MalCare WordPress Security Plugin – Malware Scanner, Cleaner,

Version Description

Callback improvements
Adding delete transient callback

Release Info

Developer	ritesh.soni36
Plugin	MalCare WordPress Security Plugin – Malware Scanner, Cleaner, Security Firewall
Version	1.88
Comparing to
See all releases

Version 1.88

Files changed (45) hide show

admin.php +163 -0
admin/main_page.php +120 -0
admin/top_box.php +12 -0
callback.php +251 -0
callback/response.php +107 -0
callback/streams.php +166 -0
callback/wings/auth.php +26 -0
callback/wings/brand.php +48 -0
callback/wings/db.php +145 -0
callback/wings/fs.php +258 -0
callback/wings/fw.php +34 -0
callback/wings/info.php +292 -0
callback/wings/ipstore.php +116 -0
callback/wings/lp.php +72 -0
callback/wings/misc.php +71 -0
callback/wings/monit.php +77 -0
callback/wings/protect.php +62 -0
css/bvmui.min.css +1 -0
css/bvnew.min.css +1 -0
fw/config.php +66 -0
fw/fw.php +280 -0
fw/request.php +295 -0
img/adobe-logo.png +0 -0
img/bv.png +0 -0
img/fb.png +0 -0
img/icon.png +0 -0
img/intel-logo.png +0 -0
img/logo.png +0 -0
img/sap-logo.png +0 -0
img/testimonial_mc.png +0 -0
img/twitter.png +0 -0
img/valet-logo.png +0 -0
ipstore.php +97 -0
license.txt +385 -0
logger.php +24 -0
lp/config.php +80 -0
lp/lp.php +248 -0
main.php +167 -0
main/auth.php +106 -0
main/db.php +166 -0
main/lib.php +44 -0
main/site_info.php +99 -0
malcare.php +92 -0
protect.php +45 -0
readme.txt +275 -0

admin.php ADDED Viewed

	@@ -0,0 +1,163 @@


1	+ <?php
2	+
3	+ if (!defined('ABSPATH')) exit;
4	+ if (!class_exists('MCAdmin')) :
5	+ class MCAdmin {
6	+ public $bvmain;
7	+ function __construct($bvmain) {
8	+ $this->bvmain = $bvmain;
9	+ }
10	+
11	+ public function mainUrl($_params = '') {
12	+ if (function_exists('network_admin_url')) {
13	+ return network_admin_url('admin.php?page='.$this->bvmain->plugname.$_params);
14	+ } else {
15	+ return admin_url('admin.php?page='.$this->bvmain->plugname.$_params);
16	+ }
17	+ }
18	+
19	+ public function initHandler() {
20	+ if (!current_user_can('activate_plugins'))
21	+ return;
22	+
23	+ if (array_key_exists('bvnonce', $_REQUEST) &&
24	+ wp_verify_nonce($_REQUEST['bvnonce'], "bvnonce") &&
25	+ array_key_exists('blogvaultkey', $_REQUEST) &&
26	+ (strlen($_REQUEST['blogvaultkey']) == 64) &&
27	+ (array_key_exists('page', $_REQUEST) &&
28	+ $_REQUEST['page'] == $this->bvmain->plugname)) {
29	+ $keys = str_split($_REQUEST['blogvaultkey'], 32);
30	+ $this->bvmain->auth->updateKeys($keys[0], $keys[1]);
31	+ if (array_key_exists('redirect', $_REQUEST)) {
32	+ $location = $_REQUEST['redirect'];
33	+ wp_redirect($this->bvmain->authenticatedUrl('/malcare/access/welcome'));
34	+ exit();
35	+ }
36	+ }
37	+ if ($this->bvmain->isActivateRedirectSet()) {
38	+ wp_redirect($this->mainUrl());
39	+ }
40	+ }
41	+
42	+ public function mcsecAdminMenu($hook) {
43	+ if ($hook === 'toplevel_page_malcare') {
44	+ wp_enqueue_style( 'mcsurface', plugins_url('css/bvmui.min.css', __FILE__));
45	+ wp_enqueue_style( 'bvnew', plugins_url('css/bvnew.min.css', __FILE__));
46	+ }
47	+ }
48	+
49	+ public function menu() {
50	+ $brand = $this->bvmain->getBrandInfo();
51	+ if (!$brand \|\| (!array_key_exists('hide', $brand) && !array_key_exists('hide_from_menu', $brand))) {
52	+ $bname = $this->bvmain->getBrandName();
53	+ add_menu_page($bname, $bname, 'manage_options', $this->bvmain->plugname,
54	+ array($this, 'adminPage'), plugins_url('img/icon.png', __FILE__ ));
55	+ }
56	+ }
57	+
58	+ public function hidePluginDetails($plugin_metas, $slug) {
59	+ $brand = $this->bvmain->getBrandInfo();
60	+ $bvslug = $this->bvmain->slug;
61	+
62	+ if ($slug === $bvslug && $brand && array_key_exists('hide_plugin_details', $brand)){
63	+ foreach ($plugin_metas as $pluginKey => $pluginValue) {
64	+ if (strpos($pluginValue, sprintf('>%s<', translate('View details')))) {
65	+ unset($plugin_metas[$pluginKey]);
66	+ break;
67	+ }
68	+ }
69	+ }
70	+ return $plugin_metas;
71	+ }
72	+
73	+ public function settingsLink($links, $file) {
74	+ #XNOTE: Fix this
75	+ if ( $file == plugin_basename( dirname(__FILE__).'/malcare.php' ) ) {
76	+ $links[] = '<a href="'.$this->mainUrl().'">'.__( 'Settings' ).'</a>';
77	+ }
78	+ return $links;
79	+ }
80	+
81	+ public function getPluginLogo() {
82	+ $brand = $this->bvmain->getBrandInfo();
83	+ if ($brand && array_key_exists('logo', $brand)) {
84	+ return $brand['logo'];
85	+ }
86	+ return $this->bvmain->logo;
87	+ }
88	+
89	+ public function getWebPage() {
90	+ $brand = $this->bvmain->getBrandInfo();
91	+ if ($brand && array_key_exists('webpage', $brand)) {
92	+ return $brand['webpage'];
93	+ }
94	+ return $this->bvmain->webpage;
95	+ }
96	+
97	+ public function siteInfoTags() {
98	+ $bvnonce = wp_create_nonce("bvnonce");
99	+ $secret = $this->bvmain->auth->defaultSecret();
100	+ $tags = "<input type='hidden' name='url' value='".$this->bvmain->info->wpurl()."'/>\n".
101	+ "<input type='hidden' name='homeurl' value='".$this->bvmain->info->homeurl()."'/>\n".
102	+ "<input type='hidden' name='siteurl' value='".$this->bvmain->info->siteurl()."'/>\n".
103	+ "<input type='hidden' name='dbsig' value='".$this->bvmain->lib->dbsig(false)."'/>\n".
104	+ "<input type='hidden' name='plug' value='".$this->bvmain->plugname."'/>\n".
105	+ "<input type='hidden' name='adminurl' value='".$this->mainUrl()."'/>\n".
106	+ "<input type='hidden' name='bvversion' value='".$this->bvmain->version."'/>\n".
107	+ "<input type='hidden' name='serverip' value='".$_SERVER["SERVER_ADDR"]."'/>\n".
108	+ "<input type='hidden' name='abspath' value='".ABSPATH."'/>\n".
109	+ "<input type='hidden' name='secret' value='".$secret."'/>\n".
110	+ "<input type='hidden' name='bvnonce' value='".$bvnonce."'/>\n";
111	+ return $tags;
112	+ }
113	+
114	+ public function activateWarning() {
115	+ global $hook_suffix;
116	+ if (!$this->bvmain->isConfigured() && $hook_suffix == 'index.php' ) {
117	+ ?>
118	+ <div id="message" class="updated" style="padding: 8px; font-size: 16px; background-color: #dff0d8">
119	+ <a class="button-primary" href="<?php echo $this->mainUrl(); ?>">Activate MalCare</a>
120	+    <b>Almost Done:</b> Activate your Malcare account to secure your site.
121	+ </div>
122	+ <?php
123	+ }
124	+ }
125	+
126	+ public function adminPage() {
127	+ require_once dirname( __FILE__ ) . '/admin/main_page.php';
128	+ }
129	+
130	+ public function initBranding($plugins) {
131	+ $slug = $this->bvmain->slug;
132	+ $brand = $this->bvmain->getBrandInfo();
133	+ if ($brand) {
134	+ if (array_key_exists('hide', $brand)) {
135	+ unset($plugins[$slug]);
136	+ } else {
137	+ if (array_key_exists('name', $brand)) {
138	+ $plugins[$slug]['Name'] = $brand['name'];
139	+ }
140	+ if (array_key_exists('title', $brand)) {
141	+ $plugins[$slug]['Title'] = $brand['title'];
142	+ }
143	+ if (array_key_exists('description', $brand)) {
144	+ $plugins[$slug]['Description'] = $brand['description'];
145	+ }
146	+ if (array_key_exists('authoruri', $brand)) {
147	+ $plugins[$slug]['AuthorURI'] = $brand['authoruri'];
148	+ }
149	+ if (array_key_exists('author', $brand)) {
150	+ $plugins[$slug]['Author'] = $brand['author'];
151	+ }
152	+ if (array_key_exists('authorname', $brand)) {
153	+ $plugins[$slug]['AuthorName'] = $brand['authorname'];
154	+ }
155	+ if (array_key_exists('pluginuri', $brand)) {
156	+ $plugins[$slug]['PluginURI'] = $brand['pluginuri'];
157	+ }
158	+ }
159	+ }
160	+ return $plugins;
161	+ }
162	+ }
163	+ endif;

admin/main_page.php ADDED Viewed

	@@ -0,0 +1,120 @@


1	+ <div id="content-wrapper" style="width: 99%;">
2	+ <!-- Content HTML goes here -->
3	+ <div class="mui-container-fluid">
4	+ <div class="mui--appbar-height"></div>
5	+ <br><br>
6	+ <div class="mui-row">
7	+ <div style="background: #4686f5; overflow: hidden;">
8	+ <a href="https://www.malcare.com/?utm_source=mc_free_plugin_lp_logo&utm_medium=logo_link&utm_campaign=mc_free_plugin_lp_header&utm_term=header_logo&utm_content=image_link"><img src="<?php echo plugins_url($this->getPluginLogo(), __FILE__); ?>" style="padding: 10px;"></a>
9	+ <div class="top-links">
10	+ <span class="bv-top-button"><a href="https://wordpress.org/support/plugin/malcare-security/reviews/#new-post">Leave a Review</a></span>
11	+ <span class="bv-top-button"><a href="https://wordpress.org/support/plugin/malcare-security/">Need Help?</a></span>
12	+ </div>
13	+ </div>
14	+ </div>
15	+ </div>
16	+
17	+ <div class="mui-container-fluid" style="padding: 0px;">
18	+ <div class="mui-col-md-10" style="padding-left: 0px;">
19	+ <br>
20	+ <?php if ($this->bvmain->isConfigured()) { ?>
21	+ <div class="bv-box" style="overflow: hidden;">
22	+ <div class="mui-col-md-8" style="margin: 15px auto; overflow: hidden; float: inherit;">
23	+ <div class="mui-panel mui--text-center" style="margin-bottom:0!important;background-color:#4caf50;">
24	+ <div class="mui--text-title mui--text-light">MalCare Protection Activated</div>
25	+ </div>
26	+ <div class="mui-panel" style="height: 240px;">
27	+ <div class="mui--text-body1" style="font-size: 20px; text-align: center;">View detailed security statistics on Dashboard.</div>
28	+ <div style="text-align: center;"><a class="mui-btn mui-btn--raised mui-btn--primary custom-bv-button" href=<?php echo $this->bvmain->authenticatedUrl('/malcare/access')?> target="_blank">Visit Dashboard</a></div>
29	+ <div style="text-align: center; margin-top: 10px;">
30	+ <span>Loved Malcare ? Share a Word </span>
31	+ <br>
32	+ <?php
33	+ $shareLink = "https://wordpress.org/plugins/malcare-security/";
34	+ $shareText = "I just secured my website using MalCare Wordpress Security Plugin. It Does not OVERLOAD my server and Removes malware in One-Click. RIDICULOUSLY Easy! Check it out";
35	+ $hashTags = "MalCare, Wordpress, Security";
36	+ ?>
37	+ <span><a href="http://twitter.com/share?text=<?php echo $shareText; ?>&url=<?php echo $shareLink; ?>&hashtags=<?php echo $hashTags; ?>"><img src="<?php echo plugins_url("/../img/twitter.png", __FILE__); ?>" class="share-icons" /></a></span>
38	+ <span><a href="https://www.facebook.com/sharer/sharer.php?u=<?php echo $shareLink; ?>&quote=<?php echo $shareText; ?>"><img src="<?php echo plugins_url("/../img/fb.png", __FILE__); ?>" class="share-icons" /></a></span>
39	+ </div>
40	+ </div>
41	+ </div>
42	+ </div>
43	+ <div class="bv-box" style="padding-top: 10px; padding-bottom: 10px; margin-top:10px;">
44	+ <?php require_once dirname( __FILE__ ) . "/top_box.php";?>
45	+ </div>
46	+ <?php } else { ?>
47	+ <div class="bv-box" style="padding-top: 10px; padding-bottom: 10px;">
48	+ <?php require_once dirname( __FILE__ ) . "/top_box.php";?>
49	+ </div>
50	+ <div class="mui-panel new-account-panel">
51	+ <form dummy=">" action="<?php echo $this->bvmain->appUrl(); ?>/home/mc_signup" style="padding-top:10px; margin: 0px;" onsubmit="document.getElementById('get-started').disabled = true;" method="post" name="signup">
52	+ <div style="width: 800px; margin: 0 auto; padding: 10px;">
53	+ <div class="mui--text-title form-title">Let's scan your website</div>
54	+ <input type='hidden' name='bvsrc' value='wpplugin' />
55	+ <input type='hidden' name='origin' value='protect' />
56	+ <?php echo $this->siteInfoTags(); ?>
57	+ <input type="text" class="bv-input" id="email" name="email" style="width:430px;" value="<?php echo get_option('admin_email');?>" required>
58	+ <select name="purpose" class="bv-input select-purpose" required>
59	+ <option value="" hidden>Looking for?</option>
60	+ <?php
61	+ $signupPurpose = ["Malware Scan", "Malware Clean", "Firewall", "Login Protection", "Others"];
62	+ foreach($signupPurpose as $value) {
63	+ echo "<option value='".$value."'>".$value."</option>";
64	+ }
65	+ ?>
66	+ </select>
67	+ <button id="get-started" class="mui-btn mui-btn--raised mui-btn--primaryi get-started-button" type="submit" style="background: #4686f5;">Scan Site</button><br/>
68	+ <input type="checkbox" name="consent" value="1"/>I agree to MalCare <a href="https://www.malcare.com/tos" target="_blank" rel="noopener noreferrer">Terms of Service</a> and <a href="https://www.malcare.com/privacy" target="_blank" rel="noopener noreferrer">Privacy Policy</a>
69	+ </div>
70	+ </form>
71	+ <br/>
72	+ </div>
73	+ <?php } ?>
74	+ </div>
75	+ <div class="mui-col-md-2 side">
76	+ <div class="side-box" style="margin: 0px !important;">
77	+ <h2 class="side-box-title">Why choose MalCare ?</h2>
78	+ <strong>
79	+ <ul>
80	+ <li><span class="bv-tick">✓</span> Detects Hidden Malware</li>
81	+ <li><span class="bv-tick">✓</span> Doesn't slowdown website</li>
82	+ <li><span class="bv-tick">✓</span> Never Breaks your site</li>
83	+ <li><span class="bv-tick">✓</span> Malware Removal in < 60s</li>
84	+ <li><span class="bv-tick">✓</span> 24*7 Smart Firewall</li>
85	+ <li><span class="bv-tick">✓</span> Unlimited Malware Removal</li>
86	+ </ul>
87	+ </strong>
88	+ </div>
89	+ <div class="side-box" style="margin-top: 20px; overflow: hidden;">
90	+ <h2 class="side-box-title">What's in MalCare Pro?</h2>
91	+ <strong>
92	+ <ul>
93	+ <li><span class="bv-tick">✓</span> Daily Automatic Scans</li>
94	+ <li><span class="bv-tick">✓</span> 1-Click Malware Removal</li>
95	+ <li><span class="bv-tick">✓</span> Personalized Support</li>
96	+ <li><span class="bv-tick">✓</span> Add Users and Clients</li>
97	+ <li><span class="bv-tick">✓</span> White Label Plugin</li>
98	+ <li><span class="bv-tick">✓</span> Client Reporting</li>
99	+ </ul>
100	+ </strong>
101	+ <div class="bv-upgrade-button"><a href="https://www.malcare.com/pricing/?utm_source=mc_free_plugin_lp_pricing&utm_medium=lp_upgrade&utm_campaign=mc_free_plugin_lp_upgrade&utm_term=upgrade_button&utm_content=button_link">Get Me Pro »</a></span></div>
102	+ </div>
103	+ </div>
104	+ </div>
105	+ </div>
106	+
107	+ <footer style="width: 99%;">
108	+ <div style="background: #45b3e0; margin-top: 20px; padding-top:10px; padding-bottom: 10px;">
109	+ <div style="width: 671px; margin: 0 auto;">
110	+ <span class="footer-logo" style="color: #FFF; padding: 10px; display: inline-block; font-weight: bold; font-size: 28px; margin-top: 5px; float: left;"> Trusted By </span>
111	+ <span class="footer-logo"><img src="<?php echo plugins_url("/../img/adobe-logo.png", __FILE__); ?>" style="height: 36px; margin-left: 30px;"/></span>
112	+ <span class="footer-logo"><img src="<?php echo plugins_url("/../img/intel-logo.png", __FILE__); ?>" style="height: 38px;" /></span>
113	+ <span class="footer-logo"><img src="<?php echo plugins_url("/../img/sap-logo.png", __FILE__); ?>" style="height: 32px;" /></span>
114	+ <span><img src="<?php echo plugins_url("/../img/valet-logo.png", __FILE__); ?>" style="height: 42px;" /></span>
115	+ </div>
116	+ </div>
117	+ <div class="mui-container mui--text-center" style="margin-top: 10px;">
118	+ Made with ♥ by <a href="https://blogvault.net"><img src="<?php echo plugins_url('../img/bv.png', __FILE__); ?>" /></a>
119	+ </div>
120	+ </footer>

admin/top_box.php ADDED Viewed

	@@ -0,0 +1,12 @@


1	+ <?php if (!$this->bvmain->isConfigured()) { ?>
2	+ <div class="mui--text-title main-title">Are you Hacked? Scan Your Website for FREE.</div>
3	+ <br/><br/>
4	+ <?php } ?>
5	+ <div style= "width: 800px; margin: 20px auto; overflow: hidden;">
6	+ <div style="width: 49%; float: left; border-right: 2px solid #333;">
7	+ <iframe width="380" height="215" src="https://www.youtube.com/embed/rBuYh2dIadk"></iframe>
8	+ </div>
9	+ <div style="width: 49%; float: right;">
10	+ <img src="<?php echo plugins_url("/../img/testimonial_mc.png", __FILE__); ?>"/>
11	+ </div>
12	+ </div>

callback.php ADDED Viewed

	@@ -0,0 +1,251 @@


1	+ <?php
2	+
3	+ if (!defined('ABSPATH')) exit;
4	+ if (!class_exists('BVCallback')) :
5	+
6	+ require_once dirname( __FILE__ ) . '/callback/response.php';
7	+
8	+ class BVCallback {
9	+ public $bvmain;
10	+ function __construct($bvmain) {
11	+ $this->bvmain = $bvmain;
12	+ }
13	+
14	+ public function serversig($full = false) {
15	+ $sig = sha1($_SERVER['SERVER_ADDR'].ABSPATH);
16	+ if ($full)
17	+ return $sig;
18	+ else
19	+ return substr($sig, 0, 6);
20	+ }
21	+
22	+ public function terminate($with_basic, $bvdebug = false) {
23	+ global $bvresp;
24	+ $public = $this->bvmain->auth->defaultPublic();
25	+ $bvresp->addStatus("signature", "Blogvault API");
26	+ $bvresp->addStatus("asymauth", "true");
27	+ $bvresp->addStatus("sha1", "true");
28	+ $bvresp->addStatus("dbsig", $this->bvmain->lib->dbsig(false));
29	+ $bvresp->addStatus("serversig", $this->serversig(false));
30	+ $bvresp->addStatus("public", substr($public, 0, 6));
31	+ if (array_key_exists('adajx', $_REQUEST)) {
32	+ $bvresp->addStatus("adajx", true);
33	+ }
34	+ if ($with_basic) {
35	+ $binfo = array();
36	+ $this->bvmain->info->basic($binfo);
37	+ $bvresp->addStatus("basic", $binfo);
38	+ $bvresp->addStatus("bvversion", $this->bvmain->version);
39	+ }
40	+
41	+ if ($bvdebug) {
42	+ $bvresp->addStatus("inreq", $_REQUEST);
43	+ }
44	+
45	+ $bvresp->finish();
46	+ exit;
47	+ }
48	+
49	+ public function processParams() {
50	+ if (array_key_exists('concat', $_REQUEST)) {
51	+ foreach ($_REQUEST['concat'] as $key) {
52	+ $concated = '';
53	+ $count = intval($_REQUEST[$key]);
54	+ for ($i = 1; $i <= $count; $i++) {
55	+ $concated .= $_REQUEST[$key."_bv_".$i];
56	+ }
57	+ $_REQUEST[$key] = $concated;
58	+ }
59	+ }
60	+ if (array_key_exists('b64', $_REQUEST)) {
61	+ foreach ($_REQUEST['b64'] as $key) {
62	+ if (is_array($_REQUEST[$key])) {
63	+ $_REQUEST[$key] = array_map('base64_decode', $_REQUEST[$key]);
64	+ } else {
65	+ $_REQUEST[$key] = base64_decode($_REQUEST[$key]);
66	+ }
67	+ }
68	+ }
69	+ if (array_key_exists('unser', $_REQUEST)) {
70	+ foreach ($_REQUEST['unser'] as $key) {
71	+ $_REQUEST[$key] = json_decode($_REQUEST[$key], TRUE);
72	+ }
73	+ }
74	+ if (array_key_exists('b642', $_REQUEST)) {
75	+ foreach ($_REQUEST['b642'] as $key) {
76	+ if (is_array($_REQUEST[$key])) {
77	+ $_REQUEST[$key] = array_map('base64_decode', $_REQUEST[$key]);
78	+ } else {
79	+ $_REQUEST[$key] = base64_decode($_REQUEST[$key]);
80	+ }
81	+ }
82	+ }
83	+ if (array_key_exists('dic', $_REQUEST)) {
84	+ foreach ($_REQUEST['dic'] as $key => $mkey) {
85	+ $_REQUEST[$mkey] = $_REQUEST[$key];
86	+ unset($_REQUEST[$key]);
87	+ }
88	+ }
89	+ if (array_key_exists('clacts', $_REQUEST)) {
90	+ foreach ($_REQUEST['clacts'] as $action) {
91	+ remove_all_actions($action);
92	+ }
93	+ }
94	+ if (array_key_exists('clallacts', $_REQUEST)) {
95	+ global $wp_filter;
96	+ foreach ( $wp_filter as $filter => $val ){
97	+ remove_all_actions($filter);
98	+ }
99	+ }
100	+ if (array_key_exists('memset', $_REQUEST)) {
101	+ $val = intval(urldecode($_REQUEST['memset']));
102	+ @ini_set('memory_limit', $val.'M');
103	+ }
104	+ }
105	+
106	+ public function recover() {
107	+ $recover = new BVRecover(base64_decode($_REQUEST['sig']), $_REQUEST['orig'],
108	+ $_REQUEST['keyname'], $_REQUEST["keysize"]);
109	+ if ($recover->validate() && ($recover->process() === 1)) {
110	+ $recover->processKeyExchange();
111	+ return 1;
112	+ }
113	+ return false;
114	+ }
115	+
116	+ public function preauth() {
117	+ global $bvresp;
118	+ if (array_key_exists('obend', $_REQUEST) && function_exists('ob_end_clean'))
119	+ @ob_end_clean();
120	+ if (array_key_exists('op_reset', $_REQUEST) && function_exists('output_reset_rewrite_vars'))
121	+ @output_reset_rewrite_vars();
122	+ if (array_key_exists('binhead', $_REQUEST)) {
123	+ header("Content-type: application/binary");
124	+ header('Content-Transfer-Encoding: binary');
125	+ }
126	+ if (array_key_exists('bvrcvr', $_REQUEST)) {
127	+ require_once dirname( __FILE__ ) . '/callback/recover.php';
128	+ if ($this->recover() !== 1) {
129	+ $bvresp->addStatus("statusmsg", 'failed authentication');
130	+ }
131	+ $this->terminate(false, array_key_exists('bvdbg', $_REQUEST));
132	+ return false;
133	+ }
134	+ return 1;
135	+ }
136	+
137	+ public function authenticate() {
138	+ global $bvresp;
139	+ $auth = $this->bvmain->auth;
140	+ $method = $_REQUEST['bvMethod'];
141	+ $time = intval($_REQUEST['bvTime']);
142	+ $version = $_REQUEST['bvVersion'];
143	+ $sig = $_REQUEST['sig'];
144	+ $public = $auth->publicParam();
145	+
146	+ $bvresp->addStatus("requestedsig", $sig);
147	+ $bvresp->addStatus("requestedtime", $time);
148	+ $bvresp->addStatus("requestedversion", $version);
149	+
150	+ $sig_match = $auth->validate($public, $method, $time, $version, $sig);
151	+ if ($sig_match === 1) {
152	+ return 1;
153	+ } else {
154	+ $bvresp->addStatus("sigmatch", substr($sig_match, 0, 6));
155	+ $bvresp->addStatus("statusmsg", 'failed authentication');
156	+ return false;
157	+ }
158	+ }
159	+
160	+ public function route($wing, $method) {
161	+ global $bvresp;
162	+ $bvresp->addStatus("callback", $method);
163	+ switch ($wing) {
164	+ case 'manage':
165	+ require_once dirname( __FILE__ ) . '/callback/wings/manage.php';
166	+ $module = new BVManageCallback();
167	+ break;
168	+ case 'fs':
169	+ require_once dirname( __FILE__ ) . '/callback/wings/fs.php';
170	+ $module = new BVFSCallback();
171	+ break;
172	+ case 'db':
173	+ require_once dirname( __FILE__ ) . '/callback/wings/db.php';
174	+ $module = new BVDBCallback();
175	+ break;
176	+ case 'info':
177	+ require_once dirname( __FILE__ ) . '/callback/wings/info.php';
178	+ $module = new BVInfoCallback();
179	+ break;
180	+ case 'dynsync':
181	+ require_once dirname( __FILE__ ) . '/callback/wings/dynsync.php';
182	+ $module = new BVDynSyncCallback();
183	+ break;
184	+ case 'ipstr':
185	+ require_once dirname( __FILE__ ) . '/callback/wings/ipstore.php';
186	+ $module = new BVIPStoreCallback();
187	+ break;
188	+ case 'auth':
189	+ require_once dirname( __FILE__ ) . '/callback/wings/auth.php';
190	+ $module = new BVAuthCallback();
191	+ break;
192	+ case 'fw':
193	+ require_once dirname( __FILE__ ) . '/callback/wings/fw.php';
194	+ $module = new BVFirewallCallback();
195	+ break;
196	+ case 'lp':
197	+ require_once dirname( __FILE__ ) . '/callback/wings/lp.php';
198	+ $module = new BVLoginProtectCallback();
199	+ break;
200	+ case 'monit':
201	+ require_once dirname( __FILE__ ) . '/callback/wings/monit.php';
202	+ $module = new BVMonitCallback();
203	+ break;
204	+ case 'brand':
205	+ require_once dirname( __FILE__ ) . '/callback/wings/brand.php';
206	+ $module = new BVBrandCallback();
207	+ break;
208	+ case 'pt':
209	+ require_once dirname( __FILE__ ) . '/callback/wings/protect.php';
210	+ $module = new BVProtectCallback();
211	+ break;
212	+ case 'act':
213	+ require_once dirname( __FILE__ ) . '/callback/wings/account.php';
214	+ $module = new BVAccountCallback();
215	+ break;
216	+ default:
217	+ require_once dirname( __FILE__ ) . '/callback/wings/misc.php';
218	+ $module = new BVMiscCallback();
219	+ break;
220	+ }
221	+ $rval = $module->process($method);
222	+ if ($rval === false) {
223	+ $bvresp->addStatus("statusmsg", "Bad Command");
224	+ $bvresp->addStatus("status", false);
225	+ }
226	+ return 1;
227	+ }
228	+
229	+ public function bvAdmExecuteWithoutUser() {
230	+ global $bvresp;
231	+ $bvresp->addStatus("bvadmwithoutuser", true);
232	+ $this->execute();
233	+ }
234	+
235	+ public function bvAdmExecuteWithUser() {
236	+ global $bvresp;
237	+ $bvresp->addStatus("bvadmwithuser", true);
238	+ $this->execute();
239	+ }
240	+
241	+ public function execute() {
242	+ global $bvresp;
243	+ $this->processParams();
244	+ if ($bvresp->startStream()) {
245	+ $this->route($_REQUEST['wing'], $_REQUEST['bvMethod']);
246	+ $bvresp->endStream();
247	+ }
248	+ $this->terminate(true, array_key_exists('bvdbg', $_REQUEST));
249	+ }
250	+ }
251	+ endif;

callback/response.php ADDED Viewed

	@@ -0,0 +1,107 @@


1	+ <?php
2	+
3	+ if (!defined('ABSPATH')) exit;
4	+ if (!class_exists('BVResponse')) :
5	+
6	+ require_once dirname( __FILE__ ) . '/streams.php';
7	+
8	+ class BVResponse {
9	+ public $status;
10	+ public $stream;
11	+
12	+ function __construct() {
13	+ $this->status = array("blogvault" => "response");
14	+ }
15	+
16	+ public function addStatus($key, $value) {
17	+ $this->status[$key] = $value;
18	+ }
19	+
20	+ public function addArrayToStatus($key, $value) {
21	+ if (!isset($this->status[$key])) {
22	+ $this->status[$key] = array();
23	+ }
24	+ $this->status[$key][] = $value;
25	+ }
26	+
27	+ public function base64Encode($data, $chunk_size) {
28	+ if ($chunk_size) {
29	+ $out = "";
30	+ $len = strlen($data);
31	+ for ($i = 0; $i < $len; $i += $chunk_size) {
32	+ $out .= base64_encode(substr($data, $i, $chunk_size));
33	+ }
34	+ } else {
35	+ $out = base64_encode($data);
36	+ }
37	+ return $out;
38	+ }
39	+
40	+ public function finish() {
41	+ $response = "bvbvbvbvbv".serialize($this->status)."bvbvbvbvbv";
42	+ if (array_key_exists('bvb64resp', $_REQUEST)) {
43	+ $chunk_size = array_key_exists('bvb64cksize', $_REQUEST) ? intval($_REQUEST['bvb64cksize']) : false;
44	+ $response = "bvb64bvb64".$this->base64Encode($response, $chunk_size)."bvb64bvb64";
45	+ }
46	+ die($response);
47	+ }
48	+
49	+ public function writeStream($_string) {
50	+ if (strlen($_string) > 0) {
51	+ $chunk = "";
52	+ if (isset($_REQUEST['bvb64stream'])) {
53	+ $chunk_size = array_key_exists('bvb64cksize', $_REQUEST) ? intval($_REQUEST['bvb64cksize']) : false;
54	+ $_string = $this->base64Encode($_string, $chunk_size);
55	+ $chunk .= "BVB64" . ":";
56	+ }
57	+ $chunk .= (strlen($_string) . ":" . $_string);
58	+ if (isset($_REQUEST['checksum'])) {
59	+ if ($_REQUEST['checksum'] == 'crc32') {
60	+ $chunk = "CRC32" . ":" . crc32($_string) . ":" . $chunk;
61	+ } else if ($_REQUEST['checksum'] == 'md5') {
62	+ $chunk = "MD5" . ":" . md5($_string) . ":" . $chunk;
63	+ }
64	+ }
65	+ $this->stream->writeChunk($chunk);
66	+ }
67	+ }
68	+
69	+ public function startStream() {
70	+ global $bvcb;
71	+ $this->stream = new BVRespStream();
72	+ if (array_key_exists('apicall',$_REQUEST)) {
73	+ $this->stream = new BVHttpStream($_REQUEST['apihost'], intval($_REQUEST['apiport']), array_key_exists('apissl', $_REQUEST));
74	+ if (!$this->stream->connect()) {
75	+ $this->addStatus("httperror", "Cannot Open Connection to Host");
76	+ $this->addStatus("streamerrno", $this->stream->errno);
77	+ $this->addStatus("streamerrstr", $this->stream->errstr);
78	+ return false;
79	+ }
80	+ if (array_key_exists('acbmthd', $_REQUEST)) {
81	+ $url = $bvcb->bvmain->authenticatedUrl('/bvapi/'.$_REQUEST['acbmthd'], $_REQUEST['bvapicheck'], false);
82	+ if (array_key_exists('acbqry', $_REQUEST)) {
83	+ $url .= "&".$_REQUEST['acbqry'];
84	+ }
85	+ $this->stream->multipartChunkedPost($url);
86	+ } else {
87	+ $this->addStatus("httperror", "ApiCall method not present");
88	+ return false;
89	+ }
90	+ }
91	+ return true;
92	+ }
93	+
94	+ public function endStream() {
95	+ $this->stream->endStream();
96	+ if (array_key_exists('apicall', $_REQUEST)) {
97	+ $resp = $this->stream->getResponse();
98	+ if (array_key_exists('httperror', $resp)) {
99	+ $this->addStatus("httperror", $resp['httperror']);
100	+ } else {
101	+ $this->addStatus("respstatus", $resp['status']);
102	+ $this->addStatus("respstatus_string", $resp['status_string']);
103	+ }
104	+ }
105	+ }
106	+ }
107	+ endif;

callback/streams.php ADDED Viewed

	@@ -0,0 +1,166 @@


1	+ <?php
2	+
3	+ if (!defined('ABSPATH')) exit;
4	+ if (!class_exists('BVRespStream')) :
5	+
6	+ class BVRespStream {
7	+ public function writeChunk($_string) {
8	+ echo "ckckckckck".$_string."ckckckckck";
9	+ }
10	+
11	+ public function endStream() {
12	+ echo "rerererere";
13	+ }
14	+ }
15	+
16	+ class BVHttpStream {
17	+ var $user_agent = 'BVHttpStream';
18	+ var $host;
19	+ var $port;
20	+ var $timeout = 20;
21	+ var $conn;
22	+ var $errno;
23	+ var $errstr;
24	+ var $boundary;
25	+ var $apissl;
26	+
27	+ /**
28	+ * PHP5 constructor.
29	+ */
30	+ function __construct($_host, $_port, $_apissl) {
31	+ $this->host = $_host;
32	+ $this->port = $_port;
33	+ $this->apissl = $_apissl;
34	+ }
35	+
36	+ public function connect() {
37	+ if ($this->apissl && function_exists('stream_socket_client')) {
38	+ $this->conn = stream_socket_client("ssl://".$this->host.":".$this->port, $errno, $errstr, $this->timeout);
39	+ } else {
40	+ $this->conn = @fsockopen($this->host, $this->port, $errno, $errstr, $this->timeout);
41	+ }
42	+ if (!$this->conn) {
43	+ $this->errno = $errno;
44	+ $this->errstr = $errstr;
45	+ return false;
46	+ }
47	+ socket_set_timeout($this->conn, $this->timeout);
48	+ return true;
49	+ }
50	+
51	+ public function write($data) {
52	+ fwrite($this->conn, $data);
53	+ }
54	+
55	+ public function sendChunk($data) {
56	+ $this->write(sprintf("%x\r\n", strlen($data)));
57	+ $this->write($data);
58	+ $this->write("\r\n");
59	+ }
60	+
61	+ public function sendRequest($method, $url, $headers = array(), $body = null) {
62	+ $def_hdrs = array("Connection" => "keep-alive",
63	+ "Host" => $this->host);
64	+ $headers = array_merge($def_hdrs, $headers);
65	+ $request = strtoupper($method)." ".$url." HTTP/1.1\r\n";
66	+ if (null != $body) {
67	+ $headers["Content-length"] = strlen($body);
68	+ }
69	+ foreach($headers as $key=>$val) {
70	+ $request .= $key.":".$val."\r\n";
71	+ }
72	+ $request .= "\r\n";
73	+ if (null != $body) {
74	+ $request .= $body;
75	+ }
76	+ $this->write($request);
77	+ return $request;
78	+ }
79	+
80	+ public function post($url, $headers = array(), $body = "") {
81	+ if(is_array($body)) {
82	+ $b = "";
83	+ foreach($body as $key=>$val) {
84	+ $b .= $key."=".urlencode($val)."&";
85	+ }
86	+ $body = substr($b, 0, strlen($b) - 1);
87	+ }
88	+ $this->sendRequest("POST", $url, $headers, $body);
89	+ }
90	+
91	+ public function streamedPost($url, $headers = array()) {
92	+ $headers['Transfer-Encoding'] = "chunked";
93	+ $this->sendRequest("POST", $url, $headers);
94	+ }
95	+
96	+ public function multipartChunkedPost($url) {
97	+ $mph = array(
98	+ "Content-Disposition" => "form-data; name=bvinfile; filename=data",
99	+ "Content-Type" => "application/octet-stream"
100	+ );
101	+ $rnd = rand(100000, 999999);
102	+ $this->boundary = "----".$rnd;
103	+ $prologue = "--".$this->boundary."\r\n";
104	+ foreach($mph as $key=>$val) {
105	+ $prologue .= $key.":".$val."\r\n";
106	+ }
107	+ $prologue .= "\r\n";
108	+ $headers = array('Content-Type' => "multipart/form-data; boundary=".$this->boundary);
109	+ $this->streamedPost($url, $headers);
110	+ $this->sendChunk($prologue);
111	+ }
112	+
113	+ public function writeChunk($data) {
114	+ $this->sendChunk($data);
115	+ }
116	+
117	+ public function closeChunk() {
118	+ $this->sendChunk("");
119	+ }
120	+
121	+ public function endStream() {
122	+ $epilogue = "\r\n\r\n--".$this->boundary."--\r\n";
123	+ $this->sendChunk($epilogue);
124	+ $this->closeChunk();
125	+ }
126	+
127	+ public function getResponse() {
128	+ $response = array();
129	+ $response['headers'] = array();
130	+ $state = 1;
131	+ $conlen = 0;
132	+ stream_set_timeout($this->conn, 300);
133	+ while (!feof($this->conn)) {
134	+ $line = fgets($this->conn, 4096);
135	+ if (1 == $state) {
136	+ if (!preg_match('/HTTP\/(\\d\\.\\d)\\s(\\d+)\\s(.*)/', $line, $m)) {
137	+ $response['httperror'] = "Status code line invalid: ".htmlentities($line);
138	+ return $response;
139	+ }
140	+ $response['http_version'] = $m[1];
141	+ $response['status'] = $m[2];
142	+ $response['status_string'] = $m[3];
143	+ $state = 2;
144	+ } else if (2 == $state) {
145	+ # End of headers
146	+ if (2 == strlen($line)) {
147	+ if ($conlen > 0)
148	+ $response['body'] = fread($this->conn, $conlen);
149	+ return $response;
150	+ }
151	+ if (!preg_match('/([^:]+):\\s(.)/', $line, $m)) {
152	+ // Skip to the next header
153	+ continue;
154	+ }
155	+ $key = strtolower(trim($m[1]));
156	+ $val = trim($m[2]);
157	+ $response['headers'][$key] = $val;
158	+ if ($key == "content-length") {
159	+ $conlen = intval($val);
160	+ }
161	+ }
162	+ }
163	+ return $response;
164	+ }
165	+ }
166	+ endif;

callback/wings/auth.php ADDED Viewed

	@@ -0,0 +1,26 @@


1	+ <?php
2	+
3	+ if (!defined('ABSPATH')) exit;
4	+ if (!class_exists('BVAuthCallback')) :
5	+ class BVAuthCallback {
6	+
7	+ function process($method) {
8	+ global $bvresp, $bvcb;
9	+ $auth = $bvcb->bvmain->auth;
10	+ switch ($method) {
11	+ case "addkeys":
12	+ $bvresp->addStatus("status", $auth->addKeys($_REQUEST['public'], $_REQUEST['secret']));
13	+ break;
14	+ case "updatekeys":
15	+ $bvresp->addStatus("status", $auth->updateKeys($_REQUEST['public'], $_REQUEST['secret']));
16	+ break;
17	+ case "rmkeys":
18	+ $bvresp->addStatus("status", $auth->rmKeys($_REQUEST['public']));
19	+ break;
20	+ default:
21	+ return false;
22	+ }
23	+ return true;
24	+ }
25	+ }
26	+ endif;

callback/wings/brand.php ADDED Viewed

	@@ -0,0 +1,48 @@


1	+ <?php
2	+
3	+ if (!defined('ABSPATH')) exit;
4	+ if (!class_exists('BVBrandCallback')) :
5	+
6	+ class BVBrandCallback {
7	+ public function process($method) {
8	+ global $bvresp, $bvcb;
9	+ $info = $bvcb->bvmain->info;
10	+ $option_name = $bvcb->bvmain->brand_option;
11	+ switch($method) {
12	+ case 'setbrand':
13	+ $brandinfo = array();
14	+ if (array_key_exists('hide', $_REQUEST)) {
15	+ $brandinfo['hide'] = $_REQUEST['hide'];
16	+ } else {
17	+ $brandinfo['name'] = $_REQUEST['name'];
18	+ $brandinfo['title'] = $_REQUEST['title'];
19	+ $brandinfo['description'] = $_REQUEST['description'];
20	+ $brandinfo['pluginuri'] = $_REQUEST['pluginuri'];
21	+ $brandinfo['author'] = $_REQUEST['author'];
22	+ $brandinfo['authorname'] = $_REQUEST['authorname'];
23	+ $brandinfo['authoruri'] = $_REQUEST['authoruri'];
24	+ $brandinfo['menuname'] = $_REQUEST['menuname'];
25	+ $brandinfo['logo'] = $_REQUEST['logo'];
26	+ $brandinfo['webpage'] = $_REQUEST['webpage'];
27	+ $brandinfo['appurl'] = $_REQUEST['appurl'];
28	+ if (array_key_exists('hide_plugin_details', $_REQUEST)) {
29	+ $brandinfo['hide_plugin_details'] = $_REQUEST['hide_plugin_details'];
30	+ }
31	+ if (array_key_exists('hide_from_menu', $_REQUEST)) {
32	+ $brandinfo['hide_from_menu'] = $_REQUEST['hide_from_menu'];
33	+ }
34	+ }
35	+ $info->updateOption($option_name, $brandinfo);
36	+ $bvresp->addStatus("setbrand", $info->getOption($option_name));
37	+ break;
38	+ case 'rmbrand':
39	+ $info->deleteOption($option_name);
40	+ $bvresp->addStatus("rmbrand", !$info->getOption($option_name));
41	+ break;
42	+ default:
43	+ return false;
44	+ }
45	+ return true;
46	+ }
47	+ }
48	+ endif;

callback/wings/db.php ADDED Viewed

	@@ -0,0 +1,145 @@


1	+ <?php
2	+
3	+ if (!defined('ABSPATH')) exit;
4	+ if (!class_exists('BVDBCallback')) :
5	+ class BVDBCallback {
6	+
7	+ public function getLastID($pkeys, $end_row) {
8	+ $last_ids = array();
9	+ foreach($pkeys as $pk) {
10	+ $last_ids[$pk] = $end_row[$pk];
11	+ }
12	+ return $last_ids;
13	+ }
14	+
15	+ public function getTableData($table, $tname, $rcount, $offset, $limit, $bsize, $filter, $pkeys, $include_rows = false) {
16	+ global $bvcb, $bvresp;
17	+ $tinfo = array();
18	+
19	+ $rows_count = $bvcb->bvmain->db->rowsCount($table);
20	+ $bvresp->addStatus('count', $rows_count);
21	+ if ($limit == 0) {
22	+ $limit = $rows_count;
23	+ }
24	+ $srows = 1;
25	+ while (($limit > 0) && ($srows > 0)) {
26	+ if ($bsize > $limit)
27	+ $bsize = $limit;
28	+ $rows = $bvcb->bvmain->db->getTableContent($table, '*', $filter, $bsize, $offset);
29	+ $srows = sizeof($rows);
30	+ $data = array();
31	+ $data["offset"] = $offset;
32	+ $data["size"] = $srows;
33	+ $data["md5"] = md5(serialize($rows));
34	+ array_push($tinfo, $data);
35	+ if (!empty($pkeys) && $srows > 0) {
36	+ $end_row = end($rows);
37	+ $last_ids = $this->getLastID($pkeys, $end_row);
38	+ $data['last_ids'] = $last_ids;
39	+ $bvresp->addStatus('last_ids', $last_ids);
40	+ }
41	+ if ($include_rows) {
42	+ $data["rows"] = $rows;
43	+ $str = serialize($data);
44	+ $bvresp->writeStream($str);
45	+ }
46	+ $offset += $srows;
47	+ $limit -= $srows;
48	+ }
49	+ $bvresp->addStatus('size', $offset);
50	+ $bvresp->addStatus('tinfo', $tinfo);
51	+ }
52	+
53	+ public function process($method) {
54	+ global $bvresp, $bvcb;
55	+ $db = $bvcb->bvmain->db;
56	+ switch ($method) {
57	+ case "gettbls":
58	+ $bvresp->addStatus("tables", $db->showTables());
59	+ break;
60	+ case "tblstatus":
61	+ $bvresp->addStatus("statuses", $db->showTableStatus());
62	+ break;
63	+ case "tablekeys":
64	+ $table = urldecode($_REQUEST['table']);
65	+ $bvresp->addStatus("table_keys", $db->tableKeys($table));
66	+ break;
67	+ case "describetable":
68	+ $table = urldecode($_REQUEST['table']);
69	+ $bvresp->addStatus("table_description", $db->describeTable($table));
70	+ break;
71	+ case "checktable":
72	+ $table = urldecode($_REQUEST['table']);
73	+ $type = urldecode($_REQUEST['type']);
74	+ $bvresp->addStatus("status", $db->checkTable($table, $type));
75	+ break;
76	+ case "repairtable":
77	+ $table = urldecode($_REQUEST['table']);
78	+ $bvresp->addStatus("status", $db->repairTable($table));
79	+ break;
80	+ case "gettcrt":
81	+ $table = urldecode($_REQUEST['table']);
82	+ $bvresp->addStatus("create", $db->showTableCreate($table));
83	+ break;
84	+ case "getrowscount":
85	+ $table = urldecode($_REQUEST['table']);
86	+ $bvresp->addStatus("count", $db->rowsCount($table));
87	+ break;
88	+ case "gettablecontent":
89	+ $table = urldecode($_REQUEST['table']);
90	+ $fields = urldecode($_REQUEST['fields']);
91	+ $filter = (array_key_exists('filter', $_REQUEST)) ? urldecode($_REQUEST['filter']) : "";
92	+ $limit = intval(urldecode($_REQUEST['limit']));
93	+ $offset = intval(urldecode($_REQUEST['offset']));
94	+ $pkeys = (array_key_exists('pkeys', $_REQUEST)) ? $_REQUEST['pkeys'] : array();
95	+ $bvresp->addStatus('timestamp', time());
96	+ $bvresp->addStatus('tablename', $table);
97	+ $rows = $db->getTableContent($table, $fields, $filter, $limit, $offset);
98	+ $srows = sizeof($rows);
99	+ if (!empty($pkeys) && $srows > 0) {
100	+ $end_row = end($rows);
101	+ $bvresp->addStatus('last_ids', $this->getLastID($pkeys, $end_row));
102	+ }
103	+ $bvresp->addStatus("rows", $rows);
104	+ break;
105	+ case "tableinfo":
106	+ $table = urldecode($_REQUEST['table']);
107	+ $offset = intval(urldecode($_REQUEST['offset']));
108	+ $limit = intval(urldecode($_REQUEST['limit']));
109	+ $bsize = intval(urldecode($_REQUEST['bsize']));
110	+ $filter = (array_key_exists('filter', $_REQUEST)) ? urldecode($_REQUEST['filter']) : "";
111	+ $rcount = intval(urldecode($_REQUEST['rcount']));
112	+ $tname = urldecode($_REQUEST['tname']);
113	+ $pkeys = (array_key_exists('pkeys', $_REQUEST)) ? $_REQUEST['pkeys'] : array();
114	+ $this->getTableData($table, $tname, $rcount, $offset, $limit, $bsize, $filter, $pkeys, false);
115	+ break;
116	+ case "uploadrows":
117	+ $table = urldecode($_REQUEST['table']);
118	+ $offset = intval(urldecode($_REQUEST['offset']));
119	+ $limit = intval(urldecode($_REQUEST['limit']));
120	+ $bsize = intval(urldecode($_REQUEST['bsize']));
121	+ $filter = (array_key_exists('filter', $_REQUEST)) ? urldecode($_REQUEST['filter']) : "";
122	+ $rcount = intval(urldecode($_REQUEST['rcount']));
123	+ $tname = urldecode($_REQUEST['tname']);
124	+ $pkeys = (array_key_exists('pkeys', $_REQUEST)) ? $_REQUEST['pkeys'] : array();
125	+ $this->getTableData($table, $tname, $rcount, $offset, $limit, $bsize, $filter, $pkeys, true);
126	+ break;
127	+ case "tblexists":
128	+ $bvresp->addStatus("tblexists", $db->isTablePresent($_REQUEST['tablename']));
129	+ break;
130	+ case "crttbl":
131	+ $bvresp->addStatus("crttbl", $db->createTable($_REQUEST['query'], $_REQUEST['tablename']));
132	+ break;
133	+ case "drptbl":
134	+ $bvresp->addStatus("drptbl", $db->dropBVTable($_REQUEST['name']));
135	+ break;
136	+ case "trttbl":
137	+ $bvresp->addStatus("trttbl", $db->truncateBVTable($_REQUEST['name']));
138	+ break;
139	+ default:
140	+ return false;
141	+ }
142	+ return true;
143	+ }
144	+ }
145	+ endif;

callback/wings/fs.php ADDED Viewed

	@@ -0,0 +1,258 @@


1	+ <?php
2	+
3	+ if (!defined('ABSPATH')) exit;
4	+ if (!class_exists('BVFSCallback')) :
5	+ class BVFSCallback {
6	+ function fileStat($relfile) {
7	+ $absfile = ABSPATH.$relfile;
8	+ $fdata = array();
9	+ $fdata["filename"] = $relfile;
10	+ $stats = @stat($absfile);
11	+ if ($stats) {
12	+ foreach (preg_grep('#size\|uid\|gid\|mode\|mtime#i', array_keys($stats)) as $key ) {
13	+ $fdata[$key] = $stats[$key];
14	+ }
15	+ if (is_link($absfile)) {
16	+ $fdata["link"] = @readlink($absfile);
17	+ }
18	+ } else {
19	+ $fdata["failed"] = true;
20	+ }
21	+ return $fdata;
22	+ }
23	+
24	+ function scanFilesUsingGlob($initdir = "./", $offset = 0, $limit = 0, $bsize = 512, $recurse = true, $regex = '{.??,}*') {
25	+ global $bvresp;
26	+ $i = 0;
27	+ $dirs = array();
28	+ $dirs[] = $initdir;
29	+ $bfc = 0;
30	+ $bfa = array();
31	+ $current = 0;
32	+ $abspath = realpath(ABSPATH).'/';
33	+ $abslen = strlen($abspath);
34	+ # XNOTE: $recurse cannot be used directly here
35	+ while ($i < count($dirs)) {
36	+ $dir = $dirs[$i];
37	+
38	+ foreach (glob($abspath.$dir.$regex, GLOB_NOSORT \| GLOB_BRACE) as $absfile) {
39	+ $relfile = substr($absfile, $abslen);
40	+ if (is_dir($absfile) && !is_link($absfile)) {
41	+ $dirs[] = $relfile."/";
42	+ }
43	+ $current++;
44	+ if ($offset >= $current)
45	+ continue;
46	+ if (($limit != 0) && (($current - $offset) > $limit)) {
47	+ $i = count($dirs);
48	+ break;
49	+ }
50	+ $bfa[] = $this->fileStat($relfile);
51	+ $bfc++;
52	+ if ($bfc == $bsize) {
53	+ $str = serialize($bfa);
54	+ $bvresp->writeStream($str);
55	+ $bfc = 0;
56	+ $bfa = array();
57	+ }
58	+ }
59	+ $regex = '{.??,}*';
60	+ $i++;
61	+ if ($recurse == false)
62	+ break;
63	+ }
64	+ if ($bfc != 0) {
65	+ $str = serialize($bfa);
66	+ $bvresp->writeStream($str);
67	+ }
68	+ }
69	+
70	+ function scanFiles($initdir = "./", $offset = 0, $limit = 0, $bsize = 512, $recurse = true) {
71	+ global $bvresp;
72	+ $i = 0;
73	+ $dirs = array();
74	+ $dirs[] = $initdir;
75	+ $bfc = 0;
76	+ $bfa = array();
77	+ $current = 0;
78	+ while ($i < count($dirs)) {
79	+ $dir = $dirs[$i];
80	+ $d = @opendir(ABSPATH.$dir);
81	+ if ($d) {
82	+ while (($file = readdir($d)) !== false) {
83	+ if ($file == '.' \|\| $file == '..') { continue; }
84	+ $relfile = $dir.$file;
85	+ $absfile = ABSPATH.$relfile;
86	+ if (is_dir($absfile) && !is_link($absfile)) {
87	+ $dirs[] = $relfile."/";
88	+ }
89	+ $current++;
90	+ if ($offset >= $current)
91	+ continue;
92	+ if (($limit != 0) && (($current - $offset) > $limit)) {
93	+ $i = count($dirs);
94	+ break;
95	+ }
96	+ $bfa[] = $this->fileStat($relfile);
97	+ $bfc++;
98	+ if ($bfc == $bsize) {
99	+ $str = serialize($bfa);
100	+ $bvresp->writeStream($str);
101	+ $bfc = 0;
102	+ $bfa = array();
103	+ }
104	+ }
105	+ closedir($d);
106	+ }
107	+ $i++;
108	+ if ($recurse == false)
109	+ break;
110	+ }
111	+ if ($bfc != 0) {
112	+ $str = serialize($bfa);
113	+ $bvresp->writeStream($str);
114	+ }
115	+ }
116	+
117	+ function calculateMd5($absfile, $fdata, $offset, $limit, $bsize) {
118	+ if ($offset == 0 && $limit == 0) {
119	+ $md5 = md5_file($absfile);
120	+ } else {
121	+ if ($limit == 0)
122	+ $limit = $fdata["size"];
123	+ if ($offset + $limit < $fdata["size"])
124	+ $limit = $fdata["size"] - $offset;
125	+ $handle = fopen($absfile, "rb");
126	+ $ctx = hash_init('md5');
127	+ fseek($handle, $offset, SEEK_SET);
128	+ $dlen = 1;
129	+ while (($limit > 0) && ($dlen > 0)) {
130	+ if ($bsize > $limit)
131	+ $bsize = $limit;
132	+ $d = fread($handle, $bsize);
133	+ $dlen = strlen($d);
134	+ hash_update($ctx, $d);
135	+ $limit -= $dlen;
136	+ }
137	+ fclose($handle);
138	+ $md5 = hash_final($ctx);
139	+ }
140	+ return $md5;
141	+ }
142	+
143	+ function getFilesStats($files, $offset = 0, $limit = 0, $bsize = 102400, $md5 = false) {
144	+ global $bvresp;
145	+ foreach ($files as $file) {
146	+ $fdata = $this->fileStat($file);
147	+ $absfile = ABSPATH.$file;
148	+ if (!is_readable($absfile)) {
149	+ $bvresp->addArrayToStatus("missingfiles", $file);
150	+ continue;
151	+ }
152	+ if ($md5 === true) {
153	+ $fdata["md5"] = $this->calculateMd5($absfile, $fdata, $offset, $limit, $bsize);
154	+ }
155	+ $bvresp->addArrayToStatus("stats", $fdata);
156	+ }
157	+ }
158	+
159	+ function uploadFiles($files, $offset = 0, $limit = 0, $bsize = 102400) {
160	+ global $bvresp;
161	+
162	+ foreach ($files as $file) {
163	+ if (!is_readable(ABSPATH.$file)) {
164	+ $bvresp->addArrayToStatus("missingfiles", $file);
165	+ continue;
166	+ }
167	+ $handle = fopen(ABSPATH.$file, "rb");
168	+ if (($handle != null) && is_resource($handle)) {
169	+ $fdata = $this->fileStat($file);
170	+ $_limit = $limit;
171	+ $_bsize = $bsize;
172	+ if ($_limit == 0)
173	+ $_limit = $fdata["size"];
174	+ if ($offset + $_limit > $fdata["size"])
175	+ $_limit = $fdata["size"] - $offset;
176	+ $fdata["limit"] = $_limit;
177	+ $sfdata = serialize($fdata);
178	+ $bvresp->writeStream($sfdata);
179	+ fseek($handle, $offset, SEEK_SET);
180	+ $dlen = 1;
181	+ while (($_limit > 0) && ($dlen > 0)) {
182	+ if ($_bsize > $_limit)
183	+ $_bsize = $_limit;
184	+ $d = fread($handle, $_bsize);
185	+ $dlen = strlen($d);
186	+ $bvresp->writeStream($d);
187	+ $_limit -= $dlen;
188	+ }
189	+ fclose($handle);
190	+ } else {
191	+ $bvresp->addArrayToStatus("unreadablefiles", $file);
192	+ }
193	+ }
194	+ }
195	+
196	+ function process($method) {
197	+ switch ($method) {
198	+ case "scanfilesglob":
199	+ $initdir = urldecode($_REQUEST['initdir']);
200	+ $offset = intval(urldecode($_REQUEST['offset']));
201	+ $limit = intval(urldecode($_REQUEST['limit']));
202	+ $bsize = intval(urldecode($_REQUEST['bsize']));
203	+ $regex = urldecode($_REQUEST['regex']);
204	+ $recurse = true;
205	+ if (array_key_exists('recurse', $_REQUEST) && $_REQUEST["recurse"] == "false") {
206	+ $recurse = false;
207	+ }
208	+ $this->scanFilesUsingGlob($initdir, $offset, $limit, $bsize, $recurse, $regex);
209	+ break;
210	+ case "scanfiles":
211	+ $initdir = urldecode($_REQUEST['initdir']);
212	+ $offset = intval(urldecode($_REQUEST['offset']));
213	+ $limit = intval(urldecode($_REQUEST['limit']));
214	+ $bsize = intval(urldecode($_REQUEST['bsize']));
215	+ $recurse = true;
216	+ if (array_key_exists('recurse', $_REQUEST) && $_REQUEST["recurse"] == "false") {
217	+ $recurse = false;
218	+ }
219	+ $this->scanFiles($initdir, $offset, $limit, $bsize, $recurse);
220	+ break;
221	+ case "getfilesstats":
222	+ $files = $_REQUEST['files'];
223	+ $offset = intval(urldecode($_REQUEST['offset']));
224	+ $limit = intval(urldecode($_REQUEST['limit']));
225	+ $bsize = intval(urldecode($_REQUEST['bsize']));
226	+ $md5 = false;
227	+ if (array_key_exists('md5', $_REQUEST)) {
228	+ $md5 = true;
229	+ }
230	+ $this->getFilesStats($files, $offset, $limit, $bsize, $md5);
231	+ break;
232	+ case "sendmanyfiles":
233	+ $files = $_REQUEST['files'];
234	+ $offset = intval(urldecode($_REQUEST['offset']));
235	+ $limit = intval(urldecode($_REQUEST['limit']));
236	+ $bsize = intval(urldecode($_REQUEST['bsize']));
237	+ $this->uploadFiles($files, $offset, $limit, $bsize);
238	+ break;
239	+ case "filelist":
240	+ $initdir = $_REQUEST['initdir'];
241	+ $glob_option = GLOB_MARK;
242	+ if(array_key_exists('onlydir', $_REQUEST)) {
243	+ $glob_option = GLOB_ONLYDIR;
244	+ }
245	+ $regex = "*";
246	+ if(array_key_exists('regex', $_REQUEST)){
247	+ $regex = $_REQUEST['regex'];
248	+ }
249	+ $directoryList = glob($initdir.$regex, $glob_option);
250	+ $this->getFilesStats($directoryList);
251	+ break;
252	+ default:
253	+ return false;
254	+ }
255	+ return true;
256	+ }
257	+ }
258	+ endif;

callback/wings/fw.php ADDED Viewed

	@@ -0,0 +1,34 @@


1	+ <?php
2	+
3	+ if (!defined('ABSPATH')) exit;
4	+ if (!class_exists('BVFirewallCallback')) :
5	+
6	+ require_once dirname( __FILE__ ) . '/../../fw/config.php';
7	+
8	+ class BVFirewallCallback {
9	+ public function process($method) {
10	+ global $bvcb, $bvresp;
11	+ $config = new BVFWConfig($bvcb->bvmain);
12	+ switch ($method) {
13	+ case "clrconfig":
14	+ $bvresp->addStatus("clearconfig", $config->clear());
15	+ break;
16	+ case "setmode":
17	+ $config->setMode($_REQUEST['mode']);
18	+ $bvresp->addStatus("setmode", $config->getMode());
19	+ break;
20	+ case "dsblrules":
21	+ $config->setDisabledRules($_REQUEST['disabled_rules']);
22	+ $bvresp->addStatus("disabled_rules", $config->getDisabledRules());
23	+ break;
24	+ case "setrulesmode":
25	+ $config->setRulesMode($_REQUEST['rules_mode']);
26	+ $bvresp->addStatus("rules_mode", $config->getRulesMode());
27	+ break;
28	+ default:
29	+ return false;
30	+ }
31	+ return true;
32	+ }
33	+ }
34	+ endif;

callback/wings/info.php ADDED Viewed

	@@ -0,0 +1,292 @@


1	+ <?php
2	+
3	+ if (!defined('ABSPATH')) exit;
4	+ if (!class_exists('BVInfoCallback')) :
5	+ class BVInfoCallback {
6	+ public function getPosts($post_type, $count = 5) {
7	+ global $bvresp;
8	+ $output = array();
9	+ $args = array('numberposts' => $count, 'post_type' => $post_type);
10	+ $posts = get_posts($args);
11	+ $keys = array('post_title', 'guid', 'ID', 'post_date');
12	+ foreach ($posts as $post) {
13	+ $pdata = array();
14	+ $post_array = get_object_vars($post);
15	+ foreach ($keys as $key) {
16	+ $pdata[$key] = $post_array[$key];
17	+ }
18	+ $bvresp->addArrayToStatus("posts", $pdata);
19	+ }
20	+ }
21	+
22	+ public function getStats() {
23	+ global $bvresp;
24	+ $bvresp->addStatus("posts", get_object_vars(wp_count_posts()));
25	+ $bvresp->addStatus("pages", get_object_vars(wp_count_posts("page")));
26	+ $bvresp->addStatus("comments", get_object_vars(wp_count_comments()));
27	+ }
28	+
29	+ public function getPlugins() {
30	+ global $bvresp;
31	+ if (!function_exists('get_plugins')) {
32	+ require_once (ABSPATH."wp-admin/includes/plugin.php");
33	+ }
34	+ $plugins = get_plugins();
35	+ foreach ($plugins as $plugin_file => $plugin_data) {
36	+ $pdata = array(
37	+ 'file' => $plugin_file,
38	+ 'title' => $plugin_data['Title'],
39	+ 'version' => $plugin_data['Version'],
40	+ 'active' => is_plugin_active($plugin_file),
41	+ 'network' => $plugin_data['Network']
42	+ );
43	+ $bvresp->addArrayToStatus("plugins", $pdata);
44	+ }
45	+ }
46	+
47	+ public function themeToArray($theme) {
48	+ if (is_object($theme)) {
49	+ $pdata = array(
50	+ 'name' => $theme->Name,
51	+ 'title' => $theme->Title,
52	+ 'stylesheet' => $theme->get_stylesheet(),
53	+ 'template' => $theme->Template,
54	+ 'version' => $theme->Version
55	+ );
56	+ } else {
57	+ $pdata = array(
58	+ 'name' => $theme["Name"],
59	+ 'title' => $theme["Title"],
60	+ 'stylesheet' => $theme["Stylesheet"],
61	+ 'template' => $theme["Template"],
62	+ 'version' => $theme["Version"]
63	+ );
64	+ }
65	+ return $pdata;
66	+ }
67	+
68	+ public function getThemes() {
69	+ global $bvresp;
70	+ $themes = function_exists('wp_get_themes') ? wp_get_themes() : get_themes();
71	+ foreach($themes as $theme) {
72	+ $pdata = $this->themeToArray($theme);
73	+ $bvresp->addArrayToStatus("themes", $pdata);
74	+ }
75	+ $theme = function_exists('wp_get_theme') ? wp_get_theme() : get_current_theme();
76	+ $pdata = $this->themeToArray($theme);
77	+ $bvresp->addStatus("currenttheme", $pdata);
78	+ }
79	+
80	+ public function getSystemInfo() {
81	+ global $bvresp;
82	+ $sys_info = array(
83	+ 'serverip' => $_SERVER['SERVER_ADDR'],
84	+ 'host' => $_SERVER['HTTP_HOST'],
85	+ 'phpversion' => phpversion(),
86	+ 'AF_INET6' => defined('AF_INET6')
87	+ );
88	+ if (function_exists('get_current_user')) {
89	+ $sys_info['user'] = get_current_user();
90	+ }
91	+ if (function_exists('getmygid')) {
92	+ $sys_info['gid'] = getmygid();
93	+ }
94	+ if (function_exists('getmyuid')) {
95	+ $sys_info['uid'] = getmyuid();
96	+ }
97	+ if (function_exists('posix_getuid')) {
98	+ $sys_info['webuid'] = posix_getuid();
99	+ $sys_info['webgid'] = posix_getgid();
100	+ }
101	+ $bvresp->addStatus("sys", $sys_info);
102	+ }
103	+
104	+ public function getWpInfo() {
105	+ global $wp_version, $wp_db_version, $wp_local_package;
106	+ global $bvresp, $bvcb;
107	+ $upload_dir = wp_upload_dir();
108	+ $info = $bvcb->bvmain->info;
109	+
110	+ $wp_info = array(
111	+ 'dbprefix' => $bvcb->bvmain->db->dbprefix(),
112	+ 'wpmu' => $info->isMultisite(),
113	+ 'mainsite' => $info->isMainSite(),
114	+ 'name' => get_bloginfo('name'),
115	+ 'siteurl' => $info->siteurl(),
116	+ 'homeurl' => $info->homeurl(),
117	+ 'charset' => get_bloginfo('charset'),
118	+ 'wpversion' => $wp_version,
119	+ 'dbversion' => $wp_db_version,
120	+ 'abspath' => ABSPATH,
121	+ 'uploadpath' => $upload_dir['basedir'],
122	+ 'uploaddir' => wp_upload_dir(),
123	+ 'contentdir' => defined('WP_CONTENT_DIR') ? WP_CONTENT_DIR : null,
124	+ 'contenturl' => defined('WP_CONTENT_URL') ? WP_CONTENT_URL : null,
125	+ 'plugindir' => defined('WP_PLUGIN_DIR') ? WP_PLUGIN_DIR : null,
126	+ 'dbcharset' => defined('DB_CHARSET') ? DB_CHARSET : null,
127	+ 'disallow_file_edit' => defined('DISALLOW_FILE_EDIT'),
128	+ 'disallow_file_mods' => defined('DISALLOW_FILE_MODS'),
129	+ 'locale' => get_locale(),
130	+ 'wp_local_string' => $wp_local_package,
131	+ 'charset_collate' => $bvcb->bvmain->db->getCharsetCollate()
132	+ );
133	+ $bvresp->addStatus("wp", $wp_info);
134	+ }
135	+
136	+ public function getUsers($args = array(), $full) {
137	+ global $bvresp, $bvcb;
138	+ $results = array();
139	+ $users = get_users($args);
140	+ if ('true' == $full) {
141	+ $results = $bvcb->bvmain->lib->objectToArray($users);
142	+ } else {
143	+ foreach( (array) $users as $user) {
144	+ $result = array();
145	+ $result['user_email'] = $user->user_email;
146	+ $result['ID'] = $user->ID;
147	+ $result['roles'] = $user->roles;
148	+ $result['user_login'] = $user->user_login;
149	+ $result['display_name'] = $user->display_name;
150	+ $result['user_registered'] = $user->user_registered;
151	+ $result['user_status'] = $user->user_status;
152	+ $result['user_url'] = $user->url;
153	+
154	+ $results[] = $result;
155	+ }
156	+ }
157	+ $bvresp->addStatus("users", $results);
158	+ }
159	+
160	+ public function availableFunctions(&$info) {
161	+ if (extension_loaded('openssl')) {
162	+ $info['openssl'] = "1";
163	+ }
164	+ if (function_exists('is_ssl') && is_ssl()) {
165	+ $info['https'] = "1";
166	+ }
167	+ if (function_exists('openssl_public_encrypt')) {
168	+ $info['openssl_public_encrypt'] = "1";
169	+ }
170	+ if (function_exists('openssl_public_decrypt')) {
171	+ $info['openssl_public_decrypt'] = "1";
172	+ }
173	+ $info['sha1'] = "1";
174	+ $info['apissl'] = "1";
175	+ if (function_exists('base64_encode')) {
176	+ $info['b64encode'] = true;
177	+ }
178	+ if (function_exists('base64_decode')) {
179	+ $info['b64decode'] = true;
180	+ }
181	+ return $info;
182	+ }
183	+
184	+ public function servicesInfo(&$info) {
185	+ global $bvcb;
186	+ $bvinfo = $bvcb->bvmain->info;
187	+ $info['dynsync'] = $bvinfo->getOption('bvDynSyncActive');
188	+ $info['woodyn'] = $bvinfo->getOption('bvWooDynSync');
189	+ $info['dynplug'] = $bvinfo->getOption('bvdynplug');
190	+ $info['ptplug'] = $bvinfo->getOption('bvptplug');
191	+ $info['fw'] = $this->getFWConfig();
192	+ $info['lp'] = $this->getLPConfig();
193	+ $info['brand'] = $bvinfo->getOption($bvcb->bvmain->brand_option);
194	+ $info['badgeinfo'] = $bvinfo->getOption($bvcb->bvmain->badgeinfo);
195	+ }
196	+
197	+ public function getLPConfig() {
198	+ global $bvcb;
199	+ $config = array();
200	+ $bvinfo = $bvcb->bvmain->info;
201	+ $mode = $bvinfo->getOption('bvlpmode');
202	+ $cplimit = $bvinfo->getOption('bvlpcaptchalimit');
203	+ $tplimit = $bvinfo->getOption('bvlptempblocklimit');
204	+ $bllimit = $bvinfo->getOption('bvlpblockAllLimit');
205	+ $config['mode'] = intval($mode ? $mode : 1);
206	+ $config['captcha_limit'] = intval($cplimit ? $cplimit : 3);
207	+ $config['temp_block_limit'] = intval($tplimit? $tplimit : 6);
208	+ $config['block_all_limit'] = intval($bllimit ? $bllimit : 100);
209	+ return $config;
210	+ }
211	+
212	+ public function getFWConfig() {
213	+ global $bvcb;
214	+ $config = array();
215	+ $bvinfo = $bvcb->bvmain->info;
216	+ $mode = $bvinfo->getOption('bvfwmode');
217	+ $drules = $bvinfo->getOption('bvfwdisabledrules');
218	+ $rmode = $bvinfo->getOption('bvfwrulesmode');
219	+ $config['mode'] = intval($mode ? $mode : 1);
220	+ $config['disabled_rules'] = $drules ? $drules : array();
221	+ $config['rules_mode'] = intval($rmode ? $rmode : 1);
222	+ return $config;
223	+ }
224	+
225	+ public function dbconf(&$info) {
226	+ global $bvcb;
227	+ if (defined('DB_CHARSET'))
228	+ $info['dbcharset'] = DB_CHARSET;
229	+ $info['dbprefix'] = $bvcb->bvmain->db->dbprefix();
230	+ $info['charset_collate'] = $bvcb->bvmain->db->getCharsetCollate();
231	+ return $info;
232	+ }
233	+
234	+ public function activate() {
235	+ global $bvcb, $bvresp;
236	+ $resp = array();
237	+ $bvcb->bvmain->info->basic($resp);
238	+ $this->servicesInfo($resp);
239	+ $this->dbconf($resp);
240	+ $this->availableFunctions($resp);
241	+ $bvresp->addStatus('actinfo', $resp);
242	+ }
243	+
244	+ public function process($method) {
245	+ global $bvresp, $bvcb;
246	+ switch ($method) {
247	+ case "activateinfo":
248	+ $this->activate();
249	+ break;
250	+ case "gtpsts":
251	+ $count = 5;
252	+ if (array_key_exists('count', $_REQUEST))
253	+ $count = $_REQUEST['count'];
254	+ $this->getPosts($_REQUEST['post_type'], $count);
255	+ break;
256	+ case "gtsts":
257	+ $this->getStats();
258	+ break;
259	+ case "gtplgs":
260	+ $this->getPlugins();
261	+ break;
262	+ case "gtthms":
263	+ $this->getThemes();
264	+ break;
265	+ case "gtsym":
266	+ $this->getSystemInfo();
267	+ break;
268	+ case "gtwp":
269	+ $this->getWpInfo();
270	+ break;
271	+ case "getoption":
272	+ $bvresp->addStatus("option", $bvresp->getOption($_REQUEST['name']));
273	+ break;
274	+ case "gtusrs":
275	+ $full = false;
276	+ if (array_key_exists('full', $_REQUEST))
277	+ $full = true;
278	+ $this->getUsers($_REQUEST['args'], $full);
279	+ break;
280	+ case "gttrnsnt":
281	+ $transient = $bvcb->bvmain->info->getTransient($_REQUEST['name']);
282	+ if ($transient && array_key_exists('asarray', $_REQUEST))
283	+ $transient = $bvcb->bvmain->lib->objectToArray($transient);
284	+ $bvresp->addStatus("transient", $transient);
285	+ break;
286	+ default:
287	+ return false;
288	+ }
289	+ return true;
290	+ }
291	+ }
292	+ endif;

callback/wings/ipstore.php ADDED Viewed

	@@ -0,0 +1,116 @@


1	+ <?php
2	+
3	+ if (!defined('ABSPATH')) exit;
4	+ if (!class_exists('BVIPStoreCallback')) :
5	+
6	+ require_once dirname( __FILE__ ) . '/../../ipstore.php';
7	+
8	+ class BVIPStoreCallback {
9	+
10	+ public function updateBVTableContent($table, $value, $filter) {
11	+ global $bvcb;
12	+ $bvcb->bvmain->db->query("UPDATE $table SET $value $filter;");
13	+ }
14	+
15	+ public function insertBVTableContent($table, $fields, $value) {
16	+ global $bvcb;
17	+ $bvcb->bvmain->db->query("INSERT INTO $table $fields values $value;");
18	+ }
19	+
20	+ public function deleteIPs($table, $rmfilters) {
21	+ if (is_array($rmfilters)) {
22	+ global $bvcb;
23	+ foreach ($rmfilters as $rmfilter) {
24	+ $rmfilter = base64_decode($rmfilter);
25	+ $bvcb->bvmain->db->deleteBVTableContent($table, $rmfilter);
26	+ }
27	+ }
28	+ }
29	+
30	+ public function insertIPs($table, $fields, $values) {
31	+ if (is_array($values)) {
32	+ foreach ($values as $value) {
33	+ $value = base64_decode($value);
34	+ $this->insertBVTableContent($table, $fields, $value);
35	+ }
36	+ }
37	+ }
38	+
39	+ public function updateIPs($table, $value, $filters) {
40	+ if (is_array($filters)) {
41	+ foreach ($filters as $filter) {
42	+ $filter = base64_decode($filter);
43	+ $this->updateBVTableContent($table, $value, $filter);
44	+ }
45	+ }
46	+ }
47	+
48	+ public function getIPs($table, $auto_increment_offset, $type, $category) {
49	+ global $bvcb;
50	+ $query = "SELECT `start_ip_range` FROM $table WHERE id < $auto_increment_offset AND `type` = $type AND ";
51	+ $query .= ($category == BVIPStore::FW) ? "`is_fw` = true;" : "`is_lp` = true;";
52	+ return $bvcb->bvmain->db->getCol($query);
53	+ }
54	+
55	+ public function getIPStoreOffset($table, $auto_increment_offset) {
56	+ global $bvcb;
57	+ $db = $bvcb->bvmain->db;
58	+ return intval($db->getVar("SELECT MAX(id) FROM $table WHERE id < $auto_increment_offset"));
59	+ }
60	+
61	+ public function getIPStoreInfo($table, $auto_increment_offset) {
62	+ global $bvcb;
63	+ $db = $bvcb->bvmain->db;
64	+ $info = array();
65	+ $info['fw_blacklisted_ips'] = $this->getIPs($table, $auto_increment_offset, BVIPStore::BLACKLISTED, BVIPStore::FW);
66	+ $info['lp_blacklisted_ips'] = $this->getIPs($table, $auto_increment_offset, BVIPStore::BLACKLISTED, BVIPStore::LP);
67	+ $info['fw_whitelisted_ips'] = $this->getIPs($table, $auto_increment_offset, BVIPStore::WHITELISTED, BVIPStore::FW);
68	+ $info['lp_whitelisted_ips'] = $this->getIPs($table, $auto_increment_offset, BVIPStore::WHITELISTED, BVIPStore::LP);
69	+ $info['ip_store_offset'] = $this->getIPStoreOffset($table, $auto_increment_offset);
70	+ $info['country_ips_size'] = intval($db->getVar("SELECT COUNT(id) FROM $table WHERE id >= $auto_increment_offset"));
71	+ return $info;
72	+ }
73	+
74	+ public function process($method) {
75	+ global $bvresp, $bvcb;
76	+ $db = $bvcb->bvmain->db;
77	+ $table = $_REQUEST['table'];
78	+ $bvTable = $db->getBVTable($table);
79	+ $auto_increment_offset = $_REQUEST['auto_increment_offset'];
80	+ if (!$db->isTablePresent($bvTable)) {
81	+ $bvresp->addStatus("info", false);
82	+ } else {
83	+ switch ($method) {
84	+ case "ipstrinfo":
85	+ $info = $this->getIPStoreInfo($bvTable, $auto_increment_offset);
86	+ $bvresp->addStatus("info", $info);
87	+ break;
88	+ case "insrtips":
89	+ $values = $_REQUEST['values'];
90	+ $fields = $_REQUEST['fields'];
91	+ $rmfilter = $_REQUEST['rmfilter'];
92	+ if ($rmfilter) {
93	+ $db->deleteBVTableContent($table, $rmfilter);
94	+ }
95	+ $this->insertIPs($bvTable, $fields, $values);
96	+ $bvresp->addStatus("offset", $this->getIPStoreOffset($bvTable, $auto_increment_offset));
97	+ break;
98	+ case "dltips":
99	+ $rmfilters = $_REQUEST['rmfilters'];
100	+ $this->deleteIPs($table, $rmfilters);
101	+ $bvresp->addStatus("offset", $this->getIPStoreOffset($bvTable, $auto_increment_offset));
102	+ break;
103	+ case "updtips":
104	+ $value = $_REQUEST['value'];
105	+ $filters = $_REQUEST['filters'];
106	+ $this->updateIPs($bvTable, $value, $filters);
107	+ $bvresp->addStatus("offset", $this->getIPStoreOffset($bvTable, $auto_increment_offset));
108	+ break;
109	+ default:
110	+ return false;
111	+ }
112	+ return true;
113	+ }
114	+ }
115	+ }
116	+ endif;

callback/wings/lp.php ADDED Viewed

	@@ -0,0 +1,72 @@


1	+ <?php
2	+
3	+ if (!defined('ABSPATH')) exit;
4	+ if (!class_exists('BVLoginProtectCallback')) :
5	+
6	+ require_once dirname( __FILE__ ) . '/../../lp/lp.php';
7	+
8	+ class BVLoginProtectCallback {
9	+ public function unBlockLogins() {
10	+ global $bvcb;
11	+ $info = $bvcb->bvmain->info;
12	+ $info->deleteTransient('bvlp_block_logins');
13	+ $info->setTransient('bvlp_allow_logins', 'true', 1800);
14	+ return $info->getTransient('bvlp_allow_logins');
15	+ }
16	+
17	+ public function blockLogins($time) {
18	+ global $bvcb;
19	+ $info = $bvcb->bvmain->info;
20	+ $info->deleteTransient('bvlp_allow_logins');
21	+ $info->setTransient('bvlp_block_logins', 'true', $time);
22	+ return $info->getTransient('bvlp_block_logins');
23	+ }
24	+
25	+ public function unBlockIP($ip, $attempts, $time) {
26	+ global $bvcb;
27	+ $info = $bvcb->bvmain->info;
28	+ $transient_name = BVLP::$unblock_ip_transient.$ip;
29	+ $info->setTransient($transient_name, $attempts, $time);
30	+ return $info->getTransient($transient_name);
31	+ }
32	+
33	+ public function process($method) {
34	+ global $bvcb, $bvresp;
35	+ $config = new BVLPConfig($bvcb->bvmain);
36	+ switch ($method) {
37	+ case "clrconfig":
38	+ $bvresp->addStatus("clearconfig", $config->clear());
39	+ break;
40	+ case "setmode":
41	+ $config->setMode($_REQUEST['mode']);
42	+ $bvresp->addStatus("setmode", $config->getMode());
43	+ break;
44	+ case "setcaptchalimit":
45	+ $config->setCaptchaLimit($_REQUEST['captcha_limit']);
46	+ $bvresp->addStatus("captcha_limit", $config->getCaptchaLimit());
47	+ break;
48	+ case "settmpblklimit":
49	+ $config->setTempBlockLimit($_REQUEST['temp_block_limit']);
50	+ $bvresp->addStatus("temp_block_limit", $config->getTempBlockLimit());
51	+ break;
52	+ case "setblkalllimit":
53	+ $config->setBlockAllLimit($_REQUEST['block_all_limit']);
54	+ $bvresp->addStatus("block_all_limit", $config->getBlockAllLimit());
55	+ break;
56	+ case "unblklogins":
57	+ $bvresp->addStatus("unblocklogins", $this->unBlockLogins());
58	+ break;
59	+ case "blklogins":
60	+ $time = array_key_exists('time', $_REQUEST) ? $_REQUEST['time'] : 1800;
61	+ $bvresp->addStatus("blocklogins", $this->blockLogins($time));
62	+ break;
63	+ case "unblkip":
64	+ $bvresp->addStatus("unblockip", $this->unBlockIP($_REQUEST['ip'], $_REQUEST['attempts'], $_REQUEST['time']));
65	+ break;
66	+ default:
67	+ return false;
68	+ }
69	+ return true;
70	+ }
71	+ }
72	+ endif;

callback/wings/misc.php ADDED Viewed

	@@ -0,0 +1,71 @@


1	+ <?php
2	+
3	+ if (!defined('ABSPATH')) exit;
4	+ if (!class_exists('BVMiscCallback')) :
5	+
6	+ class BVMiscCallback {
7	+
8	+ function process($method) {
9	+ global $bvcb, $bvresp;
10	+ $info = $bvcb->bvmain->info;
11	+ switch ($method) {
12	+ case "enablebadge":
13	+ $option = $bvcb->bvmain->badgeinfo;
14	+ $badgeinfo = array();
15	+ $badgeinfo['badgeurl'] = $_REQUEST['badgeurl'];
16	+ $badgeinfo['badgeimg'] = $_REQUEST['badgeimg'];
17	+ $badgeinfo['badgealt'] = $_REQUEST['badgealt'];
18	+ $info->updateOption($option, $badgeinfo);
19	+ $bvresp->addStatus("status", $info->getOption($option));
20	+ break;
21	+ case "disablebadge":
22	+ $option = $bvcb->bvmain->badgeinfo;
23	+ $info->deleteOption($option);
24	+ $bvresp->addStatus("status", !$info->getOption($option));
25	+ break;
26	+ case "getoption":
27	+ $bvresp->addStatus('getoption', $info->getOption($_REQUEST['opkey']));
28	+ break;
29	+ case "setdynplug":
30	+ $info->updateOption('bvdynplug', $_REQUEST['dynplug']);
31	+ $bvresp->addStatus("setdynplug", $info->getOption('bvdynplug'));
32	+ break;
33	+ case "unsetdynplug":
34	+ $info->deleteOption('bvdynplug');
35	+ $bvresp->addStatus("unsetdynplug", $info->getOption('bvdynplug'));
36	+ break;
37	+ case "setptplug":
38	+ $info->updateOption('bvptplug', $_REQUEST['ptplug']);
39	+ $bvresp->addStatus("setptplug", $info->getOption('bvptplug'));
40	+ break;
41	+ case "unsetptplug":
42	+ $info->deleteOption('bvptlug');
43	+ $bvresp->addStatus("unsetptplug", $info->getOption('bvptlug'));
44	+ break;
45	+ case "wpupplgs":
46	+ $bvresp->addStatus("wpupdateplugins", wp_update_plugins());
47	+ break;
48	+ case "wpupthms":
49	+ $bvresp->addStatus("wpupdatethemes", wp_update_themes());
50	+ break;
51	+ case "wpupcre":
52	+ $bvresp->addStatus("wpupdatecore", wp_version_check());
53	+ break;
54	+ case "rmmonitime":
55	+ $bvcb->bvmain->unSetMonitTime();
56	+ $bvresp->addStatus("rmmonitime", !$bvcb->bvmain->getMonitTime());
57	+ break;
58	+ case "phpinfo":
59	+ phpinfo();
60	+ die();
61	+ break;
62	+ case "dlttrsnt":
63	+ $bvresp->addStatus("dlttrsnt", $bvcb->bvmain->info->deleteTransient($_REQUEST['key']));
64	+ break;
65	+ default:
66	+ return false;
67	+ }
68	+ return true;
69	+ }
70	+ }
71	+ endif;

callback/wings/monit.php ADDED Viewed

	@@ -0,0 +1,77 @@


1	+ <?php
2	+
3	+ if (!defined('ABSPATH')) exit;
4	+ if (!class_exists('BVMonitCallback')) :
5	+
6	+ class BVMonitCallback {
7	+ public function getData($table, $limit = 0, $filter = "") {
8	+ global $bvcb;
9	+ $result = array();
10	+ $data = array();
11	+ $rows = $bvcb->bvmain->db->getTableContent($table, '*', $filter, $limit);
12	+ $last_id = 0;
13	+ foreach ($rows as $row) {
14	+ $result[] = $row;
15	+ $last_id = $row['id'];
16	+ }
17	+ $data['last_id'] = $last_id;
18	+ $data['rows'] = $result;
19	+ return $data;
20	+ }
21	+
22	+ public function deleteBvDynamicEvents($filter = "") {
23	+ global $bvcb;
24	+ $name = BVDynSync::$dynsync_table;
25	+ return $bvcb->bvmain->db->deleteBVTableContent($name, $filter);
26	+ }
27	+
28	+ public function process($method) {
29	+ global $bvresp, $bvcb;
30	+ $db = $bvcb->bvmain->db;
31	+ $info = $bvcb->bvmain->info;
32	+ $bvcb->bvmain->setMonitTime();
33	+ switch ($method) {
34	+ case "getdata":
35	+ if (array_key_exists('lp', $_REQUEST)) {
36	+ require_once dirname( __FILE__ ) . '/../../lp/config.php';
37	+ $lp_params = $_REQUEST['lp'];
38	+ $limit = intval(urldecode($lp_params['limit']));
39	+ $filter = urldecode($lp_params['filter']);
40	+ $db->deleteBVTableContent(BVLPConfig::$requests_table, $lp_params['rmfilter']);
41	+ $table = $bvcb->bvmain->db->getBVTable(BVLPConfig::$requests_table);
42	+ $bvresp->addStatus("lplogs", $this->getData($table, $limit, $filter));
43	+ }
44	+ if (array_key_exists('fw', $_REQUEST)) {
45	+ require_once dirname( __FILE__ ) . '/../../fw/config.php';
46	+ $fw_params = $_REQUEST['fw'];
47	+ $limit = intval(urldecode($fw_params['limit']));
48	+ $filter = urldecode($fw_params['filter']);
49	+ $db->deleteBVTableContent(BVFWConfig::$requests_table, $fw_params['rmfilter']);
50	+ $table = $bvcb->bvmain->db->getBVTable(BVFWConfig::$requests_table);
51	+ $bvresp->addStatus("fwlogs", $this->getData($table, $limit, $filter));
52	+ }
53	+ if (array_key_exists('dynevent', $_REQUEST)) {
54	+ require_once dirname( __FILE__ ) . '/../../dynsync.php';
55	+ $isdynsyncactive = $info->getOption('bvDynSyncActive');
56	+ if ($isdynsyncactive == 'yes') {
57	+ $limit = intval(urldecode($_REQUEST['limit']));
58	+ $filter = urldecode($_REQUEST['filter']);
59	+ $this->deleteBvDynamicEvents($_REQUEST['rmfilter']);
60	+ $table = $bvcb->bvmain->db->getBVTable(BVDynSync::$dynsync_table);
61	+ $data = $this->getData($table, $limit, $filter);
62	+ $bvresp->addStatus('last_id', $data['last_id']);
63	+ $bvresp->addStatus('events', $data['rows']);
64	+ $bvresp->addStatus('timestamp', time());
65	+ $bvresp->addStatus("status", true);
66	+ }
67	+ }
68	+ break;
69	+ case "rmdata":
70	+ require_once dirname( __FILE__ ) . '/../../dynsync.php';
71	+ $filter = urldecode($_REQUEST['filter']);
72	+ $bvresp->addStatus("status", $this->deleteBvDynamicEvents($filter));
73	+ break;
74	+ }
75	+ }
76	+ }
77	+ endif;

callback/wings/protect.php ADDED Viewed

	@@ -0,0 +1,62 @@


1	+ <?php
2	+
3	+ if (!defined('ABSPATH')) exit;
4	+ if (!class_exists('BVProtectCallback')) :
5	+
6	+ require_once dirname( __FILE__ ) . '/../../protect.php';
7	+
8	+ class BVProtectCallback {
9	+ public function process($method) {
10	+ global $bvcb, $bvresp;
11	+ $protect = new BVProtect($bvcb->bvmain);
12	+ $info = $bvcb->bvmain->info;
13	+ switch ($method) {
14	+ case "gtipprobeinfo":
15	+ $headers = $_REQUEST['hdrs'];
16	+ $hdrsinfo = array();
17	+ if ($headers && is_array($headers)) {
18	+ foreach($headers as $hdr) {
19	+ if (array_key_exists($hdr, $_SERVER)) {
20	+ $hdrsinfo[$hdr] = $_SERVER[$hdr];
21	+ }
22	+ }
23	+ }
24	+ $bvresp->addStatus("hdrsinfo", $hdrsinfo);
25	+ if ($iphdr = $info->getOption($bvcb->bvmain->ip_header_option)) {
26	+ $bvresp->addStatus("iphdr", $iphdr);
27	+ }
28	+ break;
29	+ case "gtraddr":
30	+ $raddr = array_key_exists('REMOTE_ADDR', $_SERVER) ? $_SERVER['REMOTE_ADDR'] : false;
31	+ $bvresp->addStatus("raddr", $raddr);
32	+ break;
33	+ case "gtallhdrs":
34	+ $data = (function_exists('getallheaders')) ? getallheaders() : false;
35	+ $bvresp->addStatus("allhdrs", $data);
36	+ break;
37	+ case "gtsvr":
38	+ $bvresp->addStatus("svr", $_SERVER);
39	+ break;
40	+ case "gtip":
41	+ $bvresp->addStatus("ip", $protect->getIP());
42	+ break;
43	+ case "stiphdr":
44	+ $option_name = $bvcb->bvmain->ip_header_option;
45	+ $iphdr = array('hdr' => $_REQUEST['hdr'], 'pos' => $_REQUEST['pos']);
46	+ $info->updateOption($option_name, $iphdr);
47	+ $bvresp->addStatus("iphdr", $info->getOption($option_name));
48	+ break;
49	+ case "gtiphdr":
50	+ $bvresp->addStatus("iphdr", $info->getOption($bvcb->bvmain->ip_header_option));
51	+ break;
52	+ case "rmiphdr":
53	+ $option_name = $bvcb->bvmain->ip_header_option;
54	+ $info->deleteOption($option_name);
55	+ $bvresp->addStatus("iphdr", $info->getOption($option_name));
56	+ break;
57	+ default:
58	+ return false;
59	+ }
60	+ }
61	+ }
62	+ endif;

css/bvmui.min.css ADDED Viewed

	@@ -0,0 +1 @@

+ /*! normalize.css v5.0.0 | MIT License | github.com/necolas/normalize.css */.mui-appbar{background-color:#2196f3;color:#FFF}.mui-btn{font-weight:500;font-size:14px;line-height:18px;text-transform:uppercase;color:rgba(0,0,0,0.87);background-color:#FFF;-webkit-transition:all .2s ease-in-out;transition:all .2s ease-in-out;display:inline-block;height:36px;padding:0 26px;margin:6px 0;border:0;border-radius:2px;cursor:pointer;-ms-touch-action:manipulation;touch-action:manipulation;background-image:none;text-align:center;line-height:36px;vertical-align:middle;white-space:nowrap;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;font-size:14px;font-family:inherit;letter-spacing:.03em;position:relative;overflow:hidden}.mui-btn:hover,.mui-btn:focus,.mui-btn:active{color:rgba(0,0,0,0.87);background-color:white}.mui-btn[disabled]:hover,.mui-btn[disabled]:focus,.mui-btn[disabled]:active{color:rgba(0,0,0,0.87);background-color:#FFF}.mui-btn.mui-btn--flat{color:rgba(0,0,0,0.87);background-color:transparent}.mui-btn.mui-btn--flat:hover,.mui-btn.mui-btn--flat:focus,.mui-btn.mui-btn--flat:active{color:rgba(0,0,0,0.87);background-color:#f2f2f2}.mui-btn.mui-btn--flat[disabled]:hover,.mui-btn.mui-btn--flat[disabled]:focus,.mui-btn.mui-btn--flat[disabled]:active{color:rgba(0,0,0,0.87);background-color:transparent}.mui-btn:hover,.mui-btn:focus,.mui-btn:active{outline:0;text-decoration:none;color:rgba(0,0,0,0.87)}.mui-btn:hover,.mui-btn:focus{-webkit-box-shadow:0 0 2px rgba(0,0,0,0.12),0 2px 2px rgba(0,0,0,0.2);box-shadow:0 0 2px rgba(0,0,0,0.12),0 2px 2px rgba(0,0,0,0.2)}@media all and (-ms-high-contrast:none),(-ms-high-contrast:active){.mui-btn:hover,.mui-btn:focus{-webkit-box-shadow:0 -1px 2px rgba(0,0,0,0.12),-1px 0 2px rgba(0,0,0,0.12),0 0 2px rgba(0,0,0,0.12),0 2px 2px rgba(0,0,0,0.2);box-shadow:0 -1px 2px rgba(0,0,0,0.12),-1px 0 2px rgba(0,0,0,0.12),0 0 2px rgba(0,0,0,0.12),0 2px 2px rgba(0,0,0,0.2)}}@supports(-ms-ime-align:auto){.mui-btn:hover,.mui-btn:focus{-webkit-box-shadow:0 -1px 2px rgba(0,0,0,0.12),-1px 0 2px rgba(0,0,0,0.12),0 0 2px rgba(0,0,0,0.12),0 2px 2px rgba(0,0,0,0.2);box-shadow:0 -1px 2px rgba(0,0,0,0.12),-1px 0 2px rgba(0,0,0,0.12),0 0 2px rgba(0,0,0,0.12),0 2px 2px rgba(0,0,0,0.2)}}.mui-btn:active:hover{-webkit-box-shadow:0 0 4px rgba(0,0,0,0.12),1px 3px 4px rgba(0,0,0,0.2);box-shadow:0 0 4px rgba(0,0,0,0.12),1px 3px 4px rgba(0,0,0,0.2)}@media all and (-ms-high-contrast:none),(-ms-high-contrast:active){.mui-btn:active:hover{-webkit-box-shadow:0 -1px 2px rgba(0,0,0,0.12),-1px 0 2px rgba(0,0,0,0.12),0 0 4px rgba(0,0,0,0.12),1px 3px 4px rgba(0,0,0,0.2);box-shadow:0 -1px 2px rgba(0,0,0,0.12),-1px 0 2px rgba(0,0,0,0.12),0 0 4px rgba(0,0,0,0.12),1px 3px 4px rgba(0,0,0,0.2)}}@supports(-ms-ime-align:auto){.mui-btn:active:hover{-webkit-box-shadow:0 -1px 2px rgba(0,0,0,0.12),-1px 0 2px rgba(0,0,0,0.12),0 0 4px rgba(0,0,0,0.12),1px 3px 4px rgba(0,0,0,0.2);box-shadow:0 -1px 2px rgba(0,0,0,0.12),-1px 0 2px rgba(0,0,0,0.12),0 0 4px rgba(0,0,0,0.12),1px 3px 4px rgba(0,0,0,0.2)}}.mui-btn:disabled,.mui-btn.mui--is-disabled{cursor:not-allowed;pointer-events:none;opacity:.60;-webkit-box-shadow:none;box-shadow:none}.mui-btn+.mui-btn{margin-left:8px}.mui-btn--flat{background-color:transparent}.mui-btn--flat:hover,.mui-btn--flat:focus,.mui-btn--flat:active,.mui-btn--flat:active:hover{-webkit-box-shadow:none;box-shadow:none;background-color:#f2f2f2}.mui-btn--raised,.mui-btn--fab{-webkit-box-shadow:0 0 2px rgba(0,0,0,0.12),0 2px 2px rgba(0,0,0,0.2);box-shadow:0 0 2px rgba(0,0,0,0.12),0 2px 2px rgba(0,0,0,0.2)}@media all and (-ms-high-contrast:none),(-ms-high-contrast:active){.mui-btn--raised,.mui-btn--fab{-webkit-box-shadow:0 -1px 2px rgba(0,0,0,0.12),-1px 0 2px rgba(0,0,0,0.12),0 0 2px rgba(0,0,0,0.12),0 2px 2px rgba(0,0,0,0.2);box-shadow:0 -1px 2px rgba(0,0,0,0.12),-1px 0 2px rgba(0,0,0,0.12),0 0 2px rgba(0,0,0,0.12),0 2px 2px rgba(0,0,0,0.2)}}@supports(-ms-ime-align:auto){.mui-btn--raised,.mui-btn--fab{-webkit-box-shadow:0 -1px 2px rgba(0,0,0,0.12),-1px 0 2px rgba(0,0,0,0.12),0 0 2px rgba(0,0,0,0.12),0 2px 2px rgba(0,0,0,0.2);box-shadow:0 -1px 2px rgba(0,0,0,0.12),-1px 0 2px rgba(0,0,0,0.12),0 0 2px rgba(0,0,0,0.12),0 2px 2px rgba(0,0,0,0.2)}}.mui-btn--raised:active,.mui-btn--fab:active{-webkit-box-shadow:0 0 4px rgba(0,0,0,0.12),1px 3px 4px rgba(0,0,0,0.2);box-shadow:0 0 4px rgba(0,0,0,0.12),1px 3px 4px rgba(0,0,0,0.2)}@media all and (-ms-high-contrast:none),(-ms-high-contrast:active){.mui-btn--raised:active,.mui-btn--fab:active{-webkit-box-shadow:0 -1px 2px rgba(0,0,0,0.12),-1px 0 2px rgba(0,0,0,0.12),0 0 4px rgba(0,0,0,0.12),1px 3px 4px rgba(0,0,0,0.2);box-shadow:0 -1px 2px rgba(0,0,0,0.12),-1px 0 2px rgba(0,0,0,0.12),0 0 4px rgba(0,0,0,0.12),1px 3px 4px rgba(0,0,0,0.2)}}@supports(-ms-ime-align:auto){.mui-btn--raised:active,.mui-btn--fab:active{-webkit-box-shadow:0 -1px 2px rgba(0,0,0,0.12),-1px 0 2px rgba(0,0,0,0.12),0 0 4px rgba(0,0,0,0.12),1px 3px 4px rgba(0,0,0,0.2);box-shadow:0 -1px 2px rgba(0,0,0,0.12),-1px 0 2px rgba(0,0,0,0.12),0 0 4px rgba(0,0,0,0.12),1px 3px 4px rgba(0,0,0,0.2)}}.mui-btn--fab{position:relative;padding:0;width:55px;height:55px;line-height:55px;border-radius:50%;z-index:1}.mui-btn--primary{color:#FFF;background-color:#2196f3}.mui-btn--primary:hover,.mui-btn--primary:focus,.mui-btn--primary:active{color:#FFF;background-color:#39a1f4}.mui-btn--primary[disabled]:hover,.mui-btn--primary[disabled]:focus,.mui-btn--primary[disabled]:active{color:#FFF;background-color:#2196f3}.mui-btn--primary.mui-btn--flat{color:#2196f3;background-color:transparent}.mui-btn--primary.mui-btn--flat:hover,.mui-btn--primary.mui-btn--flat:focus,.mui-btn--primary.mui-btn--flat:active{color:#2196f3;background-color:#f2f2f2}.mui-btn--primary.mui-btn--flat[disabled]:hover,.mui-btn--primary.mui-btn--flat[disabled]:focus,.mui-btn--primary.mui-btn--flat[disabled]:active{color:#2196f3;background-color:transparent}.mui-btn--dark{color:#FFF;background-color:#424242}.mui-btn--dark:hover,.mui-btn--dark:focus,.mui-btn--dark:active{color:#FFF;background-color:#4f4f4f}.mui-btn--dark[disabled]:hover,.mui-btn--dark[disabled]:focus,.mui-btn--dark[disabled]:active{color:#FFF;background-color:#424242}.mui-btn--dark.mui-btn--flat{color:#424242;background-color:transparent}.mui-btn--dark.mui-btn--flat:hover,.mui-btn--dark.mui-btn--flat:focus,.mui-btn--dark.mui-btn--flat:active{color:#424242;background-color:#f2f2f2}.mui-btn--dark.mui-btn--flat[disabled]:hover,.mui-btn--dark.mui-btn--flat[disabled]:focus,.mui-btn--dark.mui-btn--flat[disabled]:active{color:#424242;background-color:transparent}.mui-btn--danger{color:#FFF;background-color:#f44336}.mui-btn--danger:hover,.mui-btn--danger:focus,.mui-btn--danger:active{color:#FFF;background-color:#f55a4e}.mui-btn--danger[disabled]:hover,.mui-btn--danger[disabled]:focus,.mui-btn--danger[disabled]:active{color:#FFF;background-color:#f44336}.mui-btn--danger.mui-btn--flat{color:#f44336;background-color:transparent}.mui-btn--danger.mui-btn--flat:hover,.mui-btn--danger.mui-btn--flat:focus,.mui-btn--danger.mui-btn--flat:active{color:#f44336;background-color:#f2f2f2}.mui-btn--danger.mui-btn--flat[disabled]:hover,.mui-btn--danger.mui-btn--flat[disabled]:focus,.mui-btn--danger.mui-btn--flat[disabled]:active{color:#f44336;background-color:transparent}.mui-btn--accent{color:#FFF;background-color:#ff4081}.mui-btn--accent:hover,.mui-btn--accent:focus,.mui-btn--accent:active{color:#FFF;background-color:#ff5a92}.mui-btn--accent[disabled]:hover,.mui-btn--accent[disabled]:focus,.mui-btn--accent[disabled]:active{color:#FFF;background-color:#ff4081}.mui-btn--accent.mui-btn--flat{color:#ff4081;background-color:transparent}.mui-btn--accent.mui-btn--flat:hover,.mui-btn--accent.mui-btn--flat:focus,.mui-btn--accent.mui-btn--flat:active{color:#ff4081;background-color:#f2f2f2}.mui-btn--accent.mui-btn--flat[disabled]:hover,.mui-btn--accent.mui-btn--flat[disabled]:focus,.mui-btn--accent.mui-btn--flat[disabled]:active{color:#ff4081;background-color:transparent}.mui-btn--small{height:30.6px;line-height:30.6px;padding:0 16px;font-size:13px}.mui-btn--large{height:54px;line-height:54px;padding:0 26px;font-size:14px}.mui-btn--fab.mui-btn--small{width:44px;height:44px;line-height:44px}.mui-btn--fab.mui-btn--large{width:75px;height:75px;line-height:75px}.mui-radio,.mui-checkbox{position:relative;display:block;margin-top:10px;margin-bottom:10px}.mui-radio>label,.mui-checkbox>label{min-height:20px;padding-left:20px;margin-bottom:0;font-weight:normal;cursor:pointer}.mui-radio input:disabled,.mui-checkbox input:disabled{cursor:not-allowed}.mui-radio input:focus,.mui-checkbox input:focus{outline:thin dotted;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}.mui-radio>label>input[type="radio"],.mui-radio--inline>label>input[type="radio"],.mui-checkbox>label>input[type="checkbox"],.mui-checkbox--inline>label>input[type="checkbox"]{position:absolute;margin-left:-20px;margin-top:4px}.mui-radio+.mui-radio,.mui-checkbox+.mui-checkbox{margin-top:-5px}.mui-radio--inline,.mui-checkbox--inline{display:inline-block;padding-left:20px;margin-bottom:0;vertical-align:middle;font-weight:normal;cursor:pointer}.mui-radio--inline>input[type="radio"],.mui-radio--inline>input[type="checkbox"],.mui-radio--inline>label>input[type="radio"],.mui-radio--inline>label>input[type="checkbox"],.mui-checkbox--inline>input[type="radio"],.mui-checkbox--inline>input[type="checkbox"],.mui-checkbox--inline>label>input[type="radio"],.mui-checkbox--inline>label>input[type="checkbox"]{margin:4px 0 0;line-height:normal}.mui-radio--inline+.mui-radio--inline,.mui-checkbox--inline+.mui-checkbox--inline{margin-top:0;margin-left:10px}.mui-container{-webkit-box-sizing:border-box;box-sizing:border-box;margin-right:auto;margin-left:auto;padding-left:15px;padding-right:15px}.mui-container:before,.mui-container:after{content:" ";display:table}.mui-container:after{clear:both}@media(min-width:544px){.mui-container{max-width:570px}}@media(min-width:768px){.mui-container{max-width:740px}}@media(min-width:992px){.mui-container{max-width:960px}}@media(min-width:1200px){.mui-container{max-width:1170px}}.mui-container-fluid{-webkit-box-sizing:border-box;box-sizing:border-box;margin-right:auto;margin-left:auto;padding-left:15px;padding-right:15px}.mui-container-fluid:before,.mui-container-fluid:after{content:" ";display:table}.mui-container-fluid:after{clear:both}.mui-divider{display:block;height:1px;background-color:rgba(0,0,0,0.12)}.mui--divider-top{border-top:1px solid rgba(0,0,0,0.12)}.mui--divider-bottom{border-bottom:1px solid rgba(0,0,0,0.12)}.mui--divider-left{border-left:1px solid rgba(0,0,0,0.12)}.mui--divider-right{border-right:1px solid rgba(0,0,0,0.12)}.mui-dropdown{display:inline-block;position:relative}[data-mui-toggle="dropdown"]{outline:0}.mui-dropdown__menu{position:absolute;top:100%;left:0;display:none;min-width:160px;padding:5px 0;margin:2px 0 0;list-style:none;font-size:14px;text-align:left;background-color:#FFF;border-radius:2px;z-index:1;background-clip:padding-box}@media all and (-ms-high-contrast:none),(-ms-high-contrast:active){.mui-dropdown__menu{border-top:1px solid rgba(0,0,0,0.12);border-left:1px solid rgba(0,0,0,0.12)}}@supports(-ms-ime-align:auto){.mui-dropdown__menu{border-top:1px solid rgba(0,0,0,0.12);border-left:1px solid rgba(0,0,0,0.12)}}.mui-dropdown__menu.mui--is-open{display:block}.mui-dropdown__menu>li>a{display:block;padding:3px 20px;clear:both;font-weight:normal;line-height:1.429;color:rgba(0,0,0,0.87);text-decoration:none;white-space:nowrap}.mui-dropdown__menu>li>a:hover,.mui-dropdown__menu>li>a:focus{text-decoration:none;color:rgba(0,0,0,0.87);background-color:#eee}.mui-dropdown__menu>.mui--is-disabled>a,.mui-dropdown__menu>.mui--is-disabled>a:hover,.mui-dropdown__menu>.mui--is-disabled>a:focus{color:#eee}.mui-dropdown__menu>.mui--is-disabled>a:hover,.mui-dropdown__menu>.mui--is-disabled>a:focus{text-decoration:none;background-color:transparent;background-image:none;cursor:not-allowed}.mui-dropdown__menu--right{left:auto;right:0}.mui-form legend{display:block;width:100%;padding:0;margin-bottom:10px;font-size:21px;color:rgba(0,0,0,0.87);line-height:inherit;border:0}.mui-form fieldset{border:0;padding:0;margin:0 0 20px 0}@media(min-width:544px){.mui-form--inline .mui-textfield{display:inline-block;vertical-align:bottom;margin-bottom:0}.mui-form--inline .mui-radio,.mui-form--inline .mui-checkbox{display:inline-block;margin-top:0;margin-bottom:0;vertical-align:middle}.mui-form--inline .mui-radio>label,.mui-form--inline .mui-checkbox>label{padding-left:0}.mui-form--inline .mui-radio>label>input[type="radio"],.mui-form--inline .mui-checkbox>label>input[type="checkbox"]{position:relative;margin-left:0}.mui-form--inline .mui-select{display:inline-block;vertical-align:bottom;margin-bottom:0}.mui-form--inline .mui-btn{margin-bottom:0;margin-top:0;vertical-align:bottom}}.mui-row{margin-left:-15px;margin-right:-15px}.mui-row:before,.mui-row:after{content:" ";display:table}.mui-row:after{clear:both}.mui-col-xs-1,.mui-col-sm-1,.mui-col-md-1,.mui-col-lg-1,.mui-col-xs-2,.mui-col-sm-2,.mui-col-md-2,.mui-col-lg-2,.mui-col-xs-3,.mui-col-sm-3,.mui-col-md-3,.mui-col-lg-3,.mui-col-xs-4,.mui-col-sm-4,.mui-col-md-4,.mui-col-lg-4,.mui-col-xs-5,.mui-col-sm-5,.mui-col-md-5,.mui-col-lg-5,.mui-col-xs-6,.mui-col-sm-6,.mui-col-md-6,.mui-col-lg-6,.mui-col-xs-7,.mui-col-sm-7,.mui-col-md-7,.mui-col-lg-7,.mui-col-xs-8,.mui-col-sm-8,.mui-col-md-8,.mui-col-lg-8,.mui-col-xs-9,.mui-col-sm-9,.mui-col-md-9,.mui-col-lg-9,.mui-col-xs-10,.mui-col-sm-10,.mui-col-md-10,.mui-col-lg-10,.mui-col-xs-11,.mui-col-sm-11,.mui-col-md-11,.mui-col-lg-11,.mui-col-xs-12,.mui-col-sm-12,.mui-col-md-12,.mui-col-lg-12{-webkit-box-sizing:border-box;box-sizing:border-box;min-height:1px;padding-left:15px;padding-right:15px}.mui-col-xs-1,.mui-col-xs-2,.mui-col-xs-3,.mui-col-xs-4,.mui-col-xs-5,.mui-col-xs-6,.mui-col-xs-7,.mui-col-xs-8,.mui-col-xs-9,.mui-col-xs-10,.mui-col-xs-11,.mui-col-xs-12{float:left}.mui-col-xs-1{width:8.33333%}.mui-col-xs-2{width:16.66667%}.mui-col-xs-3{width:25%}.mui-col-xs-4{width:33.33333%}.mui-col-xs-5{width:41.66667%}.mui-col-xs-6{width:50%}.mui-col-xs-7{width:58.33333%}.mui-col-xs-8{width:66.66667%}.mui-col-xs-9{width:75%}.mui-col-xs-10{width:83.33333%}.mui-col-xs-11{width:91.66667%}.mui-col-xs-12{width:100%}.mui-col-xs-offset-0{margin-left:0}.mui-col-xs-offset-1{margin-left:8.33333%}.mui-col-xs-offset-2{margin-left:16.66667%}.mui-col-xs-offset-3{margin-left:25%}.mui-col-xs-offset-4{margin-left:33.33333%}.mui-col-xs-offset-5{margin-left:41.66667%}.mui-col-xs-offset-6{margin-left:50%}.mui-col-xs-offset-7{margin-left:58.33333%}.mui-col-xs-offset-8{margin-left:66.66667%}.mui-col-xs-offset-9{margin-left:75%}.mui-col-xs-offset-10{margin-left:83.33333%}.mui-col-xs-offset-11{margin-left:91.66667%}.mui-col-xs-offset-12{margin-left:100%}@media(min-width:544px){.mui-col-sm-1,.mui-col-sm-2,.mui-col-sm-3,.mui-col-sm-4,.mui-col-sm-5,.mui-col-sm-6,.mui-col-sm-7,.mui-col-sm-8,.mui-col-sm-9,.mui-col-sm-10,.mui-col-sm-11,.mui-col-sm-12{float:left}.mui-col-sm-1{width:8.33333%}.mui-col-sm-2{width:16.66667%}.mui-col-sm-3{width:25%}.mui-col-sm-4{width:33.33333%}.mui-col-sm-5{width:41.66667%}.mui-col-sm-6{width:50%}.mui-col-sm-7{width:58.33333%}.mui-col-sm-8{width:66.66667%}.mui-col-sm-9{width:75%}.mui-col-sm-10{width:83.33333%}.mui-col-sm-11{width:91.66667%}.mui-col-sm-12{width:100%}.mui-col-sm-offset-0{margin-left:0}.mui-col-sm-offset-1{margin-left:8.33333%}.mui-col-sm-offset-2{margin-left:16.66667%}.mui-col-sm-offset-3{margin-left:25%}.mui-col-sm-offset-4{margin-left:33.33333%}.mui-col-sm-offset-5{margin-left:41.66667%}.mui-col-sm-offset-6{margin-left:50%}.mui-col-sm-offset-7{margin-left:58.33333%}.mui-col-sm-offset-8{margin-left:66.66667%}.mui-col-sm-offset-9{margin-left:75%}.mui-col-sm-offset-10{margin-left:83.33333%}.mui-col-sm-offset-11{margin-left:91.66667%}.mui-col-sm-offset-12{margin-left:100%}}@media(min-width:768px){.mui-col-md-1,.mui-col-md-2,.mui-col-md-3,.mui-col-md-4,.mui-col-md-5,.mui-col-md-6,.mui-col-md-7,.mui-col-md-8,.mui-col-md-9,.mui-col-md-10,.mui-col-md-11,.mui-col-md-12{float:left}.mui-col-md-1{width:8.33333%}.mui-col-md-2{width:16.66667%}.mui-col-md-3{width:25%}.mui-col-md-4{width:33.33333%}.mui-col-md-5{width:41.66667%}.mui-col-md-6{width:50%}.mui-col-md-7{width:58.33333%}.mui-col-md-8{width:66.66667%}.mui-col-md-9{width:75%}.mui-col-md-10{width:83.33333%}.mui-col-md-11{width:91.66667%}.mui-col-md-12{width:100%}.mui-col-md-offset-0{margin-left:0}.mui-col-md-offset-1{margin-left:8.33333%}.mui-col-md-offset-2{margin-left:16.66667%}.mui-col-md-offset-3{margin-left:25%}.mui-col-md-offset-4{margin-left:33.33333%}.mui-col-md-offset-5{margin-left:41.66667%}.mui-col-md-offset-6{margin-left:50%}.mui-col-md-offset-7{margin-left:58.33333%}.mui-col-md-offset-8{margin-left:66.66667%}.mui-col-md-offset-9{margin-left:75%}.mui-col-md-offset-10{margin-left:83.33333%}.mui-col-md-offset-11{margin-left:91.66667%}.mui-col-md-offset-12{margin-left:100%}}@media(min-width:992px){.mui-col-lg-1,.mui-col-lg-2,.mui-col-lg-3,.mui-col-lg-4,.mui-col-lg-5,.mui-col-lg-6,.mui-col-lg-7,.mui-col-lg-8,.mui-col-lg-9,.mui-col-lg-10,.mui-col-lg-11,.mui-col-lg-12{float:left}.mui-col-lg-1{width:8.33333%}.mui-col-lg-2{width:16.66667%}.mui-col-lg-3{width:25%}.mui-col-lg-4{width:33.33333%}.mui-col-lg-5{width:41.66667%}.mui-col-lg-6{width:50%}.mui-col-lg-7{width:58.33333%}.mui-col-lg-8{width:66.66667%}.mui-col-lg-9{width:75%}.mui-col-lg-10{width:83.33333%}.mui-col-lg-11{width:91.66667%}.mui-col-lg-12{width:100%}.mui-col-lg-offset-0{margin-left:0}.mui-col-lg-offset-1{margin-left:8.33333%}.mui-col-lg-offset-2{margin-left:16.66667%}.mui-col-lg-offset-3{margin-left:25%}.mui-col-lg-offset-4{margin-left:33.33333%}.mui-col-lg-offset-5{margin-left:41.66667%}.mui-col-lg-offset-6{margin-left:50%}.mui-col-lg-offset-7{margin-left:58.33333%}.mui-col-lg-offset-8{margin-left:66.66667%}.mui-col-lg-offset-9{margin-left:75%}.mui-col-lg-offset-10{margin-left:83.33333%}.mui-col-lg-offset-11{margin-left:91.66667%}.mui-col-lg-offset-12{margin-left:100%}}@media(min-width:1200px){.mui-col-xl-1,.mui-col-xl-2,.mui-col-xl-3,.mui-col-xl-4,.mui-col-xl-5,.mui-col-xl-6,.mui-col-xl-7,.mui-col-xl-8,.mui-col-xl-9,.mui-col-xl-10,.mui-col-xl-11,.mui-col-xl-12{float:left}.mui-col-xl-1{width:8.33333%}.mui-col-xl-2{width:16.66667%}.mui-col-xl-3{width:25%}.mui-col-xl-4{width:33.33333%}.mui-col-xl-5{width:41.66667%}.mui-col-xl-6{width:50%}.mui-col-xl-7{width:58.33333%}.mui-col-xl-8{width:66.66667%}.mui-col-xl-9{width:75%}.mui-col-xl-10{width:83.33333%}.mui-col-xl-11{width:91.66667%}.mui-col-xl-12{width:100%}.mui-col-xl-offset-0{margin-left:0}.mui-col-xl-offset-1{margin-left:8.33333%}.mui-col-xl-offset-2{margin-left:16.66667%}.mui-col-xl-offset-3{margin-left:25%}.mui-col-xl-offset-4{margin-left:33.33333%}.mui-col-xl-offset-5{margin-left:41.66667%}.mui-col-xl-offset-6{margin-left:50%}.mui-col-xl-offset-7{margin-left:58.33333%}.mui-col-xl-offset-8{margin-left:66.66667%}.mui-col-xl-offset-9{margin-left:75%}.mui-col-xl-offset-10{margin-left:83.33333%}.mui-col-xl-offset-11{margin-left:91.66667%}.mui-col-xl-offset-12{margin-left:100%}}.mui-panel{padding:15px;margin-bottom:20px;border-radius:0;background-color:#FFF;-webkit-box-shadow:0 2px 2px 0 rgba(0,0,0,0.16),0 0 2px 0 rgba(0,0,0,0.12);box-shadow:0 2px 2px 0 rgba(0,0,0,0.16),0 0 2px 0 rgba(0,0,0,0.12)}.mui-panel:before,.mui-panel:after{content:" ";display:table}.mui-panel:after{clear:both}@media all and (-ms-high-contrast:none),(-ms-high-contrast:active){.mui-panel{-webkit-box-shadow:0 -1px 2px 0 rgba(0,0,0,0.12),-1px 0 2px 0 rgba(0,0,0,0.12),0 2px 2px 0 rgba(0,0,0,0.16),0 0 2px 0 rgba(0,0,0,0.12);box-shadow:0 -1px 2px 0 rgba(0,0,0,0.12),-1px 0 2px 0 rgba(0,0,0,0.12),0 2px 2px 0 rgba(0,0,0,0.16),0 0 2px 0 rgba(0,0,0,0.12)}}@supports(-ms-ime-align:auto){.mui-panel{-webkit-box-shadow:0 -1px 2px 0 rgba(0,0,0,0.12),-1px 0 2px 0 rgba(0,0,0,0.12),0 2px 2px 0 rgba(0,0,0,0.16),0 0 2px 0 rgba(0,0,0,0.12);box-shadow:0 -1px 2px 0 rgba(0,0,0,0.12),-1px 0 2px 0 rgba(0,0,0,0.12),0 2px 2px 0 rgba(0,0,0,0.16),0 0 2px 0 rgba(0,0,0,0.12)}}.mui-select{display:block;padding-top:15px;margin-bottom:20px;position:relative}.mui-select:focus{outline:0}.mui-select:focus>select{height:33px;margin-bottom:-1px;border-color:#2196f3;border-width:2px}.mui-select>select{display:block;height:32px;width:100%;appearance:none;-webkit-appearance:none;-moz-appearance:none;outline:0;border:0;border-bottom:1px solid rgba(0,0,0,0.26);border-radius:0;-webkit-box-shadow:none;box-shadow:none;background-color:transparent;background-image:url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIGhlaWdodD0iNiIgd2lkdGg9IjEwIj48cG9seWdvbiBwb2ludHM9IjAsMCAxMCwwIDUsNiIgc3R5bGU9ImZpbGw6cmdiYSgwLDAsMCwuMjQpOyIvPjwvc3ZnPg==");background-repeat:no-repeat;background-position:right center;cursor:pointer;color:rgba(0,0,0,0.87);font-size:16px;font-family:inherit;line-height:inherit;padding:0 25px 0 0}.mui-select>select::-ms-expand{display:none}.mui-select>select:focus{outline:0;height:33px;margin-bottom:-1px;border-color:#2196f3;border-width:2px}.mui-select>select:disabled{color:rgba(0,0,0,0.38);cursor:not-allowed;background-color:transparent;opacity:1}.mui-select>select:-moz-focusring{color:transparent;text-shadow:0 0 0 #000}.mui-select>select:focus::-ms-value{background:0;color:rgba(0,0,0,0.87)}.mui-select>label{position:absolute;top:0;display:block;width:100%;color:rgba(0,0,0,0.54);font-size:12px;font-weight:400;line-height:15px;overflow-x:hidden;text-overflow:ellipsis;white-space:nowrap}.mui-select:focus>label,.mui-select>select:focus ~ label{color:#2196f3}.mui-select__menu{position:absolute;z-index:2;min-width:100%;overflow-y:auto;padding:8px 0;-webkit-box-sizing:border-box;box-sizing:border-box;background-color:#FFF;font-size:16px}@media all and (-ms-high-contrast:none),(-ms-high-contrast:active){.mui-select__menu{border-left:1px solid rgba(0,0,0,0.12);border-top:1px solid rgba(0,0,0,0.12)}}@supports(-ms-ime-align:auto){.mui-select__menu{border-left:1px solid rgba(0,0,0,0.12);border-top:1px solid rgba(0,0,0,0.12)}}.mui-select__menu>div{padding:0 22px;height:42px;line-height:42px;cursor:pointer;white-space:nowrap}.mui-select__menu>div.mui--is-selected{background-color:#eee}.mui-select__menu>div.mui--is-disabled{color:rgba(0,0,0,0.38);cursor:not-allowed}.mui-select__menu>div:not(.mui-optgroup__label):not(.mui--is-disabled):hover{background-color:#e0e0e0}.mui-optgroup__option{text-indent:1em}.mui-optgroup__label{color:rgba(0,0,0,0.54);font-size:.9em}.mui-table{width:100%;max-width:100%;margin-bottom:20px}.mui-table>thead>tr>th,.mui-table>tbody>tr>th,.mui-table>tfoot>tr>th{text-align:left}.mui-table>thead>tr>th,.mui-table>thead>tr>td,.mui-table>tbody>tr>th,.mui-table>tbody>tr>td,.mui-table>tfoot>tr>th,.mui-table>tfoot>tr>td{padding:10px;line-height:1.429}.mui-table>thead>tr>th{border-bottom:2px solid rgba(0,0,0,0.12);font-weight:700}.mui-table>tbody+tbody{border-top:2px solid rgba(0,0,0,0.12)}.mui-table.mui-table--bordered>tbody>tr>td{border-bottom:1px solid rgba(0,0,0,0.12)}.mui-tabs__bar{list-style:none;padding-left:0;margin-bottom:0;background-color:transparent;white-space:nowrap;overflow-x:auto}.mui-tabs__bar>li{display:inline-block}.mui-tabs__bar>li>a{display:block;white-space:nowrap;text-transform:uppercase;font-weight:500;font-size:14px;color:rgba(0,0,0,0.87);cursor:default;height:48px;line-height:48px;padding-left:24px;padding-right:24px;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.mui-tabs__bar>li>a:hover{text-decoration:none}.mui-tabs__bar>li.mui--is-active{border-bottom:2px solid #2196f3}.mui-tabs__bar>li.mui--is-active>a{color:#2196f3}.mui-tabs__bar.mui-tabs__bar--justified{display:table;width:100%;table-layout:fixed}.mui-tabs__bar.mui-tabs__bar--justified>li{display:table-cell}.mui-tabs__bar.mui-tabs__bar--justified>li>a{text-align:center;padding-left:0;padding-right:0}.mui-tabs__pane{display:none}.mui-tabs__pane.mui--is-active{display:block}.mui-textfield{display:block;padding-top:15px;margin-bottom:20px;position:relative}.mui-textfield>label{position:absolute;top:0;display:block;width:100%;color:rgba(0,0,0,0.54);font-size:12px;font-weight:400;line-height:15px;overflow-x:hidden;text-overflow:ellipsis;white-space:nowrap}.mui-textfield>textarea{padding-top:5px}.mui-textfield>input:focus ~ label,.mui-textfield>textarea:focus ~ label{color:#2196f3}.mui-textfield--float-label>label{position:absolute;-webkit-transform:translate(0px,15px);transform:translate(0px,15px);font-size:16px;line-height:32px;color:rgba(0,0,0,0.26);text-overflow:clip;cursor:text;pointer-events:none}.mui-textfield--float-label>input:focus ~ label,.mui-textfield--float-label>textarea:focus ~ label{-webkit-transform:translate(0px,0px);transform:translate(0px,0px);font-size:12px;line-height:15px;text-overflow:ellipsis}.mui-textfield--float-label>input:not(:focus).mui--is-not-empty ~ label,.mui-textfield--float-label>input:not(:focus)[value]:not([value=""]):not(.mui--is-empty):not(.mui--is-not-empty) ~ label,.mui-textfield--float-label>input:not(:focus):not(:empty):not(.mui--is-empty):not(.mui--is-not-empty) ~ label,.mui-textfield--float-label>textarea:not(:focus).mui--is-not-empty ~ label,.mui-textfield--float-label>textarea:not(:focus)[value]:not([value=""]):not(.mui--is-empty):not(.mui--is-not-empty) ~ label,.mui-textfield--float-label>textarea:not(:focus):not(:empty):not(.mui--is-empty):not(.mui--is-not-empty) ~ label{color:rgba(0,0,0,0.54);font-size:12px;line-height:15px;-webkit-transform:translate(0px,0px);transform:translate(0px,0px);text-overflow:ellipsis}.mui-textfield--wrap-label{display:table;width:100%;padding-top:0}.mui-textfield--wrap-label:not(.mui-textfield--float-label)>label{display:table-header-group;position:static;white-space:normal;overflow-x:visible}.mui-textfield>input,.mui-textfield>textarea{-webkit-box-sizing:border-box;box-sizing:border-box;display:block;background-color:transparent;color:rgba(0,0,0,0.87);border:0;border-bottom:1px solid rgba(0,0,0,0.26);outline:0;width:100%;padding:0;-webkit-box-shadow:none;box-shadow:none;border-radius:0;font-size:16px;font-family:inherit;line-height:inherit;background-image:none}.mui-textfield>input:focus,.mui-textfield>textarea:focus{border-color:#2196f3;border-width:2px}.mui-textfield>input:disabled,.mui-textfield>input:-moz-read-only,.mui-textfield>textarea:disabled,.mui-textfield>textarea:-moz-read-only{cursor:not-allowed;background-color:transparent;opacity:1}.mui-textfield>input:disabled,.mui-textfield>input:read-only,.mui-textfield>textarea:disabled,.mui-textfield>textarea:read-only{cursor:not-allowed;background-color:transparent;opacity:1}.mui-textfield>input::-webkit-input-placeholder,.mui-textfield>textarea::-webkit-input-placeholder{color:rgba(0,0,0,0.26);opacity:1}.mui-textfield>input:-ms-input-placeholder,.mui-textfield>textarea:-ms-input-placeholder{color:rgba(0,0,0,0.26);opacity:1}.mui-textfield>input::-ms-input-placeholder,.mui-textfield>textarea::-ms-input-placeholder{color:rgba(0,0,0,0.26);opacity:1}.mui-textfield>input::placeholder,.mui-textfield>textarea::placeholder{color:rgba(0,0,0,0.26);opacity:1}.mui-textfield>input{height:32px}.mui-textfield>input:focus{height:33px;margin-bottom:-1px}.mui-textfield>textarea{min-height:64px}.mui-textfield>textarea[rows]:not([rows="2"]):focus{margin-bottom:-1px}.mui-textfield>input:focus{height:33px;margin-bottom:-1px}.mui-textfield>input:invalid:not(:focus):not(:required),.mui-textfield>input:invalid:not(:focus):required.mui--is-not-empty,.mui-textfield>input:invalid:not(:focus):required.mui--is-empty.mui--is-touched,.mui-textfield>input:invalid:not(:focus):required[value]:not([value=""]):not(.mui--is-empty):not(.mui--is-not-empty),.mui-textfield>input:invalid:not(:focus):required:not(:empty):not(.mui--is-empty):not(.mui--is-not-empty),.mui-textfield>textarea:invalid:not(:focus):not(:required),.mui-textfield>textarea:invalid:not(:focus):required.mui--is-not-empty,.mui-textfield>textarea:invalid:not(:focus):required.mui--is-empty.mui--is-touched,.mui-textfield>textarea:invalid:not(:focus):required[value]:not([value=""]):not(.mui--is-empty):not(.mui--is-not-empty),.mui-textfield>textarea:invalid:not(:focus):required:not(:empty):not(.mui--is-empty):not(.mui--is-not-empty),.mui-textfield>input:not(:focus).mui--is-invalid:not(:required),.mui-textfield>input:not(:focus).mui--is-invalid:required.mui--is-not-empty,.mui-textfield>input:not(:focus).mui--is-invalid:required.mui--is-empty.mui--is-touched,.mui-textfield>input:not(:focus).mui--is-invalid:required[value]:not([value=""]):not(.mui--is-empty):not(.mui--is-not-empty),.mui-textfield>input:not(:focus).mui--is-invalid:required:not(:empty):not(.mui--is-empty):not(.mui--is-not-empty),.mui-textfield>textarea:not(:focus).mui--is-invalid:not(:required),.mui-textfield>textarea:not(:focus).mui--is-invalid:required.mui--is-not-empty,.mui-textfield>textarea:not(:focus).mui--is-invalid:required.mui--is-empty.mui--is-touched,.mui-textfield>textarea:not(:focus).mui--is-invalid:required[value]:not([value=""]):not(.mui--is-empty):not(.mui--is-not-empty),.mui-textfield>textarea:not(:focus).mui--is-invalid:required:not(:empty):not(.mui--is-empty):not(.mui--is-not-empty){border-color:#f44336;border-width:2px}.mui-textfield>input:invalid:not(:focus):not(:required),.mui-textfield>input:invalid:not(:focus):required.mui--is-not-empty,.mui-textfield>input:invalid:not(:focus):required.mui--is-empty.mui--is-touched,.mui-textfield>input:invalid:not(:focus):required[value]:not([value=""]):not(.mui--is-empty):not(.mui--is-not-empty),.mui-textfield>input:invalid:not(:focus):required:not(:empty):not(.mui--is-empty):not(.mui--is-not-empty),.mui-textfield>input:not(:focus).mui--is-invalid:not(:required),.mui-textfield>input:not(:focus).mui--is-invalid:required.mui--is-not-empty,.mui-textfield>input:not(:focus).mui--is-invalid:required.mui--is-empty.mui--is-touched,.mui-textfield>input:not(:focus).mui--is-invalid:required[value]:not([value=""]):not(.mui--is-empty):not(.mui--is-not-empty),.mui-textfield>input:not(:focus).mui--is-invalid:required:not(:empty):not(.mui--is-empty):not(.mui--is-not-empty){height:33px;margin-bottom:-1px}.mui-textfield.mui-textfield--float-label>input:invalid:not(:focus):not(:required) ~ label,.mui-textfield.mui-textfield--float-label>input:invalid:not(:focus):required.mui--is-not-empty ~ label,.mui-textfield.mui-textfield--float-label>input:invalid:not(:focus):required[value]:not([value=""]):not(.mui--is-empty):not(.mui--is-not-empty) ~ label,.mui-textfield.mui-textfield--float-label>input:invalid:not(:focus):required:not(:empty):not(.mui--is-empty):not(.mui--is-not-empty) ~ label,.mui-textfield.mui-textfield--float-label>textarea:invalid:not(:focus):not(:required) ~ label,.mui-textfield.mui-textfield--float-label>textarea:invalid:not(:focus):required.mui--is-not-empty ~ label,.mui-textfield.mui-textfield--float-label>textarea:invalid:not(:focus):required[value]:not([value=""]):not(.mui--is-empty):not(.mui--is-not-empty) ~ label,.mui-textfield.mui-textfield--float-label>textarea:invalid:not(:focus):required:not(:empty):not(.mui--is-empty):not(.mui--is-not-empty) ~ label{color:#f44336}.mui-textfield:not(.mui-textfield--float-label)>input:invalid:not(:focus):not(:required) ~ label,.mui-textfield:not(.mui-textfield--float-label)>input:invalid:not(:focus):required.mui--is-empty.mui--is-touched ~ label,.mui-textfield:not(.mui-textfield--float-label)>input:invalid:not(:focus):required.mui--is-not-empty ~ label,.mui-textfield:not(.mui-textfield--float-label)>textarea:invalid:not(:focus):not(:required) ~ label,.mui-textfield:not(.mui-textfield--float-label)>textarea:invalid:not(:focus):required.mui--is-empty.mui--is-touched ~ label,.mui-textfield:not(.mui-textfield--float-label)>textarea:invalid:not(:focus):required.mui--is-not-empty ~ label{color:#f44336}.mui-textfield.mui-textfield--float-label>.mui--is-invalid.mui--is-not-empty:not(:focus) ~ label{color:#f44336}.mui-textfield:not(.mui-textfield--float-label)>.mui--is-invalid:not(:focus) ~ label{color:#f44336}.mui--no-transition{-webkit-transition:none!important;transition:none!important}.mui--no-user-select{-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.mui-caret{display:inline-block;width:0;height:0;margin-left:2px;vertical-align:middle;border-top:4px solid;border-right:4px solid transparent;border-left:4px solid transparent}.mui--text-left{text-align:left!important}.mui--text-right{text-align:right!important}.mui--text-center{text-align:center!important}.mui--text-justify{text-align:justify!important}.mui--text-nowrap{white-space:nowrap!important}.mui--align-baseline{vertical-align:baseline!important}.mui--align-top{vertical-align:top!important}.mui--align-middle{vertical-align:middle!important}.mui--align-bottom{vertical-align:bottom!important}.mui--text-dark{color:rgba(0,0,0,0.87)}.mui--text-dark-secondary{color:rgba(0,0,0,0.54)}.mui--text-dark-hint{color:rgba(0,0,0,0.38)}.mui--text-light{color:#FFF}.mui--text-light-secondary{color:rgba(255,255,255,0.7)}.mui--text-light-hint{color:rgba(255,255,255,0.3)}.mui--text-accent{color:rgba(255,64,129,0.87)}.mui--text-accent-secondary{color:rgba(255,64,129,0.54)}.mui--text-accent-hint{color:rgba(255,64,129,0.38)}.mui--text-black{color:#000}.mui--text-white{color:#FFF}.mui--text-danger{color:#f44336}.mui--bg-primary{background-color:#2196f3}.mui--bg-primary-dark{background-color:#1976d2}.mui--bg-primary-light{background-color:#bbdefb}.mui--bg-accent{background-color:#ff4081}.mui--bg-accent-dark{background-color:#f50057}.mui--bg-accent-light{background-color:#ff80ab}.mui--bg-danger{background-color:#f44336}.mui-list--unstyled{padding-left:0;list-style:none}.mui-list--inline{padding-left:0;list-style:none;margin-left:-5px}.mui-list--inline>li{display:inline-block;padding-left:5px;padding-right:5px}.mui--z1,.mui-dropdown__menu,.mui-select__menu{-webkit-box-shadow:0 1px 3px rgba(0,0,0,0.12),0 1px 2px rgba(0,0,0,0.24);box-shadow:0 1px 3px rgba(0,0,0,0.12),0 1px 2px rgba(0,0,0,0.24)}.mui--z2{-webkit-box-shadow:0 3px 6px rgba(0,0,0,0.16),0 3px 6px rgba(0,0,0,0.23);box-shadow:0 3px 6px rgba(0,0,0,0.16),0 3px 6px rgba(0,0,0,0.23)}.mui--z3{-webkit-box-shadow:0 10px 20px rgba(0,0,0,0.19),0 6px 6px rgba(0,0,0,0.23);box-shadow:0 10px 20px rgba(0,0,0,0.19),0 6px 6px rgba(0,0,0,0.23)}.mui--z4{-webkit-box-shadow:0 14px 28px rgba(0,0,0,0.25),0 10px 10px rgba(0,0,0,0.22);box-shadow:0 14px 28px rgba(0,0,0,0.25),0 10px 10px rgba(0,0,0,0.22)}.mui--z5{-webkit-box-shadow:0 19px 38px rgba(0,0,0,0.3),0 15px 12px rgba(0,0,0,0.22);box-shadow:0 19px 38px rgba(0,0,0,0.3),0 15px 12px rgba(0,0,0,0.22)}.mui--clearfix:before,.mui--clearfix:after{content:" ";display:table}.mui--clearfix:after{clear:both}.mui--pull-right{float:right!important}.mui--pull-left{float:left!important}.mui--hide{display:none!important}.mui--show{display:block!important}.mui--invisible{visibility:hidden}.mui--overflow-hidden{overflow:hidden!important}.mui--overflow-hidden-x{overflow-x:hidden!important}.mui--overflow-hidden-y{overflow-y:hidden!important}.mui--visible-xs-block,.mui--visible-xs-inline,.mui--visible-xs-inline-block,.mui--visible-sm-block,.mui--visible-sm-inline,.mui--visible-sm-inline-block,.mui--visible-md-block,.mui--visible-md-inline,.mui--visible-md-inline-block,.mui--visible-lg-block,.mui--visible-lg-inline,.mui--visible-lg-inline-block,.mui--visible-xl-block,.mui--visible-xl-inline,.mui--visible-xl-inline-block{display:none!important}@media(max-width:543px){.mui-visible-xs{display:block!important}table.mui-visible-xs{display:table}tr.mui-visible-xs{display:table-row!important}th.mui-visible-xs,td.mui-visible-xs{display:table-cell!important}.mui--visible-xs-block{display:block!important}.mui--visible-xs-inline{display:inline!important}.mui--visible-xs-inline-block{display:inline-block!important}}@media(min-width:544px) and (max-width:767px){.mui-visible-sm{display:block!important}table.mui-visible-sm{display:table}tr.mui-visible-sm{display:table-row!important}th.mui-visible-sm,td.mui-visible-sm{display:table-cell!important}.mui--visible-sm-block{display:block!important}.mui--visible-sm-inline{display:inline!important}.mui--visible-sm-inline-block{display:inline-block!important}}@media(min-width:768px) and (max-width:991px){.mui-visible-md{display:block!important}table.mui-visible-md{display:table}tr.mui-visible-md{display:table-row!important}th.mui-visible-md,td.mui-visible-md{display:table-cell!important}.mui--visible-md-block{display:block!important}.mui--visible-md-inline{display:inline!important}.mui--visible-md-inline-block{display:inline-block!important}}@media(min-width:992px) and (max-width:1199px){.mui-visible-lg{display:block!important}table.mui-visible-lg{display:table}tr.mui-visible-lg{display:table-row!important}th.mui-visible-lg,td.mui-visible-lg{display:table-cell!important}.mui--visible-lg-block{display:block!important}.mui--visible-lg-inline{display:inline!important}.mui--visible-lg-inline-block{display:inline-block!important}}@media(min-width:1200px){.mui-visible-xl{display:block!important}table.mui-visible-xl{display:table}tr.mui-visible-xl{display:table-row!important}th.mui-visible-xl,td.mui-visible-xl{display:table-cell!important}.mui--visible-xl-block{display:block!important}.mui--visible-xl-inline{display:inline!important}.mui--visible-xl-inline-block{display:inline-block!important}}@media(max-width:543px){.mui--hidden-xs{display:none!important}}@media(min-width:544px) and (max-width:767px){.mui--hidden-sm{display:none!important}}@media(min-width:768px) and (max-width:991px){.mui--hidden-md{display:none!important}}@media(min-width:992px) and (max-width:1199px){.mui--hidden-lg{display:none!important}}@media(min-width:1200px){.mui--hidden-xl{display:none!important}}.mui-scrlock--showbar-y{overflow-y:scroll!important}.mui-scrlock--showbar-x{overflow-x:scroll!important}#mui-overlay{position:fixed;top:0;right:0;bottom:0;left:0;z-index:99999999;background-color:rgba(0,0,0,0.2);overflow:auto}.mui-btn__ripple-container{position:absolute;top:0;left:0;display:block;height:100%;width:100%;overflow:hidden;z-index:0;pointer-events:none}.mui-ripple{position:absolute;top:0;left:0;border-radius:50%;opacity:0;pointer-events:none;-webkit-transform:scale(0.0001,0.0001);transform:scale(0.0001,0.0001)}.mui-ripple.mui--is-animating{-webkit-transform:none;transform:none;-webkit-transition:width .3s cubic-bezier(0,0,0.2,1),height .3s cubic-bezier(0,0,0.2,1),opacity .3s cubic-bezier(0,0,0.2,1),-webkit-transform .3s cubic-bezier(0,0,0.2,1);transition:width .3s cubic-bezier(0,0,0.2,1),height .3s cubic-bezier(0,0,0.2,1),opacity .3s cubic-bezier(0,0,0.2,1),-webkit-transform .3s cubic-bezier(0,0,0.2,1);transition:transform .3s cubic-bezier(0,0,0.2,1),width .3s cubic-bezier(0,0,0.2,1),height .3s cubic-bezier(0,0,0.2,1),opacity .3s cubic-bezier(0,0,0.2,1);transition:transform .3s cubic-bezier(0,0,0.2,1),width .3s cubic-bezier(0,0,0.2,1),height .3s cubic-bezier(0,0,0.2,1),opacity .3s cubic-bezier(0,0,0.2,1),-webkit-transform .3s cubic-bezier(0,0,0.2,1)}.mui-ripple.mui--is-visible{opacity:.3}.mui-btn .mui-ripple{background-color:#a6a6a6}.mui-btn--primary .mui-ripple{background-color:#FFF}.mui-btn--dark .mui-ripple{background-color:#FFF}.mui-btn--danger .mui-ripple{background-color:#FFF}.mui-btn--accent .mui-ripple{background-color:#FFF}.mui-btn--flat .mui-ripple{background-color:#a6a6a6}.mui--text-display4{font-weight:300;font-size:112px;line-height:112px}.mui--text-display3{font-weight:400;font-size:56px;line-height:56px}.mui--text-display2{font-weight:400;font-size:45px;line-height:48px}.mui--text-display1,h1{font-weight:400;font-size:34px;line-height:40px}.mui--text-headline,h2{font-weight:400;font-size:24px;line-height:32px}.mui--text-title,h3{font-weight:400;font-size:20px;line-height:28px}.mui--text-subhead,h4{font-weight:400;font-size:16px;line-height:24px}.mui--text-body2,h5{font-weight:500;font-size:14px;line-height:24px}.mui--text-body1{font-weight:400;font-size:14px;line-height:20px}.mui--text-caption{font-weight:400;font-size:12px;line-height:16px}.mui--text-menu{font-weight:500;font-size:13px;line-height:17px}.mui--text-button{font-weight:500;font-size:14px;line-height:18px;text-transform:uppercase}

css/bvnew.min.css ADDED Viewed

	@@ -0,0 +1 @@

+ .bv-box,.new-account-panel{-webkit-box-shadow:0 2px 2px 0 rgba(0,0,0,.24),0 0 2px 0 rgba(0,0,0,.24)}<style>.header{background:#25bea0}.top-links{width:400px;float:right;margin-top:15px}.bv-top-button{padding:5px;margin:5px;border:1px solid #17252A;display:inline-block;background:#17252A;border-radius:5px;float:right}.bv-top-button:hover{background:rgba(0,0,0,.6)}.bv-top-button a{text-decoration:none;color:#FFF}.main-title{text-align:center;font-size:32px;margin:10px;text-decoration:underline;font-weight:700}.bv-box{background:#FFF}.new-account-panel{margin-top:10px;margin-bottom:0;border:1px solid #000}.bv-input{font-size:20px;height:40px!important}.bv-tick{color:#52BE80;font-weight:700;padding-left:3px}h2{margin:0;padding:0}.form-title{font-size:24px;margin-bottom:10px}.select-purpose{width:200px;vertical-align:baseline!important;height:40px}.get-started-button{margin-left:10px;height:40px;margin-top:0;font-weight:700;color:#FFF}.side{float:left;margin-top:15px;padding-left:0;padding-right:0}.side-box{padding:0;border:1px solid #000}.side-box-title{font-size:14px;background:#17252a;text-align:center;color:#FFF}.bv-upgrade-button{background:#FF6037;width:80%;margin:0 auto 10px;text-align:center;padding:10px;border-radius:5px}.bv-upgrade-button a{color:#FFF;text-decoration:none;font-size:18px}.footer-logo{margin-right:30px}.premium{color:#888}.premium:hover{cursor:not-allowed}.share-icons{width:40px;height:40px}.custom-bv-button{height:46px;padding:0 42px;line-height:42px;font-size:16px;margin-top:60px}

fw/config.php ADDED Viewed

	@@ -0,0 +1,66 @@


1	+ <?php
2	+
3	+ if (!defined('ABSPATH')) exit;
4	+ if (!class_exists('BVFWConfig')) :
5	+ class BVFWConfig {
6	+ public $bvmain;
7	+ public static $requests_table = 'fw_requests';
8	+
9	+ function __construct($bvmain) {
10	+ $this->bvmain = $bvmain;
11	+ }
12	+
13	+ #mode
14	+ const DISABLED = 1;
15	+ const AUDIT = 2;
16	+ const PROTECT = 3;
17	+
18	+ public function setMode($mode) {
19	+ if (!$mode) {
20	+ $this->bvmain->info->deleteOption('bvfwmode');
21	+ } else {
22	+ $this->bvmain->info->updateOption('bvfwmode', intval($mode));
23	+ }
24	+ }
25	+
26	+ public function setRulesMode($mode) {
27	+ if (!$mode) {
28	+ $this->bvmain->info->deleteOption('bvfwrulesmode');
29	+ } else {
30	+ $this->bvmain->info->updateOption('bvfwrulesmode', intval($mode));
31	+ }
32	+ }
33	+
34	+ public function setDisabledRules($rules) {
35	+ if (!$rules) {
36	+ $this->bvmain->info->deleteOption('bvfwdisabledrules');
37	+ } else {
38	+ $this->bvmain->info->updateOption('bvfwdisabledrules', $rules);
39	+ }
40	+ }
41	+
42	+ public function getMode() {
43	+ $mode = $this->bvmain->info->getOption('bvfwmode');
44	+ return intval($mode ? $mode : BVFWConfig::DISABLED);
45	+ }
46	+
47	+ public function getRulesMode() {
48	+ $mode = $this->bvmain->info->getOption('bvfwrulesmode');
49	+ return intval($mode ? $mode : BVFWConfig::DISABLED);
50	+ }
51	+
52	+ public function getDisabledRules() {
53	+ $rules = $this->bvmain->info->getOption('bvfwdisabledrules');
54	+ return ($rules ? $rules : array());
55	+ }
56	+
57	+ public function clear() {
58	+ $this->setMode(false);
59	+ $this->setRulesMode(false);
60	+ $this->setDisabledRules(false);
61	+ $this->bvmain->db->dropBVTable(BVFWConfig::$requests_table);
62	+ $this->bvmain->info->deleteOption('bvptplug');
63	+ return true;
64	+ }
65	+ }
66	+ endif;

fw/fw.php ADDED Viewed

	@@ -0,0 +1,280 @@


1	+ <?php
2	+
3	+ if (!defined('ABSPATH')) exit;
4	+ if (!class_exists('BVFW')) :
5	+
6	+ require_once dirname( __FILE__ ) . '/config.php';
7	+ require_once dirname( __FILE__ ) . '/request.php';
8	+ require_once dirname( __FILE__ ) . './../ipstore.php';
9	+
10	+ class BVFW {
11	+ public $request;
12	+ public $config;
13	+ public $bvmain;
14	+ public $ipstore;
15	+ public $category;
16	+ public $logger;
17	+ #all rule id will also come under this
18	+
19	+ const SQLIREGEX = '/(?:[^\\w<]\|\\/\\\\![0-9]\|^)(?:
20	+ @@HOSTNAME\|
21	+ ALTER\|ANALYZE\|ASENSITIVE\|
22	+ BEFORE\|BENCHMARK\|BETWEEN\|BIGINT\|BINARY\|BLOB\|
23	+ CALL\|CASE\|CHANGE\|CHAR\|CHARACTER\|CHAR_LENGTH\|COLLATE\|COLUMN\|CONCAT\|CONDITION\|CONSTRAINT\|CONTINUE\|CONVERT\|CREATE\|CROSS\|CURRENT_DATE\|CURRENT_TIME\|CURRENT_TIMESTAMP\|CURRENT_USER\|CURSOR\|
24	+ DATABASE\|DATABASES\|DAY_HOUR\|DAY_MICROSECOND\|DAY_MINUTE\|DAY_SECOND\|DECIMAL\|DECLARE\|DEFAULT\|DELAYED\|DELETE\|DESCRIBE\|DETERMINISTIC\|DISTINCT\|DISTINCTROW\|DOUBLE\|DROP\|DUAL\|DUMPFILE\|
25	+ EACH\|ELSE\|ELSEIF\|ELT\|ENCLOSED\|ESCAPED\|EXISTS\|EXIT\|EXPLAIN\|EXTRACTVALUE\|
26	+ FETCH\|FLOAT\|FLOAT4\|FLOAT8\|FORCE\|FOREIGN\|FROM\|FULLTEXT\|
27	+ GRANT\|GROUP\|HAVING\|HEX\|HIGH_PRIORITY\|HOUR_MICROSECOND\|HOUR_MINUTE\|HOUR_SECOND\|
28	+ IFNULL\|IGNORE\|INDEX\|INFILE\|INNER\|INOUT\|INSENSITIVE\|INSERT\|INTERVAL\|ISNULL\|ITERATE\|
29	+ JOIN\|KILL\|LEADING\|LEAVE\|LIMIT\|LINEAR\|LINES\|LOAD\|LOAD_FILE\|LOCALTIME\|LOCALTIMESTAMP\|LOCK\|LONG\|LONGBLOB\|LONGTEXT\|LOOP\|LOW_PRIORITY\|
30	+ MASTER_SSL_VERIFY_SERVER_CERT\|MATCH\|MAXVALUE\|MEDIUMBLOB\|MEDIUMINT\|MEDIUMTEXT\|MID\|MIDDLEINT\|MINUTE_MICROSECOND\|MINUTE_SECOND\|MODIFIES\|
31	+ NATURAL\|NO_WRITE_TO_BINLOG\|NULL\|NUMERIC\|OPTION\|ORD\|ORDER\|OUTER\|OUTFILE\|
32	+ PRECISION\|PRIMARY\|PRIVILEGES\|PROCEDURE\|PROCESSLIST\|PURGE\|
33	+ RANGE\|READ_WRITE\|REGEXP\|RELEASE\|REPEAT\|REQUIRE\|RESIGNAL\|RESTRICT\|RETURN\|REVOKE\|RLIKE\|ROLLBACK\|
34	+ SCHEMA\|SCHEMAS\|SECOND_MICROSECOND\|SELECT\|SENSITIVE\|SEPARATOR\|SHOW\|SIGNAL\|SLEEP\|SMALLINT\|SPATIAL\|SPECIFIC\|SQLEXCEPTION\|SQLSTATE\|SQLWARNING\|SQL_BIG_RESULT\|SQL_CALC_FOUND_ROWS\|SQL_SMALL_RESULT\|STARTING\|STRAIGHT_JOIN\|SUBSTR\|
35	+ TABLE\|TERMINATED\|TINYBLOB\|TINYINT\|TINYTEXT\|TRAILING\|TRANSACTION\|TRIGGER\|
36	+ UNDO\|UNHEX\|UNION\|UNLOCK\|UNSIGNED\|UPDATE\|UPDATEXML\|USAGE\|USING\|UTC_DATE\|UTC_TIME\|UTC_TIMESTAMP\|
37	+ VALUES\|VARBINARY\|VARCHAR\|VARCHARACTER\|VARYING\|WHEN\|WHERE\|WHILE\|WRITE\|YEAR_MONTH\|ZEROFILL)(?=[^\\w]\|$)/ix';
38	+ const XSSREGEX = '/(?:
39	+ #tags
40	+ (?:\\<\|\\+ADw\\-\|\\xC2\\xBC)(script\|iframe\|svg\|object\|embed\|applet\|link\|style\|meta\|\\/\\/\|\\?xml\\-stylesheet)(?:[^\\w]\|\\xC2\\xBE)\|
41	+ #protocols
42	+ (?:^\|[^\\w])(?:(?:\\s(?:&\\#(?:x06a\|0106)\|j)\\s(?:&\\#(?:x061\|097)\|a)\\s(?:&\\#(?:x076\|0118)\|v)\\s(?:&\\#(?:x061\|097)\|a)\|\\s(?:&\\#(?:x076\|0118)\|v)\\s(?:&\\#(?:x062\|098)\|b)\|\\s(?:&\\#(?:x065\|0101)\|e)\\s(?:&\\#(?:x063\|099)\|c)\\s(?:&\\#(?:x06d\|0109)\|m)\\s(?:&\\#(?:x061\|097)\|a)\|\\s(?:&\\#(?:x06c\|0108)\|l)\\s(?:&\\#(?:x069\|0105)\|i)\\s(?:&\\#(?:x076\|0118)\|v)\\s(?:&\\#(?:x065\|0101)\|e))\\s(?:&\\#(?:x073\|0115)\|s)\\s(?:&\\#(?:x063\|099)\|c)\\s(?:&\\#(?:x072\|0114)\|r)\\s(?:&\\#(?:x069\|0105)\|i)\\s(?:&\\#(?:x070\|0112)\|p)\\s(?:&\\#(?:x074\|0116)\|t)\|\\s(?:&\\#(?:x06d\|0109)\|m)\\s(?:&\\#(?:x068\|0104)\|h)\\s(?:&\\#(?:x074\|0116)\|t)\\s(?:&\\#(?:x06d\|0109)\|m)\\s(?:&\\#(?:x06c\|0108)\|l)\|\\s(?:&\\#(?:x06d\|0109)\|m)\\s(?:&\\#(?:x06f\|0111)\|o)\\s(?:&\\#(?:x063\|099)\|c)\\s(?:&\\#(?:x068\|0104)\|h)\\s(?:&\\#(?:x061\|097)\|a)\|\\s(?:&\\#(?:x064\|0100)\|d)\\s(?:&\\#(?:x061\|097)\|a)\\s(?:&\\#(?:x074\|0116)\|t)\\s(?:&\\#(?:x061\|097)\|a)(?!(?:&\\#(?:x03a\|058)\|\\:)(?:&\\#(?:x069\|0105)\|i)(?:&\\#(?:x06d\|0109)\|m)(?:&\\#(?:x061\|097)\|a)(?:&\\#(?:x067\|0103)\|g)(?:&\\#(?:x065\|0101)\|e)(?:&\\#(?:x02f\|047)\|\\/)(?:(?:&\\#(?:x070\|0112)\|p)(?:&\\#(?:x06e\|0110)\|n)(?:&\\#(?:x067\|0103)\|g)\|(?:&\\#(?:x062\|098)\|b)(?:&\\#(?:x06d\|0109)\|m)(?:&\\#(?:x070\|0112)\|p)\|(?:&\\#(?:x067\|0103)\|g)(?:&\\#(?:x069\|0105)\|i)(?:&\\#(?:x066\|0102)\|f)\|(?:&\\#(?:x070\|0112)\|p)?(?:&\\#(?:x06a\|0106)\|j)(?:&\\#(?:x070\|0112)\|p)(?:&\\#(?:x065\|0101)\|e)(?:&\\#(?:x067\|0103)\|g)\|(?:&\\#(?:x074\|0116)\|t)(?:&\\#(?:x069\|0105)\|i)(?:&\\#(?:x066\|0102)\|f)(?:&\\#(?:x066\|0102)\|f)\|(?:&\\#(?:x073\|0115)\|s)(?:&\\#(?:x076\|0118)\|v)(?:&\\#(?:x067\|0103)\|g)(?:&\\#(?:x02b\|043)\|\\+)(?:&\\#(?:x078\|0120)\|x)(?:&\\#(?:x06d\|0109)\|m)(?:&\\#(?:x06c\|0108)\|l))(?:(?:&\\#(?:x03b\|059)\|;)(?:&\\#(?:x063\|099)\|c)(?:&\\#(?:x068\|0104)\|h)(?:&\\#(?:x061\|097)\|a)(?:&\\#(?:x072\|0114)\|r)(?:&\\#(?:x073\|0115)\|s)(?:&\\#(?:x065\|0101)\|e)(?:&\\#(?:x074\|0116)\|t)(?:&\\#(?:x03d\|061)\|=)[\\-a-z0-9]+)?(?:(?:&\\#(?:x03b\|059)\|;)(?:&\\#(?:x062\|098)\|b)(?:&\\#(?:x061\|097)\|a)(?:&\\#(?:x073\|0115)\|s)(?:&\\#(?:x065\|0101)\|e)(?:&\\#(?:x036\|054)\|6)(?:&\\#(?:x034\|052)\|4))?(?:&\\#(?:x02c\|044)\|,)))\\s(?:&\\#(?:x03a\|0*58)\|&colon\|\\:)\|
43	+ #css expression
44	+ (?:^\|[^\\w])(?:(?:\\\\065\|\\\\045\|e)(?:\\/\\.?\\\\/)(?:\\\\078\|\\\\058\|x)(?:\\/\\.?\\\\/)(?:\\\\070\|\\\\050\|p)(?:\\/\\.?\\\\/)(?:\\\\072\|\\\\052\|r)(?:\\/\\.?\\\\/)(?:\\\\065\|\\\\045\|e)(?:\\/\\.?\\\\/)(?:\\\\073\|\\\\053\|s)(?:\\/\\.?\\\\/)(?:\\\\073\|\\\\053\|s)(?:\\/\\.?\\\\/)(?:\\\\069\|\\\\049\|i)(?:\\/\\.?\\\\/)(?:\\\\06f\|\\\\04f\|o)(?:\\/\\.?\\\\/)(?:\\\\06e\|\\\\04e\|n))[^\\w]?(?:\\\\028\|\\()\|
45	+ #css properties
46	+ (?:^\|[^\\w])(?:(?:(?:\\\\062\|\\\\042\|b)(?:\\/\\.?\\\\/)(?:\\\\065\|\\\\045\|e)(?:\\/\\.?\\\\/)(?:\\\\068\|\\\\048\|h)(?:\\/\\.?\\\\/)(?:\\\\061\|\\\\041\|a)(?:\\/\\.?\\\\/)(?:\\\\076\|\\\\056\|v)(?:\\/\\.?\\\\/)(?:\\\\069\|\\\\049\|i)(?:\\/\\.?\\\\/)(?:\\\\06f\|\\\\04f\|o)(?:\\/\\.?\\\\/)(?:\\\\072\|\\\\052\|r)(?:\\/\\.?\\\\/))\|(?:(?:\\\\02d\|\\\\02d\|-)(?:\\/\\.?\\\\/)(?:\\\\06d\|\\\\04d\|m)(?:\\/\\.?\\\\/)(?:\\\\06f\|\\\\04f\|o)(?:\\/\\.?\\\\/)(?:\\\\07a\|\\\\05a\|z)(?:\\/\\.?\\\\/)(?:\\\\02d\|\\\\02d\|-)(?:\\/\\.?\\\\/)(?:\\\\062\|\\\\042\|b)(?:\\/\\.?\\\\/)(?:\\\\069\|\\\\049\|i)(?:\\/\\.?\\\\/)(?:\\\\06e\|\\\\04e\|n)(?:\\/\\.?\\\\/)(?:\\\\064\|\\\\044\|d)(?:\\/\\.?\\\\/)(?:\\\\069\|\\\\049\|i)(?:\\/\\.?\\\\/)(?:\\\\06e\|\\\\04e\|n)(?:\\/\\.?\\\\/)(?:\\\\067\|\\\\047\|g)(?:\\/\\.?\\\\/)))[^\\w](?:\\\\03a\|\\\\03a\|:)[^\\w](?:\\\\075\|\\\\055\|u)(?:\\\\072\|\\\\052\|r)(?:\\\\06c\|\\\\04c\|l)\|
47	+ #properties
48	+ (?:^\|[^\\w])(?:on(?:abort\|activate\|afterprint\|afterupdate\|autocomplete\|autocompleteerror\|beforeactivate\|beforecopy\|beforecut\|beforedeactivate\|beforeeditfocus\|beforepaste\|beforeprint\|beforeunload\|beforeupdate\|blur\|bounce\|cancel\|canplay\|canplaythrough\|cellchange\|change\|click\|close\|contextmenu\|controlselect\|copy\|cuechange\|cut\|dataavailable\|datasetchanged\|datasetcomplete\|dblclick\|deactivate\|drag\|dragend\|dragenter\|dragleave\|dragover\|dragstart\|drop\|durationchange\|emptied\|encrypted\|ended\|error\|errorupdate\|filterchange\|finish\|focus\|focusin\|focusout\|formchange\|forminput\|hashchange\|help\|input\|invalid\|keydown\|keypress\|keyup\|languagechange\|layoutcomplete\|load\|loadeddata\|loadedmetadata\|loadstart\|losecapture\|message\|mousedown\|mouseenter\|mouseleave\|mousemove\|mouseout\|mouseover\|mouseup\|mousewheel\|move\|moveend\|movestart\|mozfullscreenchange\|mozfullscreenerror\|mozpointerlockchange\|mozpointerlockerror\|offline\|online\|page\|pagehide\|pageshow\|paste\|pause\|play\|playing\|popstate\|progress\|propertychange\|ratechange\|readystatechange\|reset\|resize\|resizeend\|resizestart\|rowenter\|rowexit\|rowsdelete\|rowsinserted\|scroll\|search\|seeked\|seeking\|select\|selectstart\|show\|stalled\|start\|storage\|submit\|suspend\|timer\|timeupdate\|toggle\|unload\|volumechange\|waiting\|webkitfullscreenchange\|webkitfullscreenerror\|wheel)\|formaction\|data\\-bind\|ev:event)[^\\w]
49	+ )/ix';
50	+
51	+ public function __construct($bvmain, $ip) {
52	+ $this->bvmain = $bvmain;
53	+ $this->config = new BVFWConfig($this->bvmain);
54	+ $this->request = new BVRequest($ip);
55	+ $this->ipstore = new BVIPStore($bvmain);
56	+ $this->logger = new BVLogger($this->bvmain->db, BVFWConfig::$requests_table);
57	+ }
58	+
59	+ public function init() {
60	+ if ($this->isActive()) {
61	+ $this->execute();
62	+ }
63	+ add_action('clear_fw_config', array($this->config, 'clear'));
64	+ }
65	+
66	+ public function initLogger() {
67	+ add_filter('status_header', array($this->request, 'captureRespCode'));
68	+ add_action('admin_init', array($this, 'log'));
69	+ add_action('template_redirect', array($this, 'log'));
70	+ }
71	+
72	+ public function log() {
73	+ if (!function_exists('is_user_logged_in') \|\| !is_user_logged_in()) {
74	+ $this->logger->log($this->request->getDataToLog());
75	+ }
76	+ }
77	+
78	+ public function isActive() {
79	+ return ($this->config->getMode() !== BVFWConfig::DISABLED);
80	+ }
81	+
82	+ public function isProtecting() {
83	+ return ($this->config->getMode() === BVFWConfig::PROTECT);
84	+ }
85	+
86	+ public function terminateRequest($category = null) {
87	+ if ($category)
88	+ $this->request->setCategory($category);
89	+ $this->request->setStatus(BVRequest::BLOCKED);
90	+ $this->request->setRespCode(403);
91	+ if ($this->isProtecting()) {
92	+ header("Cache-Control: no-cache, no-store, must-revalidate");
93	+ header("Pragma: no-cache");
94	+ header("Expires: 0");
95	+ header('HTTP/1.0 403 Forbidden');
96	+ $this->log();
97	+ $brandname = $this->bvmain->getBrandName();
98	+ die("
99	+ <div style='height: 98vh;'>
100	+ <div style='text-align: center; padding: 10% 0; font-family: Arial, Helvetica, sans-serif;'>
101	+ <div><p><img src=".plugins_url('../img/icon.png', __FILE__)."><h2>Firewall</h2><h3>powered by</h3><h2>"
102	+ .$brandname."</h2></p><div>
103	+ <p>Blocked because of Malicious Activities</p>
104	+ </div>
105	+ </div>
106	+ ");
107	+ exit;
108	+ }
109	+ }
110	+
111	+ public function isBlacklistedIP() {
112	+ return $this->ipstore->checkIPPresent($this->request->getIP(), BVIPStore::BLACKLISTED, BVIPStore::FW);
113	+ }
114	+
115	+ public function isWhitelistedIP() {
116	+ return $this->ipstore->checkIPPresent($this->request->getIP(), BVIPStore::WHITELISTED, BVIPStore::FW);
117	+ }
118	+
119	+ public function canBypassFirewall() {
120	+ if ($this->isWhitelistedIP()) {
121	+ $this->request->setCategory(BVRequest::WHITELISTED);
122	+ $this->request->setStatus(BVRequest::BYPASSED);
123	+ return true;
124	+ }
125	+ return false;
126	+ }
127	+
128	+ public function execute() {
129	+ $this->initLogger();
130	+ if (!$this->canBypassFirewall()) {
131	+ if ($this->isBlacklistedIP()) {
132	+ $this->terminateRequest(BVRequest::BLACKLISTED);
133	+ } else {
134	+ $this->evaluateRules();
135	+ }
136	+ }
137	+ }
138	+
139	+ public function getServerValue($key) {
140	+ if (isset($_SERVER) && array_key_exists($key, $_SERVER)) {
141	+ return $_SERVER[$key];
142	+ }
143	+ return null;
144	+ }
145	+
146	+ public function match($pattern, $subject) {
147	+ if (is_array($subject)) {
148	+ foreach ($subject as $val) {
149	+ return $this->match($pattern, $val);
150	+ }
151	+ return false;
152	+ } else {
153	+ return preg_match((string) $pattern, (string) $subject, $matches) > 0;
154	+ }
155	+ }
156	+
157	+ public function matchMD5($str, $val) {
158	+ return md5((string) $str) === $val;
159	+ }
160	+
161	+ public function getLength($val) {
162	+ return strlen(is_array($val) ? join('', $val) : (string) $val);
163	+ }
164	+
165	+ public function contains($pattern, $subject) {
166	+ if (is_array($pattern)) {
167	+ return in_array($pattern, $subject, true);
168	+ }
169	+ return strpos((string) $subject, (string) $pattern) !== false;
170	+ }
171	+
172	+ public function equals($value, $subject) {
173	+ return $value == $subject;
174	+ }
175	+
176	+ public function notEquals($value, $subject) {
177	+ return $value != $subject;
178	+ }
179	+
180	+ public function evaluateRules() {
181	+ if ($this->config->getRulesMode() == BVFWConfig::DISABLED)
182	+ return false;
183	+
184	+ $request = $this->request;
185	+ $disabledRules = $this->config->getDisabledRules();
186	+ if (!in_array(108, $disabledRules, true)) {
187	+ if ($this->match(BVFW::XSSREGEX, $request->getQueryString()))
188	+ $this->terminateRequest(108);
189	+ }
190	+ if (!in_array(112, $disabledRules, true)) {
191	+ if ($this->match('/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/', $request->getPath()) &&
192	+ (($this->equals('revslider_show_image', $request->getQueryString('action')) && $this->match('/\\.php$/i', $request->getQueryString('img'))) or
193	+ ($this->equals('revslider_show_image', $request->getBody('action')) && $this->match('/\\.php$/i', $request->getQueryString('img')))))
194	+ $this->terminateRequest(112);
195	+ }
196	+ if (!in_array(114, $disabledRules, true)) {
197	+ if ($this->match('/<\\!(?:DOCTYPE\|ENTITY)\\s+(?:%\\s*)?\\w+\\s+SYSTEM/i', $request->getBody()) or
198	+ $this->match('/<\\!(?:DOCTYPE\|ENTITY)\\s+(?:%\\s*)?\\w+\\s+SYSTEM/i', $request->getQueryString()))
199	+ $this->terminateRequest(114);
200	+ }
201	+ if (!in_array(115, $disabledRules, true)) {
202	+ if ($this->match('#/wp\\-admin/admin\\-ajax\\.php$#i', $this->getServerValue('script_filename')) && ($this->equals('update-plugin', $request->getBody('action')) or
203	+ $this->equals('update-plugin', $request->getQueryString('action'))) && ($this->match('/(^\|\\/\|\\\\\|%2f\|%5c)\\.\\.(\\\\\|\\/\|%2f\|%5c)/i', $request->getBody()) or
204	+ ($this->match('/(^\|\\/\|\\\\\|%2f\|%5c)\\.\\.(\\\\\|\\/\|%2f\|%5c)/i', $request->getQueryString()))))
205	+ $this->terminateRequest(115);
206	+ }
207	+ if (!in_array(132, $disabledRules, true)) {
208	+ if (($this->equals('Y', $request->getBody('kentopvc_hidden'))) &&
209	+ ((!$this->match('/^1?$/', $request->getBody('kento_pvc_hide'))) or
210	+ (!$this->match('/^1?$/', $request->getBody('kento_pvc_uniq'))) or
211	+ (!$this->match('/^1?$/', $request->getBody('kento_pvc_posttype'))) or
212	+ ($this->match(BVFW::XSSREGEX, $request->getBody('kento_pvc_today_text'))) or
213	+ ($this->match(BVFW::XSSREGEX, $request->getBody('kento_pvc_total_text'))) or
214	+ ($this->match(BVFW::XSSREGEX, $request->getBody('kento_pvc_numbers_lang')))))
215	+ $this->terminateRequest(132);
216	+ }
217	+ if (!in_array(133, $disabledRules, true)) {
218	+ if ((($this->match('#/wp\\-mobile\\-detector[/]+resize\\.php#i', $request->getPath())) or
219	+ ($this->match('#/wp\\-mobile\\-detector[/]+timthumb\\.php#i', $request->getPath()))) &&
220	+ ((($this->getLength($request->getBody('src')) > 0) &&
221	+ (!$this->match('/\\.(?:png\|gif\|jpg\|jpeg\|jif\|jfif\|svg)$/i', $request->getBody('src')))) or
222	+ (($this->getLength($request->getQueryString('src'))) &&
223	+ (!$this->match('/\\.(?:png\|gif\|jpg\|jpeg\|jif\|jfif\|svg)$/i', $request->getQueryString('src'))))))
224	+ $this->terminateRequest(133);
225	+ }
226	+ if (!in_array(145, $disabledRules, true)) {
227	+ if ((($this->match('/Abonti\|aggregator\|AhrefsBot\|asterias\|BDCbot\|BLEXBot\|BuiltBotTough\|Bullseye\|BunnySlippers\|ca\\-crawler\|CCBot\|Cegbfeieh\|CheeseBot\|CherryPicker\|CopyRightCheck\|cosmos\|Crescent\|discobot\|DittoSpyder\|DotBot\|Download Ninja\|EasouSpider\|EmailCollector\|EmailSiphon\|EmailWolf\|EroCrawler\|Exabot\|ExtractorPro\|Fasterfox\|FeedBooster\|Foobot\|Genieo\|grub\\-client\|Harvest\|hloader\|httplib\|HTTrack\|humanlinks\|ieautodiscovery\|InfoNaviRobot\|IstellaBot\|Java\\/1\\.\|JennyBot\|k2spider\|Kenjin Spider\|Keyword Density\\/0\\.9\|larbin\|LexiBot\|libWeb\|libwww\|LinkextractorPro\|linko\|LinkScan\\/8\\.1a Unix\|LinkWalker\|LNSpiderguy\|lwp\\-trivial\|magpie\|Mata Hari\|MaxPointCrawler\|MegaIndex\|Microsoft URL Control\|MIIxpc\|Mippin\|Missigua Locator\|Mister PiX\|MJ12bot\|moget\|MSIECrawler\|NetAnts\|NICErsPRO\|Niki\\-Bot\|NPBot\|Nutch\|Offline Explorer\|Openfind\|panscient\\.com\|PHP\\/5\\.\\{\|ProPowerBot\\/2\\.14\|ProWebWalker\|Python\\-urllib\|QueryN Metasearch\|RepoMonkey\|RMA\|SemrushBot\|SeznamBot\|SISTRIX\|sitecheck\\.Internetseer\\.com\|SiteSnagger\|SnapPreviewBot\|Sogou\|SpankBot\|spanner\|spbot\|Spinn3r\|suzuran\|Szukacz\\/1\\.4\|Teleport\|Telesoft\|The Intraformant\|TheNomad\|TightTwatBot\|Titan\|toCrawl\\/UrlDispatcher\|True_Robot\|turingos\|TurnitinBot\|UbiCrawler\|UnisterBot\|URLy Warning\|VCI\|WBSearchBot\|Web Downloader\\/6\\.9\|Web Image Collector\|WebAuto\|WebBandit\|WebCopier\|WebEnhancer\|WebmasterWorldForumBot\|WebReaper\|WebSauger\|Website Quester\|Webster Pro\|WebStripper\|WebZip\|Wotbox\|wsr\\-agent\|WWW\\-Collector\\-E\|Xenu\|Zao\|Zeus\|ZyBORG\|coccoc\|Incutio\|lmspider\|memoryBot\|SemrushBot\|serf\|Unknown\|uptime files/i', $request->getHeader('User-Agent'))) &&
228	+ ($this->match(BVFW::XSSREGEX, $request->getHeader('User-Agent')))) or
229	+ (($this->match('/semalt\\.com\|kambasoft\\.com\|savetubevideo\\.com\|buttons\\-for\\-website\\.com\|sharebutton\\.net\|soundfrost\\.org\|srecorder\\.com\|softomix\\.com\|softomix\\.net\|myprintscreen\\.com\|joinandplay\\.me\|fbfreegifts\\.com\|openmediasoft\\.com\|zazagames\\.org\|extener\\.org\|openfrost\\.com\|openfrost\\.net\|googlsucks\\.com\|best\\-seo\\-offer\\.com\|buttons\\-for\\-your\\-website\\.com\|www\\.Get\\-Free\\-Traffic\\-Now\\.com\|best\\-seo\\-solution\\.com\|buy\\-cheap\\-online\\.info\|site3\\.free\\-share\\-buttons\\.com\|webmaster\\-traffic\\.co/i', $request->getHeader('Referer'))) &&
230	+ ($this->match(BVFW::XSSREGEX, $request->getHeader('User-Agent')))))
231	+ $this->terminateRequest(145);
232	+ }
233	+ if (!in_array(146, $disabledRules, true)) {
234	+ if ($this->match('/sitemap_.?<.?(:?_\\d+)?\\.xml(:?\\.gz)?/i', $request->getPath()))
235	+ $this->terminateRequest(146);
236	+ }
237	+ if (!in_array(155, $disabledRules, true)) {
238	+ if (($this->match(BVFW::XSSREGEX, $request->getHeader('Client-IP'))) or
239	+ ($this->match(BVFW::XSSREGEX, $request->getHeader('X-Forwarded'))) or
240	+ ($this->match(BVFW::XSSREGEX, $request->getHeader('X-Cluster-Client-IP'))) or
241	+ ($this->match(BVFW::XSSREGEX, $request->getHeader('Forwarded-For'))) or
242	+ ($this->match(BVFW::XSSREGEX, $request->getHeader('Forwarded'))))
243	+ $this->terminateRequest(155);
244	+ }
245	+ if (!in_array(156, $disabledRules, true)) {
246	+ if ($this->match('#/wp\\-admin/admin\\-ajax\\.php$#i', $this->getServerValue('script_filename')) or
247	+ (($this->match(BVFW::SQLIREGEX, $request->getBody('umm_user'))) or
248	+ ($this->match(BVFW::SQLIREGEX, $request->getQueryString('umm_user')))))
249	+ $this->terminateRequest(156);
250	+ }
251	+ if (!in_array(165, $disabledRules, true)) {
252	+ if ($this->match('/O:\\d+:"(?!stdClass")[^"]+":/', $request->getCookies('ecwid_oauth_state')))
253	+ $this->terminateRequest(165);
254	+ }
255	+ if (!in_array(167, $disabledRules, true)) {
256	+ if ((!$this->match('/\\.(jpe?g\|png\|mpeg\|mov\|flv\|pdf\|docx?\|txt\|csv\|avi\|mp3\|wma\|wav)($\|\\.)/i', $request->getFileNames())) &&
257	+ ($this->getLength($request->getBody('save_bepro_listing')) > 0))
258	+ $this->terminateRequest(167);
259	+ }
260	+ if (!in_array(168, $disabledRules, true)) {
261	+ if (($this->match('#/wp\\-admin/admin\\-ajax\\.php$#i', $this->getServerValue('script_filename'))) &&
262	+ ($this->equals('master-slider', $request->getQueryString('page'))) &&
263	+ ($this->getLength($request->getBody('page')) > 0) &&
264	+ ($this->notEquals('master-slider', $request->getBody('page'))))
265	+ $this->terminateRequest(168);
266	+ }
267	+ if (!in_array(169, $disabledRules, true)) {
268	+ if (($this->equals('fancybox-for-wordpress', $request->getQueryString('page'))) &&
269	+ ($this->match(BVFW::XSSREGEX, $request->getBody('mfbfw'))))
270	+ $this->terminateRequest(169);
271	+ }
272	+ if (!in_array(171, $disabledRules, true)) {
273	+ if ((($this->match('#wp-json/wp/v\\d+/posts/#i', $request->getPath())) or
274	+ ($this->match('#/wp/v\\d+/posts/#i', $request->getQueryString('rest_route')))) &&
275	+ ($this->match('/[^0-9]/', $request->getQueryString('id'))))
276	+ $this->terminateRequest(171);
277	+ }
278	+ }
279	+ }
280	+ endif;

fw/request.php ADDED Viewed

	@@ -0,0 +1,295 @@


1	+ <?php
2	+
3	+ if (!defined('ABSPATH')) exit;
4	+ if (!class_exists('BVRequest')) :
5	+ class BVRequest {
6	+ private $fileNames;
7	+ private $files;
8	+ private $headers;
9	+ private $host;
10	+ private $ip;
11	+ private $method;
12	+ private $path;
13	+ private $queryString;
14	+ private $timestamp;
15	+ private $uri;
16	+ private $body;
17	+ private $cookies;
18	+ private $respcode;
19	+ private $status;
20	+
21	+ #status
22	+ const ALLOWED = 1;
23	+ const BLOCKED = 2;
24	+ const BYPASSED = 3;
25	+
26	+ #category
27	+ const BLACKLISTED = 1;
28	+ const WHITELISTED = 2;
29	+ const NORMAL = 3;
30	+
31	+ public function __construct($ip) {
32	+ $fileNames = array();
33	+ $headers = array();
34	+ $host = '';
35	+ $method = '';
36	+ $path = '';
37	+ $this->ip = $ip;
38	+ $this->setRespCode(200);
39	+ $this->setCategory(BVRequest::NORMAL);
40	+ $this->setStatus(BVRequest::ALLOWED);
41	+ $this->setTimestamp(time());
42	+ $this->setQueryString(BVRequest::removeMagicQuotes($_GET));
43	+ $this->setCookies(BVRequest::removeMagicQuotes($_COOKIE));
44	+ $this->setBody(BVRequest::removeMagicQuotes($_POST));
45	+ $this->setFiles(BVRequest::removeMagicQuotes($_FILES));
46	+ if (!empty($_FILES)) {
47	+ foreach ($_FILES as $input => $file) {
48	+ $fileNames[$input] = BVRequest::removeMagicQuotes($file['name']);
49	+ }
50	+ }
51	+ $this->setFileNames($fileNames);
52	+ if (is_array($_SERVER)) {
53	+ foreach ($_SERVER as $key => $value) {
54	+ if (strpos($key, 'HTTP_') === 0) {
55	+ $header = substr($key, 5);
56	+ $header = str_replace(array(' ', '_'), array('', ' '), $header);
57	+ $header = ucwords(strtolower($header));
58	+ $header = str_replace(' ', '-', $header);
59	+ $headers[$header] = BVRequest::removeMagicQuotes($value);
60	+ }
61	+ }
62	+ if (array_key_exists('CONTENT_TYPE', $_SERVER)) {
63	+ $headers['Content-Type'] = BVRequest::removeMagicQuotes($_SERVER['CONTENT_TYPE']);
64	+ }
65	+ if (array_key_exists('CONTENT_LENGTH', $_SERVER)) {
66	+ $headers['Content-Length'] = BVRequest::removeMagicQuotes($_SERVER['CONTENT_LENGTH']);
67	+ }
68	+ if (array_key_exists('REFERER', $_SERVER)) {
69	+ $headers['Referer'] = BVRequest::removeMagicQuotes($_SERVER['REFERER']);
70	+ }
71	+ if (array_key_exists('HTTP_USER_AGENT', $_SERVER)) {
72	+ $headers['User-Agent'] = BVRequest::removeMagicQuotes($_SERVER['HTTP_USER_AGENT']);
73	+ }
74	+
75	+ if (array_key_exists('Host', $headers)) {
76	+ $host = $headers['Host'];
77	+ } else if (array_key_exists('SERVER_NAME', $_SERVER)) {
78	+ $host = BVRequest::removeMagicQuotes($_SERVER['SERVER_NAME']);
79	+ }
80	+
81	+ $method = array_key_exists('REQUEST_METHOD', $_SERVER) ? BVRequest::removeMagicQuotes($_SERVER['REQUEST_METHOD']) : 'GET';
82	+ $uri = array_key_exists('REQUEST_URI', $_SERVER) ? BVRequest::removeMagicQuotes($_SERVER['REQUEST_URI']) : '';
83	+ $_uri = parse_url($uri);
84	+ $path = (is_array($_uri) && array_key_exists('path', $_uri)) ? $_uri['path'] : $uri;
85	+ }
86	+ $this->setHeaders($headers);
87	+ $this->setHost($host);
88	+ $this->setMethod($method);
89	+ $this->setUri($uri);
90	+ $this->setPath($path);
91	+ }
92	+
93	+ public function setStatus($status) {
94	+ $this->status = $status;
95	+ }
96	+
97	+ public function setCategory($category) {
98	+ $this->category = $category;
99	+ }
100	+
101	+ public function setBody($body) {
102	+ $this->body = $body;
103	+ }
104	+
105	+ public function setCookies($cookies) {
106	+ $this->cookies = $cookies;
107	+ }
108	+
109	+ public function setFileNames($fileNames) {
110	+ $this->fileNames = $fileNames;
111	+ }
112	+
113	+ public function setFiles($files) {
114	+ $this->files = $files;
115	+ }
116	+
117	+ public function setHeaders($headers) {
118	+ $this->headers = $headers;
119	+ }
120	+
121	+ public function setRespCode($code) {
122	+ $this->respcode = $code;
123	+ }
124	+
125	+ public function getRespCode() {
126	+ return $this->respcode;
127	+ }
128	+
129	+ public function setHost($host) {
130	+ $this->host = $host;
131	+ }
132	+
133	+ public function setMethod($method) {
134	+ $this->method = $method;
135	+ }
136	+
137	+ public function setPath($path) {
138	+ $this->path = $path;
139	+ }
140	+
141	+ public function setQueryString($queryString) {
142	+ $this->queryString = $queryString;
143	+ }
144	+
145	+ public function setTimestamp($timestamp) {
146	+ $this->timestamp = $timestamp;
147	+ }
148	+
149	+ public function setUri($uri) {
150	+ $this->uri = $uri;
151	+ }
152	+
153	+ public function getStatus() {
154	+ return $this->status;
155	+ }
156	+
157	+ public function getCategory() {
158	+ return $this->category;
159	+ }
160	+
161	+ public function captureRespCode($status_header) {
162	+ if (preg_match('/HTTP\/(\\d\\.\\d)\\s(\\d+)\\s(.*)/', $status_header, $tokens)) {
163	+ $this->setRespCode(intval($tokens[2]));
164	+ }
165	+ return $status_header;
166	+ }
167	+
168	+ public function getDataToLog() {
169	+ $querystr = maybe_serialize($this->getQueryString());
170	+ $querystr = (strlen($querystr) > 512) ? maybe_serialize(array("bv_over_size" => true)) : $querystr;
171	+ $referer = $this->getHeader('Referer') ? $this->getHeader('Referer') : '';
172	+ $user_agent = $this->getHeader('User-Agent') ? $this->getHeader('User-Agent') : '';
173	+ $data = array(
174	+ "path" => $this->getPath(),
175	+ "filenames" => maybe_serialize($this->getFileNames()),
176	+ "host" => $this->getHost(),
177	+ "time" => $this->getTimeStamp(),
178	+ "ip" => $this->getIP(),
179	+ "method" => $this->getMethod(),
180	+ "query_string" => $querystr,
181	+ "user_agent" => $user_agent,
182	+ "resp_code" => $this->getRespCode(),
183	+ "referer" => $referer,
184	+ "status" => $this->getStatus(),
185	+ "category" => $this->getCategory()
186	+ );
187	+ return $data;
188	+ }
189	+
190	+ protected function getKeyVal($array, $key) {
191	+ if (is_array($array)) {
192	+ if (is_array($key)) {
193	+ $_key = array_shift($key);
194	+ if (array_key_exists($_key, $array)) {
195	+ if (count($key) > 0) {
196	+ return $this->getKeyVal($array[$_key], $key);
197	+ } else {
198	+ return $array[$_key];
199	+ }
200	+ }
201	+ } else {
202	+ return array_key_exists($key, $array) ? $array[$key] : null;
203	+ }
204	+ }
205	+ return null;
206	+ }
207	+
208	+ public function getBody() {
209	+ if (func_num_args() > 0) {
210	+ $args = func_get_args();
211	+ return $this->getKeyVal($this->body, $args);
212	+ }
213	+ return $this->body;
214	+ }
215	+
216	+ public function getCookies() {
217	+ if (func_num_args() > 0) {
218	+ $args = func_get_args();
219	+ return $this->getKeyVal($this->cookies, $args);
220	+ }
221	+ return $this->cookies;
222	+ }
223	+
224	+ public function getQueryString() {
225	+ if (func_num_args() > 0) {
226	+ $args = func_get_args();
227	+ return $this->getKeyVal($this->queryString, $args);
228	+ }
229	+ return $this->queryString;
230	+ }
231	+
232	+ public function getHeader($key) {
233	+ if (array_key_exists($key, $this->headers)) {
234	+ return $this->headers[$key];
235	+ }
236	+ return null;
237	+ }
238	+
239	+ public function getFiles() {
240	+ if (func_num_args() > 0) {
241	+ $args = func_get_args();
242	+ return $this->getKeyVal($this->files, $args);
243	+ }
244	+ return $this->files;
245	+ }
246	+
247	+ public function getFileNames() {
248	+ if (func_num_args() > 0) {
249	+ $args = func_get_args();
250	+ return $this->getKeyVal($this->fileNames, $args);
251	+ }
252	+ return $this->fileNames;
253	+ }
254	+
255	+ public function getHost() {
256	+ return $this->host;
257	+ }
258	+
259	+ public function getURI() {
260	+ return $this->uri;
261	+ }
262	+
263	+ public function getPath() {
264	+ return $this->path;
265	+ }
266	+
267	+ public function getIP() {
268	+ return $this->ip;
269	+ }
270	+
271	+ public function getMethod() {
272	+ return $this->method;
273	+ }
274	+
275	+ public function getTimestamp() {
276	+ return $this->timestamp;
277	+ }
278	+
279	+ public static function removeMagicQuotes($value) {
280	+ if (function_exists("get_magic_quotes_gpc") && get_magic_quotes_gpc()) {
281	+ return BVRequest::removeSlashesRecursively($value);
282	+ }
283	+ return $value;
284	+ }
285	+
286	+ public static function removeSlashesRecursively($value) {
287	+ if (is_array($value)) {
288	+ $value = array_map(array('self', 'removeSlashesRecursively',), $value);
289	+ } else if (is_string($value)) {
290	+ $value = stripslashes($value);
291	+ }
292	+ return $value;
293	+ }
294	+ }
295	+ endif;

img/adobe-logo.png ADDED Viewed

Binary file

img/bv.png ADDED Viewed

Binary file

img/fb.png ADDED Viewed

Binary file

img/icon.png ADDED Viewed

Binary file

img/intel-logo.png ADDED Viewed

Binary file

img/logo.png ADDED Viewed

Binary file

img/sap-logo.png ADDED Viewed

Binary file

img/testimonial_mc.png ADDED Viewed

Binary file

img/twitter.png ADDED Viewed

Binary file

img/valet-logo.png ADDED Viewed

Binary file

ipstore.php ADDED Viewed

	@@ -0,0 +1,97 @@


1	+ <?php
2	+ if (!defined('ABSPATH')) exit;
3	+ if (!class_exists('BVIPStore')) :
4	+
5	+ class BVIPStore {
6	+
7	+ public $bvmain;
8	+ public static $name = 'ip_store';
9	+
10	+ #TYPE
11	+ const BLACKLISTED = 1;
12	+ const WHITELISTED = 2;
13	+
14	+ #CATEGORY
15	+ const FW = 3;
16	+ const LP = 4;
17	+
18	+ function __construct($bvmain) {
19	+ $this->bvmain = $bvmain;
20	+ }
21	+
22	+ function init() {
23	+ add_action('clear_ip_store', array($this, 'clearConfig'));
24	+ }
25	+
26	+ public function clearConfig() {
27	+ $this->bvmain->db->dropBVTable(BVIPStore::$name);
28	+ }
29	+
30	+ public function hasIPv6Support() {
31	+ return defined('AF_INET6');
32	+ }
33	+
34	+ public static function isValidIP($ip) {
35	+ return filter_var($ip, FILTER_VALIDATE_IP) !== false;
36	+ }
37	+
38	+ public function bvInetPton($ip) {
39	+ $pton = $this->isValidIP($ip) ? ($this->hasIPv6Support() ? inet_pton($ip) : $this->_bvInetPton($ip)) : false;
40	+ return $pton;
41	+ }
42	+
43	+ public function _bvInetPton($ip) {
44	+ if (preg_match('/^(?:\d{1,3}(?:\.\|$)){4}/', $ip)) {
45	+ $octets = explode('.', $ip);
46	+ $bin = chr($octets[0]) . chr($octets[1]) . chr($octets[2]) . chr($octets[3]);
47	+ return $bin;
48	+ }
49	+
50	+ if (preg_match('/^((?:[\da-f]{1,4}(?::\|)){0,8})(::)?((?:[\da-f]{1,4}(?::\|)){0,8})$/i', $ip)) {
51	+ if ($ip === '::') {
52	+ return "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
53	+ }
54	+ $colon_count = substr_count($ip, ':');
55	+ $dbl_colon_pos = strpos($ip, '::');
56	+ if ($dbl_colon_pos !== false) {
57	+ $ip = str_replace('::', str_repeat(':0000',
58	+ (($dbl_colon_pos === 0 \|\| $dbl_colon_pos === strlen($ip) - 2) ? 9 : 8) - $colon_count) . ':', $ip);
59	+ $ip = trim($ip, ':');
60	+ }
61	+
62	+ $ip_groups = explode(':', $ip);
63	+ $ipv6_bin = '';
64	+ foreach ($ip_groups as $ip_group) {
65	+ $ipv6_bin .= pack('H*', str_pad($ip_group, 4, '0', STR_PAD_LEFT));
66	+ }
67	+
68	+ return strlen($ipv6_bin) === 16 ? $ipv6_bin : false;
69	+ }
70	+
71	+ if (preg_match('/^(?:\:(?:\:0{1,4}){0,4}\:\|(?:0{1,4}\:){5})ffff\:(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$/i', $ip, $matches)) {
72	+ $octets = explode('.', $matches[1]);
73	+ return chr($octets[0]) . chr($octets[1]) . chr($octets[2]) . chr($octets[3]);
74	+ }
75	+
76	+ return false;
77	+ }
78	+
79	+ public function checkIPPresent($ip, $type, $category) {
80	+ $db = $this->bvmain->db;
81	+ $table = $db->getBVTable(BVIPStore::$name);
82	+ if ($db->isTablePresent($table)) {
83	+ $binIP = $this->bvInetPton($ip);
84	+ if ($binIP !== false) {
85	+ $category_str = ($category == BVIPStore::FW) ? "`is_fw` = true" : "`is_lp` = true";
86	+ $query_str = "SELECT * FROM $table WHERE %s >= `start_ip_range` && %s <= `end_ip_range` && " . $category_str . " && `type` = %d LIMIT 1;";
87	+ $query = $db->prepare($query_str, array($binIP, $binIP, $type));
88	+ if ($db->getVar($query) > 0)
89	+ return true;
90	+ }
91	+ return false;
92	+ }
93	+ return false;
94	+ }
95	+
96	+ }
97	+ endif;

license.txt ADDED Viewed

	@@ -0,0 +1,385 @@


1	+ WordPress - Web publishing software
2	+
3	+ Copyright 2015 by the contributors
4	+
5	+ This program is free software; you can redistribute it and/or modify
6	+ it under the terms of the GNU General Public License as published by
7	+ the Free Software Foundation; either version 2 of the License, or
8	+ (at your option) any later version.
9	+
10	+ This program is distributed in the hope that it will be useful,
11	+ but WITHOUT ANY WARRANTY; without even the implied warranty of
12	+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13	+ GNU General Public License for more details.
14	+
15	+ You should have received a copy of the GNU General Public License
16	+ along with this program; if not, write to the Free Software
17	+ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
18	+
19	+ This program incorporates work covered by the following copyright and
20	+ permission notices:
21	+
22	+ b2 is (c) 2001, 2002 Michel Valdrighi - m@tidakada.com -
23	+ http://tidakada.com
24	+
25	+ Wherever third party code has been used, credit has been given in the code's
26	+ comments.
27	+
28	+ b2 is released under the GPL
29	+
30	+ and
31	+
32	+ WordPress - Web publishing software
33	+
34	+ Copyright 2003-2010 by the contributors
35	+
36	+ WordPress is released under the GPL
37	+
38	+ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
39	+
40	+ GNU GENERAL PUBLIC LICENSE
41	+ Version 2, June 1991
42	+
43	+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
44	+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
45	+ Everyone is permitted to copy and distribute verbatim copies
46	+ of this license document, but changing it is not allowed.
47	+
48	+ Preamble
49	+
50	+ The licenses for most software are designed to take away your
51	+ freedom to share and change it. By contrast, the GNU General Public
52	+ License is intended to guarantee your freedom to share and change free
53	+ software--to make sure the software is free for all its users. This
54	+ General Public License applies to most of the Free Software
55	+ Foundation's software and to any other program whose authors commit to
56	+ using it. (Some other Free Software Foundation software is covered by
57	+ the GNU Lesser General Public License instead.) You can apply it to
58	+ your programs, too.
59	+
60	+ When we speak of free software, we are referring to freedom, not
61	+ price. Our General Public Licenses are designed to make sure that you
62	+ have the freedom to distribute copies of free software (and charge for
63	+ this service if you wish), that you receive source code or can get it
64	+ if you want it, that you can change the software or use pieces of it
65	+ in new free programs; and that you know you can do these things.
66	+
67	+ To protect your rights, we need to make restrictions that forbid
68	+ anyone to deny you these rights or to ask you to surrender the rights.
69	+ These restrictions translate to certain responsibilities for you if you
70	+ distribute copies of the software, or if you modify it.
71	+
72	+ For example, if you distribute copies of such a program, whether
73	+ gratis or for a fee, you must give the recipients all the rights that
74	+ you have. You must make sure that they, too, receive or can get the
75	+ source code. And you must show them these terms so they know their
76	+ rights.
77	+
78	+ We protect your rights with two steps: (1) copyright the software, and
79	+ (2) offer you this license which gives you legal permission to copy,
80	+ distribute and/or modify the software.
81	+
82	+ Also, for each author's protection and ours, we want to make certain
83	+ that everyone understands that there is no warranty for this free
84	+ software. If the software is modified by someone else and passed on, we
85	+ want its recipients to know that what they have is not the original, so
86	+ that any problems introduced by others will not reflect on the original
87	+ authors' reputations.
88	+
89	+ Finally, any free program is threatened constantly by software
90	+ patents. We wish to avoid the danger that redistributors of a free
91	+ program will individually obtain patent licenses, in effect making the
92	+ program proprietary. To prevent this, we have made it clear that any
93	+ patent must be licensed for everyone's free use or not licensed at all.
94	+
95	+ The precise terms and conditions for copying, distribution and
96	+ modification follow.
97	+
98	+ GNU GENERAL PUBLIC LICENSE
99	+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
100	+
101	+ 0. This License applies to any program or other work which contains
102	+ a notice placed by the copyright holder saying it may be distributed
103	+ under the terms of this General Public License. The "Program", below,
104	+ refers to any such program or work, and a "work based on the Program"
105	+ means either the Program or any derivative work under copyright law:
106	+ that is to say, a work containing the Program or a portion of it,
107	+ either verbatim or with modifications and/or translated into another
108	+ language. (Hereinafter, translation is included without limitation in
109	+ the term "modification".) Each licensee is addressed as "you".
110	+
111	+ Activities other than copying, distribution and modification are not
112	+ covered by this License; they are outside its scope. The act of
113	+ running the Program is not restricted, and the output from the Program
114	+ is covered only if its contents constitute a work based on the
115	+ Program (independent of having been made by running the Program).
116	+ Whether that is true depends on what the Program does.
117	+
118	+ 1. You may copy and distribute verbatim copies of the Program's
119	+ source code as you receive it, in any medium, provided that you
120	+ conspicuously and appropriately publish on each copy an appropriate
121	+ copyright notice and disclaimer of warranty; keep intact all the
122	+ notices that refer to this License and to the absence of any warranty;
123	+ and give any other recipients of the Program a copy of this License
124	+ along with the Program.
125	+
126	+ You may charge a fee for the physical act of transferring a copy, and
127	+ you may at your option offer warranty protection in exchange for a fee.
128	+
129	+ 2. You may modify your copy or copies of the Program or any portion
130	+ of it, thus forming a work based on the Program, and copy and
131	+ distribute such modifications or work under the terms of Section 1
132	+ above, provided that you also meet all of these conditions:
133	+
134	+ a) You must cause the modified files to carry prominent notices
135	+ stating that you changed the files and the date of any change.
136	+
137	+ b) You must cause any work that you distribute or publish, that in
138	+ whole or in part contains or is derived from the Program or any
139	+ part thereof, to be licensed as a whole at no charge to all third
140	+ parties under the terms of this License.
141	+
142	+ c) If the modified program normally reads commands interactively
143	+ when run, you must cause it, when started running for such
144	+ interactive use in the most ordinary way, to print or display an
145	+ announcement including an appropriate copyright notice and a
146	+ notice that there is no warranty (or else, saying that you provide
147	+ a warranty) and that users may redistribute the program under
148	+ these conditions, and telling the user how to view a copy of this
149	+ License. (Exception: if the Program itself is interactive but
150	+ does not normally print such an announcement, your work based on
151	+ the Program is not required to print an announcement.)
152	+
153	+ These requirements apply to the modified work as a whole. If
154	+ identifiable sections of that work are not derived from the Program,
155	+ and can be reasonably considered independent and separate works in
156	+ themselves, then this License, and its terms, do not apply to those
157	+ sections when you distribute them as separate works. But when you
158	+ distribute the same sections as part of a whole which is a work based
159	+ on the Program, the distribution of the whole must be on the terms of
160	+ this License, whose permissions for other licensees extend to the
161	+ entire whole, and thus to each and every part regardless of who wrote it.
162	+
163	+ Thus, it is not the intent of this section to claim rights or contest
164	+ your rights to work written entirely by you; rather, the intent is to
165	+ exercise the right to control the distribution of derivative or
166	+ collective works based on the Program.
167	+
168	+ In addition, mere aggregation of another work not based on the Program
169	+ with the Program (or with a work based on the Program) on a volume of
170	+ a storage or distribution medium does not bring the other work under
171	+ the scope of this License.
172	+
173	+ 3. You may copy and distribute the Program (or a work based on it,
174	+ under Section 2) in object code or executable form under the terms of
175	+ Sections 1 and 2 above provided that you also do one of the following:
176	+
177	+ a) Accompany it with the complete corresponding machine-readable
178	+ source code, which must be distributed under the terms of Sections
179	+ 1 and 2 above on a medium customarily used for software interchange; or,
180	+
181	+ b) Accompany it with a written offer, valid for at least three
182	+ years, to give any third party, for a charge no more than your
183	+ cost of physically performing source distribution, a complete
184	+ machine-readable copy of the corresponding source code, to be
185	+ distributed under the terms of Sections 1 and 2 above on a medium
186	+ customarily used for software interchange; or,
187	+
188	+ c) Accompany it with the information you received as to the offer
189	+ to distribute corresponding source code. (This alternative is
190	+ allowed only for noncommercial distribution and only if you
191	+ received the program in object code or executable form with such
192	+ an offer, in accord with Subsection b above.)
193	+
194	+ The source code for a work means the preferred form of the work for
195	+ making modifications to it. For an executable work, complete source
196	+ code means all the source code for all modules it contains, plus any
197	+ associated interface definition files, plus the scripts used to
198	+ control compilation and installation of the executable. However, as a
199	+ special exception, the source code distributed need not include
200	+ anything that is normally distributed (in either source or binary
201	+ form) with the major components (compiler, kernel, and so on) of the
202	+ operating system on which the executable runs, unless that component
203	+ itself accompanies the executable.
204	+
205	+ If distribution of executable or object code is made by offering
206	+ access to copy from a designated place, then offering equivalent
207	+ access to copy the source code from the same place counts as
208	+ distribution of the source code, even though third parties are not
209	+ compelled to copy the source along with the object code.
210	+
211	+ 4. You may not copy, modify, sublicense, or distribute the Program
212	+ except as expressly provided under this License. Any attempt
213	+ otherwise to copy, modify, sublicense or distribute the Program is
214	+ void, and will automatically terminate your rights under this License.
215	+ However, parties who have received copies, or rights, from you under
216	+ this License will not have their licenses terminated so long as such
217	+ parties remain in full compliance.
218	+
219	+ 5. You are not required to accept this License, since you have not
220	+ signed it. However, nothing else grants you permission to modify or
221	+ distribute the Program or its derivative works. These actions are
222	+ prohibited by law if you do not accept this License. Therefore, by
223	+ modifying or distributing the Program (or any work based on the
224	+ Program), you indicate your acceptance of this License to do so, and
225	+ all its terms and conditions for copying, distributing or modifying
226	+ the Program or works based on it.
227	+
228	+ 6. Each time you redistribute the Program (or any work based on the
229	+ Program), the recipient automatically receives a license from the
230	+ original licensor to copy, distribute or modify the Program subject to
231	+ these terms and conditions. You may not impose any further
232	+ restrictions on the recipients' exercise of the rights granted herein.
233	+ You are not responsible for enforcing compliance by third parties to
234	+ this License.
235	+
236	+ 7. If, as a consequence of a court judgment or allegation of patent
237	+ infringement or for any other reason (not limited to patent issues),
238	+ conditions are imposed on you (whether by court order, agreement or
239	+ otherwise) that contradict the conditions of this License, they do not
240	+ excuse you from the conditions of this License. If you cannot
241	+ distribute so as to satisfy simultaneously your obligations under this
242	+ License and any other pertinent obligations, then as a consequence you
243	+ may not distribute the Program at all. For example, if a patent
244	+ license would not permit royalty-free redistribution of the Program by
245	+ all those who receive copies directly or indirectly through you, then
246	+ the only way you could satisfy both it and this License would be to
247	+ refrain entirely from distribution of the Program.
248	+
249	+ If any portion of this section is held invalid or unenforceable under
250	+ any particular circumstance, the balance of the section is intended to
251	+ apply and the section as a whole is intended to apply in other
252	+ circumstances.
253	+
254	+ It is not the purpose of this section to induce you to infringe any
255	+ patents or other property right claims or to contest validity of any
256	+ such claims; this section has the sole purpose of protecting the
257	+ integrity of the free software distribution system, which is
258	+ implemented by public license practices. Many people have made
259	+ generous contributions to the wide range of software distributed
260	+ through that system in reliance on consistent application of that
261	+ system; it is up to the author/donor to decide if he or she is willing
262	+ to distribute software through any other system and a licensee cannot
263	+ impose that choice.
264	+
265	+ This section is intended to make thoroughly clear what is believed to
266	+ be a consequence of the rest of this License.
267	+
268	+ 8. If the distribution and/or use of the Program is restricted in
269	+ certain countries either by patents or by copyrighted interfaces, the
270	+ original copyright holder who places the Program under this License
271	+ may add an explicit geographical distribution limitation excluding
272	+ those countries, so that distribution is permitted only in or among
273	+ countries not thus excluded. In such case, this License incorporates
274	+ the limitation as if written in the body of this License.
275	+
276	+ 9. The Free Software Foundation may publish revised and/or new versions
277	+ of the General Public License from time to time. Such new versions will
278	+ be similar in spirit to the present version, but may differ in detail to
279	+ address new problems or concerns.
280	+
281	+ Each version is given a distinguishing version number. If the Program
282	+ specifies a version number of this License which applies to it and "any
283	+ later version", you have the option of following the terms and conditions
284	+ either of that version or of any later version published by the Free
285	+ Software Foundation. If the Program does not specify a version number of
286	+ this License, you may choose any version ever published by the Free Software
287	+ Foundation.
288	+
289	+ 10. If you wish to incorporate parts of the Program into other free
290	+ programs whose distribution conditions are different, write to the author
291	+ to ask for permission. For software which is copyrighted by the Free
292	+ Software Foundation, write to the Free Software Foundation; we sometimes
293	+ make exceptions for this. Our decision will be guided by the two goals
294	+ of preserving the free status of all derivatives of our free software and
295	+ of promoting the sharing and reuse of software generally.
296	+
297	+ NO WARRANTY
298	+
299	+ 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
300	+ FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
301	+ OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
302	+ PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
303	+ OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
304	+ MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
305	+ TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
306	+ PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
307	+ REPAIR OR CORRECTION.
308	+
309	+ 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
310	+ WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
311	+ REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
312	+ INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
313	+ OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
314	+ TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
315	+ YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
316	+ PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
317	+ POSSIBILITY OF SUCH DAMAGES.
318	+
319	+ END OF TERMS AND CONDITIONS
320	+
321	+ How to Apply These Terms to Your New Programs
322	+
323	+ If you develop a new program, and you want it to be of the greatest
324	+ possible use to the public, the best way to achieve this is to make it
325	+ free software which everyone can redistribute and change under these terms.
326	+
327	+ To do so, attach the following notices to the program. It is safest
328	+ to attach them to the start of each source file to most effectively
329	+ convey the exclusion of warranty; and each file should have at least
330	+ the "copyright" line and a pointer to where the full notice is found.
331	+
332	+ <one line to give the program's name and a brief idea of what it does.>
333	+ Copyright (C) <year> <name of author>
334	+
335	+ This program is free software; you can redistribute it and/or modify
336	+ it under the terms of the GNU General Public License as published by
337	+ the Free Software Foundation; either version 2 of the License, or
338	+ (at your option) any later version.
339	+
340	+ This program is distributed in the hope that it will be useful,
341	+ but WITHOUT ANY WARRANTY; without even the implied warranty of
342	+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
343	+ GNU General Public License for more details.
344	+
345	+ You should have received a copy of the GNU General Public License along
346	+ with this program; if not, write to the Free Software Foundation, Inc.,
347	+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
348	+
349	+ Also add information on how to contact you by electronic and paper mail.
350	+
351	+ If the program is interactive, make it output a short notice like this
352	+ when it starts in an interactive mode:
353	+
354	+ Gnomovision version 69, Copyright (C) year name of author
355	+ Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
356	+ This is free software, and you are welcome to redistribute it
357	+ under certain conditions; type `show c' for details.
358	+
359	+ The hypothetical commands `show w' and `show c' should show the appropriate
360	+ parts of the General Public License. Of course, the commands you use may
361	+ be called something other than `show w' and `show c'; they could even be
362	+ mouse-clicks or menu items--whatever suits your program.
363	+
364	+ You should also get your employer (if you work as a programmer) or your
365	+ school, if any, to sign a "copyright disclaimer" for the program, if
366	+ necessary. Here is a sample; alter the names:
367	+
368	+ Yoyodyne, Inc., hereby disclaims all copyright interest in the program
369	+ `Gnomovision' (which makes passes at compilers) written by James Hacker.
370	+
371	+ <signature of Ty Coon>, 1 April 1989
372	+ Ty Coon, President of Vice
373	+
374	+ This General Public License does not permit incorporating your program into
375	+ proprietary programs. If your program is a subroutine library, you may
376	+ consider it more useful to permit linking proprietary applications with the
377	+ library. If this is what you want to do, use the GNU Lesser General
378	+ Public License instead of this License.
379	+
380	+ WRITTEN OFFER
381	+
382	+ The source code for any program binaries or compressed scripts that are
383	+ included with WordPress can be freely obtained at the following URL:
384	+
385	+ https://wordpress.org/download/source/

logger.php ADDED Viewed

	@@ -0,0 +1,24 @@


1	+ <?php
2	+
3	+ if (!defined('ABSPATH')) exit;
4	+ if (!class_exists('BVLogger')) :
5	+ class BVLogger {
6	+ public $db;
7	+ public $table;
8	+ const MAXROWCOUNT = 100000;
9	+
10	+ function __construct($db, $table) {
11	+ $this->db = $db;
12	+ $this->table = $table;
13	+ }
14	+
15	+ public function log($data) {
16	+ if (is_array($data)) {
17	+ $tablename = $this->db->getBVTable($this->table);
18	+ if ($this->db->rowsCount($tablename) > BVLogger::MAXROWCOUNT)
19	+ $this->db->deleteRowsFromtable($this->table, 1);
20	+ $this->db->replaceIntoBVTable($this->table, $data);
21	+ }
22	+ }
23	+ }
24	+ endif;

lp/config.php ADDED Viewed

	@@ -0,0 +1,80 @@


1	+ <?php
2	+
3	+ if (!defined('ABSPATH')) exit;
4	+ if (!class_exists('BVLPConfig')) :
5	+ class BVLPConfig {
6	+ public $bvmain;
7	+ public static $requests_table = 'lp_requests';
8	+
9	+ #mode
10	+ const DISABLED = 1;
11	+ const AUDIT = 2;
12	+ const PROTECT = 3;
13	+
14	+ public function __construct($bvmain) {
15	+ $this->bvmain = $bvmain;
16	+ }
17	+
18	+ public function setMode($mode) {
19	+ if (!$mode) {
20	+ $this->bvmain->info->deleteOption('bvlpmode');
21	+ } else {
22	+ $this->bvmain->info->updateOption('bvlpmode', intval($mode));
23	+ }
24	+ }
25	+
26	+ public function setCaptchaLimit($count) {
27	+ if (!$count) {
28	+ $this->bvmain->info->deleteOption('bvlpcaptchaLimit');
29	+ } else {
30	+ $this->bvmain->info->updateOption('bvlpcaptchaLimit', intval($count));
31	+ }
32	+ }
33	+
34	+ public function setTempBlockLimit($count) {
35	+ if (!$count) {
36	+ $this->bvmain->info->deleteOption('bvlptempblocklimit');
37	+ } else {
38	+ $this->bvmain->info->updateOption('bvlptempblocklimit', intval($count));
39	+ }
40	+ }
41	+
42	+ public function setBlockAllLimit($count) {
43	+ if (!$count) {
44	+ $this->bvmain->info->deleteOption('bvlpblockalllimit');
45	+ } else {
46	+ $this->bvmain->info->updateOption('bvlpblockalllimit', intval($count));
47	+ }
48	+ }
49	+
50	+ public function getMode() {
51	+ $mode = $this->bvmain->info->getOption('bvlpmode');
52	+ return intval($mode ? $mode : BVLPConfig::DISABLED);
53	+ }
54	+
55	+ public function getCaptchaLimit() {
56	+ $limit = $this->bvmain->info->getOption('bvlpcaptchalimit');
57	+ return ($limit ? $limit : 3);
58	+ }
59	+
60	+ public function getTempBlockLimit() {
61	+ $limit = $this->bvmain->info->getOption('bvlptempblocklimit');
62	+ return ($limit ? $limit : 10);
63	+ }
64	+
65	+ public function getBlockAllLimit() {
66	+ $limit = $this->bvmain->info->getOption('bvlpblockAlllimit');
67	+ return ($limit ? $limit : 100);
68	+ }
69	+
70	+ public function clear() {
71	+ $this->setMode(false);
72	+ $this->setCaptchaLimit(false);
73	+ $this->setTempBlockLimit(false);
74	+ $this->setBlockAllLimit(false);
75	+ $this->bvmain->db->dropBVTable(BVLPConfig::$requests_table);
76	+ $this->bvmain->info->deleteOption('bvptplug');
77	+ return true;
78	+ }
79	+ }
80	+ endif;

lp/lp.php ADDED Viewed

	@@ -0,0 +1,248 @@


1	+ <?php
2	+
3	+ if (!defined('ABSPATH')) exit;
4	+ if (!class_exists('BVLP')) :
5	+
6	+ require_once dirname( __FILE__ ) . '/config.php';
7	+ require_once dirname( __FILE__ ) . './../ipstore.php';
8	+
9	+ class BVLP {
10	+
11	+ private $ip;
12	+ private $time;
13	+ private $category;
14	+ private $username;
15	+ private $message;
16	+ public $config;
17	+ public $bvmain;
18	+ public $logger;
19	+ public $ipstore;
20	+ public static $requests_table = 'lp_requests';
21	+ public static $unblock_ip_transient = 'bvlp_unblock_ip';
22	+
23	+ #status
24	+ const LOGINFAILURE = 1;
25	+ const LOGINSUCCESS = 2;
26	+ const LOGINBLOCKED = 3;
27	+
28	+ #categories
29	+ const CAPTCHABLOCK = 1;
30	+ const TEMPBLOCK = 2;
31	+ const ALLBLOCKED = 3;
32	+ const UNBLOCKED = 4;
33	+ const BLACKLISTED = 5;
34	+ const BYPASSED = 6;
35	+ const ALLOWED = 7;
36	+
37	+ public function __construct($bvmain, $ip) {
38	+ $this->bvmain = $bvmain;
39	+ $this->ip = $ip;
40	+ $this->config = new BVLPConfig($this->bvmain);
41	+ $this->ipstore = new BVIPStore($bvmain);
42	+ $this->logger = new BVLogger($this->bvmain->db, BVLPConfig::$requests_table);
43	+ $this->time = strtotime(date("Y-m-d H:i:s"));
44	+ }
45	+
46	+ public function init() {
47	+ if ($this->isActive()) {
48	+ $this->lpInit();
49	+ }
50	+ add_action('clear_lp_config', array($this->config, 'clear'));
51	+ }
52	+
53	+ public function lpInit() {
54	+ add_filter('authenticate', array($this, 'loginInit'), 30, 3);
55	+ add_action('wp_login', array($this, 'loginSuccess'));
56	+ add_action('wp_login_failed', array($this, 'loginFailed'));
57	+ }
58	+
59	+ public function setMessage($message) {
60	+ $this->message = $message;
61	+ }
62	+
63	+ public function setUserName($username) {
64	+ $this->username = $username;
65	+ }
66	+
67	+ public function setCategory($category) {
68	+ $this->category = $category;
69	+ }
70	+
71	+ public function getCaptchaLink() {
72	+ $bvmain = $this->bvmain;
73	+ $url = $bvmain->authenticatedUrl('/captcha/solve');
74	+ $url .= "&adminurl=".base64_encode(get_admin_url());
75	+ return $url;
76	+ }
77	+
78	+ public function getUserName() {
79	+ return $this->username ? $this->username : '';
80	+ }
81	+
82	+ public function getMessage() {
83	+ return $this->message ? $this->message : '';
84	+ }
85	+
86	+ public function getCategory() {
87	+ return $this->category ? $this->category : BVLP::ALLOWED;
88	+ }
89	+
90	+ public function getCaptchaLimit() {
91	+ return $this->config->getCaptchaLimit();
92	+ }
93	+
94	+ public function getTempBlockLimit() {
95	+ return $this->config->getTempBlockLimit();
96	+ }
97	+
98	+ public function getBlockAllLimit() {
99	+ return $this->config->getBlockAllLimit();
100	+ }
101	+
102	+ public function getLoginLogsTable() {
103	+ global $bvdb;
104	+ return $bvdb->getBVTable(BVLP::$requests_table);
105	+ }
106	+
107	+ public function getAllowLoginsTransient() {
108	+ return $this->bvmain->info->getTransient('bvlp_allow_logins');
109	+ }
110	+
111	+ public function getBlockLoginsTransient() {
112	+ return $this->bvmain->info->getTransient('bvlp_block_logins');
113	+ }
114	+
115	+ public function terminateTemplate() {
116	+ $brandname = $this->bvmain->getBrandName();
117	+ $templates = array (
118	+ 1 => "<p>Too many failed attempts, You are barred from logging into this site.</p><a href=".$this->getCaptchaLink()."
119	+ class='btn btn-default'>Click here</a> to unblock yourself.",
120	+ 2 => "You cannot login to this site for 30 minutes because of too many failed login attempts.",
121	+ 3 => "<p>Logins to this site are currently blocked.</p><a href=".$this->getCaptchaLink()."
122	+ class='btn btn-default'>Click here</a> to unblock yourself.",
123	+ 5 => "Your IP is blacklisted."
124	+ );
125	+ return "
126	+ <div style='height: 98vh;'>
127	+ <div style='text-align: center; padding: 10% 0; font-family: Arial, Helvetica, sans-serif;'>
128	+ <div><p><img src=".plugins_url('../img/icon.png', __FILE__)."><h2>Login Protection</h2><h3>powered by</h3><h2>"
129	+ .$brandname."</h2></p><div>
130	+ <p>" . $templates[$this->getCategory()]. "</p>
131	+ </div>
132	+ </div>";
133	+ }
134	+
135	+ public function isProtecting() {
136	+ return ($this->config->getMode() === BVLPConfig::PROTECT);
137	+ }
138	+
139	+ public function isActive() {
140	+ return ($this->config->getMode() !== BVLPConfig::DISABLED);
141	+ }
142	+
143	+ public function isBlacklistedIP() {
144	+ return $this->ipstore->checkIPPresent($this->ip, BVIPStore::BLACKLISTED, BVIPStore::LP);
145	+ }
146	+
147	+ public function isWhitelistedIP() {
148	+ return $this->ipstore->checkIPPresent($this->ip, BVIPStore::WHITELISTED, BVIPStore::LP);
149	+ }
150	+
151	+ public function isUnBlockedIP() {
152	+ $transient_name = BVLP::$unblock_ip_transient.$this->ip;
153	+ $attempts = $this->bvmain->info->getTransient($transient_name);
154	+ if ($attempts && $attempts > 0) {
155	+ $this->bvmain->info->setTransient($transient_name, $attempts - 1, 600 * $attempts);
156	+ return true;
157	+ }
158	+ return false;
159	+ }
160	+
161	+ public function isLoginBlocked() {
162	+ if ($this->getAllowLoginsTransient() \|\|
163	+ ($this->getLoginCount(BVLP::LOGINFAILURE) < $this->getBlockAllLimit())) {
164	+ return false;
165	+ }
166	+ return true;
167	+ }
168	+
169	+ public function log($status) {
170	+ $data = array (
171	+ "ip" => $this->ip,
172	+ "status" => $status,
173	+ "time" => $this->time,
174	+ "category" => $this->getCategory(),
175	+ "username" => $this->getUserName(),
176	+ "message" => $this->getMessage());
177	+ $this->logger->log($data);
178	+ }
179	+
180	+ public function terminateLogin() {
181	+ $this->setMessage('Login Blocked');
182	+ $this->log(BVLP::LOGINBLOCKED);
183	+ if ($this->isProtecting()) {
184	+ header("Cache-Control: no-cache, no-store, must-revalidate");
185	+ header("Pragma: no-cache");
186	+ header("Expires: 0");
187	+ header('HTTP/1.0 403 Forbidden');
188	+ die($this->terminateTemplate());
189	+ exit;
190	+ }
191	+ }
192	+
193	+ public function loginInit($user, $username = '', $password = '') {
194	+ if ($this->isUnBlockedIP()) {
195	+ $this->setCategory(BVLP::UNBLOCKED);
196	+ } else {
197	+ $failed_attempts = $this->getLoginCount(BVLP::LOGINFAILURE, $this->ip);
198	+ if ($this->isBlacklistedIP()) {
199	+ $this->setCategory(BVLP::BLACKLISTED);
200	+ $this->terminateLogin();
201	+ } else if ($this->isKnownLogin() \|\| $this->isWhitelistedIP()) {
202	+ $this->setCategory(BVLP::BYPASSED);
203	+ } else if ($this->isLoginBlocked()) {
204	+ $this->setCategory(BVLP::ALLBLOCKED);
205	+ $this->terminateLogin();
206	+ } else if ($failed_attempts >= $this->getTempBlockLimit()) {
207	+ $this->setCategory(BVLP::TEMPBLOCK);
208	+ $this->terminateLogin();
209	+ } else if ($failed_attempts >= $this->getCaptchaLimit()) {
210	+ $this->setCategory(BVLP::CAPTCHABLOCK);
211	+ $this->terminateLogin();
212	+ }
213	+ }
214	+ if (!empty($user) && !empty($password) && is_wp_error($user)) {
215	+ $this->setMessage($user->get_error_code());
216	+ }
217	+ return $user;
218	+ }
219	+
220	+ public function loginFailed($username) {
221	+ $this->setUserName($username);
222	+ $this->log(BVLP::LOGINFAILURE);
223	+ }
224	+
225	+ public function loginSuccess($username) {
226	+ $this->setUserName($username);
227	+ $this->setMessage('Login Success');
228	+ $this->log(BVLP::LOGINSUCCESS);
229	+ }
230	+
231	+ public function isKnownLogin() {
232	+ return $this->getLoginCount(BVLP::LOGINSUCCESS, $this->ip, 3600) > 0;
233	+ }
234	+
235	+ public function getLoginCount($status, $ip = null, $gap = 1800) {
236	+ $db = $this->bvmain->db;
237	+ $table = $db->getBVTable(BVLP::$requests_table);
238	+ $query = $db->prepare("SELECT COUNT(*) as count from `$table` WHERE status=%d && time > %d", array($status, ($this->time - $gap)));
239	+ if ($ip) {
240	+ $query .= $db->prepare(" && ip=%s", $ip);
241	+ }
242	+ $rows = $db->getResult($query);
243	+ if (!$rows)
244	+ return 0;
245	+ return intval($rows[0]['count']);
246	+ }
247	+ }
248	+ endif;

main.php ADDED Viewed

	@@ -0,0 +1,167 @@


1	+ <?php
2	+ if (!defined('ABSPATH')) exit;
3	+ if (!class_exists('MalCare')) :
4	+
5	+ require_once dirname( __FILE__ ) . '/main/lib.php';
6	+ require_once dirname( __FILE__ ) . '/main/site_info.php';
7	+ require_once dirname( __FILE__ ) . '/main/auth.php';
8	+ require_once dirname( __FILE__ ) . '/main/db.php';
9	+
10	+ class MalCare {
11	+ public $version = '1.88';
12	+ public $plugname = 'malcare';
13	+ public $brandname = 'MalCare';
14	+ public $webpage = 'https://www.malcare.com';
15	+ public $appurl = 'https://app.malcare.com';
16	+ public $slug = 'malcare-security/malcare.php';
17	+ public $plug_redirect = 'mcredirect';
18	+ public $badgeinfo = 'mcbadge';
19	+ public $logo = '../img/logo.png';
20	+
21	+ public $ip_header_option = 'mcipheader';
22	+ public $brand_option = 'mcbrand';
23	+
24	+ public $lib;
25	+ public $info;
26	+ public $auth;
27	+ public $db;
28	+ function __construct() {
29	+ $this->lib = new MCLib();
30	+ $this->info = new MCSiteInfo($this->lib);
31	+ $this->auth = new MCAuth($this->info);
32	+ $this->db = new MCDb();
33	+ }
34	+
35	+ public function appUrl() {
36	+ if (defined('BV_APP_URL')) {
37	+ return BV_APP_URL;
38	+ } else {
39	+ $brand = $this->getBrandInfo();
40	+ if ($brand && array_key_exists('appurl', $brand)) {
41	+ return $brand['appurl'];
42	+ }
43	+ return $this->appurl;
44	+ }
45	+ }
46	+
47	+ public function getIPHeader() {
48	+ return $this->info->getOption($this->ip_header_option);
49	+ }
50	+
51	+ public function getBrandName() {
52	+ $brand = $this->getBrandInfo();
53	+ if ($brand && array_key_exists('menuname', $brand)) {
54	+ return $brand['menuname'];
55	+ }
56	+ return $this->brandname;
57	+ }
58	+
59	+ public function isMalcare() {
60	+ return $this->getBrandName() === 'MalCare - Pro';
61	+ }
62	+
63	+ public function isBlogvault() {
64	+ return $this->getBrandName() === 'BlogVault';
65	+ }
66	+
67	+ public function getBrandInfo() {
68	+ return $this->info->getOption($this->brand_option);
69	+ }
70	+
71	+ public function authenticatedUrl($method, $apicheck = null, $full = true) {
72	+ $_params = $this->auth->newAuthParams($this->version);
73	+ if ($apicheck) {
74	+ $_params['bvapicheck'] = $apicheck;
75	+ }
76	+ $qstr = http_build_query($_params);
77	+ if (!$full)
78	+ return $method."?".$qstr;
79	+ return $this->appUrl().$method."?".$qstr;
80	+ }
81	+
82	+ public function isConfigured() {
83	+ return $this->auth->defaultPublic();
84	+ }
85	+
86	+ public function getMonitTime() {
87	+ $time = $this->info->getOption('bvmonittime');
88	+ return ($time ? $time : 0);
89	+ }
90	+
91	+ public function unSetMonitTime() {
92	+ return $this->info->deleteOption('bvmonittime');
93	+ }
94	+
95	+ public function setMonitTime() {
96	+ return $this->info->updateOption('bvmonittime', time());
97	+ }
98	+
99	+ public function isActivePlugin() {
100	+ $expiry_time = time() - (3 * 24 * 3600);
101	+ return ($this->getMonitTime() > $expiry_time);
102	+ }
103	+
104	+ public function isProtectModuleEnabled() {
105	+ return ($this->info->getOption('bvptplug') === $this->plugname) &&
106	+ $this->isActivePlugin();
107	+ }
108	+
109	+ public function isDynSyncModuleEnabled() {
110	+ return ($this->info->getOption('bvdynplug') === $this->plugname) &&
111	+ $this->isActivePlugin();
112	+ }
113	+
114	+ public function pingbv($method) {
115	+ $body = array();
116	+ $this->info->basic($body);
117	+ $body['plug'] = $this->plugname;
118	+ $url = $this->authenticatedUrl($method);
119	+ $this->lib->http_request($url, $body);
120	+ }
121	+
122	+ public function setup($rand_secret) {
123	+ $this->info->updateOption('bvSecretKey', $rand_secret);
124	+ $this->info->updateOption($this->plug_redirect, 'yes');
125	+ $this->info->updateOption('bvActivateTime', time());
126	+ }
127	+
128	+ public function isActivateRedirectSet() {
129	+ if ($this->info->getOption($this->plug_redirect) === 'yes') {
130	+ $this->info->updateOption($this->plug_redirect, 'no');
131	+ return true;
132	+ }
133	+ return false;
134	+ }
135	+
136	+ public function activate() {
137	+ if (!isset($_REQUEST['blogvaultkey'])) {
138	+ ##BVKEYSLOCATE##
139	+ }
140	+ if ($this->isConfigured()) {
141	+ /* This informs the server about the activation */
142	+ $this->pingbv('/bvapi/activate');
143	+ } else {
144	+ $this->setup($this->lib->randString(32));
145	+ }
146	+ }
147	+
148	+ public function footerHandler() {
149	+ $bvfooter = $this->info->getOption($this->badgeinfo);
150	+ if ($bvfooter) {
151	+ echo '<div style="max-width:150px;min-height:70px;margin:0 auto;text-align:center;position:relative;">
152	+ <a href='.$bvfooter['badgeurl'].' target="_blank" ><img src="'.plugins_url($bvfooter['badgeimg'], __FILE__).'" alt="'.$bvfooter['badgealt'].'" /></a></div>';
153	+ }
154	+ }
155	+
156	+ public function deactivate() {
157	+ $this->pingbv('/bvapi/deactivate');
158	+ }
159	+
160	+ public static function uninstall() {
161	+ do_action('clear_lp_config');
162	+ do_action('clear_fw_config');
163	+ do_action('clear_ip_store');
164	+ ##CLEARDYNSYNCCONFIG##
165	+ }
166	+ }
167	+ endif;

main/auth.php ADDED Viewed

	@@ -0,0 +1,106 @@


1	+ <?php
2	+
3	+ if (!defined('ABSPATH')) exit;
4	+ if (!class_exists('MCAuth')) :
5	+
6	+ class MCAuth {
7	+ public $info;
8	+ function __construct($info) {
9	+ $this->info = $info;
10	+ }
11	+
12	+ public function defaultPublic() {
13	+ return $this->info->getOption('bvPublic');
14	+ }
15	+
16	+ public function defaultSecret() {
17	+ return $this->info->getOption('bvSecretKey');
18	+ }
19	+
20	+ public function allKeys() {
21	+ $keys = $this->info->getOption('bvkeys');
22	+ if (!is_array($keys)) {
23	+ $keys = array();
24	+ }
25	+ $public = $this->defaultPublic();
26	+ $secret = $this->defaultSecret();
27	+ if ($public)
28	+ $keys[$public] = $secret;
29	+ $keys['default'] = $secret;
30	+ return $keys;
31	+ }
32	+
33	+ public function publicParam() {
34	+ if (array_key_exists('pubkey', $_REQUEST)) {
35	+ return $_REQUEST['pubkey'];
36	+ } else {
37	+ return $this->defaultPublic();
38	+ }
39	+ }
40	+
41	+ public function secretForPublic($public = false) {
42	+ $bvkeys = $this->allKeys();
43	+ if ($public && array_key_exists($public, $bvkeys) && isset($bvkeys[$public]))
44	+ return $bvkeys[$public];
45	+ else
46	+ return $this->defaultSecret();
47	+ }
48	+
49	+ public function addKeys($public, $secret) {
50	+ $bvkeys = $this->info->getOption('bvkeys');
51	+ if ($bvkeys && is_array($bvkeys))
52	+ $bvkeys[$public] = $secret;
53	+ else
54	+ $bvkeys = array($public => $secret);
55	+ $this->info->updateOption('bvkeys', $bvkeys);
56	+ }
57	+
58	+ public function updateKeys($publickey, $secretkey) {
59	+ $this->info->updateOption('bvPublic', $publickey);
60	+ $this->info->updateOption('bvSecretKey', $secretkey);
61	+ $this->addKeys($publickey, $secretkey);
62	+ }
63	+
64	+ public function rmKeys($publickey) {
65	+ $bvkeys = $this->info->getOption('bvkeys');
66	+ if ($bvkeys && is_array($bvkeys)) {
67	+ unset($bvkeys[$publickey]);
68	+ $this->info->updateOption('bvkeys', $bvkeys);
69	+ return true;
70	+ }
71	+ return false;
72	+ }
73	+
74	+ public function validate($public, $method, $time, $version, $sig) {
75	+ $secret = $this->secretForPublic($public);
76	+ if ($time < intval($this->info->getOption('bvLastRecvTime')) - 300) {
77	+ return false;
78	+ }
79	+ if (array_key_exists('sha1', $_REQUEST)) {
80	+ $sig_match = sha1($method.$secret.$time.$version);
81	+ } else {
82	+ $sig_match = md5($method.$secret.$time.$version);
83	+ }
84	+ if ($sig_match !== $sig) {
85	+ return $sig_match;
86	+ }
87	+ $this->info->updateOption('bvLastRecvTime', $time);
88	+ return 1;
89	+ }
90	+
91	+ public function newAuthParams($version) {
92	+ $args = array();
93	+ $time = time();
94	+ $public = $this->publicParam();
95	+ $secret = $this->secretForPublic($public);
96	+
97	+ $sig = sha1($public.$secret.$time.$version);
98	+ $args['sig'] = $sig;
99	+ $args['bvTime'] = $time;
100	+ $args['bvPublic'] = $public;
101	+ $args['bvVersion'] = $version;
102	+ $args['sha1'] = '1';
103	+ return $args;
104	+ }
105	+ }
106	+ endif;

main/db.php ADDED Viewed

	@@ -0,0 +1,166 @@


1	+ <?php
2	+
3	+ if (!defined('ABSPATH')) exit;
4	+ if (!class_exists('MCDb')) :
5	+
6	+ class MCDb {
7	+ function dbprefix() {
8	+ global $wpdb;
9	+ $prefix = $wpdb->base_prefix ? $wpdb->base_prefix : $wpdb->prefix;
10	+ return $prefix;
11	+ }
12	+
13	+ function prepare($query, $args) {
14	+ global $wpdb;
15	+ return $wpdb->prepare($query, $args);
16	+ }
17	+
18	+ function getSiteId() {
19	+ global $wpdb;
20	+ return $wpdb->siteid;
21	+ }
22	+
23	+ function getResult($query, $obj = ARRAY_A) {
24	+ global $wpdb;
25	+ return $wpdb->get_results($query, $obj);
26	+ }
27	+
28	+ function query($query) {
29	+ global $wpdb;
30	+ return $wpdb->query($query);
31	+ }
32	+
33	+ function getVar($query, $col = 0, $row = 0) {
34	+ global $wpdb;
35	+ return $wpdb->get_var($query, $col, $row);
36	+ }
37	+
38	+ function getCol($query, $col = 0) {
39	+ global $wpdb;
40	+ return $wpdb->get_col($query, $col);
41	+ }
42	+
43	+ function tableName($table) {
44	+ return $table[0];
45	+ }
46	+
47	+ function showTables() {
48	+ $tables = $this->getResult("SHOW TABLES", ARRAY_N);
49	+ return array_map(array($this, 'tableName'), $tables);
50	+ }
51	+
52	+ function showTableStatus() {
53	+ return $this->getResult("SHOW TABLE STATUS");
54	+ }
55	+
56	+ function tableKeys($table) {
57	+ return $this->getResult("SHOW KEYS FROM $table;");
58	+ }
59	+
60	+ function describeTable($table) {
61	+ return $this->getResult("DESCRIBE $table;");
62	+ }
63	+
64	+ function checkTable($table, $type) {
65	+ return $this->getResult("CHECK TABLE $table $type;");
66	+ }
67	+
68	+ function repairTable($table) {
69	+ return $this->getResult("REPAIR TABLE $table;");
70	+ }
71	+
72	+ function showTableCreate($table) {
73	+ return $this->getVar("SHOW CREATE TABLE $table;", 1);
74	+ }
75	+
76	+ function rowsCount($table) {
77	+ $count = $this->getVar("SELECT COUNT(*) FROM $table;");
78	+ return intval($count);
79	+ }
80	+
81	+ function createTable($query, $name) {
82	+ $table = $this->getBVTable($name);
83	+ if (!$this->isTablePresent($table)) {
84	+ if (array_key_exists('usedbdelta', $_REQUEST)) {
85	+ if (!function_exists('dbDelta'))
86	+ require_once( ABSPATH . 'wp-admin/includes/upgrade.php' );
87	+ dbDelta($query);
88	+ } else {
89	+ $this->query($query);
90	+ }
91	+ }
92	+ return $this->isTablePresent($table);
93	+ }
94	+
95	+ function getTableContent($table, $fields = '*', $filter = '', $limit = 0, $offset = 0) {
96	+ $query = "SELECT $fields from $table $filter";
97	+ if ($limit > 0)
98	+ $query .= " LIMIT $limit";
99	+ if ($offset > 0)
100	+ $query .= " OFFSET $offset";
101	+ $rows = $this->getResult($query);
102	+ return $rows;
103	+ }
104	+
105	+ function isTablePresent($table) {
106	+ return ($this->getVar("SHOW TABLES LIKE '$table'") === $table);
107	+ }
108	+
109	+ function getCharsetCollate() {
110	+ global $wpdb;
111	+ if (method_exists($wpdb, 'get_charset_collate')) {
112	+ return $wpdb->get_charset_collate();
113	+ }
114	+ return '';
115	+ }
116	+
117	+ function getWPTable($name) {
118	+ return ($this->dbprefix() . $name);
119	+ }
120	+
121	+ function getBVTable($name) {
122	+ return ($this->getWPTable("bv_" . $name));
123	+ }
124	+
125	+ function truncateBVTable($name) {
126	+ $table = $this->getBVTable($name);
127	+ if ($this->isTablePresent($table)) {
128	+ return $this->query("TRUNCATE TABLE $table;");
129	+ } else {
130	+ return false;
131	+ }
132	+ }
133	+
134	+ function deleteBVTableContent($name, $filter = "") {
135	+ $table = $this->getBVTable($name);
136	+ if ($this->isTablePresent($table)) {
137	+ return $this->query("DELETE FROM $table $filter;");
138	+ } else {
139	+ return false;
140	+ }
141	+ }
142	+
143	+ function dropBVTable($name) {
144	+ $table = $this->getBVTable($name);
145	+ if ($this->isTablePresent($table)) {
146	+ $this->query("DROP TABLE IF EXISTS $table;");
147	+ }
148	+ return !$this->isTablePresent($table);
149	+ }
150	+
151	+ function deleteRowsFromtable($name, $count = 1) {
152	+ $table = $this->getBVTable($name);
153	+ if ($this->isTablePresent($table)) {
154	+ return $this->getResult("DELETE FROM $table LIMIT $count;");
155	+ } else {
156	+ return false;
157	+ }
158	+ }
159	+
160	+ function replaceIntoBVTable($name, $value) {
161	+ global $wpdb;
162	+ $table = $this->getBVTable($name);
163	+ return $wpdb->replace($table, $value);
164	+ }
165	+ }
166	+ endif;

main/lib.php ADDED Viewed

	@@ -0,0 +1,44 @@


1	+ <?php
2	+
3	+ if (!defined('ABSPATH')) exit;
4	+ if (!class_exists('MCLib')) :
5	+
6	+ class MCLib {
7	+ public function objectToArray($obj) {
8	+ return json_decode(json_encode($obj), true);
9	+ }
10	+
11	+ public function dbsig($full = false) {
12	+ if (defined('DB_USER') && defined('DB_NAME') &&
13	+ defined('DB_PASSWORD') && defined('DB_HOST')) {
14	+ $sig = sha1(DB_USER.DB_NAME.DB_PASSWORD.DB_HOST);
15	+ } else {
16	+ $sig = "bvnone".$this->randString(34);
17	+ }
18	+ if ($full)
19	+ return $sig;
20	+ else
21	+ return substr($sig, 0, 6);
22	+ }
23	+
24	+ public function randString($length) {
25	+ $chars = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
26	+
27	+ $str = "";
28	+ $size = strlen($chars);
29	+ for( $i = 0; $i < $length; $i++ ) {
30	+ $str .= $chars[rand(0, $size - 1)];
31	+ }
32	+ return $str;
33	+ }
34	+
35	+ public function http_request($url, $body) {
36	+ $_body = array(
37	+ 'method' => 'POST',
38	+ 'timeout' => 15,
39	+ 'body' => $body);
40	+
41	+ return wp_remote_post($url, $_body);
42	+ }
43	+ }
44	+ endif;

main/site_info.php ADDED Viewed

	@@ -0,0 +1,99 @@


1	+ <?php
2	+
3	+ if (!defined('ABSPATH')) exit;
4	+ if (!class_exists('MCSiteInfo')) :
5	+
6	+ class MCSiteInfo {
7	+ public function getOption($key) {
8	+ $res = false;
9	+ if (function_exists('get_site_option')) {
10	+ $res = get_site_option($key, false);
11	+ }
12	+ if ($res === false) {
13	+ $res = get_option($key, false);
14	+ }
15	+ return $res;
16	+ }
17	+
18	+ public function deleteOption($key) {
19	+ if (function_exists('delete_site_option')) {
20	+ return delete_site_option($key);
21	+ } else {
22	+ return delete_option($key);
23	+ }
24	+ }
25	+
26	+ public function updateOption($key, $value) {
27	+ if (function_exists('update_site_option')) {
28	+ return update_site_option($key, $value);
29	+ } else {
30	+ return update_option($key, $value);
31	+ }
32	+ }
33	+
34	+ public function setTransient($name, $value, $time) {
35	+ if (function_exists('set_site_transient')) {
36	+ return set_site_transient($name, $value, $time);
37	+ }
38	+ return false;
39	+ }
40	+
41	+ public function deleteTransient($name) {
42	+ if (function_exists('delete_site_transient')) {
43	+ return delete_site_transient($name);
44	+ }
45	+ return false;
46	+ }
47	+
48	+ public function getTransient($name) {
49	+ if (function_exists('get_site_transient')) {
50	+ return get_site_transient($name);
51	+ }
52	+ return false;
53	+ }
54	+
55	+ public function wpurl() {
56	+ if (function_exists('network_site_url'))
57	+ return network_site_url();
58	+ else
59	+ return get_bloginfo('wpurl');
60	+ }
61	+
62	+ public function siteurl() {
63	+ if (function_exists('site_url')) {
64	+ return site_url();
65	+ } else {
66	+ return get_bloginfo('wpurl');
67	+ }
68	+ }
69	+
70	+ public function homeurl() {
71	+ if (function_exists('home_url')) {
72	+ return home_url();
73	+ } else {
74	+ return get_bloginfo('url');
75	+ }
76	+ }
77	+
78	+ public function isMultisite() {
79	+ if (function_exists('is_multisite'))
80	+ return is_multisite();
81	+ return false;
82	+ }
83	+
84	+ public function isMainSite() {
85	+ if (!function_exists('is_main_site' ) \|\| !$this->isMultisite())
86	+ return true;
87	+ return is_main_site();
88	+ }
89	+
90	+ public function basic(&$info) {
91	+ $info['wpurl'] = $this->wpurl();
92	+ $info['siteurl'] = $this->siteurl();
93	+ $info['homeurl'] = $this->homeurl();
94	+ $info['serverip'] = $_SERVER['SERVER_ADDR'];
95	+ $info['abspath'] = ABSPATH;
96	+ return $info;
97	+ }
98	+ }
99	+ endif;

malcare.php ADDED Viewed

	@@ -0,0 +1,92 @@


1	+ <?php
2	+ /*
3	+ Plugin Name: MalCare WordPress Security, Firewall & Malware Scanner
4	+ Plugin URI: https://www.malcare.com
5	+ Description: WordPress Security, Firewall and Malware Scanner
6	+ Author: MalCare Security
7	+ Author URI: https://www.malcare.com
8	+ Version: 1.88
9	+ Network: True
10	+ */
11	+
12	+ /* Copyright 2017 MalCare (email : support@malcare.com )
13	+
14	+ This program is free software; you can redistribute it and/or modify
15	+ it under the terms of the GNU General Public License, version 2, as
16	+ published by the Free Software Foundation.
17	+
18	+ This program is distributed in the hope that it will be useful,
19	+ but WITHOUT ANY WARRANTY; without even the implied warranty of
20	+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21	+ GNU General Public License for more details.
22	+
23	+ You should have received a copy of the GNU General Public License
24	+ along with this program; if not, write to the Free Software
25	+ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
26	+ */
27	+
28	+ /* Global response array */
29	+
30	+ if (!defined('ABSPATH')) exit;
31	+ global $bvcb, $bvresp;
32	+
33	+ require_once dirname( __FILE__ ) . '/main.php';
34	+ $bvmain = new MalCare();
35	+
36	+ register_uninstall_hook(__FILE__, array('MalCare', 'uninstall'));
37	+ register_activation_hook(__FILE__, array($bvmain, 'activate'));
38	+ register_deactivation_hook(__FILE__, array($bvmain, 'deactivate'));
39	+
40	+ add_action('wp_footer', array($bvmain, 'footerHandler'), 100);
41	+
42	+ if (is_admin()) {
43	+ require_once dirname( __FILE__ ) . '/admin.php';
44	+ $bvadmin = new MCAdmin($bvmain);
45	+ add_action('admin_init', array($bvadmin, 'initHandler'));
46	+ add_filter('all_plugins', array($bvadmin, 'initBranding'));
47	+ add_filter('plugin_row_meta', array($bvadmin, 'hidePluginDetails'), 10, 2);
48	+ if ($bvmain->info->isMultisite()) {
49	+ add_action('network_admin_menu', array($bvadmin, 'menu'));
50	+ } else {
51	+ add_action('admin_menu', array($bvadmin, 'menu'));
52	+ }
53	+ add_filter('plugin_action_links', array($bvadmin, 'settingsLink'), 10, 2);
54	+ add_action('admin_notices', array($bvadmin, 'activateWarning'));
55	+ add_action('admin_enqueue_scripts', array($bvadmin, 'mcsecAdminMenu'));
56	+ }
57	+
58	+ if ((array_key_exists('bvreqmerge', $_POST)) \|\| (array_key_exists('bvreqmerge', $_GET))) {
59	+ $_REQUEST = array_merge($_GET, $_POST);
60	+ }
61	+
62	+ if ((array_key_exists('bvplugname', $_REQUEST)) &&
63	+ stristr($_REQUEST['bvplugname'], $bvmain->plugname)) {
64	+ require_once dirname( __FILE__ ) . '/callback.php';
65	+ $bvcb = new BVCallback($bvmain);
66	+ $bvresp = new BVResponse();
67	+ if ($bvcb->preauth() === 1) {
68	+ if ($bvcb->authenticate() === 1) {
69	+ if (array_key_exists('afterload', $_REQUEST)) {
70	+ add_action('wp_loaded', array($bvcb, 'execute'));
71	+ } else if (array_key_exists('adajx', $_REQUEST)) {
72	+ add_action('wp_ajax_bvadm', array($bvcb, 'bvAdmExecuteWithUser'));
73	+ add_action('wp_ajax_nopriv_bvadm', array($bvcb, 'bvAdmExecuteWithoutUser'));
74	+ } else {
75	+ $bvcb->execute();
76	+ }
77	+ } else {
78	+ $bvcb->terminate(false, array_key_exists('bvdbg', $_REQUEST));
79	+ }
80	+ }
81	+ } else {
82	+ if ($bvmain->isProtectModuleEnabled()) {
83	+ require_once dirname( __FILE__ ) . '/protect.php';
84	+ $bvprotect = new BVProtect($bvmain);
85	+ $bvprotect->init();
86	+ require_once dirname( __FILE__ ) . '/ipstore.php';
87	+ $bvipstore = new BVIPStore($bvmain);
88	+ $bvipstore->init();
89	+ }
90	+
91	+ ##DYNSYNCMODULE##
92	+ }

protect.php ADDED Viewed

	@@ -0,0 +1,45 @@


1	+ <?php
2	+ if (!defined('ABSPATH')) exit;
3	+ if (!class_exists('BVProtect')) :
4	+
5	+ require_once dirname( __FILE__ ) . '/logger.php';
6	+ require_once dirname( __FILE__ ) . '/fw/fw.php';
7	+ require_once dirname( __FILE__ ) . '/lp/lp.php';
8	+
9	+ class BVProtect {
10	+ public $bvmain;
11	+
12	+ function __construct($bvmain) {
13	+ $this->bvmain = $bvmain;
14	+ }
15	+
16	+ public function init() {
17	+ $ip = $this->getIP();
18	+ $fw = new BVFW($this->bvmain, $ip);
19	+ $fw->init();
20	+ $lp = new BVLP($this->bvmain, $ip);
21	+ $lp->init();
22	+ }
23	+
24	+ public function getIP() {
25	+ $ip = '127.0.0.1';
26	+ if (($ipHeader = $this->bvmain->getIPHeader()) && is_array($ipHeader)) {
27	+ if (array_key_exists($ipHeader['hdr'], $_SERVER)) {
28	+ $_ips = preg_split("/(,\| \|\t)/", $_SERVER[$ipHeader['hdr']]);
29	+ if (array_key_exists(intval($ipHeader['pos']), $_ips)) {
30	+ $ip = $_ips[intval($ipHeader['pos'])];
31	+ }
32	+ }
33	+ } else if (array_key_exists('REMOTE_ADDR', $_SERVER)) {
34	+ $ip = $_SERVER['REMOTE_ADDR'];
35	+ }
36	+ $ip = trim($ip);
37	+ if (preg_match('/^\[([0-9a-fA-F:]+)\](:[0-9]+)$/', $ip, $matches)) {
38	+ $ip = $matches[1];
39	+ } elseif (preg_match('/^([0-9.]+)(:[0-9]+)$/', $ip, $matches)) {
40	+ $ip = $matches[1];
41	+ }
42	+ return $ip;
43	+ }
44	+ }
45	+ endif;

readme.txt ADDED Viewed

	@@ -0,0 +1,275 @@


1	+ === Security & Firewall - MalCare Security ===
2	+ Contributors: malcare security, akshatc
3	+ Tags: security, wordpress security, security plugin, firewall, malware scanner, login security, automatic malware removal, improve security
4	+ Plugin URI: https://www.malcare.com
5	+ Donate link: https://www.malcare.com
6	+ Requires at least: 4.0
7	+ Tested up to: 5.2.1
8	+ Requires PHP: 5.3.0
9	+ Stable tag: trunk
10	+ License: GPLv2 or later
11	+ License URI: [http://www.gnu.org/licenses/gpl-2.0.html](http://www.gnu.org/licenses/gpl-2.0.html)
12	+
13	+ Security, Firewall, Malware Scanner and Cleanups under one roof. MalCare Security plugin has login protection to secure a site from a hack.
14	+
15	+ == DESCRIPTION ==
16	+
17	+ ### Instant WordPress Malware Removal at 25% of the Industry Cost. Detects Complex Malware Others Plugins Frequently Miss
18	+
19	+ Check out more MalCare customer testimonials from [here](http://bit.ly/2DlOmJn).
20	+
21	+ With it’s smart “Cloud Scan”, MalCare’s malware scanner will never impact your website performance nor overload your server. Ever.
22	+
23	+ Clean your malware in less than 60 seconds. Our safe malware removal technology ensures that your website never breaks.
24	+
25	+ MalCare comes with an inbuilt smart and powerful Firewall for real-time protection from Hackers and bots.
26	+
27	+ It is the simplest WordPress Security plugin that doesn’t need any technical knowledge. You can get set and ready in just 50 secs.
28	+
29	+ The brands you trust, trust MalCare to keep them safe. MalCare is trusted by Intel, Dolby True HD, CodeinWP, Site Care, WP Curve, Valet, among others.
30	+
31	+ It is a perfect security solution for developer and agencies as it comes with all the tools you need to manage multiple websites from Website Management, White Label Solution, and Custom & Scheduled Reporting.
32	+
33	+ Learn more about MalCare from [here](http://bit.ly/2RKlPTc).
34	+
35	+ == MalCare in Numbers ==
36	+ * 200,000+ Sites Scanned and counting
37	+ * 250,000+ Successful Malware Removals
38	+ * 330GB Largest site Scanned
39	+ * 10,000+ Web hosts Compatibility
40	+ * Five Star Support
41	+
42	+ [youtube https://www.youtube.com/watch?v=rBuYh2dIadk]
43	+
44	+ == Benefits of Using MalCare as Your Go-to Security Solution ==
45	+
46	+ = 1. Scanner That NEVER Slows Down Your Website =
47	+ * No Server Overload. Ever.
48	+ * Scan website for vulnerabilities
49	+ * Consistent Scanning Practices
50	+ * Early Malware Detection
51	+
52	+ = 2. Fix a Hacked Website in less than 60 Seconds =
53	+ * Fully Automated Malware Removal
54	+ * Unlimited Cleanups at No Additional Cost
55	+ * Cleans Complex Unknown Malware
56	+ * Support Always on Your Side
57	+
58	+ = 3. Real-time Protection from our Smart Firewall =
59	+ * CAPTCHA-based Login Protection
60	+ * IP Blocking on a Global Level
61	+
62	+ = 4. Inbuilt WordPress Website Hardening =
63	+ * Disable File Editor
64	+ * Protect Uploads Folder
65	+ * Change Security Keys
66	+ * Disallow Plugins
67	+
68	+ = 5. Single, Site Management Dashboard =
69	+ * Perform WordPress Core, Theme, Plugin Updates
70	+ * Invite Team Members for Efficient Collaboration
71	+ * Exclusive White-label Solution to Grow Revenues
72	+ * Beautiful and Comprehensive Client Reporting
73	+
74	+ = 6. MalCare is a "Service," Not just a Security Plugin =
75	+ * Always Improving & Adding Features Unlike Plugins
76	+ * Our Support Has Your Back, Always
77	+ * Independent Dashboard Offers 24X7 Access to Backups
78	+
79	+ == Why Choose MalCare Security Services? ==
80	+
81	+ * Set up & Running in Just 60 Secs - Get started in no time. Log in. Auto-Install. And that’s it!
82	+ * Unlimited Scan and Cleanup - With MalCare Security Service, clean-up is automatic and at the click of a button, with no downtime.
83	+ * Detects Malware Missed by Other Plugins - Our proprietary algorithm identifies even the most complex malware and security hacks, without any false-positives.
84	+ * No Technical Knowledge Needed - Automated workflows that ensure everything you need is only a click away.
85	+ * Personal Support for Everyone - Agile & Responsive Customer Support that caters to Everyone.
86	+
87	+ == Difference Between Free & Paid MalCare Security Service? ==
88	+
89	+ MalCare Security Service has a free version and a premium version. We’ll scan your site with our Scanner and protect your website with our Firewall in the [free MalCare version](https://wordpress.org/plugins/malcare-security/).
90	+
91	+ The [paid version](http://bit.ly/2ROFL7y) includes Cleaning a Hacked Site, Website Hardening, Website Management, White-Labeling, Client Reporting, and taking Regular Backups. Kindly take a look at our security [feature pages](http://bit.ly/2RKvMQo) for more details.
92	+
93	+ To learn more, please take a look at [MalCare free vs premium page](http://bit.ly/2RMzUPY).
94	+
95	+ == FREQUENTLY ASKED QUESTIONS ==
96	+
97	+ =Can I Setup my MalCare account myself?=
98	+ Yes. Take the help of this [step-by-step guide](http://bit.ly/2RKSVCb).
99	+
100	+ =I am unable to reach the security plugin. What can I do?=
101	+ You can send an email to the support team on support@malcare.com and notify our team regarding this.
102	+
103	+ =Do you have a free version? How does it work?=
104	+ MalCare Security Service has a free version and a premium version. We’ll scan and protect your website with a Firewall in the [free MalCare version](https://wordpress.org/plugins/malcare-security/). You can download the security plugin from the WordPress repository.
105	+
106	+ The [paid version](http://bit.ly/2ROFL7y) includes Cleaning a Hacked Site, Website Hardening, Website Management, White-Labeling, Client Reporting, and taking Regular Backups. Kindly take a look at our security [feature pages](http://bit.ly/2RKvMQo) for more details.
107	+
108	+ To learn more, please take a look at [MalCare free vs premium page](http://bit.ly/2RMzUPY).
109	+
110	+ =How do I upgrade from free to a premium account?=
111	+ To upgrade from free trial version to a premium account, please take the help of [this guide](http://bit.ly/2RMSBTP).
112	+
113	+ =How do I upgrade to a bigger Plan?=
114	+ To upgrade to a bigger Plan, take the help of [this guide](http://bit.ly/2RMSBTP).
115	+
116	+ =Do I need to pay for support and help?=
117	+ Never! We will be with you for any queries at any time. [Click here](https://www.malcare.com/contact/) to get in touch with us!
118	+
119	+ =How many times does MalCare auto-scan a website?=
120	+ MalCare automatic security scans a website once every 24 hours.
121	+
122	+ =How does MalCare detect complex malware?=
123	+ MalCare Security Service scans all your website WordPress files beyond just signatures and evaluates it automatically using powerful technology with the collective knowledge of 240,000+ sites. It uses 100 + intelligent signals automatically for deep security scanning and combing through all the files. That is how it detects even the most complex and well-hidden malware on your site.
124	+
125	+ =Does MalCare affect my site performance?=
126	+ No, not at all. MalCare Security Service performs all the heavy lifting of scanning your entire site WordPress files on its own. It does not use your site resources. MalCare Security Service runs its security operations on MalCare servers, thereby ensuring zero loads from its side on your website.
127	+
128	+ =How does the unlimited cleanup policy work?=
129	+ A situation may occur where your site is being repeatedly infected. In such events, there is no limit to the number of times you can [clean up a hacked website](http://bit.ly/2RHzkD2).
130	+
131	+ But if the situation persists, then cleaning up the site, again and again, will not solve the problem. In such cases, you can [contact us](https://www.malcare.com/contact/), and we will help improve your security posture. We’d ask you to take proactive measures based on the recommendation of the Support team. We reserve the right to refuse service until appropriate actions are taken from your end. In cases like this, we also reserve the right to deny refund or cancellation of the MalCare Security account.
132	+
133	+ =What do I need to clean my website?=
134	+ In order to begin the cleanup process, we need access to your server and its associated files. (Don’t worry, this will not compromise your site’s security).
135	+
136	+ We get this access in the form of FTP, SFTP, or SSH access to your server. FTP stands for File Transfer Protocol, sFTP for Secure File Transfer Protocol, and SSH for Secure Shell. These are connection protocol mechanisms that allow us to log into servers to edit/add/remove files. These connection protocols allow us to log into your websites, specifically the server, and perform the remediation process. If you for some reason are unfamiliar with these protocols, don’t worry, our team of security analysts are prepared to assist you in the process. To do so, you’ll need to be willing to share access information to your hosting account.
137	+
138	+ We covered how to clean a website [here](http://bit.ly/2RHzkD2). Here’s a guide on [how to find FTP credentials](http://bit.ly/2RFPeOl) and another guide on [how to locate a folder where WordPress is installed](http://bit.ly/2RFPf4R).
139	+
140	+ =How long does it take to clean a site?=
141	+ It really depends on the size of the website. In average, [cleaning up with MalCare Security](http://bit.ly/2RHzkD2) usually takes 5-10 mins.
142	+
143	+ =How does the Login Protection work?=
144	+ [MalCare’s Login Protection](http://bit.ly/2RKbDKn) feature prevents bots from entering your website stealing your data, spamming and other malicious activities that threaten the security of your site.
145	+
146	+ =How does the Site Hardening work?=
147	+ WordPress has recommended few extra security measures which will harden the security of your website. We have incorporated those recommendations in our Site Hardening feature. Kindly have a look at our guide on [how to implement Site Hardening](http://bit.ly/2RGnSYt).
148	+
149	+ =How does the Firewall work?=
150	+ MalCare Security Service was created after analyzing over 240,000 sites from scratch. The Firewall constantly monitors traffic from all places and automatically blocks IP’s that seem malicious in nature. As such, it is [automatically enabled](http://bit.ly/2RKbZAH) and needs minimal overseeing.
151	+
152	+ [MalCare Firewall Security](http://bit.ly/2RKIuyu) ensures that attacks on your site by even bots are mitigated, without affecting your WordPress site. It monitors bots across a global level without ever overloading your server.
153	+
154	+ =Can I update WordPress core, plugins and themes directly?=
155	+ Yes. Updating WordPress add-ons tightens the security of your website. Take a look at this [Manage Site help doc](http://bit.ly/2RKhMGr) to learn how to update WordPress add-ons.
156	+
157	+ =Can I manage my site users and their password directly?=
158	+ Yes. With MalCare managing WordPress, users have become easier. Take the help of this [Manage Site help doc](http://bit.ly/2RKhMGr). Remember to delete the passive user account and encourage users to use a strong password for better security.
159	+
160	+ =Can I add Clients and Team Members on my account?=
161	+ Yes, you can.
162	+ Our client feature is for your reference alone. You can assign a client to their site. If you want to give a user, the dashboard access, please add them as your team members under the team section. Please see [How do I add clients and team members](http://bit.ly/2RKcKtx)? For the sake of security, give dashboard access to only people you can trust.
163	+
164	+ =Will MalCare Security work if my site is down?=
165	+ We understand the pains of a website going down. If a site goes down after you have [added the website](http://bit.ly/2ROE7CU) and [installed the security plugin](http://bit.ly/2RI7eHW) from the dashboard, [MalCare will clean up your site](http://bit.ly/2RHzkD2).
166	+ But if you add a website that was down beforehand, i.e. before adding the security plugin, then MalCare Security Service won’t work.
167	+
168	+
169	+ =What information does MalCare Security Service store?=
170	+ We only store data related to your site structure such as plugins/themes with their respective versions. This helps us identify vulnerabilities that may be present on the site. We track the IPs of visitors to your site, to identify malicious actors who might attack your site.
171	+
172	+ =What makes MalCare Security Service better than other security plugins?=
173	+ MalCare Security Service was developed after analyzing 240,000+ websites.
174	+ * It uses 100+ internal signals to Scan and identifies the most complex malware.
175	+ * It pinpoints the malware’s exact location on your site. It does remote security scanning, to ensure there are Zero loads on your server.
176	+ * MalCare comes with an industry first One-Click Malware removal service that eliminates any malware in a jiffy.
177	+ * We alert you only when there is a legitimate malicious discovery rather than 'possible hacks'.
178	+
179	+ We feel these features set us apart from most other WordPress security plugins. For further information take a look at how MalCare Security Service stands when compared with [Top Security Plugins](http://bit.ly/2RKFdPG).
180	+
181	+ =I already have a backup solution. Something happens to my site, I can simply restore. Why do I need a security plugin?=
182	+ Backups play a very important role in WordPress security, but it has some limitations. We have noticed that in many cases, it is weeks before a site owner realizes that his/her website has been hacked.
183	+
184	+ During this period multiple backups will be taken, and there will be a high chance that the files that contain the hack or the Malware are also backed up.
185	+
186	+ In such a case restoring from backup is not sufficient as it will not clean your website. Here is where a Malware solution like MalCare Security Service comes in. It does regular automated security scans of your website and notifies you if there is any sort of Malicious content on your website.
187	+
188	+ =Isn’t WordPress secure enough?=
189	+ WordPress core is safe, but the CMS does not work in isolation. Security plugins and themes are part of its ecosystem. Several studies on hacked sites show that plugins and themes are responsible for a majority of such compromise. MalCare Security Service is an easy and effective way of securing websites and keeping them safe from hack attempts. Look at this [full feature list](http://bit.ly/2RJyRjV).
190	+
191	+ =Why will an SSL certificate not suffice?=
192	+ An SSL certificate is used only to encrypt a connection between the browser and server to safely transmit sensitive information. However, MalCare Security Service goes beyond and actually protects the database where this information is stored, scans your website files using 100+ intelligent signals automatically, and applications protect from data breaches and spreading of viruses/malware. These functionalities are not provided by an SSL certificate.
193	+
194	+ =How is MalCare Security Service the best for agencies or developers?=
195	+ We’re the best because of three features:
196	+ * We have developer-friendly plans that are easy on the wallet. If you’re a developer or an agency that hosts about 10 websites, the chances are that enterprise-level security packages would be too expensive for you. If you’ve got anything more than seven sites, take a look at our unlimited plans.
197	+ * Our auto-clean feature makes sure that you can scan, and clean your sites by yourself, so you don’t waste precious time.
198	+ * MalCare’s regular security scans alert you whenever it identifies hacks, so your sites are always secure.
199	+
200	+ =How does MalCare Security handle WordPress Multisite installs?=
201	+ We completely understand the concern and complexities surrounding WordPress Multisite installs. We treat each WordPress install as a license. It means that if you have a network of websites on a single WordPress installation, we treat that as a single license.
202	+
203	+ =Will MalCare Security Service slow down my website?=
204	+ MalCare runs on its own servers. We take great care to ensure that we do not add load to your site. We do all the hard work of security scanning, cleaning and protecting, on our servers and this is our USP.
205	+
206	+ =Where are my FTP details processed?=
207	+ FTP details input into MalCare is processed on our servers. We need your FTP credentials to access your website’s files and folders. We feel that FTP transfer is the safest way to transfer data to and from a site. However, they are treated like payment details (i.e. they’re not stored on our servers). Once we’ve processed them, they’re deleted from our servers.
208	+
209	+ == SCREENSHOTS ==
210	+
211	+ 1. MalCare combines an inbuilt WordPress firewall with Captcha based login protection to defend your site against bots, hackers, and malicious traffic.
212	+ 2. MalCare’s Early Detection Technology uses 100+ intelligent signals to detect even the most complex malware that other WordPress security plugins cannot detect.
213	+ 3. No more waiting for days or hours to clean your website. Clean your website of malicious code with surgical precision in One-Click.
214	+ 4. Manage multiple WordPress sites from one dashboard.
215	+ 5. Based on an internal algorithm, the Score and Report indicates that health of the security of your website along with what steps you should be taking to score better.
216	+ 6. Check the Performance Speed of your website from the BlogVault dashboard.
217	+ 7. With Uptime Monitoring you get notified the moment your website is shut down.
218	+ 8. With BlogVault's White-Label Solution you can showcase our service under your own brilliant brand.
219	+
220	+ == CHANGELOG ==
221	+ = 1.88 =
222	+ * Callback improvements
223	+ * Adding delete transient callback
224	+
225	+ = 1.87 =
226	+ * Checking Whitelisted IP's first
227	+
228	+ = 1.86 =
229	+ * Updating tested upto 5.1
230	+
231	+ = 1.84 =
232	+ * Disable form on submit
233	+
234	+ = 1.83 =
235	+ * Setting blocked page to be non-cacheable
236	+
237	+ = 1.82 =
238	+ * Updating tested upto 5.0
239	+
240	+ = 1.81 =
241	+ * Adding Geoblocking functionality
242	+
243	+ = 1.77 =
244	+ * Adding function_exists for getmyuid and get_current_user functions
245	+
246	+ = 1.76 =
247	+ * Removing create_funtion for PHP 7.2 compatibility
248	+
249	+ = 1.73 =
250	+ * Ability to show captcha for all login blocked
251	+
252	+ = 1.72 =
253	+ * Adding Misc Callback
254	+
255	+ = 1.71 =
256	+ * Adding logout functionality in the plugin
257	+
258	+ = 1.69 =
259	+ * Adding support for chunked base64 encoding
260	+
261	+ = 1.68 =
262	+ * Updating upload rows
263	+
264	+ = 1.66 =
265	+ * Updating TOS and privacy policies
266	+
267	+ = 1.64 =
268	+ * Bug fixes for lp and fw
269	+
270	+ = 1.62 =
271	+ * SSL support in plugin for API calls
272	+ * Adding support for plugin branding
273	+
274	+ = 1.51 =
275	+ * First Release

MalCare WordPress Security Plugin – Malware Scanner, Cleaner, Security Firewall - Version 1.88

Version Description

Release Info

Version 1.88