MalCare WordPress Security Plugin – Malware Scanner, Cleaner, Security Firewall - Version 3.2

Version Description

  • Updating account authentication struture
Download this release

Release Info

Developer ritesh.soni36
Plugin Icon 128x128 MalCare WordPress Security Plugin – Malware Scanner, Cleaner, Security Firewall
Version 3.2
Comparing to
See all releases

Code changes from version 3.1 to 3.2

Files changed (12) hide show
  1. account.php +83 -88
  2. callback/handler.php +2 -1
  3. callback/wings/account.php +23 -12
  4. info.php +1 -1
  5. malcare.php +25 -9
  6. protect/wp_lp/lp.php +1 -1
  7. readme.txt +4 -1
  8. recover.php +47 -0
  9. wp_actions.php +1 -2
  10. wp_admin.php +9 -4
  11. wp_api.php +16 -4
  12. wp_cli.php +38 -0
account.php CHANGED
@@ -7,6 +7,8 @@ if (!class_exists('MCAccount')) :
7
  public $public;
8
  public $secret;
9
  public $sig_match;
 
 
10
 
11
  public function __construct($settings, $public, $secret) {
12
  $this->settings = $settings;
@@ -14,19 +16,21 @@ if (!class_exists('MCAccount')) :
14
  $this->secret = $secret;
15
  }
16
 
17
- public static function find($settings, $public = false) {
18
- if (!$public) {
19
- $public = self::defaultPublic($settings);
 
20
  }
21
- $bvkeys = self::allKeys($settings);
22
- if ($public && array_key_exists($public, $bvkeys) && isset($bvkeys[$public])) {
23
- $secret = $bvkeys[$public];
24
- } else {
25
- $secret = self::defaultSecret($settings);
26
  }
27
  return new self($settings, $public, $secret);
28
  }
29
 
 
 
 
 
30
  public static function randString($length) {
31
  $chars = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
32
 
@@ -38,24 +42,53 @@ if (!class_exists('MCAccount')) :
38
  return $str;
39
  }
40
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
41
  public static function allAccounts($settings) {
42
- return $settings->getOption('bvAccounts');
 
 
 
 
43
  }
44
 
45
- public static function hasAccount($settings) {
46
  $accounts = self::allAccounts($settings);
47
- return (is_array($accounts) && sizeof($accounts) >= 1);
 
 
 
 
 
 
 
48
  }
49
 
50
  public static function isConfigured($settings) {
51
- return self::defaultPublic($settings);
 
52
  }
53
 
54
- public function setup() {
55
- $bvinfo = new MCInfo($this->settings);
56
- $this->settings->updateOption('bvSecretKey', self::randString(32));
57
- $this->settings->updateOption($bvinfo->plug_redirect, 'yes');
58
- $this->settings->updateOption('bvActivateTime', time());
59
  }
60
 
61
  public function authenticatedUrl($method) {
@@ -76,50 +109,13 @@ if (!class_exists('MCAccount')) :
76
  return $args;
77
  }
78
 
79
- public static function defaultPublic($settings) {
80
- return $settings->getOption('bvPublic');
81
- }
82
-
83
- public static function defaultSecret($settings) {
84
- return $settings->getOption('bvSecretKey');
85
- }
86
-
87
- public static function allKeys($settings) {
88
- $keys = $settings->getOption('bvkeys');
89
- if (!is_array($keys)) {
90
- $keys = array();
91
- }
92
- $public = self::defaultPublic($settings);
93
- $secret = self::defaultSecret($settings);
94
- if ($public)
95
- $keys[$public] = $secret;
96
- $keys['default'] = $secret;
97
- return $keys;
98
- }
99
-
100
- public function addKeys($public, $secret) {
101
- $bvkeys = $this->settings->getOption('bvkeys');
102
- if (!$bvkeys || (!is_array($bvkeys))) {
103
- $bvkeys = array();
104
- }
105
- $bvkeys[$public] = $secret;
106
- $this->settings->updateOption('bvkeys', $bvkeys);
107
- }
108
-
109
- public function updateKeys($publickey, $secretkey) {
110
- $this->settings->updateOption('bvPublic', $publickey);
111
- $this->settings->updateOption('bvSecretKey', $secretkey);
112
- $this->addKeys($publickey, $secretkey);
113
- }
114
-
115
- public function rmKeys($publickey) {
116
- $bvkeys = $this->settings->getOption('bvkeys');
117
- if ($bvkeys && is_array($bvkeys)) {
118
- unset($bvkeys[$publickey]);
119
- $this->settings->updateOption('bvkeys', $bvkeys);
120
- return true;
121
  }
122
- return false;
 
123
  }
124
 
125
  public function respInfo() {
@@ -129,59 +125,58 @@ if (!class_exists('MCAccount')) :
129
  );
130
  }
131
 
132
- public function authenticate($request) {
133
  $method = $request->method;
134
  $time = $request->time;
135
  $version = $request->version;
136
- $sig = $request->sig;
137
- if ($time < intval($this->settings->getOption('bvLastRecvTime')) - 300) {
138
- return false;
139
- }
140
  if ($request->is_sha1) {
141
- $sig_match = sha1($method.$this->secret.$time.$version);
142
  } else {
143
- $sig_match = md5($method.$this->secret.$time.$version);
 
 
 
 
 
 
 
 
144
  }
145
- $this->sig_match = $sig_match;
146
- if ($sig_match !== $sig) {
147
  return $sig_match;
148
  }
149
  $this->settings->updateOption('bvLastRecvTime', $time);
150
  return 1;
151
  }
152
 
153
- public function add($info) {
154
  $accounts = self::allAccounts($this->settings);
155
- if(!is_array($accounts)) {
156
- $accounts = array();
157
- }
158
  $pubkey = $info['pubkey'];
 
 
 
159
  $accounts[$pubkey]['lastbackuptime'] = time();
 
160
  $accounts[$pubkey]['url'] = $info['url'];
161
  $accounts[$pubkey]['email'] = $info['email'];
162
- $this->update($accounts);
163
  }
164
 
165
- public function remove($pubkey) {
166
- $bvkeys = $this->settings->getOption('bvkeys');
167
- $accounts = self::allAccounts($this->settings);
168
- $this->rmkeys($pubkey);
169
- $this->setup();
170
- if ($accounts && is_array($accounts)) {
171
  unset($accounts[$pubkey]);
172
- $this->update($accounts);
173
  return true;
174
  }
175
  return false;
176
  }
177
 
178
- public function doesAccountExists($pubkey) {
179
- $accounts = self::allAccounts($this->settings);
180
  return array_key_exists($pubkey, $accounts);
181
  }
182
-
183
- public function update($accounts) {
184
- $this->settings->updateOption('bvAccounts', $accounts);
185
- }
186
  }
187
- endif;
7
  public $public;
8
  public $secret;
9
  public $sig_match;
10
+ public static $api_public_key = 'bvApiPublic';
11
+ public static $accounts_list = 'bvAccountsList';
12
 
13
  public function __construct($settings, $public, $secret) {
14
  $this->settings = $settings;
16
  $this->secret = $secret;
17
  }
18
 
19
+ public static function find($settings, $public) {
20
+ $accounts = self::allAccounts($settings);
21
+ if (array_key_exists($public, $accounts) && isset($accounts[$public]['secret'])) {
22
+ $secret = $accounts[$public]['secret'];
23
  }
24
+ if (empty($secret) || (strlen($secret) < 32)) {
25
+ return null;
 
 
 
26
  }
27
  return new self($settings, $public, $secret);
28
  }
29
 
30
+ public static function update($settings, $allAccounts) {
31
+ $settings->updateOption(self::$accounts_list, $allAccounts);
32
+ }
33
+
34
  public static function randString($length) {
35
  $chars = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
36
 
42
  return $str;
43
  }
44
 
45
+ public static function apiPublicAccount($settings) {
46
+ $pubkey = $settings->getOption(self::$api_public_key);
47
+ return self::find($settings, $pubkey);
48
+ }
49
+
50
+ public static function updateApiPublicKey($settings, $pubkey) {
51
+ $settings->updateOption(self::$api_public_key, $pubkey);
52
+ }
53
+
54
+ public static function getApiPublicKey($settings) {
55
+ return $settings->getOption(self::$api_public_key);
56
+ }
57
+
58
+ public static function getPlugName($settings) {
59
+ $bvinfo = new MCInfo($settings);
60
+ return $bvinfo->plugname;
61
+ }
62
+
63
  public static function allAccounts($settings) {
64
+ $accounts = $settings->getOption(self::$accounts_list);
65
+ if (!is_array($accounts)) {
66
+ $accounts = array();
67
+ }
68
+ return $accounts;
69
  }
70
 
71
+ public static function accountsByPlugname($settings) {
72
  $accounts = self::allAccounts($settings);
73
+ $accountsByPlugname = array();
74
+ $plugname = self::getPlugName($settings);
75
+ foreach ($accounts as $pubkey => $value) {
76
+ if (array_key_exists($plugname, $value) && $value[$plugname] == 1) {
77
+ $accountsByPlugname[$pubkey] = $value;
78
+ }
79
+ }
80
+ return $accountsByPlugname;
81
  }
82
 
83
  public static function isConfigured($settings) {
84
+ $accounts = self::accountsByPlugname($settings);
85
+ return (sizeof($accounts) >= 1);
86
  }
87
 
88
+ public static function setup($settings) {
89
+ $bvinfo = new MCInfo($settings);
90
+ $settings->updateOption($bvinfo->plug_redirect, 'yes');
91
+ $settings->updateOption('bvActivateTime', time());
 
92
  }
93
 
94
  public function authenticatedUrl($method) {
109
  return $args;
110
  }
111
 
112
+ public static function addAccount($settings, $public, $secret) {
113
+ $accounts = self::allAccounts($settings);
114
+ if (!isset($public, $accounts)) {
115
+ $accounts[$public] = array();
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
116
  }
117
+ $accounts[$public]['secret'] = $secret;
118
+ self::update($settings, $accounts);
119
  }
120
 
121
  public function respInfo() {
125
  );
126
  }
127
 
128
+ public static function getSigMatch($request, $secret) {
129
  $method = $request->method;
130
  $time = $request->time;
131
  $version = $request->version;
 
 
 
 
132
  if ($request->is_sha1) {
133
+ $sig_match = sha1($method.$secret.$time.$version);
134
  } else {
135
+ $sig_match = md5($method.$secret.$time.$version);
136
+ }
137
+ return $sig_match;
138
+ }
139
+
140
+ public function authenticate($request) {
141
+ $time = $request->time;
142
+ if ($time < intval($this->settings->getOption('bvLastRecvTime')) - 300) {
143
+ return false;
144
  }
145
+ $this->sig_match = self::getSigMatch($request, $this->secret);
146
+ if ($this->sig_match !== $request->sig) {
147
  return $sig_match;
148
  }
149
  $this->settings->updateOption('bvLastRecvTime', $time);
150
  return 1;
151
  }
152
 
153
+ public function updateInfo($info) {
154
  $accounts = self::allAccounts($this->settings);
155
+ $plugname = self::getPlugName($this->settings);
 
 
156
  $pubkey = $info['pubkey'];
157
+ if (!array_key_exists($pubkey, $accounts)) {
158
+ $accounts[$pubkey] = array();
159
+ }
160
  $accounts[$pubkey]['lastbackuptime'] = time();
161
+ $accounts[$pubkey][$plugname] = true;
162
  $accounts[$pubkey]['url'] = $info['url'];
163
  $accounts[$pubkey]['email'] = $info['email'];
164
+ self::update($this->settings, $accounts);
165
  }
166
 
167
+ public static function remove($settings, $pubkey) {
168
+ $accounts = self::allAccounts($settings);
169
+ if (array_key_exists($pubkey, $accounts)) {
 
 
 
170
  unset($accounts[$pubkey]);
171
+ self::update($settings, $accounts);
172
  return true;
173
  }
174
  return false;
175
  }
176
 
177
+ public static function exists($settings, $pubkey) {
178
+ $accounts = self::allAccounts($settings);
179
  return array_key_exists($pubkey, $accounts);
180
  }
 
 
 
 
181
  }
182
+ endif;
callback/handler.php CHANGED
@@ -35,7 +35,8 @@ if (!class_exists('BVCallbackHandler')) :
35
  "request_info" => $this->request->respInfo(),
36
  "site_info" => $this->siteinfo->respInfo(),
37
  "account_info" => $this->account->respInfo(),
38
- "bvinfo" => $bvinfo->respInfo()
 
39
  );
40
  $this->response->terminate($resp);
41
  }
35
  "request_info" => $this->request->respInfo(),
36
  "site_info" => $this->siteinfo->respInfo(),
37
  "account_info" => $this->account->respInfo(),
38
+ "bvinfo" => $bvinfo->respInfo(),
39
+ "api_pubkey" => substr(MCAccount::getApiPublicKey($this->settings), 0, 8)
40
  );
41
  $this->response->terminate($resp);
42
  }
callback/wings/account.php CHANGED
@@ -14,27 +14,38 @@ class BVAccountCallback extends BVCallbackBase {
14
  function process($request) {
15
  $params = $request->params;
16
  $account = $this->account;
 
17
  switch ($request->method) {
18
- case "addkeys":
19
- $resp = array("status" => $account->addKeys($params['public'], $params['secret']));
 
20
  break;
21
- case "updatekeys":
22
- $resp = array("status" => $account->updateKeys($params['public'], $params['secret']));
23
- break;
24
- case "rmkeys":
25
- $resp = array("status" => $account->rmKeys($params['public']));
26
  break;
27
  case "updt":
28
  $info = array();
29
  $info['email'] = $params['email'];
30
  $info['url'] = $params['url'];
31
  $info['pubkey'] = $params['pubkey'];
32
- $account->add($info);
33
- $resp = array("status" => $account->doesAccountExists($params['pubkey']));
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
34
  break;
35
- case "disc":
36
- $account->remove($params['pubkey']);
37
- $resp = array("status" => !$account->doesAccountExists($params['pubkey']));
38
  case "fetch":
39
  $resp = array("status" => MCAccount::allAccounts($this->settings));
40
  break;
14
  function process($request) {
15
  $params = $request->params;
16
  $account = $this->account;
17
+ $settings = $this->settings;
18
  switch ($request->method) {
19
+ case "addacc":
20
+ MCAccount::addAccount($this->settings, $params['public'], $params['secret']);
21
+ $resp = array("status" => MCAccount::exists($this->settings, $params['public']));
22
  break;
23
+ case "rmacc":
24
+ $resp = array("status" => $account->remove($params['public']));
 
 
 
25
  break;
26
  case "updt":
27
  $info = array();
28
  $info['email'] = $params['email'];
29
  $info['url'] = $params['url'];
30
  $info['pubkey'] = $params['pubkey'];
31
+ $account->updateInfo($info);
32
+ $resp = array("status" => MCAccount::exists($this->settings, $params['pubkey']));
33
+ break;
34
+ case "updtapikey":
35
+ $resp = array("status" => MCAccount::updateApiPublicKey($this->settings, $params['pubkey']));
36
+ break;
37
+ case "rmdefsec":
38
+ $resp = array("status" => $settings->deleteOption('bvDefaultSecret'));
39
+ break;
40
+ case "rmbvkeys":
41
+ $resp = array("status" => $settings->deleteOption('bvKeys'));
42
+ break;
43
+ case "rmdefpub":
44
+ $resp = array("status" => $settings->deleteOption('bvDefaultPublic'));
45
+ break;
46
+ case "rmoldbvacc":
47
+ $resp = array("status" => $settings->deleteOption('bvAccounts'));
48
  break;
 
 
 
49
  case "fetch":
50
  $resp = array("status" => MCAccount::allAccounts($this->settings));
51
  break;
info.php CHANGED
@@ -9,7 +9,7 @@ if (!class_exists('MCInfo')) :
9
  public $badgeinfo = 'mcbadge';
10
  public $ip_header_option = 'mcipheader';
11
  public $brand_option = 'mcbrand';
12
- public $version = '3.1';
13
  public $webpage = 'https://www.malcare.com';
14
  public $appurl = 'https://app.malcare.com';
15
  public $slug = 'malcare-security/malcare.php';
9
  public $badgeinfo = 'mcbadge';
10
  public $ip_header_option = 'mcipheader';
11
  public $brand_option = 'mcbrand';
12
+ public $version = '3.2';
13
  public $webpage = 'https://www.malcare.com';
14
  public $appurl = 'https://app.malcare.com';
15
  public $slug = 'malcare-security/malcare.php';
malcare.php CHANGED
@@ -5,7 +5,7 @@ Plugin URI: https://www.malcare.com
5
  Description: WordPress Security, Firewall and Malware Scanner
6
  Author: MalCare Security
7
  Author URI: https://www.malcare.com
8
- Version: 3.1
9
  Network: True
10
  */
11
 
@@ -52,6 +52,12 @@ register_deactivation_hook(__FILE__, array($wp_action, 'deactivate'));
52
 
53
  add_action('wp_footer', array($wp_action, 'footerHandler'), 100);
54
 
 
 
 
 
 
 
55
  if (is_admin()) {
56
  require_once dirname( __FILE__ ) . '/wp_admin.php';
57
  $wpadmin = new MCWPAdmin($bvsettings, $bvsiteinfo);
@@ -77,8 +83,16 @@ if ((array_key_exists('bvplugname', $_REQUEST)) && ($_REQUEST['bvplugname'] == "
77
  require_once dirname( __FILE__ ) . '/callback/base.php';
78
  require_once dirname( __FILE__ ) . '/callback/response.php';
79
  require_once dirname( __FILE__ ) . '/callback/request.php';
80
-
81
- $account = MCAccount::find($bvsettings, $_REQUEST['pubkey']);
 
 
 
 
 
 
 
 
82
  $request = new BVCallbackRequest($account, $_REQUEST);
83
  $response = new BVCallbackResponse($request->bvb64cksize);
84
 
@@ -109,17 +123,19 @@ if ((array_key_exists('bvplugname', $_REQUEST)) && ($_REQUEST['bvplugname'] == "
109
  "account_info" => $account ? $account->respInfo() : array("error" => "ACCOUNT_NOT_FOUND"),
110
  "request_info" => $request->respInfo(),
111
  "bvinfo" => $bvinfo->respInfo(),
112
- "statusmsg" => "FAILED_AUTH"
 
 
113
  );
114
  $response->terminate($resp);
115
  }
116
  } else {
117
  if ($bvinfo->isProtectModuleEnabled()) {
118
- require_once dirname( __FILE__ ) . '/protect/protect.php';
119
- require_once dirname( __FILE__ ) . '/protect/ipstore.php';
120
- $bvprotect = new BVProtect($bvdb, $bvsettings);
121
- $bvprotect->init();
122
- }
123
 
124
  ##DYNSYNCMODULE##
125
  }
5
  Description: WordPress Security, Firewall and Malware Scanner
6
  Author: MalCare Security
7
  Author URI: https://www.malcare.com
8
+ Version: 3.2
9
  Network: True
10
  */
11
 
52
 
53
  add_action('wp_footer', array($wp_action, 'footerHandler'), 100);
54
 
55
+ if (defined('WP_CLI') && WP_CLI) {
56
+ require_once dirname( __FILE__ ) . '/wp_cli.php';
57
+ $wp_cli = new MCWPCli($bvsettings);
58
+ WP_CLI::add_command('malcare', $wp_cli);
59
+ }
60
+
61
  if (is_admin()) {
62
  require_once dirname( __FILE__ ) . '/wp_admin.php';
63
  $wpadmin = new MCWPAdmin($bvsettings, $bvsiteinfo);
83
  require_once dirname( __FILE__ ) . '/callback/base.php';
84
  require_once dirname( __FILE__ ) . '/callback/response.php';
85
  require_once dirname( __FILE__ ) . '/callback/request.php';
86
+ require_once dirname( __FILE__ ) . '/recover.php';
87
+
88
+ $pubkey = $_REQUEST['pubkey'];
89
+
90
+ if (array_key_exists('rcvracc', $_REQUEST)) {
91
+ $account = MCRecover::find($bvsettings, $pubkey);
92
+ } else {
93
+ $account = MCAccount::find($bvsettings, $pubkey);
94
+ }
95
+
96
  $request = new BVCallbackRequest($account, $_REQUEST);
97
  $response = new BVCallbackResponse($request->bvb64cksize);
98
 
123
  "account_info" => $account ? $account->respInfo() : array("error" => "ACCOUNT_NOT_FOUND"),
124
  "request_info" => $request->respInfo(),
125
  "bvinfo" => $bvinfo->respInfo(),
126
+ "statusmsg" => "FAILED_AUTH",
127
+ "api_pubkey" => substr(MCAccount::getApiPublicKey($bvsettings), 0, 8),
128
+ "def_sigmatch" => substr(MCAccount::getSigMatch($request, MCRecover::getDefaultSecret($bvsettings)), 0, 8)
129
  );
130
  $response->terminate($resp);
131
  }
132
  } else {
133
  if ($bvinfo->isProtectModuleEnabled()) {
134
+ require_once dirname( __FILE__ ) . '/protect/protect.php';
135
+ require_once dirname( __FILE__ ) . '/protect/ipstore.php';
136
+ $bvprotect = new BVProtect($bvdb, $bvsettings);
137
+ $bvprotect->init();
138
+ }
139
 
140
  ##DYNSYNCMODULE##
141
  }
protect/wp_lp/lp.php CHANGED
@@ -62,7 +62,7 @@ class BVWPLP {
62
  }
63
 
64
  public function getCaptchaLink() {
65
- $account = MCAccount::find($this->settings);
66
  $url = $account->authenticatedUrl('/captcha/solve');
67
  $url .= "&adminurl=".base64_encode(get_admin_url());
68
  return $url;
62
  }
63
 
64
  public function getCaptchaLink() {
65
+ $account = MCAccount::apiPublicAccount($this->settings);
66
  $url = $account->authenticatedUrl('/captcha/solve');
67
  $url .= "&adminurl=".base64_encode(get_admin_url());
68
  return $url;
readme.txt CHANGED
@@ -6,7 +6,7 @@ Donate link: https://www.malcare.com
6
  Requires at least: 4.0
7
  Tested up to: 5.2.1
8
  Requires PHP: 5.3.0
9
- Stable tag: 3.1
10
  License: GPLv2 or later
11
  License URI: [http://www.gnu.org/licenses/gpl-2.0.html](http://www.gnu.org/licenses/gpl-2.0.html)
12
 
@@ -218,6 +218,9 @@ FTP details input into MalCare is processed on our servers. We need your FTP cre
218
  8. With BlogVault's White-Label Solution you can showcase our service under your own brilliant brand.
219
 
220
  == CHANGELOG ==
 
 
 
221
  = 3.1 =
222
  * Adding params validation
223
  * Adding support for custom user tables
6
  Requires at least: 4.0
7
  Tested up to: 5.2.1
8
  Requires PHP: 5.3.0
9
+ Stable tag: 3.2
10
  License: GPLv2 or later
11
  License URI: [http://www.gnu.org/licenses/gpl-2.0.html](http://www.gnu.org/licenses/gpl-2.0.html)
12
 
218
  8. With BlogVault's White-Label Solution you can showcase our service under your own brilliant brand.
219
 
220
  == CHANGELOG ==
221
+ = 3.2 =
222
+ * Updating account authentication struture
223
+
224
  = 3.1 =
225
  * Adding params validation
226
  * Adding support for custom user tables
recover.php ADDED
@@ -0,0 +1,47 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ if (!defined('ABSPATH')) exit;
3
+ if (!class_exists('MCRecover')) :
4
+ class MCRecover {
5
+ public static $default_secret_key = 'bvSecretKey';
6
+
7
+ public static function defaultSecret($settings) {
8
+ $secret = self::getDefaultSecret($settings);
9
+ if (empty($secret)) {
10
+ $secret = MCAccount::randString(32);
11
+ self::updateDefaultSecret($settings, $secret);
12
+ }
13
+ return $secret;
14
+ }
15
+
16
+ public static function deleteDefaultSecret($settings) {
17
+ $settings->deleteOption(self::$default_secret_key);
18
+ }
19
+
20
+ public static function getDefaultSecret($settings) {
21
+ return $settings->getOption(self::$default_secret_key);
22
+ }
23
+
24
+ public static function updateDefaultSecret($settings, $secret) {
25
+ $settings->updateOption(self::$default_secret_key, $secret);
26
+ }
27
+
28
+ public static function validate($pubkey) {
29
+ if ($pubkey && strlen($pubkey) >= 32) {
30
+ return true;
31
+ } else {
32
+ return false;
33
+ }
34
+ }
35
+
36
+ public static function find($settings, $pubkey) {
37
+ if (!self::validate($pubkey)) {
38
+ return null;
39
+ }
40
+ $secret = self::getDefaultSecret($settings);
41
+ if (!empty($secret) && (strlen($secret) >= 32)) {
42
+ $account = new MCAccount($settings, $pubkey, $secret);
43
+ }
44
+ return $account;
45
+ }
46
+ }
47
+ endif;
wp_actions.php CHANGED
@@ -16,7 +16,6 @@ if (!class_exists('MCWPAction')) :
16
  }
17
 
18
  public function activate() {
19
- $account = MCAccount::find($this->settings);
20
  if (!isset($_REQUEST['blogvaultkey'])) {
21
  ##BVKEYSLOCATE##
22
  }
@@ -26,7 +25,7 @@ if (!class_exists('MCWPAction')) :
26
  $this->siteinfo->basic($info);
27
  $this->bvapi->pingbv('/bvapi/activate', $info);
28
  } else {
29
- $account->setup();
30
  }
31
  }
32
 
16
  }
17
 
18
  public function activate() {
 
19
  if (!isset($_REQUEST['blogvaultkey'])) {
20
  ##BVKEYSLOCATE##
21
  }
25
  $this->siteinfo->basic($info);
26
  $this->bvapi->pingbv('/bvapi/activate', $info);
27
  } else {
28
+ MCAccount::setup($this->settings);
29
  }
30
  }
31
 
wp_admin.php CHANGED
@@ -12,7 +12,6 @@ class MCWPAdmin {
12
  $this->settings = $settings;
13
  $this->siteinfo = $siteinfo;
14
  $this->bvinfo = new MCInfo($this->settings);
15
- $this->account = MCAccount::find($this->settings);
16
  }
17
 
18
  public function mainUrl($_params = '') {
@@ -34,10 +33,11 @@ class MCWPAdmin {
34
  (array_key_exists('page', $_REQUEST) &&
35
  $_REQUEST['page'] == $this->bvinfo->plugname)) {
36
  $keys = str_split($_REQUEST['blogvaultkey'], 32);
37
- $this->account->updateKeys($keys[0], $keys[1]);
 
38
  if (array_key_exists('redirect', $_REQUEST)) {
39
  $location = $_REQUEST['redirect'];
40
- $this->account = MCAccount::find($this->settings);
41
  wp_redirect($this->account->authenticatedUrl('/malcare/access/welcome'));
42
  exit();
43
  }
@@ -59,6 +59,8 @@ class MCWPAdmin {
59
  $brand = $this->bvinfo->getBrandInfo();
60
  if (!$brand || (!array_key_exists('hide', $brand) && !array_key_exists('hide_from_menu', $brand))) {
61
  $bname = $this->bvinfo->getBrandName();
 
 
62
  add_menu_page($bname, $bname, 'manage_options', $this->bvinfo->plugname,
63
  array($this, 'adminPage'), plugins_url('img/icon.png', __FILE__ ));
64
  }
@@ -104,8 +106,10 @@ class MCWPAdmin {
104
  }
105
 
106
  public function siteInfoTags() {
 
107
  $bvnonce = wp_create_nonce("bvnonce");
108
- $secret = $this->account->secret;
 
109
  $tags = "<input type='hidden' name='url' value='".$this->siteinfo->wpurl()."'/>\n".
110
  "<input type='hidden' name='homeurl' value='".$this->siteinfo->homeurl()."'/>\n".
111
  "<input type='hidden' name='siteurl' value='".$this->siteinfo->siteurl()."'/>\n".
@@ -116,6 +120,7 @@ class MCWPAdmin {
116
  "<input type='hidden' name='serverip' value='".$_SERVER["SERVER_ADDR"]."'/>\n".
117
  "<input type='hidden' name='abspath' value='".ABSPATH."'/>\n".
118
  "<input type='hidden' name='secret' value='".$secret."'/>\n".
 
119
  "<input type='hidden' name='bvnonce' value='".$bvnonce."'/>\n";
120
  return $tags;
121
  }
12
  $this->settings = $settings;
13
  $this->siteinfo = $siteinfo;
14
  $this->bvinfo = new MCInfo($this->settings);
 
15
  }
16
 
17
  public function mainUrl($_params = '') {
33
  (array_key_exists('page', $_REQUEST) &&
34
  $_REQUEST['page'] == $this->bvinfo->plugname)) {
35
  $keys = str_split($_REQUEST['blogvaultkey'], 32);
36
+ $pubkey = $keys[0];
37
+ MCAccount::addAccount($this->settings, $keys[0], $keys[1]);
38
  if (array_key_exists('redirect', $_REQUEST)) {
39
  $location = $_REQUEST['redirect'];
40
+ $this->account = MCAccount::find($this->settings, $pubkey);
41
  wp_redirect($this->account->authenticatedUrl('/malcare/access/welcome'));
42
  exit();
43
  }
59
  $brand = $this->bvinfo->getBrandInfo();
60
  if (!$brand || (!array_key_exists('hide', $brand) && !array_key_exists('hide_from_menu', $brand))) {
61
  $bname = $this->bvinfo->getBrandName();
62
+ $pubkey = array_keys(MCAccount::accountsByPlugname($this->settings))[0];
63
+ $this->account = MCAccount::find($this->settings, $pubkey);
64
  add_menu_page($bname, $bname, 'manage_options', $this->bvinfo->plugname,
65
  array($this, 'adminPage'), plugins_url('img/icon.png', __FILE__ ));
66
  }
106
  }
107
 
108
  public function siteInfoTags() {
109
+ require_once dirname( __FILE__ ) . '/recover.php';
110
  $bvnonce = wp_create_nonce("bvnonce");
111
+ $secret = MCRecover::defaultSecret($this->settings);
112
+ $public = MCAccount::getApiPublicKey($this->settings);
113
  $tags = "<input type='hidden' name='url' value='".$this->siteinfo->wpurl()."'/>\n".
114
  "<input type='hidden' name='homeurl' value='".$this->siteinfo->homeurl()."'/>\n".
115
  "<input type='hidden' name='siteurl' value='".$this->siteinfo->siteurl()."'/>\n".
120
  "<input type='hidden' name='serverip' value='".$_SERVER["SERVER_ADDR"]."'/>\n".
121
  "<input type='hidden' name='abspath' value='".ABSPATH."'/>\n".
122
  "<input type='hidden' name='secret' value='".$secret."'/>\n".
123
+ "<input type='hidden' name='public' value='".$public."'/>\n".
124
  "<input type='hidden' name='bvnonce' value='".$bvnonce."'/>\n";
125
  return $tags;
126
  }
wp_api.php CHANGED
@@ -3,14 +3,26 @@
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('MCWPAPI')) :
5
  class MCWPAPI {
6
- public $account;
7
 
8
  public function __construct($settings) {
9
- $this->account = MCAccount::find($settings);
10
  }
11
 
12
- public function pingbv($method, $body) {
13
- $url = $this->account->authenticatedUrl($method);
 
 
 
 
 
 
 
 
 
 
 
 
14
  $this->http_request($url, $body);
15
  }
16
 
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('MCWPAPI')) :
5
  class MCWPAPI {
6
+ public $settings;
7
 
8
  public function __construct($settings) {
9
+ $this->settings = $settings;
10
  }
11
 
12
+ public function pingbv($method, $body, $public = false) {
13
+ if ($public) {
14
+ $this->create_request_params($method, $public);
15
+ } else {
16
+ $accounts = MCAccount::allAccounts($this->settings);
17
+ foreach ($accounts as $pubkey => $value ) {
18
+ $this->create_request_params($method, $pubkey);
19
+ }
20
+ }
21
+ }
22
+
23
+ public function create_request_params($method, $pubkey) {
24
+ $account = MCAccount::find($this->settings, $pubkey);
25
+ $url = $account->authenticatedUrl($method);
26
  $this->http_request($url, $body);
27
  }
28
 
wp_cli.php ADDED
@@ -0,0 +1,38 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ if (!defined('ABSPATH')) exit;
3
+ if (!class_exists('MCWPCli')) :
4
+
5
+ class MCWPCli {
6
+ public $settings;
7
+
8
+ public function __construct($settings) {
9
+ $this->settings = $settings;
10
+ }
11
+
12
+ public function execute($args, $params) {
13
+ switch ($params['action']) {
14
+ case "addaccount":
15
+ if (!array_key_exists('public', $params) || !array_key_exists('secret', $params)) {
16
+ echo('Please enter public and secret key in the format -> wp malcare execute --method=addaccount --public=<public> --secret=<secret>');
17
+ break;
18
+ }
19
+ $secret = $params['secret'];
20
+ $pubkey = $params['public'];
21
+ if (strlen($pubkey) < 32 || strlen($secret) < 32) {
22
+ echo('Error -> Public key and secret key should be 32 characters long.');
23
+ break;
24
+ }
25
+ MCAccount::addAccount($this->settings, $pubkey, $secret);
26
+ if (MCAccount::exists($this->settings, $pubkey)) {
27
+ echo('Account successfully added.');
28
+ } else {
29
+ echo('Adding account operation failed.');
30
+ }
31
+ break;
32
+ default:
33
+ echo('Command not found.');
34
+ break;
35
+ }
36
+ }
37
+ }
38
+ endif;