MalCare WordPress Security Plugin – Malware Scanner, Cleaner, Security Firewall - Version 2.1

Version Description

  • Restructuring classes
Download this release

Release Info

Developer ritesh.soni36
Plugin Icon 128x128 MalCare WordPress Security Plugin – Malware Scanner, Cleaner, Security Firewall
Version 2.1
Comparing to
See all releases

Code changes from version 1.91 to 2.1

Files changed (44) hide show
  1. account.php +187 -0
  2. admin/main_page.php +3 -3
  3. admin/top_box.php +1 -1
  4. callback.php +0 -251
  5. callback/base.php +24 -0
  6. callback/handler.php +113 -0
  7. callback/request.php +113 -0
  8. callback/response.php +20 -90
  9. callback/streams.php +87 -12
  10. callback/wings/account.php +47 -0
  11. callback/wings/auth.php +0 -26
  12. callback/wings/brand.php +35 -29
  13. callback/wings/db.php +123 -100
  14. callback/wings/fs.php +95 -73
  15. callback/wings/fw.php +27 -19
  16. callback/wings/info.php +90 -78
  17. callback/wings/ipstore.php +33 -34
  18. callback/wings/lp.php +38 -36
  19. callback/wings/misc.php +49 -31
  20. callback/wings/monit.php +53 -38
  21. callback/wings/protect.php +34 -24
  22. fw/config.php +0 -167
  23. info.php +86 -0
  24. lp/config.php +0 -80
  25. main.php +0 -167
  26. main/auth.php +0 -106
  27. main/lib.php +0 -44
  28. main/site_info.php +0 -99
  29. malcare.php +71 -45
  30. ipstore.php → protect/ipstore.php +5 -5
  31. logger.php → protect/logger.php +0 -0
  32. protect.php → protect/protect.php +15 -9
  33. protect/wp_fw/config.php +168 -0
  34. {fw → protect/wp_fw}/fw.php +39 -37
  35. {fw → protect/wp_fw}/request.php +19 -19
  36. protect/wp_lp/config.php +82 -0
  37. {lp → protect/wp_lp}/lp.php +38 -37
  38. readme.txt +5 -2
  39. wp_actions.php +54 -0
  40. admin.php → wp_admin.php +39 -30
  41. wp_api.php +26 -0
  42. main/db.php → wp_db.php +32 -35
  43. wp_settings.php +54 -0
  44. wp_site_info.php +79 -0
account.php ADDED
@@ -0,0 +1,187 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ if (!defined('ABSPATH')) exit;
4
+ if (!class_exists('MCAccount')) :
5
+ class MCAccount {
6
+ public $settings;
7
+ public $public;
8
+ public $secret;
9
+ public $sig_match;
10
+
11
+ public function __construct($settings, $public, $secret) {
12
+ $this->settings = $settings;
13
+ $this->public = $public;
14
+ $this->secret = $secret;
15
+ }
16
+
17
+ public static function find($settings, $public = false) {
18
+ if (!$public) {
19
+ $public = self::defaultPublic($settings);
20
+ }
21
+ $bvkeys = self::allKeys($settings);
22
+ if ($public && array_key_exists($public, $bvkeys) && isset($bvkeys[$public])) {
23
+ $secret = $bvkeys[$public];
24
+ } else {
25
+ $secret = self::defaultSecret($settings);
26
+ }
27
+ return new self($settings, $public, $secret);
28
+ }
29
+
30
+ public static function randString($length) {
31
+ $chars = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
32
+
33
+ $str = "";
34
+ $size = strlen($chars);
35
+ for( $i = 0; $i < $length; $i++ ) {
36
+ $str .= $chars[rand(0, $size - 1)];
37
+ }
38
+ return $str;
39
+ }
40
+
41
+ public static function allAccounts($settings) {
42
+ return $settings->getOption('bvAccounts');
43
+ }
44
+
45
+ public static function hasAccount($settings) {
46
+ $accounts = self::allAccounts($settings);
47
+ return (is_array($accounts) && sizeof($accounts) >= 1);
48
+ }
49
+
50
+ public static function isConfigured($settings) {
51
+ return self::defaultPublic($settings);
52
+ }
53
+
54
+ public function setup() {
55
+ $bvinfo = new MCInfo($this->settings);
56
+ $this->settings->updateOption('bvSecretKey', self::randString(32));
57
+ $this->settings->updateOption($bvinfo->plug_redirect, 'yes');
58
+ $this->settings->updateOption('bvActivateTime', time());
59
+ }
60
+
61
+ public function authenticatedUrl($method) {
62
+ $bvinfo = new MCInfo($this->settings);
63
+ $qstr = http_build_query($this->newAuthParams($bvinfo->version));
64
+ return $bvinfo->appUrl().$method."?".$qstr;
65
+ }
66
+
67
+ public function newAuthParams($version) {
68
+ $args = array();
69
+ $time = time();
70
+ $sig = sha1($this->public.$this->secret.$time.$version);
71
+ $args['sig'] = $sig;
72
+ $args['bvTime'] = $time;
73
+ $args['bvPublic'] = $this->public;
74
+ $args['bvVersion'] = $version;
75
+ $args['sha1'] = '1';
76
+ return $args;
77
+ }
78
+
79
+ public static function defaultPublic($settings) {
80
+ return $settings->getOption('bvPublic');
81
+ }
82
+
83
+ public static function defaultSecret($settings) {
84
+ return $settings->getOption('bvSecretKey');
85
+ }
86
+
87
+ public static function allKeys($settings) {
88
+ $keys = $settings->getOption('bvkeys');
89
+ if (!is_array($keys)) {
90
+ $keys = array();
91
+ }
92
+ $public = self::defaultPublic($settings);
93
+ $secret = self::defaultSecret($settings);
94
+ if ($public)
95
+ $keys[$public] = $secret;
96
+ $keys['default'] = $secret;
97
+ return $keys;
98
+ }
99
+
100
+ public function addKeys($public, $secret) {
101
+ $bvkeys = $this->settings->getOption('bvkeys');
102
+ if (!$bvkeys || (!is_array($bvkeys))) {
103
+ $bvkeys = array();
104
+ }
105
+ $bvkeys[$public] = $secret;
106
+ $this->settings->updateOption('bvkeys', $bvkeys);
107
+ }
108
+
109
+ public function updateKeys($publickey, $secretkey) {
110
+ $this->settings->updateOption('bvPublic', $publickey);
111
+ $this->settings->updateOption('bvSecretKey', $secretkey);
112
+ $this->addKeys($publickey, $secretkey);
113
+ }
114
+
115
+ public function rmKeys($publickey) {
116
+ $bvkeys = $this->settings->getOption('bvkeys');
117
+ if ($bvkeys && is_array($bvkeys)) {
118
+ unset($bvkeys[$publickey]);
119
+ $this->settings->updateOption('bvkeys', $bvkeys);
120
+ return true;
121
+ }
122
+ return false;
123
+ }
124
+
125
+ public function respInfo() {
126
+ return array(
127
+ "public" => substr($this->public, 0, 6),
128
+ "sigmatch" => substr($this->sig_match, 0, 6)
129
+ );
130
+ }
131
+
132
+ public function authenticate() {
133
+ $method = $_REQUEST['bvMethod'];
134
+ $time = intval($_REQUEST['bvTime']);
135
+ $version = $_REQUEST['bvVersion'];
136
+ $sig = $_REQUEST['sig'];
137
+ if ($time < intval($this->settings->getOption('bvLastRecvTime')) - 300) {
138
+ return false;
139
+ }
140
+ if (array_key_exists('sha1', $_REQUEST)) {
141
+ $sig_match = sha1($method.$this->secret.$time.$version);
142
+ } else {
143
+ $sig_match = md5($method.$this->secret.$time.$version);
144
+ }
145
+ $this->sig_match = $sig_match;
146
+ if ($sig_match !== $sig) {
147
+ return $sig_match;
148
+ }
149
+ $this->settings->updateOption('bvLastRecvTime', $time);
150
+ return 1;
151
+ }
152
+
153
+ public function add($info) {
154
+ $accounts = self::allAccounts($this->settings);
155
+ if(!is_array($accounts)) {
156
+ $accounts = array();
157
+ }
158
+ $pubkey = $info['pubkey'];
159
+ $accounts[$pubkey]['lastbackuptime'] = time();
160
+ $accounts[$pubkey]['url'] = $info['url'];
161
+ $accounts[$pubkey]['email'] = $info['email'];
162
+ $this->update($accounts);
163
+ }
164
+
165
+ public function remove($pubkey) {
166
+ $bvkeys = $this->settings->getOption('bvkeys');
167
+ $accounts = self::allAccounts($this->settings);
168
+ $this->rmkeys($pubkey);
169
+ $this->setup();
170
+ if ($accounts && is_array($accounts)) {
171
+ unset($accounts[$pubkey]);
172
+ $this->update($accounts);
173
+ return true;
174
+ }
175
+ return false;
176
+ }
177
+
178
+ public function doesAccountExists($pubkey) {
179
+ $accounts = self::allAccounts($this->settings);
180
+ return array_key_exists($pubkey, $accounts);
181
+ }
182
+
183
+ public function update($accounts) {
184
+ $this->settings->updateOption('bvAccounts', $accounts);
185
+ }
186
+ }
187
+ endif;
admin/main_page.php CHANGED
@@ -17,7 +17,7 @@
17
  <div class="mui-container-fluid" style="padding: 0px;">
18
  <div class="mui-col-md-10" style="padding-left: 0px;">
19
  <br>
20
- <?php if ($this->bvmain->isConfigured()) { ?>
21
  <div class="bv-box" style="overflow: hidden;">
22
  <div class="mui-col-md-8" style="margin: 15px auto; overflow: hidden; float: inherit;">
23
  <div class="mui-panel mui--text-center" style="margin-bottom:0!important;background-color:#4caf50;">
@@ -25,7 +25,7 @@
25
  </div>
26
  <div class="mui-panel" style="height: 240px;">
27
  <div class="mui--text-body1" style="font-size: 20px; text-align: center;">View detailed security statistics on Dashboard.</div>
28
- <div style="text-align: center;"><a class="mui-btn mui-btn--raised mui-btn--primary custom-bv-button" href=<?php echo $this->bvmain->authenticatedUrl('/malcare/access')?> target="_blank">Visit Dashboard</a></div>
29
  <div style="text-align: center; margin-top: 10px;">
30
  <span>Loved Malcare ? Share a Word </span>
31
  <br>
@@ -48,7 +48,7 @@
48
  <?php require_once dirname( __FILE__ ) . "/top_box.php";?>
49
  </div>
50
  <div class="mui-panel new-account-panel">
51
- <form dummy=">" action="<?php echo $this->bvmain->appUrl(); ?>/home/mc_signup" style="padding-top:10px; margin: 0px;" onsubmit="document.getElementById('get-started').disabled = true;" method="post" name="signup">
52
  <div style="width: 800px; margin: 0 auto; padding: 10px;">
53
  <div class="mui--text-title form-title">Let's scan your website</div>
54
  <input type='hidden' name='bvsrc' value='wpplugin' />
17
  <div class="mui-container-fluid" style="padding: 0px;">
18
  <div class="mui-col-md-10" style="padding-left: 0px;">
19
  <br>
20
+ <?php if (MCAccount::isConfigured($this->settings)) { ?>
21
  <div class="bv-box" style="overflow: hidden;">
22
  <div class="mui-col-md-8" style="margin: 15px auto; overflow: hidden; float: inherit;">
23
  <div class="mui-panel mui--text-center" style="margin-bottom:0!important;background-color:#4caf50;">
25
  </div>
26
  <div class="mui-panel" style="height: 240px;">
27
  <div class="mui--text-body1" style="font-size: 20px; text-align: center;">View detailed security statistics on Dashboard.</div>
28
+ <div style="text-align: center;"><a class="mui-btn mui-btn--raised mui-btn--primary custom-bv-button" href=<?php echo $this->account->authenticatedUrl('/malcare/access')?> target="_blank">Visit Dashboard</a></div>
29
  <div style="text-align: center; margin-top: 10px;">
30
  <span>Loved Malcare ? Share a Word </span>
31
  <br>
48
  <?php require_once dirname( __FILE__ ) . "/top_box.php";?>
49
  </div>
50
  <div class="mui-panel new-account-panel">
51
+ <form dummy=">" action="<?php echo $this->bvinfo->appUrl(); ?>/home/mc_signup" style="padding-top:10px; margin: 0px;" onsubmit="document.getElementById('get-started').disabled = true;" method="post" name="signup">
52
  <div style="width: 800px; margin: 0 auto; padding: 10px;">
53
  <div class="mui--text-title form-title">Let's scan your website</div>
54
  <input type='hidden' name='bvsrc' value='wpplugin' />
admin/top_box.php CHANGED
@@ -1,4 +1,4 @@
1
- <?php if (!$this->bvmain->isConfigured()) { ?>
2
  <div class="mui--text-title main-title">Are you Hacked? Scan Your Website for FREE.</div>
3
  <br/><br/>
4
  <?php } ?>
1
+ <?php if (!MCAccount::isConfigured($this->settings)) { ?>
2
  <div class="mui--text-title main-title">Are you Hacked? Scan Your Website for FREE.</div>
3
  <br/><br/>
4
  <?php } ?>
callback.php DELETED
@@ -1,251 +0,0 @@
1
- <?php
2
-
3
- if (!defined('ABSPATH')) exit;
4
- if (!class_exists('BVCallback')) :
5
-
6
- require_once dirname( __FILE__ ) . '/callback/response.php';
7
-
8
- class BVCallback {
9
- public $bvmain;
10
- function __construct($bvmain) {
11
- $this->bvmain = $bvmain;
12
- }
13
-
14
- public function serversig($full = false) {
15
- $sig = sha1($_SERVER['SERVER_ADDR'].ABSPATH);
16
- if ($full)
17
- return $sig;
18
- else
19
- return substr($sig, 0, 6);
20
- }
21
-
22
- public function terminate($with_basic, $bvdebug = false) {
23
- global $bvresp;
24
- $public = $this->bvmain->auth->defaultPublic();
25
- $bvresp->addStatus("signature", "Blogvault API");
26
- $bvresp->addStatus("asymauth", "true");
27
- $bvresp->addStatus("sha1", "true");
28
- $bvresp->addStatus("dbsig", $this->bvmain->lib->dbsig(false));
29
- $bvresp->addStatus("serversig", $this->serversig(false));
30
- $bvresp->addStatus("public", substr($public, 0, 6));
31
- if (array_key_exists('adajx', $_REQUEST)) {
32
- $bvresp->addStatus("adajx", true);
33
- }
34
- if ($with_basic) {
35
- $binfo = array();
36
- $this->bvmain->info->basic($binfo);
37
- $bvresp->addStatus("basic", $binfo);
38
- $bvresp->addStatus("bvversion", $this->bvmain->version);
39
- }
40
-
41
- if ($bvdebug) {
42
- $bvresp->addStatus("inreq", $_REQUEST);
43
- }
44
-
45
- $bvresp->finish();
46
- exit;
47
- }
48
-
49
- public function processParams() {
50
- if (array_key_exists('concat', $_REQUEST)) {
51
- foreach ($_REQUEST['concat'] as $key) {
52
- $concated = '';
53
- $count = intval($_REQUEST[$key]);
54
- for ($i = 1; $i <= $count; $i++) {
55
- $concated .= $_REQUEST[$key."_bv_".$i];
56
- }
57
- $_REQUEST[$key] = $concated;
58
- }
59
- }
60
- if (array_key_exists('b64', $_REQUEST)) {
61
- foreach ($_REQUEST['b64'] as $key) {
62
- if (is_array($_REQUEST[$key])) {
63
- $_REQUEST[$key] = array_map('base64_decode', $_REQUEST[$key]);
64
- } else {
65
- $_REQUEST[$key] = base64_decode($_REQUEST[$key]);
66
- }
67
- }
68
- }
69
- if (array_key_exists('unser', $_REQUEST)) {
70
- foreach ($_REQUEST['unser'] as $key) {
71
- $_REQUEST[$key] = json_decode($_REQUEST[$key], TRUE);
72
- }
73
- }
74
- if (array_key_exists('b642', $_REQUEST)) {
75
- foreach ($_REQUEST['b642'] as $key) {
76
- if (is_array($_REQUEST[$key])) {
77
- $_REQUEST[$key] = array_map('base64_decode', $_REQUEST[$key]);
78
- } else {
79
- $_REQUEST[$key] = base64_decode($_REQUEST[$key]);
80
- }
81
- }
82
- }
83
- if (array_key_exists('dic', $_REQUEST)) {
84
- foreach ($_REQUEST['dic'] as $key => $mkey) {
85
- $_REQUEST[$mkey] = $_REQUEST[$key];
86
- unset($_REQUEST[$key]);
87
- }
88
- }
89
- if (array_key_exists('clacts', $_REQUEST)) {
90
- foreach ($_REQUEST['clacts'] as $action) {
91
- remove_all_actions($action);
92
- }
93
- }
94
- if (array_key_exists('clallacts', $_REQUEST)) {
95
- global $wp_filter;
96
- foreach ( $wp_filter as $filter => $val ){
97
- remove_all_actions($filter);
98
- }
99
- }
100
- if (array_key_exists('memset', $_REQUEST)) {
101
- $val = intval(urldecode($_REQUEST['memset']));
102
- @ini_set('memory_limit', $val.'M');
103
- }
104
- }
105
-
106
- public function recover() {
107
- $recover = new BVRecover(base64_decode($_REQUEST['sig']), $_REQUEST['orig'],
108
- $_REQUEST['keyname'], $_REQUEST["keysize"]);
109
- if ($recover->validate() && ($recover->process() === 1)) {
110
- $recover->processKeyExchange();
111
- return 1;
112
- }
113
- return false;
114
- }
115
-
116
- public function preauth() {
117
- global $bvresp;
118
- if (array_key_exists('obend', $_REQUEST) && function_exists('ob_end_clean'))
119
- @ob_end_clean();
120
- if (array_key_exists('op_reset', $_REQUEST) && function_exists('output_reset_rewrite_vars'))
121
- @output_reset_rewrite_vars();
122
- if (array_key_exists('binhead', $_REQUEST)) {
123
- header("Content-type: application/binary");
124
- header('Content-Transfer-Encoding: binary');
125
- }
126
- if (array_key_exists('bvrcvr', $_REQUEST)) {
127
- require_once dirname( __FILE__ ) . '/callback/recover.php';
128
- if ($this->recover() !== 1) {
129
- $bvresp->addStatus("statusmsg", 'failed authentication');
130
- }
131
- $this->terminate(false, array_key_exists('bvdbg', $_REQUEST));
132
- return false;
133
- }
134
- return 1;
135
- }
136
-
137
- public function authenticate() {
138
- global $bvresp;
139
- $auth = $this->bvmain->auth;
140
- $method = $_REQUEST['bvMethod'];
141
- $time = intval($_REQUEST['bvTime']);
142
- $version = $_REQUEST['bvVersion'];
143
- $sig = $_REQUEST['sig'];
144
- $public = $auth->publicParam();
145
-
146
- $bvresp->addStatus("requestedsig", $sig);
147
- $bvresp->addStatus("requestedtime", $time);
148
- $bvresp->addStatus("requestedversion", $version);
149
-
150
- $sig_match = $auth->validate($public, $method, $time, $version, $sig);
151
- if ($sig_match === 1) {
152
- return 1;
153
- } else {
154
- $bvresp->addStatus("sigmatch", substr($sig_match, 0, 6));
155
- $bvresp->addStatus("statusmsg", 'failed authentication');
156
- return false;
157
- }
158
- }
159
-
160
- public function route($wing, $method) {
161
- global $bvresp;
162
- $bvresp->addStatus("callback", $method);
163
- switch ($wing) {
164
- case 'manage':
165
- require_once dirname( __FILE__ ) . '/callback/wings/manage.php';
166
- $module = new BVManageCallback();
167
- break;
168
- case 'fs':
169
- require_once dirname( __FILE__ ) . '/callback/wings/fs.php';
170
- $module = new BVFSCallback();
171
- break;
172
- case 'db':
173
- require_once dirname( __FILE__ ) . '/callback/wings/db.php';
174
- $module = new BVDBCallback();
175
- break;
176
- case 'info':
177
- require_once dirname( __FILE__ ) . '/callback/wings/info.php';
178
- $module = new BVInfoCallback();
179
- break;
180
- case 'dynsync':
181
- require_once dirname( __FILE__ ) . '/callback/wings/dynsync.php';
182
- $module = new BVDynSyncCallback();
183
- break;
184
- case 'ipstr':
185
- require_once dirname( __FILE__ ) . '/callback/wings/ipstore.php';
186
- $module = new BVIPStoreCallback();
187
- break;
188
- case 'auth':
189
- require_once dirname( __FILE__ ) . '/callback/wings/auth.php';
190
- $module = new BVAuthCallback();
191
- break;
192
- case 'fw':
193
- require_once dirname( __FILE__ ) . '/callback/wings/fw.php';
194
- $module = new BVFirewallCallback();
195
- break;
196
- case 'lp':
197
- require_once dirname( __FILE__ ) . '/callback/wings/lp.php';
198
- $module = new BVLoginProtectCallback();
199
- break;
200
- case 'monit':
201
- require_once dirname( __FILE__ ) . '/callback/wings/monit.php';
202
- $module = new BVMonitCallback();
203
- break;
204
- case 'brand':
205
- require_once dirname( __FILE__ ) . '/callback/wings/brand.php';
206
- $module = new BVBrandCallback();
207
- break;
208
- case 'pt':
209
- require_once dirname( __FILE__ ) . '/callback/wings/protect.php';
210
- $module = new BVProtectCallback();
211
- break;
212
- case 'act':
213
- require_once dirname( __FILE__ ) . '/callback/wings/account.php';
214
- $module = new BVAccountCallback();
215
- break;
216
- default:
217
- require_once dirname( __FILE__ ) . '/callback/wings/misc.php';
218
- $module = new BVMiscCallback();
219
- break;
220
- }
221
- $rval = $module->process($method);
222
- if ($rval === false) {
223
- $bvresp->addStatus("statusmsg", "Bad Command");
224
- $bvresp->addStatus("status", false);
225
- }
226
- return 1;
227
- }
228
-
229
- public function bvAdmExecuteWithoutUser() {
230
- global $bvresp;
231
- $bvresp->addStatus("bvadmwithoutuser", true);
232
- $this->execute();
233
- }
234
-
235
- public function bvAdmExecuteWithUser() {
236
- global $bvresp;
237
- $bvresp->addStatus("bvadmwithuser", true);
238
- $this->execute();
239
- }
240
-
241
- public function execute() {
242
- global $bvresp;
243
- $this->processParams();
244
- if ($bvresp->startStream()) {
245
- $this->route($_REQUEST['wing'], $_REQUEST['bvMethod']);
246
- $bvresp->endStream();
247
- }
248
- $this->terminate(true, array_key_exists('bvdbg', $_REQUEST));
249
- }
250
- }
251
- endif;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
callback/base.php ADDED
@@ -0,0 +1,24 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ if (!defined('ABSPATH')) exit;
4
+ if (!class_exists('BVCallbackBase')) :
5
+
6
+ class BVCallbackBase {
7
+ public function objectToArray($obj) {
8
+ return json_decode(json_encode($obj), true);
9
+ }
10
+
11
+ public function base64Encode($data, $chunk_size) {
12
+ if ($chunk_size) {
13
+ $out = "";
14
+ $len = strlen($data);
15
+ for ($i = 0; $i < $len; $i += $chunk_size) {
16
+ $out .= base64_encode(substr($data, $i, $chunk_size));
17
+ }
18
+ } else {
19
+ $out = base64_encode($data);
20
+ }
21
+ return $out;
22
+ }
23
+ }
24
+ endif;
callback/handler.php ADDED
@@ -0,0 +1,113 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ if (!defined('ABSPATH')) exit;
4
+ if (!class_exists('BVCallbackHandler')) :
5
+
6
+ class BVCallbackHandler {
7
+ public $db;
8
+ public $settings;
9
+ public $siteinfo;
10
+ public $request;
11
+ public $account;
12
+ public $response;
13
+
14
+ public function __construct($db, $settings, $siteinfo, $request, $account) {
15
+ $this->db = $db;
16
+ $this->settings = $settings;
17
+ $this->siteinfo = $siteinfo;
18
+ $this->request = $request;
19
+ $this->account = $account;
20
+ $this->response = new BVCallbackResponse();
21
+ }
22
+
23
+ public function bvAdmExecuteWithoutUser() {
24
+ $this->execute(array("bvadmwithoutuser" => true));
25
+ }
26
+
27
+ public function bvAdmExecuteWithUser() {
28
+ $this->execute(array("bvadmwithuser" => true));
29
+ }
30
+
31
+ public function execute($resp = array()) {
32
+ $this->routeRequest();
33
+ $bvinfo = new MCInfo($this->settings);
34
+ $resp = array(
35
+ "request_info" => $this->request->respInfo(),
36
+ "site_info" => $this->siteinfo->respInfo(),
37
+ "account_info" => $this->account->respInfo(),
38
+ "bvinfo" => $bvinfo->respInfo()
39
+ );
40
+ $this->response->terminate($resp, $this->request->params);
41
+ }
42
+
43
+ public function routeRequest() {
44
+ switch ($this->request->wing) {
45
+ case 'manage':
46
+ require_once dirname( __FILE__ ) . '/wings/manage.php';
47
+ $module = new BVManageCallback($this);
48
+ break;
49
+ case 'fs':
50
+ require_once dirname( __FILE__ ) . '/wings/fs.php';
51
+ $module = new BVFSCallback($this);
52
+ break;
53
+ case 'db':
54
+ require_once dirname( __FILE__ ) . '/wings/db.php';
55
+ $module = new BVDBCallback($this);
56
+ break;
57
+ case 'info':
58
+ require_once dirname( __FILE__ ) . '/wings/info.php';
59
+ $module = new BVInfoCallback($this);
60
+ break;
61
+ case 'dynsync':
62
+ require_once dirname( __FILE__ ) . '/wings/dynsync.php';
63
+ $module = new BVDynSyncCallback($this);
64
+ break;
65
+ case 'ipstr':
66
+ require_once dirname( __FILE__ ) . '/wings/ipstore.php';
67
+ $module = new BVIPStoreCallback($this);
68
+ break;
69
+ case 'fw':
70
+ require_once dirname( __FILE__ ) . '/wings/fw.php';
71
+ $module = new BVFirewallCallback($this);
72
+ break;
73
+ case 'lp':
74
+ require_once dirname( __FILE__ ) . '/wings/lp.php';
75
+ $module = new BVLoginProtectCallback($this);
76
+ break;
77
+ case 'monit':
78
+ require_once dirname( __FILE__ ) . '/wings/monit.php';
79
+ $module = new BVMonitCallback($this);
80
+ break;
81
+ case 'brand':
82
+ require_once dirname( __FILE__ ) . '/wings/brand.php';
83
+ $module = new BVBrandCallback($this);
84
+ break;
85
+ case 'pt':
86
+ require_once dirname( __FILE__ ) . '/wings/protect.php';
87
+ $module = new BVProtectCallback($this);
88
+ break;
89
+ case 'act':
90
+ require_once dirname( __FILE__ ) . '/wings/account.php';
91
+ $module = new BVAccountCallback($this);
92
+ break;
93
+ default:
94
+ require_once dirname( __FILE__ ) . '/wings/misc.php';
95
+ $module = new BVMiscCallback($this);
96
+ break;
97
+ }
98
+ $resp = $module->process($this->request);
99
+ if ($resp === false) {
100
+ $resp = array(
101
+ "statusmsg" => "Bad Command",
102
+ "status" => false);
103
+ }
104
+ $resp = array(
105
+ $this->request->wing => array(
106
+ $this->request->method => $resp
107
+ )
108
+ );
109
+ $this->response->addStatus("callbackresponse", $resp);
110
+ return 1;
111
+ }
112
+ }
113
+ endif;
callback/request.php ADDED
@@ -0,0 +1,113 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ if (!defined('ABSPATH')) exit;
4
+ if (!class_exists('BVCallbackRequest')) :
5
+ class BVCallbackRequest {
6
+ public $params;
7
+ public $method;
8
+ public $wing;
9
+ public $is_afterload;
10
+ public $is_admin_ajax;
11
+ public $is_debug;
12
+ public $is_recovery;
13
+
14
+ public function __construct($params) {
15
+ $this->params = $params;
16
+ $this->wing = $this->params['wing'];
17
+ $this->method = $this->params['bvMethod'];
18
+ $this->is_afterload = array_key_exists('afterload', $this->params);
19
+ $this->is_admin_ajax = array_key_exists('adajx', $this->params);
20
+ $this->is_debug = array_key_exists('bvdbg', $this->params);
21
+ $this->is_recovery = array_key_exists('bvrcvr', $this->params);
22
+ }
23
+
24
+ public function isAPICall() {
25
+ return array_key_exists('apicall', $this->params);
26
+ }
27
+
28
+ public function respInfo() {
29
+ $info = array(
30
+ "requestedsig" => $this->params['sig'],
31
+ "requestedtime" => intval($this->params['bvTime']),
32
+ "requestedversion" => $this->params['bvVersion']
33
+ );
34
+ if ($this->is_debug) {
35
+ $info["inreq"] = $this->params;
36
+ }
37
+ if ($this->is_admin_ajax) {
38
+ $info["adajx"] = true;
39
+ }
40
+ if ($this->is_afterload) {
41
+ $info["afterload"] = true;
42
+ }
43
+ return $info;
44
+ }
45
+
46
+ public function processParams() {
47
+ $params = $this->params;
48
+ if (array_key_exists('obend', $params) && function_exists('ob_end_clean'))
49
+ @ob_end_clean();
50
+ if (array_key_exists('op_reset', $params) && function_exists('output_reset_rewrite_vars'))
51
+ @output_reset_rewrite_vars();
52
+ if (array_key_exists('binhead', $params)) {
53
+ header("Content-type: application/binary");
54
+ header('Content-Transfer-Encoding: binary');
55
+ }
56
+ if (array_key_exists('concat', $params)) {
57
+ foreach ($params['concat'] as $key) {
58
+ $concated = '';
59
+ $count = intval($params[$key]);
60
+ for ($i = 1; $i <= $count; $i++) {
61
+ $concated .= $params[$key."_bv_".$i];
62
+ }
63
+ $params[$key] = $concated;
64
+ }
65
+ }
66
+ if (array_key_exists('b64', $params)) {
67
+ foreach ($params['b64'] as $key) {
68
+ if (is_array($params[$key])) {
69
+ $params[$key] = array_map('base64_decode', $params[$key]);
70
+ } else {
71
+ $params[$key] = base64_decode($params[$key]);
72
+ }
73
+ }
74
+ }
75
+ if (array_key_exists('unser', $params)) {
76
+ foreach ($params['unser'] as $key) {
77
+ $params[$key] = json_decode($params[$key], TRUE);
78
+ }
79
+ }
80
+ if (array_key_exists('b642', $params)) {
81
+ foreach ($params['b642'] as $key) {
82
+ if (is_array($params[$key])) {
83
+ $params[$key] = array_map('base64_decode', $params[$key]);
84
+ } else {
85
+ $params[$key] = base64_decode($params[$key]);
86
+ }
87
+ }
88
+ }
89
+ if (array_key_exists('dic', $params)) {
90
+ foreach ($params['dic'] as $key => $mkey) {
91
+ $params[$mkey] = $params[$key];
92
+ unset($params[$key]);
93
+ }
94
+ }
95
+ if (array_key_exists('clacts', $params)) {
96
+ foreach ($params['clacts'] as $action) {
97
+ remove_all_actions($action);
98
+ }
99
+ }
100
+ if (array_key_exists('clallacts', $params)) {
101
+ global $wp_filter;
102
+ foreach ( $wp_filter as $filter => $val ){
103
+ remove_all_actions($filter);
104
+ }
105
+ }
106
+ if (array_key_exists('memset', $params)) {
107
+ $val = intval(urldecode($params['memset']));
108
+ @ini_set('memory_limit', $val.'M');
109
+ }
110
+ return $params;
111
+ }
112
+ }
113
+ endif;
callback/response.php CHANGED
@@ -1,107 +1,37 @@
1
  <?php
2
 
3
  if (!defined('ABSPATH')) exit;
4
- if (!class_exists('BVResponse')) :
5
-
6
- require_once dirname( __FILE__ ) . '/streams.php';
7
 
8
- class BVResponse {
9
- public $status;
10
- public $stream;
11
 
12
- function __construct() {
13
- $this->status = array("blogvault" => "response");
14
- }
15
-
16
- public function addStatus($key, $value) {
17
- $this->status[$key] = $value;
18
- }
19
-
20
- public function addArrayToStatus($key, $value) {
21
- if (!isset($this->status[$key])) {
22
- $this->status[$key] = array();
23
- }
24
- $this->status[$key][] = $value;
25
- }
26
-
27
- public function base64Encode($data, $chunk_size) {
28
- if ($chunk_size) {
29
- $out = "";
30
- $len = strlen($data);
31
- for ($i = 0; $i < $len; $i += $chunk_size) {
32
- $out .= base64_encode(substr($data, $i, $chunk_size));
33
- }
34
- } else {
35
- $out = base64_encode($data);
36
  }
37
- return $out;
38
- }
39
 
40
- public function finish() {
41
- $response = "bvbvbvbvbv".serialize($this->status)."bvbvbvbvbv";
42
- if (array_key_exists('bvb64resp', $_REQUEST)) {
43
- $chunk_size = array_key_exists('bvb64cksize', $_REQUEST) ? intval($_REQUEST['bvb64cksize']) : false;
44
- $response = "bvb64bvb64".$this->base64Encode($response, $chunk_size)."bvb64bvb64";
45
  }
46
- die($response);
47
- }
48
 
49
- public function writeStream($_string) {
50
- if (strlen($_string) > 0) {
51
- $chunk = "";
52
- if (isset($_REQUEST['bvb64stream'])) {
53
- $chunk_size = array_key_exists('bvb64cksize', $_REQUEST) ? intval($_REQUEST['bvb64cksize']) : false;
54
- $_string = $this->base64Encode($_string, $chunk_size);
55
- $chunk .= "BVB64" . ":";
56
  }
57
- $chunk .= (strlen($_string) . ":" . $_string);
58
- if (isset($_REQUEST['checksum'])) {
59
- if ($_REQUEST['checksum'] == 'crc32') {
60
- $chunk = "CRC32" . ":" . crc32($_string) . ":" . $chunk;
61
- } else if ($_REQUEST['checksum'] == 'md5') {
62
- $chunk = "MD5" . ":" . md5($_string) . ":" . $chunk;
63
- }
64
- }
65
- $this->stream->writeChunk($chunk);
66
  }
67
- }
68
 
69
- public function startStream() {
70
- global $bvcb;
71
- $this->stream = new BVRespStream();
72
- if (array_key_exists('apicall',$_REQUEST)) {
73
- $this->stream = new BVHttpStream($_REQUEST['apihost'], intval($_REQUEST['apiport']), array_key_exists('apissl', $_REQUEST));
74
- if (!$this->stream->connect()) {
75
- $this->addStatus("httperror", "Cannot Open Connection to Host");
76
- $this->addStatus("streamerrno", $this->stream->errno);
77
- $this->addStatus("streamerrstr", $this->stream->errstr);
78
- return false;
79
  }
80
- if (array_key_exists('acbmthd', $_REQUEST)) {
81
- $url = $bvcb->bvmain->authenticatedUrl('/bvapi/'.$_REQUEST['acbmthd'], $_REQUEST['bvapicheck'], false);
82
- if (array_key_exists('acbqry', $_REQUEST)) {
83
- $url .= "&".$_REQUEST['acbqry'];
84
- }
85
- $this->stream->multipartChunkedPost($url);
86
- } else {
87
- $this->addStatus("httperror", "ApiCall method not present");
88
- return false;
89
- }
90
- }
91
- return true;
92
- }
93
 
94
- public function endStream() {
95
- $this->stream->endStream();
96
- if (array_key_exists('apicall', $_REQUEST)) {
97
- $resp = $this->stream->getResponse();
98
- if (array_key_exists('httperror', $resp)) {
99
- $this->addStatus("httperror", $resp['httperror']);
100
- } else {
101
- $this->addStatus("respstatus", $resp['status']);
102
- $this->addStatus("respstatus_string", $resp['status_string']);
103
- }
104
  }
105
  }
106
- }
107
  endif;
1
  <?php
2
 
3
  if (!defined('ABSPATH')) exit;
4
+ if (!class_exists('BVCallbackResponse')) :
 
 
5
 
6
+ class BVCallbackResponse extends BVCallbackBase {
7
+ public $status;
 
8
 
9
+ public function __construct() {
10
+ $this->status = array("blogvault" => "response");
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
11
  }
 
 
12
 
13
+ public function addStatus($key, $value) {
14
+ $this->status[$key] = $value;
 
 
 
15
  }
 
 
16
 
17
+ public function addArrayToStatus($key, $value) {
18
+ if (!isset($this->status[$key])) {
19
+ $this->status[$key] = array();
 
 
 
 
20
  }
21
+ $this->status[$key][] = $value;
 
 
 
 
 
 
 
 
22
  }
 
23
 
24
+ public function terminate($resp = array(), $req_params) {
25
+ $resp = array_merge($this->status, $resp);
26
+ $resp["signature"] = "Blogvault API";
27
+ $response = "bvbvbvbvbv".serialize($resp)."bvbvbvbvbv";
28
+ if (array_key_exists('bvb64resp', $req_params)) {
29
+ $chunk_size = array_key_exists('bvb64cksize', $req_params) ? intval($req_params['bvb64cksize']) : false;
30
+ $response = "bvb64bvb64".$this->base64Encode($response, $chunk_size)."bvb64bvb64";
 
 
 
31
  }
32
+ die($response);
 
 
 
 
 
 
 
 
 
 
 
 
33
 
34
+ exit;
 
 
 
 
 
 
 
 
 
35
  }
36
  }
 
37
  endif;
callback/streams.php CHANGED
@@ -2,18 +2,85 @@
2
 
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVRespStream')) :
5
-
6
- class BVRespStream {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
7
  public function writeChunk($_string) {
8
  echo "ckckckckck".$_string."ckckckckck";
9
  }
10
 
11
  public function endStream() {
12
  echo "rerererere";
 
 
13
  }
14
  }
15
 
16
- class BVHttpStream {
17
  var $user_agent = 'BVHttpStream';
18
  var $host;
19
  var $port;
@@ -24,13 +91,11 @@ class BVHttpStream {
24
  var $boundary;
25
  var $apissl;
26
 
27
- /**
28
- * PHP5 constructor.
29
- */
30
- function __construct($_host, $_port, $_apissl) {
31
- $this->host = $_host;
32
- $this->port = $_port;
33
- $this->apissl = $_apissl;
34
  }
35
 
36
  public function connect() {
@@ -95,8 +160,8 @@ class BVHttpStream {
95
 
96
  public function multipartChunkedPost($url) {
97
  $mph = array(
98
- "Content-Disposition" => "form-data; name=bvinfile; filename=data",
99
- "Content-Type" => "application/octet-stream"
100
  );
101
  $rnd = rand(100000, 999999);
102
  $this->boundary = "----".$rnd;
@@ -122,6 +187,16 @@ class BVHttpStream {
122
  $epilogue = "\r\n\r\n--".$this->boundary."--\r\n";
123
  $this->sendChunk($epilogue);
124
  $this->closeChunk();
 
 
 
 
 
 
 
 
 
 
125
  }
126
 
127
  public function getResponse() {
2
 
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVRespStream')) :
5
+
6
+ class BVStream extends BVCallbackBase {
7
+ public $bvb64stream;
8
+ public $bvb64cksize;
9
+ public $checksum;
10
+
11
+ function __construct($params) {
12
+ $this->bvb64stream = isset($params['bvb64stream']);
13
+ $this->bvb64cksize = array_key_exists('bvb64cksize', $params) ? intval($params['bvb64cksize']) : false;
14
+ $this->checksum = array_key_exists('checksum', $params) ? $params['checksum'] : false;
15
+ }
16
+
17
+ public function writeChunk($chunk) {
18
+ }
19
+
20
+ public static function startStream($account, $request) {
21
+ $result = array();
22
+ $params = $request->params;
23
+ $stream = new BVRespStream($params);
24
+ if ($request->isAPICall()) {
25
+ $stream = new BVHttpStream($params);
26
+ if (!$stream->connect()) {
27
+ $apicallstatus = array(
28
+ "httperror" => "Cannot Open Connection to Host",
29
+ "streamerrno" => $stream->errno,
30
+ "streamerrstr" => $stream->errstr
31
+ );
32
+ return array("apicallstatus" => $apicallstatus);
33
+ }
34
+ if (array_key_exists('acbmthd', $params)) {
35
+ $qstr = http_build_query(array('bvapicheck' => $params['bvapicheck']));
36
+ $url = '/bvapi/'.$params['acbmthd']."?".$qstr;
37
+ if (array_key_exists('acbqry', $params)) {
38
+ $url .= "&".$params['acbqry'];
39
+ }
40
+ $stream->multipartChunkedPost($url);
41
+ } else {
42
+ return array("apicallstatus" => array("httperror" => "ApiCall method not present"));
43
+ }
44
+ }
45
+ return array('stream' => $stream);
46
+ }
47
+
48
+ public function writeStream($_string) {
49
+ if (strlen($_string) > 0) {
50
+ $chunk = "";
51
+ if ($this->bvb64stream) {
52
+ $chunk_size = $this->bvb64cksize;
53
+ $_string = $this->base64Encode($_string, $chunk_size);
54
+ $chunk .= "BVB64" . ":";
55
+ }
56
+ $chunk .= (strlen($_string) . ":" . $_string);
57
+ if ($this->checksum == 'crc32') {
58
+ $chunk = "CRC32" . ":" . crc32($_string) . ":" . $chunk;
59
+ } else if ($this->checksum == 'md5') {
60
+ $chunk = "MD5" . ":" . md5($_string) . ":" . $chunk;
61
+ }
62
+ $this->writeChunk($chunk);
63
+ }
64
+ }
65
+ }
66
+
67
+ class BVRespStream extends BVStream {
68
+ function __construct($params) {
69
+ parent::__construct($params);
70
+ }
71
+
72
  public function writeChunk($_string) {
73
  echo "ckckckckck".$_string."ckckckckck";
74
  }
75
 
76
  public function endStream() {
77
  echo "rerererere";
78
+
79
+ return array();
80
  }
81
  }
82
 
83
+ class BVHttpStream extends BVStream {
84
  var $user_agent = 'BVHttpStream';
85
  var $host;
86
  var $port;
91
  var $boundary;
92
  var $apissl;
93
 
94
+ function __construct($params) {
95
+ parent::__construct($params);
96
+ $this->host = $params['apihost'];
97
+ $this->port = intval($params['apiport']);
98
+ $this->apissl = array_key_exists('apissl', $params);
 
 
99
  }
100
 
101
  public function connect() {
160
 
161
  public function multipartChunkedPost($url) {
162
  $mph = array(
163
+ "Content-Disposition" => "form-data; name=bvinfile; filename=data",
164
+ "Content-Type" => "application/octet-stream"
165
  );
166
  $rnd = rand(100000, 999999);
167
  $this->boundary = "----".$rnd;
187
  $epilogue = "\r\n\r\n--".$this->boundary."--\r\n";
188
  $this->sendChunk($epilogue);
189
  $this->closeChunk();
190
+
191
+ $result = array();
192
+ $resp = $this->getResponse();
193
+ if (array_key_exists('httperror', $resp)) {
194
+ $result["httperror"] = $resp['httperror'];
195
+ } else {
196
+ $result["respstatus"] = $resp['status'];
197
+ $result["respstatus_string"] = $resp['status_string'];
198
+ }
199
+ return array("apicallstatus" => $result);
200
  }
201
 
202
  public function getResponse() {
callback/wings/account.php ADDED
@@ -0,0 +1,47 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ if (!defined('ABSPATH')) exit;
4
+ if (!class_exists('BVAccountCallback')) :
5
+ class BVAccountCallback extends BVCallbackBase {
6
+ public $account;
7
+ public $settings;
8
+
9
+ public function __construct($callback_handler) {
10
+ $this->account = $callback_handler->account;
11
+ $this->settings = $callback_handler->settings;
12
+ }
13
+
14
+ function process($request) {
15
+ $params = $request->params;
16
+ $account = $this->account;
17
+ switch ($request->method) {
18
+ case "addkeys":
19
+ $resp = array("status" => $account->addKeys($params['public'], $params['secret']));
20
+ break;
21
+ case "updatekeys":
22
+ $resp = array("status" => $account->updateKeys($params['public'], $params['secret']));
23
+ break;
24
+ case "rmkeys":
25
+ $resp = array("status" => $account->rmKeys($params['public']));
26
+ break;
27
+ case "updt":
28
+ $info = array();
29
+ $info['email'] = $params['email'];
30
+ $info['url'] = $params['url'];
31
+ $info['pubkey'] = $params['pubkey'];
32
+ $account->add($info);
33
+ $resp = array("status" => $account->doesAccountExists($params['pubkey']));
34
+ break;
35
+ case "disc":
36
+ $account->remove($params['pubkey']);
37
+ $resp = array("status" => !$account->doesAccountExists($params['pubkey']));
38
+ case "fetch":
39
+ $resp = array("status" => MCAccount::allAccounts($this->settings));
40
+ break;
41
+ default:
42
+ $resp = false;
43
+ }
44
+ return $resp;
45
+ }
46
+ }
47
+ endif;
callback/wings/auth.php DELETED
@@ -1,26 +0,0 @@
1
- <?php
2
-
3
- if (!defined('ABSPATH')) exit;
4
- if (!class_exists('BVAuthCallback')) :
5
- class BVAuthCallback {
6
-
7
- function process($method) {
8
- global $bvresp, $bvcb;
9
- $auth = $bvcb->bvmain->auth;
10
- switch ($method) {
11
- case "addkeys":
12
- $bvresp->addStatus("status", $auth->addKeys($_REQUEST['public'], $_REQUEST['secret']));
13
- break;
14
- case "updatekeys":
15
- $bvresp->addStatus("status", $auth->updateKeys($_REQUEST['public'], $_REQUEST['secret']));
16
- break;
17
- case "rmkeys":
18
- $bvresp->addStatus("status", $auth->rmKeys($_REQUEST['public']));
19
- break;
20
- default:
21
- return false;
22
- }
23
- return true;
24
- }
25
- }
26
- endif;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
callback/wings/brand.php CHANGED
@@ -3,46 +3,52 @@
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVBrandCallback')) :
5
 
6
- class BVBrandCallback {
7
- public function process($method) {
8
- global $bvresp, $bvcb;
9
- $info = $bvcb->bvmain->info;
10
- $option_name = $bvcb->bvmain->brand_option;
11
- switch($method) {
 
 
 
 
 
 
12
  case 'setbrand':
13
  $brandinfo = array();
14
- if (array_key_exists('hide', $_REQUEST)) {
15
- $brandinfo['hide'] = $_REQUEST['hide'];
16
  } else {
17
- $brandinfo['name'] = $_REQUEST['name'];
18
- $brandinfo['title'] = $_REQUEST['title'];
19
- $brandinfo['description'] = $_REQUEST['description'];
20
- $brandinfo['pluginuri'] = $_REQUEST['pluginuri'];
21
- $brandinfo['author'] = $_REQUEST['author'];
22
- $brandinfo['authorname'] = $_REQUEST['authorname'];
23
- $brandinfo['authoruri'] = $_REQUEST['authoruri'];
24
- $brandinfo['menuname'] = $_REQUEST['menuname'];
25
- $brandinfo['logo'] = $_REQUEST['logo'];
26
- $brandinfo['webpage'] = $_REQUEST['webpage'];
27
- $brandinfo['appurl'] = $_REQUEST['appurl'];
28
- if (array_key_exists('hide_plugin_details', $_REQUEST)) {
29
- $brandinfo['hide_plugin_details'] = $_REQUEST['hide_plugin_details'];
30
  }
31
- if (array_key_exists('hide_from_menu', $_REQUEST)) {
32
- $brandinfo['hide_from_menu'] = $_REQUEST['hide_from_menu'];
33
  }
34
  }
35
- $info->updateOption($option_name, $brandinfo);
36
- $bvresp->addStatus("setbrand", $info->getOption($option_name));
37
  break;
38
  case 'rmbrand':
39
- $info->deleteOption($option_name);
40
- $bvresp->addStatus("rmbrand", !$info->getOption($option_name));
41
  break;
42
  default:
43
- return false;
44
  }
45
- return true;
46
  }
47
  }
48
  endif;
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVBrandCallback')) :
5
 
6
+ class BVBrandCallback extends BVCallbackBase {
7
+ public $settings;
8
+
9
+ public function __construct($callback_handler) {
10
+ $this->settings = $callback_handler->settings;
11
+ }
12
+
13
+ public function process($request) {
14
+ $bvinfo = new MCInfo($this->settings);
15
+ $option_name = $bvinfo->brand_option;
16
+ $params = $request->params;
17
+ switch($request->method) {
18
  case 'setbrand':
19
  $brandinfo = array();
20
+ if (array_key_exists('hide', $params)) {
21
+ $brandinfo['hide'] = $params['hide'];
22
  } else {
23
+ $brandinfo['name'] = $params['name'];
24
+ $brandinfo['title'] = $params['title'];
25
+ $brandinfo['description'] = $params['description'];
26
+ $brandinfo['pluginuri'] = $params['pluginuri'];
27
+ $brandinfo['author'] = $params['author'];
28
+ $brandinfo['authorname'] = $params['authorname'];
29
+ $brandinfo['authoruri'] = $params['authoruri'];
30
+ $brandinfo['menuname'] = $params['menuname'];
31
+ $brandinfo['logo'] = $params['logo'];
32
+ $brandinfo['webpage'] = $params['webpage'];
33
+ $brandinfo['appurl'] = $params['appurl'];
34
+ if (array_key_exists('hide_plugin_details', $params)) {
35
+ $brandinfo['hide_plugin_details'] = $params['hide_plugin_details'];
36
  }
37
+ if (array_key_exists('hide_from_menu', $params)) {
38
+ $brandinfo['hide_from_menu'] = $params['hide_from_menu'];
39
  }
40
  }
41
+ $this->settings->updateOption($option_name, $brandinfo);
42
+ $resp = array("setbrand" => $this->settings->getOption($option_name));
43
  break;
44
  case 'rmbrand':
45
+ $this->settings->deleteOption($option_name);
46
+ $resp = array("rmbrand" => !$this->settings->getOption($option_name));
47
  break;
48
  default:
49
+ $resp = false;
50
  }
51
+ return $resp;
52
  }
53
  }
54
  endif;
callback/wings/db.php CHANGED
@@ -2,7 +2,17 @@
2
 
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVDBCallback')) :
5
- class BVDBCallback {
 
 
 
 
 
 
 
 
 
 
6
 
7
  public function getLastID($pkeys, $end_row) {
8
  $last_ids = array();
@@ -13,11 +23,10 @@ class BVDBCallback {
13
  }
14
 
15
  public function getTableData($table, $tname, $rcount, $offset, $limit, $bsize, $filter, $pkeys, $include_rows = false) {
16
- global $bvcb, $bvresp;
17
  $tinfo = array();
18
 
19
- $rows_count = $bvcb->bvmain->db->rowsCount($table);
20
- $bvresp->addStatus('count', $rows_count);
21
  if ($limit == 0) {
22
  $limit = $rows_count;
23
  }
@@ -25,7 +34,7 @@ class BVDBCallback {
25
  while (($limit > 0) && ($srows > 0)) {
26
  if ($bsize > $limit)
27
  $bsize = $limit;
28
- $rows = $bvcb->bvmain->db->getTableContent($table, '*', $filter, $bsize, $offset);
29
  $srows = sizeof($rows);
30
  $data = array();
31
  $data["offset"] = $offset;
@@ -36,113 +45,127 @@ class BVDBCallback {
36
  $end_row = end($rows);
37
  $last_ids = $this->getLastID($pkeys, $end_row);
38
  $data['last_ids'] = $last_ids;
39
- $bvresp->addStatus('last_ids', $last_ids);
40
  }
41
  if ($include_rows) {
42
  $data["rows"] = $rows;
43
  $str = serialize($data);
44
- $bvresp->writeStream($str);
45
  }
46
  $offset += $srows;
47
  $limit -= $srows;
48
  }
49
- $bvresp->addStatus('size', $offset);
50
- $bvresp->addStatus('tinfo', $tinfo);
 
51
  }
52
 
53
- public function process($method) {
54
- global $bvresp, $bvcb;
55
- $db = $bvcb->bvmain->db;
56
- switch ($method) {
57
- case "gettbls":
58
- $bvresp->addStatus("tables", $db->showTables());
59
- break;
60
- case "tblstatus":
61
- $bvresp->addStatus("statuses", $db->showTableStatus());
62
- break;
63
- case "tablekeys":
64
- $table = urldecode($_REQUEST['table']);
65
- $bvresp->addStatus("table_keys", $db->tableKeys($table));
66
- break;
67
- case "describetable":
68
- $table = urldecode($_REQUEST['table']);
69
- $bvresp->addStatus("table_description", $db->describeTable($table));
70
- break;
71
- case "checktable":
72
- $table = urldecode($_REQUEST['table']);
73
- $type = urldecode($_REQUEST['type']);
74
- $bvresp->addStatus("status", $db->checkTable($table, $type));
75
- break;
76
- case "repairtable":
77
- $table = urldecode($_REQUEST['table']);
78
- $bvresp->addStatus("status", $db->repairTable($table));
79
- break;
80
- case "gettcrt":
81
- $table = urldecode($_REQUEST['table']);
82
- $bvresp->addStatus("create", $db->showTableCreate($table));
83
- break;
84
- case "getrowscount":
85
- $table = urldecode($_REQUEST['table']);
86
- $bvresp->addStatus("count", $db->rowsCount($table));
87
- break;
88
- case "gettablecontent":
89
- $table = urldecode($_REQUEST['table']);
90
- $fields = urldecode($_REQUEST['fields']);
91
- $filter = (array_key_exists('filter', $_REQUEST)) ? urldecode($_REQUEST['filter']) : "";
92
- $limit = intval(urldecode($_REQUEST['limit']));
93
- $offset = intval(urldecode($_REQUEST['offset']));
94
- $pkeys = (array_key_exists('pkeys', $_REQUEST)) ? $_REQUEST['pkeys'] : array();
95
- $bvresp->addStatus('timestamp', time());
96
- $bvresp->addStatus('tablename', $table);
97
- $rows = $db->getTableContent($table, $fields, $filter, $limit, $offset);
98
- $srows = sizeof($rows);
99
- if (!empty($pkeys) && $srows > 0) {
100
- $end_row = end($rows);
101
- $bvresp->addStatus('last_ids', $this->getLastID($pkeys, $end_row));
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
102
  }
103
- $bvresp->addStatus("rows", $rows);
104
- break;
105
- case "tableinfo":
106
- $table = urldecode($_REQUEST['table']);
107
- $offset = intval(urldecode($_REQUEST['offset']));
108
- $limit = intval(urldecode($_REQUEST['limit']));
109
- $bsize = intval(urldecode($_REQUEST['bsize']));
110
- $filter = (array_key_exists('filter', $_REQUEST)) ? urldecode($_REQUEST['filter']) : "";
111
- $rcount = intval(urldecode($_REQUEST['rcount']));
112
- $tname = urldecode($_REQUEST['tname']);
113
- $pkeys = (array_key_exists('pkeys', $_REQUEST)) ? $_REQUEST['pkeys'] : array();
114
- $this->getTableData($table, $tname, $rcount, $offset, $limit, $bsize, $filter, $pkeys, false);
115
- break;
116
- case "uploadrows":
117
- $table = urldecode($_REQUEST['table']);
118
- $offset = intval(urldecode($_REQUEST['offset']));
119
- $limit = intval(urldecode($_REQUEST['limit']));
120
- $bsize = intval(urldecode($_REQUEST['bsize']));
121
- $filter = (array_key_exists('filter', $_REQUEST)) ? urldecode($_REQUEST['filter']) : "";
122
- $rcount = intval(urldecode($_REQUEST['rcount']));
123
- $tname = urldecode($_REQUEST['tname']);
124
- $pkeys = (array_key_exists('pkeys', $_REQUEST)) ? $_REQUEST['pkeys'] : array();
125
- $this->getTableData($table, $tname, $rcount, $offset, $limit, $bsize, $filter, $pkeys, true);
126
- break;
127
- case "tblexists":
128
- $bvresp->addStatus("tblexists", $db->isTablePresent($_REQUEST['tablename']));
129
- break;
130
- case "crttbl":
131
- $bvresp->addStatus("crttbl", $db->createTable($_REQUEST['query'], $_REQUEST['tablename']));
132
- break;
133
- case "drptbl":
134
- $bvresp->addStatus("drptbl", $db->dropBVTable($_REQUEST['name']));
135
- break;
136
- case "trttbl":
137
- $bvresp->addStatus("trttbl", $db->truncateBVTable($_REQUEST['name']));
138
- break;
139
- case "altrtbl":
140
- $bvresp->addStatus("altrtbl", $db->alterBVTable($_REQUEST['query'], $_REQUEST['tablename']));
141
- break;
142
- default:
143
- return false;
144
  }
145
- return true;
146
  }
147
  }
148
  endif;
2
 
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVDBCallback')) :
5
+ require_once dirname( __FILE__ ) . '/../streams.php';
6
+
7
+ class BVDBCallback extends BVCallbackBase {
8
+ public $db;
9
+ public $stream;
10
+ public $account;
11
+
12
+ public function __construct($callback_handler) {
13
+ $this->db = $callback_handler->db;
14
+ $this->account = $callback_handler->account;
15
+ }
16
 
17
  public function getLastID($pkeys, $end_row) {
18
  $last_ids = array();
23
  }
24
 
25
  public function getTableData($table, $tname, $rcount, $offset, $limit, $bsize, $filter, $pkeys, $include_rows = false) {
 
26
  $tinfo = array();
27
 
28
+ $rows_count = $this->db->rowsCount($table);
29
+ $result = array('count' => $rows_count);
30
  if ($limit == 0) {
31
  $limit = $rows_count;
32
  }
34
  while (($limit > 0) && ($srows > 0)) {
35
  if ($bsize > $limit)
36
  $bsize = $limit;
37
+ $rows = $this->db->getTableContent($table, '*', $filter, $bsize, $offset);
38
  $srows = sizeof($rows);
39
  $data = array();
40
  $data["offset"] = $offset;
45
  $end_row = end($rows);
46
  $last_ids = $this->getLastID($pkeys, $end_row);
47
  $data['last_ids'] = $last_ids;
48
+ $result['last_ids'] = $last_ids;
49
  }
50
  if ($include_rows) {
51
  $data["rows"] = $rows;
52
  $str = serialize($data);
53
+ $this->stream->writeStream($str);
54
  }
55
  $offset += $srows;
56
  $limit -= $srows;
57
  }
58
+ $result['size'] = $offset;
59
+ $result['tinfo'] = $tinfo;
60
+ return $result;
61
  }
62
 
63
+ public function process($request) {
64
+ $db = $this->db;
65
+ $params = $request->params;
66
+ $stream_init_info = BVStream::startStream($this->account, $request);
67
+ if (array_key_exists('stream', $stream_init_info)) {
68
+ $this->stream = $stream_init_info['stream'];
69
+ switch ($request->method) {
70
+ case "gettbls":
71
+ $resp = array("tables" => $db->showTables());
72
+ break;
73
+ case "tblstatus":
74
+ $resp = array("statuses" => $db->showTableStatus());
75
+ break;
76
+ case "tablekeys":
77
+ $table = urldecode($params['table']);
78
+ $resp = array("table_keys" => $db->tableKeys($table));
79
+ break;
80
+ case "describetable":
81
+ $table = urldecode($params['table']);
82
+ $resp = array("table_description" => $db->describeTable($table));
83
+ break;
84
+ case "checktable":
85
+ $table = urldecode($params['table']);
86
+ $type = urldecode($params['type']);
87
+ $resp = array("status" => $db->checkTable($table, $type));
88
+ break;
89
+ case "repairtable":
90
+ $table = urldecode($params['table']);
91
+ $resp = array("status" => $db->repairTable($table));
92
+ break;
93
+ case "gettcrt":
94
+ $table = urldecode($params['table']);
95
+ $resp = array("create" => $db->showTableCreate($table));
96
+ break;
97
+ case "getrowscount":
98
+ $table = urldecode($params['table']);
99
+ $resp = array("count" => $db->rowsCount($table));
100
+ break;
101
+ case "gettablecontent":
102
+ $result = array();
103
+ $table = urldecode($params['table']);
104
+ $fields = urldecode($params['fields']);
105
+ $filter = (array_key_exists('filter', $params)) ? urldecode($params['filter']) : "";
106
+ $limit = intval(urldecode($params['limit']));
107
+ $offset = intval(urldecode($params['offset']));
108
+ $pkeys = (array_key_exists('pkeys', $params)) ? $params['pkeys'] : array();
109
+ $result['timestamp'] = time();
110
+ $result['tablename'] = $table;
111
+ $rows = $db->getTableContent($table, $fields, $filter, $limit, $offset);
112
+ $srows = sizeof($rows);
113
+ if (!empty($pkeys) && $srows > 0) {
114
+ $end_row = end($rows);
115
+ $result['last_ids'] = $this->getLastID($pkeys, $end_row);
116
+ }
117
+ $result["rows"] = $rows;
118
+ $resp = $result;
119
+ break;
120
+ case "tableinfo":
121
+ $table = urldecode($params['table']);
122
+ $offset = intval(urldecode($params['offset']));
123
+ $limit = intval(urldecode($params['limit']));
124
+ $bsize = intval(urldecode($params['bsize']));
125
+ $filter = (array_key_exists('filter', $params)) ? urldecode($params['filter']) : "";
126
+ $rcount = intval(urldecode($params['rcount']));
127
+ $tname = urldecode($params['tname']);
128
+ $pkeys = (array_key_exists('pkeys', $params)) ? $params['pkeys'] : array();
129
+ $resp = $this->getTableData($table, $tname, $rcount, $offset, $limit, $bsize, $filter, $pkeys, false);
130
+ break;
131
+ case "uploadrows":
132
+ $table = urldecode($params['table']);
133
+ $offset = intval(urldecode($params['offset']));
134
+ $limit = intval(urldecode($params['limit']));
135
+ $bsize = intval(urldecode($params['bsize']));
136
+ $filter = (array_key_exists('filter', $params)) ? urldecode($params['filter']) : "";
137
+ $rcount = intval(urldecode($params['rcount']));
138
+ $tname = urldecode($params['tname']);
139
+ $pkeys = (array_key_exists('pkeys', $params)) ? $params['pkeys'] : array();
140
+ $resp = $this->getTableData($table, $tname, $rcount, $offset, $limit, $bsize, $filter, $pkeys, true);
141
+ break;
142
+ case "tblexists":
143
+ $resp = array("tblexists" => $db->isTablePresent($params['tablename']));
144
+ break;
145
+ case "crttbl":
146
+ $usedbdelta = array_key_exists('usedbdelta', $params);
147
+ $resp = array("crttbl" => $db->createTable($params['query'], $params['tablename'], $usedbdelta));
148
+ break;
149
+ case "drptbl":
150
+ $resp = array("drptbl" => $db->dropBVTable($params['name']));
151
+ break;
152
+ case "trttbl":
153
+ $resp = array("trttbl" => $db->truncateBVTable($params['name']));
154
+ break;
155
+ case "altrtbl":
156
+ $resp = array("altrtbl" => $db->alterBVTable($params['query'], $params['query']));
157
+ break;
158
+ default:
159
+ $resp = false;
160
+ }
161
+ $end_stream_info = $this->stream->endStream();
162
+ if (!empty($end_stream_info) && is_array($resp)) {
163
+ $resp = array_merge($resp, $end_stream_info);
164
  }
165
+ } else {
166
+ $resp = $stream_init_info;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
167
  }
168
+ return $resp;
169
  }
170
  }
171
  endif;
callback/wings/fs.php CHANGED
@@ -2,7 +2,16 @@
2
 
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVFSCallback')) :
5
- class BVFSCallback {
 
 
 
 
 
 
 
 
 
6
  function fileStat($relfile) {
7
  $absfile = ABSPATH.$relfile;
8
  $fdata = array();
@@ -22,7 +31,6 @@ class BVFSCallback {
22
  }
23
 
24
  function scanFilesUsingGlob($initdir = "./", $offset = 0, $limit = 0, $bsize = 512, $recurse = true, $regex = '{.??,}*') {
25
- global $bvresp;
26
  $i = 0;
27
  $dirs = array();
28
  $dirs[] = $initdir;
@@ -51,7 +59,7 @@ class BVFSCallback {
51
  $bfc++;
52
  if ($bfc == $bsize) {
53
  $str = serialize($bfa);
54
- $bvresp->writeStream($str);
55
  $bfc = 0;
56
  $bfa = array();
57
  }
@@ -63,12 +71,12 @@ class BVFSCallback {
63
  }
64
  if ($bfc != 0) {
65
  $str = serialize($bfa);
66
- $bvresp->writeStream($str);
67
  }
 
68
  }
69
 
70
  function scanFiles($initdir = "./", $offset = 0, $limit = 0, $bsize = 512, $recurse = true) {
71
- global $bvresp;
72
  $i = 0;
73
  $dirs = array();
74
  $dirs[] = $initdir;
@@ -97,7 +105,7 @@ class BVFSCallback {
97
  $bfc++;
98
  if ($bfc == $bsize) {
99
  $str = serialize($bfa);
100
- $bvresp->writeStream($str);
101
  $bfc = 0;
102
  $bfa = array();
103
  }
@@ -110,8 +118,9 @@ class BVFSCallback {
110
  }
111
  if ($bfc != 0) {
112
  $str = serialize($bfa);
113
- $bvresp->writeStream($str);
114
  }
 
115
  }
116
 
117
  function calculateMd5($absfile, $fdata, $offset, $limit, $bsize) {
@@ -141,27 +150,27 @@ class BVFSCallback {
141
  }
142
 
143
  function getFilesStats($files, $offset = 0, $limit = 0, $bsize = 102400, $md5 = false) {
144
- global $bvresp;
145
  foreach ($files as $file) {
146
  $fdata = $this->fileStat($file);
147
  $absfile = ABSPATH.$file;
148
  if (!is_readable($absfile)) {
149
- $bvresp->addArrayToStatus("missingfiles", $file);
150
  continue;
151
  }
152
  if ($md5 === true) {
153
  $fdata["md5"] = $this->calculateMd5($absfile, $fdata, $offset, $limit, $bsize);
154
  }
155
- $bvresp->addArrayToStatus("stats", $fdata);
156
  }
 
157
  }
158
 
159
  function uploadFiles($files, $offset = 0, $limit = 0, $bsize = 102400) {
160
- global $bvresp;
161
-
162
  foreach ($files as $file) {
163
  if (!is_readable(ABSPATH.$file)) {
164
- $bvresp->addArrayToStatus("missingfiles", $file);
165
  continue;
166
  }
167
  $handle = fopen(ABSPATH.$file, "rb");
@@ -175,7 +184,7 @@ class BVFSCallback {
175
  $_limit = $fdata["size"] - $offset;
176
  $fdata["limit"] = $_limit;
177
  $sfdata = serialize($fdata);
178
- $bvresp->writeStream($sfdata);
179
  fseek($handle, $offset, SEEK_SET);
180
  $dlen = 1;
181
  while (($_limit > 0) && ($dlen > 0)) {
@@ -183,76 +192,89 @@ class BVFSCallback {
183
  $_bsize = $_limit;
184
  $d = fread($handle, $_bsize);
185
  $dlen = strlen($d);
186
- $bvresp->writeStream($d);
187
  $_limit -= $dlen;
188
  }
189
  fclose($handle);
190
  } else {
191
- $bvresp->addArrayToStatus("unreadablefiles", $file);
192
  }
193
  }
 
 
194
  }
195
 
196
- function process($method) {
197
- switch ($method) {
198
- case "scanfilesglob":
199
- $initdir = urldecode($_REQUEST['initdir']);
200
- $offset = intval(urldecode($_REQUEST['offset']));
201
- $limit = intval(urldecode($_REQUEST['limit']));
202
- $bsize = intval(urldecode($_REQUEST['bsize']));
203
- $regex = urldecode($_REQUEST['regex']);
204
- $recurse = true;
205
- if (array_key_exists('recurse', $_REQUEST) && $_REQUEST["recurse"] == "false") {
206
- $recurse = false;
207
- }
208
- $this->scanFilesUsingGlob($initdir, $offset, $limit, $bsize, $recurse, $regex);
209
- break;
210
- case "scanfiles":
211
- $initdir = urldecode($_REQUEST['initdir']);
212
- $offset = intval(urldecode($_REQUEST['offset']));
213
- $limit = intval(urldecode($_REQUEST['limit']));
214
- $bsize = intval(urldecode($_REQUEST['bsize']));
215
- $recurse = true;
216
- if (array_key_exists('recurse', $_REQUEST) && $_REQUEST["recurse"] == "false") {
217
- $recurse = false;
218
- }
219
- $this->scanFiles($initdir, $offset, $limit, $bsize, $recurse);
220
- break;
221
- case "getfilesstats":
222
- $files = $_REQUEST['files'];
223
- $offset = intval(urldecode($_REQUEST['offset']));
224
- $limit = intval(urldecode($_REQUEST['limit']));
225
- $bsize = intval(urldecode($_REQUEST['bsize']));
226
- $md5 = false;
227
- if (array_key_exists('md5', $_REQUEST)) {
228
- $md5 = true;
229
- }
230
- $this->getFilesStats($files, $offset, $limit, $bsize, $md5);
231
- break;
232
- case "sendmanyfiles":
233
- $files = $_REQUEST['files'];
234
- $offset = intval(urldecode($_REQUEST['offset']));
235
- $limit = intval(urldecode($_REQUEST['limit']));
236
- $bsize = intval(urldecode($_REQUEST['bsize']));
237
- $this->uploadFiles($files, $offset, $limit, $bsize);
238
- break;
239
- case "filelist":
240
- $initdir = $_REQUEST['initdir'];
241
- $glob_option = GLOB_MARK;
242
- if(array_key_exists('onlydir', $_REQUEST)) {
243
- $glob_option = GLOB_ONLYDIR;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
244
  }
245
- $regex = "*";
246
- if(array_key_exists('regex', $_REQUEST)){
247
- $regex = $_REQUEST['regex'];
248
  }
249
- $directoryList = glob($initdir.$regex, $glob_option);
250
- $this->getFilesStats($directoryList);
251
- break;
252
- default:
253
- return false;
254
  }
255
- return true;
256
  }
257
  }
258
  endif;
2
 
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVFSCallback')) :
5
+ require_once dirname( __FILE__ ) . '/../streams.php';
6
+
7
+ class BVFSCallback extends BVCallbackBase {
8
+ public $stream;
9
+ public $account;
10
+
11
+ public function __construct($callback_handler) {
12
+ $this->account = $callback_handler->account;
13
+ }
14
+
15
  function fileStat($relfile) {
16
  $absfile = ABSPATH.$relfile;
17
  $fdata = array();
31
  }
32
 
33
  function scanFilesUsingGlob($initdir = "./", $offset = 0, $limit = 0, $bsize = 512, $recurse = true, $regex = '{.??,}*') {
 
34
  $i = 0;
35
  $dirs = array();
36
  $dirs[] = $initdir;
59
  $bfc++;
60
  if ($bfc == $bsize) {
61
  $str = serialize($bfa);
62
+ $this->stream->writeStream($str);
63
  $bfc = 0;
64
  $bfa = array();
65
  }
71
  }
72
  if ($bfc != 0) {
73
  $str = serialize($bfa);
74
+ $this->stream->writeStream($str);
75
  }
76
+ return array("status" => "done");
77
  }
78
 
79
  function scanFiles($initdir = "./", $offset = 0, $limit = 0, $bsize = 512, $recurse = true) {
 
80
  $i = 0;
81
  $dirs = array();
82
  $dirs[] = $initdir;
105
  $bfc++;
106
  if ($bfc == $bsize) {
107
  $str = serialize($bfa);
108
+ $this->stream->writeStream($str);
109
  $bfc = 0;
110
  $bfa = array();
111
  }
118
  }
119
  if ($bfc != 0) {
120
  $str = serialize($bfa);
121
+ $this->stream->writeStream($str);
122
  }
123
+ return array("status" => "done");
124
  }
125
 
126
  function calculateMd5($absfile, $fdata, $offset, $limit, $bsize) {
150
  }
151
 
152
  function getFilesStats($files, $offset = 0, $limit = 0, $bsize = 102400, $md5 = false) {
153
+ $result = array();
154
  foreach ($files as $file) {
155
  $fdata = $this->fileStat($file);
156
  $absfile = ABSPATH.$file;
157
  if (!is_readable($absfile)) {
158
+ $result["missingfiles"][] = $file;
159
  continue;
160
  }
161
  if ($md5 === true) {
162
  $fdata["md5"] = $this->calculateMd5($absfile, $fdata, $offset, $limit, $bsize);
163
  }
164
+ $result["stats"][] = $fdata;
165
  }
166
+ return $result;
167
  }
168
 
169
  function uploadFiles($files, $offset = 0, $limit = 0, $bsize = 102400) {
170
+ $result = array();
 
171
  foreach ($files as $file) {
172
  if (!is_readable(ABSPATH.$file)) {
173
+ $result["missingfiles"][] = $file;
174
  continue;
175
  }
176
  $handle = fopen(ABSPATH.$file, "rb");
184
  $_limit = $fdata["size"] - $offset;
185
  $fdata["limit"] = $_limit;
186
  $sfdata = serialize($fdata);
187
+ $this->stream->writeStream($sfdata);
188
  fseek($handle, $offset, SEEK_SET);
189
  $dlen = 1;
190
  while (($_limit > 0) && ($dlen > 0)) {
192
  $_bsize = $_limit;
193
  $d = fread($handle, $_bsize);
194
  $dlen = strlen($d);
195
+ $this->stream->writeStream($d);
196
  $_limit -= $dlen;
197
  }
198
  fclose($handle);
199
  } else {
200
+ $result["unreadablefiles"][] = $file;
201
  }
202
  }
203
+ $result["status"] = "done";
204
+ return $result;
205
  }
206
 
207
+ function process($request) {
208
+ $params = $request->params;
209
+ $stream_init_info = BVStream::startStream($this->account, $request);
210
+ if (array_key_exists('stream', $stream_init_info)) {
211
+ $this->stream = $stream_init_info['stream'];
212
+ switch ($request->method) {
213
+ case "scanfilesglob":
214
+ $initdir = urldecode($params['initdir']);
215
+ $offset = intval(urldecode($params['offset']));
216
+ $limit = intval(urldecode($params['limit']));
217
+ $bsize = intval(urldecode($params['bsize']));
218
+ $regex = urldecode($params['regex']);
219
+ $recurse = true;
220
+ if (array_key_exists('recurse', $params) && $params["recurse"] == "false") {
221
+ $recurse = false;
222
+ }
223
+ $resp = $this->scanFilesUsingGlob($initdir, $offset, $limit, $bsize, $recurse, $regex);
224
+ break;
225
+ case "scanfiles":
226
+ $initdir = urldecode($params['initdir']);
227
+ $offset = intval(urldecode($params['offset']));
228
+ $limit = intval(urldecode($params['limit']));
229
+ $bsize = intval(urldecode($params['bsize']));
230
+ $recurse = true;
231
+ if (array_key_exists('recurse', $params) && $params["recurse"] == "false") {
232
+ $recurse = false;
233
+ }
234
+ $resp = $this->scanFiles($initdir, $offset, $limit, $bsize, $recurse);
235
+ break;
236
+ case "getfilesstats":
237
+ $files = $params['files'];
238
+ $offset = intval(urldecode($params['offset']));
239
+ $limit = intval(urldecode($params['limit']));
240
+ $bsize = intval(urldecode($params['bsize']));
241
+ $md5 = false;
242
+ if (array_key_exists('md5', $params)) {
243
+ $md5 = true;
244
+ }
245
+ $resp = $this->getFilesStats($files, $offset, $limit, $bsize, $md5);
246
+ break;
247
+ case "sendmanyfiles":
248
+ $files = $params['files'];
249
+ $offset = intval(urldecode($params['offset']));
250
+ $limit = intval(urldecode($params['limit']));
251
+ $bsize = intval(urldecode($params['bsize']));
252
+ $resp = $this->uploadFiles($files, $offset, $limit, $bsize);
253
+ break;
254
+ case "filelist":
255
+ $initdir = $params['initdir'];
256
+ $glob_option = GLOB_MARK;
257
+ if(array_key_exists('onlydir', $params)) {
258
+ $glob_option = GLOB_ONLYDIR;
259
+ }
260
+ $regex = "*";
261
+ if(array_key_exists('regex', $params)){
262
+ $regex = $params['regex'];
263
+ }
264
+ $directoryList = glob($initdir.$regex, $glob_option);
265
+ $resp = $this->getFilesStats($directoryList);
266
+ break;
267
+ default:
268
+ $resp = false;
269
  }
270
+ $end_stream_info = $this->stream->endStream();
271
+ if (!empty($end_stream_info) && is_array($resp)) {
272
+ $resp = array_merge($resp, $end_stream_info);
273
  }
274
+ } else {
275
+ $resp = $stream_init_info;
 
 
 
276
  }
277
+ return $resp;
278
  }
279
  }
280
  endif;
callback/wings/fw.php CHANGED
@@ -3,40 +3,48 @@
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVFirewallCallback')) :
5
 
6
- require_once dirname( __FILE__ ) . '/../../fw/config.php';
7
 
8
  class BVFirewallCallback {
9
- public function process($method) {
10
- global $bvcb, $bvresp;
11
- $config = new BVFWConfig($bvcb->bvmain);
12
- switch ($method) {
 
 
 
 
 
 
 
 
13
  case "clrconfig":
14
- $bvresp->addStatus("clearconfig", $config->clear());
15
  break;
16
  case "setmode":
17
- $config->setMode($_REQUEST['mode']);
18
- $bvresp->addStatus("setmode", $config->getMode());
19
  break;
20
  case "dsblrules":
21
- $config->setDisabledRules($_REQUEST['disabled_rules']);
22
- $bvresp->addStatus("disabled_rules", $config->getDisabledRules());
23
  break;
24
  case "adtrls":
25
- $config->setAuditRules($_REQUEST['audit_rules']);
26
- $bvresp->addStatus("audit_rules", $config->getAuditRules());
27
  break;
28
  case "setrulesmode":
29
- $config->setRulesMode($_REQUEST['rules_mode']);
30
- $bvresp->addStatus("rules_mode", $config->getRulesMode());
31
  break;
32
  case "setreqprofilingmode":
33
- $config->setReqProfilingMode($_REQUEST['req_profiling_mode']);
34
- $bvresp->addStatus("req_profiling_mode", $config->getReqProfilingMode());
35
  break;
36
  default:
37
- return false;
38
  }
39
- return true;
40
  }
41
  }
42
- endif;
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVFirewallCallback')) :
5
 
6
+ require_once dirname( __FILE__ ) . '/../../protect/wp_fw/config.php';
7
 
8
  class BVFirewallCallback {
9
+ public $db;
10
+ public $settings;
11
+
12
+ public function __construct($callback_handler) {
13
+ $this->db = $callback_handler->db;
14
+ $this->settings = $callback_handler->settings;
15
+ }
16
+
17
+ public function process($request) {
18
+ $params = $request->params;
19
+ $config = new BVWPFWConfig($this->db, $this->settings);
20
+ switch ($request->method) {
21
  case "clrconfig":
22
+ $resp = array("clearconfig" => $config->clear());
23
  break;
24
  case "setmode":
25
+ $config->setMode($params['mode']);
26
+ $resp = array("setmode" => $config->getMode());
27
  break;
28
  case "dsblrules":
29
+ $config->setDisabledRules($params['disabled_rules']);
30
+ $resp = array("disabled_rules" => $config->getDisabledRules());
31
  break;
32
  case "adtrls":
33
+ $config->setAuditRules($params['audit_rules']);
34
+ $resp = array("audit_rules" => $config->getAuditRules());
35
  break;
36
  case "setrulesmode":
37
+ $config->setRulesMode($params['rules_mode']);
38
+ $resp = array("rules_mode" => $config->getRulesMode());
39
  break;
40
  case "setreqprofilingmode":
41
+ $config->setReqProfilingMode($params['req_profiling_mode']);
42
+ $resp = array("req_profiling_mode" => $config->getReqProfilingMode());
43
  break;
44
  default:
45
+ $resp = false;
46
  }
47
+ return $resp;
48
  }
49
  }
50
+ endif;
callback/wings/info.php CHANGED
@@ -2,36 +2,51 @@
2
 
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVInfoCallback')) :
5
- class BVInfoCallback {
 
 
 
 
 
 
 
 
 
 
 
 
 
6
  public function getPosts($post_type, $count = 5) {
7
- global $bvresp;
8
  $output = array();
9
  $args = array('numberposts' => $count, 'post_type' => $post_type);
10
  $posts = get_posts($args);
11
  $keys = array('post_title', 'guid', 'ID', 'post_date');
 
12
  foreach ($posts as $post) {
13
  $pdata = array();
14
  $post_array = get_object_vars($post);
15
  foreach ($keys as $key) {
16
  $pdata[$key] = $post_array[$key];
17
  }
18
- $bvresp->addArrayToStatus("posts", $pdata);
19
  }
 
20
  }
21
 
22
  public function getStats() {
23
- global $bvresp;
24
- $bvresp->addStatus("posts", get_object_vars(wp_count_posts()));
25
- $bvresp->addStatus("pages", get_object_vars(wp_count_posts("page")));
26
- $bvresp->addStatus("comments", get_object_vars(wp_count_comments()));
 
27
  }
28
 
29
  public function getPlugins() {
30
- global $bvresp;
31
  if (!function_exists('get_plugins')) {
32
  require_once (ABSPATH."wp-admin/includes/plugin.php");
33
  }
34
  $plugins = get_plugins();
 
35
  foreach ($plugins as $plugin_file => $plugin_data) {
36
  $pdata = array(
37
  'file' => $plugin_file,
@@ -40,8 +55,9 @@ class BVInfoCallback {
40
  'active' => is_plugin_active($plugin_file),
41
  'network' => $plugin_data['Network']
42
  );
43
- $bvresp->addArrayToStatus("plugins", $pdata);
44
  }
 
45
  }
46
 
47
  public function themeToArray($theme) {
@@ -66,19 +82,19 @@ class BVInfoCallback {
66
  }
67
 
68
  public function getThemes() {
69
- global $bvresp;
70
  $themes = function_exists('wp_get_themes') ? wp_get_themes() : get_themes();
71
  foreach($themes as $theme) {
72
  $pdata = $this->themeToArray($theme);
73
- $bvresp->addArrayToStatus("themes", $pdata);
74
  }
75
  $theme = function_exists('wp_get_theme') ? wp_get_theme() : get_current_theme();
76
  $pdata = $this->themeToArray($theme);
77
- $bvresp->addStatus("currenttheme", $pdata);
 
78
  }
79
 
80
  public function getSystemInfo() {
81
- global $bvresp;
82
  $sys_info = array(
83
  'serverip' => $_SERVER['SERVER_ADDR'],
84
  'host' => $_SERVER['HTTP_HOST'],
@@ -98,22 +114,22 @@ class BVInfoCallback {
98
  $sys_info['webuid'] = posix_getuid();
99
  $sys_info['webgid'] = posix_getgid();
100
  }
101
- $bvresp->addStatus("sys", $sys_info);
102
  }
103
 
104
  public function getWpInfo() {
105
  global $wp_version, $wp_db_version, $wp_local_package;
106
- global $bvresp, $bvcb;
 
107
  $upload_dir = wp_upload_dir();
108
- $info = $bvcb->bvmain->info;
109
 
110
  $wp_info = array(
111
- 'dbprefix' => $bvcb->bvmain->db->dbprefix(),
112
- 'wpmu' => $info->isMultisite(),
113
- 'mainsite' => $info->isMainSite(),
114
  'name' => get_bloginfo('name'),
115
- 'siteurl' => $info->siteurl(),
116
- 'homeurl' => $info->homeurl(),
117
  'charset' => get_bloginfo('charset'),
118
  'wpversion' => $wp_version,
119
  'dbversion' => $wp_db_version,
@@ -128,17 +144,16 @@ class BVInfoCallback {
128
  'disallow_file_mods' => defined('DISALLOW_FILE_MODS'),
129
  'locale' => get_locale(),
130
  'wp_local_string' => $wp_local_package,
131
- 'charset_collate' => $bvcb->bvmain->db->getCharsetCollate()
132
  );
133
- $bvresp->addStatus("wp", $wp_info);
134
  }
135
 
136
  public function getUsers($args = array(), $full) {
137
- global $bvresp, $bvcb;
138
  $results = array();
139
  $users = get_users($args);
140
  if ('true' == $full) {
141
- $results = $bvcb->bvmain->lib->objectToArray($users);
142
  } else {
143
  foreach( (array) $users as $user) {
144
  $result = array();
@@ -154,7 +169,7 @@ class BVInfoCallback {
154
  $results[] = $result;
155
  }
156
  }
157
- $bvresp->addStatus("users", $results);
158
  }
159
 
160
  public function availableFunctions(&$info) {
@@ -181,27 +196,25 @@ class BVInfoCallback {
181
  return $info;
182
  }
183
 
184
- public function servicesInfo(&$info) {
185
- global $bvcb;
186
- $bvinfo = $bvcb->bvmain->info;
187
- $info['dynsync'] = $bvinfo->getOption('bvDynSyncActive');
188
- $info['woodyn'] = $bvinfo->getOption('bvWooDynSync');
189
- $info['dynplug'] = $bvinfo->getOption('bvdynplug');
190
- $info['ptplug'] = $bvinfo->getOption('bvptplug');
191
- $info['fw'] = $this->getFWConfig();
192
- $info['lp'] = $this->getLPConfig();
193
- $info['brand'] = $bvinfo->getOption($bvcb->bvmain->brand_option);
194
- $info['badgeinfo'] = $bvinfo->getOption($bvcb->bvmain->badgeinfo);
195
  }
196
 
197
  public function getLPConfig() {
198
- global $bvcb;
199
  $config = array();
200
- $bvinfo = $bvcb->bvmain->info;
201
- $mode = $bvinfo->getOption('bvlpmode');
202
- $cplimit = $bvinfo->getOption('bvlpcaptchalimit');
203
- $tplimit = $bvinfo->getOption('bvlptempblocklimit');
204
- $bllimit = $bvinfo->getOption('bvlpblockAllLimit');
205
  $config['mode'] = intval($mode ? $mode : 1);
206
  $config['captcha_limit'] = intval($cplimit ? $cplimit : 3);
207
  $config['temp_block_limit'] = intval($tplimit? $tplimit : 6);
@@ -210,14 +223,13 @@ class BVInfoCallback {
210
  }
211
 
212
  public function getFWConfig() {
213
- global $bvcb;
214
  $config = array();
215
- $bvinfo = $bvcb->bvmain->info;
216
- $mode = $bvinfo->getOption('bvfwmode');
217
- $drules = $bvinfo->getOption('bvfwdisabledrules');
218
- $arules = $bvinfo->getOption('bvfwauditrules');
219
- $rmode = $bvinfo->getOption('bvfwrulesmode');
220
- $reqprofilingmode = $bvinfo->getOption('bvfwreqprofilingmode');
221
  $config['mode'] = intval($mode ? $mode : 1);
222
  $config['disabled_rules'] = $drules ? $drules : array();
223
  $config['audit_rules'] = $arules ? $arules : array();
@@ -227,70 +239,70 @@ class BVInfoCallback {
227
  }
228
 
229
  public function dbconf(&$info) {
230
- global $bvcb;
231
  if (defined('DB_CHARSET'))
232
  $info['dbcharset'] = DB_CHARSET;
233
- $info['dbprefix'] = $bvcb->bvmain->db->dbprefix();
234
- $info['charset_collate'] = $bvcb->bvmain->db->getCharsetCollate();
235
  return $info;
236
  }
237
 
238
  public function activate() {
239
- global $bvcb, $bvresp;
240
  $resp = array();
241
- $bvcb->bvmain->info->basic($resp);
242
  $this->servicesInfo($resp);
243
  $this->dbconf($resp);
244
  $this->availableFunctions($resp);
245
- $bvresp->addStatus('actinfo', $resp);
246
  }
247
 
248
- public function process($method) {
249
- global $bvresp, $bvcb;
250
- switch ($method) {
 
251
  case "activateinfo":
252
- $this->activate();
253
  break;
254
  case "gtpsts":
255
  $count = 5;
256
- if (array_key_exists('count', $_REQUEST))
257
- $count = $_REQUEST['count'];
258
- $this->getPosts($_REQUEST['post_type'], $count);
259
  break;
260
  case "gtsts":
261
- $this->getStats();
262
  break;
263
  case "gtplgs":
264
- $this->getPlugins();
265
  break;
266
  case "gtthms":
267
- $this->getThemes();
268
  break;
269
  case "gtsym":
270
- $this->getSystemInfo();
271
  break;
272
  case "gtwp":
273
- $this->getWpInfo();
274
  break;
275
  case "getoption":
276
- $bvresp->addStatus("option", $bvresp->getOption($_REQUEST['name']));
277
  break;
278
  case "gtusrs":
279
  $full = false;
280
- if (array_key_exists('full', $_REQUEST))
281
  $full = true;
282
- $this->getUsers($_REQUEST['args'], $full);
283
  break;
284
  case "gttrnsnt":
285
- $transient = $bvcb->bvmain->info->getTransient($_REQUEST['name']);
286
- if ($transient && array_key_exists('asarray', $_REQUEST))
287
- $transient = $bvcb->bvmain->lib->objectToArray($transient);
288
- $bvresp->addStatus("transient", $transient);
289
  break;
290
  default:
291
- return false;
292
  }
293
- return true;
294
  }
295
  }
296
- endif;
2
 
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVInfoCallback')) :
5
+
6
+ class BVInfoCallback extends BVCallbackBase {
7
+ public $db;
8
+ public $settings;
9
+ public $siteinfo;
10
+ public $bvinfo;
11
+
12
+ public function __construct($callback_handler) {
13
+ $this->db = $callback_handler->db;
14
+ $this->siteinfo = $callback_handler->siteinfo;
15
+ $this->settings = $callback_handler->settings;
16
+ $this->bvinfo = new MCInfo($this->settings);
17
+ }
18
+
19
  public function getPosts($post_type, $count = 5) {
 
20
  $output = array();
21
  $args = array('numberposts' => $count, 'post_type' => $post_type);
22
  $posts = get_posts($args);
23
  $keys = array('post_title', 'guid', 'ID', 'post_date');
24
+ $result = array();
25
  foreach ($posts as $post) {
26
  $pdata = array();
27
  $post_array = get_object_vars($post);
28
  foreach ($keys as $key) {
29
  $pdata[$key] = $post_array[$key];
30
  }
31
+ $result["posts"][] = $pdata;
32
  }
33
+ return $result;
34
  }
35
 
36
  public function getStats() {
37
+ return array(
38
+ "posts" => get_object_vars(wp_count_posts()),
39
+ "pages" => get_object_vars(wp_count_posts("page")),
40
+ "comments" => get_object_vars(wp_count_comments())
41
+ );
42
  }
43
 
44
  public function getPlugins() {
 
45
  if (!function_exists('get_plugins')) {
46
  require_once (ABSPATH."wp-admin/includes/plugin.php");
47
  }
48
  $plugins = get_plugins();
49
+ $result = array();
50
  foreach ($plugins as $plugin_file => $plugin_data) {
51
  $pdata = array(
52
  'file' => $plugin_file,
55
  'active' => is_plugin_active($plugin_file),
56
  'network' => $plugin_data['Network']
57
  );
58
+ $result["plugins"][] = $pdata;
59
  }
60
+ return $result;
61
  }
62
 
63
  public function themeToArray($theme) {
82
  }
83
 
84
  public function getThemes() {
85
+ $result = array();
86
  $themes = function_exists('wp_get_themes') ? wp_get_themes() : get_themes();
87
  foreach($themes as $theme) {
88
  $pdata = $this->themeToArray($theme);
89
+ $result["themes"][] = $pdata;
90
  }
91
  $theme = function_exists('wp_get_theme') ? wp_get_theme() : get_current_theme();
92
  $pdata = $this->themeToArray($theme);
93
+ $result["currenttheme"] = $pdata;
94
+ return $result;
95
  }
96
 
97
  public function getSystemInfo() {
 
98
  $sys_info = array(
99
  'serverip' => $_SERVER['SERVER_ADDR'],
100
  'host' => $_SERVER['HTTP_HOST'],
114
  $sys_info['webuid'] = posix_getuid();
115
  $sys_info['webgid'] = posix_getgid();
116
  }
117
+ return array("sys" => $sys_info);
118
  }
119
 
120
  public function getWpInfo() {
121
  global $wp_version, $wp_db_version, $wp_local_package;
122
+ $siteinfo = $this->siteinfo;
123
+ $db = $this->db;
124
  $upload_dir = wp_upload_dir();
 
125
 
126
  $wp_info = array(
127
+ 'dbprefix' => $db->dbprefix(),
128
+ 'wpmu' => $siteinfo->isMultisite(),
129
+ 'mainsite' => $siteinfo->isMainSite(),
130
  'name' => get_bloginfo('name'),
131
+ 'siteurl' => $siteinfo->siteurl(),
132
+ 'homeurl' => $siteinfo->homeurl(),
133
  'charset' => get_bloginfo('charset'),
134
  'wpversion' => $wp_version,
135
  'dbversion' => $wp_db_version,
144
  'disallow_file_mods' => defined('DISALLOW_FILE_MODS'),
145
  'locale' => get_locale(),
146
  'wp_local_string' => $wp_local_package,
147
+ 'charset_collate' => $db->getCharsetCollate()
148
  );
149
+ return array("wp" => $wp_info);
150
  }
151
 
152
  public function getUsers($args = array(), $full) {
 
153
  $results = array();
154
  $users = get_users($args);
155
  if ('true' == $full) {
156
+ $results = $this->objectToArray($users);
157
  } else {
158
  foreach( (array) $users as $user) {
159
  $result = array();
169
  $results[] = $result;
170
  }
171
  }
172
+ return array("users" => $results);
173
  }
174
 
175
  public function availableFunctions(&$info) {
196
  return $info;
197
  }
198
 
199
+ public function servicesInfo(&$data) {
200
+ $settings = $this->settings;
201
+ $data['dynsync'] = $settings->getOption('bvDynSyncActive');
202
+ $data['woodyn'] = $settings->getOption('bvWooDynSync');
203
+ $data['dynplug'] = $settings->getOption('bvdynplug');
204
+ $data['ptplug'] = $settings->getOption('bvptplug');
205
+ $data['fw'] = $this->getFWConfig();
206
+ $data['lp'] = $this->getLPConfig();
207
+ $data['brand'] = $settings->getOption($this->bvinfo->brand_option);
208
+ $data['badgeinfo'] = $settings->getOption($this->bvinfo->badgeinfo);
 
209
  }
210
 
211
  public function getLPConfig() {
 
212
  $config = array();
213
+ $settings = $this->settings;
214
+ $mode = $settings->getOption('bvlpmode');
215
+ $cplimit = $settings->getOption('bvlpcaptchalimit');
216
+ $tplimit = $settings->getOption('bvlptempblocklimit');
217
+ $bllimit = $settings->getOption('bvlpblockAllLimit');
218
  $config['mode'] = intval($mode ? $mode : 1);
219
  $config['captcha_limit'] = intval($cplimit ? $cplimit : 3);
220
  $config['temp_block_limit'] = intval($tplimit? $tplimit : 6);
223
  }
224
 
225
  public function getFWConfig() {
 
226
  $config = array();
227
+ $settings = $this->settings;
228
+ $mode = $settings->getOption('bvfwmode');
229
+ $drules = $settings->getOption('bvfwdisabledrules');
230
+ $arules = $settings->getOption('bvfwauditrules');
231
+ $rmode = $settings->getOption('bvfwrulesmode');
232
+ $reqprofilingmode = $settings->getOption('bvfwreqprofilingmode');
233
  $config['mode'] = intval($mode ? $mode : 1);
234
  $config['disabled_rules'] = $drules ? $drules : array();
235
  $config['audit_rules'] = $arules ? $arules : array();
239
  }
240
 
241
  public function dbconf(&$info) {
242
+ $db = $this->db;
243
  if (defined('DB_CHARSET'))
244
  $info['dbcharset'] = DB_CHARSET;
245
+ $info['dbprefix'] = $db->dbprefix();
246
+ $info['charset_collate'] = $db->getCharsetCollate();
247
  return $info;
248
  }
249
 
250
  public function activate() {
 
251
  $resp = array();
252
+ $this->siteinfo->basic($resp);
253
  $this->servicesInfo($resp);
254
  $this->dbconf($resp);
255
  $this->availableFunctions($resp);
256
+ return array('actinfo' => $resp);
257
  }
258
 
259
+ public function process($request) {
260
+ $db = $this->db;
261
+ $params = $request->params;
262
+ switch ($request->method) {
263
  case "activateinfo":
264
+ $resp = $this->activate();
265
  break;
266
  case "gtpsts":
267
  $count = 5;
268
+ if (array_key_exists('count', $params))
269
+ $count = $params['count'];
270
+ $resp = $this->getPosts($params['post_type'], $count);
271
  break;
272
  case "gtsts":
273
+ $resp = $this->getStats();
274
  break;
275
  case "gtplgs":
276
+ $resp = $this->getPlugins();
277
  break;
278
  case "gtthms":
279
+ $resp = $this->getThemes();
280
  break;
281
  case "gtsym":
282
+ $resp = $this->getSystemInfo();
283
  break;
284
  case "gtwp":
285
+ $resp = $this->getWpInfo();
286
  break;
287
  case "getoption":
288
+ $resp = array("option" => $this->settings->getOption($params['name']));
289
  break;
290
  case "gtusrs":
291
  $full = false;
292
+ if (array_key_exists('full', $params))
293
  $full = true;
294
+ $resp = $this->getUsers($params['args'], $full);
295
  break;
296
  case "gttrnsnt":
297
+ $transient = $this->settings->getTransient($params['name']);
298
+ if ($transient && array_key_exists('asarray', $params))
299
+ $transient = $this->objectToArray($transient);
300
+ $resp = array("transient" => $transient);
301
  break;
302
  default:
303
+ $resp = false;
304
  }
305
+ return $resp;
306
  }
307
  }
308
+ endif;
callback/wings/ipstore.php CHANGED
@@ -3,26 +3,28 @@
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVIPStoreCallback')) :
5
 
6
- require_once dirname( __FILE__ ) . '/../../ipstore.php';
7
 
8
- class BVIPStoreCallback {
 
 
 
 
 
9
 
10
  public function updateBVTableContent($table, $value, $filter) {
11
- global $bvcb;
12
- $bvcb->bvmain->db->query("UPDATE $table SET $value $filter;");
13
  }
14
 
15
  public function insertBVTableContent($table, $fields, $value) {
16
- global $bvcb;
17
- $bvcb->bvmain->db->query("INSERT INTO $table $fields values $value;");
18
  }
19
 
20
  public function deleteIPs($table, $rmfilters) {
21
  if (is_array($rmfilters)) {
22
- global $bvcb;
23
  foreach ($rmfilters as $rmfilter) {
24
  $rmfilter = base64_decode($rmfilter);
25
- $bvcb->bvmain->db->deleteBVTableContent($table, $rmfilter);
26
  }
27
  }
28
  }
@@ -46,21 +48,18 @@ class BVIPStoreCallback {
46
  }
47
 
48
  public function getIPs($table, $auto_increment_offset, $type, $category) {
49
- global $bvcb;
50
  $query = "SELECT `start_ip_range` FROM $table WHERE id < $auto_increment_offset AND `type` = $type AND ";
51
  $query .= ($category == BVIPStore::FW) ? "`is_fw` = true;" : "`is_lp` = true;";
52
- return $bvcb->bvmain->db->getCol($query);
53
  }
54
 
55
  public function getIPStoreOffset($table, $auto_increment_offset) {
56
- global $bvcb;
57
- $db = $bvcb->bvmain->db;
58
  return intval($db->getVar("SELECT MAX(id) FROM $table WHERE id < $auto_increment_offset"));
59
  }
60
 
61
  public function getIPStoreInfo($table, $auto_increment_offset) {
62
- global $bvcb;
63
- $db = $bvcb->bvmain->db;
64
  $info = array();
65
  $info['fw_blacklisted_ips'] = $this->getIPs($table, $auto_increment_offset, BVIPStore::BLACKLISTED, BVIPStore::FW);
66
  $info['lp_blacklisted_ips'] = $this->getIPs($table, $auto_increment_offset, BVIPStore::BLACKLISTED, BVIPStore::LP);
@@ -71,46 +70,46 @@ class BVIPStoreCallback {
71
  return $info;
72
  }
73
 
74
- public function process($method) {
75
- global $bvresp, $bvcb;
76
- $db = $bvcb->bvmain->db;
77
- $table = $_REQUEST['table'];
78
  $bvTable = $db->getBVTable($table);
79
- $auto_increment_offset = $_REQUEST['auto_increment_offset'];
80
  if (!$db->isTablePresent($bvTable)) {
81
- $bvresp->addStatus("info", false);
82
  } else {
83
- switch ($method) {
84
  case "ipstrinfo":
85
  $info = $this->getIPStoreInfo($bvTable, $auto_increment_offset);
86
- $bvresp->addStatus("info", $info);
87
  break;
88
  case "insrtips":
89
- $values = $_REQUEST['values'];
90
- $fields = $_REQUEST['fields'];
91
- $rmfilter = $_REQUEST['rmfilter'];
92
  if ($rmfilter) {
93
  $db->deleteBVTableContent($table, $rmfilter);
94
  }
95
  $this->insertIPs($bvTable, $fields, $values);
96
- $bvresp->addStatus("offset", $this->getIPStoreOffset($bvTable, $auto_increment_offset));
97
  break;
98
  case "dltips":
99
- $rmfilters = $_REQUEST['rmfilters'];
100
  $this->deleteIPs($table, $rmfilters);
101
- $bvresp->addStatus("offset", $this->getIPStoreOffset($bvTable, $auto_increment_offset));
102
  break;
103
  case "updtips":
104
- $value = $_REQUEST['value'];
105
- $filters = $_REQUEST['filters'];
106
  $this->updateIPs($bvTable, $value, $filters);
107
- $bvresp->addStatus("offset", $this->getIPStoreOffset($bvTable, $auto_increment_offset));
108
  break;
109
  default:
110
- return false;
111
  }
112
- return true;
113
  }
114
  }
115
  }
116
- endif;
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVIPStoreCallback')) :
5
 
6
+ require_once dirname( __FILE__ ) . '/../../protect/ipstore.php';
7
 
8
+ class BVIPStoreCallback extends BVCallbackBase {
9
+ public $db;
10
+
11
+ public function __construct($callback_handler) {
12
+ $this->db = $callback_handler->db;
13
+ }
14
 
15
  public function updateBVTableContent($table, $value, $filter) {
16
+ $this->db->query("UPDATE $table SET $value $filter;");
 
17
  }
18
 
19
  public function insertBVTableContent($table, $fields, $value) {
20
+ $this->db->query("INSERT INTO $table $fields values $value;");
 
21
  }
22
 
23
  public function deleteIPs($table, $rmfilters) {
24
  if (is_array($rmfilters)) {
 
25
  foreach ($rmfilters as $rmfilter) {
26
  $rmfilter = base64_decode($rmfilter);
27
+ $this->db->deleteBVTableContent($table, $rmfilter);
28
  }
29
  }
30
  }
48
  }
49
 
50
  public function getIPs($table, $auto_increment_offset, $type, $category) {
 
51
  $query = "SELECT `start_ip_range` FROM $table WHERE id < $auto_increment_offset AND `type` = $type AND ";
52
  $query .= ($category == BVIPStore::FW) ? "`is_fw` = true;" : "`is_lp` = true;";
53
+ return $this->db->getCol($query);
54
  }
55
 
56
  public function getIPStoreOffset($table, $auto_increment_offset) {
57
+ $db = $this->db;
 
58
  return intval($db->getVar("SELECT MAX(id) FROM $table WHERE id < $auto_increment_offset"));
59
  }
60
 
61
  public function getIPStoreInfo($table, $auto_increment_offset) {
62
+ $db = $this->db;
 
63
  $info = array();
64
  $info['fw_blacklisted_ips'] = $this->getIPs($table, $auto_increment_offset, BVIPStore::BLACKLISTED, BVIPStore::FW);
65
  $info['lp_blacklisted_ips'] = $this->getIPs($table, $auto_increment_offset, BVIPStore::BLACKLISTED, BVIPStore::LP);
70
  return $info;
71
  }
72
 
73
+ public function process($request) {
74
+ $db = $this->db;
75
+ $params = $request->params;
76
+ $table = $params['table'];
77
  $bvTable = $db->getBVTable($table);
78
+ $auto_increment_offset = $params['auto_increment_offset'];
79
  if (!$db->isTablePresent($bvTable)) {
80
+ $resp = array("info" => false);
81
  } else {
82
+ switch ($request->method) {
83
  case "ipstrinfo":
84
  $info = $this->getIPStoreInfo($bvTable, $auto_increment_offset);
85
+ $resp = array("info" => $info);
86
  break;
87
  case "insrtips":
88
+ $values = $params['values'];
89
+ $fields = $params['fields'];
90
+ $rmfilter = $params['rmfilter'];
91
  if ($rmfilter) {
92
  $db->deleteBVTableContent($table, $rmfilter);
93
  }
94
  $this->insertIPs($bvTable, $fields, $values);
95
+ $resp = array("offset" => $this->getIPStoreOffset($bvTable, $auto_increment_offset));
96
  break;
97
  case "dltips":
98
+ $rmfilters = $params['rmfilters'];
99
  $this->deleteIPs($table, $rmfilters);
100
+ $resp = array("offset" => $this->getIPStoreOffset($bvTable, $auto_increment_offset));
101
  break;
102
  case "updtips":
103
+ $value = $params['value'];
104
+ $filters = $params['filters'];
105
  $this->updateIPs($bvTable, $value, $filters);
106
+ $resp = array("offset" => $this->getIPStoreOffset($bvTable, $auto_increment_offset));
107
  break;
108
  default:
109
+ $resp = false;
110
  }
111
+ return $resp;
112
  }
113
  }
114
  }
115
+ endif;
callback/wings/lp.php CHANGED
@@ -3,70 +3,72 @@
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVLoginProtectCallback')) :
5
 
6
- require_once dirname( __FILE__ ) . '/../../lp/lp.php';
7
 
8
- class BVLoginProtectCallback {
 
 
 
 
 
 
 
 
9
  public function unBlockLogins() {
10
- global $bvcb;
11
- $info = $bvcb->bvmain->info;
12
- $info->deleteTransient('bvlp_block_logins');
13
- $info->setTransient('bvlp_allow_logins', 'true', 1800);
14
- return $info->getTransient('bvlp_allow_logins');
15
  }
16
 
17
  public function blockLogins($time) {
18
- global $bvcb;
19
- $info = $bvcb->bvmain->info;
20
- $info->deleteTransient('bvlp_allow_logins');
21
- $info->setTransient('bvlp_block_logins', 'true', $time);
22
- return $info->getTransient('bvlp_block_logins');
23
  }
24
 
25
  public function unBlockIP($ip, $attempts, $time) {
26
- global $bvcb;
27
- $info = $bvcb->bvmain->info;
28
- $transient_name = BVLP::$unblock_ip_transient.$ip;
29
- $info->setTransient($transient_name, $attempts, $time);
30
- return $info->getTransient($transient_name);
31
  }
32
 
33
- public function process($method) {
34
- global $bvcb, $bvresp;
35
- $config = new BVLPConfig($bvcb->bvmain);
36
- switch ($method) {
37
  case "clrconfig":
38
- $bvresp->addStatus("clearconfig", $config->clear());
39
  break;
40
  case "setmode":
41
- $config->setMode($_REQUEST['mode']);
42
- $bvresp->addStatus("setmode", $config->getMode());
43
  break;
44
  case "setcaptchalimit":
45
- $config->setCaptchaLimit($_REQUEST['captcha_limit']);
46
- $bvresp->addStatus("captcha_limit", $config->getCaptchaLimit());
47
  break;
48
  case "settmpblklimit":
49
- $config->setTempBlockLimit($_REQUEST['temp_block_limit']);
50
- $bvresp->addStatus("temp_block_limit", $config->getTempBlockLimit());
51
  break;
52
  case "setblkalllimit":
53
- $config->setBlockAllLimit($_REQUEST['block_all_limit']);
54
- $bvresp->addStatus("block_all_limit", $config->getBlockAllLimit());
55
  break;
56
  case "unblklogins":
57
- $bvresp->addStatus("unblocklogins", $this->unBlockLogins());
58
  break;
59
  case "blklogins":
60
- $time = array_key_exists('time', $_REQUEST) ? $_REQUEST['time'] : 1800;
61
- $bvresp->addStatus("blocklogins", $this->blockLogins($time));
62
  break;
63
  case "unblkip":
64
- $bvresp->addStatus("unblockip", $this->unBlockIP($_REQUEST['ip'], $_REQUEST['attempts'], $_REQUEST['time']));
65
  break;
66
  default:
67
- return false;
68
  }
69
- return true;
70
  }
71
  }
72
  endif;
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVLoginProtectCallback')) :
5
 
6
+ require_once dirname( __FILE__ ) . '/../../protect/wp_lp/lp.php';
7
 
8
+ class BVLoginProtectCallback extends BVCallbackBase {
9
+ public $db;
10
+ public $settings;
11
+
12
+ public function __construct($callback_handler) {
13
+ $this->db = $callback_handler->db;
14
+ $this->settings = $callback_handler->settings;
15
+ }
16
+
17
  public function unBlockLogins() {
18
+ $this->settings->deleteTransient('bvlp_block_logins');
19
+ $this->settings->setTransient('bvlp_allow_logins', 'true', 1800);
20
+ return $this->settings->getTransient('bvlp_allow_logins');
 
 
21
  }
22
 
23
  public function blockLogins($time) {
24
+ $this->settings->deleteTransient('bvlp_allow_logins');
25
+ $this->settings->setTransient('bvlp_block_logins', 'true', $time);
26
+ return $this->settings->getTransient('bvlp_block_logins');
 
 
27
  }
28
 
29
  public function unBlockIP($ip, $attempts, $time) {
30
+ $transient_name = BVWPLP::$unblock_ip_transient.$ip;
31
+ $this->settings->setTransient($transient_name, $attempts, $time);
32
+ return $this->settings->getTransient($transient_name);
 
 
33
  }
34
 
35
+ public function process($request) {
36
+ $params = $request->params;
37
+ $config = new BVWPLPConfig($this->db, $this->settings);
38
+ switch ($request->method) {
39
  case "clrconfig":
40
+ $resp = array("clearconfig" => $config->clear());
41
  break;
42
  case "setmode":
43
+ $config->setMode($params['mode']);
44
+ $resp = array("setmode" => $config->getMode());
45
  break;
46
  case "setcaptchalimit":
47
+ $config->setCaptchaLimit($params['captcha_limit']);
48
+ $resp = array("captcha_limit" => $config->getCaptchaLimit());
49
  break;
50
  case "settmpblklimit":
51
+ $config->setTempBlockLimit($params['temp_block_limit']);
52
+ $resp = array("temp_block_limit" => $config->getTempBlockLimit());
53
  break;
54
  case "setblkalllimit":
55
+ $config->setBlockAllLimit($params['block_all_limit']);
56
+ $resp = array("block_all_limit" => $config->getBlockAllLimit());
57
  break;
58
  case "unblklogins":
59
+ $resp = array("unblocklogins" => $this->unBlockLogins());
60
  break;
61
  case "blklogins":
62
+ $time = array_key_exists('time', $params) ? $params['time'] : 1800;
63
+ $resp = array("blocklogins" => $this->blockLogins($time));
64
  break;
65
  case "unblkip":
66
+ $resp = array("unblockip" => $this->unBlockIP($params['ip'], $params['attempts'], $params['time']));
67
  break;
68
  default:
69
+ $resp = false;
70
  }
71
+ return $resp;
72
  }
73
  }
74
  endif;
callback/wings/misc.php CHANGED
@@ -3,69 +3,87 @@
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVMiscCallback')) :
5
 
6
- class BVMiscCallback {
 
 
 
 
7
 
8
- function process($method) {
9
- global $bvcb, $bvresp;
10
- $info = $bvcb->bvmain->info;
11
- switch ($method) {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
12
  case "enablebadge":
13
- $option = $bvcb->bvmain->badgeinfo;
14
  $badgeinfo = array();
15
- $badgeinfo['badgeurl'] = $_REQUEST['badgeurl'];
16
- $badgeinfo['badgeimg'] = $_REQUEST['badgeimg'];
17
- $badgeinfo['badgealt'] = $_REQUEST['badgealt'];
18
- $info->updateOption($option, $badgeinfo);
19
- $bvresp->addStatus("status", $info->getOption($option));
20
  break;
21
  case "disablebadge":
22
- $option = $bvcb->bvmain->badgeinfo;
23
- $info->deleteOption($option);
24
- $bvresp->addStatus("status", !$info->getOption($option));
25
  break;
26
  case "getoption":
27
- $bvresp->addStatus('getoption', $info->getOption($_REQUEST['opkey']));
28
  break;
29
  case "setdynplug":
30
- $info->updateOption('bvdynplug', $_REQUEST['dynplug']);
31
- $bvresp->addStatus("setdynplug", $info->getOption('bvdynplug'));
32
  break;
33
  case "unsetdynplug":
34
- $info->deleteOption('bvdynplug');
35
- $bvresp->addStatus("unsetdynplug", $info->getOption('bvdynplug'));
36
  break;
37
  case "setptplug":
38
- $info->updateOption('bvptplug', $_REQUEST['ptplug']);
39
- $bvresp->addStatus("setptplug", $info->getOption('bvptplug'));
40
  break;
41
  case "unsetptplug":
42
- $info->deleteOption('bvptlug');
43
- $bvresp->addStatus("unsetptplug", $info->getOption('bvptlug'));
44
  break;
45
  case "wpupplgs":
46
- $bvresp->addStatus("wpupdateplugins", wp_update_plugins());
47
  break;
48
  case "wpupthms":
49
- $bvresp->addStatus("wpupdatethemes", wp_update_themes());
50
  break;
51
  case "wpupcre":
52
- $bvresp->addStatus("wpupdatecore", wp_version_check());
53
  break;
54
  case "rmmonitime":
55
- $bvcb->bvmain->unSetMonitTime();
56
- $bvresp->addStatus("rmmonitime", !$bvcb->bvmain->getMonitTime());
57
  break;
58
  case "phpinfo":
59
  phpinfo();
60
  die();
61
  break;
62
  case "dlttrsnt":
63
- $bvresp->addStatus("dlttrsnt", $bvcb->bvmain->info->deleteTransient($_REQUEST['key']));
64
  break;
65
  default:
66
- return false;
67
  }
68
- return true;
69
  }
70
  }
71
  endif;
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVMiscCallback')) :
5
 
6
+ class BVMiscCallback extends BVCallbackBase {
7
+ public $settings;
8
+ public $bvinfo;
9
+ public $siteinfo;
10
+ public $account;
11
 
12
+ public function __construct($callback_handler) {
13
+ $this->settings = $callback_handler->settings;
14
+ $this->siteinfo = $callback_handler->siteinfo;
15
+ $this->account = $callback_handler->account;
16
+ $this->bvinfo = new MCInfo($callback_handler->settings);
17
+ }
18
+
19
+ public function process($request) {
20
+ $bvinfo = $this->bvinfo;
21
+ $settings = $this->settings;
22
+ $params = $request->params;
23
+ switch ($request->method) {
24
+ case "dummyping":
25
+ $resp = array();
26
+ $resp = array_merge($resp, $this->siteinfo->respInfo());
27
+ $resp = array_merge($resp, $this->account->respInfo());
28
+ $resp = array_merge($resp, $this->bvinfo->respInfo());
29
+ break;
30
  case "enablebadge":
31
+ $option = $bvinfo->badgeinfo;
32
  $badgeinfo = array();
33
+ $badgeinfo['badgeurl'] = $params['badgeurl'];
34
+ $badgeinfo['badgeimg'] = $params['badgeimg'];
35
+ $badgeinfo['badgealt'] = $params['badgealt'];
36
+ $settings->updateOption($option, $badgeinfo);
37
+ $resp = array("status" => $settings->getOption($option));
38
  break;
39
  case "disablebadge":
40
+ $option = $bvinfo->badgeinfo;
41
+ $settings->deleteOption($option);
42
+ $resp = array("status" => !$settings->getOption($option));
43
  break;
44
  case "getoption":
45
+ $resp = array('getoption' => $settings->getOption($params['opkey']));
46
  break;
47
  case "setdynplug":
48
+ $settings->updateOption('bvdynplug', $params['dynplug']);
49
+ $resp = array("setdynplug" => $settings->getOption('bvdynplug'));
50
  break;
51
  case "unsetdynplug":
52
+ $settings->deleteOption('bvdynplug');
53
+ $resp = array("unsetdynplug" => $settings->getOption('bvdynplug'));
54
  break;
55
  case "setptplug":
56
+ $settings->updateOption('bvptplug', $params['ptplug']);
57
+ $resp = array("setptplug" => $settings->getOption('bvptplug'));
58
  break;
59
  case "unsetptplug":
60
+ $settings->deleteOption('bvptlug');
61
+ $resp = array("unsetptplug" => $settings->getOption('bvptlug'));
62
  break;
63
  case "wpupplgs":
64
+ $resp = array("wpupdateplugins" => wp_update_plugins());
65
  break;
66
  case "wpupthms":
67
+ $resp = array("wpupdatethemes" => wp_update_themes());
68
  break;
69
  case "wpupcre":
70
+ $resp = array("wpupdatecore" => wp_version_check());
71
  break;
72
  case "rmmonitime":
73
+ $this->settings->deleteOption('bvmonittime');
74
+ $resp = array("rmmonitime" => !$bvinfo->getMonitTime());
75
  break;
76
  case "phpinfo":
77
  phpinfo();
78
  die();
79
  break;
80
  case "dlttrsnt":
81
+ $resp = array("dlttrsnt" => $settings->deleteTransient($params['key']));
82
  break;
83
  default:
84
+ $resp = false;
85
  }
86
+ return $resp;
87
  }
88
  }
89
  endif;
callback/wings/monit.php CHANGED
@@ -3,12 +3,19 @@
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVMonitCallback')) :
5
 
6
- class BVMonitCallback {
 
 
 
 
 
 
 
 
7
  public function getData($table, $limit = 0, $filter = "") {
8
- global $bvcb;
9
  $result = array();
10
  $data = array();
11
- $rows = $bvcb->bvmain->db->getTableContent($table, '*', $filter, $limit);
12
  $last_id = 0;
13
  foreach ($rows as $row) {
14
  $result[] = $row;
@@ -20,58 +27,66 @@ class BVMonitCallback {
20
  }
21
 
22
  public function deleteBvDynamicEvents($filter = "") {
23
- global $bvcb;
24
- $name = BVDynSync::$dynsync_table;
25
- return $bvcb->bvmain->db->deleteBVTableContent($name, $filter);
 
 
 
26
  }
27
 
28
- public function process($method) {
29
- global $bvresp, $bvcb;
30
- $db = $bvcb->bvmain->db;
31
- $info = $bvcb->bvmain->info;
32
- $bvcb->bvmain->setMonitTime();
33
- switch ($method) {
34
  case "getdata":
35
- if (array_key_exists('lp', $_REQUEST)) {
36
- require_once dirname( __FILE__ ) . '/../../lp/config.php';
37
- $lp_params = $_REQUEST['lp'];
 
38
  $limit = intval(urldecode($lp_params['limit']));
39
  $filter = urldecode($lp_params['filter']);
40
- $db->deleteBVTableContent(BVLPConfig::$requests_table, $lp_params['rmfilter']);
41
- $table = $bvcb->bvmain->db->getBVTable(BVLPConfig::$requests_table);
42
- $bvresp->addStatus("lplogs", $this->getData($table, $limit, $filter));
43
  }
44
- if (array_key_exists('fw', $_REQUEST)) {
45
- require_once dirname( __FILE__ ) . '/../../fw/config.php';
46
- $fw_params = $_REQUEST['fw'];
47
  $limit = intval(urldecode($fw_params['limit']));
48
  $filter = urldecode($fw_params['filter']);
49
- $db->deleteBVTableContent(BVFWConfig::$requests_table, $fw_params['rmfilter']);
50
- $table = $bvcb->bvmain->db->getBVTable(BVFWConfig::$requests_table);
51
- $bvresp->addStatus("fwlogs", $this->getData($table, $limit, $filter));
52
  }
53
- if (array_key_exists('dynevent', $_REQUEST)) {
54
- require_once dirname( __FILE__ ) . '/../../dynsync.php';
55
- $isdynsyncactive = $info->getOption('bvDynSyncActive');
56
  if ($isdynsyncactive == 'yes') {
57
- $limit = intval(urldecode($_REQUEST['limit']));
58
- $filter = urldecode($_REQUEST['filter']);
59
- $this->deleteBvDynamicEvents($_REQUEST['rmfilter']);
60
- $table = $bvcb->bvmain->db->getBVTable(BVDynSync::$dynsync_table);
61
  $data = $this->getData($table, $limit, $filter);
62
- $bvresp->addStatus('last_id', $data['last_id']);
63
- $bvresp->addStatus('events', $data['rows']);
64
- $bvresp->addStatus('timestamp', time());
65
- $bvresp->addStatus("status", true);
66
  }
67
  }
 
68
  break;
69
  case "rmdata":
70
- require_once dirname( __FILE__ ) . '/../../dynsync.php';
71
- $filter = urldecode($_REQUEST['filter']);
72
- $bvresp->addStatus("status", $this->deleteBvDynamicEvents($filter));
73
  break;
 
 
74
  }
 
75
  }
76
  }
77
  endif;
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVMonitCallback')) :
5
 
6
+ class BVMonitCallback extends BVCallbackBase {
7
+ public $db;
8
+ public $settings;
9
+
10
+ public function __construct($callback_handler) {
11
+ $this->db = $callback_handler->db;
12
+ $this->settings = $callback_handler->settings;
13
+ }
14
+
15
  public function getData($table, $limit = 0, $filter = "") {
 
16
  $result = array();
17
  $data = array();
18
+ $rows = $this->db->getTableContent($table, '*', $filter, $limit);
19
  $last_id = 0;
20
  foreach ($rows as $row) {
21
  $result[] = $row;
27
  }
28
 
29
  public function deleteBvDynamicEvents($filter = "") {
30
+ $name = BVWPDynSync::$dynsync_table;
31
+ return $this->db->deleteBVTableContent($name, $filter);
32
+ }
33
+
34
+ public function setMonitTime() {
35
+ return $this->settings->updateOption('bvmonittime', time());
36
  }
37
 
38
+ public function process($request) {
39
+ $db = $this->db;
40
+ $settings = $this->settings;
41
+ $this->setMonitTime();
42
+ $params = $request->params;
43
+ switch ($request->method) {
44
  case "getdata":
45
+ $resp = array();
46
+ if (array_key_exists('lp', $params)) {
47
+ require_once dirname( __FILE__ ) . '/../../protect/wp_lp/config.php';
48
+ $lp_params = $params['lp'];
49
  $limit = intval(urldecode($lp_params['limit']));
50
  $filter = urldecode($lp_params['filter']);
51
+ $db->deleteBVTableContent(BVWPLPConfig::$requests_table, $lp_params['rmfilter']);
52
+ $table = $db->getBVTable(BVWPLPConfig::$requests_table);
53
+ $resp["lplogs"] = $this->getData($table, $limit, $filter);
54
  }
55
+ if (array_key_exists('fw', $params)) {
56
+ require_once dirname( __FILE__ ) . '/../../protect/wp_fw/config.php';
57
+ $fw_params = $params['fw'];
58
  $limit = intval(urldecode($fw_params['limit']));
59
  $filter = urldecode($fw_params['filter']);
60
+ $db->deleteBVTableContent(BVWPFWConfig::$requests_table, $fw_params['rmfilter']);
61
+ $table = $db->getBVTable(BVWPFWConfig::$requests_table);
62
+ $resp["fwlogs"] = $this->getData($table, $limit, $filter);
63
  }
64
+ if (array_key_exists('dynevent', $params)) {
65
+ require_once dirname( __FILE__ ) . '/../../wp_dynsync.php';
66
+ $isdynsyncactive = $settings->getOption('bvDynSyncActive');
67
  if ($isdynsyncactive == 'yes') {
68
+ $limit = intval(urldecode($params['limit']));
69
+ $filter = urldecode($params['filter']);
70
+ $this->deleteBvDynamicEvents($params['rmfilter']);
71
+ $table = $db->getBVTable(BVWPDynSync::$dynsync_table);
72
  $data = $this->getData($table, $limit, $filter);
73
+ $resp['last_id'] = $data['last_id'];
74
+ $resp['events'] = $data['rows'];
75
+ $resp['timestamp'] = time();
76
+ $resp["status"] = true;
77
  }
78
  }
79
+ $resp["status"] = "done";
80
  break;
81
  case "rmdata":
82
+ require_once dirname( __FILE__ ) . '/../../wp_dynsync.php';
83
+ $filter = urldecode($params['filter']);
84
+ $resp = array("status" => $this->deleteBvDynamicEvents($filter));
85
  break;
86
+ default:
87
+ $resp = false;
88
  }
89
+ return $resp;
90
  }
91
  }
92
  endif;
callback/wings/protect.php CHANGED
@@ -3,16 +3,25 @@
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVProtectCallback')) :
5
 
6
- require_once dirname( __FILE__ ) . '/../../protect.php';
7
 
8
- class BVProtectCallback {
9
- public function process($method) {
10
- global $bvcb, $bvresp;
11
- $protect = new BVProtect($bvcb->bvmain);
12
- $info = $bvcb->bvmain->info;
13
- switch ($method) {
 
 
 
 
 
 
 
 
14
  case "gtipprobeinfo":
15
- $headers = $_REQUEST['hdrs'];
 
16
  $hdrsinfo = array();
17
  if ($headers && is_array($headers)) {
18
  foreach($headers as $hdr) {
@@ -21,42 +30,43 @@ class BVProtectCallback {
21
  }
22
  }
23
  }
24
- $bvresp->addStatus("hdrsinfo", $hdrsinfo);
25
- if ($iphdr = $info->getOption($bvcb->bvmain->ip_header_option)) {
26
- $bvresp->addStatus("iphdr", $iphdr);
27
  }
28
  break;
29
  case "gtraddr":
30
  $raddr = array_key_exists('REMOTE_ADDR', $_SERVER) ? $_SERVER['REMOTE_ADDR'] : false;
31
- $bvresp->addStatus("raddr", $raddr);
32
  break;
33
  case "gtallhdrs":
34
  $data = (function_exists('getallheaders')) ? getallheaders() : false;
35
- $bvresp->addStatus("allhdrs", $data);
36
  break;
37
  case "gtsvr":
38
- $bvresp->addStatus("svr", $_SERVER);
39
  break;
40
  case "gtip":
41
- $bvresp->addStatus("ip", $protect->getIP());
42
  break;
43
  case "stiphdr":
44
- $option_name = $bvcb->bvmain->ip_header_option;
45
- $iphdr = array('hdr' => $_REQUEST['hdr'], 'pos' => $_REQUEST['pos']);
46
- $info->updateOption($option_name, $iphdr);
47
- $bvresp->addStatus("iphdr", $info->getOption($option_name));
48
  break;
49
  case "gtiphdr":
50
- $bvresp->addStatus("iphdr", $info->getOption($bvcb->bvmain->ip_header_option));
51
  break;
52
  case "rmiphdr":
53
- $option_name = $bvcb->bvmain->ip_header_option;
54
- $info->deleteOption($option_name);
55
- $bvresp->addStatus("iphdr", $info->getOption($option_name));
56
  break;
57
  default:
58
- return false;
59
  }
 
60
  }
61
  }
62
  endif;
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVProtectCallback')) :
5
 
6
+ require_once dirname( __FILE__ ) . '/../../protect/protect.php';
7
 
8
+ class BVProtectCallback extends BVCallbackBase {
9
+ public $db;
10
+ public $settings;
11
+
12
+ public function __construct($callback_handler) {
13
+ $this->db = $callback_handler->db;
14
+ $this->settings = $callback_handler->settings;
15
+ }
16
+
17
+ public function process($request) {
18
+ $bvinfo = new MCInfo($this->settings);
19
+ $protect = new BVProtect($this->db, $this->settings);
20
+ $params = $request->params;
21
+ switch ($request->method) {
22
  case "gtipprobeinfo":
23
+ $resp = array();
24
+ $headers = $params['hdrs'];
25
  $hdrsinfo = array();
26
  if ($headers && is_array($headers)) {
27
  foreach($headers as $hdr) {
30
  }
31
  }
32
  }
33
+ $resp["hdrsinfo"] = $hdrsinfo;
34
+ if ($iphdr = $this->settings->getOption($bvinfo->ip_header_option)) {
35
+ $resp["iphdr"] = $iphdr;
36
  }
37
  break;
38
  case "gtraddr":
39
  $raddr = array_key_exists('REMOTE_ADDR', $_SERVER) ? $_SERVER['REMOTE_ADDR'] : false;
40
+ $resp = array("raddr" => $raddr);
41
  break;
42
  case "gtallhdrs":
43
  $data = (function_exists('getallheaders')) ? getallheaders() : false;
44
+ $resp = array("allhdrs" => $data);
45
  break;
46
  case "gtsvr":
47
+ $resp = array("svr" => $_SERVER);
48
  break;
49
  case "gtip":
50
+ $resp = array("ip" => $protect->getIP());
51
  break;
52
  case "stiphdr":
53
+ $option_name = $bvinfo->ip_header_option;
54
+ $iphdr = array('hdr' => $params['hdr'], 'pos' => $params['pos']);
55
+ $this->settings->updateOption($option_name, $iphdr);
56
+ $resp = array("iphdr" => $this->settings->getOption($option_name));
57
  break;
58
  case "gtiphdr":
59
+ $resp = array("iphdr" => $this->settings->getOption($bvinfo->ip_header_option));
60
  break;
61
  case "rmiphdr":
62
+ $option_name = $bvinfo->ip_header_option;
63
+ $this->settings->deleteOption($option_name);
64
+ $resp = array("iphdr" => $this->settings->getOption($option_name));
65
  break;
66
  default:
67
+ $resp = false;
68
  }
69
+ return $resp;
70
  }
71
  }
72
  endif;
fw/config.php DELETED
@@ -1,167 +0,0 @@
1
- <?php
2
-
3
- if (!defined('ABSPATH')) exit;
4
- if (!class_exists('BVFWConfig')) :
5
-
6
- class BVFWConfig {
7
- public $bvmain;
8
- public static $requests_table = 'fw_requests';
9
- public static $allRules = array(108, 112, 114, 115, 132, 133, 145, 146, 155, 156, 165, 167, 168, 169, 171, 172, 173, 174, 175, 176, 177, 178);
10
-
11
- function __construct($bvmain) {
12
- $this->bvmain = $bvmain;
13
- }
14
-
15
- #mode
16
- const DISABLED = 1;
17
- const AUDIT = 2;
18
- const PROTECT = 3;
19
-
20
- #Rule Mode
21
- const DISABLEDRULE = 1;
22
- const AUDITRULE = 2;
23
- const PROTECTRULE = 3;
24
-
25
- #Request Profiling Mode
26
- const REQ_PROFILING_MODE_DISABLED = 1;
27
- const REQ_PROFILING_MODE_NORMAL = 2;
28
- const REQ_PROFILING_MODE_DEBUG = 3;
29
-
30
- public static function isDisabledRule($mode) {
31
- return ($mode === BVFWConfig::DISABLEDRULE);
32
- }
33
-
34
- public static function isProtectingRule($mode) {
35
- return ($mode === BVFWConfig::PROTECTRULE);
36
- }
37
-
38
- public static function isAuditingRule($mode) {
39
- return ($mode === BVFWConfig::AUDITRULE);
40
- }
41
-
42
- public function isActive() {
43
- return ($this->getMode() !== BVFWConfig::DISABLED);
44
- }
45
-
46
- public function isProtecting() {
47
- return ($this->getMode() === BVFWConfig::PROTECT);
48
- }
49
-
50
- public function isAuditing() {
51
- return ($this->getMode() === BVFWConfig::AUDIT);
52
- }
53
-
54
- public function isReqProfilingModeDebug() {
55
- return ($this->getReqProfilingMode() === BVFWConfig::REQ_PROFILING_MODE_DEBUG);
56
- }
57
-
58
- public function canProfileReqInfo() {
59
- return ($this->getReqProfilingMode() !== BVFWConfig::REQ_PROFILING_MODE_DISABLED);
60
- }
61
-
62
- public function getRules() {
63
- $rules = array("audit" => array(), "protect" => array());
64
- $isAudit = false;
65
- $rulesMode = $this->getRulesMode();
66
- if (BVFWConfig::isDisabledRule($rulesMode)) {
67
- return $rules;
68
- }
69
- $isAudit = ($this->isAuditing() || BVFWConfig::isAuditingRule($rulesMode));
70
- $rulesInfo = array();
71
- foreach ($this->getAuditRules() as $rule)
72
- $rulesInfo[$rule] = BVFWConfig::AUDITRULE;
73
- foreach ($this->getDisabledRules() as $rule)
74
- $rulesInfo[$rule] = BVFWConfig::DISABLEDRULE;
75
- foreach (BVFWConfig::$allRules as $rule) {
76
- if (isset($rulesInfo[$rule])) {
77
- if (BVFWConfig::isAuditingRule($rulesInfo[$rule])) {
78
- $rules["audit"][$rule] = BVFWConfig::AUDITRULE;
79
- }
80
- } else {
81
- if ($isAudit) {
82
- $rules["audit"][$rule] = BVFWConfig::AUDITRULE;
83
- } else {
84
- $rules["protect"][$rule] = BVFWConfig::PROTECTRULE;
85
- }
86
- }
87
- }
88
- return $rules;
89
- }
90
-
91
- public function setMode($mode) {
92
- if (!$mode) {
93
- $this->bvmain->info->deleteOption('bvfwmode');
94
- } else {
95
- $this->bvmain->info->updateOption('bvfwmode', intval($mode));
96
- }
97
- }
98
-
99
- public function setRulesMode($mode) {
100
- if (!$mode) {
101
- $this->bvmain->info->deleteOption('bvfwrulesmode');
102
- } else {
103
- $this->bvmain->info->updateOption('bvfwrulesmode', intval($mode));
104
- }
105
- }
106
-
107
- public function setReqProfilingMode($mode) {
108
- if (!$mode) {
109
- $this->bvmain->info->deleteOption('bvfwreqprofilingmode');
110
- } else {
111
- $this->bvmain->info->updateOption('bvfwreqprofilingmode', intval($mode));
112
- }
113
- }
114
-
115
- public function setDisabledRules($rules) {
116
- if (!$rules) {
117
- $this->bvmain->info->deleteOption('bvfwdisabledrules');
118
- } else {
119
- $this->bvmain->info->updateOption('bvfwdisabledrules', $rules);
120
- }
121
- }
122
-
123
- public function setAuditRules($rules) {
124
- if (!$rules) {
125
- $this->bvmain->info->deleteOption('bvfwauditrules');
126
- } else {
127
- $this->bvmain->info->updateOption('bvfwauditrules', $rules);
128
- }
129
- }
130
-
131
- public function getMode() {
132
- $mode = $this->bvmain->info->getOption('bvfwmode');
133
- return intval($mode ? $mode : BVFWConfig::DISABLED);
134
- }
135
-
136
- public function getRulesMode() {
137
- $mode = $this->bvmain->info->getOption('bvfwrulesmode');
138
- return intval($mode ? $mode : BVFWConfig::DISABLED);
139
- }
140
-
141
- public function getReqProfilingMode() {
142
- $mode = $this->bvmain->info->getOption('bvfwreqprofilingmode');
143
- return intval($mode ? $mode : BVFWConfig::REQ_PROFILING_MODE_DISABLED);
144
- }
145
-
146
- public function getDisabledRules() {
147
- $rules = $this->bvmain->info->getOption('bvfwdisabledrules');
148
- return ($rules ? $rules : array());
149
- }
150
-
151
- public function getAuditRules() {
152
- $rules = $this->bvmain->info->getOption('bvfwauditrules');
153
- return ($rules ? $rules : array());
154
- }
155
-
156
- public function clear() {
157
- $this->setMode(false);
158
- $this->setRulesMode(false);
159
- $this->setDisabledRules(false);
160
- $this->setAuditRules(false);
161
- $this->setReqProfilingMode(false);
162
- $this->bvmain->db->dropBVTable(BVFWConfig::$requests_table);
163
- $this->bvmain->info->deleteOption('bvptplug');
164
- return true;
165
- }
166
- }
167
- endif;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
info.php ADDED
@@ -0,0 +1,86 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ if (!defined('ABSPATH')) exit;
4
+ if (!class_exists('MCInfo')) :
5
+ class MCInfo {
6
+ public $settings;
7
+ public $plugname = 'malcare';
8
+ public $brandname = 'MalCare';
9
+ public $badgeinfo = 'mcbadge';
10
+ public $ip_header_option = 'mcipheader';
11
+ public $brand_option = 'mcbrand';
12
+ public $version = '2.1';
13
+ public $webpage = 'https://www.malcare.com';
14
+ public $appurl = 'https://app.malcare.com';
15
+ public $slug = 'malcare-security/malcare.php';
16
+ public $plug_redirect = 'mcredirect';
17
+ public $logo = '../img/logo.png';
18
+
19
+ public function __construct($settings) {
20
+ $this->settings = $settings;
21
+ }
22
+
23
+ public function getBrandInfo() {
24
+ return $this->settings->getOption($this->brand_option);
25
+ }
26
+
27
+ public function getBrandName() {
28
+ $brand = $this->getBrandInfo();
29
+ if ($brand && array_key_exists('menuname', $brand)) {
30
+ return $brand['menuname'];
31
+ }
32
+ return $this->brandname;
33
+ }
34
+
35
+ public function getMonitTime() {
36
+ $time = $this->settings->getOption('bvmonittime');
37
+ return ($time ? $time : 0);
38
+ }
39
+
40
+ public function appUrl() {
41
+ if (defined('BV_APP_URL')) {
42
+ return BV_APP_URL;
43
+ } else {
44
+ $brand = $this->getBrandInfo();
45
+ if ($brand && array_key_exists('appurl', $brand)) {
46
+ return $brand['appurl'];
47
+ }
48
+ return $this->appurl;
49
+ }
50
+ }
51
+
52
+ public function isActivePlugin() {
53
+ $expiry_time = time() - (3 * 24 * 3600);
54
+ return ($this->getMonitTime() > $expiry_time);
55
+ }
56
+
57
+ public function isProtectModuleEnabled() {
58
+ return ($this->settings->getOption('bvptplug') === $this->plugname) &&
59
+ $this->isActivePlugin();
60
+ }
61
+
62
+ public function isDynSyncModuleEnabled() {
63
+ return ($this->settings->getOption('bvdynplug') === $this->plugname) &&
64
+ $this->isActivePlugin();
65
+ }
66
+ public function isActivateRedirectSet() {
67
+ return ($this->settings->getOption($this->plug_redirect) === 'yes') ? true : false;
68
+ }
69
+
70
+ public function isMalcare() {
71
+ return $this->getBrandName() === 'MalCare - Pro';
72
+ }
73
+
74
+ public function isBlogvault() {
75
+ return $this->getBrandName() === 'BlogVault';
76
+ }
77
+
78
+ public function respInfo() {
79
+ return array(
80
+ "bvversion" => $this->version,
81
+ "asymauth" => "true",
82
+ "sha1" => "true"
83
+ );
84
+ }
85
+ }
86
+ endif;
lp/config.php DELETED
@@ -1,80 +0,0 @@
1
- <?php
2
-
3
- if (!defined('ABSPATH')) exit;
4
- if (!class_exists('BVLPConfig')) :
5
- class BVLPConfig {
6
- public $bvmain;
7
- public static $requests_table = 'lp_requests';
8
-
9
- #mode
10
- const DISABLED = 1;
11
- const AUDIT = 2;
12
- const PROTECT = 3;
13
-
14
- public function __construct($bvmain) {
15
- $this->bvmain = $bvmain;
16
- }
17
-
18
- public function setMode($mode) {
19
- if (!$mode) {
20
- $this->bvmain->info->deleteOption('bvlpmode');
21
- } else {
22
- $this->bvmain->info->updateOption('bvlpmode', intval($mode));
23
- }
24
- }
25
-
26
- public function setCaptchaLimit($count) {
27
- if (!$count) {
28
- $this->bvmain->info->deleteOption('bvlpcaptchaLimit');
29
- } else {
30
- $this->bvmain->info->updateOption('bvlpcaptchaLimit', intval($count));
31
- }
32
- }
33
-
34
- public function setTempBlockLimit($count) {
35
- if (!$count) {
36
- $this->bvmain->info->deleteOption('bvlptempblocklimit');
37
- } else {
38
- $this->bvmain->info->updateOption('bvlptempblocklimit', intval($count));
39
- }
40
- }
41
-
42
- public function setBlockAllLimit($count) {
43
- if (!$count) {
44
- $this->bvmain->info->deleteOption('bvlpblockalllimit');
45
- } else {
46
- $this->bvmain->info->updateOption('bvlpblockalllimit', intval($count));
47
- }
48
- }
49
-
50
- public function getMode() {
51
- $mode = $this->bvmain->info->getOption('bvlpmode');
52
- return intval($mode ? $mode : BVLPConfig::DISABLED);
53
- }
54
-
55
- public function getCaptchaLimit() {
56
- $limit = $this->bvmain->info->getOption('bvlpcaptchalimit');
57
- return ($limit ? $limit : 3);
58
- }
59
-
60
- public function getTempBlockLimit() {
61
- $limit = $this->bvmain->info->getOption('bvlptempblocklimit');
62
- return ($limit ? $limit : 10);
63
- }
64
-
65
- public function getBlockAllLimit() {
66
- $limit = $this->bvmain->info->getOption('bvlpblockAlllimit');
67
- return ($limit ? $limit : 100);
68
- }
69
-
70
- public function clear() {
71
- $this->setMode(false);
72
- $this->setCaptchaLimit(false);
73
- $this->setTempBlockLimit(false);
74
- $this->setBlockAllLimit(false);
75
- $this->bvmain->db->dropBVTable(BVLPConfig::$requests_table);
76
- $this->bvmain->info->deleteOption('bvptplug');
77
- return true;
78
- }
79
- }
80
- endif;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
main.php DELETED
@@ -1,167 +0,0 @@
1
- <?php
2
- if (!defined('ABSPATH')) exit;
3
- if (!class_exists('MalCare')) :
4
-
5
- require_once dirname( __FILE__ ) . '/main/lib.php';
6
- require_once dirname( __FILE__ ) . '/main/site_info.php';
7
- require_once dirname( __FILE__ ) . '/main/auth.php';
8
- require_once dirname( __FILE__ ) . '/main/db.php';
9
-
10
- class MalCare {
11
- public $version = '1.91';
12
- public $plugname = 'malcare';
13
- public $brandname = 'MalCare';
14
- public $webpage = 'https://www.malcare.com';
15
- public $appurl = 'https://app.malcare.com';
16
- public $slug = 'malcare-security/malcare.php';
17
- public $plug_redirect = 'mcredirect';
18
- public $badgeinfo = 'mcbadge';
19
- public $logo = '../img/logo.png';
20
-
21
- public $ip_header_option = 'mcipheader';
22
- public $brand_option = 'mcbrand';
23
-
24
- public $lib;
25
- public $info;
26
- public $auth;
27
- public $db;
28
- function __construct() {
29
- $this->lib = new MCLib();
30
- $this->info = new MCSiteInfo($this->lib);
31
- $this->auth = new MCAuth($this->info);
32
- $this->db = new MCDb();
33
- }
34
-
35
- public function appUrl() {
36
- if (defined('BV_APP_URL')) {
37
- return BV_APP_URL;
38
- } else {
39
- $brand = $this->getBrandInfo();
40
- if ($brand && array_key_exists('appurl', $brand)) {
41
- return $brand['appurl'];
42
- }
43
- return $this->appurl;
44
- }
45
- }
46
-
47
- public function getIPHeader() {
48
- return $this->info->getOption($this->ip_header_option);
49
- }
50
-
51
- public function getBrandName() {
52
- $brand = $this->getBrandInfo();
53
- if ($brand && array_key_exists('menuname', $brand)) {
54
- return $brand['menuname'];
55
- }
56
- return $this->brandname;
57
- }
58
-
59
- public function isMalcare() {
60
- return $this->getBrandName() === 'MalCare - Pro';
61
- }
62
-
63
- public function isBlogvault() {
64
- return $this->getBrandName() === 'BlogVault';
65
- }
66
-
67
- public function getBrandInfo() {
68
- return $this->info->getOption($this->brand_option);
69
- }
70
-
71
- public function authenticatedUrl($method, $apicheck = null, $full = true) {
72
- $_params = $this->auth->newAuthParams($this->version);
73
- if ($apicheck) {
74
- $_params['bvapicheck'] = $apicheck;
75
- }
76
- $qstr = http_build_query($_params);
77
- if (!$full)
78
- return $method."?".$qstr;
79
- return $this->appUrl().$method."?".$qstr;
80
- }
81
-
82
- public function isConfigured() {
83
- return $this->auth->defaultPublic();
84
- }
85
-
86
- public function getMonitTime() {
87
- $time = $this->info->getOption('bvmonittime');
88
- return ($time ? $time : 0);
89
- }
90
-
91
- public function unSetMonitTime() {
92
- return $this->info->deleteOption('bvmonittime');
93
- }
94
-
95
- public function setMonitTime() {
96
- return $this->info->updateOption('bvmonittime', time());
97
- }
98
-
99
- public function isActivePlugin() {
100
- $expiry_time = time() - (3 * 24 * 3600);
101
- return ($this->getMonitTime() > $expiry_time);
102
- }
103
-
104
- public function isProtectModuleEnabled() {
105
- return ($this->info->getOption('bvptplug') === $this->plugname) &&
106
- $this->isActivePlugin();
107
- }
108
-
109
- public function isDynSyncModuleEnabled() {
110
- return ($this->info->getOption('bvdynplug') === $this->plugname) &&
111
- $this->isActivePlugin();
112
- }
113
-
114
- public function pingbv($method) {
115
- $body = array();
116
- $this->info->basic($body);
117
- $body['plug'] = $this->plugname;
118
- $url = $this->authenticatedUrl($method);
119
- $this->lib->http_request($url, $body);
120
- }
121
-
122
- public function setup($rand_secret) {
123
- $this->info->updateOption('bvSecretKey', $rand_secret);
124
- $this->info->updateOption($this->plug_redirect, 'yes');
125
- $this->info->updateOption('bvActivateTime', time());
126
- }
127
-
128
- public function isActivateRedirectSet() {
129
- if ($this->info->getOption($this->plug_redirect) === 'yes') {
130
- $this->info->updateOption($this->plug_redirect, 'no');
131
- return true;
132
- }
133
- return false;
134
- }
135
-
136
- public function activate() {
137
- if (!isset($_REQUEST['blogvaultkey'])) {
138
- ##BVKEYSLOCATE##
139
- }
140
- if ($this->isConfigured()) {
141
- /* This informs the server about the activation */
142
- $this->pingbv('/bvapi/activate');
143
- } else {
144
- $this->setup($this->lib->randString(32));
145
- }
146
- }
147
-
148
- public function footerHandler() {
149
- $bvfooter = $this->info->getOption($this->badgeinfo);
150
- if ($bvfooter) {
151
- echo '<div style="max-width:150px;min-height:70px;margin:0 auto;text-align:center;position:relative;">
152
- <a href='.$bvfooter['badgeurl'].' target="_blank" ><img src="'.plugins_url($bvfooter['badgeimg'], __FILE__).'" alt="'.$bvfooter['badgealt'].'" /></a></div>';
153
- }
154
- }
155
-
156
- public function deactivate() {
157
- $this->pingbv('/bvapi/deactivate');
158
- }
159
-
160
- public static function uninstall() {
161
- do_action('clear_lp_config');
162
- do_action('clear_fw_config');
163
- do_action('clear_ip_store');
164
- ##CLEARDYNSYNCCONFIG##
165
- }
166
- }
167
- endif;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
main/auth.php DELETED
@@ -1,106 +0,0 @@
1
- <?php
2
-
3
- if (!defined('ABSPATH')) exit;
4
- if (!class_exists('MCAuth')) :
5
-
6
- class MCAuth {
7
- public $info;
8
- function __construct($info) {
9
- $this->info = $info;
10
- }
11
-
12
- public function defaultPublic() {
13
- return $this->info->getOption('bvPublic');
14
- }
15
-
16
- public function defaultSecret() {
17
- return $this->info->getOption('bvSecretKey');
18
- }
19
-
20
- public function allKeys() {
21
- $keys = $this->info->getOption('bvkeys');
22
- if (!is_array($keys)) {
23
- $keys = array();
24
- }
25
- $public = $this->defaultPublic();
26
- $secret = $this->defaultSecret();
27
- if ($public)
28
- $keys[$public] = $secret;
29
- $keys['default'] = $secret;
30
- return $keys;
31
- }
32
-
33
- public function publicParam() {
34
- if (array_key_exists('pubkey', $_REQUEST)) {
35
- return $_REQUEST['pubkey'];
36
- } else {
37
- return $this->defaultPublic();
38
- }
39
- }
40
-
41
- public function secretForPublic($public = false) {
42
- $bvkeys = $this->allKeys();
43
- if ($public && array_key_exists($public, $bvkeys) && isset($bvkeys[$public]))
44
- return $bvkeys[$public];
45
- else
46
- return $this->defaultSecret();
47
- }
48
-
49
- public function addKeys($public, $secret) {
50
- $bvkeys = $this->info->getOption('bvkeys');
51
- if ($bvkeys && is_array($bvkeys))
52
- $bvkeys[$public] = $secret;
53
- else
54
- $bvkeys = array($public => $secret);
55
- $this->info->updateOption('bvkeys', $bvkeys);
56
- }
57
-
58
- public function updateKeys($publickey, $secretkey) {
59
- $this->info->updateOption('bvPublic', $publickey);
60
- $this->info->updateOption('bvSecretKey', $secretkey);
61
- $this->addKeys($publickey, $secretkey);
62
- }
63
-
64
- public function rmKeys($publickey) {
65
- $bvkeys = $this->info->getOption('bvkeys');
66
- if ($bvkeys && is_array($bvkeys)) {
67
- unset($bvkeys[$publickey]);
68
- $this->info->updateOption('bvkeys', $bvkeys);
69
- return true;
70
- }
71
- return false;
72
- }
73
-
74
- public function validate($public, $method, $time, $version, $sig) {
75
- $secret = $this->secretForPublic($public);
76
- if ($time < intval($this->info->getOption('bvLastRecvTime')) - 300) {
77
- return false;
78
- }
79
- if (array_key_exists('sha1', $_REQUEST)) {
80
- $sig_match = sha1($method.$secret.$time.$version);
81
- } else {
82
- $sig_match = md5($method.$secret.$time.$version);
83
- }
84
- if ($sig_match !== $sig) {
85
- return $sig_match;
86
- }
87
- $this->info->updateOption('bvLastRecvTime', $time);
88
- return 1;
89
- }
90
-
91
- public function newAuthParams($version) {
92
- $args = array();
93
- $time = time();
94
- $public = $this->publicParam();
95
- $secret = $this->secretForPublic($public);
96
-
97
- $sig = sha1($public.$secret.$time.$version);
98
- $args['sig'] = $sig;
99
- $args['bvTime'] = $time;
100
- $args['bvPublic'] = $public;
101
- $args['bvVersion'] = $version;
102
- $args['sha1'] = '1';
103
- return $args;
104
- }
105
- }
106
- endif;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
main/lib.php DELETED
@@ -1,44 +0,0 @@
1
- <?php
2
-
3
- if (!defined('ABSPATH')) exit;
4
- if (!class_exists('MCLib')) :
5
-
6
- class MCLib {
7
- public function objectToArray($obj) {
8
- return json_decode(json_encode($obj), true);
9
- }
10
-
11
- public function dbsig($full = false) {
12
- if (defined('DB_USER') && defined('DB_NAME') &&
13
- defined('DB_PASSWORD') && defined('DB_HOST')) {
14
- $sig = sha1(DB_USER.DB_NAME.DB_PASSWORD.DB_HOST);
15
- } else {
16
- $sig = "bvnone".$this->randString(34);
17
- }
18
- if ($full)
19
- return $sig;
20
- else
21
- return substr($sig, 0, 6);
22
- }
23
-
24
- public function randString($length) {
25
- $chars = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
26
-
27
- $str = "";
28
- $size = strlen($chars);
29
- for( $i = 0; $i < $length; $i++ ) {
30
- $str .= $chars[rand(0, $size - 1)];
31
- }
32
- return $str;
33
- }
34
-
35
- public function http_request($url, $body) {
36
- $_body = array(
37
- 'method' => 'POST',
38
- 'timeout' => 15,
39
- 'body' => $body);
40
-
41
- return wp_remote_post($url, $_body);
42
- }
43
- }
44
- endif;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
main/site_info.php DELETED
@@ -1,99 +0,0 @@
1
- <?php
2
-
3
- if (!defined('ABSPATH')) exit;
4
- if (!class_exists('MCSiteInfo')) :
5
-
6
- class MCSiteInfo {
7
- public function getOption($key) {
8
- $res = false;
9
- if (function_exists('get_site_option')) {
10
- $res = get_site_option($key, false);
11
- }
12
- if ($res === false) {
13
- $res = get_option($key, false);
14
- }
15
- return $res;
16
- }
17
-
18
- public function deleteOption($key) {
19
- if (function_exists('delete_site_option')) {
20
- return delete_site_option($key);
21
- } else {
22
- return delete_option($key);
23
- }
24
- }
25
-
26
- public function updateOption($key, $value) {
27
- if (function_exists('update_site_option')) {
28
- return update_site_option($key, $value);
29
- } else {
30
- return update_option($key, $value);
31
- }
32
- }
33
-
34
- public function setTransient($name, $value, $time) {
35
- if (function_exists('set_site_transient')) {
36
- return set_site_transient($name, $value, $time);
37
- }
38
- return false;
39
- }
40
-
41
- public function deleteTransient($name) {
42
- if (function_exists('delete_site_transient')) {
43
- return delete_site_transient($name);
44
- }
45
- return false;
46
- }
47
-
48
- public function getTransient($name) {
49
- if (function_exists('get_site_transient')) {
50
- return get_site_transient($name);
51
- }
52
- return false;
53
- }
54
-
55
- public function wpurl() {
56
- if (function_exists('network_site_url'))
57
- return network_site_url();
58
- else
59
- return get_bloginfo('wpurl');
60
- }
61
-
62
- public function siteurl() {
63
- if (function_exists('site_url')) {
64
- return site_url();
65
- } else {
66
- return get_bloginfo('wpurl');
67
- }
68
- }
69
-
70
- public function homeurl() {
71
- if (function_exists('home_url')) {
72
- return home_url();
73
- } else {
74
- return get_bloginfo('url');
75
- }
76
- }
77
-
78
- public function isMultisite() {
79
- if (function_exists('is_multisite'))
80
- return is_multisite();
81
- return false;
82
- }
83
-
84
- public function isMainSite() {
85
- if (!function_exists('is_main_site' ) || !$this->isMultisite())
86
- return true;
87
- return is_main_site();
88
- }
89
-
90
- public function basic(&$info) {
91
- $info['wpurl'] = $this->wpurl();
92
- $info['siteurl'] = $this->siteurl();
93
- $info['homeurl'] = $this->homeurl();
94
- $info['serverip'] = $_SERVER['SERVER_ADDR'];
95
- $info['abspath'] = ABSPATH;
96
- return $info;
97
- }
98
- }
99
- endif;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
malcare.php CHANGED
@@ -5,7 +5,7 @@ Plugin URI: https://www.malcare.com
5
  Description: WordPress Security, Firewall and Malware Scanner
6
  Author: MalCare Security
7
  Author URI: https://www.malcare.com
8
- Version: 1.91
9
  Network: True
10
  */
11
 
@@ -28,65 +28,91 @@ Network: True
28
  /* Global response array */
29
 
30
  if (!defined('ABSPATH')) exit;
31
- global $bvcb, $bvresp;
 
 
 
 
 
 
32
 
33
- require_once dirname( __FILE__ ) . '/main.php';
34
- $bvmain = new MalCare();
35
 
36
- register_uninstall_hook(__FILE__, array('MalCare', 'uninstall'));
37
- register_activation_hook(__FILE__, array($bvmain, 'activate'));
38
- register_deactivation_hook(__FILE__, array($bvmain, 'deactivate'));
39
 
40
- add_action('wp_footer', array($bvmain, 'footerHandler'), 100);
 
 
 
 
 
 
 
 
 
41
 
42
  if (is_admin()) {
43
- require_once dirname( __FILE__ ) . '/admin.php';
44
- $bvadmin = new MCAdmin($bvmain);
45
- add_action('admin_init', array($bvadmin, 'initHandler'));
46
- add_filter('all_plugins', array($bvadmin, 'initBranding'));
47
- add_filter('plugin_row_meta', array($bvadmin, 'hidePluginDetails'), 10, 2);
48
- if ($bvmain->info->isMultisite()) {
49
- add_action('network_admin_menu', array($bvadmin, 'menu'));
50
  } else {
51
- add_action('admin_menu', array($bvadmin, 'menu'));
52
  }
53
- add_filter('plugin_action_links', array($bvadmin, 'settingsLink'), 10, 2);
54
- add_action('admin_notices', array($bvadmin, 'activateWarning'));
55
- add_action('admin_enqueue_scripts', array($bvadmin, 'mcsecAdminMenu'));
56
  }
57
 
 
58
  if ((array_key_exists('bvreqmerge', $_POST)) || (array_key_exists('bvreqmerge', $_GET))) {
59
- $_REQUEST = array_merge($_GET, $_POST);
60
  }
61
 
62
- if ((array_key_exists('bvplugname', $_REQUEST)) &&
63
- stristr($_REQUEST['bvplugname'], $bvmain->plugname)) {
64
- require_once dirname( __FILE__ ) . '/callback.php';
65
- $bvcb = new BVCallback($bvmain);
66
- $bvresp = new BVResponse();
67
- if ($bvcb->preauth() === 1) {
68
- if ($bvcb->authenticate() === 1) {
69
- if (array_key_exists('afterload', $_REQUEST)) {
70
- add_action('wp_loaded', array($bvcb, 'execute'));
71
- } else if (array_key_exists('adajx', $_REQUEST)) {
72
- add_action('wp_ajax_bvadm', array($bvcb, 'bvAdmExecuteWithUser'));
73
- add_action('wp_ajax_nopriv_bvadm', array($bvcb, 'bvAdmExecuteWithoutUser'));
74
- } else {
75
- $bvcb->execute();
76
- }
 
 
 
 
 
77
  } else {
78
- $bvcb->terminate(false, array_key_exists('bvdbg', $_REQUEST));
79
  }
 
 
 
 
 
 
 
 
 
80
  }
81
  } else {
82
- if ($bvmain->isProtectModuleEnabled()) {
83
- require_once dirname( __FILE__ ) . '/protect.php';
84
- $bvprotect = new BVProtect($bvmain);
85
- $bvprotect->init();
86
- require_once dirname( __FILE__ ) . '/ipstore.php';
87
- $bvipstore = new BVIPStore($bvmain);
88
- $bvipstore->init();
89
- }
90
 
91
  ##DYNSYNCMODULE##
92
- }
5
  Description: WordPress Security, Firewall and Malware Scanner
6
  Author: MalCare Security
7
  Author URI: https://www.malcare.com
8
+ Version: 2.1
9
  Network: True
10
  */
11
 
28
  /* Global response array */
29
 
30
  if (!defined('ABSPATH')) exit;
31
+ require_once dirname( __FILE__ ) . '/wp_settings.php';
32
+ require_once dirname( __FILE__ ) . '/wp_site_info.php';
33
+ require_once dirname( __FILE__ ) . '/wp_db.php';
34
+ require_once dirname( __FILE__ ) . '/wp_api.php';
35
+ require_once dirname( __FILE__ ) . '/wp_actions.php';
36
+ require_once dirname( __FILE__ ) . '/info.php';
37
+ require_once dirname( __FILE__ ) . '/account.php';
38
 
 
 
39
 
40
+ $bvsettings = new MCWPSettings();
41
+ $bvsiteinfo = new MCWPSiteInfo();
42
+ $bvdb = new MCWPDb();
43
 
44
+
45
+ $bvapi = new MCWPAPI($bvsettings);
46
+ $bvinfo = new MCInfo($bvsettings);
47
+ $wp_action = new MCWPAction($bvsettings, $bvsiteinfo, $bvapi);
48
+
49
+ register_uninstall_hook(__FILE__, array('MCWPAction', 'uninstall'));
50
+ register_activation_hook(__FILE__, array($wp_action, 'activate'));
51
+ register_deactivation_hook(__FILE__, array($wp_action, 'deactivate'));
52
+
53
+ add_action('wp_footer', array($wp_action, 'footerHandler'), 100);
54
 
55
  if (is_admin()) {
56
+ require_once dirname( __FILE__ ) . '/wp_admin.php';
57
+ $wpadmin = new MCWPAdmin($bvsettings, $bvsiteinfo);
58
+ add_action('admin_init', array($wpadmin, 'initHandler'));
59
+ add_filter('all_plugins', array($wpadmin, 'initBranding'));
60
+ add_filter('plugin_row_meta', array($wpadmin, 'hidePluginDetails'), 10, 2);
61
+ if ($bvsiteinfo->isMultisite()) {
62
+ add_action('network_admin_menu', array($wpadmin, 'menu'));
63
  } else {
64
+ add_action('admin_menu', array($wpadmin, 'menu'));
65
  }
66
+ add_filter('plugin_action_links', array($wpadmin, 'settingsLink'), 10, 2);
67
+ add_action('admin_notices', array($wpadmin, 'activateWarning'));
68
+ add_action('admin_enqueue_scripts', array($wpadmin, 'mcsecAdminMenu'));
69
  }
70
 
71
+
72
  if ((array_key_exists('bvreqmerge', $_POST)) || (array_key_exists('bvreqmerge', $_GET))) {
73
+ $_REQUEST = array_merge($_GET, $_POST);
74
  }
75
 
76
+ if ((array_key_exists('bvplugname', $_REQUEST)) && ($_REQUEST['bvplugname'] == "malcare")) {
77
+ require_once dirname( __FILE__ ) . '/callback/base.php';
78
+ require_once dirname( __FILE__ ) . '/callback/request.php';
79
+ require_once dirname( __FILE__ ) . '/callback/response.php';
80
+
81
+ $request = new BVCallbackRequest($_REQUEST);
82
+ $account = MCAccount::find($bvsettings, $_REQUEST['pubkey']);
83
+
84
+
85
+ ##RECOVERYMODULE##
86
+
87
+ if ($account && (1 === $account->authenticate())) {
88
+ require_once dirname( __FILE__ ) . '/callback/handler.php';
89
+ $request->params = $request->processParams();
90
+ $callback_handler = new BVCallbackHandler($bvdb, $bvsettings, $bvsiteinfo, $request, $account);
91
+ if ($request->is_afterload) {
92
+ add_action('wp_loaded', array($callback_handler, 'execute'));
93
+ } else if ($request->is_admin_ajax) {
94
+ add_action('wp_ajax_bvadm', array($callback_handler, 'bvAdmExecuteWithUser'));
95
+ add_action('wp_ajax_nopriv_bvadm', array($callback_handler, 'bvAdmExecuteWithoutUser'));
96
  } else {
97
+ $callback_handler->execute();
98
  }
99
+ } else {
100
+ $resp = array(
101
+ "account_info" => $account ? $account->respInfo() : array("error" => "ACCOUNT_NOT_FOUND"),
102
+ "request_info" => $request->respInfo(),
103
+ "bvinfo" => $bvinfo->respInfo(),
104
+ "statusmsg" => "FAILED_AUTH"
105
+ );
106
+ $response = new BVCallbackResponse();
107
+ $response->terminate($resp, $request->params);
108
  }
109
  } else {
110
+ if ($bvinfo->isProtectModuleEnabled()) {
111
+ require_once dirname( __FILE__ ) . '/protect/protect.php';
112
+ require_once dirname( __FILE__ ) . '/protect/ipstore.php';
113
+ $bvprotect = new BVProtect($bvdb, $bvsettings);
114
+ $bvprotect->init();
115
+ }
 
 
116
 
117
  ##DYNSYNCMODULE##
118
+ }
ipstore.php → protect/ipstore.php RENAMED
@@ -4,7 +4,7 @@ if (!class_exists('BVIPStore')) :
4
 
5
  class BVIPStore {
6
 
7
- public $bvmain;
8
  public static $name = 'ip_store';
9
 
10
  #TYPE
@@ -15,8 +15,8 @@ if (!class_exists('BVIPStore')) :
15
  const FW = 3;
16
  const LP = 4;
17
 
18
- function __construct($bvmain) {
19
- $this->bvmain = $bvmain;
20
  }
21
 
22
  function init() {
@@ -24,7 +24,7 @@ if (!class_exists('BVIPStore')) :
24
  }
25
 
26
  public function clearConfig() {
27
- $this->bvmain->db->dropBVTable(BVIPStore::$name);
28
  }
29
 
30
  public function hasIPv6Support() {
@@ -77,7 +77,7 @@ if (!class_exists('BVIPStore')) :
77
  }
78
 
79
  public function checkIPPresent($ip, $type, $category) {
80
- $db = $this->bvmain->db;
81
  $table = $db->getBVTable(BVIPStore::$name);
82
  if ($db->isTablePresent($table)) {
83
  $binIP = $this->bvInetPton($ip);
4
 
5
  class BVIPStore {
6
 
7
+ public $db;
8
  public static $name = 'ip_store';
9
 
10
  #TYPE
15
  const FW = 3;
16
  const LP = 4;
17
 
18
+ function __construct($db) {
19
+ $this->db = $db;
20
  }
21
 
22
  function init() {
24
  }
25
 
26
  public function clearConfig() {
27
+ $this->db->dropBVTable(BVIPStore::$name);
28
  }
29
 
30
  public function hasIPv6Support() {
77
  }
78
 
79
  public function checkIPPresent($ip, $type, $category) {
80
+ $db = $this->db;
81
  $table = $db->getBVTable(BVIPStore::$name);
82
  if ($db->isTablePresent($table)) {
83
  $binIP = $this->bvInetPton($ip);
logger.php → protect/logger.php RENAMED
File without changes
protect.php → protect/protect.php RENAMED
@@ -3,28 +3,34 @@ if (!defined('ABSPATH')) exit;
3
  if (!class_exists('BVProtect')) :
4
 
5
  require_once dirname( __FILE__ ) . '/logger.php';
6
- require_once dirname( __FILE__ ) . '/fw/fw.php';
7
- require_once dirname( __FILE__ ) . '/lp/lp.php';
 
8
 
9
  class BVProtect {
10
- public $bvmain;
 
11
 
12
- function __construct($bvmain) {
13
- $this->bvmain = $bvmain;
 
14
  }
15
 
16
  public function init() {
 
 
17
  $ip = $this->getIP();
18
- $fw = new BVFW($this->bvmain, $ip);
19
  $fw->init();
20
  $fw->execute();
21
- $lp = new BVLP($this->bvmain, $ip);
22
  $lp->init();
23
  }
24
 
25
  public function getIP() {
26
  $ip = '127.0.0.1';
27
- if (($ipHeader = $this->bvmain->getIPHeader()) && is_array($ipHeader)) {
 
28
  if (array_key_exists($ipHeader['hdr'], $_SERVER)) {
29
  $_ips = preg_split("/(,| |\t)/", $_SERVER[$ipHeader['hdr']]);
30
  if (array_key_exists(intval($ipHeader['pos']), $_ips)) {
@@ -43,4 +49,4 @@ class BVProtect {
43
  return $ip;
44
  }
45
  }
46
- endif;
3
  if (!class_exists('BVProtect')) :
4
 
5
  require_once dirname( __FILE__ ) . '/logger.php';
6
+ require_once dirname( __FILE__ ) . '/ipstore.php';
7
+ require_once dirname( __FILE__ ) . '/wp_fw/fw.php';
8
+ require_once dirname( __FILE__ ) . '/wp_lp/lp.php';
9
 
10
  class BVProtect {
11
+ public $db;
12
+ public $settings;
13
 
14
+ function __construct($db, $settings) {
15
+ $this->settings = $settings;
16
+ $this->db = $db;
17
  }
18
 
19
  public function init() {
20
+ $bvipstore = new BVIPStore($this->db);
21
+ $bvipstore->init();
22
  $ip = $this->getIP();
23
+ $fw = new BVWPFW($this->db, $this->settings, $ip, $bvipstore);
24
  $fw->init();
25
  $fw->execute();
26
+ $lp = new BVWPLP($this->db, $this->settings, $ip, $bvipstore);
27
  $lp->init();
28
  }
29
 
30
  public function getIP() {
31
  $ip = '127.0.0.1';
32
+ $bvinfo = new MCInfo($this->settings);
33
+ if (($ipHeader = $this->settings->getOption($bvinfo->ip_header_option)) && is_array($ipHeader)) {
34
  if (array_key_exists($ipHeader['hdr'], $_SERVER)) {
35
  $_ips = preg_split("/(,| |\t)/", $_SERVER[$ipHeader['hdr']]);
36
  if (array_key_exists(intval($ipHeader['pos']), $_ips)) {
49
  return $ip;
50
  }
51
  }
52
+ endif;
protect/wp_fw/config.php ADDED
@@ -0,0 +1,168 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ if (!defined('ABSPATH')) exit;
4
+ if (!class_exists('BVWPFWConfig')) :
5
+ class BVWPFWConfig {
6
+ public $db;
7
+ public $settings;
8
+ public static $requests_table = 'fw_requests';
9
+ public static $allRules = array(108, 112, 114, 115, 132, 133, 145, 146, 155, 156, 165, 167, 168, 169, 171, 172, 173, 174, 175, 176, 177, 178);
10
+
11
+ function __construct($db, $settings) {
12
+ $this->db = $db;
13
+ $this->settings = $settings;
14
+ }
15
+
16
+ #mode
17
+ const DISABLED = 1;
18
+ const AUDIT = 2;
19
+ const PROTECT = 3;
20
+
21
+ #Rule Mode
22
+ const DISABLEDRULE = 1;
23
+ const AUDITRULE = 2;
24
+ const PROTECTRULE = 3;
25
+
26
+ #Request Profiling Mode
27
+ const REQ_PROFILING_MODE_DISABLED = 1;
28
+ const REQ_PROFILING_MODE_NORMAL = 2;
29
+ const REQ_PROFILING_MODE_DEBUG = 3;
30
+
31
+ public static function isDisabledRule($mode) {
32
+ return ($mode === BVWPFWConfig::DISABLEDRULE);
33
+ }
34
+
35
+ public static function isProtectingRule($mode) {
36
+ return ($mode === BVWPFWConfig::PROTECTRULE);
37
+ }
38
+
39
+ public static function isAuditingRule($mode) {
40
+ return ($mode === BVWPFWConfig::AUDITRULE);
41
+ }
42
+
43
+ public function isActive() {
44
+ return ($this->getMode() !== BVWPFWConfig::DISABLED);
45
+ }
46
+
47
+ public function isProtecting() {
48
+ return ($this->getMode() === BVWPFWConfig::PROTECT);
49
+ }
50
+
51
+ public function isAuditing() {
52
+ return ($this->getMode() === BVWPFWConfig::AUDIT);
53
+ }
54
+
55
+ public function isReqProfilingModeDebug() {
56
+ return ($this->getReqProfilingMode() === BVWPFWConfig::REQ_PROFILING_MODE_DEBUG);
57
+ }
58
+
59
+ public function canProfileReqInfo() {
60
+ return ($this->getReqProfilingMode() !== BVWPFWConfig::REQ_PROFILING_MODE_DISABLED);
61
+ }
62
+
63
+ public function getRules() {
64
+ $rules = array("audit" => array(), "protect" => array());
65
+ $isAudit = false;
66
+ $rulesMode = $this->getRulesMode();
67
+ if (BVWPFWConfig::isDisabledRule($rulesMode)) {
68
+ return $rules;
69
+ }
70
+ $isAudit = ($this->isAuditing() || BVWPFWConfig::isAuditingRule($rulesMode));
71
+ $rulesInfo = array();
72
+ foreach ($this->getAuditRules() as $rule)
73
+ $rulesInfo[$rule] = BVWPFWConfig::AUDITRULE;
74
+ foreach ($this->getDisabledRules() as $rule)
75
+ $rulesInfo[$rule] = BVWPFWConfig::DISABLEDRULE;
76
+ foreach (BVWPFWConfig::$allRules as $rule) {
77
+ if (isset($rulesInfo[$rule])) {
78
+ if (BVWPFWConfig::isAuditingRule($rulesInfo[$rule])) {
79
+ $rules["audit"][$rule] = BVWPFWConfig::AUDITRULE;
80
+ }
81
+ } else {
82
+ if ($isAudit) {
83
+ $rules["audit"][$rule] = BVWPFWConfig::AUDITRULE;
84
+ } else {
85
+ $rules["protect"][$rule] = BVWPFWConfig::PROTECTRULE;
86
+ }
87
+ }
88
+ }
89
+ return $rules;
90
+ }
91
+
92
+ public function setMode($mode) {
93
+ if (!$mode) {
94
+ $this->settings->deleteOption('bvfwmode');
95
+ } else {
96
+ $this->settings->updateOption('bvfwmode', intval($mode));
97
+ }
98
+ }
99
+
100
+ public function setRulesMode($mode) {
101
+ if (!$mode) {
102
+ $this->settings->deleteOption('bvfwrulesmode');
103
+ } else {
104
+ $this->settings->updateOption('bvfwrulesmode', intval($mode));
105
+ }
106
+ }
107
+
108
+ public function setReqProfilingMode($mode) {
109
+ if (!$mode) {
110
+ $this->settings->deleteOption('bvfwreqprofilingmode');
111
+ } else {
112
+ $this->settings->updateOption('bvfwreqprofilingmode', intval($mode));
113
+ }
114
+ }
115
+
116
+ public function setDisabledRules($rules) {
117
+ if (!$rules) {
118
+ $this->settings->deleteOption('bvfwdisabledrules');
119
+ } else {
120
+ $this->settings->updateOption('bvfwdisabledrules', $rules);
121
+ }
122
+ }
123
+
124
+ public function setAuditRules($rules) {
125
+ if (!$rules) {
126
+ $this->settings->deleteOption('bvfwauditrules');
127
+ } else {
128
+ $this->settings->updateOption('bvfwauditrules', $rules);
129
+ }
130
+ }
131
+
132
+ public function getMode() {
133
+ $mode = $this->settings->getOption('bvfwmode');
134
+ return intval($mode ? $mode : BVWPFWConfig::DISABLED);
135
+ }
136
+
137
+ public function getRulesMode() {
138
+ $mode = $this->settings->getOption('bvfwrulesmode');
139
+ return intval($mode ? $mode : BVWPFWConfig::DISABLED);
140
+ }
141
+
142
+ public function getReqProfilingMode() {
143
+ $mode = $this->settings->getOption('bvfwreqprofilingmode');
144
+ return intval($mode ? $mode : BVWPFWConfig::REQ_PROFILING_MODE_DISABLED);
145
+ }
146
+
147
+ public function getDisabledRules() {
148
+ $rules = $this->settings->getOption('bvfwdisabledrules');
149
+ return ($rules ? $rules : array());
150
+ }
151
+
152
+ public function getAuditRules() {
153
+ $rules = $this->settings->getOption('bvfwauditrules');
154
+ return ($rules ? $rules : array());
155
+ }
156
+
157
+ public function clear() {
158
+ $this->setMode(false);
159
+ $this->setRulesMode(false);
160
+ $this->setDisabledRules(false);
161
+ $this->setAuditRules(false);
162
+ $this->setReqProfilingMode(false);
163
+ $this->db->dropBVTable(BVWPFWConfig::$requests_table);
164
+ $this->settings->deleteOption('bvptplug');
165
+ return true;
166
+ }
167
+ }
168
+ endif;
{fw → protect/wp_fw}/fw.php RENAMED
@@ -1,16 +1,16 @@
1
  <?php
2
 
3
  if (!defined('ABSPATH')) exit;
4
- if (!class_exists('BVFW')) :
5
 
6
  require_once dirname( __FILE__ ) . '/config.php';
7
  require_once dirname( __FILE__ ) . '/request.php';
8
- require_once dirname( __FILE__ ) . './../ipstore.php';
9
 
10
- class BVFW {
 
 
11
  public $request;
12
  public $config;
13
- public $bvmain;
14
  public $ipstore;
15
  public $category;
16
  public $logger;
@@ -49,12 +49,13 @@ class BVFW {
49
  (?:^|[^\\w])(?:on(?:abort|activate|afterprint|afterupdate|autocomplete|autocompleteerror|beforeactivate|beforecopy|beforecut|beforedeactivate|beforeeditfocus|beforepaste|beforeprint|beforeunload|beforeupdate|blur|bounce|cancel|canplay|canplaythrough|cellchange|change|click|close|contextmenu|controlselect|copy|cuechange|cut|dataavailable|datasetchanged|datasetcomplete|dblclick|deactivate|drag|dragend|dragenter|dragleave|dragover|dragstart|drop|durationchange|emptied|encrypted|ended|error|errorupdate|filterchange|finish|focus|focusin|focusout|formchange|forminput|hashchange|help|input|invalid|keydown|keypress|keyup|languagechange|layoutcomplete|load|loadeddata|loadedmetadata|loadstart|losecapture|message|mousedown|mouseenter|mouseleave|mousemove|mouseout|mouseover|mouseup|mousewheel|move|moveend|movestart|mozfullscreenchange|mozfullscreenerror|mozpointerlockchange|mozpointerlockerror|offline|online|page|pagehide|pageshow|paste|pause|play|playing|popstate|progress|propertychange|ratechange|readystatechange|reset|resize|resizeend|resizestart|rowenter|rowexit|rowsdelete|rowsinserted|scroll|search|seeked|seeking|select|selectstart|show|stalled|start|storage|submit|suspend|timer|timeupdate|toggle|unload|volumechange|waiting|webkitfullscreenchange|webkitfullscreenerror|wheel)|formaction|data\\-bind|ev:event)[^\\w]
50
  )/ix';
51
 
52
- public function __construct($bvmain, $ip) {
53
- $this->bvmain = $bvmain;
54
- $this->config = new BVFWConfig($this->bvmain);
55
- $this->request = new BVRequest($ip);
56
- $this->ipstore = new BVIPStore($bvmain);
57
- $this->logger = new BVLogger($this->bvmain->db, BVFWConfig::$requests_table);
 
58
  }
59
 
60
  public function init() {
@@ -71,19 +72,20 @@ class BVFW {
71
  }
72
  }
73
 
74
- public function terminateRequest($category = BVRequest::NORMAL) {
 
75
  $this->request->setCategory($category);
76
- $this->request->setStatus(BVRequest::BLOCKED);
77
  $this->request->setRespCode(403);
78
  header("Cache-Control: no-cache, no-store, must-revalidate");
79
  header("Pragma: no-cache");
80
  header("Expires: 0");
81
  header('HTTP/1.0 403 Forbidden');
82
- $brandname = $this->bvmain->getBrandName();
83
  die("
84
  <div style='height: 98vh;'>
85
  <div style='text-align: center; padding: 10% 0; font-family: Arial, Helvetica, sans-serif;'>
86
- <div><p><img src=".plugins_url('../img/icon.png', __FILE__)."><h2>Firewall</h2><h3>powered by</h3><h2>"
87
  .$brandname."</h2></p><div>
88
  <p>Blocked because of Malicious Activities</p>
89
  </div>
@@ -101,8 +103,8 @@ class BVFW {
101
 
102
  public function canBypassFirewall() {
103
  if ($this->isWhitelistedIP()) {
104
- $this->request->setCategory(BVRequest::WHITELISTED);
105
- $this->request->setStatus(BVRequest::BYPASSED);
106
  return true;
107
  }
108
  return false;
@@ -124,7 +126,7 @@ class BVFW {
124
  $this->matchRules($rules["audit"]);
125
  if ($this->config->isProtecting()) {
126
  if ($this->isBlacklistedIP()) {
127
- $this->terminateRequest(BVRequest::BLACKLISTED);
128
  }
129
  if ($this->matchRules($rules["protect"], true)) {
130
  $this->terminateRequest();
@@ -276,7 +278,7 @@ class BVFW {
276
  $result[$currkey]["file"] = true;
277
  }
278
 
279
- if ($this->matchCount(BVFW::SQLIREGEX, $value) >= 2) {
280
  $result[$currkey]["sql"] = true;
281
  }
282
  }
@@ -291,7 +293,7 @@ class BVFW {
291
  }
292
  if (isset($rules[108])) {
293
  $this->currRuleInfo = array();
294
- if ($this->match(BVFW::XSSREGEX, $this->request->getQueryString(), "GET")) {
295
  $this->request->updateRulesInfo(108, $this->currRuleInfo);
296
  if ($isProtect) return true;
297
  }
@@ -328,9 +330,9 @@ class BVFW {
328
  ((!$this->match('/^1?$/', $this->request->getBody('kento_pvc_hide'), "kento_pvc_hide")) or
329
  (!$this->match('/^1?$/', $this->request->getBody('kento_pvc_uniq'), "kento_pvc_uniq")) or
330
  (!$this->match('/^1?$/', $this->request->getBody('kento_pvc_posttype'), "kento_pvc_posttype")) or
331
- ($this->match(BVFW::XSSREGEX, $this->request->getBody('kento_pvc_today_text'), "kento_pvc_today_text")) or
332
- ($this->match(BVFW::XSSREGEX, $this->request->getBody('kento_pvc_total_text'), "kento_pvc_total_text")) or
333
- ($this->match(BVFW::XSSREGEX, $this->request->getBody('kento_pvc_numbers_lang'), "kento_pvc_numbers_lang")))) {
334
  $this->request->updateRulesInfo(132, $this->currRuleInfo);
335
  if ($isProtect) return true;
336
  }
@@ -350,9 +352,9 @@ class BVFW {
350
  if (isset($rules[145])) {
351
  $this->currRuleInfo = array();
352
  if ((($this->match('/Abonti|aggregator|AhrefsBot|asterias|BDCbot|BLEXBot|BuiltBotTough|Bullseye|BunnySlippers|ca\\-crawler|CCBot|Cegbfeieh|CheeseBot|CherryPicker|CopyRightCheck|cosmos|Crescent|discobot|DittoSpyder|DotBot|Download Ninja|EasouSpider|EmailCollector|EmailSiphon|EmailWolf|EroCrawler|Exabot|ExtractorPro|Fasterfox|FeedBooster|Foobot|Genieo|grub\\-client|Harvest|hloader|httplib|HTTrack|humanlinks|ieautodiscovery|InfoNaviRobot|IstellaBot|Java\\/1\\.|JennyBot|k2spider|Kenjin Spider|Keyword Density\\/0\\.9|larbin|LexiBot|libWeb|libwww|LinkextractorPro|linko|LinkScan\\/8\\.1a Unix|LinkWalker|LNSpiderguy|lwp\\-trivial|magpie|Mata Hari|MaxPointCrawler|MegaIndex|Microsoft URL Control|MIIxpc|Mippin|Missigua Locator|Mister PiX|MJ12bot|moget|MSIECrawler|NetAnts|NICErsPRO|Niki\\-Bot|NPBot|Nutch|Offline Explorer|Openfind|panscient\\.com|PHP\\/5\\.\\{|ProPowerBot\\/2\\.14|ProWebWalker|Python\\-urllib|QueryN Metasearch|RepoMonkey|RMA|SemrushBot|SeznamBot|SISTRIX|sitecheck\\.Internetseer\\.com|SiteSnagger|SnapPreviewBot|Sogou|SpankBot|spanner|spbot|Spinn3r|suzuran|Szukacz\\/1\\.4|Teleport|Telesoft|The Intraformant|TheNomad|TightTwatBot|Titan|toCrawl\\/UrlDispatcher|True_Robot|turingos|TurnitinBot|UbiCrawler|UnisterBot|URLy Warning|VCI|WBSearchBot|Web Downloader\\/6\\.9|Web Image Collector|WebAuto|WebBandit|WebCopier|WebEnhancer|WebmasterWorldForumBot|WebReaper|WebSauger|Website Quester|Webster Pro|WebStripper|WebZip|Wotbox|wsr\\-agent|WWW\\-Collector\\-E|Xenu|Zao|Zeus|ZyBORG|coccoc|Incutio|lmspider|memoryBot|SemrushBot|serf|Unknown|uptime files/i', $this->request->getHeader('User-Agent'), "User-Agent")) &&
353
- ($this->match(BVFW::XSSREGEX, $this->request->getHeader('User-Agent'), "User-Agent"))) or
354
  (($this->match('/semalt\\.com|kambasoft\\.com|savetubevideo\\.com|buttons\\-for\\-website\\.com|sharebutton\\.net|soundfrost\\.org|srecorder\\.com|softomix\\.com|softomix\\.net|myprintscreen\\.com|joinandplay\\.me|fbfreegifts\\.com|openmediasoft\\.com|zazagames\\.org|extener\\.org|openfrost\\.com|openfrost\\.net|googlsucks\\.com|best\\-seo\\-offer\\.com|buttons\\-for\\-your\\-website\\.com|www\\.Get\\-Free\\-Traffic\\-Now\\.com|best\\-seo\\-solution\\.com|buy\\-cheap\\-online\\.info|site3\\.free\\-share\\-buttons\\.com|webmaster\\-traffic\\.co/i', $this->request->getHeader('Referer'), "Referer")) &&
355
- ($this->match(BVFW::XSSREGEX, $this->request->getHeader('User-Agent'), "User-Agent")))) {
356
  $this->request->updateRulesInfo(145, $this->currRuleInfo);
357
  if ($isProtect) return true;
358
  }
@@ -366,11 +368,11 @@ class BVFW {
366
  }
367
  if (isset($rules[155])) {
368
  $this->currRuleInfo = array();
369
- if (($this->match(BVFW::XSSREGEX, $this->request->getHeader('Client-IP'), "Client-IP")) or
370
- ($this->match(BVFW::XSSREGEX, $this->request->getHeader('X-Forwarded'), "X-Forwarded")) or
371
- ($this->match(BVFW::XSSREGEX, $this->request->getHeader('X-Cluster-Client-IP'), "X-Cluster-Client-IP")) or
372
- ($this->match(BVFW::XSSREGEX, $this->request->getHeader('Forwarded-For'), "Forwarded-For")) or
373
- ($this->match(BVFW::XSSREGEX, $this->request->getHeader('Forwarded'), "Forwarded"))) {
374
  $this->request->updateRulesInfo(155, $this->currRuleInfo);
375
  if ($isProtect) return true;
376
  }
@@ -378,8 +380,8 @@ class BVFW {
378
  if (isset($rules[156])) {
379
  $this->currRuleInfo = array();
380
  if ($this->match('#/wp\\-admin/admin\\-ajax\\.php$#i', $this->getServerValue('SCRIPT_FILENAME')) and
381
- (($this->match(BVFW::SQLIREGEX, $this->request->getBody('umm_user'), "umm_user")) or
382
- ($this->match(BVFW::SQLIREGEX, $this->request->getQueryString('umm_user'), "umm_user")))) {
383
  $this->request->updateRulesInfo(156, $this->currRuleInfo);
384
  if ($isProtect) return true;
385
  }
@@ -412,7 +414,7 @@ class BVFW {
412
  if (isset($rules[169])) {
413
  $this->currRuleInfo = array();
414
  if (($this->equals('fancybox-for-wordpress', $this->request->getQueryString('page'))) &&
415
- ($this->match(BVFW::XSSREGEX, $this->request->getBody('mfbfw'), "mfbfw"))) {
416
  $this->request->updateRulesInfo(169, $this->currRuleInfo);
417
  if ($isProtect) return true;
418
  }
@@ -483,10 +485,10 @@ class BVFW {
483
  }
484
  if (isset($rules[177])) {
485
  $this->currRuleInfo = array();
486
- if ((($this->matchCount(BVFW::SQLIREGEX, $this->request->getBody()) > 2) or
487
- ($this->matchCount(BVFW::SQLIREGEX, $this->request->getQueryString()) > 2) or
488
- ($this->matchCount(BVFW::SQLIREGEX, $this->request->getCookies()) > 2) or
489
- ($this->matchCount(BVFW::SQLIREGEX, $this->request->getHeader('User-Agent')) > 2))) {
490
  $this->request->updateRulesInfo(177, $this->currRuleInfo);
491
  if ($isProtect) return true;
492
  }
@@ -506,4 +508,4 @@ class BVFW {
506
  return false;
507
  }
508
  }
509
- endif;
1
  <?php
2
 
3
  if (!defined('ABSPATH')) exit;
4
+ if (!class_exists('BVWPFW')) :
5
 
6
  require_once dirname( __FILE__ ) . '/config.php';
7
  require_once dirname( __FILE__ ) . '/request.php';
 
8
 
9
+ class BVWPFW {
10
+ public $db;
11
+ public $settings;
12
  public $request;
13
  public $config;
 
14
  public $ipstore;
15
  public $category;
16
  public $logger;
49
  (?:^|[^\\w])(?:on(?:abort|activate|afterprint|afterupdate|autocomplete|autocompleteerror|beforeactivate|beforecopy|beforecut|beforedeactivate|beforeeditfocus|beforepaste|beforeprint|beforeunload|beforeupdate|blur|bounce|cancel|canplay|canplaythrough|cellchange|change|click|close|contextmenu|controlselect|copy|cuechange|cut|dataavailable|datasetchanged|datasetcomplete|dblclick|deactivate|drag|dragend|dragenter|dragleave|dragover|dragstart|drop|durationchange|emptied|encrypted|ended|error|errorupdate|filterchange|finish|focus|focusin|focusout|formchange|forminput|hashchange|help|input|invalid|keydown|keypress|keyup|languagechange|layoutcomplete|load|loadeddata|loadedmetadata|loadstart|losecapture|message|mousedown|mouseenter|mouseleave|mousemove|mouseout|mouseover|mouseup|mousewheel|move|moveend|movestart|mozfullscreenchange|mozfullscreenerror|mozpointerlockchange|mozpointerlockerror|offline|online|page|pagehide|pageshow|paste|pause|play|playing|popstate|progress|propertychange|ratechange|readystatechange|reset|resize|resizeend|resizestart|rowenter|rowexit|rowsdelete|rowsinserted|scroll|search|seeked|seeking|select|selectstart|show|stalled|start|storage|submit|suspend|timer|timeupdate|toggle|unload|volumechange|waiting|webkitfullscreenchange|webkitfullscreenerror|wheel)|formaction|data\\-bind|ev:event)[^\\w]
50
  )/ix';
51
 
52
+ public function __construct($db, $settings, $ip, $ipstore) {
53
+ $this->db = $db;
54
+ $this->settings = $settings;
55
+ $this->config = new BVWPFWConfig($db, $settings);
56
+ $this->request = new BVWPRequest($ip);
57
+ $this->ipstore = $ipstore;
58
+ $this->logger = new BVLogger($db, BVWPFWConfig::$requests_table);
59
  }
60
 
61
  public function init() {
72
  }
73
  }
74
 
75
+ public function terminateRequest($category = BVWPRequest::NORMAL) {
76
+ $info = new MCInfo($this->settings);
77
  $this->request->setCategory($category);
78
+ $this->request->setStatus(BVWPRequest::BLOCKED);
79
  $this->request->setRespCode(403);
80
  header("Cache-Control: no-cache, no-store, must-revalidate");
81
  header("Pragma: no-cache");
82
  header("Expires: 0");
83
  header('HTTP/1.0 403 Forbidden');
84
+ $brandname = $info->getBrandName();
85
  die("
86
  <div style='height: 98vh;'>
87
  <div style='text-align: center; padding: 10% 0; font-family: Arial, Helvetica, sans-serif;'>
88
+ <div><p><img src=".plugins_url('/../../img/icon.png', __FILE__)."><h2>Firewall</h2><h3>powered by</h3><h2>"
89
  .$brandname."</h2></p><div>
90
  <p>Blocked because of Malicious Activities</p>
91
  </div>
103
 
104
  public function canBypassFirewall() {
105
  if ($this->isWhitelistedIP()) {
106
+ $this->request->setCategory(BVWPRequest::WHITELISTED);
107
+ $this->request->setStatus(BVWPRequest::BYPASSED);
108
  return true;
109
  }
110
  return false;
126
  $this->matchRules($rules["audit"]);
127
  if ($this->config->isProtecting()) {
128
  if ($this->isBlacklistedIP()) {
129
+ $this->terminateRequest(BVWPRequest::BLACKLISTED);
130
  }
131
  if ($this->matchRules($rules["protect"], true)) {
132
  $this->terminateRequest();
278
  $result[$currkey]["file"] = true;
279
  }
280
 
281
+ if ($this->matchCount(BVWPFW::SQLIREGEX, $value) >= 2) {
282
  $result[$currkey]["sql"] = true;
283
  }
284
  }
293
  }
294
  if (isset($rules[108])) {
295
  $this->currRuleInfo = array();
296
+ if ($this->match(BVWPFW::XSSREGEX, $this->request->getQueryString(), "GET")) {
297
  $this->request->updateRulesInfo(108, $this->currRuleInfo);
298
  if ($isProtect) return true;
299
  }
330
  ((!$this->match('/^1?$/', $this->request->getBody('kento_pvc_hide'), "kento_pvc_hide")) or
331
  (!$this->match('/^1?$/', $this->request->getBody('kento_pvc_uniq'), "kento_pvc_uniq")) or
332
  (!$this->match('/^1?$/', $this->request->getBody('kento_pvc_posttype'), "kento_pvc_posttype")) or
333
+ ($this->match(BVWPFW::XSSREGEX, $this->request->getBody('kento_pvc_today_text'), "kento_pvc_today_text")) or
334
+ ($this->match(BVWPFW::XSSREGEX, $this->request->getBody('kento_pvc_total_text'), "kento_pvc_total_text")) or
335
+ ($this->match(BVWPFW::XSSREGEX, $this->request->getBody('kento_pvc_numbers_lang'), "kento_pvc_numbers_lang")))) {
336
  $this->request->updateRulesInfo(132, $this->currRuleInfo);
337
  if ($isProtect) return true;
338
  }
352
  if (isset($rules[145])) {
353
  $this->currRuleInfo = array();
354
  if ((($this->match('/Abonti|aggregator|AhrefsBot|asterias|BDCbot|BLEXBot|BuiltBotTough|Bullseye|BunnySlippers|ca\\-crawler|CCBot|Cegbfeieh|CheeseBot|CherryPicker|CopyRightCheck|cosmos|Crescent|discobot|DittoSpyder|DotBot|Download Ninja|EasouSpider|EmailCollector|EmailSiphon|EmailWolf|EroCrawler|Exabot|ExtractorPro|Fasterfox|FeedBooster|Foobot|Genieo|grub\\-client|Harvest|hloader|httplib|HTTrack|humanlinks|ieautodiscovery|InfoNaviRobot|IstellaBot|Java\\/1\\.|JennyBot|k2spider|Kenjin Spider|Keyword Density\\/0\\.9|larbin|LexiBot|libWeb|libwww|LinkextractorPro|linko|LinkScan\\/8\\.1a Unix|LinkWalker|LNSpiderguy|lwp\\-trivial|magpie|Mata Hari|MaxPointCrawler|MegaIndex|Microsoft URL Control|MIIxpc|Mippin|Missigua Locator|Mister PiX|MJ12bot|moget|MSIECrawler|NetAnts|NICErsPRO|Niki\\-Bot|NPBot|Nutch|Offline Explorer|Openfind|panscient\\.com|PHP\\/5\\.\\{|ProPowerBot\\/2\\.14|ProWebWalker|Python\\-urllib|QueryN Metasearch|RepoMonkey|RMA|SemrushBot|SeznamBot|SISTRIX|sitecheck\\.Internetseer\\.com|SiteSnagger|SnapPreviewBot|Sogou|SpankBot|spanner|spbot|Spinn3r|suzuran|Szukacz\\/1\\.4|Teleport|Telesoft|The Intraformant|TheNomad|TightTwatBot|Titan|toCrawl\\/UrlDispatcher|True_Robot|turingos|TurnitinBot|UbiCrawler|UnisterBot|URLy Warning|VCI|WBSearchBot|Web Downloader\\/6\\.9|Web Image Collector|WebAuto|WebBandit|WebCopier|WebEnhancer|WebmasterWorldForumBot|WebReaper|WebSauger|Website Quester|Webster Pro|WebStripper|WebZip|Wotbox|wsr\\-agent|WWW\\-Collector\\-E|Xenu|Zao|Zeus|ZyBORG|coccoc|Incutio|lmspider|memoryBot|SemrushBot|serf|Unknown|uptime files/i', $this->request->getHeader('User-Agent'), "User-Agent")) &&
355
+ ($this->match(BVWPFW::XSSREGEX, $this->request->getHeader('User-Agent'), "User-Agent"))) or
356
  (($this->match('/semalt\\.com|kambasoft\\.com|savetubevideo\\.com|buttons\\-for\\-website\\.com|sharebutton\\.net|soundfrost\\.org|srecorder\\.com|softomix\\.com|softomix\\.net|myprintscreen\\.com|joinandplay\\.me|fbfreegifts\\.com|openmediasoft\\.com|zazagames\\.org|extener\\.org|openfrost\\.com|openfrost\\.net|googlsucks\\.com|best\\-seo\\-offer\\.com|buttons\\-for\\-your\\-website\\.com|www\\.Get\\-Free\\-Traffic\\-Now\\.com|best\\-seo\\-solution\\.com|buy\\-cheap\\-online\\.info|site3\\.free\\-share\\-buttons\\.com|webmaster\\-traffic\\.co/i', $this->request->getHeader('Referer'), "Referer")) &&
357
+ ($this->match(BVWPFW::XSSREGEX, $this->request->getHeader('User-Agent'), "User-Agent")))) {
358
  $this->request->updateRulesInfo(145, $this->currRuleInfo);
359
  if ($isProtect) return true;
360
  }
368
  }
369
  if (isset($rules[155])) {
370
  $this->currRuleInfo = array();
371
+ if (($this->match(BVWPFW::XSSREGEX, $this->request->getHeader('Client-IP'), "Client-IP")) or
372
+ ($this->match(BVWPFW::XSSREGEX, $this->request->getHeader('X-Forwarded'), "X-Forwarded")) or
373
+ ($this->match(BVWPFW::XSSREGEX, $this->request->getHeader('X-Cluster-Client-IP'), "X-Cluster-Client-IP")) or
374
+ ($this->match(BVWPFW::XSSREGEX, $this->request->getHeader('Forwarded-For'), "Forwarded-For")) or
375
+ ($this->match(BVWPFW::XSSREGEX, $this->request->getHeader('Forwarded'), "Forwarded"))) {
376
  $this->request->updateRulesInfo(155, $this->currRuleInfo);
377
  if ($isProtect) return true;
378
  }
380
  if (isset($rules[156])) {
381
  $this->currRuleInfo = array();
382
  if ($this->match('#/wp\\-admin/admin\\-ajax\\.php$#i', $this->getServerValue('SCRIPT_FILENAME')) and
383
+ (($this->match(BVWPFW::SQLIREGEX, $this->request->getBody('umm_user'), "umm_user")) or
384
+ ($this->match(BVWPFW::SQLIREGEX, $this->request->getQueryString('umm_user'), "umm_user")))) {
385
  $this->request->updateRulesInfo(156, $this->currRuleInfo);
386
  if ($isProtect) return true;
387
  }
414
  if (isset($rules[169])) {
415
  $this->currRuleInfo = array();
416
  if (($this->equals('fancybox-for-wordpress', $this->request->getQueryString('page'))) &&
417
+ ($this->match(BVWPFW::XSSREGEX, $this->request->getBody('mfbfw'), "mfbfw"))) {
418
  $this->request->updateRulesInfo(169, $this->currRuleInfo);
419
  if ($isProtect) return true;
420
  }
485
  }
486
  if (isset($rules[177])) {
487
  $this->currRuleInfo = array();
488
+ if ((($this->matchCount(BVWPFW::SQLIREGEX, $this->request->getBody()) > 2) or
489
+ ($this->matchCount(BVWPFW::SQLIREGEX, $this->request->getQueryString()) > 2) or
490
+ ($this->matchCount(BVWPFW::SQLIREGEX, $this->request->getCookies()) > 2) or
491
+ ($this->matchCount(BVWPFW::SQLIREGEX, $this->request->getHeader('User-Agent')) > 2))) {
492
  $this->request->updateRulesInfo(177, $this->currRuleInfo);
493
  if ($isProtect) return true;
494
  }
508
  return false;
509
  }
510
  }
511
+ endif;
{fw → protect/wp_fw}/request.php RENAMED
@@ -1,8 +1,8 @@
1
  <?php
2
 
3
  if (!defined('ABSPATH')) exit;
4
- if (!class_exists('BVRequest')) :
5
- class BVRequest {
6
  private $fileNames;
7
  private $files;
8
  private $headers;
@@ -40,16 +40,16 @@ class BVRequest {
40
  $this->rulesInfo = array();
41
  $this->reqInfo = array();
42
  $this->setRespCode(0);
43
- $this->setCategory(BVRequest::NORMAL);
44
- $this->setStatus(BVRequest::ALLOWED);
45
  $this->setTimestamp(time());
46
- $this->setQueryString(BVRequest::removeMagicQuotes($_GET));
47
- $this->setCookies(BVRequest::removeMagicQuotes($_COOKIE));
48
- $this->setBody(BVRequest::removeMagicQuotes($_POST));
49
- $this->setFiles(BVRequest::removeMagicQuotes($_FILES));
50
  if (!empty($_FILES)) {
51
  foreach ($_FILES as $input => $file) {
52
- $fileNames[$input] = BVRequest::removeMagicQuotes($file['name']);
53
  }
54
  }
55
  $this->setFileNames($fileNames);
@@ -60,30 +60,30 @@ class BVRequest {
60
  $header = str_replace(array(' ', '_'), array('', ' '), $header);
61
  $header = ucwords(strtolower($header));
62
  $header = str_replace(' ', '-', $header);
63
- $headers[$header] = BVRequest::removeMagicQuotes($value);
64
  }
65
  }
66
  if (array_key_exists('CONTENT_TYPE', $_SERVER)) {
67
- $headers['Content-Type'] = BVRequest::removeMagicQuotes($_SERVER['CONTENT_TYPE']);
68
  }
69
  if (array_key_exists('CONTENT_LENGTH', $_SERVER)) {
70
- $headers['Content-Length'] = BVRequest::removeMagicQuotes($_SERVER['CONTENT_LENGTH']);
71
  }
72
  if (array_key_exists('REFERER', $_SERVER)) {
73
- $headers['Referer'] = BVRequest::removeMagicQuotes($_SERVER['REFERER']);
74
  }
75
  if (array_key_exists('HTTP_USER_AGENT', $_SERVER)) {
76
- $headers['User-Agent'] = BVRequest::removeMagicQuotes($_SERVER['HTTP_USER_AGENT']);
77
  }
78
 
79
  if (array_key_exists('Host', $headers)) {
80
  $host = $headers['Host'];
81
  } else if (array_key_exists('SERVER_NAME', $_SERVER)) {
82
- $host = BVRequest::removeMagicQuotes($_SERVER['SERVER_NAME']);
83
  }
84
 
85
- $method = array_key_exists('REQUEST_METHOD', $_SERVER) ? BVRequest::removeMagicQuotes($_SERVER['REQUEST_METHOD']) : 'GET';
86
- $uri = array_key_exists('REQUEST_URI', $_SERVER) ? BVRequest::removeMagicQuotes($_SERVER['REQUEST_URI']) : '';
87
  $_uri = parse_url($uri);
88
  $path = (is_array($_uri) && array_key_exists('path', $_uri)) ? $_uri['path'] : $uri;
89
  }
@@ -307,7 +307,7 @@ class BVRequest {
307
 
308
  public static function removeMagicQuotes($value) {
309
  if (function_exists("get_magic_quotes_gpc") && get_magic_quotes_gpc()) {
310
- return BVRequest::removeSlashesRecursively($value);
311
  }
312
  return $value;
313
  }
@@ -321,4 +321,4 @@ class BVRequest {
321
  return $value;
322
  }
323
  }
324
- endif;
1
  <?php
2
 
3
  if (!defined('ABSPATH')) exit;
4
+ if (!class_exists('BVWPRequest')) :
5
+ class BVWPRequest {
6
  private $fileNames;
7
  private $files;
8
  private $headers;
40
  $this->rulesInfo = array();
41
  $this->reqInfo = array();
42
  $this->setRespCode(0);
43
+ $this->setCategory(BVWPRequest::NORMAL);
44
+ $this->setStatus(BVWpRequest::ALLOWED);
45
  $this->setTimestamp(time());
46
+ $this->setQueryString(BVWPRequest::removeMagicQuotes($_GET));
47
+ $this->setCookies(BVWPRequest::removeMagicQuotes($_COOKIE));
48
+ $this->setBody(BVWPRequest::removeMagicQuotes($_POST));
49
+ $this->setFiles(BVWPRequest::removeMagicQuotes($_FILES));
50
  if (!empty($_FILES)) {
51
  foreach ($_FILES as $input => $file) {
52
+ $fileNames[$input] = BVWPRequest::removeMagicQuotes($file['name']);
53
  }
54
  }
55
  $this->setFileNames($fileNames);
60
  $header = str_replace(array(' ', '_'), array('', ' '), $header);
61
  $header = ucwords(strtolower($header));
62
  $header = str_replace(' ', '-', $header);
63
+ $headers[$header] = BVWPRequest::removeMagicQuotes($value);
64
  }
65
  }
66
  if (array_key_exists('CONTENT_TYPE', $_SERVER)) {
67
+ $headers['Content-Type'] = BVWPRequest::removeMagicQuotes($_SERVER['CONTENT_TYPE']);
68
  }
69
  if (array_key_exists('CONTENT_LENGTH', $_SERVER)) {
70
+ $headers['Content-Length'] = BVWPRequest::removeMagicQuotes($_SERVER['CONTENT_LENGTH']);
71
  }
72
  if (array_key_exists('REFERER', $_SERVER)) {
73
+ $headers['Referer'] = BVWPRequest::removeMagicQuotes($_SERVER['REFERER']);
74
  }
75
  if (array_key_exists('HTTP_USER_AGENT', $_SERVER)) {
76
+ $headers['User-Agent'] = BVWPRequest::removeMagicQuotes($_SERVER['HTTP_USER_AGENT']);
77
  }
78
 
79
  if (array_key_exists('Host', $headers)) {
80
  $host = $headers['Host'];
81
  } else if (array_key_exists('SERVER_NAME', $_SERVER)) {
82
+ $host = BVWPRequest::removeMagicQuotes($_SERVER['SERVER_NAME']);
83
  }
84
 
85
+ $method = array_key_exists('REQUEST_METHOD', $_SERVER) ? BVWPRequest::removeMagicQuotes($_SERVER['REQUEST_METHOD']) : 'GET';
86
+ $uri = array_key_exists('REQUEST_URI', $_SERVER) ? BVWPRequest::removeMagicQuotes($_SERVER['REQUEST_URI']) : '';
87
  $_uri = parse_url($uri);
88
  $path = (is_array($_uri) && array_key_exists('path', $_uri)) ? $_uri['path'] : $uri;
89
  }
307
 
308
  public static function removeMagicQuotes($value) {
309
  if (function_exists("get_magic_quotes_gpc") && get_magic_quotes_gpc()) {
310
+ return BVWPRequest::removeSlashesRecursively($value);
311
  }
312
  return $value;
313
  }
321
  return $value;
322
  }
323
  }
324
+ endif;
protect/wp_lp/config.php ADDED
@@ -0,0 +1,82 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ if (!defined('ABSPATH')) exit;
4
+ if (!class_exists('BVWPLPConfig')) :
5
+ class BVWPLPConfig {
6
+ public $db;
7
+ public $settings;
8
+ public static $requests_table = 'lp_requests';
9
+
10
+ #mode
11
+ const DISABLED = 1;
12
+ const AUDIT = 2;
13
+ const PROTECT = 3;
14
+
15
+ public function __construct($db, $settings) {
16
+ $this->db = $db;
17
+ $this->settings = $settings;
18
+ }
19
+
20
+ public function setMode($mode) {
21
+ if (!$mode) {
22
+ $this->settings->deleteOption('bvlpmode');
23
+ } else {
24
+ $this->settings->updateOption('bvlpmode', intval($mode));
25
+ }
26
+ }
27
+
28
+ public function setCaptchaLimit($count) {
29
+ if (!$count) {
30
+ $this->settings->deleteOption('bvlpcaptchaLimit');
31
+ } else {
32
+ $this->settings->updateOption('bvlpcaptchaLimit', intval($count));
33
+ }
34
+ }
35
+
36
+ public function setTempBlockLimit($count) {
37
+ if (!$count) {
38
+ $this->settings->deleteOption('bvlptempblocklimit');
39
+ } else {
40
+ $this->settings->updateOption('bvlptempblocklimit', intval($count));
41
+ }
42
+ }
43
+
44
+ public function setBlockAllLimit($count) {
45
+ if (!$count) {
46
+ $this->settings->deleteOption('bvlpblockalllimit');
47
+ } else {
48
+ $this->settings->updateOption('bvlpblockalllimit', intval($count));
49
+ }
50
+ }
51
+
52
+ public function getMode() {
53
+ $mode = $this->settings->getOption('bvlpmode');
54
+ return intval($mode ? $mode : BVWPLPConfig::DISABLED);
55
+ }
56
+
57
+ public function getCaptchaLimit() {
58
+ $limit = $this->settings->getOption('bvlpcaptchalimit');
59
+ return ($limit ? $limit : 3);
60
+ }
61
+
62
+ public function getTempBlockLimit() {
63
+ $limit = $this->settings->getOption('bvlptempblocklimit');
64
+ return ($limit ? $limit : 10);
65
+ }
66
+
67
+ public function getBlockAllLimit() {
68
+ $limit = $this->settings->getOption('bvlpblockAlllimit');
69
+ return ($limit ? $limit : 100);
70
+ }
71
+
72
+ public function clear() {
73
+ $this->setMode(false);
74
+ $this->setCaptchaLimit(false);
75
+ $this->setTempBlockLimit(false);
76
+ $this->setBlockAllLimit(false);
77
+ $this->db->dropBVTable(BVWPLPConfig::$requests_table);
78
+ $this->settings->deleteOption('bvptplug');
79
+ return true;
80
+ }
81
+ }
82
+ endif;
{lp → protect/wp_lp}/lp.php RENAMED
@@ -1,20 +1,19 @@
1
  <?php
2
 
3
  if (!defined('ABSPATH')) exit;
4
- if (!class_exists('BVLP')) :
5
 
6
  require_once dirname( __FILE__ ) . '/config.php';
7
- require_once dirname( __FILE__ ) . './../ipstore.php';
8
 
9
- class BVLP {
10
-
 
11
  private $ip;
12
  private $time;
13
  private $category;
14
  private $username;
15
  private $message;
16
  public $config;
17
- public $bvmain;
18
  public $logger;
19
  public $ipstore;
20
  public static $requests_table = 'lp_requests';
@@ -34,12 +33,13 @@ class BVLP {
34
  const BYPASSED = 6;
35
  const ALLOWED = 7;
36
 
37
- public function __construct($bvmain, $ip) {
38
- $this->bvmain = $bvmain;
 
39
  $this->ip = $ip;
40
- $this->config = new BVLPConfig($this->bvmain);
41
- $this->ipstore = new BVIPStore($bvmain);
42
- $this->logger = new BVLogger($this->bvmain->db, BVLPConfig::$requests_table);
43
  $this->time = strtotime(date("Y-m-d H:i:s"));
44
  }
45
 
@@ -69,8 +69,8 @@ class BVLP {
69
  }
70
 
71
  public function getCaptchaLink() {
72
- $bvmain = $this->bvmain;
73
- $url = $bvmain->authenticatedUrl('/captcha/solve');
74
  $url .= "&adminurl=".base64_encode(get_admin_url());
75
  return $url;
76
  }
@@ -84,7 +84,7 @@ class BVLP {
84
  }
85
 
86
  public function getCategory() {
87
- return $this->category ? $this->category : BVLP::ALLOWED;
88
  }
89
 
90
  public function getCaptchaLimit() {
@@ -101,19 +101,20 @@ class BVLP {
101
 
102
  public function getLoginLogsTable() {
103
  global $bvdb;
104
- return $bvdb->getBVTable(BVLP::$requests_table);
105
  }
106
 
107
  public function getAllowLoginsTransient() {
108
- return $this->bvmain->info->getTransient('bvlp_allow_logins');
109
  }
110
 
111
  public function getBlockLoginsTransient() {
112
- return $this->bvmain->info->getTransient('bvlp_block_logins');
113
  }
114
 
115
  public function terminateTemplate() {
116
- $brandname = $this->bvmain->getBrandName();
 
117
  $templates = array (
118
  1 => "<p>Too many failed attempts, You are barred from logging into this site.</p><a href=".$this->getCaptchaLink()."
119
  class='btn btn-default'>Click here</a> to unblock yourself.",
@@ -125,7 +126,7 @@ class BVLP {
125
  return "
126
  <div style='height: 98vh;'>
127
  <div style='text-align: center; padding: 10% 0; font-family: Arial, Helvetica, sans-serif;'>
128
- <div><p><img src=".plugins_url('../img/icon.png', __FILE__)."><h2>Login Protection</h2><h3>powered by</h3><h2>"
129
  .$brandname."</h2></p><div>
130
  <p>" . $templates[$this->getCategory()]. "</p>
131
  </div>
@@ -133,11 +134,11 @@ class BVLP {
133
  }
134
 
135
  public function isProtecting() {
136
- return ($this->config->getMode() === BVLPConfig::PROTECT);
137
  }
138
 
139
  public function isActive() {
140
- return ($this->config->getMode() !== BVLPConfig::DISABLED);
141
  }
142
 
143
  public function isBlacklistedIP() {
@@ -149,10 +150,10 @@ class BVLP {
149
  }
150
 
151
  public function isUnBlockedIP() {
152
- $transient_name = BVLP::$unblock_ip_transient.$this->ip;
153
- $attempts = $this->bvmain->info->getTransient($transient_name);
154
  if ($attempts && $attempts > 0) {
155
- $this->bvmain->info->setTransient($transient_name, $attempts - 1, 600 * $attempts);
156
  return true;
157
  }
158
  return false;
@@ -160,7 +161,7 @@ class BVLP {
160
 
161
  public function isLoginBlocked() {
162
  if ($this->getAllowLoginsTransient() ||
163
- ($this->getLoginCount(BVLP::LOGINFAILURE) < $this->getBlockAllLimit())) {
164
  return false;
165
  }
166
  return true;
@@ -179,7 +180,7 @@ class BVLP {
179
 
180
  public function terminateLogin() {
181
  $this->setMessage('Login Blocked');
182
- $this->log(BVLP::LOGINBLOCKED);
183
  if ($this->isProtecting()) {
184
  header("Cache-Control: no-cache, no-store, must-revalidate");
185
  header("Pragma: no-cache");
@@ -192,22 +193,22 @@ class BVLP {
192
 
193
  public function loginInit($user, $username = '', $password = '') {
194
  if ($this->isUnBlockedIP()) {
195
- $this->setCategory(BVLP::UNBLOCKED);
196
  } else {
197
- $failed_attempts = $this->getLoginCount(BVLP::LOGINFAILURE, $this->ip);
198
  if ($this->isBlacklistedIP()) {
199
- $this->setCategory(BVLP::BLACKLISTED);
200
  $this->terminateLogin();
201
  } else if ($this->isKnownLogin() || $this->isWhitelistedIP()) {
202
- $this->setCategory(BVLP::BYPASSED);
203
  } else if ($this->isLoginBlocked()) {
204
- $this->setCategory(BVLP::ALLBLOCKED);
205
  $this->terminateLogin();
206
  } else if ($failed_attempts >= $this->getTempBlockLimit()) {
207
- $this->setCategory(BVLP::TEMPBLOCK);
208
  $this->terminateLogin();
209
  } else if ($failed_attempts >= $this->getCaptchaLimit()) {
210
- $this->setCategory(BVLP::CAPTCHABLOCK);
211
  $this->terminateLogin();
212
  }
213
  }
@@ -219,22 +220,22 @@ class BVLP {
219
 
220
  public function loginFailed($username) {
221
  $this->setUserName($username);
222
- $this->log(BVLP::LOGINFAILURE);
223
  }
224
 
225
  public function loginSuccess($username) {
226
  $this->setUserName($username);
227
  $this->setMessage('Login Success');
228
- $this->log(BVLP::LOGINSUCCESS);
229
  }
230
 
231
  public function isKnownLogin() {
232
- return $this->getLoginCount(BVLP::LOGINSUCCESS, $this->ip, 3600) > 0;
233
  }
234
 
235
  public function getLoginCount($status, $ip = null, $gap = 1800) {
236
- $db = $this->bvmain->db;
237
- $table = $db->getBVTable(BVLP::$requests_table);
238
  $query = $db->prepare("SELECT COUNT(*) as count from `$table` WHERE status=%d && time > %d", array($status, ($this->time - $gap)));
239
  if ($ip) {
240
  $query .= $db->prepare(" && ip=%s", $ip);
1
  <?php
2
 
3
  if (!defined('ABSPATH')) exit;
4
+ if (!class_exists('BVWPLP')) :
5
 
6
  require_once dirname( __FILE__ ) . '/config.php';
 
7
 
8
+ class BVWPLP {
9
+ public $db;
10
+ public $settings;
11
  private $ip;
12
  private $time;
13
  private $category;
14
  private $username;
15
  private $message;
16
  public $config;
 
17
  public $logger;
18
  public $ipstore;
19
  public static $requests_table = 'lp_requests';
33
  const BYPASSED = 6;
34
  const ALLOWED = 7;
35
 
36
+ public function __construct($db, $settings, $ip, $ipstore) {
37
+ $this->db = $db;
38
+ $this->settings = $settings;
39
  $this->ip = $ip;
40
+ $this->config = new BVWPLPConfig($db, $settings);
41
+ $this->ipstore = $ipstore;
42
+ $this->logger = new BVLogger($db, BVWPLPConfig::$requests_table);
43
  $this->time = strtotime(date("Y-m-d H:i:s"));
44
  }
45
 
69
  }
70
 
71
  public function getCaptchaLink() {
72
+ $account = MCAccount::find($this->settings);
73
+ $url = $account->authenticatedUrl('/captcha/solve');
74
  $url .= "&adminurl=".base64_encode(get_admin_url());
75
  return $url;
76
  }
84
  }
85
 
86
  public function getCategory() {
87
+ return $this->category ? $this->category : BVWPLP::ALLOWED;
88
  }
89
 
90
  public function getCaptchaLimit() {
101
 
102
  public function getLoginLogsTable() {
103
  global $bvdb;
104
+ return $bvdb->getBVTable(BVWPLP::$requests_table);
105
  }
106
 
107
  public function getAllowLoginsTransient() {
108
+ return $this->settings->getTransient('bvlp_allow_logins');
109
  }
110
 
111
  public function getBlockLoginsTransient() {
112
+ return $this->settings->getTransient('bvlp_block_logins');
113
  }
114
 
115
  public function terminateTemplate() {
116
+ $info = new MCInfo($this->settings);
117
+ $brandname = $info->getBrandName();
118
  $templates = array (
119
  1 => "<p>Too many failed attempts, You are barred from logging into this site.</p><a href=".$this->getCaptchaLink()."
120
  class='btn btn-default'>Click here</a> to unblock yourself.",
126
  return "
127
  <div style='height: 98vh;'>
128
  <div style='text-align: center; padding: 10% 0; font-family: Arial, Helvetica, sans-serif;'>
129
+ <div><p><img src=".plugins_url('/../../img/icon.png', __FILE__)."><h2>Login Protection</h2><h3>powered by</h3><h2>"
130
  .$brandname."</h2></p><div>
131
  <p>" . $templates[$this->getCategory()]. "</p>
132
  </div>
134
  }
135
 
136
  public function isProtecting() {
137
+ return ($this->config->getMode() === BVWPLPConfig::PROTECT);
138
  }
139
 
140
  public function isActive() {
141
+ return ($this->config->getMode() !== BVWPLPConfig::DISABLED);
142
  }
143
 
144
  public function isBlacklistedIP() {
150
  }
151
 
152
  public function isUnBlockedIP() {
153
+ $transient_name = BVWPLP::$unblock_ip_transient.$this->ip;
154
+ $attempts = $this->settings->getTransient($transient_name);
155
  if ($attempts && $attempts > 0) {
156
+ $this->settings->setTransient($transient_name, $attempts - 1, 600 * $attempts);
157
  return true;
158
  }
159
  return false;
161
 
162
  public function isLoginBlocked() {
163
  if ($this->getAllowLoginsTransient() ||
164
+ ($this->getLoginCount(BVWPLP::LOGINFAILURE) < $this->getBlockAllLimit())) {
165
  return false;
166
  }
167
  return true;
180
 
181
  public function terminateLogin() {
182
  $this->setMessage('Login Blocked');
183
+ $this->log(BVWPLP::LOGINBLOCKED);
184
  if ($this->isProtecting()) {
185
  header("Cache-Control: no-cache, no-store, must-revalidate");
186
  header("Pragma: no-cache");
193
 
194
  public function loginInit($user, $username = '', $password = '') {
195
  if ($this->isUnBlockedIP()) {
196
+ $this->setCategory(BVWPLP::UNBLOCKED);
197
  } else {
198
+ $failed_attempts = $this->getLoginCount(BVWPLP::LOGINFAILURE, $this->ip);
199
  if ($this->isBlacklistedIP()) {
200
+ $this->setCategory(BVWPLP::BLACKLISTED);
201
  $this->terminateLogin();
202
  } else if ($this->isKnownLogin() || $this->isWhitelistedIP()) {
203
+ $this->setCategory(BVWPLP::BYPASSED);
204
  } else if ($this->isLoginBlocked()) {
205
+ $this->setCategory(BVWPLP::ALLBLOCKED);
206
  $this->terminateLogin();
207
  } else if ($failed_attempts >= $this->getTempBlockLimit()) {
208
+ $this->setCategory(BVWPLP::TEMPBLOCK);
209
  $this->terminateLogin();
210
  } else if ($failed_attempts >= $this->getCaptchaLimit()) {
211
+ $this->setCategory(BVWPLP::CAPTCHABLOCK);
212
  $this->terminateLogin();
213
  }
214
  }
220
 
221
  public function loginFailed($username) {
222
  $this->setUserName($username);
223
+ $this->log(BVWPLP::LOGINFAILURE);
224
  }
225
 
226
  public function loginSuccess($username) {
227
  $this->setUserName($username);
228
  $this->setMessage('Login Success');
229
+ $this->log(BVWPLP::LOGINSUCCESS);
230
  }
231
 
232
  public function isKnownLogin() {
233
+ return $this->getLoginCount(BVWPLP::LOGINSUCCESS, $this->ip, 3600) > 0;
234
  }
235
 
236
  public function getLoginCount($status, $ip = null, $gap = 1800) {
237
+ $db = $this->db;
238
+ $table = $db->getBVTable(BVWPLP::$requests_table);
239
  $query = $db->prepare("SELECT COUNT(*) as count from `$table` WHERE status=%d && time > %d", array($status, ($this->time - $gap)));
240
  if ($ip) {
241
  $query .= $db->prepare(" && ip=%s", $ip);
readme.txt CHANGED
@@ -6,7 +6,7 @@ Donate link: https://www.malcare.com
6
  Requires at least: 4.0
7
  Tested up to: 5.2.1
8
  Requires PHP: 5.3.0
9
- Stable tag: 1.91
10
  License: GPLv2 or later
11
  License URI: [http://www.gnu.org/licenses/gpl-2.0.html](http://www.gnu.org/licenses/gpl-2.0.html)
12
 
@@ -218,11 +218,14 @@ FTP details input into MalCare is processed on our servers. We need your FTP cre
218
  8. With BlogVault's White-Label Solution you can showcase our service under your own brilliant brand.
219
 
220
  == CHANGELOG ==
 
 
 
221
  = 1.91 =
222
  * Request profling and logging
223
 
224
  = 1.89 =
225
- * Firewall improvements
226
 
227
  = 1.88 =
228
  * Callback improvements
6
  Requires at least: 4.0
7
  Tested up to: 5.2.1
8
  Requires PHP: 5.3.0
9
+ Stable tag: 2.1
10
  License: GPLv2 or later
11
  License URI: [http://www.gnu.org/licenses/gpl-2.0.html](http://www.gnu.org/licenses/gpl-2.0.html)
12
 
218
  8. With BlogVault's White-Label Solution you can showcase our service under your own brilliant brand.
219
 
220
  == CHANGELOG ==
221
+ = 2.1 =
222
+ * Restructuring classes
223
+
224
  = 1.91 =
225
  * Request profling and logging
226
 
227
  = 1.89 =
228
+ *Firewall improvements
229
 
230
  = 1.88 =
231
  * Callback improvements
wp_actions.php ADDED
@@ -0,0 +1,54 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ if (!defined('ABSPATH')) exit;
4
+ if (!class_exists('MCWPAction')) :
5
+ class MCWPAction {
6
+ public $settings;
7
+ public $siteinfo;
8
+ public $bvinfo;
9
+ public $bvapi;
10
+
11
+ public function __construct($settings, $siteinfo, $bvapi) {
12
+ $this->settings = $settings;
13
+ $this->siteinfo = $siteinfo;
14
+ $this->bvapi = $bvapi;
15
+ $this->bvinfo = new MCInfo($settings);
16
+ }
17
+
18
+ public function activate() {
19
+ $account = MCAccount::find($this->settings);
20
+ if (!isset($_REQUEST['blogvaultkey'])) {
21
+ ##BVKEYSLOCATE##
22
+ }
23
+ if (MCAccount::isConfigured($this->settings)) {
24
+ /* This informs the server about the activation */
25
+ $info = array();
26
+ $this->siteinfo->basic($info);
27
+ $this->bvapi->pingbv('/bvapi/activate', $info);
28
+ } else {
29
+ $account->setup();
30
+ }
31
+ }
32
+
33
+ public function deactivate() {
34
+ $info = array();
35
+ $this->siteinfo->basic($info);
36
+ $this->bvapi->pingbv('/bvapi/deactivate', $info);
37
+ }
38
+
39
+ public static function uninstall() {
40
+ do_action('clear_lp_config');
41
+ do_action('clear_fw_config');
42
+ do_action('clear_ip_store');
43
+ ##CLEARDYNSYNCCONFIG##
44
+ }
45
+
46
+ public function footerHandler() {
47
+ $bvfooter = $this->settings->getOption($this->bvinfo->badgeinfo);
48
+ if ($bvfooter) {
49
+ echo '<div style="max-width:150px;min-height:70px;margin:0 auto;text-align:center;position:relative;">
50
+ <a href='.$bvfooter['badgeurl'].' target="_blank" ><img src="'.plugins_url($bvfooter['badgeimg'], __FILE__).'" alt="'.$bvfooter['badgealt'].'" /></a></div>';
51
+ }
52
+ }
53
+ }
54
+ endif;
admin.php → wp_admin.php RENAMED
@@ -1,18 +1,25 @@
1
  <?php
2
 
3
  if (!defined('ABSPATH')) exit;
4
- if (!class_exists('MCAdmin')) :
5
- class MCAdmin {
6
- public $bvmain;
7
- function __construct($bvmain) {
8
- $this->bvmain = $bvmain;
 
 
 
 
 
 
 
9
  }
10
 
11
  public function mainUrl($_params = '') {
12
  if (function_exists('network_admin_url')) {
13
- return network_admin_url('admin.php?page='.$this->bvmain->plugname.$_params);
14
  } else {
15
- return admin_url('admin.php?page='.$this->bvmain->plugname.$_params);
16
  }
17
  }
18
 
@@ -25,16 +32,18 @@ class MCAdmin {
25
  array_key_exists('blogvaultkey', $_REQUEST) &&
26
  (strlen($_REQUEST['blogvaultkey']) == 64) &&
27
  (array_key_exists('page', $_REQUEST) &&
28
- $_REQUEST['page'] == $this->bvmain->plugname)) {
29
  $keys = str_split($_REQUEST['blogvaultkey'], 32);
30
- $this->bvmain->auth->updateKeys($keys[0], $keys[1]);
31
  if (array_key_exists('redirect', $_REQUEST)) {
32
  $location = $_REQUEST['redirect'];
33
- wp_redirect($this->bvmain->authenticatedUrl('/malcare/access/welcome'));
 
34
  exit();
35
  }
36
  }
37
- if ($this->bvmain->isActivateRedirectSet()) {
 
38
  wp_redirect($this->mainUrl());
39
  }
40
  }
@@ -47,17 +56,17 @@ class MCAdmin {
47
  }
48
 
49
  public function menu() {
50
- $brand = $this->bvmain->getBrandInfo();
51
  if (!$brand || (!array_key_exists('hide', $brand) && !array_key_exists('hide_from_menu', $brand))) {
52
- $bname = $this->bvmain->getBrandName();
53
- add_menu_page($bname, $bname, 'manage_options', $this->bvmain->plugname,
54
  array($this, 'adminPage'), plugins_url('img/icon.png', __FILE__ ));
55
  }
56
  }
57
 
58
  public function hidePluginDetails($plugin_metas, $slug) {
59
- $brand = $this->bvmain->getBrandInfo();
60
- $bvslug = $this->bvmain->slug;
61
 
62
  if ($slug === $bvslug && $brand && array_key_exists('hide_plugin_details', $brand)){
63
  foreach ($plugin_metas as $pluginKey => $pluginValue) {
@@ -79,31 +88,31 @@ class MCAdmin {
79
  }
80
 
81
  public function getPluginLogo() {
82
- $brand = $this->bvmain->getBrandInfo();
83
  if ($brand && array_key_exists('logo', $brand)) {
84
  return $brand['logo'];
85
  }
86
- return $this->bvmain->logo;
87
  }
88
 
89
  public function getWebPage() {
90
- $brand = $this->bvmain->getBrandInfo();
91
  if ($brand && array_key_exists('webpage', $brand)) {
92
  return $brand['webpage'];
93
  }
94
- return $this->bvmain->webpage;
95
  }
96
 
97
  public function siteInfoTags() {
98
  $bvnonce = wp_create_nonce("bvnonce");
99
- $secret = $this->bvmain->auth->defaultSecret();
100
- $tags = "<input type='hidden' name='url' value='".$this->bvmain->info->wpurl()."'/>\n".
101
- "<input type='hidden' name='homeurl' value='".$this->bvmain->info->homeurl()."'/>\n".
102
- "<input type='hidden' name='siteurl' value='".$this->bvmain->info->siteurl()."'/>\n".
103
- "<input type='hidden' name='dbsig' value='".$this->bvmain->lib->dbsig(false)."'/>\n".
104
- "<input type='hidden' name='plug' value='".$this->bvmain->plugname."'/>\n".
105
  "<input type='hidden' name='adminurl' value='".$this->mainUrl()."'/>\n".
106
- "<input type='hidden' name='bvversion' value='".$this->bvmain->version."'/>\n".
107
  "<input type='hidden' name='serverip' value='".$_SERVER["SERVER_ADDR"]."'/>\n".
108
  "<input type='hidden' name='abspath' value='".ABSPATH."'/>\n".
109
  "<input type='hidden' name='secret' value='".$secret."'/>\n".
@@ -113,7 +122,7 @@ class MCAdmin {
113
 
114
  public function activateWarning() {
115
  global $hook_suffix;
116
- if (!$this->bvmain->isConfigured() && $hook_suffix == 'index.php' ) {
117
  ?>
118
  <div id="message" class="updated" style="padding: 8px; font-size: 16px; background-color: #dff0d8">
119
  <a class="button-primary" href="<?php echo $this->mainUrl(); ?>">Activate MalCare</a>
@@ -128,8 +137,8 @@ class MCAdmin {
128
  }
129
 
130
  public function initBranding($plugins) {
131
- $slug = $this->bvmain->slug;
132
- $brand = $this->bvmain->getBrandInfo();
133
  if ($brand) {
134
  if (array_key_exists('hide', $brand)) {
135
  unset($plugins[$slug]);
1
  <?php
2
 
3
  if (!defined('ABSPATH')) exit;
4
+ if (!class_exists('MCWPAdmin')) :
5
+ class MCWPAdmin {
6
+ public $settings;
7
+ public $siteinfo;
8
+ public $account;
9
+ public $bvinfo;
10
+
11
+ function __construct($settings, $siteinfo) {
12
+ $this->settings = $settings;
13
+ $this->siteinfo = $siteinfo;
14
+ $this->bvinfo = new MCInfo($this->settings);
15
+ $this->account = MCAccount::find($this->settings);
16
  }
17
 
18
  public function mainUrl($_params = '') {
19
  if (function_exists('network_admin_url')) {
20
+ return network_admin_url('admin.php?page='.$this->bvinfo->plugname.$_params);
21
  } else {
22
+ return admin_url('admin.php?page='.$this->bvinfo->plugname.$_params);
23
  }
24
  }
25
 
32
  array_key_exists('blogvaultkey', $_REQUEST) &&
33
  (strlen($_REQUEST['blogvaultkey']) == 64) &&
34
  (array_key_exists('page', $_REQUEST) &&
35
+ $_REQUEST['page'] == $this->bvinfo->plugname)) {
36
  $keys = str_split($_REQUEST['blogvaultkey'], 32);
37
+ $this->account->updateKeys($keys[0], $keys[1]);
38
  if (array_key_exists('redirect', $_REQUEST)) {
39
  $location = $_REQUEST['redirect'];
40
+ $this->account = MCAccount::find($this->settings);
41
+ wp_redirect($this->account->authenticatedUrl('/malcare/access/welcome'));
42
  exit();
43
  }
44
  }
45
+ if ($this->bvinfo->isActivateRedirectSet()) {
46
+ $this->settings->updateOption($this->bvinfo->plug_redirect, 'no');
47
  wp_redirect($this->mainUrl());
48
  }
49
  }
56
  }
57
 
58
  public function menu() {
59
+ $brand = $this->bvinfo->getBrandInfo();
60
  if (!$brand || (!array_key_exists('hide', $brand) && !array_key_exists('hide_from_menu', $brand))) {
61
+ $bname = $this->bvinfo->getBrandName();
62
+ add_menu_page($bname, $bname, 'manage_options', $this->bvinfo->plugname,
63
  array($this, 'adminPage'), plugins_url('img/icon.png', __FILE__ ));
64
  }
65
  }
66
 
67
  public function hidePluginDetails($plugin_metas, $slug) {
68
+ $brand = $this->bvinfo->getBrandInfo();
69
+ $bvslug = $this->bvinfo->slug;
70
 
71
  if ($slug === $bvslug && $brand && array_key_exists('hide_plugin_details', $brand)){
72
  foreach ($plugin_metas as $pluginKey => $pluginValue) {
88
  }
89
 
90
  public function getPluginLogo() {
91
+ $brand = $this->bvinfo->getBrandInfo();
92
  if ($brand && array_key_exists('logo', $brand)) {
93
  return $brand['logo'];
94
  }
95
+ return $this->bvinfo->logo;
96
  }
97
 
98
  public function getWebPage() {
99
+ $brand = $this->bvinfo->getBrandInfo();
100
  if ($brand && array_key_exists('webpage', $brand)) {
101
  return $brand['webpage'];
102
  }
103
+ return $this->bvinfo->webpage;
104
  }
105
 
106
  public function siteInfoTags() {
107
  $bvnonce = wp_create_nonce("bvnonce");
108
+ $secret = $this->account->secret;
109
+ $tags = "<input type='hidden' name='url' value='".$this->siteinfo->wpurl()."'/>\n".
110
+ "<input type='hidden' name='homeurl' value='".$this->siteinfo->homeurl()."'/>\n".
111
+ "<input type='hidden' name='siteurl' value='".$this->siteinfo->siteurl()."'/>\n".
112
+ "<input type='hidden' name='dbsig' value='".$this->siteinfo->dbsig(false)."'/>\n".
113
+ "<input type='hidden' name='plug' value='".$this->bvinfo->plugname."'/>\n".
114
  "<input type='hidden' name='adminurl' value='".$this->mainUrl()."'/>\n".
115
+ "<input type='hidden' name='bvversion' value='".$this->bvinfo->version."'/>\n".
116
  "<input type='hidden' name='serverip' value='".$_SERVER["SERVER_ADDR"]."'/>\n".
117
  "<input type='hidden' name='abspath' value='".ABSPATH."'/>\n".
118
  "<input type='hidden' name='secret' value='".$secret."'/>\n".
122
 
123
  public function activateWarning() {
124
  global $hook_suffix;
125
+ if (!MCAccount::isConfigured($this->settings) && $hook_suffix == 'index.php' ) {
126
  ?>
127
  <div id="message" class="updated" style="padding: 8px; font-size: 16px; background-color: #dff0d8">
128
  <a class="button-primary" href="<?php echo $this->mainUrl(); ?>">Activate MalCare</a>
137
  }
138
 
139
  public function initBranding($plugins) {
140
+ $slug = $this->bvinfo->slug;
141
+ $brand = $this->bvinfo->getBrandInfo();
142
  if ($brand) {
143
  if (array_key_exists('hide', $brand)) {
144
  unset($plugins[$slug]);
wp_api.php ADDED
@@ -0,0 +1,26 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ if (!defined('ABSPATH')) exit;
4
+ if (!class_exists('MCWPAPI')) :
5
+ class MCWPAPI {
6
+ public $account;
7
+
8
+ public function __construct($settings) {
9
+ $this->account = MCAccount::find($settings);
10
+ }
11
+
12
+ public function pingbv($method, $body) {
13
+ $url = $this->account->authenticatedUrl($method);
14
+ $this->http_request($url, $body);
15
+ }
16
+
17
+ public function http_request($url, $body) {
18
+ $_body = array(
19
+ 'method' => 'POST',
20
+ 'timeout' => 15,
21
+ 'body' => $body);
22
+
23
+ return wp_remote_post($url, $_body);
24
+ }
25
+ }
26
+ endif;
main/db.php → wp_db.php RENAMED
@@ -1,87 +1,87 @@
1
  <?php
2
 
3
  if (!defined('ABSPATH')) exit;
4
- if (!class_exists('MCDb')) :
5
 
6
- class MCDb {
7
- function dbprefix() {
8
  global $wpdb;
9
  $prefix = $wpdb->base_prefix ? $wpdb->base_prefix : $wpdb->prefix;
10
  return $prefix;
11
  }
12
 
13
- function prepare($query, $args) {
14
  global $wpdb;
15
  return $wpdb->prepare($query, $args);
16
  }
17
 
18
- function getSiteId() {
19
  global $wpdb;
20
  return $wpdb->siteid;
21
  }
22
 
23
- function getResult($query, $obj = ARRAY_A) {
24
  global $wpdb;
25
  return $wpdb->get_results($query, $obj);
26
  }
27
 
28
- function query($query) {
29
  global $wpdb;
30
  return $wpdb->query($query);
31
  }
32
 
33
- function getVar($query, $col = 0, $row = 0) {
34
  global $wpdb;
35
  return $wpdb->get_var($query, $col, $row);
36
  }
37
 
38
- function getCol($query, $col = 0) {
39
  global $wpdb;
40
  return $wpdb->get_col($query, $col);
41
  }
42
 
43
- function tableName($table) {
44
  return $table[0];
45
  }
46
 
47
- function showTables() {
48
  $tables = $this->getResult("SHOW TABLES", ARRAY_N);
49
  return array_map(array($this, 'tableName'), $tables);
50
  }
51
 
52
- function showTableStatus() {
53
  return $this->getResult("SHOW TABLE STATUS");
54
  }
55
 
56
- function tableKeys($table) {
57
  return $this->getResult("SHOW KEYS FROM $table;");
58
  }
59
 
60
- function describeTable($table) {
61
  return $this->getResult("DESCRIBE $table;");
62
  }
63
 
64
- function checkTable($table, $type) {
65
  return $this->getResult("CHECK TABLE $table $type;");
66
  }
67
 
68
- function repairTable($table) {
69
  return $this->getResult("REPAIR TABLE $table;");
70
  }
71
 
72
- function showTableCreate($table) {
73
  return $this->getVar("SHOW CREATE TABLE $table;", 1);
74
  }
75
 
76
- function rowsCount($table) {
77
  $count = $this->getVar("SELECT COUNT(*) FROM $table;");
78
  return intval($count);
79
  }
80
 
81
- function createTable($query, $name) {
82
  $table = $this->getBVTable($name);
83
  if (!$this->isTablePresent($table)) {
84
- if (array_key_exists('usedbdelta', $_REQUEST)) {
85
  if (!function_exists('dbDelta'))
86
  require_once( ABSPATH . 'wp-admin/includes/upgrade.php' );
87
  dbDelta($query);
@@ -92,7 +92,7 @@ class MCDb {
92
  return $this->isTablePresent($table);
93
  }
94
 
95
- function alterBVTable($query, $name) {
96
  $resp = false;
97
  $table = $this->getBVTable($name);
98
  if ($this->isTablePresent($table)) {
@@ -101,7 +101,7 @@ class MCDb {
101
  return $resp;
102
  }
103
 
104
- function getTableContent($table, $fields = '*', $filter = '', $limit = 0, $offset = 0) {
105
  $query = "SELECT $fields from $table $filter";
106
  if ($limit > 0)
107
  $query .= " LIMIT $limit";
@@ -111,27 +111,24 @@ class MCDb {
111
  return $rows;
112
  }
113
 
114
- function isTablePresent($table) {
115
  return ($this->getVar("SHOW TABLES LIKE '$table'") === $table);
116
  }
117
 
118
- function getCharsetCollate() {
119
  global $wpdb;
120
- if (method_exists($wpdb, 'get_charset_collate')) {
121
- return $wpdb->get_charset_collate();
122
- }
123
- return '';
124
  }
125
 
126
- function getWPTable($name) {
127
  return ($this->dbprefix() . $name);
128
  }
129
 
130
- function getBVTable($name) {
131
  return ($this->getWPTable("bv_" . $name));
132
  }
133
 
134
- function truncateBVTable($name) {
135
  $table = $this->getBVTable($name);
136
  if ($this->isTablePresent($table)) {
137
  return $this->query("TRUNCATE TABLE $table;");
@@ -140,7 +137,7 @@ class MCDb {
140
  }
141
  }
142
 
143
- function deleteBVTableContent($name, $filter = "") {
144
  $table = $this->getBVTable($name);
145
  if ($this->isTablePresent($table)) {
146
  return $this->query("DELETE FROM $table $filter;");
@@ -149,7 +146,7 @@ class MCDb {
149
  }
150
  }
151
 
152
- function dropBVTable($name) {
153
  $table = $this->getBVTable($name);
154
  if ($this->isTablePresent($table)) {
155
  $this->query("DROP TABLE IF EXISTS $table;");
@@ -157,7 +154,7 @@ class MCDb {
157
  return !$this->isTablePresent($table);
158
  }
159
 
160
- function deleteRowsFromtable($name, $count = 1) {
161
  $table = $this->getBVTable($name);
162
  if ($this->isTablePresent($table)) {
163
  return $this->getResult("DELETE FROM $table LIMIT $count;");
@@ -166,7 +163,7 @@ class MCDb {
166
  }
167
  }
168
 
169
- function replaceIntoBVTable($name, $value) {
170
  global $wpdb;
171
  $table = $this->getBVTable($name);
172
  return $wpdb->replace($table, $value);
1
  <?php
2
 
3
  if (!defined('ABSPATH')) exit;
4
+ if (!class_exists('MCWPDb')) :
5
 
6
+ class MCWPDb {
7
+ public function dbprefix() {
8
  global $wpdb;
9
  $prefix = $wpdb->base_prefix ? $wpdb->base_prefix : $wpdb->prefix;
10
  return $prefix;
11
  }
12
 
13
+ public function prepare($query, $args) {
14
  global $wpdb;
15
  return $wpdb->prepare($query, $args);
16
  }
17
 
18
+ public function getSiteId() {
19
  global $wpdb;
20
  return $wpdb->siteid;
21
  }
22
 
23
+ public function getResult($query, $obj = ARRAY_A) {
24
  global $wpdb;
25
  return $wpdb->get_results($query, $obj);
26
  }
27
 
28
+ public function query($query) {
29
  global $wpdb;
30
  return $wpdb->query($query);
31
  }
32
 
33
+ public function getVar($query, $col = 0, $row = 0) {
34
  global $wpdb;
35
  return $wpdb->get_var($query, $col, $row);
36
  }
37
 
38
+ public function getCol($query, $col = 0) {
39
  global $wpdb;
40
  return $wpdb->get_col($query, $col);
41
  }
42
 
43
+ public function tableName($table) {
44
  return $table[0];
45
  }
46
 
47
+ public function showTables() {
48
  $tables = $this->getResult("SHOW TABLES", ARRAY_N);
49
  return array_map(array($this, 'tableName'), $tables);
50
  }
51
 
52
+ public function showTableStatus() {
53
  return $this->getResult("SHOW TABLE STATUS");
54
  }
55
 
56
+ public function tableKeys($table) {
57
  return $this->getResult("SHOW KEYS FROM $table;");
58
  }
59
 
60
+ public function describeTable($table) {
61
  return $this->getResult("DESCRIBE $table;");
62
  }
63
 
64
+ public function checkTable($table, $type) {
65
  return $this->getResult("CHECK TABLE $table $type;");
66
  }
67
 
68
+ public function repairTable($table) {
69
  return $this->getResult("REPAIR TABLE $table;");
70
  }
71
 
72
+ public function showTableCreate($table) {
73
  return $this->getVar("SHOW CREATE TABLE $table;", 1);
74
  }
75
 
76
+ public function rowsCount($table) {
77
  $count = $this->getVar("SELECT COUNT(*) FROM $table;");
78
  return intval($count);
79
  }
80
 
81
+ public function createTable($query, $name, $usedbdelta = false) {
82
  $table = $this->getBVTable($name);
83
  if (!$this->isTablePresent($table)) {
84
+ if ($usedbdelta) {
85
  if (!function_exists('dbDelta'))
86
  require_once( ABSPATH . 'wp-admin/includes/upgrade.php' );
87
  dbDelta($query);
92
  return $this->isTablePresent($table);
93
  }
94
 
95
+ public function alterBVTable($query, $name) {
96
  $resp = false;
97
  $table = $this->getBVTable($name);
98
  if ($this->isTablePresent($table)) {
101
  return $resp;
102
  }
103
 
104
+ public function getTableContent($table, $fields = '*', $filter = '', $limit = 0, $offset = 0) {
105
  $query = "SELECT $fields from $table $filter";
106
  if ($limit > 0)
107
  $query .= " LIMIT $limit";
111
  return $rows;
112
  }
113
 
114
+ public function isTablePresent($table) {
115
  return ($this->getVar("SHOW TABLES LIKE '$table'") === $table);
116
  }
117
 
118
+ public function getCharsetCollate() {
119
  global $wpdb;
120
+ return $wpdb->get_charset_collate();
 
 
 
121
  }
122
 
123
+ public function getWPTable($name) {
124
  return ($this->dbprefix() . $name);
125
  }
126
 
127
+ public function getBVTable($name) {
128
  return ($this->getWPTable("bv_" . $name));
129
  }
130
 
131
+ public function truncateBVTable($name) {
132
  $table = $this->getBVTable($name);
133
  if ($this->isTablePresent($table)) {
134
  return $this->query("TRUNCATE TABLE $table;");
137
  }
138
  }
139
 
140
+ public function deleteBVTableContent($name, $filter = "") {
141
  $table = $this->getBVTable($name);
142
  if ($this->isTablePresent($table)) {
143
  return $this->query("DELETE FROM $table $filter;");
146
  }
147
  }
148
 
149
+ public function dropBVTable($name) {
150
  $table = $this->getBVTable($name);
151
  if ($this->isTablePresent($table)) {
152
  $this->query("DROP TABLE IF EXISTS $table;");
154
  return !$this->isTablePresent($table);
155
  }
156
 
157
+ public function deleteRowsFromtable($name, $count = 1) {
158
  $table = $this->getBVTable($name);
159
  if ($this->isTablePresent($table)) {
160
  return $this->getResult("DELETE FROM $table LIMIT $count;");
163
  }
164
  }
165
 
166
+ public function replaceIntoBVTable($name, $value) {
167
  global $wpdb;
168
  $table = $this->getBVTable($name);
169
  return $wpdb->replace($table, $value);
wp_settings.php ADDED
@@ -0,0 +1,54 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ if (!defined('ABSPATH')) exit;
4
+ if (!class_exists('MCWPSettings')) :
5
+ class MCWPSettings {
6
+ public function getOption($key) {
7
+ $res = false;
8
+ if (function_exists('get_site_option')) {
9
+ $res = get_site_option($key, false);
10
+ }
11
+ if ($res === false) {
12
+ $res = get_option($key, false);
13
+ }
14
+ return $res;
15
+ }
16
+
17
+ public function deleteOption($key) {
18
+ if (function_exists('delete_site_option')) {
19
+ return delete_site_option($key);
20
+ } else {
21
+ return delete_option($key);
22
+ }
23
+ }
24
+
25
+ public function updateOption($key, $value) {
26
+ if (function_exists('update_site_option')) {
27
+ return update_site_option($key, $value);
28
+ } else {
29
+ return update_option($key, $value);
30
+ }
31
+ }
32
+
33
+ public function setTransient($name, $value, $time) {
34
+ if (function_exists('set_site_transient')) {
35
+ return set_site_transient($name, $value, $time);
36
+ }
37
+ return false;
38
+ }
39
+
40
+ public function deleteTransient($name) {
41
+ if (function_exists('delete_site_transient')) {
42
+ return delete_site_transient($name);
43
+ }
44
+ return false;
45
+ }
46
+
47
+ public function getTransient($name) {
48
+ if (function_exists('get_site_transient')) {
49
+ return get_site_transient($name);
50
+ }
51
+ return false;
52
+ }
53
+ }
54
+ endif;
wp_site_info.php ADDED
@@ -0,0 +1,79 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ if (!defined('ABSPATH')) exit;
4
+ if (!class_exists('MCWPSiteInfo')) :
5
+
6
+ class MCWPSiteInfo {
7
+ public function wpurl() {
8
+ if (function_exists('network_site_url'))
9
+ return network_site_url();
10
+ else
11
+ return get_bloginfo('wpurl');
12
+ }
13
+
14
+ public function siteurl() {
15
+ if (function_exists('site_url')) {
16
+ return site_url();
17
+ } else {
18
+ return get_bloginfo('wpurl');
19
+ }
20
+ }
21
+
22
+ public function homeurl() {
23
+ if (function_exists('home_url')) {
24
+ return home_url();
25
+ } else {
26
+ return get_bloginfo('url');
27
+ }
28
+ }
29
+
30
+ public function isMultisite() {
31
+ if (function_exists('is_multisite'))
32
+ return is_multisite();
33
+ return false;
34
+ }
35
+
36
+ public function isMainSite() {
37
+ if (!function_exists('is_main_site' ) || !$this->isMultisite())
38
+ return true;
39
+ return is_main_site();
40
+ }
41
+
42
+ public function respInfo() {
43
+ $info = array();
44
+ $this->basic($info);
45
+ $info['dbsig'] = $this->dbsig(false);
46
+ $info["serversig"] = $this->serversig(false);
47
+ return $info;
48
+ }
49
+
50
+ public function basic(&$info) {
51
+ $info['wpurl'] = $this->wpurl();
52
+ $info['siteurl'] = $this->siteurl();
53
+ $info['homeurl'] = $this->homeurl();
54
+ $info['serverip'] = $_SERVER['SERVER_ADDR'];
55
+ $info['abspath'] = ABSPATH;
56
+ }
57
+
58
+ public function serversig($full = false) {
59
+ $sig = sha1($_SERVER['SERVER_ADDR'].ABSPATH);
60
+ if ($full)
61
+ return $sig;
62
+ else
63
+ return substr($sig, 0, 6);
64
+ }
65
+
66
+ public function dbsig($full = false) {
67
+ if (defined('DB_USER') && defined('DB_NAME') &&
68
+ defined('DB_PASSWORD') && defined('DB_HOST')) {
69
+ $sig = sha1(DB_USER.DB_NAME.DB_PASSWORD.DB_HOST);
70
+ } else {
71
+ $sig = "bvnone".MCAccount::randString(34);
72
+ }
73
+ if ($full)
74
+ return $sig;
75
+ else
76
+ return substr($sig, 0, 6);
77
+ }
78
+ }
79
+ endif;