Google Authenticator – WordPress Two Factor Authentication (2FA) - Version 5.3.14

Version Description

  • Google Authenticator-Two Factor Authentication (2FA) : Anit-Malware : Adding more signatures.
Download this release

Release Info

Developer cyberlord92
Plugin Icon 128x128 Google Authenticator – WordPress Two Factor Authentication (2FA)
Version 5.3.14
Comparing to
See all releases

Code changes from version 5.3.13 to 5.3.14

Files changed (22) hide show
  1. controllers/main_controller.php +8 -2
  2. controllers/malware_scan_ajax.php +103 -16
  3. controllers/malware_scan_result.php +5 -3
  4. controllers/scan_malware.php +0 -3
  5. controllers/scan_malware_report.php +1 -4
  6. controllers/scan_malware_summary.php +8 -0
  7. database/database_functions.php +84 -23
  8. handler/ajax.php +52 -1
  9. handler/logger.php +2 -2
  10. handler/malware_scanner.php +314 -141
  11. helper/constants.php +3 -1
  12. helper/messages.php +3 -0
  13. includes/css/style_settings.css +102 -1
  14. includes/js/settings_page.js +24 -0
  15. miniorange_2_factor_settings.php +57 -5
  16. readme.txt +7 -1
  17. uninstall.php +9 -0
  18. views/backup.php +1 -1
  19. views/malware_scan.php +34 -13
  20. views/scan_report_view.php +176 -452
  21. views/scan_settings_view.php +105 -94
  22. views/scan_summary_view.php +369 -0
controllers/main_controller.php CHANGED
@@ -51,7 +51,7 @@
51
  <?php if(get_option('mo2f_scan_initialize')) { ?>
52
  <script>
53
  jQuery(document).ready(function(){
54
- var nonce = "<?php echo get_option('mo2f_scan_nonce');?>";
55
  var data={
56
  'action':'mo_wpns_malware_redirect',
57
  'call_type':'malware_scan_initiate',
@@ -60,7 +60,13 @@
60
  'nonce': nonce
61
  };
62
  jQuery.post(ajaxurl, data, function(response){
63
-
 
 
 
 
 
 
64
  });
65
  });
66
  </script>
51
  <?php if(get_option('mo2f_scan_initialize')) { ?>
52
  <script>
53
  jQuery(document).ready(function(){
54
+ var nonce = "<?php echo wp_create_nonce('wpns-quick-scan')?>";
55
  var data={
56
  'action':'mo_wpns_malware_redirect',
57
  'call_type':'malware_scan_initiate',
60
  'nonce': nonce
61
  };
62
  jQuery.post(ajaxurl, data, function(response){
63
+ jQuery('input[name="quick_scan_button"]').removeAttr('disabled');
64
+ document.getElementById('quick_scan_button').style.backgroundColor = '#20b2aa';
65
+ jQuery('input[name="standard_scan_button"]').removeAttr('disabled');
66
+ document.getElementById('standard_scan_button').style.backgroundColor = '#20b2aa';
67
+ jQuery('input[name="custom_scan_button"]').removeAttr('disabled');
68
+ document.getElementById('custom_scan_button').style.backgroundColor = '#20b2aa';
69
+ document.getElementById("quick_scan_button").value = "Quick Scan";
70
  });
71
  });
72
  </script>
controllers/malware_scan_ajax.php CHANGED
@@ -18,21 +18,24 @@ class Mo_wpns_scan_malware
18
  case "malware_scan_initiate":
19
  $this->mo_wpns_start_malware_scan($_POST);
20
  break;
21
- case "malware_scan_status":
22
- $this->mo_wpns_get_status();
23
- break;
24
  case "wpns_enable_tour":
25
  update_option('skip_tour', 0);
26
  break;
27
  case "wpns_disable_tour":
28
  update_option('skip_tour', 1);
29
  break;
 
 
 
 
 
 
30
  }
31
  }
32
 
33
  public function mo_wpns_save_malware_config_form($POSTED){
34
  $nonce = $POSTED['nonce'];
35
- if ( ! wp_verify_nonce( $nonce, 'wpns-scan-settings' ) ){
36
  wp_send_json('ERROR');
37
  return;
38
  }
@@ -50,27 +53,47 @@ class Mo_wpns_scan_malware
50
  isset($POSTED['sql_check']) ? update_option('mo_wpns_check_sql_injection',sanitize_text_field($POSTED['sql_check'])) : update_option('mo_wpns_check_sql_injection',0);
51
  isset($POSTED['ext_link']) ? update_option('mo_wpns_check_external_link',sanitize_text_field($POSTED['ext_link'])) : update_option('mo_wpns_check_external_link',0);
52
  isset($POSTED['repo_check']) ? update_option('mo_wpns_scan_files_with_repo',sanitize_text_field($POSTED['repo_check'])) : update_option('mo_wpns_scan_files_with_repo',0);
53
-
54
  $folders_to_skip= $POSTED['skip_path'];
 
 
55
  if(!empty($folders_to_skip)){
56
  $folders_to_skip_array=explode(";",$folders_to_skip);
57
  for($i=0; $i< count($folders_to_skip_array); $i++){
58
- $str.= $folders_to_skip_array[$i];
59
- if($i!= count($folders_to_skip_array)-1){
60
- $str.=";";
 
 
 
 
 
 
 
61
  }
62
  }
63
  update_option( 'mo_wpns_skip_folders', $str);
 
 
64
  }
65
-
66
  wp_send_json('save_success');
67
  }
68
  }
69
 
70
  public function mo_wpns_start_malware_scan($POSTED){
 
 
 
71
  global $moWpnsUtility, $dirName;
72
  include_once $dirName. DIRECTORY_SEPARATOR.'handler'.DIRECTORY_SEPARATOR.'malware_scanner.php';
73
  $mo_wpns_scan_handler = new Mo_wpns_Scan_Handler();
 
 
 
 
 
 
 
 
74
  if(isset($POSTED['scan']) && $POSTED['scan']=='scan_start'){
75
  $scan_configuration = array();
76
  switch($POSTED['scantype'])
@@ -84,9 +107,10 @@ class Mo_wpns_scan_malware
84
  $scan_configuration = array('plugin_scan' => 1 ,
85
  'theme_scan' => 1,
86
  'core_scan' => 1,
87
- 'file_extension' => "php",
88
  'check_vulnerable' => 1,
89
  'check_sql' => 1,
 
90
  'ext_link_check' => 0,
91
  'check_repo' => 0,
92
  'path_skip' => "",
@@ -104,9 +128,10 @@ class Mo_wpns_scan_malware
104
  $scan_configuration = array('plugin_scan' => 1 ,
105
  'theme_scan' => 1,
106
  'core_scan' => 1,
107
- 'file_extension' => "php",
108
  'check_vulnerable' => 1,
109
  'check_sql' => 1,
 
110
  'ext_link_check' => 1,
111
  'check_repo' => 1,
112
  'path_skip' => "",
@@ -127,6 +152,7 @@ class Mo_wpns_scan_malware
127
  'file_extension' => get_option('mo_wpns_scan_files_extensions'),
128
  'check_vulnerable' => get_option('mo_wpns_check_vulnerable_code') ,
129
  'check_sql' => get_option('mo_wpns_check_sql_injection'),
 
130
  'ext_link_check' => get_option('mo_wpns_check_external_link'),
131
  'check_repo' => get_option('mo_wpns_scan_files_with_repo'),
132
  'path_skip' => get_option('mo_wpns_skip_folders'),
@@ -139,12 +165,73 @@ class Mo_wpns_scan_malware
139
  }
140
  }
141
 
142
- public function mo_wpns_get_status(){
 
143
  $status= get_option('mo_wpns_malware_scan_in_progress');
144
- $files_scanned = get_option('mo_wpns_files_scanned');
145
- $infected_files= get_option('mo_wpns_infected_files');
146
- $result=array("status"=>$status, "scanned"=>$files_scanned, "infected"=>$infected_files);
147
- wp_send_json($result);
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
148
  }
149
  }
150
  new Mo_wpns_scan_malware();
18
  case "malware_scan_initiate":
19
  $this->mo_wpns_start_malware_scan($_POST);
20
  break;
 
 
 
21
  case "wpns_enable_tour":
22
  update_option('skip_tour', 0);
23
  break;
24
  case "wpns_disable_tour":
25
  update_option('skip_tour', 1);
26
  break;
27
+ case "malware_progress_bar":
28
+ $this->mo_wpns_get_progress();
29
+ break;
30
+ case "malware_scan_last_result":
31
+ $this->mo_wpns_get_scan_result();
32
+ break;
33
  }
34
  }
35
 
36
  public function mo_wpns_save_malware_config_form($POSTED){
37
  $nonce = $POSTED['nonce'];
38
+ if ( ! wp_verify_nonce( $nonce, 'mo-wpns-scan-settings' ) ){
39
  wp_send_json('ERROR');
40
  return;
41
  }
53
  isset($POSTED['sql_check']) ? update_option('mo_wpns_check_sql_injection',sanitize_text_field($POSTED['sql_check'])) : update_option('mo_wpns_check_sql_injection',0);
54
  isset($POSTED['ext_link']) ? update_option('mo_wpns_check_external_link',sanitize_text_field($POSTED['ext_link'])) : update_option('mo_wpns_check_external_link',0);
55
  isset($POSTED['repo_check']) ? update_option('mo_wpns_scan_files_with_repo',sanitize_text_field($POSTED['repo_check'])) : update_option('mo_wpns_scan_files_with_repo',0);
 
56
  $folders_to_skip= $POSTED['skip_path'];
57
+ $folders_to_skip = str_replace('\\\\', '/', $folders_to_skip);
58
+ $str="";
59
  if(!empty($folders_to_skip)){
60
  $folders_to_skip_array=explode(";",$folders_to_skip);
61
  for($i=0; $i< count($folders_to_skip_array); $i++){
62
+ if(is_dir($folders_to_skip_array[$i])){
63
+ $str.= $folders_to_skip_array[$i];
64
+ if($i!= count($folders_to_skip_array)-1){
65
+ $str.=";";
66
+ }
67
+ }elseif($folders_to_skip_array[$i] == ''){
68
+ $str.= $folders_to_skip_array[$i];
69
+ }
70
+ else{
71
+ wp_send_json('path_error');
72
  }
73
  }
74
  update_option( 'mo_wpns_skip_folders', $str);
75
+ }else{
76
+ update_option('mo_wpns_skip_folders', $folders_to_skip);
77
  }
 
78
  wp_send_json('save_success');
79
  }
80
  }
81
 
82
  public function mo_wpns_start_malware_scan($POSTED){
83
+ if(get_option('mo_wpns_malware_scan_in_progress') == "IN PROGRESS"){
84
+ wp_send_json('scanning_already');
85
+ }
86
  global $moWpnsUtility, $dirName;
87
  include_once $dirName. DIRECTORY_SEPARATOR.'handler'.DIRECTORY_SEPARATOR.'malware_scanner.php';
88
  $mo_wpns_scan_handler = new Mo_wpns_Scan_Handler();
89
+
90
+ update_option('mo_wpns_last_scan_time', time());
91
+ $plugin_current= get_plugins();
92
+ update_option('mo_wpns_last_plugins', $plugin_current);
93
+ $args=array();
94
+ $theme_current= wp_get_themes($args);
95
+ update_option('mo_wpns_last_themes', $theme_current);
96
+
97
  if(isset($POSTED['scan']) && $POSTED['scan']=='scan_start'){
98
  $scan_configuration = array();
99
  switch($POSTED['scantype'])
107
  $scan_configuration = array('plugin_scan' => 1 ,
108
  'theme_scan' => 1,
109
  'core_scan' => 1,
110
+ 'file_extension' => "",
111
  'check_vulnerable' => 1,
112
  'check_sql' => 1,
113
+ 'check_rfi' => 1,
114
  'ext_link_check' => 0,
115
  'check_repo' => 0,
116
  'path_skip' => "",
128
  $scan_configuration = array('plugin_scan' => 1 ,
129
  'theme_scan' => 1,
130
  'core_scan' => 1,
131
+ 'file_extension' => "",
132
  'check_vulnerable' => 1,
133
  'check_sql' => 1,
134
+ 'check_rfi' => 1,
135
  'ext_link_check' => 1,
136
  'check_repo' => 1,
137
  'path_skip' => "",
152
  'file_extension' => get_option('mo_wpns_scan_files_extensions'),
153
  'check_vulnerable' => get_option('mo_wpns_check_vulnerable_code') ,
154
  'check_sql' => get_option('mo_wpns_check_sql_injection'),
155
+ 'check_rfi' => get_option('mo_wpns_check_remote_file_inclusion'),
156
  'ext_link_check' => get_option('mo_wpns_check_external_link'),
157
  'check_repo' => get_option('mo_wpns_scan_files_with_repo'),
158
  'path_skip' => get_option('mo_wpns_skip_folders'),
165
  }
166
  }
167
 
168
+
169
+ public function mo_wpns_get_progress(){
170
  $status= get_option('mo_wpns_malware_scan_in_progress');
171
+ $files_scanned= get_option('mo_wpns_files_scanned');
172
+ $total_files = get_option('mo_wpns_total_files');
173
+ $check_repo = get_option('mo_wpns_scan_files_with_repo');
174
+ $scan_mode= get_option('mo_wpns_scan_mode');
175
+ $repo_scan=0;
176
+ if($scan_mode == "standard_scan" || ($scan_mode == "custom_scan" && $check_repo == 1)){
177
+ $repo_scan=1;
178
+ }
179
+ if($status == "IN PROGRESS"){
180
+ $result=array("status"=>$status, "scanned"=>$files_scanned, "total"=>$total_files, "repo_scan"=> $repo_scan);
181
+ wp_send_json($result);
182
+ }
183
+ else{
184
+ $mo_wpns_db_handler = new MoWpnsDB();
185
+ $total_scan=$mo_wpns_db_handler->count_files();
186
+ $total_malicious=$mo_wpns_db_handler->count_malicious_files();
187
+ $malicious_last_scan= get_option('mo_wpns_infected_files');
188
+ $result = array("status"=>$status, 'total_files'=>$total_scan, 'total_mal'=>$total_malicious, 'scan_files'=>$total_files, 'mal_files'=>$malicious_last_scan);
189
+ wp_send_json($result);
190
+ }
191
+ }
192
+ function mo_wpns_get_scan_result(){
193
+ $status= get_option('mo_wpns_malware_scan_in_progress');
194
+ $mo_wpns_db_handler = new MoWpnsDB();
195
+ $result = $mo_wpns_db_handler->get_report();
196
+ $str1= $_SERVER['REQUEST_URI'];
197
+ $str1= str_replace("admin-ajax.php", "admin.php?page=mo_2fa_malwarescan", $str1);
198
+ $currenturl = remove_query_arg('delete',$str1);
199
+ $currenturl = remove_query_arg('view',$currenturl);
200
+ $currenturl = remove_query_arg('trust',$currenturl);
201
+ $currenturl = remove_query_arg('trustchanged',$currenturl);
202
+ $htmldata = "";
203
+ if(!empty($result)){
204
+ foreach($result as $report){
205
+ if(empty($report->scan_mode)){
206
+ $report->scan_mode="Custom Scan";
207
+ }
208
+ $repo_count = $report->repo_issues >= 0 ? $report->repo_issues : 0;
209
+ $htmldata .= "<tr><td style=text-align:center>".$report->scan_mode."</td>";
210
+ $htmldata .= "<td style=text-align:center>";
211
+ if(!empty($report->scanned_folders)){
212
+ foreach(explode(";",$report->scanned_folders) as $folder){
213
+ if(!empty($folder)){
214
+ $htmldata .= $folder."<br>";
215
+ }
216
+ }
217
+ }
218
+ $htmldata .= "</td><td style=text-align:center>";
219
+ $htmldata .= "<span style=color:green id=scan_files>".$report->scanned_files." files scanned<br></span>";
220
+ $htmldata .= "<span style=color:red id=malicious_files>".$report->malware_count." malware found<br></span>";
221
+ if($report->repo_issues < 0){
222
+ $htmldata .= "<span style=color:red id=malicious_files>Issues with repository check<br></span>";
223
+ }
224
+ $htmldata .= "<span style=color:orange id=warning_files>".($repo_count+$report->malicious_links)." warnings found</span>";
225
+ $htmldata .= "</td><td style=text-align:center id=start_time>".date("M j, Y, g:i:s a",$report->start_timestamp)."</td>";
226
+ $htmldata .= "<td><a href='".add_query_arg( array('tab' => 'default', 'view' => $report->id), $currenturl )."'>View Details</a> <a href='".add_query_arg( array('tab' => 'default', 'delete' => $report->id), $currenturl )."'>Delete</a></td>";
227
+ $htmldata .= "</tr>";
228
+
229
+ }
230
+ }else{
231
+ $htmldata .= '<tr class="odd"><td valign="top" colspan="5" class="dataTables_empty">No data available in table</td></tr>';
232
+ }
233
+ wp_send_json($htmldata);
234
+
235
  }
236
  }
237
  new Mo_wpns_scan_malware();
controllers/malware_scan_result.php CHANGED
@@ -1,6 +1,6 @@
1
  <?php
2
 
3
- function showScanResults(){
4
  $mo_wpns_db_handler = new MoWpnsDB();
5
  if(isset($_GET['view'])){
6
  if(isset($_GET['trust'])){
@@ -9,7 +9,9 @@ function showScanResults(){
9
  else if(isset($_GET['trustchanged'])){
10
  $mo_wpns_db_handler->ignorechangedfile($_GET['trustchanged']);
11
  }
12
-
 
 
13
  $listofignorefiles = $mo_wpns_db_handler->getlistofignorefiles();
14
  $ignorefiles = array();
15
  foreach($listofignorefiles as $row)
@@ -18,7 +20,7 @@ function showScanResults(){
18
  $result = $mo_wpns_db_handler->get_report_with_id($_GET['view']);
19
  if(sizeof($result)>0){
20
  $detailreport = $mo_wpns_db_handler->get_detail_report_with_id($_GET['view']);
21
- show_scan_details($detailreport, $result, $ignorefiles);
22
  }
23
  }
24
  else{
1
  <?php
2
 
3
+ function showScanResults(){
4
  $mo_wpns_db_handler = new MoWpnsDB();
5
  if(isset($_GET['view'])){
6
  if(isset($_GET['trust'])){
9
  else if(isset($_GET['trustchanged'])){
10
  $mo_wpns_db_handler->ignorechangedfile($_GET['trustchanged']);
11
  }
12
+ $last_id=$mo_wpns_db_handler->get_last_id();
13
+ $send_id=$last_id[0]->max;
14
+ $last_scan=$mo_wpns_db_handler->count_files_last_scan($send_id);
15
  $listofignorefiles = $mo_wpns_db_handler->getlistofignorefiles();
16
  $ignorefiles = array();
17
  foreach($listofignorefiles as $row)
20
  $result = $mo_wpns_db_handler->get_report_with_id($_GET['view']);
21
  if(sizeof($result)>0){
22
  $detailreport = $mo_wpns_db_handler->get_detail_report_with_id($_GET['view']);
23
+ show_scan_details($detailreport, $result, $ignorefiles, $last_scan);
24
  }
25
  }
26
  else{
controllers/scan_malware.php CHANGED
@@ -2,10 +2,7 @@
2
 
3
  global $moWpnsUtility,$dirName;
4
 
5
- if(!get_option( 'mo_wpns_scan_files_extensions'))
6
- update_option( 'mo_wpns_scan_files_extensions','php');
7
  add_option('mo_wpns_skip_folders');
8
-
9
  update_site_option('mo2f_visit_malware',true);
10
 
11
  include_once $dirName . 'views'.DIRECTORY_SEPARATOR.'malware_scan.php';
2
 
3
  global $moWpnsUtility,$dirName;
4
 
 
 
5
  add_option('mo_wpns_skip_folders');
 
6
  update_site_option('mo2f_visit_malware',true);
7
 
8
  include_once $dirName . 'views'.DIRECTORY_SEPARATOR.'malware_scan.php';
controllers/scan_malware_report.php CHANGED
@@ -1,8 +1,5 @@
1
  <?php
2
- if(get_option('mo_wpns_malware_scan_in_progress')=='IN PROGRESS')
3
- $scan_in_progress="disabled";
4
- else
5
- $scan_in_progress="";
6
  include_once $dirName . 'views'.DIRECTORY_SEPARATOR.'scan_report_view.php';
7
 
8
  ?>
1
  <?php
2
+
 
 
 
3
  include_once $dirName . 'views'.DIRECTORY_SEPARATOR.'scan_report_view.php';
4
 
5
  ?>
controllers/scan_malware_summary.php ADDED
@@ -0,0 +1,8 @@
 
 
 
 
 
 
 
 
1
+ <?php
2
+ if(get_option('mo_wpns_malware_scan_in_progress')=='IN PROGRESS')
3
+ $scan_in_progress="disabled";
4
+ else
5
+ $scan_in_progress="";
6
+ include_once $dirName . 'views'.DIRECTORY_SEPARATOR.'scan_summary_view.php';
7
+
8
+ ?>
database/database_functions.php CHANGED
@@ -13,8 +13,7 @@
13
  private $skipfiles;
14
  private $hashfile;
15
 
16
- function __construct()
17
- {
18
  global $wpdb;
19
  $this->transactionTable = $wpdb->base_prefix.'mo2f_network_transactions';
20
  $this->blockedIPsTable = $wpdb->base_prefix.'mo2f_network_blocked_ips';
@@ -31,24 +30,21 @@
31
 
32
  }
33
 
34
- function mo_plugin_activate()
35
- {
36
  global $wpdb;
37
- if(!get_option('mo_wpns_dbversion')||get_option('mo_wpns_dbversion')<MoWpnsConstants::DB_VERSION)
38
- {
39
  update_option('mo_wpns_dbversion', MoWpnsConstants::DB_VERSION );
40
  $this->generate_tables();
41
- }
42
- else
43
- {
44
  $current_db_version = get_option('mo_wpns_dbversion');
45
- if($current_db_version < MoWpnsConstants::DB_VERSION)
46
- update_option('mo_wpns_dbversion', MoWpnsConstants::DB_VERSION );
 
 
47
  }
48
  }
49
 
50
- function generate_tables()
51
- {
52
  global $wpdb;
53
 
54
  $tableName = $this->transactionTable;
@@ -117,9 +113,14 @@
117
  if($wpdb->get_var("show tables like '$tableName'") != $tableName)
118
  {
119
  $sql = "CREATE TABLE " . $tableName . " (
120
- `id` bigint NOT NULL AUTO_INCREMENT, `scan_mode` mediumtext NOT NULL, `scanned_folders` mediumtext NOT NULL, `scanned_files` int, `start_timestamp` int, `completed_timestamp` int, UNIQUE KEY id (id) );";
121
  dbDelta($sql);
122
  }
 
 
 
 
 
123
 
124
  $tableName = $this->scanreportdetails;
125
  if($wpdb->get_var("show tables like '$tableName'") != $tableName)
@@ -141,9 +142,27 @@
141
  if($wpdb->get_var("show tables like '$tableName'") != $tableName)
142
  {
143
  $sql = "CREATE TABLE " . $tableName . " (
144
- `id` bigint(20) NOT NULL AUTO_INCREMENT,`file name` varchar(500) NOT NULL,`file hash` mediumtext NOT NULL, PRIMARY KEY (`id`), UNIQUE KEY `id` (`id`), UNIQUE KEY `file name` (`file name`), UNIQUE KEY `id_2`(`id`));";
145
  dbDelta($sql);
146
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
147
  }
148
 
149
  function get_ip_blocked_count($ipAddress)
@@ -413,7 +432,7 @@
413
  return;
414
  }
415
 
416
- function create_scan_report($folderNames, $scan_type){
417
  global $wpdb;
418
  $wpdb->insert(
419
  $this->malwarereportTable,
@@ -421,7 +440,7 @@
421
  'scan_mode' => $scan_type,
422
  'scanned_folders' => $folderNames,
423
  'scanned_files' => 0,
424
- 'start_timestamp' => current_time('timestamp')
425
  )
426
  );
427
  $result = $wpdb->get_results( "SELECT * FROM ".$this->malwarereportTable." order by id DESC LIMIT 1");
@@ -444,10 +463,10 @@
444
  );
445
  }
446
 
447
- function scan_report_complete($recordId,$no_of_scanned_files){
448
  global $wpdb;
449
  $wpdb->query(
450
- "UPDATE ".$this->malwarereportTable." set completed_timestamp = ".current_time('timestamp').", scanned_files=".$no_of_scanned_files." WHERE id = ".$recordId
451
  );
452
  }
453
 
@@ -478,13 +497,25 @@
478
  function check_hash($hash_of_file){
479
  global $wpdb;
480
  $sql= 'SELECT * FROM '.$this->hashfile.' WHERE `file hash`="'.$hash_of_file.'"';
481
- $result=$wpdb->query( $sql );
482
  return $result;
483
  }
484
 
485
- function insert_hash($source_file_path,$hash_of_file){
486
  global $wpdb;
487
- $query= 'INSERT INTO '.$this->hashfile.'(`file name`,`file hash`) VALUES("'.$source_file_path.'", "'.$hash_of_file.'") ON DUPLICATE KEY UPDATE `file hash`="'.$hash_of_file.'"';
 
 
 
 
 
 
 
 
 
 
 
 
488
  $res=$wpdb->query( $query );
489
  }
490
 
@@ -563,5 +594,35 @@
563
  return $result;
564
  }
565
 
566
-
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
567
  }
13
  private $skipfiles;
14
  private $hashfile;
15
 
16
+ function __construct(){
 
17
  global $wpdb;
18
  $this->transactionTable = $wpdb->base_prefix.'mo2f_network_transactions';
19
  $this->blockedIPsTable = $wpdb->base_prefix.'mo2f_network_blocked_ips';
30
 
31
  }
32
 
33
+ function mo_plugin_activate(){
 
34
  global $wpdb;
35
+ if(!get_option('mo_wpns_dbversion')||get_option('mo_wpns_dbversion')<MoWpnsConstants::DB_VERSION){
 
36
  update_option('mo_wpns_dbversion', MoWpnsConstants::DB_VERSION );
37
  $this->generate_tables();
38
+ } else {
 
 
39
  $current_db_version = get_option('mo_wpns_dbversion');
40
+ if($current_db_version < MoWpnsConstants::DB_VERSION){
41
+ update_option('mo_wpns_dbversion', MoWpnsConstants::DB_VERSION );
42
+
43
+ }
44
  }
45
  }
46
 
47
+ function generate_tables(){
 
48
  global $wpdb;
49
 
50
  $tableName = $this->transactionTable;
113
  if($wpdb->get_var("show tables like '$tableName'") != $tableName)
114
  {
115
  $sql = "CREATE TABLE " . $tableName . " (
116
+ `id` bigint NOT NULL AUTO_INCREMENT, `scan_mode` mediumtext NOT NULL, `scanned_folders` mediumtext NOT NULL, `scanned_files` int, `malware_count` int NOT NULL DEFAULT 0, `repo_issues` int NOT NULL DEFAULT 0, `malicious_links` int NOT NULL DEFAULT 0, `start_timestamp` int, `completed_timestamp` int, UNIQUE KEY id (id) );";
117
  dbDelta($sql);
118
  }
119
+ $result= $wpdb->get_var("SHOW COLUMNS FROM `$tableName` LIKE 'scan_mode'");
120
+ if(is_null($result)){
121
+ $sql = "ALTER TABLE `$tableName` ADD `scan_mode` mediumtext NOT NULL DEFAULT 'Custom Scan' AFTER `id` ;";
122
+ $results1 = $wpdb->query($sql);
123
+ }
124
 
125
  $tableName = $this->scanreportdetails;
126
  if($wpdb->get_var("show tables like '$tableName'") != $tableName)
142
  if($wpdb->get_var("show tables like '$tableName'") != $tableName)
143
  {
144
  $sql = "CREATE TABLE " . $tableName . " (
145
+ `id` bigint(20) NOT NULL AUTO_INCREMENT,`file name` varchar(500) NOT NULL,`file hash` mediumtext NOT NULL, `scan_data` mediumtext NOT NULL, PRIMARY KEY (`id`), UNIQUE KEY `id` (`id`), UNIQUE KEY `file name` (`file name`), UNIQUE KEY `id_2`(`id`));";
146
  dbDelta($sql);
147
  }
148
+ $row1 = $wpdb->get_results( "SHOW COLUMNS FROM ".$this->malwarereportTable." LIKE 'malware_count'" );
149
+ $row2 = $wpdb->get_results( "SHOW COLUMNS FROM ".$this->malwarereportTable." LIKE 'repo_issues'" );
150
+ $row3 = $wpdb->get_results( "SHOW COLUMNS FROM ".$this->malwarereportTable." LIKE 'malicious_links'" );
151
+ if(empty($row1) && empty($row1) && empty($row1)){
152
+ $result = $wpdb->query("ALTER TABLE $this->malwarereportTable ADD COLUMN `malware_count` INT NOT NULL DEFAULT 0 AFTER `scanned_files`, ADD COLUMN `repo_issues` INT NOT NULL DEFAULT 0 AFTER `malware_count`, ADD COLUMN `malicious_links` INT NOT NULL DEFAULT 0 AFTER `repo_issues`");
153
+ if($result){
154
+ $report_ids = $wpdb->get_results("SELECT id FROM $this->malwarereportTable");
155
+ foreach ($report_ids as $key => $value) {
156
+ $scan_detail = $wpdb->get_results("SELECT report FROM $this->scanreportdetails WHERE report_id='".$report_ids[$key]->id."'");
157
+ $result = $this->mo_wpns_get_scan_count($scan_detail);
158
+ $wpdb->query("UPDATE $this->malwarereportTable SET `malware_count`= '".$result['scan']."', `repo_issues`='".$result['repo']."', `malicious_links`='".$result['extl']."' WHERE id='".$report_ids[$key]->id."'");
159
+ }
160
+ }
161
+ }
162
+ $rowhash = $wpdb->get_results( "SHOW COLUMNS FROM ".$this->hashfile." LIKE 'scan_data'" );
163
+ if(empty($rowhash)){
164
+ $result = $wpdb->query("ALTER TABLE $this->hashfile ADD COLUMN `scan_data` mediumtext NOT NULL");
165
+ }
166
  }
167
 
168
  function get_ip_blocked_count($ipAddress)
432
  return;
433
  }
434
 
435
+ function create_scan_report($folderNames, $scan_type, $start_timestamp){
436
  global $wpdb;
437
  $wpdb->insert(
438
  $this->malwarereportTable,
440
  'scan_mode' => $scan_type,
441
  'scanned_folders' => $folderNames,
442
  'scanned_files' => 0,
443
+ 'start_timestamp' => $start_timestamp
444
  )
445
  );
446
  $result = $wpdb->get_results( "SELECT * FROM ".$this->malwarereportTable." order by id DESC LIMIT 1");
463
  );
464
  }
465
 
466
+ function scan_report_complete($recordId, $no_of_scanned_files, $malware_count, $repo_issues, $malicious_links){
467
  global $wpdb;
468
  $wpdb->query(
469
+ "UPDATE ".$this->malwarereportTable." set completed_timestamp = ".current_time('timestamp').", scanned_files=".$no_of_scanned_files.", malware_count= '".$malware_count."', repo_issues='".$repo_issues."', malicious_links='".$malicious_links."' WHERE id = ".$recordId
470
  );
471
  }
472
 
497
  function check_hash($hash_of_file){
498
  global $wpdb;
499
  $sql= 'SELECT * FROM '.$this->hashfile.' WHERE `file hash`="'.$hash_of_file.'"';
500
+ $result=$wpdb->get_results( $sql );
501
  return $result;
502
  }
503
 
504
+ function insert_hash($source_file_path,$hash_of_file, $scan_data){
505
  global $wpdb;
506
+ $query= "INSERT INTO ".$this->hashfile."(`file name`,`file hash`,`scan_data`) VALUES('".$source_file_path."', '".$hash_of_file."', '".serialize($scan_data)."') ON DUPLICATE KEY UPDATE `file hash`='".$hash_of_file."' AND `scan_data`='".serialize($scan_data)."'";
507
+ $res=$wpdb->query( $query );
508
+ }
509
+
510
+ function update_hash($source_file_path, $hash_of_file, $scan_data){
511
+ global $wpdb;
512
+ $query= "UPDATE ".$this->hashfile." SET `file hash`='".$hash_of_file."',`scan_data`='".serialize($scan_data)."' WHERE `file name`='".$source_file_path."'";
513
+ $res=$wpdb->query( $query );
514
+ }
515
+
516
+ function delete_hash($source_file_path){
517
+ global $wpdb;
518
+ $query= "DELETE FROM ".$this->hashfile." WHERE `file name` = '".$source_file_path."'";
519
  $res=$wpdb->query( $query );
520
  }
521
 
594
  return $result;
595
  }
596
 
597
+ function mo_wpns_get_scan_count($result){
598
+ $scan_count = 0;
599
+ $repo_count = 0;
600
+ $link_count = 0;
601
+ $total = 0;
602
+ foreach ($result as $key => $value) {
603
+ $total+=1;
604
+ $temp = unserialize($result[$key]->report);
605
+ if(isset($temp['scan'])&&isset($temp['repo'])&&isset($temp['extl'])){
606
+ $scan_count++;
607
+ $repo_count++;
608
+ $link_count++;
609
+ }else if(isset($temp['scan'])&&isset($temp['repo'])){
610
+ $scan_count++;
611
+ $repo_count++;
612
+ }else if(isset($temp['scan'])&&isset($temp['extl'])){
613
+ $scan_count++;
614
+ $link_count++;
615
+ }else if(isset($temp['repo'])&&isset($temp['extl'])){
616
+ $repo_count++;
617
+ $link_count++;
618
+ }else if(isset($temp['scan'])){
619
+ $scan_count++;
620
+ }else if(isset($temp['repo'])){
621
+ $repo_count++;
622
+ }else if(isset($temp['extl'])){
623
+ $link_count++;
624
+ }
625
+ }
626
+ return array('scan'=>$scan_count, 'repo'=>$repo_count, 'extl'=>$link_count);
627
+ }
628
  }
handler/ajax.php CHANGED
@@ -23,7 +23,18 @@ class AjaxHandler
23
  $this->handle_feedback(); break;
24
  case "whitelistself":
25
  $this->whitelist_self(); break;
26
-
 
 
 
 
 
 
 
 
 
 
 
27
  }
28
  }
29
  }
@@ -180,4 +191,44 @@ class AjaxHandler
180
  wp_send_json('success');
181
  }
182
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
183
  }new AjaxHandler;
23
  $this->handle_feedback(); break;
24
  case "whitelistself":
25
  $this->whitelist_self(); break;
26
+ case "dismissinfected":
27
+ $this->wpns_infected_notice(); break;
28
+ case "dismissinfected_always":
29
+ $this->wpns_infected_notice_always(); break;
30
+ case "dismissplugin":
31
+ $this->wpns_plugin_notice(); break;
32
+ case "dismissplugin_always":
33
+ $this->wpns_plugin_notice_always(); break;
34
+ case "dismissweekly":
35
+ $this->wpns_weekly_notice(); break;
36
+ case "dismissweekly_always":
37
+ $this->wpns_weekly_notice_always(); break;
38
  }
39
  }
40
  }
191
  wp_send_json('success');
192
  }
193
 
194
+ private function wpns_infected_notice()
195
+ {
196
+ update_option('infected_dismiss', time());
197
+ wp_send_json('success');
198
+ }
199
+
200
+ private function wpns_infected_notice_always()
201
+ {
202
+ update_option('donot_show_infected_file_notice', 1);
203
+ wp_send_json('success');
204
+ }
205
+
206
+ private function wpns_plugin_notice()
207
+ {
208
+ $plugin_current= get_plugins();
209
+ update_option('mo_wpns_last_plugins', $plugin_current);
210
+ $args=array();
211
+ $theme_current= wp_get_themes($args);
212
+ update_option('mo_wpns_last_themes', $theme_current);
213
+ wp_send_json('success');
214
+ }
215
+
216
+ private function wpns_plugin_notice_always()
217
+ {
218
+ update_option('donot_show_new_plugin_theme_notice', 1);
219
+ wp_send_json('success');
220
+ }
221
+
222
+ private function wpns_weekly_notice()
223
+ {
224
+ update_option('weekly_dismiss', time());
225
+ wp_send_json('success');
226
+ }
227
+
228
+ private function wpns_weekly_notice_always()
229
+ {
230
+ update_option('donot_show_weekly_scan_notice', 1);
231
+ wp_send_json('success');
232
+ }
233
+
234
  }new AjaxHandler;
handler/logger.php CHANGED
@@ -1,6 +1,6 @@
1
  <?php
2
 
3
- class Logger
4
  {
5
  function __construct()
6
  {
@@ -34,4 +34,4 @@ class Logger
34
  $mo_wpns_config->add_transactions($userIp,$username,MoWpnsConstants::ERR_404, MoWpnsConstants::ACCESS_DENIED,$url);
35
  }
36
  }
37
- new Logger;
1
  <?php
2
 
3
+ class mo2f_Logger
4
  {
5
  function __construct()
6
  {
34
  $mo_wpns_config->add_transactions($userIp,$username,MoWpnsConstants::ERR_404, MoWpnsConstants::ACCESS_DENIED,$url);
35
  }
36
  }
37
+ new mo2f_Logger;
handler/malware_scanner.php CHANGED
@@ -1,7 +1,6 @@
1
  <?php
2
 
3
  class Mo_wpns_Scan_Handler{
4
- private $nooffiles=0;
5
  private $total_files_to_scan;
6
  public $scanned_files = array();
7
  function __construct(){
@@ -16,11 +15,22 @@ class Mo_wpns_Scan_Handler{
16
  ini_set('max_execution_time', 0);
17
  $result = array();
18
  $folderpaths = array();
19
- $filepaths = array();
20
  $wp_repo_file = array();
21
  $folderNames = "";
 
 
22
  $base = dirname(dirname(dirname(dirname(plugin_dir_path(__FILE__)))));
23
- $repo_file_path=$base.DIRECTORY_SEPARATOR."wp-content".DIRECTORY_SEPARATOR."uploads".DIRECTORY_SEPARATOR."miniorange";
 
 
 
 
 
 
 
 
 
 
24
  if($scan_config['core_scan'] == 1){
25
  $folderpaths['base'] = $base;
26
  $folderNames .= "WP Files;";
@@ -36,8 +46,8 @@ class Mo_wpns_Scan_Handler{
36
  if($scan_config['check_repo'] == 1){
37
  $folderNames .= "WP Repo Files;";
38
  }
39
- $mo2f_malware_db_handler = new MoWpnsDB();
40
- $reportid = $mo2f_malware_db_handler->create_scan_report($folderNames, $scan_config['type_scan']);
41
  if ( ! function_exists( 'get_plugins' ) ) {
42
  require_once ABSPATH . 'wp-admin/includes/plugin.php';
43
  }
@@ -55,10 +65,17 @@ class Mo_wpns_Scan_Handler{
55
  $wp_repo_file['base']=$repo_file_path.DIRECTORY_SEPARATOR.$zip_name;
56
  update_option('downloaded_wordpress_repo_name', $zip_name);
57
  if(!is_dir($repo_file_path.DIRECTORY_SEPARATOR.$zip_name)){
58
- $this->download_repo($zip_name, $wp_version, $repo_file_path);
 
 
 
 
 
 
 
59
  }
60
  }
61
- if($scan_config['plugin_scan'] == 1){
62
  $wp_plugin_repo_file=$repo_file_path.DIRECTORY_SEPARATOR."plugins";
63
  if(!is_dir($wp_plugin_repo_file)){
64
  mkdir($wp_plugin_repo_file);
@@ -73,40 +90,61 @@ class Mo_wpns_Scan_Handler{
73
  }
74
  }
75
  }
76
- $this->iterator_plugins_themes($all_plugins, $wp_plugin_repo_file, 'plugins');
 
 
 
 
 
 
 
77
  }
78
- if($scan_config['theme_scan'] == 1){
79
  $wp_theme_repo_file=$repo_file_path.DIRECTORY_SEPARATOR."themes";
80
  if(!is_dir($wp_theme_repo_file)){
81
  mkdir($wp_theme_repo_file);
82
  }
83
  $wp_repo_file['themes']=$wp_theme_repo_file;
84
  $all_themes=get_site_transient( 'update_themes' )->checked;
85
- $this->iterator_plugins_themes($all_themes, $wp_theme_repo_file, 'themes');
 
 
 
 
 
 
 
86
  }
87
  }
88
- $result = $this->get_scan_result($folderpaths, $wp_repo_file, $scan_config);
89
- if($result){
90
- foreach ($result as $key => $value) {
 
 
 
91
  $mo2f_malware_db_handler->add_report_details($reportid, $key, $value);
92
  }
93
  }
94
- $mo2f_malware_db_handler->scan_report_complete($reportid, $this->nooffiles);
 
95
  if(is_dir($repo_file_path)){
96
  $this->remove_dir($repo_file_path);
97
  }
98
- global $dirName;
99
  update_option('mo_wpns_malware_scan_in_progress','COMPLETE');
100
- include_once $dirName. DIRECTORY_SEPARATOR.'controllers'.DIRECTORY_SEPARATOR.'malware_scan_result.php';
101
- include_once $dirName.DIRECTORY_SEPARATOR. 'views'.DIRECTORY_SEPARATOR.'scan_report_view.php';
102
  $total_scan=$mo2f_malware_db_handler->count_files();
103
  $total_malicious=$mo2f_malware_db_handler->count_malicious_files();
104
  $last_scan=$mo2f_malware_db_handler->count_files_last_scan($reportid);
105
  $malicious_last_scan=$mo2f_malware_db_handler->count_malicious_last_scan($reportid);
 
 
 
 
 
 
 
 
106
  $response=array('total_files'=>$total_scan, 'total_mal'=>$total_malicious, 'scan_files'=>$last_scan, 'mal_files'=>$malicious_last_scan);
107
- echo showScanResults();
108
- echo show_summary();
109
- exit;
110
  }
111
 
112
  function iterator_plugins_themes($themes_or_plugins, $path, $type=''){
@@ -118,13 +156,24 @@ class Mo_wpns_Scan_Handler{
118
  $plugin_version=$plugin_data['Version'];
119
  if(!is_dir($path.DIRECTORY_SEPARATOR.$plugin_slug)){
120
  $result= $this->download_repo($plugin_slug, $plugin_version, $path, $type);
 
 
 
 
 
121
  }
122
  } else if($type=='themes'){
123
  if(!is_dir($path.DIRECTORY_SEPARATOR.$key)){
124
  $result= $this->download_repo($key, $data, $path, $type);
 
 
 
 
 
125
  }
126
  }
127
  }
 
128
  }
129
 
130
  function download_repo($zip_name, $version, $path, $type=''){
@@ -134,39 +183,50 @@ class Mo_wpns_Scan_Handler{
134
  $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
135
  if( $download_result){
136
  $result = $this->unzip_downloaded_repo($zip_name, $path);
 
137
  }else {
138
  $download_link="https://downloads.wordpress.org/plugin/".$zip_name.".zip";
139
  $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
140
  if( $download_result){
141
  $result = $this->unzip_downloaded_repo($zip_name, $path);
 
142
  }else {
143
- error_log("Unable to download Plugins");
 
144
  }
 
145
  }
146
  } else if($type=='themes'){
147
- $download_link="https://downloads.wordpress.org/theme/".$zip_name.".".$version.".zip";
148
- $plugin_name=$zip_name.'.'.$version;
149
  $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
150
  if( $download_result){
151
  $result = $this->unzip_downloaded_repo($zip_name, $path);
 
152
  }else {
153
  $download_link="https://downloads.wordpress.org/theme/".$zip_name.".zip";
154
  $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
155
  if( $download_result){
156
  $result = $this->unzip_downloaded_repo($zip_name, $path);
 
157
  }else {
158
- error_log("Unable to download Themes");
 
159
  }
 
160
  }
161
  } else {
162
  $download_link="https://wordpress.org/wordpress-".$version.".zip";
163
  $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.'.zip', file_get_contents($download_link));
164
  if($download_result){
165
  $result=$this->unzip_downloaded_repo($zip_name, $path);
 
166
  } else {
167
- error_log("Unable to download wordpress");
 
168
  }
169
  }
 
170
  }
171
 
172
  function unzip_downloaded_repo($name, $path){
@@ -175,7 +235,7 @@ class Mo_wpns_Scan_Handler{
175
  $res = $zip->open($folder_path);
176
  if ($res === TRUE) {
177
  // extract it to the path we determined above
178
- $zip->extractTo($path);
179
  $zip->close();
180
  if ($name == get_option('downloaded_wordpress_repo_name')) {
181
  rename($path.DIRECTORY_SEPARATOR."wordpress", $path.DIRECTORY_SEPARATOR.$name);
@@ -187,155 +247,172 @@ class Mo_wpns_Scan_Handler{
187
  }
188
  }
189
 
190
- function get_scan_result($folderpaths=array(), $repo_folder_path=array(), $scan_config){
191
- $nooffiles=0;
192
  if(!empty($folderpaths)){
193
  if ( in_array( 'curl', get_loaded_extensions() ) ) {
194
- $base = dirname(dirname(dirname(dirname(plugin_dir_path(__FILE__)))));
195
- $wp_default_plugins = ['index.php', 'hello.php', 'akismet'];
196
- $wp_default_themes = ['index.php', 'twentynineteen', 'twentyseventeen', 'twentysixteen'];
197
- $wp_repo_files=array();
198
- $plugin_repo_files=array();
199
- $theme_repo_files=array();
200
  $scanresults=array();
201
- $file_ext = get_option('mo_wpns_scan_files_extensions');
 
 
 
 
 
202
  $extensions = array();
 
 
203
  if(empty($file_ext)){
204
- $extensions = ['php'];
205
  }else{
206
  if(strpos($file_ext,';') !=false){
207
- $extensions= explode(";",$file_ext);
208
  }else{
209
- $extensions= $file_ext;
210
  }
211
  }
212
- $mo2f_malware_db_handler = new MoWpnsDB();
213
-
214
- $folder_paths=array();
215
- if($scan_config['core_scan'] == 1){
216
- $folder_paths[0]=$folderpaths['base'];
217
- }
218
- else{
219
- $folder_paths=$folderpaths;
220
  }
221
- foreach ($folder_paths as $value) {
 
 
222
  if (is_dir($value)) {
223
  foreach ($iterator = new \RecursiveIteratorIterator(new \RecursiveDirectoryIterator($value, \RecursiveDirectoryIterator::SKIP_DOTS), \RecursiveIteratorIterator::SELF_FIRST) as $item) {
224
  if ($item->isFile()) {
225
  $scanresult=array();
226
  $source_file_path = $value . DIRECTORY_SEPARATOR . $iterator->getSubPathName();
227
- if ($value == $base.DIRECTORY_SEPARATOR.'wp-content'.DIRECTORY_SEPARATOR.'plugins' && in_array(explode(DIRECTORY_SEPARATOR,$iterator->getSubPathName())[0], $wp_default_plugins)){
 
 
 
 
 
 
 
228
  continue;
229
- } elseif ($value == $base.DIRECTORY_SEPARATOR.'wp-content'.DIRECTORY_SEPARATOR.'themes' && in_array(explode(DIRECTORY_SEPARATOR,$iterator->getSubPathName())[0], $wp_default_themes)){
230
  continue;
231
- } elseif ($value == $base && ($scan_config['core_scan'] == 1)){
232
- if(count(explode('wp-content'.DIRECTORY_SEPARATOR, $iterator->getSubPathName()))>1){
233
- if(explode(DIRECTORY_SEPARATOR,explode('wp-content'.DIRECTORY_SEPARATOR, $iterator->getSubPathName())[1])[0]=='plugins'){
234
- if (!in_array(explode(DIRECTORY_SEPARATOR,explode('wp-content'.DIRECTORY_SEPARATOR.'plugins'.DIRECTORY_SEPARATOR,$iterator->getSubPathName())[1])[0], $wp_default_plugins)) {
235
- continue;
236
- }
237
- } else if(explode(DIRECTORY_SEPARATOR,explode('wp-content'.DIRECTORY_SEPARATOR,$iterator->getSubPathName())[1])[0]=='themes'){
238
- if (!in_array(explode(DIRECTORY_SEPARATOR,explode('wp-content'.DIRECTORY_SEPARATOR.'themes'.DIRECTORY_SEPARATOR,$iterator->getSubPathName())[1])[0], $wp_default_themes)) {
239
- continue;
240
- }
241
- } else if(count(explode('wp-content'.DIRECTORY_SEPARATOR.'uploads'.DIRECTORY_SEPARATOR, $iterator->getSubPathName()))>1){
242
- if(explode(DIRECTORY_SEPARATOR,explode('wp-content'.DIRECTORY_SEPARATOR.'uploads'.DIRECTORY_SEPARATOR,$iterator->getSubPathName())[1])[0]=='miniorange'){
243
- continue;
244
- }
245
  }
246
  }
247
  }
248
- $this->nooffiles++;
249
- if($this->nooffiles - get_option('mo_wpns_files_scanned') > 100){
250
- update_option('mo_wpns_files_scanned', $this->nooffiles);
251
  }
252
- $file_content=file_get_contents($source_file_path);
253
- if($scan_config['check_repo'] == 1){
254
- $repo_path=$base.DIRECTORY_SEPARATOR."wp-content".DIRECTORY_SEPARATOR."uploads".DIRECTORY_SEPARATOR."miniorange";
255
- if($value==$base){
256
- array_push($wp_repo_files, $iterator->getSubPathName());
257
- $repo_file_path=$repo_path . DIRECTORY_SEPARATOR . get_option('downloaded_wordpress_repo_name');
258
-
259
- } elseif ($value == $base.DIRECTORY_SEPARATOR . 'wp-content' . DIRECTORY_SEPARATOR . 'plugins') {
260
- array_push($plugin_repo_files, $iterator->getSubPathName());
261
- $repo_file_path=$repo_path . DIRECTORY_SEPARATOR . 'plugins';
262
-
263
- } elseif ($value == $base.DIRECTORY_SEPARATOR . 'wp-content' . DIRECTORY_SEPARATOR . 'themes') {
264
- array_push($theme_repo_files, $iterator->getSubPathName());
265
- $repo_file_path=$repo_path . DIRECTORY_SEPARATOR . 'themes';
266
- }
267
- $getext=pathinfo($source_file_path, PATHINFO_EXTENSION);
268
-
269
- $ext['0']=$getext;
270
-
271
- if(! in_array($ext, array('zip')) && ! strpos($source_file_path, 'uploads')&& ! strpos($source_file_path, 'miniorangebackup')){
272
- $issues = $this->check_with_repo_files($file_content, $repo_file_path.DIRECTORY_SEPARATOR.$iterator->getSubPathName());
273
- if(!empty($issues)){
274
- $scanresult['repo']=$issues;
275
- }
276
- }
277
- }
278
-
279
  $hash_of_file= md5_file($source_file_path);
280
  $res=$mo2f_malware_db_handler->check_hash($hash_of_file);
281
- if($res){}
 
 
 
 
 
 
 
 
 
282
  else{
283
  $flag_update=0;
284
- $getext=pathinfo($source_file_path, PATHINFO_EXTENSION);
285
-
286
- $ext['0']=$getext;
287
-
288
- if(in_array($extensions,$ext) && ! in_array($ext, array('zip'))){
289
-
290
-
291
- if(($scan_config['check_vulnerable'] == 1) || ($scan_config['check_sql'] == 1)){
292
- $contents = file_get_contents($source_file_path);
293
- $result = array();
294
- $result = $this->check_vulnerable_code($contents);
295
- if(!empty($result)){
296
-
297
- $flag_update=1;
298
- foreach ($result as $index => $type_inf) {
299
- if($type_inf['i'] == 'vlc'){
300
- $scanresult['Vulnerable Code'] = $result;
301
- }else if($type_inf['i'] == 'shc'){
302
- $scanresult['Shell Script'] = $result;
303
- }else if($type_inf['i'] == 'sqc'){
304
- $scanresult['SQL Injection'] = $result;
305
- }
306
- }
307
- }
 
 
 
 
 
 
 
 
 
 
 
308
  }
309
-
 
310
  if($scan_config['ext_link_check'] == 1){
 
311
  $elresult= $this->check_external_link($file_content);
312
  if(!empty($elresult)){
 
313
  $flag_update=1;
314
  $scanresult['extl']=$elresult;
315
  }
316
  }
317
  }
318
  if($flag_update == 0){
319
- $mo2f_malware_db_handler->insert_hash($source_file_path,$hash_of_file);
 
 
 
 
 
 
 
 
320
  }else{
321
- $flag_update=0;
322
  $infected_files=get_option('mo_wpns_infected_files');
323
  $infected_files++;
 
 
 
324
  update_option('mo_wpns_infected_files', $infected_files);
325
  }
326
  }
327
-
328
-
329
  if(!empty($scanresult))
330
  $scanresults[$source_file_path]=$scanresult;
331
-
332
  }
333
  }
334
  }
335
  }
336
-
337
- update_option('mo_wpns_files_scanned', $this->nooffiles);
338
- return $scanresults;
 
 
 
 
 
 
339
  }else{
340
  return array('message'=>'CURL not installed on the server.');
341
  }
@@ -344,6 +421,49 @@ class Mo_wpns_Scan_Handler{
344
  }
345
  }
346
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
347
  function check_with_repo_files($file_content, $repo_file_path){
348
  $issues = array();
349
  if(file_exists($repo_file_path)){
@@ -351,16 +471,12 @@ class Mo_wpns_Scan_Handler{
351
  $hash_repo = md5($content);
352
  $hash_file = md5($file_content);
353
  if ($hash_file != $hash_repo) {
 
354
  $issues=array("exist" => "Mismatch in Files");
355
  }
356
  } else {
357
  $issues=array('exist'=>'Unwanted File Found');
358
  }
359
- if(!empty($issues)){
360
- $infected_files=get_option('mo_wpns_infected_files');
361
- $infected_files++;
362
- update_option('mo_wpns_infected_files', $infected_files);
363
- }
364
  return $issues;
365
  }
366
 
@@ -398,14 +514,9 @@ class Mo_wpns_Scan_Handler{
398
  $url = trim($url,"'");
399
  $url = trim($url,'"');
400
  $components = parse_url($url);
401
-
402
  if(isset($components['host'])){
403
- $check_string = strpos($components['host'], 'wordpress.org');
404
- if(isset($check_string) and is_int($check_string))
405
- {
406
- $check_string = 1;
407
- }
408
- if(!$check_string){
409
  if(!empty($components['host']) && strpos(strtolower($components['host']),strtolower($_SERVER['HTTP_HOST'])) === false){
410
  return true;
411
  }
@@ -491,6 +602,68 @@ class Mo_wpns_Scan_Handler{
491
  rmdir($dir);
492
  }
493
 
494
- }
495
 
496
- ?>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
  <?php
2
 
3
  class Mo_wpns_Scan_Handler{
 
4
  private $total_files_to_scan;
5
  public $scanned_files = array();
6
  function __construct(){
15
  ini_set('max_execution_time', 0);
16
  $result = array();
17
  $folderpaths = array();
 
18
  $wp_repo_file = array();
19
  $folderNames = "";
20
+ $repo_check_status = $scan_config['check_repo'];
21
+ $repo_check_status_code = 0;
22
  $base = dirname(dirname(dirname(dirname(plugin_dir_path(__FILE__)))));
23
+ $hostname = 'wordpress.org';
24
+ $wordpress_server_status = $this->mo_wpns_check_malware_server_status($hostname);
25
+ if (!is_writable($base.DIRECTORY_SEPARATOR."wp-content".DIRECTORY_SEPARATOR."uploads")) {
26
+ $scan_config['check_repo'] = 0;
27
+ $repo_check_status_code = -97;
28
+ }
29
+ if (!$wordpress_server_status) {
30
+ $scan_config['check_repo'] = 0;
31
+ $repo_check_status_code = -98;
32
+ }
33
+ $repo_file_path=$base.DIRECTORY_SEPARATOR."wp-content".DIRECTORY_SEPARATOR."uploads".DIRECTORY_SEPARATOR."miniorangescan";
34
  if($scan_config['core_scan'] == 1){
35
  $folderpaths['base'] = $base;
36
  $folderNames .= "WP Files;";
46
  if($scan_config['check_repo'] == 1){
47
  $folderNames .= "WP Repo Files;";
48
  }
49
+ $this->count_total_files($folderpaths, $base, $scan_config);
50
+
51
  if ( ! function_exists( 'get_plugins' ) ) {
52
  require_once ABSPATH . 'wp-admin/includes/plugin.php';
53
  }
65
  $wp_repo_file['base']=$repo_file_path.DIRECTORY_SEPARATOR.$zip_name;
66
  update_option('downloaded_wordpress_repo_name', $zip_name);
67
  if(!is_dir($repo_file_path.DIRECTORY_SEPARATOR.$zip_name)){
68
+ $result = $this->download_repo($zip_name, $wp_version, $repo_file_path);
69
+ if($result === -99){
70
+ $scan_config['check_repo'] = 0;
71
+ $repo_check_status_code = -99;
72
+ }else if(!$result){
73
+ $scan_config['check_repo'] = 0;
74
+ $repo_check_status_code = -100;
75
+ }
76
  }
77
  }
78
+ if($scan_config['plugin_scan'] == 1 && $scan_config['check_repo']){
79
  $wp_plugin_repo_file=$repo_file_path.DIRECTORY_SEPARATOR."plugins";
80
  if(!is_dir($wp_plugin_repo_file)){
81
  mkdir($wp_plugin_repo_file);
90
  }
91
  }
92
  }
93
+ $result = $this->iterator_plugins_themes($all_plugins, $wp_plugin_repo_file, 'plugins');
94
+ if($result === -99){
95
+ $scan_config['check_repo'] = 0;
96
+ $repo_check_status_code = -99;
97
+ }else if(!$result){
98
+ $scan_config['check_repo'] = 0;
99
+ $repo_check_status_code = -100;
100
+ }
101
  }
102
+ if($scan_config['theme_scan'] == 1 && $scan_config['check_repo']){
103
  $wp_theme_repo_file=$repo_file_path.DIRECTORY_SEPARATOR."themes";
104
  if(!is_dir($wp_theme_repo_file)){
105
  mkdir($wp_theme_repo_file);
106
  }
107
  $wp_repo_file['themes']=$wp_theme_repo_file;
108
  $all_themes=get_site_transient( 'update_themes' )->checked;
109
+ $result = $this->iterator_plugins_themes($all_themes, $wp_theme_repo_file, 'themes');
110
+ if($result === -99){
111
+ $scan_config['check_repo'] = 0;
112
+ $repo_check_status_code = -99;
113
+ }else if(!$result){
114
+ $scan_config['check_repo'] = 0;
115
+ $repo_check_status_code = -100;
116
+ }
117
  }
118
  }
119
+ $mo2f_malware_db_handler = new MoWpnsDB();
120
+ $time = current_time('timestamp');
121
+ $result = $this->get_scan_result($mo2f_malware_db_handler, $folderpaths, $wp_repo_file, $scan_config, $base);
122
+ $reportid = $mo2f_malware_db_handler->create_scan_report($folderNames, $scan_config['type_scan'], $time);
123
+ if($result['scan']){
124
+ foreach ($result['scan'] as $key => $value) {
125
  $mo2f_malware_db_handler->add_report_details($reportid, $key, $value);
126
  }
127
  }
128
+ $result['repo_issues'] = $repo_check_status!=$scan_config['check_repo'] ? $repo_check_status_code : $result['repo_issues'];
129
+ $mo2f_malware_db_handler->scan_report_complete($reportid, $result['file_count'], $result['malware_count'], $result['repo_issues'], $result['malicious_link']);
130
  if(is_dir($repo_file_path)){
131
  $this->remove_dir($repo_file_path);
132
  }
 
133
  update_option('mo_wpns_malware_scan_in_progress','COMPLETE');
 
 
134
  $total_scan=$mo2f_malware_db_handler->count_files();
135
  $total_malicious=$mo2f_malware_db_handler->count_malicious_files();
136
  $last_scan=$mo2f_malware_db_handler->count_files_last_scan($reportid);
137
  $malicious_last_scan=$mo2f_malware_db_handler->count_malicious_last_scan($reportid);
138
+ if($total_scan > 999){
139
+ $total_scan=($total_scan/1000);
140
+ $total_scan= round($total_scan,1)."k";
141
+ }
142
+ if($total_malicious > 999){
143
+ $total_malicious=($total_malicious/1000);
144
+ $total_malicious= round($total_malicious,1)."k";
145
+ }
146
  $response=array('total_files'=>$total_scan, 'total_mal'=>$total_malicious, 'scan_files'=>$last_scan, 'mal_files'=>$malicious_last_scan);
147
+ wp_send_json($response);
 
 
148
  }
149
 
150
  function iterator_plugins_themes($themes_or_plugins, $path, $type=''){
156
  $plugin_version=$plugin_data['Version'];
157
  if(!is_dir($path.DIRECTORY_SEPARATOR.$plugin_slug)){
158
  $result= $this->download_repo($plugin_slug, $plugin_version, $path, $type);
159
+ if($result === -99){
160
+ return -99;
161
+ }else if(!$result){
162
+ return false;
163
+ }
164
  }
165
  } else if($type=='themes'){
166
  if(!is_dir($path.DIRECTORY_SEPARATOR.$key)){
167
  $result= $this->download_repo($key, $data, $path, $type);
168
+ if($result === -99){
169
+ return -99;
170
+ }else if(!$result){
171
+ return false;
172
+ }
173
  }
174
  }
175
  }
176
+ return true;
177
  }
178
 
179
  function download_repo($zip_name, $version, $path, $type=''){
183
  $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
184
  if( $download_result){
185
  $result = $this->unzip_downloaded_repo($zip_name, $path);
186
+ return $result;
187
  }else {
188
  $download_link="https://downloads.wordpress.org/plugin/".$zip_name.".zip";
189
  $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
190
  if( $download_result){
191
  $result = $this->unzip_downloaded_repo($zip_name, $path);
192
+ return $result;
193
  }else {
194
+ error_log("Unable to download Plugin: ".$plugin_name);
195
+ return -99;
196
  }
197
+ return -99;
198
  }
199
  } else if($type=='themes'){
200
+ $theme_name=$zip_name.'.'.$version;
201
+ $download_link="https://downloads.wordpress.org/theme/".$theme_name.".zip";
202
  $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
203
  if( $download_result){
204
  $result = $this->unzip_downloaded_repo($zip_name, $path);
205
+ return $result;
206
  }else {
207
  $download_link="https://downloads.wordpress.org/theme/".$zip_name.".zip";
208
  $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.".zip", file_get_contents($download_link));
209
  if( $download_result){
210
  $result = $this->unzip_downloaded_repo($zip_name, $path);
211
+ return $result;
212
  }else {
213
+ error_log("Unable to download Theme: ".$theme_name);
214
+ return -99;
215
  }
216
+ return -99;
217
  }
218
  } else {
219
  $download_link="https://wordpress.org/wordpress-".$version.".zip";
220
  $download_result=@file_put_contents($path.DIRECTORY_SEPARATOR.$zip_name.'.zip', file_get_contents($download_link));
221
  if($download_result){
222
  $result=$this->unzip_downloaded_repo($zip_name, $path);
223
+ return $result;
224
  } else {
225
+ error_log("Unable to download wordpress-".$version);
226
+ return -99;
227
  }
228
  }
229
+ return false;
230
  }
231
 
232
  function unzip_downloaded_repo($name, $path){
235
  $res = $zip->open($folder_path);
236
  if ($res === TRUE) {
237
  // extract it to the path we determined above
238
+ $result = $zip->extractTo($path);
239
  $zip->close();
240
  if ($name == get_option('downloaded_wordpress_repo_name')) {
241
  rename($path.DIRECTORY_SEPARATOR."wordpress", $path.DIRECTORY_SEPARATOR.$name);
247
  }
248
  }
249
 
250
+ function get_scan_result($mo2f_malware_db_handler=null, $folderpaths=array(), $repo_folder_path=array(), $scan_config, $base){
 
251
  if(!empty($folderpaths)){
252
  if ( in_array( 'curl', get_loaded_extensions() ) ) {
 
 
 
 
 
 
253
  $scanresults=array();
254
+ $nooffiles=0;
255
+ $scan_malware_count = 0;
256
+ $repo_issue_count = 0;
257
+ $malicious_link_count = 0;
258
+ $file_ext = $scan_config['file_extension'];
259
+ $host = 'http://scanner.api.xecurify.com/malwareservice/rest/file/upload';
260
  $extensions = array();
261
+ $hostname = 'scanner.api.xecurify.com';
262
+ $malware_server_status = $this->mo_wpns_check_malware_server_status($hostname);
263
  if(empty($file_ext)){
 
264
  }else{
265
  if(strpos($file_ext,';') !=false){
266
+ $extensions = explode(";", $file_ext);
267
  }else{
268
+ array_push($extensions, $file_ext);
269
  }
270
  }
271
+ $folder_skip_array= empty($scan_config['path_skip']) ? array() : explode(";", $scan_config['path_skip']);
272
+ $skip_path_array= array();
273
+ for($i=0; $i<count($folder_skip_array); $i++){
274
+ $pathParts = explode('/', rtrim(str_replace('\\', '/', $folder_skip_array[$i])));
275
+ $n= sizeof($pathParts)-1;
276
+ $folder= $pathParts[$n];
277
+ array_push($skip_path_array, $folder);
 
278
  }
279
+ $enable_extns = $scan_config['type_scan'] == "Custom Scan" && !empty($file_ext) ? false : true;
280
+ foreach ($folderpaths as $value) {
281
+ $onearr = array();
282
  if (is_dir($value)) {
283
  foreach ($iterator = new \RecursiveIteratorIterator(new \RecursiveDirectoryIterator($value, \RecursiveDirectoryIterator::SKIP_DOTS), \RecursiveIteratorIterator::SELF_FIRST) as $item) {
284
  if ($item->isFile()) {
285
  $scanresult=array();
286
  $source_file_path = $value . DIRECTORY_SEPARATOR . $iterator->getSubPathName();
287
+ if ($value == $base && ($scan_config['core_scan'] == 1)){
288
+ $arr = explode(DIRECTORY_SEPARATOR, $iterator->getSubPathName());
289
+ if(($arr[count($arr)-1]== 'index.php' && (count($arr)==1 || in_array($arr[count($arr)-2], array('wp-content', 'plugins', 'themes'))) && !in_array('miniorangescan', $arr)) || (!in_array('plugins', $arr) && !in_array('themes', $arr) && !in_array('miniorangescan', $arr))){
290
+
291
+ }else{
292
+ continue;
293
+ }
294
+ }elseif ($value == $base.DIRECTORY_SEPARATOR.'wp-content'.DIRECTORY_SEPARATOR.'plugins' && explode(DIRECTORY_SEPARATOR,$iterator->getSubPathName())[0]=='index.php'){
295
  continue;
296
+ } elseif ($value == $base.DIRECTORY_SEPARATOR.'wp-content'.DIRECTORY_SEPARATOR.'themes' && explode(DIRECTORY_SEPARATOR,$iterator->getSubPathName())[0]=='index.php'){
297
  continue;
298
+ }
299
+ $flag_skip=0;
300
+ if($scan_config['type_scan'] == "Custom Scan" && !empty($folder_skip_array)){
301
+ for($q=0; $q<count($skip_path_array); $q++){
302
+ if(strpos($source_file_path, $skip_path_array[$q])){
303
+ $flag_skip=1;
304
+ break;
 
 
 
 
 
 
 
305
  }
306
  }
307
  }
308
+ if($flag_skip == 1){
309
+ continue;
 
310
  }
311
+ $ext = pathinfo($source_file_path, PATHINFO_EXTENSION);
312
+ $extns = $enable_extns ? true : (in_array($ext, $extensions) ? true : false);
313
+ if($extns){
314
+ $nooffiles++;
315
+ if($nooffiles - get_option('mo_wpns_files_scanned') > 50){
316
+ update_option('mo_wpns_files_scanned', $nooffiles);
317
+ }
318
+ }
319
+
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
320
  $hash_of_file= md5_file($source_file_path);
321
  $res=$mo2f_malware_db_handler->check_hash($hash_of_file);
322
+
323
+ $datascan = empty($res)?true:(isset($res[0]->scan_data) ? unserialize($res[0]->scan_data):false);
324
+ $scanmalware = is_array($datascan)?$datascan['malware']==0:(!empty($datascan) ? $datascan: true);
325
+ $repocheck = is_array($datascan)?$datascan['repo']==0:(!empty($datascan) ? $datascan: true);
326
+ $extlink = is_array($datascan)?$datascan['ext_link']==0:(!empty($datascan) ? $datascan: true);
327
+ $malware_status = $scanmalware? 0 : 1;
328
+ $repo_status = $repocheck? 0 : 1;
329
+ $link_status = $extlink? 0 : 1;
330
+ if(!empty($res) && !$extlink && !$repocheck && !$scanmalware ){}
331
+
332
  else{
333
  $flag_update=0;
334
+ $file_content=file_get_contents($source_file_path);
335
+ $source_file_path_size = str_replace("\\", "/", $source_file_path);
336
+ if(($scan_config['check_vulnerable'] == 1 || $scan_config['check_sql'] == 1) && !in_array($ext, array('zip','sitx','7z','rar','gz')) && filesize($source_file_path_size) < 1048576 && $malware_server_status && $extns && $scanmalware){
337
+ $malware_status = 1;
338
+ $cfile=curl_file_create($source_file_path, 'test/plain', time().basename($source_file_path));
339
+ $postdata = array('file' => $cfile);
340
+ $content_type = 'multipart/form-data';
341
+ $issues = $this->mo_wpns_malware_scan_request($postdata, $host, $content_type);
342
+ if ($issues) {
343
+ $scan_malware_count++;
344
+ $scanresult['scan'] = $issues;
345
+ $flag_update=1;
346
+ }
347
+ }else{
348
+
349
+ }
350
+
351
+ if($scan_config['check_repo'] == 1 && $repocheck && $extns){
352
+ if(!in_array('wp-config.php', $arr) && !in_array($ext, array('zip', 'log', 'htaccess','sitx','7z','rar','gz'))){
353
+ if(($arr[count($arr)-1]== 'index.php' && (count($arr)==1 || in_array($arr[count($arr)-2], array('wp-content', 'plugins', 'themes'))) && !in_array('uploads', $arr)) || !in_array('wp-content', $arr)){
354
+ $repo_status = 1;
355
+ if($value==$base){
356
+ $repo_file_path=$repo_folder_path['base'];
357
+ } elseif ($value == $base.DIRECTORY_SEPARATOR . 'wp-content' . DIRECTORY_SEPARATOR . 'plugins') {
358
+ $repo_file_path=$repo_folder_path['plugins'];
359
+ } elseif ($value == $base.DIRECTORY_SEPARATOR . 'wp-content' . DIRECTORY_SEPARATOR . 'themes') {
360
+ $repo_file_path=$repo_folder_path['themes'];
361
+ }
362
+ $issues = $this->check_with_repo_files($file_content, $repo_file_path.DIRECTORY_SEPARATOR.$iterator->getSubPathName());
363
+ if(!empty($issues)){
364
+ $repo_issue_count++;
365
+ $scanresult['repo']=$issues;
366
+ $flag_update=1;
367
+ }
368
+ }
369
  }
370
+ }
371
+ if($extns && $extlink){
372
  if($scan_config['ext_link_check'] == 1){
373
+ $link_status = 1;
374
  $elresult= $this->check_external_link($file_content);
375
  if(!empty($elresult)){
376
+ $malicious_link_count++;
377
  $flag_update=1;
378
  $scanresult['extl']=$elresult;
379
  }
380
  }
381
  }
382
  if($flag_update == 0){
383
+ $malware_status = ($scan_config['check_vulnerable'] || $scan_config['check_sql']) && $malware_status ? 1 : 0;
384
+ $repo_status = $scan_config['check_repo'] && $repo_status ? 1 : 0;
385
+ $link_status = $scan_config['ext_link_check'] && $link_status ? 1: 0;
386
+ $scan_data = array('malware'=>$malware_status, 'repo'=>$repo_status, 'ext_link'=>$link_status);
387
+ if(empty($res)){
388
+ $mo2f_malware_db_handler->insert_hash($source_file_path, $hash_of_file, $scan_data);
389
+ }else{
390
+ $mo2f_malware_db_handler->update_hash($source_file_path, $hash_of_file, $scan_data);
391
+ }
392
  }else{
 
393
  $infected_files=get_option('mo_wpns_infected_files');
394
  $infected_files++;
395
+ if(!empty($res)){
396
+ $mo2f_malware_db_handler->delete_hash($source_file_path);
397
+ }
398
  update_option('mo_wpns_infected_files', $infected_files);
399
  }
400
  }
 
 
401
  if(!empty($scanresult))
402
  $scanresults[$source_file_path]=$scanresult;
 
403
  }
404
  }
405
  }
406
  }
407
+ $malware_server_status = $this->mo_wpns_check_malware_server_status($hostname);
408
+ if($malware_server_status){
409
+ $host = 'http://scanner.api.xecurify.com/malwareservice/rest/file/data';
410
+ $postdata = http_build_query(array('fileCount' => $nooffiles, 'maliciousCount' => $scan_malware_count));
411
+ $content_type = 'application/x-www-form-urlencoded';
412
+ $lastRequest = $this->mo_wpns_malware_scan_request($postdata, $host, $content_type);
413
+ }
414
+ update_option('mo_wpns_files_scanned', $nooffiles);
415
+ return array('file_count'=> $nooffiles, 'malware_count'=>$scan_malware_count, 'repo_issues'=>$repo_issue_count, 'malicious_link'=>$malicious_link_count, 'scan'=>$scanresults);
416
  }else{
417
  return array('message'=>'CURL not installed on the server.');
418
  }
421
  }
422
  }
423
 
424
+ function mo_wpns_check_malware_server_status($host){
425
+ $fsock = @fsockopen($host, 80, $errno, $errstr, 5);
426
+ if ( ! $fsock ){
427
+ return FALSE;
428
+ }else{
429
+ fclose($fsock);
430
+ return TRUE;
431
+ }
432
+ }
433
+
434
+ function mo_wpns_malware_scan_request($postdata = array(), $host, $content_type){
435
+ $response = null;
436
+ $ch=curl_init($host);
437
+ curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, false );
438
+ curl_setopt( $ch, CURLOPT_ENCODING, "" );
439
+ curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
440
+ curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
441
+ curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
442
+ curl_setopt( $ch, CURLOPT_HTTPHEADER, array('Content-Type: '.$content_type) );
443
+ curl_setopt( $ch, CURLOPT_POST, true );
444
+ curl_setopt( $ch, CURLOPT_POSTFIELDS, $postdata);
445
+ $results=curl_exec($ch);
446
+ curl_close($ch);
447
+ if($results==false){
448
+ error_log('Unable to scan file: '.$postdata['file']->name.' with result: '.$result);
449
+ }else{
450
+ $result = json_decode($results, true);
451
+ if(isset($result['status'])){
452
+ if ($result['status'] == 'success') {
453
+ if($result['result']!='OK')
454
+ $response = $result['result'];
455
+ }else if($result['status']=='error'){
456
+ error_log("Exception on server");
457
+ }
458
+ }else if(strpos($results, 'Summary')){
459
+
460
+ }else{
461
+ error_log("Any other issues on server");
462
+ }
463
+ }
464
+ return $response;
465
+ }
466
+
467
  function check_with_repo_files($file_content, $repo_file_path){
468
  $issues = array();
469
  if(file_exists($repo_file_path)){
471
  $hash_repo = md5($content);
472
  $hash_file = md5($file_content);
473
  if ($hash_file != $hash_repo) {
474
+ $flag=1;
475
  $issues=array("exist" => "Mismatch in Files");
476
  }
477
  } else {
478
  $issues=array('exist'=>'Unwanted File Found');
479
  }
 
 
 
 
 
480
  return $issues;
481
  }
482
 
514
  $url = trim($url,"'");
515
  $url = trim($url,'"');
516
  $components = parse_url($url);
 
517
  if(isset($components['host'])){
518
+ if(preg_match('/(wordpress|google|miniorange|xecurify|facebook|themeisle|adobe|phppot)/i', $components['host']) === 1) {}
519
+ else{
 
 
 
 
520
  if(!empty($components['host']) && strpos(strtolower($components['host']),strtolower($_SERVER['HTTP_HOST'])) === false){
521
  return true;
522
  }
602
  rmdir($dir);
603
  }
604
 
605
+ function count_total_files($folder_paths, $base, $scan_config){
606
 
607
+ $file_count=0;
608
+ $file_ext = $scan_config['file_extension'];
609
+ $extensions = array();
610
+ if(empty($file_ext)){
611
+
612
+ }else{
613
+ if(strpos($file_ext,';') !=false){
614
+ $extensions = explode(";", $file_ext);
615
+ }else{
616
+ array_push($extensions, $file_ext);
617
+ }
618
+ }
619
+ $enable_extns = $scan_config['type_scan'] == "Custom Scan" && !empty($file_ext) ? false : true;
620
+ $folder_skip_array= empty($scan_config['path_skip']) ? array() : explode(";", $scan_config['path_skip']);
621
+ $skip_path_array= array();
622
+ for($i=0; $i<count($folder_skip_array); $i++){
623
+ $pathParts = explode('/', $folder_skip_array[$i]);
624
+ $n= sizeof($pathParts)-1;
625
+ $folder= $pathParts[$n];
626
+ array_push($skip_path_array, $folder);
627
+ }
628
+ foreach ($folder_paths as $value) {
629
+ if (is_dir($value)) {
630
+ foreach ($iterator = new \RecursiveIteratorIterator(new \RecursiveDirectoryIterator($value, \RecursiveDirectoryIterator::SKIP_DOTS), \RecursiveIteratorIterator::SELF_FIRST) as $item) {
631
+ if ($item->isFile()) {
632
+ $source_file_path = $value . DIRECTORY_SEPARATOR . $iterator->getSubPathName();
633
+ if ($value == $base && ($scan_config['core_scan'] == 1)){
634
+ $arr = explode(DIRECTORY_SEPARATOR, $iterator->getSubPathName());
635
+ if(($arr[count($arr)-1]== 'index.php' && (count($arr)==1 || in_array($arr[count($arr)-2], array('wp-content', 'plugins', 'themes'))) && !in_array('miniorange', $arr)) || (!in_array('plugins', $arr) && !in_array('themes', $arr) && !in_array('miniorange', $arr))){
636
+
637
+ }else{
638
+ continue;
639
+ }
640
+ }elseif ($value == $base.DIRECTORY_SEPARATOR.'wp-content'.DIRECTORY_SEPARATOR.'plugins' && explode(DIRECTORY_SEPARATOR,$iterator->getSubPathName())[0]=='index.php'){
641
+ continue;
642
+ } elseif ($value == $base.DIRECTORY_SEPARATOR.'wp-content'.DIRECTORY_SEPARATOR.'themes' && explode(DIRECTORY_SEPARATOR,$iterator->getSubPathName())[0]=='index.php'){
643
+ continue;
644
+ }
645
+ $flag_skip=0;
646
+ if (!empty($folder_skip_array)) {
647
+ for($q=0; $q<count($skip_path_array); $q++){
648
+ if(strpos($source_file_path, $skip_path_array[$q])){
649
+ $flag_skip=1;
650
+ break;
651
+ }
652
+ }
653
+ }
654
+ if($flag_skip == 1){
655
+ continue;
656
+ }
657
+ $ext = pathinfo($source_file_path, PATHINFO_EXTENSION);
658
+ $extns = $enable_extns ? true : (in_array($ext, $extensions)? true : false);
659
+ if($extns)
660
+ $file_count++;
661
+ }
662
+ }
663
+ }
664
+ }
665
+ update_option('mo_wpns_total_files', $file_count);
666
+ }
667
+ }
668
+ new Mo_wpns_Scan_Handler;
669
+ ?>
helper/constants.php CHANGED
@@ -11,7 +11,7 @@
11
  const ERR_403 = "403";
12
  const DEFAULT_CUSTOMER_KEY = "16555";
13
  const DEFAULT_API_KEY = "fFd2XcvTGDemZvbw1bcUesNJWEqKbbUq";
14
- const DB_VERSION = 145;
15
  const SUPPORT_EMAIL = 'info@xecurify.com';
16
  const IP_LOOKUP_TEMPLATE = '<span style="font-size:14px;font-weight:bold">GENERAL INFORMATION</span><table style="margin-left:2%;"><tr><td style="width:100px;">Response</td><td >:</td><td>{{status}}</td></tr><tr><td style="width:100px;">IP Address</td><td>:</td><td>{{ip}}</td></tr><tr><td>HostName</td><td>:</td><td>{{hostname}}</td></tr><tr><td>TimeZone</td><td>:</td><td>{{timezone}}</td></tr><tr><td>Time Difference</td><td>:</td><td>{{offset}}</td></tr></table><hr><span style="font-size:14px;font-weight:bold">LOCATION INFORMATION</span><table style="margin-left:2%;"><tr><td>Latitude</td><td>:</td><td>{{latitude}}</td></tr><tr><td>Longitude</td><td>:</td><td>{{longitude}}</td></tr><tr><td>Region</td><td>:</td><td>{{region}}</td></tr><tr><td>Country</td><td>:</td><td>{{country}}</td></tr><tr><td>City</td><td>:</td><td>{{city}}</td></tr><tr><td>Continent</td><td>:</td><td>{{continent}}</td></tr><tr><td>Curreny Code</td><td>:</td><td>{{curreny_code}}</td></tr><tr><td>Curreny Symbol</td><td>:</td><td>{{curreny_symbol}}</td></tr><tr><td>Per Dollar Value</td><td>:</td><td>{{per_dollar_value}}</td></tr></table>';
17
  const CURRENT_BROWSER = '<span style="font-size:10px;color:red;">( Current Browser )</span>';
@@ -41,6 +41,8 @@
41
  const THEMES = 'themes';
42
  const WPFILES = 'wpfiles';
43
  const DATABASE = 'db';
 
 
44
 
45
  function __construct()
46
  {
11
  const ERR_403 = "403";
12
  const DEFAULT_CUSTOMER_KEY = "16555";
13
  const DEFAULT_API_KEY = "fFd2XcvTGDemZvbw1bcUesNJWEqKbbUq";
14
+ const DB_VERSION = 146;
15
  const SUPPORT_EMAIL = 'info@xecurify.com';
16
  const IP_LOOKUP_TEMPLATE = '<span style="font-size:14px;font-weight:bold">GENERAL INFORMATION</span><table style="margin-left:2%;"><tr><td style="width:100px;">Response</td><td >:</td><td>{{status}}</td></tr><tr><td style="width:100px;">IP Address</td><td>:</td><td>{{ip}}</td></tr><tr><td>HostName</td><td>:</td><td>{{hostname}}</td></tr><tr><td>TimeZone</td><td>:</td><td>{{timezone}}</td></tr><tr><td>Time Difference</td><td>:</td><td>{{offset}}</td></tr></table><hr><span style="font-size:14px;font-weight:bold">LOCATION INFORMATION</span><table style="margin-left:2%;"><tr><td>Latitude</td><td>:</td><td>{{latitude}}</td></tr><tr><td>Longitude</td><td>:</td><td>{{longitude}}</td></tr><tr><td>Region</td><td>:</td><td>{{region}}</td></tr><tr><td>Country</td><td>:</td><td>{{country}}</td></tr><tr><td>City</td><td>:</td><td>{{city}}</td></tr><tr><td>Continent</td><td>:</td><td>{{continent}}</td></tr><tr><td>Curreny Code</td><td>:</td><td>{{curreny_code}}</td></tr><tr><td>Curreny Symbol</td><td>:</td><td>{{curreny_symbol}}</td></tr><tr><td>Per Dollar Value</td><td>:</td><td>{{per_dollar_value}}</td></tr></table>';
17
  const CURRENT_BROWSER = '<span style="font-size:10px;color:red;">( Current Browser )</span>';
41
  const THEMES = 'themes';
42
  const WPFILES = 'wpfiles';
43
  const DATABASE = 'db';
44
+
45
+ public static $repo_status_code = array(-97 => '<i>uploads Folder</i> permission denied', -98 => '2 Factor authentication plugin unable to reach wordpress repository files. Please contact miniOrange.', -99 => 'Unable to download Wordpress, plugins and themes from Repository', -100 => 'Unable to unzip the Wordpress, plugins and themes');
46
 
47
  function __construct()
48
  {
helper/messages.php CHANGED
@@ -109,6 +109,9 @@
109
  const REPORT_DISABLE = 'Login and error reports are disabled.';
110
  const NOTIF_ENABLE = 'Notification options are available. Configure it in the Notification tab.';
111
  const NOTIF_DISABLE = 'Notifications are disabled.';
 
 
 
112
 
113
 
114
 
109
  const REPORT_DISABLE = 'Login and error reports are disabled.';
110
  const NOTIF_ENABLE = 'Notification options are available. Configure it in the Notification tab.';
111
  const NOTIF_DISABLE = 'Notifications are disabled.';
112
+ const NEW_PLUGIN_THEME_CHECK = "<div class='custom-notice notice notice-warning new_plugin_theme-notice'><p><p class='notice-message'>We detected a change in plugins/themes folder. Kindly scan for better security.</p><a class='notice-button' href='admin.php?page=mo_2fa_malwarescan' style='margin-right: 15px;'>SCAN</a><button class='new_plugin_dismiss notice-button' style='margin-right: 15px;'><i>DISMISS</i></button><button class='new_plugin_dismiss_always notice-button'><i>NEVER SHOW AGAIN</i></button></p></div>";
113
+ const INFECTED_FILE = "<div class='custom-notice notice notice-warning file_infected-notice'><p><p class='notice-message'>Your last scan found infected files on your website. Kindly fix them to avoid any threats.</p><a class='notice-button' href='admin.php?page=mo_2fa_malwarescan' style='margin-right: 15px;'>SCAN</a><button class='infected_file_dismiss notice-button' style='margin-right: 15px;'><i>DISMISS</i></button><button class='infected_file_dismiss_always notice-button'><i>NEVER SHOW AGAIN</i></button></p></div>";
114
+ const WEEKLY_SCAN_CHECK = "<div class='custom-notice notice notice-warning weekly_notice-notice'><p><p class='notice-message'>You last scanned your website a week ago. Scan now to imrove security.</p><a class='notice-button' href='admin.php?page=mo_2fa_malwarescan' style='margin-right: 15px;'>SCAN</a><button class='weekly_dismiss notice-button' style='margin-right: 15px;'><i>DISMISS</i></button><button class='weekly_dismiss_always notice-button'><i>NEVER SHOW AGAIN</i></button></p></div>";
115
 
116
 
117
 
includes/css/style_settings.css CHANGED
@@ -1731,6 +1731,11 @@ padding-right: 11px;
1731
  .hdiv{
1732
  font-weight: 600;
1733
  font-size: 1.2em;
 
 
 
 
 
1734
  }
1735
  .shdiv{
1736
  margin-bottom: 10px;
@@ -1752,7 +1757,15 @@ padding-right: 11px;
1752
  }
1753
  .mo_wpns_progress {
1754
  width: 100%;
1755
- background-color: lightgrey;
 
 
 
 
 
 
 
 
1756
  }
1757
  #mo_wpns_bar {
1758
  width: 0%;
@@ -2474,6 +2487,94 @@ a.mo2f_thumbnail:hover, a.mo2f_thumbnail:focus, a.mo2f_thumbnail.active {
2474
  border: 1px solid #20b2aa;
2475
  }
2476
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
2477
  /*2FA css*/
2478
 
2479
  /*
1731
  .hdiv{
1732
  font-weight: 600;
1733
  font-size: 1.2em;
1734
+ text-align: center;
1735
+ }
1736
+ .hmdiv{
1737
+ font-weight: 600;
1738
+ font-size: 1.2em;
1739
  }
1740
  .shdiv{
1741
  margin-bottom: 10px;
1757
  }
1758
  .mo_wpns_progress {
1759
  width: 100%;
1760
+ background-color: grey;
1761
+ }
1762
+ .mo_wpns_progress_bar {
1763
+ width: 0%;
1764
+ height: 20px;
1765
+ background-color: #4CAF50;
1766
+ text-align: center; /* To center it horizontally (if you want) */
1767
+ line-height: 20px; /* To center it vertically */
1768
+ color: white;
1769
  }
1770
  #mo_wpns_bar {
1771
  width: 0%;
2487
  border: 1px solid #20b2aa;
2488
  }
2489
 
2490
+ .mo_wpns_sub_scanmode
2491
+ {
2492
+ padding: 5px;
2493
+ background-color: #FFFFFF;
2494
+ border: 1px solid lightseagreen;
2495
+ width: 23.5%;
2496
+ border-top: 4px solid lightseagreen;
2497
+ min-height: 180px;
2498
+ }
2499
+ .mo_wpns_sub_scansummary
2500
+ {
2501
+ padding: 5px;
2502
+ background-color: #FFFFFF;
2503
+ border: 1px solid lightseagreen;
2504
+ width: 23.5%;
2505
+ border-top: 4px solid lightseagreen;
2506
+ height: 120px;
2507
+ }
2508
+ .mo_wpns_scan_summary_text
2509
+ {
2510
+ font-size: 70px;
2511
+ margin-top: -15px;
2512
+ text-align: center;
2513
+ }
2514
+ .mo_wpns_malwarescandiv
2515
+ {
2516
+ padding: 5px;
2517
+ background-color: #FFFFFF;
2518
+ border: 1px solid lightseagreen;
2519
+ width: 50%;
2520
+ border-top: 4px solid lightseagreen;
2521
+ }
2522
+
2523
+ .mo_scan_modal {
2524
+ display: none; /* Hidden by default */
2525
+ position: fixed; /* Stay in place */
2526
+ z-index: 1; /* Sit on top */
2527
+ padding-top: 100px; /* Location of the box */
2528
+ left: 0;
2529
+ top: 0;
2530
+ width: 100%; /* Full width */
2531
+ height: 100%; /* Full height */
2532
+ overflow: auto; /* Enable scroll if needed */
2533
+ background-color: rgb(0,0,0); /* Fallback color */
2534
+ background-color: rgba(0,0,0,0.4); /* Black w/ opacity */
2535
+ }
2536
+
2537
+ /* Modal Content */
2538
+ .mo_scan_modal-content {
2539
+ background-color: #fefefe;
2540
+ margin: auto;
2541
+ padding: 20px;
2542
+ border: 1px solid #888;
2543
+ width: 70%;
2544
+ }
2545
+
2546
+ /* The Close Button */
2547
+ .mo_scan_close {
2548
+ color: #aaaaaa;
2549
+ float: right;
2550
+ font-size: 28px;
2551
+ font-weight: bold;
2552
+ }
2553
+
2554
+ .mo_scan_close:hover,
2555
+ .mo_scan_close:focus {
2556
+ color: #000;
2557
+ text-decoration: none;
2558
+ cursor: pointer;
2559
+ }
2560
+ .mo_mmp_red{
2561
+ color: red;
2562
+ }
2563
+ .mmp_point{
2564
+ cursor: pointer;
2565
+ }
2566
+ .mmp_green {
2567
+ background-color: #4CAF50;
2568
+ border: none;
2569
+ color: white;
2570
+ padding: 3px 10px;
2571
+ text-align: center;
2572
+ text-decoration: none;
2573
+ /*display: inline-block;*/
2574
+ /*font-size: 16px;*/
2575
+ margin: -4px 2px;
2576
+ cursor: pointer;
2577
+ }
2578
  /*2FA css*/
2579
 
2580
  /*
includes/js/settings_page.js CHANGED
@@ -56,6 +56,30 @@ jQuery(document).ready(function () {
56
  ajaxCall("whitelistself",".whitelistself-notice",true);
57
  });
58
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
59
  $(".wpns_premium_option :input").attr("disabled",true);
60
 
61
  });
56
  ajaxCall("whitelistself",".whitelistself-notice",true);
57
  });
58
 
59
+ $(".infected_file_dismiss").click(function(){
60
+ ajaxCall("dismissinfected",".file_infected-notice",true);
61
+ });
62
+
63
+ $(".infected_file_dismiss_always").click(function(){
64
+ ajaxCall("dismissinfected_always",".file_infected-notice",true);
65
+ });
66
+
67
+ $(".new_plugin_dismiss").click(function(){
68
+ ajaxCall("dismissplugin",".new_plugin_theme-notice",true);
69
+ });
70
+
71
+ $(".new_plugin_dismiss_always").click(function(){
72
+ ajaxCall("dismissplugin_always",".new_plugin_theme-notice",true);
73
+ });
74
+
75
+ $(".weekly_dismiss").click(function(){
76
+ ajaxCall("dismissweekly",".weekly_notice-notice",true);
77
+ });
78
+
79
+ $(".weekly_dismiss_always").click(function(){
80
+ ajaxCall("dismissweekly_always",".weekly_notice-notice",true);
81
+ });
82
+
83
  $(".wpns_premium_option :input").attr("disabled",true);
84
 
85
  });
miniorange_2_factor_settings.php CHANGED
@@ -3,13 +3,13 @@
3
  * Plugin Name: miniOrange 2 Factor Authentication
4
  * Plugin URI: https://miniorange.com
5
  * Description: This plugin provides various two-factor authentication methods as an additional layer of security after the default wordpress login. We Support Google/Authy/LastPass Authenticator, QR Code, Push Notification, Soft Token and Security Questions(KBA) for 1 User in the free version of the plugin.
6
- * Version: 5.3.13
7
  * Author: miniOrange
8
  * Author URI: https://miniorange.com
9
  * License: GPL2
10
  */
11
  define( 'MO_HOST_NAME', 'https://login.xecurify.com' );
12
- define( 'MO2F_VERSION', '5.3.13' );
13
  define( 'MO2F_TEST_MODE', false );
14
  class Miniorange_twoFactor{
15
 
@@ -23,6 +23,7 @@
23
  add_action( 'wpns_show_message' , array( $this, 'mo_show_message' ), 1 , 2 );
24
  add_action( 'wp_footer' , array( $this, 'footer_link' ),100 );
25
  add_action( 'admin_footer', array( $this, 'feedback_request' ) );
 
26
  if(get_option('mo2f_disable_file_editing')) define('DISALLOW_FILE_EDIT', true);
27
  $this->includes();
28
  $notify = new miniorange_security_notification;
@@ -50,7 +51,59 @@
50
  include $dirName . 'views'.DIRECTORY_SEPARATOR.'feedback_form.php';;
51
 
52
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
53
 
 
 
 
 
 
 
 
 
 
 
 
 
 
54
 
55
  function mo_wpns_widget_menu()
56
  {
@@ -129,6 +182,7 @@
129
  add_option( 'mo2f_show_sms_transaction_message', 0 );
130
  add_option( 'mo2f_enforce_strong_passswords_for_accounts' ,'all');
131
  add_option('mo2f_scan_initialize',1);
 
132
  }
133
 
134
  function mo_wpns_deactivate()
@@ -160,9 +214,9 @@
160
 
161
  function mo_wpns_settings_script($hook)
162
  {
 
163
  if(strpos($hook, 'page_mo_2fa')){
164
  wp_enqueue_script( 'mo_wpns_admin_settings_phone_script' , plugins_url('includes/js/phone.js', __FILE__ ));
165
- wp_enqueue_script( 'mo_wpns_admin_settings_script' , plugins_url('includes/js/settings_page.js', __FILE__ ), array('jquery'));
166
  wp_enqueue_script( 'mo_wpns_admin_datatable_script' , plugins_url('includes/js/jquery.dataTables.min.js', __FILE__ ), array('jquery'));
167
  wp_enqueue_script( 'mo_wpns_qrcode_script', plugins_url( "/includes/jquery-qrcode/jquery-qrcode.js", __FILE__ ) );
168
  wp_enqueue_script( 'mo_wpns_min_qrcode_script', plugins_url( "/includes/jquery-qrcode/jquery-qrcode.min.js", __FILE__ ) );
@@ -195,7 +249,6 @@
195
  require('api/class-customer-setup.php');
196
  require('api/class-rba-attributes.php');
197
  require('api/class-two-factor-setup.php');
198
- // require('api/mo2f_api.php');
199
  require('handler/backup.php');
200
  require('handler/feedback_form.php');
201
  require('handler/recaptcha.php');
@@ -213,7 +266,6 @@
213
  require('helper/constants.php');
214
  require('helper/messages.php');
215
  require('views/common-elements.php');
216
-
217
  require('controllers/wpns-loginsecurity-ajax.php');
218
  require('controllers/malware_scan_ajax.php');
219
  require('controllers/backup_ajax.php');
3
  * Plugin Name: miniOrange 2 Factor Authentication
4
  * Plugin URI: https://miniorange.com
5
  * Description: This plugin provides various two-factor authentication methods as an additional layer of security after the default wordpress login. We Support Google/Authy/LastPass Authenticator, QR Code, Push Notification, Soft Token and Security Questions(KBA) for 1 User in the free version of the plugin.
6
+ * Version: 5.3.14
7
  * Author: miniOrange
8
  * Author URI: https://miniorange.com
9
  * License: GPL2
10
  */
11
  define( 'MO_HOST_NAME', 'https://login.xecurify.com' );
12
+ define( 'MO2F_VERSION', '5.3.14' );
13
  define( 'MO2F_TEST_MODE', false );
14
  class Miniorange_twoFactor{
15
 
23
  add_action( 'wpns_show_message' , array( $this, 'mo_show_message' ), 1 , 2 );
24
  add_action( 'wp_footer' , array( $this, 'footer_link' ),100 );
25
  add_action( 'admin_footer', array( $this, 'feedback_request' ) );
26
+ add_action('admin_notices',array( $this, 'mo_wpns_malware_notices' ) );
27
  if(get_option('mo2f_disable_file_editing')) define('DISALLOW_FILE_EDIT', true);
28
  $this->includes();
29
  $notify = new miniorange_security_notification;
51
  include $dirName . 'views'.DIRECTORY_SEPARATOR.'feedback_form.php';;
52
 
53
  }
54
+ function mo_wpns_malware_notices(){
55
+ $args=array();
56
+ $theme_current= wp_get_themes($args);
57
+ $theme_last = get_option('mo_wpns_last_themes');
58
+ $flag_theme = 0;
59
+ if(is_array($theme_last)){
60
+ if(sizeof($theme_current) == sizeof($theme_last)){
61
+ foreach ($theme_current as $key => $value) {
62
+ if($theme_current[$key] != $theme_last[$key]){
63
+ $flag_theme=1;
64
+ break;
65
+ }
66
+ }
67
+ }else{
68
+ $flag_theme=1;
69
+ }
70
+ }else{
71
+ $flag_theme=1;
72
+ }
73
+
74
+ $plugins_found = get_plugins();
75
+ $plugin_last = get_option('mo_wpns_last_plugins');
76
+ $flag_plugin = 0;
77
+ if(is_array($plugin_last)){
78
+ if(sizeof($plugins_found) == sizeof($plugin_last)){
79
+ foreach ($plugins_found as $key => $value) {
80
+ if($plugins_found[$key] != $plugin_last[$key]){
81
+ $flag_plugin=1;
82
+ break;
83
+ }
84
+ }
85
+ }else{
86
+ $flag_plugin=1;
87
+ }
88
+ }else{
89
+ $flag_plugin=1;
90
+ }
91
+ $days =(time()-get_option('mo_wpns_last_scan_time'))/(60*60*24);
92
+ $days = (int)$days;
93
 
94
+ $day_infected= (time()-get_option('infected_dismiss'))/(60*60*24);
95
+ $day_infected = floor($day_infected);
96
+ $day_weekly= (time()-get_option('weekly_dismiss'))/(60*60*24);
97
+ $day_weekly = floor($day_weekly);
98
+
99
+ if(!get_option('donot_show_infected_file_notice') && (get_option('mo_wpns_infected_files') != 0) && ($day_infected >= 1)){
100
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('INFECTED_FILE'),'CUSTOM_MESSAGE');
101
+ }else if(!get_option('donot_show_new_plugin_theme_notice') && ($flag_plugin || $flag_theme)){
102
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('NEW_PLUGIN_THEME_CHECK'),'CUSTOM_MESSAGE');
103
+ }else if(!get_option('donot_show_weekly_scan_notice') && ($days >= 7) && ($day_weekly >= 1)){
104
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('WEEKLY_SCAN_CHECK'),'CUSTOM_MESSAGE');
105
+ }
106
+ }
107
 
108
  function mo_wpns_widget_menu()
109
  {
182
  add_option( 'mo2f_show_sms_transaction_message', 0 );
183
  add_option( 'mo2f_enforce_strong_passswords_for_accounts' ,'all');
184
  add_option('mo2f_scan_initialize',1);
185
+ add_option( 'mo_wpns_last_scan_time', time());
186
  }
187
 
188
  function mo_wpns_deactivate()
214
 
215
  function mo_wpns_settings_script($hook)
216
  {
217
+ wp_enqueue_script( 'mo_wpns_admin_settings_script' , plugins_url('includes/js/settings_page.js', __FILE__ ), array('jquery'));
218
  if(strpos($hook, 'page_mo_2fa')){
219
  wp_enqueue_script( 'mo_wpns_admin_settings_phone_script' , plugins_url('includes/js/phone.js', __FILE__ ));
 
220
  wp_enqueue_script( 'mo_wpns_admin_datatable_script' , plugins_url('includes/js/jquery.dataTables.min.js', __FILE__ ), array('jquery'));
221
  wp_enqueue_script( 'mo_wpns_qrcode_script', plugins_url( "/includes/jquery-qrcode/jquery-qrcode.js", __FILE__ ) );
222
  wp_enqueue_script( 'mo_wpns_min_qrcode_script', plugins_url( "/includes/jquery-qrcode/jquery-qrcode.min.js", __FILE__ ) );
249
  require('api/class-customer-setup.php');
250
  require('api/class-rba-attributes.php');
251
  require('api/class-two-factor-setup.php');
 
252
  require('handler/backup.php');
253
  require('handler/feedback_form.php');
254
  require('handler/recaptcha.php');
266
  require('helper/constants.php');
267
  require('helper/messages.php');
268
  require('views/common-elements.php');
 
269
  require('controllers/wpns-loginsecurity-ajax.php');
270
  require('controllers/malware_scan_ajax.php');
271
  require('controllers/backup_ajax.php');
readme.txt CHANGED
@@ -6,7 +6,7 @@ Donate link: https://miniorange.com/
6
  Requires at least: 3.0.1
7
  Tested up to: 5.3
8
  Requires PHP: 5.3.0
9
- Stable tag: 5.3.13
10
  License: GPLv2 or later
11
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
12
 
@@ -272,6 +272,9 @@ miniOrange authentication service has 15+ authentication methods.One time passco
272
 
273
  == Changelog ==
274
 
 
 
 
275
  = 5.3.13 =
276
  * Google Authenticator-Two Factor Authentication (2FA) : Security : fix UI Issue and improving 2fa.
277
 
@@ -703,6 +706,9 @@ More descriptive setup messages and UI changes.
703
 
704
  == Upgrade Notice ==
705
 
 
 
 
706
  = 5.3.13 =
707
  * Google Authenticator-Two Factor Authentication (2FA) : Security : fix UI Issue and improving 2fa.
708
 
6
  Requires at least: 3.0.1
7
  Tested up to: 5.3
8
  Requires PHP: 5.3.0
9
+ Stable tag: 5.3.14
10
  License: GPLv2 or later
11
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
12
 
272
 
273
  == Changelog ==
274
 
275
+ = 5.3.14 =
276
+ * Google Authenticator-Two Factor Authentication (2FA) : Anit-Malware : Adding more signatures.
277
+
278
  = 5.3.13 =
279
  * Google Authenticator-Two Factor Authentication (2FA) : Security : fix UI Issue and improving 2fa.
280
 
706
 
707
  == Upgrade Notice ==
708
 
709
+ = 5.3.14 =
710
+ * Google Authenticator-Two Factor Authentication (2FA) : Anit-Malware : Adding more signatures.
711
+
712
  = 5.3.13 =
713
  * Google Authenticator-Two Factor Authentication (2FA) : Security : fix UI Issue and improving 2fa.
714
 
uninstall.php CHANGED
@@ -335,4 +335,13 @@
335
  delete_option( 'mo_2f_switch_adv_block');
336
  delete_option( 'mo_2f_switch_reports');
337
  delete_option( 'mo_2f_switch_notif');
 
 
 
 
 
 
 
 
 
338
  ?>
335
  delete_option( 'mo_2f_switch_adv_block');
336
  delete_option( 'mo_2f_switch_reports');
337
  delete_option( 'mo_2f_switch_notif');
338
+
339
+ delete_option( 'mo_wpns_last_themes');
340
+ delete_option( 'mo_wpns_last_plugins');
341
+ delete_option( 'mo_wpns_last_scan_time');
342
+ delete_option( 'infected_dismiss');
343
+ delete_option( 'weekly_dismiss');
344
+ delete_option( 'donot_show_infected_file_notice');
345
+ delete_option( 'donot_show_new_plugin_theme_notice');
346
+ delete_option( 'donot_show_weekly_scan_notice');
347
  ?>
views/backup.php CHANGED
@@ -111,7 +111,7 @@ echo '</div>
111
 
112
 
113
  <form id="" method="post" action="">
114
- <input type="hidden" name="option" value="mo_mmp_filebackup_configuration">
115
  <table class="mo2f_ns_settings_table" style="width:100%;">
116
 
117
  <?php if(get_option('mo2f_enable_cron_file_backup')){ ?>
111
 
112
 
113
  <form id="" method="post" action="">
114
+ <input type="hidden" name="option" value="mo_wpns_filebackup_configuration">
115
  <table class="mo2f_ns_settings_table" style="width:100%;">
116
 
117
  <?php if(get_option('mo2f_enable_cron_file_backup')){ ?>
views/malware_scan.php CHANGED
@@ -1,15 +1,17 @@
1
 
2
  <?php
3
- $currenturl = remove_query_arg('delete',$_SERVER['REQUEST_URI']);
4
- $currenturl = remove_query_arg('view',$currenturl);
5
- $currenturl = remove_query_arg('trust',$currenturl);
6
- $currenturl = remove_query_arg('trustchanged',$currenturl);
7
  ?>
8
 
9
 
10
  <div class="mo_wpns_tab">
11
- <button class="tablinks" onclick="openTabmalware(event, 'scan_view')" id="malware_view">Malware Scan & Report</button>
12
  <button class="tablinks" onclick="openTabmalware(event, 'settings_scan')" id="scan_set">Custom Scan Settings</button>
 
 
13
  </div>
14
  <br>
15
  <div id="mo_scan_message" style=" padding-top:8px"></div>
@@ -18,7 +20,7 @@ $currenturl = remove_query_arg('trustchanged',$currenturl);
18
  <table style="width: 100%;">
19
  <tr>
20
  <td style="width:100%;vertical-align:top;" id="configurationForm">
21
- <?php include_once $dirName . 'controllers'.DIRECTORY_SEPARATOR.'scan_malware_report.php'; ?>
22
  </tr>
23
  </table>
24
  </div>
@@ -33,11 +35,19 @@ $currenturl = remove_query_arg('trustchanged',$currenturl);
33
  </table>
34
  </div>
35
  </div>
 
 
 
 
 
 
 
 
 
 
36
  <script>
37
- document.getElementById("scan_view").style.display = "block";
38
- document.getElementById("settings_scan").style.display = "none";
39
- document.getElementById("malware_view").className += " active";
40
  function openTabmalware(evt, tabname){
 
41
  var i, tablinks, tabcontent;
42
  tabcontent = document.getElementsByClassName("tabcontent");
43
  for (i = 0; i < tabcontent.length; i++) {
@@ -50,13 +60,20 @@ $currenturl = remove_query_arg('trustchanged',$currenturl);
50
  document.getElementById(tabname).style.display = "block";
51
  localStorage.setItem("lastTabmalware", tabname);
52
  evt.currentTarget.className += " active";
53
- if(tabname == "scan_view"){
54
- document.getElementById("malware_view").click();
55
- }
56
- else if(tabname == "settings_scan"){
 
 
 
 
 
 
57
  document.getElementById("scan_set").click();
58
  }
59
  }
 
60
  var tab = localStorage.getItem("lastTabmalware");
61
  if(tab == "scan_view"){
62
  document.getElementById("malware_view").click();
@@ -64,7 +81,11 @@ $currenturl = remove_query_arg('trustchanged',$currenturl);
64
  else if(tab == "settings_scan"){
65
  document.getElementById("scan_set").click();
66
  }
 
 
 
67
  else{
68
  document.getElementById("malware_view").click();
69
  }
 
70
  </script>
1
 
2
  <?php
3
+ $currenturl = remove_query_arg('delete',$_SERVER['REQUEST_URI']);
4
+ $currenturl = remove_query_arg('view',$currenturl);
5
+ $currenturl = remove_query_arg('trust',$currenturl);
6
+ $currenturl = remove_query_arg('trustchanged',$currenturl);
7
  ?>
8
 
9
 
10
  <div class="mo_wpns_tab">
11
+ <button class="tablinks" onclick="openTabmalware(event, 'scan_view')" id="malware_view">Malware Scan Modes</button>
12
  <button class="tablinks" onclick="openTabmalware(event, 'settings_scan')" id="scan_set">Custom Scan Settings</button>
13
+ <button class="tablinks" onclick="openTabmalware(event, 'scan_report')" id="report_scan">Scan Reports</button>
14
+ <input type = "hidden" id = "wpns_report_nonce" value="<?php echo wp_create_nonce('wpns-report-load') ?>" >
15
  </div>
16
  <br>
17
  <div id="mo_scan_message" style=" padding-top:8px"></div>
20
  <table style="width: 100%;">
21
  <tr>
22
  <td style="width:100%;vertical-align:top;" id="configurationForm">
23
+ <?php include_once $dirName . 'controllers'.DIRECTORY_SEPARATOR.'scan_malware_summary.php'; ?>
24
  </tr>
25
  </table>
26
  </div>
35
  </table>
36
  </div>
37
  </div>
38
+ <div class="tabcontent" id="scan_report">
39
+ <div class="mo_wpns_divided_layout">
40
+ <table style="width: 100%;">
41
+ <tr>
42
+ <td style="width:100%;vertical-align:top;" id="configurationForm">
43
+ <?php include_once $dirName . 'controllers'.DIRECTORY_SEPARATOR.'scan_malware_report.php'; ?>
44
+ </tr>
45
+ </table>
46
+ </div>
47
+ </div>
48
  <script>
 
 
 
49
  function openTabmalware(evt, tabname){
50
+ jQuery('#mo_scan_message').hide();
51
  var i, tablinks, tabcontent;
52
  tabcontent = document.getElementsByClassName("tabcontent");
53
  for (i = 0; i < tabcontent.length; i++) {
60
  document.getElementById(tabname).style.display = "block";
61
  localStorage.setItem("lastTabmalware", tabname);
62
  evt.currentTarget.className += " active";
63
+ if(tabname == "scan_report"){
64
+ var data={
65
+ 'action':'mo_wpns_malware_redirect',
66
+ 'call_type':'malware_scan_last_result',
67
+ 'nonce':jQuery('#wpns_quick_scan_nonce').val()
68
+ };
69
+ jQuery.post(ajaxurl ,data, function(response){
70
+ jQuery("#reports_table tbody").html(response);
71
+ });
72
+ }else if(tabname == "settings_scan"){
73
  document.getElementById("scan_set").click();
74
  }
75
  }
76
+
77
  var tab = localStorage.getItem("lastTabmalware");
78
  if(tab == "scan_view"){
79
  document.getElementById("malware_view").click();
81
  else if(tab == "settings_scan"){
82
  document.getElementById("scan_set").click();
83
  }
84
+ else if(tab == "scan_report"){
85
+ document.getElementById("report_scan").click();
86
+ }
87
  else{
88
  document.getElementById("malware_view").click();
89
  }
90
+
91
  </script>
views/scan_report_view.php CHANGED
@@ -1,76 +1,9 @@
1
- <?php
2
- add_action('admin_footer','mo_wpns_start_scan');
3
-
4
- ?>
5
- <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
6
- <div class="mo_wpns_setting_layout" id="scan_status_table">
7
- <div>
8
- <div>
9
- <div style="float: left;">
10
- <p id="scanstatus"></p>
11
- <h2>Malware Scan</h2>
12
- </div>
13
-
14
- <div class="malwaresummarydiv">
15
- <div class="mo_wpns_malwarescandiv msdivl">
16
- <div class="hdiv"><b>Scan Now</b></div>
17
- <p>Kindly choose the Scan Mode according to your needs.</p>
18
- <p>For Custom Scan, you can configure the settings in Custom Scan Settings Tab.</p>
19
- </div>
20
-
21
- <div id="summary_scan" class="mo_wpns_malwarescandiv msdivr">
22
- <div class="hdiv shdiv"><b>Scan Summary</b></div>
23
- <?php show_summary(); ?>
24
- </div>
25
- </div>
26
- </div>
27
- <?php
28
- if(! isset($_GET['view'])){
29
- ?>
30
- <div>
31
- <p class="hdiv">Scan Modes</p>
32
- </div>
33
- <div class="malwaresummarydiv">
34
- <div class="mo_wpns_sub_scanmode mo_wpns_msdivl">
35
- <div class="hdiv"><b>Quick Scan</b></div>
36
- <p class="mo_wpns_scan_desc">Quick Scan checks all Plugins, Themes and Core files for Vulnerable Code and SQL Injections using PHP malware signatures.</p>
37
- <input type = "hidden" id = "wpns_quick_scan_nonce" value="<?php echo wp_create_nonce('wpns-quick-scan') ?>" >
38
- <input id="quick_scan_button" type="button" name="quick_scan_button" class="mo_wpns_scan_button" value="Quick Scan">
39
- </div>
40
- <div class="mo_wpns_sub_scanmode mo_wpns_msdivr mo_wpns_msdivl">
41
- <div class="hdiv"><b>Standard Scan</b></div>
42
- <p class="mo_wpns_scan_desc">Standard Scan checks all Plugins, Themes and Core files for external links and compares with the repository as well.</p>
43
- <input type = "hidden" id = "wpns_standard_scan_nonce" value="<?php echo wp_create_nonce('wpns-standard-scan') ?>" >
44
- <input id="standard_scan_button" type="button" name="standard_scan_button" class="mo_wpns_scan_button" value="Standard Scan">
45
- </div>
46
- <div class="mo_wpns_sub_scanmode mo_wpns_msdivl mo_wpns_msdivr">
47
- <div class="hdiv">
48
- <b>Deep Scan</b>
49
- <strong><a href="admin.php?page=mo_2fa_upgrade"> <b style="color: red;">[Premium]</b> </a></strong>
50
- </div>
51
- <p class="mo_wpns_scan_desc">Deep Scan checks all Plugins, Themes and Core files for RFI, Trojans and Backdoors using advanced signatures and detects blacklisted domains as well.</p>
52
- <input id="deep_scan_button" type="button" name="deep_scan_button" class="mo_wpns_deep_scan_button" value="Deep Scan">
53
- </div>
54
- <div class="mo_wpns_sub_scanmode mo_wpns_msdivr">
55
- <div class="hdiv"><b>Custom Scan</b></div>
56
- <p class="mo_wpns_scan_desc">Custom Scan gives you an option to choose which files to scan and what to check for.</p>
57
- <input type = "hidden" id = "wpns_custom_scan_nonce" value="<?php echo wp_create_nonce('wpns-custom-scan') ?>" >
58
- <input id="custom_scan_button" type="button" name="custom_scan_button" class="mo_wpns_scan_button" value="Custom Scan">
59
- <input type="button" name="configure_button" class="mo_wpns_scan_button" value="Configure" style="float: right;" onclick="openTabmalware(event, 'settings_scan')" >
60
- </div>
61
- </div>
62
- <?php
63
- }
64
- ?>
65
-
66
- </div>
67
- </div>
68
- <div class="mo_wpns_setting_layout" id="scan_report_table">
69
  <?php if(! isset($_GET['view'])){ ?>
70
  <h2>Malware Scan Report</h2>
71
  <?php }else{ ?>
72
  <h2>Detail Report Of Scan
73
- <a href="<?php echo $currenturl ?>"><b style="float: right; padding-right: 4%">Back To Scan</b></a>
74
  </h2>
75
  <?php } ?>
76
  <hr>
@@ -81,413 +14,144 @@ add_action('admin_footer','mo_wpns_start_scan');
81
  ?>
82
  </div>
83
  </div>
 
84
  <?php
85
- function mo_wpns_start_scan(){
86
- if ( ('admin.php' != basename( $_SERVER['PHP_SELF'] )) || ($_GET['page'] != 'mo_2fa_malwarescan') ) {
87
- return;
88
- }
89
  ?>
90
- <script>
91
- var status_var;
92
- jQuery(document).ready(function(){
93
-
94
- var scan_progress= "<?php echo get_option('mo_wpns_malware_scan_in_progress'); ?>";
95
- if(scan_progress=="IN PROGRESS"){
96
- jQuery('input[name="quick_scan_button"]').attr('disabled', true);
97
- jQuery('input[name="custom_scan_button"]').attr('disabled', true);
98
- jQuery('input[name="standard_scan_button"]').attr('disabled', true);
99
- var mode_scan="<?php echo get_option('mo_wpns_scan_mode'); ?>";
100
- if(mode_scan=="quick_scan"){
101
- document.getElementById('quick_scan_button').style.backgroundColor = '#20b2aa';
102
- document.getElementById('custom_scan_button').style.backgroundColor = '#b0d2cf';
103
- document.getElementById('standard_scan_button').style.backgroundColor = '#b0d2cf';
104
- document.getElementById('quick_scan_button').value="Scanning..."
105
- }
106
- else if(mode_scan=="standard_scan"){
107
- document.getElementById('quick_scan_button').style.backgroundColor = '#b0d2cf';
108
- document.getElementById('custom_scan_button').style.backgroundColor = '#b0d2cf';
109
- document.getElementById('standard_scan_button').style.backgroundColor = '#20b2aa';
110
- document.getElementById('standard_scan_button').value="Scanning..."
111
- }
112
- else if(mode_scan=="custom_scan"){
113
- document.getElementById('quick_scan_button').style.backgroundColor = '#b0d2cf';
114
- document.getElementById('custom_scan_button').style.backgroundColor = '#20b2aa';
115
- document.getElementById('standard_scan_button').style.backgroundColor = '#b0d2cf';
116
- document.getElementById('custom_scan_button').value="Scanning..."
117
- }
118
- status_var = setInterval(fetch_status,5000);
119
- }
120
- jQuery('input[name="quick_scan_button"]').click(function(){
121
- document.getElementById("quick_scan_button").value = "Scanning...";
122
- jQuery("#scanstatus").removeClass();
123
- jQuery("#scanstatus").addClass("alert alert-warning");
124
- jQuery("#scanstatus").html("Malware scan is <strong>in progress.</strong> You can see result in reports after it's done.");
125
-
126
- jQuery('input[name="quick_scan_button"]').attr('disabled', true);
127
- jQuery('input[name="custom_scan_button"]').attr('disabled', true);
128
- jQuery('input[name="standard_scan_button"]').attr('disabled', true);
129
- document.getElementById('quick_scan_button').style.backgroundColor = '#20b2aa';
130
- document.getElementById('custom_scan_button').style.backgroundColor = '#b0d2cf';
131
- document.getElementById('standard_scan_button').style.backgroundColor = '#b0d2cf';
132
-
133
- var data={
134
- 'action':'mo_wpns_malware_redirect',
135
- 'call_type':'malware_scan_initiate',
136
- 'scan':'scan_start',
137
- 'scantype':'quick_scan',
138
- 'nonce':jQuery('#wpns_quick_scan_nonce').val()
139
- };
140
- jQuery.post(ajaxurl, data, function(response){
141
- if(response=="service_unavailable"){
142
- jQuery('#mo_scan_message').empty();
143
- jQuery('#mo_scan_message').append("<div class= 'notice notice-error is-dismissible' style='height : 25px;padding-top: 10px;' >Scan Service is currently unavailable.</div>");
144
- jQuery("#scanstatus").removeClass();
145
- jQuery("#scanstatus").addClass("alert alert-warning");
146
- jQuery("#scanstatus").html("Malware scan could not be conducted as the service is currently unavailable.");
147
- window.scrollTo({ top: 0, behavior: 'smooth'});
148
- }
149
- else if(response=="ERROR"){
150
- jQuery('#mo_scan_message').append("<div class= 'notice notice-error is-dismissible' style='height : 25px;padding-top: 10px;' >ERROR.</div>");
151
- window.scrollTo({ top: 0, behavior: 'smooth'});
152
- }else{
153
- var xmlString = response;
154
- doc = new DOMParser().parseFromString(xmlString, "text/html");
155
- var all_scan_summary=doc.getElementById('summary_all');
156
- var current_scan_summary=doc.getElementById('summary_current');
157
- jQuery('#summary_all').html(all_scan_summary);
158
- jQuery('#summary_current').html(current_scan_summary);
159
- var summary_html= doc.getElementById('summary_all');
160
- summary_html.remove();
161
- var current_summary= doc.getElementById('summary_current');
162
- current_summary.remove();
163
- var status_table= doc.getElementById('scan_status_table');
164
- status_table.remove();
165
- var report_scan= doc.getElementById('scan_report_table');
166
- report_scan.remove();
167
- var s = new XMLSerializer();
168
- var d= doc;
169
- var str=s.serializeToString(d);
170
- jQuery('#scandata').html(str);
171
- jQuery("#scanstatus").removeClass();
172
- jQuery("#scanstatus").addClass("alert alert-success");
173
- jQuery("#scanstatus").html("Malware scan is <strong>completed.</strong> You can see result in reports below.");
174
- }
175
-
176
- jQuery('input[name="quick_scan_button"]').removeAttr('disabled');
177
- document.getElementById('quick_scan_button').style.backgroundColor = '#20b2aa';
178
- jQuery('input[name="standard_scan_button"]').removeAttr('disabled');
179
- document.getElementById('standard_scan_button').style.backgroundColor = '#20b2aa';
180
- jQuery('input[name="custom_scan_button"]').removeAttr('disabled');
181
- document.getElementById('custom_scan_button').style.backgroundColor = '#20b2aa';
182
- document.getElementById("quick_scan_button").value = "Quick Scan";
183
 
184
- });
185
- });
186
-
187
- jQuery('input[name="standard_scan_button"]').click(function(){
188
- document.getElementById("standard_scan_button").value = "Scanning...";
189
- jQuery("#scanstatus").removeClass();
190
- jQuery("#scanstatus").addClass("alert alert-warning");
191
- jQuery("#scanstatus").html("Malware scan is <strong>in progress.</strong> You can see result in reports after it's done.");
192
-
193
- jQuery('input[name="quick_scan_button"]').attr('disabled', true);
194
- jQuery('input[name="custom_scan_button"]').attr('disabled', true);
195
- jQuery('input[name="standard_scan_button"]').attr('disabled', true);
196
- document.getElementById('quick_scan_button').style.backgroundColor = '#b0d2cf';
197
- document.getElementById('custom_scan_button').style.backgroundColor = '#b0d2cf';
198
- document.getElementById('standard_scan_button').style.backgroundColor = '#20b2aa';
199
-
200
- var data={
201
- 'action':'mo_wpns_malware_redirect',
202
- 'call_type':'malware_scan_initiate',
203
- 'scan':'scan_start',
204
- 'scantype':'standard_scan',
205
- 'nonce':jQuery('#wpns_standard_scan_nonce').val()
206
- };
207
- jQuery.post(ajaxurl, data, function(response){
208
- if(response=="service_unavailable"){
209
- jQuery('#mo_scan_message').empty();
210
- jQuery('#mo_scan_message').append("<div class= 'notice notice-error is-dismissible' style='height : 25px;padding-top: 10px;' >Scan Service is currently unavailable.</div>");
211
- jQuery("#scanstatus").removeClass();
212
- jQuery("#scanstatus").addClass("alert alert-warning");
213
- jQuery("#scanstatus").html("Malware scan could not be conducted as the service is currently unavailable.");
214
- window.scrollTo({ top: 0, behavior: 'smooth'});
215
- }
216
- else if(response=="ERROR"){
217
- jQuery('#mo_scan_message').append("<div class= 'notice notice-error is-dismissible' style='height : 25px;padding-top: 10px;' >ERROR.</div>");
218
- window.scrollTo({ top: 0, behavior: 'smooth'});
219
- }else{
220
- var xmlString = response;
221
- doc = new DOMParser().parseFromString(xmlString, "text/html");
222
- var all_scan_summary=doc.getElementById('summary_all');
223
- var current_scan_summary=doc.getElementById('summary_current');
224
- jQuery('#summary_all').html(all_scan_summary);
225
- jQuery('#summary_current').html(current_scan_summary);
226
- var summary_html= doc.getElementById('summary_all');
227
- summary_html.remove();
228
- var current_summary= doc.getElementById('summary_current');
229
- current_summary.remove();
230
- var status_table= doc.getElementById('scan_status_table');
231
- status_table.remove();
232
- var report_scan= doc.getElementById('scan_report_table');
233
- report_scan.remove();
234
- var s = new XMLSerializer();
235
- var d= doc;
236
- var str=s.serializeToString(d);
237
- jQuery('#scandata').html(str);
238
- jQuery("#scanstatus").removeClass();
239
- jQuery("#scanstatus").addClass("alert alert-success");
240
- jQuery("#scanstatus").html("Malware scan is <strong>completed.</strong> You can see result in reports below.");
241
  }
 
 
 
 
 
 
 
 
 
 
 
242
 
243
- jQuery('input[name="quick_scan_button"]').removeAttr('disabled');
244
- document.getElementById('quick_scan_button').style.backgroundColor = '#20b2aa';
245
- jQuery('input[name="standard_scan_button"]').removeAttr('disabled');
246
- document.getElementById('standard_scan_button').style.backgroundColor = '#20b2aa';
247
- jQuery('input[name="custom_scan_button"]').removeAttr('disabled');
248
- document.getElementById('custom_scan_button').style.backgroundColor = '#20b2aa';
249
- document.getElementById("standard_scan_button").value = "Standard Scan";
250
-
251
- });
252
- });
253
-
254
- jQuery('input[name="custom_scan_button"]').click(function(){
255
- document.getElementById("custom_scan_button").value = "Scanning...";
256
- jQuery("#scanstatus").removeClass();
257
- jQuery("#scanstatus").addClass("alert alert-warning");
258
- jQuery("#scanstatus").html("Malware scan is <strong>in progress.</strong> You can see result in reports after it's done.");
259
-
260
- jQuery('input[name="quick_scan_button"]').attr('disabled', true);
261
- jQuery('input[name="custom_scan_button"]').attr('disabled', true);
262
- jQuery('input[name="standard_scan_button"]').attr('disabled', true);
263
- document.getElementById('quick_scan_button').style.backgroundColor = '#b0d2cf';
264
- document.getElementById('custom_scan_button').style.backgroundColor = '#20b2aa';
265
- document.getElementById('standard_scan_button').style.backgroundColor = '#b0d2cf';
266
-
267
- var data={
268
- 'action':'mo_wpns_malware_redirect',
269
- 'call_type':'malware_scan_initiate',
270
- 'scan':'scan_start',
271
- 'scantype':'custom_scan',
272
- 'nonce':jQuery('#wpns_custom_scan_nonce').val()
273
- };
274
- jQuery.post(ajaxurl, data, function(response){
275
- if(response=="service_unavailable"){
276
- jQuery('#mo_scan_message').empty();
277
- jQuery('#mo_scan_message').append("<div class= 'notice notice-error is-dismissible' style='height : 25px;padding-top: 10px;' >Scan Service is currently unavailable.</div>");
278
- jQuery("#scanstatus").removeClass();
279
- jQuery("#scanstatus").addClass("alert alert-warning");
280
- jQuery("#scanstatus").html("Malware scan could not be conducted as the service is currently unavailable.");
281
- window.scrollTo({ top: 0, behavior: 'smooth'});
282
- }
283
- else if(response=="ERROR"){
284
- jQuery('#mo_scan_message').append("<div class= 'notice notice-error is-dismissible' style='height : 25px;padding-top: 10px;' >ERROR.</div>");
285
- window.scrollTo({ top: 0, behavior: 'smooth'});
286
- }else{
287
- var xmlString = response;
288
- doc = new DOMParser().parseFromString(xmlString, "text/html");
289
- var all_scan_summary=doc.getElementById('summary_all');
290
- var current_scan_summary=doc.getElementById('summary_current');
291
- jQuery('#summary_all').html(all_scan_summary);
292
- jQuery('#summary_current').html(current_scan_summary);
293
- var summary_html= doc.getElementById('summary_all');
294
- summary_html.remove();
295
- var current_summary= doc.getElementById('summary_current');
296
- current_summary.remove();
297
- var status_table= doc.getElementById('scan_status_table');
298
- status_table.remove();
299
- var report_scan= doc.getElementById('scan_report_table');
300
- report_scan.remove();
301
- var s = new XMLSerializer();
302
- var d= doc;
303
- var str=s.serializeToString(d);
304
- jQuery('#scandata').html(str);
305
- jQuery("#scanstatus").removeClass();
306
- jQuery("#scanstatus").addClass("alert alert-success");
307
- jQuery("#scanstatus").html("Malware scan is <strong>completed.</strong> You can see result in reports below.");
308
- }
309
 
310
- jQuery('input[name="quick_scan_button"]').removeAttr('disabled');
311
- document.getElementById('quick_scan_button').style.backgroundColor = '#20b2aa';
312
- jQuery('input[name="standard_scan_button"]').removeAttr('disabled');
313
- document.getElementById('standard_scan_button').style.backgroundColor = '#20b2aa';
314
- jQuery('input[name="custom_scan_button"]').removeAttr('disabled');
315
- document.getElementById('custom_scan_button').style.backgroundColor = '#20b2aa';
316
- document.getElementById("custom_scan_button").value = "Custom Scan";
317
-
318
- });
319
- });
320
- });
321
- function fetch_status(){
 
 
 
 
 
 
 
322
 
323
- var data={
324
- 'action':'mo_wpns_malware_redirect',
325
- 'call_type':'malware_scan_status'
326
- };
327
- jQuery.post(ajaxurl, data, function(response){
328
- if(response['scanned']==0){
329
- jQuery("#scan_files").html("Scanning with repository files<br>");
330
- jQuery("#malicious_files").html(response['infected']+" files found Malicious");
331
- }else{
332
- jQuery("#scan_files").html(response['scanned']+" files scanned<br>");
333
- jQuery("#malicious_files").html(response['infected']+" files found Malicious");
334
- }
335
- if (response['status']=="COMPLETE"){
336
-
337
- jQuery('input[name="quick_scan_button"]').removeAttr('disabled');
338
- document.getElementById('quick_scan_button').style.backgroundColor = '#20b2aa';
339
- document.getElementById('quick_scan_button').value="Quick Scan";
340
- jQuery('input[name="standard_scan_button"]').removeAttr('disabled');
341
- document.getElementById('standard_scan_button').style.backgroundColor = '#20b2aa';
342
- document.getElementById('standard_scan_button').value="Standard Scan";
343
- jQuery('input[name="custom_scan_button"]').removeAttr('disabled');
344
- document.getElementById('custom_scan_button').style.backgroundColor = '#20b2aa';
345
- document.getElementById('custom_scan_button').value="Custom Scan";
346
- clearInterval(status_var);
347
- }
348
- });
349
- }
350
- </script>
351
- <?php
352
- }
353
- function show_summary(){
354
- $mo_wpns_db_handler = new MoWpnsDB();
355
- $last_id=$mo_wpns_db_handler->get_last_id();
356
- $send_id=$last_id[0]->max;
357
- if(is_null($send_id)){
358
- $total_scan=0;
359
- $total_malicious=0;
360
- $last_scan=0;
361
- $malicious_last_scan=0;
362
- }else{
363
- $result = $mo_wpns_db_handler->get_report_with_id($send_id);
364
- $total_scan=$mo_wpns_db_handler->count_files();
365
- $total_malicious=$mo_wpns_db_handler->count_malicious_files();
366
- $last_scan=$mo_wpns_db_handler->count_files_last_scan($send_id);
367
- $malicious_last_scan=$mo_wpns_db_handler->count_malicious_last_scan($send_id);
368
- }
369
- ?>
370
- <div id="summary_all" class="malwaresummarydiv"><div class="summarydiv">Total Files scanned: <?php echo $total_scan; ?></div>
371
- <div class="summarydiv ">Total Infected Files Found: <?php echo $total_malicious; ?></div></div>
372
- <div id="summary_current" class="malwaresummarydiv"><div class="summarydiv">Files Scanned in last scan: <?php echo $last_scan; ?> </div>
373
- <div class="summarydiv">Infected Files in last scan: <?php echo $malicious_last_scan; ?> </div></div>
374
-
375
- <?php
376
- }
377
 
378
- function show_scan_details($detailreport, $result, $ignorefiles){
379
- $record = $result[0];
380
- echo "<b>Malicious files found: </b>" .count($detailreport);
381
- ?>
382
- <div style=float:right><b>Scan Time :</b> <?php echo date("M j, Y, g:i:s a",$record->start_timestamp); ?><br><b>Completion Time :</b> <?php echo date("M j, Y, g:i:s a",$record->completed_timestamp); ?></div><br><br><hr><br>
383
- <table id="reports_table" class="display" cellspacing="0" width="100%">
384
- <thead><tr><th>Malicious Files</th><th>Issues</th><th>Action</th></tr></thead>
385
- <tbody>
386
- <?php
387
- foreach($detailreport as $report){
388
- $issues = unserialize($report->report);
389
- $filename = $report->filename;
390
- $classdiv = "";
391
- $issuecolor = "mo_wpns_red";
392
- $status = "<a href='".add_query_arg( array('trust' => base64_encode($report->filename)), $_SERVER['REQUEST_URI'] )."'>I trust this file</a>";
393
- if(in_array($report->filename,array_keys($ignorefiles))){
394
- if($ignorefiles[$filename]['signature']==md5_file($report->filename)){
395
- $classdiv = "mo_wpns_gray";
396
- $issuecolor = "mo_wpns_brightred";
397
- $status = "<span class=mo_wpns_lightgreen>trusted</span>";
398
- }else{
399
- $classdiv = "mo_wpns_gray";
400
- $issuecolor = "mo_wpns_brightred";
401
- $status = "<a href='".add_query_arg( array('trustchanged' => $ignorefiles[$filename]['id']), $_SERVER['REQUEST_URI'] )."'>I trust this file</a><br><span class=mo_wpns_brightred><center>( changed )</center></span>";
402
- }
403
- }
404
- echo "<tr><td class=".$classdiv.">".$report->filename."</td><td>";
405
- foreach($issues as $key=>$value){
406
- if($key=='scan'){
407
- echo "<div><span class='".$issuecolor." issue'><b>Malware</b></span></div>";
408
- echo "<div class='issuecontent' data-line='".$key."' data-issue='".$issues[$key]."'>Issue Found: ".$issues[$key]."</div>";
409
- }
410
- // if($key=='Shell Script'){
411
- // echo "<div><span class='".$issuecolor." issue'><b>".$key."</b></span></div>";
412
- // foreach ($value as $issue) {
413
- // echo "<div class='issuecontent' data-line='".$issue["l"]."' data-issue='".$issue["d"]."'>Match Found: ".$issue["d"]." Line: ".$issue["l"]."</div>";
414
- // }
415
- // }
416
- // if($key=='Vulnerable Code'){
417
- // echo "<div><span class='".$issuecolor." issue'><b>".$key."</b></span></div>";
418
- // foreach ($value as $issue) {
419
- // echo "<div class='issuecontent' data-line='".$issue["l"]."' data-issue='".$issue["d"]."'>Match Found: ".$issue["d"]." Line: ".$issue["l"]."</div>";
420
- // }
421
- // }
422
- // if($key=='SQL Injection'){
423
- // echo "<div><span class='".$issuecolor." issue'><b>".$key."</b></span></div>";
424
- // foreach ($value as $issue) {
425
- // echo "<div class='issuecontent' data-line='".$issue["l"]."' data-issue='".$issue["d"]."'>Match Found: ".$issue["d"]." Line: ".$issue["l"]."</div>";
426
- // }
427
- // }
428
- if($key=='repo'){
429
- echo "<div><span class='".$issuecolor." issue'><b>Check File with Repo: </b></span><div><div class='issuecontent'>File Status: ".$value["exist"]."</div>";
430
- }
431
- if($key=='extl'){
432
- echo "<div><span class='".$issuecolor." issue'><b>External Link:</b></span></div>";
433
- foreach ($value as $issue) {
434
- echo "<div class='issuecontent' data-line='".$issue["l"]."' data-issue='".$issue["d"]."'>Link: ".$issue["d"]." Line: ".$issue["l"]."</div>";
435
  }
436
- }
 
 
 
437
  }
438
- echo "</td><td>".$status."</td></tr>";
439
- }
440
- ?>
441
- </tbody>
442
- </table>
443
- <!-- <div id="myModal" class="modal">
444
- <div class="modal-content">
445
- <span class="mo_wpns_scan_close_issue">×</span>
 
 
 
 
 
 
446
  <div>
447
- <b>Issue on line number : <span id="modalline"></span></b>
448
  <pre id="modalcontent"></pre>
449
  </div>
450
  </div>
451
  </div>
452
- <script>
453
- jQuery(".issue").click(function(){
454
- var issuehtml = jQuery(this).parent().find(".issuecontent").html();
455
- var modal = document.getElementById('myModal');
456
- var span = document.getElementsByClassName("mo_wpns_scan_close_issue")[0];
457
- var token = jQuery(this).parent().find(".issuecontent").data("token");
458
- var issue = jQuery(this).parent().find(".issuecontent").data("issue");
459
- issuehtml = "<span class=red style=white-space:initial >"+token +" "+issuehtml+"</span>";
460
- jQuery("#modalline").html(jQuery(this).parent().find(".issuecontent").data("line"));
461
- jQuery("#modalcontent").html(issuehtml);
462
- modal.style.display = "block";
463
- span.onclick = function() {
464
- modal.style.display = "none";
465
- }
466
- window.onclick = function(event) {
467
- if (event.target == modal) {
468
- modal.style.display = "none";
469
- }
470
- }
471
- });
472
- </script> -->
473
  <?php
474
  }
475
 
476
  function show_scan_report($currenturl, $result){
477
  $mo_wpns_db_handler = new MoWpnsDB();
478
  ?>
479
- <table id="reports_table" class="display" cellspacing="0" width="100%">
480
  <thead><tr><th>Scan Type</th><th>Scanned Folders</th><th>Status</th><th>Scan Time</th><th>Action</th></tr></thead>
481
  <tbody>
482
  <?php
483
- if(! is_null($result)){
484
  foreach($result as $report){
485
- $vresult = $mo_wpns_db_handler->get_vulnerable_files_count_for_reportid($report->id);
486
- if(count($vresult)>0)
487
- $vulnerablefies = $vresult[0]->count;
488
- else
489
- $vulnerablefies = 0;
490
-
491
  echo "<tr><td style=text-align:center>".$report->scan_mode."</td>";
492
  echo "<td style=text-align:center>";
493
  if(!empty($report->scanned_folders)){
@@ -499,7 +163,11 @@ function show_scan_report($currenturl, $result){
499
  }
500
  echo "</td><td style=text-align:center>";
501
  echo "<span style=color:green id=scan_files>".$report->scanned_files." files scanned<br></span>";
502
- echo "<span style=color:red id=malicious_files>".$vulnerablefies." files found Malicious</span>";
 
 
 
 
503
  echo "</td><td style=text-align:center id=start_time>".date("M j, Y, g:i:s a",$report->start_timestamp)."</td>";
504
  echo "<td><a href='".add_query_arg( array('tab' => 'default', 'view' => $report->id), $currenturl )."'>View Details</a> <a href='".add_query_arg( array('tab' => 'default', 'delete' => $report->id), $currenturl )."'>Delete</a></td>";
505
  echo "</tr>";
@@ -523,5 +191,61 @@ function show_scan_report($currenturl, $result){
523
  "order": [[ 2, "desc" ]]
524
  <?php } ?>
525
  });
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
526
  } );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
527
  </script>
1
+ <div class="mo_wpns_setting_layout" id="scan_report_table">
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
2
  <?php if(! isset($_GET['view'])){ ?>
3
  <h2>Malware Scan Report</h2>
4
  <?php }else{ ?>
5
  <h2>Detail Report Of Scan
6
+ <a href="<?php echo $currenturl ?>"><b style="float: right; padding-right: 4%">Back To Reports</b></a>
7
  </h2>
8
  <?php } ?>
9
  <hr>
14
  ?>
15
  </div>
16
  </div>
17
+
18
  <?php
19
+ function show_scan_details($detailreport, $result, $ignorefiles, $last_scan){
20
+ $record = $result[0];
21
+ $repo_status_code = MoWpnsConstants::$repo_status_code;
 
22
  ?>
23
+ <div style="float: left;"><b>Total files scanned:</b> <?php echo $last_scan; ?><br><b>Malicious files found:</b> <?php echo count($detailreport); ?></div>
24
+ <div style=float:right><b>Scan Time :</b> <?php echo date("M j, Y, g:i:s a",$record->start_timestamp); ?><br><b>Completion Time :</b> <?php echo date("M j, Y, g:i:s a",$record->completed_timestamp); ?></div><br><br><hr><br>
25
+ <div width="100%">
26
+ <?php
27
+ echo "<div style='margin: 5px 0; border: 1px solid; border-radius: 5px; padding: 10px'><div><b>Found critical issues</b>";
28
+ echo "<input id='malware_button' class='mmp_green' type='button' name='malware_button' value='Show less' style='float:right'></div>";
29
+ echo "<hr>";
30
+ echo "<div id='malware_content' style='display:block'>";
31
+ $malwarecount = 0;
32
+ ?>
33
+ <table id="malware_table" style="text-align:center" class="display" cellspacing="0" width="100%">
34
+ <thead><tr><th>File Name</th><th>Malware Details</th></tr></thead>
35
+ <tbody>
36
+ <?php
37
+ foreach($detailreport as $report){
38
+ $issues = unserialize($report->report);
39
+ $filename = $report->filename;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
40
 
41
+ if(isset($issues['scan'])){
42
+ $malwarecount++;
43
+ echo "<tr><td style=text-align:center>".$filename."</td><td>";
44
+ $t= htmlspecialchars($issues['scan']);
45
+ echo '<div><span class="issue mmp_point" onclick="mo_wpns_show_details(this)">Details</span><div class="issuecontent hidden" data-content="'.$t.'"></div></div>';
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
46
  }
47
+ echo "</div>";
48
+ }
49
+ if ($malwarecount<=0) {
50
+ echo "<div style='text-align:center; width: 100%; color: green; font-size: large;'><b>No critical issues found</b></div>";
51
+ }
52
+ ?>
53
+ </tbody>
54
+ </table>
55
+ <?php
56
+ echo "</div>";
57
+ echo "</div>";
58
 
59
+ echo "<div style='margin: 5px 0; border: 1px solid; border-radius: 5px; padding: 10px'><div><b>Found Repository check Warnings in your Site</b>";
60
+ echo "<input id='repo_button' class='mmp_green' type='button' name='repo_button' value='Show more' style='float:right'></div>";
61
+ echo "<hr>";
62
+ echo "<div id='repo_content' style='display:none'>";
63
+ $repochekcount = 0;
64
+ ?>
65
+ <table id="repo_table" style="text-align:center" class="display" cellspacing="0" width="100%">
66
+ <thead><tr><th>File Name</th><th>Repository Comparison Details</th></tr></thead>
67
+ <tbody>
68
+ <?php
69
+ foreach($detailreport as $report){
70
+ $issues = unserialize($report->report);
71
+ $filename = $report->filename;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
72
 
73
+ if(isset($issues['repo'])){
74
+ $repochekcount++;
75
+ echo "<tr><td style=text-align:center>".$filename."</td><td>";
76
+ $t= htmlspecialchars($issues['repo']['exist']);
77
+ echo '<div><span class="issue mmp_point" onclick="mo_wpns_show_details(this)">Details</span><div class="issuecontent hidden" data-content="'.$t.'"></div></div>';
78
+ }
79
+ echo "</div>";
80
+ }
81
+ if($record->repo_issues < 0){
82
+ echo "<div style='text-align:center; width: 100%; color: red; font-size: large;'><b>".$repo_status_code[$record->repo_issues]."</b></div>";
83
+ }else if ($repochekcount==0) {
84
+ echo "<div style='text-align:center; width: 100%; color: green; font-size: large;'><b>No Repository check warning found</b></div>";
85
+ }
86
+ ?>
87
+ </tbody>
88
+ </table>
89
+ <?php
90
+ echo "</div>";
91
+ echo "</div>";
92
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
93
 
94
+ echo "<div style='margin: 5px 0; border: 1px solid; border-radius: 5px; padding: 10px'><div><b>Found External links in your Site</b>";
95
+ echo "<input id='extl_button' class='mmp_green' type='button' name='extl_button' value='Show more' style='float:right'></div>";
96
+ echo "<hr>";
97
+ echo "<div id='extl_content' style='display:none'>";
98
+ $maliciouslinkcount = 0;
99
+ ?>
100
+ <table id="extl_table" style="text-align:center" class="display" cellspacing="0" width="100%">
101
+ <thead><tr><th>File Name</th><th>External Link Details</th></tr></thead>
102
+ <tbody>
103
+ <?php
104
+ foreach($detailreport as $report){
105
+ $issues = unserialize($report->report);
106
+ $filename = $report->filename;
107
+ if(isset($issues['extl'])){
108
+ $maliciouslinkcount++;
109
+ echo "<tr><td style=text-align:center>".$filename."</td><td>";
110
+ $t='';
111
+ for ($i=0; $i <sizeof($issues['extl']) ; $i++) {
112
+ $t.= $issues['extl'][$i]['d'];
113
+ $t.= " on line ".$issues['extl'][$i]['l']."<br>";
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
114
  }
115
+ $t= htmlspecialchars($t);
116
+ echo '<div><span class="issue mmp_point" onclick="mo_wpns_show_details(this)">Details</span><div class="issuecontent hidden" data-content="'.$t.'"></div></div>';
117
+ }
118
+ echo "</div>";
119
  }
120
+ if ($maliciouslinkcount<=0) {
121
+ echo "<div style='text-align:center; width: 100%; color: green; font-size: large;'><b>No malicious links found</b></div>";
122
+ }
123
+ ?>
124
+ </tbody>
125
+ </table>
126
+ <?php
127
+ echo "</div>";
128
+ echo "</div>";
129
+ ?>
130
+ </div>
131
+ <div id="myModal" class="mo_scan_modal">
132
+ <div class="mo_scan_modal-content">
133
+ <span class="mo_scan_close">×</span>
134
  <div>
 
135
  <pre id="modalcontent"></pre>
136
  </div>
137
  </div>
138
  </div>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
139
  <?php
140
  }
141
 
142
  function show_scan_report($currenturl, $result){
143
  $mo_wpns_db_handler = new MoWpnsDB();
144
  ?>
145
+ <table id="reports_table" style="text-align:center" class="display" cellspacing="0" width="100%">
146
  <thead><tr><th>Scan Type</th><th>Scanned Folders</th><th>Status</th><th>Scan Time</th><th>Action</th></tr></thead>
147
  <tbody>
148
  <?php
149
+ if(!empty($result)){
150
  foreach($result as $report){
151
+ if(empty($report->scan_mode)){
152
+ $report->scan_mode="Custom Scan";
153
+ }
154
+ $repo_count = $report->repo_issues >= 0 ? $report->repo_issues : 0;
 
 
155
  echo "<tr><td style=text-align:center>".$report->scan_mode."</td>";
156
  echo "<td style=text-align:center>";
157
  if(!empty($report->scanned_folders)){
163
  }
164
  echo "</td><td style=text-align:center>";
165
  echo "<span style=color:green id=scan_files>".$report->scanned_files." files scanned<br></span>";
166
+ echo "<span style=color:red id=malicious_files>".$report->malware_count." malware found<br></span>";
167
+ if($report->repo_issues < 0){
168
+ echo "<span style=color:red id=malicious_files>Issues with repository check<br></span>";
169
+ }
170
+ echo "<span style=color:orange id=warning_files>".($repo_count+$report->malicious_links)." warnings found</span>";
171
  echo "</td><td style=text-align:center id=start_time>".date("M j, Y, g:i:s a",$report->start_timestamp)."</td>";
172
  echo "<td><a href='".add_query_arg( array('tab' => 'default', 'view' => $report->id), $currenturl )."'>View Details</a> <a href='".add_query_arg( array('tab' => 'default', 'delete' => $report->id), $currenturl )."'>Delete</a></td>";
173
  echo "</tr>";
191
  "order": [[ 2, "desc" ]]
192
  <?php } ?>
193
  });
194
+ jQuery('#extl_table').DataTable({
195
+ "order": [[ 1, "desc" ]]
196
+ });
197
+ jQuery('#repo_table').DataTable({
198
+ "order": [[ 1, "desc" ]]
199
+ });
200
+ jQuery('#malware_table').DataTable({
201
+ "order": [[ 1, "desc" ]]
202
+ });
203
+ jQuery('input[name="extl_button"]').click(function(){
204
+ var extl_value= document.getElementById("extl_button").value;
205
+ if(extl_value == 'Show more'){
206
+ document.getElementById('extl_content').style.display="block";
207
+ document.getElementById("extl_button").value="Show less";
208
+ }else{
209
+ document.getElementById('extl_content').style.display="none";
210
+ document.getElementById("extl_button").value="Show more";
211
+ }
212
+ });
213
+ jQuery('input[name="repo_button"]').click(function(){
214
+ var extl_value= document.getElementById("repo_button").value;
215
+ if(extl_value == 'Show more'){
216
+ document.getElementById('repo_content').style.display="block";
217
+ document.getElementById("repo_button").value="Show less";
218
+ }else{
219
+ document.getElementById('repo_content').style.display="none";
220
+ document.getElementById("repo_button").value="Show more";
221
+ }
222
+ });
223
+ jQuery('input[name="malware_button"]').click(function(){
224
+ var extl_value= document.getElementById("malware_button").value;
225
+ if(extl_value == 'Show more'){
226
+ document.getElementById('malware_content').style.display="block";
227
+ document.getElementById("malware_button").value="Show less";
228
+ }else{
229
+ document.getElementById('malware_content').style.display="none";
230
+ document.getElementById("malware_button").value="Show more";
231
+ }
232
+ });
233
  } );
234
+
235
+ function mo_wpns_show_details(elem){
236
+ var issuehtml = jQuery(elem).parent().find(".issuecontent").data("content");
237
+ var modal = document.getElementById('myModal');
238
+ var span = document.getElementsByClassName("mo_scan_close")[0];
239
+ issuehtml = "<span class=mo_mmp_red style=white-space:initial >"+issuehtml+"</span>";
240
+ jQuery("#modalcontent").html(issuehtml);
241
+ modal.style.display = "block";
242
+ span.onclick = function() {
243
+ modal.style.display = "none";
244
+ }
245
+ window.onclick = function(event) {
246
+ if (event.target == modal) {
247
+ modal.style.display = "none";
248
+ }
249
+ }
250
+ }
251
  </script>
views/scan_settings_view.php CHANGED
@@ -1,65 +1,62 @@
1
  <?php
2
- add_action('admin_footer','mo_malware_config_page_submit');
3
- $mo_mmp_scan_files_extensions = get_option('mo_wpns_scan_files_extensions');
4
- if($mo_mmp_scan_files_extensions == false)
5
- $mo_mmp_scan_files_extensions = "php";
6
- $mo_mmp_skip_folders = get_option('mo_wpns_skip_folders');
7
- $mo_mmp_skip_folders_array = array();
8
- if(!empty($mo_mmp_skip_folders)){
9
- $mo_mmp_skip_folders_array = explode(";",$mo_mmp_skip_folders);
10
  }
11
- $mo_mmp_white_url = get_option('mo_wpns_white_url');
12
- $mo_mmp_white_urls_array = array();
13
- if(!empty($mo_mmp_white_url)){
14
- $mo_mmp_white_urls_array = explode(";",$mo_mmp_white_url);
15
  }
16
- $mo_mmp_custom_sign = get_option('mo_wpns_custom_sign');
17
- $mo_mmp_custom_sign_array = array();
18
- if(!empty($mo_mmp_custom_sign)){
19
- $mo_mmp_custom_sign_array = explode(";",$mo_mmp_custom_sign);
20
  }
21
  ?>
22
  <div class="mo_wpns_setting_layout">
23
  <div class="mo_wpns_subheading"></div>
24
  <br>
25
  <form id="" method="post" action="">
26
- <input type="hidden" name="option" value="mo_mmp_scan_configuration">
27
  <table class="mo_wpns_settings_table">
28
  <tr>
29
  <td style="width:30%"><b>Select Folders to Scan : </b></td>
30
  <td>
31
- <input type="checkbox" name="mo_mmp_scan_plugins" id="mo_mmp_scan_plugins" value="1" <?php checked(get_option('mo_wpns_scan_plugins') == 1);?>> WordPress Plugins folder<br>
32
- <input type="checkbox" name="mo_mmp_scan_themes" id="mo_mmp_scan_themes" value="1" <?php checked(get_option('mo_wpns_scan_themes') == 1);?>> WordPress Themes folder<br>
33
- <input type="checkbox" name="mo_mmp_scan_wp_files" id="mo_mmp_scan_wp_files" value="1" <?php checked(get_option('mo_wpns_scan_wp_files') == 1);?>> WordPress files
34
  </td>
35
  </tr>
36
  <tr><td>&nbsp;</td><td></td></tr>
37
  <tr>
38
  <td style="width:30%"><b>Select Type of files to scan : </b></td>
39
- <td><input class="mo_wpns_table_textbox" type="text" id="mo_mmp_scan_files_extensions" name="mo_mmp_scan_files_extensions" required placeholder="comma separated file extensions e.g. php,inc" value="<?php echo $mo_mmp_scan_files_extensions?>" /></td>
40
  </tr>
41
  <tr><td>&nbsp;</td><td></td></tr>
42
  <tr>
43
  <td style="width:30%"><b>Select Scan Level : </b></td>
44
  <td>
45
- <input type="checkbox" name="mo_mmp_check_vulnerable_code" id="mo_mmp_check_vulnerable_code" value="1" <?php checked(get_option('mo_wpns_check_vulnerable_code') == 1);?>> <b>Check PHP files vulnerable code <span class="mo_green">( Highly Recommeded )</span></b><br>
46
  Checks if your website has a code which is kept hidden or obfuscated to harm your website.<br><br>
47
- <input type="checkbox" name="mo_mmp_check_sql_injection" id="mo_mmp_check_sql_injection" value="1" <?php checked(get_option('mo_wpns_check_sql_injection') == 1);?>> <b>SQL Injection and injected shell script check <span class="mo_green">( Highly Recommeded )</span></b><br>
48
  Checks for injected SQL queries which can harm your database and injected shell scripts which can harm your server by executing any commands.<br><br>
49
- <input type="checkbox" name="mo_mmp_check_external_link" id="mo_mmp_check_external_link" value="1" <?php checked(get_option('mo_wpns_check_external_link') == 1);?>> <b>External Links Detection</b><br>
50
  Checks if anyone creating backlinks from your website. Backlinks to blacklisted sites can add your website to spam websites list.<br><br>
51
- <input type="checkbox" name="mo_mmp_scan_files_with_repo" id="mo_mmp_scan_files_with_repo" value="1" <?php checked(get_option('mo_wpns_scan_files_with_repo') == 1);?>> <b>Check Files with repository</b><br>
52
  Check the Wordpress, plugin and theme files with its repository. It is helpful to determine if extra files added to or missing any of repository files.<br><br>
53
-
54
- <input type="checkbox" name="mo_mmp_adv_sign" id="mo_mmp_adv_sign" value="1" <?php checked(get_option('mo_wpns_adv_sign') == 1);?>> <b>Use Advanced Signatures For Malware Detection.</b><b class="mo_red"> (Deep Scan) </b><br>
55
- Advanced Signatures help to scan your website better. miniOrange has it own premium signatures used to detect more advanced malwares in the files.<br><br>
56
- <input type="checkbox" name="mo_mmp_check_remote_file_inclusion" id="mo_mmp_check_remote_file_inclusion" value="1" <?php checked(get_option('mo_wpns_check_remote_file_inclusion') == 1);?>> <b>Remote File Inclusion</b><b class="mo_red"> (Deep Scan) </b><br>
57
  Inclusion of remote files can be harmful as code return in remote files will be executed on your server.<br><br>
58
- <input type="checkbox" name="mo_mmp_check_domain" id="mo_mmp_check_domain" value="1" <?php checked(get_option('mo_wpns_check_domain') == 1);?>> <b>Check For Blacklisted Domains.</b><b class="mo_red"> (Deep Scan) </b><br>
 
 
59
  Checks for links to Blacklisted Domains so that your site does not get a bad reputation.<br><br>
60
- <input type="checkbox" name="mo_mmp_trojan_check" id="mo_mmp_trojan_check" value="1" <?php checked(get_option('mo_wpns_check_trojan') == 1);?>> <b>Check For Trojans.</b><b class="mo_red"> (Deep Scan) </b><br>
61
  Checks for presence of Trojans in your system. It looks like a normal file but can help the attacker gain remote access to your system.<br><br>
62
- <input type="checkbox" name="mo_mmp_backdoor_check" id="mo_mmp_backdoor_check" value="1" <?php checked(get_option('mo_wpns_check_backdoor') == 1);?>> <b>Check For Backdoors.</b><b class="mo_red"> (Deep Scan) </b><br>
63
  Checks for presence of Backdoors in your code. A backdoor is a malware type that dodges the authentication process to gain remote access.
64
  </td>
65
  </tr>
@@ -68,11 +65,11 @@
68
  <td style="width:30%"><b>Skip folders with paths : </b></td>
69
  <td>
70
  <table style="width:100%" id="skip_folders">
71
- <?php for($i=0;$i<count($mo_mmp_skip_folders_array);$i++){ ?>
72
- <tr><td><input type="text" name="mo_mmp_skip_folders_<?php echo $i+1;?>" id="mo_mmp_skip_scan_folder" class="mo_wpns_table_textbox" placeholder="comma separated folders full path" style="width:100%;" value="<?php echo $mo_mmp_skip_folders_array[$i];?>" /></td></tr>
73
  <?php }
74
  if($i==0){ ?>
75
- <tr><td><input type="text" name="mo_mmp_skip_folders_<?php echo $i+1;?>" id="mo_mmp_skip_scan_folder" class="mo_wpns_table_textbox" placeholder="comma separated folders full path" style="width:100%;" value="" /></td></tr>
76
  <?php }
77
  ?>
78
  </table>
@@ -84,11 +81,11 @@
84
  <td style="width:30%"><b>Whitelist URLs : </b></td>
85
  <td>
86
  <table style="width:100%" id="white_url">
87
- <?php for($i=0;$i<count($mo_mmp_white_urls_array);$i++){ ?>
88
- <tr><td><input type="text" name="mo_mmp_white_url_<?php echo $i+1;?>" id="mo_mmp_url_white" class="mo_wpns_table_textbox" placeholder="enter URLs to be whitelisted" style="width:100%;" value="<?php echo $mo_mmp_white_urls_array[$i];?>" disabled /></td></tr>
89
  <?php }
90
  if($i==0){ ?>
91
- <tr><td><input type="text" name="mo_mmp_white_url_<?php echo $i+1;?>" id="mo_mmp_url_white" class="mo_wpns_table_textbox" placeholder="enter URLs to be whitelisted" style="width:100%;" value="" disabled /></td></tr>
92
  <?php }
93
  ?>
94
  </table>
@@ -100,11 +97,11 @@
100
  <td style="width:30%"><b>Custom Signatures : </b></td>
101
  <td>
102
  <table style="width:100%" id="sign_custom">
103
- <?php for($i=0;$i<count($mo_mmp_custom_sign_array);$i++){ ?>
104
- <tr><td><input type="text" name="mo_mmp_custom_sign_<?php echo $i+1;?>" id="mo_mmp_sign_custom" class="mo_wpns_table_textbox" placeholder="enter string or code to be added as custom signature" style="width:100%;" value="<?php echo $mo_mmp_custom_sign_array[$i];?>" disabled /></td></tr>
105
  <?php }
106
  if($i==0){ ?>
107
- <tr><td><input type="text" name="mo_mmp_custom_sign_<?php echo $i+1;?>" id="mo_mmp_sign_custom" class="mo_wpns_table_textbox" placeholder="enter string or code to be added as custom signature" style="width:100%;" value="" disabled /></td></tr>
108
  <?php }
109
  ?>
110
  </table>
@@ -113,7 +110,7 @@
113
  </tr>
114
  <tr>
115
  <td></td>
116
- <input type = "hidden" id = "wpns_scan_settings_url" value="<?php echo wp_create_nonce('wpns-scan-settings') ?>" >
117
  <td><br><input type="button" name="Save_malware_config" id="Save_malware_config" style="width:100px;" value="Save" class="mo_wpns_scan_button"> </td>
118
  </tr>
119
  </table>
@@ -122,62 +119,13 @@
122
  </div>
123
  <?php
124
 
125
- function mo_malware_config_page_submit(){
126
- if ( ('admin.php' != basename( $_SERVER['PHP_SELF'] )) || ($_GET['page'] != 'mo_2fa_malwarescan') ) {
127
- return;
128
- }
129
- ?>
130
- <script>
131
- jQuery(document).ready(function(){
132
- jQuery('#Save_malware_config').click(function(){
133
- var data={
134
- 'action':'mo_wpns_malware_redirect',
135
- 'call_type':'submit_malware_settings_form',
136
- 'scan_plugin':jQuery('input[name= "mo_mmp_scan_plugins"]:checked').val(),
137
- 'scan_themes':jQuery('input[name= "mo_mmp_scan_themes"]:checked').val(),
138
- 'scan_core':jQuery('input[name= "mo_mmp_scan_wp_files"]:checked').val(),
139
- 'file_type':jQuery('#mo_mmp_scan_files_extensions').val(),
140
- 'vulnerable_check':jQuery('input[name= "mo_mmp_check_vulnerable_code"]:checked').val(),
141
- 'sql_check':jQuery('input[name= "mo_mmp_check_sql_injection"]:checked').val(),
142
- 'ext_link':jQuery('input[name= "mo_mmp_check_external_link"]:checked').val(),
143
- 'repo_check':jQuery('input[name= "mo_mmp_scan_files_with_repo"]:checked').val(),
144
- 'skip_path':jQuery('#mo_mmp_skip_scan_folder').val(),
145
- 'nonce':jQuery('#wpns_scan_settings_url').val()
146
- };
147
- jQuery.post(ajaxurl, data, function(response){
148
- jQuery("#mo_scan_message").empty();
149
- jQuery("#mo_scan_message").hide();
150
- jQuery('#mo_scan_message').show();
151
- if (response == "folder_error"){
152
- jQuery('#mo_scan_message').append("<div class= 'notice notice-error is-dismissible' style='height : 25px;padding-top: 10px; ' >Please select atleast one folder to scan</div>");
153
- window.scrollTo({ top: 0, behavior: 'smooth' });
154
- }
155
- else if(response == "level_error"){
156
- jQuery('#mo_scan_message').append("<div class= 'notice notice-error is-dismissible' style='height : 25px;padding-top: 10px;' >Please select atleast one scan level.</div>");
157
- window.scrollTo({ top: 0, behavior: 'smooth'});
158
- }
159
- else if(response == "ERROR"){
160
- jQuery('#mo_scan_message').append("<div class= 'notice notice-error is-dismissible' style='height : 25px;padding-top: 10px;' >ERROR.</div>");
161
- window.scrollTo({ top: 0, behavior: 'smooth'});
162
- }
163
- else{
164
- jQuery('#mo_scan_message').append("<div class= 'notice notice-success is-dismissible' style='height : 25px;padding-top: 10px; ' >Scan Configuration Saved Successfully</div>");
165
- window.scrollTo({ top: 0, behavior: 'smooth' });
166
- }
167
- });
168
-
169
- });
170
- });
171
- </script>
172
- <?php
173
- }
174
  ?>
175
  <script>
176
  function add_skip_folders(){
177
  var last_index_name = jQuery('#skip_folders tr:last .mo_wpns_table_textbox').attr('name');
178
  var splittedArray = last_index_name.split("_");
179
  var countAttributes = parseInt(splittedArray[splittedArray.length-1])+1;
180
- jQuery("<tr><td><input type='text' name='mo_mmp_skip_folders_"+countAttributes+"' class='mo_wpns_table_textbox' placeholder='comma separated folders full path' style='width:100%;' /></td></tr>").insertAfter(jQuery('#skip_folders tr:last'));
181
 
182
  }
183
 
@@ -185,7 +133,7 @@ jQuery(document).ready(function(){
185
  var last_index_name = jQuery('#white_url tr:last .mo_wpns_table_textbox').attr('name');
186
  var splittedArray = last_index_name.split("_");
187
  var countAttributes = parseInt(splittedArray[splittedArray.length-1])+1;
188
- jQuery("<tr><td><input type='text' name='mo_mmp_white_url_"+countAttributes+"' class='mo_wpns_table_textbox' placeholder='enter URLs to be whitelisted' style='width:100%;' disabled/></td></tr>").insertAfter(jQuery('#white_url tr:last'));
189
 
190
  }
191
 
@@ -193,7 +141,70 @@ jQuery(document).ready(function(){
193
  var last_index_name = jQuery('#sign_custom tr:last .mo_wpns_table_textbox').attr('name');
194
  var splittedArray = last_index_name.split("_");
195
  var countAttributes = parseInt(splittedArray[splittedArray.length-1])+1;
196
- jQuery("<tr><td><input type='text' name='mo_mmp_custom_sign_"+countAttributes+"' class='mo_wpns_table_textbox' placeholder='enter string or code to be added as custom signature' style='width:100%;' disabled/></td></tr>").insertAfter(jQuery('#sign_custom tr:last'));
197
 
198
  }
199
  </script>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
  <?php
2
+ $mo_wpns_scan_files_extensions = get_option('mo_wpns_scan_files_extensions');
3
+
4
+ $mo_wpns_skip_folders = get_option('mo_wpns_skip_folders');
5
+ $mo_wpns_skip_folders_array = array();
6
+ if(!empty($mo_wpns_skip_folders)){
7
+ $mo_wpns_skip_folders_array = explode(";",$mo_wpns_skip_folders);
 
 
8
  }
9
+ $mo_wpns_white_url = get_option('mo_wpns_white_url');
10
+ $mo_wpns_white_urls_array = array();
11
+ if(!empty($mo_wpns_white_url)){
12
+ $mo_wpns_white_urls_array = explode(";",$mo_wpns_white_url);
13
  }
14
+ $mo_wpns_custom_sign = get_option('mo_wpns_custom_sign');
15
+ $mo_wpns_custom_sign_array = array();
16
+ if(!empty($mo_wpns_custom_sign)){
17
+ $mo_wpns_custom_sign_array = explode(";",$mo_wpns_custom_sign);
18
  }
19
  ?>
20
  <div class="mo_wpns_setting_layout">
21
  <div class="mo_wpns_subheading"></div>
22
  <br>
23
  <form id="" method="post" action="">
24
+ <input type="hidden" name="option" value="mo_wpns_scan_configuration">
25
  <table class="mo_wpns_settings_table">
26
  <tr>
27
  <td style="width:30%"><b>Select Folders to Scan : </b></td>
28
  <td>
29
+ <input type="checkbox" name="mo_wpns_scan_plugins" id="mo_wpns_scan_plugins" value="1" <?php checked(get_option('mo_wpns_scan_plugins') == 1);?>> WordPress Plugins folder<br>
30
+ <input type="checkbox" name="mo_wpns_scan_themes" id="mo_wpns_scan_themes" value="1" <?php checked(get_option('mo_wpns_scan_themes') == 1);?>> WordPress Themes folder<br>
31
+ <input type="checkbox" name="mo_wpns_scan_wp_files" id="mo_wpns_scan_wp_files" value="1" <?php checked(get_option('mo_wpns_scan_wp_files') == 1);?>> WordPress files
32
  </td>
33
  </tr>
34
  <tr><td>&nbsp;</td><td></td></tr>
35
  <tr>
36
  <td style="width:30%"><b>Select Type of files to scan : </b></td>
37
+ <td><input class="mo_wpns_table_textbox" type="text" id="mo_wpns_scan_files_extensions" name="mo_wpns_scan_files_extensions" required placeholder="comma separated file extensions e.g. php,inc" value="<?php echo $mo_wpns_scan_files_extensions?>" /></td>
38
  </tr>
39
  <tr><td>&nbsp;</td><td></td></tr>
40
  <tr>
41
  <td style="width:30%"><b>Select Scan Level : </b></td>
42
  <td>
43
+ <input type="checkbox" name="mo_wpns_check_vulnerable_code" id="mo_wpns_check_vulnerable_code" value="1" <?php checked(get_option('mo_wpns_check_vulnerable_code') == 1);?>> <b>Check PHP files vulnerable code <span class="mo_green">( Highly Recommeded )</span></b><br>
44
  Checks if your website has a code which is kept hidden or obfuscated to harm your website.<br><br>
45
+ <input type="checkbox" name="mo_wpns_check_sql_injection" id="mo_wpns_check_sql_injection" value="1" <?php checked(get_option('mo_wpns_check_sql_injection') == 1);?>> <b>SQL Injection and injected shell script check <span class="mo_green">( Highly Recommeded )</span></b><br>
46
  Checks for injected SQL queries which can harm your database and injected shell scripts which can harm your server by executing any commands.<br><br>
47
+ <input type="checkbox" name="mo_wpns_check_external_link" id="mo_wpns_check_external_link" value="1" <?php checked(get_option('mo_wpns_check_external_link') == 1);?>> <b>External Links Detection</b><br>
48
  Checks if anyone creating backlinks from your website. Backlinks to blacklisted sites can add your website to spam websites list.<br><br>
49
+ <input type="checkbox" name="mo_wpns_scan_files_with_repo" id="mo_wpns_scan_files_with_repo" value="1" <?php checked(get_option('mo_wpns_scan_files_with_repo') == 1);?>> <b>Check Files with repository</b><br>
50
  Check the Wordpress, plugin and theme files with its repository. It is helpful to determine if extra files added to or missing any of repository files.<br><br>
51
+ <input type="checkbox" name="mo_wpns_check_remote_file_inclusion" id="mo_wpns_check_remote_file_inclusion" value="1" <?php checked(get_option('mo_wpns_check_remote_file_inclusion') == 1);?>> <b>Remote File Inclusion</b><br>
 
 
 
52
  Inclusion of remote files can be harmful as code return in remote files will be executed on your server.<br><br>
53
+ <input type="checkbox" name="mo_wpns_adv_sign" id="mo_wpns_adv_sign" value="1" <?php checked(get_option('mo_wpns_adv_sign') == 1);?>> <b>Use Advanced Signatures For Malware Detection.</b><b class="mo_red"> (Deep Scan) </b><br>
54
+ Advanced Signatures help to scan your website better. miniOrange has it own premium signatures used to detect more advanced malwares in the files.<br><br>
55
+ <input type="checkbox" name="mo_wpns_check_domain" id="mo_wpns_check_domain" value="1" <?php checked(get_option('mo_wpns_check_domain') == 1);?>> <b>Check For Blacklisted Domains.</b><b class="mo_red"> (Deep Scan) </b><br>
56
  Checks for links to Blacklisted Domains so that your site does not get a bad reputation.<br><br>
57
+ <input type="checkbox" name="mo_wpns_trojan_check" id="mo_wpns_trojan_check" value="1" <?php checked(get_option('mo_wpns_check_trojan') == 1);?>> <b>Check For Trojans.</b><b class="mo_red"> (Deep Scan) </b><br>
58
  Checks for presence of Trojans in your system. It looks like a normal file but can help the attacker gain remote access to your system.<br><br>
59
+ <input type="checkbox" name="mo_wpns_backdoor_check" id="mo_wpns_backdoor_check" value="1" <?php checked(get_option('mo_wpns_check_backdoor') == 1);?>> <b>Check For Backdoors.</b><b class="mo_red"> (Deep Scan) </b><br>
60
  Checks for presence of Backdoors in your code. A backdoor is a malware type that dodges the authentication process to gain remote access.
61
  </td>
62
  </tr>
65
  <td style="width:30%"><b>Skip folders with paths : </b></td>
66
  <td>
67
  <table style="width:100%" id="skip_folders">
68
+ <?php for($i=0;$i<count($mo_wpns_skip_folders_array);$i++){ ?>
69
+ <tr><td><input type="text" name="mo_wpns_skip_folders_<?php echo $i;?>" id="mo_wpns_skip_scan_folder_<?php echo $i;?>" class="mo_wpns_table_textbox mo_wpns_count_box" placeholder="comma separated folders full path" style="width:100%;" value="<?php echo $mo_wpns_skip_folders_array[$i];?>" /></td></tr>
70
  <?php }
71
  if($i==0){ ?>
72
+ <tr><td><input type="text" name="mo_wpns_skip_folders_0" id="mo_wpns_skip_scan_folder_0" class="mo_wpns_table_textbox mo_wpns_count_box" placeholder="comma separated folders full path" style="width:100%;" value="" /></td></tr>
73
  <?php }
74
  ?>
75
  </table>
81
  <td style="width:30%"><b>Whitelist URLs : </b></td>
82
  <td>
83
  <table style="width:100%" id="white_url">
84
+ <?php for($i=0;$i<count($mo_wpns_white_urls_array);$i++){ ?>
85
+ <tr><td><input type="text" name="mo_wpns_white_url_<?php echo $i+1;?>" id="mo_wpns_url_white" class="mo_wpns_table_textbox" placeholder="Enter URLs to be whitelisted" style="width:100%;" value="<?php echo $mo_wpns_white_urls_array[$i];?>" disabled /></td></tr>
86
  <?php }
87
  if($i==0){ ?>
88
+ <tr><td><input type="text" name="mo_wpns_white_url_<?php echo $i+1;?>" id="mo_wpns_url_white" class="mo_wpns_table_textbox" placeholder="Enter URLs to be whitelisted" style="width:100%;" value="" disabled /></td></tr>
89
  <?php }
90
  ?>
91
  </table>
97
  <td style="width:30%"><b>Custom Signatures : </b></td>
98
  <td>
99
  <table style="width:100%" id="sign_custom">
100
+ <?php for($i=0;$i<count($mo_wpns_custom_sign_array);$i++){ ?>
101
+ <tr><td><input type="text" name="mo_wpns_custom_sign_<?php echo $i+1;?>" id="mo_wpns_sign_custom" class="mo_wpns_table_textbox" placeholder="Enter string or code to be added as custom signature" style="width:100%;" value="<?php echo $mo_wpns_custom_sign_array[$i];?>" disabled /></td></tr>
102
  <?php }
103
  if($i==0){ ?>
104
+ <tr><td><input type="text" name="mo_wpns_custom_sign_<?php echo $i+1;?>" id="mo_wpns_sign_custom" class="mo_wpns_table_textbox" placeholder="Enter string or code to be added as custom signature" style="width:100%;" value="" disabled /></td></tr>
105
  <?php }
106
  ?>
107
  </table>
110
  </tr>
111
  <tr>
112
  <td></td>
113
+ <input type = "hidden" id = "mo_wpns_scan_settings_url" value="<?php echo wp_create_nonce('mo-wpns-scan-settings') ?>" >
114
  <td><br><input type="button" name="Save_malware_config" id="Save_malware_config" style="width:100px;" value="Save" class="mo_wpns_scan_button"> </td>
115
  </tr>
116
  </table>
119
  </div>
120
  <?php
121
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
122
  ?>
123
  <script>
124
  function add_skip_folders(){
125
  var last_index_name = jQuery('#skip_folders tr:last .mo_wpns_table_textbox').attr('name');
126
  var splittedArray = last_index_name.split("_");
127
  var countAttributes = parseInt(splittedArray[splittedArray.length-1])+1;
128
+ jQuery("<tr><td><input type='text' name='mo_wpns_skip_folders_"+countAttributes+"' id='mo_wpns_skip_scan_folder_"+countAttributes+"' class='mo_wpns_table_textbox mo_wpns_count_box' placeholder='comma separated folders full path' style='width:100%;' /></td></tr>").insertAfter(jQuery('#skip_folders tr:last'));
129
 
130
  }
131
 
133
  var last_index_name = jQuery('#white_url tr:last .mo_wpns_table_textbox').attr('name');
134
  var splittedArray = last_index_name.split("_");
135
  var countAttributes = parseInt(splittedArray[splittedArray.length-1])+1;
136
+ jQuery("<tr><td><input type='text' name='mo_wpns_white_url_"+countAttributes+"' class='mo_wpns_table_textbox' placeholder='Enter URLs to be whitelisted' style='width:100%;' disabled/></td></tr>").insertAfter(jQuery('#white_url tr:last'));
137
 
138
  }
139
 
141
  var last_index_name = jQuery('#sign_custom tr:last .mo_wpns_table_textbox').attr('name');
142
  var splittedArray = last_index_name.split("_");
143
  var countAttributes = parseInt(splittedArray[splittedArray.length-1])+1;
144
+ jQuery("<tr><td><input type='text' name='mo_wpns_custom_sign_"+countAttributes+"' class='mo_wpns_table_textbox' placeholder='Enter string or code to be added as custom signature' style='width:100%;' disabled/></td></tr>").insertAfter(jQuery('#sign_custom tr:last'));
145
 
146
  }
147
  </script>
148
+
149
+ <?php
150
+ echo '
151
+
152
+ <script>
153
+ jQuery(document).ready(function(){
154
+ jQuery("#Save_malware_config").click(function(){
155
+ jQuery("#mo_scan_message").empty();
156
+ jQuery("#mo_scan_message").hide();
157
+ jQuery("#mo_scan_message").show();
158
+ jQuery("#mo_scan_message").removeClass();
159
+ var q= jQuery(".mo_wpns_count_box").length;
160
+ var str="";
161
+ for(var i=0; i<q; i++){
162
+ var content= jQuery("#mo_wpns_skip_scan_folder_"+i).val();
163
+ content = content.trim();
164
+ str= str+content;
165
+ if(i != (q-1)){
166
+ str=str+";";
167
+ }
168
+ }
169
+ var data={
170
+ "action":"mo_wpns_malware_redirect",
171
+ "call_type":"submit_malware_settings_form",
172
+ "scan_plugin":jQuery("input[name= mo_wpns_scan_plugins]:checked").val(),
173
+ "scan_themes": jQuery("input[name= mo_wpns_scan_themes]:checked").val(),
174
+ "scan_core":jQuery("input[name= mo_wpns_scan_wp_files]:checked").val(),
175
+ "file_type":jQuery("#mo_wpns_scan_files_extensions").val(),
176
+ "vulnerable_check":jQuery("input[name= mo_wpns_check_vulnerable_code]:checked").val(),
177
+ "sql_check":jQuery("input[name= mo_wpns_check_sql_injection]:checked").val(),
178
+ "ext_link":jQuery("input[name= mo_wpns_check_external_link]:checked").val(),
179
+ "repo_check":jQuery("input[name= mo_wpns_scan_files_with_repo]:checked").val(),
180
+ "skip_path":str,
181
+ "check_rfi":jQuery("input[name= mo_wpns_check_remote_file_inclusion]:checked").val(),
182
+ "nonce":jQuery("#mo_wpns_scan_settings_url").val()
183
+ };
184
+ jQuery.post(ajaxurl, data, function(response){
185
+ if (response == "folder_error"){
186
+ jQuery("#mo_scan_message").addClass("notice notice-error is-dismissible");
187
+ jQuery("#mo_scan_message").append("Please select atleast one folder to scan");
188
+ window.scrollTo({ top: 0, behavior: "smooth" });
189
+ }else if (response == "path_error"){
190
+ jQuery("#mo_scan_message").addClass("notice notice-error is-dismissible");
191
+ jQuery("#mo_scan_message").append("The path of folder/folders is/are incorrect");
192
+ window.scrollTo({ top: 0, behavior: "smooth" });
193
+ }
194
+ else if(response == "level_error"){
195
+ jQuery("#mo_scan_message").addClass("notice notice-error is-dismissible");
196
+ jQuery("#mo_scan_message").append("Please select atleast one scan level.");
197
+ window.scrollTo({ top: 0, behavior: "smooth"});
198
+
199
+ }
200
+ else{
201
+ jQuery("#mo_scan_message").addClass("notice notice-success is-dismissible");
202
+ jQuery("#mo_scan_message").append("Scan configuration saved successfully");
203
+ window.scrollTo({ top: 0, behavior: "smooth" });
204
+ }
205
+ });
206
+
207
+ });
208
+ });
209
+ </script>';
210
+ ?>
views/scan_summary_view.php ADDED
@@ -0,0 +1,369 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ add_action('admin_footer','mo_wpns_start_scan');
3
+ ?>
4
+ <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
5
+
6
+ <div class="mo_wpns_dashboard_layout">
7
+ <div class="malwaresummarydiv">
8
+ <?php show_summary(); ?>
9
+ </div>
10
+ </div>
11
+ <div class="mo_wpns_setting_layout" id="scan_status_table">
12
+ <div>
13
+ <p class="hmdiv">Scan Modes</p>
14
+ </div>
15
+ <div style="float: left;">
16
+ <p id="scanstatus"></p>
17
+ </div>
18
+ <div class="malwaresummarydiv">
19
+ <div class="mo_wpns_sub_scanmode mo_wpns_msdivl">
20
+ <div class="hdiv"><b>Quick Scan</b></div>
21
+ <hr class="line">
22
+ <p class="mo_wpns_scan_desc">Quick Scan checks all Plugins, Themes and Core files for Vulnerable Code and SQL Injections using PHP malware signatures.</p>
23
+ <input type = "hidden" id = "wpns_quick_scan_nonce" value="<?php echo wp_create_nonce('wpns-quick-scan') ?>" >
24
+ <input id="quick_scan_button" type="button" name="quick_scan_button" class="mo_wpns_scan_button" value="Quick Scan">
25
+ </div>
26
+ <div class="mo_wpns_sub_scanmode mo_wpns_msdivr mo_wpns_msdivl">
27
+ <div class="hdiv"><b>Standard Scan</b></div>
28
+ <hr class="line">
29
+ <p class="mo_wpns_scan_desc">Standard Scan checks all Plugins, Themes and Core files for external links and compares with the repository as well.</p>
30
+ <input type = "hidden" id = "wpns_standard_scan_nonce" value="<?php echo wp_create_nonce('wpns-standard-scan') ?>" >
31
+ <input id="standard_scan_button" type="button" name="standard_scan_button" class="mo_wpns_scan_button" value="Standard Scan">
32
+ </div>
33
+ <div class="mo_wpns_sub_scanmode mo_wpns_msdivl mo_wpns_msdivr">
34
+ <div class="hdiv">
35
+ <b>Deep Scan</b>
36
+ <strong><a href="admin.php?page=mo_2fa_upgrade"> <b style="color: red;">[Premium]</b> </a></strong>
37
+ </div>
38
+ <hr class="line">
39
+ <p class="mo_wpns_scan_desc">Deep Scan checks all Plugins, Themes and Core files for RFI, Trojans and Backdoors using advanced signatures and detects blacklisted domains as well.</p>
40
+ <input id="deep_scan_button" type="button" name="deep_scan_button" class="mo_wpns_deep_scan_button" value="Deep Scan">
41
+ </div>
42
+ <div class="mo_wpns_sub_scanmode mo_wpns_msdivr">
43
+ <div class="hdiv"><b>Custom Scan</b></div>
44
+ <hr class="line">
45
+ <p class="mo_wpns_scan_desc">Custom Scan gives you an option to choose which files to scan and what to check for.</p>
46
+ <input type = "hidden" id = "wpns_custom_scan_nonce" value="<?php echo wp_create_nonce('wpns-custom-scan') ?>" >
47
+ <input id="custom_scan_button" type="button" name="custom_scan_button" class="mo_wpns_scan_button" value="Custom Scan">
48
+ <input type="button" name="configure_button" class="mo_wpns_scan_button" value="Configure" style="float: right;" onclick="openTabmalware(event, 'settings_scan')" >
49
+ </div>
50
+ </div>
51
+ </div>
52
+ </div>
53
+ <div class="mo_wpns_setting_layout" id="mo_progress" style="display: none;">
54
+ <h3 id="progress_message">Scan progress...</h3>
55
+ <div id="mo_wpns_progress" class="mo_wpns_progress">
56
+ <div id="mo_wpns_progress_bar" class="mo_wpns_progress_bar">0%</div>
57
+ </div>
58
+ </div>
59
+
60
+ <?php
61
+ function mo_wpns_start_scan(){
62
+ if ( ('admin.php' != basename( $_SERVER['PHP_SELF'] )) || ($_GET['page'] != 'mo_2fa_malwarescan') ) {
63
+ return;
64
+ }
65
+ ?>
66
+ <script>
67
+ var status_var,progress_bar,scan_progress;
68
+ jQuery(document).ready(function(){
69
+ scan_progress= "<?php echo get_option('mo_wpns_malware_scan_in_progress'); ?>";
70
+ if(scan_progress=="IN PROGRESS"){
71
+ status_progress();
72
+ jQuery('input[name="quick_scan_button"]').attr('disabled', true);
73
+ jQuery('input[name="custom_scan_button"]').attr('disabled', true);
74
+ jQuery('input[name="standard_scan_button"]').attr('disabled', true);
75
+ var mode_scan="<?php echo get_option('mo_wpns_scan_mode'); ?>";
76
+ if(mode_scan=="quick_scan"){
77
+ document.getElementById('quick_scan_button').style.backgroundColor = '#20b2aa';
78
+ document.getElementById('custom_scan_button').style.backgroundColor = '#b0d2cf';
79
+ document.getElementById('standard_scan_button').style.backgroundColor = '#b0d2cf';
80
+ document.getElementById('quick_scan_button').value="Scanning..."
81
+ }
82
+ else if(mode_scan=="standard_scan"){
83
+ document.getElementById('quick_scan_button').style.backgroundColor = '#b0d2cf';
84
+ document.getElementById('custom_scan_button').style.backgroundColor = '#b0d2cf';
85
+ document.getElementById('standard_scan_button').style.backgroundColor = '#20b2aa';
86
+ document.getElementById('standard_scan_button').value="Scanning..."
87
+ }
88
+ else if(mode_scan=="custom_scan"){
89
+ document.getElementById('quick_scan_button').style.backgroundColor = '#b0d2cf';
90
+ document.getElementById('custom_scan_button').style.backgroundColor = '#20b2aa';
91
+ document.getElementById('standard_scan_button').style.backgroundColor = '#b0d2cf';
92
+ document.getElementById('custom_scan_button').value="Scanning..."
93
+ }
94
+ status_var = 1;
95
+ document.getElementById("mo_progress").style.display="block";
96
+ progress_bar = setInterval(status_progress, 1000);
97
+ }
98
+ jQuery('input[name="quick_scan_button"]').click(function(){
99
+ document.getElementById("quick_scan_button").value = "Scanning...";
100
+
101
+ document.getElementById("mo_progress").style.display="block";
102
+ document.getElementById("progress_message").innerHTML = "Scan progress...";
103
+ document.getElementById("mo_wpns_progress_bar").style.width= 0 + "%";
104
+ document.getElementById("mo_wpns_progress_bar").innerHTML= 0 + "%";
105
+ progress_bar= setInterval(status_progress, 1000);
106
+
107
+ jQuery('input[name="quick_scan_button"]').attr('disabled', true);
108
+ jQuery('input[name="custom_scan_button"]').attr('disabled', true);
109
+ jQuery('input[name="standard_scan_button"]').attr('disabled', true);
110
+ document.getElementById('quick_scan_button').style.backgroundColor = '#20b2aa';
111
+ document.getElementById('custom_scan_button').style.backgroundColor = '#b0d2cf';
112
+ document.getElementById('standard_scan_button').style.backgroundColor = '#b0d2cf';
113
+
114
+ var data={
115
+ 'action':'mo_wpns_malware_redirect',
116
+ 'call_type':'malware_scan_initiate',
117
+ 'scan':'scan_start',
118
+ 'scantype':'quick_scan',
119
+ 'nonce':jQuery('#wpns_quick_scan_nonce').val()
120
+ };
121
+ jQuery.post(ajaxurl, data, function(response){
122
+ jQuery('#mo_scan_message').show();
123
+ jQuery('#mo_scan_message').empty();
124
+ if(response == "scanning_already"){
125
+ jQuery("#mo_scan_message").addClass("notice notice-error is-dismissible");
126
+ jQuery("#mo_scan_message").append("A scan is currently ongoing.");
127
+ window.scrollTo({ top: 0, behavior: "smooth"});
128
+ document.getElementById("quick_scan_button").value = "Quick Scan";
129
+ document.getElementById('quick_scan_button').style.backgroundColor = '#b0d2cf';
130
+ }else{
131
+ if(response=="ERROR"){
132
+ jQuery("#mo_scan_message").addClass("notice notice-error is-dismissible");
133
+ jQuery("#mo_scan_message").append("Nonce did not match.");
134
+ window.scrollTo({ top: 0, behavior: "smooth"});
135
+ }else{
136
+ jQuery("#mo_scan_message").addClass("notice notice-success is-dismissible");
137
+ jQuery("#mo_scan_message").append("Scan has been completed. You can see the results in the Scan Reports tab.");
138
+ window.scrollTo({ top: 0, behavior: "smooth" });
139
+ jQuery('#summary_all_scan_text').html(response['total_files']);
140
+ jQuery('#summary_current_scan_text').html(response['scan_files']);
141
+ jQuery('#summary_all_infect_text').html(response['total_mal']);
142
+ jQuery('#summary_current_infect_text').html(response['mal_files']);
143
+ }
144
+
145
+ jQuery('input[name="quick_scan_button"]').removeAttr('disabled');
146
+ document.getElementById('quick_scan_button').style.backgroundColor = '#20b2aa';
147
+ jQuery('input[name="standard_scan_button"]').removeAttr('disabled');
148
+ document.getElementById('standard_scan_button').style.backgroundColor = '#20b2aa';
149
+ jQuery('input[name="custom_scan_button"]').removeAttr('disabled');
150
+ document.getElementById('custom_scan_button').style.backgroundColor = '#20b2aa';
151
+ document.getElementById("quick_scan_button").value = "Quick Scan";
152
+ }
153
+
154
+
155
+ });
156
+ });
157
+
158
+ jQuery('input[name="standard_scan_button"]').click(function(){
159
+ document.getElementById("standard_scan_button").value = "Scanning...";
160
+
161
+ document.getElementById("mo_progress").style.display="block";
162
+ document.getElementById("progress_message").innerHTML = "Scan progress...";
163
+ document.getElementById("mo_wpns_progress_bar").style.width= 0 + "%";
164
+ document.getElementById("mo_wpns_progress_bar").innerHTML= 0 + "%";
165
+ progress_bar= setInterval(status_progress, 1000);
166
+
167
+ jQuery('input[name="quick_scan_button"]').attr('disabled', true);
168
+ jQuery('input[name="custom_scan_button"]').attr('disabled', true);
169
+ jQuery('input[name="standard_scan_button"]').attr('disabled', true);
170
+ document.getElementById('quick_scan_button').style.backgroundColor = '#b0d2cf';
171
+ document.getElementById('custom_scan_button').style.backgroundColor = '#b0d2cf';
172
+ document.getElementById('standard_scan_button').style.backgroundColor = '#20b2aa';
173
+
174
+ var data={
175
+ 'action':'mo_wpns_malware_redirect',
176
+ 'call_type':'malware_scan_initiate',
177
+ 'scan':'scan_start',
178
+ 'scantype':'standard_scan',
179
+ 'nonce':jQuery('#wpns_standard_scan_nonce').val()
180
+ };
181
+ jQuery.post(ajaxurl, data, function(response){
182
+ jQuery('#mo_scan_message').show();
183
+ jQuery('#mo_scan_message').empty();
184
+ if(response == "scanning_already"){
185
+ jQuery("#mo_scan_message").addClass("notice notice-error is-dismissible");
186
+ jQuery("#mo_scan_message").append("A scan is currently ongoing.");
187
+ window.scrollTo({ top: 0, behavior: "smooth"});
188
+ document.getElementById("standard_scan_button").value = "Standard Scan";
189
+ document.getElementById('standard_scan_button').style.backgroundColor = '#b0d2cf';
190
+ }else{
191
+ if(response=="ERROR"){
192
+ jQuery("#mo_scan_message").addClass("notice notice-error is-dismissible");
193
+ jQuery("#mo_scan_message").append("Nonce did not match.");
194
+ window.scrollTo({ top: 0, behavior: "smooth"});
195
+ }else{
196
+ jQuery("#mo_scan_message").addClass("notice notice-success is-dismissible");
197
+ jQuery("#mo_scan_message").append("Scan has been completed. You can see the results in the Scan Reports tab.");
198
+ window.scrollTo({ top: 0, behavior: "smooth" });
199
+ jQuery('#summary_all_scan_text').html(response['total_files']);
200
+ jQuery('#summary_current_scan_text').html(response['scan_files']);
201
+ jQuery('#summary_all_infect_text').html(response['total_mal']);
202
+ jQuery('#summary_current_infect_text').html(response['mal_files']);
203
+ }
204
+
205
+ jQuery('input[name="quick_scan_button"]').removeAttr('disabled');
206
+ document.getElementById('quick_scan_button').style.backgroundColor = '#20b2aa';
207
+ jQuery('input[name="standard_scan_button"]').removeAttr('disabled');
208
+ document.getElementById('standard_scan_button').style.backgroundColor = '#20b2aa';
209
+ jQuery('input[name="custom_scan_button"]').removeAttr('disabled');
210
+ document.getElementById('custom_scan_button').style.backgroundColor = '#20b2aa';
211
+ document.getElementById("standard_scan_button").value = "Standard Scan";
212
+ }
213
+
214
+ });
215
+ });
216
+
217
+ jQuery('input[name="custom_scan_button"]').click(function(){
218
+ document.getElementById("custom_scan_button").value = "Scanning...";
219
+
220
+ document.getElementById("mo_progress").style.display="block";
221
+ document.getElementById("progress_message").innerHTML = "Scan progress...";
222
+ document.getElementById("mo_wpns_progress_bar").style.width= 0 + "%";
223
+ document.getElementById("mo_wpns_progress_bar").innerHTML= 0 + "%";
224
+ progress_bar= setInterval(status_progress, 1000);
225
+
226
+ jQuery('input[name="quick_scan_button"]').attr('disabled', true);
227
+ jQuery('input[name="custom_scan_button"]').attr('disabled', true);
228
+ jQuery('input[name="standard_scan_button"]').attr('disabled', true);
229
+ document.getElementById('quick_scan_button').style.backgroundColor = '#b0d2cf';
230
+ document.getElementById('custom_scan_button').style.backgroundColor = '#20b2aa';
231
+ document.getElementById('standard_scan_button').style.backgroundColor = '#b0d2cf';
232
+
233
+ var data={
234
+ 'action':'mo_wpns_malware_redirect',
235
+ 'call_type':'malware_scan_initiate',
236
+ 'scan':'scan_start',
237
+ 'scantype':'custom_scan',
238
+ 'nonce':jQuery('#wpns_custom_scan_nonce').val()
239
+ };
240
+ jQuery.post(ajaxurl, data, function(response){
241
+ jQuery('#mo_scan_message').show();
242
+ jQuery('#mo_scan_message').empty();
243
+ if(response == "scanning_already"){
244
+ jQuery("#mo_scan_message").addClass("notice notice-error is-dismissible");
245
+ jQuery("#mo_scan_message").append("A scan is currently ongoing.");
246
+ window.scrollTo({ top: 0, behavior: "smooth"});
247
+ document.getElementById("custom_scan_button").value = "Custom Scan";
248
+ document.getElementById('custom_scan_button').style.backgroundColor = '#b0d2cf';
249
+ }else{
250
+ if(response=="ERROR"){
251
+ jQuery("#mo_scan_message").addClass("notice notice-error is-dismissible");
252
+ jQuery("#mo_scan_message").append("Nonce did not match.");
253
+ window.scrollTo({ top: 0, behavior: "smooth"});
254
+ }else{
255
+ jQuery("#mo_scan_message").addClass("notice notice-success is-dismissible");
256
+ jQuery("#mo_scan_message").append("Scan has been completed. You can see the results in the Scan Reports tab.");
257
+ window.scrollTo({ top: 0, behavior: "smooth" });
258
+ jQuery('#summary_all_scan_text').html(response['total_files']);
259
+ jQuery('#summary_current_scan_text').html(response['scan_files']);
260
+ jQuery('#summary_all_infect_text').html(response['total_mal']);
261
+ jQuery('#summary_current_infect_text').html(response['mal_files']);
262
+ }
263
+
264
+ jQuery('input[name="quick_scan_button"]').removeAttr('disabled');
265
+ document.getElementById('quick_scan_button').style.backgroundColor = '#20b2aa';
266
+ jQuery('input[name="standard_scan_button"]').removeAttr('disabled');
267
+ document.getElementById('standard_scan_button').style.backgroundColor = '#20b2aa';
268
+ jQuery('input[name="custom_scan_button"]').removeAttr('disabled');
269
+ document.getElementById('custom_scan_button').style.backgroundColor = '#20b2aa';
270
+ document.getElementById("custom_scan_button").value = "Custom Scan";
271
+ }
272
+
273
+ });
274
+ });
275
+ });
276
+
277
+ function status_progress(){
278
+ var data={
279
+ 'action':'mo_wpns_malware_redirect',
280
+ 'call_type':'malware_progress_bar'
281
+ };
282
+ jQuery.post(ajaxurl, data, function(response){
283
+ var bar= document.getElementById("mo_wpns_progress_bar");
284
+ if(response['status']=="COMPLETE"){
285
+ document.getElementById("progress_message").innerHTML = "Scan completed";
286
+ bar.style.width= 100 + "%";
287
+ bar.innerHTML = 100 + "%";
288
+ if(status_var == 1){
289
+ jQuery('input[name="quick_scan_button"]').removeAttr('disabled');
290
+ document.getElementById('quick_scan_button').style.backgroundColor = '#20b2aa';
291
+ document.getElementById('quick_scan_button').value="Quick Scan";
292
+ jQuery('input[name="standard_scan_button"]').removeAttr('disabled');
293
+ document.getElementById('standard_scan_button').style.backgroundColor = '#20b2aa';
294
+ document.getElementById('standard_scan_button').value="Standard Scan";
295
+ jQuery('input[name="custom_scan_button"]').removeAttr('disabled');
296
+ document.getElementById('custom_scan_button').style.backgroundColor = '#20b2aa';
297
+ document.getElementById('custom_scan_button').value="Custom Scan";
298
+ jQuery('#summary_all_scan_text').html(response['total_files']);
299
+ jQuery('#summary_current_scan_text').html(response['scan_files']);
300
+ jQuery('#summary_all_infect_text').html(response['total_mal']);
301
+ jQuery('#summary_current_infect_text').html(response['mal_files']);
302
+
303
+ }
304
+ clearInterval(progress_bar);
305
+ }else{
306
+ var width= (response['scanned']/response['total'])*100;
307
+ width = Math.round(width);
308
+ bar.style.width= width + "%";
309
+ if(response['repo_scan']==1 && width==0){
310
+ document.getElementById("progress_message").innerHTML= "Downloading plugins/themes/wordpress files from repository...";
311
+ }else{
312
+ document.getElementById("progress_message").innerHTML= "Scan progress...";
313
+ bar.innerHTML = width + "%";
314
+ }
315
+ }
316
+ });
317
+ }
318
+ </script>
319
+ <?php
320
+ }
321
+ function show_summary(){
322
+ $mo_wpns_db_handler = new MoWpnsDB();
323
+ $last_id=$mo_wpns_db_handler->get_last_id();
324
+ $send_id=$last_id[0]->max;
325
+ if(is_null($send_id)){
326
+ $total_scan=0;
327
+ $total_malicious=0;
328
+ $last_scan=0;
329
+ $malicious_last_scan=0;
330
+ }else{
331
+ $result = $mo_wpns_db_handler->get_report_with_id($send_id);
332
+ $total_scan=$mo_wpns_db_handler->count_files();
333
+ $total_malicious=$mo_wpns_db_handler->count_malicious_files();
334
+ $last_scan=$mo_wpns_db_handler->count_files_last_scan($send_id);
335
+ $malicious_last_scan=$mo_wpns_db_handler->count_malicious_last_scan($send_id);
336
+ if($total_scan > 999){
337
+ $total_scan=($total_scan/1000);
338
+ $total_scan= round($total_scan,1)."k";
339
+ }
340
+ if($total_malicious > 999){
341
+ $total_malicious=($total_malicious/1000);
342
+ $total_malicious= round($total_malicious,1)."k";
343
+ }
344
+ }
345
+ ?>
346
+ <div class="mo_wpns_sub_scansummary mo_wpns_msdivl" id="summary_all_scan">
347
+ <div class="hdiv"><b>Total Files Scanned</b></div>
348
+ <hr class="line">
349
+ <p class="wpns_font_size mo_wpns_scan_summary_text" id="summary_all_scan_text"> <?php echo $total_scan ?> </p>
350
+ </div>
351
+ <div class="mo_wpns_sub_scansummary mo_wpns_msdivr mo_wpns_msdivl" id="summary_all_infect">
352
+ <div class="hdiv"><b>Total Infected Files</b></div>
353
+ <hr class="line">
354
+ <p class="wpns_font_size mo_wpns_scan_summary_text" id="summary_all_infect_text"> <?php echo $total_malicious ?> </p>
355
+ </div>
356
+ <div class="mo_wpns_sub_scansummary mo_wpns_msdivl mo_wpns_msdivr" id="summary_current_scan">
357
+ <div class="hdiv"><b>Files scanned in last scan</b></div>
358
+ <hr class="line">
359
+ <p class="wpns_font_size mo_wpns_scan_summary_text" id="summary_current_scan_text"> <?php echo $last_scan ?> </p>
360
+ </div>
361
+ <div class="mo_wpns_sub_scansummary mo_wpns_msdivr" id="summary_current_infect">
362
+ <div class="hdiv"><b>Infected Files in last scan</b></div>
363
+ <hr class="line">
364
+ <p class="wpns_font_size mo_wpns_scan_summary_text" id="summary_current_infect_text"> <?php echo $malicious_last_scan ?> </p>
365
+ </div>
366
+
367
+ <?php
368
+ }
369
+