo '<strong><span class="sysinfo-label-text">'.__('Server|Website IP Address: ', 'bulletproof-security').'</span></strong>'.$ip.'<br>';
193
  } else {
194
- $ip = dns_get_record( bpsGetDomainRoot(), DNS_ALL );
195
- echo '<strong><span class="sysinfo-label-text">'.__('Server|Website IP Address: ', 'bulletproof-security').'</span></strong>'.$ip[0]['ip'].'<br>';
 
 
 
196
  }
197
  }
198
  }
@@ -200,7 +202,8 @@ function bps_get_server_ip_address_sysinfo() {
200
  // Get Real IP address - USE EXTREME CAUTION!!!
201
  function bps_get_proxy_real_ip_address() {
202
 
203
- if ( is_admin() && wp_script_is( 'bps-accordion', $list = 'queue' ) && current_user_can('manage_options') ) {
 
204
  if ( isset($_SERVER['HTTP_CLIENT_IP'] ) ) {
205
  $ip = esc_html($_SERVER['HTTP_CLIENT_IP']);
206
  echo '<strong><span class="sysinfo-label-text">'.__('HTTP_CLIENT_IP IP Address: ', 'bulletproof-security').'</span></strong>'.$ip.'<br>';
@@ -581,13 +584,14 @@ function bpsPro_count_network_activated_plugins($count) {
581
  $port_search = 'port';
582
  $connect_timeout_search = 'connect_timeout';
583
  $storage_engine_search = 'storage_engine';
 
584
 
585
  $DB_Hostname = '';
586
  $DB_Port = '';
587
  $DB_Connect_timeout = '';
588
  $DB_Storage_engine = '';
589
 
590
- $result = $wpdb->get_results( $wpdb->prepare( "SHOW GLOBAL VARIABLES WHERE (Variable_name = %s) OR (Variable_name = %s) OR (Variable_name = %s) OR (Variable_name = %s)", $hostname_search, $port_search, $connect_timeout_search, $storage_engine_search ) );
591
 
592
  foreach ( $result as $data ) {
593
 
@@ -603,6 +607,9 @@ function bpsPro_count_network_activated_plugins($count) {
603
  if ( $data->Variable_name == 'storage_engine' ) {
604
  $DB_Storage_engine = $data->Value;
605
  }
 
 
 
606
  }
607
 
608
  if ( ! empty($DB_Hostname) ) {
@@ -618,6 +625,7 @@ function bpsPro_count_network_activated_plugins($count) {
618
  '<br><strong><span class="sysinfo-label-text">'.__('DB Hostname IP (Server): ', 'bulletproof-security').'</span></strong>'.$DB_Hostname_ip.
619
  '<br><strong><span class="sysinfo-label-text">'.__('DB Storage Engine: ', 'bulletproof-security').'</span></strong>'.$DB_Storage_engine.
620
  '<br><strong><span class="sysinfo-label-text">'.__('DB Connect Timeout: ', 'bulletproof-security').'</span></strong>'.$DB_Connect_timeout.__(' seconds', 'bulletproof-security').
 
621
  '<br><strong><span class="sysinfo-label-text">'.__('DB Port: ', 'bulletproof-security').'</span></strong>'.$DB_Port.
622
  '<br><strong><span class="sysinfo-label-text">'.__('DB Name: ', 'bulletproof-security').'</span></strong>'.DB_NAME.
623
  '<br><strong><span class="sysinfo-label-text">'.__('DB Table Prefix: ', 'bulletproof-security').'</span></strong>'.$wpdb->base_prefix.
@@ -1175,14 +1183,10 @@ function bpsPro_count_network_activated_plugins($count) {
1175
  </table>
1176
  <br />
1177
  </div>
1178
-
1179
- <?php }} // end if ( is_admin() && wp_script_is( 'bps-accordion', $list = 'queue' ) && current_user_can('manage_options') ) { ?>
1180
  </div>
1181
 
1182
  <div id="bps-tabs-2" class="bps-tab-page">
1183
 
1184
- <?php if ( ! current_user_can('manage_options') ) { _e('Permission Denied', 'bulletproof-security'); } else { ?>
1185
-
1186
  <table width="100%" border="0" cellspacing="0" cellpadding="0" class="bps-help_faq_table">
1187
  <tr>
1188
  <td class="bps-table_title"></td>
@@ -1202,40 +1206,43 @@ global $bps_topDiv, $bps_bottomDiv;
1202
  if ( isset( $_POST['Submit-Headers-Check-Get'] ) && current_user_can('manage_options') ) {
1203
  check_admin_referer( 'bpsHeaderCheckGet' );
1204
 
1205
- $url = ( isset( $_POST['bpsURLGET'] ) ) ? $_POST['bpsURLGET'] : '';
1206
- $url = esc_html($url);
1207
- $response = wp_remote_get( $url );
1208
-
1209
- if ( ! is_wp_error( $response ) ) {
1210
-
1211
- echo $bps_topDiv;
1212
- echo '<strong>'.__('GET Request Headers: ', 'bulletproof-security').'</strong>'. htmlspecialchars($url) .'<br>';
1213
- echo '<pre>';
1214
- echo 'HTTP Status Code: ';
1215
- print_r($response['response']['code']);
1216
- echo ' ';
1217
- print_r($response['response']['message']);
1218
- echo '<br><br>';
1219
- echo 'Headers: ';
1220
- print_r($response['headers']);
1221
- echo '</pre>';
1222
- echo $bps_bottomDiv;
1223
 
1224
- } else {
1225
-
1226
- echo $bps_topDiv;
1227
- $text = '<font color="#fb0101"><strong>'.__('Error: The WordPress wp_remote_get function is not available or is blocked on your website/server.', 'bulletproof-security').'</strong></font><br>';
1228
- echo $text;
1229
- echo $bps_bottomDiv;
1230
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1231
  }
1232
  }
1233
  ?>
1234
 
1235
  <form name="bpsHeadersGet" action="<?php echo admin_url( 'admin.php?page=bulletproof-security/admin/system-info/system-info.php#bps-tabs-2' ); ?>" method="post">
1236
- <?php wp_nonce_field('bpsHeaderCheckGet'); ?>
 
 
 
1237
  <div><label for="bpsHeaders"><strong><?php _e('Enter a Website URL - Example: ', 'bulletproof-security'); echo get_site_url(); ?></strong></label><br />
1238
- <input type="text" name="bpsURLGET" class="form-300" value="" /> <br />
1239
  <div style="margin:10px 0px">
1240
  <input type="submit" name="Submit-Headers-Check-Get" class="button bps-button" value="<?php esc_attr_e('Check Headers GET Request', 'bulletproof-security') ?>" onclick="return confirm('<?php $text = __('This Headers check makes a GET Request using the WordPress wp_remote_get function.', 'bulletproof-security').'\n\n'.$bpsSpacePop.'\n\n'.__('You can use the Check Headers HEAD Request tool to check headers using HEAD instead of GET.', 'bulletproof-security').'\n\n'.$bpsSpacePop.'\n\n'.__('Click OK to proceed or click Cancel.', 'bulletproof-security'); echo $text; ?>')" />
1241
  </div>
@@ -1248,7 +1255,6 @@ global $bps_topDiv, $bps_bottomDiv;
1248
  </td>
1249
  </tr>
1250
  </table>
1251
- <?php } ?>
1252
  </div>
1253
 
1254
  <div id="bps-tabs-3" class="bps-tab-page">
@@ -1269,8 +1275,6 @@ global $bps_topDiv, $bps_bottomDiv;
1269
  </tr>
1270
  </table>
1271
  </div>
1272
-
1273
- <div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION; ?> Plugin by <a href="https://www.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
1274
- </div>
1275
  </div>
1276
  </div>
33
 
34
  <?php
35
  // General all purpose "Settings Saved." message for forms
36
+ if ( current_user_can('manage_options') ) {
37
  if ( isset( $_GET['settings-updated'] ) && $_GET['settings-updated'] == true) {
38
  $text = '<p style="font-size:1em;font-weight:bold;padding:2px 0px 2px 5px;margin:0px -11px 0px -11px;background-color:#dfecf2;-webkit-box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);""><font color="green"><strong>'.__('Settings Saved', 'bulletproof-security').'</strong></font></p>';
39
  echo $text;
91
  </div>
92
  </div>
93
 
 
 
 
 
 
 
94
  <div id="System-Info-Table">
95
 
96
  <table width="100%" border="0" cellspacing="0" cellpadding="0" class="bps-system_info_table">
104
  <?php
105
 
106
  $time_start = microtime( true );
107
+
 
 
 
 
 
 
 
 
108
  $bpsTargetNS = '';
109
  $bpsTarget = '';
110
 
111
+ $sapi_type = php_sapi_name();
 
 
112
 
113
+ // XAMPP, MAMP, WAMP, LAMP, etc.
114
+ if ( substr($sapi_type, 0, 6) != 'apache' && ! preg_match( '#\\\\#', ABSPATH, $matches ) ) {
115
+
116
+ // Get DNS Name Server from [target] Root Domain
117
+ // Note: This code runs fastest in this format vs nesting conditions
118
+ if ( isset( $_SERVER['SERVER_NAME'] ) ) {
119
+ $bpsHostName = esc_html($_SERVER['SERVER_NAME']);
120
+ } elseif ( isset( $_SERVER['HTTP_HOST'] ) ) {
121
+ $bpsHostName = esc_html($_SERVER['HTTP_HOST']);
122
+ }
 
 
123
 
124
+ $label_1 = preg_match( '/(([a-zA-Z0-9-])+\.){1}([a-zA-Z0-9-])+$/', $bpsHostName, $matches_1 );
125
+ $label_2 = preg_match( '/(([a-zA-Z0-9-])+\.){2}([a-zA-Z0-9-])+$/', $bpsHostName, $matches_2 );
126
+ $label_3 = preg_match( '/(([a-zA-Z0-9-])+\.){3}([a-zA-Z0-9-])+$/', $bpsHostName, $matches_3 );
127
+
128
+ if ( ! empty($matches_1) ) {
129
+ $domain_labels = array( $matches_1[0] );
130
+ }
131
+ if ( ! empty($matches_2) ) {
132
+ $domain_labels = array( $matches_2[0] );
133
+ }
134
+ if ( ! empty($matches_3) ) {
135
+ $domain_labels = array( $matches_3[0] );
136
+ }
137
 
138
+ //$domain_labels = array( $matches_1[0], $matches_2[0], $matches_3[0] );
139
+ $labels = array_filter( $domain_labels, 'strlen' );
140
+
141
+ foreach ( $labels as $domain ) {
 
 
142
 
143
+ if ( filter_var( gethostbyname($domain), FILTER_VALIDATE_IP ) ) {
144
+
145
+ $bpsGetDNS = dns_get_record( $domain, DNS_NS );
 
 
146
 
147
+ if ( empty( $bpsGetDNS[0]['target'] ) ) {
148
+
149
  } else {
150
 
151
+ $bpsTargetNS = $bpsGetDNS[0]['target'];
152
  }
153
+
154
+ if ( empty( $bpsTargetNS ) ) {
155
+
156
+ dns_get_record( $domain, DNS_ALL, $authns, $addtl );
157
+
158
+ if ( empty( $authns[0]['target'] ) ) {
159
 
160
+ } else {
161
+
162
+ $bpsTarget = $authns[0]['target'];
163
+ }
164
+ }
165
 
166
+ if ( empty( $bpsTarget ) && empty( $bpsTargetNS ) ) {
 
 
167
 
168
+ dns_get_record( $domain, DNS_ANY, $authns, $addtl );
169
+
170
+ if ( empty( $authns[0]['target'] ) ) {
171
+
172
+ } else {
173
+
174
+ $bpsTarget = $authns[0]['target'];
175
+ }
176
  }
177
  }
178
  }
181
  // Get Server IP address
182
  function bps_get_server_ip_address_sysinfo() {
183
 
184
+ if ( is_admin() && current_user_can('manage_options') ) {
185
+
186
  if ( isset( $_SERVER['SERVER_ADDR'] ) ) {
187
  $ip = esc_html($_SERVER['SERVER_ADDR']);
188
  echo '<strong><span class="sysinfo-label-text">'.__('Server|Website IP Address: ', 'bulletproof-security').'</span></strong>'.$ip.'<br>';
190
  $ip = esc_html( gethostbyname( $_SERVER['HTTP_HOST'] ) );
191
  echo '<strong><span class="sysinfo-label-text">'.__('Server|Website IP Address: ', 'bulletproof-security').'</span></strong>'.$ip.'<br>';
192
  } else {
193
+ $sapi_type = php_sapi_name();
194
+ if ( substr($sapi_type, 0, 6) != 'apache' && ! preg_match( '#\\\\#', ABSPATH, $matches ) ) {
195
+ $ip = dns_get_record( bpsGetDomainRoot(), DNS_ALL );
196
+ echo '<strong><span class="sysinfo-label-text">'.__('Server|Website IP Address: ', 'bulletproof-security').'</span></strong>'.$ip[0]['ip'].'<br>';
197
+ }
198
  }
199
  }
200
  }
202
  // Get Real IP address - USE EXTREME CAUTION!!!
203
  function bps_get_proxy_real_ip_address() {
204
 
205
+ if ( is_admin() && current_user_can('manage_options') ) {
206
+
207
  if ( isset($_SERVER['HTTP_CLIENT_IP'] ) ) {
208
  $ip = esc_html($_SERVER['HTTP_CLIENT_IP']);
209
  echo '<strong><span class="sysinfo-label-text">'.__('HTTP_CLIENT_IP IP Address: ', 'bulletproof-security').'</span></strong>'.$ip.'<br>';
584
  $port_search = 'port';
585
  $connect_timeout_search = 'connect_timeout';
586
  $storage_engine_search = 'storage_engine';
587
+ $max_allowed_packet = 'max_allowed_packet';
588
 
589
  $DB_Hostname = '';
590
  $DB_Port = '';
591
  $DB_Connect_timeout = '';
592
  $DB_Storage_engine = '';
593
 
594
+ $result = $wpdb->get_results( $wpdb->prepare( "SHOW GLOBAL VARIABLES WHERE (Variable_name = %s) OR (Variable_name = %s) OR (Variable_name = %s) OR (Variable_name = %s) OR (Variable_name = %s)", $hostname_search, $port_search, $connect_timeout_search, $storage_engine_search, $max_allowed_packet ) );
595
 
596
  foreach ( $result as $data ) {
597
 
607
  if ( $data->Variable_name == 'storage_engine' ) {
608
  $DB_Storage_engine = $data->Value;
609
  }
610
+ if ( $data->Variable_name == 'max_allowed_packet' ) {
611
+ $DB_Max_Allowed_Packet = $data->Value;
612
+ }
613
  }
614
 
615
  if ( ! empty($DB_Hostname) ) {
625
  '<br><strong><span class="sysinfo-label-text">'.__('DB Hostname IP (Server): ', 'bulletproof-security').'</span></strong>'.$DB_Hostname_ip.
626
  '<br><strong><span class="sysinfo-label-text">'.__('DB Storage Engine: ', 'bulletproof-security').'</span></strong>'.$DB_Storage_engine.
627
  '<br><strong><span class="sysinfo-label-text">'.__('DB Connect Timeout: ', 'bulletproof-security').'</span></strong>'.$DB_Connect_timeout.__(' seconds', 'bulletproof-security').
628
+ '<br><strong><span class="sysinfo-label-text">'.__('DB max_allowed_packet: ', 'bulletproof-security').'</span></strong>'.$DB_Max_Allowed_Packet.
629
  '<br><strong><span class="sysinfo-label-text">'.__('DB Port: ', 'bulletproof-security').'</span></strong>'.$DB_Port.
630
  '<br><strong><span class="sysinfo-label-text">'.__('DB Name: ', 'bulletproof-security').'</span></strong>'.DB_NAME.
631
  '<br><strong><span class="sysinfo-label-text">'.__('DB Table Prefix: ', 'bulletproof-security').'</span></strong>'.$wpdb->base_prefix.
1183
  </table>
1184
  <br />
1185
  </div>
 
 
1186
  </div>
1187
 
1188
  <div id="bps-tabs-2" class="bps-tab-page">
1189
 
 
 
1190
  <table width="100%" border="0" cellspacing="0" cellpadding="0" class="bps-help_faq_table">
1191
  <tr>
1192
  <td class="bps-table_title"></td>
1206
  if ( isset( $_POST['Submit-Headers-Check-Get'] ) && current_user_can('manage_options') ) {
1207
  check_admin_referer( 'bpsHeaderCheckGet' );
1208
 
1209
+ $url = isset( $_POST['bpsURLGET'] ) ? $_POST['bpsURLGET'] : '';
1210
+ $url = esc_url($url);
1211
+ $response = wp_remote_get( $url );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1212
 
1213
+ if ( ! is_wp_error( $response ) ) {
1214
+
1215
+ echo $bps_topDiv;
1216
+ echo '<strong>'.__('GET Request Headers: ', 'bulletproof-security').'</strong>'. esc_url($url) .'<br>';
1217
+ echo '<pre>';
1218
+ echo 'HTTP Status Code: ';
1219
+ print_r($response['response']['code']);
1220
+ echo ' ';
1221
+ print_r($response['response']['message']);
1222
+ echo '<br><br>';
1223
+ echo 'Headers: ';
1224
+ print_r($response['headers']);
1225
+ echo '</pre>';
1226
+ echo $bps_bottomDiv;
1227
+
1228
+ } else {
1229
+
1230
+ echo $bps_topDiv;
1231
+ $text = '<font color="#fb0101"><strong>'.__('Error: The WordPress wp_remote_get function is not available or is blocked on your website/server. Or you did not enter a valid URL.', 'bulletproof-security').'</strong></font><br>';
1232
+ echo $text;
1233
+ echo $bps_bottomDiv;
1234
+ }
1235
  }
1236
  }
1237
  ?>
1238
 
1239
  <form name="bpsHeadersGet" action="<?php echo admin_url( 'admin.php?page=bulletproof-security/admin/system-info/system-info.php#bps-tabs-2' ); ?>" method="post">
1240
+ <?php wp_nonce_field('bpsHeaderCheckGet');
1241
+ $bpsURLGET = isset( $_POST['bpsURLGET'] ) ? $_POST['bpsURLGET'] : '';
1242
+ ?>
1243
+
1244
  <div><label for="bpsHeaders"><strong><?php _e('Enter a Website URL - Example: ', 'bulletproof-security'); echo get_site_url(); ?></strong></label><br />
1245
+ <input type="text" name="bpsURLGET" class="form-300" value="<?php echo esc_url($bpsURLGET); ?>" /> <br />
1246
  <div style="margin:10px 0px">
1247
  <input type="submit" name="Submit-Headers-Check-Get" class="button bps-button" value="<?php esc_attr_e('Check Headers GET Request', 'bulletproof-security') ?>" onclick="return confirm('<?php $text = __('This Headers check makes a GET Request using the WordPress wp_remote_get function.', 'bulletproof-security').'\n\n'.$bpsSpacePop.'\n\n'.__('You can use the Check Headers HEAD Request tool to check headers using HEAD instead of GET.', 'bulletproof-security').'\n\n'.$bpsSpacePop.'\n\n'.__('Click OK to proceed or click Cancel.', 'bulletproof-security'); echo $text; ?>')" />
1248
  </div>
1255
  </td>
1256
  </tr>
1257
  </table>
 
1258
  </div>
1259
 
1260
  <div id="bps-tabs-3" class="bps-tab-page">
1275
  </tr>
1276
  </table>
1277
  </div>
1278
+ <?php echo $bps_footer; ?>
 
 
1279
  </div>
1280
  </div>
admin/theme-skin/theme-skin.php CHANGED
@@ -1,10 +1,4 @@
1
  <?php
2
- if ( ! function_exists('add_action') ) {
3
- header('Status: 403 Forbidden');
4
- header('HTTP/1.1 403 Forbidden');
5
- exit();
6
- }
7
-
8
  if ( ! current_user_can('manage_options') ) {
9
  header('Status: 403 Forbidden');
10
  header('HTTP/1.1 403 Forbidden');
@@ -38,7 +32,7 @@ if ( isset( $ScrollTop_options['bps_scrolltop'] ) && $ScrollTop_options['bps_scr
38
 
39
  <?php
40
  // General all purpose "Settings Saved." message for forms
41
- if ( current_user_can('manage_options') && wp_script_is( 'bps-accordion', $list = 'queue' ) ) {
42
  if ( isset( $_GET['settings-updated'] ) && $_GET['settings-updated'] == true) {
43
  $text = '<p style="font-size:1em;font-weight:bold;padding:2px 0px 2px 5px;margin:0px -11px 0px -11px;background-color:#dfecf2;-webkit-box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);""><font color="green"><strong>'.__('Settings Saved', 'bulletproof-security').'</strong></font></p>';
44
  echo $text;
@@ -244,8 +238,6 @@ global $bps_topDiv, $bps_bottomDiv;
244
  </tr>
245
  </table>
246
  </div>
247
-
248
- <div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION; ?> Plugin by <a href="https://forum.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
249
- </div>
250
  </div>
251
  </div>
1
  <?php
 
 
 
 
 
 
2
  if ( ! current_user_can('manage_options') ) {
3
  header('Status: 403 Forbidden');
4
  header('HTTP/1.1 403 Forbidden');
32
 
33
  <?php
34
  // General all purpose "Settings Saved." message for forms
35
+ if ( current_user_can('manage_options') ) {
36
  if ( isset( $_GET['settings-updated'] ) && $_GET['settings-updated'] == true) {
37
  $text = '<p style="font-size:1em;font-weight:bold;padding:2px 0px 2px 5px;margin:0px -11px 0px -11px;background-color:#dfecf2;-webkit-box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);""><font color="green"><strong>'.__('Settings Saved', 'bulletproof-security').'</strong></font></p>';
38
  echo $text;
238
  </tr>
239
  </table>
240
  </div>
241
+ <?php echo $bps_footer; ?>
 
 
242
  </div>
243
  </div>
admin/wizard/wizard-backup.php CHANGED
@@ -12,6 +12,7 @@ function bpsPro_get_real_ip_address_wizard() {
12
  if ( is_admin() && current_user_can('manage_options') ) {
13
 
14
  if ( isset( $_SERVER['HTTP_CLIENT_IP'] ) ) {
 
15
  $ip = esc_html( $_SERVER['HTTP_CLIENT_IP'] );
16
 
17
  if ( ! is_array($ip) ) {
@@ -35,6 +36,7 @@ function bpsPro_get_real_ip_address_wizard() {
35
  }
36
 
37
  } elseif ( isset( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) {
 
38
  $ip = esc_html( $_SERVER['HTTP_X_FORWARDED_FOR'] );
39
 
40
  if ( ! is_array($ip) ) {
@@ -58,6 +60,7 @@ function bpsPro_get_real_ip_address_wizard() {
58
  }
59
 
60
  } elseif ( isset( $_SERVER['REMOTE_ADDR'] ) ) {
 
61
  $ip = esc_html( $_SERVER['REMOTE_ADDR'] );
62
  return $ip;
63
  }
@@ -115,6 +118,7 @@ function bpsPro_Wizard_deny_all() {
115
 
116
  // Zip Root htaccess file: If ZipArchive Class is not available use PclZip
117
  function bps_zip_root_htaccess_file() {
 
118
  // Use ZipArchive
119
  if ( class_exists('ZipArchive') ) {
120
 
@@ -155,9 +159,11 @@ function bps_zip_root_htaccess_file() {
155
  if ( file_exists($root_htaccess) ) {
156
  copy($root_htaccess, $root_htaccess_dest);
157
  }
 
158
  if ( file_exists($wp_admin_htaccess) ) {
159
  copy($wp_admin_htaccess, $wp_admin_htaccess_dest);
160
  }
 
161
  // PclZip will lose its mind if the wp-admin htaccess file does not exist. So create a dummy file.
162
  if ( ! file_exists($wp_admin_htaccess) ) {
163
  copy($blank_dummy_file, $wp_admin_htaccess_dest);
@@ -179,12 +185,12 @@ function bps_zip_root_htaccess_file() {
179
  unlink($root_htaccess_dest);
180
  unlink($wp_admin_htaccess_dest);
181
 
182
- return true;
183
  }
184
 
185
  if ( $v_list == 0 ) {
186
  die("Error : ".$archive->errorInfo(true) );
187
- return false;
188
  }
189
  }
190
  }
@@ -279,6 +285,7 @@ function bpsPro_root_precheck_download() {
279
  if ( file_exists($rootHtaccess) ) {
280
  copy($rootHtaccess, $rootHtaccessBackupTime);
281
  }
 
282
  if ( file_exists($wpadminHtaccess) ) {
283
  copy($wpadminHtaccess, $wpadminHtaccessBackupTime);
284
  }
12
  if ( is_admin() && current_user_can('manage_options') ) {
13
 
14
  if ( isset( $_SERVER['HTTP_CLIENT_IP'] ) ) {
15
+
16
  $ip = esc_html( $_SERVER['HTTP_CLIENT_IP'] );
17
 
18
  if ( ! is_array($ip) ) {
36
  }
37
 
38
  } elseif ( isset( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) {
39
+
40
  $ip = esc_html( $_SERVER['HTTP_X_FORWARDED_FOR'] );
41
 
42
  if ( ! is_array($ip) ) {
60
  }
61
 
62
  } elseif ( isset( $_SERVER['REMOTE_ADDR'] ) ) {
63
+
64
  $ip = esc_html( $_SERVER['REMOTE_ADDR'] );
65
  return $ip;
66
  }
118
 
119
  // Zip Root htaccess file: If ZipArchive Class is not available use PclZip
120
  function bps_zip_root_htaccess_file() {
121
+
122
  // Use ZipArchive
123
  if ( class_exists('ZipArchive') ) {
124
 
159
  if ( file_exists($root_htaccess) ) {
160
  copy($root_htaccess, $root_htaccess_dest);
161
  }
162
+
163
  if ( file_exists($wp_admin_htaccess) ) {
164
  copy($wp_admin_htaccess, $wp_admin_htaccess_dest);
165
  }
166
+
167
  // PclZip will lose its mind if the wp-admin htaccess file does not exist. So create a dummy file.
168
  if ( ! file_exists($wp_admin_htaccess) ) {
169
  copy($blank_dummy_file, $wp_admin_htaccess_dest);
185
  unlink($root_htaccess_dest);
186
  unlink($wp_admin_htaccess_dest);
187
 
188
+ return true;
189
  }
190
 
191
  if ( $v_list == 0 ) {
192
  die("Error : ".$archive->errorInfo(true) );
193
+ return false;
194
  }
195
  }
196
  }
285
  if ( file_exists($rootHtaccess) ) {
286
  copy($rootHtaccess, $rootHtaccessBackupTime);
287
  }
288
+
289
  if ( file_exists($wpadminHtaccess) ) {
290
  copy($wpadminHtaccess, $wpadminHtaccessBackupTime);
291
  }
admin/wizard/wizard-functions.php CHANGED
@@ -12,28 +12,28 @@ function bpsSetupWizard_delete_htaccess_files() {
12
 
13
  if ( is_admin() && current_user_can('manage_options') ) {
14
 
15
- $bps_backup = WP_CONTENT_DIR . '/bps-backup/.htaccess';
16
- $bps_master_backups = WP_CONTENT_DIR . '/bps-backup/master-backups/.htaccess';
17
- $root_htaccess = ABSPATH . '.htaccess';
18
- $wpadmin_htaccess = ABSPATH . 'wp-admin/.htaccess';
19
- $bpsPro_pf = WP_PLUGIN_DIR . '/bulletproof-security/';
20
- $core1 = $bpsPro_pf . 'admin/core/.htaccess';
21
- $core2 = $bpsPro_pf . 'admin/db-backup-security/.htaccess';
22
- $core3 = $bpsPro_pf . 'admin/htaccess/.htaccess';
23
- $core4 = $bpsPro_pf . 'admin/login/.htaccess';
24
- $core5 = $bpsPro_pf . 'admin/maintenance/.htaccess';
25
- $core6 = $bpsPro_pf . 'admin/security-log/.htaccess';
26
- $core7 = $bpsPro_pf . 'admin/system-info/.htaccess';
27
- $core8 = $bpsPro_pf . 'admin/theme-skin/.htaccess';
28
- $core9 = $bpsPro_pf . 'admin/wizard/.htaccess';
29
- $core10 = $bpsPro_pf . 'admin/email-log-settings/.htaccess';
30
- $core11 = $bpsPro_pf . 'admin/mscan/.htaccess';
31
 
32
  $files = array( $bps_backup, $bps_master_backups, $root_htaccess, $wpadmin_htaccess, $core1, $core2, $core3, $core4, $core5, $core6, $core7, $core8, $core9, $core10, $core11 );
33
 
34
  $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
35
 
36
- if ( $HFiles_options['bps_htaccess_files'] == 'disabled' ) {
37
 
38
  foreach ( $files as $file ) {
39
 
@@ -41,6 +41,7 @@ function bpsSetupWizard_delete_htaccess_files() {
41
  unlink($file);
42
  }
43
  }
 
44
  echo '<strong><font color="blue">'.__('htaccess Files Disabled: Existing BPS htaccess files have been deleted and new BPS htaccess files will not be created.', 'bulletproof-security').'<br>'.__('All BPS htaccess features are disabled.', 'bulletproof-security').' '.__('Click this link for help information: ', 'bulletproof-security').'</font></strong><a href="https://forum.ait-pro.com/forums/topic/htaccess-files-disabled-setup-wizard-enable-disable-htaccess-files/" target="_blank" title="htaccess Files Disabled Forum Topic">'.__('htaccess Files Disabled Forum Topic', 'bulletproof-security').'</a><br>';
45
 
46
  }
@@ -48,16 +49,20 @@ function bpsSetupWizard_delete_htaccess_files() {
48
  }
49
 
50
  function bpsPro_network_domain_check_wizard() {
51
- global $wpdb;
 
52
  if ( $wpdb->get_var( "SHOW TABLES LIKE '$wpdb->site'" ) )
53
  return $wpdb->get_var( "SELECT domain FROM $wpdb->site ORDER BY id ASC LIMIT 1" );
54
  return false;
55
  }
56
 
57
  function bpsPro_get_clean_basedomain_wizard() {
 
58
  if ( $existing_domain = bpsPro_network_domain_check_wizard() )
59
- return $existing_domain;
 
60
  $domain = preg_replace( '|https?://|', '', get_option( 'siteurl' ) );
 
61
  if ( $slash = strpos( $domain, '/' ) )
62
  $domain = substr( $domain, 0, $slash );
63
  return $domain;
@@ -67,52 +72,58 @@ function bpsPro_get_clean_basedomain_wizard() {
67
  function bpsSetupWizardCreateRootHtaccess() {
68
  global $bps_version;
69
 
70
- $bps_get_domain_root = bpsGetDomainRoot();
71
- $bps_get_wp_root_default = bps_wp_get_root_folder();
72
- // Replace ABSPATH = wp-content/plugins
73
- $bps_plugin_dir = str_replace( ABSPATH, '', WP_PLUGIN_DIR );
74
- // Replace ABSPATH = wp-content
75
- $bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );
76
- $successTextBegin = '<font color="green"><strong>';
77
- $successTextEnd = '</strong></font><br>';
78
- $failTextBegin = '<font color="#fb0101"><strong>';
79
- $failTextEnd = '</strong></font><br>';
80
 
81
  if ( is_multisite() ) {
82
 
83
- $hostname = bpsPro_get_clean_basedomain_wizard();
84
- $slashed_home = trailingslashit( get_option( 'home' ) );
85
- $base = parse_url( $slashed_home, PHP_URL_PATH );
86
- $document_root_fix = str_replace( '\\', '/', realpath( $_SERVER['DOCUMENT_ROOT'] ) );
87
- $abspath_fix = str_replace( '\\', '/', ABSPATH );
88
- $home_path = 0 === strpos( $abspath_fix, $document_root_fix ) ? $document_root_fix . $base : get_home_path();
89
- $wp_siteurl_subdir = preg_replace( '#^' . preg_quote( $home_path, '#' ) . '#', '', $abspath_fix );
90
- $rewrite_base = ! empty( $wp_siteurl_subdir ) ? ltrim( trailingslashit( $wp_siteurl_subdir ), '/' ) : '';
91
- $subdomain_install = is_subdomain_install();
92
- $subdir_match = $subdomain_install ? '' : '([_0-9a-zA-Z-]+/)?';
93
- $subdir_replacement_01 = $subdomain_install ? '' : '$1';
94
- $subdir_replacement_12 = $subdomain_install ? '$1' : '$2';
95
-
96
  $ms_files_rewriting = '';
 
97
  if ( is_multisite() && get_site_option( 'ms_files_rewriting' ) ) {
98
  $ms_files_rewriting = "\n# uploaded files\nRewriteRule ^";
99
  $ms_files_rewriting .= $subdir_match . "files/(.+) {$rewrite_base}wp-includes/ms-files.php?file={$subdir_replacement_12} [L]" . "\n";
100
  }
101
  }
102
 
103
- $BPSCustomCodeOptions = get_option('bulletproof_security_options_customcode');
104
- $Apache_Mod_options = get_option('bulletproof_security_options_apache_modules');
105
- $bps_get_wp_root_secure = bps_wp_get_root_folder();
106
- $bps_auto_write_secure_file = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/secure.htaccess';
107
- $bps_auto_write_secure_file_root = ABSPATH . '.htaccess';
108
-
109
- $bpsSuccessMessageSec = '<font color="green"><strong>'.__('The secure.htaccess Root Master htaccess file was created successfully.', 'bulletproof-security').'<br>'.__('Root Folder BulletProof Mode activated successfully.', 'bulletproof-security').'</strong></font><br>';
110
 
111
- $bpsFailMessageSec = '<font color="#fb0101"><strong>'.__('Error: The secure.htaccess Root Master htaccess file and root .htaccess file cannot be created. Root Folder BulletProof Mode has NOT been activated.', 'bulletproof-security').'</strong></font><br><strong>'.__('If your Server configuration is DSO you must first make some one-time manual changes to your website before running the Setup Wizard. Please click this Forum Link for instructions: ', 'bulletproof-security').' <a href="https://forum.ait-pro.com/forums/topic/dso-setup-steps/" target="_blank" title="Link opens in a new Browser window">'.__('DSO Setup Steps', 'bulletproof-security').'</a></strong><br>';
 
 
 
 
 
112
 
113
- if ( ! is_multisite() && $BPSCustomCodeOptions['bps_customcode_wp_rewrite_start'] != '' ) {
114
  $bpsBeginWP = "# CUSTOM CODE WP REWRITE LOOP START\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_wp_rewrite_start'], ENT_QUOTES ) . "\n\n";
 
115
  } else {
 
116
  $bpsBeginWP = "# WP REWRITE LOOP START
117
  RewriteEngine On
118
  RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
@@ -122,9 +133,12 @@ RewriteRule ^index\.php$ - [L]\n";
122
 
123
  // Network/Multisite all site types and versions
124
  if ( is_multisite() ) {
125
- if ( $BPSCustomCodeOptions['bps_customcode_wp_rewrite_start'] != '' ) {
 
126
  $bpsMUSDirTop = "# CUSTOM CODE WP REWRITE LOOP START\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_wp_rewrite_start'], ENT_QUOTES ) . "\n\n";
 
127
  } else {
 
128
  $bpsMUSDirTop = "# WP REWRITE LOOP START
129
  RewriteEngine On
130
  RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
@@ -136,9 +150,11 @@ RewriteRule ^{$subdir_match}wp-admin$ {$subdir_replacement_01}wp-admin/ [R=301,L
136
  }
137
 
138
  // Network/Multisite all site types and versions
139
- if ( $BPSCustomCodeOptions['bps_customcode_wp_rewrite_end'] != '' ) {
140
  $bpsMUSDirBottom = "# CUSTOM CODE WP REWRITE LOOP END\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_wp_rewrite_end'], ENT_QUOTES ) . "\n\n";
 
141
  } else {
 
142
  $bpsMUSDirBottom = "RewriteCond %{REQUEST_FILENAME} -f [OR]
143
  RewriteCond %{REQUEST_FILENAME} -d
144
  RewriteRule ^ - [L]
@@ -151,25 +167,31 @@ RewriteRule . index.php [L]
151
 
152
  $bps_secure_content_top = "# BULLETPROOF $bps_version SECURE .HTACCESS \n\n";
153
 
154
- if ( $BPSCustomCodeOptions['bps_customcode_one'] != '' ) {
155
  $bps_secure_phpini_cache = "# CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_one'], ENT_QUOTES ) . "\n\n";
 
156
  } else {
 
157
  $bps_secure_phpini_cache = "# PHP/PHP.INI HANDLER/CACHE CODE
158
  # Use BPS Custom Code to add php/php.ini Handler and Cache htaccess code and to save it permanently.
159
  # Most Hosts do not have/use/require php/php.ini Handler htaccess code\n\n";
160
  }
161
 
162
- if ( $BPSCustomCodeOptions['bps_customcode_server_signature'] != '' ) {
163
  $bps_server_signature = "# CUSTOM CODE TURN OFF YOUR SERVER SIGNATURE\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_server_signature'], ENT_QUOTES ) . "\n\n";
 
164
  } else {
 
165
  $bps_server_signature = "# TURN OFF YOUR SERVER SIGNATURE
166
  # Suppresses the footer line server version number and ServerName of the serving virtual host
167
  ServerSignature Off\n\n";
168
  }
169
 
170
- if ( $BPSCustomCodeOptions['bps_customcode_directory_index'] != '' ) {
171
  $bps_secure_directory_list_index = "# CUSTOM CODE DIRECTORY LISTING/DIRECTORY INDEX\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_directory_index'], ENT_QUOTES ) . "\n\n";
 
172
  } else {
 
173
  $bps_secure_directory_list_index = "# DO NOT SHOW DIRECTORY LISTING
174
  # Disallow mod_autoindex from displaying a directory listing
175
  # If a 500 Internal Server Error occurs when activating Root BulletProof Mode
@@ -188,9 +210,11 @@ Options -Indexes\n
188
  DirectoryIndex index.php index.html /index.php\n\n";
189
  }
190
 
191
- if ( $BPSCustomCodeOptions['bps_customcode_server_protocol'] != '' ) {
192
  $bps_secure_brute_force_login = "# CUSTOM CODE BRUTE FORCE LOGIN PAGE PROTECTION\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_server_protocol'], ENT_QUOTES ) . "\n\n";
 
193
  } else {
 
194
  $bps_secure_brute_force_login = "# BRUTE FORCE LOGIN PAGE PROTECTION
195
  # PLACEHOLDER ONLY
196
  # Use BPS Custom Code to add Brute Force Login protection code and to save it permanently.
@@ -198,9 +222,11 @@ $bps_secure_brute_force_login = "# BRUTE FORCE LOGIN PAGE PROTECTION
198
  # for more information.\n\n";
199
  }
200
 
201
- if ( $BPSCustomCodeOptions['bps_customcode_error_logging'] != '' ) {
202
  $bps_secure_error_logging = "# CUSTOM CODE ERROR LOGGING AND TRACKING\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_error_logging'], ENT_QUOTES ) . "\n\n";
 
203
  } else {
 
204
  $bps_secure_error_logging = "# BPS ERROR LOGGING AND TRACKING
205
  # Use BPS Custom Code to modify/edit/change this code and to save it permanently.
206
  # BPS has premade 400 Bad Request, 403 Forbidden, 404 Not Found, 405 Method Not Allowed and
@@ -224,18 +250,22 @@ ErrorDocument 405 " . $bps_get_wp_root_secure . $bps_plugin_dir . "/bulletproof-
224
  ErrorDocument 410 " . $bps_get_wp_root_secure . $bps_plugin_dir . "/bulletproof-security/410.php\n\n";
225
  }
226
 
227
- if ( $BPSCustomCodeOptions['bps_customcode_deny_dot_folders'] != '' ) {
228
  $bps_secure_dot_server_files = "# CUSTOM CODE DENY ACCESS TO PROTECTED SERVER FILES AND FOLDERS\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_deny_dot_folders'], ENT_QUOTES ) . "\n\n";
 
229
  } else {
 
230
  $bps_secure_dot_server_files = "# DENY ACCESS TO PROTECTED SERVER FILES AND FOLDERS
231
  # Use BPS Custom Code to modify/edit/change this code and to save it permanently.
232
  # Files and folders starting with a dot: .htaccess, .htpasswd, .errordocs, .logs
233
  RedirectMatch 403 \.(htaccess|htpasswd|errordocs|logs)$\n\n";
234
  }
235
 
236
- if ( $BPSCustomCodeOptions['bps_customcode_admin_includes'] != '' ) {
237
  $bps_secure_content_wpadmin = "# CUSTOM CODE WP-ADMIN/INCLUDES\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_admin_includes'], ENT_QUOTES ) . "\n\n";
 
238
  } else {
 
239
  $bps_secure_content_wpadmin = "# WP-ADMIN/INCLUDES
240
  # Use BPS Custom Code to remove this code permanently.
241
  RewriteEngine On
@@ -247,9 +277,11 @@ RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F]
247
  RewriteRule ^wp-includes/theme-compat/ - [F]\n\n";
248
  }
249
 
250
- if ( $BPSCustomCodeOptions['bps_customcode_request_methods'] != '' ) {
251
  $bps_secure_request_methods = "\n# CUSTOM CODE REQUEST METHODS FILTERED\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_request_methods'], ENT_QUOTES)."\n\n";
 
252
  } else {
 
253
  $bps_secure_request_methods = "\n# REQUEST METHODS FILTERED
254
  # If you want to allow HEAD Requests use BPS Custom Code and copy
255
  # this entire REQUEST METHODS FILTERED section of code to this BPS Custom Code
@@ -271,7 +303,8 @@ $bps_secure_begin_plugins_skip_rules_text = "# PLUGINS/THEMES AND VARIOUS EXPLOI
271
 
272
  // Plugin/Theme skip/bypass rules
273
  $bps_secure_plugins_themes_skip_rules = '';
274
- if ( $BPSCustomCodeOptions['bps_customcode_two'] != '' ) {
 
275
  $bps_secure_plugins_themes_skip_rules = "# CUSTOM CODE PLUGIN/THEME SKIP/BYPASS RULES\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_two'], ENT_QUOTES ) . "\n\n";
276
  }
277
 
@@ -306,9 +339,11 @@ RewriteRule . - [S=4]
306
  RewriteCond %{QUERY_STRING} action=rp&key=(.*) [NC]
307
  RewriteRule . - [S=3]\n\n";
308
 
309
- if ( $BPSCustomCodeOptions['bps_customcode_timthumb_misc'] != '' ) {
310
  $bps_secure_timthumb_misc = "# CUSTOM CODE TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_timthumb_misc'], ENT_QUOTES ) . "\n\n";
 
311
  } else {
 
312
  $bps_secure_timthumb_misc = "# TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE
313
  # Use BPS Custom Code to modify/edit/change this code and to save it permanently.
314
  # Remote File Inclusion (RFI) security rules
@@ -324,9 +359,11 @@ RewriteCond %{HTTP_REFERER} ^.*" . $bps_get_domain_root . ".*
324
  RewriteRule . - [S=1]\n\n";
325
  }
326
 
327
- if ( $BPSCustomCodeOptions['bps_customcode_bpsqse'] != '' ) {
328
  $bps_secure_BPSQSE = "# CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_bpsqse'], ENT_QUOTES ) . "\n\n";
 
329
  } else {
 
330
  $bps_secure_BPSQSE = "# BEGIN BPSQSE BPS QUERY STRING EXPLOITS
331
  # The libwww-perl User Agent is forbidden - Many bad bots use libwww-perl modules, but some good bots use it too.
332
  # Good sites such as W3C use it for their W3C-LinkChecker.
@@ -386,14 +423,14 @@ RewriteCond %{REQUEST_FILENAME} !-d
386
  RewriteRule . " . $bps_get_wp_root_secure . "index.php [L]
387
  # WP REWRITE LOOP END\n";
388
 
389
- if ( $BPSCustomCodeOptions['bps_customcode_deny_files'] != '' ) {
390
  $bps_secure_deny_browser_access = "\n# CUSTOM CODE DENY BROWSER ACCESS TO THESE FILES\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_deny_files'], ENT_QUOTES ) . "\n\n";
391
 
392
  } else {
393
 
394
- if ( $Apache_Mod_options['bps_apache_mod_ifmodule'] == 'Yes' ) {
395
-
396
- $bps_secure_deny_browser_access = "\n# DENY BROWSER ACCESS TO THESE FILES
397
  # Use BPS Custom Code to modify/edit/change this code and to save it permanently.
398
  # wp-config.php, bb-config.php, php.ini, php5.ini, readme.html
399
  # To be able to view these files from a Browser, replace 127.0.0.1 with your actual
@@ -415,10 +452,10 @@ Deny from all
415
  </IfModule>
416
  </IfModule>
417
  </FilesMatch>\n\n";
 
 
418
 
419
- } else {
420
-
421
- $bps_secure_deny_browser_access = "\n# DENY BROWSER ACCESS TO THESE FILES
422
  # Use BPS Custom Code to modify/edit/change this code and to save it permanently.
423
  # wp-config.php, bb-config.php, php.ini, php5.ini, readme.html
424
  # To be able to view these files from a Browser, replace 127.0.0.1 with your actual
@@ -430,14 +467,17 @@ Order Allow,Deny
430
  Deny from all
431
  #Allow from 127.0.0.1
432
  </FilesMatch>\n\n";
433
- }
434
  }
435
 
436
  // CUSTOM CODE BOTTOM
437
  $bps_secure_bottom_misc_code = '';
438
- if ( $BPSCustomCodeOptions['bps_customcode_three'] != '' ) {
 
439
  $bps_secure_bottom_misc_code = "# CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_three'], ENT_QUOTES ) . "\n\n";
 
440
  } else {
 
441
  $bps_secure_bottom_misc_code = "# HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE
442
  # PLACEHOLDER ONLY
443
  # Use BPS Custom Code to add custom code and save it permanently here.\n";
@@ -628,16 +668,17 @@ $bps_secure_bottom_misc_code = "# HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/
628
 
629
  // Setup Wizard - Create wpadmin-secure.htaccess htaccess file and copy it to the /wp-admin folder
630
  function bpsSetupWizardCreateWpadminHtaccess() {
631
- $options = get_option('bulletproof_security_options_customcode_WPA');
 
632
 
633
- $bpsSuccessMessageSec = '<font color="green"><strong>'.__('The wpadmin-secure.htaccess wp-admin Master htaccess file was created successfully.', 'bulletproof-security').'<br>'.__('wp-admin Folder BulletProof Mode activated successfully.', 'bulletproof-security').'</strong></font><br>';
634
 
635
- $bpsFailMessageSec = '<font color="#fb0101"><strong>'.__('Error: The wpadmin-secure.htaccess wp-admin Master htaccess file and wp-admin .htaccess file cannot be created. wp-admin Folder BulletProof Mode has NOT been activated.', 'bulletproof-security').'</strong></font><br><strong>'.__('If your Server configuration is DSO you must first make some one-time manual changes to your website before running the Setup Wizard. Please click this Forum Link for instructions: ', 'bulletproof-security').' <a href="https://forum.ait-pro.com/forums/topic/dso-setup-steps/" target="_blank" title="Link opens in a new Browser window">'.__('DSO Setup Steps', 'bulletproof-security').'</a></strong><br>';
636
 
637
  $BPS_wpadmin_Options = get_option('bulletproof_security_options_htaccess_res');
638
  $GDMW_options = get_option('bulletproof_security_options_GDMW');
639
 
640
- if ( $BPS_wpadmin_Options['bps_wpadmin_restriction'] == 'disabled' || $GDMW_options['bps_gdmw_hosting'] == 'yes' ) {
641
  $text = '<font color="blue"><strong>'.__('Go Daddy Managed WordPress Hosting option is set to Yes or Enable|Disable wp-admin BulletProof Mode option is set to disabled. GDMW hosting does not allow wp-admin htaccess files.', 'bulletproof-security').'</strong></font><br>';
642
  echo $text;
643
  return;
@@ -647,9 +688,11 @@ $bpsFailMessageSec = '<font color="#fb0101"><strong>'.__('Error: The wpadmin-sec
647
  $bps_master_backup_wpadmin_file = WP_CONTENT_DIR . '/bps-backup/master-backups/wpadmin.htaccess';
648
  $wpadminActiveHtaccess = ABSPATH . 'wp-admin/.htaccess';
649
  $permsHtaccess = '';
 
650
  if ( file_exists($wpadminActiveHtaccess) ) {
651
- $permsHtaccess = substr(sprintf('%o', fileperms($wpadminActiveHtaccess)), -4);
652
  }
 
653
  $sapi_type = php_sapi_name();
654
  $bpsString1 = "# CCWTOP";
655
  $bpsString2 = "# CCWPF";
@@ -682,13 +725,14 @@ $bpsFailMessageSec = '<font color="#fb0101"><strong>'.__('Error: The wpadmin-sec
682
  if ( file_exists($wpadminActiveHtaccess) ) {
683
  $bpsBaseContent = file_get_contents($wpadminActiveHtaccess);
684
 
685
- if ( $options['bps_customcode_deny_files_wpa'] != '') {
686
  $bpsBaseContent = preg_replace('/#\sBEGIN\sBPS\sWPADMIN\sDENY\sACCESS\sTO\sFILES(.*)#\sEND\sBPS\sWPADMIN\sDENY\sACCESS\sTO\sFILES/s', $bpsReplace3, $bpsBaseContent);
687
  }
688
 
689
- if ( $options['bps_customcode_bpsqse_wpa'] != '') {
690
  $bpsBaseContent = preg_replace('/#\sBEGIN\sBPSQSE-check\sBPS\sQUERY\sSTRING\sEXPLOITS\sAND\sFILTERS(.*)#\sEND\sBPSQSE-check\sBPS\sQUERY\sSTRING\sEXPLOITS\sAND\sFILTERS/s', $bpsReplace4, $bpsBaseContent);
691
  }
 
692
  $bpsBaseContent = str_replace($bpsString1, $bpsReplace1, $bpsBaseContent);
693
  $bpsBaseContent = str_replace($bpsString2, $bpsReplace2, $bpsBaseContent);
694
  file_put_contents($wpadminActiveHtaccess, $bpsBaseContent);
@@ -700,7 +744,7 @@ $bpsFailMessageSec = '<font color="#fb0101"><strong>'.__('Error: The wpadmin-sec
700
  function bpsSetupWizardCreateDefaultHtaccess() {
701
  global $bps_version;
702
 
703
- $bps_get_wp_root_default = bps_wp_get_root_folder();
704
 
705
  if ( is_multisite() ) {
706
 
@@ -718,18 +762,19 @@ $bps_get_wp_root_default = bps_wp_get_root_folder();
718
  $subdir_replacement_12 = $subdomain_install ? '$1' : '$2';
719
 
720
  $ms_files_rewriting = '';
 
721
  if ( is_multisite() && get_site_option( 'ms_files_rewriting' ) ) {
722
  $ms_files_rewriting = "\n# uploaded files\nRewriteRule ^";
723
  $ms_files_rewriting .= $subdir_match . "files/(.+) {$rewrite_base}wp-includes/ms-files.php?file={$subdir_replacement_12} [L]" . "\n";
724
  }
725
  }
726
 
727
- $BPSCustomCodeOptions = get_option('bulletproof_security_options_customcode');
728
-
729
- $bpsSuccessMessageSec = '<font color="green"><strong>'.__('The default.htaccess Master htaccess file was created successfully.', 'bulletproof-security').'</strong></font><br>';
730
-
731
- $bpsFailMessageSec = '<font color="#fb0101"><strong>'.__('Error: The default.htaccess Master htaccess file cannot be created.', 'bulletproof-security').'</strong></font><br><strong>'.__('If your Server configuration is DSO you must first make some one-time manual changes to your website before running the Setup Wizard. Please click this Forum Link for instructions: ', 'bulletproof-security').' <a href="https://forum.ait-pro.com/forums/topic/dso-setup-steps/" target="_blank" title="Link opens in a new Browser window">'.__('DSO Setup Steps', 'bulletproof-security').'</a></strong><br>';
732
-
733
  $bps_default_content_top = "# BULLETPROOF DEFAULT .HTACCESS \n
734
  # WARNING!!! THE default.htaccess FILE DOES NOT PROTECT YOUR WEBSITE AGAINST HACKERS
735
  # This is a standard generic htaccess file that does NOT provide any website security
@@ -751,9 +796,12 @@ $bpsMUEndWP = "# END BPS WordPress";
751
 
752
  // Network/Multisite all site types and versions
753
  if ( is_multisite() ) {
754
- if ( $BPSCustomCodeOptions['bps_customcode_wp_rewrite_start'] != '' ) {
 
755
  $bpsMUSDirTop = "# CUSTOM CODE WP REWRITE LOOP START\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_wp_rewrite_start'], ENT_QUOTES ) . "\n\n";
 
756
  } else {
 
757
  $bpsMUSDirTop = "# WP REWRITE LOOP START
758
  RewriteEngine On
759
  RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
@@ -765,9 +813,12 @@ RewriteRule ^{$subdir_match}wp-admin$ {$subdir_replacement_01}wp-admin/ [R=301,L
765
  }
766
 
767
  // Network/Multisite all site types and versions
768
- if ( $BPSCustomCodeOptions['bps_customcode_wp_rewrite_end'] != '' ) {
 
769
  $bpsMUSDirBottom = "# CUSTOM CODE WP REWRITE LOOP END\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_wp_rewrite_end'], ENT_QUOTES ) . "\n\n";
 
770
  } else {
 
771
  $bpsMUSDirBottom = "RewriteCond %{REQUEST_FILENAME} -f [OR]
772
  RewriteCond %{REQUEST_FILENAME} -d
773
  RewriteRule ^ - [L]
@@ -785,140 +836,142 @@ RewriteRule . index.php [L]
785
 
786
  $stringReplace = file_get_contents($bps_auto_write_default_file);
787
 
788
- if ( file_exists($bps_auto_write_default_file) ) {
789
- $stringReplace = $bps_default_content_top.$bps_default_content_bottom;
790
-
791
- if ( file_put_contents( $bps_auto_write_default_file, $stringReplace ) ) {
792
-
793
- echo $bpsSuccessMessageSec;
794
-
795
- } else {
796
-
797
- echo $bpsFailMessageSec;
 
798
  }
799
  }
800
- }
801
 
802
  // Network site type: Create default.htaccess Master File
803
  if ( is_multisite() && is_super_admin() ) {
804
 
805
  $stringReplace = file_get_contents($bps_auto_write_default_file);
806
 
807
- if ( file_exists($bps_auto_write_default_file) ) {
808
- $stringReplace = $bps_default_content_top.$bpsMUSDirTop.$bpsMUSDirBottom.$bpsMUEndWP;
809
-
810
- if ( file_put_contents( $bps_auto_write_default_file, $stringReplace ) ) {
811
-
812
- echo $bpsSuccessMessageSec;
813
-
814
- } else {
815
-
816
- echo $bpsFailMessageSec;
 
817
  }
818
  }
819
- }
820
  }
821
 
822
  // Setup Wizard - DB Backup is setup in admin.php on BPS installation.
823
  // if someone uninstalls BPS and runs the setup wizard again then the db options need to be updated
824
  // with the db backup folder and db backup download URL
825
  function bpsSetupWizard_dbbackup_folder_check() {
826
- $successTextBegin = '<font color="green"><strong>';
827
- $dbb_successMessage = __(' DB Option created or updated Successfully!', 'bulletproof-security');
828
- $successMessage2 = __(' Folder created Successfully!', 'bulletproof-security');
829
- $successTextEnd = '</strong></font><br>';
830
- $failTextBegin = '<font color="#fb0101"><strong>';
831
- $failTextEnd = '</strong></font><br>';
 
832
 
833
  if ( current_user_can('manage_options') ) {
834
 
835
  $DBBoptions = get_option('bulletproof_security_options_db_backup');
836
 
837
- if ( isset($DBBoptions['bps_db_backup_folder']) && $DBBoptions['bps_db_backup_folder'] != '' ) {
838
-
839
- $DBB_Options = array(
840
- 'bps_db_backup' => $DBBoptions['bps_db_backup'],
841
- 'bps_db_backup_description' => $DBBoptions['bps_db_backup_description'],
842
- 'bps_db_backup_folder' => $DBBoptions['bps_db_backup_folder'],
843
- 'bps_db_backup_download_link' => $DBBoptions['bps_db_backup_download_link'],
844
- 'bps_db_backup_job_type' => $DBBoptions['bps_db_backup_job_type'],
845
- 'bps_db_backup_frequency' => $DBBoptions['bps_db_backup_frequency'],
846
- 'bps_db_backup_start_time_hour' => $DBBoptions['bps_db_backup_start_time_hour'],
847
- 'bps_db_backup_start_time_weekday' => $DBBoptions['bps_db_backup_start_time_weekday'],
848
- 'bps_db_backup_start_time_month_date' => $DBBoptions['bps_db_backup_start_time_month_date'],
849
- 'bps_db_backup_email_zip' => $DBBoptions['bps_db_backup_email_zip'],
850
- 'bps_db_backup_delete' => $DBBoptions['bps_db_backup_delete'],
851
- 'bps_db_backup_status_display' => $DBBoptions['bps_db_backup_status_display']
852
- );
853
-
854
- echo $successTextBegin.$DBBoptions['bps_db_backup_folder'].$successMessage2.$successTextEnd;
855
-
856
- foreach( $DBB_Options as $key => $value ) {
857
- update_option('bulletproof_security_options_db_backup', $DBB_Options);
858
- echo $successTextBegin.$key.$dbb_successMessage.$successTextEnd;
859
- }
860
-
861
- } else {
862
-
863
- $source = WP_CONTENT_DIR . '/bps-backup';
864
-
865
- if ( is_dir($source) ) {
866
-
867
- $iterator = new DirectoryIterator($source);
868
 
869
- foreach ( $iterator as $folder ) {
 
 
 
 
 
 
 
 
 
 
 
 
 
870
 
871
- if ( $folder->isDir() && ! $folder->isDot() && preg_match( '/backups_[a-zA-Z0-9]/', $folder ) ) {
872
-
873
- $bps_db_backup_folder = addslashes($source.DIRECTORY_SEPARATOR.$folder);
874
- $bps_db_backup_download_link = content_url( '/bps-backup/' ) . $folder . '/';
875
 
876
- $bps_db_backup_description = ! isset($DBBoptions['bps_db_backup_description']) ? '' : $DBBoptions['bps_db_backup_description'];
877
- $bps_db_backup_job_type = ! isset($DBBoptions['bps_db_backup_job_type']) ? '' : $DBBoptions['bps_db_backup_job_type'];
878
- $bps_db_backup_frequency = ! isset($DBBoptions['bps_db_backup_frequency']) ? '' : $DBBoptions['bps_db_backup_frequency'];
879
- $bps_db_backup_start_time_hour = ! isset($DBBoptions['bps_db_backup_start_time_hour']) ? '' : $DBBoptions['bps_db_backup_start_time_hour'];
880
- $bps_db_backup_start_time_weekday = ! isset($DBBoptions['bps_db_backup_start_time_weekday']) ? '' : $DBBoptions['bps_db_backup_start_time_weekday'];
881
- $bps_db_backup_start_time_month_date = ! isset($DBBoptions['bps_db_backup_start_time_month_date']) ? '' : $DBBoptions['bps_db_backup_start_time_month_date'];
882
- $bps_db_backup_email_zip = ! isset($DBBoptions['bps_db_backup_email_zip']) ? '' : $DBBoptions['bps_db_backup_email_zip'];
883
- $bps_db_backup_delete = ! isset($DBBoptions['bps_db_backup_delete']) ? '' : $DBBoptions['bps_db_backup_delete'];
884
- $bps_db_backup_status_display = ! isset($DBBoptions['bps_db_backup_status_display']) ? '' : $DBBoptions['bps_db_backup_status_display'];
885
-
886
- $DBB_Options = array(
887
- 'bps_db_backup' => 'On',
888
- 'bps_db_backup_description' => $bps_db_backup_description,
889
- 'bps_db_backup_folder' => $bps_db_backup_folder,
890
- 'bps_db_backup_download_link' => $bps_db_backup_download_link,
891
- 'bps_db_backup_job_type' => $bps_db_backup_job_type,
892
- 'bps_db_backup_frequency' => $bps_db_backup_frequency,
893
- 'bps_db_backup_start_time_hour' => $bps_db_backup_start_time_hour,
894
- 'bps_db_backup_start_time_weekday' => $bps_db_backup_start_time_weekday,
895
- 'bps_db_backup_start_time_month_date' => $bps_db_backup_start_time_month_date,
896
- 'bps_db_backup_email_zip' => $bps_db_backup_email_zip,
897
- 'bps_db_backup_delete' => $bps_db_backup_delete,
898
- 'bps_db_backup_status_display' => $bps_db_backup_status_display
899
- );
900
 
901
- echo $successTextBegin.$bps_db_backup_folder.$successMessage2.$successTextEnd;
902
-
903
- foreach( $DBB_Options as $key => $value ) {
904
- update_option('bulletproof_security_options_db_backup', $DBB_Options);
905
- echo $successTextBegin.$key.$dbb_successMessage.$successTextEnd;
906
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
907
  }
908
  }
909
  }
910
  }
911
- }
912
  }
913
 
914
  // Setup Wizard - Create/Recreate the User Agent filters in the 403.php file
915
  function bpsSetupWizard_autoupdate_useragent_filters() {
916
  global $wpdb;
917
- $table_name = $wpdb->prefix . "bpspro_seclog_ignore";
918
- $blankFile = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/blank.txt';
919
- $userAgentMaster = WP_CONTENT_DIR . '/bps-backup/master-backups/UserAgentMaster.txt';
920
- $bps403File = WP_PLUGIN_DIR . '/bulletproof-security/403.php';
921
- $search = '';
 
922
 
923
  if ( ! file_exists($bps403File) ) {
924
  return;
@@ -946,13 +999,12 @@ $search = '';
946
  echo $text;
947
  }
948
 
949
- $UserAgentRulesT = file_get_contents($userAgentMaster);
950
- $stringReplace = file_get_contents($bps403File);
951
-
952
- $stringReplace = preg_replace('/# BEGIN USERAGENT FILTER(.*)# END USERAGENT FILTER/s', "# BEGIN USERAGENT FILTER\nif ( !preg_match('/".trim($UserAgentRulesT, "|")."/', \$bpsPro_http_user_agent) ) {\n# END USERAGENT FILTER", $stringReplace);
953
-
954
- file_put_contents($bps403File, $stringReplace);
955
-
956
  }
957
  }
958
 
12
 
13
  if ( is_admin() && current_user_can('manage_options') ) {
14
 
15
+ $bps_backup = WP_CONTENT_DIR . '/bps-backup/.htaccess';
16
+ $bps_master_backups = WP_CONTENT_DIR . '/bps-backup/master-backups/.htaccess';
17
+ $root_htaccess = ABSPATH . '.htaccess';
18
+ $wpadmin_htaccess = ABSPATH . 'wp-admin/.htaccess';
19
+ $bpsPro_pf = WP_PLUGIN_DIR . '/bulletproof-security/';
20
+ $core1 = $bpsPro_pf . 'admin/core/.htaccess';
21
+ $core2 = $bpsPro_pf . 'admin/db-backup-security/.htaccess';
22
+ $core3 = $bpsPro_pf . 'admin/htaccess/.htaccess';
23
+ $core4 = $bpsPro_pf . 'admin/login/.htaccess';
24
+ $core5 = $bpsPro_pf . 'admin/maintenance/.htaccess';
25
+ $core6 = $bpsPro_pf . 'admin/security-log/.htaccess';
26
+ $core7 = $bpsPro_pf . 'admin/system-info/.htaccess';
27
+ $core8 = $bpsPro_pf . 'admin/theme-skin/.htaccess';
28
+ $core9 = $bpsPro_pf . 'admin/wizard/.htaccess';
29
+ $core10 = $bpsPro_pf . 'admin/email-log-settings/.htaccess';
30
+ $core11 = $bpsPro_pf . 'admin/mscan/.htaccess';
31
 
32
  $files = array( $bps_backup, $bps_master_backups, $root_htaccess, $wpadmin_htaccess, $core1, $core2, $core3, $core4, $core5, $core6, $core7, $core8, $core9, $core10, $core11 );
33
 
34
  $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
35
 
36
+ if ( isset($HFiles_options['bps_htaccess_files']) && $HFiles_options['bps_htaccess_files'] == 'disabled' ) {
37
 
38
  foreach ( $files as $file ) {
39
 
41
  unlink($file);
42
  }
43
  }
44
+
45
  echo '<strong><font color="blue">'.__('htaccess Files Disabled: Existing BPS htaccess files have been deleted and new BPS htaccess files will not be created.', 'bulletproof-security').'<br>'.__('All BPS htaccess features are disabled.', 'bulletproof-security').' '.__('Click this link for help information: ', 'bulletproof-security').'</font></strong><a href="https://forum.ait-pro.com/forums/topic/htaccess-files-disabled-setup-wizard-enable-disable-htaccess-files/" target="_blank" title="htaccess Files Disabled Forum Topic">'.__('htaccess Files Disabled Forum Topic', 'bulletproof-security').'</a><br>';
46
 
47
  }
49
  }
50
 
51
  function bpsPro_network_domain_check_wizard() {
52
+ global $wpdb;
53
+
54
  if ( $wpdb->get_var( "SHOW TABLES LIKE '$wpdb->site'" ) )
55
  return $wpdb->get_var( "SELECT domain FROM $wpdb->site ORDER BY id ASC LIMIT 1" );
56
  return false;
57
  }
58
 
59
  function bpsPro_get_clean_basedomain_wizard() {
60
+
61
  if ( $existing_domain = bpsPro_network_domain_check_wizard() )
62
+ return $existing_domain;
63
+
64
  $domain = preg_replace( '|https?://|', '', get_option( 'siteurl' ) );
65
+
66
  if ( $slash = strpos( $domain, '/' ) )
67
  $domain = substr( $domain, 0, $slash );
68
  return $domain;
72
  function bpsSetupWizardCreateRootHtaccess() {
73
  global $bps_version;
74
 
75
+ $bps_get_domain_root = bpsGetDomainRoot();
76
+ $bps_get_wp_root_default = bps_wp_get_root_folder();
77
+ // Replace ABSPATH = wp-content/plugins
78
+ $bps_plugin_dir = str_replace( ABSPATH, '', WP_PLUGIN_DIR );
79
+ // Replace ABSPATH = wp-content
80
+ $bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );
81
+ $successTextBegin = '<font color="green"><strong>';
82
+ $successTextEnd = '</strong></font><br>';
83
+ $failTextBegin = '<font color="#fb0101"><strong>';
84
+ $failTextEnd = '</strong></font><br>';
85
 
86
  if ( is_multisite() ) {
87
 
88
+ $hostname = bpsPro_get_clean_basedomain_wizard();
89
+ $slashed_home = trailingslashit( get_option( 'home' ) );
90
+ $base = parse_url( $slashed_home, PHP_URL_PATH );
91
+ $document_root_fix = str_replace( '\\', '/', realpath( $_SERVER['DOCUMENT_ROOT'] ) );
92
+ $abspath_fix = str_replace( '\\', '/', ABSPATH );
93
+ $home_path = 0 === strpos( $abspath_fix, $document_root_fix ) ? $document_root_fix . $base : get_home_path();
94
+ $wp_siteurl_subdir = preg_replace( '#^' . preg_quote( $home_path, '#' ) . '#', '', $abspath_fix );
95
+ $rewrite_base = ! empty( $wp_siteurl_subdir ) ? ltrim( trailingslashit( $wp_siteurl_subdir ), '/' ) : '';
96
+ $subdomain_install = is_subdomain_install();
97
+ $subdir_match = $subdomain_install ? '' : '([_0-9a-zA-Z-]+/)?';
98
+ $subdir_replacement_01 = $subdomain_install ? '' : '$1';
99
+ $subdir_replacement_12 = $subdomain_install ? '$1' : '$2';
100
+
101
  $ms_files_rewriting = '';
102
+
103
  if ( is_multisite() && get_site_option( 'ms_files_rewriting' ) ) {
104
  $ms_files_rewriting = "\n# uploaded files\nRewriteRule ^";
105
  $ms_files_rewriting .= $subdir_match . "files/(.+) {$rewrite_base}wp-includes/ms-files.php?file={$subdir_replacement_12} [L]" . "\n";
106
  }
107
  }
108
 
109
+ $BPSCustomCodeOptions = get_option('bulletproof_security_options_customcode');
110
+ $Apache_Mod_options = get_option('bulletproof_security_options_apache_modules');
111
+ $bps_get_wp_root_secure = bps_wp_get_root_folder();
112
+ $bps_auto_write_secure_file = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/secure.htaccess';
113
+ $bps_auto_write_secure_file_root = ABSPATH . '.htaccess';
 
 
114
 
115
+ $bpsSuccessMessageSec = '<font color="green"><strong>'.__('The secure.htaccess Root Master htaccess file was created successfully.', 'bulletproof-security').'<br>'.__('Root Folder BulletProof Mode activated successfully.', 'bulletproof-security').'</strong></font><br>';
116
+
117
+ $bpsFailMessageSec = '<font color="#fb0101"><strong>'.__('Error: The secure.htaccess Root Master htaccess file and root .htaccess file cannot be created. Root Folder BulletProof Mode has NOT been activated.', 'bulletproof-security').'</strong></font><br><strong>'.__('If your Server configuration is DSO you must first make some one-time manual changes to your website before running the Setup Wizard. Please click this Forum Link for instructions: ', 'bulletproof-security').' <a href="https://forum.ait-pro.com/forums/topic/dso-setup-steps/" target="_blank" title="Link opens in a new Browser window">'.__('DSO Setup Steps', 'bulletproof-security').'</a></strong><br>';
118
+
119
+ ## IMPORTANT!!! Do not indent this code below. Whitespace will be created in the htaccess files.
120
+ ## At a later time, strip out any whitespace.
121
 
122
+ if ( ! is_multisite() && isset($BPSCustomCodeOptions['bps_customcode_wp_rewrite_start']) && $BPSCustomCodeOptions['bps_customcode_wp_rewrite_start'] != '' ) {
123
  $bpsBeginWP = "# CUSTOM CODE WP REWRITE LOOP START\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_wp_rewrite_start'], ENT_QUOTES ) . "\n\n";
124
+
125
  } else {
126
+
127
  $bpsBeginWP = "# WP REWRITE LOOP START
128
  RewriteEngine On
129
  RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
133
 
134
  // Network/Multisite all site types and versions
135
  if ( is_multisite() ) {
136
+
137
+ if ( isset($BPSCustomCodeOptions['bps_customcode_wp_rewrite_start']) && $BPSCustomCodeOptions['bps_customcode_wp_rewrite_start'] != '' ) {
138
  $bpsMUSDirTop = "# CUSTOM CODE WP REWRITE LOOP START\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_wp_rewrite_start'], ENT_QUOTES ) . "\n\n";
139
+
140
  } else {
141
+
142
  $bpsMUSDirTop = "# WP REWRITE LOOP START
143
  RewriteEngine On
144
  RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
150
  }
151
 
152
  // Network/Multisite all site types and versions
153
+ if ( isset($BPSCustomCodeOptions['bps_customcode_wp_rewrite_end']) && $BPSCustomCodeOptions['bps_customcode_wp_rewrite_end'] != '' ) {
154
  $bpsMUSDirBottom = "# CUSTOM CODE WP REWRITE LOOP END\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_wp_rewrite_end'], ENT_QUOTES ) . "\n\n";
155
+
156
  } else {
157
+
158
  $bpsMUSDirBottom = "RewriteCond %{REQUEST_FILENAME} -f [OR]
159
  RewriteCond %{REQUEST_FILENAME} -d
160
  RewriteRule ^ - [L]
167
 
168
  $bps_secure_content_top = "# BULLETPROOF $bps_version SECURE .HTACCESS \n\n";
169
 
170
+ if ( isset($BPSCustomCodeOptions['bps_customcode_one']) && $BPSCustomCodeOptions['bps_customcode_one'] != '' ) {
171
  $bps_secure_phpini_cache = "# CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_one'], ENT_QUOTES ) . "\n\n";
172
+
173
  } else {
174
+
175
  $bps_secure_phpini_cache = "# PHP/PHP.INI HANDLER/CACHE CODE
176
  # Use BPS Custom Code to add php/php.ini Handler and Cache htaccess code and to save it permanently.
177
  # Most Hosts do not have/use/require php/php.ini Handler htaccess code\n\n";
178
  }
179
 
180
+ if ( isset($BPSCustomCodeOptions['bps_customcode_server_signature']) && $BPSCustomCodeOptions['bps_customcode_server_signature'] != '' ) {
181
  $bps_server_signature = "# CUSTOM CODE TURN OFF YOUR SERVER SIGNATURE\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_server_signature'], ENT_QUOTES ) . "\n\n";
182
+
183
  } else {
184
+
185
  $bps_server_signature = "# TURN OFF YOUR SERVER SIGNATURE
186
  # Suppresses the footer line server version number and ServerName of the serving virtual host
187
  ServerSignature Off\n\n";
188
  }
189
 
190
+ if ( isset($BPSCustomCodeOptions['bps_customcode_directory_index']) && $BPSCustomCodeOptions['bps_customcode_directory_index'] != '' ) {
191
  $bps_secure_directory_list_index = "# CUSTOM CODE DIRECTORY LISTING/DIRECTORY INDEX\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_directory_index'], ENT_QUOTES ) . "\n\n";
192
+
193
  } else {
194
+
195
  $bps_secure_directory_list_index = "# DO NOT SHOW DIRECTORY LISTING
196
  # Disallow mod_autoindex from displaying a directory listing
197
  # If a 500 Internal Server Error occurs when activating Root BulletProof Mode
210
  DirectoryIndex index.php index.html /index.php\n\n";
211
  }
212
 
213
+ if ( isset($BPSCustomCodeOptions['bps_customcode_server_protocol']) && $BPSCustomCodeOptions['bps_customcode_server_protocol'] != '' ) {
214
  $bps_secure_brute_force_login = "# CUSTOM CODE BRUTE FORCE LOGIN PAGE PROTECTION\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_server_protocol'], ENT_QUOTES ) . "\n\n";
215
+
216
  } else {
217
+
218
  $bps_secure_brute_force_login = "# BRUTE FORCE LOGIN PAGE PROTECTION
219
  # PLACEHOLDER ONLY
220
  # Use BPS Custom Code to add Brute Force Login protection code and to save it permanently.
222
  # for more information.\n\n";
223
  }
224
 
225
+ if ( isset($BPSCustomCodeOptions['bps_customcode_error_logging']) && $BPSCustomCodeOptions['bps_customcode_error_logging'] != '' ) {
226
  $bps_secure_error_logging = "# CUSTOM CODE ERROR LOGGING AND TRACKING\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_error_logging'], ENT_QUOTES ) . "\n\n";
227
+
228
  } else {
229
+
230
  $bps_secure_error_logging = "# BPS ERROR LOGGING AND TRACKING
231
  # Use BPS Custom Code to modify/edit/change this code and to save it permanently.
232
  # BPS has premade 400 Bad Request, 403 Forbidden, 404 Not Found, 405 Method Not Allowed and
250
  ErrorDocument 410 " . $bps_get_wp_root_secure . $bps_plugin_dir . "/bulletproof-security/410.php\n\n";
251
  }
252
 
253
+ if ( isset($BPSCustomCodeOptions['bps_customcode_deny_dot_folders']) && $BPSCustomCodeOptions['bps_customcode_deny_dot_folders'] != '' ) {
254
  $bps_secure_dot_server_files = "# CUSTOM CODE DENY ACCESS TO PROTECTED SERVER FILES AND FOLDERS\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_deny_dot_folders'], ENT_QUOTES ) . "\n\n";
255
+
256
  } else {
257
+
258
  $bps_secure_dot_server_files = "# DENY ACCESS TO PROTECTED SERVER FILES AND FOLDERS
259
  # Use BPS Custom Code to modify/edit/change this code and to save it permanently.
260
  # Files and folders starting with a dot: .htaccess, .htpasswd, .errordocs, .logs
261
  RedirectMatch 403 \.(htaccess|htpasswd|errordocs|logs)$\n\n";
262
  }
263
 
264
+ if ( isset($BPSCustomCodeOptions['bps_customcode_admin_includes']) && $BPSCustomCodeOptions['bps_customcode_admin_includes'] != '' ) {
265
  $bps_secure_content_wpadmin = "# CUSTOM CODE WP-ADMIN/INCLUDES\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_admin_includes'], ENT_QUOTES ) . "\n\n";
266
+
267
  } else {
268
+
269
  $bps_secure_content_wpadmin = "# WP-ADMIN/INCLUDES
270
  # Use BPS Custom Code to remove this code permanently.
271
  RewriteEngine On
277
  RewriteRule ^wp-includes/theme-compat/ - [F]\n\n";
278
  }
279
 
280
+ if ( isset($BPSCustomCodeOptions['bps_customcode_request_methods']) && $BPSCustomCodeOptions['bps_customcode_request_methods'] != '' ) {
281
  $bps_secure_request_methods = "\n# CUSTOM CODE REQUEST METHODS FILTERED\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_request_methods'], ENT_QUOTES)."\n\n";
282
+
283
  } else {
284
+
285
  $bps_secure_request_methods = "\n# REQUEST METHODS FILTERED
286
  # If you want to allow HEAD Requests use BPS Custom Code and copy
287
  # this entire REQUEST METHODS FILTERED section of code to this BPS Custom Code
303
 
304
  // Plugin/Theme skip/bypass rules
305
  $bps_secure_plugins_themes_skip_rules = '';
306
+
307
+ if ( isset($BPSCustomCodeOptions['bps_customcode_two']) && $BPSCustomCodeOptions['bps_customcode_two'] != '' ) {
308
  $bps_secure_plugins_themes_skip_rules = "# CUSTOM CODE PLUGIN/THEME SKIP/BYPASS RULES\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_two'], ENT_QUOTES ) . "\n\n";
309
  }
310
 
339
  RewriteCond %{QUERY_STRING} action=rp&key=(.*) [NC]
340
  RewriteRule . - [S=3]\n\n";
341
 
342
+ if ( isset($BPSCustomCodeOptions['bps_customcode_timthumb_misc']) && $BPSCustomCodeOptions['bps_customcode_timthumb_misc'] != '' ) {
343
  $bps_secure_timthumb_misc = "# CUSTOM CODE TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_timthumb_misc'], ENT_QUOTES ) . "\n\n";
344
+
345
  } else {
346
+
347
  $bps_secure_timthumb_misc = "# TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE
348
  # Use BPS Custom Code to modify/edit/change this code and to save it permanently.
349
  # Remote File Inclusion (RFI) security rules
359
  RewriteRule . - [S=1]\n\n";
360
  }
361
 
362
+ if ( isset($BPSCustomCodeOptions['bps_customcode_bpsqse']) && $BPSCustomCodeOptions['bps_customcode_bpsqse'] != '' ) {
363
  $bps_secure_BPSQSE = "# CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_bpsqse'], ENT_QUOTES ) . "\n\n";
364
+
365
  } else {
366
+
367
  $bps_secure_BPSQSE = "# BEGIN BPSQSE BPS QUERY STRING EXPLOITS
368
  # The libwww-perl User Agent is forbidden - Many bad bots use libwww-perl modules, but some good bots use it too.
369
  # Good sites such as W3C use it for their W3C-LinkChecker.
423
  RewriteRule . " . $bps_get_wp_root_secure . "index.php [L]
424
  # WP REWRITE LOOP END\n";
425
 
426
+ if ( isset($BPSCustomCodeOptions['bps_customcode_deny_files']) && $BPSCustomCodeOptions['bps_customcode_deny_files'] != '' ) {
427
  $bps_secure_deny_browser_access = "\n# CUSTOM CODE DENY BROWSER ACCESS TO THESE FILES\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_deny_files'], ENT_QUOTES ) . "\n\n";
428
 
429
  } else {
430
 
431
+ if ( isset($Apache_Mod_options['bps_apache_mod_ifmodule']) && $Apache_Mod_options['bps_apache_mod_ifmodule'] == 'Yes' ) {
432
+
433
+ $bps_secure_deny_browser_access = "\n# DENY BROWSER ACCESS TO THESE FILES
434
  # Use BPS Custom Code to modify/edit/change this code and to save it permanently.
435
  # wp-config.php, bb-config.php, php.ini, php5.ini, readme.html
436
  # To be able to view these files from a Browser, replace 127.0.0.1 with your actual
452
  </IfModule>
453
  </IfModule>
454
  </FilesMatch>\n\n";
455
+
456
+ } else {
457
 
458
+ $bps_secure_deny_browser_access = "\n# DENY BROWSER ACCESS TO THESE FILES
 
 
459
  # Use BPS Custom Code to modify/edit/change this code and to save it permanently.
460
  # wp-config.php, bb-config.php, php.ini, php5.ini, readme.html
461
  # To be able to view these files from a Browser, replace 127.0.0.1 with your actual
467
  Deny from all
468
  #Allow from 127.0.0.1
469
  </FilesMatch>\n\n";
470
+ }
471
  }
472
 
473
  // CUSTOM CODE BOTTOM
474
  $bps_secure_bottom_misc_code = '';
475
+
476
+ if ( isset($BPSCustomCodeOptions['bps_customcode_three']) && $BPSCustomCodeOptions['bps_customcode_three'] != '' ) {
477
  $bps_secure_bottom_misc_code = "# CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_three'], ENT_QUOTES ) . "\n\n";
478
+
479
  } else {
480
+
481
  $bps_secure_bottom_misc_code = "# HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE
482
  # PLACEHOLDER ONLY
483
  # Use BPS Custom Code to add custom code and save it permanently here.\n";
668
 
669
  // Setup Wizard - Create wpadmin-secure.htaccess htaccess file and copy it to the /wp-admin folder
670
  function bpsSetupWizardCreateWpadminHtaccess() {
671
+
672
+ $options = get_option('bulletproof_security_options_customcode_WPA');
673
 
674
+ $bpsSuccessMessageSec = '<font color="green"><strong>'.__('The wpadmin-secure.htaccess wp-admin Master htaccess file was created successfully.', 'bulletproof-security').'<br>'.__('wp-admin Folder BulletProof Mode activated successfully.', 'bulletproof-security').'</strong></font><br>';
675
 
676
+ $bpsFailMessageSec = '<font color="#fb0101"><strong>'.__('Error: The wpadmin-secure.htaccess wp-admin Master htaccess file and wp-admin .htaccess file cannot be created. wp-admin Folder BulletProof Mode has NOT been activated.', 'bulletproof-security').'</strong></font><br><strong>'.__('If your Server configuration is DSO you must first make some one-time manual changes to your website before running the Setup Wizard. Please click this Forum Link for instructions: ', 'bulletproof-security').' <a href="https://forum.ait-pro.com/forums/topic/dso-setup-steps/" target="_blank" title="Link opens in a new Browser window">'.__('DSO Setup Steps', 'bulletproof-security').'</a></strong><br>';
677
 
678
  $BPS_wpadmin_Options = get_option('bulletproof_security_options_htaccess_res');
679
  $GDMW_options = get_option('bulletproof_security_options_GDMW');
680
 
681
+ if ( isset($BPS_wpadmin_Options['bps_wpadmin_restriction']) && $BPS_wpadmin_Options['bps_wpadmin_restriction'] == 'disabled' || isset($GDMW_options['bps_gdmw_hosting']) && $GDMW_options['bps_gdmw_hosting'] == 'yes' ) {
682
  $text = '<font color="blue"><strong>'.__('Go Daddy Managed WordPress Hosting option is set to Yes or Enable|Disable wp-admin BulletProof Mode option is set to disabled. GDMW hosting does not allow wp-admin htaccess files.', 'bulletproof-security').'</strong></font><br>';
683
  echo $text;
684
  return;
688
  $bps_master_backup_wpadmin_file = WP_CONTENT_DIR . '/bps-backup/master-backups/wpadmin.htaccess';
689
  $wpadminActiveHtaccess = ABSPATH . 'wp-admin/.htaccess';
690
  $permsHtaccess = '';
691
+
692
  if ( file_exists($wpadminActiveHtaccess) ) {
693
+ $permsHtaccess = substr(sprintf('%o', fileperms($wpadminActiveHtaccess)), -4);
694
  }
695
+
696
  $sapi_type = php_sapi_name();
697
  $bpsString1 = "# CCWTOP";
698
  $bpsString2 = "# CCWPF";
725
  if ( file_exists($wpadminActiveHtaccess) ) {
726
  $bpsBaseContent = file_get_contents($wpadminActiveHtaccess);
727
 
728
+ if ( isset($options['bps_customcode_deny_files_wpa']) && $options['bps_customcode_deny_files_wpa'] != '') {
729
  $bpsBaseContent = preg_replace('/#\sBEGIN\sBPS\sWPADMIN\sDENY\sACCESS\sTO\sFILES(.*)#\sEND\sBPS\sWPADMIN\sDENY\sACCESS\sTO\sFILES/s', $bpsReplace3, $bpsBaseContent);
730
  }
731
 
732
+ if ( isset($options['bps_customcode_bpsqse_wpa']) && $options['bps_customcode_bpsqse_wpa'] != '') {
733
  $bpsBaseContent = preg_replace('/#\sBEGIN\sBPSQSE-check\sBPS\sQUERY\sSTRING\sEXPLOITS\sAND\sFILTERS(.*)#\sEND\sBPSQSE-check\sBPS\sQUERY\sSTRING\sEXPLOITS\sAND\sFILTERS/s', $bpsReplace4, $bpsBaseContent);
734
  }
735
+
736
  $bpsBaseContent = str_replace($bpsString1, $bpsReplace1, $bpsBaseContent);
737
  $bpsBaseContent = str_replace($bpsString2, $bpsReplace2, $bpsBaseContent);
738
  file_put_contents($wpadminActiveHtaccess, $bpsBaseContent);
744
  function bpsSetupWizardCreateDefaultHtaccess() {
745
  global $bps_version;
746
 
747
+ $bps_get_wp_root_default = bps_wp_get_root_folder();
748
 
749
  if ( is_multisite() ) {
750
 
762
  $subdir_replacement_12 = $subdomain_install ? '$1' : '$2';
763
 
764
  $ms_files_rewriting = '';
765
+
766
  if ( is_multisite() && get_site_option( 'ms_files_rewriting' ) ) {
767
  $ms_files_rewriting = "\n# uploaded files\nRewriteRule ^";
768
  $ms_files_rewriting .= $subdir_match . "files/(.+) {$rewrite_base}wp-includes/ms-files.php?file={$subdir_replacement_12} [L]" . "\n";
769
  }
770
  }
771
 
772
+ $BPSCustomCodeOptions = get_option('bulletproof_security_options_customcode');
773
+
774
+ $bpsSuccessMessageSec = '<font color="green"><strong>'.__('The default.htaccess Master htaccess file was created successfully.', 'bulletproof-security').'</strong></font><br>';
775
+
776
+ $bpsFailMessageSec = '<font color="#fb0101"><strong>'.__('Error: The default.htaccess Master htaccess file cannot be created.', 'bulletproof-security').'</strong></font><br><strong>'.__('If your Server configuration is DSO you must first make some one-time manual changes to your website before running the Setup Wizard. Please click this Forum Link for instructions: ', 'bulletproof-security').' <a href="https://forum.ait-pro.com/forums/topic/dso-setup-steps/" target="_blank" title="Link opens in a new Browser window">'.__('DSO Setup Steps', 'bulletproof-security').'</a></strong><br>';
777
+
778
  $bps_default_content_top = "# BULLETPROOF DEFAULT .HTACCESS \n
779
  # WARNING!!! THE default.htaccess FILE DOES NOT PROTECT YOUR WEBSITE AGAINST HACKERS
780
  # This is a standard generic htaccess file that does NOT provide any website security
796
 
797
  // Network/Multisite all site types and versions
798
  if ( is_multisite() ) {
799
+
800
+ if ( isset($BPSCustomCodeOptions['bps_customcode_wp_rewrite_start']) && $BPSCustomCodeOptions['bps_customcode_wp_rewrite_start'] != '' ) {
801
  $bpsMUSDirTop = "# CUSTOM CODE WP REWRITE LOOP START\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_wp_rewrite_start'], ENT_QUOTES ) . "\n\n";
802
+
803
  } else {
804
+
805
  $bpsMUSDirTop = "# WP REWRITE LOOP START
806
  RewriteEngine On
807
  RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
813
  }
814
 
815
  // Network/Multisite all site types and versions
816
+ if ( isset($BPSCustomCodeOptions['bps_customcode_wp_rewrite_end']) && $BPSCustomCodeOptions['bps_customcode_wp_rewrite_end'] != '' ) {
817
+
818
  $bpsMUSDirBottom = "# CUSTOM CODE WP REWRITE LOOP END\n" . htmlspecialchars_decode( $BPSCustomCodeOptions['bps_customcode_wp_rewrite_end'], ENT_QUOTES ) . "\n\n";
819
+
820
  } else {
821
+
822
  $bpsMUSDirBottom = "RewriteCond %{REQUEST_FILENAME} -f [OR]
823
  RewriteCond %{REQUEST_FILENAME} -d
824
  RewriteRule ^ - [L]
836
 
837
  $stringReplace = file_get_contents($bps_auto_write_default_file);
838
 
839
+ if ( file_exists($bps_auto_write_default_file) ) {
840
+ $stringReplace = $bps_default_content_top.$bps_default_content_bottom;
841
+
842
+ if ( file_put_contents( $bps_auto_write_default_file, $stringReplace ) ) {
843
+
844
+ echo $bpsSuccessMessageSec;
845
+
846
+ } else {
847
+
848
+ echo $bpsFailMessageSec;
849
+ }
850
  }
851
  }
 
852
 
853
  // Network site type: Create default.htaccess Master File
854
  if ( is_multisite() && is_super_admin() ) {
855
 
856
  $stringReplace = file_get_contents($bps_auto_write_default_file);
857
 
858
+ if ( file_exists($bps_auto_write_default_file) ) {
859
+ $stringReplace = $bps_default_content_top.$bpsMUSDirTop.$bpsMUSDirBottom.$bpsMUEndWP;
860
+
861
+ if ( file_put_contents( $bps_auto_write_default_file, $stringReplace ) ) {
862
+
863
+ echo $bpsSuccessMessageSec;
864
+
865
+ } else {
866
+
867
+ echo $bpsFailMessageSec;
868
+ }
869
  }
870
  }
 
871
  }
872
 
873
  // Setup Wizard - DB Backup is setup in admin.php on BPS installation.
874
  // if someone uninstalls BPS and runs the setup wizard again then the db options need to be updated
875
  // with the db backup folder and db backup download URL
876
  function bpsSetupWizard_dbbackup_folder_check() {
877
+
878
+ $successTextBegin = '<font color="green"><strong>';
879
+ $dbb_successMessage = __(' DB Option created or updated Successfully!', 'bulletproof-security');
880
+ $successMessage2 = __(' Folder created Successfully!', 'bulletproof-security');
881
+ $successTextEnd = '</strong></font><br>';
882
+ $failTextBegin = '<font color="#fb0101"><strong>';
883
+ $failTextEnd = '</strong></font><br>';
884
 
885
  if ( current_user_can('manage_options') ) {
886
 
887
  $DBBoptions = get_option('bulletproof_security_options_db_backup');
888
 
889
+ if ( isset($DBBoptions['bps_db_backup_folder']) && $DBBoptions['bps_db_backup_folder'] != '' && isset($DBBoptions['bps_db_backup_download_link']) && $DBBoptions['bps_db_backup_download_link'] != '' ) {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
890
 
891
+ $DBB_Options = array(
892
+ 'bps_db_backup' => $DBBoptions['bps_db_backup'],
893
+ 'bps_db_backup_description' => $DBBoptions['bps_db_backup_description'],
894
+ 'bps_db_backup_folder' => $DBBoptions['bps_db_backup_folder'],
895
+ 'bps_db_backup_download_link' => $DBBoptions['bps_db_backup_download_link'],
896
+ 'bps_db_backup_job_type' => $DBBoptions['bps_db_backup_job_type'],
897
+ 'bps_db_backup_frequency' => $DBBoptions['bps_db_backup_frequency'],
898
+ 'bps_db_backup_start_time_hour' => $DBBoptions['bps_db_backup_start_time_hour'],
899
+ 'bps_db_backup_start_time_weekday' => $DBBoptions['bps_db_backup_start_time_weekday'],
900
+ 'bps_db_backup_start_time_month_date' => $DBBoptions['bps_db_backup_start_time_month_date'],
901
+ 'bps_db_backup_email_zip' => $DBBoptions['bps_db_backup_email_zip'],
902
+ 'bps_db_backup_delete' => $DBBoptions['bps_db_backup_delete'],
903
+ 'bps_db_backup_status_display' => $DBBoptions['bps_db_backup_status_display']
904
+ );
905
 
906
+ echo $successTextBegin.$DBBoptions['bps_db_backup_folder'].$successMessage2.$successTextEnd;
 
 
 
907
 
908
+ foreach( $DBB_Options as $key => $value ) {
909
+ update_option('bulletproof_security_options_db_backup', $DBB_Options);
910
+ echo $successTextBegin.$key.$dbb_successMessage.$successTextEnd;
911
+ }
912
+
913
+ } else {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
914
 
915
+ $source = WP_CONTENT_DIR . '/bps-backup';
916
+
917
+ if ( is_dir($source) ) {
918
+
919
+ $iterator = new DirectoryIterator($source);
920
+
921
+ foreach ( $iterator as $folder ) {
922
+
923
+ if ( $folder->isDir() && ! $folder->isDot() && preg_match( '/backups_[a-zA-Z0-9]/', $folder ) ) {
924
+
925
+ $bps_db_backup_folder = addslashes($source.DIRECTORY_SEPARATOR.$folder);
926
+ $bps_db_backup_download_link = content_url( '/bps-backup/' ) . $folder . '/';
927
+
928
+ $bps_db_backup_description = ! isset($DBBoptions['bps_db_backup_description']) ? '' : $DBBoptions['bps_db_backup_description'];
929
+ $bps_db_backup_job_type = ! isset($DBBoptions['bps_db_backup_job_type']) ? '' : $DBBoptions['bps_db_backup_job_type'];
930
+ $bps_db_backup_frequency = ! isset($DBBoptions['bps_db_backup_frequency']) ? '' : $DBBoptions['bps_db_backup_frequency'];
931
+ $bps_db_backup_start_time_hour = ! isset($DBBoptions['bps_db_backup_start_time_hour']) ? '' : $DBBoptions['bps_db_backup_start_time_hour'];
932
+ $bps_db_backup_start_time_weekday = ! isset($DBBoptions['bps_db_backup_start_time_weekday']) ? '' : $DBBoptions['bps_db_backup_start_time_weekday'];
933
+ $bps_db_backup_start_time_month_date = ! isset($DBBoptions['bps_db_backup_start_time_month_date']) ? '' : $DBBoptions['bps_db_backup_start_time_month_date'];
934
+ $bps_db_backup_email_zip = ! isset($DBBoptions['bps_db_backup_email_zip']) ? '' : $DBBoptions['bps_db_backup_email_zip'];
935
+ $bps_db_backup_delete = ! isset($DBBoptions['bps_db_backup_delete']) ? '' : $DBBoptions['bps_db_backup_delete'];
936
+ $bps_db_backup_status_display = ! isset($DBBoptions['bps_db_backup_status_display']) ? '' : $DBBoptions['bps_db_backup_status_display'];
937
+
938
+ $DBB_Options = array(
939
+ 'bps_db_backup' => 'On',
940
+ 'bps_db_backup_description' => $bps_db_backup_description,
941
+ 'bps_db_backup_folder' => $bps_db_backup_folder,
942
+ 'bps_db_backup_download_link' => $bps_db_backup_download_link,
943
+ 'bps_db_backup_job_type' => $bps_db_backup_job_type,
944
+ 'bps_db_backup_frequency' => $bps_db_backup_frequency,
945
+ 'bps_db_backup_start_time_hour' => $bps_db_backup_start_time_hour,
946
+ 'bps_db_backup_start_time_weekday' => $bps_db_backup_start_time_weekday,
947
+ 'bps_db_backup_start_time_month_date' => $bps_db_backup_start_time_month_date,
948
+ 'bps_db_backup_email_zip' => $bps_db_backup_email_zip,
949
+ 'bps_db_backup_delete' => $bps_db_backup_delete,
950
+ 'bps_db_backup_status_display' => $bps_db_backup_status_display
951
+ );
952
+
953
+ echo $successTextBegin.$bps_db_backup_folder.$successMessage2.$successTextEnd;
954
+
955
+ foreach( $DBB_Options as $key => $value ) {
956
+ update_option('bulletproof_security_options_db_backup', $DBB_Options);
957
+ echo $successTextBegin.$key.$dbb_successMessage.$successTextEnd;
958
+ }
959
+ }
960
  }
961
  }
962
  }
963
  }
 
964
  }
965
 
966
  // Setup Wizard - Create/Recreate the User Agent filters in the 403.php file
967
  function bpsSetupWizard_autoupdate_useragent_filters() {
968
  global $wpdb;
969
+
970
+ $table_name = $wpdb->prefix . "bpspro_seclog_ignore";
971
+ $blankFile = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/blank.txt';
972
+ $userAgentMaster = WP_CONTENT_DIR . '/bps-backup/master-backups/UserAgentMaster.txt';
973
+ $bps403File = WP_PLUGIN_DIR . '/bulletproof-security/403.php';
974
+ $search = '';
975
 
976
  if ( ! file_exists($bps403File) ) {
977
  return;
999
  echo $text;
1000
  }
1001
 
1002
+ $UserAgentRulesT = file_get_contents($userAgentMaster);
1003
+ $stringReplace = file_get_contents($bps403File);
1004
+
1005
+ $stringReplace = preg_replace('/# BEGIN USERAGENT FILTER(.*)# END USERAGENT FILTER/s', "# BEGIN USERAGENT FILTER\nif ( !preg_match('/".trim($UserAgentRulesT, "|")."/', \$bpsPro_http_user_agent) ) {\n# END USERAGENT FILTER", $stringReplace);
1006
+
1007
+ file_put_contents($bps403File, $stringReplace);
 
1008
  }
1009
  }
1010
 
admin/wizard/wizard.php CHANGED
@@ -1,10 +1,4 @@
1
  <?php
2
- if ( ! function_exists('add_action') ) {
3
- header('Status: 403 Forbidden');
4
- header('HTTP/1.1 403 Forbidden');
5
- exit();
6
- }
7
-
8
  if ( ! current_user_can('manage_options') ) {
9
  header('Status: 403 Forbidden');
10
  header('HTTP/1.1 403 Forbidden');
@@ -33,48 +27,6 @@ if ( isset( $ScrollTop_options['bps_scrolltop'] ) && $ScrollTop_options['bps_scr
33
  }
34
  }
35
 
36
- ## Preloads the w3tc_dashboard page in an iFrame, which writes W3TC htaccess code to the Root htaccess file ONLY if W3TC htaccess code does not already exist.
37
- // The iFrame cannot be loaded in this function: bpsPro_Pwizard_Autofix_W3TC() because things do not happen in time for processing data due to a delay in loading the iFrame.
38
- // Unlock the Root htaccess file if it is locked. Force generate W3TC htaccess code in the Root htaccess file by loading the W3TC Dashboard page in an iFrame.
39
- // Unlock the wp-config.php file if it is locked, writes the WPSC wp-config.php code.
40
- function bpsPro_w3tc_dashboard_iframe_preload() {
41
-
42
- if ( isset( $_POST['Submit-Setup-Wizard'] ) ) {
43
- return;
44
- }
45
-
46
- $w3tc_plugin = 'w3-total-cache/w3-total-cache.php';
47
- $w3tc_plugin_active = in_array( $w3tc_plugin, apply_filters('active_plugins', get_option('active_plugins')));
48
-
49
- if ( $w3tc_plugin_active == 1 || is_plugin_active_for_network( $w3tc_plugin ) ) {
50
-
51
- $rootHtaccess = ABSPATH . '.htaccess';
52
-
53
- if ( file_exists($rootHtaccess) ) {
54
-
55
- $wpconfig = ABSPATH . 'wp-config.php';
56
- $sapi_type = php_sapi_name();
57
- $perms_wpconfig = substr(sprintf('%o', fileperms($wpconfig)), -4);
58
- $permsRootHtaccess = substr(sprintf('%o', fileperms($rootHtaccess)), -4);
59
-
60
- if ( substr($sapi_type, 0, 6) != 'apache' || $perms_wpconfig != '0666' || $perms_wpconfig != '0777' ) {
61
- chmod( $wpconfig, 0644 );
62
- }
63
-
64
- if ( substr($sapi_type, 0, 6) != 'apache' || $permsRootHtaccess != '0666' || $permsRootHtaccess != '0777' ) {
65
- chmod( $rootHtaccess, 0644 );
66
- }
67
-
68
- if ( is_multisite() ) {
69
- echo '<iframe src="'.network_admin_url( 'admin.php?page=w3tc_dashboard' ).'" style="width:0;height:0;border:0;border:none;"></iframe>';
70
- } else {
71
- echo '<iframe src="'.admin_url( 'admin.php?page=w3tc_dashboard' ).'" style="width:0;height:0;border:0;border:none;"></iframe>';
72
- }
73
- }
74
- }
75
- }
76
-
77
- bpsPro_w3tc_dashboard_iframe_preload();
78
  ?>
79
 
80
  <div id="message" class="updated" style="border:1px solid #999;background-color:#000;">
@@ -170,7 +122,7 @@ $failTextEnd = '</strong></font><br>';
170
  }
171
 
172
  // General all purpose "Settings Saved." message for forms
173
- if ( current_user_can('manage_options') && wp_script_is( 'bps-accordion', $list = 'queue' ) ) {
174
  if ( isset( $_GET['settings-updated'] ) && $_GET['settings-updated'] == true) {
175
  $text = '<p style="font-size:1em;font-weight:bold;padding:2px 0px 2px 5px;margin:0px -11px 0px -11px;background-color:#dfecf2;-webkit-box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);""><font color="green"><strong>'.__('Settings Saved', 'bulletproof-security').'</strong></font></p>';
176
  echo $text;
@@ -191,6 +143,16 @@ $failMessage = __('Error: Unable to create DB Table ', 'bulletproof-security');
191
  $failTextEnd = '</strong></font><br>';
192
  $sapi_type = php_sapi_name();
193
 
 
 
 
 
 
 
 
 
 
 
194
  echo '<h3>'.__('Setup Wizard Pre-Installation Checks:', 'bulletproof-security').'</h3>
195
  <div style="font-size:12px;margin:-10px 0px 10px 0px;font-weight:bold;">'.__('If you see any Red font or Blue font messages displayed below, click the Question Mark help button above and read the "Notes" help section before clicking the Setup Wizard button.', 'bulletproof-security').'</div>';
196
 
@@ -248,7 +210,7 @@ $sapi_type = php_sapi_name();
248
  $Apache_Mod_options = get_option('bulletproof_security_options_apache_modules');
249
  $htaccess_files_disabled_enabled = isset($HFiles_options['bps_htaccess_files']) ? $HFiles_options['bps_htaccess_files'] : '';
250
 
251
- if ( $Apache_Mod_options['bps_apache_mod_ifmodule'] == 'Yes' && $htaccess_files_disabled_enabled != 'disabled' ) {
252
 
253
  echo $successTextBegin.__('mod_authz_core is Loaded|Order, Allow, Deny directives are supported|BC: Yes|IfModule: Yes', 'bulletproof-security').$successTextEnd;
254
 
@@ -260,7 +222,7 @@ $sapi_type = php_sapi_name();
260
  update_option('bulletproof_security_options_htaccess_files', $htaccess_files_Options);
261
  }
262
 
263
- } elseif ( $Apache_Mod_options['bps_apache_mod_ifmodule'] == 'No' ) {
264
 
265
  if ( $htaccess_files_disabled_enabled == 'enabled' ) {
266
  echo $successTextBegin.__('Enable|Disable htaccess Files Option set to Enabled: mod_access_compat htaccess files will be created.', 'bulletproof-security').$successTextEnd;
@@ -1090,7 +1052,7 @@ function bpsSpinnerSWizard() {
1090
  <?php
1091
  function bpsPro_hfiles_inpage_message() {
1092
 
1093
- $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
1094
 
1095
  if ( isset($HFiles_options['bps_htaccess_files']) && $HFiles_options['bps_htaccess_files'] == 'disabled' ) {
1096
  $text = '<div style="background-color:#dfecf2;border:1px solid #999;font-weight:bold;padding:0px 5px;margin:0px 0px 10px 0px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="blue">'.__('htaccess Files Disabled Notice: ', 'bulletproof-security').'</font><br><font color="black">'.__('BPS has detected that htaccess files cannot be used on your website/server. Click this ', 'bulletproof-security').'</font><a href="https://forum.ait-pro.com/forums/topic/htaccess-files-disabled-setup-wizard-enable-disable-htaccess-files/" target="_blank" title="htaccess Files Disabled Forum Topic">'.__('htaccess Files Disabled Forum Topic', 'bulletproof-security').'</a><font color="black">'.__(' link for more information before running the Wizards.', 'bulletproof-security').'<br>'.__('If you intentionally disabled htaccess files then disregard this Notice. The Setup Wizard needs to be run again after disabling or enabling htaccess files.', 'bulletproof-security').'</font></div>';
@@ -1352,7 +1314,7 @@ bpsSetupWizardPrechecks();
1352
  if ( isset( $_POST['Submit-Zip-Download-Fix'] ) && current_user_can('manage_options') ) {
1353
  check_admin_referer( 'bulletproof_security_zip_download_fix' );
1354
 
1355
- if ( esc_html($_POST['bulletproof_security_options_zip_fix']) == 'On' ) {
1356
 
1357
  $core_htaccess = WP_PLUGIN_DIR . '/bulletproof-security/admin/core/.htaccess';
1358
  $login_htaccess = WP_PLUGIN_DIR . '/bulletproof-security/admin/login/.htaccess';
@@ -1377,7 +1339,7 @@ if ( isset( $_POST['Submit-Zip-Download-Fix'] ) && current_user_can('manage_opti
1377
  echo $text;
1378
  echo $bps_bottomDiv;
1379
 
1380
- } elseif ( esc_html($_POST['bulletproof_security_options_zip_fix']) == 'Off' ) {
1381
 
1382
  $zip_fix_options = array( 'bps_zip_download_fix' => 'Off' );
1383
 
@@ -1402,7 +1364,7 @@ if ( isset( $_POST['Submit-MU-Sysinfo-Display'] ) && current_user_can('manage_op
1402
 
1403
  $net_id = $value['blog_id'];
1404
 
1405
- $MU_Sysinfo_Options = array( 'bps_sysinfo_hide_display' => esc_html($_POST['bulletproof_security_options_mu_sysinfo_select']) );
1406
 
1407
  foreach( $MU_Sysinfo_Options as $key => $value ) {
1408
  update_blog_option( $net_id, 'bulletproof_security_options_mu_sysinfo', $MU_Sysinfo_Options);
@@ -2182,9 +2144,7 @@ global $bps_topDiv, $bps_bottomDiv;
2182
  </table>
2183
 
2184
  </div>
2185
-
2186
- <div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION; ?> Plugin by <a href="https://forum.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
2187
- </div>
2188
  </div>
2189
  <style>
2190
  <!--
1
  <?php
 
 
 
 
 
 
2
  if ( ! current_user_can('manage_options') ) {
3
  header('Status: 403 Forbidden');
4
  header('HTTP/1.1 403 Forbidden');
27
  }
28
  }
29
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
30
  ?>
31
 
32
  <div id="message" class="updated" style="border:1px solid #999;background-color:#000;">
122
  }
123
 
124
  // General all purpose "Settings Saved." message for forms
125
+ if ( current_user_can('manage_options') ) {
126
  if ( isset( $_GET['settings-updated'] ) && $_GET['settings-updated'] == true) {
127
  $text = '<p style="font-size:1em;font-weight:bold;padding:2px 0px 2px 5px;margin:0px -11px 0px -11px;background-color:#dfecf2;-webkit-box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px 0px rgba(153,153,153,0.7);""><font color="green"><strong>'.__('Settings Saved', 'bulletproof-security').'</strong></font></p>';
128
  echo $text;
143
  $failTextEnd = '</strong></font><br>';
144
  $sapi_type = php_sapi_name();
145
 
146
+ // 5.8: MScan Significant Improvements Notice. Set to: new2 - for new installations of BPS. Set to: upgrade2 - in the BPS upgrade function for existing BPS installs
147
+ if ( ! get_option('bulletproof_security_options_new_feature') ) {
148
+
149
+ $bps_mscan_rebuild = array( 'bps_mscan_rebuild' => 'new2' );
150
+
151
+ foreach( $bps_mscan_rebuild as $key => $value ) {
152
+ update_option('bulletproof_security_options_new_feature', $bps_mscan_rebuild);
153
+ }
154
+ }
155
+
156
  echo '<h3>'.__('Setup Wizard Pre-Installation Checks:', 'bulletproof-security').'</h3>
157
  <div style="font-size:12px;margin:-10px 0px 10px 0px;font-weight:bold;">'.__('If you see any Red font or Blue font messages displayed below, click the Question Mark help button above and read the "Notes" help section before clicking the Setup Wizard button.', 'bulletproof-security').'</div>';
158
 
210
  $Apache_Mod_options = get_option('bulletproof_security_options_apache_modules');
211
  $htaccess_files_disabled_enabled = isset($HFiles_options['bps_htaccess_files']) ? $HFiles_options['bps_htaccess_files'] : '';
212
 
213
+ if ( isset($Apache_Mod_options['bps_apache_mod_ifmodule']) && $Apache_Mod_options['bps_apache_mod_ifmodule'] == 'Yes' && $htaccess_files_disabled_enabled != 'disabled' ) {
214
 
215
  echo $successTextBegin.__('mod_authz_core is Loaded|Order, Allow, Deny directives are supported|BC: Yes|IfModule: Yes', 'bulletproof-security').$successTextEnd;
216
 
222
  update_option('bulletproof_security_options_htaccess_files', $htaccess_files_Options);
223
  }
224
 
225
+ } elseif ( isset($Apache_Mod_options['bps_apache_mod_ifmodule']) && $Apache_Mod_options['bps_apache_mod_ifmodule'] == 'No' ) {
226
 
227
  if ( $htaccess_files_disabled_enabled == 'enabled' ) {
228
  echo $successTextBegin.__('Enable|Disable htaccess Files Option set to Enabled: mod_access_compat htaccess files will be created.', 'bulletproof-security').$successTextEnd;
1052
  <?php
1053
  function bpsPro_hfiles_inpage_message() {
1054
 
1055
+ $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
1056
 
1057
  if ( isset($HFiles_options['bps_htaccess_files']) && $HFiles_options['bps_htaccess_files'] == 'disabled' ) {
1058
  $text = '<div style="background-color:#dfecf2;border:1px solid #999;font-weight:bold;padding:0px 5px;margin:0px 0px 10px 0px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="blue">'.__('htaccess Files Disabled Notice: ', 'bulletproof-security').'</font><br><font color="black">'.__('BPS has detected that htaccess files cannot be used on your website/server. Click this ', 'bulletproof-security').'</font><a href="https://forum.ait-pro.com/forums/topic/htaccess-files-disabled-setup-wizard-enable-disable-htaccess-files/" target="_blank" title="htaccess Files Disabled Forum Topic">'.__('htaccess Files Disabled Forum Topic', 'bulletproof-security').'</a><font color="black">'.__(' link for more information before running the Wizards.', 'bulletproof-security').'<br>'.__('If you intentionally disabled htaccess files then disregard this Notice. The Setup Wizard needs to be run again after disabling or enabling htaccess files.', 'bulletproof-security').'</font></div>';
1314
  if ( isset( $_POST['Submit-Zip-Download-Fix'] ) && current_user_can('manage_options') ) {
1315
  check_admin_referer( 'bulletproof_security_zip_download_fix' );
1316
 
1317
+ if ( $_POST['bulletproof_security_options_zip_fix'] == 'On' ) {
1318
 
1319
  $core_htaccess = WP_PLUGIN_DIR . '/bulletproof-security/admin/core/.htaccess';
1320
  $login_htaccess = WP_PLUGIN_DIR . '/bulletproof-security/admin/login/.htaccess';
1339
  echo $text;
1340
  echo $bps_bottomDiv;
1341
 
1342
+ } elseif ( $_POST['bulletproof_security_options_zip_fix'] == 'Off' ) {
1343
 
1344
  $zip_fix_options = array( 'bps_zip_download_fix' => 'Off' );
1345
 
1364
 
1365
  $net_id = $value['blog_id'];
1366
 
1367
+ $MU_Sysinfo_Options = array( 'bps_sysinfo_hide_display' => $_POST['bulletproof_security_options_mu_sysinfo_select'] );
1368
 
1369
  foreach( $MU_Sysinfo_Options as $key => $value ) {
1370
  update_blog_option( $net_id, 'bulletproof_security_options_mu_sysinfo', $MU_Sysinfo_Options);
2144
  </table>
2145
 
2146
  </div>
2147
+ <?php echo $bps_footer; ?>
 
 
2148
  </div>
2149
  <style>
2150
  <!--
bulletproof-security.php CHANGED
@@ -5,7 +5,7 @@ Plugin URI: https://forum.ait-pro.com/read-me-first/
5
  Text Domain: bulletproof-security
6
  Domain Path: /languages/
7
  Description: <strong>Feature Highlights:</strong> Setup Wizard &bull; MScan Malware Scanner &bull; .htaccess Website Security Protection (Firewalls) &bull; Security Logging|HTTP Error Logging &bull; DB Backup &bull; DB Table Prefix Changer &bull; Login Security & Monitoring &bull; JTC-Lite Login Form Bot Lockout Protection &bull; Idle Session Logout (ISL) &bull; Auth Cookie Expiration (ACE) &bull; System Info: Extensive System, Server and Security Status Information &bull; FrontEnd|BackEnd Maintenance Mode &bull; WP Automatic Update Options (BPS MU Tools must-use plugin) &bull; Force Strong Passwords &bull; Email Alerts When New Plugins And Themes Are Available.
8
- Version: 5.7
9
  Author: AITpro Website Security
10
  Author URI: https://forum.ait-pro.com/read-me-first/
11
  */
@@ -31,11 +31,12 @@ Author URI: https://forum.ait-pro.com/read-me-first/
31
  // 3.4: It is not a mistake or retarded to add the global keyword to global variables outside of functions per PHP.net, but yeah it does appear to be retarded.
32
  // WP_CLI requires that all global variables outside of functions MUST explicitly use the global keyword since WP_CLI loads WP within a function
33
  // and cannot access the global variables within functions in BPS. Luckily this does not break BPS or WordPress in any way and PHP.net states this is technically not an error.
34
- global $bps_last_version, $bps_version, $aitpro_bullet, $bps_topDiv, $bps_bottomDiv, $bpsPro_remote_addr, $bpsPro_http_client_ip, $bpsPro_http_forwarded, $bpsPro_http_x_forwarded_for, $bpsPro_http_x_cluster_client_ip, $bps_wpcontent_dir, $bps_plugin_dir, $plugin_hashes, $theme_hashes;
35
 
36
- define( 'BULLETPROOF_VERSION', '5.7' );
37
- $bps_last_version = '5.6';
38
- $bps_version = '5.7';
 
39
  $aitpro_bullet = '<img src="'.plugins_url('/bulletproof-security/admin/images/aitpro-bullet.png').'" style="padding:0px 3px 0px 3px;" />';
40
  // Top div & bottom div
41
  $bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
@@ -85,7 +86,7 @@ add_action( 'init', 'bulletproof_security_load_plugin_textdomain' );
85
 
86
  // Load i18n Language Translation
87
  function bulletproof_security_load_plugin_textdomain() {
88
- load_plugin_textdomain('bulletproof-security', FALSE, dirname(plugin_basename(__FILE__)).'/languages/');
89
  }
90
 
91
  // BPS upgrade functions
5
  Text Domain: bulletproof-security
6
  Domain Path: /languages/
7
  Description: <strong>Feature Highlights:</strong> Setup Wizard &bull; MScan Malware Scanner &bull; .htaccess Website Security Protection (Firewalls) &bull; Security Logging|HTTP Error Logging &bull; DB Backup &bull; DB Table Prefix Changer &bull; Login Security & Monitoring &bull; JTC-Lite Login Form Bot Lockout Protection &bull; Idle Session Logout (ISL) &bull; Auth Cookie Expiration (ACE) &bull; System Info: Extensive System, Server and Security Status Information &bull; FrontEnd|BackEnd Maintenance Mode &bull; WP Automatic Update Options (BPS MU Tools must-use plugin) &bull; Force Strong Passwords &bull; Email Alerts When New Plugins And Themes Are Available.
8
+ Version: 5.8
9
  Author: AITpro Website Security
10
  Author URI: https://forum.ait-pro.com/read-me-first/
11
  */
31
  // 3.4: It is not a mistake or retarded to add the global keyword to global variables outside of functions per PHP.net, but yeah it does appear to be retarded.
32
  // WP_CLI requires that all global variables outside of functions MUST explicitly use the global keyword since WP_CLI loads WP within a function
33
  // and cannot access the global variables within functions in BPS. Luckily this does not break BPS or WordPress in any way and PHP.net states this is technically not an error.
34
+ global $bps_last_version, $bps_version, $bps_footer, $aitpro_bullet, $bps_topDiv, $bps_bottomDiv, $bpsPro_remote_addr, $bpsPro_http_client_ip, $bpsPro_http_forwarded, $bpsPro_http_x_forwarded_for, $bpsPro_http_x_cluster_client_ip, $bps_wpcontent_dir, $bps_plugin_dir, $plugin_hashes, $theme_hashes;
35
 
36
+ define( 'BULLETPROOF_VERSION', '5.8' );
37
+ $bps_last_version = '5.7';
38
+ $bps_version = '5.8';
39
+ $bps_footer = '<div id="AITpro-link">' . __('BulletProof Security ', 'bulletproof-security') . esc_html($bps_version) . __(' Plugin by ', 'bulletproof-security') . '<a href="'.esc_url('https://www.ait-pro.com/').'" target="_blank" title="AITpro Website Security">' . __( 'AITpro Website Security', 'bulletproof-security') . '</a></div>';
40
  $aitpro_bullet = '<img src="'.plugins_url('/bulletproof-security/admin/images/aitpro-bullet.png').'" style="padding:0px 3px 0px 3px;" />';
41
  // Top div & bottom div
42
  $bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
86
 
87
  // Load i18n Language Translation
88
  function bulletproof_security_load_plugin_textdomain() {
89
+ load_plugin_textdomain('bulletproof-security', false, dirname(plugin_basename(__FILE__)).'/languages/');
90
  }
91
 
92
  // BPS upgrade functions
includes/class.php CHANGED
@@ -1,13 +1,6 @@
1
  <?php
2
  // Direct calls to this file are Forbidden when wp core files are not present
3
- /*
4
- if (!function_exists ('add_action')) {
5
- header('Status: 403 Forbidden');
6
- header('HTTP/1.1 403 Forbidden');
7
- exit();
8
- }
9
- */
10
- if ( !current_user_can('manage_options') ){
11
  header('Status: 403 Forbidden');
12
  header('HTTP/1.1 403 Forbidden');
13
  exit();
1
  <?php
2
  // Direct calls to this file are Forbidden when wp core files are not present
3
+ if ( ! current_user_can('manage_options') ){
 
 
 
 
 
 
 
4
  header('Status: 403 Forbidden');
5
  header('HTTP/1.1 403 Forbidden');
6
  exit();
includes/db-security.php CHANGED
@@ -18,6 +18,7 @@ function bpsPro_DBB_cron( $schedules ) {
18
  $schedules['hourly'] = array( 'interval' => 3600, 'display' => __('Hourly') );
19
  return $schedules;
20
  }
 
21
  add_filter('cron_schedules', 'bpsPro_DBB_cron');
22
 
23
  // $clock syncs to the exact current UNIX hour - ie 5:00:00, 6:00:00, 7:00:00
@@ -27,11 +28,12 @@ $DBBoptions = get_option('bulletproof_security_options_db_backup');
27
  $clock = mktime( date( "H", time() ), 0, 0, date( "n", time() ), date( "j", time() ), date( "Y", time() ) );
28
 
29
  if ( isset($DBBoptions['bps_db_backup']) && $DBBoptions['bps_db_backup'] == 'On' ) {
30
- if ( ! wp_next_scheduled('bpsPro_DBB_check') ) {
31
- wp_schedule_event( $clock, 'hourly', 'bpsPro_DBB_check' );
32
- }
33
  }
34
  }
 
35
  add_action('init', 'bpsPro_schedule_DBB_checks');
36
 
37
  // DB Backup Cron Job Processing & delete old Backup Files if that option has been chosen
@@ -46,7 +48,11 @@ global $wpdb;
46
  $DBB_Rows = 'Scheduled';
47
  $DBB_TableRows = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $DBB_table_name WHERE bps_job_type = %s", $DBB_Rows ) );
48
 
49
- $db_backup = $DBBoptions['bps_db_backup_folder'] . '/' . DB_NAME . '.sql';
 
 
 
 
50
 
51
  foreach ( $DBB_TableRows as $row ) {
52
 
@@ -81,13 +87,17 @@ global $wpdb;
81
 
82
  // Delete Old Backup files and log the deleted Backup file name in the DB Backup Log
83
  function bpsPro_DBB_delete_old_backup_files() {
84
- $DBBoptions = get_option('bulletproof_security_options_db_backup');
85
- $timeNow = time();
86
- $gmt_offset = get_option( 'gmt_offset' ) * 3600;
87
- $timestamp = date_i18n(get_option('date_format'), strtotime("11/15-1976")) . ' ' . date_i18n(get_option('time_format'), $timeNow + $gmt_offset);
88
- $bpsDBBLog = WP_CONTENT_DIR . '/bps-backup/logs/db_backup_log.txt';
 
 
 
 
89
 
90
- if ( ! $DBBoptions['bps_db_backup_delete'] || $DBBoptions['bps_db_backup_delete'] == 'Never' ) {
91
  return;
92
  }
93
 
@@ -96,7 +106,7 @@ $bpsDBBLog = WP_CONTENT_DIR . '/bps-backup/logs/db_backup_log.txt';
96
 
97
  if ( $handle )
98
 
99
- $source = $DBBoptions['bps_db_backup_folder'];
100
 
101
  if ( is_dir($source) ) {
102
 
@@ -108,42 +118,42 @@ $bpsDBBLog = WP_CONTENT_DIR . '/bps-backup/logs/db_backup_log.txt';
108
 
109
  $last_modified = filemtime( $source.DIRECTORY_SEPARATOR.$file->getFilename() );
110
 
111
- if ( $DBBoptions['bps_db_backup_delete'] == '1' && time() - ( $last_modified ) >= 86400 ) {
112
  if ( unlink( $source.DIRECTORY_SEPARATOR.$file->getFilename() ) ) {
113
  fwrite( $handle, "\r\n[Old Zip Backup File(s) Automatic Deletion: ". $timestamp . "]\n" );
114
  fwrite( $handle, "Deleted Zip Backup File Name: ". $file->getFilename() . "\n" );
115
  }
116
- } elseif ( $DBBoptions['bps_db_backup_delete'] == '5' && time() - ( $last_modified ) >= 432000 ) {
117
  if ( unlink( $source.DIRECTORY_SEPARATOR.$file->getFilename() ) ) {
118
  fwrite( $handle, "\r\n[Old Zip Backup File(s) Automatic Deletion: ". $timestamp . "]\n" );
119
  fwrite( $handle, "Deleted Zip Backup File Name: ". $file->getFilename() . "\n" );
120
  }
121
- } elseif ( $DBBoptions['bps_db_backup_delete'] == '10' && time() - ( $last_modified ) >= 864000 ) {
122
  if ( unlink( $source.DIRECTORY_SEPARATOR.$file->getFilename() ) ) {
123
  fwrite( $handle, "\r\n[Old Zip Backup File(s) Automatic Deletion: ". $timestamp . "]\n" );
124
  fwrite( $handle, "Deleted Zip Backup File Name: ". $file->getFilename() . "\n" );
125
  }
126
- } elseif ( $DBBoptions['bps_db_backup_delete'] == '15' && time() - ( $last_modified ) >= 1296000 ) {
127
  if ( unlink( $source.DIRECTORY_SEPARATOR.$file->getFilename() ) ) {
128
  fwrite( $handle, "\r\n[Old Zip Backup File(s) Automatic Deletion: ". $timestamp . "]\n" );
129
  fwrite( $handle, "Deleted Zip Backup File Name: ". $file->getFilename() . "\n" );
130
  }
131
- } elseif ( $DBBoptions['bps_db_backup_delete'] == '30' && time() - ( $last_modified ) >= 2592000 ) {
132
  if ( unlink( $source.DIRECTORY_SEPARATOR.$file->getFilename() ) ) {
133
  fwrite( $handle, "\r\n[Old Zip Backup File(s) Automatic Deletion: ". $timestamp . "]\n" );
134
  fwrite( $handle, "Deleted Zip Backup File Name: ". $file->getFilename() . "\n" );
135
  }
136
- } elseif ( $DBBoptions['bps_db_backup_delete'] == '60' && time() - ( $last_modified ) >= 5184000 ) {
137
  if ( unlink( $source.DIRECTORY_SEPARATOR.$file->getFilename() ) ) {
138
  fwrite( $handle, "\r\n[Old Zip Backup File(s) Automatic Deletion: ". $timestamp . "]\n" );
139
  fwrite( $handle, "Deleted Zip Backup File Name: ". $file->getFilename() . "\n" );
140
  }
141
- } elseif ( $DBBoptions['bps_db_backup_delete'] == '90' && time() - ( $last_modified ) >= 7776000 ) {
142
  if ( unlink( $source.DIRECTORY_SEPARATOR.$file->getFilename() ) ) {
143
  fwrite( $handle, "\r\n[Old Zip Backup File(s) Automatic Deletion: ". $timestamp . "]\n" );
144
  fwrite( $handle, "Deleted Zip Backup File Name: ". $file->getFilename() . "\n" );
145
  }
146
- } elseif ( $DBBoptions['bps_db_backup_delete'] == '180' && time() - ( $last_modified ) >= 15552000 ) {
147
  if ( unlink( $source.DIRECTORY_SEPARATOR.$file->getFilename() ) ) {
148
  fwrite( $handle, "\r\n[Old Zip Backup File(s) Automatic Deletion: ". $timestamp . "]\n" );
149
  fwrite( $handle, "Deleted Zip Backup File Name: ". $file->getFilename() . "\n" );
@@ -164,11 +174,12 @@ $bpsDBBLog = WP_CONTENT_DIR . '/bps-backup/logs/db_backup_log.txt';
164
 
165
  // Get the Current / Last Modifed time of the DB Backup Log File - Seconds
166
  function bpsPro_DBB_LogLastMod_wp_secs() {
167
- $filename = WP_CONTENT_DIR . '/bps-backup/logs/db_backup_log.txt';
168
- $gmt_offset = get_option( 'gmt_offset' ) * 3600;
169
-
170
- if ( file_exists($filename) ) {
171
- $last_modified = date( "F d Y H:i:s", filemtime($filename) + $gmt_offset );
 
172
  return $last_modified;
173
  }
174
  }
@@ -178,7 +189,15 @@ if ( file_exists($filename) ) {
178
  function bpsPro_db_backup( $db_backup, $tables, $job_name, $job_type, $email_zip ) {
179
  global $wpdb;
180
 
181
- $time_start = microtime( true );
 
 
 
 
 
 
 
 
182
 
183
  if ( $email_zip == 'Delete' ) {
184
  $email_zip_log = 'Yes & Delete';
@@ -199,29 +218,29 @@ $time_start = microtime( true );
199
 
200
  if ( $handle )
201
 
202
- fwrite( $handle, "-- -------------------------------------------\n" );
203
- fwrite( $handle, "-- BulletProof Security DB Backup\n" );
204
- fwrite( $handle, "-- Support: https://forum.ait-pro.com/\n" );
205
- fwrite( $handle, "-- Backup Job Name: ". $job_name . "\n" );
206
- fwrite( $handle, "-- DB Backup Job Type: ". $job_type . "\n" );
207
- fwrite( $handle, "-- Email DB Backup: ". $email_zip_log . "\n" );
208
- fwrite( $handle, "-- DB Backup Time: ". $timestamp . "\n" );
209
- fwrite( $handle, "-- DB Name: ". DB_NAME . "\n" );
210
- fwrite( $handle, "-- DB Table Prefix: ". $wpdb->base_prefix . "\n" );
211
- fwrite( $handle, "-- Website URL: " . get_bloginfo( 'url' ) . "\n" );
212
- fwrite( $handle, "-- WP ABSPATH: ". ABSPATH . "\n" );
213
- fwrite( $handle, "-- -------------------------------------------\n\n" );
214
-
215
- fwrite( $handle, "/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;\n" );
216
- fwrite( $handle, "/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;\n" );
217
- fwrite( $handle, "/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;\n" );
218
- fwrite( $handle, "/*!40101 SET NAMES " . DB_CHARSET . " */;\n" );
219
- fwrite( $handle, "/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;\n" );
220
- fwrite( $handle, "/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;\n" );
221
- fwrite( $handle, "/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */;\n" );
222
- fwrite( $handle, "/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;\n\n" );
223
-
224
- if ( !empty( $tables ) )
225
 
226
  foreach ( $tables as $table_array ) {
227
 
@@ -286,96 +305,95 @@ $time_start = microtime( true );
286
  fclose( $handle );
287
 
288
  if ( file_exists($db_backup) ) {
289
-
290
- $DBBoptions = get_option('bulletproof_security_options_db_backup');
291
 
292
- // Use ZipArchive
293
- if ( class_exists('ZipArchive') ) {
294
-
295
- $zip = new ZipArchive();
296
- $filename = $DBBoptions['bps_db_backup_folder'] . '/' . date( 'Y-m-d-\t\i\m\e-g-i-s-a', $timeNow + $gmt_offset ) . '.zip';
297
 
298
- if ( $zip->open( $filename, ZIPARCHIVE::CREATE )!==TRUE ) {
299
- exit("Error: Cannot Open $filename\n");
300
- }
 
 
 
 
 
 
 
 
 
 
301
 
302
- $zip->addFile( $db_backup, DB_NAME . ".sql" );
303
- $zip->close();
304
-
305
- unlink($db_backup);
306
-
307
- } else {
 
 
308
 
309
- // Use PCLZip
310
- define( 'PCLZIP_TEMPORARY_DIR', $DBBoptions['bps_db_backup_folder'] . '/' );
311
- require_once ABSPATH . 'wp-admin/includes/class-pclzip.php';
312
-
313
- if ( ini_get( 'mbstring.func_overload' ) && function_exists( 'mb_internal_encoding' ) ) {
314
- $previous_encoding = mb_internal_encoding();
315
- mb_internal_encoding( 'ISO-8859-1' );
316
- }
317
- $filename = $DBBoptions['bps_db_backup_folder'] . '/' . date( 'Y-m-d-\t\i\m\e-g-i-s-a', $timeNow + $gmt_offset ) . '.zip';
318
- $archive = new PclZip( $filename );
319
- $sql_filename = str_replace( $DBBoptions['bps_db_backup_folder'] . '/', "", $db_backup );
320
- $db_backup = str_replace( array( '\\', '//'), "/", $db_backup );
321
- $db_backup_folder = str_replace( DB_NAME . '.sql', "", $db_backup );
322
- $v_list = $archive->create( $db_backup_folder . $sql_filename, PCLZIP_OPT_REMOVE_PATH, $db_backup_folder );
323
 
324
- unlink($db_backup);
325
- }
326
- }
327
-
328
- $time_end = microtime( true );
329
-
330
- $backup_time = $time_end - $time_start;
331
- $backup_time_log = 'Backup Job Completion Time: '. round( $backup_time, 2 ) . ' Seconds';
332
- $backup_time_display = '<strong>Backup Job Completion Time: </strong>'. round( $backup_time, 2 ) . ' Seconds';
333
- $bpsDBBLog = WP_CONTENT_DIR . '/bps-backup/logs/db_backup_log.txt';
334
-
335
- echo '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
336
- echo bpsPro_memory_resource_usage();
337
- echo $backup_time_display;
338
- echo '</p></div>';
339
 
340
- //$log_contents = "\r\n" . '[Backup Job Logged: ' . $timestamp . ']' . "\r\n" . 'Backup Job Name: ' . $job_name . "\r\n" . 'Backup Job Type: ' . $job_type . "\r\n" . 'Email DB Backup: ' . $email_zip_log . "\r\n" . $backup_time_log . "\r\n" . bpsPro_memory_resource_usage_logging() . "\r\n" . 'Zip Backup File Name: ' . $filename . "\r\n";
341
-
342
- $log_contents = "\r\n" . '[Backup Job Logged: ' . $timestamp . ']' . "\r\n" . 'Backup Job Name: ' . $job_name . "\r\n" . 'Backup Job Type: ' . $job_type . "\r\n" . 'Email DB Backup: ' . $email_zip_log . "\r\n" . $backup_time_log . "\r\n" . bpsPro_memory_resource_usage_logging() . "\r\n";
 
 
 
 
 
 
 
 
 
 
343
 
344
- if ( is_writable( $bpsDBBLog ) ) {
345
- if ( !$handle = fopen( $bpsDBBLog, 'a' ) ) {
346
- exit;
347
- }
348
- if ( fwrite( $handle, $log_contents ) === FALSE ) {
349
- exit;
350
- }
351
- fclose($handle);
352
- }
353
 
354
- $DBBLog_Options = array( 'bps_dbb_log_date_mod' => bpsPro_DBB_LogLastMod_wp_secs() );
 
 
355
 
356
- foreach( $DBBLog_Options as $key => $value ) {
357
- update_option('bulletproof_security_options_DBB_log', $DBBLog_Options);
358
- }
 
 
 
 
 
 
 
 
 
 
 
359
 
360
- $DBB_Backup_Options = array(
361
- 'bps_db_backup' => $DBBoptions['bps_db_backup'],
362
- 'bps_db_backup_description' => $DBBoptions['bps_db_backup_description'],
363
- 'bps_db_backup_folder' => $DBBoptions['bps_db_backup_folder'],
364
- 'bps_db_backup_download_link' => $DBBoptions['bps_db_backup_download_link'],
365
- 'bps_db_backup_job_type' => $DBBoptions['bps_db_backup_job_type'],
366
- 'bps_db_backup_frequency' => $DBBoptions['bps_db_backup_frequency'],
367
- 'bps_db_backup_start_time_hour' => $DBBoptions['bps_db_backup_start_time_hour'],
368
- 'bps_db_backup_start_time_weekday' => $DBBoptions['bps_db_backup_start_time_weekday'],
369
- 'bps_db_backup_start_time_month_date' => $DBBoptions['bps_db_backup_start_time_month_date'],
370
- 'bps_db_backup_email_zip' => $DBBoptions['bps_db_backup_email_zip'],
371
- 'bps_db_backup_delete' => $DBBoptions['bps_db_backup_delete'],
372
- 'bps_db_backup_status_display' => $timestamp
373
- );
374
-
375
  foreach( $DBB_Backup_Options as $key => $value ) {
376
  update_option('bulletproof_security_options_db_backup', $DBB_Backup_Options);
377
  }
378
-
379
  // Send Email last: attaching a large zip file may fail
380
  if ( $job_type != 'Manual' || $email_zip != 'No' ) {
381
 
18
  $schedules['hourly'] = array( 'interval' => 3600, 'display' => __('Hourly') );
19
  return $schedules;
20
  }
21
+
22
  add_filter('cron_schedules', 'bpsPro_DBB_cron');
23
 
24
  // $clock syncs to the exact current UNIX hour - ie 5:00:00, 6:00:00, 7:00:00
28
  $clock = mktime( date( "H", time() ), 0, 0, date( "n", time() ), date( "j", time() ), date( "Y", time() ) );
29
 
30
  if ( isset($DBBoptions['bps_db_backup']) && $DBBoptions['bps_db_backup'] == 'On' ) {
31
+ if ( ! wp_next_scheduled('bpsPro_DBB_check') ) {
32
+ wp_schedule_event( $clock, 'hourly', 'bpsPro_DBB_check' );
33
+ }
34
  }
35
  }
36
+
37
  add_action('init', 'bpsPro_schedule_DBB_checks');
38
 
39
  // DB Backup Cron Job Processing & delete old Backup Files if that option has been chosen
48
  $DBB_Rows = 'Scheduled';
49
  $DBB_TableRows = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $DBB_table_name WHERE bps_job_type = %s", $DBB_Rows ) );
50
 
51
+ $db_backup = isset($DBBoptions['bps_db_backup_folder']) ? $DBBoptions['bps_db_backup_folder'] . '/' . DB_NAME . '.sql' : '';
52
+
53
+ if ( empty($db_backup) ) {
54
+ return;
55
+ }
56
 
57
  foreach ( $DBB_TableRows as $row ) {
58
 
87
 
88
  // Delete Old Backup files and log the deleted Backup file name in the DB Backup Log
89
  function bpsPro_DBB_delete_old_backup_files() {
90
+
91
+ $DBBoptions = get_option('bulletproof_security_options_db_backup');
92
+ $timeNow = time();
93
+ $gmt_offset = get_option( 'gmt_offset' ) * 3600;
94
+ $timestamp = date_i18n(get_option('date_format'), strtotime("11/15-1976")) . ' ' . date_i18n(get_option('time_format'), $timeNow + $gmt_offset);
95
+ $bpsDBBLog = WP_CONTENT_DIR . '/bps-backup/logs/db_backup_log.txt';
96
+
97
+ $bps_db_backup_delete = isset($DBBoptions['bps_db_backup_delete']) ? $DBBoptions['bps_db_backup_delete'] : '';
98
+ $bps_db_backup_folder = isset($DBBoptions['bps_db_backup_folder']) ? $DBBoptions['bps_db_backup_folder'] : '';
99
 
100
+ if ( empty($bps_db_backup_delete) || $bps_db_backup_delete == 'Never' || empty($bps_db_backup_folder) ) {
101
  return;
102
  }
103
 
106
 
107
  if ( $handle )
108
 
109
+ $source = $bps_db_backup_folder;
110
 
111
  if ( is_dir($source) ) {
112
 
118
 
119
  $last_modified = filemtime( $source.DIRECTORY_SEPARATOR.$file->getFilename() );
120
 
121
+ if ( $bps_db_backup_delete == '1' && time() - ( $last_modified ) >= 86400 ) {
122
  if ( unlink( $source.DIRECTORY_SEPARATOR.$file->getFilename() ) ) {
123
  fwrite( $handle, "\r\n[Old Zip Backup File(s) Automatic Deletion: ". $timestamp . "]\n" );
124
  fwrite( $handle, "Deleted Zip Backup File Name: ". $file->getFilename() . "\n" );
125
  }
126
+ } elseif ( $bps_db_backup_delete == '5' && time() - ( $last_modified ) >= 432000 ) {
127
  if ( unlink( $source.DIRECTORY_SEPARATOR.$file->getFilename() ) ) {
128
  fwrite( $handle, "\r\n[Old Zip Backup File(s) Automatic Deletion: ". $timestamp . "]\n" );
129
  fwrite( $handle, "Deleted Zip Backup File Name: ". $file->getFilename() . "\n" );
130
  }
131
+ } elseif ( $bps_db_backup_delete == '10' && time() - ( $last_modified ) >= 864000 ) {
132
  if ( unlink( $source.DIRECTORY_SEPARATOR.$file->getFilename() ) ) {
133
  fwrite( $handle, "\r\n[Old Zip Backup File(s) Automatic Deletion: ". $timestamp . "]\n" );
134
  fwrite( $handle, "Deleted Zip Backup File Name: ". $file->getFilename() . "\n" );
135
  }
136
+ } elseif ( $bps_db_backup_delete == '15' && time() - ( $last_modified ) >= 1296000 ) {
137
  if ( unlink( $source.DIRECTORY_SEPARATOR.$file->getFilename() ) ) {
138
  fwrite( $handle, "\r\n[Old Zip Backup File(s) Automatic Deletion: ". $timestamp . "]\n" );
139
  fwrite( $handle, "Deleted Zip Backup File Name: ". $file->getFilename() . "\n" );
140
  }
141
+ } elseif ( $bps_db_backup_delete == '30' && time() - ( $last_modified ) >= 2592000 ) {
142
  if ( unlink( $source.DIRECTORY_SEPARATOR.$file->getFilename() ) ) {
143
  fwrite( $handle, "\r\n[Old Zip Backup File(s) Automatic Deletion: ". $timestamp . "]\n" );
144
  fwrite( $handle, "Deleted Zip Backup File Name: ". $file->getFilename() . "\n" );
145
  }
146
+ } elseif ( $bps_db_backup_delete == '60' && time() - ( $last_modified ) >= 5184000 ) {
147
  if ( unlink( $source.DIRECTORY_SEPARATOR.$file->getFilename() ) ) {
148
  fwrite( $handle, "\r\n[Old Zip Backup File(s) Automatic Deletion: ". $timestamp . "]\n" );
149
  fwrite( $handle, "Deleted Zip Backup File Name: ". $file->getFilename() . "\n" );
150
  }
151
+ } elseif ( $bps_db_backup_delete == '90' && time() - ( $last_modified ) >= 7776000 ) {
152
  if ( unlink( $source.DIRECTORY_SEPARATOR.$file->getFilename() ) ) {
153
  fwrite( $handle, "\r\n[Old Zip Backup File(s) Automatic Deletion: ". $timestamp . "]\n" );
154
  fwrite( $handle, "Deleted Zip Backup File Name: ". $file->getFilename() . "\n" );
155
  }
156
+ } elseif ( $bps_db_backup_delete == '180' && time() - ( $last_modified ) >= 15552000 ) {
157
  if ( unlink( $source.DIRECTORY_SEPARATOR.$file->getFilename() ) ) {
158
  fwrite( $handle, "\r\n[Old Zip Backup File(s) Automatic Deletion: ". $timestamp . "]\n" );
159
  fwrite( $handle, "Deleted Zip Backup File Name: ". $file->getFilename() . "\n" );
174
 
175
  // Get the Current / Last Modifed time of the DB Backup Log File - Seconds
176
  function bpsPro_DBB_LogLastMod_wp_secs() {
177
+
178
+ $filename = WP_CONTENT_DIR . '/bps-backup/logs/db_backup_log.txt';
179
+ $gmt_offset = get_option( 'gmt_offset' ) * 3600;
180
+
181
+ if ( file_exists($filename) ) {
182
+ $last_modified = date( "F d Y H:i:s", filemtime($filename) + $gmt_offset );
183
  return $last_modified;
184
  }
185
  }
189
  function bpsPro_db_backup( $db_backup, $tables, $job_name, $job_type, $email_zip ) {
190
  global $wpdb;
191
 
192
+ $time_start = microtime( true );
193
+
194
+ $DBBoptions = get_option('bulletproof_security_options_db_backup');
195
+
196
+ $bps_db_backup_folder = isset($DBBoptions['bps_db_backup_folder']) ? $DBBoptions['bps_db_backup_folder'] : '';
197
+
198
+ if ( empty($bps_db_backup_folder) ) {
199
+ return;
200
+ }
201
 
202
  if ( $email_zip == 'Delete' ) {
203
  $email_zip_log = 'Yes & Delete';
218
 
219
  if ( $handle )
220
 
221
+ fwrite( $handle, "-- -------------------------------------------\n" );
222
+ fwrite( $handle, "-- BulletProof Security DB Backup\n" );
223
+ fwrite( $handle, "-- Support: https://forum.ait-pro.com/\n" );
224
+ fwrite( $handle, "-- Backup Job Name: ". $job_name . "\n" );
225
+ fwrite( $handle, "-- DB Backup Job Type: ". $job_type . "\n" );
226
+ fwrite( $handle, "-- Email DB Backup: ". $email_zip_log . "\n" );
227
+ fwrite( $handle, "-- DB Backup Time: ". $timestamp . "\n" );
228
+ fwrite( $handle, "-- DB Name: ". DB_NAME . "\n" );
229
+ fwrite( $handle, "-- DB Table Prefix: ". $wpdb->base_prefix . "\n" );
230
+ fwrite( $handle, "-- Website URL: " . get_bloginfo( 'url' ) . "\n" );
231
+ fwrite( $handle, "-- WP ABSPATH: ". ABSPATH . "\n" );
232
+ fwrite( $handle, "-- -------------------------------------------\n\n" );
233
+
234
+ fwrite( $handle, "/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;\n" );
235
+ fwrite( $handle, "/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;\n" );
236
+ fwrite( $handle, "/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;\n" );
237
+ fwrite( $handle, "/*!40101 SET NAMES " . DB_CHARSET . " */;\n" );
238
+ fwrite( $handle, "/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;\n" );
239
+ fwrite( $handle, "/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;\n" );
240
+ fwrite( $handle, "/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */;\n" );
241
+ fwrite( $handle, "/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;\n\n" );
242
+
243
+ if ( ! empty( $tables ) )
244
 
245
  foreach ( $tables as $table_array ) {
246
 
305
  fclose( $handle );
306
 
307
  if ( file_exists($db_backup) ) {
 
 
308
 
309
+ // Use ZipArchive
310
+ if ( class_exists('ZipArchive') ) {
 
 
 
311
 
312
+ $zip = new ZipArchive();
313
+ $filename = $bps_db_backup_folder . '/' . date( 'Y-m-d-\t\i\m\e-g-i-s-a', $timeNow + $gmt_offset ) . '.zip';
314
+
315
+ if ( $zip->open( $filename, ZIPARCHIVE::CREATE )!==TRUE ) {
316
+ exit("Error: Cannot Open $filename\n");
317
+ }
318
+
319
+ $zip->addFile( $db_backup, DB_NAME . ".sql" );
320
+ $zip->close();
321
+
322
+ unlink($db_backup);
323
+
324
+ } else {
325
 
326
+ // Use PCLZip
327
+ define( 'PCLZIP_TEMPORARY_DIR', $bps_db_backup_folder . '/' );
328
+ require_once ABSPATH . 'wp-admin/includes/class-pclzip.php';
329
+
330
+ if ( ini_get( 'mbstring.func_overload' ) && function_exists( 'mb_internal_encoding' ) ) {
331
+ $previous_encoding = mb_internal_encoding();
332
+ mb_internal_encoding( 'ISO-8859-1' );
333
+ }
334
 
335
+ $filename = $bps_db_backup_folder . '/' . date( 'Y-m-d-\t\i\m\e-g-i-s-a', $timeNow + $gmt_offset ) . '.zip';
336
+ $archive = new PclZip( $filename );
337
+ $sql_filename = str_replace( $bps_db_backup_folder . '/', "", $db_backup );
338
+ $db_backup = str_replace( array( '\\', '//'), "/", $db_backup );
339
+ $db_backup_folder = str_replace( DB_NAME . '.sql', "", $db_backup );
340
+ $v_list = $archive->create( $db_backup_folder . $sql_filename, PCLZIP_OPT_REMOVE_PATH, $db_backup_folder );
341
+
342
+ unlink($db_backup);
343
+ }
344
+ }
345
+
346
+ $time_end = microtime( true );
 
 
347
 
348
+ $backup_time = $time_end - $time_start;
349
+ $backup_time_log = 'Backup Job Completion Time: '. round( $backup_time, 2 ) . ' Seconds';
350
+ $backup_time_display = '<strong>Backup Job Completion Time: </strong>'. round( $backup_time, 2 ) . ' Seconds';
351
+ $bpsDBBLog = WP_CONTENT_DIR . '/bps-backup/logs/db_backup_log.txt';
352
+
353
+ echo '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
354
+ echo bpsPro_memory_resource_usage();
355
+ echo $backup_time_display;
356
+ echo '</p></div>';
 
 
 
 
 
 
357
 
358
+ $log_contents = "\r\n" . '[Backup Job Logged: ' . $timestamp . ']' . "\r\n" . 'Backup Job Name: ' . $job_name . "\r\n" . 'Backup Job Type: ' . $job_type . "\r\n" . 'Email DB Backup: ' . $email_zip_log . "\r\n" . $backup_time_log . "\r\n" . bpsPro_memory_resource_usage_logging() . "\r\n";
359
+
360
+ if ( is_writable( $bpsDBBLog ) ) {
361
+ if ( !$handle = fopen( $bpsDBBLog, 'a' ) ) {
362
+ exit;
363
+ }
364
+
365
+ if ( fwrite( $handle, $log_contents ) === false ) {
366
+ exit;
367
+ }
368
+
369
+ fclose($handle);
370
+ }
371
 
372
+ $DBBLog_Options = array( 'bps_dbb_log_date_mod' => bpsPro_DBB_LogLastMod_wp_secs() );
 
 
 
 
 
 
 
 
373
 
374
+ foreach( $DBBLog_Options as $key => $value ) {
375
+ update_option('bulletproof_security_options_DBB_log', $DBBLog_Options);
376
+ }
377
 
378
+ $DBB_Backup_Options = array(
379
+ 'bps_db_backup' => $DBBoptions['bps_db_backup'],
380
+ 'bps_db_backup_description' => $DBBoptions['bps_db_backup_description'],
381
+ 'bps_db_backup_folder' => $DBBoptions['bps_db_backup_folder'],
382
+ 'bps_db_backup_download_link' => $DBBoptions['bps_db_backup_download_link'],
383
+ 'bps_db_backup_job_type' => $DBBoptions['bps_db_backup_job_type'],
384
+ 'bps_db_backup_frequency' => $DBBoptions['bps_db_backup_frequency'],
385
+ 'bps_db_backup_start_time_hour' => $DBBoptions['bps_db_backup_start_time_hour'],
386
+ 'bps_db_backup_start_time_weekday' => $DBBoptions['bps_db_backup_start_time_weekday'],
387
+ 'bps_db_backup_start_time_month_date' => $DBBoptions['bps_db_backup_start_time_month_date'],
388
+ 'bps_db_backup_email_zip' => $DBBoptions['bps_db_backup_email_zip'],
389
+ 'bps_db_backup_delete' => $DBBoptions['bps_db_backup_delete'],
390
+ 'bps_db_backup_status_display' => $timestamp
391
+ );
392
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
393
  foreach( $DBB_Backup_Options as $key => $value ) {
394
  update_option('bulletproof_security_options_db_backup', $DBB_Backup_Options);
395
  }
396
+
397
  // Send Email last: attaching a large zip file may fail
398
  if ( $job_type != 'Manual' || $email_zip != 'No' ) {
399
 
includes/functions.php CHANGED
@@ -212,395 +212,375 @@ function bps_root_htaccess_status_dashboard() {
212
 
213
  global $bps_version, $bps_last_version, $aitpro_bullet, $pagenow;
214
 
215
- if ( esc_html($_SERVER['REQUEST_METHOD']) == 'POST' ) {
216
-
217
- $bps_status_display = get_option('bulletproof_security_options_status_display');
218
-
219
- if ( isset($bps_status_display['bps_status_display']) && $bps_status_display['bps_status_display'] != 'Off' ) {
220
-
221
- if ( preg_match( '/page=bulletproof-security/', esc_html($_SERVER['REQUEST_URI']), $matches ) ) {
222
-
223
- $wp_admin_url = admin_url();
224
-
225
- if ( 'update-core.php' != $pagenow ) {
226
- ?>
227
-
228
- <div id="url-hash"></div>
229
-
230
- <script type="text/javascript">
231
- /* <![CDATA[ */
232
- var bpsPage = "<?php echo $wp_admin_url . 'admin.php?' . $_SERVER['QUERY_STRING']; ?>"
233
- var hash = window.location.hash;
234
-
235
- document.getElementById("url-hash").innerHTML = '<div id="bps-status-display" style="float:left;margin:6px 0px 0px 2px;padding:3px 5px 3px 5px;background-color:#e8e8e8;border:1px solid gray;"><a href="' + bpsPage + hash + '" style="text-decoration:none;font-weight:bold;">Reload BPS Status Display</a></div><div style="clear:both;"></div>';
236
- /* ]]> */
237
- </script>
238
-
239
- <?php
240
- }
241
- }
242
- }
243
-
244
- if ( isset($_POST['Submit-DBB-Run-Job']) && $_POST['Submit-DBB-Run-Job'] == true || isset($_POST['Submit-DB-Table-Prefix']) && $_POST['Submit-DB-Table-Prefix'] == true || isset($_POST['Submit-DB-Prefix-Table-Refresh']) && $_POST['Submit-DB-Prefix-Table-Refresh'] == true ) {
245
-
246
- $bpsPro_Spinner = get_option('bulletproof_security_options_spinner');
247
-
248
- if ( $bpsPro_Spinner['bps_spinner'] != 'Off' ) {
249
-
250
- echo '<div id="bps-status-display" style="padding:2px 0px 4px 8px;width:240px;">';
251
- echo '<div id="bps-spinner" class="bps-spinner" style="background:#fff;border:4px solid black;">';
252
- echo '<img id="bps-img-spinner" src="'.plugins_url('/bulletproof-security/admin/images/bps-spinner.gif').'" style="float:left;margin:0px 20px 0px 0px;" />';
253
- echo '<div id="bps-spinner-text-btn" style="padding:20px 0px 26px 0px;font-size:14px;">Processing...<br><button style="margin:10px 0px 0px 10px;" onclick="javascript:history.go(-1)">Cancel</button></div>';
254
- echo '</div>';
255
-
256
- ?>
257
-
258
- <style>
259
- <!--
260
- .bps-spinner {
261
- visibility:visible;
262
- position:fixed;
263
- top:7%;
264
- left:45%;
265
- width:240px;
266
- padding:2px 0px 4px 8px;
267
- z-index:99999;
268
- }
269
- -->
270
- </style>
271
-
272
- <?php
273
- echo '</div>';
274
- }
275
  }
276
 
277
- } elseif ( esc_html($_SERVER['QUERY_STRING']) == 'page=bulletproof-security/admin/system-info/system-info.php' ) {
278
-
279
- $bps_status_display = get_option('bulletproof_security_options_status_display');
280
-
281
- if ( isset($bps_status_display['bps_status_display']) && $bps_status_display['bps_status_display'] != 'Off' ) {
282
 
283
- echo '<div id="bps-status-display" style="float:left;padding:0px 0px 10px 0px;">'.__('The BPS Status Display is set to Off by default on the System Info page', 'bulletproof-security').'</div>';
284
- echo '<div style="clear:both;"></div>';
285
- }
286
 
287
- } else {
288
-
289
- $options = get_option('bulletproof_security_options_autolock');
290
- $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
291
-
292
- $filename = ABSPATH . '.htaccess';
293
-
294
- if ( file_exists($filename) ) {
295
-
296
- $permsHtaccess = substr(sprintf('%o', fileperms($filename)), -4);
297
- $sapi_type = php_sapi_name();
298
- $check_string = file_get_contents($filename);
299
- $section = file_get_contents($filename, FALSE, NULL, 3, 38);
300
- $bps_get_domain_root = bpsGetDomainRoot();
301
- $bps_get_wp_root_secure = bps_wp_get_root_folder();
302
- $bps_plugin_dir = str_replace( ABSPATH, '', WP_PLUGIN_DIR );
303
- $bps_root_upgrade = '';
304
- $hostaddress = esc_html( gethostbyaddr( $_SERVER['SERVER_ADDR'] ) );
305
-
306
- $patterna = '/RedirectMatch\s403\s\/\\\.\.\*\$/';
307
- //$pattern0 = '/ErrorDocument\s404\s(.*)\/404\.php\s*ErrorDocument\s410\s(.*)410\.php/s';
308
- $pattern0 = '/#{1,}(\s|){1,}ErrorDocument\s405(.*)\/bulletproof-security\/405\.php/';
309
- $pattern1 = '/#\sFORBID\sEMPTY\sREFFERER\sSPAMBOTS(.*)RewriteCond\s%{HTTP_USER_AGENT}\s\^\$\sRewriteRule\s\.\*\s\-\s\[F\]/s';
310
- // Only match 2 or more identical duplicate referer lines: 1 will not match and 2, 3, 4... will match
311
- $pattern2 = '/AnotherWebsite\.com\)\.\*\s*(RewriteCond\s%\{HTTP_REFERER\}\s\^\.\*'.$bps_get_domain_root.'\.\*\s*){2,}\s*RewriteRule\s\.\s\-\s\[S=1\]/s';
312
- $pattern4 = '/\.\*\(allow_url_include\|allow_url_fopen\|safe_mode\|disable_functions\|auto_prepend_file\) \[NC,OR\]/s';
313
- $pattern6 = '/(\[|\]|\(|\)|<|>|%3c|%3e|%5b|%5d)/s';
314
- $pattern7 = '/RewriteCond %{QUERY_STRING} \^\.\*(.*)[3](.*)[5](.*)[5](.*)[7](.*)\)/';
315
- $pattern8 = '/\[NC\]\s*RewriteCond\s%{HTTP_REFERER}\s\^\.\*(.*)\.\*\s*(.*)\s*(.*)\s*(.*)\s*(.*)\s*(.*)\s*RewriteRule\s\.\s\-\s\[S=1\]/';
316
- $pattern9 = '/RewriteCond\s%{QUERY_STRING}\s\(sp_executesql\)\s\[NC\]\s*(.*)\s*(.*)END\sBPSQSE(.*)\s*RewriteCond\s%{REQUEST_FILENAME}\s!-f\s*RewriteCond\s%{REQUEST_FILENAME}\s!-d\s*RewriteRule\s\.(.*)\/index\.php\s\[L\]\s*(.*)LOOP\sEND/';
317
- $pattern10 = '/#\sBEGIN\sBPSQSE\sBPS\sQUERY\sSTRING\sEXPLOITS\s*#\sThe\slibwww-perl\sUser\sAgent\sis\sforbidden/';
318
- $pattern10a = '/RewriteCond\s%\{THE_REQUEST\}\s(.*)\?(.*)\sHTTP\/\s\[NC,OR\]\s*RewriteCond\s%\{THE_REQUEST\}\s(.*)\*(.*)\sHTTP\/\s\[NC,OR\]/';
319
- $pattern10b = '/RewriteCond\s%\{THE_REQUEST\}\s.*\?\+\(%20\{1,\}.*\s*RewriteCond\s%\{THE_REQUEST\}\s.*\+\(.*\*\|%2a.*\s\[NC,OR\]/';
320
- $pattern10c = '/RewriteCond\s%\{THE_REQUEST\}\s\(\\\\?.*%2a\)\+\(%20\+\|\\\\s\+.*HTTP\(:\/.*\[NC,OR\]/';
321
- $pattern11 = '/RewriteCond\s%\{QUERY_STRING\}\s\[a-zA-Z0-9_\]\=http:\/\/\s\[OR\]/';
322
- $pattern12 = '/RewriteCond\s%\{QUERY_STRING\}\s\[a-zA-Z0-9_\]\=\(\\\.\\\.\/\/\?\)\+\s\[OR\]/';
323
- $pattern13 = '/RewriteCond\s%\{QUERY_STRING\}\s\(\\\.\\\.\/\|\\\.\\\.\)\s\[OR\]/';
324
- $pattern14 = '/RewriteCond\s%{QUERY_STRING}\s\(\\\.\/\|\\\.\.\/\|\\\.\.\.\/\)\+\(motd\|etc\|bin\)\s\[NC,OR\]/';
325
- $pattern_amod = '/#\sDENY\sBROWSER\sACCESS\sTO\sTHESE\sFILES(.*\s*){6,8}<FilesMatch(.*)wp-config(.*\s*){4,6}<\/FilesMatch>/';
326
- $pattern15 = '/BPS\sPOST\sRequest\sAttack\sProtection/';
327
- $pattern16 = '/#\sNEVER\sCOMMENT\sOUT\sTHIS\sLINE\sOF\sCODE\sBELOW\sFOR\sANY\sREASON(\s*){1}RewriteCond\s%\{REQUEST_URI\}\s\!\^\.\*\/wp-admin\/\s\[NC\]/';
328
- $pattern17 = '/#\sNEVER\sCOMMENT\sOUT\sTHIS\sLINE\sOF\sCODE\sBELOW\sFOR\sANY\sREASON(\s*){1}#{1,}(\s|){1,}RewriteCond\s%\{REQUEST_URI\}\s\!\^\.\*\/wp-admin\/\s\[NC\]/';
329
- $pattern18 = '/#\sREQUEST\sMETHODS\sFILTERED(.*)RewriteCond\s\%\{REQUEST_METHOD\}\s\^\(HEAD\|TRACE\|DELETE\|TRACK\|DEBUG\)\s\[NC\](\s*){1}RewriteRule\s\^\(\.\*\)\$\s\-\s\[F\]/s';
330
- $pattern19 = '/RewriteRule\s\^\(\.\*\)\$\s\-\s\[R=405,L\]/';
331
- // 2.3: Reverting: Match R,L for replacement to L
332
- $pattern20 = '/RewriteRule\s\^\(\.\*\)\$(.*)\/bulletproof-security\/405\.php\s\[R,L\]/';
333
- $pattern21 = '/RewriteCond\s%\{THE_REQUEST\}\s\(\\\?.*%2a\)\+\(%20.*HTTP\(:\/.*\[NC,OR\]/';
334
- $pattern22 = '/RewriteCond\s%\{QUERY_STRING\}\s\[a-zA-Z0-9_\]=http:\/\/\s\[NC,OR\]/';
335
- $pattern23 = '/RewriteCond\s%\{QUERY_STRING\}\s\^\(\.\*\)cPath=http:\/\/\(\.\*\)\$\s\[NC,OR\]/';
336
- $pattern24 = '/RewriteCond\s%\{QUERY_STRING\}\shttp\\\:\s\[NC,OR\](.*\s*){1}.*RewriteCond\s%\{QUERY_STRING\}\shttps\\\:\s\[NC,OR\]/';
337
- // BPS 1.0: version numbering change. The string replace is on line 365
338
- $BPSVpattern = '/BULLETPROOF\s\.[\d](.*)[\>]/';
339
- $BPSVpattern2 = '/BULLETPROOF\s[\d]\.[\d]/';
340
- $BPSVpattern3 = '/BULLETPROOF\s\.[\d][\d]\.[\d]/';
341
- $BPSVreplace = "BULLETPROOF $bps_version";
342
- }
343
 
344
- if ( ! file_exists($filename) ) {
345
 
346
- if ( $HFiles_options['bps_htaccess_files'] == 'disabled' ) {
347
-
348
- echo '<div id="bps-status-display" style="float:left;"><strong>'.__('BPS ', 'bulletproof-security').$bps_version.'</strong></div>';
349
-
350
- } elseif ( $HFiles_options['bps_htaccess_files'] != 'disabled' ) {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
351
 
352
- if ( ! get_option('bulletproof_security_options_wizard_free') ) {
353
 
354
- $text = '<div class="update-nag" style="BPS Setup Wizard Notification><font color="blue">'.__('BPS Setup Wizard Notification', 'bulletproof-security').'</font><br><a href="'.admin_url( 'admin.php?page=bulletproof-security/admin/wizard/wizard.php' ).'">'.esc_attr__('Click Here', 'bulletproof-security').'</a>'.__(' to go to the BPS Setup Wizard page and click the Setup Wizard button to setup the BPS plugin.', 'bulletproof-security').'</div>';
355
- echo $text;
356
-
357
- } else {
358
 
359
- $text = '<div class="update-nag" style="background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:500;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="#fb0101">'.__('BPS Alert! An htaccess file was NOT found in your WordPress root folder', 'bulletproof-security').'</font><br>'.__('If you have deleted the root htaccess file for troubleshooting purposes you can disregard this Alert.', 'bulletproof-security').'<br>'.__('Go to the ', 'bulletproof-security').'<a href="'.admin_url( 'admin.php?page=bulletproof-security/admin/core/core.php' ).'">'.esc_attr__('Security Modes page', 'bulletproof-security').'</a>'.__(' and click the Root Folder BulletProof Mode Activate button.', 'bulletproof-security').'</div>';
360
- echo $text;
361
- }
362
- }
363
-
364
- } else {
365
-
366
- if ( file_exists($filename) ) {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
367
 
368
- switch ( $bps_version ) {
369
- case $bps_last_version: // for testing
370
- if ( strpos( $check_string, "BULLETPROOF $bps_last_version" ) && strpos( $check_string, "BPSQSE" ) ) {
371
- print($section);
372
- }
373
- break;
374
- case ! strpos( $check_string, "BULLETPROOF" ) && ! strpos( $check_string, "DEFAULT" ):
375
 
376
- // Setup Wizard Notice
377
- if ( ! get_option('bulletproof_security_options_wizard_free') ) {
378
-
379
- $text = '<div class="update-nag" style="background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="blue">'.__('BPS Setup Wizard Notification', 'bulletproof-security').'</font><br><a href="'.admin_url( 'admin.php?page=bulletproof-security/admin/wizard/wizard.php' ).'">'.esc_attr__('Click Here', 'bulletproof-security').'</a>'.__(' to go to the BPS Setup Wizard page and click the Setup Wizard button to setup the BPS plugin.', 'bulletproof-security').'</div>';
380
- echo $text;
381
 
382
- } else {
383
-
384
- global $current_user;
385
- $user_id = $current_user->ID;
386
-
387
- if ( ! get_user_meta($user_id, 'bps_ignore_root_version_check_notice') ) {
388
 
389
- if ( esc_html($_SERVER['QUERY_STRING']) == '' && basename(esc_html($_SERVER['REQUEST_URI'])) != 'wp-admin' ) {
390
- $bps_base = basename(esc_html($_SERVER['REQUEST_URI'])) . '?';
391
- } elseif ( esc_html($_SERVER['QUERY_STRING']) == '' && basename(esc_html($_SERVER['REQUEST_URI'])) == 'wp-admin' ) {
392
- $bps_base = basename( str_replace( 'wp-admin', 'index.php?', esc_html($_SERVER['REQUEST_URI'])));
393
- } else {
394
- $bps_base = str_replace( admin_url(), '', esc_html($_SERVER['REQUEST_URI']) ) . '&';
395
- }
396
-
397
- $text = '<div class="update-nag" style="background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="#fb0101">'.__('BPS Alert! Your site may not be protected by BulletProof Security', 'bulletproof-security').'</font><br>'.__('The BPS version: BULLETPROOF x.x SECURE .HTACCESS line of code was not found at the top of your Root htaccess file.', 'bulletproof-security').'<br>'.__('The BPS version line of code MUST be at the very top of your Root htaccess file.', 'bulletproof-security').'<br><a href="'.admin_url( 'admin.php?page=bulletproof-security/admin/wizard/wizard.php' ).'">'.esc_attr__('Click Here', 'bulletproof-security').'</a>'.__(' to go to the BPS Setup Wizard page and click the Setup Wizard button to setup the BPS plugin again.', 'bulletproof-security').'<br>'.__('Important Note: If you manually added other htaccess code above the BPS version line of code in your root htaccess file, you can copy that code to BPS Root Custom Code so that your code is saved in the correct place in the BPS root htaccess file. ', 'bulletproof-security').'<br><a href="'.admin_url( 'admin.php?page=bulletproof-security/admin/core/core.php#bps-tabs-7' ).'">'.esc_attr__('Click Here', 'bulletproof-security').'</a>'.__(' to go to the BPS Custom Code page, add your Root custom htaccess code in an appropriate Root Custom Code text box and click the Save Root Custom Code button before running the Setup Wizard again.', 'bulletproof-security').'<br>'.__('To Dismiss this Notice click the Dismiss Notice button below. To Reset Dismiss Notices click the Reset|Recheck Dismiss Notices button on the Alerts|Logs|Email Options page.', 'bulletproof-security').'<br><div style="float:left;margin:3px 0px 3px 0px;padding:2px 6px 2px 6px;background-color:#e8e8e8;border:1px solid gray;"><a href="'.$bps_base.'bps_root_version_check_nag_ignore=0'.'" style="text-decoration:none;font-weight:bold;">'.__('Dismiss Notice', 'bulletproof-security').'</a></div></div>';
398
- echo $text;
399
  }
400
- }
401
 
402
- break;
403
- case ! strpos( $check_string, "BULLETPROOF $bps_version" ) && strpos( $check_string, "BPSQSE" ):
404
-
405
- // Update/Add/Save any New DB options/features on upgrade
406
- bpsPro_new_feature_autoupdate();
407
- // mod_authz_core forward/backward compatibility: create new htaccess files if needed
408
- bpsPro_apache_mod_directive_check();
409
- $Apache_Mod_options = get_option('bulletproof_security_options_apache_modules');
410
- $BPSCustomCodeOptions = get_option('bulletproof_security_options_customcode');
411
- // Recreate the User Agent filters in the 403.php file on BPS upgrade
412
- bpsPro_autoupdate_useragent_filters();
413
-
414
- if ( substr($sapi_type, 0, 6) != 'apache' || $permsHtaccess != '0666' || $permsHtaccess != '0777') { // Windows IIS, XAMPP, etc
415
- chmod($filename, 0644);
416
- }
417
 
418
- $stringReplace = file_get_contents($filename);
419
-
420
- if ( preg_match($BPSVpattern, $stringReplace) ) {
421
- $stringReplace = preg_replace($BPSVpattern, $BPSVreplace, $stringReplace);
422
- } elseif ( preg_match($BPSVpattern2, $stringReplace) ) {
423
- $stringReplace = preg_replace($BPSVpattern2, $BPSVreplace, $stringReplace);
424
- } elseif ( preg_match($BPSVpattern3, $stringReplace) ) {
425
- $stringReplace = preg_replace($BPSVpattern3, $BPSVreplace, $stringReplace);
426
- }
427
 
428
- $stringReplace = str_replace("RewriteCond %{HTTP_USER_AGENT} (libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR]", "RewriteCond %{HTTP_USER_AGENT} (havij|libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR]", $stringReplace);
 
 
429
 
430
- if ( preg_match($patterna, $stringReplace, $matches) ) {
431
- $stringReplace = preg_replace('/#\sDENY\sACCESS\sTO\sPROTECTED\sSERVER\sFILES(.*)RedirectMatch\s403\s\/\\\.\.\*\$/s', "# DENY ACCESS TO PROTECTED SERVER FILES AND FOLDERS\n# Files and folders starting with a dot: .htaccess, .htpasswd, .errordocs, .logs\nRedirectMatch 403 \.(htaccess|htpasswd|errordocs|logs)$", $stringReplace);
432
- }
433
-
434
- // .53.1: Create new block of Error Logging and Tracking code & help text if Custom Code is blank & New ErrorDocument 405 code does not exist.
435
- if ( $BPSCustomCodeOptions['bps_customcode_error_logging'] == '' && ! preg_match( $pattern0, $stringReplace, $matches ) ) {
436
- $stringReplace = preg_replace('/#\sBPS\sERROR\sLOGGING\sAND\sTRACKING.*(ErrorDocument\s404(.*)\/404\.php|ErrorDocument\s410(.*)\/bulletproof-security\/410\.php)/s', "# BPS ERROR LOGGING AND TRACKING\n# Use BPS Custom Code to modify/edit/change this code and to save it permanently.\n# BPS has premade 400 Bad Request, 403 Forbidden, 404 Not Found, 405 Method Not Allowed and\n# 410 Gone template logging files that are used to track and log 400, 403, 404, 405 and 410 errors\n# that occur on your website. When a hacker attempts to hack your website the hackers IP address,\n# Host name, Request Method, Referering link, the file name or requested resource, the user agent\n# of the hacker and the query string used in the hack attempt are logged.\n# All BPS log files are htaccess protected so that only you can view them.\n# The 400.php, 403.php, 404.php, 405.php and 410.php files are located in /$bps_plugin_dir/bulletproof-security/\n# The 400, 403, 405 and 410 Error logging files are already set up and will automatically start logging errors\n# after you install BPS and have activated BulletProof Mode for your Root folder.\n# If you would like to log 404 errors you will need to copy the logging code in the BPS 404.php file\n# to your Theme's 404.php template file. Simple instructions are included in the BPS 404.php file.\n# You can open the BPS 404.php file using the WP Plugins Editor or manually editing the file.\n# NOTE: By default WordPress automatically looks in your Theme's folder for a 404.php Theme template file.\n\nErrorDocument 400 $bps_get_wp_root_secure"."$bps_plugin_dir/bulletproof-security/400.php\nErrorDocument 401 default\nErrorDocument 403 $bps_get_wp_root_secure"."$bps_plugin_dir/bulletproof-security/403.php\nErrorDocument 404 $bps_get_wp_root_secure"."404.php\nErrorDocument 405 $bps_get_wp_root_secure"."$bps_plugin_dir/bulletproof-security/405.php\nErrorDocument 410 $bps_get_wp_root_secure"."$bps_plugin_dir/bulletproof-security/410.php", $stringReplace);
437
- }
438
-
439
- // .53: Create new block of Request Methods Filtered code & help text.
440
- // .53.1: Old RMF Code exists: Conditional host check added to create either R=405 for Go Daddy or dumbed down code for all other hosts.
441
- // 3.9: removing this RMF cleanup code. Only dumbed down RMF code is created now.
442
- /*
443
- if ( preg_match( $pattern18, $stringReplace, $matches ) && preg_match( '/secureserver\.net/', $hostaddress, $matches ) ) {
444
- $stringReplace = preg_replace( $pattern18, "# REQUEST METHODS FILTERED\n# If you want to allow HEAD Requests use BPS Custom Code and copy\n# this entire REQUEST METHODS FILTERED section of code to this BPS Custom Code\n# text box: CUSTOM CODE REQUEST METHODS FILTERED.\n# See the CUSTOM CODE REQUEST METHODS FILTERED help text for additional steps.\nRewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]\nRewriteRule ^(.*)$ - [F]\nRewriteCond %{REQUEST_METHOD} ^(HEAD) [NC]\nRewriteRule ^(.*)$ - [R=405,L]", $stringReplace);
445
- } elseif ( preg_match( $pattern18, $stringReplace, $matches ) && ! preg_match( '/secureserver\.net/', $hostaddress, $matches ) ) {
446
- $stringReplace = preg_replace( $pattern18, "# REQUEST METHODS FILTERED\n# If you want to allow HEAD Requests use BPS Custom Code and copy\n# this entire REQUEST METHODS FILTERED section of code to this BPS Custom Code\n# text box: CUSTOM CODE REQUEST METHODS FILTERED.\n# See the CUSTOM CODE REQUEST METHODS FILTERED help text for additional steps.\nRewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]\nRewriteRule ^(.*)$ - [F]\nRewriteCond %{REQUEST_METHOD} ^(HEAD) [NC]\nRewriteRule ^(.*)$ " . $bps_get_wp_root_secure . $bps_plugin_dir . "/bulletproof-security/405.php [L]", $stringReplace);
447
- }
448
-
449
- // .53.1: New RMF R=405 Code exists: Replace the R=405 code if the host is Not Go Daddy & the R=405 code does not exist in Custom Code.
450
- if ( preg_match( $pattern19, $stringReplace, $matches ) && ! preg_match( '/secureserver\.net/', $hostaddress ) && ! preg_match( '/R=405/', $BPSCustomCodeOptions['bps_customcode_request_methods'] ) ) {
451
- $stringReplace = preg_replace( $pattern19, "RewriteRule ^(.*)$ " . $bps_get_wp_root_secure . $bps_plugin_dir . "/bulletproof-security/405.php [L]", $stringReplace);
452
- }
453
-
454
- // 2.0: Add R to the dumb downed Request Methods Filtered 405 htaccess code in the Root htaccess file.
455
- // 2.3: Reverted: Remove R due to duplicate security log entries
456
- if ( preg_match( $pattern20, $stringReplace, $matches ) ) {
457
- $stringReplace = preg_replace( $pattern20, "RewriteRule ^(.*)$ " . $bps_get_wp_root_secure . $bps_plugin_dir . "/bulletproof-security/405.php [L]", $stringReplace);
458
- }
459
- */
460
-
461
- // 2.0: Add additional https scheme conditions to 3 htaccess security rules and combine 2 rules into 1 rule.
462
- if ( preg_match( $pattern21, $stringReplace, $matches ) ) {
463
- $stringReplace = preg_replace( $pattern21, "RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\\\\\s+|%20+\\\\\s+|\\\\\s+%20+|\\\\\s+%20+\\\\\s+)(http|https)(:/|/) [NC,OR]", $stringReplace);
464
- }
465
-
466
- if ( preg_match( $pattern22, $stringReplace, $matches ) ) {
467
- $stringReplace = preg_replace( $pattern22, "RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(http|https):// [NC,OR]", $stringReplace);
468
- }
469
-
470
- if ( preg_match( $pattern23, $stringReplace, $matches ) ) {
471
- $stringReplace = preg_replace( $pattern23, "RewriteCond %{QUERY_STRING} ^(.*)cPath=(http|https)://(.*)$ [NC,OR]", $stringReplace);
472
- }
473
-
474
- if ( preg_match( $pattern24, $stringReplace, $matches ) ) {
475
- $stringReplace = preg_replace( $pattern24, "RewriteCond %{QUERY_STRING} (http|https)\: [NC,OR]", $stringReplace);
476
- }
477
-
478
- if ( preg_match($pattern1, $stringReplace, $matches) ) {
479
- $stringReplace = preg_replace('/#\sFORBID\sEMPTY\sREFFERER\sSPAMBOTS(.*)RewriteCond\s%{HTTP_USER_AGENT}\s\^\$\sRewriteRule\s\.\*\s\-\s\[F\]/s', '', $stringReplace);
480
- }
481
 
482
- if ( preg_match($pattern2, $stringReplace, $matches) ) {
483
- $stringReplace = preg_replace('/AnotherWebsite\.com\)\.\*\s*(RewriteCond\s%\{HTTP_REFERER\}\s\^\.\*'.$bps_get_domain_root.'\.\*\s*){2,}\s*RewriteRule\s\.\s\-\s\[S=1\]/s', "AnotherWebsite.com).*\nRewriteCond %{HTTP_REFERER} ^.*$bps_get_domain_root.*\nRewriteRule . - [S=1]", $stringReplace);
484
- }
485
-
486
- if ( ! preg_match($pattern10, $stringReplace, $matches) ) {
487
- $stringReplace = preg_replace('/#\sBPSQSE\sBPS\sQUERY\sSTRING\sEXPLOITS\s*#\sThe\slibwww-perl\sUser\sAgent\sis\sforbidden/', "# BEGIN BPSQSE BPS QUERY STRING EXPLOITS\n# The libwww-perl User Agent is forbidden", $stringReplace);
488
- }
489
-
490
- if ( preg_match($pattern10a, $stringReplace, $matches) ) {
491
- $stringReplace = preg_replace( $pattern10a, "RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\\\\\s+|%20+\\\\\s+|\\\\\s+%20+|\\\\\s+%20+\\\\\s+)HTTP(:/|/) [NC,OR]", $stringReplace);
492
- }
493
-
494
- if ( preg_match($pattern10b, $stringReplace, $matches) ) {
495
- $stringReplace = preg_replace( $pattern10b, "RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\\\\\s+|%20+\\\\\s+|\\\\\s+%20+|\\\\\s+%20+\\\\\s+)HTTP(:/|/) [NC,OR]", $stringReplace);
496
- }
497
-
498
- if ( preg_match($pattern10c, $stringReplace, $matches) ) {
499
- $stringReplace = preg_replace( $pattern10c, "RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\\\\\s+|%20+\\\\\s+|\\\\\s+%20+|\\\\\s+%20+\\\\\s+)HTTP(:/|/) [NC,OR]", $stringReplace);
500
- }
501
-
502
- if ( preg_match($pattern11, $stringReplace, $matches) ) {
503
- $stringReplace = preg_replace('/RewriteCond\s%\{QUERY_STRING\}\s\[a-zA-Z0-9_\]\=http:\/\/\s\[OR\]/s', "RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [NC,OR]", $stringReplace);
504
- }
505
-
506
- if ( preg_match($pattern12, $stringReplace, $matches) ) {
507
- $stringReplace = preg_replace('/RewriteCond\s%\{QUERY_STRING\}\s\[a-zA-Z0-9_\]\=\(\\\.\\\.\/\/\?\)\+\s\[OR\]/s', "RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [NC,OR]", $stringReplace);
508
- }
509
-
510
- if ( preg_match($pattern13, $stringReplace, $matches) ) {
511
- $stringReplace = preg_replace('/RewriteCond\s%\{QUERY_STRING\}\s\(\\\.\\\.\/\|\\\.\\\.\)\s\[OR\]/s', "RewriteCond %{QUERY_STRING} (\.\./|%2e%2e%2f|%2e%2e/|\.\.%2f|%2e\.%2f|%2e\./|\.%2e%2f|\.%2e/) [NC,OR]", $stringReplace);
512
- }
513
-
514
- if ( preg_match($pattern6, $stringReplace, $matches)) {
515
- $stringReplace = str_replace("RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|%3c|%3e|%5b|%5d).* [NC,OR]", "RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>|%3c|%3e).* [NC,OR]", $stringReplace);
516
- $stringReplace = str_replace("RewriteCond %{QUERY_STRING} ^.*(\x00|\x04|\x08|\x0d|\x1b|\x20|\x3c|\x3e|\x5b|\x5d|\x7f).* [NC,OR]", "RewriteCond %{QUERY_STRING} ^.*(\x00|\x04|\x08|\x0d|\x1b|\x20|\x3c|\x3e|\x7f).* [NC,OR]", $stringReplace);
517
- }
518
-
519
- if ( preg_match($pattern7, $stringReplace, $matches)) {
520
- $stringReplace = preg_replace('/RewriteCond %{QUERY_STRING} \^\.\*(.*)[5](.*)[5](.*)\)/', 'RewriteCond %{QUERY_STRING} ^.*(\x00|\x04|\x08|\x0d|\x1b|\x20|\x3c|\x3e|\x7f)', $stringReplace);
521
- }
522
-
523
- if ( preg_match($pattern14, $stringReplace, $matches) ) {
524
- $stringReplace = preg_replace('/RewriteCond\s%{QUERY_STRING}\s\(\\\.\/\|\\\.\.\/\|\\\.\.\.\/\)\+\(motd\|etc\|bin\)\s\[NC,OR\]/s', "RewriteCond %{QUERY_STRING} (\.{1,}/)+(motd|etc|bin) [NC,OR]", $stringReplace);
525
- }
526
-
527
- if ( ! preg_match($pattern4, $stringReplace, $matches) ) {
528
- $stringReplace = str_replace("RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR]", "RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR]\nRewriteCond %{QUERY_STRING} \-[sdcr].*(allow_url_include|allow_url_fopen|safe_mode|disable_functions|auto_prepend_file) [NC,OR]", $stringReplace);
529
- }
530
-
531
- if ( ! is_multisite() && ! preg_match($pattern9, $stringReplace, $matches) ) {
532
- $stringReplace = preg_replace('/RewriteCond\s%{QUERY_STRING}\s\(sp_executesql\)\s\[NC\]\s*(.*)\s*RewriteCond\s%{REQUEST_FILENAME}\s!-f\s*RewriteCond\s%{REQUEST_FILENAME}\s!-d\s*RewriteRule\s\.(.*)\/index\.php\s\[L\]/', "RewriteCond %{QUERY_STRING} (sp_executesql) [NC]\nRewriteRule ^(.*)$ - [F,L]\n# END BPSQSE BPS QUERY STRING EXPLOITS\nRewriteCond %{REQUEST_FILENAME} !-f\nRewriteCond %{REQUEST_FILENAME} !-d\nRewriteRule . ".$bps_get_wp_root_secure."index.php [L]\n# WP REWRITE LOOP END", $stringReplace);
533
- }
534
 
535
- if ( preg_match( $pattern_amod, $stringReplace, $matches ) && $BPSCustomCodeOptions['bps_customcode_deny_files'] == '' && $Apache_Mod_options['bps_apache_mod_ifmodule'] == 'Yes' ) {
536
-
537
- $stringReplace = preg_replace( $pattern_amod, "# DENY BROWSER ACCESS TO THESE FILES\n# Use BPS Custom Code to modify/edit/change this code and to save it permanently.\n# wp-config.php, bb-config.php, php.ini, php5.ini, readme.html\n# To be able to view these files from a Browser, replace 127.0.0.1 with your actual\n# current IP address. Comment out: #Require all denied and Uncomment: Require ip 127.0.0.1\n# Comment out: #Deny from all and Uncomment: Allow from 127.0.0.1\n# Note: The BPS System Info page displays which modules are loaded on your server.\n\n<FilesMatch \"^(wp-config\.php|php\.ini|php5\.ini|readme\.html|bb-config\.php)\">\n<IfModule mod_authz_core.c>\nRequire all denied\n#Require ip 127.0.0.1\n</IfModule>\n\n<IfModule !mod_authz_core.c>\n<IfModule mod_access_compat.c>\nOrder Allow,Deny\nDeny from all\n#Allow from 127.0.0.1\n</IfModule>\n</IfModule>\n</FilesMatch>", $stringReplace);
538
 
539
- } elseif ( preg_match( $pattern_amod, $stringReplace, $matches ) && $BPSCustomCodeOptions['bps_customcode_deny_files'] == '' && $Apache_Mod_options['bps_apache_mod_ifmodule'] == 'No' ) {
540
-
541
- $stringReplace = preg_replace( $pattern_amod, "# DENY BROWSER ACCESS TO THESE FILES\n# Use BPS Custom Code to modify/edit/change this code and to save it permanently.\n# wp-config.php, bb-config.php, php.ini, php5.ini, readme.html\n# To be able to view these files from a Browser, replace 127.0.0.1 with your actual\n# current IP address. Comment out: #Deny from all and Uncomment: Allow from 127.0.0.1\n# Note: The BPS System Info page displays which modules are loaded on your server.\n\n<FilesMatch \"^(wp-config\.php|php\.ini|php5\.ini|readme\.html|bb-config\.php)\">\nOrder Allow,Deny\nDeny from all\n#Allow from 127.0.0.1\n</FilesMatch>", $stringReplace);
542
- }
543
-
544
- // .52.9: POST Request Attack Protection code correction|addition
545
- // .53: Condition added to allow commenting out wp-admin URI whitelist rule
546
- if ( preg_match( $pattern15, $stringReplace, $matches ) && ! preg_match( $pattern16, $stringReplace, $matches ) && ! preg_match( $pattern17, $stringReplace, $matches ) ) {
547
- $stringReplace = preg_replace('/RewriteCond\s%\{REQUEST_METHOD\}\sPOST\s\[NC\]/s', "RewriteCond %{REQUEST_METHOD} POST [NC]\n# NEVER COMMENT OUT THIS LINE OF CODE BELOW FOR ANY REASON\nRewriteCond %{REQUEST_URI} !^.*/wp-admin/ [NC]\n# Whitelist the WordPress Theme Customizer\nRewriteCond %{HTTP_REFERER} !^.*/wp-admin/customize.php", $stringReplace);
548
- }
549
-
550
- // Clean up - replace 3 and 4 multiple newlines with 1 newline
551
- if ( preg_match('/(\n\n\n|\n\n\n\n)/', $stringReplace, $matches) ) {
552
- $stringReplace = preg_replace("/(\n\n\n|\n\n\n\n)/", "\n", $stringReplace);
553
- }
554
- // remove duplicate referer lines
555
- if ( preg_match($pattern8, $stringReplace, $matches) ) {
556
- $stringReplace = preg_replace("/\[NC\]\s*RewriteCond\s%{HTTP_REFERER}\s\^\.\*(.*)\.\*\s*(.*)\s*(.*)\s*(.*)\s*(.*)\s*(.*)\s*RewriteRule\s\.\s\-\s\[S=1\]/", "[NC]\nRewriteCond %{HTTP_REFERER} ^.*$bps_get_domain_root.*\nRewriteRule . - [S=1]", $stringReplace);
557
- }
558
-
559
- file_put_contents($filename, $stringReplace);
560
 
561
- if ( isset($options['bps_root_htaccess_autolock']) && $options['bps_root_htaccess_autolock'] == 'On') {
562
- chmod($filename, 0404);
563
- }
564
-
565
- if ( getBPSInstallTime() == getBPSRootHtaccessLasModTime_minutes() || getBPSInstallTime_plusone() == getBPSRootHtaccessLasModTime_minutes() ) {
566
-
567
- $bps_root_upgrade = 'upgrade';
568
-
569
- $pos = strpos( $check_string, 'IMPORTANT!!! DO NOT DELETE!!! - B E G I N Wordpress' );
570
-
571
- if ( $pos === false ) {
572
 
573
- $updateText = '<div class="update-nag" style="float:left;"background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);><font color="blue">'.__("The BPS Automatic htaccess File Update Completed Successfully!", 'bulletproof-security').'</font></div>';
574
- print($updateText);
 
575
  }
576
- } // end up upgrade processing
577
- break;
578
- case strpos( $check_string, "BULLETPROOF $bps_version" ) && strpos( $check_string, "BPSQSE" ):
579
-
580
- $bps_status_display = get_option('bulletproof_security_options_status_display');
581
 
582
- if ( isset($bps_status_display['bps_status_display']) && $bps_status_display['bps_status_display'] != 'Off' ) {
583
-
584
- if ( preg_match( '/page=bulletproof-security/', esc_html($_SERVER['REQUEST_URI']), $matches ) ) {
585
 
586
- $RBM = $aitpro_bullet . '<a href="'.admin_url( 'admin.php?page=bulletproof-security/admin/core/core.php' ).'" title="Root Folder BulletProof Mode" style="text-decoration:none;">'.__('RBM', 'bulletproof-security').'</a>: <font color="green"><strong>'.__('On', 'bulletproof-security').'</strong></font>';
587
- $RBM_str = str_replace( "BULLETPROOF $bps_version SECURE .HTACCESS", "BPS $bps_version", $section );
588
-
589
- echo '<div id="bps-status-display" style="float:left;font-weight:600;margin:0px 0px 0px 5px;"><strong>'.$RBM_str.'</strong>'.$RBM.'</div>';
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
590
  }
591
  }
592
- break;
593
- default:
594
-
595
- if ( $bps_root_upgrade != 'upgrade' ) {
596
-
597
- $text = '<div class="update-nag" style="background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="#fb0101">'.__('BPS Alert! Your site does not appear to be protected by BulletProof Security', 'bulletproof-security').'</font><br>'.__('Go to the ', 'bulletproof-security').'<a href="'.admin_url( 'admin.php?page=bulletproof-security/admin/core/core.php' ).'">'.esc_attr__('Security Modes page', 'bulletproof-security').'</a>'.__(' and click the Root Folder BulletProof Mode Activate button.', 'bulletproof-security').'</div>';
598
- echo $text;
599
- }
600
- }
601
- }
602
- }
603
- }
604
  }
605
  }
606
 
@@ -621,177 +601,181 @@ function bps_wpadmin_htaccess_status_dashboard() {
621
 
622
  if ( current_user_can('manage_options') ) {
623
 
624
- global $bps_version, $bps_last_version, $aitpro_bullet;
625
-
626
- if ( esc_html($_SERVER['REQUEST_METHOD']) != 'POST' && esc_html($_SERVER['QUERY_STRING']) != 'page=bulletproof-security/admin/system-info/system-info.php' ) {
627
-
628
- $BPS_wpadmin_Options = get_option('bulletproof_security_options_htaccess_res');
629
- $GDMW_options = get_option('bulletproof_security_options_GDMW');
630
-
631
- if ( isset( $BPS_wpadmin_Options['bps_wpadmin_restriction'] ) && $BPS_wpadmin_Options['bps_wpadmin_restriction'] == 'disabled' || isset( $GDMW_options['bps_gdmw_hosting'] ) && $GDMW_options['bps_gdmw_hosting'] == 'yes' ) {
632
- return;
633
- }
634
-
635
- $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
636
- $filename = ABSPATH . 'wp-admin/.htaccess';
637
-
638
- if ( file_exists($filename) ) {
639
-
640
- $permsHtaccess = substr(sprintf('%o', fileperms($filename)), -4);
641
- $check_string = file_get_contents($filename);
642
- $section = file_get_contents($filename, FALSE, NULL, 3, 46);
643
- $bps_wpadmin_upgrade = '';
644
-
645
- $pattern10a = '/RewriteCond\s%\{THE_REQUEST\}\s(.*)\?(.*)\sHTTP\/\s\[NC,OR\]\s*RewriteCond\s%\{THE_REQUEST\}\s(.*)\*(.*)\sHTTP\/\s\[NC,OR\]/';
646
- $pattern10b = '/RewriteCond\s%\{THE_REQUEST\}\s.*\?\+\(%20\{1,\}.*\s*RewriteCond\s%\{THE_REQUEST\}\s.*\+\(.*\*\|%2a.*\s\[NC,OR\]/';
647
- $pattern10c = '/RewriteCond\s%\{THE_REQUEST\}\s\(\\\\?.*%2a\)\+\(%20\+\|\\\\s\+.*HTTP\(:\/.*\[NC,OR\]/';
648
- $pattern1 = '/(\[|\]|\(|\)|<|>)/s';
649
- $pattern_amod = '/#\sWPADMIN\sDENY\sBROWSER\sACCESS\sTO\sFILES(.*\s*){13,16}#\sEND\sBPS\sWPADMIN\sDENY\sACCESS\sTO\sFILES/';
650
- $pattern21 = '/RewriteCond\s%\{THE_REQUEST\}\s\(\\\?.*%2a\)\+\(%20.*HTTP\(:\/.*\[NC,OR\]/';
651
- $pattern22 = '/RewriteCond\s%\{QUERY_STRING\}\s\[a-zA-Z0-9_\]=http:\/\/\s\[NC,OR\]/';
652
- $pattern23 = '/RewriteCond\s%\{QUERY_STRING\}\s\^\(\.\*\)cPath=http:\/\/\(\.\*\)\$\s\[NC,OR\]/';
653
- $pattern24 = '/RewriteCond\s%\{QUERY_STRING\}\shttp\\\:\s\[NC,OR\](.*\s*){1}.*RewriteCond\s%\{QUERY_STRING\}\shttps\\\:\s\[NC,OR\]/';
654
- $pattern25 = '/#\sREQUEST\sMETHODS\sFILTERED(.*\s*){1}RewriteEngine\sOn(.*\s*){1}RewriteCond(.*\s*){1}RewriteRule\s\^\(\.\*\)\$\s\-\s\[F\]/';
655
- $pattern26 = '/RewriteCond\s%\{REQUEST_URI\}\s\(press-this\\\.php\)\s\[NC\]/';
656
- $BPSVpattern = '/BULLETPROOF\s\.[\d](.*)WP-ADMIN/';
657
- $BPSVpattern2 = '/BULLETPROOF\s[\d]\.[\d]\sWP-ADMIN/';
658
- $BPSVreplace = "BULLETPROOF $bps_version WP-ADMIN";
659
- }
660
-
661
- if ( ! file_exists($filename) && isset($HFiles_options['bps_htaccess_files']) && $HFiles_options['bps_htaccess_files'] != 'disabled' ) {
662
-
663
- if ( get_option('bulletproof_security_options_wizard_free') ) {
664
-
665
- $text = '<div class="update-nag" style="background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="#fb0101">'.__('BPS Alert! An htaccess file was NOT found in your WordPress wp-admin folder', 'bulletproof-security').'</font><br>'.__('If you have deleted the wp-admin htaccess file for troubleshooting purposes you can disregard this Alert.', 'bulletproof-security').'<br>'.__('Go to the ', 'bulletproof-security').'<a href="'.admin_url( 'admin.php?page=bulletproof-security/admin/core/core.php' ).'">'.esc_attr__('Security Modes page', 'bulletproof-security').'</a>'.__(' and click the wp-admin Folder BulletProof Mode Activate button.', 'bulletproof-security').'</div>';
666
- echo $text;
667
- }
668
 
669
- } else {
670
-
671
- if ( file_exists($filename) ) {
672
-
673
- switch ( $bps_version ) {
674
- case $bps_last_version: // for Testing
675
- if ( strpos( $check_string, "BULLETPROOF $bps_last_version" ) && strpos( $check_string, "BPSQSE-check" ) ) {
676
- // echo or print for testing
677
- }
678
- break;
679
- case ! strpos( $check_string, "BULLETPROOF" ):
680
-
681
- // Setup Wizard Notice: not displayed. The Setup Wizard DB option is automatically saved in the root htaccess funcion on BPS plugin upgrades.
682
- if ( ! get_option('bulletproof_security_options_wizard_free') ) {
683
- // display nothing. Notice is already displayed in the root htaccess function.
684
-
685
- } else {
686
-
687
- $text = '<div class="update-nag" style="background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="#fb0101">'.__('BPS Alert! Your wp-admin folder may not be protected by BulletProof Security', 'bulletproof-security').'</font><br>'.__('The BPS version: BULLETPROOF .xx.x WP-ADMIN SECURE .HTACCESS line of code was not found at the top of your wp-admin htaccess file.', 'bulletproof-security').'<br>'.__('The BPS version line of code MUST be at the very top of your wp-admin htaccess file.', 'bulletproof-security').'<br><a href="'.admin_url( 'admin.php?page=bulletproof-security/admin/wizard/wizard.php' ).'">'.esc_attr__('Click Here', 'bulletproof-security').'</a>'.__(' to go to the BPS Setup Wizard page and click the Setup Wizard button to setup the BPS plugin again.', 'bulletproof-security').'<br>'.__('Important Note: If you manually added other htaccess code above the BPS version line of code in your wp-admin htaccess file, you can copy that code to BPS wp-admin Custom Code so that your code is saved in the correct place in the BPS wp-admin htaccess file. ', 'bulletproof-security').'<br><a href="'.admin_url( 'admin.php?page=bulletproof-security/admin/core/core.php#bps-tabs-7' ).'">'.esc_attr__('Click Here', 'bulletproof-security').'</a>'.__(' to go to the BPS Custom Code page, add your wp-admin custom htaccess code in an appropriate wp-admin Custom Code text box and click the Save wp-admin Custom Code button before running the Setup Wizard again.', 'bulletproof-security').'</div>';
688
- echo $text;
689
  }
690
 
691
- break;
692
- case ! strpos( $check_string, "BULLETPROOF $bps_version" ) && strpos( $check_string, "BPSQSE-check" ):
693
-
694
- // mod_authz_core forward/backward compatibility: create new htaccess files if needed
695
- bpsPro_apache_mod_directive_check();
696
- $CC_Options_wpadmin = get_option('bulletproof_security_options_customcode_WPA');
697
- $Apache_Mod_options = get_option('bulletproof_security_options_apache_modules');
698
- $sapi_type = php_sapi_name();
699
-
700
- if ( substr($sapi_type, 0, 6) != 'apache' || $permsHtaccess != '0666' || $permsHtaccess != '0777') { // Windows IIS, XAMPP, etc
701
- chmod($filename, 0644);
702
- }
703
-
704
- $stringReplace = file_get_contents($filename);
705
 
706
- if ( preg_match($BPSVpattern, $stringReplace) ) {
707
- $stringReplace = preg_replace($BPSVpattern, $BPSVreplace, $stringReplace);
708
- } elseif ( preg_match($BPSVpattern2, $stringReplace) ) {
709
- $stringReplace = preg_replace($BPSVpattern2, $BPSVreplace, $stringReplace);
710
  }
711
 
712
- if ( preg_match( $pattern_amod, $stringReplace, $matches ) && $CC_Options_wpadmin['bps_customcode_deny_files_wpa'] == '' && $Apache_Mod_options['bps_apache_mod_ifmodule'] == 'Yes' ) {
713
-
714
- $stringReplace = preg_replace( $pattern_amod, "# WPADMIN DENY BROWSER ACCESS TO FILES\n# Deny Browser access to /wp-admin/install.php\n# Use BPS Custom Code to modify/edit/change this code and to save it permanently.\n# To be able to view the install.php file from a Browser, replace 127.0.0.1 with your actual\n# current IP address. Comment out: #Require all denied and Uncomment: Require ip 127.0.0.1\n# Comment out: #Deny from all and Uncomment: Allow from 127.0.0.1\n# Note: The BPS System Info page displays which modules are loaded on your server.\n\n# BEGIN BPS WPADMIN DENY ACCESS TO FILES\n<FilesMatch \"^(install\.php)\">\n<IfModule mod_authz_core.c>\nRequire all denied\n#Require ip 127.0.0.1\n</IfModule>\n\n<IfModule !mod_authz_core.c>\n<IfModule mod_access_compat.c>\nOrder Allow,Deny\nDeny from all\n#Allow from 127.0.0.1\n</IfModule>\n</IfModule>\n</FilesMatch>\n# END BPS WPADMIN DENY ACCESS TO FILES", $stringReplace);
715
-
716
- } elseif ( preg_match( $pattern_amod, $stringReplace, $matches ) && $CC_Options_wpadmin['bps_customcode_deny_files_wpa'] == '' && $Apache_Mod_options['bps_apache_mod_ifmodule'] == 'No' ) {
717
-
718
- $stringReplace = preg_replace( $pattern_amod, "# WPADMIN DENY BROWSER ACCESS TO FILES\n# Deny Browser access to /wp-admin/install.php\n# Use BPS Custom Code to modify/edit/change this code and to save it permanently.\n# To be able to view the install.php file from a Browser, replace 127.0.0.1 with your actual\n# current IP address. Comment out: #Deny from all and Uncomment: Allow from 127.0.0.1\n# Note: The BPS System Info page displays which modules are loaded on your server.\n\n# BEGIN BPS WPADMIN DENY ACCESS TO FILES\n<FilesMatch \"^(install\.php)\">\nOrder Allow,Deny\nDeny from all\n#Allow from 127.0.0.1\n</FilesMatch>\n# END BPS WPADMIN DENY ACCESS TO FILES", $stringReplace);
719
- }
720
-
721
- if ( preg_match( $pattern26, $stringReplace, $matches ) ) {
722
- $stringReplace = preg_replace( $pattern26, "RewriteCond %{REQUEST_URI} (press-this\.php|widgets\.php) [NC]", $stringReplace);
723
- }
724
-
725
- if ( preg_match( $pattern25, $stringReplace, $matches ) ) {
726
- $stringReplace = preg_replace( $pattern25, "# BPS REWRITE ENGINE\nRewriteEngine On", $stringReplace);
727
- }
728
-
729
- if ( preg_match($pattern10a, $stringReplace, $matches) ) {
730
- $stringReplace = preg_replace( $pattern10a, "RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\\\\\s+|%20+\\\\\s+|\\\\\s+%20+|\\\\\s+%20+\\\\\s+)HTTP(:/|/) [NC,OR]", $stringReplace);
731
- }
732
-
733
- if ( preg_match($pattern10b, $stringReplace, $matches) ) {
734
- $stringReplace = preg_replace( $pattern10b, "RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\\\\\s+|%20+\\\\\s+|\\\\\s+%20+|\\\\\s+%20+\\\\\s+)HTTP(:/|/) [NC,OR]", $stringReplace);
735
- }
736
-
737
- if ( preg_match($pattern10c, $stringReplace, $matches) ) {
738
- $stringReplace = preg_replace( $pattern10c, "RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\\\\\s+|%20+\\\\\s+|\\\\\s+%20+|\\\\\s+%20+\\\\\s+)HTTP(:/|/) [NC,OR]", $stringReplace);
739
- }
740
-
741
- // 2.0: Add additional https scheme conditions to 3 htaccess security rules and combine 2 rules into 1 rule.
742
- if ( preg_match( $pattern21, $stringReplace, $matches ) ) {
743
- $stringReplace = preg_replace( $pattern21, "RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\\\\\s+|%20+\\\\\s+|\\\\\s+%20+|\\\\\s+%20+\\\\\s+)(http|https)(:/|/) [NC,OR]", $stringReplace);
744
- }
745
-
746
- if ( preg_match( $pattern22, $stringReplace, $matches ) ) {
747
- $stringReplace = preg_replace( $pattern22, "RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(http|https):// [NC,OR]", $stringReplace);
748
- }
749
-
750
- if ( preg_match( $pattern23, $stringReplace, $matches ) ) {
751
- $stringReplace = preg_replace( $pattern23, "RewriteCond %{QUERY_STRING} ^(.*)cPath=(http|https)://(.*)$ [NC,OR]", $stringReplace);
752
- }
753
-
754
- if ( preg_match( $pattern24, $stringReplace, $matches ) ) {
755
- $stringReplace = preg_replace( $pattern24, "RewriteCond %{QUERY_STRING} (http|https)\: [NC,OR]", $stringReplace);
756
- }
757
-
758
- if ( preg_match($pattern1, $stringReplace, $matches) ) {
759
- $stringReplace = str_replace("RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>).* [NC,OR]", "RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>).* [NC,OR]", $stringReplace);
760
- }
761
-
762
- file_put_contents($filename, $stringReplace);
763
 
764
- if ( getBPSInstallTime() == getBPSwpadminHtaccessLasModTime_minutes() || getBPSInstallTime_plusone() == getBPSwpadminHtaccessLasModTime_minutes() ) {
765
- //print("Testing wp-admin auto-update");
766
- $bps_wpadmin_upgrade = 'upgrade';
767
- } // end upgrade processing
768
- break;
769
- case strpos( $check_string, "BULLETPROOF $bps_version" ) && strpos( $check_string, "BPSQSE-check" ):
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
770
 
771
- $bps_status_display = get_option('bulletproof_security_options_status_display');
772
-
773
- if ( isset($bps_status_display['bps_status_display']) && $bps_status_display['bps_status_display'] != 'Off' ) {
774
-
775
- if ( preg_match( '/page=bulletproof-security/', esc_html($_SERVER['REQUEST_URI']), $matches ) ) {
776
-
777
- $WBM = $aitpro_bullet . '<a href="'.admin_url( 'admin.php?page=bulletproof-security/admin/core/core.php#RBM-Status' ).'" title="wp-admin Folder BulletProof Mode" style="text-decoration:none;">'.__('WBM', 'bulletproof-security').'</a>: <font color="green"><strong>'.__('On', 'bulletproof-security').'</strong></font>';
778
- $WBM_str = str_replace( "BULLETPROOF $bps_version WP-ADMIN SECURE .HTACCESS", "$WBM", $section );
779
-
780
- echo '<div id="bps-status-display" style="float:left;font-weight:600;margin:0px;">'.$WBM_str.'</div>';
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
781
  }
782
  }
783
- break;
784
- default:
785
-
786
- if ( $bps_wpadmin_upgrade != 'upgrade' ) {
787
-
788
- $text = '<div class="update-nag" style="background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="#fb0101">'.__('BPS Alert! A valid BPS htaccess file was NOT found in your wp-admin folder', 'bulletproof-security').'</font><br>'.__('BulletProof Mode for the wp-admin folder should also be activated when you have BulletProof Mode activated for the Root folder.', 'bulletproof-security').'</div>';
789
- echo $text;
790
- }
791
- }
792
- }
793
- }
794
- }
795
  }
796
  }
797
 
@@ -804,13 +788,17 @@ function bpsProMScanStatus() {
804
  if ( current_user_can('manage_options') ) {
805
  global $aitpro_bullet;
806
 
807
- if ( esc_html($_SERVER['REQUEST_METHOD']) != 'POST' && esc_html($_SERVER['QUERY_STRING']) != 'page=bulletproof-security/admin/system-info/system-info.php' ) {
808
-
809
- $bps_status_display = get_option('bulletproof_security_options_status_display');
810
-
811
- if ( isset($bps_status_display['bps_status_display']) && $bps_status_display['bps_status_display'] == 'Off' ) {
812
  return;
813
  }
 
 
 
 
 
 
 
 
814
 
815
  if ( isset($bps_status_display['bps_status_display']) && $bps_status_display['bps_status_display'] != 'Off' && preg_match( '/page=bulletproof-security/', esc_html($_SERVER['REQUEST_URI']), $matches ) ) {
816
 
@@ -864,6 +852,10 @@ function bpsProDBBStatus() {
864
 
865
  global $aitpro_bullet;
866
 
 
 
 
 
867
  if ( esc_html($_SERVER['REQUEST_METHOD']) != 'POST' && esc_html($_SERVER['QUERY_STRING']) != 'page=bulletproof-security/admin/system-info/system-info.php' ) {
868
 
869
  $bps_status_display = get_option('bulletproof_security_options_status_display');
@@ -880,42 +872,43 @@ function bpsProDBBStatus() {
880
  }
881
 
882
  $DBBoptions = get_option('bulletproof_security_options_db_backup');
883
-
884
  ?>
885
 
886
- <style>
887
- <!--
888
- div.dbb-status-tooltip {display:inline-block;position:relative;}
889
- div.dbb-status-tooltip:hover {z-index:10;}
890
- div.dbb-status-tooltip img:hover {z-index:10;}
891
- div.dbb-status-tooltip span {display:none;position:absolute;bottom:0;left:0;right:0;}
892
- div.dbb-status-tooltip:hover span {width:500px;height:60px;display:block;position:absolute;top:30px;left:5px;right:0;color:#000;background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow:3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow:3px 3px 5px -1px rgba(153,153,153,0.7);}
893
- -->
894
- </style>
895
 
896
  <?php
897
- $bps_qm_dbb1 = '<div class="dbb-status-tooltip"><img src="'.plugins_url('/bulletproof-security/admin/images/question-mark.png').'" style="position:relative;top:3px;right:1px;" /><span>A BPS DB Backup has not been performed yet. To run a DB Backup go to the BPS DB Backup page, create a Backup Job and run the Backup Job or you can just ignore this hover tooltip and not perform a DB Backup.</span></div>';
898
-
899
- $bps_qm_dbb2 = '<div class="dbb-status-tooltip"><img src="'.plugins_url('/bulletproof-security/admin/images/question-mark.png').'" style="position:relative;top:3px;right:1px;" /><span>A BPS DB Backup Job has been created. To run a DB Backup go to the BPS DB Backup page and run the Backup Job or you can just ignore this hover tooltip and not perform a DB Backup.</span></div>';
900
-
901
- if ( isset($DBBoptions['bps_db_backup_status_display']) && $DBBoptions['bps_db_backup_status_display'] == 'No DB Backups' || isset($DBBoptions['bps_db_backup_status_display']) && $DBBoptions['bps_db_backup_status_display'] == '' ) {
902
-
903
- $text = '<div id="bps-status-display" style="float:left;font-weight:600;margin:-2px 0px 0px 0px;">' . $aitpro_bullet . '<a href="'.admin_url( 'admin.php?page=bulletproof-security/admin/db-backup-security/db-backup-security.php' ).'" title="Database Backup" style="text-decoration:none;">'.esc_attr__('DBB', 'bulletproof-security').'</a>: '.$bps_qm_dbb1.'</div>';
904
- echo $text;
905
 
906
- } elseif ( isset($DBBoptions['bps_db_backup_status_display']) && $DBBoptions['bps_db_backup_status_display'] == 'Backup Job Created' ) {
 
 
 
907
 
908
- $text = '<div id="bps-status-display" style="float:left;font-weight:600;margin:-2px 0px 0px 0px;">' . $aitpro_bullet . '<a href="'.admin_url( 'admin.php?page=bulletproof-security/admin/db-backup-security/db-backup-security.php' ).'" title="Database Backup" style="text-decoration:none;">'.esc_attr__('DBB', 'bulletproof-security').'</a>: '.$bps_qm_dbb2.'</div>';
909
- echo $text;
910
-
911
- } else {
912
 
913
- $text = '<div id="bps-status-display" style="float:left;font-weight:600;margin:0px;">' . $aitpro_bullet . '<a href="'.admin_url( 'admin.php?page=bulletproof-security/admin/db-backup-security/db-backup-security.php' ).'" title="Database Backup" style="text-decoration:none;">'.esc_attr__('DBB', 'bulletproof-security').'</a>: <font color="green"><strong>'.$DBBoptions['bps_db_backup_status_display'].'</strong></font></div>';
914
- echo $text;
 
 
 
 
 
915
  }
916
  }
917
  }
918
- }
919
  }
920
 
921
  // Login Security Status display - BPS pages ONLY
@@ -924,6 +917,10 @@ global $aitpro_bullet;
924
 
925
  if ( current_user_can('manage_options') ) {
926
 
 
 
 
 
927
  if ( esc_html($_SERVER['REQUEST_METHOD']) != 'POST' && esc_html($_SERVER['QUERY_STRING']) != 'page=bulletproof-security/admin/system-info/system-info.php' ) {
928
 
929
  $bps_status_display = get_option('bulletproof_security_options_status_display');
@@ -961,6 +958,10 @@ global $aitpro_bullet;
961
 
962
  if ( current_user_can('manage_options') ) {
963
 
 
 
 
 
964
  if ( esc_html($_SERVER['REQUEST_METHOD']) != 'POST' && esc_html($_SERVER['QUERY_STRING']) != 'page=bulletproof-security/admin/system-info/system-info.php' ) {
965
 
966
  $bps_status_display = get_option('bulletproof_security_options_status_display');
@@ -1004,47 +1005,51 @@ global $aitpro_bullet;
1004
 
1005
  if ( current_user_can('manage_options') ) {
1006
 
1007
- if ( esc_html($_SERVER['REQUEST_METHOD']) != 'POST' && esc_html($_SERVER['QUERY_STRING']) != 'page=bulletproof-security/admin/system-info/system-info.php' ) {
1008
-
1009
- $bps_status_display = get_option('bulletproof_security_options_status_display');
1010
-
1011
- if ( isset($bps_status_display['bps_status_display']) && $bps_status_display['bps_status_display'] == 'Off' ) {
1012
- return;
1013
- }
1014
-
1015
- if ( isset($bps_status_display['bps_status_display']) && $bps_status_display['bps_status_display'] != 'Off' && preg_match( '/page=bulletproof-security/', esc_html($_SERVER['REQUEST_URI']), $matches ) ) {
1016
 
1017
- // New BPS installation - do not display status
1018
- if ( ! get_option('bulletproof_security_options_wizard_free') ) {
 
 
 
1019
  return;
1020
  }
1021
-
1022
- if ( ! get_option('bulletproof_security_options_idle_session') ) {
1023
- return;
1024
- }
1025
-
1026
- $BPSoptionsISL = get_option('bulletproof_security_options_idle_session');
1027
 
1028
- if ( ! get_option('bulletproof_security_options_auth_cookie') ) {
1029
- $status_DDiv = '</div><div style="clear:both;"></div>';
1030
- } else {
1031
- $status_DDiv = '</div>';
1032
- }
1033
-
1034
- if ( $BPSoptionsISL['bps_isl'] == 'On' ) {
1035
-
1036
- $text = '<div id="bps-status-display" style="float:left;font-weight:600;margin:0px;">'. $aitpro_bullet . '<a href="'.admin_url( 'admin.php?page=bulletproof-security/admin/login/login.php#bps-tabs-2' ).'" title="'.esc_attr( 'Idle Session Logout' ).'" style="text-decoration:none;">'.__('ISL', 'bulletproof-security').'</a>: <font color="green"><strong>'.__('On', 'bulletproof-security').'</strong></font>'.$status_DDiv;
1037
- echo $text;
1038
- }
1039
-
1040
- if ( $BPSoptionsISL['bps_isl'] == 'Off' ) {
1041
 
1042
- $text = '<div id="bps-status-display" style="float:left;font-weight:600;margin:0px;">'. $aitpro_bullet . '<a href="'.admin_url( 'admin.php?page=bulletproof-security/admin/login/login.php#bps-tabs-2' ).'" title="'.esc_attr( 'Idle Session Logout' ).'" style="text-decoration:none;">'.__('ISL', 'bulletproof-security').'</a>: <font color="#fb0101"><strong>'.__('Off', 'bulletproof-security').'</strong></font>'.$status_DDiv;
1043
- echo $text;
1044
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1045
  }
1046
  }
1047
- }
1048
  }
1049
 
1050
  // Auth Cookie Expiration ACE Status display - BPS pages ONLY
@@ -1053,42 +1058,46 @@ global $aitpro_bullet;
1053
 
1054
  if ( current_user_can('manage_options') ) {
1055
 
1056
- if ( esc_html($_SERVER['REQUEST_METHOD']) != 'POST' && esc_html($_SERVER['QUERY_STRING']) != 'page=bulletproof-security/admin/system-info/system-info.php' ) {
1057
-
1058
- $bps_status_display = get_option('bulletproof_security_options_status_display');
1059
-
1060
- if ( isset($bps_status_display['bps_status_display']) && $bps_status_display['bps_status_display'] == 'Off' ) {
1061
- return;
1062
- }
1063
-
1064
- if ( isset($bps_status_display['bps_status_display']) && $bps_status_display['bps_status_display'] != 'Off' && preg_match( '/page=bulletproof-security/', esc_html($_SERVER['REQUEST_URI']), $matches ) ) {
1065
 
1066
- // New BPS installation - do not display status
1067
- if ( ! get_option('bulletproof_security_options_wizard_free') ) {
 
 
 
1068
  return;
1069
  }
1070
-
1071
- if ( ! get_option('bulletproof_security_options_auth_cookie') ) {
1072
- return;
1073
- }
 
 
 
 
 
 
 
 
 
 
 
 
1074
 
1075
- $BPSoptionsACE = get_option('bulletproof_security_options_auth_cookie');
1076
- $status_DDiv = '</div><div style="clear:both;"></div>';
1077
-
1078
- if ( $BPSoptionsACE['bps_ace'] == 'On' ) {
1079
-
1080
- $text = '<div id="bps-status-display" style="float:left;font-weight:600;margin:0px;">'. $aitpro_bullet . '<a href="'.admin_url( 'admin.php?page=bulletproof-security/admin/login/login.php#bps-tabs-2' ).'" title="'.esc_attr( 'Auth Cookie Expiration' ).'" style="text-decoration:none;">'.__('ACE', 'bulletproof-security').'</a>: <font color="green"><strong>'.__('On', 'bulletproof-security').'</strong></font>'.$status_DDiv;
1081
- echo $text;
1082
- }
1083
-
1084
- if ( $BPSoptionsACE['bps_ace'] == 'Off' ) {
1085
-
1086
- $text = '<div id="bps-status-display" style="float:left;font-weight:600;margin:0px;">'. $aitpro_bullet . '<a href="'.admin_url( 'admin.php?page=bulletproof-security/admin/login/login.php#bps-tabs-2' ).'" title="'.esc_attr( 'Auth Cookie Expiration' ).'" style="text-decoration:none;">'.__('ACE', 'bulletproof-security').'</a>: <font color="#fb0101"><strong>'.__('Off', 'bulletproof-security').'</strong></font>'.$status_DDiv;
1087
- echo $text;
1088
- }
1089
  }
1090
  }
1091
- }
1092
  }
1093
 
1094
  // GET HTTP Status Response from /mod-test/ images to determine which Apache Modules are Loaded,
@@ -1177,92 +1186,70 @@ function bpsPro_apache_mod_directive_check() {
1177
  }
1178
  }
1179
 
1180
- // Fubar: Server does not have necessary Modules loaded to use htaccess files
1181
- // if $status_code2, 3 and 4 are not 403 errors then neither mod_access_compat or mod_authz_core are loaded.
1182
- // if $status_code9 is a 500 error then mod_rewrite is not loaded.
1183
- /*
1184
- if ( 403 != $status_code2 && 403 != $status_code3 && 403 != $status_code4 || 500 == $status_code9 ) {
1185
-
1186
- $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
1187
-
1188
- if ( $HFiles_options['bps_htaccess_files'] == 'enabled' ) {
1189
- $apache_ifmodule = 'Yes';
1190
- } else {
1191
- $apache_ifmodule = 'fubar';
1192
- }
1193
-
1194
- $text = '<font color="#fb0101"><strong>'.$status_code2.':'.$status_code3.':'.$status_code4.':'.$status_code9.':</strong></font> '.__('mod_access_compat and mod_authz_core or mod_rewrite are not Loaded', 'bulletproof-security').'<br>';
1195
- echo $text;
1196
-
1197
- } else {
1198
- */
1199
-
1200
- // mod_access_compat loaded, Order, Allow, Deny directives are supported
1201
- if ( 403 == $status_code2 ) {
1202
 
1203
- $apache_ifmodule = 'Yes';
 
 
 
1204
 
1205
- $text = '<font color="green"><strong>'.$status_code2.':</strong></font> '.__('mod_access_compat is Loaded|Order, Allow, Deny directives are supported|IfModule: Yes', 'bulletproof-security').'<br>';
1206
- echo $text;
1207
 
1208
- // mod_access_compat is not loaded|available.
1209
- } elseif ( 403 != $status_code2 ) {
1210
-
1211
- $apache_ifmodule = 'Yes';
1212
 
1213
- $text = '<font color="#2271b1"><strong>'.$status_code2.':</strong></font> '.__('mod_access_compat is not Loaded|IfModule: Yes', 'bulletproof-security').'<br>';
1214
- echo $text;
1215
- }
1216
 
1217
- // mod_authz_core loaded, IfModule condition working, Order, Allow, Deny directives are supported
1218
- // 3 normal mod_authz_core test| 4 is mod_access_compat BC
1219
- if ( 403 == $status_code3 && 403 == $status_code4 ) {
1220
-
1221
- $text = '<font color="green"><strong>'.$status_code3.':</strong></font> '.__('mod_authz_core is Loaded|Order, Allow, Deny directives are supported|BC: Yes|IfModule: Yes', 'bulletproof-security').'<br>';
1222
- echo $text;
1223
-
1224
- } elseif ( 403 == $status_code3 && 403 != $status_code4 ) {
1225
 
1226
- $text = '<font color="green"><strong>'.$status_code3.':</strong></font> '.__('mod_authz_core is Loaded|Order, Allow, Deny directives are not supported|BC: No|IfModule: Yes', 'bulletproof-security').'<br>';
1227
- echo $text;
1228
 
1229
- } elseif ( 403 != $status_code3 && 403 != $status_code4 ) {
1230
-
1231
- $text = '<font color="#2271b1"><strong>'.$status_code3.':</strong></font> '.__('mod_authz_core is not Loaded|IfModule: Yes', 'bulletproof-security').'<br>';
1232
- echo $text;
1233
- }
1234
-
 
 
 
 
1235
 
1236
- // mod_authz_host loaded, IfModule condition working, Order, Allow, Deny directives are supported
1237
- // 5 normal mod_authz_core test| 6 is mod_access_compat BC
1238
- if ( 403 == $status_code5 && 403 == $status_code6 ) {
1239
-
1240
- $text = '<font color="green"><strong>'.$status_code5.':</strong></font> '.__('mod_authz_host is Loaded|Order, Allow, Deny directives are supported|BC: Yes|IfModule: Yes', 'bulletproof-security').'<br>';
1241
- echo $text;
1242
-
1243
- } elseif ( 403 == $status_code5 && 403 != $status_code6 ) {
1244
 
1245
- $text = '<font color="green"><strong>'.$status_code5.':</strong></font> '.__('mod_authz_host is Loaded|Order, Allow, Deny directives are not supported|BC: No|IfModule: Yes', 'bulletproof-security').'<br>';
1246
- echo $text;
1247
 
1248
- } elseif ( 403 != $status_code5 && 403 != $status_code6 ) {
1249
-
1250
- $text = '<font color="#2271b1"><strong>'.$status_code6.':</strong></font> '.__('mod_authz_host is not Loaded|IfModule: Yes', 'bulletproof-security').'<br>';
1251
- echo $text;
1252
- }
 
 
 
 
 
1253
 
1254
- // mod_rewrite Module loaded.
1255
- if ( 301 == $status_code9 || 302 == $status_code9 || 200 == $status_code9 || 404 == $status_code9 || 403 == $status_code9 ) {
1256
-
1257
- $text = '<font color="green"><strong>'.$status_code9.':</strong></font> '.__('mod_rewrite Module is Loaded|IfModule: Yes', 'bulletproof-security').'<br>';
1258
- echo $text;
1259
 
1260
- } else {
1261
-
1262
- $text = '<font color="#2271b1"><strong>'.$status_code9.':</strong></font> '.__('mod_rewrite Inconclusive: Status is not 200, 301, 302, 403 or 404', 'bulletproof-security').'<br>';
1263
- echo $text;
1264
- }
1265
- //} // End: Fubar condition
 
 
1266
 
1267
  $apache_modules_Options = array(
1268
  'bps_apache_mod_ifmodule' => $apache_ifmodule,
@@ -1385,33 +1372,15 @@ function bpsPro_apache_mod_directive_check() {
1385
  }
1386
  }
1387
 
1388
- // Fubar: Server does not have necessary Modules loaded to use htaccess files
1389
- // if $status_code2, 3 and 4 are not 403 errors then neither mod_access_compat or mod_authz_core are loaded.
1390
- // if $status_code9 is a 500 error then mod_rewrite is not loaded.
1391
- /*
1392
- if ( 403 != $status_code2 && 403 != $status_code3 && 403 != $status_code4 || 500 == $status_code9 ) {
1393
-
1394
- $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
1395
-
1396
- if ( $HFiles_options['bps_htaccess_files'] == 'enabled' ) {
1397
- $apache_ifmodule = 'Yes';
1398
- } else {
1399
- $apache_ifmodule = 'fubar';
1400
- }
1401
-
1402
- } else {
1403
- */
1404
-
1405
- // mod_access_compat loaded, IfModule condition working, Order, Allow, Deny directives are supported
1406
- if ( 403 == $status_code2 ) {
1407
 
1408
- $apache_ifmodule = 'Yes';
1409
-
1410
- } else {
1411
 
1412
- $apache_ifmodule = 'Yes';
1413
- }
1414
- //} // END: Fubar condition
 
1415
 
1416
  $apache_modules_Options = array(
1417
  'bps_apache_mod_ifmodule' => $apache_ifmodule,
@@ -1514,33 +1483,15 @@ function bpsPro_apache_mod_directive_check() {
1514
  }
1515
  }
1516
 
1517
- // Fubar: Server does not have necessary Modules loaded to use htaccess files
1518
- // if $status_code2, 3 and 4 are not 403 errors then neither mod_access_compat or mod_authz_core are loaded.
1519
- // if $status_code9 is a 500 error then mod_rewrite is not loaded.
1520
- /*
1521
- if ( 403 != $status_code2 && 403 != $status_code3 && 403 != $status_code4 || 500 == $status_code9 ) {
1522
-
1523
- $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
1524
-
1525
- if ( $HFiles_options['bps_htaccess_files'] == 'enabled' ) {
1526
- $apache_ifmodule = 'Yes';
1527
- } else {
1528
- $apache_ifmodule = 'fubar';
1529
- }
1530
-
1531
- } else {
1532
- */
1533
-
1534
- // mod_access_compat loaded, IfModule condition working, Order, Allow, Deny directives are supported
1535
- if ( 403 == $status_code2 ) {
1536
 
1537
- $apache_ifmodule = 'Yes';
1538
-
1539
- } else {
1540
 
1541
- $apache_ifmodule = 'Yes';
1542
- }
1543
- //} // END: Fubar condition
 
1544
 
1545
  $apache_modules_Options = array(
1546
  'bps_apache_mod_ifmodule' => $apache_ifmodule,
212
 
213
  global $bps_version, $bps_last_version, $aitpro_bullet, $pagenow;
214
 
215
+ if ( preg_match( '/page=bulletproof-security.*mscan-scan-status.php/', esc_html($_SERVER['REQUEST_URI']) ) ) {
216
+ return;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
217
  }
218
 
219
+ if ( esc_html($_SERVER['REQUEST_METHOD']) == 'POST' ) {
 
 
 
 
220
 
221
+ $bps_status_display = get_option('bulletproof_security_options_status_display');
 
 
222
 
223
+ if ( isset($bps_status_display['bps_status_display']) && $bps_status_display['bps_status_display'] != 'Off' ) {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
224
 
225
+ if ( preg_match( '/page=bulletproof-security/', esc_html($_SERVER['REQUEST_URI']), $matches ) ) {
226
 
227
+ $wp_admin_url = admin_url();
228
+
229
+ if ( 'update-core.php' != $pagenow ) {
230
+ ?>
231
+
232
+ <div id="url-hash"></div>
233
+
234
+ <script type="text/javascript">
235
+ /* <![CDATA[ */
236
+ var bpsPage = "<?php echo $wp_admin_url . 'admin.php?' . $_SERVER['QUERY_STRING']; ?>"
237
+ var hash = window.location.hash;
238
+
239
+ document.getElementById("url-hash").innerHTML = '<div id="bps-status-display" style="float:left;margin:6px 0px 0px 2px;padding:3px 5px 3px 5px;background-color:#e8e8e8;border:1px solid gray;"><a href="' + bpsPage + hash + '" style="text-decoration:none;font-weight:bold;">Reload BPS Status Display</a></div><div style="clear:both;"></div>';
240
+ /* ]]> */
241
+ </script>
242
+
243
+ <?php
244
+ }
245
+ }
246
+ }
247
 
248
+ if ( isset($_POST['Submit-DBB-Run-Job']) && $_POST['Submit-DBB-Run-Job'] == true || isset($_POST['Submit-DB-Table-Prefix']) && $_POST['Submit-DB-Table-Prefix'] == true || isset($_POST['Submit-DB-Prefix-Table-Refresh']) && $_POST['Submit-DB-Prefix-Table-Refresh'] == true ) {
249
 
250
+ $bpsPro_Spinner = get_option('bulletproof_security_options_spinner');
 
 
 
251
 
252
+ if ( $bpsPro_Spinner['bps_spinner'] != 'Off' ) {
253
+
254
+ echo '<div id="bps-status-display" style="padding:2px 0px 4px 8px;width:240px;">';
255
+ echo '<div id="bps-spinner" class="bps-spinner" style="background:#fff;border:4px solid black;">';
256
+ echo '<img id="bps-img-spinner" src="'.plugins_url('/bulletproof-security/admin/images/bps-spinner.gif').'" style="float:left;margin:0px 20px 0px 0px;" />';
257
+ echo '<div id="bps-spinner-text-btn" style="padding:20px 0px 26px 0px;font-size:14px;">Processing...<br><button style="margin:10px 0px 0px 10px;" onclick="javascript:history.go(-1)">Cancel</button></div>';
258
+ echo '</div>';
259
+ ?>
260
+
261
+ <style>
262
+ <!--
263
+ .bps-spinner {
264
+ visibility:visible;
265
+ position:fixed;
266
+ top:7%;
267
+ left:45%;
268
+ width:240px;
269
+ padding:2px 0px 4px 8px;
270
+ z-index:99999;
271
+ }
272
+ -->
273
+ </style>
274
 
275
+ <?php
276
+ echo '</div>';
277
+ }
278
+ }
 
 
 
279
 
280
+ } elseif ( esc_html($_SERVER['QUERY_STRING']) == 'page=bulletproof-security/admin/system-info/system-info.php' ) {
 
 
 
 
281
 
282
+ $bps_status_display = get_option('bulletproof_security_options_status_display');
283
+
284
+ if ( isset($bps_status_display['bps_status_display']) && $bps_status_display['bps_status_display'] != 'Off' ) {
 
 
 
285
 
286
+ echo '<div id="bps-status-display" style="float:left;padding:0px 0px 10px 0px;">'.__('The BPS Status Display is set to Off by default on the System Info page', 'bulletproof-security').'</div>';
287
+ echo '<div style="clear:both;"></div>';
 
 
 
 
 
 
 
 
288
  }
 
289
 
290
+ } else {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
291
 
292
+ $options = get_option('bulletproof_security_options_autolock');
293
+ $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
 
 
 
 
 
 
 
294
 
295
+ $filename = ABSPATH . '.htaccess';
296
+
297
+ if ( file_exists($filename) ) {
298
 
299
+ $permsHtaccess = substr(sprintf('%o', fileperms($filename)), -4);
300
+ $sapi_type = php_sapi_name();
301
+ $check_string = file_get_contents($filename);
302
+ $section = file_get_contents($filename, false, NULL, 3, 38);
303
+ $bps_get_domain_root = bpsGetDomainRoot();
304
+ $bps_get_wp_root_secure = bps_wp_get_root_folder();
305
+ $bps_plugin_dir = str_replace( ABSPATH, '', WP_PLUGIN_DIR );
306
+ $bps_root_upgrade = '';
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
307
 
308
+ $patterna = '/RedirectMatch\s403\s\/\\\.\.\*\$/';
309
+ //$pattern0 = '/ErrorDocument\s404\s(.*)\/404\.php\s*ErrorDocument\s410\s(.*)410\.php/s';
310
+ $pattern0 = '/#{1,}(\s|){1,}ErrorDocument\s405(.*)\/bulletproof-security\/405\.php/';
311
+ $pattern1 = '/#\sFORBID\sEMPTY\sREFFERER\sSPAMBOTS(.*)RewriteCond\s%{HTTP_USER_AGENT}\s\^\$\sRewriteRule\s\.\*\s\-\s\[F\]/s';
312
+ // Only match 2 or more identical duplicate referer lines: 1 will not match and 2, 3, 4... will match
313
+ $pattern2 = '/AnotherWebsite\.com\)\.\*\s*(RewriteCond\s%\{HTTP_REFERER\}\s\^\.\*'.$bps_get_domain_root.'\.\*\s*){2,}\s*RewriteRule\s\.\s\-\s\[S=1\]/s';
314
+ $pattern4 = '/\.\*\(allow_url_include\|allow_url_fopen\|safe_mode\|disable_functions\|auto_prepend_file\) \[NC,OR\]/s';
315
+ $pattern6 = '/(\[|\]|\(|\)|<|>|%3c|%3e|%5b|%5d)/s';
316
+ $pattern7 = '/RewriteCond %{QUERY_STRING} \^\.\*(.*)[3](.*)[5](.*)[5](.*)[7](.*)\)/';
317
+ $pattern8 = '/\[NC\]\s*RewriteCond\s%{HTTP_REFERER}\s\^\.\*(.*)\.\*\s*(.*)\s*(.*)\s*(.*)\s*(.*)\s*(.*)\s*RewriteRule\s\.\s\-\s\[S=1\]/';
318
+ $pattern9 = '/RewriteCond\s%{QUERY_STRING}\s\(sp_executesql\)\s\[NC\]\s*(.*)\s*(.*)END\sBPSQSE(.*)\s*RewriteCond\s%{REQUEST_FILENAME}\s!-f\s*RewriteCond\s%{REQUEST_FILENAME}\s!-d\s*RewriteRule\s\.(.*)\/index\.php\s\[L\]\s*(.*)LOOP\sEND/';
319
+ $pattern10 = '/#\sBEGIN\sBPSQSE\sBPS\sQUERY\sSTRING\sEXPLOITS\s*#\sThe\slibwww-perl\sUser\sAgent\sis\sforbidden/';
320
+ $pattern10a = '/RewriteCond\s%\{THE_REQUEST\}\s(.*)\?(.*)\sHTTP\/\s\[NC,OR\]\s*RewriteCond\s%\{THE_REQUEST\}\s(.*)\*(.*)\sHTTP\/\s\[NC,OR\]/';
321
+ $pattern10b = '/RewriteCond\s%\{THE_REQUEST\}\s.*\?\+\(%20\{1,\}.*\s*RewriteCond\s%\{THE_REQUEST\}\s.*\+\(.*\*\|%2a.*\s\[NC,OR\]/';
322
+ $pattern10c = '/RewriteCond\s%\{THE_REQUEST\}\s\(\\\\?.*%2a\)\+\(%20\+\|\\\\s\+.*HTTP\(:\/.*\[NC,OR\]/';
323
+ $pattern11 = '/RewriteCond\s%\{QUERY_STRING\}\s\[a-zA-Z0-9_\]\=http:\/\/\s\[OR\]/';
324
+ $pattern12 = '/RewriteCond\s%\{QUERY_STRING\}\s\[a-zA-Z0-9_\]\=\(\\\.\\\.\/\/\?\)\+\s\[OR\]/';
325
+ $pattern13 = '/RewriteCond\s%\{QUERY_STRING\}\s\(\\\.\\\.\/\|\\\.\\\.\)\s\[OR\]/';
326
+ $pattern14 = '/RewriteCond\s%{QUERY_STRING}\s\(\\\.\/\|\\\.\.\/\|\\\.\.\.\/\)\+\(motd\|etc\|bin\)\s\[NC,OR\]/';
327
+ $pattern_amod = '/#\sDENY\sBROWSER\sACCESS\sTO\sTHESE\sFILES(.*\s*){6,8}<FilesMatch(.*)wp-config(.*\s*){4,6}<\/FilesMatch>/';
328
+ $pattern15 = '/BPS\sPOST\sRequest\sAttack\sProtection/';
329
+ $pattern16 = '/#\sNEVER\sCOMMENT\sOUT\sTHIS\sLINE\sOF\sCODE\sBELOW\sFOR\sANY\sREASON(\s*){1}RewriteCond\s%\{REQUEST_URI\}\s\!\^\.\*\/wp-admin\/\s\[NC\]/';
330
+ $pattern17 = '/#\sNEVER\sCOMMENT\sOUT\sTHIS\sLINE\sOF\sCODE\sBELOW\sFOR\sANY\sREASON(\s*){1}#{1,}(\s|){1,}RewriteCond\s%\{REQUEST_URI\}\s\!\^\.\*\/wp-admin\/\s\[NC\]/';
331
+ $pattern18 = '/#\sREQUEST\sMETHODS\sFILTERED(.*)RewriteCond\s\%\{REQUEST_METHOD\}\s\^\(HEAD\|TRACE\|DELETE\|TRACK\|DEBUG\)\s\[NC\](\s*){1}RewriteRule\s\^\(\.\*\)\$\s\-\s\[F\]/s';
332
+ $pattern19 = '/RewriteRule\s\^\(\.\*\)\$\s\-\s\[R=405,L\]/';
333
+ // 2.3: Reverting: Match R,L for replacement to L
334
+ $pattern20 = '/RewriteRule\s\^\(\.\*\)\$(.*)\/bulletproof-security\/405\.php\s\[R,L\]/';
335
+ $pattern21 = '/RewriteCond\s%\{THE_REQUEST\}\s\(\\\?.*%2a\)\+\(%20.*HTTP\(:\/.*\[NC,OR\]/';
336
+ $pattern22 = '/RewriteCond\s%\{QUERY_STRING\}\s\[a-zA-Z0-9_\]=http:\/\/\s\[NC,OR\]/';
337
+ $pattern23 = '/RewriteCond\s%\{QUERY_STRING\}\s\^\(\.\*\)cPath=http:\/\/\(\.\*\)\$\s\[NC,OR\]/';
338
+ $pattern24 = '/RewriteCond\s%\{QUERY_STRING\}\shttp\\\:\s\[NC,OR\](.*\s*){1}.*RewriteCond\s%\{QUERY_STRING\}\shttps\\\:\s\[NC,OR\]/';
339
+ // BPS 1.0: version numbering change. The string replace is on line 365
340
+ $BPSVpattern = '/BULLETPROOF\s\.[\d](.*)[\>]/';
341
+ $BPSVpattern2 = '/BULLETPROOF\s[\d]\.[\d]/';
342
+ $BPSVpattern3 = '/BULLETPROOF\s\.[\d][\d]\.[\d]/';
343
+ $BPSVreplace = "BULLETPROOF $bps_version";
344
+ }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
345
 
346
+ if ( ! file_exists($filename) ) {
 
 
347
 
348
+ if ( $HFiles_options['bps_htaccess_files'] == 'disabled' ) {
349
+
350
+ echo '<div id="bps-status-display" style="float:left;"><strong>'.__('BPS ', 'bulletproof-security').$bps_version.'</strong></div>';
351
+
352
+ } elseif ( $HFiles_options['bps_htaccess_files'] != 'disabled' ) {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
353
 
354
+ if ( ! get_option('bulletproof_security_options_wizard_free') ) {
355
+
356
+ $text = '<div class="update-nag" style="BPS Setup Wizard Notification><font color="blue">'.__('BPS Setup Wizard Notification', 'bulletproof-security').'</font><br><a href="'.admin_url( 'admin.php?page=bulletproof-security/admin/wizard/wizard.php' ).'">'.esc_attr__('Click Here', 'bulletproof-security').'</a>'.__(' to go to the BPS Setup Wizard page and click the Setup Wizard button to setup the BPS plugin.', 'bulletproof-security').'</div>';
357
+ echo $text;
358
+
359
+ } else {
 
 
 
 
 
360
 
361
+ $text = '<div class="update-nag" style="background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:500;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="#fb0101">'.__('BPS Alert! An htaccess file was NOT found in your WordPress root folder', 'bulletproof-security').'</font><br>'.__('If you have deleted the root htaccess file for troubleshooting purposes you can disregard this Alert.', 'bulletproof-security').'<br>'.__('Go to the ', 'bulletproof-security').'<a href="'.admin_url( 'admin.php?page=bulletproof-security/admin/core/core.php' ).'">'.esc_attr__('Security Modes page', 'bulletproof-security').'</a>'.__(' and click the Root Folder BulletProof Mode Activate button.', 'bulletproof-security').'</div>';
362
+ echo $text;
363
+ }
364
  }
 
 
 
 
 
365
 
366
+ } else {
367
+
368
+ if ( file_exists($filename) ) {
369
 
370
+ switch ( $bps_version ) {
371
+ case $bps_last_version: // for testing
372
+ if ( strpos( $check_string, "BULLETPROOF $bps_last_version" ) && strpos( $check_string, "BPSQSE" ) ) {
373
+ print($section);
374
+ }
375
+ break;
376
+ case ! strpos( $check_string, "BULLETPROOF" ) && ! strpos( $check_string, "DEFAULT" ):
377
+
378
+ // Setup Wizard Notice
379
+ if ( ! get_option('bulletproof_security_options_wizard_free') ) {
380
+
381
+ $text = '<div class="update-nag" style="background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="blue">'.__('BPS Setup Wizard Notification', 'bulletproof-security').'</font><br><a href="'.admin_url( 'admin.php?page=bulletproof-security/admin/wizard/wizard.php' ).'">'.esc_attr__('Click Here', 'bulletproof-security').'</a>'.__(' to go to the BPS Setup Wizard page and click the Setup Wizard button to setup the BPS plugin.', 'bulletproof-security').'</div>';
382
+ echo $text;
383
+
384
+ } else {
385
+
386
+ global $current_user;
387
+ $user_id = $current_user->ID;
388
+
389
+ if ( ! get_user_meta($user_id, 'bps_ignore_root_version_check_notice') ) {
390
+
391
+ if ( esc_html($_SERVER['QUERY_STRING']) == '' && basename(esc_html($_SERVER['REQUEST_URI'])) != 'wp-admin' ) {
392
+ $bps_base = basename(esc_html($_SERVER['REQUEST_URI'])) . '?';
393
+ } elseif ( esc_html($_SERVER['QUERY_STRING']) == '' && basename(esc_html($_SERVER['REQUEST_URI'])) == 'wp-admin' ) {
394
+ $bps_base = basename( str_replace( 'wp-admin', 'index.php?', esc_html($_SERVER['REQUEST_URI'])));
395
+ } else {
396
+ $bps_base = str_replace( admin_url(), '', esc_html($_SERVER['REQUEST_URI']) ) . '&';
397
+ }
398
+
399
+ $text = '<div class="update-nag" style="background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="#fb0101">'.__('BPS Alert! Your site may not be protected by BulletProof Security', 'bulletproof-security').'</font><br>'.__('The BPS version: BULLETPROOF x.x SECURE .HTACCESS line of code was not found at the top of your Root htaccess file.', 'bulletproof-security').'<br>'.__('The BPS version line of code MUST be at the very top of your Root htaccess file.', 'bulletproof-security').'<br><a href="'.admin_url( 'admin.php?page=bulletproof-security/admin/wizard/wizard.php' ).'">'.esc_attr__('Click Here', 'bulletproof-security').'</a>'.__(' to go to the BPS Setup Wizard page and click the Setup Wizard button to setup the BPS plugin again.', 'bulletproof-security').'<br>'.__('Important Note: If you manually added other htaccess code above the BPS version line of code in your root htaccess file, you can copy that code to BPS Root Custom Code so that your code is saved in the correct place in the BPS root htaccess file. ', 'bulletproof-security').'<br><a href="'.admin_url( 'admin.php?page=bulletproof-security/admin/core/core.php#bps-tabs-7' ).'">'.esc_attr__('Click Here', 'bulletproof-security').'</a>'.__(' to go to the BPS Custom Code page, add your Root custom htaccess code in an appropriate Root Custom Code text box and click the Save Root Custom Code button before running the Setup Wizard again.', 'bulletproof-security').'<br>'.__('To Dismiss this Notice click the Dismiss Notice button below. To Reset Dismiss Notices click the Reset|Recheck Dismiss Notices button on the Alerts|Logs|Email Options page.', 'bulletproof-security').'<br><div style="float:left;margin:3px 0px 3px 0px;padding:2px 6px 2px 6px;background-color:#e8e8e8;border:1px solid gray;"><a href="'.$bps_base.'bps_root_version_check_nag_ignore=0'.'" style="text-decoration:none;font-weight:bold;">'.__('Dismiss Notice', 'bulletproof-security').'</a></div></div>';
400
+ echo $text;
401
+ }
402
+ }
403
+
404
+ break;
405
+ case ! strpos( $check_string, "BULLETPROOF $bps_version" ) && strpos( $check_string, "BPSQSE" ):
406
+
407
+ // Update/Add/Save any New DB options/features on upgrade
408
+ bpsPro_new_feature_autoupdate();
409
+ // mod_authz_core forward/backward compatibility: create new htaccess files if needed
410
+ bpsPro_apache_mod_directive_check();
411
+ $Apache_Mod_options = get_option('bulletproof_security_options_apache_modules');
412
+ $BPSCustomCodeOptions = get_option('bulletproof_security_options_customcode');
413
+ // Recreate the User Agent filters in the 403.php file on BPS upgrade
414
+ bpsPro_autoupdate_useragent_filters();
415
+
416
+ if ( substr($sapi_type, 0, 6) != 'apache' || $permsHtaccess != '0666' || $permsHtaccess != '0777') { // Windows IIS, XAMPP, etc
417
+ chmod($filename, 0644);
418
+ }
419
+
420
+ $stringReplace = file_get_contents($filename);
421
+
422
+ if ( preg_match($BPSVpattern, $stringReplace) ) {
423
+ $stringReplace = preg_replace($BPSVpattern, $BPSVreplace, $stringReplace);
424
+ } elseif ( preg_match($BPSVpattern2, $stringReplace) ) {
425
+ $stringReplace = preg_replace($BPSVpattern2, $BPSVreplace, $stringReplace);
426
+ } elseif ( preg_match($BPSVpattern3, $stringReplace) ) {
427
+ $stringReplace = preg_replace($BPSVpattern3, $BPSVreplace, $stringReplace);
428
+ }
429
+
430
+ $stringReplace = str_replace("RewriteCond %{HTTP_USER_AGENT} (libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR]", "RewriteCond %{HTTP_USER_AGENT} (havij|libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR]", $stringReplace);
431
+
432
+ if ( preg_match($patterna, $stringReplace, $matches) ) {
433
+ $stringReplace = preg_replace('/#\sDENY\sACCESS\sTO\sPROTECTED\sSERVER\sFILES(.*)RedirectMatch\s403\s\/\\\.\.\*\$/s', "# DENY ACCESS TO PROTECTED SERVER FILES AND FOLDERS\n# Files and folders starting with a dot: .htaccess, .htpasswd, .errordocs, .logs\nRedirectMatch 403 \.(htaccess|htpasswd|errordocs|logs)$", $stringReplace);
434
+ }
435
+
436
+ // .53.1: Create new block of Error Logging and Tracking code & help text if Custom Code is blank & New ErrorDocument 405 code does not exist.
437
+ if ( $BPSCustomCodeOptions['bps_customcode_error_logging'] == '' && ! preg_match( $pattern0, $stringReplace, $matches ) ) {
438
+ $stringReplace = preg_replace('/#\sBPS\sERROR\sLOGGING\sAND\sTRACKING.*(ErrorDocument\s404(.*)\/404\.php|ErrorDocument\s410(.*)\/bulletproof-security\/410\.php)/s', "# BPS ERROR LOGGING AND TRACKING\n# Use BPS Custom Code to modify/edit/change this code and to save it permanently.\n# BPS has premade 400 Bad Request, 403 Forbidden, 404 Not Found, 405 Method Not Allowed and\n# 410 Gone template logging files that are used to track and log 400, 403, 404, 405 and 410 errors\n# that occur on your website. When a hacker attempts to hack your website the hackers IP address,\n# Host name, Request Method, Referering link, the file name or requested resource, the user agent\n# of the hacker and the query string used in the hack attempt are logged.\n# All BPS log files are htaccess protected so that only you can view them.\n# The 400.php, 403.php, 404.php, 405.php and 410.php files are located in /$bps_plugin_dir/bulletproof-security/\n# The 400, 403, 405 and 410 Error logging files are already set up and will automatically start logging errors\n# after you install BPS and have activated BulletProof Mode for your Root folder.\n# If you would like to log 404 errors you will need to copy the logging code in the BPS 404.php file\n# to your Theme's 404.php template file. Simple instructions are included in the BPS 404.php file.\n# You can open the BPS 404.php file using the WP Plugins Editor or manually editing the file.\n# NOTE: By default WordPress automatically looks in your Theme's folder for a 404.php Theme template file.\n\nErrorDocument 400 $bps_get_wp_root_secure"."$bps_plugin_dir/bulletproof-security/400.php\nErrorDocument 401 default\nErrorDocument 403 $bps_get_wp_root_secure"."$bps_plugin_dir/bulletproof-security/403.php\nErrorDocument 404 $bps_get_wp_root_secure"."404.php\nErrorDocument 405 $bps_get_wp_root_secure"."$bps_plugin_dir/bulletproof-security/405.php\nErrorDocument 410 $bps_get_wp_root_secure"."$bps_plugin_dir/bulletproof-security/410.php", $stringReplace);
439
+ }
440
+
441
+ // 2.0: Add additional https scheme conditions to 3 htaccess security rules and combine 2 rules into 1 rule.
442
+ if ( preg_match( $pattern21, $stringReplace, $matches ) ) {
443
+ $stringReplace = preg_replace( $pattern21, "RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\\\\\s+|%20+\\\\\s+|\\\\\s+%20+|\\\\\s+%20+\\\\\s+)(http|https)(:/|/) [NC,OR]", $stringReplace);
444
+ }
445
+
446
+ if ( preg_match( $pattern22, $stringReplace, $matches ) ) {
447
+ $stringReplace = preg_replace( $pattern22, "RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(http|https):// [NC,OR]", $stringReplace);
448
+ }
449
+
450
+ if ( preg_match( $pattern23, $stringReplace, $matches ) ) {
451
+ $stringReplace = preg_replace( $pattern23, "RewriteCond %{QUERY_STRING} ^(.*)cPath=(http|https)://(.*)$ [NC,OR]", $stringReplace);
452
+ }
453
+
454
+ if ( preg_match( $pattern24, $stringReplace, $matches ) ) {
455
+ $stringReplace = preg_replace( $pattern24, "RewriteCond %{QUERY_STRING} (http|https)\: [NC,OR]", $stringReplace);
456
+ }
457
+
458
+ if ( preg_match($pattern1, $stringReplace, $matches) ) {
459
+ $stringReplace = preg_replace('/#\sFORBID\sEMPTY\sREFFERER\sSPAMBOTS(.*)RewriteCond\s%{HTTP_USER_AGENT}\s\^\$\sRewriteRule\s\.\*\s\-\s\[F\]/s', '', $stringReplace);
460
+ }
461
+
462
+ if ( preg_match($pattern2, $stringReplace, $matches) ) {
463
+ $stringReplace = preg_replace('/AnotherWebsite\.com\)\.\*\s*(RewriteCond\s%\{HTTP_REFERER\}\s\^\.\*'.$bps_get_domain_root.'\.\*\s*){2,}\s*RewriteRule\s\.\s\-\s\[S=1\]/s', "AnotherWebsite.com).*\nRewriteCond %{HTTP_REFERER} ^.*$bps_get_domain_root.*\nRewriteRule . - [S=1]", $stringReplace);
464
+ }
465
+
466
+ if ( ! preg_match($pattern10, $stringReplace, $matches) ) {
467
+ $stringReplace = preg_replace('/#\sBPSQSE\sBPS\sQUERY\sSTRING\sEXPLOITS\s*#\sThe\slibwww-perl\sUser\sAgent\sis\sforbidden/', "# BEGIN BPSQSE BPS QUERY STRING EXPLOITS\n# The libwww-perl User Agent is forbidden", $stringReplace);
468
+ }
469
+
470
+ if ( preg_match($pattern10a, $stringReplace, $matches) ) {
471
+ $stringReplace = preg_replace( $pattern10a, "RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\\\\\s+|%20+\\\\\s+|\\\\\s+%20+|\\\\\s+%20+\\\\\s+)HTTP(:/|/) [NC,OR]", $stringReplace);
472
+ }
473
+
474
+ if ( preg_match($pattern10b, $stringReplace, $matches) ) {
475
+ $stringReplace = preg_replace( $pattern10b, "RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\\\\\s+|%20+\\\\\s+|\\\\\s+%20+|\\\\\s+%20+\\\\\s+)HTTP(:/|/) [NC,OR]", $stringReplace);
476
+ }
477
+
478
+ if ( preg_match($pattern10c, $stringReplace, $matches) ) {
479
+ $stringReplace = preg_replace( $pattern10c, "RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\\\\\s+|%20+\\\\\s+|\\\\\s+%20+|\\\\\s+%20+\\\\\s+)HTTP(:/|/) [NC,OR]", $stringReplace);
480
+ }
481
+
482
+ if ( preg_match($pattern11, $stringReplace, $matches) ) {
483
+ $stringReplace = preg_replace('/RewriteCond\s%\{QUERY_STRING\}\s\[a-zA-Z0-9_\]\=http:\/\/\s\[OR\]/s', "RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [NC,OR]", $stringReplace);
484
+ }
485
+
486
+ if ( preg_match($pattern12, $stringReplace, $matches) ) {
487
+ $stringReplace = preg_replace('/RewriteCond\s%\{QUERY_STRING\}\s\[a-zA-Z0-9_\]\=\(\\\.\\\.\/\/\?\)\+\s\[OR\]/s', "RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [NC,OR]", $stringReplace);
488
+ }
489
+
490
+ if ( preg_match($pattern13, $stringReplace, $matches) ) {
491
+ $stringReplace = preg_replace('/RewriteCond\s%\{QUERY_STRING\}\s\(\\\.\\\.\/\|\\\.\\\.\)\s\[OR\]/s', "RewriteCond %{QUERY_STRING} (\.\./|%2e%2e%2f|%2e%2e/|\.\.%2f|%2e\.%2f|%2e\./|\.%2e%2f|\.%2e/) [NC,OR]", $stringReplace);
492
+ }
493
+
494
+ if ( preg_match($pattern6, $stringReplace, $matches)) {
495
+ $stringReplace = str_replace("RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|%3c|%3e|%5b|%5d).* [NC,OR]", "RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>|%3c|%3e).* [NC,OR]", $stringReplace);
496
+ $stringReplace = str_replace("RewriteCond %{QUERY_STRING} ^.*(\x00|\x04|\x08|\x0d|\x1b|\x20|\x3c|\x3e|\x5b|\x5d|\x7f).* [NC,OR]", "RewriteCond %{QUERY_STRING} ^.*(\x00|\x04|\x08|\x0d|\x1b|\x20|\x3c|\x3e|\x7f).* [NC,OR]", $stringReplace);
497
+ }
498
+
499
+ if ( preg_match($pattern7, $stringReplace, $matches)) {
500
+ $stringReplace = preg_replace('/RewriteCond %{QUERY_STRING} \^\.\*(.*)[5](.*)[5](.*)\)/', 'RewriteCond %{QUERY_STRING} ^.*(\x00|\x04|\x08|\x0d|\x1b|\x20|\x3c|\x3e|\x7f)', $stringReplace);
501
+ }
502
+
503
+ if ( preg_match($pattern14, $stringReplace, $matches) ) {
504
+ $stringReplace = preg_replace('/RewriteCond\s%{QUERY_STRING}\s\(\\\.\/\|\\\.\.\/\|\\\.\.\.\/\)\+\(motd\|etc\|bin\)\s\[NC,OR\]/s', "RewriteCond %{QUERY_STRING} (\.{1,}/)+(motd|etc|bin) [NC,OR]", $stringReplace);
505
+ }
506
+
507
+ if ( ! preg_match($pattern4, $stringReplace, $matches) ) {
508
+ $stringReplace = str_replace("RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR]", "RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR]\nRewriteCond %{QUERY_STRING} \-[sdcr].*(allow_url_include|allow_url_fopen|safe_mode|disable_functions|auto_prepend_file) [NC,OR]", $stringReplace);
509
+ }
510
+
511
+ if ( ! is_multisite() && ! preg_match($pattern9, $stringReplace, $matches) ) {
512
+ $stringReplace = preg_replace('/RewriteCond\s%{QUERY_STRING}\s\(sp_executesql\)\s\[NC\]\s*(.*)\s*RewriteCond\s%{REQUEST_FILENAME}\s!-f\s*RewriteCond\s%{REQUEST_FILENAME}\s!-d\s*RewriteRule\s\.(.*)\/index\.php\s\[L\]/', "RewriteCond %{QUERY_STRING} (sp_executesql) [NC]\nRewriteRule ^(.*)$ - [F,L]\n# END BPSQSE BPS QUERY STRING EXPLOITS\nRewriteCond %{REQUEST_FILENAME} !-f\nRewriteCond %{REQUEST_FILENAME} !-d\nRewriteRule . ".$bps_get_wp_root_secure."index.php [L]\n# WP REWRITE LOOP END", $stringReplace);
513
+ }
514
+
515
+ if ( preg_match( $pattern_amod, $stringReplace, $matches ) && $BPSCustomCodeOptions['bps_customcode_deny_files'] == '' && $Apache_Mod_options['bps_apache_mod_ifmodule'] == 'Yes' ) {
516
+
517
+ $stringReplace = preg_replace( $pattern_amod, "# DENY BROWSER ACCESS TO THESE FILES\n# Use BPS Custom Code to modify/edit/change this code and to save it permanently.\n# wp-config.php, bb-config.php, php.ini, php5.ini, readme.html\n# To be able to view these files from a Browser, replace 127.0.0.1 with your actual\n# current IP address. Comment out: #Require all denied and Uncomment: Require ip 127.0.0.1\n# Comment out: #Deny from all and Uncomment: Allow from 127.0.0.1\n# Note: The BPS System Info page displays which modules are loaded on your server.\n\n<FilesMatch \"^(wp-config\.php|php\.ini|php5\.ini|readme\.html|bb-config\.php)\">\n<IfModule mod_authz_core.c>\nRequire all denied\n#Require ip 127.0.0.1\n</IfModule>\n\n<IfModule !mod_authz_core.c>\n<IfModule mod_access_compat.c>\nOrder Allow,Deny\nDeny from all\n#Allow from 127.0.0.1\n</IfModule>\n</IfModule>\n</FilesMatch>", $stringReplace);
518
+
519
+ } elseif ( preg_match( $pattern_amod, $stringReplace, $matches ) && $BPSCustomCodeOptions['bps_customcode_deny_files'] == '' && $Apache_Mod_options['bps_apache_mod_ifmodule'] == 'No' ) {
520
+
521
+ $stringReplace = preg_replace( $pattern_amod, "# DENY BROWSER ACCESS TO THESE FILES\n# Use BPS Custom Code to modify/edit/change this code and to save it permanently.\n# wp-config.php, bb-config.php, php.ini, php5.ini, readme.html\n# To be able to view these files from a Browser, replace 127.0.0.1 with your actual\n# current IP address. Comment out: #Deny from all and Uncomment: Allow from 127.0.0.1\n# Note: The BPS System Info page displays which modules are loaded on your server.\n\n<FilesMatch \"^(wp-config\.php|php\.ini|php5\.ini|readme\.html|bb-config\.php)\">\nOrder Allow,Deny\nDeny from all\n#Allow from 127.0.0.1\n</FilesMatch>", $stringReplace);
522
+ }
523
+
524
+ // .52.9: POST Request Attack Protection code correction|addition
525
+ // .53: Condition added to allow commenting out wp-admin URI whitelist rule
526
+ if ( preg_match( $pattern15, $stringReplace, $matches ) && ! preg_match( $pattern16, $stringReplace, $matches ) && ! preg_match( $pattern17, $stringReplace, $matches ) ) {
527
+ $stringReplace = preg_replace('/RewriteCond\s%\{REQUEST_METHOD\}\sPOST\s\[NC\]/s', "RewriteCond %{REQUEST_METHOD} POST [NC]\n# NEVER COMMENT OUT THIS LINE OF CODE BELOW FOR ANY REASON\nRewriteCond %{REQUEST_URI} !^.*/wp-admin/ [NC]\n# Whitelist the WordPress Theme Customizer\nRewriteCond %{HTTP_REFERER} !^.*/wp-admin/customize.php", $stringReplace);
528
+ }
529
+
530
+ // Clean up - replace 3 and 4 multiple newlines with 1 newline
531
+ if ( preg_match('/(\n\n\n|\n\n\n\n)/', $stringReplace, $matches) ) {
532
+ $stringReplace = preg_replace("/(\n\n\n|\n\n\n\n)/", "\n", $stringReplace);
533
+ }
534
+ // remove duplicate referer lines
535
+ if ( preg_match($pattern8, $stringReplace, $matches) ) {
536
+ $stringReplace = preg_replace("/\[NC\]\s*RewriteCond\s%{HTTP_REFERER}\s\^\.\*(.*)\.\*\s*(.*)\s*(.*)\s*(.*)\s*(.*)\s*(.*)\s*RewriteRule\s\.\s\-\s\[S=1\]/", "[NC]\nRewriteCond %{HTTP_REFERER} ^.*$bps_get_domain_root.*\nRewriteRule . - [S=1]", $stringReplace);
537
+ }
538
+
539
+ file_put_contents($filename, $stringReplace);
540
+
541
+ if ( isset($options['bps_root_htaccess_autolock']) && $options['bps_root_htaccess_autolock'] == 'On') {
542
+ chmod($filename, 0404);
543
+ }
544
+
545
+ if ( getBPSInstallTime() == getBPSRootHtaccessLasModTime_minutes() || getBPSInstallTime_plusone() == getBPSRootHtaccessLasModTime_minutes() ) {
546
+
547
+ $bps_root_upgrade = 'upgrade';
548
+
549
+ $pos = strpos( $check_string, 'IMPORTANT!!! DO NOT DELETE!!! - B E G I N Wordpress' );
550
+
551
+ if ( $pos === false ) {
552
+
553
+ $updateText = '<div class="update-nag" style="float:left;"background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);><font color="blue">'.__("The BPS Automatic htaccess File Update Completed Successfully!", 'bulletproof-security').'</font></div>';
554
+ print($updateText);
555
+ }
556
+ } // end up upgrade processing
557
+ break;
558
+ case strpos( $check_string, "BULLETPROOF $bps_version" ) && strpos( $check_string, "BPSQSE" ):
559
+
560
+ $bps_status_display = get_option('bulletproof_security_options_status_display');
561
+
562
+ if ( isset($bps_status_display['bps_status_display']) && $bps_status_display['bps_status_display'] != 'Off' ) {
563
+
564
+ if ( preg_match( '/page=bulletproof-security/', esc_html($_SERVER['REQUEST_URI']), $matches ) ) {
565
+
566
+ $RBM = $aitpro_bullet . '<a href="'.admin_url( 'admin.php?page=bulletproof-security/admin/core/core.php' ).'" title="Root Folder BulletProof Mode" style="text-decoration:none;">'.__('RBM', 'bulletproof-security').'</a>: <font color="green"><strong>'.__('On', 'bulletproof-security').'</strong></font>';
567
+ $RBM_str = str_replace( "BULLETPROOF $bps_version SECURE .HTACCESS", "BPS $bps_version", $section );
568
+
569
+ echo '<div id="bps-status-display" style="float:left;font-weight:600;margin:0px 0px 0px 5px;"><strong>'.$RBM_str.'</strong>'.$RBM.'</div>';
570
+ }
571
+ }
572
+ break;
573
+ default:
574
+
575
+ if ( $bps_root_upgrade != 'upgrade' ) {
576
+
577
+ $text = '<div class="update-nag" style="background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="#fb0101">'.__('BPS Alert! Your site does not appear to be protected by BulletProof Security', 'bulletproof-security').'</font><br>'.__('Go to the ', 'bulletproof-security').'<a href="'.admin_url( 'admin.php?page=bulletproof-security/admin/core/core.php' ).'">'.esc_attr__('Security Modes page', 'bulletproof-security').'</a>'.__(' and click the Root Folder BulletProof Mode Activate button.', 'bulletproof-security').'</div>';
578
+ echo $text;
579
+ }
580
+ }
581
+ }
582
  }
583
  }
 
 
 
 
 
 
 
 
 
 
 
 
584
  }
585
  }
586
 
601
 
602
  if ( current_user_can('manage_options') ) {
603
 
604
+ global $bps_version, $bps_last_version, $aitpro_bullet;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
605
 
606
+ if ( preg_match( '/page=bulletproof-security.*mscan-scan-status.php/', esc_html($_SERVER['REQUEST_URI']) ) ) {
607
+ return;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
608
  }
609
 
610
+ if ( esc_html($_SERVER['REQUEST_METHOD']) != 'POST' && esc_html($_SERVER['QUERY_STRING']) != 'page=bulletproof-security/admin/system-info/system-info.php' ) {
611
+
612
+ $BPS_wpadmin_Options = get_option('bulletproof_security_options_htaccess_res');
613
+ $GDMW_options = get_option('bulletproof_security_options_GDMW');
 
 
 
 
 
 
 
 
 
 
614
 
615
+ if ( isset( $BPS_wpadmin_Options['bps_wpadmin_restriction'] ) && $BPS_wpadmin_Options['bps_wpadmin_restriction'] == 'disabled' || isset( $GDMW_options['bps_gdmw_hosting'] ) && $GDMW_options['bps_gdmw_hosting'] == 'yes' ) {
616
+ return;
 
 
617
  }
618
 
619
+ $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
620
+ $filename = ABSPATH . 'wp-admin/.htaccess';
621
+
622
+ if ( file_exists($filename) ) {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
623
 
624
+ $permsHtaccess = substr(sprintf('%o', fileperms($filename)), -4);
625
+ $check_string = file_get_contents($filename);
626
+ $section = file_get_contents($filename, false, NULL, 3, 46);
627
+ $bps_wpadmin_upgrade = '';
628
+
629
+ $pattern10a = '/RewriteCond\s%\{THE_REQUEST\}\s(.*)\?(.*)\sHTTP\/\s\[NC,OR\]\s*RewriteCond\s%\{THE_REQUEST\}\s(.*)\*(.*)\sHTTP\/\s\[NC,OR\]/';
630
+ $pattern10b = '/RewriteCond\s%\{THE_REQUEST\}\s.*\?\+\(%20\{1,\}.*\s*RewriteCond\s%\{THE_REQUEST\}\s.*\+\(.*\*\|%2a.*\s\[NC,OR\]/';
631
+ $pattern10c = '/RewriteCond\s%\{THE_REQUEST\}\s\(\\\\?.*%2a\)\+\(%20\+\|\\\\s\+.*HTTP\(:\/.*\[NC,OR\]/';
632
+ $pattern1 = '/(\[|\]|\(|\)|<|>)/s';
633
+ $pattern_amod = '/#\sWPADMIN\sDENY\sBROWSER\sACCESS\sTO\sFILES(.*\s*){13,16}#\sEND\sBPS\sWPADMIN\sDENY\sACCESS\sTO\sFILES/';
634
+ $pattern21 = '/RewriteCond\s%\{THE_REQUEST\}\s\(\\\?.*%2a\)\+\(%20.*HTTP\(:\/.*\[NC,OR\]/';
635
+ $pattern22 = '/RewriteCond\s%\{QUERY_STRING\}\s\[a-zA-Z0-9_\]=http:\/\/\s\[NC,OR\]/';
636
+ $pattern23 = '/RewriteCond\s%\{QUERY_STRING\}\s\^\(\.\*\)cPath=http:\/\/\(\.\*\)\$\s\[NC,OR\]/';
637
+ $pattern24 = '/RewriteCond\s%\{QUERY_STRING\}\shttp\\\:\s\[NC,OR\](.*\s*){1}.*RewriteCond\s%\{QUERY_STRING\}\shttps\\\:\s\[NC,OR\]/';
638
+ $pattern25 = '/#\sREQUEST\sMETHODS\sFILTERED(.*\s*){1}RewriteEngine\sOn(.*\s*){1}RewriteCond(.*\s*){1}RewriteRule\s\^\(\.\*\)\$\s\-\s\[F\]/';
639
+ $pattern26 = '/RewriteCond\s%\{REQUEST_URI\}\s\(press-this\\\.php\)\s\[NC\]/';
640
+ $BPSVpattern = '/BULLETPROOF\s\.[\d](.*)WP-ADMIN/';
641
+ $BPSVpattern2 = '/BULLETPROOF\s[\d]\.[\d]\sWP-ADMIN/';
642
+ $BPSVreplace = "BULLETPROOF $bps_version WP-ADMIN";
643
+ }
644
+
645
+ if ( ! file_exists($filename) && isset($HFiles_options['bps_htaccess_files']) && $HFiles_options['bps_htaccess_files'] != 'disabled' ) {
646
+
647
+ if ( get_option('bulletproof_security_options_wizard_free') ) {
648
+
649
+ $text = '<div class="update-nag" style="background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="#fb0101">'.__('BPS Alert! An htaccess file was NOT found in your WordPress wp-admin folder', 'bulletproof-security').'</font><br>'.__('If you have deleted the wp-admin htaccess file for troubleshooting purposes you can disregard this Alert.', 'bulletproof-security').'<br>'.__('Go to the ', 'bulletproof-security').'<a href="'.admin_url( 'admin.php?page=bulletproof-security/admin/core/core.php' ).'">'.esc_attr__('Security Modes page', 'bulletproof-security').'</a>'.__(' and click the wp-admin Folder BulletProof Mode Activate button.', 'bulletproof-security').'</div>';
650
+ echo $text;
651
+ }
652
+
653
+ } else {
654
+
655
+ if ( file_exists($filename) ) {
656
 
657
+ switch ( $bps_version ) {
658
+ case $bps_last_version: // for Testing
659
+ if ( strpos( $check_string, "BULLETPROOF $bps_last_version" ) && strpos( $check_string, "BPSQSE-check" ) ) {
660
+ // echo or print for testing
661
+ }
662
+ break;
663
+ case ! strpos( $check_string, "BULLETPROOF" ):
664
+
665
+ // Setup Wizard Notice: not displayed. The Setup Wizard DB option is automatically saved in the root htaccess funcion on BPS plugin upgrades.
666
+ if ( ! get_option('bulletproof_security_options_wizard_free') ) {
667
+ // display nothing. Notice is already displayed in the root htaccess function.
668
+
669
+ } else {
670
+
671
+ $text = '<div class="update-nag" style="background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="#fb0101">'.__('BPS Alert! Your wp-admin folder may not be protected by BulletProof Security', 'bulletproof-security').'</font><br>'.__('The BPS version: BULLETPROOF .xx.x WP-ADMIN SECURE .HTACCESS line of code was not found at the top of your wp-admin htaccess file.', 'bulletproof-security').'<br>'.__('The BPS version line of code MUST be at the very top of your wp-admin htaccess file.', 'bulletproof-security').'<br><a href="'.admin_url( 'admin.php?page=bulletproof-security/admin/wizard/wizard.php' ).'">'.esc_attr__('Click Here', 'bulletproof-security').'</a>'.__(' to go to the BPS Setup Wizard page and click the Setup Wizard button to setup the BPS plugin again.', 'bulletproof-security').'<br>'.__('Important Note: If you manually added other htaccess code above the BPS version line of code in your wp-admin htaccess file, you can copy that code to BPS wp-admin Custom Code so that your code is saved in the correct place in the BPS wp-admin htaccess file. ', 'bulletproof-security').'<br><a href="'.admin_url( 'admin.php?page=bulletproof-security/admin/core/core.php#bps-tabs-7' ).'">'.esc_attr__('Click Here', 'bulletproof-security').'</a>'.__(' to go to the BPS Custom Code page, add your wp-admin custom htaccess code in an appropriate wp-admin Custom Code text box and click the Save wp-admin Custom Code button before running the Setup Wizard again.', 'bulletproof-security').'</div>';
672
+ echo $text;
673
+ }
674
+
675
+ break;
676
+ case ! strpos( $check_string, "BULLETPROOF $bps_version" ) && strpos( $check_string, "BPSQSE-check" ):
677
+
678
+ // mod_authz_core forward/backward compatibility: create new htaccess files if needed
679
+ bpsPro_apache_mod_directive_check();
680
+ $CC_Options_wpadmin = get_option('bulletproof_security_options_customcode_WPA');
681
+ $Apache_Mod_options = get_option('bulletproof_security_options_apache_modules');
682
+ $sapi_type = php_sapi_name();
683
+
684
+ if ( substr($sapi_type, 0, 6) != 'apache' || $permsHtaccess != '0666' || $permsHtaccess != '0777') { // Windows IIS, XAMPP, etc
685
+ chmod($filename, 0644);
686
+ }
687
+
688
+ $stringReplace = file_get_contents($filename);
689
+
690
+ if ( preg_match($BPSVpattern, $stringReplace) ) {
691
+ $stringReplace = preg_replace($BPSVpattern, $BPSVreplace, $stringReplace);
692
+ } elseif ( preg_match($BPSVpattern2, $stringReplace) ) {
693
+ $stringReplace = preg_replace($BPSVpattern2, $BPSVreplace, $stringReplace);
694
+ }
695
+
696
+ if ( preg_match( $pattern_amod, $stringReplace, $matches ) && $CC_Options_wpadmin['bps_customcode_deny_files_wpa'] == '' && $Apache_Mod_options['bps_apache_mod_ifmodule'] == 'Yes' ) {
697
+
698
+ $stringReplace = preg_replace( $pattern_amod, "# WPADMIN DENY BROWSER ACCESS TO FILES\n# Deny Browser access to /wp-admin/install.php\n# Use BPS Custom Code to modify/edit/change this code and to save it permanently.\n# To be able to view the install.php file from a Browser, replace 127.0.0.1 with your actual\n# current IP address. Comment out: #Require all denied and Uncomment: Require ip 127.0.0.1\n# Comment out: #Deny from all and Uncomment: Allow from 127.0.0.1\n# Note: The BPS System Info page displays which modules are loaded on your server.\n\n# BEGIN BPS WPADMIN DENY ACCESS TO FILES\n<FilesMatch \"^(install\.php)\">\n<IfModule mod_authz_core.c>\nRequire all denied\n#Require ip 127.0.0.1\n</IfModule>\n\n<IfModule !mod_authz_core.c>\n<IfModule mod_access_compat.c>\nOrder Allow,Deny\nDeny from all\n#Allow from 127.0.0.1\n</IfModule>\n</IfModule>\n</FilesMatch>\n# END BPS WPADMIN DENY ACCESS TO FILES", $stringReplace);
699
+
700
+ } elseif ( preg_match( $pattern_amod, $stringReplace, $matches ) && $CC_Options_wpadmin['bps_customcode_deny_files_wpa'] == '' && $Apache_Mod_options['bps_apache_mod_ifmodule'] == 'No' ) {
701
+
702
+ $stringReplace = preg_replace( $pattern_amod, "# WPADMIN DENY BROWSER ACCESS TO FILES\n# Deny Browser access to /wp-admin/install.php\n# Use BPS Custom Code to modify/edit/change this code and to save it permanently.\n# To be able to view the install.php file from a Browser, replace 127.0.0.1 with your actual\n# current IP address. Comment out: #Deny from all and Uncomment: Allow from 127.0.0.1\n# Note: The BPS System Info page displays which modules are loaded on your server.\n\n# BEGIN BPS WPADMIN DENY ACCESS TO FILES\n<FilesMatch \"^(install\.php)\">\nOrder Allow,Deny\nDeny from all\n#Allow from 127.0.0.1\n</FilesMatch>\n# END BPS WPADMIN DENY ACCESS TO FILES", $stringReplace);
703
+ }
704
+
705
+ if ( preg_match( $pattern26, $stringReplace, $matches ) ) {
706
+ $stringReplace = preg_replace( $pattern26, "RewriteCond %{REQUEST_URI} (press-this\.php|widgets\.php) [NC]", $stringReplace);
707
+ }
708
+
709
+ if ( preg_match( $pattern25, $stringReplace, $matches ) ) {
710
+ $stringReplace = preg_replace( $pattern25, "# BPS REWRITE ENGINE\nRewriteEngine On", $stringReplace);
711
+ }
712
+
713
+ if ( preg_match($pattern10a, $stringReplace, $matches) ) {
714
+ $stringReplace = preg_replace( $pattern10a, "RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\\\\\s+|%20+\\\\\s+|\\\\\s+%20+|\\\\\s+%20+\\\\\s+)HTTP(:/|/) [NC,OR]", $stringReplace);
715
+ }
716
+
717
+ if ( preg_match($pattern10b, $stringReplace, $matches) ) {
718
+ $stringReplace = preg_replace( $pattern10b, "RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\\\\\s+|%20+\\\\\s+|\\\\\s+%20+|\\\\\s+%20+\\\\\s+)HTTP(:/|/) [NC,OR]", $stringReplace);
719
+ }
720
+
721
+ if ( preg_match($pattern10c, $stringReplace, $matches) ) {
722
+ $stringReplace = preg_replace( $pattern10c, "RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\\\\\s+|%20+\\\\\s+|\\\\\s+%20+|\\\\\s+%20+\\\\\s+)HTTP(:/|/) [NC,OR]", $stringReplace);
723
+ }
724
+
725
+ // 2.0: Add additional https scheme conditions to 3 htaccess security rules and combine 2 rules into 1 rule.
726
+ if ( preg_match( $pattern21, $stringReplace, $matches ) ) {
727
+ $stringReplace = preg_replace( $pattern21, "RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\\\\\s+|%20+\\\\\s+|\\\\\s+%20+|\\\\\s+%20+\\\\\s+)(http|https)(:/|/) [NC,OR]", $stringReplace);
728
+ }
729
+
730
+ if ( preg_match( $pattern22, $stringReplace, $matches ) ) {
731
+ $stringReplace = preg_replace( $pattern22, "RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(http|https):// [NC,OR]", $stringReplace);
732
+ }
733
+
734
+ if ( preg_match( $pattern23, $stringReplace, $matches ) ) {
735
+ $stringReplace = preg_replace( $pattern23, "RewriteCond %{QUERY_STRING} ^(.*)cPath=(http|https)://(.*)$ [NC,OR]", $stringReplace);
736
+ }
737
+
738
+ if ( preg_match( $pattern24, $stringReplace, $matches ) ) {
739
+ $stringReplace = preg_replace( $pattern24, "RewriteCond %{QUERY_STRING} (http|https)\: [NC,OR]", $stringReplace);
740
+ }
741
+
742
+ if ( preg_match($pattern1, $stringReplace, $matches) ) {
743
+ $stringReplace = str_replace("RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>).* [NC,OR]", "RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>).* [NC,OR]", $stringReplace);
744
+ }
745
+
746
+ file_put_contents($filename, $stringReplace);
747
+
748
+ if ( getBPSInstallTime() == getBPSwpadminHtaccessLasModTime_minutes() || getBPSInstallTime_plusone() == getBPSwpadminHtaccessLasModTime_minutes() ) {
749
+ //print("Testing wp-admin auto-update");
750
+ $bps_wpadmin_upgrade = 'upgrade';
751
+ } // end upgrade processing
752
+ break;
753
+ case strpos( $check_string, "BULLETPROOF $bps_version" ) && strpos( $check_string, "BPSQSE-check" ):
754
+
755
+ $bps_status_display = get_option('bulletproof_security_options_status_display');
756
+
757
+ if ( isset($bps_status_display['bps_status_display']) && $bps_status_display['bps_status_display'] != 'Off' ) {
758
+
759
+ if ( preg_match( '/page=bulletproof-security/', esc_html($_SERVER['REQUEST_URI']), $matches ) ) {
760
+
761
+ $WBM = $aitpro_bullet . '<a href="'.admin_url( 'admin.php?page=bulletproof-security/admin/core/core.php#RBM-Status' ).'" title="wp-admin Folder BulletProof Mode" style="text-decoration:none;">'.__('WBM', 'bulletproof-security').'</a>: <font color="green"><strong>'.__('On', 'bulletproof-security').'</strong></font>';
762
+ $WBM_str = str_replace( "BULLETPROOF $bps_version WP-ADMIN SECURE .HTACCESS", "$WBM", $section );
763
+
764
+ echo '<div id="bps-status-display" style="float:left;font-weight:600;margin:0px;">'.$WBM_str.'</div>';
765
+ }
766
+ }
767
+ break;
768
+ default:
769
+
770
+ if ( $bps_wpadmin_upgrade != 'upgrade' ) {
771
+
772
+ $text = '<div class="update-nag" style="background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="#fb0101">'.__('BPS Alert! A valid BPS htaccess file was NOT found in your wp-admin folder', 'bulletproof-security').'</font><br>'.__('BulletProof Mode for the wp-admin folder should also be activated when you have BulletProof Mode activated for the Root folder.', 'bulletproof-security').'</div>';
773
+ echo $text;
774
+ }
775
+ }
776
+ }
777
  }
778
  }
 
 
 
 
 
 
 
 
 
 
 
 
779
  }
780
  }
781
 
788
  if ( current_user_can('manage_options') ) {
789
  global $aitpro_bullet;
790
 
791
+ if ( preg_match( '/page=bulletproof-security.*mscan-scan-status.php/', esc_html($_SERVER['REQUEST_URI']) ) ) {
 
 
 
 
792
  return;
793
  }
794
+
795
+ if ( esc_html($_SERVER['REQUEST_METHOD']) != 'POST' && esc_html($_SERVER['QUERY_STRING']) != 'page=bulletproof-security/admin/system-info/system-info.php' ) {
796
+
797
+ $bps_status_display = get_option('bulletproof_security_options_status_display');
798
+
799
+ if ( isset($bps_status_display['bps_status_display']) && $bps_status_display['bps_status_display'] == 'Off' ) {
800
+ return;
801
+ }
802
 
803
  if ( isset($bps_status_display['bps_status_display']) && $bps_status_display['bps_status_display'] != 'Off' && preg_match( '/page=bulletproof-security/', esc_html($_SERVER['REQUEST_URI']), $matches ) ) {
804
 
852
 
853
  global $aitpro_bullet;
854
 
855
+ if ( preg_match( '/page=bulletproof-security.*mscan-scan-status.php/', esc_html($_SERVER['REQUEST_URI']) ) ) {
856
+ return;
857
+ }
858
+
859
  if ( esc_html($_SERVER['REQUEST_METHOD']) != 'POST' && esc_html($_SERVER['QUERY_STRING']) != 'page=bulletproof-security/admin/system-info/system-info.php' ) {
860
 
861
  $bps_status_display = get_option('bulletproof_security_options_status_display');
872
  }
873
 
874
  $DBBoptions = get_option('bulletproof_security_options_db_backup');
 
875
  ?>
876
 
877
+ <style>
878
+ <!--
879
+ div.dbb-status-tooltip {display:inline-block;position:relative;}
880
+ div.dbb-status-tooltip:hover {z-index:10;}
881
+ div.dbb-status-tooltip img:hover {z-index:10;}
882
+ div.dbb-status-tooltip span {display:none;position:absolute;bottom:0;left:0;right:0;}
883
+ div.dbb-status-tooltip:hover span {width:500px;height:60px;display:block;position:absolute;top:30px;left:5px;right:0;color:#000;background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow:3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow:3px 3px 5px -1px rgba(153,153,153,0.7);}
884
+ -->
885
+ </style>
886
 
887
  <?php
888
+ $bps_qm_dbb1 = '<div class="dbb-status-tooltip"><img src="'.plugins_url('/bulletproof-security/admin/images/question-mark.png').'" style="position:relative;top:3px;right:1px;" /><span>A BPS DB Backup has not been performed yet. To run a DB Backup go to the BPS DB Backup page, create a Backup Job and run the Backup Job or you can just ignore this hover tooltip and not perform a DB Backup.</span></div>';
889
+
890
+ $bps_qm_dbb2 = '<div class="dbb-status-tooltip"><img src="'.plugins_url('/bulletproof-security/admin/images/question-mark.png').'" style="position:relative;top:3px;right:1px;" /><span>A BPS DB Backup Job has been created. To run a DB Backup go to the BPS DB Backup page and run the Backup Job or you can just ignore this hover tooltip and not perform a DB Backup.</span></div>';
 
 
 
 
 
891
 
892
+ if ( isset($DBBoptions['bps_db_backup_status_display']) && $DBBoptions['bps_db_backup_status_display'] == 'No DB Backups' || isset($DBBoptions['bps_db_backup_status_display']) && $DBBoptions['bps_db_backup_status_display'] == '' ) {
893
+
894
+ $text = '<div id="bps-status-display" style="float:left;font-weight:600;margin:-2px 0px 0px 0px;">' . $aitpro_bullet . '<a href="'.admin_url( 'admin.php?page=bulletproof-security/admin/db-backup-security/db-backup-security.php' ).'" title="Database Backup" style="text-decoration:none;">'.esc_attr__('DBB', 'bulletproof-security').'</a>: '.$bps_qm_dbb1.'</div>';
895
+ echo $text;
896
 
897
+ } elseif ( isset($DBBoptions['bps_db_backup_status_display']) && $DBBoptions['bps_db_backup_status_display'] == 'Backup Job Created' ) {
898
+
899
+ $text = '<div id="bps-status-display" style="float:left;font-weight:600;margin:-2px 0px 0px 0px;">' . $aitpro_bullet . '<a href="'.admin_url( 'admin.php?page=bulletproof-security/admin/db-backup-security/db-backup-security.php' ).'" title="Database Backup" style="text-decoration:none;">'.esc_attr__('DBB', 'bulletproof-security').'</a>: '.$bps_qm_dbb2.'</div>';
900
+ echo $text;
901
 
902
+ } else {
903
+
904
+ $bps_db_backup_status_display = isset($DBBoptions['bps_db_backup_status_display']) ? $DBBoptions['bps_db_backup_status_display'] : '';
905
+
906
+ $text = '<div id="bps-status-display" style="float:left;font-weight:600;margin:0px;">' . $aitpro_bullet . '<a href="'.admin_url( 'admin.php?page=bulletproof-security/admin/db-backup-security/db-backup-security.php' ).'" title="Database Backup" style="text-decoration:none;">'.esc_attr__('DBB', 'bulletproof-security').'</a>: <font color="green"><strong>'.$bps_db_backup_status_display.'</strong></font></div>';
907
+ echo $text;
908
+ }
909
  }
910
  }
911
  }
 
912
  }
913
 
914
  // Login Security Status display - BPS pages ONLY
917
 
918
  if ( current_user_can('manage_options') ) {
919
 
920
+ if ( preg_match( '/page=bulletproof-security.*mscan-scan-status.php/', esc_html($_SERVER['REQUEST_URI']) ) ) {
921
+ return;
922
+ }
923
+
924
  if ( esc_html($_SERVER['REQUEST_METHOD']) != 'POST' && esc_html($_SERVER['QUERY_STRING']) != 'page=bulletproof-security/admin/system-info/system-info.php' ) {
925
 
926
  $bps_status_display = get_option('bulletproof_security_options_status_display');
958
 
959
  if ( current_user_can('manage_options') ) {
960
 
961
+ if ( preg_match( '/page=bulletproof-security.*mscan-scan-status.php/', esc_html($_SERVER['REQUEST_URI']) ) ) {
962
+ return;
963
+ }
964
+
965
  if ( esc_html($_SERVER['REQUEST_METHOD']) != 'POST' && esc_html($_SERVER['QUERY_STRING']) != 'page=bulletproof-security/admin/system-info/system-info.php' ) {
966
 
967
  $bps_status_display = get_option('bulletproof_security_options_status_display');
1005
 
1006
  if ( current_user_can('manage_options') ) {
1007
 
1008
+ if ( preg_match( '/page=bulletproof-security.*mscan-scan-status.php/', esc_html($_SERVER['REQUEST_URI']) ) ) {
1009
+ return;
1010
+ }
 
 
 
 
 
 
1011
 
1012
+ if ( esc_html($_SERVER['REQUEST_METHOD']) != 'POST' && esc_html($_SERVER['QUERY_STRING']) != 'page=bulletproof-security/admin/system-info/system-info.php' ) {
1013
+
1014
+ $bps_status_display = get_option('bulletproof_security_options_status_display');
1015
+
1016
+ if ( isset($bps_status_display['bps_status_display']) && $bps_status_display['bps_status_display'] == 'Off' ) {
1017
  return;
1018
  }
 
 
 
 
 
 
1019
 
1020
+ if ( isset($bps_status_display['bps_status_display']) && $bps_status_display['bps_status_display'] != 'Off' && preg_match( '/page=bulletproof-security/', esc_html($_SERVER['REQUEST_URI']), $matches ) ) {
1021
+
1022
+ // New BPS installation - do not display status
1023
+ if ( ! get_option('bulletproof_security_options_wizard_free') ) {
1024
+ return;
1025
+ }
1026
+
1027
+ if ( ! get_option('bulletproof_security_options_idle_session') ) {
1028
+ return;
1029
+ }
1030
+
1031
+ $BPSoptionsISL = get_option('bulletproof_security_options_idle_session');
 
1032
 
1033
+ if ( ! get_option('bulletproof_security_options_auth_cookie') ) {
1034
+ $status_DDiv = '</div><div style="clear:both;"></div>';
1035
+ } else {
1036
+ $status_DDiv = '</div>';
1037
+ }
1038
+
1039
+ if ( $BPSoptionsISL['bps_isl'] == 'On' ) {
1040
+
1041
+ $text = '<div id="bps-status-display" style="float:left;font-weight:600;margin:0px;">'. $aitpro_bullet . '<a href="'.admin_url( 'admin.php?page=bulletproof-security/admin/login/login.php#bps-tabs-3' ).'" title="'.esc_attr( 'Idle Session Logout' ).'" style="text-decoration:none;">'.__('ISL', 'bulletproof-security').'</a>: <font color="green"><strong>'.__('On', 'bulletproof-security').'</strong></font>'.$status_DDiv;
1042
+ echo $text;
1043
+ }
1044
+
1045
+ if ( $BPSoptionsISL['bps_isl'] == 'Off' ) {
1046
+
1047
+ $text = '<div id="bps-status-display" style="float:left;font-weight:600;margin:0px;">'. $aitpro_bullet . '<a href="'.admin_url( 'admin.php?page=bulletproof-security/admin/login/login.php#bps-tabs-3' ).'" title="'.esc_attr( 'Idle Session Logout' ).'" style="text-decoration:none;">'.__('ISL', 'bulletproof-security').'</a>: <font color="#fb0101"><strong>'.__('Off', 'bulletproof-security').'</strong></font>'.$status_DDiv;
1048
+ echo $text;
1049
+ }
1050
+ }
1051
  }
1052
  }
 
1053
  }
1054
 
1055
  // Auth Cookie Expiration ACE Status display - BPS pages ONLY
1058
 
1059
  if ( current_user_can('manage_options') ) {
1060
 
1061
+ if ( preg_match( '/page=bulletproof-security.*mscan-scan-status.php/', esc_html($_SERVER['REQUEST_URI']) ) ) {
1062
+ return;
1063
+ }
 
 
 
 
 
 
1064
 
1065
+ if ( esc_html($_SERVER['REQUEST_METHOD']) != 'POST' && esc_html($_SERVER['QUERY_STRING']) != 'page=bulletproof-security/admin/system-info/system-info.php' ) {
1066
+
1067
+ $bps_status_display = get_option('bulletproof_security_options_status_display');
1068
+
1069
+ if ( isset($bps_status_display['bps_status_display']) && $bps_status_display['bps_status_display'] == 'Off' ) {
1070
  return;
1071
  }
1072
+
1073
+ if ( isset($bps_status_display['bps_status_display']) && $bps_status_display['bps_status_display'] != 'Off' && preg_match( '/page=bulletproof-security/', esc_html($_SERVER['REQUEST_URI']), $matches ) ) {
1074
+
1075
+ // New BPS installation - do not display status
1076
+ if ( ! get_option('bulletproof_security_options_wizard_free') ) {
1077
+ return;
1078
+ }
1079
+
1080
+ if ( ! get_option('bulletproof_security_options_auth_cookie') ) {
1081
+ return;
1082
+ }
1083
+
1084
+ $BPSoptionsACE = get_option('bulletproof_security_options_auth_cookie');
1085
+ $status_DDiv = '</div><div style="clear:both;"></div>';
1086
+
1087
+ if ( $BPSoptionsACE['bps_ace'] == 'On' ) {
1088
 
1089
+ $text = '<div id="bps-status-display" style="float:left;font-weight:600;margin:0px;">'. $aitpro_bullet . '<a href="'.admin_url( 'admin.php?page=bulletproof-security/admin/login/login.php#bps-tabs-3' ).'" title="'.esc_attr( 'Auth Cookie Expiration' ).'" style="text-decoration:none;">'.__('ACE', 'bulletproof-security').'</a>: <font color="green"><strong>'.__('On', 'bulletproof-security').'</strong></font>'.$status_DDiv;
1090
+ echo $text;
1091
+ }
1092
+
1093
+ if ( $BPSoptionsACE['bps_ace'] == 'Off' ) {
1094
+
1095
+ $text = '<div id="bps-status-display" style="float:left;font-weight:600;margin:0px;">'. $aitpro_bullet . '<a href="'.admin_url( 'admin.php?page=bulletproof-security/admin/login/login.php#bps-tabs-3' ).'" title="'.esc_attr( 'Auth Cookie Expiration' ).'" style="text-decoration:none;">'.__('ACE', 'bulletproof-security').'</a>: <font color="#fb0101"><strong>'.__('Off', 'bulletproof-security').'</strong></font>'.$status_DDiv;
1096
+ echo $text;
1097
+ }
1098
+ }
 
 
 
 
1099
  }
1100
  }
 
1101
  }
1102
 
1103
  // GET HTTP Status Response from /mod-test/ images to determine which Apache Modules are Loaded,
1186
  }
1187
  }
1188
 
1189
+ // mod_access_compat loaded, Order, Allow, Deny directives are supported
1190
+ if ( 403 == $status_code2 ) {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1191
 
1192
+ $apache_ifmodule = 'Yes';
1193
+
1194
+ $text = '<font color="green"><strong>'.$status_code2.':</strong></font> '.__('mod_access_compat is Loaded|Order, Allow, Deny directives are supported|IfModule: Yes', 'bulletproof-security').'<br>';
1195
+ echo $text;
1196
 
1197
+ // mod_access_compat is not loaded|available.
1198
+ } elseif ( 403 != $status_code2 ) {
1199
 
1200
+ $apache_ifmodule = 'Yes';
 
 
 
1201
 
1202
+ $text = '<font color="#2271b1"><strong>'.$status_code2.':</strong></font> '.__('mod_access_compat is not Loaded|IfModule: Yes', 'bulletproof-security').'<br>';
1203
+ echo $text;
1204
+ }
1205
 
1206
+ // mod_authz_core loaded, IfModule condition working, Order, Allow, Deny directives are supported
1207
+ // 3 normal mod_authz_core test| 4 is mod_access_compat BC
1208
+ if ( 403 == $status_code3 && 403 == $status_code4 ) {
 
 
 
 
 
1209
 
1210
+ $text = '<font color="green"><strong>'.$status_code3.':</strong></font> '.__('mod_authz_core is Loaded|Order, Allow, Deny directives are supported|BC: Yes|IfModule: Yes', 'bulletproof-security').'<br>';
1211
+ echo $text;
1212
 
1213
+ } elseif ( 403 == $status_code3 && 403 != $status_code4 ) {
1214
+
1215
+ $text = '<font color="green"><strong>'.$status_code3.':</strong></font> '.__('mod_authz_core is Loaded|Order, Allow, Deny directives are not supported|BC: No|IfModule: Yes', 'bulletproof-security').'<br>';
1216
+ echo $text;
1217
+
1218
+ } elseif ( 403 != $status_code3 && 403 != $status_code4 ) {
1219
+
1220
+ $text = '<font color="#2271b1"><strong>'.$status_code3.':</strong></font> '.__('mod_authz_core is not Loaded|IfModule: Yes', 'bulletproof-security').'<br>';
1221
+ echo $text;
1222
+ }
1223
 
1224
+ // mod_authz_host loaded, IfModule condition working, Order, Allow, Deny directives are supported
1225
+ // 5 normal mod_authz_core test| 6 is mod_access_compat BC
1226
+ if ( 403 == $status_code5 && 403 == $status_code6 ) {
 
 
 
 
 
1227
 
1228
+ $text = '<font color="green"><strong>'.$status_code5.':</strong></font> '.__('mod_authz_host is Loaded|Order, Allow, Deny directives are supported|BC: Yes|IfModule: Yes', 'bulletproof-security').'<br>';
1229
+ echo $text;
1230
 
1231
+ } elseif ( 403 == $status_code5 && 403 != $status_code6 ) {
1232
+
1233
+ $text = '<font color="green"><strong>'.$status_code5.':</strong></font> '.__('mod_authz_host is Loaded|Order, Allow, Deny directives are not supported|BC: No|IfModule: Yes', 'bulletproof-security').'<br>';
1234
+ echo $text;
1235
+
1236
+ } elseif ( 403 != $status_code5 && 403 != $status_code6 ) {
1237
+
1238
+ $text = '<font color="#2271b1"><strong>'.$status_code6.':</strong></font> '.__('mod_authz_host is not Loaded|IfModule: Yes', 'bulletproof-security').'<br>';
1239
+ echo $text;
1240
+ }
1241
 
1242
+ // mod_rewrite Module loaded.
1243
+ if ( 301 == $status_code9 || 302 == $status_code9 || 200 == $status_code9 || 404 == $status_code9 || 403 == $status_code9 ) {
 
 
 
1244
 
1245
+ $text = '<font color="green"><strong>'.$status_code9.':</strong></font> '.__('mod_rewrite Module is Loaded|IfModule: Yes', 'bulletproof-security').'<br>';
1246
+ echo $text;
1247
+
1248
+ } else {
1249
+
1250
+ $text = '<font color="#2271b1"><strong>'.$status_code9.':</strong></font> '.__('mod_rewrite Inconclusive: Status is not 200, 301, 302, 403 or 404', 'bulletproof-security').'<br>';
1251
+ echo $text;
1252
+ }
1253
 
1254
  $apache_modules_Options = array(
1255
  'bps_apache_mod_ifmodule' => $apache_ifmodule,
1372
  }
1373
  }
1374
 
1375
+ // mod_access_compat loaded, IfModule condition working, Order, Allow, Deny directives are supported
1376
+ if ( 403 == $status_code2 ) {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1377
 
1378
+ $apache_ifmodule = 'Yes';
 
 
1379
 
1380
+ } else {
1381
+
1382
+ $apache_ifmodule = 'Yes';
1383
+ }
1384
 
1385
  $apache_modules_Options = array(
1386
  'bps_apache_mod_ifmodule' => $apache_ifmodule,
1483
  }
1484
  }
1485
 
1486
+ // mod_access_compat loaded, IfModule condition working, Order, Allow, Deny directives are supported
1487
+ if ( 403 == $status_code2 ) {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1488
 
1489
+ $apache_ifmodule = 'Yes';
 
 
1490
 
1491
+ } else {
1492
+
1493
+ $apache_ifmodule = 'Yes';
1494
+ }
1495
 
1496
  $apache_modules_Options = array(
1497
  'bps_apache_mod_ifmodule' => $apache_ifmodule,
includes/general-functions.php CHANGED
@@ -53,7 +53,7 @@ $secure_htaccess_file = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/se
53
 
54
  if ( file_exists($secure_htaccess_file) ) {
55
  $bpsString = file_get_contents($secure_htaccess_file);
56
- echo $bpsString;
57
  } else {
58
  $bps_plugin_dir = str_replace( ABSPATH, '', WP_PLUGIN_DIR );
59
  _e('The secure.htaccess file either does not exist or is not named correctly. Check the /', 'bulletproof-security').$bps_plugin_dir.__('/bulletproof-security/admin/htaccess/ folder to make sure the secure.htaccess file exists and is named secure.htaccess.', 'bulletproof-security');
@@ -65,7 +65,7 @@ $default_htaccess_file = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/d
65
 
66
  if ( file_exists($default_htaccess_file) ) {
67
  $bpsString = file_get_contents($default_htaccess_file);
68
- echo $bpsString;
69
  } else {
70
  $bps_plugin_dir = str_replace( ABSPATH, '', WP_PLUGIN_DIR );
71
  _e('The default.htaccess file either does not exist or is not named correctly. Check the /', 'bulletproof-security').$bps_plugin_dir.__('/bulletproof-security/admin/htaccess/ folder to make sure the default.htaccess file exists and is named default.htaccess.', 'bulletproof-security');
@@ -77,7 +77,7 @@ $wpadmin_htaccess_file = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/w
77
 
78
  if ( file_exists($wpadmin_htaccess_file) ) {
79
  $bpsString = file_get_contents($wpadmin_htaccess_file);
80
- echo $bpsString;
81
  } else {
82
  $bps_plugin_dir = str_replace( ABSPATH, '', WP_PLUGIN_DIR );
83
  _e('The wpadmin-secure.htaccess file either does not exist or is not named correctly. Check the /', 'bulletproof-security').$bps_plugin_dir.__('/bulletproof-security/admin/htaccess/ folder to make sure the wpadmin-secure.htaccess file exists and is named wpadmin-secure.htaccess.', 'bulletproof-security');
@@ -90,7 +90,7 @@ $root_htaccess_file = ABSPATH . '.htaccess';
90
 
91
  if ( file_exists($root_htaccess_file) ) {
92
  $bpsString = file_get_contents($root_htaccess_file);
93
- echo $bpsString;
94
  } else {
95
  _e('An htaccess file was not found in your website root folder.', 'bulletproof-security');
96
  }
@@ -102,7 +102,7 @@ $current_wpadmin_htaccess_file = ABSPATH . 'wp-admin/.htaccess';
102
 
103
  if ( file_exists($current_wpadmin_htaccess_file) ) {
104
  $bpsString = file_get_contents($current_wpadmin_htaccess_file);
105
- echo $bpsString;
106
  } else {
107
  _e('An htaccess file was not found in your wp-admin folder.', 'bulletproof-security');
108
  }
@@ -162,15 +162,15 @@ $current_wpadmin_htaccess_file = ABSPATH . 'wp-admin/.htaccess';
162
  function bpsGetDomainRoot() {
163
 
164
  if ( is_admin() && current_user_can('manage_options') ) {
165
- if ( isset( $_SERVER['SERVER_NAME'] ) ) {
166
-
167
- $ServerName = str_replace( 'www.', "", esc_html( $_SERVER['SERVER_NAME'] ) );
168
- return $ServerName;
169
 
170
- } else {
171
- $ServerName = str_replace( 'www.', "", esc_html( $_SERVER['HTTP_HOST'] ) );
172
- return $ServerName;
173
- }
 
 
 
174
  }
175
  }
176
 
@@ -305,127 +305,127 @@ $wpdb->show_errors = false;
305
  // Maintenance Mode On Dashboard Alert
306
  function bpsPro_mmode_dashboard_alert() {
307
 
308
- if ( current_user_can('manage_options') ) {
309
-
310
- $MMoptions = get_option('bulletproof_security_options_maint_mode');
311
-
312
- if ( ! is_multisite() ) {
313
-
314
- if ( ! get_option('bulletproof_security_options_maint_mode') || isset($MMoptions['bps_maint_on_off']) && $MMoptions['bps_maint_on_off'] == 'Off' ) {
315
- return;
316
- }
317
 
318
- $indexPHP = ABSPATH . 'index.php';
319
-
320
- if ( file_exists($indexPHP) ) {
321
- $check_string_index = file_get_contents($indexPHP);
322
- }
323
-
324
- $wpadminHtaccess = ABSPATH . 'wp-admin/.htaccess';
325
-
326
- if ( file_exists($wpadminHtaccess) ) {
327
- $check_string_wpadmin = file_get_contents($wpadminHtaccess);
328
- }
329
-
330
- if ( isset($MMoptions['bps_maint_on_off']) && $MMoptions['bps_maint_on_off'] == 'On' && isset($MMoptions['bps_maint_dashboard_reminder']) && $MMoptions['bps_maint_dashboard_reminder'] == '1' ) {
331
 
332
- if ( strpos( $check_string_index, "BEGIN BPS MAINTENANCE MODE IP" ) && ! strpos( $check_string_wpadmin, "BEGIN BPS MAINTENANCE MODE IP" ) ) {
333
- $text = '<div class="update-nag" style="background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="blue">'.__('Reminder: Frontend Maintenance Mode is Turned On.', 'bulletproof-security').'</font></div>';
334
- echo $text;
335
- } elseif ( ! strpos( $check_string_index, "BEGIN BPS MAINTENANCE MODE IP" ) && strpos( $check_string_wpadmin, "BEGIN BPS MAINTENANCE MODE IP" ) ) {
336
- $text = '<div class="update-nag" style=""background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);><font color="blue">'.__('Reminder: Backend Maintenance Mode is Turned On.', 'bulletproof-security').'</font></div>';
337
- echo $text;
338
- } elseif ( strpos( $check_string_index, "BEGIN BPS MAINTENANCE MODE IP" ) && strpos( $check_string_wpadmin, "BEGIN BPS MAINTENANCE MODE IP" ) ) {
339
- $text = '<div class="update-nag" style="background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="blue">'.__('Reminder: Frontend & Backend Maintenance Modes are Turned On.', 'bulletproof-security').'</font></div>';
340
- echo $text;
 
341
  }
342
- }
343
- }
344
 
345
- if ( is_multisite() ) {
346
- global $current_blog, $blog_id;
347
-
348
- $root_folder_maintenance_values = ABSPATH . 'bps-maintenance-values.php';
349
- if ( file_exists($root_folder_maintenance_values) ) {
350
- $check_string_values = file_get_contents($root_folder_maintenance_values);
351
- }
352
-
353
- $indexPHP = ABSPATH . 'index.php';
354
- if ( file_exists($indexPHP) ) {
355
- $check_string_index = file_get_contents($indexPHP);
356
- }
357
-
358
- $wpadminHtaccess = ABSPATH . 'wp-admin/.htaccess';
359
- if ( file_exists($wpadminHtaccess) ) {
360
- $check_string_wpadmin = file_get_contents($wpadminHtaccess);
361
- }
362
-
363
- if ( $blog_id == 1 && isset($MMoptions['bps_maint_dashboard_reminder']) && $MMoptions['bps_maint_dashboard_reminder'] == '1' ) {
364
-
365
- if ( strpos( $check_string_values, '$all_sites = \'1\';' ) ) {
366
- $text = '<div class="update-nag" style="background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="blue">'.__('Reminder: Frontend Maintenance Mode is Turned On for The Primary Site and All Subsites.', 'bulletproof-security').'</font></div>';
367
- echo $text;
368
  }
369
-
370
- if ( strpos( $check_string_values, '$all_subsites = \'1\';' ) ) {
371
- $text = '<div class="update-nag" style="background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="blue">'.__('Reminder: Frontend Maintenance Mode is Turned On for All Subsites, but Not The Primary Site.', 'bulletproof-security').'</font></div>';
372
- echo $text;
373
- }
374
 
375
- if ( isset($MMoptions['bps_maint_on_off']) && $MMoptions['bps_maint_on_off'] == 'On' ) {
376
-
377
- if ( strpos( $check_string_index, '$primary_site_status = \'On\';' ) && ! strpos( $check_string_wpadmin, "BEGIN BPS MAINTENANCE MODE IP" ) ) {
378
- $text = '<div class="update-nag" style="background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="blue">'.__('Reminder: Frontend Maintenance Mode is Turned On.', 'bulletproof-security').'</font></div>';
379
- echo $text;
380
- } elseif ( !strpos($check_string_index, '$primary_site_status = \'On\';') && strpos($check_string_wpadmin, "BEGIN BPS MAINTENANCE MODE IP") ) {
381
- $text = '<div class="update-nag" style="background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="blue">'.__('Reminder: Backend Maintenance Mode is Turned On.', 'bulletproof-security').'</font></div>';
382
- echo $text;
383
- } elseif ( strpos($check_string_index, '$primary_site_status = \'On\';') && strpos($check_string_wpadmin, "BEGIN BPS MAINTENANCE MODE IP") ) {
384
- $text = '<div class="update-nag" style="background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="blue">'.__('Reminder: Frontend & Backend Maintenance Modes are Turned On.', 'bulletproof-security').'</font></div>';
385
- echo $text;
 
386
  }
387
  }
388
- }
389
-
390
- if ( $blog_id != 1 ) {
391
-
392
- if ( is_subdomain_install() ) {
393
 
394
- $subsite_remove_slashes = str_replace( '.', "-", $current_blog->domain );
 
395
 
396
- } else {
 
 
 
 
 
 
 
 
 
 
 
 
 
397
 
398
- $subsite_remove_slashes = str_replace( '/', "", $current_blog->path );
399
- }
 
 
 
 
400
 
401
- $subsite_maintenance_file = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/bps-maintenance-'.$subsite_remove_slashes.'.php';
402
-
403
- if ( strpos( $check_string_values, '$all_sites = \'1\';' ) ) {
404
- $text = '<div class="update-nag" style="background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="blue">'.__('Reminder: Frontend Maintenance Mode is Turned On for The Primary Site and All Subsites.', 'bulletproof-security').'</font></div>';
405
- echo $text;
 
 
 
 
 
 
 
 
 
 
 
 
 
406
  }
407
 
408
- if ( strpos( $check_string_values, '$all_subsites = \'1\';' ) ) {
409
- $text = '<div class="update-nag" style="background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="blue">'.__('Reminder: Frontend Maintenance Mode is Turned On for All Subsites, but Not The Primary Site.', 'bulletproof-security').'</font></div>';
410
- echo $text;
411
- }
 
412
 
413
- if ( isset($MMoptions['bps_maint_on_off']) && $MMoptions['bps_maint_on_off'] == 'On' && isset($MMoptions['bps_maint_dashboard_reminder']) && $MMoptions['bps_maint_dashboard_reminder'] == '1' ) {
414
-
415
- if ( file_exists($subsite_maintenance_file) && ! strpos( $check_string_wpadmin, "BEGIN BPS MAINTENANCE MODE IP" ) ) {
416
- $text = '<div class="update-nag" style="background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="blue">'.__('Reminder: Frontend Maintenance Mode is Turned On.', 'bulletproof-security').'</font></div>';
417
- echo $text;
418
- } elseif ( ! file_exists($subsite_maintenance_file) && strpos( $check_string_wpadmin, "BEGIN BPS MAINTENANCE MODE IP" ) ) {
419
- $text = '<div class="update-nag" style="background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="blue">'.__('Reminder: Backend Maintenance Mode is Turned On.', 'bulletproof-security').'</font></div>';
420
- echo $text;
421
- } elseif ( file_exists($subsite_maintenance_file) && strpos( $check_string_wpadmin, "BEGIN BPS MAINTENANCE MODE IP" ) ) {
422
- $text = '<div class="update-nag" style="background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="blue">'.__('Reminder: Frontend & Backend Maintenance Modes are Turned On.', 'bulletproof-security').'</font></div>';
423
- echo $text;
424
- }
425
- }
426
- }
427
- } // end is multisite
428
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
429
  }
430
 
431
  add_action('admin_notices', 'bpsPro_mmode_dashboard_alert');
@@ -567,45 +567,45 @@ function bpsPro_post_request_protection_check() {
567
 
568
  $bps_customcode_three = preg_replace('/RewriteCond\s%\{REQUEST_METHOD\}\sPOST\s\[NC\]/s', "RewriteCond %{REQUEST_METHOD} POST [NC]\n# NEVER COMMENT OUT THIS LINE OF CODE BELOW FOR ANY REASON\nRewriteCond %{REQUEST_URI} !^.*/wp-admin/ [NC]\n# Whitelist the WordPress Theme Customizer\nRewriteCond %{HTTP_REFERER} !^.*/wp-admin/customize.php", htmlspecialchars_decode( $CC_options['bps_customcode_three'], ENT_QUOTES ) );
569
 
570
- if ( ! is_multisite() ) {
571
-
572
- $Root_CC_Options = array(
573
- 'bps_customcode_one' => $CC_options['bps_customcode_one'],
574
- 'bps_customcode_server_signature' => $CC_options['bps_customcode_server_signature'],
575
- 'bps_customcode_directory_index' => $CC_options['bps_customcode_directory_index'],
576
- 'bps_customcode_server_protocol' => $CC_options['bps_customcode_server_protocol'],
577
- 'bps_customcode_error_logging' => $CC_options['bps_customcode_error_logging'],
578
- 'bps_customcode_deny_dot_folders' => $CC_options['bps_customcode_deny_dot_folders'],
579
- 'bps_customcode_admin_includes' => $CC_options['bps_customcode_admin_includes'],
580
- 'bps_customcode_wp_rewrite_start' => $CC_options['bps_customcode_wp_rewrite_start'],
581
- 'bps_customcode_request_methods' => $CC_options['bps_customcode_request_methods'],
582
- 'bps_customcode_two' => $CC_options['bps_customcode_two'],
583
- 'bps_customcode_timthumb_misc' => $CC_options['bps_customcode_timthumb_misc'],
584
- 'bps_customcode_bpsqse' => $CC_options['bps_customcode_bpsqse'],
585
- 'bps_customcode_deny_files' => $CC_options['bps_customcode_deny_files'],
586
- 'bps_customcode_three' => $bps_customcode_three
587
- );
588
-
589
- } else {
590
 
591
- $Root_CC_Options = array(
592
- 'bps_customcode_one' => $CC_options['bps_customcode_one'],
593
- 'bps_customcode_server_signature' => $CC_options['bps_customcode_server_signature'],
594
- 'bps_customcode_directory_index' => $CC_options['bps_customcode_directory_index'],
595
- 'bps_customcode_server_protocol' => $CC_options['bps_customcode_server_protocol'],
596
- 'bps_customcode_error_logging' => $CC_options['bps_customcode_error_logging'],
597
- 'bps_customcode_deny_dot_folders' => $CC_options['bps_customcode_deny_dot_folders'],
598
- 'bps_customcode_admin_includes' => $CC_options['bps_customcode_admin_includes'],
599
- 'bps_customcode_wp_rewrite_start' => $CC_options['bps_customcode_wp_rewrite_start'],
600
- 'bps_customcode_request_methods' => $CC_options['bps_customcode_request_methods'],
601
- 'bps_customcode_two' => $CC_options['bps_customcode_two'],
602
- 'bps_customcode_timthumb_misc' => $CC_options['bps_customcode_timthumb_misc'],
603
- 'bps_customcode_bpsqse' => $CC_options['bps_customcode_bpsqse'],
604
- 'bps_customcode_wp_rewrite_end' => $CC_options['bps_customcode_wp_rewrite_end'],
605
- 'bps_customcode_deny_files' => $CC_options['bps_customcode_deny_files'],
606
- 'bps_customcode_three' => $bps_customcode_three
607
- );
608
- }
 
 
609
 
610
  foreach( $Root_CC_Options as $key => $value ) {
611
  update_option('bulletproof_security_options_customcode', $Root_CC_Options);
@@ -617,7 +617,37 @@ function bpsPro_post_request_protection_check() {
617
  // Note: cannot check defined('WP_DEBUG_DISPLAY') && true == WP_DEBUG_DISPLAY because it is turned On and is true by default.
618
  function bpsPro_wp_debug_check() {
619
 
620
- if ( preg_match( '/page=bulletproof-security\/admin\/wizard\/wizard.php/', esc_html($_SERVER['QUERY_STRING']) ) ) {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
621
 
622
  if ( defined('WP_DEBUG') && true == WP_DEBUG || defined('WP_DEBUG_LOG') && true == WP_DEBUG_LOG ) {
623
  echo '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
@@ -919,8 +949,9 @@ function bpsPro_mu_tools_plugin_copy() {
919
  $pos5 = strpos( $check_string, 'Version: 5.0' );
920
  $pos6 = strpos( $check_string, 'Version: 6.0' );
921
  $pos7 = strpos( $check_string, 'Version: 7.0' );
 
922
 
923
- if ( $pos1 !== false || $pos2 !== false || $pos3 !== false || $pos4 !== false || $pos5 !== false || $pos6 !== false || $pos7 !== false ) {
924
  copy($BPS_MU_tools, $BPS_MU_tools_copy);
925
  }
926
  }
@@ -1110,7 +1141,7 @@ function bpsPro_presave_mscan_options() {
1110
  );
1111
 
1112
  $mscan_successMessage = __(' DB Option created or updated Successfully!', 'bulletproof-security');
1113
- $mscan_dir_successMessage = __(' Hosting Account Root Folder Option setup or updated Successfully!', 'bulletproof-security');
1114
  $successTextBegin = '<font color="green"><strong>';
1115
  $successTextEnd = '</strong></font><br>';
1116
 
@@ -1118,7 +1149,7 @@ function bpsPro_presave_mscan_options() {
1118
  update_option('bulletproof_security_options_MScan', $MS_Options);
1119
 
1120
  if ( esc_html($_SERVER['QUERY_STRING']) == 'page=bulletproof-security/admin/wizard/wizard.php' ) {
1121
- //echo $successTextBegin.$key.$mscan_successMessage.$successTextEnd;
1122
  }
1123
  }
1124
 
@@ -1128,10 +1159,27 @@ function bpsPro_presave_mscan_options() {
1128
  if ( $MScan_options['bps_mscan_dirs'] != '' ) {
1129
 
1130
  foreach ( $MScan_options['bps_mscan_dirs'] as $key => $value ) {
1131
- //echo $successTextBegin.$key.$mscan_dir_successMessage.$successTextEnd;
1132
  }
1133
  }
1134
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1135
  }
1136
 
1137
  // 4.4: BugFix: Remove the whitespace between WP and Rocket skip/bypass rule if it exists so that the HUD AutoFix function does not detect it.
@@ -1285,6 +1333,10 @@ function bpsPro_new_version_db_options_files_autoupdate() {
1285
 
1286
  $user_id = $current_user->ID;
1287
 
 
 
 
 
1288
  // 5.2: Delete the DB Backup Log file if it contains: Zip Backup File Name
1289
  // Note: A new blank DB Backup Log file is automatically created on page load.
1290
  $bpsProDBBLogARQ = WP_CONTENT_DIR . '/bps-backup/logs/db_backup_log.txt';
@@ -1299,13 +1351,82 @@ function bpsPro_new_version_db_options_files_autoupdate() {
1299
  }
1300
  }
1301
 
 
 
 
1302
  // 4.8: MScan new feature Dismiss Notice - only displayed to people who have upgraded BPS. Not new installations of BPS.
1303
- if ( ! get_option('bulletproof_security_options_new_feature') ) {
 
 
1304
 
1305
- $bps_mscan_rebuild = array( 'bps_mscan_rebuild' => 'upgrade' );
1306
 
1307
  foreach( $bps_mscan_rebuild as $key => $value ) {
1308
  update_option('bulletproof_security_options_new_feature', $bps_mscan_rebuild);
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1309
  }
1310
  }
1311
 
53
 
54
  if ( file_exists($secure_htaccess_file) ) {
55
  $bpsString = file_get_contents($secure_htaccess_file);
56
+ echo esc_textarea($bpsString);
57
  } else {
58
  $bps_plugin_dir = str_replace( ABSPATH, '', WP_PLUGIN_DIR );
59
  _e('The secure.htaccess file either does not exist or is not named correctly. Check the /', 'bulletproof-security').$bps_plugin_dir.__('/bulletproof-security/admin/htaccess/ folder to make sure the secure.htaccess file exists and is named secure.htaccess.', 'bulletproof-security');
65
 
66
  if ( file_exists($default_htaccess_file) ) {
67
  $bpsString = file_get_contents($default_htaccess_file);
68
+ echo esc_textarea($bpsString);
69
  } else {
70
  $bps_plugin_dir = str_replace( ABSPATH, '', WP_PLUGIN_DIR );
71
  _e('The default.htaccess file either does not exist or is not named correctly. Check the /', 'bulletproof-security').$bps_plugin_dir.__('/bulletproof-security/admin/htaccess/ folder to make sure the default.htaccess file exists and is named default.htaccess.', 'bulletproof-security');
77
 
78
  if ( file_exists($wpadmin_htaccess_file) ) {
79
  $bpsString = file_get_contents($wpadmin_htaccess_file);
80
+ echo esc_textarea($bpsString);
81
  } else {
82
  $bps_plugin_dir = str_replace( ABSPATH, '', WP_PLUGIN_DIR );
83
  _e('The wpadmin-secure.htaccess file either does not exist or is not named correctly. Check the /', 'bulletproof-security').$bps_plugin_dir.__('/bulletproof-security/admin/htaccess/ folder to make sure the wpadmin-secure.htaccess file exists and is named wpadmin-secure.htaccess.', 'bulletproof-security');
90
 
91
  if ( file_exists($root_htaccess_file) ) {
92
  $bpsString = file_get_contents($root_htaccess_file);
93
+ echo esc_textarea($bpsString);
94
  } else {
95
  _e('An htaccess file was not found in your website root folder.', 'bulletproof-security');
96
  }
102
 
103
  if ( file_exists($current_wpadmin_htaccess_file) ) {
104
  $bpsString = file_get_contents($current_wpadmin_htaccess_file);
105
+ echo esc_textarea($bpsString);
106
  } else {
107
  _e('An htaccess file was not found in your wp-admin folder.', 'bulletproof-security');
108
  }
162
  function bpsGetDomainRoot() {
163
 
164
  if ( is_admin() && current_user_can('manage_options') ) {
165
+ if ( isset( $_SERVER['SERVER_NAME'] ) ) {
 
 
 
166
 
167
+ $ServerName = str_replace( 'www.', "", esc_html( $_SERVER['SERVER_NAME'] ) );
168
+ return $ServerName;
169
+
170
+ } else {
171
+ $ServerName = str_replace( 'www.', "", esc_html( $_SERVER['HTTP_HOST'] ) );
172
+ return $ServerName;
173
+ }
174
  }
175
  }
176
 
305
  // Maintenance Mode On Dashboard Alert
306
  function bpsPro_mmode_dashboard_alert() {
307
 
308
+ if ( current_user_can('manage_options') ) {
 
 
 
 
 
 
 
 
309
 
310
+ $MMoptions = get_option('bulletproof_security_options_maint_mode');
 
 
 
 
 
 
 
 
 
 
 
 
311
 
312
+ if ( ! is_multisite() ) {
313
+
314
+ if ( ! get_option('bulletproof_security_options_maint_mode') || isset($MMoptions['bps_maint_on_off']) && $MMoptions['bps_maint_on_off'] == 'Off' ) {
315
+ return;
316
+ }
317
+
318
+ $indexPHP = ABSPATH . 'index.php';
319
+
320
+ if ( file_exists($indexPHP) ) {
321
+ $check_string_index = file_get_contents($indexPHP);
322
  }
 
 
323
 
324
+ $wpadminHtaccess = ABSPATH . 'wp-admin/.htaccess';
325
+
326
+ if ( file_exists($wpadminHtaccess) ) {
327
+ $check_string_wpadmin = file_get_contents($wpadminHtaccess);
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
328
  }
 
 
 
 
 
329
 
330
+ if ( isset($MMoptions['bps_maint_on_off']) && $MMoptions['bps_maint_on_off'] == 'On' && isset($MMoptions['bps_maint_dashboard_reminder']) && $MMoptions['bps_maint_dashboard_reminder'] == '1' ) {
331
+
332
+ if ( strpos( $check_string_index, "BEGIN BPS MAINTENANCE MODE IP" ) && ! strpos( $check_string_wpadmin, "BEGIN BPS MAINTENANCE MODE IP" ) ) {
333
+ $text = '<div class="update-nag" style="background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="blue">'.__('Reminder: Frontend Maintenance Mode is Turned On.', 'bulletproof-security').'</font></div>';
334
+ echo $text;
335
+ } elseif ( ! strpos( $check_string_index, "BEGIN BPS MAINTENANCE MODE IP" ) && strpos( $check_string_wpadmin, "BEGIN BPS MAINTENANCE MODE IP" ) ) {
336
+ $text = '<div class="update-nag" style=""background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);><font color="blue">'.__('Reminder: Backend Maintenance Mode is Turned On.', 'bulletproof-security').'</font></div>';
337
+ echo $text;
338
+ } elseif ( strpos( $check_string_index, "BEGIN BPS MAINTENANCE MODE IP" ) && strpos( $check_string_wpadmin, "BEGIN BPS MAINTENANCE MODE IP" ) ) {
339
+ $text = '<div class="update-nag" style="background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="blue">'.__('Reminder: Frontend & Backend Maintenance Modes are Turned On.', 'bulletproof-security').'</font></div>';
340
+ echo $text;
341
+ }
342
  }
343
  }
 
 
 
 
 
344
 
345
+ if ( is_multisite() ) {
346
+ global $current_blog, $blog_id;
347
 
348
+ $root_folder_maintenance_values = ABSPATH . 'bps-maintenance-values.php';
349
+ if ( file_exists($root_folder_maintenance_values) ) {
350
+ $check_string_values = file_get_contents($root_folder_maintenance_values);
351
+ }
352
+
353
+ $indexPHP = ABSPATH . 'index.php';
354
+ if ( file_exists($indexPHP) ) {
355
+ $check_string_index = file_get_contents($indexPHP);
356
+ }
357
+
358
+ $wpadminHtaccess = ABSPATH . 'wp-admin/.htaccess';
359
+ if ( file_exists($wpadminHtaccess) ) {
360
+ $check_string_wpadmin = file_get_contents($wpadminHtaccess);
361
+ }
362
 
363
+ if ( $blog_id == 1 && isset($MMoptions['bps_maint_dashboard_reminder']) && $MMoptions['bps_maint_dashboard_reminder'] == '1' ) {
364
+
365
+ if ( strpos( $check_string_values, '$all_sites = \'1\';' ) ) {
366
+ $text = '<div class="update-nag" style="background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="blue">'.__('Reminder: Frontend Maintenance Mode is Turned On for The Primary Site and All Subsites.', 'bulletproof-security').'</font></div>';
367
+ echo $text;
368
+ }
369
 
370
+ if ( strpos( $check_string_values, '$all_subsites = \'1\';' ) ) {
371
+ $text = '<div class="update-nag" style="background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="blue">'.__('Reminder: Frontend Maintenance Mode is Turned On for All Subsites, but Not The Primary Site.', 'bulletproof-security').'</font></div>';
372
+ echo $text;
373
+ }
374
+
375
+ if ( isset($MMoptions['bps_maint_on_off']) && $MMoptions['bps_maint_on_off'] == 'On' ) {
376
+
377
+ if ( strpos( $check_string_index, '$primary_site_status = \'On\';' ) && ! strpos( $check_string_wpadmin, "BEGIN BPS MAINTENANCE MODE IP" ) ) {
378
+ $text = '<div class="update-nag" style="background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="blue">'.__('Reminder: Frontend Maintenance Mode is Turned On.', 'bulletproof-security').'</font></div>';
379
+ echo $text;
380
+ } elseif ( !strpos($check_string_index, '$primary_site_status = \'On\';') && strpos($check_string_wpadmin, "BEGIN BPS MAINTENANCE MODE IP") ) {
381
+ $text = '<div class="update-nag" style="background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="blue">'.__('Reminder: Backend Maintenance Mode is Turned On.', 'bulletproof-security').'</font></div>';
382
+ echo $text;
383
+ } elseif ( strpos($check_string_index, '$primary_site_status = \'On\';') && strpos($check_string_wpadmin, "BEGIN BPS MAINTENANCE MODE IP") ) {
384
+ $text = '<div class="update-nag" style="background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="blue">'.__('Reminder: Frontend & Backend Maintenance Modes are Turned On.', 'bulletproof-security').'</font></div>';
385
+ echo $text;
386
+ }
387
+ }
388
  }
389
 
390
+ if ( $blog_id != 1 ) {
391
+
392
+ if ( is_subdomain_install() ) {
393
+
394
+ $subsite_remove_slashes = str_replace( '.', "-", $current_blog->domain );
395
 
396
+ } else {
397
+
398
+ $subsite_remove_slashes = str_replace( '/', "", $current_blog->path );
399
+ }
400
+
401
+ $subsite_maintenance_file = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/bps-maintenance-'.$subsite_remove_slashes.'.php';
402
+
403
+ if ( strpos( $check_string_values, '$all_sites = \'1\';' ) ) {
404
+ $text = '<div class="update-nag" style="background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="blue">'.__('Reminder: Frontend Maintenance Mode is Turned On for The Primary Site and All Subsites.', 'bulletproof-security').'</font></div>';
405
+ echo $text;
406
+ }
407
+
408
+ if ( strpos( $check_string_values, '$all_subsites = \'1\';' ) ) {
409
+ $text = '<div class="update-nag" style="background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="blue">'.__('Reminder: Frontend Maintenance Mode is Turned On for All Subsites, but Not The Primary Site.', 'bulletproof-security').'</font></div>';
410
+ echo $text;
411
+ }
412
+
413
+ if ( isset($MMoptions['bps_maint_on_off']) && $MMoptions['bps_maint_on_off'] == 'On' && isset($MMoptions['bps_maint_dashboard_reminder']) && $MMoptions['bps_maint_dashboard_reminder'] == '1' ) {
414
+
415
+ if ( file_exists($subsite_maintenance_file) && ! strpos( $check_string_wpadmin, "BEGIN BPS MAINTENANCE MODE IP" ) ) {
416
+ $text = '<div class="update-nag" style="background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="blue">'.__('Reminder: Frontend Maintenance Mode is Turned On.', 'bulletproof-security').'</font></div>';
417
+ echo $text;
418
+ } elseif ( ! file_exists($subsite_maintenance_file) && strpos( $check_string_wpadmin, "BEGIN BPS MAINTENANCE MODE IP" ) ) {
419
+ $text = '<div class="update-nag" style="background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="blue">'.__('Reminder: Backend Maintenance Mode is Turned On.', 'bulletproof-security').'</font></div>';
420
+ echo $text;
421
+ } elseif ( file_exists($subsite_maintenance_file) && strpos( $check_string_wpadmin, "BEGIN BPS MAINTENANCE MODE IP" ) ) {
422
+ $text = '<div class="update-nag" style="background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="blue">'.__('Reminder: Frontend & Backend Maintenance Modes are Turned On.', 'bulletproof-security').'</font></div>';
423
+ echo $text;
424
+ }
425
+ }
426
+ }
427
+ } // end is multisite
428
+ }
429
  }
430
 
431
  add_action('admin_notices', 'bpsPro_mmode_dashboard_alert');
567
 
568
  $bps_customcode_three = preg_replace('/RewriteCond\s%\{REQUEST_METHOD\}\sPOST\s\[NC\]/s', "RewriteCond %{REQUEST_METHOD} POST [NC]\n# NEVER COMMENT OUT THIS LINE OF CODE BELOW FOR ANY REASON\nRewriteCond %{REQUEST_URI} !^.*/wp-admin/ [NC]\n# Whitelist the WordPress Theme Customizer\nRewriteCond %{HTTP_REFERER} !^.*/wp-admin/customize.php", htmlspecialchars_decode( $CC_options['bps_customcode_three'], ENT_QUOTES ) );
569
 
570
+ if ( ! is_multisite() ) {
571
+
572
+ $Root_CC_Options = array(
573
+ 'bps_customcode_one' => $CC_options['bps_customcode_one'],
574
+ 'bps_customcode_server_signature' => $CC_options['bps_customcode_server_signature'],
575
+ 'bps_customcode_directory_index' => $CC_options['bps_customcode_directory_index'],
576
+ 'bps_customcode_server_protocol' => $CC_options['bps_customcode_server_protocol'],
577
+ 'bps_customcode_error_logging' => $CC_options['bps_customcode_error_logging'],
578
+ 'bps_customcode_deny_dot_folders' => $CC_options['bps_customcode_deny_dot_folders'],
579
+ 'bps_customcode_admin_includes' => $CC_options['bps_customcode_admin_includes'],
580
+ 'bps_customcode_wp_rewrite_start' => $CC_options['bps_customcode_wp_rewrite_start'],
581
+ 'bps_customcode_request_methods' => $CC_options['bps_customcode_request_methods'],
582
+ 'bps_customcode_two' => $CC_options['bps_customcode_two'],
583
+ 'bps_customcode_timthumb_misc' => $CC_options['bps_customcode_timthumb_misc'],
584
+ 'bps_customcode_bpsqse' => $CC_options['bps_customcode_bpsqse'],
585
+ 'bps_customcode_deny_files' => $CC_options['bps_customcode_deny_files'],
586
+ 'bps_customcode_three' => $bps_customcode_three
587
+ );
 
 
588
 
589
+ } else {
590
+
591
+ $Root_CC_Options = array(
592
+ 'bps_customcode_one' => $CC_options['bps_customcode_one'],
593
+ 'bps_customcode_server_signature' => $CC_options['bps_customcode_server_signature'],
594
+ 'bps_customcode_directory_index' => $CC_options['bps_customcode_directory_index'],
595
+ 'bps_customcode_server_protocol' => $CC_options['bps_customcode_server_protocol'],
596
+ 'bps_customcode_error_logging' => $CC_options['bps_customcode_error_logging'],
597
+ 'bps_customcode_deny_dot_folders' => $CC_options['bps_customcode_deny_dot_folders'],
598
+ 'bps_customcode_admin_includes' => $CC_options['bps_customcode_admin_includes'],
599
+ 'bps_customcode_wp_rewrite_start' => $CC_options['bps_customcode_wp_rewrite_start'],
600
+ 'bps_customcode_request_methods' => $CC_options['bps_customcode_request_methods'],
601
+ 'bps_customcode_two' => $CC_options['bps_customcode_two'],
602
+ 'bps_customcode_timthumb_misc' => $CC_options['bps_customcode_timthumb_misc'],
603
+ 'bps_customcode_bpsqse' => $CC_options['bps_customcode_bpsqse'],
604
+ 'bps_customcode_wp_rewrite_end' => $CC_options['bps_customcode_wp_rewrite_end'],
605
+ 'bps_customcode_deny_files' => $CC_options['bps_customcode_deny_files'],
606
+ 'bps_customcode_three' => $bps_customcode_three
607
+ );
608
+ }
609
 
610
  foreach( $Root_CC_Options as $key => $value ) {
611
  update_option('bulletproof_security_options_customcode', $Root_CC_Options);
617
  // Note: cannot check defined('WP_DEBUG_DISPLAY') && true == WP_DEBUG_DISPLAY because it is turned On and is true by default.
618
  function bpsPro_wp_debug_check() {
619
 
620
+ if ( preg_match( '/page=bulletproof-security\/admin\/mscan\/mscan.php/', esc_html($_SERVER['QUERY_STRING']) ) ) {
621
+
622
+ if ( defined('WP_DEBUG') && true == WP_DEBUG || defined('WP_DEBUG_LOG') && true == WP_DEBUG_LOG ) {
623
+ echo '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
624
+ }
625
+
626
+ if ( defined('WP_DEBUG') && true == WP_DEBUG ) {
627
+
628
+ $text = '<strong><font color="#fb0101">'.__('WordPress Debugging is turned On in your wp-config.php file', 'bulletproof-security').'</font><br>'.__('Turn Off WordPress Debugging before running an MScan Scan.', 'bulletproof-security').'<br>'.__('You are currently using ', 'bulletproof-security').'define(\'WP_DEBUG\', true)'.__(' in your wp-config.php file. To turn WP Debugging Off, change true to false in your wp-config.php file.', 'bulletproof-security').'</strong><br>';
629
+ echo $text;
630
+ }
631
+
632
+ if ( defined('WP_DEBUG_LOG') && true == WP_DEBUG_LOG ) {
633
+
634
+ $bpsPro_error_log_string = ini_get('error_log');
635
+ $debug_log_wp = 'debug.log';
636
+ $debug_log_pos = strpos( $bpsPro_error_log_string, $debug_log_wp );
637
+
638
+ if ( $debug_log_pos !== false ) {
639
+
640
+ $text = '<strong><font color="#fb0101">'.__('WordPress Debug Logging is turned On in your wp-config.php file', 'bulletproof-security').'</font><br>'.__('Turn Off WordPress Debug Logging before running an MScan Scan.', 'bulletproof-security').'<br>'.__('You are currently using ', 'bulletproof-security').'define(\'WP_DEBUG_LOG\', true)'.__(' in your wp-config.php file. To turn WP Debug Logging Off, change true to false in your wp-config.php file.', 'bulletproof-security').'</strong><br>';
641
+ echo $text;
642
+
643
+ }
644
+ }
645
+
646
+ if ( defined('WP_DEBUG') && true == WP_DEBUG || defined('WP_DEBUG_LOG') && true == WP_DEBUG_LOG ) {
647
+ echo '</p></div>';
648
+ }
649
+
650
+ } elseif ( preg_match( '/page=bulletproof-security\/admin\/wizard\/wizard.php/', esc_html($_SERVER['QUERY_STRING']) ) ) {
651
 
652
  if ( defined('WP_DEBUG') && true == WP_DEBUG || defined('WP_DEBUG_LOG') && true == WP_DEBUG_LOG ) {
653
  echo '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
949
  $pos5 = strpos( $check_string, 'Version: 5.0' );
950
  $pos6 = strpos( $check_string, 'Version: 6.0' );
951
  $pos7 = strpos( $check_string, 'Version: 7.0' );
952
+ $pos8 = strpos( $check_string, 'Version: 8.0' );
953
 
954
+ if ( $pos1 !== false || $pos2 !== false || $pos3 !== false || $pos4 !== false || $pos5 !== false || $pos6 !== false || $pos7 !== false || $pos8 !== false ) {
955
  copy($BPS_MU_tools, $BPS_MU_tools_copy);
956
  }
957
  }
1141
  );
1142
 
1143
  $mscan_successMessage = __(' DB Option created or updated Successfully!', 'bulletproof-security');
1144
+ $mscan_dir_successMessage = __(' Folder name option saved or updated Successfully!', 'bulletproof-security');
1145
  $successTextBegin = '<font color="green"><strong>';
1146
  $successTextEnd = '</strong></font><br>';
1147
 
1149
  update_option('bulletproof_security_options_MScan', $MS_Options);
1150
 
1151
  if ( esc_html($_SERVER['QUERY_STRING']) == 'page=bulletproof-security/admin/wizard/wizard.php' ) {
1152
+ echo $successTextBegin.$key.$mscan_successMessage.$successTextEnd;
1153
  }
1154
  }
1155
 
1159
  if ( $MScan_options['bps_mscan_dirs'] != '' ) {
1160
 
1161
  foreach ( $MScan_options['bps_mscan_dirs'] as $key => $value ) {
1162
+ echo $successTextBegin.$key.$mscan_dir_successMessage.$successTextEnd;
1163
  }
1164
  }
1165
  }
1166
+
1167
+ $mscan_hash_status_options_db = array(
1168
+ 'mscan_wp_core_hash_status' => '',
1169
+ 'mscan_wp_core_hash_count' => '',
1170
+ 'mscan_plugin_hash_status' => '',
1171
+ 'mscan_plugin_hash_count' => '',
1172
+ 'mscan_theme_hash_status' => '',
1173
+ 'mscan_theme_hash_count' => ''
1174
+ );
1175
+
1176
+ foreach( $mscan_hash_status_options_db as $key => $value ) {
1177
+ update_option('bulletproof_security_options_mscan_hash_status', $mscan_hash_status_options_db);
1178
+
1179
+ if ( esc_html($_SERVER['QUERY_STRING']) == 'page=bulletproof-security/admin/wizard/wizard.php' ) {
1180
+ echo $successTextBegin.$key.$mscan_successMessage.$successTextEnd;
1181
+ }
1182
+ }
1183
  }
1184
 
1185
  // 4.4: BugFix: Remove the whitespace between WP and Rocket skip/bypass rule if it exists so that the HUD AutoFix function does not detect it.
1333
 
1334
  $user_id = $current_user->ID;
1335
 
1336
+ // 5.8: Delete the BPS Pro Sales Notice dismiss notice on upgrade
1337
+ // The sales notice conditions are based on time. It is only displayed during the sale time period in the HUD Dismiss function.
1338
+ delete_user_meta($user_id, 'bpsPro_ignore_bpspro_sale_notice');
1339
+
1340
  // 5.2: Delete the DB Backup Log file if it contains: Zip Backup File Name
1341
  // Note: A new blank DB Backup Log file is automatically created on page load.
1342
  $bpsProDBBLogARQ = WP_CONTENT_DIR . '/bps-backup/logs/db_backup_log.txt';
1351
  }
1352
  }
1353
 
1354
+ // 5.8: MScan new feature Dismiss Notice - displayed to people who have upgraded + people who got the last MScan Notice = upgrade.
1355
+ // 5.8: Automatically delete and reset the old MScan DB options if older new feature db values exist and update the new feature db values.
1356
+ // + people who have the bps_mscan_rebuild = "new" value.
1357
  // 4.8: MScan new feature Dismiss Notice - only displayed to people who have upgraded BPS. Not new installations of BPS.
1358
+ $new_feature_options = get_option('bulletproof_security_options_new_feature');
1359
+
1360
+ if ( ! get_option('bulletproof_security_options_new_feature') || isset($new_feature_options['bps_mscan_rebuild']) && $new_feature_options['bps_mscan_rebuild'] == 'upgrade' || isset($new_feature_options['bps_mscan_rebuild']) && $new_feature_options['bps_mscan_rebuild'] == 'new' ) {
1361
 
1362
+ $bps_mscan_rebuild = array( 'bps_mscan_rebuild' => 'upgrade2' );
1363
 
1364
  foreach( $bps_mscan_rebuild as $key => $value ) {
1365
  update_option('bulletproof_security_options_new_feature', $bps_mscan_rebuild);
1366
+ }
1367
+
1368
+ delete_user_meta($user_id, 'bpsPro_hud_new_feature_notice');
1369
+
1370
+ delete_option('bulletproof_security_options_mscan_plugin_hash');
1371
+ delete_option('bulletproof_security_options_mscan_p_hash_new');
1372
+ delete_option('bulletproof_security_options_mscan_theme_hash');
1373
+ delete_option('bulletproof_security_options_mscan_t_hash_new');
1374
+ delete_option('bulletproof_security_options_mscan_nodownload');
1375
+
1376
+ $MStable_name = $wpdb->prefix . "bpspro_mscan";
1377
+ $wpdb_collate = $wpdb->collate;
1378
+
1379
+ $wpdb->query("DROP TABLE IF EXISTS $MStable_name");
1380
+
1381
+ if ( $wpdb->get_var( $wpdb->prepare( "SHOW TABLES LIKE %s", $MStable_name ) ) != $MStable_name ) {
1382
+
1383
+ $sql = "CREATE TABLE $MStable_name (
1384
+ mscan_id bigint(20) NOT NULL auto_increment,
1385
+ mscan_status varchar(8) NOT NULL default '',
1386
+ mscan_type varchar(16) NOT NULL default '',
1387
+ mscan_path text NOT NULL,
1388
+ mscan_pattern text NOT NULL,
1389
+ mscan_skipped varchar(7) NOT NULL default '',
1390
+ mscan_ignored varchar(6) NOT NULL default '',
1391
+ mscan_db_table varchar(64) NOT NULL default '',
1392
+ mscan_db_column varchar(64) NOT NULL default '',
1393
+ mscan_db_pkid text NOT NULL,
1394
+ mscan_time datetime NOT NULL default '0000-00-00 00:00:00',
1395
+ PRIMARY KEY (mscan_id),
1396
+ UNIQUE KEY id (mscan_id)
1397
+ )
1398
+ COLLATE {$wpdb_collate};";
1399
+
1400
+ require_once ABSPATH . 'wp-admin/includes/upgrade.php';
1401
+ dbDelta($sql);
1402
+ }
1403
+
1404
+ $MScan_status = get_option('bulletproof_security_options_MScan_status');
1405
+
1406
+ $MScan_status_db = array(
1407
+ 'bps_mscan_time_start' => '',
1408
+ 'bps_mscan_time_stop' => '',
1409
+ 'bps_mscan_time_end' => '',
1410
+ 'bps_mscan_time_remaining' => '',
1411
+ 'bps_mscan_status' => '1',
1412
+ 'bps_mscan_last_scan_timestamp' => '',
1413
+ 'bps_mscan_total_time' => '',
1414
+ 'bps_mscan_total_website_files' => '',
1415
+ 'bps_mscan_total_wp_core_files' => '',
1416
+ 'bps_mscan_total_non_image_files' => '',
1417
+ 'bps_mscan_total_image_files' => '',
1418
+ 'bps_mscan_total_all_scannable_files' => '',
1419
+ 'bps_mscan_total_skipped_files' => '',
1420
+ 'bps_mscan_total_suspect_files' => '',
1421
+ 'bps_mscan_suspect_skipped_files' => '',
1422
+ 'bps_mscan_total_suspect_db' => '',
1423
+ 'bps_mscan_total_ignored_files' => '',
1424
+ 'bps_mscan_total_plugin_files' => '',
1425
+ 'bps_mscan_total_theme_files' => ''
1426
+ );
1427
+
1428
+ foreach( $MScan_status_db as $key => $value ) {
1429
+ update_option('bulletproof_security_options_MScan_status', $MScan_status_db);
1430
  }
1431
  }
1432
 
includes/hidden-plugin-folders-cron.php CHANGED
@@ -71,9 +71,10 @@ function bpsPro_add_cron_intervals($schedules) {
71
  add_action('bpsPro_HPF_check', 'bpsPro_hidden_plugins_check');
72
 
73
  function bpsPro_schedule_HPF_checks() {
74
- global $blog_id;
75
- $options = get_option('bulletproof_security_options_hpf_cron');
76
- $killit = '';
 
77
 
78
  if ( ! get_option('bulletproof_security_options_hpf_cron') || ! $options['bps_hidden_plugins_cron'] || $options['bps_hidden_plugins_cron'] == '' || is_multisite() && $blog_id != 1 ) {
79
  return $killit;
@@ -83,78 +84,77 @@ $killit = '';
83
 
84
  $bpsCronCheck = wp_get_schedule('bpsPro_HPF_check');
85
 
86
- if ( $options['bps_hidden_plugins_cron_frequency'] == '1' ) {
87
- if ( $bpsCronCheck == 'minutes_5' || $bpsCronCheck == 'minutes_10' || $bpsCronCheck == 'minutes_15' || $bpsCronCheck == 'minutes_30' || $bpsCronCheck == 'minutes_60' || $bpsCronCheck == 'daily' ) {
88
- wp_clear_scheduled_hook('bpsPro_HPF_check');
89
- }
90
-
91
- if ( ! wp_next_scheduled( 'bpsPro_HPF_check' ) ) {
92
- wp_schedule_event( time(), 'minutes_1', 'bpsPro_HPF_check');
93
- }
94
- }
95
-
96
- if ( $options['bps_hidden_plugins_cron_frequency'] == '5' ) {
97
- if ( $bpsCronCheck == 'minutes_1' || $bpsCronCheck == 'minutes_10' || $bpsCronCheck == 'minutes_15' || $bpsCronCheck == 'minutes_30' || $bpsCronCheck == 'minutes_60' || $bpsCronCheck == 'daily' ) {
98
- wp_clear_scheduled_hook('bpsPro_HPF_check');
99
- }
100
-
101
- if ( ! wp_next_scheduled('bpsPro_HPF_check') ) {
102
- wp_schedule_event( time(), 'minutes_5', 'bpsPro_HPF_check' );
103
- }
104
- }
105
-
106
- if ( $options['bps_hidden_plugins_cron_frequency'] == '10' ) {
107
- if ( $bpsCronCheck == 'minutes_1' || $bpsCronCheck == 'minutes_5' || $bpsCronCheck == 'minutes_15' || $bpsCronCheck == 'minutes_30' || $bpsCronCheck == 'minutes_60' || $bpsCronCheck == 'daily' ) {
108
- wp_clear_scheduled_hook('bpsPro_HPF_check');
109
- }
110
-
111
- if ( ! wp_next_scheduled('bpsPro_HPF_check') ) {
112
- wp_schedule_event( time(), 'minutes_10', 'bpsPro_HPF_check' );
113
- }
114
- }
115
-
116
- if ( $options['bps_hidden_plugins_cron_frequency'] == '15' ) {
117
- if ( $bpsCronCheck == 'minutes_1' || $bpsCronCheck == 'minutes_5' || $bpsCronCheck == 'minutes_10' || $bpsCronCheck == 'minutes_30' || $bpsCronCheck == 'minutes_60' || $bpsCronCheck == 'daily' ) {
118
- wp_clear_scheduled_hook('bpsPro_HPF_check');
119
- }
120
-
121
- if ( ! wp_next_scheduled('bpsPro_HPF_check') ) {
122
- wp_schedule_event( time(), 'minutes_15', 'bpsPro_HPF_check' );
123
- }
124
- }
125
 
126
- if ( $options['bps_hidden_plugins_cron_frequency'] == '30' ) {
127
- if ( $bpsCronCheck == 'minutes_1' || $bpsCronCheck == 'minutes_5' || $bpsCronCheck == 'minutes_10' || $bpsCronCheck == 'minutes_15' || $bpsCronCheck == 'minutes_60' || $bpsCronCheck == 'daily' ) {
128
- wp_clear_scheduled_hook('bpsPro_HPF_check');
129
- }
130
 
131
- if ( ! wp_next_scheduled('bpsPro_HPF_check') ) {
132
- wp_schedule_event( time(), 'minutes_30', 'bpsPro_HPF_check' );
133
- }
134
- }
135
-
136
- if ( $options['bps_hidden_plugins_cron_frequency'] == '60' ) {
137
- if ( $bpsCronCheck == 'minutes_1' || $bpsCronCheck == 'minutes_5' || $bpsCronCheck == 'minutes_10' || $bpsCronCheck == 'minutes_15' || $bpsCronCheck == 'minutes_30' || $bpsCronCheck == 'daily' ) {
138
- wp_clear_scheduled_hook('bpsPro_HPF_check');
139
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
140
 
141
- if ( ! wp_next_scheduled('bpsPro_HPF_check') ) {
142
- wp_schedule_event( time(), 'minutes_60', 'bpsPro_HPF_check' );
143
- }
144
- }
145
-
146
- if ( $options['bps_hidden_plugins_cron_frequency'] == 'daily' ) {
147
- if ( $bpsCronCheck == 'minutes_1' || $bpsCronCheck == 'minutes_5' || $bpsCronCheck == 'minutes_10' || $bpsCronCheck == 'minutes_15' || $bpsCronCheck == 'minutes_30' || $bpsCronCheck == 'minutes_60' ) {
148
- wp_clear_scheduled_hook('bpsPro_HPF_check');
149
- }
150
 
151
- if ( ! wp_next_scheduled('bpsPro_HPF_check') ) {
152
- wp_schedule_event( time(), 'daily', 'bpsPro_HPF_check' );
153
- }
154
- }
 
 
 
 
 
155
 
156
- }
157
- elseif ( $options['bps_hidden_plugins_cron'] == 'Off' ) {
158
  wp_clear_scheduled_hook('bpsPro_HPF_check');
159
  }
160
  }
@@ -172,17 +172,17 @@ function bpsPro_hidden_plugins_check() {
172
  bpsPro_hidden_plugins_check_alert();
173
  }
174
 
175
- $HPF_options = get_option('bulletproof_security_options_hpf_cron');
176
- // Note: This simply handles displaying a Dashboard alert or not based on the alert value == display_alert.
177
- if ( isset($HPF_options['bps_hidden_plugins_cron_alert']) && $HPF_options['bps_hidden_plugins_cron_alert'] == 'display_alert' ) {
178
-
179
- if ( is_multisite() && $blog_id != 1 ) {
180
- // do nothing
181
- } else {
182
- add_action('admin_notices', 'bpsPro_hidden_plugins_check_alert');
183
- add_action('network_admin_notices', 'bpsPro_hidden_plugins_check_alert');
 
184
  }
185
- }
186
 
187
  // Check for hidden or empty plugin folders & check root /plugins/ folder for unrecognized non-standard WP files.
188
  // Option to Ignore Hidden Plugin Folders & Files.
71
  add_action('bpsPro_HPF_check', 'bpsPro_hidden_plugins_check');
72
 
73
  function bpsPro_schedule_HPF_checks() {
74
+
75
+ global $blog_id;
76
+ $options = get_option('bulletproof_security_options_hpf_cron');
77
+ $killit = '';
78
 
79
  if ( ! get_option('bulletproof_security_options_hpf_cron') || ! $options['bps_hidden_plugins_cron'] || $options['bps_hidden_plugins_cron'] == '' || is_multisite() && $blog_id != 1 ) {
80
  return $killit;
84
 
85
  $bpsCronCheck = wp_get_schedule('bpsPro_HPF_check');
86
 
87
+ if ( $options['bps_hidden_plugins_cron_frequency'] == '1' ) {
88
+ if ( $bpsCronCheck == 'minutes_5' || $bpsCronCheck == 'minutes_10' || $bpsCronCheck == 'minutes_15' || $bpsCronCheck == 'minutes_30' || $bpsCronCheck == 'minutes_60' || $bpsCronCheck == 'daily' ) {
89
+ wp_clear_scheduled_hook('bpsPro_HPF_check');
90
+ }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
91
 
92
+ if ( ! wp_next_scheduled( 'bpsPro_HPF_check' ) ) {
93
+ wp_schedule_event( time(), 'minutes_1', 'bpsPro_HPF_check');
94
+ }
95
+ }
96
 
97
+ if ( $options['bps_hidden_plugins_cron_frequency'] == '5' ) {
98
+ if ( $bpsCronCheck == 'minutes_1' || $bpsCronCheck == 'minutes_10' || $bpsCronCheck == 'minutes_15' || $bpsCronCheck == 'minutes_30' || $bpsCronCheck == 'minutes_60' || $bpsCronCheck == 'daily' ) {
99
+ wp_clear_scheduled_hook('bpsPro_HPF_check');
100
+ }
101
+
102
+ if ( ! wp_next_scheduled('bpsPro_HPF_check') ) {
103
+ wp_schedule_event( time(), 'minutes_5', 'bpsPro_HPF_check' );
104
+ }
105
+ }
106
+
107
+ if ( $options['bps_hidden_plugins_cron_frequency'] == '10' ) {
108
+ if ( $bpsCronCheck == 'minutes_1' || $bpsCronCheck == 'minutes_5' || $bpsCronCheck == 'minutes_15' || $bpsCronCheck == 'minutes_30' || $bpsCronCheck == 'minutes_60' || $bpsCronCheck == 'daily' ) {
109
+ wp_clear_scheduled_hook('bpsPro_HPF_check');
110
+ }
111
+
112
+ if ( ! wp_next_scheduled('bpsPro_HPF_check') ) {
113
+ wp_schedule_event( time(), 'minutes_10', 'bpsPro_HPF_check' );
114
+ }
115
+ }
116
+
117
+ if ( $options['bps_hidden_plugins_cron_frequency'] == '15' ) {
118
+ if ( $bpsCronCheck == 'minutes_1' || $bpsCronCheck == 'minutes_5' || $bpsCronCheck == 'minutes_10' || $bpsCronCheck == 'minutes_30' || $bpsCronCheck == 'minutes_60' || $bpsCronCheck == 'daily' ) {
119
+ wp_clear_scheduled_hook('bpsPro_HPF_check');
120
+ }
121
+
122
+ if ( ! wp_next_scheduled('bpsPro_HPF_check') ) {
123
+ wp_schedule_event( time(), 'minutes_15', 'bpsPro_HPF_check' );
124
+ }
125
+ }
126
+
127
+ if ( $options['bps_hidden_plugins_cron_frequency'] == '30' ) {
128
+ if ( $bpsCronCheck == 'minutes_1' || $bpsCronCheck == 'minutes_5' || $bpsCronCheck == 'minutes_10' || $bpsCronCheck == 'minutes_15' || $bpsCronCheck == 'minutes_60' || $bpsCronCheck == 'daily' ) {
129
+ wp_clear_scheduled_hook('bpsPro_HPF_check');
130
+ }
131
+
132
+ if ( ! wp_next_scheduled('bpsPro_HPF_check') ) {
133
+ wp_schedule_event( time(), 'minutes_30', 'bpsPro_HPF_check' );
134
+ }
135
+ }
136
 
137
+ if ( $options['bps_hidden_plugins_cron_frequency'] == '60' ) {
138
+ if ( $bpsCronCheck == 'minutes_1' || $bpsCronCheck == 'minutes_5' || $bpsCronCheck == 'minutes_10' || $bpsCronCheck == 'minutes_15' || $bpsCronCheck == 'minutes_30' || $bpsCronCheck == 'daily' ) {
139
+ wp_clear_scheduled_hook('bpsPro_HPF_check');
140
+ }
141
+
142
+ if ( ! wp_next_scheduled('bpsPro_HPF_check') ) {
143
+ wp_schedule_event( time(), 'minutes_60', 'bpsPro_HPF_check' );
144
+ }
145
+ }
146
 
147
+ if ( $options['bps_hidden_plugins_cron_frequency'] == 'daily' ) {
148
+ if ( $bpsCronCheck == 'minutes_1' || $bpsCronCheck == 'minutes_5' || $bpsCronCheck == 'minutes_10' || $bpsCronCheck == 'minutes_15' || $bpsCronCheck == 'minutes_30' || $bpsCronCheck == 'minutes_60' ) {
149
+ wp_clear_scheduled_hook('bpsPro_HPF_check');
150
+ }
151
+
152
+ if ( ! wp_next_scheduled('bpsPro_HPF_check') ) {
153
+ wp_schedule_event( time(), 'daily', 'bpsPro_HPF_check' );
154
+ }
155
+ }
156
 
157
+ } elseif ( $options['bps_hidden_plugins_cron'] == 'Off' ) {
 
158
  wp_clear_scheduled_hook('bpsPro_HPF_check');
159
  }
160
  }
172
  bpsPro_hidden_plugins_check_alert();
173
  }
174
 
175
+ $HPF_options = get_option('bulletproof_security_options_hpf_cron');
176
+ // Note: This simply handles displaying a Dashboard alert or not based on the alert value == display_alert.
177
+ if ( isset($HPF_options['bps_hidden_plugins_cron_alert']) && $HPF_options['bps_hidden_plugins_cron_alert'] == 'display_alert' ) {
178
+
179
+ if ( is_multisite() && $blog_id != 1 ) {
180
+ // do nothing
181
+ } else {
182
+ add_action('admin_notices', 'bpsPro_hidden_plugins_check_alert');
183
+ add_action('network_admin_notices', 'bpsPro_hidden_plugins_check_alert');
184
+ }
185
  }
 
186
 
187
  // Check for hidden or empty plugin folders & check root /plugins/ folder for unrecognized non-standard WP files.
188
  // Option to Ignore Hidden Plugin Folders & Files.
includes/hud-dismiss-functions.php CHANGED
@@ -131,19 +131,20 @@ global $wp_rewrite, $is_IIS, $is_iis7, $current_user;
131
  $user_id = $current_user->ID;
132
 
133
  if ( current_user_can('manage_options') && $is_IIS && ! iis7_supports_permalinks() ) {
134
- if ( ! get_user_meta($user_id, 'bps_ignore_iis_notice')) {
135
-
136
- if ( esc_html($_SERVER['QUERY_STRING']) == '' && basename(esc_html($_SERVER['REQUEST_URI'])) != 'wp-admin' ) {
137
- $bps_base = basename(esc_html($_SERVER['REQUEST_URI'])) . '?';
138
- } elseif ( esc_html($_SERVER['QUERY_STRING']) == '' && basename(esc_html($_SERVER['REQUEST_URI'])) == 'wp-admin' ) {
139
- $bps_base = basename( str_replace( 'wp-admin', 'index.php?', esc_html($_SERVER['REQUEST_URI'])));
140
- } else {
141
- $bps_base = str_replace( admin_url(), '', esc_html($_SERVER['REQUEST_URI']) ) . '&';
142
- }
143
-
144
- $text = '<div class="update-nag" style="background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="#fb0101">'.__('WARNING! BPS has detected that your Server is a Windows IIS Server that does not support htaccess rewriting.', 'bulletproof-security').'</font><br>'.__('Do NOT activate BulletProof Modes unless you know what you are doing.', 'bulletproof-security').'<br>'.__('Your Server Type is: ', 'bulletproof-security').esc_html( $_SERVER['SERVER_SOFTWARE'] ).'<br><a href="http://codex.wordpress.org/Using_Permalinks" target="_blank" title="This link will open in a new browser window.">'.__('WordPress Codex - Using Permalinks - see IIS section', 'bulletproof-security').'</a><br>'.__('To Dismiss this Notice click the Dismiss Notice button below. To Reset Dismiss Notices click the Reset|Recheck Dismiss Notices button on the Alerts|Logs|Email Options page.', 'bulletproof-security').'<br><div style="float:left;margin:3px 0px 3px 0px;padding:2px 6px 2px 6px;background-color:#e8e8e8;border:1px solid gray;"><a href="'.$bps_base.'bps_iis_nag_ignore=0'.'" style="text-decoration:none;font-weight:600;">'.__('Dismiss Notice', 'bulletproof-security').'</a></div></div>';
145
- echo $text;
146
- }
 
147
  }
148
  }
149
 
@@ -182,96 +183,96 @@ $user_id = $current_user->ID;
182
  if ( current_user_can('manage_options') ) {
183
  $text = '';
184
 
185
- // Setup Wizard DB option is saved by running the Setup Wizard, on BPS Upgrades & manual BPS setup
186
- if ( ! get_option('bulletproof_security_options_wizard_free') ) {
187
- return;
188
- }
189
-
190
- $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
191
-
192
- if ( $HFiles_options['bps_htaccess_files'] == 'disabled' ) {
193
- return;
194
- }
195
-
196
- if ( esc_html($_SERVER['QUERY_STRING']) == '' && basename(esc_html($_SERVER['REQUEST_URI'])) != 'wp-admin' ) {
197
- $bps_base = basename(esc_html($_SERVER['REQUEST_URI'])) . '?';
198
- } elseif ( esc_html($_SERVER['QUERY_STRING']) == '' && basename(esc_html($_SERVER['REQUEST_URI'])) == 'wp-admin' ) {
199
- $bps_base = basename( str_replace( 'wp-admin', 'index.php?', esc_html($_SERVER['REQUEST_URI'])));
200
- } else {
201
- $bps_base = str_replace( admin_url(), '', esc_html($_SERVER['REQUEST_URI']) ) . '&';
202
- }
203
-
204
- if ( get_user_meta($user_id, 'bps_bonus_code_dismiss_all_notice') && ! get_user_meta($user_id, 'bps_post_request_attack_notice') ) {
205
-
206
- $text = '<div class="update-nag" style="background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="blue">'.__('Bonus Custom Code:', 'bulletproof-security').'</font><br>'.__('Click the links below to get Bonus Custom Code or click the Dismiss Notice links or click this ', 'bulletproof-security').'<span style=""><a href="'.$bps_base.'bps_bonus_code_dismiss_all_nag_ignore=0&bps_post_request_attack_nag_ignore=0'.'" style="">'.__('Dismiss All Notices', 'bulletproof-security').'</a></span>'.__(' link. To Reset Dismiss Notices click the Reset|Recheck Dismiss Notices button on the Alerts|Logs|Email Options page.', 'bulletproof-security').'<br>';
207
-
208
-
209
- $text .= '<div id="BC5" style="margin-top:2px;">'.__('Get ', 'bulletproof-security').'<a href="https://forum.ait-pro.com/forums/topic/post-request-protection-post-attack-protection-post-request-blocker/" title="Protects against POST Request Attacks" target="_blank">'.__('POST Request Attack Protection Code', 'bulletproof-security').'</a>'.__(' or ', 'bulletproof-security').'<span style=""><a href="'.$bps_base.'bps_post_request_attack_nag_ignore=0'.'" style="">'.__('Dismiss Notice', 'bulletproof-security').'</a></span></div>';
210
- echo $text;
211
- echo '</div>';
212
- }
213
 
214
- if ( ! get_user_meta($user_id, 'bps_bonus_code_dismiss_all_notice') ) {
215
-
216
- if ( ! get_user_meta($user_id, 'bps_brute_force_login_protection_notice') || ! get_user_meta($user_id, 'bps_speed_boost_cache_notice') || ! get_user_meta($user_id, 'bps_author_enumeration_notice') || ! get_user_meta($user_id, 'bps_xmlrpc_ddos_notice') || ! get_user_meta($user_id, 'bps_post_request_attack_notice') || ! get_user_meta($user_id, 'bps_sniff_driveby_notice') || ! get_user_meta($user_id, 'bps_iframe_clickjack_notice') ) {
217
-
218
- $text = '<div class="update-nag" style="background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="blue">'.__('Bonus Custom Code:', 'bulletproof-security').'</font><br>'.__('Click the links below to get Bonus Custom Code or click the Dismiss Notice links or click this ', 'bulletproof-security').'<span style=""><a href="'.$bps_base.'bps_bonus_code_dismiss_all_nag_ignore=0&bps_post_request_attack_nag_ignore=0'.'" style="">'.__('Dismiss All Notices', 'bulletproof-security').'</a></span>'.__(' link. To Reset Dismiss Notices click the Reset|Recheck Dismiss Notices button on the Alerts|Logs|Email Options page.', 'bulletproof-security').'<br>';
219
-
220
- }
221
-
222
- if ( ! get_user_meta($user_id, 'bps_brute_force_login_protection_notice') ) {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
223
 
224
- $text .= '<div id="BC1" style="">'.__('Get ', 'bulletproof-security').'<a href="https://forum.ait-pro.com/forums/topic/protect-login-page-from-brute-force-login-attacks/" title="Additional Protection for the Login Page from Brute Force Login Attacks" target="_blank">'.__('Brute Force Login Protection Code', 'bulletproof-security').'</a>'.__(' or ', 'bulletproof-security').'<span style=""><a href="'.$bps_base.'bps_brute_force_login_protection_nag_ignore=0'.'" style="">'.__('Dismiss Notice', 'bulletproof-security').'</a></span></div>';
 
 
 
 
 
 
225
 
226
- }
 
 
 
 
 
 
227
 
228
- if ( ! get_user_meta($user_id, 'bps_speed_boost_cache_notice') ) {
229
-
230
- $text .= '<div id="BC2" style="margin-top:2px;">'.__('Get ', 'bulletproof-security').'<a href="https://forum.ait-pro.com/forums/topic/htaccess-caching-code-speed-boost-cache-code/" title="Speed up your website performance with Browser Cache code" target="_blank">'.__('Speed Boost Cache Code', 'bulletproof-security').'</a>'.__(' or ', 'bulletproof-security').'<span style=""><a href="'.$bps_base.'bps_speed_boost_cache_nag_ignore=0'.'" style="">'.__('Dismiss Notice', 'bulletproof-security').'</a></span></div>';
 
 
231
 
232
- }
 
 
 
 
233
 
234
- if ( ! get_user_meta($user_id, 'bps_author_enumeration_notice') ) {
235
-
236
- $text .= '<div id="BC3" style="margin-top:2px;">'.__('Get ', 'bulletproof-security').'<a href="https://forum.ait-pro.com/forums/topic/wordpress-author-enumeration-bot-probe-protection-author-id-user-id/" title="Protects against hacker and spammer bots finding Author names & User names on your website" target="_blank">'.__('Author Enumeration BOT Probe Code', 'bulletproof-security').'</a>'.__(' or ', 'bulletproof-security').'<span style=""><a href="'.$bps_base.'bps_author_enumeration_nag_ignore=0'.'" style="">'.__('Dismiss Notice', 'bulletproof-security').'</a></span></div>';
 
 
 
237
 
238
- }
 
 
 
 
 
239
 
240
- if ( ! get_user_meta($user_id, 'bps_xmlrpc_ddos_notice') ) {
241
-
242
- $text .= '<div id="BC4" style="margin-top:2px;">'.__('Get ', 'bulletproof-security').'<a href="https://forum.ait-pro.com/forums/topic/wordpress-xml-rpc-ddos-protection-protect-xmlrpc-php-block-xmlrpc-php-forbid-xmlrpc-php/" title="Protects against the XML Quadratic Blowup Attack, DDoS Attacks as well as other various XML-RPC exploits" target="_blank">'.__('XML-RPC DDoS Protection Code', 'bulletproof-security').'</a>'.__(' or ', 'bulletproof-security').'<span style=""><a href="'.$bps_base.'bps_xmlrpc_ddos_nag_ignore=0'.'" style="">'.__('Dismiss Notice', 'bulletproof-security').'</a></span></div>';
243
 
244
- }
245
-
246
- /*
247
- if ( ! get_user_meta($user_id, 'bps_referer_spam_notice') ) {
248
-
249
- $text .= '<div id="BC5" style="margin-top:2px;">'.__('Get ', 'bulletproof-security').'<a href="https://forum.ait-pro.com/forums/topic/block-referer-spammers-semalt-kambasoft-ranksonic-buttons-for-website/" title="Protects against Referer Spamming and Phishing" target="_blank">'.__('Referer Spam|Phishing Protection Code', 'bulletproof-security').'</a>'.__(' or ', 'bulletproof-security').'<span style=""><a href="'.$bps_base.'bps_referer_spam_nag_ignore=0'.'" style="">'.__('Dismiss Notice', 'bulletproof-security').'</a></span></div>';
250
 
251
- }
252
- */
 
 
253
 
254
- if ( ! get_user_meta($user_id, 'bps_post_request_attack_notice') ) {
255
-
256
- $text .= '<div id="BC5" style="margin-top:2px;">'.__('Get ', 'bulletproof-security').'<a href="https://forum.ait-pro.com/forums/topic/post-request-protection-post-attack-protection-post-request-blocker/" title="Protects against POST Request Attacks" target="_blank">'.__('POST Request Attack Protection Code', 'bulletproof-security').'</a>'.__(' or ', 'bulletproof-security').'<span style=""><a href="'.$bps_base.'bps_post_request_attack_nag_ignore=0'.'" style="">'.__('Dismiss Notice', 'bulletproof-security').'</a></span></div>';
257
-
258
- }
259
-
260
- if ( ! get_user_meta($user_id, 'bps_sniff_driveby_notice') ) {
261
-
262
- $text .= '<div id="BC6" style="margin-top:2px;">'.__('Get ', 'bulletproof-security').'<a href="https://forum.ait-pro.com/forums/topic/mime-sniffing-data-sniffing-content-sniffing-drive-by-download-attack-protection/" title="Protects against Mime Sniffing, Data Sniffing, Content Sniffing and Drive-by Download Attacks" target="_blank">'.__('Mime Sniffing|Drive-by Download Attack Protection Code', 'bulletproof-security').'</a>'.__(' or ', 'bulletproof-security').'<span style=""><a href="'.$bps_base.'bps_sniff_driveby_nag_ignore=0'.'" style="">'.__('Dismiss Notice', 'bulletproof-security').'</a></span></div>';
263
- }
264
-
265
- if ( ! get_user_meta($user_id, 'bps_iframe_clickjack_notice') ) {
266
-
267
- $text .= '<div id="BC7" style="margin-top:2px;">'.__('Get ', 'bulletproof-security').'<a href="https://forum.ait-pro.com/forums/topic/rssing-com-good-or-bad/" title="Protects against external websites displaying your website pages or Feeds in iFrames and Clickjacking Protection" target="_blank">'.__('External iFrame|Clickjacking Protection Code', 'bulletproof-security').'</a>'.__(' or ', 'bulletproof-security').'<span style=""><a href="'.$bps_base.'bps_iframe_clickjack_nag_ignore=0'.'" style="">'.__('Dismiss Notice', 'bulletproof-security').'</a></span></div>';
268
- }
269
-
270
- echo $text;
271
-
272
- if ( ! get_user_meta($user_id, 'bps_brute_force_login_protection_notice') || ! get_user_meta($user_id, 'bps_speed_boost_cache_notice') || ! get_user_meta($user_id, 'bps_author_enumeration_notice') || ! get_user_meta($user_id, 'bps_xmlrpc_ddos_notice') || ! get_user_meta($user_id, 'bps_post_request_attack_notice') || ! get_user_meta($user_id, 'bps_sniff_driveby_notice') || ! get_user_meta($user_id, 'bps_iframe_clickjack_notice') ) {
273
- echo '</div>';
274
- }
275
  }
276
  }
277
  }
@@ -324,10 +325,10 @@ $user_id = $current_user->ID;
324
  // Heads Up Display w/ Dismiss - Check if php.ini handler code exists in root .htaccess file, but not in Custom Code
325
  // .53.6: Additional conditional check added for Wordfence WAF Firewall mess.
326
  function bps_hud_PhpiniHandlerCheck() {
327
- global $current_user;
328
- $user_id = $current_user->ID;
329
- $file = ABSPATH . '.htaccess';
330
- $pre_background_image_url = site_url( '/wp-content/plugins/bulletproof-security/admin/images/pre_bg.png' );
331
 
332
  if ( esc_html($_SERVER['QUERY_STRING']) == 'page=bulletproof-security/admin/wizard/wizard.php' && ! get_user_meta($user_id, 'bps_ignore_PhpiniHandler_notice') ) {
333
 
@@ -342,33 +343,33 @@ $pre_background_image_url = site_url( '/wp-content/plugins/bulletproof-security/
342
 
343
  if ( $matches[0] && ! $DBmatches[0] ) {
344
 
345
- preg_match_all('/(([#\s]{1,}|)(AddHandler|SetEnv PHPRC|suPHP_ConfigPath|Action application).*\s*){1,}/', $file_contents, $h_matches );
346
-
347
- if ( esc_html($_SERVER['QUERY_STRING']) == '' && basename(esc_html($_SERVER['REQUEST_URI'])) != 'wp-admin' ) {
348
- $bps_base = basename(esc_html($_SERVER['REQUEST_URI'])) . '?';
349
- } elseif ( esc_html($_SERVER['QUERY_STRING']) == '' && basename(esc_html($_SERVER['REQUEST_URI'])) == 'wp-admin' ) {
350
- $bps_base = basename( str_replace( 'wp-admin', 'index.php?', esc_html($_SERVER['REQUEST_URI'])));
351
- } else {
352
- $bps_base = str_replace( admin_url(), '', esc_html($_SERVER['REQUEST_URI']) ) . '&';
353
- }
354
-
355
- if ( stripos( $file_contents, "Wordfence WAF" ) ) {
356
-
357
- $text = '<div class="update-nag" style="background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="blue">'.__('HUD Check: Wordfence PHP/php.ini handler htaccess code detected', 'bulletproof-security').'</font><br>'.__('Wordfence PHP/php.ini handler htaccess code was found in your root .htaccess file, but was NOT found in BPS Custom Code.', 'bulletproof-security').'<br><a href="https://forum.ait-pro.com/forums/topic/wordfence-firewall-wp-contentwflogsconfig-php-file-quarantined/#wordfence-php-handler" target="_blank" title="Wordfence PHP Handler Fix">'.__('Click Here', 'bulletproof-security').'</a>'.__(' for the steps to fix this Wordfence problem before running the Setup Wizard.', 'bulletproof-security').'<br><font color="#fb0101">'.__('CAUTION: ', 'bulletproof-security').'</font>'.__('Using the Wordfence WAF Firewall may cause serious/critical problems for your website and BPS.', 'bulletproof-security').'<br>'.__('To Dismiss this Notice click the Dismiss Notice button below. To Reset Dismiss Notices click the Reset|Recheck Dismiss Notices button on the Alerts|Logs|Email Options page.', 'bulletproof-security').'<br><div style="float:left;margin:3px 0px 3px 0px;padding:2px 6px 2px 6px;background-color:#e8e8e8;border:1px solid gray;"><a href="'.$bps_base.'bps_PhpiniHandler_nag_ignore=0'.'" style="text-decoration:none;font-weight:600;">'.__('Dismiss Notice', 'bulletproof-security').'</a></div></div>';
358
- echo $text;
359
-
360
- } else {
361
-
362
- $text = '<div class="update-nag" style="background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="blue">'.__('HUD Check: PHP/php.ini handler htaccess code check', 'bulletproof-security').'</font><br>'.__('PHP/php.ini handler htaccess code was found in your root .htaccess file, but was NOT found in BPS Custom Code.', 'bulletproof-security').'<br>'.__('To automatically fix this click here: ', 'bulletproof-security').'<a href="'.admin_url( 'admin.php?page=bulletproof-security/admin/wizard/wizard.php' ).'">'.esc_attr__('Setup Wizard Pre-Installation Checks', 'bulletproof-security').'</a><br>'.__('The Setup Wizard Pre-Installation Checks feature will automatically fix this just by visiting the Setup Wizard page.', 'bulletproof-security').'<br>'.__('To Dismiss this Notice click the Dismiss Notice button below. To Reset Dismiss Notices click the Reset|Recheck Dismiss Notices button on the Alerts|Logs|Email Options page.', 'bulletproof-security').'<br><div style="float:left;margin:3px 0px 3px 0px;padding:2px 6px 2px 6px;background-color:#e8e8e8;border:1px solid gray;"><a href="'.$bps_base.'bps_PhpiniHandler_nag_ignore=0'.'" style="text-decoration:none;font-weight:600;">'.__('Dismiss Notice', 'bulletproof-security').'</a></div></div>';
363
- echo $text;
364
- echo '<pre id="shown" style="overflow:auto;white-space:pre-wrap;height:65px;width:66%;margin:5px 0px 0px 2px;padding:5px;background:#fff url('.$pre_background_image_url.') top left repeat;border:1px solid #999;color:#000;display:block;font-family:"Courier New", Courier, monospace;font-size:11px;line-height:14px;">';
365
- echo '# PHP/php.ini handler htaccess code<br>';
366
 
367
- foreach ( $h_matches[0] as $Key => $Value ) {
368
- echo $Value;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
369
  }
370
- echo '</pre>';
371
- }
372
  }
373
  }
374
  }
@@ -386,15 +387,15 @@ $pre_background_image_url = site_url( '/wp-content/plugins/bulletproof-security/
386
 
387
  if ( $matches[0] && ! $DBmatches[0] ) {
388
 
389
- preg_match_all('/(([#\s]{1,}|)(AddHandler|SetEnv PHPRC|suPHP_ConfigPath|Action application).*\s*){1,}/', $file_contents, $h_matches );
390
-
391
- if ( esc_html($_SERVER['QUERY_STRING']) == '' && basename(esc_html($_SERVER['REQUEST_URI'])) != 'wp-admin' ) {
392
- $bps_base = basename(esc_html($_SERVER['REQUEST_URI'])) . '?';
393
- } elseif ( esc_html($_SERVER['QUERY_STRING']) == '' && basename(esc_html($_SERVER['REQUEST_URI'])) == 'wp-admin' ) {
394
- $bps_base = basename( str_replace( 'wp-admin', 'index.php?', esc_html($_SERVER['REQUEST_URI'])));
395
- } else {
396
- $bps_base = str_replace( admin_url(), '', esc_html($_SERVER['REQUEST_URI']) ) . '&';
397
- }
398
 
399
  if ( stripos( $file_contents, "Wordfence WAF" ) ) {
400
 
@@ -787,11 +788,11 @@ function bpsPro_hud_new_feature_notice() {
787
 
788
  $new_feature_options = get_option('bulletproof_security_options_new_feature');
789
 
790
- if ( $new_feature_options['bps_mscan_rebuild'] == 'new' ) {
791
  return;
792
  }
793
 
794
- if ( $new_feature_options['bps_mscan_rebuild'] == 'upgrade' ) {
795
 
796
  global $current_user;
797
  $user_id = $current_user->ID;
@@ -806,7 +807,7 @@ function bpsPro_hud_new_feature_notice() {
806
  $bps_base = str_replace( admin_url(), '', esc_html($_SERVER['REQUEST_URI']) ) . '&';
807
  }
808
 
809
- $text = '<div class="update-nag" style="background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="blue">'.__('MScan Rebuild Notice', 'bulletproof-security').'</font><br>'.__('MScan has been completely rebuilt. MScan is faster, very accurate and user friendly. ', 'bulletproof-security').'<br><a href="'.admin_url( 'admin.php?page=bulletproof-security/admin/mscan/mscan.php' ).'">'.__('Check out MScan', 'bulletproof-security').'</a>.'.__(' Recommendation: Click the Reset MScan button before running a new scan.', 'bulletproof-security').'<br>'.__('To Dismiss this Notice click the Dismiss Notice button below. To Reset Dismiss Notices click the Reset|Recheck Dismiss Notices button on the Alerts|Logs|Email Options page.', 'bulletproof-security').'<br><div style="float:left;margin:3px 0px 3px 0px;padding:2px 6px 2px 6px;background-color:#e8e8e8;border:1px solid gray;"><a href="'.$bps_base.'bpsPro_new_feature_nag_ignore=0'.'" style="text-decoration:none;font-weight:bold;">'.__('Dismiss Notice', 'bulletproof-security').'</a></div></div>';
810
  echo $text;
811
  }
812
  }
@@ -961,10 +962,10 @@ function bpsPro_hud_bpspro_sale() {
961
  if ( ! get_option('bulletproof_security_options_wizard_free') ) {
962
  return;
963
  }
 
 
964
 
965
- $jan_31_2022 = '1643669960';
966
-
967
- if ( time() < $jan_31_2022 ) {
968
 
969
  global $current_user;
970
  $user_id = $current_user->ID;
@@ -979,7 +980,7 @@ function bpsPro_hud_bpspro_sale() {
979
  $bps_base = str_replace( admin_url(), '', esc_html($_SERVER['REQUEST_URI']) ) . '&';
980
  }
981
 
982
- $text = '<div class="update-nag" style="background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="blue">'.__('BPS Pro 25% Off Sale January 24th - January 31st', 'bulletproof-security').'</font><br>'.__('One-time Purchase Price: $52.50. No Recurring Yearly Costs Or Subscriptions. Unlimited installations. Free Upgrades For Life. Free Technical Support For Life.', 'bulletproof-security').'<br><a href="https://affiliates.ait-pro.com/po/" target="_blank" title="Buy BPS Pro">'.__('Buy BPS Pro', 'bulletproof-security').'</a><br><br>'.__('To Dismiss this Notice click the Dismiss Notice button below. To Reset Dismiss Notices click the Reset|Recheck Dismiss Notices button on the Alerts|Logs|Email Options page.', 'bulletproof-security').'<br><div style="float:left;margin:3px 0px 3px 0px;padding:2px 6px 2px 6px;background-color:#e8e8e8;border:1px solid gray;"><a href="'.$bps_base.'bpsPro_bpspro_sale_nag_ignore=0'.'" style="text-decoration:none;font-weight:bold;">'.__('Dismiss Notice', 'bulletproof-security').'</a></div></div>';
983
  echo $text;
984
  }
985
  }
131
  $user_id = $current_user->ID;
132
 
133
  if ( current_user_can('manage_options') && $is_IIS && ! iis7_supports_permalinks() ) {
134
+
135
+ if ( ! get_user_meta($user_id, 'bps_ignore_iis_notice')) {
136
+
137
+ if ( esc_html($_SERVER['QUERY_STRING']) == '' && basename(esc_html($_SERVER['REQUEST_URI'])) != 'wp-admin' ) {
138
+ $bps_base = basename(esc_html($_SERVER['REQUEST_URI'])) . '?';
139
+ } elseif ( esc_html($_SERVER['QUERY_STRING']) == '' && basename(esc_html($_SERVER['REQUEST_URI'])) == 'wp-admin' ) {
140
+ $bps_base = basename( str_replace( 'wp-admin', 'index.php?', esc_html($_SERVER['REQUEST_URI'])));
141
+ } else {
142
+ $bps_base = str_replace( admin_url(), '', esc_html($_SERVER['REQUEST_URI']) ) . '&';
143
+ }
144
+
145
+ $text = '<div class="update-nag" style="background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="#fb0101">'.__('WARNING! BPS has detected that your Server is a Windows IIS Server that does not support htaccess rewriting.', 'bulletproof-security').'</font><br>'.__('Do NOT activate BulletProof Modes unless you know what you are doing.', 'bulletproof-security').'<br>'.__('Your Server Type is: ', 'bulletproof-security').esc_html( $_SERVER['SERVER_SOFTWARE'] ).'<br><a href="http://codex.wordpress.org/Using_Permalinks" target="_blank" title="This link will open in a new browser window.">'.__('WordPress Codex - Using Permalinks - see IIS section', 'bulletproof-security').'</a><br>'.__('To Dismiss this Notice click the Dismiss Notice button below. To Reset Dismiss Notices click the Reset|Recheck Dismiss Notices button on the Alerts|Logs|Email Options page.', 'bulletproof-security').'<br><div style="float:left;margin:3px 0px 3px 0px;padding:2px 6px 2px 6px;background-color:#e8e8e8;border:1px solid gray;"><a href="'.$bps_base.'bps_iis_nag_ignore=0'.'" style="text-decoration:none;font-weight:600;">'.__('Dismiss Notice', 'bulletproof-security').'</a></div></div>';
146
+ echo $text;
147
+ }
148
  }
149
  }
150
 
183
  if ( current_user_can('manage_options') ) {
184
  $text = '';
185
 
186
+ // Setup Wizard DB option is saved by running the Setup Wizard, on BPS Upgrades & manual BPS setup
187
+ if ( ! get_option('bulletproof_security_options_wizard_free') ) {
188
+ return;
189
+ }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
190
 
191
+ $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
192
+
193
+ if ( $HFiles_options['bps_htaccess_files'] == 'disabled' ) {
194
+ return;
195
+ }
196
+
197
+ if ( esc_html($_SERVER['QUERY_STRING']) == '' && basename(esc_html($_SERVER['REQUEST_URI'])) != 'wp-admin' ) {
198
+ $bps_base = basename(esc_html($_SERVER['REQUEST_URI'])) . '?';
199
+ } elseif ( esc_html($_SERVER['QUERY_STRING']) == '' && basename(esc_html($_SERVER['REQUEST_URI'])) == 'wp-admin' ) {
200
+ $bps_base = basename( str_replace( 'wp-admin', 'index.php?', esc_html($_SERVER['REQUEST_URI'])));
201
+ } else {
202
+ $bps_base = str_replace( admin_url(), '', esc_html($_SERVER['REQUEST_URI']) ) . '&';
203
+ }
204
+
205
+ if ( get_user_meta($user_id, 'bps_bonus_code_dismiss_all_notice') && ! get_user_meta($user_id, 'bps_post_request_attack_notice') ) {
206
+
207
+ $text = '<div class="update-nag" style="background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="blue">'.__('Bonus Custom Code:', 'bulletproof-security').'</font><br>'.__('Click the links below to get Bonus Custom Code or click the Dismiss Notice links or click this ', 'bulletproof-security').'<span style=""><a href="'.$bps_base.'bps_bonus_code_dismiss_all_nag_ignore=0&bps_post_request_attack_nag_ignore=0'.'" style="">'.__('Dismiss All Notices', 'bulletproof-security').'</a></span>'.__(' link. To Reset Dismiss Notices click the Reset|Recheck Dismiss Notices button on the Alerts|Logs|Email Options page.', 'bulletproof-security').'<br>';
208
+
209
+
210
+ $text .= '<div id="BC5" style="margin-top:2px;">'.__('Get ', 'bulletproof-security').'<a href="https://forum.ait-pro.com/forums/topic/post-request-protection-post-attack-protection-post-request-blocker/" title="Protects against POST Request Attacks" target="_blank">'.__('POST Request Attack Protection Code', 'bulletproof-security').'</a>'.__(' or ', 'bulletproof-security').'<span style=""><a href="'.$bps_base.'bps_post_request_attack_nag_ignore=0'.'" style="">'.__('Dismiss Notice', 'bulletproof-security').'</a></span></div>';
211
+ echo $text;
212
+ echo '</div>';
213
+ }
214
 
215
+ if ( ! get_user_meta($user_id, 'bps_bonus_code_dismiss_all_notice') ) {
216
+
217
+ if ( ! get_user_meta($user_id, 'bps_brute_force_login_protection_notice') || ! get_user_meta($user_id, 'bps_speed_boost_cache_notice') || ! get_user_meta($user_id, 'bps_author_enumeration_notice') || ! get_user_meta($user_id, 'bps_xmlrpc_ddos_notice') || ! get_user_meta($user_id, 'bps_post_request_attack_notice') || ! get_user_meta($user_id, 'bps_sniff_driveby_notice') || ! get_user_meta($user_id, 'bps_iframe_clickjack_notice') ) {
218
+
219
+ $text = '<div class="update-nag" style="background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="blue">'.__('Bonus Custom Code:', 'bulletproof-security').'</font><br>'.__('Click the links below to get Bonus Custom Code or click the Dismiss Notice links or click this ', 'bulletproof-security').'<span style=""><a href="'.$bps_base.'bps_bonus_code_dismiss_all_nag_ignore=0&bps_post_request_attack_nag_ignore=0'.'" style="">'.__('Dismiss All Notices', 'bulletproof-security').'</a></span>'.__(' link. To Reset Dismiss Notices click the Reset|Recheck Dismiss Notices button on the Alerts|Logs|Email Options page.', 'bulletproof-security').'<br>';
220
+
221
+ }
222
 
223
+ if ( ! get_user_meta($user_id, 'bps_brute_force_login_protection_notice') ) {
224
+
225
+ $text .= '<div id="BC1" style="">'.__('Get ', 'bulletproof-security').'<a href="https://forum.ait-pro.com/forums/topic/protect-login-page-from-brute-force-login-attacks/" title="Additional Protection for the Login Page from Brute Force Login Attacks" target="_blank">'.__('Brute Force Login Protection Code', 'bulletproof-security').'</a>'.__(' or ', 'bulletproof-security').'<span style=""><a href="'.$bps_base.'bps_brute_force_login_protection_nag_ignore=0'.'" style="">'.__('Dismiss Notice', 'bulletproof-security').'</a></span></div>';
226
+
227
+ }
228
+
229
+ if ( ! get_user_meta($user_id, 'bps_speed_boost_cache_notice') ) {
230
 
231
+ $text .= '<div id="BC2" style="margin-top:2px;">'.__('Get ', 'bulletproof-security').'<a href="https://forum.ait-pro.com/forums/topic/htaccess-caching-code-speed-boost-cache-code/" title="Speed up your website performance with Browser Cache code" target="_blank">'.__('Speed Boost Cache Code', 'bulletproof-security').'</a>'.__(' or ', 'bulletproof-security').'<span style=""><a href="'.$bps_base.'bps_speed_boost_cache_nag_ignore=0'.'" style="">'.__('Dismiss Notice', 'bulletproof-security').'</a></span></div>';
232
+
233
+ }
234
+
235
+ if ( ! get_user_meta($user_id, 'bps_author_enumeration_notice') ) {
236
 
237
+ $text .= '<div id="BC3" style="margin-top:2px;">'.__('Get ', 'bulletproof-security').'<a href="https://forum.ait-pro.com/forums/topic/wordpress-author-enumeration-bot-probe-protection-author-id-user-id/" title="Protects against hacker and spammer bots finding Author names & User names on your website" target="_blank">'.__('Author Enumeration BOT Probe Code', 'bulletproof-security').'</a>'.__(' or ', 'bulletproof-security').'<span style=""><a href="'.$bps_base.'bps_author_enumeration_nag_ignore=0'.'" style="">'.__('Dismiss Notice', 'bulletproof-security').'</a></span></div>';
238
+
239
+ }
240
+
241
+ if ( ! get_user_meta($user_id, 'bps_xmlrpc_ddos_notice') ) {
242
 
243
+ $text .= '<div id="BC4" style="margin-top:2px;">'.__('Get ', 'bulletproof-security').'<a href="https://forum.ait-pro.com/forums/topic/wordpress-xml-rpc-ddos-protection-protect-xmlrpc-php-block-xmlrpc-php-forbid-xmlrpc-php/" title="Protects against the XML Quadratic Blowup Attack, DDoS Attacks as well as other various XML-RPC exploits" target="_blank">'.__('XML-RPC DDoS Protection Code', 'bulletproof-security').'</a>'.__(' or ', 'bulletproof-security').'<span style=""><a href="'.$bps_base.'bps_xmlrpc_ddos_nag_ignore=0'.'" style="">'.__('Dismiss Notice', 'bulletproof-security').'</a></span></div>';
244
+
245
+ }
246
+
247
+ /*
248
+ if ( ! get_user_meta($user_id, 'bps_referer_spam_notice') ) {
249
 
250
+ $text .= '<div id="BC5" style="margin-top:2px;">'.__('Get ', 'bulletproof-security').'<a href="https://forum.ait-pro.com/forums/topic/block-referer-spammers-semalt-kambasoft-ranksonic-buttons-for-website/" title="Protects against Referer Spamming and Phishing" target="_blank">'.__('Referer Spam|Phishing Protection Code', 'bulletproof-security').'</a>'.__(' or ', 'bulletproof-security').'<span style=""><a href="'.$bps_base.'bps_referer_spam_nag_ignore=0'.'" style="">'.__('Dismiss Notice', 'bulletproof-security').'</a></span></div>';
251
+
252
+ }
253
+ */
254
+
255
+ if ( ! get_user_meta($user_id, 'bps_post_request_attack_notice') ) {
256
 
257
+ $text .= '<div id="BC5" style="margin-top:2px;">'.__('Get ', 'bulletproof-security').'<a href="https://forum.ait-pro.com/forums/topic/post-request-protection-post-attack-protection-post-request-blocker/" title="Protects against POST Request Attacks" target="_blank">'.__('POST Request Attack Protection Code', 'bulletproof-security').'</a>'.__(' or ', 'bulletproof-security').'<span style=""><a href="'.$bps_base.'bps_post_request_attack_nag_ignore=0'.'" style="">'.__('Dismiss Notice', 'bulletproof-security').'</a></span></div>';
258
+
259
+ }
260
 
261
+ if ( ! get_user_meta($user_id, 'bps_sniff_driveby_notice') ) {
262
+
263
+ $text .= '<div id="BC6" style="margin-top:2px;">'.__('Get ', 'bulletproof-security').'<a href="https://forum.ait-pro.com/forums/topic/mime-sniffing-data-sniffing-content-sniffing-drive-by-download-attack-protection/" title="Protects against Mime Sniffing, Data Sniffing, Content Sniffing and Drive-by Download Attacks" target="_blank">'.__('Mime Sniffing|Drive-by Download Attack Protection Code', 'bulletproof-security').'</a>'.__(' or ', 'bulletproof-security').'<span style=""><a href="'.$bps_base.'bps_sniff_driveby_nag_ignore=0'.'" style="">'.__('Dismiss Notice', 'bulletproof-security').'</a></span></div>';
264
+ }
 
 
265
 
266
+ if ( ! get_user_meta($user_id, 'bps_iframe_clickjack_notice') ) {
267
+
268
+ $text .= '<div id="BC7" style="margin-top:2px;">'.__('Get ', 'bulletproof-security').'<a href="https://forum.ait-pro.com/forums/topic/rssing-com-good-or-bad/" title="Protects against external websites displaying your website pages or Feeds in iFrames and Clickjacking Protection" target="_blank">'.__('External iFrame|Clickjacking Protection Code', 'bulletproof-security').'</a>'.__(' or ', 'bulletproof-security').'<span style=""><a href="'.$bps_base.'bps_iframe_clickjack_nag_ignore=0'.'" style="">'.__('Dismiss Notice', 'bulletproof-security').'</a></span></div>';
269
+ }
270
 
271
+ echo $text;
272
+
273
+ if ( ! get_user_meta($user_id, 'bps_brute_force_login_protection_notice') || ! get_user_meta($user_id, 'bps_speed_boost_cache_notice') || ! get_user_meta($user_id, 'bps_author_enumeration_notice') || ! get_user_meta($user_id, 'bps_xmlrpc_ddos_notice') || ! get_user_meta($user_id, 'bps_post_request_attack_notice') || ! get_user_meta($user_id, 'bps_sniff_driveby_notice') || ! get_user_meta($user_id, 'bps_iframe_clickjack_notice') ) {
274
+ echo '</div>';
275
+ }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
276
  }
277
  }
278
  }
325
  // Heads Up Display w/ Dismiss - Check if php.ini handler code exists in root .htaccess file, but not in Custom Code
326
  // .53.6: Additional conditional check added for Wordfence WAF Firewall mess.
327
  function bps_hud_PhpiniHandlerCheck() {
328
+ global $current_user;
329
+ $user_id = $current_user->ID;
330
+ $file = ABSPATH . '.htaccess';
331
+ $pre_background_image_url = site_url( '/wp-content/plugins/bulletproof-security/admin/images/pre_bg.png' );
332
 
333
  if ( esc_html($_SERVER['QUERY_STRING']) == 'page=bulletproof-security/admin/wizard/wizard.php' && ! get_user_meta($user_id, 'bps_ignore_PhpiniHandler_notice') ) {
334
 
343
 
344
  if ( $matches[0] && ! $DBmatches[0] ) {
345
 
346
+ preg_match_all('/(([#\s]{1,}|)(AddHandler|SetEnv PHPRC|suPHP_ConfigPath|Action application).*\s*){1,}/', $file_contents, $h_matches );
347
+
348
+ if ( esc_html($_SERVER['QUERY_STRING']) == '' && basename(esc_html($_SERVER['REQUEST_URI'])) != 'wp-admin' ) {
349
+ $bps_base = basename(esc_html($_SERVER['REQUEST_URI'])) . '?';
350
+ } elseif ( esc_html($_SERVER['QUERY_STRING']) == '' && basename(esc_html($_SERVER['REQUEST_URI'])) == 'wp-admin' ) {
351
+ $bps_base = basename( str_replace( 'wp-admin', 'index.php?', esc_html($_SERVER['REQUEST_URI'])));
352
+ } else {
353
+ $bps_base = str_replace( admin_url(), '', esc_html($_SERVER['REQUEST_URI']) ) . '&';
354
+ }
 
 
 
 
 
 
 
 
 
 
 
 
355
 
356
+ if ( stripos( $file_contents, "Wordfence WAF" ) ) {
357
+
358
+ $text = '<div class="update-nag" style="background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="blue">'.__('HUD Check: Wordfence PHP/php.ini handler htaccess code detected', 'bulletproof-security').'</font><br>'.__('Wordfence PHP/php.ini handler htaccess code was found in your root .htaccess file, but was NOT found in BPS Custom Code.', 'bulletproof-security').'<br><a href="https://forum.ait-pro.com/forums/topic/wordfence-firewall-wp-contentwflogsconfig-php-file-quarantined/#wordfence-php-handler" target="_blank" title="Wordfence PHP Handler Fix">'.__('Click Here', 'bulletproof-security').'</a>'.__(' for the steps to fix this Wordfence problem before running the Setup Wizard.', 'bulletproof-security').'<br><font color="#fb0101">'.__('CAUTION: ', 'bulletproof-security').'</font>'.__('Using the Wordfence WAF Firewall may cause serious/critical problems for your website and BPS.', 'bulletproof-security').'<br>'.__('To Dismiss this Notice click the Dismiss Notice button below. To Reset Dismiss Notices click the Reset|Recheck Dismiss Notices button on the Alerts|Logs|Email Options page.', 'bulletproof-security').'<br><div style="float:left;margin:3px 0px 3px 0px;padding:2px 6px 2px 6px;background-color:#e8e8e8;border:1px solid gray;"><a href="'.$bps_base.'bps_PhpiniHandler_nag_ignore=0'.'" style="text-decoration:none;font-weight:600;">'.__('Dismiss Notice', 'bulletproof-security').'</a></div></div>';
359
+ echo $text;
360
+
361
+ } else {
362
+
363
+ $text = '<div class="update-nag" style="background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="blue">'.__('HUD Check: PHP/php.ini handler htaccess code check', 'bulletproof-security').'</font><br>'.__('PHP/php.ini handler htaccess code was found in your root .htaccess file, but was NOT found in BPS Custom Code.', 'bulletproof-security').'<br>'.__('To automatically fix this click here: ', 'bulletproof-security').'<a href="'.admin_url( 'admin.php?page=bulletproof-security/admin/wizard/wizard.php' ).'">'.esc_attr__('Setup Wizard Pre-Installation Checks', 'bulletproof-security').'</a><br>'.__('The Setup Wizard Pre-Installation Checks feature will automatically fix this just by visiting the Setup Wizard page.', 'bulletproof-security').'<br>'.__('To Dismiss this Notice click the Dismiss Notice button below. To Reset Dismiss Notices click the Reset|Recheck Dismiss Notices button on the Alerts|Logs|Email Options page.', 'bulletproof-security').'<br><div style="float:left;margin:3px 0px 3px 0px;padding:2px 6px 2px 6px;background-color:#e8e8e8;border:1px solid gray;"><a href="'.$bps_base.'bps_PhpiniHandler_nag_ignore=0'.'" style="text-decoration:none;font-weight:600;">'.__('Dismiss Notice', 'bulletproof-security').'</a></div></div>';
364
+ echo $text;
365
+ echo '<pre id="shown" style="overflow:auto;white-space:pre-wrap;height:65px;width:66%;margin:5px 0px 0px 2px;padding:5px;background:#fff url('.$pre_background_image_url.') top left repeat;border:1px solid #999;color:#000;display:block;font-family:"Courier New", Courier, monospace;font-size:11px;line-height:14px;">';
366
+ echo '# PHP/php.ini handler htaccess code<br>';
367
+
368
+ foreach ( $h_matches[0] as $Key => $Value ) {
369
+ echo $Value;
370
+ }
371
+ echo '</pre>';
372
  }
 
 
373
  }
374
  }
375
  }
387
 
388
  if ( $matches[0] && ! $DBmatches[0] ) {
389
 
390
+ preg_match_all('/(([#\s]{1,}|)(AddHandler|SetEnv PHPRC|suPHP_ConfigPath|Action application).*\s*){1,}/', $file_contents, $h_matches );
391
+
392
+ if ( esc_html($_SERVER['QUERY_STRING']) == '' && basename(esc_html($_SERVER['REQUEST_URI'])) != 'wp-admin' ) {
393
+ $bps_base = basename(esc_html($_SERVER['REQUEST_URI'])) . '?';
394
+ } elseif ( esc_html($_SERVER['QUERY_STRING']) == '' && basename(esc_html($_SERVER['REQUEST_URI'])) == 'wp-admin' ) {
395
+ $bps_base = basename( str_replace( 'wp-admin', 'index.php?', esc_html($_SERVER['REQUEST_URI'])));
396
+ } else {
397
+ $bps_base = str_replace( admin_url(), '', esc_html($_SERVER['REQUEST_URI']) ) . '&';
398
+ }
399
 
400
  if ( stripos( $file_contents, "Wordfence WAF" ) ) {
401
 
788
 
789
  $new_feature_options = get_option('bulletproof_security_options_new_feature');
790
 
791
+ if ( $new_feature_options['bps_mscan_rebuild'] == 'new2' ) {
792
  return;
793
  }
794
 
795
+ if ( $new_feature_options['bps_mscan_rebuild'] == 'upgrade2' ) {
796
 
797
  global $current_user;
798
  $user_id = $current_user->ID;
807
  $bps_base = str_replace( admin_url(), '', esc_html($_SERVER['REQUEST_URI']) ) . '&';
808
  }
809
 
810
+ $text = '<div class="update-nag" style="background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="blue">'.__('MScan Significant Improvements Notice', 'bulletproof-security').'</font><br>'.__('Significant improvements have been made to MScan. ', 'bulletproof-security').'<a href="'.admin_url( 'admin.php?page=bulletproof-security/admin/mscan/mscan.php' ).'">'.__('Run a new MScan scan', 'bulletproof-security').'</a><br>'.__('To Dismiss this Notice click the Dismiss Notice button below. To Reset Dismiss Notices click the Reset|Recheck Dismiss Notices button on the Alerts|Logs|Email Options page.', 'bulletproof-security').'<br><div style="float:left;margin:3px 0px 3px 0px;padding:2px 6px 2px 6px;background-color:#e8e8e8;border:1px solid gray;"><a href="'.$bps_base.'bpsPro_new_feature_nag_ignore=0'.'" style="text-decoration:none;font-weight:bold;">'.__('Dismiss Notice', 'bulletproof-security').'</a></div></div>';
811
  echo $text;
812
  }
813
  }
962
  if ( ! get_option('bulletproof_security_options_wizard_free') ) {
963
  return;
964
  }
965
+
966
+ $march_8_2022 = '1646708400';
967
 
968
+ if ( time() < $march_8_2022 ) {
 
 
969
 
970
  global $current_user;
971
  $user_id = $current_user->ID;
980
  $bps_base = str_replace( admin_url(), '', esc_html($_SERVER['REQUEST_URI']) ) . '&';
981
  }
982
 
983
+ $text = '<div class="update-nag" style="background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="blue">'.__('BPS Pro 25% Off Sale February 21 - March 8', 'bulletproof-security').'</font><br>'.__('One-time Purchase Price: $52.50. No Recurring Yearly Costs Or Subscriptions. Unlimited installations. Free Upgrades For Life. Free Technical Support For Life.', 'bulletproof-security').'<br><a href="https://affiliates.ait-pro.com/po/" target="_blank" title="Buy BPS Pro">'.__('Buy BPS Pro', 'bulletproof-security').'</a><div style="min-height:5px"></div>'.__('To Dismiss this Notice click the Dismiss Notice button below. To Reset Dismiss Notices click the Reset|Recheck Dismiss Notices button on the Alerts|Logs|Email Options page.', 'bulletproof-security').'<br><div style="float:left;margin:3px 0px 3px 0px;padding:2px 6px 2px 6px;background-color:#e8e8e8;border:1px solid gray;"><a href="'.$bps_base.'bpsPro_bpspro_sale_nag_ignore=0'.'" style="text-decoration:none;font-weight:bold;">'.__('Dismiss Notice', 'bulletproof-security').'</a></div></div>';
984
  echo $text;
985
  }
986
  }
includes/idle-session-logout.php CHANGED
@@ -24,7 +24,8 @@ WordPress element id to check for Post, Page & Comment TinyMCE Editor: id="wp-co
24
  */
25
  ##
26
  function bpsPro_idle_session_logout() {
27
- $BPS_ISL_options = get_option('bulletproof_security_options_idle_session');
 
28
 
29
  if ( $BPS_ISL_options['bps_isl'] == 'On' ) {
30
 
@@ -50,197 +51,195 @@ $BPS_ISL_options = get_option('bulletproof_security_options_idle_session');
50
  $timeout = $BPS_ISL_options['bps_isl_timeout'] * 60000;
51
 
52
  if ( $BPS_ISL_options['bps_isl_tinymce'] == '1' && 'index.php' != $pagenow ) {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
53
 
54
- ?>
55
-
56
- <script type="text/javascript">
57
- /* <![CDATA[ */
58
- window.addEventListener("load", function () {
59
-
60
- var bpsTinymce = document.getElementById("editor-buttons-css");
61
- var bpsTinymceContainer = document.getElementById("wp-content-editor-container");
62
-
63
- if (bpsTinymce == null && bpsTinymceContainer == null) {
64
- // Testing: Chrome + F12 Console tab
65
- //console.log("TinyMCE null");
66
-
67
- // Fires when keyboard key is pressed for most keys
68
- document.addEventListener("keypress", bpsResetTimeout);
69
- // Fires when mouse is moved
70
- document.addEventListener("mousemove", bpsResetTimeout);
71
- // Fires when mouse button is pressed
72
- document.addEventListener("mousedown", bpsResetTimeout);
73
- // Fires when the mouse wheel is rolled up or down
74
- document.addEventListener("wheel", bpsResetTimeout);
75
- // Fires when a finger is placed on the touch surface/screen.
76
- document.addEventListener("touchstart", bpsResetTimeout);
77
- // Fires when a finger already placed on the screen is moved across the screen.
78
- document.addEventListener("touchmove", bpsResetTimeout);
79
-
80
- } else {
81
- // Testing: Chrome + F12 Console tab
82
- //console.log("TinyMCE not null");
83
- }
84
- });
85
-
86
- var bpsTimeout;
87
-
88
- function bpsSessionExpired() {
89
- window.location.assign("<?php echo plugins_url('/bulletproof-security/isl-logout.php'); ?>");
90
- }
91
-
92
- function bpsResetTimeout() {
93
- clearTimeout(bpsTimeout);
94
- bpsTimeout = setTimeout(bpsSessionExpired, <?php echo json_encode( $timeout, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_QUOT | JSON_HEX_AMP | JSON_UNESCAPED_UNICODE ); ?>);
95
- // Testing: Chrome + F12 Console tab
96
- //console.log("TinyMCE null Event logged");
97
- }
98
- /* ]]> */
99
- </script>
100
-
101
- <?php
102
- } else { // TinyMCE Editor checkbox is not checked
103
- ?>
104
-
105
- <script type="text/javascript">
106
- /* <![CDATA[ */
107
- // Fires when keyboard key is pressed for most keys
108
- document.addEventListener("keypress", bpsResetTimeout);
109
- // Fires when mouse is moved
110
- document.addEventListener("mousemove", bpsResetTimeout);
111
- // Fires when mouse button is pressed
112
- document.addEventListener("mousedown", bpsResetTimeout);
113
- // Fires when the mouse wheel is rolled up or down
114
- document.addEventListener("wheel", bpsResetTimeout);
115
- // Fires when a finger is placed on the touch surface/screen.
116
- document.addEventListener("touchstart", bpsResetTimeout);
117
- // Fires when a finger already placed on the screen is moved across the screen.
118
- document.addEventListener("touchmove", bpsResetTimeout);
119
-
120
- var bpsTimeout;
121
-
122
- function bpsSessionExpired() {
123
- window.location.assign("<?php echo plugins_url('/bulletproof-security/isl-logout.php'); ?>");
124
- }
125
-
126
- function bpsResetTimeout() {
127
- clearTimeout(bpsTimeout);
128
- bpsTimeout = setTimeout(bpsSessionExpired, <?php echo json_encode( $timeout, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_QUOT | JSON_HEX_AMP | JSON_UNESCAPED_UNICODE ); ?>);
129
- // Testing: Chrome + F12 Console tab
130
- //console.log("Standard Event logged");
131
- }
132
- /* ]]> */
133
- </script>
134
-
135
- <?php }
136
-
137
- } elseif ( $user_role != 'administrator' && $user_role != 'editor' && $user_role != 'author' && $user_role != 'contributor' && $user_role != 'subscriber' ) {
138
-
139
- if ( ! $BPS_ISL_options['bps_isl_custom_roles'] ) {
140
- return;
141
- }
142
 
143
- foreach ( $BPS_ISL_options as $key => $value ) {
144
-
145
- if ( $key == 'bps_isl_custom_roles' && is_array($value) ) {
146
-
147
- foreach ( $value as $ckey => $cvalue ) {
148
 
149
- if ( $user_role == $ckey && $cvalue == '1' ) {
150
- $timeout = $BPS_ISL_options['bps_isl_timeout'] * 60000;
151
- } else {
152
- return;
 
 
 
153
  }
154
  }
155
- }
156
- }
157
-
158
- if ( $BPS_ISL_options['bps_isl_tinymce'] == '1' && 'index.php' != $pagenow ) {
159
-
160
- ?>
161
-
162
- <script type="text/javascript">
163
- /* <![CDATA[ */
164
- window.addEventListener("load", function () {
165
-
166
- var bpsTinymce = document.getElementById("editor-buttons-css");
167
- var bpsTinymceContainer = document.getElementById("wp-content-editor-container");
168
-
169
- if (bpsTinymce == null && bpsTinymceContainer == null) {
170
- // Testing: Chrome + F12 Console tab
171
- //console.log("TinyMCE null");
172
-
173
- // Fires when keyboard key is pressed for most keys
174
- document.addEventListener("keypress", bpsResetTimeout);
175
- // Fires when mouse is moved
176
- document.addEventListener("mousemove", bpsResetTimeout);
177
- // Fires when mouse button is pressed
178
- document.addEventListener("mousedown", bpsResetTimeout);
179
- // Fires when the mouse wheel is rolled up or down
180
- document.addEventListener("wheel", bpsResetTimeout);
181
- // Fires when a finger is placed on the touch surface/screen.
182
- document.addEventListener("touchstart", bpsResetTimeout);
183
- // Fires when a finger already placed on the screen is moved across the screen.
184
- document.addEventListener("touchmove", bpsResetTimeout);
185
-
186
- } else {
187
- // Testing: Chrome + F12 Console tab
188
- //console.log("TinyMCE not null");
189
- }
190
- });
191
-
192
- var bpsTimeout;
193
-
194
- function bpsSessionExpired() {
195
- window.location.assign("<?php echo plugins_url('/bulletproof-security/isl-logout.php'); ?>");
196
- }
197
-
198
- function bpsResetTimeout() {
199
- clearTimeout(bpsTimeout);
200
- bpsTimeout = setTimeout(bpsSessionExpired, <?php echo json_encode( $timeout, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_QUOT | JSON_HEX_AMP | JSON_UNESCAPED_UNICODE ); ?>);
201
- // Testing: Chrome + F12 Console tab
202
- //console.log("TinyMCE null Event logged");
203
- }
204
- /* ]]> */
205
- </script>
206
-
207
- <?php
208
- } else { // TinyMCE Editor checkbox is not checked
209
- ?>
210
-
211
- <script type="text/javascript">
212
- /* <![CDATA[ */
213
- // Fires when keyboard key is pressed for most keys
214
- document.addEventListener("keypress", bpsResetTimeout);
215
- // Fires when mouse is moved
216
- document.addEventListener("mousemove", bpsResetTimeout);
217
- // Fires when mouse button is pressed
218
- document.addEventListener("mousedown", bpsResetTimeout);
219
- // Fires when the mouse wheel is rolled up or down
220
- document.addEventListener("wheel", bpsResetTimeout);
221
- // Fires when a finger is placed on the touch surface/screen.
222
- document.addEventListener("touchstart", bpsResetTimeout);
223
- // Fires when a finger already placed on the screen is moved across the screen.
224
- document.addEventListener("touchmove", bpsResetTimeout);
225
-
226
- var bpsTimeout;
227
-
228
- function bpsSessionExpired() {
229
- window.location.assign("<?php echo plugins_url('/bulletproof-security/isl-logout.php'); ?>");
230
- }
231
-
232
- function bpsResetTimeout() {
233
- clearTimeout(bpsTimeout);
234
- bpsTimeout = setTimeout(bpsSessionExpired, <?php echo json_encode( $timeout, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_QUOT | JSON_HEX_AMP | JSON_UNESCAPED_UNICODE ); ?>);
235
- // Testing: Chrome + F12 Console tab
236
- //console.log("Standard Event logged");
237
- }
238
- /* ]]> */
239
- </script>
240
 
241
- <?php }
242
-
243
- } } } }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
244
 
245
  add_action('admin_notices', 'bpsPro_idle_session_logout');
246
  add_action('network_admin_notices', 'bpsPro_idle_session_logout');
24
  */
25
  ##
26
  function bpsPro_idle_session_logout() {
27
+
28
+ $BPS_ISL_options = get_option('bulletproof_security_options_idle_session');
29
 
30
  if ( $BPS_ISL_options['bps_isl'] == 'On' ) {
31
 
51
  $timeout = $BPS_ISL_options['bps_isl_timeout'] * 60000;
52
 
53
  if ( $BPS_ISL_options['bps_isl_tinymce'] == '1' && 'index.php' != $pagenow ) {
54
+ ?>
55
+ <script type="text/javascript">
56
+ /* <![CDATA[ */
57
+ window.addEventListener("load", function () {
58
+
59
+ var bpsTinymce = document.getElementById("editor-buttons-css");
60
+ var bpsTinymceContainer = document.getElementById("wp-content-editor-container");
61
+
62
+ if (bpsTinymce == null && bpsTinymceContainer == null) {
63
+ // Testing: Chrome + F12 Console tab
64
+ //console.log("TinyMCE null");
65
+
66
+ // Fires when keyboard key is pressed for most keys
67
+ document.addEventListener("keypress", bpsResetTimeout);
68
+ // Fires when mouse is moved
69
+ document.addEventListener("mousemove", bpsResetTimeout);
70
+ // Fires when mouse button is pressed
71
+ document.addEventListener("mousedown", bpsResetTimeout);
72
+ // Fires when the mouse wheel is rolled up or down
73
+ document.addEventListener("wheel", bpsResetTimeout);
74
+ // Fires when a finger is placed on the touch surface/screen.
75
+ document.addEventListener("touchstart", bpsResetTimeout);
76
+ // Fires when a finger already placed on the screen is moved across the screen.
77
+ document.addEventListener("touchmove", bpsResetTimeout);
78
+
79
+ } else {
80
+ // Testing: Chrome + F12 Console tab
81
+ //console.log("TinyMCE not null");
82
+ }
83
+ });
84
+
85
+ var bpsTimeout;
86
+
87
+ function bpsSessionExpired() {
88
+ window.location.assign("<?php echo plugins_url('/bulletproof-security/isl-logout.php'); ?>");
89
+ }
90
+
91
+ function bpsResetTimeout() {
92
+ clearTimeout(bpsTimeout);
93
+ bpsTimeout = setTimeout(bpsSessionExpired, <?php echo json_encode( $timeout, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_QUOT | JSON_HEX_AMP | JSON_UNESCAPED_UNICODE ); ?>);
94
+ // Testing: Chrome + F12 Console tab
95
+ //console.log("TinyMCE null Event logged");
96
+ }
97
+ /* ]]> */
98
+ </script>
99
+
100
+ <?php
101
+ } else { // TinyMCE Editor checkbox is not checked
102
+ ?>
103
+
104
+ <script type="text/javascript">
105
+ /* <![CDATA[ */
106
+ // Fires when keyboard key is pressed for most keys
107
+ document.addEventListener("keypress", bpsResetTimeout);
108
+ // Fires when mouse is moved
109
+ document.addEventListener("mousemove", bpsResetTimeout);
110
+ // Fires when mouse button is pressed
111
+ document.addEventListener("mousedown", bpsResetTimeout);
112
+ // Fires when the mouse wheel is rolled up or down
113
+ document.addEventListener("wheel", bpsResetTimeout);
114
+ // Fires when a finger is placed on the touch surface/screen.
115
+ document.addEventListener("touchstart", bpsResetTimeout);
116
+ // Fires when a finger already placed on the screen is moved across the screen.
117
+ document.addEventListener("touchmove", bpsResetTimeout);
118
+
119
+ var bpsTimeout;
120
+
121
+ function bpsSessionExpired() {
122
+ window.location.assign("<?php echo plugins_url('/bulletproof-security/isl-logout.php'); ?>");
123
+ }
124
+
125
+ function bpsResetTimeout() {
126
+ clearTimeout(bpsTimeout);
127
+ bpsTimeout = setTimeout(bpsSessionExpired, <?php echo json_encode( $timeout, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_QUOT | JSON_HEX_AMP | JSON_UNESCAPED_UNICODE ); ?>);
128
+ // Testing: Chrome + F12 Console tab
129
+ //console.log("Standard Event logged");
130
+ }
131
+ /* ]]> */
132
+ </script>
133
+
134
+ <?php }
135
+
136
+ } elseif ( $user_role != 'administrator' && $user_role != 'editor' && $user_role != 'author' && $user_role != 'contributor' && $user_role != 'subscriber' ) {
137
+
138
+ if ( ! $BPS_ISL_options['bps_isl_custom_roles'] ) {
139
+ return;
140
+ }
141
 
142
+ foreach ( $BPS_ISL_options as $key => $value ) {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
143
 
144
+ if ( $key == 'bps_isl_custom_roles' && is_array($value) ) {
 
 
 
 
145
 
146
+ foreach ( $value as $ckey => $cvalue ) {
147
+
148
+ if ( $user_role == $ckey && $cvalue == '1' ) {
149
+ $timeout = $BPS_ISL_options['bps_isl_timeout'] * 60000;
150
+ } else {
151
+ return;
152
+ }
153
  }
154
  }
155
+ }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
156
 
157
+ if ( $BPS_ISL_options['bps_isl_tinymce'] == '1' && 'index.php' != $pagenow ) {
158
+ ?>
159
+ <script type="text/javascript">
160
+ /* <![CDATA[ */
161
+ window.addEventListener("load", function () {
162
+
163
+ var bpsTinymce = document.getElementById("editor-buttons-css");
164
+ var bpsTinymceContainer = document.getElementById("wp-content-editor-container");
165
+
166
+ if (bpsTinymce == null && bpsTinymceContainer == null) {
167
+ // Testing: Chrome + F12 Console tab
168
+ //console.log("TinyMCE null");
169
+
170
+ // Fires when keyboard key is pressed for most keys
171
+ document.addEventListener("keypress", bpsResetTimeout);
172
+ // Fires when mouse is moved
173
+ document.addEventListener("mousemove", bpsResetTimeout);
174
+ // Fires when mouse button is pressed
175
+ document.addEventListener("mousedown", bpsResetTimeout);
176
+ // Fires when the mouse wheel is rolled up or down
177
+ document.addEventListener("wheel", bpsResetTimeout);
178
+ // Fires when a finger is placed on the touch surface/screen.
179
+ document.addEventListener("touchstart", bpsResetTimeout);
180
+ // Fires when a finger already placed on the screen is moved across the screen.
181
+ document.addEventListener("touchmove", bpsResetTimeout);
182
+
183
+ } else {
184
+ // Testing: Chrome + F12 Console tab
185
+ //console.log("TinyMCE not null");
186
+ }
187
+ });
188
+
189
+ var bpsTimeout;
190
+
191
+ function bpsSessionExpired() {
192
+ window.location.assign("<?php echo plugins_url('/bulletproof-security/isl-logout.php'); ?>");
193
+ }
194
+
195
+ function bpsResetTimeout() {
196
+ clearTimeout(bpsTimeout);
197
+ bpsTimeout = setTimeout(bpsSessionExpired, <?php echo json_encode( $timeout, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_QUOT | JSON_HEX_AMP | JSON_UNESCAPED_UNICODE ); ?>);
198
+ // Testing: Chrome + F12 Console tab
199
+ //console.log("TinyMCE null Event logged");
200
+ }
201
+ /* ]]> */
202
+ </script>
203
+
204
+ <?php
205
+ } else { // TinyMCE Editor checkbox is not checked
206
+ ?>
207
+
208
+ <script type="text/javascript">
209
+ /* <![CDATA[ */
210
+ // Fires when keyboard key is pressed for most keys
211
+ document.addEventListener("keypress", bpsResetTimeout);
212
+ // Fires when mouse is moved
213
+ document.addEventListener("mousemove", bpsResetTimeout);
214
+ // Fires when mouse button is pressed
215
+ document.addEventListener("mousedown", bpsResetTimeout);
216
+ // Fires when the mouse wheel is rolled up or down
217
+ document.addEventListener("wheel", bpsResetTimeout);
218
+ // Fires when a finger is placed on the touch surface/screen.
219
+ document.addEventListener("touchstart", bpsResetTimeout);
220
+ // Fires when a finger already placed on the screen is moved across the screen.
221
+ document.addEventListener("touchmove", bpsResetTimeout);
222
+
223
+ var bpsTimeout;
224
+
225
+ function bpsSessionExpired() {
226
+ window.location.assign("<?php echo plugins_url('/bulletproof-security/isl-logout.php'); ?>");
227
+ }
228
+
229
+ function bpsResetTimeout() {
230
+ clearTimeout(bpsTimeout);
231
+ bpsTimeout = setTimeout(bpsSessionExpired, <?php echo json_encode( $timeout, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_QUOT | JSON_HEX_AMP | JSON_UNESCAPED_UNICODE ); ?>);
232
+ // Testing: Chrome + F12 Console tab
233
+ //console.log("Standard Event logged");
234
+ }
235
+ /* ]]> */
236
+ </script>
237
+
238
+ <?php }
239
+ }
240
+ }
241
+ }
242
+ }
243
 
244
  add_action('admin_notices', 'bpsPro_idle_session_logout');
245
  add_action('network_admin_notices', 'bpsPro_idle_session_logout');
includes/login-security.php CHANGED
@@ -71,44 +71,44 @@
71
 
72
  function bpsPro_wp_authenticate_username_password( $user, $username, $password ) {
73
  global $wpdb, $blog_id;
74
- $BPSoptions = get_option('bulletproof_security_options_login_security');
75
- $BPSoptionsJTC = get_option('bulletproof_security_options_login_security_jtc');
76
- $options = get_option('bulletproof_security_options_email');
77
- $bpspro_login_table = $wpdb->prefix . "bpspro_login_security";
78
- $hostname = esc_html( gethostbyaddr($_SERVER['REMOTE_ADDR'] ) );
79
- $request_uri = esc_html( $_SERVER['REQUEST_URI'] );
80
- $login_time = time();
81
- $lockout_time = time() + (60 * $BPSoptions['bps_lockout_duration']); // default is 1 hour/3600 seconds
82
- $timeNow = time();
83
- $gmt_offset = get_option( 'gmt_offset' ) * 3600;
84
-
85
- $bps_email_to = $options['bps_send_email_to'];
86
- $bps_email_from = $options['bps_send_email_from'];
87
- $bps_email_cc = $options['bps_send_email_cc'];
88
- $bps_email_bcc = $options['bps_send_email_bcc'];
89
- $path = '/wp-admin/admin.php?page=bulletproof-security%2Fadmin%2Flogin%2Flogin.php';
90
- $justUrl = get_site_url(null, $path, null);
91
- $timestamp = date_i18n(get_option('date_format'), strtotime("11/15-1976")) . ' - ' . date_i18n(get_option('time_format'), $timeNow + $gmt_offset);
92
- $headers = array( 'Content-Type: text/html; charset=UTF-8', 'From: ' . $bps_email_from, 'Cc: ' . $bps_email_cc, 'Bcc: ' . $bps_email_bcc );
93
- $subject = " BPS Login Security Alert - $timestamp ";
94
-
95
- // 3.1: New GDPR conditional code for IP addresses logged in the WP DB
96
- $GDPR_Options = get_option('bulletproof_security_options_gdpr');
97
-
98
- $bps_gdpr_on_off = isset($GDPR_Options['bps_gdpr_on_off']) ? $GDPR_Options['bps_gdpr_on_off'] : '';
99
-
100
- if ( $bps_gdpr_on_off != 'On' ) {
101
- $ip_address = esc_html( $_SERVER['REMOTE_ADDR'] );
102
- } else {
103
- $ip_address = 'GDPR Compliance On';
104
- }
105
 
106
  /*
107
  ***************************************************************
108
  // Log All Account Logins for valid Users - Good and Bad Logins
109
  ***************************************************************
110
  */
111
- if ( $BPSoptions['bps_login_security_OnOff'] == 'On' && $BPSoptions['bps_login_security_logging'] == 'logAll') {
112
 
113
  $user = get_user_by( 'login', $username );
114
 
@@ -118,36 +118,35 @@ if ( $BPSoptions['bps_login_security_OnOff'] == 'On' && $BPSoptions['bps_login_s
118
  }
119
 
120
  $user_id = isset($user->ID) ? $user->ID : null;
 
 
121
 
122
  $LoginSecurityRows = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $bpspro_login_table WHERE user_id = %d", $user_id ) );
123
 
124
  foreach ( $LoginSecurityRows as $row ) {
125
 
126
- if ( $row->status == 'Locked' && $timeNow < $row->lockout_time && $row->failed_logins >= $BPSoptions['bps_max_logins'] && $BPSoptions['bps_login_security_errors'] != 'genericAll') {
127
  $error = new WP_Error();
128
  $error->add('locked_account', '<strong>'.__('ERROR:', 'bulletproof-security').'</strong>'.__(' This user account has been locked until ', 'bulletproof-security').'<strong>'.date_i18n(get_option('date_format').' '.get_option('time_format'), $row->lockout_time + $gmt_offset).'</strong>'.__(' due to too many failed login attempts. You can login again after the Lockout Time above has expired.', 'bulletproof-security') );
129
 
130
  return $error;
131
  }
132
 
133
- if ( $row->status == 'Locked' && $timeNow < $row->lockout_time && $row->failed_logins >= $BPSoptions['bps_max_logins'] && $BPSoptions['bps_login_security_errors'] == 'genericAll') {
134
  return new WP_Error('incorrect_password', sprintf('<strong>'.__('ERROR:', 'bulletproof-security').'</strong>'.__(' Invalid Entry.', 'bulletproof-security').' <a href="%s">'.__('Lost your password?', 'bulletproof-security').'</a>', wp_lostpassword_url()));
135
  }
136
  }
137
 
138
  // 2.4: JTC-Lite added - incorrect CAPTCHA entered stops Login processing
139
- if ( $BPSoptionsJTC['bps_jtc_login_form'] == '1' ) {
140
 
141
- if ( ! $BPSoptionsJTC['bps_jtc_custom_form_error'] || $BPSoptionsJTC['bps_jtc_custom_form_error'] == '' ) {
142
- $bps_jtc_custom_form_error = '<strong>ERROR</strong>: Incorrect CAPTCHA Entered.';
143
- } else {
144
- $bps_jtc_custom_form_error = $BPSoptionsJTC['bps_jtc_custom_form_error'];
145
- }
146
-
147
  $reference_form_field = array_key_exists( 'reference', $_POST ) ? $_POST['reference'] : null;
148
  $captcha_form_field = array_key_exists( 'captcha', $_POST ) ? $_POST['captcha'] : null;
 
149
 
150
- if ( $reference_form_field != $BPSoptionsJTC['bps_tooltip_captcha_key'] || $captcha_form_field != '' ) {
151
  $error = new WP_Error();
152
  $error->add( 'captcha_error', __($bps_jtc_custom_form_error, 'bulletproof-security') );
153
  return $error;
@@ -168,7 +167,7 @@ if ( $BPSoptions['bps_login_security_OnOff'] == 'On' && $BPSoptions['bps_login_s
168
  // do nothing
169
  } else {
170
 
171
- if ( $options['bps_login_security_email'] == 'anyUserLoginLock') {
172
  $message = '<p><font color="blue"><strong>'.__('A User has logged in on website: ', 'bulletproof-security').$justUrl.'</strong></font></p>';
173
  $message .= '<p>'.__('To take further action go to the Login Security page. If you do not want to receive further email alerts change or turn off Login Security Email Alerts.', 'bulletproof-security').'</p>';
174
  $message .= '<p><strong>'.__('Username:', 'bulletproof-security').'</strong> '.$user->user_login.'</p>';
@@ -184,7 +183,7 @@ if ( $BPSoptions['bps_login_security_OnOff'] == 'On' && $BPSoptions['bps_login_s
184
  }
185
 
186
  // Option adminLoginOnly - Send Email Alert if an Administrator Logs in
187
- if ( $options['bps_login_security_email'] == 'adminLoginOnly' || $options['bps_login_security_email'] == 'adminLoginLock' && $bps_role == 'administrator') {
188
  $message = '<p><font color="blue"><strong>'.__('An Administrator has logged in on website: ', 'bulletproof-security').$justUrl.'</strong></font></p>';
189
  $message .= '<p>'.__('To take further action go to the Login Security page. If you do not want to receive further email alerts change or turn off Login Security Email Alerts.', 'bulletproof-security').'</p>';
190
  $message .= '<p><strong>'.__('Username:', 'bulletproof-security').'</strong> '.$user->user_login.'</p>';
@@ -216,7 +215,7 @@ if ( $BPSoptions['bps_login_security_OnOff'] == 'On' && $BPSoptions['bps_login_s
216
  // do nothing
217
  } else {
218
 
219
- if ( $options['bps_login_security_email'] == 'anyUserLoginLock') {
220
  $message = '<p><font color="blue"><strong>'.__('Test A User has logged in on website: ', 'bulletproof-security').$justUrl.'</strong></font></p>';
221
  $message .= '<p>'.__('To take further action go to the Login Security page. If you do not want to receive further email alerts change or turn off Login Security Email Alerts.', 'bulletproof-security').'</p>';
222
  $message .= '<p><strong>'.__('Username:', 'bulletproof-security').'</strong> '.$user->user_login.'</p>';
@@ -232,7 +231,7 @@ if ( $BPSoptions['bps_login_security_OnOff'] == 'On' && $BPSoptions['bps_login_s
232
  }
233
 
234
  // Option adminLoginOnly - Send Email Alert if an Administrator Logs in
235
- if ( $options['bps_login_security_email'] == 'adminLoginOnly' || $options['bps_login_security_email'] == 'adminLoginLock' && $bps_role == 'administrator') {
236
  $message = '<p><font color="blue"><strong>'.__('An Administrator has logged in on website: ', 'bulletproof-security').$justUrl.'</strong></font></p>';
237
  $message .= '<p>'.__('To take further action go to the Login Security page. If you do not want to receive further email alerts change or turn off Login Security Email Alerts.', 'bulletproof-security').'</p>';
238
  $message .= '<p><strong>'.__('Username:', 'bulletproof-security').'</strong> '.$user->user_login.'</p>';
@@ -256,7 +255,7 @@ if ( $BPSoptions['bps_login_security_OnOff'] == 'On' && $BPSoptions['bps_login_s
256
  $bps_role = isset($user->roles[0]) ? $user->roles[0] : 'none';
257
 
258
  // Insane, but someone will do this... if max bad retries is set to 1
259
- if ( $failed_logins >= $BPSoptions['bps_max_logins'] ) {
260
  $status = 'Locked';
261
 
262
  // Network/Multisite subsites - logging is not used/allowed
@@ -264,7 +263,7 @@ if ( $BPSoptions['bps_login_security_OnOff'] == 'On' && $BPSoptions['bps_login_s
264
  // do nothing
265
  } else {
266
 
267
- if ( $options['bps_login_security_email'] == 'lockoutOnly' || $options['bps_login_security_email'] == 'anyUserLoginLock' || $options['bps_login_security_email'] == 'adminLoginLock') {
268
  $message = '<p><font color="#fb0101"><strong>'.__('A User Account has been locked on website: ', 'bulletproof-security').$justUrl.'</strong></font></p>';
269
  $message .= '<p>'.__('To take further action go to the Login Security page. If no action is taken then the User will be able to try and login again after the Lockout Time has expired. If you do not want to receive further email alerts change or turn off Login Security Email Alerts.', 'bulletproof-security').'</p>';
270
  $message .= '<p><strong>'.__('What to do if your User Account is locked and you are unable to login to your website:', 'bulletproof-security').'</strong>'.__(' Use FTP or your web host control panel file manager and rename the /bulletproof-security plugin folder name to /_bulletproof-security. Log into your website. Rename the /_bulletproof-security plugin folder name back to /bulletproof-security. Go to the BPS Login Security page and unlock your User Account.', 'bulletproof-security').'</p>';
@@ -310,7 +309,7 @@ if ( $BPSoptions['bps_login_security_OnOff'] == 'On' && $BPSoptions['bps_login_s
310
  // do nothing
311
  } else {
312
 
313
- if ( $options['bps_login_security_email'] == 'anyUserLoginLock') {
314
  $message = '<p><font color="blue"><strong>'.__('A User has logged in on website: ', 'bulletproof-security').$justUrl.'</strong></font></p>';
315
  $message .= '<p>'.__('To take further action go to the Login Security page. If you do not want to receive further email alerts change or turn off Login Security Email Alerts.', 'bulletproof-security').'</p>';
316
  $message .= '<p><strong>'.__('Username:', 'bulletproof-security').'</strong> '.$user->user_login.'</p>';
@@ -326,7 +325,7 @@ if ( $BPSoptions['bps_login_security_OnOff'] == 'On' && $BPSoptions['bps_login_s
326
  }
327
 
328
  // Option adminLoginOnly - Send Email Alert if an Administrator Logs in
329
- if ( $options['bps_login_security_email'] == 'adminLoginOnly' || $options['bps_login_security_email'] == 'adminLoginLock' && $bps_role == 'administrator') {
330
  $message = '<p><font color="blue"><strong>'.__('An Administrator has logged in on website: ', 'bulletproof-security').$justUrl.'</strong></font></p>';
331
  $message .= '<p>'.__('To take further action go to the Login Security page. If you do not want to receive further email alerts change or turn off Login Security Email Alerts.', 'bulletproof-security').'</p>';
332
  $message .= '<p><strong>'.__('Username:', 'bulletproof-security').'</strong> '.$user->user_login.'</p>';
@@ -348,10 +347,10 @@ if ( $BPSoptions['bps_login_security_OnOff'] == 'On' && $BPSoptions['bps_login_s
348
  if ( $wpdb->num_rows != 0 && $user->ID != 0 && ! wp_check_password($password, $user->user_pass, $user->ID) ) {
349
 
350
  $bps_role = isset($user->roles[0]) ? $user->roles[0] : 'none';
351
-
352
  foreach ( $LoginSecurityRows as $row ) {
353
 
354
- if ( $row->status == 'Locked' && $timeNow < $row->lockout_time && $row->failed_logins >= $BPSoptions['bps_max_logins'] ) { // greater > for testing
355
  $error = new WP_Error();
356
  $error->add('locked_account', '<strong>'.__('ERROR:', 'bulletproof-security').'</strong>'.__(' This user account has been locked until ', 'bulletproof-security').'<strong>'.date_i18n(get_option('date_format').' '.get_option('time_format'), $row->lockout_time + $gmt_offset).'</strong>'.__(' due to too many failed login attempts. You can login again after the Lockout Time above has expired.', 'bulletproof-security') );
357
 
@@ -363,59 +362,58 @@ if ( $BPSoptions['bps_login_security_OnOff'] == 'On' && $BPSoptions['bps_login_s
363
  if ( $row->failed_logins == 0 ) {
364
  for ($failed_logins = 0; $failed_logins <= 0; $failed_logins++) {
365
  $failed_logins;
366
- // .51.8: added $remaining variables
367
- $remaining = $BPSoptions['bps_max_logins'] - $failed_logins - 1;
368
  }
369
  } elseif ( $row->failed_logins == 1 ) {
370
  for ($failed_logins = 1; $failed_logins <= 1; $failed_logins++) {
371
  $failed_logins;
372
- $remaining = $BPSoptions['bps_max_logins'] - $failed_logins - 1;
373
  }
374
  } elseif ( $row->failed_logins == 2 ) {
375
  for ($failed_logins = 2; $failed_logins <= 2; $failed_logins++) {
376
  $failed_logins;
377
- $remaining = $BPSoptions['bps_max_logins'] - $failed_logins - 1;
378
  }
379
  } elseif ( $row->failed_logins == 3 ) {
380
  for ($failed_logins = 3; $failed_logins <= 3; $failed_logins++) {
381
  $failed_logins;
382
- $remaining = $BPSoptions['bps_max_logins'] - $failed_logins - 1;
383
  }
384
  } elseif ( $row->failed_logins == 4 ) {
385
  for ($failed_logins = 4; $failed_logins <= 4; $failed_logins++) {
386
  $failed_logins;
387
- $remaining = $BPSoptions['bps_max_logins'] - $failed_logins - 1;
388
  }
389
  } elseif ( $row->failed_logins == 5 ) {
390
  for ($failed_logins = 5; $failed_logins <= 5; $failed_logins++) {
391
  $failed_logins;
392
- $remaining = $BPSoptions['bps_max_logins'] - $failed_logins - 1;
393
  }
394
  } elseif ( $row->failed_logins == 6 ) {
395
  for ($failed_logins = 6; $failed_logins <= 6; $failed_logins++) {
396
  $failed_logins;
397
- $remaining = $BPSoptions['bps_max_logins'] - $failed_logins - 1;
398
  }
399
  } elseif ( $row->failed_logins == 7 ) {
400
  for ($failed_logins = 7; $failed_logins <= 7; $failed_logins++) {
401
  $failed_logins;
402
- $remaining = $BPSoptions['bps_max_logins'] - $failed_logins - 1;
403
  }
404
  } elseif ( $row->failed_logins == 8 ) {
405
  for ($failed_logins = 8; $failed_logins <= 8; $failed_logins++) {
406
  $failed_logins;
407
- $remaining = $BPSoptions['bps_max_logins'] - $failed_logins - 1;
408
  }
409
  } elseif ( $row->failed_logins == 9 ) {
410
  for ($failed_logins = 9; $failed_logins <= 9; $failed_logins++) {
411
  $failed_logins;
412
- $remaining = $BPSoptions['bps_max_logins'] - $failed_logins - 1;
413
  }
414
  }
415
  } // end foreach
416
 
417
  // 2.9: BugFix for additional login attempts after account was locked and lockout time has expired: changed >= to ==
418
- if ( $failed_logins == $BPSoptions['bps_max_logins'] ) {
419
  $status = 'Locked';
420
 
421
  // Network/Multisite subsites - logging is not used/allowed
@@ -423,7 +421,7 @@ if ( $BPSoptions['bps_login_security_OnOff'] == 'On' && $BPSoptions['bps_login_s
423
  // do nothing
424
  } else {
425
 
426
- if ( $options['bps_login_security_email'] == 'lockoutOnly' || $options['bps_login_security_email'] == 'anyUserLoginLock' || $options['bps_login_security_email'] == 'adminLoginLock') {
427
  $message = '<p><font color="#fb0101"><strong>'.__('A User Account has been locked on website: ', 'bulletproof-security').$justUrl.'</strong></font></p>';
428
  $message .= '<p>'.__('To take further action go to the Login Security page. If no action is taken then the User will be able to try and login again after the Lockout Time has expired. If you do not want to receive further email alerts change or turn off Login Security Email Alerts.', 'bulletproof-security').'</p>';
429
  $message .= '<p><strong>'.__('What to do if your User Account is locked and you are unable to login to your website:', 'bulletproof-security').'</strong>'.__(' Use FTP or your web host control panel file manager and rename the /bulletproof-security plugin folder name to /_bulletproof-security. Log into your website. Rename the /_bulletproof-security plugin folder name back to /bulletproof-security. Go to the BPS Login Security page and unlock your User Account.', 'bulletproof-security').'</p>';
@@ -459,7 +457,7 @@ if ( $BPSoptions['bps_login_security_OnOff'] == 'On' && $BPSoptions['bps_login_s
459
  $LSM_zero_filter = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $bpspro_login_table WHERE user_id = %d AND failed_logins != %d", $user->ID, $no_zeros ) );
460
 
461
  ## 2.9: BugFix for additional login attempts after account was locked and lockout time has expired
462
- if ( $failed_logins > $BPSoptions['bps_max_logins'] && $timeNow < $row->lockout_time ) {
463
 
464
  $failed_logins = 1;
465
  $status = 'Not Locked';
@@ -481,7 +479,7 @@ if ( $BPSoptions['bps_login_security_OnOff'] == 'On' && $BPSoptions['bps_login_s
481
  // X failed attempts in any X amount of time = account is locked period - Duration/threshold is totally unnecessary
482
  *******************************************************************************************************************
483
  */
484
- if ( $BPSoptions['bps_login_security_OnOff'] == 'On' && $BPSoptions['bps_login_security_logging'] == 'logLockouts') {
485
 
486
  $user = get_user_by( 'login', $username );
487
 
@@ -491,36 +489,35 @@ if ( $BPSoptions['bps_login_security_OnOff'] == 'On' && $BPSoptions['bps_login_s
491
  }
492
 
493
  $user_id = isset($user->ID) ? $user->ID : null;
494
-
 
 
495
  $LoginSecurityRows = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $bpspro_login_table WHERE user_id = %d", $user_id ) );
496
 
497
  foreach ( $LoginSecurityRows as $row ) {
498
 
499
- if ( $row->status == 'Locked' && $timeNow < $row->lockout_time && $row->failed_logins >= $BPSoptions['bps_max_logins'] && $BPSoptions['bps_login_security_errors'] != 'genericAll') {
500
  $error = new WP_Error();
501
  $error->add('locked_account', '<strong>'.__('ERROR:', 'bulletproof-security').'</strong>'.__(' This user account has been locked until ', 'bulletproof-security').'<strong>'.date_i18n(get_option('date_format').' '.get_option('time_format'), $row->lockout_time + $gmt_offset).'</strong>'.__(' due to too many failed login attempts. You can login again after the Lockout Time above has expired.', 'bulletproof-security') );
502
 
503
  return $error;
504
  }
505
 
506
- if ( $row->status == 'Locked' && $timeNow < $row->lockout_time && $row->failed_logins >= $BPSoptions['bps_max_logins'] && $BPSoptions['bps_login_security_errors'] == 'genericAll') {
507
  return new WP_Error('incorrect_password', sprintf('<strong>'.__('ERROR:', 'bulletproof-security').'</strong>'.__(' Invalid Entry.', 'bulletproof-security').' <a href="%s">'.__('Lost your password?', 'bulletproof-security').'</a>', wp_lostpassword_url()));
508
  }
509
  }
510
 
511
  // 2.4: JTC-Lite added - incorrect CAPTCHA entered stops Login processing
512
- if ( $BPSoptionsJTC['bps_jtc_login_form'] == '1' ) {
513
 
514
- if ( ! $BPSoptionsJTC['bps_jtc_custom_form_error'] || $BPSoptionsJTC['bps_jtc_custom_form_error'] == '' ) {
515
- $bps_jtc_custom_form_error = '<strong>ERROR</strong>: Incorrect CAPTCHA Entered.';
516
- } else {
517
- $bps_jtc_custom_form_error = $BPSoptionsJTC['bps_jtc_custom_form_error'];
518
- }
519
 
520
  $reference_form_field = array_key_exists( 'reference', $_POST ) ? $_POST['reference'] : null;
521
  $captcha_form_field = array_key_exists( 'captcha', $_POST ) ? $_POST['captcha'] : null;
522
 
523
- if ( $reference_form_field != $BPSoptionsJTC['bps_tooltip_captcha_key'] || $captcha_form_field != '' ) {
524
  $error = new WP_Error();
525
  $error->add( 'captcha_error', __($bps_jtc_custom_form_error, 'bulletproof-security') );
526
  return $error;
@@ -533,7 +530,7 @@ if ( $BPSoptions['bps_login_security_OnOff'] == 'On' && $BPSoptions['bps_login_s
533
  $bps_role = isset($user->roles[0]) ? $user->roles[0] : 'none';
534
 
535
  // Insane, but someone will do this... if max bad retries is set to 1
536
- if ( $failed_logins >= $BPSoptions['bps_max_logins'] ) {
537
  $status = 'Locked';
538
 
539
  // Network/Multisite subsites - logging is not used/allowed
@@ -541,7 +538,7 @@ if ( $BPSoptions['bps_login_security_OnOff'] == 'On' && $BPSoptions['bps_login_s
541
  // do nothing
542
  } else {
543
 
544
- if ( $options['bps_login_security_email'] == 'lockoutOnly' || $options['bps_login_security_email'] == 'anyUserLoginLock' || $options['bps_login_security_email'] == 'adminLoginLock') {
545
  $message = '<p><font color="#fb0101"><strong>'.__('A User Account has been locked on website: ', 'bulletproof-security').$justUrl.'</strong></font></p>';
546
  $message .= '<p>'.__('To take further action go to the Login Security page. If no action is taken then the User will be able to try and login again after the Lockout Time has expired. If you do not want to receive further email alerts change or turn off Login Security Email Alerts.', 'bulletproof-security').'</p>';
547
  $message .= '<p><strong>'.__('What to do if your User Account is locked and you are unable to login to your website:', 'bulletproof-security').'</strong>'.__(' Use FTP or your web host control panel file manager and rename the /bulletproof-security plugin folder name to /_bulletproof-security. Log into your website. Rename the /_bulletproof-security plugin folder name back to /bulletproof-security. Go to the BPS Login Security page and unlock your User Account.', 'bulletproof-security').'</p>';
@@ -591,7 +588,7 @@ if ( $BPSoptions['bps_login_security_OnOff'] == 'On' && $BPSoptions['bps_login_s
591
  // do nothing
592
  } else {
593
 
594
- if ( $options['bps_login_security_email'] == 'anyUserLoginLock') {
595
  $message = '<p><font color="blue"><strong>'.__('A User has logged in on website: ', 'bulletproof-security').$justUrl.'</strong></font></p>';
596
  $message .= '<p>'.__('To take further action go to the Login Security page. If you do not want to receive further email alerts change or turn off Login Security Email Alerts.', 'bulletproof-security').'</p>';
597
 
@@ -608,7 +605,7 @@ if ( $BPSoptions['bps_login_security_OnOff'] == 'On' && $BPSoptions['bps_login_s
608
  }
609
 
610
  // Option adminLoginOnly - Send Email Alert if an Administrator Logs in
611
- if ( $options['bps_login_security_email'] == 'adminLoginOnly' || $options['bps_login_security_email'] == 'adminLoginLock' && $bps_role == 'administrator') {
612
  $message = '<p><font color="blue"><strong>'.__('An Administrator has logged in on website: ', 'bulletproof-security').$justUrl.'</strong></font></p>';
613
  $message .= '<p>'.__('To take further action go to the Login Security page. If you do not want to receive further email alerts change or turn off Login Security Email Alerts.', 'bulletproof-security').'</p>';
614
 
@@ -634,7 +631,7 @@ if ( $BPSoptions['bps_login_security_OnOff'] == 'On' && $BPSoptions['bps_login_s
634
 
635
  foreach ( $LoginSecurityRows as $row ) {
636
 
637
- if ( $row->status == 'Locked' && $timeNow < $row->lockout_time && $row->failed_logins >= $BPSoptions['bps_max_logins'] ) { // greater > for testing
638
  $error = new WP_Error();
639
  $error->add('locked_account', '<strong>'.__('ERROR:', 'bulletproof-security').'</strong>'.__(' This user account has been locked until ', 'bulletproof-security').'<strong>'.date_i18n(get_option('date_format').' '.get_option('time_format'), $row->lockout_time + $gmt_offset).'</strong>'.__(' due to too many failed login attempts. You can login again after the Lockout Time above has expired.', 'bulletproof-security') );
640
 
@@ -646,59 +643,58 @@ if ( $BPSoptions['bps_login_security_OnOff'] == 'On' && $BPSoptions['bps_login_s
646
  if ( $row->failed_logins == 0 ) {
647
  for ($failed_logins = 0; $failed_logins <= 0; $failed_logins++) {
648
  $failed_logins;
649
- // .51.8: added $remaining variables
650
- $remaining = $BPSoptions['bps_max_logins'] - $failed_logins - 1;
651
  }
652
  } elseif ( $row->failed_logins == 1 ) {
653
  for ($failed_logins = 1; $failed_logins <= 1; $failed_logins++) {
654
  $failed_logins;
655
- $remaining = $BPSoptions['bps_max_logins'] - $failed_logins - 1;
656
  }
657
  } elseif ( $row->failed_logins == 2 ) {
658
  for ($failed_logins = 2; $failed_logins <= 2; $failed_logins++) {
659
  $failed_logins;
660
- $remaining = $BPSoptions['bps_max_logins'] - $failed_logins - 1;
661
  }
662
  } elseif ( $row->failed_logins == 3 ) {
663
  for ($failed_logins = 3; $failed_logins <= 3; $failed_logins++) {
664
  $failed_logins;
665
- $remaining = $BPSoptions['bps_max_logins'] - $failed_logins - 1;
666
  }
667
  } elseif ( $row->failed_logins == 4 ) {
668
  for ($failed_logins = 4; $failed_logins <= 4; $failed_logins++) {
669
  $failed_logins;
670
- $remaining = $BPSoptions['bps_max_logins'] - $failed_logins - 1;
671
  }
672
  } elseif ( $row->failed_logins == 5 ) {
673
  for ($failed_logins = 5; $failed_logins <= 5; $failed_logins++) {
674
  $failed_logins;
675
- $remaining = $BPSoptions['bps_max_logins'] - $failed_logins - 1;
676
  }
677
  } elseif ( $row->failed_logins == 6 ) {
678
  for ($failed_logins = 6; $failed_logins <= 6; $failed_logins++) {
679
  $failed_logins;
680
- $remaining = $BPSoptions['bps_max_logins'] - $failed_logins - 1;
681
  }
682
  } elseif ( $row->failed_logins == 7 ) {
683
  for ($failed_logins = 7; $failed_logins <= 7; $failed_logins++) {
684
  $failed_logins;
685
- $remaining = $BPSoptions['bps_max_logins'] - $failed_logins - 1;
686
  }
687
  } elseif ( $row->failed_logins == 8 ) {
688
  for ($failed_logins = 8; $failed_logins <= 8; $failed_logins++) {
689
  $failed_logins;
690
- $remaining = $BPSoptions['bps_max_logins'] - $failed_logins - 1;
691
  }
692
  } elseif ( $row->failed_logins == 9 ) {
693
  for ($failed_logins = 9; $failed_logins <= 9; $failed_logins++) {
694
  $failed_logins;
695
- $remaining = $BPSoptions['bps_max_logins'] - $failed_logins - 1;
696
  }
697
  }
698
  } // end foreach
699
 
700
  // 2.9: BugFix for additional login attempts after account was locked and lockout time has expired: changed >= to ==
701
- if ( $failed_logins == $BPSoptions['bps_max_logins'] ) {
702
  $status = 'Locked';
703
 
704
  // Network/Multisite subsites - logging is not used/allowed
@@ -706,7 +702,7 @@ if ( $BPSoptions['bps_login_security_OnOff'] == 'On' && $BPSoptions['bps_login_s
706
  // do nothing
707
  } else {
708
 
709
- if ( $options['bps_login_security_email'] == 'lockoutOnly' || $options['bps_login_security_email'] == 'anyUserLoginLock' || $options['bps_login_security_email'] == 'adminLoginLock') {
710
  $message = '<p><font color="#fb0101"><strong>'.__('A User Account has been locked on website: ', 'bulletproof-security').$justUrl.'</strong></font></p>';
711
  $message .= '<p>'.__('To take further action go to the Login Security page. If no action is taken then the User will be able to try and login again after the Lockout Time has expired. If you do not want to receive further email alerts change or turn off Login Security Email Alerts.', 'bulletproof-security').'</p>';
712
  $message .= '<p><strong>'.__('What to do if your User Account is locked and you are unable to login to your website:', 'bulletproof-security').'</strong>'.__(' Use FTP or your web host control panel file manager and rename the /bulletproof-security plugin folder name to /_bulletproof-security. Log into your website. Rename the /_bulletproof-security plugin folder name back to /bulletproof-security. Go to the BPS Login Security page and unlock your User Account.', 'bulletproof-security').'</p>';
@@ -742,7 +738,7 @@ if ( $BPSoptions['bps_login_security_OnOff'] == 'On' && $BPSoptions['bps_login_s
742
  $LSM_zero_filter = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $bpspro_login_table WHERE user_id = %d AND failed_logins != %d", $user->ID, $no_zeros ) );
743
 
744
  ## 2.9: BugFix for additional login attempts after account was locked and lockout time has expired
745
- if ( $failed_logins > $BPSoptions['bps_max_logins'] && $timeNow < $row->lockout_time ) {
746
 
747
  $failed_logins = 1;
748
  $status = 'Not Locked';
@@ -768,15 +764,19 @@ if ( $BPSoptions['bps_login_security_OnOff'] == 'On' && $BPSoptions['bps_login_s
768
  ****************************************************
769
  */
770
 
771
- if ( $BPSoptions['bps_login_security_OnOff'] == 'On' && isset( $_POST['wp-submit'] ) || $BPSoptions['bps_login_security_OnOff'] == 'On' && $BPSoptions['bps_enable_lsm_woocommerce'] == 1 && isset( $_POST['login'] ) ) {
772
 
773
  // if a user does not set/save this option then default to WP Errors
774
  // .53.8: added email address login error checking + messages
775
- if ( ! $user && ! $BPSoptions['bps_login_security_errors'] ) {
 
 
 
 
776
  return new WP_Error('invalid_username', sprintf('<strong>'.__('ERROR:', 'bulletproof-security').'</strong>'.__(' Invalid username.', 'bulletproof-security').' <a href="%s">'.__('Lost your password?', 'bulletproof-security').'</a>', wp_lostpassword_url()));
777
  }
778
 
779
- if ( ! $user && $BPSoptions['bps_login_security_errors'] == 'wpErrors' ) {
780
 
781
  if ( strpos( $username, '@' ) ) {
782
  return new WP_Error('invalid_email', sprintf('<strong>'.__('ERROR:', 'bulletproof-security').'</strong>'.__(' Invalid email address.', 'bulletproof-security').' <a href="%s">'.__('Lost your password?', 'bulletproof-security').'</a>', wp_lostpassword_url()));
@@ -788,11 +788,11 @@ if ( $BPSoptions['bps_login_security_OnOff'] == 'On' && isset( $_POST['wp-submit
788
  }
789
  }
790
 
791
- if ( ! $user && $BPSoptions['bps_login_security_errors'] == 'generic') {
792
  return new WP_Error('invalid_username', sprintf('<strong>'.__('ERROR:', 'bulletproof-security').'</strong>'.__(' Invalid Entry.', 'bulletproof-security').' <a href="%s">'.__('Lost your password?', 'bulletproof-security').'</a>', wp_lostpassword_url()));
793
  }
794
 
795
- if ( ! $user && $BPSoptions['bps_login_security_errors'] == 'genericAll') {
796
  return new WP_Error('invalid_username', sprintf('<strong>'.__('ERROR:', 'bulletproof-security').'</strong>'.__(' Invalid Entry.', 'bulletproof-security').' <a href="%s">'.__('Lost your password?', 'bulletproof-security').'</a>', wp_lostpassword_url()));
797
 
798
  }
@@ -802,19 +802,19 @@ if ( $BPSoptions['bps_login_security_OnOff'] == 'On' && isset( $_POST['wp-submit
802
  return $user;
803
 
804
  // if a user does not set/save this option then default to WP Errors
805
- if ( ! wp_check_password($password, $user->user_pass, $user->ID) && ! $BPSoptions['bps_login_security_errors'] ) {
806
  return new WP_Error('incorrect_password', sprintf('<strong>'.__('ERROR:', 'bulletproof-security').'</strong>'.__(' The password you entered for the username ', 'bulletproof-security').'<strong>%1$s</strong>'.__(' is incorrect. ', 'bulletproof-security').' <a href="%2$s">'.__('Lost your password?', 'bulletproof-security').'</a>', $username, wp_lostpassword_url()));
807
  }
808
 
809
- if ( ! wp_check_password($password, $user->user_pass, $user->ID) && $BPSoptions['bps_login_security_errors'] == 'wpErrors' ) {
810
 
811
- if ( $BPSoptions['bps_login_security_remaining'] == 'On' ) {
812
 
813
  ## 2.9: BugFix for additional login attempts after account was locked and lockout time has expired
814
- if ( $failed_logins == $BPSoptions['bps_max_logins'] + 1 ) {
815
- $attempts_remaining = $BPSoptions['bps_max_logins'];
816
  } elseif ( $failed_logins == 1 ) {
817
- $attempts_remaining = $BPSoptions['bps_max_logins'] - 1;
818
  } else {
819
  $attempts_remaining = $remaining;
820
  }
@@ -841,15 +841,15 @@ if ( $BPSoptions['bps_login_security_OnOff'] == 'On' && isset( $_POST['wp-submit
841
  }
842
  }
843
 
844
- if ( ! wp_check_password($password, $user->user_pass, $user->ID) && $BPSoptions['bps_login_security_errors'] == 'generic' ) {
845
 
846
- if ( $BPSoptions['bps_login_security_remaining'] == 'On' ) {
847
 
848
  ## 2.9: BugFix for additional login attempts after account was locked and lockout time has expired
849
- if ( $failed_logins == $BPSoptions['bps_max_logins'] + 1 ) {
850
- $attempts_remaining = $BPSoptions['bps_max_logins'];
851
  } elseif ( $failed_logins == 1 ) {
852
- $attempts_remaining = $BPSoptions['bps_max_logins'] - 1;
853
  } else {
854
  $attempts_remaining = $remaining;
855
  }
@@ -863,15 +863,15 @@ if ( $BPSoptions['bps_login_security_OnOff'] == 'On' && isset( $_POST['wp-submit
863
  }
864
  }
865
 
866
- if ( ! wp_check_password($password, $user->user_pass, $user->ID) && $BPSoptions['bps_login_security_errors'] == 'genericAll' ) {
867
 
868
- if ( $BPSoptions['bps_login_security_remaining'] == 'On' ) {
869
 
870
  ## 2.9: BugFix for additional login attempts after account was locked and lockout time has expired
871
- if ( $failed_logins == $BPSoptions['bps_max_logins'] + 1 ) {
872
- $attempts_remaining = $BPSoptions['bps_max_logins'];
873
  } elseif ( $failed_logins == 1 ) {
874
- $attempts_remaining = $BPSoptions['bps_max_logins'] - 1;
875
  } else {
876
  $attempts_remaining = $remaining;
877
  }
@@ -996,18 +996,15 @@ function bpsPro_jtc_wp_login_page( $user, $password ) {
996
 
997
  $BPSoptionsJTC = get_option('bulletproof_security_options_login_security_jtc');
998
 
999
- if ( $BPSoptionsJTC['bps_jtc_login_form'] == '1' ) {
1000
-
1001
- if ( ! $BPSoptionsJTC['bps_jtc_custom_form_error'] || $BPSoptionsJTC['bps_jtc_custom_form_error'] == '' ) {
1002
- $bps_jtc_custom_form_error = '<strong>ERROR</strong>: Incorrect CAPTCHA Entered.';
1003
- } else {
1004
- $bps_jtc_custom_form_error = $BPSoptionsJTC['bps_jtc_custom_form_error'];
1005
- }
1006
 
 
 
 
1007
  $reference_form_field = array_key_exists( 'reference', $_POST ) ? $_POST['reference'] : null;
1008
  $captcha_form_field = array_key_exists( 'captcha', $_POST ) ? $_POST['captcha'] : null;
1009
 
1010
- if ( $reference_form_field != $BPSoptionsJTC['bps_tooltip_captcha_key'] || $captcha_form_field != '' ) {
1011
  $error = new WP_Error();
1012
  $error->add( 'captcha_error', __($bps_jtc_custom_form_error, 'bulletproof-security') );
1013
  return $error;
@@ -1047,7 +1044,7 @@ function bps_enqueue_tooltip_script_login() {
1047
  add_action( 'login_enqueue_scripts', 'bps_enqueue_tooltip_script_login', 1 );
1048
  add_action( 'login_form', 'bps_captcha_login_form_field' );
1049
 
1050
- if ( $BPSoptions['bps_enable_lsm_woocommerce'] == 1 || $BPSoptionsJTC['bps_enable_jtc_woocommerce'] == 1 ) {
1051
  add_action( 'wp_enqueue_scripts', 'bps_enqueue_tooltip_script_login', 1 );
1052
  add_action( 'woocommerce_login_form', 'bps_captcha_login_form_field' );
1053
  }
@@ -1059,12 +1056,20 @@ function bps_captcha_login_form_field() {
1059
  $reference = ( isset( $_POST['reference'] ) ) ? $_POST['reference'] : '';
1060
  // SpamBot Trap/Decoy Form Field
1061
  $captcha = ( isset( $_POST['captcha'] ) ) ? $_POST['captcha'] : '';
1062
-
 
 
 
 
 
 
 
 
1063
  ?>
1064
 
1065
  <p>
1066
- <label for="reference"><?php echo $BPSoptionsJTC['bps_tooltip_captcha_title']; ?><br />
1067
- <input type="text" name="reference" id="reference" class="input" title="<?php if ( $BPSoptionsJTC['bps_tooltip_captcha_hover_text'] != ' ' ) { echo $BPSoptionsJTC['bps_tooltip_captcha_hover_text']; } ?>" value="<?php echo esc_attr(stripslashes($reference)); ?>" /></label>
1068
  <input type="text" name="captcha" id="captcha" class="input" value="<?php echo esc_attr(stripslashes($captcha)); ?>" style="display:none;" />
1069
  </p>
1070
 
@@ -1128,7 +1133,8 @@ body .ui-tooltip.bps-custom-tooltip-style {
1128
  // .54.1: switched to Roles instead of using user_level
1129
  // .54.2: Added Custom User Roles
1130
  function bpsPro_ACE_cookie_expiration( $expiration, $user_id, $remember ) {
1131
- $BPS_ACE_options = get_option('bulletproof_security_options_auth_cookie');
 
1132
 
1133
  if ( isset($BPS_ACE_options['bps_ace']) && $BPS_ACE_options['bps_ace'] == 'On' ) {
1134
 
@@ -1137,23 +1143,32 @@ $BPS_ACE_options = get_option('bulletproof_security_options_auth_cookie');
1137
  $user_roles = $user->roles;
1138
  $user_role = array_shift($user_roles);
1139
 
 
 
 
 
 
 
 
 
 
1140
  if ( $remember ) {
1141
 
1142
- if ( $BPS_ACE_options['bps_ace_rememberme_expiration'] == '' ) {
1143
 
1144
  $expiration = 1209600;
1145
  return $expiration;
1146
  }
1147
 
1148
- if ( preg_match( '/'.$user->user_login.'/i', $BPS_ACE_options['bps_ace_user_account_exceptions'] ) ) {
1149
 
1150
  $expiration = 1209600;
1151
  return $expiration;
1152
 
1153
  // If Role checkbox is not checked cookie expiration defaults to wp default cookie expiration
1154
- } elseif ( $user_role == 'administrator' && $BPS_ACE_options['bps_ace_administrator'] == '1' || $user_role == 'editor' && $BPS_ACE_options['bps_ace_editor'] == '1' || $user_role == 'author' && $BPS_ACE_options['bps_ace_author'] == '1' || $user_role == 'contributor' && $BPS_ACE_options['bps_ace_contributor'] == '1' || $user_role == 'subscriber' && $BPS_ACE_options['bps_ace_subscriber'] == '1' ) {
1155
 
1156
- $expiration = $BPS_ACE_options['bps_ace_rememberme_expiration'] * 60;
1157
  return $expiration;
1158
 
1159
  } elseif ( $user_role != 'administrator' && $user_role != 'editor' && $user_role != 'author' && $user_role != 'contributor' && $user_role != 'subscriber' ) {
@@ -1166,7 +1181,7 @@ $BPS_ACE_options = get_option('bulletproof_security_options_auth_cookie');
1166
 
1167
  if ( $user_role == $ckey && $cvalue == '1' ) {
1168
 
1169
- $expiration = $BPS_ACE_options['bps_ace_expiration'] * 60;
1170
  return $expiration;
1171
 
1172
  } else {
@@ -1185,21 +1200,21 @@ $BPS_ACE_options = get_option('bulletproof_security_options_auth_cookie');
1185
 
1186
  } else {
1187
 
1188
- if ( $BPS_ACE_options['bps_ace_expiration'] == '' ) {
1189
 
1190
  $expiration = 172800;
1191
  return $expiration;
1192
  }
1193
 
1194
- if ( preg_match( '/'.$user->user_login.'/i', $BPS_ACE_options['bps_ace_user_account_exceptions'] ) ) {
1195
 
1196
  $expiration = 172800;
1197
  return $expiration;
1198
 
1199
  // If Role checkbox is not checked cookie expiration defaults to wp default cookie expiration
1200
- } elseif ( $user_role == 'administrator' && $BPS_ACE_options['bps_ace_administrator'] == '1' || $user_role == 'editor' && $BPS_ACE_options['bps_ace_editor'] == '1' || $user_role == 'author' && $BPS_ACE_options['bps_ace_author'] == '1' || $user_role == 'contributor' && $BPS_ACE_options['bps_ace_contributor'] == '1' || $user_role == 'subscriber' && $BPS_ACE_options['bps_ace_subscriber'] == '1' ) {
1201
 
1202
- $expiration = $BPS_ACE_options['bps_ace_expiration'] * 60;
1203
  return $expiration;
1204
 
1205
  } elseif ( $user_role != 'administrator' && $user_role != 'editor' && $user_role != 'author' && $user_role != 'contributor' && $user_role != 'subscriber' ) {
@@ -1212,7 +1227,7 @@ $BPS_ACE_options = get_option('bulletproof_security_options_auth_cookie');
1212
 
1213
  if ( $user_role == $ckey && $cvalue == '1' ) {
1214
 
1215
- $expiration = $BPS_ACE_options['bps_ace_expiration'] * 60;
1216
  return $expiration;
1217
 
1218
  } else {
@@ -1233,7 +1248,8 @@ $BPS_ACE_options = get_option('bulletproof_security_options_auth_cookie');
1233
  }
1234
 
1235
  $BPS_ACE_options = get_option('bulletproof_security_options_auth_cookie');
1236
- if ( $BPS_ACE_options && $BPS_ACE_options['bps_ace'] != 'Off' ) {
 
1237
 
1238
  add_filter('auth_cookie_expiration', 'bpsPro_ACE_cookie_expiration', 10, 3);
1239
  add_action('login_form', 'bpsPro_remove_rememberme_login_form_field');
@@ -1242,9 +1258,10 @@ if ( $BPS_ACE_options && $BPS_ACE_options['bps_ace'] != 'Off' ) {
1242
 
1243
  // .54.2: ACE hide/remove the Remember Me checkbox for everyone.
1244
  function bpsPro_remove_rememberme_login_form_field() {
1245
- $BPS_ACE_options = get_option('bulletproof_security_options_auth_cookie');
 
1246
 
1247
- if ( $BPS_ACE_options['bps_ace'] == 'On' && $BPS_ACE_options['bps_ace_rememberme_disable'] == '1' ) {
1248
  ?>
1249
 
1250
  <style>
@@ -1255,9 +1272,10 @@ $BPS_ACE_options = get_option('bulletproof_security_options_auth_cookie');
1255
 
1256
  // .54.2: ACE unset/disable the Remember Me checkbox/POST value for everyone. Cookie expiration will be Session.
1257
  function bpsPro_unset_rememberme_login_form_field() {
1258
- $BPS_ACE_options = get_option('bulletproof_security_options_auth_cookie');
 
1259
 
1260
- if ( $BPS_ACE_options['bps_ace'] == 'On' && $BPS_ACE_options['bps_ace_rememberme_disable'] == '1' && isset( $_POST['wp-submit'] ) && isset( $_POST['rememberme'] ) ) {
1261
  unset( $_POST['rememberme'] );
1262
  }
1263
  }
71
 
72
  function bpsPro_wp_authenticate_username_password( $user, $username, $password ) {
73
  global $wpdb, $blog_id;
74
+
75
+ $BPSoptions = get_option('bulletproof_security_options_login_security');
76
+ $BPSoptionsJTC = get_option('bulletproof_security_options_login_security_jtc');
77
+ $options = get_option('bulletproof_security_options_email');
78
+ $bpspro_login_table = $wpdb->prefix . "bpspro_login_security";
79
+ $hostname = esc_html( gethostbyaddr($_SERVER['REMOTE_ADDR'] ) );
80
+ $request_uri = esc_html( $_SERVER['REQUEST_URI'] );
81
+ $login_time = time();
82
+ $lockout_time = is_numeric($BPSoptions['bps_lockout_duration']) ? $lockout_time = time() + (60 * $BPSoptions['bps_lockout_duration']) : '0';
83
+ $timeNow = time();
84
+ $gmt_offset = get_option( 'gmt_offset' ) * 3600;
85
+ $bps_email_to = $options['bps_send_email_to'];
86
+ $bps_email_from = $options['bps_send_email_from'];
87
+ $bps_email_cc = $options['bps_send_email_cc'];
88
+ $bps_email_bcc = $options['bps_send_email_bcc'];
89
+ $path = '/wp-admin/admin.php?page=bulletproof-security%2Fadmin%2Flogin%2Flogin.php';
90
+ $justUrl = get_site_url(null, $path, null);
91
+ $timestamp = date_i18n(get_option('date_format'), strtotime("11/15-1976")) . ' - ' . date_i18n(get_option('time_format'), $timeNow + $gmt_offset);
92
+ $headers = array( 'Content-Type: text/html; charset=UTF-8', 'From: ' . $bps_email_from, 'Cc: ' . $bps_email_cc, 'Bcc: ' . $bps_email_bcc );
93
+ $subject = " BPS Login Security Alert - $timestamp ";
94
+
95
+ // 3.1: New GDPR conditional code for IP addresses logged in the WP DB
96
+ $GDPR_Options = get_option('bulletproof_security_options_gdpr');
97
+
98
+ $bps_gdpr_on_off = isset($GDPR_Options['bps_gdpr_on_off']) ? $GDPR_Options['bps_gdpr_on_off'] : '';
99
+
100
+ if ( $bps_gdpr_on_off != 'On' ) {
101
+ $ip_address = esc_html( $_SERVER['REMOTE_ADDR'] );
102
+ } else {
103
+ $ip_address = 'GDPR Compliance On';
104
+ }
105
 
106
  /*
107
  ***************************************************************
108
  // Log All Account Logins for valid Users - Good and Bad Logins
109
  ***************************************************************
110
  */
111
+ if ( isset($BPSoptions['bps_login_security_OnOff']) && $BPSoptions['bps_login_security_OnOff'] == 'On' && isset($BPSoptions['bps_login_security_logging']) && $BPSoptions['bps_login_security_logging'] == 'logAll') {
112
 
113
  $user = get_user_by( 'login', $username );
114
 
118
  }
119
 
120
  $user_id = isset($user->ID) ? $user->ID : null;
121
+ $bps_max_logins = is_numeric($BPSoptions['bps_max_logins']) ? $BPSoptions['bps_max_logins'] : '0';
122
+ $bps_login_security_errors = isset($BPSoptions['bps_login_security_errors']) ? $BPSoptions['bps_login_security_errors'] : '';
123
 
124
  $LoginSecurityRows = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $bpspro_login_table WHERE user_id = %d", $user_id ) );
125
 
126
  foreach ( $LoginSecurityRows as $row ) {
127
 
128
+ if ( $row->status == 'Locked' && $timeNow < $row->lockout_time && $row->failed_logins >= $bps_max_logins && $bps_login_security_errors != 'genericAll') {
129
  $error = new WP_Error();
130
  $error->add('locked_account', '<strong>'.__('ERROR:', 'bulletproof-security').'</strong>'.__(' This user account has been locked until ', 'bulletproof-security').'<strong>'.date_i18n(get_option('date_format').' '.get_option('time_format'), $row->lockout_time + $gmt_offset).'</strong>'.__(' due to too many failed login attempts. You can login again after the Lockout Time above has expired.', 'bulletproof-security') );
131
 
132
  return $error;
133
  }
134
 
135
+ if ( $row->status == 'Locked' && $timeNow < $row->lockout_time && $row->failed_logins >= $bps_max_logins && $bps_login_security_errors == 'genericAll') {
136
  return new WP_Error('incorrect_password', sprintf('<strong>'.__('ERROR:', 'bulletproof-security').'</strong>'.__(' Invalid Entry.', 'bulletproof-security').' <a href="%s">'.__('Lost your password?', 'bulletproof-security').'</a>', wp_lostpassword_url()));
137
  }
138
  }
139
 
140
  // 2.4: JTC-Lite added - incorrect CAPTCHA entered stops Login processing
141
+ if ( isset($BPSoptionsJTC['bps_jtc_login_form']) && $BPSoptionsJTC['bps_jtc_login_form'] == '1' ) {
142
 
143
+ $bps_jtc_custom_form_error = ! empty($BPSoptionsJTC['bps_jtc_custom_form_error']) ? $BPSoptionsJTC['bps_jtc_custom_form_error'] : '<strong>ERROR</strong>: Incorrect CAPTCHA Entered.';
144
+
 
 
 
 
145
  $reference_form_field = array_key_exists( 'reference', $_POST ) ? $_POST['reference'] : null;
146
  $captcha_form_field = array_key_exists( 'captcha', $_POST ) ? $_POST['captcha'] : null;
147
+ $bps_tooltip_captcha_key = isset($BPSoptionsJTC['bps_tooltip_captcha_key']) ? $BPSoptionsJTC['bps_tooltip_captcha_key'] : '';
148
 
149
+ if ( $reference_form_field != $bps_tooltip_captcha_key || $captcha_form_field != '' ) {
150
  $error = new WP_Error();
151
  $error->add( 'captcha_error', __($bps_jtc_custom_form_error, 'bulletproof-security') );
152
  return $error;
167
  // do nothing
168
  } else {
169
 
170
+ if ( isset($options['bps_login_security_email']) && $options['bps_login_security_email'] == 'anyUserLoginLock') {
171
  $message = '<p><font color="blue"><strong>'.__('A User has logged in on website: ', 'bulletproof-security').$justUrl.'</strong></font></p>';
172
  $message .= '<p>'.__('To take further action go to the Login Security page. If you do not want to receive further email alerts change or turn off Login Security Email Alerts.', 'bulletproof-security').'</p>';
173
  $message .= '<p><strong>'.__('Username:', 'bulletproof-security').'</strong> '.$user->user_login.'</p>';
183
  }
184
 
185
  // Option adminLoginOnly - Send Email Alert if an Administrator Logs in
186
+ if ( isset($options['bps_login_security_email']) && $options['bps_login_security_email'] == 'adminLoginOnly' || isset($options['bps_login_security_email']) && $options['bps_login_security_email'] == 'adminLoginLock' && $bps_role == 'administrator') {
187
  $message = '<p><font color="blue"><strong>'.__('An Administrator has logged in on website: ', 'bulletproof-security').$justUrl.'</strong></font></p>';
188
  $message .= '<p>'.__('To take further action go to the Login Security page. If you do not want to receive further email alerts change or turn off Login Security Email Alerts.', 'bulletproof-security').'</p>';
189
  $message .= '<p><strong>'.__('Username:', 'bulletproof-security').'</strong> '.$user->user_login.'</p>';
215
  // do nothing
216
  } else {
217
 
218
+ if ( isset($options['bps_login_security_email']) && $options['bps_login_security_email'] == 'anyUserLoginLock') {
219
  $message = '<p><font color="blue"><strong>'.__('Test A User has logged in on website: ', 'bulletproof-security').$justUrl.'</strong></font></p>';
220
  $message .= '<p>'.__('To take further action go to the Login Security page. If you do not want to receive further email alerts change or turn off Login Security Email Alerts.', 'bulletproof-security').'</p>';
221
  $message .= '<p><strong>'.__('Username:', 'bulletproof-security').'</strong> '.$user->user_login.'</p>';
231
  }
232
 
233
  // Option adminLoginOnly - Send Email Alert if an Administrator Logs in
234
+ if ( isset($options['bps_login_security_email']) && $options['bps_login_security_email'] == 'adminLoginOnly' || isset($options['bps_login_security_email']) && $options['bps_login_security_email'] == 'adminLoginLock' && $bps_role == 'administrator') {
235
  $message = '<p><font color="blue"><strong>'.__('An Administrator has logged in on website: ', 'bulletproof-security').$justUrl.'</strong></font></p>';
236
  $message .= '<p>'.__('To take further action go to the Login Security page. If you do not want to receive further email alerts change or turn off Login Security Email Alerts.', 'bulletproof-security').'</p>';
237
  $message .= '<p><strong>'.__('Username:', 'bulletproof-security').'</strong> '.$user->user_login.'</p>';
255
  $bps_role = isset($user->roles[0]) ? $user->roles[0] : 'none';
256
 
257
  // Insane, but someone will do this... if max bad retries is set to 1
258
+ if ( $failed_logins >= $bps_max_logins ) {
259
  $status = 'Locked';
260
 
261
  // Network/Multisite subsites - logging is not used/allowed
263
  // do nothing
264
  } else {
265
 
266
+ if ( isset($options['bps_login_security_email']) && $options['bps_login_security_email'] == 'lockoutOnly' || isset($options['bps_login_security_email']) && $options['bps_login_security_email'] == 'anyUserLoginLock' || $options['bps_login_security_email'] == 'adminLoginLock') {
267
  $message = '<p><font color="#fb0101"><strong>'.__('A User Account has been locked on website: ', 'bulletproof-security').$justUrl.'</strong></font></p>';
268
  $message .= '<p>'.__('To take further action go to the Login Security page. If no action is taken then the User will be able to try and login again after the Lockout Time has expired. If you do not want to receive further email alerts change or turn off Login Security Email Alerts.', 'bulletproof-security').'</p>';
269
  $message .= '<p><strong>'.__('What to do if your User Account is locked and you are unable to login to your website:', 'bulletproof-security').'</strong>'.__(' Use FTP or your web host control panel file manager and rename the /bulletproof-security plugin folder name to /_bulletproof-security. Log into your website. Rename the /_bulletproof-security plugin folder name back to /bulletproof-security. Go to the BPS Login Security page and unlock your User Account.', 'bulletproof-security').'</p>';
309
  // do nothing
310
  } else {
311
 
312
+ if ( isset($options['bps_login_security_email']) && $options['bps_login_security_email'] == 'anyUserLoginLock') {
313
  $message = '<p><font color="blue"><strong>'.__('A User has logged in on website: ', 'bulletproof-security').$justUrl.'</strong></font></p>';
314
  $message .= '<p>'.__('To take further action go to the Login Security page. If you do not want to receive further email alerts change or turn off Login Security Email Alerts.', 'bulletproof-security').'</p>';
315
  $message .= '<p><strong>'.__('Username:', 'bulletproof-security').'</strong> '.$user->user_login.'</p>';
325
  }
326
 
327
  // Option adminLoginOnly - Send Email Alert if an Administrator Logs in
328
+ if ( isset($options['bps_login_security_email']) && $options['bps_login_security_email'] == 'adminLoginOnly' || isset($options['bps_login_security_email']) && $options['bps_login_security_email'] == 'adminLoginLock' && $bps_role == 'administrator') {
329
  $message = '<p><font color="blue"><strong>'.__('An Administrator has logged in on website: ', 'bulletproof-security').$justUrl.'</strong></font></p>';
330
  $message .= '<p>'.__('To take further action go to the Login Security page. If you do not want to receive further email alerts change or turn off Login Security Email Alerts.', 'bulletproof-security').'</p>';
331
  $message .= '<p><strong>'.__('Username:', 'bulletproof-security').'</strong> '.$user->user_login.'</p>';
347
  if ( $wpdb->num_rows != 0 && $user->ID != 0 && ! wp_check_password($password, $user->user_pass, $user->ID) ) {
348
 
349
  $bps_role = isset($user->roles[0]) ? $user->roles[0] : 'none';
350
+
351
  foreach ( $LoginSecurityRows as $row ) {
352
 
353
+ if ( $row->status == 'Locked' && $timeNow < $row->lockout_time && $row->failed_logins >= $bps_max_logins ) { // greater > for testing
354
  $error = new WP_Error();
355
  $error->add('locked_account', '<strong>'.__('ERROR:', 'bulletproof-security').'</strong>'.__(' This user account has been locked until ', 'bulletproof-security').'<strong>'.date_i18n(get_option('date_format').' '.get_option('time_format'), $row->lockout_time + $gmt_offset).'</strong>'.__(' due to too many failed login attempts. You can login again after the Lockout Time above has expired.', 'bulletproof-security') );
356
 
362
  if ( $row->failed_logins == 0 ) {
363
  for ($failed_logins = 0; $failed_logins <= 0; $failed_logins++) {
364
  $failed_logins;
365
+ $remaining = $bps_max_logins - $failed_logins - 1;
 
366
  }
367
  } elseif ( $row->failed_logins == 1 ) {
368
  for ($failed_logins = 1; $failed_logins <= 1; $failed_logins++) {
369
  $failed_logins;
370
+ $remaining = $bps_max_logins - $failed_logins - 1;
371
  }
372
  } elseif ( $row->failed_logins == 2 ) {
373
  for ($failed_logins = 2; $failed_logins <= 2; $failed_logins++) {
374
  $failed_logins;
375
+ $remaining = $bps_max_logins - $failed_logins - 1;
376
  }
377
  } elseif ( $row->failed_logins == 3 ) {
378
  for ($failed_logins = 3; $failed_logins <= 3; $failed_logins++) {
379
  $failed_logins;
380
+ $remaining = $bps_max_logins - $failed_logins - 1;
381
  }
382
  } elseif ( $row->failed_logins == 4 ) {
383
  for ($failed_logins = 4; $failed_logins <= 4; $failed_logins++) {
384
  $failed_logins;
385
+ $remaining = $bps_max_logins - $failed_logins - 1;
386
  }
387
  } elseif ( $row->failed_logins == 5 ) {
388
  for ($failed_logins = 5; $failed_logins <= 5; $failed_logins++) {
389
  $failed_logins;
390
+ $remaining = $bps_max_logins - $failed_logins - 1;
391
  }
392
  } elseif ( $row->failed_logins == 6 ) {
393
  for ($failed_logins = 6; $failed_logins <= 6; $failed_logins++) {
394
  $failed_logins;
395
+ $remaining = $bps_max_logins - $failed_logins - 1;
396
  }
397
  } elseif ( $row->failed_logins == 7 ) {
398
  for ($failed_logins = 7; $failed_logins <= 7; $failed_logins++) {
399
  $failed_logins;
400
+ $remaining = $bps_max_logins - $failed_logins - 1;
401
  }
402
  } elseif ( $row->failed_logins == 8 ) {
403
  for ($failed_logins = 8; $failed_logins <= 8; $failed_logins++) {
404
  $failed_logins;
405
+ $remaining = $bps_max_logins - $failed_logins - 1;
406
  }
407
  } elseif ( $row->failed_logins == 9 ) {
408
  for ($failed_logins = 9; $failed_logins <= 9; $failed_logins++) {
409
  $failed_logins;
410
+ $remaining = $bps_max_logins - $failed_logins - 1;
411
  }
412
  }
413
  } // end foreach
414
 
415
  // 2.9: BugFix for additional login attempts after account was locked and lockout time has expired: changed >= to ==
416
+ if ( $failed_logins == $bps_max_logins ) {
417
  $status = 'Locked';
418
 
419
  // Network/Multisite subsites - logging is not used/allowed
421
  // do nothing
422
  } else {
423
 
424
+ if ( isset($options['bps_login_security_email']) && $options['bps_login_security_email'] == 'lockoutOnly' || isset($options['bps_login_security_email']) && $options['bps_login_security_email'] == 'anyUserLoginLock' || $options['bps_login_security_email'] == 'adminLoginLock') {
425
  $message = '<p><font color="#fb0101"><strong>'.__('A User Account has been locked on website: ', 'bulletproof-security').$justUrl.'</strong></font></p>';
426
  $message .= '<p>'.__('To take further action go to the Login Security page. If no action is taken then the User will be able to try and login again after the Lockout Time has expired. If you do not want to receive further email alerts change or turn off Login Security Email Alerts.', 'bulletproof-security').'</p>';
427
  $message .= '<p><strong>'.__('What to do if your User Account is locked and you are unable to login to your website:', 'bulletproof-security').'</strong>'.__(' Use FTP or your web host control panel file manager and rename the /bulletproof-security plugin folder name to /_bulletproof-security. Log into your website. Rename the /_bulletproof-security plugin folder name back to /bulletproof-security. Go to the BPS Login Security page and unlock your User Account.', 'bulletproof-security').'</p>';
457
  $LSM_zero_filter = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $bpspro_login_table WHERE user_id = %d AND failed_logins != %d", $user->ID, $no_zeros ) );
458
 
459
  ## 2.9: BugFix for additional login attempts after account was locked and lockout time has expired
460
+ if ( $failed_logins > $bps_max_logins && $timeNow < $row->lockout_time ) {
461
 
462
  $failed_logins = 1;
463
  $status = 'Not Locked';
479
  // X failed attempts in any X amount of time = account is locked period - Duration/threshold is totally unnecessary
480
  *******************************************************************************************************************
481
  */
482
+ if ( isset($BPSoptions['bps_login_security_OnOff']) && $BPSoptions['bps_login_security_OnOff'] == 'On' && isset($BPSoptions['bps_login_security_logging']) && $BPSoptions['bps_login_security_logging'] == 'logLockouts') {
483
 
484
  $user = get_user_by( 'login', $username );
485
 
489
  }
490
 
491
  $user_id = isset($user->ID) ? $user->ID : null;
492
+ $bps_max_logins = is_numeric($BPSoptions['bps_max_logins']) ? $BPSoptions['bps_max_logins'] : '0';
493
+ $bps_login_security_errors = isset($BPSoptions['bps_login_security_errors']) ? $BPSoptions['bps_login_security_errors'] : '';
494
+
495
  $LoginSecurityRows = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $bpspro_login_table WHERE user_id = %d", $user_id ) );
496
 
497
  foreach ( $LoginSecurityRows as $row ) {
498
 
499
+ if ( $row->status == 'Locked' && $timeNow < $row->lockout_time && $row->failed_logins >= $bps_max_logins && $bps_login_security_errors != 'genericAll') {
500
  $error = new WP_Error();
501
  $error->add('locked_account', '<strong>'.__('ERROR:', 'bulletproof-security').'</strong>'.__(' This user account has been locked until ', 'bulletproof-security').'<strong>'.date_i18n(get_option('date_format').' '.get_option('time_format'), $row->lockout_time + $gmt_offset).'</strong>'.__(' due to too many failed login attempts. You can login again after the Lockout Time above has expired.', 'bulletproof-security') );
502
 
503
  return $error;
504
  }
505
 
506
+ if ( $row->status == 'Locked' && $timeNow < $row->lockout_time && $row->failed_logins >= $bps_max_logins && $bps_login_security_errors == 'genericAll') {
507
  return new WP_Error('incorrect_password', sprintf('<strong>'.__('ERROR:', 'bulletproof-security').'</strong>'.__(' Invalid Entry.', 'bulletproof-security').' <a href="%s">'.__('Lost your password?', 'bulletproof-security').'</a>', wp_lostpassword_url()));
508
  }
509
  }
510
 
511
  // 2.4: JTC-Lite added - incorrect CAPTCHA entered stops Login processing
512
+ if ( isset($BPSoptionsJTC['bps_jtc_login_form']) && $BPSoptionsJTC['bps_jtc_login_form'] == '1' ) {
513
 
514
+ $bps_jtc_custom_form_error = ! empty($BPSoptionsJTC['bps_jtc_custom_form_error']) ? $BPSoptionsJTC['bps_jtc_custom_form_error'] : '<strong>ERROR</strong>: Incorrect CAPTCHA Entered.';
515
+ $bps_tooltip_captcha_key = isset($BPSoptionsJTC['bps_tooltip_captcha_key']) ? $BPSoptionsJTC['bps_tooltip_captcha_key'] : '';
 
 
 
516
 
517
  $reference_form_field = array_key_exists( 'reference', $_POST ) ? $_POST['reference'] : null;
518
  $captcha_form_field = array_key_exists( 'captcha', $_POST ) ? $_POST['captcha'] : null;
519
 
520
+ if ( $reference_form_field != $bps_tooltip_captcha_key || $captcha_form_field != '' ) {
521
  $error = new WP_Error();
522
  $error->add( 'captcha_error', __($bps_jtc_custom_form_error, 'bulletproof-security') );
523
  return $error;
530
  $bps_role = isset($user->roles[0]) ? $user->roles[0] : 'none';
531
 
532
  // Insane, but someone will do this... if max bad retries is set to 1
533
+ if ( $failed_logins >= $bps_max_logins ) {
534
  $status = 'Locked';
535
 
536
  // Network/Multisite subsites - logging is not used/allowed
538
  // do nothing
539
  } else {
540
 
541
+ if ( isset($options['bps_login_security_email']) && $options['bps_login_security_email'] == 'lockoutOnly' || isset($options['bps_login_security_email']) && $options['bps_login_security_email'] == 'anyUserLoginLock' || isset($options['bps_login_security_email']) && $options['bps_login_security_email'] == 'adminLoginLock') {
542
  $message = '<p><font color="#fb0101"><strong>'.__('A User Account has been locked on website: ', 'bulletproof-security').$justUrl.'</strong></font></p>';
543
  $message .= '<p>'.__('To take further action go to the Login Security page. If no action is taken then the User will be able to try and login again after the Lockout Time has expired. If you do not want to receive further email alerts change or turn off Login Security Email Alerts.', 'bulletproof-security').'</p>';
544
  $message .= '<p><strong>'.__('What to do if your User Account is locked and you are unable to login to your website:', 'bulletproof-security').'</strong>'.__(' Use FTP or your web host control panel file manager and rename the /bulletproof-security plugin folder name to /_bulletproof-security. Log into your website. Rename the /_bulletproof-security plugin folder name back to /bulletproof-security. Go to the BPS Login Security page and unlock your User Account.', 'bulletproof-security').'</p>';
588
  // do nothing
589
  } else {
590
 
591
+ if ( isset($options['bps_login_security_email']) && $options['bps_login_security_email'] == 'anyUserLoginLock') {
592
  $message = '<p><font color="blue"><strong>'.__('A User has logged in on website: ', 'bulletproof-security').$justUrl.'</strong></font></p>';
593
  $message .= '<p>'.__('To take further action go to the Login Security page. If you do not want to receive further email alerts change or turn off Login Security Email Alerts.', 'bulletproof-security').'</p>';
594
 
605
  }
606
 
607
  // Option adminLoginOnly - Send Email Alert if an Administrator Logs in
608
+ if ( isset($options['bps_login_security_email']) && $options['bps_login_security_email'] == 'adminLoginOnly' || isset($options['bps_login_security_email']) && $options['bps_login_security_email'] == 'adminLoginLock' && $bps_role == 'administrator') {
609
  $message = '<p><font color="blue"><strong>'.__('An Administrator has logged in on website: ', 'bulletproof-security').$justUrl.'</strong></font></p>';
610
  $message .= '<p>'.__('To take further action go to the Login Security page. If you do not want to receive further email alerts change or turn off Login Security Email Alerts.', 'bulletproof-security').'</p>';
611
 
631
 
632
  foreach ( $LoginSecurityRows as $row ) {
633
 
634
+ if ( $row->status == 'Locked' && $timeNow < $row->lockout_time && $row->failed_logins >= $bps_max_logins ) { // greater > for testing
635
  $error = new WP_Error();
636
  $error->add('locked_account', '<strong>'.__('ERROR:', 'bulletproof-security').'</strong>'.__(' This user account has been locked until ', 'bulletproof-security').'<strong>'.date_i18n(get_option('date_format').' '.get_option('time_format'), $row->lockout_time + $gmt_offset).'</strong>'.__(' due to too many failed login attempts. You can login again after the Lockout Time above has expired.', 'bulletproof-security') );
637
 
643
  if ( $row->failed_logins == 0 ) {
644
  for ($failed_logins = 0; $failed_logins <= 0; $failed_logins++) {
645
  $failed_logins;
646
+ $remaining = $bps_max_logins - $failed_logins - 1;
 
647
  }
648
  } elseif ( $row->failed_logins == 1 ) {
649
  for ($failed_logins = 1; $failed_logins <= 1; $failed_logins++) {
650
  $failed_logins;
651
+ $remaining = $bps_max_logins - $failed_logins - 1;
652
  }
653
  } elseif ( $row->failed_logins == 2 ) {
654
  for ($failed_logins = 2; $failed_logins <= 2; $failed_logins++) {
655
  $failed_logins;
656
+ $remaining = $bps_max_logins - $failed_logins - 1;
657
  }
658
  } elseif ( $row->failed_logins == 3 ) {
659
  for ($failed_logins = 3; $failed_logins <= 3; $failed_logins++) {
660
  $failed_logins;
661
+ $remaining = $bps_max_logins - $failed_logins - 1;
662
  }
663
  } elseif ( $row->failed_logins == 4 ) {
664
  for ($failed_logins = 4; $failed_logins <= 4; $failed_logins++) {
665
  $failed_logins;
666
+ $remaining = $bps_max_logins - $failed_logins - 1;
667
  }
668
  } elseif ( $row->failed_logins == 5 ) {
669
  for ($failed_logins = 5; $failed_logins <= 5; $failed_logins++) {
670
  $failed_logins;
671
+ $remaining = $bps_max_logins - $failed_logins - 1;
672
  }
673
  } elseif ( $row->failed_logins == 6 ) {
674
  for ($failed_logins = 6; $failed_logins <= 6; $failed_logins++) {
675
  $failed_logins;
676
+ $remaining = $bps_max_logins - $failed_logins - 1;
677
  }
678
  } elseif ( $row->failed_logins == 7 ) {
679
  for ($failed_logins = 7; $failed_logins <= 7; $failed_logins++) {
680
  $failed_logins;
681
+ $remaining = $bps_max_logins - $failed_logins - 1;
682
  }
683
  } elseif ( $row->failed_logins == 8 ) {
684
  for ($failed_logins = 8; $failed_logins <= 8; $failed_logins++) {
685
  $failed_logins;
686
+ $remaining = $bps_max_logins - $failed_logins - 1;
687
  }
688
  } elseif ( $row->failed_logins == 9 ) {
689
  for ($failed_logins = 9; $failed_logins <= 9; $failed_logins++) {
690
  $failed_logins;
691
+ $remaining = $bps_max_logins - $failed_logins - 1;
692
  }
693
  }
694
  } // end foreach
695
 
696
  // 2.9: BugFix for additional login attempts after account was locked and lockout time has expired: changed >= to ==
697
+ if ( $failed_logins == $bps_max_logins ) {
698
  $status = 'Locked';
699
 
700
  // Network/Multisite subsites - logging is not used/allowed
702
  // do nothing
703
  } else {
704
 
705
+ if ( isset($options['bps_login_security_email']) && $options['bps_login_security_email'] == 'lockoutOnly' || isset($options['bps_login_security_email']) && $options['bps_login_security_email'] == 'anyUserLoginLock' || $options['bps_login_security_email'] == 'adminLoginLock') {
706
  $message = '<p><font color="#fb0101"><strong>'.__('A User Account has been locked on website: ', 'bulletproof-security').$justUrl.'</strong></font></p>';
707
  $message .= '<p>'.__('To take further action go to the Login Security page. If no action is taken then the User will be able to try and login again after the Lockout Time has expired. If you do not want to receive further email alerts change or turn off Login Security Email Alerts.', 'bulletproof-security').'</p>';
708
  $message .= '<p><strong>'.__('What to do if your User Account is locked and you are unable to login to your website:', 'bulletproof-security').'</strong>'.__(' Use FTP or your web host control panel file manager and rename the /bulletproof-security plugin folder name to /_bulletproof-security. Log into your website. Rename the /_bulletproof-security plugin folder name back to /bulletproof-security. Go to the BPS Login Security page and unlock your User Account.', 'bulletproof-security').'</p>';
738
  $LSM_zero_filter = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $bpspro_login_table WHERE user_id = %d AND failed_logins != %d", $user->ID, $no_zeros ) );
739
 
740
  ## 2.9: BugFix for additional login attempts after account was locked and lockout time has expired
741
+ if ( $failed_logins > $bps_max_logins && $timeNow < $row->lockout_time ) {
742
 
743
  $failed_logins = 1;
744
  $status = 'Not Locked';
764
  ****************************************************
765
  */
766
 
767
+ if ( isset($BPSoptions['bps_login_security_OnOff']) && $BPSoptions['bps_login_security_OnOff'] == 'On' && isset( $_POST['wp-submit'] ) || isset($BPSoptions['bps_login_security_OnOff']) && $BPSoptions['bps_login_security_OnOff'] == 'On' && isset($BPSoptions['bps_enable_lsm_woocommerce']) && $BPSoptions['bps_enable_lsm_woocommerce'] == 1 && isset( $_POST['login'] ) ) {
768
 
769
  // if a user does not set/save this option then default to WP Errors
770
  // .53.8: added email address login error checking + messages
771
+ $bps_login_security_errors = isset($BPSoptions['bps_login_security_errors']) ? $BPSoptions['bps_login_security_errors'] : '';
772
+ $bps_max_logins = is_numeric($BPSoptions['bps_max_logins']) ? $BPSoptions['bps_max_logins'] : '0';
773
+ $bps_login_security_remaining = isset($BPSoptions['bps_login_security_remaining']) ? $BPSoptions['bps_login_security_remaining'] : '';
774
+
775
+ if ( ! $user && $bps_login_security_errors == '' ) {
776
  return new WP_Error('invalid_username', sprintf('<strong>'.__('ERROR:', 'bulletproof-security').'</strong>'.__(' Invalid username.', 'bulletproof-security').' <a href="%s">'.__('Lost your password?', 'bulletproof-security').'</a>', wp_lostpassword_url()));
777
  }
778
 
779
+ if ( ! $user && $bps_login_security_errors == 'wpErrors' ) {
780
 
781
  if ( strpos( $username, '@' ) ) {
782
  return new WP_Error('invalid_email', sprintf('<strong>'.__('ERROR:', 'bulletproof-security').'</strong>'.__(' Invalid email address.', 'bulletproof-security').' <a href="%s">'.__('Lost your password?', 'bulletproof-security').'</a>', wp_lostpassword_url()));
788
  }
789
  }
790
 
791
+ if ( ! $user && $bps_login_security_errors == 'generic') {
792
  return new WP_Error('invalid_username', sprintf('<strong>'.__('ERROR:', 'bulletproof-security').'</strong>'.__(' Invalid Entry.', 'bulletproof-security').' <a href="%s">'.__('Lost your password?', 'bulletproof-security').'</a>', wp_lostpassword_url()));
793
  }
794
 
795
+ if ( ! $user && $bps_login_security_errors == 'genericAll') {
796
  return new WP_Error('invalid_username', sprintf('<strong>'.__('ERROR:', 'bulletproof-security').'</strong>'.__(' Invalid Entry.', 'bulletproof-security').' <a href="%s">'.__('Lost your password?', 'bulletproof-security').'</a>', wp_lostpassword_url()));
797
 
798
  }
802
  return $user;
803
 
804
  // if a user does not set/save this option then default to WP Errors
805
+ if ( ! wp_check_password($password, $user->user_pass, $user->ID) && $bps_login_security_errors == '' ) {
806
  return new WP_Error('incorrect_password', sprintf('<strong>'.__('ERROR:', 'bulletproof-security').'</strong>'.__(' The password you entered for the username ', 'bulletproof-security').'<strong>%1$s</strong>'.__(' is incorrect. ', 'bulletproof-security').' <a href="%2$s">'.__('Lost your password?', 'bulletproof-security').'</a>', $username, wp_lostpassword_url()));
807
  }
808
 
809
+ if ( ! wp_check_password($password, $user->user_pass, $user->ID) && $bps_login_security_errors == 'wpErrors' ) {
810
 
811
+ if ( $bps_login_security_remaining == 'On' ) {
812
 
813
  ## 2.9: BugFix for additional login attempts after account was locked and lockout time has expired
814
+ if ( $failed_logins == $bps_max_logins + 1 ) {
815
+ $attempts_remaining = $bps_max_logins;
816
  } elseif ( $failed_logins == 1 ) {
817
+ $attempts_remaining = $bps_max_logins - 1;
818
  } else {
819
  $attempts_remaining = $remaining;
820
  }
841
  }
842
  }
843
 
844
+ if ( ! wp_check_password($password, $user->user_pass, $user->ID) && $bps_login_security_errors == 'generic' ) {
845
 
846
+ if ( $bps_login_security_remaining == 'On' ) {
847
 
848
  ## 2.9: BugFix for additional login attempts after account was locked and lockout time has expired
849
+ if ( $failed_logins == $bps_max_logins + 1 ) {
850
+ $attempts_remaining = $bps_max_logins;
851
  } elseif ( $failed_logins == 1 ) {
852
+ $attempts_remaining = $bps_max_logins - 1;
853
  } else {
854
  $attempts_remaining = $remaining;
855
  }
863
  }
864
  }
865
 
866
+ if ( ! wp_check_password($password, $user->user_pass, $user->ID) && $bps_login_security_errors == 'genericAll' ) {
867
 
868
+ if ( $bps_login_security_remaining == 'On' ) {
869
 
870
  ## 2.9: BugFix for additional login attempts after account was locked and lockout time has expired
871
+ if ( $failed_logins == $bps_max_logins + 1 ) {
872
+ $attempts_remaining = $bps_max_logins;
873
  } elseif ( $failed_logins == 1 ) {
874
+ $attempts_remaining = $bps_max_logins - 1;
875
  } else {
876
  $attempts_remaining = $remaining;
877
  }
996
 
997
  $BPSoptionsJTC = get_option('bulletproof_security_options_login_security_jtc');
998
 
999
+ if ( isset($BPSoptionsJTC['bps_jtc_login_form']) && $BPSoptionsJTC['bps_jtc_login_form'] == '1' ) {
 
 
 
 
 
 
1000
 
1001
+ $bps_jtc_custom_form_error = ! empty($BPSoptionsJTC['bps_jtc_custom_form_error']) ? $BPSoptionsJTC['bps_jtc_custom_form_error'] : '<strong>ERROR</strong>: Incorrect CAPTCHA Entered.';
1002
+ $bps_tooltip_captcha_key = isset($BPSoptionsJTC['bps_tooltip_captcha_key']) ? $BPSoptionsJTC['bps_tooltip_captcha_key'] : '';
1003
+
1004
  $reference_form_field = array_key_exists( 'reference', $_POST ) ? $_POST['reference'] : null;
1005
  $captcha_form_field = array_key_exists( 'captcha', $_POST ) ? $_POST['captcha'] : null;
1006
 
1007
+ if ( $reference_form_field != $bps_tooltip_captcha_key || $captcha_form_field != '' ) {
1008
  $error = new WP_Error();
1009
  $error->add( 'captcha_error', __($bps_jtc_custom_form_error, 'bulletproof-security') );
1010
  return $error;
1044
  add_action( 'login_enqueue_scripts', 'bps_enqueue_tooltip_script_login', 1 );
1045
  add_action( 'login_form', 'bps_captcha_login_form_field' );
1046
 
1047
+ if ( isset($BPSoptions['bps_enable_lsm_woocommerce']) && $BPSoptions['bps_enable_lsm_woocommerce'] == 1 || isset($BPSoptionsJTC['bps_enable_jtc_woocommerce']) && $BPSoptionsJTC['bps_enable_jtc_woocommerce'] == 1 ) {
1048
  add_action( 'wp_enqueue_scripts', 'bps_enqueue_tooltip_script_login', 1 );
1049
  add_action( 'woocommerce_login_form', 'bps_captcha_login_form_field' );
1050
  }
1056
  $reference = ( isset( $_POST['reference'] ) ) ? $_POST['reference'] : '';
1057
  // SpamBot Trap/Decoy Form Field
1058
  $captcha = ( isset( $_POST['captcha'] ) ) ? $_POST['captcha'] : '';
1059
+
1060
+ if ( empty($BPSoptionsJTC['bps_tooltip_captcha_key']) ) {
1061
+ $bps_tooltip_captcha_title = __('Error: Your JTC CAPTCHA option setting is blank. You can login without entering a CAPTCHA.', 'bulletproof-security');
1062
+
1063
+ } else {
1064
+
1065
+ $bps_tooltip_captcha_title = ! empty($BPSoptionsJTC['bps_tooltip_captcha_title']) ? $BPSoptionsJTC['bps_tooltip_captcha_title'] : '';
1066
+ $bps_tooltip_captcha_hover_text = ! empty($BPSoptionsJTC['bps_tooltip_captcha_hover_text']) ? $BPSoptionsJTC['bps_tooltip_captcha_hover_text'] : '';
1067
+ }
1068
  ?>
1069
 
1070
  <p>
1071
+ <label for="reference"><?php echo esc_attr($bps_tooltip_captcha_title); ?><br />
1072
+ <input type="text" name="reference" id="reference" class="input" title="<?php echo esc_attr($bps_tooltip_captcha_hover_text); ?>" value="<?php echo esc_attr(stripslashes($reference)); ?>" /></label>
1073
  <input type="text" name="captcha" id="captcha" class="input" value="<?php echo esc_attr(stripslashes($captcha)); ?>" style="display:none;" />
1074
  </p>
1075
 
1133
  // .54.1: switched to Roles instead of using user_level
1134
  // .54.2: Added Custom User Roles
1135
  function bpsPro_ACE_cookie_expiration( $expiration, $user_id, $remember ) {
1136
+
1137
+ $BPS_ACE_options = get_option('bulletproof_security_options_auth_cookie');
1138
 
1139
  if ( isset($BPS_ACE_options['bps_ace']) && $BPS_ACE_options['bps_ace'] == 'On' ) {
1140
 
1143
  $user_roles = $user->roles;
1144
  $user_role = array_shift($user_roles);
1145
 
1146
+ $bps_ace_rememberme_expiration = is_numeric($BPS_ACE_options['bps_ace_rememberme_expiration']) ? $BPS_ACE_options['bps_ace_rememberme_expiration'] : '0';
1147
+ $bps_ace_expiration = is_numeric($BPS_ACE_options['bps_ace_expiration']) ? $BPS_ACE_options['bps_ace_expiration'] : '';
1148
+ $bps_ace_user_account_exceptions = isset($BPS_ACE_options['bps_ace_user_account_exceptions']) ? $BPS_ACE_options['bps_ace_user_account_exceptions'] : '0';
1149
+ $bps_ace_administrator = isset($BPS_ACE_options['bps_ace_administrator']) ? $BPS_ACE_options['bps_ace_administrator'] : '';
1150
+ $bps_ace_editor = isset($BPS_ACE_options['bps_ace_editor']) ? $BPS_ACE_options['bps_ace_editor'] : '';
1151
+ $bps_ace_author = isset($BPS_ACE_options['bps_ace_author']) ? $BPS_ACE_options['bps_ace_author'] : '';
1152
+ $bps_ace_contributor = isset($BPS_ACE_options['bps_ace_contributor']) ? $BPS_ACE_options['bps_ace_contributor'] : '';
1153
+ $bps_ace_subscriber = isset($BPS_ACE_options['bps_ace_subscriber']) ? $BPS_ACE_options['bps_ace_subscriber'] : '';
1154
+
1155
  if ( $remember ) {
1156
 
1157
+ if ( $bps_ace_rememberme_expiration == '' ) {
1158
 
1159
  $expiration = 1209600;
1160
  return $expiration;
1161
  }
1162
 
1163
+ if ( preg_match( '/'.$user->user_login.'/i', $bps_ace_user_account_exceptions ) ) {
1164
 
1165
  $expiration = 1209600;
1166
  return $expiration;
1167
 
1168
  // If Role checkbox is not checked cookie expiration defaults to wp default cookie expiration
1169
+ } elseif ( $user_role == 'administrator' && $bps_ace_administrator == '1' || $user_role == 'editor' && $bps_ace_editor == '1' || $user_role == 'author' && $bps_ace_author == '1' || $user_role == 'contributor' && $bps_ace_contributor == '1' || $user_role == 'subscriber' && $bps_ace_subscriber == '1' ) {
1170
 
1171
+ $expiration = $bps_ace_rememberme_expiration * 60;
1172
  return $expiration;
1173
 
1174
  } elseif ( $user_role != 'administrator' && $user_role != 'editor' && $user_role != 'author' && $user_role != 'contributor' && $user_role != 'subscriber' ) {
1181
 
1182
  if ( $user_role == $ckey && $cvalue == '1' ) {
1183
 
1184
+ $expiration = $bps_ace_rememberme_expiration * 60;
1185
  return $expiration;
1186
 
1187
  } else {
1200
 
1201
  } else {
1202
 
1203
+ if ( $bps_ace_expiration == '' ) {
1204
 
1205
  $expiration = 172800;
1206
  return $expiration;
1207
  }
1208
 
1209
+ if ( preg_match( '/'.$user->user_login.'/i', $bps_ace_user_account_exceptions ) ) {
1210
 
1211
  $expiration = 172800;
1212
  return $expiration;
1213
 
1214
  // If Role checkbox is not checked cookie expiration defaults to wp default cookie expiration
1215
+ } elseif ( $user_role == 'administrator' && $bps_ace_administrator == '1' || $user_role == 'editor' && $bps_ace_editor == '1' || $user_role == 'author' && $bps_ace_author == '1' || $user_role == 'contributor' && $bps_ace_contributor == '1' || $user_role == 'subscriber' && $bps_ace_subscriber == '1' ) {
1216
 
1217
+ $expiration = $bps_ace_expiration * 60;
1218
  return $expiration;
1219
 
1220
  } elseif ( $user_role != 'administrator' && $user_role != 'editor' && $user_role != 'author' && $user_role != 'contributor' && $user_role != 'subscriber' ) {
1227
 
1228
  if ( $user_role == $ckey && $cvalue == '1' ) {
1229
 
1230
+ $expiration = $bps_ace_expiration * 60;
1231
  return $expiration;
1232
 
1233
  } else {
1248
  }
1249
 
1250
  $BPS_ACE_options = get_option('bulletproof_security_options_auth_cookie');
1251
+
1252
+ if ( isset($BPS_ACE_options['bps_ace']) && $BPS_ACE_options['bps_ace'] != 'Off' ) {
1253
 
1254
  add_filter('auth_cookie_expiration', 'bpsPro_ACE_cookie_expiration', 10, 3);
1255
  add_action('login_form', 'bpsPro_remove_rememberme_login_form_field');
1258
 
1259
  // .54.2: ACE hide/remove the Remember Me checkbox for everyone.
1260
  function bpsPro_remove_rememberme_login_form_field() {
1261
+
1262
+ $BPS_ACE_options = get_option('bulletproof_security_options_auth_cookie');
1263
 
1264
+ if ( isset($BPS_ACE_options['bps_ace']) && $BPS_ACE_options['bps_ace'] == 'On' && isset($BPS_ACE_options['bps_ace_rememberme_disable']) && $BPS_ACE_options['bps_ace_rememberme_disable'] == '1' ) {
1265
  ?>
1266
 
1267
  <style>
1272
 
1273
  // .54.2: ACE unset/disable the Remember Me checkbox/POST value for everyone. Cookie expiration will be Session.
1274
  function bpsPro_unset_rememberme_login_form_field() {
1275
+
1276
+ $BPS_ACE_options = get_option('bulletproof_security_options_auth_cookie');
1277
 
1278
+ if ( isset($BPS_ACE_options['bps_ace']) && $BPS_ACE_options['bps_ace'] == 'On' && isset($BPS_ACE_options['bps_ace_rememberme_disable']) && $BPS_ACE_options['bps_ace_rememberme_disable'] == '1' && isset( $_POST['wp-submit'] ) && isset( $_POST['rememberme'] ) ) {
1279
  unset( $_POST['rememberme'] );
1280
  }
1281
  }
includes/mscan-ajax-functions.php CHANGED
@@ -17,8 +17,6 @@ if ( file_exists($filename) ) {
17
  }
18
  }
19
 
20
- ## MScan manual AJAX scan
21
- ## See DW malware-scanner.php for extensive notes
22
  function bpsPro_mscan_scan_processing() {
23
 
24
  if ( isset( $_POST['post_var'] ) && $_POST['post_var'] == 'bps_mscan' ) {
@@ -61,7 +59,6 @@ function bpsPro_mscan_scan_processing() {
61
 
62
  add_action('wp_ajax_bps_mscan_scan_processing', 'bpsPro_mscan_scan_processing');
63
 
64
- // 15.4: This is no longer necessary. Leaving this here for now. Pending removal.
65
  function bpsPro_mscan_scan_estimate() {
66
 
67
  if ( isset( $_POST['post_var'] ) && $_POST['post_var'] == 'bps_mscan_estimate' ) {
@@ -197,10 +194,10 @@ global $wp_version, $wpdb, $plugin_hashes, $theme_hashes;
197
  $bps_plugin_dir_no_slash = str_replace( array( '\\', '/'), '', $bps_plugin_dir );
198
  $bps_themes_dir_no_slash = str_replace( array( '\\', '/'), '', $bps_themes_dir );
199
 
200
- // get_home_path() and ABSPATH are different paths for GWIOD site types. Home = Parent folder. ABSPATH = WP Core folders and files.
201
- // They are the same for all other WP site types. Not sure about Network subdomain/Domain Mapping site types.
202
- // Note: The FilterIterator excludes any dir checkboxes that are not checked in the MScan Website Folders & Files To Scan option.
203
- // Other WordPress installation folders are excluded in the FilterIterator
204
  $source = get_home_path();
205
 
206
  if ( is_dir($source) ) {
@@ -211,13 +208,9 @@ global $wp_version, $wpdb, $plugin_hashes, $theme_hashes;
211
 
212
  $file_path_array = array();
213
  $wp_core_file_array = array();
214
- //$total_website_files_array = array();
215
  $skipped_image_file_path_array = array();
216
  $skipped_nonimage_file_path_array = array();
217
 
218
- // WP Core files hashes are created for root WP Core files.
219
- // Note: If a hacker copies the WP Core index.php file to another folder somewhere and adds additional hacker code in the index.php file
220
- // the scan result will be: Altered or unknown WP Core file instead of a pattern match result.
221
  $wp_core_root_file_array = array( 'wp-activate.php', 'wp-blog-header.php', 'wp-comments-post.php', 'wp-config-sample.php', 'wp-cron.php', 'wp-links-opml.php', 'wp-load.php', 'wp-login.php', 'wp-mail.php', 'wp-settings.php', 'wp-signup.php', 'wp-trackback.php' );
222
 
223
  foreach ( $iterator as $files ) {
@@ -234,8 +227,6 @@ global $wp_version, $wpdb, $plugin_hashes, $theme_hashes;
234
 
235
  if ( ! preg_match( '/(.*)((\/|\\\)'.$bps_wpcontent_dir.'(\/|\\\)bps-backup(\/|\\\))(.*)/', $files->getPathname() ) && ! preg_match( '/(.*)((\/|\\\)'.$bps_wpcontent_dir.'(\/|\\\)'.$bps_plugin_dir_no_slash.'(\/|\\\))(.*)/', $files->getPathname() ) && ! preg_match( '/(.*)((\/|\\\)'.$bps_wpcontent_dir.'(\/|\\\)'.$bps_themes_dir_no_slash.'(\/|\\\))(.*)/', $files->getPathname() ) && ! preg_match( '/(.*)((\/|\\\)'.$bps_wpcontent_dir.'(\/|\\\)index\.php)/', $files->getPathname() ) ) {
236
 
237
- //$total_website_files_array[] = $files->getPathname();
238
-
239
  if ( $files->getFilename() == 'index.php' ) {
240
  $pattern = '/define\((\s|)\'WP_USE_THEMES/';
241
  $check_string1 = file_get_contents( $files->getPath() . '/index.php' );
@@ -274,10 +265,6 @@ global $wp_version, $wpdb, $plugin_hashes, $theme_hashes;
274
  $exclude_dirs_pattern = '/(\/bps-no-dirs\/)/';
275
  }
276
 
277
- // Note: Other WordPress site folders and files are filtered out in the FilterIterator.
278
- // Plugin and Theme folders are not included in this Iteration and are done separately in their own Iterations.
279
- // I've seen wp-admin and wp-includes folder names used in Plugin's and Theme's folder names.
280
- // No need to use: DIRECTORY_SEPARATOR here. Use simple RegEx instead.
281
  $core_pattern = '/(.*)((\/|\\\)wp-admin(\/|\\\)|(\/|\\\)wp-includes(\/|\\\))(.*)/';
282
 
283
  if ( preg_match( $core_pattern, $files->getPathname() ) || $files->getFilename() == 'index.php' && $pos1 !== false || $files->getFilename() == 'readme.html' && $pos2 !== false || $files->getFilename() == 'xmlrpc.php' && $pos3 !== false || in_array($files->getFilename(), $wp_core_root_file_array) ) {
@@ -307,7 +294,7 @@ global $wp_version, $wpdb, $plugin_hashes, $theme_hashes;
307
  } catch (RuntimeException $e) {
308
 
309
  }
310
- }
311
 
312
  $skipped_file_path_array = $skipped_nonimage_file_path_array;
313
 
@@ -407,7 +394,6 @@ global $wp_version, $wpdb, $plugin_hashes, $theme_hashes;
407
  }
408
  }
409
 
410
- // 15.4: Get array of theme files.
411
  $themes_dir = get_theme_root();
412
 
413
  $theme_file_path_array = array();
@@ -436,15 +422,15 @@ global $wp_version, $wpdb, $plugin_hashes, $theme_hashes;
436
  } else {
437
 
438
  if ( ! empty($plugin_hashes) ) {
439
- $total_plugin_files = count($plugin_hashes); // accurate
440
  } else {
441
- $total_plugin_files = count($plugin_file_path_array); // not accurate. will most likely be excessive estimated scan time.
442
  }
443
 
444
  if ( ! empty($theme_hashes) ) {
445
- $total_theme_files = count($theme_hashes); // accurate
446
  } else {
447
- $total_theme_files = count($theme_file_path_array); // not accurate. will most likely be excessive estimated scan time.
448
  }
449
  }
450
 
@@ -478,20 +464,19 @@ global $wp_version, $wpdb, $plugin_hashes, $theme_hashes;
478
  fwrite( $handle, "Scan Time Calculation: Excluded Folders: \r\n".$mscan_exclude_dirs."\r\n" );
479
  }
480
 
481
- // Core, Plugins and Themes file hash calculations (download, extraction, hash and cleanup)
482
  $wp_hashes_file = WP_CONTENT_DIR . '/bps-backup/wp-hashes/wp-hashes.php';
483
  $wp_hash_time = '0';
484
-
 
485
  if ( file_exists($wp_hashes_file) ) {
486
  $check_string = file_get_contents($wp_hashes_file);
487
 
488
  if ( ! strpos( $check_string, "WordPress $wp_version Hashes" ) ) {
489
- $wp_hash_time = '45';
 
490
  }
491
  }
492
 
493
- // Plugin Hash Time: Gets the total number of new plugins available for download, unzip and file hash.
494
- // Note: $value['TextDomain'] is not reliable. Use $key instead.
495
  $all_plugins = get_plugins();
496
 
497
  $plugins_array = array();
@@ -520,29 +505,31 @@ global $wp_version, $wpdb, $plugin_hashes, $theme_hashes;
520
 
521
  $plugins_array_merged = array_merge($plugins_array, $hello_dolly_plugin_array);
522
  $mscan_plugin_hash = get_option('bulletproof_security_options_mscan_plugin_hash');
523
-
524
- // First MScan run: Not going to bother doing a check for zip files that are not downloadable. ie premium, paid, custom or no zip file version #.
525
- // Better to over time than under time on the first run.
526
  if ( ! isset( $mscan_plugin_hash['bps_mscan_plugin_hash_version_check'] ) ) {
527
 
528
  $plugin_array_count = count($plugins_array_merged);
529
- $plugin_hash_time = $plugin_array_count * 5;
530
 
531
  } else {
532
 
533
- $plugin_array_diff = isset( $mscan_plugin_hash['bps_mscan_plugin_hash_version_check'] ) ? array_diff( $plugins_array_merged, $mscan_plugin_hash['bps_mscan_plugin_hash_version_check'] ) : array();
534
- $plugin_array_count = count($plugin_array_diff);
 
 
 
 
 
535
 
536
- // The base processing time of the zip download function is around 12 seconds on Windows XAMPP if 0 plugins are downloaded.
537
- // The base processing time of the zip download function is between 5-10 seconds on Linux Live hosted sites if 0 plugins are downloaded.
538
- if ( $plugin_array_count <= 4 ) {
539
- $plugin_hash_time = 8;
540
  } else {
541
- $plugin_hash_time = $plugin_array_count * 5;
 
 
542
  }
543
  }
544
 
545
- // Theme Hash Time: Gets the total number of new themes available for download, unzip and file hash.
546
  $all_themes = wp_get_themes();
547
  $all_themes_array = array();
548
 
@@ -555,28 +542,28 @@ global $wp_version, $wpdb, $plugin_hashes, $theme_hashes;
555
 
556
  $mscan_theme_hash = get_option('bulletproof_security_options_mscan_theme_hash');
557
 
558
- // First MScan run: Not going to bother doing a check for zip files that are not downloadable. ie premium, paid, custom or no zip file version #.
559
- // Better to over time than under time on the first run.
560
  if ( ! isset( $mscan_theme_hash['bps_mscan_theme_hash_version_check'] ) ) {
561
 
562
  $theme_array_count = count($all_themes_array);
563
- $theme_hash_time = $theme_array_count * 5;
564
 
565
  } else {
566
 
567
- $theme_array_diff = isset( $mscan_theme_hash['bps_mscan_theme_hash_version_check'] ) ? array_diff( $all_themes_array, $mscan_theme_hash['bps_mscan_theme_hash_version_check'] ) : array();
568
- $theme_array_count = count($theme_array_diff);
 
 
 
 
 
569
 
570
- // The base processing time of the zip download function is around 12 seconds on Windows XAMPP if 0 themes are downloaded.
571
- // The base processing time of the zip download function is less than 1 second on Linux Live hosted sites if 0 themes are downloaded.
572
- if ( $theme_array_count <= 3 ) {
573
- $theme_hash_time = 0;
574
  } else {
575
- $theme_hash_time = $theme_array_count * 5;
576
- }
 
 
577
  }
578
 
579
- ## Scan Time Estimate Calculations: see notes in DW malware-scanner.php file.
580
  if ( $MScan_options['mscan_scan_skipped_files'] == 'On' ) {
581
 
582
  $filesize_array = array();
@@ -631,32 +618,20 @@ global $wp_version, $wpdb, $plugin_hashes, $theme_hashes;
631
 
632
  $kbytes = $size / 1024;
633
  $db_size_time_math = $kbytes / 4000;
634
- $db_size_time = round($db_size_time_math);
635
 
636
- /* Testing: Simulating a scan estimate time that is less than the actual scan time: -40 seconds.
637
- $simulation_test = time() - 40;
638
-
639
- $bps_mscan_time_remaining = $simulation_test + $wp_hash_time + $plugin_hash_time + $theme_hash_time + $wp_core_files_time + $plugin_files_time +
640
- $theme_files_time + $non_image_files_time + $db_size_time;
641
- */
642
 
643
- // Linux Live Host Test Results: I calibrated several other things so a base time adjustment is not needed.
644
- // future if needed: create sapi conditions if needed.
645
- $linux_base_time = 0;
 
 
646
 
647
  $bps_mscan_time_remaining = time() + $wp_hash_time + $plugin_hash_time + $theme_hash_time + $wp_core_files_time + $plugin_files_time +
648
  $theme_files_time + $non_image_files_time + $db_size_time + $linux_base_time;
649
 
650
- // Note: On first daily scan the script execution time (actual scan time) will be around 30 seconds longer. ie caching/Zend, etc. mechanisms for future scans.
651
- // Pending: Live hosted site testing. The longer daily scan on first run may only occur on Windows XAMPP, etc.
652
- // A typical/average scan in the normal/average file scan range will have a scan time estimate of +10 to +15 seconds vs the actual scan time.
653
- // It is better for the scan estimate to be over actual scan time vs under actual scan time.
654
- // So if someone has a very low number of non-WP files then the estimated and actual scan times will be within 15 seconds.
655
- // The greater the number of non-WP files to scan the greater the estimated time will be vs the actual scan time.
656
- // So the estimated scan time for a very large number of non-WP files will increase vs the actual scan time. Should still be within 30 seconds max.
657
- // Tested scanning 16K non-WP files + WP files = 20K files. Scan completes in 1:20 minutes on first daily scan and 50 seconds on next scans.
658
- // The typical/average number of files scanned should be between 3,000 - 8,000 files.
659
- // Normal total file number scan range: Over 1,000 - less than 12,000. Anything below or above this range is handled in my js code.
660
  $total_time_estimate = $wp_hash_time + $plugin_hash_time + $theme_hash_time + $wp_core_files_time + $plugin_files_time + $theme_files_time +
661
  $non_image_files_time + $db_size_time + $linux_base_time;
662
 
@@ -668,7 +643,7 @@ global $wp_version, $wpdb, $plugin_hashes, $theme_hashes;
668
  fwrite( $handle, "Scan Time Calculation: Theme Files Time Estimate: +".$theme_files_time." Seconds\r\n" );
669
  fwrite( $handle, "Scan Time Calculation: non-WP php, html, etc Files Time Estimate: +".$non_image_files_time." Seconds\r\n" );
670
  fwrite( $handle, "Scan Time Calculation: DB Size Time Estimate: +".$db_size_time." Seconds\r\n" );
671
- fwrite( $handle, "Scan Time Calculation: SAPI Variance Time Estimate: +".$linux_base_time." Seconds\r\n" );
672
  fwrite( $handle, "Scan Time Calculation: Scan Time Estimate: ".$total_time_estimate." Seconds\r\n" );
673
  }
674
 
@@ -679,14 +654,29 @@ global $wp_version, $wpdb, $plugin_hashes, $theme_hashes;
679
  $bps_mscan_total_suspect_files = isset($MScan_status['bps_mscan_total_suspect_files']) ? $MScan_status['bps_mscan_total_suspect_files'] : '';
680
  $bps_mscan_suspect_skipped_files = isset($MScan_status['bps_mscan_suspect_skipped_files']) ? $MScan_status['bps_mscan_suspect_skipped_files'] : '';
681
  $bps_mscan_total_suspect_db = isset($MScan_status['bps_mscan_total_suspect_db']) ? $MScan_status['bps_mscan_total_suspect_db'] : '';
682
- $bps_mscan_total_ignored_files = isset($MScan_status['bps_mscan_total_ignored_files']) ? $MScan_status['bps_mscan_total_ignored_files'] : '';
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
683
 
684
  $MScan_status_db = array(
685
  'bps_mscan_time_start' => time(),
686
  'bps_mscan_time_stop' => $bps_mscan_time_stop,
687
  'bps_mscan_time_end' => $bps_mscan_time_end,
688
  'bps_mscan_time_remaining' => $bps_mscan_time_remaining,
689
- 'bps_mscan_status' => '2',
690
  'bps_mscan_last_scan_timestamp' => $bps_mscan_last_scan_timestamp,
691
  'bps_mscan_total_time' => $total_time_estimate,
692
  'bps_mscan_total_website_files' => '',
@@ -728,23 +718,11 @@ global $wp_version, $wpdb, $plugin_hashes, $theme_hashes;
728
  return true;
729
  }
730
 
731
- // MScan: File & Database Scanner
732
- // Faster, more accurate and most importantly no longer buggy.
733
- // Notes:
734
- // MScan Status 2 is set at the end of the scan time estimate function and means that other functions (zip download, file hash and file scanning) are still being processed.
735
- // MScan Status 3 is set at the end of this file scanning function and means that all functions (zip download, file hash and file scanning) have completed.
736
  function bpsPro_mscan_file_scan($mstime) {
737
  global $wp_version, $wpdb, $plugin_hashes, $theme_hashes;
738
 
739
  $time_start = microtime( true );
740
-
741
- // Simulating a scan that exceeds the scan estimate time significantly.
742
- // Note: My js mscan status 2 condition for this scenario works fine except when doing the first scan on a new day.
743
- // Example: Added new folders to scan. The js mscan status 2 condition briefly flashed and the scan status results were displayed (mscan status: 4)
744
- // but the scan results were for the previous scan. After the scan actually completed and refreshing the mscan page the scan results displayed the correct scan results.
745
- // This issue may only happen on Windows XAMPP. This has to be some sort of caching issue. DB cache, Browser cache, Zend???
746
- //sleep(80);
747
-
748
  $MScan_options = get_option('bulletproof_security_options_MScan');
749
  $mstime = ! isset($MScan_options['mscan_max_time_limit']) ? '300' : $MScan_options['mscan_max_time_limit'];
750
 
@@ -759,6 +737,30 @@ global $wp_version, $wpdb, $plugin_hashes, $theme_hashes;
759
 
760
  $handle = fopen( $mscan_log, 'a' );
761
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
762
  $mscan_plugin_hash_new_array_keys = array();
763
 
764
  if ( get_option( 'bulletproof_security_options_mscan_p_hash_new' ) ) {
@@ -766,7 +768,6 @@ global $wp_version, $wpdb, $plugin_hashes, $theme_hashes;
766
  $mscan_plugin_hash_new = get_option('bulletproof_security_options_mscan_p_hash_new');
767
  $mscan_plugin_hash_new_array_keys = array();
768
 
769
- // Get the new hash array keys that have a value otherwise return an empty array of array keys.
770
  foreach ( $mscan_plugin_hash_new['bps_mscan_plugin_hash_paths_new'] as $key => $value ) {
771
 
772
  foreach ( $value as $inner_key => $inner_value ) {
@@ -783,7 +784,6 @@ global $wp_version, $wpdb, $plugin_hashes, $theme_hashes;
783
  $mscan_theme_hash_new = get_option('bulletproof_security_options_mscan_t_hash_new');
784
  $mscan_theme_hash_new_array_keys = array();
785
 
786
- // Get the new hash array keys that have a value otherwise return an empty array of array keys.
787
  foreach ( $mscan_theme_hash_new['bps_mscan_theme_hash_paths_new'] as $key => $value ) {
788
 
789
  foreach ( $value as $inner_key => $inner_value ) {
@@ -795,15 +795,10 @@ global $wp_version, $wpdb, $plugin_hashes, $theme_hashes;
795
  }
796
  }
797
 
798
- // First time MScan scan or if someone uses the Delete File Hashes Tool or if plugins or themes are installed/updated/uploaded.
799
- // This is a quick and simple way to deal with people who are plugin and theme hoarders to ensure things don't go off the rails.
800
- // Also want to make sure the plugin and theme hash files are already created before running a scan.
801
- // Note: The plugin and theme hash maker functions will only create new hash files based on these conditions.
802
- // Use MScan Status: 3 and let the iframe js script update the status to 4 in case the estimated scan time is excessive.
803
  if ( ! get_option('bulletproof_security_options_mscan_theme_hash') || ! get_option('bulletproof_security_options_mscan_plugin_hash') || ! empty($mscan_plugin_hash_new_array_keys ) || ! empty($mscan_theme_hash_new_array_keys ) ) {
804
 
805
  $MScan_status = get_option('bulletproof_security_options_MScan_status');
806
-
807
  $MScan_status_db = array(
808
  'bps_mscan_time_start' => $MScan_status['bps_mscan_time_start'],
809
  'bps_mscan_time_stop' => $MScan_status['bps_mscan_time_stop'],
@@ -847,10 +842,6 @@ global $wp_version, $wpdb, $plugin_hashes, $theme_hashes;
847
  $bps_plugin_dir_no_slash = str_replace( array( '\\', '/'), '', $bps_plugin_dir );
848
  $bps_themes_dir_no_slash = str_replace( array( '\\', '/'), '', $bps_themes_dir );
849
 
850
- // get_home_path() and ABSPATH are different paths for GWIOD site types. Home = Parent folder. ABSPATH = WP Core folders and files.
851
- // They are the same for all other WP site types. Not sure about Network subdomain/Domain Mapping site types.
852
- // Note: The FilterIterator excludes any dir checkboxes that are not checked in the MScan Website Folders & Files To Scan option.
853
- // Other WordPress installation folders are excluded in the FilterIterator
854
  $source = get_home_path();
855
 
856
  if ( is_dir($source) ) {
@@ -861,13 +852,9 @@ global $wp_version, $wpdb, $plugin_hashes, $theme_hashes;
861
 
862
  $file_path_array = array();
863
  $wp_core_file_array = array();
864
- //$total_website_files_array = array();
865
  $skipped_image_file_path_array = array();
866
  $skipped_nonimage_file_path_array = array();
867
 
868
- // WP Core files hashes are created for root WP Core files.
869
- // Note: If a hacker copies the WP Core index.php file to another folder somewhere and adds additional hacker code in the index.php file
870
- // the scan result will be: Altered or unknown WP Core file instead of a pattern match result.
871
  $wp_core_root_file_array = array( 'wp-activate.php', 'wp-blog-header.php', 'wp-comments-post.php', 'wp-config-sample.php', 'wp-cron.php', 'wp-links-opml.php', 'wp-load.php', 'wp-login.php', 'wp-mail.php', 'wp-settings.php', 'wp-signup.php', 'wp-trackback.php' );
872
 
873
  foreach ( $iterator as $files ) {
@@ -884,8 +871,6 @@ global $wp_version, $wpdb, $plugin_hashes, $theme_hashes;
884
 
885
  if ( ! preg_match( '/(.*)((\/|\\\)'.$bps_wpcontent_dir.'(\/|\\\)bps-backup(\/|\\\))(.*)/', $files->getPathname() ) && ! preg_match( '/(.*)((\/|\\\)'.$bps_wpcontent_dir.'(\/|\\\)'.$bps_plugin_dir_no_slash.'(\/|\\\))(.*)/', $files->getPathname() ) && ! preg_match( '/(.*)((\/|\\\)'.$bps_wpcontent_dir.'(\/|\\\)'.$bps_themes_dir_no_slash.'(\/|\\\))(.*)/', $files->getPathname() ) && ! preg_match( '/(.*)((\/|\\\)'.$bps_wpcontent_dir.'(\/|\\\)index\.php)/', $files->getPathname() ) ) {
886
 
887
- //$total_website_files_array[] = $files->getPathname();
888
-
889
  if ( $files->getFilename() == 'index.php' ) {
890
  $pattern = '/define\((\s|)\'WP_USE_THEMES/';
891
  $check_string1 = file_get_contents( $files->getPath() . '/index.php' );
@@ -924,10 +909,6 @@ global $wp_version, $wpdb, $plugin_hashes, $theme_hashes;
924
  $exclude_dirs_pattern = '/(\/bps-no-dirs\/)/';
925
  }
926
 
927
- // Note: Other WordPress site folders and files are filtered out in the FilterIterator.
928
- // Plugin and Theme folders are not included in this Iteration and are done separately in their own Iterations.
929
- // I've seen wp-admin and wp-includes folder names used in Plugin's and Theme's folder names.
930
- // No need to use: DIRECTORY_SEPARATOR here. Use simple RegEx instead.
931
  $core_pattern = '/(.*)((\/|\\\)wp-admin(\/|\\\)|(\/|\\\)wp-includes(\/|\\\))(.*)/';
932
 
933
  if ( preg_match( $core_pattern, $files->getPathname() ) || $files->getFilename() == 'index.php' && $pos1 !== false || $files->getFilename() == 'readme.html' && $pos2 !== false || $files->getFilename() == 'xmlrpc.php' && $pos3 !== false || in_array($files->getFilename(), $wp_core_root_file_array) ) {
@@ -959,7 +940,6 @@ global $wp_version, $wpdb, $plugin_hashes, $theme_hashes;
959
  }
960
  }
961
 
962
- // 15.4: Get array of plugin files if the wp-content host folder checkbox is checked else empty array.
963
  $mscan_dirs_array = array();
964
 
965
  foreach ( $MScan_options['bps_mscan_dirs'] as $key => $value ) {
@@ -969,8 +949,6 @@ global $wp_version, $wpdb, $plugin_hashes, $theme_hashes;
969
  }
970
  }
971
 
972
- // Whitelist BPS & other plugin's dynamic files - plugin files that are automatically edited/changed after plugin update or installation.
973
- // Maybe create a new MScan option to turn this On|Off? ie Whitelist Known Dynamic Plugin Files > On|Off
974
  $bps_plugin_files_whitelist = '/(.*)((\/|\\\)'.$bps_wpcontent_dir.'(\/|\\\)'.$bps_plugin_dir_no_slash.'(\/|\\\)bulletproof-security(.*)(\.htaccess|\.zip|plugins-htaccess-master\.txt|class\.php|plugins-allow-from\.txt|sec-log-master\.txt|bps-maintenance-values\.php))/';
975
 
976
  $other_plugins_files_whitelist = '/(.*)((\/|\\\)'.$bps_wpcontent_dir.'(\/|\\\)'.$bps_plugin_dir_no_slash.'(\/|\\\)(tinymce-advanced(.*)tinymce-advanced\.php|google-sitemap-generator(.*)sitemap\.php))/';
@@ -997,8 +975,6 @@ global $wp_version, $wpdb, $plugin_hashes, $theme_hashes;
997
  }
998
  }
999
 
1000
- // 15.4: Get array of theme files.
1001
- // Note: For GWIOD site types Plugin and Theme files will always be scanned and cannot be excluded.
1002
  $themes_dir = get_theme_root();
1003
 
1004
  $theme_file_path_array = array();
@@ -1042,8 +1018,6 @@ global $wp_version, $wpdb, $plugin_hashes, $theme_hashes;
1042
  }
1043
  }
1044
 
1045
- ## 15.3: MScan pattern matching code is now saved in the DB
1046
- ## 15.4: The "image patterns" DB option is no longer used.
1047
  $mscan_db_pattern_match_options = get_option('bulletproof_security_options_mscan_patterns');
1048
 
1049
  foreach ( $mscan_db_pattern_match_options['mscan_pattern_match_files'] as $key => $value ) {
@@ -1112,9 +1086,6 @@ global $wp_version, $wpdb, $plugin_hashes, $theme_hashes;
1112
  $htaccess_code_match = 0;
1113
  $php_code_match = 0;
1114
 
1115
- // Skipped Files Off: All files under the Max File Size Limit setting are scanned in other words. MScan skipped file scanning On means ONLY scan skipped files.
1116
- // Skipped files are files that are larger than the Max File Size Limit to Scan option setting. The default is 400KB
1117
- // This section of code directly below adds new skipped files based on the $skipped_file_path_array array.
1118
  if ( $MScan_options['mscan_scan_skipped_files'] == 'Off' ) {
1119
 
1120
  $skipped_rows = 'skipped';
@@ -1229,10 +1200,9 @@ global $wp_version, $wpdb, $plugin_hashes, $theme_hashes;
1229
  }
1230
  }
1231
 
1232
- $blank_rows = ''; // $skipped_rows variable is higher up in this function.
1233
  $MScanFileRows = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $MStable WHERE mscan_path != %s AND mscan_skipped != %s", $blank_rows, $skipped_rows ) );
1234
 
1235
- // Prevents duplicate DB row inserts
1236
  $mscan_file_path_array = array();
1237
 
1238
  if ( $wpdb->num_rows != 0 ) {
@@ -1256,7 +1226,6 @@ global $wp_version, $wpdb, $plugin_hashes, $theme_hashes;
1256
  }
1257
 
1258
  fwrite( $handle, "Scanning Files: Start WP Core file scan.\r\n" );
1259
- //fwrite( $handle, "Scanning Files: Suspicious|Modified|Unknown WP Core files:\r\n" );
1260
 
1261
  $core_dir_flip = array_flip($wp_core_file_array);
1262
 
@@ -1285,14 +1254,12 @@ global $wp_version, $wpdb, $plugin_hashes, $theme_hashes;
1285
 
1286
  if ( ! empty($core_diff_array) ) {
1287
 
1288
- // Not redundant - needs to be here
1289
  if ( ! preg_match( '/(.*)(\/|\\\)wp-admin(\/|\\\).htaccess/', $key ) ) {
1290
 
1291
- //fwrite( $handle, "Scanning Files WP Core: File: $key\r\n" );
1292
  $file_path_forward_slashes = str_replace( '\\', '/', $key );
1293
  $rel_file_path = str_replace( get_home_path(), '', $file_path_forward_slashes );
1294
- fwrite( $handle, "Scanning Files WP Core: Suspicious|Modified|Unknown WP Core file: ../$rel_file_path\r\n" );
1295
-
1296
  if ( ! in_array($key, $mscan_file_path_array) ) {
1297
 
1298
  if ( $insert_rows = $wpdb->insert( $MStable, array( 'mscan_status' => 'suspect', 'mscan_type' => 'core', 'mscan_path' => $key, 'mscan_pattern' => 'Altered or unknown WP Core file', 'mscan_skipped' => '', 'mscan_ignored' => '', 'mscan_db_table' => '', 'mscan_db_column' => '', 'mscan_db_pkid' => '', 'mscan_time' => current_time('mysql') ) ) ) {
@@ -1309,15 +1276,11 @@ global $wp_version, $wpdb, $plugin_hashes, $theme_hashes;
1309
 
1310
  fwrite( $handle, "Scanning Files: WP Core file scan completed.\r\n" );
1311
 
1312
- ## 15.4: Plugin file hash comparison scanner
1313
- // Notes: require_once for hash files is called in the Master AJAX function and in the Scheduled Scan Cron function.
1314
- // The $plugin_hashes variable is the plugin file hash array.
1315
  if ( ! empty( $plugin_file_path_array ) ) {
1316
 
1317
  $plugins_hash_match = 0;
1318
 
1319
  fwrite( $handle, "Scanning Files: Start Plugins file scan.\r\n" );
1320
- //fwrite( $handle, "Scanning Files: Suspicious|Modified|Unknown Plugin files:\r\n" );
1321
 
1322
  if ( empty($plugin_hashes) || $plugin_hashes == null ) {
1323
 
@@ -1345,8 +1308,6 @@ global $wp_version, $wpdb, $plugin_hashes, $theme_hashes;
1345
 
1346
  $plugin_diff_array_clean = array();
1347
 
1348
- // Unset premium/paid, custom plugins or plugins without a zip version # that do not exist in the Plugin Repo
1349
- // unless the plugin exists in the plugin hashes array.
1350
  foreach ( $plugin_diff_array as $key1 => $value1 ) {
1351
 
1352
  foreach ( $mscan_nodownload['bps_plugin_nodownload'] as $key2 => $value2 ) {
@@ -1354,7 +1315,7 @@ global $wp_version, $wpdb, $plugin_hashes, $theme_hashes;
1354
  if ( preg_match( '/(.*)'.$value2.'(.*)/', $key1, $matches ) && ! preg_match( '/##\sBEGIN\s'.$value2.'\s##/', $plugin_hashes_file_contents ) ) {
1355
 
1356
  unset($key1);
1357
- $key1 = ! isset($key1) ? '' : $key1; // PHP8 weirdness
1358
  }
1359
  }
1360
 
@@ -1376,7 +1337,7 @@ global $wp_version, $wpdb, $plugin_hashes, $theme_hashes;
1376
  if ( ! empty($plugin_diff_array_clean) ) {
1377
 
1378
  $plugins_hash_match = 1;
1379
-
1380
  $file_path_forward_slashes = str_replace( '\\', '/', $value );
1381
  $rel_file_path = str_replace( get_home_path(), '', $file_path_forward_slashes );
1382
  fwrite( $handle, "Scanning Files: Plugins: Suspicious|Modified|Unknown Plugin file: ../$rel_file_path\r\n" );
@@ -1398,16 +1359,11 @@ global $wp_version, $wpdb, $plugin_hashes, $theme_hashes;
1398
  fwrite( $handle, "Scanning Files: Plugins file scan completed.\r\n" );
1399
  }
1400
 
1401
-
1402
- ## 15.4: Theme file hash comparison scanner
1403
- // Notes: require_once for hash files is called in the Master AJAX function and in the Scheduled Scan Cron function.
1404
- // The $theme_hashes variable is the plugin file hash array.
1405
  if ( ! empty( $theme_file_path_array ) ) {
1406
 
1407
  $themes_hash_match = 0;
1408
 
1409
  fwrite( $handle, "Scanning Files: Start Themes file scan.\r\n" );
1410
- //fwrite( $handle, "Scanning Files: Suspicious|Modified|Unknown Theme files:\r\n" );
1411
 
1412
  if ( empty($theme_hashes) || $theme_hashes == null ) {
1413
 
@@ -1435,8 +1391,6 @@ global $wp_version, $wpdb, $plugin_hashes, $theme_hashes;
1435
 
1436
  $theme_diff_array_clean = array();
1437
 
1438
- // Unset premium/paid, custom themes or themes without a zip version # that do not exist in the WP Theme Repo
1439
- // unless the theme exists in the theme hashes array.
1440
  foreach ( $theme_diff_array as $key1 => $value1 ) {
1441
 
1442
  foreach ( $mscan_nodownload['bps_theme_nodownload'] as $key2 => $value2 ) {
@@ -1444,7 +1398,7 @@ global $wp_version, $wpdb, $plugin_hashes, $theme_hashes;
1444
  if ( preg_match( '/(.*)'.$value2.'(.*)/', $key1, $matches ) && ! preg_match( '/##\sBEGIN\s'.$value2.'\s##/', $theme_hashes_file_contents ) ) {
1445
 
1446
  unset($key1);
1447
- $key1 = ! isset($key1) ? '' : $key1; // PHP8 weirdness
1448
  }
1449
  }
1450
 
@@ -1488,7 +1442,6 @@ global $wp_version, $wpdb, $plugin_hashes, $theme_hashes;
1488
  fwrite( $handle, "Scanning Files: Themes file scan completed.\r\n" );
1489
  }
1490
 
1491
- ## 15.4: wp-content, plugins and themes folders root index.php files comparison scan
1492
  fwrite( $handle, "Scanning Files: Start wp-content, plugins and themes root index.php files scan.\r\n" );
1493
 
1494
  $index_file_hash_match = 0;
@@ -1529,7 +1482,6 @@ global $wp_version, $wpdb, $plugin_hashes, $theme_hashes;
1529
 
1530
  fwrite( $handle, "Scanning Files: wp-content, plugins and themes index.php files scan completed.\r\n" );
1531
 
1532
- ## non-WP file scanning using pattern matching
1533
  fwrite( $handle, "Scanning Files: Start php, js, etc file scanning.\r\n" );
1534
  fwrite( $handle, "Scanning Files: Suspicious code pattern matches:\r\n" );
1535
 
@@ -1542,95 +1494,104 @@ global $wp_version, $wpdb, $plugin_hashes, $theme_hashes;
1542
 
1543
  } else {
1544
 
1545
- $ext = pathinfo( strtolower($value), PATHINFO_EXTENSION );
1546
- $file_contents = file_get_contents($value);
1547
-
1548
- if ( $ext == 'js' ) {
1549
-
1550
- if ( preg_match( $js_pattern, $file_contents, $matches ) ) {
1551
-
1552
- $js_code_match = 1;
1553
-
1554
- $string_length = strlen($matches[0]);
1555
-
1556
- if ( $string_length > 30 ) {
1557
- $mscan_pattern = substr($matches[0], 0, 30);
1558
- } else {
1559
- $mscan_pattern = $matches[0];
1560
- }
1561
 
1562
- $file_path_forward_slashes = str_replace( '\\', '/', $value );
1563
- $rel_file_path = str_replace( get_home_path(), '', $file_path_forward_slashes );
1564
- fwrite( $handle, "Scanning Files .js: File: ../$rel_file_path\r\n" );
1565
- fwrite( $handle, "Scanning Files .js: Code Pattern Match: $mscan_pattern\r\n" );
1566
-
1567
- if ( ! in_array($value, $mscan_file_path_array) ) {
1568
-
1569
- if ( $insert_rows = $wpdb->insert( $MStable, array( 'mscan_status' => 'suspect', 'mscan_type' => 'js', 'mscan_path' => $value, 'mscan_pattern' => $mscan_pattern, 'mscan_skipped' => '', 'mscan_ignored' => '', 'mscan_db_table' => '', 'mscan_db_column' => '', 'mscan_db_pkid' => '', 'mscan_time' => current_time('mysql') ) ) ) {
1570
 
1571
- $send_email = 'send';
1572
- }
1573
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1574
  }
1575
- }
1576
-
1577
- if ( $ext == 'htaccess' ) {
1578
-
1579
- if ( preg_match( $htaccess_pattern, $file_contents, $matches ) ) {
1580
-
1581
- $htaccess_code_match = 1;
1582
-
1583
- $string_length = strlen($matches[0]);
1584
-
1585
- if ( $string_length > 30 ) {
1586
- $mscan_pattern = substr($matches[0], 0, 30);
1587
- } else {
1588
- $mscan_pattern = $matches[0];
1589
- }
1590
-
1591
- $file_path_forward_slashes = str_replace( '\\', '/', $value );
1592
- $rel_file_path = str_replace( get_home_path(), '', $file_path_forward_slashes );
1593
- fwrite( $handle, "Scanning Files .htaccess: File: ../$rel_file_path\r\n" );
1594
- fwrite( $handle, "Scanning Files .htaccess: Code Pattern Match: $mscan_pattern\r\n" );
1595
-
1596
- if ( ! in_array($value, $mscan_file_path_array) ) {
1597
 
1598
- if ( $insert_rows = $wpdb->insert( $MStable, array( 'mscan_status' => 'suspect', 'mscan_type' => 'htaccess', 'mscan_path' => $value, 'mscan_pattern' => $mscan_pattern, 'mscan_skipped' => '', 'mscan_ignored' => '', 'mscan_db_table' => '', 'mscan_db_column' => '', 'mscan_db_pkid' => '', 'mscan_time' => current_time('mysql') ) ) ) {
1599
- $send_email = 'send';
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1600
  }
1601
  }
1602
  }
1603
- }
1604
-
1605
- if ( $ext == 'htm' || $ext == 'html' || $ext == 'php' || $ext == 'phps' || $ext == 'php5' || $ext == 'php4' || $ext == 'php3' || $ext == 'phtml' || $ext == 'phpt' || $ext == 'shtm' || $ext == 'shtml' || $ext == 'xhtml' || $ext == 'ico' || $ext == 'bak' ) {
1606
-
1607
- if ( preg_match( $php_pattern, $file_contents, $matches ) ) {
1608
-
1609
- $php_code_match = 1;
1610
-
1611
- $string_length = strlen($matches[0]);
1612
-
1613
- if ( $string_length > 30 ) {
1614
- $mscan_pattern = substr($matches[0], 0, 30);
1615
- } else {
1616
- $mscan_pattern = $matches[0];
1617
- }
1618
 
1619
- $file_path_forward_slashes = str_replace( '\\', '/', $value );
1620
- $rel_file_path = str_replace( get_home_path(), '', $file_path_forward_slashes );
1621
- fwrite( $handle, "Scanning Files php, html, etc: File: ../$rel_file_path\r\n" );
1622
- fwrite( $handle, "Scanning Files php, html, etc: Code Pattern Match: $mscan_pattern\r\n" );
1623
-
1624
- if ( ! in_array($value, $mscan_file_path_array) ) {
1625
 
1626
- if ( $insert_rows = $wpdb->insert( $MStable, array( 'mscan_status' => 'suspect', 'mscan_type' => 'php|html|other', 'mscan_path' => $value, 'mscan_pattern' => $mscan_pattern, 'mscan_skipped' => '', 'mscan_ignored' => '', 'mscan_db_table' => '', 'mscan_db_column' => '', 'mscan_db_pkid' => '', 'mscan_time' => current_time('mysql') ) ) ) {
1627
- $send_email = 'send';
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1628
  }
1629
  }
1630
  }
 
 
 
 
 
 
1631
  }
1632
  }
1633
- } // end of foreach ( $file_path_array
1634
 
1635
  if ( $js_code_match == 0 ) {
1636
  fwrite( $handle, "Scanning Files .js: No Suspicious .js code pattern matches were found.\r\n" );
@@ -1645,19 +1606,125 @@ global $wp_version, $wpdb, $plugin_hashes, $theme_hashes;
1645
  }
1646
 
1647
  fwrite( $handle, "Scanning Files: php, js, etc file scanning completed.\r\n" );
1648
- fwrite( $handle, "Scanning Files: Scanning files completed.\r\n" );
1649
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1650
  if ( $MScan_options['mscan_scan_database'] == 'On' ) {
1651
 
1652
  fwrite( $handle, "Scanning Database: Start database scan.\r\n" );
1653
- fwrite( $handle, "Scanning Database: Suspicious code pattern matches:\r\n" );
1654
 
1655
  $db_code_match = 0;
1656
  $DBTables = '';
1657
  $getDBTables = $wpdb->get_results( $wpdb->prepare( "SHOW TABLE STATUS WHERE Name != %s", $DBTables ) );
1658
 
1659
- ## 13.4.1: MScan Database Scan search patterns for DB Query below are now saved in the DB as of 15.3
1660
-
1661
  foreach ( $getDBTables as $Table ) {
1662
 
1663
  if ( $Table->Name != $wpdb->prefix . "bpspro_mscan" ) {
@@ -1679,8 +1746,6 @@ global $wp_version, $wpdb, $plugin_hashes, $theme_hashes;
1679
 
1680
  } else {
1681
 
1682
- // PHP Warning: Undefined property: stdClass::$option_name in mscan-ajax-functions.php on line xxx
1683
- // This is a known issue with WP and transients - nothing to fix here. So just use error suppression, which may not work.
1684
  if ( @!preg_match( '/_transient_feed_(.*)/', $results->option_name ) && @!preg_match( '/bulletproof_security_options_mscan_(.*)/', $results->option_name ) ) {
1685
 
1686
  $getKey = $wpdb->get_results( "SHOW KEYS FROM $Table->Name WHERE Key_name = 'PRIMARY'" );
@@ -1700,9 +1765,9 @@ global $wp_version, $wpdb, $plugin_hashes, $theme_hashes;
1700
 
1701
  if ( preg_grep( $eval_match, $json_array ) ) {
1702
  $db_code_match = 1;
1703
-
1704
- $db_table_no_prefix = preg_replace( '/'.$wpdb->prefix.'/', "", $Table->Name );
1705
 
 
 
1706
  fwrite( $handle, "Scanning Database: DB Table (w/o Prefix): $db_table_no_prefix | Column|Field: $column->Field | Primary Key ID: ".$json_array_converted[$PKey->Column_name]."\r\n" );
1707
  fwrite( $handle, "Scanning Database: Code Pattern Match: $eval_text\r\n" );
1708
 
@@ -1718,7 +1783,7 @@ global $wp_version, $wpdb, $plugin_hashes, $theme_hashes;
1718
  if ( preg_grep( '/<script/i', $json_array ) ) {
1719
  $db_code_match = 1;
1720
 
1721
- $db_table_no_prefix = preg_replace( '/'.$wpdb->prefix.'/', "", $Table->Name );
1722
 
1723
  fwrite( $handle, "Scanning Database: DB Table (w/o Prefix): $db_table_no_prefix | Column|Field: $column->Field | Primary Key ID: ".$json_array_converted[$PKey->Column_name]."\r\n" );
1724
  fwrite( $handle, "Scanning Database: Code Pattern Match: <script\r\n" );
@@ -1735,7 +1800,7 @@ global $wp_version, $wpdb, $plugin_hashes, $theme_hashes;
1735
  if ( preg_grep( '/<iframe/i', $json_array ) ) {
1736
  $db_code_match = 1;
1737
 
1738
- $db_table_no_prefix = preg_replace( '/'.$wpdb->prefix.'/', "", $Table->Name );
1739
 
1740
  fwrite( $handle, "Scanning Database: DB Table (w/o Prefix): $db_table_no_prefix | Column|Field: $column->Field | Primary Key ID: ".$json_array_converted[$PKey->Column_name]."\r\n" );
1741
  fwrite( $handle, "Scanning Database: Code Pattern Match: <iframe\r\n" );
@@ -1752,7 +1817,7 @@ global $wp_version, $wpdb, $plugin_hashes, $theme_hashes;
1752
  if ( preg_grep( '/<noscript/i', $json_array ) ) {
1753
  $db_code_match = 1;
1754
 
1755
- $db_table_no_prefix = preg_replace( '/'.$wpdb->prefix.'/', "", $Table->Name );
1756
 
1757
  fwrite( $handle, "Scanning Database: DB Table (w/o Prefix): $db_table_no_prefix | Column|Field: $column->Field | Primary Key ID: ".$json_array_converted[$PKey->Column_name]."\r\n" );
1758
  fwrite( $handle, "Scanning Database: Code Pattern Match: <noscript\r\n" );
@@ -1769,7 +1834,7 @@ global $wp_version, $wpdb, $plugin_hashes, $theme_hashes;
1769
  if ( preg_grep( '/visibility:/i', $json_array ) ) {
1770
  $db_code_match = 1;
1771
 
1772
- $db_table_no_prefix = preg_replace( '/'.$wpdb->prefix.'/', "", $Table->Name );
1773
 
1774
  fwrite( $handle, "Scanning Database: DB Table (w/o Prefix): $db_table_no_prefix | Column|Field: $column->Field | Primary Key ID: ".$json_array_converted[$PKey->Column_name]."\r\n" );
1775
  fwrite( $handle, "Scanning Database: Code Pattern Match: visibility:\r\n" );
@@ -1786,7 +1851,7 @@ global $wp_version, $wpdb, $plugin_hashes, $theme_hashes;
1786
  if ( preg_grep( $base64_decode_match, $json_array ) ) {
1787
  $db_code_match = 1;
1788
 
1789
- $db_table_no_prefix = preg_replace( '/'.$wpdb->prefix.'/', "", $Table->Name );
1790
 
1791
  fwrite( $handle, "Scanning Database: DB Table (w/o Prefix): $db_table_no_prefix | Column|Field: $column->Field | Primary Key ID: ".$json_array_converted[$PKey->Column_name]."\r\n" );
1792
  fwrite( $handle, "Scanning Database: Code Pattern Match: $base64_decode_text\r\n" );
@@ -1823,10 +1888,11 @@ global $wp_version, $wpdb, $plugin_hashes, $theme_hashes;
1823
  $db_code_match = 1;
1824
 
1825
  $db_table_no_prefix = preg_replace( '/'.$wpdb->prefix.'/', "", $wpdb->options );
1826
-
1827
  fwrite( $handle, "Scanning Database: DB Table (w/o Prefix): $db_table_no_prefix | Column|Field: option_name\r\n" );
1828
  fwrite( $handle, "Scanning Database: Pharma Hack found. Delete these option_name rows below from your WP Database:\r\n" );
1829
  fwrite( $handle, "Scanning Database: wp_check_hash, class_generic_support, widget_generic_support, ftp_credentials and fwp.\r\n" );
 
1830
  }
1831
 
1832
  if ( ! in_array( 'PharmaHack', $mscan_db_pattern_array ) ) {
@@ -1844,8 +1910,8 @@ global $wp_version, $wpdb, $plugin_hashes, $theme_hashes;
1844
  }
1845
 
1846
  fwrite( $handle, "Scanning Database: Database scan completed.\r\n" );
1847
- } // end if ( $MScan_options['mscan_scan_database'] == 'On' ) {
1848
- } // end if ( $MScan_options['bps_mscan_total_skipped_files'] == 'Off' ) {
1849
 
1850
  if ( $MScan_options['mscan_scan_skipped_files'] == 'On' ) {
1851
 
@@ -1946,7 +2012,7 @@ global $wp_version, $wpdb, $plugin_hashes, $theme_hashes;
1946
  } else {
1947
  fwrite( $handle, "Scanning Skipped Files: Either there are no skipped files to scan or a Skipped File Scan was run before a regular scan was run.\r\n" );
1948
  }
1949
- } // end if ( $MScan_options['bps_mscan_total_skipped_files'] == 'On' ) {
1950
 
1951
  $suspect_rows = 'suspect';
1952
  $ignored_rows = 'ignore';
@@ -2067,13 +2133,11 @@ global $wp_version, $wpdb, $plugin_hashes, $theme_hashes;
2067
 
2068
  fclose($handle);
2069
 
2070
- // Send email alert
2071
  if ( $send_email != '' ) {
2072
- bps_smonitor_mscan_email(); // Note: This function is only used in Pro with scheduled scans. Comment it out in BPS free.
2073
  }
2074
  }
2075
 
2076
- // Deletes all temporary files in the /tmp folder except for excluded /tmp files if files are excluded.
2077
  function bpsPro_delete_temp_files() {
2078
 
2079
  $MScan_options = get_option('bulletproof_security_options_MScan');
@@ -2083,9 +2147,9 @@ function bpsPro_delete_temp_files() {
2083
  }
2084
 
2085
  if ( ! empty($mscan_exclude_tmp_files_array) ) {
2086
-
2087
  $mscan_exclude_tmp_files_array_trim = array();
2088
-
2089
  foreach ( $mscan_exclude_tmp_files_array as $key => $value ) {
2090
  $mscan_exclude_tmp_files_array_trim[] = trim($value);
2091
  }
@@ -2109,9 +2173,9 @@ function bpsPro_delete_temp_files() {
2109
  }
2110
  }
2111
  }
2112
-
2113
  } else {
2114
-
2115
  if ( function_exists('sys_get_temp_dir') ) {
2116
  $sys_get_temp_dir = sys_get_temp_dir();
2117
 
17
  }
18
  }
19
 
 
 
20
  function bpsPro_mscan_scan_processing() {
21
 
22
  if ( isset( $_POST['post_var'] ) && $_POST['post_var'] == 'bps_mscan' ) {
59
 
60
  add_action('wp_ajax_bps_mscan_scan_processing', 'bpsPro_mscan_scan_processing');
61
 
 
62
  function bpsPro_mscan_scan_estimate() {
63
 
64
  if ( isset( $_POST['post_var'] ) && $_POST['post_var'] == 'bps_mscan_estimate' ) {
194
  $bps_plugin_dir_no_slash = str_replace( array( '\\', '/'), '', $bps_plugin_dir );
195
  $bps_themes_dir_no_slash = str_replace( array( '\\', '/'), '', $bps_themes_dir );
196
 
197
+ if ( ! function_exists('get_home_path')) {
198
+ require_once ABSPATH . 'wp-admin/includes/file.php';
199
+ }
200
+
201
  $source = get_home_path();
202
 
203
  if ( is_dir($source) ) {
208
 
209
  $file_path_array = array();
210
  $wp_core_file_array = array();
 
211
  $skipped_image_file_path_array = array();
212
  $skipped_nonimage_file_path_array = array();
213
 
 
 
 
214
  $wp_core_root_file_array = array( 'wp-activate.php', 'wp-blog-header.php', 'wp-comments-post.php', 'wp-config-sample.php', 'wp-cron.php', 'wp-links-opml.php', 'wp-load.php', 'wp-login.php', 'wp-mail.php', 'wp-settings.php', 'wp-signup.php', 'wp-trackback.php' );
215
 
216
  foreach ( $iterator as $files ) {
227
 
228
  if ( ! preg_match( '/(.*)((\/|\\\)'.$bps_wpcontent_dir.'(\/|\\\)bps-backup(\/|\\\))(.*)/', $files->getPathname() ) && ! preg_match( '/(.*)((\/|\\\)'.$bps_wpcontent_dir.'(\/|\\\)'.$bps_plugin_dir_no_slash.'(\/|\\\))(.*)/', $files->getPathname() ) && ! preg_match( '/(.*)((\/|\\\)'.$bps_wpcontent_dir.'(\/|\\\)'.$bps_themes_dir_no_slash.'(\/|\\\))(.*)/', $files->getPathname() ) && ! preg_match( '/(.*)((\/|\\\)'.$bps_wpcontent_dir.'(\/|\\\)index\.php)/', $files->getPathname() ) ) {
229
 
 
 
230
  if ( $files->getFilename() == 'index.php' ) {
231
  $pattern = '/define\((\s|)\'WP_USE_THEMES/';
232
  $check_string1 = file_get_contents( $files->getPath() . '/index.php' );
265
  $exclude_dirs_pattern = '/(\/bps-no-dirs\/)/';
266
  }
267
 
 
 
 
 
268
  $core_pattern = '/(.*)((\/|\\\)wp-admin(\/|\\\)|(\/|\\\)wp-includes(\/|\\\))(.*)/';
269
 
270
  if ( preg_match( $core_pattern, $files->getPathname() ) || $files->getFilename() == 'index.php' && $pos1 !== false || $files->getFilename() == 'readme.html' && $pos2 !== false || $files->getFilename() == 'xmlrpc.php' && $pos3 !== false || in_array($files->getFilename(), $wp_core_root_file_array) ) {
294
  } catch (RuntimeException $e) {
295
 
296
  }
297
+ }
298
 
299
  $skipped_file_path_array = $skipped_nonimage_file_path_array;
300
 
394
  }
395
  }
396
 
 
397
  $themes_dir = get_theme_root();
398
 
399
  $theme_file_path_array = array();
422
  } else {
423
 
424
  if ( ! empty($plugin_hashes) ) {
425
+ $total_plugin_files = count($plugin_hashes);
426
  } else {
427
+ $total_plugin_files = count($plugin_file_path_array);
428
  }
429
 
430
  if ( ! empty($theme_hashes) ) {
431
+ $total_theme_files = count($theme_hashes);
432
  } else {
433
+ $total_theme_files = count($theme_file_path_array);
434
  }
435
  }
436
 
464
  fwrite( $handle, "Scan Time Calculation: Excluded Folders: \r\n".$mscan_exclude_dirs."\r\n" );
465
  }
466
 
 
467
  $wp_hashes_file = WP_CONTENT_DIR . '/bps-backup/wp-hashes/wp-hashes.php';
468
  $wp_hash_time = '0';
469
+ $mscan_new_wp_core_installed = '0';
470
+
471
  if ( file_exists($wp_hashes_file) ) {
472
  $check_string = file_get_contents($wp_hashes_file);
473
 
474
  if ( ! strpos( $check_string, "WordPress $wp_version Hashes" ) ) {
475
+ $wp_hash_time = '110';
476
+ $mscan_new_wp_core_installed = '1';
477
  }
478
  }
479
 
 
 
480
  $all_plugins = get_plugins();
481
 
482
  $plugins_array = array();
505
 
506
  $plugins_array_merged = array_merge($plugins_array, $hello_dolly_plugin_array);
507
  $mscan_plugin_hash = get_option('bulletproof_security_options_mscan_plugin_hash');
508
+ $mscan_new_plugins_installed = '0';
509
+ $mscan_new_themes_installed = '0';
510
+
511
  if ( ! isset( $mscan_plugin_hash['bps_mscan_plugin_hash_version_check'] ) ) {
512
 
513
  $plugin_array_count = count($plugins_array_merged);
514
+ $plugin_hash_time = $plugin_array_count * 10;
515
 
516
  } else {
517
 
518
+ $array_diff_plugin_version = array_diff( $plugins_array_merged, $mscan_plugin_hash['bps_mscan_plugin_hash_version_check'] );
519
+ $count_plugin_array = count($array_diff_plugin_version);
520
+
521
+ if ( $count_plugin_array >= 1 ) {
522
+
523
+ $plugin_hash_time = $count_plugin_array * 10;
524
+ $mscan_new_plugins_installed = '1';
525
 
 
 
 
 
526
  } else {
527
+
528
+ $plugin_array_count = count($plugins_array_merged);
529
+ $plugin_hash_time = $plugin_array_count * 9;
530
  }
531
  }
532
 
 
533
  $all_themes = wp_get_themes();
534
  $all_themes_array = array();
535
 
542
 
543
  $mscan_theme_hash = get_option('bulletproof_security_options_mscan_theme_hash');
544
 
 
 
545
  if ( ! isset( $mscan_theme_hash['bps_mscan_theme_hash_version_check'] ) ) {
546
 
547
  $theme_array_count = count($all_themes_array);
548
+ $theme_hash_time = $theme_array_count * 10;
549
 
550
  } else {
551
 
552
+ $array_diff_theme_version = array_diff( $all_themes_array, $mscan_theme_hash['bps_mscan_theme_hash_version_check'] );
553
+ $count_theme_array = count($array_diff_theme_version);
554
+
555
+ if ( $count_theme_array >= 1 ) {
556
+
557
+ $theme_hash_time = $count_theme_array * 10;
558
+ $mscan_new_themes_installed = '1';
559
 
 
 
 
 
560
  } else {
561
+
562
+ $theme_array_count = count($all_themes_array);
563
+ $theme_hash_time = $theme_array_count * 9;
564
+ }
565
  }
566
 
 
567
  if ( $MScan_options['mscan_scan_skipped_files'] == 'On' ) {
568
 
569
  $filesize_array = array();
618
 
619
  $kbytes = $size / 1024;
620
  $db_size_time_math = $kbytes / 4000;
621
+ $db_size_time = round($db_size_time_math) * 4;
622
 
623
+ $last_scan_time_unix = isset($MScan_status['bps_mscan_last_scan_timestamp']) ? strtotime($MScan_status['bps_mscan_last_scan_timestamp']) : 0;
624
+ $time_now = time() + $gmt_offset;
 
 
 
 
625
 
626
+ if ( $time_now - $last_scan_time_unix > 10800 ) {
627
+ $linux_base_time = 60;
628
+ } else {
629
+ $linux_base_time = 30;
630
+ }
631
 
632
  $bps_mscan_time_remaining = time() + $wp_hash_time + $plugin_hash_time + $theme_hash_time + $wp_core_files_time + $plugin_files_time +
633
  $theme_files_time + $non_image_files_time + $db_size_time + $linux_base_time;
634
 
 
 
 
 
 
 
 
 
 
 
635
  $total_time_estimate = $wp_hash_time + $plugin_hash_time + $theme_hash_time + $wp_core_files_time + $plugin_files_time + $theme_files_time +
636
  $non_image_files_time + $db_size_time + $linux_base_time;
637
 
643
  fwrite( $handle, "Scan Time Calculation: Theme Files Time Estimate: +".$theme_files_time." Seconds\r\n" );
644
  fwrite( $handle, "Scan Time Calculation: non-WP php, html, etc Files Time Estimate: +".$non_image_files_time." Seconds\r\n" );
645
  fwrite( $handle, "Scan Time Calculation: DB Size Time Estimate: +".$db_size_time." Seconds\r\n" );
646
+ fwrite( $handle, "Scan Time Calculation: Session Scan Variance Time Estimate: +".$linux_base_time." Seconds\r\n" );
647
  fwrite( $handle, "Scan Time Calculation: Scan Time Estimate: ".$total_time_estimate." Seconds\r\n" );
648
  }
649
 
654
  $bps_mscan_total_suspect_files = isset($MScan_status['bps_mscan_total_suspect_files']) ? $MScan_status['bps_mscan_total_suspect_files'] : '';
655
  $bps_mscan_suspect_skipped_files = isset($MScan_status['bps_mscan_suspect_skipped_files']) ? $MScan_status['bps_mscan_suspect_skipped_files'] : '';
656
  $bps_mscan_total_suspect_db = isset($MScan_status['bps_mscan_total_suspect_db']) ? $MScan_status['bps_mscan_total_suspect_db'] : '';
657
+ $bps_mscan_total_ignored_files = isset($MScan_status['bps_mscan_total_ignored_files']) ? $MScan_status['bps_mscan_total_ignored_files'] : '';
658
+
659
+ if ( ! get_option('bulletproof_security_options_mscan_theme_hash') && ! get_option('bulletproof_security_options_mscan_plugin_hash') && ! get_option( 'bulletproof_security_options_mscan_p_hash_new' ) && ! get_option( 'bulletproof_security_options_mscan_t_hash_new' ) ) {
660
+
661
+ $bps_mscan_status_run = '9';
662
+
663
+ } else {
664
+
665
+ if ( $mscan_new_plugins_installed == '1' || $mscan_new_themes_installed == '1' || $mscan_new_wp_core_installed == '1' ) {
666
+ $bps_mscan_status_run = '9';
667
+
668
+ } else {
669
+
670
+ $bps_mscan_status_run = '2';
671
+ }
672
+ }
673
 
674
  $MScan_status_db = array(
675
  'bps_mscan_time_start' => time(),
676
  'bps_mscan_time_stop' => $bps_mscan_time_stop,
677
  'bps_mscan_time_end' => $bps_mscan_time_end,
678
  'bps_mscan_time_remaining' => $bps_mscan_time_remaining,
679
+ 'bps_mscan_status' => $bps_mscan_status_run,
680
  'bps_mscan_last_scan_timestamp' => $bps_mscan_last_scan_timestamp,
681
  'bps_mscan_total_time' => $total_time_estimate,
682
  'bps_mscan_total_website_files' => '',
718
  return true;
719
  }
720
 
 
 
 
 
 
721
  function bpsPro_mscan_file_scan($mstime) {
722
  global $wp_version, $wpdb, $plugin_hashes, $theme_hashes;
723
 
724
  $time_start = microtime( true );
725
+
 
 
 
 
 
 
 
726
  $MScan_options = get_option('bulletproof_security_options_MScan');
727
  $mstime = ! isset($MScan_options['mscan_max_time_limit']) ? '300' : $MScan_options['mscan_max_time_limit'];
728
 
737
 
738
  $handle = fopen( $mscan_log, 'a' );
739
 
740
+ $MScan_status = get_option('bulletproof_security_options_MScan_status');
741
+
742
+ if ( isset($MScan_status['bps_mscan_status']) && $MScan_status['bps_mscan_status'] == '9' ) {
743
+
744
+ fwrite( $handle, "MScan Status: 9\r\n" );
745
+ fwrite( $handle, "Scanning Files: Aborted. The Hash Maker is creating WP Core, Plugin or Theme file hashes.\r\n" );
746
+
747
+ $bps_mscan_total_time = time() - $MScan_status['bps_mscan_time_start'];
748
+
749
+ $hours = (int)($bps_mscan_total_time / 60 / 60);
750
+ $minutes = (int)($bps_mscan_total_time / 60) - $hours * 60;
751
+ $seconds = (int)$bps_mscan_total_time - $hours * 60 * 60 - $minutes * 60;
752
+ $hours_format = $hours == 0 ? "00" : $hours;
753
+ $minutes_format = $minutes == 0 ? "00" : ($minutes < 10 ? "0".$minutes : $minutes);
754
+ $seconds_format = $seconds == 0 ? "00" : ($seconds < 10 ? "0".$seconds : $seconds);
755
+
756
+ $file_scan_log = 'Hash Maker Completion Time: '. $hours_format . ':'. $minutes_format . ':' . $seconds_format;
757
+
758
+ fwrite( $handle, "$file_scan_log\r\n" );
759
+ fclose($handle);
760
+
761
+ return;
762
+ }
763
+
764
  $mscan_plugin_hash_new_array_keys = array();
765
 
766
  if ( get_option( 'bulletproof_security_options_mscan_p_hash_new' ) ) {
768
  $mscan_plugin_hash_new = get_option('bulletproof_security_options_mscan_p_hash_new');
769
  $mscan_plugin_hash_new_array_keys = array();
770
 
 
771
  foreach ( $mscan_plugin_hash_new['bps_mscan_plugin_hash_paths_new'] as $key => $value ) {
772
 
773
  foreach ( $value as $inner_key => $inner_value ) {
784
  $mscan_theme_hash_new = get_option('bulletproof_security_options_mscan_t_hash_new');
785
  $mscan_theme_hash_new_array_keys = array();
786
 
 
787
  foreach ( $mscan_theme_hash_new['bps_mscan_theme_hash_paths_new'] as $key => $value ) {
788
 
789
  foreach ( $value as $inner_key => $inner_value ) {
795
  }
796
  }
797
 
 
 
 
 
 
798
  if ( ! get_option('bulletproof_security_options_mscan_theme_hash') || ! get_option('bulletproof_security_options_mscan_plugin_hash') || ! empty($mscan_plugin_hash_new_array_keys ) || ! empty($mscan_theme_hash_new_array_keys ) ) {
799
 
800
  $MScan_status = get_option('bulletproof_security_options_MScan_status');
801
+
802
  $MScan_status_db = array(
803
  'bps_mscan_time_start' => $MScan_status['bps_mscan_time_start'],
804
  'bps_mscan_time_stop' => $MScan_status['bps_mscan_time_stop'],
842
  $bps_plugin_dir_no_slash = str_replace( array( '\\', '/'), '', $bps_plugin_dir );
843
  $bps_themes_dir_no_slash = str_replace( array( '\\', '/'), '', $bps_themes_dir );
844
 
 
 
 
 
845
  $source = get_home_path();
846
 
847
  if ( is_dir($source) ) {
852
 
853
  $file_path_array = array();
854
  $wp_core_file_array = array();
 
855
  $skipped_image_file_path_array = array();
856
  $skipped_nonimage_file_path_array = array();
857
 
 
 
 
858
  $wp_core_root_file_array = array( 'wp-activate.php', 'wp-blog-header.php', 'wp-comments-post.php', 'wp-config-sample.php', 'wp-cron.php', 'wp-links-opml.php', 'wp-load.php', 'wp-login.php', 'wp-mail.php', 'wp-settings.php', 'wp-signup.php', 'wp-trackback.php' );
859
 
860
  foreach ( $iterator as $files ) {
871
 
872
  if ( ! preg_match( '/(.*)((\/|\\\)'.$bps_wpcontent_dir.'(\/|\\\)bps-backup(\/|\\\))(.*)/', $files->getPathname() ) && ! preg_match( '/(.*)((\/|\\\)'.$bps_wpcontent_dir.'(\/|\\\)'.$bps_plugin_dir_no_slash.'(\/|\\\))(.*)/', $files->getPathname() ) && ! preg_match( '/(.*)((\/|\\\)'.$bps_wpcontent_dir.'(\/|\\\)'.$bps_themes_dir_no_slash.'(\/|\\\))(.*)/', $files->getPathname() ) && ! preg_match( '/(.*)((\/|\\\)'.$bps_wpcontent_dir.'(\/|\\\)index\.php)/', $files->getPathname() ) ) {
873
 
 
 
874
  if ( $files->getFilename() == 'index.php' ) {
875
  $pattern = '/define\((\s|)\'WP_USE_THEMES/';
876
  $check_string1 = file_get_contents( $files->getPath() . '/index.php' );
909
  $exclude_dirs_pattern = '/(\/bps-no-dirs\/)/';
910
  }
911
 
 
 
 
 
912
  $core_pattern = '/(.*)((\/|\\\)wp-admin(\/|\\\)|(\/|\\\)wp-includes(\/|\\\))(.*)/';
913
 
914
  if ( preg_match( $core_pattern, $files->getPathname() ) || $files->getFilename() == 'index.php' && $pos1 !== false || $files->getFilename() == 'readme.html' && $pos2 !== false || $files->getFilename() == 'xmlrpc.php' && $pos3 !== false || in_array($files->getFilename(), $wp_core_root_file_array) ) {
940
  }
941
  }
942
 
 
943
  $mscan_dirs_array = array();
944
 
945
  foreach ( $MScan_options['bps_mscan_dirs'] as $key => $value ) {
949
  }
950
  }
951
 
 
 
952
  $bps_plugin_files_whitelist = '/(.*)((\/|\\\)'.$bps_wpcontent_dir.'(\/|\\\)'.$bps_plugin_dir_no_slash.'(\/|\\\)bulletproof-security(.*)(\.htaccess|\.zip|plugins-htaccess-master\.txt|class\.php|plugins-allow-from\.txt|sec-log-master\.txt|bps-maintenance-values\.php))/';
953
 
954
  $other_plugins_files_whitelist = '/(.*)((\/|\\\)'.$bps_wpcontent_dir.'(\/|\\\)'.$bps_plugin_dir_no_slash.'(\/|\\\)(tinymce-advanced(.*)tinymce-advanced\.php|google-sitemap-generator(.*)sitemap\.php))/';
975
  }
976
  }
977
 
 
 
978
  $themes_dir = get_theme_root();
979
 
980
  $theme_file_path_array = array();
1018
  }
1019
  }
1020
 
 
 
1021
  $mscan_db_pattern_match_options = get_option('bulletproof_security_options_mscan_patterns');
1022
 
1023
  foreach ( $mscan_db_pattern_match_options['mscan_pattern_match_files'] as $key => $value ) {
1086
  $htaccess_code_match = 0;
1087
  $php_code_match = 0;
1088
 
 
 
 
1089
  if ( $MScan_options['mscan_scan_skipped_files'] == 'Off' ) {
1090
 
1091
  $skipped_rows = 'skipped';
1200
  }
1201
  }
1202
 
1203
+ $blank_rows = '';
1204
  $MScanFileRows = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $MStable WHERE mscan_path != %s AND mscan_skipped != %s", $blank_rows, $skipped_rows ) );
1205
 
 
1206
  $mscan_file_path_array = array();
1207
 
1208
  if ( $wpdb->num_rows != 0 ) {
1226
  }
1227
 
1228
  fwrite( $handle, "Scanning Files: Start WP Core file scan.\r\n" );
 
1229
 
1230
  $core_dir_flip = array_flip($wp_core_file_array);
1231
 
1254
 
1255
  if ( ! empty($core_diff_array) ) {
1256
 
 
1257
  if ( ! preg_match( '/(.*)(\/|\\\)wp-admin(\/|\\\).htaccess/', $key ) ) {
1258
 
 
1259
  $file_path_forward_slashes = str_replace( '\\', '/', $key );
1260
  $rel_file_path = str_replace( get_home_path(), '', $file_path_forward_slashes );
1261
+ fwrite( $handle, "Scanning Files WP Core: Suspicious|Modified|Unknown WP Core file: ../$rel_file_path\r\n" );
1262
+
1263
  if ( ! in_array($key, $mscan_file_path_array) ) {
1264
 
1265
  if ( $insert_rows = $wpdb->insert( $MStable, array( 'mscan_status' => 'suspect', 'mscan_type' => 'core', 'mscan_path' => $key, 'mscan_pattern' => 'Altered or unknown WP Core file', 'mscan_skipped' => '', 'mscan_ignored' => '', 'mscan_db_table' => '', 'mscan_db_column' => '', 'mscan_db_pkid' => '', 'mscan_time' => current_time('mysql') ) ) ) {
1276
 
1277
  fwrite( $handle, "Scanning Files: WP Core file scan completed.\r\n" );
1278
 
 
 
 
1279
  if ( ! empty( $plugin_file_path_array ) ) {
1280
 
1281
  $plugins_hash_match = 0;
1282
 
1283
  fwrite( $handle, "Scanning Files: Start Plugins file scan.\r\n" );
 
1284
 
1285
  if ( empty($plugin_hashes) || $plugin_hashes == null ) {
1286
 
1308
 
1309
  $plugin_diff_array_clean = array();
1310
 
 
 
1311
  foreach ( $plugin_diff_array as $key1 => $value1 ) {
1312
 
1313
  foreach ( $mscan_nodownload['bps_plugin_nodownload'] as $key2 => $value2 ) {
1315
  if ( preg_match( '/(.*)'.$value2.'(.*)/', $key1, $matches ) && ! preg_match( '/##\sBEGIN\s'.$value2.'\s##/', $plugin_hashes_file_contents ) ) {
1316
 
1317
  unset($key1);
1318
+ $key1 = ! isset($key1) ? '' : $key1;
1319
  }
1320
  }
1321
 
1337
  if ( ! empty($plugin_diff_array_clean) ) {
1338
 
1339
  $plugins_hash_match = 1;
1340
+
1341
  $file_path_forward_slashes = str_replace( '\\', '/', $value );
1342
  $rel_file_path = str_replace( get_home_path(), '', $file_path_forward_slashes );
1343
  fwrite( $handle, "Scanning Files: Plugins: Suspicious|Modified|Unknown Plugin file: ../$rel_file_path\r\n" );
1359
  fwrite( $handle, "Scanning Files: Plugins file scan completed.\r\n" );
1360
  }
1361
 
 
 
 
 
1362
  if ( ! empty( $theme_file_path_array ) ) {
1363
 
1364
  $themes_hash_match = 0;
1365
 
1366
  fwrite( $handle, "Scanning Files: Start Themes file scan.\r\n" );
 
1367
 
1368
  if ( empty($theme_hashes) || $theme_hashes == null ) {
1369
 
1391
 
1392
  $theme_diff_array_clean = array();
1393
 
 
 
1394
  foreach ( $theme_diff_array as $key1 => $value1 ) {
1395
 
1396
  foreach ( $mscan_nodownload['bps_theme_nodownload'] as $key2 => $value2 ) {
1398
  if ( preg_match( '/(.*)'.$value2.'(.*)/', $key1, $matches ) && ! preg_match( '/##\sBEGIN\s'.$value2.'\s##/', $theme_hashes_file_contents ) ) {
1399
 
1400
  unset($key1);
1401
+ $key1 = ! isset($key1) ? '' : $key1;
1402
  }
1403
  }
1404
 
1442
  fwrite( $handle, "Scanning Files: Themes file scan completed.\r\n" );
1443
  }
1444
 
 
1445
  fwrite( $handle, "Scanning Files: Start wp-content, plugins and themes root index.php files scan.\r\n" );
1446
 
1447
  $index_file_hash_match = 0;
1482
 
1483
  fwrite( $handle, "Scanning Files: wp-content, plugins and themes index.php files scan completed.\r\n" );
1484
 
 
1485
  fwrite( $handle, "Scanning Files: Start php, js, etc file scanning.\r\n" );
1486
  fwrite( $handle, "Scanning Files: Suspicious code pattern matches:\r\n" );
1487
 
1494
 
1495
  } else {
1496
 
1497
+ if ( is_readable($value) ) {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1498
 
1499
+ $ext = pathinfo( strtolower($value), PATHINFO_EXTENSION );
1500
+ $file_contents = file_get_contents($value);
1501
+
1502
+ if ( $ext == 'js' ) {
1503
+
1504
+ if ( preg_match( $js_pattern, $file_contents, $matches ) ) {
1505
+
1506
+ $js_code_match = 1;
1507
 
1508
+ $string_length = strlen($matches[0]);
1509
+
1510
+ if ( $string_length > 30 ) {
1511
+ $mscan_pattern = substr($matches[0], 0, 30);
1512
+ } else {
1513
+ $mscan_pattern = $matches[0];
1514
+ }
1515
+
1516
+ $file_path_forward_slashes = str_replace( '\\', '/', $value );
1517
+ $rel_file_path = str_replace( get_home_path(), '', $file_path_forward_slashes );
1518
+ fwrite( $handle, "Scanning Files .js: File: ../$rel_file_path\r\n" );
1519
+ fwrite( $handle, "Scanning Files .js: Code Pattern Match: $mscan_pattern\r\n" );
1520
+
1521
+ if ( ! in_array($value, $mscan_file_path_array) ) {
1522
+
1523
+ if ( $insert_rows = $wpdb->insert( $MStable, array( 'mscan_status' => 'suspect', 'mscan_type' => 'js', 'mscan_path' => $value, 'mscan_pattern' => $mscan_pattern, 'mscan_skipped' => '', 'mscan_ignored' => '', 'mscan_db_table' => '', 'mscan_db_column' => '', 'mscan_db_pkid' => '', 'mscan_time' => current_time('mysql') ) ) ) {
1524
+
1525
+ $send_email = 'send';
1526
+ }
1527
+ }
1528
+ }
1529
  }
1530
+
1531
+ if ( $ext == 'htaccess' ) {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1532
 
1533
+ if ( preg_match( $htaccess_pattern, $file_contents, $matches ) ) {
1534
+
1535
+ $htaccess_code_match = 1;
1536
+
1537
+ $string_length = strlen($matches[0]);
1538
+
1539
+ if ( $string_length > 30 ) {
1540
+ $mscan_pattern = substr($matches[0], 0, 30);
1541
+ } else {
1542
+ $mscan_pattern = $matches[0];
1543
+ }
1544
+
1545
+ $file_path_forward_slashes = str_replace( '\\', '/', $value );
1546
+ $rel_file_path = str_replace( get_home_path(), '', $file_path_forward_slashes );
1547
+ fwrite( $handle, "Scanning Files .htaccess: File: ../$rel_file_path\r\n" );
1548
+ fwrite( $handle, "Scanning Files .htaccess: Code Pattern Match: $mscan_pattern\r\n" );
1549
+
1550
+ if ( ! in_array($value, $mscan_file_path_array) ) {
1551
+
1552
+ if ( $insert_rows = $wpdb->insert( $MStable, array( 'mscan_status' => 'suspect', 'mscan_type' => 'htaccess', 'mscan_path' => $value, 'mscan_pattern' => $mscan_pattern, 'mscan_skipped' => '', 'mscan_ignored' => '', 'mscan_db_table' => '', 'mscan_db_column' => '', 'mscan_db_pkid' => '', 'mscan_time' => current_time('mysql') ) ) ) {
1553
+ $send_email = 'send';
1554
+ }
1555
  }
1556
  }
1557
  }
1558
+
1559
+ if ( $ext == 'htm' || $ext == 'html' || $ext == 'php' || $ext == 'phps' || $ext == 'php5' || $ext == 'php4' || $ext == 'php3' || $ext == 'phtml' || $ext == 'phpt' || $ext == 'shtm' || $ext == 'shtml' || $ext == 'xhtml' || $ext == 'ico' || $ext == 'bak' ) {
 
 
 
 
 
 
 
 
 
 
 
 
 
1560
 
1561
+ if ( preg_match( $php_pattern, $file_contents, $matches ) ) {
1562
+
1563
+ $php_code_match = 1;
 
 
 
1564
 
1565
+ $string_length = strlen($matches[0]);
1566
+
1567
+ if ( $string_length > 30 ) {
1568
+ $mscan_pattern = substr($matches[0], 0, 30);
1569
+ } else {
1570
+ $mscan_pattern = $matches[0];
1571
+ }
1572
+
1573
+ $file_path_forward_slashes = str_replace( '\\', '/', $value );
1574
+ $rel_file_path = str_replace( get_home_path(), '', $file_path_forward_slashes );
1575
+ fwrite( $handle, "Scanning Files php, html, etc: File: ../$rel_file_path\r\n" );
1576
+ fwrite( $handle, "Scanning Files php, html, etc: Code Pattern Match: $mscan_pattern\r\n" );
1577
+
1578
+ if ( ! in_array($value, $mscan_file_path_array) ) {
1579
+
1580
+ if ( $insert_rows = $wpdb->insert( $MStable, array( 'mscan_status' => 'suspect', 'mscan_type' => 'php|html|other', 'mscan_path' => $value, 'mscan_pattern' => $mscan_pattern, 'mscan_skipped' => '', 'mscan_ignored' => '', 'mscan_db_table' => '', 'mscan_db_column' => '', 'mscan_db_pkid' => '', 'mscan_time' => current_time('mysql') ) ) ) {
1581
+ $send_email = 'send';
1582
+ }
1583
  }
1584
  }
1585
  }
1586
+
1587
+ } else {
1588
+
1589
+ $file_path_forward_slashes = str_replace( '\\', '/', $value );
1590
+ $rel_file_path = str_replace( get_home_path(), '', $file_path_forward_slashes );
1591
+ fwrite( $handle, "Scanning Files: php, js, html, etc: This file is not readable: ../$rel_file_path\r\n" );
1592
  }
1593
  }
1594
+ }
1595
 
1596
  if ( $js_code_match == 0 ) {
1597
  fwrite( $handle, "Scanning Files .js: No Suspicious .js code pattern matches were found.\r\n" );
1606
  }
1607
 
1608
  fwrite( $handle, "Scanning Files: php, js, etc file scanning completed.\r\n" );
 
1609
 
1610
+ $sapi_type = php_sapi_name();
1611
+ $tmp_file_path_array = array();
1612
+ $tmp_file_code_match = 0;
1613
+
1614
+ if ( substr($sapi_type, 0, 6) == 'apache' && preg_match( '#\\\\#', ABSPATH, $matches ) ) {
1615
+ $upload_tmp_dir = ini_get('upload_tmp_dir');
1616
+
1617
+ if ( is_dir( $upload_tmp_dir ) && wp_is_writable( $upload_tmp_dir ) ) {
1618
+
1619
+ $local_tmp_files = scandir($upload_tmp_dir);
1620
+
1621
+ foreach ( $local_tmp_files as $file ) {
1622
+
1623
+ if ( $file != '.' && $file != '..' ) {
1624
+
1625
+ $tmp_file_path_array[] = $upload_tmp_dir .'/'. $file;;
1626
+ }
1627
+ }
1628
+ }
1629
+
1630
+ } else {
1631
+
1632
+ if ( function_exists('sys_get_temp_dir') ) {
1633
+ $sys_get_temp_dir = sys_get_temp_dir();
1634
+
1635
+ if ( is_dir( $sys_get_temp_dir ) && wp_is_writable( $sys_get_temp_dir ) ) {
1636
+
1637
+ $tmp_files = scandir($sys_get_temp_dir);
1638
+
1639
+ foreach ( $tmp_files as $file ) {
1640
+
1641
+ if ( $file != '.' && $file != '..' ) {
1642
+
1643
+ $tmp_file_path_array[] = $sys_get_temp_dir .'/'. $file;
1644
+ }
1645
+ }
1646
+ }
1647
+ }
1648
+ }
1649
+
1650
+ fwrite( $handle, "Scanning Files Tmp Files.\r\n" );
1651
+
1652
+ if ( ! empty($tmp_file_path_array) ) {
1653
+
1654
+ foreach ( $tmp_file_path_array as $key => $value ) {
1655
+
1656
+ if ( file_get_contents($MScanStop) != 'run' ) {
1657
+ fwrite( $handle, "Scanning Files: MScan Scanning was Stopped\r\n" );
1658
+ fclose($handle);
1659
+ exit();
1660
+
1661
+ } else {
1662
+
1663
+ if ( is_readable($value) ) {
1664
+
1665
+ $file_contents = file_get_contents($value);
1666
+
1667
+ if ( preg_match( $php_pattern, $file_contents, $matches ) ) {
1668
+
1669
+ $tmp_file_code_match = 1;
1670
+
1671
+ $string_length = strlen($matches[0]);
1672
+
1673
+ if ( $string_length > 30 ) {
1674
+ $mscan_pattern = substr($matches[0], 0, 30);
1675
+ } else {
1676
+ $mscan_pattern = $matches[0];
1677
+ }
1678
+
1679
+ if ( substr($sapi_type, 0, 6) == 'apache' && preg_match( '#\\\\#', ABSPATH, $matches ) ) {
1680
+ $upload_tmp_dir = ini_get('upload_tmp_dir');
1681
+ $rel_file_path = str_replace( $upload_tmp_dir, '', $value );
1682
+ } else {
1683
+ $sys_get_temp_dir = sys_get_temp_dir();
1684
+ $rel_file_path = str_replace( $sys_get_temp_dir, '', $value );
1685
+ }
1686
+
1687
+ fwrite( $handle, "Scanning Files Tmp Files: File: ..$rel_file_path\r\n" );
1688
+ fwrite( $handle, "Scanning Files Tmp Files: Code Pattern Match: $mscan_pattern\r\n" );
1689
+
1690
+ if ( ! in_array($value, $mscan_file_path_array) ) {
1691
+
1692
+ if ( $insert_rows = $wpdb->insert( $MStable, array( 'mscan_status' => 'suspect', 'mscan_type' => 'tmp', 'mscan_path' => $value, 'mscan_pattern' => $mscan_pattern, 'mscan_skipped' => '', 'mscan_ignored' => '', 'mscan_db_table' => '', 'mscan_db_column' => '', 'mscan_db_pkid' => '', 'mscan_time' => current_time('mysql') ) ) ) {
1693
+ $send_email = 'send';
1694
+ }
1695
+ }
1696
+ }
1697
+
1698
+ } else {
1699
+
1700
+ if ( substr($sapi_type, 0, 6) == 'apache' && preg_match( '#\\\\#', ABSPATH, $matches ) ) {
1701
+ $upload_tmp_dir = ini_get('upload_tmp_dir');
1702
+ $rel_file_path = str_replace( $upload_tmp_dir, '', $value );
1703
+ } else {
1704
+ $sys_get_temp_dir = sys_get_temp_dir();
1705
+ $rel_file_path = str_replace( $sys_get_temp_dir, '', $value );
1706
+ }
1707
+
1708
+ fwrite( $handle, "Scanning Files Tmp Files: This tmp file is not readable: ..$rel_file_path\r\n" );
1709
+ }
1710
+ }
1711
+ }
1712
+ }
1713
+
1714
+ if ( $tmp_file_code_match == 0 ) {
1715
+ fwrite( $handle, "Scanning Files Tmp Files: No Suspicious tmp file code pattern matches were found.\r\n" );
1716
+ }
1717
+
1718
+ fwrite( $handle, "Scanning Files: Scanning files completed.\r\n" );
1719
+
1720
  if ( $MScan_options['mscan_scan_database'] == 'On' ) {
1721
 
1722
  fwrite( $handle, "Scanning Database: Start database scan.\r\n" );
 
1723
 
1724
  $db_code_match = 0;
1725
  $DBTables = '';
1726
  $getDBTables = $wpdb->get_results( $wpdb->prepare( "SHOW TABLE STATUS WHERE Name != %s", $DBTables ) );
1727
 
 
 
1728
  foreach ( $getDBTables as $Table ) {
1729
 
1730
  if ( $Table->Name != $wpdb->prefix . "bpspro_mscan" ) {
1746
 
1747
  } else {
1748
 
 
 
1749
  if ( @!preg_match( '/_transient_feed_(.*)/', $results->option_name ) && @!preg_match( '/bulletproof_security_options_mscan_(.*)/', $results->option_name ) ) {
1750
 
1751
  $getKey = $wpdb->get_results( "SHOW KEYS FROM $Table->Name WHERE Key_name = 'PRIMARY'" );
1765
 
1766
  if ( preg_grep( $eval_match, $json_array ) ) {
1767
  $db_code_match = 1;
 
 
1768
 
1769
+ $db_table_no_prefix = preg_replace( '/'.$wpdb->prefix.'/', "", $Table->Name );
1770
+
1771
  fwrite( $handle, "Scanning Database: DB Table (w/o Prefix): $db_table_no_prefix | Column|Field: $column->Field | Primary Key ID: ".$json_array_converted[$PKey->Column_name]."\r\n" );
1772
  fwrite( $handle, "Scanning Database: Code Pattern Match: $eval_text\r\n" );
1773
 
1783
  if ( preg_grep( '/<script/i', $json_array ) ) {
1784
  $db_code_match = 1;
1785
 
1786
+ $db_table_no_prefix = preg_replace( '/'.$wpdb->prefix.'/', "", $Table->Name );
1787
 
1788
  fwrite( $handle, "Scanning Database: DB Table (w/o Prefix): $db_table_no_prefix | Column|Field: $column->Field | Primary Key ID: ".$json_array_converted[$PKey->Column_name]."\r\n" );
1789
  fwrite( $handle, "Scanning Database: Code Pattern Match: <script\r\n" );
1800
  if ( preg_grep( '/<iframe/i', $json_array ) ) {
1801
  $db_code_match = 1;
1802
 
1803
+ $db_table_no_prefix = preg_replace( '/'.$wpdb->prefix.'/', "", $Table->Name );
1804
 
1805
  fwrite( $handle, "Scanning Database: DB Table (w/o Prefix): $db_table_no_prefix | Column|Field: $column->Field | Primary Key ID: ".$json_array_converted[$PKey->Column_name]."\r\n" );
1806
  fwrite( $handle, "Scanning Database: Code Pattern Match: <iframe\r\n" );
1817
  if ( preg_grep( '/<noscript/i', $json_array ) ) {
1818
  $db_code_match = 1;
1819
 
1820
+ $db_table_no_prefix = preg_replace( '/'.$wpdb->prefix.'/', "", $Table->Name );
1821
 
1822
  fwrite( $handle, "Scanning Database: DB Table (w/o Prefix): $db_table_no_prefix | Column|Field: $column->Field | Primary Key ID: ".$json_array_converted[$PKey->Column_name]."\r\n" );
1823
  fwrite( $handle, "Scanning Database: Code Pattern Match: <noscript\r\n" );
1834
  if ( preg_grep( '/visibility:/i', $json_array ) ) {
1835
  $db_code_match = 1;
1836
 
1837
+ $db_table_no_prefix = preg_replace( '/'.$wpdb->prefix.'/', "", $Table->Name );
1838
 
1839
  fwrite( $handle, "Scanning Database: DB Table (w/o Prefix): $db_table_no_prefix | Column|Field: $column->Field | Primary Key ID: ".$json_array_converted[$PKey->Column_name]."\r\n" );
1840
  fwrite( $handle, "Scanning Database: Code Pattern Match: visibility:\r\n" );
1851
  if ( preg_grep( $base64_decode_match, $json_array ) ) {
1852
  $db_code_match = 1;
1853
 
1854
+ $db_table_no_prefix = preg_replace( '/'.$wpdb->prefix.'/', "", $Table->Name );
1855
 
1856
  fwrite( $handle, "Scanning Database: DB Table (w/o Prefix): $db_table_no_prefix | Column|Field: $column->Field | Primary Key ID: ".$json_array_converted[$PKey->Column_name]."\r\n" );
1857
  fwrite( $handle, "Scanning Database: Code Pattern Match: $base64_decode_text\r\n" );
1888
  $db_code_match = 1;
1889
 
1890
  $db_table_no_prefix = preg_replace( '/'.$wpdb->prefix.'/', "", $wpdb->options );
1891
+
1892
  fwrite( $handle, "Scanning Database: DB Table (w/o Prefix): $db_table_no_prefix | Column|Field: option_name\r\n" );
1893
  fwrite( $handle, "Scanning Database: Pharma Hack found. Delete these option_name rows below from your WP Database:\r\n" );
1894
  fwrite( $handle, "Scanning Database: wp_check_hash, class_generic_support, widget_generic_support, ftp_credentials and fwp.\r\n" );
1895
+
1896
  }
1897
 
1898
  if ( ! in_array( 'PharmaHack', $mscan_db_pattern_array ) ) {
1910
  }
1911
 
1912
  fwrite( $handle, "Scanning Database: Database scan completed.\r\n" );
1913
+ }
1914
+ }
1915
 
1916
  if ( $MScan_options['mscan_scan_skipped_files'] == 'On' ) {
1917
 
2012
  } else {
2013
  fwrite( $handle, "Scanning Skipped Files: Either there are no skipped files to scan or a Skipped File Scan was run before a regular scan was run.\r\n" );
2014
  }
2015
+ }
2016
 
2017
  $suspect_rows = 'suspect';
2018
  $ignored_rows = 'ignore';
2133
 
2134
  fclose($handle);
2135
 
 
2136
  if ( $send_email != '' ) {
2137
+
2138
  }
2139
  }
2140
 
 
2141
  function bpsPro_delete_temp_files() {
2142
 
2143
  $MScan_options = get_option('bulletproof_security_options_MScan');
2147
  }
2148
 
2149
  if ( ! empty($mscan_exclude_tmp_files_array) ) {
2150
+
2151
  $mscan_exclude_tmp_files_array_trim = array();
2152
+
2153
  foreach ( $mscan_exclude_tmp_files_array as $key => $value ) {
2154
  $mscan_exclude_tmp_files_array_trim[] = trim($value);
2155
  }
2173
  }
2174
  }
2175
  }
2176
+
2177
  } else {
2178
+
2179
  if ( function_exists('sys_get_temp_dir') ) {
2180
  $sys_get_temp_dir = sys_get_temp_dir();
2181
 
includes/mscan-plugin-hash-maker.php CHANGED
@@ -1,6 +1,5 @@
1
  <?php
2
- // Download the Plugin zip file version based on the current Plugin version installed.
3
- // Ensure that the Plugin zip file is not downloaded repeatedly due to an error, issue or problem.
4
  function bpsPro_plugin_zip_download($mstime) {
5
  global $wp_version;
6
 
@@ -26,6 +25,7 @@ global $wp_version;
26
  fwrite( $handle, "Plugin Zip File Download Error: The $plugin_hashes_dir folder does not exist.\r\n" );
27
  fwrite( $handle, "Troubleshooting: Check that the Ownership or folder permissions for the /bps-backup/ folder. The /bps-backup/ folder should have 755 or 705 permissions and the Owner of the /bps-backup/ folder should be the same Owner as all of your other website folders.\r\n" );
28
  fclose($handle);
 
29
  return false;
30
  }
31
 
@@ -41,7 +41,6 @@ global $wp_version;
41
 
42
  fwrite( $handle, "Plugin Zip File Download: Start Plugin zip file downloads.\r\n" );
43
 
44
- // Note: $value['TextDomain'] is not reliable. Use $key instead.
45
  $all_plugins = get_plugins();
46
 
47
  $active_plugins_array = array();
@@ -102,23 +101,21 @@ global $wp_version;
102
  $mscan_plugin_hash = get_option('bulletproof_security_options_mscan_plugin_hash');
103
  $mscan_plugin_hash_new = get_option('bulletproof_security_options_mscan_p_hash_new');
104
  $tmp_file = '';
 
105
  $plugin_no_zip_array = array();
106
 
107
  foreach ( $plugins_array_merged as $key => $value ) {
108
 
109
- // Plugins: https://downloads.wordpress.org/plugin/plugin-name.1.0.zip
110
  $plugin_zip_file = $value . '.zip';
111
  $local_zip_file = WP_CONTENT_DIR . '/bps-backup/plugin-hashes/' . $plugin_zip_file;
112
 
113
- $plugin_name = strstr($value, '.', true); // plugin-name
114
- $plugin_version = strstr($value, '.'); // .1.0
115
- $plugin_version_nodot = substr($plugin_version, 1); // 1.0
116
 
117
  $bps_mscan_plugin_hash_version_check_array[$plugin_name] = $plugin_version_nodot;
118
  $bps_mscan_plugin_hash_paths_array[$plugin_name][] = '';
119
 
120
- // Check the WP Plugin Repo for plugins that do not exist in the Repo. ie premium/paid and custom plugins.
121
- // Note: some plugins do not include the version # in the zip file name. Those plugins will not be downloaded.
122
  $plugin_zip_file_url = 'https://downloads.wordpress.org/plugin/' . $plugin_zip_file;
123
 
124
  $response = wp_remote_get( $plugin_zip_file_url );
@@ -134,15 +131,10 @@ global $wp_version;
134
 
135
  @$bps_mscan_plugin_hash_version_check = isset($mscan_plugin_hash['bps_mscan_plugin_hash_version_check']) ? $mscan_plugin_hash['bps_mscan_plugin_hash_version_check']["$plugin_name"] : '';
136
 
137
- // If the BPS DB option plugin version matches then don't download another zip file and just log a log entry.
138
- // Note: Any plugins not in the WP Plugin Repository will be listed in the array for later use.
139
  if ( $bps_mscan_plugin_hash_version_check == $plugin_version_nodot ) {
140
 
141
- //fwrite( $handle, "Plugin Zip File Download: No new Plugin Zip files were downloaded.\r\n" );
142
-
143
  } else {
144
 
145
- // Extra Precaution: Don't download another zip file if it already exists.
146
  if ( ! file_exists($local_zip_file) ) {
147
 
148
  if ( file_exists($plugin_hash_file) ) {
@@ -150,8 +142,6 @@ global $wp_version;
150
  $url = 'https://downloads.wordpress.org/plugin/' . $plugin_zip_file;
151
  $tmp_file = download_url( $url, $timeout = 300 );
152
 
153
- // Important: Do not use a return in this condition or all valid downloads will fail.
154
- // This condition prevents a fatal error on WP_ERROR in PHP 8, which halts processing.
155
  if ( is_wp_error( $tmp_file ) ) {
156
 
157
  fwrite( $handle, "Plugin Zip File Download: WP_Error: Unable to download Plugin zip file: $plugin_zip_file from WordPress.org.\r\n" );
@@ -162,6 +152,8 @@ global $wp_version;
162
  fwrite( $handle, "Plugin Zip File Download: Unable to download this Plugin zip file: $plugin_zip_file\r\n" );
163
  } else {
164
  fwrite( $handle, "Plugin Zip File Download: Zip file download successful: $plugin_zip_file\r\n" );
 
 
165
  }
166
 
167
  unlink( $tmp_file );
@@ -179,10 +171,6 @@ global $wp_version;
179
  $bps_mscan_plugin_hash_zip_file_array[$plugin_name] = $zip_file;
180
  }
181
 
182
- // Update the non-downloadable plugin DB option on each scan run.
183
- // display this db option in a the new report that will be created. ie these plugins are not downloadable from WP. premium/paid and custom plugins.
184
- // Add this help info: use the plugin upload zip form to upload premium/paid or custom plugin zip files
185
- // Any plugins that are uploaded using the plugin zip upload form will be automatically extracted, added to the plugin hash array and deleted on next MScan run.
186
  $mscan_nodownload = get_option('bulletproof_security_options_mscan_nodownload');
187
  $bps_theme_nodownload = isset( $mscan_nodownload['bps_theme_nodownload']) ? $mscan_nodownload['bps_theme_nodownload'] : '';
188
 
@@ -197,9 +185,6 @@ global $wp_version;
197
 
198
  $mscan_plugin_hash_options_db = 'bulletproof_security_options_mscan_plugin_hash';
199
 
200
- // I'm really only interested in preserving the Plugin hash paths and updating the plugin versions, everything else is an afterthought for future scaleability.
201
- // On first run plugin hash paths are saved as an empty 2D array, plugin version numbers are saved and zip file yes or no value is saved.
202
- // Plugin hash paths and hashes are created in the Plugin hash maker function.
203
  if ( ! get_option( $mscan_plugin_hash_options_db ) ) {
204
 
205
  $mscan_plugin_hash_options = array(
@@ -214,7 +199,6 @@ global $wp_version;
214
 
215
  } else {
216
 
217
- // All future runs create new DB arrays used in the Plugin hash maker function to add or remove array values from the first run DB option.
218
  delete_option('bulletproof_security_options_mscan_p_hash_new');
219
 
220
  $mscan_plugin_hash_options_new = array(
@@ -227,7 +211,6 @@ global $wp_version;
227
  update_option('bulletproof_security_options_mscan_p_hash_new', $mscan_plugin_hash_options_new);
228
  }
229
 
230
- // Update any new Plugin versions in the first run db option
231
  $mscan_plugin_hash = get_option('bulletproof_security_options_mscan_plugin_hash');
232
  $mscan_plugin_hash_new = get_option('bulletproof_security_options_mscan_p_hash_new');
233
 
@@ -244,7 +227,6 @@ global $wp_version;
244
  }
245
  }
246
 
247
- // Update any new Plugin versions & add/merge any new Plugins by into the first run db option
248
  $array_diff_key_plugin_hash_version = array_diff_key($mscan_plugin_hash_new['bps_mscan_plugin_hash_version_check_new'], $mscan_plugin_hash['bps_mscan_plugin_hash_version_check']);
249
  $array_merge_new_plugin_hash_version = array_merge($plugin_hash_version_check_update_array, $array_diff_key_plugin_hash_version);
250
 
@@ -259,6 +241,102 @@ global $wp_version;
259
  }
260
  }
261
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
262
  $time_end = microtime( true );
263
  $download_time = $time_end - $time_start;
264
 
@@ -277,9 +355,6 @@ global $wp_version;
277
  return true;
278
  }
279
 
280
- // Extract the Plugin zip files.
281
- // Note: The extracted plugin folders do not have a version number: /plugin-name/
282
- // Both ZipArchive and PclZip have been tested.
283
  function bpsPro_plugin_zip_extractor() {
284
  global $wp_version;
285
 
@@ -378,8 +453,6 @@ global $wp_version;
378
  }
379
  }
380
 
381
- // Creates an MD5 plugin file hash array.
382
- // Cleanup: Deletes the plugin zip files and the extracted plugin folders.
383
  function bpsPro_plugin_hash_maker() {
384
  global $wp_version;
385
 
@@ -429,7 +502,8 @@ global $wp_version;
429
  }
430
  }
431
 
432
- // If the $plugin_dir_path_array array is empty there are no new plugin folders to process
 
433
  if ( ! empty($plugin_dir_path_array) ) {
434
 
435
  $str1 = WP_CONTENT_DIR . '/bps-backup/plugin-hashes/';
@@ -454,13 +528,10 @@ global $wp_version;
454
  $mscan_plugin_hash = get_option('bulletproof_security_options_mscan_plugin_hash');
455
  $mscan_plugin_hash_new = get_option('bulletproof_security_options_mscan_p_hash_new');
456
 
457
- $plugin_name_key_array = array();
458
-
459
  foreach ( $filePath as $key => $value ) {
460
 
461
  $key_value = preg_replace( '/(\\\\.*|\/.*)/', "", $value);
462
 
463
- // These must be below the $key_value variable above.
464
  if ( preg_match( '/hello-dolly(.*)readme\.txt/', $value ) ) {
465
  unset($value);
466
  $value = ! isset($value) ? '' : $value; // PHP8 weirdness
@@ -476,16 +547,6 @@ global $wp_version;
476
  }
477
  }
478
 
479
- // Error Check: If any .php files exist in the plugin-hashes folder that are not the plugin-hashes.php file then the plugin zip file
480
- // did not extract the plugin files into a plugin folder and instead extracted the files into the root plugin-hashes folder.
481
- // Could be caused by an incorrect archive or if someone manually copies a plugin zip that does not extract into a plugin folder in the plugin-hashes folder.
482
-
483
- // Important Note: The plugin zip file must extract the plugin zip file into a plugin folder: /plugin-name/
484
- // in order for someone to manually copy premium and custom plugins into the /plugin-hashes/ folder to be iterated and added to the hash array.
485
- // HALT script execution if any files exist in the /plugin-hashes/ folder that are not the plugin-hashes.php file.
486
- // Update the MScan option setting to: 3 to get out of a looping situation with status 2.
487
- // Use MScan Status: 3 and let the iframe js script update the status to 4 in case the estimated scan time is excessive.
488
-
489
  $plugin_hash_folder = WP_CONTENT_DIR . '/bps-backup/plugin-hashes/';
490
  $plugin_files = preg_grep('~\.(php)$~', scandir($plugin_hash_folder));
491
 
@@ -502,7 +563,7 @@ global $wp_version;
502
  'bps_mscan_time_stop' => $MScan_status['bps_mscan_time_stop'],
503
  'bps_mscan_time_end' => $MScan_status['bps_mscan_time_end'],
504
  'bps_mscan_time_remaining' => $MScan_status['bps_mscan_time_remaining'],
505
- 'bps_mscan_status' => '3',
506
  'bps_mscan_last_scan_timestamp' => $MScan_status['bps_mscan_last_scan_timestamp'],
507
  'bps_mscan_total_time' => $MScan_status['bps_mscan_total_time'],
508
  'bps_mscan_total_website_files' => '',
@@ -528,8 +589,9 @@ global $wp_version;
528
  }
529
 
530
  $mscan_plugin_hash_options_db_new = 'bulletproof_security_options_mscan_p_hash_new';
 
 
531
 
532
- // First Run
533
  if ( ! get_option( $mscan_plugin_hash_options_db_new ) ) {
534
 
535
  $mscan_plugin_hash_options = array(
@@ -542,11 +604,10 @@ global $wp_version;
542
  update_option('bulletproof_security_options_mscan_plugin_hash', $mscan_plugin_hash_options);
543
  }
544
 
545
- } else { // All future Runs.
546
 
547
  if ( ! empty($plugin_dir_path_array) ) {
548
 
549
- // Don't manually delete this option here for testing - will cause problems.
550
  $mscan_plugin_hash_options = array(
551
  'bps_mscan_plugin_hash_version_check_new' => $mscan_plugin_hash_new['bps_mscan_plugin_hash_version_check_new'],
552
  'bps_mscan_plugin_hash_paths_new' => $plugin_name_key_array,
@@ -562,7 +623,6 @@ global $wp_version;
562
  $mscan_plugin_hash = get_option('bulletproof_security_options_mscan_plugin_hash');
563
  $mscan_plugin_hash_new = get_option('bulletproof_security_options_mscan_p_hash_new');
564
 
565
- // Note: $value['TextDomain'] is not reliable. Use $key instead.
566
  $all_plugins = get_plugins();
567
 
568
  $active_plugins_array = array();
@@ -620,7 +680,6 @@ global $wp_version;
620
 
621
  if ( get_option( 'bulletproof_security_options_mscan_p_hash_new' ) ) {
622
 
623
- // Get the new hash array keys that have a value otherwise return an empty array of array keys.
624
  foreach ( $mscan_plugin_hash_new['bps_mscan_plugin_hash_paths_new'] as $key => $value ) {
625
 
626
  foreach ( $value as $inner_key => $inner_value ) {
@@ -638,17 +697,10 @@ global $wp_version;
638
 
639
  foreach ( $mscan_plugin_hash['bps_mscan_plugin_hash_paths'] as $key => $value ) {
640
 
641
- // Plugin Deleted/Removed:
642
- // Remove deleted plugins from the First Run DB option array
643
  if ( ! in_array( $key, $installed_plugins_array_merged ) ) {
644
  unset($value);
645
  }
646
 
647
- // Plugin Updated:
648
- // Remove plugin hashes (values) from the First Run DB option array ONLY if the key exists and the value is not empty in the new plugin hash array.
649
- // The DB arrays will be merged at a later point. So this removes/unsets any matching keys in the first run array if the new hash array key matches
650
- // AND the value is not empty.
651
- // Important Note: The new hash array will ONLY contain the key and hashes for any new plugins and nothing else - no other default keys.
652
  if ( in_array( $key, $mscan_plugin_hash_new_array_keys ) ) {
653
  unset($value);
654
  }
@@ -658,7 +710,7 @@ global $wp_version;
658
  }
659
  }
660
  }
661
-
662
  $mscan_plugin_hash_options = array(
663
  'bps_mscan_plugin_hash_version_check' => $mscan_plugin_hash['bps_mscan_plugin_hash_version_check'],
664
  'bps_mscan_plugin_hash_paths' => $plugin_hash_removal_array,
@@ -694,19 +746,8 @@ global $wp_version;
694
  $mscan_plugin_hash = get_option('bulletproof_security_options_mscan_plugin_hash');
695
  $final_result = $mscan_plugin_hash['bps_mscan_plugin_hash_paths'];
696
 
697
- ## IMPORTANT!!! Do NOT sort the 2D array - very buggy.
698
- /*
699
- ksort($final_result);
700
-
701
- foreach( $final_result as &$value ) {
702
- ksort($value);
703
- }
704
- */
705
-
706
  $mscan_plugin_hash_options_db = 'bulletproof_security_options_mscan_plugin_hash';
707
 
708
- // Create the plugin hash file on first time scan & on future scans if new plugin hashes exist in the p_hash_new db array
709
- // This condition is important to limit potentional parse and fatal php errors when parsing the plugin-hashes.php file in the MScan AJAX function.
710
  if ( ! empty($mscan_plugin_hash_new_array_keys ) || ! get_option( 'bulletproof_security_options_mscan_p_hash_new' ) ) {
711
 
712
  $plugin_hashes_file = WP_CONTENT_DIR . '/bps-backup/plugin-hashes/plugin-hashes.php';
@@ -734,7 +775,6 @@ global $wp_version;
734
  fwrite( $handle, "Plugin MD5 File Hash Maker & Cleanup: plugin-hashes.php file created.\r\n" );
735
  fwrite( $handle, "Plugin MD5 File Hash Maker & Cleanup: Start /bps-backup/plugin-hashes/ folder cleanup.\r\n" );
736
 
737
- // Cleanup
738
  $plugin_hash_folder = WP_CONTENT_DIR . '/bps-backup/plugin-hashes/';
739
  $plugin_hash_file = WP_CONTENT_DIR . '/bps-backup/plugin-hashes/plugin-hashes.php';
740
 
1
  <?php
2
+
 
3
  function bpsPro_plugin_zip_download($mstime) {
4
  global $wp_version;
5
 
25
  fwrite( $handle, "Plugin Zip File Download Error: The $plugin_hashes_dir folder does not exist.\r\n" );
26
  fwrite( $handle, "Troubleshooting: Check that the Ownership or folder permissions for the /bps-backup/ folder. The /bps-backup/ folder should have 755 or 705 permissions and the Owner of the /bps-backup/ folder should be the same Owner as all of your other website folders.\r\n" );
27
  fclose($handle);
28
+
29
  return false;
30
  }
31
 
41
 
42
  fwrite( $handle, "Plugin Zip File Download: Start Plugin zip file downloads.\r\n" );
43
 
 
44
  $all_plugins = get_plugins();
45
 
46
  $active_plugins_array = array();
101
  $mscan_plugin_hash = get_option('bulletproof_security_options_mscan_plugin_hash');
102
  $mscan_plugin_hash_new = get_option('bulletproof_security_options_mscan_p_hash_new');
103
  $tmp_file = '';
104
+ $plugin_zip_file_download = '';
105
  $plugin_no_zip_array = array();
106
 
107
  foreach ( $plugins_array_merged as $key => $value ) {
108
 
 
109
  $plugin_zip_file = $value . '.zip';
110
  $local_zip_file = WP_CONTENT_DIR . '/bps-backup/plugin-hashes/' . $plugin_zip_file;
111
 
112
+ $plugin_name = strstr($value, '.', true);
113
+ $plugin_version = strstr($value, '.');
114
+ $plugin_version_nodot = substr($plugin_version, 1);
115
 
116
  $bps_mscan_plugin_hash_version_check_array[$plugin_name] = $plugin_version_nodot;
117
  $bps_mscan_plugin_hash_paths_array[$plugin_name][] = '';
118
 
 
 
119
  $plugin_zip_file_url = 'https://downloads.wordpress.org/plugin/' . $plugin_zip_file;
120
 
121
  $response = wp_remote_get( $plugin_zip_file_url );
131
 
132
  @$bps_mscan_plugin_hash_version_check = isset($mscan_plugin_hash['bps_mscan_plugin_hash_version_check']) ? $mscan_plugin_hash['bps_mscan_plugin_hash_version_check']["$plugin_name"] : '';
133
 
 
 
134
  if ( $bps_mscan_plugin_hash_version_check == $plugin_version_nodot ) {
135
 
 
 
136
  } else {
137
 
 
138
  if ( ! file_exists($local_zip_file) ) {
139
 
140
  if ( file_exists($plugin_hash_file) ) {
142
  $url = 'https://downloads.wordpress.org/plugin/' . $plugin_zip_file;
143
  $tmp_file = download_url( $url, $timeout = 300 );
144
 
 
 
145
  if ( is_wp_error( $tmp_file ) ) {
146
 
147
  fwrite( $handle, "Plugin Zip File Download: WP_Error: Unable to download Plugin zip file: $plugin_zip_file from WordPress.org.\r\n" );
152
  fwrite( $handle, "Plugin Zip File Download: Unable to download this Plugin zip file: $plugin_zip_file\r\n" );
153
  } else {
154
  fwrite( $handle, "Plugin Zip File Download: Zip file download successful: $plugin_zip_file\r\n" );
155
+
156
+ $plugin_zip_file_download = '1';
157
  }
158
 
159
  unlink( $tmp_file );
171
  $bps_mscan_plugin_hash_zip_file_array[$plugin_name] = $zip_file;
172
  }
173
 
 
 
 
 
174
  $mscan_nodownload = get_option('bulletproof_security_options_mscan_nodownload');
175
  $bps_theme_nodownload = isset( $mscan_nodownload['bps_theme_nodownload']) ? $mscan_nodownload['bps_theme_nodownload'] : '';
176
 
185
 
186
  $mscan_plugin_hash_options_db = 'bulletproof_security_options_mscan_plugin_hash';
187
 
 
 
 
188
  if ( ! get_option( $mscan_plugin_hash_options_db ) ) {
189
 
190
  $mscan_plugin_hash_options = array(
199
 
200
  } else {
201
 
 
202
  delete_option('bulletproof_security_options_mscan_p_hash_new');
203
 
204
  $mscan_plugin_hash_options_new = array(
211
  update_option('bulletproof_security_options_mscan_p_hash_new', $mscan_plugin_hash_options_new);
212
  }
213
 
 
214
  $mscan_plugin_hash = get_option('bulletproof_security_options_mscan_plugin_hash');
215
  $mscan_plugin_hash_new = get_option('bulletproof_security_options_mscan_p_hash_new');
216
 
227
  }
228
  }
229
 
 
230
  $array_diff_key_plugin_hash_version = array_diff_key($mscan_plugin_hash_new['bps_mscan_plugin_hash_version_check_new'], $mscan_plugin_hash['bps_mscan_plugin_hash_version_check']);
231
  $array_merge_new_plugin_hash_version = array_merge($plugin_hash_version_check_update_array, $array_diff_key_plugin_hash_version);
232
 
241
  }
242
  }
243
 
244
+ if ( $plugin_zip_file_download == '1' ) {
245
+
246
+ $plugin_hash_folder = WP_CONTENT_DIR . '/bps-backup/plugin-hashes/';
247
+ $total_zip_files = preg_grep('~\.(zip)$~', scandir($plugin_hash_folder));
248
+
249
+ $total_zip_files_array = array();
250
+
251
+ foreach ( $total_zip_files as $zip_file ) {
252
+ $total_zip_files_array[] = $zip_file;
253
+ }
254
+
255
+ $zip_files_array_count = count($total_zip_files_array);
256
+ $MScan_status = get_option('bulletproof_security_options_MScan_status');
257
+
258
+ if ( $zip_files_array_count == 0 ) {
259
+
260
+ $MScan_status_db = array(
261
+ 'bps_mscan_time_start' => $MScan_status['bps_mscan_time_start'],
262
+ 'bps_mscan_time_stop' => $MScan_status['bps_mscan_time_stop'],
263
+ 'bps_mscan_time_end' => $MScan_status['bps_mscan_time_end'],
264
+ 'bps_mscan_time_remaining' => $MScan_status['bps_mscan_time_remaining'],
265
+ 'bps_mscan_status' => '9',
266
+ 'bps_mscan_last_scan_timestamp' => $MScan_status['bps_mscan_last_scan_timestamp'],
267
+ 'bps_mscan_total_time' => $MScan_status['bps_mscan_total_time'],
268
+ 'bps_mscan_total_website_files' => '',
269
+ 'bps_mscan_total_wp_core_files' => $MScan_status['bps_mscan_total_wp_core_files'],
270
+ 'bps_mscan_total_non_image_files' => $MScan_status['bps_mscan_total_non_image_files'],
271
+ 'bps_mscan_total_image_files' => '',
272
+ 'bps_mscan_total_all_scannable_files' => 'Error: Plugin Zip File Download Failed',
273
+ 'bps_mscan_total_skipped_files' => $MScan_status['bps_mscan_total_skipped_files'],
274
+ 'bps_mscan_total_suspect_files' => $MScan_status['bps_mscan_total_suspect_files'],
275
+ 'bps_mscan_suspect_skipped_files' => $MScan_status['bps_mscan_suspect_skipped_files'],
276
+ 'bps_mscan_total_suspect_db' => $MScan_status['bps_mscan_total_suspect_db'],
277
+ 'bps_mscan_total_ignored_files' => $MScan_status['bps_mscan_total_ignored_files'],
278
+ 'bps_mscan_total_plugin_files' => $MScan_status['bps_mscan_total_plugin_files'],
279
+ 'bps_mscan_total_theme_files' => $MScan_status['bps_mscan_total_theme_files']
280
+ );
281
+
282
+ foreach( $MScan_status_db as $key => $value ) {
283
+ update_option('bulletproof_security_options_MScan_status', $MScan_status_db);
284
+ }
285
+
286
+ $mscan_hash_status_options = get_option('bulletproof_security_options_mscan_hash_status');
287
+
288
+ $mscan_wp_core_hash_status = isset($mscan_hash_status_options['mscan_wp_core_hash_status']) ? $mscan_hash_status_options['mscan_wp_core_hash_status'] : '';
289
+ $mscan_wp_core_hash_count = isset($mscan_hash_status_options['mscan_wp_core_hash_count']) ? $mscan_hash_status_options['mscan_wp_core_hash_count'] : '';
290
+ $mscan_plugin_hash_status = '0';
291
+ $mscan_plugin_hash_count = '0';
292
+ $mscan_theme_hash_status = isset($mscan_hash_status_options['mscan_theme_hash_status']) ? $mscan_hash_status_options['mscan_theme_hash_status'] : '';
293
+ $mscan_theme_hash_count = isset($mscan_hash_status_options['mscan_theme_hash_count']) ? $mscan_hash_status_options['mscan_theme_hash_count'] : '';
294
+
295
+ $mscan_hash_status_options_db = array(
296
+ 'mscan_wp_core_hash_status' => $mscan_wp_core_hash_status,
297
+ 'mscan_wp_core_hash_count' => $mscan_wp_core_hash_count,
298
+ 'mscan_plugin_hash_status' => $mscan_plugin_hash_status,
299
+ 'mscan_plugin_hash_count' => $mscan_plugin_hash_count,
300
+ 'mscan_theme_hash_status' => $mscan_theme_hash_status,
301
+ 'mscan_theme_hash_count' => $mscan_theme_hash_count
302
+ );
303
+
304
+ foreach( $mscan_hash_status_options_db as $key => $value ) {
305
+ update_option('bulletproof_security_options_mscan_hash_status', $mscan_hash_status_options_db);
306
+ }
307
+
308
+ fwrite( $handle, "Plugin Zip File Download: Error: Unable to download or copy Plugin zip files from WordPress.org.\r\n" );
309
+
310
+ return false;
311
+
312
+ } else {
313
+
314
+ $mscan_hash_status_options = get_option('bulletproof_security_options_mscan_hash_status');
315
+
316
+ $mscan_wp_core_hash_status = isset($mscan_hash_status_options['mscan_wp_core_hash_status']) ? $mscan_hash_status_options['mscan_wp_core_hash_status'] : '';
317
+ $mscan_wp_core_hash_count = isset($mscan_hash_status_options['mscan_wp_core_hash_count']) ? $mscan_hash_status_options['mscan_wp_core_hash_count'] : '';
318
+ $mscan_plugin_hash_status = '1';
319
+ $mscan_plugin_hash_count = $zip_files_array_count;
320
+ $mscan_theme_hash_status = isset($mscan_hash_status_options['mscan_theme_hash_status']) ? $mscan_hash_status_options['mscan_theme_hash_status'] : '';
321
+ $mscan_theme_hash_count = isset($mscan_hash_status_options['mscan_theme_hash_count']) ? $mscan_hash_status_options['mscan_theme_hash_count'] : '';
322
+
323
+ $mscan_hash_status_options_db = array(
324
+ 'mscan_wp_core_hash_status' => $mscan_wp_core_hash_status,
325
+ 'mscan_wp_core_hash_count' => $mscan_wp_core_hash_count,
326
+ 'mscan_plugin_hash_status' => $mscan_plugin_hash_status,
327
+ 'mscan_plugin_hash_count' => $mscan_plugin_hash_count,
328
+ 'mscan_theme_hash_status' => $mscan_theme_hash_status,
329
+ 'mscan_theme_hash_count' => $mscan_theme_hash_count
330
+ );
331
+
332
+ foreach( $mscan_hash_status_options_db as $key => $value ) {
333
+ update_option('bulletproof_security_options_mscan_hash_status', $mscan_hash_status_options_db);
334
+ }
335
+
336
+ fwrite( $handle, "Plugin Zip File Download: Total number of zip files downloaded: $zip_files_array_count.\r\n" );
337
+ }
338
+ }
339
+
340
  $time_end = microtime( true );
341
  $download_time = $time_end - $time_start;
342
 
355
  return true;
356
  }
357
 
 
 
 
358
  function bpsPro_plugin_zip_extractor() {
359
  global $wp_version;
360
 
453
  }
454
  }
455
 
 
 
456
  function bpsPro_plugin_hash_maker() {
457
  global $wp_version;
458
 
502
  }
503
  }
504
 
505
+ $plugin_name_key_array = array();
506
+
507
  if ( ! empty($plugin_dir_path_array) ) {
508
 
509
  $str1 = WP_CONTENT_DIR . '/bps-backup/plugin-hashes/';
528
  $mscan_plugin_hash = get_option('bulletproof_security_options_mscan_plugin_hash');
529
  $mscan_plugin_hash_new = get_option('bulletproof_security_options_mscan_p_hash_new');
530
 
 
 
531
  foreach ( $filePath as $key => $value ) {
532
 
533
  $key_value = preg_replace( '/(\\\\.*|\/.*)/', "", $value);
534
 
 
535
  if ( preg_match( '/hello-dolly(.*)readme\.txt/', $value ) ) {
536
  unset($value);
537
  $value = ! isset($value) ? '' : $value; // PHP8 weirdness
547
  }
548
  }
549
 
 
 
 
 
 
 
 
 
 
 
550
  $plugin_hash_folder = WP_CONTENT_DIR . '/bps-backup/plugin-hashes/';
551
  $plugin_files = preg_grep('~\.(php)$~', scandir($plugin_hash_folder));
552
 
563
  'bps_mscan_time_stop' => $MScan_status['bps_mscan_time_stop'],
564
  'bps_mscan_time_end' => $MScan_status['bps_mscan_time_end'],
565
  'bps_mscan_time_remaining' => $MScan_status['bps_mscan_time_remaining'],
566
+ 'bps_mscan_status' => '9',
567
  'bps_mscan_last_scan_timestamp' => $MScan_status['bps_mscan_last_scan_timestamp'],
568
  'bps_mscan_total_time' => $MScan_status['bps_mscan_total_time'],
569
  'bps_mscan_total_website_files' => '',
589
  }
590
 
591
  $mscan_plugin_hash_options_db_new = 'bulletproof_security_options_mscan_p_hash_new';
592
+ $mscan_plugin_hash = get_option('bulletproof_security_options_mscan_plugin_hash');
593
+ $mscan_plugin_hash_new = get_option('bulletproof_security_options_mscan_p_hash_new');
594
 
 
595
  if ( ! get_option( $mscan_plugin_hash_options_db_new ) ) {
596
 
597
  $mscan_plugin_hash_options = array(
604
  update_option('bulletproof_security_options_mscan_plugin_hash', $mscan_plugin_hash_options);
605
  }
606
 
607
+ } else {
608
 
609
  if ( ! empty($plugin_dir_path_array) ) {
610
 
 
611
  $mscan_plugin_hash_options = array(
612
  'bps_mscan_plugin_hash_version_check_new' => $mscan_plugin_hash_new['bps_mscan_plugin_hash_version_check_new'],
613
  'bps_mscan_plugin_hash_paths_new' => $plugin_name_key_array,
623
  $mscan_plugin_hash = get_option('bulletproof_security_options_mscan_plugin_hash');
624
  $mscan_plugin_hash_new = get_option('bulletproof_security_options_mscan_p_hash_new');
625
 
 
626
  $all_plugins = get_plugins();
627
 
628
  $active_plugins_array = array();
680
 
681
  if ( get_option( 'bulletproof_security_options_mscan_p_hash_new' ) ) {
682
 
 
683
  foreach ( $mscan_plugin_hash_new['bps_mscan_plugin_hash_paths_new'] as $key => $value ) {
684
 
685
  foreach ( $value as $inner_key => $inner_value ) {
697
 
698
  foreach ( $mscan_plugin_hash['bps_mscan_plugin_hash_paths'] as $key => $value ) {
699
 
 
 
700
  if ( ! in_array( $key, $installed_plugins_array_merged ) ) {
701
  unset($value);
702
  }
703
 
 
 
 
 
 
704
  if ( in_array( $key, $mscan_plugin_hash_new_array_keys ) ) {
705
  unset($value);
706
  }
710
  }
711
  }
712
  }
713
+
714
  $mscan_plugin_hash_options = array(
715
  'bps_mscan_plugin_hash_version_check' => $mscan_plugin_hash['bps_mscan_plugin_hash_version_check'],
716
  'bps_mscan_plugin_hash_paths' => $plugin_hash_removal_array,
746
  $mscan_plugin_hash = get_option('bulletproof_security_options_mscan_plugin_hash');
747
  $final_result = $mscan_plugin_hash['bps_mscan_plugin_hash_paths'];
748
 
 
 
 
 
 
 
 
 
 
749
  $mscan_plugin_hash_options_db = 'bulletproof_security_options_mscan_plugin_hash';
750
 
 
 
751
  if ( ! empty($mscan_plugin_hash_new_array_keys ) || ! get_option( 'bulletproof_security_options_mscan_p_hash_new' ) ) {
752
 
753
  $plugin_hashes_file = WP_CONTENT_DIR . '/bps-backup/plugin-hashes/plugin-hashes.php';
775
  fwrite( $handle, "Plugin MD5 File Hash Maker & Cleanup: plugin-hashes.php file created.\r\n" );
776
  fwrite( $handle, "Plugin MD5 File Hash Maker & Cleanup: Start /bps-backup/plugin-hashes/ folder cleanup.\r\n" );
777
 
 
778
  $plugin_hash_folder = WP_CONTENT_DIR . '/bps-backup/plugin-hashes/';
779
  $plugin_hash_file = WP_CONTENT_DIR . '/bps-backup/plugin-hashes/plugin-hashes.php';
780
 
includes/mscan-theme-hash-maker.php CHANGED
@@ -1,6 +1,5 @@
1
  <?php
2
- // Download the Theme zip file version based on the current Theme version installed.
3
- // Ensure that the Theme zip file is not downloaded repeatedly due to an error, issue or problem.
4
  function bpsPro_theme_zip_download($mstime) {
5
  global $wp_version;
6
 
@@ -58,23 +57,21 @@ global $wp_version;
58
  $mscan_theme_hash = get_option('bulletproof_security_options_mscan_theme_hash');
59
  $mscan_theme_hash_new = get_option('bulletproof_security_options_mscan_t_hash_new');
60
  $tmp_file = '';
 
61
  $theme_no_zip_array = array();
62
 
63
  foreach ( $all_themes_array as $key => $value ) {
64
 
65
- // Themes: https://downloads.wordpress.org/theme/theme-name.1.0.zip
66
  $theme_zip_file = $value . '.zip';
67
  $local_zip_file = WP_CONTENT_DIR . '/bps-backup/theme-hashes/' . $theme_zip_file;
68
 
69
- $theme_name = strstr($value, '.', true); // theme-name
70
- $theme_version = strstr($value, '.'); // .1.0
71
- $theme_version_nodot = substr($theme_version, 1); // 1.0
72
 
73
  $bps_mscan_theme_hash_version_check_array[$theme_name] = $theme_version_nodot;
74
  $bps_mscan_theme_hash_paths_array[$theme_name][] = '';
75
 
76
- // Check the WP Theme Repo for themes that do not exist in the Repo. ie premium/paid and custom themes.
77
- // Note: some themes do not include the version # in the zip file name. Those themes will not be downloaded.
78
  $theme_zip_file_url = 'https://downloads.wordpress.org/theme/' . $theme_zip_file;
79
 
80
  $response = wp_remote_get( $theme_zip_file_url );
@@ -90,15 +87,10 @@ global $wp_version;
90
 
91
  @$bps_mscan_theme_hash_version_check = isset($mscan_theme_hash['bps_mscan_theme_hash_version_check']) ? $mscan_theme_hash['bps_mscan_theme_hash_version_check']["$theme_name"] : '';
92
 
93
- // If the BPS DB option theme version matches then don't download another zip file and just log a log entry.
94
- // Note: Any themes not in the WP Theme Repository will be listed in the array for later use.
95
  if ( $bps_mscan_theme_hash_version_check == $theme_version_nodot ) {
96
 
97
- //fwrite( $handle, "Theme Zip File Download: No new Theme Zip files were downloaded.\r\n" );
98
-
99
  } else {
100
 
101
- // Extra Precaution: Don't download another zip file if it already exists.
102
  if ( ! file_exists($local_zip_file) ) {
103
 
104
  if ( file_exists($theme_hash_file) ) {
@@ -106,8 +98,6 @@ global $wp_version;
106
  $url = 'https://downloads.wordpress.org/theme/' . $theme_zip_file;
107
  $tmp_file = download_url( $url, $timeout = 300 );
108
 
109
- // Important: Do not use a return in this condition or all valid downloads will fail.
110
- // This condition prevents a fatal error on WP_ERROR in PHP 8, which halts processing.
111
  if ( is_wp_error( $tmp_file ) ) {
112
 
113
  fwrite( $handle, "Theme Zip File Download: WP_Error: Unable to download Theme zip file: $theme_zip_file from WordPress.org.\r\n" );
@@ -118,6 +108,8 @@ global $wp_version;
118
  fwrite( $handle, "Theme Zip File Download: Unable to download this Plugin zip file: $theme_zip_file\r\n" );
119
  } else {
120
  fwrite( $handle, "Theme Zip File Download: Zip file download successful: $theme_zip_file\r\n" );
 
 
121
  }
122
 
123
  unlink( $tmp_file );
@@ -135,10 +127,6 @@ global $wp_version;
135
  $bps_mscan_theme_hash_zip_file_array[$theme_name] = $zip_file;
136
  }
137
 
138
- // Update the non-downloadable theme DB option on each scan run.
139
- // display this db option in a the new report that will be created. ie these themes are not downloadable from WP. premium/paid and custom themes.
140
- // Add this help info: use the theme upload zip form to upload premium/paid or custom theme zip files
141
- // Any themes that are uploaded using the theme zip upload form will be automatically extracted, added to the theme hash array and deleted on next MScan run.
142
  $mscan_nodownload = get_option('bulletproof_security_options_mscan_nodownload');
143
  $bps_plugin_nodownload = isset( $mscan_nodownload['bps_plugin_nodownload']) ? $mscan_nodownload['bps_plugin_nodownload'] : '';
144
 
@@ -153,9 +141,6 @@ global $wp_version;
153
 
154
  $mscan_theme_hash_options_db = 'bulletproof_security_options_mscan_theme_hash';
155
 
156
- // I'm really only interested in preserving the Theme hash paths and updating the theme versions, everything else is an afterthought for future scaleability.
157
- // On first run theme hash paths are saved as an empty 2D array, theme version numbers are saved and zip file yes or no value is saved.
158
- // Theme hash paths and hashes are created in the Theme hash maker function.
159
  if ( ! get_option( $mscan_theme_hash_options_db ) ) {
160
 
161
  $mscan_theme_hash_options = array(
@@ -170,7 +155,6 @@ global $wp_version;
170
 
171
  } else {
172
 
173
- // All future runs create new DB arrays used in the Theme hash maker function to add or remove array values from the first run DB option.
174
  delete_option('bulletproof_security_options_mscan_t_hash_new');
175
 
176
  $mscan_theme_hash_options_new = array(
@@ -183,7 +167,6 @@ global $wp_version;
183
  update_option('bulletproof_security_options_mscan_t_hash_new', $mscan_theme_hash_options_new);
184
  }
185
 
186
- // Update any new Theme versions in the first run db option
187
  $mscan_theme_hash = get_option('bulletproof_security_options_mscan_theme_hash');
188
  $mscan_theme_hash_new = get_option('bulletproof_security_options_mscan_t_hash_new');
189
 
@@ -200,7 +183,6 @@ global $wp_version;
200
  }
201
  }
202
 
203
- // Update any new Theme versions & add/merge any new Themes by into the first run db option
204
  $array_diff_key_theme_hash_version = array_diff_key($mscan_theme_hash_new['bps_mscan_theme_hash_version_check_new'], $mscan_theme_hash['bps_mscan_theme_hash_version_check']);
205
  $array_merge_new_theme_hash_version = array_merge($theme_hash_version_check_update_array, $array_diff_key_theme_hash_version);
206
 
@@ -215,6 +197,102 @@ global $wp_version;
215
  }
216
  }
217
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
218
  $time_end = microtime( true );
219
  $download_time = $time_end - $time_start;
220
 
@@ -233,9 +311,6 @@ global $wp_version;
233
  return true;
234
  }
235
 
236
- // Extract the Theme zip files.
237
- // Note: The extracted Theme folders do not have a version number: /theme-name/
238
- // Both ZipArchive and PclZip have been tested.
239
  function bpsPro_theme_zip_extractor() {
240
  global $wp_version;
241
 
@@ -334,8 +409,100 @@ global $wp_version;
334
  }
335
  }
336
 
337
- // Creates an MD5 theme file hash array.
338
- // Cleanup: Deletes the theme zip files and the extracted theme folders.
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
339
  function bpsPro_theme_hash_maker() {
340
  global $wp_version;
341
 
@@ -368,6 +535,8 @@ global $wp_version;
368
 
369
  fwrite( $handle, "Theme MD5 File Hash Maker: Start creating the theme-hashes.php file.\r\n" );
370
 
 
 
371
  $source = WP_CONTENT_DIR . '/bps-backup/theme-hashes/';
372
  $gmt_offset = get_option( 'gmt_offset' ) * 3600;
373
 
@@ -385,7 +554,8 @@ global $wp_version;
385
  }
386
  }
387
 
388
- // If the $theme_dir_path_array array is empty there are no new theme folders to process
 
389
  if ( ! empty($theme_dir_path_array) ) {
390
 
391
  $str1 = WP_CONTENT_DIR . '/bps-backup/theme-hashes/';
@@ -410,8 +580,6 @@ global $wp_version;
410
  $mscan_theme_hash = get_option('bulletproof_security_options_mscan_theme_hash');
411
  $mscan_theme_hash_new = get_option('bulletproof_security_options_mscan_t_hash_new');
412
 
413
- $theme_name_key_array = array();
414
-
415
  foreach ( $filePath as $key => $value ) {
416
 
417
  $key_value = preg_replace( '/(\\\\.*|\/.*)/', "", $value);
@@ -422,16 +590,6 @@ global $wp_version;
422
  }
423
  }
424
 
425
- // Error Check: If any .php files exist in the theme-hashes folder that are not the theme-hashes.php file then the theme zip file
426
- // did not extract the theme files into a theme folder and instead extracted the files into the root theme-hashes folder.
427
- // Could be caused by an incorrect archive or if someone manually copies a theme zip that does not extract into a theme folder in the theme-hashes folder.
428
-
429
- // Important Note: The theme zip file must extract the theme zip file into a theme folder: /theme-name/
430
- // in order for someone to manually copy premium and custom themes into the /theme-hashes/ folder to be iterated and added to the hash array.
431
- // HALT script execution if any files exist in the /theme-hashes/ folder that are not the theme-hashes.php file.
432
- // Update the MScan option setting to: 3 to get out of a looping situation with status 2.
433
- // Use MScan Status: 3 and let the iframe js script update the status to 4 in case the estimated scan time is excessive.
434
-
435
  $theme_hash_folder = WP_CONTENT_DIR . '/bps-backup/theme-hashes/';
436
  $theme_files = preg_grep('~\.(php)$~', scandir($theme_hash_folder));
437
 
@@ -448,7 +606,7 @@ global $wp_version;
448
  'bps_mscan_time_stop' => $MScan_status['bps_mscan_time_stop'],
449
  'bps_mscan_time_end' => $MScan_status['bps_mscan_time_end'],
450
  'bps_mscan_time_remaining' => $MScan_status['bps_mscan_time_remaining'],
451
- 'bps_mscan_status' => '3',
452
  'bps_mscan_last_scan_timestamp' => $MScan_status['bps_mscan_last_scan_timestamp'],
453
  'bps_mscan_total_time' => $MScan_status['bps_mscan_total_time'],
454
  'bps_mscan_total_website_files' => '',
@@ -474,8 +632,9 @@ global $wp_version;
474
  }
475
 
476
  $mscan_theme_hash_options_db_new = 'bulletproof_security_options_mscan_t_hash_new';
477
-
478
- // First Run
 
479
  if ( ! get_option( $mscan_theme_hash_options_db_new ) ) {
480
 
481
  $mscan_theme_hash_options = array(
@@ -488,11 +647,10 @@ global $wp_version;
488
  update_option('bulletproof_security_options_mscan_theme_hash', $mscan_theme_hash_options);
489
  }
490
 
491
- } else { // All future Runs.
492
 
493
  if ( ! empty($theme_dir_path_array) ) {
494
 
495
- // Don't manually delete this option for testing - will cause problems.
496
  $mscan_theme_hash_options = array(
497
  'bps_mscan_theme_hash_version_check_new' => $mscan_theme_hash_new['bps_mscan_theme_hash_version_check_new'],
498
  'bps_mscan_theme_hash_paths_new' => $theme_name_key_array,
@@ -522,7 +680,6 @@ global $wp_version;
522
 
523
  if ( get_option( 'bulletproof_security_options_mscan_t_hash_new' ) ) {
524
 
525
- // Get the new hash array keys that have a value otherwise return an empty array of array keys.
526
  foreach ( $mscan_theme_hash_new['bps_mscan_theme_hash_paths_new'] as $key => $value ) {
527
 
528
  foreach ( $value as $inner_key => $inner_value ) {
@@ -537,20 +694,13 @@ global $wp_version;
537
  $theme_hash_removal_array = array();
538
 
539
  if ( ! empty( $mscan_theme_hash['bps_mscan_theme_hash_paths'] ) ) {
540
-
541
  foreach ( $mscan_theme_hash['bps_mscan_theme_hash_paths'] as $key => $value ) {
542
 
543
- // Theme Deleted/Removed:
544
- // Remove deleted themes from the First Run DB option array
545
  if ( ! in_array( $key, $all_themes_array ) ) {
546
  unset($value);
547
  }
548
 
549
- // Theme Updated:
550
- // Remove theme hashes (values) from the First Run DB option array ONLY if the key exists and the value is not empty in the new theme hash array.
551
- // The DB arrays will be merged at a later point. So this removes/unsets any matching keys in the first run array if the new hash array key matches
552
- // AND the value is not empty.
553
- // Important Note: The new hash array will ONLY contain the key and hashes for any new themes and nothing else - no other default keys.
554
  if ( in_array( $key, $mscan_theme_hash_new_array_keys ) ) {
555
  unset($value);
556
  }
@@ -560,7 +710,7 @@ global $wp_version;
560
  }
561
  }
562
  }
563
-
564
  $mscan_theme_hash_options = array(
565
  'bps_mscan_theme_hash_version_check' => $mscan_theme_hash['bps_mscan_theme_hash_version_check'],
566
  'bps_mscan_theme_hash_paths' => $theme_hash_removal_array,
@@ -596,19 +746,8 @@ global $wp_version;
596
  $mscan_theme_hash = get_option('bulletproof_security_options_mscan_theme_hash');
597
  $final_result = $mscan_theme_hash['bps_mscan_theme_hash_paths'];
598
 
599
- ## IMPORTANT!!! Do NOT sort the 2D array - very buggy.
600
- /*
601
- ksort($final_result);
602
-
603
- foreach( $final_result as &$value ) {
604
- ksort($value);
605
- }
606
- */
607
-
608
  $mscan_theme_hash_options_db = 'bulletproof_security_options_mscan_theme_hash';
609
 
610
- // Create the theme hash file on first time scan & on future scans if new theme hashes exist in the t_hash_new db array
611
- // This condition is important to limit potentional parse and fatal php errors when parsing the theme-hashes.php file in the MScan AJAX function.
612
  if ( ! empty($mscan_theme_hash_new_array_keys ) || ! get_option( 'bulletproof_security_options_mscan_t_hash_new' ) ) {
613
 
614
  $theme_hashes_file = WP_CONTENT_DIR . '/bps-backup/theme-hashes/theme-hashes.php';
@@ -636,7 +775,6 @@ global $wp_version;
636
  fwrite( $handle, "Theme MD5 File Hash Maker & Cleanup: theme-hashes.php file created.\r\n" );
637
  fwrite( $handle, "Theme MD5 File Hash Maker & Cleanup: Start /bps-backup/theme-hashes/ folder cleanup.\r\n" );
638
 
639
- // Cleanup
640
  $theme_hash_folder = WP_CONTENT_DIR . '/bps-backup/theme-hashes/';
641
  $theme_hash_file = WP_CONTENT_DIR . '/bps-backup/theme-hashes/theme-hashes.php';
642
 
1
  <?php
2
+
 
3
  function bpsPro_theme_zip_download($mstime) {
4
  global $wp_version;
5
 
57
  $mscan_theme_hash = get_option('bulletproof_security_options_mscan_theme_hash');
58
  $mscan_theme_hash_new = get_option('bulletproof_security_options_mscan_t_hash_new');
59
  $tmp_file = '';
60
+ $theme_zip_file_download = '';
61
  $theme_no_zip_array = array();
62
 
63
  foreach ( $all_themes_array as $key => $value ) {
64
 
 
65
  $theme_zip_file = $value . '.zip';
66
  $local_zip_file = WP_CONTENT_DIR . '/bps-backup/theme-hashes/' . $theme_zip_file;
67
 
68
+ $theme_name = strstr($value, '.', true);
69
+ $theme_version = strstr($value, '.');
70
+ $theme_version_nodot = substr($theme_version, 1);
71
 
72
  $bps_mscan_theme_hash_version_check_array[$theme_name] = $theme_version_nodot;
73
  $bps_mscan_theme_hash_paths_array[$theme_name][] = '';
74
 
 
 
75
  $theme_zip_file_url = 'https://downloads.wordpress.org/theme/' . $theme_zip_file;
76
 
77
  $response = wp_remote_get( $theme_zip_file_url );
87
 
88
  @$bps_mscan_theme_hash_version_check = isset($mscan_theme_hash['bps_mscan_theme_hash_version_check']) ? $mscan_theme_hash['bps_mscan_theme_hash_version_check']["$theme_name"] : '';
89
 
 
 
90
  if ( $bps_mscan_theme_hash_version_check == $theme_version_nodot ) {
91
 
 
 
92
  } else {
93
 
 
94
  if ( ! file_exists($local_zip_file) ) {
95
 
96
  if ( file_exists($theme_hash_file) ) {
98
  $url = 'https://downloads.wordpress.org/theme/' . $theme_zip_file;
99
  $tmp_file = download_url( $url, $timeout = 300 );
100
 
 
 
101
  if ( is_wp_error( $tmp_file ) ) {
102
 
103
  fwrite( $handle, "Theme Zip File Download: WP_Error: Unable to download Theme zip file: $theme_zip_file from WordPress.org.\r\n" );
108
  fwrite( $handle, "Theme Zip File Download: Unable to download this Plugin zip file: $theme_zip_file\r\n" );
109
  } else {
110
  fwrite( $handle, "Theme Zip File Download: Zip file download successful: $theme_zip_file\r\n" );
111
+
112
+ $theme_zip_file_download = '1';
113
  }
114
 
115
  unlink( $tmp_file );
127
  $bps_mscan_theme_hash_zip_file_array[$theme_name] = $zip_file;
128
  }
129
 
 
 
 
 
130
  $mscan_nodownload = get_option('bulletproof_security_options_mscan_nodownload');
131
  $bps_plugin_nodownload = isset( $mscan_nodownload['bps_plugin_nodownload']) ? $mscan_nodownload['bps_plugin_nodownload'] : '';
132
 
141
 
142
  $mscan_theme_hash_options_db = 'bulletproof_security_options_mscan_theme_hash';
143
 
 
 
 
144
  if ( ! get_option( $mscan_theme_hash_options_db ) ) {
145
 
146
  $mscan_theme_hash_options = array(
155
 
156
  } else {
157
 
 
158
  delete_option('bulletproof_security_options_mscan_t_hash_new');
159
 
160
  $mscan_theme_hash_options_new = array(
167
  update_option('bulletproof_security_options_mscan_t_hash_new', $mscan_theme_hash_options_new);
168
  }
169
 
 
170
  $mscan_theme_hash = get_option('bulletproof_security_options_mscan_theme_hash');
171
  $mscan_theme_hash_new = get_option('bulletproof_security_options_mscan_t_hash_new');
172
 
183
  }
184
  }
185
 
 
186
  $array_diff_key_theme_hash_version = array_diff_key($mscan_theme_hash_new['bps_mscan_theme_hash_version_check_new'], $mscan_theme_hash['bps_mscan_theme_hash_version_check']);
187
  $array_merge_new_theme_hash_version = array_merge($theme_hash_version_check_update_array, $array_diff_key_theme_hash_version);
188
 
197
  }
198
  }
199
 
200
+ if ( $theme_zip_file_download == '1' ) {
201
+
202
+ $theme_hash_folder = WP_CONTENT_DIR . '/bps-backup/theme-hashes/';
203
+ $total_zip_files = preg_grep('~\.(zip)$~', scandir($theme_hash_folder));
204
+
205
+ $total_zip_files_array = array();
206
+
207
+ foreach ( $total_zip_files as $zip_file ) {
208
+ $total_zip_files_array[] = $zip_file;
209
+ }
210
+
211
+ $zip_files_array_count = count($total_zip_files_array);
212
+ $MScan_status = get_option('bulletproof_security_options_MScan_status');
213
+
214
+ if ( $zip_files_array_count == 0 ) {
215
+
216
+ $MScan_status_db = array(
217
+ 'bps_mscan_time_start' => $MScan_status['bps_mscan_time_start'],
218
+ 'bps_mscan_time_stop' => $MScan_status['bps_mscan_time_stop'],
219
+ 'bps_mscan_time_end' => $MScan_status['bps_mscan_time_end'],
220
+ 'bps_mscan_time_remaining' => $MScan_status['bps_mscan_time_remaining'],
221
+ 'bps_mscan_status' => '9',
222
+ 'bps_mscan_last_scan_timestamp' => $MScan_status['bps_mscan_last_scan_timestamp'],
223
+ 'bps_mscan_total_time' => $MScan_status['bps_mscan_total_time'],
224
+ 'bps_mscan_total_website_files' => '',
225
+ 'bps_mscan_total_wp_core_files' => $MScan_status['bps_mscan_total_wp_core_files'],
226
+ 'bps_mscan_total_non_image_files' => $MScan_status['bps_mscan_total_non_image_files'],
227
+ 'bps_mscan_total_image_files' => '',
228
+ 'bps_mscan_total_all_scannable_files' => 'Error: Theme Zip File Download Failed',
229
+ 'bps_mscan_total_skipped_files' => $MScan_status['bps_mscan_total_skipped_files'],
230
+ 'bps_mscan_total_suspect_files' => $MScan_status['bps_mscan_total_suspect_files'],
231
+ 'bps_mscan_suspect_skipped_files' => $MScan_status['bps_mscan_suspect_skipped_files'],
232
+ 'bps_mscan_total_suspect_db' => $MScan_status['bps_mscan_total_suspect_db'],
233
+ 'bps_mscan_total_ignored_files' => $MScan_status['bps_mscan_total_ignored_files'],
234
+ 'bps_mscan_total_plugin_files' => $MScan_status['bps_mscan_total_plugin_files'],
235
+ 'bps_mscan_total_theme_files' => $MScan_status['bps_mscan_total_theme_files']
236
+ );
237
+
238
+ foreach( $MScan_status_db as $key => $value ) {
239
+ update_option('bulletproof_security_options_MScan_status', $MScan_status_db);
240
+ }
241
+
242
+ $mscan_hash_status_options = get_option('bulletproof_security_options_mscan_hash_status');
243
+
244
+ $mscan_wp_core_hash_status = isset($mscan_hash_status_options['mscan_wp_core_hash_status']) ? $mscan_hash_status_options['mscan_wp_core_hash_status'] : '';
245
+ $mscan_wp_core_hash_count = isset($mscan_hash_status_options['mscan_wp_core_hash_count']) ? $mscan_hash_status_options['mscan_wp_core_hash_count'] : '';
246
+ $mscan_plugin_hash_status = isset($mscan_hash_status_options['mscan_plugin_hash_status']) ? $mscan_hash_status_options['mscan_plugin_hash_status'] : '';
247
+ $mscan_plugin_hash_count = isset($mscan_hash_status_options['mscan_plugin_hash_count']) ? $mscan_hash_status_options['mscan_plugin_hash_count'] : '';
248
+ $mscan_theme_hash_status = '0';
249
+ $mscan_theme_hash_count = '0';
250
+
251
+ $mscan_hash_status_options_db = array(
252
+ 'mscan_wp_core_hash_status' => $mscan_wp_core_hash_status,
253
+ 'mscan_wp_core_hash_count' => $mscan_wp_core_hash_count,
254
+ 'mscan_plugin_hash_status' => $mscan_plugin_hash_status,
255
+ 'mscan_plugin_hash_count' => $mscan_plugin_hash_count,
256
+ 'mscan_theme_hash_status' => $mscan_theme_hash_status,
257
+ 'mscan_theme_hash_count' => $mscan_theme_hash_count
258
+ );
259
+
260
+ foreach( $mscan_hash_status_options_db as $key => $value ) {
261
+ update_option('bulletproof_security_options_mscan_hash_status', $mscan_hash_status_options_db);
262
+ }
263
+
264
+ fwrite( $handle, "Theme Zip File Download: Error: Unable to download or copy Theme zip files from WordPress.org.\r\n" );
265
+
266
+ return false;
267
+
268
+ } else {
269
+
270
+ $mscan_hash_status_options = get_option('bulletproof_security_options_mscan_hash_status');
271
+
272
+ $mscan_wp_core_hash_status = isset($mscan_hash_status_options['mscan_wp_core_hash_status']) ? $mscan_hash_status_options['mscan_wp_core_hash_status'] : '';
273
+ $mscan_wp_core_hash_count = isset($mscan_hash_status_options['mscan_wp_core_hash_count']) ? $mscan_hash_status_options['mscan_wp_core_hash_count'] : '';
274
+ $mscan_plugin_hash_status = isset($mscan_hash_status_options['mscan_plugin_hash_status']) ? $mscan_hash_status_options['mscan_plugin_hash_status'] : '';
275
+ $mscan_plugin_hash_count = isset($mscan_hash_status_options['mscan_plugin_hash_count']) ? $mscan_hash_status_options['mscan_plugin_hash_count'] : '';
276
+ $mscan_theme_hash_status = '1';
277
+ $mscan_theme_hash_count = $zip_files_array_count;
278
+
279
+ $mscan_hash_status_options_db = array(
280
+ 'mscan_wp_core_hash_status' => $mscan_wp_core_hash_status,
281
+ 'mscan_wp_core_hash_count' => $mscan_wp_core_hash_count,
282
+ 'mscan_plugin_hash_status' => $mscan_plugin_hash_status,
283
+ 'mscan_plugin_hash_count' => $mscan_plugin_hash_count,
284
+ 'mscan_theme_hash_status' => $mscan_theme_hash_status,
285
+ 'mscan_theme_hash_count' => $mscan_theme_hash_count
286
+ );
287
+
288
+ foreach( $mscan_hash_status_options_db as $key => $value ) {
289
+ update_option('bulletproof_security_options_mscan_hash_status', $mscan_hash_status_options_db);
290
+ }
291
+
292
+ fwrite( $handle, "Theme Zip File Download: Total number of zip files downloaded: $zip_files_array_count.\r\n" );
293
+ }
294
+ }
295
+
296
  $time_end = microtime( true );
297
  $download_time = $time_end - $time_start;
298
 
311
  return true;
312
  }
313
 
 
 
 
314
  function bpsPro_theme_zip_extractor() {
315
  global $wp_version;
316
 
409
  }
410
  }
411
 
412
+ function bpsPro_wp_theme_crlf_format_conversion() {
413
+
414
+ $mscan_log = WP_CONTENT_DIR . '/bps-backup/logs/mscan_log.txt';
415
+ $handle = fopen( $mscan_log, 'a' );
416
+
417
+ $wp_theme_array = array( 'twentythirty', 'twentytwentynine', 'twentytwentyeight', 'twentytwentyseven', 'twentytwentysix', 'twentytwentyfive', 'twentytwentyfour', 'twentytwentythree', 'twentytwentytwo', 'twentytwentyone', 'twentytwenty', 'twentynineteen', 'twentyseventeen', 'twentysixteen', 'twentyfifteen', 'twentyfourteen', 'twentythirteen', 'twentytwelve', 'twentyeleven', 'twentyten' );
418
+
419
+ $source = WP_CONTENT_DIR . '/bps-backup/theme-hashes/';
420
+
421
+ $theme_dir_path_array = array();
422
+
423
+ if ( is_dir($source) ) {
424
+ $iterator = new DirectoryIterator($source);
425
+
426
+ foreach ( $iterator as $files ) {
427
+ if ( $files->isDir() && ! $files->isDot() ) {
428
+
429
+ if ( in_array( $files->getBasename(), $wp_theme_array ) ) {
430
+
431
+ $theme_dir_path_array[] = $files->getPathname();
432
+ }
433
+ }
434
+ }
435
+ }
436
+
437
+ if ( ! empty($theme_dir_path_array) ) {
438
+
439
+ fwrite( $handle, "Theme MD5 File Hash Maker: WP Theme CR LF conversion to LF format.\r\n" );
440
+
441
+ foreach ( $theme_dir_path_array as $theme_dir_path ) {
442
+
443
+ $objects = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($theme_dir_path), RecursiveIteratorIterator::SELF_FIRST);
444
+
445
+ foreach ( $objects as $files ) {
446
+
447
+ if ( $files->isFile() ) {
448
+
449
+ $ext = pathinfo( strtolower($files->getPathname()), PATHINFO_EXTENSION );
450
+
451
+ if ( $ext == 'php' || $ext == 'js' || $ext == 'json' || $ext == 'txt' || $ext == 'css' || $ext == 'scss' || $ext == 'md' || $ext == 'html' ) {
452
+
453
+ $file_contents = file_get_contents( $files->getPathname() );
454
+ $crlf_conversion = str_replace( "\r\n", "\n", $file_contents );
455
+
456
+ file_put_contents( $files->getPathname(), $crlf_conversion );
457
+ }
458
+ }
459
+ }
460
+ }
461
+
462
+ $source_live = get_theme_root();
463
+
464
+ $theme_dir_path_live_array = array();
465
+
466
+ if ( is_dir($source_live) ) {
467
+ $iterator = new DirectoryIterator($source_live);
468
+
469
+ foreach ( $iterator as $files ) {
470
+ if ( $files->isDir() && ! $files->isDot() ) {
471
+
472
+ if ( in_array( $files->getBasename(), $wp_theme_array ) ) {
473
+
474
+ $theme_dir_path_live_array[] = $files->getPathname();
475
+ }
476
+ }
477
+ }
478
+ }
479
+
480
+ if ( ! empty($theme_dir_path_live_array) ) {
481
+
482
+ foreach ( $theme_dir_path_live_array as $theme_dir_path_live ) {
483
+
484
+ $objects = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($theme_dir_path_live), RecursiveIteratorIterator::SELF_FIRST);
485
+
486
+ foreach ( $objects as $files ) {
487
+
488
+ if ( $files->isFile() ) {
489
+
490
+ $ext = pathinfo( strtolower($files->getPathname()), PATHINFO_EXTENSION );
491
+
492
+ if ( $ext == 'php' || $ext == 'js' || $ext == 'json' || $ext == 'txt' || $ext == 'css' || $ext == 'scss' || $ext == 'md' || $ext == 'html' ) {
493
+
494
+ $file_contents = file_get_contents( $files->getPathname() );
495
+ $crlf_conversion = str_replace( "\r\n", "\n", $file_contents );
496
+
497
+ file_put_contents( $files->getPathname(), $crlf_conversion );
498
+ }
499
+ }
500
+ }
501
+ }
502
+ }
503
+ }
504
+ }
505
+
506
  function bpsPro_theme_hash_maker() {
507
  global $wp_version;
508
 
535
 
536
  fwrite( $handle, "Theme MD5 File Hash Maker: Start creating the theme-hashes.php file.\r\n" );
537
 
538
+ bpsPro_wp_theme_crlf_format_conversion();
539
+
540
  $source = WP_CONTENT_DIR . '/bps-backup/theme-hashes/';
541
  $gmt_offset = get_option( 'gmt_offset' ) * 3600;
542
 
554
  }
555
  }
556
 
557
+ $theme_name_key_array = array();
558
+
559
  if ( ! empty($theme_dir_path_array) ) {
560
 
561
  $str1 = WP_CONTENT_DIR . '/bps-backup/theme-hashes/';
580
  $mscan_theme_hash = get_option('bulletproof_security_options_mscan_theme_hash');
581
  $mscan_theme_hash_new = get_option('bulletproof_security_options_mscan_t_hash_new');
582
 
 
 
583
  foreach ( $filePath as $key => $value ) {
584
 
585
  $key_value = preg_replace( '/(\\\\.*|\/.*)/', "", $value);
590
  }
591
  }
592
 
 
 
 
 
 
 
 
 
 
 
593
  $theme_hash_folder = WP_CONTENT_DIR . '/bps-backup/theme-hashes/';
594
  $theme_files = preg_grep('~\.(php)$~', scandir($theme_hash_folder));
595
 
606
  'bps_mscan_time_stop' => $MScan_status['bps_mscan_time_stop'],
607
  'bps_mscan_time_end' => $MScan_status['bps_mscan_time_end'],
608
  'bps_mscan_time_remaining' => $MScan_status['bps_mscan_time_remaining'],
609
+ 'bps_mscan_status' => '9',
610
  'bps_mscan_last_scan_timestamp' => $MScan_status['bps_mscan_last_scan_timestamp'],
611
  'bps_mscan_total_time' => $MScan_status['bps_mscan_total_time'],
612
  'bps_mscan_total_website_files' => '',
632
  }
633
 
634
  $mscan_theme_hash_options_db_new = 'bulletproof_security_options_mscan_t_hash_new';
635
+ $mscan_theme_hash = get_option('bulletproof_security_options_mscan_theme_hash');
636
+ $mscan_theme_hash_new = get_option('bulletproof_security_options_mscan_t_hash_new');
637
+
638
  if ( ! get_option( $mscan_theme_hash_options_db_new ) ) {
639
 
640
  $mscan_theme_hash_options = array(
647
  update_option('bulletproof_security_options_mscan_theme_hash', $mscan_theme_hash_options);
648
  }
649
 
650
+ } else {
651
 
652
  if ( ! empty($theme_dir_path_array) ) {
653
 
 
654
  $mscan_theme_hash_options = array(
655
  'bps_mscan_theme_hash_version_check_new' => $mscan_theme_hash_new['bps_mscan_theme_hash_version_check_new'],
656
  'bps_mscan_theme_hash_paths_new' => $theme_name_key_array,
680
 
681
  if ( get_option( 'bulletproof_security_options_mscan_t_hash_new' ) ) {
682
 
 
683
  foreach ( $mscan_theme_hash_new['bps_mscan_theme_hash_paths_new'] as $key => $value ) {
684
 
685
  foreach ( $value as $inner_key => $inner_value ) {
694
  $theme_hash_removal_array = array();
695
 
696
  if ( ! empty( $mscan_theme_hash['bps_mscan_theme_hash_paths'] ) ) {
697
+
698
  foreach ( $mscan_theme_hash['bps_mscan_theme_hash_paths'] as $key => $value ) {
699
 
 
 
700
  if ( ! in_array( $key, $all_themes_array ) ) {
701
  unset($value);
702
  }
703
 
 
 
 
 
 
704
  if ( in_array( $key, $mscan_theme_hash_new_array_keys ) ) {
705
  unset($value);
706
  }
710
  }
711
  }
712
  }
713
+
714
  $mscan_theme_hash_options = array(
715
  'bps_mscan_theme_hash_version_check' => $mscan_theme_hash['bps_mscan_theme_hash_version_check'],
716
  'bps_mscan_theme_hash_paths' => $theme_hash_removal_array,
746
  $mscan_theme_hash = get_option('bulletproof_security_options_mscan_theme_hash');
747
  $final_result = $mscan_theme_hash['bps_mscan_theme_hash_paths'];
748
 
 
 
 
 
 
 
 
 
 
749
  $mscan_theme_hash_options_db = 'bulletproof_security_options_mscan_theme_hash';
750
 
 
 
751
  if ( ! empty($mscan_theme_hash_new_array_keys ) || ! get_option( 'bulletproof_security_options_mscan_t_hash_new' ) ) {
752
 
753
  $theme_hashes_file = WP_CONTENT_DIR . '/bps-backup/theme-hashes/theme-hashes.php';
775
  fwrite( $handle, "Theme MD5 File Hash Maker & Cleanup: theme-hashes.php file created.\r\n" );
776
  fwrite( $handle, "Theme MD5 File Hash Maker & Cleanup: Start /bps-backup/theme-hashes/ folder cleanup.\r\n" );
777
 
 
778
  $theme_hash_folder = WP_CONTENT_DIR . '/bps-backup/theme-hashes/';
779
  $theme_hash_file = WP_CONTENT_DIR . '/bps-backup/theme-hashes/theme-hashes.php';
780
 
includes/mscan-wp-core-hash-maker.php CHANGED
@@ -1,8 +1,5 @@
1
  <?php
2
- // Download the WordPress zip file version based on the current WP version installed.
3
- // Ensure that the WP zip file is not downloaded repeatedly due to an error, issue or problem.
4
- ## 13.8: Removed cURL GET code and replaced with simple fopen code. It is unnecessary to use the WP HTTP API for something as simple as a zip file download.
5
- ## 13.9: changed fopen code to download_url() function due to problems with allow_url_fopen being turned off.
6
  function bpsPro_wp_zip_download($mstime) {
7
  global $wp_version;
8
 
@@ -32,8 +29,22 @@ global $wp_version;
32
 
33
  if ( file_exists($local_zip_file) ) {
34
  fwrite( $handle, "WP Zip File Download: The $wp_zip_file already exists and was not downloaded again.\r\n" );
35
- fclose($handle);
36
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
37
  return true;
38
  }
39
 
@@ -44,8 +55,22 @@ global $wp_version;
44
 
45
  if ( strpos( $check_string, "WordPress $wp_version Hashes" ) ) {
46
  fwrite( $handle, "WP Zip File Download: The wp-hashes.php file already exists for WordPress $wp_version. The $wp_zip_file was not downloaded again.\r\n" );
47
- fclose($handle);
48
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
49
  return true;
50
  }
51
  }
@@ -54,13 +79,123 @@ global $wp_version;
54
 
55
  $url = 'https://wordpress.org/latest.zip';
56
  $tmp_file = download_url( $url, $timeout = 300 );
 
 
 
 
 
57
 
58
- if ( ! copy( $tmp_file, $local_zip_file ) ) {
59
- fwrite( $handle, "WP Zip File Download Error: Unable to download the WordPress zip file from $url\r\n" );
60
- fwrite( $handle, "Manual Solution: You will need to manually download the WordPress zip file to your computer, unzip it and then use FTP and upload the unzipped /wordpress/ folder to this BPS folder: $wp_hashes_dir\r\n" );
 
 
 
 
 
 
 
 
 
 
 
61
  }
 
 
62
 
63
- unlink( $tmp_file );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
64
 
65
  $time_end = microtime( true );
66
  $download_time = $time_end - $time_start;
@@ -80,8 +215,6 @@ global $wp_version;
80
  return true;
81
  }
82
 
83
- // Extract the downloaded WordPress zip file.
84
- // The extracted WordPress folder name is: /wordpress/
85
  function bpsPro_wp_zip_extractor() {
86
  global $wp_version;
87
 
@@ -101,8 +234,22 @@ global $wp_version;
101
 
102
  if ( strpos( $check_string, "WordPress $wp_version Hashes" ) ) {
103
  fwrite( $handle, "WP Zip File Extraction: The wp-hashes.php file already exists for WordPress $wp_version. The wordpress-$wp_version.zip file does not need to be extracted.\r\n" );
104
- fclose($handle);
105
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
106
  return true;
107
  }
108
  }
@@ -200,8 +347,6 @@ global $wp_version;
200
  }
201
  }
202
 
203
- // Create the wp-hashes.php file array, which contains all MD5 file hashes for all current WP Core files.
204
- // Cleanup: Deletes the wp zip file and the extracted /wordpress/ folder.
205
  function bpsPro_wp_hash_maker() {
206
  global $wp_version;
207
 
@@ -237,8 +382,22 @@ global $wp_version;
237
 
238
  if ( strpos( $check_string, "WordPress $wp_version Hashes" ) ) {
239
  fwrite( $handle, "WP MD5 File Hash Maker: The wp-hashes.php file already exists for WordPress $wp_version. The wp-hashes.php file was not created again.\r\n" );
240
- fclose($handle);
241
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
242
  return true;
243
  }
244
  }
@@ -285,7 +444,6 @@ global $wp_version;
285
  fwrite( $handle, "WP MD5 File Hash Maker & Cleanup: wp-hashes.php file created.\r\n" );
286
  fwrite( $handle, "WP MD5 File Hash Maker & Cleanup: Start /bps-backup/wp-hashes/ folder cleanup.\r\n" );
287
 
288
- // Cleanup
289
  $wp_zip_file = 'wordpress-'. $wp_version . '.zip';
290
  $local_zip_file = WP_CONTENT_DIR . '/bps-backup/wp-hashes/' . $wp_zip_file;
291
 
1
  <?php
2
+
 
 
 
3
  function bpsPro_wp_zip_download($mstime) {
4
  global $wp_version;
5
 
29
 
30
  if ( file_exists($local_zip_file) ) {
31
  fwrite( $handle, "WP Zip File Download: The $wp_zip_file already exists and was not downloaded again.\r\n" );
 
32
 
33
+ $time_end = microtime( true );
34
+ $download_time = $time_end - $time_start;
35
+
36
+ $hours = (int)($download_time / 60 / 60);
37
+ $minutes = (int)($download_time / 60) - $hours * 60;
38
+ $seconds = (int)$download_time - $hours * 60 * 60 - $minutes * 60;
39
+ $hours_format = $hours == 0 ? "00" : $hours;
40
+ $minutes_format = $minutes == 0 ? "00" : ($minutes < 10 ? "0".$minutes : $minutes);
41
+ $seconds_format = $seconds == 0 ? "00" : ($seconds < 10 ? "0".$seconds : $seconds);
42
+
43
+ $download_time_log = 'WP Zip File Download Completion Time: '. $hours_format . ':'. $minutes_format . ':' . $seconds_format;
44
+
45
+ fwrite( $handle, "$download_time_log\r\n" );
46
+ fclose($handle);
47
+
48
  return true;
49
  }
50
 
55
 
56
  if ( strpos( $check_string, "WordPress $wp_version Hashes" ) ) {
57
  fwrite( $handle, "WP Zip File Download: The wp-hashes.php file already exists for WordPress $wp_version. The $wp_zip_file was not downloaded again.\r\n" );
 
58
 
59
+ $time_end = microtime( true );
60
+ $download_time = $time_end - $time_start;
61
+
62
+ $hours = (int)($download_time / 60 / 60);
63
+ $minutes = (int)($download_time / 60) - $hours * 60;
64
+ $seconds = (int)$download_time - $hours * 60 * 60 - $minutes * 60;
65
+ $hours_format = $hours == 0 ? "00" : $hours;
66
+ $minutes_format = $minutes == 0 ? "00" : ($minutes < 10 ? "0".$minutes : $minutes);
67
+ $seconds_format = $seconds == 0 ? "00" : ($seconds < 10 ? "0".$seconds : $seconds);
68
+
69
+ $download_time_log = 'WP Zip File Download Completion Time: '. $hours_format . ':'. $minutes_format . ':' . $seconds_format;
70
+
71
+ fwrite( $handle, "$download_time_log\r\n" );
72
+ fclose($handle);
73
+
74
  return true;
75
  }
76
  }
79
 
80
  $url = 'https://wordpress.org/latest.zip';
81
  $tmp_file = download_url( $url, $timeout = 300 );
82
+ $wp_core_zip_file_download = '';
83
+
84
+ if ( is_wp_error( $tmp_file ) ) {
85
+
86
+ fwrite( $handle, "WP Zip File Download: WP_Error: Unable to download the WP zip file: $wp_zip_file from WordPress.org.\r\n" );
87
 
88
+ } else {
89
+
90
+ if ( ! copy( $tmp_file, $local_zip_file ) ) {
91
+ fwrite( $handle, "WP Zip File Download Error: Unable to download the WordPress zip file from $url\r\n" );
92
+ fwrite( $handle, "Manual Solution: You will need to manually download the WordPress zip file to your computer, unzip it and then use FTP and upload the unzipped /wordpress/ folder to this BPS folder: $wp_hashes_dir\r\n" );
93
+
94
+ } else {
95
+
96
+ fwrite( $handle, "WP Zip File Download: Zip file download successful: $wp_zip_file\r\n" );
97
+
98
+ $wp_core_zip_file_download = '1';
99
+ }
100
+
101
+ unlink( $tmp_file );
102
  }
103
+
104
+ if ( $wp_core_zip_file_download == '1' ) {
105
 
106
+ $wp_core_hash_folder = WP_CONTENT_DIR . '/bps-backup/wp-hashes/';
107
+ $total_zip_files = preg_grep('~\.(zip)$~', scandir($wp_core_hash_folder));
108
+
109
+ $total_zip_files_array = array();
110
+
111
+ foreach ( $total_zip_files as $zip_file ) {
112
+ $total_zip_files_array[] = $zip_file;
113
+ }
114
+
115
+ $zip_files_array_count = count($total_zip_files_array);
116
+ $MScan_status = get_option('bulletproof_security_options_MScan_status');
117
+
118
+ if ( $zip_files_array_count == 0 ) {
119
+
120
+ $MScan_status_db = array(
121
+ 'bps_mscan_time_start' => $MScan_status['bps_mscan_time_start'],
122
+ 'bps_mscan_time_stop' => $MScan_status['bps_mscan_time_stop'],
123
+ 'bps_mscan_time_end' => $MScan_status['bps_mscan_time_end'],
124
+ 'bps_mscan_time_remaining' => $MScan_status['bps_mscan_time_remaining'],
125
+ 'bps_mscan_status' => '9',
126
+ 'bps_mscan_last_scan_timestamp' => $MScan_status['bps_mscan_last_scan_timestamp'],
127
+ 'bps_mscan_total_time' => $MScan_status['bps_mscan_total_time'],
128
+ 'bps_mscan_total_website_files' => '',
129
+ 'bps_mscan_total_wp_core_files' => $MScan_status['bps_mscan_total_wp_core_files'],
130
+ 'bps_mscan_total_non_image_files' => $MScan_status['bps_mscan_total_non_image_files'],
131
+ 'bps_mscan_total_image_files' => '',
132
+ 'bps_mscan_total_all_scannable_files' => 'Error: WP Core Zip download failed',
133
+ 'bps_mscan_total_skipped_files' => $MScan_status['bps_mscan_total_skipped_files'],
134
+ 'bps_mscan_total_suspect_files' => $MScan_status['bps_mscan_total_suspect_files'],
135
+ 'bps_mscan_suspect_skipped_files' => $MScan_status['bps_mscan_suspect_skipped_files'],
136
+ 'bps_mscan_total_suspect_db' => $MScan_status['bps_mscan_total_suspect_db'],
137
+ 'bps_mscan_total_ignored_files' => $MScan_status['bps_mscan_total_ignored_files'],
138
+ 'bps_mscan_total_plugin_files' => $MScan_status['bps_mscan_total_plugin_files'],
139
+ 'bps_mscan_total_theme_files' => $MScan_status['bps_mscan_total_theme_files']
140
+ );
141
+
142
+ foreach( $MScan_status_db as $key => $value ) {
143
+ update_option('bulletproof_security_options_MScan_status', $MScan_status_db);
144
+ }
145
+
146
+ $mscan_hash_status_options = get_option('bulletproof_security_options_mscan_hash_status');
147
+
148
+ $mscan_wp_core_hash_status = '0';
149
+ $mscan_wp_core_hash_count = '0';
150
+ $mscan_plugin_hash_status = isset($mscan_hash_status_options['mscan_plugin_hash_status']) ? $mscan_hash_status_options['mscan_plugin_hash_status'] : '';
151
+ $mscan_plugin_hash_count = isset($mscan_hash_status_options['mscan_plugin_hash_count']) ? $mscan_hash_status_options['mscan_plugin_hash_count'] : '';
152
+ $mscan_theme_hash_status = isset($mscan_hash_status_options['mscan_theme_hash_status']) ? $mscan_hash_status_options['mscan_theme_hash_status'] : '';
153
+ $mscan_theme_hash_count = isset($mscan_hash_status_options['mscan_theme_hash_count']) ? $mscan_hash_status_options['mscan_theme_hash_count'] : '';
154
+
155
+ $mscan_hash_status_options_db = array(
156
+ 'mscan_wp_core_hash_status' => $mscan_wp_core_hash_status,
157
+ 'mscan_wp_core_hash_count' => $mscan_wp_core_hash_count,
158
+ 'mscan_plugin_hash_status' => $mscan_plugin_hash_status,
159
+ 'mscan_plugin_hash_count' => $mscan_plugin_hash_count,
160
+ 'mscan_theme_hash_status' => $mscan_theme_hash_status,
161
+ 'mscan_theme_hash_count' => $mscan_theme_hash_count
162
+ );
163
+
164
+ foreach( $mscan_hash_status_options_db as $key => $value ) {
165
+ update_option('bulletproof_security_options_mscan_hash_status', $mscan_hash_status_options_db);
166
+ }
167
+
168
+ fwrite( $handle, "WP Zip File Download: Error: Unable to download or copy the WP Core zip file from WordPress.org.\r\n" );
169
+
170
+ return false;
171
+
172
+ } else {
173
+
174
+ $mscan_hash_status_options = get_option('bulletproof_security_options_mscan_hash_status');
175
+
176
+ $mscan_wp_core_hash_status = '1';
177
+ $mscan_wp_core_hash_count = $zip_files_array_count;
178
+ $mscan_plugin_hash_status = isset($mscan_hash_status_options['mscan_plugin_hash_status']) ? $mscan_hash_status_options['mscan_plugin_hash_status'] : '';
179
+ $mscan_plugin_hash_count = isset($mscan_hash_status_options['mscan_plugin_hash_count']) ? $mscan_hash_status_options['mscan_plugin_hash_count'] : '';
180
+ $mscan_theme_hash_status = isset($mscan_hash_status_options['mscan_theme_hash_status']) ? $mscan_hash_status_options['mscan_theme_hash_status'] : '';
181
+ $mscan_theme_hash_count = isset($mscan_hash_status_options['mscan_theme_hash_count']) ? $mscan_hash_status_options['mscan_theme_hash_count'] : '';
182
+
183
+ $mscan_hash_status_options_db = array(
184
+ 'mscan_wp_core_hash_status' => $mscan_wp_core_hash_status,
185
+ 'mscan_wp_core_hash_count' => $mscan_wp_core_hash_count,
186
+ 'mscan_plugin_hash_status' => $mscan_plugin_hash_status,
187
+ 'mscan_plugin_hash_count' => $mscan_plugin_hash_count,
188
+ 'mscan_theme_hash_status' => $mscan_theme_hash_status,
189
+ 'mscan_theme_hash_count' => $mscan_theme_hash_count
190
+ );
191
+
192
+ foreach( $mscan_hash_status_options_db as $key => $value ) {
193
+ update_option('bulletproof_security_options_mscan_hash_status', $mscan_hash_status_options_db);
194
+ }
195
+
196
+ fwrite( $handle, "WP Zip File Download: FailSafe Check: Total number of zip files downloaded: $zip_files_array_count.\r\n" );
197
+ }
198
+ }
199
 
200
  $time_end = microtime( true );
201
  $download_time = $time_end - $time_start;
215
  return true;
216
  }
217
 
 
 
218
  function bpsPro_wp_zip_extractor() {
219
  global $wp_version;
220
 
234
 
235
  if ( strpos( $check_string, "WordPress $wp_version Hashes" ) ) {
236
  fwrite( $handle, "WP Zip File Extraction: The wp-hashes.php file already exists for WordPress $wp_version. The wordpress-$wp_version.zip file does not need to be extracted.\r\n" );
 
237
 
238
+ $time_end = microtime( true );
239
+ $zip_extract_time = $time_end - $time_start;
240
+
241
+ $hours = (int)($zip_extract_time / 60 / 60);
242
+ $minutes = (int)($zip_extract_time / 60) - $hours * 60;
243
+ $seconds = (int)$zip_extract_time - $hours * 60 * 60 - $minutes * 60;
244
+ $hours_format = $hours == 0 ? "00" : $hours;
245
+ $minutes_format = $minutes == 0 ? "00" : ($minutes < 10 ? "0".$minutes : $minutes);
246
+ $seconds_format = $seconds == 0 ? "00" : ($seconds < 10 ? "0".$seconds : $seconds);
247
+
248
+ $zip_extract_time_log = 'WP Zip File Extraction Completion Time: '. $hours_format . ':'. $minutes_format . ':' . $seconds_format;
249
+
250
+ fwrite( $handle, "$zip_extract_time_log\r\n" );
251
+ fclose($handle);
252
+
253
  return true;
254
  }
255
  }
347
  }
348
  }
349
 
 
 
350
  function bpsPro_wp_hash_maker() {
351
  global $wp_version;
352
 
382
 
383
  if ( strpos( $check_string, "WordPress $wp_version Hashes" ) ) {
384
  fwrite( $handle, "WP MD5 File Hash Maker: The wp-hashes.php file already exists for WordPress $wp_version. The wp-hashes.php file was not created again.\r\n" );
 
385
 
386
+ $time_end = microtime( true );
387
+ $hash_maker_time = $time_end - $time_start;
388
+
389
+ $hours = (int)($hash_maker_time / 60 / 60);
390
+ $minutes = (int)($hash_maker_time / 60) - $hours * 60;
391
+ $seconds = (int)$hash_maker_time - $hours * 60 * 60 - $minutes * 60;
392
+ $hours_format = $hours == 0 ? "00" : $hours;
393
+ $minutes_format = $minutes == 0 ? "00" : ($minutes < 10 ? "0".$minutes : $minutes);
394
+ $seconds_format = $seconds == 0 ? "00" : ($seconds < 10 ? "0".$seconds : $seconds);
395
+
396
+ $hash_maker_time_log = 'WP MD5 File Hash Maker Completion Time: '. $hours_format . ':'. $minutes_format . ':' . $seconds_format;
397
+
398
+ fwrite( $handle, "$hash_maker_time_log\r\n" );
399
+ fclose($handle);
400
+
401
  return true;
402
  }
403
  }
444
  fwrite( $handle, "WP MD5 File Hash Maker & Cleanup: wp-hashes.php file created.\r\n" );
445
  fwrite( $handle, "WP MD5 File Hash Maker & Cleanup: Start /bps-backup/wp-hashes/ folder cleanup.\r\n" );
446
 
 
447
  $wp_zip_file = 'wordpress-'. $wp_version . '.zip';
448
  $local_zip_file = WP_CONTENT_DIR . '/bps-backup/wp-hashes/' . $wp_zip_file;
449
 
includes/zip-email-cron-functions.php CHANGED
@@ -23,135 +23,138 @@ function bpsPro_schedule_Email_Log_Files() {
23
  wp_schedule_event(time(), 'hourly', 'bpsPro_email_log_files');
24
  }
25
  }
 
26
  add_action('init', 'bpsPro_schedule_Email_Log_Files');
27
 
28
  function bpsPro_add_hourly_email_log_cron( $schedules ) {
29
  $schedules['hourly'] = array('interval' => 3600, 'display' => __('Once Hourly'));
30
  return $schedules;
31
  }
 
32
  add_filter('cron_schedules', 'bpsPro_add_hourly_email_log_cron');
33
 
34
  function bps_Log_File_Processing() {
35
- $options = get_option('bulletproof_security_options_email');
36
- $SecurityLog = WP_CONTENT_DIR . '/bps-backup/logs/http_error_log.txt';
37
- $SecurityLogMaster = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/http_error_log.txt';
38
- $DBBLog = WP_CONTENT_DIR . '/bps-backup/logs/db_backup_log.txt';
39
- $DBBLogMaster = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/db_backup_log.txt';
40
- $MScanLog = WP_CONTENT_DIR . '/bps-backup/logs/mscan_log.txt';
41
- $MScanLogMaster = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/mscan_log.txt';
42
-
43
- $bps_security_log_size = isset($options['bps_security_log_size']) ? $options['bps_security_log_size'] : '500KB';
44
-
45
- switch ( $bps_security_log_size ) {
46
- case "256KB":
47
- if ( file_exists($SecurityLog) && filesize($SecurityLog) >= 262144 && filesize($SecurityLog) < 524288 || file_exists($SecurityLog) && filesize($SecurityLog) > 2097152) {
48
- if ( $options['bps_security_log_emailL'] == 'email') {
49
- if ( bps_Zip_Security_Log_File() == true ) {
50
- bps_Email_Security_Log_File();
 
 
 
 
51
  }
52
- } elseif ( $options['bps_security_log_emailL'] == 'delete') {
53
- copy($SecurityLogMaster, $SecurityLog);
54
  }
55
- }
56
- break;
57
- case "500KB":
58
- if ( file_exists($SecurityLog) && filesize($SecurityLog) >= 524288 && filesize($SecurityLog) < 1048576 || file_exists($SecurityLog) && filesize($SecurityLog) > 2097152) {
59
- if ( $options['bps_security_log_emailL'] == 'email') {
60
- if ( bps_Zip_Security_Log_File() == true ) {
61
- bps_Email_Security_Log_File();
62
- }
63
- } elseif ( $options['bps_security_log_emailL'] == 'delete') {
64
- copy($SecurityLogMaster, $SecurityLog);
65
- }
66
- }
67
- break;
68
- case "1MB":
69
- if ( file_exists($SecurityLog) && filesize($SecurityLog) >= 1048576 && filesize($SecurityLog) < 2097152 || file_exists($SecurityLog) && filesize($SecurityLog) > 2097152) {
70
- if ( $options['bps_security_log_emailL'] == 'email') {
71
- if ( bps_Zip_Security_Log_File() == true ) {
72
- bps_Email_Security_Log_File();
73
- }
74
- } elseif ( $options['bps_security_log_emailL'] == 'delete') {
75
- copy($SecurityLogMaster, $SecurityLog);
76
- }
77
- }
78
- break;
79
- }
80
-
81
- $bps_dbb_log_size = isset($options['bps_dbb_log_size']) ? $options['bps_dbb_log_size'] : '500KB';
82
-
83
- switch ( $bps_dbb_log_size ) {
84
- case "256KB":
85
- if ( file_exists($DBBLog) && filesize($DBBLog) >= 262144 && filesize($DBBLog) < 524288 || file_exists($DBBLog) && filesize($DBBLog) > 2097152) {
86
- if ( $options['bps_dbb_log_email'] == 'email') {
87
- if ( bps_Zip_DBB_Log_File() == true ) {
88
- bps_Email_DBB_Log_File();
89
- }
90
- } elseif ( $options['bps_dbb_log_email'] == 'delete') {
91
- copy($DBBLogMaster, $DBBLog);
92
  }
93
- }
94
- break;
95
- case "500KB":
96
- if ( file_exists($DBBLog) && filesize($DBBLog) >= 524288 && filesize($DBBLog) < 1048576 || file_exists($DBBLog) && filesize($DBBLog) > 2097152) {
97
- if ( $options['bps_dbb_log_email'] == 'email') {
98
- if ( bps_Zip_DBB_Log_File() == true ) {
99
- bps_Email_DBB_Log_File();
100
- }
101
- } elseif ( $options['bps_dbb_log_email'] == 'delete') {
102
- copy($DBBLogMaster, $DBBLog);
103
- }
104
- }
105
  break;
106
- case "1MB":
107
- if ( file_exists($DBBLog) && filesize($DBBLog) >= 1048576 && filesize($DBBLog) < 2097152 || file_exists($DBBLog) && filesize($DBBLog) > 2097152) {
108
- if ( $options['bps_dbb_log_email'] == 'email') {
109
- if ( bps_Zip_DBB_Log_File() == true ) {
110
- bps_Email_DBB_Log_File();
111
- }
112
- } elseif ( $options['bps_dbb_log_email'] == 'delete') {
113
- copy($DBBLogMaster, $DBBLog);
114
- }
115
- }
116
- break;
117
- }
118
-
119
- $bps_mscan_log_size = isset($options['bps_mscan_log_size']) ? $options['bps_mscan_log_size'] : '500KB';
120
-
121
- switch ( $bps_mscan_log_size ) {
122
- case "256KB":
123
- if ( file_exists($MScanLog) && filesize($MScanLog) >= 262144 && filesize($MScanLog) < 524288 || file_exists($MScanLog) && filesize($MScanLog) > 2097152) {
124
- if ( $options['bps_mscan_log_email'] == 'email') {
125
- if ( bps_Zip_MScan_Log_File() == true ) {
126
- bps_Email_MScan_Log_File();
127
  }
128
- } elseif ( $options['bps_arq_log_email'] == 'delete') {
129
- copy($MScanLogMaster, $MScanLog);
130
  }
131
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
132
  break;
133
- case "500KB":
134
- if ( file_exists($MScanLog) && filesize($MScanLog) >= 524288 && filesize($MScanLog) < 1048576 || file_exists($MScanLog) && filesize($MScanLog) > 2097152) {
135
- if ( $options['bps_mscan_log_email'] == 'email') {
136
- if ( bps_Zip_MScan_Log_File() == true ) {
137
- bps_Email_MScan_Log_File();
 
 
 
 
 
 
 
 
138
  }
139
- } elseif ( $options['bps_arq_log_email'] == 'delete') {
140
- copy($MScanLogMaster, $MScanLog);
141
- }
142
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
143
  break;
144
- case "1MB":
145
- if ( file_exists($MScanLog) && filesize($MScanLog) >= 1048576 && filesize($MScanLog) < 2097152 || file_exists($MScanLog) && filesize($MScanLog) > 2097152) {
146
- if ( $options['bps_mscan_log_email'] == 'email') {
147
- if ( bps_Zip_MScan_Log_File() == true ) {
148
- bps_Email_MScan_Log_File();
149
- }
150
- } elseif ( $options['bps_mscan_log_email'] == 'delete') {
151
- copy($MScanLogMaster, $MScanLog);
152
- }
153
- }
154
- break;
155
  }
156
  }
157
 
@@ -161,24 +164,25 @@ switch ( $bps_mscan_log_size ) {
161
  // Email Security Log File
162
  // .53.5: Gets the current sec-log-master.txt Log entries and adds it to the message body.
163
  function bps_Email_Security_Log_File() {
164
- $options = get_option('bulletproof_security_options_email');
165
- $bps_email_to = $options['bps_send_email_to'];
166
- $bps_email_from = $options['bps_send_email_from'];
167
- $bps_email_cc = $options['bps_send_email_cc'];
168
- $bps_email_bcc = $options['bps_send_email_bcc'];
169
- $path = '/wp-admin/admin.php?page=bulletproof-security%2Fadmin%2Fsecurity-log%2Fsecurity-log.php';
170
- $justUrl = get_site_url(null, $path, null);
171
- $timeNow = time();
172
- $gmt_offset = get_option( 'gmt_offset' ) * 3600;
173
- $timestamp = date_i18n(get_option('date_format'), strtotime("11/15-1976")) . ' - ' . date_i18n(get_option('time_format'), $timeNow + $gmt_offset);
174
- $SecurityLog = WP_CONTENT_DIR . '/bps-backup/logs/http_error_log.txt';
175
- $SecurityLogMaster = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/http_error_log.txt';
176
- $zip_filename = get_option('bulletproof_security_options_zip_filename');
177
- $SecurityLogZip = WP_CONTENT_DIR . '/bps-backup/logs/' . $zip_filename['bps_security_log_zip_file'];
178
- $SecLogMasterTXT = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/sec-log-master.txt';
179
- $SecLogMasterTXT_contents = file_get_contents($SecLogMasterTXT);
180
- $pattern = '/Total/';
181
- $SecLogEntries = preg_replace( $pattern, "<br />Total", $SecLogMasterTXT_contents );
 
182
 
183
  if ( file_exists($SecurityLogZip) ) {
184
  $attachments = array( $SecurityLogZip );
@@ -205,20 +209,21 @@ $SecLogEntries = preg_replace( $pattern, "<br />Total", $SecLogMasterTXT_content
205
 
206
  // Email DB Backup log file
207
  function bps_Email_DBB_Log_File() {
208
- $options = get_option('bulletproof_security_options_email');
209
- $bps_email_to = $options['bps_send_email_to'];
210
- $bps_email_from = $options['bps_send_email_from'];
211
- $bps_email_cc = $options['bps_send_email_cc'];
212
- $bps_email_bcc = $options['bps_send_email_bcc'];
213
- $path = '/wp-admin/admin.php?page=bulletproof-security%2Fadmin%2Fdb-backup-security%2Fdb-backup-security.php';
214
- $justUrl = get_site_url(null, $path, null);
215
- $timeNow = time();
216
- $gmt_offset = get_option( 'gmt_offset' ) * 3600;
217
- $timestamp = date_i18n(get_option('date_format'), strtotime("11/15-1976")) . ' - ' . date_i18n(get_option('time_format'), $timeNow + $gmt_offset);
218
- $DBBLog = WP_CONTENT_DIR . '/bps-backup/logs/db_backup_log.txt';
219
- $DBBLogMaster = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/db_backup_log.txt';
220
- $zip_filename = get_option('bulletproof_security_options_zip_filename');
221
- $DBBLogZip = WP_CONTENT_DIR . '/bps-backup/logs/' . $zip_filename['bps_db_backup_log_zip_file'];
 
222
 
223
  if ( file_exists($DBBLogZip) ) {
224
  $attachments = array( $DBBLogZip );
@@ -253,20 +258,21 @@ $DBBLogZip = WP_CONTENT_DIR . '/bps-backup/logs/' . $zip_filename['bps_db_backup
253
 
254
  // Email MScan Log File
255
  function bps_Email_MScan_Log_File() {
256
- $options = get_option('bulletproof_security_options_email');
257
- $bps_email_to = $options['bps_send_email_to'];
258
- $bps_email_from = $options['bps_send_email_from'];
259
- $bps_email_cc = $options['bps_send_email_cc'];
260
- $bps_email_bcc = $options['bps_send_email_bcc'];
261
- $path = '/wp-admin/admin.php?page=bulletproof-security%2Fadmin%2Fmscan%2Fmscan.php';
262
- $justUrl = get_site_url(null, $path, null);
263
- $timeNow = time();
264
- $gmt_offset = get_option( 'gmt_offset' ) * 3600;
265
- $timestamp = date_i18n(get_option('date_format'), strtotime("11/15-1976")) . ' - ' . date_i18n(get_option('time_format'), $timeNow + $gmt_offset);
266
- $MScanLog = WP_CONTENT_DIR . '/bps-backup/logs/mscan_log.txt';
267
- $MScanLogMaster = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/mscan_log.txt';
268
- $zip_filename = get_option('bulletproof_security_options_zip_filename');
269
- $MScanLogZip = WP_CONTENT_DIR . '/bps-backup/logs/' . $zip_filename['bps_mscan_log_zip_file'];
 
270
 
271
  if ( file_exists($MScanLogZip) ) {
272
  $attachments = array( $MScanLogZip );
23
  wp_schedule_event(time(), 'hourly', 'bpsPro_email_log_files');
24
  }
25
  }
26
+
27
  add_action('init', 'bpsPro_schedule_Email_Log_Files');
28
 
29
  function bpsPro_add_hourly_email_log_cron( $schedules ) {
30
  $schedules['hourly'] = array('interval' => 3600, 'display' => __('Once Hourly'));
31
  return $schedules;
32
  }
33
+
34
  add_filter('cron_schedules', 'bpsPro_add_hourly_email_log_cron');
35
 
36
  function bps_Log_File_Processing() {
37
+
38
+ $options = get_option('bulletproof_security_options_email');
39
+ $SecurityLog = WP_CONTENT_DIR . '/bps-backup/logs/http_error_log.txt';
40
+ $SecurityLogMaster = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/http_error_log.txt';
41
+ $DBBLog = WP_CONTENT_DIR . '/bps-backup/logs/db_backup_log.txt';
42
+ $DBBLogMaster = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/db_backup_log.txt';
43
+ $MScanLog = WP_CONTENT_DIR . '/bps-backup/logs/mscan_log.txt';
44
+ $MScanLogMaster = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/mscan_log.txt';
45
+
46
+ $bps_security_log_size = isset($options['bps_security_log_size']) ? $options['bps_security_log_size'] : '500KB';
47
+
48
+ switch ( $bps_security_log_size ) {
49
+ case "256KB":
50
+ if ( file_exists($SecurityLog) && filesize($SecurityLog) >= 262144 && filesize($SecurityLog) < 524288 || file_exists($SecurityLog) && filesize($SecurityLog) > 2097152) {
51
+ if ( $options['bps_security_log_emailL'] == 'email') {
52
+ if ( bps_Zip_Security_Log_File() == true ) {
53
+ bps_Email_Security_Log_File();
54
+ }
55
+ } elseif ( $options['bps_security_log_emailL'] == 'delete') {
56
+ copy($SecurityLogMaster, $SecurityLog);
57
  }
 
 
58
  }
59
+ break;
60
+ case "500KB":
61
+ if ( file_exists($SecurityLog) && filesize($SecurityLog) >= 524288 && filesize($SecurityLog) < 1048576 || file_exists($SecurityLog) && filesize($SecurityLog) > 2097152) {
62
+ if ( $options['bps_security_log_emailL'] == 'email') {
63
+ if ( bps_Zip_Security_Log_File() == true ) {
64
+ bps_Email_Security_Log_File();
65
+ }
66
+ } elseif ( $options['bps_security_log_emailL'] == 'delete') {
67
+ copy($SecurityLogMaster, $SecurityLog);
68
+ }
69
+ }
70
+ break;
71
+ case "1MB":
72
+ if ( file_exists($SecurityLog) && filesize($SecurityLog) >= 1048576 && filesize($SecurityLog) < 2097152 || file_exists($SecurityLog) && filesize($SecurityLog) > 2097152) {
73
+ if ( $options['bps_security_log_emailL'] == 'email') {
74
+ if ( bps_Zip_Security_Log_File() == true ) {
75
+ bps_Email_Security_Log_File();
76
+ }
77
+ } elseif ( $options['bps_security_log_emailL'] == 'delete') {
78
+ copy($SecurityLogMaster, $SecurityLog);
79
+ }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
80
  }
 
 
 
 
 
 
 
 
 
 
 
 
81
  break;
82
+ }
83
+
84
+ $bps_dbb_log_size = isset($options['bps_dbb_log_size']) ? $options['bps_dbb_log_size'] : '500KB';
85
+
86
+ switch ( $bps_dbb_log_size ) {
87
+ case "256KB":
88
+ if ( file_exists($DBBLog) && filesize($DBBLog) >= 262144 && filesize($DBBLog) < 524288 || file_exists($DBBLog) && filesize($DBBLog) > 2097152) {
89
+ if ( $options['bps_dbb_log_email'] == 'email') {
90
+ if ( bps_Zip_DBB_Log_File() == true ) {
91
+ bps_Email_DBB_Log_File();
92
+ }
93
+ } elseif ( $options['bps_dbb_log_email'] == 'delete') {
94
+ copy($DBBLogMaster, $DBBLog);
 
 
 
 
 
 
 
 
95
  }
 
 
96
  }
97
+ break;
98
+ case "500KB":
99
+ if ( file_exists($DBBLog) && filesize($DBBLog) >= 524288 && filesize($DBBLog) < 1048576 || file_exists($DBBLog) && filesize($DBBLog) > 2097152) {
100
+ if ( $options['bps_dbb_log_email'] == 'email') {
101
+ if ( bps_Zip_DBB_Log_File() == true ) {
102
+ bps_Email_DBB_Log_File();
103
+ }
104
+ } elseif ( $options['bps_dbb_log_email'] == 'delete') {
105
+ copy($DBBLogMaster, $DBBLog);
106
+ }
107
+ }
108
+ break;
109
+ case "1MB":
110
+ if ( file_exists($DBBLog) && filesize($DBBLog) >= 1048576 && filesize($DBBLog) < 2097152 || file_exists($DBBLog) && filesize($DBBLog) > 2097152) {
111
+ if ( $options['bps_dbb_log_email'] == 'email') {
112
+ if ( bps_Zip_DBB_Log_File() == true ) {
113
+ bps_Email_DBB_Log_File();
114
+ }
115
+ } elseif ( $options['bps_dbb_log_email'] == 'delete') {
116
+ copy($DBBLogMaster, $DBBLog);
117
+ }
118
+ }
119
  break;
120
+ }
121
+
122
+ $bps_mscan_log_size = isset($options['bps_mscan_log_size']) ? $options['bps_mscan_log_size'] : '500KB';
123
+
124
+ switch ( $bps_mscan_log_size ) {
125
+ case "256KB":
126
+ if ( file_exists($MScanLog) && filesize($MScanLog) >= 262144 && filesize($MScanLog) < 524288 || file_exists($MScanLog) && filesize($MScanLog) > 2097152) {
127
+ if ( $options['bps_mscan_log_email'] == 'email') {
128
+ if ( bps_Zip_MScan_Log_File() == true ) {
129
+ bps_Email_MScan_Log_File();
130
+ }
131
+ } elseif ( $options['bps_arq_log_email'] == 'delete') {
132
+ copy($MScanLogMaster, $MScanLog);
133
  }
134
+ }
135
+ break;
136
+ case "500KB":
137
+ if ( file_exists($MScanLog) && filesize($MScanLog) >= 524288 && filesize($MScanLog) < 1048576 || file_exists($MScanLog) && filesize($MScanLog) > 2097152) {
138
+ if ( $options['bps_mscan_log_email'] == 'email') {
139
+ if ( bps_Zip_MScan_Log_File() == true ) {
140
+ bps_Email_MScan_Log_File();
141
+ }
142
+ } elseif ( $options['bps_arq_log_email'] == 'delete') {
143
+ copy($MScanLogMaster, $MScanLog);
144
+ }
145
+ }
146
+ break;
147
+ case "1MB":
148
+ if ( file_exists($MScanLog) && filesize($MScanLog) >= 1048576 && filesize($MScanLog) < 2097152 || file_exists($MScanLog) && filesize($MScanLog) > 2097152) {
149
+ if ( $options['bps_mscan_log_email'] == 'email') {
150
+ if ( bps_Zip_MScan_Log_File() == true ) {
151
+ bps_Email_MScan_Log_File();
152
+ }
153
+ } elseif ( $options['bps_mscan_log_email'] == 'delete') {
154
+ copy($MScanLogMaster, $MScanLog);
155
+ }
156
+ }
157
  break;
 
 
 
 
 
 
 
 
 
 
 
158
  }
159
  }
160
 
164
  // Email Security Log File
165
  // .53.5: Gets the current sec-log-master.txt Log entries and adds it to the message body.
166
  function bps_Email_Security_Log_File() {
167
+
168
+ $options = get_option('bulletproof_security_options_email');
169
+ $bps_email_to = $options['bps_send_email_to'];
170
+ $bps_email_from = $options['bps_send_email_from'];
171
+ $bps_email_cc = $options['bps_send_email_cc'];
172
+ $bps_email_bcc = $options['bps_send_email_bcc'];
173
+ $path = '/wp-admin/admin.php?page=bulletproof-security%2Fadmin%2Fsecurity-log%2Fsecurity-log.php';
174
+ $justUrl = get_site_url(null, $path, null);
175
+ $timeNow = time();
176
+ $gmt_offset = get_option( 'gmt_offset' ) * 3600;
177
+ $timestamp = date_i18n(get_option('date_format'), strtotime("11/15-1976")) . ' - ' . date_i18n(get_option('time_format'), $timeNow + $gmt_offset);
178
+ $SecurityLog = WP_CONTENT_DIR . '/bps-backup/logs/http_error_log.txt';
179
+ $SecurityLogMaster = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/http_error_log.txt';
180
+ $zip_filename = get_option('bulletproof_security_options_zip_filename');
181
+ $SecurityLogZip = WP_CONTENT_DIR . '/bps-backup/logs/' . $zip_filename['bps_security_log_zip_file'];
182
+ $SecLogMasterTXT = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/sec-log-master.txt';
183
+ $SecLogMasterTXT_contents = file_get_contents($SecLogMasterTXT);
184
+ $pattern = '/Total/';
185
+ $SecLogEntries = preg_replace( $pattern, "<br />Total", $SecLogMasterTXT_contents );
186
 
187
  if ( file_exists($SecurityLogZip) ) {
188
  $attachments = array( $SecurityLogZip );
209
 
210
  // Email DB Backup log file
211
  function bps_Email_DBB_Log_File() {
212
+
213
+ $options = get_option('bulletproof_security_options_email');
214
+ $bps_email_to = $options['bps_send_email_to'];
215
+ $bps_email_from = $options['bps_send_email_from'];
216
+ $bps_email_cc = $options['bps_send_email_cc'];
217
+ $bps_email_bcc = $options['bps_send_email_bcc'];
218
+ $path = '/wp-admin/admin.php?page=bulletproof-security%2Fadmin%2Fdb-backup-security%2Fdb-backup-security.php';
219
+ $justUrl = get_site_url(null, $path, null);
220
+ $timeNow = time();
221
+ $gmt_offset = get_option( 'gmt_offset' ) * 3600;
222
+ $timestamp = date_i18n(get_option('date_format'), strtotime("11/15-1976")) . ' - ' . date_i18n(get_option('time_format'), $timeNow + $gmt_offset);
223
+ $DBBLog = WP_CONTENT_DIR . '/bps-backup/logs/db_backup_log.txt';
224
+ $DBBLogMaster = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/db_backup_log.txt';
225
+ $zip_filename = get_option('bulletproof_security_options_zip_filename');
226
+ $DBBLogZip = WP_CONTENT_DIR . '/bps-backup/logs/' . $zip_filename['bps_db_backup_log_zip_file'];
227
 
228
  if ( file_exists($DBBLogZip) ) {
229
  $attachments = array( $DBBLogZip );
258
 
259
  // Email MScan Log File
260
  function bps_Email_MScan_Log_File() {
261
+
262
+ $options = get_option('bulletproof_security_options_email');
263
+ $bps_email_to = $options['bps_send_email_to'];
264
+ $bps_email_from = $options['bps_send_email_from'];
265
+ $bps_email_cc = $options['bps_send_email_cc'];
266
+ $bps_email_bcc = $options['bps_send_email_bcc'];
267
+ $path = '/wp-admin/admin.php?page=bulletproof-security%2Fadmin%2Fmscan%2Fmscan.php';
268
+ $justUrl = get_site_url(null, $path, null);
269
+ $timeNow = time();
270
+ $gmt_offset = get_option( 'gmt_offset' ) * 3600;
271
+ $timestamp = date_i18n(get_option('date_format'), strtotime("11/15-1976")) . ' - ' . date_i18n(get_option('time_format'), $timeNow + $gmt_offset);
272
+ $MScanLog = WP_CONTENT_DIR . '/bps-backup/logs/mscan_log.txt';
273
+ $MScanLogMaster = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/mscan_log.txt';
274
+ $zip_filename = get_option('bulletproof_security_options_zip_filename');
275
+ $MScanLogZip = WP_CONTENT_DIR . '/bps-backup/logs/' . $zip_filename['bps_mscan_log_zip_file'];
276
 
277
  if ( file_exists($MScanLogZip) ) {
278
  $attachments = array( $MScanLogZip );
isl-logout.php CHANGED
@@ -8,12 +8,26 @@ removeEventListener: is Client Browser specific and does not affect anyone else
8
  */
9
  if ( file_exists( dirname(dirname(dirname(dirname(__FILE__)))) . '/wp-load.php' ) ) {
10
  require_once '../../../wp-load.php';
 
 
11
  }
12
 
13
- require ABSPATH . WPINC . '/pluggable.php';
14
 
15
  wp_logout();
16
 
 
 
 
 
 
 
 
 
 
 
 
 
17
  $BPS_ISL_options = get_option('bulletproof_security_options_idle_session');
18
  $bpsProLog = WP_CONTENT_DIR . '/bps-backup/logs/http_error_log.txt';
19
  $hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']);
@@ -27,22 +41,17 @@ require ABSPATH . WPINC . '/pluggable.php';
27
  $timestamp = date_i18n(get_option('date_format'), strtotime("11/15-1976")) . ' - ' . date_i18n(get_option('time_format'), $timeNow + $gmt_offset);
28
  }
29
 
30
- $bpsPro_http_referer = false;
31
- if ( array_key_exists('HTTP_REFERER', $_SERVER) ) {
32
- $bpsPro_http_referer = $_SERVER['HTTP_REFERER'];
33
- }
34
-
35
- $log_contents = "\r\n" . '[Idle Session Logout: ' . $timestamp . ']' . "\r\n" . 'BPS: ' . $bps_version . "\r\n" . 'WP: ' . $wp_version . "\r\n" . 'REMOTE_ADDR: '.$bpsPro_remote_addr . "\r\n" . 'Host Name: ' . $hostname . "\r\n" . 'SERVER_PROTOCOL: ' . $_SERVER['SERVER_PROTOCOL'] . "\r\n" . 'HTTP_CLIENT_IP: ' . $bpsPro_http_client_ip . "\r\n" . 'HTTP_FORWARDED: ' . $bpsPro_http_forwarded . "\r\n" . 'HTTP_X_FORWARDED_FOR: ' . $bpsPro_http_x_forwarded_for . "\r\n" . 'HTTP_X_CLUSTER_CLIENT_IP: ' . $bpsPro_http_x_cluster_client_ip."\r\n" . 'REQUEST_METHOD: '.$_SERVER['REQUEST_METHOD']."\r\n" . 'HTTP_REFERER: '.$bpsPro_http_referer."\r\n" . 'REQUEST_URI: '.$_SERVER['REQUEST_URI']."\r\n" . 'QUERY_STRING: '.$query_string."\r\n" . 'HTTP_USER_AGENT: '.$_SERVER['HTTP_USER_AGENT']."\r\n";
36
 
37
  if ( is_writable( $bpsProLog ) ) {
38
 
39
- if ( ! $handle = fopen( $bpsProLog, 'a' ) ) {
40
- exit;
41
- }
42
-
43
- if ( fwrite( $handle, $log_contents) === FALSE ) {
44
- exit;
45
- }
46
 
47
  fclose($handle);
48
  }
@@ -107,7 +116,7 @@ function bpsClearTimeout() {
107
  <div id="bpsMessage">
108
 
109
  <?php
110
- $bps_hostname = str_replace( 'www.', '', htmlspecialchars( $_SERVER['SERVER_NAME'], ENT_QUOTES ) );
111
 
112
  if ( isset($BPS_ISL_options['bps_isl_login_url']) && $BPS_ISL_options['bps_isl_login_url'] != '' ) {
113
  $url = $BPS_ISL_options['bps_isl_login_url'];
@@ -120,10 +129,12 @@ function bpsClearTimeout() {
120
  echo '<div id="bpsMessageTextBox">';
121
  $custom_message = preg_replace( '/\n/', "<br>", esc_html($BPS_ISL_options['bps_isl_custom_message']) );
122
  echo '<p>' . $custom_message . '</p>';
 
123
  if ( isset($BPS_ISL_options['bps_isl_login_url']) && $BPS_ISL_options['bps_isl_login_url'] != 'No' && $BPS_ISL_options['bps_isl_login_url'] != 'no' ) {
124
  echo '<p><a href="' . filter_var( $url, FILTER_VALIDATE_URL, FILTER_FLAG_PATH_REQUIRED ) . '" style="text-decoration:underline;">Login</a></p>';
125
  echo '<p style="font-size:12px">BPS Pro Plugin Idle Session Logout Page</p>';
126
  }
 
127
  echo '</div>';
128
 
129
  } else {
@@ -134,10 +145,12 @@ function bpsClearTimeout() {
134
  echo '<p>' . $bps_hostname . ' Login Session Expired</p>';
135
  echo '<p>Your Login Session has expired due to inactivity.</p>';
136
  echo '<p>Idle Session Logout (ISL) Time: ' . $bps_isl_timeout . ' minutes.</p>';
 
137
  if ( isset($BPS_ISL_options['bps_isl_login_url']) && $BPS_ISL_options['bps_isl_login_url'] != 'No' && $BPS_ISL_options['bps_isl_login_url'] != 'no' ) {
138
  echo '<p><a href="' . filter_var( $url, FILTER_VALIDATE_URL, FILTER_FLAG_PATH_REQUIRED ) . '" style="text-decoration:underline;">Login</a> again.</p>';
139
  echo '<p style="font-size:12px">BPS Pro Plugin Idle Session Logout Page</p>';
140
  }
 
141
  echo '</div>';
142
  }
143
  ?>
8
  */
9
  if ( file_exists( dirname(dirname(dirname(dirname(__FILE__)))) . '/wp-load.php' ) ) {
10
  require_once '../../../wp-load.php';
11
+ } else {
12
+ return;
13
  }
14
 
15
+ require ABSPATH . WPINC . '/pluggable.php';
16
 
17
  wp_logout();
18
 
19
+ $bpsPro_http_referer = false;
20
+
21
+ if ( array_key_exists('HTTP_REFERER', $_SERVER) ) {
22
+ $bpsPro_http_referer = $_SERVER['HTTP_REFERER'];
23
+ }
24
+
25
+ $bpsPro_http_user_agent = false;
26
+
27
+ if ( array_key_exists('HTTP_USER_AGENT', $_SERVER) ) {
28
+ $bpsPro_http_user_agent = $_SERVER['HTTP_USER_AGENT'];
29
+ }
30
+
31
  $BPS_ISL_options = get_option('bulletproof_security_options_idle_session');
32
  $bpsProLog = WP_CONTENT_DIR . '/bps-backup/logs/http_error_log.txt';
33
  $hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']);
41
  $timestamp = date_i18n(get_option('date_format'), strtotime("11/15-1976")) . ' - ' . date_i18n(get_option('time_format'), $timeNow + $gmt_offset);
42
  }
43
 
44
+ $log_contents = "\r\n" . '[Idle Session Logout: ' . $timestamp . ']' . "\r\n" . 'BPS: ' . $bps_version . "\r\n" . 'WP: ' . $wp_version . "\r\n" . 'REMOTE_ADDR: '.$bpsPro_remote_addr . "\r\n" . 'Host Name: ' . $hostname . "\r\n" . 'SERVER_PROTOCOL: ' . $_SERVER['SERVER_PROTOCOL'] . "\r\n" . 'HTTP_CLIENT_IP: ' . $bpsPro_http_client_ip . "\r\n" . 'HTTP_FORWARDED: ' . $bpsPro_http_forwarded . "\r\n" . 'HTTP_X_FORWARDED_FOR: ' . $bpsPro_http_x_forwarded_for . "\r\n" . 'HTTP_X_CLUSTER_CLIENT_IP: ' . $bpsPro_http_x_cluster_client_ip."\r\n" . 'REQUEST_METHOD: '.$_SERVER['REQUEST_METHOD']."\r\n" . 'HTTP_REFERER: '.$bpsPro_http_referer."\r\n" . 'REQUEST_URI: '.$_SERVER['REQUEST_URI']."\r\n" . 'QUERY_STRING: '.$query_string."\r\n" . 'HTTP_USER_AGENT: '.$bpsPro_http_user_agent."\r\n";
 
 
 
 
 
45
 
46
  if ( is_writable( $bpsProLog ) ) {
47
 
48
+ if ( ! $handle = fopen( $bpsProLog, 'a' ) ) {
49
+ exit;
50
+ }
51
+
52
+ if ( fwrite( $handle, $log_contents) === false ) {
53
+ exit;
54
+ }
55
 
56
  fclose($handle);
57
  }
116
  <div id="bpsMessage">
117
 
118
  <?php
119
+ $bps_hostname = esc_html( $_SERVER['SERVER_NAME'] );
120
 
121
  if ( isset($BPS_ISL_options['bps_isl_login_url']) && $BPS_ISL_options['bps_isl_login_url'] != '' ) {
122
  $url = $BPS_ISL_options['bps_isl_login_url'];
129
  echo '<div id="bpsMessageTextBox">';
130
  $custom_message = preg_replace( '/\n/', "<br>", esc_html($BPS_ISL_options['bps_isl_custom_message']) );
131
  echo '<p>' . $custom_message . '</p>';
132
+
133
  if ( isset($BPS_ISL_options['bps_isl_login_url']) && $BPS_ISL_options['bps_isl_login_url'] != 'No' && $BPS_ISL_options['bps_isl_login_url'] != 'no' ) {
134
  echo '<p><a href="' . filter_var( $url, FILTER_VALIDATE_URL, FILTER_FLAG_PATH_REQUIRED ) . '" style="text-decoration:underline;">Login</a></p>';
135
  echo '<p style="font-size:12px">BPS Pro Plugin Idle Session Logout Page</p>';
136
  }
137
+
138
  echo '</div>';
139
 
140
  } else {
145
  echo '<p>' . $bps_hostname . ' Login Session Expired</p>';
146
  echo '<p>Your Login Session has expired due to inactivity.</p>';
147
  echo '<p>Idle Session Logout (ISL) Time: ' . $bps_isl_timeout . ' minutes.</p>';
148
+
149
  if ( isset($BPS_ISL_options['bps_isl_login_url']) && $BPS_ISL_options['bps_isl_login_url'] != 'No' && $BPS_ISL_options['bps_isl_login_url'] != 'no' ) {
150
  echo '<p><a href="' . filter_var( $url, FILTER_VALIDATE_URL, FILTER_FLAG_PATH_REQUIRED ) . '" style="text-decoration:underline;">Login</a> again.</p>';
151
  echo '<p style="font-size:12px">BPS Pro Plugin Idle Session Logout Page</p>';
152
  }
153
+
154
  echo '</div>';
155
  }
156
  ?>
languages/bulletproof-security.pot CHANGED
@@ -3,7 +3,7 @@ msgid ""
3
  msgstr ""
4
  "Project-Id-Version: bulletproof-security\n"
5
  "Report-Msgid-Bugs-To: \n"
6
- "POT-Creation-Date: 2022-01-24 12:54-0800\n"
7
  "PO-Revision-Date: 2015-06-20 19:13-0800\n"
8
  "Last-Translator: Ed Alexander <edward@ait-pro.com>\n"
9
  "Language-Team: AITpro <info@ait-pro.com>\n"
@@ -64,7 +64,7 @@ msgstr ""
64
  msgid "Root htaccess File Custom Code"
65
  msgstr ""
66
 
67
- #: admin/core/core-custom-code.php:353
68
  msgid ""
69
  "Example Code: Click the Question Mark help button at the top of the Custom "
70
  "Code page for root Custom Code Setup Steps. This example code is a visual "
@@ -74,7 +74,7 @@ msgid ""
74
  "TOP PHP/PHP.INI HANDLER/CACHE CODE text box."
75
  msgstr ""
76
 
77
- #: admin/core/core-custom-code.php:355
78
  msgid ""
79
  "Example Code: Click the Question Mark help button at the top of the Custom "
80
  "Code page for root Custom Code Setup Steps. This example code is a visual "
@@ -85,7 +85,7 @@ msgid ""
85
  "box"
86
  msgstr ""
87
 
88
- #: admin/core/core-custom-code.php:360
89
  msgid ""
90
  "1. CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE:<br>Add php/php.ini "
91
  "handler code, cache code and/or <a href=\"https://forum.ait-pro.com/forums/"
@@ -93,24 +93,24 @@ msgid ""
93
  "a new Browser window\" target=\"_blank\">Speed Boost Cache Code</a>"
94
  msgstr ""
95
 
96
- #: admin/core/core-custom-code.php:361
97
  msgid ""
98
  "ONLY add valid php/php.ini handler htaccess code and/or cache htaccess code "
99
  "below or text commented out with a pound sign #"
100
  msgstr ""
101
 
102
- #: admin/core/core-custom-code.php:372
103
  msgid "2. CUSTOM CODE TURN OFF YOUR SERVER SIGNATURE:"
104
  msgstr ""
105
 
106
- #: admin/core/core-custom-code.php:373 admin/core/core-help-text.php:40
107
  msgid ""
108
  "You MUST copy and paste the entire TURN OFF YOUR SERVER SIGNATURE section of "
109
  "code from your root .htaccess file into this text box first. You can then "
110
  "edit and modify the code in this text window and save your changes."
111
  msgstr ""
112
 
113
- #: admin/core/core-custom-code.php:383
114
  msgid ""
115
  "Example Code: Click the Question Mark help button at the top of the Custom "
116
  "Code page for root Custom Code Setup Steps. This example code is a visual "
@@ -121,11 +121,11 @@ msgid ""
121
  "DO NOT SHOW DIRECTORY LISTING/DIRECTORY INDEX text box."
122
  msgstr ""
123
 
124
- #: admin/core/core-custom-code.php:389
125
  msgid "3. CUSTOM CODE DO NOT SHOW DIRECTORY LISTING/DIRECTORY INDEX:"
126
  msgstr ""
127
 
128
- #: admin/core/core-custom-code.php:390 admin/core/core-help-text.php:40
129
  msgid ""
130
  "You MUST copy and paste the entire DO NOT SHOW DIRECTORY LISTING and "
131
  "DIRECTORY INDEX sections of code from your root .htaccess file into this "
@@ -133,7 +133,7 @@ msgid ""
133
  "and save your changes."
134
  msgstr ""
135
 
136
- #: admin/core/core-custom-code.php:400
137
  msgid ""
138
  "Example Code: Click the Question Mark help button at the top of the Custom "
139
  "Code page for root Custom Code Setup Steps. This example code is a visual "
@@ -144,17 +144,17 @@ msgid ""
144
  "PROTECTION text box."
145
  msgstr ""
146
 
147
- #: admin/core/core-custom-code.php:406
148
  msgid "4. CUSTOM CODE BRUTE FORCE LOGIN PAGE PROTECTION:"
149
  msgstr ""
150
 
151
- #: admin/core/core-custom-code.php:407
152
  msgid ""
153
  "This Custom Code text box is for optional/Bonus code. To get this code click "
154
  "the link below:"
155
  msgstr ""
156
 
157
- #: admin/core/core-custom-code.php:417
158
  msgid ""
159
  "Example Code: Click the Question Mark help button at the top of the Custom "
160
  "Code page for root Custom Code Setup Steps. This example code is a visual "
@@ -164,18 +164,18 @@ msgid ""
164
  "paste it into this CUSTOM CODE ERROR LOGGING AND TRACKING text box."
165
  msgstr ""
166
 
167
- #: admin/core/core-custom-code.php:422
168
  msgid "5. CUSTOM CODE ERROR LOGGING AND TRACKING:"
169
  msgstr ""
170
 
171
- #: admin/core/core-custom-code.php:423 admin/core/core-help-text.php:40
172
  msgid ""
173
  "You MUST copy and paste the entire ERROR LOGGING AND TRACKING section of "
174
  "code from your root .htaccess file into this text box first. You can then "
175
  "edit and modify the code in this text window and save your changes."
176
  msgstr ""
177
 
178
- #: admin/core/core-custom-code.php:433
179
  msgid ""
180
  "Example Code: Click the Question Mark help button at the top of the Custom "
181
  "Code page for root Custom Code Setup Steps. This example code is a visual "
@@ -186,11 +186,11 @@ msgid ""
186
  "CUSTOM CODE DENY ACCESS TO PROTECTED SERVER FILES AND FOLDERS text box."
187
  msgstr ""
188
 
189
- #: admin/core/core-custom-code.php:438
190
  msgid "6. CUSTOM CODE DENY ACCESS TO PROTECTED SERVER FILES AND FOLDERS:"
191
  msgstr ""
192
 
193
- #: admin/core/core-custom-code.php:439 admin/core/core-help-text.php:40
194
  msgid ""
195
  "You MUST copy and paste the entire DENY ACCESS TO PROTECTED SERVER FILES AND "
196
  "FOLDERS section of code from your root .htaccess file into this text box "
@@ -198,7 +198,7 @@ msgid ""
198
  "your changes."
199
  msgstr ""
200
 
201
- #: admin/core/core-custom-code.php:449
202
  msgid ""
203
  "Example Code: Click the Question Mark help button at the top of the Custom "
204
  "Code page for root Custom Code Setup Steps. This example code is a visual "
@@ -208,18 +208,18 @@ msgid ""
208
  "CUSTOM CODE WP-ADMIN/INCLUDES text box."
209
  msgstr ""
210
 
211
- #: admin/core/core-custom-code.php:454
212
  msgid ""
213
  "7. CUSTOM CODE WP-ADMIN/INCLUDES: DO NOT add wp-admin .htaccess code here"
214
  msgstr ""
215
 
216
- #: admin/core/core-custom-code.php:455
217
  msgid ""
218
  "Add one pound sign # below to prevent the WP-ADMIN/INCLUDES section of code "
219
  "from being created in your root .htaccess file"
220
  msgstr ""
221
 
222
- #: admin/core/core-custom-code.php:465
223
  msgid ""
224
  "Example Code: Click the Question Mark help button at the top of the Custom "
225
  "Code page for root Custom Code Setup Steps. This example code is a visual "
@@ -229,20 +229,20 @@ msgid ""
229
  "into this CUSTOM CODE WP REWRITE LOOP START text box."
230
  msgstr ""
231
 
232
- #: admin/core/core-custom-code.php:470
233
  msgid ""
234
  "8. CUSTOM CODE WP REWRITE LOOP START: www/non-www http/https Rewrite code "
235
  "here"
236
  msgstr ""
237
 
238
- #: admin/core/core-custom-code.php:471 admin/core/core-help-text.php:40
239
  msgid ""
240
  "You MUST copy and paste the entire WP REWRITE LOOP START section of code "
241
  "from your root .htaccess file into this text box first. You can then edit "
242
  "and modify the code in this text window and save your changes."
243
  msgstr ""
244
 
245
- #: admin/core/core-custom-code.php:481
246
  msgid ""
247
  "Example Code: Click the Question Mark help button at the top of the Custom "
248
  "Code page for root Custom Code Setup Steps. This example code is a visual "
@@ -252,15 +252,15 @@ msgid ""
252
  "paste it into this CUSTOM CODE REQUEST METHODS FILTERED text box."
253
  msgstr ""
254
 
255
- #: admin/core/core-custom-code.php:487
256
  msgid "9. CUSTOM CODE REQUEST METHODS FILTERED:"
257
  msgstr ""
258
 
259
- #: admin/core/core-custom-code.php:488
260
  msgid "Whitelist User Agents and allow HEAD Requests"
261
  msgstr ""
262
 
263
- #: admin/core/core-custom-code.php:489
264
  msgid ""
265
  "You MUST copy and paste the entire REQUEST METHODS FILTERED section of code "
266
  "from your root .htaccess file into this text box first. You can then edit "
@@ -269,7 +269,7 @@ msgid ""
269
  "page for instructions and examples."
270
  msgstr ""
271
 
272
- #: admin/core/core-custom-code.php:499
273
  msgid ""
274
  "Example Code: Click the Question Mark help button at the top of the Custom "
275
  "Code page for root Custom Code Setup Steps. This example code is a visual "
@@ -279,19 +279,19 @@ msgid ""
279
  "RULES text box."
280
  msgstr ""
281
 
282
- #: admin/core/core-custom-code.php:504
283
  msgid ""
284
  "10. CUSTOM CODE PLUGIN/THEME SKIP/BYPASS RULES:<br>Add personal plugin/theme "
285
  "skip/bypass rules here"
286
  msgstr ""
287
 
288
- #: admin/core/core-custom-code.php:505 admin/core/core-custom-code.php:595
289
- #: admin/core/core-custom-code.php:949 admin/core/core-custom-code.php:961
290
  msgid ""
291
  "ONLY add valid htaccess code below or text commented out with a pound sign #"
292
  msgstr ""
293
 
294
- #: admin/core/core-custom-code.php:515
295
  msgid ""
296
  "Example Code: Click the Question Mark help button at the top of the Custom "
297
  "Code page for root Custom Code Setup Steps. This example code is a visual "
@@ -302,18 +302,18 @@ msgid ""
302
  "CUSTOM CODE text box."
303
  msgstr ""
304
 
305
- #: admin/core/core-custom-code.php:520
306
  msgid "11. CUSTOM CODE TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE:"
307
  msgstr ""
308
 
309
- #: admin/core/core-custom-code.php:521 admin/core/core-help-text.php:40
310
  msgid ""
311
  "You MUST copy and paste the entire TIMTHUMB FORBID RFI section of code from "
312
  "your root .htaccess file into this text box first. You can then edit and "
313
  "modify the code in this text window and save your changes."
314
  msgstr ""
315
 
316
- #: admin/core/core-custom-code.php:531
317
  msgid ""
318
  "Example Code: Click the Question Mark help button at the top of the Custom "
319
  "Code page for root Custom Code Setup Steps. This example code is a visual "
@@ -324,11 +324,11 @@ msgid ""
324
  "EXPLOITS text box."
325
  msgstr ""
326
 
327
- #: admin/core/core-custom-code.php:536
328
  msgid "12. CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS:"
329
  msgstr ""
330
 
331
- #: admin/core/core-custom-code.php:537 admin/core/core-help-text.php:40
332
  msgid ""
333
  "You MUST copy and paste the entire BPSQSE QUERY STRING EXPLOITS section of "
334
  "code from your root .htaccess file from # BEGIN BPSQSE BPS QUERY STRING "
@@ -337,7 +337,7 @@ msgid ""
337
  "changes."
338
  msgstr ""
339
 
340
- #: admin/core/core-custom-code.php:550
341
  msgid ""
342
  "Example Code: The actual WP REWRITE LOOP END code for your website may be "
343
  "different. Click the Question Mark help button at the top of the Custom Code "
@@ -348,18 +348,18 @@ msgid ""
348
  "into this CUSTOM CODE WP REWRITE LOOP END text box."
349
  msgstr ""
350
 
351
- #: admin/core/core-custom-code.php:555
352
  msgid "12b. CUSTOM CODE WP REWRITE LOOP END: Add WP Rewrite Loop End code here"
353
  msgstr ""
354
 
355
- #: admin/core/core-custom-code.php:556
356
  msgid ""
357
  "This is a Special Custom Code text box that should only be used if the "
358
  "correct WP REWRITE LOOP END code is not being created in your root .htaccess "
359
  "file. See the Question Mark help button for more information."
360
  msgstr ""
361
 
362
- #: admin/core/core-custom-code.php:573
363
  msgid ""
364
  "Example Code: Click the Question Mark help button at the top of the Custom "
365
  "Code page for root Custom Code Setup Steps. This example code is a visual "
@@ -370,18 +370,18 @@ msgid ""
370
  "THESE FILES text box."
371
  msgstr ""
372
 
373
- #: admin/core/core-custom-code.php:578
374
  msgid "13. CUSTOM CODE DENY BROWSER ACCESS TO THESE FILES:"
375
  msgstr ""
376
 
377
- #: admin/core/core-custom-code.php:579 admin/core/core-help-text.php:40
378
  msgid ""
379
  "You MUST copy and paste the entire DENY BROWSER ACCESS section of code from "
380
  "your root .htaccess file into this text box first. You can then edit and "
381
  "modify the code in this text window and save your changes."
382
  msgstr ""
383
 
384
- #: admin/core/core-custom-code.php:589
385
  msgid ""
386
  "Example Code: Click the Question Mark help button at the top of the Custom "
387
  "Code page for root Custom Code Setup Steps. This example code is a visual "
@@ -391,13 +391,13 @@ msgid ""
391
  "FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE text box."
392
  msgstr ""
393
 
394
- #: admin/core/core-custom-code.php:594
395
  msgid ""
396
  "14. CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK "
397
  "IP/REDIRECT CODE: Add miscellaneous code here"
398
  msgstr ""
399
 
400
- #: admin/core/core-custom-code.php:604
401
  msgid ""
402
  "If you are unable to save Custom Code and/or see an error message when "
403
  "trying to save Custom Code, click the Encrypt Custom Code button first and "
@@ -405,7 +405,7 @@ msgid ""
405
  "image to the right for help info."
406
  msgstr ""
407
 
408
- #: admin/core/core-custom-code.php:604 admin/core/core-custom-code.php:982
409
  msgid ""
410
  "If your web host currently has ModSecurity installed or installs ModSecurity "
411
  "at a later time then ModSecurity will prevent you from saving your custom "
@@ -413,7 +413,7 @@ msgid ""
413
  "Code button."
414
  msgstr ""
415
 
416
- #: admin/core/core-custom-code.php:604
417
  msgid ""
418
  "If you click the Encrypt Custom Code button, but then want to add or edit "
419
  "additional custom code click the Decrypt Custom Code button. After you are "
@@ -421,32 +421,32 @@ msgid ""
421
  "before clicking the Save Root Custom Code button."
422
  msgstr ""
423
 
424
- #: admin/core/core-custom-code.php:604
425
  msgid ""
426
  "Additional Encrypt and Decrypt buttons have been added at the top of the "
427
  "Root Custom Code Form."
428
  msgstr ""
429
 
430
- #: admin/core/core-custom-code.php:604 admin/core/core-custom-code.php:982
431
- #: admin/core/core.php:2036
432
  msgid "Click the Custom Code Question Mark help button for more help info."
433
  msgstr ""
434
 
435
- #: admin/core/core-custom-code.php:607
436
  msgid ""
437
  "IMPORTANT!!! Did you remember to click the Encrypt Custom Code button first "
438
  "before saving your Root Custom Code?"
439
  msgstr ""
440
 
441
- #: admin/core/core-custom-code.php:607
442
  msgid "Click OK to save your Root Custom Code or click Cancel."
443
  msgstr ""
444
 
445
- #: admin/core/core-custom-code.php:903
446
  msgid "wp-admin htaccess File Custom Code"
447
  msgstr ""
448
 
449
- #: admin/core/core-custom-code.php:926
450
  msgid ""
451
  "Example Code: Click the Question Mark help button at the top of the Custom "
452
  "Code page for wp-admin Custom Code Setup Steps. This example code is a "
@@ -457,7 +457,7 @@ msgid ""
457
  "CODE text box."
458
  msgstr ""
459
 
460
- #: admin/core/core-custom-code.php:928
461
  msgid ""
462
  "Example Code: Click the Question Mark help button at the top of the Custom "
463
  "Code page for wp-admin Custom Code Setup Steps. This example code is a "
@@ -466,7 +466,7 @@ msgid ""
466
  "htaccess code, copy and paste it into this CUSTOM CODE WPADMIN TOP text box."
467
  msgstr ""
468
 
469
- #: admin/core/core-custom-code.php:930
470
  msgid ""
471
  "Example Code: Click the Question Mark help button at the top of the Custom "
472
  "Code page for wp-admin Custom Code Setup Steps. This example code is a "
@@ -476,7 +476,7 @@ msgid ""
476
  "FILE SKIP RULES text box."
477
  msgstr ""
478
 
479
- #: admin/core/core-custom-code.php:932
480
  msgid ""
481
  "Example Code: Click the Question Mark help button at the top of the Custom "
482
  "Code page for wp-admin Custom Code Setup Steps. This example code is a "
@@ -487,13 +487,13 @@ msgid ""
487
  "CUSTOM CODE text box."
488
  msgstr ""
489
 
490
- #: admin/core/core-custom-code.php:937
491
  msgid ""
492
  "1. CUSTOM CODE WPADMIN DENY BROWSER ACCESS TO FILES:<br>Add additional wp-"
493
  "admin files that you would like to block here"
494
  msgstr ""
495
 
496
- #: admin/core/core-custom-code.php:938
497
  msgid ""
498
  "You MUST copy and paste the entire WPADMIN DENY BROWSER ACCESS TO FILES "
499
  "section of code from your wp-admin .htaccess file into this text box first. "
@@ -503,25 +503,25 @@ msgid ""
503
  "htaccess file"
504
  msgstr ""
505
 
506
- #: admin/core/core-custom-code.php:948
507
  msgid ""
508
  "2. CUSTOM CODE WPADMIN TOP:<br>wp-admin password protection & miscellaneous "
509
  "custom code here"
510
  msgstr ""
511
 
512
- #: admin/core/core-custom-code.php:960
513
  msgid ""
514
  "3. CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES:<br>Add wp-admin plugin/file "
515
  "skip rules code here"
516
  msgstr ""
517
 
518
- #: admin/core/core-custom-code.php:972
519
  msgid ""
520
  "4. CUSTOM CODE BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS:<br>Modify "
521
  "Query String Exploit code here"
522
  msgstr ""
523
 
524
- #: admin/core/core-custom-code.php:973 admin/core/core-help-text.php:40
525
  msgid ""
526
  "You MUST copy and paste the entire BPS QUERY STRING EXPLOITS section of code "
527
  "from your wp-admin .htaccess file from # BEGIN BPSQSE-check BPS QUERY STRING "
@@ -530,7 +530,7 @@ msgid ""
530
  "this text window and save your changes."
531
  msgstr ""
532
 
533
- #: admin/core/core-custom-code.php:982
534
  msgid ""
535
  "If you are unable to save Custom Code and/or see an error message when "
536
  "trying to save Custom Code, click the Encrypt Custom Code button first and "
@@ -538,7 +538,7 @@ msgid ""
538
  "mark image to the right for help info."
539
  msgstr ""
540
 
541
- #: admin/core/core-custom-code.php:982
542
  msgid ""
543
  "If you click the Encrypt Custom Code button, but then want to add or edit "
544
  "additional custom code click the Decrypt Custom Code button. After you are "
@@ -546,19 +546,19 @@ msgid ""
546
  "before clicking the Save wp-admin Custom Code button."
547
  msgstr ""
548
 
549
- #: admin/core/core-custom-code.php:982
550
  msgid ""
551
  "Additional Encrypt and Decrypt buttons have been added at the top of the wp-"
552
  "admin Custom Code Form."
553
  msgstr ""
554
 
555
- #: admin/core/core-custom-code.php:985
556
  msgid ""
557
  "IMPORTANT!!! Did you remember to click the Encrypt Custom Code button first "
558
  "before saving your wp-admin Custom Code?"
559
  msgstr ""
560
 
561
- #: admin/core/core-custom-code.php:985
562
  msgid "Click OK to save your wp-admin Custom Code or click Cancel."
563
  msgstr ""
564
 
@@ -569,17 +569,17 @@ msgid ""
569
  msgstr ""
570
 
571
  #: admin/core/core-export-import.php:115 admin/login/lsm-export.php:49
572
- #: admin/wizard/wizard-backup.php:246 admin/wizard/wizard-backup.php:287
573
- #: admin/wizard/wizard.php:1943
574
  msgid ""
575
  "If you see a 403 error and/or are unable to download the zip file then click "
576
  "here: "
577
  msgstr ""
578
 
579
  #: admin/core/core-export-import.php:115 admin/login/lsm-export.php:49
580
- #: admin/wizard/wizard-backup.php:246 admin/wizard/wizard-backup.php:287
581
- #: admin/wizard/wizard.php:1084 admin/wizard/wizard.php:1181
582
- #: admin/wizard/wizard.php:1184 admin/wizard/wizard.php:1943
583
  #: includes/hud-autofix-whitelist.php:861
584
  msgid "Setup Wizard Options"
585
  msgstr ""
@@ -591,15 +591,15 @@ msgid ""
591
  msgstr ""
592
 
593
  #: admin/core/core-export-import.php:115 admin/login/lsm-export.php:49
594
- #: admin/wizard/wizard.php:1943
595
  msgid "Download Zip Export"
596
  msgstr ""
597
 
598
- #: admin/core/core-export-import.php:144 admin/wizard/wizard.php:2107
599
  msgid "Zip File Upload Successful."
600
  msgstr ""
601
 
602
- #: admin/core/core-export-import.php:155 admin/wizard/wizard.php:2118
603
  msgid "Zip File Exraction Successful. Method: ZipArchive class."
604
  msgstr ""
605
 
@@ -629,19 +629,19 @@ msgstr ""
629
  msgid "3. Click the wp-admin Folder BulletProof Mode Activate button."
630
  msgstr ""
631
 
632
- #: admin/core/core-export-import.php:169 admin/wizard/wizard.php:2129
633
  msgid "ERROR: Zip File Extraction Failed. Method: ZipArchive class."
634
  msgstr ""
635
 
636
- #: admin/core/core-export-import.php:189 admin/wizard/wizard.php:2149
637
  msgid "Zip File Extraction Successful. Method: PclZip."
638
  msgstr ""
639
 
640
- #: admin/core/core-export-import.php:203 admin/wizard/wizard.php:2161
641
  msgid "ERROR: Zip File Extraction Failed. Method: PclZip."
642
  msgstr ""
643
 
644
- #: admin/core/core-export-import.php:211 admin/wizard/wizard.php:2169
645
  msgid "ERROR: Zip File Upload Failed."
646
  msgstr ""
647
 
@@ -672,38 +672,38 @@ msgid "Your Root and wp-admin Custom Code has been deleted successfully."
672
  msgstr ""
673
 
674
  #: admin/core/core-forms.php:18 admin/core/core-forms.php:104
675
- #: admin/core/core.php:1297
676
  msgid "htaccess Files Disabled: wp-admin htaccess file writing is disabled. "
677
  msgstr ""
678
 
679
  #: admin/core/core-forms.php:18 admin/core/core-forms.php:104
680
- #: admin/core/core-forms.php:202 admin/core/core-forms.php:252
681
- #: admin/core/core-forms.php:286 admin/core/core-forms.php:336
682
- #: admin/core/core-forms.php:370 admin/core/core-forms.php:436
683
- #: admin/core/core-htaccess-code.php:426 admin/core/core-htaccess-code.php:510
684
- #: admin/core/core-htaccess-code.php:579 admin/core/core-htaccess-code.php:663
685
- #: admin/core/core.php:904 admin/core/core.php:994 admin/core/core.php:1108
686
- #: admin/core/core.php:1198 admin/core/core.php:1297
687
- #: admin/maintenance/maintenance.php:886 admin/maintenance/maintenance.php:1203
688
- #: admin/maintenance/maintenance.php:1721
689
- #: admin/maintenance/maintenance.php:1852
690
- #: admin/maintenance/maintenance.php:2046 admin/wizard/wizard-functions.php:44
691
  msgid "Click this link for help information: "
692
  msgstr ""
693
 
694
  #: admin/core/core-forms.php:18 admin/core/core-forms.php:104
695
- #: admin/core/core-forms.php:202 admin/core/core-forms.php:252
696
- #: admin/core/core-forms.php:286 admin/core/core-forms.php:336
697
- #: admin/core/core-forms.php:370 admin/core/core-forms.php:436
698
- #: admin/core/core-htaccess-code.php:426 admin/core/core-htaccess-code.php:510
699
- #: admin/core/core-htaccess-code.php:579 admin/core/core-htaccess-code.php:663
700
- #: admin/core/core.php:904 admin/core/core.php:994 admin/core/core.php:1108
701
- #: admin/core/core.php:1198 admin/core/core.php:1297
702
- #: admin/maintenance/maintenance.php:886 admin/maintenance/maintenance.php:1203
703
- #: admin/maintenance/maintenance.php:1721
704
- #: admin/maintenance/maintenance.php:1852
705
- #: admin/maintenance/maintenance.php:2046 admin/wizard/wizard-functions.php:44
706
- #: admin/wizard/wizard.php:1096
707
  msgid "htaccess Files Disabled Forum Topic"
708
  msgstr ""
709
 
@@ -753,128 +753,128 @@ msgstr ""
753
  msgid "Hidden Plugin Folders|Files (HPF) Cron has been turned Off."
754
  msgstr ""
755
 
756
- #: admin/core/core-forms.php:189
757
  msgid "Ignore Hidden Plugin Folders & Files settings saved."
758
  msgstr ""
759
 
760
- #: admin/core/core-forms.php:189
761
  msgid "Current HPF Ignore Rules: "
762
  msgstr ""
763
 
764
- #: admin/core/core-forms.php:202 admin/core/core-forms.php:252
765
  msgid "htaccess Files Disabled: Master htaccess file writing is disabled. "
766
  msgstr ""
767
 
768
- #: admin/core/core-forms.php:218 admin/core/core-forms.php:232
769
  msgid ""
770
  "Failed to activate Master htaccess Folder BulletProof Mode. Check the file "
771
  "or folder permissions or Ownership for this folder: /bulletproof-security/"
772
  "admin/htaccess/."
773
  msgstr ""
774
 
775
- #: admin/core/core-forms.php:223 admin/core/core-forms.php:237
776
  msgid "Master htaccess Folder BulletProof Mode activated successfully."
777
  msgstr ""
778
 
779
- #: admin/core/core-forms.php:265
780
  msgid ""
781
  "Failed to deactivate Master htaccess Folder BulletProof Mode. Check the file "
782
  "or folder permissions or Ownership for this folder: /bulletproof-security/"
783
  "admin/htaccess/."
784
  msgstr ""
785
 
786
- #: admin/core/core-forms.php:272
787
  msgid "Master htaccess Folder BulletProof Mode deactivated successfully."
788
  msgstr ""
789
 
790
- #: admin/core/core-forms.php:286 admin/core/core-forms.php:336
791
  msgid "htaccess Files Disabled: BPS Backup htaccess file writing is disabled. "
792
  msgstr ""
793
 
794
- #: admin/core/core-forms.php:302 admin/core/core-forms.php:316
795
  msgid ""
796
  "Failed to activate BPS Backup Folder BulletProof Mode. Check the file or "
797
  "folder permissions or Ownership for this folder: /"
798
  msgstr ""
799
 
800
- #: admin/core/core-forms.php:302 admin/core/core-forms.php:316
801
- #: admin/core/core-forms.php:349
802
  msgid "/bps-backup."
803
  msgstr ""
804
 
805
- #: admin/core/core-forms.php:307 admin/core/core-forms.php:321
806
  msgid "BPS Backup Folder BulletProof Mode activated successfully."
807
  msgstr ""
808
 
809
- #: admin/core/core-forms.php:349
810
  msgid ""
811
  "Failed to deactivate BPS Backup Folder BulletProof Mode. Check the file or "
812
  "folder permissions or Ownership for this folder: /"
813
  msgstr ""
814
 
815
- #: admin/core/core-forms.php:356
816
  msgid "BPS Backup Folder BulletProof Mode deactivated successfully."
817
  msgstr ""
818
 
819
- #: admin/core/core-forms.php:370
820
  msgid "htaccess Files Disabled: htaccess file Backup is disabled. "
821
  msgstr ""
822
 
823
- #: admin/core/core-forms.php:383
824
  msgid "You do not have an .htaccess file in your Root folder to backup."
825
  msgstr ""
826
 
827
- #: admin/core/core-forms.php:391
828
  msgid ""
829
  "Failed to Backup Your Root .htaccess File. File copy function failed. Check "
830
  "the folder permissions for the /"
831
  msgstr ""
832
 
833
- #: admin/core/core-forms.php:391 admin/core/core-forms.php:414
834
  msgid "/bps-backup folder. Folder permissions should be set to 755."
835
  msgstr ""
836
 
837
- #: admin/core/core-forms.php:398
838
  msgid "Your Root .htaccess file has been backed up successfully."
839
  msgstr ""
840
 
841
- #: admin/core/core-forms.php:406
842
  msgid "You do not have an htaccess file in your wp-admin folder to backup."
843
  msgstr ""
844
 
845
- #: admin/core/core-forms.php:414
846
  msgid ""
847
  "Failed to Backup Your wp-admin htaccess File. File copy function failed. "
848
  "Check the folder permissions for the /"
849
  msgstr ""
850
 
851
- #: admin/core/core-forms.php:421
852
  msgid "Your wp-admin htaccess file has been backed up successfully."
853
  msgstr ""
854
 
855
- #: admin/core/core-forms.php:436
856
  msgid "htaccess Files Disabled: htaccess file Restore is disabled. "
857
  msgstr ""
858
 
859
- #: admin/core/core-forms.php:457
860
  msgid ""
861
  "Failed to Restore Your Root htaccess File. Either you DO NOT have a Backed "
862
  "up Root htaccess file or your Root htaccess file permissions do not allow "
863
  "the file to be replaced/restored."
864
  msgstr ""
865
 
866
- #: admin/core/core-forms.php:467
867
  msgid "Your Root htaccess file has been Restored successfully."
868
  msgstr ""
869
 
870
- #: admin/core/core-forms.php:477
871
  msgid ""
872
  "Failed to Restore Your wp-admin htaccess File. Either you DO NOT have a "
873
  "Backed up wp-admin htaccess file or your wp-admin htaccess file permissions "
874
  "do not allow the file to be replaced/restored."
875
  msgstr ""
876
 
877
- #: admin/core/core-forms.php:484
878
  msgid "Your wp-admin htaccess file has been Restored successfully."
879
  msgstr ""
880
 
@@ -998,7 +998,7 @@ msgid ""
998
  "Question Mark help file for BPS troubleshooting steps."
999
  msgstr ""
1000
 
1001
- #: admin/core/core-help-text.php:15 admin/wizard/wizard.php:1141
1002
  msgid "Notes: "
1003
  msgstr ""
1004
 
@@ -1065,7 +1065,7 @@ msgid ""
1065
  "Send Email Alerts."
1066
  msgstr ""
1067
 
1068
- #: admin/core/core-help-text.php:18 admin/core/core.php:527
1069
  msgid "HPF Cron Check Frequency:"
1070
  msgstr ""
1071
 
@@ -1077,7 +1077,7 @@ msgid ""
1077
  "Options button to save your settings."
1078
  msgstr ""
1079
 
1080
- #: admin/core/core-help-text.php:18 admin/core/core.php:538
1081
  msgid "HPF Cron On|Off:"
1082
  msgstr ""
1083
 
@@ -1087,7 +1087,7 @@ msgid ""
1087
  "HPF Cron Off. Click the Save HPF Cron Options button to save your settings."
1088
  msgstr ""
1089
 
1090
- #: admin/core/core-help-text.php:18 admin/core/core.php:562
1091
  msgid "Ignore Hidden Plugin Folders & Files:"
1092
  msgstr ""
1093
 
@@ -1702,377 +1702,366 @@ msgstr ""
1702
  msgid "Modify wp-admin Query String Exploit code here"
1703
  msgstr ""
1704
 
1705
- #: admin/core/core-htaccess-code.php:55 admin/core/core-htaccess-code.php:121
1706
- #: admin/maintenance/maintenance.php:416 admin/maintenance/maintenance.php:436
1707
  msgid "The file "
1708
  msgstr ""
1709
 
1710
- #: admin/core/core-htaccess-code.php:55 admin/core/core-htaccess-code.php:121
1711
- #: admin/maintenance/maintenance.php:416 admin/maintenance/maintenance.php:436
1712
  msgid " is not writable or does not exist."
1713
  msgstr ""
1714
 
1715
- #: admin/core/core-htaccess-code.php:55
1716
  msgid ""
1717
  "Check that the file is named default.htaccess and that the file exists in "
1718
  "the /bulletproof-security/admin/htaccess master folder. If this is not the "
1719
  "problem click "
1720
  msgstr ""
1721
 
1722
- #: admin/core/core-htaccess-code.php:55 admin/core/core-htaccess-code.php:121
1723
  msgid "HERE"
1724
  msgstr ""
1725
 
1726
- #: admin/core/core-htaccess-code.php:55 admin/core/core-htaccess-code.php:121
1727
  msgid " to go the the BulletProof Security Forum."
1728
  msgstr ""
1729
 
1730
- #: admin/core/core-htaccess-code.php:121
1731
  msgid ""
1732
  "Check that the file is named secure.htaccess and that the file exists in "
1733
  "the /bulletproof-security/admin/htaccess master folder. If this is not the "
1734
  "problem click"
1735
  msgstr ""
1736
 
1737
- #: admin/core/core-htaccess-code.php:426 admin/core/core-htaccess-code.php:510
1738
- #: admin/core/core-htaccess-code.php:579 admin/core/core-htaccess-code.php:663
1739
- #: admin/core/core.php:1198
1740
  msgid "htaccess Files Disabled: Root htaccess file writing is disabled. "
1741
  msgstr ""
1742
 
1743
- #: admin/core/core-htaccess-code.php:448 admin/core/core-htaccess-code.php:601
1744
- #: admin/core/core.php:1041
1745
  msgid "Failed to copy your Custom default.htaccess file: "
1746
  msgstr ""
1747
 
1748
- #: admin/core/core-htaccess-code.php:448 admin/core/core-htaccess-code.php:601
1749
- #: admin/core/core.php:1041
1750
  msgid " to: "
1751
  msgstr ""
1752
 
1753
- #: admin/core/core-htaccess-code.php:448 admin/core/core-htaccess-code.php:601
1754
  msgid " Check the folder permissions or Ownership for these folders."
1755
  msgstr ""
1756
 
1757
- #: admin/core/core-htaccess-code.php:459 admin/core/core-htaccess-code.php:612
1758
  msgid ""
1759
  "Root Folder BulletProof Mode deactivated successfully. Your Custom default."
1760
  "htaccess is now in use."
1761
  msgstr ""
1762
 
1763
- #: admin/core/core-htaccess-code.php:483 admin/core/core-htaccess-code.php:636
1764
  msgid ""
1765
  "Failed to deactivate Root Folder BulletProof Mode. Unable to Copy the "
1766
  "default.htaccess file to your root folder."
1767
  msgstr ""
1768
 
1769
- #: admin/core/core-htaccess-code.php:494 admin/core/core-htaccess-code.php:647
1770
  msgid "Root Folder BulletProof Mode deactivated successfully."
1771
  msgstr ""
1772
 
1773
- #: admin/core/core-htaccess-code.php:539 admin/core/core-htaccess-code.php:692
1774
  msgid ""
1775
  "Failed to activate Root Folder BulletProof Mode protection. Your website is "
1776
  "NOT protected."
1777
  msgstr ""
1778
 
1779
- #: admin/core/core-htaccess-code.php:550 admin/core/core-htaccess-code.php:703
1780
  msgid "Root Folder BulletProof Mode protection activated successfully."
1781
  msgstr ""
1782
 
1783
- #: admin/core/core.php:145 admin/includes/admin.php:401
1784
- #: admin/includes/admin.php:422 admin/includes/admin.php:423
1785
  msgid "htaccess File Options"
1786
  msgstr ""
1787
 
1788
- #: admin/core/core.php:174 admin/db-backup-security/db-backup-security.php:43
1789
  #: admin/email-log-settings/email-log-settings.php:38 admin/login/login.php:142
1790
- #: admin/maintenance/maintenance.php:48 admin/mscan/mscan.php:78
1791
  #: admin/security-log/security-log.php:38 admin/system-info/system-info.php:38
1792
- #: admin/theme-skin/theme-skin.php:43 admin/wizard/wizard.php:175
1793
  msgid "Settings Saved"
1794
  msgstr ""
1795
 
1796
- #: admin/core/core.php:199
1797
  msgid "Security Modes"
1798
  msgstr ""
1799
 
1800
- #: admin/core/core.php:200
1801
  msgid "htaccess File Editor"
1802
  msgstr ""
1803
 
1804
- #: admin/core/core.php:201 admin/core/core.php:1881 admin/core/core.php:1884
1805
  msgid "Custom Code"
1806
  msgstr ""
1807
 
1808
- #: admin/core/core.php:202
1809
  msgid "My Notes"
1810
  msgstr ""
1811
 
1812
- #: admin/core/core.php:203
1813
  msgid "Whats New"
1814
  msgstr ""
1815
 
1816
- #: admin/core/core.php:204 admin/db-backup-security/db-backup-security.php:275
1817
- #: admin/email-log-settings/email-log-settings.php:249
1818
- #: admin/login/login.php:181 admin/maintenance/maintenance.php:176
1819
- #: admin/mscan/mscan.php:212 admin/security-log/security-log.php:203
1820
- #: admin/system-info/system-info.php:64 admin/theme-skin/theme-skin.php:66
1821
  msgid "Help &amp; FAQ"
1822
  msgstr ""
1823
 
1824
- #: admin/core/core.php:205 admin/core/core.php:228 admin/core/core.php:355
1825
- #: admin/core/core.php:461 admin/core/core.php:596 admin/core/core.php:689
1826
- #: admin/core/core.php:782 admin/core/core.php:836 admin/core/core.php:1890
1827
- #: admin/core/core.php:2116 admin/db-backup-security/db-backup-security.php:296
1828
- #: admin/db-backup-security/db-backup-security.php:1243
1829
- #: admin/db-backup-security/db-backup-security.php:1410
1830
- #: admin/email-log-settings/email-log-settings.php:270
1831
- #: admin/login/login.php:211 admin/login/login.php:833
1832
- #: admin/login/login.php:1171 admin/login/login.php:1712
1833
- #: admin/maintenance/maintenance.php:206 admin/mscan/mscan.php:233
1834
- #: admin/mscan/mscan.php:1973 admin/mscan/mscan.php:2207
1835
- #: admin/mscan/mscan.php:2920 admin/security-log/security-log.php:224
1836
- #: admin/system-info/system-info.php:81 admin/theme-skin/theme-skin.php:87
1837
- #: admin/wizard/wizard.php:1125 admin/wizard/wizard.php:1194
1838
- #: admin/wizard/wizard.php:1781 bulletproof-security.php:182
1839
  msgid "BPS Pro Features"
1840
  msgstr ""
1841
 
1842
- #: admin/core/core.php:217 admin/core/core.php:844 admin/core/core.php:1914
1843
- #: admin/core/core.php:1927 admin/core/core.php:1975 admin/login/login.php:158
1844
- #: admin/login/login.php:219 admin/login/login.php:936
1845
- #: admin/login/login.php:1192 admin/system-info/system-info.php:95
1846
- #: admin/system-info/system-info.php:1184
1847
- msgid "Permission Denied"
1848
- msgstr ""
1849
-
1850
- #: admin/core/core.php:219 admin/core/core.php:222 admin/core/core.php:349
1851
  msgid "Root Folder BulletProof Mode (RBM)"
1852
  msgstr ""
1853
 
1854
- #: admin/core/core.php:225 admin/core/core.php:352 admin/core/core.php:458
1855
- #: admin/core/core.php:593 admin/core/core.php:686 admin/core/core.php:779
1856
- #: admin/core/core.php:833 admin/core/core.php:1887
1857
- #: admin/db-backup-security/db-backup-security.php:293
1858
- #: admin/db-backup-security/db-backup-security.php:1240
1859
- #: admin/db-backup-security/db-backup-security.php:1407
1860
- #: admin/email-log-settings/email-log-settings.php:267
1861
- #: admin/login/login.php:208 admin/login/login.php:830
1862
- #: admin/login/login.php:1168 admin/login/login.php:1709
1863
- #: admin/maintenance/maintenance.php:203 admin/mscan/mscan.php:230
1864
- #: admin/mscan/mscan.php:1970 admin/mscan/mscan.php:2204
1865
- #: admin/mscan/mscan.php:2917 admin/security-log/security-log.php:221
1866
- #: admin/system-info/system-info.php:78 admin/theme-skin/theme-skin.php:83
1867
- #: admin/wizard/wizard.php:1122 admin/wizard/wizard.php:1191
1868
- #: admin/wizard/wizard.php:1778
 
1869
  msgid ""
1870
  "This Question Mark Help window is draggable (top) and resizable (bottom "
1871
  "right corner)"
1872
  msgstr ""
1873
 
1874
- #: admin/core/core.php:228 admin/core/core.php:355 admin/core/core.php:461
1875
- #: admin/core/core.php:596 admin/core/core.php:689 admin/core/core.php:782
1876
- #: admin/core/core.php:836 admin/core/core.php:1890 admin/core/core.php:2116
1877
- #: admin/core/core.php:2196 admin/db-backup-security/db-backup-security.php:296
1878
- #: admin/db-backup-security/db-backup-security.php:1243
1879
- #: admin/db-backup-security/db-backup-security.php:1410
1880
- #: admin/email-log-settings/email-log-settings.php:270
1881
- #: admin/login/login.php:211 admin/login/login.php:833
1882
- #: admin/login/login.php:1171 admin/login/login.php:1712
1883
- #: admin/maintenance/maintenance.php:206 admin/mscan/mscan.php:233
1884
- #: admin/mscan/mscan.php:1973 admin/mscan/mscan.php:2207
1885
- #: admin/mscan/mscan.php:2920 admin/security-log/security-log.php:224
1886
- #: admin/system-info/system-info.php:81 admin/theme-skin/theme-skin.php:87
1887
- #: admin/wizard/wizard.php:1125 admin/wizard/wizard.php:1194
1888
- #: admin/wizard/wizard.php:1781
1889
  msgid ""
1890
  "Want even more security protection for the ridiculously cheap one-time price "
1891
  "of $69.95"
1892
  msgstr ""
1893
 
1894
- #: admin/core/core.php:228 admin/core/core.php:355 admin/core/core.php:461
1895
- #: admin/core/core.php:596 admin/core/core.php:689 admin/core/core.php:782
1896
- #: admin/core/core.php:836 admin/core/core.php:1890 admin/core/core.php:2116
1897
- #: admin/core/core.php:2198 admin/db-backup-security/db-backup-security.php:296
1898
- #: admin/db-backup-security/db-backup-security.php:1243
1899
- #: admin/db-backup-security/db-backup-security.php:1410
1900
- #: admin/email-log-settings/email-log-settings.php:270
1901
- #: admin/login/login.php:211 admin/login/login.php:833
1902
- #: admin/login/login.php:1171 admin/login/login.php:1712
1903
- #: admin/maintenance/maintenance.php:206 admin/mscan/mscan.php:233
1904
- #: admin/mscan/mscan.php:1973 admin/mscan/mscan.php:2207
1905
- #: admin/mscan/mscan.php:2920 admin/security-log/security-log.php:224
1906
- #: admin/system-info/system-info.php:81 admin/theme-skin/theme-skin.php:87
1907
- #: admin/wizard/wizard.php:1125 admin/wizard/wizard.php:1194
1908
- #: admin/wizard/wizard.php:1781
1909
  msgid ""
1910
  "BPS Pro comes with free unlimited installations, upgrades & support for "
1911
  "life. No yearly subscriptions or additional costs."
1912
  msgstr ""
1913
 
1914
- #: admin/core/core.php:228 admin/core/core.php:355 admin/core/core.php:461
1915
- #: admin/core/core.php:596 admin/core/core.php:689 admin/core/core.php:782
1916
- #: admin/core/core.php:836 admin/core/core.php:1890 admin/core/core.php:2116
1917
- #: admin/db-backup-security/db-backup-security.php:296
1918
- #: admin/db-backup-security/db-backup-security.php:1243
1919
- #: admin/db-backup-security/db-backup-security.php:1410
1920
- #: admin/email-log-settings/email-log-settings.php:270
1921
- #: admin/login/login.php:211 admin/login/login.php:833
1922
- #: admin/login/login.php:1171 admin/login/login.php:1712
1923
- #: admin/maintenance/maintenance.php:206 admin/mscan/mscan.php:233
1924
- #: admin/mscan/mscan.php:1973 admin/mscan/mscan.php:2207
1925
- #: admin/mscan/mscan.php:2920 admin/security-log/security-log.php:224
1926
- #: admin/system-info/system-info.php:81 admin/theme-skin/theme-skin.php:87
1927
- #: admin/wizard/wizard.php:1125 admin/wizard/wizard.php:1194
1928
- #: admin/wizard/wizard.php:1781
1929
  msgid ""
1930
  "BBS Pro has an amazing track record. BPS Pro is installed on 60,000+ "
1931
  "websites. Not a single one of those websites has been hacked in 10+ years."
1932
  msgstr ""
1933
 
1934
- #: admin/core/core.php:228 admin/core/core.php:355 admin/core/core.php:461
1935
- #: admin/core/core.php:596 admin/core/core.php:689 admin/core/core.php:782
1936
- #: admin/core/core.php:836 admin/core/core.php:1890 admin/core/core.php:2116
1937
- #: admin/db-backup-security/db-backup-security.php:296
1938
- #: admin/db-backup-security/db-backup-security.php:1243
1939
- #: admin/db-backup-security/db-backup-security.php:1410
1940
- #: admin/email-log-settings/email-log-settings.php:270
1941
- #: admin/login/login.php:211 admin/login/login.php:833
1942
- #: admin/login/login.php:1171 admin/login/login.php:1712
1943
- #: admin/maintenance/maintenance.php:206 admin/mscan/mscan.php:233
1944
- #: admin/mscan/mscan.php:1973 admin/mscan/mscan.php:2207
1945
- #: admin/mscan/mscan.php:2920 admin/security-log/security-log.php:224
1946
- #: admin/system-info/system-info.php:81 admin/theme-skin/theme-skin.php:87
1947
- #: admin/wizard/wizard.php:1125 admin/wizard/wizard.php:1194
1948
- #: admin/wizard/wizard.php:1781
1949
  msgid "Get BPS Pro"
1950
  msgstr ""
1951
 
1952
- #: admin/core/core.php:231 admin/core/core.php:358 admin/core/core.php:1894
1953
- #: admin/db-backup-security/db-backup-security.php:300
1954
- #: admin/email-log-settings/email-log-settings.php:274
1955
- #: admin/login/login.php:1174 admin/maintenance/maintenance.php:210
1956
- #: admin/mscan/mscan.php:236 admin/system-info/system-info.php:85
1957
  msgid "Forum Help Links: "
1958
  msgstr ""
1959
 
1960
- #: admin/core/core.php:234 admin/core/core.php:361
1961
  msgid "Setup Wizard & Other Video Tutorials"
1962
  msgstr ""
1963
 
1964
- #: admin/core/core.php:235 admin/core/core.php:362
1965
- #: admin/email-log-settings/email-log-settings.php:277
1966
  #: admin/security-log/security-log.php:231
1967
  msgid "BPS Troubleshooting Steps"
1968
  msgstr ""
1969
 
1970
- #: admin/core/core.php:269 admin/core/core.php:272 admin/core/core.php:275
1971
- #: admin/core/core.php:278 admin/core/core.php:286 admin/core/core.php:289
1972
- #: admin/core/core.php:292 admin/core/core.php:295
1973
  msgid "RBM Status: "
1974
  msgstr ""
1975
 
1976
- #: admin/core/core.php:269 admin/core/core.php:286 admin/core/core.php:401
1977
- #: admin/core/core.php:415 admin/core/core.php:628 admin/core/core.php:642
1978
- #: admin/core/core.php:721 admin/core/core.php:735
1979
  msgid "Disabled"
1980
  msgstr ""
1981
 
1982
- #: admin/core/core.php:272 admin/core/core.php:289
1983
  msgid "Root htaccess File Does Not Exist"
1984
  msgstr ""
1985
 
1986
- #: admin/core/core.php:275 admin/core/core.php:292 admin/core/core.php:407
1987
- #: admin/core/core.php:421 admin/core/core.php:634 admin/core/core.php:648
1988
- #: admin/core/core.php:727 admin/core/core.php:741
1989
- #: admin/system-info/system-info.php:234 admin/system-info/system-info.php:275
1990
  msgid "Activated"
1991
  msgstr ""
1992
 
1993
- #: admin/core/core.php:278 admin/core/core.php:295 admin/core/core.php:404
1994
- #: admin/core/core.php:418 admin/core/core.php:631 admin/core/core.php:645
1995
- #: admin/core/core.php:724 admin/core/core.php:738
1996
- #: admin/system-info/system-info.php:243 admin/system-info/system-info.php:277
1997
  msgid "Deactivated"
1998
  msgstr ""
1999
 
2000
- #: admin/core/core.php:312 admin/core/core.php:330
2001
  msgid "Click OK to Activate Root Folder BulletProof Mode or click Cancel."
2002
  msgstr ""
2003
 
2004
- #: admin/core/core.php:320 admin/core/core.php:338
2005
  msgid "Click OK to Deactivate Root Folder BulletProof Mode or click Cancel."
2006
  msgstr ""
2007
 
2008
- #: admin/core/core.php:346
2009
  msgid "wp-admin Folder BulletProof Mode (WBM)"
2010
  msgstr ""
2011
 
2012
- #: admin/core/core.php:401 admin/core/core.php:404 admin/core/core.php:407
2013
- #: admin/core/core.php:415 admin/core/core.php:418 admin/core/core.php:421
2014
  msgid "WBM Status: "
2015
  msgstr ""
2016
 
2017
- #: admin/core/core.php:436
2018
  msgid "Click OK to Activate wp-admin Folder BulletProof Mode or click Cancel."
2019
  msgstr ""
2020
 
2021
- #: admin/core/core.php:444
2022
  msgid ""
2023
  "Click OK to Deactivate wp-admin Folder BulletProof Mode or click Cancel."
2024
  msgstr ""
2025
 
2026
- #: admin/core/core.php:452 admin/core/core.php:455
2027
  msgid "Hidden Plugin Folders|Files Cron (HPF)"
2028
  msgstr ""
2029
 
2030
- #: admin/core/core.php:492 admin/core/core.php:495 admin/core/core.php:503
2031
- #: admin/core/core.php:506
2032
  msgid "HPF Status: "
2033
  msgstr ""
2034
 
2035
- #: admin/core/core.php:492 admin/core/core.php:503 admin/core/core.php:540
2036
  msgid "HPF Cron On"
2037
  msgstr ""
2038
 
2039
- #: admin/core/core.php:495 admin/core/core.php:506 admin/core/core.php:541
2040
  msgid "HPF Cron Off"
2041
  msgstr ""
2042
 
2043
- #: admin/core/core.php:529
2044
  msgid "Run Check Every 1 Minute"
2045
  msgstr ""
2046
 
2047
- #: admin/core/core.php:530
2048
  msgid "Run Check Every 5 Minutes"
2049
  msgstr ""
2050
 
2051
- #: admin/core/core.php:531
2052
  msgid "Run Check Every 10 Minutes"
2053
  msgstr ""
2054
 
2055
- #: admin/core/core.php:532
2056
  msgid "Run Check Every 15 Minutes"
2057
  msgstr ""
2058
 
2059
- #: admin/core/core.php:533
2060
  msgid "Run Check Every 30 Minutes"
2061
  msgstr ""
2062
 
2063
- #: admin/core/core.php:534
2064
  msgid "Run Check Every 60 Minutes"
2065
  msgstr ""
2066
 
2067
- #: admin/core/core.php:535
2068
  msgid "Run Check Once Daily"
2069
  msgstr ""
2070
 
2071
- #: admin/core/core.php:544
2072
- msgid "Save HPF Cron Options"
2073
- msgstr ""
2074
-
2075
- #: admin/core/core.php:544
2076
  msgid ""
2077
  "The default Cron Frequency is: Run Check Every 15 Minutes. This is a "
2078
  "lightweight check that uses an insignificant amount of resources/memory so 4 "
@@ -2084,302 +2073,302 @@ msgid ""
2084
  "OK to proceed or click Cancel"
2085
  msgstr ""
2086
 
2087
- #: admin/core/core.php:548
2088
  msgid "Add Ignore rules using plugin folder names or file names."
2089
  msgstr ""
2090
 
2091
- #: admin/core/core.php:548
2092
  msgid "Use a comma and a space between folder and/or file names."
2093
  msgstr ""
2094
 
2095
- #: admin/core/core.php:548
2096
  msgid "Example: plugin-folder-name, example-file-name.php"
2097
  msgstr ""
2098
 
2099
- #: admin/core/core.php:569
2100
  msgid ""
2101
  "This option is for adding ignore rules for Hidden or Empty Plugin Folders "
2102
  "Detected by BPS or Non-standard WP files detected by BPS in your /plugins/ "
2103
  "folder."
2104
  msgstr ""
2105
 
2106
- #: admin/core/core.php:569
2107
  msgid ""
2108
  "This is an independent option setting that does not require clicking any "
2109
  "other buttons."
2110
  msgstr ""
2111
 
2112
- #: admin/core/core.php:569 admin/maintenance/maintenance.php:692
2113
- #: admin/security-log/security-log.php:444
2114
- #: admin/security-log/security-log.php:459
2115
- #: admin/security-log/security-log.php:677
2116
- #: admin/system-info/system-info.php:1240
2117
  msgid "Click OK to proceed or click Cancel."
2118
  msgstr ""
2119
 
2120
- #: admin/core/core.php:587
2121
  msgid "Master htaccess Folder BulletProof Mode (MBM)"
2122
  msgstr ""
2123
 
2124
- #: admin/core/core.php:590
2125
  msgid "MBM BulletProof Modes"
2126
  msgstr ""
2127
 
2128
- #: admin/core/core.php:628 admin/core/core.php:631 admin/core/core.php:634
2129
- #: admin/core/core.php:642 admin/core/core.php:645 admin/core/core.php:648
2130
  msgid "MBM Status: "
2131
  msgstr ""
2132
 
2133
- #: admin/core/core.php:663
2134
  msgid "Click OK to Activate MBM BulletProof Mode or click Cancel."
2135
  msgstr ""
2136
 
2137
- #: admin/core/core.php:671
2138
  msgid "Click OK to Deactivate MBM BulletProof Mode or click Cancel."
2139
  msgstr ""
2140
 
2141
- #: admin/core/core.php:680
2142
  msgid "BPS Backup Folder BulletProof Mode (BBM)"
2143
  msgstr ""
2144
 
2145
- #: admin/core/core.php:683
2146
  msgid "BBM BulletProof Modes"
2147
  msgstr ""
2148
 
2149
- #: admin/core/core.php:721 admin/core/core.php:724 admin/core/core.php:727
2150
- #: admin/core/core.php:735 admin/core/core.php:738 admin/core/core.php:741
2151
  msgid "BBM Status: "
2152
  msgstr ""
2153
 
2154
- #: admin/core/core.php:756
2155
  msgid "Click OK to Activate BBM BulletProof Mode or click Cancel."
2156
  msgstr ""
2157
 
2158
- #: admin/core/core.php:764
2159
  msgid ""
2160
  "Caution: BPS Backup Folder BulletProof Mode (BBM) should only be deactivated "
2161
  "for testing or troubleshooting. Be sure to activate BBM BulletProof Mode "
2162
  "after you are done testing or troubleshooting."
2163
  msgstr ""
2164
 
2165
- #: admin/core/core.php:764
2166
  msgid "Click OK to Deactivate BBM BulletProof Mode or click Cancel."
2167
  msgstr ""
2168
 
2169
- #: admin/core/core.php:773 admin/core/core.php:776
2170
  msgid "Backup & Restore BPS htaccess Files"
2171
  msgstr ""
2172
 
2173
- #: admin/core/core.php:796
2174
  msgid "Click OK to Backup BPS htaccess files or click Cancel."
2175
  msgstr ""
2176
 
2177
- #: admin/core/core.php:804
2178
  msgid "Click OK to Restore BPS htaccess files or click Cancel."
2179
  msgstr ""
2180
 
2181
- #: admin/core/core.php:827 admin/core/core.php:830
2182
  msgid "htaccess File Editing"
2183
  msgstr ""
2184
 
2185
- #: admin/core/core.php:871
2186
  msgid "htaccess Files Disabled: secure.htaccess Master file is disabled."
2187
  msgstr ""
2188
 
2189
- #: admin/core/core.php:875
2190
  msgid "ERROR: A secure.htaccess Master file was NOT found."
2191
  msgstr ""
2192
 
2193
- #: admin/core/core.php:884
2194
  msgid ""
2195
  "File Open and Write test successful! The secure.htaccess Master file is "
2196
  "writable."
2197
  msgstr ""
2198
 
2199
- #: admin/core/core.php:889 admin/core/core.php:979 admin/core/core.php:1092
2200
- #: admin/core/core.php:1281 admin/security-log/security-log.php:740
2201
  msgid "Cannot write to file: "
2202
  msgstr ""
2203
 
2204
- #: admin/core/core.php:904
2205
  msgid ""
2206
  "htaccess Files Disabled: secure.htaccess Master file writing is disabled. "
2207
  msgstr ""
2208
 
2209
- #: admin/core/core.php:924
2210
  msgid "Error: Unable to write to the secure.htaccess Master file."
2211
  msgstr ""
2212
 
2213
- #: admin/core/core.php:939
2214
  msgid "The secure.htaccess Master file has been updated."
2215
  msgstr ""
2216
 
2217
- #: admin/core/core.php:961
2218
  msgid "htaccess Files Disabled: default.htaccess Master file is disabled."
2219
  msgstr ""
2220
 
2221
- #: admin/core/core.php:965
2222
  msgid "ERROR: A default.htaccess Master file was NOT found."
2223
  msgstr ""
2224
 
2225
- #: admin/core/core.php:974
2226
  msgid ""
2227
  "File Open and Write test successful! The default.htaccess Master file is "
2228
  "writable."
2229
  msgstr ""
2230
 
2231
- #: admin/core/core.php:994
2232
  msgid ""
2233
  "htaccess Files Disabled: default.htaccess Master file writing is disabled. "
2234
  msgstr ""
2235
 
2236
- #: admin/core/core.php:1014
2237
  msgid "Error: Unable to write to the default.htaccess Master file."
2238
  msgstr ""
2239
 
2240
- #: admin/core/core.php:1029
2241
  msgid "The default.htaccess Master file has been updated."
2242
  msgstr ""
2243
 
2244
- #: admin/core/core.php:1041
2245
  msgid ""
2246
  " Check that the /bps-backup/ and /master-backups/ folders exist and the "
2247
  "folder permissions or Ownership for these folders."
2248
  msgstr ""
2249
 
2250
- #: admin/core/core.php:1046
2251
  msgid ""
2252
  "Your Custom default.htaccess Master file has been successfully saved to: "
2253
  msgstr ""
2254
 
2255
- #: admin/core/core.php:1068
2256
  msgid "wpadmin-secure.htaccess file writing is disabled."
2257
  msgstr ""
2258
 
2259
- #: admin/core/core.php:1074
2260
  msgid ""
2261
  "htaccess Files Disabled: wpadmin-secure.htaccess Master file is disabled."
2262
  msgstr ""
2263
 
2264
- #: admin/core/core.php:1078
2265
  msgid "ERROR: A wpadmin-secure.htaccess Master file was NOT found."
2266
  msgstr ""
2267
 
2268
- #: admin/core/core.php:1087
2269
  msgid ""
2270
  "File Open and Write test successful! The wpadmin-secure.htaccess Master file "
2271
  "is writable."
2272
  msgstr ""
2273
 
2274
- #: admin/core/core.php:1108
2275
  msgid ""
2276
  "htaccess Files Disabled: wpadmin-secure.htaccess Master file writing is "
2277
  "disabled. "
2278
  msgstr ""
2279
 
2280
- #: admin/core/core.php:1128
2281
  msgid "Error: Unable to write to the wpadmin-secure.htaccess Master file."
2282
  msgstr ""
2283
 
2284
- #: admin/core/core.php:1143
2285
  msgid "The wpadmin-secure.htaccess Master file has been updated."
2286
  msgstr ""
2287
 
2288
- #: admin/core/core.php:1165
2289
  msgid "htaccess Files Disabled: Root htaccess file does not exist."
2290
  msgstr ""
2291
 
2292
- #: admin/core/core.php:1169
2293
  msgid "ERROR: An htaccess file was NOT found in your root folder"
2294
  msgstr ""
2295
 
2296
- #: admin/core/core.php:1178
2297
  msgid ""
2298
  "File Open and Write test successful! Your root htaccess file is writable."
2299
  msgstr ""
2300
 
2301
- #: admin/core/core.php:1183
2302
  msgid "Your root htaccess file is Locked with Read Only Permissions."
2303
  msgstr ""
2304
 
2305
- #: admin/core/core.php:1183
2306
  msgid ""
2307
  "Use the Lock and Unlock buttons below to Lock or Unlock your root htaccess "
2308
  "file for editing."
2309
  msgstr ""
2310
 
2311
- #: admin/core/core.php:1218
2312
  msgid ""
2313
  "Error: Unable to write to the Root htaccess file. If your Root htaccess file "
2314
  "is locked you must unlock first."
2315
  msgstr ""
2316
 
2317
- #: admin/core/core.php:1233
2318
  msgid "Your root htaccess file has been updated."
2319
  msgstr ""
2320
 
2321
- #: admin/core/core.php:1257
2322
  msgid "wp-admin active htaccess file writing is disabled."
2323
  msgstr ""
2324
 
2325
- #: admin/core/core.php:1263
2326
  msgid "htaccess Files Disabled: wp-admin folder htaccess file does not exist."
2327
  msgstr ""
2328
 
2329
- #: admin/core/core.php:1267
2330
  msgid "ERROR: An htaccess file was NOT found in your wp-admin folder"
2331
  msgstr ""
2332
 
2333
- #: admin/core/core.php:1276
2334
  msgid ""
2335
  "File Open and Write test successful! Your wp-admin htaccess file is writable."
2336
  msgstr ""
2337
 
2338
- #: admin/core/core.php:1317
2339
  msgid "Error: Unable to write to the wp-admin htaccess file."
2340
  msgstr ""
2341
 
2342
- #: admin/core/core.php:1332
2343
  msgid "Your wp-admin htaccess file has been updated."
2344
  msgstr ""
2345
 
2346
- #: admin/core/core.php:1349
2347
  msgid "Your Root htaccess file has been Locked."
2348
  msgstr ""
2349
 
2350
- #: admin/core/core.php:1354
2351
  msgid "Unable to Lock your Root htaccess file."
2352
  msgstr ""
2353
 
2354
- #: admin/core/core.php:1368
2355
  msgid "Your Root htaccess file has been Unlocked."
2356
  msgstr ""
2357
 
2358
- #: admin/core/core.php:1373
2359
  msgid "Unable to Unlock your Root htaccess file."
2360
  msgstr ""
2361
 
2362
- #: admin/core/core.php:1396
2363
  msgid "Click OK to Lock your Root htaccess file or click Cancel."
2364
  msgstr ""
2365
 
2366
- #: admin/core/core.php:1396
2367
  msgid ""
2368
  "Note: The File Open and Write Test window will still display the last status "
2369
  "of the file as Unlocked. To see the current status refresh your browser."
2370
  msgstr ""
2371
 
2372
- #: admin/core/core.php:1404
2373
  msgid "Click OK to Unlock your Root htaccess file or click Cancel."
2374
  msgstr ""
2375
 
2376
- #: admin/core/core.php:1404
2377
  msgid ""
2378
  "Note: The File Open and Write Test window will still display the last status "
2379
  "of the file as Locked. To see the current status refresh your browser."
2380
  msgstr ""
2381
 
2382
- #: admin/core/core.php:1413
2383
  msgid ""
2384
  "Turning AutoLock On will allow BPS Pro to automatically lock your Root ."
2385
  "htaccess file. For some folks this causes a problem because their Web Hosts "
@@ -2387,23 +2376,23 @@ msgid ""
2387
  "BPS Pro to AutoLock the Root .htaccess file works fine."
2388
  msgstr ""
2389
 
2390
- #: admin/core/core.php:1413
2391
  msgid "Click OK to Turn AutoLock On or click Cancel."
2392
  msgstr ""
2393
 
2394
- #: admin/core/core.php:1415 admin/system-info/system-info.php:847
2395
- #: admin/system-info/system-info.php:863 admin/system-info/system-info.php:871
2396
- #: admin/system-info/system-info.php:879 admin/system-info/system-info.php:887
2397
- #: admin/system-info/system-info.php:895 admin/system-info/system-info.php:903
2398
- #: admin/system-info/system-info.php:911 admin/system-info/system-info.php:919
2399
- #: admin/system-info/system-info.php:938 includes/functions.php:586
2400
- #: includes/functions.php:777 includes/functions.php:945
2401
- #: includes/functions.php:988 includes/functions.php:1036
2402
- #: includes/functions.php:1080
2403
  msgid "On"
2404
  msgstr ""
2405
 
2406
- #: admin/core/core.php:1425
2407
  msgid ""
2408
  "Turning AutoLock Off will prevent BPS Pro from automatically locking your "
2409
  "Root .htaccess file. For some folks this is necessary because their Web "
@@ -2411,52 +2400,52 @@ msgid ""
2411
  "allowing BPS Pro to AutoLock the Root .htaccess file works fine."
2412
  msgstr ""
2413
 
2414
- #: admin/core/core.php:1425
2415
  msgid "Click OK to Turn AutoLock Off or click Cancel."
2416
  msgstr ""
2417
 
2418
- #: admin/core/core.php:1427 admin/system-info/system-info.php:576
2419
- #: admin/system-info/system-info.php:866 admin/system-info/system-info.php:874
2420
- #: admin/system-info/system-info.php:882 admin/system-info/system-info.php:890
2421
- #: admin/system-info/system-info.php:898 admin/system-info/system-info.php:906
2422
- #: admin/system-info/system-info.php:914 admin/system-info/system-info.php:922
2423
- #: admin/system-info/system-info.php:930 admin/system-info/system-info.php:941
2424
- #: includes/functions.php:950 includes/functions.php:993
2425
- #: includes/functions.php:1042 includes/functions.php:1086
2426
  #: includes/general-functions.php:285 includes/general-functions.php:300
2427
  msgid "Off"
2428
  msgstr ""
2429
 
2430
- #: admin/core/core.php:1442
2431
  msgid "secure.htaccess"
2432
  msgstr ""
2433
 
2434
- #: admin/core/core.php:1443
2435
  msgid "default.htaccess"
2436
  msgstr ""
2437
 
2438
- #: admin/core/core.php:1444
2439
  msgid "wpadmin-secure.htaccess"
2440
  msgstr ""
2441
 
2442
- #: admin/core/core.php:1445
2443
  msgid "Root htaccess File"
2444
  msgstr ""
2445
 
2446
- #: admin/core/core.php:1446
2447
  msgid "wp-admin htaccess File"
2448
  msgstr ""
2449
 
2450
- #: admin/core/core.php:1470 admin/core/core.php:1544 admin/core/core.php:1618
2451
- #: admin/core/core.php:1723 admin/core/core.php:1799
2452
  msgid ""
2453
  "If you see an error or are unable to save your editing changes then click "
2454
  "the Encrypt htaccess Code button first and then click the Update File "
2455
  "button. Mouse over the question mark image to the right for help info."
2456
  msgstr ""
2457
 
2458
- #: admin/core/core.php:1470 admin/core/core.php:1544 admin/core/core.php:1618
2459
- #: admin/core/core.php:1723 admin/core/core.php:1799
2460
  msgid ""
2461
  "If your web host currently has ModSecurity installed or installs ModSecurity "
2462
  "at a later time then ModSecurity will prevent you from saving your htaccess "
@@ -2464,8 +2453,8 @@ msgid ""
2464
  "button."
2465
  msgstr ""
2466
 
2467
- #: admin/core/core.php:1470 admin/core/core.php:1544 admin/core/core.php:1618
2468
- #: admin/core/core.php:1723 admin/core/core.php:1799
2469
  msgid ""
2470
  "If you click the Encrypt htaccess Code button and then want to edit your "
2471
  "code again click the Decrypt htaccess Code button. After you are done "
@@ -2473,21 +2462,21 @@ msgid ""
2473
  "File button."
2474
  msgstr ""
2475
 
2476
- #: admin/core/core.php:1470 admin/core/core.php:1544 admin/core/core.php:1618
2477
- #: admin/core/core.php:1723 admin/core/core.php:1799
2478
  msgid ""
2479
  "Click the htaccess File Editing Question Mark help button for more help info."
2480
  msgstr ""
2481
 
2482
- #: admin/core/core.php:1719
2483
  msgid "YOUR ROOT HTACCESS FILE IS LOCKED."
2484
  msgstr ""
2485
 
2486
- #: admin/core/core.php:1719
2487
  msgid "YOUR FILE EDITS|CHANGES CANNOT BE SAVED."
2488
  msgstr ""
2489
 
2490
- #: admin/core/core.php:1719
2491
  msgid ""
2492
  "Click Cancel, copy the file editing changes you made to save them and then "
2493
  "click the Unlock .htaccess File button to unlock your Root .htaccess file. "
@@ -2496,30 +2485,30 @@ msgid ""
2496
  "to save your file edits/changes."
2497
  msgstr ""
2498
 
2499
- #: admin/core/core.php:1897 admin/core/core.php:2160
2500
- #: admin/wizard/wizard.php:1133
2501
  msgid "Custom Code Video Tutorial"
2502
  msgstr ""
2503
 
2504
- #: admin/core/core.php:1899
2505
  msgid "BulletProof Security Pro Forum"
2506
  msgstr ""
2507
 
2508
- #: admin/core/core.php:1901
2509
  msgid "Brute Force Login Page Protection code"
2510
  msgstr ""
2511
 
2512
- #: admin/core/core.php:1939
2513
  msgid ""
2514
  "Clicking OK will Import all of your Root and wp-admin Custom Code from the "
2515
  "cc-master.zip file on your computer."
2516
  msgstr ""
2517
 
2518
- #: admin/core/core.php:1939
2519
  msgid "Click OK to Import Custom Code or click Cancel."
2520
  msgstr ""
2521
 
2522
- #: admin/core/core.php:1948
2523
  msgid ""
2524
  "Clicking OK will Export (copy) all of your Root and wp-admin Custom Code "
2525
  "into the cc-master.zip file, which you can then download to your computer by "
@@ -2527,47 +2516,47 @@ msgid ""
2527
  "success message."
2528
  msgstr ""
2529
 
2530
- #: admin/core/core.php:1948
2531
  msgid "Click OK to Export Custom Code or click Cancel."
2532
  msgstr ""
2533
 
2534
- #: admin/core/core.php:1956
2535
  msgid ""
2536
  "Clicking OK will delete all of your Root and wp-admin Custom Code from all "
2537
  "of the Custom Code text boxes."
2538
  msgstr ""
2539
 
2540
- #: admin/core/core.php:1956
2541
  msgid "Click OK to Delete Custom Code or click Cancel."
2542
  msgstr ""
2543
 
2544
- #: admin/core/core.php:1983
2545
  msgid "Save Personal Notes and htaccess Code Notes to your WordPress Database"
2546
  msgstr ""
2547
 
2548
- #: admin/core/core.php:2011
2549
  msgid ""
2550
  "Your My Notes Personal Notes and/or htaccess Code Notes saved successfully "
2551
  "to your WordPress Database."
2552
  msgstr ""
2553
 
2554
- #: admin/core/core.php:2036
2555
  msgid ""
2556
  "If you are unable to save custom htaccess code and/or see an error message "
2557
  "when trying to save custom htaccess code, "
2558
  msgstr ""
2559
 
2560
- #: admin/core/core.php:2036
2561
  msgid ""
2562
  "click the Encrypt My Notes button first and then click the Save My Notes "
2563
  "button."
2564
  msgstr ""
2565
 
2566
- #: admin/core/core.php:2036
2567
  msgid "Mouse over the question mark image to the right for help info."
2568
  msgstr ""
2569
 
2570
- #: admin/core/core.php:2036
2571
  msgid ""
2572
  "If your web host currently has ModSecurity installed or installs ModSecurity "
2573
  "at a later time then ModSecurity will prevent you from saving your custom "
@@ -2575,7 +2564,7 @@ msgid ""
2575
  "button."
2576
  msgstr ""
2577
 
2578
- #: admin/core/core.php:2036
2579
  msgid ""
2580
  "If you click the Encrypt My Notes button, but then want to add or edit "
2581
  "additional custom code click the Decrypt My Notes button. After you are done "
@@ -2583,42 +2572,46 @@ msgid ""
2583
  "clicking the Save My Notes button."
2584
  msgstr ""
2585
 
2586
- #: admin/core/core.php:2107
2587
- #: admin/db-backup-security/db-backup-security.php:1742
2588
- #: admin/mscan/mscan.php:3530 admin/theme-skin/theme-skin.php:236
2589
  msgid "Whats New in "
2590
  msgstr ""
2591
 
2592
- #: admin/core/core.php:2107
2593
  msgid " and General Help Info & Tips"
2594
  msgstr ""
2595
 
2596
- #: admin/core/core.php:2113
2597
  msgid "The BPS Changelog|Whats New page has been moved to the "
2598
  msgstr ""
2599
 
2600
- #: admin/core/core.php:2129
2601
  msgid "General Help Info & Tips:"
2602
  msgstr ""
2603
 
2604
- #: admin/core/core.php:2135
2605
  msgid "BPS Video Tutorials|Setup Wizard: "
2606
  msgstr ""
2607
 
2608
- #: admin/core/core.php:2141
 
 
 
 
2609
  msgid ""
2610
  "BPS Setup Wizard AutoFix automatically creates whitelist rules for 100+ "
2611
  "known issues with plugins and themes: "
2612
  msgstr ""
2613
 
2614
- #: admin/core/core.php:2141
2615
  msgid ""
2616
  "All BPS plugin features can be turned Off/On individually to confirm, "
2617
  "eliminate or isolate a problem or issue that may or may not be caused by "
2618
  "BPS: "
2619
  msgstr ""
2620
 
2621
- #: admin/core/core.php:2141
2622
  msgid ""
2623
  "The BPS Security Log is a primary troubleshooting tool. If BPS is blocking "
2624
  "something legitimate in another plugin or theme then a Security Log entry "
@@ -2627,48 +2620,48 @@ msgid ""
2627
  "being blocked: "
2628
  msgstr ""
2629
 
2630
- #: admin/core/core.php:2141
2631
  msgid "BPS Security Forum: "
2632
  msgstr ""
2633
 
2634
- #: admin/core/core.php:2158 admin/email-log-settings/email-log-settings.php:438
2635
- #: admin/login/login.php:1827 admin/maintenance/maintenance.php:2170
2636
- #: admin/security-log/security-log.php:808
2637
- #: admin/system-info/system-info.php:1263
2638
  msgid "Security Log Event Codes"
2639
  msgstr ""
2640
 
2641
- #: admin/core/core.php:2159
2642
- #: admin/db-backup-security/db-backup-security.php:1746
2643
- #: admin/email-log-settings/email-log-settings.php:439
2644
- #: admin/login/login.php:1828 admin/maintenance/maintenance.php:2171
2645
- #: admin/mscan/mscan.php:3533 admin/security-log/security-log.php:809
2646
- #: admin/system-info/system-info.php:1264 admin/theme-skin/theme-skin.php:239
2647
  msgid "Forum: Search, Troubleshooting Steps & Post Questions For Assistance"
2648
  msgstr ""
2649
 
2650
- #: admin/core/core.php:2175
2651
  msgid "BulletProof Security Pro Feature Highlights"
2652
  msgstr ""
2653
 
2654
- #: admin/core/core.php:2185
2655
  msgid "The Ultimate Security Protection"
2656
  msgstr ""
2657
 
2658
- #: admin/core/core.php:2188
2659
  msgid "BPS Pro One-Click Setup Wizard & Demo Video Tutorial"
2660
  msgstr ""
2661
 
2662
- #: admin/core/core.php:2189
2663
  msgid "View All BPS Pro Features"
2664
  msgstr ""
2665
 
2666
- #: admin/core/core.php:2200
2667
  msgid ""
2668
  "The Complete Website Security Solution for Hacker and Spammer Protection"
2669
  msgstr ""
2670
 
2671
- #: admin/core/core.php:2200
2672
  msgid ""
2673
  "BulletProof Security Pro has an amazing track record. BPS Pro has been "
2674
  "publicly available for 10+ years and is installed on over 60,000 websites "
@@ -2676,47 +2669,47 @@ msgid ""
2676
  "hacked."
2677
  msgstr ""
2678
 
2679
- #: admin/core/core.php:2200
2680
  msgid ""
2681
  "Why pay 10 times or more for other premium WordPress Security Plugins with "
2682
  "recurring yearly subscriptions when you can get the best WordPress Security "
2683
  "Plugin for an extremely low one-time purchase price?"
2684
  msgstr ""
2685
 
2686
- #: admin/core/core.php:2200
2687
  msgid "View Cost Comparison"
2688
  msgstr ""
2689
 
2690
- #: admin/core/core.php:2200
2691
  msgid ""
2692
  "30-Day Money-Back Guarantee: If you are dissatisfied with BulletProof "
2693
  "Security Pro for any reason. We offer a no questions asked full refund."
2694
  msgstr ""
2695
 
2696
- #: admin/core/core.php:2203
2697
  msgid "One-Click Setup Wizard Installation: "
2698
  msgstr ""
2699
 
2700
- #: admin/core/core.php:2203
2701
  msgid ""
2702
  "Fast, simple and complete BPS Pro installation and setup in less than 1 "
2703
  "minute."
2704
  msgstr ""
2705
 
2706
- #: admin/core/core.php:2205
2707
  msgid "One-Click Upgrade: "
2708
  msgstr ""
2709
 
2710
- #: admin/core/core.php:2205
2711
  msgid "One-click plugin upgrade on the WordPress Plugins page."
2712
  msgstr ""
2713
 
2714
- #: admin/core/core.php:2207
2715
  msgid ""
2716
  "AutoRestore|Quarantine Intrusion Detection and Prevention System (ARQ IDPS): "
2717
  msgstr ""
2718
 
2719
- #: admin/core/core.php:2207
2720
  msgid ""
2721
  "ARQ IDPS is a real-time file scanner that automatically quarantines "
2722
  "malicious hacker files and autorestores legitimate website files if they "
@@ -2730,11 +2723,11 @@ msgid ""
2730
  "Plugin and Theme Automatic, Manual and Shiny installations and updates."
2731
  msgstr ""
2732
 
2733
- #: admin/core/core.php:2209
2734
  msgid "MScan Malware Scanner: "
2735
  msgstr ""
2736
 
2737
- #: admin/core/core.php:2209
2738
  msgid ""
2739
  "MScan Scheduled Scans are available in BPS Pro only. The BPS Pro ARQ IDPS "
2740
  "scanner is far superior to malware scanners including MScan, but both the "
@@ -2742,11 +2735,11 @@ msgid ""
2742
  "website if someone would like to do that."
2743
  msgstr ""
2744
 
2745
- #: admin/core/core.php:2211
2746
  msgid "Plugin Firewall|Plugin Firewall AutoPilot Mode: "
2747
  msgstr ""
2748
 
2749
- #: admin/core/core.php:2211
2750
  msgid ""
2751
  "The Plugin Firewall protects all of your Plugins (plugin folders and files) "
2752
  "with an IP Address Firewall, which prevents/blocks/forbids Remote Access to "
@@ -2760,11 +2753,11 @@ msgid ""
2760
  "firewall whitelist rules."
2761
  msgstr ""
2762
 
2763
- #: admin/core/core.php:2213
2764
  msgid "JTC Anti-Spam|Anti-Hacker (JTC): "
2765
  msgstr ""
2766
 
2767
- #: admin/core/core.php:2213
2768
  #, php-format
2769
  msgid ""
2770
  "Blocks 100% of all SpamBot and HackerBot Brute Force Login attacks (auto-"
@@ -2778,11 +2771,11 @@ msgid ""
2778
  "includes a SpamBot Trap."
2779
  msgstr ""
2780
 
2781
- #: admin/core/core.php:2215
2782
  msgid "Uploads Folder Anti-Exploit Guard (UAEG): "
2783
  msgstr ""
2784
 
2785
- #: admin/core/core.php:2215
2786
  msgid ""
2787
  "Protects the WordPress Uploads folder. ONLY safe image files with valid "
2788
  "image file extensions such as jpg, gif, png, etc. can be accessed, opened or "
@@ -2792,11 +2785,11 @@ msgid ""
2792
  "executed in the WordPress Uploads folder."
2793
  msgstr ""
2794
 
2795
- #: admin/core/core.php:2217
2796
  msgid "DB Monitor Intrusion Detection System (IDS): "
2797
  msgstr ""
2798
 
2799
- #: admin/core/core.php:2217
2800
  msgid ""
2801
  "The DB Monitor is an automated Intrusion Detection System (IDS) that alerts "
2802
  "you via email anytime a change/modification occurs in your WordPress "
@@ -2807,11 +2800,11 @@ msgid ""
2807
  "help info."
2808
  msgstr ""
2809
 
2810
- #: admin/core/core.php:2219
3
  msgstr ""
4
  "Project-Id-Version: bulletproof-security\n"
5
  "Report-Msgid-Bugs-To: \n"
6
+ "POT-Creation-Date: 2022-02-21 08:14-0800\n"
7
  "PO-Revision-Date: 2015-06-20 19:13-0800\n"
8
  "Last-Translator: Ed Alexander <edward@ait-pro.com>\n"
9
  "Language-Team: AITpro <info@ait-pro.com>\n"
64
  msgid "Root htaccess File Custom Code"
65
  msgstr ""
66
 
67
+ #: admin/core/core-custom-code.php:354
68
  msgid ""
69
  "Example Code: Click the Question Mark help button at the top of the Custom "
70
  "Code page for root Custom Code Setup Steps. This example code is a visual "
74
  "TOP PHP/PHP.INI HANDLER/CACHE CODE text box."
75
  msgstr ""
76
 
77
+ #: admin/core/core-custom-code.php:356
78
  msgid ""
79
  "Example Code: Click the Question Mark help button at the top of the Custom "
80
  "Code page for root Custom Code Setup Steps. This example code is a visual "
85
  "box"
86
  msgstr ""
87
 
88
+ #: admin/core/core-custom-code.php:361
89
  msgid ""
90
  "1. CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE:<br>Add php/php.ini "
91
  "handler code, cache code and/or <a href=\"https://forum.ait-pro.com/forums/"
93
  "a new Browser window\" target=\"_blank\">Speed Boost Cache Code</a>"
94
  msgstr ""
95
 
96
+ #: admin/core/core-custom-code.php:362
97
  msgid ""
98
  "ONLY add valid php/php.ini handler htaccess code and/or cache htaccess code "
99
  "below or text commented out with a pound sign #"
100
  msgstr ""
101
 
102
+ #: admin/core/core-custom-code.php:373
103
  msgid "2. CUSTOM CODE TURN OFF YOUR SERVER SIGNATURE:"
104
  msgstr ""
105
 
106
+ #: admin/core/core-custom-code.php:374 admin/core/core-help-text.php:40
107
  msgid ""
108
  "You MUST copy and paste the entire TURN OFF YOUR SERVER SIGNATURE section of "
109
  "code from your root .htaccess file into this text box first. You can then "
110
  "edit and modify the code in this text window and save your changes."
111
  msgstr ""
112
 
113
+ #: admin/core/core-custom-code.php:384
114
  msgid ""
115
  "Example Code: Click the Question Mark help button at the top of the Custom "
116
  "Code page for root Custom Code Setup Steps. This example code is a visual "
121
  "DO NOT SHOW DIRECTORY LISTING/DIRECTORY INDEX text box."
122
  msgstr ""
123
 
124
+ #: admin/core/core-custom-code.php:390
125
  msgid "3. CUSTOM CODE DO NOT SHOW DIRECTORY LISTING/DIRECTORY INDEX:"
126
  msgstr ""
127
 
128
+ #: admin/core/core-custom-code.php:391 admin/core/core-help-text.php:40
129
  msgid ""
130
  "You MUST copy and paste the entire DO NOT SHOW DIRECTORY LISTING and "
131
  "DIRECTORY INDEX sections of code from your root .htaccess file into this "
133
  "and save your changes."
134
  msgstr ""
135
 
136
+ #: admin/core/core-custom-code.php:401
137
  msgid ""
138
  "Example Code: Click the Question Mark help button at the top of the Custom "
139
  "Code page for root Custom Code Setup Steps. This example code is a visual "
144
  "PROTECTION text box."
145
  msgstr ""
146
 
147
+ #: admin/core/core-custom-code.php:407
148
  msgid "4. CUSTOM CODE BRUTE FORCE LOGIN PAGE PROTECTION:"
149
  msgstr ""
150
 
151
+ #: admin/core/core-custom-code.php:408
152
  msgid ""
153
  "This Custom Code text box is for optional/Bonus code. To get this code click "
154
  "the link below:"
155
  msgstr ""
156
 
157
+ #: admin/core/core-custom-code.php:418
158
  msgid ""
159
  "Example Code: Click the Question Mark help button at the top of the Custom "
160
  "Code page for root Custom Code Setup Steps. This example code is a visual "
164
  "paste it into this CUSTOM CODE ERROR LOGGING AND TRACKING text box."
165
  msgstr ""
166
 
167
+ #: admin/core/core-custom-code.php:423
168
  msgid "5. CUSTOM CODE ERROR LOGGING AND TRACKING:"
169
  msgstr ""
170
 
171
+ #: admin/core/core-custom-code.php:424 admin/core/core-help-text.php:40
172
  msgid ""
173
  "You MUST copy and paste the entire ERROR LOGGING AND TRACKING section of "
174
  "code from your root .htaccess file into this text box first. You can then "
175
  "edit and modify the code in this text window and save your changes."
176
  msgstr ""
177
 
178
+ #: admin/core/core-custom-code.php:434
179
  msgid ""
180
  "Example Code: Click the Question Mark help button at the top of the Custom "
181
  "Code page for root Custom Code Setup Steps. This example code is a visual "
186
  "CUSTOM CODE DENY ACCESS TO PROTECTED SERVER FILES AND FOLDERS text box."
187
  msgstr ""
188
 
189
+ #: admin/core/core-custom-code.php:439
190
  msgid "6. CUSTOM CODE DENY ACCESS TO PROTECTED SERVER FILES AND FOLDERS:"
191
  msgstr ""
192
 
193
+ #: admin/core/core-custom-code.php:440 admin/core/core-help-text.php:40
194
  msgid ""
195
  "You MUST copy and paste the entire DENY ACCESS TO PROTECTED SERVER FILES AND "
196
  "FOLDERS section of code from your root .htaccess file into this text box "
198
  "your changes."
199
  msgstr ""
200
 
201
+ #: admin/core/core-custom-code.php:450
202
  msgid ""
203
  "Example Code: Click the Question Mark help button at the top of the Custom "
204
  "Code page for root Custom Code Setup Steps. This example code is a visual "
208
  "CUSTOM CODE WP-ADMIN/INCLUDES text box."
209
  msgstr ""
210
 
211
+ #: admin/core/core-custom-code.php:455
212
  msgid ""
213
  "7. CUSTOM CODE WP-ADMIN/INCLUDES: DO NOT add wp-admin .htaccess code here"
214
  msgstr ""
215
 
216
+ #: admin/core/core-custom-code.php:456
217
  msgid ""
218
  "Add one pound sign # below to prevent the WP-ADMIN/INCLUDES section of code "
219
  "from being created in your root .htaccess file"
220
  msgstr ""
221
 
222
+ #: admin/core/core-custom-code.php:466
223
  msgid ""
224
  "Example Code: Click the Question Mark help button at the top of the Custom "
225
  "Code page for root Custom Code Setup Steps. This example code is a visual "
229
  "into this CUSTOM CODE WP REWRITE LOOP START text box."
230
  msgstr ""
231
 
232
+ #: admin/core/core-custom-code.php:471
233
  msgid ""
234
  "8. CUSTOM CODE WP REWRITE LOOP START: www/non-www http/https Rewrite code "
235
  "here"
236
  msgstr ""
237
 
238
+ #: admin/core/core-custom-code.php:472 admin/core/core-help-text.php:40
239
  msgid ""
240
  "You MUST copy and paste the entire WP REWRITE LOOP START section of code "
241
  "from your root .htaccess file into this text box first. You can then edit "
242
  "and modify the code in this text window and save your changes."
243
  msgstr ""
244
 
245
+ #: admin/core/core-custom-code.php:482
246
  msgid ""
247
  "Example Code: Click the Question Mark help button at the top of the Custom "
248
  "Code page for root Custom Code Setup Steps. This example code is a visual "
252
  "paste it into this CUSTOM CODE REQUEST METHODS FILTERED text box."
253
  msgstr ""
254
 
255
+ #: admin/core/core-custom-code.php:488
256
  msgid "9. CUSTOM CODE REQUEST METHODS FILTERED:"
257
  msgstr ""
258
 
259
+ #: admin/core/core-custom-code.php:489
260
  msgid "Whitelist User Agents and allow HEAD Requests"
261
  msgstr ""
262
 
263
+ #: admin/core/core-custom-code.php:490
264
  msgid ""
265
  "You MUST copy and paste the entire REQUEST METHODS FILTERED section of code "
266
  "from your root .htaccess file into this text box first. You can then edit "
269
  "page for instructions and examples."
270
  msgstr ""
271
 
272
+ #: admin/core/core-custom-code.php:500
273
  msgid ""
274
  "Example Code: Click the Question Mark help button at the top of the Custom "
275
  "Code page for root Custom Code Setup Steps. This example code is a visual "
279
  "RULES text box."
280
  msgstr ""
281
 
282
+ #: admin/core/core-custom-code.php:505
283
  msgid ""
284
  "10. CUSTOM CODE PLUGIN/THEME SKIP/BYPASS RULES:<br>Add personal plugin/theme "
285
  "skip/bypass rules here"
286
  msgstr ""
287
 
288
+ #: admin/core/core-custom-code.php:506 admin/core/core-custom-code.php:596
289
+ #: admin/core/core-custom-code.php:950 admin/core/core-custom-code.php:962
290
  msgid ""
291
  "ONLY add valid htaccess code below or text commented out with a pound sign #"
292
  msgstr ""
293
 
294
+ #: admin/core/core-custom-code.php:516
295
  msgid ""
296
  "Example Code: Click the Question Mark help button at the top of the Custom "
297
  "Code page for root Custom Code Setup Steps. This example code is a visual "
302
  "CUSTOM CODE text box."
303
  msgstr ""
304
 
305
+ #: admin/core/core-custom-code.php:521
306
  msgid "11. CUSTOM CODE TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE:"
307
  msgstr ""
308
 
309
+ #: admin/core/core-custom-code.php:522 admin/core/core-help-text.php:40
310
  msgid ""
311
  "You MUST copy and paste the entire TIMTHUMB FORBID RFI section of code from "
312
  "your root .htaccess file into this text box first. You can then edit and "
313
  "modify the code in this text window and save your changes."
314
  msgstr ""
315
 
316
+ #: admin/core/core-custom-code.php:532
317
  msgid ""
318
  "Example Code: Click the Question Mark help button at the top of the Custom "
319
  "Code page for root Custom Code Setup Steps. This example code is a visual "
324
  "EXPLOITS text box."
325
  msgstr ""
326
 
327
+ #: admin/core/core-custom-code.php:537
328
  msgid "12. CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS:"
329
  msgstr ""
330
 
331
+ #: admin/core/core-custom-code.php:538 admin/core/core-help-text.php:40
332
  msgid ""
333
  "You MUST copy and paste the entire BPSQSE QUERY STRING EXPLOITS section of "
334
  "code from your root .htaccess file from # BEGIN BPSQSE BPS QUERY STRING "
337
  "changes."
338
  msgstr ""
339
 
340
+ #: admin/core/core-custom-code.php:551
341
  msgid ""
342
  "Example Code: The actual WP REWRITE LOOP END code for your website may be "
343
  "different. Click the Question Mark help button at the top of the Custom Code "
348
  "into this CUSTOM CODE WP REWRITE LOOP END text box."
349
  msgstr ""
350
 
351
+ #: admin/core/core-custom-code.php:556
352
  msgid "12b. CUSTOM CODE WP REWRITE LOOP END: Add WP Rewrite Loop End code here"
353
  msgstr ""
354
 
355
+ #: admin/core/core-custom-code.php:557
356
  msgid ""
357
  "This is a Special Custom Code text box that should only be used if the "
358
  "correct WP REWRITE LOOP END code is not being created in your root .htaccess "
359
  "file. See the Question Mark help button for more information."
360
  msgstr ""
361
 
362
+ #: admin/core/core-custom-code.php:574
363
  msgid ""
364
  "Example Code: Click the Question Mark help button at the top of the Custom "
365
  "Code page for root Custom Code Setup Steps. This example code is a visual "
370
  "THESE FILES text box."
371
  msgstr ""
372
 
373
+ #: admin/core/core-custom-code.php:579
374
  msgid "13. CUSTOM CODE DENY BROWSER ACCESS TO THESE FILES:"
375
  msgstr ""
376
 
377
+ #: admin/core/core-custom-code.php:580 admin/core/core-help-text.php:40
378
  msgid ""
379
  "You MUST copy and paste the entire DENY BROWSER ACCESS section of code from "
380
  "your root .htaccess file into this text box first. You can then edit and "
381
  "modify the code in this text window and save your changes."
382
  msgstr ""
383
 
384
+ #: admin/core/core-custom-code.php:590
385
  msgid ""
386
  "Example Code: Click the Question Mark help button at the top of the Custom "
387
  "Code page for root Custom Code Setup Steps. This example code is a visual "
391
  "FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE text box."
392
  msgstr ""
393
 
394
+ #: admin/core/core-custom-code.php:595
395
  msgid ""
396
  "14. CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK "
397
  "IP/REDIRECT CODE: Add miscellaneous code here"
398
  msgstr ""
399
 
400
+ #: admin/core/core-custom-code.php:605
401
  msgid ""
402
  "If you are unable to save Custom Code and/or see an error message when "
403
  "trying to save Custom Code, click the Encrypt Custom Code button first and "
405
  "image to the right for help info."
406
  msgstr ""
407
 
408
+ #: admin/core/core-custom-code.php:605 admin/core/core-custom-code.php:983
409
  msgid ""
410
  "If your web host currently has ModSecurity installed or installs ModSecurity "
411
  "at a later time then ModSecurity will prevent you from saving your custom "
413
  "Code button."
414
  msgstr ""
415
 
416
+ #: admin/core/core-custom-code.php:605
417
  msgid ""
418
  "If you click the Encrypt Custom Code button, but then want to add or edit "
419
  "additional custom code click the Decrypt Custom Code button. After you are "
421
  "before clicking the Save Root Custom Code button."
422
  msgstr ""
423
 
424
+ #: admin/core/core-custom-code.php:605
425
  msgid ""
426
  "Additional Encrypt and Decrypt buttons have been added at the top of the "
427
  "Root Custom Code Form."
428
  msgstr ""
429
 
430
+ #: admin/core/core-custom-code.php:605 admin/core/core-custom-code.php:983
431
+ #: admin/core/core.php:2010
432
  msgid "Click the Custom Code Question Mark help button for more help info."
433
  msgstr ""
434
 
435
+ #: admin/core/core-custom-code.php:608
436
  msgid ""
437
  "IMPORTANT!!! Did you remember to click the Encrypt Custom Code button first "
438
  "before saving your Root Custom Code?"
439
  msgstr ""
440
 
441
+ #: admin/core/core-custom-code.php:608
442
  msgid "Click OK to save your Root Custom Code or click Cancel."
443
  msgstr ""
444
 
445
+ #: admin/core/core-custom-code.php:904
446
  msgid "wp-admin htaccess File Custom Code"
447
  msgstr ""
448
 
449
+ #: admin/core/core-custom-code.php:927
450
  msgid ""
451
  "Example Code: Click the Question Mark help button at the top of the Custom "
452
  "Code page for wp-admin Custom Code Setup Steps. This example code is a "
457
  "CODE text box."
458
  msgstr ""
459
 
460
+ #: admin/core/core-custom-code.php:929
461
  msgid ""
462
  "Example Code: Click the Question Mark help button at the top of the Custom "
463
  "Code page for wp-admin Custom Code Setup Steps. This example code is a "
466
  "htaccess code, copy and paste it into this CUSTOM CODE WPADMIN TOP text box."
467
  msgstr ""
468
 
469
+ #: admin/core/core-custom-code.php:931
470
  msgid ""
471
  "Example Code: Click the Question Mark help button at the top of the Custom "
472
  "Code page for wp-admin Custom Code Setup Steps. This example code is a "
476
  "FILE SKIP RULES text box."
477
  msgstr ""
478
 
479
+ #: admin/core/core-custom-code.php:933
480
  msgid ""
481
  "Example Code: Click the Question Mark help button at the top of the Custom "
482
  "Code page for wp-admin Custom Code Setup Steps. This example code is a "
487
  "CUSTOM CODE text box."
488
  msgstr ""
489
 
490
+ #: admin/core/core-custom-code.php:938
491
  msgid ""
492
  "1. CUSTOM CODE WPADMIN DENY BROWSER ACCESS TO FILES:<br>Add additional wp-"
493
  "admin files that you would like to block here"
494
  msgstr ""
495
 
496
+ #: admin/core/core-custom-code.php:939
497
  msgid ""
498
  "You MUST copy and paste the entire WPADMIN DENY BROWSER ACCESS TO FILES "
499
  "section of code from your wp-admin .htaccess file into this text box first. "
503
  "htaccess file"
504
  msgstr ""
505
 
506
+ #: admin/core/core-custom-code.php:949
507
  msgid ""
508
  "2. CUSTOM CODE WPADMIN TOP:<br>wp-admin password protection & miscellaneous "
509
  "custom code here"
510
  msgstr ""
511
 
512
+ #: admin/core/core-custom-code.php:961
513
  msgid ""
514
  "3. CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES:<br>Add wp-admin plugin/file "
515
  "skip rules code here"
516
  msgstr ""
517
 
518
+ #: admin/core/core-custom-code.php:973
519
  msgid ""
520
  "4. CUSTOM CODE BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS:<br>Modify "
521
  "Query String Exploit code here"
522
  msgstr ""
523
 
524
+ #: admin/core/core-custom-code.php:974 admin/core/core-help-text.php:40
525
  msgid ""
526
  "You MUST copy and paste the entire BPS QUERY STRING EXPLOITS section of code "
527
  "from your wp-admin .htaccess file from # BEGIN BPSQSE-check BPS QUERY STRING "
530
  "this text window and save your changes."
531
  msgstr ""
532
 
533
+ #: admin/core/core-custom-code.php:983
534
  msgid ""
535
  "If you are unable to save Custom Code and/or see an error message when "
536
  "trying to save Custom Code, click the Encrypt Custom Code button first and "
538
  "mark image to the right for help info."
539
  msgstr ""
540
 
541
+ #: admin/core/core-custom-code.php:983
542
  msgid ""
543
  "If you click the Encrypt Custom Code button, but then want to add or edit "
544
  "additional custom code click the Decrypt Custom Code button. After you are "
546
  "before clicking the Save wp-admin Custom Code button."
547
  msgstr ""
548
 
549
+ #: admin/core/core-custom-code.php:983
550
  msgid ""
551
  "Additional Encrypt and Decrypt buttons have been added at the top of the wp-"
552
  "admin Custom Code Form."
553
  msgstr ""
554
 
555
+ #: admin/core/core-custom-code.php:986
556
  msgid ""
557
  "IMPORTANT!!! Did you remember to click the Encrypt Custom Code button first "
558
  "before saving your wp-admin Custom Code?"
559
  msgstr ""
560
 
561
+ #: admin/core/core-custom-code.php:986
562
  msgid "Click OK to save your wp-admin Custom Code or click Cancel."
563
  msgstr ""
564
 
569
  msgstr ""
570
 
571
  #: admin/core/core-export-import.php:115 admin/login/lsm-export.php:49
572
+ #: admin/wizard/wizard-backup.php:252 admin/wizard/wizard-backup.php:294
573
+ #: admin/wizard/wizard.php:1905
574
  msgid ""
575
  "If you see a 403 error and/or are unable to download the zip file then click "
576
  "here: "
577
  msgstr ""
578
 
579
  #: admin/core/core-export-import.php:115 admin/login/lsm-export.php:49
580
+ #: admin/wizard/wizard-backup.php:252 admin/wizard/wizard-backup.php:294
581
+ #: admin/wizard/wizard.php:1046 admin/wizard/wizard.php:1143
582
+ #: admin/wizard/wizard.php:1146 admin/wizard/wizard.php:1905
583
  #: includes/hud-autofix-whitelist.php:861
584
  msgid "Setup Wizard Options"
585
  msgstr ""
591
  msgstr ""
592
 
593
  #: admin/core/core-export-import.php:115 admin/login/lsm-export.php:49
594
+ #: admin/wizard/wizard.php:1905
595
  msgid "Download Zip Export"
596
  msgstr ""
597
 
598
+ #: admin/core/core-export-import.php:144 admin/wizard/wizard.php:2069
599
  msgid "Zip File Upload Successful."
600
  msgstr ""
601
 
602
+ #: admin/core/core-export-import.php:155 admin/wizard/wizard.php:2080
603
  msgid "Zip File Exraction Successful. Method: ZipArchive class."
604
  msgstr ""
605
 
629
  msgid "3. Click the wp-admin Folder BulletProof Mode Activate button."
630
  msgstr ""
631
 
632
+ #: admin/core/core-export-import.php:169 admin/wizard/wizard.php:2091
633
  msgid "ERROR: Zip File Extraction Failed. Method: ZipArchive class."
634
  msgstr ""
635
 
636
+ #: admin/core/core-export-import.php:189 admin/wizard/wizard.php:2111
637
  msgid "Zip File Extraction Successful. Method: PclZip."
638
  msgstr ""
639
 
640
+ #: admin/core/core-export-import.php:203 admin/wizard/wizard.php:2123
641
  msgid "ERROR: Zip File Extraction Failed. Method: PclZip."
642
  msgstr ""
643
 
644
+ #: admin/core/core-export-import.php:211 admin/wizard/wizard.php:2131
645
  msgid "ERROR: Zip File Upload Failed."
646
  msgstr ""
647
 
672
  msgstr ""
673
 
674
  #: admin/core/core-forms.php:18 admin/core/core-forms.php:104
675
+ #: admin/core/core.php:1285
676
  msgid "htaccess Files Disabled: wp-admin htaccess file writing is disabled. "
677
  msgstr ""
678
 
679
  #: admin/core/core-forms.php:18 admin/core/core-forms.php:104
680
+ #: admin/core/core-forms.php:204 admin/core/core-forms.php:254
681
+ #: admin/core/core-forms.php:288 admin/core/core-forms.php:338
682
+ #: admin/core/core-forms.php:372 admin/core/core-forms.php:438
683
+ #: admin/core/core-htaccess-code.php:460 admin/core/core-htaccess-code.php:544
684
+ #: admin/core/core-htaccess-code.php:613 admin/core/core-htaccess-code.php:697
685
+ #: admin/core/core.php:892 admin/core/core.php:982 admin/core/core.php:1096
686
+ #: admin/core/core.php:1186 admin/core/core.php:1285
687
+ #: admin/maintenance/maintenance.php:946 admin/maintenance/maintenance.php:1263
688
+ #: admin/maintenance/maintenance.php:1782
689
+ #: admin/maintenance/maintenance.php:1913
690
+ #: admin/maintenance/maintenance.php:2107 admin/wizard/wizard-functions.php:45
691
  msgid "Click this link for help information: "
692
  msgstr ""
693
 
694
  #: admin/core/core-forms.php:18 admin/core/core-forms.php:104
695
+ #: admin/core/core-forms.php:204 admin/core/core-forms.php:254
696
+ #: admin/core/core-forms.php:288 admin/core/core-forms.php:338
697
+ #: admin/core/core-forms.php:372 admin/core/core-forms.php:438
698
+ #: admin/core/core-htaccess-code.php:460 admin/core/core-htaccess-code.php:544
699
+ #: admin/core/core-htaccess-code.php:613 admin/core/core-htaccess-code.php:697
700
+ #: admin/core/core.php:892 admin/core/core.php:982 admin/core/core.php:1096
701
+ #: admin/core/core.php:1186 admin/core/core.php:1285
702
+ #: admin/maintenance/maintenance.php:946 admin/maintenance/maintenance.php:1263
703
+ #: admin/maintenance/maintenance.php:1782
704
+ #: admin/maintenance/maintenance.php:1913
705
+ #: admin/maintenance/maintenance.php:2107 admin/wizard/wizard-functions.php:45
706
+ #: admin/wizard/wizard.php:1058
707
  msgid "htaccess Files Disabled Forum Topic"
708
  msgstr ""
709
 
753
  msgid "Hidden Plugin Folders|Files (HPF) Cron has been turned Off."
754
  msgstr ""
755
 
756
+ #: admin/core/core-forms.php:191
757
  msgid "Ignore Hidden Plugin Folders & Files settings saved."
758
  msgstr ""
759
 
760
+ #: admin/core/core-forms.php:191
761
  msgid "Current HPF Ignore Rules: "
762
  msgstr ""
763
 
764
+ #: admin/core/core-forms.php:204 admin/core/core-forms.php:254
765
  msgid "htaccess Files Disabled: Master htaccess file writing is disabled. "
766
  msgstr ""
767
 
768
+ #: admin/core/core-forms.php:220 admin/core/core-forms.php:234
769
  msgid ""
770
  "Failed to activate Master htaccess Folder BulletProof Mode. Check the file "
771
  "or folder permissions or Ownership for this folder: /bulletproof-security/"
772
  "admin/htaccess/."
773
  msgstr ""
774
 
775
+ #: admin/core/core-forms.php:225 admin/core/core-forms.php:239
776
  msgid "Master htaccess Folder BulletProof Mode activated successfully."
777
  msgstr ""
778
 
779
+ #: admin/core/core-forms.php:267
780
  msgid ""
781
  "Failed to deactivate Master htaccess Folder BulletProof Mode. Check the file "
782
  "or folder permissions or Ownership for this folder: /bulletproof-security/"
783
  "admin/htaccess/."
784
  msgstr ""
785
 
786
+ #: admin/core/core-forms.php:274
787
  msgid "Master htaccess Folder BulletProof Mode deactivated successfully."
788
  msgstr ""
789
 
790
+ #: admin/core/core-forms.php:288 admin/core/core-forms.php:338
791
  msgid "htaccess Files Disabled: BPS Backup htaccess file writing is disabled. "
792
  msgstr ""
793
 
794
+ #: admin/core/core-forms.php:304 admin/core/core-forms.php:318
795
  msgid ""
796
  "Failed to activate BPS Backup Folder BulletProof Mode. Check the file or "
797
  "folder permissions or Ownership for this folder: /"
798
  msgstr ""
799
 
800
+ #: admin/core/core-forms.php:304 admin/core/core-forms.php:318
801
+ #: admin/core/core-forms.php:351
802
  msgid "/bps-backup."
803
  msgstr ""
804
 
805
+ #: admin/core/core-forms.php:309 admin/core/core-forms.php:323
806
  msgid "BPS Backup Folder BulletProof Mode activated successfully."
807
  msgstr ""
808
 
809
+ #: admin/core/core-forms.php:351
810
  msgid ""
811
  "Failed to deactivate BPS Backup Folder BulletProof Mode. Check the file or "
812
  "folder permissions or Ownership for this folder: /"
813
  msgstr ""
814
 
815
+ #: admin/core/core-forms.php:358
816
  msgid "BPS Backup Folder BulletProof Mode deactivated successfully."
817
  msgstr ""
818
 
819
+ #: admin/core/core-forms.php:372
820
  msgid "htaccess Files Disabled: htaccess file Backup is disabled. "
821
  msgstr ""
822
 
823
+ #: admin/core/core-forms.php:385
824
  msgid "You do not have an .htaccess file in your Root folder to backup."
825
  msgstr ""
826
 
827
+ #: admin/core/core-forms.php:393
828
  msgid ""
829
  "Failed to Backup Your Root .htaccess File. File copy function failed. Check "
830
  "the folder permissions for the /"
831
  msgstr ""
832
 
833
+ #: admin/core/core-forms.php:393 admin/core/core-forms.php:416
834
  msgid "/bps-backup folder. Folder permissions should be set to 755."
835
  msgstr ""
836
 
837
+ #: admin/core/core-forms.php:400
838
  msgid "Your Root .htaccess file has been backed up successfully."
839
  msgstr ""
840
 
841
+ #: admin/core/core-forms.php:408
842
  msgid "You do not have an htaccess file in your wp-admin folder to backup."
843
  msgstr ""
844
 
845
+ #: admin/core/core-forms.php:416
846
  msgid ""
847
  "Failed to Backup Your wp-admin htaccess File. File copy function failed. "
848
  "Check the folder permissions for the /"
849
  msgstr ""
850
 
851
+ #: admin/core/core-forms.php:423
852
  msgid "Your wp-admin htaccess file has been backed up successfully."
853
  msgstr ""
854
 
855
+ #: admin/core/core-forms.php:438
856
  msgid "htaccess Files Disabled: htaccess file Restore is disabled. "
857
  msgstr ""
858
 
859
+ #: admin/core/core-forms.php:459
860
  msgid ""
861
  "Failed to Restore Your Root htaccess File. Either you DO NOT have a Backed "
862
  "up Root htaccess file or your Root htaccess file permissions do not allow "
863
  "the file to be replaced/restored."
864
  msgstr ""
865
 
866
+ #: admin/core/core-forms.php:469
867
  msgid "Your Root htaccess file has been Restored successfully."
868
  msgstr ""
869
 
870
+ #: admin/core/core-forms.php:479
871
  msgid ""
872
  "Failed to Restore Your wp-admin htaccess File. Either you DO NOT have a "
873
  "Backed up wp-admin htaccess file or your wp-admin htaccess file permissions "
874
  "do not allow the file to be replaced/restored."
875
  msgstr ""
876
 
877
+ #: admin/core/core-forms.php:486
878
  msgid "Your wp-admin htaccess file has been Restored successfully."
879
  msgstr ""
880
 
998
  "Question Mark help file for BPS troubleshooting steps."
999
  msgstr ""
1000
 
1001
+ #: admin/core/core-help-text.php:15 admin/wizard/wizard.php:1103
1002
  msgid "Notes: "
1003
  msgstr ""
1004
 
1065
  "Send Email Alerts."
1066
  msgstr ""
1067
 
1068
+ #: admin/core/core-help-text.php:18 admin/core/core.php:519
1069
  msgid "HPF Cron Check Frequency:"
1070
  msgstr ""
1071
 
1077
  "Options button to save your settings."
1078
  msgstr ""
1079
 
1080
+ #: admin/core/core-help-text.php:18 admin/core/core.php:530
1081
  msgid "HPF Cron On|Off:"
1082
  msgstr ""
1083
 
1087
  "HPF Cron Off. Click the Save HPF Cron Options button to save your settings."
1088
  msgstr ""
1089
 
1090
+ #: admin/core/core-help-text.php:18 admin/core/core.php:554
1091
  msgid "Ignore Hidden Plugin Folders & Files:"
1092
  msgstr ""
1093
 
1702
  msgid "Modify wp-admin Query String Exploit code here"
1703
  msgstr ""
1704
 
1705
+ #: admin/core/core-htaccess-code.php:59 admin/core/core-htaccess-code.php:132
1706
+ #: admin/maintenance/maintenance.php:464 admin/maintenance/maintenance.php:484
1707
  msgid "The file "
1708
  msgstr ""
1709
 
1710
+ #: admin/core/core-htaccess-code.php:59 admin/core/core-htaccess-code.php:132
1711
+ #: admin/maintenance/maintenance.php:464 admin/maintenance/maintenance.php:484
1712
  msgid " is not writable or does not exist."
1713
  msgstr ""
1714
 
1715
+ #: admin/core/core-htaccess-code.php:59
1716
  msgid ""
1717
  "Check that the file is named default.htaccess and that the file exists in "
1718
  "the /bulletproof-security/admin/htaccess master folder. If this is not the "
1719
  "problem click "
1720
  msgstr ""
1721
 
1722
+ #: admin/core/core-htaccess-code.php:59 admin/core/core-htaccess-code.php:132
1723
  msgid "HERE"
1724
  msgstr ""
1725
 
1726
+ #: admin/core/core-htaccess-code.php:59 admin/core/core-htaccess-code.php:132
1727
  msgid " to go the the BulletProof Security Forum."
1728
  msgstr ""
1729
 
1730
+ #: admin/core/core-htaccess-code.php:132
1731
  msgid ""
1732
  "Check that the file is named secure.htaccess and that the file exists in "
1733
  "the /bulletproof-security/admin/htaccess master folder. If this is not the "
1734
  "problem click"
1735
  msgstr ""
1736
 
1737
+ #: admin/core/core-htaccess-code.php:460 admin/core/core-htaccess-code.php:544
1738
+ #: admin/core/core-htaccess-code.php:613 admin/core/core-htaccess-code.php:697
1739
+ #: admin/core/core.php:1186
1740
  msgid "htaccess Files Disabled: Root htaccess file writing is disabled. "
1741
  msgstr ""
1742
 
1743
+ #: admin/core/core-htaccess-code.php:482 admin/core/core-htaccess-code.php:635
1744
+ #: admin/core/core.php:1029
1745
  msgid "Failed to copy your Custom default.htaccess file: "
1746
  msgstr ""
1747
 
1748
+ #: admin/core/core-htaccess-code.php:482 admin/core/core-htaccess-code.php:635
1749
+ #: admin/core/core.php:1029
1750
  msgid " to: "
1751
  msgstr ""
1752
 
1753
+ #: admin/core/core-htaccess-code.php:482 admin/core/core-htaccess-code.php:635
1754
  msgid " Check the folder permissions or Ownership for these folders."
1755
  msgstr ""
1756
 
1757
+ #: admin/core/core-htaccess-code.php:493 admin/core/core-htaccess-code.php:646
1758
  msgid ""
1759
  "Root Folder BulletProof Mode deactivated successfully. Your Custom default."
1760
  "htaccess is now in use."
1761
  msgstr ""
1762
 
1763
+ #: admin/core/core-htaccess-code.php:517 admin/core/core-htaccess-code.php:670
1764
  msgid ""
1765
  "Failed to deactivate Root Folder BulletProof Mode. Unable to Copy the "
1766
  "default.htaccess file to your root folder."
1767
  msgstr ""
1768
 
1769
+ #: admin/core/core-htaccess-code.php:528 admin/core/core-htaccess-code.php:681
1770
  msgid "Root Folder BulletProof Mode deactivated successfully."
1771
  msgstr ""
1772
 
1773
+ #: admin/core/core-htaccess-code.php:573 admin/core/core-htaccess-code.php:726
1774
  msgid ""
1775
  "Failed to activate Root Folder BulletProof Mode protection. Your website is "
1776
  "NOT protected."
1777
  msgstr ""
1778
 
1779
+ #: admin/core/core-htaccess-code.php:584 admin/core/core-htaccess-code.php:737
1780
  msgid "Root Folder BulletProof Mode protection activated successfully."
1781
  msgstr ""
1782
 
1783
+ #: admin/core/core.php:139 admin/includes/admin.php:402
1784
+ #: admin/includes/admin.php:425 admin/includes/admin.php:426
1785
  msgid "htaccess File Options"
1786
  msgstr ""
1787
 
1788
+ #: admin/core/core.php:168 admin/db-backup-security/db-backup-security.php:37
1789
  #: admin/email-log-settings/email-log-settings.php:38 admin/login/login.php:142
1790
+ #: admin/maintenance/maintenance.php:48 admin/mscan/mscan.php:89
1791
  #: admin/security-log/security-log.php:38 admin/system-info/system-info.php:38
1792
+ #: admin/theme-skin/theme-skin.php:37 admin/wizard/wizard.php:127
1793
  msgid "Settings Saved"
1794
  msgstr ""
1795
 
1796
+ #: admin/core/core.php:193
1797
  msgid "Security Modes"
1798
  msgstr ""
1799
 
1800
+ #: admin/core/core.php:194
1801
  msgid "htaccess File Editor"
1802
  msgstr ""
1803
 
1804
+ #: admin/core/core.php:195 admin/core/core.php:1867 admin/core/core.php:1870
1805
  msgid "Custom Code"
1806
  msgstr ""
1807
 
1808
+ #: admin/core/core.php:196
1809
  msgid "My Notes"
1810
  msgstr ""
1811
 
1812
+ #: admin/core/core.php:197
1813
  msgid "Whats New"
1814
  msgstr ""
1815
 
1816
+ #: admin/core/core.php:198 admin/db-backup-security/db-backup-security.php:269
1817
+ #: admin/email-log-settings/email-log-settings.php:257
1818
+ #: admin/login/login.php:174 admin/maintenance/maintenance.php:176
1819
+ #: admin/mscan/mscan.php:220 admin/security-log/security-log.php:203
1820
+ #: admin/system-info/system-info.php:64 admin/theme-skin/theme-skin.php:60
1821
  msgid "Help &amp; FAQ"
1822
  msgstr ""
1823
 
1824
+ #: admin/core/core.php:199 admin/core/core.php:220 admin/core/core.php:347
1825
+ #: admin/core/core.php:453 admin/core/core.php:588 admin/core/core.php:681
1826
+ #: admin/core/core.php:774 admin/core/core.php:826 admin/core/core.php:1876
1827
+ #: admin/core/core.php:2089 admin/db-backup-security/db-backup-security.php:290
1828
+ #: admin/db-backup-security/db-backup-security.php:1261
1829
+ #: admin/db-backup-security/db-backup-security.php:1438
1830
+ #: admin/email-log-settings/email-log-settings.php:278
1831
+ #: admin/login/login.php:204 admin/login/login.php:828
1832
+ #: admin/login/login.php:1183 admin/login/login.php:1747
1833
+ #: admin/maintenance/maintenance.php:206 admin/mscan/mscan.php:241
1834
+ #: admin/mscan/mscan.php:2105 admin/mscan/mscan.php:2333
1835
+ #: admin/mscan/mscan.php:3048 admin/security-log/security-log.php:224
1836
+ #: admin/system-info/system-info.php:81 admin/theme-skin/theme-skin.php:81
1837
+ #: admin/wizard/wizard.php:1087 admin/wizard/wizard.php:1156
1838
+ #: admin/wizard/wizard.php:1743 bulletproof-security.php:183
1839
  msgid "BPS Pro Features"
1840
  msgstr ""
1841
 
1842
+ #: admin/core/core.php:211 admin/core/core.php:214 admin/core/core.php:341
 
 
 
 
 
 
 
 
1843
  msgid "Root Folder BulletProof Mode (RBM)"
1844
  msgstr ""
1845
 
1846
+ #: admin/core/core.php:217 admin/core/core.php:344 admin/core/core.php:450
1847
+ #: admin/core/core.php:585 admin/core/core.php:678 admin/core/core.php:771
1848
+ #: admin/core/core.php:823 admin/core/core.php:1873
1849
+ #: admin/db-backup-security/db-backup-security.php:287
1850
+ #: admin/db-backup-security/db-backup-security.php:1258
1851
+ #: admin/db-backup-security/db-backup-security.php:1435
1852
+ #: admin/email-log-settings/email-log-settings.php:275
1853
+ #: admin/login/login.php:201 admin/login/login.php:825
1854
+ #: admin/login/login.php:1180 admin/login/login.php:1744
1855
+ #: admin/maintenance/maintenance.php:203 admin/mscan/mscan-help-text.php:96
1856
+ #: admin/mscan/mscan-help-text.php:109 admin/mscan/mscan-help-text.php:116
1857
+ #: admin/mscan/mscan.php:238 admin/mscan/mscan.php:2102
1858
+ #: admin/mscan/mscan.php:2330 admin/mscan/mscan.php:3045
1859
+ #: admin/security-log/security-log.php:221 admin/system-info/system-info.php:78
1860
+ #: admin/theme-skin/theme-skin.php:77 admin/wizard/wizard.php:1084
1861
+ #: admin/wizard/wizard.php:1153 admin/wizard/wizard.php:1740
1862
  msgid ""
1863
  "This Question Mark Help window is draggable (top) and resizable (bottom "
1864
  "right corner)"
1865
  msgstr ""
1866
 
1867
+ #: admin/core/core.php:220 admin/core/core.php:347 admin/core/core.php:453
1868
+ #: admin/core/core.php:588 admin/core/core.php:681 admin/core/core.php:774
1869
+ #: admin/core/core.php:826 admin/core/core.php:1876 admin/core/core.php:2089
1870
+ #: admin/core/core.php:2169 admin/db-backup-security/db-backup-security.php:290
1871
+ #: admin/db-backup-security/db-backup-security.php:1261
1872
+ #: admin/db-backup-security/db-backup-security.php:1438
1873
+ #: admin/email-log-settings/email-log-settings.php:278
1874
+ #: admin/login/login.php:204 admin/login/login.php:828
1875
+ #: admin/login/login.php:1183 admin/login/login.php:1747
1876
+ #: admin/maintenance/maintenance.php:206 admin/mscan/mscan.php:241
1877
+ #: admin/mscan/mscan.php:2105 admin/mscan/mscan.php:2333
1878
+ #: admin/mscan/mscan.php:3048 admin/security-log/security-log.php:224
1879
+ #: admin/system-info/system-info.php:81 admin/theme-skin/theme-skin.php:81
1880
+ #: admin/wizard/wizard.php:1087 admin/wizard/wizard.php:1156
1881
+ #: admin/wizard/wizard.php:1743
1882
  msgid ""
1883
  "Want even more security protection for the ridiculously cheap one-time price "
1884
  "of $69.95"
1885
  msgstr ""
1886
 
1887
+ #: admin/core/core.php:220 admin/core/core.php:347 admin/core/core.php:453
1888
+ #: admin/core/core.php:588 admin/core/core.php:681 admin/core/core.php:774
1889
+ #: admin/core/core.php:826 admin/core/core.php:1876 admin/core/core.php:2089
1890
+ #: admin/core/core.php:2171 admin/db-backup-security/db-backup-security.php:290
1891
+ #: admin/db-backup-security/db-backup-security.php:1261
1892
+ #: admin/db-backup-security/db-backup-security.php:1438
1893
+ #: admin/email-log-settings/email-log-settings.php:278
1894
+ #: admin/login/login.php:204 admin/login/login.php:828
1895
+ #: admin/login/login.php:1183 admin/login/login.php:1747
1896
+ #: admin/maintenance/maintenance.php:206 admin/mscan/mscan.php:241
1897
+ #: admin/mscan/mscan.php:2105 admin/mscan/mscan.php:2333
1898
+ #: admin/mscan/mscan.php:3048 admin/security-log/security-log.php:224
1899
+ #: admin/system-info/system-info.php:81 admin/theme-skin/theme-skin.php:81
1900
+ #: admin/wizard/wizard.php:1087 admin/wizard/wizard.php:1156
1901
+ #: admin/wizard/wizard.php:1743
1902
  msgid ""
1903
  "BPS Pro comes with free unlimited installations, upgrades & support for "
1904
  "life. No yearly subscriptions or additional costs."
1905
  msgstr ""
1906
 
1907
+ #: admin/core/core.php:220 admin/core/core.php:347 admin/core/core.php:453
1908
+ #: admin/core/core.php:588 admin/core/core.php:681 admin/core/core.php:774
1909
+ #: admin/core/core.php:826 admin/core/core.php:1876 admin/core/core.php:2089
1910
+ #: admin/db-backup-security/db-backup-security.php:290
1911
+ #: admin/db-backup-security/db-backup-security.php:1261
1912
+ #: admin/db-backup-security/db-backup-security.php:1438
1913
+ #: admin/email-log-settings/email-log-settings.php:278
1914
+ #: admin/login/login.php:204 admin/login/login.php:828
1915
+ #: admin/login/login.php:1183 admin/login/login.php:1747
1916
+ #: admin/maintenance/maintenance.php:206 admin/mscan/mscan.php:241
1917
+ #: admin/mscan/mscan.php:2105 admin/mscan/mscan.php:2333
1918
+ #: admin/mscan/mscan.php:3048 admin/security-log/security-log.php:224
1919
+ #: admin/system-info/system-info.php:81 admin/theme-skin/theme-skin.php:81
1920
+ #: admin/wizard/wizard.php:1087 admin/wizard/wizard.php:1156
1921
+ #: admin/wizard/wizard.php:1743
1922
  msgid ""
1923
  "BBS Pro has an amazing track record. BPS Pro is installed on 60,000+ "
1924
  "websites. Not a single one of those websites has been hacked in 10+ years."
1925
  msgstr ""
1926
 
1927
+ #: admin/core/core.php:220 admin/core/core.php:347 admin/core/core.php:453
1928
+ #: admin/core/core.php:588 admin/core/core.php:681 admin/core/core.php:774
1929
+ #: admin/core/core.php:826 admin/core/core.php:1876 admin/core/core.php:2089
1930
+ #: admin/db-backup-security/db-backup-security.php:290
1931
+ #: admin/db-backup-security/db-backup-security.php:1261
1932
+ #: admin/db-backup-security/db-backup-security.php:1438
1933
+ #: admin/email-log-settings/email-log-settings.php:278
1934
+ #: admin/login/login.php:204 admin/login/login.php:828
1935
+ #: admin/login/login.php:1183 admin/login/login.php:1747
1936
+ #: admin/maintenance/maintenance.php:206 admin/mscan/mscan.php:241
1937
+ #: admin/mscan/mscan.php:2105 admin/mscan/mscan.php:2333
1938
+ #: admin/mscan/mscan.php:3048 admin/security-log/security-log.php:224
1939
+ #: admin/system-info/system-info.php:81 admin/theme-skin/theme-skin.php:81
1940
+ #: admin/wizard/wizard.php:1087 admin/wizard/wizard.php:1156
1941
+ #: admin/wizard/wizard.php:1743
1942
  msgid "Get BPS Pro"
1943
  msgstr ""
1944
 
1945
+ #: admin/core/core.php:223 admin/core/core.php:350 admin/core/core.php:1880
1946
+ #: admin/db-backup-security/db-backup-security.php:294
1947
+ #: admin/email-log-settings/email-log-settings.php:282
1948
+ #: admin/login/login.php:1186 admin/maintenance/maintenance.php:210
1949
+ #: admin/mscan/mscan.php:244 admin/system-info/system-info.php:85
1950
  msgid "Forum Help Links: "
1951
  msgstr ""
1952
 
1953
+ #: admin/core/core.php:226 admin/core/core.php:353
1954
  msgid "Setup Wizard & Other Video Tutorials"
1955
  msgstr ""
1956
 
1957
+ #: admin/core/core.php:227 admin/core/core.php:354
1958
+ #: admin/email-log-settings/email-log-settings.php:285
1959
  #: admin/security-log/security-log.php:231
1960
  msgid "BPS Troubleshooting Steps"
1961
  msgstr ""
1962
 
1963
+ #: admin/core/core.php:261 admin/core/core.php:264 admin/core/core.php:267
1964
+ #: admin/core/core.php:270 admin/core/core.php:278 admin/core/core.php:281
1965
+ #: admin/core/core.php:284 admin/core/core.php:287
1966
  msgid "RBM Status: "
1967
  msgstr ""
1968
 
1969
+ #: admin/core/core.php:261 admin/core/core.php:278 admin/core/core.php:393
1970
+ #: admin/core/core.php:407 admin/core/core.php:620 admin/core/core.php:634
1971
+ #: admin/core/core.php:713 admin/core/core.php:727
1972
  msgid "Disabled"
1973
  msgstr ""
1974
 
1975
+ #: admin/core/core.php:264 admin/core/core.php:281
1976
  msgid "Root htaccess File Does Not Exist"
1977
  msgstr ""
1978
 
1979
+ #: admin/core/core.php:267 admin/core/core.php:284 admin/core/core.php:399
1980
+ #: admin/core/core.php:413 admin/core/core.php:626 admin/core/core.php:640
1981
+ #: admin/core/core.php:719 admin/core/core.php:733
1982
+ #: admin/system-info/system-info.php:237 admin/system-info/system-info.php:278
1983
  msgid "Activated"
1984
  msgstr ""
1985
 
1986
+ #: admin/core/core.php:270 admin/core/core.php:287 admin/core/core.php:396
1987
+ #: admin/core/core.php:410 admin/core/core.php:623 admin/core/core.php:637
1988
+ #: admin/core/core.php:716 admin/core/core.php:730
1989
+ #: admin/system-info/system-info.php:246 admin/system-info/system-info.php:280
1990
  msgid "Deactivated"
1991
  msgstr ""
1992
 
1993
+ #: admin/core/core.php:304 admin/core/core.php:322
1994
  msgid "Click OK to Activate Root Folder BulletProof Mode or click Cancel."
1995
  msgstr ""
1996
 
1997
+ #: admin/core/core.php:312 admin/core/core.php:330
1998
  msgid "Click OK to Deactivate Root Folder BulletProof Mode or click Cancel."
1999
  msgstr ""
2000
 
2001
+ #: admin/core/core.php:338
2002
  msgid "wp-admin Folder BulletProof Mode (WBM)"
2003
  msgstr ""
2004
 
2005
+ #: admin/core/core.php:393 admin/core/core.php:396 admin/core/core.php:399
2006
+ #: admin/core/core.php:407 admin/core/core.php:410 admin/core/core.php:413
2007
  msgid "WBM Status: "
2008
  msgstr ""
2009
 
2010
+ #: admin/core/core.php:428
2011
  msgid "Click OK to Activate wp-admin Folder BulletProof Mode or click Cancel."
2012
  msgstr ""
2013
 
2014
+ #: admin/core/core.php:436
2015
  msgid ""
2016
  "Click OK to Deactivate wp-admin Folder BulletProof Mode or click Cancel."
2017
  msgstr ""
2018
 
2019
+ #: admin/core/core.php:444 admin/core/core.php:447
2020
  msgid "Hidden Plugin Folders|Files Cron (HPF)"
2021
  msgstr ""
2022
 
2023
+ #: admin/core/core.php:484 admin/core/core.php:487 admin/core/core.php:495
2024
+ #: admin/core/core.php:498
2025
  msgid "HPF Status: "
2026
  msgstr ""
2027
 
2028
+ #: admin/core/core.php:484 admin/core/core.php:495 admin/core/core.php:532
2029
  msgid "HPF Cron On"
2030
  msgstr ""
2031
 
2032
+ #: admin/core/core.php:487 admin/core/core.php:498 admin/core/core.php:533
2033
  msgid "HPF Cron Off"
2034
  msgstr ""
2035
 
2036
+ #: admin/core/core.php:521
2037
  msgid "Run Check Every 1 Minute"
2038
  msgstr ""
2039
 
2040
+ #: admin/core/core.php:522
2041
  msgid "Run Check Every 5 Minutes"
2042
  msgstr ""
2043
 
2044
+ #: admin/core/core.php:523
2045
  msgid "Run Check Every 10 Minutes"
2046
  msgstr ""
2047
 
2048
+ #: admin/core/core.php:524
2049
  msgid "Run Check Every 15 Minutes"
2050
  msgstr ""
2051
 
2052
+ #: admin/core/core.php:525
2053
  msgid "Run Check Every 30 Minutes"
2054
  msgstr ""
2055
 
2056
+ #: admin/core/core.php:526
2057
  msgid "Run Check Every 60 Minutes"
2058
  msgstr ""
2059
 
2060
+ #: admin/core/core.php:527
2061
  msgid "Run Check Once Daily"
2062
  msgstr ""
2063
 
2064
+ #: admin/core/core.php:536
 
 
 
 
2065
  msgid ""
2066
  "The default Cron Frequency is: Run Check Every 15 Minutes. This is a "
2067
  "lightweight check that uses an insignificant amount of resources/memory so 4 "
2073
  "OK to proceed or click Cancel"
2074
  msgstr ""
2075
 
2076
+ #: admin/core/core.php:540
2077
  msgid "Add Ignore rules using plugin folder names or file names."
2078
  msgstr ""
2079
 
2080
+ #: admin/core/core.php:540
2081
  msgid "Use a comma and a space between folder and/or file names."
2082
  msgstr ""
2083
 
2084
+ #: admin/core/core.php:540
2085
  msgid "Example: plugin-folder-name, example-file-name.php"
2086
  msgstr ""
2087
 
2088
+ #: admin/core/core.php:561
2089
  msgid ""
2090
  "This option is for adding ignore rules for Hidden or Empty Plugin Folders "
2091
  "Detected by BPS or Non-standard WP files detected by BPS in your /plugins/ "
2092
  "folder."
2093
  msgstr ""
2094
 
2095
+ #: admin/core/core.php:561
2096
  msgid ""
2097
  "This is an independent option setting that does not require clicking any "
2098
  "other buttons."
2099
  msgstr ""
2100
 
2101
+ #: admin/core/core.php:561 admin/maintenance/maintenance.php:750
2102
+ #: admin/security-log/security-log.php:458
2103
+ #: admin/security-log/security-log.php:474
2104
+ #: admin/security-log/security-log.php:705
2105
+ #: admin/system-info/system-info.php:1247
2106
  msgid "Click OK to proceed or click Cancel."
2107
  msgstr ""
2108
 
2109
+ #: admin/core/core.php:579
2110
  msgid "Master htaccess Folder BulletProof Mode (MBM)"
2111
  msgstr ""
2112
 
2113
+ #: admin/core/core.php:582
2114
  msgid "MBM BulletProof Modes"
2115
  msgstr ""
2116
 
2117
+ #: admin/core/core.php:620 admin/core/core.php:623 admin/core/core.php:626
2118
+ #: admin/core/core.php:634 admin/core/core.php:637 admin/core/core.php:640
2119
  msgid "MBM Status: "
2120
  msgstr ""
2121
 
2122
+ #: admin/core/core.php:655
2123
  msgid "Click OK to Activate MBM BulletProof Mode or click Cancel."
2124
  msgstr ""
2125
 
2126
+ #: admin/core/core.php:663
2127
  msgid "Click OK to Deactivate MBM BulletProof Mode or click Cancel."
2128
  msgstr ""
2129
 
2130
+ #: admin/core/core.php:672
2131
  msgid "BPS Backup Folder BulletProof Mode (BBM)"
2132
  msgstr ""
2133
 
2134
+ #: admin/core/core.php:675
2135
  msgid "BBM BulletProof Modes"
2136
  msgstr ""
2137
 
2138
+ #: admin/core/core.php:713 admin/core/core.php:716 admin/core/core.php:719
2139
+ #: admin/core/core.php:727 admin/core/core.php:730 admin/core/core.php:733
2140
  msgid "BBM Status: "
2141
  msgstr ""
2142
 
2143
+ #: admin/core/core.php:748
2144
  msgid "Click OK to Activate BBM BulletProof Mode or click Cancel."
2145
  msgstr ""
2146
 
2147
+ #: admin/core/core.php:756
2148
  msgid ""
2149
  "Caution: BPS Backup Folder BulletProof Mode (BBM) should only be deactivated "
2150
  "for testing or troubleshooting. Be sure to activate BBM BulletProof Mode "
2151
  "after you are done testing or troubleshooting."
2152
  msgstr ""
2153
 
2154
+ #: admin/core/core.php:756
2155
  msgid "Click OK to Deactivate BBM BulletProof Mode or click Cancel."
2156
  msgstr ""
2157
 
2158
+ #: admin/core/core.php:765 admin/core/core.php:768
2159
  msgid "Backup & Restore BPS htaccess Files"
2160
  msgstr ""
2161
 
2162
+ #: admin/core/core.php:788
2163
  msgid "Click OK to Backup BPS htaccess files or click Cancel."
2164
  msgstr ""
2165
 
2166
+ #: admin/core/core.php:796
2167
  msgid "Click OK to Restore BPS htaccess files or click Cancel."
2168
  msgstr ""
2169
 
2170
+ #: admin/core/core.php:817 admin/core/core.php:820
2171
  msgid "htaccess File Editing"
2172
  msgstr ""
2173
 
2174
+ #: admin/core/core.php:859
2175
  msgid "htaccess Files Disabled: secure.htaccess Master file is disabled."
2176
  msgstr ""
2177
 
2178
+ #: admin/core/core.php:863
2179
  msgid "ERROR: A secure.htaccess Master file was NOT found."
2180
  msgstr ""
2181
 
2182
+ #: admin/core/core.php:872
2183
  msgid ""
2184
  "File Open and Write test successful! The secure.htaccess Master file is "
2185
  "writable."
2186
  msgstr ""
2187
 
2188
+ #: admin/core/core.php:877 admin/core/core.php:967 admin/core/core.php:1080
2189
+ #: admin/core/core.php:1269 admin/security-log/security-log.php:770
2190
  msgid "Cannot write to file: "
2191
  msgstr ""
2192
 
2193
+ #: admin/core/core.php:892
2194
  msgid ""
2195
  "htaccess Files Disabled: secure.htaccess Master file writing is disabled. "
2196
  msgstr ""
2197
 
2198
+ #: admin/core/core.php:912
2199
  msgid "Error: Unable to write to the secure.htaccess Master file."
2200
  msgstr ""
2201
 
2202
+ #: admin/core/core.php:927
2203
  msgid "The secure.htaccess Master file has been updated."
2204
  msgstr ""
2205
 
2206
+ #: admin/core/core.php:949
2207
  msgid "htaccess Files Disabled: default.htaccess Master file is disabled."
2208
  msgstr ""
2209
 
2210
+ #: admin/core/core.php:953
2211
  msgid "ERROR: A default.htaccess Master file was NOT found."
2212
  msgstr ""
2213
 
2214
+ #: admin/core/core.php:962
2215
  msgid ""
2216
  "File Open and Write test successful! The default.htaccess Master file is "
2217
  "writable."
2218
  msgstr ""
2219
 
2220
+ #: admin/core/core.php:982
2221
  msgid ""
2222
  "htaccess Files Disabled: default.htaccess Master file writing is disabled. "
2223
  msgstr ""
2224
 
2225
+ #: admin/core/core.php:1002
2226
  msgid "Error: Unable to write to the default.htaccess Master file."
2227
  msgstr ""
2228
 
2229
+ #: admin/core/core.php:1017
2230
  msgid "The default.htaccess Master file has been updated."
2231
  msgstr ""
2232
 
2233
+ #: admin/core/core.php:1029
2234
  msgid ""
2235
  " Check that the /bps-backup/ and /master-backups/ folders exist and the "
2236
  "folder permissions or Ownership for these folders."
2237
  msgstr ""
2238
 
2239
+ #: admin/core/core.php:1034
2240
  msgid ""
2241
  "Your Custom default.htaccess Master file has been successfully saved to: "
2242
  msgstr ""
2243
 
2244
+ #: admin/core/core.php:1056
2245
  msgid "wpadmin-secure.htaccess file writing is disabled."
2246
  msgstr ""
2247
 
2248
+ #: admin/core/core.php:1062
2249
  msgid ""
2250
  "htaccess Files Disabled: wpadmin-secure.htaccess Master file is disabled."
2251
  msgstr ""
2252
 
2253
+ #: admin/core/core.php:1066
2254
  msgid "ERROR: A wpadmin-secure.htaccess Master file was NOT found."
2255
  msgstr ""
2256
 
2257
+ #: admin/core/core.php:1075
2258
  msgid ""
2259
  "File Open and Write test successful! The wpadmin-secure.htaccess Master file "
2260
  "is writable."
2261
  msgstr ""
2262
 
2263
+ #: admin/core/core.php:1096
2264
  msgid ""
2265
  "htaccess Files Disabled: wpadmin-secure.htaccess Master file writing is "
2266
  "disabled. "
2267
  msgstr ""
2268
 
2269
+ #: admin/core/core.php:1116
2270
  msgid "Error: Unable to write to the wpadmin-secure.htaccess Master file."
2271
  msgstr ""
2272
 
2273
+ #: admin/core/core.php:1131
2274
  msgid "The wpadmin-secure.htaccess Master file has been updated."
2275
  msgstr ""
2276
 
2277
+ #: admin/core/core.php:1153
2278
  msgid "htaccess Files Disabled: Root htaccess file does not exist."
2279
  msgstr ""
2280
 
2281
+ #: admin/core/core.php:1157
2282
  msgid "ERROR: An htaccess file was NOT found in your root folder"
2283
  msgstr ""
2284
 
2285
+ #: admin/core/core.php:1166
2286
  msgid ""
2287
  "File Open and Write test successful! Your root htaccess file is writable."
2288
  msgstr ""
2289
 
2290
+ #: admin/core/core.php:1171
2291
  msgid "Your root htaccess file is Locked with Read Only Permissions."
2292
  msgstr ""
2293
 
2294
+ #: admin/core/core.php:1171
2295
  msgid ""
2296
  "Use the Lock and Unlock buttons below to Lock or Unlock your root htaccess "
2297
  "file for editing."
2298
  msgstr ""
2299
 
2300
+ #: admin/core/core.php:1206
2301
  msgid ""
2302
  "Error: Unable to write to the Root htaccess file. If your Root htaccess file "
2303
  "is locked you must unlock first."
2304
  msgstr ""
2305
 
2306
+ #: admin/core/core.php:1221
2307
  msgid "Your root htaccess file has been updated."
2308
  msgstr ""
2309
 
2310
+ #: admin/core/core.php:1245
2311
  msgid "wp-admin active htaccess file writing is disabled."
2312
  msgstr ""
2313
 
2314
+ #: admin/core/core.php:1251
2315
  msgid "htaccess Files Disabled: wp-admin folder htaccess file does not exist."
2316
  msgstr ""
2317
 
2318
+ #: admin/core/core.php:1255
2319
  msgid "ERROR: An htaccess file was NOT found in your wp-admin folder"
2320
  msgstr ""
2321
 
2322
+ #: admin/core/core.php:1264
2323
  msgid ""
2324
  "File Open and Write test successful! Your wp-admin htaccess file is writable."
2325
  msgstr ""
2326
 
2327
+ #: admin/core/core.php:1305
2328
  msgid "Error: Unable to write to the wp-admin htaccess file."
2329
  msgstr ""
2330
 
2331
+ #: admin/core/core.php:1320
2332
  msgid "Your wp-admin htaccess file has been updated."
2333
  msgstr ""
2334
 
2335
+ #: admin/core/core.php:1337
2336
  msgid "Your Root htaccess file has been Locked."
2337
  msgstr ""
2338
 
2339
+ #: admin/core/core.php:1342
2340
  msgid "Unable to Lock your Root htaccess file."
2341
  msgstr ""
2342
 
2343
+ #: admin/core/core.php:1356
2344
  msgid "Your Root htaccess file has been Unlocked."
2345
  msgstr ""
2346
 
2347
+ #: admin/core/core.php:1361
2348
  msgid "Unable to Unlock your Root htaccess file."
2349
  msgstr ""
2350
 
2351
+ #: admin/core/core.php:1384
2352
  msgid "Click OK to Lock your Root htaccess file or click Cancel."
2353
  msgstr ""
2354
 
2355
+ #: admin/core/core.php:1384
2356
  msgid ""
2357
  "Note: The File Open and Write Test window will still display the last status "
2358
  "of the file as Unlocked. To see the current status refresh your browser."
2359
  msgstr ""
2360
 
2361
+ #: admin/core/core.php:1392
2362
  msgid "Click OK to Unlock your Root htaccess file or click Cancel."
2363
  msgstr ""
2364
 
2365
+ #: admin/core/core.php:1392
2366
  msgid ""
2367
  "Note: The File Open and Write Test window will still display the last status "
2368
  "of the file as Locked. To see the current status refresh your browser."
2369
  msgstr ""
2370
 
2371
+ #: admin/core/core.php:1401
2372
  msgid ""
2373
  "Turning AutoLock On will allow BPS Pro to automatically lock your Root ."
2374
  "htaccess file. For some folks this causes a problem because their Web Hosts "
2376
  "BPS Pro to AutoLock the Root .htaccess file works fine."
2377
  msgstr ""
2378
 
2379
+ #: admin/core/core.php:1401
2380
  msgid "Click OK to Turn AutoLock On or click Cancel."
2381
  msgstr ""
2382
 
2383
+ #: admin/core/core.php:1403 admin/system-info/system-info.php:855
2384
+ #: admin/system-info/system-info.php:871 admin/system-info/system-info.php:879
2385
+ #: admin/system-info/system-info.php:887 admin/system-info/system-info.php:895
2386
+ #: admin/system-info/system-info.php:903 admin/system-info/system-info.php:911
2387
+ #: admin/system-info/system-info.php:919 admin/system-info/system-info.php:927
2388
+ #: admin/system-info/system-info.php:946 includes/functions.php:566
2389
+ #: includes/functions.php:761 includes/functions.php:942
2390
+ #: includes/functions.php:989 includes/functions.php:1041
2391
+ #: includes/functions.php:1089
2392
  msgid "On"
2393
  msgstr ""
2394
 
2395
+ #: admin/core/core.php:1413
2396
  msgid ""
2397
  "Turning AutoLock Off will prevent BPS Pro from automatically locking your "
2398
  "Root .htaccess file. For some folks this is necessary because their Web "
2400
  "allowing BPS Pro to AutoLock the Root .htaccess file works fine."
2401
  msgstr ""
2402
 
2403
+ #: admin/core/core.php:1413
2404
  msgid "Click OK to Turn AutoLock Off or click Cancel."
2405
  msgstr ""
2406
 
2407
+ #: admin/core/core.php:1415 admin/system-info/system-info.php:579
2408
+ #: admin/system-info/system-info.php:874 admin/system-info/system-info.php:882
2409
+ #: admin/system-info/system-info.php:890 admin/system-info/system-info.php:898
2410
+ #: admin/system-info/system-info.php:906 admin/system-info/system-info.php:914
2411
+ #: admin/system-info/system-info.php:922 admin/system-info/system-info.php:930
2412
+ #: admin/system-info/system-info.php:938 admin/system-info/system-info.php:949
2413
+ #: includes/functions.php:947 includes/functions.php:994
2414
+ #: includes/functions.php:1047 includes/functions.php:1095
2415
  #: includes/general-functions.php:285 includes/general-functions.php:300
2416
  msgid "Off"
2417
  msgstr ""
2418
 
2419
+ #: admin/core/core.php:1430
2420
  msgid "secure.htaccess"
2421
  msgstr ""
2422
 
2423
+ #: admin/core/core.php:1431
2424
  msgid "default.htaccess"
2425
  msgstr ""
2426
 
2427
+ #: admin/core/core.php:1432
2428
  msgid "wpadmin-secure.htaccess"
2429
  msgstr ""
2430
 
2431
+ #: admin/core/core.php:1433
2432
  msgid "Root htaccess File"
2433
  msgstr ""
2434
 
2435
+ #: admin/core/core.php:1434
2436
  msgid "wp-admin htaccess File"
2437
  msgstr ""
2438
 
2439
+ #: admin/core/core.php:1458 admin/core/core.php:1532 admin/core/core.php:1606
2440
+ #: admin/core/core.php:1711 admin/core/core.php:1787
2441
  msgid ""
2442
  "If you see an error or are unable to save your editing changes then click "
2443
  "the Encrypt htaccess Code button first and then click the Update File "
2444
  "button. Mouse over the question mark image to the right for help info."
2445
  msgstr ""
2446
 
2447
+ #: admin/core/core.php:1458 admin/core/core.php:1532 admin/core/core.php:1606
2448
+ #: admin/core/core.php:1711 admin/core/core.php:1787
2449
  msgid ""
2450
  "If your web host currently has ModSecurity installed or installs ModSecurity "
2451
  "at a later time then ModSecurity will prevent you from saving your htaccess "
2453
  "button."
2454
  msgstr ""
2455
 
2456
+ #: admin/core/core.php:1458 admin/core/core.php:1532 admin/core/core.php:1606
2457
+ #: admin/core/core.php:1711 admin/core/core.php:1787
2458
  msgid ""
2459
  "If you click the Encrypt htaccess Code button and then want to edit your "
2460
  "code again click the Decrypt htaccess Code button. After you are done "
2462
  "File button."
2463
  msgstr ""
2464
 
2465
+ #: admin/core/core.php:1458 admin/core/core.php:1532 admin/core/core.php:1606
2466
+ #: admin/core/core.php:1711 admin/core/core.php:1787
2467
  msgid ""
2468
  "Click the htaccess File Editing Question Mark help button for more help info."
2469
  msgstr ""
2470
 
2471
+ #: admin/core/core.php:1707
2472
  msgid "YOUR ROOT HTACCESS FILE IS LOCKED."
2473
  msgstr ""
2474
 
2475
+ #: admin/core/core.php:1707
2476
  msgid "YOUR FILE EDITS|CHANGES CANNOT BE SAVED."
2477
  msgstr ""
2478
 
2479
+ #: admin/core/core.php:1707
2480
  msgid ""
2481
  "Click Cancel, copy the file editing changes you made to save them and then "
2482
  "click the Unlock .htaccess File button to unlock your Root .htaccess file. "
2485
  "to save your file edits/changes."
2486
  msgstr ""
2487
 
2488
+ #: admin/core/core.php:1883 admin/core/core.php:2133
2489
+ #: admin/wizard/wizard.php:1095
2490
  msgid "Custom Code Video Tutorial"
2491
  msgstr ""
2492
 
2493
+ #: admin/core/core.php:1885
2494
  msgid "BulletProof Security Pro Forum"
2495
  msgstr ""
2496
 
2497
+ #: admin/core/core.php:1887
2498
  msgid "Brute Force Login Page Protection code"
2499
  msgstr ""
2500
 
2501
+ #: admin/core/core.php:1911
2502
  msgid ""
2503
  "Clicking OK will Import all of your Root and wp-admin Custom Code from the "
2504
  "cc-master.zip file on your computer."
2505
  msgstr ""
2506
 
2507
+ #: admin/core/core.php:1911
2508
  msgid "Click OK to Import Custom Code or click Cancel."
2509
  msgstr ""
2510
 
2511
+ #: admin/core/core.php:1920
2512
  msgid ""
2513
  "Clicking OK will Export (copy) all of your Root and wp-admin Custom Code "
2514
  "into the cc-master.zip file, which you can then download to your computer by "
2516
  "success message."
2517
  msgstr ""
2518
 
2519
+ #: admin/core/core.php:1920
2520
  msgid "Click OK to Export Custom Code or click Cancel."
2521
  msgstr ""
2522
 
2523
+ #: admin/core/core.php:1928
2524
  msgid ""
2525
  "Clicking OK will delete all of your Root and wp-admin Custom Code from all "
2526
  "of the Custom Code text boxes."
2527
  msgstr ""
2528
 
2529
+ #: admin/core/core.php:1928
2530
  msgid "Click OK to Delete Custom Code or click Cancel."
2531
  msgstr ""
2532
 
2533
+ #: admin/core/core.php:1954
2534
  msgid "Save Personal Notes and htaccess Code Notes to your WordPress Database"
2535
  msgstr ""
2536
 
2537
+ #: admin/core/core.php:1982
2538
  msgid ""
2539
  "Your My Notes Personal Notes and/or htaccess Code Notes saved successfully "
2540
  "to your WordPress Database."
2541
  msgstr ""
2542
 
2543
+ #: admin/core/core.php:2010
2544
  msgid ""
2545
  "If you are unable to save custom htaccess code and/or see an error message "
2546
  "when trying to save custom htaccess code, "
2547
  msgstr ""
2548
 
2549
+ #: admin/core/core.php:2010
2550
  msgid ""
2551
  "click the Encrypt My Notes button first and then click the Save My Notes "
2552
  "button."
2553
  msgstr ""
2554
 
2555
+ #: admin/core/core.php:2010
2556
  msgid "Mouse over the question mark image to the right for help info."
2557
  msgstr ""
2558
 
2559
+ #: admin/core/core.php:2010
2560
  msgid ""
2561
  "If your web host currently has ModSecurity installed or installs ModSecurity "
2562
  "at a later time then ModSecurity will prevent you from saving your custom "
2564
  "button."
2565
  msgstr ""
2566
 
2567
+ #: admin/core/core.php:2010
2568
  msgid ""
2569
  "If you click the Encrypt My Notes button, but then want to add or edit "
2570
  "additional custom code click the Decrypt My Notes button. After you are done "
2572
  "clicking the Save My Notes button."
2573
  msgstr ""
2574
 
2575
+ #: admin/core/core.php:2080
2576
+ #: admin/db-backup-security/db-backup-security.php:1783
2577
+ #: admin/mscan/mscan.php:3654 admin/theme-skin/theme-skin.php:230
2578
  msgid "Whats New in "
2579
  msgstr ""
2580
 
2581
+ #: admin/core/core.php:2080
2582
  msgid " and General Help Info & Tips"
2583
  msgstr ""
2584
 
2585
+ #: admin/core/core.php:2086
2586
  msgid "The BPS Changelog|Whats New page has been moved to the "
2587
  msgstr ""
2588
 
2589
+ #: admin/core/core.php:2102
2590
  msgid "General Help Info & Tips:"
2591
  msgstr ""
2592
 
2593
+ #: admin/core/core.php:2108
2594
  msgid "BPS Video Tutorials|Setup Wizard: "
2595
  msgstr ""
2596
 
2597
+ #: admin/core/core.php:2108
2598
+ msgid "BPS Pro Video Tutorials"
2599
+ msgstr ""
2600
+
2601
+ #: admin/core/core.php:2114
2602
  msgid ""
2603
  "BPS Setup Wizard AutoFix automatically creates whitelist rules for 100+ "
2604
  "known issues with plugins and themes: "
2605
  msgstr ""
2606
 
2607
+ #: admin/core/core.php:2114
2608
  msgid ""
2609
  "All BPS plugin features can be turned Off/On individually to confirm, "
2610
  "eliminate or isolate a problem or issue that may or may not be caused by "
2611
  "BPS: "
2612
  msgstr ""
2613
 
2614
+ #: admin/core/core.php:2114
2615
  msgid ""
2616
  "The BPS Security Log is a primary troubleshooting tool. If BPS is blocking "
2617
  "something legitimate in another plugin or theme then a Security Log entry "
2620
  "being blocked: "
2621
  msgstr ""
2622
 
2623
+ #: admin/core/core.php:2114
2624
  msgid "BPS Security Forum: "
2625
  msgstr ""
2626
 
2627
+ #: admin/core/core.php:2131 admin/email-log-settings/email-log-settings.php:440
2628
+ #: admin/login/login.php:1870 admin/maintenance/maintenance.php:2232
2629
+ #: admin/security-log/security-log.php:845
2630
+ #: admin/system-info/system-info.php:1269
2631
  msgid "Security Log Event Codes"
2632
  msgstr ""
2633
 
2634
+ #: admin/core/core.php:2132
2635
+ #: admin/db-backup-security/db-backup-security.php:1787
2636
+ #: admin/email-log-settings/email-log-settings.php:441
2637
+ #: admin/login/login.php:1871 admin/maintenance/maintenance.php:2233
2638
+ #: admin/mscan/mscan.php:3657 admin/security-log/security-log.php:846
2639
+ #: admin/system-info/system-info.php:1270 admin/theme-skin/theme-skin.php:233
2640
  msgid "Forum: Search, Troubleshooting Steps & Post Questions For Assistance"
2641
  msgstr ""
2642
 
2643
+ #: admin/core/core.php:2148
2644
  msgid "BulletProof Security Pro Feature Highlights"
2645
  msgstr ""
2646
 
2647
+ #: admin/core/core.php:2158
2648
  msgid "The Ultimate Security Protection"
2649
  msgstr ""
2650
 
2651
+ #: admin/core/core.php:2161
2652
  msgid "BPS Pro One-Click Setup Wizard & Demo Video Tutorial"
2653
  msgstr ""
2654
 
2655
+ #: admin/core/core.php:2162
2656
  msgid "View All BPS Pro Features"
2657
  msgstr ""
2658
 
2659
+ #: admin/core/core.php:2173
2660
  msgid ""
2661
  "The Complete Website Security Solution for Hacker and Spammer Protection"
2662
  msgstr ""
2663
 
2664
+ #: admin/core/core.php:2173
2665
  msgid ""
2666
  "BulletProof Security Pro has an amazing track record. BPS Pro has been "
2667
  "publicly available for 10+ years and is installed on over 60,000 websites "
2669
  "hacked."
2670
  msgstr ""
2671
 
2672
+ #: admin/core/core.php:2173
2673
  msgid ""
2674
  "Why pay 10 times or more for other premium WordPress Security Plugins with "
2675
  "recurring yearly subscriptions when you can get the best WordPress Security "
2676
  "Plugin for an extremely low one-time purchase price?"
2677
  msgstr ""
2678
 
2679
+ #: admin/core/core.php:2173
2680
  msgid "View Cost Comparison"
2681
  msgstr ""
2682
 
2683
+ #: admin/core/core.php:2173
2684
  msgid ""
2685
  "30-Day Money-Back Guarantee: If you are dissatisfied with BulletProof "
2686
  "Security Pro for any reason. We offer a no questions asked full refund."
2687
  msgstr ""
2688
 
2689
+ #: admin/core/core.php:2176
2690
  msgid "One-Click Setup Wizard Installation: "
2691
  msgstr ""
2692
 
2693
+ #: admin/core/core.php:2176
2694
  msgid ""
2695
  "Fast, simple and complete BPS Pro installation and setup in less than 1 "
2696
  "minute."
2697
  msgstr ""
2698
 
2699
+ #: admin/core/core.php:2178
2700
  msgid "One-Click Upgrade: "
2701
  msgstr ""
2702
 
2703
+ #: admin/core/core.php:2178
2704
  msgid "One-click plugin upgrade on the WordPress Plugins page."
2705
  msgstr ""
2706
 
2707
+ #: admin/core/core.php:2180
2708
  msgid ""
2709
  "AutoRestore|Quarantine Intrusion Detection and Prevention System (ARQ IDPS): "
2710
  msgstr ""
2711
 
2712
+ #: admin/core/core.php:2180
2713
  msgid ""
2714
  "ARQ IDPS is a real-time file scanner that automatically quarantines "
2715
  "malicious hacker files and autorestores legitimate website files if they "
2723
  "Plugin and Theme Automatic, Manual and Shiny installations and updates."
2724
  msgstr ""
2725
 
2726
+ #: admin/core/core.php:2182
2727
  msgid "MScan Malware Scanner: "
2728
  msgstr ""
2729
 
2730
+ #: admin/core/core.php:2182
2731
  msgid ""
2732
  "MScan Scheduled Scans are available in BPS Pro only. The BPS Pro ARQ IDPS "
2733
  "scanner is far superior to malware scanners including MScan, but both the "
2735
  "website if someone would like to do that."
2736
  msgstr ""
2737
 
2738
+ #: admin/core/core.php:2184
2739
  msgid "Plugin Firewall|Plugin Firewall AutoPilot Mode: "
2740
  msgstr ""
2741
 
2742
+ #: admin/core/core.php:2184
2743
  msgid ""
2744
  "The Plugin Firewall protects all of your Plugins (plugin folders and files) "
2745
  "with an IP Address Firewall, which prevents/blocks/forbids Remote Access to "
2753
  "firewall whitelist rules."
2754
  msgstr ""
2755
 
2756
+ #: admin/core/core.php:2186
2757
  msgid "JTC Anti-Spam|Anti-Hacker (JTC): "
2758
  msgstr ""
2759
 
2760
+ #: admin/core/core.php:2186
2761
  #, php-format
2762
  msgid ""
2763
  "Blocks 100% of all SpamBot and HackerBot Brute Force Login attacks (auto-"
2771
  "includes a SpamBot Trap."
2772
  msgstr ""
2773
 
2774
+ #: admin/core/core.php:2188
2775
  msgid "Uploads Folder Anti-Exploit Guard (UAEG): "
2776
  msgstr ""
2777
 
2778
+ #: admin/core/core.php:2188
2779
  msgid ""
2780
  "Protects the WordPress Uploads folder. ONLY safe image files with valid "
2781
  "image file extensions such as jpg, gif, png, etc. can be accessed, opened or "
2785
  "executed in the WordPress Uploads folder."
2786
  msgstr ""
2787
 
2788
+ #: admin/core/core.php:2190
2789
  msgid "DB Monitor Intrusion Detection System (IDS): "
2790
  msgstr ""
2791
 
2792
+ #: admin/core/core.php:2190
2793
  msgid ""
2794
  "The DB Monitor is an automated Intrusion Detection System (IDS) that alerts "
2795
  "you via email anytime a change/modification occurs in your WordPress "
2800
  "help info."
2801
  msgstr ""
2802
 
2803
+ #: admin/co