Acunetix Secure WordPress

Version Description

Release Info

Developer	WebsiteDefender
Plugin	Acunetix Secure WordPress
Version	2.0.1
Comparing to
See all releases

Code changes from version 2.0.0 to 2.0.1

Files changed (27) hide show

css/wsd_sw_styles.css +229 -0
img/acunetix_1.png +0 -0
img/agent-green.png +0 -0
img/agent-red.png +0 -0
img/wpss_icon_large.png +0 -0
img/wpss_icon_small_combined.png +0 -0
img/wsd-logo-small-list.png +0 -0
img/wsd-logo-small.png +0 -0
img/wsd-logo.png +0 -0
inc/json.php +806 -0
inc/recaptchalib.php +277 -0
inc/swWSD.php +831 -0
js/json.js +482 -0
js/md5.js +195 -0
js/prepare_new_user_form.js +5 -9
js/remove_wp_version.js +1 -3
js/sw_wsd.js +183 -0
js/sw_wsd_scripts.js +9 -0
js/verify_form.js +1 -1
languages/secure_wp-ar.mo +0 -0
languages/secure_wp-ar.po +0 -0
languages/secure_wp-fr_FR.mo +0 -0
languages/secure_wp-fr_FR.po +0 -0
languages/secure_wp-ro_RO.mo +0 -0
languages/secure_wp-ro_RO.po +0 -0
readme.txt +8 -2
secure-wordpress.php +987 -939

css/wsd_sw_styles.css ADDED Viewed

	@@ -0,0 +1,229 @@


1	+ /*
2	+ Document : wsd_sw_styles.css
3	+ Created on : Jul 15, 2011, 10:50:06 AM
4	+ Author : kos
5	+ Description: Define the page layout
6	+ $rev #1 07/15/2011 k$
7	+ */
8	+ /[ Overriden ]/
9	+ .poststuff { float: left; display: block; width: 49%; margin-left: 10px; }
10	+ .wrap .poststuff_left { margin-left: 0 !important;}
11	+ .wrap .poststuff_clear { clear: both; width: 100% !important; }
12	+ .form-table th { width: auto; }
13	+
14	+ /[ IMPORTED ]/
15	+
16	+ /********************************************************
17	+ * BEGIN >> General styling
18	+ */
19	+ p.wsd-error-summary {
20	+ background-color: #F9EFAC;
21	+ border: 1px dotted #f00;
22	+ color: #DC143C;
23	+ padding: 5px 10px;
24	+ margin: 10px;
25	+ font-weight: bold;
26	+ cursor: default;
27	+ }
28	+
29	+ span.wsd-error-summary-detail {
30	+ color: #000;
31	+ font-weight: normal;
32	+ font-size: 11px;
33	+ cursor: default;
34	+ }
35	+
36	+
37	+ p.wsd-success-summary {
38	+ background-color: #90EE90;
39	+ border: 1px dotted #f00;
40	+ color: #000;
41	+ padding: 5px 10px;
42	+ margin: 10px;
43	+ font-weight: bold;
44	+ cursor: default;
45	+ }
46	+
47	+ span.wsd-success-summary-detail {
48	+ color: #000;
49	+ font-weight: normal;
50	+ font-size: 11px;
51	+ cursor: default;
52	+ }
53	+
54	+
55	+ p.wsd-login-notice {
56	+ font-weight: bold;
57	+ color: #000;
58	+ margin-top: -10px;
59	+ margin-bottom: 20px;
60	+ }
61	+
62	+ .wsd-inside {
63	+ padding: 10px;
64	+ font-family: Verdana, Arial, sans-serif !important;
65	+ font-size: 100% !important;
66	+ }
67	+
68	+ p.wsd-error-summary a, .wsd-inside a {
69	+ color: #CC0000;
70	+ text-decoration: none;
71	+ }
72	+
73	+ p.wsd-error-summary a:hover, .wsd-inside a:hover {
74	+ color: #CC0000;
75	+ text-decoration: underline;
76	+ }
77	+
78	+ /********************************************************
79	+ * BEGIN >> Login form styling
80	+ */
81	+ #wsd_login_form,
82	+ #sw_wsd_login_form {
83	+ margin: 0px;
84	+ }
85	+
86	+ #wsd_login_form .wsd-login-section,
87	+ #sw_wsd_login_form .wsd-login-section {
88	+ display: block;
89	+ float: left;
90	+ width: 100%;
91	+ margin-bottom: 5px;
92	+ }
93	+
94	+ #wsd_login_form .wsd-login-section label,
95	+ #sw_wsd_login_form .wsd-login-section label {
96	+ display: block;
97	+ float: left;
98	+ width: 70px;
99	+ padding-top: 6px;
100	+ }
101	+
102	+ #wsd_login_form .wsd-login-section input,
103	+ #sw_wsd_login_form .wsd-login-section input {
104	+ display: block;
105	+ width: 200px;
106	+ float: left;
107	+ }
108	+
109	+ #wsd_login_form #wsd-login,
110	+ #sw_wsd_login_form #wsd-login {
111	+ clear: left;
112	+ margin-left: 70px;
113	+ }
114	+
115	+ /********************************************************
116	+ * BEGIN >> Registration form styling
117	+ */
118	+ #wsd_new_user_form, #sw_wsd_new_user_form {
119	+ margin: 0px;
120	+ }
121	+
122	+ #wsd_new_user_form .wsd-new-user-section,
123	+ #sw_wsd_new_user_form .wsd-new-user-section {
124	+ display: block;
125	+ float: left;
126	+ width: 100%;
127	+ margin-bottom: 5px;
128	+ }
129	+
130	+ #wsd_new_user_form .wsd-new-user-section label,
131	+ #sw_wsd_new_user_form .wsd-new-user-section label {
132	+ display: block;
133	+ float: left;
134	+ width: 120px;
135	+ padding-top: 6px;
136	+ }
137	+
138	+ #wsd_new_user_form .wsd-new-user-section input,
139	+ #sw_wsd_new_user_form .wsd-new-user-section input {
140	+ display: block;
141	+ width: 200px;
142	+ float: left;
143	+ }
144	+
145	+ #wsd_new_user_form #wsd-login,
146	+ #sw_wsd_new_user_form #wsd-login {
147	+ clear: left;
148	+ margin-left: 70px;
149	+ }
150	+
151	+
152	+ .scanpass { color: #090; }
153	+
154	+ .mrt_wpss_note {
155	+ text-align: center;
156	+ color: grey;
157	+ margin-top: 20px;
158	+ margin-bottom: 20px;
159	+ }
160	+
161	+ .wpss_icon {
162	+ background: url(../img/wsd-logo.png) no-repeat left center;
163	+ margin-top: 10px !important;
164	+ padding: 5px 0 3px 50px !important;
165	+ }
166	+
167	+ .wsd_user_notify {
168	+ border: solid 1px #fc0; background: #ffc;
169	+ padding: 5px 5px;
170	+ font-size: 100%;
171	+ }
172	+ .wsd_user_information {
173	+ border: solid 1px #324FB2; background: #E5EAF0;
174	+ padding: 5px 5px;
175	+ font-size: 100%;
176	+ }
177	+ .wsd_user_success {
178	+ border: solid 1px #030; background: #090;
179	+ padding: 5px 5px;
180	+ font-size: 100%;
181	+ color: #fff;
182	+ }
183	+ .wsd_info_list {
184	+ list-style-type: disc;
185	+ list-style-position: outside;
186	+ margin: 0 0 10px 25px;
187	+ }
188	+ div.wsd_user_information, div.wsd_user_notify, div.wsd_user_success { margin: 1em 0 !important; }
189	+
190	+ #Words { overflow: hidden; min-height: 1px; margin: 0 0 0 0 !important; padding: 0 0 0 0 !important; }
191	+ #Words p { float: left; display: block; width: 150px; line-height: normal !important; padding: 0 0 0 0; margin: 6px 0 0 0 !important; }
192	+ #Words p.indicator { height: 4px; }
193	+ #Words p.indicator-1 { background: #f00;}
194	+ #Words p.indicator-2 { background: #990000; }
195	+ #Words p.indicator-3 { background: #990099; }
196	+ #Words p.indicator-4 { background: #000099; }
197	+ #Words p.indicator-5 { background: #0000ff; }
198	+ #Words p.indicator-6 { background: #ffffff; }
199	+ #Words p+p {margin: 0 0 0 5px !important; padding: 0 0 0 0 !important; line-height: normal !important;}
200	+ #wsd_pwdtool { margin-top: 10px; }
201	+
202	+ .wsd_commonList {
203	+ list-style-type: none;
204	+ margin: 0 0 10px 0;
205	+ padding-left: 0;
206	+ }
207	+ .wsd_commonList li {
208	+ font-style: italic !important;
209	+ background: url('../img/wsd-logo-small-list.png') no-repeat 0 50%;
210	+ padding: 2px 0 2px 20px !important;
211	+ }
212	+
213	+ .wsd-inside p, .wsd-inside ul, .wsd-inside ol, .wsd-inside blockquote, .wsd-inside input, .wsd-inside select {
214	+ font-size: 100%;
215	+ }
216	+
217	+ .wsd-inside, .wsd-inside p, .wsd-inside li, .wsd-inside dl, .wsd-inside dd, .wsd-inside dt {
218	+ line-height: normal !important;
219	+ }
220	+
221	+ #wsd_db_wrapper .inner-sidebar1 { margin: 10px 10px 0 10px; }
222	+ #wsd_db_wrapper, #wsd_db_wrapper .metabox-holder {overflow:hidden; min-height:1px; }
223	+ #wsd_permissions_table { margin: 15px 0; }
224	+ #wsd_permissions_table th,
225	+ #wsd_permissions_table td { text-align: left; }
226	+ #wsd_permissions_table td { padding: 1px 7px;}
227	+ #wsd_tables_list_block { clear: both;}
228	+
229	+ .wsd_cursor_help { cursor: help; border-bottom: dotted 1px #000; }

img/acunetix_1.png ADDED Viewed

Binary file

img/agent-green.png ADDED Viewed

Binary file

img/agent-red.png ADDED Viewed

Binary file

img/wpss_icon_large.png ADDED Viewed

Binary file

img/wpss_icon_small_combined.png ADDED Viewed

Binary file

img/wsd-logo-small-list.png ADDED Viewed

Binary file

img/wsd-logo-small.png ADDED Viewed

Binary file

img/wsd-logo.png ADDED Viewed

Binary file

inc/json.php ADDED Viewed

	@@ -0,0 +1,806 @@


1	+ <?php
2	+ /* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4: */
3	+
4	+ /**
5	+ * Converts to and from JSON format.
6	+ *
7	+ * JSON (JavaScript Object Notation) is a lightweight data-interchange
8	+ * format. It is easy for humans to read and write. It is easy for machines
9	+ * to parse and generate. It is based on a subset of the JavaScript
10	+ * Programming Language, Standard ECMA-262 3rd Edition - December 1999.
11	+ * This feature can also be found in Python. JSON is a text format that is
12	+ * completely language independent but uses conventions that are familiar
13	+ * to programmers of the C-family of languages, including C, C++, C#, Java,
14	+ * JavaScript, Perl, TCL, and many others. These properties make JSON an
15	+ * ideal data-interchange language.
16	+ *
17	+ * This package provides a simple encoder and decoder for JSON notation. It
18	+ * is intended for use with client-side Javascript applications that make
19	+ * use of HTTPRequest to perform server communication functions - data can
20	+ * be encoded into JSON notation for use in a client-side javascript, or
21	+ * decoded from incoming Javascript requests. JSON format is native to
22	+ * Javascript, and can be directly eval()'ed with no further parsing
23	+ * overhead
24	+ *
25	+ * All strings should be in ASCII or UTF-8 format!
26	+ *
27	+ * LICENSE: Redistribution and use in source and binary forms, with or
28	+ * without modification, are permitted provided that the following
29	+ * conditions are met: Redistributions of source code must retain the
30	+ * above copyright notice, this list of conditions and the following
31	+ * disclaimer. Redistributions in binary form must reproduce the above
32	+ * copyright notice, this list of conditions and the following disclaimer
33	+ * in the documentation and/or other materials provided with the
34	+ * distribution.
35	+ *
36	+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
37	+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
38	+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN
39	+ * NO EVENT SHALL CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
40	+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
41	+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
42	+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
43	+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
44	+ * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
45	+ * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
46	+ * DAMAGE.
47	+ *
48	+ * @category
49	+ * @package Services_JSON
50	+ * @author Michal Migurski <mike-json@teczno.com>
51	+ * @author Matt Knapp <mdknapp[at]gmail[dot]com>
52	+ * @author Brett Stimmerman <brettstimmerman[at]gmail[dot]com>
53	+ * @copyright 2005 Michal Migurski
54	+ * @version CVS: $Id: JSON.php,v 1.31 2006/06/28 05:54:17 migurski Exp $
55	+ * @license http://www.opensource.org/licenses/bsd-license.php
56	+ * @link http://pear.php.net/pepr/pepr-proposal-show.php?id=198
57	+ */
58	+
59	+ /**
60	+ * Marker constant for Services_JSON::decode(), used to flag stack state
61	+ */
62	+ define('SERVICES_JSON_SLICE', 1);
63	+
64	+ /**
65	+ * Marker constant for Services_JSON::decode(), used to flag stack state
66	+ */
67	+ define('SERVICES_JSON_IN_STR', 2);
68	+
69	+ /**
70	+ * Marker constant for Services_JSON::decode(), used to flag stack state
71	+ */
72	+ define('SERVICES_JSON_IN_ARR', 3);
73	+
74	+ /**
75	+ * Marker constant for Services_JSON::decode(), used to flag stack state
76	+ */
77	+ define('SERVICES_JSON_IN_OBJ', 4);
78	+
79	+ /**
80	+ * Marker constant for Services_JSON::decode(), used to flag stack state
81	+ */
82	+ define('SERVICES_JSON_IN_CMT', 5);
83	+
84	+ /**
85	+ * Behavior switch for Services_JSON::decode()
86	+ */
87	+ define('SERVICES_JSON_LOOSE_TYPE', 16);
88	+
89	+ /**
90	+ * Behavior switch for Services_JSON::decode()
91	+ */
92	+ define('SERVICES_JSON_SUPPRESS_ERRORS', 32);
93	+
94	+ /**
95	+ * Converts to and from JSON format.
96	+ *
97	+ * Brief example of use:
98	+ *
99	+ * <code>
100	+ * // create a new instance of Services_JSON
101	+ * $json = new Services_JSON();
102	+ *
103	+ * // convert a complexe value to JSON notation, and send it to the browser
104	+ * $value = array('foo', 'bar', array(1, 2, 'baz'), array(3, array(4)));
105	+ * $output = $json->encode($value);
106	+ *
107	+ * print($output);
108	+ * // prints: ["foo","bar",[1,2,"baz"],[3,[4]]]
109	+ *
110	+ * // accept incoming POST data, assumed to be in JSON notation
111	+ * $input = file_get_contents('php://input', 1000000);
112	+ * $value = $json->decode($input);
113	+ * </code>
114	+ */
115	+ class Services_JSON
116	+ {
117	+ /**
118	+ * constructs a new JSON instance
119	+ *
120	+ * @param int $use object behavior flags; combine with boolean-OR
121	+ *
122	+ * possible values:
123	+ * - SERVICES_JSON_LOOSE_TYPE: loose typing.
124	+ * "{...}" syntax creates associative arrays
125	+ * instead of objects in decode().
126	+ * - SERVICES_JSON_SUPPRESS_ERRORS: error suppression.
127	+ * Values which can't be encoded (e.g. resources)
128	+ * appear as NULL instead of throwing errors.
129	+ * By default, a deeply-nested resource will
130	+ * bubble up with an error, so all return values
131	+ * from encode() should be checked with isError()
132	+ */
133	+ function Services_JSON($use = 0)
134	+ {
135	+ $this->use = $use;
136	+ }
137	+
138	+ /**
139	+ * convert a string from one UTF-16 char to one UTF-8 char
140	+ *
141	+ * Normally should be handled by mb_convert_encoding, but
142	+ * provides a slower PHP-only method for installations
143	+ * that lack the multibye string extension.
144	+ *
145	+ * @param string $utf16 UTF-16 character
146	+ * @return string UTF-8 character
147	+ * @access private
148	+ */
149	+ function utf162utf8($utf16)
150	+ {
151	+ // oh please oh please oh please oh please oh please
152	+ if(function_exists('mb_convert_encoding')) {
153	+ return mb_convert_encoding($utf16, 'UTF-8', 'UTF-16');
154	+ }
155	+
156	+ $bytes = (ord($utf16{0}) << 8) \| ord($utf16{1});
157	+
158	+ switch(true) {
159	+ case ((0x7F & $bytes) == $bytes):
160	+ // this case should never be reached, because we are in ASCII range
161	+ // see: http://www.cl.cam.ac.uk/~mgk25/unicode.html#utf-8
162	+ return chr(0x7F & $bytes);
163	+
164	+ case (0x07FF & $bytes) == $bytes:
165	+ // return a 2-byte UTF-8 character
166	+ // see: http://www.cl.cam.ac.uk/~mgk25/unicode.html#utf-8
167	+ return chr(0xC0 \| (($bytes >> 6) & 0x1F))
168	+ . chr(0x80 \| ($bytes & 0x3F));
169	+
170	+ case (0xFFFF & $bytes) == $bytes:
171	+ // return a 3-byte UTF-8 character
172	+ // see: http://www.cl.cam.ac.uk/~mgk25/unicode.html#utf-8
173	+ return chr(0xE0 \| (($bytes >> 12) & 0x0F))
174	+ . chr(0x80 \| (($bytes >> 6) & 0x3F))
175	+ . chr(0x80 \| ($bytes & 0x3F));
176	+ }
177	+
178	+ // ignoring UTF-32 for now, sorry
179	+ return '';
180	+ }
181	+
182	+ /**
183	+ * convert a string from one UTF-8 char to one UTF-16 char
184	+ *
185	+ * Normally should be handled by mb_convert_encoding, but
186	+ * provides a slower PHP-only method for installations
187	+ * that lack the multibye string extension.
188	+ *
189	+ * @param string $utf8 UTF-8 character
190	+ * @return string UTF-16 character
191	+ * @access private
192	+ */
193	+ function utf82utf16($utf8)
194	+ {
195	+ // oh please oh please oh please oh please oh please
196	+ if(function_exists('mb_convert_encoding')) {
197	+ return mb_convert_encoding($utf8, 'UTF-16', 'UTF-8');
198	+ }
199	+
200	+ switch(strlen($utf8)) {
201	+ case 1:
202	+ // this case should never be reached, because we are in ASCII range
203	+ // see: http://www.cl.cam.ac.uk/~mgk25/unicode.html#utf-8
204	+ return $utf8;
205	+
206	+ case 2:
207	+ // return a UTF-16 character from a 2-byte UTF-8 char
208	+ // see: http://www.cl.cam.ac.uk/~mgk25/unicode.html#utf-8
209	+ return chr(0x07 & (ord($utf8{0}) >> 2))
210	+ . chr((0xC0 & (ord($utf8{0}) << 6))
211	+ \| (0x3F & ord($utf8{1})));
212	+
213	+ case 3:
214	+ // return a UTF-16 character from a 3-byte UTF-8 char
215	+ // see: http://www.cl.cam.ac.uk/~mgk25/unicode.html#utf-8
216	+ return chr((0xF0 & (ord($utf8{0}) << 4))
217	+ \| (0x0F & (ord($utf8{1}) >> 2)))
218	+ . chr((0xC0 & (ord($utf8{1}) << 6))
219	+ \| (0x7F & ord($utf8{2})));
220	+ }
221	+
222	+ // ignoring UTF-32 for now, sorry
223	+ return '';
224	+ }
225	+
226	+ /**
227	+ * encodes an arbitrary variable into JSON format
228	+ *
229	+ * @param mixed $var any number, boolean, string, array, or object to be encoded.
230	+ * see argument 1 to Services_JSON() above for array-parsing behavior.
231	+ * if var is a strng, note that encode() always expects it
232	+ * to be in ASCII or UTF-8 format!
233	+ *
234	+ * @return mixed JSON string representation of input var or an error if a problem occurs
235	+ * @access public
236	+ */
237	+ function encode($var)
238	+ {
239	+ switch (gettype($var)) {
240	+ case 'boolean':
241	+ return $var ? 'true' : 'false';
242	+
243	+ case 'NULL':
244	+ return 'null';
245	+
246	+ case 'integer':
247	+ return (int) $var;
248	+
249	+ case 'double':
250	+ case 'float':
251	+ return (float) $var;
252	+
253	+ case 'string':
254	+ // STRINGS ARE EXPECTED TO BE IN ASCII OR UTF-8 FORMAT
255	+ $ascii = '';
256	+ $strlen_var = strlen($var);
257	+
258	+ /*
259	+ * Iterate over every character in the string,
260	+ * escaping with a slash or encoding to UTF-8 where necessary
261	+ */
262	+ for ($c = 0; $c < $strlen_var; ++$c) {
263	+
264	+ $ord_var_c = ord($var{$c});
265	+
266	+ switch (true) {
267	+ case $ord_var_c == 0x08:
268	+ $ascii .= '\b';
269	+ break;
270	+ case $ord_var_c == 0x09:
271	+ $ascii .= '\t';
272	+ break;
273	+ case $ord_var_c == 0x0A:
274	+ $ascii .= '\n';
275	+ break;
276	+ case $ord_var_c == 0x0C:
277	+ $ascii .= '\f';
278	+ break;
279	+ case $ord_var_c == 0x0D:
280	+ $ascii .= '\r';
281	+ break;
282	+
283	+ case $ord_var_c == 0x22:
284	+ case $ord_var_c == 0x2F:
285	+ case $ord_var_c == 0x5C:
286	+ // double quote, slash, slosh
287	+ $ascii .= '\\'.$var{$c};
288	+ break;
289	+
290	+ case (($ord_var_c >= 0x20) && ($ord_var_c <= 0x7F)):
291	+ // characters U-00000000 - U-0000007F (same as ASCII)
292	+ $ascii .= $var{$c};
293	+ break;
294	+
295	+ case (($ord_var_c & 0xE0) == 0xC0):
296	+ // characters U-00000080 - U-000007FF, mask 110XXXXX
297	+ // see http://www.cl.cam.ac.uk/~mgk25/unicode.html#utf-8
298	+ $char = pack('C*', $ord_var_c, ord($var{$c + 1}));
299	+ $c += 1;
300	+ $utf16 = $this->utf82utf16($char);
301	+ $ascii .= sprintf('\u%04s', bin2hex($utf16));
302	+ break;
303	+
304	+ case (($ord_var_c & 0xF0) == 0xE0):
305	+ // characters U-00000800 - U-0000FFFF, mask 1110XXXX
306	+ // see http://www.cl.cam.ac.uk/~mgk25/unicode.html#utf-8
307	+ $char = pack('C*', $ord_var_c,
308	+ ord($var{$c + 1}),
309	+ ord($var{$c + 2}));
310	+ $c += 2;
311	+ $utf16 = $this->utf82utf16($char);
312	+ $ascii .= sprintf('\u%04s', bin2hex($utf16));
313	+ break;
314	+
315	+ case (($ord_var_c & 0xF8) == 0xF0):
316	+ // characters U-00010000 - U-001FFFFF, mask 11110XXX
317	+ // see http://www.cl.cam.ac.uk/~mgk25/unicode.html#utf-8
318	+ $char = pack('C*', $ord_var_c,
319	+ ord($var{$c + 1}),
320	+ ord($var{$c + 2}),
321	+ ord($var{$c + 3}));
322	+ $c += 3;
323	+ $utf16 = $this->utf82utf16($char);
324	+ $ascii .= sprintf('\u%04s', bin2hex($utf16));
325	+ break;
326	+
327	+ case (($ord_var_c & 0xFC) == 0xF8):
328	+ // characters U-00200000 - U-03FFFFFF, mask 111110XX
329	+ // see http://www.cl.cam.ac.uk/~mgk25/unicode.html#utf-8
330	+ $char = pack('C*', $ord_var_c,
331	+ ord($var{$c + 1}),
332	+ ord($var{$c + 2}),
333	+ ord($var{$c + 3}),
334	+ ord($var{$c + 4}));
335	+ $c += 4;
336	+ $utf16 = $this->utf82utf16($char);
337	+ $ascii .= sprintf('\u%04s', bin2hex($utf16));
338	+ break;
339	+
340	+ case (($ord_var_c & 0xFE) == 0xFC):
341	+ // characters U-04000000 - U-7FFFFFFF, mask 1111110X
342	+ // see http://www.cl.cam.ac.uk/~mgk25/unicode.html#utf-8
343	+ $char = pack('C*', $ord_var_c,
344	+ ord($var{$c + 1}),
345	+ ord($var{$c + 2}),
346	+ ord($var{$c + 3}),
347	+ ord($var{$c + 4}),
348	+ ord($var{$c + 5}));
349	+ $c += 5;
350	+ $utf16 = $this->utf82utf16($char);
351	+ $ascii .= sprintf('\u%04s', bin2hex($utf16));
352	+ break;
353	+ }
354	+ }
355	+
356	+ return '"'.$ascii.'"';
357	+
358	+ case 'array':
359	+ /*
360	+ * As per JSON spec if any array key is not an integer
361	+ * we must treat the the whole array as an object. We
362	+ * also try to catch a sparsely populated associative
363	+ * array with numeric keys here because some JS engines
364	+ * will create an array with empty indexes up to
365	+ * max_index which can cause memory issues and because
366	+ * the keys, which may be relevant, will be remapped
367	+ * otherwise.
368	+ *
369	+ * As per the ECMA and JSON specification an object may
370	+ * have any string as a property. Unfortunately due to
371	+ * a hole in the ECMA specification if the key is a
372	+ * ECMA reserved word or starts with a digit the
373	+ * parameter is only accessible using ECMAScript's
374	+ * bracket notation.
375	+ */
376	+
377	+ // treat as a JSON object
378	+ if (is_array($var) && count($var) && (array_keys($var) !== range(0, sizeof($var) - 1))) {
379	+ $properties = array_map(array($this, 'name_value'),
380	+ array_keys($var),
381	+ array_values($var));
382	+
383	+ foreach($properties as $property) {
384	+ if(Services_JSON::isError($property)) {
385	+ return $property;
386	+ }
387	+ }
388	+
389	+ return '{' . join(',', $properties) . '}';
390	+ }
391	+
392	+ // treat it like a regular array
393	+ $elements = array_map(array($this, 'encode'), $var);
394	+
395	+ foreach($elements as $element) {
396	+ if(Services_JSON::isError($element)) {
397	+ return $element;
398	+ }
399	+ }
400	+
401	+ return '[' . join(',', $elements) . ']';
402	+
403	+ case 'object':
404	+ $vars = get_object_vars($var);
405	+
406	+ $properties = array_map(array($this, 'name_value'),
407	+ array_keys($vars),
408	+ array_values($vars));
409	+
410	+ foreach($properties as $property) {
411	+ if(Services_JSON::isError($property)) {
412	+ return $property;
413	+ }
414	+ }
415	+
416	+ return '{' . join(',', $properties) . '}';
417	+
418	+ default:
419	+ return ($this->use & SERVICES_JSON_SUPPRESS_ERRORS)
420	+ ? 'null'
421	+ : new Services_JSON_Error(gettype($var)." can not be encoded as JSON string");
422	+ }
423	+ }
424	+
425	+ /**
426	+ * array-walking function for use in generating JSON-formatted name-value pairs
427	+ *
428	+ * @param string $name name of key to use
429	+ * @param mixed $value reference to an array element to be encoded
430	+ *
431	+ * @return string JSON-formatted name-value pair, like '"name":value'
432	+ * @access private
433	+ */
434	+ function name_value($name, $value)
435	+ {
436	+ $encoded_value = $this->encode($value);
437	+
438	+ if(Services_JSON::isError($encoded_value)) {
439	+ return $encoded_value;
440	+ }
441	+
442	+ return $this->encode(strval($name)) . ':' . $encoded_value;
443	+ }
444	+
445	+ /**
446	+ * reduce a string by removing leading and trailing comments and whitespace
447	+ *
448	+ * @param $str string string value to strip of comments and whitespace
449	+ *
450	+ * @return string string value stripped of comments and whitespace
451	+ * @access private
452	+ */
453	+ function reduce_string($str)
454	+ {
455	+ $str = preg_replace(array(
456	+
457	+ // eliminate single line comments in '// ...' form
458	+ '#^\s*//(.+)$#m',
459	+
460	+ // eliminate multi-line comments in '/* ... */' form, at start of string
461	+ '#^\s/\(.+)\*/#Us',
462	+
463	+ // eliminate multi-line comments in '/* ... */' form, at end of string
464	+ '#/\(.+)\/\s*$#Us'
465	+
466	+ ), '', $str);
467	+
468	+ // eliminate extraneous space
469	+ return trim($str);
470	+ }
471	+
472	+ /**
473	+ * decodes a JSON string into appropriate variable
474	+ *
475	+ * @param string $str JSON-formatted string
476	+ *
477	+ * @return mixed number, boolean, string, array, or object
478	+ * corresponding to given JSON input string.
479	+ * See argument 1 to Services_JSON() above for object-output behavior.
480	+ * Note that decode() always returns strings
481	+ * in ASCII or UTF-8 format!
482	+ * @access public
483	+ */
484	+ function decode($str)
485	+ {
486	+ $str = $this->reduce_string($str);
487	+
488	+ switch (strtolower($str)) {
489	+ case 'true':
490	+ return true;
491	+
492	+ case 'false':
493	+ return false;
494	+
495	+ case 'null':
496	+ return null;
497	+
498	+ default:
499	+ $m = array();
500	+
501	+ if (is_numeric($str)) {
502	+ // Lookie-loo, it's a number
503	+
504	+ // This would work on its own, but I'm trying to be
505	+ // good about returning integers where appropriate:
506	+ // return (float)$str;
507	+
508	+ // Return float or int, as appropriate
509	+ return ((float)$str == (integer)$str)
510	+ ? (integer)$str
511	+ : (float)$str;
512	+
513	+ } elseif (preg_match('/^("\|\').*(\1)$/s', $str, $m) && $m[1] == $m[2]) {
514	+ // STRINGS RETURNED IN UTF-8 FORMAT
515	+ $delim = substr($str, 0, 1);
516	+ $chrs = substr($str, 1, -1);
517	+ $utf8 = '';
518	+ $strlen_chrs = strlen($chrs);
519	+
520	+ for ($c = 0; $c < $strlen_chrs; ++$c) {
521	+
522	+ $substr_chrs_c_2 = substr($chrs, $c, 2);
523	+ $ord_chrs_c = ord($chrs{$c});
524	+
525	+ switch (true) {
526	+ case $substr_chrs_c_2 == '\b':
527	+ $utf8 .= chr(0x08);
528	+ ++$c;
529	+ break;
530	+ case $substr_chrs_c_2 == '\t':
531	+ $utf8 .= chr(0x09);
532	+ ++$c;
533	+ break;
534	+ case $substr_chrs_c_2 == '\n':
535	+ $utf8 .= chr(0x0A);
536	+ ++$c;
537	+ break;
538	+ case $substr_chrs_c_2 == '\f':
539	+ $utf8 .= chr(0x0C);
540	+ ++$c;
541	+ break;
542	+ case $substr_chrs_c_2 == '\r':
543	+ $utf8 .= chr(0x0D);
544	+ ++$c;
545	+ break;
546	+
547	+ case $substr_chrs_c_2 == '\\"':
548	+ case $substr_chrs_c_2 == '\\\'':
549	+ case $substr_chrs_c_2 == '\\\\':
550	+ case $substr_chrs_c_2 == '\\/':
551	+ if (($delim == '"' && $substr_chrs_c_2 != '\\\'') \|\|
552	+ ($delim == "'" && $substr_chrs_c_2 != '\\"')) {
553	+ $utf8 .= $chrs{++$c};
554	+ }
555	+ break;
556	+
557	+ case preg_match('/\\\u[0-9A-F]{4}/i', substr($chrs, $c, 6)):
558	+ // single, escaped unicode character
559	+ $utf16 = chr(hexdec(substr($chrs, ($c + 2), 2)))
560	+ . chr(hexdec(substr($chrs, ($c + 4), 2)));
561	+ $utf8 .= $this->utf162utf8($utf16);
562	+ $c += 5;
563	+ break;
564	+
565	+ case ($ord_chrs_c >= 0x20) && ($ord_chrs_c <= 0x7F):
566	+ $utf8 .= $chrs{$c};
567	+ break;
568	+
569	+ case ($ord_chrs_c & 0xE0) == 0xC0:
570	+ // characters U-00000080 - U-000007FF, mask 110XXXXX
571	+ //see http://www.cl.cam.ac.uk/~mgk25/unicode.html#utf-8
572	+ $utf8 .= substr($chrs, $c, 2);
573	+ ++$c;
574	+ break;
575	+
576	+ case ($ord_chrs_c & 0xF0) == 0xE0:
577	+ // characters U-00000800 - U-0000FFFF, mask 1110XXXX
578	+ // see http://www.cl.cam.ac.uk/~mgk25/unicode.html#utf-8
579	+ $utf8 .= substr($chrs, $c, 3);
580	+ $c += 2;
581	+ break;
582	+
583	+ case ($ord_chrs_c & 0xF8) == 0xF0:
584	+ // characters U-00010000 - U-001FFFFF, mask 11110XXX
585	+ // see http://www.cl.cam.ac.uk/~mgk25/unicode.html#utf-8
586	+ $utf8 .= substr($chrs, $c, 4);
587	+ $c += 3;
588	+ break;
589	+
590	+ case ($ord_chrs_c & 0xFC) == 0xF8:
591	+ // characters U-00200000 - U-03FFFFFF, mask 111110XX
592	+ // see http://www.cl.cam.ac.uk/~mgk25/unicode.html#utf-8
593	+ $utf8 .= substr($chrs, $c, 5);
594	+ $c += 4;
595	+ break;
596	+
597	+ case ($ord_chrs_c & 0xFE) == 0xFC:
598	+ // characters U-04000000 - U-7FFFFFFF, mask 1111110X
599	+ // see http://www.cl.cam.ac.uk/~mgk25/unicode.html#utf-8
600	+ $utf8 .= substr($chrs, $c, 6);
601	+ $c += 5;
602	+ break;
603	+
604	+ }
605	+
606	+ }
607	+
608	+ return $utf8;
609	+
610	+ } elseif (preg_match('/^\[.\]$/s', $str) \|\| preg_match('/^\{.\}$/s', $str)) {
611	+ // array, or object notation
612	+
613	+ if ($str{0} == '[') {
614	+ $stk = array(SERVICES_JSON_IN_ARR);
615	+ $arr = array();
616	+ } else {
617	+ if ($this->use & SERVICES_JSON_LOOSE_TYPE) {
618	+ $stk = array(SERVICES_JSON_IN_OBJ);
619	+ $obj = array();
620	+ } else {
621	+ $stk = array(SERVICES_JSON_IN_OBJ);
622	+ $obj = new stdClass();
623	+ }
624	+ }
625	+
626	+ array_push($stk, array('what' => SERVICES_JSON_SLICE,
627	+ 'where' => 0,
628	+ 'delim' => false));
629	+
630	+ $chrs = substr($str, 1, -1);
631	+ $chrs = $this->reduce_string($chrs);
632	+
633	+ if ($chrs == '') {
634	+ if (reset($stk) == SERVICES_JSON_IN_ARR) {
635	+ return $arr;
636	+
637	+ } else {
638	+ return $obj;
639	+
640	+ }
641	+ }
642	+
643	+ //print("\nparsing {$chrs}\n");
644	+
645	+ $strlen_chrs = strlen($chrs);
646	+
647	+ for ($c = 0; $c <= $strlen_chrs; ++$c) {
648	+
649	+ $top = end($stk);
650	+ $substr_chrs_c_2 = substr($chrs, $c, 2);
651	+
652	+ if (($c == $strlen_chrs) \|\| (($chrs{$c} == ',') && ($top['what'] == SERVICES_JSON_SLICE))) {
653	+ // found a comma that is not inside a string, array, etc.,
654	+ // OR we've reached the end of the character list
655	+ $slice = substr($chrs, $top['where'], ($c - $top['where']));
656	+ array_push($stk, array('what' => SERVICES_JSON_SLICE, 'where' => ($c + 1), 'delim' => false));
657	+ //print("Found split at {$c}: ".substr($chrs, $top['where'], (1 + $c - $top['where']))."\n");
658	+
659	+ if (reset($stk) == SERVICES_JSON_IN_ARR) {
660	+ // we are in an array, so just push an element onto the stack
661	+ array_push($arr, $this->decode($slice));
662	+
663	+ } elseif (reset($stk) == SERVICES_JSON_IN_OBJ) {
664	+ // we are in an object, so figure
665	+ // out the property name and set an
666	+ // element in an associative array,
667	+ // for now
668	+ $parts = array();
669	+
670	+ if (preg_match('/^\s(["\'].[^\\\]["\'])\s:\s(\S.*),?$/Uis', $slice, $parts)) {
671	+ // "name":value pair
672	+ $key = $this->decode($parts[1]);
673	+ $val = $this->decode($parts[2]);
674	+
675	+ if ($this->use & SERVICES_JSON_LOOSE_TYPE) {
676	+ $obj[$key] = $val;
677	+ } else {
678	+ $obj->$key = $val;
679	+ }
680	+ } elseif (preg_match('/^\s(\w+)\s:\s(\S.),?$/Uis', $slice, $parts)) {
681	+ // name:value pair, where name is unquoted
682	+ $key = $parts[1];
683	+ $val = $this->decode($parts[2]);
684	+
685	+ if ($this->use & SERVICES_JSON_LOOSE_TYPE) {
686	+ $obj[$key] = $val;
687	+ } else {
688	+ $obj->$key = $val;
689	+ }
690	+ }
691	+
692	+ }
693	+
694	+ } elseif ((($chrs{$c} == '"') \|\| ($chrs{$c} == "'")) && ($top['what'] != SERVICES_JSON_IN_STR)) {
695	+ // found a quote, and we are not inside a string
696	+ array_push($stk, array('what' => SERVICES_JSON_IN_STR, 'where' => $c, 'delim' => $chrs{$c}));
697	+ //print("Found start of string at {$c}\n");
698	+
699	+ } elseif (($chrs{$c} == $top['delim']) &&
700	+ ($top['what'] == SERVICES_JSON_IN_STR) &&
701	+ ((strlen(substr($chrs, 0, $c)) - strlen(rtrim(substr($chrs, 0, $c), '\\'))) % 2 != 1)) {
702	+ // found a quote, we're in a string, and it's not escaped
703	+ // we know that it's not escaped becase there is _not_ an
704	+ // odd number of backslashes at the end of the string so far
705	+ array_pop($stk);
706	+ //print("Found end of string at {$c}: ".substr($chrs, $top['where'], (1 + 1 + $c - $top['where']))."\n");
707	+
708	+ } elseif (($chrs{$c} == '[') &&
709	+ in_array($top['what'], array(SERVICES_JSON_SLICE, SERVICES_JSON_IN_ARR, SERVICES_JSON_IN_OBJ))) {
710	+ // found a left-bracket, and we are in an array, object, or slice
711	+ array_push($stk, array('what' => SERVICES_JSON_IN_ARR, 'where' => $c, 'delim' => false));
712	+ //print("Found start of array at {$c}\n");
713	+
714	+ } elseif (($chrs{$c} == ']') && ($top['what'] == SERVICES_JSON_IN_ARR)) {
715	+ // found a right-bracket, and we're in an array
716	+ array_pop($stk);
717	+ //print("Found end of array at {$c}: ".substr($chrs, $top['where'], (1 + $c - $top['where']))."\n");
718	+
719	+ } elseif (($chrs{$c} == '{') &&
720	+ in_array($top['what'], array(SERVICES_JSON_SLICE, SERVICES_JSON_IN_ARR, SERVICES_JSON_IN_OBJ))) {
721	+ // found a left-brace, and we are in an array, object, or slice
722	+ array_push($stk, array('what' => SERVICES_JSON_IN_OBJ, 'where' => $c, 'delim' => false));
723	+ //print("Found start of object at {$c}\n");
724	+
725	+ } elseif (($chrs{$c} == '}') && ($top['what'] == SERVICES_JSON_IN_OBJ)) {
726	+ // found a right-brace, and we're in an object
727	+ array_pop($stk);
728	+ //print("Found end of object at {$c}: ".substr($chrs, $top['where'], (1 + $c - $top['where']))."\n");
729	+
730	+ } elseif (($substr_chrs_c_2 == '/*') &&
731	+ in_array($top['what'], array(SERVICES_JSON_SLICE, SERVICES_JSON_IN_ARR, SERVICES_JSON_IN_OBJ))) {
732	+ // found a comment start, and we are in an array, object, or slice
733	+ array_push($stk, array('what' => SERVICES_JSON_IN_CMT, 'where' => $c, 'delim' => false));
734	+ $c++;
735	+ //print("Found start of comment at {$c}\n");
736	+
737	+ } elseif (($substr_chrs_c_2 == '*/') && ($top['what'] == SERVICES_JSON_IN_CMT)) {
738	+ // found a comment end, and we're in one now
739	+ array_pop($stk);
740	+ $c++;
741	+
742	+ for ($i = $top['where']; $i <= $c; ++$i)
743	+ $chrs = substr_replace($chrs, ' ', $i, 1);
744	+
745	+ //print("Found end of comment at {$c}: ".substr($chrs, $top['where'], (1 + $c - $top['where']))."\n");
746	+
747	+ }
748	+
749	+ }
750	+
751	+ if (reset($stk) == SERVICES_JSON_IN_ARR) {
752	+ return $arr;
753	+
754	+ } elseif (reset($stk) == SERVICES_JSON_IN_OBJ) {
755	+ return $obj;
756	+
757	+ }
758	+
759	+ }
760	+ }
761	+ }
762	+
763	+ /**
764	+ * @todo Ultimately, this should just call PEAR::isError()
765	+ */
766	+ function isError($data, $code = null)
767	+ {
768	+ if (class_exists('pear')) {
769	+ return PEAR::isError($data, $code);
770	+ } elseif (is_object($data) && (get_class($data) == 'services_json_error' \|\|
771	+ is_subclass_of($data, 'services_json_error'))) {
772	+ return true;
773	+ }
774	+
775	+ return false;
776	+ }
777	+ }
778	+
779	+ if (class_exists('PEAR_Error')) {
780	+
781	+ class Services_JSON_Error extends PEAR_Error
782	+ {
783	+ function Services_JSON_Error($message = 'unknown error', $code = null,
784	+ $mode = null, $options = null, $userinfo = null)
785	+ {
786	+ parent::PEAR_Error($message, $code, $mode, $options, $userinfo);
787	+ }
788	+ }
789	+
790	+ } else {
791	+
792	+ /**
793	+ * @todo Ultimately, this class shall be descended from PEAR_Error
794	+ */
795	+ class Services_JSON_Error
796	+ {
797	+ function Services_JSON_Error($message = 'unknown error', $code = null,
798	+ $mode = null, $options = null, $userinfo = null)
799	+ {
800	+
801	+ }
802	+ }
803	+
804	+ }
805	+
806	+ ?>

inc/recaptchalib.php ADDED Viewed

	@@ -0,0 +1,277 @@


1	+ <?php
2	+ /*
3	+ * This is a PHP library that handles calling reCAPTCHA.
4	+ * - Documentation and latest version
5	+ * http://recaptcha.net/plugins/php/
6	+ * - Get a reCAPTCHA API Key
7	+ * https://www.google.com/recaptcha/admin/create
8	+ * - Discussion group
9	+ * http://groups.google.com/group/recaptcha
10	+ *
11	+ * Copyright (c) 2007 reCAPTCHA -- http://recaptcha.net
12	+ * AUTHORS:
13	+ * Mike Crawford
14	+ * Ben Maurer
15	+ *
16	+ * Permission is hereby granted, free of charge, to any person obtaining a copy
17	+ * of this software and associated documentation files (the "Software"), to deal
18	+ * in the Software without restriction, including without limitation the rights
19	+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
20	+ * copies of the Software, and to permit persons to whom the Software is
21	+ * furnished to do so, subject to the following conditions:
22	+ *
23	+ * The above copyright notice and this permission notice shall be included in
24	+ * all copies or substantial portions of the Software.
25	+ *
26	+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
27	+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
28	+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
29	+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
30	+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
31	+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
32	+ * THE SOFTWARE.
33	+ */
34	+
35	+ /**
36	+ * The reCAPTCHA server URL's
37	+ */
38	+ define("WSD_RECAPTCHA_API_SERVER", "http://www.google.com/recaptcha/api");
39	+ define("WSD_RECAPTCHA_API_SECURE_SERVER", "https://www.google.com/recaptcha/api");
40	+ define("WSD_RECAPTCHA_VERIFY_SERVER", "www.google.com");
41	+
42	+ /**
43	+ * Encodes the given data into a query string format
44	+ * @param $data - array of string elements to be encoded
45	+ * @return string - encoded request
46	+ */
47	+ function wsd__recaptcha_qsencode ($data) {
48	+ $req = "";
49	+ foreach ( $data as $key => $value )
50	+ $req .= $key . '=' . urlencode( stripslashes($value) ) . '&';
51	+
52	+ // Cut the last '&'
53	+ $req=substr($req,0,strlen($req)-1);
54	+ return $req;
55	+ }
56	+
57	+
58	+
59	+ /**
60	+ * Submits an HTTP POST to a reCAPTCHA server
61	+ * @param string $host
62	+ * @param string $path
63	+ * @param array $data
64	+ * @param int port
65	+ * @return array response
66	+ */
67	+ function wsd__recaptcha_http_post($host, $path, $data, $port = 80) {
68	+
69	+ $req = wsd__recaptcha_qsencode ($data);
70	+
71	+ $http_request = "POST $path HTTP/1.0\r\n";
72	+ $http_request .= "Host: $host\r\n";
73	+ $http_request .= "Content-Type: application/x-www-form-urlencoded;\r\n";
74	+ $http_request .= "Content-Length: " . strlen($req) . "\r\n";
75	+ $http_request .= "User-Agent: reCAPTCHA/PHP\r\n";
76	+ $http_request .= "\r\n";
77	+ $http_request .= $req;
78	+
79	+ $response = '';
80	+ if( false == ( $fs = @fsockopen($host, $port, $errno, $errstr, 10) ) ) {
81	+ die ('Could not open socket');
82	+ }
83	+
84	+ fwrite($fs, $http_request);
85	+
86	+ while ( !feof($fs) )
87	+ $response .= fgets($fs, 1160); // One TCP-IP packet
88	+ fclose($fs);
89	+ $response = explode("\r\n\r\n", $response, 2);
90	+
91	+ return $response;
92	+ }
93	+
94	+
95	+
96	+ /**
97	+ * Gets the challenge HTML (javascript and non-javascript version).
98	+ * This is called from the browser, and the resulting reCAPTCHA HTML widget
99	+ * is embedded within the HTML form it was called from.
100	+ * @param string $pubkey A public key for reCAPTCHA
101	+ * @param string $error The error given by reCAPTCHA (optional, default is null)
102	+ * @param boolean $use_ssl Should the request be made over ssl? (optional, default is false)
103	+
104	+ * @return string - The HTML to be embedded in the user's form.
105	+ */
106	+ function wsd_recaptcha_get_html ($pubkey, $error = null, $use_ssl = false)
107	+ {
108	+ if ($pubkey == null \|\| $pubkey == '') {
109	+ die ('To use reCAPTCHA you must get an API key from <a href="https://www.google.com/recaptcha/admin/create" target="_blank">https://www.google.com/recaptcha/admin/create</a>');
110	+ }
111	+
112	+ if ($use_ssl) {
113	+ $server = WSD_RECAPTCHA_API_SECURE_SERVER;
114	+ } else {
115	+ $server = WSD_RECAPTCHA_API_SERVER;
116	+ }
117	+
118	+ $errorpart = "";
119	+ if ($error) {
120	+ $errorpart = "&error=" . $error;
121	+ }
122	+ return '<script type="text/javascript" src="'. $server . '/challenge?k=' . $pubkey . $errorpart . '"></script>
123	+
124	+ <noscript>
125	+ <iframe src="'. $server . '/noscript?k=' . $pubkey . $errorpart . '" height="300" width="500" frameborder="0"></iframe><br/>
126	+ <textarea name="recaptcha_challenge_field" rows="3" cols="40"></textarea>
127	+ <input type="hidden" name="recaptcha_response_field" value="manual_challenge"/>
128	+ </noscript>';
129	+ }
130	+
131	+
132	+
133	+
134	+ /**
135	+ * A wsd_ReCaptchaResponse is returned from wsd_recaptcha_check_answer()
136	+ */
137	+ class wsd_ReCaptchaResponse {
138	+ var $is_valid;
139	+ var $error;
140	+ }
141	+
142	+
143	+ /**
144	+ * Calls an HTTP POST function to verify if the user's guess was correct
145	+ * @param string $privkey
146	+ * @param string $remoteip
147	+ * @param string $challenge
148	+ * @param string $response
149	+ * @param array $extra_params an array of extra variables to post to the server
150	+ * @return wsd_ReCaptchaResponse
151	+ */
152	+ function wsd_recaptcha_check_answer ($privkey, $remoteip, $challenge, $response, $extra_params = array())
153	+ {
154	+ if ($privkey == null \|\| $privkey == '') {
155	+ die ('To use reCAPTCHA you must get an API key from <a href="https://www.google.com/recaptcha/admin/create" target="_blank">https://www.google.com/recaptcha/admin/create</a>');
156	+ }
157	+
158	+ if ($remoteip == null \|\| $remoteip == '') {
159	+ die ('For security reasons, you must pass the remote ip to reCAPTCHA');
160	+ }
161	+
162	+
163	+
164	+ //discard spam submissions
165	+ if ($challenge == null \|\| strlen($challenge) == 0 \|\| $response == null \|\| strlen($response) == 0) {
166	+ $recaptcha_response = new wsd_ReCaptchaResponse();
167	+ $recaptcha_response->is_valid = false;
168	+ $recaptcha_response->error = 'incorrect-captcha-sol';
169	+ return $recaptcha_response;
170	+ }
171	+
172	+ $response = wsd__recaptcha_http_post (WSD_RECAPTCHA_VERIFY_SERVER, "/recaptcha/api/verify",
173	+ array (
174	+ 'privatekey' => $privkey,
175	+ 'remoteip' => $remoteip,
176	+ 'challenge' => $challenge,
177	+ 'response' => $response
178	+ ) + $extra_params
179	+ );
180	+
181	+ $answers = explode ("\n", $response [1]);
182	+ $recaptcha_response = new wsd_ReCaptchaResponse();
183	+
184	+ if (trim ($answers [0]) == 'true') {
185	+ $recaptcha_response->is_valid = true;
186	+ }
187	+ else {
188	+ $recaptcha_response->is_valid = false;
189	+ $recaptcha_response->error = $answers [1];
190	+ }
191	+ return $recaptcha_response;
192	+
193	+ }
194	+
195	+ /**
196	+ * gets a URL where the user can sign up for reCAPTCHA. If your application
197	+ * has a configuration page where you enter a key, you should provide a link
198	+ * using this function.
199	+ * @param string $domain The domain where the page is hosted
200	+ * @param string $appname The name of your application
201	+ */
202	+ function wsd_recaptcha_get_signup_url ($domain = null, $appname = null) {
203	+ return 'https://www.google.com/recaptcha/admin/create?' . wsd__recaptcha_qsencode (array ('domains' => $domain, 'app' => $appname));
204	+ }
205	+
206	+ function wsd__recaptcha_aes_pad($val) {
207	+ $block_size = 16;
208	+ $numpad = $block_size - (strlen ($val) % $block_size);
209	+ return str_pad($val, strlen ($val) + $numpad, chr($numpad));
210	+ }
211	+
212	+ /* Mailhide related code */
213	+
214	+ function wsd__recaptcha_aes_encrypt($val,$ky) {
215	+ if (! function_exists ("mcrypt_encrypt")) {
216	+ die ('To use reCAPTCHA Mailhide, you need to have the mcrypt php module installed.');
217	+ }
218	+ $mode=MCRYPT_MODE_CBC;
219	+ $enc=MCRYPT_RIJNDAEL_128;
220	+ $val=wsd__recaptcha_aes_pad($val);
221	+ return mcrypt_encrypt($enc, $ky, $val, $mode, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0");
222	+ }
223	+
224	+
225	+ function wsd__wsd_recaptcha_mailhide_urlbase64 ($x) {
226	+ return strtr(base64_encode ($x), '+/', '-_');
227	+ }
228	+
229	+ /* gets the reCAPTCHA Mailhide url for a given email, public key and private key */
230	+ function wsd_recaptcha_mailhide_url($pubkey, $privkey, $email) {
231	+ if ($pubkey == '' \|\| $pubkey == null \|\| $privkey == "" \|\| $privkey == null) {
232	+ die ('To use reCAPTCHA Mailhide, you have to sign up for a public and private key, ' .
233	+ 'you can do so at <a href="http://www.google.com/recaptcha/mailhide/apikey" target="_blank">http://www.google.com/recaptcha/mailhide/apikey</a>');
234	+ }
235	+
236	+
237	+ $ky = pack('H*', $privkey);
238	+ $cryptmail = wsd__recaptcha_aes_encrypt ($email, $ky);
239	+
240	+ return "http://www.google.com/recaptcha/mailhide/d?k=" . $pubkey . "&c=" . wsd__wsd_recaptcha_mailhide_urlbase64 ($cryptmail);
241	+ }
242	+
243	+ /**
244	+ * gets the parts of the email to expose to the user.
245	+ * eg, given johndoe@example,com return ["john", "example.com"].
246	+ * the email is then displayed as john...@example.com
247	+ */
248	+ function wsd__recaptcha_mailhide_email_parts ($email) {
249	+ $arr = preg_split("/@/", $email );
250	+
251	+ if (strlen ($arr[0]) <= 4) {
252	+ $arr[0] = substr ($arr[0], 0, 1);
253	+ } else if (strlen ($arr[0]) <= 6) {
254	+ $arr[0] = substr ($arr[0], 0, 3);
255	+ } else {
256	+ $arr[0] = substr ($arr[0], 0, 4);
257	+ }
258	+ return $arr;
259	+ }
260	+
261	+ /**
262	+ * Gets html to display an email address given a public an private key.
263	+ * to get a key, go to:
264	+ *
265	+ * http://www.google.com/recaptcha/mailhide/apikey
266	+ */
267	+ function wsd_recaptcha_mailhide_html($pubkey, $privkey, $email) {
268	+ $emailparts = wsd__recaptcha_mailhide_email_parts ($email);
269	+ $url = wsd_recaptcha_mailhide_url ($pubkey, $privkey, $email);
270	+
271	+ return htmlentities($emailparts[0]) . "<a href='" . htmlentities ($url) .
272	+ "' onclick=\"window.open('" . htmlentities ($url) . "', '', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=500,height=300'); return false;\" title=\"Reveal this e-mail address\">...</a>@" . htmlentities ($emailparts [1]);
273	+
274	+ }
275	+
276	+
277	+ ?>

inc/swWSD.php ADDED Viewed

	@@ -0,0 +1,831 @@


1	+ <?php if (!defined('ABSPATH')) { exit; }
2	+ /**
3	+ * Facilitates the login/register with websitedefender.com for website scanner.
4	+ *
5	+ * @author WebsiteDefender
6	+ * $rev #1 07/16/2011 {c}$
7	+ */
8	+ class swWSD
9	+ {
10	+ // const WSD_URL = 'https://dashboard.websitedefender.com/';
11	+ // const WSD_URL_RPC = 'https://dashboard.websitedefender.com/jsrpc.php';
12	+ // const WSD_URL_DOWN = 'https://dashboard.websitedefender.com/download.php';
13	+
14	+ const WSD_URL = 'http://192.168.0.197/saas/';
15	+ const WSD_URL_RPC = 'http://192.168.0.197/saas/jsrpc.php';
16	+ const WSD_URL_DOWN = 'http://192.168.0.197/saas/download.php';
17	+
18	+
19	+ const WSD_SOURCE = 3;
20	+ //error codes
21	+ const WSD_ERROR_LIMITATION = 0x27;
22	+ const WSD_ERROR_WPP_SERVICE_DOWN = 0x50;
23	+ const WSD_ERROR_WPP_ERROR_INVALID_URL = 0x51;
24	+ const WSD_ERROR_WPP_URL_REGISTERED = 0x52;
25	+ const WSD_WSD_ERROR_WPP_NEWUSR_PARAM = 0x53;
26	+ const WSD_ERROR_WPP_INVALID_CAPTCHA =0x54 ;
27	+ const WSD_ERROR_WPP_USER_EXIST = 0x55;
28	+ const WSD_ERROR_WPP_URL_EXIST = 0x56;
29	+ //http status
30	+ const HTTP_STATUS = 0;
31	+ const HTTP_HEADERS = 1;
32	+ const HTTP_BODY = 2;
33	+ const HTTP_CHUNK_HEADER = 3;
34	+ const HTTP_CHUNK_BODY = 4;
35	+
36	+
37	+ // constructor
38	+ public function __construct() {}
39	+
40	+
41	+ function wsd_site_url(){return get_option( 'siteurl' ).'/';}
42	+
43	+ function wsd_parseUrl($url)
44	+ {
45	+ $result = parse_url($url);
46	+ if($result === null) { return array("error"=>"Invalid URL."); }
47	+ $result["error"] = null;
48	+ if(!array_key_exists("port", $result)) {$result["port"] = 80;}
49	+ if(!array_key_exists("scheme", $result)) {$result["scheme"] = "http";}
50	+ if(!array_key_exists("query", $result)) {$result["query"] = "";}
51	+ else {$result["query"] = "?" . $result["query"];}
52	+ if(array_key_exists("host", $result))
53	+ {
54	+ if(!array_key_exists("path", $result)) $result["path"] = "";
55	+ }
56	+ else
57	+ {
58	+ if(array_key_exists("path", $result))
59	+ {
60	+ $dirs = explode("/", $result["path"], 2);
61	+ $result["host"] = $dirs[0];
62	+ if(count($dirs)>1) {
63	+ $result["path"] = "/".$dirs[1];
64	+ }
65	+ else {$result["path"] = "/";}
66	+ }
67	+ else {return array("error"=>"Invalid URL (no host).");}
68	+ }
69	+
70	+ if($result["host"] == "") {return array("error"=>"Invalid URL (no host).");}
71	+
72	+ $scheme = "http";
73	+ if(array_key_exists("scheme", $result)) {$scheme = $result["scheme"];}
74	+
75	+ if((strcasecmp($scheme,"http")!=0) && (strcasecmp($scheme,"https")!=0)) {return array("error"=>"Invalid URL (unknown scheme).");}
76	+
77	+ if(strcasecmp($scheme,"https")==0) $result["port"] = 443;
78	+
79	+ $userPass = "";
80	+ if(array_key_exists("user", $result) && array_key_exists("pass", $result)) {
81	+ $userPass = $result["user"].":".$result["pass"]."@";
82	+ }
83	+
84	+ $port = "";
85	+ if(array_key_exists("port", $result)) {$port = ":".$result["port"];}
86	+
87	+ $result["all"] = $scheme."://".$userPass.$result["host"].$port;
88	+
89	+ return $result;
90	+ }
91	+
92	+ function wsd_httpRequest($verb, $url, $body="", $headers=array(), $timeout = 10)
93	+ {
94	+ $e = error_reporting(0);
95	+
96	+ $result = array();
97	+ $result["cookie"] = null;
98	+ $result["body"] = "";
99	+ $result["length"] = null;
100	+ $result["error"] = null;
101	+
102	+ $now = time();
103	+ $url = $this->wsd_parseUrl($url);
104	+
105	+ if($url["error"] !== null) {return $url;}
106	+
107	+ $scheme = $url["scheme"]=="https" ? "ssl://" : "";
108	+
109	+ $fp = fsockopen($scheme.$url["host"], $url["port"] , $errno, $errstr, $timeout);
110	+
111	+ if (!$fp)
112	+ {
113	+ if($scheme == "ssl://")
114	+ {
115	+ $fp = fsockopen($url["host"], 80 , $errno, $errstr, $timeout);
116	+ if (!$fp)
117	+ {
118	+ error_reporting($e);
119	+ return array("error"=>"Can't connect to server [$errno]");
120	+ }
121	+ }
122	+ else
123	+ {
124	+ error_reporting($e);
125	+ return array("error"=>"Can't connect to server [$errno].");
126	+ }
127	+ }
128	+
129	+ $out = $verb." ".$url["path"].$url["query"]." HTTP/1.1\r\n";
130	+ $out .= "Host: ". $url["host"] . "\r\n";
131	+ $out .= "Connection: Close\r\n";
132	+ $out .= "Accept-Encoding: identity\r\n";
133	+ if($verb == "POST") {$out .= "Content-Length: " . strlen($body) . "\r\n"; }
134	+ foreach ($headers as $name => $value) {$out .= $name .": " . $value . "\r\n";}
135	+ $out .= "\r\n";
136	+ if($verb == "POST") {$out .= $body;}
137	+ fwrite($fp, $out);
138	+ fflush($fp);
139	+
140	+ //print "<br>".str_replace("\r\n", "<br>", $out)."<br>";
141	+
142	+ $status = self::HTTP_STATUS;
143	+ $chunked = false;
144	+ $lastChunk = "";
145	+ $chunkLength = 0;
146	+
147	+ while (!feof($fp))
148	+ {
149	+ $remaining = $timeout - (time() - $now);
150	+ if($remaining < 0) {return array("error"=>"Request timed out [1].");}
151	+
152	+ stream_set_timeout($fp, $remaining + 1);
153	+ $data = fgets($fp, 4096);
154	+ $info = stream_get_meta_data($fp);
155	+
156	+ if ($info["timed_out"])
157	+ {
158	+ error_reporting($e);
159	+ return array("error"=>"Request timed out [2].");
160	+ }
161	+
162	+ //print($data."<br>");
163	+
164	+ if($status == self::HTTP_STATUS)
165	+ {
166	+ //TODO: check status for 200, error on rest, eventually work arround 302 303
167	+ $resultStatus = trim($data);
168	+ $status = self::HTTP_HEADERS;
169	+ continue;
170	+ }
171	+
172	+ if($status == self::HTTP_HEADERS)
173	+ {
174	+ if($data == "\r\n")
175	+ {
176	+ if($chunked) {
177	+ $status = self::HTTP_CHUNK_HEADER;
178	+ }
179	+ else {$status = self::HTTP_BODY;}
180	+
181	+ continue;
182	+ }
183	+
184	+ $data = trim($data);
185	+ $separator = strpos($data, ": ");
186	+
187	+ if(($separator === false)\|\|($separator == 0) \|\| ($separator >= (strlen($data) -2))) {
188	+ return array("error"=>"Invalid HTTP response header.");
189	+ }
190	+
191	+ $name = substr($data, 0, $separator);
192	+ $value = substr($data, $separator + 2);
193	+ if(strcasecmp("Set-Cookie", $name) == 0)
194	+ {
195	+ $result["cookie"] = $value;
196	+ continue;
197	+ }
198	+ if(strcasecmp("Content-Length", $name) == 0)
199	+ {
200	+ $result["length"] = $value + 0;
201	+ continue;
202	+ }
203	+ if((strcasecmp("Transfer-Encoding", $name) == 0) && (strpos($value, 'chunked') !== false) )
204	+ {
205	+ $chunked = true;
206	+ continue;
207	+ }
208	+ continue;
209	+ }
210	+
211	+ if($status == self::HTTP_CHUNK_HEADER)
212	+ {
213	+ $data = trim($data);
214	+ $sc = strpos($data, ';');
215	+ if($sc !== false) {$data = substr($data, 0, $sc);}
216	+ $chunkLength = hexdec($data);
217	+ if($chunkLength == 0) {
218	+ break;
219	+ }
220	+ $lastChunk = "";
221	+ $status = self::HTTP_CHUNK_BODY;
222	+ continue;
223	+ }
224	+
225	+ if($status == self::HTTP_CHUNK_BODY)
226	+ {
227	+ $lastChunk .= $data;
228	+ if(strlen($lastChunk) >= $chunkLength)
229	+ {
230	+ $result["body"] .= substr($lastChunk, 0, $chunkLength);
231	+ $status = self::HTTP_CHUNK_HEADER;
232	+ }
233	+ continue;
234	+ }
235	+
236	+ if($status == self::HTTP_BODY)
237	+ {
238	+ $result["body"] .= $data;
239	+ if(($result["length"] !== null) && (strlen($result["body"]) >= $result["length"])) {
240	+ break;
241	+ }
242	+ continue;
243	+ }
244	+ }
245	+ fclose($fp);
246	+
247	+ if(($result["length"] !== null) && (strlen($result["body"]) != $result["length"])) {
248	+ array("error"=>"Invalid HTTP body length.");
249	+ }
250	+
251	+ error_reporting($e);
252	+ return $result;
253	+ }
254	+
255	+ function wsd_jsonHttpRequest($url, $data, $timeout = 10)
256	+ {
257	+ $body = json_encode($data);
258	+ $headers = array("Content-type" => "application/json");
259	+
260	+ $cookie = '';
261	+ $option_cookie = get_option("WSD-COOKIE");
262	+ if($option_cookie !== false) {$cookie = $option_cookie;}
263	+
264	+ $token = get_option("WSD-TOKEN");
265	+ if($token !== false)
266	+ {
267	+ if($cookie != ''){ $cookie .= '; ';}
268	+ $cookie .= "token=".$token;
269	+ }
270	+
271	+ if($cookie != '') {
272	+ $headers["Cookie"] = $cookie;
273	+ }
274	+
275	+ $result = $this->wsd_httpRequest("POST", $url, $body, $headers, $timeout);
276	+
277	+ if($result["cookie"] !== null)
278	+ {
279	+ if($option_cookie === false) {
280	+ add_option("WSD-COOKIE", $result["cookie"]);
281	+ }
282	+ else {update_option("WSD-COOKIE", $result["cookie"]);}
283	+ }
284	+
285	+ if($result["error"] === null)
286	+ {
287	+ $decoded = json_decode($result["body"], true);
288	+ if($decoded == null) {$result["error"] = "Invalid JSON response.".$result["body"];}
289	+ $result["body"] = $decoded;
290	+ }
291	+ return $result;
292	+ }
293	+
294	+ function wsd_jsonRPC($url, $method, $params, $timeout = 10)
295	+ {
296	+ $GLOBALS['wsd_last_err'] = array('code'=>0, 'message'=>'');
297	+ $id = rand(1,100);
298	+
299	+ $token = get_option("WSD-TOKEN");
300	+ if($token === false) {
301	+ $request = array("jsonrpc"=>"2.0", "id"=>$id, "method"=>$method, "params"=>$params);
302	+ }
303	+ else {$request = array("jsonrpc"=>"2.0", "id"=>$id, "method"=>$method, "params"=>$params, "token"=>$token);}
304	+
305	+ $response = $this->wsd_jsonHttpRequest($url, $request, $timeout);
306	+
307	+ //print("request:");print_r($request); print("<hr>"); print("response:");print_r($response); print("<hr>");
308	+
309	+ if($response["error"] !== null)
310	+ {
311	+ $GLOBALS['wsd_last_err'] = array("code" => 0, "message" => $response["error"]);
312	+ return null;
313	+ }
314	+
315	+ if((! array_key_exists("id", $response["body"])) \|\| ($response["body"]["id"] != $id) )
316	+ {
317	+ $GLOBALS['wsd_last_err'] = array("code" => 0, "message" => "Invalid JSONRPC response [0].");
318	+ return null;
319	+ }
320	+
321	+ if( array_key_exists("token", $response["body"]))
322	+ {
323	+ if($token === false) {add_option("WSD-TOKEN", $response["body"]['token']);}
324	+ else {update_option("WSD-TOKEN", $response["body"]['token']);}
325	+ }
326	+
327	+ if(array_key_exists("error", $response["body"]))
328	+ {
329	+ $GLOBALS['wsd_last_err'] = $response["body"]["error"];
330	+ return null;
331	+ }
332	+
333	+ if(! array_key_exists("result", $response["body"]))
334	+ {
335	+ $GLOBALS['wsd_last_err'] = array("code" => 0, "message" => "Invalid JSONRPC response [1].");
336	+ return null;
337	+ }
338	+
339	+ return $response["body"]["result"];
340	+ }
341	+
342	+ // ========================= RENDER UI ===========================================================
343	+
344	+ function wsd_render_error($custom_message = null)
345	+ {
346	+ $html = '';
347	+ if ($custom_message === null) {
348	+ $html = '<p class="wsd-error-summary">' . $GLOBALS['wsd_last_err']['message'];
349	+ }
350	+ else {$html = '<p class="wsd-error-summary">' . $custom_message;}
351	+ $html .= '<br /><span class="wsd-error-summary-detail">If the problem persists please continue at <a href="https://dashboard.websitedefender.com" target="_blank">Website Defender</a>.</span></p>';
352	+ echo $html;
353	+ }
354	+
355	+ function wsd_render_agent_install_issues($message)
356	+ {
357	+ //echo "wsd_render_agent_install_issues<br>";
358	+ $html = '<p class="wsd-error-summary">' . $message;
359	+ $html .= '<br /><span class="wsd-error-summary-detail">It has to be installed manually from the <a href="https://dashboard.websitedefender.com" target="_blank">WebsiteDefender dashboard</a>.</span></p>';
360	+ echo $html;
361	+ }
362	+
363	+ function wsd_render_user_login($error = '')
364	+ {
365	+ if($error !== '') {$this->wsd_render_error($error);}
366	+ ?>
367	+
368	+ <?php if(!empty($error)) { ?>
369	+ <div class="wsd-inside">
370	+ <?php } ?>
371	+
372	+ <p class="wsd-login-notice">Login here if you already have a WSD account.</p>
373	+ <form action="" method="post" id="sw_wsd_login_form" name="sw_wsd_login_form">
374	+ <div>
375	+ <div class="wsd-login-section">
376	+ <label for="wsd_login_form_email">Email:</label>
377	+ <input type="text" name="wsd_login_form_email" id="wsd_login_form_email" value="<?php echo get_option("admin_email"); ?>" />
378	+ </div>
379	+ <div class="wsd-login-section">
380	+ <label for="wsd_login_form_password">Password:</label>
381	+ <input type="password" name="wsd_login_form_password" id="wsd_login_form_password" />
382	+ </div>
383	+ <input type="submit" name="wsd-login" id="wsd-login" value="Login">
384	+ </div>
385	+ </form>
386	+
387	+ <?php if(!empty($error)) { ?>
388	+ </div>
389	+ <?php } ?>
390	+
391	+ <?php
392	+ }
393	+
394	+ function wsd_render_new_user($error = '')
395	+ {
396	+ //print "wsd_render_new_user $error<br>";
397	+
398	+ $form = $this->wsd_jsonRPC(self::WSD_URL_RPC, "cPlugin.getfrm", $this->wsd_site_url());
399	+ if ($form === null)
400	+ {
401	+ $this->wsd_render_error();
402	+ return;
403	+ }
404	+ $recaptcha_publickey = $form['captcha'];
405	+ if(empty($recaptcha_publickey))
406	+ {
407	+ $this->wsd_render_error('Invalid server response.');
408	+ return;
409	+ }
410	+
411	+ //intro text
412	+ echo '<p class="wsd-inside" style="margin-top: 0px;">';
413	+ _e('WebsiteDefender.com is based upon web application scanning technology from <a href="http://www.acunetix.com/" target="_blank">Acunetix</a>; a pioneer in website security. <a href="http://www.websitedefender.com" target="_blank">WebsiteDefender</a> requires no installation, no learning curve and no maintenance. Above all, there is no impact on site performance! WebsiteDefender regularly scans and monitors your WordPress website/blog effortlessly, efficient, easily and is available for Free! Start scanning your WordPress website/blog against malware and hackers, absolutely free!', FB_SWP_TEXTDOMAIN);
414	+ echo "</p>";
415	+
416	+ ?>
417	+ <div class="wsd-inside">
418	+ <?php
419	+ $this->wsd_render_user_login();
420	+ ?>
421	+
422	+ <h4><?php _e('Register here to use all the WebsiteDefender.com advanced features', FB_SWP_TEXTDOMAIN)?></h4>
423	+ <p><?php _e('WebsiteDefender is an online service that protects your website from any hacker activity by monitoring and auditing the security of your website, giving you easy to understand solutions to keep your website safe, always! WebsiteDefender\'s enhanced WordPress Security Checks allow it to optimise any threats on a blog or site powered by WordPress.', FB_SWP_TEXTDOMAIN)?></p>
424	+ <p><?php _e('<strong>With WebsiteDefender you can:</strong>', FB_SWP_TEXTDOMAIN)?></p>
425	+ <ul class="wsd_commonList">
426	+ <li><span>Detect Malware present on your website</span></li>
427	+ <li><span>Audit your website for security issues</span></li>
428	+ <li><span>Avoid getting blacklisted by Google</span></li>
429	+ <li><span>Keep your website content and data safe</span></li>
430	+ <li><span>Get alerted to suspicious hacker activity</span></li>
431	+ </ul>
432	+
433	+ <p><?php _e('WebsiteDefender.com does all this an more via an easy-to-understand web-based dashboard, which gives step by step solutions on how to make sure your website stays secure!', FB_SWP_TEXTDOMAIN)?></p>
434	+
435	+ <h4><?php _e('Sign up for your FREE account here', FB_SWP_TEXTDOMAIN)?></h4>
436	+
437	+ <?php
438	+ if($error !== '') {$this->wsd_render_error($error);}
439	+ ?>
440	+
441	+ <form action="#em" method="post" id="sw_wsd_new_user_form" name="sw_wsd_new_user_form">
442	+ <div id="em" class="wsd-new-user-section">
443	+ <label for="wsd_new_user_email">Email:</label>
444	+ <input type="text" name="wsd_new_user_email" id="wsd_new_user_email" value="<?php echo get_option("admin_email"); ?>" />
445	+ </div>
446	+ <div class="wsd-new-user-section">
447	+ <label for="wsd_new_user_name">Name:</label>
448	+ <input type="text" name="wsd_new_user_name" id="wsd_new_user_name" value="<?php echo isset($_POST['wsd_new_user_name']) ? $_POST['wsd_new_user_name'] : '' ?>" />
449	+ </div>
450	+ <div class="wsd-new-user-section">
451	+ <label for="wsd_new_user_surname">Surname:</label>
452	+ <input type="text" name="wsd_new_user_surname" id="wsd_new_user_surname" value="<?php echo isset($_POST['wsd_new_user_surname']) ? $_POST['wsd_new_user_surname']: '' ?>" />
453	+ </div>
454	+ <div class="wsd-new-user-section">
455	+ <label for="wsd_new_user_password">Password:</label>
456	+ <input type="password" name="wsd_new_user_password" id="wsd_new_user_password"/>
457	+ <label class="password-meter" style="background-color: rgb(238, 0, 0); display: none;">Too Short</label>
458	+ </div>
459	+ <div class="wsd-new-user-section">
460	+ <label for="wsd_new_user_password_re">Retype Password:</label>
461	+ <input type="password" name="wsd_new_user_password_re" id="wsd_new_user_password_re"/>
462	+ </div>
463	+ <div class="wsd-new-user-section">
464	+ <?php
465	+ echo wsd_recaptcha_get_html($recaptcha_publickey, null, true);
466	+ ?>
467	+ </div>
468	+ <input type="submit" name="wsd-new-user" id="wsd-new-user" value="Register">
469	+ </form>
470	+ </div>
471	+ <?php
472	+ }
473	+
474	+
475	+ function wsd_process_login()
476	+ {
477	+ $email = isset($_POST['wsd_login_form_email']) ? $_POST['wsd_login_form_email'] : null;
478	+ $password = isset($_POST['wsd_login_form_password']) ? $password = $_POST['wsd_login_form_password'] : null;
479	+
480	+ if (empty($email)) {
481	+ $this->wsd_render_user_login('Email address is required.');
482	+ return;
483	+ }
484	+
485	+ if (empty($password)) {
486	+ $this->wsd_render_user_login('Password is required.');
487	+ return;
488	+ }
489	+
490	+ // $password is received as MD5 hash
491	+ $login = $this->wsd_jsonRPC(self::WSD_URL_RPC, "cUser.login", array($email, $password));
492	+
493	+ if ($login == null) {
494	+ $this->wsd_render_user_login('Invalid login');
495	+ return;
496	+ }
497	+
498	+ $user = get_option("WSD-USER");
499	+ if ($user === false) {
500	+ add_option("WSD-USER", $email);
501	+ }
502	+ else {update_option("WSD-USER", $email);}
503	+
504	+ $this->wsd_add_or_process_target();
505	+ }
506	+
507	+ function wsd_render_add_target_id()
508	+ {
509	+ ?>
510	+ <div class="wsd-inside">
511	+ <?php if(!empty($error)) {$this->wsd_render_error($error);} ?>
512	+ <form action="" method="post" id="wsd_target_id_form" name="wsd_target_id_form">
513	+ <label for="wsd_target_update_id">Target ID:</label>
514	+ <input type="text" name="targetid" id="targetid"/>
515	+ <input type="submit" name="wsd_update_target_id" value="Update" />
516	+ </form>
517	+ </div>
518	+ <?php
519	+ }
520	+
521	+ function wsd_process_add_target_id()
522	+ {
523	+ //echo "wsd_process_add_target_id<br>";
524	+ add_option('WSD-TARGETID', $_POST['targetid']);
525	+ $this->wsd_render_target_status();
526	+ }
527	+
528	+ function wsd_add_or_process_target()
529	+ {
530	+ //check if we already registered
531	+ $targetid = get_option('WSD-TARGETID');
532	+
533	+ if($targetid !== false)
534	+ {
535	+ $this->wsd_render_target_status();
536	+ return;
537	+ }
538	+ else
539	+ {
540	+ //check first is this url is already there
541	+ $target = $this->wsd_jsonRPC(self::WSD_URL_RPC, "cPlugin.urlstatus", $this->wsd_site_url());
542	+ if($target === null)
543	+ {
544	+ $this->wsd_render_error();
545	+ return;
546	+ }
547	+ if(array_key_exists('id', $target) && ($target['id'] != null))
548	+ {
549	+ if($targetid === false) {add_option('WSD-TARGETID', $target['id']);}
550	+ else {update_option('WSD-TARGETID', $target['id']);}
551	+ $this->wsd_render_target_status();
552	+ return;
553	+ }
554	+ }
555	+
556	+ //the target was not there so we have to register a new one
557	+ $newtarget = $this->wsd_jsonRPC(self::WSD_URL_RPC, "cTargets.add", $this->wsd_site_url());
558	+ if($newtarget === null)
559	+ {
560	+ if($GLOBALS['wsd_last_err']['code'] == self::WSD_ERROR_LIMITATION)
561	+ {
562	+ $this->wsd_render_error("This account reached the maximum number of targets.");
563	+ return;
564	+ }
565	+ if($GLOBALS['wsd_last_err']['code'] == self::WSD_ERROR_WPP_URL_EXIST)
566	+ {
567	+ $this->wsd_render_add_target_id();
568	+ return;
569	+ }
570	+ print_r($GLOBALS['wsd_last_err']);
571	+ return;
572	+ }
573	+
574	+ if(!array_key_exists("id", $newtarget))
575	+ {
576	+ $this->wsd_render_error("Invalid WSD response received.");
577	+ return;
578	+ }
579	+
580	+ delete_option('WSD-TARGETID');
581	+ add_option('WSD-TARGETID', $newtarget['id']);
582	+
583	+ //download agent
584	+ $targetInstalError = '';
585	+
586	+ $headers = array("a"=>"a");
587	+ $option_cookie = get_option("WSD-COOKIE");
588	+ if($option_cookie !== false) $headers["Cookie"] = $option_cookie;
589	+
590	+ //print "<br>Downloading: ". WSD_URL_DOWN.'?id='.$newtarget['id'] ."#". print_r($headers, true). "<br>";
591	+
592	+ $agent = $this->wsd_httpRequest("GET", self::WSD_URL_DOWN.'?id='.$newtarget['id'], "", $headers);
593	+
594	+ if($agent["error"] !== null) {
595	+ $targetInstalError = 'The WebsiteDefender Agent failed to install automatically [0x01].'; //can't download
596	+ }
597	+ else
598	+ {
599	+ //try to copy the target
600	+ $agentURL = $agent["sensor_url"];
601	+ if(preg_match('/[a-f0-9]{40}.php/', $newtarget["sensor_url"], $matches))
602	+ {
603	+ $path = rtrim(ABSPATH, '/');
604	+ $path .= '/'.$matches[0];
605	+
606	+ $r = file_put_contents($path, $agent['body']);
607	+ if(!$r) {$targetInstalError = 'The WebsiteDefender Agent failed to install automatically [0x02].';} /* can't save */
608	+ }
609	+ else {$targetInstalError = 'The WebsiteDefender Agent failed to install automatically [0x03].';} /* other */
610	+ }
611	+
612	+ //test the agent, this will triger agentless if agent not functioning
613	+ $testTarget = $this->wsd_jsonRPC(self::WSD_URL_RPC, "cTargets.agenttest", $newtarget['id']);
614	+ $enbableTarget = $this->wsd_jsonRPC(self::WSD_URL_RPC, "cTargets.enable", array($newtarget['id'], true));
615	+
616	+ if($targetInstalError != '') {$this->wsd_render_agent_install_issues($targetInstalError);}
617	+
618	+ $this->wsd_render_target_status();
619	+ }
620	+
621	+ function wsd_process_new_user_form()
622	+ {
623	+ //print "wsd_process_new_user_form<br>";
624	+
625	+ $email = $_POST['wsd_new_user_email'];
626	+ $name = $_POST['wsd_new_user_name'];
627	+ $surname = $_POST['wsd_new_user_surname'];
628	+ $password = $_POST['wsd_new_user_password'];
629	+ $password_re = $_POST['wsd_new_user_password_re'];
630	+
631	+ if (empty($email)) {
632	+ $this->wsd_render_new_user('Email is required.');
633	+ return;
634	+ }
635	+ if (empty($name)) {
636	+ $this->wsd_render_new_user('Name is required.');
637	+ return;
638	+ }
639	+ if (empty($surname)) {
640	+ $this->wsd_render_new_user('Surname is required.');
641	+ return;
642	+ }
643	+ if (empty($password)) {
644	+ $this->wsd_render_new_user('Password is required.');
645	+ return;
646	+ }
647	+ if ($password != $password_re) {
648	+ $this->wsd_render_new_user('Passwords do not match.');
649	+ return;
650	+ }
651	+
652	+ $register = $this->wsd_jsonRPC(self::WSD_URL_RPC, "cPlugin.register",
653	+ array(
654	+ array("challenge"=>$_POST['recaptcha_challenge_field'],
655	+ "response"=>$_POST['recaptcha_response_field']),
656	+ array(
657	+ "url" => $this->wsd_site_url(),
658	+ "email" => $email,
659	+ "name" => $name,
660	+ "surname" => $surname,
661	+ /* the password coming from the client already as a hash */
662	+ "pass" => $password,
663	+ "source" => self::WSD_SOURCE
664	+ )
665	+ ));
666	+ if($register == null)
667	+ {
668	+ if($GLOBALS['wsd_last_err']['code'] == self::WSD_ERROR_WPP_INVALID_CAPTCHA)
669	+ {
670	+ $this->wsd_render_new_user('Invalid captcha. Please try again.');
671	+ return;
672	+ }
673	+ if($GLOBALS['wsd_last_err']['code'] == self::WSD_ERROR_WPP_USER_EXIST)
674	+ {
675	+ $this->wsd_render_new_user("This user is already registered. To continue with this user, please use the login form above or register with a new user name.");
676	+ return;
677	+ }
678	+ $this->wsd_render_new_user('Registration failed! Please try again.');
679	+ return;
680	+ }
681	+ $user = get_option("WSD-USER");
682	+ if($user === false) {
683	+ add_option("WSD-USER", $email);
684	+ }
685	+ else {update_option("WSD-USER", $email);}
686	+
687	+ $this->wsd_add_or_process_target();
688	+ }
689	+
690	+ function wsd_render_target_status()
691	+ {
692	+ #echo "wsd_render_target_status<br>";
693	+ $user = get_option('WSD-USER');
694	+ if((!is_string($user))\|\|($user == "") ) {$user = get_option("admin_email"); }
695	+ $status = $this->wsd_jsonRPC(self::WSD_URL_RPC, "cPlugin.status", array($user, get_option('WSD-TARGETID')));
696	+ if($status === null)
697	+ {
698	+ $this->wsd_render_error();
699	+ return;
700	+ }
701	+ if((!array_key_exists('active', $status)) \|\| ($status['active'] !== 1))
702	+ {
703	+ //our target is not valid anymore
704	+ delete_option('WSD-TARGETID');
705	+ return false;
706	+ }
707	+
708	+ echo '<p class="wsd-inside">';
709	+ echo 'Thank you for registering with WebsiteDefender. Please navigate to the <a target="_blank" href="https://dashboard.websitedefender.com/">WebsiteDefender dashboard</a> to see the alerts.';
710	+ echo "</p>";
711	+
712	+ $enabled = array_key_exists('enabled', $status) ? $status['enabled'] : null;
713	+ $scanned = array_key_exists('scanned', $status) ? $status['scanned'] : null;
714	+ $agentless = array_key_exists('agentless', $status) ? $status['agentless'] : null;
715	+
716	+ if (!is_numeric($enabled) \|\| !is_numeric($scanned) \|\| !is_numeric($agentless))
717	+ {
718	+ $this->wsd_render_error('Invalid server response.');
719	+ return;
720	+ }
721	+ $enabled = intval($enabled);
722	+ $scanned = intval($scanned);
723	+ $agentless = intval($agentless);
724	+ ?>
725	+
726	+ <div id="wsd-target-status-holder" class="wsd-inside">
727	+ <p class="wsd-target-status-title">
728	+ Website status on Website Defender
729	+ </p>
730	+ <div class="wsd-target-status-section">
731	+ <?php
732	+ // $statusText = 'NO';
733	+ // if ($enabled == 1) {
734	+ // $statusText = 'YES';
735	+ // }
736	+ $statusText = (($enabled == 1) ? 'YES' : 'NO');
737	+
738	+ echo '<span class="wsd-target-status-section-label">Enabled: </span>',
739	+ '<span class="wsd-target-status-section-', $enabled ? 'enabled' : 'disabled', '">', $statusText, '</span>';
740	+ ?>
741	+ </div>
742	+ <div class="wsd-target-status-section">
743	+ <?php
744	+ // $statusText = 'NO';
745	+ // if ($scanned == 1) {
746	+ // $statusText = 'YES';
747	+ // }
748	+ $statusText = (($scanned == 1) ? 'YES' : 'NO');
749	+
750	+ echo '<span class="wsd-target-status-section-label">Scanned: </span>',
751	+ '<span class="wsd-target-status-section-', $scanned ? 'enabled' : 'disabled', '">', $statusText, '</span>';
752	+ ?>
753	+ </div>
754	+ <div class="wsd-target-status-section">
755	+ <?php
756	+ // $statusText = 'UP';
757	+ // if ($agentless == 1) {
758	+ // $statusText = 'DOWN';
759	+ // }
760	+ $statusText = (($agentless == 1) ? 'DOWN' : 'UP');
761	+
762	+ echo '<span class="wsd-target-status-section-label">Agent status: </span>',
763	+ '<span class="wsd-target-status-section-', $agentless ? 'disabled' : 'enabled', '">', $statusText, '</span>';
764	+ ?>
765	+ </div>
766	+ </div>
767	+
768	+ <?php return true; }
769	+
770	+ function wsd_render_main()
771	+ {
772	+ if(1==0)
773	+ {
774	+ delete_option('WSD-TARGETID');
775	+ delete_option("WSD-COOKIE");
776	+ delete_option("WSD-USER");
777	+ return;
778	+ }
779	+
780	+ if(isset($_POST['wsd-new-user']))
781	+ {
782	+ $this->wsd_process_new_user_form();
783	+ return;
784	+ }
785	+
786	+ if(isset($_POST['wsd-login']))
787	+ {
788	+ $this->wsd_process_login();
789	+ return;
790	+ }
791	+
792	+ if(isset($_POST['wsd_update_target_id']))
793	+ {
794	+ $this->wsd_process_add_target_id();
795	+ return;
796	+ }
797	+
798	+ $targetid = get_option("WSD-TARGETID");
799	+ if($targetid !== false)
800	+ {
801	+ $this->wsd_render_target_status();
802	+ return;
803	+ }
804	+
805	+ $hello = $this->wsd_jsonRPC(self::WSD_URL_RPC, "cPlugin.hello", $this->wsd_site_url());
806	+ if($hello == null)
807	+ {
808	+ $this->wsd_render_error();
809	+ return;
810	+ }
811	+
812	+ if($hello == 'registered')
813	+ {
814	+ $this->wsd_render_add_target_id();
815	+ return;
816	+ }
817	+ elseif($hello == 'new')
818	+ {
819	+ //$user = get_option("WSD-USER"); if($user === false)
820	+ $this->wsd_render_new_user();
821	+ //else wsd_render_user_login();
822	+ }
823	+ else
824	+ {
825	+ $this->wsd_render_error("Invalid server response.");
826	+ return;
827	+ }
828	+ }
829	+
830	+ }
831	+ /* End of file: swWSD.php */

js/json.js ADDED Viewed

	@@ -0,0 +1,482 @@


1	+ /*
2	+ http://www.JSON.org/json2.js
3	+ 2010-03-20
4	+
5	+ Public Domain.
6	+
7	+ NO WARRANTY EXPRESSED OR IMPLIED. USE AT YOUR OWN RISK.
8	+
9	+ See http://www.JSON.org/js.html
10	+
11	+
12	+ This code should be minified before deployment.
13	+ See http://javascript.crockford.com/jsmin.html
14	+
15	+ USE YOUR OWN COPY. IT IS EXTREMELY UNWISE TO LOAD CODE FROM SERVERS YOU DO
16	+ NOT CONTROL.
17	+
18	+
19	+ This file creates a global JSON object containing two methods: stringify
20	+ and parse.
21	+
22	+ JSON.stringify(value, replacer, space)
23	+ value any JavaScript value, usually an object or array.
24	+
25	+ replacer an optional parameter that determines how object
26	+ values are stringified for objects. It can be a
27	+ function or an array of strings.
28	+
29	+ space an optional parameter that specifies the indentation
30	+ of nested structures. If it is omitted, the text will
31	+ be packed without extra whitespace. If it is a number,
32	+ it will specify the number of spaces to indent at each
33	+ level. If it is a string (such as '\t' or ' '),
34	+ it contains the characters used to indent at each level.
35	+
36	+ This method produces a JSON text from a JavaScript value.
37	+
38	+ When an object value is found, if the object contains a toJSON
39	+ method, its toJSON method will be called and the result will be
40	+ stringified. A toJSON method does not serialize: it returns the
41	+ value represented by the name/value pair that should be serialized,
42	+ or undefined if nothing should be serialized. The toJSON method
43	+ will be passed the key associated with the value, and this will be
44	+ bound to the value
45	+
46	+ For example, this would serialize Dates as ISO strings.
47	+
48	+ Date.prototype.toJSON = function (key) {
49	+ function f(n) {
50	+ // Format integers to have at least two digits.
51	+ return n < 10 ? '0' + n : n;
52	+ }
53	+
54	+ return this.getUTCFullYear() + '-' +
55	+ f(this.getUTCMonth() + 1) + '-' +
56	+ f(this.getUTCDate()) + 'T' +
57	+ f(this.getUTCHours()) + ':' +
58	+ f(this.getUTCMinutes()) + ':' +
59	+ f(this.getUTCSeconds()) + 'Z';
60	+ };
61	+
62	+ You can provide an optional replacer method. It will be passed the
63	+ key and value of each member, with this bound to the containing
64	+ object. The value that is returned from your method will be
65	+ serialized. If your method returns undefined, then the member will
66	+ be excluded from the serialization.
67	+
68	+ If the replacer parameter is an array of strings, then it will be
69	+ used to select the members to be serialized. It filters the results
70	+ such that only members with keys listed in the replacer array are
71	+ stringified.
72	+
73	+ Values that do not have JSON representations, such as undefined or
74	+ functions, will not be serialized. Such values in objects will be
75	+ dropped; in arrays they will be replaced with null. You can use
76	+ a replacer function to replace those with JSON values.
77	+ JSON.stringify(undefined) returns undefined.
78	+
79	+ The optional space parameter produces a stringification of the
80	+ value that is filled with line breaks and indentation to make it
81	+ easier to read.
82	+
83	+ If the space parameter is a non-empty string, then that string will
84	+ be used for indentation. If the space parameter is a number, then
85	+ the indentation will be that many spaces.
86	+
87	+ Example:
88	+
89	+ text = JSON.stringify(['e', {pluribus: 'unum'}]);
90	+ // text is '["e",{"pluribus":"unum"}]'
91	+
92	+
93	+ text = JSON.stringify(['e', {pluribus: 'unum'}], null, '\t');
94	+ // text is '[\n\t"e",\n\t{\n\t\t"pluribus": "unum"\n\t}\n]'
95	+
96	+ text = JSON.stringify([new Date()], function (key, value) {
97	+ return this[key] instanceof Date ?
98	+ 'Date(' + this[key] + ')' : value;
99	+ });
100	+ // text is '["Date(---current time---)"]'
101	+
102	+
103	+ JSON.parse(text, reviver)
104	+ This method parses a JSON text to produce an object or array.
105	+ It can throw a SyntaxError exception.
106	+
107	+ The optional reviver parameter is a function that can filter and
108	+ transform the results. It receives each of the keys and values,
109	+ and its return value is used instead of the original value.
110	+ If it returns what it received, then the structure is not modified.
111	+ If it returns undefined then the member is deleted.
112	+
113	+ Example:
114	+
115	+ // Parse the text. Values that look like ISO date strings will
116	+ // be converted to Date objects.
117	+
118	+ myData = JSON.parse(text, function (key, value) {
119	+ var a;
120	+ if (typeof value === 'string') {
121	+ a =
122	+ /^(\d{4})-(\d{2})-(\d{2})T(\d{2}):(\d{2}):(\d{2}(?:\.\d*)?)Z$/.exec(value);
123	+ if (a) {
124	+ return new Date(Date.UTC(+a[1], +a[2] - 1, +a[3], +a[4],
125	+ +a[5], +a[6]));
126	+ }
127	+ }
128	+ return value;
129	+ });
130	+
131	+ myData = JSON.parse('["Date(09/09/2001)"]', function (key, value) {
132	+ var d;
133	+ if (typeof value === 'string' &&
134	+ value.slice(0, 5) === 'Date(' &&
135	+ value.slice(-1) === ')') {
136	+ d = new Date(value.slice(5, -1));
137	+ if (d) {
138	+ return d;
139	+ }
140	+ }
141	+ return value;
142	+ });
143	+
144	+
145	+ This is a reference implementation. You are free to copy, modify, or
146	+ redistribute.
147	+ */
148	+
149	+ /jslint evil: true, strict: false /
150	+
151	+ /*members "", "\b", "\t", "\n", "\f", "\r", "\"", JSON, "\\", apply,
152	+ call, charCodeAt, getUTCDate, getUTCFullYear, getUTCHours,
153	+ getUTCMinutes, getUTCMonth, getUTCSeconds, hasOwnProperty, join,
154	+ lastIndex, length, parse, prototype, push, replace, slice, stringify,
155	+ test, toJSON, toString, valueOf
156	+ */
157	+
158	+
159	+ // Create a JSON object only if one does not already exist. We create the
160	+ // methods in a closure to avoid creating global variables.
161	+
162	+ if (!this.JSON) {
163	+ this.JSON = {};
164	+ }
165	+
166	+ (function () {
167	+
168	+ function f(n) {
169	+ // Format integers to have at least two digits.
170	+ return n < 10 ? '0' + n : n;
171	+ }
172	+
173	+ if (typeof Date.prototype.toJSON !== 'function') {
174	+
175	+ Date.prototype.toJSON = function (key) {
176	+
177	+ return isFinite(this.valueOf()) ?
178	+ this.getUTCFullYear() + '-' +
179	+ f(this.getUTCMonth() + 1) + '-' +
180	+ f(this.getUTCDate()) + 'T' +
181	+ f(this.getUTCHours()) + ':' +
182	+ f(this.getUTCMinutes()) + ':' +
183	+ f(this.getUTCSeconds()) + 'Z' : null;
184	+ };
185	+
186	+ String.prototype.toJSON =
187	+ Number.prototype.toJSON =
188	+ Boolean.prototype.toJSON = function (key) {
189	+ return this.valueOf();
190	+ };
191	+ }
192	+
193	+ var cx = /[\u0000\u00ad\u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff]/g,
194	+ escapable = /[\\\"\x00-\x1f\x7f-\x9f\u00ad\u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff]/g,
195	+ gap,
196	+ indent,
197	+ meta = { // table of character substitutions
198	+ '\b': '\\b',
199	+ '\t': '\\t',
200	+ '\n': '\\n',
201	+ '\f': '\\f',
202	+ '\r': '\\r',
203	+ '"' : '\\"',
204	+ '\\': '\\\\'
205	+ },
206	+ rep;
207	+
208	+
209	+ function quote(string) {
210	+
211	+ // If the string contains no control characters, no quote characters, and no
212	+ // backslash characters, then we can safely slap some quotes around it.
213	+ // Otherwise we must also replace the offending characters with safe escape
214	+ // sequences.
215	+
216	+ escapable.lastIndex = 0;
217	+ return escapable.test(string) ?
218	+ '"' + string.replace(escapable, function (a) {
219	+ var c = meta[a];
220	+ return typeof c === 'string' ? c :
221	+ '\\u' + ('0000' + a.charCodeAt(0).toString(16)).slice(-4);
222	+ }) + '"' :
223	+ '"' + string + '"';
224	+ }
225	+
226	+
227	+ function str(key, holder) {
228	+
229	+ // Produce a string from holder[key].
230	+
231	+ var i, // The loop counter.
232	+ k, // The member key.
233	+ v, // The member value.
234	+ length,
235	+ mind = gap,
236	+ partial,
237	+ value = holder[key];
238	+
239	+ // If the value has a toJSON method, call it to obtain a replacement value.
240	+
241	+ if (value && typeof value === 'object' &&
242	+ typeof value.toJSON === 'function') {
243	+ value = value.toJSON(key);
244	+ }
245	+
246	+ // If we were called with a replacer function, then call the replacer to
247	+ // obtain a replacement value.
248	+
249	+ if (typeof rep === 'function') {
250	+ value = rep.call(holder, key, value);
251	+ }
252	+
253	+ // What happens next depends on the value's type.
254	+
255	+ switch (typeof value) {
256	+ case 'string':
257	+ return quote(value);
258	+
259	+ case 'number':
260	+
261	+ // JSON numbers must be finite. Encode non-finite numbers as null.
262	+
263	+ return isFinite(value) ? String(value) : 'null';
264	+
265	+ case 'boolean':
266	+ case 'null':
267	+
268	+ // If the value is a boolean or null, convert it to a string. Note:
269	+ // typeof null does not produce 'null'. The case is included here in
270	+ // the remote chance that this gets fixed someday.
271	+
272	+ return String(value);
273	+
274	+ // If the type is 'object', we might be dealing with an object or an array or
275	+ // null.
276	+
277	+ case 'object':
278	+
279	+ // Due to a specification blunder in ECMAScript, typeof null is 'object',
280	+ // so watch out for that case.
281	+
282	+ if (!value) {
283	+ return 'null';
284	+ }
285	+
286	+ // Make an array to hold the partial results of stringifying this object value.
287	+
288	+ gap += indent;
289	+ partial = [];
290	+
291	+ // Is the value an array?
292	+
293	+ if (Object.prototype.toString.apply(value) === '[object Array]') {
294	+
295	+ // The value is an array. Stringify every element. Use null as a placeholder
296	+ // for non-JSON values.
297	+
298	+ length = value.length;
299	+ for (i = 0; i < length; i += 1) {
300	+ partial[i] = str(i, value) \|\| 'null';
301	+ }
302	+
303	+ // Join all of the elements together, separated with commas, and wrap them in
304	+ // brackets.
305	+
306	+ v = partial.length === 0 ? '[]' :
307	+ gap ? '[\n' + gap +
308	+ partial.join(',\n' + gap) + '\n' +
309	+ mind + ']' :
310	+ '[' + partial.join(',') + ']';
311	+ gap = mind;
312	+ return v;
313	+ }
314	+
315	+ // If the replacer is an array, use it to select the members to be stringified.
316	+
317	+ if (rep && typeof rep === 'object') {
318	+ length = rep.length;
319	+ for (i = 0; i < length; i += 1) {
320	+ k = rep[i];
321	+ if (typeof k === 'string') {
322	+ v = str(k, value);
323	+ if (v) {
324	+ partial.push(quote(k) + (gap ? ': ' : ':') + v);
325	+ }
326	+ }
327	+ }
328	+ } else {
329	+
330	+ // Otherwise, iterate through all of the keys in the object.
331	+
332	+ for (k in value) {
333	+ if (Object.hasOwnProperty.call(value, k)) {
334	+ v = str(k, value);
335	+ if (v) {
336	+ partial.push(quote(k) + (gap ? ': ' : ':') + v);
337	+ }
338	+ }
339	+ }
340	+ }
341	+
342	+ // Join all of the member texts together, separated with commas,
343	+ // and wrap them in braces.
344	+
345	+ v = partial.length === 0 ? '{}' :
346	+ gap ? '{\n' + gap + partial.join(',\n' + gap) + '\n' +
347	+ mind + '}' : '{' + partial.join(',') + '}';
348	+ gap = mind;
349	+ return v;
350	+ }
351	+ }
352	+
353	+ // If the JSON object does not yet have a stringify method, give it one.
354	+
355	+ if (typeof JSON.stringify !== 'function') {
356	+ JSON.stringify = function (value, replacer, space) {
357	+
358	+ // The stringify method takes a value and an optional replacer, and an optional
359	+ // space parameter, and returns a JSON text. The replacer can be a function
360	+ // that can replace values, or an array of strings that will select the keys.
361	+ // A default replacer method can be provided. Use of the space parameter can
362	+ // produce text that is more easily readable.
363	+
364	+ var i;
365	+ gap = '';
366	+ indent = '';
367	+
368	+ // If the space parameter is a number, make an indent string containing that
369	+ // many spaces.
370	+
371	+ if (typeof space === 'number') {
372	+ for (i = 0; i < space; i += 1) {
373	+ indent += ' ';
374	+ }
375	+
376	+ // If the space parameter is a string, it will be used as the indent string.
377	+
378	+ } else if (typeof space === 'string') {
379	+ indent = space;
380	+ }
381	+
382	+ // If there is a replacer, it must be a function or an array.
383	+ // Otherwise, throw an error.
384	+
385	+ rep = replacer;
386	+ if (replacer && typeof replacer !== 'function' &&
387	+ (typeof replacer !== 'object' \|\|
388	+ typeof replacer.length !== 'number')) {
389	+ throw new Error('JSON.stringify');
390	+ }
391	+
392	+ // Make a fake root object containing our value under the key of ''.
393	+ // Return the result of stringifying the value.
394	+
395	+ return str('', {'': value});
396	+ };
397	+ }
398	+
399	+
400	+ // If the JSON object does not yet have a parse method, give it one.
401	+
402	+ if (typeof JSON.parse !== 'function') {
403	+ JSON.parse = function (text, reviver) {
404	+
405	+ // The parse method takes a text and an optional reviver function, and returns
406	+ // a JavaScript value if the text is a valid JSON text.
407	+
408	+ var j;
409	+
410	+ function walk(holder, key) {
411	+
412	+ // The walk method is used to recursively walk the resulting structure so
413	+ // that modifications can be made.
414	+
415	+ var k, v, value = holder[key];
416	+ if (value && typeof value === 'object') {
417	+ for (k in value) {
418	+ if (Object.hasOwnProperty.call(value, k)) {
419	+ v = walk(value, k);
420	+ if (v !== undefined) {
421	+ value[k] = v;
422	+ } else {
423	+ delete value[k];
424	+ }
425	+ }
426	+ }
427	+ }
428	+ return reviver.call(holder, key, value);
429	+ }
430	+
431	+
432	+ // Parsing happens in four stages. In the first stage, we replace certain
433	+ // Unicode characters with escape sequences. JavaScript handles many characters
434	+ // incorrectly, either silently deleting them, or treating them as line endings.
435	+
436	+ text = String(text);
437	+ cx.lastIndex = 0;
438	+ if (cx.test(text)) {
439	+ text = text.replace(cx, function (a) {
440	+ return '\\u' +
441	+ ('0000' + a.charCodeAt(0).toString(16)).slice(-4);
442	+ });
443	+ }
444	+
445	+ // In the second stage, we run the text against regular expressions that look
446	+ // for non-JSON patterns. We are especially concerned with '()' and 'new'
447	+ // because they can cause invocation, and '=' because it can cause mutation.
448	+ // But just to be safe, we want to reject all unexpected forms.
449	+
450	+ // We split the second stage into 4 regexp operations in order to work around
451	+ // crippling inefficiencies in IE's and Safari's regexp engines. First we
452	+ // replace the JSON backslash pairs with '@' (a non-JSON character). Second, we
453	+ // replace all simple value tokens with ']' characters. Third, we delete all
454	+ // open brackets that follow a colon or comma or that begin the text. Finally,
455	+ // we look to see that the remaining characters are only whitespace or ']' or
456	+ // ',' or ':' or '{' or '}'. If that is so, then the text is safe for eval.
457	+
458	+ if (/^[\],:{}\s]*$/.
459	+ test(text.replace(/\\(?:["\\\/bfnrt]\|u[0-9a-fA-F]{4})/g, '@').
460	+ replace(/"[^"\\\n\r]"\|true\|false\|null\|-?\d+(?:\.\d)?(?:[eE][+\-]?\d+)?/g, ']').
461	+ replace(/(?:^\|:\|,)(?:\s*\[)+/g, ''))) {
462	+
463	+ // In the third stage we use the eval function to compile the text into a
464	+ // JavaScript structure. The '{' operator is subject to a syntactic ambiguity
465	+ // in JavaScript: it can begin a block or an object literal. We wrap the text
466	+ // in parens to eliminate the ambiguity.
467	+
468	+ j = eval('(' + text + ')');
469	+
470	+ // In the optional fourth stage, we recursively walk the new structure, passing
471	+ // each name/value pair to a reviver function for possible transformation.
472	+
473	+ return typeof reviver === 'function' ?
474	+ walk({'': j}, '') : j;
475	+ }
476	+
477	+ // If the text is not JSON parseable, then a SyntaxError is thrown.
478	+
479	+ throw new SyntaxError('JSON.parse');
480	+ };
481	+ }
482	+ }());

js/md5.js ADDED Viewed

	@@ -0,0 +1,195 @@


1	+ var wsdMD5 = function (string)
2	+ {
3	+ function RotateLeft(lValue, iShiftBits) {
4	+ return (lValue<<iShiftBits) \| (lValue>>>(32-iShiftBits));
5	+ }
6	+
7	+ function AddUnsigned(lX,lY) {
8	+ var lX4,lY4,lX8,lY8,lResult;
9	+ lX8 = (lX & 0x80000000);
10	+ lY8 = (lY & 0x80000000);
11	+ lX4 = (lX & 0x40000000);
12	+ lY4 = (lY & 0x40000000);
13	+ lResult = (lX & 0x3FFFFFFF)+(lY & 0x3FFFFFFF);
14	+ if (lX4 & lY4) {
15	+ return (lResult ^ 0x80000000 ^ lX8 ^ lY8);
16	+ }
17	+ if (lX4 \| lY4) {
18	+ if (lResult & 0x40000000) {
19	+ return (lResult ^ 0xC0000000 ^ lX8 ^ lY8);
20	+ }
21	+ else {return (lResult ^ 0x40000000 ^ lX8 ^ lY8);}
22	+ }
23	+ else {return (lResult ^ lX8 ^ lY8);}
24	+ }
25	+
26	+ function F(x,y,z) { return (x & y) \| ((~x) & z); }
27	+ function G(x,y,z) { return (x & z) \| (y & (~z)); }
28	+ function H(x,y,z) { return (x ^ y ^ z); }
29	+ function I(x,y,z) { return (y ^ (x \| (~z))); }
30	+
31	+ function FF(a,b,c,d,x,s,ac) {
32	+ a = AddUnsigned(a, AddUnsigned(AddUnsigned(F(b, c, d), x), ac));
33	+ return AddUnsigned(RotateLeft(a, s), b);
34	+ };
35	+
36	+ function GG(a,b,c,d,x,s,ac) {
37	+ a = AddUnsigned(a, AddUnsigned(AddUnsigned(G(b, c, d), x), ac));
38	+ return AddUnsigned(RotateLeft(a, s), b);
39	+ };
40	+
41	+ function HH(a,b,c,d,x,s,ac) {
42	+ a = AddUnsigned(a, AddUnsigned(AddUnsigned(H(b, c, d), x), ac));
43	+ return AddUnsigned(RotateLeft(a, s), b);
44	+ };
45	+
46	+ function II(a,b,c,d,x,s,ac) {
47	+ a = AddUnsigned(a, AddUnsigned(AddUnsigned(I(b, c, d), x), ac));
48	+ return AddUnsigned(RotateLeft(a, s), b);
49	+ };
50	+
51	+ function ConvertToWordArray(string) {
52	+ var lWordCount;
53	+ var lMessageLength = string.length;
54	+ var lNumberOfWords_temp1=lMessageLength + 8;
55	+ var lNumberOfWords_temp2=(lNumberOfWords_temp1-(lNumberOfWords_temp1 % 64))/64;
56	+ var lNumberOfWords = (lNumberOfWords_temp2+1)*16;
57	+ var lWordArray=Array(lNumberOfWords-1);
58	+ var lBytePosition = 0;
59	+ var lByteCount = 0;
60	+ while ( lByteCount < lMessageLength ) {
61	+ lWordCount = (lByteCount-(lByteCount % 4))/4;
62	+ lBytePosition = (lByteCount % 4)*8;
63	+ lWordArray[lWordCount] = (lWordArray[lWordCount] \| (string.charCodeAt(lByteCount)<<lBytePosition));
64	+ lByteCount++;
65	+ }
66	+ lWordCount = (lByteCount-(lByteCount % 4))/4;
67	+ lBytePosition = (lByteCount % 4)*8;
68	+ lWordArray[lWordCount] = lWordArray[lWordCount] \| (0x80<<lBytePosition);
69	+ lWordArray[lNumberOfWords-2] = lMessageLength<<3;
70	+ lWordArray[lNumberOfWords-1] = lMessageLength>>>29;
71	+ return lWordArray;
72	+ };
73	+
74	+ function WordToHex(lValue) {
75	+ var WordToHexValue="",WordToHexValue_temp="",lByte,lCount;
76	+ for (lCount = 0;lCount<=3;lCount++) {
77	+ lByte = (lValue>>>(lCount*8)) & 255;
78	+ WordToHexValue_temp = "0" + lByte.toString(16);
79	+ WordToHexValue = WordToHexValue + WordToHexValue_temp.substr(WordToHexValue_temp.length-2,2);
80	+ }
81	+ return WordToHexValue;
82	+ };
83	+
84	+ function Utf8Encode(string) {
85	+ string = string.replace(/\r\n/g,"\n");
86	+ var utftext = "";
87	+ for (var n = 0; n < string.length; n++)
88	+ {
89	+ var c = string.charCodeAt(n);
90	+ if (c < 128) {
91	+ utftext += String.fromCharCode(c);
92	+ }
93	+ else if((c > 127) && (c < 2048)) {
94	+ utftext += String.fromCharCode((c >> 6) \| 192);
95	+ utftext += String.fromCharCode((c & 63) \| 128);
96	+ }
97	+ else {
98	+ utftext += String.fromCharCode((c >> 12) \| 224);
99	+ utftext += String.fromCharCode(((c >> 6) & 63) \| 128);
100	+ utftext += String.fromCharCode((c & 63) \| 128);
101	+ }
102	+ }
103	+
104	+ return utftext;
105	+ };
106	+
107	+ var x=Array();
108	+ var k,AA,BB,CC,DD,a,b,c,d;
109	+ var S11=7, S12=12, S13=17, S14=22;
110	+ var S21=5, S22=9 , S23=14, S24=20;
111	+ var S31=4, S32=11, S33=16, S34=23;
112	+ var S41=6, S42=10, S43=15, S44=21;
113	+
114	+ string = Utf8Encode(string);
115	+
116	+ x = ConvertToWordArray(string);
117	+
118	+ a = 0x67452301; b = 0xEFCDAB89; c = 0x98BADCFE; d = 0x10325476;
119	+
120	+ for (k=0;k<x.length;k+=16) {
121	+ AA=a; BB=b; CC=c; DD=d;
122	+ a=FF(a,b,c,d,x[k+0], S11,0xD76AA478);
123	+ d=FF(d,a,b,c,x[k+1], S12,0xE8C7B756);
124	+ c=FF(c,d,a,b,x[k+2], S13,0x242070DB);
125	+ b=FF(b,c,d,a,x[k+3], S14,0xC1BDCEEE);
126	+ a=FF(a,b,c,d,x[k+4], S11,0xF57C0FAF);
127	+ d=FF(d,a,b,c,x[k+5], S12,0x4787C62A);
128	+ c=FF(c,d,a,b,x[k+6], S13,0xA8304613);
129	+ b=FF(b,c,d,a,x[k+7], S14,0xFD469501);
130	+ a=FF(a,b,c,d,x[k+8], S11,0x698098D8);
131	+ d=FF(d,a,b,c,x[k+9], S12,0x8B44F7AF);
132	+ c=FF(c,d,a,b,x[k+10],S13,0xFFFF5BB1);
133	+ b=FF(b,c,d,a,x[k+11],S14,0x895CD7BE);
134	+ a=FF(a,b,c,d,x[k+12],S11,0x6B901122);
135	+ d=FF(d,a,b,c,x[k+13],S12,0xFD987193);
136	+ c=FF(c,d,a,b,x[k+14],S13,0xA679438E);
137	+ b=FF(b,c,d,a,x[k+15],S14,0x49B40821);
138	+ a=GG(a,b,c,d,x[k+1], S21,0xF61E2562);
139	+ d=GG(d,a,b,c,x[k+6], S22,0xC040B340);
140	+ c=GG(c,d,a,b,x[k+11],S23,0x265E5A51);
141	+ b=GG(b,c,d,a,x[k+0], S24,0xE9B6C7AA);
142	+ a=GG(a,b,c,d,x[k+5], S21,0xD62F105D);
143	+ d=GG(d,a,b,c,x[k+10],S22,0x2441453);
144	+ c=GG(c,d,a,b,x[k+15],S23,0xD8A1E681);
145	+ b=GG(b,c,d,a,x[k+4], S24,0xE7D3FBC8);
146	+ a=GG(a,b,c,d,x[k+9], S21,0x21E1CDE6);
147	+ d=GG(d,a,b,c,x[k+14],S22,0xC33707D6);
148	+ c=GG(c,d,a,b,x[k+3], S23,0xF4D50D87);
149	+ b=GG(b,c,d,a,x[k+8], S24,0x455A14ED);
150	+ a=GG(a,b,c,d,x[k+13],S21,0xA9E3E905);
151	+ d=GG(d,a,b,c,x[k+2], S22,0xFCEFA3F8);
152	+ c=GG(c,d,a,b,x[k+7], S23,0x676F02D9);
153	+ b=GG(b,c,d,a,x[k+12],S24,0x8D2A4C8A);
154	+ a=HH(a,b,c,d,x[k+5], S31,0xFFFA3942);
155	+ d=HH(d,a,b,c,x[k+8], S32,0x8771F681);
156	+ c=HH(c,d,a,b,x[k+11],S33,0x6D9D6122);
157	+ b=HH(b,c,d,a,x[k+14],S34,0xFDE5380C);
158	+ a=HH(a,b,c,d,x[k+1], S31,0xA4BEEA44);
159	+ d=HH(d,a,b,c,x[k+4], S32,0x4BDECFA9);
160	+ c=HH(c,d,a,b,x[k+7], S33,0xF6BB4B60);
161	+ b=HH(b,c,d,a,x[k+10],S34,0xBEBFBC70);
162	+ a=HH(a,b,c,d,x[k+13],S31,0x289B7EC6);
163	+ d=HH(d,a,b,c,x[k+0], S32,0xEAA127FA);
164	+ c=HH(c,d,a,b,x[k+3], S33,0xD4EF3085);
165	+ b=HH(b,c,d,a,x[k+6], S34,0x4881D05);
166	+ a=HH(a,b,c,d,x[k+9], S31,0xD9D4D039);
167	+ d=HH(d,a,b,c,x[k+12],S32,0xE6DB99E5);
168	+ c=HH(c,d,a,b,x[k+15],S33,0x1FA27CF8);
169	+ b=HH(b,c,d,a,x[k+2], S34,0xC4AC5665);
170	+ a=II(a,b,c,d,x[k+0], S41,0xF4292244);
171	+ d=II(d,a,b,c,x[k+7], S42,0x432AFF97);
172	+ c=II(c,d,a,b,x[k+14],S43,0xAB9423A7);
173	+ b=II(b,c,d,a,x[k+5], S44,0xFC93A039);
174	+ a=II(a,b,c,d,x[k+12],S41,0x655B59C3);
175	+ d=II(d,a,b,c,x[k+3], S42,0x8F0CCC92);
176	+ c=II(c,d,a,b,x[k+10],S43,0xFFEFF47D);
177	+ b=II(b,c,d,a,x[k+1], S44,0x85845DD1);
178	+ a=II(a,b,c,d,x[k+8], S41,0x6FA87E4F);
179	+ d=II(d,a,b,c,x[k+15],S42,0xFE2CE6E0);
180	+ c=II(c,d,a,b,x[k+6], S43,0xA3014314);
181	+ b=II(b,c,d,a,x[k+13],S44,0x4E0811A1);
182	+ a=II(a,b,c,d,x[k+4], S41,0xF7537E82);
183	+ d=II(d,a,b,c,x[k+11],S42,0xBD3AF235);
184	+ c=II(c,d,a,b,x[k+2], S43,0x2AD7D2BB);
185	+ b=II(b,c,d,a,x[k+9], S44,0xEB86D391);
186	+ a=AddUnsigned(a,AA);
187	+ b=AddUnsigned(b,BB);
188	+ c=AddUnsigned(c,CC);
189	+ d=AddUnsigned(d,DD);
190	+ }
191	+
192	+ var temp = WordToHex(a)+WordToHex(b)+WordToHex(c)+WordToHex(d);
193	+
194	+ return temp.toLowerCase();
195	+ };

js/prepare_new_user_form.js CHANGED Viewed

	@@ -1,20 +1,19 @@

1	var recaptchaPublic = "6Ld1jcASAAAAAAyGvwtF6ujAd0yf3jFlj220qcrZ";
2	var waiting = 0;
3	-
4	function ifLoaded(){
5	waiting++;
6	if(waiting>=20){
7	return false
8	}
9	- if( wsd_form_fields != undefined &&
10	- Recaptcha != undefined &&
11	- document.getElementById("~~wsd_new_user_form~~") &&
12	- wsd_commonPasswords != undefined)
13	constructForm();
14	else
15	setTimeout(ifLoaded, 250);
16	}
17	-
18	function addInputElement(holder, name, type, label, description){
19	var inputRow = document.createElement("TR");
20	var cell = document.createElement("TH");
	@@ -31,11 +30,9 @@ function addInputElement(holder, name, type, label, description){
31	inputRow.appendChild(cell);
32	holder.appendChild(inputRow);
33	}
34	-
35	function constructForm(){
36	var inputHolder = document.getElementById("wsd_new_user_form_dynamic_inputs_table");
37	if(!inputHolder)return false;
38	-
39	for(var i=0; i<wsd_form_fields.length; i++){
40	addInputElement(inputHolder, wsd_form_fields[i].name, wsd_form_fields[i].type, wsd_form_fields[i].label, wsd_form_fields[i].descr);
41	}
	@@ -44,5 +41,4 @@ function constructForm(){
44	if(img=document.getElementById("img_loading_animation"))img.style.display="none";
45	if(div=document.getElementById("wsd_new_user_form_div"))div.style.visibility="visible";
46	}
47	-
48	setTimeout(ifLoaded, 250);


1	+ /$rev #1 07/16/2011 {c}/
2	var recaptchaPublic = "6Ld1jcASAAAAAAyGvwtF6ujAd0yf3jFlj220qcrZ";
3	var waiting = 0;

4	function ifLoaded(){
5	waiting++;
6	if(waiting>=20){
7	return false
8	}
9	+ if( typeof(wsd_form_fields) != 'undefined' &&
10	+ typeof(Recaptcha) != 'undefined' &&
11	+ document.getElementById("sw_wsd_new_user_form") &&
12	+ typeof(wsd_commonPasswords) != 'undefined')
13	constructForm();
14	else
15	setTimeout(ifLoaded, 250);
16	}

17	function addInputElement(holder, name, type, label, description){
18	var inputRow = document.createElement("TR");
19	var cell = document.createElement("TH");

30	inputRow.appendChild(cell);
31	holder.appendChild(inputRow);
32	}

33	function constructForm(){
34	var inputHolder = document.getElementById("wsd_new_user_form_dynamic_inputs_table");
35	if(!inputHolder)return false;

36	for(var i=0; i<wsd_form_fields.length; i++){
37	addInputElement(inputHolder, wsd_form_fields[i].name, wsd_form_fields[i].type, wsd_form_fields[i].label, wsd_form_fields[i].descr);
38	}

41	if(img=document.getElementById("img_loading_animation"))img.style.display="none";
42	if(div=document.getElementById("wsd_new_user_form_div"))div.style.visibility="visible";
43	}

44	setTimeout(ifLoaded, 250);

js/remove_wp_version.js CHANGED Viewed

@@ -1,3 +1 @@
-            -
            jQuery(document).ready(function($) {
-            -
            	$("#wp-version-message, #footer-upgrade").remove();
-            -
            });


1	+ jQuery(document).ready(function($) {$("#wp-version-message, #footer-upgrade").remove();});

js/sw_wsd.js ADDED Viewed

	@@ -0,0 +1,183 @@


1	+ if(console===undefined){var console={log:function(){return;}};}
2	+
3	+
4	+ function sw_wsdPassStrengthProvider($)
5	+ {
6	+ this.badPass=['abc123','password','computer','123456','tigger','a1b2c3','qwerty','password1','carmen','mickey','secret','summer','internet','service','canada','ranger','shadow','baseball','donald','harley','hockey','letmein','maggie','mustang','snoopy','buster','dragon','jordan','michael','michelle','patrick','123abc','andrew','calvin','changeme','diamond','fuckme','fuckyou','matthew','miller','trustno1','12345678','123456789','avalon','brandy','chelsea','coffee','falcon','freedom','gandalf','helpme','merlin','molson','newyork','soccer','thomas','wizard','Monday','asdfgh','bandit','batman','butthead','dorothy','eeyore','fishing',
7	+ 'football','george','iloveyou','jennifer','jonathan','marina','master','monday','monkey','natasha','ncc1701','newpass','pamela','pepper','piglet','poohbear','pookie','rabbit','rachel','rocket','sparky','spring','steven','success','sunshine','thx1138','victoria','whatever','zapata','8675309','Internet','amanda','august','barney','biteme','boomer','cowboy','doctor','fisher','foobar','island','joshua','marley','orange','please','rascal','richard','scooter','shalom','silver','skippy','stanley','taylor','welcome','zephyr','111111','aaaaaa','access','albert','alexander','andrea','anthony','asdfjkl;','ashley','basketball',
8	+ 'beavis','booboo','bradley','brandon','caitlin','camaro','charlie','chicken','cricket','dakota','dallas','daniel','debbie','dolphin','elephant','friend','fucker','ginger','goodluck','hammer','heather','iceman','jessica','joseph','jupiter','justin','knight','lacrosse','lakers','lizard','madison','mother','muffin','murphy','ncc1701d','newuser','nirvana','pentium','phoenix','picture','rainbow','saturn','shannon','shithead','skeeter','sophie','special','stephanie','stephen','sweetie','teacher','tennis','test123','topgun','tristan','william','wilson','1q2w3e','654321','666666','a12345','a1b2c3d4','angela','archie','blazer',
9	+ 'bond007','booger','charles','christin','claire','control','david1','dennis','digital','disney','edward','flipper','franklin','horses','hunter','indigo','jasper','jeremy','julian','kelsey','killer','kingfish','lauren','maryjane','matrix','maverick','mayday','mercury','mitchell','morgan','mountain','niners','nothing','oliver','peanut','pearljam','phantom','popcorn','princess','psycho','pumpkin','purple','rebecca','reddog','robert','salmon','samson','sharon','sierra','smokey','startrek','steelers','stimpy','sunflower','superman','support','sydney','techno','telecom','walter','willie','willow','winner','zxcvbnm','absolut',
10	+ 'alaska','alexis','animal','apples','babylon5','backup','barbara','benjamin','bird33','bluebird','bonnie','camera','chocolate','claudia','cocacola','compton','connect','cookie','cruise','deliver','douglas','dreamer','dreams','duckie','eagles','einstein','explorer','family','ferrari','flamingo','flower','foxtrot','francis','freddy','friday','froggy','galileo','giants','global','gopher','hansolo','happy1','hendrix','herman','houston','iguana','indiana','insane','inside','ironman','jasmin','jeanne','justice','katherine','kermit','leslie','martin','minnie','nascar','nelson','netware','pantera','parker','passwd','penguin',
11	+ 'porsche911','prince','punkin','pyramid','raymond','rosebud','route66','running','security','sergei','sheena','sheila','skiing','snapple','snowball','sparrow','spencer','stealth','student','sylvia','tamara','taurus','teresa','theresa','thunderbird','tigers','toyota','training','travel','tuesday','victory','viper1','wesley','whisky','winnie','winter','wolves','xyz123','123123','1234567','696969','888888','Anthony','Bond007','Friday','Hendrix','Joshua','Matthew','October','Taurus','Tigger','abcdef','adidas','adrian','alexandr','alfred','arthur','athena','austin','awesome','badger','bamboo','beagle','beatles','beautiful',
12	+ 'beaver','bigmac','blonde','boogie','boston','brenda','bright','bubba1','bubbles','button','buttons','cactus','captain','carlos','caroline','carrie','casper','catalog','catch22','challenge','chance','charity','charlotte','cheese','cheryl','chris1','clancy','clipper','coltrane','compaq','conrad','cooper','cooter','copper','cosmos','cougar','cracker','crawford','crystal','curtis','cyclone','cyrano','deutsch','diablo','dilbert','dollars','dookie','dumbass','dundee','e-mail','elizabeth','europe','export','farmer','firebird','fletcher','fluffy','fountain','france','freak1','friends','fuckoff','gabriel','gabriell','galaxy',
13	+ 'gambit','garden','garfield','garlic','garnet','genesis','genius','godzilla','goforit','golfer','goober','grateful','greenday','groovy','grover','guitar','hacker','hector','herbert','horizon','hornet','howard','icecream','imagine','impala','informix','janice','jasmine','jason1','jeanette','jeffrey','jenifer','jesus1','jewels','julie1','junior','justin1','kathleen','kelly1','kennedy','kevin1','knicks','larry1','ledzep','leonard','lestat','library','lincoln','lionking','london','louise','lucky1','maddog','mailman','majordomo','mantra','margaret','mariposa','market','marlboro','martin1','master1','mazda1','mensuck','mercedes',
14	+ 'metallic','midori','millie','mirage','money1','monica','monopoly','mookie','moroni','nathan','ncc1701e','nesbitt','nguyen','nicholas','nicole','nimrod','october','olivia','online','oxford','pacific','painter','peaches','penelope','petunia','philip','phoenix1','pickle','player','poiuyt','porsche','porter','python','quality','raquel','remember','republic','research','robbie','robert1','runner','russell','sailing','sailor','samantha','savage','scarlett','school','shadow1','shelby','simple','skipper','smiley','snickers','sniper','snoopdog','snowman','spitfire','sprite','spunky','starwars','station','stella','stingray',
15	+ 'stormy','stupid','sumuinen','sunny1','sunrise','surfer','teddy1','testing','theboss','theking','thumper','tintin','tomcat','trebor','trevor','tweety','unicorn','valentine','valerie','vanilla','veronica','victor','vincent','warrior','warriors','weasel','wheels','wilbur','winston','wisdom','wombat','xanadu','xavier','yellow','zaphod','zeppelin','!@#$%^','!@#$%^&*','10sne1','1p2o3i','3bears','Andrew','Broadway','Champs','Family','Fisher','Friends','Jeanne','Killer','Knight','Master','Michael','Michelle','Pentium','Pepper','Raistlin','Sierra','Snoopy','Tennis','Tuesday','abacab','abcd1234','abcdefg','abigail','account',
16	+ 'acropolis','alice1','allison','alpine','anders','andre1','andrea1','angel1','annette','antares','apache','apollo','aragorn','arizona','arnold','arsenal','asdfasdf','asdfghjk','avenger','avenir','babydoll','bailey','banana','basket','batman1','beaner','beatrice','bertha','bigben','bigdog','biggles','bigman','biology','bishop','blondie','blowfish','bluefish','bobcat','braves','brazil','bridges','brutus','buffalo','bulldog','bullet','bullshit','business','butler','butter','california','cannondale','carebear','carol1','carole','cassie','castle','catalina','catherine','catnip','cccccc','celine','center','champion','chanel',
17	+ 'chelsea1','chester1','chicago','christian','christy','church','cinder','colleen','colorado','columbia','commander','connie','content','cookies','cooking','cordelia','corona','cowboys','coyote','crack1','creative','cuddles','cuervo','daisie','daniel1','danielle','database','davids','deadhead','denali','depeche','design','destiny','dickens','dickhead','digger','dodger','dougie','dragonfly','eclipse','electric','emerald','emmitt','entropy','etoile','excalibur','express','farout','farside','feedback','fender','fireman','firenze','fletch','florida','flowers','foster','fozzie','francesco','francine','francois','french','fuckface',
18	+ 'gargoyle','gasman','gemini','general','gerald','germany','gilbert','goaway','golden','goldfish','gordon','graham','graphic','gregory','gretchen','gunner','hal9000','hannah','harold','harrison','harvey','hawkeye','heaven','helena','herzog','hithere','hobbit','ibanez','idontknow','integra','intern','intrepid','ireland','isabel','jackie','jackson','jaguar','jamaica','jenny1','jessie','jethrotull','jkl123','johanna1','johnny','joker1','jordan23','judith','jumanji','kangaroo','karen1','keepout','keith1','kenneth','kidder','kimberly','kingdom','kitkat','kramer','kristen','lambda','laurie','lawrence','lawyer','legend','liberty',
19	+ 'lindsay','lindsey','liverpool','logical','lonely','lorrie','lovely','loveme','madonna','malcolm','malibu','marathon','marcel','maria1','mariah','mariah1','marilyn','mariner','marvin','maurice','maxine','maxwell','meggie','melanie','melissa','melody','merlot','mexico','michael1','michele','midnight','midway','miracle','mishka','mmouse','molly1','monique','montreal','moocow','morris','mortimer','mouse1','mulder','nautica','nellie','nermal','newton','nicarao','nirvana1','nissan','norman','notebook','olivier','oranges','oregon','overkill','pacers','packer','pandora','panther','passion','patricia','peewee','pencil','people',
20	+ 'person','peter1','picard','picasso','pierre','pinkfloyd','polaris','police','pookie1','predator','preston','primus','prometheus','public','q1w2e3','queenie','quentin','random','rangers','raptor','rastafarian','reality','redrum','remote','reptile','reynolds','rhonda','ricardo','ricardo1','roadrunner','robinhood','robotech','rocknroll','rocky1','ronald','ruthie','sabrina','sakura','salasana','sampson','samuel','sandra','sapphire','scarecrow','scarlet','scorpio','scott1','scottie','scruffy','scuba1','seattle','serena','sergey','shanti','shogun','singer','skibum','skywalker','slacker','smashing','smiles','snowflake','snowski',
21	+ 'snuffy','soccer1','soleil','spanky','speedy','spider','spooky','stacey','star69','starter','steven1','sting1','stinky','strawberry','stuart','sunbird','sundance','superfly','suzanne','suzuki','swimmer','swimming','system','tarzan','teddybear','teflon','temporal','terminal','theatre','thejudge','thunder','thursday','tinker','tootsie','tornado','tricia','trident','trojan','truman','trumpet','tucker','turtle','utopia','valhalla','voyager','warcraft','warlock','warren','williams','windsurf','winona','woofwoof','wrangler','wright','xcountry','xfiles','xxxxxx','yankees','yvonne','zenith','zigzag','zombie','zxc123','000000',
22	+ '007007','11111111','123321','171717','181818','1a2b3c','1chris','1kitty','1qw23e','4runner','57chevy','7777777','789456','7dwarfs','88888888','Abcdefg','Alexis','Animals','Bailey','Bastard','Beavis','Bismillah','Booboo','Boston','Canucks','Cardinal','Celtics','ChangeMe','Charlie','Computer','Cougar','Creative','Curtis','Daniel','Darkman','Denise','Dragon','Eagles','Elizabeth','Esther','Figaro','Fishing','Fortune','Freddy','Front242','Gandalf','Geronimo','Gingers','Golden','Goober','Gretel','HARLEY','Hacker','Hammer','Harley','Heather','Hershey','Jackson','Jennifer','Jersey','Jessica','Joanna','Johnson','Jordan','KILLER',
23	+ 'Kitten','Liberty','Lindsay','Lizard','Madeline','Margaret','Maxwell','Mellon','Merlot','Metallic','Michel1','Monster','Montreal','Newton','Nicholas','Noriko','Paladin','Pamela','Password','Peaches','Peanuts','Phoenix','Piglet','Pookie','Princess','Purple','Rabbit','Raiders','Random','Rebecca','Robert','Russell','Saturn','Service','Shadow','Sidekick','Skeeter','Smokey','Sparky','Speedy','Sterling','Steven','Summer','Sunshine','Superman','Sverige','Swoosh','Taylor','Theresa','Thomas','Thunder','Vernon','Victoria','Vincent','Waterloo','Webster','Willow','Winnie','Wolverine','Woodrow','aardvark','abbott','abcd123','accord',
24	+ 'active','admin1','adrock','aerobics','africa','airborne','airwolf','aki123','alfaro','alicia','aliens','alison','allegro','allstate','alpha1','altamira','althea','altima','altima1','amanda1','amazing','america','anderson','andrew!','andrew1','andromed','angels','angie1','anneli','anything','apple1','apple2','applepie','aptiva','aquarius','ariane','arlene','artemis','asdf1234','asdf;lkj','asdfjkl','ashley1','ashraf','ashton','assmunch','asterix','attila','autumn','avatar','ayelet','aylmer','baraka','barbie','barney1','barnyard','barrett','bartman','beaches','beanie','beasty','beauty','beavis1','belgium','belize','belmont',
25	+ 'benson','beowulf','bernardo','betacam','bharat','bichon','bigboss','bigred','billy1','bimmer','bioboy','biochem','birdie','birthday','biscuit','bitter','blackjack','blanche','blinds','blowjob','blowme','blueeyes','bluejean','bogart','bombay','boobie','bootsie','boulder','bourbon','boxers','branch','brandi','brewster','bridge','britain','broker','bronco','bronte','brooke','brother','bubble','buddha','budgie','buffett','burton','butterfly','c00per','calendar','calgary','calvin1','camille','campbell','camping','cancer','canela','cannon','carbon','carnage','carolyn','carrot','cascade','catfish','catwoman','cecile','celica',
26	+ 'cement','cessna','chainsaw','chameleon','change','chantal','charger','cherry','chiara','chiefs','chinacat','chinook','chouette','chris123','christ1','christmas','christopher','chronos','cicero','cindy1','cinema','circuit','cirque','cirrus','clapton','clarkson','claude','claudel','clueless','cobain','colette','college','colors','colt45','concept','concorde','confused','coolbean','cornflake','corvette','corwin','country','courier','crescent','crowley','crusader','cthulhu','cunningham','cupcake','current','cutlass','cynthia','daedalus','dagger','dagger1','dammit','damogran','dancer','daphne','darkstar','darren','darryl',
27	+ 'darwin','datatrain','daytek','deborah','december','decker','deedee','deeznuts','delano','delete','denise','desert','deskjet','detroit','devine','dexter','dharma','dianne','diesel','dillweed','dipper','director','dodgers','dogbert','doitnow','dollar','dominique','domino','dontknow','doogie','doudou','downtown','dragon1','driver','dudley','dutchess','dwight','eagle1','easter','eastern','edmund','element','elina1','elissa','elliot','empire','engage','enigma','enterprise','ernie1','escort','escort1','estelle','eugene','evelyn','explore','faculty','fairview','family1','fatboy','felipe','fenris','ferguson','ferret','ferris',
28	+ 'finance','fireball','fishes','fishhead','fishie','flanders','fleurs','flight','florida1','flowerpot','flyboy','forward','franka','freddie','frederic','freebird','freeman','frisco','froggie','froggies','front242','frontier','fugazi','funguy','funtime','future','gaelic','gambler','gammaphi','garcia','garfunkel','gaston','gateway','gateway2','gator1','george1','georgia','german','germany1','getout','ggeorge','gibbons','gibson','gilgamesh','giselle','glider1','gmoney','goblin','goblue','godiva','goethe','gofish','gollum','gramps','grandma','gravis','gremlin','gretzky','grizzly','grumpy','guitar1','gustavo','h2opolo','haggis',
29	+ 'hailey','halloween','hallowell','hamilton','hamlet','hanson','happy123','happyday','hardcore','harley1','harriet','harris','harvard','hawkeye1','health','health1','heather1','heather2','hedgehog','heikki','helene','hello1','hello123','hello8','hellohello','help123','helper','hermes','heythere','highland','hillary','histoire','history','hitler','hobbes','holiday','homerj','honda1','hongkong','hoosier','hootie','hosehead','hotrod','hudson','hummer','huskies','hydrogen','ib6ub9','if6was9','iforget','ilmari','iloveu','impact','indonesia','ingvar','insight','instruct','integral','iomega','irmeli','isabelle','israel','italia',
30	+ 'j1l2t3','jackie1','james1','jamesbond','jamjam','jeepster','jeffrey1','jennie','jensen','jesse1','jester','jethro','jetta1','jimbob','joanie','joanna','joelle','john316','jordie','journey','jubilee','juhani','julia2','julien','juliet','junebug','juniper','justdoit','justice4','kalamazo','karine','katerina','katie1','keeper','keller','kendall','kerala','kerrya','ketchup','kissa2','kissme','kitten','kittycat','kkkkkk','kleenex','kombat','kristi','kristine','labtec','laddie','ladybug','laserjet','lassie1','laurel','lawson','leader','leblanc','leland','lester','letter','letters','lexus1','lights','lionel','lissabon','little',
31	+ 'logger','loislane','lolita','lonestar','longer','longhorn','looney','lovers','loveyou','lucifer','lucky14','macross','macse30','maddie','madmax','madoka','magic1','magnum','maiden','makeitso','mallard','manageme','manson','manuel','marcus','marielle','marine','marino','marshall','martha','matti1','mattingly','maxmax','meatloaf','mechanic','medical','meister','melina','memphis','mercer','mermaid','merrill','michal','michel','michigan','michou','mickel','mickey1','microsoft','midvale','mikael','milano','millenium','million','miranda','miriam','mission','mmmmmm','mobile','mobydick','monkey1','monroe','montana','montana3',
32	+ 'montrose','moomoo','moonbeam','morecats','morpheus','motorola','movies','mowgli','mozart','mulder1','munchkin','murray','muscle','mustang1','nadine','napoleon','nation','national','nesbit','nestle','neutrino','newaccount','newlife','newyork1','nexus6','nichole','nicklaus','nightshadow','nightwind','nikita','nintendo','nomore','nopass','normal','norton','notta1','nouveau','novell','nugget','number9','numbers','nutmeg','oaxaca','obiwan','obsession','ohshit','oicu812','openup','orchid','orlando','orville','paagal','packard','packers','packrat','paloma','pancake','paradigm','parola','parrot','partner','pascal','patches',
33	+ 'patriots','pauline','payton','peanuts','pedro1','perfect','performa','peterk','peterpan','phialpha','philips','phillips','phishy','piano1','pianoman','pianos','pierce','pigeon','pioneer','pipeline','piper1','pirate','pisces','playboy','poetic','poetry','pontiac','pookey','popeye','prayer','precious','prelude','premier','printing','provider','puddin','pulsar','pussy1','qqq111','quebec','qwerty12','qwertyui','rabbit1','racerx','rachelle','racoon','rafiki','raleigh','randy1','rasta1','ravens','redcloud','redfish','redman','redskins','redwing','redwood','reggae','reggie','reliant','renegade','rescue','revolution','reznor',
34	+ 'rhjrjlbk','richard1','richards','richmond','ripper','ripple','roberts','robocop','robotics','rocket1','rockie','rockon','roger1','rogers','roland','rommel','rookie','rootbeer','rossigno','rugger','ruthless','sabbath','sabina','safety','safety1','saigon','samIam','samiam','sammie','samsam','sanjose','saphire','sarah1','saskia','satori','saturday','saturn5','schnapps','science','scooby','scoobydoo','scooter1','scorpion','scotch','scotty','scouts','search','secret3','seeker','september','server','services','seven7','shaggy','shanghai','shanny','shaolin','shasta','shayne','shazam','shelly','shelter','sherry','shirley',
35	+ 'shorty','shotgun','sidney','sigmachi','signal','signature','simba1','simsim','sinatra','sirius','skipper1','skydive','skyler','slayer','sleepy','slider','smegma','smile1','smiths','smitty','smurfy','snakes','snapper','sober1','solomon','sonics','sophia','sparks','spartan','sphynx','spike1','sponge','sprocket','squash','starbuck','stargate','starlight','steph1','stephi','steve1','stevens','stewart','stivers','stocks','storage','stranger','strato','stretch','strong','student2','studio','stumpy','sucker','suckme','sultan','summit','sunfire','sunset','superstar','surfing','susan1','susanna','sutton','swanson','sweden',
36	+ 'sweetpea','sweety','switzer','swordfish','system5','t-bone','tabatha','tacobell','taiwan','tamtam','tanner','tapani','targas','target','tarheel','tattoo','tazdevil','tequila','terry1','tester','testtest','thankyou','theend','thelorax','thisisit','thompson','thorne','thrasher','tiger2','tightend','timber','timothy','tinkerbell','topcat','topher','toshiba','tototo','toucan','transfer','transit','transport','trapper','travis','treasure','tricky','triton','trombone','trophy','trouble','trucker','tucson','turbo2','tyler1','ultimate','unique','united','upsilon','ursula','vacation','valley','vampire','vanessa','vedder',
37	+ 'venice','vermont','victor1','vikram','vincent1','violet','violin','virago','virgil','virginia','vision','visual','volcano','volley','voodoo','vortex','waiting','walden','walleye','wanker','warner','water1','wayne1','webmaster','webster','weezer','wendy1','western','whale1','whitney','whocares','whoville','wibble','wildcat','william1','window','winniethepooh','wolfgang','wolverine','wombat1','wonder','x-files','xxx123','xxxxxxxx','yamaha','yankee','yogibear','yolanda','yomama','yvette','zachary','zebras','zepplin','zoltan','zoomer','zxcvbn','!@#$%^&','00000000','121212','1234qwer','131313','21122112','99999999',
38	+ '@#$%^&','ABC123','Abcdef','Asdfgh','Changeme','FuckYou','Fuckyou','JSBach','Michel','NCC1701','Qwerty','Windows','Zxcvbnm','action','amelie','anaconda','apollo13','artist','asshole','benoit','bernard','bernie','bigbird','blizzard','bluesky','bonjour','booster','byteme','caesar','cardinal','carolina','chandler','changeit','chapman','charlie1','chiquita','chocolat','christia','christoph','classroom','cloclo','corrado','cougars','courtney','dolphins','dominic','donkey','eminem','energy','fearless','fiction','forest','forever','french1','gilles','gocougs','good-luck','graymail','guinness','hilbert','homebrew','hotdog',
39	+ 'indian','johnson','kristin','lorraine','m1911a1','macintosh','mailer','maxime','memory','mirror','ne1410s','ne1469','ne14a69','nebraska','nemesis','network','newcourt','notused','oatmeal','patton','planet','players','politics','portland','praise','property','protel','psalms','qwaszx','raiders','rambo1','rancid','scrooge','shelley','skidoo','softball','speedo','sports','ssssss','steele','stephani','sunday','sylvie','symbol','tiffany','toronto','trixie','undead','valentin','velvet','viking','walker','watson','zhongguo','babygirl','1234567890','pretty','hottie','987654321','naruto','spongebob','daniela','princesa',
40	+ 'christ','blessed','single','qazwsx','pokemon','iloveyou1','iloveyou2','fuckyou1','hahaha','blessing','blahblah','blink182','123qwe','trinity','passw0rd','google','looking','spirit','iloveyou!','qwerty1','rotimi','onelove','mylove','222222','ilovegod','football1','loving','emmanuel','1q2w3e4r','red123','blabla','112233'];
41	+
42	+ this.showPassStrength = function(score)
43	+ {
44	+ var ind = $('.password-meter');
45	+ if(score == undefined)
46	+ {
47	+ ind.hide();
48	+ ind.css('background-color','#ffffff');
49	+ return;
50	+ }
51	+ ind.show();
52	+ if(score == -1)
53	+ {
54	+ ind.html('Too Short');
55	+ ind.css('background-color','#ee0000');
56	+ }
57	+ else if(score == 0)
58	+ {
59	+ ind.html('Obvious');
60	+ ind.css('background-color','#ee0000');
61	+ }
62	+ else if(score < 34)
63	+ {
64	+ ind.html('Bad');
65	+ ind.css('background-color','#eeaaaa');
66	+ }
67	+ else if(score < 68)
68	+ {
69	+ ind.html('Good');
70	+ ind.css('background-color','#ffff00');
71	+ }
72	+ else
73	+ {
74	+ ind.html('Strong');
75	+ ind.css('background-color','#00ff00');
76	+ }
77	+ };
78	+
79	+ this.getPassStrength = function(pass)
80	+ {
81	+ if(typeof pass != 'string'){ this.showPassStrength();return -1;}
82	+ var len = pass.length;
83	+ if(len == 0){this.showPassStrength();return -1;}
84	+ if(len < 6)
85	+ {
86	+ this.showPassStrength(-1);
87	+ return -1;
88	+ }
89	+ for(var i=0;i<this.badPass.length;i++)
90	+ if(this.badPass[i] == pass)
91	+ {
92	+ this.showPassStrength(0);
93	+ return 0;
94	+ }
95	+ var score=len*4;
96	+ var a=0;
97	+ var C=0;
98	+ var n=0;
99	+ var s=0;
100	+ var l='';
101	+ for(var i=0;i<len;i++)
102	+ {
103	+ if(l==pass.charAt(i)) score -= 1; else l=pass.charAt(i);
104	+ if((pass.charAt(i)>='a')&&(pass.charAt(i)<='z')){a++;continue;}
105	+ if((pass.charAt(i)>='A')&&(pass.charAt(i)<='Z')){C++;continue;}
106	+ if((pass.charAt(i)>='0')&&(pass.charAt(i)<='9')){n++;continue;}
107	+ s++;
108	+ }
109	+ if(len == a) score -= 10;
110	+ if(len == n) score -= 10;
111	+ if(len == C) score -= 10;
112	+ if(n > 0) score += 5;
113	+ if(C > 0) score += 5;
114	+ if(s > 0) score += 5;
115	+ if((n>0)&&(a>0)) score += 15;
116	+ if((C>0)&&(a>0)) score += 15;
117	+ if((s>0)&&(a>0)) score += 15;
118	+ if(score > 100) score = 100;
119	+
120	+ this.showPassStrength(score);
121	+ return score;
122	+ };
123	+
124	+
125	+ // called on document.ready
126	+ this.init = function() {
127	+ var $wsd_new_user_form = $('#sw_wsd_new_user_form');
128	+ // Hook for keyup events to display password strength
129	+ $wsd_new_user_form.delegate('#wsd_new_user_password', 'keyup',
130	+ function() {
131	+ _sw_wsdPassStrengthProvider.getPassStrength($('#wsd_new_user_password').val());
132	+ });
133	+
134	+ // Hook for submit event to prevent form submision if password strength is <= BAD
135	+ $wsd_new_user_form.delegate('#wsd-new-user', 'click',
136	+ function() {
137	+ var $wsd_new_user_password = $('#wsd_new_user_password');
138	+ var $wsd_new_user_password_re = $('#wsd_new_user_password_re');
139	+
140	+ if ($wsd_new_user_password.val() != $wsd_new_user_password_re.val()) {
141	+ alert('Passwords do not match.');
142	+ return false;
143	+ }
144	+
145	+ var score = _sw_wsdPassStrengthProvider.getPassStrength($wsd_new_user_password.val());
146	+
147	+ if (score <= 1) {
148	+ alert('The selected password is weak! Please select passwords with a minimum length of 6 characters, also including numbers and/or special characters is recomended.');
149	+ $wsd_new_user_password.val('');
150	+ $wsd_new_user_password_re.val('');
151	+ _sw_wsdPassStrengthProvider.showPassStrength(score);
152	+ return false;
153	+ }
154	+ else {
155	+ var password = $wsd_new_user_password.val();
156	+ var passwordHash = wsdMD5(password);
157	+
158	+ $wsd_new_user_password.val(passwordHash);
159	+ $wsd_new_user_password_re.val(passwordHash);
160	+ }
161	+ return true;
162	+ });
163	+
164	+ var $wsd_login_form = $('#sw_wsd_login_form');
165	+ if ($wsd_login_form.length > 0) {
166	+ $wsd_login_form.delegate('#wsd-login', 'click',
167	+ function() {
168	+ var $wsd_login_form_password = $('#wsd_login_form_password');
169	+ var password = $wsd_login_form_password.val();
170	+ if (password != '') {
171	+ var passwordHash = wsdMD5(password);
172	+ $wsd_login_form_password.val(passwordHash);
173	+ }
174	+ else {
175	+ alert('Password is required!');
176	+ $wsd_login_form_password.focus();
177	+ return false;
178	+ }
179	+ return true;
180	+ });
181	+ }
182	+ };
183	+ }// end of wsdPassStrengthProvider

js/sw_wsd_scripts.js ADDED Viewed

	@@ -0,0 +1,9 @@


1	+ /*
2	+ * wsd registration form
3	+ * $rev #1 07/15/2011 k$
4	+ */
5	+ var _sw_wsdPassStrengthProvider = null;
6	+ jQuery(document).ready(function($) {
7	+ _sw_wsdPassStrengthProvider = new sw_wsdPassStrengthProvider($);
8	+ _sw_wsdPassStrengthProvider.init();
9	+ });

js/verify_form.js CHANGED Viewed

	@@ -131,7 +131,7 @@ function submitForm(){
131	alert("Please correct the following errors and try again:\n" + errors)
132	}
133	else {
134	- if(form=document.getElementById("~~wsd_new_user_form~~"))form.submit();
135	Recaptcha.reload();
136	}
137	}


131	alert("Please correct the following errors and try again:\n" + errors)
132	}
133	else {
134	+ if(form=document.getElementById("sw_wsd_new_user_form"))form.submit();
135	Recaptcha.reload();
136	}
137	}

languages/secure_wp-ar.mo CHANGED Viewed

File without changes

languages/secure_wp-ar.po CHANGED Viewed

File without changes

languages/secure_wp-fr_FR.mo CHANGED Viewed

File without changes

languages/secure_wp-fr_FR.po CHANGED Viewed

File without changes

languages/secure_wp-ro_RO.mo CHANGED Viewed

File without changes

languages/secure_wp-ro_RO.po CHANGED Viewed

File without changes

readme.txt CHANGED Viewed

	@@ -3,8 +3,8 @@ Contributors: WebsiteDefender
3	Author: WebsiteDefender
4	Tags: secure, notice, hack, hacked, protection, version, security
5	Requires at least: 2.6
6	- Tested up to: 3.1
7	- Stable tag: 2.0.0
8
9	WordPress Security Plugin
10
	@@ -51,6 +51,12 @@ The plugin comes with various translations, please refer to the [WordPress Codex
51
52
53	== Changelog ==






54	= v2.0.0 (03/22/2011) =
55	* Feature: Relese new stable version
56	* Feature: Support for WordPress 3.1


3	Author: WebsiteDefender
4	Tags: secure, notice, hack, hacked, protection, version, security
5	Requires at least: 2.6
6	+ Tested up to: 3.2.1
7	+ Stable tag: 2.0.1
8
9	WordPress Security Plugin
10

51
52
53	== Changelog ==
54	+
55	+ = v2.0.1 (07/20/2011) =
56	+ * Update: Major code cleanup
57	+ * Update: Updated the class that handles the authentication/registration with WebsiteDefender.com in order to avoid code collision when both plug-ins are active.
58	+ * New: Dependent files (.css/.js/.php) have been added
59	+
60	= v2.0.0 (03/22/2011) =
61	* Feature: Relese new stable version
62	* Feature: Support for WordPress 3.1

secure-wordpress.php CHANGED Viewed

@@ -2,36 +2,41 @@
             /**
              * @package Secure WordPress
              * @author WebsiteDefender
-            -
             * @version 2.0.0
              */
-            -
             /**
              * Plugin Name: Secure WordPress
              * Plugin URI: http://www.websitedefender.com/secure-wordpress-plugin/
-            -
             * Text Domain: secure_wp
              * Domain Path: /languages
              * Description: Basic security checks for securing your WordPress installation
              * Author: WebsiteDefender
-            -
             * Version: 2.0.0
              * Author URI: http://www.websitedefender.com/
-            -
             * Last Change: 22.03.2011 12:00
              * License: GPL
              */
             global $wp_version;
             if ( !function_exists ('add_action') || version_compare($wp_version, "2.6alpha", "<") ) {
-            -
            	if (function_exists ('add_action'))
-            -
            		$exit_msg = 'The plugin <em><a href="http://wordpress.org/extend/plugins/secure-wordpress/">Secure WordPress</a></em> requires WordPress 2.6 or newer. <a href="http://codex.wordpress.org/Upgrading_WordPress">Please update WordPress</a> or delete the plugin.';
-            -
            	else
-            -
            		$exit_msg = '';
-            -
            	header('Status: 403 Forbidden');
-            -
            	header('HTTP/1.1 403 Forbidden');
             	exit($exit_msg);
+            }
             /**
              * Images/ Icons in base64-encoding
-            -
             * @use function wpag_get_resource_url() for display
              */
             if ( isset($_GET['resource']) && !empty($_GET['resource']) ) {
             	# base64 encoding performed by base64img.php from http://php.holtsmark.no
@@ -50,22 +55,26 @@ if ( isset($_GET['resource']) && !empty($_GET['resource']) ) {
             		'RK5CYII='.
             		'');
-            -
            	if ( array_key_exists($_GET['resource'], $resources) ) {
-            -
             		$content = base64_decode($resources[ $_GET['resource'] ]);
-            -
             		$lastMod = filemtime(__FILE__);
             		$client = ( isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? $_SERVER['HTTP_IF_MODIFIED_SINCE'] : false );
             		// Checking if the client is validating his cache and if it is current.
             		if ( isset($client) && (strtotime($client) == $lastMod) ) {
-            -
            			// Client's cache IS current, so we just respond '304 Not Modified'.
-            -
            			header('Last-Modified: '.gmdate('D, d M Y H:i:s', $lastMod).' GMT', true, 304);
             			exit;
-            -
            		} else {
-            -
            			// Image not cached or cache outdated, we respond '200 OK' and output the image.
-            -
            			header('Last-Modified: '.gmdate('D, d M Y H:i:s', $lastMod).' GMT', true, 200);
-            -
            			header('Content-Length: '.strlen($content));
-            -
            			header('Content-Type: image/' . substr(strrchr($_GET['resource'], '.'), 1) );
             			echo $content;
             			exit;
+            		}
@@ -73,16 +82,53 @@ if ( isset($_GET['resource']) && !empty($_GET['resource']) ) {
+            }
-            -
            if ( !class_exists('SecureWP') ) {
-            -
            	if ( function_exists ('add_action') ) {
             		// Pre-2.6 compatibility
-            -
            		if ( !defined( 'WP_CONTENT_URL' ) )
             			define( 'WP_CONTENT_URL', get_option( 'siteurl' ) . '/wp-content' );
-            -
            		if ( !defined( 'WP_PLUGIN_URL' ) )
             			define( 'WP_PLUGIN_URL', WP_CONTENT_URL. '/plugins' );
-            -
            		if ( !defined( 'WP_PLUGIN_DIR' ) )
             			define( 'WP_PLUGIN_DIR', WP_CONTENT_DIR . '/plugins' );
             		// plugin definitions
             		define( 'FB_SWP_BASENAME', plugin_basename(__FILE__) );
@@ -91,923 +137,925 @@ if ( !class_exists('SecureWP') ) {
             		define( 'FB_SWP_TEXTDOMAIN', 'secure_wp' );
+            	}
-            -
            	class SecureWP {
-            -
-            -
            		var $wpversion;
-            -
-            -
            		// constructor
-            -
            		function SecureWP() {
-            -
            			global $wp_version;
-            -
-            -
            			$this->wpversion = $wp_version;
-            -
-            -
            			$this->activate();
-            -
-            -
            			add_action( 'init', array(&$this, 'textdomain') );
-            -
            			/**
-            -
            			 * remove WP version
-            -
            			 */
-            -
            			if ( $GLOBALS['WPlize']->get_option('secure_wp_version') == '1' )
-            -
            				add_action( 'init', array(&$this, 'replace_wp_version'), 1 );
-            -
-            -
            			/**
-            -
            			 * remove core update for non admins
-            -
            			 * @link: rights: http://codex.wordpress.org/Roles_and_Capabilities
-            -
            			 */
-            -
            			if ( is_admin() && ($GLOBALS['WPlize']->get_option('secure_wp_rcu') == '1') ) {
-            -
            				add_action( 'init', array(&$this, 'remove_core_update'), 1 );
-            -
            			}
-            -
-            -
            			/**
-            -
            			 * remove plugin update for non admins
-            -
            			 * @link: rights: http://codex.wordpress.org/Roles_and_Capabilities
-            -
            			 */
-            -
            			if ( is_admin() && ($GLOBALS['WPlize']->get_option('secure_wp_rpu') == '1') )
-            -
            				add_action( 'init', array(&$this, 'remove_plugin_update'), 1 );
-            -
-            -
            			/**
-            -
            			 * remove theme update for non admins
-            -
            			 * @link: rights: http://codex.wordpress.org/Roles_and_Capabilities
-            -
            			 */
-            -
            			if ( is_admin() && ($GLOBALS['WPlize']->get_option('secure_wp_rtu') == '1') && ( version_compare($wp_version, "2.8alpha", ">") ) )
-            -
            				add_action( 'init', array(&$this, 'remove_theme_update'), 1 );
-            -
-            -
            			/**
-            -
            			 * remove WP version on backend
-            -
            			 */
-            -
            			if ( $GLOBALS['WPlize']->get_option('secure_wp_admin_version') == '1' )
-            -
            				add_action( 'init', array(&$this, 'remove_wp_version_on_admin'), 1 );
-            -
-            -
            			add_action( 'init', array(&$this, 'on_init'), 1 );
-            -
-            -
            		}
-            -
-            -
-            -
            		/**
-            -
            		 * active for multilanguage
-            -
            		 *
-            -
            		 * @package Secure WordPress
-            -
            		 */
-            -
            		function textdomain() {
-            -
-            -
            			if ( function_exists('load_plugin_textdomain') ) {
-            -
            				if ( !defined('WP_PLUGIN_DIR') ) {
-            -
            					load_plugin_textdomain(FB_SWP_TEXTDOMAIN, str_replace( ABSPATH, '', dirname(__FILE__) ) . '/languages');
-            -
            				} else {
-            -
            					load_plugin_textdomain(FB_SWP_TEXTDOMAIN, false, dirname( plugin_basename(__FILE__) ) . '/languages');
-            -
            				}
-            -
            			}
-            -
            		}
-            -
-            -
-            -
            		// function for WP < 2.8
-            -
            		function get_plugins_url($path = '', $plugin = '') {
-            -
-            -
            			if ( function_exists('plugin_url') )
-            -
            				return plugins_url($path, $plugin);
-            -
-            -
            			if ( function_exists('is_ssl') )
-            -
            				$scheme = ( is_ssl() ? 'https' : 'http' );
-            -
            			else
-            -
            				$scheme = 'http';
-            -
            			if ( function_exists('plugins_url') )
-            -
            				$url = plugins_url();
-            -
            			else
-            -
            				$url = WP_PLUGIN_URL;
-            -
            			if ( 0 === strpos($url, 'http') ) {
-            -
            				if ( function_exists('is_ssl') && is_ssl() )
-            -
            					$url = str_replace( 'http://', "{$scheme}://", $url );
-            -
            			}
-            -
-            -
            			if ( !empty($plugin) && is_string($plugin) )
-            -
            			{
-            -
            				$folder = dirname(plugin_basename($plugin));
-            -
            				if ('.' != $folder)
-            -
            					$url .= '/' . ltrim($folder, '/');
-            -
            			}
-            -
-            -
            			if ( !empty($path) && is_string($path) && strpos($path, '..') === false )
-            -
            				$url .= '/' . ltrim($path, '/');
-            -
-            -
            			return apply_filters('plugins_url', $url, $path, $plugin);
-            -
            		}
-            -
-            -
-            -
            		/**
-            -
            		 * init fucntions; check rights and options
-            -
            		 *
-            -
            		 * @package Secure WordPress
-            -
            		 */
-            -
            		function on_init() {
-            -
            			global $wp_version;
-            -
-            -
            			if ( is_admin() ) {
-            -
            				// update options
-            -
            				add_action('admin_post_swp_update', array(&$this, 'swp_update') );
-            -
            				// deinstall options
-            -
            				add_action('admin_post_swp_uninstall', array(&$this, 'swp_uninstall') );
-            -
-            -
            				// init default options on activate
-            -
            				if ( function_exists('register_activation_hook') )
-            -
            					register_activation_hook(__FILE__, array($this, 'activate') );
-            -
            				// deinstall options in deactivate
-            -
            				if ( function_exists('register_deactivation_hook') )
-            -
            					register_deactivation_hook(__FILE__, array($this, 'deactivate') );
-            -
-            -
            				// add options page
-            -
            				add_action( 'admin_menu', array(&$this, 'admin_menu') );
-            -
            				// hint in footer of the options page
-            -
            				add_action( 'in_admin_footer', array(&$this, 'admin_footer') );
-            -
-            -
            				add_action( 'wp_ajax_set_toggle_status', array($this, 'set_toggle_status') );
-            -
            			}
-            -
-            -
-            -
            			/**
-            -
            			 * remove Error-information
-            -
            			 */
-            -
            			if ( !is_admin() && ($GLOBALS['WPlize']->get_option('secure_wp_error') == '1') ) {
-            -
            				add_action( 'login_head', array(&$this, 'remove_error_div') );
-            -
            				add_filter( 'login_errors', create_function( '$a', "return null;" ) );
-            -
            			}
-            -
-            -
-            -
            			/**
-            -
            			 * add index.html in plugin-folder
-            -
            			 */
-            -
            			if ( $GLOBALS['WPlize']->get_option('secure_wp_index') == '1' ) {
-            -
            				$this->add_index( WP_PLUGIN_DIR, true );
-            -
            				$this->add_index( WP_CONTENT_URL . '/themes', true );
-            -
            			}
-            -
-            -
-            -
            			/**
-            -
            			 * remove rdf
-            -
            			 */
-            -
            			if ( function_exists('rsd_link') && !is_admin() && ($GLOBALS['WPlize']->get_option('secure_wp_rsd') == '1') )
-            -
            				remove_action('wp_head', 'rsd_link');
-            -
-            -
-            -
            			/**
-            -
            			 * remove wlf
-            -
            			 */
-            -
            			if ( function_exists('wlwmanifest_link') && !is_admin() && ($GLOBALS['WPlize']->get_option('secure_wp_wlw') == '1') )
-            -
            				remove_action('wp_head', 'wlwmanifest_link');
-            -
-            -
            			/**
-            -
            			 * add wp-scanner
-            -
            			 * @link http://blogsecurity.net/wordpress/tools/wp-scanner
-            -
            			 */
-            -
-            -
            			if ( !is_admin() && ($GLOBALS['WPlize']->get_option('secure_wp_wps') == '1') ) {
-            -
            				add_filter( 'script_loader_src', array(&$this, 'filter_script_loader') );
-            -
            				add_filter( 'style_loader_src', array(&$this, 'filter_script_loader') );
-            -
            			}
-            -
-            -
            			/**
-            -
            			 * block bad queries
-            -
            			 * @link http://perishablepress.com/press/2009/12/22/protect-wordpress-against-malicious-url-requests/
-            -
            			 */
-            -
            			if ( !is_admin() && $GLOBALS['WPlize']->get_option('secure_wp_amurlr') == '1' )
-            -
            				add_action( 'init', array(&$this, 'wp_against_malicious_url_request') );
-            -
            		}
-            -
-            -
-            -
            		/**
-            -
            		 * install options
-            -
            		 *
-            -
            		 * @package Secure WordPress
-            -
            		 */
-            -
            		function activate() {
-            -
            			// set default options
-            -
            			$this->options_array = array('secure_wp_error' => '',
-            -
            																	 'secure_wp_version' => '1',
-            -
            																	 'secure_wp_admin_version' => '1',
-            -
            																	 'secure_wp_index' => '1',
-            -
            																	 'secure_wp_rsd' => '1',
-            -
            																	 'secure_wp_wlw' => '',
-            -
            																	 'secure_wp_rcu' => '1',
-            -
            																	 'secure_wp_rpu' => '1',
-            -
            																	 'secure_wp_rtu' => '1',
-            -
            																	 'secure_wp_wps' => '',
-            -
            																	 'secure_wp_amurlr' => '1'
-            -
            																	);
-            -
-            -
            			// add class WPlize for options in WP
-            -
            			$GLOBALS['WPlize'] = new WPlize(
-            -
            																		 'secure-wp',
-            -
            																		 $this->options_array
-            -
            																		 );
-            -
            		}
-            -
-            -
-            -
            		/**
-            -
            		 * unpdate options
-            -
            		 *
-            -
            		 * @package Secure WordPress
-            -
            		 */
-            -
            		function update() {
-            -
            			// init value
-            -
            			$update_options = array();
-            -
-            -
            			// set value
-            -
            			foreach ($this->options_array as $key => $value) {
-            -
            					$update_options[$key] = stripslashes_deep( trim($_POST[$key]) );
-            -
            			}
-            -
-            -
            			// save value
-            -
            			if ($update_options) {
-            -
            				$GLOBALS['WPlize']->update_option($update_options);
-            -
            			}
-            -
            		}
-            -
-            -
-            -
            		/**
-            -
            		 * uninstall options
-            -
            		 *
-            -
            		 * @package Secure WordPress
-            -
            		 */
-            -
            		function deactivate() {
-            -
-            -
            			$GLOBALS['WPlize']->delete_option();
-            -
            		}
-            -
-            -
-            -
            		/**
-            -
            		 * Add option for tabboxes via ajax
-            -
            		 *
-            -
            		 * @package Secure WordPress
-            -
            		 */
-            -
            		function set_toggle_status() {
-            -
            			if ( current_user_can('manage_options') && $_POST['set_toggle_id'] ) {
-            -
-            -
            				$id     = $_POST['set_toggle_id'];
-            -
            				$status = $_POST['set_toggle_status'];
-            -
-            -
            				$GLOBALS['WPlize']->update_option($id, $status);
-            -
            			}
-            -
            		}
-            -
-            -
-            -
            		/**
-            -
            		 * @version WP 2.8
-            -
            		 * Add action link(s) to plugins page
-            -
            		 *
-            -
            		 * @package Secure WordPress
-            -
            		 *
-            -
            		 * @param $links, $file
-            -
            		 * @return $links
-            -
            		 */
-            -
            		function filter_plugin_meta($links, $file) {
-            -
-            -
            			/* create link */
-            -
            			if ( $file == FB_SWP_BASENAME ) {
-            -
            				array_unshift(
-            -
            					$links,
-            -
            					sprintf( '<a href="options-general.php?page=%s">%s</a>', FB_SWP_FILENAME, __('Settings') )
-            -
            				);
-            -
            			}
-            -
-            -
            			return $links;
-            -
            		}
-            -
-            -
-            -
            		/**
-            -
            		 * Display Images/ Icons in base64-encoding
-            -
            		 *
-            -
            		 * @package Secure WordPress
-            -
            		 *
-            -
            		 * @param $resourceID
-            -
            		 * @return $resourceID
-            -
            		 */
-            -
            		function get_resource_url($resourceID) {
-            -
-            -
            			return trailingslashit( get_bloginfo('url') ) . '?resource=' . $resourceID;
-            -
            		}
-            -
-            -
-            -
            		/**
-            -
            		 * content of help
-            -
            		 *
-            -
            		 * @package Secure WordPress
-            -
            		 */
-            -
            		function contextual_help() {
-            -
-            -
            			$content = __('<a href="http://wordpress.org/extend/plugins/secure-wordpress/">Documentation</a>', FB_SWP_TEXTDOMAIN);
-            -
            			return $content;
-            -
            		}
-            -
            		/**
-            -
            		 * settings in plugin-admin-page
-            -
            		 *
-            -
            		 * @package Secure WordPress
-            -
            		 */
-            -
            		function admin_menu() {
-            -
            			global $wp_version;
-            -
-            -
            			if ( function_exists('add_management_page') && current_user_can('manage_options') ) {
-            -
-            -
            				if ( !isset($_GET['update']) )
-            -
            					$_GET['update'] = 'false';
-            -
-            -
            				if ( !isset($_GET['uninstall']) )
-            -
            					$_GET['uninstall'] = 'false';
-            -
-            -
            				// update, uninstall message
-            -
            				if ( strpos($_SERVER['REQUEST_URI'], 'secure-wordpress.php') && $_GET['update'] == 'true' ) {
-            -
            					$return_message = __('Options update.', FB_SWP_TEXTDOMAIN);
-            -
            				} elseif ( $_GET['uninstall'] == 'true' ) {
-            -
            					$return_message = __('All entries in the database was cleared. Now deactivate this plugin.', FB_SWP_TEXTDOMAIN);
-            -
            				} else {
-            -
            					$return_message = '';
-            -
            				}
-            -
            				$message = '<div class="updated fade"><p>' . $return_message . '</p></div>';
-            -
-            -
            				$menutitle = '';
-            -
            				if ( version_compare( $wp_version, '2.7alpha', '>' ) ) {
-            -
-            -
            					if ( $return_message !== '' )
-            -
            						add_action('admin_notices', create_function( '', "echo '$message';" ) );
-            -
-            -
            					$menutitle = '<img src="' . $this->get_resource_url('secure_wp.gif') . '" alt="" />' . ' ';
-            -
            				}
-            -
            				$menutitle .= __('Secure WP', FB_SWP_TEXTDOMAIN);
-            -
-            -
            				// added check for SSL login and to adjust url for logo accordingly
-            -
            				if ( force_ssl_login() || force_ssl_admin() )
-            -
            					$menutitle = str_replace( 'http://', 'https://', $menutitle );
-            -
-            -
            				if ( version_compare( $wp_version, '2.7alpha', '>' ) && function_exists('add_contextual_help') ) {
-            -
            					$hook = add_submenu_page( 'options-general.php', __('Secure WordPress', FB_SWP_TEXTDOMAIN), $menutitle, 'manage_options', basename(__FILE__), array(&$this, 'display_page') );
-            -
            					add_contextual_help( $hook, __('<a href="http://wordpress.org/extend/plugins/secure-wordpress/">Documentation</a>', FB_SWP_TEXTDOMAIN) );
-            -
            					//add_filter( 'contextual_help', array(&$this, 'contextual_help') );
-            -
            				} else {
-            -
            					add_submenu_page( 'options-general.php', __('Secure WP', FB_SWP_TEXTDOMAIN), $menutitle, 9, basename(__FILE__), array(&$this, 'display_page') );
-            -
            				}
-            -
-            -
            				$plugin = plugin_basename(__FILE__);
-            -
            				add_filter( 'plugin_action_links_' . $plugin, array(&$this, 'filter_plugin_meta'), 10, 2 );
-            -
            				if ( version_compare( $wp_version, '2.8alpha', '>' ) )
-            -
            					add_filter( 'plugin_row_meta', array(&$this, 'filter_plugin_meta'), 10, 2 );
-            -
            			}
-            -
            		}
-            -
-            -
-            -
            		/**
-            -
            		 * credit in wp-footer
-            -
            		 *
-            -
            		 * @package Secure WordPress
-            -
            		 */
-            -
            		function admin_footer() {
-            -
-            -
            			if( basename($_SERVER['QUERY_STRING']) == 'page=secure-wordpress.php') {
-            -
            				$plugin_data = get_plugin_data( __FILE__ );
-            -
            				printf('%1$s plugin | ' . __('Version') . ' <a href="http://wordpress.org/extend/plugins/secure-wordpress/changelog/" title="' . __('History', FB_SWP_TEXTDOMAIN) . '">%2$s</a> | ' . __('Author') . ' %3$s<br />', $plugin_data['Title'], $plugin_data['Version'], $plugin_data['Author']);
-            -
            			}
-            -
            		}
-            -
-            -
-            -
            		/**
-            -
            		 * add index.php to plugin-derectory
-            -
            		 */
-            -
            		function add_index($path, $enable) {
-            -
-            -
            			$file = trailingslashit($path) . 'index.php';
-            -
-            -
            			if ($enable) {
-            -
            				if (!file_exists($file)) {
-            -
            					$fh = @fopen($file, 'w');
-            -
            					if ($fh) fclose($fh);
-            -
            				}
-            -
            			} else {
-            -
            				if (file_exists($file) && filesize($file) === 0) {
-            -
            					unlink($file);
-            -
            				}
-            -
            			}
-            -
            		}
-            -
-            -
-            -
            		/**
-            -
            		 * Replace the WP-version with a random string &lt; WP 2.4
-            -
            		 * and eliminate WP-version &gt; WP 2.4
-            -
            		 * @link http://bueltge.de/wordpress-version-verschleiern-plugin/602/
-            -
            		 *
-            -
            		 * @package Secure WordPress
-            -
            		 */
-            -
            		function replace_wp_version() {
-            -
-            -
            			if ( !is_admin() ) {
-            -
            				global $wp_version;
-            -
-            -
            				// random values
-            -
            				$v = intval( rand(0, 9999) );
-            -
            				$d = intval( rand(9999, 99999) );
-            -
            				$m = intval( rand(99999, 999999) );
-            -
            				$t = intval( rand(999999, 9999999) );
-            -
-            -
            				if ( function_exists('the_generator') ) {
-            -
            					// eliminate version for wordpress >= 2.4
-            -
            					remove_filter( 'wp_head', 'wp_generator' );
-            -
            					foreach (
-            -
            						array( 'rss2_head', 'commentsrss2_head', 'rss_head', 'rdf_header', 'atom_head', 'comments_atom_head', 'opml_head', 'app_head' ) as $action ) {
-            -
            						remove_action( $action, 'the_generator' );
-            -
            					}
-            -
-            -
            					// for vars
-            -
            					$wp_version = $v;
-            -
            					$wp_db_version = $d;
-            -
            					$manifest_version = $m;
-            -
            					$tinymce_version = $t;
-            -
            				} else {
-            -
            					// for wordpress < 2.4
-            -
            					add_filter( "bloginfo_rss('version')", create_function('$a', "return $v;") );
-            -
-            -
            					// for rdf and rss v0.92
-            -
            					$wp_version = $v;
-            -
            					$wp_db_version = $d;
-            -
            					$manifest_version = $m;
-            -
            					$tinymce_version = $t;
-            -
            				}
-            -
            			}
-            -
-            -
            		}
-            -
-            -
-            -
            		/**
-            -
            		 * remove WP Version-Information on Dashboard
-            -
            		 *
-            -
            		 * @package Secure WordPress
-            -
            		 */
-            -
            		function remove_wp_version_on_admin() {
-            -
            			if ( !current_user_can('update_plugins') && is_admin() ) {
-            -
            				wp_enqueue_script( 'remove-wp-version',  $this->get_plugins_url( 'js/remove_wp_version.js', __FILE__ ), array('jquery') );
-            -
            				remove_action( 'update_footer', 'core_update_footer' );
-            -
            			}
-            -
            		}
-            -
-            -
-            -
            		/**
-            -
            		 * remove core-Update-Information
-            -
            		 *
-            -
            		 * @package Secure WordPress
-            -
            		 */
-            -
            		function remove_core_update() {
-            -
            			if ( !current_user_can('update_plugins') ) {
-            -
            				add_action( 'admin_init', create_function( '$a', "remove_action( 'admin_notices', 'maintenance_nag' );" ) );
-            -
            				add_action( 'admin_init', create_function( '$a', "remove_action( 'admin_notices', 'update_nag', 3 );" ) );
-            -
            				add_action( 'admin_init', create_function( '$a', "remove_action( 'admin_init', '_maybe_update_core' );" ) );
-            -
            				add_action( 'init', create_function( '$a', "remove_action( 'init', 'wp_version_check' );" ) );
-            -
            				add_filter( 'pre_option_update_core', create_function( '$a', "return null;" ) );
-            -
            				remove_action( 'wp_version_check', 'wp_version_check' );
-            -
            				remove_action( 'admin_init', '_maybe_update_core' );
-            -
            				add_filter( 'pre_transient_update_core', create_function( '$a', "return null;" ) );
-            -
            				// 3.0
-            -
            				add_filter( 'pre_site_transient_update_core', create_function( '$a', "return null;" ) );
-            -
            				//wp_clear_scheduled_hook( 'wp_version_check' );
-            -
            			}
-            -
            		}
-            -
-            -
-            -
            		/**
-            -
            		 * remove plugin-Update-Information
-            -
            		 *
-            -
            		 * @package Secure WordPress
-            -
            		 */
-            -
            		function remove_plugin_update() {
-            -
            			if ( !current_user_can('update_plugins') ) {
-            -
            				wp_enqueue_style( 'remove-update-plugins', $this->get_plugins_url( 'css/remove_update_plugins.css', __FILE__ ) );
-            -
            				add_action( 'admin_init', create_function( '$a', "remove_action( 'admin_init', 'wp_plugin_update_rows' );" ), 2 );
-            -
            				add_action( 'admin_init', create_function( '$a', "remove_action( 'admin_init', '_maybe_update_plugins' );" ), 2 );
-            -
            				add_action( 'admin_menu', create_function( '$a', "remove_action( 'load-plugins.php', 'wp_update_plugins' );" ) );
-            -
            				add_action( 'admin_init', create_function( '$a', "remove_action( 'admin_init', 'wp_update_plugins' );" ), 2 );
-            -
            				add_action( 'init', create_function( '$a', "remove_action( 'init', 'wp_update_plugins' );" ), 2 );
-            -
            				add_filter( 'pre_option_update_plugins', create_function( '$a', "return null;" ) );
-            -
            				remove_action( 'load-plugins.php', 'wp_update_plugins' );
-            -
            				remove_action( 'load-update.php', 'wp_update_plugins' );
-            -
            				remove_action( 'admin_init', '_maybe_update_plugins' );
-            -
            				remove_action( 'wp_update_plugins', 'wp_update_plugins' );
-            -
            				// 3.0
-            -
            				remove_action( 'load-update-core.php', 'wp_update_plugins' );
-            -
            				add_filter( 'pre_transient_update_plugins', create_function( '$a', "return null;" ) );
-            -
            				//wp_clear_scheduled_hook( 'wp_update_plugins' );
-            -
            			}
-            -
            		}
-            -
-            -
-            -
            		/**
-            -
            		 * remove theme-Update-Information
-            -
            		 *
-            -
            		 * @package Secure WordPress
-            -
            		 */
-            -
            		function remove_theme_update() {
-            -
            			if ( !current_user_can('edit_themes') ) {
-            -
            				remove_action( 'load-themes.php', 'wp_update_themes' );
-            -
            				remove_action( 'load-update.php', 'wp_update_themes' );
-            -
            				remove_action( 'admin_init', '_maybe_update_themes' );
-            -
            				remove_action( 'wp_update_themes', 'wp_update_themes' );
-            -
            				// 3.0
-            -
            				remove_action( 'load-update-core.php', 'wp_update_themes' );
-            -
            				//wp_clear_scheduled_hook( 'wp_update_themes' );
-            -
            				add_filter( 'pre_transient_update_themes', create_function( '$a', "return null;" ) );
-            -
            			}
-            -
            		}
-            -
-            -
-            -
            		/**
-            -
            		 * remove error-div
-            -
            		 *
-            -
            		 * @package Secure WordPress
-            -
            		 */
-            -
            		function remove_error_div() {
-            -
            			global $wp_version;
-            -
-            -
            			$link = "\n";
-            -
            			$link .= '<link rel="stylesheet" type="text/css" href="';
-            -
            			$link .= $this->get_plugins_url( 'css/remove_login.css', __FILE__ );
-            -
            			$link .= '" />';
-            -
            			$link .= "\n";
-            -
            			echo $link;
-            -
            		}
-            -
-            -
-            -
            		/**
-            -
            		 * add string in blog for WP scanner
-            -
            		 *
-            -
            		 * @package Secure WordPress
-            -
            		 */
-            -
            		function wp_scanner() {
-            -
            			echo '<!-- wpscanner -->' . "\n";
-            -
            		}
-            -
-            -
            		/**
-            -
            		 * Removes the version parameter from urls
-            -
            		 *
-            -
            		 * @param  string $src Original script URI
-            -
            		 * @return string
-            -
            		 */
-            -
            		function filter_script_loader($src) {
-            -
-            -
            			if ( is_admin() )
-            -
            				return $src;
-            -
-            -
            			// Separate the version parameter.
-            -
            			$src = explode('?ver=' . $this->wpversion, $src);
-            -
            			// Just the URI without the query string.
-            -
            			return $src[0];
-            -
            		}
-            -
-            -
            		/**
-            -
            		 * block bad queries
-            -
            		 *
-            -
            		 * @package Secure WordPress
-            -
            		 * @see http://perishablepress.com/press/2009/12/22/protect-wordpress-against-malicious-url-requests/
-            -
            		 * @author Jeff Starr
-            -
            		 */
-            -
            		function wp_against_malicious_url_request() {
-            -
            			global $user_ID;
-            -
-            -
            			if ($user_ID) {
-            -
            				if ( !current_user_can('manage_options') ) {
-            -
            					if (strlen($_SERVER['REQUEST_URI']) > 255 ||
-            -
            						stripos($_SERVER['REQUEST_URI'], "eval(") ||
-            -
            						stripos($_SERVER['REQUEST_URI'], "CONCAT") ||
-            -
            						stripos($_SERVER['REQUEST_URI'], "UNION+SELECT") ||
-            -
            						stripos($_SERVER['REQUEST_URI'], "base64")) {
-            -
            							@header("HTTP/1.1 414 Request-URI Too Long");
-            -
            							@header("Status: 414 Request-URI Too Long");
-            -
            							@header("Connection: Close");
-            -
            							@exit;
-            -
            					}
-            -
            				}
-            -
            			}
-            -
            		}
-            -
-            -
-            -
            		/**
-            -
            		 * update options
-            -
            		 *
-            -
            		 * @package Secure WordPress
-            -
            		 */
-            -
            		function swp_update() {
-            -
-            -
            			if ( !current_user_can('manage_options') )
-            -
            				wp_die( __('Options not updated - you don&lsquo;t have the privileges to do this!', FB_SWP_TEXTDOMAIN) );
-            -
-            -
            			//cross check the given referer
-            -
            			check_admin_referer('secure_wp_settings_form');
-            -
-            -
            			$this->update();
-            -
-            -
            			$referer = str_replace('&update=true&update=true', '', $_POST['_wp_http_referer'] );
-            -
            			wp_redirect($referer . '&update=true' );
-            -
            		}
-            -
-            -
-            -
            		/**
-            -
            		 * uninstall options
-            -
            		 *
-            -
            		 * @package Secure WordPress
-            -
            		 */
-            -
            		function swp_uninstall() {
-            -
-            -
            			if ( !current_user_can('manage_options') )
-            -
            				wp_die( __('Entries were not deleted - you don&lsquo;t have the privileges to do this!', FB_SWP_TEXTDOMAIN) );
-            -
-            -
            			//cross check the given referer
-            -
            			check_admin_referer('secure_wp_uninstall_form');
-            -
-            -
            			if ( isset($_POST['deinstall_yes']) ) {
-            -
            				$this->deactivate();
-            -
            			} else {
-            -
            				wp_die( __('Entries were not deleted - check the checkbox!', FB_SWP_TEXTDOMAIN) );
-            -
            			}
-            -
-            -
            			wp_redirect( 'plugins.php' );
-            -
            		}
-            -
-            -
-            -
            		/**
-            -
            		 * display options page in backende
-            -
            		 *
-            -
            		 * @package Secure WordPress
-            -
            		 */
-            -
            		function display_page() {
-            -
            			global $wp_version;
-            -
-            -
            			if ( isset($_POST['action']) && 'deinstall' == $_POST['action'] ) {
-            -
            				check_admin_referer('secure_wp_deinstall_form');
-            -
            				if ( current_user_can('manage_options') && isset($_POST['deinstall_yes']) ) {
-            -
            					$this->deactivate();
-            -
            					?>
-            -
            					<div id="message" class="updated fade"><p><?php _e('All entries in the database were cleared.', FB_SWP_TEXTDOMAIN); ?></p></div>
-            -
            					<?php
-            -
            				} else {
-            -
            					?>
-            -
            					<div id="message" class="error"><p><?php _e('Entries were not deleted - check the checkbox or you don&lsquo;t have the privileges to do this!', FB_SWP_TEXTDOMAIN); ?></p></div>
-            -
            					<?php
-            -
            				}
-            -
            			}
-            -
-            -
            			$secure_wp_error         = $GLOBALS['WPlize']->get_option('secure_wp_error');
-            -
            			$secure_wp_version       = $GLOBALS['WPlize']->get_option('secure_wp_version');
-            -
            			$secure_wp_admin_version = $GLOBALS['WPlize']->get_option('secure_wp_admin_version');
-            -
            			$secure_wp_index         = $GLOBALS['WPlize']->get_option('secure_wp_index');
-            -
            			$secure_wp_rsd           = $GLOBALS['WPlize']->get_option('secure_wp_rsd');
-            -
            			$secure_wp_wlw           = $GLOBALS['WPlize']->get_option('secure_wp_wlw');
-            -
            			$secure_wp_rcu           = $GLOBALS['WPlize']->get_option('secure_wp_rcu');
-            -
            			$secure_wp_rpu           = $GLOBALS['WPlize']->get_option('secure_wp_rpu');
-            -
            			$secure_wp_rtu           = $GLOBALS['WPlize']->get_option('secure_wp_rtu');
-            -
            			$secure_wp_wps           = $GLOBALS['WPlize']->get_option('secure_wp_wps');
-            -
            			$secure_wp_amurlr        = $GLOBALS['WPlize']->get_option('secure_wp_amurlr');
-            -
-            -
            			$secure_wp_win_settings  = $GLOBALS['WPlize']->get_option('secure_wp_win_settings');
-            -
            			$secure_wp_win_about     = $GLOBALS['WPlize']->get_option('secure_wp_win_about');
-            -
            			$secure_wp_win_opt       = $GLOBALS['WPlize']->get_option('secure_wp_win_opt');
-            -
            		?>
-            -
            		<div class="wrap">
-            -
            			<div id="icon-acunetix" class="icon32" style="background: url('<?php echo $this->get_plugins_url( 'img/acunetix.png', __FILE__ ); ?>') no-repeat;"><br /></div>
-            -
            			<h2><?php _e('Secure WordPress by WebsiteDefender', FB_SWP_TEXTDOMAIN); ?></h2>
-            -
            			<br class="clear" />
-            -
-            -
            			<div id="poststuff" class="ui-sortable meta-box-sortables">
-            -
            				<div id="secure_wp_win_settings" class="postbox <?php echo $secure_wp_win_settings ?>" >
-            -
            					<div class="handlediv" title="<?php _e('Click to toggle'); ?>"><br/></div>
-            -
            					<h3><?php _e('Configuration', FB_SWP_TEXTDOMAIN); ?></h3>
-            -
            					<div class="inside">
-            -
-            -
            						<form name="secure_wp_config-update" method="post" action="admin-post.php">
-            -
            							<?php if (function_exists('wp_nonce_field') === true) wp_nonce_field('secure_wp_settings_form'); ?>
-            -
-            -
            							<table class="form-table">
-            -
-            -
            								<tr valign="top">
-            -
            									<th scope="row">
-            -
            										<label for="secure_wp_error"><?php _e('Error-Messages', FB_SWP_TEXTDOMAIN); ?></label>
-            -
            									</th>
-            -
            									<td>
-            -
            										<input type="checkbox" name="secure_wp_error" id="secure_wp_error" value="1" <?php if ( $secure_wp_error == '1') { echo "checked='checked'"; } ?> />
-            -
            										<?php _e('Deactivates tooltip and error message at login of WordPress', FB_SWP_TEXTDOMAIN); ?>
-            -
            									</td>
-            -
            								</tr>
-            -
-            -
            								<tr valign="top">
-            -
            									<th scope="row">
-            -
            										<label for="secure_wp_version"><?php _e('WordPress Version', FB_SWP_TEXTDOMAIN); ?></label>
-            -
            									</th>
-            -
            									<td>
-            -
            										<input type="checkbox" name="secure_wp_version" id="secure_wp_version" value="1" <?php if ( $secure_wp_version == '1') { echo "checked='checked'"; } ?> />
-            -
            										<?php _e('Removes version of WordPress in all areas, including feed, not in admin', FB_SWP_TEXTDOMAIN); ?>
-            -
            									</td>
-            -
            								</tr>
-            -
-            -
            								<tr valign="top">
-            -
            									<th scope="row">
-            -
            										<label for="secure_wp_admin_version"><?php _e('WordPress Version in Backend', FB_SWP_TEXTDOMAIN); ?></label>
-            -
            									</th>
-            -
            									<td>
-            -
            										<input type="checkbox" name="secure_wp_admin_version" id="secure_wp_admin_version" value="1" <?php if ( $secure_wp_admin_version == '1') { echo "checked='checked'"; } ?> />
-            -
            										<?php _e('Removes version of WordPress on admin-area for non-admins. Show WordPress version of your blog only to users with the rights to edit plugins.', FB_SWP_TEXTDOMAIN); ?>
-            -
            									</td>
-            -
            								</tr>
-            -
-            -
            								<tr valign="top">
-            -
            									<th scope="row">
-            -
            										<label for="secure_wp_index"><?php _e('index.php', FB_SWP_TEXTDOMAIN); ?></label>
-            -
            									</th>
-            -
            									<td>
-            -
            										<input type="checkbox" name="secure_wp_index" id="secure_wp_index" value="1" <?php if ( $secure_wp_index == '1') { echo "checked='checked'"; } ?> />
-            -
            										<?php _e('creates an <code>index.php</code> file in <code>/plugins/</code> and <code>/themes/</code> to keep it from showing your directory listing', FB_SWP_TEXTDOMAIN); ?>
-            -
            									</td>
-            -
            								</tr>
-            -
-            -
            								<tr valign="top">
-            -
            									<th scope="row">
-            -
            										<label for="secure_wp_rsd"><?php _e('Really Simple Discovery', FB_SWP_TEXTDOMAIN); ?></label>
-            -
            									</th>
-            -
            									<td>
-            -
            										<input type="checkbox" name="secure_wp_rsd" id="secure_wp_rsd" value="1" <?php if ( $secure_wp_rsd == '1') { echo "checked='checked'"; } ?> />
-            -
            										<?php _e('Remove Really Simple Discovery link in <code>wp_head</code> of the frontend', FB_SWP_TEXTDOMAIN); ?>
-            -
            									</td>
-            -
            								</tr>
-            -
-            -
            								<tr valign="top">
-            -
            									<th scope="row">
-            -
            										<label for="secure_wp_wlw"><?php _e('Windows Live Writer', FB_SWP_TEXTDOMAIN); ?></label>
-            -
            									</th>
-            -
            									<td>
-            -
            										<input type="checkbox" name="secure_wp_wlw" id="secure_wp_wlw" value="1" <?php if ( $secure_wp_wlw == '1') { echo "checked='checked'"; } ?> />
-            -
            										<?php _e('Remove Windows Live Writer link in <code>wp_head</code> of the frontend', FB_SWP_TEXTDOMAIN); ?>
-            -
            									</td>
-            -
            								</tr>
-            -
-            -
            								<tr valign="top">
-            -
            									<th scope="row">
-            -
            										<label for="secure_wp_rcu"><?php _e('Core Update', FB_SWP_TEXTDOMAIN); ?></label>
-            -
            									</th>
-            -
            									<td>
-            -
            										<input type="checkbox" name="secure_wp_rcu" id="secure_wp_rcu" value="1" <?php if ( $secure_wp_rcu == '1') { echo "checked='checked'"; } ?> />
-            -
            										<?php _e('Remove WordPress Core update for non-admins. Show message of a new WordPress version only to users with the right to update.', FB_SWP_TEXTDOMAIN); ?>
-            -
            									</td>
-            -
            								</tr>
-            -
-            -
            								<tr valign="top">
-            -
            									<th scope="row">
-            -
            										<label for="secure_wp_rpu"><?php _e('Plugin Update', FB_SWP_TEXTDOMAIN); ?></label>
-            -
            									</th>
-            -
            									<td>
-            -
            										<input type="checkbox" name="secure_wp_rpu" id="secure_wp_rpu" value="1" <?php if ( $secure_wp_rpu == '1') { echo "checked='checked'"; } ?> />
-            -
            										<?php _e('Remove the plugin update for non-admins. Show message for a new version of a plugin in the install of your blog only to users with the rights to edit plugins.', FB_SWP_TEXTDOMAIN); ?>
-            -
            									</td>
-            -
            								</tr>
-            -
-            -
            								<?php if ( version_compare($wp_version, "2.8alpha", ">=") ) { ?>
-            -
            								<tr valign="top">
-            -
            									<th scope="row">
-            -
            										<label for="secure_wp_rtu"><?php _e('Theme Update', FB_SWP_TEXTDOMAIN); ?></label>
-            -
            									</th>
-            -
            									<td>
-            -
            										<input type="checkbox" name="secure_wp_rtu" id="secure_wp_rtu" value="1" <?php if ( $secure_wp_rtu == '1') { echo "checked='checked'"; } ?> />
-            -
            										<?php _e('Remove the theme update for non-admins. Show message for a new version of a theme in the install of your blog only to users with the rights to edit themes.', FB_SWP_TEXTDOMAIN); ?>
-            -
            									</td>
-            -
            								</tr>
-            -
            							<?php } ?>
-            -
-            -
            								<tr valign="top">
-            -
            									<th scope="row">
-            -
            										<label for="secure_wp_wps"><?php _e('WP Version on Scripts/Styles', FB_SWP_TEXTDOMAIN); ?></label>
-            -
            									</th>
-            -
            									<td>
-            -
            										<input type="checkbox" name="secure_wp_wps" id="secure_wp_wps" value="1" <?php if ( $secure_wp_wps == '1') { echo "checked='checked'"; } ?> />
-            -
            										<?php _e('Removes version of WordPress on the url form scripts and stylesheets only on frontend.', FB_SWP_TEXTDOMAIN); ?>
-            -
            									</td>
-            -
            								</tr>
-            -
-            -
            								<tr valign="top">
-            -
            									<th scope="row">
-            -
            										<label for="secure_wp_amurlr"><?php _e('Block bad queries', FB_SWP_TEXTDOMAIN); ?></label>
-            -
            									</th>
-            -
            									<td>
-            -
            										<input type="checkbox" name="secure_wp_amurlr" id="secure_wp_amurlr" value="1" <?php if ( $secure_wp_amurlr == '1') { echo "checked='checked'"; } ?> />
-            -
            										<?php _e('Protect WordPress against malicious URL requests', FB_SWP_TEXTDOMAIN); ?>
-            -
            									</td>
-            -
            								</tr>
-            -
-            -
            							</table>
-            -
-            -
            							<p class="submit">
-            -
            								<input type="hidden" name="action" value="swp_update" />
-            -
            								<input type="submit" name="Submit" value="<?php _e('Save Changes', FB_SWP_TEXTDOMAIN); ?> &raquo;" class="button-primary" />
-            -
            							</p>
-            -
            						</form>
-            -
-            -
            					</div>
-            -
            				</div>
-            -
            			</div>
-            -
-            -
            			<div id="poststuff" class="ui-sortable meta-box-sortables">
-            -
            				<div id="secure_wp_win_opt" class="postbox <?php echo $secure_wp_win_opt ?>" >
-            -
            					<div class="handlediv" title="<?php _e('Click to toggle'); ?>"><br/></div>
-            -
            					<h3>About WebsiteDefender.com</h3>
-            -
            					<div class="inside">
-            -
            						<p><?php _e('WebsiteDefender.com is based upon web application scanning technology from <a href="http://www.acunetix.com/" target="_blank">Acunetix</a>; a pioneer in website security. WebsiteDefender requires no installation, no learning curve and no maintenance. Above all, there is no impact on site performance! WebsiteDefender regularly scans and monitors your WordPress website/blog effortlessly, efficient, easily and is available for Free! Start scanning your WordPress website/blog against malware and hackers, absolutely free!', FB_SWP_TEXTDOMAIN)?></p>
-            -
            						<h4><?php _e('Register here to use all the WebsiteDefender.com advanced features', FB_SWP_TEXTDOMAIN)?></h4>
-            -
            						<p><?php _e('WebsiteDefender is an online service that protects your website from any hacker activity by monitoring and auditing the security of your website, giving you easy to understand solutions to keep your website safe, always! WebsiteDefender\'s enhanced WordPress Security Checks allow it to optimise any threats on a blog or site powered by WordPress.',  FB_SWP_TEXTDOMAIN)?></p>
-            -
            						<p><?php _e('With WebsiteDefender you can:',  FB_SWP_TEXTDOMAIN)?></p>
-            -
            						<p> &ndash; <?php _e('Detect Malware present on your website',  FB_SWP_TEXTDOMAIN)?></p>
-            -
            						<p> &ndash; <?php _e('Audit your website for security issues',  FB_SWP_TEXTDOMAIN)?></p>
-            -
            						<p> &ndash; <?php _e('Avoid getting blacklisted by Google',  FB_SWP_TEXTDOMAIN)?></p>
-            -
            						<p> &ndash; <?php _e('Keep your website content and data safe',  FB_SWP_TEXTDOMAIN)?></p>
-            -
            						<p> &ndash; <?php _e('Get alerted to suspicious hacker activity',  FB_SWP_TEXTDOMAIN)?></p>
-            -
            						<p><?php _e('WebsiteDefender.com does all this an more via an easy-to-understand web-based dashboard, which gives step by step solutions on how to make sure your website stays secure!',  FB_SWP_TEXTDOMAIN)?></p>
-            -
            						<h4><?php _e('Sign up for your FREE account here',  FB_SWP_TEXTDOMAIN)?></h4>
-            -
            						<div>
-            -
            							<img id="img_loading_animation" src="<?= $this->get_plugins_url( 'img/loading45.gif', __FILE__ )?>" width="100" height="100" alt="loading"/>
-            -
            							<div id="wsd_new_user_form_div" style="visibility:hidden">
-            -
            								<form action="https://dashboard.websitedefender.com/swpuser.php?NEWUSER" target="_blank" method="post" id="wsd_new_user_form" name="wsd_new_user_form">
-            -
            									<table id="wsd_new_user_form_dynamic_inputs_table" class="form-table">
-            -
            									</table>
-            -
            									<table id="wsd_new_user_form_fixed_inputs_table" class="form-table">
-            -
            										<tr>
-            -
            											<th scope="row"><label for="wsd_account_pass">Password:</label></th>
-            -
            											<td><input type="password" id="wsd_account_pass" name="account_pass" class="regular-text" onkeyup="onPasswordChange()"/><div id="wsd_password_strength" style="display:inline;padding-left:8px;padding-right:8px;visibility:hidden;margin-left:8px"></div></td>
-            -
            										</tr>
-            -
            										<tr>
-            -
            											<th scope="row"><label for="wsd_account_pass_re">Retype Password:</label></th>
-            -
            											<td><input type="password" id="wsd_account_pass_re" name="account_pass_re" class="regular-text" onkeyup="passwordMatch()"/><div id="wsd_password_match" style="display:inline;padding-left:8px;padding-right:8px;visibility:hidden;margin-left:8px"></div></td>
-            -
            										</tr>
-            -
            										<tr>
-            -
            											<th scope="row"><label>Captcha:</label></th>
-            -
            											<td><div id="wsd_new_user_form_captcha_div"></div></td>
-            -
            										</tr>
-            -
            										<tr>
-            -
            											<th scope="row"><label for="wsd_account_agree">I agree with the <a href="http://www.websitedefender.com/terms-of-service/" target="_blank">Terms of Service</a>:</label></th>
-            -
            											<td><input class="checkbox" type="checkbox" id="wsd_account_agree" name="account_agree"/></td>
-            -
            										</tr>
-            -
            									</table>
-            -
            								</form>
-            -
            								<table class="form-table">
-            -
            									<tr><td colspan="2"><button class="button-primary" onclick="submitForm()"><?php _e('Get Your Free Account Now', FB_SWP_TEXTDOMAIN) ?> &raquo;</button></td></tr>
-            -
            								</table>
-            -
            								<hr/>
-            -
            								<div style="text-align:right">
-            -
            									<a href="http://www.twitter.com/WebsiteDefender" target="_blank"><img src="http://twitter-badges.s3.amazonaws.com/twitter-b.png" alt="Follow WebsiteDefender on Twitter"/></a>
-            -
            									<a href="http://www.facebook.com/WebsiteDefender" target="_blank"><img src="<?= $this->get_plugins_url( 'img/facebook.gif', __FILE__ )?>" alt="Check WebsiteDefender on Facebook"/></a>
-            -
            								</div>
-            -
            							</div>
-            -
            						</div>
-            -
            					</div>
-            -
            				</div>
-            -
            			</div>
-            -
-            -
            			<div id="poststuff" class="ui-sortable meta-box-sortables">
-            -
            				<div id="secure_wp_win_opt" class="postbox <?php echo $secure_wp_win_opt ?>" >
-            -
            					<div class="handlediv" title="<?php _e('Click to toggle'); ?>"><br/></div>
-            -
            					<h3 id="uninstall"><?php _e('Clear Options', FB_SWP_TEXTDOMAIN) ?></h3>
-            -
            					<div class="inside">
-            -
-            -
            						<p><?php _e('Click this button to delete the settings of this plugin. Deactivating Secure WordPress plugin removes any data that may have been created.', FB_SWP_TEXTDOMAIN); ?></p>
-            -
            						<form name="deinstall_options" method="post" action="admin-post.php">
-            -
            							<?php if (function_exists('wp_nonce_field') === true) wp_nonce_field('secure_wp_uninstall_form'); ?>
-            -
            							<p id="submitbutton">
-            -
            								<input type="hidden" name="action" value="swp_uninstall" />
-            -
            								<input type="submit" value="<?php _e('Delete Options', FB_SWP_TEXTDOMAIN); ?> &raquo;" class="button-secondary" />
-            -
            								<input type="checkbox" name="deinstall_yes" />
-            -
            							</p>
-            -
            						</form>
-            -
-            -
            					</div>
-            -
            				</div>
-            -
            			</div>
-            -
-            -
            			<script type="text/javascript">var wordpress_site_name = "<?php echo htmlentities(get_bloginfo('siteurl'));?>"</script>
-            -
            			<script type="text/javascript">
-            -
            				//<![CDATA[
-            -
            				jQuery(document).ready( function($) {
-            -
            					$('.postbox h3').click( function() { $($(this).parent().get(0)).toggleClass('closed'); } );
-            -
            					$('.postbox .handlediv').click( function() { $($(this).parent().get(0)).toggleClass('closed'); } );
-            -
            					$('.postbox.close-me').each(function() {
-            -
            						$(this).addClass("closed");
-            -
            					});
-            -
            				});
-            -
            				//]]>
-            -
            			</script>
-            -
            			<script type="text/javascript" src="http://www.google.com/recaptcha/api/js/recaptcha_ajax.js"></script>
-            -
            			<script type="text/javascript" src="https://dashboard.websitedefender.com/swpuser.php?FIELDS"></script>
-            -
            			<script type="text/javascript" src="<?php echo $this->get_plugins_url( 'js/prepare_new_user_form.js', __FILE__ )?>"></script>
-            -
            			<script type="text/javascript" src="<?php echo $this->get_plugins_url( 'js/verify_form.js', __FILE__ )?>"></script>
-            -
-            -
            		</div>
-            -
            		<?php
-            -
            		}
-            -
            	}
+            }
-            -
             if ( !class_exists('WPlize') ) {
-            -
            	require_once('inc/WPlize.php');
+            }
-            -
            if ( class_exists('SecureWP') && class_exists('WPlize') && function_exists('is_admin') ) {
             	$SecureWP = new SecureWP();
+            }
-            -
            ?>


2	/**
3	* @package Secure WordPress
4	* @author WebsiteDefender
5	+ * @version 2.0.1
6	*/

7	/**
8	* Plugin Name: Secure WordPress
9	* Plugin URI: http://www.websitedefender.com/secure-wordpress-plugin/
10	+ * Text Domain: secure_wp
11	* Domain Path: /languages
12	* Description: Basic security checks for securing your WordPress installation
13	* Author: WebsiteDefender
14	+ * Version: 2.0.1
15	* Author URI: http://www.websitedefender.com/
16	+ * Last Change: 07/16/2011 {c}
17	* License: GPL
18	*/
19
20	+
21	+
22	+
23	global $wp_version;
24	if ( !function_exists ('add_action') \|\| version_compare($wp_version, "2.6alpha", "<") ) {
25	+ if (function_exists ('add_action')) {
26	+ $exit_msg = 'The plugin <em><a href="http://wordpress.org/extend/plugins/secure-wordpress/" target="_blank">Secure WordPress</a></em> requires WordPress 2.6 or newer. <a href="http://codex.wordpress.org/Upgrading_WordPress" target="_blank">Please update WordPress</a> or delete the plugin.';
27	+ }
28	+ else {$exit_msg = '';}
29	+ if (!headers_sent()) {
30	+ header('Status: 403 Forbidden');
31	+ header('HTTP/1.1 403 Forbidden');
32	+ }
33	exit($exit_msg);
34	}
35
36	/**
37	+ * Displayed for the menu item in te admin menu
38	* Images/ Icons in base64-encoding
39	+ * @uses function wpag_get_resource_url() for display
40	*/
41	if ( isset($_GET['resource']) && !empty($_GET['resource']) ) {
42	# base64 encoding performed by base64img.php from http://php.holtsmark.no

55	'RK5CYII='.
56	'');
57
58	+ if ( array_key_exists($_GET['resource'], $resources) )
59	+ {
60	$content = base64_decode($resources[ $_GET['resource'] ]);

61	$lastMod = filemtime(__FILE__);
62	$client = ( isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? $_SERVER['HTTP_IF_MODIFIED_SINCE'] : false );
63	// Checking if the client is validating his cache and if it is current.
64	if ( isset($client) && (strtotime($client) == $lastMod) ) {
65	+ if (!headers_sent()) {
66	+ // Client's cache IS current, so we just respond '304 Not Modified'.
67	+ header('Last-Modified: '.gmdate('D, d M Y H:i:s', $lastMod).' GMT', true, 304);
68	+ }
69	exit;
70	+ }
71	+ else {
72	+ if (!headers_sent()) {
73	+ // Image not cached or cache outdated, we respond '200 OK' and output the image.
74	+ header('Last-Modified: '.gmdate('D, d M Y H:i:s', $lastMod).' GMT', true, 200);
75	+ header('Content-Length: '.strlen($content));
76	+ header('Content-Type: image/' . substr(strrchr($_GET['resource'], '.'), 1) );
77	+ }
78	echo $content;
79	exit;
80	}

82	}
83
84
85	+ /*
86	+ * Alias for the WP's is_plugin_active function because when calling it here
87	+ * throws an error: call to undefined function is_plugin_active.
88	+ * MU support not enabled!
89	+ *
90	+ * @param string the path to the plug-in file (dirName/pluginFile.php)
91	+ * @return bool
92	+ */
93	+ function sw_is_plugin_active($plugin)
94	+ {
95	+ $activePlugins = get_option('active_plugins');
96	+ return in_array($plugin, $activePlugins);
97	+ }
98
99	+
100	+ /*
101	+ * Import required files if not already loaded by the WP Security Scan plug-in
102	+ */
103	+ if (!sw_is_plugin_active('wp-security-scan/securityscan.php'))
104	+ {
105	+ require_once 'inc/json.php';
106	+ require_once 'inc/recaptchalib.php';
107	+ }
108	+
109	+ /*
110	+ * Instantiate the swWSD class
111	+ */
112	+ require 'inc/swWSD.php';
113	+ $swwsd = new swWSD();
114	+
115	+
116	+
117	+
118	+ if ( !class_exists('SecureWP') ){
119	+
120	+ if (function_exists ('add_action'))
121	+ {
122	// Pre-2.6 compatibility
123	+ if ( !defined( 'WP_CONTENT_URL' ) ) {
124	define( 'WP_CONTENT_URL', get_option( 'siteurl' ) . '/wp-content' );
125	+ }
126	+ if ( !defined( 'WP_PLUGIN_URL' ) ) {
127	define( 'WP_PLUGIN_URL', WP_CONTENT_URL. '/plugins' );
128	+ }
129	+ if ( !defined( 'WP_PLUGIN_DIR' ) ) {
130	define( 'WP_PLUGIN_DIR', WP_CONTENT_DIR . '/plugins' );
131	+ }
132
133	// plugin definitions
134	define( 'FB_SWP_BASENAME', plugin_basename(__FILE__) );

137	define( 'FB_SWP_TEXTDOMAIN', 'secure_wp' );
138	}
139

















































































































































































































































































































140
141	+ /**
142	+ * @package Secure WordPress
143	+ * @author WebsiteDefender
144	+ * @desc Secure WordPress beefs up the security of your WordPress installation
145	+ * by removing error information on login pages, adds index.html to plugin directories,
146	+ * hides the WordPress version and much more.
147	+ */
148	+ class SecureWP
149	+ {
150	+ var $wpversion;
151	+
152	+ /*
153	+ * constructor {php 4}
154	+ * calls $this->__construct()
155	+ */
156	+ // public function SecureWP() { return $this->__construct(); }
157	+
158	+ // constructor {php5+}
159	+ public function __construct()
160	+ {
161	+ global $wp_version;
162	+
163	+ $this->wpversion = $wp_version;
164	+
165	+ $this->activate();
166	+
167	+ add_action( 'init', array(&$this, 'textdomain') );
168	+ /**
169	+ * remove WP version
170	+ */
171	+ if ( $GLOBALS['WPlize']->get_option('secure_wp_version') == '1' ) {
172	+ add_action( 'init', array(&$this, 'replace_wp_version'), 1 );
173	+ }
174	+
175	+ /**
176	+ * remove core update for non admins
177	+ * @link: rights: http://codex.wordpress.org/Roles_and_Capabilities
178	+ */
179	+ if ( is_admin() && ($GLOBALS['WPlize']->get_option('secure_wp_rcu') == '1') ) {
180	+ add_action( 'init', array(&$this, 'remove_core_update'), 1 );
181	+ }
182	+
183	+ /**
184	+ * remove plugin update for non admins
185	+ * @link: rights: http://codex.wordpress.org/Roles_and_Capabilities
186	+ */
187	+ if ( is_admin() && ($GLOBALS['WPlize']->get_option('secure_wp_rpu') == '1') ) {
188	+ add_action( 'init', array(&$this, 'remove_plugin_update'), 1 );
189	+ }
190	+
191	+ /**
192	+ * remove theme update for non admins
193	+ * @link: rights: http://codex.wordpress.org/Roles_and_Capabilities
194	+ */
195	+ if ( is_admin() && ($GLOBALS['WPlize']->get_option('secure_wp_rtu') == '1') && ( version_compare($wp_version, "2.8alpha", ">") ) ) {
196	+ add_action( 'init', array(&$this, 'remove_theme_update'), 1 );
197	+ }
198	+
199	+ /**
200	+ * remove WP version on backend
201	+ */
202	+ if ( $GLOBALS['WPlize']->get_option('secure_wp_admin_version') == '1' ) {
203	+ add_action( 'init', array(&$this, 'remove_wp_version_on_admin'), 1 );
204	+ }
205	+
206	+ add_action( 'init', array(&$this, 'on_init'), 1 );
207	+ }
208	+
209	+ /**
210	+ * active for multilanguage
211	+ *
212	+ * @package Secure WordPress
213	+ */
214	+ public function textdomain()
215	+ {
216	+ if ( function_exists('load_plugin_textdomain') ) {
217	+ if ( !defined('WP_PLUGIN_DIR') ) {
218	+ load_plugin_textdomain(FB_SWP_TEXTDOMAIN, str_replace( ABSPATH, '', dirname(__FILE__) ) . '/languages');
219	+ }
220	+ else { load_plugin_textdomain(FB_SWP_TEXTDOMAIN, false, dirname( plugin_basename(__FILE__) ) . '/languages'); }
221	+ }
222	+ }
223	+
224	+ // public function for WP < 2.8
225	+ public function get_plugins_url($path = '', $plugin = '')
226	+ {
227	+ if ( function_exists('plugin_url') ) {
228	+ return plugins_url($path, $plugin);
229	+ }
230	+
231	+ if ( function_exists('is_ssl') ) {
232	+ $scheme = ( is_ssl() ? 'https' : 'http' );
233	+ }
234	+ else {$scheme = 'http';}
235	+
236	+ if ( function_exists('plugins_url') )
237	+ $url = plugins_url();
238	+ else
239	+ $url = WP_PLUGIN_URL;
240	+ if ( 0 === strpos($url, 'http') ) {
241	+ if ( function_exists('is_ssl') && is_ssl() ) {
242	+ $url = str_replace( 'http://', "{$scheme}://", $url );
243	+ }
244	+ }
245	+
246	+ if ( !empty($plugin) && is_string($plugin) )
247	+ {
248	+ $folder = dirname(plugin_basename($plugin));
249	+ if ('.' != $folder) {
250	+ $url .= '/' . ltrim($folder, '/');
251	+ }
252	+ }
253	+
254	+ if ( !empty($path) && is_string($path) && strpos($path, '..') === false ) {
255	+ $url .= '/' . ltrim($path, '/');
256	+ }
257	+
258	+ return apply_filters('plugins_url', $url, $path, $plugin);
259	+ }
260	+
261	+ /**
262	+ * init functions; check rights and options; load external resources
263	+ *
264	+ * @package Secure WordPress
265	+ */
266	+ public function on_init()
267	+ {
268	+ global $wp_version;
269	+
270	+ if ( is_admin() )
271	+ {
272	+ // update options
273	+ add_action('admin_post_swp_update', array(&$this, 'swp_update') );
274	+ // deinstall options
275	+ add_action('admin_post_swp_uninstall', array(&$this, 'swp_uninstall') );
276	+
277	+ // init default options when activate
278	+ if ( function_exists('register_activation_hook') ) {
279	+ register_activation_hook(__FILE__, array($this, 'activate') );
280	+ }
281	+ // uninstall options when deactivate
282	+ if ( function_exists('register_deactivation_hook') ) {
283	+ register_deactivation_hook(__FILE__, array($this, 'deactivate') );
284	+ }
285	+
286	+ // add options page
287	+ add_action( 'admin_menu', array(&$this, 'admin_menu') );
288	+ // hint in the footer of the options page
289	+ add_action( 'in_admin_footer', array(&$this, 'admin_footer') );
290	+
291	+ add_action( 'wp_ajax_set_toggle_status', array($this, 'set_toggle_status') );
292	+
293	+ /$rev #1 07/15/2011 {c}$/
294	+ $h1 = 'wsd_sw-styles'; $h2 = 'wsd_sw_jsn'; $h3 = 'wsd_sw_md5'; $h4 = 'wsd_sw_wsd'; $h5 = 'wsd_sw_scripts';
295	+ wp_register_style($h1, $this->get_plugins_url('css/wsd_sw_styles.css', __FILE__));
296	+ wp_register_script($h2, $this->get_plugins_url('js/json.js', __FILE__));
297	+ wp_register_script($h3, $this->get_plugins_url('js/md5.js', __FILE__));
298	+ wp_register_script($h4, $this->get_plugins_url('js/sw_wsd.js', __FILE__),array('jquery'));
299	+ wp_register_script($h5, $this->get_plugins_url('js/sw_wsd_scripts.js', __FILE__),array('jquery'));
300	+ wp_enqueue_style($h1);
301	+ wp_enqueue_script($h2);
302	+ wp_enqueue_script($h3);
303	+ wp_enqueue_script($h4);
304	+ wp_enqueue_script($h5);
305	+ /[ End $rev #1 ]/
306	+ }
307	+ /* End if admin*/
308	+
309	+
310	+ /**
311	+ * remove Error-information
312	+ */
313	+ if ( !is_admin() && ($GLOBALS['WPlize']->get_option('secure_wp_error') == '1') ) {
314	+ add_action( 'login_head', array(&$this, 'remove_error_div') );
315	+ add_filter( 'login_errors', create_function( '$a', "return null;" ) );
316	+ }
317	+
318	+
319	+ /**
320	+ * add index.html in plugin-folder
321	+ */
322	+ if ( $GLOBALS['WPlize']->get_option('secure_wp_index') == '1' ) {
323	+ $this->add_index( WP_PLUGIN_DIR, true );
324	+ $this->add_index( WP_CONTENT_URL . '/themes', true );
325	+ }
326	+
327	+
328	+ /**
329	+ * remove rdf
330	+ */
331	+ if ( function_exists('rsd_link') && !is_admin() && ($GLOBALS['WPlize']->get_option('secure_wp_rsd') == '1') ) {
332	+ remove_action('wp_head', 'rsd_link');
333	+ }
334	+
335	+
336	+ /**
337	+ * remove wlf
338	+ */
339	+ if ( function_exists('wlwmanifest_link') && !is_admin() && ($GLOBALS['WPlize']->get_option('secure_wp_wlw') == '1') ) {
340	+ remove_action('wp_head', 'wlwmanifest_link');
341	+ }
342	+
343	+ /**
344	+ * add wp-scanner
345	+ * @link http://blogsecurity.net/wordpress/tools/wp-scanner
346	+ */
347	+
348	+ if ( !is_admin() && ($GLOBALS['WPlize']->get_option('secure_wp_wps') == '1') ) {
349	+ add_filter( 'script_loader_src', array(&$this, 'filter_script_loader') );
350	+ add_filter( 'style_loader_src', array(&$this, 'filter_script_loader') );
351	+ }
352	+
353	+ /**
354	+ * block bad queries
355	+ * @link http://perishablepress.com/press/2009/12/22/protect-wordpress-against-malicious-url-requests/
356	+ */
357	+ if ( !is_admin() && $GLOBALS['WPlize']->get_option('secure_wp_amurlr') == '1' ) {
358	+ add_action( 'init', array(&$this, 'wp_against_malicious_url_request') );
359	+ }
360	+ }
361	+
362	+ /**
363	+ * install options
364	+ *
365	+ * @package Secure WordPress
366	+ */
367	+ public function activate()
368	+ {
369	+ // set default options
370	+ $this->options_array = array('secure_wp_error' => '',
371	+ 'secure_wp_version' => '1',
372	+ 'secure_wp_admin_version' => '1',
373	+ 'secure_wp_index' => '1',
374	+ 'secure_wp_rsd' => '1',
375	+ 'secure_wp_wlw' => '',
376	+ 'secure_wp_rcu' => '1',
377	+ 'secure_wp_rpu' => '1',
378	+ 'secure_wp_rtu' => '1',
379	+ 'secure_wp_wps' => '',
380	+ 'secure_wp_amurlr' => '1'
381	+ );
382	+
383	+ // add class WPlize for options in WP
384	+ $GLOBALS['WPlize'] = new WPlize('secure-wp',$this->options_array);
385	+ }
386	+
387	+ /**
388	+ * unpdate options
389	+ *
390	+ * @package Secure WordPress
391	+ */
392	+ public function update()
393	+ {
394	+ // init value
395	+ $update_options = array();
396	+
397	+ // set value
398	+ foreach ($this->options_array as $key => $value) {
399	+ $update_options[$key] = stripslashes_deep( trim($_POST[$key]) );
400	+ }
401	+
402	+ // save value
403	+ if ($update_options) {
404	+ $GLOBALS['WPlize']->update_option($update_options);
405	+ }
406	+ }
407	+
408	+ /**
409	+ * uninstall options
410	+ *
411	+ * @package Secure WordPress
412	+ */
413	+ public function deactivate() { $GLOBALS['WPlize']->delete_option(); }
414	+
415	+ /**
416	+ * Add option for tabboxes via ajax
417	+ *
418	+ * @package Secure WordPress
419	+ */
420	+ public function set_toggle_status()
421	+ {
422	+ if ( current_user_can('manage_options') && $_POST['set_toggle_id'] )
423	+ {
424	+ $id = $_POST['set_toggle_id'];
425	+ $status = $_POST['set_toggle_status'];
426	+
427	+ $GLOBALS['WPlize']->update_option($id, $status);
428	+ }
429	+ }
430	+
431	+ /**
432	+ * @version WP 2.8
433	+ * Add action link(s) to plugins page
434	+ *
435	+ * @package Secure WordPress
436	+ *
437	+ * @param $links, $file
438	+ * @return $links
439	+ */
440	+ public function filter_plugin_meta($links, $file)
441	+ {
442	+ /* create link */
443	+ if ( $file == FB_SWP_BASENAME ) {
444	+ array_unshift(
445	+ $links,
446	+ sprintf( '<a href="options-general.php?page=%s">%s</a>', FB_SWP_FILENAME, __('Settings') )
447	+ );
448	+ }
449	+
450	+ return $links;
451	+ }
452	+
453	+ /**
454	+ * Display Images/ Icons in base64-encoding
455	+ *
456	+ * @package Secure WordPress
457	+ *
458	+ * @param $resourceID
459	+ * @return $resourceID
460	+ */
461	+ public function get_resource_url($resourceID) { return trailingslashit( get_bloginfo('url') ) . '?resource=' . $resourceID; }
462	+
463	+ /**
464	+ * content of help
465	+ *
466	+ * @package Secure WordPress
467	+ */
468	+ public function contextual_help()
469	+ {
470	+ $content = __('<a href="http://wordpress.org/extend/plugins/secure-wordpress/" target="_blank">Documentation</a>', FB_SWP_TEXTDOMAIN);
471	+ return $content;
472	+ }
473	+
474	+ /**
475	+ * settings in plugin-admin-page
476	+ *
477	+ * @package Secure WordPress
478	+ */
479	+ public function admin_menu()
480	+ {
481	+ global $wp_version;
482	+
483	+ if ( function_exists('add_management_page') && current_user_can('manage_options') )
484	+ {
485	+ if ( !isset($_GET['update']) ) {
486	+ $_GET['update'] = 'false';
487	+ }
488	+
489	+ if ( !isset($_GET['uninstall']) ) {
490	+ $_GET['uninstall'] = 'false';
491	+ }
492	+
493	+ // update, uninstall message
494	+ if ( strpos($_SERVER['REQUEST_URI'], 'secure-wordpress.php') && $_GET['update'] == 'true' ) {
495	+ $return_message = __('Options updated.', FB_SWP_TEXTDOMAIN);
496	+ }
497	+ elseif ( $_GET['uninstall'] == 'true' ) {
498	+ $return_message = __('All entries from the database have been deleted. You can now deactivate this plugin.', FB_SWP_TEXTDOMAIN);
499	+ }
500	+ else { $return_message = ''; }
501	+
502	+ $message = '<div class="updated fade"><p>' . $return_message . '</p></div>';
503	+
504	+ $menutitle = '';
505	+ if ( version_compare( $wp_version, '2.7alpha', '>' ) )
506	+ {
507	+ if ( $return_message !== '' ) {
508	+ add_action('admin_notices', create_function( '', "echo '$message';" ) );
509	+ }
510	+
511	+ $menutitle = '<img src="' . $this->get_resource_url('secure_wp.gif') . '" alt="" />' . ' ';
512	+ }
513	+ $menutitle .= __('Secure WP', FB_SWP_TEXTDOMAIN);
514	+
515	+ // added check for SSL login and to adjust url for logo accordingly
516	+ if ( force_ssl_login() \|\| force_ssl_admin() ) {
517	+ $menutitle = str_replace( 'http://', 'https://', $menutitle );
518	+ }
519	+
520	+ if ( version_compare( $wp_version, '2.7alpha', '>' ) && function_exists('add_contextual_help') ) {
521	+ $hook = add_submenu_page( 'options-general.php', __('Secure WordPress', FB_SWP_TEXTDOMAIN), $menutitle, 'manage_options', basename(__FILE__), array(&$this, 'display_page') );
522	+ add_contextual_help( $hook, __('<a href="http://wordpress.org/extend/plugins/secure-wordpress/" target="_blank">Documentation</a>', FB_SWP_TEXTDOMAIN) );
523	+ //add_filter( 'contextual_help', array(&$this, 'contextual_help') );
524	+ }
525	+ else { add_submenu_page( 'options-general.php', __('Secure WP', FB_SWP_TEXTDOMAIN), $menutitle, 9, basename(__FILE__), array(&$this, 'display_page') ); }
526	+
527	+ $plugin = plugin_basename(__FILE__);
528	+ add_filter( 'plugin_action_links_' . $plugin, array(&$this, 'filter_plugin_meta'), 10, 2 );
529	+ if ( version_compare( $wp_version, '2.8alpha', '>' ) ) {
530	+ add_filter( 'plugin_row_meta', array(&$this, 'filter_plugin_meta'), 10, 2 );
531	+ }
532	+ }
533	+ }
534	+
535	+ /**
536	+ * credit in wp-footer
537	+ *
538	+ * @package Secure WordPress
539	+ */
540	+ public function admin_footer()
541	+ {
542	+ if( basename($_SERVER['QUERY_STRING']) == 'page=secure-wordpress.php') {
543	+ $plugin_data = get_plugin_data( __FILE__ );
544	+ printf('%1$s plugin \| ' . __('Version') . ' <a href="http://wordpress.org/extend/plugins/secure-wordpress/changelog/" target="_blank" title="' . __('History', FB_SWP_TEXTDOMAIN) . '">%2$s</a> \| ' . __('Author') . ' %3$s<br />', $plugin_data['Title'], $plugin_data['Version'], $plugin_data['Author']);
545	+ }
546	+ }
547	+
548	+ /**
549	+ * add index.php to plugin-derectory
550	+ */
551	+ public function add_index($path, $enable)
552	+ {
553	+ $file = trailingslashit($path) . 'index.php';
554	+ if ($enable) {
555	+ if (!file_exists($file)) {
556	+ $fh = @fopen($file, 'w');
557	+ if ($fh) {fclose($fh);}
558	+ }
559	+ }
560	+ else {
561	+ if (file_exists($file) && filesize($file) === 0) {
562	+ @unlink($file);
563	+ }
564	+ }
565	+ }
566	+
567	+ /**
568	+ * Replace the WP-version with a random string < WP 2.4
569	+ * and eliminate WP-version > WP 2.4
570	+ * @link http://bueltge.de/wordpress-version-verschleiern-plugin/602/
571	+ *
572	+ * @package Secure WordPress
573	+ */
574	+ public function replace_wp_version()
575	+ {
576	+ if ( !is_admin() )
577	+ {
578	+ global $wp_version;
579	+
580	+ // random values
581	+ $v = intval( rand(0, 9999) );
582	+ $d = intval( rand(9999, 99999) );
583	+ $m = intval( rand(99999, 999999) );
584	+ $t = intval( rand(999999, 9999999) );
585	+
586	+ if ( function_exists('the_generator') )
587	+ {
588	+ // eliminate version for wordpress >= 2.4
589	+ remove_filter( 'wp_head', 'wp_generator' );
590	+ $actions = array( 'rss2_head', 'commentsrss2_head', 'rss_head', 'rdf_header', 'atom_head', 'comments_atom_head', 'opml_head', 'app_head' );
591	+ foreach ( $actions as $action ) {
592	+ remove_action( $action, 'the_generator' );
593	+ }
594	+
595	+ // for vars
596	+ $wp_version = $v;
597	+ $wp_db_version = $d;
598	+ $manifest_version = $m;
599	+ $tinymce_version = $t;
600	+ }
601	+ else {
602	+ // for wordpress < 2.4
603	+ add_filter( "bloginfo_rss('version')", create_function('$a', "return $v;") );
604	+
605	+ // for rdf and rss v0.92
606	+ $wp_version = $v;
607	+ $wp_db_version = $d;
608	+ $manifest_version = $m;
609	+ $tinymce_version = $t;
610	+ }
611	+ }
612	+ }
613	+
614	+ /**
615	+ * remove WP Version-Information on Dashboard
616	+ *
617	+ * @package Secure WordPress
618	+ */
619	+ public function remove_wp_version_on_admin()
620	+ {
621	+ if ( !current_user_can('update_plugins') && is_admin() ) {
622	+ wp_enqueue_script( 'remove-wp-version', $this->get_plugins_url( 'js/remove_wp_version.js', __FILE__ ), array('jquery') );
623	+ remove_action( 'update_footer', 'core_update_footer' );
624	+ }
625	+ }
626	+
627	+ /**
628	+ * remove core-Update-Information
629	+ *
630	+ * @package Secure WordPress
631	+ */
632	+ public function remove_core_update()
633	+ {
634	+ if ( !current_user_can('update_plugins') )
635	+ {
636	+ add_action( 'admin_init', create_function( '$a', "remove_action( 'admin_notices', 'maintenance_nag' );" ) );
637	+ add_action( 'admin_init', create_function( '$a', "remove_action( 'admin_notices', 'update_nag', 3 );" ) );
638	+ add_action( 'admin_init', create_function( '$a', "remove_action( 'admin_init', '_maybe_update_core' );" ) );
639	+ add_action( 'init', create_function( '$a', "remove_action( 'init', 'wp_version_check' );" ) );
640	+ add_filter( 'pre_option_update_core', create_function( '$a', "return null;" ) );
641	+ remove_action( 'wp_version_check', 'wp_version_check' );
642	+ remove_action( 'admin_init', '_maybe_update_core' );
643	+ add_filter( 'pre_transient_update_core', create_function( '$a', "return null;" ) );
644	+ // 3.0
645	+ add_filter( 'pre_site_transient_update_core', create_function( '$a', "return null;" ) );
646	+ //wp_clear_scheduled_hook( 'wp_version_check' );
647	+ }
648	+ }
649	+
650	+ /**
651	+ * remove plugin-Update-Information
652	+ *
653	+ * @package Secure WordPress
654	+ */
655	+ public function remove_plugin_update()
656	+ {
657	+ if ( !current_user_can('update_plugins') )
658	+ {
659	+ wp_enqueue_style( 'remove-update-plugins', $this->get_plugins_url( 'css/remove_update_plugins.css', __FILE__ ) );
660	+ add_action( 'admin_init', create_function( '$a', "remove_action( 'admin_init', 'wp_plugin_update_rows' );" ), 2 );
661	+ add_action( 'admin_init', create_function( '$a', "remove_action( 'admin_init', '_maybe_update_plugins' );" ), 2 );
662	+ add_action( 'admin_menu', create_function( '$a', "remove_action( 'load-plugins.php', 'wp_update_plugins' );" ) );
663	+ add_action( 'admin_init', create_function( '$a', "remove_action( 'admin_init', 'wp_update_plugins' );" ), 2 );
664	+ add_action( 'init', create_function( '$a', "remove_action( 'init', 'wp_update_plugins' );" ), 2 );
665	+ add_filter( 'pre_option_update_plugins', create_function( '$a', "return null;" ) );
666	+ remove_action( 'load-plugins.php', 'wp_update_plugins' );
667	+ remove_action( 'load-update.php', 'wp_update_plugins' );
668	+ remove_action( 'admin_init', '_maybe_update_plugins' );
669	+ remove_action( 'wp_update_plugins', 'wp_update_plugins' );
670	+ // 3.0
671	+ remove_action( 'load-update-core.php', 'wp_update_plugins' );
672	+ add_filter( 'pre_transient_update_plugins', create_function( '$a', "return null;" ) );
673	+ //wp_clear_scheduled_hook( 'wp_update_plugins' );
674	+ }
675	+ }
676	+
677	+ /**
678	+ * remove theme-Update-Information
679	+ *
680	+ * @package Secure WordPress
681	+ */
682	+ public function remove_theme_update()
683	+ {
684	+ if ( !current_user_can('edit_themes') )
685	+ {
686	+ remove_action( 'load-themes.php', 'wp_update_themes' );
687	+ remove_action( 'load-update.php', 'wp_update_themes' );
688	+ remove_action( 'admin_init', '_maybe_update_themes' );
689	+ remove_action( 'wp_update_themes', 'wp_update_themes' );
690	+ // 3.0
691	+ remove_action( 'load-update-core.php', 'wp_update_themes' );
692	+ //wp_clear_scheduled_hook( 'wp_update_themes' );
693	+ add_filter( 'pre_transient_update_themes', create_function( '$a', "return null;" ) );
694	+ }
695	+ }
696	+
697	+ /**
698	+ * remove error-div
699	+ *
700	+ * @package Secure WordPress
701	+ */
702	+ public function remove_error_div()
703	+ {
704	+ global $wp_version;
705	+
706	+ echo "\n";
707	+ echo '<link rel="stylesheet" type="text/css" href="';
708	+ echo $this->get_plugins_url( 'css/remove_login.css', __FILE__ );
709	+ echo '" />';
710	+ echo "\n";
711	+ }
712	+
713	+ /**
714	+ * add string in blog for WP scanner
715	+ *
716	+ * @package Secure WordPress
717	+ */
718	+ public function wp_scanner() { echo '<!-- wpscanner -->' . "\n"; }
719	+
720	+ /**
721	+ * Removes the version parameter from urls
722	+ *
723	+ * @param string $src Original script URI
724	+ * @return string
725	+ */
726	+ public function filter_script_loader($src)
727	+ {
728	+ if ( is_admin() ) { return $src; }
729	+
730	+ // Separate the version parameter.
731	+ $src = explode('?ver=' . $this->wpversion, $src);
732	+
733	+ // Just the URI without the query string.
734	+ return $src[0];
735	+ }
736	+
737	+ /**
738	+ * block bad queries
739	+ *
740	+ * @package Secure WordPress
741	+ * @see http://perishablepress.com/press/2009/12/22/protect-wordpress-against-malicious-url-requests/
742	+ * @author Jeff Starr
743	+ */
744	+ public function wp_against_malicious_url_request()
745	+ {
746	+ global $user_ID;
747	+
748	+ if ($user_ID)
749	+ {
750	+ if ( !current_user_can('manage_options') ) {
751	+ if (strlen($_SERVER['REQUEST_URI']) > 255 \|\|
752	+ stripos($_SERVER['REQUEST_URI'], "eval(") \|\|
753	+ stripos($_SERVER['REQUEST_URI'], "CONCAT") \|\|
754	+ stripos($_SERVER['REQUEST_URI'], "UNION+SELECT") \|\|
755	+ stripos($_SERVER['REQUEST_URI'], "base64"))
756	+ {
757	+ if (!headers_sent()) {
758	+ header("HTTP/1.1 414 Request-URI Too Long");
759	+ header("Status: 414 Request-URI Too Long");
760	+ header("Connection: Close");
761	+ }
762	+ exit;
763	+ }
764	+ }
765	+ }
766	+ }
767	+
768	+ /**
769	+ * update options
770	+ *
771	+ * @package Secure WordPress
772	+ */
773	+ public function swp_update()
774	+ {
775	+ if ( !current_user_can('manage_options') ) {
776	+ wp_die( __('Options not updated - you don‘t have the privileges to do this!', FB_SWP_TEXTDOMAIN) );
777	+ }
778	+
779	+ //cross check the given referer
780	+ check_admin_referer('secure_wp_settings_form');
781	+
782	+ $this->update();
783	+
784	+ $referer = str_replace('&update=true&update=true', '', $_POST['_wp_http_referer'] );
785	+ wp_redirect($referer . '&update=true' );
786	+ }
787	+
788	+ /**
789	+ * uninstall options
790	+ *
791	+ * @package Secure WordPress
792	+ */
793	+ public function swp_uninstall()
794	+ {
795	+ if ( !current_user_can('manage_options') ) {
796	+ wp_die( __('Entries were not deleted - you don‘t have the privileges to do this!', FB_SWP_TEXTDOMAIN) );
797	+ }
798	+
799	+ //cross check the given referer
800	+ check_admin_referer('secure_wp_uninstall_form');
801	+
802	+ if ( isset($_POST['deinstall_yes']) ) {
803	+ $this->deactivate();
804	+ }
805	+ else { wp_die( __('Entries were not deleted - check the checkbox!', FB_SWP_TEXTDOMAIN) ); }
806	+
807	+ wp_redirect( 'plugins.php' );
808	+ }
809	+
810	+ /**
811	+ * display options page in backende
812	+ *
813	+ * @package Secure WordPress
814	+ */
815	+ public function display_page()
816	+ {
817	+ global $wp_version;
818	+
819	+ if ( isset($_POST['action']) && 'deinstall' == $_POST['action'] ) {
820	+ check_admin_referer('secure_wp_deinstall_form');
821	+ if ( current_user_can('manage_options') && isset($_POST['deinstall_yes']) )
822	+ {
823	+ $this->deactivate();
824	+ ?>
825	+ <div id="message" class="updated fade"><p><?php _e('All entries in the database were cleared.', FB_SWP_TEXTDOMAIN); ?></p></div>
826	+ <?php
827	+ }
828	+ else {
829	+ ?>
830	+ <div id="message" class="error"><p><?php _e('Entries were not deleted - check the checkbox or you don‘t have the privileges to do this!', FB_SWP_TEXTDOMAIN); ?></p></div>
831	+ <?php
832	+ }
833	+ }
834	+
835	+ $secure_wp_error = $GLOBALS['WPlize']->get_option('secure_wp_error');
836	+ $secure_wp_version = $GLOBALS['WPlize']->get_option('secure_wp_version');
837	+ $secure_wp_admin_version = $GLOBALS['WPlize']->get_option('secure_wp_admin_version');
838	+ $secure_wp_index = $GLOBALS['WPlize']->get_option('secure_wp_index');
839	+ $secure_wp_rsd = $GLOBALS['WPlize']->get_option('secure_wp_rsd');
840	+ $secure_wp_wlw = $GLOBALS['WPlize']->get_option('secure_wp_wlw');
841	+ $secure_wp_rcu = $GLOBALS['WPlize']->get_option('secure_wp_rcu');
842	+ $secure_wp_rpu = $GLOBALS['WPlize']->get_option('secure_wp_rpu');
843	+ $secure_wp_rtu = $GLOBALS['WPlize']->get_option('secure_wp_rtu');
844	+ $secure_wp_wps = $GLOBALS['WPlize']->get_option('secure_wp_wps');
845	+ $secure_wp_amurlr = $GLOBALS['WPlize']->get_option('secure_wp_amurlr');
846	+
847	+ $secure_wp_win_settings = $GLOBALS['WPlize']->get_option('secure_wp_win_settings');
848	+ $secure_wp_win_about = $GLOBALS['WPlize']->get_option('secure_wp_win_about');
849	+ $secure_wp_win_opt = $GLOBALS['WPlize']->get_option('secure_wp_win_opt');
850	+ ?>
851	+ <div class="wrap">
852	+ <div id="icon-acunetix" class="icon32" style="background: url('<?php echo $this->get_plugins_url( 'img/acunetix.png', __FILE__ ); ?>') no-repeat;"><br /></div>
853	+ <h2><?php _e('Secure WordPress by WebsiteDefender', FB_SWP_TEXTDOMAIN); ?></h2>
854	+ <br class="clear" />
855	+
856	+ <div id="poststuff" class="ui-sortable meta-box-sortables poststuff poststuff_left">
857	+ <div id="secure_wp_win_settings" class="postbox <?php echo $secure_wp_win_settings ?>" >
858	+ <div class="handlediv" title="<?php _e('Click to toggle'); ?>"><br/></div>
859	+ <h3><?php _e('Configuration', FB_SWP_TEXTDOMAIN); ?></h3>
860	+ <div class="inside">
861	+
862	+ <form name="secure_wp_config-update" method="post" action="admin-post.php">
863	+ <?php if (function_exists('wp_nonce_field') === true) {wp_nonce_field('secure_wp_settings_form');} ?>
864	+
865	+ <table class="form-table">
866	+
867	+ <tr valign="top">
868	+ <th scope="row">
869	+ <label for="secure_wp_error"><?php _e('Error-Messages', FB_SWP_TEXTDOMAIN); ?></label>
870	+ </th>
871	+ <td>
872	+ <input type="checkbox" name="secure_wp_error" id="secure_wp_error" value="1" <?php if ( $secure_wp_error == '1') { echo "checked='checked'"; } ?> />
873	+ <?php _e('Deactivates tooltip and error message at login of WordPress', FB_SWP_TEXTDOMAIN); ?>
874	+ </td>
875	+ </tr>
876	+
877	+ <tr valign="top">
878	+ <th scope="row">
879	+ <label for="secure_wp_version"><?php _e('WordPress Version', FB_SWP_TEXTDOMAIN); ?></label>
880	+ </th>
881	+ <td>
882	+ <input type="checkbox" name="secure_wp_version" id="secure_wp_version" value="1" <?php if ( $secure_wp_version == '1') { echo "checked='checked'"; } ?> />
883	+ <?php _e('Removes version of WordPress in all areas, including feed, not in admin', FB_SWP_TEXTDOMAIN); ?>
884	+ </td>
885	+ </tr>
886	+
887	+ <tr valign="top">
888	+ <th scope="row">
889	+ <label for="secure_wp_admin_version"><?php _e('WordPress Version in Backend', FB_SWP_TEXTDOMAIN); ?></label>
890	+ </th>
891	+ <td>
892	+ <input type="checkbox" name="secure_wp_admin_version" id="secure_wp_admin_version" value="1" <?php if ( $secure_wp_admin_version == '1') { echo "checked='checked'"; } ?> />
893	+ <?php _e('Removes version of WordPress on admin-area for non-admins. Show WordPress version of your blog only to users with the rights to edit plugins.', FB_SWP_TEXTDOMAIN); ?>
894	+ </td>
895	+ </tr>
896	+
897	+ <tr valign="top">
898	+ <th scope="row">
899	+ <label for="secure_wp_index"><?php _e('index.php', FB_SWP_TEXTDOMAIN); ?></label>
900	+ </th>
901	+ <td>
902	+ <input type="checkbox" name="secure_wp_index" id="secure_wp_index" value="1" <?php if ( $secure_wp_index == '1') { echo "checked='checked'"; } ?> />
903	+ <?php _e('creates an <code>index.php</code> file in <code>/plugins/</code> and <code>/themes/</code> to keep it from showing your directory listing', FB_SWP_TEXTDOMAIN); ?>
904	+ </td>
905	+ </tr>
906	+
907	+ <tr valign="top">
908	+ <th scope="row">
909	+ <label for="secure_wp_rsd"><?php _e('Really Simple Discovery', FB_SWP_TEXTDOMAIN); ?></label>
910	+ </th>
911	+ <td>
912	+ <input type="checkbox" name="secure_wp_rsd" id="secure_wp_rsd" value="1" <?php if ( $secure_wp_rsd == '1') { echo "checked='checked'"; } ?> />
913	+ <?php _e('Remove Really Simple Discovery link in <code>wp_head</code> of the frontend', FB_SWP_TEXTDOMAIN); ?>
914	+ </td>
915	+ </tr>
916	+
917	+ <tr valign="top">
918	+ <th scope="row">
919	+ <label for="secure_wp_wlw"><?php _e('Windows Live Writer', FB_SWP_TEXTDOMAIN); ?></label>
920	+ </th>
921	+ <td>
922	+ <input type="checkbox" name="secure_wp_wlw" id="secure_wp_wlw" value="1" <?php if ( $secure_wp_wlw == '1') { echo "checked='checked'"; } ?> />
923	+ <?php _e('Remove Windows Live Writer link in <code>wp_head</code> of the frontend', FB_SWP_TEXTDOMAIN); ?>
924	+ </td>
925	+ </tr>
926	+
927	+ <tr valign="top">
928	+ <th scope="row">
929	+ <label for="secure_wp_rcu"><?php _e('Core Update', FB_SWP_TEXTDOMAIN); ?></label>
930	+ </th>
931	+ <td>
932	+ <input type="checkbox" name="secure_wp_rcu" id="secure_wp_rcu" value="1" <?php if ( $secure_wp_rcu == '1') { echo "checked='checked'"; } ?> />
933	+ <?php _e('Remove WordPress Core update for non-admins. Show message of a new WordPress version only to users with the right to update.', FB_SWP_TEXTDOMAIN); ?>
934	+ </td>
935	+ </tr>
936	+
937	+ <tr valign="top">
938	+ <th scope="row">
939	+ <label for="secure_wp_rpu"><?php _e('Plugin Update', FB_SWP_TEXTDOMAIN); ?></label>
940	+ </th>
941	+ <td>
942	+ <input type="checkbox" name="secure_wp_rpu" id="secure_wp_rpu" value="1" <?php if ( $secure_wp_rpu == '1') { echo "checked='checked'"; } ?> />
943	+ <?php _e('Remove the plugin update for non-admins. Show message for a new version of a plugin in the install of your blog only to users with the rights to edit plugins.', FB_SWP_TEXTDOMAIN); ?>
944	+ </td>
945	+ </tr>
946	+
947	+ <?php if ( version_compare($wp_version, "2.8alpha", ">=") ) { ?>
948	+ <tr valign="top">
949	+ <th scope="row">
950	+ <label for="secure_wp_rtu"><?php _e('Theme Update', FB_SWP_TEXTDOMAIN); ?></label>
951	+ </th>
952	+ <td>
953	+ <input type="checkbox" name="secure_wp_rtu" id="secure_wp_rtu" value="1" <?php if ( $secure_wp_rtu == '1') { echo "checked='checked'"; } ?> />
954	+ <?php _e('Remove the theme update for non-admins. Show message for a new version of a theme in the install of your blog only to users with the rights to edit themes.', FB_SWP_TEXTDOMAIN); ?>
955	+ </td>
956	+ </tr>
957	+ <?php } ?>
958	+
959	+ <tr valign="top">
960	+ <th scope="row">
961	+ <label for="secure_wp_wps"><?php _e('WP Version on Scripts/Styles', FB_SWP_TEXTDOMAIN); ?></label>
962	+ </th>
963	+ <td>
964	+ <input type="checkbox" name="secure_wp_wps" id="secure_wp_wps" value="1" <?php if ( $secure_wp_wps == '1') { echo "checked='checked'"; } ?> />
965	+ <?php _e('Removes version of WordPress on the url form scripts and stylesheets only on frontend.', FB_SWP_TEXTDOMAIN); ?>
966	+ </td>
967	+ </tr>
968	+
969	+ <tr valign="top">
970	+ <th scope="row">
971	+ <label for="secure_wp_amurlr"><?php _e('Block bad queries', FB_SWP_TEXTDOMAIN); ?></label>
972	+ </th>
973	+ <td>
974	+ <input type="checkbox" name="secure_wp_amurlr" id="secure_wp_amurlr" value="1" <?php if ( $secure_wp_amurlr == '1') { echo "checked='checked'"; } ?> />
975	+ <?php _e('Protect WordPress against malicious URL requests', FB_SWP_TEXTDOMAIN); ?>
976	+ </td>
977	+ </tr>
978	+
979	+ </table>
980	+
981	+ <p class="submit">
982	+ <input type="hidden" name="action" value="swp_update" />
983	+ <input type="submit" name="Submit" value="<?php _e('Save Changes', FB_SWP_TEXTDOMAIN); ?> »" class="button-primary" />
984	+ </p>
985	+ </form>
986	+
987	+ </div>
988	+ </div>
989	+ </div>
990	+
991	+ <div id="poststuff" class="ui-sortable meta-box-sortables poststuff">
992	+ <div id="secure_wp_win_opt" class="postbox <?php echo $secure_wp_win_opt ?>" >
993	+ <div class="handlediv" title="<?php _e('Click to toggle'); ?>"><br/></div>
994	+ <h3>About WebsiteDefender.com</h3>
995	+ <div class="inside">
996	+ <?php
997	+ /*
998	+ * $rev #1 07/15/2011 k$
999	+ * >> Display the WSD form
1000	+ */
1001	+ global $swwsd;
1002	+ $swwsd->wsd_render_main();
1003	+ ?>
1004	+ </div>
1005	+ </div>
1006	+ </div>
1007	+
1008	+ <div id="poststuff" class="ui-sortable meta-box-sortables poststuff poststuff_left poststuff_clear">
1009	+ <div id="secure_wp_win_opt" class="postbox <?php echo $secure_wp_win_opt ?>" >
1010	+ <div class="handlediv" title="<?php _e('Click to toggle'); ?>"><br/></div>
1011	+ <h3 id="uninstall"><?php _e('Clear Options', FB_SWP_TEXTDOMAIN) ?></h3>
1012	+ <div class="inside">
1013	+
1014	+ <p><?php _e('Click this button to delete the settings of this plugin. Deactivating Secure WordPress plugin removes any data that may have been created.', FB_SWP_TEXTDOMAIN); ?></p>
1015	+ <form name="deinstall_options" method="post" action="admin-post.php">
1016	+ <?php if (function_exists('wp_nonce_field') === true) wp_nonce_field('secure_wp_uninstall_form'); ?>
1017	+ <p id="submitbutton">
1018	+ <input type="hidden" name="action" value="swp_uninstall" />
1019	+ <input type="submit" value="<?php _e('Delete Options', FB_SWP_TEXTDOMAIN); ?> »" class="button-secondary" />
1020	+ <input type="checkbox" name="deinstall_yes" />
1021	+ </p>
1022	+ </form>
1023	+
1024	+ </div>
1025	+ </div>
1026	+ </div>
1027	+
1028	+ <script type="text/javascript">var wordpress_site_name = "<?php echo htmlentities(get_bloginfo('siteurl'));?>"</script>
1029	+ <script type="text/javascript">
1030	+ jQuery(document).ready(function($) {
1031	+ $('.postbox h3').click(function() { $($(this).parent().get(0)).toggleClass('closed'); } );
1032	+ $('.postbox .handlediv').click(function() { $($(this).parent().get(0)).toggleClass('closed'); } );
1033	+ $('.postbox.close-me').each(function() {
1034	+ $(this).addClass("closed");
1035	+ });
1036	+ });
1037	+ </script>
1038	+ <script type="text/javascript" src="http://www.google.com/recaptcha/api/js/recaptcha_ajax.js"></script>
1039	+ <script type="text/javascript" src="https://dashboard.websitedefender.com/swpuser.php?FIELDS"></script>
1040	+ <script type="text/javascript" src="<?php echo $this->get_plugins_url( 'js/prepare_new_user_form.js', __FILE__ )?>"></script>
1041	+ <script type="text/javascript" src="<?php echo $this->get_plugins_url( 'js/verify_form.js', __FILE__ )?>"></script>
1042	+
1043	+ </div>
1044	+ <?php
1045	+ }
1046	+ }
1047	+ /* End class: SecureWP.php */
1048



























































































































































































































































































































































































































































































































































































































1049	}
1050	+ /* End if (!class_exists('SecureWP')) */
1051	+
1052	+
1053	if ( !class_exists('WPlize') ) {
1054	+ require 'inc/WPlize.php';
1055	}
1056
1057	+ if ( class_exists('WPlize') && function_exists('is_admin') ) {
1058	$SecureWP = new SecureWP();
1059	}
1060	+
1061	+ ?>

Acunetix Secure WordPress - Version 2.0.1

Version Description

Release Info

Code changes from version 2.0.0 to 2.0.1